diff --git a/src/lib/libc/crypt/Makefile.inc b/src/lib/libc/crypt/Makefile.inc index e64117fbd71..e9263b09fef 100644 --- a/src/lib/libc/crypt/Makefile.inc +++ b/src/lib/libc/crypt/Makefile.inc @@ -1,14 +1,8 @@ -# $OpenBSD: Makefile.inc,v 1.13 1999/11/17 05:22:36 millert Exp $ +# $OpenBSD: Makefile.inc,v 1.27 2016/03/30 06:38:41 jmc Exp $ -.PATH: ${LIBCSRCDIR}/arch/${MACHINE_ARCH}/crypt ${LIBCSRCDIR}/crypt +.PATH: ${LIBCSRCDIR}/arch/${MACHINE_CPU}/crypt ${LIBCSRCDIR}/crypt -SRCS+= cast.c crypt.c morecrypt.c md5crypt.c arc4random.c blowfish.c -SRCS+= bcrypt.c skipjack.c +SRCS+= crypt.c cryptutil.c arc4random.c arc4random_uniform.c \ + blowfish.c bcrypt.c -MAN+= crypt.3 blowfish.3 arc4random.3 -MLINKS+=crypt.3 encrypt.3 crypt.3 setkey.3 crypt.3 des_cipher.3 -MLINKS+=crypt.3 des_setkey.3 blowfish.3 blf_key.3 blowfish.3 blf_enc.3 -MLINKS+=blowfish.3 blf_dec.3 blowfish.3 blf_ecb_encrypt.3 -MLINKS+=blowfish.3 blf_ecb_decrypt.3 blowfish.3 blf_cbc_encrypt.3 -MLINKS+=blowfish.3 blf_cbc_decrypt.3 -MLINKS+=arc4random.3 arc4random_stir.3 arc4random.3 arc4random_addrandom.3 +MAN+= crypt.3 crypt_checkpass.3 blowfish.3 arc4random.3 diff --git a/src/lib/libc/crypt/arc4random.3 b/src/lib/libc/crypt/arc4random.3 index d8e0f8cda6a..fd0185707ff 100644 --- a/src/lib/libc/crypt/arc4random.3 +++ b/src/lib/libc/crypt/arc4random.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: arc4random.3,v 1.17 2000/12/21 14:07:41 aaron Exp $ +.\" $OpenBSD: arc4random.3,v 1.35 2014/11/25 16:45:24 millert Exp $ .\" .\" Copyright 1997 Niels Provos .\" All rights reserved. @@ -30,81 +30,85 @@ .\" .\" Manual page, using -mandoc macros .\" -.Dd April 15, 1997 +.Dd $Mdocdate: November 25 2014 $ .Dt ARC4RANDOM 3 .Os .Sh NAME .Nm arc4random , -.Nm arc4random_stir , -.Nm arc4random_addrandom -.Nd arc4 random number generator +.Nm arc4random_buf , +.Nm arc4random_uniform +.Nd random number generator .Sh SYNOPSIS -.Fd #include -.Ft u_int32_t +.In stdlib.h +.Ft uint32_t .Fn arc4random "void" .Ft void -.Fn arc4random_stir "void" -.Ft void -.Fn arc4random_addrandom "u_char *dat" "int datlen" +.Fn arc4random_buf "void *buf" "size_t nbytes" +.Ft uint32_t +.Fn arc4random_uniform "uint32_t upper_bound" .Sh DESCRIPTION -The -.Fn arc4random -function provides a high quality 32-bit pseudo-random -number very quickly. -.Fn arc4random -seeds itself on a regular basis from the kernel strong random number -subsystem described in -.Xr random 4 . -On each call, an ARC4 generator is used to generate a new result. -The -.Fn arc4random -function uses the ARC4 cipher key stream generator, -which uses 8*8 8 bit S-Boxes. -The S-Boxes can be in about (2**1700) states. -.Pp -.Fn arc4random -fits into a middle ground not covered by other subsystems such as -the strong, slow, and resource expensive random -devices described in -.Xr random 4 -versus the fast but poor quality interfaces described in +This family of functions provides higher quality data than those +described in .Xr rand 3 , .Xr random 3 , and -.Xr drand48 3 . +.Xr rand48 3 . .Pp -The -.Fn arc4random_stir -function reads data from -.Pa /dev/arandom -and uses it to permute the S-Boxes via -.Fn arc4random_addrandom . +Use of these functions is encouraged for almost all random number +consumption because the other interfaces are deficient in either +quality, portability, standardization, or availability. +These functions can be called in almost all coding environments, +including +.Xr pthreads 3 +and +.Xr chroot 2 . .Pp -There is no need to call -.Fn arc4random_stir -before using -.Fn arc4random , -since +High quality 32-bit pseudo-random numbers are generated very quickly. +On each call, a cryptographic pseudo-random number generator is used +to generate a new result. +One data pool is used for all consumers in a process, so that consumption +under program flow can act as additional stirring. +The subsystem is re-seeded from the kernel random number subsystem using +.Xr getentropy 2 +on a regular basis, and also upon +.Xr fork 2 . +.Pp +The .Fn arc4random -automatically initializes itself. +function returns a single 32-bit value. +.Pp +.Fn arc4random_buf +fills the region +.Fa buf +of length +.Fa nbytes +with random data. +.Pp +.Fn arc4random_uniform +will return a single 32-bit value, uniformly distributed but less than +.Fa upper_bound . +This is recommended over constructions like +.Dq Li arc4random() % upper_bound +as it avoids "modulo bias" when the upper bound is not a power of two. +In the worst case, this function may consume multiple iterations +to ensure uniformity; see the source code to understand the problem +and solution. +.Sh RETURN VALUES +These functions are always successful, and no return value is +reserved to indicate an error. .Sh SEE ALSO .Xr rand 3 , .Xr rand48 3 , .Xr random 3 .Sh HISTORY -An algorithm called -.Pa RC4 -was designed by RSA Data Security, Inc. -It was considered a trade secret, but not trademarked. -Because it was a trade secret, it obviously could not be patented. -A clone of this was posted anonymously to USENET and confirmed to -be equivalent by several sources who had access to the original cipher. -Because of the trade secret situation, RSA Data Security, Inc. can do -nothing about the release of the ARC4 algorithm. -Since -.Pa RC4 -used to be a trade secret, the cipher is now referred to as -.Pa ARC4 . -.Pp These functions first appeared in .Ox 2.1 . +.Pp +The original version of this random number generator used the +RC4 (also known as ARC4) algorithm. +In +.Ox 5.5 +it was replaced with the ChaCha20 cipher, and it may be replaced +again in the future as cryptographic techniques advance. +A good mnemonic is +.Dq A Replacement Call for Random . diff --git a/src/lib/libc/crypt/arc4random.c b/src/lib/libc/crypt/arc4random.c index 4e916ab99a1..1a16bd3940b 100644 --- a/src/lib/libc/crypt/arc4random.c +++ b/src/lib/libc/crypt/arc4random.c @@ -1,193 +1,198 @@ -/* $OpenBSD: arc4random.c,v 1.6 2001/06/05 05:05:38 pvalchev Exp $ */ +/* $OpenBSD: arc4random.c,v 1.55 2019/03/24 17:56:54 deraadt Exp $ */ /* - * Arc4 random number generator for OpenBSD. - * Copyright 1996 David Mazieres . + * Copyright (c) 1996, David Mazieres + * Copyright (c) 2008, Damien Miller + * Copyright (c) 2013, Markus Friedl + * Copyright (c) 2014, Theo de Raadt * - * Modification and redistribution in source and binary forms is - * permitted provided that due credit is given to the author and the - * OpenBSD project by leaving this copyright notice intact. + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ /* - * This code is derived from section 17.1 of Applied Cryptography, - * second edition, which describes a stream cipher allegedly - * compatible with RSA Labs "RC4" cipher (the actual description of - * which is a trade secret). The same algorithm is used as a stream - * cipher called "arcfour" in Tatu Ylonen's ssh package. - * - * Here the stream cipher has been modified always to include the time - * when initializing the state. That makes it impossible to - * regenerate the same random sequence twice, so this can't be used - * for encryption, but will generate good random numbers. - * - * RC4 is a registered trademark of RSA Laboratories. + * ChaCha based random number generator for OpenBSD. */ #include +#include +#include +#include #include +#include #include #include -#include #include -#include -#ifdef __GNUC__ +#define KEYSTREAM_ONLY +#include "chacha_private.h" + +#define minimum(a, b) ((a) < (b) ? (a) : (b)) + +#if defined(__GNUC__) || defined(_MSC_VER) #define inline __inline -#else /* !__GNUC__ */ +#else /* __GNUC__ || _MSC_VER */ #define inline -#endif /* !__GNUC__ */ +#endif /* !__GNUC__ && !_MSC_VER */ -struct arc4_stream { - u_int8_t i; - u_int8_t j; - u_int8_t s[256]; -}; +#define KEYSZ 32 +#define IVSZ 8 +#define BLOCKSZ 64 +#define RSBUFSZ (16*BLOCKSZ) -int rs_initialized; -static struct arc4_stream rs; +/* Marked MAP_INHERIT_ZERO, so zero'd out in fork children. */ +static struct _rs { + size_t rs_have; /* valid bytes at end of rs_buf */ + size_t rs_count; /* bytes till reseed */ +} *rs; -static inline void -arc4_init(as) - struct arc4_stream *as; -{ - int n; +/* Maybe be preserved in fork children, if _rs_allocate() decides. */ +static struct _rsx { + chacha_ctx rs_chacha; /* chacha context for random keystream */ + u_char rs_buf[RSBUFSZ]; /* keystream blocks */ +} *rsx; - for (n = 0; n < 256; n++) - as->s[n] = n; - as->i = 0; - as->j = 0; -} +static inline int _rs_allocate(struct _rs **, struct _rsx **); +static inline void _rs_forkdetect(void); +#include "arc4random.h" + +static inline void _rs_rekey(u_char *dat, size_t datlen); static inline void -arc4_addrandom(as, dat, datlen) - struct arc4_stream *as; - u_char *dat; - int datlen; +_rs_init(u_char *buf, size_t n) { - int n; - u_int8_t si; - - as->i--; - for (n = 0; n < 256; n++) { - as->i = (as->i + 1); - si = as->s[as->i]; - as->j = (as->j + si + dat[n % datlen]); - as->s[as->i] = as->s[as->j]; - as->s[as->j] = si; + if (n < KEYSZ + IVSZ) + return; + + if (rs == NULL) { + if (_rs_allocate(&rs, &rsx) == -1) + _exit(1); } - as->j = as->i; + + chacha_keysetup(&rsx->rs_chacha, buf, KEYSZ * 8, 0); + chacha_ivsetup(&rsx->rs_chacha, buf + KEYSZ); } static void -arc4_stir(as) - struct arc4_stream *as; +_rs_stir(void) { - int fd; - struct { - struct timeval tv; - u_int rnd[(128 - sizeof(struct timeval)) / sizeof(u_int)]; - } rdat; - - gettimeofday(&rdat.tv, NULL); - fd = open("/dev/arandom", O_RDONLY); - if (fd != -1) { - read(fd, rdat.rnd, sizeof(rdat.rnd)); - close(fd); - } else { - int i, mib[2]; - size_t len; - - /* Device could not be opened, we might be chrooted, take - * randomness from sysctl. */ - - mib[0] = CTL_KERN; - mib[1] = KERN_ARND; - - for (i = 0; i < sizeof(rdat.rnd) / sizeof(u_int); i ++) { - len = sizeof(u_int); - if (sysctl(mib, 2, &rdat.rnd[i], &len, NULL, 0) == -1) - break; - } - } - /* fd < 0 or failed sysctl ? Ah, what the heck. We'll just take - * whatever was on the stack... */ + u_char rnd[KEYSZ + IVSZ]; - arc4_addrandom(as, (void *) &rdat, sizeof(rdat)); -} + if (getentropy(rnd, sizeof rnd) == -1) + _getentropy_fail(); -static inline u_int8_t -arc4_getbyte(as) - struct arc4_stream *as; -{ - u_int8_t si, sj; - - as->i = (as->i + 1); - si = as->s[as->i]; - as->j = (as->j + si); - sj = as->s[as->j]; - as->s[as->i] = sj; - as->s[as->j] = si; - return (as->s[(si + sj) & 0xff]); + if (!rs) + _rs_init(rnd, sizeof(rnd)); + else + _rs_rekey(rnd, sizeof(rnd)); + explicit_bzero(rnd, sizeof(rnd)); /* discard source seed */ + + /* invalidate rs_buf */ + rs->rs_have = 0; + memset(rsx->rs_buf, 0, sizeof(rsx->rs_buf)); + + rs->rs_count = 1600000; } -static inline u_int32_t -arc4_getword(as) - struct arc4_stream *as; +static inline void +_rs_stir_if_needed(size_t len) { - u_int32_t val; - val = arc4_getbyte(as) << 24; - val |= arc4_getbyte(as) << 16; - val |= arc4_getbyte(as) << 8; - val |= arc4_getbyte(as); - return val; + _rs_forkdetect(); + if (!rs || rs->rs_count <= len) + _rs_stir(); + if (rs->rs_count <= len) + rs->rs_count = 0; + else + rs->rs_count -= len; } -void -arc4random_stir() +static inline void +_rs_rekey(u_char *dat, size_t datlen) { - if (!rs_initialized) { - arc4_init(&rs); - rs_initialized = 1; +#ifndef KEYSTREAM_ONLY + memset(rsx->rs_buf, 0, sizeof(rsx->rs_buf)); +#endif + /* fill rs_buf with the keystream */ + chacha_encrypt_bytes(&rsx->rs_chacha, rsx->rs_buf, + rsx->rs_buf, sizeof(rsx->rs_buf)); + /* mix in optional user provided data */ + if (dat) { + size_t i, m; + + m = minimum(datlen, KEYSZ + IVSZ); + for (i = 0; i < m; i++) + rsx->rs_buf[i] ^= dat[i]; } - arc4_stir(&rs); + /* immediately reinit for backtracking resistance */ + _rs_init(rsx->rs_buf, KEYSZ + IVSZ); + memset(rsx->rs_buf, 0, KEYSZ + IVSZ); + rs->rs_have = sizeof(rsx->rs_buf) - KEYSZ - IVSZ; } -void -arc4random_addrandom(dat, datlen) - u_char *dat; - int datlen; +static inline void +_rs_random_buf(void *_buf, size_t n) { - if (!rs_initialized) - arc4random_stir(); - arc4_addrandom(&rs, dat, datlen); + u_char *buf = (u_char *)_buf; + u_char *keystream; + size_t m; + + _rs_stir_if_needed(n); + while (n > 0) { + if (rs->rs_have > 0) { + m = minimum(n, rs->rs_have); + keystream = rsx->rs_buf + sizeof(rsx->rs_buf) + - rs->rs_have; + memcpy(buf, keystream, m); + memset(keystream, 0, m); + buf += m; + n -= m; + rs->rs_have -= m; + } + if (rs->rs_have == 0) + _rs_rekey(NULL, 0); + } } -u_int32_t -arc4random() +static inline void +_rs_random_u32(uint32_t *val) { - if (!rs_initialized) - arc4random_stir(); - return arc4_getword(&rs); + u_char *keystream; + + _rs_stir_if_needed(sizeof(*val)); + if (rs->rs_have < sizeof(*val)) + _rs_rekey(NULL, 0); + keystream = rsx->rs_buf + sizeof(rsx->rs_buf) - rs->rs_have; + memcpy(val, keystream, sizeof(*val)); + memset(keystream, 0, sizeof(*val)); + rs->rs_have -= sizeof(*val); } -#if 0 -/*-------- Test code for i386 --------*/ -#include -#include -int -main(int argc, char **argv) +uint32_t +arc4random(void) { - const int iter = 1000000; - int i; - pctrval v; + uint32_t val; - v = rdtsc(); - for (i = 0; i < iter; i++) - arc4random(); - v = rdtsc() - v; - v /= iter; + _ARC4_LOCK(); + _rs_random_u32(&val); + _ARC4_UNLOCK(); + return val; +} +DEF_WEAK(arc4random); - printf("%qd cycles\n", v); +void +arc4random_buf(void *buf, size_t n) +{ + _ARC4_LOCK(); + _rs_random_buf(buf, n); + _ARC4_UNLOCK(); } -#endif +DEF_WEAK(arc4random_buf); diff --git a/src/lib/libc/crypt/arc4random.h b/src/lib/libc/crypt/arc4random.h new file mode 100644 index 00000000000..4abd15321aa --- /dev/null +++ b/src/lib/libc/crypt/arc4random.h @@ -0,0 +1,61 @@ +/* $OpenBSD: arc4random.h,v 1.4 2015/01/15 06:57:18 deraadt Exp $ */ + +/* + * Copyright (c) 1996, David Mazieres + * Copyright (c) 2008, Damien Miller + * Copyright (c) 2013, Markus Friedl + * Copyright (c) 2014, Theo de Raadt + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * Stub functions for portability. + */ +#include + +#include + +#include "thread_private.h" + +static inline void +_getentropy_fail(void) +{ + raise(SIGKILL); +} + +static inline int +_rs_allocate(struct _rs **rsp, struct _rsx **rsxp) +{ + struct { + struct _rs rs; + struct _rsx rsx; + } *p; + + if ((p = mmap(NULL, sizeof(*p), PROT_READ|PROT_WRITE, + MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) + return (-1); + if (minherit(p, sizeof(*p), MAP_INHERIT_ZERO) == -1) { + munmap(p, sizeof(*p)); + return (-1); + } + + *rsp = &p->rs; + *rsxp = &p->rsx; + return (0); +} + +static inline void +_rs_forkdetect(void) +{ +} diff --git a/src/lib/libc/crypt/arc4random_uniform.c b/src/lib/libc/crypt/arc4random_uniform.c new file mode 100644 index 00000000000..a18b5b12381 --- /dev/null +++ b/src/lib/libc/crypt/arc4random_uniform.c @@ -0,0 +1,57 @@ +/* $OpenBSD: arc4random_uniform.c,v 1.3 2019/01/20 02:59:07 bcook Exp $ */ + +/* + * Copyright (c) 2008, Damien Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include + +/* + * Calculate a uniformly distributed random number less than upper_bound + * avoiding "modulo bias". + * + * Uniformity is achieved by generating new random numbers until the one + * returned is outside the range [0, 2**32 % upper_bound). This + * guarantees the selected random number will be inside + * [2**32 % upper_bound, 2**32) which maps back to [0, upper_bound) + * after reduction modulo upper_bound. + */ +uint32_t +arc4random_uniform(uint32_t upper_bound) +{ + uint32_t r, min; + + if (upper_bound < 2) + return 0; + + /* 2**32 % x == (2**32 - x) % x */ + min = -upper_bound % upper_bound; + + /* + * This could theoretically loop forever but each retry has + * p > 0.5 (worst case, usually far better) of selecting a + * number inside the range we need, so it should rarely need + * to re-roll. + */ + for (;;) { + r = arc4random(); + if (r >= min) + break; + } + + return r % upper_bound; +} +DEF_WEAK(arc4random_uniform); diff --git a/src/lib/libc/crypt/bcrypt.c b/src/lib/libc/crypt/bcrypt.c index dec0093dd8c..82de8fa33b7 100644 --- a/src/lib/libc/crypt/bcrypt.c +++ b/src/lib/libc/crypt/bcrypt.c @@ -1,43 +1,29 @@ -/* $OpenBSD: bcrypt.c,v 1.16 2002/02/19 19:39:36 millert Exp $ */ +/* $OpenBSD: bcrypt.c,v 1.57 2016/08/26 08:25:02 guenther Exp $ */ /* - * Copyright 1997 Niels Provos - * All rights reserved. + * Copyright (c) 2014 Ted Unangst + * Copyright (c) 1997 Niels Provos * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by Niels Provos. - * 4. The name of the author may not be used to endorse or promote products - * derived from this software without specific prior written permission. + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - /* This password hashing algorithm was designed by David Mazieres * and works as follows: * * 1. state := InitState () - * 2. state := ExpandKey (state, salt, password) 3. - * REPEAT rounds: + * 2. state := ExpandKey (state, salt, password) + * 3. REPEAT rounds: + * state := ExpandKey (state, 0, password) * state := ExpandKey (state, 0, salt) - * state := ExpandKey(state, 0, password) * 4. ctext := "OrpheanBeholderScryDoubt" * 5. REPEAT 64: * ctext := Encrypt_ECB (state, ctext); @@ -45,16 +31,15 @@ * */ -#if 0 -#include -#endif - +#include +#include +#include +#include +#include #include #include -#include #include -#include -#include +#include /* This implementation is adaptable to current computing power. * You can have up to 2^31 rounds which should be enough for some @@ -63,171 +48,113 @@ #define BCRYPT_VERSION '2' #define BCRYPT_MAXSALT 16 /* Precomputation is just so nice */ -#define BCRYPT_BLOCKS 6 /* Ciphertext blocks */ -#define BCRYPT_MINROUNDS 16 /* we have log2(rounds) in salt */ - -char *bcrypt_gensalt(u_int8_t); +#define BCRYPT_WORDS 6 /* Ciphertext words */ +#define BCRYPT_MINLOGROUNDS 4 /* we have log2(rounds) in salt */ -static void encode_salt(char *, u_int8_t *, u_int16_t, u_int8_t); -static void encode_base64(u_int8_t *, u_int8_t *, u_int16_t); -static void decode_base64(u_int8_t *, u_int16_t, u_int8_t *); +#define BCRYPT_SALTSPACE (7 + (BCRYPT_MAXSALT * 4 + 2) / 3 + 1) +#define BCRYPT_HASHSPACE 61 -static char encrypted[_PASSWORD_LEN]; -static char gsalt[BCRYPT_MAXSALT * 4 / 3 + 1]; -static char error[] = ":"; +char *bcrypt_gensalt(u_int8_t); -const static u_int8_t Base64Code[] = -"./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"; +static int encode_base64(char *, const u_int8_t *, size_t); +static int decode_base64(u_int8_t *, size_t, const char *); -const static u_int8_t index_64[128] = -{ - 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, - 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, - 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, - 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, - 255, 255, 255, 255, 255, 255, 0, 1, 54, 55, - 56, 57, 58, 59, 60, 61, 62, 63, 255, 255, - 255, 255, 255, 255, 255, 2, 3, 4, 5, 6, - 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, - 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, - 255, 255, 255, 255, 255, 255, 28, 29, 30, - 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, - 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, - 51, 52, 53, 255, 255, 255, 255, 255 -}; -#define CHAR64(c) ( (c) > 127 ? 255 : index_64[(c)]) - -static void -decode_base64(u_int8_t *buffer, u_int16_t len, u_int8_t *data) +/* + * Generates a salt for this version of crypt. + */ +static int +bcrypt_initsalt(int log_rounds, uint8_t *salt, size_t saltbuflen) { - u_int8_t *bp = buffer; - u_int8_t *p = data; - u_int8_t c1, c2, c3, c4; - while (bp < buffer + len) { - c1 = CHAR64(*p); - c2 = CHAR64(*(p + 1)); - - /* Invalid data */ - if (c1 == 255 || c2 == 255) - break; + uint8_t csalt[BCRYPT_MAXSALT]; - *bp++ = (c1 << 2) | ((c2 & 0x30) >> 4); - if (bp >= buffer + len) - break; - - c3 = CHAR64(*(p + 2)); - if (c3 == 255) - break; - - *bp++ = ((c2 & 0x0f) << 4) | ((c3 & 0x3c) >> 2); - if (bp >= buffer + len) - break; - - c4 = CHAR64(*(p + 3)); - if (c4 == 255) - break; - *bp++ = ((c3 & 0x03) << 6) | c4; - - p += 4; + if (saltbuflen < BCRYPT_SALTSPACE) { + errno = EINVAL; + return -1; } -} - -static void -encode_salt(char *salt, u_int8_t *csalt, u_int16_t clen, u_int8_t logr) -{ - salt[0] = '$'; - salt[1] = BCRYPT_VERSION; - salt[2] = 'a'; - salt[3] = '$'; - - snprintf(salt + 4, 4, "%2.2u$", logr); - - encode_base64((u_int8_t *) salt + 7, csalt, clen); -} -/* Generates a salt for this version of crypt. - Since versions may change. Keeping this here - seems sensible. - */ -char * -bcrypt_gensalt(u_int8_t log_rounds) -{ - u_int8_t csalt[BCRYPT_MAXSALT]; - u_int16_t i; - u_int32_t seed = 0; - - for (i = 0; i < BCRYPT_MAXSALT; i++) { - if (i % 4 == 0) - seed = arc4random(); - csalt[i] = seed & 0xff; - seed = seed >> 8; - } + arc4random_buf(csalt, sizeof(csalt)); if (log_rounds < 4) log_rounds = 4; + else if (log_rounds > 31) + log_rounds = 31; - encode_salt(gsalt, csalt, BCRYPT_MAXSALT, log_rounds); - return gsalt; + snprintf(salt, saltbuflen, "$2b$%2.2u$", log_rounds); + encode_base64(salt + 7, csalt, sizeof(csalt)); + + return 0; } -/* We handle $Vers$log2(NumRounds)$salt+passwd$ - i.e. $2$04$iwouldntknowwhattosayetKdJ6iFtacBqJdKe6aW7ou */ -char * -bcrypt(key, salt) - const char *key; - const char *salt; +/* + * the core bcrypt function + */ +static int +bcrypt_hashpass(const char *key, const char *salt, char *encrypted, + size_t encryptedlen) { blf_ctx state; u_int32_t rounds, i, k; u_int16_t j; - u_int8_t key_len, salt_len, logr, minor; - u_int8_t ciphertext[4 * BCRYPT_BLOCKS] = "OrpheanBeholderScryDoubt"; + size_t key_len; + u_int8_t salt_len, logr, minor; + u_int8_t ciphertext[4 * BCRYPT_WORDS] = "OrpheanBeholderScryDoubt"; u_int8_t csalt[BCRYPT_MAXSALT]; - u_int32_t cdata[BCRYPT_BLOCKS]; + u_int32_t cdata[BCRYPT_WORDS]; - /* Discard "$" identifier */ - salt++; + if (encryptedlen < BCRYPT_HASHSPACE) + goto inval; - if (*salt > BCRYPT_VERSION) { - /* How do I handle errors ? Return ':' */ - return error; - } + /* Check and discard "$" identifier */ + if (salt[0] != '$') + goto inval; + salt += 1; - /* Check for minor versions */ - if (salt[1] != '$') { - switch (salt[1]) { - case 'a': - /* 'ab' should not yield the same as 'abab' */ - minor = salt[1]; - salt++; - break; - default: - return error; - } - } else - minor = 0; - - /* Discard version + "$" identifier */ - salt += 2; + if (salt[0] != BCRYPT_VERSION) + goto inval; + /* Check for minor versions */ + switch ((minor = salt[1])) { + case 'a': + key_len = (u_int8_t)(strlen(key) + 1); + break; + case 'b': + /* strlen() returns a size_t, but the function calls + * below result in implicit casts to a narrower integer + * type, so cap key_len at the actual maximum supported + * length here to avoid integer wraparound */ + key_len = strlen(key); + if (key_len > 72) + key_len = 72; + key_len++; /* include the NUL */ + break; + default: + goto inval; + } if (salt[2] != '$') - /* Out of sync with passwd entry */ - return error; + goto inval; + /* Discard version + "$" identifier */ + salt += 3; - /* Computer power doesn't increase linear, 2^x should be fine */ - if ((rounds = (u_int32_t) 1 << (logr = atoi(salt))) < BCRYPT_MINROUNDS) - return error; + /* Check and parse num rounds */ + if (!isdigit((unsigned char)salt[0]) || + !isdigit((unsigned char)salt[1]) || salt[2] != '$') + goto inval; + logr = (salt[1] - '0') + ((salt[0] - '0') * 10); + if (logr < BCRYPT_MINLOGROUNDS || logr > 31) + goto inval; + /* Computer power doesn't increase linearly, 2^x should be fine */ + rounds = 1U << logr; /* Discard num rounds + "$" identifier */ salt += 3; if (strlen(salt) * 3 / 4 < BCRYPT_MAXSALT) - return error; + goto inval; /* We dont want the base64 salt but the raw data */ - decode_base64(csalt, BCRYPT_MAXSALT, (u_int8_t *) salt); + if (decode_base64(csalt, BCRYPT_MAXSALT, salt)) + goto inval; salt_len = BCRYPT_MAXSALT; - key_len = strlen(key) + (minor >= 'a' ? 1 : 0); /* Setting up S-Boxes and Subkeys */ Blowfish_initstate(&state); @@ -240,14 +167,14 @@ bcrypt(key, salt) /* This can be precomputed later */ j = 0; - for (i = 0; i < BCRYPT_BLOCKS; i++) - cdata[i] = Blowfish_stream2word(ciphertext, 4 * BCRYPT_BLOCKS, &j); + for (i = 0; i < BCRYPT_WORDS; i++) + cdata[i] = Blowfish_stream2word(ciphertext, 4 * BCRYPT_WORDS, &j); /* Now do the encryption */ for (k = 0; k < 64; k++) - blf_enc(&state, cdata, BCRYPT_BLOCKS / 2); + blf_enc(&state, cdata, BCRYPT_WORDS / 2); - for (i = 0; i < BCRYPT_BLOCKS; i++) { + for (i = 0; i < BCRYPT_WORDS; i++) { ciphertext[4 * i + 3] = cdata[i] & 0xff; cdata[i] = cdata[i] >> 8; ciphertext[4 * i + 2] = cdata[i] & 0xff; @@ -258,27 +185,167 @@ bcrypt(key, salt) } - i = 0; - encrypted[i++] = '$'; - encrypted[i++] = BCRYPT_VERSION; - if (minor) - encrypted[i++] = minor; - encrypted[i++] = '$'; + snprintf(encrypted, 8, "$2%c$%2.2u$", minor, logr); + encode_base64(encrypted + 7, csalt, BCRYPT_MAXSALT); + encode_base64(encrypted + 7 + 22, ciphertext, 4 * BCRYPT_WORDS - 1); + explicit_bzero(&state, sizeof(state)); + explicit_bzero(ciphertext, sizeof(ciphertext)); + explicit_bzero(csalt, sizeof(csalt)); + explicit_bzero(cdata, sizeof(cdata)); + return 0; - snprintf(encrypted + i, 4, "%2.2u$", logr); +inval: + errno = EINVAL; + return -1; +} - encode_base64((u_int8_t *) encrypted + i + 3, csalt, BCRYPT_MAXSALT); - encode_base64((u_int8_t *) encrypted + strlen(encrypted), ciphertext, - 4 * BCRYPT_BLOCKS - 1); - return encrypted; +/* + * user friendly functions + */ +int +bcrypt_newhash(const char *pass, int log_rounds, char *hash, size_t hashlen) +{ + char salt[BCRYPT_SALTSPACE]; + + if (bcrypt_initsalt(log_rounds, salt, sizeof(salt)) != 0) + return -1; + + if (bcrypt_hashpass(pass, salt, hash, hashlen) != 0) + return -1; + + explicit_bzero(salt, sizeof(salt)); + return 0; } +DEF_WEAK(bcrypt_newhash); + +int +bcrypt_checkpass(const char *pass, const char *goodhash) +{ + char hash[BCRYPT_HASHSPACE]; + + if (bcrypt_hashpass(pass, goodhash, hash, sizeof(hash)) != 0) + return -1; + if (strlen(hash) != strlen(goodhash) || + timingsafe_bcmp(hash, goodhash, strlen(goodhash)) != 0) { + errno = EACCES; + return -1; + } + + explicit_bzero(hash, sizeof(hash)); + return 0; +} +DEF_WEAK(bcrypt_checkpass); + +/* + * Measure this system's performance by measuring the time for 8 rounds. + * We are aiming for something that takes around 0.1s, but not too much over. + */ +int +_bcrypt_autorounds(void) +{ + struct timespec before, after; + int r = 8; + char buf[_PASSWORD_LEN]; + int duration; + + clock_gettime(CLOCK_THREAD_CPUTIME_ID, &before); + bcrypt_newhash("testpassword", r, buf, sizeof(buf)); + clock_gettime(CLOCK_THREAD_CPUTIME_ID, &after); + + duration = after.tv_sec - before.tv_sec; + duration *= 1000000; + duration += (after.tv_nsec - before.tv_nsec) / 1000; + + /* too quick? slow it down. */ + while (r < 16 && duration <= 60000) { + r += 1; + duration *= 2; + } + /* too slow? speed it up. */ + while (r > 6 && duration > 120000) { + r -= 1; + duration /= 2; + } + + return r; +} + +/* + * internal utilities + */ +static const u_int8_t Base64Code[] = +"./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"; -static void -encode_base64(u_int8_t *buffer, u_int8_t *data, u_int16_t len) +static const u_int8_t index_64[128] = { + 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, + 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, + 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, + 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, + 255, 255, 255, 255, 255, 255, 0, 1, 54, 55, + 56, 57, 58, 59, 60, 61, 62, 63, 255, 255, + 255, 255, 255, 255, 255, 2, 3, 4, 5, 6, + 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, + 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, + 255, 255, 255, 255, 255, 255, 28, 29, 30, + 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, + 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, + 51, 52, 53, 255, 255, 255, 255, 255 +}; +#define CHAR64(c) ( (c) > 127 ? 255 : index_64[(c)]) + +/* + * read buflen (after decoding) bytes of data from b64data + */ +static int +decode_base64(u_int8_t *buffer, size_t len, const char *b64data) { u_int8_t *bp = buffer; - u_int8_t *p = data; + const u_int8_t *p = b64data; + u_int8_t c1, c2, c3, c4; + + while (bp < buffer + len) { + c1 = CHAR64(*p); + /* Invalid data */ + if (c1 == 255) + return -1; + + c2 = CHAR64(*(p + 1)); + if (c2 == 255) + return -1; + + *bp++ = (c1 << 2) | ((c2 & 0x30) >> 4); + if (bp >= buffer + len) + break; + + c3 = CHAR64(*(p + 2)); + if (c3 == 255) + return -1; + + *bp++ = ((c2 & 0x0f) << 4) | ((c3 & 0x3c) >> 2); + if (bp >= buffer + len) + break; + + c4 = CHAR64(*(p + 3)); + if (c4 == 255) + return -1; + *bp++ = ((c3 & 0x03) << 6) | c4; + + p += 4; + } + return 0; +} + +/* + * Turn len bytes of data into base64 encoded data. + * This works without = padding. + */ +static int +encode_base64(char *b64buffer, const u_int8_t *data, size_t len) +{ + u_int8_t *bp = b64buffer; + const u_int8_t *p = data; u_int8_t c1, c2; + while (p < data + len) { c1 = *p++; *bp++ = Base64Code[(c1 >> 2)]; @@ -301,34 +368,30 @@ encode_base64(u_int8_t *buffer, u_int8_t *data, u_int16_t len) *bp++ = Base64Code[c2 & 0x3f]; } *bp = '\0'; + return 0; } -#if 0 -void -main() + +/* + * classic interface + */ +char * +bcrypt_gensalt(u_int8_t log_rounds) +{ + static char gsalt[BCRYPT_SALTSPACE]; + + bcrypt_initsalt(log_rounds, gsalt, sizeof(gsalt)); + + return gsalt; +} + +char * +bcrypt(const char *pass, const char *salt) { - char blubber[73]; - char salt[100]; - char *p; - salt[0] = '$'; - salt[1] = BCRYPT_VERSION; - salt[2] = '$'; - - snprintf(salt + 3, 4, "%2.2u$", 5); - - printf("24 bytes of salt: "); - fgets(salt + 6, 94, stdin); - salt[99] = 0; - printf("72 bytes of password: "); - fpurge(stdin); - fgets(blubber, 73, stdin); - blubber[72] = 0; - - p = crypt(blubber, salt); - printf("Passwd entry: %s\n\n", p); - - p = bcrypt_gensalt(5); - printf("Generated salt: %s\n", p); - p = crypt(blubber, p); - printf("Passwd entry: %s\n", p); + static char gencrypted[BCRYPT_HASHSPACE]; + + if (bcrypt_hashpass(pass, salt, gencrypted, sizeof(gencrypted)) != 0) + return NULL; + + return gencrypted; } -#endif +DEF_WEAK(bcrypt); diff --git a/src/lib/libc/crypt/blowfish.3 b/src/lib/libc/crypt/blowfish.3 index 3e600658fad..88a62336cf4 100644 --- a/src/lib/libc/crypt/blowfish.3 +++ b/src/lib/libc/crypt/blowfish.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: blowfish.3,v 1.10 2001/08/06 10:42:25 mpech Exp $ +.\" $OpenBSD: blowfish.3,v 1.23 2015/11/10 23:48:17 jmc Exp $ .\" .\" Copyright 1997 Niels Provos .\" All rights reserved. @@ -30,22 +30,26 @@ .\" .\" Manual page, using -mandoc macros .\" -.Dd February 13, 1997 -.Dt BLOWFISH 3 +.Dd $Mdocdate: November 10 2015 $ +.Dt BLF_KEY 3 .Os .Sh NAME .Nm blf_key , .Nm blf_enc , -.Nm blf_dec +.Nm blf_dec , +.Nm blf_ecb_encrypt , +.Nm blf_ecb_decrypt , +.Nm blf_cbc_encrypt , +.Nm blf_cbc_decrypt .Nd Blowfish encryption .Sh SYNOPSIS -.Fd #include +.In blf.h .Ft void .Fn blf_key "blf_ctx *state" "const u_int8_t *key" "u_int16_t keylen" .Ft void -.Fn blf_enc "blf_ctx *state" "u_int32_t *data" "u_int16_t datalen" +.Fn blf_enc "blf_ctx *state" "u_int32_t *data" "u_int16_t blocks" .Ft void -.Fn blf_dec "blf_ctx *state" "u_int32_t *data" "u_int16_t datalen" +.Fn blf_dec "blf_ctx *state" "u_int32_t *data" "u_int16_t blocks" .Ft void .Fn blf_ecb_encrypt "blf_ctx *state" "u_int8_t *data" "u_int32_t datalen" .Ft void @@ -55,14 +59,14 @@ .Ft void .Fn blf_cbc_decrypt "blf_ctx *state" "u_int8_t *iv" "u_int8_t *data" "u_int32_t datalen" .Sh DESCRIPTION -.Pa Blowfish +.Em Blowfish is a fast unpatented block cipher designed by Bruce Schneier. -It basically consists of a 16 times iterated Feistel network. -The block size is 64 bit and the key size is maximal 448 bit. +It basically consists of a 16-round Feistel network. +The block size is 64 bits and the maximum key size is 448 bits. .Pp The .Fn blf_key -function initializes the 4 8bit S-boxes and the 18 Subkeys with +function initializes the 4 8-bit S-boxes and the 18 Subkeys with the hexadecimal digits of Pi. The key is used for further randomization. The first argument to @@ -71,8 +75,8 @@ is the initialized state derived from .Fn blf_key . The stream of 32-bit words is encrypted in Electronic Codebook Mode (ECB) and -.Pa datalen -must be even. +.Fa blocks +is the number of 64-bit blocks in the stream. .Fn blf_dec is used for decrypting Blowfish encrypted blocks. .Pp @@ -87,20 +91,16 @@ and .Fn blf_cbc_decrypt are used for encrypting and decrypting octet streams in Cipherblock Chaining Mode (CBC). -.Pp -The functions -.Fn Blowfish_initstate , -.Fn Blowfish_expand0state , -.Fn Blowfish_expandstate , -.Fn Blowfish_encipher -and -.Fn Blowfish_decipher -are used for customization of the -.Pa Blowfish -cipher, e.g., for the blowfish password hashing function. +For these functions +.Fa datalen +specifies the number of octets of data to encrypt or decrypt. +It must be a multiple of 8 (64-bit block). +The initialisation vector +.Fa iv +points to an 8-byte buffer. .Sh SEE ALSO .Xr passwd 1 , .Xr crypt 3 , .Xr passwd 5 .Sh AUTHORS -Niels Provos +.An Niels Provos Aq Mt provos@physnet.uni-hamburg.de diff --git a/src/lib/libc/crypt/blowfish.c b/src/lib/libc/crypt/blowfish.c index 8be04a6463a..a658e602d24 100644 --- a/src/lib/libc/crypt/blowfish.c +++ b/src/lib/libc/crypt/blowfish.c @@ -1,4 +1,4 @@ -/* $OpenBSD: blowfish.c,v 1.16 2002/02/19 19:39:36 millert Exp $ */ +/* $OpenBSD: blowfish.c,v 1.19 2015/09/11 09:18:27 guenther Exp $ */ /* * Blowfish block cipher for OpenBSD * Copyright 1997 Niels Provos @@ -64,10 +64,7 @@ #define BLFRND(s,p,i,j,n) (i ^= F(s,j) ^ (p)[n]) void -Blowfish_encipher(c, xl, xr) - blf_ctx *c; - u_int32_t *xl; - u_int32_t *xr; +Blowfish_encipher(blf_ctx *c, u_int32_t *xl, u_int32_t *xr) { u_int32_t Xl; u_int32_t Xr; @@ -90,12 +87,10 @@ Blowfish_encipher(c, xl, xr) *xl = Xr ^ p[17]; *xr = Xl; } +DEF_WEAK(Blowfish_encipher); void -Blowfish_decipher(c, xl, xr) - blf_ctx *c; - u_int32_t *xl; - u_int32_t *xr; +Blowfish_decipher(blf_ctx *c, u_int32_t *xl, u_int32_t *xr) { u_int32_t Xl; u_int32_t Xr; @@ -118,16 +113,14 @@ Blowfish_decipher(c, xl, xr) *xl = Xr ^ p[0]; *xr = Xl; } +DEF_WEAK(Blowfish_decipher); void -Blowfish_initstate(c) - blf_ctx *c; +Blowfish_initstate(blf_ctx *c) { + /* P-box and S-box tables initialized with digits of Pi */ -/* P-box and S-box tables initialized with digits of Pi */ - - const blf_ctx initstate = - + static const blf_ctx initstate = { { { 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7, @@ -399,11 +392,12 @@ Blowfish_initstate(c) } }; *c = initstate; - } +DEF_WEAK(Blowfish_initstate); u_int32_t -Blowfish_stream2word(const u_int8_t *data, u_int16_t databytes, u_int16_t *current) +Blowfish_stream2word(const u_int8_t *data, u_int16_t databytes, + u_int16_t *current) { u_int8_t i; u_int16_t j; @@ -421,6 +415,7 @@ Blowfish_stream2word(const u_int8_t *data, u_int16_t databytes, u_int16_t *curre *current = j; return temp; } +DEF_WEAK(Blowfish_stream2word); void Blowfish_expand0state(blf_ctx *c, const u_int8_t *key, u_int16_t keybytes) @@ -458,11 +453,12 @@ Blowfish_expand0state(blf_ctx *c, const u_int8_t *key, u_int16_t keybytes) } } } +DEF_WEAK(Blowfish_expand0state); void Blowfish_expandstate(blf_ctx *c, const u_int8_t *data, u_int16_t databytes, - const u_int8_t *key, u_int16_t keybytes) + const u_int8_t *key, u_int16_t keybytes) { u_int16_t i; u_int16_t j; @@ -502,6 +498,7 @@ Blowfish_expandstate(blf_ctx *c, const u_int8_t *data, u_int16_t databytes, } } +DEF_WEAK(Blowfish_expandstate); void blf_key(blf_ctx *c, const u_int8_t *k, u_int16_t len) @@ -512,6 +509,7 @@ blf_key(blf_ctx *c, const u_int8_t *k, u_int16_t len) /* Transform S-boxes and subkeys with key */ Blowfish_expand0state(c, k, len); } +DEF_WEAK(blf_key); void blf_enc(blf_ctx *c, u_int32_t *data, u_int16_t blocks) @@ -525,6 +523,7 @@ blf_enc(blf_ctx *c, u_int32_t *data, u_int16_t blocks) d += 2; } } +DEF_WEAK(blf_enc); void blf_dec(blf_ctx *c, u_int32_t *data, u_int16_t blocks) @@ -538,6 +537,7 @@ blf_dec(blf_ctx *c, u_int32_t *data, u_int16_t blocks) d += 2; } } +DEF_WEAK(blf_dec); void blf_ecb_encrypt(blf_ctx *c, u_int8_t *data, u_int32_t len) @@ -560,6 +560,7 @@ blf_ecb_encrypt(blf_ctx *c, u_int8_t *data, u_int32_t len) data += 8; } } +DEF_WEAK(blf_ecb_encrypt); void blf_ecb_decrypt(blf_ctx *c, u_int8_t *data, u_int32_t len) @@ -582,6 +583,7 @@ blf_ecb_decrypt(blf_ctx *c, u_int8_t *data, u_int32_t len) data += 8; } } +DEF_WEAK(blf_ecb_decrypt); void blf_cbc_encrypt(blf_ctx *c, u_int8_t *iv, u_int8_t *data, u_int32_t len) @@ -607,6 +609,7 @@ blf_cbc_encrypt(blf_ctx *c, u_int8_t *iv, u_int8_t *data, u_int32_t len) data += 8; } } +DEF_WEAK(blf_cbc_encrypt); void blf_cbc_decrypt(blf_ctx *c, u_int8_t *iva, u_int8_t *data, u_int32_t len) @@ -648,6 +651,7 @@ blf_cbc_decrypt(blf_ctx *c, u_int8_t *iva, u_int8_t *data, u_int32_t len) for (j = 0; j < 8; j++) data[j] ^= iva[j]; } +DEF_WEAK(blf_cbc_decrypt); #if 0 void diff --git a/src/lib/libc/crypt/cast.c b/src/lib/libc/crypt/cast.c deleted file mode 100644 index 264138f03e8..00000000000 --- a/src/lib/libc/crypt/cast.c +++ /dev/null @@ -1,779 +0,0 @@ -/* $OpenBSD: cast.c,v 1.2 1998/07/21 22:42:03 provos Exp $ */ -/* - * CAST-128 in C - * Written by Steve Reid - * 100% Public Domain - no warranty - * Released 1997.10.11 - */ - -#include - -#include - -/* CAST S-Boxes */ - -static const u_int32_t cast_sbox1[256] = { - 0x30FB40D4, 0x9FA0FF0B, 0x6BECCD2F, 0x3F258C7A, - 0x1E213F2F, 0x9C004DD3, 0x6003E540, 0xCF9FC949, - 0xBFD4AF27, 0x88BBBDB5, 0xE2034090, 0x98D09675, - 0x6E63A0E0, 0x15C361D2, 0xC2E7661D, 0x22D4FF8E, - 0x28683B6F, 0xC07FD059, 0xFF2379C8, 0x775F50E2, - 0x43C340D3, 0xDF2F8656, 0x887CA41A, 0xA2D2BD2D, - 0xA1C9E0D6, 0x346C4819, 0x61B76D87, 0x22540F2F, - 0x2ABE32E1, 0xAA54166B, 0x22568E3A, 0xA2D341D0, - 0x66DB40C8, 0xA784392F, 0x004DFF2F, 0x2DB9D2DE, - 0x97943FAC, 0x4A97C1D8, 0x527644B7, 0xB5F437A7, - 0xB82CBAEF, 0xD751D159, 0x6FF7F0ED, 0x5A097A1F, - 0x827B68D0, 0x90ECF52E, 0x22B0C054, 0xBC8E5935, - 0x4B6D2F7F, 0x50BB64A2, 0xD2664910, 0xBEE5812D, - 0xB7332290, 0xE93B159F, 0xB48EE411, 0x4BFF345D, - 0xFD45C240, 0xAD31973F, 0xC4F6D02E, 0x55FC8165, - 0xD5B1CAAD, 0xA1AC2DAE, 0xA2D4B76D, 0xC19B0C50, - 0x882240F2, 0x0C6E4F38, 0xA4E4BFD7, 0x4F5BA272, - 0x564C1D2F, 0xC59C5319, 0xB949E354, 0xB04669FE, - 0xB1B6AB8A, 0xC71358DD, 0x6385C545, 0x110F935D, - 0x57538AD5, 0x6A390493, 0xE63D37E0, 0x2A54F6B3, - 0x3A787D5F, 0x6276A0B5, 0x19A6FCDF, 0x7A42206A, - 0x29F9D4D5, 0xF61B1891, 0xBB72275E, 0xAA508167, - 0x38901091, 0xC6B505EB, 0x84C7CB8C, 0x2AD75A0F, - 0x874A1427, 0xA2D1936B, 0x2AD286AF, 0xAA56D291, - 0xD7894360, 0x425C750D, 0x93B39E26, 0x187184C9, - 0x6C00B32D, 0x73E2BB14, 0xA0BEBC3C, 0x54623779, - 0x64459EAB, 0x3F328B82, 0x7718CF82, 0x59A2CEA6, - 0x04EE002E, 0x89FE78E6, 0x3FAB0950, 0x325FF6C2, - 0x81383F05, 0x6963C5C8, 0x76CB5AD6, 0xD49974C9, - 0xCA180DCF, 0x380782D5, 0xC7FA5CF6, 0x8AC31511, - 0x35E79E13, 0x47DA91D0, 0xF40F9086, 0xA7E2419E, - 0x31366241, 0x051EF495, 0xAA573B04, 0x4A805D8D, - 0x548300D0, 0x00322A3C, 0xBF64CDDF, 0xBA57A68E, - 0x75C6372B, 0x50AFD341, 0xA7C13275, 0x915A0BF5, - 0x6B54BFAB, 0x2B0B1426, 0xAB4CC9D7, 0x449CCD82, - 0xF7FBF265, 0xAB85C5F3, 0x1B55DB94, 0xAAD4E324, - 0xCFA4BD3F, 0x2DEAA3E2, 0x9E204D02, 0xC8BD25AC, - 0xEADF55B3, 0xD5BD9E98, 0xE31231B2, 0x2AD5AD6C, - 0x954329DE, 0xADBE4528, 0xD8710F69, 0xAA51C90F, - 0xAA786BF6, 0x22513F1E, 0xAA51A79B, 0x2AD344CC, - 0x7B5A41F0, 0xD37CFBAD, 0x1B069505, 0x41ECE491, - 0xB4C332E6, 0x032268D4, 0xC9600ACC, 0xCE387E6D, - 0xBF6BB16C, 0x6A70FB78, 0x0D03D9C9, 0xD4DF39DE, - 0xE01063DA, 0x4736F464, 0x5AD328D8, 0xB347CC96, - 0x75BB0FC3, 0x98511BFB, 0x4FFBCC35, 0xB58BCF6A, - 0xE11F0ABC, 0xBFC5FE4A, 0xA70AEC10, 0xAC39570A, - 0x3F04442F, 0x6188B153, 0xE0397A2E, 0x5727CB79, - 0x9CEB418F, 0x1CACD68D, 0x2AD37C96, 0x0175CB9D, - 0xC69DFF09, 0xC75B65F0, 0xD9DB40D8, 0xEC0E7779, - 0x4744EAD4, 0xB11C3274, 0xDD24CB9E, 0x7E1C54BD, - 0xF01144F9, 0xD2240EB1, 0x9675B3FD, 0xA3AC3755, - 0xD47C27AF, 0x51C85F4D, 0x56907596, 0xA5BB15E6, - 0x580304F0, 0xCA042CF1, 0x011A37EA, 0x8DBFAADB, - 0x35BA3E4A, 0x3526FFA0, 0xC37B4D09, 0xBC306ED9, - 0x98A52666, 0x5648F725, 0xFF5E569D, 0x0CED63D0, - 0x7C63B2CF, 0x700B45E1, 0xD5EA50F1, 0x85A92872, - 0xAF1FBDA7, 0xD4234870, 0xA7870BF3, 0x2D3B4D79, - 0x42E04198, 0x0CD0EDE7, 0x26470DB8, 0xF881814C, - 0x474D6AD7, 0x7C0C5E5C, 0xD1231959, 0x381B7298, - 0xF5D2F4DB, 0xAB838653, 0x6E2F1E23, 0x83719C9E, - 0xBD91E046, 0x9A56456E, 0xDC39200C, 0x20C8C571, - 0x962BDA1C, 0xE1E696FF, 0xB141AB08, 0x7CCA89B9, - 0x1A69E783, 0x02CC4843, 0xA2F7C579, 0x429EF47D, - 0x427B169C, 0x5AC9F049, 0xDD8F0F00, 0x5C8165BF -}; - -static const u_int32_t cast_sbox2[256] = { - 0x1F201094, 0xEF0BA75B, 0x69E3CF7E, 0x393F4380, - 0xFE61CF7A, 0xEEC5207A, 0x55889C94, 0x72FC0651, - 0xADA7EF79, 0x4E1D7235, 0xD55A63CE, 0xDE0436BA, - 0x99C430EF, 0x5F0C0794, 0x18DCDB7D, 0xA1D6EFF3, - 0xA0B52F7B, 0x59E83605, 0xEE15B094, 0xE9FFD909, - 0xDC440086, 0xEF944459, 0xBA83CCB3, 0xE0C3CDFB, - 0xD1DA4181, 0x3B092AB1, 0xF997F1C1, 0xA5E6CF7B, - 0x01420DDB, 0xE4E7EF5B, 0x25A1FF41, 0xE180F806, - 0x1FC41080, 0x179BEE7A, 0xD37AC6A9, 0xFE5830A4, - 0x98DE8B7F, 0x77E83F4E, 0x79929269, 0x24FA9F7B, - 0xE113C85B, 0xACC40083, 0xD7503525, 0xF7EA615F, - 0x62143154, 0x0D554B63, 0x5D681121, 0xC866C359, - 0x3D63CF73, 0xCEE234C0, 0xD4D87E87, 0x5C672B21, - 0x071F6181, 0x39F7627F, 0x361E3084, 0xE4EB573B, - 0x602F64A4, 0xD63ACD9C, 0x1BBC4635, 0x9E81032D, - 0x2701F50C, 0x99847AB4, 0xA0E3DF79, 0xBA6CF38C, - 0x10843094, 0x2537A95E, 0xF46F6FFE, 0xA1FF3B1F, - 0x208CFB6A, 0x8F458C74, 0xD9E0A227, 0x4EC73A34, - 0xFC884F69, 0x3E4DE8DF, 0xEF0E0088, 0x3559648D, - 0x8A45388C, 0x1D804366, 0x721D9BFD, 0xA58684BB, - 0xE8256333, 0x844E8212, 0x128D8098, 0xFED33FB4, - 0xCE280AE1, 0x27E19BA5, 0xD5A6C252, 0xE49754BD, - 0xC5D655DD, 0xEB667064, 0x77840B4D, 0xA1B6A801, - 0x84DB26A9, 0xE0B56714, 0x21F043B7, 0xE5D05860, - 0x54F03084, 0x066FF472, 0xA31AA153, 0xDADC4755, - 0xB5625DBF, 0x68561BE6, 0x83CA6B94, 0x2D6ED23B, - 0xECCF01DB, 0xA6D3D0BA, 0xB6803D5C, 0xAF77A709, - 0x33B4A34C, 0x397BC8D6, 0x5EE22B95, 0x5F0E5304, - 0x81ED6F61, 0x20E74364, 0xB45E1378, 0xDE18639B, - 0x881CA122, 0xB96726D1, 0x8049A7E8, 0x22B7DA7B, - 0x5E552D25, 0x5272D237, 0x79D2951C, 0xC60D894C, - 0x488CB402, 0x1BA4FE5B, 0xA4B09F6B, 0x1CA815CF, - 0xA20C3005, 0x8871DF63, 0xB9DE2FCB, 0x0CC6C9E9, - 0x0BEEFF53, 0xE3214517, 0xB4542835, 0x9F63293C, - 0xEE41E729, 0x6E1D2D7C, 0x50045286, 0x1E6685F3, - 0xF33401C6, 0x30A22C95, 0x31A70850, 0x60930F13, - 0x73F98417, 0xA1269859, 0xEC645C44, 0x52C877A9, - 0xCDFF33A6, 0xA02B1741, 0x7CBAD9A2, 0x2180036F, - 0x50D99C08, 0xCB3F4861, 0xC26BD765, 0x64A3F6AB, - 0x80342676, 0x25A75E7B, 0xE4E6D1FC, 0x20C710E6, - 0xCDF0B680, 0x17844D3B, 0x31EEF84D, 0x7E0824E4, - 0x2CCB49EB, 0x846A3BAE, 0x8FF77888, 0xEE5D60F6, - 0x7AF75673, 0x2FDD5CDB, 0xA11631C1, 0x30F66F43, - 0xB3FAEC54, 0x157FD7FA, 0xEF8579CC, 0xD152DE58, - 0xDB2FFD5E, 0x8F32CE19, 0x306AF97A, 0x02F03EF8, - 0x99319AD5, 0xC242FA0F, 0xA7E3EBB0, 0xC68E4906, - 0xB8DA230C, 0x80823028, 0xDCDEF3C8, 0xD35FB171, - 0x088A1BC8, 0xBEC0C560, 0x61A3C9E8, 0xBCA8F54D, - 0xC72FEFFA, 0x22822E99, 0x82C570B4, 0xD8D94E89, - 0x8B1C34BC, 0x301E16E6, 0x273BE979, 0xB0FFEAA6, - 0x61D9B8C6, 0x00B24869, 0xB7FFCE3F, 0x08DC283B, - 0x43DAF65A, 0xF7E19798, 0x7619B72F, 0x8F1C9BA4, - 0xDC8637A0, 0x16A7D3B1, 0x9FC393B7, 0xA7136EEB, - 0xC6BCC63E, 0x1A513742, 0xEF6828BC, 0x520365D6, - 0x2D6A77AB, 0x3527ED4B, 0x821FD216, 0x095C6E2E, - 0xDB92F2FB, 0x5EEA29CB, 0x145892F5, 0x91584F7F, - 0x5483697B, 0x2667A8CC, 0x85196048, 0x8C4BACEA, - 0x833860D4, 0x0D23E0F9, 0x6C387E8A, 0x0AE6D249, - 0xB284600C, 0xD835731D, 0xDCB1C647, 0xAC4C56EA, - 0x3EBD81B3, 0x230EABB0, 0x6438BC87, 0xF0B5B1FA, - 0x8F5EA2B3, 0xFC184642, 0x0A036B7A, 0x4FB089BD, - 0x649DA589, 0xA345415E, 0x5C038323, 0x3E5D3BB9, - 0x43D79572, 0x7E6DD07C, 0x06DFDF1E, 0x6C6CC4EF, - 0x7160A539, 0x73BFBE70, 0x83877605, 0x4523ECF1 -}; - -static const u_int32_t cast_sbox3[256] = { - 0x8DEFC240, 0x25FA5D9F, 0xEB903DBF, 0xE810C907, - 0x47607FFF, 0x369FE44B, 0x8C1FC644, 0xAECECA90, - 0xBEB1F9BF, 0xEEFBCAEA, 0xE8CF1950, 0x51DF07AE, - 0x920E8806, 0xF0AD0548, 0xE13C8D83, 0x927010D5, - 0x11107D9F, 0x07647DB9, 0xB2E3E4D4, 0x3D4F285E, - 0xB9AFA820, 0xFADE82E0, 0xA067268B, 0x8272792E, - 0x553FB2C0, 0x489AE22B, 0xD4EF9794, 0x125E3FBC, - 0x21FFFCEE, 0x825B1BFD, 0x9255C5ED, 0x1257A240, - 0x4E1A8302, 0xBAE07FFF, 0x528246E7, 0x8E57140E, - 0x3373F7BF, 0x8C9F8188, 0xA6FC4EE8, 0xC982B5A5, - 0xA8C01DB7, 0x579FC264, 0x67094F31, 0xF2BD3F5F, - 0x40FFF7C1, 0x1FB78DFC, 0x8E6BD2C1, 0x437BE59B, - 0x99B03DBF, 0xB5DBC64B, 0x638DC0E6, 0x55819D99, - 0xA197C81C, 0x4A012D6E, 0xC5884A28, 0xCCC36F71, - 0xB843C213, 0x6C0743F1, 0x8309893C, 0x0FEDDD5F, - 0x2F7FE850, 0xD7C07F7E, 0x02507FBF, 0x5AFB9A04, - 0xA747D2D0, 0x1651192E, 0xAF70BF3E, 0x58C31380, - 0x5F98302E, 0x727CC3C4, 0x0A0FB402, 0x0F7FEF82, - 0x8C96FDAD, 0x5D2C2AAE, 0x8EE99A49, 0x50DA88B8, - 0x8427F4A0, 0x1EAC5790, 0x796FB449, 0x8252DC15, - 0xEFBD7D9B, 0xA672597D, 0xADA840D8, 0x45F54504, - 0xFA5D7403, 0xE83EC305, 0x4F91751A, 0x925669C2, - 0x23EFE941, 0xA903F12E, 0x60270DF2, 0x0276E4B6, - 0x94FD6574, 0x927985B2, 0x8276DBCB, 0x02778176, - 0xF8AF918D, 0x4E48F79E, 0x8F616DDF, 0xE29D840E, - 0x842F7D83, 0x340CE5C8, 0x96BBB682, 0x93B4B148, - 0xEF303CAB, 0x984FAF28, 0x779FAF9B, 0x92DC560D, - 0x224D1E20, 0x8437AA88, 0x7D29DC96, 0x2756D3DC, - 0x8B907CEE, 0xB51FD240, 0xE7C07CE3, 0xE566B4A1, - 0xC3E9615E, 0x3CF8209D, 0x6094D1E3, 0xCD9CA341, - 0x5C76460E, 0x00EA983B, 0xD4D67881, 0xFD47572C, - 0xF76CEDD9, 0xBDA8229C, 0x127DADAA, 0x438A074E, - 0x1F97C090, 0x081BDB8A, 0x93A07EBE, 0xB938CA15, - 0x97B03CFF, 0x3DC2C0F8, 0x8D1AB2EC, 0x64380E51, - 0x68CC7BFB, 0xD90F2788, 0x12490181, 0x5DE5FFD4, - 0xDD7EF86A, 0x76A2E214, 0xB9A40368, 0x925D958F, - 0x4B39FFFA, 0xBA39AEE9, 0xA4FFD30B, 0xFAF7933B, - 0x6D498623, 0x193CBCFA, 0x27627545, 0x825CF47A, - 0x61BD8BA0, 0xD11E42D1, 0xCEAD04F4, 0x127EA392, - 0x10428DB7, 0x8272A972, 0x9270C4A8, 0x127DE50B, - 0x285BA1C8, 0x3C62F44F, 0x35C0EAA5, 0xE805D231, - 0x428929FB, 0xB4FCDF82, 0x4FB66A53, 0x0E7DC15B, - 0x1F081FAB, 0x108618AE, 0xFCFD086D, 0xF9FF2889, - 0x694BCC11, 0x236A5CAE, 0x12DECA4D, 0x2C3F8CC5, - 0xD2D02DFE, 0xF8EF5896, 0xE4CF52DA, 0x95155B67, - 0x494A488C, 0xB9B6A80C, 0x5C8F82BC, 0x89D36B45, - 0x3A609437, 0xEC00C9A9, 0x44715253, 0x0A874B49, - 0xD773BC40, 0x7C34671C, 0x02717EF6, 0x4FEB5536, - 0xA2D02FFF, 0xD2BF60C4, 0xD43F03C0, 0x50B4EF6D, - 0x07478CD1, 0x006E1888, 0xA2E53F55, 0xB9E6D4BC, - 0xA2048016, 0x97573833, 0xD7207D67, 0xDE0F8F3D, - 0x72F87B33, 0xABCC4F33, 0x7688C55D, 0x7B00A6B0, - 0x947B0001, 0x570075D2, 0xF9BB88F8, 0x8942019E, - 0x4264A5FF, 0x856302E0, 0x72DBD92B, 0xEE971B69, - 0x6EA22FDE, 0x5F08AE2B, 0xAF7A616D, 0xE5C98767, - 0xCF1FEBD2, 0x61EFC8C2, 0xF1AC2571, 0xCC8239C2, - 0x67214CB8, 0xB1E583D1, 0xB7DC3E62, 0x7F10BDCE, - 0xF90A5C38, 0x0FF0443D, 0x606E6DC6, 0x60543A49, - 0x5727C148, 0x2BE98A1D, 0x8AB41738, 0x20E1BE24, - 0xAF96DA0F, 0x68458425, 0x99833BE5, 0x600D457D, - 0x282F9350, 0x8334B362, 0xD91D1120, 0x2B6D8DA0, - 0x642B1E31, 0x9C305A00, 0x52BCE688, 0x1B03588A, - 0xF7BAEFD5, 0x4142ED9C, 0xA4315C11, 0x83323EC5, - 0xDFEF4636, 0xA133C501, 0xE9D3531C, 0xEE353783 -}; - -static const u_int32_t cast_sbox4[256] = { - 0x9DB30420, 0x1FB6E9DE, 0xA7BE7BEF, 0xD273A298, - 0x4A4F7BDB, 0x64AD8C57, 0x85510443, 0xFA020ED1, - 0x7E287AFF, 0xE60FB663, 0x095F35A1, 0x79EBF120, - 0xFD059D43, 0x6497B7B1, 0xF3641F63, 0x241E4ADF, - 0x28147F5F, 0x4FA2B8CD, 0xC9430040, 0x0CC32220, - 0xFDD30B30, 0xC0A5374F, 0x1D2D00D9, 0x24147B15, - 0xEE4D111A, 0x0FCA5167, 0x71FF904C, 0x2D195FFE, - 0x1A05645F, 0x0C13FEFE, 0x081B08CA, 0x05170121, - 0x80530100, 0xE83E5EFE, 0xAC9AF4F8, 0x7FE72701, - 0xD2B8EE5F, 0x06DF4261, 0xBB9E9B8A, 0x7293EA25, - 0xCE84FFDF, 0xF5718801, 0x3DD64B04, 0xA26F263B, - 0x7ED48400, 0x547EEBE6, 0x446D4CA0, 0x6CF3D6F5, - 0x2649ABDF, 0xAEA0C7F5, 0x36338CC1, 0x503F7E93, - 0xD3772061, 0x11B638E1, 0x72500E03, 0xF80EB2BB, - 0xABE0502E, 0xEC8D77DE, 0x57971E81, 0xE14F6746, - 0xC9335400, 0x6920318F, 0x081DBB99, 0xFFC304A5, - 0x4D351805, 0x7F3D5CE3, 0xA6C866C6, 0x5D5BCCA9, - 0xDAEC6FEA, 0x9F926F91, 0x9F46222F, 0x3991467D, - 0xA5BF6D8E, 0x1143C44F, 0x43958302, 0xD0214EEB, - 0x022083B8, 0x3FB6180C, 0x18F8931E, 0x281658E6, - 0x26486E3E, 0x8BD78A70, 0x7477E4C1, 0xB506E07C, - 0xF32D0A25, 0x79098B02, 0xE4EABB81, 0x28123B23, - 0x69DEAD38, 0x1574CA16, 0xDF871B62, 0x211C40B7, - 0xA51A9EF9, 0x0014377B, 0x041E8AC8, 0x09114003, - 0xBD59E4D2, 0xE3D156D5, 0x4FE876D5, 0x2F91A340, - 0x557BE8DE, 0x00EAE4A7, 0x0CE5C2EC, 0x4DB4BBA6, - 0xE756BDFF, 0xDD3369AC, 0xEC17B035, 0x06572327, - 0x99AFC8B0, 0x56C8C391, 0x6B65811C, 0x5E146119, - 0x6E85CB75, 0xBE07C002, 0xC2325577, 0x893FF4EC, - 0x5BBFC92D, 0xD0EC3B25, 0xB7801AB7, 0x8D6D3B24, - 0x20C763EF, 0xC366A5FC, 0x9C382880, 0x0ACE3205, - 0xAAC9548A, 0xECA1D7C7, 0x041AFA32, 0x1D16625A, - 0x6701902C, 0x9B757A54, 0x31D477F7, 0x9126B031, - 0x36CC6FDB, 0xC70B8B46, 0xD9E66A48, 0x56E55A79, - 0x026A4CEB, 0x52437EFF, 0x2F8F76B4, 0x0DF980A5, - 0x8674CDE3, 0xEDDA04EB, 0x17A9BE04, 0x2C18F4DF, - 0xB7747F9D, 0xAB2AF7B4, 0xEFC34D20, 0x2E096B7C, - 0x1741A254, 0xE5B6A035, 0x213D42F6, 0x2C1C7C26, - 0x61C2F50F, 0x6552DAF9, 0xD2C231F8, 0x25130F69, - 0xD8167FA2, 0x0418F2C8, 0x001A96A6, 0x0D1526AB, - 0x63315C21, 0x5E0A72EC, 0x49BAFEFD, 0x187908D9, - 0x8D0DBD86, 0x311170A7, 0x3E9B640C, 0xCC3E10D7, - 0xD5CAD3B6, 0x0CAEC388, 0xF73001E1, 0x6C728AFF, - 0x71EAE2A1, 0x1F9AF36E, 0xCFCBD12F, 0xC1DE8417, - 0xAC07BE6B, 0xCB44A1D8, 0x8B9B0F56, 0x013988C3, - 0xB1C52FCA, 0xB4BE31CD, 0xD8782806, 0x12A3A4E2, - 0x6F7DE532, 0x58FD7EB6, 0xD01EE900, 0x24ADFFC2, - 0xF4990FC5, 0x9711AAC5, 0x001D7B95, 0x82E5E7D2, - 0x109873F6, 0x00613096, 0xC32D9521, 0xADA121FF, - 0x29908415, 0x7FBB977F, 0xAF9EB3DB, 0x29C9ED2A, - 0x5CE2A465, 0xA730F32C, 0xD0AA3FE8, 0x8A5CC091, - 0xD49E2CE7, 0x0CE454A9, 0xD60ACD86, 0x015F1919, - 0x77079103, 0xDEA03AF6, 0x78A8565E, 0xDEE356DF, - 0x21F05CBE, 0x8B75E387, 0xB3C50651, 0xB8A5C3EF, - 0xD8EEB6D2, 0xE523BE77, 0xC2154529, 0x2F69EFDF, - 0xAFE67AFB, 0xF470C4B2, 0xF3E0EB5B, 0xD6CC9876, - 0x39E4460C, 0x1FDA8538, 0x1987832F, 0xCA007367, - 0xA99144F8, 0x296B299E, 0x492FC295, 0x9266BEAB, - 0xB5676E69, 0x9BD3DDDA, 0xDF7E052F, 0xDB25701C, - 0x1B5E51EE, 0xF65324E6, 0x6AFCE36C, 0x0316CC04, - 0x8644213E, 0xB7DC59D0, 0x7965291F, 0xCCD6FD43, - 0x41823979, 0x932BCDF6, 0xB657C34D, 0x4EDFD282, - 0x7AE5290C, 0x3CB9536B, 0x851E20FE, 0x9833557E, - 0x13ECF0B0, 0xD3FFB372, 0x3F85C5C1, 0x0AEF7ED2 -}; - -static const u_int32_t cast_sbox5[256] = { - 0x7EC90C04, 0x2C6E74B9, 0x9B0E66DF, 0xA6337911, - 0xB86A7FFF, 0x1DD358F5, 0x44DD9D44, 0x1731167F, - 0x08FBF1FA, 0xE7F511CC, 0xD2051B00, 0x735ABA00, - 0x2AB722D8, 0x386381CB, 0xACF6243A, 0x69BEFD7A, - 0xE6A2E77F, 0xF0C720CD, 0xC4494816, 0xCCF5C180, - 0x38851640, 0x15B0A848, 0xE68B18CB, 0x4CAADEFF, - 0x5F480A01, 0x0412B2AA, 0x259814FC, 0x41D0EFE2, - 0x4E40B48D, 0x248EB6FB, 0x8DBA1CFE, 0x41A99B02, - 0x1A550A04, 0xBA8F65CB, 0x7251F4E7, 0x95A51725, - 0xC106ECD7, 0x97A5980A, 0xC539B9AA, 0x4D79FE6A, - 0xF2F3F763, 0x68AF8040, 0xED0C9E56, 0x11B4958B, - 0xE1EB5A88, 0x8709E6B0, 0xD7E07156, 0x4E29FEA7, - 0x6366E52D, 0x02D1C000, 0xC4AC8E05, 0x9377F571, - 0x0C05372A, 0x578535F2, 0x2261BE02, 0xD642A0C9, - 0xDF13A280, 0x74B55BD2, 0x682199C0, 0xD421E5EC, - 0x53FB3CE8, 0xC8ADEDB3, 0x28A87FC9, 0x3D959981, - 0x5C1FF900, 0xFE38D399, 0x0C4EFF0B, 0x062407EA, - 0xAA2F4FB1, 0x4FB96976, 0x90C79505, 0xB0A8A774, - 0xEF55A1FF, 0xE59CA2C2, 0xA6B62D27, 0xE66A4263, - 0xDF65001F, 0x0EC50966, 0xDFDD55BC, 0x29DE0655, - 0x911E739A, 0x17AF8975, 0x32C7911C, 0x89F89468, - 0x0D01E980, 0x524755F4, 0x03B63CC9, 0x0CC844B2, - 0xBCF3F0AA, 0x87AC36E9, 0xE53A7426, 0x01B3D82B, - 0x1A9E7449, 0x64EE2D7E, 0xCDDBB1DA, 0x01C94910, - 0xB868BF80, 0x0D26F3FD, 0x9342EDE7, 0x04A5C284, - 0x636737B6, 0x50F5B616, 0xF24766E3, 0x8ECA36C1, - 0x136E05DB, 0xFEF18391, 0xFB887A37, 0xD6E7F7D4, - 0xC7FB7DC9, 0x3063FCDF, 0xB6F589DE, 0xEC2941DA, - 0x26E46695, 0xB7566419, 0xF654EFC5, 0xD08D58B7, - 0x48925401, 0xC1BACB7F, 0xE5FF550F, 0xB6083049, - 0x5BB5D0E8, 0x87D72E5A, 0xAB6A6EE1, 0x223A66CE, - 0xC62BF3CD, 0x9E0885F9, 0x68CB3E47, 0x086C010F, - 0xA21DE820, 0xD18B69DE, 0xF3F65777, 0xFA02C3F6, - 0x407EDAC3, 0xCBB3D550, 0x1793084D, 0xB0D70EBA, - 0x0AB378D5, 0xD951FB0C, 0xDED7DA56, 0x4124BBE4, - 0x94CA0B56, 0x0F5755D1, 0xE0E1E56E, 0x6184B5BE, - 0x580A249F, 0x94F74BC0, 0xE327888E, 0x9F7B5561, - 0xC3DC0280, 0x05687715, 0x646C6BD7, 0x44904DB3, - 0x66B4F0A3, 0xC0F1648A, 0x697ED5AF, 0x49E92FF6, - 0x309E374F, 0x2CB6356A, 0x85808573, 0x4991F840, - 0x76F0AE02, 0x083BE84D, 0x28421C9A, 0x44489406, - 0x736E4CB8, 0xC1092910, 0x8BC95FC6, 0x7D869CF4, - 0x134F616F, 0x2E77118D, 0xB31B2BE1, 0xAA90B472, - 0x3CA5D717, 0x7D161BBA, 0x9CAD9010, 0xAF462BA2, - 0x9FE459D2, 0x45D34559, 0xD9F2DA13, 0xDBC65487, - 0xF3E4F94E, 0x176D486F, 0x097C13EA, 0x631DA5C7, - 0x445F7382, 0x175683F4, 0xCDC66A97, 0x70BE0288, - 0xB3CDCF72, 0x6E5DD2F3, 0x20936079, 0x459B80A5, - 0xBE60E2DB, 0xA9C23101, 0xEBA5315C, 0x224E42F2, - 0x1C5C1572, 0xF6721B2C, 0x1AD2FFF3, 0x8C25404E, - 0x324ED72F, 0x4067B7FD, 0x0523138E, 0x5CA3BC78, - 0xDC0FD66E, 0x75922283, 0x784D6B17, 0x58EBB16E, - 0x44094F85, 0x3F481D87, 0xFCFEAE7B, 0x77B5FF76, - 0x8C2302BF, 0xAAF47556, 0x5F46B02A, 0x2B092801, - 0x3D38F5F7, 0x0CA81F36, 0x52AF4A8A, 0x66D5E7C0, - 0xDF3B0874, 0x95055110, 0x1B5AD7A8, 0xF61ED5AD, - 0x6CF6E479, 0x20758184, 0xD0CEFA65, 0x88F7BE58, - 0x4A046826, 0x0FF6F8F3, 0xA09C7F70, 0x5346ABA0, - 0x5CE96C28, 0xE176EDA3, 0x6BAC307F, 0x376829D2, - 0x85360FA9, 0x17E3FE2A, 0x24B79767, 0xF5A96B20, - 0xD6CD2595, 0x68FF1EBF, 0x7555442C, 0xF19F06BE, - 0xF9E0659A, 0xEEB9491D, 0x34010718, 0xBB30CAB8, - 0xE822FE15, 0x88570983, 0x750E6249, 0xDA627E55, - 0x5E76FFA8, 0xB1534546, 0x6D47DE08, 0xEFE9E7D4 -}; - -static const u_int32_t cast_sbox6[256] = { - 0xF6FA8F9D, 0x2CAC6CE1, 0x4CA34867, 0xE2337F7C, - 0x95DB08E7, 0x016843B4, 0xECED5CBC, 0x325553AC, - 0xBF9F0960, 0xDFA1E2ED, 0x83F0579D, 0x63ED86B9, - 0x1AB6A6B8, 0xDE5EBE39, 0xF38FF732, 0x8989B138, - 0x33F14961, 0xC01937BD, 0xF506C6DA, 0xE4625E7E, - 0xA308EA99, 0x4E23E33C, 0x79CBD7CC, 0x48A14367, - 0xA3149619, 0xFEC94BD5, 0xA114174A, 0xEAA01866, - 0xA084DB2D, 0x09A8486F, 0xA888614A, 0x2900AF98, - 0x01665991, 0xE1992863, 0xC8F30C60, 0x2E78EF3C, - 0xD0D51932, 0xCF0FEC14, 0xF7CA07D2, 0xD0A82072, - 0xFD41197E, 0x9305A6B0, 0xE86BE3DA, 0x74BED3CD, - 0x372DA53C, 0x4C7F4448, 0xDAB5D440, 0x6DBA0EC3, - 0x083919A7, 0x9FBAEED9, 0x49DBCFB0, 0x4E670C53, - 0x5C3D9C01, 0x64BDB941, 0x2C0E636A, 0xBA7DD9CD, - 0xEA6F7388, 0xE70BC762, 0x35F29ADB, 0x5C4CDD8D, - 0xF0D48D8C, 0xB88153E2, 0x08A19866, 0x1AE2EAC8, - 0x284CAF89, 0xAA928223, 0x9334BE53, 0x3B3A21BF, - 0x16434BE3, 0x9AEA3906, 0xEFE8C36E, 0xF890CDD9, - 0x80226DAE, 0xC340A4A3, 0xDF7E9C09, 0xA694A807, - 0x5B7C5ECC, 0x221DB3A6, 0x9A69A02F, 0x68818A54, - 0xCEB2296F, 0x53C0843A, 0xFE893655, 0x25BFE68A, - 0xB4628ABC, 0xCF222EBF, 0x25AC6F48, 0xA9A99387, - 0x53BDDB65, 0xE76FFBE7, 0xE967FD78, 0x0BA93563, - 0x8E342BC1, 0xE8A11BE9, 0x4980740D, 0xC8087DFC, - 0x8DE4BF99, 0xA11101A0, 0x7FD37975, 0xDA5A26C0, - 0xE81F994F, 0x9528CD89, 0xFD339FED, 0xB87834BF, - 0x5F04456D, 0x22258698, 0xC9C4C83B, 0x2DC156BE, - 0x4F628DAA, 0x57F55EC5, 0xE2220ABE, 0xD2916EBF, - 0x4EC75B95, 0x24F2C3C0, 0x42D15D99, 0xCD0D7FA0, - 0x7B6E27FF, 0xA8DC8AF0, 0x7345C106, 0xF41E232F, - 0x35162386, 0xE6EA8926, 0x3333B094, 0x157EC6F2, - 0x372B74AF, 0x692573E4, 0xE9A9D848, 0xF3160289, - 0x3A62EF1D, 0xA787E238, 0xF3A5F676, 0x74364853, - 0x20951063, 0x4576698D, 0xB6FAD407, 0x592AF950, - 0x36F73523, 0x4CFB6E87, 0x7DA4CEC0, 0x6C152DAA, - 0xCB0396A8, 0xC50DFE5D, 0xFCD707AB, 0x0921C42F, - 0x89DFF0BB, 0x5FE2BE78, 0x448F4F33, 0x754613C9, - 0x2B05D08D, 0x48B9D585, 0xDC049441, 0xC8098F9B, - 0x7DEDE786, 0xC39A3373, 0x42410005, 0x6A091751, - 0x0EF3C8A6, 0x890072D6, 0x28207682, 0xA9A9F7BE, - 0xBF32679D, 0xD45B5B75, 0xB353FD00, 0xCBB0E358, - 0x830F220A, 0x1F8FB214, 0xD372CF08, 0xCC3C4A13, - 0x8CF63166, 0x061C87BE, 0x88C98F88, 0x6062E397, - 0x47CF8E7A, 0xB6C85283, 0x3CC2ACFB, 0x3FC06976, - 0x4E8F0252, 0x64D8314D, 0xDA3870E3, 0x1E665459, - 0xC10908F0, 0x513021A5, 0x6C5B68B7, 0x822F8AA0, - 0x3007CD3E, 0x74719EEF, 0xDC872681, 0x073340D4, - 0x7E432FD9, 0x0C5EC241, 0x8809286C, 0xF592D891, - 0x08A930F6, 0x957EF305, 0xB7FBFFBD, 0xC266E96F, - 0x6FE4AC98, 0xB173ECC0, 0xBC60B42A, 0x953498DA, - 0xFBA1AE12, 0x2D4BD736, 0x0F25FAAB, 0xA4F3FCEB, - 0xE2969123, 0x257F0C3D, 0x9348AF49, 0x361400BC, - 0xE8816F4A, 0x3814F200, 0xA3F94043, 0x9C7A54C2, - 0xBC704F57, 0xDA41E7F9, 0xC25AD33A, 0x54F4A084, - 0xB17F5505, 0x59357CBE, 0xEDBD15C8, 0x7F97C5AB, - 0xBA5AC7B5, 0xB6F6DEAF, 0x3A479C3A, 0x5302DA25, - 0x653D7E6A, 0x54268D49, 0x51A477EA, 0x5017D55B, - 0xD7D25D88, 0x44136C76, 0x0404A8C8, 0xB8E5A121, - 0xB81A928A, 0x60ED5869, 0x97C55B96, 0xEAEC991B, - 0x29935913, 0x01FDB7F1, 0x088E8DFA, 0x9AB6F6F5, - 0x3B4CBF9F, 0x4A5DE3AB, 0xE6051D35, 0xA0E1D855, - 0xD36B4CF1, 0xF544EDEB, 0xB0E93524, 0xBEBB8FBD, - 0xA2D762CF, 0x49C92F54, 0x38B5F331, 0x7128A454, - 0x48392905, 0xA65B1DB8, 0x851C97BD, 0xD675CF2F -}; - -static const u_int32_t cast_sbox7[256] = { - 0x85E04019, 0x332BF567, 0x662DBFFF, 0xCFC65693, - 0x2A8D7F6F, 0xAB9BC912, 0xDE6008A1, 0x2028DA1F, - 0x0227BCE7, 0x4D642916, 0x18FAC300, 0x50F18B82, - 0x2CB2CB11, 0xB232E75C, 0x4B3695F2, 0xB28707DE, - 0xA05FBCF6, 0xCD4181E9, 0xE150210C, 0xE24EF1BD, - 0xB168C381, 0xFDE4E789, 0x5C79B0D8, 0x1E8BFD43, - 0x4D495001, 0x38BE4341, 0x913CEE1D, 0x92A79C3F, - 0x089766BE, 0xBAEEADF4, 0x1286BECF, 0xB6EACB19, - 0x2660C200, 0x7565BDE4, 0x64241F7A, 0x8248DCA9, - 0xC3B3AD66, 0x28136086, 0x0BD8DFA8, 0x356D1CF2, - 0x107789BE, 0xB3B2E9CE, 0x0502AA8F, 0x0BC0351E, - 0x166BF52A, 0xEB12FF82, 0xE3486911, 0xD34D7516, - 0x4E7B3AFF, 0x5F43671B, 0x9CF6E037, 0x4981AC83, - 0x334266CE, 0x8C9341B7, 0xD0D854C0, 0xCB3A6C88, - 0x47BC2829, 0x4725BA37, 0xA66AD22B, 0x7AD61F1E, - 0x0C5CBAFA, 0x4437F107, 0xB6E79962, 0x42D2D816, - 0x0A961288, 0xE1A5C06E, 0x13749E67, 0x72FC081A, - 0xB1D139F7, 0xF9583745, 0xCF19DF58, 0xBEC3F756, - 0xC06EBA30, 0x07211B24, 0x45C28829, 0xC95E317F, - 0xBC8EC511, 0x38BC46E9, 0xC6E6FA14, 0xBAE8584A, - 0xAD4EBC46, 0x468F508B, 0x7829435F, 0xF124183B, - 0x821DBA9F, 0xAFF60FF4, 0xEA2C4E6D, 0x16E39264, - 0x92544A8B, 0x009B4FC3, 0xABA68CED, 0x9AC96F78, - 0x06A5B79A, 0xB2856E6E, 0x1AEC3CA9, 0xBE838688, - 0x0E0804E9, 0x55F1BE56, 0xE7E5363B, 0xB3A1F25D, - 0xF7DEBB85, 0x61FE033C, 0x16746233, 0x3C034C28, - 0xDA6D0C74, 0x79AAC56C, 0x3CE4E1AD, 0x51F0C802, - 0x98F8F35A, 0x1626A49F, 0xEED82B29, 0x1D382FE3, - 0x0C4FB99A, 0xBB325778, 0x3EC6D97B, 0x6E77A6A9, - 0xCB658B5C, 0xD45230C7, 0x2BD1408B, 0x60C03EB7, - 0xB9068D78, 0xA33754F4, 0xF430C87D, 0xC8A71302, - 0xB96D8C32, 0xEBD4E7BE, 0xBE8B9D2D, 0x7979FB06, - 0xE7225308, 0x8B75CF77, 0x11EF8DA4, 0xE083C858, - 0x8D6B786F, 0x5A6317A6, 0xFA5CF7A0, 0x5DDA0033, - 0xF28EBFB0, 0xF5B9C310, 0xA0EAC280, 0x08B9767A, - 0xA3D9D2B0, 0x79D34217, 0x021A718D, 0x9AC6336A, - 0x2711FD60, 0x438050E3, 0x069908A8, 0x3D7FEDC4, - 0x826D2BEF, 0x4EEB8476, 0x488DCF25, 0x36C9D566, - 0x28E74E41, 0xC2610ACA, 0x3D49A9CF, 0xBAE3B9DF, - 0xB65F8DE6, 0x92AEAF64, 0x3AC7D5E6, 0x9EA80509, - 0xF22B017D, 0xA4173F70, 0xDD1E16C3, 0x15E0D7F9, - 0x50B1B887, 0x2B9F4FD5, 0x625ABA82, 0x6A017962, - 0x2EC01B9C, 0x15488AA9, 0xD716E740, 0x40055A2C, - 0x93D29A22, 0xE32DBF9A, 0x058745B9, 0x3453DC1E, - 0xD699296E, 0x496CFF6F, 0x1C9F4986, 0xDFE2ED07, - 0xB87242D1, 0x19DE7EAE, 0x053E561A, 0x15AD6F8C, - 0x66626C1C, 0x7154C24C, 0xEA082B2A, 0x93EB2939, - 0x17DCB0F0, 0x58D4F2AE, 0x9EA294FB, 0x52CF564C, - 0x9883FE66, 0x2EC40581, 0x763953C3, 0x01D6692E, - 0xD3A0C108, 0xA1E7160E, 0xE4F2DFA6, 0x693ED285, - 0x74904698, 0x4C2B0EDD, 0x4F757656, 0x5D393378, - 0xA132234F, 0x3D321C5D, 0xC3F5E194, 0x4B269301, - 0xC79F022F, 0x3C997E7E, 0x5E4F9504, 0x3FFAFBBD, - 0x76F7AD0E, 0x296693F4, 0x3D1FCE6F, 0xC61E45BE, - 0xD3B5AB34, 0xF72BF9B7, 0x1B0434C0, 0x4E72B567, - 0x5592A33D, 0xB5229301, 0xCFD2A87F, 0x60AEB767, - 0x1814386B, 0x30BCC33D, 0x38A0C07D, 0xFD1606F2, - 0xC363519B, 0x589DD390, 0x5479F8E6, 0x1CB8D647, - 0x97FD61A9, 0xEA7759F4, 0x2D57539D, 0x569A58CF, - 0xE84E63AD, 0x462E1B78, 0x6580F87E, 0xF3817914, - 0x91DA55F4, 0x40A230F3, 0xD1988F35, 0xB6E318D2, - 0x3FFA50BC, 0x3D40F021, 0xC3C0BDAE, 0x4958C24C, - 0x518F36B2, 0x84B1D370, 0x0FEDCE83, 0x878DDADA, - 0xF2A279C7, 0x94E01BE8, 0x90716F4B, 0x954B8AA3 -}; - -static const u_int32_t cast_sbox8[256] = { - 0xE216300D, 0xBBDDFFFC, 0xA7EBDABD, 0x35648095, - 0x7789F8B7, 0xE6C1121B, 0x0E241600, 0x052CE8B5, - 0x11A9CFB0, 0xE5952F11, 0xECE7990A, 0x9386D174, - 0x2A42931C, 0x76E38111, 0xB12DEF3A, 0x37DDDDFC, - 0xDE9ADEB1, 0x0A0CC32C, 0xBE197029, 0x84A00940, - 0xBB243A0F, 0xB4D137CF, 0xB44E79F0, 0x049EEDFD, - 0x0B15A15D, 0x480D3168, 0x8BBBDE5A, 0x669DED42, - 0xC7ECE831, 0x3F8F95E7, 0x72DF191B, 0x7580330D, - 0x94074251, 0x5C7DCDFA, 0xABBE6D63, 0xAA402164, - 0xB301D40A, 0x02E7D1CA, 0x53571DAE, 0x7A3182A2, - 0x12A8DDEC, 0xFDAA335D, 0x176F43E8, 0x71FB46D4, - 0x38129022, 0xCE949AD4, 0xB84769AD, 0x965BD862, - 0x82F3D055, 0x66FB9767, 0x15B80B4E, 0x1D5B47A0, - 0x4CFDE06F, 0xC28EC4B8, 0x57E8726E, 0x647A78FC, - 0x99865D44, 0x608BD593, 0x6C200E03, 0x39DC5FF6, - 0x5D0B00A3, 0xAE63AFF2, 0x7E8BD632, 0x70108C0C, - 0xBBD35049, 0x2998DF04, 0x980CF42A, 0x9B6DF491, - 0x9E7EDD53, 0x06918548, 0x58CB7E07, 0x3B74EF2E, - 0x522FFFB1, 0xD24708CC, 0x1C7E27CD, 0xA4EB215B, - 0x3CF1D2E2, 0x19B47A38, 0x424F7618, 0x35856039, - 0x9D17DEE7, 0x27EB35E6, 0xC9AFF67B, 0x36BAF5B8, - 0x09C467CD, 0xC18910B1, 0xE11DBF7B, 0x06CD1AF8, - 0x7170C608, 0x2D5E3354, 0xD4DE495A, 0x64C6D006, - 0xBCC0C62C, 0x3DD00DB3, 0x708F8F34, 0x77D51B42, - 0x264F620F, 0x24B8D2BF, 0x15C1B79E, 0x46A52564, - 0xF8D7E54E, 0x3E378160, 0x7895CDA5, 0x859C15A5, - 0xE6459788, 0xC37BC75F, 0xDB07BA0C, 0x0676A3AB, - 0x7F229B1E, 0x31842E7B, 0x24259FD7, 0xF8BEF472, - 0x835FFCB8, 0x6DF4C1F2, 0x96F5B195, 0xFD0AF0FC, - 0xB0FE134C, 0xE2506D3D, 0x4F9B12EA, 0xF215F225, - 0xA223736F, 0x9FB4C428, 0x25D04979, 0x34C713F8, - 0xC4618187, 0xEA7A6E98, 0x7CD16EFC, 0x1436876C, - 0xF1544107, 0xBEDEEE14, 0x56E9AF27, 0xA04AA441, - 0x3CF7C899, 0x92ECBAE6, 0xDD67016D, 0x151682EB, - 0xA842EEDF, 0xFDBA60B4, 0xF1907B75, 0x20E3030F, - 0x24D8C29E, 0xE139673B, 0xEFA63FB8, 0x71873054, - 0xB6F2CF3B, 0x9F326442, 0xCB15A4CC, 0xB01A4504, - 0xF1E47D8D, 0x844A1BE5, 0xBAE7DFDC, 0x42CBDA70, - 0xCD7DAE0A, 0x57E85B7A, 0xD53F5AF6, 0x20CF4D8C, - 0xCEA4D428, 0x79D130A4, 0x3486EBFB, 0x33D3CDDC, - 0x77853B53, 0x37EFFCB5, 0xC5068778, 0xE580B3E6, - 0x4E68B8F4, 0xC5C8B37E, 0x0D809EA2, 0x398FEB7C, - 0x132A4F94, 0x43B7950E, 0x2FEE7D1C, 0x223613BD, - 0xDD06CAA2, 0x37DF932B, 0xC4248289, 0xACF3EBC3, - 0x5715F6B7, 0xEF3478DD, 0xF267616F, 0xC148CBE4, - 0x9052815E, 0x5E410FAB, 0xB48A2465, 0x2EDA7FA4, - 0xE87B40E4, 0xE98EA084, 0x5889E9E1, 0xEFD390FC, - 0xDD07D35B, 0xDB485694, 0x38D7E5B2, 0x57720101, - 0x730EDEBC, 0x5B643113, 0x94917E4F, 0x503C2FBA, - 0x646F1282, 0x7523D24A, 0xE0779695, 0xF9C17A8F, - 0x7A5B2121, 0xD187B896, 0x29263A4D, 0xBA510CDF, - 0x81F47C9F, 0xAD1163ED, 0xEA7B5965, 0x1A00726E, - 0x11403092, 0x00DA6D77, 0x4A0CDD61, 0xAD1F4603, - 0x605BDFB0, 0x9EEDC364, 0x22EBE6A8, 0xCEE7D28A, - 0xA0E736A0, 0x5564A6B9, 0x10853209, 0xC7EB8F37, - 0x2DE705CA, 0x8951570F, 0xDF09822B, 0xBD691A6C, - 0xAA12E4F2, 0x87451C0F, 0xE0F6A27A, 0x3ADA4819, - 0x4CF1764F, 0x0D771C2B, 0x67CDB156, 0x350D8384, - 0x5938FA0F, 0x42399EF3, 0x36997B07, 0x0E84093D, - 0x4AA93E61, 0x8360D87B, 0x1FA98B0C, 0x1149382C, - 0xE97625A5, 0x0614D1B7, 0x0E25244B, 0x0C768347, - 0x589E8D82, 0x0D2059D1, 0xA466BB1E, 0xF8DA0A82, - 0x04F19130, 0xBA6E4EC0, 0x99265164, 0x1EE7230D, - 0x50B2AD80, 0xEAEE6801, 0x8DB2A283, 0xEA8BF59E -}; - -/* Macros to access 8-bit bytes out of a 32-bit word */ -#define U8a(x) ( (u_int8_t) (x>>24) ) -#define U8b(x) ( (u_int8_t) ((x>>16)&255) ) -#define U8c(x) ( (u_int8_t) ((x>>8)&255) ) -#define U8d(x) ( (u_int8_t) ((x)&255) ) - -/* Circular left shift */ -#define ROL(x, n) ( ((x)<<(n)) | ((x)>>(32-(n))) ) - -/* CAST-128 uses three different round functions */ -#define F1(l, r, i) \ - t = ROL(key->xkey[i] + r, key->xkey[i+16]); \ - l ^= ((cast_sbox1[U8a(t)] ^ cast_sbox2[U8b(t)]) - \ - cast_sbox3[U8c(t)]) + cast_sbox4[U8d(t)]; -#define F2(l, r, i) \ - t = ROL(key->xkey[i] ^ r, key->xkey[i+16]); \ - l ^= ((cast_sbox1[U8a(t)] - cast_sbox2[U8b(t)]) + \ - cast_sbox3[U8c(t)]) ^ cast_sbox4[U8d(t)]; -#define F3(l, r, i) \ - t = ROL(key->xkey[i] - r, key->xkey[i+16]); \ - l ^= ((cast_sbox1[U8a(t)] + cast_sbox2[U8b(t)]) ^ \ - cast_sbox3[U8c(t)]) - cast_sbox4[U8d(t)]; - - -/***** Encryption Function *****/ - -void cast_encrypt(cast_key* key, u_int8_t* inblock, u_int8_t* outblock) -{ -u_int32_t t, l, r; - - /* Get inblock into l,r */ - l = ((u_int32_t)inblock[0] << 24) | ((u_int32_t)inblock[1] << 16) | - ((u_int32_t)inblock[2] << 8) | (u_int32_t)inblock[3]; - r = ((u_int32_t)inblock[4] << 24) | ((u_int32_t)inblock[5] << 16) | - ((u_int32_t)inblock[6] << 8) | (u_int32_t)inblock[7]; - /* Do the work */ - F1(l, r, 0); - F2(r, l, 1); - F3(l, r, 2); - F1(r, l, 3); - F2(l, r, 4); - F3(r, l, 5); - F1(l, r, 6); - F2(r, l, 7); - F3(l, r, 8); - F1(r, l, 9); - F2(l, r, 10); - F3(r, l, 11); - /* Only do full 16 rounds if key length > 80 bits */ - if (key->rounds > 12) { - F1(l, r, 12); - F2(r, l, 13); - F3(l, r, 14); - F1(r, l, 15); - } - /* Put l,r into outblock */ - outblock[0] = U8a(r); - outblock[1] = U8b(r); - outblock[2] = U8c(r); - outblock[3] = U8d(r); - outblock[4] = U8a(l); - outblock[5] = U8b(l); - outblock[6] = U8c(l); - outblock[7] = U8d(l); - /* Wipe clean */ - t = l = r = 0; -} - - -/***** Decryption Function *****/ - -void cast_decrypt(cast_key* key, u_int8_t* inblock, u_int8_t* outblock) -{ -u_int32_t t, l, r; - - /* Get inblock into l,r */ - r = ((u_int32_t)inblock[0] << 24) | ((u_int32_t)inblock[1] << 16) | - ((u_int32_t)inblock[2] << 8) | (u_int32_t)inblock[3]; - l = ((u_int32_t)inblock[4] << 24) | ((u_int32_t)inblock[5] << 16) | - ((u_int32_t)inblock[6] << 8) | (u_int32_t)inblock[7]; - /* Do the work */ - /* Only do full 16 rounds if key length > 80 bits */ - if (key->rounds > 12) { - F1(r, l, 15); - F3(l, r, 14); - F2(r, l, 13); - F1(l, r, 12); - } - F3(r, l, 11); - F2(l, r, 10); - F1(r, l, 9); - F3(l, r, 8); - F2(r, l, 7); - F1(l, r, 6); - F3(r, l, 5); - F2(l, r, 4); - F1(r, l, 3); - F3(l, r, 2); - F2(r, l, 1); - F1(l, r, 0); - /* Put l,r into outblock */ - outblock[0] = U8a(l); - outblock[1] = U8b(l); - outblock[2] = U8c(l); - outblock[3] = U8d(l); - outblock[4] = U8a(r); - outblock[5] = U8b(r); - outblock[6] = U8c(r); - outblock[7] = U8d(r); - /* Wipe clean */ - t = l = r = 0; -} - - -/***** Key Schedual *****/ - -void cast_setkey(cast_key* key, u_int8_t* rawkey, int keybytes) -{ -u_int32_t t[4], z[4], x[4]; -int i; - - /* Set number of rounds to 12 or 16, depending on key length */ - key->rounds = (keybytes <= 10 ? 12 : 16); - - /* Copy key to workspace x */ - for (i = 0; i < 4; i++) { - x[i] = 0; - if ((i*4+0) < keybytes) x[i] = (u_int32_t)rawkey[i*4+0] << 24; - if ((i*4+1) < keybytes) x[i] |= (u_int32_t)rawkey[i*4+1] << 16; - if ((i*4+2) < keybytes) x[i] |= (u_int32_t)rawkey[i*4+2] << 8; - if ((i*4+3) < keybytes) x[i] |= (u_int32_t)rawkey[i*4+3]; - } - /* Generate 32 subkeys, four at a time */ - for (i = 0; i < 32; i+=4) { - switch (i & 4) { - case 0: - t[0] = z[0] = x[0] ^ cast_sbox5[U8b(x[3])] ^ - cast_sbox6[U8d(x[3])] ^ cast_sbox7[U8a(x[3])] ^ - cast_sbox8[U8c(x[3])] ^ cast_sbox7[U8a(x[2])]; - t[1] = z[1] = x[2] ^ cast_sbox5[U8a(z[0])] ^ - cast_sbox6[U8c(z[0])] ^ cast_sbox7[U8b(z[0])] ^ - cast_sbox8[U8d(z[0])] ^ cast_sbox8[U8c(x[2])]; - t[2] = z[2] = x[3] ^ cast_sbox5[U8d(z[1])] ^ - cast_sbox6[U8c(z[1])] ^ cast_sbox7[U8b(z[1])] ^ - cast_sbox8[U8a(z[1])] ^ cast_sbox5[U8b(x[2])]; - t[3] = z[3] = x[1] ^ cast_sbox5[U8c(z[2])] ^ - cast_sbox6[U8b(z[2])] ^ cast_sbox7[U8d(z[2])] ^ - cast_sbox8[U8a(z[2])] ^ cast_sbox6[U8d(x[2])]; - break; - case 4: - t[0] = x[0] = z[2] ^ cast_sbox5[U8b(z[1])] ^ - cast_sbox6[U8d(z[1])] ^ cast_sbox7[U8a(z[1])] ^ - cast_sbox8[U8c(z[1])] ^ cast_sbox7[U8a(z[0])]; - t[1] = x[1] = z[0] ^ cast_sbox5[U8a(x[0])] ^ - cast_sbox6[U8c(x[0])] ^ cast_sbox7[U8b(x[0])] ^ - cast_sbox8[U8d(x[0])] ^ cast_sbox8[U8c(z[0])]; - t[2] = x[2] = z[1] ^ cast_sbox5[U8d(x[1])] ^ - cast_sbox6[U8c(x[1])] ^ cast_sbox7[U8b(x[1])] ^ - cast_sbox8[U8a(x[1])] ^ cast_sbox5[U8b(z[0])]; - t[3] = x[3] = z[3] ^ cast_sbox5[U8c(x[2])] ^ - cast_sbox6[U8b(x[2])] ^ cast_sbox7[U8d(x[2])] ^ - cast_sbox8[U8a(x[2])] ^ cast_sbox6[U8d(z[0])]; - break; - } - switch (i & 12) { - case 0: - case 12: - key->xkey[i+0] = cast_sbox5[U8a(t[2])] ^ cast_sbox6[U8b(t[2])] ^ - cast_sbox7[U8d(t[1])] ^ cast_sbox8[U8c(t[1])]; - key->xkey[i+1] = cast_sbox5[U8c(t[2])] ^ cast_sbox6[U8d(t[2])] ^ - cast_sbox7[U8b(t[1])] ^ cast_sbox8[U8a(t[1])]; - key->xkey[i+2] = cast_sbox5[U8a(t[3])] ^ cast_sbox6[U8b(t[3])] ^ - cast_sbox7[U8d(t[0])] ^ cast_sbox8[U8c(t[0])]; - key->xkey[i+3] = cast_sbox5[U8c(t[3])] ^ cast_sbox6[U8d(t[3])] ^ - cast_sbox7[U8b(t[0])] ^ cast_sbox8[U8a(t[0])]; - break; - case 4: - case 8: - key->xkey[i+0] = cast_sbox5[U8d(t[0])] ^ cast_sbox6[U8c(t[0])] ^ - cast_sbox7[U8a(t[3])] ^ cast_sbox8[U8b(t[3])]; - key->xkey[i+1] = cast_sbox5[U8b(t[0])] ^ cast_sbox6[U8a(t[0])] ^ - cast_sbox7[U8c(t[3])] ^ cast_sbox8[U8d(t[3])]; - key->xkey[i+2] = cast_sbox5[U8d(t[1])] ^ cast_sbox6[U8c(t[1])] ^ - cast_sbox7[U8a(t[2])] ^ cast_sbox8[U8b(t[2])]; - key->xkey[i+3] = cast_sbox5[U8b(t[1])] ^ cast_sbox6[U8a(t[1])] ^ - cast_sbox7[U8c(t[2])] ^ cast_sbox8[U8d(t[2])]; - break; - } - switch (i & 12) { - case 0: - key->xkey[i+0] ^= cast_sbox5[U8c(z[0])]; - key->xkey[i+1] ^= cast_sbox6[U8c(z[1])]; - key->xkey[i+2] ^= cast_sbox7[U8b(z[2])]; - key->xkey[i+3] ^= cast_sbox8[U8a(z[3])]; - break; - case 4: - key->xkey[i+0] ^= cast_sbox5[U8a(x[2])]; - key->xkey[i+1] ^= cast_sbox6[U8b(x[3])]; - key->xkey[i+2] ^= cast_sbox7[U8d(x[0])]; - key->xkey[i+3] ^= cast_sbox8[U8d(x[1])]; - break; - case 8: - key->xkey[i+0] ^= cast_sbox5[U8b(z[2])]; - key->xkey[i+1] ^= cast_sbox6[U8a(z[3])]; - key->xkey[i+2] ^= cast_sbox7[U8c(z[0])]; - key->xkey[i+3] ^= cast_sbox8[U8c(z[1])]; - break; - case 12: - key->xkey[i+0] ^= cast_sbox5[U8d(x[0])]; - key->xkey[i+1] ^= cast_sbox6[U8d(x[1])]; - key->xkey[i+2] ^= cast_sbox7[U8a(x[2])]; - key->xkey[i+3] ^= cast_sbox8[U8b(x[3])]; - break; - } - if (i >= 16) { - key->xkey[i+0] &= 31; - key->xkey[i+1] &= 31; - key->xkey[i+2] &= 31; - key->xkey[i+3] &= 31; - } - } - /* Wipe clean */ - for (i = 0; i < 4; i++) { - t[i] = x[i] = z[i] = 0; - } -} - -/* Made in Canada */ - diff --git a/src/lib/libc/crypt/chacha_private.h b/src/lib/libc/crypt/chacha_private.h new file mode 100644 index 00000000000..7c3680fa6d6 --- /dev/null +++ b/src/lib/libc/crypt/chacha_private.h @@ -0,0 +1,222 @@ +/* +chacha-merged.c version 20080118 +D. J. Bernstein +Public domain. +*/ + +/* $OpenBSD: chacha_private.h,v 1.2 2013/10/04 07:02:27 djm Exp $ */ + +typedef unsigned char u8; +typedef unsigned int u32; + +typedef struct +{ + u32 input[16]; /* could be compressed */ +} chacha_ctx; + +#define U8C(v) (v##U) +#define U32C(v) (v##U) + +#define U8V(v) ((u8)(v) & U8C(0xFF)) +#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) + +#define ROTL32(v, n) \ + (U32V((v) << (n)) | ((v) >> (32 - (n)))) + +#define U8TO32_LITTLE(p) \ + (((u32)((p)[0]) ) | \ + ((u32)((p)[1]) << 8) | \ + ((u32)((p)[2]) << 16) | \ + ((u32)((p)[3]) << 24)) + +#define U32TO8_LITTLE(p, v) \ + do { \ + (p)[0] = U8V((v) ); \ + (p)[1] = U8V((v) >> 8); \ + (p)[2] = U8V((v) >> 16); \ + (p)[3] = U8V((v) >> 24); \ + } while (0) + +#define ROTATE(v,c) (ROTL32(v,c)) +#define XOR(v,w) ((v) ^ (w)) +#define PLUS(v,w) (U32V((v) + (w))) +#define PLUSONE(v) (PLUS((v),1)) + +#define QUARTERROUND(a,b,c,d) \ + a = PLUS(a,b); d = ROTATE(XOR(d,a),16); \ + c = PLUS(c,d); b = ROTATE(XOR(b,c),12); \ + a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); \ + c = PLUS(c,d); b = ROTATE(XOR(b,c), 7); + +static const char sigma[16] = "expand 32-byte k"; +static const char tau[16] = "expand 16-byte k"; + +static void +chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits,u32 ivbits) +{ + const char *constants; + + x->input[4] = U8TO32_LITTLE(k + 0); + x->input[5] = U8TO32_LITTLE(k + 4); + x->input[6] = U8TO32_LITTLE(k + 8); + x->input[7] = U8TO32_LITTLE(k + 12); + if (kbits == 256) { /* recommended */ + k += 16; + constants = sigma; + } else { /* kbits == 128 */ + constants = tau; + } + x->input[8] = U8TO32_LITTLE(k + 0); + x->input[9] = U8TO32_LITTLE(k + 4); + x->input[10] = U8TO32_LITTLE(k + 8); + x->input[11] = U8TO32_LITTLE(k + 12); + x->input[0] = U8TO32_LITTLE(constants + 0); + x->input[1] = U8TO32_LITTLE(constants + 4); + x->input[2] = U8TO32_LITTLE(constants + 8); + x->input[3] = U8TO32_LITTLE(constants + 12); +} + +static void +chacha_ivsetup(chacha_ctx *x,const u8 *iv) +{ + x->input[12] = 0; + x->input[13] = 0; + x->input[14] = U8TO32_LITTLE(iv + 0); + x->input[15] = U8TO32_LITTLE(iv + 4); +} + +static void +chacha_encrypt_bytes(chacha_ctx *x,const u8 *m,u8 *c,u32 bytes) +{ + u32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15; + u32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15; + u8 *ctarget = NULL; + u8 tmp[64]; + u_int i; + + if (!bytes) return; + + j0 = x->input[0]; + j1 = x->input[1]; + j2 = x->input[2]; + j3 = x->input[3]; + j4 = x->input[4]; + j5 = x->input[5]; + j6 = x->input[6]; + j7 = x->input[7]; + j8 = x->input[8]; + j9 = x->input[9]; + j10 = x->input[10]; + j11 = x->input[11]; + j12 = x->input[12]; + j13 = x->input[13]; + j14 = x->input[14]; + j15 = x->input[15]; + + for (;;) { + if (bytes < 64) { + for (i = 0;i < bytes;++i) tmp[i] = m[i]; + m = tmp; + ctarget = c; + c = tmp; + } + x0 = j0; + x1 = j1; + x2 = j2; + x3 = j3; + x4 = j4; + x5 = j5; + x6 = j6; + x7 = j7; + x8 = j8; + x9 = j9; + x10 = j10; + x11 = j11; + x12 = j12; + x13 = j13; + x14 = j14; + x15 = j15; + for (i = 20;i > 0;i -= 2) { + QUARTERROUND( x0, x4, x8,x12) + QUARTERROUND( x1, x5, x9,x13) + QUARTERROUND( x2, x6,x10,x14) + QUARTERROUND( x3, x7,x11,x15) + QUARTERROUND( x0, x5,x10,x15) + QUARTERROUND( x1, x6,x11,x12) + QUARTERROUND( x2, x7, x8,x13) + QUARTERROUND( x3, x4, x9,x14) + } + x0 = PLUS(x0,j0); + x1 = PLUS(x1,j1); + x2 = PLUS(x2,j2); + x3 = PLUS(x3,j3); + x4 = PLUS(x4,j4); + x5 = PLUS(x5,j5); + x6 = PLUS(x6,j6); + x7 = PLUS(x7,j7); + x8 = PLUS(x8,j8); + x9 = PLUS(x9,j9); + x10 = PLUS(x10,j10); + x11 = PLUS(x11,j11); + x12 = PLUS(x12,j12); + x13 = PLUS(x13,j13); + x14 = PLUS(x14,j14); + x15 = PLUS(x15,j15); + +#ifndef KEYSTREAM_ONLY + x0 = XOR(x0,U8TO32_LITTLE(m + 0)); + x1 = XOR(x1,U8TO32_LITTLE(m + 4)); + x2 = XOR(x2,U8TO32_LITTLE(m + 8)); + x3 = XOR(x3,U8TO32_LITTLE(m + 12)); + x4 = XOR(x4,U8TO32_LITTLE(m + 16)); + x5 = XOR(x5,U8TO32_LITTLE(m + 20)); + x6 = XOR(x6,U8TO32_LITTLE(m + 24)); + x7 = XOR(x7,U8TO32_LITTLE(m + 28)); + x8 = XOR(x8,U8TO32_LITTLE(m + 32)); + x9 = XOR(x9,U8TO32_LITTLE(m + 36)); + x10 = XOR(x10,U8TO32_LITTLE(m + 40)); + x11 = XOR(x11,U8TO32_LITTLE(m + 44)); + x12 = XOR(x12,U8TO32_LITTLE(m + 48)); + x13 = XOR(x13,U8TO32_LITTLE(m + 52)); + x14 = XOR(x14,U8TO32_LITTLE(m + 56)); + x15 = XOR(x15,U8TO32_LITTLE(m + 60)); +#endif + + j12 = PLUSONE(j12); + if (!j12) { + j13 = PLUSONE(j13); + /* stopping at 2^70 bytes per nonce is user's responsibility */ + } + + U32TO8_LITTLE(c + 0,x0); + U32TO8_LITTLE(c + 4,x1); + U32TO8_LITTLE(c + 8,x2); + U32TO8_LITTLE(c + 12,x3); + U32TO8_LITTLE(c + 16,x4); + U32TO8_LITTLE(c + 20,x5); + U32TO8_LITTLE(c + 24,x6); + U32TO8_LITTLE(c + 28,x7); + U32TO8_LITTLE(c + 32,x8); + U32TO8_LITTLE(c + 36,x9); + U32TO8_LITTLE(c + 40,x10); + U32TO8_LITTLE(c + 44,x11); + U32TO8_LITTLE(c + 48,x12); + U32TO8_LITTLE(c + 52,x13); + U32TO8_LITTLE(c + 56,x14); + U32TO8_LITTLE(c + 60,x15); + + if (bytes <= 64) { + if (bytes < 64) { + for (i = 0;i < bytes;++i) ctarget[i] = c[i]; + } + x->input[12] = j12; + x->input[13] = j13; + return; + } + bytes -= 64; + c += 64; +#ifndef KEYSTREAM_ONLY + m += 64; +#endif + } +} diff --git a/src/lib/libc/crypt/crypt.3 b/src/lib/libc/crypt/crypt.3 index 5f0f1cdba85..c8ebf9861d4 100644 --- a/src/lib/libc/crypt/crypt.3 +++ b/src/lib/libc/crypt/crypt.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: crypt.3,v 1.19 2002/01/24 20:33:45 mickey Exp $ +.\" $OpenBSD: crypt.3,v 1.45 2015/04/06 20:49:41 tedu Exp $ .\" .\" FreeSec: libcrypt .\" @@ -31,103 +31,59 @@ .\" .\" Manual page, using -mandoc macros .\" -.Dd March 9, 1994 +.Dd $Mdocdate: April 6 2015 $ .Dt CRYPT 3 .Os .Sh NAME .Nm crypt , -.Nm setkey , -.Nm encrypt , -.Nm des_setkey , -.Nm des_cipher -.Nd DES encryption +.Nm bcrypt_gensalt , +.Nm bcrypt +.Nd password hashing .Sh SYNOPSIS -.Fd #include +.In stdlib.h +.Pp +.In unistd.h .Ft char * .Fn crypt "const char *key" "const char *setting" -.Ft int -.Fn setkey "char *key" -.Ft int -.Fn encrypt "char *block" "int flag" -.Ft int -.Fn des_setkey "const char *key" -.Ft int -.Fn des_cipher "const char *in" "char *out" "int32_t salt" "int count" +.In pwd.h +.Ft char * +.Fn bcrypt_gensalt "u_int8_t log_rounds" +.Ft char * +.Fn bcrypt "const char *key" "const char *salt" .Sh DESCRIPTION +These functions are deprecated in favor of +.Xr crypt_checkpass 3 +and +.Xr crypt_newhash 3 . +.Pp The .Fn crypt -function performs password encryption based on the -.Tn NBS -Data Encryption Standard (DES). +function performs password hashing. Additional code has been added to deter key search attempts and to use stronger hashing algorithms. .Pp The first argument to .Fn crypt -is a -.Dv null Ns -terminated -string, typically a user's typed password. -The second is in one of three forms: -if it begins with an underscore -.Pq Ql _ -then an extended format is used -in interpreting both the key and the setting, as outlined below. +is a NUL-terminated +string +.Fa key , +typically a user's typed password. +The second, +.Fa setting , +currently supports a single form. If it begins with a string character .Pq Ql $ and a number then a different algorithm is used depending on the number. -At the moment a -.Ql $1 -chooses MD5 hashing and a +At the moment .Ql $2 chooses Blowfish hashing; see below for more information. -.Ss Extended crypt -The -.Ar key -is divided into groups of 8 characters (the last group is null-padded) -and the low-order 7 bits of each character (56 bits per group) are -used to form the DES key as follows: -the first group of 56 bits becomes the initial DES key. -For each additional group, the XOR of the encryption of the current DES -key with itself and the group bits becomes the next DES key. -.Pp -The setting is a 9-character array consisting of an underscore followed -by 4 bytes of iteration count and 4 bytes of salt. -These are encoded as printable characters, 6 bits per character, -least significant character first. -The values 0 to 63 are encoded as -.Dq \&./0-9A-Za-z . -This allows 24 bits for both -.Fa count -and -.Fa salt . -.Ss "MD5" crypt -For -.Tn MD5 -crypt the version number, -.Fa salt -and the hashed password are separated by the -.Ql $ -character. -The maximum length of a password is limited by -the length counter of the MD5 context, which is about -2**64. -A valid MD5 password entry looks like this: -.Pp -.Dq $1$caeiHQwX$hsKqOjrFRRN6K32OWkCBf1 . -.Pp -The whole MD5 password string is passed as -.Fa setting -for interpretation. -.Ss "Blowfish" crypt -The -.Tn Blowfish -version of crypt has 128 bits of +.Ss Blowfish crypt +The Blowfish version of crypt has 128 bits of .Fa salt in order to make building dictionaries of common passwords space consuming. The initial state of the -.Tn Blowfish -cipher is expanded using the +Blowfish cipher is expanded using the .Fa salt and the .Fa password @@ -138,9 +94,7 @@ The final Blowfish password entry is created by encrypting the string .Pp .Dq OrpheanBeholderScryDoubt .Pp -with the -.Tn Blowfish -state 64 times. +with the Blowfish state 64 times. .Pp The version number, the logarithm of the number of rounds and the concatenation of salt and hashed password are separated by the @@ -151,161 +105,37 @@ An encoded would specify 256 rounds. A valid Blowfish password looks like this: .Pp -.Dq $2a$12$eIAq8PR8sIUnJ1HaohxX2O9x9Qlm2vK97LJ5dsXdmB.eXF42qjchC . +.Dq $2b$12$FPWWO2RJ3CK4FINTw0Hi8OiPKJcX653gzSS.jqltHFMxyDmmQ0Hqq . .Pp The whole Blowfish password string is passed as .Fa setting for interpretation. -.Ss "Traditional" crypt -The first 8 bytes of the key are null-padded, and the low-order 7 bits of -each character is used to form the 56-bit -.Tn DES -key. -.Pp -The setting is a 2-character array of the ASCII-encoded salt. -Thus only 12 bits of -.Fa salt -are used. -.Fa count -is set to 25. -.Ss DES Algorithm -The -.Fa salt -introduces disorder in the -.Tn DES -algorithm in one of 16777216 or 4096 possible ways -(i.e., with 24 or 12 bits: if bit -.Em i -of the -.Ar salt -is set, then bits -.Em i -and -.Em i+24 -are swapped in the -.Tn DES -E-box output). -.Pp -The DES key is used to encrypt a 64-bit constant using -.Ar count -iterations of -.Tn DES . -The value returned is a -.Dv null Ns -terminated -string, 20 or 13 bytes (plus null) in length, consisting of the -.Ar setting -followed by the encoded 64-bit encryption. -.Pp -The functions -.Fn encrypt , -.Fn setkey , -.Fn des_setkey , -and -.Fn des_cipher -provide access to the -.Tn DES -algorithm itself. -.Fn setkey -is passed a 64-byte array of binary values (numeric 0 or 1). -A 56-bit key is extracted from this array by dividing the -array into groups of 8, and ignoring the last bit in each group. -That bit is reserved for a byte parity check by DES, but is ignored -by these functions. -.Pp -The -.Fa block -argument to -.Fn encrypt -is also a 64-byte array of binary values. -If the value of -.Fa flag -is 0, -.Fa block -is encrypted otherwise it is decrypted. -The result is returned in the original array -.Fa block -after using the key specified by -.Fn setkey -to process it. -.Pp -The argument to -.Fn des_setkey -is a character array of length 8. -The least significant bit (the parity bit) in each character is ignored, -and the remaining bits are concatenated to form a 56-bit key. -The function -.Fn des_cipher -encrypts (or decrypts if -.Fa count -is negative) the 64-bits stored in the 8 characters at -.Fa in -using -.Xr abs 3 -of -.Fa count -iterations of -.Tn DES -and stores the 64-bit result in the 8 characters at -.Fa out -(which may be the same as -.Fa in ) . -The -.Fa salt -specifies perturbations to the -.Tn DES -E-box output as described above. -.Pp +.Sh RETURN VALUES The function .Fn crypt returns a pointer to the encrypted value on success, and .Dv NULL on failure. -The functions -.Fn setkey , -.Fn encrypt , -.Fn des_setkey , -and -.Fn des_cipher -return 0 on success and 1 on failure. -.Pp -The -.Fn crypt , -.Fn setkey , -and -.Fn des_setkey -functions all manipulate the same key space. .Sh SEE ALSO +.Xr encrypt 1 , .Xr login 1 , .Xr passwd 1 , .Xr blowfish 3 , +.Xr crypt_checkpass 3 , .Xr getpass 3 , -.Xr md5 3 , .Xr passwd 5 -.Sh AUTHORS -David Burren .Sh HISTORY A rotor-based .Fn crypt function appeared in .At v3 . -The current style +A DES-based .Fn crypt first appeared in .At v7 . -.Pp -This library (FreeSec 1.0) was developed outside the United States of America -as an unencumbered replacement for the U.S.-only libcrypt encryption -library. -Programs linked against the -.Fn crypt -interface may be exported from the U.S.A. only if they use -.Fn crypt -solely for authentication purposes and avoid use of -the other programmer interfaces listed above. -Special care has been taken -in the library so that programs which only use the -.Fn crypt -interface do not pull in the other components. +.Fn bcrypt +first appeared in +.Ox 2.1 . .Sh BUGS The .Fn crypt diff --git a/src/lib/libc/crypt/crypt.c b/src/lib/libc/crypt/crypt.c index 17b50b7f522..40d5503544f 100644 --- a/src/lib/libc/crypt/crypt.c +++ b/src/lib/libc/crypt/crypt.c @@ -1,713 +1,22 @@ -/* $OpenBSD: crypt.c,v 1.16 2002/04/29 06:26:50 pvalchev Exp $ */ +/* $OpenBSD: crypt.c,v 1.31 2015/09/12 14:56:50 guenther Exp $ */ -/* - * FreeSec: libcrypt - * - * Copyright (c) 1994 David Burren - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 4. Neither the name of the author nor the names of other contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * - * This is an original implementation of the DES and the crypt(3) interfaces - * by David Burren . - * - * An excellent reference on the underlying algorithm (and related - * algorithms) is: - * - * B. Schneier, Applied Cryptography: protocols, algorithms, - * and source code in C, John Wiley & Sons, 1994. - * - * Note that in that book's description of DES the lookups for the initial, - * pbox, and final permutations are inverted (this has been brought to the - * attention of the author). A list of errata for this book has been - * posted to the sci.crypt newsgroup by the author and is available for FTP. - * - * NOTE: - * This file has a static version of des_setkey() so that crypt.o exports - * only the crypt() interface. This is required to make binaries linked - * against crypt.o exportable or re-exportable from the USA. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$OpenBSD: crypt.c,v 1.16 2002/04/29 06:26:50 pvalchev Exp $"; -#endif /* LIBC_SCCS and not lint */ - -#include -#include +#include #include -#include - -#ifdef DEBUG -# include -#endif - -static u_char IP[64] = { - 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4, - 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8, - 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3, - 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7 -}; - -static u_char inv_key_perm[64]; -static u_char u_key_perm[56]; -static u_char key_perm[56] = { - 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18, - 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36, - 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22, - 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4 -}; - -static u_char key_shifts[16] = { - 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1 -}; - -static u_char inv_comp_perm[56]; -static u_char comp_perm[48] = { - 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10, - 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2, - 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48, - 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32 -}; - -/* - * No E box is used, as it's replaced by some ANDs, shifts, and ORs. - */ - -static u_char u_sbox[8][64]; -static u_char sbox[8][64] = { - { - 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7, - 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8, - 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0, - 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13 - }, - { - 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10, - 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5, - 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15, - 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9 - }, - { - 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8, - 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1, - 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7, - 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12 - }, - { - 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15, - 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9, - 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4, - 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14 - }, - { - 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9, - 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6, - 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14, - 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3 - }, - { - 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11, - 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8, - 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6, - 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13 - }, - { - 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1, - 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6, - 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2, - 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12 - }, - { - 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7, - 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2, - 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8, - 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11 - } -}; - -static u_char un_pbox[32]; -static u_char pbox[32] = { - 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10, - 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25 -}; - -static u_int32_t bits32[32] = -{ - 0x80000000, 0x40000000, 0x20000000, 0x10000000, - 0x08000000, 0x04000000, 0x02000000, 0x01000000, - 0x00800000, 0x00400000, 0x00200000, 0x00100000, - 0x00080000, 0x00040000, 0x00020000, 0x00010000, - 0x00008000, 0x00004000, 0x00002000, 0x00001000, - 0x00000800, 0x00000400, 0x00000200, 0x00000100, - 0x00000080, 0x00000040, 0x00000020, 0x00000010, - 0x00000008, 0x00000004, 0x00000002, 0x00000001 -}; - -static u_char bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 }; - -static u_int32_t saltbits; -static int32_t old_salt; -static u_int32_t *bits28, *bits24; -static u_char init_perm[64], final_perm[64]; -static u_int32_t en_keysl[16], en_keysr[16]; -static u_int32_t de_keysl[16], de_keysr[16]; -static int des_initialised = 0; -static u_char m_sbox[4][4096]; -static u_int32_t psbox[4][256]; -static u_int32_t ip_maskl[8][256], ip_maskr[8][256]; -static u_int32_t fp_maskl[8][256], fp_maskr[8][256]; -static u_int32_t key_perm_maskl[8][128], key_perm_maskr[8][128]; -static u_int32_t comp_maskl[8][128], comp_maskr[8][128]; -static u_int32_t old_rawkey0, old_rawkey1; - -static u_char ascii64[] = - "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; -/* 0000000000111111111122222222223333333333444444444455555555556666 */ -/* 0123456789012345678901234567890123456789012345678901234567890123 */ - -static __inline int -ascii_to_bin(ch) - char ch; -{ - if (ch > 'z') - return(0); - if (ch >= 'a') - return(ch - 'a' + 38); - if (ch > 'Z') - return(0); - if (ch >= 'A') - return(ch - 'A' + 12); - if (ch > '9') - return(0); - if (ch >= '.') - return(ch - '.'); - return(0); -} - -static void -des_init() -{ - int i, j, b, k, inbit, obit; - u_int32_t *p, *il, *ir, *fl, *fr; - - old_rawkey0 = old_rawkey1 = 0; - saltbits = 0; - old_salt = 0; - bits24 = (bits28 = bits32 + 4) + 4; - - /* - * Invert the S-boxes, reordering the input bits. - */ - for (i = 0; i < 8; i++) - for (j = 0; j < 64; j++) { - b = (j & 0x20) | ((j & 1) << 4) | ((j >> 1) & 0xf); - u_sbox[i][j] = sbox[i][b]; - } - - /* - * Convert the inverted S-boxes into 4 arrays of 8 bits. - * Each will handle 12 bits of the S-box input. - */ - for (b = 0; b < 4; b++) - for (i = 0; i < 64; i++) - for (j = 0; j < 64; j++) - m_sbox[b][(i << 6) | j] = - (u_sbox[(b << 1)][i] << 4) | - u_sbox[(b << 1) + 1][j]; - - /* - * Set up the initial & final permutations into a useful form, and - * initialise the inverted key permutation. - */ - for (i = 0; i < 64; i++) { - init_perm[final_perm[i] = IP[i] - 1] = i; - inv_key_perm[i] = 255; - } - - /* - * Invert the key permutation and initialise the inverted key - * compression permutation. - */ - for (i = 0; i < 56; i++) { - u_key_perm[i] = key_perm[i] - 1; - inv_key_perm[key_perm[i] - 1] = i; - inv_comp_perm[i] = 255; - } - - /* - * Invert the key compression permutation. - */ - for (i = 0; i < 48; i++) { - inv_comp_perm[comp_perm[i] - 1] = i; - } - - /* - * Set up the OR-mask arrays for the initial and final permutations, - * and for the key initial and compression permutations. - */ - for (k = 0; k < 8; k++) { - for (i = 0; i < 256; i++) { - *(il = &ip_maskl[k][i]) = 0; - *(ir = &ip_maskr[k][i]) = 0; - *(fl = &fp_maskl[k][i]) = 0; - *(fr = &fp_maskr[k][i]) = 0; - for (j = 0; j < 8; j++) { - inbit = 8 * k + j; - if (i & bits8[j]) { - if ((obit = init_perm[inbit]) < 32) - *il |= bits32[obit]; - else - *ir |= bits32[obit-32]; - if ((obit = final_perm[inbit]) < 32) - *fl |= bits32[obit]; - else - *fr |= bits32[obit - 32]; - } - } - } - for (i = 0; i < 128; i++) { - *(il = &key_perm_maskl[k][i]) = 0; - *(ir = &key_perm_maskr[k][i]) = 0; - for (j = 0; j < 7; j++) { - inbit = 8 * k + j; - if (i & bits8[j + 1]) { - if ((obit = inv_key_perm[inbit]) == 255) - continue; - if (obit < 28) - *il |= bits28[obit]; - else - *ir |= bits28[obit - 28]; - } - } - *(il = &comp_maskl[k][i]) = 0; - *(ir = &comp_maskr[k][i]) = 0; - for (j = 0; j < 7; j++) { - inbit = 7 * k + j; - if (i & bits8[j + 1]) { - if ((obit=inv_comp_perm[inbit]) == 255) - continue; - if (obit < 24) - *il |= bits24[obit]; - else - *ir |= bits24[obit - 24]; - } - } - } - } - - /* - * Invert the P-box permutation, and convert into OR-masks for - * handling the output of the S-box arrays setup above. - */ - for (i = 0; i < 32; i++) - un_pbox[pbox[i] - 1] = i; - - for (b = 0; b < 4; b++) - for (i = 0; i < 256; i++) { - *(p = &psbox[b][i]) = 0; - for (j = 0; j < 8; j++) { - if (i & bits8[j]) - *p |= bits32[un_pbox[8 * b + j]]; - } - } - - des_initialised = 1; -} - -static void -setup_salt(salt) - int32_t salt; -{ - u_int32_t obit, saltbit; - int i; - - if (salt == old_salt) - return; - old_salt = salt; - - saltbits = 0; - saltbit = 1; - obit = 0x800000; - for (i = 0; i < 24; i++) { - if (salt & saltbit) - saltbits |= obit; - saltbit <<= 1; - obit >>= 1; - } -} - -static int -des_setkey(key) - const char *key; -{ - u_int32_t k0, k1, rawkey0, rawkey1; - int shifts, round; - - if (!des_initialised) - des_init(); - - rawkey0 = ntohl(*(u_int32_t *) key); - rawkey1 = ntohl(*(u_int32_t *) (key + 4)); - - if ((rawkey0 | rawkey1) - && rawkey0 == old_rawkey0 - && rawkey1 == old_rawkey1) { - /* - * Already setup for this key. - * This optimisation fails on a zero key (which is weak and - * has bad parity anyway) in order to simplify the starting - * conditions. - */ - return(0); - } - old_rawkey0 = rawkey0; - old_rawkey1 = rawkey1; - - /* - * Do key permutation and split into two 28-bit subkeys. - */ - k0 = key_perm_maskl[0][rawkey0 >> 25] - | key_perm_maskl[1][(rawkey0 >> 17) & 0x7f] - | key_perm_maskl[2][(rawkey0 >> 9) & 0x7f] - | key_perm_maskl[3][(rawkey0 >> 1) & 0x7f] - | key_perm_maskl[4][rawkey1 >> 25] - | key_perm_maskl[5][(rawkey1 >> 17) & 0x7f] - | key_perm_maskl[6][(rawkey1 >> 9) & 0x7f] - | key_perm_maskl[7][(rawkey1 >> 1) & 0x7f]; - k1 = key_perm_maskr[0][rawkey0 >> 25] - | key_perm_maskr[1][(rawkey0 >> 17) & 0x7f] - | key_perm_maskr[2][(rawkey0 >> 9) & 0x7f] - | key_perm_maskr[3][(rawkey0 >> 1) & 0x7f] - | key_perm_maskr[4][rawkey1 >> 25] - | key_perm_maskr[5][(rawkey1 >> 17) & 0x7f] - | key_perm_maskr[6][(rawkey1 >> 9) & 0x7f] - | key_perm_maskr[7][(rawkey1 >> 1) & 0x7f]; - /* - * Rotate subkeys and do compression permutation. - */ - shifts = 0; - for (round = 0; round < 16; round++) { - u_int32_t t0, t1; - - shifts += key_shifts[round]; - - t0 = (k0 << shifts) | (k0 >> (28 - shifts)); - t1 = (k1 << shifts) | (k1 >> (28 - shifts)); - - de_keysl[15 - round] = - en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f] - | comp_maskl[1][(t0 >> 14) & 0x7f] - | comp_maskl[2][(t0 >> 7) & 0x7f] - | comp_maskl[3][t0 & 0x7f] - | comp_maskl[4][(t1 >> 21) & 0x7f] - | comp_maskl[5][(t1 >> 14) & 0x7f] - | comp_maskl[6][(t1 >> 7) & 0x7f] - | comp_maskl[7][t1 & 0x7f]; - - de_keysr[15 - round] = - en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f] - | comp_maskr[1][(t0 >> 14) & 0x7f] - | comp_maskr[2][(t0 >> 7) & 0x7f] - | comp_maskr[3][t0 & 0x7f] - | comp_maskr[4][(t1 >> 21) & 0x7f] - | comp_maskr[5][(t1 >> 14) & 0x7f] - | comp_maskr[6][(t1 >> 7) & 0x7f] - | comp_maskr[7][t1 & 0x7f]; - } - return(0); -} - -static int -do_des(l_in, r_in, l_out, r_out, count) - u_int32_t l_in, r_in, *l_out, *r_out; - int count; -{ - /* - * l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format. - */ - u_int32_t l, r, *kl, *kr, *kl1, *kr1; - u_int32_t f, r48l, r48r; - int round; - - if (count == 0) { - return(1); - } else if (count > 0) { - /* - * Encrypting - */ - kl1 = en_keysl; - kr1 = en_keysr; - } else { - /* - * Decrypting - */ - count = -count; - kl1 = de_keysl; - kr1 = de_keysr; - } - - /* - * Do initial permutation (IP). - */ - l = ip_maskl[0][l_in >> 24] - | ip_maskl[1][(l_in >> 16) & 0xff] - | ip_maskl[2][(l_in >> 8) & 0xff] - | ip_maskl[3][l_in & 0xff] - | ip_maskl[4][r_in >> 24] - | ip_maskl[5][(r_in >> 16) & 0xff] - | ip_maskl[6][(r_in >> 8) & 0xff] - | ip_maskl[7][r_in & 0xff]; - r = ip_maskr[0][l_in >> 24] - | ip_maskr[1][(l_in >> 16) & 0xff] - | ip_maskr[2][(l_in >> 8) & 0xff] - | ip_maskr[3][l_in & 0xff] - | ip_maskr[4][r_in >> 24] - | ip_maskr[5][(r_in >> 16) & 0xff] - | ip_maskr[6][(r_in >> 8) & 0xff] - | ip_maskr[7][r_in & 0xff]; - - while (count--) { - /* - * Do each round. - */ - kl = kl1; - kr = kr1; - round = 16; - while (round--) { - /* - * Expand R to 48 bits (simulate the E-box). - */ - r48l = ((r & 0x00000001) << 23) - | ((r & 0xf8000000) >> 9) - | ((r & 0x1f800000) >> 11) - | ((r & 0x01f80000) >> 13) - | ((r & 0x001f8000) >> 15); - - r48r = ((r & 0x0001f800) << 7) - | ((r & 0x00001f80) << 5) - | ((r & 0x000001f8) << 3) - | ((r & 0x0000001f) << 1) - | ((r & 0x80000000) >> 31); - /* - * Do salting for crypt() and friends, and - * XOR with the permuted key. - */ - f = (r48l ^ r48r) & saltbits; - r48l ^= f ^ *kl++; - r48r ^= f ^ *kr++; - /* - * Do sbox lookups (which shrink it back to 32 bits) - * and do the pbox permutation at the same time. - */ - f = psbox[0][m_sbox[0][r48l >> 12]] - | psbox[1][m_sbox[1][r48l & 0xfff]] - | psbox[2][m_sbox[2][r48r >> 12]] - | psbox[3][m_sbox[3][r48r & 0xfff]]; - /* - * Now that we've permuted things, complete f(). - */ - f ^= l; - l = r; - r = f; - } - r = l; - l = f; - } - /* - * Do final permutation (inverse of IP). - */ - *l_out = fp_maskl[0][l >> 24] - | fp_maskl[1][(l >> 16) & 0xff] - | fp_maskl[2][(l >> 8) & 0xff] - | fp_maskl[3][l & 0xff] - | fp_maskl[4][r >> 24] - | fp_maskl[5][(r >> 16) & 0xff] - | fp_maskl[6][(r >> 8) & 0xff] - | fp_maskl[7][r & 0xff]; - *r_out = fp_maskr[0][l >> 24] - | fp_maskr[1][(l >> 16) & 0xff] - | fp_maskr[2][(l >> 8) & 0xff] - | fp_maskr[3][l & 0xff] - | fp_maskr[4][r >> 24] - | fp_maskr[5][(r >> 16) & 0xff] - | fp_maskr[6][(r >> 8) & 0xff] - | fp_maskr[7][r & 0xff]; - return(0); -} - -static int -des_cipher(in, out, salt, count) - const char *in; - char *out; - int32_t salt; - int count; -{ - u_int32_t l_out, r_out, rawl, rawr; - u_int32_t x[2]; - int retval; - - if (!des_initialised) - des_init(); - - setup_salt(salt); - - memcpy(x, in, sizeof x); - rawl = ntohl(x[0]); - rawr = ntohl(x[1]); - retval = do_des(rawl, rawr, &l_out, &r_out, count); - - x[0] = htonl(l_out); - x[1] = htonl(r_out); - memcpy(out, x, sizeof x); - return(retval); -} +#include char * -crypt(key, setting) - const char *key; - const char *setting; +crypt(const char *key, const char *setting) { - int i; - u_int32_t count, salt, l, r0, r1, keybuf[2]; - u_char *p, *q; - static u_char output[21]; - extern char *md5crypt(const char *, const char *); - extern char *bcrypt(const char *, const char *); - if (setting[0] == '$') { switch (setting[1]) { - case '1': - return (md5crypt(key, setting)); - default: + case '2': return bcrypt(key, setting); + default: + errno = EINVAL; + return (NULL); } } - - if (!des_initialised) - des_init(); - - /* - * Copy the key, shifting each character up by one bit - * and padding with zeros. - */ - q = (u_char *) keybuf; - while ((q - (u_char *) keybuf) < sizeof(keybuf)) { - if ((*q++ = *key << 1)) - key++; - } - if (des_setkey((u_char *) keybuf)) - return(NULL); - - if (*setting == _PASSWORD_EFMT1) { - /* - * "new"-style: - * setting - underscore, 4 bytes of count, 4 bytes of salt - * key - unlimited characters - */ - for (i = 1, count = 0; i < 5; i++) - count |= ascii_to_bin(setting[i]) << (i - 1) * 6; - - for (i = 5, salt = 0; i < 9; i++) - salt |= ascii_to_bin(setting[i]) << (i - 5) * 6; - - while (*key) { - /* - * Encrypt the key with itself. - */ - if (des_cipher((u_char*)keybuf, (u_char*)keybuf, 0, 1)) - return(NULL); - /* - * And XOR with the next 8 characters of the key. - */ - q = (u_char *) keybuf; - while (((q - (u_char *) keybuf) < sizeof(keybuf)) && - *key) - *q++ ^= *key++ << 1; - - if (des_setkey((u_char *) keybuf)) - return(NULL); - } - strlcpy((char *)output, setting, 10); - - /* - * Double check that we weren't given a short setting. - * If we were, the above code will probably have created - * weird values for count and salt, but we don't really care. - * Just make sure the output string doesn't have an extra - * NUL in it. - */ - p = output + strlen((const char *)output); - } else { - /* - * "old"-style: - * setting - 2 bytes of salt - * key - up to 8 characters - */ - count = 25; - - salt = (ascii_to_bin(setting[1]) << 6) - | ascii_to_bin(setting[0]); - - output[0] = setting[0]; - /* - * If the encrypted password that the salt was extracted from - * is only 1 character long, the salt will be corrupted. We - * need to ensure that the output string doesn't have an extra - * NUL in it! - */ - output[1] = setting[1] ? setting[1] : output[0]; - - p = output + 2; - } - setup_salt(salt); - /* - * Do it. - */ - if (do_des(0, 0, &r0, &r1, count)) - return(NULL); - /* - * Now encode the result... - */ - l = (r0 >> 8); - *p++ = ascii64[(l >> 18) & 0x3f]; - *p++ = ascii64[(l >> 12) & 0x3f]; - *p++ = ascii64[(l >> 6) & 0x3f]; - *p++ = ascii64[l & 0x3f]; - - l = (r0 << 16) | ((r1 >> 16) & 0xffff); - *p++ = ascii64[(l >> 18) & 0x3f]; - *p++ = ascii64[(l >> 12) & 0x3f]; - *p++ = ascii64[(l >> 6) & 0x3f]; - *p++ = ascii64[l & 0x3f]; - - l = r1 << 2; - *p++ = ascii64[(l >> 12) & 0x3f]; - *p++ = ascii64[(l >> 6) & 0x3f]; - *p++ = ascii64[l & 0x3f]; - *p = 0; - - return((char *)output); + errno = EINVAL; + return (NULL); } +DEF_WEAK(crypt); diff --git a/src/lib/libc/crypt/crypt_checkpass.3 b/src/lib/libc/crypt/crypt_checkpass.3 new file mode 100644 index 00000000000..15642156b60 --- /dev/null +++ b/src/lib/libc/crypt/crypt_checkpass.3 @@ -0,0 +1,112 @@ +.\" $OpenBSD: crypt_checkpass.3,v 1.11 2017/07/22 06:39:54 jmc Exp $ +.\" +.\" Copyright (c) 2014 Ted Unangst +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: July 22 2017 $ +.Dt CRYPT_CHECKPASS 3 +.Os +.Sh NAME +.Nm crypt_checkpass , +.Nm crypt_newhash +.Nd password hashing +.Sh SYNOPSIS +.In unistd.h +.Ft int +.Fn crypt_checkpass "const char *password" "const char *hash" +.Ft int +.Fn crypt_newhash "const char *password" "const char *pref" "char *hash" "size_t hashsize" +.Sh DESCRIPTION +The +.Fn crypt_checkpass +function simplifies checking a user's password. +If both the +.Fa hash +and the +.Fa password +are the empty string, authentication +is a success. +Otherwise, the +.Fa password +is hashed and compared to the provided +.Fa hash . +If the +.Fa hash +is +.Dv NULL , +authentication will always fail, but a default +amount of work is performed to simulate the hashing operation. +A successful match will return 0. +A failure will return \-1 and set +.Xr errno 2 . +.Pp +The +.Fn crypt_newhash +function simplifies the creation of new password hashes. +The provided +.Fa password +is randomly salted and hashed and stored in +.Fa hash . +The size of the available space is specified by +.Fa hashsize , +which should be +.Dv _PASSWORD_LEN . +The +.Fa pref +argument identifies the preferred hashing algorithm and parameters. +Possible values are: +.Bl -tag -width Ds +.It Dq bcrypt, +The bcrypt algorithm, where the value of rounds can be between 4 and 31 and +specifies the base 2 logarithm of the number of rounds. +If rounds is omitted or the special value +.Sq a , +an appropriate number of rounds is automatically selected based on system +performance. +.El +.Sh RETURN VALUES +.Rv -std crypt_checkpass crypt_newhash +.Sh ERRORS +The +.Fn crypt_checkpass +function sets +.Va errno +to +.Er EACCESS +when authentication fails. +.Pp +The +.Fn crypt_newhash +function sets +.Va errno +to +.Er EINVAL +if +.Fa pref +is unsupported or insufficient space is provided. +.Sh SEE ALSO +.Xr crypt 3 , +.Xr login.conf 5 , +.Xr passwd 5 +.Sh HISTORY +The function +.Fn crypt_checkpass +first appeared in +.Ox 5.6 , +and +.Fn crypt_newhash +in +.Ox 5.7 . +.Sh AUTHORS +.An Ted Unangst Aq Mt tedu@openbsd.org diff --git a/src/lib/libc/crypt/cryptutil.c b/src/lib/libc/crypt/cryptutil.c new file mode 100644 index 00000000000..f48ba1af2c2 --- /dev/null +++ b/src/lib/libc/crypt/cryptutil.c @@ -0,0 +1,97 @@ +/* $OpenBSD: cryptutil.c,v 1.12 2015/09/13 15:33:48 guenther Exp $ */ +/* + * Copyright (c) 2014 Ted Unangst + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ +#include +#include +#include +#include +#include +#include + +int +crypt_checkpass(const char *pass, const char *goodhash) +{ + char dummy[_PASSWORD_LEN]; + + if (goodhash == NULL) { + /* fake it */ + goto fake; + } + + /* empty password */ + if (strlen(goodhash) == 0 && strlen(pass) == 0) + return 0; + + if (goodhash[0] == '$' && goodhash[1] == '2') { + if (bcrypt_checkpass(pass, goodhash)) + goto fail; + return 0; + } + + /* unsupported. fake it. */ +fake: + bcrypt_newhash(pass, 8, dummy, sizeof(dummy)); +fail: + errno = EACCES; + return -1; +} +DEF_WEAK(crypt_checkpass); + +int +crypt_newhash(const char *pass, const char *pref, char *hash, size_t hashlen) +{ + int rv = -1; + const char *defaultpref = "blowfish,8"; + const char *errstr; + const char *choices[] = { "blowfish", "bcrypt" }; + size_t maxchoice = sizeof(choices) / sizeof(choices[0]); + int i; + int rounds; + + if (pref == NULL) + pref = defaultpref; + + for (i = 0; i < maxchoice; i++) { + const char *choice = choices[i]; + size_t len = strlen(choice); + if (strcmp(pref, choice) == 0) { + rounds = _bcrypt_autorounds(); + break; + } else if (strncmp(pref, choice, len) == 0 && + pref[len] == ',') { + if (strcmp(pref + len + 1, "a") == 0) { + rounds = _bcrypt_autorounds(); + } else { + rounds = strtonum(pref + len + 1, 4, 31, &errstr); + if (errstr) { + errno = EINVAL; + goto err; + } + } + break; + } + } + if (i == maxchoice) { + errno = EINVAL; + goto err; + } + + rv = bcrypt_newhash(pass, rounds, hash, hashlen); + +err: + return rv; +} +DEF_WEAK(crypt_newhash); diff --git a/src/lib/libc/crypt/md5crypt.c b/src/lib/libc/crypt/md5crypt.c deleted file mode 100644 index 56ab66fbb59..00000000000 --- a/src/lib/libc/crypt/md5crypt.c +++ /dev/null @@ -1,157 +0,0 @@ -/* $OpenBSD: md5crypt.c,v 1.10 2002/02/16 21:27:22 millert Exp $ */ - -/* - * ---------------------------------------------------------------------------- - * "THE BEER-WARE LICENSE" (Revision 42): - * wrote this file. As long as you retain this notice you - * can do whatever you want with this stuff. If we meet some day, and you think - * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp - * ---------------------------------------------------------------------------- - * - * $FreeBSD: crypt.c,v 1.5 1996/10/14 08:34:02 phk Exp $ - * - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$OpenBSD: md5crypt.c,v 1.10 2002/02/16 21:27:22 millert Exp $"; -#endif /* LIBC_SCCS and not lint */ - -#include -#include -#include -#include -#include - -static unsigned char itoa64[] = /* 0 ... 63 => ascii - 64 */ - "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; - -static void to64(char *, u_int32_t, int); - -static void -to64(s, v, n) - char *s; - u_int32_t v; - int n; -{ - while (--n >= 0) { - *s++ = itoa64[v&0x3f]; - v >>= 6; - } -} - -/* - * UNIX password - * - * Use MD5 for what it is best at... - */ - -char * -md5crypt(pw, salt) - register const char *pw; - register const char *salt; -{ - /* - * This string is magic for this algorithm. Having - * it this way, we can get get better later on - */ - static unsigned char *magic = (unsigned char *)"$1$"; - - static char passwd[120], *p; - static const unsigned char *sp,*ep; - unsigned char final[16]; - int sl,pl,i; - MD5_CTX ctx,ctx1; - u_int32_t l; - - /* Refine the Salt first */ - sp = (const unsigned char *)salt; - - /* If it starts with the magic string, then skip that */ - if(!strncmp((const char *)sp,(const char *)magic,strlen((const char *)magic))) - sp += strlen((const char *)magic); - - /* It stops at the first '$', max 8 chars */ - for(ep=sp;*ep && *ep != '$' && ep < (sp+8);ep++) - continue; - - /* get the length of the true salt */ - sl = ep - sp; - - MD5Init(&ctx); - - /* The password first, since that is what is most unknown */ - MD5Update(&ctx,(const unsigned char *)pw,strlen(pw)); - - /* Then our magic string */ - MD5Update(&ctx,magic,strlen((const char *)magic)); - - /* Then the raw salt */ - MD5Update(&ctx,sp,sl); - - /* Then just as many characters of the MD5(pw,salt,pw) */ - MD5Init(&ctx1); - MD5Update(&ctx1,(const unsigned char *)pw,strlen(pw)); - MD5Update(&ctx1,sp,sl); - MD5Update(&ctx1,(const unsigned char *)pw,strlen(pw)); - MD5Final(final,&ctx1); - for(pl = strlen(pw); pl > 0; pl -= 16) - MD5Update(&ctx,final,pl>16 ? 16 : pl); - - /* Don't leave anything around in vm they could use. */ - memset(final,0,sizeof final); - - /* Then something really weird... */ - for (i = strlen(pw); i ; i >>= 1) - if(i&1) - MD5Update(&ctx, final, 1); - else - MD5Update(&ctx, (const unsigned char *)pw, 1); - - /* Now make the output string */ - strcpy(passwd,(const char *)magic); - strncat(passwd,(const char *)sp,sl); - strcat(passwd,"$"); - - MD5Final(final,&ctx); - - /* - * and now, just to make sure things don't run too fast - * On a 60 Mhz Pentium this takes 34 msec, so you would - * need 30 seconds to build a 1000 entry dictionary... - */ - for(i=0;i<1000;i++) { - MD5Init(&ctx1); - if(i & 1) - MD5Update(&ctx1,(const unsigned char *)pw,strlen(pw)); - else - MD5Update(&ctx1,final,16); - - if(i % 3) - MD5Update(&ctx1,sp,sl); - - if(i % 7) - MD5Update(&ctx1,(const unsigned char *)pw,strlen(pw)); - - if(i & 1) - MD5Update(&ctx1,final,16); - else - MD5Update(&ctx1,(const unsigned char *)pw,strlen(pw)); - MD5Final(final,&ctx1); - } - - p = passwd + strlen(passwd); - - l = (final[ 0]<<16) | (final[ 6]<<8) | final[12]; to64(p,l,4); p += 4; - l = (final[ 1]<<16) | (final[ 7]<<8) | final[13]; to64(p,l,4); p += 4; - l = (final[ 2]<<16) | (final[ 8]<<8) | final[14]; to64(p,l,4); p += 4; - l = (final[ 3]<<16) | (final[ 9]<<8) | final[15]; to64(p,l,4); p += 4; - l = (final[ 4]<<16) | (final[10]<<8) | final[ 5]; to64(p,l,4); p += 4; - l = final[11] ; to64(p,l,2); p += 2; - *p = '\0'; - - /* Don't leave anything around in vm they could use. */ - memset(final,0,sizeof final); - - return passwd; -} - diff --git a/src/lib/libc/crypt/morecrypt.c b/src/lib/libc/crypt/morecrypt.c deleted file mode 100644 index e9e0ced4c14..00000000000 --- a/src/lib/libc/crypt/morecrypt.c +++ /dev/null @@ -1,628 +0,0 @@ -/* $OpenBSD: morecrypt.c,v 1.9 1998/03/22 19:01:20 niklas Exp $ */ - -/* - * FreeSec: libcrypt - * - * Copyright (c) 1994 David Burren - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 4. Neither the name of the author nor the names of other contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * - * This is an original implementation of the DES and the crypt(3) interfaces - * by David Burren . - * - * An excellent reference on the underlying algorithm (and related - * algorithms) is: - * - * B. Schneier, Applied Cryptography: protocols, algorithms, - * and source code in C, John Wiley & Sons, 1994. - * - * Note that in that book's description of DES the lookups for the initial, - * pbox, and final permutations are inverted (this has been brought to the - * attention of the author). A list of errata for this book has been - * posted to the sci.crypt newsgroup by the author and is available for FTP. - * - * NOTE: - * This file must copy certain chunks of crypt.c for legal reasons. - * crypt.c can only export the interface crypt(), to make binaries - * exportable from the USA. Hence, to also have the other crypto interfaces - * available we have to copy pieces... - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$OpenBSD: morecrypt.c,v 1.9 1998/03/22 19:01:20 niklas Exp $"; -#endif /* LIBC_SCCS and not lint */ - -#include -#include -#include -#include - -#ifdef DEBUG -# include -#endif - -static u_char IP[64] = { - 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4, - 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8, - 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3, - 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7 -}; - -static u_char inv_key_perm[64]; -static u_char u_key_perm[56]; -static u_char key_perm[56] = { - 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18, - 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36, - 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22, - 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4 -}; - -static u_char key_shifts[16] = { - 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1 -}; - -static u_char inv_comp_perm[56]; -static u_char comp_perm[48] = { - 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10, - 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2, - 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48, - 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32 -}; - -/* - * No E box is used, as it's replaced by some ANDs, shifts, and ORs. - */ - -static u_char u_sbox[8][64]; -static u_char sbox[8][64] = { - { - 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7, - 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8, - 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0, - 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13 - }, - { - 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10, - 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5, - 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15, - 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9 - }, - { - 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8, - 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1, - 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7, - 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12 - }, - { - 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15, - 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9, - 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4, - 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14 - }, - { - 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9, - 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6, - 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14, - 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3 - }, - { - 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11, - 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8, - 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6, - 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13 - }, - { - 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1, - 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6, - 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2, - 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12 - }, - { - 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7, - 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2, - 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8, - 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11 - } -}; - -static u_char un_pbox[32]; -static u_char pbox[32] = { - 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10, - 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25 -}; - -static u_int32_t bits32[32] = -{ - 0x80000000, 0x40000000, 0x20000000, 0x10000000, - 0x08000000, 0x04000000, 0x02000000, 0x01000000, - 0x00800000, 0x00400000, 0x00200000, 0x00100000, - 0x00080000, 0x00040000, 0x00020000, 0x00010000, - 0x00008000, 0x00004000, 0x00002000, 0x00001000, - 0x00000800, 0x00000400, 0x00000200, 0x00000100, - 0x00000080, 0x00000040, 0x00000020, 0x00000010, - 0x00000008, 0x00000004, 0x00000002, 0x00000001 -}; - -static u_char bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 }; - -static u_int32_t saltbits; -static int32_t old_salt; -static u_int32_t *bits28, *bits24; -static u_char init_perm[64], final_perm[64]; -static u_int32_t en_keysl[16], en_keysr[16]; -static u_int32_t de_keysl[16], de_keysr[16]; -static int des_initialised = 0; -static u_char m_sbox[4][4096]; -static u_int32_t psbox[4][256]; -static u_int32_t ip_maskl[8][256], ip_maskr[8][256]; -static u_int32_t fp_maskl[8][256], fp_maskr[8][256]; -static u_int32_t key_perm_maskl[8][128], key_perm_maskr[8][128]; -static u_int32_t comp_maskl[8][128], comp_maskr[8][128]; -static u_int32_t old_rawkey0, old_rawkey1; - -static __inline int -ascii_to_bin(ch) - char ch; -{ - if (ch > 'z') - return(0); - if (ch >= 'a') - return(ch - 'a' + 38); - if (ch > 'Z') - return(0); - if (ch >= 'A') - return(ch - 'A' + 12); - if (ch > '9') - return(0); - if (ch >= '.') - return(ch - '.'); - return(0); -} - -void -des_init() -{ - int i, j, b, k, inbit, obit; - u_int32_t *p, *il, *ir, *fl, *fr; - - old_rawkey0 = old_rawkey1 = 0; - saltbits = 0; - old_salt = 0; - bits24 = (bits28 = bits32 + 4) + 4; - - /* - * Invert the S-boxes, reordering the input bits. - */ - for (i = 0; i < 8; i++) - for (j = 0; j < 64; j++) { - b = (j & 0x20) | ((j & 1) << 4) | ((j >> 1) & 0xf); - u_sbox[i][j] = sbox[i][b]; - } - - /* - * Convert the inverted S-boxes into 4 arrays of 8 bits. - * Each will handle 12 bits of the S-box input. - */ - for (b = 0; b < 4; b++) - for (i = 0; i < 64; i++) - for (j = 0; j < 64; j++) - m_sbox[b][(i << 6) | j] = - (u_sbox[(b << 1)][i] << 4) | - u_sbox[(b << 1) + 1][j]; - - /* - * Set up the initial & final permutations into a useful form, and - * initialise the inverted key permutation. - */ - for (i = 0; i < 64; i++) { - init_perm[final_perm[i] = IP[i] - 1] = i; - inv_key_perm[i] = 255; - } - - /* - * Invert the key permutation and initialise the inverted key - * compression permutation. - */ - for (i = 0; i < 56; i++) { - u_key_perm[i] = key_perm[i] - 1; - inv_key_perm[key_perm[i] - 1] = i; - inv_comp_perm[i] = 255; - } - - /* - * Invert the key compression permutation. - */ - for (i = 0; i < 48; i++) { - inv_comp_perm[comp_perm[i] - 1] = i; - } - - /* - * Set up the OR-mask arrays for the initial and final permutations, - * and for the key initial and compression permutations. - */ - for (k = 0; k < 8; k++) { - for (i = 0; i < 256; i++) { - *(il = &ip_maskl[k][i]) = 0; - *(ir = &ip_maskr[k][i]) = 0; - *(fl = &fp_maskl[k][i]) = 0; - *(fr = &fp_maskr[k][i]) = 0; - for (j = 0; j < 8; j++) { - inbit = 8 * k + j; - if (i & bits8[j]) { - if ((obit = init_perm[inbit]) < 32) - *il |= bits32[obit]; - else - *ir |= bits32[obit-32]; - if ((obit = final_perm[inbit]) < 32) - *fl |= bits32[obit]; - else - *fr |= bits32[obit - 32]; - } - } - } - for (i = 0; i < 128; i++) { - *(il = &key_perm_maskl[k][i]) = 0; - *(ir = &key_perm_maskr[k][i]) = 0; - for (j = 0; j < 7; j++) { - inbit = 8 * k + j; - if (i & bits8[j + 1]) { - if ((obit = inv_key_perm[inbit]) == 255) - continue; - if (obit < 28) - *il |= bits28[obit]; - else - *ir |= bits28[obit - 28]; - } - } - *(il = &comp_maskl[k][i]) = 0; - *(ir = &comp_maskr[k][i]) = 0; - for (j = 0; j < 7; j++) { - inbit = 7 * k + j; - if (i & bits8[j + 1]) { - if ((obit=inv_comp_perm[inbit]) == 255) - continue; - if (obit < 24) - *il |= bits24[obit]; - else - *ir |= bits24[obit - 24]; - } - } - } - } - - /* - * Invert the P-box permutation, and convert into OR-masks for - * handling the output of the S-box arrays setup above. - */ - for (i = 0; i < 32; i++) - un_pbox[pbox[i] - 1] = i; - - for (b = 0; b < 4; b++) - for (i = 0; i < 256; i++) { - *(p = &psbox[b][i]) = 0; - for (j = 0; j < 8; j++) { - if (i & bits8[j]) - *p |= bits32[un_pbox[8 * b + j]]; - } - } - - des_initialised = 1; -} - -void -setup_salt(salt) - int32_t salt; -{ - u_int32_t obit, saltbit; - int i; - - if (salt == old_salt) - return; - old_salt = salt; - - saltbits = 0; - saltbit = 1; - obit = 0x800000; - for (i = 0; i < 24; i++) { - if (salt & saltbit) - saltbits |= obit; - saltbit <<= 1; - obit >>= 1; - } -} - -int -do_des(l_in, r_in, l_out, r_out, count) - u_int32_t l_in, r_in, *l_out, *r_out; - int count; -{ - /* - * l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format. - */ - u_int32_t l, r, *kl, *kr, *kl1, *kr1; - u_int32_t f, r48l, r48r; - int round; - - if (count == 0) { - return(1); - } else if (count > 0) { - /* - * Encrypting - */ - kl1 = en_keysl; - kr1 = en_keysr; - } else { - /* - * Decrypting - */ - count = -count; - kl1 = de_keysl; - kr1 = de_keysr; - } - - /* - * Do initial permutation (IP). - */ - l = ip_maskl[0][l_in >> 24] - | ip_maskl[1][(l_in >> 16) & 0xff] - | ip_maskl[2][(l_in >> 8) & 0xff] - | ip_maskl[3][l_in & 0xff] - | ip_maskl[4][r_in >> 24] - | ip_maskl[5][(r_in >> 16) & 0xff] - | ip_maskl[6][(r_in >> 8) & 0xff] - | ip_maskl[7][r_in & 0xff]; - r = ip_maskr[0][l_in >> 24] - | ip_maskr[1][(l_in >> 16) & 0xff] - | ip_maskr[2][(l_in >> 8) & 0xff] - | ip_maskr[3][l_in & 0xff] - | ip_maskr[4][r_in >> 24] - | ip_maskr[5][(r_in >> 16) & 0xff] - | ip_maskr[6][(r_in >> 8) & 0xff] - | ip_maskr[7][r_in & 0xff]; - - while (count--) { - /* - * Do each round. - */ - kl = kl1; - kr = kr1; - round = 16; - while (round--) { - /* - * Expand R to 48 bits (simulate the E-box). - */ - r48l = ((r & 0x00000001) << 23) - | ((r & 0xf8000000) >> 9) - | ((r & 0x1f800000) >> 11) - | ((r & 0x01f80000) >> 13) - | ((r & 0x001f8000) >> 15); - - r48r = ((r & 0x0001f800) << 7) - | ((r & 0x00001f80) << 5) - | ((r & 0x000001f8) << 3) - | ((r & 0x0000001f) << 1) - | ((r & 0x80000000) >> 31); - /* - * Do salting for crypt() and friends, and - * XOR with the permuted key. - */ - f = (r48l ^ r48r) & saltbits; - r48l ^= f ^ *kl++; - r48r ^= f ^ *kr++; - /* - * Do sbox lookups (which shrink it back to 32 bits) - * and do the pbox permutation at the same time. - */ - f = psbox[0][m_sbox[0][r48l >> 12]] - | psbox[1][m_sbox[1][r48l & 0xfff]] - | psbox[2][m_sbox[2][r48r >> 12]] - | psbox[3][m_sbox[3][r48r & 0xfff]]; - /* - * Now that we've permuted things, complete f(). - */ - f ^= l; - l = r; - r = f; - } - r = l; - l = f; - } - /* - * Do final permutation (inverse of IP). - */ - *l_out = fp_maskl[0][l >> 24] - | fp_maskl[1][(l >> 16) & 0xff] - | fp_maskl[2][(l >> 8) & 0xff] - | fp_maskl[3][l & 0xff] - | fp_maskl[4][r >> 24] - | fp_maskl[5][(r >> 16) & 0xff] - | fp_maskl[6][(r >> 8) & 0xff] - | fp_maskl[7][r & 0xff]; - *r_out = fp_maskr[0][l >> 24] - | fp_maskr[1][(l >> 16) & 0xff] - | fp_maskr[2][(l >> 8) & 0xff] - | fp_maskr[3][l & 0xff] - | fp_maskr[4][r >> 24] - | fp_maskr[5][(r >> 16) & 0xff] - | fp_maskr[6][(r >> 8) & 0xff] - | fp_maskr[7][r & 0xff]; - return(0); -} - -int -des_cipher(in, out, salt, count) - const char *in; - char *out; - long salt; - int count; -{ - u_int32_t l_out, r_out, rawl, rawr; - u_int32_t x[2]; - int retval; - - if (!des_initialised) - des_init(); - - setup_salt((int32_t)salt); - - memcpy(x, in, sizeof x); - rawl = ntohl(x[0]); - rawr = ntohl(x[1]); - retval = do_des(rawl, rawr, &l_out, &r_out, count); - - x[0] = htonl(l_out); - x[1] = htonl(r_out); - memcpy(out, x, sizeof x); - return(retval); -} - -int -des_setkey(key) - const char *key; -{ - u_int32_t k0, k1, rawkey0, rawkey1; - int shifts, round; - - if (!des_initialised) - des_init(); - - rawkey0 = ntohl(*(u_int32_t *) key); - rawkey1 = ntohl(*(u_int32_t *) (key + 4)); - - if ((rawkey0 | rawkey1) - && rawkey0 == old_rawkey0 - && rawkey1 == old_rawkey1) { - /* - * Already setup for this key. - * This optimisation fails on a zero key (which is weak and - * has bad parity anyway) in order to simplify the starting - * conditions. - */ - return(0); - } - old_rawkey0 = rawkey0; - old_rawkey1 = rawkey1; - - /* - * Do key permutation and split into two 28-bit subkeys. - */ - k0 = key_perm_maskl[0][rawkey0 >> 25] - | key_perm_maskl[1][(rawkey0 >> 17) & 0x7f] - | key_perm_maskl[2][(rawkey0 >> 9) & 0x7f] - | key_perm_maskl[3][(rawkey0 >> 1) & 0x7f] - | key_perm_maskl[4][rawkey1 >> 25] - | key_perm_maskl[5][(rawkey1 >> 17) & 0x7f] - | key_perm_maskl[6][(rawkey1 >> 9) & 0x7f] - | key_perm_maskl[7][(rawkey1 >> 1) & 0x7f]; - k1 = key_perm_maskr[0][rawkey0 >> 25] - | key_perm_maskr[1][(rawkey0 >> 17) & 0x7f] - | key_perm_maskr[2][(rawkey0 >> 9) & 0x7f] - | key_perm_maskr[3][(rawkey0 >> 1) & 0x7f] - | key_perm_maskr[4][rawkey1 >> 25] - | key_perm_maskr[5][(rawkey1 >> 17) & 0x7f] - | key_perm_maskr[6][(rawkey1 >> 9) & 0x7f] - | key_perm_maskr[7][(rawkey1 >> 1) & 0x7f]; - /* - * Rotate subkeys and do compression permutation. - */ - shifts = 0; - for (round = 0; round < 16; round++) { - u_int32_t t0, t1; - - shifts += key_shifts[round]; - - t0 = (k0 << shifts) | (k0 >> (28 - shifts)); - t1 = (k1 << shifts) | (k1 >> (28 - shifts)); - - de_keysl[15 - round] = - en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f] - | comp_maskl[1][(t0 >> 14) & 0x7f] - | comp_maskl[2][(t0 >> 7) & 0x7f] - | comp_maskl[3][t0 & 0x7f] - | comp_maskl[4][(t1 >> 21) & 0x7f] - | comp_maskl[5][(t1 >> 14) & 0x7f] - | comp_maskl[6][(t1 >> 7) & 0x7f] - | comp_maskl[7][t1 & 0x7f]; - - de_keysr[15 - round] = - en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f] - | comp_maskr[1][(t0 >> 14) & 0x7f] - | comp_maskr[2][(t0 >> 7) & 0x7f] - | comp_maskr[3][t0 & 0x7f] - | comp_maskr[4][(t1 >> 21) & 0x7f] - | comp_maskr[5][(t1 >> 14) & 0x7f] - | comp_maskr[6][(t1 >> 7) & 0x7f] - | comp_maskr[7][t1 & 0x7f]; - } - return(0); -} - -int -setkey(key) - const char *key; -{ - int i, j; - u_int32_t packed_keys[2]; - u_char *p; - - p = (u_char *) packed_keys; - - for (i = 0; i < 8; i++) { - p[i] = 0; - for (j = 0; j < 8; j++) - if (*key++ & 1) - p[i] |= bits8[j]; - } - return(des_setkey(p)); -} - -int -encrypt(block, flag) - char *block; - int flag; -{ - u_int32_t io[2]; - u_char *p; - int i, j, retval; - - if (!des_initialised) - des_init(); - - setup_salt((int32_t)0); - p = (u_char *)block; - for (i = 0; i < 2; i++) { - io[i] = 0L; - for (j = 0; j < 32; j++) - if (*p++ & 1) - io[i] |= bits32[j]; - } - retval = do_des(io[0], io[1], io, io + 1, flag ? -1 : 1); - for (i = 0; i < 2; i++) - for (j = 0; j < 32; j++) - block[(i << 5) | j] = (io[i] & bits32[j]) ? 1 : 0; - return(retval); -} diff --git a/src/lib/libc/crypt/skipjack.c b/src/lib/libc/crypt/skipjack.c deleted file mode 100644 index e700f40c39c..00000000000 --- a/src/lib/libc/crypt/skipjack.c +++ /dev/null @@ -1,258 +0,0 @@ -/* - * Further optimized test implementation of SKIPJACK algorithm - * Mark Tillotson , 25 June 98 - * Optimizations suit RISC (lots of registers) machine best. - * - * based on unoptimized implementation of - * Panu Rissanen 960624 - * - * SKIPJACK and KEA Algorithm Specifications - * Version 2.0 - * 29 May 1998 -*/ - -#include -#include -#include - -static const u_int8_t ftable[0x100] = -{ - 0xa3, 0xd7, 0x09, 0x83, 0xf8, 0x48, 0xf6, 0xf4, - 0xb3, 0x21, 0x15, 0x78, 0x99, 0xb1, 0xaf, 0xf9, - 0xe7, 0x2d, 0x4d, 0x8a, 0xce, 0x4c, 0xca, 0x2e, - 0x52, 0x95, 0xd9, 0x1e, 0x4e, 0x38, 0x44, 0x28, - 0x0a, 0xdf, 0x02, 0xa0, 0x17, 0xf1, 0x60, 0x68, - 0x12, 0xb7, 0x7a, 0xc3, 0xe9, 0xfa, 0x3d, 0x53, - 0x96, 0x84, 0x6b, 0xba, 0xf2, 0x63, 0x9a, 0x19, - 0x7c, 0xae, 0xe5, 0xf5, 0xf7, 0x16, 0x6a, 0xa2, - 0x39, 0xb6, 0x7b, 0x0f, 0xc1, 0x93, 0x81, 0x1b, - 0xee, 0xb4, 0x1a, 0xea, 0xd0, 0x91, 0x2f, 0xb8, - 0x55, 0xb9, 0xda, 0x85, 0x3f, 0x41, 0xbf, 0xe0, - 0x5a, 0x58, 0x80, 0x5f, 0x66, 0x0b, 0xd8, 0x90, - 0x35, 0xd5, 0xc0, 0xa7, 0x33, 0x06, 0x65, 0x69, - 0x45, 0x00, 0x94, 0x56, 0x6d, 0x98, 0x9b, 0x76, - 0x97, 0xfc, 0xb2, 0xc2, 0xb0, 0xfe, 0xdb, 0x20, - 0xe1, 0xeb, 0xd6, 0xe4, 0xdd, 0x47, 0x4a, 0x1d, - 0x42, 0xed, 0x9e, 0x6e, 0x49, 0x3c, 0xcd, 0x43, - 0x27, 0xd2, 0x07, 0xd4, 0xde, 0xc7, 0x67, 0x18, - 0x89, 0xcb, 0x30, 0x1f, 0x8d, 0xc6, 0x8f, 0xaa, - 0xc8, 0x74, 0xdc, 0xc9, 0x5d, 0x5c, 0x31, 0xa4, - 0x70, 0x88, 0x61, 0x2c, 0x9f, 0x0d, 0x2b, 0x87, - 0x50, 0x82, 0x54, 0x64, 0x26, 0x7d, 0x03, 0x40, - 0x34, 0x4b, 0x1c, 0x73, 0xd1, 0xc4, 0xfd, 0x3b, - 0xcc, 0xfb, 0x7f, 0xab, 0xe6, 0x3e, 0x5b, 0xa5, - 0xad, 0x04, 0x23, 0x9c, 0x14, 0x51, 0x22, 0xf0, - 0x29, 0x79, 0x71, 0x7e, 0xff, 0x8c, 0x0e, 0xe2, - 0x0c, 0xef, 0xbc, 0x72, 0x75, 0x6f, 0x37, 0xa1, - 0xec, 0xd3, 0x8e, 0x62, 0x8b, 0x86, 0x10, 0xe8, - 0x08, 0x77, 0x11, 0xbe, 0x92, 0x4f, 0x24, 0xc5, - 0x32, 0x36, 0x9d, 0xcf, 0xf3, 0xa6, 0xbb, 0xac, - 0x5e, 0x6c, 0xa9, 0x13, 0x57, 0x25, 0xb5, 0xe3, - 0xbd, 0xa8, 0x3a, 0x01, 0x05, 0x59, 0x2a, 0x46 -}; - -/* - * For each key byte generate a table to represent the function - * ftable [in ^ keybyte] - * - * These tables used to save an XOR in each stage of the G-function - * the tables are hopefully pointed to by register allocated variables - * k0, k1..k9 - */ -void -subkey_table_gen (u_int8_t *key, u_int8_t **key_tables) -{ - int i, k; - - for (k = 0; k < 10; k++) { - u_int8_t key_byte = key[k]; - u_int8_t * table = (u_int8_t *) malloc(0x100); - /* XXX */ - - key_tables[k] = table; - for (i = 0; i < 0x100; i++) - table[i] = ftable[i ^ key_byte]; - } -} - - -#define g(k0, k1, k2, k3, ih, il, oh, ol) \ -{ \ - oh = k##k0 [il] ^ ih; \ - ol = k##k1 [oh] ^ il; \ - oh = k##k2 [ol] ^ oh; \ - ol = k##k3 [oh] ^ ol; \ -} - -#define g0(ih, il, oh, ol) g(0, 1, 2, 3, ih, il, oh, ol) -#define g4(ih, il, oh, ol) g(4, 5, 6, 7, ih, il, oh, ol) -#define g8(ih, il, oh, ol) g(8, 9, 0, 1, ih, il, oh, ol) -#define g2(ih, il, oh, ol) g(2, 3, 4, 5, ih, il, oh, ol) -#define g6(ih, il, oh, ol) g(6, 7, 8, 9, ih, il, oh, ol) - - -#define g_inv(k0, k1, k2, k3, ih, il, oh, ol) \ -{ \ - ol = k##k3 [ih] ^ il; \ - oh = k##k2 [ol] ^ ih; \ - ol = k##k1 [oh] ^ ol; \ - oh = k##k0 [ol] ^ oh; \ -} - - -#define g0_inv(ih, il, oh, ol) g_inv(0, 1, 2, 3, ih, il, oh, ol) -#define g4_inv(ih, il, oh, ol) g_inv(4, 5, 6, 7, ih, il, oh, ol) -#define g8_inv(ih, il, oh, ol) g_inv(8, 9, 0, 1, ih, il, oh, ol) -#define g2_inv(ih, il, oh, ol) g_inv(2, 3, 4, 5, ih, il, oh, ol) -#define g6_inv(ih, il, oh, ol) g_inv(6, 7, 8, 9, ih, il, oh, ol) - -/* optimized version of Skipjack algorithm - * - * the appropriate g-function is inlined for each round - * - * the data movement is minimized by rotating the names of the - * variables w1..w4, not their contents (saves 3 moves per round) - * - * the loops are completely unrolled (needed to staticize choice of g) - * - * compiles to about 470 instructions on a Sparc (gcc -O) - * which is about 58 instructions per byte, 14 per round. - * gcc seems to leave in some unnecessary and with 0xFF operations - * but only in the latter part of the functions. Perhaps it - * runs out of resources to properly optimize long inlined function? - * in theory should get about 11 instructions per round, not 14 - */ - -void -skipjack_forwards(u_int8_t *plain, u_int8_t *cipher, u_int8_t **key_tables) -{ - u_int8_t wh1 = plain[0]; u_int8_t wl1 = plain[1]; - u_int8_t wh2 = plain[2]; u_int8_t wl2 = plain[3]; - u_int8_t wh3 = plain[4]; u_int8_t wl3 = plain[5]; - u_int8_t wh4 = plain[6]; u_int8_t wl4 = plain[7]; - - u_int8_t * k0 = key_tables [0]; - u_int8_t * k1 = key_tables [1]; - u_int8_t * k2 = key_tables [2]; - u_int8_t * k3 = key_tables [3]; - u_int8_t * k4 = key_tables [4]; - u_int8_t * k5 = key_tables [5]; - u_int8_t * k6 = key_tables [6]; - u_int8_t * k7 = key_tables [7]; - u_int8_t * k8 = key_tables [8]; - u_int8_t * k9 = key_tables [9]; - - /* first 8 rounds */ - g0 (wh1,wl1, wh1,wl1); wl4 ^= wl1 ^ 1; wh4 ^= wh1; - g4 (wh4,wl4, wh4,wl4); wl3 ^= wl4 ^ 2; wh3 ^= wh4; - g8 (wh3,wl3, wh3,wl3); wl2 ^= wl3 ^ 3; wh2 ^= wh3; - g2 (wh2,wl2, wh2,wl2); wl1 ^= wl2 ^ 4; wh1 ^= wh2; - g6 (wh1,wl1, wh1,wl1); wl4 ^= wl1 ^ 5; wh4 ^= wh1; - g0 (wh4,wl4, wh4,wl4); wl3 ^= wl4 ^ 6; wh3 ^= wh4; - g4 (wh3,wl3, wh3,wl3); wl2 ^= wl3 ^ 7; wh2 ^= wh3; - g8 (wh2,wl2, wh2,wl2); wl1 ^= wl2 ^ 8; wh1 ^= wh2; - - /* second 8 rounds */ - wh2 ^= wh1; wl2 ^= wl1 ^ 9 ; g2 (wh1,wl1, wh1,wl1); - wh1 ^= wh4; wl1 ^= wl4 ^ 10; g6 (wh4,wl4, wh4,wl4); - wh4 ^= wh3; wl4 ^= wl3 ^ 11; g0 (wh3,wl3, wh3,wl3); - wh3 ^= wh2; wl3 ^= wl2 ^ 12; g4 (wh2,wl2, wh2,wl2); - wh2 ^= wh1; wl2 ^= wl1 ^ 13; g8 (wh1,wl1, wh1,wl1); - wh1 ^= wh4; wl1 ^= wl4 ^ 14; g2 (wh4,wl4, wh4,wl4); - wh4 ^= wh3; wl4 ^= wl3 ^ 15; g6 (wh3,wl3, wh3,wl3); - wh3 ^= wh2; wl3 ^= wl2 ^ 16; g0 (wh2,wl2, wh2,wl2); - - /* third 8 rounds */ - g4 (wh1,wl1, wh1,wl1); wl4 ^= wl1 ^ 17; wh4 ^= wh1; - g8 (wh4,wl4, wh4,wl4); wl3 ^= wl4 ^ 18; wh3 ^= wh4; - g2 (wh3,wl3, wh3,wl3); wl2 ^= wl3 ^ 19; wh2 ^= wh3; - g6 (wh2,wl2, wh2,wl2); wl1 ^= wl2 ^ 20; wh1 ^= wh2; - g0 (wh1,wl1, wh1,wl1); wl4 ^= wl1 ^ 21; wh4 ^= wh1; - g4 (wh4,wl4, wh4,wl4); wl3 ^= wl4 ^ 22; wh3 ^= wh4; - g8 (wh3,wl3, wh3,wl3); wl2 ^= wl3 ^ 23; wh2 ^= wh3; - g2 (wh2,wl2, wh2,wl2); wl1 ^= wl2 ^ 24; wh1 ^= wh2; - - /* last 8 rounds */ - wh2 ^= wh1; wl2 ^= wl1 ^ 25; g6 (wh1,wl1, wh1,wl1); - wh1 ^= wh4; wl1 ^= wl4 ^ 26; g0 (wh4,wl4, wh4,wl4); - wh4 ^= wh3; wl4 ^= wl3 ^ 27; g4 (wh3,wl3, wh3,wl3); - wh3 ^= wh2; wl3 ^= wl2 ^ 28; g8 (wh2,wl2, wh2,wl2); - wh2 ^= wh1; wl2 ^= wl1 ^ 29; g2 (wh1,wl1, wh1,wl1); - wh1 ^= wh4; wl1 ^= wl4 ^ 30; g6 (wh4,wl4, wh4,wl4); - wh4 ^= wh3; wl4 ^= wl3 ^ 31; g0 (wh3,wl3, wh3,wl3); - wh3 ^= wh2; wl3 ^= wl2 ^ 32; g4 (wh2,wl2, wh2,wl2); - - /* pack into byte vector */ - cipher [0] = wh1; cipher [1] = wl1; - cipher [2] = wh2; cipher [3] = wl2; - cipher [4] = wh3; cipher [5] = wl3; - cipher [6] = wh4; cipher [7] = wl4; -} - - -void -skipjack_backwards (u_int8_t *cipher, u_int8_t *plain, u_int8_t **key_tables) -{ - /* setup 4 16-bit portions */ - u_int8_t wh1 = cipher[0]; u_int8_t wl1 = cipher[1]; - u_int8_t wh2 = cipher[2]; u_int8_t wl2 = cipher[3]; - u_int8_t wh3 = cipher[4]; u_int8_t wl3 = cipher[5]; - u_int8_t wh4 = cipher[6]; u_int8_t wl4 = cipher[7]; - - u_int8_t * k0 = key_tables [0]; - u_int8_t * k1 = key_tables [1]; - u_int8_t * k2 = key_tables [2]; - u_int8_t * k3 = key_tables [3]; - u_int8_t * k4 = key_tables [4]; - u_int8_t * k5 = key_tables [5]; - u_int8_t * k6 = key_tables [6]; - u_int8_t * k7 = key_tables [7]; - u_int8_t * k8 = key_tables [8]; - u_int8_t * k9 = key_tables [9]; - - /* first 8 rounds */ - g4_inv (wh2,wl2, wh2,wl2); wl3 ^= wl2 ^ 32; wh3 ^= wh2; - g0_inv (wh3,wl3, wh3,wl3); wl4 ^= wl3 ^ 31; wh4 ^= wh3; - g6_inv (wh4,wl4, wh4,wl4); wl1 ^= wl4 ^ 30; wh1 ^= wh4; - g2_inv (wh1,wl1, wh1,wl1); wl2 ^= wl1 ^ 29; wh2 ^= wh1; - g8_inv (wh2,wl2, wh2,wl2); wl3 ^= wl2 ^ 28; wh3 ^= wh2; - g4_inv (wh3,wl3, wh3,wl3); wl4 ^= wl3 ^ 27; wh4 ^= wh3; - g0_inv (wh4,wl4, wh4,wl4); wl1 ^= wl4 ^ 26; wh1 ^= wh4; - g6_inv (wh1,wl1, wh1,wl1); wl2 ^= wl1 ^ 25; wh2 ^= wh1; - - /* second 8 rounds */ - wh1 ^= wh2; wl1 ^= wl2 ^ 24; g2_inv (wh2,wl2, wh2,wl2); - wh2 ^= wh3; wl2 ^= wl3 ^ 23; g8_inv (wh3,wl3, wh3,wl3); - wh3 ^= wh4; wl3 ^= wl4 ^ 22; g4_inv (wh4,wl4, wh4,wl4); - wh4 ^= wh1; wl4 ^= wl1 ^ 21; g0_inv (wh1,wl1, wh1,wl1); - wh1 ^= wh2; wl1 ^= wl2 ^ 20; g6_inv (wh2,wl2, wh2,wl2); - wh2 ^= wh3; wl2 ^= wl3 ^ 19; g2_inv (wh3,wl3, wh3,wl3); - wh3 ^= wh4; wl3 ^= wl4 ^ 18; g8_inv (wh4,wl4, wh4,wl4); - wh4 ^= wh1; wl4 ^= wl1 ^ 17; g4_inv (wh1,wl1, wh1,wl1); - - /* third 8 rounds */ - g0_inv (wh2,wl2, wh2,wl2); wl3 ^= wl2 ^ 16; wh3 ^= wh2; - g6_inv (wh3,wl3, wh3,wl3); wl4 ^= wl3 ^ 15; wh4 ^= wh3; - g2_inv (wh4,wl4, wh4,wl4); wl1 ^= wl4 ^ 14; wh1 ^= wh4; - g8_inv (wh1,wl1, wh1,wl1); wl2 ^= wl1 ^ 13; wh2 ^= wh1; - g4_inv (wh2,wl2, wh2,wl2); wl3 ^= wl2 ^ 12; wh3 ^= wh2; - g0_inv (wh3,wl3, wh3,wl3); wl4 ^= wl3 ^ 11; wh4 ^= wh3; - g6_inv (wh4,wl4, wh4,wl4); wl1 ^= wl4 ^ 10; wh1 ^= wh4; - g2_inv (wh1,wl1, wh1,wl1); wl2 ^= wl1 ^ 9; wh2 ^= wh1; - - /* last 8 rounds */ - wh1 ^= wh2; wl1 ^= wl2 ^ 8; g8_inv (wh2,wl2, wh2,wl2); - wh2 ^= wh3; wl2 ^= wl3 ^ 7; g4_inv (wh3,wl3, wh3,wl3); - wh3 ^= wh4; wl3 ^= wl4 ^ 6; g0_inv (wh4,wl4, wh4,wl4); - wh4 ^= wh1; wl4 ^= wl1 ^ 5; g6_inv (wh1,wl1, wh1,wl1); - wh1 ^= wh2; wl1 ^= wl2 ^ 4; g2_inv (wh2,wl2, wh2,wl2); - wh2 ^= wh3; wl2 ^= wl3 ^ 3; g8_inv (wh3,wl3, wh3,wl3); - wh3 ^= wh4; wl3 ^= wl4 ^ 2; g4_inv (wh4,wl4, wh4,wl4); - wh4 ^= wh1; wl4 ^= wl1 ^ 1; g0_inv (wh1,wl1, wh1,wl1); - - /* pack into byte vector */ - plain [0] = wh1; plain [1] = wl1; - plain [2] = wh2; plain [3] = wl2; - plain [4] = wh3; plain [5] = wl3; - plain [6] = wh4; plain [7] = wl4; -} diff --git a/src/lib/libc/include/README b/src/lib/libc/include/README new file mode 100644 index 00000000000..6410072c963 --- /dev/null +++ b/src/lib/libc/include/README @@ -0,0 +1,97 @@ +So you want to add an interface to libc... + +CASE I: internal symbols + + A) used in a single file + Duh: use whatever name you want and make it static + + B) used in multiple files + Give it a name in the implementation namespace (leading underbar) + and declare it in a __{BEGIN,END}_HIDDEN_DECLS block in a .h + file inside libc. If it's used in just a single subdir of + libc *and* that subdir has an appropriate .h file in it, then + declare it there. + Example: stdio/local.h. + Otherwise, declare it in one of the hidden/* files. + Example: _mktemp() in hidden/stdio.h + +CASE II: external symbols + + First of all, add your symbol to Symbols.list. MD symbols go in + arch/*/Symbols.list (shock, I know) + + Declare your function in the appropriate header. It almost certainly + should be in a public header installed under /usr/include/. Exceptions + are symbols that are just shared between libc and libpthread/csu/ld.so + which are only declared in libc/include/* or just in each .c file. + + A) objects (variables) + That's it, you're done. + + B) plain C functions (not syscalls) + 1) functions that are *not* called from inside libc + + If this function is specified in the ISO C standard or its + name begins with an underbar, then in the hidden/* version + of the header where you declared the function, add this line: + PROTO_STD_DEPRECATED(your_function_name); + + Otherwise, this is *not* a function specified in the ISO C + standard and its name begins with a letter. In the hidden/* + version of the header where you declared the function, add + this line: + PROTO_DEPRECATED(your_function_name); + + 2) functions that are called from inside libc + + In the hidden/* version of the header where you declared + the function, add this line: + PROTO_NORMAL(your_function_name); + + Then, in the .c file(s) where the function is defined: + - if the function is specified in the ISO C standard or + its name begins with an underbar, add + DEF_STRONG(your_function_name); + + - otherwise, add: + DEF_WEAK(your_function_name); + + C) syscalls that require cancellation or other libpthread wrappers + You're done in libc, but go to libpthread and add the wrapper there. + + D) syscalls that require libc wrappers for other reasons + First of all, make sure this really is the Right Thing. Talk + with kettenis, deraadt, miod, and guenther. + + 1) If the actual syscall doesn't have the same calling convention + as the C interface, then maybe it shouldn't be exported at + all and you should just have an ASM stub, like SYS___tfork + --> __tfork_thread() or SYS_break --> brk() and sbrk(). If + it _could_ be called from C, then give the syscall a name + different from the C API. Syscalls that fail this for + historical reasons (e.g., getlogin) are generated with + PSEUDO in libc/sys/Makefile.inc, so the ASM stub has a + leading underbar. Go read gen/getlogin.c for an example + of how to do this. + + 2) Otherwise, you're sane and have a syscall like sigaction() + which requires a wrapper but whose syscall API is the same + as the C API. Then: + - generate the ASM stub with HIDDEN in libc/sys/Makefile.inc + - in the proper hidden/*.h file add + PROTO_WRAP(your_function_name) + - the wrapper function should be defined in + libc/sys/w_your_function_name.c + which should define WRAP(your_function_name) and + follow it with DEF_WRAP(your_function_name). Look at + libc/sys/w_sigaction.c for an example. + - by default, libc code that calls your_function_name() + will get the real syscall and *not* the wrapper. libc + calls that needd to go through the wrapper should invoke + WRAP(your_function_name) + + E) syscalls that don't require any wrapping + In the hidden/* version of the header where you declared the + function, add this line: + PROTO_NORMAL(your_function_name); + diff --git a/src/lib/libc/include/atfork.h b/src/lib/libc/include/atfork.h new file mode 100644 index 00000000000..f09de4892af --- /dev/null +++ b/src/lib/libc/include/atfork.h @@ -0,0 +1,45 @@ +/* $OpenBSD: atfork.h,v 1.2 2015/08/27 04:37:09 guenther Exp $ */ + +/* + * Copyright (c) 2008 Kurt Miller + * Copyright (c) 2008 Philip Guenther + * Copyright (c) 2003 Daniel Eischen + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Neither the name of the author nor the names of any co-contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD: /repoman/r/ncvs/src/lib/libc_r/uthread/uthread_atfork.c,v 1.1 2004/12/10 03:36:45 grog Exp $ + */ + +#include + +struct atfork_fn { + TAILQ_ENTRY(atfork_fn) fn_next; + void (*fn_prepare)(void); + void (*fn_parent)(void); + void (*fn_child)(void); + void *fn_dso; +}; + +__BEGIN_HIDDEN_DECLS +extern TAILQ_HEAD(atfork_listhead, atfork_fn) _atfork_list; +__END_HIDDEN_DECLS diff --git a/src/lib/libc/include/cancel.h b/src/lib/libc/include/cancel.h new file mode 100644 index 00000000000..c452bf3d4cf --- /dev/null +++ b/src/lib/libc/include/cancel.h @@ -0,0 +1,78 @@ +/* $OpenBSD: cancel.h,v 1.5 2017/09/05 02:40:54 guenther Exp $ */ +/* + * Copyright (c) 2015 Philip Guenther + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef _CANCEL_H_ +#define _CANCEL_H_ + +#include +#include "thread_private.h" + +/* process a cancel request at a cancel point */ +__dead void _thread_canceled(void); + +#ifdef __LIBC__ +PROTO_NORMAL(_thread_canceled); +#endif + +#if defined(__LIBC__) && !defined(TCB_HAVE_MD_GET) +/* + * Override TIB_GET macro to use the caching callback + */ +#undef TIB_GET +#define TIB_GET() TCB_TO_TIB(_thread_cb.tc_tcb()) +#endif + +#define PREP_CANCEL_POINT(tib) \ + int _cantcancel = (tib)->tib_cantcancel + +#define ENTER_CANCEL_POINT_INNER(tib, can_cancel, delay) \ + if (_cantcancel == 0) { \ + (tib)->tib_cancel_point = (delay) ? \ + CANCEL_POINT_DELAYED : CANCEL_POINT; \ + if (can_cancel) { \ + __asm volatile("":::"memory"); \ + if (__predict_false((tib)->tib_canceled)) \ + _thread_canceled(); \ + } \ + } + +#define LEAVE_CANCEL_POINT_INNER(tib, can_cancel) \ + if (_cantcancel == 0) { \ + (tib)->tib_cancel_point = 0; \ + if (can_cancel) { \ + __asm volatile("":::"memory"); \ + if (__predict_false((tib)->tib_canceled)) \ + _thread_canceled(); \ + } \ + } + +/* + * Enter or leave a cancelation point, optionally processing pending + * cancelation requests. Note that ENTER_CANCEL_POINT opens a block + * and LEAVE_CANCEL_POINT must close that same block. + */ +#define ENTER_CANCEL_POINT(can_cancel) \ + { \ + struct tib *_tib = TIB_GET(); \ + PREP_CANCEL_POINT(_tib); \ + ENTER_CANCEL_POINT_INNER(_tib, can_cancel, 0) + +#define LEAVE_CANCEL_POINT(can_cancel) \ + LEAVE_CANCEL_POINT_INNER(_tib, can_cancel); \ + } + +#endif /* _CANCEL_H_ */ diff --git a/src/lib/libc/include/ctype_private.h b/src/lib/libc/include/ctype_private.h new file mode 100644 index 00000000000..cbe1b204758 --- /dev/null +++ b/src/lib/libc/include/ctype_private.h @@ -0,0 +1,9 @@ +/* $OpenBSD: ctype_private.h,v 1.2 2015/08/27 04:37:09 guenther Exp $ */ +/* Written by Marc Espie, public domain */ +#define CTYPE_NUM_CHARS 256 + +__BEGIN_HIDDEN_DECLS +extern const char _C_ctype_[]; +extern const short _C_toupper_[]; +extern const short _C_tolower_[]; +__END_HIDDEN_DECLS diff --git a/src/lib/libc/include/localedef.h b/src/lib/libc/include/localedef.h new file mode 100644 index 00000000000..12dd47fffa0 --- /dev/null +++ b/src/lib/libc/include/localedef.h @@ -0,0 +1,106 @@ +/* $OpenBSD: localedef.h,v 1.1 2016/05/23 00:05:15 guenther Exp $ */ +/* $NetBSD: localedef.h,v 1.4 1996/04/09 20:55:31 cgd Exp $ */ + +/* + * Copyright (c) 1994 Winning Strategies, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Winning Strategies, Inc. + * 4. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef _LOCALEDEF_H_ +#define _LOCALEDEF_H_ + +#include + +typedef struct +{ + char *yesexpr; + char *noexpr; + char *yesstr; + char *nostr; +} _MessagesLocale; + + +typedef struct +{ + char *int_curr_symbol; + char *currency_symbol; + char *mon_decimal_point; + char *mon_thousands_sep; + char *mon_grouping; + char *positive_sign; + char *negative_sign; + char int_frac_digits; + char frac_digits; + char p_cs_precedes; + char p_sep_by_space; + char n_cs_precedes; + char n_sep_by_space; + char p_sign_posn; + char n_sign_posn; + char int_p_cs_precedes; + char int_p_sep_by_space; + char int_n_cs_precedes; + char int_n_sep_by_space; + char int_p_sign_posn; + char int_n_sign_posn; +} _MonetaryLocale; + + +typedef struct +{ + const char *decimal_point; + const char *thousands_sep; + const char *grouping; +} _NumericLocale; + + +typedef struct { + const char *abday[7]; + const char *day[7]; + const char *abmon[12]; + const char *mon[12]; + const char *am_pm[2]; + const char *d_t_fmt; + const char *d_fmt; + const char *t_fmt; + const char *t_fmt_ampm; +} _TimeLocale; + + +__BEGIN_HIDDEN_DECLS +extern const _MessagesLocale *_CurrentMessagesLocale; +extern const _MessagesLocale _DefaultMessagesLocale; +extern const _MonetaryLocale *_CurrentMonetaryLocale; +extern const _MonetaryLocale _DefaultMonetaryLocale; +extern const _NumericLocale *_CurrentNumericLocale; +extern const _NumericLocale _DefaultNumericLocale; +extern const _TimeLocale *_CurrentTimeLocale; +extern const _TimeLocale _DefaultTimeLocale; +__END_HIDDEN_DECLS + +#endif /* !_LOCALEDEF_H_ */ diff --git a/src/lib/libc/include/mpool.h b/src/lib/libc/include/mpool.h new file mode 100644 index 00000000000..005b006d176 --- /dev/null +++ b/src/lib/libc/include/mpool.h @@ -0,0 +1,122 @@ +/* $OpenBSD: mpool.h,v 1.1 2015/09/09 15:35:24 guenther Exp $ */ +/* $NetBSD: mpool.h,v 1.7 1996/05/03 21:13:41 cgd Exp $ */ + +/*- + * Copyright (c) 1991, 1993, 1994 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)mpool.h 8.4 (Berkeley) 11/2/95 + */ + +#ifndef _MPOOL_H_ +#define _MPOOL_H_ + +#include + +/* + * The memory pool scheme is a simple one. Each in-memory page is referenced + * by a bucket which is threaded in up to two of three ways. All active pages + * are threaded on a hash chain (hashed by page number) and an lru chain. + * Inactive pages are threaded on a free chain. Each reference to a memory + * pool is handed an opaque MPOOL cookie which stores all of this information. + */ +#define HASHSIZE 128 +#define HASHKEY(pgno) ((pgno - 1 + HASHSIZE) % HASHSIZE) + +/* The BKT structures are the elements of the queues. */ +typedef struct _bkt { + TAILQ_ENTRY(_bkt) hq; /* hash queue */ + TAILQ_ENTRY(_bkt) q; /* lru queue */ + void *page; /* page */ + pgno_t pgno; /* page number */ + +#define MPOOL_DIRTY 0x01 /* page needs to be written */ +#define MPOOL_PINNED 0x02 /* page is pinned into memory */ +#define MPOOL_INUSE 0x04 /* page address is valid */ + u_int8_t flags; /* flags */ +} BKT; + +typedef struct MPOOL { + TAILQ_HEAD(_lqh, _bkt) lqh; /* lru queue head */ + /* hash queue array */ + TAILQ_HEAD(_hqh, _bkt) hqh[HASHSIZE]; + pgno_t curcache; /* current number of cached pages */ + pgno_t maxcache; /* max number of cached pages */ + pgno_t npages; /* number of pages in the file */ + unsigned long pagesize; /* file page size */ + int fd; /* file descriptor */ + /* page in conversion routine */ + void (*pgin)(void *, pgno_t, void *); + /* page out conversion routine */ + void (*pgout)(void *, pgno_t, void *); + void *pgcookie; /* cookie for page in/out routines */ +#ifdef STATISTICS + unsigned long cachehit; + unsigned long cachemiss; + unsigned long pagealloc; + unsigned long pageflush; + unsigned long pageget; + unsigned long pagenew; + unsigned long pageput; + unsigned long pageread; + unsigned long pagewrite; +#endif +} MPOOL; + +#define MPOOL_IGNOREPIN 0x01 /* Ignore if the page is pinned. */ +#define MPOOL_PAGE_REQUEST 0x01 /* Allocate a new page with a + specific page number. */ +#define MPOOL_PAGE_NEXT 0x02 /* Allocate a new page with the next + page number. */ + +__BEGIN_HIDDEN_DECLS +MPOOL *mpool_open(void *, int, pgno_t, pgno_t); +void mpool_filter(MPOOL *, void (*)(void *, pgno_t, void *), + void (*)(void *, pgno_t, void *), void *); +void *mpool_new(MPOOL *, pgno_t *, unsigned int); +void *mpool_get(MPOOL *, pgno_t, unsigned int); +int mpool_delete(MPOOL *, void *); +int mpool_put(MPOOL *, void *, unsigned int); +int mpool_sync(MPOOL *); +int mpool_close(MPOOL *); + +PROTO_NORMAL(mpool_open); +PROTO_NORMAL(mpool_filter); +PROTO_NORMAL(mpool_new); +PROTO_NORMAL(mpool_get); +PROTO_NORMAL(mpool_delete); +PROTO_NORMAL(mpool_put); +PROTO_NORMAL(mpool_sync); +PROTO_NORMAL(mpool_close); + +#ifdef STATISTICS +void mpool_stat(MPOOL *); +PROTO_NORMAL(mpool_stat); +#endif +__END_HIDDEN_DECLS + +#endif diff --git a/src/lib/libc/include/namespace.h b/src/lib/libc/include/namespace.h index 4a51f15ddf9..60766afc0b9 100644 --- a/src/lib/libc/include/namespace.h +++ b/src/lib/libc/include/namespace.h @@ -1,18 +1,191 @@ -/* $OpenBSD: namespace.h,v 1.2 1996/08/19 08:28:08 tholo Exp $ */ - -#define catclose _catclose -#define catgets _catgets -#define catopen _catopen -#define err _err -#define errx _errx -#define strtoq _strtoq -#define strtouq _strtouq -#define sys_errlist _sys_errlist -#define sys_nerr _sys_nerr -#define sys_siglist _sys_siglist -#define verr _verr -#define verrx _verrx -#define vwarn _vwarn -#define vwarnx _vwarnx -#define warn _warn -#define warnx _warnx +/* $OpenBSD: namespace.h,v 1.12 2018/01/18 08:23:44 guenther Exp $ */ + +#ifndef _LIBC_NAMESPACE_H_ +#define _LIBC_NAMESPACE_H_ + +/* + * Copyright (c) 2015 Philip Guenther + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * The goal: calls from inside libc to other libc functions should be via + * identifiers that are of hidden visibility and--to avoid confusion--are + * in the reserved namespace. By doing this these calls are protected + * from overriding by applications and on many platforms can avoid creation + * or use of GOT or PLT entries. I've chosen a prefix of underbar-C-underbar + * ("_libc_") for this. These will not be declared directly; instead, the + * gcc "asm labels" extension will be used rename the function. + * + * For syscalls which are cancellation points, such as wait4(), there + * are identifiers that do not provide cancellation: + * _libc_wait4 hidden alias, for use internal to libc only + * _thread_sys_wait4 global name, for use outside libc only + * ...and identifiers that do provide cancellation: + * wait4 weak alias, for general use + * _libc_wait4_cancel hidden alias, for use internal to libc only + * Inside libc, the bare name ("wait4") binds to the version *without* + * cancellation; the few times where cancellation is desired it can be + * obtained by calling CANCEL(x) instead of just x. + * + * Some other calls need to be wrapped for reasons other than cancellation, + * such as to provide functionality beyond the underlying syscall (e.g., + * sigaction). For these, there are identifiers for the raw call, without + * the wrapping: + * _libc_sigaction hidden alias, for use internal to libc only + * _thread_sys_sigaction global name, for use outside libc only + * ...and identifiers that do provide the libc wrapping: + * sigaction weak alias, for general use + * _libc_sigaction_wrap hidden alias, for use internal to libc only + * Inside libc, the bare name ("sigaction") binds to the wrapper; when the + * raw version is necessary it can be obtained by calling HIDDEN(x) instead of + * just x. + * + * For syscalls which are not cancellation points, such as getpid(), + * the identifiers are just: + * _libc_getpid hidden alias, for use internal to libc only + * _thread_sys_getpid global name, for use outside libc only + * getpid weak alias, for use outside libc only + * + * By using gcc's "asm label" extension, we can usually avoid having + * to type those prefixes in the .h and .c files. However, for those + * cases where a non-default binding is necessary we can use these macros + * to get the desired identifier: + * + * CANCEL(x) + * This expands to the internal, hidden name of a cancellation + * wrapper: _libc_x_cancel. ex: CANCEL(fsync)(fd) + * + * WRAP(x) + * This expands to the internal, hidden name of a non-cancellation + * wrapper: _libc_x_wrap. ex: WRAP(sigprocmask)(set) + * + * + * In order to actually set up the desired asm labels, we use these in + * the internal .h files: + * PROTO_NORMAL(x) Symbols used both internally and externally + * This makes gcc convert use of x to use _libc_x instead + * ex: PROTO_NORMAL(getpid) + * + * PROTO_STD_DEPRECATED(x) Standard C symbols that we don't want to use + * This just marks the symbol as deprecated, with no renaming. + * ex: PROTO_STD_DEPRECATED(strcpy) + * + * PROTO_DEPRECATED(x) Symbols not in ISO C that we don't want to use + * This marks the symbol as both weak and deprecated, with no renaming + * ex: PROTO_DEPRECATED(creat) + * + * PROTO_CANCEL(x) Functions that have cancellation wrappers + * Like PROTO_NORMAL(x), but also declares _libc_x_cancel + * ex: PROTO_CANCEL(wait4) + * + * PROTO_WRAP(x) Functions that have wrappers for other reasons + * Like PROTO_NORMAL(x), but also declares _libc_x_wrap. Internal + * calls that want the wrapper's processing should invoke WRAP(x)(...) + * ex: PROTO_WRAP(sigaction) + * + * + * Finally, to create the expected aliases, we use these in the .c files + * where the definitions are: + * DEF_STRONG(x) Symbols reserved to or specified by ISO C + * This defines x as a strong alias for _libc_x; this must only + * be used for symbols that are reserved by the C standard + * (or reserved in the external identifier namespace). + * Matches with PROTO_NORMAL() + * ex: DEF_STRONG(fopen) + * + * DEF_WEAK(x) Symbols used internally and not in ISO C + * This defines x as a weak alias for _libc_x + * Matches with PROTO_NORMAL() + * ex: DEF_WEAK(lseek) + * + * DEF_CANCEL(x) Symbols that have a cancellation wrapper + * This defines x as a weak alias for _libc_x_cancel. + * Matches with PROTO_CANCEL() + * ex: DEF_CANCEL(read) + * + * DEF_WRAP(x) + * This defines x as a weak alias for _libc_x_wrap. + * Matches with PROTO_WRAP() + * ex: DEF_WRAP(sigaction) + * + * DEF_SYS(x) + * This defines _thread_sys_x as a strong alias for _libc_x. This should + * only be needed for syscalls that have C instead of asm stubs. + * Matches with PROTO_NORMAL(), PROTO_CANCEL(), or PROTO_WRAP() + * ex: DEF_SYS(pread) + * + * MAKE_CLONE(dst, src) Symbols that are exact clones of other symbols + * This declares _libc_dst as being the same type as dst, and makes + * _libc_dst a strong, hidden alias for _libc_src. You still need to + * DEF_STRONG(dst) or DEF_WEAK(dst) to alias dst itself + * ex: MAKE_CLONE(SHA224Pad, SHA256Pad) + */ + +#include /* for __dso_hidden and __{weak,strong}_alias */ + +#define __dso_protected __attribute__((__visibility__("protected"))) + +#define HIDDEN(x) _libc_##x +#define CANCEL(x) _libc_##x##_cancel +#define WRAP(x) _libc_##x##_wrap +#define HIDDEN_STRING(x) "_libc_" __STRING(x) +#define CANCEL_STRING(x) "_libc_" __STRING(x) "_cancel" +#define WRAP_STRING(x) "_libc_" __STRING(x) "_wrap" + +#define PROTO_NORMAL(x) __dso_hidden typeof(x) x asm(HIDDEN_STRING(x)) +#define PROTO_STD_DEPRECATED(x) typeof(x) x __attribute__((deprecated)) +#define PROTO_DEPRECATED(x) typeof(x) x __attribute__((deprecated, weak)) +#define PROTO_CANCEL(x) __dso_hidden typeof(x) HIDDEN(x), \ + x asm(CANCEL_STRING(x)) +#define PROTO_WRAP(x) PROTO_NORMAL(x), WRAP(x) +#define PROTO_PROTECTED(x) __dso_protected typeof(x) x + +#define DEF_STRONG(x) __strong_alias(x, HIDDEN(x)) +#define DEF_WEAK(x) __weak_alias(x, HIDDEN(x)) +#define DEF_CANCEL(x) __weak_alias(x, CANCEL(x)) +#define DEF_WRAP(x) __weak_alias(x, WRAP(x)) +#define DEF_SYS(x) __strong_alias(_thread_sys_##x, HIDDEN(x)) +#ifdef __clang__ +#define DEF_BUILTIN(x) __asm("") +#define BUILTIN __dso_protected +#else +#define DEF_BUILTIN(x) DEF_STRONG(x) +#define BUILTIN +#endif + +#define MAKE_CLONE(dst, src) __dso_hidden typeof(dst) HIDDEN(dst) \ + __attribute__((alias (HIDDEN_STRING(src)))) + + +/* + * gcc and clang will generate calls to the functions below. + * Declare and redirect them here so we always go + * directly to our hidden aliases. + */ +#include +BUILTIN void *memmove(void *, const void *, __size_t); +BUILTIN void *memcpy(void *__restrict, const void *__restrict, __size_t); +BUILTIN void *memset(void *, int, __size_t); +BUILTIN void __stack_smash_handler(const char [], int __unused); +#ifndef __clang__ +PROTO_NORMAL(memmove); +PROTO_NORMAL(memcpy); +PROTO_NORMAL(memset); +PROTO_NORMAL(__stack_smash_handler); +#endif +#undef BUILTIN + +#endif /* _LIBC_NAMESPACE_H_ */ + diff --git a/src/lib/libc/include/thread_private.h b/src/lib/libc/include/thread_private.h index 8cf06a86c41..98dfaa63223 100644 --- a/src/lib/libc/include/thread_private.h +++ b/src/lib/libc/include/thread_private.h @@ -1,135 +1,419 @@ -/* $OpenBSD: thread_private.h,v 1.11 2002/02/16 21:27:23 millert Exp $ */ +/* $OpenBSD: thread_private.h,v 1.35 2019/02/13 13:22:14 mpi Exp $ */ + +/* PUBLIC DOMAIN: No Rights Reserved. Marco S Hyman */ #ifndef _THREAD_PRIVATE_H_ #define _THREAD_PRIVATE_H_ -#include +#include /* for FILE and __isthreaded */ + +#define _MALLOC_MUTEXES 32 +void _malloc_init(int); +#ifdef __LIBC__ +PROTO_NORMAL(_malloc_init); +#endif /* __LIBC__ */ /* - * This variable is initially 0 when there is exactly one thread. - * It should never decrease. + * The callbacks needed by libc to handle the threaded case. + * NOTE: Bump the version when you change the struct contents! + * + * tc_canceled: + * If not NULL, what to do when canceled (otherwise _exit(0)) + * + * tc_flockfile, tc_ftrylockfile, and tc_funlockfile: + * If not NULL, these implement the flockfile() family. + * XXX In theory, you should be able to lock a FILE before + * XXX loading libpthread and have that be a real lock on it, + * XXX but that doesn't work without the libc base version + * XXX tracking the recursion count. + * + * tc_malloc_lock and tc_malloc_unlock: + * tc_atexit_lock and tc_atexit_unlock: + * tc_atfork_lock and tc_atfork_unlock: + * tc_arc4_lock and tc_arc4_unlock: + * The locks used by the malloc, atexit, atfork, and arc4 subsystems. + * These have to be ordered specially in the fork/vfork wrappers + * and may be implemented differently than the general mutexes + * in the callbacks below. + * + * tc_mutex_lock and tc_mutex_unlock: + * Lock and unlock the given mutex. If the given mutex is NULL + * a mutex is allocated and initialized automatically. + * + * tc_mutex_destroy: + * Destroy/deallocate the given mutex. + * + * tc_tag_lock and tc_tag_unlock: + * Lock and unlock the mutex associated with the given tag. + * If the given tag is NULL a tag is allocated and initialized + * automatically. + * + * tc_tag_storage: + * Returns a pointer to per-thread instance of data associated + * with the given tag. If the given tag is NULL a tag is + * allocated and initialized automatically. + * + * tc_fork, tc_vfork: + * If not NULL, they are called instead of the syscall stub, so that + * the thread library can do necessary locking and reinitialization. + * + * tc_thread_release: + * Handles the release of a thread's TIB and struct pthread and the + * notification of other threads...when there are other threads. + * + * tc_thread_key_zero: + * For each thread, zero out the key data associated with the given key. + + * If doesn't define TCB_GET(), then locating the TCB in a + * threaded process requires a syscall (__get_tcb(2)) which is too much + * overhead for single-threaded processes. For those archs, there are two + * additional callbacks, though they are placed first in the struct for + * convenience in ASM: + * + * tc_errnoptr: + * Returns the address of the thread's errno. + * + * tc_tcb: + * Returns the address of the thread's TCB. */ -extern int __isthreaded; +struct pthread; +struct thread_callbacks { + int *(*tc_errnoptr)(void); /* MUST BE FIRST */ + void *(*tc_tcb)(void); + __dead void (*tc_canceled)(void); + void (*tc_flockfile)(FILE *); + int (*tc_ftrylockfile)(FILE *); + void (*tc_funlockfile)(FILE *); + void (*tc_malloc_lock)(int); + void (*tc_malloc_unlock)(int); + void (*tc_atexit_lock)(void); + void (*tc_atexit_unlock)(void); + void (*tc_atfork_lock)(void); + void (*tc_atfork_unlock)(void); + void (*tc_arc4_lock)(void); + void (*tc_arc4_unlock)(void); + void (*tc_mutex_lock)(void **); + void (*tc_mutex_unlock)(void **); + void (*tc_mutex_destroy)(void **); + void (*tc_tag_lock)(void **); + void (*tc_tag_unlock)(void **); + void *(*tc_tag_storage)(void **, void *, size_t, void *); + __pid_t (*tc_fork)(void); + __pid_t (*tc_vfork)(void); + void (*tc_thread_release)(struct pthread *); + void (*tc_thread_key_zero)(int); +}; + +__BEGIN_PUBLIC_DECLS /* - * Weak symbols are used in libc so that the thread library can - * efficiently wrap libc functions. - * - * Use WEAK_NAME(n) to get a libc-private name for n (_weak_n), - * WEAK_ALIAS(n) to generate the weak symbol n pointing to _weak_n, - * WEAK_PROTOTYPE(n) to generate a prototype for _weak_n (based on n). - * - * If the symbol _NO_WEAK_ALIASES is defined, then symbols will be + * Set the callbacks used by libc */ +void _thread_set_callbacks(const struct thread_callbacks *_cb, size_t _len); +__END_PUBLIC_DECLS -#ifdef _NO_WEAK_ALIASES -#ifdef _THREAD_SAFE -#define WEAK_NAME(name) __CONCAT(_weak,name) -#else -#define WEAK_NAME(name) name -#endif -#define WEAK_ALIAS(name) /* unavailable */ -#define WEAK_PROTOTYPE(name) /* unnecessary */ -#else /* !_NO_WEAK_ALIASES */ -#define WEAK_NAME(name) __CONCAT(_weak_,name) -#define WEAK_ALIAS(name) __weak_alias(name, WEAK_NAME(name)) -#ifdef __GNUC__ -#define WEAK_PROTOTYPE(name) __typeof__(name) WEAK_NAME(name) -#else -#define WEAK_PROTOTYPE(name) /* typeof() only in gcc */ -#endif -#endif /* !_NO_WEAK_ALIASES */ +#ifdef __LIBC__ +__BEGIN_HIDDEN_DECLS +/* the current set */ +extern struct thread_callbacks _thread_cb; +__END_HIDDEN_DECLS +#endif /* __LIBC__ */ /* - * These macros help in making persistent storage thread-specific. - * Libc makes extensive use of private static data structures - * that hold state across function invocation, and these macros - * are no-ops when running single-threaded. - * - * Linking against the user-thread library causes these macros to - * allocate storage on a per-thread basis. + * helper macro to make unique names in the thread namespace */ - -#define __THREAD_MUTEX_NAME(name) __CONCAT(_libc_storage_mutex_,name) -#define __THREAD_KEY_NAME(name) __CONCAT(_libc_storage_key_,name) - -struct _thread_private_key_struct { - pthread_once_t once; - void (*cleanfn)(void *); - pthread_key_t key; -}; - -void _libc_private_storage_lock(pthread_mutex_t *); -void _libc_private_storage_unlock(pthread_mutex_t *); -void * _libc_private_storage(volatile struct _thread_private_key_struct *, - void *, size_t, void *); +#define __THREAD_NAME(name) __CONCAT(_thread_tagname_,name) -/* Declare a module mutex. */ -#define _THREAD_PRIVATE_MUTEX(name) \ - static pthread_mutex_t __THREAD_MUTEX_NAME(name) = \ - PTHREAD_MUTEX_INITIALIZER - -/* Lock a module mutex against use by any other threads. */ -#define _THREAD_PRIVATE_MUTEX_LOCK(name) \ - _libc_private_storage_lock(&__THREAD_MUTEX_NAME(name)) - -/* Unlock a module mutex. */ -#define _THREAD_PRIVATE_MUTEX_UNLOCK(name) \ - _libc_private_storage_unlock(&__THREAD_MUTEX_NAME(name)) - -/* Declare a thread-private storage key. */ +/* + * Macros used in libc to access thread mutex, keys, and per thread storage. + * _THREAD_PRIVATE_KEY and _THREAD_PRIVATE_MUTEX are different macros for + * historical reasons. They do the same thing, define a static variable + * keyed by 'name' that identifies a mutex and a key to identify per thread + * data. + */ #define _THREAD_PRIVATE_KEY(name) \ - static volatile struct _thread_private_key_struct \ - __THREAD_KEY_NAME(name) = { \ - PTHREAD_ONCE_INIT, \ - 0 \ - } + static void *__THREAD_NAME(name) +#define _THREAD_PRIVATE_MUTEX(name) \ + static void *__THREAD_NAME(name) + + +#ifndef __LIBC__ /* building some sort of reach around */ + +#define _THREAD_PRIVATE_MUTEX_LOCK(name) do {} while (0) +#define _THREAD_PRIVATE_MUTEX_UNLOCK(name) do {} while (0) +#define _THREAD_PRIVATE(keyname, storage, error) &(storage) +#define _MUTEX_LOCK(mutex) do {} while (0) +#define _MUTEX_UNLOCK(mutex) do {} while (0) +#define _MUTEX_DESTROY(mutex) do {} while (0) +#define _MALLOC_LOCK(n) do {} while (0) +#define _MALLOC_UNLOCK(n) do {} while (0) +#define _ATEXIT_LOCK() do {} while (0) +#define _ATEXIT_UNLOCK() do {} while (0) +#define _ATFORK_LOCK() do {} while (0) +#define _ATFORK_UNLOCK() do {} while (0) +#define _ARC4_LOCK() do {} while (0) +#define _ARC4_UNLOCK() do {} while (0) + +#else /* building libc */ +#define _THREAD_PRIVATE_MUTEX_LOCK(name) \ + do { \ + if (_thread_cb.tc_tag_lock != NULL) \ + _thread_cb.tc_tag_lock(&(__THREAD_NAME(name))); \ + } while (0) +#define _THREAD_PRIVATE_MUTEX_UNLOCK(name) \ + do { \ + if (_thread_cb.tc_tag_unlock != NULL) \ + _thread_cb.tc_tag_unlock(&(__THREAD_NAME(name))); \ + } while (0) +#define _THREAD_PRIVATE(keyname, storage, error) \ + (_thread_cb.tc_tag_storage == NULL ? &(storage) : \ + _thread_cb.tc_tag_storage(&(__THREAD_NAME(keyname)), \ + &(storage), sizeof(storage), error)) /* - * In threaded mode, return a pointer to thread-private memory of - * the same size as, and (initially) with the same contents as 'storage'. If - * an error occurs, the 'error' parameter is returned. - * In single-threaded mode, no storage is allocated. Instead, a pointer - * to storage is always returned. - * The 'cleanfn' function of the key structure is called to free the storage. - * If 'cleanfn' is NULL, then free() is used. This hook can be useful for - * getting rid of memory leaks. + * Macros used in libc to access mutexes. */ -#define _THREAD_PRIVATE(keyname, storage, error) \ - _libc_private_storage(&__THREAD_KEY_NAME(keyname), \ - &(storage), sizeof (storage), error) +#define _MUTEX_LOCK(mutex) \ + do { \ + if (__isthreaded) \ + _thread_cb.tc_mutex_lock(mutex); \ + } while (0) +#define _MUTEX_UNLOCK(mutex) \ + do { \ + if (__isthreaded) \ + _thread_cb.tc_mutex_unlock(mutex); \ + } while (0) +#define _MUTEX_DESTROY(mutex) \ + do { \ + if (__isthreaded) \ + _thread_cb.tc_mutex_destroy(mutex); \ + } while (0) /* - * Macros for locking and unlocking FILEs. These test if the - * process is threaded to avoid locking when not required. + * malloc lock/unlock prototypes and definitions */ -#ifdef _FLOCK_DEBUG -#define FLOCKFILE(fp) _flockfile_debug(fp, __FILE__, __LINE__) -#else -#define FLOCKFILE(fp) flockfile(fp) -#endif -#define FUNLOCKFILE(fp) funlockfile(fp) +#define _MALLOC_LOCK(n) \ + do { \ + if (__isthreaded) \ + _thread_cb.tc_malloc_lock(n); \ + } while (0) +#define _MALLOC_UNLOCK(n) \ + do { \ + if (__isthreaded) \ + _thread_cb.tc_malloc_unlock(n); \ + } while (0) +#define _ATEXIT_LOCK() \ + do { \ + if (__isthreaded) \ + _thread_cb.tc_atexit_lock(); \ + } while (0) +#define _ATEXIT_UNLOCK() \ + do { \ + if (__isthreaded) \ + _thread_cb.tc_atexit_unlock(); \ + } while (0) + +#define _ATFORK_LOCK() \ + do { \ + if (__isthreaded) \ + _thread_cb.tc_atfork_lock(); \ + } while (0) +#define _ATFORK_UNLOCK() \ + do { \ + if (__isthreaded) \ + _thread_cb.tc_atfork_unlock(); \ + } while (0) + +#define _ARC4_LOCK() \ + do { \ + if (__isthreaded) \ + _thread_cb.tc_arc4_lock(); \ + } while (0) +#define _ARC4_UNLOCK() \ + do { \ + if (__isthreaded) \ + _thread_cb.tc_arc4_unlock(); \ + } while (0) +#endif /* __LIBC__ */ + + +/* + * Copyright (c) 2004,2005 Ted Unangst + * All Rights Reserved. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ /* - * File descriptor locking definitions. + * Private data structures that back up the typedefs in pthread.h. + * Since only the thread library cares about their size or arrangement, + * it should be possible to switch libraries without relinking. + * + * Do not reorder _atomic_lock_t and sem_t variables in the structs. + * This is due to alignment requirements of certain arches like hppa. + * The current requirement is 16 bytes. + * + * THE MACHINE DEPENDENT CERROR CODE HAS HARD CODED OFFSETS INTO PTHREAD_T! */ -#define FD_READ 0x1 -#define FD_WRITE 0x2 -#define FD_RDWR (FD_READ | FD_WRITE) - -#ifdef _LOCK_DEBUG -#define _FD_LOCK(_fd,_type,_ts) _thread_fd_lock_debug(_fd, _type, \ - _ts, __FILE__, __LINE__) -#define _FD_UNLOCK(_fd,_type) _thread_fd_unlock_debug(_fd, _type, \ - __FILE__, __LINE__) + +#include +#include +#include +#include + +#define _SPINLOCK_UNLOCKED _ATOMIC_LOCK_UNLOCKED + +struct __sem { + _atomic_lock_t lock; + volatile int waitcount; + volatile int value; + int shared; +}; + +TAILQ_HEAD(pthread_queue, pthread); + +#ifdef FUTEX + +struct pthread_mutex { + volatile unsigned int lock; + int type; + pthread_t owner; + int count; + int prioceiling; +}; + +struct pthread_cond { + volatile unsigned int seq; + clockid_t clock; + struct pthread_mutex *mutex; +}; + +struct pthread_rwlock { + volatile unsigned int value; +}; + #else -#define _FD_LOCK(_fd,_type,_ts) _thread_fd_lock(_fd, _type, _ts) -#define _FD_UNLOCK(_fd,_type) _thread_fd_unlock(_fd, _type) -#endif - -int _thread_fd_lock(int, int, struct timespec *); -int _thread_fd_lock_debug(int, int, struct timespec *, char *, int); -void _thread_fd_unlock(int, int); -void _thread_fd_unlock_debug(int, int, char *, int); + +struct pthread_mutex { + _atomic_lock_t lock; + struct pthread_queue lockers; + int type; + pthread_t owner; + int count; + int prioceiling; +}; + +struct pthread_cond { + _atomic_lock_t lock; + struct pthread_queue waiters; + struct pthread_mutex *mutex; + clockid_t clock; +}; + +struct pthread_rwlock { + _atomic_lock_t lock; + pthread_t owner; + struct pthread_queue writers; + int readers; +}; +#endif /* FUTEX */ + +struct pthread_mutex_attr { + int ma_type; + int ma_protocol; + int ma_prioceiling; +}; + +struct pthread_cond_attr { + clockid_t ca_clock; +}; + +struct pthread_attr { + void *stack_addr; + size_t stack_size; + size_t guard_size; + int detach_state; + int contention_scope; + int sched_policy; + struct sched_param sched_param; + int sched_inherit; +}; + +struct rthread_storage { + int keyid; + struct rthread_storage *next; + void *data; +}; + +struct rthread_cleanup_fn { + void (*fn)(void *); + void *arg; + struct rthread_cleanup_fn *next; +}; + +struct tib; +struct stack; +struct pthread { + struct __sem donesem; + unsigned int flags; + _atomic_lock_t flags_lock; + struct tib *tib; + void *retval; + void *(*fn)(void *); + void *arg; + char name[32]; + struct stack *stack; + LIST_ENTRY(pthread) threads; + TAILQ_ENTRY(pthread) waiting; + pthread_cond_t blocking_cond; + struct pthread_attr attr; + struct rthread_storage *local_storage; + struct rthread_cleanup_fn *cleanup_fns; + + /* cancel received in a delayed cancel block? */ + int delayed_cancel; +}; +/* flags in pthread->flags */ +#define THREAD_DONE 0x001 +#define THREAD_DETACHED 0x002 + +/* flags in tib->tib_thread_flags */ +#define TIB_THREAD_ASYNC_CANCEL 0x001 +#define TIB_THREAD_INITIAL_STACK 0x002 /* has stack from exec */ + +#define ENTER_DELAYED_CANCEL_POINT(tib, self) \ + (self)->delayed_cancel = 0; \ + ENTER_CANCEL_POINT_INNER(tib, 1, 1) + +/* + * Internal functions exported from libc's thread bits for use by libpthread + */ +void _spinlock(volatile _atomic_lock_t *); +int _spinlocktry(volatile _atomic_lock_t *); +void _spinunlock(volatile _atomic_lock_t *); + +void _rthread_debug(int, const char *, ...) + __attribute__((__format__ (printf, 2, 3))); +pid_t _thread_dofork(pid_t (*_sys_fork)(void)); +void _thread_finalize(void); + +/* + * Threading syscalls not declared in system headers + */ +__dead void __threxit(pid_t *); +int __thrsleep(const volatile void *, clockid_t, + const struct timespec *, volatile void *, const int *); +int __thrwakeup(const volatile void *, int n); +int __thrsigdivert(sigset_t, siginfo_t *, const struct timespec *); #endif /* _THREAD_PRIVATE_H_ */ diff --git a/src/lib/libc/net/Makefile.inc b/src/lib/libc/net/Makefile.inc index 805ae5d2247..b78cd6be852 100644 --- a/src/lib/libc/net/Makefile.inc +++ b/src/lib/libc/net/Makefile.inc @@ -1,23 +1,23 @@ -# $OpenBSD: Makefile.inc,v 1.31 2001/08/06 14:40:47 jakob Exp $ +# $OpenBSD: Makefile.inc,v 1.59 2016/03/30 06:38:41 jmc Exp $ # net sources -.PATH: ${LIBCSRCDIR}/arch/${MACHINE_ARCH}/net ${LIBCSRCDIR}/net +.PATH: ${LIBCSRCDIR}/arch/${MACHINE_CPU}/net ${LIBCSRCDIR}/net CFLAGS+=-DRESOLVSORT -SRCS+= base64.c freeaddrinfo.c gai_strerror.c getaddrinfo.c gethostnamadr.c \ - getifaddrs.c getnameinfo.c getnetbyaddr.c getnetbyname.c getnetent.c \ - getnetnamadr.c getproto.c getprotoent.c getprotoname.c \ +SRCS+= base64.c ethers.c freeaddrinfo.c \ + gai_strerror.c getaddrinfo.c gethostnamadr.c \ + getifaddrs.c getnameinfo.c getnetent.c \ + getnetnamadr.c getpeereid.c getproto.c getprotoent.c getprotoname.c \ getservbyname.c getservbyport.c getservent.c getrrsetbyname.c \ herror.c if_indextoname.c if_nameindex.c if_nametoindex.c inet_addr.c \ inet_lnaof.c inet_makeaddr.c inet_neta.c inet_netof.c inet_network.c \ inet_net_ntop.c inet_net_pton.c inet_ntoa.c inet_ntop.c inet_pton.c \ - ipx_addr.c ipx_ntoa.c iso_addr.c linkaddr.c ns_addr.c ns_ntoa.c \ - nsap_addr.c \ - net_addrcmp.c \ - rcmd.c rresvport.c recv.c res_comp.c res_data.c res_debug.c \ - res_init.c res_mkquery.c res_query.c res_random.c res_send.c send.c \ - sethostent.c ethers.c rcmdsh.c + linkaddr.c rcmd.c rcmdsh.c ruserok.c \ + rresvport.c recv.c res_comp.c res_data.c \ + res_debug.c res_debug_syms.c res_init.c res_mkquery.c res_query.c \ + res_random.c res_send.c \ + send.c sethostent.c sockatmark.c # IPv6 SRCS+= ip6opt.c rthdr.c vars6.c @@ -26,60 +26,11 @@ SRCS+= ip6opt.c rthdr.c vars6.c # m-d Makefile.inc must include sources for: # htonl() htons() ntohl() ntohs() -.include "${LIBCSRCDIR}/arch/${MACHINE_ARCH}/net/Makefile.inc" +.include "${LIBCSRCDIR}/arch/${MACHINE_CPU}/net/Makefile.inc" -MAN+= byteorder.3 ethers.3 getaddrinfo.3 gethostbyname.3 getifaddrs.3 \ - getnameinfo.3 getnetent.3 getprotoent.3 getservent.3 inet.3 \ - if_indextoname.3 inet_net.3 iso_addr.3 link_addr.3 ns.3 ipx.3 \ - rcmd.3 rcmdsh.3 resolver.3 net_addrcmp.3 \ - inet6_option_space.3 inet6_rthdr_space.3 \ - getrrsetbyname.3 - -MLINKS+=byteorder.3 htonl.3 byteorder.3 htons.3 byteorder.3 ntohl.3 \ - byteorder.3 ntohs.3 byteorder.3 htobe16.3 byteorder.3 htobe32.3 \ - byteorder.3 betoh16.3 byteorder.3 betoh32.3 byteorder.3 htole16.3 \ - byteorder.3 htole32.3 byteorder.3 letoh16.3 byteorder.3 letoh32.3 \ - byteorder.3 swap16.3 byteorder.3 swap32.3 -MLINKS+=ethers.3 ether_aton.3 ethers.3 ether_hostton.3 ethers.3 ether_line.3 \ - ethers.3 ether_ntoa.3 ethers.3 ether_ntohost.3 ethers.3 ether_addr.3 -MLINKS+= getaddrinfo.3 freeaddrinfo.3 getaddrinfo.3 gai_strerror.3 -MLINKS+=gethostbyname.3 endhostent.3 gethostbyname.3 gethostbyaddr.3 \ - gethostbyname.3 sethostent.3 gethostbyname.3 gethostent.3 \ - gethostbyname.3 herror.3 gethostbyname.3 gethostbyname2.3 \ - gethostbyname.3 hstrerror.3 -MLINKS+=getifaddrs.3 freeifaddrs.3 -MLINKS+=getnetent.3 endnetent.3 getnetent.3 getnetbyaddr.3 \ - getnetent.3 getnetbyname.3 getnetent.3 setnetent.3 -MLINKS+=getprotoent.3 endprotoent.3 getprotoent.3 getprotobyname.3 \ - getprotoent.3 getprotobynumber.3 getprotoent.3 setprotoent.3 -MLINKS+=getservent.3 endservent.3 getservent.3 getservbyname.3 \ - getservent.3 getservbyport.3 getservent.3 setservent.3 -MLINKS+= if_indextoname.3 if_nametoindex.3 if_indextoname.3 if_nameindex.3 \ - if_indextoname.3 if_freenameindex.3 -MLINKS+=inet.3 addr.3 inet.3 inet_addr.3 inet.3 inet_aton.3 \ - inet.3 inet_lnaof.3 inet.3 inet_makeaddr.3 inet.3 inet_netof.3 \ - inet.3 inet_network.3 inet.3 inet_ntoa.3 inet.3 network.3 \ - inet.3 ntoa.3 inet.3 inet_ntop.3 inet.3 inet_pton.3 -MLINKS+=inet_net.3 inet_net_ntop.3 inet_net.3 inet_net_pton.3 -MLINKS+=iso_addr.3 iso_ntoa.3 -MLINKS+=link_addr.3 link_ntoa.3 -MLINKS+=ipx.3 ipx_addr.3 ipx.3 ipx_ntoa.3 -MLINKS+=ns.3 ns_addr.3 ns.3 ns_ntoa.3 -MLINKS+=rcmd.3 iruserok.3 rcmd.3 rresvport.3 rcmd.3 ruserok.3 \ - rcmd.3 rresvport_af.3 rcmd.3 rcmd_af.3 rcmd.3 iruserok_sa.3 -MLINKS+=resolver.3 dn_comp.3 resolver.3 dn_expand.3 resolver.3 res_init.3 \ - resolver.3 res_mkquery.3 resolver.3 res_send.3 resolver.3 res_query.3 \ - resolver.3 res_search.3 -MLINKS+=inet6_option_space.3 inet6_option_init.3 \ - inet6_option_space.3 inet6_option_append.3 \ - inet6_option_space.3 inet6_option_alloc.3 \ - inet6_option_space.3 inet6_option_next.3 \ - inet6_option_space.3 inet6_option_find.3 -MLINKS+=inet6_rthdr_space.3 inet6_rthdr_init.3 \ - inet6_rthdr_space.3 inet6_rthdr_add.3 \ - inet6_rthdr_space.3 inet6_rthdr_lasthop.3 \ - inet6_rthdr_space.3 inet6_rthdr_reverse.3 \ - inet6_rthdr_space.3 inet6_rthdr_segments.3 \ - inet6_rthdr_space.3 inet6_rthdr_getaddr.3 \ - inet6_rthdr_space.3 inet6_rthdr_getflags.3 -MLINKS+=getrrsetbyname.3 freerrset.3 +MAN+= byteorder.3 ethers.3 gai_strerror.3 getaddrinfo.3 gethostbyname.3 \ + getifaddrs.3 getnameinfo.3 getnetent.3 getpeereid.3 getprotoent.3 \ + getrrsetbyname.3 getservent.3 htonl.3 if_indextoname.3 \ + inet_addr.3 inet_lnaof.3 inet_net.3 inet_ntop.3 \ + inet6_opt_init.3 inet6_rth_space.3 link_ntoa.3 \ + rcmd.3 rcmdsh.3 resolver.3 sockatmark.3 diff --git a/src/lib/libc/net/base64.c b/src/lib/libc/net/base64.c index 33b6ffdc41e..e90696df673 100644 --- a/src/lib/libc/net/base64.c +++ b/src/lib/libc/net/base64.c @@ -1,4 +1,4 @@ -/* $OpenBSD: base64.c,v 1.4 2002/01/02 23:00:10 deraadt Exp $ */ +/* $OpenBSD: base64.c,v 1.8 2015/01/16 16:48:51 deraadt Exp $ */ /* * Copyright (c) 1996 by Internet Software Consortium. @@ -43,7 +43,6 @@ */ #include -#include #include #include #include @@ -56,9 +55,6 @@ #include #include -/* XXX abort illegal in library */ -#define Assert(Cond) if (!(Cond)) abort() - static const char Base64[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; static const char Pad64 = '='; @@ -148,10 +144,6 @@ b64_ntop(src, srclength, target, targsize) output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4); output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6); output[3] = input[2] & 0x3f; - Assert(output[0] < 64); - Assert(output[1] < 64); - Assert(output[2] < 64); - Assert(output[3] < 64); if (datalength + 4 > targsize) return (-1); @@ -171,9 +163,6 @@ b64_ntop(src, srclength, target, targsize) output[0] = input[0] >> 2; output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4); output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6); - Assert(output[0] < 64); - Assert(output[1] < 64); - Assert(output[2] < 64); if (datalength + 4 > targsize) return (-1); @@ -204,12 +193,13 @@ b64_pton(src, target, targsize) size_t targsize; { int tarindex, state, ch; + u_char nextbyte; char *pos; state = 0; tarindex = 0; - while ((ch = *src++) != '\0') { + while ((ch = (unsigned char)*src++) != '\0') { if (isspace(ch)) /* Skip whitespace anywhere. */ continue; @@ -231,22 +221,28 @@ b64_pton(src, target, targsize) break; case 1: if (target) { - if (tarindex + 1 >= targsize) + if (tarindex >= targsize) return (-1); target[tarindex] |= (pos - Base64) >> 4; - target[tarindex+1] = ((pos - Base64) & 0x0f) - << 4 ; + nextbyte = ((pos - Base64) & 0x0f) << 4; + if (tarindex + 1 < targsize) + target[tarindex+1] = nextbyte; + else if (nextbyte) + return (-1); } tarindex++; state = 2; break; case 2: if (target) { - if (tarindex + 1 >= targsize) + if (tarindex >= targsize) return (-1); target[tarindex] |= (pos - Base64) >> 2; - target[tarindex+1] = ((pos - Base64) & 0x03) - << 6; + nextbyte = ((pos - Base64) & 0x03) << 6; + if (tarindex + 1 < targsize) + target[tarindex+1] = nextbyte; + else if (nextbyte) + return (-1); } tarindex++; state = 3; @@ -268,8 +264,8 @@ b64_pton(src, target, targsize) * on a byte boundary, and/or with erroneous trailing characters. */ - if (ch == Pad64) { /* We got a pad char. */ - ch = *src++; /* Skip it, get next. */ + if (ch == Pad64) { /* We got a pad char. */ + ch = (unsigned char)*src++; /* Skip it, get next. */ switch (state) { case 0: /* Invalid = in first position */ case 1: /* Invalid = in second position */ @@ -277,13 +273,13 @@ b64_pton(src, target, targsize) case 2: /* Valid, means one byte of info */ /* Skip any number of spaces. */ - for (; ch != '\0'; ch = *src++) + for (; ch != '\0'; ch = (unsigned char)*src++) if (!isspace(ch)) break; /* Make sure there is another trailing = sign. */ if (ch != Pad64) return (-1); - ch = *src++; /* Skip the = */ + ch = (unsigned char)*src++; /* Skip the = */ /* Fall through to "single trailing =" case. */ /* FALLTHROUGH */ @@ -292,7 +288,7 @@ b64_pton(src, target, targsize) * We know this char is an =. Is there anything but * whitespace after it? */ - for (; ch != '\0'; ch = *src++) + for (; ch != '\0'; ch = (unsigned char)*src++) if (!isspace(ch)) return (-1); @@ -302,7 +298,8 @@ b64_pton(src, target, targsize) * zeros. If we don't check them, they become a * subliminal channel. */ - if (target && target[tarindex] != 0) + if (target && tarindex < targsize && + target[tarindex] != 0) return (-1); } } else { diff --git a/src/lib/libc/net/byteorder.3 b/src/lib/libc/net/byteorder.3 index 9d8fa7221f9..98f6aff3622 100644 --- a/src/lib/libc/net/byteorder.3 +++ b/src/lib/libc/net/byteorder.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: byteorder.3,v 1.8 2000/04/18 03:01:30 aaron Exp $ +.\" $OpenBSD: byteorder.3,v 1.22 2015/11/10 23:48:18 jmc Exp $ .\" .\" Copyright (c) 1983, 1991, 1993 .\" The Regents of the University of California. All rights reserved. @@ -11,11 +11,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -31,153 +27,140 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd June 4, 1993 -.Dt BYTEORDER 3 +.Dd $Mdocdate: November 10 2015 $ +.Dt HTOBE64 3 .Os .Sh NAME -.Nm htonl , -.Nm htons , -.Nm ntohl , -.Nm ntohs , +.Nm htobe64 , .Nm htobe32 , .Nm htobe16 , +.Nm be64toh , +.Nm be32toh , +.Nm be16toh , +.Nm betoh64 , .Nm betoh32 , .Nm betoh16 , +.Nm htole64 , .Nm htole32 , .Nm htole16 , +.Nm le64toh , +.Nm le32toh , +.Nm le16toh , +.Nm letoh64 , .Nm letoh32 , .Nm letoh16 , +.Nm swap64 , .Nm swap32 , .Nm swap16 .Nd convert values between different byte orderings .Sh SYNOPSIS -.Fd #include -.Fd #include -.Ft u_int32_t -.Fn htonl "u_int32_t host32" -.Ft u_int16_t -.Fn htons "u_int16_t host16" -.Ft u_int32_t -.Fn ntohl "u_int32_t net32" -.Ft u_int16_t -.Fn ntohs "u_int16_t net16" -.Ft u_int32_t -.Fn htobe32 "u_int32_t host32" -.Ft u_int16_t -.Fn htobe16 "u_int16_t host16" -.Ft u_int32_t -.Fn betoh32 "u_int32_t big32" -.Ft u_int16_t -.Fn betoh16 "u_int16_t big16" -.Ft u_int32_t -.Fn htole32 "u_int32_t host32" -.Ft u_int16_t -.Fn htole16 "u_int16_t host16" -.Ft u_int32_t -.Fn letoh32 "u_int32_t little32" -.Ft u_int16_t -.Fn letoh16 "u_int16_t little16" -.Ft u_int32_t -.Fn swap32 "u_int32_t val32" -.Ft u_int16_t -.Fn swap16 "u_int16_t val16" +.In endian.h +.Ft uint64_t +.Fn htobe64 "uint64_t host64" +.Ft uint32_t +.Fn htobe32 "uint32_t host32" +.Ft uint16_t +.Fn htobe16 "uint16_t host16" +.Ft uint64_t +.Fn be64toh "uint64_t big64" +.Ft uint32_t +.Fn be32toh "uint32_t big32" +.Ft uint16_t +.Fn be16toh "uint16_t big16" +.Ft uint64_t +.Fn betoh64 "uint64_t big64" +.Ft uint32_t +.Fn betoh32 "uint32_t big32" +.Ft uint16_t +.Fn betoh16 "uint16_t big16" +.Ft uint64_t +.Fn htole64 "uint64_t host64" +.Ft uint32_t +.Fn htole32 "uint32_t host32" +.Ft uint16_t +.Fn htole16 "uint16_t host16" +.Ft uint64_t +.Fn letoh64 "uint64_t little64" +.Ft uint64_t +.Fn le64toh "uint64_t little64" +.Ft uint32_t +.Fn le32toh "uint32_t little32" +.Ft uint16_t +.Fn le16toh "uint16_t little16" +.Ft uint32_t +.Fn letoh32 "uint32_t little32" +.Ft uint16_t +.Fn letoh16 "uint16_t little16" +.Ft uint64_t +.Fn swap64 "uint64_t val64" +.Ft uint32_t +.Fn swap32 "uint32_t val32" +.Ft uint16_t +.Fn swap16 "uint16_t val16" .Sh DESCRIPTION -These routines convert 16- and 32-bit quantities between different +These routines convert 16, 32 and 64-bit quantities between different byte orderings. The .Dq swap functions reverse the byte ordering of -the given quantity, the others converts either from/to the native +the given quantity; the others convert either from/to the native byte order used by the host to/from either little- or big-endian (a.k.a network) order. .Pp -Apart from the swap functions, the names can be described by this form: -{src-order}to{dst-order}{size}. -Both {src-order} and {dst-order} can take the following forms: -.Pp -.Bl -tag -width "be " -offset indent -compact -.It h -Host order. -.It n -Network order (big-endian). -.It be -Big-endian (most significant byte first). -.It le -Little-endian (least significant byte first). -.El -.Pp -One of the specified orderings must be -.Sq h . -{size} will take these forms: -.Pp -.Bl -tag -width "32 " -offset indent -compact -.It l -Long (32-bit, used in conjunction with forms involving -.Sq n ) . -.It s -Short (16-bit, used in conjunction with forms involving -.Sq n ) . -.It 16 -16-bit. -.It 32 -32-bit. -.El -.Pp -The swap functions are of the form: swap{size}. -.Pp -Names involving -.Sq n -convert quantities between network -byte order and host byte order. -The last letter -.Pf ( Sq s -or -.Sq l ) -is a mnemonic -for the traditional names for such quantities, -.Li short -and -.Li long , -respectively. -Today, the C concept of -.Li short -and -.Li long -integers need not coincide with this traditional misunderstanding. -On machines which have a byte order which is the same as the network -order, routines are defined as null macros. +Apart from the swap functions, +the names containing +.Dq be +convert between host and big-endian (most significant byte first) order +of the given quantity, while the names containing +.Dq le +convert between host and little-endian (least significant byte first) order +of the given quantity. .Pp -The functions involving either -.Dq be , -.Dq le , -or -.Dq swap -use the numbers -16 and 32 for specifying the bitwidth of the quantities they operate on. +All these functions use the numbers +16, 32, or 64 for specifying the bitwidth of the quantities they operate on. Currently all supported architectures are either big- or little-endian so either the .Dq be or .Dq le variants are implemented as null macros. -.Pp -The routines mentioned above which have either {src-order} or {dst-order} -set to -.Sq n -are most often used in -conjunction with Internet addresses and ports as returned by -.Xr gethostbyname 3 -and -.Xr getservent 3 . .Sh SEE ALSO -.Xr gethostbyname 3 , -.Xr getservent 3 +.Xr htonl 3 +.Sh STANDARDS +The +.Fn htobe64 , +.Fn htobe32 , +.Fn htobe16 , +.Fn be64toh , +.Fn be32toh , +.Fn be16toh , +.Fn htole64 , +.Fn htole32 , +.Fn htole16 , +.Fn le64toh , +.Fn le32toh , +and +.Fn le16toh +functions are expected to conform to a future version of +.St -p1003.1 . +The other functions are extensions that should not be used +when portability is required. .Sh HISTORY The -.Nm byteorder +.Nm swap{size} +and +.Nm {src-order}to{dst-order}{size} functions appeared in .Bx 4.2 . +The +.Nm {src-order}{size}to{dst-order} +functions appeared in +.Ox 5.6 . +A subset of them was submitted for standardization after +.St -p1003.1-2008 . .Sh BUGS -On the vax, alpha, i386, and so far mips, -bytes are handled backwards from most everyone else in the world. -This is not expected to be fixed in the near future. +The perceived antagonism between +.Sq host +and +.Sq network +byte order does not allow PDP-11 users to sleep soundly at night. diff --git a/src/lib/libc/net/ethers.3 b/src/lib/libc/net/ethers.3 index 0509c121b8d..021e1ced737 100644 --- a/src/lib/libc/net/ethers.3 +++ b/src/lib/libc/net/ethers.3 @@ -1,36 +1,39 @@ -.\" $OpenBSD: ethers.3,v 1.14 2001/08/06 10:42:26 mpech Exp $ +.\" $OpenBSD: ethers.3,v 1.25 2018/11/09 17:49:32 brynet Exp $ .\" .\" Written by roland@frob.com. Public domain. .\" -.Dd December 16, 1993 -.Dt ETHERS 3 +.Dd $Mdocdate: November 9 2018 $ +.Dt ETHER_ATON 3 .Os .Sh NAME .Nm ether_aton , .Nm ether_ntoa , -.Nm ether_addr , .Nm ether_ntohost , .Nm ether_hostton , .Nm ether_line .Nd get ethers entry .Sh SYNOPSIS -.Fd #include +.In sys/types.h +.In sys/socket.h +.In net/if.h +.In netinet/in.h +.In netinet/if_ether.h .Ft char * .Fn ether_ntoa "struct ether_addr *e" .Ft struct ether_addr * -.Fn ether_aton "char *s" +.Fn ether_aton "const char *s" .Ft int .Fn ether_ntohost "char *hostname" "struct ether_addr *e" .Ft int -.Fn ether_hostton "char *hostname" "struct ether_addr *e" +.Fn ether_hostton "const char *hostname" "struct ether_addr *e" .Ft int -.Fn ether_line "char *l" "struct ether_addr *e" "char *hostname" +.Fn ether_line "const char *l" "struct ether_addr *e" "char *hostname" .Sh DESCRIPTION Ethernet addresses are represented by the following structure: .Bd -literal -offset indent struct ether_addr { - u_int8_t ether_addr_octet[6]; + u_int8_t ether_addr_octet[ETHER_ADDR_LEN]; }; .Ed .Pp @@ -50,6 +53,8 @@ converts an string of the same form and to a structure containing the 6 octets of the address. It returns a pointer to a static structure that is reused for each call. +.Fn ether_aton +will return NULL if the string does not represent a valid address. .Pp The .Fn ether_ntohost @@ -74,17 +79,7 @@ zero if they find the requested host name or address, and \-1 if not. .Pp Each call reads .Pa /etc/ethers -from the beginning; if a -.Ql + -appears alone on a line in the file, then -.Fn ether_hostton -will consult the -.Pa ethers.byname -YP map, and -.Fn ether_ntohost -will consult the -.Pa ethers.byaddr -YP map. +from the beginning. .Pp The .Fn ether_line @@ -112,7 +107,7 @@ The and .Fn ether_line functions were adopted from SunOS and appeared in -.Nx 0.9 b. +.Nx 0.9b . .Sh BUGS The data space used by these functions is static; if future use requires the data, it should be copied before any subsequent calls to diff --git a/src/lib/libc/net/ethers.c b/src/lib/libc/net/ethers.c index 858ac5b3f37..d62be1ca71a 100644 --- a/src/lib/libc/net/ethers.c +++ b/src/lib/libc/net/ethers.c @@ -1,77 +1,51 @@ -/* $OpenBSD: ethers.c,v 1.14 2002/05/24 21:22:37 deraadt Exp $ */ +/* $OpenBSD: ethers.c,v 1.27 2019/01/25 00:19:25 millert Exp $ */ /* - * Copyright (c) 1998 Todd C. Miller - * All rights reserved. + * Copyright (c) 1998 Todd C. Miller * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The name of the author may not be used to endorse or promote products - * derived from this software without specific prior written permission. + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL - * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; - * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ /* * ethers(3) a la Sun. * Originally Written by Roland McGrath 10/14/93. - * Substantially modified by Todd C. Miller + * Substantially modified by Todd C. Miller */ -#if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$OpenBSD: ethers.c,v 1.14 2002/05/24 21:22:37 deraadt Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include #include #include #include #include -#include #include #include #include #include #include #include -#ifdef YP -#include -#endif +#include #ifndef _PATH_ETHERS #define _PATH_ETHERS "/etc/ethers" #endif -static char * _ether_aton(char *, struct ether_addr *); +static char * _ether_aton(const char *, struct ether_addr *); char * -ether_ntoa(e) - struct ether_addr *e; +ether_ntoa(struct ether_addr *e) { static char a[] = "xx:xx:xx:xx:xx:xx"; - if (e->ether_addr_octet[0] > 0xFF || e->ether_addr_octet[1] > 0xFF || - e->ether_addr_octet[2] > 0xFF || e->ether_addr_octet[3] > 0xFF || - e->ether_addr_octet[4] > 0xFF || e->ether_addr_octet[5] > 0xFF) { - errno = EINVAL; - return (NULL); - } - (void)snprintf(a, sizeof a, "%02x:%02x:%02x:%02x:%02x:%02x", e->ether_addr_octet[0], e->ether_addr_octet[1], e->ether_addr_octet[2], e->ether_addr_octet[3], @@ -81,15 +55,13 @@ ether_ntoa(e) } static char * -_ether_aton(s, e) - char *s; - struct ether_addr *e; +_ether_aton(const char *s, struct ether_addr *e) { int i; long l; char *pp; - while (isspace(*s)) + while (isspace((unsigned char)*s)) s++; /* expect 6 hex octets separated by ':' or space/NUL if last octet */ @@ -97,7 +69,9 @@ _ether_aton(s, e) l = strtol(s, &pp, 16); if (pp == s || l > 0xFF || l < 0) return (NULL); - if (!(*pp == ':' || (i == 5 && (isspace(*pp) || *pp == '\0')))) + if (!(*pp == ':' || + (i == 5 && (isspace((unsigned char)*pp) || + *pp == '\0')))) return (NULL); e->ether_addr_octet[i] = (u_char)l; s = pp + 1; @@ -108,8 +82,7 @@ _ether_aton(s, e) } struct ether_addr * -ether_aton(s) - char *s; +ether_aton(const char *s) { static struct ether_addr n; @@ -117,35 +90,14 @@ ether_aton(s) } int -ether_ntohost(hostname, e) - char *hostname; - struct ether_addr *e; +ether_ntohost(char *hostname, struct ether_addr *e) { FILE *f; char buf[BUFSIZ+1], *p; size_t len; struct ether_addr try; -#ifdef YP - char trybuf[sizeof("xx:xx:xx:xx:xx:xx")]; - int trylen; -#endif - - if (e->ether_addr_octet[0] > 0xFF || e->ether_addr_octet[1] > 0xFF || - e->ether_addr_octet[2] > 0xFF || e->ether_addr_octet[3] > 0xFF || - e->ether_addr_octet[4] > 0xFF || e->ether_addr_octet[5] > 0xFF) { - errno = EINVAL; - return (-1); - } - -#ifdef YP - snprintf(trybuf, sizeof trybuf, "%x:%x:%x:%x:%x:%x", - e->ether_addr_octet[0], e->ether_addr_octet[1], - e->ether_addr_octet[2], e->ether_addr_octet[3], - e->ether_addr_octet[4], e->ether_addr_octet[5]); - trylen = strlen(trybuf); -#endif - f = fopen(_PATH_ETHERS, "r"); + f = fopen(_PATH_ETHERS, "re"); if (f == NULL) return (-1); while ((p = fgetln(f, &len)) != NULL) { @@ -156,28 +108,11 @@ ether_ntohost(hostname, e) (void)memcpy(buf, p, len); buf[len] = '\n'; /* code assumes newlines later on */ buf[len+1] = '\0'; -#ifdef YP - /* A + in the file means try YP now. */ - if (!strncmp(buf, "+\n", sizeof(buf))) { - char *ypbuf, *ypdom; - int ypbuflen; - - if (yp_get_default_domain(&ypdom)) - continue; - if (yp_match(ypdom, "ethers.byaddr", trybuf, - trylen, &ypbuf, &ypbuflen)) - continue; - if (ether_line(ypbuf, &try, hostname) == 0) { - free(ypbuf); - (void)fclose(f); - return (0); - } - free(ypbuf); + /* A + in the file meant try YP, ignore it. */ + if (!strncmp(buf, "+\n", sizeof(buf))) continue; - } -#endif if (ether_line(buf, &try, hostname) == 0 && - memcmp((void *)&try, (void *)e, sizeof(try)) == 0) { + memcmp(&try, e, sizeof(try)) == 0) { (void)fclose(f); return (0); } @@ -188,19 +123,14 @@ ether_ntohost(hostname, e) } int -ether_hostton(hostname, e) - char *hostname; - struct ether_addr *e; +ether_hostton(const char *hostname, struct ether_addr *e) { FILE *f; char buf[BUFSIZ+1], *p; - char try[MAXHOSTNAMELEN]; + char try[HOST_NAME_MAX+1]; size_t len; -#ifdef YP - int hostlen = strlen(hostname); -#endif - f = fopen(_PATH_ETHERS, "r"); + f = fopen(_PATH_ETHERS, "re"); if (f==NULL) return (-1); @@ -212,26 +142,9 @@ ether_hostton(hostname, e) memcpy(buf, p, len); buf[len] = '\n'; /* code assumes newlines later on */ buf[len+1] = '\0'; -#ifdef YP - /* A + in the file means try YP now. */ - if (!strncmp(buf, "+\n", sizeof(buf))) { - char *ypbuf, *ypdom; - int ypbuflen; - - if (yp_get_default_domain(&ypdom)) - continue; - if (yp_match(ypdom, "ethers.byname", hostname, hostlen, - &ypbuf, &ypbuflen)) - continue; - if (ether_line(ypbuf, e, try) == 0) { - free(ypbuf); - (void)fclose(f); - return (0); - } - free(ypbuf); + /* A + in the file meant try YP, ignore it. */ + if (!strncmp(buf, "+\n", sizeof(buf))) continue; - } -#endif if (ether_line(buf, e, try) == 0 && strcmp(hostname, try) == 0) { (void)fclose(f); return (0); @@ -243,10 +156,7 @@ ether_hostton(hostname, e) } int -ether_line(line, e, hostname) - char *line; - struct ether_addr *e; - char *hostname; +ether_line(const char *line, struct ether_addr *e, char *hostname) { char *p; size_t n; @@ -256,12 +166,12 @@ ether_line(line, e, hostname) goto bad; /* Now get the hostname */ - while (isspace(*p)) + while (isspace((unsigned char)*p)) p++; if (*p == '\0') goto bad; n = strcspn(p, " \t\n"); - if (n >= MAXHOSTNAMELEN) + if (n >= HOST_NAME_MAX+1) goto bad; strlcpy(hostname, p, n + 1); return (0); @@ -270,3 +180,4 @@ ether_line(line, e, hostname) errno = EINVAL; return (-1); } +DEF_WEAK(ether_line); diff --git a/src/lib/libc/net/freeaddrinfo.c b/src/lib/libc/net/freeaddrinfo.c index 30fbecb805a..154f70cd75e 100644 --- a/src/lib/libc/net/freeaddrinfo.c +++ b/src/lib/libc/net/freeaddrinfo.c @@ -1,3 +1,5 @@ +/* $OpenBSD: freeaddrinfo.c,v 1.9 2016/09/21 04:38:56 guenther Exp $ */ + /* * Copyright (c) 1996, 1997, 1998, 1999, Craig Metz, All rights reserved. * @@ -34,16 +36,15 @@ #include void -freeaddrinfo(ai) - struct addrinfo *ai; +freeaddrinfo(struct addrinfo *ai) { struct addrinfo *p; do { p = ai; ai = ai->ai_next; - if (p->ai_canonname) - free(p->ai_canonname); - free((void *)p); + free(p->ai_canonname); + free(p); } while (ai); } +DEF_WEAK(freeaddrinfo); diff --git a/src/lib/libc/net/gai_strerror.3 b/src/lib/libc/net/gai_strerror.3 new file mode 100644 index 00000000000..d271f492c55 --- /dev/null +++ b/src/lib/libc/net/gai_strerror.3 @@ -0,0 +1,95 @@ +.\" $OpenBSD: gai_strerror.3,v 1.10 2017/05/03 01:58:33 deraadt Exp $ +.\" $KAME: gai_strerror.3,v 1.1 2005/01/05 03:04:47 itojun Exp $ +.\" +.\" Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2000, 2001 Internet Software Consortium. +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +.\" PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: May 3 2017 $ +.Dt GAI_STRERROR 3 +.Os +.Sh NAME +.Nm gai_strerror +.Nd get error message string from EAI_xxx error code +.Sh SYNOPSIS +.In sys/types.h +.In sys/socket.h +.In netdb.h +.Ft "const char *" +.Fn gai_strerror "int ecode" +.Sh DESCRIPTION +The +.Fn gai_strerror +function returns an error message string corresponding to the error code +returned by +.Xr getaddrinfo 3 +or +.Xr getnameinfo 3 . +.Pp +The following error codes and their meaning are defined in +.In netdb.h : +.Pp +.Bl -tag -width "EAI_ADDRFAMILYXX" -offset indent -compact +.It Dv EAI_ADDRFAMILY +address family for +.Fa name +not supported +.It Dv EAI_AGAIN +temporary failure in name resolution +.It Dv EAI_BADFLAGS +invalid value for +.Fa ai_flags +.It Dv EAI_BADHINTS +invalid value for +.Fa hints +.It Dv EAI_FAIL +non-recoverable failure in name resolution +.It Dv EAI_FAMILY +.Fa ai_family +not supported +.It Dv EAI_MEMORY +memory allocation failure +.It Dv EAI_NODATA +no address associated with +.Fa name +.It Dv EAI_NONAME +.Fa name +or +.Fa service +not provided, or not known +.It Dv EAI_OVERFLOW +argument buffer overflow +.It Dv EAI_PROTOCOL +resolved protocol is unknown +.It Dv EAI_SERVICE +.Fa service +not supported for +.Fa ai_socktype +.It Dv EAI_SOCKTYPE +.Fa ai_socktype +not supported +.It Dv EAI_SYSTEM +system error (returned in +.Va errno ) +.El +.Sh RETURN VALUES +.Fn gai_strerror +returns a pointer to the error message string corresponding to +.Fa ecode . +If +.Fa ecode +is out of range, an implementation-specific error message string is returned. +.Sh SEE ALSO +.Xr getaddrinfo 3 , +.Xr getnameinfo 3 diff --git a/src/lib/libc/net/gai_strerror.c b/src/lib/libc/net/gai_strerror.c index a191cb5b283..1e9b585029c 100644 --- a/src/lib/libc/net/gai_strerror.c +++ b/src/lib/libc/net/gai_strerror.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gai_strerror.c,v 1.5 2001/06/05 02:31:34 deraadt Exp $ */ +/* $OpenBSD: gai_strerror.c,v 1.8 2015/09/14 07:38:38 guenther Exp $ */ /* * Copyright (c) 1997-1999, Craig Metz, All rights reserved. @@ -38,7 +38,7 @@ #include #include -char * +const char * gai_strerror(int errnum) { switch (errnum) { @@ -70,7 +70,10 @@ gai_strerror(int errnum) return "invalid value for hints"; case EAI_PROTOCOL: return "resolved protocol is unknown"; + case EAI_OVERFLOW: + return "argument buffer overflow"; default: return "unknown/invalid error"; } } +DEF_WEAK(gai_strerror); diff --git a/src/lib/libc/net/getaddrinfo.3 b/src/lib/libc/net/getaddrinfo.3 index 5c4be167328..35ba3e9c355 100644 --- a/src/lib/libc/net/getaddrinfo.3 +++ b/src/lib/libc/net/getaddrinfo.3 @@ -1,201 +1,192 @@ -.\" $OpenBSD: getaddrinfo.3,v 1.20 2002/04/30 16:31:42 mpech Exp $ -.\" $KAME: getaddrinfo.3,v 1.29 2001/02/12 09:24:45 itojun Exp $ +.\" $OpenBSD: getaddrinfo.3,v 1.58 2016/05/29 06:01:24 guenther Exp $ +.\" $KAME: getaddrinfo.3,v 1.36 2005/01/05 03:23:05 itojun Exp $ .\" -.\" Copyright (c) 1983, 1987, 1991, 1993 -.\" The Regents of the University of California. All rights reserved. +.\" Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2000, 2001 Internet Software Consortium. .\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. .\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. +.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +.\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" From: @(#)gethostbyname.3 8.4 (Berkeley) 5/25/95 -.\" -.Dd May 25, 1995 +.Dd $Mdocdate: May 29 2016 $ .Dt GETADDRINFO 3 .Os -.\" .Sh NAME .Nm getaddrinfo , -.Nm freeaddrinfo , -.Nm gai_strerror -.Nd nodename-to-address translation in protocol-independent manner -.\" +.Nm freeaddrinfo +.Nd host and service name to socket address structure .Sh SYNOPSIS -.Fd #include -.Fd #include -.Fd #include +.In sys/types.h +.In sys/socket.h +.In netdb.h .Ft int -.Fn getaddrinfo "const char *nodename" "const char *servname" \ -"const struct addrinfo *hints" "struct addrinfo **res" +.Fn getaddrinfo "const char *hostname" "const char *servname" \ + "const struct addrinfo *hints" "struct addrinfo **res" .Ft void .Fn freeaddrinfo "struct addrinfo *ai" -.Ft "char *" -.Fn gai_strerror "int ecode" -.\" .Sh DESCRIPTION The .Fn getaddrinfo -function is defined for protocol-independent nodename-to-address translation. -It performs the functionality of +function is used to get a list of +.Tn IP +addresses and port numbers for host +.Fa hostname +and service +.Fa servname . +It is a replacement for and provides more flexibility than the .Xr gethostbyname 3 and -.Xr getservbyname 3 , -but in a more sophisticated manner. +.Xr getservbyname 3 +functions. .Pp The -.Li addrinfo -structure is defined as a result of including the -.Aq Pa netdb.h -header: -.Bd -literal -offset -struct addrinfo { * - int ai_flags; /* AI_PASSIVE, AI_CANONNAME, AI_NUMERICHOST */ - int ai_family; /* PF_xxx */ - int ai_socktype; /* SOCK_xxx */ - int ai_protocol; /* 0 or IPPROTO_xxx for IPv4 and IPv6 */ - size_t ai_addrlen; /* length of ai_addr */ - char *ai_canonname; /* canonical name for nodename */ - struct sockaddr *ai_addr; /* binary address */ - struct addrinfo *ai_next; /* next structure in linked list */ -}; -.Ed -.Pp -The -.Fa nodename +.Fa hostname and .Fa servname -arguments are pointers to NUL-terminated strings or -.Dv NULL . -One or both of these two arguments must be a non-null pointer. -In the normal client scenario, both the -.Fa nodename -and -.Fa servname -are specified. -In the normal server scenario, only the +arguments are either pointers to NUL-terminated strings or the null pointer. +An acceptable value for +.Fa hostname +is either a valid host name or a numeric host address string consisting +of a dotted decimal IPv4 address or an IPv6 address. +The .Fa servname -is specified. -A non-null -.Fa nodename -string can be either a node name or a numeric host address string -(i.e., a dotted-decimal IPv4 address or an IPv6 hex address). -A non-null +is either a decimal port number or a service name listed in +.Xr services 5 . +At least one of +.Fa hostname +and .Fa servname -string can be either a service name or a decimal port number. +must be non-null. .Pp -The caller can optionally pass an -.Li addrinfo -structure, pointed to by the third argument, -to provide hints concerning the type of socket that the caller supports. -In this .Fa hints -structure all members other than -.Fa ai_flags , -.Fa ai_family , -.Fa ai_socktype , -and -.Fa ai_protocol -must be zero or a null pointer. -A value of -.Dv PF_UNSPEC -for +is an optional pointer to a +.Li struct addrinfo , +as defined by +.In netdb.h : +.Bd -literal +struct addrinfo { + int ai_flags; /* input flags */ + int ai_family; /* address family for socket */ + int ai_socktype; /* socket type */ + int ai_protocol; /* protocol for socket */ + socklen_t ai_addrlen; /* length of socket-address */ + struct sockaddr *ai_addr; /* socket-address for socket */ + char *ai_canonname; /* canonical name for service location */ + struct addrinfo *ai_next; /* pointer to next in list */ +}; +.Ed +.Pp +This structure can be used to provide hints concerning the type of socket +that the caller supports or wishes to use. +The caller can supply the following structure elements in +.Fa hints : +.Bl -tag -width "ai_socktypeXX" +.It Fa ai_family +The address family that should be used. +When .Fa ai_family -means the caller will accept any protocol family. -A value of 0 for +is set to +.Dv AF_UNSPEC , +it means the caller will accept any address family supported by the +operating system. +.It Fa ai_socktype +Denotes the type of socket that is wanted: +.Dv SOCK_STREAM , +.Dv SOCK_DGRAM , +or +.Dv SOCK_RAW . +When .Fa ai_socktype -means the caller will accept any socket type. -A value of 0 for +is zero the caller will accept any socket type. +.It Fa ai_protocol +Indicates which transport protocol is desired, +.Dv IPPROTO_UDP +or +.Dv IPPROTO_TCP . +If .Fa ai_protocol -means the caller will accept any protocol. -For example, if the caller handles only TCP and not UDP, then the -.Fa ai_socktype -member of the hints structure should be set to -.Dv SOCK_STREAM -when -.Fn getaddrinfo -is called. -If the caller handles only IPv4 and not IPv6, then the -.Fa ai_family -member of the -.Fa hints -structure should be set to -.Dv PF_INET -when +is zero the caller will accept any protocol. +.It Fa ai_flags +.Fa ai_flags +is formed by +.Tn OR Ns 'ing +the following values: +.Bl -tag -width "AI_CANONNAMEXX" +.It Dv AI_ADDRCONFIG +If the +.Dv AI_ADDRCONFIG +bit is set, IPv4 addresses will be returned only if an IPv4 address is +configured on an interface, and IPv6 addresses will be returned only if an IPv6 +address is configured on an interface. +Addresses on a loopback interface and link-local IPv6 addresses are not +considered valid as configured addresses. +This bit is only considered when determining whether a DNS query should +be performed or not. +.It Dv AI_CANONNAME +If the +.Dv AI_CANONNAME +bit is set, a successful call to .Fn getaddrinfo -is called. -If the third argument to +will return a NUL-terminated string containing the canonical name +of the specified host name in the +.Fa ai_canonname +element of the first +.Li addrinfo +structure returned. +.It Dv AI_FQDN +If the +.Dv AI_FQDN +bit is set, a successful call to .Fn getaddrinfo -is a null pointer, this is the same as if the caller had filled in an +will return a NUL-terminated string containing the fully qualified domain name +of the specified host name in the +.Fa ai_canonname +element of the first .Li addrinfo -structure initialized to zero with -.Fa ai_family -set to -.Dv PF_UNSPEC . +structure returned. .Pp -Upon successful return a pointer to a linked list of one or more -.Li addrinfo -structures is returned through the final argument. -The caller can process each -.Li addrinfo -structure in this list by following the -.Fa ai_next -pointer, until a null pointer is encountered. -In each returned -.Li addrinfo -structure the three members -.Fa ai_family , -.Fa ai_socktype , +This is different from the +.Dv AI_CANONNAME +bit flag that returns the canonical name registered in DNS, +which may be different from the fully qualified domain name +that the host name resolved to. +Only one of the +.Dv AI_FQDN and -.Fa ai_protocol -are the corresponding arguments for a call to the -.Fn socket -function. -In each -.Li addrinfo -structure the -.Fa ai_addr -member points to a filled-in socket address structure whose length is -specified by the -.Fa ai_addrlen -member. -.Pp +.Dv AI_CANONNAME +bits can be set. +.It Dv AI_NUMERICHOST +If the +.Dv AI_NUMERICHOST +bit is set, it indicates that +.Fa hostname +should be treated as a numeric string defining an IPv4 or IPv6 address +and no name resolution should be attempted. +.It Dv AI_NUMERICSERV +If the +.Dv AI_NUMERICSERV +bit is set, it indicates that +.Fa servname +should be treated as a numeric port string +and no service name resolution should be attempted. +.It Dv AI_PASSIVE If the .Dv AI_PASSIVE -bit is set in the -.Fa ai_flags -member of the -.Fa hints -structure, then the caller plans to use the returned socket address -structure in a call to -.Fn bind . +bit is set it indicates that the returned socket address structure +is intended for use in a call to +.Xr bind 2 . In this case, if the -.Fa nodename -argument is a null pointer, then the IP address portion of the socket -address structure will be set to +.Fa hostname +argument is the null pointer, then the IP address portion of the +socket address structure will be set to .Dv INADDR_ANY for an IPv4 address or .Dv IN6ADDR_ANY_INIT @@ -203,379 +194,284 @@ for an IPv6 address. .Pp If the .Dv AI_PASSIVE -bit is not set in the -.Fa ai_flags -member of the -.Fa hints -structure, then the returned socket address structure will be ready for a -call to -.Fn connect -.Pq for a connection-oriented protocol -or either -.Fn connect , -.Fn sendto , +bit is not set, the returned socket address structure will be ready +for use in a call to +.Xr connect 2 +for a connection-oriented protocol or +.Xr connect 2 , +.Xr sendto 2 , or -.Fn sendmsg -.Pq for a connectionless protocol . -In this case, if the -.Fa nodename -argument is a null pointer, then the IP address portion of the -socket address structure will be set to the loopback address. +.Xr sendmsg 2 +if a connectionless protocol was chosen. +The +.Tn IP +address portion of the socket address structure will be set to the +loopback address if +.Fa hostname +is the null pointer and +.Dv AI_PASSIVE +is not set. +.El +.El .Pp -If the -.Dv AI_CANONNAME -bit is set in the -.Fa ai_flags -member of the -.Fa hints -structure, then upon successful return the -.Fa ai_canonname -member of the first +All other elements of the .Li addrinfo -structure in the linked list will point to a NUL-terminated string -containing the canonical name of the specified -.Fa nodename . -.Pp -If the -.Dv AI_NUMERICHOST -bit is set in the -.Fa ai_flags -member of the +structure passed via .Fa hints -structure, then a non-null -.Fa nodename -string must be a numeric host address string. -Otherwise an error of -.Dv EAI_NONAME -is returned. -This flag prevents any type of name resolution service (e.g., the DNS) -from being called. +must be zero or the null pointer. .Pp -The arguments to -.Fn getaddrinfo -must sufficiently be consistent and unambiguous. -Here are pitfall cases you may encounter: -.Bl -bullet -.It -.Fn getaddrinfo -will raise an error if members of the +If .Fa hints -structure are not consistent. -For example, for internet address families, +is the null pointer, .Fn getaddrinfo -will raise an error if you specify -.Dv SOCK_STREAM -to -.Fa ai_socktype -while you specify -.Dv IPPROTO_UDP -to -.Fa ai_protocol . -.It -If you specify a -.Fa servname -which is defined only for certain +behaves as if the caller provided a +.Li struct addrinfo +with +.Fa ai_family +set to +.Dv AF_UNSPEC , +.Fa ai_flags +set to +.Dv AI_ADDRCONFIG , +and all other elements set to zero or +.Dv NULL . +.Pp +After a successful call to +.Fn getaddrinfo , +.Fa *res +is a pointer to a linked list of one or more +.Li addrinfo +structures. +The list can be traversed by following the +.Fa ai_next +pointer in each +.Li addrinfo +structure until a null pointer is encountered. +The three members +.Fa ai_family , .Fa ai_socktype , -.Fn getaddrinfo -will raise an error because the arguments are not consistent. -For example, -.Fn getaddrinfo -will raise an error if you ask for -.Dq Li tftp -service on -.Dv SOCK_STREAM . -.It -For internet address families, if you specify -.Fa servname -while you set -.Fa ai_socktype -to -.Dv SOCK_RAW , -.Fn getaddrinfo -will raise an error, because service names are not defined for the internet -.Dv SOCK_RAW -space. -.It -If you specify a numeric -.Fa servname , -while leaving -.Fa ai_socktype and .Fa ai_protocol -unspecified, -.Fn getaddrinfo -will raise an error. -This is because the numeric -.Fa servname -does not identify any socket type, and -.Fn getaddrinfo -is not allowed to glob the argument in such case. -.El -.Pp -All of the information returned by -.Fn getaddrinfo -is dynamically allocated: -the +in each returned .Li addrinfo -structures, the socket address structures, and canonical node name -strings pointed to by the addrinfo structures. -To return this information to the system the function -.Fn freeaddrinfo -is called. -The -.Fa addrinfo -structure pointed to by the -.Fa ai argument -is freed, along with any dynamic storage pointed to by the structure. -This operation is repeated until a -.Dv NULL -.Fa ai_next -pointer is encountered. +structure are suitable for a call to +.Xr socket 2 . +For each +.Li addrinfo +structure in the list, the +.Fa ai_addr +member points to a filled-in socket address structure of length +.Fa ai_addrlen . .Pp -To aid applications in printing error messages based on the -.Dv EAI_xxx -codes returned by -.Fn getaddrinfo , -.Fn gai_strerror -is defined. -The argument is one of the -.Dv EAI_xxx -values defined earlier and the return value points to a string describing -the error. -If the argument is not one of the -.Dv EAI_xxx -values, the function still returns a pointer to a string whose contents -indicate an unknown error. -.\" -.Ss Extension for scoped IPv6 address -The implementation allows experimental numeric IPv6 address notation with -scope identifier. +This implementation of +.Fn getaddrinfo +allows numeric IPv6 address notation with scope identifier, +as documented in RFC 4007. By appending the percent character and scope identifier to addresses, -you can fill +one can fill the .Li sin6_scope_id field for addresses. -This would make management of scoped address easier, -and allows cut-and-paste input of scoped address. +This would make management of scoped addresses easier +and allows cut-and-paste input of scoped addresses. .Pp At this moment the code supports only link-local addresses with the format. -Scope identifier is hardcoded to name of hardware interface associated -with the link. +The scope identifier is hardcoded to the name of the hardware interface +associated +with the link .Po such as .Li ne0 .Pc . -Example would be like +An example is .Dq Li fe80::1%ne0 , which means .Do .Li fe80::1 -on the link associated with +on the link associated with the .Li ne0 interface .Dc . .Pp -The implementation is still very experimental and non-standard. -The current implementation assumes one-by-one relationship between -interface and link, which is not necessarily true from the specification. -.\" +The current implementation assumes a one-to-one relationship between +the interface and link, which is not necessarily true from the specification. +.Pp +All of the information returned by +.Fn getaddrinfo +is dynamically allocated: the +.Li addrinfo +structures themselves as well as the socket address structures and +the canonical host name strings included in the +.Li addrinfo +structures. +.Pp +Memory allocated for the dynamically allocated structures created by +a successful call to +.Fn getaddrinfo +is released by the +.Fn freeaddrinfo +function. +The +.Fa ai +pointer should be an +.Li addrinfo +structure created by a call to +.Fn getaddrinfo . +.Sh RETURN VALUES +.Fn getaddrinfo +returns zero on success or one of the error codes listed in +.Xr gai_strerror 3 +if an error occurs. +If an error occurs, no memory is allocated by +.Fn getaddrinfo , +therefore it is not necessary to release the +.Li addrinfo +structure(s). .Sh EXAMPLES The following code tries to connect to .Dq Li www.kame.net service -.Dq Li http . -via stream socket. -It loops through all the addresses available, regardless from address family. -If the destination resolves to IPv4 address, it will use +.Dq Li www +via a stream socket. +It loops through all the addresses available, regardless of address family. +If the destination resolves to an IPv4 address, it will use an .Dv AF_INET socket. -Similarly, if it resolves to IPv6, +Similarly, if it resolves to IPv6, an .Dv AF_INET6 socket is used. -Observe that there is no hardcoded reference to particular address family. +Observe that there is no hardcoded reference to a particular address family. The code works even if -.Nm getaddrinfo +.Fn getaddrinfo returns addresses that are not IPv4/v6. .Bd -literal -offset indent struct addrinfo hints, *res, *res0; int error; +int save_errno; int s; const char *cause = NULL; memset(&hints, 0, sizeof(hints)); -hints.ai_family = PF_UNSPEC; +hints.ai_family = AF_UNSPEC; hints.ai_socktype = SOCK_STREAM; -error = getaddrinfo("www.kame.net", "http", &hints, &res0); -if (error) { +error = getaddrinfo("www.kame.net", "www", &hints, &res0); +if (error) errx(1, "%s", gai_strerror(error)); - /*NOTREACHED*/ -} s = -1; for (res = res0; res; res = res->ai_next) { s = socket(res->ai_family, res->ai_socktype, res->ai_protocol); - if (s < 0) { + if (s == -1) { cause = "socket"; continue; } - if (connect(s, res->ai_addr, res->ai_addrlen) < 0) { + if (connect(s, res->ai_addr, res->ai_addrlen) == -1) { cause = "connect"; + save_errno = errno; close(s); + errno = save_errno; s = -1; continue; } break; /* okay we got one */ } -if (s < 0) { - err(1, cause); - /*NOTREACHED*/ -} +if (s == -1) + err(1, "%s", cause); freeaddrinfo(res0); .Ed .Pp The following example tries to open a wildcard listening socket onto service -.Dq Li http , +.Dq Li www , for all the address families available. .Bd -literal -offset indent struct addrinfo hints, *res, *res0; int error; +int save_errno; int s[MAXSOCK]; int nsock; const char *cause = NULL; memset(&hints, 0, sizeof(hints)); -hints.ai_family = PF_UNSPEC; +hints.ai_family = AF_UNSPEC; hints.ai_socktype = SOCK_STREAM; hints.ai_flags = AI_PASSIVE; -error = getaddrinfo(NULL, "http", &hints, &res0); -if (error) { +error = getaddrinfo(NULL, "www", &hints, &res0); +if (error) errx(1, "%s", gai_strerror(error)); - /*NOTREACHED*/ -} nsock = 0; for (res = res0; res && nsock < MAXSOCK; res = res->ai_next) { s[nsock] = socket(res->ai_family, res->ai_socktype, res->ai_protocol); - if (s[nsock] < 0) { + if (s[nsock] == -1) { cause = "socket"; continue; } - if (bind(s[nsock], res->ai_addr, res->ai_addrlen) < 0) { + if (bind(s[nsock], res->ai_addr, res->ai_addrlen) == -1) { cause = "bind"; + save_errno = errno; close(s[nsock]); + errno = save_errno; continue; } (void) listen(s[nsock], 5); nsock++; } -if (nsock == 0) { - err(1, cause); - /*NOTREACHED*/ -} +if (nsock == 0) + err(1, "%s", cause); freeaddrinfo(res0); .Ed -.\" -.Sh DIAGNOSTICS -Error return status from -.Fn getaddrinfo -is zero on success and non-zero on errors. -Non-zero error codes are defined in -.Aq Pa netdb.h , -and as follows: -.Pp -.Bl -tag -width EAI_ADDRFAMILY -compact -.It Dv EAI_ADDRFAMILY -Address family for -.Fa nodename -not supported. -.It Dv EAI_AGAIN -Temporary failure in name resolution. -.It Dv EAI_BADFLAGS -Invalid value for -.Fa ai_flags . -.It Dv EAI_FAIL -Non-recoverable failure in name resolution. -.It Dv EAI_FAMILY -.Fa ai_family -not supported. -.It Dv EAI_MEMORY -Memory allocation failure. -.It Dv EAI_NODATA -No address associated with -.Fa nodename . -.It Dv EAI_NONAME -.Fa nodename -nor -.Fa servname -provided, or not known. -.It Dv EAI_SERVICE -.Fa servname -not supported for -.Fa ai_socktype . -.It Dv EAI_SOCKTYPE -.Fa ai_socktype -not supported. -.It Dv EAI_SYSTEM -System error returned in -.Va errno . -.El -.Pp -If called with proper argument, -.Fn gai_strerror -returns a pointer to a string describing the given error code. -If the argument is not one of the -.Dv EAI_xxx -values, the function still returns a pointer to a string whose contents -indicate an unknown error. -.\" .Sh SEE ALSO -.Xr getnameinfo 3 , +.Xr bind 2 , +.Xr connect 2 , +.Xr send 2 , +.Xr socket 2 , +.Xr gai_strerror 3 , .Xr gethostbyname 3 , +.Xr getnameinfo 3 , .Xr getservbyname 3 , +.Xr resolver 3 , .Xr hosts 5 , .Xr resolv.conf 5 , .Xr services 5 , -.Xr hostname 7 , -.Xr named 8 +.Xr hostname 7 +.Rs +.%A Craig Metz +.%B Proceedings of the Freenix Track: 2000 USENIX Annual Technical Conference +.%D June 2000 +.%T Protocol Independence Using the Sockets API +.Re +.Sh STANDARDS +The +.Fn getaddrinfo +function is defined by the +.St -p1003.1g-2000 +draft specification and documented in RFC 3493. +.Pp +The +.Dv AI_FQDN +flag bit first appeared in Windows 7. +.Pp .Rs .%A R. Gilligan .%A S. Thomson .%A J. Bound +.%A J. McCann .%A W. Stevens +.%D February 2003 +.%R RFC 3493 .%T Basic Socket Interface Extensions for IPv6 -.%R RFC2553 -.%D March 1999 .Re +.Pp .Rs -.%A Tatsuya Jinmei -.%A Atsushi Onoe -.%T "An Extension of Format for IPv6 Scoped Addresses" -.%R internet draft -.%N draft-ietf-ipngwg-scopedaddr-format-02.txt -.%O work in progress material +.%A S. Deering +.%A B. Haberman +.%A T. Jinmei +.%A E. Nordmark +.%A B. Zill +.%D March 2005 +.%R RFC 4007 +.%T IPv6 Scoped Address Architecture .Re -.Rs -.%A Craig Metz -.%T Protocol Independence Using the Sockets API -.%B "Proceedings of the freenix track: 2000 USENIX annual technical conference" -.%D June 2000 -.Re -.\" -.Sh HISTORY -The implementation first appeared in WIDE Hydrangea IPv6 protocol stack kit. -.\" -.Sh STANDARDS -The -.Fn getaddrinfo -function is defined in IEEE POSIX 1003.1g draft specification, -and documented in -.Dq Basic Socket Interface Extensions for IPv6 -.Pq RFC2553 . -.\" -.Sh BUGS -The current implementation is not thread-safe. -.Pp -The text was shamelessly copied from RFC2553. diff --git a/src/lib/libc/net/getaddrinfo.c b/src/lib/libc/net/getaddrinfo.c deleted file mode 100644 index 915286a404b..00000000000 --- a/src/lib/libc/net/getaddrinfo.c +++ /dev/null @@ -1,1848 +0,0 @@ -/* $OpenBSD: getaddrinfo.c,v 1.43 2002/08/27 08:53:13 itojun Exp $ */ -/* $KAME: getaddrinfo.c,v 1.31 2000/08/31 17:36:43 itojun Exp $ */ - -/* - * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the project nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* - * Issues to be discussed: - * - Thread safe-ness must be checked. - * - Return values. There are nonstandard return values defined and used - * in the source code. This is because RFC2553 is silent about which error - * code must be returned for which situation. - * - IPv4 classful (shortened) form. RFC2553 is silent about it. XNET 5.2 - * says to use inet_aton() to convert IPv4 numeric to binary (alows - * classful form as a result). - * current code - disallow classful form for IPv4 (due to use of inet_pton). - * - freeaddrinfo(NULL). RFC2553 is silent about it. XNET 5.2 says it is - * invalid. - * current code - SEGV on freeaddrinfo(NULL) - * Note: - * - We use getipnodebyname() just for thread-safeness. There's no intent - * to let it do PF_UNSPEC (actually we never pass PF_UNSPEC to - * getipnodebyname(). - * - The code filters out AFs that are not supported by the kernel, - * when globbing NULL hostname (to loopback, or wildcard). Is it the right - * thing to do? What is the relationship with post-RFC2553 AI_ADDRCONFIG - * in ai_flags? - * - (post-2553) semantics of AI_ADDRCONFIG itself is too vague. - * (1) what should we do against numeric hostname (2) what should we do - * against NULL hostname (3) what is AI_ADDRCONFIG itself. AF not ready? - * non-loopback address configured? global address configured? - * - To avoid search order issue, we have a big amount of code duplicate - * from gethnamaddr.c and some other places. The issues that there's no - * lower layer function to lookup "IPv4 or IPv6" record. Calling - * gethostbyname2 from getaddrinfo will end up in wrong search order, as - * follows: - * - The code makes use of following calls when asked to resolver with - * ai_family = PF_UNSPEC: - * getipnodebyname(host, AF_INET6); - * getipnodebyname(host, AF_INET); - * This will result in the following queries if the node is configure to - * prefer /etc/hosts than DNS: - * lookup /etc/hosts for IPv6 address - * lookup DNS for IPv6 address - * lookup /etc/hosts for IPv4 address - * lookup DNS for IPv4 address - * which may not meet people's requirement. - * The right thing to happen is to have underlying layer which does - * PF_UNSPEC lookup (lookup both) and return chain of addrinfos. - * This would result in a bit of code duplicate with _dns_ghbyname() and - * friends. - */ - -#ifndef INET6 -#define INET6 -#endif - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include - -#ifdef YP -#include -#include -#include -#include "ypinternal.h" -#endif - -#include "thread_private.h" - -#define SUCCESS 0 -#define ANY 0 -#define YES 1 -#define NO 0 - -static const char in_addrany[] = { 0, 0, 0, 0 }; -static const char in6_addrany[] = { - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 -}; -static const char in_loopback[] = { 127, 0, 0, 1 }; -static const char in6_loopback[] = { - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1 -}; - -static const struct afd { - int a_af; - int a_addrlen; - int a_socklen; - int a_off; - const char *a_addrany; - const char *a_loopback; - int a_scoped; -} afdl [] = { -#ifdef INET6 - {PF_INET6, sizeof(struct in6_addr), - sizeof(struct sockaddr_in6), - offsetof(struct sockaddr_in6, sin6_addr), - in6_addrany, in6_loopback, 1}, -#endif - {PF_INET, sizeof(struct in_addr), - sizeof(struct sockaddr_in), - offsetof(struct sockaddr_in, sin_addr), - in_addrany, in_loopback, 0}, - {0, 0, 0, 0, NULL, NULL, 0}, -}; - -struct explore { - int e_af; - int e_socktype; - int e_protocol; - const char *e_protostr; - int e_wild; -#define WILD_AF(ex) ((ex)->e_wild & 0x01) -#define WILD_SOCKTYPE(ex) ((ex)->e_wild & 0x02) -#define WILD_PROTOCOL(ex) ((ex)->e_wild & 0x04) -}; - -static const struct explore explore[] = { -#if 0 - { PF_LOCAL, 0, ANY, ANY, NULL, 0x01 }, -#endif -#ifdef INET6 - { PF_INET6, SOCK_DGRAM, IPPROTO_UDP, "udp", 0x07 }, - { PF_INET6, SOCK_STREAM, IPPROTO_TCP, "tcp", 0x07 }, - { PF_INET6, SOCK_RAW, ANY, NULL, 0x05 }, -#endif - { PF_INET, SOCK_DGRAM, IPPROTO_UDP, "udp", 0x07 }, - { PF_INET, SOCK_STREAM, IPPROTO_TCP, "tcp", 0x07 }, - { PF_INET, SOCK_RAW, ANY, NULL, 0x05 }, - { PF_UNSPEC, SOCK_DGRAM, IPPROTO_UDP, "udp", 0x07 }, - { PF_UNSPEC, SOCK_STREAM, IPPROTO_TCP, "tcp", 0x07 }, - { PF_UNSPEC, SOCK_RAW, ANY, NULL, 0x05 }, - { -1, 0, 0, NULL, 0 }, -}; - -#ifdef INET6 -#define PTON_MAX 16 -#else -#define PTON_MAX 4 -#endif - -#define MAXPACKET (64*1024) - -typedef union { - HEADER hdr; - u_char buf[MAXPACKET]; -} querybuf; - -struct res_target { - struct res_target *next; - const char *name; /* domain name */ - int qclass, qtype; /* class and type of query */ - u_char *answer; /* buffer to put answer */ - int anslen; /* size of answer buffer */ - int n; /* result length */ -}; - -static int str_isnumber(const char *); -static int explore_fqdn(const struct addrinfo *, const char *, - const char *, struct addrinfo **); -static int explore_null(const struct addrinfo *, - const char *, struct addrinfo **); -static int explore_numeric(const struct addrinfo *, const char *, - const char *, struct addrinfo **); -static int explore_numeric_scope(const struct addrinfo *, const char *, - const char *, struct addrinfo **); -static int get_canonname(const struct addrinfo *, - struct addrinfo *, const char *); -static struct addrinfo *get_ai(const struct addrinfo *, - const struct afd *, const char *); -static int get_portmatch(const struct addrinfo *, const char *); -static int get_port(struct addrinfo *, const char *, int); -static const struct afd *find_afd(int); -#if 0 -static int addrconfig(const struct addrinfo *); -#endif -#ifdef INET6 -static int ip6_str2scopeid(char *, struct sockaddr_in6 *, u_int32_t *); -#endif - -static void _sethtent(void); -static void _endhtent(void); -static struct addrinfo * _gethtent(const char *, const struct addrinfo *); -static struct addrinfo *_files_getaddrinfo(const char *, - const struct addrinfo *); - -#ifdef YP -static struct addrinfo *_yphostent(char *, const struct addrinfo *); -static struct addrinfo *_yp_getaddrinfo(const char *, - const struct addrinfo *); -#endif - -static struct addrinfo *getanswer(const querybuf *, int, const char *, int, - const struct addrinfo *); -static int res_queryN(const char *, struct res_target *); -static int res_searchN(const char *, struct res_target *); -static int res_querydomainN(const char *, const char *, struct res_target *); -static struct addrinfo *_dns_getaddrinfo(const char *, const struct addrinfo *); - - -/* XXX macros that make external reference is BAD. */ - -#define GET_AI(ai, afd, addr) \ -do { \ - /* external reference: pai, error, and label free */ \ - (ai) = get_ai(pai, (afd), (addr)); \ - if ((ai) == NULL) { \ - error = EAI_MEMORY; \ - goto free; \ - } \ -} while (/*CONSTCOND*/0) - -#define GET_PORT(ai, serv) \ -do { \ - /* external reference: error and label free */ \ - error = get_port((ai), (serv), 0); \ - if (error != 0) \ - goto free; \ -} while (/*CONSTCOND*/0) - -#define GET_CANONNAME(ai, str) \ -do { \ - /* external reference: pai, error and label free */ \ - error = get_canonname(pai, (ai), (str)); \ - if (error != 0) \ - goto free; \ -} while (/*CONSTCOND*/0) - -#define ERR(err) \ -do { \ - /* external reference: error, and label bad */ \ - error = (err); \ - goto bad; \ - /*NOTREACHED*/ \ -} while (/*CONSTCOND*/0) - -#define MATCH_FAMILY(x, y, w) \ - ((x) == (y) || (/*CONSTCOND*/(w) && ((x) == PF_UNSPEC || (y) == PF_UNSPEC))) -#define MATCH(x, y, w) \ - ((x) == (y) || (/*CONSTCOND*/(w) && ((x) == ANY || (y) == ANY))) - -static int -str_isnumber(p) - const char *p; -{ - char *ep; - - if (*p == '\0') - return NO; - ep = NULL; - errno = 0; - (void)strtoul(p, &ep, 10); - if (errno == 0 && ep && *ep == '\0') - return YES; - else - return NO; -} - -int -getaddrinfo(hostname, servname, hints, res) - const char *hostname, *servname; - const struct addrinfo *hints; - struct addrinfo **res; -{ - struct addrinfo sentinel; - struct addrinfo *cur; - int error = 0; - struct addrinfo ai; - struct addrinfo ai0; - struct addrinfo *pai; - const struct explore *ex; - - memset(&sentinel, 0, sizeof(sentinel)); - cur = &sentinel; - pai = &ai; - pai->ai_flags = 0; - pai->ai_family = PF_UNSPEC; - pai->ai_socktype = ANY; - pai->ai_protocol = ANY; - pai->ai_addrlen = 0; - pai->ai_canonname = NULL; - pai->ai_addr = NULL; - pai->ai_next = NULL; - - if (hostname == NULL && servname == NULL) - return EAI_NONAME; - if (hints) { - /* error check for hints */ - if (hints->ai_addrlen || hints->ai_canonname || - hints->ai_addr || hints->ai_next) - ERR(EAI_BADHINTS); /* xxx */ - if (hints->ai_flags & ~AI_MASK) - ERR(EAI_BADFLAGS); - switch (hints->ai_family) { - case PF_UNSPEC: - case PF_INET: -#ifdef INET6 - case PF_INET6: -#endif - break; - default: - ERR(EAI_FAMILY); - } - memcpy(pai, hints, sizeof(*pai)); - - /* - * if both socktype/protocol are specified, check if they - * are meaningful combination. - */ - if (pai->ai_socktype != ANY && pai->ai_protocol != ANY) { - for (ex = explore; ex->e_af >= 0; ex++) { - if (pai->ai_family != ex->e_af) - continue; - if (ex->e_socktype == ANY) - continue; - if (ex->e_protocol == ANY) - continue; - if (pai->ai_socktype == ex->e_socktype - && pai->ai_protocol != ex->e_protocol) { - ERR(EAI_BADHINTS); - } - } - } - } - - /* - * check for special cases. (1) numeric servname is disallowed if - * socktype/protocol are left unspecified. (2) servname is disallowed - * for raw and other inet{,6} sockets. - */ - if (MATCH_FAMILY(pai->ai_family, PF_INET, 1) -#ifdef PF_INET6 - || MATCH_FAMILY(pai->ai_family, PF_INET6, 1) -#endif - ) { - ai0 = *pai; /* backup *pai */ - - if (pai->ai_family == PF_UNSPEC) { -#ifdef PF_INET6 - pai->ai_family = PF_INET6; -#else - pai->ai_family = PF_INET; -#endif - } - error = get_portmatch(pai, servname); - if (error) - ERR(error); - - *pai = ai0; - } - - ai0 = *pai; - - /* NULL hostname, or numeric hostname */ - for (ex = explore; ex->e_af >= 0; ex++) { - *pai = ai0; - - /* PF_UNSPEC entries are prepared for DNS queries only */ - if (ex->e_af == PF_UNSPEC) - continue; - - if (!MATCH_FAMILY(pai->ai_family, ex->e_af, WILD_AF(ex))) - continue; - if (!MATCH(pai->ai_socktype, ex->e_socktype, WILD_SOCKTYPE(ex))) - continue; - if (!MATCH(pai->ai_protocol, ex->e_protocol, WILD_PROTOCOL(ex))) - continue; - - if (pai->ai_family == PF_UNSPEC) - pai->ai_family = ex->e_af; - if (pai->ai_socktype == ANY && ex->e_socktype != ANY) - pai->ai_socktype = ex->e_socktype; - if (pai->ai_protocol == ANY && ex->e_protocol != ANY) - pai->ai_protocol = ex->e_protocol; - - if (hostname == NULL) - error = explore_null(pai, servname, &cur->ai_next); - else - error = explore_numeric_scope(pai, hostname, servname, &cur->ai_next); - - if (error) - goto free; - - while (cur && cur->ai_next) - cur = cur->ai_next; - } - - /* - * XXX - * If numreic representation of AF1 can be interpreted as FQDN - * representation of AF2, we need to think again about the code below. - */ - if (sentinel.ai_next) - goto good; - - if (pai->ai_flags & AI_NUMERICHOST) - ERR(EAI_NODATA); - if (hostname == NULL) - ERR(EAI_NODATA); - - /* - * hostname as alphabetical name. - * we would like to prefer AF_INET6 than AF_INET, so we'll make a - * outer loop by AFs. - */ - for (ex = explore; ex->e_af >= 0; ex++) { - *pai = ai0; - - /* require exact match for family field */ - if (pai->ai_family != ex->e_af) - continue; - - if (!MATCH(pai->ai_socktype, ex->e_socktype, - WILD_SOCKTYPE(ex))) { - continue; - } - if (!MATCH(pai->ai_protocol, ex->e_protocol, - WILD_PROTOCOL(ex))) { - continue; - } - - if (pai->ai_socktype == ANY && ex->e_socktype != ANY) - pai->ai_socktype = ex->e_socktype; - if (pai->ai_protocol == ANY && ex->e_protocol != ANY) - pai->ai_protocol = ex->e_protocol; - - error = explore_fqdn(pai, hostname, servname, - &cur->ai_next); - - while (cur && cur->ai_next) - cur = cur->ai_next; - } - - /* XXX */ - if (sentinel.ai_next) - error = 0; - - if (error) - goto free; - if (error == 0) { - if (sentinel.ai_next) { - good: - *res = sentinel.ai_next; - return SUCCESS; - } else - error = EAI_FAIL; - } - free: - bad: - if (sentinel.ai_next) - freeaddrinfo(sentinel.ai_next); - *res = NULL; - return error; -} - -/* - * FQDN hostname, DNS lookup - */ - -_THREAD_PRIVATE_MUTEX(getaddrinfo_explore_fqdn); - -static int -explore_fqdn(pai, hostname, servname, res) - const struct addrinfo *pai; - const char *hostname; - const char *servname; - struct addrinfo **res; -{ - struct addrinfo *result; - struct addrinfo *cur; - int error = 0; - char lookups[MAXDNSLUS]; - int i; - - _THREAD_PRIVATE_MUTEX_LOCK(getaddrinfo_explore_fqdn); - - result = NULL; - -#if 0 - /* - * If AI_ADDRCONFIG is specified, check if we are expected to - * return the address family or not. - * XXX does not handle PF_UNSPEC case, should filter final result - */ - if ((pai->ai_flags & AI_ADDRCONFIG) != 0 && !addrconfig(pai)) { - _THREAD_PRIVATE_MUTEX_UNLOCK(getaddrinfo_explore_fqdn); - return 0; - } -#endif - - /* - * if the servname does not match socktype/protocol, ignore it. - */ - if (get_portmatch(pai, servname) != 0) { - _THREAD_PRIVATE_MUTEX_UNLOCK(getaddrinfo_explore_fqdn); - return 0; - } - - if ((_res.options & RES_INIT) == 0 && res_init() == -1) - strlcpy(lookups, "f", sizeof lookups); - else { - bcopy(_res.lookups, lookups, sizeof lookups); - if (lookups[0] == '\0') - strlcpy(lookups, "bf", sizeof lookups); - } - - for (i = 0; i < MAXDNSLUS && result == NULL && lookups[i]; i++) { - switch (lookups[i]) { -#ifdef YP - case 'y': - result = _yp_getaddrinfo(hostname, pai); - break; -#endif - case 'b': - result = _dns_getaddrinfo(hostname, pai); - break; - case 'f': - result = _files_getaddrinfo(hostname, pai); - break; - } - } - if (result) { - for (cur = result; cur; cur = cur->ai_next) { - GET_PORT(cur, servname); - /* canonname should be filled already */ - } - *res = result; - _THREAD_PRIVATE_MUTEX_UNLOCK(getaddrinfo_explore_fqdn); - return 0; - } else { - /* translate error code */ - switch (h_errno) { - case NETDB_SUCCESS: - error = EAI_FAIL; /*XXX strange */ - break; - case HOST_NOT_FOUND: - error = EAI_NODATA; - break; - case TRY_AGAIN: - error = EAI_AGAIN; - break; - case NO_RECOVERY: - error = EAI_FAIL; - break; - case NO_DATA: -#if NO_ADDRESS != NO_DATA - case NO_ADDRESS: -#endif - error = EAI_NODATA; - break; - default: /* unknown ones */ - error = EAI_FAIL; - break; - } - } - -free: - if (result) - freeaddrinfo(result); - _THREAD_PRIVATE_MUTEX_UNLOCK(getaddrinfo_explore_fqdn); - return error; -} - -/* - * hostname == NULL. - * passive socket -> anyaddr (0.0.0.0 or ::) - * non-passive socket -> localhost (127.0.0.1 or ::1) - */ -static int -explore_null(pai, servname, res) - const struct addrinfo *pai; - const char *servname; - struct addrinfo **res; -{ - int s; - const struct afd *afd; - struct addrinfo *cur; - struct addrinfo sentinel; - int error; - - *res = NULL; - sentinel.ai_next = NULL; - cur = &sentinel; - - /* - * filter out AFs that are not supported by the kernel - * XXX errno? - */ - s = socket(pai->ai_family, SOCK_DGRAM, 0); - if (s < 0) { - if (errno != EMFILE) - return 0; - } else - close(s); - - /* - * if the servname does not match socktype/protocol, ignore it. - */ - if (get_portmatch(pai, servname) != 0) - return 0; - - afd = find_afd(pai->ai_family); - if (afd == NULL) - return 0; - - if (pai->ai_flags & AI_PASSIVE) { - GET_AI(cur->ai_next, afd, afd->a_addrany); - /* xxx meaningless? - * GET_CANONNAME(cur->ai_next, "anyaddr"); - */ - GET_PORT(cur->ai_next, servname); - } else { - GET_AI(cur->ai_next, afd, afd->a_loopback); - /* xxx meaningless? - * GET_CANONNAME(cur->ai_next, "localhost"); - */ - GET_PORT(cur->ai_next, servname); - } - cur = cur->ai_next; - - *res = sentinel.ai_next; - return 0; - -free: - if (sentinel.ai_next) - freeaddrinfo(sentinel.ai_next); - return error; -} - -/* - * numeric hostname - */ -static int -explore_numeric(pai, hostname, servname, res) - const struct addrinfo *pai; - const char *hostname; - const char *servname; - struct addrinfo **res; -{ - const struct afd *afd; - struct addrinfo *cur; - struct addrinfo sentinel; - int error; - char pton[PTON_MAX]; - - *res = NULL; - sentinel.ai_next = NULL; - cur = &sentinel; - - /* - * if the servname does not match socktype/protocol, ignore it. - */ - if (get_portmatch(pai, servname) != 0) - return 0; - - afd = find_afd(pai->ai_family); - if (afd == NULL) - return 0; - - switch (afd->a_af) { -#if 0 /*X/Open spec*/ - case AF_INET: - if (inet_aton(hostname, (struct in_addr *)pton) == 1) { - if (pai->ai_family == afd->a_af || - pai->ai_family == PF_UNSPEC /*?*/) { - GET_AI(cur->ai_next, afd, pton); - GET_PORT(cur->ai_next, servname); - while (cur && cur->ai_next) - cur = cur->ai_next; - } else - ERR(EAI_FAMILY); /*xxx*/ - } - break; -#endif - default: - if (inet_pton(afd->a_af, hostname, pton) == 1) { - if (pai->ai_family == afd->a_af || - pai->ai_family == PF_UNSPEC /*?*/) { - GET_AI(cur->ai_next, afd, pton); - GET_PORT(cur->ai_next, servname); - while (cur && cur->ai_next) - cur = cur->ai_next; - } else - ERR(EAI_FAMILY); /*xxx*/ - } - break; - } - - *res = sentinel.ai_next; - return 0; - -free: -bad: - if (sentinel.ai_next) - freeaddrinfo(sentinel.ai_next); - return error; -} - -/* - * numeric hostname with scope - */ -static int -explore_numeric_scope(pai, hostname, servname, res) - const struct addrinfo *pai; - const char *hostname; - const char *servname; - struct addrinfo **res; -{ -#if !defined(SCOPE_DELIMITER) || !defined(INET6) - return explore_numeric(pai, hostname, servname, res); -#else - const struct afd *afd; - struct addrinfo *cur; - int error; - char *cp, *hostname2 = NULL, *scope, *addr; - struct sockaddr_in6 *sin6; - - /* - * if the servname does not match socktype/protocol, ignore it. - */ - if (get_portmatch(pai, servname) != 0) - return 0; - - afd = find_afd(pai->ai_family); - if (afd == NULL) - return 0; - - if (!afd->a_scoped) - return explore_numeric(pai, hostname, servname, res); - - cp = strchr(hostname, SCOPE_DELIMITER); - if (cp == NULL) - return explore_numeric(pai, hostname, servname, res); - - /* - * Handle special case of - */ - hostname2 = strdup(hostname); - if (hostname2 == NULL) - return EAI_MEMORY; - /* terminate at the delimiter */ - hostname2[cp - hostname] = '\0'; - addr = hostname2; - scope = cp + 1; - - error = explore_numeric(pai, addr, servname, res); - if (error == 0) { - u_int32_t scopeid; - - for (cur = *res; cur; cur = cur->ai_next) { - if (cur->ai_family != AF_INET6) - continue; - sin6 = (struct sockaddr_in6 *)(void *)cur->ai_addr; - if (ip6_str2scopeid(scope, sin6, &scopeid) == -1) { - free(hostname2); - return(EAI_NODATA); /* XXX: is return OK? */ - } - sin6->sin6_scope_id = scopeid; - } - } - - free(hostname2); - - return error; -#endif -} - -static int -get_canonname(pai, ai, str) - const struct addrinfo *pai; - struct addrinfo *ai; - const char *str; -{ - if ((pai->ai_flags & AI_CANONNAME) != 0) { - ai->ai_canonname = strdup(str); - if (ai->ai_canonname == NULL) - return EAI_MEMORY; - } - return 0; -} - -static struct addrinfo * -get_ai(pai, afd, addr) - const struct addrinfo *pai; - const struct afd *afd; - const char *addr; -{ - char *p; - struct addrinfo *ai; - - ai = (struct addrinfo *)malloc(sizeof(struct addrinfo) - + (afd->a_socklen)); - if (ai == NULL) - return NULL; - - memcpy(ai, pai, sizeof(struct addrinfo)); - ai->ai_addr = (struct sockaddr *)(void *)(ai + 1); - memset(ai->ai_addr, 0, (size_t)afd->a_socklen); - ai->ai_addr->sa_len = afd->a_socklen; - ai->ai_addrlen = afd->a_socklen; - ai->ai_addr->sa_family = ai->ai_family = afd->a_af; - p = (char *)(void *)(ai->ai_addr); - memcpy(p + afd->a_off, addr, (size_t)afd->a_addrlen); - return ai; -} - -static int -get_portmatch(ai, servname) - const struct addrinfo *ai; - const char *servname; -{ - - /* get_port does not touch first argument. when matchonly == 1. */ - /* LINTED const cast */ - return get_port((struct addrinfo *)ai, servname, 1); -} - -static int -get_port(ai, servname, matchonly) - struct addrinfo *ai; - const char *servname; - int matchonly; -{ - const char *proto; - struct servent *sp; - int port; - int allownumeric; - - if (servname == NULL) - return 0; - switch (ai->ai_family) { - case AF_INET: -#ifdef AF_INET6 - case AF_INET6: -#endif - break; - default: - return 0; - } - - switch (ai->ai_socktype) { - case SOCK_RAW: - return EAI_SERVICE; - case SOCK_DGRAM: - case SOCK_STREAM: - allownumeric = 1; - break; - case ANY: - allownumeric = 0; - break; - default: - return EAI_SOCKTYPE; - } - - if (str_isnumber(servname)) { - if (!allownumeric) - return EAI_SERVICE; - port = atoi(servname); - if (port < 0 || port > 65535) - return EAI_SERVICE; - port = htons(port); - } else { - switch (ai->ai_socktype) { - case SOCK_DGRAM: - proto = "udp"; - break; - case SOCK_STREAM: - proto = "tcp"; - break; - default: - proto = NULL; - break; - } - - if ((sp = getservbyname(servname, proto)) == NULL) - return EAI_SERVICE; - port = sp->s_port; - } - - if (!matchonly) { - switch (ai->ai_family) { - case AF_INET: - ((struct sockaddr_in *)(void *) - ai->ai_addr)->sin_port = port; - break; -#ifdef INET6 - case AF_INET6: - ((struct sockaddr_in6 *)(void *) - ai->ai_addr)->sin6_port = port; - break; -#endif - } - } - - return 0; -} - -static const struct afd * -find_afd(af) - int af; -{ - const struct afd *afd; - - if (af == PF_UNSPEC) - return NULL; - for (afd = afdl; afd->a_af; afd++) { - if (afd->a_af == af) - return afd; - } - return NULL; -} - -#if 0 -/* - * post-2553: AI_ADDRCONFIG check. if we use getipnodeby* as backend, backend - * will take care of it. - * the semantics of AI_ADDRCONFIG is not defined well. we are not sure - * if the code is right or not. - */ -static int -addrconfig(pai) - const struct addrinfo *pai; -{ - int s; - - /* XXX errno */ - s = socket(pai->ai_family, SOCK_DGRAM, 0); - if (s < 0) - return 0; - close(s); - return 1; -} -#endif - -#ifdef INET6 -/* convert a string to a scope identifier. XXX: IPv6 specific */ -static int -ip6_str2scopeid(scope, sin6, scopeid) - char *scope; - struct sockaddr_in6 *sin6; - u_int32_t *scopeid; -{ - u_long lscopeid; - struct in6_addr *a6 = &sin6->sin6_addr; - char *ep; - - /* empty scopeid portion is invalid */ - if (*scope == '\0') - return -1; - - if (IN6_IS_ADDR_LINKLOCAL(a6) || IN6_IS_ADDR_MC_LINKLOCAL(a6)) { - /* - * We currently assume a one-to-one mapping between links - * and interfaces, so we simply use interface indices for - * like-local scopes. - */ - *scopeid = if_nametoindex(scope); - if (*scopeid == 0) - goto trynumeric; - return 0; - } - - /* still unclear about literal, allow numeric only - placeholder */ - if (IN6_IS_ADDR_SITELOCAL(a6) || IN6_IS_ADDR_MC_SITELOCAL(a6)) - goto trynumeric; - if (IN6_IS_ADDR_MC_ORGLOCAL(a6)) - goto trynumeric; - else - goto trynumeric; /* global */ - - /* try to convert to a numeric id as a last resort */ - trynumeric: - errno = 0; - lscopeid = strtoul(scope, &ep, 10); - *scopeid = (u_int32_t)(lscopeid & 0xffffffffUL); - if (errno == 0 && ep && *ep == '\0' && *scopeid == lscopeid) - return 0; - else - return -1; -} -#endif - -/* code duplicate with gethnamaddr.c */ - -static const char AskedForGot[] = - "gethostby*.getanswer: asked for \"%s\", got \"%s\""; -static FILE *hostf = NULL; - -static struct addrinfo * -getanswer(answer, anslen, qname, qtype, pai) - const querybuf *answer; - int anslen; - const char *qname; - int qtype; - const struct addrinfo *pai; -{ - struct addrinfo sentinel, *cur; - struct addrinfo ai; - const struct afd *afd; - char *canonname; - const HEADER *hp; - const u_char *cp; - int n; - const u_char *eom; - char *bp, *ep; - int type, class, ancount, qdcount; - int haveanswer, had_error; - char tbuf[MAXDNAME]; - int (*name_ok)(const char *); - char hostbuf[8*1024]; - - memset(&sentinel, 0, sizeof(sentinel)); - cur = &sentinel; - - canonname = NULL; - eom = answer->buf + anslen; - switch (qtype) { - case T_A: - case T_AAAA: - case T_ANY: /*use T_ANY only for T_A/T_AAAA lookup*/ - name_ok = res_hnok; - break; - default: - return (NULL); /* XXX should be abort() -- but that is illegal */ - } - /* - * find first satisfactory answer - */ - hp = &answer->hdr; - ancount = ntohs(hp->ancount); - qdcount = ntohs(hp->qdcount); - bp = hostbuf; - ep = hostbuf + sizeof hostbuf; - cp = answer->buf + HFIXEDSZ; - if (qdcount != 1) { - h_errno = NO_RECOVERY; - return (NULL); - } - n = dn_expand(answer->buf, eom, cp, bp, ep - bp); - if ((n < 0) || !(*name_ok)(bp)) { - h_errno = NO_RECOVERY; - return (NULL); - } - cp += n + QFIXEDSZ; - if (qtype == T_A || qtype == T_AAAA || qtype == T_ANY) { - /* res_send() has already verified that the query name is the - * same as the one we sent; this just gets the expanded name - * (i.e., with the succeeding search-domain tacked on). - */ - n = strlen(bp) + 1; /* for the \0 */ - if (n >= MAXHOSTNAMELEN) { - h_errno = NO_RECOVERY; - return (NULL); - } - canonname = bp; - bp += n; - /* The qname can be abbreviated, but h_name is now absolute. */ - qname = canonname; - } - haveanswer = 0; - had_error = 0; - while (ancount-- > 0 && cp < eom && !had_error) { - n = dn_expand(answer->buf, eom, cp, bp, ep - bp); - if ((n < 0) || !(*name_ok)(bp)) { - had_error++; - continue; - } - cp += n; /* name */ - type = _getshort(cp); - cp += INT16SZ; /* type */ - class = _getshort(cp); - cp += INT16SZ + INT32SZ; /* class, TTL */ - n = _getshort(cp); - cp += INT16SZ; /* len */ - if (class != C_IN) { - /* XXX - debug? syslog? */ - cp += n; - continue; /* XXX - had_error++ ? */ - } - if ((qtype == T_A || qtype == T_AAAA || qtype == T_ANY) && - type == T_CNAME) { - n = dn_expand(answer->buf, eom, cp, tbuf, sizeof tbuf); - if ((n < 0) || !(*name_ok)(tbuf)) { - had_error++; - continue; - } - cp += n; - /* Get canonical name. */ - n = strlen(tbuf) + 1; /* for the \0 */ - if (n > ep - bp || n >= MAXHOSTNAMELEN) { - had_error++; - continue; - } - strcpy(bp, tbuf); - canonname = bp; - bp += n; - continue; - } - if (qtype == T_ANY) { - if (!(type == T_A || type == T_AAAA)) { - cp += n; - continue; - } - } else if (type != qtype) { - if (type != T_KEY && type != T_SIG) - syslog(LOG_NOTICE|LOG_AUTH, - "gethostby*.getanswer: asked for \"%s %s %s\", got type \"%s\"", - qname, p_class(C_IN), p_type(qtype), - p_type(type)); - cp += n; - continue; /* XXX - had_error++ ? */ - } - switch (type) { - case T_A: - case T_AAAA: - if (strcasecmp(canonname, bp) != 0) { - syslog(LOG_NOTICE|LOG_AUTH, - AskedForGot, canonname, bp); - cp += n; - continue; /* XXX - had_error++ ? */ - } - if (type == T_A && n != INADDRSZ) { - cp += n; - continue; - } - if (type == T_AAAA && n != IN6ADDRSZ) { - cp += n; - continue; - } - if (type == T_AAAA) { - struct in6_addr in6; - memcpy(&in6, cp, IN6ADDRSZ); - if (IN6_IS_ADDR_V4MAPPED(&in6)) { - cp += n; - continue; - } - } - if (!haveanswer) { - int nn; - - canonname = bp; - nn = strlen(bp) + 1; /* for the \0 */ - bp += nn; - } - - /* don't overwrite pai */ - ai = *pai; - ai.ai_family = (type == T_A) ? AF_INET : AF_INET6; - afd = find_afd(ai.ai_family); - if (afd == NULL) { - cp += n; - continue; - } - cur->ai_next = get_ai(&ai, afd, (const char *)cp); - if (cur->ai_next == NULL) - had_error++; - while (cur && cur->ai_next) - cur = cur->ai_next; - cp += n; - break; - default: - abort(); /* XXX abort illegal in library */ - } - if (!had_error) - haveanswer++; - } - if (haveanswer) { - if (!canonname) - (void)get_canonname(pai, sentinel.ai_next, qname); - else - (void)get_canonname(pai, sentinel.ai_next, canonname); - h_errno = NETDB_SUCCESS; - return sentinel.ai_next; - } - - h_errno = NO_RECOVERY; - return NULL; -} - -/*ARGSUSED*/ -static struct addrinfo * -_dns_getaddrinfo(name, pai) - const char *name; - const struct addrinfo *pai; -{ - struct addrinfo *ai; - querybuf *buf, *buf2; - struct addrinfo sentinel, *cur; - struct res_target q, q2; - - memset(&q, 0, sizeof(q2)); - memset(&q2, 0, sizeof(q2)); - memset(&sentinel, 0, sizeof(sentinel)); - cur = &sentinel; - - buf = malloc(sizeof(*buf)); - if (buf == NULL) { - h_errno = NETDB_INTERNAL; - return NULL; - } - buf2 = malloc(sizeof(*buf2)); - if (buf2 == NULL) { - free(buf); - h_errno = NETDB_INTERNAL; - return NULL; - } - - switch (pai->ai_family) { - case AF_UNSPEC: - /* prefer IPv6 */ - q.qclass = C_IN; - q.qtype = T_AAAA; - q.answer = buf->buf; - q.anslen = sizeof(buf->buf); - q.next = &q2; - q2.qclass = C_IN; - q2.qtype = T_A; - q2.answer = buf2->buf; - q2.anslen = sizeof(buf2->buf); - break; - case AF_INET: - q.qclass = C_IN; - q.qtype = T_A; - q.answer = buf->buf; - q.anslen = sizeof(buf->buf); - break; - case AF_INET6: - q.qclass = C_IN; - q.qtype = T_AAAA; - q.answer = buf->buf; - q.anslen = sizeof(buf->buf); - break; - default: - free(buf); - free(buf2); - return NULL; - } - if (res_searchN(name, &q) < 0) { - free(buf); - free(buf2); - return NULL; - } - ai = getanswer(buf, q.n, q.name, q.qtype, pai); - if (ai) { - cur->ai_next = ai; - while (cur && cur->ai_next) - cur = cur->ai_next; - } - if (q.next) { - ai = getanswer(buf2, q2.n, q2.name, q2.qtype, pai); - if (ai) - cur->ai_next = ai; - } - free(buf); - free(buf2); - return sentinel.ai_next; -} - -static FILE *hostf; - -static void -_sethtent() -{ - if (!hostf) - hostf = fopen(_PATH_HOSTS, "r" ); - else - rewind(hostf); -} - -static void -_endhtent() -{ - if (hostf) { - (void) fclose(hostf); - hostf = NULL; - } -} - -static struct addrinfo * -_gethtent(name, pai) - const char *name; - const struct addrinfo *pai; -{ - char *p; - char *cp, *tname, *cname; - struct addrinfo hints, *res0, *res; - int error; - const char *addr; - char hostbuf[8*1024]; - - if (!hostf && !(hostf = fopen(_PATH_HOSTS, "r" ))) - return (NULL); - again: - if (!(p = fgets(hostbuf, sizeof hostbuf, hostf))) - return (NULL); - if (*p == '#') - goto again; - if (!(cp = strpbrk(p, "#\n"))) - goto again; - *cp = '\0'; - if (!(cp = strpbrk(p, " \t"))) - goto again; - *cp++ = '\0'; - addr = p; - /* if this is not something we're looking for, skip it. */ - cname = NULL; - while (cp && *cp) { - if (*cp == ' ' || *cp == '\t') { - cp++; - continue; - } - if (!cname) - cname = cp; - tname = cp; - if ((cp = strpbrk(cp, " \t")) != NULL) - *cp++ = '\0'; - if (strcasecmp(name, tname) == 0) - goto found; - } - goto again; - -found: - hints = *pai; - hints.ai_flags = AI_NUMERICHOST; - error = getaddrinfo(addr, NULL, &hints, &res0); - if (error) - goto again; - for (res = res0; res; res = res->ai_next) { - /* cover it up */ - res->ai_flags = pai->ai_flags; - - if (pai->ai_flags & AI_CANONNAME) { - if (get_canonname(pai, res, cname) != 0) { - freeaddrinfo(res0); - goto again; - } - } - } - return res0; -} - -/*ARGSUSED*/ -static struct addrinfo * -_files_getaddrinfo(name, pai) - const char *name; - const struct addrinfo *pai; -{ - struct addrinfo sentinel, *cur; - struct addrinfo *p; - - memset(&sentinel, 0, sizeof(sentinel)); - cur = &sentinel; - - _sethtent(); - while ((p = _gethtent(name, pai)) != NULL) { - cur->ai_next = p; - while (cur && cur->ai_next) - cur = cur->ai_next; - } - _endhtent(); - - return sentinel.ai_next; -} - -#ifdef YP -static char *__ypdomain; - -/*ARGSUSED*/ -static struct addrinfo * -_yphostent(line, pai) - char *line; - const struct addrinfo *pai; -{ - struct addrinfo sentinel, *cur; - struct addrinfo hints, *res, *res0; - int error; - char *p = line; - const char *addr, *canonname; - char *nextline; - char *cp; - - addr = canonname = NULL; - - memset(&sentinel, 0, sizeof(sentinel)); - cur = &sentinel; - -nextline: - /* terminate line */ - cp = strchr(p, '\n'); - if (cp) { - *cp++ = '\0'; - nextline = cp; - } else - nextline = NULL; - - cp = strpbrk(p, " \t"); - if (cp == NULL) { - if (canonname == NULL) - return (NULL); - else - goto done; - } - *cp++ = '\0'; - - addr = p; - - while (cp && *cp) { - if (*cp == ' ' || *cp == '\t') { - cp++; - continue; - } - if (!canonname) - canonname = cp; - if ((cp = strpbrk(cp, " \t")) != NULL) - *cp++ = '\0'; - } - - hints = *pai; - hints.ai_flags = AI_NUMERICHOST; - error = getaddrinfo(addr, NULL, &hints, &res0); - if (error == 0) { - for (res = res0; res; res = res->ai_next) { - /* cover it up */ - res->ai_flags = pai->ai_flags; - - if (pai->ai_flags & AI_CANONNAME) - (void)get_canonname(pai, res, canonname); - } - } else - res0 = NULL; - if (res0) { - cur->ai_next = res0; - while (cur && cur->ai_next) - cur = cur->ai_next; - } - - if (nextline) { - p = nextline; - goto nextline; - } - -done: - return sentinel.ai_next; -} - -/*ARGSUSED*/ -static struct addrinfo * -_yp_getaddrinfo(name, pai) - const char *name; - const struct addrinfo *pai; -{ - struct addrinfo sentinel, *cur; - struct addrinfo *ai = NULL; - static char *__ypcurrent; - int __ypcurrentlen, r; - - memset(&sentinel, 0, sizeof(sentinel)); - cur = &sentinel; - - if (!__ypdomain) { - if (_yp_check(&__ypdomain) == 0) - return NULL; - } - if (__ypcurrent) - free(__ypcurrent); - __ypcurrent = NULL; - - /* hosts.byname is only for IPv4 (Solaris8) */ - if (pai->ai_family == PF_UNSPEC || pai->ai_family == PF_INET) { - r = yp_match(__ypdomain, "hosts.byname", name, - (int)strlen(name), &__ypcurrent, &__ypcurrentlen); - if (r == 0) { - struct addrinfo ai4; - - ai4 = *pai; - ai4.ai_family = AF_INET; - ai = _yphostent(__ypcurrent, &ai4); - if (ai) { - cur->ai_next = ai; - while (cur && cur->ai_next) - cur = cur->ai_next; - } - } - } - - /* ipnodes.byname can hold both IPv4/v6 */ - r = yp_match(__ypdomain, "ipnodes.byname", name, - (int)strlen(name), &__ypcurrent, &__ypcurrentlen); - if (r == 0) { - ai = _yphostent(__ypcurrent, pai); - if (ai) { - cur->ai_next = ai; - while (cur && cur->ai_next) - cur = cur->ai_next; - } - } - - return sentinel.ai_next; -} -#endif - - -/* resolver logic */ - -extern const char *__hostalias(const char *); -extern int h_errno; -extern int res_opt(int, u_char *, int, int); - -/* - * Formulate a normal query, send, and await answer. - * Returned answer is placed in supplied buffer "answer". - * Perform preliminary check of answer, returning success only - * if no error is indicated and the answer count is nonzero. - * Return the size of the response on success, -1 on error. - * Error number is left in h_errno. - * - * Caller must parse answer and determine whether it answers the question. - */ -static int -res_queryN(name, target) - const char *name; /* domain name */ - struct res_target *target; -{ - u_char buf[MAXPACKET]; - HEADER *hp; - int n; - struct res_target *t; - int rcode; - int ancount; - - rcode = NOERROR; - ancount = 0; - - if ((_res.options & RES_INIT) == 0 && res_init() == -1) { - h_errno = NETDB_INTERNAL; - return (-1); - } - - for (t = target; t; t = t->next) { - int class, type; - u_char *answer; - int anslen; - - hp = (HEADER *)(void *)t->answer; - hp->rcode = NOERROR; /* default */ - - /* make it easier... */ - class = t->qclass; - type = t->qtype; - answer = t->answer; - anslen = t->anslen; -#ifdef DEBUG - if (_res.options & RES_DEBUG) - printf(";; res_query(%s, %d, %d)\n", name, class, type); -#endif - - n = res_mkquery(QUERY, name, class, type, NULL, 0, NULL, - buf, sizeof(buf)); - if (n > 0 && (_res.options & RES_USE_EDNS0) != 0) - n = res_opt(n, buf, sizeof(buf), anslen); - if (n <= 0) { -#ifdef DEBUG - if (_res.options & RES_DEBUG) - printf(";; res_query: mkquery failed\n"); -#endif - h_errno = NO_RECOVERY; - return (n); - } - n = res_send(buf, n, answer, anslen); -#if 0 - if (n < 0) { -#ifdef DEBUG - if (_res.options & RES_DEBUG) - printf(";; res_query: send error\n"); -#endif - h_errno = TRY_AGAIN; - return (n); - } -#endif - - if (n < 0 || hp->rcode != NOERROR || ntohs(hp->ancount) == 0) { - rcode = hp->rcode; /* record most recent error */ -#ifdef DEBUG - if (_res.options & RES_DEBUG) - printf(";; rcode = %u, ancount=%u\n", hp->rcode, - ntohs(hp->ancount)); -#endif - continue; - } - - ancount += ntohs(hp->ancount); - - t->n = n; - } - - if (ancount == 0) { - switch (rcode) { - case NXDOMAIN: - h_errno = HOST_NOT_FOUND; - break; - case SERVFAIL: - h_errno = TRY_AGAIN; - break; - case NOERROR: - h_errno = NO_DATA; - break; - case FORMERR: - case NOTIMP: - case REFUSED: - default: - h_errno = NO_RECOVERY; - break; - } - return (-1); - } - return (ancount); -} - -/* - * Formulate a normal query, send, and retrieve answer in supplied buffer. - * Return the size of the response on success, -1 on error. - * If enabled, implement search rules until answer or unrecoverable failure - * is detected. Error code, if any, is left in h_errno. - */ -static int -res_searchN(name, target) - const char *name; /* domain name */ - struct res_target *target; -{ - const char *cp, * const *domain; - HEADER *hp = (HEADER *)(void *)target->answer; /*XXX*/ - u_int dots; - int trailing_dot, ret, saved_herrno; - int got_nodata = 0, got_servfail = 0, tried_as_is = 0; - - if ((_res.options & RES_INIT) == 0 && res_init() == -1) { - h_errno = NETDB_INTERNAL; - return (-1); - } - - errno = 0; - h_errno = HOST_NOT_FOUND; /* default, if we never query */ - dots = 0; - for (cp = name; *cp; cp++) - dots += (*cp == '.'); - trailing_dot = 0; - if (cp > name && *--cp == '.') - trailing_dot++; - - /* - * if there aren't any dots, it could be a user-level alias - */ - if (!dots && (cp = __hostalias(name)) != NULL) - return (res_queryN(cp, target)); - - /* - * If there are dots in the name already, let's just give it a try - * 'as is'. The threshold can be set with the "ndots" option. - */ - saved_herrno = -1; - if (dots >= _res.ndots) { - ret = res_querydomainN(name, NULL, target); - if (ret > 0) - return (ret); - saved_herrno = h_errno; - tried_as_is++; - } - - /* - * We do at least one level of search if - * - there is no dot and RES_DEFNAME is set, or - * - there is at least one dot, there is no trailing dot, - * and RES_DNSRCH is set. - */ - if ((!dots && (_res.options & RES_DEFNAMES)) || - (dots && !trailing_dot && (_res.options & RES_DNSRCH))) { - int done = 0; - - for (domain = (const char * const *)_res.dnsrch; - *domain && !done; - domain++) { - - ret = res_querydomainN(name, *domain, target); - if (ret > 0) - return (ret); - - /* - * If no server present, give up. - * If name isn't found in this domain, - * keep trying higher domains in the search list - * (if that's enabled). - * On a NO_DATA error, keep trying, otherwise - * a wildcard entry of another type could keep us - * from finding this entry higher in the domain. - * If we get some other error (negative answer or - * server failure), then stop searching up, - * but try the input name below in case it's - * fully-qualified. - */ - if (errno == ECONNREFUSED) { - h_errno = TRY_AGAIN; - return (-1); - } - - switch (h_errno) { - case NO_DATA: - got_nodata++; - /* FALLTHROUGH */ - case HOST_NOT_FOUND: - /* keep trying */ - break; - case TRY_AGAIN: - if (hp->rcode == SERVFAIL) { - /* try next search element, if any */ - got_servfail++; - break; - } - /* FALLTHROUGH */ - default: - /* anything else implies that we're done */ - done++; - } - /* - * if we got here for some reason other than DNSRCH, - * we only wanted one iteration of the loop, so stop. - */ - if (!(_res.options & RES_DNSRCH)) - done++; - } - } - - /* - * if we have not already tried the name "as is", do that now. - * note that we do this regardless of how many dots were in the - * name or whether it ends with a dot. - */ - if (!tried_as_is) { - ret = res_querydomainN(name, NULL, target); - if (ret > 0) - return (ret); - } - - /* - * if we got here, we didn't satisfy the search. - * if we did an initial full query, return that query's h_errno - * (note that we wouldn't be here if that query had succeeded). - * else if we ever got a nodata, send that back as the reason. - * else send back meaningless h_errno, that being the one from - * the last DNSRCH we did. - */ - if (saved_herrno != -1) - h_errno = saved_herrno; - else if (got_nodata) - h_errno = NO_DATA; - else if (got_servfail) - h_errno = TRY_AGAIN; - return (-1); -} - -/* - * Perform a call on res_query on the concatenation of name and domain, - * removing a trailing dot from name if domain is NULL. - */ -static int -res_querydomainN(name, domain, target) - const char *name, *domain; - struct res_target *target; -{ - char nbuf[MAXDNAME]; - const char *longname = nbuf; - size_t n, d; - - if ((_res.options & RES_INIT) == 0 && res_init() == -1) { - h_errno = NETDB_INTERNAL; - return (-1); - } -#ifdef DEBUG - if (_res.options & RES_DEBUG) - printf(";; res_querydomain(%s, %s)\n", - name, domain?domain:""); -#endif - if (domain == NULL) { - /* - * Check for trailing '.'; - * copy without '.' if present. - */ - n = strlen(name); - if (n >= MAXDNAME) { - h_errno = NO_RECOVERY; - return (-1); - } - if (n > 0 && name[--n] == '.') { - strlcpy(nbuf, name, n + 1); - } else - longname = name; - } else { - n = strlen(name); - d = strlen(domain); - if (n + d + 1 >= MAXDNAME) { - h_errno = NO_RECOVERY; - return (-1); - } - snprintf(nbuf, sizeof(nbuf), "%s.%s", name, domain); - } - return (res_queryN(longname, target)); -} diff --git a/src/lib/libc/net/gethostbyname.3 b/src/lib/libc/net/gethostbyname.3 index d90ea55542c..251f363ff10 100644 --- a/src/lib/libc/net/gethostbyname.3 +++ b/src/lib/libc/net/gethostbyname.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: gethostbyname.3,v 1.17 2002/04/30 16:31:42 mpech Exp $ +.\" $OpenBSD: gethostbyname.3,v 1.33 2018/04/28 15:28:25 schwarze Exp $ .\" .\" Copyright (c) 1983, 1987, 1991, 1993 .\" The Regents of the University of California. All rights reserved. @@ -11,11 +11,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -31,7 +27,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd March 13, 1997 +.Dd $Mdocdate: April 28 2018 $ .Dt GETHOSTBYNAME 3 .Os .Sh NAME @@ -45,15 +41,11 @@ .Nm herror .Nd get network host entry .Sh SYNOPSIS -.Fd #include -.Fd extern int h_errno; +.In netdb.h +.Vt extern int h_errno ; .Ft struct hostent * .Fn gethostbyname "const char *name" .Ft struct hostent * -.Fn gethostbyname2 "const char *name" "int af" -.Ft struct hostent * -.Fn gethostbyaddr "const char *addr" "int len" "int af" -.Ft struct hostent * .Fn gethostent void .Ft void .Fn sethostent "int stayopen" @@ -63,17 +55,25 @@ .Fn herror "const char *string" .Ft const char * .Fn hstrerror "int err" +.In sys/socket.h +.In netdb.h +.Ft struct hostent * +.Fn gethostbyname2 "const char *name" "int af" +.Ft struct hostent * +.Fn gethostbyaddr "const void *addr" "socklen_t len" "int af" .Sh DESCRIPTION The -.Fn gethostbyname +.Fn gethostbyname , +.Fn gethostbyname2 , and .Fn gethostbyaddr functions each return a pointer to an object with the following structure -describing an internet host referenced by name or by address, respectively. -This structure contains either information obtained from the name server (i.e., -.Xr resolver 3 -and -.Xr named 8 ) , +describing an Internet host referenced by +.Fa name +or +.Fa addr , +respectively. +This structure contains either information obtained from a name server, broken-out fields from a line in .Pa /etc/hosts , or database entries supplied by the @@ -81,15 +81,15 @@ or database entries supplied by the system. .Xr resolv.conf 5 describes how the particular database is chosen. -.Bd -literal +.Bd -literal -offset indent struct hostent { char *h_name; /* official name of host */ char **h_aliases; /* alias list */ int h_addrtype; /* host address type */ int h_length; /* length of address */ - char **h_addr_list; /* list of addresses from name server */ + char **h_addr_list; /* list of returned addresses */ }; -#define h_addr h_addr_list[0] /* address, for backward compatibility */ +#define h_addr h_addr_list[0] /* address, for backward compat */ .Ed .Pp The members of this structure are: @@ -97,13 +97,17 @@ The members of this structure are: .It Fa h_name Official name of the host. .It Fa h_aliases -A zero-terminated array of alternate names for the host. +A +.Dv NULL Ns -terminated +array of alternate names for the host. .It Fa h_addrtype The type of address being returned. .It Fa h_length The length, in bytes, of the address. .It Fa h_addr_list -A zero-terminated array of network addresses for the host. +A +.Dv NULL Ns -terminated +array of network addresses for the host. Host addresses are returned in network byte order. .It Fa h_addr The first address in @@ -120,12 +124,14 @@ and .Xr hostname 7 . .Pp .Fn gethostbyname2 -is an advanced form of +is similar to .Fn gethostbyname -which allows lookups in address families other than -.Dv AF_INET , -for example -.Dv AF_INET6 . +except that it supports an +.Fa af +of +.Dv AF_INET6 +in addition to +.Dv AF_INET . .Pp The .Fn gethostbyaddr @@ -133,39 +139,27 @@ function will search for the specified address of length .Fa len in the address family .Fa af . -The only address family currently supported is +The only address family supported is .Dv AF_INET . .Pp The -.Fn sethostent -function may be used to request the use of a connected -.Tn TCP -socket for queries. -If the -.Fa stayopen -flag is non-zero, -this sets the option to send all queries to the name server using -.Tn TCP -and to retain the connection after each call to -.Fn gethostbyname -or -.Fn gethostbyaddr . -Otherwise, queries are performed using -.Tn UDP -datagrams. -.Pp -The +.Fn sethostent , +.Fn gethostent , +and .Fn endhostent -function closes the -.Tn TCP -connection. +functions are deprecated and no longer have any effect. +They could be used in the past for queries over a persistent TCP +connection or to iterate entries in the +.Xr hosts 5 +file. .Pp The .Fn herror function prints an error message describing the failure. If its argument .Fa string -is non-null, +is not +.Dv NULL , it is prepended to the message string and separated from it by a colon .Pq Ql \&: and a space. @@ -173,7 +167,15 @@ The error message is printed with a trailing newline. The contents of the error message is the same as that returned by .Fn hstrerror with argument -.Fa h_errno . +.Va h_errno . +.Sh ENVIRONMENT +.Bl -tag -width RES_OPTIONS +.It Ev RES_OPTIONS +A list of options to override the resolver's internal defaults. +See +.Xr resolv.conf 5 +for more information. +.El .Sh FILES .Bl -tag -width /etc/resolv.conf -compact .It Pa /etc/hosts @@ -185,7 +187,9 @@ Error return status from .Fn gethostbyname2 , and .Fn gethostbyaddr -is indicated by return of a null pointer. +is indicated by return of a +.Dv NULL +pointer. The external integer .Va h_errno may then be checked to see whether this is a temporary failure @@ -213,47 +217,27 @@ associated with this name. Another type of request to the name server using this domain name will result in an answer; for example, a mail-forwarder may be registered for this domain. +.It Dv NETDB_INTERNAL +An internal error occurred. +This may occur when an address family other than +.Dv AF_INET +or +.Dv AF_INET6 +is specified or when a resource is unable to be allocated. +It is always set by +.Fn gethostent . +.It Dv NETDB_SUCCESS +The function completed successfully. .El .Sh SEE ALSO -.Xr resolver 3 , .Xr getaddrinfo 3 , .Xr getnameinfo 3 , +.Xr resolver 3 , .Xr hosts 5 , .Xr resolv.conf 5 , -.Xr hostname 7 , -.Xr named 8 -.Sh CAVEATS -If the search routines in -.Xr resolv.conf 5 -decide to read the -.Pa /etc/hosts -file, -.Fn gethostent -and other functions will -read the next line of the file, -re-opening the file if necessary. -.Pp -The -.Fn sethostent -function opens and/or rewinds the file -.Pa /etc/hosts . -If the -.Fa stayopen -argument is non-zero, the file will not be closed after each call to -.Fn gethostbyname , -.Fn gethostbyname2 , -or -.Fn gethostbyaddr . -.Pp -The -.Fn endhostent -function closes the file. +.Xr hostname 7 .Sh HISTORY The -.Fn herror -function appeared in -.Bx 4.3 . -The .Fn endhostent , .Fn gethostbyaddr , .Fn gethostbyname , @@ -261,11 +245,23 @@ The and .Fn sethostent functions appeared in -.Bx 4.2 . +.Bx 4.1c . +The function +.Fn herror +was added in +.Bx 4.3 Tahoe , +.Fn hstrerror +in +.Bx 4.4 , +and +.Fn gethostbyname2 +in +.Ox 2.1 . .Sh BUGS These functions use static data storage; if the data is needed for future use, it should be copied before any subsequent calls overwrite it. +.Pp Only the Internet address formats are currently understood. .Pp diff --git a/src/lib/libc/net/gethostnamadr.c b/src/lib/libc/net/gethostnamadr.c deleted file mode 100644 index 909ce573b73..00000000000 --- a/src/lib/libc/net/gethostnamadr.c +++ /dev/null @@ -1,1175 +0,0 @@ -/*- - * Copyright (c) 1985, 1988, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - - * Portions Copyright (c) 1993 by Digital Equipment Corporation. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies, and that - * the name of Digital Equipment Corporation not be used in advertising or - * publicity pertaining to distribution of the document or software without - * specific, written prior permission. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL - * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT - * CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - * - - * --Copyright-- - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$OpenBSD: gethostnamadr.c,v 1.53 2002/08/27 08:53:13 itojun Exp $"; -#endif /* LIBC_SCCS and not lint */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#ifdef YP -#include -#include -#include -#include "ypinternal.h" -#endif -#include "thread_private.h" - -#define MULTI_PTRS_ARE_ALIASES 1 /* XXX - experimental */ - -#define MAXALIASES 35 -#define MAXADDRS 35 - -static char *h_addr_ptrs[MAXADDRS + 1]; - -#ifdef YP -static char *__ypdomain; -#endif - -static struct hostent host; -static char *host_aliases[MAXALIASES]; -static char hostbuf[BUFSIZ+1]; -static union { - struct in_addr _host_in_addr; - u_char _host_addr[16]; /* IPv4 or IPv6 */ -} _host_addr_u; -#define host_addr _host_addr_u._host_addr -static FILE *hostf = NULL; -static int stayopen = 0; - -static void map_v4v6_address(const char *src, char *dst); -static void map_v4v6_hostent(struct hostent *hp, char **bp, char *); - -#ifdef RESOLVSORT -static void addrsort(char **, int); -#endif - -int _hokchar(const char *); - -static const char AskedForGot[] = - "gethostby*.getanswer: asked for \"%s\", got \"%s\""; - -#define MAXPACKET (64*1024) - -typedef union { - HEADER hdr; - u_char buf[MAXPACKET]; -} querybuf; - -typedef union { - int32_t al; - char ac; -} align; - -static struct hostent *getanswer(const querybuf *, int, const char *, int); - -extern int h_errno; - -int -_hokchar(p) - const char *p; -{ - char c; - - /* - * Many people do not obey RFC 822 and 1035. The valid - * characters are a-z, A-Z, 0-9, '-' and . But the others - * tested for below can happen, and we must be more permissive - * than the resolver until those idiots clean up their act. - * We let '/' through, but not '..' - */ - while ((c = *p++)) { - if (('a' <= c && c <= 'z') || - ('A' <= c && c <= 'Z') || - ('0' <= c && c <= '9')) - continue; - if (strchr("-_/", c)) - continue; - if (c == '.' && *p != '.') - continue; - return 0; - } - return 1; -} - -static struct hostent * -getanswer(answer, anslen, qname, qtype) - const querybuf *answer; - int anslen; - const char *qname; - int qtype; -{ - register const HEADER *hp; - register const u_char *cp; - register int n; - const u_char *eom; - char *bp, **ap, **hap, *ep; - int type, class, ancount, qdcount; - int haveanswer, had_error; - int toobig = 0; - char tbuf[MAXDNAME]; - const char *tname; - int (*name_ok)(const char *); - - tname = qname; - host.h_name = NULL; - eom = answer->buf + anslen; - switch (qtype) { - case T_A: - case T_AAAA: -#ifdef USE_RESOLV_NAME_OK - name_ok = res_hnok; - break; -#endif - case T_PTR: -#ifdef USE_RESOLV_NAME_OK - name_ok = res_dnok; -#else - name_ok = _hokchar; -#endif - break; - default: - return (NULL); - } - /* - * find first satisfactory answer - */ - hp = &answer->hdr; - ancount = ntohs(hp->ancount); - qdcount = ntohs(hp->qdcount); - bp = hostbuf; - ep = hostbuf + sizeof hostbuf; - cp = answer->buf + HFIXEDSZ; - if (qdcount != 1) { - h_errno = NO_RECOVERY; - return (NULL); - } - n = dn_expand(answer->buf, eom, cp, bp, ep - bp); - if ((n < 0) || !(*name_ok)(bp)) { - h_errno = NO_RECOVERY; - return (NULL); - } - cp += n + QFIXEDSZ; - if (qtype == T_A || qtype == T_AAAA) { - /* res_send() has already verified that the query name is the - * same as the one we sent; this just gets the expanded name - * (i.e., with the succeeding search-domain tacked on). - */ - n = strlen(bp) + 1; /* for the \0 */ - host.h_name = bp; - bp += n; - /* The qname can be abbreviated, but h_name is now absolute. */ - qname = host.h_name; - } - ap = host_aliases; - *ap = NULL; - host.h_aliases = host_aliases; - hap = h_addr_ptrs; - *hap = NULL; - host.h_addr_list = h_addr_ptrs; - haveanswer = 0; - had_error = 0; - while (ancount-- > 0 && cp < eom && !had_error) { - n = dn_expand(answer->buf, eom, cp, bp, ep - bp); - if ((n < 0) || !(*name_ok)(bp)) { - had_error++; - continue; - } - cp += n; /* name */ - type = _getshort(cp); - cp += INT16SZ; /* type */ - class = _getshort(cp); - cp += INT16SZ + INT32SZ; /* class, TTL */ - n = _getshort(cp); - cp += INT16SZ; /* len */ - if (type == T_SIG) { - /* XXX - ignore signatures as we don't use them yet */ - cp += n; - continue; - } - if (class != C_IN) { - /* XXX - debug? syslog? */ - cp += n; - continue; /* XXX - had_error++ ? */ - } - if ((qtype == T_A || qtype == T_AAAA) && type == T_CNAME) { - if (ap >= &host_aliases[MAXALIASES-1]) - continue; - n = dn_expand(answer->buf, eom, cp, tbuf, sizeof tbuf); - if ((n < 0) || !(*name_ok)(tbuf)) { - had_error++; - continue; - } - cp += n; - /* Store alias. */ - *ap++ = bp; - n = strlen(bp) + 1; /* for the \0 */ - bp += n; - /* Get canonical name. */ - n = strlen(tbuf) + 1; /* for the \0 */ - if (n > ep - bp) { - had_error++; - continue; - } - strlcpy(bp, tbuf, ep - bp); - host.h_name = bp; - bp += n; - continue; - } - if (qtype == T_PTR && type == T_CNAME) { - n = dn_expand(answer->buf, eom, cp, tbuf, sizeof tbuf); -#ifdef USE_RESOLV_NAME_OK - if ((n < 0) || !res_hnok(tbuf)) { -#else - if ((n < 0) || !_hokchar(tbuf)) { -#endif - had_error++; - continue; - } - cp += n; - /* Get canonical name. */ - n = strlen(tbuf) + 1; /* for the \0 */ - if (n > ep - bp) { - had_error++; - continue; - } - strlcpy(bp, tbuf, ep - bp); - tname = bp; - bp += n; - continue; - } - if (type != qtype) { - syslog(LOG_NOTICE|LOG_AUTH, - "gethostby*.getanswer: asked for \"%s %s %s\", got type \"%s\"", - qname, p_class(C_IN), p_type(qtype), - p_type(type)); - cp += n; - continue; /* XXX - had_error++ ? */ - } - switch (type) { - case T_PTR: - if (strcasecmp(tname, bp) != 0) { - syslog(LOG_NOTICE|LOG_AUTH, - AskedForGot, qname, bp); - cp += n; - continue; /* XXX - had_error++ ? */ - } - n = dn_expand(answer->buf, eom, cp, bp, ep - bp); -#ifdef USE_RESOLV_NAME_OK - if ((n < 0) || !res_hnok(bp)) { -#else - if ((n < 0) || !_hokchar(bp)) { -#endif - had_error++; - break; - } -#if MULTI_PTRS_ARE_ALIASES - cp += n; - if (!haveanswer) - host.h_name = bp; - else if (ap < &host_aliases[MAXALIASES-1]) - *ap++ = bp; - else - n = -1; - if (n != -1) { - n = strlen(bp) + 1; /* for the \0 */ - bp += n; - } - break; -#else - host.h_name = bp; - if (_res.options & RES_USE_INET6) { - n = strlen(bp) + 1; /* for the \0 */ - bp += n; - map_v4v6_hostent(&host, &bp, ep); - } - h_errno = NETDB_SUCCESS; - return (&host); -#endif - case T_A: - case T_AAAA: - if (strcasecmp(host.h_name, bp) != 0) { - syslog(LOG_NOTICE|LOG_AUTH, - AskedForGot, host.h_name, bp); - cp += n; - continue; /* XXX - had_error++ ? */ - } - if (n != host.h_length) { - cp += n; - continue; - } - if (type == T_AAAA) { - struct in6_addr in6; - memcpy(&in6, cp, IN6ADDRSZ); - if (IN6_IS_ADDR_V4MAPPED(&in6)) { - cp += n; - continue; - } - } - if (!haveanswer) { - register int nn; - - host.h_name = bp; - nn = strlen(bp) + 1; /* for the \0 */ - bp += nn; - } - - bp += sizeof(align) - ((u_long)bp % sizeof(align)); - - if (bp + n >= &hostbuf[sizeof hostbuf]) { -#ifdef DEBUG - if (_res.options & RES_DEBUG) - printf("size (%d) too big\n", n); -#endif - had_error++; - continue; - } - if (hap >= &h_addr_ptrs[MAXADDRS-1]) { - if (!toobig++) -#ifdef DEBUG - if (_res.options & RES_DEBUG) - printf("Too many addresses (%d)\n", MAXADDRS); -#endif - cp += n; - continue; - } - bcopy(cp, *hap++ = bp, n); - bp += n; - cp += n; - break; - } - if (!had_error) - haveanswer++; - } - if (haveanswer) { - *ap = NULL; - *hap = NULL; -# if defined(RESOLVSORT) - /* - * Note: we sort even if host can take only one address - * in its return structures - should give it the "best" - * address in that case, not some random one - */ - if (_res.nsort && haveanswer > 1 && qtype == T_A) - addrsort(h_addr_ptrs, haveanswer); -# endif /*RESOLVSORT*/ - if (!host.h_name) { - n = strlen(qname) + 1; /* for the \0 */ - if (n > ep - bp) - goto try_again; - strlcpy(bp, qname, ep - bp); - host.h_name = bp; - bp += n; - } - if (_res.options & RES_USE_INET6) - map_v4v6_hostent(&host, &bp, ep); - h_errno = NETDB_SUCCESS; - return (&host); - } - try_again: - h_errno = TRY_AGAIN; - return (NULL); -} - -#ifdef notyet -/* - * XXX This is an extremely bogus implementation. - * - * FreeBSD has this interface: - * int gethostbyaddr_r(const char *addr, int len, int type, - * struct hostent *result, struct hostent_data *buffer) - */ - -struct hostent * -gethostbyname_r(name, hp, buf, buflen, errorp) - const char * name; - struct hostent * hp; - char * buf; - int buflen; - int * errorp; -{ - struct hostent *res; - - res = gethostbyname(name); - *errorp = h_errno; - if (res == NULL) - return NULL; - memcpy(hp, res, sizeof *hp); /* XXX not sufficient */ - return hp; -} - -/* - * XXX This is an extremely bogus implementation. - */ -struct hostent * -gethostbyaddr_r(addr, len, af, he, buf, buflen, errorp) - const char *addr; /* XXX should have been def'd as u_char! */ - int len, af; - struct hostent * he; - char * buf; - int buflen; - int * errorp; -{ - struct hostent * res; - - res = gethostbyaddr(addr, len, af); - *errorp = h_errno; - if (res == NULL) - return NULL; - memcpy(he, res, sizeof *he); /* XXX not sufficient */ - return he; -} - -/* XXX RFC2133 expects a gethostbyname2_r() -- unimplemented */ -#endif - -_THREAD_PRIVATE_MUTEX(gethostnamadr); - -struct hostent * -gethostbyname(name) - const char *name; -{ - struct hostent *hp; - extern struct hostent *_gethtbyname2(); - - _THREAD_PRIVATE_MUTEX_LOCK(gethostnamadr); - if ((_res.options & RES_INIT) == 0 && res_init() == -1) - hp = _gethtbyname2(name, AF_INET); - - else if (_res.options & RES_USE_INET6) { - hp = gethostbyname2(name, AF_INET6); - if (hp == NULL) - hp = gethostbyname2(name, AF_INET); - } - else - hp = gethostbyname2(name, AF_INET); - _THREAD_PRIVATE_MUTEX_UNLOCK(gethostnamadr); - return hp; -} - -struct hostent * -gethostbyname2(name, af) - const char *name; - int af; -{ - querybuf *buf; - register const char *cp; - char *bp, *ep; - int n, size, type, i; - extern struct hostent *_gethtbyname2(), *_yp_gethtbyname(); - register struct hostent *hp; - char lookups[MAXDNSLUS]; - - if ((_res.options & RES_INIT) == 0 && res_init() == -1) - return (_gethtbyname2(name, af)); - - switch (af) { - case AF_INET: - size = INADDRSZ; - type = T_A; - break; - case AF_INET6: - size = IN6ADDRSZ; - type = T_AAAA; - break; - default: - h_errno = NETDB_INTERNAL; - errno = EAFNOSUPPORT; - return (NULL); - } - - host.h_addrtype = af; - host.h_length = size; - - /* - * if there aren't any dots, it could be a user-level alias. - * this is also done in res_query() since we are not the only - * function that looks up host names. - */ - if (!strchr(name, '.') && (cp = __hostalias(name))) - name = cp; - - /* - * disallow names consisting only of digits/dots, unless - * they end in a dot. - */ - if (isdigit(name[0])) - for (cp = name;; ++cp) { - if (!*cp) { - if (*--cp == '.') - break; - /* - * All-numeric, no dot at the end. - * Fake up a hostent as if we'd actually - * done a lookup. - */ - if (inet_pton(af, name, host_addr) <= 0) { - h_errno = HOST_NOT_FOUND; - return (NULL); - } - strlcpy(hostbuf, name, MAXHOSTNAMELEN); - bp = hostbuf + MAXHOSTNAMELEN; - ep = hostbuf + sizeof(hostbuf); - host.h_name = hostbuf; - host.h_aliases = host_aliases; - host_aliases[0] = NULL; - h_addr_ptrs[0] = (char *)host_addr; - h_addr_ptrs[1] = NULL; - host.h_addr_list = h_addr_ptrs; - if (_res.options & RES_USE_INET6) - map_v4v6_hostent(&host, &bp, ep); - h_errno = NETDB_SUCCESS; - return (&host); - } - if (!isdigit(*cp) && *cp != '.') - break; - } - if ((isxdigit(name[0]) && strchr(name, ':') != NULL) || - name[0] == ':') - for (cp = name;; ++cp) { - if (!*cp) { - if (*--cp == '.') - break; - /* - * All-IPv6-legal, no dot at the end. - * Fake up a hostent as if we'd actually - * done a lookup. - */ - if (inet_pton(af, name, host_addr) <= 0) { - h_errno = HOST_NOT_FOUND; - return (NULL); - } - strlcpy(hostbuf, name, MAXHOSTNAMELEN); - bp = hostbuf + MAXHOSTNAMELEN; - ep = hostbuf + sizeof(hostbuf); - host.h_name = hostbuf; - host.h_aliases = host_aliases; - host_aliases[0] = NULL; - h_addr_ptrs[0] = (char *)host_addr; - h_addr_ptrs[1] = NULL; - host.h_addr_list = h_addr_ptrs; - h_errno = NETDB_SUCCESS; - return (&host); - } - if (!isxdigit(*cp) && *cp != ':' && *cp != '.') - break; - } - - bcopy(_res.lookups, lookups, sizeof lookups); - if (lookups[0] == '\0') - strlcpy(lookups, "bf", sizeof lookups); - - hp = (struct hostent *)NULL; - for (i = 0; i < MAXDNSLUS && hp == NULL && lookups[i]; i++) { - switch (lookups[i]) { -#ifdef YP - case 'y': - /* YP only supports AF_INET. */ - if (af == AF_INET) - hp = _yp_gethtbyname(name); - break; -#endif - case 'b': - buf = malloc(sizeof(*buf)); - if (buf == NULL) - break; - if ((n = res_search(name, C_IN, type, buf->buf, - sizeof(buf->buf))) < 0) { - free(buf); -#ifdef DEBUG - if (_res.options & RES_DEBUG) - printf("res_search failed\n"); -#endif - break; - } - hp = getanswer(buf, n, name, type); - free(buf); - break; - case 'f': - hp = _gethtbyname2(name, af); - break; - } - } - /* XXX h_errno not correct in all cases... */ - return (hp); -} - -struct hostent * -gethostbyaddr(addr, len, af) - const char *addr; /* XXX should have been def'd as u_char! */ - int len, af; -{ - const u_char *uaddr = (const u_char *)addr; - int n, size, i; - querybuf *buf; - register struct hostent *hp; - char qbuf[MAXDNAME+1], *qp; - extern struct hostent *_gethtbyaddr(), *_yp_gethtbyaddr(); - char lookups[MAXDNSLUS]; - struct hostent *res; - - _THREAD_PRIVATE_MUTEX_LOCK(gethostnamadr); - if ((_res.options & RES_INIT) == 0 && res_init() == -1) { - res = _gethtbyaddr(addr, len, af); - _THREAD_PRIVATE_MUTEX_UNLOCK(gethostnamadr); - return (res); - } - - if (af == AF_INET6 && len == IN6ADDRSZ && - (IN6_IS_ADDR_LINKLOCAL((struct in6_addr *)uaddr) || - IN6_IS_ADDR_SITELOCAL((struct in6_addr *)uaddr))) { - h_errno = HOST_NOT_FOUND; - return (NULL); - } - if (af == AF_INET6 && len == IN6ADDRSZ && - (IN6_IS_ADDR_V4MAPPED((struct in6_addr *)uaddr) || - IN6_IS_ADDR_V4COMPAT((struct in6_addr *)uaddr))) { - /* Unmap. */ - addr += IN6ADDRSZ - INADDRSZ; - uaddr += IN6ADDRSZ - INADDRSZ; - af = AF_INET; - len = INADDRSZ; - } - switch (af) { - case AF_INET: - size = INADDRSZ; - break; - case AF_INET6: - size = IN6ADDRSZ; - break; - default: - errno = EAFNOSUPPORT; - h_errno = NETDB_INTERNAL; - _THREAD_PRIVATE_MUTEX_UNLOCK(gethostnamadr); - return (NULL); - } - if (size != len) { - errno = EINVAL; - h_errno = NETDB_INTERNAL; - _THREAD_PRIVATE_MUTEX_UNLOCK(gethostnamadr); - return (NULL); - } - switch (af) { - case AF_INET: - (void) snprintf(qbuf, sizeof qbuf, "%u.%u.%u.%u.in-addr.arpa", - (uaddr[3] & 0xff), (uaddr[2] & 0xff), - (uaddr[1] & 0xff), (uaddr[0] & 0xff)); - break; - case AF_INET6: - qp = qbuf; - for (n = IN6ADDRSZ - 1; n >= 0; n--) { - qp += sprintf(qp, "%x.%x.", - uaddr[n] & 0xf, (uaddr[n] >> 4) & 0xf); - } - break; - } - - bcopy(_res.lookups, lookups, sizeof lookups); - if (lookups[0] == '\0') - strlcpy(lookups, "bf", sizeof lookups); - - hp = (struct hostent *)NULL; - for (i = 0; i < MAXDNSLUS && hp == NULL && lookups[i]; i++) { - switch (lookups[i]) { -#ifdef YP - case 'y': - /* YP only supports AF_INET. */ - if (af == AF_INET) - hp = _yp_gethtbyaddr(addr); - break; -#endif - case 'b': - if (af == AF_INET6) - strcpy(qp, "ip6.arpa"); - buf = malloc(sizeof(*buf)); - if (!buf) - break; - n = res_query(qbuf, C_IN, T_PTR, buf->buf, - sizeof(buf->buf)); - if (n < 0 && af == AF_INET6) { - strcpy(qp, "ip6.int"); - n = res_query(qbuf, C_IN, T_PTR, - buf->buf, sizeof(buf->buf)); - } - if (n < 0) { - free(buf); -#ifdef DEBUG - if (_res.options & RES_DEBUG) - printf("res_query failed\n"); -#endif - break; - } - if (!(hp = getanswer(buf, n, qbuf, T_PTR))) { - free(buf); - break; - } - free(buf); - hp->h_addrtype = af; - hp->h_length = len; - bcopy(addr, host_addr, len); - h_addr_ptrs[0] = (char *)host_addr; - h_addr_ptrs[1] = NULL; - if (af == AF_INET && (_res.options & RES_USE_INET6)) { - map_v4v6_address((char*)host_addr, - (char*)host_addr); - hp->h_addrtype = AF_INET6; - hp->h_length = IN6ADDRSZ; - } - h_errno = NETDB_SUCCESS; - break; - case 'f': - hp = _gethtbyaddr(addr, len, af); - break; - } - } - _THREAD_PRIVATE_MUTEX_UNLOCK(gethostnamadr); - /* XXX h_errno not correct in all cases... */ - return (hp); -} - -void -_sethtent(f) - int f; -{ - if (hostf == NULL) - hostf = fopen(_PATH_HOSTS, "r" ); - else - rewind(hostf); - stayopen = f; -} - -void -_endhtent() -{ - if (hostf && !stayopen) { - (void) fclose(hostf); - hostf = NULL; - } -} - -struct hostent * -_gethtent() -{ - char *p; - register char *cp, **q; - int af; - size_t len; - - if (!hostf && !(hostf = fopen(_PATH_HOSTS, "r" ))) { - h_errno = NETDB_INTERNAL; - return (NULL); - } - again: - if ((p = fgetln(hostf, &len)) == NULL) { - h_errno = HOST_NOT_FOUND; - return (NULL); - } - if (p[len-1] == '\n') - len--; - if (len >= sizeof(hostbuf) || len == 0) - goto again; - p = memcpy(hostbuf, p, len); - hostbuf[len] = '\0'; - if (*p == '#') - goto again; - if ((cp = strchr(p, '#'))) - *cp = '\0'; - if (!(cp = strpbrk(p, " \t"))) - goto again; - *cp++ = '\0'; - if (inet_pton(AF_INET6, p, host_addr) > 0) { - af = AF_INET6; - len = IN6ADDRSZ; - } else if (inet_pton(AF_INET, p, host_addr) > 0) { - if (_res.options & RES_USE_INET6) { - map_v4v6_address((char*)host_addr, (char*)host_addr); - af = AF_INET6; - len = IN6ADDRSZ; - } else { - af = AF_INET; - len = INADDRSZ; - } - } else { - goto again; - } - /* if this is not something we're looking for, skip it. */ - if (host.h_addrtype != af) - goto again; - if (host.h_length != len) - goto again; - h_addr_ptrs[0] = (char *)host_addr; - h_addr_ptrs[1] = NULL; - host.h_addr_list = h_addr_ptrs; - host.h_length = len; - host.h_addrtype = af; - while (*cp == ' ' || *cp == '\t') - cp++; - host.h_name = cp; - q = host.h_aliases = host_aliases; - if ((cp = strpbrk(cp, " \t"))) - *cp++ = '\0'; - while (cp && *cp) { - if (*cp == ' ' || *cp == '\t') { - cp++; - continue; - } - if (q < &host_aliases[MAXALIASES - 1]) - *q++ = cp; - if ((cp = strpbrk(cp, " \t"))) - *cp++ = '\0'; - } - *q = NULL; - if (_res.options & RES_USE_INET6) { - char *bp = hostbuf; - char *ep = hostbuf + sizeof hostbuf; - - map_v4v6_hostent(&host, &bp, ep); - } - h_errno = NETDB_SUCCESS; - return (&host); -} - -struct hostent * -_gethtbyname(name) - const char *name; -{ - extern struct hostent *_gethtbyname2(); - struct hostent *hp; - - if (_res.options & RES_USE_INET6) { - hp = _gethtbyname2(name, AF_INET6); - if (hp) - return (hp); - } - return (_gethtbyname2(name, AF_INET)); -} - -struct hostent * -_gethtbyname2(name, af) - const char *name; - int af; -{ - register struct hostent *p; - register char **cp; - - _sethtent(0); - while ((p = _gethtent())) { - if (p->h_addrtype != af) - continue; - if (strcasecmp(p->h_name, name) == 0) - break; - for (cp = p->h_aliases; *cp != 0; cp++) - if (strcasecmp(*cp, name) == 0) - goto found; - } - found: - _endhtent(); - return (p); -} - -struct hostent * -_gethtbyaddr(addr, len, af) - const char *addr; - int len, af; -{ - register struct hostent *p; - - host.h_length = len; - host.h_addrtype = af; - - _sethtent(0); - while ((p = _gethtent())) - if (p->h_addrtype == af && !bcmp(p->h_addr, addr, len)) - break; - _endhtent(); - return (p); -} - -#ifdef YP -struct hostent * -_yphostent(line) - char *line; -{ - static struct in_addr host_addrs[MAXADDRS]; - char *p = line; - char *cp, **q; - char **hap; - struct in_addr *buf; - int more; - - host.h_name = NULL; - host.h_addr_list = h_addr_ptrs; - host.h_length = INADDRSZ; - host.h_addrtype = AF_INET; - hap = h_addr_ptrs; - buf = host_addrs; - q = host.h_aliases = host_aliases; - -nextline: - /* check for host_addrs overflow */ - if (buf >= &host_addrs[sizeof(host_addrs) / sizeof(host_addrs[0])]) - goto done; - - more = 0; - cp = strpbrk(p, " \t"); - if (cp == NULL) - goto done; - *cp++ = '\0'; - - *hap++ = (char *)buf; - (void) inet_aton(p, buf++); - - while (*cp == ' ' || *cp == '\t') - cp++; - p = cp; - cp = strpbrk(p, " \t\n"); - if (cp != NULL) { - if (*cp == '\n') - more = 1; - *cp++ = '\0'; - } - if (!host.h_name) - host.h_name = p; - else if (strcmp(host.h_name, p)==0) - ; - else if (q < &host_aliases[MAXALIASES - 1]) - *q++ = p; - p = cp; - if (more) - goto nextline; - - while (cp && *cp) { - if (*cp == ' ' || *cp == '\t') { - cp++; - continue; - } - if (*cp == '\n') { - cp++; - goto nextline; - } - if (q < &host_aliases[MAXALIASES - 1]) - *q++ = cp; - cp = strpbrk(cp, " \t"); - if (cp != NULL) - *cp++ = '\0'; - } -done: - if (host.h_name == NULL) - return (NULL); - *q = NULL; - *hap = NULL; - return (&host); -} - -struct hostent * -_yp_gethtbyaddr(addr) - const char *addr; -{ - struct hostent *hp = (struct hostent *)NULL; - static char *__ypcurrent; - int __ypcurrentlen, r; - char name[sizeof("xxx.xxx.xxx.xxx")]; - - if (!__ypdomain) { - if (_yp_check(&__ypdomain) == 0) - return (hp); - } - snprintf(name, sizeof name, "%u.%u.%u.%u", - ((unsigned)addr[0] & 0xff), ((unsigned)addr[1] & 0xff), - ((unsigned)addr[2] & 0xff), ((unsigned)addr[3] & 0xff)); - if (__ypcurrent) - free(__ypcurrent); - __ypcurrent = NULL; - r = yp_match(__ypdomain, "hosts.byaddr", name, - strlen(name), &__ypcurrent, &__ypcurrentlen); - if (r==0) - hp = _yphostent(__ypcurrent); - if (hp==NULL) - h_errno = HOST_NOT_FOUND; - return (hp); -} - -struct hostent * -_yp_gethtbyname(name) - const char *name; -{ - struct hostent *hp = (struct hostent *)NULL; - static char *__ypcurrent; - int __ypcurrentlen, r; - - if (strlen(name) >= MAXHOSTNAMELEN) - return (NULL); - if (!__ypdomain) { - if (_yp_check(&__ypdomain) == 0) - return (hp); - } - if (__ypcurrent) - free(__ypcurrent); - __ypcurrent = NULL; - r = yp_match(__ypdomain, "hosts.byname", name, - strlen(name), &__ypcurrent, &__ypcurrentlen); - if (r == 0) - hp = _yphostent(__ypcurrent); - if (hp == NULL) - h_errno = HOST_NOT_FOUND; - return (hp); -} -#endif - -static void -map_v4v6_address(src, dst) - const char *src; - char *dst; -{ - u_char *p = (u_char *)dst; - char tmp[INADDRSZ]; - int i; - - /* Stash a temporary copy so our caller can update in place. */ - bcopy(src, tmp, INADDRSZ); - /* Mark this ipv6 addr as a mapped ipv4. */ - for (i = 0; i < 10; i++) - *p++ = 0x00; - *p++ = 0xff; - *p++ = 0xff; - /* Retrieve the saved copy and we're done. */ - bcopy(tmp, (void*)p, INADDRSZ); -} - -static void -map_v4v6_hostent(hp, bpp, ep) - struct hostent *hp; - char **bpp; - char *ep; -{ - char **ap; - - if (hp->h_addrtype != AF_INET || hp->h_length != INADDRSZ) - return; - hp->h_addrtype = AF_INET6; - hp->h_length = IN6ADDRSZ; - for (ap = hp->h_addr_list; *ap; ap++) { - int i = sizeof(align) - ((u_long)*bpp % sizeof(align)); - - if (ep - *bpp < (i + IN6ADDRSZ)) { - /* Out of memory. Truncate address list here. XXX */ - *ap = NULL; - return; - } - *bpp += i; - map_v4v6_address(*ap, *bpp); - *ap = *bpp; - *bpp += IN6ADDRSZ; - } -} - -struct hostent * -gethostent() -{ - return (_gethtent()); -} - -#ifdef RESOLVSORT -static void -addrsort(ap, num) - char **ap; - int num; -{ - int i, j; - char **p; - short aval[MAXADDRS]; - int needsort = 0; - - p = ap; - for (i = 0; i < num; i++, p++) { - for (j = 0 ; (unsigned)j < _res.nsort; j++) - if (_res.sort_list[j].addr.s_addr == - (((struct in_addr *)(*p))->s_addr & _res.sort_list[j].mask)) - break; - aval[i] = j; - if (needsort == 0 && i > 0 && j < aval[i-1]) - needsort = i; - } - if (!needsort) - return; - - while (needsort < num) { - for (j = needsort - 1; j >= 0; j--) { - if (aval[j] > aval[j+1]) { - char *hp; - - i = aval[j]; - aval[j] = aval[j+1]; - aval[j+1] = i; - - hp = ap[j]; - ap[j] = ap[j+1]; - ap[j+1] = hp; - } else - break; - } - needsort++; - } -} -#endif diff --git a/src/lib/libc/net/getifaddrs.3 b/src/lib/libc/net/getifaddrs.3 index 2743bf6fc2d..26eac493202 100644 --- a/src/lib/libc/net/getifaddrs.3 +++ b/src/lib/libc/net/getifaddrs.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: getifaddrs.3,v 1.8 2002/01/02 06:08:55 nordin Exp $ +.\" $OpenBSD: getifaddrs.3,v 1.22 2018/01/12 04:36:44 deraadt Exp $ .\" BSDI getifaddrs.3,v 2.5 2000/02/23 14:51:59 dab Exp .\" .\" Copyright (c) 1995, 1999 @@ -21,16 +21,17 @@ .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. -.Dd "October 12, 1995" +.Dd $Mdocdate: January 12 2018 $ .Dt GETIFADDRS 3 .Os .Sh NAME -.Nm getifaddrs +.Nm getifaddrs , +.Nm freeifaddrs .Nd get interface addresses .Sh SYNOPSIS -.Fd #include -.Fd #include -.Fd #include +.In sys/types.h +.In sys/socket.h +.In ifaddrs.h .Ft int .Fn getifaddrs "struct ifaddrs **ifap" .Ft void @@ -42,11 +43,11 @@ function stores a reference to a linked list of the network interfaces on the local machine in the memory referenced by .Fa ifap . The list consists of -.Nm ifaddrs +.Vt ifaddrs structures, as defined in the include file -.Aq Pa ifaddrs.h . +.In ifaddrs.h . The -.Nm ifaddrs +.Vt ifaddrs structure contains at least the following entries: .Bd -literal struct ifaddrs *ifa_next; /* Pointer to next struct */ @@ -58,13 +59,12 @@ structure contains at least the following entries: struct sockaddr *ifa_dstaddr; /* P2P interface destination */ void *ifa_data; /* Address specific data */ .Ed -.Pp -.Bl -tag -width Ds +.Bl -tag -width ifa_broadaddr .It Fa ifa_next Contains a pointer to the next structure on the list. This field is set to .Dv NULL -in last structure on the list. +in the last structure on the list. .It Fa ifa_name Contains the interface name. .It Fa ifa_flags @@ -93,7 +93,8 @@ references the broadcast address associated with if one exists, otherwise it is .Dv NULL . .It Fa ifa_dstaddr -References the destination address on a P2P interface, +This field, which should only be referenced for P2P interfaces, +references the destination address on a P2P interface, if one exists, otherwise it is .Dv NULL . .It Fa ifa_data @@ -101,15 +102,14 @@ References address family specific data. For .Dv AF_LINK addresses it contains a pointer to the -.Li struct if_data +.Vt struct if_data (as defined in include file -.Aq Pa net/if.h ) +.In net/if.h ) which contains various interface attributes and statistics. -For all other address families, it contains a pointer to the -.Li struct ifa_data -(as defined in include file -.Aq Pa net/if.h ) -which contains per-address interface statistics. +For all other address families, +.Fa ifa_data +is +.Dv NULL . .El .Pp The data returned by @@ -118,10 +118,7 @@ is dynamically allocated and should be freed using .Fn freeifaddrs when no longer needed. .Sh RETURN VALUES -Upon successful completion, a value of 0 is returned. -Otherwise, a value of \-1 is returned and -.Va errno -is set to indicate the error. +.Rv -std .Sh ERRORS The .Fn getifaddrs @@ -132,28 +129,29 @@ for any of the errors specified for the library routines .Xr socket 2 , .Xr malloc 3 , or -.Xr sysctl 3 . -.Sh BUGS -If both -.Aq Pa net/if.h -and -.Aq Pa ifaddrs.h -are being included, -.Aq Pa net/if.h -.Em must -be included before -.Aq Pa ifaddrs.h . +.Xr sysctl 2 . .Sh SEE ALSO .Xr ioctl 2 , .Xr socket 2 , -.Xr sysctl 3 , -.Xr networking 4 , +.Xr sysctl 2 , +.Xr netintro 4 , .Xr ifconfig 8 .Sh HISTORY The .Fn getifaddrs -function first appeared in BSDI BSD/OS. -The function is supplied on +function first appeared in BSDI +.Bsx . +The function has been available on .Ox since .Ox 2.7 . +.Sh BUGS +If both +.In net/if.h +and +.In ifaddrs.h +are being included, +.In net/if.h +.Em must +be included before +.In ifaddrs.h . diff --git a/src/lib/libc/net/getifaddrs.c b/src/lib/libc/net/getifaddrs.c index 0db89f6c190..182829c9d5e 100644 --- a/src/lib/libc/net/getifaddrs.c +++ b/src/lib/libc/net/getifaddrs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getifaddrs.c,v 1.9 2002/08/09 06:12:25 itojun Exp $ */ +/* $OpenBSD: getifaddrs.c,v 1.13 2015/09/14 11:01:47 guenther Exp $ */ /* * Copyright (c) 1995, 1999 @@ -25,17 +25,18 @@ * BSDI getifaddrs.c,v 2.12 2000/02/23 14:51:59 dab Exp */ +#include /* ALIGN */ #include #include #include #include -#include #include #include #include #include #include +#include #include #include #include @@ -51,7 +52,7 @@ getifaddrs(struct ifaddrs **pif) int ncnt = 0; int mib[6]; size_t needed; - char *buf; + char *buf = NULL, *bufp; char *next; struct ifaddrs *cif = 0; char *p, *p0; @@ -61,7 +62,7 @@ getifaddrs(struct ifaddrs **pif) struct sockaddr_dl *dl; struct sockaddr *sa; u_short index = 0; - size_t len, alen; + size_t len, alen, dlen; struct ifaddrs *ifa, *ift; int i; char *data; @@ -73,13 +74,25 @@ getifaddrs(struct ifaddrs **pif) mib[3] = 0; /* wildcard address family */ mib[4] = NET_RT_IFLIST; mib[5] = 0; /* no flags */ - if (sysctl(mib, 6, NULL, &needed, NULL, 0) < 0) - return (-1); - if ((buf = malloc(needed)) == NULL) - return (-1); - if (sysctl(mib, 6, buf, &needed, NULL, 0) < 0) { - free(buf); - return (-1); + while (1) { + if (sysctl(mib, 6, NULL, &needed, NULL, 0) == -1) { + free(buf); + return (-1); + } + if (needed == 0) + break; + if ((bufp = realloc(buf, needed)) == NULL) { + free(buf); + return (-1); + } + buf = bufp; + if (sysctl(mib, 6, buf, &needed, NULL, 0) == -1) { + if (errno == ENOMEM) + continue; + free(buf); + return (-1); + } + break; } for (next = buf; next < buf + needed; next += rtm->rtm_msglen) { @@ -92,7 +105,8 @@ getifaddrs(struct ifaddrs **pif) if (ifm->ifm_addrs & RTA_IFP) { index = ifm->ifm_index; ++icnt; - dl = (struct sockaddr_dl *)(ifm + 1); + dl = (struct sockaddr_dl *)(next + + rtm->rtm_hdrlen); dcnt += SA_RLEN((struct sockaddr *)dl) + ALIGNBYTES; dcnt += sizeof(ifm->ifm_data); @@ -109,7 +123,7 @@ getifaddrs(struct ifaddrs **pif) #define RTA_MASKS (RTA_NETMASK | RTA_IFA | RTA_BRD) if (index == 0 || (ifam->ifam_addrs & RTA_MASKS) == 0) break; - p = (char *)(ifam + 1); + p = next + rtm->rtm_hdrlen; ++icnt; /* Scan to look for length of address */ alen = 0; @@ -169,7 +183,8 @@ getifaddrs(struct ifaddrs **pif) ifm = (struct if_msghdr *)rtm; if (ifm->ifm_addrs & RTA_IFP) { index = ifm->ifm_index; - dl = (struct sockaddr_dl *)(ifm + 1); + dl = (struct sockaddr_dl *)(next + + rtm->rtm_hdrlen); cif = ift; ift->ifa_name = names; @@ -185,7 +200,11 @@ getifaddrs(struct ifaddrs **pif) /* ifm_data needs to be aligned */ ift->ifa_data = data = (void *)ALIGN(data); - memcpy(data, &ifm->ifm_data, sizeof(ifm->ifm_data)); + dlen = rtm->rtm_hdrlen - + offsetof(struct if_msghdr, ifm_data); + if (dlen > sizeof(ifm->ifm_data)) + dlen = sizeof(ifm->ifm_data); + memcpy(data, &ifm->ifm_data, dlen); data += sizeof(ifm->ifm_data); ift = (ift->ifa_next = ift + 1); @@ -203,7 +222,7 @@ getifaddrs(struct ifaddrs **pif) ift->ifa_name = cif->ifa_name; ift->ifa_flags = cif->ifa_flags; ift->ifa_data = NULL; - p = (char *)(ifam + 1); + p = next + rtm->rtm_hdrlen; /* Scan to look for length of address */ alen = 0; for (p0 = p, i = 0; i < RTAX_MAX; i++) { @@ -269,9 +288,11 @@ getifaddrs(struct ifaddrs **pif) } return (0); } +DEF_WEAK(getifaddrs); void freeifaddrs(struct ifaddrs *ifp) { free(ifp); } +DEF_WEAK(freeifaddrs); diff --git a/src/lib/libc/net/getnameinfo.3 b/src/lib/libc/net/getnameinfo.3 index 76c64499066..fb4cc3631ed 100644 --- a/src/lib/libc/net/getnameinfo.3 +++ b/src/lib/libc/net/getnameinfo.3 @@ -1,297 +1,264 @@ -.\" $OpenBSD: getnameinfo.3,v 1.17 2001/11/15 06:53:09 itojun Exp $ -.\" $KAME: getnameinfo.3,v 1.20 2001/01/05 13:37:37 itojun Exp $ +.\" $OpenBSD: getnameinfo.3,v 1.47 2014/08/23 07:25:54 jmc Exp $ +.\" $KAME: getnameinfo.3,v 1.37 2005/01/05 03:23:05 itojun Exp $ .\" -.\" Copyright (c) 1983, 1987, 1991, 1993 -.\" The Regents of the University of California. All rights reserved. +.\" Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2000, 2001 Internet Software Consortium. .\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. .\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. +.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +.\" PERFORMANCE OF THIS SOFTWARE. .\" -.\" From: @(#)gethostbyname.3 8.4 (Berkeley) 5/25/95 -.\" -.Dd May 25, 1995 +.Dd $Mdocdate: August 23 2014 $ .Dt GETNAMEINFO 3 .Os -.\" .Sh NAME .Nm getnameinfo -.Nd address-to-nodename translation in protocol-independent manner -.\" +.Nd socket address structure to hostname and service name .Sh SYNOPSIS -.Fd #include -.Fd #include -.Fd #include +.In sys/types.h +.In sys/socket.h +.In netdb.h .Ft int -.Fn getnameinfo "const struct sockaddr *sa" "socklen_t salen" \ -"char *host" "size_t hostlen" "char *serv" "size_t servlen" "int flags" -.\" +.Fn getnameinfo "const struct sockaddr *sa" "socklen_t salen" "char *host" \ + "size_t hostlen" "char *serv" "size_t servlen" "int flags" .Sh DESCRIPTION The .Fn getnameinfo -function is defined for protocol-independent address-to-nodename translation. -Its functionality is a reverse conversion of -.Xr getaddrinfo 3 , -and implements similar functionality with +function is used to convert a +.Li sockaddr +structure to a pair of host name and service strings. +It is a replacement for and provides more flexibility than the .Xr gethostbyaddr 3 and .Xr getservbyport 3 -in more sophisticated manner. -.Pp -This function looks up an IP address and port number provided by the -caller in the DNS and system-specific database, and returns text -strings for both in buffers provided by the caller. -The function indicates successful completion by a zero return value; -a non-zero return value indicates failure. +functions and is the converse of the +.Xr getaddrinfo 3 +function. .Pp -The first argument, -.Fa sa , -points to either a -.Li sockaddr_in -structure (for IPv4) or a -.Li sockaddr_in6 -structure (for IPv6) that holds the IP address and port number. The -.Fa salen -argument gives the length of the +.Li sockaddr +structure +.Fa sa +should point to either a .Li sockaddr_in or .Li sockaddr_in6 -structure. +structure (for IPv4 or IPv6 respectively) that is +.Fa salen +bytes long. .Pp -The function returns the nodename associated with the IP address in -the buffer pointed to by the +The host and service names associated with +.Fa sa +are stored in .Fa host -argument. -The caller provides the size of this buffer via the +and +.Fa serv +which have length parameters .Fa hostlen -argument. -The service name associated with the port number is returned in the buffer -pointed to by -.Fa serv , -and the -.Fa servlen -argument gives the length of this buffer. -The caller specifies not to return either string by providing a zero -value for the +and +.Fa servlen . +The maximum value for .Fa hostlen -or +is +.Dv NI_MAXHOST +and +the maximum value for .Fa servlen -arguments. -Otherwise, the caller must provide buffers large enough to hold the -nodename and the service name, including the terminating null characters. -.Pp -Unfortunately most systems do not provide constants that specify the -maximum size of either a fully-qualified domain name or a service name. -Therefore to aid the application in allocating buffers for these two -returned strings the following constants are defined in -.Aq Pa netdb.h : -.Bd -literal -offset -#define NI_MAXHOST MAXHOSTNAMELEN -#define NI_MAXSERV 32 -.Ed -.Pp -The first value is actually defined as the constant -.Dv MAXDNAME -in recent versions of BIND's -.Aq Pa arpa/nameser.h -header (older versions of BIND define this constant to be 256) -and the second is a guess based on the services listed in the current -Assigned Numbers RFC. -.Pp -The final argument is a -.Fa flag -that changes the default actions of this function. -By default the fully-qualified domain name (FQDN) for the host is -looked up in the DNS and returned. -If the flag bit -.Dv NI_NOFQDN -is set, only the nodename portion of the FQDN is returned for local hosts. -.Pp -If the -.Fa flag -bit -.Dv NI_NUMERICHOST -is set, or if the host's name cannot be located in the DNS, -the numeric form of the host's address is returned instead of its name -.Po -e.g., by calling -.Fn inet_ntop -instead of -.Fn gethostbyaddr -.Pc . -If the -.Fa flag -bit -.Dv NI_NAMEREQD -is set, an error is returned if the host's name cannot be located in the DNS. +is +.Dv NI_MAXSERV , +as defined by +.In netdb.h . +If a length parameter is zero, no string will be stored. +Otherwise, enough space must be provided to store the +host name or service string plus a byte for the NUL terminator. .Pp -If the flag bit -.Dv NI_NUMERICSERV -is set, the numeric form of the service address is returned -.Pq e.g., its port number -instead of its name. -The two -.Dv NI_NUMERICxxx -flags are required to support the -.Fl n -flag that many commands provide. -.Pp -A fifth flag bit, -.Dv NI_DGRAM , -specifies that the service is a datagram service, and causes -.Fn getservbyport +The +.Fa flags +argument is formed by +.Tn OR Ns 'ing +the following values: +.Bl -tag -width "NI_NUMERICHOSTXX" +.It Dv NI_NOFQDN +A fully qualified domain name is not required for local hosts. +The local part of the fully qualified domain name is returned instead. +.It Dv NI_NUMERICHOST +Return the address in numeric form, as if calling +.Xr inet_ntop 3 , +instead of a host name. +.It Dv NI_NAMEREQD +A name is required. +If the host name cannot be found in DNS and this flag is set, +a non-zero error code is returned. +If the host name is not found and the flag is not set, the +address is returned in numeric form. +.It NI_NUMERICSERV +The service name is returned as a digit string representing the port number. +.It NI_DGRAM +Specifies that the service being looked up is a datagram +service, and causes +.Xr getservbyport 3 to be called with a second argument of -.Qq udp +.Dq udp instead of its default of -.Qq tcp . -This is required for the few ports (512-514) -that have different services for UDP and TCP. +.Dq tcp . +This is required for the few ports (512\-514) that have different services +for +.Tn UDP +and +.Tn TCP . +.El .Pp -These -.Dv NI_xxx -flags are defined in -.Aq Pa netdb.h . -.\" -.Ss Extension for scoped IPv6 address -The implementation allows experimental numeric IPv6 address notation with -scope identifier. -IPv6 link-local address will appear as string like +This implementation allows numeric IPv6 address notation with scope identifier, +as documented in RFC 4007. +IPv6 link-local address will appear as a string like .Dq Li fe80::1%ne0 . Refer to .Xr getaddrinfo 3 -for the notation. -.\" +for more information. +.Sh RETURN VALUES +.Fn getnameinfo +returns zero on success or one of the error codes listed in +.Xr gai_strerror 3 +if an error occurs. .Sh EXAMPLES -The following code tries to get numeric hostname, and service name, -for given socket address. -Observe that there is no hardcoded reference to particular address family. +The following code tries to get a numeric host name, and service name, +for a given socket address. +Observe that there is no hardcoded reference to a particular address family. .Bd -literal -offset indent struct sockaddr *sa; /* input */ char hbuf[NI_MAXHOST], sbuf[NI_MAXSERV]; if (getnameinfo(sa, sa->sa_len, hbuf, sizeof(hbuf), sbuf, - sizeof(sbuf), NI_NUMERICHOST | NI_NUMERICSERV)) { + sizeof(sbuf), NI_NUMERICHOST | NI_NUMERICSERV)) errx(1, "could not get numeric hostname"); - /*NOTREACHED*/ -} printf("host=%s, serv=%s\en", hbuf, sbuf); .Ed .Pp -The following version checks if the socket address has reverse address mapping. +The following version checks if the socket address has a reverse address mapping: .Bd -literal -offset indent struct sockaddr *sa; /* input */ char hbuf[NI_MAXHOST]; if (getnameinfo(sa, sa->sa_len, hbuf, sizeof(hbuf), NULL, 0, - NI_NAMEREQD)) { + NI_NAMEREQD)) errx(1, "could not resolve hostname"); - /*NOTREACHED*/ -} printf("host=%s\en", hbuf); .Ed -.\" -.Sh DIAGNOSTICS -The function indicates successful completion by a zero return value; -a non-zero return value indicates failure. -Error codes are as below: -.Bl -tag -width Er -.It Dv EAI_AGAIN -The name could not be resolved at this time. -Future attempts may succeed. -.It Dv EAI_BADFLAGS -The flags had an invalid value. -.It Dv EAI_FAIL -A non-recoverable error occurred. -.It Dv EAI_FAMILY -The address family was not recognized or the address length was invalid -for the specified family. -.It Dv EAI_MEMORY -There was a memory allocation failure. -.It Dv EAI_NONAME -The name does not resolve for the supplied parameters. -.Dv NI_NAMEREQD -is set and the host's name cannot be located, -or both nodename and servname were null. -.It Dv EAI_SYSTEM -A system error occurred. -The error code can be found in errno. -.El -.\" .Sh SEE ALSO +.Xr gai_strerror 3 , .Xr getaddrinfo 3 , .Xr gethostbyaddr 3 , .Xr getservbyport 3 , +.Xr inet_ntop 3 , +.Xr resolver 3 , .Xr hosts 5 , .Xr resolv.conf 5 , .Xr services 5 , -.Xr hostname 7 , -.Xr named 8 +.Xr hostname 7 +.Rs +.%A Craig Metz +.%T Protocol Independence Using the Sockets API +.%B Proceedings of the Freenix Track: 2000 USENIX Annual Technical Conference +.%D June 2000 +.Re +.Sh STANDARDS +The +.Fn getnameinfo +function is defined by the +.St -p1003.1g-2000 +draft specification and documented in RFC 3493. +.Pp .Rs .%A R. Gilligan .%A S. Thomson .%A J. Bound +.%A J. McCann .%A W. Stevens +.%D February 2003 +.%R RFC 3493 .%T Basic Socket Interface Extensions for IPv6 -.%R RFC2553 -.%D March 1999 .Re +.Pp .Rs -.%A Tatsuya Jinmei -.%A Atsushi Onoe -.%T "An Extension of Format for IPv6 Scoped Addresses" -.%R internet draft -.%N draft-ietf-ipngwg-scopedaddr-format-02.txt -.%O work in progress material +.%A S. Deering +.%A B. Haberman +.%A T. Jinmei +.%A E. Nordmark +.%A B. Zill +.%D March 2005 +.%R RFC 4007 +.%T IPv6 Scoped Address Architecture .Re -.Rs -.%A Craig Metz -.%T Protocol Independence Using the Sockets API -.%B "Proceedings of the freenix track: 2000 USENIX annual technical conference" -.%D June 2000 -.Re -.\" -.Sh HISTORY -The implementation first appeared in WIDE Hydrangea IPv6 protocol stack kit. -.\" -.Sh STANDARDS -The -.Fn getaddrinfo -function is defined IEEE POSIX 1003.1g draft specification, -and documented in -.Dq Basic Socket Interface Extensions for IPv6 -.Pq RFC2553 . -.\" -.Sh BUGS -The current implementation is not thread-safe. +.Sh CAVEATS +.Fn getnameinfo +can return both numeric and FQDN forms of the address specified in +.Fa sa . +There is no return value that indicates whether the string returned in +.Fa host +is a result of binary to numeric-text translation (like +.Xr inet_ntop 3 ) , +or is the result of a DNS reverse lookup. +Because of this, malicious parties could set up a PTR record as follows: +.Bd -literal -offset indent +1.0.0.127.in-addr.arpa. IN PTR 10.1.1.1 +.Ed +.Pp +and trick the caller of +.Fn getnameinfo +into believing that +.Fa sa +is +.Li 10.1.1.1 +when it is actually +.Li 127.0.0.1 . .Pp -The text was shamelessly copied from RFC2553. +To prevent such attacks, the use of +.Dv NI_NAMEREQD +is recommended when the result of +.Fn getnameinfo +is used +for access control purposes: +.Bd -literal -offset indent +struct sockaddr *sa; +char addr[NI_MAXHOST]; +struct addrinfo hints, *res; +int error; + +error = getnameinfo(sa, sa->sa_len, addr, sizeof(addr), + NULL, 0, NI_NAMEREQD); +if (error == 0) { + memset(&hints, 0, sizeof(hints)); + hints.ai_socktype = SOCK_DGRAM; /*dummy*/ + hints.ai_flags = AI_NUMERICHOST; + if (getaddrinfo(addr, "0", &hints, &res) == 0) { + /* malicious PTR record */ + freeaddrinfo(res); + printf("bogus PTR record\en"); + return -1; + } + /* addr is FQDN as a result of PTR lookup */ +} else { + /* addr is numeric string */ + error = getnameinfo(sa, sa->sa_len, addr, sizeof(addr), + NULL, 0, NI_NUMERICHOST); +} +.Ed +.Sh BUGS +The implementation of +.Fn getnameinfo +is not thread-safe. .Pp .Ox -intentionally uses different +intentionally uses a different .Dv NI_MAXHOST -value from what RFC2553 suggests, to avoid buffer length handling mistakes. +value from what +.Tn "RFC 2553" +suggests, to avoid buffer length handling mistakes. diff --git a/src/lib/libc/net/getnameinfo.c b/src/lib/libc/net/getnameinfo.c deleted file mode 100644 index 2311eba7a02..00000000000 --- a/src/lib/libc/net/getnameinfo.c +++ /dev/null @@ -1,361 +0,0 @@ -/* $OpenBSD: getnameinfo.c,v 1.25 2002/06/27 09:24:28 itojun Exp $ */ -/* $KAME: getnameinfo.c,v 1.45 2000/09/25 22:43:56 itojun Exp $ */ - -/* - * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the project nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* - * Issues to be discussed: - * - Thread safe-ness must be checked - * - RFC2553 says that we should raise error on short buffer. X/Open says - * we need to truncate the result. We obey RFC2553 (and X/Open should be - * modified). ipngwg rough consensus seems to follow RFC2553. - * - What is "local" in NI_FQDN? - * - NI_NAMEREQD and NI_NUMERICHOST conflict with each other. - * - (KAME extension) always attach textual scopeid (fe80::1%lo0), if - * sin6_scope_id is filled - standardization status? - * XXX breaks backward compat for code that expects no scopeid. - * beware on merge. - */ - -#ifndef INET6 -#define INET6 -#endif - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -static const struct afd { - int a_af; - int a_addrlen; - int a_socklen; - int a_off; -} afdl [] = { -#ifdef INET6 - {PF_INET6, sizeof(struct in6_addr), sizeof(struct sockaddr_in6), - offsetof(struct sockaddr_in6, sin6_addr)}, -#endif - {PF_INET, sizeof(struct in_addr), sizeof(struct sockaddr_in), - offsetof(struct sockaddr_in, sin_addr)}, - {0, 0, 0}, -}; - -struct sockinet { - u_char si_len; - u_char si_family; - u_short si_port; -}; - -#ifdef INET6 -static int ip6_parsenumeric(const struct sockaddr *, const char *, char *, - size_t, int); -static int ip6_sa2str(const struct sockaddr_in6 *, char *, size_t, int); -#endif - -int -getnameinfo(sa, salen, host, hostlen, serv, servlen, flags) - const struct sockaddr *sa; - socklen_t salen; - char *host; - size_t hostlen; - char *serv; - size_t servlen; - int flags; -{ - const struct afd *afd; - struct servent *sp; - struct hostent *hp; - u_short port; - int family, i; - const char *addr; - u_int32_t v4a; - int h_error; - char numserv[512]; - char numaddr[512]; - - if (sa == NULL) - return EAI_FAIL; - - if (sa->sa_len != salen) - return EAI_FAIL; - - family = sa->sa_family; - for (i = 0; afdl[i].a_af; i++) - if (afdl[i].a_af == family) { - afd = &afdl[i]; - goto found; - } - return EAI_FAMILY; - - found: - if (salen != afd->a_socklen) - return EAI_FAIL; - - /* network byte order */ - port = ((const struct sockinet *)sa)->si_port; - addr = (const char *)sa + afd->a_off; - - if (serv == NULL || servlen == 0) { - /* - * do nothing in this case. - * in case you are wondering if "&&" is more correct than - * "||" here: rfc2553bis-03 says that serv == NULL OR - * servlen == 0 means that the caller does not want the result. - */ - } else { - if (flags & NI_NUMERICSERV) - sp = NULL; - else { - sp = getservbyport(port, - (flags & NI_DGRAM) ? "udp" : "tcp"); - } - if (sp) { - if (strlen(sp->s_name) + 1 > servlen) - return EAI_MEMORY; - strlcpy(serv, sp->s_name, servlen); - } else { - snprintf(numserv, sizeof(numserv), "%u", ntohs(port)); - if (strlen(numserv) + 1 > servlen) - return EAI_MEMORY; - strlcpy(serv, numserv, servlen); - } - } - - switch (sa->sa_family) { - case AF_INET: - v4a = (u_int32_t) - ntohl(((const struct sockaddr_in *)sa)->sin_addr.s_addr); - if (IN_MULTICAST(v4a) || IN_EXPERIMENTAL(v4a)) - flags |= NI_NUMERICHOST; - v4a >>= IN_CLASSA_NSHIFT; - if (v4a == 0) - flags |= NI_NUMERICHOST; - break; -#ifdef INET6 - case AF_INET6: - { - const struct sockaddr_in6 *sin6; - sin6 = (const struct sockaddr_in6 *)sa; - switch (sin6->sin6_addr.s6_addr[0]) { - case 0x00: - if (IN6_IS_ADDR_V4MAPPED(&sin6->sin6_addr)) - ; - else if (IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr)) - ; - else - flags |= NI_NUMERICHOST; - break; - default: - if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { - flags |= NI_NUMERICHOST; - } - else if (IN6_IS_ADDR_MULTICAST(&sin6->sin6_addr)) - flags |= NI_NUMERICHOST; - break; - } - } - break; -#endif - } - if (host == NULL || hostlen == 0) { - /* - * do nothing in this case. - * in case you are wondering if "&&" is more correct than - * "||" here: rfc2553bis-03 says that host == NULL or - * hostlen == 0 means that the caller does not want the result. - */ - } else if (flags & NI_NUMERICHOST) { - int numaddrlen; - - /* NUMERICHOST and NAMEREQD conflicts with each other */ - if (flags & NI_NAMEREQD) - return EAI_NONAME; - - switch(afd->a_af) { -#ifdef INET6 - case AF_INET6: - { - int error; - - if ((error = ip6_parsenumeric(sa, addr, host, - hostlen, flags)) != 0) - return(error); - break; - } -#endif - default: - if (inet_ntop(afd->a_af, addr, numaddr, sizeof(numaddr)) - == NULL) - return EAI_SYSTEM; - numaddrlen = strlen(numaddr); - if (numaddrlen + 1 > hostlen) /* don't forget terminator */ - return EAI_MEMORY; - strlcpy(host, numaddr, hostlen); - break; - } - } else { - hp = gethostbyaddr(addr, afd->a_addrlen, afd->a_af); - h_error = h_errno; - - if (hp) { -#if 0 - /* - * commented out, since "for local host" is not - * implemented here - see RFC2553 p30 - */ - if (flags & NI_NOFQDN) { - char *p; - p = strchr(hp->h_name, '.'); - if (p) - *p = '\0'; - } -#endif - if (strlen(hp->h_name) + 1 > hostlen) { - return EAI_MEMORY; - } - strlcpy(host, hp->h_name, hostlen); - } else { - if (flags & NI_NAMEREQD) - return EAI_NONAME; - switch(afd->a_af) { -#ifdef INET6 - case AF_INET6: - { - int error; - - if ((error = ip6_parsenumeric(sa, addr, host, - hostlen, - flags)) != 0) - return(error); - break; - } -#endif - default: - if (inet_ntop(afd->a_af, addr, host, - hostlen) == NULL) - return EAI_SYSTEM; - break; - } - } - } - return(0); -} - -#ifdef INET6 -static int -ip6_parsenumeric(sa, addr, host, hostlen, flags) - const struct sockaddr *sa; - const char *addr; - char *host; - size_t hostlen; - int flags; -{ - int numaddrlen; - char numaddr[512]; - - if (inet_ntop(AF_INET6, addr, numaddr, sizeof(numaddr)) == NULL) - return EAI_SYSTEM; - - numaddrlen = strlen(numaddr); - if (numaddrlen + 1 > hostlen) /* don't forget terminator */ - return EAI_MEMORY; - strlcpy(host, numaddr, hostlen); - - if (((const struct sockaddr_in6 *)sa)->sin6_scope_id) { - char zonebuf[MAXHOSTNAMELEN]; - int zonelen; - - zonelen = ip6_sa2str( - (const struct sockaddr_in6 *)(const void *)sa, - zonebuf, sizeof(zonebuf), flags); - if (zonelen < 0) - return EAI_MEMORY; - if (zonelen + 1 + numaddrlen + 1 > hostlen) - return EAI_MEMORY; - - /* construct */ - memcpy(host + numaddrlen + 1, zonebuf, - (size_t)zonelen); - host[numaddrlen] = SCOPE_DELIMITER; - host[numaddrlen + 1 + zonelen] = '\0'; - } - - return 0; -} - -/* ARGSUSED */ -static int -ip6_sa2str(sa6, buf, bufsiz, flags) - const struct sockaddr_in6 *sa6; - char *buf; - size_t bufsiz; - int flags; -{ - unsigned int ifindex; - const struct in6_addr *a6; - int n; - - ifindex = (unsigned int)sa6->sin6_scope_id; - a6 = &sa6->sin6_addr; - -#ifdef notdef - if ((flags & NI_NUMERICSCOPE) != 0) { - n = snprintf(buf, bufsiz, "%u", sa6->sin6_scope_id); - if (n < 0 || n >= bufsiz) - return -1; - else - return n; - } -#endif - - /* if_indextoname() does not take buffer size. not a good api... */ - if ((IN6_IS_ADDR_LINKLOCAL(a6) || IN6_IS_ADDR_MC_LINKLOCAL(a6)) && - bufsiz >= IF_NAMESIZE) { - char *p = if_indextoname(ifindex, buf); - if (p) { - return(strlen(p)); - } - } - - /* last resort */ - n = snprintf(buf, bufsiz, "%u", sa6->sin6_scope_id); - if (n < 0 || n >= bufsiz) - return -1; - else - return n; -} -#endif /* INET6 */ diff --git a/src/lib/libc/net/getnetbyaddr.c b/src/lib/libc/net/getnetbyaddr.c deleted file mode 100644 index 925d1d58957..00000000000 --- a/src/lib/libc/net/getnetbyaddr.c +++ /dev/null @@ -1,56 +0,0 @@ -/* - * Copyright (c) 1983, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$OpenBSD: getnetbyaddr.c,v 1.5 1997/07/09 01:08:28 millert Exp $"; -#endif /* LIBC_SCCS and not lint */ - -#include - -extern int _net_stayopen; - -struct netent * -_getnetbyaddr(net, type) - register in_addr_t net; - register int type; -{ - register struct netent *p; - - setnetent(_net_stayopen); - while ((p = getnetent())) - if (p->n_addrtype == type && p->n_net == net) - break; - if (!_net_stayopen) - endnetent(); - return (p); -} diff --git a/src/lib/libc/net/getnetbyname.c b/src/lib/libc/net/getnetbyname.c deleted file mode 100644 index 4e39cf6860b..00000000000 --- a/src/lib/libc/net/getnetbyname.c +++ /dev/null @@ -1,62 +0,0 @@ -/* - * Copyright (c) 1983, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$OpenBSD: getnetbyname.c,v 1.5 1997/07/09 01:08:29 millert Exp $"; -#endif /* LIBC_SCCS and not lint */ - -#include -#include - -extern int _net_stayopen; - -struct netent * -_getnetbyname(name) - register const char *name; -{ - register struct netent *p; - register char **cp; - - setnetent(_net_stayopen); - while ((p = getnetent())) { - if (strcasecmp(p->n_name, name) == 0) - break; - for (cp = p->n_aliases; *cp != 0; cp++) - if (strcasecmp(*cp, name) == 0) - goto found; - } -found: - if (!_net_stayopen) - endnetent(); - return (p); -} diff --git a/src/lib/libc/net/getnetent.3 b/src/lib/libc/net/getnetent.3 index 0c401c74ffe..0f4f74e3646 100644 --- a/src/lib/libc/net/getnetent.3 +++ b/src/lib/libc/net/getnetent.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: getnetent.3,v 1.11 2000/12/24 00:30:56 aaron Exp $ +.\" $OpenBSD: getnetent.3,v 1.18 2018/04/28 15:37:43 schwarze Exp $ .\" .\" Copyright (c) 1983, 1991, 1993 .\" The Regents of the University of California. All rights reserved. @@ -11,11 +11,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -31,7 +27,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd March 13, 1997 +.Dd $Mdocdate: April 28 2018 $ .Dt GETNETENT 3 .Os .Sh NAME @@ -42,11 +38,11 @@ .Nm endnetent .Nd get network entry .Sh SYNOPSIS -.Fd #include +.In netdb.h .Ft struct netent * .Fn getnetent "void" .Ft struct netent * -.Fn getnetbyname "char *name" +.Fn getnetbyname "const char *name" .Ft struct netent * .Fn getnetbyaddr "in_addr_t net" "int type" .Ft void @@ -55,13 +51,10 @@ .Fn endnetent "void" .Sh DESCRIPTION The -.Fn getnetent , -.Fn getnetbyname , +.Fn getnetbyname and .Fn getnetbyaddr -functions each return a pointer to an object with the following structure -containing the broken-out fields of a line in the network database, -.Pa /etc/networks . +functions return a pointer to an object with the following structure: .Bd -literal -offset indent struct netent { char *n_name; /* official name of net */ @@ -76,56 +69,66 @@ The members of this structure are: .It Fa n_name The official name of the network. .It Fa n_aliases -A zero-terminated list of alternate names for the network. +A null-terminated list of alternate names for the network. .It Fa n_addrtype -The type of the network number returned; currently only +The type of the network number returned; it is always .Dv AF_INET . .It Fa n_net The network number. Network numbers are returned in machine byte order. .El .Pp -The -.Fn getnetent -function reads the next line of the file, opening the file if necessary. +On +.Ox , +these legacy functions perform a lookup in a similar fashion as +.Xr gethostbyname 3 +and +.Xr gethostbyaddr 3 , +respectively. +On other systems, they may use a separate network database file, +.Pa /etc/networks . .Pp -The -.Fn setnetent -function opens and rewinds the file. -If the -.Fa stayopen -flag is non-zero, -the net database will not be closed after each call to -.Fn getnetbyname -or -.Fn getnetbyaddr . +In contrast to +.Xr gethostbyaddr 3 , +the +.Fa net +argument is expected in machine byte order. .Pp The +.Fn setnetent , +.Fn getnetent , +and .Fn endnetent -function closes the file. -.Pp +functions are deprecated and no longer have any effect. +They could be used in the past to iterate over entries in the former file +.Pa /etc/networks . +.Sh RETURN VALUES The -.Fn getnetbyname -and .Fn getnetbyaddr -functions search the domain name server if the system is configured to use one. -If the search fails, or no name server is configured, they sequentially -search from the beginning of the file until a matching net name or -net address and type is found, or until -.Dv EOF -is encountered. -Network numbers are supplied in host order. +and +.Fn getnetbyname +functions return +.Dv NULL +if the requested entry is not found. +.Pp +The +.Fn getnetent +function always returns +.Dv NULL . .Sh FILES -.Bl -tag -width /etc/networks -compact -.It Pa /etc/networks +.Bl -tag -width /etc/hosts -compact +.It Pa /etc/hosts +The local host and network name database. .El -.Sh DIAGNOSTICS -Null pointer (0) returned on -.Dv EOF -or error. .Sh SEE ALSO +.Xr getaddrinfo 3 , +.Xr gethostbyname 3 , +.Xr getnameinfo 3 , .Xr resolver 3 , -.Xr networks 5 +.Xr hosts 5 +.Sh STANDARDS +These functions conform to +.St -p1003.1-2008 . .Sh HISTORY The .Fn getnetent , diff --git a/src/lib/libc/net/getnetent.c b/src/lib/libc/net/getnetent.c index 8f618a1d5e3..b93e442fa99 100644 --- a/src/lib/libc/net/getnetent.c +++ b/src/lib/libc/net/getnetent.c @@ -1,3 +1,4 @@ +/* $OpenBSD: getnetent.c,v 1.18 2018/04/28 15:05:40 schwarze Exp $ */ /* * Copyright (c) 1983, 1993 * The Regents of the University of California. All rights reserved. @@ -10,11 +11,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -31,99 +28,22 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$OpenBSD: getnetent.c,v 1.8 1998/03/16 05:06:57 millert Exp $"; -#endif /* LIBC_SCCS and not lint */ - -#include -#include -#include -#include #include -#include -#include - -#define MAXALIASES 35 - -static FILE *netf; -static char line[BUFSIZ+1]; -static struct netent net; -static char *net_aliases[MAXALIASES]; -int _net_stayopen; +#include void -setnetent(f) - int f; +setnetent(int f) { - if (netf == NULL) - netf = fopen(_PATH_NETWORKS, "r" ); - else - rewind(netf); - _net_stayopen |= f; } void -endnetent() +endnetent(void) { - if (netf) { - fclose(netf); - netf = NULL; - } - _net_stayopen = 0; } struct netent * -getnetent() +getnetent(void) { - char *p, *cp, **q; - size_t len; - - if (netf == NULL && (netf = fopen(_PATH_NETWORKS, "r" )) == NULL) - return (NULL); -again: - if ((p = fgetln(netf, &len)) == NULL) - return (NULL); - if (p[len-1] == '\n') - len--; - if (len >= sizeof(line) || len == 0) - goto again; - p = memcpy(line, p, len); - line[len] = '\0'; - if (*p == '#') - goto again; - if ((cp = strchr(p, '#')) != NULL) - *cp = '\0'; - net.n_name = p; - if (strlen(net.n_name) >= MAXHOSTNAMELEN-1) - net.n_name[MAXHOSTNAMELEN-1] = '\0'; - cp = strpbrk(p, " \t"); - if (cp == NULL) - goto again; - *cp++ = '\0'; - while (*cp == ' ' || *cp == '\t') - cp++; - p = strpbrk(cp, " \t"); - if (p != NULL) - *p++ = '\0'; - net.n_net = inet_network(cp); - net.n_addrtype = AF_INET; - q = net.n_aliases = net_aliases; - if (p != NULL) - cp = p; - while (cp && *cp) { - if (*cp == ' ' || *cp == '\t') { - cp++; - continue; - } - if (q < &net_aliases[MAXALIASES - 1]) { - *q++ = cp; - if (strlen(cp) >= MAXHOSTNAMELEN-1) - cp[MAXHOSTNAMELEN-1] = '\0'; - } - cp = strpbrk(cp, " \t"); - if (cp != NULL) - *cp++ = '\0'; - } - *q = NULL; - return (&net); + h_errno = NETDB_INTERNAL; + return NULL; } diff --git a/src/lib/libc/net/getnetnamadr.c b/src/lib/libc/net/getnetnamadr.c deleted file mode 100644 index abbfdbd64c2..00000000000 --- a/src/lib/libc/net/getnetnamadr.c +++ /dev/null @@ -1,391 +0,0 @@ -/* $OpenBSD: getnetnamadr.c,v 1.18 2002/08/27 08:53:13 itojun Exp $ */ - -/* - * Copyright (c) 1997, Jason Downs. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by Jason Downs for the - * OpenBSD system. - * 4. Neither the name(s) of the author(s) nor the name OpenBSD - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS - * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED - * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, - * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER - * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ -/* Copyright (c) 1993 Carlos Leandro and Rui Salgueiro - * Dep. Matematica Universidade de Coimbra, Portugal, Europe - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - */ -/* - * Copyright (c) 1983, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -#if 0 -static char sccsid[] = "@(#)getnetbyaddr.c 8.1 (Berkeley) 6/4/93"; -static char sccsid_[] = "from getnetnamadr.c 1.4 (Coimbra) 93/06/03"; -static char rcsid[] = "$From: getnetnamadr.c,v 8.7 1996/08/05 08:31:35 vixie Exp $"; -#else -static char rcsid[] = "$OpenBSD: getnetnamadr.c,v 1.18 2002/08/27 08:53:13 itojun Exp $"; -#endif -#endif /* LIBC_SCCS and not lint */ - -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include - -extern int h_errno; - -struct netent *_getnetbyaddr(in_addr_t net, int type); -struct netent *_getnetbyname(const char *name); - -int _hokchar(const char *); - -#define BYADDR 0 -#define BYNAME 1 -#define MAXALIASES 35 - -#define MAXPACKET (64*1024) - -typedef union { - HEADER hdr; - u_char buf[MAXPACKET]; -} querybuf; - -typedef union { - long al; - char ac; -} align; - -static struct netent * -getnetanswer(answer, anslen, net_i) - querybuf *answer; - int anslen; - int net_i; -{ - - register HEADER *hp; - register u_char *cp; - register int n; - u_char *eom; - int type, class, ancount, qdcount, haveanswer, i, nchar; - char aux1[MAXHOSTNAMELEN], aux2[MAXHOSTNAMELEN], ans[MAXHOSTNAMELEN]; - char *in, *st, *pauxt, *bp, **ap, *ep; - char *paux1 = &aux1[0], *paux2 = &aux2[0], flag = 0; - static struct netent net_entry; - static char *net_aliases[MAXALIASES], netbuf[BUFSIZ+1]; - - /* - * find first satisfactory answer - * - * answer --> +------------+ ( MESSAGE ) - * | Header | - * +------------+ - * | Question | the question for the name server - * +------------+ - * | Answer | RRs answering the question - * +------------+ - * | Authority | RRs pointing toward an authority - * | Additional | RRs holding additional information - * +------------+ - */ - eom = answer->buf + anslen; - hp = &answer->hdr; - ancount = ntohs(hp->ancount); /* #/records in the answer section */ - qdcount = ntohs(hp->qdcount); /* #/entries in the question section */ - bp = netbuf; - ep = netbuf + sizeof(netbuf); - cp = answer->buf + HFIXEDSZ; - if (!qdcount) { - if (hp->aa) - h_errno = HOST_NOT_FOUND; - else - h_errno = TRY_AGAIN; - return (NULL); - } - while (qdcount-- > 0) - cp += __dn_skipname(cp, eom) + QFIXEDSZ; - ap = net_aliases; - *ap = NULL; - net_entry.n_aliases = net_aliases; - haveanswer = 0; - while (--ancount >= 0 && cp < eom) { - n = dn_expand(answer->buf, eom, cp, bp, ep - bp); -#ifdef USE_RESOLV_NAME_OK - if ((n < 0) || !res_dnok(bp)) -#else - if ((n < 0) || !_hokchar(bp)) -#endif - break; - cp += n; - ans[0] = '\0'; - strlcpy(&ans[0], bp, sizeof ans); - GETSHORT(type, cp); - GETSHORT(class, cp); - cp += INT32SZ; /* TTL */ - GETSHORT(n, cp); - if (class == C_IN && type == T_PTR) { - n = dn_expand(answer->buf, eom, cp, bp, ep - bp); -#ifdef USE_RESOLV_NAME_OK - if ((n < 0) || !res_hnok(bp)) -#else - if ((n < 0) || !_hokchar(bp)) -#endif - { - cp += n; - return (NULL); - } - cp += n; - *ap++ = bp; - bp += strlen(bp) + 1; - net_entry.n_addrtype = - (class == C_IN) ? AF_INET : AF_UNSPEC; - haveanswer++; - } - } - if (haveanswer) { - *ap = NULL; - switch (net_i) { - case BYADDR: - net_entry.n_name = *net_entry.n_aliases; - net_entry.n_net = 0L; - break; - case BYNAME: - in = *net_entry.n_aliases; - net_entry.n_name = &ans[0]; - aux2[0] = '\0'; - for (i = 0; i < 4; i++) { - for (st = in, nchar = 0; - *st != '.'; - st++, nchar++) - ; - if (nchar != 1 || *in != '0' || flag) { - flag = 1; - strlcpy(paux1, - (i==0) ? in : in-1, - (i==0) ? nchar+1 : nchar+2); - pauxt = paux2; - paux2 = strcat(paux1, paux2); - paux1 = pauxt; - } - in = ++st; - } - net_entry.n_net = inet_network(paux2); - break; - } - net_entry.n_aliases++; - return (&net_entry); - } - h_errno = TRY_AGAIN; - return (NULL); -} - -struct netent * -getnetbyaddr(net, net_type) - register in_addr_t net; - register int net_type; -{ - unsigned int netbr[4]; - int nn, anslen; - querybuf *buf; - char qbuf[MAXDNAME]; - in_addr_t net2; - struct netent *net_entry = NULL; - char lookups[MAXDNSLUS]; - int i; - - if ((_res.options & RES_INIT) == 0 && res_init() == -1) - return(_getnetbyaddr(net, net_type)); - - bcopy(_res.lookups, lookups, sizeof lookups); - if (lookups[0] == '\0') - strlcpy(lookups, "bf", sizeof lookups); - - for (i = 0; i < MAXDNSLUS && lookups[i]; i++) { - switch (lookups[i]) { -#ifdef YP - case 'y': - /* There is no YP support. */ - break; -#endif /* YP */ - case 'b': - if (net_type != AF_INET) - break; /* DNS only supports AF_INET? */ - - for (nn = 4, net2 = net; net2; net2 >>= 8) - netbr[--nn] = net2 & 0xff; - switch (nn) { - case 3: /* Class A */ - snprintf(qbuf, sizeof(qbuf), - "0.0.0.%u.in-addr.arpa", netbr[3]); - break; - case 2: /* Class B */ - snprintf(qbuf, sizeof(qbuf), - "0.0.%u.%u.in-addr.arpa", - netbr[3], netbr[2]); - break; - case 1: /* Class C */ - snprintf(qbuf, sizeof(qbuf), - "0.%u.%u.%u.in-addr.arpa", - netbr[3], netbr[2], netbr[1]); - break; - case 0: /* Class D - E */ - snprintf(qbuf, sizeof(qbuf), - "%u.%u.%u.%u.in-addr.arpa", - netbr[3], netbr[2], netbr[1], netbr[0]); - break; - } - buf = malloc(sizeof(*buf)); - if (buf == NULL) - break; - anslen = res_query(qbuf, C_IN, T_PTR, buf->buf, - sizeof(buf->buf)); - if (anslen < 0) { - free(buf); -#ifdef DEBUG - if (_res.options & RES_DEBUG) - printf("res_query failed\n"); -#endif - break; - } - net_entry = getnetanswer(buf, anslen, BYADDR); - free(buf); - if (net_entry != NULL) { - unsigned u_net = net; /* maybe net should be unsigned ? */ - - /* Strip trailing zeros */ - while ((u_net & 0xff) == 0 && u_net != 0) - u_net >>= 8; - net_entry->n_net = u_net; - return (net_entry); - } - break; - case 'f': - net_entry = _getnetbyaddr(net, net_type); - if (net_entry != NULL) - return (net_entry); - } - } - - /* Nothing matched. */ - return (NULL); -} - -struct netent * -getnetbyname(net) - register const char *net; -{ - int anslen; - querybuf *buf; - char qbuf[MAXDNAME]; - struct netent *net_entry = NULL; - char lookups[MAXDNSLUS]; - int i; - - if ((_res.options & RES_INIT) == 0 && res_init() == -1) - return (_getnetbyname(net)); - - bcopy(_res.lookups, lookups, sizeof lookups); - if (lookups[0] == '\0') - strlcpy(lookups, "bf", sizeof lookups); - - for (i = 0; i < MAXDNSLUS && lookups[i]; i++) { - switch (lookups[i]) { -#ifdef YP - case 'y': - /* There is no YP support. */ - break; -#endif /* YP */ - case 'b': - strlcpy(qbuf, net, sizeof qbuf); - buf = malloc(sizeof(*buf)); - if (buf == NULL) - break; - anslen = res_search(qbuf, C_IN, T_PTR, buf->buf, - sizeof(buf->buf)); - if (anslen < 0) { - free(buf); -#ifdef DEBUG - if (_res.options & RES_DEBUG) - printf("res_query failed\n"); -#endif - break; - } - net_entry = getnetanswer(buf, anslen, BYNAME); - free(buf); - if (net_entry != NULL) - return (net_entry); - break; - case 'f': - net_entry = _getnetbyname(net); - if (net_entry != NULL) - return (net_entry); - break; - } - } - - /* Nothing matched. */ - return (NULL); -} diff --git a/src/lib/libc/net/getpeereid.3 b/src/lib/libc/net/getpeereid.3 new file mode 100644 index 00000000000..9c5742a245f --- /dev/null +++ b/src/lib/libc/net/getpeereid.3 @@ -0,0 +1,121 @@ +.\" $OpenBSD: getpeereid.3,v 1.3 2013/06/05 03:39:23 tedu Exp $ +.\" +.\" Copyright (c) 1983, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.Dd $Mdocdate: June 5 2013 $ +.Dt GETPEEREID 3 +.Os +.Sh NAME +.Nm getpeereid +.Nd get effective user and group identification of locally-connected peer +.Sh SYNOPSIS +.In sys/types.h +.In sys/socket.h +.Ft int +.Fn getpeereid "int s" "uid_t *euid" "gid_t *egid" +.Sh DESCRIPTION +.Fn getpeereid +returns the effective user ID and group ID of the peer connected to +a +.Ux Ns -domain +socket (see +.Xr unix 4 ) . +The argument +.Fa s +must be of type +.Dv SOCK_STREAM +or +.Dv SOCK_SEQPACKET . +.Pp +One common use is for +.Ux Ns -domain +servers to determine the credentials of clients that have connected to it. +.Pp +.Fn getpeereid +takes three parameters: +.Bl -bullet +.It +.Fa s +contains the file descriptor of the socket whose peer credentials +should be looked up. +.It +.Fa euid +points to a +.Li uid_t +variable into which the effective user ID for the connected peer will +be stored. +.It +.Fa egid +points to a +.Li gid_t +variable into which the effective group ID for the connected peer will +be stored. +.El +.Sh RETURN VALUES +If the call succeeds, a 0 is returned and +.Fa euid +and +.Fa egid +are set to the effective user ID and group ID of the connected peer. +Otherwise, +.Va errno +is set and a value of \-1 is returned. +.Sh ERRORS +On failure, +.Va errno +is set to one of the following: +.Bl -tag -width Er +.It Bq Er EBADF +The argument +.Fa s +is not a valid descriptor. +.It Bq Er ENOTSOCK +The argument +.Fa s +is a file, not a socket. +.It Bq Er EOPNOTSUPP +The socket is not in the +.Ux Ns -domain . +.It Bq Er ENOTCONN +The socket is not connected. +.It Bq Er ENOBUFS +Insufficient resources were available in the system +to perform the operation. +.El +.Sh SEE ALSO +.Xr accept 2 , +.Xr bind 2 , +.Xr getpeername 2 , +.Xr getsockname 2 , +.Xr getsockopt 2 , +.Xr socket 2 , +.Xr unix 4 +.Sh HISTORY +The +.Fn getpeereid +function call appeared in +.Ox 3.0 . diff --git a/src/lib/libc/net/getpeereid.c b/src/lib/libc/net/getpeereid.c new file mode 100644 index 00000000000..208e541f172 --- /dev/null +++ b/src/lib/libc/net/getpeereid.c @@ -0,0 +1,36 @@ +/* $OpenBSD: getpeereid.c,v 1.1 2010/07/01 19:15:30 deraadt Exp $ */ + +/* + * Copyright (c) 2010 Theo de Raadt + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include + +int +getpeereid(int s, uid_t *euid, gid_t *egid) +{ + struct sockpeercred creds; + socklen_t credslen = sizeof(creds); + int error; + + error = getsockopt(s, SOL_SOCKET, SO_PEERCRED, + &creds, &credslen); + if (error) + return (error); + *euid = creds.uid; + *egid = creds.gid; + return (0); +} diff --git a/src/lib/libc/net/getproto.c b/src/lib/libc/net/getproto.c index 474d8d94278..8e080679d0e 100644 --- a/src/lib/libc/net/getproto.c +++ b/src/lib/libc/net/getproto.c @@ -1,3 +1,4 @@ +/* $OpenBSD: getproto.c,v 1.8 2015/09/14 07:38:38 guenther Exp $ */ /* * Copyright (c) 1983, 1993 * The Regents of the University of California. All rights reserved. @@ -10,11 +11,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -31,25 +28,33 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$OpenBSD: getproto.c,v 1.3 1997/07/09 01:08:31 millert Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include +#include + +int +getprotobynumber_r(int num, struct protoent *pe, struct protoent_data *pd) +{ + int error; -extern int _proto_stayopen; + setprotoent_r(pd->stayopen, pd); + while ((error = getprotoent_r(pe, pd)) == 0) + if (pe->p_proto == num) + break; + if (!pd->stayopen && pd->fp != NULL) { + (void)fclose(pd->fp); + pd->fp = NULL; + } + return (error); +} +DEF_WEAK(getprotobynumber_r); struct protoent * -getprotobynumber(proto) - register int proto; +getprotobynumber(int num) { - register struct protoent *p; + extern struct protoent_data _protoent_data; + static struct protoent proto; - setprotoent(_proto_stayopen); - while ((p = getprotoent())) - if (p->p_proto == proto) - break; - if (!_proto_stayopen) - endprotoent(); - return (p); + if (getprotobynumber_r(num, &proto, &_protoent_data) != 0) + return (NULL); + return (&proto); } diff --git a/src/lib/libc/net/getprotoent.3 b/src/lib/libc/net/getprotoent.3 index 1f955295320..cc2c69836a5 100644 --- a/src/lib/libc/net/getprotoent.3 +++ b/src/lib/libc/net/getprotoent.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: getprotoent.3,v 1.8 2000/12/24 00:30:56 aaron Exp $ +.\" $OpenBSD: getprotoent.3,v 1.18 2013/06/05 03:39:23 tedu Exp $ .\" .\" Copyright (c) 1983, 1991, 1993 .\" The Regents of the University of California. All rights reserved. @@ -11,11 +11,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -31,28 +27,43 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd June 4, 1993 +.Dd $Mdocdate: June 5 2013 $ .Dt GETPROTOENT 3 .Os .Sh NAME .Nm getprotoent , +.Nm getprotoent_r , .Nm getprotobynumber , +.Nm getprotobynumber_r , .Nm getprotobyname , +.Nm getprotobyname_r , .Nm setprotoent , -.Nm endprotoent +.Nm setprotoent_r , +.Nm endprotoent , +.Nm endprotoent_r .Nd get protocol entry .Sh SYNOPSIS -.Fd #include +.In netdb.h .Ft struct protoent * .Fn getprotoent "void" +.Ft int +.Fn getprotoent_r "struct protoent *protoent" "struct protoent_data *protoent_data" .Ft struct protoent * -.Fn getprotobyname "char *name" +.Fn getprotobyname "const char *name" +.Ft int +.Fn getprotobyname_r "const char *name" "struct protoent *protoent" "struct protoent_data *protoent_data" .Ft struct protoent * .Fn getprotobynumber "int proto" +.Ft int +.Fn getprotobynumber_r "int proto" "struct protoent *protoent" "struct protoent_data *protoent_data" .Ft void .Fn setprotoent "int stayopen" .Ft void +.Fn setprotoent_r "int stayopen" "struct protoent_data *protoent_data" +.Ft void .Fn endprotoent "void" +.Ft void +.Fn endprotoent_r "struct protoent_data *protoent_data" .Sh DESCRIPTION The .Fn getprotoent , @@ -76,7 +87,7 @@ The members of this structure are: .It Fa p_name The official name of the protocol. .It Fa p_aliases -A zero-terminated list of alternate names for the protocol. +A null-terminated list of alternate names for the protocol. .It Fa p_proto The protocol number. .El @@ -91,7 +102,7 @@ function opens and rewinds the file. If the .Fa stayopen flag is non-zero, -the net database will not be closed after each call to +the protocol database will not be closed after each call to .Fn getprotobyname or .Fn getprotobynumber . @@ -108,16 +119,74 @@ functions sequentially search from the beginning of the file until a matching protocol name or protocol number is found, or until .Dv EOF is encountered. +.Pp +The +.Fn getprotoent_r , +.Fn getprotobyport_r , +.Fn getprotobyname_r , +.Fn setprotoent_r , +and +.Fn endprotoent_r +functions are reentrant versions of the above functions that take a +pointer to a +.Vt protoent_data +structure which is used to store state information. +The structure must be zero-filled before it is used +and should be considered opaque for the sake of portability. +.Pp +The +.Fn getprotoent_r , +.Fn getprotobyport_r , +and +.Fn getprotobyname_r +functions +also take a pointer to a +.Vt protoent +structure which is used to store the results of the database lookup. .Sh RETURN VALUES -Null pointer (0) returned on -.Dv EOF -or error. +The +.Fn getprotoent , +.Fn getprotobyport , +and +.Fn getprotobyname +functions return a pointer to a +.Vt protoent +structure on success or a null pointer if end-of-file +is reached or an error occurs. +.Pp +The +.Fn getprotoent_r , +.Fn getprotobyport_r , +and +.Fn getprotobyname_r +functions return 0 on success or \-1 if end-of-file +is reached or an error occurs. .Sh FILES .Bl -tag -width /etc/protocols -compact .It Pa /etc/protocols .El .Sh SEE ALSO .Xr protocols 5 +.Sh STANDARDS +The +.Fn getprotoent , +.Fn getprotobynumber , +.Fn getprotobyname , +.Fn setprotoent , +and +.Fn endprotoent +functions conform to +.St -p1003.1-2004 . +.Pp +The +.Fn getprotoent_r , +.Fn getprotobyport_r , +.Fn getprotobyname_r , +.Fn setprotoent_r , +and +.Fn endprotoent_r +functions are not currently standardized. +This implementation follows the API used by HP, IBM, and Digital. .Sh HISTORY The .Fn getprotoent , @@ -128,7 +197,17 @@ and .Fn endprotoent functions appeared in .Bx 4.2 . +.Pp +The +.Fn getprotoent_r , +.Fn getprotobyport_r , +.Fn getprotobyname_r , +.Fn setprotoent_r , +and +.Fn endprotoent_r +functions appeared in +.Ox 3.7 . .Sh BUGS -These functions use a static data space; if the data is needed for future use, -it should be copied before any subsequent calls overwrite it. +The non-reentrant functions use a static data space; if the data is needed +for future use, it should be copied before any subsequent calls overwrite it. Only the Internet protocols are currently understood. diff --git a/src/lib/libc/net/getprotoent.c b/src/lib/libc/net/getprotoent.c index 2f8b2676114..a218863d07c 100644 --- a/src/lib/libc/net/getprotoent.c +++ b/src/lib/libc/net/getprotoent.c @@ -1,3 +1,4 @@ +/* $OpenBSD: getprotoent.c,v 1.13 2015/09/14 07:38:38 guenther Exp $ */ /* * Copyright (c) 1983, 1993 * The Regents of the University of California. All rights reserved. @@ -10,11 +11,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -31,70 +28,68 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$OpenBSD: getprotoent.c,v 1.4 1999/09/03 16:23:18 millert Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include #include + +#include +#include #include #include #include #include -#define MAXALIASES 35 - -static FILE *protof = NULL; -static char line[BUFSIZ+1]; -static struct protoent proto; -static char *proto_aliases[MAXALIASES]; -int _proto_stayopen; - void -setprotoent(f) - int f; +setprotoent_r(int f, struct protoent_data *pd) { - if (protof == NULL) - protof = fopen(_PATH_PROTOCOLS, "r" ); + if (pd->fp == NULL) + pd->fp = fopen(_PATH_PROTOCOLS, "re" ); else - rewind(protof); - _proto_stayopen |= f; + rewind(pd->fp); + pd->stayopen |= f; } +DEF_WEAK(setprotoent_r); void -endprotoent() +endprotoent_r(struct protoent_data *pd) { - if (protof) { - fclose(protof); - protof = NULL; + if (pd->fp) { + fclose(pd->fp); + pd->fp = NULL; } - _proto_stayopen = 0; + free(pd->aliases); + pd->aliases = NULL; + pd->maxaliases = 0; + free(pd->line); + pd->line = NULL; + pd->stayopen = 0; } +DEF_WEAK(endprotoent_r); -struct protoent * -getprotoent() +int +getprotoent_r(struct protoent *pe, struct protoent_data *pd) { char *p, *cp, **q, *endp; - long l; size_t len; + long l; + int serrno; - if (protof == NULL && (protof = fopen(_PATH_PROTOCOLS, "r" )) == NULL) - return (NULL); + if (pd->fp == NULL && (pd->fp = fopen(_PATH_PROTOCOLS, "re" )) == NULL) + return (-1); again: - if ((p = fgetln(protof, &len)) == NULL) - return (NULL); + if ((p = fgetln(pd->fp, &len)) == NULL) + return (-1); + if (len == 0 || *p == '#' || *p == '\n') + goto again; if (p[len-1] == '\n') len--; - if (len >= sizeof(line) || len == 0) - goto again; - p = memcpy(line, p, len); - line[len] = '\0'; - if (*p == '#') - goto again; - if ((cp = strchr(p, '#')) != NULL) - *cp = '\0'; - proto.p_name = p; - cp = strpbrk(p, " \t"); + if ((cp = memchr(p, '#', len)) != NULL) + len = cp - p; + cp = realloc(pd->line, len + 1); + if (cp == NULL) + return (-1); + pd->line = pe->p_name = memcpy(cp, p, len); + cp[len] = '\0'; + cp = strpbrk(cp, " \t"); if (cp == NULL) goto again; *cp++ = '\0'; @@ -106,8 +101,18 @@ getprotoent() l = strtol(cp, &endp, 10); if (endp == cp || *endp != '\0' || l < 0 || l >= INT_MAX) goto again; - proto.p_proto = l; - q = proto.p_aliases = proto_aliases; + pe->p_proto = l; + if (pd->aliases == NULL) { + pd->maxaliases = 5; + pd->aliases = calloc(pd->maxaliases, sizeof(char *)); + if (pd->aliases == NULL) { + serrno = errno; + endprotoent_r(pd); + errno = serrno; + return (-1); + } + } + q = pe->p_aliases = pd->aliases; if (p != NULL) { cp = p; while (cp && *cp) { @@ -115,13 +120,50 @@ getprotoent() cp++; continue; } - if (q < &proto_aliases[MAXALIASES - 1]) - *q++ = cp; + if (q == &pe->p_aliases[pd->maxaliases - 1]) { + p = reallocarray(pe->p_aliases, + pd->maxaliases, 2 * sizeof(char *)); + if (p == NULL) { + serrno = errno; + endprotoent_r(pd); + errno = serrno; + return (-1); + } + pd->maxaliases *= 2; + q = (char **)p + (q - pe->p_aliases); + pe->p_aliases = pd->aliases = (char **)p; + } + *q++ = cp; cp = strpbrk(cp, " \t"); if (cp != NULL) *cp++ = '\0'; } } *q = NULL; + return (0); +} +DEF_WEAK(getprotoent_r); + +struct protoent_data _protoent_data; /* shared with getproto{,name}.c */ + +void +setprotoent(int f) +{ + setprotoent_r(f, &_protoent_data); +} + +void +endprotoent(void) +{ + endprotoent_r(&_protoent_data); +} + +struct protoent * +getprotoent(void) +{ + static struct protoent proto; + + if (getprotoent_r(&proto, &_protoent_data) != 0) + return (NULL); return (&proto); } diff --git a/src/lib/libc/net/getprotoname.c b/src/lib/libc/net/getprotoname.c index 7a4e5fede52..f6ed4c49b1a 100644 --- a/src/lib/libc/net/getprotoname.c +++ b/src/lib/libc/net/getprotoname.c @@ -1,3 +1,4 @@ +/* $OpenBSD: getprotoname.c,v 1.8 2015/09/14 07:38:38 guenther Exp $ */ /* * Copyright (c) 1983, 1993 * The Regents of the University of California. All rights reserved. @@ -10,11 +11,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -31,32 +28,42 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$OpenBSD: getprotoname.c,v 1.3 1997/07/09 01:08:32 millert Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include +#include #include -extern int _proto_stayopen; - -struct protoent * -getprotobyname(name) - register const char *name; +int +getprotobyname_r(const char *name, struct protoent *pe, + struct protoent_data *pd) { - register struct protoent *p; - register char **cp; + char **cp; + int error; - setprotoent(_proto_stayopen); - while ((p = getprotoent())) { - if (strcmp(p->p_name, name) == 0) + setprotoent_r(pd->stayopen, pd); + while ((error = getprotoent_r(pe, pd)) == 0) { + if (strcmp(pe->p_name, name) == 0) break; - for (cp = p->p_aliases; *cp != 0; cp++) + for (cp = pe->p_aliases; *cp != 0; cp++) if (strcmp(*cp, name) == 0) goto found; } found: - if (!_proto_stayopen) - endprotoent(); - return (p); + if (!pd->stayopen && pd->fp != NULL) { + fclose(pd->fp); + pd->fp = NULL; + } + return (error); +} +DEF_WEAK(getprotobyname_r); + +struct protoent * +getprotobyname(const char *name) +{ + extern struct protoent_data _protoent_data; + static struct protoent proto; + + if (getprotobyname_r(name, &proto, &_protoent_data) != 0) + return (NULL); + return (&proto); } +DEF_WEAK(getprotobyname); diff --git a/src/lib/libc/net/getrrsetbyname.3 b/src/lib/libc/net/getrrsetbyname.3 index 50cadfd3720..6a42edcc93b 100644 --- a/src/lib/libc/net/getrrsetbyname.3 +++ b/src/lib/libc/net/getrrsetbyname.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: getrrsetbyname.3,v 1.7 2002/06/09 05:03:59 deraadt Exp $ +.\" $OpenBSD: getrrsetbyname.3,v 1.20 2014/11/05 15:12:23 jmc Exp $ .\" .\" Copyright (C) 2000, 2001 Internet Software Consortium. .\" @@ -15,28 +15,29 @@ .\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION .\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd Oct 18, 2000 +.Dd $Mdocdate: November 5 2014 $ .Dt GETRRSETBYNAME 3 .Os .Sh NAME +.Nm freerrset , .Nm getrrsetbyname .Nd retrieve DNS records .Sh SYNOPSIS -.Fd #include +.In netdb.h .Ft int .Fn getrrsetbyname "const char *hostname" "unsigned int rdclass" \ "unsigned int rdtype" "unsigned int flags" "struct rrsetinfo **res" -.Ft int -.Fn freerrset "struct rrsetinfo **rrset" +.Ft void +.Fn freerrset "struct rrsetinfo *rrset" .Sh DESCRIPTION .Fn getrrsetbyname gets a set of resource records associated with a .Fa hostname , -.Fa class +.Fa rdclass , and -.Fa type . +.Fa rdtype . .Fa hostname -is a pointer a to null-terminated string. +is a pointer to a NUL-terminated string. The .Fa flags field is currently unused and must be zero. @@ -74,22 +75,22 @@ bit is set, the data has been DNSSEC validated and the signatures verified. .Pp The following structures are used: -.Bd -literal -offset +.Bd -literal -offset indent struct rdatainfo { - unsigned int rdi_length; /* length of data */ - unsigned char *rdi_data; /* record data */ + unsigned int rdi_length; /* length of data */ + unsigned char *rdi_data; /* record data */ }; struct rrsetinfo { - unsigned int rri_flags; /* RRSET_VALIDATED ... */ - unsigned int rri_rdclass; /* class number */ - unsigned int rri_rdtype; /* RR type number */ - unsigned int rri_ttl; /* time to live */ - unsigned int rri_nrdatas; /* size of rdatas array */ - unsigned int rri_nsigs; /* size of sigs array */ - char *rri_name; /* canonical name */ - struct rdatainfo *rri_rdatas; /* individual records */ - struct rdatainfo *rri_sigs; /* individual signatures */ + unsigned int rri_flags; /* RRSET_VALIDATED ... */ + unsigned int rri_rdclass; /* class number */ + unsigned int rri_rdtype; /* RR type number */ + unsigned int rri_ttl; /* time to live */ + unsigned int rri_nrdatas; /* size of rdatas array */ + unsigned int rri_nsigs; /* size of sigs array */ + char *rri_name; /* canonical name */ + struct rdatainfo *rri_rdatas; /* individual records */ + struct rdatainfo *rri_sigs; /* individual signatures */ }; .Ed .Pp @@ -102,7 +103,6 @@ and structures, and the canonical host name strings pointed to by the .Li rrsetinfo -u lib/libc/sys/lseek.2 structure. Memory allocated for the dynamically allocated structures created by a successful call to @@ -111,56 +111,54 @@ is released by .Fn freerrset . .Li rrset is a pointer to a -.Li struct rrset +.Li struct rrsetinfo created by a call to .Fn getrrsetbyname . -.Pp -If the EDNS0 option is activated in -.Xr resolv.conf 3 , -.Fn getrrsetbyname -will request DNSSEC authentication using the EDNS0 DNSSEC OK (DO) bit. -.Sh "RETURN VALUES" +.\" .Pp +.\" If the EDNS0 option is activated in +.\" .Xr resolv.conf 5 , +.\" .Fn getrrsetbyname +.\" will request DNSSEC authentication using the EDNS0 DNSSEC OK (DO) bit. +.Sh RETURN VALUES .Fn getrrsetbyname returns zero on success, and one of the following error codes if an error occurred: -.Pp -.Bl -tag -width ERRSET_NOMEMORY -compact -.It Dv ERRSET_NONAME -the name does not exist -.It Dv ERRSET_NODATA -the name exists, but does not have data of the desired type -.It Dv ERRSET_NOMEMORY -memory could not be allocated -.It Dv ERRSET_INVAL -a parameter is invalid -.It Dv ERRSET_FAIL -other failure +.Bl -tag -width ERRSET_NOMEMORY +.It Bq Er ERRSET_NONAME +The name does not exist. +.It Bq Er ERRSET_NODATA +The name exists, but does not have data of the desired type. +.It Bq Er ERRSET_NOMEMORY +Memory could not be allocated. +.It Bq Er ERRSET_INVAL +A parameter is invalid. +.It Bq Er ERRSET_FAIL +Other failure. .El .Sh SEE ALSO .Xr resolver 3 , -.Xr resolv.conf 5 , -.Xr named 8 -.Sh AUTHORS -Jakob Schlyter -.Aq jakob@openbsd.org +.Xr resolv.conf 5 .Sh HISTORY .Fn getrrsetbyname first appeared in .Ox 3.0 . The API first appeared in ISC BIND version 9. -.Sh BUGS -The data in -.Li *rdi_data -should be returned in uncompressed wire format. -Currently, the data is in compressed format and the caller can't -uncompress since it doesn't have the full message. +.Sh AUTHORS +.An Jakob Schlyter Aq Mt jakob@openbsd.org .Sh CAVEATS The .Dv RRSET_VALIDATED flag in .Li rri_flags -is set if the AD (autenticated data) bit in the DNS answer is -set. This flag +is set if the AD (authenticated data) bit in the DNS answer is +set. +This flag .Em should not be trusted unless the transport between the nameserver and the resolver is secure (e.g. IPsec, trusted network, loopback communication). +.Sh BUGS +The data in +.Li *rdi_data +should be returned in uncompressed wire format. +Currently, the data is in compressed format and the caller can't +uncompress since it doesn't have the full message. diff --git a/src/lib/libc/net/getrrsetbyname.c b/src/lib/libc/net/getrrsetbyname.c deleted file mode 100644 index 87ae8fc229e..00000000000 --- a/src/lib/libc/net/getrrsetbyname.c +++ /dev/null @@ -1,507 +0,0 @@ -/* $OpenBSD: getrrsetbyname.c,v 1.4 2001/08/16 18:16:43 ho Exp $ */ - -/* - * Copyright (c) 2001 Jakob Schlyter. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/* - * Portions Copyright (c) 1999-2001 Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM - * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL - * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING - * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, - * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION - * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include -#include -#include -#include -#include -#include -#include - -#define ANSWER_BUFFER_SIZE 1024*64 - -struct dns_query { - char *name; - u_int16_t type; - u_int16_t class; - struct dns_query *next; -}; - -struct dns_rr { - char *name; - u_int16_t type; - u_int16_t class; - u_int16_t ttl; - u_int16_t size; - void *rdata; - struct dns_rr *next; -}; - -struct dns_response { - HEADER header; - struct dns_query *query; - struct dns_rr *answer; - struct dns_rr *authority; - struct dns_rr *additional; -}; - -static struct dns_response *parse_dns_response(const char *, int); -static struct dns_query *parse_dns_qsection(const char *, int, const char **, - int); -static struct dns_rr *parse_dns_rrsection(const char *, int, const char **, - int); - -static void free_dns_query(struct dns_query *); -static void free_dns_rr(struct dns_rr *); -static void free_dns_response(struct dns_response *); - -static int count_dns_rr(struct dns_rr *, u_int16_t, u_int16_t); - -int -getrrsetbyname(const char *hostname, unsigned int rdclass, - unsigned int rdtype, unsigned int flags, - struct rrsetinfo **res) -{ - int result; - struct rrsetinfo *rrset = NULL; - struct dns_response *response; - struct dns_rr *rr; - struct rdatainfo *rdata; - unsigned int length, index_ans, index_sig; - char answer[ANSWER_BUFFER_SIZE]; - - /* check for invalid class and type */ - if (rdclass > 0xffff || rdtype > 0xffff) { - result = ERRSET_INVAL; - goto fail; - } - - /* don't allow queries of class or type ANY */ - if (rdclass == 0xff || rdtype == 0xff) { - result = ERRSET_INVAL; - goto fail; - } - - /* don't allow flags yet, unimplemented */ - if (flags) { - result = ERRSET_INVAL; - goto fail; - } - - /* initialize resolver */ - if ((_res.options & RES_INIT) == 0 && res_init() == -1) { - result = ERRSET_FAIL; - goto fail; - } - -#ifdef DEBUG - _res.options |= RES_DEBUG; -#endif /* DEBUG */ - -#ifdef RES_USE_DNSSEC - /* turn on DNSSEC if EDNS0 is configured */ - if (_res.options & RES_USE_EDNS0) - _res.options |= RES_USE_DNSSEC; -#endif /* RES_USE_DNSEC */ - - /* make query */ - length = res_query(hostname, rdclass, rdtype, answer, sizeof(answer)); - if (length < 0) { - switch(h_errno) { - case HOST_NOT_FOUND: - result = ERRSET_NONAME; - goto fail; - case NO_DATA: - result = ERRSET_NODATA; - goto fail; - default: - result = ERRSET_FAIL; - goto fail; - } - } - - /* parse result */ - response = parse_dns_response(answer, length); - if (response == NULL) { - result = ERRSET_FAIL; - goto fail; - } - - if (response->header.qdcount != 1) { - result = ERRSET_FAIL; - goto fail; - } - - /* initialize rrset */ - rrset = calloc(1, sizeof(struct rrsetinfo)); - if (rrset == NULL) { - result = ERRSET_NOMEMORY; - goto fail; - } - rrset->rri_rdclass = response->query->class; - rrset->rri_rdtype = response->query->type; - rrset->rri_ttl = response->answer->ttl; - rrset->rri_nrdatas = response->header.ancount; - - /* check for authenticated data */ - if (response->header.ad == 1) - rrset->rri_flags |= RRSET_VALIDATED; - - /* copy name from answer section */ - length = strlen(response->answer->name); - rrset->rri_name = malloc(length + 1); - if (rrset->rri_name == NULL) { - result = ERRSET_NOMEMORY; - goto fail; - } - strlcpy(rrset->rri_name, response->answer->name, length + 1); - - /* count answers */ - rrset->rri_nrdatas = count_dns_rr(response->answer, rrset->rri_rdclass, - rrset->rri_rdtype); - rrset->rri_nsigs = count_dns_rr(response->answer, rrset->rri_rdclass, - T_SIG); - - /* allocate memory for answers */ - rrset->rri_rdatas = calloc(rrset->rri_nrdatas, - sizeof(struct rdatainfo)); - if (rrset->rri_rdatas == NULL) { - result = ERRSET_NOMEMORY; - goto fail; - } - - /* allocate memory for signatures */ - rrset->rri_sigs = calloc(rrset->rri_nsigs, sizeof(struct rdatainfo)); - if (rrset->rri_sigs == NULL) { - result = ERRSET_NOMEMORY; - goto fail; - } - - /* copy answers & signatures */ - for (rr = response->answer, index_ans = 0, index_sig = 0; - rr; rr = rr->next) { - - rdata = NULL; - - if (rr->class == rrset->rri_rdclass && - rr->type == rrset->rri_rdtype) - rdata = &rrset->rri_rdatas[index_ans++]; - - if (rr->class == rrset->rri_rdclass && - rr->type == T_SIG) - rdata = &rrset->rri_sigs[index_sig++]; - - if (rdata) { - rdata->rdi_length = rr->size; - rdata->rdi_data = malloc(rr->size); - - if (rdata->rdi_data == NULL) { - result = ERRSET_NOMEMORY; - goto fail; - } - memcpy(rdata->rdi_data, rr->rdata, rr->size); - } - } - - *res = rrset; - return (ERRSET_SUCCESS); - -fail: - if (rrset != NULL) - freerrset(rrset); - return (result); -} - -void -freerrset(struct rrsetinfo *rrset) -{ - u_int16_t i; - - if (rrset == NULL) - return; - - if (rrset->rri_rdatas) { - for (i = 0; i < rrset->rri_nrdatas; i++) { - if (rrset->rri_rdatas[i].rdi_data == NULL) - break; - free(rrset->rri_rdatas[i].rdi_data); - } - free(rrset->rri_rdatas); - } - - if (rrset->rri_sigs) { - for (i = 0; i < rrset->rri_nsigs; i++) { - if (rrset->rri_sigs[i].rdi_data == NULL) - break; - free(rrset->rri_sigs[i].rdi_data); - } - free(rrset->rri_sigs); - } - - if (rrset->rri_name) - free(rrset->rri_name); - free(rrset); -} - -/* - * DNS response parsing routines - */ -static struct dns_response * -parse_dns_response(const char *answer, int size) -{ - struct dns_response *resp; - const char *cp; - - /* allocate memory for the response */ - resp = calloc(1, sizeof(*resp)); - if (resp == NULL) - return (NULL); - - /* initialize current pointer */ - cp = answer; - - /* copy header */ - memcpy(&resp->header, cp, HFIXEDSZ); - cp += HFIXEDSZ; - - /* fix header byte order */ - resp->header.qdcount = ntohs(resp->header.qdcount); - resp->header.ancount = ntohs(resp->header.ancount); - resp->header.nscount = ntohs(resp->header.nscount); - resp->header.arcount = ntohs(resp->header.arcount); - - /* there must be at least one query */ - if (resp->header.qdcount < 1) { - free_dns_response(resp); - return (NULL); - } - - /* parse query section */ - resp->query = parse_dns_qsection(answer, size, &cp, - resp->header.qdcount); - if (resp->header.qdcount && resp->query == NULL) { - free_dns_response(resp); - return (NULL); - } - - /* parse answer section */ - resp->answer = parse_dns_rrsection(answer, size, &cp, - resp->header.ancount); - if (resp->header.ancount && resp->answer == NULL) { - free_dns_response(resp); - return (NULL); - } - - /* parse authority section */ - resp->authority = parse_dns_rrsection(answer, size, &cp, - resp->header.nscount); - if (resp->header.nscount && resp->authority == NULL) { - free_dns_response(resp); - return (NULL); - } - - /* parse additional section */ - resp->additional = parse_dns_rrsection(answer, size, &cp, - resp->header.arcount); - if (resp->header.arcount && resp->additional == NULL) { - free_dns_response(resp); - return (NULL); - } - - return (resp); -} - -static struct dns_query * -parse_dns_qsection(const char *answer, int size, const char **cp, int count) -{ - struct dns_query *head, *curr, *prev; - int i, length; - char name[MAXDNAME]; - - for (i = 1, head = NULL, prev = NULL; i <= count; i++, prev = curr) { - - /* allocate and initialize struct */ - curr = calloc(1, sizeof(struct dns_query)); - if (curr == NULL) { - free_dns_query(head); - return (NULL); - } - if (head == NULL) - head = curr; - if (prev != NULL) - prev->next = curr; - - /* name */ - length = dn_expand(answer, answer + size, *cp, name, - sizeof(name)); - if (length < 0) { - free_dns_query(head); - return (NULL); - } - curr->name = strdup(name); - if (curr->name == NULL) { - free_dns_query(head); - return (NULL); - } - *cp += length; - - /* type */ - curr->type = _getshort(*cp); - *cp += INT16SZ; - - /* class */ - curr->class = _getshort(*cp); - *cp += INT16SZ; - } - - return (head); -} - -static struct dns_rr * -parse_dns_rrsection(const char *answer, int size, const char **cp, int count) -{ - struct dns_rr *head, *curr, *prev; - int i, length; - char name[MAXDNAME]; - - for (i = 1, head = NULL, prev = NULL; i <= count; i++, prev = curr) { - - /* allocate and initialize struct */ - curr = calloc(1, sizeof(struct dns_rr)); - if (curr == NULL) { - free_dns_rr(head); - return (NULL); - } - if (head == NULL) - head = curr; - if (prev != NULL) - prev->next = curr; - - /* name */ - length = dn_expand(answer, answer + size, *cp, name, - sizeof(name)); - if (length < 0) { - free_dns_rr(head); - return (NULL); - } - curr->name = strdup(name); - if (curr->name == NULL) { - free_dns_rr(head); - return (NULL); - } - *cp += length; - - /* type */ - curr->type = _getshort(*cp); - *cp += INT16SZ; - - /* class */ - curr->class = _getshort(*cp); - *cp += INT16SZ; - - /* ttl */ - curr->ttl = _getlong(*cp); - *cp += INT32SZ; - - /* rdata size */ - curr->size = _getshort(*cp); - *cp += INT16SZ; - - /* rdata itself */ - curr->rdata = malloc(curr->size); - if (curr->rdata == NULL) { - free_dns_rr(head); - return (NULL); - } - memcpy(curr->rdata, *cp, curr->size); - *cp += curr->size; - } - - return (head); -} - -static void -free_dns_query(struct dns_query *p) -{ - if (p == NULL) - return; - - if (p->name) - free(p->name); - free_dns_query(p->next); - free(p); -} - -static void -free_dns_rr(struct dns_rr *p) -{ - if (p == NULL) - return; - - if (p->name) - free(p->name); - if (p->rdata) - free(p->rdata); - free_dns_rr(p->next); - free(p); -} - -static void -free_dns_response(struct dns_response *p) -{ - if (p == NULL) - return; - - free_dns_query(p->query); - free_dns_rr(p->answer); - free_dns_rr(p->authority); - free_dns_rr(p->additional); - free(p); -} - -static int -count_dns_rr(struct dns_rr *p, u_int16_t class, u_int16_t type) -{ - int n = 0; - - while(p) { - if (p->class == class && p->type == type) - n++; - p = p->next; - } - - return (n); -} diff --git a/src/lib/libc/net/getservbyname.c b/src/lib/libc/net/getservbyname.c index 16602cc3a65..80c7e62a411 100644 --- a/src/lib/libc/net/getservbyname.c +++ b/src/lib/libc/net/getservbyname.c @@ -1,3 +1,4 @@ +/* $OpenBSD: getservbyname.c,v 1.11 2015/09/14 07:38:38 guenther Exp $ */ /* * Copyright (c) 1983, 1993 * The Regents of the University of California. All rights reserved. @@ -10,11 +11,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -31,57 +28,45 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$OpenBSD: getservbyname.c,v 1.5 2000/01/06 08:24:17 d Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include +#include #include -#include "thread_private.h" - -extern int _serv_stayopen; - -_THREAD_PRIVATE_MUTEX(getservbyname_r); -struct servent * -getservbyname_r(name, proto, se, buf, buflen) - const char *name, *proto; - struct servent *se; - char *buf; - int buflen; +int +getservbyname_r(const char *name, const char *proto, struct servent *se, + struct servent_data *sd) { - register struct servent *p; - register char **cp; + char **cp; + int error; - _THREAD_PRIVATE_MUTEX_LOCK(getservbyname_r); - setservent(_serv_stayopen); - while ((p = getservent())) { - if (strcmp(name, p->s_name) == 0) + setservent_r(sd->stayopen, sd); + while ((error = getservent_r(se, sd)) == 0) { + if (strcmp(name, se->s_name) == 0) goto gotname; - for (cp = p->s_aliases; *cp; cp++) + for (cp = se->s_aliases; *cp; cp++) if (strcmp(name, *cp) == 0) goto gotname; continue; gotname: - if (proto == 0 || strcmp(p->s_proto, proto) == 0) + if (proto == 0 || strcmp(se->s_proto, proto) == 0) break; } - if (!_serv_stayopen) - endservent(); - _THREAD_PRIVATE_MUTEX_UNLOCK(getservbyname_r); - return (p); + if (!sd->stayopen && sd->fp != NULL) { + fclose(sd->fp); + sd->fp = NULL; + } + return (error); } +DEF_WEAK(getservbyname_r); -struct servent *getservbyname(name, proto) - const char *name, *proto; +struct servent * +getservbyname(const char *name, const char *proto) { - _THREAD_PRIVATE_KEY(getservbyname); - static char buf[4096]; - char *bufp = (char*)_THREAD_PRIVATE(getservbyname, buf, NULL); + extern struct servent_data _servent_data; + static struct servent serv; - if (bufp == NULL) + if (getservbyname_r(name, proto, &serv, &_servent_data) != 0) return (NULL); - return getservbyname_r(name, proto, (struct servent*) bufp, - bufp + sizeof(struct servent), - sizeof buf - sizeof(struct servent) ); + return (&serv); } +DEF_WEAK(getservbyname); diff --git a/src/lib/libc/net/getservbyport.c b/src/lib/libc/net/getservbyport.c index 4b063760d25..3584fbea3a6 100644 --- a/src/lib/libc/net/getservbyport.c +++ b/src/lib/libc/net/getservbyport.c @@ -1,3 +1,4 @@ +/* $OpenBSD: getservbyport.c,v 1.8 2015/09/14 07:38:38 guenther Exp $ */ /* * Copyright (c) 1983, 1993 * The Regents of the University of California. All rights reserved. @@ -10,11 +11,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -31,30 +28,38 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$OpenBSD: getservbyport.c,v 1.3 1997/07/09 01:08:35 millert Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include +#include #include -extern int _serv_stayopen; - -struct servent * -getservbyport(port, proto) - int port; - const char *proto; +int +getservbyport_r(int port, const char *proto, struct servent *se, + struct servent_data *sd) { - register struct servent *p; + int error; - setservent(_serv_stayopen); - while ((p = getservent())) { - if (p->s_port != port) + setservent_r(sd->stayopen, sd); + while ((error = getservent_r(se, sd)) == 0) { + if (se->s_port != port) continue; - if (proto == 0 || strcmp(p->s_proto, proto) == 0) + if (proto == 0 || strcmp(se->s_proto, proto) == 0) break; } - if (!_serv_stayopen) - endservent(); - return (p); + if (!sd->stayopen && sd->fp != NULL) { + fclose(sd->fp); + sd->fp = NULL; + } + return (error); +} +DEF_WEAK(getservbyport_r); + +struct servent * +getservbyport(int port, const char *proto) +{ + extern struct servent_data _servent_data; + static struct servent serv; + + if (getservbyport_r(port, proto, &serv, &_servent_data) != 0) + return (NULL); + return (&serv); } diff --git a/src/lib/libc/net/getservent.3 b/src/lib/libc/net/getservent.3 index 85e0d65352d..29dd3eb5f47 100644 --- a/src/lib/libc/net/getservent.3 +++ b/src/lib/libc/net/getservent.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: getservent.3,v 1.11 2000/12/24 00:30:56 aaron Exp $ +.\" $OpenBSD: getservent.3,v 1.21 2013/06/05 03:39:23 tedu Exp $ .\" .\" Copyright (c) 1983, 1991, 1993 .\" The Regents of the University of California. All rights reserved. @@ -11,11 +11,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -31,28 +27,43 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd January 12, 1994 +.Dd $Mdocdate: June 5 2013 $ .Dt GETSERVENT 3 .Os .Sh NAME .Nm getservent , +.Nm getservent_r , .Nm getservbyport , +.Nm getservbyport_r , .Nm getservbyname , +.Nm getservbyname_r , .Nm setservent , -.Nm endservent +.Nm setservent_r , +.Nm endservent , +.Nm endservent_r .Nd get service entry .Sh SYNOPSIS -.Fd #include +.In netdb.h .Ft struct servent * .Fn getservent "void" +.Ft int +.Fn getservent_r "struct servent *servent" "struct servent_data *servent_data" .Ft struct servent * -.Fn getservbyname "char *name" "char *proto" +.Fn getservbyname "const char *name" "const char *proto" +.Ft int +.Fn getservbyname_r "const char *name" "const char *proto" "struct servent *servent" "struct servent_data *servent_data" .Ft struct servent * -.Fn getservbyport "int port" "char *proto" +.Fn getservbyport "int port" "const char *proto" +.Ft int +.Fn getservbyport_r "int port" "const char *proto" "struct servent *servent" "struct servent_data *servent_data" .Ft void .Fn setservent "int stayopen" .Ft void +.Fn setservent_r "int stayopen" "struct servent_data *servent_data" +.Ft void .Fn endservent "void" +.Ft void +.Fn endservent_r "struct servent_data *servent_data" .Sh DESCRIPTION The .Fn getservent , @@ -76,7 +87,7 @@ The members of this structure are: .It Fa s_name The official name of the service. .It Fa s_aliases -A zero-terminated list of alternate names for the service. +A null-terminated list of alternate names for the service. .It Fa s_port The port number at which the service resides. Port numbers are returned in network byte order. @@ -94,7 +105,7 @@ function opens and rewinds the file. If the .Fa stayopen flag is non-zero, -the net database will not be closed after each call to +the services database will not be closed after each call to .Fn getservbyname or .Fn getservbyport . @@ -114,17 +125,75 @@ is found, or until is encountered. If a protocol name is also supplied (non-null), searches must also match the protocol. +.Pp +The +.Fn getservent_r , +.Fn getservbyport_r , +.Fn getservbyname_r , +.Fn setservent_r , +and +.Fn endservent_r +functions are reentrant versions of the above functions that take a +pointer to a +.Fa servent_data +structure which is used to store state information. +The structure must be zero-filled before it is used +and should be considered opaque for the sake of portability. +.Pp +The +.Fn getservent_r , +.Fn getservbyport_r , +and +.Fn getservbyname_r +functions +also take a pointer to a +.Fa servent +structure which is used to store the results of the database lookup. +.Sh RETURN VALUES +The +.Fn getservent , +.Fn getservbyport , +and +.Fn getservbyname +functions return a pointer to a +.Fa servent +structure on success or a null pointer if end-of-file +is reached or an error occurs. +.Pp +The +.Fn getservent_r , +.Fn getservbyport_r , +and +.Fn getservbyname_r +functions return 0 on success or \-1 if end-of-file +is reached or an error occurs. .Sh FILES .Bl -tag -width /etc/services -compact .It Pa /etc/services .El -.Sh DIAGNOSTICS -Null pointer (0) returned on -.Dv EOF -or error. .Sh SEE ALSO .Xr getprotoent 3 , .Xr services 5 +.Sh STANDARDS +The +.Fn getservent , +.Fn getservbynumber , +.Fn getservbyname , +.Fn setservent , +and +.Fn endservent +functions conform to +.St -p1003.1-2004 . +.Pp +The +.Fn getservent_r , +.Fn getservbyport_r , +.Fn getservbyname_r , +.Fn setservent_r , +and +.Fn endservent_r +functions are not currently standardized. +This implementation follows the API used by HP, IBM, and Digital. .Sh HISTORY The .Fn getservent , @@ -135,7 +204,17 @@ and .Fn endservent functions appeared in .Bx 4.2 . +.Pp +The +.Fn getservent_r , +.Fn getservbyport_r , +.Fn getservbyname_r , +.Fn setservent_r , +and +.Fn endservent_r +functions appeared in +.Ox 3.7 . .Sh BUGS -These functions use static data storage; if the data is needed for future use, -it should be copied before any subsequent calls overwrite it. +The non-reentrant functions use static data storage; if the data is needed +for future use, it should be copied before any subsequent calls overwrite it. Expecting port numbers to fit in a 32-bit quantity is probably naive. diff --git a/src/lib/libc/net/getservent.c b/src/lib/libc/net/getservent.c index ff6bf1e57f8..220a5851ce3 100644 --- a/src/lib/libc/net/getservent.c +++ b/src/lib/libc/net/getservent.c @@ -1,3 +1,4 @@ +/* $OpenBSD: getservent.c,v 1.15 2015/09/14 07:38:38 guenther Exp $ */ /* * Copyright (c) 1983, 1993 * The Regents of the University of California. All rights reserved. @@ -10,11 +11,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -31,70 +28,68 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$OpenBSD: getservent.c,v 1.5 1999/09/03 16:23:19 millert Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include #include + +#include +#include #include #include #include #include -#define MAXALIASES 35 - -static FILE *servf = NULL; -static char line[BUFSIZ+1]; -static struct servent serv; -static char *serv_aliases[MAXALIASES]; -int _serv_stayopen; - void -setservent(f) - int f; +setservent_r(int f, struct servent_data *sd) { - if (servf == NULL) - servf = fopen(_PATH_SERVICES, "r" ); + if (sd->fp == NULL) + sd->fp = fopen(_PATH_SERVICES, "re" ); else - rewind(servf); - _serv_stayopen |= f; + rewind(sd->fp); + sd->stayopen |= f; } +DEF_WEAK(setservent_r); void -endservent() +endservent_r(struct servent_data *sd) { - if (servf) { - fclose(servf); - servf = NULL; + if (sd->fp) { + fclose(sd->fp); + sd->fp = NULL; } - _serv_stayopen = 0; + free(sd->aliases); + sd->aliases = NULL; + sd->maxaliases = 0; + free(sd->line); + sd->line = NULL; + sd->stayopen = 0; } +DEF_WEAK(endservent_r); -struct servent * -getservent() +int +getservent_r(struct servent *se, struct servent_data *sd) { char *p, *cp, **q, *endp; - long l; size_t len; + long l; + int serrno; - if (servf == NULL && (servf = fopen(_PATH_SERVICES, "r" )) == NULL) - return (NULL); + if (sd->fp == NULL && (sd->fp = fopen(_PATH_SERVICES, "re" )) == NULL) + return (-1); again: - if ((p = fgetln(servf, &len)) == NULL) - return (NULL); + if ((p = fgetln(sd->fp, &len)) == NULL) + return (-1); + if (len == 0 || *p == '#' || *p == '\n') + goto again; if (p[len-1] == '\n') len--; - if (len >= sizeof(line) || len == 0) - goto again; - p = memcpy(line, p, len); - line[len] = '\0'; - if (*p == '#') - goto again; - if ((cp = strchr(p, '#')) != NULL) - *cp = '\0'; - serv.s_name = p; - p = strpbrk(p, " \t"); + if ((cp = memchr(p, '#', len)) != NULL) + len = cp - p; + cp = realloc(sd->line, len + 1); + if (cp == NULL) + return (-1); + sd->line = se->s_name = memcpy(cp, p, len); + cp[len] = '\0'; + p = strpbrk(cp, " \t"); if (p == NULL) goto again; *p++ = '\0'; @@ -107,9 +102,19 @@ getservent() l = strtol(p, &endp, 10); if (endp == p || *endp != '\0' || l < 0 || l > USHRT_MAX) goto again; - serv.s_port = htons((in_port_t)l); - serv.s_proto = cp; - q = serv.s_aliases = serv_aliases; + se->s_port = htons((in_port_t)l); + se->s_proto = cp; + if (sd->aliases == NULL) { + sd->maxaliases = 10; + sd->aliases = calloc(sd->maxaliases, sizeof(char *)); + if (sd->aliases == NULL) { + serrno = errno; + endservent_r(sd); + errno = serrno; + return (-1); + } + } + q = se->s_aliases = sd->aliases; cp = strpbrk(cp, " \t"); if (cp != NULL) *cp++ = '\0'; @@ -118,12 +123,49 @@ getservent() cp++; continue; } - if (q < &serv_aliases[MAXALIASES - 1]) - *q++ = cp; + if (q == &se->s_aliases[sd->maxaliases - 1]) { + p = reallocarray(se->s_aliases, sd->maxaliases, + 2 * sizeof(char *)); + if (p == NULL) { + serrno = errno; + endservent_r(sd); + errno = serrno; + return (-1); + } + sd->maxaliases *= 2; + q = (char **)p + (q - se->s_aliases); + se->s_aliases = sd->aliases = (char **)p; + } + *q++ = cp; cp = strpbrk(cp, " \t"); if (cp != NULL) *cp++ = '\0'; } *q = NULL; + return (0); +} +DEF_WEAK(getservent_r); + +struct servent_data _servent_data; /* shared with getservby{name,port}.c */ + +void +setservent(int f) +{ + setservent_r(f, &_servent_data); +} + +void +endservent(void) +{ + endservent_r(&_servent_data); +} + +struct servent * +getservent(void) +{ + static struct servent serv; + + if (getservent_r(&serv, &_servent_data) != 0) + return (NULL); return (&serv); } diff --git a/src/lib/libc/net/herror.c b/src/lib/libc/net/herror.c index 737bb115a7f..356c85fa1de 100644 --- a/src/lib/libc/net/herror.c +++ b/src/lib/libc/net/herror.c @@ -1,4 +1,4 @@ -/* $OpenBSD: herror.c,v 1.4 1997/03/13 19:07:28 downsj Exp $ */ +/* $OpenBSD: herror.c,v 1.10 2015/09/14 07:38:38 guenther Exp $ */ /* * ++Copyright++ 1987, 1993 @@ -14,11 +14,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -55,30 +51,20 @@ * --Copyright-- */ -#if defined(LIBC_SCCS) && !defined(lint) -#if 0 -static char sccsid[] = "@(#)herror.c 8.1 (Berkeley) 6/4/93"; -static char rcsid[] = "$From: herror.c,v 8.3 1996/08/05 08:31:35 vixie Exp $"; -#else -static char rcsid[] = "$OpenBSD: herror.c,v 1.4 1997/03/13 19:07:28 downsj Exp $"; -#endif -#endif /* LIBC_SCCS and not lint */ - #include -#include #include #include #include #include -const char *h_errlist[] = { +const char * const h_errlist[] = { "Resolver Error 0 (no error)", "Unknown host", /* 1 HOST_NOT_FOUND */ "Host name lookup failure", /* 2 TRY_AGAIN */ "Unknown server error", /* 3 NO_RECOVERY */ "No address associated with name", /* 4 NO_ADDRESS */ }; -int h_nerr = { sizeof h_errlist / sizeof h_errlist[0] }; +const int h_nerr = { sizeof h_errlist / sizeof h_errlist[0] }; extern int h_errno; @@ -87,11 +73,10 @@ extern int h_errno; * print the error indicated by the h_errno value. */ void -herror(s) - const char *s; +herror(const char *s) { struct iovec iov[4]; - register struct iovec *v = iov; + struct iovec *v = iov; if (s && *s) { v->iov_base = (char *)s; @@ -110,8 +95,7 @@ herror(s) } const char * -hstrerror(err) - int err; +hstrerror(int err) { if (err < 0) return ("Resolver internal error"); @@ -119,3 +103,4 @@ hstrerror(err) return (h_errlist[err]); return ("Unknown resolver error"); } +DEF_WEAK(hstrerror); diff --git a/src/lib/libc/net/htonl.3 b/src/lib/libc/net/htonl.3 new file mode 100644 index 00000000000..a63959717a4 --- /dev/null +++ b/src/lib/libc/net/htonl.3 @@ -0,0 +1,105 @@ +.\" $OpenBSD: htonl.3,v 1.5 2019/02/13 07:02:09 jmc Exp $ +.\" +.\" Copyright (c) 1983, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd $Mdocdate: February 13 2019 $ +.Dt HTONL 3 +.Os +.Sh NAME +.Nm htonl , +.Nm htons , +.Nm ntohl , +.Nm ntohs +.Nd convert values between host and network byte orderings +.Sh SYNOPSIS +.In arpa/inet.h +.Ft uint32_t +.Fn htonl "uint32_t host32" +.Ft uint16_t +.Fn htons "uint16_t host16" +.Ft uint32_t +.Fn ntohl "uint32_t net32" +.Ft uint16_t +.Fn ntohs "uint16_t net16" +.Sh DESCRIPTION +These routines convert 16 and 32-bit quantities between different +byte orderings. +.Pp +The +.Fn htonl +and +.Fn htons +functions convert quantities from host to network byte order while the +.Fn ntohl +and +.Fn ntohs +functions convert in the other direction. +.Pp +The last letter +.Pf ( Sq s +or +.Sq l ) +is a mnemonic +for the traditional names for such quantities, +.Li short +and +.Li long , +respectively. +Today, the C concept of +.Li short +and +.Li long +integers need not coincide with this traditional misunderstanding. +On machines which have a byte order which is the same as the network +order, routines are defined as null macros. +.Pp +These routines are most often used in conjunction with Internet +addresses and ports as returned by +.Xr gethostbyname 3 +and +.Xr getservent 3 . +.Sh SEE ALSO +.Xr gethostbyname 3 , +.Xr getservent 3 , +.Xr htobe64 3 +.Sh STANDARDS +The +.Fn htonl , +.Fn htons , +.Fn ntohl , +and +.Fn ntohs +functions conform to +.St -p1003.1 . +.Sh HISTORY +These functions appeared in +.Bx 4.2 . +.Sh BUGS +On the alpha, amd64, i386, and some mips and arm architectures, +bytes are handled backwards from most everyone else in the world. +This is not expected to be fixed in the near future. diff --git a/src/lib/libc/net/htonl.c b/src/lib/libc/net/htonl.c index 73b74327317..6ee6e7efbf3 100644 --- a/src/lib/libc/net/htonl.c +++ b/src/lib/libc/net/htonl.c @@ -1,20 +1,16 @@ +/* $OpenBSD: htonl.c,v 1.7 2014/07/21 01:51:10 guenther Exp $ */ /* * Written by J.T. Conklin . * Public domain. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: htonl.c,v 1.4 1996/12/12 03:19:55 tholo Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include -#include +#include #undef htonl u_int32_t -htonl(x) - u_int32_t x; +htonl(u_int32_t x) { #if BYTE_ORDER == LITTLE_ENDIAN u_char *s = (u_char *)&x; diff --git a/src/lib/libc/net/htons.c b/src/lib/libc/net/htons.c index ded70712ea0..f48d91ee035 100644 --- a/src/lib/libc/net/htons.c +++ b/src/lib/libc/net/htons.c @@ -1,14 +1,11 @@ +/* $OpenBSD: htons.c,v 1.9 2014/07/21 01:51:10 guenther Exp $ */ /* * Written by J.T. Conklin . * Public domain. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: htons.c,v 1.7 2002/02/19 19:39:36 millert Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include -#include +#include #undef htons diff --git a/src/lib/libc/net/if_indextoname.3 b/src/lib/libc/net/if_indextoname.3 index 85269c3769d..25d2a2722ff 100644 --- a/src/lib/libc/net/if_indextoname.3 +++ b/src/lib/libc/net/if_indextoname.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: if_indextoname.3,v 1.5 2002/03/07 22:41:12 millert Exp $ +.\" $OpenBSD: if_indextoname.3,v 1.16 2015/11/21 07:48:10 jmc Exp $ .\" Copyright (c) 1983, 1991, 1993 .\" The Regents of the University of California. All rights reserved. .\" @@ -10,11 +10,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -32,7 +28,7 @@ .\" .\" From: @(#)rcmd.3 8.1 (Berkeley) 6/4/93 .\" -.Dd May 21, 1998 +.Dd $Mdocdate: November 21 2015 $ .Dt IF_NAMETOINDEX 3 .Os .Sh NAME @@ -42,7 +38,9 @@ .Nm if_freenameindex .Nd convert interface index to name, and vice versa .Sh SYNOPSIS -.Fd #include +.In sys/types.h +.In sys/socket.h +.In net/if.h .Ft "unsigned int" .Fn if_nametoindex "const char *ifname" .Ft "char *" @@ -75,8 +73,8 @@ bytes into which the interface name corresponding to the specified index is returned. .Pf ( Dv IF_NAMESIZE is also defined in -.Aq Pa net/if.h -and its value includes a terminating null byte at the end of the +.In net/if.h +and its value includes a terminating NUL byte at the end of the interface name.) This pointer is also the return value of the function. If there is no interface corresponding to the specified index, @@ -85,16 +83,16 @@ is returned. .Pp .Fn if_nameindex returns an array of -.Fa if_nameindex +.Vt if_nameindex structures. -.Fa if_nametoindex +.Vt if_nameindex is also defined in -.Aq Pa net/if.h , +.In net/if.h , and is as follows: -.Bd -literal -offset +.Bd -literal -offset indent struct if_nameindex { - unsigned int if_index; /* 1, 2, ... */ - char *if_name; /* null terminated name: "le0", ... */ + unsigned int if_index; /* 1, 2, ... */ + char *if_name; /* NUL-terminated name */ }; .Ed .Pp @@ -131,10 +129,15 @@ return on errors. .Sh SEE ALSO .Xr getifaddrs 3 , -.Xr networking 4 -.Pp -R. Gilligan, S. Thomson, J. Bound, and W. Stevens, -``Basic Socket Interface Extensions for IPv6,'' RFC2553, March 1999. +.Xr netintro 4 .Sh STANDARDS -These functions are defined in ``Basic Socket Interface Extensions for IPv6'' -.Pq RFC2533 . +.Rs +.%A R. Gilligan +.%A S. Thomson +.%A J. Bound +.%A J. McCann +.%A W. Stevens +.%D February 2003 +.%R RFC 3493 +.%T Basic Socket Interface Extensions for IPv6 +.Re diff --git a/src/lib/libc/net/if_indextoname.c b/src/lib/libc/net/if_indextoname.c index f99e52e387e..3c6e8681fbe 100644 --- a/src/lib/libc/net/if_indextoname.c +++ b/src/lib/libc/net/if_indextoname.c @@ -1,7 +1,8 @@ -/* $OpenBSD: if_indextoname.c,v 1.9 2002/03/07 22:40:23 millert Exp $ */ +/* $OpenBSD: if_indextoname.c,v 1.12 2018/05/10 13:44:43 tb Exp $ */ /* $KAME: if_indextoname.c,v 1.6 2000/11/07 22:33:25 jinmei Exp $ */ /*- + * Copyright (c) 2015 Claudio Jeker * Copyright (c) 1997, 2000 * Berkeley Software Design, Inc. All rights reserved. * @@ -28,15 +29,13 @@ #include #include -#include #include -#include #include #include #include /* - * From RFC 2533: + * From RFC 2553: * * The second function maps an interface index into its corresponding * name. @@ -59,28 +58,21 @@ char * if_indextoname(unsigned int ifindex, char *ifname) { - struct ifaddrs *ifaddrs, *ifa; - int error = 0; + struct if_nameindex *ifni, *ifni2; - if (getifaddrs(&ifaddrs) < 0) - return(NULL); /* getifaddrs properly set errno */ + if ((ifni = if_nameindex()) == NULL) + return NULL; - for (ifa = ifaddrs; ifa != NULL; ifa = ifa->ifa_next) { - if (ifa->ifa_addr && - ifa->ifa_addr->sa_family == AF_LINK && - ifindex == ((struct sockaddr_dl*)ifa->ifa_addr)->sdl_index) - break; + for (ifni2 = ifni; ifni2->if_index != 0; ifni2++) { + if (ifni2->if_index == ifindex) { + strlcpy(ifname, ifni2->if_name, IFNAMSIZ); + if_freenameindex(ifni); + return ifname; + } } - if (ifa == NULL) { - error = ENXIO; - ifname = NULL; - } - else - strlcpy(ifname, ifa->ifa_name, IFNAMSIZ); - - freeifaddrs(ifaddrs); - - errno = error; - return(ifname); + if_freenameindex(ifni); + errno = ENXIO; + return NULL; } +DEF_WEAK(if_indextoname); diff --git a/src/lib/libc/net/if_nameindex.c b/src/lib/libc/net/if_nameindex.c index 3675a2a4507..6e5bc0809a7 100644 --- a/src/lib/libc/net/if_nameindex.c +++ b/src/lib/libc/net/if_nameindex.c @@ -1,7 +1,8 @@ -/* $OpenBSD: if_nameindex.c,v 1.9 2002/03/07 22:40:23 millert Exp $ */ +/* $OpenBSD: if_nameindex.c,v 1.13 2016/12/16 17:44:59 krw Exp $ */ /* $KAME: if_nameindex.c,v 1.7 2000/11/24 08:17:20 itojun Exp $ */ /*- + * Copyright (c) 2015 Claudio Jeker * Copyright (c) 1997, 2000 * Berkeley Software Design, Inc. All rights reserved. * @@ -28,11 +29,11 @@ #include #include -#include +#include #include -#include #include #include +#include /* * From RFC 2553: @@ -77,64 +78,68 @@ struct if_nameindex * if_nameindex(void) { - struct ifaddrs *ifaddrs, *ifa; - unsigned int ni; - size_t nbytes; - struct if_nameindex *ifni, *ifni2; + struct if_nameindex_msg *ifnm = NULL; + struct if_nameindex *ifni = NULL, *ifni2; char *cp; + size_t needed; + unsigned int ni, i; + int mib[6]; - if (getifaddrs(&ifaddrs) < 0) - return(NULL); + mib[0] = CTL_NET; + mib[1] = PF_ROUTE; + mib[2] = 0; /* protocol */ + mib[3] = 0; /* not used */ + mib[4] = NET_RT_IFNAMES; + mib[5] = 0; /* no flags */ + while (1) { + struct if_nameindex_msg *buf = NULL; - /* - * First, find out how many interfaces there are, and how - * much space we need for the string names. - */ - ni = 0; - nbytes = 0; - for (ifa = ifaddrs; ifa != NULL; ifa = ifa->ifa_next) { - if (ifa->ifa_addr && - ifa->ifa_addr->sa_family == AF_LINK) { - nbytes += strlen(ifa->ifa_name) + 1; - ni++; + if (sysctl(mib, 6, NULL, &needed, NULL, 0) == -1) + goto out; + if (needed == 0) + break; + if ((buf = realloc(ifnm, needed)) == NULL) + goto out; + ifnm = buf; + if (sysctl(mib, 6, ifnm, &needed, NULL, 0) == -1) { + if (errno == ENOMEM) + continue; + goto out; } + break; } /* - * Next, allocate a chunk of memory, use the first part - * for the array of structures, and the last part for - * the strings. + * Allocate a chunk of memory, use the first part for the array of + * structures, and the last part for the strings. */ - cp = malloc((ni + 1) * sizeof(struct if_nameindex) + nbytes); - ifni = (struct if_nameindex *)cp; + ni = needed / sizeof(*ifnm); + ifni = calloc(ni + 1, sizeof(struct if_nameindex) + IF_NAMESIZE); if (ifni == NULL) goto out; - cp += (ni + 1) * sizeof(struct if_nameindex); + cp = (char *)(ifni + (ni + 1)); - /* - * Now just loop through the list of interfaces again, - * filling in the if_nameindex array and making copies - * of all the strings. - */ ifni2 = ifni; - for (ifa = ifaddrs; ifa != NULL; ifa = ifa->ifa_next) { - if (ifa->ifa_addr && - ifa->ifa_addr->sa_family == AF_LINK) { - ifni2->if_index = - ((struct sockaddr_dl*)ifa->ifa_addr)->sdl_index; - ifni2->if_name = cp; - nbytes = strlen(ifa->ifa_name) + 1; - memcpy(cp, ifa->ifa_name, nbytes); - ifni2++; - cp += nbytes; - } + for (i = 0; i < ni; i++) { + ifni2->if_index = ifnm[i].if_index; + /* don't care about truncation */ + strlcpy(cp, ifnm[i].if_name, IF_NAMESIZE); + ifni2->if_name = cp; + ifni2++; + cp += IF_NAMESIZE; } - /* - * Finally, don't forget to terminate the array. - */ + /* Finally, terminate the array. */ ifni2->if_index = 0; ifni2->if_name = NULL; out: - freeifaddrs(ifaddrs); - return(ifni); + free(ifnm); + return ifni; +} + +void +if_freenameindex(struct if_nameindex *ptr) +{ + free(ptr); } +DEF_WEAK(if_nameindex); +DEF_WEAK(if_freenameindex); diff --git a/src/lib/libc/net/if_nametoindex.c b/src/lib/libc/net/if_nametoindex.c index 8bd792b949c..7a4492e37d8 100644 --- a/src/lib/libc/net/if_nametoindex.c +++ b/src/lib/libc/net/if_nametoindex.c @@ -1,7 +1,8 @@ -/* $OpenBSD: if_nametoindex.c,v 1.8 2002/03/07 22:40:23 millert Exp $ */ +/* $OpenBSD: if_nametoindex.c,v 1.10 2015/10/23 13:09:19 claudio Exp $ */ /* $KAME: if_nametoindex.c,v 1.5 2000/11/24 08:04:40 itojun Exp $ */ /*- + * Copyright (c) 2015 Claudio Jeker * Copyright (c) 1997, 2000 * Berkeley Software Design, Inc. All rights reserved. * @@ -29,8 +30,6 @@ #include #include #include -#include -#include #include #include #include @@ -57,25 +56,22 @@ unsigned int if_nametoindex(const char *ifname) { - struct ifaddrs *ifaddrs, *ifa; - unsigned int ni; + struct if_nameindex *ifni, *ifni2; + unsigned int index; - if (getifaddrs(&ifaddrs) < 0) + if ((ifni = if_nameindex()) == NULL) return(0); - ni = 0; - - for (ifa = ifaddrs; ifa != NULL; ifa = ifa->ifa_next) { - if (ifa->ifa_addr && - ifa->ifa_addr->sa_family == AF_LINK && - strcmp(ifa->ifa_name, ifname) == 0) { - ni = ((struct sockaddr_dl*)ifa->ifa_addr)->sdl_index; - break; + for (ifni2 = ifni; ifni2->if_index != 0; ifni2++) { + if (strcmp(ifni2->if_name, ifname) == 0) { + index = ifni2->if_index; + if_freenameindex(ifni); + return index; } } - freeifaddrs(ifaddrs); - if (!ni) - errno = ENXIO; - return(ni); + if_freenameindex(ifni); + errno = ENXIO; + return 0; } +DEF_WEAK(if_nametoindex); diff --git a/src/lib/libc/net/inet.3 b/src/lib/libc/net/inet.3 deleted file mode 100644 index 62f526c09dd..00000000000 --- a/src/lib/libc/net/inet.3 +++ /dev/null @@ -1,349 +0,0 @@ -.\" $OpenBSD: inet.3,v 1.13 2001/02/17 23:13:26 pjanzen Exp $ -.\" $NetBSD: inet.3,v 1.7 1997/06/18 02:25:24 lukem Exp $ -.\" -.\" Copyright (c) 1983, 1990, 1991, 1993 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" @(#)inet.3 8.1 (Berkeley) 6/4/93 -.\" -.Dd June 18, 1997 -.Dt INET 3 -.Os -.Sh NAME -.Nm inet_addr , -.Nm inet_aton , -.Nm inet_lnaof , -.Nm inet_makeaddr , -.Nm inet_netof , -.Nm inet_network , -.Nm inet_ntoa , -.Nm inet_ntop , -.Nm inet_pton -.Nd Internet address manipulation routines -.Sh SYNOPSIS -.Fd #include -.Fd #include -.Fd #include -.Ft in_addr_t -.Fn inet_addr "const char *cp" -.Ft int -.Fn inet_aton "const char *cp" "struct in_addr *addr" -.Ft in_addr_t -.Fn inet_lnaof "struct in_addr in" -.Ft struct in_addr -.Fn inet_makeaddr "unsigned long net" "unsigned long lna" -.Ft in_addr_t -.Fn inet_netof "struct in_addr in" -.Ft in_addr_t -.Fn inet_network "const char *cp" -.Ft char * -.Fn inet_ntoa "struct in_addr in" -.Ft const char * -.Fn inet_ntop "int af" "const void *src" "char *dst" "size_t size" -.Ft int -.Fn inet_pton "int af" "const char *src" "void *dst" -.Sh DESCRIPTION -The routines -.Fn inet_aton , -.Fn inet_addr -and -.Fn inet_network -interpret character strings representing -numbers expressed in the Internet standard -.Ql \&. -notation. -The -.Fn inet_pton -function converts a presentation format address (that is, printable form -as held in a character string) to network format (usually a -.Li struct in_addr -or some other internal binary representation, in network byte order). -It returns 1 if the address was valid for the specified address family, or -0 if the address wasn't parseable in the specified address family, or \-1 -if some system error occurred (in which case -.Va errno -will have been set). -This function is presently valid for -.Dv AF_INET -and -.Dv AF_INET6 . -The -.Fn inet_aton -routine interprets the specified character string as an Internet address, -placing the address into the structure provided. -It returns 1 if the string was successfully interpreted, -or 0 if the string was invalid. -The -.Fn inet_addr -and -.Fn inet_network -functions return numbers suitable for use -as Internet addresses and Internet network -numbers, respectively. -.Pp -The function -.Fn inet_ntop -converts an address from network format (usually a -.Li struct in_addr -or some other binary form, in network byte order) to presentation format -(suitable for external display purposes). -It returns -.Dv NULL -if a system -error occurs (in which case, -.Va errno -will have been set), or it returns a pointer to the destination string. -The routine -.Fn inet_ntoa -takes an Internet address and returns an -.Tn ASCII -string representing the address in -.Ql \&. -notation. -The routine -.Fn inet_makeaddr -takes an Internet network number and a local -network address and constructs an Internet address -from it. -The routines -.Fn inet_netof -and -.Fn inet_lnaof -break apart Internet host addresses, returning -the network number and local network address part, -respectively. -.Pp -All Internet addresses are returned in network -order (bytes ordered from left to right). -All network numbers and local address parts are -returned as machine format integer values. -.Sh INTERNET ADDRESSES (IP VERSION 4) -Values specified using the -.Ql \&. -notation take one -of the following forms: -.Bd -literal -offset indent -a.b.c.d -a.b.c -a.b -a -.Ed -.Pp -When four parts are specified, each is interpreted -as a byte of data and assigned, from left to right, -to the four bytes of an Internet address. -Note that when an Internet address is viewed as a 32-bit -integer quantity on a system that uses little-endian -byte order (such as the -.Tn Intel 386, 486 -and -.Tn Pentium -processors) the bytes referred to above appear as -.Dq Li d.c.b.a . -That is, little-endian bytes are ordered from right to left. -.Pp -When a three part address is specified, the last -part is interpreted as a 16-bit quantity and placed -in the rightmost two bytes of the network address. -This makes the three part address format convenient -for specifying Class B network addresses as -.Dq Li 128.net.host . -.Pp -When a two part address is supplied, the last part -is interpreted as a 24-bit quantity and placed in -the rightmost three bytes of the network address. -This makes the two part address format convenient -for specifying Class A network addresses as -.Dq Li net.host . -.Pp -When only one part is given, the value is stored -directly in the network address without any byte -rearrangement. -.Pp -All numbers supplied as -.Dq parts -in a -.Ql \&. -notation -may be decimal, octal, or hexadecimal, as specified -in the C language (i.e., a leading 0x or 0X implies -hexadecimal; otherwise, a leading 0 implies octal; -otherwise, the number is interpreted as decimal). -.Sh INTERNET ADDRESSES (IP VERSION 6) -In order to support scoped IPv6 addresses, -.Xr getaddrinfo 3 -and -.Xr getnameinfo 3 -are recommended rather than the functions presented here. -.Pp -The presentation format of an IPv6 address is given in [RFC1884 2.2]: -.Pp -There are three conventional forms for representing IPv6 addresses as -text strings: -.Bl -enum -.It -The preferred form is x:x:x:x:x:x:x:x, where the 'x's are the -hexadecimal values of the eight 16-bit pieces of the address. -Examples: -.Bd -literal -offset indent -FEDC:BA98:7654:3210:FEDC:BA98:7654:3210 -1080:0:0:0:8:800:200C:417A -.Ed -.Pp -Note that it is not necessary to write the leading zeros in an -individual field, but there must be at least one numeral in -every field (except for the case described in 2.). -.It -Due to the method of allocating certain styles of IPv6 -addresses, it will be common for addresses to contain long -strings of zero bits. -In order to make writing addresses -.Pp -containing zero bits easier a special syntax is available to -compress the zeros. -The use of -.Dq \&:\&: -indicates multiple groups -of 16 bits of zeros. -The -.Dq \&:\&: -can only appear once in an -address. -The -.Dq \&:\&: -can also be used to compress the leading and/or trailing zeros in an address. -.Pp -For example the following addresses: -.Bd -literal -offset indent -1080:0:0:0:8:800:200C:417A a unicast address -FF01:0:0:0:0:0:0:43 a multicast address -0:0:0:0:0:0:0:1 the loopback address -0:0:0:0:0:0:0:0 the unspecified addresses -.Ed -.Pp -may be represented as: -.Bd -literal -offset indent -1080::8:800:200C:417A a unicast address -FF01::43 a multicast address -::1 the loopback address -:: the unspecified addresses -.Ed -.It -An alternative form that is sometimes more convenient when -dealing with a mixed environment of IPv4 and IPv6 nodes is -x:x:x:x:x:x:d.d.d.d, where the 'x's are the hexadecimal values -of the six high-order 16-bit pieces of the address, and the 'd's -are the decimal values of the four low-order 8-bit pieces of the -address (standard IPv4 representation). -Examples: -.Bd -literal -offset indent -0:0:0:0:0:0:13.1.68.3 -0:0:0:0:0:FFFF:129.144.52.38 -.Ed -.Pp -or in compressed form: -.Bd -literal -offset indent -::13.1.68.3 -::FFFF:129.144.52.38 -.Ed -.El -.Sh DIAGNOSTICS -The constant -.Dv INADDR_NONE -is returned by -.Fn inet_addr -and -.Fn inet_network -for malformed requests. -.Sh SEE ALSO -.Xr byteorder 3 , -.Xr gethostbyname 3 , -.Xr getnetent 3 , -.Xr inet_net 3 , -.Xr hosts 5 , -.Xr networks 5 -.Sh STANDARDS -The -.Nm inet_ntop -and -.Nm inet_pton -functions conforms to the IETF IPv6 BSD API and address formatting -specifications. -Note that -.Nm inet_pton -does not accept 1-, 2-, or 3-part dotted addresses; all four parts -must be specified. -This is a narrower input set than that accepted by -.Nm inet_aton . -.Sh HISTORY -The -.Nm inet_addr , -.Nm inet_network , -.Nm inet_makeaddr , -.Nm inet_lnaof -and -.Nm inet_netof -functions appeared in -.Bx 4.2 . -The -.Nm inet_aton -and -.Nm inet_ntoa -functions appeared in -.Bx 4.3 . -The -.Nm inet_pton -and -.Nm inet_ntop -functions appeared in BIND 4.9.4. -.Sh BUGS -The value -.Dv INADDR_NONE -(0xffffffff) is a valid broadcast address, but -.Fn inet_addr -cannot return that value without indicating failure. -Also, -.Fn inet_addr -should have been designed to return a -.Li struct in_addr . -The newer -.Fn inet_aton -function does not share these problems, and almost all existing code -should be modified to use -.Fn inet_aton -instead. -.Pp -The problem of host byte ordering versus network byte ordering is -confusing. -.Pp -The string returned by -.Fn inet_ntoa -resides in a static memory area. diff --git a/src/lib/libc/net/inet6_opt_init.3 b/src/lib/libc/net/inet6_opt_init.3 new file mode 100644 index 00000000000..dd7ab53f6f5 --- /dev/null +++ b/src/lib/libc/net/inet6_opt_init.3 @@ -0,0 +1,328 @@ +.\" $OpenBSD: inet6_opt_init.3,v 1.6 2014/01/21 03:15:45 schwarze Exp $ +.\" $KAME: inet6_opt_init.3,v 1.7 2004/12/27 05:08:23 itojun Exp $ +.\" +.\" Copyright (C) 2004 WIDE Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the project nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd $Mdocdate: January 21 2014 $ +.Dt INET6_OPT_INIT 3 +.Os +.\" +.Sh NAME +.Nm inet6_opt_init , +.Nm inet6_opt_append , +.Nm inet6_opt_finish , +.Nm inet6_opt_set_val , +.Nm inet6_opt_next , +.Nm inet6_opt_find , +.Nm inet6_opt_get_val +.Nd IPv6 Hop-by-Hop and Destination Options manipulation +.\" +.Sh SYNOPSIS +.In netinet/in.h +.Ft "int" +.Fn inet6_opt_init "void *extbuf" "socklen_t extlen" +.Ft "int" +.Fn inet6_opt_append "void *extbuf" "socklen_t extlen" "int offset" "u_int8_t type" "socklen_t len" "u_int8_t align" "void **databufp" +.Ft "int" +.Fn inet6_opt_finish "void *extbuf" "socklen_t extlen" "int offset" +.Ft "int" +.Fn inet6_opt_set_val "void *databuf" "int offset" "void *val" "socklen_t vallen" +.Ft "int" +.Fn inet6_opt_next "void *extbuf" "socklen_t extlen" "int offset" "u_int8_t *typep" "socklen_t *lenp" "void **databufp" +.Ft "int" +.Fn inet6_opt_find "void *extbuf" "socklen_t extlen" "int offset" "u_int8_t type" "socklen_t *lenp" "void **databufp" +.Ft "int" +.Fn inet6_opt_get_val "void *databuf" "socklen_t offset" "void *val" "socklen_t vallen" +.\" +.Sh DESCRIPTION +Building and parsing the Hop-by-Hop and Destination options is +complicated. +The advanced sockets API defines a set of functions to +help applications create and manipulate Hop-by-Hop and Destination +options. +These functions use the +formatting rules specified in Appendix B in RFC 2460, i.e. that the +largest field is placed last in the option. +The function prototypes +for these functions are all contained in the header file +.In netinet/in.h . +.\" +.Ss inet6_opt_init +The +.Fn inet6_opt_init +function +returns the number of bytes needed for an empty +extension header, one without any options. +If the +.Va extbuf +argument points to a valid section of memory +then the +.Fn inet6_opt_init +function also initializes the extension header's length field. +When attempting to initialize an extension buffer passed in the +.Va extbuf +argument, +.Fa extlen +must be a positive multiple of 8 or else the function fails and +returns \-1 to the caller. +.\" +.Ss inet6_opt_append +The +.Fn inet6_opt_append +function can perform different jobs. +When a valid +.Fa extbuf +argument is supplied it appends an option to the extension buffer and +returns the updated total length as well as a pointer to the newly +created option in +.Fa databufp . +If the value +of +.Fa extbuf +is +.Dv NULL +then the +.Fn inet6_opt_append +function only reports what the total length would +be if the option were actually appended. +The +.Fa len +and +.Fa align +arguments specify the length of the option and the required data +alignment which must be used when appending the option. +The +.Fa offset +argument should be the length returned by the +.Fn inet6_opt_init +function or a previous call to +.Fn inet6_opt_append . +.Pp +The +.Fa type +argument is the 8-bit option type. +.Pp +After +.Fn inet6_opt_append +has been called, the application can use the buffer pointed to by +.Fa databufp +directly, or use +.Fn inet6_opt_set_val +to specify the data to be contained in the option. +.Pp +Option types of +.Li 0 +and +.Li 1 +are reserved for the +.Li Pad1 +and +.Li PadN +options. +All other values from 2 through 255 may be used by applications. +.Pp +The length of the option data is contained in an 8-bit value and so +may contain any value from 0 through 255. +.Pp +The +.Fa align +parameter must have a value of 1, 2, 4, or 8 and cannot exceed the +value of +.Fa len . +The alignment values represent no alignment, 16-bit, 32-bit and 64-bit +alignments respectively. +.\" +.Ss inet6_opt_finish +The +.Fn inet6_opt_finish +calculates the final padding necessary to make the extension header a +multiple of 8 bytes, as required by the IPv6 extension header +specification, and returns the extension header's updated total +length. +The +.Fa offset +argument should be the length returned by +.Fn inet6_opt_init +or +.Fn inet6_opt_append . +When +.Fa extbuf +is not +.Dv NULL +the function also sets up the appropriate padding bytes by inserting a +Pad1 or PadN option of the proper length. +.Pp +If the extension header is too small to contain the proper padding +then an error of \-1 is returned to the caller. +.\" +.Ss inet6_opt_set_val +The +.Fn inet6_opt_set_val +function inserts data items of various sizes into the data portion of +the option. +The +.Fa databuf +argument is a pointer to memory that was returned by the +.Fn inet6_opt_append +call and the +.Fa offset +argument specifies where the option should be placed in the +data buffer. +The +.Fa val +argument points to an area of memory containing the data to be +inserted into the extension header, and the +.Fa vallen +argument indicates how much data to copy. +.Pp +The caller should ensure that each field is aligned on its natural +boundaries as described in Appendix B of RFC 2460. +.Pp +The function returns the offset for the next field which is calculated as +.Fa offset ++ +.Fa vallen +and is used when composing options with multiple fields. +.\" +.Ss inet6_opt_next +The +.Fn inet6_opt_next +function parses received extension headers. +The +.Fa extbuf +and +.Fa extlen +arguments specify the location and length of the extension header +being parsed. +The +.Fa offset +argument should either be zero, for the first option, or the length value +returned by a previous call to +.Fn inet6_opt_next +or +.Fn inet6_opt_find . +The return value specifies the position where to continue scanning the +extension buffer. +The option is returned in the arguments +.Fa typep , lenp , +and +.Fa databufp . +.Fa typep , lenp , +and +.Fa databufp +point to the 8-bit option type, the 8-bit option length and the option +data respectively. +This function does not return any PAD1 or PADN options. +When an error occurs or there are no more options the return +value is \-1. +.\" +.Ss inet6_opt_find +The +.Fn inet6_opt_find +function searches the extension buffer for a particular option type, +passed in through the +.Fa type +argument. +If the option is found then the +.Fa lenp +and +.Fa databufp +arguments are updated to point to the option's length and data +respectively. +.Fa extbuf +and +.Fa extlen +must point to a valid extension buffer and give its length. +The +.Fa offset +argument can be used to search from a location anywhere in the +extension header. +.Ss inet6_opt_get_val +The +.Fn inet6_opt_get_val +function extracts data items of various sizes in the data portion of +the option. +The +.Fa databuf +is a pointer returned by the +.Fn inet6_opt_next +or +.Fn inet6_opt_find +functions. +The +.Fa val +argument points to where the data will be extracted. +The +.Fa offset +argument specifies from where in the data portion of the option the +value should be extracted; the first byte of option data is specified +by an offset of zero. +.Pp +It is expected that each field is aligned on its natural boundaries as +described in Appendix B of RFC 2460. +.Pp +The function returns the offset for the next field +by calculating +.Fa offset ++ +.Fa vallen +which can be used when extracting option content with multiple fields. +Robust receivers must verify alignment before calling this function. +.\" +.Sh EXAMPLES +RFC 3542 gives comprehensive examples in Section 23. +KAME also provides examples in the +.Pa advapitest +directory of its kit. +.\" +.Sh DIAGNOSTICS +All the functions return +\-1 +on an error. +.\" +.Sh STANDARDS +.Rs +.%A S. Deering +.%A R. Hinden +.%D December 1998 +.%R RFC 2460 +.%T Internet Protocol, Version 6 (IPv6) Specification +.Re +.Pp +.Rs +.%A W. Stevens +.%A M. Thomas +.%A E. Nordmark +.%A T. Jinmei +.%D May 2003 +.%R RFC 3542 +.%T Advanced Sockets Application Program Interface (API) for IPv6 +.Re +.Sh HISTORY +The implementation first appeared in KAME advanced networking kit. +.\" diff --git a/src/lib/libc/net/inet6_option_space.3 b/src/lib/libc/net/inet6_option_space.3 deleted file mode 100644 index 73419d5239b..00000000000 --- a/src/lib/libc/net/inet6_option_space.3 +++ /dev/null @@ -1,452 +0,0 @@ -.\" $OpenBSD: inet6_option_space.3,v 1.8 2001/06/23 05:57:04 deraadt Exp $ -.\" $KAME: inet6_option_space.3,v 1.7 2000/05/17 14:32:13 itojun Exp $ -.\" -.\" Copyright (c) 1983, 1987, 1991, 1993 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.Dd December 10, 1999 -.Dt INET6_OPTION_SPACE 3 -.Os -.\" -.Sh NAME -.Nm inet6_option_space , -.Nm inet6_option_init , -.Nm inet6_option_append , -.Nm inet6_option_alloc , -.Nm inet6_option_next , -.Nm inet6_option_find -.Nd IPv6 Hop-by-Hop and Destination Options manipulation -.\" -.Sh SYNOPSIS -.Fd #include -.Ft "int" -.Fn inet6_option_space "int nbytes" -.Ft "int" -.Fn inet6_option_init "void *bp" "struct cmsghdr **cmsgp" "int type" -.Ft "int" -.Fn inet6_option_append "struct cmsghdr *cmsg" "const u_int8_t *typep" "int multx" "int plusy" -.Ft "u_int8_t *" -.Fn inet6_option_alloc "struct cmsghdr *cmsg" "int datalen" "int multx" "int plusy"; -.Ft "int" -.Fn inet6_option_next "const struct cmsghdr *cmsg" "u_int8_t **tptrp" -.Ft "int" -.Fn inet6_option_find "const struct cmsghdr *cmsg" "u_int8_t **tptrp" "int type" -.\" -.Sh DESCRIPTION -.\" -Building and parsing the Hop-by-Hop and Destination options is -complicated due to alignment constranints, padding and -ancillary data manipulation. -RFC2292 defines a set of functions to help the application. -The function prototypes for -these functions are all in the -.Aq Li netinet/in.h -header. -.\" -.Ss inet6_option_space -.Fn inet6_option_space -returns the number of bytes required to hold an option when it is stored as -ancillary data, including the -.Li cmsghdr -structure at the beginning, -and any padding at the end -.Po -to make its size a multiple of 8 bytes -.Pc . -The argument is the size of the structure defining the option, -which must include any pad bytes at the beginning -.Po -the value -.Li y -in the alignment term -.Dq Li xn + y -.Pc , -the type byte, the length byte, and the option data. -.Pp -Note: If multiple options are stored in a single ancillary data -object, which is the recommended technique, this function -overestimates the amount of space required by the size of -.Li N-1 -.Li cmsghdr -structures, -where -.Li N -is the number of options to be stored in the object. -This is of little consequence, since it is assumed that most -Hop-by-Hop option headers and Destination option headers carry only -one option -.Pq appendix B of [RFC-2460] . -.\" -.Ss inet6_option_init -.Fn inet6_option_init -is called once per ancillary data object that will -contain either Hop-by-Hop or Destination options. -It returns -.Li 0 -on success or -.Li -1 -on an error. -.Pp -.Fa bp -is a pointer to previously allocated space that will contain the -ancillary data object. -It must be large enough to contain all the -individual options to be added by later calls to -.Fn inet6_option_append -and -.Fn inet6_option_alloc . -.Pp -.Fa cmsgp -is a pointer to a pointer to a -.Li cmsghdr -structure. -.Fa *cmsgp -is initialized by this function to point to the -.Li cmsghdr -structure constructed by this function in the buffer pointed to by -.Fa bp . -.Pp -.Fa type -is either -.Dv IPV6_HOPOPTS -or -.Dv IPV6_DSTOPTS . -This -.Fa type -is stored in the -.Li cmsg_type -member of the -.Li cmsghdr -structure pointed to by -.Fa *cmsgp . -.\" -.Ss inet6_option_append -This function appends a Hop-by-Hop option or a Destination option -into an ancillary data object that has been initialized by -.Fn inet6_option_init . -This function returns -.Li 0 -if it succeeds or -.Li -1 -on an error. -.Pp -.Fa cmsg -is a pointer to the -.Li cmsghdr -structure that must have been -initialized by -.Fn inet6_option_init . -.Pp -.Fa typep -is a pointer to the 8-bit option type. -It is assumed that this -field is immediately followed by the 8-bit option data length field, -which is then followed immediately by the option data. -The caller -initializes these three fields -.Pq the type-length-value, or TLV -before calling this function. -.Pp -The option type must have a value from -.Li 2 -to -.Li 255 , -inclusive. -.Po -.Li 0 -and -.Li 1 -are reserved for the -.Li Pad1 -and -.Li PadN -options, respectively. -.Pc -.Pp -The option data length must have a value between -.Li 0 -and -.Li 255 , -inclusive, and is the length of the option data that follows. -.Pp -.Fa multx -is the value -.Li x -in the alignment term -.Dq Li xn + y . -It must have a value of -.Li 1 , -.Li 2 , -.Li 4 , -or -.Li 8 . -.Pp -.Fa plusy -is the value -.Li y -in the alignment term -.Dq Li xn + y . -It must have a value between -.Li 0 -and -.Li 7 , -inclusive. -.\" -.Ss inet6_option_alloc -This function appends a Hop-by-Hop option or a Destination option -into an ancillary data object that has been initialized by -.Fn inet6_option_init . -This function returns a pointer to the 8-bit -option type field that starts the option on success, or -.Dv NULL -on an error. -.Pp -The difference between this function and -.Fn inet6_option_append -is that the latter copies the contents of a previously built option into -the ancillary data object while the current function returns a -pointer to the space in the data object where the option's TLV must -then be built by the caller. -.Pp -.Fa cmsg -is a pointer to the -.Li cmsghdr -structure that must have been -initialized by -.Fn inet6_option_init . -.Pp -.Fa datalen -is the value of the option data length byte for this option. -This value is required as an argument to allow the function to -determine if padding must be appended at the end of the option. -.Po -The -.Fn inet6_option_append -function does not need a data length argument -since the option data length must already be stored by the caller. -.Pc -.Pp -.Fa multx -is the value -.Li x -in the alignment term -.Dq Li xn + y . -It must have a value of -.Li 1 , -.Li 2 , -.Li 4 , -or -.Li 8 . -.Pp -.Fa plusy -is the value -.Li y -in the alignment term -.Dq Li xn + y . -It must have a value between -.Li 0 -and -.Li 7 , -inclusive. -.\" -.Ss inet6_option_next -This function processes the next Hop-by-Hop option or Destination -option in an ancillary data object. -If another option remains to be -processed, the return value of the function is -.Li 0 -and -.Fa *tptrp -points to -the 8-bit option type field -.Po -which is followed by the 8-bit option -data length, followed by the option data -.Pc . -If no more options remain -to be processed, the return value is -.Li -1 -and -.Fa *tptrp -is -.Dv NULL . -If an error occurs, the return value is -.Li -1 -and -.Fa *tptrp -is not -.Dv NULL . -.Pp -.Fa cmsg -is a pointer to -.Li cmsghdr -structure of which -.Li cmsg_level -equals -.Dv IPPROTO_IPV6 -and -.Li cmsg_type -equals either -.Dv IPV6_HOPOPTS -or -.Dv IPV6_DSTOPTS . -.Pp -.Fa tptrp -is a pointer to a pointer to an 8-bit byte and -.Fa *tptrp -is used -by the function to remember its place in the ancillary data object -each time the function is called. -The first time this function is -called for a given ancillary data object, -.Fa *tptrp -must be set to -.Dv NULL . -.Pp -Each time this function returns success, -.Fa *tptrp -points to the 8-bit -option type field for the next option to be processed. -.\" -.Ss inet6_option_find -This function is similar to the previously described -.Fn inet6_option_next -function, except this function lets the caller -specify the option type to be searched for, instead of always -returning the next option in the ancillary data object. -.Fa cmsg -is a -pointer to -.Li cmsghdr -structure of which -.Li cmsg_level -equals -.Dv IPPROTO_IPV6 -and -.Li cmsg_type -equals either -.Dv IPV6_HOPOPTS -or -.Dv IPV6_DSTOPTS . -.Pp -.Fa tptrp -is a pointer to a pointer to an 8-bit byte and -.Fa *tptrp -is used -by the function to remember its place in the ancillary data object -each time the function is called. -The first time this function is -called for a given ancillary data object, -.Fa *tptrp -must be set to -.Dv NULL . -.Pa -This function starts searching for an option of the specified type -beginning after the value of -.Fa *tptrp . -If an option of the specified -type is located, this function returns -.Li 0 -and -.Fa *tptrp -points to the 8- -bit option type field for the option of the specified type. -If an -option of the specified type is not located, the return value is -.Li -1 -and -.Fa *tptrp -is -.Dv NULL . -If an error occurs, the return value is -.Li -1 -and -.Fa *tptrp -is not -.Dv NULL . -.\" -.Sh DIAGNOSTICS -.Fn inet6_option_init -and -.Fn inet6_option_append -return -.Li 0 -on success or -.Li -1 -on an error. -.Pp -.Fn inet6_option_alloc -returns -.Dv NULL -on an error. -.Pp -On errors, -.Fn inet6_option_next -and -.Fn inet6_option_find -return -.Li -1 -setting -.Fa *tptrp -to non -.Dv NULL -value. -.\" -.Sh EXAMPLES -RFC2292 gives comprehensive examples in chapter 6. -.\" -.Sh SEE ALSO -.Rs -.%A W. Stevens -.%A M. Thomas -.%T "Advanced Sockets API for IPv6" -.%N RFC2292 -.%D February 1998 -.Re -.Rs -.%A S. Deering -.%A R. Hinden -.%T "Internet Protocol, Version 6 (IPv6) Specification" -.%N RFC2460 -.%D December 1998 -.Re -.\" -.Sh HISTORY -The implementation first appeared in KAME advanced networking kit. -.\" -.Sh STANDARDS -The functions -are documented in -.Dq Advanced Sockets API for IPv6 -.Pq RFC2292 . -.\" -.Sh BUGS -The text was shamelessly copied from RFC2292. diff --git a/src/lib/libc/net/inet6_rth_space.3 b/src/lib/libc/net/inet6_rth_space.3 new file mode 100644 index 00000000000..fd69da24556 --- /dev/null +++ b/src/lib/libc/net/inet6_rth_space.3 @@ -0,0 +1,220 @@ +.\" $OpenBSD: inet6_rth_space.3,v 1.7 2014/06/11 16:59:47 chrisz Exp $ +.\" $KAME: inet6_rth_space.3,v 1.7 2005/01/05 03:00:44 itojun Exp $ +.\" +.\" Copyright (C) 2004 WIDE Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the project nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd $Mdocdate: June 11 2014 $ +.Dt INET6_RTH_SPACE 3 +.Os +.\" +.Sh NAME +.Nm inet6_rth_space , +.Nm inet6_rth_init , +.Nm inet6_rth_add , +.Nm inet6_rth_reverse , +.Nm inet6_rth_segments , +.Nm inet6_rth_getaddr +.Nd IPv6 Routing Header Options manipulation +.\" +.Sh SYNOPSIS +.In netinet/in.h +.Ft socklen_t +.Fn inet6_rth_space "int" "int" +.Ft "void *" +.Fn inet6_rth_init "void *" "socklen_t" "int" "int" +.Ft int +.Fn inet6_rth_add "void *" "const struct in6_addr *" +.Ft int +.Fn inet6_rth_reverse "const void *" "void *" +.Ft int +.Fn inet6_rth_segments "const void *" +.Ft "struct in6_addr *" +.Fn inet6_rth_getaddr "const void *" "int" +.\" +.Sh DESCRIPTION +The IPv6 Advanced API, RFC 3542, defines the functions that an +application calls to build and examine IPv6 Routing headers. +Routing headers are used to perform source routing in IPv6 networks. +The RFC uses the word +.Dq segments +to describe addresses and that is the term used here as well. +All of the functions are defined in the header file +.In netinet/in.h . +The functions described in this manual page all operate +on routing header structures which are defined in +.In netinet/ip6.h +but which should not need to be modified outside the use of this API. +The size and shape of the route header structures may change, so using +the APIs is a more portable, long term, solution. +.Pp +The functions in the API are split into two groups, those that build a +routing header and those that parse a received routing header. +The builder functions are described first, followed by the parser functions. +.Ss inet6_rth_space +The +.Fn inet6_rth_space +function returns the number of bytes required to hold a Routing Header +of the type, specified in the +.Fa type +argument and containing the number of addresses specified in the +.Fa segments +argument. +When the type is +.Dv IPV6_RTHDR_TYPE_0 +the number of segments must be from 0 through 127. +The return value from this function is the number of bytes required to +store the routing header. +If the value 0 is returned then either the +route header type was not recognized or another error occurred. +.Ss inet6_rth_init +The +.Fn inet6_rth_init +function initializes the pre-allocated buffer pointed to by +.Fa bp +to contain a routing header of the specified type. +The +.Fa bp_len +argument is used to verify that the buffer is large enough. +The caller must allocate the buffer pointed to by bp. +The necessary buffer size should be determined by calling +.Fn inet6_rth_space +described in the previous sections. +.Pp +The +.Fn inet6_rth_init +function returns a pointer to +.Fa bp +on success and +.Dv NULL +when there is an error. +.Ss inet6_rth_add +The +.Fn inet6_rth_add +function adds the IPv6 address pointed to by +.Fa addr +to the end of the routing header being constructed. +.Pp +A successful addition results in the function returning 0, otherwise +\-1 is returned. +.Ss inet6_rth_reverse +The +.Fn inet6_rth_reverse +function takes a routing header, pointed to by the +argument +.Fa in , +and writes a new routing header into the argument pointed to by +.Fa out . +The routing header at that sends datagrams along the reverse of that +route. +Both arguments are allowed to point to the same buffer meaning +that the reversal can occur in place. +.Pp +The return value of the function is 0 on success, or \-1 when +there is an error. +.\" +.Pp +The next set of functions operate on a routing header that the +application wants to parse. +In the usual case such a routing header +is received from the network, although these functions can also be +used with routing headers that the application itself created. +.Ss inet6_rth_segments +The +.Fn inet6_rth_segments +function returns the number of segments contained in the +routing header pointed to by +.Fa bp . +The return value is the number of segments contained in the routing +header, or \-1 if an error occurred. +It is not an error for 0 to be +returned as a routing header may contain 0 segments. +.\" +.Ss inet6_rth_getaddr +The +.Fn inet6_rth_getaddr +function is used to retrieve a single address from a routing header. +The +.Fa index +is the location in the routing header from which the application wants +to retrieve an address. +The +.Fa index +parameter must have a value between 0 and one less than the number of +segments present in the routing header. +The +.Fn inet6_rth_segments +function, described in the last section, should be used to determine +the total number of segments in the routing header. +The +.Fn inet6_rth_getaddr +function returns a pointer to an IPv6 address on success or +.Dv NULL +when an error has occurred. +.\" +.Sh EXAMPLES +RFC 3542 gives extensive examples in Section 21, Appendix B. +KAME also provides examples in the advapitest directory of its kit. +.\" +.Sh DIAGNOSTICS +The +.Fn inet6_rth_space +and +.Fn inet6_rth_getaddr +functions return 0 on errors. +.Pp +The +.Fn inet6_rth_init +function returns +.Dv NULL +on error. +The +.Fn inet6_rth_add +and +.Fn inet6_rth_reverse +functions return 0 on success, or \-1 upon an error. +.\" +.Sh STANDARDS +.Rs +.%A S. Deering +.%A R. Hinden +.%D December 1998 +.%R RFC 2460 +.%T Internet Protocol, Version 6 (IPv6) Specification +.Re +.Pp +.Rs +.%A W. Stevens +.%A M. Thomas +.%A E. Nordmark +.%A T. Jinmei +.%D May 2003 +.%R RFC 3542 +.%T Advanced Sockets Application Programming Interface (API) for IPv6 +.Re +.Sh HISTORY +The implementation first appeared in KAME advanced networking kit. diff --git a/src/lib/libc/net/inet6_rthdr_space.3 b/src/lib/libc/net/inet6_rthdr_space.3 deleted file mode 100644 index cafe0d2645e..00000000000 --- a/src/lib/libc/net/inet6_rthdr_space.3 +++ /dev/null @@ -1,325 +0,0 @@ -.\" $OpenBSD: inet6_rthdr_space.3,v 1.8 2001/06/23 05:57:04 deraadt Exp $ -.\" $KAME: inet6_rthdr_space.3,v 1.8 2000/05/17 14:30:15 itojun Exp $ -.\" -.\" Copyright (c) 1983, 1987, 1991, 1993 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.Dd December 10, 1999 -.Dt INET6_RTHDR_SPACE 3 -.Os -.\" -.Sh NAME -.Nm inet6_rthdr_space , -.Nm inet6_rthdr_init , -.Nm inet6_rthdr_add , -.Nm inet6_rthdr_lasthop , -.Nm inet6_rthdr_reverse , -.Nm inet6_rthdr_segments , -.Nm inet6_rthdr_getaddr , -.Nm inet6_rthdr_getflags -.Nd IPv6 Routing Header Options manipulation -.\" -.Sh SYNOPSIS -.Fd #include -.Ft size_t -.Fn inet6_rthdr_space "int type" "int segments" -.Ft "struct cmsghdr *" -.Fn inet6_rthdr_init "void *bp" "int type" -.Ft int -.Fn inet6_rthdr_add "struct cmsghdr *cmsg" "const struct in6_addr *addr" "unsigned int flags" -.Ft int -.Fn inet6_rthdr_lasthop "struct cmsghdr *cmsg" "unsigned int flags" -.Ft int -.Fn inet6_rthdr_reverse "const struct cmsghdr *in" "struct cmsghdr *out" -.Ft int -.Fn inet6_rthdr_segments "const struct cmsghdr *cmsg" -.Ft "struct in6_addr *" -.Fn inet6_rthdr_getaddr "struct cmsghdr *cmsg" "int index" -.Ft int -.Fn inet6_rthdr_getflags "const struct cmsghdr *cmsg" "int index" -.\" -.Sh DESCRIPTION -RFC2292 IPv6 advanced API defines eight -functions that the application calls to build and examine a Routing -header. -Four functions build a Routing header: -.Bl -hang -.It Fn inet6_rthdr_space -return #bytes required for ancillary data -.It Fn inet6_rthdr_init -initialize ancillary data for Routing header -.It Fn inet6_rthdr_add -add IPv6 address & flags to Routing header -.It Fn inet6_rthdr_lasthop -specify the flags for the final hop -.El -.Pp -Four functions deal with a returned Routing header: -.Bl -hang -.It Fn inet6_rthdr_reverse -reverse a Routing header -.It Fn inet6_rthdr_segments -return #segments in a Routing header -.It Fn inet6_rthdr_getaddr -fetch one address from a Routing header -.It Fn inet6_rthdr_getflags -fetch one flag from a Routing header -.El -.Pp -The function prototypes for these functions are all in the -.Aq Li netinet/in.h -header. -.\" -.Ss inet6_rthdr_space -This function returns the number of bytes required to hold a Routing -header of the specified -.Fa type -containing the specified number of -.Fa segments -.Pq addresses . -For an IPv6 Type 0 Routing header, the number -of segments must be between 1 and 23, inclusive. -The return value -includes the size of the cmsghdr structure that precedes the Routing -header, and any required padding. -.Pp -If the return value is 0, then either the type of the Routing header -is not supported by this implementation or the number of segments is -invalid for this type of Routing header. -.Pp -Note: This function returns the size but does not allocate the space -required for the ancillary data. -This allows an application to -allocate a larger buffer, if other ancillary data objects are -desired, since all the ancillary data objects must be specified to -.Xr sendmsg 2 -as a single -.Li msg_control -buffer. -.\" -.Ss inet6_rthdr_init -This function initializes the buffer pointed to by -.Fa bp -to contain a -.Li cmsghdr -structure followed by a Routing header of the specified -.Fa type . -The -.Li cmsg_len -member of the -.Li cmsghdr -structure is initialized to the -size of the structure plus the amount of space required by the -Routing header. -The -.Li cmsg_level -and -.Li cmsg_type -members are also initialized as required. -.Pp -The caller must allocate the buffer and its size can be determined by -calling -.Fn inet6_rthdr_space . -.Pp -Upon success the return value is the pointer to the -.Li cmsghdr -structure, and this is then used as the first argument to the next -two functions. -Upon an error the return value is -.Dv NULL . -.\" -.Ss inet6_rthdr_add -This function adds the address pointed to by -.Fa addr -to the end of the -Routing header being constructed and sets the type of this hop to the -value of -.Fa flags . -For an IPv6 Type 0 Routing header, -.Fa flags -must be -either -.Dv IPV6_RTHDR_LOOSE -or -.Dv IPV6_RTHDR_STRICT . -.Pp -If successful, the -.Li cmsg_len -member of the -.Li cmsghdr -structure is -updated to account for the new address in the Routing header and the -return value of the function is 0. -Upon an error the return value of -the function is -1. -.\" -.Ss inet6_rthdr_lasthop -This function specifies the Strict/Loose flag for the final hop of a -Routing header. -For an IPv6 Type 0 Routing header, -.Fa flags -must be either -.Dv IPV6_RTHDR_LOOSE -or -.Dv IPV6_RTHDR_STRICT . -.Pp -The return value of the function is 0 upon success, or -1 upon an error. -.Pp -Notice that a Routing header specifying -.Li N -intermediate nodes requires -.Li N+1 -Strict/Loose flags. -This requires -.Li N -calls to -.Fn inet6_rthdr_add -followed by one call to -.Fn inet6_rthdr_lasthop . -.\" -.Ss inet6_rthdr_reverse -This function takes a Routing header that was received as ancillary -data -.Po -pointed to by the first argument, -.Fa in -.Pc -and writes a new Routing -header that sends datagrams along the reverse of that route. -Both -arguments are allowed to point to the same buffer -.Pq that is, the reversal can occur in place . -.Pp -The return value of the function is 0 on success, or -1 upon an -error. -.\" -.Ss inet6_rthdr_segments -This function returns the number of segments -.Pq addresses -contained in -the Routing header described by -.Fa cmsg . -On success the return value is -between 1 and 23, inclusive. -The return value of the function is -1 upon an error. -.\" -.Ss inet6_rthdr_getaddr -This function returns a pointer to the IPv6 address specified by -.Fa index -.Po -which must have a value between 1 and the value returned by -.Fn inet6_rthdr_segments -.Pc -in the Routing header described by -.Fa cmsg . -An -application should first call -.Fn inet6_rthdr_segments -to obtain the number of segments in the Routing header. -.Pp -Upon an error the return value of the function is -.Dv NULL . -.\" -.Ss inet6_rthdr_getflags -This function returns the flags value specified by -.Fa index -.Po -which must -have a value between 0 and the value returned by -.Fn inet6_rthdr_segments -.Pc -in the Routing header described by -.Fa cmsg . -For an IPv6 Type 0 Routing header the return value will be either -.Dv IPV6_RTHDR_LOOSE -or -.Dv IPV6_RTHDR_STRICT . -.Pp -Upon an error the return value of the function is -1. -.Pp -Note: Addresses are indexed starting at 1, and flags starting at 0, -to maintain consistency with the terminology and figures in RFC2460. -.\" -.Sh DIAGNOSTICS -.Fn inet6_rthdr_space -returns 0 on errors. -.Pp -.Fn inet6_rthdr_add , -.Fn inet6_rthdr_lasthop -and -.Fn inet6_rthdr_reverse -return 0 on success, and returns -1 on error. -.Pp -.Fn inet6_rthdr_init -and -.Fn inet6_rthdr_getaddr -return -.Dv NULL -on error. -.Pp -.Fn inet6_rthdr_segments -and -.Fn inet6_rthdr_getflags -return -1 on error. -.\" -.Sh EXAMPLES -RFC2292 gives comprehensive examples in chapter 8. -.\" -.Sh SEE ALSO -.Rs -.%A W. Stevens -.%A M. Thomas -.%T "Advanced Sockets API for IPv6" -.%N RFC2292 -.%D February 1998 -.Re -.Rs -.%A S. Deering -.%A R. Hinden -.%T "Internet Protocol, Version 6 (IPv6) Specification" -.%N RFC2460 -.%D December 1998 -.Re -.\" -.Sh HISTORY -The implementation first appeared in KAME advanced networking kit. -.\" -.Sh STANDARDS -The functions -are documented in -.Dq Advanced Sockets API for IPv6 -.Pq RFC2292 . -.\" -.Sh BUGS -The text was shamelessly copied from RFC2292. -.Pp -.Fn inet6_rthdr_reverse -is not implemented yet. diff --git a/src/lib/libc/net/inet_addr.3 b/src/lib/libc/net/inet_addr.3 new file mode 100644 index 00000000000..231f94ff1b8 --- /dev/null +++ b/src/lib/libc/net/inet_addr.3 @@ -0,0 +1,195 @@ +.\" $OpenBSD: inet_addr.3,v 1.3 2018/04/28 16:03:43 schwarze Exp $ +.\" $NetBSD: inet.3,v 1.7 1997/06/18 02:25:24 lukem Exp $ +.\" +.\" Copyright (c) 1983, 1990, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)inet.3 8.1 (Berkeley) 6/4/93 +.\" +.Dd $Mdocdate: April 28 2018 $ +.Dt INET_ADDR 3 +.Os +.Sh NAME +.Nm inet_aton , +.Nm inet_addr , +.Nm inet_network , +.Nm inet_ntoa +.Nd Internet Protocol version 4 (IPv4) address manipulation routines +.Sh SYNOPSIS +.In arpa/inet.h +.Ft int +.Fn inet_aton "const char *cp" "struct in_addr *addr" +.Ft in_addr_t +.Fn inet_addr "const char *cp" +.Ft in_addr_t +.Fn inet_network "const char *cp" +.Ft char * +.Fn inet_ntoa "struct in_addr in" +.Sh DESCRIPTION +The functions presented here only support IPv4 addresses. +In order to support IPv6 addresses as well, +.Xr inet_ntop 3 +and +.Xr inet_pton 3 +should be used rather than the functions presented here. +Scoped IPv6 addresses are supported via +.Xr getaddrinfo 3 +and +.Xr getnameinfo 3 . +.Pp +The routines +.Fn inet_aton , +.Fn inet_addr , +and +.Fn inet_network +interpret character strings representing +numbers expressed in the Internet standard +.Dq dot +notation. +.Pp +The +.Fn inet_aton +routine interprets the specified character string as an Internet address, +placing the address into the structure provided. +It returns 1 if the string was successfully interpreted, +or 0 if the string was invalid. +.Pp +The +.Fn inet_addr +and +.Fn inet_network +functions return numbers suitable for use +as Internet addresses and Internet network +numbers, respectively. +Both functions return the constant +.Dv INADDR_NONE +if the specified character string is malformed. +.Pp +The routine +.Fn inet_ntoa +takes an Internet address and returns an +ASCII string representing the address in dot notation. +.Pp +All Internet addresses are returned in network +order (bytes ordered from left to right). +All network numbers and local address parts are +returned as machine format integer values. +.Sh INTERNET ADDRESSES (IP VERSION 4) +Values specified using dot notation take one of the following forms: +.Bd -literal -offset indent +a.b.c.d +a.b.c +a.b +a +.Ed +.Pp +When four parts are specified, each is interpreted +as a byte of data and assigned, from left to right, +to the four bytes of an Internet address. +Note that when an Internet address is viewed as a 32-bit +integer quantity on a system that uses little-endian +byte order +(such as AMD64 or ARM processors) +the bytes referred to above appear as +.Dq Li d.c.b.a . +That is, little-endian bytes are ordered from right to left. +.Pp +When a three part address is specified, the last +part is interpreted as a 16-bit quantity and placed +in the rightmost two bytes of the network address. +This makes the three part address format convenient +for specifying Class B network addresses as +.Dq Li 128.net.host . +.Pp +When a two part address is supplied, the last part +is interpreted as a 24-bit quantity and placed in +the rightmost three bytes of the network address. +This makes the two part address format convenient +for specifying Class A network addresses as +.Dq Li net.host . +.Pp +When only one part is given, the value is stored +directly in the network address without any byte +rearrangement. +.Pp +All numbers supplied as +.Dq parts +in a dot notation +may be decimal, octal, or hexadecimal, as specified +in the C language (i.e., a leading 0x or 0X implies +hexadecimal; a leading 0 implies octal; +otherwise, the number is interpreted as decimal). +.Sh SEE ALSO +.Xr byteorder 3 , +.Xr gethostbyname 3 , +.Xr inet_lnaof 3 , +.Xr inet_net 3 , +.Xr inet_ntop 3 , +.Xr hosts 5 +.Sh STANDARDS +The +.Nm inet_addr +and +.Nm inet_aton +functions conform to +.St -p1003.1-2008 . +.Sh HISTORY +The +.Nm inet_addr +and +.Nm inet_network +functions appeared in +.Bx 4.2 . +The +.Nm inet_aton +and +.Nm inet_ntoa +functions appeared in +.Bx 4.3 . +.Sh BUGS +The value +.Dv INADDR_NONE +(0xffffffff) is a valid broadcast address, but +.Fn inet_addr +cannot return that value without indicating failure. +Also, +.Fn inet_addr +should have been designed to return a +.Li struct in_addr . +The newer +.Fn inet_aton +function does not share these problems, and almost all existing code +should be modified to use +.Fn inet_aton +instead. +.Pp +The problem of host byte ordering versus network byte ordering is +confusing. +.Pp +The string returned by +.Fn inet_ntoa +resides in a static memory area. diff --git a/src/lib/libc/net/inet_addr.c b/src/lib/libc/net/inet_addr.c index 6203ccdaacf..62d46ad664f 100644 --- a/src/lib/libc/net/inet_addr.c +++ b/src/lib/libc/net/inet_addr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: inet_addr.c,v 1.6 1999/05/03 22:31:14 yanick Exp $ */ +/* $OpenBSD: inet_addr.c,v 1.12 2015/09/13 21:36:08 guenther Exp $ */ /* * ++Copyright++ 1983, 1990, 1993 @@ -14,11 +14,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -55,17 +51,7 @@ * --Copyright-- */ -#if defined(LIBC_SCCS) && !defined(lint) -#if 0 -static char sccsid[] = "@(#)inet_addr.c 8.1 (Berkeley) 6/17/93"; -static char rcsid[] = "$From: inet_addr.c,v 8.5 1996/08/05 08:31:35 vixie Exp $"; -#else -static char rcsid[] = "$OpenBSD: inet_addr.c,v 1.6 1999/05/03 22:31:14 yanick Exp $"; -#endif -#endif /* LIBC_SCCS and not lint */ - #include -#include #include #include #include @@ -75,8 +61,7 @@ static char rcsid[] = "$OpenBSD: inet_addr.c,v 1.6 1999/05/03 22:31:14 yanick Ex * The value returned is in network order. */ in_addr_t -inet_addr(cp) - register const char *cp; +inet_addr(const char *cp) { struct in_addr val; @@ -93,15 +78,13 @@ inet_addr(cp) * cannot distinguish between failure and a local broadcast address. */ int -inet_aton(cp, addr) - register const char *cp; - struct in_addr *addr; +inet_aton(const char *cp, struct in_addr *addr) { - register in_addr_t val; - register int base, n; - register char c; + in_addr_t val; + int base, n; + char c; u_int parts[4]; - register u_int *pp = parts; + u_int *pp = parts; c = *cp; for (;;) { @@ -110,7 +93,7 @@ inet_aton(cp, addr) * Values are specified as for C: * 0x=hex, 0=octal, isdigit=decimal. */ - if (!isdigit(c)) + if (!isdigit((unsigned char)c)) return (0); val = 0; base = 10; if (c == '0') { @@ -121,12 +104,15 @@ inet_aton(cp, addr) base = 8; } for (;;) { - if (isascii(c) && isdigit(c)) { + if (isascii((unsigned char)c) && + isdigit((unsigned char)c)) { val = (val * base) + (c - '0'); c = *++cp; - } else if (base == 16 && isascii(c) && isxdigit(c)) { + } else if (base == 16 && + isascii((unsigned char)c) && + isxdigit((unsigned char)c)) { val = (val << 4) | - (c + 10 - (islower(c) ? 'a' : 'A')); + (c + 10 - (islower((unsigned char)c) ? 'a' : 'A')); c = *++cp; } else break; @@ -148,7 +134,8 @@ inet_aton(cp, addr) /* * Check for trailing characters. */ - if (c != '\0' && (!isascii(c) || !isspace(c))) + if (c != '\0' && + (!isascii((unsigned char)c) || !isspace((unsigned char)c))) return (0); /* * Concoct the address according to @@ -185,3 +172,4 @@ inet_aton(cp, addr) addr->s_addr = htonl(val); return (1); } +DEF_WEAK(inet_aton); diff --git a/src/lib/libc/net/inet_lnaof.3 b/src/lib/libc/net/inet_lnaof.3 new file mode 100644 index 00000000000..70b4fee485c --- /dev/null +++ b/src/lib/libc/net/inet_lnaof.3 @@ -0,0 +1,89 @@ +.\" $OpenBSD: inet_lnaof.3,v 1.3 2018/04/28 16:03:43 schwarze Exp $ +.\" $NetBSD: inet.3,v 1.7 1997/06/18 02:25:24 lukem Exp $ +.\" +.\" Copyright (c) 1983, 1990, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)inet.3 8.1 (Berkeley) 6/4/93 +.\" +.Dd $Mdocdate: April 28 2018 $ +.Dt INET_LNAOF 3 +.Os +.Sh NAME +.Nm inet_makeaddr , +.Nm inet_netof , +.Nm inet_lnaof +.Nd routines for manipulating classful Internet Protocol version 4 (IPv4) addresses +.Sh SYNOPSIS +.In arpa/inet.h +.Ft struct in_addr +.Fn inet_makeaddr "in_addr_t net" "in_addr_t lna" +.Ft in_addr_t +.Fn inet_netof "struct in_addr in" +.Ft in_addr_t +.Fn inet_lnaof "struct in_addr in" +.Sh DESCRIPTION +As originally designed, +IP version 4 split each address into a network part and local network +address part, encoding that split into the address itself. +It is frequency-encoded; +the most-significant bit is clear in Class A addresses, +in which the high-order 8 bits are the network number. +Class B addresses use the high-order 16 bits as the network field, +and Class C addresses have a 24-bit network part. +.Pp +The routine +.Fn inet_makeaddr +takes an Internet network number and a local +network address and constructs an Internet address +from it. +.Pp +The routines +.Fn inet_netof +and +.Fn inet_lnaof +break apart Internet host addresses, returning +the network number and local network address part, +respectively. +.Pp +All Internet addresses are returned in network +order (bytes ordered from left to right). +All network numbers and local address parts are +returned as machine format integer values. +.Sh SEE ALSO +.Xr gethostbyname 3 , +.Xr inet_addr 3 , +.Xr inet_net 3 , +.Xr hosts 5 +.Sh HISTORY +The +.Nm inet_makeaddr , +.Nm inet_lnaof , +and +.Nm inet_netof +functions appeared in +.Bx 4.2 . diff --git a/src/lib/libc/net/inet_lnaof.c b/src/lib/libc/net/inet_lnaof.c index 6aed18699b4..92845387d37 100644 --- a/src/lib/libc/net/inet_lnaof.c +++ b/src/lib/libc/net/inet_lnaof.c @@ -1,3 +1,4 @@ +/* $OpenBSD: inet_lnaof.c,v 1.7 2015/01/16 16:48:51 deraadt Exp $ */ /* * Copyright (c) 1983, 1993 * The Regents of the University of California. All rights reserved. @@ -10,11 +11,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -31,11 +28,6 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$OpenBSD: inet_lnaof.c,v 1.3 1997/04/05 21:13:11 millert Exp $"; -#endif /* LIBC_SCCS and not lint */ - -#include #include #include @@ -45,10 +37,9 @@ static char rcsid[] = "$OpenBSD: inet_lnaof.c,v 1.3 1997/04/05 21:13:11 millert * number formats. */ in_addr_t -inet_lnaof(in) - struct in_addr in; +inet_lnaof(struct in_addr in) { - register in_addr_t i = ntohl(in.s_addr); + in_addr_t i = ntohl(in.s_addr); if (IN_CLASSA(i)) return ((i)&IN_CLASSA_HOST); diff --git a/src/lib/libc/net/inet_makeaddr.c b/src/lib/libc/net/inet_makeaddr.c index 196a589e4c1..88ddd2850ec 100644 --- a/src/lib/libc/net/inet_makeaddr.c +++ b/src/lib/libc/net/inet_makeaddr.c @@ -1,3 +1,4 @@ +/* $OpenBSD: inet_makeaddr.c,v 1.7 2015/01/16 16:48:51 deraadt Exp $ */ /* * Copyright (c) 1983, 1993 * The Regents of the University of California. All rights reserved. @@ -10,11 +11,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -31,11 +28,6 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$OpenBSD: inet_makeaddr.c,v 1.3 1997/04/05 21:13:12 millert Exp $"; -#endif /* LIBC_SCCS and not lint */ - -#include #include #include @@ -44,8 +36,7 @@ static char rcsid[] = "$OpenBSD: inet_makeaddr.c,v 1.3 1997/04/05 21:13:12 mille * building addresses stored in the ifnet structure. */ struct in_addr -inet_makeaddr(net, host) - in_addr_t net, host; +inet_makeaddr(in_addr_t net, in_addr_t host) { in_addr_t addr; diff --git a/src/lib/libc/net/inet_net.3 b/src/lib/libc/net/inet_net.3 index 5c32aecd86b..adb7589fca4 100644 --- a/src/lib/libc/net/inet_net.3 +++ b/src/lib/libc/net/inet_net.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: inet_net.3,v 1.6 2000/04/21 15:38:17 aaron Exp $ +.\" $OpenBSD: inet_net.3,v 1.19 2018/04/28 20:29:18 schwarze Exp $ .\" $NetBSD: inet_net.3,v 1.1 1997/06/18 02:25:27 lukem Exp $ .\" .\" Copyright (c) 1997 The NetBSD Foundation, Inc. @@ -15,13 +15,6 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the NetBSD -.\" Foundation, Inc. and its contributors. -.\" 4. Neither the name of The NetBSD Foundation nor the names of its -.\" contributors may be used to endorse or promote products derived -.\" from this software without specific prior written permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS .\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED @@ -35,17 +28,18 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd June 18, 1997 -.Dt INET_NET 3 +.Dd $Mdocdate: April 28 2018 $ +.Dt INET_NET_NTOP 3 .Os .Sh NAME .Nm inet_net_ntop , .Nm inet_net_pton .Nd Internet network number manipulation routines .Sh SYNOPSIS -.Fd #include -.Fd #include -.Fd #include +.In sys/types.h +.In sys/socket.h +.In netinet/in.h +.In arpa/inet.h .Ft char * .Fn inet_net_ntop "int af" "const void *src" "int bits" "char *dst" "size_t size" .Ft int @@ -82,50 +76,85 @@ It will be set to .Er ENOENT if the Internet network number was not valid). .Pp -The only value for +Caution: +The +.Fa dst +field should be zeroed before calling +.Fn inet_net_pton +as the function will only fill the number of bytes necessary to +encode the network number in network byte order. +.Pp +The only values for .Fa af -currently supported is -.Dv AF_INET . +currently supported are +.Dv AF_INET +and +.Dv AF_INET6 . .Fa size is the size of the result buffer .Fa dst . .Sh NETWORK NUMBERS (IP VERSION 4) -Internet network numbers may be specified in one of the following forms: +The external representation of Internet network numbers may be specified in +one of the following forms: .Bd -literal -offset indent -a.b.c.d/bits -a.b.c.d -a.b.c -a.b a +a.b +a.b.c +a.b.c.d .Ed .Pp -When four parts are specified, each is interpreted -as a byte of data and assigned, from left to right, -to the four bytes of an Internet network number. -Note that when an Internet network number is viewed as a 32-bit -integer quantity on a system that uses little-endian -byte order (such as the Intel 386, 486, and Pentium processors) -the bytes referred to above appear as -.Dq Li d.c.b.a . -That is, little-endian bytes are ordered from right to left. -.Pp -When a three part number is specified, the last -part is interpreted as a 16-bit quantity and placed -in the rightmost two bytes of the Internet network number. -This makes the three part number format convenient -for specifying Class B network numbers as -.Dq Li 128.net.host . +Any of the above four forms may have +.Dq Li /bits +appended where +.Dq Li bits +is in the range +.Li 0-32 +and is used to explicitly specify the number of bits in the network address. +When +.Dq Li /bits +is not specified the number of bits in the network address is calculated +as the larger of the number of bits in the class to which the address +belongs and the number of bits provided rounded up modulo 8. +Examples: .Pp -When a two part number is supplied, the last part -is interpreted as a 24-bit quantity and placed in -the rightmost three bytes of the Internet network number. -This makes the two part number format convenient -for specifying Class A network numbers as -.Dq Li net.host . +.Bl -tag -width 10.1.2.3/24 -offset indent -compact +.It Li 10 +an 8-bit network number (class A), value +.Li 10.0.0.0 . +.It Li 192 +a 24-bit network number (class C), value +.Li 192.0.0.0 . +.It Li 10.10 +a 16-bit network number, value +.Li 10.10.0.0 . +.It Li 10.1.2 +a 24-bit network number, value +.Li 10.1.2.0 . +.It Li 10.1.2.3 +a 32-bit network number, value +.Li 10.1.2.3 . +.It Li 10.1.2.3/24 +a 24-bit network number (explicit), value +.Li 10.1.2.3 . +.El .Pp -When only one part is given, the value is stored -directly in the Internet network number without any byte -rearrangement. +Note that when the number of bits is specified using +.Dq Li /bits +notation, the value of the address still includes all bits supplied +in the external representation, even those bits which are the host +part of an Internet address. +Also, unlike +.Xr inet_pton 3 +where the external representation is assumed to be a host address, the +external representation for +.Fn inet_net_pton +is assumed to be a network address. +Thus +.Dq Li 10.1 +is assumed to be +.Dq Li 10.1.0.0 +not +.Dq Li 10.0.0.1 .Pp All numbers supplied as .Dq parts @@ -136,10 +165,30 @@ may be decimal, octal, or hexadecimal, as specified in the C language (i.e., a leading 0x or 0X implies hexadecimal; otherwise, a leading 0 implies octal; otherwise, the number is interpreted as decimal). +.Sh NETWORK NUMBERS (IP VERSION 6) +See +.Xr inet_pton 3 +for valid external representations of IP version 6 addresses. +A valid external representation may have +.Dq Li /bits +appended where +.Dq Li bits +is in the range +.Li 0-128 +and is used to explicitly specify the number of bits in the network address. +When +.Dq Li /bits +is not specified 128 is used. +Note that when the number of bits is specified using +.Dq Li /bits +notation, the value of the address still includes all bits supplied +in the external representation, even those bits which are the host +part of an Internet address. .Sh SEE ALSO .Xr byteorder 3 , -.Xr inet 3 , -.Xr networks 5 +.Xr inet_pton 3 , +.Xr inet 4 , +.Xr hosts 5 .Sh HISTORY The .Nm inet_net_ntop diff --git a/src/lib/libc/net/inet_net_ntop.c b/src/lib/libc/net/inet_net_ntop.c index 18eea6bb6d2..652b24076e6 100644 --- a/src/lib/libc/net/inet_net_ntop.c +++ b/src/lib/libc/net/inet_net_ntop.c @@ -1,6 +1,7 @@ -/* $OpenBSD: inet_net_ntop.c,v 1.3 2002/08/19 03:01:54 itojun Exp $ */ +/* $OpenBSD: inet_net_ntop.c,v 1.8 2015/05/14 11:52:43 jsg Exp $ */ /* + * Copyright (c) 2012 by Gilles Chehade * Copyright (c) 1996 by Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any @@ -17,14 +18,6 @@ * SOFTWARE. */ -#if defined(LIBC_SCCS) && !defined(lint) -#if 0 -static const char rcsid[] = "$From: inet_net_ntop.c,v 8.2 1996/08/08 06:54:44 vixie Exp $"; -#else -static const char rcsid[] = "$OpenBSD: inet_net_ntop.c,v 1.3 2002/08/19 03:01:54 itojun Exp $"; -#endif -#endif - #include #include #include @@ -36,6 +29,7 @@ static const char rcsid[] = "$OpenBSD: inet_net_ntop.c,v 1.3 2002/08/19 03:01:54 #include static char *inet_net_ntop_ipv4(const u_char *, int, char *, size_t); +static char *inet_net_ntop_ipv6(const u_char *, int, char *, size_t); /* * char * @@ -48,16 +42,13 @@ static char *inet_net_ntop_ipv4(const u_char *, int, char *, size_t); * Paul Vixie (ISC), July 1996 */ char * -inet_net_ntop(af, src, bits, dst, size) - int af; - const void *src; - int bits; - char *dst; - size_t size; +inet_net_ntop(int af, const void *src, int bits, char *dst, size_t size) { switch (af) { case AF_INET: return (inet_net_ntop_ipv4(src, bits, dst, size)); + case AF_INET6: + return (inet_net_ntop_ipv6(src, bits, dst, size)); default: errno = EAFNOSUPPORT; return (NULL); @@ -78,14 +69,9 @@ inet_net_ntop(af, src, bits, dst, size) * Paul Vixie (ISC), July 1996 */ static char * -inet_net_ntop_ipv4(src, bits, dst, size) - const u_char *src; - int bits; - char *dst; - size_t size; +inet_net_ntop_ipv4(const u_char *src, int bits, char *dst, size_t size) { char *odst = dst; - char *t; u_int m; int b; char *ep; @@ -128,8 +114,6 @@ inet_net_ntop_ipv4(src, bits, dst, size) if (ep - dst < sizeof ".255") goto emsgsize; if (dst != odst) - if (dst + 1 >= ep) - goto emsgsize; *dst++ = '.'; m = ((1 << b) - 1) << (8 - b); advance = snprintf(dst, ep - dst, "%u", *src & m); @@ -151,3 +135,26 @@ inet_net_ntop_ipv4(src, bits, dst, size) errno = EMSGSIZE; return (NULL); } + +static char * +inet_net_ntop_ipv6(const u_char *src, int bits, char *dst, size_t size) +{ + int ret; + char buf[sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:255:255:255:255/128")]; + + if (bits < 0 || bits > 128) { + errno = EINVAL; + return (NULL); + } + + if (inet_ntop(AF_INET6, src, buf, size) == NULL) + return (NULL); + + ret = snprintf(dst, size, "%s/%d", buf, bits); + if (ret == -1 || ret >= size) { + errno = EMSGSIZE; + return (NULL); + } + + return (dst); +} diff --git a/src/lib/libc/net/inet_net_pton.c b/src/lib/libc/net/inet_net_pton.c index 932531eb5d1..2aaeac4048a 100644 --- a/src/lib/libc/net/inet_net_pton.c +++ b/src/lib/libc/net/inet_net_pton.c @@ -1,7 +1,8 @@ -/* $OpenBSD: inet_net_pton.c,v 1.2 2002/02/17 19:42:23 millert Exp $ */ +/* $OpenBSD: inet_net_pton.c,v 1.10 2017/03/06 18:16:27 millert Exp $ */ /* - * Copyright (c) 1996 by Internet Software Consortium. + * Copyright (c) 2012 by Gilles Chehade + * Copyright (c) 1996,1999 by Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -17,14 +18,6 @@ * SOFTWARE. */ -#if defined(LIBC_SCCS) && !defined(lint) -#if 0 -static const char rcsid[] = "$From: inet_net_pton.c,v 8.3 1996/11/11 06:36:52 vixie Exp $"; -#else -static const char rcsid[] = "$OpenBSD: inet_net_pton.c,v 1.2 2002/02/17 19:42:23 millert Exp $"; -#endif -#endif - #include #include #include @@ -38,6 +31,7 @@ static const char rcsid[] = "$OpenBSD: inet_net_pton.c,v 1.2 2002/02/17 19:42:23 #include static int inet_net_pton_ipv4(const char *, u_char *, size_t); +static int inet_net_pton_ipv6(const char *, u_char *, size_t); /* * static int @@ -53,15 +47,13 @@ static int inet_net_pton_ipv4(const char *, u_char *, size_t); * Paul Vixie (ISC), June 1996 */ int -inet_net_pton(af, src, dst, size) - int af; - const char *src; - void *dst; - size_t size; +inet_net_pton(int af, const char *src, void *dst, size_t size) { switch (af) { case AF_INET: return (inet_net_pton_ipv4(src, dst, size)); + case AF_INET6: + return (inet_net_pton_ipv6(src, dst, size)); default: errno = EAFNOSUPPORT; return (-1); @@ -85,10 +77,7 @@ inet_net_pton(af, src, dst, size) * Paul Vixie (ISC), June 1996 */ static int -inet_net_pton_ipv4(src, dst, size) - const char *src; - u_char *dst; - size_t size; +inet_net_pton_ipv4(const char *src, u_char *dst, size_t size) { static const char xdigits[] = "0123456789abcdef", @@ -96,30 +85,36 @@ inet_net_pton_ipv4(src, dst, size) int n, ch, tmp, dirty, bits; const u_char *odst = dst; - ch = *src++; + ch = (unsigned char)*src++; if (ch == '0' && (src[0] == 'x' || src[0] == 'X') - && isascii(src[1]) && isxdigit(src[1])) { + && isascii((unsigned char)src[1]) && isxdigit((unsigned char)src[1])) { /* Hexadecimal: Eat nybble string. */ - if (size <= 0) + if (size == 0) goto emsgsize; - *dst = 0, dirty = 0; + tmp = 0, dirty = 0; src++; /* skip x or X. */ - while ((ch = *src++) != '\0' && - isascii(ch) && isxdigit(ch)) { + while ((ch = (unsigned char)*src++) != '\0' && + isascii(ch) && isxdigit(ch)) { if (isupper(ch)) ch = tolower(ch); n = strchr(xdigits, ch) - xdigits; assert(n >= 0 && n <= 15); - *dst |= n; - if (!dirty++) - *dst <<= 4; - else if (size-- > 0) - *++dst = 0, dirty = 0; + if (dirty == 0) + tmp = n; else + tmp = (tmp << 4) | n; + if (++dirty == 2) { + if (size-- == 0) + goto emsgsize; + *dst++ = (u_char) tmp; + dirty = 0; + } + } + if (dirty) { /* Odd trailing nybble? */ + if (size-- == 0) goto emsgsize; + *dst++ = (u_char) (tmp << 4); } - if (dirty) - size--; } else if (isascii(ch) && isdigit(ch)) { /* Decimal: eat dotted digit string. */ for (;;) { @@ -131,16 +126,16 @@ inet_net_pton_ipv4(src, dst, size) tmp += n; if (tmp > 255) goto enoent; - } while ((ch = *src++) != '\0' && + } while ((ch = (unsigned char)*src++) != '\0' && isascii(ch) && isdigit(ch)); - if (size-- <= 0) + if (size-- == 0) goto emsgsize; *dst++ = (u_char) tmp; if (ch == '\0' || ch == '/') break; if (ch != '.') goto enoent; - ch = *src++; + ch = (unsigned char)*src++; if (!isascii(ch) || !isdigit(ch)) goto enoent; } @@ -148,21 +143,22 @@ inet_net_pton_ipv4(src, dst, size) goto enoent; bits = -1; - if (ch == '/' && isascii(src[0]) && isdigit(src[0]) && dst > odst) { + if (ch == '/' && isascii((unsigned char)src[0]) && + isdigit((unsigned char)src[0]) && dst > odst) { /* CIDR width specifier. Nothing can follow it. */ - ch = *src++; /* Skip over the /. */ + ch = (unsigned char)*src++; /* Skip over the /. */ bits = 0; do { n = strchr(digits, ch) - digits; assert(n >= 0 && n <= 9); bits *= 10; bits += n; - } while ((ch = *src++) != '\0' && + if (bits > 32) + goto emsgsize; + } while ((ch = (unsigned char)*src++) != '\0' && isascii(ch) && isdigit(ch)); if (ch != '\0') goto enoent; - if (bits > 32) - goto emsgsize; } /* Firey death and destruction unless we prefetched EOS. */ @@ -185,12 +181,12 @@ inet_net_pton_ipv4(src, dst, size) else /* Class A */ bits = 8; /* If imputed mask is narrower than specified octets, widen. */ - if (bits >= 8 && bits < ((dst - odst) * 8)) + if (bits < ((dst - odst) * 8)) bits = (dst - odst) * 8; } /* Extend network to cover the actual mask. */ while (bits > ((dst - odst) * 8)) { - if (size-- <= 0) + if (size-- == 0) goto emsgsize; *dst++ = '\0'; } @@ -204,3 +200,38 @@ inet_net_pton_ipv4(src, dst, size) errno = EMSGSIZE; return (-1); } + + +static int +inet_net_pton_ipv6(const char *src, u_char *dst, size_t size) +{ + int ret; + int bits; + char buf[sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:255:255:255:255/128")]; + char *sep; + const char *errstr; + + if (strlcpy(buf, src, sizeof buf) >= sizeof buf) { + errno = EMSGSIZE; + return (-1); + } + + sep = strchr(buf, '/'); + if (sep != NULL) + *sep++ = '\0'; + + ret = inet_pton(AF_INET6, buf, dst); + if (ret != 1) + return (-1); + + if (sep == NULL) + return 128; + + bits = strtonum(sep, 0, 128, &errstr); + if (errstr) { + errno = EINVAL; + return (-1); + } + + return bits; +} diff --git a/src/lib/libc/net/inet_neta.c b/src/lib/libc/net/inet_neta.c index 6960bcd0b5b..e3e7d0eb715 100644 --- a/src/lib/libc/net/inet_neta.c +++ b/src/lib/libc/net/inet_neta.c @@ -1,4 +1,4 @@ -/* $OpenBSD: inet_neta.c,v 1.4 2002/08/19 03:01:54 itojun Exp $ */ +/* $OpenBSD: inet_neta.c,v 1.7 2005/08/06 20:30:03 espie Exp $ */ /* * Copyright (c) 1996 by Internet Software Consortium. @@ -17,14 +17,6 @@ * SOFTWARE. */ -#if defined(LIBC_SCCS) && !defined(lint) -#if 0 -static const char rcsid[] = "$Id: inet_neta.c,v 1.4 2002/08/19 03:01:54 itojun Exp $"; -#else -static const char rcsid[] = "$OpenBSD: inet_neta.c,v 1.4 2002/08/19 03:01:54 itojun Exp $"; -#endif -#endif - #include #include #include @@ -46,10 +38,7 @@ static const char rcsid[] = "$OpenBSD: inet_neta.c,v 1.4 2002/08/19 03:01:54 ito * Paul Vixie (ISC), July 1996 */ char * -inet_neta(src, dst, size) - in_addr_t src; - char *dst; - size_t size; +inet_neta(in_addr_t src, char *dst, size_t size) { char *odst = dst; char *ep; diff --git a/src/lib/libc/net/inet_netof.c b/src/lib/libc/net/inet_netof.c index f3b9c016974..4efceede132 100644 --- a/src/lib/libc/net/inet_netof.c +++ b/src/lib/libc/net/inet_netof.c @@ -1,3 +1,4 @@ +/* $OpenBSD: inet_netof.c,v 1.7 2015/01/16 16:48:51 deraadt Exp $ */ /* * Copyright (c) 1983, 1993 * The Regents of the University of California. All rights reserved. @@ -10,11 +11,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -31,11 +28,6 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$OpenBSD: inet_netof.c,v 1.3 1997/04/05 21:13:13 millert Exp $"; -#endif /* LIBC_SCCS and not lint */ - -#include #include #include @@ -44,10 +36,9 @@ static char rcsid[] = "$OpenBSD: inet_netof.c,v 1.3 1997/04/05 21:13:13 millert * address; handles class a/b/c network #'s. */ in_addr_t -inet_netof(in) - struct in_addr in; +inet_netof(struct in_addr in) { - register in_addr_t i = ntohl(in.s_addr); + in_addr_t i = ntohl(in.s_addr); if (IN_CLASSA(i)) return (((i)&IN_CLASSA_NET) >> IN_CLASSA_NSHIFT); diff --git a/src/lib/libc/net/inet_network.c b/src/lib/libc/net/inet_network.c index 8a9a555d62a..7b0cf50e796 100644 --- a/src/lib/libc/net/inet_network.c +++ b/src/lib/libc/net/inet_network.c @@ -1,3 +1,4 @@ +/* $OpenBSD: inet_network.c,v 1.13 2015/10/22 23:55:51 mmcc Exp $ */ /* * Copyright (c) 1983, 1993 * The Regents of the University of California. All rights reserved. @@ -10,11 +11,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -31,10 +28,6 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$OpenBSD: inet_network.c,v 1.7 1997/07/09 01:08:37 millert Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include #include #include @@ -46,13 +39,12 @@ static char rcsid[] = "$OpenBSD: inet_network.c,v 1.7 1997/07/09 01:08:37 miller * network numbers. */ in_addr_t -inet_network(cp) - register const char *cp; +inet_network(const char *cp) { - register in_addr_t val, base, n; - register char c; + in_addr_t val, base, n; + u_char c; in_addr_t parts[4], *pp = parts; - register int i; + int i; again: val = 0; base = 10; @@ -79,7 +71,7 @@ inet_network(cp) *pp++ = val, cp++; goto again; } - if (*cp && !isspace(*cp)) + if (*cp && !isspace((unsigned char)*cp)) return (INADDR_NONE); *pp++ = val; n = pp - parts; @@ -90,3 +82,4 @@ inet_network(cp) } return (val); } +DEF_WEAK(inet_network); diff --git a/src/lib/libc/net/inet_ntoa.c b/src/lib/libc/net/inet_ntoa.c index 377184f3668..ff5d93ded2e 100644 --- a/src/lib/libc/net/inet_ntoa.c +++ b/src/lib/libc/net/inet_ntoa.c @@ -1,3 +1,4 @@ +/* $OpenBSD: inet_ntoa.c,v 1.6 2005/08/06 20:30:03 espie Exp $ */ /* * Copyright (c) 1983, 1993 * The Regents of the University of California. All rights reserved. @@ -10,11 +11,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -31,10 +28,6 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$OpenBSD: inet_ntoa.c,v 1.3 2002/06/27 10:14:01 itojun Exp $"; -#endif /* LIBC_SCCS and not lint */ - /* * Convert network-format internet address * to base 256 d.d.d.d representation. @@ -45,11 +38,10 @@ static char rcsid[] = "$OpenBSD: inet_ntoa.c,v 1.3 2002/06/27 10:14:01 itojun Ex #include char * -inet_ntoa(in) - struct in_addr in; +inet_ntoa(struct in_addr in) { static char b[18]; - register char *p; + char *p; p = (char *)∈ #define UC(b) (((int)b)&0xff) diff --git a/src/lib/libc/net/inet_ntop.3 b/src/lib/libc/net/inet_ntop.3 new file mode 100644 index 00000000000..5c32aab6a99 --- /dev/null +++ b/src/lib/libc/net/inet_ntop.3 @@ -0,0 +1,212 @@ +.\" $OpenBSD: inet_ntop.3,v 1.3 2017/07/08 21:45:35 tedu Exp $ +.\" $NetBSD: inet.3,v 1.7 1997/06/18 02:25:24 lukem Exp $ +.\" +.\" Copyright (c) 1983, 1990, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)inet.3 8.1 (Berkeley) 6/4/93 +.\" +.Dd $Mdocdate: July 8 2017 $ +.Dt INET_NTOP 3 +.Os +.Sh NAME +.Nm inet_ntop , +.Nm inet_pton +.Nd convert Internet addresses between presentation and network formats +.Sh SYNOPSIS +.In arpa/inet.h +.Ft const char * +.Fn inet_ntop "int af" "const void * restrict src" "char * restrict dst" "socklen_t size" +.Ft int +.Fn inet_pton "int af" "const char * restrict src" "void * restrict dst" +.Sh DESCRIPTION +The +.Fn inet_pton +function converts a presentation format address (that is, printable form +as held in a character string) to network format (usually a +.Li struct in_addr +or some other internal binary representation, in network byte order). +It returns 1 if the address was valid for the specified address family; +0 if the address wasn't parseable in the specified address family; or \-1 +if some system error occurred (in which case +.Va errno +will have been set). +This function is presently valid for +.Dv AF_INET +and +.Dv AF_INET6 . +.Pp +The function +.Fn inet_ntop +converts an address from network format to presentation format. +It returns +.Dv NULL +if a system +error occurs (in which case, +.Va errno +will have been set), or it returns a pointer to the destination string. +.Pp +All Internet addresses are returned in network +order (bytes ordered from left to right). +.Sh INTERNET ADDRESSES (IP VERSION 4) +Values must be specified using the standard dot notation: +.Bd -literal -offset indent +a.b.c.d +.Ed +.Pp +All four parts must be decimal numbers between 0 and 255, inclusive, +and are assigned, from left to right, +to the four bytes of an Internet address. +Note that when an Internet address is viewed as a 32-bit integer +quantity on a system that uses little-endian byte order +(such as AMD64 or ARM processors) +the bytes referred to above appear as +.Dq Li d.c.b.a . +That is, little-endian bytes are ordered from right to left. +.Sh INTERNET ADDRESSES (IP VERSION 6) +In order to support scoped IPv6 addresses, +.Xr getaddrinfo 3 +and +.Xr getnameinfo 3 +are recommended rather than the functions presented here. +.Pp +The presentation format of an IPv6 address is given in RFC 4291: +.Pp +There are three conventional forms for representing IPv6 addresses as +text strings: +.Bl -enum +.It +The preferred form is x:x:x:x:x:x:x:x, where the 'x's are the +hexadecimal values of the eight 16-bit pieces of the address. +Examples: +.Bd -literal -offset indent +FEDC:BA98:7654:3210:FEDC:BA98:7654:3210 +1080:0:0:0:8:800:200C:417A +.Ed +.Pp +Note that it is not necessary to write the leading zeros in an +individual field, but there must be at least one numeral in +every field (except for the case described in 2.). +.It +Due to the method of allocating certain styles of IPv6 +addresses, it will be common for addresses to contain long +strings of zero bits. +In order to make writing addresses +containing zero bits easier, a special syntax is available to +compress the zeros. +The use of +.Dq \&:\&: +indicates multiple groups +of 16 bits of zeros. +The +.Dq \&:\&: +can only appear once in an +address. +The +.Dq \&:\&: +can also be used to compress the leading and/or trailing zeros in an address. +.Pp +For example the following addresses: +.Bd -literal -offset indent +1080:0:0:0:8:800:200C:417A a unicast address +FF01:0:0:0:0:0:0:43 a multicast address +0:0:0:0:0:0:0:1 the loopback address +0:0:0:0:0:0:0:0 the unspecified addresses +.Ed +.Pp +may be represented as: +.Bd -literal -offset indent +1080::8:800:200C:417A a unicast address +FF01::43 a multicast address +::1 the loopback address +:: the unspecified addresses +.Ed +.It +An alternative form that is sometimes more convenient when +dealing with a mixed environment of IPv4 and IPv6 nodes is +x:x:x:x:x:x:d.d.d.d, where the 'x's are the hexadecimal values +of the six high-order 16-bit pieces of the address, and the 'd's +are the decimal values of the four low-order 8-bit pieces of the +address (standard IPv4 representation). +Examples: +.Bd -literal -offset indent +0:0:0:0:0:0:13.1.68.3 +0:0:0:0:0:FFFF:129.144.52.38 +.Ed +.Pp +or in compressed form: +.Bd -literal -offset indent +::13.1.68.3 +::FFFF:129.144.52.38 +.Ed +.El +.Sh SEE ALSO +.Xr gethostbyname 3 , +.Xr inet_addr 3 , +.Xr inet_net 3 , +.Xr hosts 5 +.Sh STANDARDS +The +.Nm inet_ntop +and +.Nm inet_pton +functions conform to the IETF IPv6 BSD API and address formatting +specifications, as well as +.St -p1003.1-2008 . +.Sh HISTORY +The +.Nm inet_pton +and +.Nm inet_ntop +functions appeared in BIND 4.9.4. +.Sh CAVEATS +Note that +.Nm inet_pton +does not accept 1-, 2-, or 3-part dotted addresses; +all four parts must be specified and must be in decimal +(and not octal or hexadecimal). +This is a narrower input set than that accepted by +.Nm inet_aton . +.Pp +.Rs +.%A R. Gilligan +.%A S. Thomson +.%A J. Bound +.%A J. McCann +.%A W. Stevens +.%D February 2003 +.%R RFC 3493 +.%T Basic Socket Interface Extensions for IPv6 +.Re +.Pp +.Rs +.%A R. Hinden +.%A S. Deering +.%D February 2006 +.%R RFC 4291 +.%T IP Version 6 Addressing Architecture +.Re diff --git a/src/lib/libc/net/inet_ntop.c b/src/lib/libc/net/inet_ntop.c index adce61c1d46..2bb11c2ab29 100644 --- a/src/lib/libc/net/inet_ntop.c +++ b/src/lib/libc/net/inet_ntop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: inet_ntop.c,v 1.5 2002/08/23 16:27:31 itojun Exp $ */ +/* $OpenBSD: inet_ntop.c,v 1.13 2016/09/21 04:38:56 guenther Exp $ */ /* Copyright (c) 1996 by Internet Software Consortium. * @@ -16,15 +16,6 @@ * SOFTWARE. */ -#if defined(LIBC_SCCS) && !defined(lint) -#if 0 -static char rcsid[] = "$From: inet_ntop.c,v 8.7 1996/08/05 08:41:18 vixie Exp $"; -#else -static char rcsid[] = "$OpenBSD: inet_ntop.c,v 1.5 2002/08/23 16:27:31 itojun Exp $"; -#endif -#endif /* LIBC_SCCS and not lint */ - -#include #include #include #include @@ -42,7 +33,7 @@ static char rcsid[] = "$OpenBSD: inet_ntop.c,v 1.5 2002/08/23 16:27:31 itojun Ex static const char *inet_ntop4(const u_char *src, char *dst, size_t size); static const char *inet_ntop6(const u_char *src, char *dst, size_t size); -/* char * +/* const char * * inet_ntop(af, src, dst, size) * convert a network format address to presentation format. * return: @@ -51,11 +42,7 @@ static const char *inet_ntop6(const u_char *src, char *dst, size_t size); * Paul Vixie, 1996. */ const char * -inet_ntop(af, src, dst, size) - int af; - const void *src; - char *dst; - size_t size; +inet_ntop(int af, const void *src, char *dst, socklen_t size) { switch (af) { case AF_INET: @@ -68,6 +55,7 @@ inet_ntop(af, src, dst, size) } /* NOTREACHED */ } +DEF_WEAK(inet_ntop); /* const char * * inet_ntop4(src, dst, size) @@ -81,16 +69,13 @@ inet_ntop(af, src, dst, size) * Paul Vixie, 1996. */ static const char * -inet_ntop4(src, dst, size) - const u_char *src; - char *dst; - size_t size; +inet_ntop4(const u_char *src, char *dst, size_t size) { - static const char fmt[] = "%u.%u.%u.%u"; char tmp[sizeof "255.255.255.255"]; int l; - l = snprintf(tmp, size, fmt, src[0], src[1], src[2], src[3]); + l = snprintf(tmp, sizeof(tmp), "%u.%u.%u.%u", + src[0], src[1], src[2], src[3]); if (l <= 0 || l >= size) { errno = ENOSPC; return (NULL); @@ -106,10 +91,7 @@ inet_ntop4(src, dst, size) * Paul Vixie, 1996. */ static const char * -inet_ntop6(src, dst, size) - const u_char *src; - char *dst; - size_t size; +inet_ntop6(const u_char *src, char *dst, size_t size) { /* * Note that int32_t and int16_t need only be "at least" large enough @@ -166,39 +148,49 @@ inet_ntop6(src, dst, size) if (best.base != -1 && i >= best.base && i < (best.base + best.len)) { if (i == best.base) { - if (tp + 1 >= ep) + if (tp + 1 >= ep) { + errno = ENOSPC; return (NULL); + } *tp++ = ':'; } continue; } /* Are we following an initial run of 0x00s or any real hex? */ if (i != 0) { - if (tp + 1 >= ep) + if (tp + 1 >= ep) { + errno = ENOSPC; return (NULL); + } *tp++ = ':'; } /* Is this address an encapsulated IPv4? */ if (i == 6 && best.base == 0 && (best.len == 6 || (best.len == 5 && words[5] == 0xffff))) { - if (!inet_ntop4(src+12, tp, (size_t)(ep - tp))) + if (!inet_ntop4(src+12, tp, ep - tp)) return (NULL); tp += strlen(tp); break; } advance = snprintf(tp, ep - tp, "%x", words[i]); - if (advance <= 0 || advance >= ep - tp) + if (advance <= 0 || advance >= ep - tp) { + errno = ENOSPC; return (NULL); + } tp += advance; } /* Was it a trailing run of 0x00's? */ if (best.base != -1 && (best.base + best.len) == (IN6ADDRSZ / INT16SZ)) { - if (tp + 1 >= ep) + if (tp + 1 >= ep) { + errno = ENOSPC; return (NULL); + } *tp++ = ':'; } - if (tp + 1 >= ep) + if (tp + 1 >= ep) { + errno = ENOSPC; return (NULL); + } *tp++ = '\0'; /* diff --git a/src/lib/libc/net/inet_pton.c b/src/lib/libc/net/inet_pton.c index b04ef05c317..5d7148e8e91 100644 --- a/src/lib/libc/net/inet_pton.c +++ b/src/lib/libc/net/inet_pton.c @@ -1,4 +1,4 @@ -/* $OpenBSD: inet_pton.c,v 1.4 2002/02/16 21:27:23 millert Exp $ */ +/* $OpenBSD: inet_pton.c,v 1.10 2015/09/13 21:36:08 guenther Exp $ */ /* Copyright (c) 1996 by Internet Software Consortium. * @@ -16,15 +16,6 @@ * SOFTWARE. */ -#if defined(LIBC_SCCS) && !defined(lint) -#if 0 -static char rcsid[] = "$From: inet_pton.c,v 8.7 1996/08/05 08:31:35 vixie Exp $"; -#else -static char rcsid[] = "$OpenBSD: inet_pton.c,v 1.4 2002/02/16 21:27:23 millert Exp $"; -#endif -#endif /* LIBC_SCCS and not lint */ - -#include #include #include #include @@ -53,10 +44,7 @@ static int inet_pton6(const char *src, u_char *dst); * Paul Vixie, 1996. */ int -inet_pton(af, src, dst) - int af; - const char *src; - void *dst; +inet_pton(int af, const char *src, void *dst) { switch (af) { case AF_INET: @@ -69,6 +57,7 @@ inet_pton(af, src, dst) } /* NOTREACHED */ } +DEF_WEAK(inet_pton); /* int * inet_pton4(src, dst) @@ -81,9 +70,7 @@ inet_pton(af, src, dst) * Paul Vixie, 1996. */ static int -inet_pton4(src, dst) - const char *src; - u_char *dst; +inet_pton4(const char *src, u_char *dst) { static const char digits[] = "0123456789"; int saw_digit, octets, ch; @@ -127,23 +114,20 @@ inet_pton4(src, dst) * return: * 1 if `src' is a valid [RFC1884 2.2] address, else 0. * notice: - * (1) does not touch `dst' unless it's returning 1. - * (2) :: in a full address is silently ignored. + * does not touch `dst' unless it's returning 1. * credit: * inspired by Mark Andrews. * author: * Paul Vixie, 1996. */ static int -inet_pton6(src, dst) - const char *src; - u_char *dst; +inet_pton6(const char *src, u_char *dst) { static const char xdigits_l[] = "0123456789abcdef", xdigits_u[] = "0123456789ABCDEF"; u_char tmp[IN6ADDRSZ], *tp, *endp, *colonp; const char *xdigits, *curtok; - int ch, saw_xdigit; + int ch, saw_xdigit, count_xdigit; u_int val; memset((tp = tmp), '\0', IN6ADDRSZ); @@ -154,7 +138,7 @@ inet_pton6(src, dst) if (*++src != ':') return (0); curtok = src; - saw_xdigit = 0; + saw_xdigit = count_xdigit = 0; val = 0; while ((ch = *src++) != '\0') { const char *pch; @@ -162,11 +146,14 @@ inet_pton6(src, dst) if ((pch = strchr((xdigits = xdigits_l), ch)) == NULL) pch = strchr((xdigits = xdigits_u), ch); if (pch != NULL) { + if (count_xdigit >= 4) + return (0); val <<= 4; val |= (pch - xdigits); if (val > 0xffff) return (0); saw_xdigit = 1; + count_xdigit++; continue; } if (ch == ':') { @@ -184,6 +171,7 @@ inet_pton6(src, dst) *tp++ = (u_char) (val >> 8) & 0xff; *tp++ = (u_char) val & 0xff; saw_xdigit = 0; + count_xdigit = 0; val = 0; continue; } @@ -191,6 +179,7 @@ inet_pton6(src, dst) inet_pton4(curtok, tp) > 0) { tp += INADDRSZ; saw_xdigit = 0; + count_xdigit = 0; break; /* '\0' was seen by inet_pton4(). */ } return (0); @@ -209,6 +198,8 @@ inet_pton6(src, dst) const int n = tp - colonp; int i; + if (tp == endp) + return (0); for (i = 1; i <= n; i++) { endp[- i] = colonp[n - i]; colonp[n - i] = 0; diff --git a/src/lib/libc/net/ip6opt.c b/src/lib/libc/net/ip6opt.c index cbd49f0c22c..d6406c3aedd 100644 --- a/src/lib/libc/net/ip6opt.c +++ b/src/lib/libc/net/ip6opt.c @@ -1,4 +1,5 @@ -/* $OpenBSD: ip6opt.c,v 1.1 1999/12/11 08:09:11 itojun Exp $ */ +/* $OpenBSD: ip6opt.c,v 1.9 2017/04/27 23:52:35 millert Exp $ */ +/* $KAME: ip6opt.c,v 1.18 2005/06/15 07:11:35 keiichi Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -29,7 +30,6 @@ * SUCH DAMAGE. */ -#include #include #include @@ -40,349 +40,246 @@ #include static int ip6optlen(u_int8_t *opt, u_int8_t *lim); -static void inet6_insert_padopt(u_char *p, int len); /* - * This function returns the number of bytes required to hold an option - * when it is stored as ancillary data, including the cmsghdr structure - * at the beginning, and any padding at the end (to make its size a - * multiple of 8 bytes). The argument is the size of the structure - * defining the option, which must include any pad bytes at the - * beginning (the value y in the alignment term "xn + y"), the type - * byte, the length byte, and the option data. + * Calculate the length of a given IPv6 option. Also checks + * if the option is safely stored in user's buffer according to the + * calculated length and the limitation of the buffer. */ -int -inet6_option_space(nbytes) - int nbytes; +static int +ip6optlen(u_int8_t *opt, u_int8_t *lim) { - nbytes += 2; /* we need space for nxt-hdr and length fields */ - return(CMSG_SPACE((nbytes + 7) & ~7)); + int optlen; + + if (*opt == IP6OPT_PAD1) + optlen = 1; + else { + /* is there enough space to store type and len? */ + if (opt + 2 > lim) + return (0); + optlen = *(opt + 1) + 2; + } + if (opt + optlen <= lim) + return (optlen); + + return (0); } /* - * This function is called once per ancillary data object that will - * contain either Hop-by-Hop or Destination options. It returns 0 on - * success or -1 on an error. + * The following functions are defined in RFC3542, which is a successor + * of RFC2292. */ + int -inet6_option_init(bp, cmsgp, type) - void *bp; - struct cmsghdr **cmsgp; - int type; +inet6_opt_init(void *extbuf, socklen_t extlen) { - register struct cmsghdr *ch = (struct cmsghdr *)bp; - - /* argument validation */ - if (type != IPV6_HOPOPTS && type != IPV6_DSTOPTS) - return(-1); - - ch->cmsg_level = IPPROTO_IPV6; - ch->cmsg_type = type; - ch->cmsg_len = CMSG_LEN(0); - - *cmsgp = ch; - return(0); + struct ip6_ext *ext = (struct ip6_ext *)extbuf; + + if (ext) { + if (extlen <= 0 || (extlen % 8)) + return (-1); + ext->ip6e_len = (extlen >> 3) - 1; + } + + return (2); /* sizeof the next and the length fields */ } -/* - * This function appends a Hop-by-Hop option or a Destination option - * into an ancillary data object that has been initialized by - * inet6_option_init(). This function returns 0 if it succeeds or -1 on - * an error. - * multx is the value x in the alignment term "xn + y" described - * earlier. It must have a value of 1, 2, 4, or 8. - * plusy is the value y in the alignment term "xn + y" described - * earlier. It must have a value between 0 and 7, inclusive. - */ int -inet6_option_append(cmsg, typep, multx, plusy) - struct cmsghdr *cmsg; - const u_int8_t *typep; - int multx; - int plusy; +inet6_opt_append(void *extbuf, socklen_t extlen, int offset, u_int8_t type, + socklen_t len, u_int8_t align, void **databufp) { - int padlen, optlen, off; - register u_char *bp = (u_char *)cmsg + cmsg->cmsg_len; - struct ip6_ext *eh = (struct ip6_ext *)CMSG_DATA(cmsg); - - /* argument validation */ - if (multx != 1 && multx != 2 && multx != 4 && multx != 8) - return(-1); - if (plusy < 0 || plusy > 7) - return(-1); - if (typep[0] > 255) - return(-1); + int currentlen = offset, padlen = 0; + + /* + * The option type must have a value from 2 to 255, inclusive. + * (0 and 1 are reserved for the Pad1 and PadN options, respectively.) + */ +#if 0 /* always false */ + if (type < 2 || type > 255) +#else + if (type < 2) +#endif + return (-1); + + /* + * The option data length must have a value between 0 and 255, + * inclusive, and is the length of the option data that follows. + */ + if (len > 255) + return (-1); /* - * If this is the first option, allocate space for the - * first 2 bytes(for next header and length fields) of - * the option header. + * The align parameter must have a value of 1, 2, 4, or 8. + * The align value can not exceed the value of len. */ - if (bp == (u_char *)eh) { - bp += 2; - cmsg->cmsg_len += 2; + if (align != 1 && align != 2 && align != 4 && align != 8) + return (-1); + if (align > len) + return (-1); + + /* Calculate the padding length. */ + currentlen += 2 + len; /* 2 means "type + len" */ + if (currentlen % align) + padlen = align - (currentlen % align); + + /* The option must fit in the extension header buffer. */ + currentlen += padlen; + if (extlen && /* XXX: right? */ + currentlen > extlen) + return (-1); + + if (extbuf) { + u_int8_t *optp = (u_int8_t *)extbuf + offset; + + if (padlen == 1) { + /* insert a Pad1 option */ + *optp = IP6OPT_PAD1; + optp++; + } else if (padlen > 0) { + /* insert a PadN option for alignment */ + *optp++ = IP6OPT_PADN; + *optp++ = padlen - 2; + memset(optp, 0, padlen - 2); + optp += (padlen - 2); + } + + *optp++ = type; + *optp++ = len; + + *databufp = optp; } - /* calculate pad length before the option. */ - off = bp - (u_char *)eh; - padlen = (((off % multx) + (multx - 1)) & ~(multx - 1)) - - (off % multx); - padlen += plusy; - padlen %= multx; /* keep the pad as short as possible */ - /* insert padding */ - inet6_insert_padopt(bp, padlen); - cmsg->cmsg_len += padlen; - bp += padlen; - - /* copy the option */ - if (typep[0] == IP6OPT_PAD1) - optlen = 1; - else - optlen = typep[1] + 2; - memcpy(bp, typep, optlen); - bp += optlen; - cmsg->cmsg_len += optlen; - - /* calculate pad length after the option and insert the padding */ - off = bp - (u_char *)eh; - padlen = ((off + 7) & ~7) - off; - inet6_insert_padopt(bp, padlen); - bp += padlen; - cmsg->cmsg_len += padlen; - - /* update the length field of the ip6 option header */ - eh->ip6e_len = ((bp - (u_char *)eh) >> 3) - 1; - - return(0); + return (currentlen); } -/* - * This function appends a Hop-by-Hop option or a Destination option - * into an ancillary data object that has been initialized by - * inet6_option_init(). This function returns a pointer to the 8-bit - * option type field that starts the option on success, or NULL on an - * error. - * The difference between this function and inet6_option_append() is - * that the latter copies the contents of a previously built option into - * the ancillary data object while the current function returns a - * pointer to the space in the data object where the option's TLV must - * then be built by the caller. - * - */ -u_int8_t * -inet6_option_alloc(cmsg, datalen, multx, plusy) - struct cmsghdr *cmsg; - int datalen; - int multx; - int plusy; +int +inet6_opt_finish(void *extbuf, socklen_t extlen, int offset) { - int padlen, off; - register u_int8_t *bp = (u_char *)cmsg + cmsg->cmsg_len; - u_int8_t *retval; - struct ip6_ext *eh = (struct ip6_ext *)CMSG_DATA(cmsg); + int updatelen = offset > 0 ? (1 + ((offset - 1) | 7)) : 0;; + + if (extbuf) { + u_int8_t *padp; + int padlen = updatelen - offset; + + if (updatelen > extlen) + return (-1); + + padp = (u_int8_t *)extbuf + offset; + if (padlen == 1) + *padp = IP6OPT_PAD1; + else if (padlen > 0) { + *padp++ = IP6OPT_PADN; + *padp++ = (padlen - 2); + memset(padp, 0, padlen - 2); + } + } - /* argument validation */ - if (multx != 1 && multx != 2 && multx != 4 && multx != 8) - return(NULL); - if (plusy < 0 || plusy > 7) - return(NULL); + return (updatelen); +} - /* - * If this is the first option, allocate space for the - * first 2 bytes(for next header and length fields) of - * the option header. - */ - if (bp == (u_char *)eh) { - bp += 2; - cmsg->cmsg_len += 2; - } +int +inet6_opt_set_val(void *databuf, int offset, void *val, socklen_t vallen) +{ - /* calculate pad length before the option. */ - off = bp - (u_char *)eh; - padlen = (((off % multx) + (multx - 1)) & ~(multx - 1)) - - (off % multx); - padlen += plusy; - padlen %= multx; /* keep the pad as short as possible */ - /* insert padding */ - inet6_insert_padopt(bp, padlen); - cmsg->cmsg_len += padlen; - bp += padlen; - - /* keep space to store specified length of data */ - retval = bp; - bp += datalen; - cmsg->cmsg_len += datalen; - - /* calculate pad length after the option and insert the padding */ - off = bp - (u_char *)eh; - padlen = ((off + 7) & ~7) - off; - inet6_insert_padopt(bp, padlen); - bp += padlen; - cmsg->cmsg_len += padlen; - - /* update the length field of the ip6 option header */ - eh->ip6e_len = ((bp - (u_char *)eh) >> 3) - 1; - - return(retval); + memcpy((u_int8_t *)databuf + offset, val, vallen); + return (offset + vallen); } -/* - * This function processes the next Hop-by-Hop option or Destination - * option in an ancillary data object. If another option remains to be - * processed, the return value of the function is 0 and *tptrp points to - * the 8-bit option type field (which is followed by the 8-bit option - * data length, followed by the option data). If no more options remain - * to be processed, the return value is -1 and *tptrp is NULL. If an - * error occurs, the return value is -1 and *tptrp is not NULL. - * (RFC 2292, 6.3.5) - */ int -inet6_option_next(cmsg, tptrp) - const struct cmsghdr *cmsg; - u_int8_t **tptrp; +inet6_opt_next(void *extbuf, socklen_t extlen, int offset, u_int8_t *typep, + socklen_t *lenp, void **databufp) { - struct ip6_ext *ip6e; - int hdrlen, optlen; - u_int8_t *lim; - - if (cmsg->cmsg_level != IPPROTO_IPV6 || - (cmsg->cmsg_type != IPV6_HOPOPTS && - cmsg->cmsg_type != IPV6_DSTOPTS)) - return(-1); - - /* message length validation */ - if (cmsg->cmsg_len < CMSG_SPACE(sizeof(struct ip6_ext))) - return(-1); - ip6e = (struct ip6_ext *)CMSG_DATA(cmsg); - hdrlen = (ip6e->ip6e_len + 1) << 3; - if (cmsg->cmsg_len < CMSG_SPACE(hdrlen)) - return(-1); + u_int8_t *optp, *lim; + int optlen; - /* - * If the caller does not specify the starting point, - * simply return the 1st option. - * Otherwise, search the option list for the next option. - */ - lim = (u_int8_t *)ip6e + hdrlen; - if (*tptrp == NULL) - *tptrp = (u_int8_t *)(ip6e + 1); - else { - if ((optlen = ip6optlen(*tptrp, lim)) == 0) - return(-1); + /* Validate extlen. XXX: is the variable really necessary?? */ + if (extlen == 0 || (extlen % 8)) + return (-1); + lim = (u_int8_t *)extbuf + extlen; - *tptrp = *tptrp + optlen; - } - if (*tptrp >= lim) { /* there is no option */ - *tptrp = NULL; - return(-1); - } /* - * Finally, checks if the next option is safely stored in the - * cmsg data. + * If this is the first time this function called for this options + * header, simply return the 1st option. + * Otherwise, search the option list for the next option. */ - if (ip6optlen(*tptrp, lim) == 0) - return(-1); + if (offset == 0) + optp = (u_int8_t *)((struct ip6_hbh *)extbuf + 1); else - return(0); + optp = (u_int8_t *)extbuf + offset; + + /* Find the next option skipping any padding options. */ + while (optp < lim) { + switch(*optp) { + case IP6OPT_PAD1: + optp++; + break; + case IP6OPT_PADN: + if ((optlen = ip6optlen(optp, lim)) == 0) + goto optend; + optp += optlen; + break; + default: /* found */ + if ((optlen = ip6optlen(optp, lim)) == 0) + goto optend; + *typep = *optp; + *lenp = optlen - 2; + *databufp = optp + 2; + return (optp + optlen - (u_int8_t *)extbuf); + } + } + + optend: + *databufp = NULL; /* for safety */ + return (-1); } -/* - * This function is similar to the inet6_option_next() function, - * except this function lets the caller specify the option type to be - * searched for, instead of always returning the next option in the - * ancillary data object. - * Note: RFC 2292 says the type of tptrp is u_int8_t *, but we think - * it's a typo. The variable should be type of u_int8_t **. - */ int -inet6_option_find(cmsg, tptrp, type) - const struct cmsghdr *cmsg; - u_int8_t **tptrp; - int type; +inet6_opt_find(void *extbuf, socklen_t extlen, int offset, u_int8_t type, + socklen_t *lenp, void **databufp) { - struct ip6_ext *ip6e; - int hdrlen, optlen; u_int8_t *optp, *lim; + int optlen; - if (cmsg->cmsg_level != IPPROTO_IPV6 || - (cmsg->cmsg_type != IPV6_HOPOPTS && - cmsg->cmsg_type != IPV6_DSTOPTS)) - return(-1); - - /* message length validation */ - if (cmsg->cmsg_len < CMSG_SPACE(sizeof(struct ip6_ext))) - return(-1); - ip6e = (struct ip6_ext *)CMSG_DATA(cmsg); - hdrlen = (ip6e->ip6e_len + 1) << 3; - if (cmsg->cmsg_len < CMSG_SPACE(hdrlen)) - return(-1); + /* Validate extlen. XXX: is the variable really necessary?? */ + if (extlen == 0 || (extlen % 8)) + return (-1); + lim = (u_int8_t *)extbuf + extlen; /* - * If the caller does not specify the starting point, - * search from the beginning of the option list. - * Otherwise, search from *the next option* of the specified point. + * If this is the first time this function called for this options + * header, simply return the 1st option. + * Otherwise, search the option list for the next option. */ - lim = (u_int8_t *)ip6e + hdrlen; - if (*tptrp == NULL) - *tptrp = (u_int8_t *)(ip6e + 1); - else { - if ((optlen = ip6optlen(*tptrp, lim)) == 0) - return(-1); + if (offset == 0) + optp = (u_int8_t *)((struct ip6_hbh *)extbuf + 1); + else + optp = (u_int8_t *)extbuf + offset; - *tptrp = *tptrp + optlen; - } - for (optp = *tptrp; optp < lim; optp += optlen) { - if (*optp == type) { - *tptrp = optp; - return(0); - } + /* Find the specified option */ + while (optp < lim) { if ((optlen = ip6optlen(optp, lim)) == 0) - return(-1); - } + goto optend; - /* search failed */ - *tptrp = NULL; - return(-1); -} - -/* - * Calculate the length of a given IPv6 option. Also checks - * if the option is safely stored in user's buffer according to the - * calculated length and the limitation of the buffer. - */ -static int -ip6optlen(opt, lim) - u_int8_t *opt, *lim; -{ - int optlen; + if (*optp == type) { /* found */ + *lenp = optlen - 2; + *databufp = optp + 2; + return (optp + optlen - (u_int8_t *)extbuf); + } - if (*opt == IP6OPT_PAD1) - optlen = 1; - else { - /* is there enough space to store type and len? */ - if (opt + 2 > lim) - return(0); - optlen = *(opt + 1) + 2; + optp += optlen; } - if (opt + optlen <= lim) - return(optlen); - return(0); + optend: + *databufp = NULL; /* for safety */ + return (-1); } -static void -inet6_insert_padopt(u_char *p, int len) +int +inet6_opt_get_val(void *databuf, int offset, void *val, socklen_t vallen) { - switch(len) { - case 0: - return; - case 1: - p[0] = IP6OPT_PAD1; - return; - default: - p[0] = IP6OPT_PADN; - p[1] = len - 2; - memset(&p[2], 0, len - 2); - return; - } + + /* we can't assume alignment here */ + memcpy(val, (u_int8_t *)databuf + offset, vallen); + + return (offset + vallen); } diff --git a/src/lib/libc/net/ipx.3 b/src/lib/libc/net/ipx.3 deleted file mode 100644 index 21c57a355d0..00000000000 --- a/src/lib/libc/net/ipx.3 +++ /dev/null @@ -1,127 +0,0 @@ -.\" $OpenBSD: ipx.3,v 1.8 2001/08/02 20:37:35 hugh Exp $ -.\" -.\" Copyright (c) 1986, 1991, 1993 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.Dd June 4, 1993 -.Dt IPX 3 -.Os -.Sh NAME -.Nm ipx_addr , -.Nm ipx_ntoa -.Nd IPX address conversion routines -.Sh SYNOPSIS -.Fd #include -.Fd #include -.Ft struct ipx_addr -.Fn ipx_addr "const char *cp" -.Ft char * -.Fn ipx_ntoa "struct ipx_addr ipx" -.Sh DESCRIPTION -The routine -.Fn ipx_addr -interprets character strings representing -.Tn IPX -addresses, returning binary information suitable -for use in system calls. -The routine -.Fn ipx_ntoa -takes -.Tn IPX -addresses and returns -.Tn ASCII -strings representing the address in a -notation in common use: -.Bd -filled -offset indent -.. -.Ed -.Pp -Trailing zero fields are suppressed, and each number is printed in hexadecimal, -in a format suitable for input to -.Fn ipx_addr . -Any fields lacking super-decimal digits will have a -trailing -.Sq H -appended. -.Pp -An effort has been made to ensure that -.Fn ipx_addr -be compatible with most formats in common use. -It will first separate an address into 1 to 3 fields using a single delimiter -chosen from -period -.Pq Ql \&. , -colon -.Pq Ql \&: , -or pound-sign -.Pq Ql # . -Each field is then examined for byte separators (colon or period). -If there are byte separators, each subfield separated is taken to be -a small hexadecimal number, and the entirety is taken as a network-byte-ordered -quantity to be zero extended in the high-network-order bytes. -Next, the field is inspected for hyphens, in which case -the field is assumed to be a number in decimal notation -with hyphens separating the millenia. -Next, the field is assumed to be a number: -It is interpreted -as hexadecimal if there is a leading -.Ql 0x -(as in C), -a trailing -.Sq H -(as in Mesa), or there are any super-decimal digits present. -It is interpreted as octal is there is a leading -.Ql 0 -and there are no super-octal digits. -Otherwise, it is converted as a decimal number. -.Sh RETURN VALUES -None. -(See -.Sx BUGS . ) -.Sh SEE ALSO -.Xr ns 4 , -.Xr hosts 5 , -.Xr networks 5 -.Sh HISTORY -The precursor -.Fn ns_addr -and -.Fn ns_ntoa -functions appeared in -.Bx 4.3 . -.Sh BUGS -The string returned by -.Fn ipx_ntoa -resides in a static memory area. -The function -.Fn ipx_addr -should diagnose improperly formed input, and there should be an unambiguous -way to recognize this. diff --git a/src/lib/libc/net/ipx_addr.c b/src/lib/libc/net/ipx_addr.c deleted file mode 100644 index 0d225e281b2..00000000000 --- a/src/lib/libc/net/ipx_addr.c +++ /dev/null @@ -1,228 +0,0 @@ -/* - * Copyright (c) 1986, 1993 - * The Regents of the University of California. All rights reserved. - * - * This code is derived from software contributed to Berkeley by - * J.Q. Johnson. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * from @(#)ipx_addr.c - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$OpenBSD: ipx_addr.c,v 1.5 2001/06/27 00:58:55 lebel Exp $"; -#endif /* LIBC_SCCS and not lint */ - -#include -#include -#include -#include - -static struct ipx_addr addr, zero_addr; - -static void Field(), cvtbase(); - -struct ipx_addr -ipx_addr(name) - const char *name; -{ - char separator; - char *hostname, *socketname, *cp; - char buf[50]; - - strlcpy(buf, name, sizeof(buf)); - - /* - * First, figure out what he intends as a field separtor. - * Despite the way this routine is written, the prefered - * form 2-272.AA001234H.01777, i.e. XDE standard. - * Great efforts are made to insure backward compatibility. - */ - if ((hostname = strchr(buf, '#'))) - separator = '#'; - else { - hostname = strchr(buf, '.'); - if ((cp = strchr(buf, ':')) && - ((hostname && cp < hostname) || (hostname == 0))) { - hostname = cp; - separator = ':'; - } else - separator = '.'; - } - if (hostname) - *hostname++ = 0; - - addr = zero_addr; - Field(buf, addr.ipx_net.c_net, 4); - if (hostname == 0) - return (addr); /* No separator means net only */ - - socketname = strchr(hostname, separator); - if (socketname) { - *socketname++ = 0; - Field(socketname, (u_char *)&addr.ipx_port, 2); - } - - Field(hostname, addr.ipx_host.c_host, 6); - - return (addr); -} - -static void -Field(buf, out, len) - char *buf; - u_char *out; - int len; -{ - register char *bp = buf; - int i, ibase, base16 = 0, base10 = 0, clen = 0; - int hb[6], *hp; - char *fmt; - - /* - * first try 2-273#2-852-151-014#socket - */ - if ((*buf != '-') && - (1 < (i = sscanf(buf, "%d-%d-%d-%d-%d", - &hb[0], &hb[1], &hb[2], &hb[3], &hb[4])))) { - cvtbase(1000L, 256, hb, i, out, len); - return; - } - /* - * try form 8E1#0.0.AA.0.5E.E6#socket - */ - if (1 < (i = sscanf(buf,"%x.%x.%x.%x.%x.%x", - &hb[0], &hb[1], &hb[2], &hb[3], &hb[4], &hb[5]))) { - cvtbase(256L, 256, hb, i, out, len); - return; - } - /* - * try form 8E1#0:0:AA:0:5E:E6#socket - */ - if (1 < (i = sscanf(buf,"%x:%x:%x:%x:%x:%x", - &hb[0], &hb[1], &hb[2], &hb[3], &hb[4], &hb[5]))) { - cvtbase(256L, 256, hb, i, out, len); - return; - } - /* - * This is REALLY stretching it but there was a - * comma notation separting shorts -- definitely non standard - */ - if (1 < (i = sscanf(buf,"%x,%x,%x", - &hb[0], &hb[1], &hb[2]))) { - hb[0] = htons(hb[0]); hb[1] = htons(hb[1]); - hb[2] = htons(hb[2]); - cvtbase(65536L, 256, hb, i, out, len); - return; - } - - /* Need to decide if base 10, 16 or 8 */ - while (*bp) switch (*bp++) { - - case '0': case '1': case '2': case '3': case '4': case '5': - case '6': case '7': case '-': - break; - - case '8': case '9': - base10 = 1; - break; - - case 'a': case 'b': case 'c': case 'd': case 'e': case 'f': - case 'A': case 'B': case 'C': case 'D': case 'E': case 'F': - base16 = 1; - break; - - case 'x': case 'X': - *--bp = '0'; - base16 = 1; - break; - - case 'h': case 'H': - base16 = 1; - /* fall into */ - - default: - *--bp = 0; /* Ends Loop */ - } - if (base16) { - fmt = "%3x"; - ibase = 4096; - } else if (base10 == 0 && *buf == '0') { - fmt = "%3o"; - ibase = 512; - } else { - fmt = "%3d"; - ibase = 1000; - } - - for (bp = buf; *bp++; ) clen++; - if (clen == 0) clen++; - if (clen > 18) clen = 18; - i = ((clen - 1) / 3) + 1; - bp = clen + buf - 3; - hp = hb + i - 1; - - while (hp > hb) { - (void)sscanf(bp, fmt, hp); - bp[0] = 0; - hp--; - bp -= 3; - } - (void)sscanf(buf, fmt, hp); - cvtbase((long)ibase, 256, hb, i, out, len); -} - -static void -cvtbase(oldbase,newbase,input,inlen,result,reslen) - long oldbase; - int newbase; - int input[]; - int inlen; - unsigned char result[]; - int reslen; -{ - int d, e; - long sum; - - e = 1; - while (e > 0 && reslen > 0) { - d = 0; e = 0; sum = 0; - /* long division: input=input/newbase */ - while (d < inlen) { - sum = sum*oldbase + (long) input[d]; - e += (sum > 0); - input[d++] = sum / newbase; - sum %= newbase; - } - result[--reslen] = sum; /* accumulate remainder */ - } - for (d=0; d < reslen; d++) - result[d] = 0; -} diff --git a/src/lib/libc/net/ipx_ntoa.c b/src/lib/libc/net/ipx_ntoa.c deleted file mode 100644 index 598c94d5995..00000000000 --- a/src/lib/libc/net/ipx_ntoa.c +++ /dev/null @@ -1,58 +0,0 @@ -/* - * Copyright (c) 1986, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$OpenBSD: ipx_ntoa.c,v 1.3 2002/05/24 21:22:37 deraadt Exp $"; -#endif /* LIBC_SCCS and not lint */ - -#include -#include -#include - -char * -ipx_ntoa(addr) - struct ipx_addr addr; -{ - static char obuf[] = "xxxx.xx:xx:xx:xx:xx:xx.uuuuu"; - - snprintf(obuf, sizeof obuf, "%8xH.%02x:%02x:%02x:%02x:%02x:%02x.%u", - ntohl(addr.ipx_net.l_net), - addr.ipx_host.c_host[0], - addr.ipx_host.c_host[1], - addr.ipx_host.c_host[2], - addr.ipx_host.c_host[3], - addr.ipx_host.c_host[4], - addr.ipx_host.c_host[5], - ntohs(addr.ipx_port)); - return (obuf); -} diff --git a/src/lib/libc/net/iso_addr.3 b/src/lib/libc/net/iso_addr.3 deleted file mode 100644 index 8655a63973d..00000000000 --- a/src/lib/libc/net/iso_addr.3 +++ /dev/null @@ -1,111 +0,0 @@ -.\" $OpenBSD: iso_addr.3,v 1.4 1999/07/05 06:08:05 aaron Exp $ -.\" -.\" Copyright (c) 1993 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.Dd June 4, 1993 -.Dt ISO_ADDR 3 -.Os -.Sh NAME -.Nm iso_addr , -.Nm iso_ntoa -.Nd "network address conversion routines for Open System Interconnection" -.Sh SYNOPSIS -.Fd #include -.Fd #include -.Ft struct iso_addr * -.Fn iso_addr "char *cp" -.Ft char * -.Fn iso_ntoa "struct iso_addr *isoa" -.Sh DESCRIPTION -The routine -.Fn iso_addr -interprets character strings representing -.Tn OSI -addresses, returning binary information suitable -for use in system calls. -The routine -.Fn iso_ntoa -takes -.Tn OSI -addresses and returns -.Tn ASCII -strings representing NSAPs (network service -access points) in a -notation inverse to that accepted by -.Fn iso_addr . -.Pp -Unfortunately, no universal standard exists for representing -.Tn OSI -network addresses. -.Pp -The format employed by -.Fn iso_addr -is a sequence of hexadecimal -.Dq digits -(optionally separated by periods), -of the form: -.Bd -filled -offset indent -.. -.Ed -.Pp -Each pair of hexadecimal digits represents a byte -with the leading digit indicating the higher-ordered bits. -A period following an even number of bytes has no -effect (but may be used to increase legibility). -A period following an odd number of bytes has the -effect of causing the byte of address being translated -to have its higher order bits filled with zeros. -.Sh RETURN VALUES -.Fn iso_ntoa -always returns a null terminated string. -.Fn iso_addr -always returns a pointer to a -.Li struct iso_addr . -(See -.Sx BUGS . ) -.Sh SEE ALSO -.Xr iso 4 -.Sh HISTORY -The -.Fn iso_addr -and -.Fn iso_ntoa -functions appeared in -.Bx 4.3 Reno . -.Sh BUGS -The returned values -reside in a static memory area. -.Pp -The function -.Fn iso_addr -should diagnose improperly formed input, and there should be an unambiguous -way to recognize this. diff --git a/src/lib/libc/net/iso_addr.c b/src/lib/libc/net/iso_addr.c deleted file mode 100644 index 01561e395b0..00000000000 --- a/src/lib/libc/net/iso_addr.c +++ /dev/null @@ -1,119 +0,0 @@ -/* - * Copyright (c) 1989, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$OpenBSD: iso_addr.c,v 1.2 1996/08/19 08:29:23 tholo Exp $"; -#endif /* LIBC_SCCS and not lint */ - -#include -#include -#include - -/* States*/ -#define VIRGIN 0 -#define GOTONE 1 -#define GOTTWO 2 -/* Inputs */ -#define DIGIT (4*0) -#define END (4*1) -#define DELIM (4*2) - -struct iso_addr * -iso_addr(addr) - register const char *addr; -{ - static struct iso_addr out_addr; - register char *cp = out_addr.isoa_genaddr; - char *cplim = cp + sizeof(out_addr.isoa_genaddr); - register int byte = 0, state = VIRGIN, new; - - bzero((char *)&out_addr, sizeof(out_addr)); - do { - if ((*addr >= '0') && (*addr <= '9')) { - new = *addr - '0'; - } else if ((*addr >= 'a') && (*addr <= 'f')) { - new = *addr - 'a' + 10; - } else if ((*addr >= 'A') && (*addr <= 'F')) { - new = *addr - 'A' + 10; - } else if (*addr == 0) - state |= END; - else - state |= DELIM; - addr++; - switch (state /* | INPUT */) { - case GOTTWO | DIGIT: - *cp++ = byte; /*FALLTHROUGH*/ - case VIRGIN | DIGIT: - state = GOTONE; byte = new; continue; - case GOTONE | DIGIT: - state = GOTTWO; byte = new + (byte << 4); continue; - default: /* | DELIM */ - state = VIRGIN; *cp++ = byte; byte = 0; continue; - case GOTONE | END: - case GOTTWO | END: - *cp++ = byte; /* FALLTHROUGH */ - case VIRGIN | END: - break; - } - break; - } while (cp < cplim); - out_addr.isoa_len = cp - out_addr.isoa_genaddr; - return (&out_addr); -} -static char hexlist[] = "0123456789abcdef"; - -char * -iso_ntoa(isoa) - const struct iso_addr *isoa; -{ - static char obuf[64]; - register char *out = obuf; - register int i; - register u_char *in = (u_char *)isoa->isoa_genaddr; - u_char *inlim = in + isoa->isoa_len; - - out[1] = 0; - while (in < inlim) { - i = *in++; - *out++ = '.'; - if (i > 0xf) { - out[1] = hexlist[i & 0xf]; - i >>= 4; - out[0] = hexlist[i]; - out += 2; - } else - *out++ = hexlist[i]; - } - *out = 0; - return(obuf + 1); -} diff --git a/src/lib/libc/net/link_addr.3 b/src/lib/libc/net/link_addr.3 deleted file mode 100644 index 29c2449f77e..00000000000 --- a/src/lib/libc/net/link_addr.3 +++ /dev/null @@ -1,131 +0,0 @@ -.\" $OpenBSD: link_addr.3,v 1.7 2000/04/18 03:01:32 aaron Exp $ -.\" -.\" Copyright (c) 1993 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" This code is derived from software contributed to Berkeley by -.\" Donn Seeley at BSDI. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.Dd July 28, 1993 -.Dt LINK_ADDR 3 -.Os -.Sh NAME -.Nm link_addr , -.Nm link_ntoa -.Nd elementary address specification routines for link level access -.Sh SYNOPSIS -.Fd #include -.Fd #include -.Fd #include -.Ft void -.Fn link_addr "const char *addr" "struct sockaddr_dl *sdl" -.Ft char * -.Fn link_ntoa "const struct sockaddr_dl *sdl" -.Sh DESCRIPTION -The -.Fn link_addr -function interprets character strings representing -link-level addresses, returning binary information suitable -for use in system calls. -.Fn link_ntoa -takes -a link-level -address and returns an -.Tn ASCII -string representing some of the information present, -including the link level address itself, and the interface name -or number, if present. -This facility is experimental and is -still subject to change. -.Pp -For -.Fn link_addr , -the string -.Fa addr -may contain -an optional network interface identifier of the form -.Dq name unit-number , -suitable for the first argument to -.Xr ifconfig 8 , -followed in all cases by a colon and -an interface address in the form of -groups of hexadecimal digits -separated by periods. -Each group represents a byte of address; -address bytes are filled left to right from -low order bytes through high order bytes. -.Pp -.\" A regular expression may make this format clearer: -.\" .Bd -literal -offset indent -.\" ([a-z]+[0-9]+:)?[0-9a-f]+(\e.[0-9a-f]+)* -.\" .Ed -.\" .Pp -Thus -.Li le0:8.0.9.13.d.30 -represents an Ethernet address -to be transmitted on the first Lance Ethernet interface. -.Sh RETURN VALUES -.Fn link_ntoa -always returns a null-terminated string. -.Fn link_addr -has no return value. -(See -.Sx BUGS . ) -.Sh SEE ALSO -.Xr iso 4 , -.Xr ifconfig 8 -.Sh HISTORY -The -.Fn link_addr -and -.Fn link_ntoa -functions appeared in -.Bx 4.3 Reno . -.Sh BUGS -The returned values for link_ntoa -reside in a static memory area. -.Pp -The function -.Fn link_addr -should diagnose improperly formed input, and there should be an unambiguous -way to recognize this. -.Pp -If the -.Fa sdl_len -field of the link socket address -.Fa sdl -is 0, -.Fn link_ntoa -will not insert a colon before the interface address bytes. -If this translated address is given to -.Fn link_addr -without inserting an initial colon, -the latter will not interpret it correctly. diff --git a/src/lib/libc/net/link_ntoa.3 b/src/lib/libc/net/link_ntoa.3 new file mode 100644 index 00000000000..89536774410 --- /dev/null +++ b/src/lib/libc/net/link_ntoa.3 @@ -0,0 +1,78 @@ +.\" $OpenBSD: link_ntoa.3,v 1.2 2015/09/10 10:14:20 jmc Exp $ +.\" +.\" Copyright (c) 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" This code is derived from software contributed to Berkeley by +.\" Donn Seeley at BSDI. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd $Mdocdate: September 10 2015 $ +.Dt LINK_NTOA 3 +.Os +.Sh NAME +.Nm link_ntoa +.Nd elementary address specification routine for link level access +.Sh SYNOPSIS +.In sys/types.h +.In sys/socket.h +.In net/if_dl.h +.Ft char * +.Fn link_ntoa "const struct sockaddr_dl *sdl" +.Sh DESCRIPTION +The +.Fn link_ntoa +function takes +a link-level +address and returns an +.Tn ASCII +string representing some of the information present, +including the link level address itself, and the interface name +or number, if present. +This facility is experimental and is +still subject to change. +.Sh RETURN VALUES +.Fn link_ntoa +always returns a NUL-terminated string. +.Sh SEE ALSO +.Xr ifconfig 8 +.Sh HISTORY +The +.Fn link_ntoa +function appeared in +.Bx 4.3 Reno . +.Sh BUGS +The returned values for +.Fn link_ntoa +reside in a static memory area. +.Pp +If the +.Fa sdl_len +field of the link socket address +.Fa sdl +is 0, +.Fn link_ntoa +will not insert a colon before the interface address bytes. diff --git a/src/lib/libc/net/linkaddr.c b/src/lib/libc/net/linkaddr.c index fb522f32335..9101e23a862 100644 --- a/src/lib/libc/net/linkaddr.c +++ b/src/lib/libc/net/linkaddr.c @@ -1,3 +1,4 @@ +/* $OpenBSD: linkaddr.c,v 1.9 2016/12/08 03:20:50 millert Exp $ */ /*- * Copyright (c) 1990, 1993 * The Regents of the University of California. All rights reserved. @@ -10,11 +11,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -31,127 +28,57 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$OpenBSD: linkaddr.c,v 1.2 1996/08/19 08:29:27 tholo Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include #include +#include #include #include -/* States*/ -#define NAMING 0 -#define GOTONE 1 -#define GOTTWO 2 -#define RESET 3 -/* Inputs */ -#define DIGIT (4*0) -#define END (4*1) -#define DELIM (4*2) -#define LETTER (4*3) - -void -link_addr(addr, sdl) - register const char *addr; - register struct sockaddr_dl *sdl; -{ - register char *cp = sdl->sdl_data; - char *cplim = sdl->sdl_len + (char *)sdl; - register int byte = 0, state = NAMING, new; - - bzero((char *)&sdl->sdl_family, sdl->sdl_len - 1); - sdl->sdl_family = AF_LINK; - do { - state &= ~LETTER; - if ((*addr >= '0') && (*addr <= '9')) { - new = *addr - '0'; - } else if ((*addr >= 'a') && (*addr <= 'f')) { - new = *addr - 'a' + 10; - } else if ((*addr >= 'A') && (*addr <= 'F')) { - new = *addr - 'A' + 10; - } else if (*addr == 0) { - state |= END; - } else if (state == NAMING && - (((*addr >= 'A') && (*addr <= 'Z')) || - ((*addr >= 'a') && (*addr <= 'z')))) - state |= LETTER; - else - state |= DELIM; - addr++; - switch (state /* | INPUT */) { - case NAMING | DIGIT: - case NAMING | LETTER: - *cp++ = addr[-1]; - continue; - case NAMING | DELIM: - state = RESET; - sdl->sdl_nlen = cp - sdl->sdl_data; - continue; - case GOTTWO | DIGIT: - *cp++ = byte; - /* FALLTHROUGH */ - case RESET | DIGIT: - state = GOTONE; - byte = new; - continue; - case GOTONE | DIGIT: - state = GOTTWO; - byte = new + (byte << 4); - continue; - default: /* | DELIM */ - state = RESET; - *cp++ = byte; - byte = 0; - continue; - case GOTONE | END: - case GOTTWO | END: - *cp++ = byte; - /* FALLTHROUGH */ - case RESET | END: - break; - } - break; - } while (cp < cplim); - sdl->sdl_alen = cp - LLADDR(sdl); - new = cp - (char *)sdl; - if (new > sizeof(*sdl)) - sdl->sdl_len = new; - return; -} - -static char hexlist[] = "0123456789abcdef"; +static const char hexlist[] = "0123456789abcdef"; char * -link_ntoa(sdl) - register const struct sockaddr_dl *sdl; +link_ntoa(const struct sockaddr_dl *sdl) { static char obuf[64]; - register char *out = obuf; - register int i; - register u_char *in = (u_char *)LLADDR(sdl); - u_char *inlim = in + sdl->sdl_alen; - int firsttime = 1; + char *out; + const u_char *in, *inlim; + int namelen, i, rem; - if (sdl->sdl_nlen) { - bcopy(sdl->sdl_data, obuf, sdl->sdl_nlen); - out += sdl->sdl_nlen; - if (sdl->sdl_alen) + namelen = (sdl->sdl_nlen <= IFNAMSIZ) ? sdl->sdl_nlen : IFNAMSIZ; + + out = obuf; + rem = sizeof(obuf); + if (namelen > 0) { + memcpy(out, sdl->sdl_data, namelen); + out += namelen; + rem -= namelen; + if (sdl->sdl_alen > 0) { *out++ = ':'; + rem--; + } } - while (in < inlim) { - if (firsttime) - firsttime = 0; - else + + in = (const u_char *)sdl->sdl_data + sdl->sdl_nlen; + inlim = in + sdl->sdl_alen; + + while (in < inlim && rem > 1) { + if (in != (const u_char *)sdl->sdl_data + sdl->sdl_nlen) { *out++ = '.'; + rem--; + } i = *in++; if (i > 0xf) { - out[1] = hexlist[i & 0xf]; - i >>= 4; - out[0] = hexlist[i]; - out += 2; - } else + if (rem < 3) + break; + *out++ = hexlist[i >> 4]; + *out++ = hexlist[i & 0xf]; + rem -= 2; + } else { + if (rem < 2) + break; *out++ = hexlist[i]; + rem--; + } } *out = 0; return (obuf); diff --git a/src/lib/libc/net/net_addrcmp.3 b/src/lib/libc/net/net_addrcmp.3 deleted file mode 100644 index f1ce4c8cd17..00000000000 --- a/src/lib/libc/net/net_addrcmp.3 +++ /dev/null @@ -1,91 +0,0 @@ -.\" $OpenBSD: net_addrcmp.3,v 1.3 2001/08/07 06:53:27 deraadt Exp $ -.\" -.\" Copyright (c) 1999 Theo de Raadt -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR -.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, -.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd July 3, 1999 -.Dt NET_ADDRCMP 3 -.Os -.Sh NAME -.Nm net_addrcmp -.Nd compare socket address structures -.Sh SYNOPSIS -.Fd #include -.Ft int -.Fn net_addrcmp "struct sockaddr *sa1" "struct sockaddr *sa2" -.Sh DESCRIPTION -The -.Fn net_addrcmp -function compares two socket address structures, -.Fa sa1 -and -.Fa sa2 . -.Sh RETURN VALUES -If -.Fa sa1 -and -.Fa sa2 -are for the same address, -.Fn net_addrcmp -returns 0. -.Pp -The -.Fa sa_len -fields are compared first. -If they do not match, -.Fn net_addrcmp -returns \-1 or 1 if -.Li sa1->sa_len -is less than or greater than -.Li sa2->sa_len , -respectively. -.Pp -Next, the -.Fa sa_family -members are compared. -If they do not match, -.Fn net_addrcmp -returns \-1 or 1 if -.Li sa1->sa_family -is less than or greater than -.Li sa2->sa_family , -respectively. -.Pp -Lastly, if each socket address structure's -.Fa sa_len -and -.Fa sa_family -fields match, -the protocol-specific data (the -.Fa sa_data -field) is compared. -If there's a match, both -.Fa sa1 -and -.Fa sa2 -must refer to the same address, and 0 is returned; otherwise, a value >0 -or <0 is returned. -.Sh HISTORY -A -.Fn net_addrcmp -function was added in -.Ox 2.5 . diff --git a/src/lib/libc/net/net_addrcmp.c b/src/lib/libc/net/net_addrcmp.c deleted file mode 100644 index c77a2fda48f..00000000000 --- a/src/lib/libc/net/net_addrcmp.c +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Copyright (c) 1999 Theo de Raadt - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include -#include -#include -#include -#include -#include - -int -net_addrcmp(sa1, sa2) - struct sockaddr *sa1; - struct sockaddr *sa2; -{ - - if (sa1->sa_len != sa2->sa_len) - return (sa1->sa_len < sa2->sa_len) ? -1 : 1; - if (sa1->sa_family != sa2->sa_family) - return (sa1->sa_family < sa2->sa_family) ? -1 : 1; - - switch(sa1->sa_family) { - case AF_INET: - return (memcmp(&((struct sockaddr_in *)sa1)->sin_addr, - &((struct sockaddr_in *)sa2)->sin_addr, - sizeof(struct in_addr))); - case AF_INET6: - if (((struct sockaddr_in6 *)sa1)->sin6_scope_id != - ((struct sockaddr_in6 *)sa2)->sin6_scope_id) - return (((struct sockaddr_in6 *)sa1)->sin6_scope_id < - ((struct sockaddr_in6 *)sa2)->sin6_scope_id) - ? -1 : 1; - return memcmp(&((struct sockaddr_in6 *)sa1)->sin6_addr, - &((struct sockaddr_in6 *)sa2)->sin6_addr, - sizeof(struct in6_addr)); - case AF_NS: - return (memcmp(&((struct sockaddr_ns *)sa1)->sns_addr, - &((struct sockaddr_ns *)sa2)->sns_addr, - sizeof(struct ns_addr))); - case AF_LOCAL: - return (strcmp(((struct sockaddr_un *)sa1)->sun_path, - ((struct sockaddr_un *)sa1)->sun_path)); - default: - return -1; - } -} diff --git a/src/lib/libc/net/ns.3 b/src/lib/libc/net/ns.3 deleted file mode 100644 index 14e234c347c..00000000000 --- a/src/lib/libc/net/ns.3 +++ /dev/null @@ -1,131 +0,0 @@ -.\" $OpenBSD: ns.3,v 1.7 2001/08/02 20:37:35 hugh Exp $ -.\" -.\" Copyright (c) 1986, 1991, 1993 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.Dd June 4, 1993 -.Dt NS 3 -.Os -.Sh NAME -.Nm ns_addr , -.Nm ns_ntoa -.Nd Xerox -.Tn NS Ns (tm) -address conversion routines -.Sh SYNOPSIS -.Fd #include -.Fd #include -.Ft struct ns_addr -.Fn ns_addr "char *cp" -.Ft char * -.Fn ns_ntoa "struct ns_addr ns" -.Sh DESCRIPTION -The routine -.Fn ns_addr -interprets character strings representing -.Tn XNS -addresses, returning binary information suitable -for use in system calls. -The routine -.Fn ns_ntoa -takes -.Tn XNS -addresses and returns -.Tn ASCII -strings representing the address in a -notation in common use in the Xerox Development Environment: -.Bd -filled -offset indent -.. -.Ed -.Pp -Trailing zero fields are suppressed, and each number is printed in hexadecimal, -in a format suitable for input to -.Fn ns_addr . -Any fields lacking super-decimal digits will have a -trailing -.Sq H -appended. -.Pp -Unfortunately, no universal standard exists for representing -.Tn XNS -addresses. -An effort has been made to ensure that -.Fn ns_addr -be compatible with most formats in common use. -It will first separate an address into 1 to 3 fields using a single delimiter -chosen from -period -.Pq Ql \&. , -colon -.Pq Ql \&: , -or pound-sign -.Ql # . -Each field is then examined for byte separators (colon or period). -If there are byte separators, each subfield separated is taken to be -a small hexadecimal number, and the entirety is taken as a network-byte-ordered -quantity to be zero extended in the high-network-order bytes. -Next, the field is inspected for hyphens, in which case -the field is assumed to be a number in decimal notation -with hyphens separating the millenia. -Next, the field is assumed to be a number: -It is interpreted -as hexadecimal if there is a leading -.Ql 0x -(as in C), -a trailing -.Sq H -(as in Mesa), or there are any super-decimal digits present. -It is interpreted as octal is there is a leading -.Ql 0 -and there are no super-octal digits. -Otherwise, it is converted as a decimal number. -.Sh RETURN VALUES -None. -(See -.Sx BUGS . ) -.Sh SEE ALSO -.Xr hosts 5 , -.Xr networks 5 -.Sh HISTORY -The -.Fn ns_addr -and -.Fn ns_toa -functions appeared in -.Bx 4.3 . -.Sh BUGS -The string returned by -.Fn ns_ntoa -resides in a static memory area. -The function -.Fn ns_addr -should diagnose improperly formed input, and there should be an unambiguous -way to recognize this. diff --git a/src/lib/libc/net/ns_addr.c b/src/lib/libc/net/ns_addr.c deleted file mode 100644 index 0d1b45858f8..00000000000 --- a/src/lib/libc/net/ns_addr.c +++ /dev/null @@ -1,227 +0,0 @@ -/* - * Copyright (c) 1986, 1993 - * The Regents of the University of California. All rights reserved. - * - * This code is derived from software contributed to Berkeley by - * J.Q. Johnson. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$OpenBSD: ns_addr.c,v 1.7 2002/02/16 21:27:23 millert Exp $"; -#endif /* LIBC_SCCS and not lint */ - -#include -#include -#include -#include - -static struct ns_addr addr, zero_addr; - -static void Field(char *, u_int8_t *, int); -static void cvtbase(long, int, int[], int, u_int8_t[], int); - -struct ns_addr -ns_addr(name) - const char *name; -{ - char separator; - char *hostname, *socketname, *cp; - char buf[50]; - - strlcpy(buf, name, sizeof(buf)); - - /* - * First, figure out what he intends as a field separtor. - * Despite the way this routine is written, the prefered - * form 2-272.AA001234H.01777, i.e. XDE standard. - * Great efforts are made to insure backward compatibility. - */ - if ((hostname = strchr(buf, '#'))) - separator = '#'; - else { - hostname = strchr(buf, '.'); - if ((cp = strchr(buf, ':')) && - ((hostname && cp < hostname) || (hostname == 0))) { - hostname = cp; - separator = ':'; - } else - separator = '.'; - } - if (hostname) - *hostname++ = 0; - - addr = zero_addr; - Field(buf, addr.x_net.c_net, 4); - if (hostname == 0) - return (addr); /* No separator means net only */ - - socketname = strchr(hostname, separator); - if (socketname) { - *socketname++ = 0; - Field(socketname, (u_char *)&addr.x_port, 2); - } - - Field(hostname, (u_char *)addr.x_host.c_host, 6); - - return (addr); -} - -static void -Field(buf, out, len) - char *buf; - u_char *out; - int len; -{ - register char *bp = buf; - int i, ibase, base16 = 0, base10 = 0, clen = 0; - int hb[6], *hp; - char *fmt; - - /* - * first try 2-273#2-852-151-014#socket - */ - if ((*buf != '-') && - (1 < (i = sscanf(buf, "%d-%d-%d-%d-%d", - &hb[0], &hb[1], &hb[2], &hb[3], &hb[4])))) { - cvtbase(1000L, 256, hb, i, out, len); - return; - } - /* - * try form 8E1#0.0.AA.0.5E.E6#socket - */ - if (1 < (i = sscanf(buf,"%x.%x.%x.%x.%x.%x", - &hb[0], &hb[1], &hb[2], &hb[3], &hb[4], &hb[5]))) { - cvtbase(256L, 256, hb, i, out, len); - return; - } - /* - * try form 8E1#0:0:AA:0:5E:E6#socket - */ - if (1 < (i = sscanf(buf,"%x:%x:%x:%x:%x:%x", - &hb[0], &hb[1], &hb[2], &hb[3], &hb[4], &hb[5]))) { - cvtbase(256L, 256, hb, i, out, len); - return; - } - /* - * This is REALLY stretching it but there was a - * comma notation separting shorts -- definitely non standard - */ - if (1 < (i = sscanf(buf,"%x,%x,%x", - &hb[0], &hb[1], &hb[2]))) { - hb[0] = htons(hb[0]); hb[1] = htons(hb[1]); - hb[2] = htons(hb[2]); - cvtbase(65536L, 256, hb, i, out, len); - return; - } - - /* Need to decide if base 10, 16 or 8 */ - while (*bp) switch (*bp++) { - - case '0': case '1': case '2': case '3': case '4': case '5': - case '6': case '7': case '-': - break; - - case '8': case '9': - base10 = 1; - break; - - case 'a': case 'b': case 'c': case 'd': case 'e': case 'f': - case 'A': case 'B': case 'C': case 'D': case 'E': case 'F': - base16 = 1; - break; - - case 'x': case 'X': - *--bp = '0'; - base16 = 1; - break; - - case 'h': case 'H': - base16 = 1; - /* fall into */ - - default: - *--bp = 0; /* Ends Loop */ - } - if (base16) { - fmt = "%3x"; - ibase = 4096; - } else if (base10 == 0 && *buf == '0') { - fmt = "%3o"; - ibase = 512; - } else { - fmt = "%3d"; - ibase = 1000; - } - - for (bp = buf; *bp++; ) clen++; - if (clen == 0) clen++; - if (clen > 18) clen = 18; - i = ((clen - 1) / 3) + 1; - bp = clen + buf - 3; - hp = hb + i - 1; - - while (hp > hb) { - (void)sscanf(bp, fmt, hp); - bp[0] = 0; - hp--; - bp -= 3; - } - (void)sscanf(buf, fmt, hp); - cvtbase((long)ibase, 256, hb, i, out, len); -} - -static void -cvtbase(oldbase,newbase,input,inlen,result,reslen) - long oldbase; - int newbase; - int input[]; - int inlen; - unsigned char result[]; - int reslen; -{ - int d, e; - long sum; - - e = 1; - while (e > 0 && reslen > 0) { - d = 0; e = 0; sum = 0; - /* long division: input=input/newbase */ - while (d < inlen) { - sum = sum*oldbase + (long) input[d]; - e += (sum > 0); - input[d++] = sum / newbase; - sum %= newbase; - } - result[--reslen] = sum; /* accumulate remainder */ - } - for (d=0; d < reslen; d++) - result[d] = 0; -} diff --git a/src/lib/libc/net/ns_ntoa.c b/src/lib/libc/net/ns_ntoa.c deleted file mode 100644 index 5ff410e28aa..00000000000 --- a/src/lib/libc/net/ns_ntoa.c +++ /dev/null @@ -1,104 +0,0 @@ -/* - * Copyright (c) 1986, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$OpenBSD: ns_ntoa.c,v 1.10 2002/07/25 21:12:47 deraadt Exp $"; -#endif /* LIBC_SCCS and not lint */ - -#include -#include -#include - -static char *spectHex(char *); - -char * -ns_ntoa(struct ns_addr addr) -{ - static char obuf[40]; - union { union ns_net net_e; u_int32_t long_e; } net; - in_port_t port = htons(addr.x_port); - char *cp, *cp2; - u_char *up = addr.x_host.c_host; - u_char *uplim = up + 6; - - net.net_e = addr.x_net; - snprintf(obuf, sizeof obuf, "%x", ntohl(net.long_e)); - cp = spectHex(obuf); - cp2 = cp + 1; - while (*up==0 && up < uplim) - up++; - if (up == uplim) { - if (port) { - sprintf(cp, ".0"); - cp += 2; - } - } else { - sprintf(cp, ".%x", *up++); - while (up < uplim) { - while (*cp) - cp++; - sprintf(cp, "%02x", *up++); - } - cp = spectHex(cp2); - } - if (port) { - sprintf(cp, ".%x", port); - spectHex(cp + 1); - } - return (obuf); -} - -static char * -spectHex(char *p0) -{ - int ok = 0, nonzero = 0; - char *p = p0; - - for (; *p; p++) { - switch (*p) { - case 'a': case 'b': case 'c': case 'd': case 'e': case 'f': - *p += ('A' - 'a'); - /* fall into . . . */ - case 'A': case 'B': case 'C': case 'D': case 'E': case 'F': - ok = 1; - case '1': case '2': case '3': case '4': case '5': - case '6': case '7': case '8': case '9': - nonzero = 1; - } - } - if (nonzero && !ok) { - *p++ = 'H'; - *p = 0; - } - return (p); -} diff --git a/src/lib/libc/net/nsap_addr.c b/src/lib/libc/net/nsap_addr.c deleted file mode 100644 index 22a5f8d66ec..00000000000 --- a/src/lib/libc/net/nsap_addr.c +++ /dev/null @@ -1,109 +0,0 @@ -/* $OpenBSD: nsap_addr.c,v 1.4 1997/07/09 01:08:45 millert Exp $ */ - -/* - * Copyright (c) 1996 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS - * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE - * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -#if 0 -static char rcsid[] = "$From: nsap_addr.c,v 8.3 1996/08/05 08:31:35 vixie Exp $"; -#else -static char rcsid[] = "$OpenBSD: nsap_addr.c,v 1.4 1997/07/09 01:08:45 millert Exp $"; -#endif -#endif /* LIBC_SCCS and not lint */ - -#include -#include -#include -#include -#include -#include -#include - -static char -xtob(c) - register int c; -{ - return (c - (((c >= '0') && (c <= '9')) ? '0' : '7')); -} - -u_int -inet_nsap_addr(ascii, binary, maxlen) - const char *ascii; - u_char *binary; - int maxlen; -{ - register u_char c, nib; - u_int len = 0; - - while ((c = *ascii++) != '\0' && len < maxlen) { - if (c == '.' || c == '+' || c == '/') - continue; - if (!isascii(c)) - return (0); - if (islower(c)) - c = toupper(c); - if (isxdigit(c)) { - nib = xtob(c); - if ((c = *ascii++)) { - c = toupper(c); - if (isxdigit(c)) { - *binary++ = (nib << 4) | xtob(c); - len++; - } else - return (0); - } - else - return (0); - } - else - return (0); - } - return (len); -} - -char * -inet_nsap_ntoa(binlen, binary, ascii) - int binlen; - register const u_char *binary; - register char *ascii; -{ - register int nib; - int i; - static char tmpbuf[255*3]; - char *start; - - if (ascii) - start = ascii; - else { - ascii = tmpbuf; - start = tmpbuf; - } - - if (binlen > 255) - binlen = 255; - - for (i = 0; i < binlen; i++) { - nib = *binary >> 4; - *ascii++ = nib + (nib < 10 ? '0' : '7'); - nib = *binary++ & 0x0f; - *ascii++ = nib + (nib < 10 ? '0' : '7'); - if (((i % 2) == 0 && (i + 1) < binlen)) - *ascii++ = '.'; - } - *ascii = '\0'; - return (start); -} diff --git a/src/lib/libc/net/ntohl.c b/src/lib/libc/net/ntohl.c index 7d3e227e607..0d05bac78a1 100644 --- a/src/lib/libc/net/ntohl.c +++ b/src/lib/libc/net/ntohl.c @@ -1,20 +1,16 @@ +/* $OpenBSD: ntohl.c,v 1.7 2014/07/21 01:51:10 guenther Exp $ */ /* * Written by J.T. Conklin . * Public domain. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: ntohl.c,v 1.4 1996/12/12 03:19:56 tholo Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include -#include +#include #undef ntohl u_int32_t -ntohl(x) - u_int32_t x; +ntohl(u_int32_t x) { #if BYTE_ORDER == LITTLE_ENDIAN u_char *s = (u_char *)&x; diff --git a/src/lib/libc/net/ntohs.c b/src/lib/libc/net/ntohs.c index 4c3ab33f31c..b5ea361f830 100644 --- a/src/lib/libc/net/ntohs.c +++ b/src/lib/libc/net/ntohs.c @@ -1,14 +1,11 @@ +/* $OpenBSD: ntohs.c,v 1.9 2014/07/21 01:51:10 guenther Exp $ */ /* * Written by J.T. Conklin . * Public domain. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: ntohs.c,v 1.7 2002/02/19 19:39:36 millert Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include -#include +#include #undef ntohs diff --git a/src/lib/libc/net/rcmd.3 b/src/lib/libc/net/rcmd.3 index 7cf5af95197..b2a5cdea9bb 100644 --- a/src/lib/libc/net/rcmd.3 +++ b/src/lib/libc/net/rcmd.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: rcmd.3,v 1.24 2002/05/06 23:34:33 millert Exp $ +.\" $OpenBSD: rcmd.3,v 1.34 2016/05/28 15:48:30 millert Exp $ .\" .\" Copyright (c) 1983, 1991, 1993 .\" The Regents of the University of California. All rights reserved. @@ -11,11 +11,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -31,7 +27,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd June 4, 1993 +.Dd $Mdocdate: May 28 2016 $ .Dt RCMD 3 .Os .Sh NAME @@ -39,12 +35,10 @@ .Nm rcmd_af , .Nm rresvport , .Nm rresvport_af , -.Nm iruserok , -.Nm ruserok , -.Nm iruserok_sa +.Nm ruserok .Nd routines for returning a stream to a remote command .Sh SYNOPSIS -.Fd #include +.In unistd.h .Ft int .Fn rcmd "char **ahost" "int inport" "const char *locuser" "const char *remuser" "const char *cmd" "int *fd2p" .Ft int @@ -54,11 +48,7 @@ .Ft int .Fn rresvport_af "int *port" "int af" .Ft int -.Fn iruserok "u_int32_t raddr" "int superuser" "const char *ruser" "const char *luser" -.Ft int .Fn ruserok "const char *rhost" "int superuser" "const char *ruser" "const char *luser" -.Ft int -.Fn iruserok_sa "const void *sa" "int salen" "int superuser" "const char *ruser" .Sh DESCRIPTION The .Fn rcmd @@ -79,7 +69,7 @@ Alternately, if the user is not the superuser, will invoke .Xr rcmdsh 3 to run the command via -.Xr rsh 1 . +.Xr ssh 1 . While .Fn rcmd can handle IPv4 cases only, @@ -94,31 +84,21 @@ and functions return a descriptor to a socket with an address in the privileged port space. The -.Fn iruserok -and .Fn ruserok -functions are used by servers +function is used by servers to authenticate clients requesting service with .Fn rcmd . -All four functions are present in the same file and are used -by the -.Xr rshd 8 -server (among others). -.Fn iruserok_sa -is an address family independent variant of -.Fn iruserok . .Pp The .Fn rcmd function looks up the host .Fa *ahost using -.Xr gethostbyname 3 , -returning \-1 if the host does not exist. -Otherwise +.Xr getaddrinfo 3 +and, if the host exists, .Fa *ahost -is set to the standard name of the host -and a connection is established to a server +is set to the canonical name of the host. +A connection is then established to a server residing at the well-known Internet port .Fa inport . If the user is not the superuser, the only valid port is @@ -158,14 +138,11 @@ must be .Fn rcmd_af takes address family in the last argument. If the last argument is -.Dv PF_UNSPEC , +.Dv AF_UNSPEC , interpretation of .Fa *ahost will obey the underlying address resolution like DNS. .Pp -The protocol is described in detail in -.Xr rshd 8 . -.Pp The .Fn rresvport and @@ -186,11 +163,9 @@ need to be seeded with a port number; if that port is not available these functions will find another. .Pp The -.Fn iruserok -and .Fn ruserok -functions take a remote host's IP address or name, respectively, -two user names and a flag indicating whether the local user's +function takes a remote host's name, two user names, +and a flag indicating whether the local user's name is that of the superuser. Then, if the user is .Em not @@ -210,35 +185,14 @@ Zero is returned if the machine name is listed in the file, or the host and remote user name are found in the .Pa .rhosts file; otherwise -.Fn iruserok -and .Fn ruserok -return \-1. +returns \-1. If the local domain (as obtained from -.Xr gethostname 3 ) +.Xr getaddrinfo 3 ) is the same as the remote domain, only the machine name need be specified. .Pp -If the IP address of the remote host is known, -.Fn iruserok -should be used in preference to -.Fn ruserok , -as it does not require trusting the DNS server for the remote host's domain. -.Pp -While -.Fn iruserok -can handle IPv4 addresses only, -.Fn iruserok_sa -and .Fn ruserok -can handle other address families as well, like IPv6. -The first argument of -.Fn iruserok_sa -is typed as -.Li "void *" -to avoid dependency between -.Aq Pa unistd.h -and -.Aq Pa sys/socket.h . +implicitly requires trusting the DNS server for the remote host's domain. .Sh DIAGNOSTICS The .Fn rcmd @@ -258,13 +212,21 @@ The error code is overloaded to mean .Dq all network ports in use . .Sh SEE ALSO -.Xr rsh 1 , +.Xr ssh 1 , .Xr intro 2 , .Xr bindresvport 3 , .Xr bindresvport_sa 3 , -.Xr rcmdsh 3 , -.Xr rshd 8 +.Xr rcmdsh 3 .Sh HISTORY These functions appeared in .Bx 4.2 . +.Pp +The +.Fn iruserok +and +.Fn iruserok_sa +functions, IP address based versions of +.Fn ruserok , +were removed in +.Ox 6.0 . diff --git a/src/lib/libc/net/rcmd.c b/src/lib/libc/net/rcmd.c index be68c599d8c..bf686036493 100644 --- a/src/lib/libc/net/rcmd.c +++ b/src/lib/libc/net/rcmd.c @@ -11,12 +11,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * This product includes software developed by Theo de Raadt. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -33,11 +28,6 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: rcmd.c,v 1.43 2002/05/24 21:22:37 deraadt Exp $"; -#endif /* LIBC_SCCS and not lint */ - -#include #include #include @@ -48,50 +38,41 @@ static char *rcsid = "$OpenBSD: rcmd.c,v 1.43 2002/05/24 21:22:37 deraadt Exp $" #include #include #include +#include #include #include #include #include #include #include +#include #include -#include - -int __ivaliduser(FILE *, in_addr_t, const char *, const char *); -int __ivaliduser_sa(FILE *, struct sockaddr *, socklen_t, - const char *, const char *); -static int __icheckhost(struct sockaddr *, socklen_t, const char *); -static char *__gethostloop(struct sockaddr *, socklen_t); +#include int -rcmd(ahost, rport, locuser, remuser, cmd, fd2p) - char **ahost; - in_port_t rport; - const char *locuser, *remuser, *cmd; - int *fd2p; +rcmd(char **ahost, int rport, const char *locuser, const char *remuser, + const char *cmd, int *fd2p) { return rcmd_af(ahost, rport, locuser, remuser, cmd, fd2p, AF_INET); } int -rcmd_af(ahost, rport, locuser, remuser, cmd, fd2p, af) - char **ahost; - in_port_t rport; - const char *locuser, *remuser, *cmd; - int *fd2p; - int af; +rcmd_af(char **ahost, int porta, const char *locuser, const char *remuser, + const char *cmd, int *fd2p, int af) { - static char hbuf[MAXHOSTNAMELEN]; + static char hbuf[HOST_NAME_MAX+1]; char pbuf[NI_MAXSERV]; struct addrinfo hints, *res, *r; int error; struct sockaddr_storage from; - fd_set *readsp = NULL; sigset_t oldmask, mask; pid_t pid; - int s, lport, timo; + int s, lport; + struct timespec timo; char c, *p; int refused; + in_port_t rport = porta; + int numread; /* call rcmdsh() with specified remote shell if appropriate. */ if (!issetugid() && (p = getenv("RSH")) && *p) { @@ -119,9 +100,8 @@ rcmd_af(ahost, rport, locuser, remuser, cmd, fd2p, af) hints.ai_flags = AI_CANONNAME; error = getaddrinfo(*ahost, pbuf, &hints, &res); if (error) { -#if 0 - warnx("%s: %s", *ahost, gai_strerror(error)); -#endif + (void)fprintf(stderr, "rcmd: %s: %s\n", *ahost, + gai_strerror(error)); return (-1); } if (res->ai_canonname) { @@ -132,10 +112,11 @@ rcmd_af(ahost, rport, locuser, remuser, cmd, fd2p, af) r = res; refused = 0; + timespecclear(&timo); sigemptyset(&mask); sigaddset(&mask, SIGURG); - oldmask = sigprocmask(SIG_BLOCK, &mask, &oldmask); - for (timo = 1, lport = IPPORT_RESERVED - 1;;) { + sigprocmask(SIG_BLOCK, &mask, &oldmask); + for (timo.tv_sec = 1, lport = IPPORT_RESERVED - 1;;) { s = rresvport_af(&lport, r->ai_family); if (s < 0) { if (errno == EAGAIN) @@ -166,11 +147,7 @@ rcmd_af(ahost, rport, locuser, remuser, cmd, fd2p, af) if (r->ai_next) { int oerrno = errno; char hbuf[NI_MAXHOST]; -#ifdef NI_WITHSCOPEID - const int niflags = NI_NUMERICHOST | NI_WITHSCOPEID; -#else const int niflags = NI_NUMERICHOST; -#endif hbuf[0] = '\0'; if (getnameinfo(r->ai_addr, r->ai_addrlen, @@ -187,9 +164,9 @@ rcmd_af(ahost, rport, locuser, remuser, cmd, fd2p, af) (void)fprintf(stderr, "Trying %s...\n", hbuf); continue; } - if (refused && timo <= 16) { - (void)sleep(timo); - timo *= 2; + if (refused && timo.tv_sec <= 16) { + (void)nanosleep(&timo, NULL); + timo.tv_sec *= 2; r = res; refused = 0; continue; @@ -203,27 +180,18 @@ rcmd_af(ahost, rport, locuser, remuser, cmd, fd2p, af) /* given "af" can be PF_UNSPEC, we need the real af for "s" */ af = r->ai_family; freeaddrinfo(res); -#if 0 - /* - * try to rresvport() to the same port. This will make rresvport() - * fail it's first bind, resulting in it choosing a random port. - */ - lport--; -#endif if (fd2p == 0) { write(s, "", 1); lport = 0; } else { + struct pollfd pfd[2]; char num[8]; int s2 = rresvport_af(&lport, af), s3; - int len = sizeof(from); - int fdssize = howmany(MAX(s, s2)+1, NFDBITS) * sizeof(fd_mask); + socklen_t len = sizeof(from); if (s2 < 0) goto bad; - readsp = (fd_set *)malloc(fdssize); - if (readsp == NULL) - goto bad; + listen(s2, 1); (void)snprintf(num, sizeof(num), "%d", lport); if (write(s, num, strlen(num)+1) != strlen(num)+1) { @@ -234,23 +202,33 @@ rcmd_af(ahost, rport, locuser, remuser, cmd, fd2p, af) goto bad; } again: - bzero(readsp, fdssize); - FD_SET(s, readsp); - FD_SET(s2, readsp); + pfd[0].fd = s; + pfd[0].events = POLLIN; + pfd[1].fd = s2; + pfd[1].events = POLLIN; + errno = 0; - if (select(MAX(s, s2) + 1, readsp, 0, 0, 0) < 1 || - !FD_ISSET(s2, readsp)) { + if (poll(pfd, 2, INFTIM) < 1 || + (pfd[1].revents & (POLLIN|POLLHUP)) == 0) { if (errno != 0) (void)fprintf(stderr, - "rcmd: select (setting up stderr): %s\n", + "rcmd: poll (setting up stderr): %s\n", strerror(errno)); else (void)fprintf(stderr, - "select: protocol failure in circuit setup\n"); + "poll: protocol failure in circuit setup\n"); (void)close(s2); goto bad; } s3 = accept(s2, (struct sockaddr *)&from, &len); + if (s3 < 0) { + (void)fprintf(stderr, + "rcmd: accept: %s\n", strerror(errno)); + lport = 0; + close(s2); + goto bad; + } + /* * XXX careful for ftp bounce attacks. If discovered, shut them * down and check for the real auxiliary channel to connect. @@ -269,12 +247,7 @@ rcmd_af(ahost, rport, locuser, remuser, cmd, fd2p, af) break; } (void)close(s2); - if (s3 < 0) { - (void)fprintf(stderr, - "rcmd: accept: %s\n", strerror(errno)); - lport = 0; - goto bad; - } + *fd2p = s3; switch (from.ss_family) { case AF_INET: @@ -295,9 +268,10 @@ rcmd_af(ahost, rport, locuser, remuser, cmd, fd2p, af) (void)write(s, locuser, strlen(locuser)+1); (void)write(s, remuser, strlen(remuser)+1); (void)write(s, cmd, strlen(cmd)+1); - if (read(s, &c, 1) != 1) { + if ((numread = read(s, &c, 1)) != 1) { (void)fprintf(stderr, - "rcmd: %s: %s\n", *ahost, strerror(errno)); + "rcmd: %s: %s\n", *ahost, + numread == -1 ? strerror(errno) : "Short read"); goto bad2; } if (c != 0) { @@ -309,425 +283,14 @@ rcmd_af(ahost, rport, locuser, remuser, cmd, fd2p, af) goto bad2; } sigprocmask(SIG_SETMASK, &oldmask, NULL); - free(readsp); return (s); bad2: if (lport) (void)close(*fd2p); bad: - if (readsp) - free(readsp); (void)close(s); sigprocmask(SIG_SETMASK, &oldmask, NULL); return (-1); } +DEF_WEAK(rcmd_af); -int __check_rhosts_file = 1; -char *__rcmd_errstr; - -int -ruserok(rhost, superuser, ruser, luser) - const char *rhost, *ruser, *luser; - int superuser; -{ - struct addrinfo hints, *res, *r; - int error; - - memset(&hints, 0, sizeof(hints)); - hints.ai_family = PF_UNSPEC; - hints.ai_socktype = SOCK_DGRAM; /*dummy*/ - error = getaddrinfo(rhost, "0", &hints, &res); - if (error) - return (-1); - - for (r = res; r; r = r->ai_next) { - if (iruserok_sa(r->ai_addr, r->ai_addrlen, superuser, ruser, - luser) == 0) { - freeaddrinfo(res); - return (0); - } - } - freeaddrinfo(res); - return (-1); -} - -/* - * New .rhosts strategy: We are passed an ip address. We spin through - * hosts.equiv and .rhosts looking for a match. When the .rhosts only - * has ip addresses, we don't have to trust a nameserver. When it - * contains hostnames, we spin through the list of addresses the nameserver - * gives us and look for a match. - * - * Returns 0 if ok, -1 if not ok. - */ -int -iruserok(raddr, superuser, ruser, luser) - u_int32_t raddr; - int superuser; - const char *ruser, *luser; -{ - struct sockaddr_in sin; - - memset(&sin, 0, sizeof(sin)); - sin.sin_family = AF_INET; - sin.sin_len = sizeof(struct sockaddr_in); - memcpy(&sin.sin_addr, &raddr, sizeof(sin.sin_addr)); - return iruserok_sa(&sin, sizeof(struct sockaddr_in), superuser, ruser, - luser); -} - -int -iruserok_sa(raddr, rlen, superuser, ruser, luser) - const void *raddr; - int rlen; - int superuser; - const char *ruser, *luser; -{ - struct sockaddr *sa; - register char *cp; - struct stat sbuf; - struct passwd *pwd; - FILE *hostf; - uid_t uid; - int first; - char pbuf[MAXPATHLEN]; - - sa = (struct sockaddr *)raddr; - first = 1; - hostf = superuser ? NULL : fopen(_PATH_HEQUIV, "r"); -again: - if (hostf) { - if (__ivaliduser_sa(hostf, sa, rlen, luser, ruser) == 0) { - (void)fclose(hostf); - return (0); - } - (void)fclose(hostf); - } - if (first == 1 && (__check_rhosts_file || superuser)) { - first = 0; - if ((pwd = getpwnam(luser)) == NULL) - return (-1); - snprintf(pbuf, sizeof pbuf, "%s/.rhosts", pwd->pw_dir); - - /* - * Change effective uid while opening .rhosts. If root and - * reading an NFS mounted file system, can't read files that - * are protected read/write owner only. - */ - uid = geteuid(); - (void)seteuid(pwd->pw_uid); - hostf = fopen(pbuf, "r"); - (void)seteuid(uid); - - if (hostf == NULL) - return (-1); - /* - * If not a regular file, or is owned by someone other than - * user or root or if writeable by anyone but the owner, quit. - */ - cp = NULL; - if (lstat(pbuf, &sbuf) < 0) - cp = ".rhosts lstat failed"; - else if (!S_ISREG(sbuf.st_mode)) - cp = ".rhosts not regular file"; - else if (fstat(fileno(hostf), &sbuf) < 0) - cp = ".rhosts fstat failed"; - else if (sbuf.st_uid && sbuf.st_uid != pwd->pw_uid) - cp = "bad .rhosts owner"; - else if (sbuf.st_mode & (S_IWGRP|S_IWOTH)) - cp = ".rhosts writeable by other than owner"; - /* If there were any problems, quit. */ - if (cp) { - __rcmd_errstr = cp; - (void)fclose(hostf); - return (-1); - } - goto again; - } - return (-1); -} - -/* - * XXX - * Don't make static, used by lpd(8). - * - * Returns 0 if ok, -1 if not ok. - */ -int -__ivaliduser(hostf, raddrl, luser, ruser) - FILE *hostf; - in_addr_t raddrl; - const char *luser, *ruser; -{ - struct sockaddr_in sin; - - memset(&sin, 0, sizeof(sin)); - sin.sin_family = AF_INET; - sin.sin_len = sizeof(struct sockaddr_in); - memcpy(&sin.sin_addr, &raddrl, sizeof(sin.sin_addr)); - return __ivaliduser_sa(hostf, (struct sockaddr *)&sin, sin.sin_len, - luser, ruser); -} - -int -__ivaliduser_sa(hostf, raddr, salen, luser, ruser) - FILE *hostf; - struct sockaddr *raddr; - socklen_t salen; - const char *luser, *ruser; -{ - register char *user, *p; - char *buf; - const char *auser, *ahost; - int hostok, userok; - char *rhost = (char *)-1; - char domain[MAXHOSTNAMELEN]; - size_t buflen; - - getdomainname(domain, sizeof(domain)); - - while ((buf = fgetln(hostf, &buflen))) { - p = buf; - if (*p == '#') - continue; - while (*p != '\n' && *p != ' ' && *p != '\t' && p < buf + buflen) { - if (!isprint(*p)) - goto bail; - *p = isupper(*p) ? tolower(*p) : *p; - p++; - } - if (p >= buf + buflen) - continue; - if (*p == ' ' || *p == '\t') { - *p++ = '\0'; - while ((*p == ' ' || *p == '\t') && p < buf + buflen) - p++; - if (p >= buf + buflen) - continue; - user = p; - while (*p != '\n' && *p != ' ' && - *p != '\t' && p < buf + buflen) { - if (!isprint(*p)) - goto bail; - p++; - } - } else - user = p; - *p = '\0'; - - if (p == buf) - continue; - - auser = *user ? user : luser; - ahost = buf; - - if (strlen(ahost) >= MAXHOSTNAMELEN) - continue; - - /* - * innetgr() must lookup a hostname (we do not attempt - * to change the semantics so that netgroups may have - * #.#.#.# addresses in the list.) - */ - if (ahost[0] == '+') - switch (ahost[1]) { - case '\0': - hostok = 1; - break; - case '@': - if (rhost == (char *)-1) - rhost = __gethostloop(raddr, salen); - hostok = 0; - if (rhost) - hostok = innetgr(&ahost[2], rhost, - NULL, domain); - break; - default: - hostok = __icheckhost(raddr, salen, &ahost[1]); - break; - } - else if (ahost[0] == '-') - switch (ahost[1]) { - case '\0': - hostok = -1; - break; - case '@': - if (rhost == (char *)-1) - rhost = __gethostloop(raddr, salen); - hostok = 0; - if (rhost) - hostok = -innetgr(&ahost[2], rhost, - NULL, domain); - break; - default: - hostok = -__icheckhost(raddr, salen, &ahost[1]); - break; - } - else - hostok = __icheckhost(raddr, salen, ahost); - - - if (auser[0] == '+') - switch (auser[1]) { - case '\0': - userok = 1; - break; - case '@': - userok = innetgr(&auser[2], NULL, ruser, - domain); - break; - default: - userok = strcmp(ruser, &auser[1]) ? 0 : 1; - break; - } - else if (auser[0] == '-') - switch (auser[1]) { - case '\0': - userok = -1; - break; - case '@': - userok = -innetgr(&auser[2], NULL, ruser, - domain); - break; - default: - userok = strcmp(ruser, &auser[1]) ? 0 : -1; - break; - } - else - userok = strcmp(ruser, auser) ? 0 : 1; - - /* Check if one component did not match */ - if (hostok == 0 || userok == 0) - continue; - - /* Check if we got a forbidden pair */ - if (userok <= -1 || hostok <= -1) - return (-1); - - /* Check if we got a valid pair */ - if (hostok >= 1 && userok >= 1) - return (0); - } -bail: - return (-1); -} - -/* - * Returns "true" if match, 0 if no match. If we do not find any - * semblance of an A->PTR->A loop, allow a simple #.#.#.# match to work. - * - * NI_WITHSCOPEID is useful for comparing sin6_scope_id portion - * if af == AF_INET6. - */ -static int -__icheckhost(raddr, salen, lhost) - struct sockaddr *raddr; - socklen_t salen; - const char *lhost; -{ - struct addrinfo hints, *res, *r; - char h1[NI_MAXHOST], h2[NI_MAXHOST]; - int error; -#ifdef NI_WITHSCOPEID - const int niflags = NI_NUMERICHOST | NI_WITHSCOPEID; -#else - const int niflags = NI_NUMERICHOST; -#endif - - h1[0] = '\0'; - if (getnameinfo(raddr, salen, h1, sizeof(h1), NULL, 0, - niflags) != 0) - return (0); - - /* Resolve laddr into sockaddr */ - memset(&hints, 0, sizeof(hints)); - hints.ai_family = raddr->sa_family; - hints.ai_socktype = SOCK_DGRAM; /*dummy*/ - res = NULL; - error = getaddrinfo(lhost, "0", &hints, &res); - if (error) - return (0); - - /* - * Try string comparisons between raddr and laddr. - */ - for (r = res; r; r = r->ai_next) { - h2[0] = '\0'; - if (getnameinfo(r->ai_addr, r->ai_addrlen, h2, sizeof(h2), - NULL, 0, niflags) != 0) - continue; - if (strcmp(h1, h2) == 0) { - freeaddrinfo(res); - return (1); - } - } - - /* No match. */ - freeaddrinfo(res); - return (0); -} - -/* - * Return the hostname associated with the supplied address. - * Do a reverse lookup as well for security. If a loop cannot - * be found, pack the result of inet_ntoa() into the string. - * - * NI_WITHSCOPEID is useful for comparing sin6_scope_id portion - * if af == AF_INET6. - */ -static char * -__gethostloop(raddr, salen) - struct sockaddr *raddr; - socklen_t salen; -{ - static char remotehost[NI_MAXHOST]; - char h1[NI_MAXHOST], h2[NI_MAXHOST]; - struct addrinfo hints, *res, *r; - int error; -#ifdef NI_WITHSCOPEID - const int niflags = NI_NUMERICHOST | NI_WITHSCOPEID; -#else - const int niflags = NI_NUMERICHOST; -#endif - - h1[0] = remotehost[0] = '\0'; - if (getnameinfo(raddr, salen, remotehost, sizeof(remotehost), - NULL, 0, NI_NAMEREQD) != 0) - return (NULL); - if (getnameinfo(raddr, salen, h1, sizeof(h1), NULL, 0, - niflags) != 0) - return (NULL); - - /* - * Look up the name and check that the supplied - * address is in the list - */ - memset(&hints, 0, sizeof(hints)); - hints.ai_family = raddr->sa_family; - hints.ai_socktype = SOCK_DGRAM; /*dummy*/ - hints.ai_flags = AI_CANONNAME; - res = NULL; - error = getaddrinfo(remotehost, "0", &hints, &res); - if (error) - return (NULL); - - for (r = res; r; r = r->ai_next) { - h2[0] = '\0'; - if (getnameinfo(r->ai_addr, r->ai_addrlen, h2, sizeof(h2), - NULL, 0, niflags) != 0) - continue; - if (strcmp(h1, h2) == 0) { - freeaddrinfo(res); - return (remotehost); - } - } - - /* - * either the DNS adminstrator has made a configuration - * mistake, or someone has attempted to spoof us - */ - syslog(LOG_NOTICE, "rcmd: address %s not listed for host %s", - h1, res->ai_canonname ? res->ai_canonname : remotehost); - freeaddrinfo(res); - return (NULL); -} diff --git a/src/lib/libc/net/rcmdsh.3 b/src/lib/libc/net/rcmdsh.3 index e0c59efb852..9092d19f81a 100644 --- a/src/lib/libc/net/rcmdsh.3 +++ b/src/lib/libc/net/rcmdsh.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: rcmdsh.3,v 1.8 2000/12/24 00:30:56 aaron Exp $ +.\" $OpenBSD: rcmdsh.3,v 1.18 2016/05/28 15:48:30 millert Exp $ .\" .\" Copyright (c) 1983, 1991, 1993 .\" The Regents of the University of California. All rights reserved. @@ -11,11 +11,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -31,14 +27,14 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd September 1, 1996 +.Dd $Mdocdate: May 28 2016 $ .Dt RCMDSH 3 .Os .Sh NAME .Nm rcmdsh .Nd return a stream to a remote command without superuser .Sh SYNOPSIS -.Fd #include +.In unistd.h .Ft int .Fn rcmdsh "char **ahost" "int inport" "const char *locuser" "const char *remuser" "const char *cmd" "char *rshprog" .Sh DESCRIPTION @@ -46,21 +42,24 @@ The .Fn rcmdsh function is used by normal users to execute a command on a remote machine using an authentication scheme based on reserved port numbers using -.Xr rshd 8 +.Xr ssh 1 or the value of .Fa rshprog (if non-null). +.Fa rshprog +may be a fully-qualified path, a non-qualified command, or a command containing +space-separated command line arguments. .Pp The .Fn rcmdsh function looks up the host .Fa *ahost using -.Xr gethostbyname 3 , -returning \-1 if the host does not exist. -Otherwise +.Xr getaddrinfo 3 +and, if the host exists, .Fa *ahost -is set to the standard name of the host and a connection is established to +is set to the canonical name of the host. +A connection is then established to a server residing at the well-known Internet port .Li shell/tcp (or whatever port is used by @@ -71,8 +70,8 @@ is ignored; it is only included to provide an interface similar to .Xr rcmd 3 . .Pp If the connection succeeds, a socket in the -.Tn UNIX -domain of type +.Ux Ns -domain +of type .Dv SOCK_STREAM is returned to the caller, and given to the remote command as stdin and stdout, and stderr. @@ -82,16 +81,15 @@ The function returns a valid socket descriptor on success. It returns \-1 on error and prints a diagnostic message on the standard error. .Sh SEE ALSO -.Xr rsh 1 , +.Xr ssh 1 , .Xr socketpair 2 , -.Xr rcmd 3 , -.Xr rshd 8 -.Sh BUGS -If -.Xr rsh 1 -encounters an error, a file descriptor is still returned instead of \-1. +.Xr rcmd 3 .Sh HISTORY The .Fn rcmdsh function first appeared in .Ox 2.0 . +.Sh BUGS +If +.Xr ssh 1 +encounters an error, a file descriptor is still returned instead of \-1. diff --git a/src/lib/libc/net/rcmdsh.c b/src/lib/libc/net/rcmdsh.c index a1c7e7d6b81..b9cbd6d5d14 100644 --- a/src/lib/libc/net/rcmdsh.c +++ b/src/lib/libc/net/rcmdsh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rcmdsh.c,v 1.7 2002/03/12 00:05:44 millert Exp $ */ +/* $OpenBSD: rcmdsh.c,v 1.19 2016/05/28 15:46:00 millert Exp $ */ /* * Copyright (c) 2001, MagniComp @@ -33,58 +33,59 @@ * Chris Siebenmann . */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: rcmdsh.c,v 1.7 2002/03/12 00:05:44 millert Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include #include #include #include #include +#include #include #include +#include #include #include #include #include /* - * This is a replacement rcmd() function that uses the rsh(1) + * This is a replacement rcmd() function that uses the ssh(1) * program in place of a direct rcmd(3) function call so as to * avoid having to be root. Note that rport is ignored. */ -/* ARGSUSED */ int -rcmdsh(ahost, rport, locuser, remuser, cmd, rshprog) - char **ahost; - int rport; - const char *locuser, *remuser, *cmd; - char *rshprog; +rcmdsh(char **ahost, int rport, const char *locuser, const char *remuser, + const char *cmd, char *rshprog) { - struct hostent *hp; + static char hbuf[HOST_NAME_MAX+1]; + struct addrinfo hint, *res; int sp[2]; pid_t cpid; - char *p; - struct passwd *pw; + char *p, pwbuf[_PW_BUF_LEN]; + struct passwd pwstore, *pw = NULL; /* What rsh/shell to use. */ if (rshprog == NULL) rshprog = _PATH_RSH; /* locuser must exist on this host. */ - if ((pw = getpwnam(locuser)) == NULL) { + getpwnam_r(locuser, &pwstore, pwbuf, sizeof(pwbuf), &pw); + if (pw == NULL) { (void) fprintf(stderr, "rcmdsh: unknown user: %s\n", locuser); return(-1); } /* Validate remote hostname. */ if (strcmp(*ahost, "localhost") != 0) { - if ((hp = gethostbyname(*ahost)) == NULL) { - herror(*ahost); - return(-1); + memset(&hint, 0, sizeof(hint)); + hint.ai_family = PF_UNSPEC; + hint.ai_flags = AI_CANONNAME; + if (getaddrinfo(*ahost, NULL, &hint, &res) == 0) { + if (res->ai_canonname) { + strlcpy(hbuf, res->ai_canonname, sizeof(hbuf)); + *ahost = hbuf; + } + freeaddrinfo(res); } - *ahost = hp->h_name; } /* Get a socketpair we'll use for stdin and stdout. */ @@ -127,27 +128,67 @@ rcmdsh(ahost, rport, locuser, remuser, cmd, rshprog) * are the same, avoid running remote shell for efficiency. */ if (!strcmp(*ahost, "localhost") && !strcmp(locuser, remuser)) { + char *argv[4]; if (pw->pw_shell[0] == '\0') rshprog = _PATH_BSHELL; else rshprog = pw->pw_shell; p = strrchr(rshprog, '/'); - execlp(rshprog, p ? p+1 : rshprog, "-c", cmd, - (char *) NULL); - } else { + argv[0] = p ? p + 1 : rshprog; + argv[1] = "-c"; + argv[2] = (char *)cmd; + argv[3] = NULL; + execvp(rshprog, argv); + } else if ((p = strchr(rshprog, ' ')) == NULL) { + /* simple case */ + char *argv[6]; p = strrchr(rshprog, '/'); - execlp(rshprog, p ? p+1 : rshprog, *ahost, "-l", - remuser, cmd, (char *) NULL); + argv[0] = p ? p + 1 : rshprog; + argv[1] = "-l"; + argv[2] = (char *)remuser; + argv[3] = *ahost; + argv[4] = (char *)cmd; + argv[5] = NULL; + execvp(rshprog, argv); + } else { + /* must pull args out of rshprog and dyn alloc argv */ + char **argv, **ap; + int n; + for (n = 7; (p = strchr(++p, ' ')) != NULL; n++) + continue; + rshprog = strdup(rshprog); + ap = argv = calloc(sizeof(char *), n); + if (rshprog == NULL || argv == NULL) { + perror("rcmdsh"); + _exit(255); + } + while ((p = strsep(&rshprog, " ")) != NULL) { + if (*p == '\0') + continue; + *ap++ = p; + } + if (ap != argv) /* all spaces?!? */ + rshprog = argv[0]; + if ((p = strrchr(argv[0], '/')) != NULL) + argv[0] = p + 1; + *ap++ = "-l"; + *ap++ = (char *)remuser; + *ap++ = *ahost; + *ap++ = (char *)cmd; + *ap++ = NULL; + execvp(rshprog, argv); } - (void) fprintf(stderr, "rcmdsh: execlp %s failed: %s\n", + (void) fprintf(stderr, "rcmdsh: execvp %s failed: %s\n", rshprog, strerror(errno)); _exit(255); } else { /* Parent. close sp[1], return sp[0]. */ (void) close(sp[1]); /* Reap child. */ - (void) wait(NULL); + while (waitpid(cpid, NULL, 0) == -1 && errno == EINTR) + ; return(sp[0]); } /* NOTREACHED */ } +DEF_WEAK(rcmdsh); diff --git a/src/lib/libc/net/recv.c b/src/lib/libc/net/recv.c index d209a072132..365d0e2e193 100644 --- a/src/lib/libc/net/recv.c +++ b/src/lib/libc/net/recv.c @@ -1,3 +1,4 @@ +/* $OpenBSD: recv.c,v 1.6 2015/10/04 07:17:27 guenther Exp $ */ /* * Copyright (c) 1988, 1993 * The Regents of the University of California. All rights reserved. @@ -10,11 +11,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -31,20 +28,14 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$OpenBSD: recv.c,v 1.2 1996/08/19 08:29:40 tholo Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include #include #include ssize_t -recv(s, buf, len, flags) - int s, flags; - size_t len; - void *buf; +recv(int s, void *buf, size_t len, int flags) { return (recvfrom(s, buf, len, flags, NULL, 0)); } +DEF_WEAK(recv); diff --git a/src/lib/libc/net/res_comp.c b/src/lib/libc/net/res_comp.c index 25e196b2cfb..e637f4a9581 100644 --- a/src/lib/libc/net/res_comp.c +++ b/src/lib/libc/net/res_comp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: res_comp.c,v 1.10 2002/02/19 19:39:36 millert Exp $ */ +/* $OpenBSD: res_comp.c,v 1.20 2016/05/01 15:17:29 millert Exp $ */ /* * ++Copyright++ 1985, 1993 @@ -14,11 +14,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -55,17 +51,7 @@ * --Copyright-- */ -#if defined(LIBC_SCCS) && !defined(lint) -#if 0 -static char sccsid[] = "@(#)res_comp.c 8.1 (Berkeley) 6/4/93"; -static char rcsid[] = "$From: res_comp.c,v 8.11 1996/12/02 09:17:22 vixie Exp $"; -#else -static char rcsid[] = "$OpenBSD: res_comp.c,v 1.10 2002/02/19 19:39:36 millert Exp $"; -#endif -#endif /* LIBC_SCCS and not lint */ - #include -#include #include #include @@ -74,33 +60,32 @@ static char rcsid[] = "$OpenBSD: res_comp.c,v 1.10 2002/02/19 19:39:36 millert E #include #include +#include #include static int dn_find(u_char *, u_char *, u_char **, u_char **); /* * Expand compressed domain name 'comp_dn' to full domain name. - * 'msg' is a pointer to the begining of the message, + * 'msg' is a pointer to the beginning of the message, * 'eomorig' points to the first location after the message, * 'exp_dn' is a pointer to a buffer of size 'length' for the result. * Return size of compressed name or -1 if there was an error. */ int -dn_expand(msg, eomorig, comp_dn, exp_dn, length) - const u_char *msg, *eomorig, *comp_dn; - char *exp_dn; - int length; +dn_expand(const u_char *msg, const u_char *eomorig, const u_char *comp_dn, + char *exp_dn, int length) { - register const u_char *cp; - register char *dn; - register int n, c; + const u_char *cp; + char *dn; + int n, c; char *eom; int len = -1, checked = 0; dn = exp_dn; cp = comp_dn; - if (length > MAXHOSTNAMELEN-1) - length = MAXHOSTNAMELEN-1; + if (length > HOST_NAME_MAX) + length = HOST_NAME_MAX; eom = exp_dn + length; /* * fetch next label in domain name @@ -156,6 +141,7 @@ dn_expand(msg, eomorig, comp_dn, exp_dn, length) len = cp - comp_dn; return (len); } +DEF_WEAK(dn_expand); /* * Compress domain name 'exp_dn' into 'comp_dn'. @@ -170,13 +156,11 @@ dn_expand(msg, eomorig, comp_dn, exp_dn, length) * is NULL, we don't update the list. */ int -dn_comp(exp_dn, comp_dn, length, dnptrs, lastdnptr) - const char *exp_dn; - u_char *comp_dn, **dnptrs, **lastdnptr; - int length; +dn_comp(const char *exp_dn, u_char *comp_dn, int length, u_char **dnptrs, + u_char **lastdnptr) { - register u_char *cp, *dn; - register int c, l; + u_char *cp, *dn; + int c, l; u_char **cpp, **lpp, *sp, *eob; u_char *msg; @@ -250,11 +234,10 @@ dn_comp(exp_dn, comp_dn, length, dnptrs, lastdnptr) * Skip over a compressed domain name. Return the size or -1. */ int -__dn_skipname(comp_dn, eom) - const u_char *comp_dn, *eom; +__dn_skipname(const u_char *comp_dn, const u_char *eom) { - register const u_char *cp; - register int n; + const u_char *cp; + int n; cp = comp_dn; while (cp < eom && (n = *cp++)) { @@ -279,8 +262,7 @@ __dn_skipname(comp_dn, eom) } static int -mklower(ch) - register int ch; +mklower(int ch) { if (isascii(ch) && isupper(ch)) return (tolower(ch)); @@ -294,12 +276,10 @@ mklower(ch) * not the pointer to the start of the message. */ static int -dn_find(exp_dn, msg, dnptrs, lastdnptr) - u_char *exp_dn, *msg; - u_char **dnptrs, **lastdnptr; +dn_find(u_char *exp_dn, u_char *msg, u_char **dnptrs, u_char **lastdnptr) { - register u_char *dn, *cp, **cpp; - register int n; + u_char *dn, *cp, **cpp; + int n; u_char *sp; for (cpp = dnptrs; cpp < lastdnptr; cpp++) { @@ -353,6 +333,7 @@ dn_find(exp_dn, msg, dnptrs, lastdnptr) #define PERIOD 0x2e #define hyphenchar(c) ((c) == 0x2d) #define bslashchar(c) ((c) == 0x5c) +#define underscorechar(c) ((c) == 0x5f) #define periodchar(c) ((c) == PERIOD) #define asterchar(c) ((c) == 0x2a) #define alphachar(c) (((c) >= 0x41 && (c) <= 0x5a) \ @@ -360,12 +341,11 @@ dn_find(exp_dn, msg, dnptrs, lastdnptr) #define digitchar(c) ((c) >= 0x30 && (c) <= 0x39) #define borderchar(c) (alphachar(c) || digitchar(c)) -#define middlechar(c) (borderchar(c) || hyphenchar(c)) +#define middlechar(c) (borderchar(c) || hyphenchar(c) || underscorechar(c)) #define domainchar(c) ((c) > 0x20 && (c) < 0x7f) int -res_hnok(dn) - const char *dn; +__res_hnok(const char *dn) { int pch = PERIOD, ch = *dn++; @@ -388,14 +368,14 @@ res_hnok(dn) } return (1); } +DEF_STRONG(__res_hnok); /* * hostname-like (A, MX, WKS) owners can have "*" as their first label * but must otherwise be as a host name. */ int -res_ownok(dn) - const char *dn; +res_ownok(const char *dn) { if (asterchar(dn[0])) { if (periodchar(dn[1])) @@ -411,8 +391,7 @@ res_ownok(dn) * label, but the rest of the name has to look like a host name. */ int -res_mailok(dn) - const char *dn; +res_mailok(const char *dn) { int ch, escaped = 0; @@ -441,8 +420,7 @@ res_mailok(dn) * recommendations. */ int -res_dnok(dn) - const char *dn; +res_dnok(const char *dn) { int ch; @@ -457,47 +435,33 @@ res_dnok(dn) */ u_int16_t -_getshort(msgp) - register const u_char *msgp; +_getshort(const u_char *msgp) { - register u_int16_t u; + u_int16_t u; GETSHORT(u, msgp); return (u); } - -#ifdef NeXT -/* - * nExt machines have some funky library conventions, which we must maintain. - */ -u_int16_t -res_getshort(msgp) - register const u_char *msgp; -{ - return (_getshort(msgp)); -} -#endif +DEF_STRONG(_getshort); u_int32_t -_getlong(msgp) - register const u_char *msgp; +_getlong(const u_char *msgp) { - register u_int32_t u; + u_int32_t u; GETLONG(u, msgp); return (u); } +DEF_STRONG(_getlong); void -__putshort(register u_int16_t s, register u_char *msgp) +__putshort(u_int16_t s, u_char *msgp) { PUTSHORT(s, msgp); } void -__putlong(l, msgp) - register u_int32_t l; - register u_char *msgp; +__putlong(u_int32_t l, u_char *msgp) { PUTLONG(l, msgp); } diff --git a/src/lib/libc/net/res_data.c b/src/lib/libc/net/res_data.c index b0d19c36bb7..6e81b584a9f 100644 --- a/src/lib/libc/net/res_data.c +++ b/src/lib/libc/net/res_data.c @@ -1,4 +1,4 @@ -/* $OpenBSD: res_data.c,v 1.1 1997/03/13 19:07:36 downsj Exp $ */ +/* $OpenBSD: res_data.c,v 1.4 2015/01/16 16:48:51 deraadt Exp $ */ /* * ++Copyright++ 1995 @@ -14,11 +14,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -55,16 +51,7 @@ * --Copyright-- */ -#if defined(LIBC_SCCS) && !defined(lint) -#if 0 -static char rcsid[] = "$From: res_data.c,v 8.2 1996/08/05 08:31:35 vixie Exp $"; -#else -static char rcsid[] = "$OpenBSD: res_data.c,v 1.1 1997/03/13 19:07:36 downsj Exp $"; -#endif -#endif /* LIBC_SCCS and not lint */ - #include -#include #include #include #include diff --git a/src/lib/libc/net/res_debug.c b/src/lib/libc/net/res_debug.c deleted file mode 100644 index 2ea9173fe90..00000000000 --- a/src/lib/libc/net/res_debug.c +++ /dev/null @@ -1,1560 +0,0 @@ -/* $OpenBSD: res_debug.c,v 1.14 2002/07/25 21:55:30 deraadt Exp $ */ - -/* - * ++Copyright++ 1985, 1990, 1993 - * - - * Copyright (c) 1985, 1990, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - - * Portions Copyright (c) 1993 by Digital Equipment Corporation. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies, and that - * the name of Digital Equipment Corporation not be used in advertising or - * publicity pertaining to distribution of the document or software without - * specific, written prior permission. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL - * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT - * CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - * - - * Portions Copyright (c) 1995 by International Business Machines, Inc. - * - * International Business Machines, Inc. (hereinafter called IBM) grants - * permission under its copyrights to use, copy, modify, and distribute this - * Software with or without fee, provided that the above copyright notice and - * all paragraphs of this notice appear in all copies, and that the name of IBM - * not be used in connection with the marketing of any product incorporating - * the Software or modifications thereof, without specific, written prior - * permission. - * - * To the extent it has a right to do so, IBM grants an immunity from suit - * under its patents, if any, for the use, sale or manufacture of products to - * the extent that such products are used for performing Domain Name System - * dynamic updates in TCP/IP networks by means of the Software. No immunity is - * granted for any product per se or for any other function of any product. - * - * THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES, - * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A - * PARTICULAR PURPOSE. IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL, - * DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN - * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES. - * --Copyright-- - */ - -#if defined(LIBC_SCCS) && !defined(lint) -#if 0 -static char sccsid[] = "@(#)res_debug.c 8.1 (Berkeley) 6/4/93"; -static char rcsid[] = "$From: res_debug.c,v 8.19 1996/11/26 10:11:23 vixie Exp $"; -#else -static char rcsid[] = "$OpenBSD: res_debug.c,v 1.14 2002/07/25 21:55:30 deraadt Exp $"; -#endif -#endif /* LIBC_SCCS and not lint */ - -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include - -#include -#include - -extern const char *_res_opcodes[]; -extern const char *_res_resultcodes[]; - -static const char *loc_ntoal(const u_char *binary, char *ascii, int ascii_len); - -/* XXX: we should use getservbyport() instead. */ -static const char * -dewks(wks) - int wks; -{ - static char nbuf[20]; - - switch (wks) { - case 5: return "rje"; - case 7: return "echo"; - case 9: return "discard"; - case 11: return "systat"; - case 13: return "daytime"; - case 15: return "netstat"; - case 17: return "qotd"; - case 19: return "chargen"; - case 20: return "ftp-data"; - case 21: return "ftp"; - case 23: return "telnet"; - case 25: return "smtp"; - case 37: return "time"; - case 39: return "rlp"; - case 42: return "name"; - case 43: return "whois"; - case 53: return "domain"; - case 57: return "apts"; - case 59: return "apfs"; - case 67: return "bootps"; - case 68: return "bootpc"; - case 69: return "tftp"; - case 77: return "rje"; - case 79: return "finger"; - case 87: return "link"; - case 95: return "supdup"; - case 100: return "newacct"; - case 101: return "hostnames"; - case 102: return "iso-tsap"; - case 103: return "x400"; - case 104: return "x400-snd"; - case 105: return "csnet-ns"; - case 109: return "pop-2"; - case 111: return "sunrpc"; - case 113: return "auth"; - case 115: return "sftp"; - case 117: return "uucp-path"; - case 119: return "nntp"; - case 121: return "erpc"; - case 123: return "ntp"; - case 133: return "statsrv"; - case 136: return "profile"; - case 144: return "NeWS"; - case 161: return "snmp"; - case 162: return "snmp-trap"; - case 170: return "print-srv"; - default: - (void) snprintf(nbuf, sizeof nbuf, "%d", wks); - return (nbuf); - } -} - -/* XXX: we should use getprotobynumber() instead. */ -static const char * -deproto(protonum) - int protonum; -{ - static char nbuf[20]; - - switch (protonum) { - case 1: return "icmp"; - case 2: return "igmp"; - case 3: return "ggp"; - case 5: return "st"; - case 6: return "tcp"; - case 7: return "ucl"; - case 8: return "egp"; - case 9: return "igp"; - case 11: return "nvp-II"; - case 12: return "pup"; - case 16: return "chaos"; - case 17: return "udp"; - default: - (void) snprintf(nbuf, sizeof nbuf, "%d", protonum); - return (nbuf); - } -} - -static const u_char * -do_rrset(msg, len, cp, cnt, pflag, file, hs) - int cnt, pflag, len; - const u_char *cp, *msg; - const char *hs; - FILE *file; -{ - int n; - int sflag; - - /* - * Print answer records. - */ - sflag = (_res.pfcode & pflag); - if ((n = ntohs(cnt))) { - if ((!_res.pfcode) || - ((sflag) && (_res.pfcode & RES_PRF_HEAD1))) - fprintf(file, "%s", hs); - while (--n >= 0) { - if ((!_res.pfcode) || sflag) { - cp = p_rr(cp, msg, file); - } else { - unsigned int dlen; - cp += __dn_skipname(cp, cp + MAXCDNAME); - cp += INT16SZ; - cp += INT16SZ; - cp += INT32SZ; - dlen = _getshort((u_char*)cp); - cp += INT16SZ; - cp += dlen; - } - if ((cp - msg) > len) - return (NULL); - } - if ((!_res.pfcode) || - ((sflag) && (_res.pfcode & RES_PRF_HEAD1))) - putc('\n', file); - } - return (cp); -} - -void -__p_query(msg) - const u_char *msg; -{ - __fp_query(msg, stdout); -} - -/* - * Print the current options. - * This is intended to be primarily a debugging routine. - */ -void -__fp_resstat(statp, file) - struct __res_state *statp; - FILE *file; -{ - register u_long mask; - - fprintf(file, ";; res options:"); - if (!statp) - statp = &_res; - for (mask = 1; mask != 0; mask <<= 1) - if (statp->options & mask) - fprintf(file, " %s", p_option(mask)); - putc('\n', file); -} - -/* - * Print the contents of a query. - * This is intended to be primarily a debugging routine. - */ -void -__fp_nquery(msg, len, file) - const u_char *msg; - int len; - FILE *file; -{ - register const u_char *cp, *endMark; - register const HEADER *hp; - register int n; - - if ((_res.options & RES_INIT) == 0 && res_init() == -1) - return; - -#define TruncTest(x) if (x > endMark) goto trunc -#define ErrorTest(x) if (x == NULL) goto error - - /* - * Print header fields. - */ - hp = (HEADER *)msg; - cp = msg + HFIXEDSZ; - endMark = msg + len; - if ((!_res.pfcode) || (_res.pfcode & RES_PRF_HEADX) || hp->rcode) { - fprintf(file, ";; ->>HEADER<<- opcode: %s, status: %s, id: %u", - _res_opcodes[hp->opcode], - _res_resultcodes[hp->rcode], - ntohs(hp->id)); - putc('\n', file); - } - if ((!_res.pfcode) || (_res.pfcode & RES_PRF_HEADX)) - putc(';', file); - if ((!_res.pfcode) || (_res.pfcode & RES_PRF_HEAD2)) { - fprintf(file, "; flags:"); - if (hp->qr) - fprintf(file, " qr"); - if (hp->aa) - fprintf(file, " aa"); - if (hp->tc) - fprintf(file, " tc"); - if (hp->rd) - fprintf(file, " rd"); - if (hp->ra) - fprintf(file, " ra"); - if (hp->unused) - fprintf(file, " UNUSED-BIT-ON"); - if (hp->ad) - fprintf(file, " ad"); - if (hp->cd) - fprintf(file, " cd"); - } - if ((!_res.pfcode) || (_res.pfcode & RES_PRF_HEAD1)) { - fprintf(file, "; Ques: %u", ntohs(hp->qdcount)); - fprintf(file, ", Ans: %u", ntohs(hp->ancount)); - fprintf(file, ", Auth: %u", ntohs(hp->nscount)); - fprintf(file, ", Addit: %u", ntohs(hp->arcount)); - } - if ((!_res.pfcode) || (_res.pfcode & - (RES_PRF_HEADX | RES_PRF_HEAD2 | RES_PRF_HEAD1))) { - putc('\n',file); - } - /* - * Print question records. - */ - if ((n = ntohs(hp->qdcount))) { - if ((!_res.pfcode) || (_res.pfcode & RES_PRF_QUES)) - fprintf(file, ";; QUESTIONS:\n"); - while (--n >= 0) { - if ((!_res.pfcode) || (_res.pfcode & RES_PRF_QUES)) - fprintf(file, ";;\t"); - TruncTest(cp); - if ((!_res.pfcode) || (_res.pfcode & RES_PRF_QUES)) - cp = p_cdnname(cp, msg, len, file); - else { - int n; - char name[MAXDNAME]; - - if ((n = dn_expand(msg, msg+len, cp, name, - sizeof name)) < 0) - cp = NULL; - else - cp += n; - } - ErrorTest(cp); - TruncTest(cp); - if ((!_res.pfcode) || (_res.pfcode & RES_PRF_QUES)) - fprintf(file, ", type = %s", - __p_type(_getshort((u_char*)cp))); - cp += INT16SZ; - TruncTest(cp); - if ((!_res.pfcode) || (_res.pfcode & RES_PRF_QUES)) - fprintf(file, ", class = %s\n", - __p_class(_getshort((u_char*)cp))); - cp += INT16SZ; - if ((!_res.pfcode) || (_res.pfcode & RES_PRF_QUES)) - putc('\n', file); - } - } - /* - * Print authoritative answer records - */ - TruncTest(cp); - cp = do_rrset(msg, len, cp, hp->ancount, RES_PRF_ANS, file, - ";; ANSWERS:\n"); - ErrorTest(cp); - - /* - * print name server records - */ - TruncTest(cp); - cp = do_rrset(msg, len, cp, hp->nscount, RES_PRF_AUTH, file, - ";; AUTHORITY RECORDS:\n"); - ErrorTest(cp); - - TruncTest(cp); - /* - * print additional records - */ - cp = do_rrset(msg, len, cp, hp->arcount, RES_PRF_ADD, file, - ";; ADDITIONAL RECORDS:\n"); - ErrorTest(cp); - return; - trunc: - fprintf(file, "\n;; ...truncated\n"); - return; - error: - fprintf(file, "\n;; ...malformed\n"); -} - -void -__fp_query(msg, file) - const u_char *msg; - FILE *file; -{ - fp_nquery(msg, PACKETSZ, file); -} - -const u_char * -__p_cdnname(cp, msg, len, file) - const u_char *cp, *msg; - int len; - FILE *file; -{ - char name[MAXDNAME]; - int n; - - if ((n = dn_expand(msg, msg + len, cp, name, sizeof name)) < 0) - return (NULL); - if (name[0] == '\0') - putc('.', file); - else - fputs(name, file); - return (cp + n); -} - -const u_char * -__p_cdname(cp, msg, file) - const u_char *cp, *msg; - FILE *file; -{ - return (p_cdnname(cp, msg, PACKETSZ, file)); -} - - -/* Return a fully-qualified domain name from a compressed name (with - length supplied). */ - -const u_char * -__p_fqnname(cp, msg, msglen, name, namelen) - const u_char *cp, *msg; - int msglen; - char *name; - int namelen; -{ - int n, newlen; - - if ((n = dn_expand(msg, cp + msglen, cp, name, namelen)) < 0) - return (NULL); - newlen = strlen(name); - if (newlen == 0 || name[newlen - 1] != '.') { - if (newlen+1 >= namelen) /* Lack space for final dot */ - return (NULL); - else - strcpy(name + newlen, "."); - } - return (cp + n); -} - -/* XXX: the rest of these functions need to become length-limited, too. (vix) - */ - -const u_char * -__p_fqname(cp, msg, file) - const u_char *cp, *msg; - FILE *file; -{ - char name[MAXDNAME]; - const u_char *n; - - n = __p_fqnname(cp, msg, MAXCDNAME, name, sizeof name); - if (n == NULL) - return (NULL); - fputs(name, file); - return (n); -} - -/* - * Print resource record fields in human readable form. - */ -const u_char * -__p_rr(cp, msg, file) - const u_char *cp, *msg; - FILE *file; -{ - int type, class, dlen, n, c; - struct in_addr inaddr; - const u_char *cp1, *cp2; - u_int32_t tmpttl, t; - int lcnt; - u_int16_t keyflags; - char rrname[MAXDNAME]; /* The fqdn of this RR */ - char base64_key[MAX_KEY_BASE64]; - - if ((_res.options & RES_INIT) == 0 && res_init() == -1) { - h_errno = NETDB_INTERNAL; - return (NULL); - } - cp = __p_fqnname(cp, msg, MAXCDNAME, rrname, sizeof rrname); - if (!cp) - return (NULL); /* compression error */ - fputs(rrname, file); - - type = _getshort((u_char*)cp); - cp += INT16SZ; - class = _getshort((u_char*)cp); - cp += INT16SZ; - tmpttl = _getlong((u_char*)cp); - cp += INT32SZ; - dlen = _getshort((u_char*)cp); - cp += INT16SZ; - cp1 = cp; - if ((!_res.pfcode) || (_res.pfcode & RES_PRF_TTLID)) - fprintf(file, "\t%lu", (u_long)tmpttl); - if ((!_res.pfcode) || (_res.pfcode & RES_PRF_CLASS)) - fprintf(file, "\t%s", __p_class(class)); - fprintf(file, "\t%s", __p_type(type)); - /* - * Print type specific data, if appropriate - */ - switch (type) { - case T_A: - switch (class) { - case C_IN: - case C_HS: - bcopy(cp, (char *)&inaddr, INADDRSZ); - if (dlen == 4) { - fprintf(file, "\t%s", inet_ntoa(inaddr)); - cp += dlen; - } else if (dlen == 7) { - char *address; - u_char protocol; - in_port_t port; - - address = inet_ntoa(inaddr); - cp += INADDRSZ; - protocol = *(u_char*)cp; - cp += sizeof (u_char); - port = _getshort((u_char*)cp); - cp += INT16SZ; - fprintf(file, "\t%s\t; proto %u, port %u", - address, protocol, port); - } - break; - default: - cp += dlen; - } - break; - case T_CNAME: - case T_MB: - case T_MG: - case T_MR: - case T_NS: - case T_PTR: - putc('\t', file); - if ((cp = p_fqname(cp, msg, file)) == NULL) - return (NULL); - break; - - case T_HINFO: - case T_ISDN: - cp2 = cp + dlen; - (void) fputs("\t\"", file); - if ((n = (unsigned char) *cp++) != 0) { - for (c = n; c > 0 && cp < cp2; c--) { - if (strchr("\n\"\\", *cp)) - (void) putc('\\', file); - (void) putc(*cp++, file); - } - } - putc('"', file); - if (cp < cp2 && (n = (unsigned char) *cp++) != 0) { - (void) fputs ("\t\"", file); - for (c = n; c > 0 && cp < cp2; c--) { - if (strchr("\n\"\\", *cp)) - (void) putc('\\', file); - (void) putc(*cp++, file); - } - putc('"', file); - } else if (type == T_HINFO) { - (void) fputs("\"?\"", file); - fprintf(file, "\n;; *** Warning *** OS-type missing"); - } - break; - - case T_SOA: - putc('\t', file); - if ((cp = p_fqname(cp, msg, file)) == NULL) - return (NULL); - putc(' ', file); - if ((cp = p_fqname(cp, msg, file)) == NULL) - return (NULL); - fputs(" (\n", file); - t = _getlong((u_char*)cp); cp += INT32SZ; - fprintf(file, "\t\t\t%lu\t; serial\n", (u_long)t); - t = _getlong((u_char*)cp); cp += INT32SZ; - fprintf(file, "\t\t\t%lu\t; refresh (%s)\n", - (u_long)t, __p_time(t)); - t = _getlong((u_char*)cp); cp += INT32SZ; - fprintf(file, "\t\t\t%lu\t; retry (%s)\n", - (u_long)t, __p_time(t)); - t = _getlong((u_char*)cp); cp += INT32SZ; - fprintf(file, "\t\t\t%lu\t; expire (%s)\n", - (u_long)t, __p_time(t)); - t = _getlong((u_char*)cp); cp += INT32SZ; - fprintf(file, "\t\t\t%lu )\t; minimum (%s)", - (u_long)t, __p_time(t)); - break; - - case T_MX: - case T_AFSDB: - case T_RT: - fprintf(file, "\t%u ", _getshort((u_char*)cp)); - cp += INT16SZ; - if ((cp = p_fqname(cp, msg, file)) == NULL) - return (NULL); - break; - - case T_PX: - fprintf(file, "\t%u ", _getshort((u_char*)cp)); - cp += INT16SZ; - if ((cp = p_fqname(cp, msg, file)) == NULL) - return (NULL); - putc(' ', file); - if ((cp = p_fqname(cp, msg, file)) == NULL) - return (NULL); - break; - - case T_X25: - cp2 = cp + dlen; - (void) fputs("\t\"", file); - if ((n = (unsigned char) *cp++) != 0) { - for (c = n; c > 0 && cp < cp2; c--) { - if (strchr("\n\"\\", *cp)) - (void) putc('\\', file); - (void) putc(*cp++, file); - } - } - putc('"', file); - break; - - case T_TXT: - (void) putc('\t', file); - cp2 = cp1 + dlen; - while (cp < cp2) { - putc('"', file); - if ((n = (unsigned char) *cp++)) { - for (c = n; c > 0 && cp < cp2; c--) { - if (strchr("\n\"\\", *cp)) - (void) putc('\\', file); - (void) putc(*cp++, file); - } - } - putc('"', file); - if (cp < cp2) - putc(' ', file); - } - break; - - case T_NSAP: - (void) fprintf(file, "\t%s", inet_nsap_ntoa(dlen, cp, NULL)); - cp += dlen; - break; - - case T_AAAA: { - char t[sizeof "ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255"]; - - fprintf(file, "\t%s", inet_ntop(AF_INET6, cp, t, sizeof t)); - cp += dlen; - break; - } - - case T_LOC: { - char t[255]; - - fprintf(file, "\t%s", loc_ntoal(cp, t, sizeof t)); - cp += dlen; - break; - } - - case T_NAPTR: { - u_int order, preference; - - order = _getshort(cp); cp += INT16SZ; - preference = _getshort(cp); cp += INT16SZ; - fprintf(file, "\t%u %u ",order, preference); - /* Flags */ - n = *cp++; - fprintf(file,"\"%.*s\" ", (int)n, cp); - cp += n; - /* Service */ - n = *cp++; - fprintf(file,"\"%.*s\" ", (int)n, cp); - cp += n; - /* Regexp */ - n = *cp++; - fprintf(file,"\"%.*s\" ", (int)n, cp); - cp += n; - if ((cp = p_fqname(cp, msg, file)) == NULL) - return (NULL); - break; - } - - case T_SRV: { - u_int priority, weight, port; - - priority = _getshort(cp); cp += INT16SZ; - weight = _getshort(cp); cp += INT16SZ; - port = _getshort(cp); cp += INT16SZ; - fprintf(file, "\t%u %u %u ", priority, weight, port); - if ((cp = p_fqname(cp, msg, file)) == NULL) - return (NULL); - break; - } - - case T_MINFO: - case T_RP: - putc('\t', file); - if ((cp = p_fqname(cp, msg, file)) == NULL) - return (NULL); - putc(' ', file); - if ((cp = p_fqname(cp, msg, file)) == NULL) - return (NULL); - break; - - case T_UINFO: - putc('\t', file); - fputs((char *)cp, file); - cp += dlen; - break; - - case T_UID: - case T_GID: - if (dlen == 4) { - fprintf(file, "\t%u", _getlong((u_char*)cp)); - cp += INT32SZ; - } - break; - - case T_WKS: - if (dlen < INT32SZ + 1) - break; - bcopy(cp, (char *)&inaddr, INADDRSZ); - cp += INT32SZ; - fprintf(file, "\t%s %s ( ", - inet_ntoa(inaddr), - deproto((int) *cp)); - cp += sizeof (u_char); - n = 0; - lcnt = 0; - while (cp < cp1 + dlen) { - c = *cp++; - do { - if (c & 0200) { - if (lcnt == 0) { - fputs("\n\t\t\t", file); - lcnt = 5; - } - fputs(dewks(n), file); - putc(' ', file); - lcnt--; - } - c <<= 1; - } while (++n & 07); - } - putc(')', file); - break; - - case T_KEY: - putc('\t', file); - keyflags = _getshort(cp); - cp += 2; - fprintf(file,"0x%04x", keyflags ); /* flags */ - fprintf(file," %u", *cp++); /* protocol */ - fprintf(file," %u (", *cp++); /* algorithm */ - - n = b64_ntop(cp, (cp1 + dlen) - cp, - base64_key, sizeof base64_key); - for (c = 0; c < n; ++c) { - if (0 == (c & 0x3F)) - fprintf(file, "\n\t"); - putc(base64_key[c], file); /* public key data */ - } - - fprintf(file, " )"); - if (n < 0) - fprintf(file, "\t; BAD BASE64"); - fflush(file); - cp = cp1 + dlen; - break; - - case T_SIG: - type = _getshort((u_char*)cp); - cp += INT16SZ; - fprintf(file, " %s", p_type(type)); - fprintf(file, "\t%u", *cp++); /* algorithm */ - /* Check label value and print error if wrong. */ - n = *cp++; - c = dn_count_labels (rrname); - if (n != c) - fprintf(file, "\t; LABELS WRONG (%d should be %d)\n\t", - n, c); - /* orig ttl */ - n = _getlong((u_char*)cp); - if (n != tmpttl) - fprintf(file, " %u", n); - cp += INT32SZ; - /* sig expire */ - fprintf(file, " (\n\t%s", - __p_secstodate(_getlong((u_char*)cp))); - cp += INT32SZ; - /* time signed */ - fprintf(file, " %s", __p_secstodate(_getlong((u_char*)cp))); - cp += INT32SZ; - /* sig footprint */ - fprintf(file," %u ", _getshort((u_char*)cp)); - cp += INT16SZ; - /* signer's name */ - cp = p_fqname(cp, msg, file); - n = b64_ntop(cp, (cp1 + dlen) - cp, - base64_key, sizeof base64_key); - for (c = 0; c < n; c++) { - if (0 == (c & 0x3F)) - fprintf (file, "\n\t"); - putc(base64_key[c], file); /* signature */ - } - /* Clean up... */ - fprintf(file, " )"); - if (n < 0) - fprintf(file, "\t; BAD BASE64"); - fflush(file); - cp = cp1+dlen; - break; - -#ifdef ALLOW_T_UNSPEC - case T_UNSPEC: - { - int NumBytes = 8; - u_char *DataPtr; - int i; - - if (dlen < NumBytes) NumBytes = dlen; - fprintf(file, "\tFirst %d bytes of hex data:", - NumBytes); - for (i = 0, DataPtr = cp; i < NumBytes; i++, DataPtr++) - fprintf(file, " %x", *DataPtr); - cp += dlen; - } - break; -#endif /* ALLOW_T_UNSPEC */ - - default: - fprintf(file, "\t?%d?", type); - cp += dlen; - } -#if 0 - fprintf(file, "\t; dlen=%d, ttl %s\n", dlen, __p_time(tmpttl)); -#else - putc('\n', file); -#endif - if (cp - cp1 != dlen) { - fprintf(file, ";; packet size error (found %ld, dlen was %d)\n", - (long)(cp - cp1), dlen); - cp = NULL; - } - return (cp); -} - -/* - * Names of RR classes and qclasses. Classes and qclasses are the same, except - * that C_ANY is a qclass but not a class. (You can ask for records of class - * C_ANY, but you can't have any records of that class in the database.) - */ -const struct res_sym __p_class_syms[] = { - {C_IN, "IN"}, - {C_CHAOS, "CHAOS"}, - {C_HS, "HS"}, - {C_HS, "HESIOD"}, - {C_ANY, "ANY"}, - {C_IN, (char *)0} -}; - -/* - * Names of RR types and qtypes. Types and qtypes are the same, except - * that T_ANY is a qtype but not a type. (You can ask for records of type - * T_ANY, but you can't have any records of that type in the database.) - */ -const struct res_sym __p_type_syms[] = { - {T_A, "A", "address"}, - {T_NS, "NS", "name server"}, - {T_MD, "MD", "mail destination (deprecated)"}, - {T_MF, "MF", "mail forwarder (deprecated)"}, - {T_CNAME, "CNAME", "canonical name"}, - {T_SOA, "SOA", "start of authority"}, - {T_MB, "MB", "mailbox"}, - {T_MG, "MG", "mail group member"}, - {T_MR, "MR", "mail rename"}, - {T_NULL, "NULL", "null"}, - {T_WKS, "WKS", "well-known service (deprecated)"}, - {T_PTR, "PTR", "domain name pointer"}, - {T_HINFO, "HINFO", "host information"}, - {T_MINFO, "MINFO", "mailbox information"}, - {T_MX, "MX", "mail exchanger"}, - {T_TXT, "TXT", "text"}, - {T_RP, "RP", "responsible person"}, - {T_AFSDB, "AFSDB", "DCE or AFS server"}, - {T_X25, "X25", "X25 address"}, - {T_ISDN, "ISDN", "ISDN address"}, - {T_RT, "RT", "router"}, - {T_NSAP, "NSAP", "nsap address"}, - {T_NSAP_PTR, "NSAP_PTR", "domain name pointer"}, - {T_SIG, "SIG", "signature"}, - {T_KEY, "KEY", "key"}, - {T_PX, "PX", "mapping information"}, - {T_GPOS, "GPOS", "geographical position (withdrawn)"}, - {T_AAAA, "AAAA", "IPv6 address"}, - {T_LOC, "LOC", "location"}, - {T_NXT, "NXT", "next valid name (unimplemented)"}, - {T_EID, "EID", "endpoint identifier (unimplemented)"}, - {T_NIMLOC, "NIMLOC", "NIMROD locator (unimplemented)"}, - {T_SRV, "SRV", "server selection"}, - {T_ATMA, "ATMA", "ATM address (unimplemented)"}, - {T_IXFR, "IXFR", "incremental zone transfer"}, - {T_AXFR, "AXFR", "zone transfer"}, - {T_MAILB, "MAILB", "mailbox-related data (deprecated)"}, - {T_MAILA, "MAILA", "mail agent (deprecated)"}, - {T_UINFO, "UINFO", "user information (nonstandard)"}, - {T_UID, "UID", "user ID (nonstandard)"}, - {T_GID, "GID", "group ID (nonstandard)"}, - {T_NAPTR, "NAPTR", "URN Naming Authority"}, -#ifdef ALLOW_T_UNSPEC - {T_UNSPEC, "UNSPEC", "unspecified data (nonstandard)"}, -#endif /* ALLOW_T_UNSPEC */ - {T_ANY, "ANY", "\"any\""}, - {0, NULL, NULL} -}; - -int -__sym_ston(syms, name, success) - const struct res_sym *syms; - char *name; - int *success; -{ - for (; syms->name != 0; syms++) { - if (strcasecmp (name, syms->name) == 0) { - if (success) - *success = 1; - return (syms->number); - } - } - if (success) - *success = 0; - return (syms->number); /* The default value. */ -} - -const char * -__sym_ntos(syms, number, success) - const struct res_sym *syms; - int number; - int *success; -{ - static char unname[20]; - - for (; syms->name != 0; syms++) { - if (number == syms->number) { - if (success) - *success = 1; - return (syms->name); - } - } - - snprintf(unname, sizeof unname, "%d", number); - if (success) - *success = 0; - return (unname); -} - - -const char * -__sym_ntop(syms, number, success) - const struct res_sym *syms; - int number; - int *success; -{ - static char unname[20]; - - for (; syms->name != 0; syms++) { - if (number == syms->number) { - if (success) - *success = 1; - return (syms->humanname); - } - } - snprintf(unname, sizeof unname, "%d", number); - if (success) - *success = 0; - return (unname); -} - -/* - * Return a string for the type - */ -const char * -__p_type(type) - int type; -{ - return (__sym_ntos (__p_type_syms, type, (int *)0)); -} - -/* - * Return a mnemonic for class - */ -const char * -__p_class(class) - int class; -{ - return (__sym_ntos (__p_class_syms, class, (int *)0)); -} - -/* - * Return a mnemonic for an option - */ -const char * -__p_option(option) - u_long option; -{ - static char nbuf[40]; - - switch (option) { - case RES_INIT: return "init"; - case RES_DEBUG: return "debug"; - case RES_AAONLY: return "aaonly(unimpl)"; - case RES_USEVC: return "usevc"; - case RES_PRIMARY: return "primry(unimpl)"; - case RES_IGNTC: return "igntc"; - case RES_RECURSE: return "recurs"; - case RES_DEFNAMES: return "defnam"; - case RES_STAYOPEN: return "styopn"; - case RES_DNSRCH: return "dnsrch"; - case RES_INSECURE1: return "insecure1"; - case RES_INSECURE2: return "insecure2"; - case RES_USE_INET6: return "inet6"; - case RES_USE_EDNS0: return "edns0"; - default: - snprintf(nbuf, sizeof nbuf, "?0x%lx?", (u_long)option); - return (nbuf); - } -} - -/* - * Return a mnemonic for a time to live - */ -const char * -p_time(value) - u_int32_t value; -{ - static char nbuf[40]; - char *ebuf; - int secs, mins, hours, days; - register char *p; - int tmp; - - if (value == 0) { - strlcpy(nbuf, "0 secs", sizeof nbuf); - return (nbuf); - } - - secs = value % 60; - value /= 60; - mins = value % 60; - value /= 60; - hours = value % 24; - value /= 24; - days = value; - value = 0; - -#define PLURALIZE(x) x, (x == 1) ? "" : "s" - p = nbuf; - ebuf = nbuf + sizeof(nbuf); - if (days) { - if ((tmp = snprintf(p, ebuf - p, "%d day%s", - PLURALIZE(days))) >= ebuf - nbuf || tmp < 0) - goto full; - p += tmp; - } - if (hours) { - if (days) - *p++ = ' '; - if (p >= ebuf) - goto full; - if ((tmp = snprintf(p, ebuf - p, "%d hour%s", - PLURALIZE(hours))) >= ebuf - nbuf || tmp < 0) - goto full; - p += tmp; - } - if (mins) { - if (days || hours) - *p++ = ' '; - if (p >= ebuf) - goto full; - if ((tmp = snprintf(p, ebuf - p, "%d min%s", - PLURALIZE(mins))) >= ebuf - nbuf || tmp < 0) - goto full; - p += tmp; - } - if (secs || ! (days || hours || mins)) { - if (days || hours || mins) - *p++ = ' '; - if (p >= ebuf) - goto full; - if ((tmp = snprintf(p, ebuf - p, "%d sec%s", - PLURALIZE(secs))) >= ebuf - nbuf || tmp < 0) - goto full; - } - return (nbuf); -full: - p = nbuf + sizeof(nbuf) - 4; - *p++ = '.'; - *p++ = '.'; - *p++ = '.'; - *p++ = '\0'; - return (nbuf); -} - -/* - * routines to convert between on-the-wire RR format and zone file format. - * Does not contain conversion to/from decimal degrees; divide or multiply - * by 60*60*1000 for that. - */ - -static unsigned int poweroften[10] = {1, 10, 100, 1000, 10000, 100000, - 1000000,10000000,100000000,1000000000}; - -/* takes an XeY precision/size value, returns a string representation. */ -static const char * -precsize_ntoa(prec) - u_int8_t prec; -{ - static char retbuf[sizeof "90000000.00"]; - unsigned long val; - int mantissa, exponent; - - mantissa = (int)((prec >> 4) & 0x0f) % 10; - exponent = (int)((prec >> 0) & 0x0f) % 10; - - val = mantissa * poweroften[exponent]; - - (void) snprintf(retbuf, sizeof retbuf, "%ld.%.2ld", val/100, val%100); - return (retbuf); -} - -/* converts ascii size/precision X * 10**Y(cm) to 0xXY. moves pointer. */ -static u_int8_t -precsize_aton(strptr) - char **strptr; -{ - unsigned int mval = 0, cmval = 0; - u_int8_t retval = 0; - register char *cp; - register int exponent; - register int mantissa; - - cp = *strptr; - - while (isdigit(*cp)) - mval = mval * 10 + (*cp++ - '0'); - - if (*cp == '.') { /* centimeters */ - cp++; - if (isdigit(*cp)) { - cmval = (*cp++ - '0') * 10; - if (isdigit(*cp)) { - cmval += (*cp++ - '0'); - } - } - } - cmval = (mval * 100) + cmval; - - for (exponent = 0; exponent < 9; exponent++) - if (cmval < poweroften[exponent+1]) - break; - - mantissa = cmval / poweroften[exponent]; - if (mantissa > 9) - mantissa = 9; - - retval = (mantissa << 4) | exponent; - - *strptr = cp; - - return (retval); -} - -/* converts ascii lat/lon to unsigned encoded 32-bit number. moves pointer. */ -static u_int32_t -latlon2ul(latlonstrptr,which) - char **latlonstrptr; - int *which; -{ - register char *cp; - u_int32_t retval; - int deg = 0, min = 0, secs = 0, secsfrac = 0; - - cp = *latlonstrptr; - - while (isdigit(*cp)) - deg = deg * 10 + (*cp++ - '0'); - - while (isspace(*cp)) - cp++; - - if (!(isdigit(*cp))) - goto fndhemi; - - while (isdigit(*cp)) - min = min * 10 + (*cp++ - '0'); - - while (isspace(*cp)) - cp++; - - if (!(isdigit(*cp))) - goto fndhemi; - - while (isdigit(*cp)) - secs = secs * 10 + (*cp++ - '0'); - - if (*cp == '.') { /* decimal seconds */ - cp++; - if (isdigit(*cp)) { - secsfrac = (*cp++ - '0') * 100; - if (isdigit(*cp)) { - secsfrac += (*cp++ - '0') * 10; - if (isdigit(*cp)) { - secsfrac += (*cp++ - '0'); - } - } - } - } - - while (!isspace(*cp)) /* if any trailing garbage */ - cp++; - - while (isspace(*cp)) - cp++; - - fndhemi: - switch (*cp) { - case 'N': case 'n': - case 'E': case 'e': - retval = ((unsigned)1<<31) - + (((((deg * 60) + min) * 60) + secs) * 1000) - + secsfrac; - break; - case 'S': case 's': - case 'W': case 'w': - retval = ((unsigned)1<<31) - - (((((deg * 60) + min) * 60) + secs) * 1000) - - secsfrac; - break; - default: - retval = 0; /* invalid value -- indicates error */ - break; - } - - switch (*cp) { - case 'N': case 'n': - case 'S': case 's': - *which = 1; /* latitude */ - break; - case 'E': case 'e': - case 'W': case 'w': - *which = 2; /* longitude */ - break; - default: - *which = 0; /* error */ - break; - } - - cp++; /* skip the hemisphere */ - - while (!isspace(*cp)) /* if any trailing garbage */ - cp++; - - while (isspace(*cp)) /* move to next field */ - cp++; - - *latlonstrptr = cp; - - return (retval); -} - -/* converts a zone file representation in a string to an RDATA on-the-wire - * representation. */ -int -loc_aton(ascii, binary) - const char *ascii; - u_char *binary; -{ - const char *maxcp; - u_char *bcp; - char *cp; - - u_int32_t latit = 0, longit = 0, alt = 0; - u_int32_t lltemp1 = 0, lltemp2 = 0; - int altmeters = 0, altfrac = 0, altsign = 1; - u_int8_t hp = 0x16; /* default = 1e6 cm = 10000.00m = 10km */ - u_int8_t vp = 0x13; /* default = 1e3 cm = 10.00m */ - u_int8_t siz = 0x12; /* default = 1e2 cm = 1.00m */ - int which1 = 0, which2 = 0; - - cp = (char *)ascii; - maxcp = cp + strlen(ascii); - - lltemp1 = latlon2ul(&cp, &which1); - - lltemp2 = latlon2ul(&cp, &which2); - - switch (which1 + which2) { - case 3: /* 1 + 2, the only valid combination */ - if ((which1 == 1) && (which2 == 2)) { /* normal case */ - latit = lltemp1; - longit = lltemp2; - } else if ((which1 == 2) && (which2 == 1)) { /* reversed */ - longit = lltemp1; - latit = lltemp2; - } else { /* some kind of brokenness */ - return (0); - } - break; - default: /* we didn't get one of each */ - return (0); - } - - /* altitude */ - if (*cp == '-') { - altsign = -1; - cp++; - } - - if (*cp == '+') - cp++; - - while (isdigit(*cp)) - altmeters = altmeters * 10 + (*cp++ - '0'); - - if (*cp == '.') { /* decimal meters */ - cp++; - if (isdigit(*cp)) { - altfrac = (*cp++ - '0') * 10; - if (isdigit(*cp)) { - altfrac += (*cp++ - '0'); - } - } - } - - alt = (10000000 + (altsign * (altmeters * 100 + altfrac))); - - while (!isspace(*cp) && (cp < maxcp)) /* if trailing garbage or m */ - cp++; - - while (isspace(*cp) && (cp < maxcp)) - cp++; - - if (cp >= maxcp) - goto defaults; - - siz = precsize_aton(&cp); - - while (!isspace(*cp) && (cp < maxcp)) /* if trailing garbage or m */ - cp++; - - while (isspace(*cp) && (cp < maxcp)) - cp++; - - if (cp >= maxcp) - goto defaults; - - hp = precsize_aton(&cp); - - while (!isspace(*cp) && (cp < maxcp)) /* if trailing garbage or m */ - cp++; - - while (isspace(*cp) && (cp < maxcp)) - cp++; - - if (cp >= maxcp) - goto defaults; - - vp = precsize_aton(&cp); - - defaults: - - bcp = binary; - *bcp++ = (u_int8_t) 0; /* version byte */ - *bcp++ = siz; - *bcp++ = hp; - *bcp++ = vp; - PUTLONG(latit,bcp); - PUTLONG(longit,bcp); - PUTLONG(alt,bcp); - - return (16); /* size of RR in octets */ -} - -const char * -loc_ntoa(binary, ascii) - const u_char *binary; - char *ascii; -{ - return loc_ntoal(binary, ascii, 255); -} - -/* takes an on-the-wire LOC RR and formats it in a human readable format. */ -static const char * -loc_ntoal(binary, ascii, ascii_len) - const u_char *binary; - char *ascii; - int ascii_len; -{ - static char *error = "?"; - register const u_char *cp = binary; - - int latdeg, latmin, latsec, latsecfrac; - int longdeg, longmin, longsec, longsecfrac; - char northsouth, eastwest; - int altmeters, altfrac, altsign; - - const int referencealt = 100000 * 100; - - int32_t latval, longval, altval; - u_int32_t templ; - u_int8_t sizeval, hpval, vpval, versionval; - - char *sizestr, *hpstr, *vpstr; - - versionval = *cp++; - - if (versionval) { - snprintf(ascii, ascii_len, "; error: unknown LOC RR version"); - return (ascii); - } - - sizeval = *cp++; - - hpval = *cp++; - vpval = *cp++; - - GETLONG(templ, cp); - latval = (templ - ((unsigned)1<<31)); - - GETLONG(templ, cp); - longval = (templ - ((unsigned)1<<31)); - - GETLONG(templ, cp); - if (templ < referencealt) { /* below WGS 84 spheroid */ - altval = referencealt - templ; - altsign = -1; - } else { - altval = templ - referencealt; - altsign = 1; - } - - if (latval < 0) { - northsouth = 'S'; - latval = -latval; - } else - northsouth = 'N'; - - latsecfrac = latval % 1000; - latval = latval / 1000; - latsec = latval % 60; - latval = latval / 60; - latmin = latval % 60; - latval = latval / 60; - latdeg = latval; - - if (longval < 0) { - eastwest = 'W'; - longval = -longval; - } else - eastwest = 'E'; - - longsecfrac = longval % 1000; - longval = longval / 1000; - longsec = longval % 60; - longval = longval / 60; - longmin = longval % 60; - longval = longval / 60; - longdeg = longval; - - altfrac = altval % 100; - altmeters = (altval / 100) * altsign; - - if ((sizestr = strdup(precsize_ntoa(sizeval))) == NULL) - sizestr = error; - if ((hpstr = strdup(precsize_ntoa(hpval))) == NULL) - hpstr = error; - if ((vpstr = strdup(precsize_ntoa(vpval))) == NULL) - vpstr = error; - - snprintf(ascii, ascii_len, - "%d %.2d %.2d.%.3d %c %d %.2d %.2d.%.3d %c %d.%.2dm %sm %sm %sm", - latdeg, latmin, latsec, latsecfrac, northsouth, - longdeg, longmin, longsec, longsecfrac, eastwest, - altmeters, altfrac, sizestr, hpstr, vpstr); - - if (sizestr != error) - free(sizestr); - if (hpstr != error) - free(hpstr); - if (vpstr != error) - free(vpstr); - - return (ascii); -} - - -/* Return the number of DNS hierarchy levels in the name. */ -int -__dn_count_labels(name) - char *name; -{ - int i, len, count; - - len = strlen(name); - - for(i = 0, count = 0; i < len; i++) { - if (name[i] == '.') - count++; - } - - /* don't count initial wildcard */ - if (name[0] == '*') - if (count) - count--; - - /* don't count the null label for root. */ - /* if terminating '.' not found, must adjust */ - /* count to include last label */ - if (len > 0 && name[len-1] != '.') - count++; - return (count); -} - - -/* - * Make dates expressed in seconds-since-Jan-1-1970 easy to read. - * SIG records are required to be printed like this, by the Secure DNS RFC. - */ -char * -__p_secstodate (secs) - unsigned long secs; -{ - static char output[15]; /* YYYYMMDDHHMMSS and null */ - time_t clock = secs; - struct tm *time; - - time = gmtime(&clock); - time->tm_year += 1900; - time->tm_mon += 1; - snprintf(output, sizeof output, "%04d%02d%02d%02d%02d%02d", - time->tm_year, time->tm_mon, time->tm_mday, - time->tm_hour, time->tm_min, time->tm_sec); - return (output); -} diff --git a/src/lib/libc/net/res_debug_syms.c b/src/lib/libc/net/res_debug_syms.c new file mode 100644 index 00000000000..fc26f03e74e --- /dev/null +++ b/src/lib/libc/net/res_debug_syms.c @@ -0,0 +1,192 @@ +/* $OpenBSD: res_debug_syms.c,v 1.2 2015/10/05 02:57:16 guenther Exp $ */ + +/* + * ++Copyright++ 1985, 1990, 1993 + * - + * Copyright (c) 1985, 1990, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * - + * Portions Copyright (c) 1993 by Digital Equipment Corporation. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies, and that + * the name of Digital Equipment Corporation not be used in advertising or + * publicity pertaining to distribution of the document or software without + * specific, written prior permission. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL + * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT + * CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL + * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS + * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS + * SOFTWARE. + * - + * Portions Copyright (c) 1995 by International Business Machines, Inc. + * + * International Business Machines, Inc. (hereinafter called IBM) grants + * permission under its copyrights to use, copy, modify, and distribute this + * Software with or without fee, provided that the above copyright notice and + * all paragraphs of this notice appear in all copies, and that the name of IBM + * not be used in connection with the marketing of any product incorporating + * the Software or modifications thereof, without specific, written prior + * permission. + * + * To the extent it has a right to do so, IBM grants an immunity from suit + * under its patents, if any, for the use, sale or manufacture of products to + * the extent that such products are used for performing Domain Name System + * dynamic updates in TCP/IP networks by means of the Software. No immunity is + * granted for any product per se or for any other function of any product. + * + * THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE. IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL, + * DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN + * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES. + * --Copyright-- + */ + + +#include +#include +#include + +#include +#include + +/* + * Names of RR classes and qclasses. Classes and qclasses are the same, except + * that C_ANY is a qclass but not a class. (You can ask for records of class + * C_ANY, but you can't have any records of that class in the database.) + */ +const struct res_sym __p_class_syms[] = { + {C_IN, "IN"}, + {C_CHAOS, "CHAOS"}, + {C_HS, "HS"}, + {C_HS, "HESIOD"}, + {C_ANY, "ANY"}, + {C_IN, (char *)0} +}; + +/* + * Names of RR types and qtypes. Types and qtypes are the same, except + * that T_ANY is a qtype but not a type. (You can ask for records of type + * T_ANY, but you can't have any records of that type in the database.) + */ +const struct res_sym __p_type_syms[] = { + {T_A, "A", "address"}, + {T_NS, "NS", "name server"}, + {T_MD, "MD", "mail destination (deprecated)"}, + {T_MF, "MF", "mail forwarder (deprecated)"}, + {T_CNAME, "CNAME", "canonical name"}, + {T_SOA, "SOA", "start of authority"}, + {T_MB, "MB", "mailbox"}, + {T_MG, "MG", "mail group member"}, + {T_MR, "MR", "mail rename"}, + {T_NULL, "NULL", "null"}, + {T_WKS, "WKS", "well-known service (deprecated)"}, + {T_PTR, "PTR", "domain name pointer"}, + {T_HINFO, "HINFO", "host information"}, + {T_MINFO, "MINFO", "mailbox information"}, + {T_MX, "MX", "mail exchanger"}, + {T_TXT, "TXT", "text"}, + {T_RP, "RP", "responsible person"}, + {T_AFSDB, "AFSDB", "DCE or AFS server"}, + {T_X25, "X25", "X25 address"}, + {T_ISDN, "ISDN", "ISDN address"}, + {T_RT, "RT", "router"}, + {T_NSAP, "NSAP", "nsap address"}, + {T_NSAP_PTR, "NSAP_PTR", "domain name pointer"}, + {T_SIG, "SIG", "signature"}, + {T_KEY, "KEY", "key"}, + {T_PX, "PX", "mapping information"}, + {T_GPOS, "GPOS", "geographical position (withdrawn)"}, + {T_AAAA, "AAAA", "IPv6 address"}, + {T_LOC, "LOC", "location"}, + {T_NXT, "NXT", "next valid name (unimplemented)"}, + {T_EID, "EID", "endpoint identifier (unimplemented)"}, + {T_NIMLOC, "NIMLOC", "NIMROD locator (unimplemented)"}, + {T_SRV, "SRV", "server selection"}, + {T_ATMA, "ATMA", "ATM address (unimplemented)"}, + {T_IXFR, "IXFR", "incremental zone transfer"}, + {T_AXFR, "AXFR", "zone transfer"}, + {T_MAILB, "MAILB", "mailbox-related data (deprecated)"}, + {T_MAILA, "MAILA", "mail agent (deprecated)"}, + {T_UINFO, "UINFO", "user information (nonstandard)"}, + {T_UID, "UID", "user ID (nonstandard)"}, + {T_GID, "GID", "group ID (nonstandard)"}, + {T_NAPTR, "NAPTR", "URN Naming Authority"}, +#ifdef ALLOW_T_UNSPEC + {T_UNSPEC, "UNSPEC", "unspecified data (nonstandard)"}, +#endif /* ALLOW_T_UNSPEC */ + {T_ANY, "ANY", "\"any\""}, + {0, NULL, NULL} +}; + +const char * +__sym_ntos(const struct res_sym *syms, int number, int *success) +{ + static char unname[20]; + + for (; syms->name != 0; syms++) { + if (number == syms->number) { + if (success) + *success = 1; + return (syms->name); + } + } + + snprintf(unname, sizeof unname, "%d", number); + if (success) + *success = 0; + return (unname); +} +DEF_STRONG(__sym_ntos); + +/* + * Return a string for the type + */ +const char * +__p_type(int type) +{ + return (__sym_ntos (__p_type_syms, type, (int *)0)); +} +DEF_STRONG(__p_type); + +/* + * Return a mnemonic for class + */ +const char * +__p_class(int class) +{ + return (__sym_ntos (__p_class_syms, class, (int *)0)); +} +DEF_STRONG(__p_class); + diff --git a/src/lib/libc/net/res_init.c b/src/lib/libc/net/res_init.c deleted file mode 100644 index c55c7763a4e..00000000000 --- a/src/lib/libc/net/res_init.c +++ /dev/null @@ -1,639 +0,0 @@ -/* $OpenBSD: res_init.c,v 1.27 2002/07/25 21:13:45 deraadt Exp $ */ - -/* - * ++Copyright++ 1985, 1989, 1993 - * - - * Copyright (c) 1985, 1989, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - - * Portions Copyright (c) 1993 by Digital Equipment Corporation. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies, and that - * the name of Digital Equipment Corporation not be used in advertising or - * publicity pertaining to distribution of the document or software without - * specific, written prior permission. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL - * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT - * CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - * - - * --Copyright-- - */ - -#ifndef INET6 -#define INET6 -#endif - -#if defined(LIBC_SCCS) && !defined(lint) -#if 0 -static char sccsid[] = "@(#)res_init.c 8.1 (Berkeley) 6/7/93"; -static char rcsid[] = "$From: res_init.c,v 8.7 1996/09/28 06:51:07 vixie Exp $"; -#else -static char rcsid[] = "$OpenBSD: res_init.c,v 1.27 2002/07/25 21:13:45 deraadt Exp $"; -#endif -#endif /* LIBC_SCCS and not lint */ - -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#ifdef INET6 -#include -#endif /* INET6 */ - -/*-------------------------------------- info about "sortlist" -------------- - * Marc Majka 1994/04/16 - * Allan Nathanson 1994/10/29 (BIND 4.9.3.x) - * - * NetInfo resolver configuration directory support. - * - * Allow a NetInfo directory to be created in the hierarchy which - * contains the same information as the resolver configuration file. - * - * - The local domain name is stored as the value of the "domain" property. - * - The Internet address(es) of the name server(s) are stored as values - * of the "nameserver" property. - * - The name server addresses are stored as values of the "nameserver" - * property. - * - The search list for host-name lookup is stored as values of the - * "search" property. - * - The sortlist comprised of IP address netmask pairs are stored as - * values of the "sortlist" property. The IP address and optional netmask - * should be separated by a slash (/) or ampersand (&) character. - * - Internal resolver variables can be set from the value of the "options" - * property. - */ - -static void res_setoptions(char *, char *); - -#ifdef RESOLVSORT -static const char sort_mask[] = "/&"; -#define ISSORTMASK(ch) (strchr(sort_mask, ch) != NULL) -static u_int32_t net_mask(struct in_addr); -#endif - -/* - * Resolver state default settings. - */ - -struct __res_state _res -# if defined(__BIND_RES_TEXT) - = { RES_TIMEOUT, } /* Motorola, et al. */ -# endif - ; -#ifdef INET6 -struct __res_state_ext _res_ext; -#endif /* INET6 */ - -/* - * Set up default settings. If the configuration file exist, the values - * there will have precedence. Otherwise, the server address is set to - * INADDR_ANY and the default domain name comes from the gethostname(). - * - * An interrim version of this code (BIND 4.9, pre-4.4BSD) used 127.0.0.1 - * rather than INADDR_ANY ("0.0.0.0") as the default name server address - * since it was noted that INADDR_ANY actually meant ``the first interface - * you "ifconfig"'d at boot time'' and if this was a SLIP or PPP interface, - * it had to be "up" in order for you to reach your own name server. It - * was later decided that since the recommended practice is to always - * install local static routes through 127.0.0.1 for all your network - * interfaces, that we could solve this problem without a code change. - * - * The configuration file should always be used, since it is the only way - * to specify a default domain. If you are running a server on your local - * machine, you should say "nameserver 0.0.0.0" or "nameserver 127.0.0.1" - * in the configuration file. - * - * Return 0 if completes successfully, -1 on error - */ -int -res_init() -{ - register FILE *fp; - register char *cp, **pp; - register int n; - char buf[BUFSIZ]; - int nserv = 0; /* number of nameserver records read from file */ - int haveenv = 0; - int havesearch = 0; - size_t len; -#ifdef RESOLVSORT - int nsort = 0; - char *net; -#endif -#ifndef RFC1535 - int dots; -#endif - - /* - * These three fields used to be statically initialized. This made - * it hard to use this code in a shared library. It is necessary, - * now that we're doing dynamic initialization here, that we preserve - * the old semantics: if an application modifies one of these three - * fields of _res before res_init() is called, res_init() will not - * alter them. Of course, if an application is setting them to - * _zero_ before calling res_init(), hoping to override what used - * to be the static default, we can't detect it and unexpected results - * will follow. Zero for any of these fields would make no sense, - * so one can safely assume that the applications were already getting - * unexpected results. - * - * _res.options is tricky since some apps were known to diddle the bits - * before res_init() was first called. We can't replicate that semantic - * with dynamic initialization (they may have turned bits off that are - * set in RES_DEFAULT). Our solution is to declare such applications - * "broken". They could fool us by setting RES_INIT but none do (yet). - */ - if (!_res.retrans) - _res.retrans = RES_TIMEOUT; - if (!_res.retry) - _res.retry = 4; - if (!(_res.options & RES_INIT)) - _res.options = RES_DEFAULT; - -#ifdef USELOOPBACK - _res.nsaddr.sin_addr = inet_makeaddr(IN_LOOPBACKNET, 1); -#else - _res.nsaddr.sin_addr.s_addr = INADDR_ANY; -#endif - _res.nsaddr.sin_family = AF_INET; - _res.nsaddr.sin_port = htons(NAMESERVER_PORT); - _res.nsaddr.sin_len = sizeof(struct sockaddr_in); -#ifdef INET6 - if (sizeof(_res_ext.nsaddr) >= _res.nsaddr.sin_len) - memcpy(&_res_ext.nsaddr, &_res.nsaddr, _res.nsaddr.sin_len); -#endif - _res.nscount = 1; - _res.ndots = 1; - _res.pfcode = 0; - strlcpy(_res.lookups, "f", sizeof _res.lookups); - - /* Allow user to override the local domain definition */ - if (issetugid() == 0 && (cp = getenv("LOCALDOMAIN")) != NULL) { - strlcpy(_res.defdname, cp, sizeof(_res.defdname)); - haveenv++; - - /* - * Set search list to be blank-separated strings - * from rest of env value. Permits users of LOCALDOMAIN - * to still have a search list, and anyone to set the - * one that they want to use as an individual (even more - * important now that the rfc1535 stuff restricts searches) - */ - cp = _res.defdname; - pp = _res.dnsrch; - *pp++ = cp; - for (n = 0; *cp && pp < _res.dnsrch + MAXDNSRCH; cp++) { - if (*cp == '\n') /* silly backwards compat */ - break; - else if (*cp == ' ' || *cp == '\t') { - *cp = 0; - n = 1; - } else if (n) { - *pp++ = cp; - n = 0; - havesearch = 1; - } - } - /* null terminate last domain if there are excess */ - while (*cp != '\0' && *cp != ' ' && *cp != '\t' && *cp != '\n') - cp++; - *cp = '\0'; - *pp++ = 0; - } - -#define MATCH(line, name) \ - (!strncmp(line, name, sizeof(name) - 1) && \ - (line[sizeof(name) - 1] == ' ' || \ - line[sizeof(name) - 1] == '\t')) - - if ((fp = fopen(_PATH_RESCONF, "r")) != NULL) { - strlcpy(_res.lookups, "bf", sizeof _res.lookups); - - /* read the config file */ - buf[0] = '\0'; - while ((cp = fgetln(fp, &len)) != NULL) { - /* skip lines that are too long or zero length */ - if (len >= sizeof(buf) || len == 0) - continue; - (void)memcpy(buf, cp, len); - buf[len] = '\0'; - /* skip comments */ - if ((cp = strpbrk(buf, ";#")) != NULL) - *cp = '\0'; - if (buf[0] == '\0') - continue; - /* read default domain name */ - if (MATCH(buf, "domain")) { - if (haveenv) /* skip if have from environ */ - continue; - cp = buf + sizeof("domain") - 1; - while (*cp == ' ' || *cp == '\t') - cp++; - if ((*cp == '\0') || (*cp == '\n')) - continue; - strlcpy(_res.defdname, cp, sizeof(_res.defdname)); - if ((cp = strpbrk(_res.defdname, " \t\n")) != NULL) - *cp = '\0'; - havesearch = 0; - continue; - } - /* lookup types */ - if (MATCH(buf, "lookup")) { - char *sp = NULL; - - bzero(_res.lookups, sizeof _res.lookups); - cp = buf + sizeof("lookup") - 1; - for (n = 0;; cp++) { - if (n == MAXDNSLUS) - break; - if ((*cp == '\0') || (*cp == '\n')) { - if (sp) { - if (*sp=='y' || *sp=='b' || *sp=='f') - _res.lookups[n++] = *sp; - sp = NULL; - } - break; - } else if ((*cp == ' ') || (*cp == '\t') || (*cp == ',')) { - if (sp) { - if (*sp=='y' || *sp=='b' || *sp=='f') - _res.lookups[n++] = *sp; - sp = NULL; - } - } else if (sp == NULL) - sp = cp; - } - continue; - } - /* set search list */ - if (MATCH(buf, "search")) { - if (haveenv) /* skip if have from environ */ - continue; - cp = buf + sizeof("search") - 1; - while (*cp == ' ' || *cp == '\t') - cp++; - if ((*cp == '\0') || (*cp == '\n')) - continue; - strlcpy(_res.defdname, cp, sizeof(_res.defdname)); - if ((cp = strchr(_res.defdname, '\n')) != NULL) - *cp = '\0'; - /* - * Set search list to be blank-separated strings - * on rest of line. - */ - cp = _res.defdname; - pp = _res.dnsrch; - *pp++ = cp; - for (n = 0; *cp && pp < _res.dnsrch + MAXDNSRCH; cp++) { - if (*cp == ' ' || *cp == '\t') { - *cp = 0; - n = 1; - } else if (n) { - *pp++ = cp; - n = 0; - } - } - /* null terminate last domain if there are excess */ - while (*cp != '\0' && *cp != ' ' && *cp != '\t') - cp++; - *cp = '\0'; - *pp++ = 0; - havesearch = 1; - continue; - } - /* read nameservers to query */ - if (MATCH(buf, "nameserver") && nserv < MAXNS) { -#ifdef INET6 - char *q; - struct addrinfo hints, *res; - char pbuf[NI_MAXSERV]; -#else - struct in_addr a; -#endif /* INET6 */ - - cp = buf + sizeof("nameserver") - 1; - while (*cp == ' ' || *cp == '\t') - cp++; -#ifdef INET6 - if ((*cp == '\0') || (*cp == '\n')) - continue; - for (q = cp; *q; q++) { - if (isspace(*q)) { - *q = '\0'; - break; - } - } - memset(&hints, 0, sizeof(hints)); - hints.ai_flags = AI_NUMERICHOST; - hints.ai_socktype = SOCK_DGRAM; - snprintf(pbuf, sizeof(pbuf), "%u", NAMESERVER_PORT); - res = NULL; - if (getaddrinfo(cp, pbuf, &hints, &res) == 0 && - res->ai_next == NULL) { - if (res->ai_addrlen <= sizeof(_res_ext.nsaddr_list[nserv])) { - memcpy(&_res_ext.nsaddr_list[nserv], res->ai_addr, - res->ai_addrlen); - } else { - memset(&_res_ext.nsaddr_list[nserv], 0, - sizeof(_res_ext.nsaddr_list[nserv])); - } - if (res->ai_addrlen <= sizeof(_res.nsaddr_list[nserv])) { - memcpy(&_res.nsaddr_list[nserv], res->ai_addr, - res->ai_addrlen); - } else { - memset(&_res.nsaddr_list[nserv], 0, - sizeof(_res.nsaddr_list[nserv])); - } - nserv++; - } - if (res) - freeaddrinfo(res); -#else /* INET6 */ - if ((*cp != '\0') && (*cp != '\n') && inet_aton(cp, &a)) { - _res.nsaddr_list[nserv].sin_addr = a; - _res.nsaddr_list[nserv].sin_family = AF_INET; - _res.nsaddr_list[nserv].sin_port = - htons(NAMESERVER_PORT); - _res.nsaddr_list[nserv].sin_len = - sizeof(struct sockaddr_in); - nserv++; - } -#endif /* INET6 */ - continue; - } -#ifdef RESOLVSORT - if (MATCH(buf, "sortlist")) { - struct in_addr a; -#ifdef INET6 - struct in6_addr a6; - int m, i; - u_char *u; -#endif /* INET6 */ - - cp = buf + sizeof("sortlist") - 1; - while (nsort < MAXRESOLVSORT) { - while (*cp == ' ' || *cp == '\t') - cp++; - if (*cp == '\0' || *cp == '\n' || *cp == ';') - break; - net = cp; - while (*cp && !ISSORTMASK(*cp) && *cp != ';' && - isascii(*cp) && !isspace(*cp)) - cp++; - n = *cp; - *cp = 0; - if (inet_aton(net, &a)) { - _res.sort_list[nsort].addr = a; - if (ISSORTMASK(n)) { - *cp++ = n; - net = cp; - while (*cp && *cp != ';' && - isascii(*cp) && !isspace(*cp)) - cp++; - n = *cp; - *cp = 0; - if (inet_aton(net, &a)) { - _res.sort_list[nsort].mask = a.s_addr; - } else { - _res.sort_list[nsort].mask = - net_mask(_res.sort_list[nsort].addr); - } - } else { - _res.sort_list[nsort].mask = - net_mask(_res.sort_list[nsort].addr); - } -#ifdef INET6 - _res_ext.sort_list[nsort].af = AF_INET; - _res_ext.sort_list[nsort].addr.ina = - _res.sort_list[nsort].addr; - _res_ext.sort_list[nsort].mask.ina.s_addr = - _res.sort_list[nsort].mask; -#endif /* INET6 */ - nsort++; - } -#ifdef INET6 - else if (inet_pton(AF_INET6, net, &a6) == 1) { - _res_ext.sort_list[nsort].af = AF_INET6; - _res_ext.sort_list[nsort].addr.in6a = a6; - u = (u_char *)&_res_ext.sort_list[nsort].mask.in6a; - *cp++ = n; - net = cp; - while (*cp && *cp != ';' && - isascii(*cp) && !isspace(*cp)) - cp++; - m = n; - n = *cp; - *cp = 0; - switch (m) { - case '/': - m = atoi(net); - break; - case '&': - if (inet_pton(AF_INET6, net, u) == 1) { - m = -1; - break; - } - /*FALLTHRU*/ - default: - m = sizeof(struct in6_addr) * NBBY; - break; - } - if (m >= 0) { - for (i = 0; i < sizeof(struct in6_addr); i++) { - if (m <= 0) { - *u = 0; - } else { - m -= NBBY; - *u = (u_char)~0; - if (m < 0) - *u <<= -m; - } - u++; - } - } - nsort++; - } -#endif /* INET6 */ - *cp = n; - } - continue; - } -#endif - if (MATCH(buf, "options")) { - res_setoptions(buf + sizeof("options") - 1, "conf"); - continue; - } - } - if (nserv > 1) - _res.nscount = nserv; -#ifdef RESOLVSORT - _res.nsort = nsort; -#endif - (void) fclose(fp); - } - if (_res.defdname[0] == 0 && - gethostname(buf, sizeof(_res.defdname) - 1) == 0 && - (cp = strchr(buf, '.')) != NULL) - { - strlcpy(_res.defdname, cp + 1, - sizeof(_res.defdname)); - } - - /* find components of local domain that might be searched */ - if (havesearch == 0) { - pp = _res.dnsrch; - *pp++ = _res.defdname; - *pp = NULL; - -#ifndef RFC1535 - dots = 0; - for (cp = _res.defdname; *cp; cp++) - dots += (*cp == '.'); - - cp = _res.defdname; - while (pp < _res.dnsrch + MAXDFLSRCH) { - if (dots < LOCALDOMAINPARTS) - break; - cp = strchr(cp, '.') + 1; /* we know there is one */ - *pp++ = cp; - dots--; - } - *pp = NULL; -#ifdef DEBUG - if (_res.options & RES_DEBUG) { - printf(";; res_init()... default dnsrch list:\n"); - for (pp = _res.dnsrch; *pp; pp++) - printf(";;\t%s\n", *pp); - printf(";;\t..END..\n"); - } -#endif /* DEBUG */ -#endif /* !RFC1535 */ - } - - if (issetugid()) - _res.options |= RES_NOALIASES; - else if ((cp = getenv("RES_OPTIONS")) != NULL) - res_setoptions(cp, "env"); - _res.options |= RES_INIT; - return (0); -} - -/* ARGSUSED */ -static void -res_setoptions(options, source) - char *options, *source; -{ - char *cp = options; - char *endp; - long l; - -#ifdef DEBUG - if (_res.options & RES_DEBUG) - printf(";; res_setoptions(\"%s\", \"%s\")...\n", - options, source); -#endif - while (*cp) { - /* skip leading and inner runs of spaces */ - while (*cp == ' ' || *cp == '\t') - cp++; - /* search for and process individual options */ - if (!strncmp(cp, "ndots:", sizeof("ndots:") - 1)) { - char *p = cp + sizeof("ndots:") - 1; - l = strtol(p, &endp, 10); - if (l >= 0 && endp != p && - (*endp = '\0' || isspace(*endp))) { - if (l <= RES_MAXNDOTS) - _res.ndots = l; - else - _res.ndots = RES_MAXNDOTS; -#ifdef DEBUG - if (_res.options & RES_DEBUG) - printf(";;\tndots=%u\n", _res.ndots); -#endif - } - } else if (!strncmp(cp, "debug", sizeof("debug") - 1)) { -#ifdef DEBUG - if (!(_res.options & RES_DEBUG)) { - printf(";; res_setoptions(\"%s\", \"%s\")..\n", - options, source); - _res.options |= RES_DEBUG; - } - printf(";;\tdebug\n"); -#endif - } else if (!strncmp(cp, "inet6", sizeof("inet6") - 1)) { - _res.options |= RES_USE_INET6; - } else if (!strncmp(cp, "insecure1", sizeof("insecure1") - 1)) { - _res.options |= RES_INSECURE1; - } else if (!strncmp(cp, "insecure2", sizeof("insecure2") - 1)) { - _res.options |= RES_INSECURE2; - } else if (!strncmp(cp, "edns0", sizeof("edns0") - 1)) { - _res.options |= RES_USE_EDNS0; - } else { - /* XXX - print a warning here? */ - } - /* skip to next run of spaces */ - while (*cp && *cp != ' ' && *cp != '\t') - cp++; - } -} - -#ifdef RESOLVSORT -/* XXX - should really support CIDR which means explicit masks always. */ -static u_int32_t -net_mask(in) /* XXX - should really use system's version of this */ - struct in_addr in; -{ - register u_int32_t i = ntohl(in.s_addr); - - if (IN_CLASSA(i)) - return (htonl(IN_CLASSA_NET)); - else if (IN_CLASSB(i)) - return (htonl(IN_CLASSB_NET)); - return (htonl(IN_CLASSC_NET)); -} -#endif diff --git a/src/lib/libc/net/res_mkquery.c b/src/lib/libc/net/res_mkquery.c deleted file mode 100644 index 6cd6a00dbe4..00000000000 --- a/src/lib/libc/net/res_mkquery.c +++ /dev/null @@ -1,242 +0,0 @@ -/* $OpenBSD: res_mkquery.c,v 1.12 2002/08/28 03:19:38 itojun Exp $ */ - -/* - * ++Copyright++ 1985, 1993 - * - - * Copyright (c) 1985, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - - * Portions Copyright (c) 1993 by Digital Equipment Corporation. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies, and that - * the name of Digital Equipment Corporation not be used in advertising or - * publicity pertaining to distribution of the document or software without - * specific, written prior permission. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL - * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT - * CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - * - - * --Copyright-- - */ - -#if defined(LIBC_SCCS) && !defined(lint) -#if 0 -static char sccsid[] = "@(#)res_mkquery.c 8.1 (Berkeley) 6/4/93"; -static char rcsid[] = "$From: res_mkquery.c,v 8.5 1996/08/27 08:33:28 vixie Exp $"; -#else -static char rcsid[] = "$OpenBSD: res_mkquery.c,v 1.12 2002/08/28 03:19:38 itojun Exp $"; -#endif -#endif /* LIBC_SCCS and not lint */ - -#include -#include -#include -#include - -#include -#include -#include -#include - -/* - * Form all types of queries. - * Returns the size of the result or -1. - */ -/* ARGSUSED */ -int -res_mkquery(op, dname, class, type, data, datalen, newrr_in, buf, buflen) - int op; /* opcode of query */ - const char *dname; /* domain name */ - int class, type; /* class and type of query */ - const u_char *data; /* resource record data */ - int datalen; /* length of data */ - const u_char *newrr_in; /* new rr for modify or append */ - u_char *buf; /* buffer to put query */ - int buflen; /* size of buffer */ -{ - register HEADER *hp; - register u_char *cp, *ep; - register int n; - u_char *dnptrs[20], **dpp, **lastdnptr; - - if ((_res.options & RES_INIT) == 0 && res_init() == -1) { - h_errno = NETDB_INTERNAL; - return (-1); - } -#ifdef DEBUG - if (_res.options & RES_DEBUG) - printf(";; res_mkquery(%d, %s, %d, %d)\n", - op, dname, class, type); -#endif - /* - * Initialize header fields. - * - * A special random number generator is used to create non predictable - * and non repeating ids over a long period. It also avoids reuse - * by switching between two distinct number cycles. - */ - - if ((buf == NULL) || (buflen < HFIXEDSZ)) - return (-1); - bzero(buf, HFIXEDSZ); - hp = (HEADER *) buf; - _res.id = res_randomid(); - hp->id = htons(_res.id); - hp->opcode = op; - hp->rd = (_res.options & RES_RECURSE) != 0; - hp->rcode = NOERROR; - cp = buf + HFIXEDSZ; - ep = buf + buflen; - dpp = dnptrs; - *dpp++ = buf; - *dpp++ = NULL; - lastdnptr = dnptrs + sizeof dnptrs / sizeof dnptrs[0]; - /* - * perform opcode specific processing - */ - switch (op) { - case QUERY: /*FALLTHROUGH*/ - case NS_NOTIFY_OP: - if (ep - cp < QFIXEDSZ) - return (-1); - if ((n = dn_comp(dname, cp, ep - cp - QFIXEDSZ, dnptrs, - lastdnptr)) < 0) - return (-1); - cp += n; - __putshort(type, cp); - cp += INT16SZ; - __putshort(class, cp); - cp += INT16SZ; - hp->qdcount = htons(1); - if (op == QUERY || data == NULL) - break; - /* - * Make an additional record for completion domain. - */ - if (ep - cp < RRFIXEDSZ) - return (-1); - n = dn_comp((char *)data, cp, ep - cp - RRFIXEDSZ, dnptrs, - lastdnptr); - if (n < 0) - return (-1); - cp += n; - __putshort(T_NULL, cp); - cp += INT16SZ; - __putshort(class, cp); - cp += INT16SZ; - __putlong(0, cp); - cp += INT32SZ; - __putshort(0, cp); - cp += INT16SZ; - hp->arcount = htons(1); - break; - - case IQUERY: - /* - * Initialize answer section - */ - if (ep - cp < 1 + RRFIXEDSZ + datalen) - return (-1); - *cp++ = '\0'; /* no domain name */ - __putshort(type, cp); - cp += INT16SZ; - __putshort(class, cp); - cp += INT16SZ; - __putlong(0, cp); - cp += INT32SZ; - __putshort(datalen, cp); - cp += INT16SZ; - if (datalen) { - bcopy(data, cp, datalen); - cp += datalen; - } - hp->ancount = htons(1); - break; - - default: - return (-1); - } - return (cp - buf); -} - -/* attach OPT pseudo-RR, as documented in RFC2671 (EDNS0). */ -int -res_opt(n0, buf, buflen, anslen) - int n0; - u_char *buf; /* buffer to put query */ - int buflen; /* size of buffer */ - int anslen; /* answer buffer length */ -{ - register HEADER *hp; - register u_char *cp, *ep; - - hp = (HEADER *) buf; - cp = buf + n0; - ep = buf + buflen; - - if (ep - cp < 1 + RRFIXEDSZ) - return -1; - - *cp++ = 0; /* "." */ - - __putshort(T_OPT, cp); /* TYPE */ - cp += INT16SZ; - if (anslen > 0xffff) - anslen = 0xffff; /* limit to 16bit value */ - __putshort(anslen & 0xffff, cp); /* CLASS = UDP payload size */ - cp += INT16SZ; - *cp++ = NOERROR; /* extended RCODE */ - *cp++ = 0; /* EDNS version */ - if (_res.options & RES_USE_DNSSEC) { -#ifdef DEBUG - if (_res.options & RES_DEBUG) - printf(";; res_opt()... ENDS0 DNSSEC OK\n"); -#endif /* DEBUG */ - __putshort(DNS_MESSAGEEXTFLAG_DO, cp); /* EDNS Z field */ - cp += INT16SZ; - } else { - __putshort(0, cp); /* EDNS Z field */ - cp += INT16SZ; - } - __putshort(0, cp); /* RDLEN */ - cp += INT16SZ; - hp->arcount = htons(ntohs(hp->arcount) + 1); - - return cp - buf; -} diff --git a/src/lib/libc/net/res_query.c b/src/lib/libc/net/res_query.c deleted file mode 100644 index 9c1aef1218f..00000000000 --- a/src/lib/libc/net/res_query.c +++ /dev/null @@ -1,405 +0,0 @@ -/* $OpenBSD: res_query.c,v 1.19 2002/06/27 09:55:49 itojun Exp $ */ - -/* - * ++Copyright++ 1988, 1993 - * - - * Copyright (c) 1988, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - - * Portions Copyright (c) 1993 by Digital Equipment Corporation. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies, and that - * the name of Digital Equipment Corporation not be used in advertising or - * publicity pertaining to distribution of the document or software without - * specific, written prior permission. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL - * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT - * CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - * - - * --Copyright-- - */ - -#if defined(LIBC_SCCS) && !defined(lint) -#if 0 -static char sccsid[] = "@(#)res_query.c 8.1 (Berkeley) 6/4/93"; -static char rcsid[] = "$From: res_query.c,v 8.9 1996/09/22 00:13:28 vixie Exp $"; -#else -static char rcsid[] = "$OpenBSD: res_query.c,v 1.19 2002/06/27 09:55:49 itojun Exp $"; -#endif -#endif /* LIBC_SCCS and not lint */ - -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include - -#if PACKETSZ > 1024 -#define MAXPACKET PACKETSZ -#else -#define MAXPACKET 1024 -#endif - -const char *hostalias(const char *); -int h_errno; -extern int res_opt(int, u_char *, int, int); - -/* - * Formulate a normal query, send, and await answer. - * Returned answer is placed in supplied buffer "answer". - * Perform preliminary check of answer, returning success only - * if no error is indicated and the answer count is nonzero. - * Return the size of the response on success, -1 on error. - * Error number is left in h_errno. - * - * Caller must parse answer and determine whether it answers the question. - */ -int -res_query(name, class, type, answer, anslen) - const char *name; /* domain name */ - int class, type; /* class and type of query */ - u_char *answer; /* buffer to put answer */ - int anslen; /* size of answer buffer */ -{ - u_char buf[MAXPACKET]; - register HEADER *hp = (HEADER *) answer; - int n; - - hp->rcode = NOERROR; /* default */ - - if ((_res.options & RES_INIT) == 0 && res_init() == -1) { - h_errno = NETDB_INTERNAL; - return (-1); - } -#ifdef DEBUG - if (_res.options & RES_DEBUG) - printf(";; res_query(%s, %d, %d)\n", name, class, type); -#endif - - n = res_mkquery(QUERY, name, class, type, NULL, 0, NULL, - buf, sizeof(buf)); - if (n > 0 && ((_res.options & RES_USE_EDNS0) || - (_res.options & RES_USE_DNSSEC))) { - n = res_opt(n, buf, sizeof(buf), anslen); - } - - if (n <= 0) { -#ifdef DEBUG - if (_res.options & RES_DEBUG) - printf(";; res_query: mkquery failed\n"); -#endif - h_errno = NO_RECOVERY; - return (n); - } - n = res_send(buf, n, answer, anslen); - if (n < 0) { -#ifdef DEBUG - if (_res.options & RES_DEBUG) - printf(";; res_query: send error\n"); -#endif - h_errno = TRY_AGAIN; - return (n); - } - - if (hp->rcode != NOERROR || ntohs(hp->ancount) == 0) { -#ifdef DEBUG - if (_res.options & RES_DEBUG) - printf(";; rcode = %u, ancount=%u\n", hp->rcode, - ntohs(hp->ancount)); -#endif - switch (hp->rcode) { - case NXDOMAIN: - h_errno = HOST_NOT_FOUND; - break; - case SERVFAIL: - h_errno = TRY_AGAIN; - break; - case NOERROR: - h_errno = NO_DATA; - break; - case FORMERR: - case NOTIMP: - case REFUSED: - default: - h_errno = NO_RECOVERY; - break; - } - return (-1); - } - return (n); -} - -/* - * Formulate a normal query, send, and retrieve answer in supplied buffer. - * Return the size of the response on success, -1 on error. - * If enabled, implement search rules until answer or unrecoverable failure - * is detected. Error code, if any, is left in h_errno. - */ -int -res_search(name, class, type, answer, anslen) - const char *name; /* domain name */ - int class, type; /* class and type of query */ - u_char *answer; /* buffer to put answer */ - int anslen; /* size of answer */ -{ - register const char *cp, * const *domain; - HEADER *hp = (HEADER *) answer; - u_int dots; - int trailing_dot, ret, saved_herrno; - int got_nodata = 0, got_servfail = 0, tried_as_is = 0; - - if ((_res.options & RES_INIT) == 0 && res_init() == -1) { - h_errno = NETDB_INTERNAL; - return (-1); - } - errno = 0; - h_errno = HOST_NOT_FOUND; /* default, if we never query */ - dots = 0; - for (cp = name; *cp; cp++) - dots += (*cp == '.'); - trailing_dot = 0; - if (cp > name && *--cp == '.') - trailing_dot++; - - /* - * if there aren't any dots, it could be a user-level alias - */ - if (!dots && (cp = __hostalias(name)) != NULL) - return (res_query(cp, class, type, answer, anslen)); - - /* - * If there are dots in the name already, let's just give it a try - * 'as is'. The threshold can be set with the "ndots" option. - */ - saved_herrno = -1; - if (dots >= _res.ndots) { - ret = res_querydomain(name, NULL, class, type, answer, anslen); - if (ret > 0) - return (ret); - saved_herrno = h_errno; - tried_as_is++; - } - - /* - * We do at least one level of search if - * - there is no dot and RES_DEFNAME is set, or - * - there is at least one dot, there is no trailing dot, - * and RES_DNSRCH is set. - */ - if ((!dots && (_res.options & RES_DEFNAMES)) || - (dots && !trailing_dot && (_res.options & RES_DNSRCH))) { - int done = 0; - - for (domain = (const char * const *)_res.dnsrch; - *domain && !done; - domain++) { - - ret = res_querydomain(name, *domain, class, type, - answer, anslen); - if (ret > 0) - return (ret); - - /* - * If no server present, give up. - * If name isn't found in this domain, - * keep trying higher domains in the search list - * (if that's enabled). - * On a NO_DATA error, keep trying, otherwise - * a wildcard entry of another type could keep us - * from finding this entry higher in the domain. - * If we get some other error (negative answer or - * server failure), then stop searching up, - * but try the input name below in case it's - * fully-qualified. - */ - if (errno == ECONNREFUSED) { - h_errno = TRY_AGAIN; - return (-1); - } - - switch (h_errno) { - case NO_DATA: - got_nodata++; - /* FALLTHROUGH */ - case HOST_NOT_FOUND: - /* keep trying */ - break; - case TRY_AGAIN: - if (hp->rcode == SERVFAIL) { - /* try next search element, if any */ - got_servfail++; - break; - } - /* FALLTHROUGH */ - default: - /* anything else implies that we're done */ - done++; - } - - /* if we got here for some reason other than DNSRCH, - * we only wanted one iteration of the loop, so stop. - */ - if (!(_res.options & RES_DNSRCH)) - done++; - } - } - - /* if we have not already tried the name "as is", do that now. - * note that we do this regardless of how many dots were in the - * name or whether it ends with a dot. - */ - if (!tried_as_is) { - ret = res_querydomain(name, NULL, class, type, answer, anslen); - if (ret > 0) - return (ret); - } - - /* if we got here, we didn't satisfy the search. - * if we did an initial full query, return that query's h_errno - * (note that we wouldn't be here if that query had succeeded). - * else if we ever got a nodata, send that back as the reason. - * else send back meaningless h_errno, that being the one from - * the last DNSRCH we did. - */ - if (saved_herrno != -1) - h_errno = saved_herrno; - else if (got_nodata) - h_errno = NO_DATA; - else if (got_servfail) - h_errno = TRY_AGAIN; - return (-1); -} - -/* - * Perform a call on res_query on the concatenation of name and domain, - * removing a trailing dot from name if domain is NULL. - */ -int -res_querydomain(name, domain, class, type, answer, anslen) - const char *name, *domain; - int class, type; /* class and type of query */ - u_char *answer; /* buffer to put answer */ - int anslen; /* size of answer */ -{ - char nbuf[MAXDNAME*2+1+1]; - const char *longname = nbuf; - int n; - - if ((_res.options & RES_INIT) == 0 && res_init() == -1) { - h_errno = NETDB_INTERNAL; - return (-1); - } -#ifdef DEBUG - if (_res.options & RES_DEBUG) - printf(";; res_querydomain(%s, %s, %d, %d)\n", - name, domain?domain:"", class, type); -#endif - if (domain == NULL) { - /* - * Check for trailing '.'; - * copy without '.' if present. - */ - n = strlen(name) - 1; - if (n != (0 - 1) && name[n] == '.' && n < sizeof(nbuf) - 1) { - bcopy(name, nbuf, n); - nbuf[n] = '\0'; - } else - longname = name; - } else - snprintf(nbuf, sizeof nbuf, "%.*s.%.*s", - MAXDNAME, name, MAXDNAME, domain); - - return (res_query(longname, class, type, answer, anslen)); -} - -const char * -hostalias(name) - register const char *name; -{ - register char *cp1, *cp2; - FILE *fp; - char *file; - char buf[BUFSIZ]; - static char abuf[MAXDNAME]; - size_t len; - - if (_res.options & RES_NOALIASES) - return (NULL); - file = getenv("HOSTALIASES"); - if (issetugid() != 0 || file == NULL || (fp = fopen(file, "r")) == NULL) - return (NULL); - setbuf(fp, NULL); - while ((cp1 = fgetln(fp, &len)) != NULL) { - if (cp1[len-1] == '\n') - len--; - if (len >= sizeof(buf) || len == 0) - continue; - (void)memcpy(buf, cp1, len); - buf[len] = '\0'; - - for (cp1 = buf; *cp1 && !isspace(*cp1); ++cp1) - ; - if (!*cp1) - break; - *cp1 = '\0'; - if (!strcasecmp(buf, name)) { - while (isspace(*++cp1)) - ; - if (!*cp1) - break; - for (cp2 = cp1 + 1; *cp2 && !isspace(*cp2); ++cp2) - ; - *cp2 = '\0'; - strlcpy(abuf, cp1, sizeof(abuf)); - fclose(fp); - return (abuf); - } - } - fclose(fp); - return (NULL); -} diff --git a/src/lib/libc/net/res_random.c b/src/lib/libc/net/res_random.c index c739e4a9521..763e420bb88 100644 --- a/src/lib/libc/net/res_random.c +++ b/src/lib/libc/net/res_random.c @@ -1,7 +1,8 @@ -/* $OpenBSD: res_random.c,v 1.12 2002/06/27 10:14:02 itojun Exp $ */ +/* $OpenBSD: res_random.c,v 1.24 2016/04/05 04:29:21 guenther Exp $ */ /* * Copyright 1997 Niels Provos + * Copyright 2008 Damien Miller * All rights reserved. * * Theo de Raadt came up with the idea of using @@ -9,6 +10,11 @@ * ids to solve the resolver/named problem. But Niels designed the * actual system based on the constraints. * + * Later modified by Damien Miller to wrap the LCG output in a 15-bit + * permutation generator based on a Luby-Rackoff block cipher. This + * ensures the output is non-repeating and preserves the MSB twiddle + * trick, but makes it more resistant to LCG prediction. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -17,11 +23,6 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by Niels Provos. - * 4. The name of the author may not be used to endorse or promote products - * derived from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES @@ -54,9 +55,8 @@ * yielding two different cycles by toggling the msb on and off. * This avoids reuse issues caused by reseeding. * - * The 16 bit space is very small and brute force attempts are - * entirly feasible, we skip a random number of transaction ids - * so that an attacker will not get sequential ids. + * The output of this generator is then randomly permuted though a + * custom 15 bit Luby-Rackoff block cipher. */ #include @@ -68,15 +68,26 @@ #include #include -#define RU_OUT 180 /* Time after wich will be reseeded */ -#define RU_MAX 30000 /* Uniq cycle, avoid blackjack prediction */ -#define RU_GEN 2 /* Starting generator */ -#define RU_N 32749 /* RU_N-1 = 2*2*3*2729 */ -#define RU_AGEN 7 /* determine ru_a as RU_AGEN^(2*rand) */ -#define RU_M 31104 /* RU_M = 2^7*3^5 - don't change */ +#include "thread_private.h" + +#define RU_OUT 180 /* Time after wich will be reseeded */ +#define RU_MAX 30000 /* Uniq cycle, avoid blackjack prediction */ +#define RU_GEN 2 /* Starting generator */ +#define RU_N 32749 /* RU_N-1 = 2*2*3*2729 */ +#define RU_AGEN 7 /* determine ru_a as RU_AGEN^(2*rand) */ +#define RU_M 31104 /* RU_M = 2^7*3^5 - don't change */ +#define RU_ROUNDS 11 /* Number of rounds for permute (odd) */ + +struct prf_ctx { + /* PRF lookup table for odd rounds (7 bits input to 8 bits output) */ + u_char prf7[(RU_ROUNDS / 2) * (1 << 7)]; + + /* PRF lookup table for even rounds (8 bits input to 7 bits output) */ + u_char prf8[((RU_ROUNDS + 1) / 2) * (1 << 8)]; +}; #define PFAC_N 3 -const static u_int16_t pfacts[PFAC_N] = { +static const u_int16_t pfacts[PFAC_N] = { 2, 3, 2729 @@ -88,9 +99,9 @@ static u_int16_t ru_a, ru_b; static u_int16_t ru_g; static u_int16_t ru_counter = 0; static u_int16_t ru_msb = 0; -static long ru_reseed; -static u_int32_t tmp; /* Storage for unused random */ -static struct timeval tv; +static struct prf_ctx *ru_prf = NULL; +static time_t ru_reseed; +static pid_t ru_pid; static u_int16_t pmod(u_int16_t, u_int16_t, u_int16_t); static void res_initid(void); @@ -99,7 +110,6 @@ static void res_initid(void); * Do a fast modular exponation, returned value will be in the range * of 0 - (mod-1) */ - static u_int16_t pmod(u_int16_t gen, u_int16_t exp, u_int16_t mod) { @@ -111,13 +121,46 @@ pmod(u_int16_t gen, u_int16_t exp, u_int16_t mod) while (u) { if (u & 1) - s = (s*t) % mod; + s = (s * t) % mod; u >>= 1; - t = (t*t) % mod; + t = (t * t) % mod; } return (s); } +/* + * 15-bit permutation based on Luby-Rackoff block cipher + */ +static u_int +permute15(u_int in) +{ + int i; + u_int left, right, tmp; + + if (ru_prf == NULL) + return in; + + left = (in >> 8) & 0x7f; + right = in & 0xff; + + /* + * Each round swaps the width of left and right. Even rounds have + * a 7-bit left, odd rounds have an 8-bit left. Since this uses an + * odd number of rounds, left is always 8 bits wide at the end. + */ + for (i = 0; i < RU_ROUNDS; i++) { + if ((i & 1) == 0) + tmp = ru_prf->prf8[(i << (8 - 1)) | right] & 0x7f; + else + tmp = ru_prf->prf7[((i - 1) << (7 - 1)) | right]; + tmp ^= left; + left = right; + right = tmp; + } + + return (right << 8) | left; +} + /* * Initializes the seed and chooses a suitable generator. Also toggles * the msb flag. The msb flag is used to generate two distinct @@ -127,30 +170,28 @@ pmod(u_int16_t gen, u_int16_t exp, u_int16_t mod) * application does not have to worry about it. */ static void -res_initid() +res_initid(void) { u_int16_t j, i; + u_int32_t tmp; int noprime = 1; + struct timespec ts; - tmp = arc4random(); - ru_x = (tmp & 0xFFFF) % RU_M; + ru_x = arc4random_uniform(RU_M); /* 15 bits of random seed */ - ru_seed = (tmp >> 16) & 0x7FFF; tmp = arc4random(); + ru_seed = (tmp >> 16) & 0x7FFF; ru_seed2 = tmp & 0x7FFF; - tmp = arc4random(); - /* Determine the LCG we use */ + tmp = arc4random(); ru_b = (tmp & 0xfffe) | 1; ru_a = pmod(RU_AGEN, (tmp >> 16) & 0xfffe, RU_M); while (ru_b % 3 == 0) - ru_b += 2; + ru_b += 2; - tmp = arc4random(); - j = tmp % RU_N; - tmp = tmp >> 16; + j = arc4random_uniform(RU_N); /* * Do a fast gcd(j,RU_N-1), so we can find a j with @@ -159,52 +200,62 @@ res_initid() */ while (noprime) { - for (i=0; i=PFAC_N) + if (i >= PFAC_N) noprime = 0; else - j = (j+1) % RU_N; + j = (j + 1) % RU_N; } - ru_g = pmod(RU_GEN,j,RU_N); + ru_g = pmod(RU_GEN, j, RU_N); ru_counter = 0; - gettimeofday(&tv, NULL); - ru_reseed = tv.tv_sec + RU_OUT; + /* Initialise PRF for Luby-Rackoff permutation */ + if (ru_prf == NULL) + ru_prf = malloc(sizeof(*ru_prf)); + if (ru_prf != NULL) + arc4random_buf(ru_prf, sizeof(*ru_prf)); + + clock_gettime(CLOCK_MONOTONIC, &ts); + ru_reseed = ts.tv_sec + RU_OUT; ru_msb = ru_msb == 0x8000 ? 0 : 0x8000; } u_int -res_randomid() +__res_randomid(void) { - int i, n; + struct timespec ts; + pid_t pid; + u_int r; + static void *randomid_mutex; - gettimeofday(&tv, NULL); - if (ru_counter >= RU_MAX || tv.tv_sec > ru_reseed) - res_initid(); + clock_gettime(CLOCK_MONOTONIC, &ts); + pid = getpid(); - if (!tmp) - tmp = arc4random(); + _MUTEX_LOCK(&randomid_mutex); + + if (ru_counter >= RU_MAX || ts.tv_sec > ru_reseed || pid != ru_pid) { + res_initid(); + ru_pid = pid; + } - /* Skip a random number of ids */ - n = tmp & 0x7; tmp = tmp >> 3; - if (ru_counter + n >= RU_MAX) - res_initid(); + /* Linear Congruential Generator */ + ru_x = (ru_a * ru_x + ru_b) % RU_M; + ru_counter++; - for (i=0; i<=n; i++) - /* Linear Congruential Generator */ - ru_x = (ru_a*ru_x + ru_b) % RU_M; + r = permute15(ru_seed ^ pmod(ru_g, ru_seed2 + ru_x, RU_N)) | ru_msb; - ru_counter += i; + _MUTEX_UNLOCK(&randomid_mutex); - return (ru_seed ^ pmod(ru_g,ru_seed2 ^ ru_x,RU_N)) | ru_msb; + return (r); } +DEF_STRONG(__res_randomid); #if 0 -void +int main(int argc, char **argv) { int i, n; @@ -219,11 +270,12 @@ main(int argc, char **argv) printf("Ru_A: %u\n", ru_a); printf("Ru_B: %u\n", ru_b); - n = atoi(argv[1]); + n = argc > 1 ? atoi(argv[1]) : 60001; for (i=0;i -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include - -static int s = -1; /* socket used for communications */ -static int connected = 0; /* is the socket connected */ -static int vc = 0; /* is the socket a virtual ciruit? */ -static int af = 0; /* address family of socket */ - -#ifndef FD_SET -/* XXX - should be in portability.h */ -#define NFDBITS 32 -#define FD_SETSIZE 32 -#define FD_SET(n, p) ((p)->fds_bits[(n)/NFDBITS] |= (1 << ((n) % NFDBITS))) -#define FD_CLR(n, p) ((p)->fds_bits[(n)/NFDBITS] &= ~(1 << ((n) % NFDBITS))) -#define FD_ISSET(n, p) ((p)->fds_bits[(n)/NFDBITS] & (1 << ((n) % NFDBITS))) -#define FD_ZERO(p) bzero((char *)(p), sizeof(*(p))) -#endif - -#define CAN_RECONNECT 1 - -#ifndef DEBUG -# define Dprint(cond, args) /*empty*/ -# define DprintQ(cond, args, query, size) /*empty*/ -# define Aerror(file, string, error, address) /*empty*/ -# define Perror(file, string, error) /*empty*/ -#else -# define Dprint(cond, args) if (cond) {fprintf args;} else {} -# define DprintQ(cond, args, query, size) if (cond) {\ - fprintf args;\ - __fp_nquery(query, size, stdout);\ - } else {} -static char abuf[NI_MAXHOST]; -static char pbuf[NI_MAXSERV]; -static void Aerror(FILE *, char *, int, struct sockaddr *); -static void Perror(FILE *, char *, int); - - static void - Aerror(file, string, error, address) - FILE *file; - char *string; - int error; - struct sockaddr *address; - { - int save = errno; - - if (_res.options & RES_DEBUG) { - if (getnameinfo(address, address->sa_len, abuf, sizeof(abuf), - pbuf, sizeof(pbuf), - NI_NUMERICHOST|NI_NUMERICSERV|NI_WITHSCOPEID) != 0) { - strncpy(abuf, "?", sizeof(abuf)); - strncpy(pbuf, "?", sizeof(pbuf)); - } - fprintf(file, "res_send: %s ([%s].%s): %s\n", - string, abuf, pbuf, strerror(error)); - } - errno = save; - } - static void - Perror(file, string, error) - FILE *file; - char *string; - int error; - { - int save = errno; - - if (_res.options & RES_DEBUG) { - fprintf(file, "res_send: %s: %s\n", - string, strerror(error)); - } - errno = save; - } -#endif - -static res_send_qhook Qhook = NULL; -static res_send_rhook Rhook = NULL; - -void -res_send_setqhook(hook) - res_send_qhook hook; -{ - - Qhook = hook; -} - -void -res_send_setrhook(hook) - res_send_rhook hook; -{ - - Rhook = hook; -} - -#ifdef INET6 -static struct sockaddr * get_nsaddr(size_t); - -/* - * pick appropriate nsaddr_list for use. see res_init() for initialization. - */ -static struct sockaddr * -get_nsaddr(n) - size_t n; -{ - - if (!_res.nsaddr_list[n].sin_family) { - /* - * - _res_ext.nsaddr_list[n] holds an address that is larger - * than struct sockaddr, and - * - user code did not update _res.nsaddr_list[n]. - */ - return (struct sockaddr *)&_res_ext.nsaddr_list[n]; - } else { - /* - * - user code updated _res.nsaddr_list[n], or - * - _res.nsaddr_list[n] has the same content as - * _res_ext.nsaddr_list[n]. - */ - return (struct sockaddr *)&_res.nsaddr_list[n]; - } -} -#else -#define get_nsaddr(n) ((struct sockaddr *)&_res.nsaddr_list[(n)]) -#endif - -/* int - * res_isourserver(ina) - * looks up "ina" in _res.ns_addr_list[] - * returns: - * 0 : not found - * >0 : found - * author: - * paul vixie, 29may94 - */ -int -res_isourserver(inp) - const struct sockaddr_in *inp; -{ -#ifdef INET6 - const struct sockaddr_in6 *in6p = (const struct sockaddr_in6 *)inp; - const struct sockaddr_in6 *srv6; -#endif - const struct sockaddr_in *srv; - int ns, ret; - - ret = 0; - switch (inp->sin_family) { -#ifdef INET6 - case AF_INET6: - for (ns = 0; ns < _res.nscount; ns++) { - srv6 = (struct sockaddr_in6 *)get_nsaddr(ns); - if (srv6->sin6_family == in6p->sin6_family && - srv6->sin6_port == in6p->sin6_port && - srv6->sin6_scope_id == in6p->sin6_scope_id && - (IN6_IS_ADDR_UNSPECIFIED(&srv6->sin6_addr) || - IN6_ARE_ADDR_EQUAL(&srv6->sin6_addr, - &in6p->sin6_addr))) { - ret++; - break; - } - } - break; -#endif - case AF_INET: - for (ns = 0; ns < _res.nscount; ns++) { - srv = (struct sockaddr_in *)get_nsaddr(ns); - if (srv->sin_family == inp->sin_family && - srv->sin_port == inp->sin_port && - (srv->sin_addr.s_addr == INADDR_ANY || - srv->sin_addr.s_addr == inp->sin_addr.s_addr)) { - ret++; - break; - } - } - break; - } - return (ret); -} - -/* int - * res_nameinquery(name, type, class, buf, eom) - * look for (name,type,class) in the query section of packet (buf,eom) - * returns: - * -1 : format error - * 0 : not found - * >0 : found - * author: - * paul vixie, 29may94 - */ -int -res_nameinquery(name, type, class, buf, eom) - const char *name; - register int type, class; - const u_char *buf, *eom; -{ - register const u_char *cp = buf + HFIXEDSZ; - int qdcount = ntohs(((HEADER*)buf)->qdcount); - - while (qdcount-- > 0) { - char tname[MAXDNAME+1]; - register int n, ttype, tclass; - - n = dn_expand(buf, eom, cp, tname, sizeof tname); - if (n < 0) - return (-1); - cp += n; - ttype = _getshort(cp); cp += INT16SZ; - tclass = _getshort(cp); cp += INT16SZ; - if (ttype == type && - tclass == class && - strcasecmp(tname, name) == 0) - return (1); - } - return (0); -} - -/* int - * res_queriesmatch(buf1, eom1, buf2, eom2) - * is there a 1:1 mapping of (name,type,class) - * in (buf1,eom1) and (buf2,eom2)? - * returns: - * -1 : format error - * 0 : not a 1:1 mapping - * >0 : is a 1:1 mapping - * author: - * paul vixie, 29may94 - */ -int -res_queriesmatch(buf1, eom1, buf2, eom2) - const u_char *buf1, *eom1; - const u_char *buf2, *eom2; -{ - register const u_char *cp = buf1 + HFIXEDSZ; - int qdcount = ntohs(((HEADER*)buf1)->qdcount); - - if (qdcount != ntohs(((HEADER*)buf2)->qdcount)) - return (0); - while (qdcount-- > 0) { - char tname[MAXDNAME+1]; - register int n, ttype, tclass; - - n = dn_expand(buf1, eom1, cp, tname, sizeof tname); - if (n < 0) - return (-1); - cp += n; - ttype = _getshort(cp); cp += INT16SZ; - tclass = _getshort(cp); cp += INT16SZ; - if (!res_nameinquery(tname, ttype, tclass, buf2, eom2)) - return (0); - } - return (1); -} - -int -res_send(buf, buflen, ans, anssiz) - const u_char *buf; - int buflen; - u_char *ans; - int anssiz; -{ - HEADER *hp = (HEADER *) buf; - HEADER *anhp = (HEADER *) ans; - int gotsomewhere, connreset, terrno, try, v_circuit, resplen, ns; - register int n; - u_int badns; /* XXX NSMAX can't exceed #/bits in this var */ - - if ((_res.options & RES_INIT) == 0 && res_init() == -1) { - /* errno should have been set by res_init() in this case. */ - return (-1); - } - DprintQ((_res.options & RES_DEBUG) || (_res.pfcode & RES_PRF_QUERY), - (stdout, ";; res_send()\n"), buf, buflen); - v_circuit = (_res.options & RES_USEVC) || buflen > PACKETSZ; - gotsomewhere = 0; - connreset = 0; - terrno = ETIMEDOUT; - badns = 0; - - /* - * Send request, RETRY times, or until successful - */ - for (try = 0; try < _res.retry; try++) { - for (ns = 0; ns < _res.nscount; ns++) { - struct sockaddr *nsap = get_nsaddr(ns); - socklen_t salen; - - if (nsap->sa_len) - salen = nsap->sa_len; -#ifdef INET6 - else if (nsap->sa_family == AF_INET6) - salen = sizeof(struct sockaddr_in6); -#endif - else if (nsap->sa_family == AF_INET) - salen = sizeof(struct sockaddr_in); - else - salen = 0; /*unknown, die on connect*/ - - same_ns: - if (badns & (1 << ns)) { - res_close(); - goto next_ns; - } - - if (Qhook) { - int done = 0, loops = 0; - - do { - res_sendhookact act; - - act = (*Qhook)((struct sockaddr_in **)&nsap, - &buf, &buflen, - ans, anssiz, &resplen); - switch (act) { - case res_goahead: - done = 1; - break; - case res_nextns: - res_close(); - goto next_ns; - case res_done: - return (resplen); - case res_modified: - /* give the hook another try */ - if (++loops < 42) /*doug adams*/ - break; - /*FALLTHROUGH*/ - case res_error: - /*FALLTHROUGH*/ - default: - return (-1); - } - } while (!done); - } - - Dprint((_res.options & RES_DEBUG) && - getnameinfo(nsap, salen, abuf, sizeof(abuf), - NULL, 0, NI_NUMERICHOST | NI_WITHSCOPEID) == 0, - (stdout, ";; Querying server (# %d) address = %s\n", - ns + 1, abuf)); - - if (v_circuit) { - int truncated; - struct iovec iov[2]; - u_short len; - u_char *cp; - - /* - * Use virtual circuit; - * at most one attempt per server. - */ - try = _res.retry; - truncated = 0; - if ((s < 0) || (!vc) || (af != nsap->sa_family)) { - if (s >= 0) - res_close(); - - af = nsap->sa_family; - s = socket(af, SOCK_STREAM, 0); - if (s < 0) { - terrno = errno; - Perror(stderr, "socket(vc)", errno); -#if 0 - return (-1); -#else - badns |= (1 << ns); - res_close(); - goto next_ns; -#endif - } - errno = 0; - if (connect(s, nsap, salen) < 0) { - terrno = errno; - Aerror(stderr, "connect/vc", - errno, nsap); - badns |= (1 << ns); - res_close(); - goto next_ns; - } - vc = 1; - } - /* - * Send length & message - */ - putshort((u_short)buflen, (u_char*)&len); - iov[0].iov_base = (caddr_t)&len; - iov[0].iov_len = INT16SZ; - iov[1].iov_base = (caddr_t)buf; - iov[1].iov_len = buflen; - if (writev(s, iov, 2) != (INT16SZ + buflen)) { - terrno = errno; - Perror(stderr, "write failed", errno); - badns |= (1 << ns); - res_close(); - goto next_ns; - } - /* - * Receive length & response - */ -read_len: - cp = ans; - len = INT16SZ; - while ((n = read(s, (char *)cp, (int)len)) > 0) { - cp += n; - if ((len -= n) <= 0) - break; - } - if (n <= 0) { - terrno = errno; - Perror(stderr, "read failed", errno); - res_close(); - /* - * A long running process might get its TCP - * connection reset if the remote server was - * restarted. Requery the server instead of - * trying a new one. When there is only one - * server, this means that a query might work - * instead of failing. We only allow one reset - * per query to prevent looping. - */ - if (terrno == ECONNRESET && !connreset) { - connreset = 1; - res_close(); - goto same_ns; - } - res_close(); - goto next_ns; - } - resplen = _getshort(ans); - if (resplen > anssiz) { - Dprint(_res.options & RES_DEBUG, - (stdout, ";; response truncated\n") - ); - truncated = 1; - len = anssiz; - } else - len = resplen; - cp = ans; - while (len != 0 && - (n = read(s, (char *)cp, (int)len)) > 0) { - cp += n; - len -= n; - } - if (n <= 0) { - terrno = errno; - Perror(stderr, "read(vc)", errno); - res_close(); - goto next_ns; - } - if (truncated) { - /* - * Flush rest of answer - * so connection stays in synch. - */ - anhp->tc = 1; - len = resplen - anssiz; - while (len != 0) { - char junk[PACKETSZ]; - - n = (len > sizeof(junk) - ? sizeof(junk) - : len); - if ((n = read(s, junk, n)) > 0) - len -= n; - else - break; - } - } - /* - * The calling applicating has bailed out of - * a previous call and failed to arrange to have - * the circuit closed or the server has got - * itself confused. Anyway drop the packet and - * wait for the correct one. - */ - if (hp->id != anhp->id) { - DprintQ((_res.options & RES_DEBUG) || - (_res.pfcode & RES_PRF_REPLY), - (stdout, ";; old answer (unexpected):\n"), - ans, (resplen>anssiz)?anssiz:resplen); - goto read_len; - } - } else { - /* - * Use datagrams. - */ - struct timeval timeout; - fd_set *dsmaskp; - struct sockaddr_storage from; - int fromlen; - - if ((s < 0) || vc || (af != nsap->sa_family)) { - if (vc) - res_close(); - af = nsap->sa_family; - s = socket(af, SOCK_DGRAM, 0); - if (s < 0) { -#if !CAN_RECONNECT - bad_dg_sock: -#endif - terrno = errno; - Perror(stderr, "socket(dg)", errno); -#if 0 - return (-1); -#else - badns |= (1 << ns); - res_close(); - goto next_ns; -#endif - } -#ifdef IPV6_MINMTU - if (af == AF_INET6) { - const int yes = 1; - (void)setsockopt(s, IPPROTO_IPV6, - IPV6_USE_MIN_MTU, &yes, - sizeof(yes)); - } -#endif - connected = 0; - } - /* - * On a 4.3BSD+ machine (client and server, - * actually), sending to a nameserver datagram - * port with no nameserver will cause an - * ICMP port unreachable message to be returned. - * If our datagram socket is "connected" to the - * server, we get an ECONNREFUSED error on the next - * socket operation, and select returns if the - * error message is received. We can thus detect - * the absence of a nameserver without timing out. - * If we have sent queries to at least two servers, - * however, we don't want to remain connected, - * as we wish to receive answers from the first - * server to respond. - */ - if (!(_res.options & RES_INSECURE1) && - (_res.nscount == 1 || (try == 0 && ns == 0))) { - /* - * Connect only if we are sure we won't - * receive a response from another server. - */ - if (!connected) { - if (connect(s, nsap, salen) < 0) { - Aerror(stderr, - "connect(dg)", - errno, nsap); - badns |= (1 << ns); - res_close(); - goto next_ns; - } - connected = 1; - } - if (send(s, (char*)buf, buflen, 0) != buflen) { - Perror(stderr, "send", errno); - badns |= (1 << ns); - res_close(); - goto next_ns; - } - } else { - /* - * Disconnect if we want to listen - * for responses from more than one server. - */ - if (connected) { -#if CAN_RECONNECT -#ifdef INET6 - /* XXX: any errornous address */ -#endif /* INET6 */ - struct sockaddr_in no_addr; - - no_addr.sin_family = AF_INET; - no_addr.sin_addr.s_addr = INADDR_ANY; - no_addr.sin_port = 0; - (void) connect(s, - (struct sockaddr *) - &no_addr, - sizeof(no_addr)); -#else - int s1 = socket(af, SOCK_DGRAM,0); - if (s1 < 0) - goto bad_dg_sock; - (void) dup2(s1, s); - (void) close(s1); - Dprint(_res.options & RES_DEBUG, - (stdout, ";; new DG socket\n")) -#endif -#ifdef IPV6_MINMTU - if (af == AF_INET6) { - const int yes = 1; - (void)setsockopt(s, IPPROTO_IPV6, - IPV6_USE_MIN_MTU, &yes, - sizeof(yes)); - } -#endif - connected = 0; - errno = 0; - } - if (sendto(s, (char*)buf, buflen, 0, - nsap, salen) != buflen) { - Aerror(stderr, "sendto", errno, nsap); - badns |= (1 << ns); - res_close(); - goto next_ns; - } - } - - /* - * Wait for reply - */ - timeout.tv_sec = (_res.retrans << try); - if (try > 0) - timeout.tv_sec /= _res.nscount; - if ((long) timeout.tv_sec <= 0) - timeout.tv_sec = 1; - timeout.tv_usec = 0; - wait: - dsmaskp = (fd_set *)calloc(howmany(s+1, NFDBITS), - sizeof(fd_mask)); - if (dsmaskp == NULL) { - res_close(); - goto next_ns; - } - FD_SET(s, dsmaskp); - n = select(s+1, dsmaskp, (fd_set *)NULL, - (fd_set *)NULL, &timeout); - free(dsmaskp); - if (n < 0) { - if (errno == EINTR) - goto wait; - Perror(stderr, "select", errno); - res_close(); - goto next_ns; - } - if (n == 0) { - /* - * timeout - */ - Dprint(_res.options & RES_DEBUG, - (stdout, ";; timeout\n")); - gotsomewhere = 1; - res_close(); - goto next_ns; - } - errno = 0; - fromlen = sizeof(from); - resplen = recvfrom(s, (char*)ans, anssiz, 0, - (struct sockaddr *)&from, &fromlen); - if (resplen <= 0) { - Perror(stderr, "recvfrom", errno); - res_close(); - goto next_ns; - } - gotsomewhere = 1; - if (hp->id != anhp->id) { - /* - * response from old query, ignore it. - * XXX - potential security hazard could - * be detected here. - */ - DprintQ((_res.options & RES_DEBUG) || - (_res.pfcode & RES_PRF_REPLY), - (stdout, ";; old answer:\n"), - ans, (resplen>anssiz)?anssiz:resplen); - goto wait; - } -#if CHECK_SRVR_ADDR - if (!(_res.options & RES_INSECURE1) && - !res_isourserver((struct sockaddr_in *)&from)) { - /* - * response from wrong server? ignore it. - * XXX - potential security hazard could - * be detected here. - */ - DprintQ((_res.options & RES_DEBUG) || - (_res.pfcode & RES_PRF_REPLY), - (stdout, ";; not our server:\n"), - ans, (resplen>anssiz)?anssiz:resplen); - goto wait; - } -#endif - if (!(_res.options & RES_INSECURE2) && - !res_queriesmatch(buf, buf + buflen, - ans, ans + anssiz)) { - /* - * response contains wrong query? ignore it. - * XXX - potential security hazard could - * be detected here. - */ - DprintQ((_res.options & RES_DEBUG) || - (_res.pfcode & RES_PRF_REPLY), - (stdout, ";; wrong query name:\n"), - ans, (resplen>anssiz)?anssiz:resplen); - goto wait; - } - if (anhp->rcode == SERVFAIL || - anhp->rcode == NOTIMP || - anhp->rcode == REFUSED) { - DprintQ(_res.options & RES_DEBUG, - (stdout, "server rejected query:\n"), - ans, (resplen>anssiz)?anssiz:resplen); - badns |= (1 << ns); - res_close(); - /* don't retry if called from dig */ - if (!_res.pfcode) - goto next_ns; - } - if (!(_res.options & RES_IGNTC) && anhp->tc) { - /* - * get rest of answer; - * use TCP with same server. - */ - Dprint(_res.options & RES_DEBUG, - (stdout, ";; truncated answer\n")); - v_circuit = 1; - res_close(); - goto same_ns; - } - } /*if vc/dg*/ - Dprint((_res.options & RES_DEBUG) || - ((_res.pfcode & RES_PRF_REPLY) && - (_res.pfcode & RES_PRF_HEAD1)), - (stdout, ";; got answer:\n")); - DprintQ((_res.options & RES_DEBUG) || - (_res.pfcode & RES_PRF_REPLY), - (stdout, "%s", ""), - ans, (resplen>anssiz)?anssiz:resplen); - /* - * If using virtual circuits, we assume that the first server - * is preferred over the rest (i.e. it is on the local - * machine) and only keep that one open. - * If we have temporarily opened a virtual circuit, - * or if we haven't been asked to keep a socket open, - * close the socket. - */ - if ((v_circuit && (!(_res.options & RES_USEVC) || ns != 0)) || - !(_res.options & RES_STAYOPEN)) { - res_close(); - } - if (Rhook) { - int done = 0, loops = 0; - - do { - res_sendhookact act; - - act = (*Rhook)((struct sockaddr_in *)nsap, - buf, buflen, - ans, anssiz, &resplen); - switch (act) { - case res_goahead: - case res_done: - done = 1; - break; - case res_nextns: - res_close(); - goto next_ns; - case res_modified: - /* give the hook another try */ - if (++loops < 42) /*doug adams*/ - break; - /*FALLTHROUGH*/ - case res_error: - /*FALLTHROUGH*/ - default: - return (-1); - } - } while (!done); - - } - return (resplen); - next_ns: ; - } /*foreach ns*/ - } /*foreach retry*/ - res_close(); - if (!v_circuit) { - if (!gotsomewhere) - errno = ECONNREFUSED; /* no nameservers found */ - else - errno = ETIMEDOUT; /* no answer obtained */ - } else - errno = terrno; - return (-1); -} - -/* - * This routine is for closing the socket if a virtual circuit is used and - * the program wants to close it. This provides support for endhostent() - * which expects to close the socket. - * - * This routine is not expected to be user visible. - */ -void -res_close() -{ - if (s >= 0) { - (void) close(s); - s = -1; - connected = 0; - vc = 0; - af = 0; - } -} diff --git a/src/lib/libc/net/resolver.3 b/src/lib/libc/net/resolver.3 index 4d5402ed2d6..e6b1f472b48 100644 --- a/src/lib/libc/net/resolver.3 +++ b/src/lib/libc/net/resolver.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: resolver.3,v 1.15 2001/04/03 20:09:08 aaron Exp $ +.\" $OpenBSD: resolver.3,v 1.38 2019/01/14 06:23:06 otto Exp $ .\" .\" Copyright (c) 1985, 1991, 1993 .\" The Regents of the University of California. All rights reserved. @@ -11,11 +11,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -31,8 +27,8 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd June 4, 1993 -.Dt RESOLVER 3 +.Dd $Mdocdate: January 14 2019 $ +.Dt RES_INIT 3 .Os .Sh NAME .Nm res_query , @@ -44,61 +40,61 @@ .Nm dn_expand .Nd resolver routines .Sh SYNOPSIS -.Fd #include -.Fd #include -.Fd #include -.Fd #include +.In sys/types.h +.In netinet/in.h +.In arpa/nameser.h +.In resolv.h .Ft int .Fo res_query -.Fa "char *dname" +.Fa "const char *dname" .Fa "int class" .Fa "int type" -.Fa "u_char *answer" +.Fa "unsigned char *answer" .Fa "int anslen" .Fc .Ft int .Fo res_search -.Fa "char *dname" +.Fa "const char *dname" .Fa "int class" .Fa "int type" -.Fa "u_char *answer" +.Fa "unsigned char *answer" .Fa "int anslen" .Fc .Ft int .Fo res_mkquery .Fa "int op" -.Fa "char *dname" +.Fa "const char *dname" .Fa "int class" .Fa "int type" -.Fa "char *data" +.Fa "const unsigned char *data" .Fa "int datalen" -.Fa "struct rrec *newrr" -.Fa "char *buf" +.Fa "const unsigned char *newrr" +.Fa "unsigned char *buf" .Fa "int buflen" .Fc .Ft int .Fo res_send -.Fa "char *msg" +.Fa "const unsigned char *msg" .Fa "int msglen" -.Fa "char *answer" +.Fa "unsigned char *answer" .Fa "int anslen" .Fc .Ft int .Fn res_init "void" .Ft int .Fo dn_comp -.Fa "char *exp_dn" -.Fa "char *comp_dn" +.Fa "const char *exp_dn" +.Fa "unsigned char *comp_dn" .Fa "int length" -.Fa "char **dnptrs" -.Fa "char **lastdnptr" +.Fa "unsigned char **dnptrs" +.Fa "unsigned char **lastdnptr" .Fc .Ft int .Fo dn_expand -.Fa "u_char *msg" -.Fa "u_char *eomorig" -.Fa "u_char *comp_dn" -.Fa "u_char *exp_dn" +.Fa "const unsigned char *msg" +.Fa "const unsigned char *eomorig" +.Fa "const unsigned char *comp_dn" +.Fa "char *exp_dn" .Fa "int length" .Fc .Sh DESCRIPTION @@ -107,60 +103,63 @@ query and reply messages with Internet domain name servers. .Pp Global configuration and state information that is used by the resolver routines is kept in the structure -.Li _res . +.Va _res . Most of the values have reasonable defaults and can be ignored. Options stored in -.Li _res.options +.Va _res.options are defined in -.Aq Pa resolv.h +.In resolv.h and are as follows. -Options are stored as a simple bit mask containing the bitwise -.Tn OR +Options are stored as a simple bit mask containing the bitwise OR of the options enabled. -.Bl -tag -width RES_USE_INET6 +.Bl -tag -width RES_USE_DNSSEC .It Dv RES_INIT True if the initial name server address and default domain name are -initialized (i.e., +initialized (i.e.\& .Fn res_init has been called). .It Dv RES_DEBUG -Print debugging messages. +Print debugging messages, +if libc is compiled with +.Dv DEBUG . +By default on +.Ox +this option does nothing. .It Dv RES_AAONLY Accept authoritative answers only. With this option, .Fn res_send should continue until it finds an authoritative answer or finds an error. -Currently this is not implemented. +On +.Ox +this option does nothing. .It Dv RES_USEVC -Use -.Tn TCP -connections for queries instead of -.Tn UDP -datagrams. -.It Dv RES_STAYOPEN -Used with -.Dv RES_USEVC -to keep the -.Tn TCP -connection open between queries. -This is useful only in programs that regularly do many queries. -.Tn UDP -should be the normal mode used. +Use TCP connections for queries instead of UDP datagrams. +.It Dv RES_PRIMARY +Query the primary name server only. +On +.Ox +this option does nothing. .It Dv RES_IGNTC -Unused currently (ignore truncation errors, i.e., don't retry with -.Tn TCP ) . +Ignore truncation errors, i.e. don't retry with TCP. .It Dv RES_RECURSE Set the recursion-desired bit in queries. -This is the default. .Pf ( Fn res_send does not do iterative queries and expects the name server to handle recursion.) +This option is enabled by default. .It Dv RES_DEFNAMES If set, .Fn res_search will append the default domain name to single-component names (those that do not contain a dot). This option is enabled by default. +.It Dv RES_STAYOPEN +Used with +.Dv RES_USEVC +to keep the TCP connection open between queries. +This is useful only in programs that regularly do many queries. +UDP should be the normal mode used. .It Dv RES_DNSRCH If this option is set, .Fn res_search @@ -169,12 +168,39 @@ will search for host names in the current domain and in parent domains; see This is used by the standard host lookup routine .Xr gethostbyname 3 . This option is enabled by default. +.It Dv RES_INSECURE_1 +Do not require the IP source address on the reply packet +to be equal to the server's address. +.It Dv RES_INSECURE_2 +Do not check if the query section of the reply packet +is equal to that of the query packet. +.It Dv RES_NOALIASES +In the past, this turned off the legacy +.Ev HOSTALIASES +feature. .It Dv RES_USE_INET6 Enables support for IPv6-only applications. This causes IPv4 addresses to be returned as an IPv4 mapped address. For example, 10.1.1.1 will be returned as ::ffff:10.1.1.1. -The option is not meaningful on -.Ox . +On +.Ox +this option does nothing. +.It Dv RES_USE_EDNS0 +Attach an OPT pseudo-RR for the EDNS0 extension, +as specified in RFC 2671. +This informs DNS servers of a client's receive buffer size, +allowing them to take advantage of a non-default receive buffer size, +and thus to send larger replies. +DNS query packets with the EDNS0 extension are not compatible with +non-EDNS0 DNS servers. +.Ox +uses 4096 bytes as input buffer size. +.It Dv RES_USE_DNSSEC +Request that the resolver uses +Domain Name System Security Extensions (DNSSEC), +as defined in RFCs 4033, 4034, and 4035. +.It Dv RES_USE_CD +Set the Checking Disabled flag on queries. .El .Pp The @@ -190,19 +216,17 @@ if not specified in the configuration file; it can be overridden by the environment variable .Ev LOCALDOMAIN . This environment variable may contain several blank-separated -tokens if you wish to override the -.Fa search list -on a per-process basis. +tokens if you wish to override the search list on a per-process basis. This is similar to the -.Fa search +.Ic search command in the configuration file. Another environment variable .Ev RES_OPTIONS can be set to override certain internal resolver options which are otherwise set by changing fields in the -.Fa _res +.Va _res structure or are inherited from the configuration file's -.Fa options +.Ic options command. The syntax of the .Ev RES_OPTIONS @@ -227,6 +251,13 @@ The reply message is left in the buffer with length .Fa anslen supplied by the caller. +Values for the +.Fa class +and +.Fa type +fields +are defined in +.In arpa/nameser.h . .Pp The .Fn res_search @@ -252,7 +283,7 @@ The query type is usually .Dv QUERY , but can be any of the query types defined in -.Aq Pa arpa/nameser.h . +.In arpa/nameser.h . The domain name for the query is given by .Fa dname . .Fa newrr @@ -293,7 +324,7 @@ A side effect of is to update the list of pointers for labels inserted into the message as the name is compressed. If -.Em dnptr +.Fa dnptrs is .Dv NULL , names are not compressed. @@ -307,7 +338,7 @@ The .Fn dn_expand entry expands the compressed domain name .Fa comp_dn -to a full domain name +to a full domain name. The compressed name is contained in a query or reply message; .Fa msg is a pointer to the beginning of the message. @@ -317,29 +348,62 @@ which is of size .Fa length . The size of compressed name is returned or \-1 if there was an error. .Sh FILES -.Bl -tag -width Pa -/etc/resolv.conf -configuration file -see -.Xr resolv.conf 5 . +.Bl -tag -width "/etc/resolv.confXX" +.It Pa /etc/resolv.conf +The configuration file. .El .Sh SEE ALSO .Xr gethostbyname 3 , .Xr resolv.conf 5 , -.Xr hostname 7 , -.Xr named 8 +.Xr hostname 7 +.Sh STANDARDS +.Rs +.%A M. Stahl +.%D November 1987 +.%R RFC 1032 +.%T Domain Administrators Guide +.Re +.Pp +.Rs +.%A M. Lottor +.%D November 1987 +.%R RFC 1033 +.%T Domain Administrators Operations Guide +.Re .Pp -.%T RFC1032 , -.%T RFC1033 , -.%T RFC1034 , -.%T RFC1035 , -.%T RFC1535 , -.%T RFC974 .Rs -.%T "Name Server Operations Guide for BIND" +.%A P. Mockapetris +.%D November 1987 +.%R RFC 1034 +.%T Domain Names \(en Concepts and Facilities +.Re +.Pp +.Rs +.%A P. Mockapetris +.%D November 1987 +.%R RFC 1035 +.%T Domain Names \(en Implementation and Specification +.Re +.Pp +.Rs +.%A J. Klensin +.%D October 2008 +.%R RFC 5321 +.%T Simple Mail Transfer Protocol .Re .Sh HISTORY -The -.Nm -function appeared in +The functions +.Fn res_mkquery , +.Fn res_send , +.Fn res_init , +.Fn dn_comp , +and +.Fn dn_expand +appeared in .Bx 4.3 . +The functions +.Fn res_query +and +.Fn res_search +appeared in +.Bx 4.3 Tahoe . diff --git a/src/lib/libc/net/rresvport.c b/src/lib/libc/net/rresvport.c index c807adfb83e..6b45000f7b7 100644 --- a/src/lib/libc/net/rresvport.c +++ b/src/lib/libc/net/rresvport.c @@ -1,3 +1,4 @@ +/* $OpenBSD: rresvport.c,v 1.11 2015/09/12 14:56:50 guenther Exp $ */ /* * Copyright (c) 1995, 1996, 1998 Theo de Raadt. All rights reserved. * Copyright (c) 1983, 1993, 1994 @@ -11,12 +12,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * This product includes software developed by Theo de Raadt. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -33,11 +29,6 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: rresvport.c,v 1.5 2000/01/26 03:43:20 deraadt Exp $"; -#endif /* LIBC_SCCS and not lint */ - -#include #include #include @@ -58,17 +49,14 @@ static char *rcsid = "$OpenBSD: rresvport.c,v 1.5 2000/01/26 03:43:20 deraadt Ex #include int -rresvport(alport) - int *alport; +rresvport(int *alport) { return rresvport_af(alport, AF_INET); } int -rresvport_af(alport, af) - int *alport; - int af; +rresvport_af(int *alport, int af) { struct sockaddr_storage ss; struct sockaddr *sa; @@ -116,3 +104,4 @@ rresvport_af(alport, af) *alport = ntohs(*portp); return (s); } +DEF_WEAK(rresvport_af); diff --git a/src/lib/libc/net/rthdr.c b/src/lib/libc/net/rthdr.c index 7a87b322d10..934a55155a8 100644 --- a/src/lib/libc/net/rthdr.c +++ b/src/lib/libc/net/rthdr.c @@ -1,4 +1,5 @@ -/* $OpenBSD: rthdr.c,v 1.3 2002/06/27 10:14:02 itojun Exp $ */ +/* $OpenBSD: rthdr.c,v 1.12 2016/09/21 04:38:56 guenther Exp $ */ +/* $KAME: rthdr.c,v 1.22 2006/02/09 08:18:58 keiichi Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -29,7 +30,6 @@ * SUCH DAMAGE. */ -#include #include #include @@ -39,272 +39,160 @@ #include #include -size_t -inet6_rthdr_space(type, seg) - int type, seg; -{ - switch(type) { - case IPV6_RTHDR_TYPE_0: - if (seg < 1 || seg > 23) - return(0); - return(CMSG_SPACE(sizeof(struct in6_addr) * (seg - 1) - + sizeof(struct ip6_rthdr0))); - default: -#ifdef DEBUG - fprintf(stderr, "inet6_rthdr_space: unknown type(%d)\n", type); -#endif - return(0); - } -} +/* + * RFC3542 (2292bis) API + */ -struct cmsghdr * -inet6_rthdr_init(bp, type) - void *bp; - int type; +socklen_t +inet6_rth_space(int type, int segments) { - register struct cmsghdr *ch = (struct cmsghdr *)bp; - register struct ip6_rthdr *rthdr; - - rthdr = (struct ip6_rthdr *)CMSG_DATA(ch); - - ch->cmsg_level = IPPROTO_IPV6; - ch->cmsg_type = IPV6_RTHDR; - - switch(type) { - case IPV6_RTHDR_TYPE_0: - ch->cmsg_len = CMSG_LEN(sizeof(struct ip6_rthdr0) - sizeof(struct in6_addr)); - bzero(rthdr, sizeof(struct ip6_rthdr0)); - rthdr->ip6r_type = IPV6_RTHDR_TYPE_0; - return(ch); - default: -#ifdef DEBUG - fprintf(stderr, "inet6_rthdr_init: unknown type(%d)\n", type); -#endif - return(NULL); - } + switch (type) { + case IPV6_RTHDR_TYPE_0: + return (((segments * 2) + 1) << 3); + default: + return (0); /* type not suppported */ + } } +DEF_WEAK(inet6_rth_space); -int -inet6_rthdr_add(cmsg, addr, flags) - struct cmsghdr *cmsg; - const struct in6_addr *addr; - u_int flags; +void * +inet6_rth_init(void *bp, socklen_t bp_len, int type, int segments) { - register struct ip6_rthdr *rthdr; - - rthdr = (struct ip6_rthdr *)CMSG_DATA(cmsg); - - switch(rthdr->ip6r_type) { - case IPV6_RTHDR_TYPE_0: - { - struct ip6_rthdr0 *rt0 = (struct ip6_rthdr0 *)rthdr; - if (flags != IPV6_RTHDR_LOOSE && flags != IPV6_RTHDR_STRICT) { -#ifdef DEBUG - fprintf(stderr, "inet6_rthdr_add: unsupported flag(%u)\n", flags); -#endif - return(-1); - } - if (rt0->ip6r0_segleft == 23) { -#ifdef DEBUG - fprintf(stderr, "inet6_rthdr_add: segment overflow\n"); -#endif - return(-1); - } - if (flags == IPV6_RTHDR_STRICT) { - int c, b; - c = rt0->ip6r0_segleft / 8; - b = rt0->ip6r0_segleft % 8; - rt0->ip6r0_slmap[c] |= (1 << (7 - b)); - } - rt0->ip6r0_segleft++; - bcopy(addr, (caddr_t)rt0 + ((rt0->ip6r0_len + 1) << 3), - sizeof(struct in6_addr)); - rt0->ip6r0_len += sizeof(struct in6_addr) >> 3; - cmsg->cmsg_len = CMSG_LEN((rt0->ip6r0_len + 1) << 3); - break; - } - default: -#ifdef DEBUG - fprintf(stderr, "inet6_rthdr_add: unknown type(%u)\n", - rthdr->ip6r_type); -#endif - return(-1); - } + struct ip6_rthdr *rth = (struct ip6_rthdr *)bp; + struct ip6_rthdr0 *rth0; + + switch (type) { + case IPV6_RTHDR_TYPE_0: + /* length validation */ + if (bp_len < inet6_rth_space(IPV6_RTHDR_TYPE_0, segments)) + return (NULL); + + memset(bp, 0, bp_len); + rth0 = (struct ip6_rthdr0 *)rth; + rth0->ip6r0_len = segments * 2; + rth0->ip6r0_type = IPV6_RTHDR_TYPE_0; + rth0->ip6r0_segleft = 0; + rth0->ip6r0_reserved = 0; + break; + default: + return (NULL); /* type not supported */ + } - return(0); + return (bp); } int -inet6_rthdr_lasthop(cmsg, flags) - struct cmsghdr *cmsg; - unsigned int flags; +inet6_rth_add(void *bp, const struct in6_addr *addr) { - register struct ip6_rthdr *rthdr; - - rthdr = (struct ip6_rthdr *)CMSG_DATA(cmsg); - - switch(rthdr->ip6r_type) { - case IPV6_RTHDR_TYPE_0: - { - struct ip6_rthdr0 *rt0 = (struct ip6_rthdr0 *)rthdr; - if (flags != IPV6_RTHDR_LOOSE && flags != IPV6_RTHDR_STRICT) { -#ifdef DEBUG - fprintf(stderr, "inet6_rthdr_lasthop: unsupported flag(%u)\n", flags); -#endif - return(-1); - } - if (rt0->ip6r0_segleft > 23) { -#ifdef DEBUG - fprintf(stderr, "inet6_rthdr_add: segment overflow\n"); -#endif - return(-1); - } - if (flags == IPV6_RTHDR_STRICT) { - int c, b; - c = rt0->ip6r0_segleft / 8; - b = rt0->ip6r0_segleft % 8; - rt0->ip6r0_slmap[c] |= (1 << (7 - b)); - } - break; - } - default: -#ifdef DEBUG - fprintf(stderr, "inet6_rthdr_lasthop: unknown type(%u)\n", - rthdr->ip6r_type); -#endif - return(-1); - } - - return(0); -} + struct ip6_rthdr *rth = (struct ip6_rthdr *)bp; + struct ip6_rthdr0 *rth0; + struct in6_addr *nextaddr; + + switch (rth->ip6r_type) { + case IPV6_RTHDR_TYPE_0: + rth0 = (struct ip6_rthdr0 *)rth; + nextaddr = (struct in6_addr *)(rth0 + 1) + rth0->ip6r0_segleft; + *nextaddr = *addr; + rth0->ip6r0_segleft++; + break; + default: + return (-1); /* type not supported */ + } -#if 0 -int -inet6_rthdr_reverse(in, out) - const struct cmsghdr *in; - struct cmsghdr *out; -{ -#ifdef DEBUG - fprintf(stderr, "inet6_rthdr_reverse: not implemented yet\n"); -#endif - return -1; + return (0); } -#endif int -inet6_rthdr_segments(cmsg) - const struct cmsghdr *cmsg; +inet6_rth_reverse(const void *in, void *out) { - register struct ip6_rthdr *rthdr; - - rthdr = (struct ip6_rthdr *)CMSG_DATA(cmsg); - - switch(rthdr->ip6r_type) { - case IPV6_RTHDR_TYPE_0: - { - struct ip6_rthdr0 *rt0 = (struct ip6_rthdr0 *)rthdr; - - if (rt0->ip6r0_len % 2 || 46 < rt0->ip6r0_len) { -#ifdef DEBUG - fprintf(stderr, "inet6_rthdr_segments: invalid size(%u)\n", - rt0->ip6r0_len); -#endif - return -1; + struct ip6_rthdr *rth_in = (struct ip6_rthdr *)in; + struct ip6_rthdr0 *rth0_in, *rth0_out; + int i, segments; + + switch (rth_in->ip6r_type) { + case IPV6_RTHDR_TYPE_0: + rth0_in = (struct ip6_rthdr0 *)in; + rth0_out = (struct ip6_rthdr0 *)out; + + /* parameter validation XXX too paranoid? */ + if (rth0_in->ip6r0_len % 2) + return (-1); + segments = rth0_in->ip6r0_len / 2; + + /* we can't use memcpy here, since in and out may overlap */ + memmove(rth0_out, rth0_in, ((rth0_in->ip6r0_len) + 1) << 3); + rth0_out->ip6r0_segleft = segments; + + /* reverse the addresses */ + for (i = 0; i < segments / 2; i++) { + struct in6_addr addr_tmp, *addr1, *addr2; + + addr1 = (struct in6_addr *)(rth0_out + 1) + i; + addr2 = (struct in6_addr *)(rth0_out + 1) + + (segments - i - 1); + addr_tmp = *addr1; + *addr1 = *addr2; + *addr2 = addr_tmp; + } + + break; + default: + return (-1); /* type not supported */ } - return (rt0->ip6r0_len * 8) / sizeof(struct in6_addr); - } - - default: -#ifdef DEBUG - fprintf(stderr, "inet6_rthdr_segments: unknown type(%u)\n", - rthdr->ip6r_type); -#endif - return -1; - } + return (0); } -struct in6_addr * -inet6_rthdr_getaddr(cmsg, index) - struct cmsghdr *cmsg; - int index; +int +inet6_rth_segments(const void *bp) { - register struct ip6_rthdr *rthdr; - - rthdr = (struct ip6_rthdr *)CMSG_DATA(cmsg); - - switch(rthdr->ip6r_type) { - case IPV6_RTHDR_TYPE_0: - { - struct ip6_rthdr0 *rt0 = (struct ip6_rthdr0 *)rthdr; - int naddr; - - if (rt0->ip6r0_len % 2 || 46 < rt0->ip6r0_len) { -#ifdef DEBUG - fprintf(stderr, "inet6_rthdr_getaddr: invalid size(%u)\n", - rt0->ip6r0_len); -#endif - return NULL; + struct ip6_rthdr *rh = (struct ip6_rthdr *)bp; + struct ip6_rthdr0 *rh0; + int addrs; + + switch (rh->ip6r_type) { + case IPV6_RTHDR_TYPE_0: + rh0 = (struct ip6_rthdr0 *)bp; + + /* + * Validation for a type-0 routing header. + * Is this too strict? + */ + if ((rh0->ip6r0_len % 2) != 0 || + (addrs = (rh0->ip6r0_len >> 1)) < rh0->ip6r0_segleft) + return (-1); + + return (addrs); + default: + return (-1); /* unknown type */ } - naddr = (rt0->ip6r0_len * 8) / sizeof(struct in6_addr); - if (index <= 0 || naddr < index) { -#ifdef DEBUG - fprintf(stderr, "inet6_rthdr_getaddr: invalid index(%d)\n", index); -#endif - return NULL; - } - return &rt0->ip6r0_addr[index - 1]; - } - - default: -#ifdef DEBUG - fprintf(stderr, "inet6_rthdr_getaddr: unknown type(%u)\n", - rthdr->ip6r_type); -#endif - return NULL; - } } -int -inet6_rthdr_getflags(cmsg, index) - const struct cmsghdr *cmsg; - int index; +struct in6_addr * +inet6_rth_getaddr(const void *bp, int idx) { - register struct ip6_rthdr *rthdr; - - rthdr = (struct ip6_rthdr *)CMSG_DATA(cmsg); - - switch(rthdr->ip6r_type) { - case IPV6_RTHDR_TYPE_0: - { - struct ip6_rthdr0 *rt0 = (struct ip6_rthdr0 *)rthdr; - int naddr; - - if (rt0->ip6r0_len % 2 || 46 < rt0->ip6r0_len) { -#ifdef DEBUG - fprintf(stderr, "inet6_rthdr_getflags: invalid size(%u)\n", - rt0->ip6r0_len); -#endif - return -1; + struct ip6_rthdr *rh = (struct ip6_rthdr *)bp; + struct ip6_rthdr0 *rh0; + int addrs; + + switch (rh->ip6r_type) { + case IPV6_RTHDR_TYPE_0: + rh0 = (struct ip6_rthdr0 *)bp; + + /* + * Validation for a type-0 routing header. + * Is this too strict? + */ + if ((rh0->ip6r0_len % 2) != 0 || + (addrs = (rh0->ip6r0_len >> 1)) < rh0->ip6r0_segleft) + return (NULL); + + if (idx < 0 || addrs <= idx) + return (NULL); + + return (((struct in6_addr *)(rh0 + 1)) + idx); + default: + return (NULL); /* unknown type */ + break; } - naddr = (rt0->ip6r0_len * 8) / sizeof(struct in6_addr); - if (index < 0 || naddr < index) { -#ifdef DEBUG - fprintf(stderr, "inet6_rthdr_getflags: invalid index(%d)\n", index); -#endif - return -1; - } - if (rt0->ip6r0_slmap[index / 8] & (0x80 >> (index % 8))) - return IPV6_RTHDR_STRICT; - else - return IPV6_RTHDR_LOOSE; - } - - default: -#ifdef DEBUG - fprintf(stderr, "inet6_rthdr_getflags: unknown type(%u)\n", - rthdr->ip6r_type); -#endif - return -1; - } } diff --git a/src/lib/libc/net/ruserok.c b/src/lib/libc/net/ruserok.c new file mode 100644 index 00000000000..cab6f964494 --- /dev/null +++ b/src/lib/libc/net/ruserok.c @@ -0,0 +1,392 @@ +/* + * Copyright (c) 1995, 1996, 1998 Theo de Raadt. All rights reserved. + * Copyright (c) 1983, 1993, 1994 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +#include + +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +static int __ivaliduser_sa(FILE *, struct sockaddr *, socklen_t, + const char *, const char *); +static int __icheckhost(struct sockaddr *, socklen_t, const char *); +static char *__gethostloop(struct sockaddr *, socklen_t); +static int iruserok_sa(const void *, int, int, const char *, const char *); + +int +ruserok(const char *rhost, int superuser, const char *ruser, const char *luser) +{ + struct addrinfo hints, *res, *r; + int error; + + memset(&hints, 0, sizeof(hints)); + hints.ai_family = PF_UNSPEC; + hints.ai_socktype = SOCK_DGRAM; /*dummy*/ + error = getaddrinfo(rhost, "0", &hints, &res); + if (error) + return (-1); + + for (r = res; r; r = r->ai_next) { + if (iruserok_sa(r->ai_addr, r->ai_addrlen, superuser, ruser, + luser) == 0) { + freeaddrinfo(res); + return (0); + } + } + freeaddrinfo(res); + return (-1); +} + +int +iruserok_sa(const void *raddr, int rlen, int superuser, const char *ruser, + const char *luser) +{ + struct sockaddr *sa; + char *cp; + struct stat sbuf; + struct passwd pwstore, *pwd; + FILE *hostf; + uid_t uid; + int first; + char pbuf[PATH_MAX], pwbuf[_PW_BUF_LEN]; + + sa = (struct sockaddr *)raddr; + first = 1; + hostf = superuser ? NULL : fopen(_PATH_HEQUIV, "re"); +again: + if (hostf) { + if (__ivaliduser_sa(hostf, sa, rlen, luser, ruser) == 0) { + (void)fclose(hostf); + return (0); + } + (void)fclose(hostf); + } + if (first == 1) { + int len; + + first = 0; + pwd = NULL; + getpwnam_r(luser, &pwstore, pwbuf, sizeof(pwbuf), &pwd); + if (pwd == NULL) + return (-1); + len = snprintf(pbuf, sizeof pbuf, "%s/.rhosts", pwd->pw_dir); + if (len < 0 || len >= sizeof pbuf) + return (-1); + + /* + * Change effective uid while opening .rhosts. If root and + * reading an NFS mounted file system, can't read files that + * are protected read/write owner only. + */ + uid = geteuid(); + (void)seteuid(pwd->pw_uid); + hostf = fopen(pbuf, "re"); + (void)seteuid(uid); + + if (hostf == NULL) + return (-1); + /* + * If not a regular file, or is owned by someone other than + * user or root or if writeable by anyone but the owner, quit. + */ + cp = NULL; + if (lstat(pbuf, &sbuf) < 0) + cp = ".rhosts lstat failed"; + else if (!S_ISREG(sbuf.st_mode)) + cp = ".rhosts not regular file"; + else if (fstat(fileno(hostf), &sbuf) < 0) + cp = ".rhosts fstat failed"; + else if (sbuf.st_uid && sbuf.st_uid != pwd->pw_uid) + cp = "bad .rhosts owner"; + else if (sbuf.st_mode & (S_IWGRP|S_IWOTH)) + cp = ".rhosts writable by other than owner"; + /* If there were any problems, quit. */ + if (cp) { + (void)fclose(hostf); + return (-1); + } + goto again; + } + return (-1); +} + +int +__ivaliduser_sa(FILE *hostf, struct sockaddr *raddr, socklen_t salen, + const char *luser, const char *ruser) +{ + char *user, *p; + char *buf; + const char *auser, *ahost; + int hostok, userok; + char *rhost = (char *)-1; + char domain[HOST_NAME_MAX+1]; + size_t buflen; + + getdomainname(domain, sizeof(domain)); + + while ((buf = fgetln(hostf, &buflen))) { + p = buf; + if (*p == '#') + continue; + while (p < buf + buflen && *p != '\n' && *p != ' ' && *p != '\t') { + if (!isprint((unsigned char)*p)) + goto bail; + *p = isupper((unsigned char)*p) ? + tolower((unsigned char)*p) : *p; + p++; + } + if (p >= buf + buflen) + continue; + if (*p == ' ' || *p == '\t') { + *p++ = '\0'; + while (p < buf + buflen && (*p == ' ' || *p == '\t')) + p++; + if (p >= buf + buflen) + continue; + user = p; + while (p < buf + buflen && *p != '\n' && *p != ' ' && + *p != '\t') { + if (!isprint((unsigned char)*p)) + goto bail; + p++; + } + } else + user = p; + *p = '\0'; + + if (p == buf) + continue; + + auser = *user ? user : luser; + ahost = buf; + + if (strlen(ahost) > HOST_NAME_MAX) + continue; + + /* + * innetgr() must lookup a hostname (we do not attempt + * to change the semantics so that netgroups may have + * #.#.#.# addresses in the list.) + */ + if (ahost[0] == '+') + switch (ahost[1]) { + case '\0': + hostok = 1; + break; + case '@': + if (rhost == (char *)-1) + rhost = __gethostloop(raddr, salen); + hostok = 0; + if (rhost) + hostok = innetgr(&ahost[2], rhost, + NULL, domain); + break; + default: + hostok = __icheckhost(raddr, salen, &ahost[1]); + break; + } + else if (ahost[0] == '-') + switch (ahost[1]) { + case '\0': + hostok = -1; + break; + case '@': + if (rhost == (char *)-1) + rhost = __gethostloop(raddr, salen); + hostok = 0; + if (rhost) + hostok = -innetgr(&ahost[2], rhost, + NULL, domain); + break; + default: + hostok = -__icheckhost(raddr, salen, &ahost[1]); + break; + } + else + hostok = __icheckhost(raddr, salen, ahost); + + + if (auser[0] == '+') + switch (auser[1]) { + case '\0': + userok = 1; + break; + case '@': + userok = innetgr(&auser[2], NULL, ruser, + domain); + break; + default: + userok = strcmp(ruser, &auser[1]) ? 0 : 1; + break; + } + else if (auser[0] == '-') + switch (auser[1]) { + case '\0': + userok = -1; + break; + case '@': + userok = -innetgr(&auser[2], NULL, ruser, + domain); + break; + default: + userok = strcmp(ruser, &auser[1]) ? 0 : -1; + break; + } + else + userok = strcmp(ruser, auser) ? 0 : 1; + + /* Check if one component did not match */ + if (hostok == 0 || userok == 0) + continue; + + /* Check if we got a forbidden pair */ + if (userok <= -1 || hostok <= -1) + return (-1); + + /* Check if we got a valid pair */ + if (hostok >= 1 && userok >= 1) + return (0); + } +bail: + return (-1); +} + +/* + * Returns "true" if match, 0 if no match. If we do not find any + * semblance of an A->PTR->A loop, allow a simple #.#.#.# match to work. + */ +static int +__icheckhost(struct sockaddr *raddr, socklen_t salen, const char *lhost) +{ + struct addrinfo hints, *res, *r; + char h1[NI_MAXHOST], h2[NI_MAXHOST]; + int error; + const int niflags = NI_NUMERICHOST; + + h1[0] = '\0'; + if (getnameinfo(raddr, salen, h1, sizeof(h1), NULL, 0, + niflags) != 0) + return (0); + + /* Resolve laddr into sockaddr */ + memset(&hints, 0, sizeof(hints)); + hints.ai_family = raddr->sa_family; + hints.ai_socktype = SOCK_DGRAM; /*dummy*/ + res = NULL; + error = getaddrinfo(lhost, "0", &hints, &res); + if (error) + return (0); + + /* + * Try string comparisons between raddr and laddr. + */ + for (r = res; r; r = r->ai_next) { + h2[0] = '\0'; + if (getnameinfo(r->ai_addr, r->ai_addrlen, h2, sizeof(h2), + NULL, 0, niflags) != 0) + continue; + if (strcmp(h1, h2) == 0) { + freeaddrinfo(res); + return (1); + } + } + + /* No match. */ + freeaddrinfo(res); + return (0); +} + +/* + * Return the hostname associated with the supplied address. + * Do a reverse lookup as well for security. If a loop cannot + * be found, pack the result of inet_ntoa() into the string. + */ +static char * +__gethostloop(struct sockaddr *raddr, socklen_t salen) +{ + static char remotehost[NI_MAXHOST]; + char h1[NI_MAXHOST], h2[NI_MAXHOST]; + struct addrinfo hints, *res, *r; + int error; + const int niflags = NI_NUMERICHOST; + + h1[0] = remotehost[0] = '\0'; + if (getnameinfo(raddr, salen, remotehost, sizeof(remotehost), + NULL, 0, NI_NAMEREQD) != 0) + return (NULL); + if (getnameinfo(raddr, salen, h1, sizeof(h1), NULL, 0, + niflags) != 0) + return (NULL); + + /* + * Look up the name and check that the supplied + * address is in the list + */ + memset(&hints, 0, sizeof(hints)); + hints.ai_family = raddr->sa_family; + hints.ai_socktype = SOCK_DGRAM; /*dummy*/ + hints.ai_flags = AI_CANONNAME; + res = NULL; + error = getaddrinfo(remotehost, "0", &hints, &res); + if (error) + return (NULL); + + for (r = res; r; r = r->ai_next) { + h2[0] = '\0'; + if (getnameinfo(r->ai_addr, r->ai_addrlen, h2, sizeof(h2), + NULL, 0, niflags) != 0) + continue; + if (strcmp(h1, h2) == 0) { + freeaddrinfo(res); + return (remotehost); + } + } + + /* + * either the DNS adminstrator has made a configuration + * mistake, or someone has attempted to spoof us + */ + freeaddrinfo(res); + return (NULL); +} diff --git a/src/lib/libc/net/send.c b/src/lib/libc/net/send.c index 8495931ca30..1fad3bd171f 100644 --- a/src/lib/libc/net/send.c +++ b/src/lib/libc/net/send.c @@ -1,3 +1,4 @@ +/* $OpenBSD: send.c,v 1.6 2015/10/04 07:17:27 guenther Exp $ */ /* * Copyright (c) 1988, 1993 * The Regents of the University of California. All rights reserved. @@ -10,11 +11,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -31,20 +28,14 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$OpenBSD: send.c,v 1.2 1996/08/19 08:29:52 tholo Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include #include #include ssize_t -send(s, msg, len, flags) - int s, flags; - size_t len; - const void *msg; +send(int s, const void *msg, size_t len, int flags) { return (sendto(s, msg, len, flags, NULL, 0)); } +DEF_WEAK(send); diff --git a/src/lib/libc/net/sethostent.c b/src/lib/libc/net/sethostent.c deleted file mode 100644 index 5392a2f11bb..00000000000 --- a/src/lib/libc/net/sethostent.c +++ /dev/null @@ -1,60 +0,0 @@ -/* - * Copyright (c) 1985, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$OpenBSD: sethostent.c,v 1.4 1997/03/15 21:53:50 pefo Exp $"; -#endif /* LIBC_SCCS and not lint */ - -#include -#include -#include -#include -#include - -void -sethostent(stayopen) - int stayopen; -{ - - if ((_res.options & RES_INIT) == 0 && res_init() == -1) - return; - if (stayopen) - _res.options |= RES_STAYOPEN | RES_USEVC; -} - -void -endhostent() -{ - _res.options &= ~(RES_STAYOPEN | RES_USEVC); - res_close(); -} diff --git a/src/lib/libc/net/sockatmark.3 b/src/lib/libc/net/sockatmark.3 new file mode 100644 index 00000000000..6a94b843906 --- /dev/null +++ b/src/lib/libc/net/sockatmark.3 @@ -0,0 +1,122 @@ +.\" Copyright (c) 2002 William C. Fenner. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" From FreeBSD: r108087 2002-12-19 01:40:28 -0800 +.\" $OpenBSD: sockatmark.3,v 1.1 2014/08/31 02:27:37 guenther Exp $ +.\" +.Dd $Mdocdate: August 31 2014 $ +.Dt SOCKATMARK 3 +.Os +.Sh NAME +.Nm sockatmark +.Nd determine whether the read pointer is at the out-of-band data mark +.Sh SYNOPSIS +.In sys/socket.h +.Ft int +.Fn sockatmark "int s" +.Sh DESCRIPTION +The +.Fn sockatmark +function returns 1 if the read pointer for the socket +.Fa s +is currently at the out-of-band data mark. +Otherwise, it returns 0 if the socket doesn't have an out-of-band +data mark or if there is normal data to be received before the mark. +.Sh RETURN VALUES +Upon successful completion, the +.Fn sockatmark +function returns the value 1 if the read pointer is pointing at +the out-of-band data mark, 0 if it is not. +Otherwise the value \-1 is returned +and the global variable +.Va errno +is set to +indicate the error. +.Sh EXAMPLES +The routine used in the historical remote login process to flush +output on receipt of an interrupt or quit signal is shown below. +It reads the normal data up to the mark (to discard it), +then reads the out-of-band byte. +.Bd -literal -offset indent +#include +\&... +oob() +{ + int mark; + char waste[BUFSIZ]; + + for (;;) { + if ((mark = sockatmark(rem)) < 0) { + perror("sockatmark"); + break; + } + if (mark) + break; + (void) read(rem, waste, sizeof (waste)); + } + if (recv(rem, &mark, 1, MSG_OOB) < 0) { + perror("recv"); + ... + } + ... +} +.Ed +.Sh ERRORS +The +.Fn sockatmark +call fails if: +.Bl -tag -width Er +.It Bq Er EBADF +.Fa s +is not a valid descriptor. +.It Bq Er ENOTTY +.Fa s +is valid but does not refer to a socket. +.El +.Sh SEE ALSO +.Xr recv 2 , +.Xr send 2 +.Sh STANDARDS +The +.Fn sockatmark +function conforms to +.St -p1003.1-2008 . +.Sh HISTORY +The +.Fn sockatmark +function was introduced by +.St -p1003.1-2001 +to standardize the historical +.Dv SIOCATMARK +.Xr ioctl 2 . +The +.Fn sockatmark +function appeared in +.Ox 5.7 . +.Pp +The +.Er ENOTTY +error is returned instead of the usual +.Er ENOTSOCK +error to match the historical behavior of +.Dv SIOCATMARK . diff --git a/src/lib/libc/net/sockatmark.c b/src/lib/libc/net/sockatmark.c new file mode 100644 index 00000000000..a43e7af3aaa --- /dev/null +++ b/src/lib/libc/net/sockatmark.c @@ -0,0 +1,40 @@ +/* + * Copyright (c) 2002 William C. Fenner. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#include +#include +#include + +int +sockatmark(int s) +{ + int atmark; + + if (ioctl(s, SIOCATMARK, &atmark) == -1) + return (-1); + return (atmark); +} diff --git a/src/lib/libc/net/vars6.c b/src/lib/libc/net/vars6.c index 6d0f069ef6a..a12932a26ed 100644 --- a/src/lib/libc/net/vars6.c +++ b/src/lib/libc/net/vars6.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vars6.c,v 1.1 1999/12/11 08:09:11 itojun Exp $ */ +/* $OpenBSD: vars6.c,v 1.3 2014/08/31 19:20:44 bluhm Exp $ */ /* * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. @@ -33,10 +33,10 @@ #include /* - * Definitions of some costant IPv6 addresses. + * Definitions of some constant IPv6 addresses. */ const struct in6_addr in6addr_any = IN6ADDR_ANY_INIT; const struct in6_addr in6addr_loopback = IN6ADDR_LOOPBACK_INIT; -const struct in6_addr in6addr_nodelocal_allnodes = IN6ADDR_NODELOCAL_ALLNODES_INIT; +const struct in6_addr in6addr_intfacelocal_allnodes = IN6ADDR_INTFACELOCAL_ALLNODES_INIT; const struct in6_addr in6addr_linklocal_allnodes = IN6ADDR_LINKLOCAL_ALLNODES_INIT; - +const struct in6_addr in6addr_linklocal_allrouters = IN6ADDR_LINKLOCAL_ALLROUTERS_INIT; diff --git a/src/lib/libc/stdlib/Makefile.inc b/src/lib/libc/stdlib/Makefile.inc index 4b4c88b9af5..55b80185222 100644 --- a/src/lib/libc/stdlib/Makefile.inc +++ b/src/lib/libc/stdlib/Makefile.inc @@ -1,56 +1,33 @@ -# $OpenBDS: Makefile.inc,v 1.6 1996/08/21 03:47:21 tholo Exp $ +# $OpenBSD: Makefile.inc,v 1.64 2017/12/16 20:06:55 guenther Exp $ # stdlib sources -.PATH: ${LIBCSRCDIR}/arch/${MACHINE_ARCH}/stdlib ${LIBCSRCDIR}/stdlib +.PATH: ${LIBCSRCDIR}/arch/${MACHINE_CPU}/stdlib ${LIBCSRCDIR}/stdlib -SRCS+= a64l.c abort.c atexit.c atoi.c atof.c atol.c bsearch.c calloc.c \ - cfree.c exit.c getenv.c getopt.c getsubopt.c heapsort.c l64a.c \ - malloc.c merge.c multibyte.c putenv.c qsort.c radixsort.c rand.c \ - random.c realpath.c setenv.c strtod.c strtol.c strtoll.c strtoul.c \ - strtoull.c system.c tfind.c tsearch.c \ - _rand48.c drand48.c erand48.c jrand48.c lcong48.c lrand48.c \ - mrand48.c nrand48.c seed48.c srand48.c qabs.c qdiv.c +SRCS+= a64l.c abort.c atexit.c atoi.c atof.c atol.c atoll.c bsearch.c \ + exit.c ecvt.c gcvt.c getenv.c getopt_long.c \ + getsubopt.c hcreate.c heapsort.c imaxabs.c imaxdiv.c insque.c \ + l64a.c llabs.c lldiv.c lsearch.c malloc.c reallocarray.c \ + merge.c posix_pty.c qsort.c radixsort.c rand.c random.c \ + realpath.c remque.c setenv.c strtoimax.c \ + strtol.c strtoll.c strtonum.c strtoul.c strtoull.c strtoumax.c \ + system.c \ + tfind.c thread_atexit.c tsearch.c \ + _rand48.c drand48.c erand48.c jrand48.c \ + lcong48.c lrand48.c mrand48.c nrand48.c seed48.c srand48.c \ + _Exit.c icdb.c -.if (${MACHINE_ARCH} == "m68k") -SRCS+= abs.S div.c labs.c ldiv.c -LSRCS+= abs.c -.elif (${MACHINE_ARCH} == "i386") +.if (${MACHINE_CPU} == "i386") SRCS+= abs.S div.S labs.S ldiv.S -LSRCS+= abs.c div.c labs.c ldiv.c -.elif (${MACHINE_ARCH} == "ns32k") -SRCS+= abs.S div.c labs.c ldiv.c -LSRCS+= abs.c -.elif (${MACHINE_ARCH} == "tahoe") -SRCS+= abs.S div.c labs.c ldiv.c -LSRCS+= abs.c -.elif (${MACHINE_ARCH} == "vax") -SRCS+= abs.c div.c labs.c ldiv.c -.elif (${MACHINE_ARCH} == "alpha") +.elif (${MACHINE_CPU} == "alpha") # XXX should be .S's SRCS+= abs.c div.c labs.c ldiv.c .else SRCS+= abs.c div.c labs.c ldiv.c .endif -MAN+= a64l.3 abort.3 abs.3 alloca.3 atexit.3 atof.3 atoi.3 atol.3 bsearch.3 \ - div.3 exit.3 getenv.3 getopt.3 getsubopt.3 labs.3 ldiv.3 \ - malloc.3 memory.3 qabs.3 qdiv.3 qsort.3 radixsort.3 rand48.3 rand.3 \ - random.3 realpath.3 strtod.3 strtol.3 strtoul.3 system.3 tsearch.3 - -MLINKS+=getenv.3 setenv.3 getenv.3 unsetenv.3 getenv.3 putenv.3 -MLINKS+=malloc.3 free.3 malloc.3 realloc.3 malloc.3 calloc.3 -MLINKS+=malloc.3 cfree.3 malloc.3 malloc.conf.5 -MLINKS+=qsort.3 heapsort.3 qsort.3 mergesort.3 -MLINKS+=radixsort.3 sradixsort.3 -MLINKS+=rand.3 srand.3 rand.3 rand_r.3 -MLINKS+=random.3 initstate.3 random.3 setstate.3 -MLINKS+=random.3 srandom.3 random.3 srandomdev.3 -MLINKS+=rand48.3 drand48.3 rand48.3 erand48.3 rand48.3 lrand48.3 -MLINKS+=rand48.3 mrand48.3 rand48.3 nrand48.3 rand48.3 jrand48.3 -MLINKS+=rand48.3 srand48.3 rand48.3 seed48.3 rand48.3 lcong48.3 -MLINKS+=strtol.3 strtoll.3 strtol.3 strtoq.3 -MLINKS+=strtoul.3 strtoull.3 strtoul.3 strtouq.3 -MLINKS+=tsearch.3 tfind.3 -MLINKS+=tsearch.3 tdelete.3 -MLINKS+=tsearch.3 twalk.3 -MLINKS+=a64l.3 l64a.3 +MAN+= a64l.3 abort.3 abs.3 alloca.3 atexit.3 atof.3 atoi.3 atol.3 atoll.3 \ + bsearch.3 div.3 ecvt.3 exit.3 getenv.3 getopt.3 getopt_long.3 \ + getsubopt.3 hcreate.3 imaxabs.3 imaxdiv.3 insque.3 labs.3 ldiv.3 \ + lldiv.3 lsearch.3 malloc.3 posix_memalign.3 posix_openpt.3 ptsname.3 \ + qsort.3 radixsort.3 rand48.3 rand.3 random.3 realpath.3 \ + strtod.3 strtonum.3 strtol.3 strtoul.3 system.3 tsearch.3 diff --git a/src/lib/libc/stdlib/_Exit.c b/src/lib/libc/stdlib/_Exit.c new file mode 100644 index 00000000000..ccf64c2e87b --- /dev/null +++ b/src/lib/libc/stdlib/_Exit.c @@ -0,0 +1,22 @@ +/* $OpenBSD: _Exit.c,v 1.3 2013/04/03 03:39:29 guenther Exp $ */ + +/* + * Placed in the public domain by Todd C. Miller on January 21, 2004. + */ + +#include +#include + +/* + * _Exit() is the ISO/ANSI C99 equivalent of the POSIX _exit() function. + * No atexit() handlers are called and no signal handlers are run. + * Whether or not stdio buffers are flushed or temporary files are removed + * is implementation-dependent in C99. Indeed, POSIX specifies that + * _Exit() must *not* flush stdio buffers or remove temporary files, but + * rather must behave exactly like _exit() + */ +void +_Exit(int status) +{ + _exit(status); +} diff --git a/src/lib/libc/stdlib/_rand48.c b/src/lib/libc/stdlib/_rand48.c index fed7372f68c..7c950f7cee0 100644 --- a/src/lib/libc/stdlib/_rand48.c +++ b/src/lib/libc/stdlib/_rand48.c @@ -1,3 +1,4 @@ +/* $OpenBSD: _rand48.c,v 1.3 2005/08/08 08:05:36 espie Exp $ */ /* * Copyright (c) 1993 Martin Birgmeier * All rights reserved. @@ -11,10 +12,6 @@ * to anyone/anything when using this software. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$OpenBSD: _rand48.c,v 1.2 1996/08/19 08:33:19 tholo Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include "rand48.h" unsigned short __rand48_seed[3] = { diff --git a/src/lib/libc/stdlib/a64l.3 b/src/lib/libc/stdlib/a64l.3 index 787634303c3..c34af99c884 100644 --- a/src/lib/libc/stdlib/a64l.3 +++ b/src/lib/libc/stdlib/a64l.3 @@ -1,31 +1,20 @@ -.\" Copyright (c) 1997 Todd C. Miller -.\" All rights reserved. +.\" $OpenBSD: a64l.3,v 1.13 2019/01/25 00:19:25 millert Exp $ .\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. The name of the author may not be used to endorse or promote products -.\" derived from this software without specific prior written permission. +.\" Copyright (c) 1997 Todd C. Miller .\" -.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, -.\" INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY -.\" AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL -.\" THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, -.\" EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, -.\" PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; -.\" OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, -.\" WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR -.\" OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF -.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. .\" -.\" $OpenBSD: a64l.3,v 1.5 2000/04/20 13:50:01 aaron Exp $ +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd August 17, 1997 +.Dd $Mdocdate: January 25 2019 $ .Dt A64L 3 .Os .Sh NAME @@ -33,7 +22,7 @@ .Nm l64a .Nd convert between 32-bit integer and radix-64 ASCII string .Sh SYNOPSIS -.Fd #include +.In stdlib.h .Ft long .Fn a64l "const char *s" .Ft char * @@ -71,7 +60,7 @@ for 38-63. .Pp The .Fn a64l -function takes a pointer to a null-terminated radix-64 representation +function takes a pointer to a NUL-terminated radix-64 representation and returns a corresponding 32-bit value. If the string pointed to by .Fa s @@ -95,7 +84,7 @@ returns a 32-bit representation of .Fa s . If .Fa s -is a null pointer or if it contains digits other than those described above. +is a null pointer or if it contains digits other than those described above, .Fn a64l returns \-1 and sets the global variable .Va errno @@ -119,7 +108,14 @@ returns a null pointer and sets the global variable .Va errno to .Er EINVAL . -.Sh WARNINGS +.Sh STANDARDS +The +.Fn a64l +and +.Fn l64a +functions conform to +.St -xpg4.2 . +.Sh CAVEATS The value returned by .Fn l64a is a pointer into a static buffer, the contents of which @@ -135,10 +131,3 @@ should be used to call .Pp If a long integer is larger than 32 bits, only the low-order 32 bits are used. -.Sh STANDARDS -The -.Fn a64l -and -.Fn l64a -functions conform to -.St -xpg4.2 . diff --git a/src/lib/libc/stdlib/a64l.c b/src/lib/libc/stdlib/a64l.c index a68f0a6dcd8..5312929c6fd 100644 --- a/src/lib/libc/stdlib/a64l.c +++ b/src/lib/libc/stdlib/a64l.c @@ -1,18 +1,14 @@ +/* $OpenBSD: a64l.c,v 1.5 2005/08/08 08:05:36 espie Exp $ */ /* * Written by J.T. Conklin . * Public domain. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: a64l.c,v 1.3 1997/08/17 22:58:34 millert Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include #include long -a64l(s) - const char *s; +a64l(const char *s) { long value, digit, shift; int i; diff --git a/src/lib/libc/stdlib/abort.3 b/src/lib/libc/stdlib/abort.3 index 743d42dd8a2..2f15cd827c8 100644 --- a/src/lib/libc/stdlib/abort.3 +++ b/src/lib/libc/stdlib/abort.3 @@ -13,11 +13,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -33,16 +29,16 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: abort.3,v 1.6 2000/04/20 13:50:01 aaron Exp $ +.\" $OpenBSD: abort.3,v 1.11 2014/05/14 21:54:20 tedu Exp $ .\" -.Dd June 29, 1991 +.Dd $Mdocdate: May 14 2014 $ .Dt ABORT 3 .Os .Sh NAME .Nm abort .Nd cause abnormal program termination .Sh SYNOPSIS -.Fd #include +.In stdlib.h .Ft void .Fn abort void .Sh DESCRIPTION @@ -52,7 +48,8 @@ function causes abnormal program termination to occur, unless the signal .Dv SIGABRT is being caught and the signal handler does not return. .Pp -Any open streams are flushed and closed. +Some implementations may flush output streams before terminating. +This implementation does not. .Sh RETURN VALUES The .Fn abort @@ -65,3 +62,16 @@ The .Fn abort function conforms to .St -p1003.1-90 . +.Sh HISTORY +The +.Fn abort +function first appeared in +.At v5 . +.Pp +Historically, previous standards required +.Fn abort +to flush and close output streams, but this conflicted with the requirement +that +.Fn abort +be async signal safe. +As a result, the flushing requirement was dropped. diff --git a/src/lib/libc/stdlib/abort.c b/src/lib/libc/stdlib/abort.c index 41a9f0f48bb..6c22ecd2b04 100644 --- a/src/lib/libc/stdlib/abort.c +++ b/src/lib/libc/stdlib/abort.c @@ -1,3 +1,4 @@ +/* $OpenBSD: abort.c,v 1.21 2017/08/12 22:59:52 guenther Exp $ */ /* * Copyright (c) 1985 Regents of the University of California. * All rights reserved. @@ -10,11 +11,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -31,23 +28,17 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: abort.c,v 1.7 2001/08/12 12:03:01 heko Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include #include +#include #include -#include "thread_private.h" -void (*__cleanup)(); void -abort() +abort(void) { - static int cleanup_called = 0; sigset_t mask; - + struct sigaction sa; sigfillset(&mask); /* @@ -55,32 +46,19 @@ abort() * any errors -- X311J doesn't allow abort to return anyway. */ sigdelset(&mask, SIGABRT); -#ifdef _THREAD_SAFE - (void)_thread_sys_sigprocmask(SIG_SETMASK, &mask, (sigset_t *)NULL); -#else /* _THREAD_SAFE */ - (void)sigprocmask(SIG_SETMASK, &mask, (sigset_t *)NULL); -#endif /* _THREAD_SAFE */ - - /* - * POSIX requires we flush stdio buffers on abort - */ - if (cleanup_called == 0 && __cleanup != NULL) { - cleanup_called = 1; - (*__cleanup)(); - } + (void)sigprocmask(SIG_SETMASK, &mask, NULL); - (void)kill(getpid(), SIGABRT); + (void)raise(SIGABRT); /* * if SIGABRT ignored, or caught and the handler returns, do * it again, only harder. */ - (void)signal(SIGABRT, SIG_DFL); -#ifdef _THREAD_SAFE - (void)_thread_sys_sigprocmask(SIG_SETMASK, &mask, (sigset_t *)NULL); -#else /* _THREAD_SAFE */ - (void)sigprocmask(SIG_SETMASK, &mask, (sigset_t *)NULL); -#endif /* _THREAD_SAFE */ - (void)kill(getpid(), SIGABRT); - exit(1); + memset(&sa, 0, sizeof(sa)); + sa.sa_handler = SIG_DFL; + (void)sigaction(SIGABRT, &sa, NULL); + (void)sigprocmask(SIG_SETMASK, &mask, NULL); + (void)raise(SIGABRT); + _exit(1); } +DEF_STRONG(abort); diff --git a/src/lib/libc/stdlib/abs.3 b/src/lib/libc/stdlib/abs.3 index 0f7c097adea..afacc985dff 100644 --- a/src/lib/libc/stdlib/abs.3 +++ b/src/lib/libc/stdlib/abs.3 @@ -13,11 +13,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -33,16 +29,17 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: abs.3,v 1.5 2000/04/20 13:50:01 aaron Exp $ +.\" $OpenBSD: abs.3,v 1.12 2019/01/18 07:32:17 schwarze Exp $ .\" -.Dd June 29, 1991 +.Dd $Mdocdate: January 18 2019 $ .Dt ABS 3 .Os .Sh NAME .Nm abs .Nd integer absolute value function .Sh SYNOPSIS -.Fd #include +.In limits.h +.In stdlib.h .Ft int .Fn abs "int j" .Sh DESCRIPTION @@ -58,12 +55,21 @@ function returns the absolute value. .Xr cabs 3 , .Xr floor 3 , .Xr hypot 3 , -.Xr labs 3 , -.Xr math 3 +.Xr imaxabs 3 , +.Xr labs 3 .Sh STANDARDS The .Fn abs function conforms to .St -ansiC . -.Sh BUGS -The absolute value of the most negative integer remains negative. +.Sh HISTORY +The +.Fn abs +function first appeared in +.At v6 . +.Sh CAVEATS +The result of applying +.Fn abs +to +.Dv INT_MIN +is undefined. diff --git a/src/lib/libc/stdlib/abs.c b/src/lib/libc/stdlib/abs.c index 7c79e4073c3..0e39cc55367 100644 --- a/src/lib/libc/stdlib/abs.c +++ b/src/lib/libc/stdlib/abs.c @@ -1,3 +1,4 @@ +/* $OpenBSD: abs.c,v 1.6 2015/09/13 08:31:47 guenther Exp $ */ /*- * Copyright (c) 1990 The Regents of the University of California. * All rights reserved. @@ -10,11 +11,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -31,15 +28,11 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: abs.c,v 1.2 1996/08/19 08:33:21 tholo Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include int -abs(j) - int j; +abs(int j) { return(j < 0 ? -j : j); } +DEF_STRONG(abs); diff --git a/src/lib/libc/stdlib/alloca.3 b/src/lib/libc/stdlib/alloca.3 index 431443a6e65..5252ba586f2 100644 --- a/src/lib/libc/stdlib/alloca.3 +++ b/src/lib/libc/stdlib/alloca.3 @@ -9,11 +9,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -29,16 +25,16 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: alloca.3,v 1.9 2001/12/06 04:21:27 deraadt Exp $ +.\" $OpenBSD: alloca.3,v 1.14 2015/01/17 18:01:43 tedu Exp $ .\" -.Dd May 2, 1991 +.Dd $Mdocdate: January 17 2015 $ .Dt ALLOCA 3 .Os .Sh NAME .Nm alloca .Nd memory allocator .Sh SYNOPSIS -.Fd #include +.In stdlib.h .Ft void * .Fn alloca "size_t size" .Sh DESCRIPTION @@ -55,13 +51,7 @@ function returns a pointer to the beginning of the allocated space. .Sh SEE ALSO .Xr pagesize 1 , .Xr brk 2 , -.Xr calloc 3 , -.Xr malloc 3 , -.Xr realloc 3 -.Sh BUGS -The -.Fn alloca -function is machine dependent; its use is discouraged. +.Xr malloc 3 .\" .Sh HISTORY .\" The .\" .Fn alloca @@ -70,10 +60,10 @@ function is machine dependent; its use is discouraged. .\" The function appeared in 32v, pwb and pwb.2 and in 3bsd 4bsd .\" The first man page (or link to a man page that I can find at the .\" moment is 4.3... -.Pp +.Sh CAVEATS The .Fn alloca -function is slightly unsafe because it cannot ensure that the pointer +function is unsafe because it cannot ensure that the pointer returned points to a valid and usable block of memory. The allocation made may exceed the bounds of the stack, or even go further into other objects in memory, and diff --git a/src/lib/libc/stdlib/atexit.3 b/src/lib/libc/stdlib/atexit.3 index 5d79ede6493..d428149de5e 100644 --- a/src/lib/libc/stdlib/atexit.3 +++ b/src/lib/libc/stdlib/atexit.3 @@ -13,11 +13,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -33,16 +29,16 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: atexit.3,v 1.4 2000/04/20 13:50:01 aaron Exp $ +.\" $OpenBSD: atexit.3,v 1.11 2015/05/12 20:14:09 guenther Exp $ .\" -.Dd June 29, 1991 +.Dd $Mdocdate: May 12 2015 $ .Dt ATEXIT 3 .Os .Sh NAME .Nm atexit .Nd register a function to be called on exit .Sh SYNOPSIS -.Fd #include +.In stdlib.h .Ft int .Fn atexit "void (*function)(void)" .Sh DESCRIPTION @@ -58,6 +54,21 @@ Functions so registered are called in reverse order; no arguments are passed. At least 32 functions can always be registered, and more are allowed as long as sufficient memory can be allocated. +.Pp +If a shared object is unloaded from process memory using +.Xr dlclose 3 , +then any functions registered by calling +.Fn atexit +from that shared object will be called in reverse order and unregistered. +Note that it is the source of the call to +.Fn atexit +that matters, not the source of the function that was registered. +.Pp +.Fn atexit +is very difficult to use correctly without creating +.Xr exit 3 Ns -time +races. +Unless absolutely necessary, please avoid using it. .Sh RETURN VALUES .Rv -std atexit .Sh ERRORS @@ -67,9 +78,13 @@ No memory was available to add the function to the list. The existing list of functions is unmodified. .El .Sh SEE ALSO +.Xr dlclose 3 , .Xr exit 3 .Sh STANDARDS The .Fn atexit function conforms to .St -ansiC . +.Pp +The behavior when a shared object is unloaded is an extension to +that standard. diff --git a/src/lib/libc/stdlib/atexit.c b/src/lib/libc/stdlib/atexit.c index 92c4884f28f..ea9dd129c1f 100644 --- a/src/lib/libc/stdlib/atexit.c +++ b/src/lib/libc/stdlib/atexit.c @@ -1,3 +1,4 @@ +/* $OpenBSD: atexit.c,v 1.27 2017/12/16 20:06:56 guenther Exp $ */ /* * Copyright (c) 2002 Daniel Hartmeier * All rights reserved. @@ -28,56 +29,228 @@ * */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: atexit.c,v 1.5 2002/08/30 07:58:07 dhartmei Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include #include #include +#include +#include +#include + #include "atexit.h" +#include "atfork.h" +#include "thread_private.h" -int __atexit_invalid = 1; struct atexit *__atexit; +static int restartloop; + +/* define and initialize the list */ +struct atfork_listhead _atfork_list = TAILQ_HEAD_INITIALIZER(_atfork_list); + + +/* + * Function pointers are stored in a linked list of pages. The list + * is initially empty, and pages are allocated on demand. The first + * function pointer in the first allocated page (the last one in + * the linked list) is reserved for the cleanup function. + * + * Outside the following functions, all pages are mprotect()'ed + * to prevent unintentional/malicious corruption. + */ /* - * Register a function to be performed at exit. + * Register a function to be performed at exit or when a shared object + * with the given dso handle is unloaded dynamically. Also used as + * the backend for atexit(). For more info on this API, see: + * + * http://www.codesourcery.com/cxx-abi/abi.html#dso-dtor */ int -atexit(fn) - void (*fn)(); +__cxa_atexit(void (*func)(void *), void *arg, void *dso) { - register struct atexit *p = __atexit; - register int pgsize = getpagesize(); + struct atexit *p = __atexit; + struct atexit_fn *fnp; + int pgsize = getpagesize(); + int ret = -1; if (pgsize < sizeof(*p)) return (-1); + _ATEXIT_LOCK(); + p = __atexit; if (p != NULL) { if (p->ind + 1 >= p->max) p = NULL; else if (mprotect(p, pgsize, PROT_READ | PROT_WRITE)) - return (-1); + goto unlock; } if (p == NULL) { - if (__atexit_invalid) { - /* malloc.c wants the first mmap() for sbrk() - games ('nice hack'), so enforce - malloc_init() with a dummy call. */ - free(malloc(1)); - __atexit_invalid = 0; - } p = mmap(NULL, pgsize, PROT_READ | PROT_WRITE, MAP_ANON | MAP_PRIVATE, -1, 0); if (p == MAP_FAILED) - return (-1); - p->ind = 0; + goto unlock; + if (__atexit == NULL) { + memset(&p->fns[0], 0, sizeof(p->fns[0])); + p->ind = 1; + } else + p->ind = 0; p->max = (pgsize - ((char *)&p->fns[0] - (char *)p)) / sizeof(p->fns[0]); p->next = __atexit; __atexit = p; } - p->fns[p->ind++] = fn; + fnp = &p->fns[p->ind++]; + fnp->fn_ptr = func; + fnp->fn_arg = arg; + fnp->fn_dso = dso; if (mprotect(p, pgsize, PROT_READ)) - return (-1); - return (0); + goto unlock; + restartloop = 1; + ret = 0; +unlock: + _ATEXIT_UNLOCK(); + return (ret); +} +DEF_STRONG(__cxa_atexit); + +/* + * Copy of atexit() used by libc and anything staticly linked into the + * executable. This passes NULL for the dso, so the callbacks are only + * invoked by exit() and not dlclose() + */ +int +atexit(void (*fn)(void)) +{ + return (__cxa_atexit((void (*)(void *))fn, NULL, NULL)); +} +DEF_STRONG(atexit); + +void +_thread_finalize(void) +{ + struct tib *tib = TIB_GET(); + + while (tib->tib_atexit) { + struct thread_atexit_fn *fnp = tib->tib_atexit; + tib->tib_atexit = fnp->next; + fnp->func(fnp->arg); + free(fnp); + } +} + +/* + * Call all handlers registered with __cxa_atexit() for the shared + * object owning 'dso'. + * Note: if 'dso' is NULL, then all remaining handlers are called. + */ +void +__cxa_finalize(void *dso) +{ + struct atexit *p, *q; + struct atexit_fn fn; + int n, pgsize = getpagesize(); + static int call_depth; + + if (dso == NULL) + _thread_finalize(); + + _ATEXIT_LOCK(); + call_depth++; + +restart: + restartloop = 0; + for (p = __atexit; p != NULL; p = p->next) { + for (n = p->ind; --n >= 0;) { + if (p->fns[n].fn_ptr == NULL) + continue; /* already called */ + if (dso != NULL && dso != p->fns[n].fn_dso) + continue; /* wrong DSO */ + + /* + * Mark handler as having been already called to avoid + * dupes and loops, then call the appropriate function. + */ + fn = p->fns[n]; + if (mprotect(p, pgsize, PROT_READ | PROT_WRITE) == 0) { + p->fns[n].fn_ptr = NULL; + mprotect(p, pgsize, PROT_READ); + } + _ATEXIT_UNLOCK(); + (*fn.fn_ptr)(fn.fn_arg); + _ATEXIT_LOCK(); + if (restartloop) + goto restart; + } + } + + call_depth--; + + /* + * If called via exit(), unmap the pages since we have now run + * all the handlers. We defer this until calldepth == 0 so that + * we don't unmap things prematurely if called recursively. + */ + if (dso == NULL && call_depth == 0) { + for (p = __atexit; p != NULL; ) { + q = p; + p = p->next; + munmap(q, pgsize); + } + __atexit = NULL; + } + _ATEXIT_UNLOCK(); + + /* + * If unloading a DSO, unregister any atfork handlers registered + * by it. Skip the locking if the list is currently empty. + */ + if (dso != NULL && TAILQ_FIRST(&_atfork_list) != NULL) { + struct atfork_fn *af, *afnext; + + _ATFORK_LOCK(); + TAILQ_FOREACH_SAFE(af, &_atfork_list, fn_next, afnext) + if (af->fn_dso == dso) { + TAILQ_REMOVE(&_atfork_list, af, fn_next); + free(af); + } + _ATFORK_UNLOCK(); + + } +} +DEF_STRONG(__cxa_finalize); + +/* + * Register the cleanup function + */ +void +__atexit_register_cleanup(void (*func)(void)) +{ + struct atexit *p; + int pgsize = getpagesize(); + + if (pgsize < sizeof(*p)) + return; + _ATEXIT_LOCK(); + p = __atexit; + while (p != NULL && p->next != NULL) + p = p->next; + if (p == NULL) { + p = mmap(NULL, pgsize, PROT_READ | PROT_WRITE, + MAP_ANON | MAP_PRIVATE, -1, 0); + if (p == MAP_FAILED) + goto unlock; + p->ind = 1; + p->max = (pgsize - ((char *)&p->fns[0] - (char *)p)) / + sizeof(p->fns[0]); + p->next = NULL; + __atexit = p; + } else { + if (mprotect(p, pgsize, PROT_READ | PROT_WRITE)) + goto unlock; + } + p->fns[0].fn_ptr = (void (*)(void *))func; + p->fns[0].fn_arg = NULL; + p->fns[0].fn_dso = NULL; + mprotect(p, pgsize, PROT_READ); + restartloop = 1; +unlock: + _ATEXIT_UNLOCK(); } diff --git a/src/lib/libc/stdlib/atexit.h b/src/lib/libc/stdlib/atexit.h index 28bf3a7f270..f2fa7bd83f7 100644 --- a/src/lib/libc/stdlib/atexit.h +++ b/src/lib/libc/stdlib/atexit.h @@ -1,4 +1,4 @@ -/* $OpenBSD: atexit.h,v 1.5 2002/08/30 07:58:07 dhartmei Exp $ */ +/* $OpenBSD: atexit.h,v 1.12 2017/12/16 20:06:56 guenther Exp $ */ /* * Copyright (c) 2002 Daniel Hartmeier @@ -34,8 +34,28 @@ struct atexit { struct atexit *next; /* next in list */ int ind; /* next index in this table */ int max; /* max entries >= ATEXIT_SIZE */ - void (*fns[1])(); /* the table itself */ + struct atexit_fn { + void (*fn_ptr)(void *); + void *fn_arg; /* argument for CXA callback */ + void *fn_dso; /* shared module handle */ + } fns[1]; /* the table itself */ }; -extern int __atexit_invalid; +/* a chain of these are hung off each thread's TIB's tib_atexit member */ +struct thread_atexit_fn { + void (*func)(void *); + void *arg; + struct thread_atexit_fn *next; +}; + +__BEGIN_HIDDEN_DECLS extern struct atexit *__atexit; /* points to head of LIFO stack */ +__END_HIDDEN_DECLS + +int __cxa_atexit(void (*)(void *), void *, void *); +int __cxa_thread_atexit(void (*)(void *), void *, void *); +void __cxa_finalize(void *); + +PROTO_NORMAL(__cxa_atexit); +PROTO_STD_DEPRECATED(__cxa_thread_atexit); +PROTO_NORMAL(__cxa_finalize); diff --git a/src/lib/libc/stdlib/atof.3 b/src/lib/libc/stdlib/atof.3 index 0bd85dbe829..183f22d358d 100644 --- a/src/lib/libc/stdlib/atof.3 +++ b/src/lib/libc/stdlib/atof.3 @@ -13,11 +13,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -33,18 +29,16 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: atof.3,v 1.3 1999/06/29 18:36:18 aaron Exp $ +.\" $OpenBSD: atof.3,v 1.9 2019/01/16 12:55:49 schwarze Exp $ .\" -.Dd June 29, 1991 +.Dd $Mdocdate: January 16 2019 $ .Dt ATOF 3 .Os .Sh NAME .Nm atof -.Nd convert -.Tn ASCII -string to double +.Nd convert ASCII string to double .Sh SYNOPSIS -.Fd #include +.In stdlib.h .Ft double .Fn atof "const char *nptr" .Sh DESCRIPTION @@ -71,3 +65,17 @@ The .Fn atof function conforms to .St -ansiC . +.Sh HISTORY +An +.Fn atof +function first appeared in +.At v1 . +.Sh CAVEATS +On systems other than +.Ox , +the +.Dv LC_NUMERIC +.Xr locale 1 +category can cause parsing failures; see CAVEATS in +.Xr setlocale 3 +for details. diff --git a/src/lib/libc/stdlib/atof.c b/src/lib/libc/stdlib/atof.c index 30bac198993..d14b58b0700 100644 --- a/src/lib/libc/stdlib/atof.c +++ b/src/lib/libc/stdlib/atof.c @@ -1,3 +1,4 @@ +/* $OpenBSD: atof.c,v 1.5 2005/08/08 08:05:36 espie Exp $ */ /* * Copyright (c) 1988 The Regents of the University of California. * All rights reserved. @@ -10,11 +11,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -31,15 +28,10 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: atof.c,v 1.2 1996/08/19 08:33:24 tholo Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include double -atof(ascii) - const char *ascii; +atof(const char *ascii) { return(strtod(ascii, (char **)NULL)); } diff --git a/src/lib/libc/stdlib/atoi.3 b/src/lib/libc/stdlib/atoi.3 index 69b94be70c2..0cd90ccffb9 100644 --- a/src/lib/libc/stdlib/atoi.3 +++ b/src/lib/libc/stdlib/atoi.3 @@ -13,11 +13,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -33,18 +29,16 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: atoi.3,v 1.5 2000/04/20 13:50:01 aaron Exp $ +.\" $OpenBSD: atoi.3,v 1.12 2015/09/10 15:16:43 schwarze Exp $ .\" -.Dd June 4, 1993 +.Dd $Mdocdate: September 10 2015 $ .Dt ATOI 3 .Os .Sh NAME .Nm atoi -.Nd convert -.Tn ASCII -string to integer +.Nd convert ASCII string to integer .Sh SYNOPSIS -.Fd #include +.In stdlib.h .Ft int .Fn atoi "const char *nptr" .Sh DESCRIPTION @@ -60,26 +54,36 @@ It is equivalent to: .Bd -literal -offset indent (int)strtol(nptr, (char **)NULL, 10); .Ed -.Sh CAVEATS -.Nm -does no overflow checking, handles unsigned numbers poorly, -and handles strings containing trailing extra characters -(like -.Dq "123abc" Ns ) -poorly. -Careful use of -.Xr strtol 3 -and -.Xr strtoul 3 -can alleviate these problems. .Sh SEE ALSO .Xr atof 3 , .Xr atol 3 , .Xr strtod 3 , .Xr strtol 3 , +.Xr strtonum 3 , .Xr strtoul 3 .Sh STANDARDS The .Fn atoi function conforms to .St -ansiC . +.Sh HISTORY +An +.Fn atoi +function first appeared in +.At v1 . +.Sh CAVEATS +.Nm +does no overflow checking, handles unsigned numbers poorly, +and handles strings containing trailing extra characters +(like +.Dq "123abc" ) +poorly. +Careful use of +.Xr strtol 3 +and +.Xr strtoul 3 +can alleviate these problems, +but +.Xr strtonum 3 +can be used to convert numbers from strings much more safely +and easily. diff --git a/src/lib/libc/stdlib/atoi.c b/src/lib/libc/stdlib/atoi.c index a74d6e1351f..7c9eb1331b0 100644 --- a/src/lib/libc/stdlib/atoi.c +++ b/src/lib/libc/stdlib/atoi.c @@ -1,3 +1,4 @@ +/* $OpenBSD: atoi.c,v 1.6 2015/09/13 08:31:47 guenther Exp $ */ /* * Copyright (c) 1988 Regents of the University of California. * All rights reserved. @@ -10,11 +11,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -31,15 +28,11 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: atoi.c,v 1.2 1996/08/19 08:33:24 tholo Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include int -atoi(str) - const char *str; +atoi(const char *str) { return((int)strtol(str, (char **)NULL, 10)); } +DEF_STRONG(atoi); diff --git a/src/lib/libc/stdlib/atol.3 b/src/lib/libc/stdlib/atol.3 index 53a518997f9..c80f61f754b 100644 --- a/src/lib/libc/stdlib/atol.3 +++ b/src/lib/libc/stdlib/atol.3 @@ -13,11 +13,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -33,18 +29,16 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: atol.3,v 1.4 2000/04/20 13:50:01 aaron Exp $ +.\" $OpenBSD: atol.3,v 1.10 2015/09/10 15:16:43 schwarze Exp $ .\" -.Dd June 29, 1991 +.Dd $Mdocdate: September 10 2015 $ .Dt ATOL 3 .Os .Sh NAME .Nm atol -.Nd convert -.Tn ASCII -string to long integer +.Nd convert ASCII string to long integer .Sh SYNOPSIS -.Fd #include +.In stdlib.h .Ft long .Fn atol "const char *nptr" .Sh DESCRIPTION @@ -63,6 +57,7 @@ strtol(nptr, (char **)NULL, 10); .Sh SEE ALSO .Xr atof 3 , .Xr atoi 3 , +.Xr atoll 3 , .Xr strtod 3 , .Xr strtol 3 , .Xr strtoul 3 @@ -70,4 +65,4 @@ strtol(nptr, (char **)NULL, 10); The .Fn atol function conforms to -.St -ansiC . +.St -isoC-99 . diff --git a/src/lib/libc/stdlib/atol.c b/src/lib/libc/stdlib/atol.c index 528a9322149..1970804401c 100644 --- a/src/lib/libc/stdlib/atol.c +++ b/src/lib/libc/stdlib/atol.c @@ -1,3 +1,4 @@ +/* $OpenBSD: atol.c,v 1.5 2005/08/08 08:05:36 espie Exp $ */ /* * Copyright (c) 1988 Regents of the University of California. * All rights reserved. @@ -10,11 +11,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -31,15 +28,10 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: atol.c,v 1.2 1996/08/19 08:33:26 tholo Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include long -atol(str) - const char *str; +atol(const char *str) { return(strtol(str, (char **)NULL, 10)); } diff --git a/src/lib/libc/stdlib/atoll.3 b/src/lib/libc/stdlib/atoll.3 new file mode 100644 index 00000000000..0cf8e40f8ec --- /dev/null +++ b/src/lib/libc/stdlib/atoll.3 @@ -0,0 +1,68 @@ +.\" Copyright (c) 1990, 1991 The Regents of the University of California. +.\" All rights reserved. +.\" +.\" This code is derived from software contributed to Berkeley by +.\" the American National Standards Committee X3, on Information +.\" Processing Systems. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $OpenBSD: atoll.3,v 1.8 2015/09/10 15:16:43 schwarze Exp $ +.\" +.Dd $Mdocdate: September 10 2015 $ +.Dt ATOLL 3 +.Os +.Sh NAME +.Nm atoll +.Nd convert ASCII string to long long integer +.Sh SYNOPSIS +.In stdlib.h +.Ft long long +.Fn atoll "const char *nptr" +.Sh DESCRIPTION +The +.Fn atoll +function converts the initial portion of the string pointed to by +.Fa nptr +to +.Li long long integer +representation. +.Pp +It is equivalent to: +.Bd -literal -offset indent +strtoll(nptr, (char **)NULL, 10); +.Ed +.Sh SEE ALSO +.Xr atof 3 , +.Xr atoi 3 , +.Xr atol 3 , +.Xr strtod 3 , +.Xr strtol 3 , +.Xr strtoul 3 +.Sh STANDARDS +The +.Fn atoll +function conforms to +.St -isoC-99 . diff --git a/src/lib/libc/stdlib/atoll.c b/src/lib/libc/stdlib/atoll.c new file mode 100644 index 00000000000..a65e682cfb4 --- /dev/null +++ b/src/lib/libc/stdlib/atoll.c @@ -0,0 +1,38 @@ +/* $OpenBSD: atoll.c,v 1.3 2005/08/08 08:05:36 espie Exp $ */ +/* + * Copyright (c) 1988 Regents of the University of California. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include + +long long +atoll(str) + const char *str; +{ + return(strtoll(str, (char **)NULL, 10)); +} diff --git a/src/lib/libc/stdlib/bsearch.3 b/src/lib/libc/stdlib/bsearch.3 index 9bb9d4ece4a..9c66eac0fea 100644 --- a/src/lib/libc/stdlib/bsearch.3 +++ b/src/lib/libc/stdlib/bsearch.3 @@ -13,11 +13,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -33,18 +29,18 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: bsearch.3,v 1.5 2000/04/20 13:50:01 aaron Exp $ +.\" $OpenBSD: bsearch.3,v 1.10 2015/11/30 17:03:05 jmc Exp $ .\" -.Dd April 19, 1994 +.Dd $Mdocdate: November 30 2015 $ .Dt BSEARCH 3 .Os .Sh NAME .Nm bsearch .Nd binary search of a sorted table .Sh SYNOPSIS -.Fd #include +.In stdlib.h .Ft void * -.Fn bsearch "const void *key" "const void *base" "size_t nmemb" "size_t size" "int (*compar) (const void *, const void *)" +.Fn bsearch "const void *key" "const void *base" "size_t nmemb" "size_t size" "int (*compar)(const void *, const void *)" .Sh DESCRIPTION The .Fn bsearch @@ -77,7 +73,7 @@ function returns a pointer to a matching member of the array, or a null pointer if no match is found. If two members compare as equal, which member is matched is unspecified. .Sh SEE ALSO -.Xr db 3 , +.Xr dbopen 3 , .Xr lsearch 3 , .Xr qsort 3 , .Xr tsearch 3 diff --git a/src/lib/libc/stdlib/bsearch.c b/src/lib/libc/stdlib/bsearch.c index 1903202b6c2..59d478e7ebc 100644 --- a/src/lib/libc/stdlib/bsearch.c +++ b/src/lib/libc/stdlib/bsearch.c @@ -1,3 +1,4 @@ +/* $OpenBSD: bsearch.c,v 1.8 2016/10/22 19:19:34 tb Exp $ */ /* * Copyright (c) 1990 Regents of the University of California. * All rights reserved. @@ -10,11 +11,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -31,10 +28,6 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: bsearch.c,v 1.3 2002/02/16 21:27:24 millert Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include /* @@ -45,7 +38,7 @@ static char *rcsid = "$OpenBSD: bsearch.c,v 1.3 2002/02/16 21:27:24 millert Exp * is odd, moving left simply involves halving lim: e.g., when lim * is 5 we look at item 2, so we change lim to 2 so that we will * look at items 0 & 1. If lim is even, the same applies. If lim - * is odd, moving right again involes halving lim, this time moving + * is odd, moving right again involves halving lim, this time moving * the base up one item past p: e.g., when lim is 5 we change base * to item 3 and make lim 2 so that we will look at items 3 and 4. * If lim is even, however, we have to shrink it by one before @@ -54,16 +47,12 @@ static char *rcsid = "$OpenBSD: bsearch.c,v 1.3 2002/02/16 21:27:24 millert Exp * look at item 3. */ void * -bsearch(key, base0, nmemb, size, compar) - register const void *key; - const void *base0; - size_t nmemb; - register size_t size; - register int (*compar)(const void *, const void *); +bsearch(const void *key, const void *base0, size_t nmemb, size_t size, + int (*compar)(const void *, const void *)) { - register const char *base = base0; - register int lim, cmp; - register const void *p; + const char *base = base0; + int lim, cmp; + const void *p; for (lim = nmemb; lim != 0; lim >>= 1) { p = base + (lim >> 1) * size; diff --git a/src/lib/libc/stdlib/calloc.c b/src/lib/libc/stdlib/calloc.c deleted file mode 100644 index c75b256d146..00000000000 --- a/src/lib/libc/stdlib/calloc.c +++ /dev/null @@ -1,59 +0,0 @@ -/*- - * Copyright (c) 1990 The Regents of the University of California. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: calloc.c,v 1.7 2002/07/31 09:19:04 deraadt Exp $"; -#endif /* LIBC_SCCS and not lint */ - -#include -#include -#include -#include - -void * -calloc(num, size) - size_t num; - register size_t size; -{ - register void *p; - - if (num && size && SIZE_T_MAX / num < size) { - errno = ENOMEM; - return NULL; - } - size *= num; - p = malloc(size); - if (p) - memset(p, 0, size); - return(p); -} diff --git a/src/lib/libc/stdlib/cfree.c b/src/lib/libc/stdlib/cfree.c deleted file mode 100644 index 3af32039a9b..00000000000 --- a/src/lib/libc/stdlib/cfree.c +++ /dev/null @@ -1,49 +0,0 @@ -/* $OpenBSD: cfree.c,v 1.1 1996/08/21 03:47:22 tholo Exp $ */ - -/* - * Copyright (c) 1996 SigmaSoft, Th. Lockert - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by SigmaSoft, Th. Lockert. - * 4. The name of the author may not be used to endorse or promote products - * derived from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL - * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; - * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$OpenBSD: cfree.c,v 1.1 1996/08/21 03:47:22 tholo Exp $"; -#endif /* LIBC_SCCS and not lint */ - -#include - -#ifdef __indr_reference -__indr_reference(free, cfree); -#else - -void -cfree(p) - void *p; -{ - free(p); -} -#endif diff --git a/src/lib/libc/stdlib/div.3 b/src/lib/libc/stdlib/div.3 index 1f651d7fd37..421400a2943 100644 --- a/src/lib/libc/stdlib/div.3 +++ b/src/lib/libc/stdlib/div.3 @@ -11,11 +11,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -31,23 +27,23 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: div.3,v 1.5 2000/04/20 13:50:02 aaron Exp $ +.\" $OpenBSD: div.3,v 1.12 2016/08/14 23:18:03 guenther Exp $ .\" -.Dd April 19, 1991 +.Dd $Mdocdate: August 14 2016 $ .Dt DIV 3 .Os .Sh NAME .Nm div .Nd return quotient and remainder from division .Sh SYNOPSIS -.Fd #include +.In stdlib.h .Ft div_t .Fn div "int num" "int denom" .Sh DESCRIPTION The .Fn div function computes the value -.Fa num Ns No / Ns Fa denom +.Fa num Ns / Ns Fa denom and returns the quotient and remainder in a structure named .Fa div_t that contains two @@ -57,9 +53,9 @@ members named and .Fa rem . .Sh SEE ALSO +.Xr imaxdiv 3 , .Xr ldiv 3 , -.Xr math 3 , -.Xr qdiv 3 +.Xr lldiv 3 .Sh STANDARDS The .Fn div diff --git a/src/lib/libc/stdlib/div.c b/src/lib/libc/stdlib/div.c index c1fae29008e..beaa428c7a8 100644 --- a/src/lib/libc/stdlib/div.c +++ b/src/lib/libc/stdlib/div.c @@ -1,3 +1,4 @@ +/* $OpenBSD: div.c,v 1.6 2015/09/13 08:31:47 guenther Exp $ */ /* * Copyright (c) 1990 Regents of the University of California. * All rights reserved. @@ -13,11 +14,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -34,15 +31,10 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: div.c,v 1.2 1996/08/19 08:33:29 tholo Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include /* div_t */ div_t -div(num, denom) - int num, denom; +div(int num, int denom) { div_t r; @@ -77,3 +69,4 @@ div(num, denom) } return (r); } +DEF_STRONG(div); diff --git a/src/lib/libc/stdlib/drand48.c b/src/lib/libc/stdlib/drand48.c index 02886d5b621..429e4cf3788 100644 --- a/src/lib/libc/stdlib/drand48.c +++ b/src/lib/libc/stdlib/drand48.c @@ -1,3 +1,4 @@ +/* $OpenBSD: drand48.c,v 1.7 2015/09/14 13:30:17 guenther Exp $ */ /* * Copyright (c) 1993 Martin Birgmeier * All rights reserved. @@ -11,16 +12,19 @@ * to anyone/anything when using this software. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$OpenBSD: drand48.c,v 1.2 1996/08/19 08:33:29 tholo Exp $"; -#endif /* LIBC_SCCS and not lint */ - +#include #include "rand48.h" -extern unsigned short __rand48_seed[3]; - double drand48(void) { + if (__rand48_deterministic == 0) { + unsigned short rseed[3]; + + arc4random_buf(rseed, sizeof rseed); + return ldexp((double) rseed[0], -48) + + ldexp((double) rseed[1], -32) + + ldexp((double) rseed[2], -16); + } return erand48(__rand48_seed); } diff --git a/src/lib/libc/stdlib/ecvt.3 b/src/lib/libc/stdlib/ecvt.3 new file mode 100644 index 00000000000..f478f8e4b04 --- /dev/null +++ b/src/lib/libc/stdlib/ecvt.3 @@ -0,0 +1,166 @@ +.\" $OpenBSD: ecvt.3,v 1.13 2019/01/25 00:19:25 millert Exp $ +.\" +.\" Copyright (c) 2002 Todd C. Miller +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" Sponsored in part by the Defense Advanced Research Projects +.\" Agency (DARPA) and Air Force Research Laboratory, Air Force +.\" Materiel Command, USAF, under agreement number F39502-99-1-0512. +.\" +.Dd $Mdocdate: January 25 2019 $ +.Dt ECVT 3 +.Os +.Sh NAME +.Nm ecvt , +.Nm fcvt , +.Nm gcvt +.Nd convert double to ASCII string +.Sh SYNOPSIS +.In stdlib.h +.Ft char * +.Fn ecvt "double value" "int ndigit" "int *decpt" "int *sign" +.Ft char * +.Fn fcvt "double value" "int ndigit" "int *decpt" "int *sign" +.Ft char * +.Fn gcvt "double value" "int ndigit" "char *buf" +.Sh DESCRIPTION +.Bf -symbolic +These functions are provided for compatibility with legacy code. +New code should use the +.Xr snprintf 3 +function for improved safety and portability. +.Ef +.Pp +The +.Fn ecvt , +.Fn fcvt +and +.Fn gcvt +functions convert the double precision floating-point number +.Fa value +to a NUL-terminated +.Tn ASCII +string. +.Pp +The +.Fn ecvt +function converts +.Fa value +to a NUL-terminated string of exactly +.Fa ndigit +digits and returns a pointer to that string. +The result is padded with zeroes from left to right as needed. +There are no leading zeroes unless +.Fa value +itself is 0. +The least significant digit is rounded in an implementation-dependent manner. +The position of the decimal point relative to the beginning of the string +is stored in +.Fa decpt . +A negative value indicates that the decimal point is located +to the left of the returned digits (this occurs when there is no +whole number component to +.Fa value ) . +If +.Fa value +is zero, it is unspecified whether the integer pointed to by +.Fa decpt +will be 0 or 1. +The decimal point itself is not included in the returned string. +If the sign of the result is negative, the integer pointed to by +.Fa sign +is non-zero; otherwise, it is 0. +.Pp +If the converted value is out of range or is not representable, +the contents of the returned string are unspecified. +.Pp +The +.Fn fcvt +function is identical to +.Fn ecvt +with the exception that +.Fa ndigit +specifies the number of digits after the decimal point (zero-padded as +needed). +.Pp +The +.Fn gcvt +function converts +.Fa value +to a NUL-terminated string similar to the %g +.Xr printf 3 +format specifier and stores the result in +.Fa buf . +It produces +.Fa ndigit +significant digits similar to the %f +.Xr printf 3 +format specifier where possible. +If +.Fa ndigit +does allow sufficient precision, the result is stored in +exponential notation similar to the %e +.Xr printf 3 +format specifier. +If +.Fa value +is less than zero, +.Fa buf +will be prefixed with a minus sign. +A decimal point is included in the returned string if +.Fa value +is not a whole number. +Unlike the +.Fn ecvt +and +.Fn fcvt +functions, +.Fa buf +is not zero-padded. +.Sh RETURN VALUES +The +.Fn ecvt , +.Fn fcvt +and +.Fn gcvt +functions return a NUL-terminated string representation of +.Fa value . +.Sh SEE ALSO +.Xr printf 3 , +.Xr strtod 3 +.Sh STANDARDS +The +.Fn ecvt , +.Fn fcvt +and +.Fn gcvt +functions conform to +.St -p1003.1-2001 ; +as of +.St -p1003.1-2008 +they are no longer a part of the standard. +.Sh CAVEATS +The +.Fn ecvt +and +.Fn fcvt +functions return a pointer to internal storage space that will be +overwritten by subsequent calls to either function. +.Pp +The maximum possible precision of the return value is limited by the +precision of a double and may not be the same on all architectures. +.Pp +The +.Xr snprintf 3 +function is preferred over these functions for new code. diff --git a/src/lib/libc/stdlib/ecvt.c b/src/lib/libc/stdlib/ecvt.c new file mode 100644 index 00000000000..a6b1d748fe7 --- /dev/null +++ b/src/lib/libc/stdlib/ecvt.c @@ -0,0 +1,104 @@ +/* $OpenBSD: ecvt.c,v 1.11 2019/01/25 00:19:25 millert Exp $ */ + +/* + * Copyright (c) 2002, 2006 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Sponsored in part by the Defense Advanced Research Projects + * Agency (DARPA) and Air Force Research Laboratory, Air Force + * Materiel Command, USAF, under agreement number F39502-99-1-0512. + */ + +#include +#include +#include +#include "gdtoa.h" + +static char *__cvt(double, int, int *, int *, int, int); + +static char * +__cvt(double value, int ndigit, int *decpt, int *sign, int fmode, int pad) +{ + static char *s; + char *p, *rve, c; + size_t siz; + + if (ndigit == 0) { + *sign = value < 0.0; + *decpt = 0; + return (""); + } + + free(s); + s = NULL; + + if (ndigit < 0) + siz = -ndigit + 1; + else + siz = ndigit + 1; + + + /* __dtoa() doesn't allocate space for 0 so we do it by hand */ + if (value == 0.0) { + *decpt = 1 - fmode; /* 1 for 'e', 0 for 'f' */ + *sign = 0; + if ((rve = s = malloc(siz)) == NULL) + return(NULL); + *rve++ = '0'; + *rve = '\0'; + } else { + p = __dtoa(value, fmode + 2, ndigit, decpt, sign, &rve); + if (p == NULL) + return (NULL); + if (*decpt == 9999) { + /* Infinity or Nan, convert to inf or nan like printf */ + *decpt = 0; + c = *p; + __freedtoa(p); + return(c == 'I' ? "inf" : "nan"); + } + /* Make a local copy and adjust rve to be in terms of s */ + if (pad && fmode) + siz += *decpt; + if ((s = malloc(siz)) == NULL) { + __freedtoa(p); + return(NULL); + } + (void) strlcpy(s, p, siz); + rve = s + (rve - p); + __freedtoa(p); + } + + /* Add trailing zeros */ + if (pad) { + siz -= rve - s; + while (--siz) + *rve++ = '0'; + *rve = '\0'; + } + + return(s); +} + +char * +ecvt(double value, int ndigit, int *decpt, int *sign) +{ + return(__cvt(value, ndigit, decpt, sign, 0, 1)); +} + +char * +fcvt(double value, int ndigit, int *decpt, int *sign) +{ + return(__cvt(value, ndigit, decpt, sign, 1, 1)); +} diff --git a/src/lib/libc/stdlib/erand48.c b/src/lib/libc/stdlib/erand48.c index b92dacffcc3..db0529f4a0f 100644 --- a/src/lib/libc/stdlib/erand48.c +++ b/src/lib/libc/stdlib/erand48.c @@ -1,3 +1,4 @@ +/* $OpenBSD: erand48.c,v 1.5 2015/09/14 13:30:17 guenther Exp $ */ /* * Copyright (c) 1993 Martin Birgmeier * All rights reserved. @@ -11,10 +12,7 @@ * to anyone/anything when using this software. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$OpenBSD: erand48.c,v 1.2 1996/08/19 08:33:29 tholo Exp $"; -#endif /* LIBC_SCCS and not lint */ - +#include #include "rand48.h" double @@ -25,3 +23,4 @@ erand48(unsigned short xseed[3]) ldexp((double) xseed[1], -32) + ldexp((double) xseed[2], -16); } +DEF_WEAK(erand48); diff --git a/src/lib/libc/stdlib/exit.3 b/src/lib/libc/stdlib/exit.3 index bcfdfd38f57..a1c43780d65 100644 --- a/src/lib/libc/stdlib/exit.3 +++ b/src/lib/libc/stdlib/exit.3 @@ -13,11 +13,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -33,16 +29,16 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: exit.3,v 1.6 2001/07/27 23:48:12 mpech Exp $ +.\" $OpenBSD: exit.3,v 1.16 2014/11/30 21:21:59 schwarze Exp $ .\" -.Dd June 29, 1991 +.Dd $Mdocdate: November 30 2014 $ .Dt EXIT 3 .Os .Sh NAME .Nm exit .Nd perform normal program termination .Sh SYNOPSIS -.Fd #include +.In stdlib.h .Ft void .Fn exit "int status" .Sh DESCRIPTION @@ -66,12 +62,13 @@ Unlink all files created with the .Xr tmpfile 3 function. .El +.Pp Following this, .Fn exit calls .Xr _exit 2 . Note that typically -.Xr exit 2 +.Xr _exit 2 only passes the lower 8 bits of .Fa status on to the parent, thus negative values have less meaning. @@ -89,4 +86,17 @@ function never returns. The .Fn exit function conforms to -.St -ansiC . +.St -isoC-99 . +.Sh HISTORY +An +.Fn exit +function first appeared as a system call in +.At v1 . +It has accepted the +.Fa status +argument since +.At v2 . +In +.At v7 , +the bare system call was renamed to +.Xr _exit 2 . diff --git a/src/lib/libc/stdlib/exit.c b/src/lib/libc/stdlib/exit.c index c69639125ef..e93d4313e36 100644 --- a/src/lib/libc/stdlib/exit.c +++ b/src/lib/libc/stdlib/exit.c @@ -1,3 +1,4 @@ +/* $OpenBSD: exit.c,v 1.14 2017/08/12 22:59:52 guenther Exp $ */ /*- * Copyright (c) 1990 The Regents of the University of California. * All rights reserved. @@ -10,11 +11,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -31,18 +28,9 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: exit.c,v 1.7 2002/08/30 07:58:07 dhartmei Exp $"; -#endif /* LIBC_SCCS and not lint */ - -#include -#include #include #include #include "atexit.h" -#include "thread_private.h" - -void (*__cleanup)(); /* * This variable is zero until a process has created a thread. @@ -57,23 +45,13 @@ int __isthreaded = 0; * Exit, flushing stdio buffers if necessary. */ void -exit(status) - int status; +exit(int status) { - register struct atexit *p, *q; - register int n, pgsize = getpagesize(); - - if (!__atexit_invalid) { - p = __atexit; - while (p != NULL) { - for (n = p->ind; --n >= 0;) - (*p->fns[n])(); - q = p; - p = p->next; - munmap(q, pgsize); - } - } - if (__cleanup) - (*__cleanup)(); + /* + * Call functions registered by atexit() or _cxa_atexit() + * (including the stdio cleanup routine) and then _exit(). + */ + __cxa_finalize(NULL); _exit(status); } +DEF_STRONG(exit); diff --git a/src/lib/libc/stdlib/gcvt.c b/src/lib/libc/stdlib/gcvt.c new file mode 100644 index 00000000000..f9528e7e7a1 --- /dev/null +++ b/src/lib/libc/stdlib/gcvt.c @@ -0,0 +1,123 @@ +/* $OpenBSD: gcvt.c,v 1.14 2019/01/25 00:19:25 millert Exp $ */ + +/* + * Copyright (c) 2002, 2003, 2006, 2010 + * Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Sponsored in part by the Defense Advanced Research Projects + * Agency (DARPA) and Air Force Research Laboratory, Air Force + * Materiel Command, USAF, under agreement number F39502-99-1-0512. + */ + +#include +#include +#include +#include +#include "gdtoa.h" + +#define DEFPREC 6 + +char * +gcvt(double value, int ndigit, char *buf) +{ + char *digits, *dst, *src; + int i, decpt, sign; + struct lconv *lconv; + + lconv = localeconv(); + if (ndigit <= 0) { + /* Match printf(3) behavior. */ + ndigit = ndigit ? DEFPREC : 1; + } + + digits = __dtoa(value, 2, ndigit, &decpt, &sign, NULL); + if (digits == NULL) + return (NULL); + if (decpt == 9999) { + /* + * Infinity or NaN, convert to inf or nan with sign. + * We can't infer buffer size based on ndigit. + * We have to assume it is at least 5 chars. + */ + snprintf(buf, 5, "%s%s", sign ? "-" : "", + *digits == 'I' ? "inf" : "nan"); + __freedtoa(digits); + return (buf); + } + + dst = buf; + if (sign) + *dst++ = '-'; + + /* Match printf(3) behavior for exponential vs. regular fomatting. */ + if (decpt <= -4 || decpt > ndigit) { + /* exponential format (e.g. 1.2345e+13) */ + if (--decpt < 0) { + sign = 1; + decpt = -decpt; + } else + sign = 0; + src = digits; + *dst++ = *src++; + if (*src != '\0') { + *dst++ = *lconv->decimal_point; + do { + *dst++ = *src++; + } while (*src != '\0'); + } + *dst++ = 'e'; + if (sign) + *dst++ = '-'; + else + *dst++ = '+'; + if (decpt < 10) { + *dst++ = '0'; + *dst++ = '0' + decpt; + *dst = '\0'; + } else { + /* XXX - optimize */ + for (sign = decpt, i = 0; (sign /= 10) != 0; i++) + continue; + dst[i + 1] = '\0'; + while (decpt != 0) { + dst[i--] = '0' + decpt % 10; + decpt /= 10; + } + } + } else { + /* standard format */ + for (i = 0, src = digits; i < decpt; i++) { + if (*src != '\0') + *dst++ = *src++; + else + *dst++ = '0'; + } + if (*src != '\0') { + if (src == digits) + *dst++ = '0'; /* zero before decimal point */ + *dst++ = *lconv->decimal_point; + while (decpt < 0) { + *dst++ = '0'; + decpt++; + } + for (i = decpt; digits[i] != '\0'; i++) { + *dst++ = digits[i]; + } + } + *dst = '\0'; + } + __freedtoa(digits); + return (buf); +} diff --git a/src/lib/libc/stdlib/getenv.3 b/src/lib/libc/stdlib/getenv.3 index b2aa0080d67..ce2ef43b6f3 100644 --- a/src/lib/libc/stdlib/getenv.3 +++ b/src/lib/libc/stdlib/getenv.3 @@ -13,11 +13,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -33,9 +29,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: getenv.3,v 1.7 2000/04/20 13:50:02 aaron Exp $ +.\" $OpenBSD: getenv.3,v 1.21 2014/07/11 09:24:03 tedu Exp $ .\" -.Dd December 11, 1993 +.Dd $Mdocdate: July 11 2014 $ .Dt GETENV 3 .Os .Sh NAME @@ -45,28 +41,22 @@ .Nm unsetenv .Nd environment variable functions .Sh SYNOPSIS -.Fd #include +.In stdlib.h .Ft char * .Fn getenv "const char *name" .Ft int .Fn setenv "const char *name" "const char *value" "int overwrite" .Ft int -.Fn putenv "const char *string" -.Ft void +.Fn putenv "char *string" +.Ft int .Fn unsetenv "const char *name" .Sh DESCRIPTION These functions set, unset, and fetch environment variables from the host .Em environment list . -For compatibility with differing environment conventions, the given arguments -.Fa name -and -.Fa value -may be appended and prepended, respectively, with an equal sign -.Dq Li \&= . .Pp The .Fn getenv -function obtains the current value of the environment variable, +function obtains the current value of the environment variable .Fa name . If the variable .Fa name @@ -91,11 +81,20 @@ is zero, the variable is not reset, otherwise it is reset to the given The .Fn putenv function takes an argument of the form -.Ar name Ns No = Ns Ar value -and is equivalent to: -.Bd -literal -offset indent -setenv(name, value, 1); -.Ed +.Ar name Ns = Ns Ar value . +The memory pointed to by +.Ar string +becomes part of the environment and must not be deallocated by the caller. +If the variable already exists, it will be overwritten. +A common source of bugs is to pass a +.Ar string +argument that is a locally scoped string buffer. +This will result in corruption of the environment after leaving +the scope in which the variable is defined. +For this reason, the +.Fn setenv +function is preferred over +.Fn putenv . .Pp The .Fn unsetenv @@ -103,44 +102,84 @@ function deletes all instances of the variable name pointed to by .Fa name from the list. .Sh RETURN VALUES -The functions -.Fn setenv -and -.Fn putenv -return zero if successful; otherwise the global variable -.Va errno -is set to indicate the error and \-1 is returned. +.Rv -std putenv setenv unsetenv .Pp +The +.Fn getenv +function returns a pointer to the requested value, or +.Dv NULL +if it could not be found. If .Fn getenv is successful, the string returned should be considered read-only. .Sh ERRORS -.Bl -tag -width [ENOMEM] +.Bl -tag -width Er +.It Bq Er EINVAL +The +.Fn setenv +or +.Fn unsetenv +function was passed an empty +.Ar name +or a NULL pointer, or was passed a +.Ar name +containing an +.Sq = +character. +.Pp +The +.Fn putenv +function was passed a +.Ar string +that did not contain an +.Sq = +character. .It Bq Er ENOMEM -The function +The .Fn setenv or .Fn putenv -failed because they were unable to allocate memory for the environment. +function failed because it was unable to allocate memory for the environment. .El .Sh SEE ALSO .Xr csh 1 , .Xr sh 1 , .Xr execve 2 , +.Xr issetugid 2 , .Xr environ 7 .Sh STANDARDS The .Fn getenv function conforms to .St -ansiC . +The +.Fn putenv , +.Fn setenv , +and +.Fn unsetenv +functions conform to +.St -p1003.1-2008 . .Sh HISTORY +The function +.Fn getenv +appeared in +.At v7 +and +.Bx 3 . The functions .Fn setenv and .Fn unsetenv appeared in -.At v7 . +.Bx 4.3 Tahoe . The .Fn putenv function appeared in .Bx 4.3 Reno . +.Sh CAVEATS +Library code must be careful about using +.Fn getenv +to read untrusted environment variables in setuid programs. +The +.Fn issetugid +function is provided for this purpose. diff --git a/src/lib/libc/stdlib/getenv.c b/src/lib/libc/stdlib/getenv.c index 4db86df915f..054497b4320 100644 --- a/src/lib/libc/stdlib/getenv.c +++ b/src/lib/libc/stdlib/getenv.c @@ -1,3 +1,4 @@ +/* $OpenBSD: getenv.c,v 1.12 2016/03/13 18:34:21 guenther Exp $ */ /* * Copyright (c) 1987, 1993 * The Regents of the University of California. All rights reserved. @@ -10,11 +11,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -31,38 +28,30 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: getenv.c,v 1.4 1998/07/16 18:02:33 deraadt Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include #include + /* * __findenv -- * Returns pointer to value associated with name, if any, else NULL. + * Starts searching within the environmental array at offset. * Sets offset to be the offset of the name/value combination in the - * environmental array, for use by setenv(3) and unsetenv(3). + * environmental array, for use by putenv(3), setenv(3) and unsetenv(3). * Explicitly removes '=' in argument name. * * This routine *should* be a static; don't use it. */ char * -__findenv(name, offset) - register const char *name; - int *offset; +__findenv(const char *name, int len, int *offset) { - extern char **environ; - register int len, i; - register const char *np; - register char **p, *cp; + int i; + const char *np; + char **p, *cp; if (name == NULL || environ == NULL) return (NULL); - for (np = name; *np && *np != '='; ++np) - ; - len = np - name; - for (p = environ; (cp = *p) != NULL; ++p) { + for (p = environ + *offset; (cp = *p) != NULL; ++p) { for (np = name, i = len; i && *cp; i--) if (*cp++ != *np++) break; @@ -79,11 +68,13 @@ __findenv(name, offset) * Returns ptr to value associated with name, if any, else NULL. */ char * -getenv(name) - const char *name; +getenv(const char *name) { - int offset; - char *__findenv(); + int offset = 0; + const char *np; - return(__findenv(name, &offset)); + for (np = name; *np && *np != '='; ++np) + ; + return (__findenv(name, (int)(np - name), &offset)); } +DEF_STRONG(getenv); diff --git a/src/lib/libc/stdlib/getopt.3 b/src/lib/libc/stdlib/getopt.3 index 4acbe696067..af43ca66605 100644 --- a/src/lib/libc/stdlib/getopt.3 +++ b/src/lib/libc/stdlib/getopt.3 @@ -9,11 +9,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -29,20 +25,20 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: getopt.3,v 1.17 2002/08/19 22:29:52 miod Exp $ +.\" $OpenBSD: getopt.3,v 1.46 2016/01/04 19:43:13 tb Exp $ .\" -.Dd April 19, 1994 +.Dd $Mdocdate: January 4 2016 $ .Dt GETOPT 3 .Os .Sh NAME .Nm getopt .Nd get option character from command line argument list .Sh SYNOPSIS -.Fd #include +.In unistd.h .Vt extern char *optarg; +.Vt extern int opterr; .Vt extern int optind; .Vt extern int optopt; -.Vt extern int opterr; .Vt extern int optreset; .Ft int .Fn getopt "int argc" "char * const *argv" "const char *optstring" @@ -51,17 +47,22 @@ The .Fn getopt function incrementally parses a command line argument list .Fa argv -and returns the next known option character. +and returns the next +.Em known +option character. An option character is -.Dq known +.Em known if it has been specified in the string of accepted option characters, .Fa optstring . .Pp The option string .Fa optstring -may contain the following elements: individual characters and -characters followed by a colon to indicate an option argument -is to follow. +may contain the following elements: individual characters, +characters followed by a colon, and characters followed by two colons. +A character followed by a single colon indicates that an argument +is to follow the option on the command line. +Two colons indicates that the argument is optional \- this is an +extension not covered by POSIX. For example, an option string .Qq x recognizes an option @@ -72,7 +73,9 @@ recognizes an option and argument .Fl x Ar argument . It does not matter to .Fn getopt -if a following argument has leading whitespace. +if a following argument has leading whitespace; except in the case where +the argument is optional, denoted with two colons, no leading whitespace +is permitted. .Pp On return from .Fn getopt , @@ -85,10 +88,6 @@ contains the index to the next argument for a subsequent call to .Fn getopt . -The variable -.Va optopt -saves the last known option character returned by -.Fn getopt . .Pp The variables .Va opterr @@ -97,9 +96,15 @@ and are both initialized to 1. The .Va optind -variable may be set to another value before a set of calls to +variable may be set to another value larger than 0 before a set of calls to .Fn getopt -in order to skip over more or less argv entries. +in order to skip over more or less +.Fa argv +entries. +An +.Va optind +value of 0 is reserved for compatibility with GNU +.Fn getopt . .Pp In order to use .Fn getopt @@ -121,13 +126,49 @@ by the option .Ql -- (double dash) which causes .Fn getopt -to signal the end of argument processing and returns \-1. +to signal the end of argument processing and return \-1. When all options have been processed (i.e., up to the first non-option argument), .Fn getopt returns \-1. +.Sh RETURN VALUES +The +.Fn getopt +function returns the next known option character in +.Fa optstring . +If +.Fn getopt +encounters a character not found in +.Fa optstring +or if it detects a missing option argument, +it returns +.Sq \&? +(question mark). +If +.Fa optstring +has a leading +.Sq \&: +then a missing option argument causes +.Sq \&: +to be returned instead of +.Sq \&? . +In either case, the variable +.Va optopt +is set to the character that caused the error. +The +.Fn getopt +function returns \-1 when the argument list is exhausted. .Sh EXAMPLES -.Bd -literal -compact +The following code accepts the options +.Fl b +and +.Fl f Ar argument +and adjusts +.Va argc +and +.Va argv +after option argument processing has completed. +.Bd -literal -offset indent int bflag, ch, fd; bflag = 0; @@ -137,13 +178,9 @@ while ((ch = getopt(argc, argv, "bf:")) != -1) { bflag = 1; break; case 'f': - if ((fd = open(optarg, O_RDONLY, 0)) < 0) { - (void)fprintf(stderr, - "myname: %s: %s\en", optarg, strerror(errno)); - exit(1); - } + if ((fd = open(optarg, O_RDONLY, 0)) == -1) + err(1, "%s", optarg); break; - case '?': default: usage(); } @@ -151,24 +188,21 @@ while ((ch = getopt(argc, argv, "bf:")) != -1) { argc -= optind; argv += optind; .Ed -.Sh SEE ALSO -.Xr getopt 1 , -.Xr getsubopt 3 .Sh DIAGNOSTICS If the .Fn getopt function encounters a character not found in the string -.Va optstring +.Fa optstring or detects -a missing option argument it writes an error message to +a missing option argument, it writes an error message to .Em stderr and returns -.Ql ? . +.Ql \&? . Setting .Va opterr to a zero will disable these error messages. If -.Va optstring +.Fa optstring has a leading .Ql \&: then a missing option argument causes a @@ -178,33 +212,58 @@ to be returned in addition to suppressing any error messages. Option arguments are allowed to begin with .Ql - ; this is reasonable but reduces the amount of error checking possible. -.Sh EXTENSIONS +.Sh SEE ALSO +.Xr getopt 1 , +.Xr getopt_long 3 , +.Xr getsubopt 3 +.Sh STANDARDS +The +.Fn getopt +function implements a superset of the functionality specified by +.St -p1003.1 . +.Pp +The following extensions are supported: +.Bl -bullet +.It The .Va optreset variable was added to make it possible to call the .Fn getopt function multiple times. -This is an extension to the -.St -p1003.2 -specification. -.Sh HISTORY -The -.Fn getopt -function appeared in -.Bx 4.3 . -.Sh BUGS -The -.Fn getopt -function was once specified to return -.Dv EOF -instead of \-1. -This was changed by -.St -p1003.2-92 -to decouple +.It +If the +.Va optind +variable is set to 0, .Fn getopt -from -.Pa . -.Pp +will behave as if the +.Va optreset +variable has been set. +This is for compatibility with +.Tn GNU +.Fn getopt . +New code should use +.Va optreset +instead. +.It +If the first character of +.Fa optstring +is a plus sign +.Pq Ql + , +it will be ignored. +This is for compatibility with +.Tn GNU +.Fn getopt . +.It +If the first character of +.Fa optstring +is a dash +.Pq Ql - , +non-options will be returned as arguments to the option character +.Ql \e1 . +This is for compatibility with +.Tn GNU +.Fn getopt . +.It A single dash .Pq Ql - may be specified as a character in @@ -220,35 +279,85 @@ as an option flag. This practice is wrong, and should not be used in any current development. It is provided for backward compatibility .Em only . +Care should be taken not to use +.Ql - +as the first character in +.Fa optstring +to avoid a semantic conflict with +.Tn GNU +.Fn getopt +semantics (see above). By default, a single dash causes .Fn getopt to return \-1. -This is, we believe, compatible with System V. +.El .Pp -It is also possible to handle digits as option letters. +Historic +.Bx +versions of +.Fn getopt +set +.Fa optopt +to the last option character processed. +However, this conflicts with +.St -p1003.1 +which stipulates that +.Fa optopt +be set to the last character that caused an error. +.Sh HISTORY +The +.Fn getopt +function appeared in +.Bx 4.3 . +.Sh BUGS +The +.Fn getopt +function was once specified to return +.Dv EOF +instead of \-1. +This was changed by +.St -p1003.2-92 +to decouple +.Fn getopt +from +.In stdio.h . +.Pp +It is possible to handle digits as option letters. This allows .Fn getopt to be used with programs that expect a number -.Pq Dq Li \&-\&3 +.Pq Dq Li \-3 as an option. This practice is wrong, and should not be used in any current development. It is provided for backward compatibility .Em only . -The following code fragment works in most cases. +The following code fragment works in most cases and can handle mixed +number and letter arguments. .Bd -literal -offset indent -long length; -char *p; +int aflag = 0, bflag = 0, ch, lastch = '\e0'; +int length = -1, newarg = 1, prevoptind = 1; -while ((c = getopt(argc, argv, "0123456789")) != -1) { - switch (c) { +while ((ch = getopt(argc, argv, "0123456789ab")) != -1) { + switch (ch) { case '0': case '1': case '2': case '3': case '4': case '5': case '6': case '7': case '8': case '9': - p = argv[optind - 1]; - if (p[0] == '-' && p[1] == ch && !p[2]) - length = ch - '0'; - else - length = strtol(argv[optind] + 1, NULL, 10); + if (newarg || !isdigit(lastch)) + length = 0; + else if (length > INT_MAX / 10) + usage(); + length = (length * 10) + (ch - '0'); + break; + case 'a': + aflag = 1; break; + case 'b': + bflag = 1; + break; + default: + usage(); } + lastch = ch; + newarg = optind != prevoptind; + prevoptind = optind; } .Ed diff --git a/src/lib/libc/stdlib/getopt.c b/src/lib/libc/stdlib/getopt.c deleted file mode 100644 index b7f61636623..00000000000 --- a/src/lib/libc/stdlib/getopt.c +++ /dev/null @@ -1,117 +0,0 @@ -/* - * Copyright (c) 1987, 1993, 1994 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: getopt.c,v 1.2 1996/08/19 08:33:32 tholo Exp $"; -#endif /* LIBC_SCCS and not lint */ - -#include -#include -#include - -int opterr = 1, /* if error message should be printed */ - optind = 1, /* index into parent argv vector */ - optopt, /* character checked for validity */ - optreset; /* reset getopt */ -char *optarg; /* argument associated with option */ - -#define BADCH (int)'?' -#define BADARG (int)':' -#define EMSG "" - -/* - * getopt -- - * Parse argc/argv argument vector. - */ -int -getopt(nargc, nargv, ostr) - int nargc; - char * const *nargv; - const char *ostr; -{ - extern char *__progname; - static char *place = EMSG; /* option letter processing */ - char *oli; /* option letter list index */ - - if (optreset || !*place) { /* update scanning pointer */ - optreset = 0; - if (optind >= nargc || *(place = nargv[optind]) != '-') { - place = EMSG; - return (-1); - } - if (place[1] && *++place == '-') { /* found "--" */ - ++optind; - place = EMSG; - return (-1); - } - } /* option letter okay? */ - if ((optopt = (int)*place++) == (int)':' || - !(oli = strchr(ostr, optopt))) { - /* - * if the user didn't specify '-' as an option, - * assume it means -1. - */ - if (optopt == (int)'-') - return (-1); - if (!*place) - ++optind; - if (opterr && *ostr != ':') - (void)fprintf(stderr, - "%s: illegal option -- %c\n", __progname, optopt); - return (BADCH); - } - if (*++oli != ':') { /* don't need argument */ - optarg = NULL; - if (!*place) - ++optind; - } - else { /* need an argument */ - if (*place) /* no white space */ - optarg = place; - else if (nargc <= ++optind) { /* no arg */ - place = EMSG; - if (*ostr == ':') - return (BADARG); - if (opterr) - (void)fprintf(stderr, - "%s: option requires an argument -- %c\n", - __progname, optopt); - return (BADCH); - } - else /* white space */ - optarg = nargv[optind]; - place = EMSG; - ++optind; - } - return (optopt); /* dump back option letter */ -} diff --git a/src/lib/libc/stdlib/getopt_long.3 b/src/lib/libc/stdlib/getopt_long.3 new file mode 100644 index 00000000000..88e0dffb1b4 --- /dev/null +++ b/src/lib/libc/stdlib/getopt_long.3 @@ -0,0 +1,444 @@ +.\" $OpenBSD: getopt_long.3,v 1.21 2016/01/04 19:43:13 tb Exp $ +.\" $NetBSD: getopt_long.3,v 1.11 2002/10/02 10:54:19 wiz Exp $ +.\" +.\" Copyright (c) 1988, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)getopt.3 8.5 (Berkeley) 4/27/95 +.\" +.Dd $Mdocdate: January 4 2016 $ +.Dt GETOPT_LONG 3 +.Os +.Sh NAME +.Nm getopt_long , +.Nm getopt_long_only +.Nd get long options from command line argument list +.Sh SYNOPSIS +.In getopt.h +.Vt extern char *optarg; +.Vt extern int optind; +.Vt extern int optopt; +.Vt extern int opterr; +.Vt extern int optreset; +.Ft int +.Fn getopt_long "int argc" "char * const *argv" "const char *optstring" "const struct option *longopts" "int *longindex" +.Ft int +.Fn getopt_long_only "int argc" "char * const *argv" "const char *optstring" "const struct option *longopts" "int *longindex" +.Sh DESCRIPTION +The +.Fn getopt_long +function is similar to +.Xr getopt 3 +but it accepts options in two forms: words and characters. +The +.Fn getopt_long +function provides a superset of the functionality of +.Xr getopt 3 . +.Fn getopt_long +can be used in two ways. +In the first way, every long option understood by the program has a +corresponding short option, and the option structure is only used to +translate from long options to short options. +When used in this fashion, +.Fn getopt_long +behaves identically to +.Xr getopt 3 . +This is a good way to add long option processing to an existing program +with the minimum of rewriting. +.Pp +In the second mechanism, a long option sets a flag in the +.Fa option +structure passed, or will store a pointer to the command line argument +in the +.Fa option +structure passed to it for options that take arguments. +Additionally, the long option's argument may be specified as a single +argument with an equal sign, e.g. +.Bd -literal -offset indent +$ myprogram --myoption=somevalue +.Ed +.Pp +When a long option is processed, the call to +.Fn getopt_long +will return 0. +For this reason, long option processing without +shortcuts is not backwards compatible with +.Xr getopt 3 . +.Pp +It is possible to combine these methods, providing for long options +processing with short option equivalents for some options. +Less frequently used options would be processed as long options only. +.Pp +Abbreviated long option names are accepted when +.Fn getopt_long +processes long options if the abbreviation is unique. +An exact match is always preferred for a defined long option. +.Pp +The +.Fn getopt_long +call requires an array to be initialized describing the long +options. +Each element of the array is a structure: +.Bd -literal -offset indent +struct option { + char *name; + int has_arg; + int *flag; + int val; +}; +.Ed +.Pp +The +.Fa name +field should contain the option name without the leading double dash. +.Pp +The +.Fa has_arg +field should be one of: +.Pp +.Bl -tag -width "optional_argument" -compact -offset indent +.It Dv no_argument +no argument to the option is expected. +.It Dv required_argument +an argument to the option is required. +.It Dv optional_argument +an argument to the option may be presented. +.El +.Pp +If +.Fa flag +is not +.Dv NULL , +then the integer pointed to by it will be set to the value in the +.Fa val +field. +If the +.Fa flag +field is +.Dv NULL , +then the +.Fa val +field will be returned. +Setting +.Fa flag +to +.Dv NULL +and setting +.Fa val +to the corresponding short option will make this function act just +like +.Xr getopt 3 . +.Pp +If the +.Fa longindex +field is not +.Dv NULL , +then the integer pointed to by it will be set to the index of the long +option relative to +.Fa longopts . +.Pp +The last element of the +.Fa longopts +array has to be filled with zeroes. +.Pp +The +.Fn getopt_long_only +function behaves identically to +.Fn getopt_long +with the exception that long options may start with +.Sq - +in addition to +.Sq -- . +If an option starting with +.Sq - +does not match a long option but does match a single-character option, +the single-character option is returned. +.Sh RETURN VALUES +If the +.Fa flag +field in +.Li struct option +is +.Dv NULL , +.Fn getopt_long +and +.Fn getopt_long_only +return the value specified in the +.Fa val +field, which is usually just the corresponding short option. +If +.Fa flag +is not +.Dv NULL , +these functions return 0 and store +.Fa val +in the location pointed to by +.Fa flag . +These functions return +.Sq \&: +if there was a missing option argument, +.Sq \&? +if the user specified an unknown or ambiguous option, and +\-1 when the argument list has been exhausted. +.Sh IMPLEMENTATION DIFFERENCES +This section describes differences to the GNU implementation +found in glibc-2.1.3: +.Bl -bullet +.It +handling of +.Ql - +within the option string (not the first character): +.Bl -tag -width "OpenBSD" +.It GNU +treats a +.Ql - +on the command line as a non-argument. +.It OpenBSD +a +.Ql - +within the option string matches a +.Ql - +(single dash) on the command line. +This functionality is provided for backward compatibility with +programs, such as +.Xr su 1 , +that use +.Ql - +as an option flag. +This practice is wrong, and should not be used in any current development. +.El +.It +handling of +.Ql :: +in the option string in the presence of +.Ev POSIXLY_CORRECT : +.Bl -tag -width "OpenBSD" +.It Both +GNU and +.Ox +ignore +.Ev POSIXLY_CORRECT +here and take +.Ql :: +to mean the preceding option takes an optional argument. +.El +.It +return value in case of missing argument if first character +(after +.Ql + +or +.Ql - ) +in the option string is not +.Ql \&: : +.Bl -tag -width "OpenBSD" +.It GNU +returns +.Ql \&? +.It OpenBSD +returns +.Ql \&: +(since +.Ox Ns 's +.Xr getopt 3 +does). +.El +.It +handling of +.Ql --a +in +.Xr getopt 3 : +.Bl -tag -width "OpenBSD" +.It GNU +parses this as option +.Ql - , +option +.Ql a . +.It OpenBSD +parses this as +.Ql -- , +and returns \-1 (ignoring the +.Ql a ) +(because the original +.Fn getopt +did.) +.El +.It +setting of +.Va optopt +for long options with +.Va flag +.No non- Ns Dv NULL : +.Bl -tag -width "OpenBSD" +.It GNU +sets +.Va optopt +to +.Va val . +.It OpenBSD +sets +.Va optopt +to 0 (since +.Va val +would never be returned). +.El +.It +handling of +.Ql -W +with +.Ql W; +in the option string in +.Xr getopt 3 +(not +.Fn getopt_long ) : +.Bl -tag -width "OpenBSD" +.It GNU +causes a segmentation fault. +.It OpenBSD +no special handling is done; +.Ql W; +is interpreted as two separate options, neither of which take an argument. +.El +.It +setting of +.Va optarg +for long options without an argument that are invoked via +.Ql -W +(with +.Ql W; +in the option string): +.Bl -tag -width "OpenBSD" +.It GNU +sets +.Va optarg +to the option name (the argument of +.Ql -W ) . +.It OpenBSD +sets +.Va optarg +to +.Dv NULL +(the argument of the long option). +.El +.It +handling of +.Ql -W +with an argument that is not (a prefix to) a known long option +(with +.Ql W; +in the option string): +.Bl -tag -width "OpenBSD" +.It GNU +returns +.Ql -W +with +.Va optarg +set to the unknown option. +.It OpenBSD +treats this as an error (unknown option) and returns +.Ql \&? +with +.Va optopt +set to 0 and +.Va optarg +set to +.Dv NULL +(as GNU's man page documents). +.El +.It +The error messages are different. +.It +.Ox +does not permute the argument vector at the same points in +the calling sequence as GNU does. +The aspects normally used by the caller +(ordering after \-1 is returned, value of +.Va optind +relative to current positions) are the same, though. +(We do fewer variable swaps.) +.El +.Sh ENVIRONMENT +.Bl -tag -width Ev +.It Ev POSIXLY_CORRECT +If set, option processing stops when the first non-option is found and +a leading +.Sq + +in the +.Ar optstring +is ignored. +.El +.Sh EXAMPLES +.Bd -literal +int bflag, ch, fd; +int daggerset; + +/* options descriptor */ +static struct option longopts[] = { + { "buffy", no_argument, NULL, 'b' }, + { "fluoride", required_argument, NULL, 'f' }, + { "daggerset", no_argument, &daggerset, 1 }, + { NULL, 0, NULL, 0 } +}; + +bflag = 0; +while ((ch = getopt_long(argc, argv, "bf:", longopts, NULL)) != -1) + switch (ch) { + case 'b': + bflag = 1; + break; + case 'f': + if ((fd = open(optarg, O_RDONLY, 0)) == -1) + err(1, "unable to open %s", optarg); + break; + case 0: + if (daggerset) + fprintf(stderr, "Buffy will use her dagger to " + "apply fluoride to dracula's teeth\en"); + break; + default: + usage(); + } +argc -= optind; +argv += optind; +.Ed +.Sh SEE ALSO +.Xr getopt 3 +.Sh HISTORY +The +.Fn getopt_long +and +.Fn getopt_long_only +functions first appeared in GNU libiberty. +This implementation first appeared in +.Ox 3.3 . +.Sh BUGS +The +.Ar argv +argument is not really +.Dv const +as its elements may be permuted (unless +.Ev POSIXLY_CORRECT +is set). diff --git a/src/lib/libc/stdlib/getopt_long.c b/src/lib/libc/stdlib/getopt_long.c new file mode 100644 index 00000000000..fec9ef79c89 --- /dev/null +++ b/src/lib/libc/stdlib/getopt_long.c @@ -0,0 +1,523 @@ +/* $OpenBSD: getopt_long.c,v 1.30 2019/01/25 00:19:25 millert Exp $ */ +/* $NetBSD: getopt_long.c,v 1.15 2002/01/31 22:43:40 tv Exp $ */ + +/* + * Copyright (c) 2002 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Sponsored in part by the Defense Advanced Research Projects + * Agency (DARPA) and Air Force Research Laboratory, Air Force + * Materiel Command, USAF, under agreement number F39502-99-1-0512. + */ +/*- + * Copyright (c) 2000 The NetBSD Foundation, Inc. + * All rights reserved. + * + * This code is derived from software contributed to The NetBSD Foundation + * by Dieter Baron and Thomas Klausner. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#include +#include +#include +#include +#include + +int opterr = 1; /* if error message should be printed */ +int optind = 1; /* index into parent argv vector */ +int optopt = '?'; /* character checked for validity */ +int optreset; /* reset getopt */ +char *optarg; /* argument associated with option */ + +#if 0 +/* DEF_* only work on initialized (non-COMMON) variables */ +DEF_WEAK(opterr); +DEF_WEAK(optind); +DEF_WEAK(optopt); +#endif + +#define PRINT_ERROR ((opterr) && (*options != ':')) + +#define FLAG_PERMUTE 0x01 /* permute non-options to the end of argv */ +#define FLAG_ALLARGS 0x02 /* treat non-options as args to option "-1" */ +#define FLAG_LONGONLY 0x04 /* operate as getopt_long_only */ + +/* return values */ +#define BADCH (int)'?' +#define BADARG ((*options == ':') ? (int)':' : (int)'?') +#define INORDER (int)1 + +#define EMSG "" + +static int getopt_internal(int, char * const *, const char *, + const struct option *, int *, int); +static int parse_long_options(char * const *, const char *, + const struct option *, int *, int, int); +static int gcd(int, int); +static void permute_args(int, int, int, char * const *); + +static char *place = EMSG; /* option letter processing */ + +/* XXX: set optreset to 1 rather than these two */ +static int nonopt_start = -1; /* first non option argument (for permute) */ +static int nonopt_end = -1; /* first option after non options (for permute) */ + +/* Error messages */ +static const char recargchar[] = "option requires an argument -- %c"; +static const char recargstring[] = "option requires an argument -- %s"; +static const char ambig[] = "ambiguous option -- %.*s"; +static const char noarg[] = "option doesn't take an argument -- %.*s"; +static const char illoptchar[] = "unknown option -- %c"; +static const char illoptstring[] = "unknown option -- %s"; + +/* + * Compute the greatest common divisor of a and b. + */ +static int +gcd(int a, int b) +{ + int c; + + c = a % b; + while (c != 0) { + a = b; + b = c; + c = a % b; + } + + return (b); +} + +/* + * Exchange the block from nonopt_start to nonopt_end with the block + * from nonopt_end to opt_end (keeping the same order of arguments + * in each block). + */ +static void +permute_args(int panonopt_start, int panonopt_end, int opt_end, + char * const *nargv) +{ + int cstart, cyclelen, i, j, ncycle, nnonopts, nopts, pos; + char *swap; + + /* + * compute lengths of blocks and number and size of cycles + */ + nnonopts = panonopt_end - panonopt_start; + nopts = opt_end - panonopt_end; + ncycle = gcd(nnonopts, nopts); + cyclelen = (opt_end - panonopt_start) / ncycle; + + for (i = 0; i < ncycle; i++) { + cstart = panonopt_end+i; + pos = cstart; + for (j = 0; j < cyclelen; j++) { + if (pos >= panonopt_end) + pos -= nnonopts; + else + pos += nopts; + swap = nargv[pos]; + ((char **)nargv)[pos] = nargv[cstart]; + ((char **)nargv)[cstart] = swap; + } + } +} + +/* + * parse_long_options -- + * Parse long options in argc/argv argument vector. + * Returns -1 if short_too is set and the option does not match long_options. + */ +static int +parse_long_options(char * const *nargv, const char *options, + const struct option *long_options, int *idx, int short_too, int flags) +{ + char *current_argv, *has_equal; + size_t current_argv_len; + int i, match, exact_match, second_partial_match; + + current_argv = place; + match = -1; + exact_match = 0; + second_partial_match = 0; + + optind++; + + if ((has_equal = strchr(current_argv, '=')) != NULL) { + /* argument found (--option=arg) */ + current_argv_len = has_equal - current_argv; + has_equal++; + } else + current_argv_len = strlen(current_argv); + + for (i = 0; long_options[i].name; i++) { + /* find matching long option */ + if (strncmp(current_argv, long_options[i].name, + current_argv_len)) + continue; + + if (strlen(long_options[i].name) == current_argv_len) { + /* exact match */ + match = i; + exact_match = 1; + break; + } + /* + * If this is a known short option, don't allow + * a partial match of a single character. + */ + if (short_too && current_argv_len == 1) + continue; + + if (match == -1) /* first partial match */ + match = i; + else if ((flags & FLAG_LONGONLY) || + long_options[i].has_arg != long_options[match].has_arg || + long_options[i].flag != long_options[match].flag || + long_options[i].val != long_options[match].val) + second_partial_match = 1; + } + if (!exact_match && second_partial_match) { + /* ambiguous abbreviation */ + if (PRINT_ERROR) + warnx(ambig, (int)current_argv_len, current_argv); + optopt = 0; + return (BADCH); + } + if (match != -1) { /* option found */ + if (long_options[match].has_arg == no_argument + && has_equal) { + if (PRINT_ERROR) + warnx(noarg, (int)current_argv_len, + current_argv); + /* + * XXX: GNU sets optopt to val regardless of flag + */ + if (long_options[match].flag == NULL) + optopt = long_options[match].val; + else + optopt = 0; + return (BADARG); + } + if (long_options[match].has_arg == required_argument || + long_options[match].has_arg == optional_argument) { + if (has_equal) + optarg = has_equal; + else if (long_options[match].has_arg == + required_argument) { + /* + * optional argument doesn't use next nargv + */ + optarg = nargv[optind++]; + } + } + if ((long_options[match].has_arg == required_argument) + && (optarg == NULL)) { + /* + * Missing argument; leading ':' indicates no error + * should be generated. + */ + if (PRINT_ERROR) + warnx(recargstring, + current_argv); + /* + * XXX: GNU sets optopt to val regardless of flag + */ + if (long_options[match].flag == NULL) + optopt = long_options[match].val; + else + optopt = 0; + --optind; + return (BADARG); + } + } else { /* unknown option */ + if (short_too) { + --optind; + return (-1); + } + if (PRINT_ERROR) + warnx(illoptstring, current_argv); + optopt = 0; + return (BADCH); + } + if (idx) + *idx = match; + if (long_options[match].flag) { + *long_options[match].flag = long_options[match].val; + return (0); + } else + return (long_options[match].val); +} + +/* + * getopt_internal -- + * Parse argc/argv argument vector. Called by user level routines. + */ +static int +getopt_internal(int nargc, char * const *nargv, const char *options, + const struct option *long_options, int *idx, int flags) +{ + char *oli; /* option letter list index */ + int optchar, short_too; + static int posixly_correct = -1; + + if (options == NULL) + return (-1); + + /* + * XXX Some GNU programs (like cvs) set optind to 0 instead of + * XXX using optreset. Work around this braindamage. + */ + if (optind == 0) + optind = optreset = 1; + + /* + * Disable GNU extensions if POSIXLY_CORRECT is set or options + * string begins with a '+'. + */ + if (posixly_correct == -1 || optreset) + posixly_correct = (getenv("POSIXLY_CORRECT") != NULL); + if (*options == '-') + flags |= FLAG_ALLARGS; + else if (posixly_correct || *options == '+') + flags &= ~FLAG_PERMUTE; + if (*options == '+' || *options == '-') + options++; + + optarg = NULL; + if (optreset) + nonopt_start = nonopt_end = -1; +start: + if (optreset || !*place) { /* update scanning pointer */ + optreset = 0; + if (optind >= nargc) { /* end of argument vector */ + place = EMSG; + if (nonopt_end != -1) { + /* do permutation, if we have to */ + permute_args(nonopt_start, nonopt_end, + optind, nargv); + optind -= nonopt_end - nonopt_start; + } + else if (nonopt_start != -1) { + /* + * If we skipped non-options, set optind + * to the first of them. + */ + optind = nonopt_start; + } + nonopt_start = nonopt_end = -1; + return (-1); + } + if (*(place = nargv[optind]) != '-' || + (place[1] == '\0' && strchr(options, '-') == NULL)) { + place = EMSG; /* found non-option */ + if (flags & FLAG_ALLARGS) { + /* + * GNU extension: + * return non-option as argument to option 1 + */ + optarg = nargv[optind++]; + return (INORDER); + } + if (!(flags & FLAG_PERMUTE)) { + /* + * If no permutation wanted, stop parsing + * at first non-option. + */ + return (-1); + } + /* do permutation */ + if (nonopt_start == -1) + nonopt_start = optind; + else if (nonopt_end != -1) { + permute_args(nonopt_start, nonopt_end, + optind, nargv); + nonopt_start = optind - + (nonopt_end - nonopt_start); + nonopt_end = -1; + } + optind++; + /* process next argument */ + goto start; + } + if (nonopt_start != -1 && nonopt_end == -1) + nonopt_end = optind; + + /* + * If we have "-" do nothing, if "--" we are done. + */ + if (place[1] != '\0' && *++place == '-' && place[1] == '\0') { + optind++; + place = EMSG; + /* + * We found an option (--), so if we skipped + * non-options, we have to permute. + */ + if (nonopt_end != -1) { + permute_args(nonopt_start, nonopt_end, + optind, nargv); + optind -= nonopt_end - nonopt_start; + } + nonopt_start = nonopt_end = -1; + return (-1); + } + } + + /* + * Check long options if: + * 1) we were passed some + * 2) the arg is not just "-" + * 3) either the arg starts with -- we are getopt_long_only() + */ + if (long_options != NULL && place != nargv[optind] && + (*place == '-' || (flags & FLAG_LONGONLY))) { + short_too = 0; + if (*place == '-') + place++; /* --foo long option */ + else if (*place != ':' && strchr(options, *place) != NULL) + short_too = 1; /* could be short option too */ + + optchar = parse_long_options(nargv, options, long_options, + idx, short_too, flags); + if (optchar != -1) { + place = EMSG; + return (optchar); + } + } + + if ((optchar = (int)*place++) == (int)':' || + (optchar == (int)'-' && *place != '\0') || + (oli = strchr(options, optchar)) == NULL) { + /* + * If the user specified "-" and '-' isn't listed in + * options, return -1 (non-option) as per POSIX. + * Otherwise, it is an unknown option character (or ':'). + */ + if (optchar == (int)'-' && *place == '\0') + return (-1); + if (!*place) + ++optind; + if (PRINT_ERROR) + warnx(illoptchar, optchar); + optopt = optchar; + return (BADCH); + } + if (long_options != NULL && optchar == 'W' && oli[1] == ';') { + /* -W long-option */ + if (*place) /* no space */ + /* NOTHING */; + else if (++optind >= nargc) { /* no arg */ + place = EMSG; + if (PRINT_ERROR) + warnx(recargchar, optchar); + optopt = optchar; + return (BADARG); + } else /* white space */ + place = nargv[optind]; + optchar = parse_long_options(nargv, options, long_options, + idx, 0, flags); + place = EMSG; + return (optchar); + } + if (*++oli != ':') { /* doesn't take argument */ + if (!*place) + ++optind; + } else { /* takes (optional) argument */ + optarg = NULL; + if (*place) /* no white space */ + optarg = place; + else if (oli[1] != ':') { /* arg not optional */ + if (++optind >= nargc) { /* no arg */ + place = EMSG; + if (PRINT_ERROR) + warnx(recargchar, optchar); + optopt = optchar; + return (BADARG); + } else + optarg = nargv[optind]; + } + place = EMSG; + ++optind; + } + /* dump back option letter */ + return (optchar); +} + +/* + * getopt -- + * Parse argc/argv argument vector. + * + * [eventually this will replace the BSD getopt] + */ +int +getopt(int nargc, char * const *nargv, const char *options) +{ + + /* + * We don't pass FLAG_PERMUTE to getopt_internal() since + * the BSD getopt(3) (unlike GNU) has never done this. + * + * Furthermore, since many privileged programs call getopt() + * before dropping privileges it makes sense to keep things + * as simple (and bug-free) as possible. + */ + return (getopt_internal(nargc, nargv, options, NULL, NULL, 0)); +} + +/* + * getopt_long -- + * Parse argc/argv argument vector. + */ +int +getopt_long(int nargc, char * const *nargv, const char *options, + const struct option *long_options, int *idx) +{ + + return (getopt_internal(nargc, nargv, options, long_options, idx, + FLAG_PERMUTE)); +} + +/* + * getopt_long_only -- + * Parse argc/argv argument vector. + */ +int +getopt_long_only(int nargc, char * const *nargv, const char *options, + const struct option *long_options, int *idx) +{ + + return (getopt_internal(nargc, nargv, options, long_options, idx, + FLAG_PERMUTE|FLAG_LONGONLY)); +} diff --git a/src/lib/libc/stdlib/getsubopt.3 b/src/lib/libc/stdlib/getsubopt.3 index 8a17da4ea5a..335a4b9c07c 100644 --- a/src/lib/libc/stdlib/getsubopt.3 +++ b/src/lib/libc/stdlib/getsubopt.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: getsubopt.3,v 1.5 2000/12/15 14:31:17 aaron Exp $ +.\" $OpenBSD: getsubopt.3,v 1.14 2014/11/15 14:41:02 bentley Exp $ .\" .\" Copyright (c) 1990, 1991, 1993 .\" The Regents of the University of California. All rights reserved. @@ -11,11 +11,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -33,14 +29,14 @@ .\" .\" @(#)getsubopt.3 8.1 (Berkeley) 6/9/93 .\" -.Dd June 9, 1993 +.Dd $Mdocdate: November 15 2014 $ .Dt GETSUBOPT 3 .Os .Sh NAME .Nm getsubopt .Nd get sub options from an argument .Sh SYNOPSIS -.Fd #include +.In stdlib.h .Vt extern char *suboptarg; .Ft int .Fn getsubopt "char **optionp" "char * const *tokens" "char **valuep" @@ -48,7 +44,7 @@ The .Fn getsubopt function parses a string containing tokens delimited by one or more -tab, space or comma +tab, space, or comma .Pq Ql \&, characters. It is intended for use in parsing groups of option arguments provided @@ -66,12 +62,12 @@ The function returns the zero-based offset of the pointer in the .Fa tokens array referencing a string which matches the first token -in the string, or, \-1 if the string contains no tokens or +in the string, or \-1 if the string contains no tokens or .Fa tokens does not contain a matching string. .Pp If the token is of the form -.Ar name Ns No = Ns Ar value , +.Ar name Ns = Ns Ar value , the location referenced by .Fa valuep will be set to point to the start of the @@ -82,7 +78,7 @@ On return from .Fn getsubopt , .Fa optionp will be set to point to the start of the next token in the string, -or the null at the end of the string if no more tokens are present. +or the NUL at the end of the string if no more tokens are present. The external variable .Fa suboptarg will be set to point to the start of the current token, or @@ -94,7 +90,7 @@ will be set to point to the value portion of the token, or .Dv NULL if no value portion was present. .Sh EXAMPLES -.Bd -literal -compact +.Bd -literal char *tokens[] = { #define ONE 0 "one", @@ -108,34 +104,36 @@ char *tokens[] = { extern char *optarg, *suboptarg; char *options, *value; -while ((ch = getopt(argc, argv, "ab:")) != \-1) { - switch(ch) { +while ((ch = getopt(argc, argv, "ab:")) != -1) { + switch (ch) { case 'a': - /* process ``a'' option */ + /* process "a" option */ break; case 'b': options = optarg; while (*options) { - switch(getsubopt(&options, tokens, &value)) { + switch (getsubopt(&options, tokens, &value)) { case ONE: - /* process ``one'' sub option */ + /* process "one" sub option */ break; case TWO: - /* process ``two'' sub option */ + /* process "two" sub option */ if (!value) error("no value for two"); i = atoi(value); break; - case \-1: + case -1: if (suboptarg) error("illegal sub option %s", suboptarg); else error("missing sub option"); break; + } } break; } +} .Ed .Sh SEE ALSO .Xr getopt 3 , diff --git a/src/lib/libc/stdlib/getsubopt.c b/src/lib/libc/stdlib/getsubopt.c index 1667a31d7da..735c85ba8a7 100644 --- a/src/lib/libc/stdlib/getsubopt.c +++ b/src/lib/libc/stdlib/getsubopt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: getsubopt.c,v 1.1 1997/08/20 04:02:17 millert Exp $ */ +/* $OpenBSD: getsubopt.c,v 1.4 2005/08/08 08:05:36 espie Exp $ */ /*- * Copyright (c) 1990, 1993 @@ -12,11 +12,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -33,14 +29,6 @@ * SUCH DAMAGE. */ -#ifndef lint -#if 0 -static char sccsid[] = "@(#)getsubopt.c 8.1 (Berkeley) 6/4/93"; -#else -static char rcsid[] = "$OpenBSD: getsubopt.c,v 1.1 1997/08/20 04:02:17 millert Exp $"; -#endif -#endif /* not lint */ - #include #include #include @@ -54,12 +42,10 @@ static char rcsid[] = "$OpenBSD: getsubopt.c,v 1.1 1997/08/20 04:02:17 millert E char *suboptarg; int -getsubopt(optionp, tokens, valuep) - register char **optionp, **valuep; - register char * const *tokens; +getsubopt(char **optionp, char * const *tokens, char **valuep) { - register int cnt; - register char *p; + int cnt; + char *p; suboptarg = *valuep = NULL; diff --git a/src/lib/libc/stdlib/hcreate.3 b/src/lib/libc/stdlib/hcreate.3 new file mode 100644 index 00000000000..90bde1995ff --- /dev/null +++ b/src/lib/libc/stdlib/hcreate.3 @@ -0,0 +1,234 @@ +.\" $OpenBSD: hcreate.3,v 1.8 2018/01/30 11:37:58 jmc Exp $ +.\" $NetBSD: hcreate.3,v 1.8 2010/05/01 06:18:03 jruoho Exp $ +.\" +.\" Copyright (c) 1999 The NetBSD Foundation, Inc. +.\" All rights reserved. +.\" +.\" This code is derived from software contributed to The NetBSD Foundation +.\" by Klaus Klein. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS +.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +.\" POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: January 30 2018 $ +.Dt HCREATE 3 +.Os +.Sh NAME +.Nm hcreate , +.Nm hdestroy , +.Nm hsearch +.Nd manage hash search table +.Sh SYNOPSIS +.In search.h +.Ft int +.Fn hcreate "size_t nel" +.Ft void +.Fn hdestroy "void" +.Ft ENTRY * +.Fn hsearch "ENTRY item" "ACTION action" +.Sh DESCRIPTION +The +.Fn hcreate , +.Fn hdestroy , +and +.Fn hsearch +functions manage hash search tables. +.Pp +The +.Fn hcreate +function allocates and initializes the table. +The +.Fa nel +argument specifies an estimate of the maximum number of entries to be held +by the table. +Unless further memory allocation fails, supplying an insufficient +.Fa nel +value will not result in functional harm, although a performance degradation +may occur. +Initialization using the +.Fn hcreate +function is mandatory prior to any access operations using +.Fn hsearch . +.Pp +The +.Fn hdestroy +function destroys a table previously created using +.Fn hcreate . +After a call to +.Fn hdestroy , +the data can no longer be accessed. +.Pp +The +.Fn hsearch +function is used to search the hash table. +It returns a pointer into the +hash table indicating the address of an item. +The +.Fa item +argument is of type +.Vt ENTRY , +defined in the +.In search.h +header. +This is a structure type that contains two pointers: +.Pp +.Bl -tag -compact -offset indent -width "void *data " +.It Fa char *key +comparison key +.It Fa void *data +pointer to data associated with +.Fa key +.El +.Pp +The key comparison function used by +.Fn hsearch +is +.Xr strcmp 3 . +.Pp +The +.Fa action +argument is of type +.Vt ACTION , +an enumeration type which defines the following values: +.Bl -tag -offset indent -width ENTERXX +.It Dv ENTER +Insert +.Fa item +into the hash table. +If an existing item with the same key is found, it is not replaced. +Note that the +.Fa key +and +.Fa data +elements of +.Fa item +are used directly by the new table entry. +The storage for the +key must not be modified during the lifetime of the hash table. +.It Dv FIND +Search the hash table without inserting +.Fa item . +.El +.Pp +Note that the comparison +.Fa key +must be allocated using +.Xr malloc 3 +or +.Xr calloc 3 +if action is +.Dv ENTER +and +.Fn hdestroy +will be called. +This is because +.Fn hdestroy +will call +.Xr free 3 +for each comparison +.Fa key +(but not +.Fa data ) . +Typically the comparison +.Fa key +is allocated by using +.Xr strdup 3 . +.Sh RETURN VALUES +If successful, the +.Fn hcreate +function returns a non-zero value. +Otherwise, a value of 0 is returned and +.Va errno +is set to indicate the error. +.Pp +If successful, the +.Fn hsearch +function returns a pointer to a hash table entry matching +the provided key. +If the action is +.Dv FIND +and the item was not found, or if the action is +.Dv ENTER +and the insertion failed, +.Dv NULL +is returned and +.Va errno +is set to indicate the error. +If the action is +.Dv ENTER +and an entry already existed in the table matching the given +key, the existing entry is returned and is not replaced. +.Sh ERRORS +The +.Fn hcreate +and +.Fn hsearch +functions will fail if: +.Bl -tag -width Er +.It Bq Er ENOMEM +Insufficient memory is available. +.El +.Sh SEE ALSO +.Xr bsearch 3 , +.Xr lsearch 3 , +.Xr malloc 3 , +.Xr strcmp 3 +.Sh STANDARDS +The +.Fn hcreate , +.Fn hdestroy +and +.Fn hsearch +functions conform to +.St -xpg4.2 . +.Sh HISTORY +The +.Fn hcreate , +.Fn hdestroy +and +.Fn hsearch +functions first appeared in +.At V . +.Sh CAVEATS +At least the following limitations can be mentioned: +.Bl -bullet +.It +The interface permits the use of only one hash table at a time. +.It +Individual hash table entries can be added, but not deleted. +.It +The standard is indecipherable about the +internal memory usage of the functions, +mentioning only that +.Do +.Fn hcreate +and +.Fn hsearch +functions may use +.Fn malloc +to allocate space +.Dc . +This limits the portability of the functions, +given that other implementations may not +.Xr free 3 +the buffer pointed by +.Fa key . +.El diff --git a/src/lib/libc/stdlib/hcreate.c b/src/lib/libc/stdlib/hcreate.c new file mode 100644 index 00000000000..b31108a90e0 --- /dev/null +++ b/src/lib/libc/stdlib/hcreate.c @@ -0,0 +1,189 @@ +/* $OpenBSD: hcreate.c,v 1.7 2016/05/29 20:47:49 guenther Exp $ */ +/* $NetBSD: hcreate.c,v 1.5 2004/04/23 02:48:12 simonb Exp $ */ + +/* + * Copyright (c) 2001 Christopher G. Demetriou + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed for the + * NetBSD Project. See http://www.NetBSD.org/ for + * information about NetBSD. + * 4. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * <> + */ + +/* + * hcreate() / hsearch() / hdestroy() + * + * SysV/XPG4 hash table functions. + * + * Implementation done based on NetBSD manual page and Solaris manual page, + * plus my own personal experience about how they're supposed to work. + * + * I tried to look at Knuth (as cited by the Solaris manual page), but + * nobody had a copy in the office, so... + */ + +#include +#include +#include +#include +#include +#include +#include + +#include /* for __default_hash */ + +#ifndef _DIAGASSERT +#define _DIAGASSERT(x) +#endif + +/* + * DO NOT MAKE THIS STRUCTURE LARGER THAN 32 BYTES (4 ptrs on 64-bit + * ptr machine) without adjusting MAX_BUCKETS_LG2 below. + */ +struct internal_entry { + SLIST_ENTRY(internal_entry) link; + ENTRY ent; +}; +SLIST_HEAD(internal_head, internal_entry); + +#define MIN_BUCKETS_LG2 4 +#define MIN_BUCKETS (1 << MIN_BUCKETS_LG2) + +/* + * max * sizeof internal_entry must fit into size_t. + * assumes internal_entry is <= 32 (2^5) bytes. + */ +#define MAX_BUCKETS_LG2 (sizeof (size_t) * 8 - 1 - 5) +#define MAX_BUCKETS ((size_t)1 << MAX_BUCKETS_LG2) + +static struct internal_head *htable; +static size_t htablesize; + +int +hcreate(size_t nel) +{ + size_t idx; + unsigned int p2; + + /* Make sure this isn't called when a table already exists. */ + _DIAGASSERT(htable == NULL); + if (htable != NULL) { + errno = EINVAL; + return 0; + } + + /* If nel is too small, make it min sized. */ + if (nel < MIN_BUCKETS) + nel = MIN_BUCKETS; + + /* If it's too large, cap it. */ + if (nel > MAX_BUCKETS) + nel = MAX_BUCKETS; + + /* If it's is not a power of two in size, round up. */ + if ((nel & (nel - 1)) != 0) { + for (p2 = 0; nel != 0; p2++) + nel >>= 1; + _DIAGASSERT(p2 <= MAX_BUCKETS_LG2); + nel = 1 << p2; + } + + /* Allocate the table. */ + htablesize = nel; + htable = calloc(htablesize, sizeof htable[0]); + if (htable == NULL) { + errno = ENOMEM; + return 0; + } + + /* Initialize it. */ + for (idx = 0; idx < htablesize; idx++) + SLIST_INIT(&htable[idx]); + + return 1; +} + +void +hdestroy(void) +{ + struct internal_entry *ie; + size_t idx; + + _DIAGASSERT(htable != NULL); + if (htable == NULL) + return; + + for (idx = 0; idx < htablesize; idx++) { + while (!SLIST_EMPTY(&htable[idx])) { + ie = SLIST_FIRST(&htable[idx]); + SLIST_REMOVE_HEAD(&htable[idx], link); + free(ie->ent.key); + free(ie); + } + } + free(htable); + htable = NULL; +} + +ENTRY * +hsearch(ENTRY item, ACTION action) +{ + struct internal_head *head; + struct internal_entry *ie; + uint32_t hashval; + size_t len; + + _DIAGASSERT(htable != NULL); + _DIAGASSERT(item.key != NULL); + _DIAGASSERT(action == ENTER || action == FIND); + + len = strlen(item.key); + hashval = __default_hash(item.key, len); + + head = &htable[hashval & (htablesize - 1)]; + ie = SLIST_FIRST(head); + while (ie != NULL) { + if (strcmp(ie->ent.key, item.key) == 0) + break; + ie = SLIST_NEXT(ie, link); + } + + if (ie != NULL) + return &ie->ent; + else if (action == FIND) + return NULL; + + ie = malloc(sizeof *ie); + if (ie == NULL) + return NULL; + ie->ent.key = item.key; + ie->ent.data = item.data; + + SLIST_INSERT_HEAD(head, ie, link); + return &ie->ent; +} diff --git a/src/lib/libc/stdlib/heapsort.c b/src/lib/libc/stdlib/heapsort.c index 2770e5b977c..f1db2205b0d 100644 --- a/src/lib/libc/stdlib/heapsort.c +++ b/src/lib/libc/stdlib/heapsort.c @@ -1,3 +1,4 @@ +/* $OpenBSD: heapsort.c,v 1.11 2017/05/20 12:48:56 millert Exp $ */ /*- * Copyright (c) 1991, 1993 * The Regents of the University of California. All rights reserved. @@ -13,11 +14,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -34,10 +31,6 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: heapsort.c,v 1.3 2002/02/16 21:27:24 millert Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include #include #include @@ -72,7 +65,7 @@ static char *rcsid = "$OpenBSD: heapsort.c,v 1.3 2002/02/16 21:27:24 millert Exp * Build the list into a heap, where a heap is defined such that for * the records K1 ... KN, Kj/2 >= Kj for 1 <= j/2 <= j <= N. * - * There two cases. If j == nmemb, select largest of Ki and Kj. If + * There are two cases. If j == nmemb, select largest of Ki and Kj. If * j < nmemb, select largest of Ki, Kj and Kj+1. */ #define CREATE(initval, nmemb, par_i, child_i, par, child, size, count, tmp) { \ @@ -94,12 +87,12 @@ static char *rcsid = "$OpenBSD: heapsort.c,v 1.3 2002/02/16 21:27:24 millert Exp * Select the top of the heap and 'heapify'. Since by far the most expensive * action is the call to the compar function, a considerable optimization * in the average case can be achieved due to the fact that k, the displaced - * elememt, is ususally quite small, so it would be preferable to first + * element, is usually quite small, so it would be preferable to first * heapify, always maintaining the invariant that the larger child is copied * over its parent's record. * * Then, starting from the *bottom* of the heap, finding k's correct place, - * again maintianing the invariant. As a result of the invariant no element + * again maintaining the invariant. As a result of the invariant no element * is 'lost' when k is assigned its correct place in the heap. * * The time savings from this optimization are on the order of 15-20% for the @@ -138,13 +131,11 @@ static char *rcsid = "$OpenBSD: heapsort.c,v 1.3 2002/02/16 21:27:24 millert Exp * only advantage over quicksort is that it requires little additional memory. */ int -heapsort(vbase, nmemb, size, compar) - void *vbase; - size_t nmemb, size; - int (*compar)(const void *, const void *); +heapsort(void *vbase, size_t nmemb, size_t size, + int (*compar)(const void *, const void *)) { - register int cnt, i, j, l; - register char tmp, *tmp1, *tmp2; + size_t cnt, i, j, l; + char tmp, *tmp1, *tmp2; char *base, *k, *p, *t; if (nmemb <= 1) @@ -181,3 +172,4 @@ heapsort(vbase, nmemb, size, compar) free(k); return (0); } +DEF_WEAK(heapsort); diff --git a/src/lib/libc/stdlib/icdb.c b/src/lib/libc/stdlib/icdb.c new file mode 100644 index 00000000000..2ddd9db48cc --- /dev/null +++ b/src/lib/libc/stdlib/icdb.c @@ -0,0 +1,391 @@ +/* $OpenBSD: icdb.c,v 1.8 2016/09/04 16:56:02 nicm Exp $ */ +/* + * Copyright (c) 2015 Ted Unangst + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include + +#include + +/* + * Creating a new icdb: icdb_new + * Opening existing icdb: icdb_open + * + * Adding new entries: icdb_add + * Adding entries does not update the disk or indices. + * + * Save to disk: icdb_save + * Update indices: icdb_rehash + * icdb_save will call rehash. + * + * Change an existing entry: icdb_update + * Changing entries does write to disk. + * + * Find an entry: icdb_lookup + * Looking up an entry is only defined when the indices are synced. + * + * Close and free resources: icdb_close + */ + +/* + * There are two major modes of operation. + * + * Existing databases use the mmap codepath. The entire database is mapped + * into the address space for quick access. Individual entries may be updated, + * but no new entries added. + * + * New databases use malloc backed memory instead. The database may be saved + * with icdb_save. It should be saved to a new file to avoid corrupting any + * open databases in other processes. + */ + +/* + * An icdb has the following format: + * struct icbinfo header + * indexes [ uint32_t * indexsize * nkeys ] + * entries [ entrysize * nentries ] + * + * To find an entry in the file, the user specifies which key to use. + * The key is hashed and looked up in the index. The index contains the + * position of the entry in the entries array. -1 identifies not found. + * Chaining is done by rehashing the hash. All keys are fixed size byte arrays. + */ + +/* + * Header info for icdb. This struct is stored on disk. + */ +struct icdbinfo { + uint32_t magic; /* magic */ + uint32_t version; /* user specified version */ + uint32_t nentries; /* number of entries stored */ + uint32_t entrysize; /* size of each entry */ + uint32_t indexsize; /* number of entries in hash index */ + uint32_t nkeys; /* number of keys defined */ + uint32_t keysize[8]; /* size of each key */ + uint32_t keyoffset[8]; /* offset of each key in entry */ + SIPHASH_KEY siphashkey; /* random hash key */ +}; + +/* + * In memory representation with auxiliary data. + * idxdata and entries will be written to disk after info. + */ +struct icdb { + struct icdbinfo *info; + void *idxdata[8]; + void *entries; + size_t maplen; + uint32_t allocated; + int fd; +}; + +static const uint32_t magic = 0x1ca9d0b7; + +static uint32_t +roundup(uint32_t num) +{ + uint32_t r = 2; + + while (r < num * 3 / 2) + r *= 2; + return r; +} + +struct icdb * +icdb_new(uint32_t version, uint32_t nentries, uint32_t entrysize, + uint32_t nkeys, const uint32_t *keysizes, const uint32_t *keyoffsets) +{ + struct icdb *db; + struct icdbinfo *info; + int i; + + if (entrysize == 0 || entrysize > 1048576 || nkeys > 8) { + errno = EINVAL; + return NULL; + } + + if (!(db = calloc(1, sizeof(*db)))) + return NULL; + if (!(info = calloc(1, sizeof(*info)))) { + free(db); + return NULL; + } + db->info = info; + db->fd = -1; + info->magic = magic; + info->version = version; + if (nentries) + if ((db->entries = reallocarray(NULL, nentries, entrysize))) + db->allocated = nentries; + info->entrysize = entrysize; + info->nkeys = nkeys; + for (i = 0; i < nkeys; i++) { + info->keysize[i] = keysizes[i]; + info->keyoffset[i] = keyoffsets[i]; + } + return db; +} +DEF_WEAK(icdb_new); + +struct icdb * +icdb_open(const char *name, int flags, uint32_t version) +{ + struct icdb *db = NULL; + struct icdbinfo *info; + struct stat sb; + uint8_t *ptr = MAP_FAILED; + uint32_t baseoff, indexsize, idxmask, idxlen; + int fd, i, saved_errno; + + if ((fd = open(name, flags | O_CLOEXEC)) == -1) + return NULL; + if (fstat(fd, &sb) != 0) + goto fail; + if (sb.st_size < sizeof(struct icdbinfo)) + goto fail; + ptr = mmap(NULL, sb.st_size, PROT_READ | + ((flags & O_RDWR) ? PROT_WRITE : 0), MAP_SHARED, fd, 0); + if (ptr == MAP_FAILED) + goto fail; + info = (struct icdbinfo *)ptr; + if (info->magic != magic || info->version != version) { + errno = ENOENT; + goto fail; + } + + if (!(db = calloc(1, sizeof(*db)))) + goto fail; + db->info = info; + + indexsize = info->indexsize; + idxmask = indexsize - 1; + idxlen = indexsize * sizeof(uint32_t); + baseoff = sizeof(*info) + idxlen * info->nkeys; + + for (i = 0; i < info->nkeys; i++) + db->idxdata[i] = ptr + sizeof(*info) + i * idxlen; + db->entries = ptr + baseoff; + db->maplen = sb.st_size; + db->fd = fd; + return db; + +fail: + saved_errno = errno; + if (ptr != MAP_FAILED) + munmap(ptr, sb.st_size); + if (fd != -1) + close(fd); + free(db); + errno = saved_errno; + return NULL; +} +DEF_WEAK(icdb_open); + +int +icdb_get(struct icdb *db, void *entry, uint32_t idx) +{ + uint32_t entrysize = db->info->entrysize; + + memcpy(entry, (uint8_t *)db->entries + idx * entrysize, entrysize); + return 0; +} +DEF_WEAK(icdb_get); + +int +icdb_lookup(struct icdb *db, int keynum, const void *key, void *entry, + uint32_t *idxp) +{ + struct icdbinfo *info = db->info; + uint32_t offset; + uint64_t hash; + uint32_t indexsize, idxmask, idxlen; + uint32_t *idxdata; + + indexsize = info->indexsize; + idxmask = indexsize - 1; + idxlen = indexsize * sizeof(uint32_t); + + idxdata = db->idxdata[keynum]; + + hash = SipHash24(&info->siphashkey, key, info->keysize[keynum]); + while ((offset = idxdata[hash & idxmask]) != -1) { + if (icdb_get(db, entry, offset) != 0) { + errno = ENOENT; + return -1; + } + if (memcmp((uint8_t *)entry + info->keyoffset[keynum], key, + info->keysize[keynum]) == 0) { + if (idxp) + *idxp = offset; + return 0; + } + hash = SipHash24(&info->siphashkey, &hash, sizeof(hash)); + } + return 1; +} +DEF_WEAK(icdb_lookup); + +int +icdb_nentries(struct icdb *db) +{ + return db->info->nentries; +} +DEF_WEAK(icdb_nentries); + +const void * +icdb_entries(struct icdb *db) +{ + return db->entries; +} +DEF_WEAK(icdb_entries); + +int +icdb_update(struct icdb *db, const void *entry, int offset) +{ + struct icdbinfo *info = db->info; + uint32_t entrysize = info->entrysize; + uint32_t baseoff; + uint32_t indexsize, idxmask, idxlen; + + indexsize = info->indexsize; + idxmask = indexsize - 1; + idxlen = indexsize * sizeof(uint32_t); + baseoff = sizeof(*info) + idxlen * info->nkeys; + + memcpy((uint8_t *)db->entries + offset * entrysize, entry, entrysize); + if (db->fd != -1) { + msync((uint8_t *)db->entries + offset * entrysize, entrysize, + MS_SYNC); + } + return 0; +} +DEF_WEAK(icdb_update); + +int +icdb_add(struct icdb *db, const void *entry) +{ + struct icdbinfo *info = db->info; + size_t entrysize = info->entrysize; + + if (db->allocated == info->nentries) { + void *p; + size_t amt = db->allocated ? db->allocated * 2 : 63; + if (!(p = reallocarray(db->entries, amt, entrysize))) + return -1; + db->allocated = amt; + db->entries = p; + } + memcpy((uint8_t *)db->entries + info->nentries * entrysize, + entry, entrysize); + info->nentries++; + return 0; +} +DEF_WEAK(icdb_add); + +int +icdb_rehash(struct icdb *db) +{ + struct icdbinfo *info = db->info; + uint32_t entrysize = info->entrysize; + uint32_t indexsize, idxmask, idxlen; + int i, j; + + indexsize = info->indexsize = roundup(info->nentries); + idxmask = indexsize - 1; + idxlen = sizeof(uint32_t) * indexsize; + + arc4random_buf(&info->siphashkey, sizeof(info->siphashkey)); + + for (i = 0; i < info->nkeys; i++) { + uint32_t *idxdata = reallocarray(db->idxdata[i], + indexsize, sizeof(uint32_t)); + if (!idxdata) + return -1; + memset(idxdata, 0xff, idxlen); + db->idxdata[i] = idxdata; + } + for (j = 0; j < info->nentries; j++) { + for (i = 0; i < info->nkeys; i++) { + uint32_t *idxdata = db->idxdata[i]; + uint64_t hash = SipHash24(&info->siphashkey, + (uint8_t *)db->entries + j * entrysize + + info->keyoffset[i], info->keysize[i]); + while (idxdata[hash & idxmask] != -1) + hash = SipHash24(&info->siphashkey, &hash, sizeof(hash)); + idxdata[hash & idxmask] = j; + } + } + return 0; +} +DEF_WEAK(icdb_rehash); + +int +icdb_save(struct icdb *db, int fd) +{ + struct icdbinfo *info = db->info; + uint32_t entrysize = info->entrysize; + uint32_t indexsize, idxlen; + int i; + + if (icdb_rehash(db) != 0) + return -1; + + indexsize = info->indexsize; + idxlen = sizeof(uint32_t) * indexsize; + + if (ftruncate(fd, 0) != 0) + return -1; + if (write(fd, info, sizeof(*info)) != sizeof(*info)) + return -1; + for (i = 0; i < info->nkeys; i++) { + if (write(fd, db->idxdata[i], idxlen) != idxlen) + return -1; + } + if (write(fd, db->entries, info->nentries * entrysize) != + info->nentries * entrysize) + return -1; + return 0; +} +DEF_WEAK(icdb_save); + +int +icdb_close(struct icdb *db) +{ + int i; + + if (db->fd == -1) { + for (i = 0; i < db->info->nkeys; i++) + free(db->idxdata[i]); + free(db->entries); + free(db->info); + } else { + munmap(db->info, db->maplen); + close(db->fd); + } + free(db); + return 0; +} +DEF_WEAK(icdb_close); diff --git a/src/lib/libc/stdlib/icdb_new.3 b/src/lib/libc/stdlib/icdb_new.3 new file mode 100644 index 00000000000..9fc07bda800 --- /dev/null +++ b/src/lib/libc/stdlib/icdb_new.3 @@ -0,0 +1,68 @@ +.\" $OpenBSD: icdb_new.3,v 1.2 2016/09/04 19:05:09 jmc Exp $ +.\" +.\" Copyright (c) Ted Unangst +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" +.Dd $Mdocdate: September 4 2016 $ +.Dt ICBB_NEW 3 +.Os +.Sh NAME +.Nm icdb_new , +.Nm icdb_open , +.Nm icdb_get , +.Nm icdb_lookup , +.Nm icdb_nentries , +.Nm icdb_entries , +.Nm icdb_update , +.Nm icdb_add , +.Nm icdb_rehash , +.Nm icdb_save , +.Nm icdb_close +.Nd simple database +.Sh SYNOPSIS +.In icbd.h +.Ft struct icdb * +.Fn icdb_new "uint32_t version" "uint32_t nentries" "uint32_t entrysize" +.Ft struct icdb * +.Fn icdb_open "const char *name" "int flags" "uint32_t version" +.Ft int +.Fn icdb_get "struct icdb *db" "void *entry" "uint32_t idx" +.Ft int +.Fn icdb_lookup "struct icdb *db" "int keynum" "const void *key" "void *entry" "uint32_t *idxp" +.Ft int +.Fn icdb_nentries "struct icdb *db" +.Ft const void * +.Fn icdb_entries "struct icdb *db" +.Ft int +.Fn icdb_update "struct icdb *db" "const void *entry" "int offset" +.Ft int +.Fn icdb_add "struct icdb *db" "const void *entry" +.Ft int +.Fn icdb_rehash "struct icdb *db" +.Ft int +.Fn icdb_save "struct icdb *db" "int fd" +.Ft int +.Fn icdb_close "struct icdb *db" +.Sh DESCRIPTION +These functions provide access to a simple memory mapped database format. +.Sh EXAMPLES +Look how easy it is to use. +.Sh STANDARDS +These functions are not standardized. +.Sh HISTORY +The icdb functions were introduced in +.Ox 6.0 . +.Sh AUTHORS +.An Ted Unangst Aq Mt tedu@openbsd.org diff --git a/src/lib/libc/stdlib/imaxabs.3 b/src/lib/libc/stdlib/imaxabs.3 new file mode 100644 index 00000000000..340be61b6e9 --- /dev/null +++ b/src/lib/libc/stdlib/imaxabs.3 @@ -0,0 +1,70 @@ +.\" Copyright (c) 1990, 1991 The Regents of the University of California. +.\" All rights reserved. +.\" +.\" This code is derived from software contributed to Berkeley by +.\" the American National Standards Committee X3, on Information +.\" Processing Systems. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $OpenBSD: imaxabs.3,v 1.8 2019/01/18 07:32:17 schwarze Exp $ +.\" +.Dd $Mdocdate: January 18 2019 $ +.Dt IMAXABS 3 +.Os +.Sh NAME +.Nm imaxabs +.Nd integer absolute value function +.Sh SYNOPSIS +.In inttypes.h +.In stdint.h +.Ft intmax_t +.Fn imaxabs "intmax_t j" +.Sh DESCRIPTION +The +.Fn imaxabs +function computes the absolute value of the intmax_t variable +.Fa j . +.Sh RETURN VALUES +The +.Fn imaxabs +function returns the absolute value. +.Sh SEE ALSO +.Xr abs 3 , +.Xr cabs 3 , +.Xr floor 3 , +.Xr hypot 3 , +.Xr labs 3 +.Sh STANDARDS +The +.Fn imaxabs +function conforms to +.St -isoC-99 . +.Sh CAVEATS +The result of applying +.Fn imaxabs +to +.Dv INTMAX_MIN +is undefined. diff --git a/src/lib/libc/stdlib/imaxabs.c b/src/lib/libc/stdlib/imaxabs.c new file mode 100644 index 00000000000..b7e910eefd8 --- /dev/null +++ b/src/lib/libc/stdlib/imaxabs.c @@ -0,0 +1,38 @@ +/* $OpenBSD: imaxabs.c,v 1.1 2006/01/13 17:58:09 millert Exp $ */ + +/*- + * Copyright (c) 1990 The Regents of the University of California. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include + +intmax_t +imaxabs(intmax_t j) +{ + return (j < 0 ? -j : j); +} diff --git a/src/lib/libc/stdlib/imaxdiv.3 b/src/lib/libc/stdlib/imaxdiv.3 new file mode 100644 index 00000000000..0d4f7653734 --- /dev/null +++ b/src/lib/libc/stdlib/imaxdiv.3 @@ -0,0 +1,65 @@ +.\" Copyright (c) 1990, 1991 The Regents of the University of California. +.\" All rights reserved. +.\" +.\" This code is derived from software contributed to Berkeley by +.\" Chris Torek and the American National Standards Committee X3, +.\" on Information Processing Systems. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $OpenBSD: imaxdiv.3,v 1.7 2016/08/14 23:18:03 guenther Exp $ +.\" +.Dd $Mdocdate: August 14 2016 $ +.Dt IMAXDIV 3 +.Os +.Sh NAME +.Nm imaxdiv +.Nd return quotient and remainder from division +.Sh SYNOPSIS +.In inttypes.h +.Ft imaxdiv_t +.Fn imaxdiv "intmax_t num" "intmax_t denom" +.Sh DESCRIPTION +The +.Fn imaxdiv +function computes the value +.Fa num Ns / Ns Fa denom +and returns the quotient and remainder in a structure named +.Li imaxdiv_t +that contains two +.Li intmax_t +members named +.Fa quot +and +.Fa rem . +.Sh SEE ALSO +.Xr div 3 , +.Xr ldiv 3 , +.Xr lldiv 3 +.Sh STANDARDS +The +.Fn imaxdiv +function conforms to +.St -isoC-99 . diff --git a/src/lib/libc/stdlib/imaxdiv.c b/src/lib/libc/stdlib/imaxdiv.c new file mode 100644 index 00000000000..0515a94b96c --- /dev/null +++ b/src/lib/libc/stdlib/imaxdiv.c @@ -0,0 +1,50 @@ +/* $OpenBSD: imaxdiv.c,v 1.1 2006/01/13 17:58:09 millert Exp $ */ +/* + * Copyright (c) 1990 Regents of the University of California. + * All rights reserved. + * + * This code is derived from software contributed to Berkeley by + * Chris Torek. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include /* imaxdiv_t */ + +imaxdiv_t +imaxdiv(intmax_t num, intmax_t denom) +{ + imaxdiv_t r; + + /* see div.c for comments */ + + r.quot = num / denom; + r.rem = num % denom; + if (num >= 0 && r.rem < 0) { + r.quot++; + r.rem -= denom; + } + return (r); +} diff --git a/src/lib/libc/stdlib/insque.3 b/src/lib/libc/stdlib/insque.3 new file mode 100644 index 00000000000..415a7c34486 --- /dev/null +++ b/src/lib/libc/stdlib/insque.3 @@ -0,0 +1,104 @@ +.\" $OpenBSD: insque.3,v 1.10 2014/11/30 20:19:12 schwarze Exp $ +.\" Copyright (c) 1993 John Brezak +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may be used to endorse or promote products +.\" derived from this software without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" +.Dd $Mdocdate: November 30 2014 $ +.Dt INSQUE 3 +.Os +.Sh NAME +.Nm insque , +.Nm remque +.Nd insert/remove element from a queue +.Sh SYNOPSIS +.In search.h +.Ft void +.Fn insque "void *elem" "void *pred" +.Ft void +.Fn remque "void *elem" +.Sh DESCRIPTION +.Bf -symbolic +These interfaces have been superseded by the +.Xr queue 3 +macros and are provided for compatibility with legacy code. +.Ef +.Pp +.Fn insque +and +.Fn remque +manipulate queues built from doubly linked lists. +The queue can be either circular or linear. +Each element in the queue must be of the following form: +.Bd -literal -offset indent +struct qelem { + struct qelem *q_forw; + struct qelem *q_back; + char q_data[]; +}; +.Ed +.Pp +The first two elements in the struct must be pointers of the +same type that point to the previous and next elements in +the queue respectively. +Any subsequent data in the struct is application-dependent. +.Pp +The +.Fn insque +function inserts +.Fa elem +into a queue immediately after +.Fa pred . +.Pp +The +.Fn remque +function removes +.Fa elem +from the queue. +.Pp +These functions are not atomic unless that machine architecture allows it. +.Sh SEE ALSO +.Xr queue 3 +.Sh STANDARDS +The +.Fn insque +and +.Fn remque +functions conform to the X/Open System Interfaces option of the +.St -p1003.1-2008 +specification. +.Sh HISTORY +The +.Fn insque +and +.Fn remque +functions are derived from the +.Li insque +and +.Li remque +instructions on the +.Tn VAX . +They first appeared in +.Bx 4.2 . diff --git a/src/lib/libc/stdlib/insque.c b/src/lib/libc/stdlib/insque.c new file mode 100644 index 00000000000..590ff837b82 --- /dev/null +++ b/src/lib/libc/stdlib/insque.c @@ -0,0 +1,54 @@ +/* $OpenBSD: insque.c,v 1.3 2014/08/15 04:14:36 guenther Exp $ */ + +/* + * Copyright (c) 1993 John Brezak + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#include +#include + +struct qelem { + struct qelem *q_forw; + struct qelem *q_back; +}; + +void +insque(void *entry, void *pred) +{ + struct qelem *e = entry; + struct qelem *p = pred; + + if (p == NULL) + e->q_forw = e->q_back = NULL; + else { + e->q_forw = p->q_forw; + e->q_back = p; + if (p->q_forw != NULL) + p->q_forw->q_back = e; + p->q_forw = e; + } +} diff --git a/src/lib/libc/stdlib/jrand48.c b/src/lib/libc/stdlib/jrand48.c index 99cddb71e5f..cb8c5927503 100644 --- a/src/lib/libc/stdlib/jrand48.c +++ b/src/lib/libc/stdlib/jrand48.c @@ -1,3 +1,4 @@ +/* $OpenBSD: jrand48.c,v 1.3 2005/08/08 08:05:36 espie Exp $ */ /* * Copyright (c) 1993 Martin Birgmeier * All rights reserved. @@ -11,10 +12,6 @@ * to anyone/anything when using this software. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$OpenBSD: jrand48.c,v 1.2 1996/08/19 08:33:33 tholo Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include "rand48.h" long diff --git a/src/lib/libc/stdlib/l64a.c b/src/lib/libc/stdlib/l64a.c index 4e99391254f..4f33df37b2a 100644 --- a/src/lib/libc/stdlib/l64a.c +++ b/src/lib/libc/stdlib/l64a.c @@ -1,18 +1,14 @@ +/* $OpenBSD: l64a.c,v 1.5 2005/08/08 08:05:36 espie Exp $ */ /* * Written by J.T. Conklin . * Public domain. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: l64a.c,v 1.3 1997/08/17 22:58:34 millert Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include #include char * -l64a(value) - long value; +l64a(long value) { static char buf[8]; char *s = buf; diff --git a/src/lib/libc/stdlib/labs.3 b/src/lib/libc/stdlib/labs.3 index fe39ca24dcb..f3fd6fd528d 100644 --- a/src/lib/libc/stdlib/labs.3 +++ b/src/lib/libc/stdlib/labs.3 @@ -13,11 +13,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -33,32 +29,60 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: labs.3,v 1.5 2000/04/20 13:50:02 aaron Exp $ +.\" $OpenBSD: labs.3,v 1.17 2019/01/18 07:32:17 schwarze Exp $ .\" -.Dd June 29, 1991 +.Dd $Mdocdate: January 18 2019 $ .Dt LABS 3 .Os .Sh NAME -.Nm labs +.Nm labs , +.Nm llabs , +.Nm qabs .Nd return the absolute value of a long integer .Sh SYNOPSIS -.Fd #include +.In limits.h +.In stdlib.h .Ft long -.Fn labs "long j" +.Fn labs "long i" +.Ft long long +.Fn llabs "long long j" +.Ft quad_t +.Fn qabs "quad_t j" .Sh DESCRIPTION The .Fn labs function returns the absolute value of the long integer +.Fa i . +The +.Fn llabs +function returns the absolute value of the long long integer .Fa j . +.Pp +The +.Fn qabs +function is a deprecated equivalent of +.Fn llabs . .Sh SEE ALSO .Xr abs 3 , .Xr cabs 3 , .Xr floor 3 , -.Xr math 3 +.Xr imaxabs 3 .Sh STANDARDS The .Fn labs -function conforms to -.St -ansiC . -.Sh BUGS -The absolute value of the most negative integer remains negative. +and +.Fn llabs +functions conform to +.St -isoC-99 . +.Sh CAVEATS +The results of applying +.Fn labs +to +.Dv LONG_MIN +and +.Fn llabs +to +.Dv LLONG_MIN +are undefined, and +.Fn qabs +is not portable in the first place. diff --git a/src/lib/libc/stdlib/labs.c b/src/lib/libc/stdlib/labs.c index f20e2c29bef..ca60b9aba2d 100644 --- a/src/lib/libc/stdlib/labs.c +++ b/src/lib/libc/stdlib/labs.c @@ -1,3 +1,4 @@ +/* $OpenBSD: labs.c,v 1.5 2005/08/08 08:05:36 espie Exp $ */ /*- * Copyright (c) 1990 The Regents of the University of California. * All rights reserved. @@ -10,11 +11,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -31,15 +28,10 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: labs.c,v 1.2 1996/08/19 08:33:34 tholo Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include long -labs(j) - long j; +labs(long j) { return(j < 0 ? -j : j); } diff --git a/src/lib/libc/stdlib/lcong48.c b/src/lib/libc/stdlib/lcong48.c index 44bd74e48a7..f03083e3c87 100644 --- a/src/lib/libc/stdlib/lcong48.c +++ b/src/lib/libc/stdlib/lcong48.c @@ -1,3 +1,4 @@ +/* $OpenBSD: lcong48.c,v 1.6 2015/09/13 08:31:47 guenther Exp $ */ /* * Copyright (c) 1993 Martin Birgmeier * All rights reserved. @@ -11,19 +12,19 @@ * to anyone/anything when using this software. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$OpenBSD: lcong48.c,v 1.2 1996/08/19 08:33:35 tholo Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include "rand48.h" -extern unsigned short __rand48_seed[3]; -extern unsigned short __rand48_mult[3]; -extern unsigned short __rand48_add; - void lcong48(unsigned short p[7]) { + lcong48_deterministic(p); + __rand48_deterministic = 0; +} + +void +lcong48_deterministic(unsigned short p[7]) +{ + __rand48_deterministic = 1; __rand48_seed[0] = p[0]; __rand48_seed[1] = p[1]; __rand48_seed[2] = p[2]; @@ -32,3 +33,4 @@ lcong48(unsigned short p[7]) __rand48_mult[2] = p[5]; __rand48_add = p[6]; } +DEF_WEAK(lcong48_deterministic); diff --git a/src/lib/libc/stdlib/ldiv.3 b/src/lib/libc/stdlib/ldiv.3 index b5301b1b21c..1fa6f38c457 100644 --- a/src/lib/libc/stdlib/ldiv.3 +++ b/src/lib/libc/stdlib/ldiv.3 @@ -13,11 +13,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -33,23 +29,23 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: ldiv.3,v 1.5 2000/04/20 13:50:02 aaron Exp $ +.\" $OpenBSD: ldiv.3,v 1.13 2016/08/14 23:18:03 guenther Exp $ .\" -.Dd June 29, 1991 +.Dd $Mdocdate: August 14 2016 $ .Dt LDIV 3 .Os .Sh NAME .Nm ldiv .Nd return quotient and remainder from division .Sh SYNOPSIS -.Fd #include +.In stdlib.h .Ft ldiv_t .Fn ldiv "long num" "long denom" .Sh DESCRIPTION The .Fn ldiv function computes the value -.Fa num Ns No / Ns Fa denom +.Fa num Ns / Ns Fa denom and returns the quotient and remainder in a structure named .Li ldiv_t that contains two @@ -60,10 +56,16 @@ and .Fa rem . .Sh SEE ALSO .Xr div 3 , -.Xr math 3 , -.Xr qdiv 3 +.Xr imaxdiv 3 , +.Xr lldiv 3 .Sh STANDARDS The .Fn ldiv function conforms to .St -ansiC . +.Sh HISTORY +An +.Fn ldiv +function with similar functionality, but a different calling convention, +first appeared in +.At v4 . diff --git a/src/lib/libc/stdlib/ldiv.c b/src/lib/libc/stdlib/ldiv.c index 908c2bf0aa3..775065f525c 100644 --- a/src/lib/libc/stdlib/ldiv.c +++ b/src/lib/libc/stdlib/ldiv.c @@ -1,3 +1,4 @@ +/* $OpenBSD: ldiv.c,v 1.5 2005/08/08 08:05:36 espie Exp $ */ /* * Copyright (c) 1990 Regents of the University of California. * All rights reserved. @@ -13,11 +14,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -34,15 +31,10 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: ldiv.c,v 1.2 1996/08/19 08:33:35 tholo Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include /* ldiv_t */ ldiv_t -ldiv(num, denom) - long num, denom; +ldiv(long num, long denom) { ldiv_t r; diff --git a/src/lib/libc/stdlib/llabs.c b/src/lib/libc/stdlib/llabs.c new file mode 100644 index 00000000000..f4a260f4a8f --- /dev/null +++ b/src/lib/libc/stdlib/llabs.c @@ -0,0 +1,40 @@ +/* $OpenBSD: llabs.c,v 1.4 2016/08/14 23:18:03 guenther Exp $ */ + +/*- + * Copyright (c) 1990 The Regents of the University of California. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include + +long long +llabs(long long j) +{ + return (j < 0 ? -j : j); +} + +__weak_alias(qabs, llabs); diff --git a/src/lib/libc/stdlib/lldiv.3 b/src/lib/libc/stdlib/lldiv.3 new file mode 100644 index 00000000000..526da8d0c49 --- /dev/null +++ b/src/lib/libc/stdlib/lldiv.3 @@ -0,0 +1,73 @@ +.\" Copyright (c) 1990, 1991 The Regents of the University of California. +.\" All rights reserved. +.\" +.\" This code is derived from software contributed to Berkeley by +.\" Chris Torek and the American National Standards Committee X3, +.\" on Information Processing Systems. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $OpenBSD: lldiv.3,v 1.8 2017/08/01 14:57:02 schwarze Exp $ +.\" +.Dd $Mdocdate: August 1 2017 $ +.Dt LLDIV 3 +.Os +.Sh NAME +.Nm lldiv , +.Nm qdiv +.Nd return quotient and remainder from division +.Sh SYNOPSIS +.In stdlib.h +.Ft lldiv_t +.Fn lldiv "long long num" "long long denom" +.Ft qdiv_t +.Fn qdiv "quad_t num" "quad_t denom" +.Sh DESCRIPTION +The +.Fn lldiv +function computes the value +.Fa num Ns / Ns Fa denom +and returns the quotient and remainder in a structure named +.Li lldiv_t +that contains two +.Li long long integer +members named +.Fa quot +and +.Fa rem . +.Pp +The +.Fn qdiv +function is a deprecated equivalent of +.Fn lldiv . +.Sh SEE ALSO +.Xr div 3 , +.Xr imaxdiv 3 , +.Xr ldiv 3 +.Sh STANDARDS +The +.Fn lldiv +function conforms to +.St -isoC-99 . diff --git a/src/lib/libc/stdlib/lldiv.c b/src/lib/libc/stdlib/lldiv.c new file mode 100644 index 00000000000..59c37b878cd --- /dev/null +++ b/src/lib/libc/stdlib/lldiv.c @@ -0,0 +1,52 @@ +/* $OpenBSD: lldiv.c,v 1.2 2016/08/14 23:18:03 guenther Exp $ */ +/* + * Copyright (c) 1990 Regents of the University of California. + * All rights reserved. + * + * This code is derived from software contributed to Berkeley by + * Chris Torek. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include /* lldiv_t */ + +lldiv_t +lldiv(long long num, long long denom) +{ + lldiv_t r; + + /* see div.c for comments */ + + r.quot = num / denom; + r.rem = num % denom; + if (num >= 0 && r.rem < 0) { + r.quot++; + r.rem -= denom; + } + return (r); +} + +__weak_alias(qdiv, lldiv); diff --git a/src/lib/libc/stdlib/lrand48.c b/src/lib/libc/stdlib/lrand48.c index 6b7524a51bc..142cca7f78b 100644 --- a/src/lib/libc/stdlib/lrand48.c +++ b/src/lib/libc/stdlib/lrand48.c @@ -1,3 +1,4 @@ +/* $OpenBSD: lrand48.c,v 1.5 2015/08/27 04:33:31 guenther Exp $ */ /* * Copyright (c) 1993 Martin Birgmeier * All rights reserved. @@ -11,17 +12,13 @@ * to anyone/anything when using this software. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$OpenBSD: lrand48.c,v 1.2 1996/08/19 08:33:36 tholo Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include "rand48.h" -extern unsigned short __rand48_seed[3]; - long lrand48(void) { + if (__rand48_deterministic == 0) + return arc4random() & 0x7fffffff; __dorand48(__rand48_seed); return ((long) __rand48_seed[2] << 15) + ((long) __rand48_seed[1] >> 1); } diff --git a/src/lib/libc/stdlib/lsearch.3 b/src/lib/libc/stdlib/lsearch.3 new file mode 100644 index 00000000000..d82c55c8594 --- /dev/null +++ b/src/lib/libc/stdlib/lsearch.3 @@ -0,0 +1,106 @@ +.\" $OpenBSD: lsearch.3,v 1.14 2015/11/30 17:03:05 jmc Exp $ +.\" +.\" Copyright (c) 1989, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)lsearch.3 8.1 (Berkeley) 6/4/93 +.\" +.Dd $Mdocdate: November 30 2015 $ +.Dt LSEARCH 3 +.Os +.Sh NAME +.Nm lsearch , +.Nm lfind +.Nd linear searching routines +.Sh SYNOPSIS +.In search.h +.Ft void * +.Fn lsearch "const void *key" "void *base" "size_t *nelp" \ + "size_t width" "int (*compar)(const void *, const void *)" +.Ft void * +.Fn lfind "const void *key" "const void *base" "size_t *nelp" \ + "size_t width" "int (*compar)(const void *, const void *)" +.Sh DESCRIPTION +The functions +.Fn lsearch +and +.Fn lfind +provide basic linear searching functionality. +.Pp +.Fa base +is the pointer to the beginning of an array. +The argument +.Fa nelp +is the current number of elements in the array, where each element +is +.Fa width +bytes long. +The +.Fa compar +function +is a comparison routine which is used to compare two elements. +It takes two arguments which point to the +.Fa key +object and to an array member, in that order, and must return an integer +less than, equivalent to, or greater than zero if the +.Fa key +object is considered, respectively, to be less than, equal to, or greater +than the array member. +.Pp +The +.Fn lsearch +and +.Fn lfind +functions +return a pointer into the array referenced by +.Fa base +where +.Fa key +is located. +If +.Fa key +does not exist, +.Fn lfind +will return a null pointer and +.Fn lsearch +will add it to the array. +When an element is added to the array by +.Fn lsearch , +the location referenced by the argument +.Fa nelp +is incremented by one. +.Sh SEE ALSO +.Xr bsearch 3 , +.Xr dbopen 3 +.Sh STANDARDS +The +.Fn lsearch +and +.Fn lfind +functions conform to the X/Open System Interfaces option of the +.St -p1003.1-2008 +specification. diff --git a/src/lib/libc/stdlib/lsearch.c b/src/lib/libc/stdlib/lsearch.c new file mode 100644 index 00000000000..8cad05f5102 --- /dev/null +++ b/src/lib/libc/stdlib/lsearch.c @@ -0,0 +1,84 @@ +/* $OpenBSD: lsearch.c,v 1.5 2014/07/18 04:16:09 matthew Exp $ */ + +/* + * Copyright (c) 1989, 1993 + * The Regents of the University of California. All rights reserved. + * + * This code is derived from software contributed to Berkeley by + * Roger L. Snyder. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +#include +#include + +typedef int (*cmp_fn_t)(const void *, const void *); +static void *linear_base(const void *, const void *, size_t *, size_t, + cmp_fn_t, int); + +void * +lsearch(const void *key, void *base, size_t *nelp, size_t width, + cmp_fn_t compar) +{ + + return(linear_base(key, base, nelp, width, compar, 1)); +} + +void * +lfind(const void *key, const void *base, size_t *nelp, size_t width, + cmp_fn_t compar) +{ + return(linear_base(key, base, nelp, width, compar, 0)); +} + +static void * +linear_base(const void *key, const void *base, size_t *nelp, size_t width, + cmp_fn_t compar, int add_flag) +{ + const char *element, *end; + + end = (const char *)base + *nelp * width; + for (element = base; element < end; element += width) + if (!compar(key, element)) /* key found */ + return((void *)element); + + if (!add_flag) /* key not found */ + return(NULL); + + /* + * The UNIX System User's Manual, 1986 edition claims that + * a NULL pointer is returned by lsearch with errno set + * appropriately, if there is not enough room in the table + * to add a new item. This can't be done as none of these + * routines have any method of determining the size of the + * table. This comment isn't in the 1986-87 System V + * manual. + */ + ++*nelp; + memcpy((void *)end, key, width); + return((void *)end); +} diff --git a/src/lib/libc/stdlib/malloc.3 b/src/lib/libc/stdlib/malloc.3 index 8f05c38e866..a6edb2be00b 100644 --- a/src/lib/libc/stdlib/malloc.3 +++ b/src/lib/libc/stdlib/malloc.3 @@ -14,11 +14,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -34,9 +30,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: malloc.3,v 1.24 2001/12/05 09:49:39 deraadt Exp $ +.\" $OpenBSD: malloc.3,v 1.122 2018/12/05 17:11:59 schwarze Exp $ .\" -.Dd August 27, 1996 +.Dd $Mdocdate: December 5 2018 $ .Dt MALLOC 3 .Os .Sh NAME @@ -44,10 +40,13 @@ .Nm calloc , .Nm realloc , .Nm free , -.Nm cfree +.Nm reallocarray , +.Nm recallocarray , +.Nm freezero , +.Nm aligned_alloc .Nd memory allocation and deallocation .Sh SYNOPSIS -.Fd #include +.In stdlib.h .Ft void * .Fn malloc "size_t size" .Ft void * @@ -56,62 +55,42 @@ .Fn realloc "void *ptr" "size_t size" .Ft void .Fn free "void *ptr" +.Ft void * +.Fn reallocarray "void *ptr" "size_t nmemb" "size_t size" +.Ft void * +.Fn recallocarray "void *ptr" "size_t oldnmemb" "size_t nmemb" "size_t size" .Ft void -.Fn cfree "void *ptr" -.Ft char * -.Va malloc_options +.Fn freezero "void *ptr" "size_t size" +.Ft void * +.Fn aligned_alloc "size_t alignment" "size_t size" +.Vt char *malloc_options ; .Sh DESCRIPTION +The standard functions +.Fn malloc , +.Fn calloc , +and +.Fn realloc +allocate +.Em objects , +regions of memory to store values. The .Fn malloc -function allocates uninitialized space for an object whose -size is specified by +function allocates uninitialized space for an object of +the specified .Fa size . -The .Fn malloc -function maintains multiple lists of free blocks according to size, allocating -space from the appropriate list. -.Pp -The allocated space is -suitably aligned (after possible pointer -coercion) for storage of any type of object. -If the space is of -.Em pagesize -or larger, the memory returned will be page-aligned. -.Pp -Allocation of a zero size object returns a pointer to a zero size object. -This zero size object is access protected, so any access to it will -generate an exception (SIGSEGV). -Many zero-sized objects can be placed consecutively in shared -protected pages. -The minimum size of the protection on each object is suitably aligned and -sized as previously stated, but the protection may extend further depending -on where in a protected zone the object lands. +maintains multiple lists of free objects according to size, allocating +from the appropriate list or requesting memory from the kernel. +The allocated space is suitably aligned (after possible pointer coercion) for +storage of any type of object. .Pp The .Fn calloc function allocates space for an array of .Fa nmemb -objects, each of whose size is +objects, each of the specified .Fa size . -The space is initialized to all bits zero. -.Pp -The -.Fn free -function causes the space pointed to by -.Fa ptr -to be deallocated, that is, at least made available for further allocation, -but if possible, it will passed back to the kernel with -.Xr sbrk 2 . -If -.Fa ptr -is a null pointer, no action occurs. -.Pp -A -.Fn cfree -function is also provided for compatibility with old systems and other -.Nm malloc -libraries; it is simply an alias for -.Fn free . +The space is initialized to zero. .Pp The .Fn realloc @@ -120,99 +99,206 @@ function changes the size of the object pointed to by to .Fa size bytes and returns a pointer to the (possibly moved) object. +If +.Fa ptr +is not +.Dv NULL , +it must be a pointer returned by an earlier call to an allocation or +reallocation function that was not freed in between. The contents of the object are unchanged up to the lesser of the new and old sizes. If the new size is larger, the value of the newly allocated portion of the object is indeterminate and uninitialized. +If the space cannot be allocated, the object +pointed to by +.Fa ptr +is unchanged. If .Fa ptr -is a null pointer, the +is +.Dv NULL , .Fn realloc -function behaves like the +behaves like .Fn malloc -function for the specified size. -If the space cannot be allocated, the object -pointed to by +and allocates a new object. +.Pp +The +.Fn free +function causes the space pointed to by .Fa ptr -is unchanged. +to be either placed on a list of free blocks to make it available for future +allocation or, when appropriate, to be returned to the kernel using +.Xr munmap 2 . +If +.Fa ptr +is +.Dv NULL , +no action occurs. If -.Fa size -is zero and .Fa ptr -is not a null pointer, the object it points to is freed and a new zero size -object is returned. +was previously freed by +.Fn free +or a reallocation function, +the behavior is undefined and the double free is a security concern. .Pp -When using +Designed for safe allocation of arrays, +the +.Fn reallocarray +function is similar to .Fn realloc -one must be careful to avoid the following idiom: +except it operates on +.Fa nmemb +members of size +.Fa size +and checks for integer overflow in the calculation +.Fa nmemb +* +.Fa size . .Pp -.Bd -literal -offset indent -if ((p = realloc(p, nsize)) == NULL) - return NULL; -.Ed +Used for the allocation of memory holding sensitive data, +the +.Fn recallocarray +and +.Fn freezero +functions guarantee that memory becoming unallocated is explicitly +.Em discarded , +meaning pages of memory are disposed via +.Xr munmap 2 +and cached free objects are cleared with +.Xr explicit_bzero 3 . .Pp -In most cases, this will result in a leak of memory. -As stated earlier, a return value of -.Dv NULL -indicates that the old object still remains allocated. -Better code looks like this: -.Bd -literal -offset indent -if ((p2 = realloc(p, nsize)) == NULL) { - if (p) - free(p); - p = NULL; - return NULL; -} -p = p2; -.Ed +The +.Fn recallocarray +function is similar to +.Fn reallocarray +except it ensures newly allocated memory is cleared similar to +.Fn calloc . +If +.Fa ptr +is +.Dv NULL , +.Fa oldnmemb +is ignored and the call is equivalent to +.Fn calloc . +If +.Fa ptr +is not +.Dv NULL , +.Fa oldnmemb +must be a value such that +.Fa oldnmemb +* +.Fa size +is the size of the earlier allocation that returned +.Fa ptr , +otherwise the behavior is undefined. .Pp -Malloc will first look for a symbolic link called -.Pa /etc/malloc.conf -and next check the environment for a variable called -.Ev MALLOC_OPTIONS -and finally for the global variable +The +.Fn freezero +function is similar to the +.Fn free +function except it ensures memory is explicitly discarded. +If +.Fa ptr +is +.Dv NULL , +no action occurs. +If +.Fa ptr +is not +.Dv NULL , +the +.Fa size +argument must be equal to or smaller than the size of the earlier allocation +that returned +.Fa ptr . +.Fn freezero +guarantees the memory range starting at +.Fa ptr +with length +.Fa size +is discarded while deallocating the whole object originally allocated. +.Pp +The +.Fn aligned_alloc +function allocates +.Fa size +bytes of memory such that the allocation's base address is a multiple of +.Fa alignment . +The requested +.Fa alignment +must be a power of 2. +If +.Fa size +is not a multiple of +.Fa alignment , +behavior is undefined. +.Sh MALLOC OPTIONS +Upon the first call to the +.Fn malloc +family of functions, an initialization sequence inspects the +value of the +.Va vm.malloc_conf +.Xr sysctl 2 , +next checks the environment for a variable called +.Ev MALLOC_OPTIONS , +and finally looks at the global variable .Va malloc_options -and scan them for flags in that order. -Flags are single letters, uppercase means on, lowercase means off. +in the program. +Each is scanned for the flags documented below. +Unless otherwise noted uppercase means on, lowercase means off. .Bl -tag -width indent -.It Cm A -.Dq Abort . -.Fn malloc -will coredump the process, rather than tolerate failure. -This is a very handy debugging aid, since the core file will represent the -time of failure, rather than when the null pointer was accessed. -.Pp +.It Cm C +.Dq Canaries . +Add canaries at the end of allocations in order to detect +heap overflows. +The canary's content is checked when +.Nm free +is called. +If it has been corrupted, the process is aborted. .It Cm D .Dq Dump . .Fn malloc -will dump statistics in a file called -.Pa malloc.out +will dump statistics to the file +.Pa ./malloc.out , +if it already exists, at exit. This option requires the library to have been compiled with -DMALLOC_STATS in order to have any effect. -.Pp +.It Cm F +.Dq Freecheck . +Enable more extensive double free and use after free detection. +All chunks in the delayed free list will be checked for double frees. +Unused pages on the freelist are read and write protected to +cause a segmentation fault upon access. +.It Cm G +.Dq Guard . +Enable guard pages. +Each page size or larger allocation is followed by a guard page that will +cause a segmentation fault upon any access. .It Cm J -.Dq Junk . -Fill some junk into the area allocated. -Currently junk is bytes of 0xd0; this is pronounced -.Dq Duh . -\&:-) -.Pp -.It Cm H -.Dq Hint . -Pass a hint to the kernel about pages we don't use. -If the machine is paging a lot this may help a bit. -.Pp -.It Cm N -Do not output warning messages when encountering possible corruption -or bad pointers. -.Pp +.Dq More junking . +Increase the junk level by one if it is smaller than 2. +.It Cm j +.Dq Less junking . +Decrease the junk level by one if it is larger than 0. +Junking writes some junk bytes into the area allocated. +Junk is bytes of 0xdb when allocating; +freed chunks are filled with 0xdf. +By default the junk level is 1: after free, +small chunks are completely junked; +for pages the first part is junked. +After a delay, +the filling pattern is validated and the process is aborted if the pattern +was modified. +For junk level 2, junking is done on allocation as well and without size +restrictions. +If the junk level is zero, no junking is performed. .It Cm R .Dq realloc . Always reallocate when .Fn realloc is called, even if the initial allocation was big enough. -This can substantially aid in compacting memory. .\".Pp .\".It Cm U .\".Dq utrace . @@ -220,10 +306,16 @@ This can substantially aid in compacting memory. .\".Xr ktrace 1 .\"for all operations. .\"Consult the source for this one. -.Pp +.It Cm S +Enable all options suitable for security auditing. +.It Cm U +.Dq Free unmap . +Enable use after free protection for larger allocations. +Unused pages on the freelist are read and write protected to +cause a segmentation fault upon access. .It Cm X .Dq xmalloc . -rather than return failure, +Rather than return failure, .Xr abort 3 the program with a diagnostic message on stderr. It is the intention that this option be set at compile time by @@ -233,135 +325,295 @@ extern char *malloc_options; malloc_options = "X"; .Ed .Pp -.It Cm Z -.Dq Zero . -Fill some junk into the area allocated (see -.Cm J ) , -except for the exact length the user asked for, which is zeroed. -.Pp +Note that this will cause code that is supposed to handle +out-of-memory conditions gracefully to abort instead. .It Cm < -.Dq Half the cache size . -Reduce the size of the cache by a factor of two. -.Pp +.Dq Halve the cache size . +Decrease the size of the free page cache by a factor of two. .It Cm > .Dq Double the cache size . -Double the size of the cache by a factor of two. +Increase the size of the free page cache by a factor of two. .El .Pp -So to set a systemwide reduction of cache size and coredumps on problems -one would: -.Li ln -s 'A<' /etc/malloc.conf -.Pp -The -.Cm J -and -.Cm Z -is mostly for testing and debugging. -If a program changes behavior if either of these options are used, +If a program changes behavior if any of these options (except +.Cm X ) +are used, it is buggy. .Pp -The default cache size is 16 pages. -.Sh ENVIRONMENT -See above. +The default number of free pages cached is 64 per malloc pool. +Multi-threaded programs use multiple pools. .Sh RETURN VALUES -The -.Fn malloc -and -.Fn calloc -functions return a pointer to the allocated space if successful; otherwise, -a null pointer is returned and +Upon successful completion, the allocation functions +return a pointer to the allocated space; otherwise, +.Dv NULL +is returned and .Va errno is set to .Er ENOMEM . +The function +.Fn aligned_alloc +returns +.Dv NULL +and sets +.Va errno +to +.Er EINVAL +if +.Fa alignment +is not a power of 2. .Pp -The -.Fn free -and -.Fn cfree -functions return no value. +If +.Fa nmemb +or +.Fa size +is equal to 0, a unique pointer to an access protected, +zero sized object is returned. +Access via this pointer will generate a +.Dv SIGSEGV +exception. .Pp -The -.Fn realloc -function returns a pointer to the (possibly moved) allocated space -if successful; otherwise, a null pointer is returned and +If multiplying +.Fa nmemb +and +.Fa size +results in integer overflow, +.Fn calloc , +.Fn reallocarray +and +.Fn recallocarray +return +.Dv NULL +and set .Va errno -is set to +to .Er ENOMEM . -.Sh DIAGNOSTICS +.Pp If +.Fa ptr +is not +.Dv NULL +and multiplying +.Fa oldnmemb +and +.Fa size +results in integer overflow +.Fn recallocarray +returns +.Dv NULL +and sets +.Va errno +to +.Er EINVAL . +.Sh IDIOMS +Consider +.Fn calloc +or the extensions +.Fn reallocarray +and +.Fn recallocarray +when there is multiplication in the +.Fa size +argument of +.Fn malloc +or +.Fn realloc . +For example, avoid this common idiom as it may lead to integer overflow: +.Bd -literal -offset indent +if ((p = malloc(num * size)) == NULL) + err(1, NULL); +.Ed +.Pp +A drop-in replacement is the +.Ox +extension +.Fn reallocarray : +.Bd -literal -offset indent +if ((p = reallocarray(NULL, num, size)) == NULL) + err(1, NULL); +.Ed +.Pp +Alternatively, +.Fn calloc +may be used at the cost of initialization overhead. +.Pp +When using +.Fn realloc , +be careful to avoid the following idiom: +.Bd -literal -offset indent +size += 50; +if ((p = realloc(p, size)) == NULL) + return (NULL); +.Ed +.Pp +Do not adjust the variable describing how much memory has been allocated +until the allocation has been successful. +This can cause aberrant program behavior if the incorrect size value is used. +In most cases, the above sample will also result in a leak of memory. +As stated earlier, a return value of +.Dv NULL +indicates that the old object still remains allocated. +Better code looks like this: +.Bd -literal -offset indent +newsize = size + 50; +if ((newp = realloc(p, newsize)) == NULL) { + free(p); + p = NULL; + size = 0; + return (NULL); +} +p = newp; +size = newsize; +.Ed +.Pp +As with .Fn malloc , +it is important to ensure the new size value will not overflow; +i.e. avoid allocations like the following: +.Bd -literal -offset indent +if ((newp = realloc(p, num * size)) == NULL) { + ... +.Ed +.Pp +Instead, use +.Fn reallocarray : +.Bd -literal -offset indent +if ((newp = reallocarray(p, num, size)) == NULL) { + ... +.Ed +.Pp +Calling +.Fn realloc +with a +.Dv NULL +.Fa ptr +is equivalent to calling +.Fn malloc . +Instead of this idiom: +.Bd -literal -offset indent +if (p == NULL) + newp = malloc(newsize); +else + newp = realloc(p, newsize); +.Ed +.Pp +Use the following: +.Bd -literal -offset indent +newp = realloc(p, newsize); +.Ed +.Pp +The +.Fn recallocarray +function should be used for resizing objects containing sensitive data like +keys. +To avoid leaking information, +it guarantees memory is cleared before placing it on the internal free list. +Deallocation of such an object should be done by calling +.Fn freezero . +.Sh ENVIRONMENT +.Bl -tag -width "MALLOC_OPTIONS" +.It Ev MALLOC_OPTIONS +String of option flags. +.El +.Sh EXAMPLES +If +.Fn malloc +must be used with multiplication, be sure to test for overflow: +.Bd -literal -offset indent +size_t num, size; +\&... + +/* Check for size_t overflow */ +if (size && num > SIZE_MAX / size) + errc(1, EOVERFLOW, "overflow"); + +if ((p = malloc(num * size)) == NULL) + err(1, NULL); +.Ed +.Pp +The above test is not sufficient in all cases. +For example, multiplying ints requires a different set of checks: +.Bd -literal -offset indent +int num, size; +\&... + +/* Avoid invalid requests */ +if (size < 0 || num < 0) + errc(1, EOVERFLOW, "overflow"); + +/* Check for signed int overflow */ +if (size && num > INT_MAX / size) + errc(1, EOVERFLOW, "overflow"); + +if ((p = malloc(num * size)) == NULL) + err(1, NULL); +.Ed +.Pp +Assuming the implementation checks for integer overflow as +.Ox +does, it is much easier to use .Fn calloc , -.Fn realloc , +.Fn reallocarray , or -.Fn free -detect an error or warning condition, +.Fn recallocarray . +.Pp +The above examples could be simplified to: +.Bd -literal -offset indent +if ((p = reallocarray(NULL, num, size)) == NULL) + err(1, NULL); +.Ed +.Pp +or at the cost of initialization: +.Bd -literal -offset indent +if ((p = calloc(num, size)) == NULL) + err(1, NULL); +.Ed +.Pp +Set a systemwide reduction of the cache to a quarter of the +default size and use guard pages: +.Pp +.Dl # sysctl vm.malloc_conf='G<<' +.Sh DIAGNOSTICS +If any of the functions detect an error condition, a message will be printed to file descriptor 2 (not using stdio). -Errors will always result in the process being -.Xr abort 3 'ed. -If the -.Cm A -option has been specified, warnings will also -.Xr abort 3 -the process. +Errors will result in the process being aborted. .Pp Here is a brief description of the error messages and what they mean: -.Bl -tag -width Fl -.It Dq (ES): mumble mumble mumble -.Fn malloc -has been compiled with -.Dv \&-DEXTRA_SANITY -and something looks fishy in there. -Consult sources and/or wizards. -.It Dq allocation failed +.Bl -tag -width Ds +.It Dq out of memory If the -.Cm A -option is specified it is an error for -.Fn malloc , -.Fn calloc , -or -.Fn realloc +.Cm X +option is specified it is an error for the allocation functions to return .Dv NULL . -.It Dq mmap(2) failed, check limits. -This is a rather weird condition that is most likely to indicate a -seriously overloaded system or a -.Xr ulimit 1 -restriction. -.It Dq freelist is destroyed. -.Fn malloc Ns 's -internal freelist has been stomped on. -.El -.Pp -Here is a brief description of the warning messages and what they mean: -.Bl -tag -width Fl -.It Dq chunk/page is already free. -A pointer to a free chunk is attempted freed again. -.It Dq junk pointer, too high to make sense. -The pointer doesn't make sense. -It's above the area of memory that -.Fn malloc -knows something about. -This could be a pointer from some -.Xr mmap 2 'ed -memory. -.It Dq junk pointer, too low to make sense. -The pointer doesn't make sense. -It's below the area of memory that -.Fn malloc -knows something about. -This pointer probably came from your data or bss segments. -.It Dq malloc() has never been called. -Nothing has ever been allocated, yet something is being freed or -realloc'ed. -.It Dq modified (chunk-/page-) pointer. -The pointer passed to free or realloc has been modified. -.It Dq pointer to wrong page. -The pointer that -.Fn malloc -is trying to free is not pointing to -a sensible page. -.It Dq recursive call. +.It Dq bogus pointer (double free?) +An attempt to +.Fn free +or +reallocate an unallocated pointer was made. +.It Dq chunk is already free +There was an attempt to free a chunk that had already been freed. +.It Dq use after free +A chunk has been modified after it was freed. +.It Dq modified chunk-pointer +The pointer passed to +.Fn free +or a reallocation function has been modified. +.It Dq chunk canary corrupted address offset@length +A byte after the requested size has been overwritten, +indicating a heap overflow. +The offset at which corruption was detected is printed before the @, +and the requested length of the allocation after the @. +.It Dq recorded old size oldsize != size +.Fn recallocarray +has detected that the given old size does not equal the recorded size in its +meta data. +Enabling option +.Cm C +allows +.Fn recallocarray +to catch more of these cases. +.It Dq recursive call An attempt was made to call recursively into these functions, i.e., from a signal handler. This behavior is not supported. @@ -376,44 +628,143 @@ functions nor utilize any other functions which may call routines). .It Dq unknown char in MALLOC_OPTIONS We found something we didn't understand. -.El -.Sh FILES -.Bl -tag -width "/etc/malloc.conf" -.It Pa /etc/malloc.conf -symbolic link to filename containing option flags +.It any other error +.Fn malloc +detected an internal error; +consult sources and/or wizards. .El .Sh SEE ALSO .Xr brk 2 , +.Xr mmap 2 , +.Xr munmap 2 , +.Xr sysctl 2 , .Xr alloca 3 , .Xr getpagesize 3 , -.Xr memory 3 -.Pa /usr/share/doc/papers/malloc.ascii.gz +.Xr posix_memalign 3 .Sh STANDARDS The -.Fn malloc -function conforms to +.Fn malloc , +.Fn calloc , +.Fn realloc , +and +.Fn free +functions conform to .St -ansiC . +The +.Fn aligned_alloc +function conforms to +.St -isoC-2011 . +.Pp +If +.Fa nmemb +or +.Fa size +are 0, the return value is implementation defined; +other conforming implementations may return +.Dv NULL +in this case. +.Pp +The +.Ev MALLOC_OPTIONS +environment variable, the +.Va vm.malloc_conf +sysctl and the +.Sx DIAGNOSTICS +output are extensions to the standard. .Sh HISTORY -The present implementation of -.Fn malloc -started out as a filesystem on a drum -attached to a 20-bit binary challenged computer built with discrete germanium -transistors, and it has since graduated to handle primary storage rather than -secondary. +A +.Fn free +internal kernel function and a predecessor to +.Fn malloc , +.Fn alloc , +first appeared in +.At v1 . +C library functions +.Fn alloc +and +.Fn free +appeared in +.At v6 . +The functions +.Fn malloc , +.Fn calloc , +and +.Fn realloc +first appeared in +.At v7 . .Pp -The main difference from other -.Fn malloc -implementations are believed to be that -the free pages are not accessed until allocated. -Most +A new implementation by Chris Kingsley was introduced in +.Bx 4.2 , +followed by a complete rewrite by Poul-Henning Kamp which appeared in +.Fx 2.2 +and was included in +.Ox 2.0 . +These implementations were all +.Xr sbrk 2 +based. +In +.Ox 3.8 , +Thierry Deval rewrote +.Nm +to use the +.Xr mmap 2 +system call, +making the page addresses returned by +.Nm +random. +A rewrite by Otto Moerbeek introducing a new central data structure and more +randomization appeared in +.Ox 4.4 . +.Pp +The +.Fn reallocarray +function appeared in +.Ox 5.6 . +The +.Fn recallocarray +function appeared in +.Ox 6.1 . +The +.Fn freezero +function appeared in +.Ox 6.2 . +The +.Fn aligned_alloc +function appeared in +.Ox 6.5 . +.Sh CAVEATS +When using +.Fn malloc , +be wary of signed integer and +.Vt size_t +overflow especially when there is multiplication in the +.Fa size +argument. +.Pp +Signed integer overflow will cause undefined behavior which compilers +typically handle by wrapping back around to negative numbers. +Depending on the input, this can result in allocating more or less +memory than intended. +.Pp +An unsigned overflow has defined behavior which will wrap back around and +return less memory than intended. +.Pp +A signed or unsigned integer overflow is a +.Em security +risk if less memory is returned than intended. +Subsequent code may corrupt the heap by writing beyond the memory that was +allocated. +An attacker may be able to leverage this heap corruption to execute arbitrary +code. +.Pp +Consider using +.Fn calloc , +.Fn reallocarray +or +.Fn recallocarray +instead of using multiplication in .Fn malloc -implementations will store a data structure containing a, -possibly double-, linked list in the free chunks of memory, used to tie -all the free memory together. -That is a quite suboptimal thing to do. -Every time the free-list is traversed, all the otherwise unused, and very -likely paged out, pages get faulted into primary memory, just to see what -lies after them in the list. -.Pp -On systems which are paging, this can make a factor five in difference on the -page-faults of a process. +and +.Fn realloc +to avoid these problems on +.Ox . diff --git a/src/lib/libc/stdlib/malloc.c b/src/lib/libc/stdlib/malloc.c index 4e90ce402e4..e41178d5c56 100644 --- a/src/lib/libc/stdlib/malloc.c +++ b/src/lib/libc/stdlib/malloc.c @@ -1,1305 +1,2343 @@ +/* $OpenBSD: malloc.c,v 1.259 2019/01/10 18:47:05 otto Exp $ */ /* - * ---------------------------------------------------------------------------- - * "THE BEER-WARE LICENSE" (Revision 42): - * wrote this file. As long as you retain this notice you - * can do whatever you want with this stuff. If we meet some day, and you think - * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp - * ---------------------------------------------------------------------------- + * Copyright (c) 2008, 2010, 2011, 2016 Otto Moerbeek + * Copyright (c) 2012 Matthew Dempsky + * Copyright (c) 2008 Damien Miller + * Copyright (c) 2000 Poul-Henning Kamp + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$OpenBSD: malloc.c,v 1.48 2002/05/27 03:13:23 deraadt Exp $"; -#endif /* LIBC_SCCS and not lint */ - /* - * Defining MALLOC_EXTRA_SANITY will enable extra checks which are - * related to internal conditions and consistency in malloc.c. This has - * a noticeable runtime performance hit, and generally will not do you - * any good unless you fiddle with the internals of malloc or want - * to catch random pointer corruption as early as possible. + * If we meet some day, and you think this stuff is worth it, you + * can buy me a beer in return. Poul-Henning Kamp */ -#ifndef MALLOC_EXTRA_SANITY -#undef MALLOC_EXTRA_SANITY -#endif -/* - * Defining MALLOC_STATS will enable you to call malloc_dump() and set - * the [dD] options in the MALLOC_OPTIONS environment variable. - * It has no run-time performance hit, but does pull in stdio... - */ -#ifndef MALLOC_STATS -#undef MALLOC_STATS -#endif - -/* - * What to use for Junk. This is the byte value we use to fill with - * when the 'J' option is enabled. - */ -#define SOME_JUNK 0xd0 /* as in "Duh" :-) */ +/* #define MALLOC_STATS */ #include -#include +#include #include -#include +#include +#include +#include +#include +#include #include #include #include #include + +#ifdef MALLOC_STATS +#include #include -#include +#endif -/* - * The basic parameters you can tweak. - * - * malloc_pageshift pagesize = 1 << malloc_pageshift - * It's probably best if this is the native - * page size, but it shouldn't have to be. - * - * malloc_minsize minimum size of an allocation in bytes. - * If this is too small it's too much work - * to manage them. This is also the smallest - * unit of alignment used for the storage - * returned by malloc/realloc. - * - */ +#include "thread_private.h" +#include + +#define MALLOC_PAGESHIFT _MAX_PAGE_SHIFT + +#define MALLOC_MINSHIFT 4 +#define MALLOC_MAXSHIFT (MALLOC_PAGESHIFT - 1) +#define MALLOC_PAGESIZE (1UL << MALLOC_PAGESHIFT) +#define MALLOC_MINSIZE (1UL << MALLOC_MINSHIFT) +#define MALLOC_PAGEMASK (MALLOC_PAGESIZE - 1) +#define MASK_POINTER(p) ((void *)(((uintptr_t)(p)) & ~MALLOC_PAGEMASK)) -#if defined(__OpenBSD__) && defined(__sparc__) -# define malloc_pageshift 13U -#endif /* __OpenBSD__ */ - -#ifdef _THREAD_SAFE -# include "thread_private.h" -# if 0 - /* kernel threads */ -# include - static pthread_mutex_t malloc_lock; -# define THREAD_LOCK() pthread_mutex_lock(&malloc_lock) -# define THREAD_UNLOCK() pthread_mutex_unlock(&malloc_lock) -# define THREAD_LOCK_INIT() pthread_mutex_init(&malloc_lock, 0); -# else - /* user threads */ -# include "spinlock.h" - static spinlock_t malloc_lock = _SPINLOCK_INITIALIZER; -# define THREAD_LOCK() if (__isthreaded) _SPINLOCK(&malloc_lock) -# define THREAD_UNLOCK() if (__isthreaded) _SPINUNLOCK(&malloc_lock) -# define THREAD_LOCK_INIT() - /* - * Malloc can't use the wrapped write() if it fails very early, so - * we use the unwrapped syscall _thread_sys_write() - */ -# define write _thread_sys_write - ssize_t write(int, const void *, size_t); -# undef malloc -# undef realloc -# undef free -# endif +#define MALLOC_MAXCHUNK (1 << MALLOC_MAXSHIFT) +#define MALLOC_MAXCACHE 256 +#define MALLOC_DELAYED_CHUNK_MASK 15 +#ifdef MALLOC_STATS +#define MALLOC_INITIAL_REGIONS 512 #else - /* no threads */ -# define THREAD_LOCK() -# define THREAD_UNLOCK() -# define THREAD_LOCK_INIT() +#define MALLOC_INITIAL_REGIONS (MALLOC_PAGESIZE / sizeof(struct region_info)) #endif +#define MALLOC_DEFAULT_CACHE 64 +#define MALLOC_CHUNK_LISTS 4 +#define CHUNK_CHECK_LENGTH 32 /* - * No user serviceable parts behind this point. - * - * This structure describes a page worth of chunks. + * We move allocations between half a page and a whole page towards the end, + * subject to alignment constraints. This is the extra headroom we allow. + * Set to zero to be the most strict. */ +#define MALLOC_LEEWAY 0 +#define MALLOC_MOVE_COND(sz) ((sz) - mopts.malloc_guard < \ + MALLOC_PAGESIZE - MALLOC_LEEWAY) +#define MALLOC_MOVE(p, sz) (((char *)(p)) + \ + ((MALLOC_PAGESIZE - MALLOC_LEEWAY - \ + ((sz) - mopts.malloc_guard)) & \ + ~(MALLOC_MINSIZE - 1))) -struct pginfo { - struct pginfo *next; /* next on the free list */ - void *page; /* Pointer to the page */ - u_short size; /* size of this page's chunks */ - u_short shift; /* How far to shift for this size chunks */ - u_short free; /* How many free chunks */ - u_short total; /* How many chunk */ - u_long bits[1]; /* Which chunks are free */ -}; +#define PAGEROUND(x) (((x) + (MALLOC_PAGEMASK)) & ~MALLOC_PAGEMASK) /* - * This structure describes a number of free pages. + * What to use for Junk. This is the byte value we use to fill with + * when the 'J' option is enabled. Use SOME_JUNK right after alloc, + * and SOME_FREEJUNK right before free. */ +#define SOME_JUNK 0xdb /* deadbeef */ +#define SOME_FREEJUNK 0xdf /* dead, free */ + +#define MMAP(sz) mmap(NULL, (sz), PROT_READ | PROT_WRITE, \ + MAP_ANON | MAP_PRIVATE, -1, 0) + +#define MMAPNONE(sz) mmap(NULL, (sz), PROT_NONE, \ + MAP_ANON | MAP_PRIVATE, -1, 0) -struct pgfree { - struct pgfree *next; /* next run of free pages */ - struct pgfree *prev; /* prev run of free pages */ - void *page; /* pointer to free pages */ - void *end; /* pointer to end of free pages */ - u_long size; /* number of bytes free */ +#define MMAPA(a,sz) mmap((a), (sz), PROT_READ | PROT_WRITE, \ + MAP_ANON | MAP_PRIVATE, -1, 0) + +#define MQUERY(a, sz) mquery((a), (sz), PROT_READ | PROT_WRITE, \ + MAP_ANON | MAP_PRIVATE | MAP_FIXED, -1, 0) + +struct region_info { + void *p; /* page; low bits used to mark chunks */ + uintptr_t size; /* size for pages, or chunk_info pointer */ +#ifdef MALLOC_STATS + void *f; /* where allocated from */ +#endif }; -/* - * How many bits per u_long in the bitmap. - * Change only if not 8 bits/byte - */ -#define MALLOC_BITS (8*sizeof(u_long)) +LIST_HEAD(chunk_head, chunk_info); + +struct dir_info { + u_int32_t canary1; + int active; /* status of malloc */ + struct region_info *r; /* region slots */ + size_t regions_total; /* number of region slots */ + size_t regions_free; /* number of free slots */ + /* lists of free chunk info structs */ + struct chunk_head chunk_info_list[MALLOC_MAXSHIFT + 1]; + /* lists of chunks with free slots */ + struct chunk_head chunk_dir[MALLOC_MAXSHIFT + 1][MALLOC_CHUNK_LISTS]; + size_t free_regions_size; /* free pages cached */ + /* free pages cache */ + struct region_info free_regions[MALLOC_MAXCACHE]; + /* delayed free chunk slots */ + u_int rotor; + void *delayed_chunks[MALLOC_DELAYED_CHUNK_MASK + 1]; + size_t rbytesused; /* random bytes used */ + char *func; /* current function */ + int mutex; + u_char rbytes[32]; /* random bytes */ +#ifdef MALLOC_STATS + size_t inserts; + size_t insert_collisions; + size_t finds; + size_t find_collisions; + size_t deletes; + size_t delete_moves; + size_t cheap_realloc_tries; + size_t cheap_reallocs; + size_t malloc_used; /* bytes allocated */ + size_t malloc_guarded; /* bytes used for guards */ + size_t pool_searches; /* searches for pool */ + size_t other_pool; /* searches in other pool */ +#define STATS_ADD(x,y) ((x) += (y)) +#define STATS_SUB(x,y) ((x) -= (y)) +#define STATS_INC(x) ((x)++) +#define STATS_ZERO(x) ((x) = 0) +#define STATS_SETF(x,y) ((x)->f = (y)) +#else +#define STATS_ADD(x,y) /* nothing */ +#define STATS_SUB(x,y) /* nothing */ +#define STATS_INC(x) /* nothing */ +#define STATS_ZERO(x) /* nothing */ +#define STATS_SETF(x,y) /* nothing */ +#endif /* MALLOC_STATS */ + u_int32_t canary2; +}; +#define DIR_INFO_RSZ ((sizeof(struct dir_info) + MALLOC_PAGEMASK) & \ + ~MALLOC_PAGEMASK) /* - * Magic values to put in the page_directory + * This structure describes a page worth of chunks. + * + * How many bits per u_short in the bitmap */ -#define MALLOC_NOT_MINE ((struct pginfo*) 0) -#define MALLOC_FREE ((struct pginfo*) 1) -#define MALLOC_FIRST ((struct pginfo*) 2) -#define MALLOC_FOLLOW ((struct pginfo*) 3) -#define MALLOC_MAGIC ((struct pginfo*) 4) - -#ifndef malloc_pageshift -#define malloc_pageshift (PGSHIFT) -#endif +#define MALLOC_BITS (NBBY * sizeof(u_short)) +struct chunk_info { + LIST_ENTRY(chunk_info) entries; + void *page; /* pointer to the page */ + u_short canary; + u_short size; /* size of this page's chunks */ + u_short shift; /* how far to shift for this size */ + u_short free; /* how many free chunks */ + u_short total; /* how many chunks */ + u_short offset; /* requested size table offset */ + u_short bits[1]; /* which chunks are free */ +}; -#ifndef malloc_minsize -#define malloc_minsize 16U +struct malloc_readonly { + /* Main bookkeeping information */ + struct dir_info *malloc_pool[_MALLOC_MUTEXES]; + u_int malloc_mutexes; /* how much in actual use? */ + int malloc_mt; /* multi-threaded mode? */ + int malloc_freecheck; /* Extensive double free check */ + int malloc_freeunmap; /* mprotect free pages PROT_NONE? */ + int malloc_junk; /* junk fill? */ + int malloc_realloc; /* always realloc? */ + int malloc_xmalloc; /* xmalloc behaviour? */ + int chunk_canaries; /* use canaries after chunks? */ + int internal_funcs; /* use better recallocarray/freezero? */ + u_int malloc_cache; /* free pages we cache */ + size_t malloc_guard; /* use guard pages after allocations? */ +#ifdef MALLOC_STATS + int malloc_stats; /* dump statistics at end */ #endif + u_int32_t malloc_canary; /* Matched against ones in malloc_pool */ +}; -#ifndef malloc_pageshift -#error "malloc_pageshift undefined" -#endif +/* This object is mapped PROT_READ after initialisation to prevent tampering */ +static union { + struct malloc_readonly mopts; + u_char _pad[MALLOC_PAGESIZE]; +} malloc_readonly __attribute__((aligned(MALLOC_PAGESIZE))); +#define mopts malloc_readonly.mopts -#if !defined(malloc_pagesize) -#define malloc_pagesize (1UL<>1) +#ifdef MALLOC_STATS +void malloc_dump(int, int, struct dir_info *); +PROTO_NORMAL(malloc_dump); +void malloc_gdump(int); +PROTO_NORMAL(malloc_gdump); +static void malloc_exit(void); +#define CALLER __builtin_return_address(0) +#else +#define CALLER NULL #endif -/* A mask for the offset inside a page. */ -#define malloc_pagemask ((malloc_pagesize)-1) +/* low bits of r->p determine size: 0 means >= page size and r->size holding + * real size, otherwise low bits are a shift count, or 1 for malloc(0) + */ +#define REALSIZE(sz, r) \ + (sz) = (uintptr_t)(r)->p & MALLOC_PAGEMASK, \ + (sz) = ((sz) == 0 ? (r)->size : ((sz) == 1 ? 0 : (1 << ((sz)-1)))) -#define pageround(foo) (((foo) + (malloc_pagemask))&(~(malloc_pagemask))) -#define ptr2index(foo) (((u_long)(foo) >> malloc_pageshift)-malloc_origo) +static inline void +_MALLOC_LEAVE(struct dir_info *d) +{ + if (mopts.malloc_mt) { + d->active--; + _MALLOC_UNLOCK(d->mutex); + } +} -/* fd of /dev/zero */ -#ifdef USE_DEV_ZERO -static int fdzero; -#define MMAP_FD fdzero -#define INIT_MMAP() \ - { if ((fdzero=open("/dev/zero", O_RDWR, 0000)) == -1) \ - wrterror("open of /dev/zero"); } -#else -#define MMAP_FD (-1) -#define INIT_MMAP() +static inline void +_MALLOC_ENTER(struct dir_info *d) +{ + if (mopts.malloc_mt) { + _MALLOC_LOCK(d->mutex); + d->active++; + } +} + +static inline size_t +hash(void *p) +{ + size_t sum; + uintptr_t u; + + u = (uintptr_t)p >> MALLOC_PAGESHIFT; + sum = u; + sum = (sum << 7) - sum + (u >> 16); +#ifdef __LP64__ + sum = (sum << 7) - sum + (u >> 32); + sum = (sum << 7) - sum + (u >> 48); #endif + return sum; +} -/* Set when initialization has been done */ -static unsigned int malloc_started; +static inline struct dir_info * +getpool(void) +{ + if (!mopts.malloc_mt) + return mopts.malloc_pool[0]; + else + return mopts.malloc_pool[TIB_GET()->tib_tid & + (mopts.malloc_mutexes - 1)]; +} -/* Number of free pages we cache */ -static unsigned int malloc_cache = 16; +static __dead void +wrterror(struct dir_info *d, char *msg, ...) +{ + int saved_errno = errno; + va_list ap; -/* The offset from pagenumber to index into the page directory */ -static u_long malloc_origo; + dprintf(STDERR_FILENO, "%s(%d) in %s(): ", __progname, + getpid(), (d != NULL && d->func) ? d->func : "unknown"); + va_start(ap, msg); + vdprintf(STDERR_FILENO, msg, ap); + va_end(ap); + dprintf(STDERR_FILENO, "\n"); -/* The last index in the page directory we care about */ -static u_long last_index; +#ifdef MALLOC_STATS + if (mopts.malloc_stats) + malloc_gdump(STDERR_FILENO); +#endif /* MALLOC_STATS */ -/* Pointer to page directory. Allocated "as if with" malloc */ -static struct pginfo **page_dir; + errno = saved_errno; -/* How many slots in the page directory */ -static size_t malloc_ninfo; + abort(); +} -/* Free pages line up here */ -static struct pgfree free_list; +static void +rbytes_init(struct dir_info *d) +{ + arc4random_buf(d->rbytes, sizeof(d->rbytes)); + /* add 1 to account for using d->rbytes[0] */ + d->rbytesused = 1 + d->rbytes[0] % (sizeof(d->rbytes) / 2); +} -/* Abort(), user doesn't handle problems. */ -static int malloc_abort; +static inline u_char +getrbyte(struct dir_info *d) +{ + u_char x; -/* Are we trying to die ? */ -static int suicide; + if (d->rbytesused >= sizeof(d->rbytes)) + rbytes_init(d); + x = d->rbytes[d->rbytesused++]; + return x; +} +static void +omalloc_parseopt(char opt) +{ + switch (opt) { + case '+': + mopts.malloc_mutexes <<= 1; + if (mopts.malloc_mutexes > _MALLOC_MUTEXES) + mopts.malloc_mutexes = _MALLOC_MUTEXES; + break; + case '-': + mopts.malloc_mutexes >>= 1; + if (mopts.malloc_mutexes < 1) + mopts.malloc_mutexes = 1; + break; + case '>': + mopts.malloc_cache <<= 1; + if (mopts.malloc_cache > MALLOC_MAXCACHE) + mopts.malloc_cache = MALLOC_MAXCACHE; + break; + case '<': + mopts.malloc_cache >>= 1; + break; + case 'c': + mopts.chunk_canaries = 0; + break; + case 'C': + mopts.chunk_canaries = 1; + break; #ifdef MALLOC_STATS -/* dump statistics */ -static int malloc_stats; -#endif + case 'd': + mopts.malloc_stats = 0; + break; + case 'D': + mopts.malloc_stats = 1; + break; +#endif /* MALLOC_STATS */ + case 'f': + mopts.malloc_freecheck = 0; + mopts.malloc_freeunmap = 0; + break; + case 'F': + mopts.malloc_freecheck = 1; + mopts.malloc_freeunmap = 1; + break; + case 'g': + mopts.malloc_guard = 0; + break; + case 'G': + mopts.malloc_guard = MALLOC_PAGESIZE; + break; + case 'j': + if (mopts.malloc_junk > 0) + mopts.malloc_junk--; + break; + case 'J': + if (mopts.malloc_junk < 2) + mopts.malloc_junk++; + break; + case 'r': + mopts.malloc_realloc = 0; + break; + case 'R': + mopts.malloc_realloc = 1; + break; + case 'u': + mopts.malloc_freeunmap = 0; + break; + case 'U': + mopts.malloc_freeunmap = 1; + break; + case 'x': + mopts.malloc_xmalloc = 0; + break; + case 'X': + mopts.malloc_xmalloc = 1; + break; + default: + dprintf(STDERR_FILENO, "malloc() warning: " + "unknown char in MALLOC_OPTIONS\n"); + break; + } +} -/* avoid outputting warnings? */ -static int malloc_silent; +static void +omalloc_init(void) +{ + char *p, *q, b[16]; + int i, j, mib[2]; + size_t sb; -/* always realloc ? */ -static int malloc_realloc; + /* + * Default options + */ + mopts.malloc_mutexes = 8; + mopts.malloc_junk = 1; + mopts.malloc_cache = MALLOC_DEFAULT_CACHE; + + for (i = 0; i < 3; i++) { + switch (i) { + case 0: + mib[0] = CTL_VM; + mib[1] = VM_MALLOC_CONF; + sb = sizeof(b); + j = sysctl(mib, 2, b, &sb, NULL, 0); + if (j != 0) + continue; + p = b; + break; + case 1: + if (issetugid() == 0) + p = getenv("MALLOC_OPTIONS"); + else + continue; + break; + case 2: + p = malloc_options; + break; + default: + p = NULL; + } + + for (; p != NULL && *p != '\0'; p++) { + switch (*p) { + case 'S': + for (q = "CFGJ"; *q != '\0'; q++) + omalloc_parseopt(*q); + mopts.malloc_cache = 0; + break; + case 's': + for (q = "cfgj"; *q != '\0'; q++) + omalloc_parseopt(*q); + mopts.malloc_cache = MALLOC_DEFAULT_CACHE; + break; + default: + omalloc_parseopt(*p); + break; + } + } + } -#if defined(__FreeBSD__) || (defined(__OpenBSD__) && defined(MADV_FREE)) -/* pass the kernel a hint on free pages ? */ -static int malloc_hint; -#endif +#ifdef MALLOC_STATS + if (mopts.malloc_stats && (atexit(malloc_exit) == -1)) { + dprintf(STDERR_FILENO, "malloc() warning: atexit(2) failed." + " Will not be able to dump stats on exit\n"); + } +#endif /* MALLOC_STATS */ -/* xmalloc behaviour ? */ -static int malloc_xmalloc; + while ((mopts.malloc_canary = arc4random()) == 0) + ; +} -/* zero fill ? */ -static int malloc_zero; +static void +omalloc_poolinit(struct dir_info **dp) +{ + char *p; + size_t d_avail, regioninfo_size; + struct dir_info *d; + int i, j; -/* junk fill ? */ -static int malloc_junk; + /* + * Allocate dir_info with a guard page on either side. Also + * randomise offset inside the page at which the dir_info + * lies (subject to alignment by 1 << MALLOC_MINSHIFT) + */ + if ((p = MMAPNONE(DIR_INFO_RSZ + (MALLOC_PAGESIZE * 2))) == MAP_FAILED) + wrterror(NULL, "malloc init mmap failed"); + mprotect(p + MALLOC_PAGESIZE, DIR_INFO_RSZ, PROT_READ | PROT_WRITE); + d_avail = (DIR_INFO_RSZ - sizeof(*d)) >> MALLOC_MINSHIFT; + d = (struct dir_info *)(p + MALLOC_PAGESIZE + + (arc4random_uniform(d_avail) << MALLOC_MINSHIFT)); + + rbytes_init(d); + d->regions_free = d->regions_total = MALLOC_INITIAL_REGIONS; + regioninfo_size = d->regions_total * sizeof(struct region_info); + d->r = MMAP(regioninfo_size); + if (d->r == MAP_FAILED) { + d->regions_total = 0; + wrterror(NULL, "malloc init mmap failed"); + } + for (i = 0; i <= MALLOC_MAXSHIFT; i++) { + LIST_INIT(&d->chunk_info_list[i]); + for (j = 0; j < MALLOC_CHUNK_LISTS; j++) + LIST_INIT(&d->chunk_dir[i][j]); + } + STATS_ADD(d->malloc_used, regioninfo_size + 3 * MALLOC_PAGESIZE); + d->canary1 = mopts.malloc_canary ^ (u_int32_t)(uintptr_t)d; + d->canary2 = ~d->canary1; -#ifdef __FreeBSD__ -/* utrace ? */ -static int malloc_utrace; + *dp = d; +} -struct ut { void *p; size_t s; void *r; }; +static int +omalloc_grow(struct dir_info *d) +{ + size_t newtotal; + size_t newsize; + size_t mask; + size_t i; + struct region_info *p; + + if (d->regions_total > SIZE_MAX / sizeof(struct region_info) / 2) + return 1; + + newtotal = d->regions_total * 2; + newsize = newtotal * sizeof(struct region_info); + mask = newtotal - 1; + + p = MMAP(newsize); + if (p == MAP_FAILED) + return 1; + + STATS_ADD(d->malloc_used, newsize); + STATS_ZERO(d->inserts); + STATS_ZERO(d->insert_collisions); + for (i = 0; i < d->regions_total; i++) { + void *q = d->r[i].p; + if (q != NULL) { + size_t index = hash(q) & mask; + STATS_INC(d->inserts); + while (p[index].p != NULL) { + index = (index - 1) & mask; + STATS_INC(d->insert_collisions); + } + p[index] = d->r[i]; + } + } + /* avoid pages containing meta info to end up in cache */ + if (munmap(d->r, d->regions_total * sizeof(struct region_info))) + wrterror(d, "munmap %p", (void *)d->r); + else + STATS_SUB(d->malloc_used, + d->regions_total * sizeof(struct region_info)); + d->regions_free = d->regions_free + d->regions_total; + d->regions_total = newtotal; + d->r = p; + return 0; +} -void utrace(struct ut *, int); +/* + * The hashtable uses the assumption that p is never NULL. This holds since + * non-MAP_FIXED mappings with hint 0 start at BRKSIZ. + */ +static int +insert(struct dir_info *d, void *p, size_t sz, void *f) +{ + size_t index; + size_t mask; + void *q; -#define UTRACE(a, b, c) \ - if (malloc_utrace) \ - {struct ut u; u.p=a; u.s = b; u.r=c; utrace(&u, sizeof u);} -#else /* !__FreeBSD__ */ -#define UTRACE(a,b,c) + if (d->regions_free * 4 < d->regions_total) { + if (omalloc_grow(d)) + return 1; + } + mask = d->regions_total - 1; + index = hash(p) & mask; + q = d->r[index].p; + STATS_INC(d->inserts); + while (q != NULL) { + index = (index - 1) & mask; + q = d->r[index].p; + STATS_INC(d->insert_collisions); + } + d->r[index].p = p; + d->r[index].size = sz; +#ifdef MALLOC_STATS + d->r[index].f = f; #endif + d->regions_free--; + return 0; +} -/* my last break. */ -static void *malloc_brk; - -/* one location cache for free-list holders */ -static struct pgfree *px; - -/* compile-time options */ -char *malloc_options; +static struct region_info * +find(struct dir_info *d, void *p) +{ + size_t index; + size_t mask = d->regions_total - 1; + void *q, *r; + + if (mopts.malloc_canary != (d->canary1 ^ (u_int32_t)(uintptr_t)d) || + d->canary1 != ~d->canary2) + wrterror(d, "internal struct corrupt"); + p = MASK_POINTER(p); + index = hash(p) & mask; + r = d->r[index].p; + q = MASK_POINTER(r); + STATS_INC(d->finds); + while (q != p && r != NULL) { + index = (index - 1) & mask; + r = d->r[index].p; + q = MASK_POINTER(r); + STATS_INC(d->find_collisions); + } + return (q == p && r != NULL) ? &d->r[index] : NULL; +} -/* Name of the current public function */ -static char *malloc_func; +static void +delete(struct dir_info *d, struct region_info *ri) +{ + /* algorithm R, Knuth Vol III section 6.4 */ + size_t mask = d->regions_total - 1; + size_t i, j, r; + + if (d->regions_total & (d->regions_total - 1)) + wrterror(d, "regions_total not 2^x"); + d->regions_free++; + STATS_INC(d->deletes); + + i = ri - d->r; + for (;;) { + d->r[i].p = NULL; + d->r[i].size = 0; + j = i; + for (;;) { + i = (i - 1) & mask; + if (d->r[i].p == NULL) + return; + r = hash(d->r[i].p) & mask; + if ((i <= r && r < j) || (r < j && j < i) || + (j < i && i <= r)) + continue; + d->r[j] = d->r[i]; + STATS_INC(d->delete_moves); + break; + } -/* Macro for mmap */ -#define MMAP(size) \ - mmap((void *)0, (size), PROT_READ|PROT_WRITE, MAP_ANON|MAP_PRIVATE, \ - MMAP_FD, (off_t)0); + } +} /* - * Necessary function declarations + * Cache maintenance. We keep at most malloc_cache pages cached. + * If the cache is becoming full, unmap pages in the cache for real, + * and then add the region to the cache + * Opposed to the regular region data structure, the sizes in the + * cache are in MALLOC_PAGESIZE units. */ -static int extend_pgdir(u_long index); -static void *imalloc(size_t size); -static void ifree(void *ptr); -static void *irealloc(void *ptr, size_t size); -static void *malloc_bytes(size_t size); - -#ifdef MALLOC_STATS -void -malloc_dump(fd) - FILE *fd; +static void +unmap(struct dir_info *d, void *p, size_t sz, size_t clear, int junk) { - struct pginfo **pd; - struct pgfree *pf; - int j; + size_t psz = sz >> MALLOC_PAGESHIFT; + size_t rsz; + struct region_info *r; + u_int i, offset, mask; - pd = page_dir; + if (sz != PAGEROUND(sz)) + wrterror(d, "munmap round"); - /* print out all the pages */ - for(j=0;j<=last_index;j++) { - fprintf(fd, "%08lx %5d ", (j+malloc_origo) << malloc_pageshift, j); - if (pd[j] == MALLOC_NOT_MINE) { - for(j++;j<=last_index && pd[j] == MALLOC_NOT_MINE;j++) - ; - j--; - fprintf(fd, ".. %5d not mine\n", j); - } else if (pd[j] == MALLOC_FREE) { - for(j++;j<=last_index && pd[j] == MALLOC_FREE;j++) - ; - j--; - fprintf(fd, ".. %5d free\n", j); - } else if (pd[j] == MALLOC_FIRST) { - for(j++;j<=last_index && pd[j] == MALLOC_FOLLOW;j++) - ; - j--; - fprintf(fd, ".. %5d in use\n", j); - } else if (pd[j] < MALLOC_MAGIC) { - fprintf(fd, "(%p)\n", pd[j]); - } else { - fprintf(fd, "%p %d (of %d) x %d @ %p --> %p\n", - pd[j], pd[j]->free, pd[j]->total, - pd[j]->size, pd[j]->page, pd[j]->next); - } - } + rsz = mopts.malloc_cache - d->free_regions_size; - for(pf=free_list.next; pf; pf=pf->next) { - fprintf(fd, "Free: @%p [%p...%p[ %ld ->%p <-%p\n", - pf, pf->page, pf->end, pf->size, pf->prev, pf->next); - if (pf == pf->next) { - fprintf(fd, "Free_list loops.\n"); - break; + /* + * normally the cache holds recently freed regions, but if the region + * to unmap is larger than the cache size or we're clearing and the + * cache is full, just munmap + */ + if (psz > mopts.malloc_cache || (clear > 0 && rsz == 0)) { + i = munmap(p, sz); + if (i) + wrterror(d, "munmap %p", p); + STATS_SUB(d->malloc_used, sz); + return; } - } - - /* print out various info */ - fprintf(fd, "Minsize\t%d\n", malloc_minsize); - fprintf(fd, "Maxsize\t%d\n", malloc_maxsize); - fprintf(fd, "Pagesize\t%lu\n", (u_long)malloc_pagesize); - fprintf(fd, "Pageshift\t%d\n", malloc_pageshift); - fprintf(fd, "FirstPage\t%ld\n", malloc_origo); - fprintf(fd, "LastPage\t%ld %lx\n", last_index+malloc_pageshift, - (last_index + malloc_pageshift) << malloc_pageshift); - fprintf(fd, "Break\t%ld\n", (u_long)sbrk(0) >> malloc_pageshift); + offset = getrbyte(d); + mask = mopts.malloc_cache - 1; + if (psz > rsz) { + size_t tounmap = psz - rsz; + for (i = 0; ; i++) { + r = &d->free_regions[(i + offset) & mask]; + if (r->p != NULL) { + rsz = r->size << MALLOC_PAGESHIFT; + if (munmap(r->p, rsz)) + wrterror(d, "munmap %p", r->p); + r->p = NULL; + if (tounmap > r->size) + tounmap -= r->size; + else + tounmap = 0; + d->free_regions_size -= r->size; + STATS_SUB(d->malloc_used, rsz); + if (tounmap == 0) { + offset = i; + break; + } + } + } + } + for (i = 0; ; i++) { + r = &d->free_regions[(i + offset) & mask]; + if (r->p == NULL) { + if (clear > 0) + memset(p, 0, clear); + if (junk && !mopts.malloc_freeunmap) { + size_t amt = junk == 1 ? MALLOC_MAXCHUNK : sz; + memset(p, SOME_FREEJUNK, amt); + } + if (mopts.malloc_freeunmap) + mprotect(p, sz, PROT_NONE); + r->p = p; + r->size = psz; + d->free_regions_size += psz; + break; + } + } + if (d->free_regions_size > mopts.malloc_cache) + wrterror(d, "malloc cache overflow"); } -#endif /* MALLOC_STATS */ - -extern char *__progname; static void -wrterror(p) - char *p; +zapcacheregion(struct dir_info *d, void *p, size_t len) { - char *q = " error: "; - struct iovec iov[4]; - - iov[0].iov_base = __progname; - iov[0].iov_len = strlen(__progname); - iov[1].iov_base = malloc_func; - iov[1].iov_len = strlen(malloc_func); - iov[2].iov_base = q; - iov[2].iov_len = strlen(q); - iov[3].iov_base = p; - iov[3].iov_len = strlen(p); - writev(STDERR_FILENO, iov, 4); - - suicide = 1; -#ifdef MALLOC_STATS - if (malloc_stats) - malloc_dump(stderr); -#endif /* MALLOC_STATS */ - abort(); + u_int i; + struct region_info *r; + size_t rsz; + + for (i = 0; i < mopts.malloc_cache; i++) { + r = &d->free_regions[i]; + if (r->p >= p && r->p <= (void *)((char *)p + len)) { + rsz = r->size << MALLOC_PAGESHIFT; + if (munmap(r->p, rsz)) + wrterror(d, "munmap %p", r->p); + r->p = NULL; + d->free_regions_size -= r->size; + STATS_SUB(d->malloc_used, rsz); + } + } } -static void -wrtwarning(p) - char *p; +static void * +map(struct dir_info *d, void *hint, size_t sz, int zero_fill) { - char *q = " warning: "; - struct iovec iov[4]; - - if (malloc_abort) - wrterror(p); - else if (malloc_silent) - return; - - iov[0].iov_base = __progname; - iov[0].iov_len = strlen(__progname); - iov[1].iov_base = malloc_func; - iov[1].iov_len = strlen(malloc_func); - iov[2].iov_base = q; - iov[2].iov_len = strlen(q); - iov[3].iov_base = p; - iov[3].iov_len = strlen(p); - writev(STDERR_FILENO, iov, 4); + size_t psz = sz >> MALLOC_PAGESHIFT; + struct region_info *r, *big = NULL; + u_int i; + void *p; + + if (mopts.malloc_canary != (d->canary1 ^ (u_int32_t)(uintptr_t)d) || + d->canary1 != ~d->canary2) + wrterror(d, "internal struct corrupt"); + if (sz != PAGEROUND(sz)) + wrterror(d, "map round"); + + if (hint == NULL && psz > d->free_regions_size) { + _MALLOC_LEAVE(d); + p = MMAP(sz); + _MALLOC_ENTER(d); + if (p != MAP_FAILED) + STATS_ADD(d->malloc_used, sz); + /* zero fill not needed */ + return p; + } + for (i = 0; i < mopts.malloc_cache; i++) { + r = &d->free_regions[(i + d->rotor) & (mopts.malloc_cache - 1)]; + if (r->p != NULL) { + if (hint != NULL && r->p != hint) + continue; + if (r->size == psz) { + p = r->p; + r->p = NULL; + d->free_regions_size -= psz; + if (mopts.malloc_freeunmap) + mprotect(p, sz, PROT_READ | PROT_WRITE); + if (zero_fill) + memset(p, 0, sz); + else if (mopts.malloc_junk == 2 && + mopts.malloc_freeunmap) + memset(p, SOME_FREEJUNK, sz); + d->rotor += i + 1; + return p; + } else if (r->size > psz) + big = r; + } + } + if (big != NULL) { + r = big; + p = r->p; + r->p = (char *)r->p + (psz << MALLOC_PAGESHIFT); + if (mopts.malloc_freeunmap) + mprotect(p, sz, PROT_READ | PROT_WRITE); + r->size -= psz; + d->free_regions_size -= psz; + if (zero_fill) + memset(p, 0, sz); + else if (mopts.malloc_junk == 2 && mopts.malloc_freeunmap) + memset(p, SOME_FREEJUNK, sz); + return p; + } + if (hint != NULL) + return MAP_FAILED; + if (d->free_regions_size > mopts.malloc_cache) + wrterror(d, "malloc cache"); + _MALLOC_LEAVE(d); + p = MMAP(sz); + _MALLOC_ENTER(d); + if (p != MAP_FAILED) + STATS_ADD(d->malloc_used, sz); + /* zero fill not needed */ + return p; } -#ifdef MALLOC_STATS static void -malloc_exit() +init_chunk_info(struct dir_info *d, struct chunk_info *p, int bits) { - FILE *fd = fopen("malloc.out", "a"); - char *q = "malloc() warning: Couldn't dump stats.\n"; - if (fd) { - malloc_dump(fd); - fclose(fd); - } else - write(2, q, strlen(q)); + int i; + + if (bits == 0) { + p->shift = MALLOC_MINSHIFT; + p->total = p->free = MALLOC_PAGESIZE >> p->shift; + p->size = 0; + p->offset = 0xdead; + } else { + p->shift = bits; + p->total = p->free = MALLOC_PAGESIZE >> p->shift; + p->size = 1U << bits; + p->offset = howmany(p->total, MALLOC_BITS); + } + p->canary = (u_short)d->canary1; + + /* set all valid bits in the bitmap */ + i = p->total - 1; + memset(p->bits, 0xff, sizeof(p->bits[0]) * (i / MALLOC_BITS)); + p->bits[i / MALLOC_BITS] = (2U << (i % MALLOC_BITS)) - 1; } -#endif /* MALLOC_STATS */ +static struct chunk_info * +alloc_chunk_info(struct dir_info *d, int bits) +{ + struct chunk_info *p; + + if (LIST_EMPTY(&d->chunk_info_list[bits])) { + size_t size, count, i; + char *q; + + if (bits == 0) + count = MALLOC_PAGESIZE / MALLOC_MINSIZE; + else + count = MALLOC_PAGESIZE >> bits; + + size = howmany(count, MALLOC_BITS); + size = sizeof(struct chunk_info) + (size - 1) * sizeof(u_short); + if (mopts.chunk_canaries) + size += count * sizeof(u_short); + size = _ALIGN(size); + + q = MMAP(MALLOC_PAGESIZE); + if (q == MAP_FAILED) + return NULL; + STATS_ADD(d->malloc_used, MALLOC_PAGESIZE); + count = MALLOC_PAGESIZE / size; + + for (i = 0; i < count; i++, q += size) { + p = (struct chunk_info *)q; + LIST_INSERT_HEAD(&d->chunk_info_list[bits], p, entries); + } + } + p = LIST_FIRST(&d->chunk_info_list[bits]); + LIST_REMOVE(p, entries); + if (p->shift == 0) + init_chunk_info(d, p, bits); + return p; +} /* - * Allocate a number of pages from the OS + * Allocate a page of chunks */ -static void * -map_pages(pages) - int pages; +static struct chunk_info * +omalloc_make_chunks(struct dir_info *d, int bits, int listnum) { - caddr_t result, tail; + struct chunk_info *bp; + void *pp; - result = (caddr_t)pageround((u_long)sbrk(0)); - tail = result + (pages << malloc_pageshift); + /* Allocate a new bucket */ + pp = map(d, NULL, MALLOC_PAGESIZE, 0); + if (pp == MAP_FAILED) + return NULL; - if (brk(tail)) { -#ifdef MALLOC_EXTRA_SANITY - wrterror("(ES): map_pages fails\n"); -#endif /* MALLOC_EXTRA_SANITY */ - return 0; - } + /* memory protect the page allocated in the malloc(0) case */ + if (bits == 0 && mprotect(pp, MALLOC_PAGESIZE, PROT_NONE) < 0) + goto err; - last_index = ptr2index(tail) - 1; - malloc_brk = tail; + bp = alloc_chunk_info(d, bits); + if (bp == NULL) + goto err; + bp->page = pp; - if ((last_index+1) >= malloc_ninfo && !extend_pgdir(last_index)) - return 0; + if (insert(d, (void *)((uintptr_t)pp | (bits + 1)), (uintptr_t)bp, + NULL)) + goto err; + LIST_INSERT_HEAD(&d->chunk_dir[bits][listnum], bp, entries); + return bp; - return result; +err: + unmap(d, pp, MALLOC_PAGESIZE, 0, mopts.malloc_junk); + return NULL; } -/* - * Extend page directory - */ static int -extend_pgdir(index) - u_long index; +find_chunksize(size_t size) { - struct pginfo **new, **old; - size_t i, oldlen; - - /* Make it this many pages */ - i = index * sizeof *page_dir; - i /= malloc_pagesize; - i += 2; - - /* remember the old mapping size */ - oldlen = malloc_ninfo * sizeof *page_dir; - - /* - * NOTE: we allocate new pages and copy the directory rather than tempt - * fate by trying to "grow" the region.. There is nothing to prevent - * us from accidently re-mapping space that's been allocated by our caller - * via dlopen() or other mmap(). - * - * The copy problem is not too bad, as there is 4K of page index per - * 4MB of malloc arena. - * - * We can totally avoid the copy if we open a file descriptor to associate - * the anon mappings with. Then, when we remap the pages at the new - * address, the old pages will be "magically" remapped.. But this means - * keeping open a "secret" file descriptor..... - */ - - /* Get new pages */ - new = (struct pginfo**) MMAP(i * malloc_pagesize); - if (new == MAP_FAILED) - return 0; + int r; - /* Copy the old stuff */ - memcpy(new, page_dir, - malloc_ninfo * sizeof *page_dir); + /* malloc(0) is special */ + if (size == 0) + return 0; - /* register the new size */ - malloc_ninfo = i * malloc_pagesize / sizeof *page_dir; + if (size < MALLOC_MINSIZE) + size = MALLOC_MINSIZE; + size--; - /* swap the pointers */ - old = page_dir; - page_dir = new; + r = MALLOC_MINSHIFT; + while (size >> r) + r++; + return r; +} + +static void +fill_canary(char *ptr, size_t sz, size_t allocated) +{ + size_t check_sz = allocated - sz; - /* Now free the old stuff */ - munmap(old, oldlen); - return 1; + if (check_sz > CHUNK_CHECK_LENGTH) + check_sz = CHUNK_CHECK_LENGTH; + memset(ptr + sz, SOME_JUNK, check_sz); } /* - * Initialize the world + * Allocate a chunk */ -static void -malloc_init () +static void * +malloc_bytes(struct dir_info *d, size_t size, void *f) { - char *p, b[64]; - int i, j; - int save_errno = errno; - - THREAD_LOCK_INIT(); - - INIT_MMAP(); - -#ifdef MALLOC_EXTRA_SANITY - malloc_junk = 1; -#endif /* MALLOC_EXTRA_SANITY */ - - for (i = 0; i < 3; i++) { - if (i == 0) { - j = readlink("/etc/malloc.conf", b, sizeof b - 1); - if (j <= 0) - continue; - b[j] = '\0'; - p = b; - } else if (i == 1) { - if (issetugid() == 0) - p = getenv("MALLOC_OPTIONS"); - else - continue; - } else if (i == 2) { - p = malloc_options; - } - for (; p && *p; p++) { - switch (*p) { - case '>': malloc_cache <<= 1; break; - case '<': malloc_cache >>= 1; break; - case 'a': malloc_abort = 0; break; - case 'A': malloc_abort = 1; break; -#ifdef MALLOC_STATS - case 'd': malloc_stats = 0; break; - case 'D': malloc_stats = 1; break; -#endif /* MALLOC_STATS */ -#if defined(__FreeBSD__) || (defined(__OpenBSD__) && defined(MADV_FREE)) - case 'h': malloc_hint = 0; break; - case 'H': malloc_hint = 1; break; -#endif /* __FreeBSD__ */ - case 'r': malloc_realloc = 0; break; - case 'R': malloc_realloc = 1; break; - case 'j': malloc_junk = 0; break; - case 'J': malloc_junk = 1; break; - case 'n': malloc_silent = 0; break; - case 'N': malloc_silent = 1; break; -#ifdef __FreeBSD__ - case 'u': malloc_utrace = 0; break; - case 'U': malloc_utrace = 1; break; -#endif /* __FreeBSD__ */ - case 'x': malloc_xmalloc = 0; break; - case 'X': malloc_xmalloc = 1; break; - case 'z': malloc_zero = 0; break; - case 'Z': malloc_zero = 1; break; - default: - j = malloc_abort; - malloc_abort = 0; - wrtwarning("unknown char in MALLOC_OPTIONS\n"); - malloc_abort = j; - break; - } + u_int i, r; + int j, listnum; + size_t k; + u_short *lp; + struct chunk_info *bp; + void *p; + + if (mopts.malloc_canary != (d->canary1 ^ (u_int32_t)(uintptr_t)d) || + d->canary1 != ~d->canary2) + wrterror(d, "internal struct corrupt"); + + j = find_chunksize(size); + + r = ((u_int)getrbyte(d) << 8) | getrbyte(d); + listnum = r % MALLOC_CHUNK_LISTS; + /* If it's empty, make a page more of that size chunks */ + if ((bp = LIST_FIRST(&d->chunk_dir[j][listnum])) == NULL) { + bp = omalloc_make_chunks(d, j, listnum); + if (bp == NULL) + return NULL; } - } - UTRACE(0, 0, 0); + if (bp->canary != (u_short)d->canary1) + wrterror(d, "chunk info corrupted"); - /* - * We want junk in the entire allocation, and zero only in the part - * the user asked for. - */ - if (malloc_zero) - malloc_junk=1; + i = (r / MALLOC_CHUNK_LISTS) & (bp->total - 1); + /* start somewhere in a short */ + lp = &bp->bits[i / MALLOC_BITS]; + if (*lp) { + j = i % MALLOC_BITS; + k = ffs(*lp >> j); + if (k != 0) { + k += j - 1; + goto found; + } + } + /* no bit halfway, go to next full short */ + i /= MALLOC_BITS; + for (;;) { + if (++i >= bp->total / MALLOC_BITS) + i = 0; + lp = &bp->bits[i]; + if (*lp) { + k = ffs(*lp) - 1; + break; + } + } +found: #ifdef MALLOC_STATS - if (malloc_stats) - atexit(malloc_exit); -#endif /* MALLOC_STATS */ - - /* Allocate one page for the page directory */ - page_dir = (struct pginfo **) MMAP(malloc_pagesize); + if (i == 0 && k == 0) { + struct region_info *r = find(d, bp->page); + r->f = f; + } +#endif - if (page_dir == MAP_FAILED) - wrterror("mmap(2) failed, check limits.\n"); + *lp ^= 1 << k; - /* - * We need a maximum of malloc_pageshift buckets, steal these from the - * front of the page_directory; - */ - malloc_origo = ((u_long)pageround((u_long)sbrk(0))) >> malloc_pageshift; - malloc_origo -= malloc_pageshift; + /* If there are no more free, remove from free-list */ + if (--bp->free == 0) + LIST_REMOVE(bp, entries); - malloc_ninfo = malloc_pagesize / sizeof *page_dir; + /* Adjust to the real offset of that chunk */ + k += (lp - bp->bits) * MALLOC_BITS; - /* Been here, done that */ - malloc_started++; + if (mopts.chunk_canaries && size > 0) + bp->bits[bp->offset + k] = size; - /* Recalculate the cache size in bytes, and make sure it's nonzero */ + k <<= bp->shift; - if (!malloc_cache) - malloc_cache++; + p = (char *)bp->page + k; + if (bp->size > 0) { + if (mopts.malloc_junk == 2) + memset(p, SOME_JUNK, bp->size); + else if (mopts.chunk_canaries) + fill_canary(p, size, bp->size); + } + return p; +} - malloc_cache <<= malloc_pageshift; +static void +validate_canary(struct dir_info *d, u_char *ptr, size_t sz, size_t allocated) +{ + size_t check_sz = allocated - sz; + u_char *p, *q; + + if (check_sz > CHUNK_CHECK_LENGTH) + check_sz = CHUNK_CHECK_LENGTH; + p = ptr + sz; + q = p + check_sz; + + while (p < q) { + if (*p != SOME_JUNK) { + wrterror(d, "chunk canary corrupted %p %#tx@%#zx%s", + ptr, p - ptr, sz, + *p == SOME_FREEJUNK ? " (double free?)" : ""); + } + p++; + } +} - /* - * This is a nice hack from Kaleb Keithly (kaleb@x.org). - * We can sbrk(2) further back when we keep this on a low address. - */ - px = (struct pgfree *) imalloc (sizeof *px); - errno = save_errno; +static uint32_t +find_chunknum(struct dir_info *d, struct chunk_info *info, void *ptr, int check) +{ + uint32_t chunknum; + + if (info->canary != (u_short)d->canary1) + wrterror(d, "chunk info corrupted"); + + /* Find the chunk number on the page */ + chunknum = ((uintptr_t)ptr & MALLOC_PAGEMASK) >> info->shift; + + if ((uintptr_t)ptr & ((1U << (info->shift)) - 1)) + wrterror(d, "modified chunk-pointer %p", ptr); + if (info->bits[chunknum / MALLOC_BITS] & + (1U << (chunknum % MALLOC_BITS))) + wrterror(d, "chunk is already free %p", ptr); + if (check && info->size > 0) { + validate_canary(d, ptr, info->bits[info->offset + chunknum], + info->size); + } + return chunknum; } /* - * Allocate a number of complete pages + * Free a chunk, and possibly the page it's on, if the page becomes empty. */ -static void * -malloc_pages(size) - size_t size; +static void +free_bytes(struct dir_info *d, struct region_info *r, void *ptr) { - void *p, *delay_free = 0; - int i; - struct pgfree *pf; - u_long index; - - size = pageround(size); - - p = 0; - /* Look for free pages before asking for more */ - for(pf = free_list.next; pf; pf = pf->next) { - -#ifdef MALLOC_EXTRA_SANITY - if (pf->size & malloc_pagemask) - wrterror("(ES): junk length entry on free_list\n"); - if (!pf->size) - wrterror("(ES): zero length entry on free_list\n"); - if (pf->page == pf->end) - wrterror("(ES): zero entry on free_list\n"); - if (pf->page > pf->end) - wrterror("(ES): sick entry on free_list\n"); - if ((void*)pf->page >= (void*)sbrk(0)) - wrterror("(ES): entry on free_list past brk\n"); - if (page_dir[ptr2index(pf->page)] != MALLOC_FREE) - wrterror("(ES): non-free first page on free-list\n"); - if (page_dir[ptr2index(pf->end)-1] != MALLOC_FREE) - wrterror("(ES): non-free last page on free-list\n"); -#endif /* MALLOC_EXTRA_SANITY */ - - if (pf->size < size) - continue; - - if (pf->size == size) { - p = pf->page; - if (pf->next) - pf->next->prev = pf->prev; - pf->prev->next = pf->next; - delay_free = pf; - break; - } - - p = pf->page; - pf->page = (char *)pf->page + size; - pf->size -= size; - break; - } - -#ifdef MALLOC_EXTRA_SANITY - if (p && page_dir[ptr2index(p)] != MALLOC_FREE) - wrterror("(ES): allocated non-free page on free-list\n"); -#endif /* MALLOC_EXTRA_SANITY */ - - size >>= malloc_pageshift; - - /* Map new pages */ - if (!p) - p = map_pages(size); - - if (p) { - - index = ptr2index(p); - page_dir[index] = MALLOC_FIRST; - for (i=1;isize; + chunknum = find_chunknum(d, info, ptr, 0); + + info->bits[chunknum / MALLOC_BITS] |= 1U << (chunknum % MALLOC_BITS); + info->free++; + + if (info->free == 1) { + /* Page became non-full */ + listnum = getrbyte(d) % MALLOC_CHUNK_LISTS; + if (info->size != 0) + mp = &d->chunk_dir[info->shift][listnum]; + else + mp = &d->chunk_dir[0][listnum]; + + LIST_INSERT_HEAD(mp, info, entries); + return; + } + + if (info->free != info->total) + return; + + LIST_REMOVE(info, entries); + + if (info->size == 0 && !mopts.malloc_freeunmap) + mprotect(info->page, MALLOC_PAGESIZE, PROT_READ | PROT_WRITE); + unmap(d, info->page, MALLOC_PAGESIZE, 0, 0); + + delete(d, r); + if (info->size != 0) + mp = &d->chunk_info_list[info->shift]; else - ifree(delay_free); - } + mp = &d->chunk_info_list[0]; + LIST_INSERT_HEAD(mp, info, entries); +} + - return p; + +static void * +omalloc(struct dir_info *pool, size_t sz, int zero_fill, void *f) +{ + void *p; + size_t psz; + + if (sz > MALLOC_MAXCHUNK) { + if (sz >= SIZE_MAX - mopts.malloc_guard - MALLOC_PAGESIZE) { + errno = ENOMEM; + return NULL; + } + sz += mopts.malloc_guard; + psz = PAGEROUND(sz); + p = map(pool, NULL, psz, zero_fill); + if (p == MAP_FAILED) { + errno = ENOMEM; + return NULL; + } + if (insert(pool, p, sz, f)) { + unmap(pool, p, psz, 0, 0); + errno = ENOMEM; + return NULL; + } + if (mopts.malloc_guard) { + if (mprotect((char *)p + psz - mopts.malloc_guard, + mopts.malloc_guard, PROT_NONE)) + wrterror(pool, "mprotect"); + STATS_ADD(pool->malloc_guarded, mopts.malloc_guard); + } + + if (MALLOC_MOVE_COND(sz)) { + /* fill whole allocation */ + if (mopts.malloc_junk == 2) + memset(p, SOME_JUNK, psz - mopts.malloc_guard); + /* shift towards the end */ + p = MALLOC_MOVE(p, sz); + /* fill zeros if needed and overwritten above */ + if (zero_fill && mopts.malloc_junk == 2) + memset(p, 0, sz - mopts.malloc_guard); + } else { + if (mopts.malloc_junk == 2) { + if (zero_fill) + memset((char *)p + sz - mopts.malloc_guard, + SOME_JUNK, psz - sz); + else + memset(p, SOME_JUNK, + psz - mopts.malloc_guard); + } else if (mopts.chunk_canaries) + fill_canary(p, sz - mopts.malloc_guard, + psz - mopts.malloc_guard); + } + + } else { + /* takes care of SOME_JUNK */ + p = malloc_bytes(pool, sz, f); + if (zero_fill && p != NULL && sz > 0) + memset(p, 0, sz); + } + + return p; } /* - * Allocate a page of fragments + * Common function for handling recursion. Only + * print the error message once, to avoid making the problem + * potentially worse. */ - -static __inline__ int -malloc_make_chunks(bits) - int bits; +static void +malloc_recurse(struct dir_info *d) { - struct pginfo *bp; - void *pp; - int i, k, l; + static int noprint; - /* Allocate a new bucket */ - pp = malloc_pages((size_t)malloc_pagesize); - if (!pp) - return 0; + if (noprint == 0) { + noprint = 1; + wrterror(d, "recursive call"); + } + d->active--; + _MALLOC_UNLOCK(d->mutex); + errno = EDEADLK; +} - /* Find length of admin structure */ - l = sizeof *bp - sizeof(u_long); - l += sizeof(u_long) * - (((malloc_pagesize >> bits)+MALLOC_BITS-1) / MALLOC_BITS); - - /* Don't waste more than two chunks on this */ - /* - * If we are to allocate a memory protected page for the malloc(0) - * case (when bits=0), it must be from a different page than the - * pginfo page. - * --> Treat it like the big chunk alloc, get a second data page. - */ - if (bits != 0 && (1UL<<(bits)) <= l+l) { - bp = (struct pginfo *)pp; - } else { - bp = (struct pginfo *)imalloc(l); - if (!bp) { - ifree(pp); - return 0; - } - } - - /* memory protect the page allocated in the malloc(0) case */ - if (bits == 0) { - - bp->size = 0; - bp->shift = 1; - i = malloc_minsize-1; - while (i >>= 1) - bp->shift++; - bp->total = bp->free = malloc_pagesize >> bp->shift; - bp->page = pp; +void +_malloc_init(int from_rthreads) +{ + int i, max; + struct dir_info *d; - k = mprotect(pp, malloc_pagesize, PROT_NONE); - if (k < 0) { - ifree(pp); - ifree(bp); - return 0; + _MALLOC_LOCK(0); + if (!from_rthreads && mopts.malloc_pool[0]) { + _MALLOC_UNLOCK(0); + return; + } + if (!mopts.malloc_canary) + omalloc_init(); + + max = from_rthreads ? mopts.malloc_mutexes : 1; + if (((uintptr_t)&malloc_readonly & MALLOC_PAGEMASK) == 0) + mprotect(&malloc_readonly, sizeof(malloc_readonly), + PROT_READ | PROT_WRITE); + for (i = 0; i < max; i++) { + if (mopts.malloc_pool[i]) + continue; + omalloc_poolinit(&d); + d->mutex = i; + mopts.malloc_pool[i] = d; } - } else { - bp->size = (1UL<shift = bits; - bp->total = bp->free = malloc_pagesize >> bits; - bp->page = pp; - } - - /* set all valid bits in the bitmap */ - k = bp->total; - i = 0; - /* Do a bunch at a time */ - for(;k-i >= MALLOC_BITS; i += MALLOC_BITS) - bp->bits[i / MALLOC_BITS] = ~0UL; + if (from_rthreads) + mopts.malloc_mt = 1; + else + mopts.internal_funcs = 1; - for(; i < k; i++) - bp->bits[i/MALLOC_BITS] |= 1UL<<(i%MALLOC_BITS); + /* + * Options have been set and will never be reset. + * Prevent further tampering with them. + */ + if (((uintptr_t)&malloc_readonly & MALLOC_PAGEMASK) == 0) + mprotect(&malloc_readonly, sizeof(malloc_readonly), PROT_READ); + _MALLOC_UNLOCK(0); +} +DEF_STRONG(_malloc_init); - if (bp == bp->page) { - /* Mark the ones we stole for ourselves */ - for(i=0;l > 0;i++) { - bp->bits[i/MALLOC_BITS] &= ~(1UL<<(i%MALLOC_BITS)); - bp->free--; - bp->total--; - l -= (1 << bits); +void * +malloc(size_t size) +{ + void *r; + struct dir_info *d; + int saved_errno = errno; + + d = getpool(); + if (d == NULL) { + _malloc_init(0); + d = getpool(); } - } - - /* MALLOC_LOCK */ + _MALLOC_LOCK(d->mutex); + d->func = "malloc"; - page_dir[ptr2index(pp)] = bp; + if (d->active++) { + malloc_recurse(d); + return NULL; + } + r = omalloc(d, size, 0, CALLER); + d->active--; + _MALLOC_UNLOCK(d->mutex); + if (r == NULL && mopts.malloc_xmalloc) + wrterror(d, "out of memory"); + if (r != NULL) + errno = saved_errno; + return r; +} +/*DEF_STRONG(malloc);*/ - bp->next = page_dir[bits]; - page_dir[bits] = bp; +static void +validate_junk(struct dir_info *pool, void *p) +{ + struct region_info *r; + size_t byte, sz; + + if (p == NULL) + return; + r = find(pool, p); + if (r == NULL) + wrterror(pool, "bogus pointer in validate_junk %p", p); + REALSIZE(sz, r); + if (sz > CHUNK_CHECK_LENGTH) + sz = CHUNK_CHECK_LENGTH; + for (byte = 0; byte < sz; byte++) { + if (((unsigned char *)p)[byte] != SOME_FREEJUNK) + wrterror(pool, "use after free %p", p); + } +} - /* MALLOC_UNLOCK */ - return 1; +static struct region_info * +findpool(void *p, struct dir_info *argpool, struct dir_info **foundpool, + char **saved_function) +{ + struct dir_info *pool = argpool; + struct region_info *r = find(pool, p); + + STATS_INC(pool->pool_searches); + if (r == NULL) { + if (mopts.malloc_mt) { + int i; + + STATS_INC(pool->other_pool); + for (i = 1; i < mopts.malloc_mutexes; i++) { + int j = (argpool->mutex + i) & + (mopts.malloc_mutexes - 1); + + pool->active--; + _MALLOC_UNLOCK(pool->mutex); + pool = mopts.malloc_pool[j]; + _MALLOC_LOCK(pool->mutex); + pool->active++; + r = find(pool, p); + if (r != NULL) { + *saved_function = pool->func; + pool->func = argpool->func; + break; + } + } + } + if (r == NULL) + wrterror(argpool, "bogus pointer (double free?) %p", p); + } + *foundpool = pool; + return r; } -/* - * Allocate a fragment - */ -static void * -malloc_bytes(size) - size_t size; +static void +ofree(struct dir_info **argpool, void *p, int clear, int check, size_t argsz) { - int i,j; - u_long u; - struct pginfo *bp; - int k; - u_long *lp; - - /* Don't bother with anything less than this */ - /* unless we have a malloc(0) requests */ - if (size != 0 && size < malloc_minsize) - size = malloc_minsize; - - /* Find the right bucket */ - if (size == 0) - j=0; - else { - j = 1; - i = size-1; - while (i >>= 1) - j++; - } - - /* If it's empty, make a page more of that size chunks */ - if (!page_dir[j] && !malloc_make_chunks(j)) - return 0; + struct region_info *r; + struct dir_info *pool; + char *saved_function; + size_t sz; + + r = findpool(p, *argpool, &pool, &saved_function); + + REALSIZE(sz, r); + if (check) { + if (sz <= MALLOC_MAXCHUNK) { + if (mopts.chunk_canaries && sz > 0) { + struct chunk_info *info = + (struct chunk_info *)r->size; + uint32_t chunknum = + find_chunknum(pool, info, p, 0); + + if (info->bits[info->offset + chunknum] < argsz) + wrterror(pool, "recorded size %hu" + " < %zu", + info->bits[info->offset + chunknum], + argsz); + } else { + if (sz < argsz) + wrterror(pool, "chunk size %zu < %zu", + sz, argsz); + } + } else if (sz - mopts.malloc_guard < argsz) { + wrterror(pool, "recorded size %zu < %zu", + sz - mopts.malloc_guard, argsz); + } + } + if (sz > MALLOC_MAXCHUNK) { + if (!MALLOC_MOVE_COND(sz)) { + if (r->p != p) + wrterror(pool, "bogus pointer %p", p); + if (mopts.chunk_canaries) + validate_canary(pool, p, + sz - mopts.malloc_guard, + PAGEROUND(sz - mopts.malloc_guard)); + } else { + /* shifted towards the end */ + if (p != MALLOC_MOVE(r->p, sz)) + wrterror(pool, "bogus moved pointer %p", p); + p = r->p; + } + if (mopts.malloc_guard) { + if (sz < mopts.malloc_guard) + wrterror(pool, "guard size"); + if (!mopts.malloc_freeunmap) { + if (mprotect((char *)p + PAGEROUND(sz) - + mopts.malloc_guard, mopts.malloc_guard, + PROT_READ | PROT_WRITE)) + wrterror(pool, "mprotect"); + } + STATS_SUB(pool->malloc_guarded, mopts.malloc_guard); + } + unmap(pool, p, PAGEROUND(sz), clear ? argsz : 0, + mopts.malloc_junk); + delete(pool, r); + } else { + /* Validate and optionally canary check */ + struct chunk_info *info = (struct chunk_info *)r->size; + find_chunknum(pool, info, p, mopts.chunk_canaries); + if (!clear) { + void *tmp; + int i; + + if (mopts.malloc_freecheck) { + for (i = 0; i <= MALLOC_DELAYED_CHUNK_MASK; i++) + if (p == pool->delayed_chunks[i]) + wrterror(pool, + "double free %p", p); + } + if (mopts.malloc_junk && sz > 0) + memset(p, SOME_FREEJUNK, sz); + i = getrbyte(pool) & MALLOC_DELAYED_CHUNK_MASK; + tmp = p; + p = pool->delayed_chunks[i]; + if (tmp == p) + wrterror(pool, "double free %p", tmp); + pool->delayed_chunks[i] = tmp; + if (mopts.malloc_junk) + validate_junk(pool, p); + } else if (argsz > 0) + memset(p, 0, argsz); + if (p != NULL) { + r = find(pool, p); + if (r == NULL) + wrterror(pool, + "bogus pointer (double free?) %p", p); + free_bytes(pool, r, p); + } + } - bp = page_dir[j]; + if (*argpool != pool) { + pool->func = saved_function; + *argpool = pool; + } +} - /* Find first word of bitmap which isn't empty */ - for (lp = bp->bits; !*lp; lp++) - ; +void +free(void *ptr) +{ + struct dir_info *d; + int saved_errno = errno; + + /* This is legal. */ + if (ptr == NULL) + return; + + d = getpool(); + if (d == NULL) + wrterror(d, "free() called before allocation"); + _MALLOC_LOCK(d->mutex); + d->func = "free"; + if (d->active++) { + malloc_recurse(d); + return; + } + ofree(&d, ptr, 0, 0, 0); + d->active--; + _MALLOC_UNLOCK(d->mutex); + errno = saved_errno; +} +/*DEF_STRONG(free);*/ - /* Find that bit, and tweak it */ - u = 1; - k = 0; - while (!(*lp & u)) { - u += u; - k++; - } - *lp ^= u; +static void +freezero_p(void *ptr, size_t sz) +{ + explicit_bzero(ptr, sz); + free(ptr); +} - /* If there are no more free, remove from free-list */ - if (!--bp->free) { - page_dir[j] = bp->next; - bp->next = 0; - } +void +freezero(void *ptr, size_t sz) +{ + struct dir_info *d; + int saved_errno = errno; - /* Adjust to the real offset of that chunk */ - k += (lp-bp->bits)*MALLOC_BITS; - k <<= bp->shift; + /* This is legal. */ + if (ptr == NULL) + return; - if (malloc_junk && bp->size != 0) - memset((char *)bp->page + k, SOME_JUNK, bp->size); + if (!mopts.internal_funcs) { + freezero_p(ptr, sz); + return; + } - return (u_char *)bp->page + k; + d = getpool(); + if (d == NULL) + wrterror(d, "freezero() called before allocation"); + _MALLOC_LOCK(d->mutex); + d->func = "freezero"; + if (d->active++) { + malloc_recurse(d); + return; + } + ofree(&d, ptr, 1, 1, sz); + d->active--; + _MALLOC_UNLOCK(d->mutex); + errno = saved_errno; } +DEF_WEAK(freezero); -/* - * Allocate a piece of memory - */ static void * -imalloc(size) - size_t size; +orealloc(struct dir_info **argpool, void *p, size_t newsz, void *f) { - void *result; - - if (!malloc_started) - malloc_init(); + struct region_info *r; + struct dir_info *pool; + char *saved_function; + struct chunk_info *info; + size_t oldsz, goldsz, gnewsz; + void *q, *ret; + uint32_t chunknum; + + if (p == NULL) + return omalloc(*argpool, newsz, 0, f); + + if (newsz >= SIZE_MAX - mopts.malloc_guard - MALLOC_PAGESIZE) { + errno = ENOMEM; + return NULL; + } - if (suicide) - abort(); + r = findpool(p, *argpool, &pool, &saved_function); - if ((size + malloc_pagesize) < size) /* Check for overflow */ - result = 0; - else if (size <= malloc_maxsize) - result = malloc_bytes(size); - else - result = malloc_pages(size); + REALSIZE(oldsz, r); + if (mopts.chunk_canaries && oldsz <= MALLOC_MAXCHUNK) { + info = (struct chunk_info *)r->size; + chunknum = find_chunknum(pool, info, p, 0); + } - if (malloc_abort && !result) - wrterror("allocation failed.\n"); + goldsz = oldsz; + if (oldsz > MALLOC_MAXCHUNK) { + if (oldsz < mopts.malloc_guard) + wrterror(pool, "guard size"); + oldsz -= mopts.malloc_guard; + } - if (malloc_zero && result) - memset(result, 0, size); + gnewsz = newsz; + if (gnewsz > MALLOC_MAXCHUNK) + gnewsz += mopts.malloc_guard; + + if (newsz > MALLOC_MAXCHUNK && oldsz > MALLOC_MAXCHUNK && + !mopts.malloc_realloc) { + /* First case: from n pages sized allocation to m pages sized + allocation, m > n */ + size_t roldsz = PAGEROUND(goldsz); + size_t rnewsz = PAGEROUND(gnewsz); + + if (rnewsz > roldsz) { + /* try to extend existing region */ + if (!mopts.malloc_guard) { + void *hint = (char *)r->p + roldsz; + size_t needed = rnewsz - roldsz; + + STATS_INC(pool->cheap_realloc_tries); + q = map(pool, hint, needed, 0); + if (q == hint) + goto gotit; + zapcacheregion(pool, hint, needed); + q = MQUERY(hint, needed); + if (q == hint) + q = MMAPA(hint, needed); + else + q = MAP_FAILED; + if (q == hint) { +gotit: + STATS_ADD(pool->malloc_used, needed); + if (mopts.malloc_junk == 2) + memset(q, SOME_JUNK, needed); + r->size = gnewsz; + if (r->p != p) { + /* old pointer is moved */ + memmove(r->p, p, oldsz); + p = r->p; + } + if (mopts.chunk_canaries) + fill_canary(p, newsz, + PAGEROUND(newsz)); + STATS_SETF(r, f); + STATS_INC(pool->cheap_reallocs); + ret = p; + goto done; + } else if (q != MAP_FAILED) { + if (munmap(q, needed)) + wrterror(pool, "munmap %p", q); + } + } + } else if (rnewsz < roldsz) { + /* shrink number of pages */ + if (mopts.malloc_guard) { + if (mprotect((char *)r->p + roldsz - + mopts.malloc_guard, mopts.malloc_guard, + PROT_READ | PROT_WRITE)) + wrterror(pool, "mprotect"); + if (mprotect((char *)r->p + rnewsz - + mopts.malloc_guard, mopts.malloc_guard, + PROT_NONE)) + wrterror(pool, "mprotect"); + } + unmap(pool, (char *)r->p + rnewsz, roldsz - rnewsz, 0, + mopts.malloc_junk); + r->size = gnewsz; + if (MALLOC_MOVE_COND(gnewsz)) { + void *pp = MALLOC_MOVE(r->p, gnewsz); + memmove(pp, p, newsz); + p = pp; + } else if (mopts.chunk_canaries) + fill_canary(p, newsz, PAGEROUND(newsz)); + STATS_SETF(r, f); + ret = p; + goto done; + } else { + /* number of pages remains the same */ + void *pp = r->p; + + r->size = gnewsz; + if (MALLOC_MOVE_COND(gnewsz)) + pp = MALLOC_MOVE(r->p, gnewsz); + if (p != pp) { + memmove(pp, p, oldsz < newsz ? oldsz : newsz); + p = pp; + } + if (p == r->p) { + if (newsz > oldsz && mopts.malloc_junk == 2) + memset((char *)p + newsz, SOME_JUNK, + rnewsz - mopts.malloc_guard - + newsz); + if (mopts.chunk_canaries) + fill_canary(p, newsz, PAGEROUND(newsz)); + } + STATS_SETF(r, f); + ret = p; + goto done; + } + } + if (oldsz <= MALLOC_MAXCHUNK && oldsz > 0 && + newsz <= MALLOC_MAXCHUNK && newsz > 0 && + 1 << find_chunksize(newsz) == oldsz && !mopts.malloc_realloc) { + /* do not reallocate if new size fits good in existing chunk */ + if (mopts.malloc_junk == 2) + memset((char *)p + newsz, SOME_JUNK, oldsz - newsz); + if (mopts.chunk_canaries) { + info->bits[info->offset + chunknum] = newsz; + fill_canary(p, newsz, info->size); + } + STATS_SETF(r, f); + ret = p; + } else if (newsz != oldsz || mopts.malloc_realloc) { + /* create new allocation */ + q = omalloc(pool, newsz, 0, f); + if (q == NULL) { + ret = NULL; + goto done; + } + if (newsz != 0 && oldsz != 0) + memcpy(q, p, oldsz < newsz ? oldsz : newsz); + ofree(&pool, p, 0, 0, 0); + ret = q; + } else { + /* oldsz == newsz */ + if (newsz != 0) + wrterror(pool, "realloc internal inconsistency"); + STATS_SETF(r, f); + ret = p; + } +done: + if (*argpool != pool) { + pool->func = saved_function; + *argpool = pool; + } + return ret; +} - return result; +void * +realloc(void *ptr, size_t size) +{ + struct dir_info *d; + void *r; + int saved_errno = errno; + + d = getpool(); + if (d == NULL) { + _malloc_init(0); + d = getpool(); + } + _MALLOC_LOCK(d->mutex); + d->func = "realloc"; + if (d->active++) { + malloc_recurse(d); + return NULL; + } + r = orealloc(&d, ptr, size, CALLER); + + d->active--; + _MALLOC_UNLOCK(d->mutex); + if (r == NULL && mopts.malloc_xmalloc) + wrterror(d, "out of memory"); + if (r != NULL) + errno = saved_errno; + return r; } +/*DEF_STRONG(realloc);*/ + /* - * Change the size of an allocation. + * This is sqrt(SIZE_MAX+1), as s1*s2 <= SIZE_MAX + * if both s1 < MUL_NO_OVERFLOW and s2 < MUL_NO_OVERFLOW */ -static void * -irealloc(ptr, size) - void *ptr; - size_t size; +#define MUL_NO_OVERFLOW (1UL << (sizeof(size_t) * 4)) + +void * +calloc(size_t nmemb, size_t size) { - void *p; - u_long osize, index; - struct pginfo **mp; - int i; + struct dir_info *d; + void *r; + int saved_errno = errno; + + d = getpool(); + if (d == NULL) { + _malloc_init(0); + d = getpool(); + } + _MALLOC_LOCK(d->mutex); + d->func = "calloc"; + if ((nmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) && + nmemb > 0 && SIZE_MAX / nmemb < size) { + _MALLOC_UNLOCK(d->mutex); + if (mopts.malloc_xmalloc) + wrterror(d, "out of memory"); + errno = ENOMEM; + return NULL; + } - if (suicide) - abort(); + if (d->active++) { + malloc_recurse(d); + return NULL; + } - if (!malloc_started) { - wrtwarning("malloc() has never been called.\n"); - return 0; - } + size *= nmemb; + r = omalloc(d, size, 1, CALLER); - index = ptr2index(ptr); + d->active--; + _MALLOC_UNLOCK(d->mutex); + if (r == NULL && mopts.malloc_xmalloc) + wrterror(d, "out of memory"); + if (r != NULL) + errno = saved_errno; + return r; +} +/*DEF_STRONG(calloc);*/ - if (index < malloc_pageshift) { - wrtwarning("junk pointer, too low to make sense.\n"); - return 0; - } +static void * +orecallocarray(struct dir_info **argpool, void *p, size_t oldsize, + size_t newsize, void *f) +{ + struct region_info *r; + struct dir_info *pool; + char *saved_function; + void *newptr; + size_t sz; + + if (p == NULL) + return omalloc(*argpool, newsize, 1, f); + + if (oldsize == newsize) + return p; + + r = findpool(p, *argpool, &pool, &saved_function); + + REALSIZE(sz, r); + if (sz <= MALLOC_MAXCHUNK) { + if (mopts.chunk_canaries && sz > 0) { + struct chunk_info *info = (struct chunk_info *)r->size; + uint32_t chunknum = find_chunknum(pool, info, p, 0); + + if (info->bits[info->offset + chunknum] != oldsize) + wrterror(pool, "recorded old size %hu != %zu", + info->bits[info->offset + chunknum], + oldsize); + } + } else if (oldsize != sz - mopts.malloc_guard) + wrterror(pool, "recorded old size %zu != %zu", + sz - mopts.malloc_guard, oldsize); + + newptr = omalloc(pool, newsize, 0, f); + if (newptr == NULL) + goto done; + + if (newsize > oldsize) { + memcpy(newptr, p, oldsize); + memset((char *)newptr + oldsize, 0, newsize - oldsize); + } else + memcpy(newptr, p, newsize); + + ofree(&pool, p, 1, 0, oldsize); + +done: + if (*argpool != pool) { + pool->func = saved_function; + *argpool = pool; + } - if (index > last_index) { - wrtwarning("junk pointer, too high to make sense.\n"); - return 0; - } + return newptr; +} - mp = &page_dir[index]; +static void * +recallocarray_p(void *ptr, size_t oldnmemb, size_t newnmemb, size_t size) +{ + size_t oldsize, newsize; + void *newptr; - if (*mp == MALLOC_FIRST) { /* Page allocation */ + if (ptr == NULL) + return calloc(newnmemb, size); - /* Check the pointer */ - if ((u_long)ptr & malloc_pagemask) { - wrtwarning("modified (page-) pointer.\n"); - return 0; + if ((newnmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) && + newnmemb > 0 && SIZE_MAX / newnmemb < size) { + errno = ENOMEM; + return NULL; } + newsize = newnmemb * size; - /* Find the size in bytes */ - for (osize = malloc_pagesize; *++mp == MALLOC_FOLLOW;) - osize += malloc_pagesize; - - if (!malloc_realloc && /* unless we have to, */ - size <= osize && /* .. or are too small, */ - size > (osize - malloc_pagesize)) { /* .. or can free a page, */ - return ptr; /* don't do anything. */ + if ((oldnmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) && + oldnmemb > 0 && SIZE_MAX / oldnmemb < size) { + errno = EINVAL; + return NULL; } + oldsize = oldnmemb * size; - } else if (*mp >= MALLOC_MAGIC) { /* Chunk allocation */ + /* + * Don't bother too much if we're shrinking just a bit, + * we do not shrink for series of small steps, oh well. + */ + if (newsize <= oldsize) { + size_t d = oldsize - newsize; - /* Check the pointer for sane values */ - if ((u_long)ptr & ((1UL<<((*mp)->shift))-1)) { - wrtwarning("modified (chunk-) pointer.\n"); - return 0; + if (d < oldsize / 2 && d < MALLOC_PAGESIZE) { + memset((char *)ptr + newsize, 0, d); + return ptr; + } } - /* Find the chunk index in the page */ - i = ((u_long)ptr & malloc_pagemask) >> (*mp)->shift; + newptr = malloc(newsize); + if (newptr == NULL) + return NULL; - /* Verify that it isn't a free chunk already */ - if ((*mp)->bits[i/MALLOC_BITS] & (1UL<<(i%MALLOC_BITS))) { - wrtwarning("chunk is already free.\n"); - return 0; + if (newsize > oldsize) { + memcpy(newptr, ptr, oldsize); + memset((char *)newptr + oldsize, 0, newsize - oldsize); + } else + memcpy(newptr, ptr, newsize); + + explicit_bzero(ptr, oldsize); + free(ptr); + + return newptr; +} + +void * +recallocarray(void *ptr, size_t oldnmemb, size_t newnmemb, size_t size) +{ + struct dir_info *d; + size_t oldsize = 0, newsize; + void *r; + int saved_errno = errno; + + if (!mopts.internal_funcs) + return recallocarray_p(ptr, oldnmemb, newnmemb, size); + + d = getpool(); + if (d == NULL) { + _malloc_init(0); + d = getpool(); } - osize = (*mp)->size; + _MALLOC_LOCK(d->mutex); + d->func = "recallocarray"; - if (!malloc_realloc && /* Unless we have to, */ - size < osize && /* ..or are too small, */ - (size > osize/2 || /* ..or could use a smaller size, */ - osize == malloc_minsize)) { /* ..(if there is one) */ - return ptr; /* ..Don't do anything */ + if ((newnmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) && + newnmemb > 0 && SIZE_MAX / newnmemb < size) { + _MALLOC_UNLOCK(d->mutex); + if (mopts.malloc_xmalloc) + wrterror(d, "out of memory"); + errno = ENOMEM; + return NULL; + } + newsize = newnmemb * size; + + if (ptr != NULL) { + if ((oldnmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) && + oldnmemb > 0 && SIZE_MAX / oldnmemb < size) { + _MALLOC_UNLOCK(d->mutex); + errno = EINVAL; + return NULL; + } + oldsize = oldnmemb * size; } - } else { - wrtwarning("pointer to wrong page.\n"); - return 0; - } - - p = imalloc(size); - - if (p) { - /* copy the lesser of the two sizes, and free the old one */ - /* Don't move from/to 0 sized region !!! */ - if (osize != 0 && size != 0) { - if (osize < size) - memcpy(p, ptr, osize); - else - memcpy(p, ptr, size); - } - ifree(ptr); - } - return p; + if (d->active++) { + malloc_recurse(d); + return NULL; + } + + r = orecallocarray(&d, ptr, oldsize, newsize, CALLER); + + d->active--; + _MALLOC_UNLOCK(d->mutex); + if (r == NULL && mopts.malloc_xmalloc) + wrterror(d, "out of memory"); + if (r != NULL) + errno = saved_errno; + return r; } +DEF_WEAK(recallocarray); -/* - * Free a sequence of pages - */ -static __inline__ void -free_pages(ptr, index, info) - void *ptr; - int index; - struct pginfo *info; +static void * +mapalign(struct dir_info *d, size_t alignment, size_t sz, int zero_fill) { - int i; - struct pgfree *pf, *pt=0; - u_long l; - void *tail; - - if (info == MALLOC_FREE) { - wrtwarning("page is already free.\n"); - return; - } - - if (info != MALLOC_FIRST) { - wrtwarning("pointer to wrong page.\n"); - return; - } - - if ((u_long)ptr & malloc_pagemask) { - wrtwarning("modified (page-) pointer.\n"); - return; - } - - /* Count how many pages and mark them free at the same time */ - page_dir[index] = MALLOC_FREE; - for (i = 1; page_dir[index+i] == MALLOC_FOLLOW; i++) - page_dir[index + i] = MALLOC_FREE; - - l = i << malloc_pageshift; - - if (malloc_junk) - memset(ptr, SOME_JUNK, l); - -#if defined(__FreeBSD__) || (defined(__OpenBSD__) && defined(MADV_FREE)) - if (malloc_hint) - madvise(ptr, l, MADV_FREE); -#endif + char *p, *q; - tail = (char *)ptr+l; - - /* add to free-list */ - if (!px) - px = imalloc(sizeof *px); /* This cannot fail... */ - px->page = ptr; - px->end = tail; - px->size = l; - if (!free_list.next) { - - /* Nothing on free list, put this at head */ - px->next = free_list.next; - px->prev = &free_list; - free_list.next = px; - pf = px; - px = 0; - - } else { - - /* Find the right spot, leave pf pointing to the modified entry. */ - tail = (char *)ptr+l; - - for(pf = free_list.next; pf->end < ptr && pf->next; pf = pf->next) - ; /* Race ahead here */ - - if (pf->page > tail) { - /* Insert before entry */ - px->next = pf; - px->prev = pf->prev; - pf->prev = px; - px->prev->next = px; - pf = px; - px = 0; - } else if (pf->end == ptr ) { - /* Append to the previous entry */ - pf->end = (char *)pf->end + l; - pf->size += l; - if (pf->next && pf->end == pf->next->page ) { - /* And collapse the next too. */ - pt = pf->next; - pf->end = pt->end; - pf->size += pt->size; - pf->next = pt->next; - if (pf->next) - pf->next->prev = pf; - } - } else if (pf->page == tail) { - /* Prepend to entry */ - pf->size += l; - pf->page = ptr; - } else if (!pf->next) { - /* Append at tail of chain */ - px->next = 0; - px->prev = pf; - pf->next = px; - pf = px; - px = 0; - } else { - wrterror("freelist is destroyed.\n"); + if (alignment < MALLOC_PAGESIZE || ((alignment - 1) & alignment) != 0) + wrterror(d, "mapalign bad alignment"); + if (sz != PAGEROUND(sz)) + wrterror(d, "mapalign round"); + + /* Allocate sz + alignment bytes of memory, which must include a + * subrange of size bytes that is properly aligned. Unmap the + * other bytes, and then return that subrange. + */ + + /* We need sz + alignment to fit into a size_t. */ + if (alignment > SIZE_MAX - sz) + return MAP_FAILED; + + p = map(d, NULL, sz + alignment, zero_fill); + if (p == MAP_FAILED) + return MAP_FAILED; + q = (char *)(((uintptr_t)p + alignment - 1) & ~(alignment - 1)); + if (q != p) { + if (munmap(p, q - p)) + wrterror(d, "munmap %p", p); } - } + if (munmap(q + sz, alignment - (q - p))) + wrterror(d, "munmap %p", q + sz); + STATS_SUB(d->malloc_used, alignment); - /* Return something to OS ? */ - if (!pf->next && /* If we're the last one, */ - pf->size > malloc_cache && /* ..and the cache is full, */ - pf->end == malloc_brk && /* ..and none behind us, */ - malloc_brk == sbrk(0)) { /* ..and it's OK to do... */ + return q; +} - /* - * Keep the cache intact. Notice that the '>' above guarantees that - * the pf will always have at least one page afterwards. - */ - pf->end = (char *)pf->page + malloc_cache; - pf->size = malloc_cache; +static void * +omemalign(struct dir_info *pool, size_t alignment, size_t sz, int zero_fill, + void *f) +{ + size_t psz; + void *p; + + /* If between half a page and a page, avoid MALLOC_MOVE. */ + if (sz > MALLOC_MAXCHUNK && sz < MALLOC_PAGESIZE) + sz = MALLOC_PAGESIZE; + if (alignment <= MALLOC_PAGESIZE) { + /* + * max(size, alignment) is enough to assure the requested + * alignment, since the allocator always allocates + * power-of-two blocks. + */ + if (sz < alignment) + sz = alignment; + return omalloc(pool, sz, zero_fill, f); + } - brk(pf->end); - malloc_brk = pf->end; + if (sz >= SIZE_MAX - mopts.malloc_guard - MALLOC_PAGESIZE) { + errno = ENOMEM; + return NULL; + } - index = ptr2index(pf->end); - last_index = index - 1; + sz += mopts.malloc_guard; + psz = PAGEROUND(sz); - for(i=index;i <= last_index;) - page_dir[i++] = MALLOC_NOT_MINE; + p = mapalign(pool, alignment, psz, zero_fill); + if (p == MAP_FAILED) { + errno = ENOMEM; + return NULL; + } - /* XXX: We could realloc/shrink the pagedir here I guess. */ - } - if (pt) - ifree(pt); -} + if (insert(pool, p, sz, f)) { + unmap(pool, p, psz, 0, 0); + errno = ENOMEM; + return NULL; + } -/* - * Free a chunk, and possibly the page it's on, if the page becomes empty. - */ + if (mopts.malloc_guard) { + if (mprotect((char *)p + psz - mopts.malloc_guard, + mopts.malloc_guard, PROT_NONE)) + wrterror(pool, "mprotect"); + STATS_ADD(pool->malloc_guarded, mopts.malloc_guard); + } + + if (mopts.malloc_junk == 2) { + if (zero_fill) + memset((char *)p + sz - mopts.malloc_guard, + SOME_JUNK, psz - sz); + else + memset(p, SOME_JUNK, psz - mopts.malloc_guard); + } else if (mopts.chunk_canaries) + fill_canary(p, sz - mopts.malloc_guard, + psz - mopts.malloc_guard); + + return p; +} -/* ARGSUSED */ -static __inline__ void -free_bytes(ptr, index, info) - void *ptr; - int index; - struct pginfo *info; +int +posix_memalign(void **memptr, size_t alignment, size_t size) { - int i; - struct pginfo **mp; - void *vp; - - /* Find the chunk number on the page */ - i = ((u_long)ptr & malloc_pagemask) >> info->shift; - - if ((u_long)ptr & ((1UL<<(info->shift))-1)) { - wrtwarning("modified (chunk-) pointer.\n"); - return; - } - - if (info->bits[i/MALLOC_BITS] & (1UL<<(i%MALLOC_BITS))) { - wrtwarning("chunk is already free.\n"); - return; - } - - if (malloc_junk && info->size != 0) - memset(ptr, SOME_JUNK, info->size); - - info->bits[i/MALLOC_BITS] |= 1UL<<(i%MALLOC_BITS); - info->free++; - - if (info->size != 0) - mp = page_dir + info->shift; - else - mp = page_dir; - - if (info->free == 1) { - - /* Page became non-full */ - - /* Insert in address order */ - while (*mp && (*mp)->next && (*mp)->next->page < info->page) - mp = &(*mp)->next; - info->next = *mp; - *mp = info; - return; - } - - if (info->free != info->total) - return; - - /* Find & remove this page in the queue */ - while (*mp != info) { - mp = &((*mp)->next); -#ifdef MALLOC_EXTRA_SANITY - if (!*mp) - wrterror("(ES): Not on queue\n"); -#endif /* MALLOC_EXTRA_SANITY */ - } - *mp = info->next; - - /* Free the page & the info structure if need be */ - page_dir[ptr2index(info->page)] = MALLOC_FIRST; - - /* If the page was mprotected, unprotect it before releasing it */ - if (info->size == 0) { - mprotect(info->page, malloc_pagesize, PROT_READ|PROT_WRITE); - /* Do we have to care if mprotect succeeds here ? */ - } - - vp = info->page; /* Order is important ! */ - if(vp != (void*)info) - ifree(info); - ifree(vp); + struct dir_info *d; + int res, saved_errno = errno; + void *r; + + /* Make sure that alignment is a large enough power of 2. */ + if (((alignment - 1) & alignment) != 0 || alignment < sizeof(void *)) + return EINVAL; + + d = getpool(); + if (d == NULL) { + _malloc_init(0); + d = getpool(); + } + _MALLOC_LOCK(d->mutex); + d->func = "posix_memalign"; + if (d->active++) { + malloc_recurse(d); + goto err; + } + r = omemalign(d, alignment, size, 0, CALLER); + d->active--; + _MALLOC_UNLOCK(d->mutex); + if (r == NULL) { + if (mopts.malloc_xmalloc) + wrterror(d, "out of memory"); + goto err; + } + errno = saved_errno; + *memptr = r; + return 0; + +err: + res = errno; + errno = saved_errno; + return res; } +/*DEF_STRONG(posix_memalign);*/ -static void -ifree(ptr) - void *ptr; +void * +aligned_alloc(size_t alignment, size_t size) { - struct pginfo *info; - int index; + struct dir_info *d; + int saved_errno = errno; + void *r; + + /* Make sure that alignment is a positive power of 2. */ + if (((alignment - 1) & alignment) != 0 || alignment == 0) { + errno = EINVAL; + return NULL; + }; + /* Per spec, size should be a multiple of alignment */ + if ((size & (alignment - 1)) != 0) { + errno = EINVAL; + return NULL; + } - /* This is legal */ - if (!ptr) - return; + d = getpool(); + if (d == NULL) { + _malloc_init(0); + d = getpool(); + } + _MALLOC_LOCK(d->mutex); + d->func = "aligned_alloc"; + if (d->active++) { + malloc_recurse(d); + return NULL; + } + r = omemalign(d, alignment, size, 0, CALLER); + d->active--; + _MALLOC_UNLOCK(d->mutex); + if (r == NULL) { + if (mopts.malloc_xmalloc) + wrterror(d, "out of memory"); + return NULL; + } + errno = saved_errno; + return r; +} +/*DEF_STRONG(aligned_alloc);*/ - if (!malloc_started) { - wrtwarning("malloc() has never been called.\n"); - return; - } +#ifdef MALLOC_STATS - /* If we're already sinking, don't make matters any worse. */ - if (suicide) - return; +struct malloc_leak { + void *f; + size_t total_size; + int count; +}; - index = ptr2index(ptr); +struct leaknode { + RBT_ENTRY(leaknode) entry; + struct malloc_leak d; +}; - if (index < malloc_pageshift) { - wrtwarning("junk pointer, too low to make sense.\n"); - return; - } +static inline int +leakcmp(const struct leaknode *e1, const struct leaknode *e2) +{ + return e1->d.f < e2->d.f ? -1 : e1->d.f > e2->d.f; +} - if (index > last_index) { - wrtwarning("junk pointer, too high to make sense.\n"); - return; - } +static RBT_HEAD(leaktree, leaknode) leakhead; +RBT_PROTOTYPE(leaktree, leaknode, entry, leakcmp); +RBT_GENERATE(leaktree, leaknode, entry, leakcmp); - info = page_dir[index]; +static void +putleakinfo(void *f, size_t sz, int cnt) +{ + struct leaknode key, *p; + static struct leaknode *page; + static int used; + + if (cnt == 0 || page == MAP_FAILED) + return; + + key.d.f = f; + p = RBT_FIND(leaktree, &leakhead, &key); + if (p == NULL) { + if (page == NULL || + used >= MALLOC_PAGESIZE / sizeof(struct leaknode)) { + page = MMAP(MALLOC_PAGESIZE); + if (page == MAP_FAILED) + return; + used = 0; + } + p = &page[used++]; + p->d.f = f; + p->d.total_size = sz * cnt; + p->d.count = cnt; + RBT_INSERT(leaktree, &leakhead, p); + } else { + p->d.total_size += sz * cnt; + p->d.count += cnt; + } +} - if (info < MALLOC_MAGIC) - free_pages(ptr, index, info); - else - free_bytes(ptr, index, info); - return; +static struct malloc_leak *malloc_leaks; + +static void +dump_leaks(int fd) +{ + struct leaknode *p; + int i = 0; + + dprintf(fd, "Leak report\n"); + dprintf(fd, " f sum # avg\n"); + /* XXX only one page of summary */ + if (malloc_leaks == NULL) + malloc_leaks = MMAP(MALLOC_PAGESIZE); + if (malloc_leaks != MAP_FAILED) + memset(malloc_leaks, 0, MALLOC_PAGESIZE); + RBT_FOREACH(p, leaktree, &leakhead) { + dprintf(fd, "%18p %7zu %6u %6zu\n", p->d.f, + p->d.total_size, p->d.count, p->d.total_size / p->d.count); + if (malloc_leaks == MAP_FAILED || + i >= MALLOC_PAGESIZE / sizeof(struct malloc_leak)) + continue; + malloc_leaks[i].f = p->d.f; + malloc_leaks[i].total_size = p->d.total_size; + malloc_leaks[i].count = p->d.count; + i++; + } } -/* - * These are the public exported interface routines. - */ +static void +dump_chunk(int fd, struct chunk_info *p, void *f, int fromfreelist) +{ + while (p != NULL) { + dprintf(fd, "chunk %18p %18p %4d %d/%d\n", + p->page, ((p->bits[0] & 1) ? NULL : f), + p->size, p->free, p->total); + if (!fromfreelist) { + if (p->bits[0] & 1) + putleakinfo(NULL, p->size, p->total - p->free); + else { + putleakinfo(f, p->size, 1); + putleakinfo(NULL, p->size, + p->total - p->free - 1); + } + break; + } + p = LIST_NEXT(p, entries); + if (p != NULL) + dprintf(fd, " "); + } +} + +static void +dump_free_chunk_info(int fd, struct dir_info *d) +{ + int i, j, count; + struct chunk_info *p; + + dprintf(fd, "Free chunk structs:\n"); + for (i = 0; i <= MALLOC_MAXSHIFT; i++) { + count = 0; + LIST_FOREACH(p, &d->chunk_info_list[i], entries) + count++; + for (j = 0; j < MALLOC_CHUNK_LISTS; j++) { + p = LIST_FIRST(&d->chunk_dir[i][j]); + if (p == NULL && count == 0) + continue; + dprintf(fd, "%2d) %3d ", i, count); + if (p != NULL) + dump_chunk(fd, p, NULL, 1); + else + dprintf(fd, "\n"); + } + } -static int malloc_active; +} -void * -malloc(size_t size) +static void +dump_free_page_info(int fd, struct dir_info *d) { - register void *r; - - malloc_func = " in malloc():"; - THREAD_LOCK(); - if (malloc_active++) { - wrtwarning("recursive call.\n"); - malloc_active--; - THREAD_UNLOCK(); - return (0); - } - r = imalloc(size); - UTRACE(0, size, r); - malloc_active--; - THREAD_UNLOCK(); - if (malloc_xmalloc && !r) - wrterror("out of memory.\n"); - return (r); + int i; + + dprintf(fd, "Free pages cached: %zu\n", d->free_regions_size); + for (i = 0; i < mopts.malloc_cache; i++) { + if (d->free_regions[i].p != NULL) { + dprintf(fd, "%2d) ", i); + dprintf(fd, "free at %p: %zu\n", + d->free_regions[i].p, d->free_regions[i].size); + } + } +} + +static void +malloc_dump1(int fd, int poolno, struct dir_info *d) +{ + size_t i, realsize; + + dprintf(fd, "Malloc dir of %s pool %d at %p\n", __progname, poolno, d); + if (d == NULL) + return; + dprintf(fd, "Region slots free %zu/%zu\n", + d->regions_free, d->regions_total); + dprintf(fd, "Finds %zu/%zu\n", d->finds, d->find_collisions); + dprintf(fd, "Inserts %zu/%zu\n", d->inserts, d->insert_collisions); + dprintf(fd, "Deletes %zu/%zu\n", d->deletes, d->delete_moves); + dprintf(fd, "Cheap reallocs %zu/%zu\n", + d->cheap_reallocs, d->cheap_realloc_tries); + dprintf(fd, "Other pool searches %zu/%zu\n", + d->other_pool, d->pool_searches); + dprintf(fd, "In use %zu\n", d->malloc_used); + dprintf(fd, "Guarded %zu\n", d->malloc_guarded); + dump_free_chunk_info(fd, d); + dump_free_page_info(fd, d); + dprintf(fd, + "slot) hash d type page f size [free/n]\n"); + for (i = 0; i < d->regions_total; i++) { + if (d->r[i].p != NULL) { + size_t h = hash(d->r[i].p) & + (d->regions_total - 1); + dprintf(fd, "%4zx) #%4zx %zd ", + i, h, h - i); + REALSIZE(realsize, &d->r[i]); + if (realsize > MALLOC_MAXCHUNK) { + putleakinfo(d->r[i].f, realsize, 1); + dprintf(fd, + "pages %18p %18p %zu\n", d->r[i].p, + d->r[i].f, realsize); + } else + dump_chunk(fd, + (struct chunk_info *)d->r[i].size, + d->r[i].f, 0); + } + } + dump_leaks(fd); + dprintf(fd, "\n"); } void -free(void *ptr) +malloc_dump(int fd, int poolno, struct dir_info *pool) { - malloc_func = " in free():"; - THREAD_LOCK(); - if (malloc_active++) { - wrtwarning("recursive call.\n"); - malloc_active--; - THREAD_UNLOCK(); - return; - } - ifree(ptr); - UTRACE(ptr, 0, 0); - malloc_active--; - THREAD_UNLOCK(); - return; + int i; + void *p; + struct region_info *r; + int saved_errno = errno; + + if (pool == NULL) + return; + for (i = 0; i < MALLOC_DELAYED_CHUNK_MASK + 1; i++) { + p = pool->delayed_chunks[i]; + if (p == NULL) + continue; + r = find(pool, p); + if (r == NULL) + wrterror(pool, "bogus pointer in malloc_dump %p", p); + free_bytes(pool, r, p); + pool->delayed_chunks[i] = NULL; + } + /* XXX leak when run multiple times */ + RBT_INIT(leaktree, &leakhead); + malloc_dump1(fd, poolno, pool); + errno = saved_errno; } +DEF_WEAK(malloc_dump); -void * -realloc(void *ptr, size_t size) +void +malloc_gdump(int fd) +{ + int i; + int saved_errno = errno; + + for (i = 0; i < mopts.malloc_mutexes; i++) + malloc_dump(fd, i, mopts.malloc_pool[i]); + + errno = saved_errno; +} +DEF_WEAK(malloc_gdump); + +static void +malloc_exit(void) { - register void *r; - - malloc_func = " in realloc():"; - THREAD_LOCK(); - if (malloc_active++) { - wrtwarning("recursive call.\n"); - malloc_active--; - THREAD_UNLOCK(); - return (0); - } - if (!ptr) { - r = imalloc(size); - } else { - r = irealloc(ptr, size); - } - UTRACE(ptr, size, r); - malloc_active--; - THREAD_UNLOCK(); - if (malloc_xmalloc && !r) - wrterror("out of memory.\n"); - return (r); + int save_errno = errno, fd, i; + + fd = open("malloc.out", O_RDWR|O_APPEND); + if (fd != -1) { + dprintf(fd, "******** Start dump %s *******\n", __progname); + dprintf(fd, + "MT=%d M=%u I=%d F=%d U=%d J=%d R=%d X=%d C=%d cache=%u G=%zu\n", + mopts.malloc_mt, mopts.mallloc_mutexes, + mopts.internal_funcs, mopts.malloc_freecheck, + mopts.malloc_freeunmap, mopts.malloc_junk, + mopts.malloc_realloc, mopts.malloc_xmalloc, + mopts.chunk_canaries, mopts.malloc_cache, + mopts.malloc_guard); + + for (i = 0; i < mopts.malloc_mutexes; i++) + malloc_dump(fd, i, mopts.malloc_pool[i]); + dprintf(fd, "******** End dump %s *******\n", __progname); + close(fd); + } else + dprintf(STDERR_FILENO, + "malloc() warning: Couldn't dump stats\n"); + errno = save_errno; } + +#endif /* MALLOC_STATS */ diff --git a/src/lib/libc/stdlib/memory.3 b/src/lib/libc/stdlib/memory.3 deleted file mode 100644 index 959a173a037..00000000000 --- a/src/lib/libc/stdlib/memory.3 +++ /dev/null @@ -1,69 +0,0 @@ -.\" Copyright (c) 1991 Regents of the University of California. -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $OpenBSD: memory.3,v 1.5 2000/04/20 13:50:02 aaron Exp $ -.\" -.Dd May 2, 1991 -.Dt MEMORY 3 -.Os -.Sh NAME -.Nm malloc , -.Nm free , -.Nm realloc , -.Nm calloc , -.Nm alloca -.Nd general memory allocation operations -.Sh SYNOPSIS -.Fd #include -.Ft void * -.Fn malloc "size_t size" -.Ft void -.Fn free "void *ptr" -.Ft void * -.Fn realloc "void *ptr" "size_t size" -.Ft void * -.Fn calloc "size_t nelem" "size_t elsize" -.Ft void * -.Fn alloca "size_t size" -.Sh DESCRIPTION -These functions allocate and free memory for the calling process. -They are described in the individual man pages. -.Sh SEE ALSO -.Xr alloca 3 , -.Xr calloc 3 , -.Xr free 3 , -.Xr malloc 3 , -.Xr realloc 3 -.Sh STANDARDS -These functions, with the exception of -.Fn alloca , -conform to -.St -ansiC . diff --git a/src/lib/libc/stdlib/merge.c b/src/lib/libc/stdlib/merge.c index 4ae6488af23..d60317ce082 100644 --- a/src/lib/libc/stdlib/merge.c +++ b/src/lib/libc/stdlib/merge.c @@ -1,3 +1,4 @@ +/* $OpenBSD: merge.c,v 1.10 2015/06/21 03:20:56 millert Exp $ */ /*- * Copyright (c) 1992, 1993 * The Regents of the University of California. All rights reserved. @@ -13,11 +14,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -34,10 +31,6 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: merge.c,v 1.5 2002/02/17 19:42:24 millert Exp $"; -#endif /* LIBC_SCCS and not lint */ - /* * Hybrid exponential search/linear search merge sort with hybrid * natural/pairwise first pass. Requires about .3% more comparisons @@ -95,15 +88,12 @@ static void insertionsort(u_char *, size_t, size_t, int (*)()); * Arguments are as for qsort. */ int -mergesort(base, nmemb, size, cmp) - void *base; - size_t nmemb; - register size_t size; - int (*cmp)(const void *, const void *); +mergesort(void *base, size_t nmemb, size_t size, + int (*cmp)(const void *, const void *)) { - register int i, sense; + int i, sense; int big, iflag; - register u_char *f1, *f2, *t, *b, *tp2, *q, *l1, *l2; + u_char *f1, *f2, *t, *b, *tp2, *q, *l1, *l2; u_char *list2, *list1, *p2, *p, *last, **p1; if (size < PSIZE / 2) { /* Pointers must fit into 2 * size. */ @@ -111,6 +101,9 @@ mergesort(base, nmemb, size, cmp) return (-1); } + if (nmemb == 0) + return (0); + /* * XXX * Stupid subtraction for the Cray. @@ -255,13 +248,11 @@ COPY: b = t; * is defined. Otherwise simple pairwise merging is used.) */ void -setup(list1, list2, n, size, cmp) - size_t n, size; - int (*cmp)(const void *, const void *); - u_char *list1, *list2; +setup(u_char *list1, u_char *list2, size_t n, size_t size, + int (*cmp)(const void *, const void *)) { - int i, length, size2, tmp, sense; - u_char *f1, *f2, *s, *l2, *last, *p2; + int i, length, size2, sense; + u_char tmp, *f1, *f2, *s, *l2, *last, *p2; size2 = size*2; if (n <= 5) { @@ -329,10 +320,8 @@ setup(list1, list2, n, size, cmp) * last 4 elements. */ static void -insertionsort(a, n, size, cmp) - u_char *a; - size_t n, size; - int (*cmp)(const void *, const void *); +insertionsort(u_char *a, size_t n, size_t size, + int (*cmp)(const void *, const void *)) { u_char *ai, *s, *t, *u, tmp; int i; diff --git a/src/lib/libc/stdlib/mrand48.c b/src/lib/libc/stdlib/mrand48.c index cd34260b5cc..3334e2ad2b4 100644 --- a/src/lib/libc/stdlib/mrand48.c +++ b/src/lib/libc/stdlib/mrand48.c @@ -1,3 +1,4 @@ +/* $OpenBSD: mrand48.c,v 1.6 2015/08/27 04:33:31 guenther Exp $ */ /* * Copyright (c) 1993 Martin Birgmeier * All rights reserved. @@ -11,17 +12,13 @@ * to anyone/anything when using this software. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$OpenBSD: mrand48.c,v 1.2 1996/08/19 08:33:39 tholo Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include "rand48.h" -extern unsigned short __rand48_seed[3]; - long mrand48(void) { + if (__rand48_deterministic == 0) + return (int)arc4random(); __dorand48(__rand48_seed); return ((long) __rand48_seed[2] << 16) + (long) __rand48_seed[1]; } diff --git a/src/lib/libc/stdlib/multibyte.c b/src/lib/libc/stdlib/multibyte.c deleted file mode 100644 index 6f08bbe3425..00000000000 --- a/src/lib/libc/stdlib/multibyte.c +++ /dev/null @@ -1,124 +0,0 @@ -/* - * Copyright (c) 1991 The Regents of the University of California. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: multibyte.c,v 1.3 2002/02/19 19:39:37 millert Exp $"; -#endif /* LIBC_SCCS and not lint */ - -#include - -/* - * Stub multibyte character functions. - * This cheezy implementation is fixed to the native single-byte - * character set. - */ - -int -mblen(s, n) - const char *s; - size_t n; -{ - if (s == NULL || *s == '\0') - return 0; - if (n == 0) - return -1; - return 1; -} - -/*ARGSUSED*/ -int -mbtowc(pwc, s, n) - wchar_t *pwc; - const char *s; - size_t n; -{ - if (s == NULL) - return 0; - if (n == 0) - return -1; - if (pwc) - *pwc = (wchar_t) *s; - return (*s != '\0'); -} - -/*ARGSUSED*/ -int -wctomb(char *s, wchar_t wchar) -{ - if (s == NULL) - return 0; - - *s = (char) wchar; - return 1; -} - -/*ARGSUSED*/ -size_t -mbstowcs(pwcs, s, n) - wchar_t *pwcs; - const char *s; - size_t n; -{ - int count = 0; - - if (n != 0) { - do { - if ((*pwcs++ = (wchar_t) *s++) == 0) - break; - count++; - } while (--n != 0); - } - - return count; -} - -/*ARGSUSED*/ -size_t -wcstombs(s, pwcs, n) - char *s; - const wchar_t *pwcs; - size_t n; -{ - int count = 0; - - if (n != 0) { - do { - if ((*s++ = (char) *pwcs++) == 0) - break; - count++; - } while (--n != 0); - } - - return count; -} - diff --git a/src/lib/libc/stdlib/nrand48.c b/src/lib/libc/stdlib/nrand48.c index b1ec2cebb1a..f1f548c3af5 100644 --- a/src/lib/libc/stdlib/nrand48.c +++ b/src/lib/libc/stdlib/nrand48.c @@ -1,3 +1,4 @@ +/* $OpenBSD: nrand48.c,v 1.3 2005/08/08 08:05:37 espie Exp $ */ /* * Copyright (c) 1993 Martin Birgmeier * All rights reserved. @@ -11,10 +12,6 @@ * to anyone/anything when using this software. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$OpenBSD: nrand48.c,v 1.2 1996/08/19 08:33:40 tholo Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include "rand48.h" long diff --git a/src/lib/libc/stdlib/posix_memalign.3 b/src/lib/libc/stdlib/posix_memalign.3 new file mode 100644 index 00000000000..fcd0a4cbdb4 --- /dev/null +++ b/src/lib/libc/stdlib/posix_memalign.3 @@ -0,0 +1,97 @@ +.\" $OpenBSD: posix_memalign.3,v 1.4 2017/05/13 07:11:29 otto Exp $ +.\" Copyright (C) 2006 Jason Evans . +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice(s), this list of conditions and the following disclaimer as +.\" the first lines of this file unmodified other than the possible +.\" addition of one or more copyright notices. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice(s), this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER(S) ``AS IS'' AND ANY +.\" EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) BE +.\" LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +.\" BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +.\" WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +.\" OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, +.\" EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.\" $FreeBSD: src/lib/libc/stdlib/posix_memalign.3,v 1.3 2007/03/28 04:32:51 jasone Exp $ +.\" +.Dd $Mdocdate: May 13 2017 $ +.Dt POSIX_MEMALIGN 3 +.Os +.Sh NAME +.Nm posix_memalign +.Nd aligned memory allocation +.Sh SYNOPSIS +.In stdlib.h +.Ft int +.Fn posix_memalign "void **ptr" "size_t alignment" "size_t size" +.Sh DESCRIPTION +The +.Fn posix_memalign +function allocates +.Fa size +bytes of memory such that the allocation's base address is a multiple of +.Fa alignment , +and returns the allocation in the value pointed to by +.Fa ptr . +.Pp +The requested +.Fa alignment +must be a power of 2 at least as large as +.Fn sizeof "void *" . +.Pp +Memory that is allocated via +.Fn posix_memalign +can be used as an argument in subsequent calls to +.Xr realloc 3 , +.Xr reallocarray 3 +and +.Xr free 3 , +but not +.Xr recallocarray 3 +and +.Xr freezero 3 . +.Sh RETURN VALUES +The +.Fn posix_memalign +function returns the value 0 if successful; otherwise it returns an error value. +.Sh ERRORS +The +.Fn posix_memalign +function will fail if: +.Bl -tag -width Er +.It Bq Er EINVAL +The +.Fa alignment +parameter is not a power of 2 at least as large as +.Fn sizeof "void *" . +.It Bq Er ENOMEM +Memory allocation error. +.El +.Sh SEE ALSO +.Xr free 3 , +.Xr malloc 3 , +.Xr realloc 3 +.Sh STANDARDS +The +.Fn posix_memalign +function conforms to +.St -p1003.1-2001 . +.Sh HISTORY +The +.Fn posix_memalign +function first appeared in +.Ox 4.8 . diff --git a/src/lib/libc/stdlib/posix_openpt.3 b/src/lib/libc/stdlib/posix_openpt.3 new file mode 100644 index 00000000000..b55e1be750c --- /dev/null +++ b/src/lib/libc/stdlib/posix_openpt.3 @@ -0,0 +1,102 @@ +.\" $OpenBSD: posix_openpt.3,v 1.4 2019/01/25 00:19:25 millert Exp $ +.\" +.\" Copyright (c) 2012 Todd C. Miller +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: January 25 2019 $ +.Dt POSIX_OPENPT 3 +.Os +.Sh NAME +.Nm posix_openpt +.Nd open a pseudo-terminal device +.Sh SYNOPSIS +.In stdlib.h +.In fcntl.h +.Ft int +.Fn posix_openpt "int oflag" +.Sh DESCRIPTION +The +.Fn posix_openpt +function finds the next available pseudo-terminal and returns an open +file descriptor for its master device. +The path name of the slave device may be determined via the +.Fn ptsname +function. +Note that the +.Fn unlockpt +and +.Fn grantpt +functions should be called before opening the slave device. +.Pp +The +.Ar oflag +argument is formed by bitwise-inclusive +.Tn OR Ns 'ing +the following values defined in +.In fcntl.h : +.Bl -tag -width O_NOCTTY -offset indent +.It Dv O_RDWR +Open for reading and writing. +.It Dv O_NOCTTY +Prevent the device from being made the controlling terminal for the session. +This flag has no effect on +.Ox +and is included for compatibility with other systems. +.El +.Pp +The +.Dv O_RDWR +flag must be specified in +.Fa oflag . +If +.Fa oflag +contains values other than those listed above, +.Fn posix_openpt +will return an error. +.Sh RETURN VALUES +If successful, +.Fn posix_openpt +returns a non-negative integer, the file descriptor for the +pseudo-terminal master device. +Otherwise, a value of \-1 is returned and +.Va errno +is set to indicate the error. +.Sh ERRORS +The +.Fn posix_openpt +function will fail if: +.Bl -tag -width Er +.It Bq Er EMFILE +The per-process descriptor table is full. +.It Bq Er ENFILE +The system file table is full. +.It Bq Er EINVAL +The value of +.Fa oflag +is not valid. +.El +.Sh SEE ALSO +.Xr ptsname 3 , +.Xr pty 4 , +.Xr tty 4 +.Sh STANDARDS +The +.Fn posix_openpt +function conforms to +.St -p1003.1-2001 . +.Sh HISTORY +The +.Fn posix_openpt +function appeared in +.Ox 5.3 . diff --git a/src/lib/libc/stdlib/posix_pty.c b/src/lib/libc/stdlib/posix_pty.c new file mode 100644 index 00000000000..e45ab6ebd0c --- /dev/null +++ b/src/lib/libc/stdlib/posix_pty.c @@ -0,0 +1,120 @@ +/* $OpenBSD: posix_pty.c,v 1.3 2019/01/25 00:19:25 millert Exp $ */ + +/* + * Copyright (c) 2012 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +int +posix_openpt(int oflag) +{ + struct ptmget ptm; + int fd, mfd = -1; + + /* User must specify O_RDWR in oflag. */ + if ((oflag & O_ACCMODE) != O_RDWR || + (oflag & ~(O_ACCMODE | O_NOCTTY)) != 0) { + errno = EINVAL; + return -1; + } + + /* Get pty master and slave (this API only uses the master). */ + fd = open(PATH_PTMDEV, O_RDWR); + if (fd != -1) { + if (ioctl(fd, PTMGET, &ptm) != -1) { + close(ptm.sfd); + mfd = ptm.cfd; + } + close(fd); + } + + return mfd; +} + +/* + * Look up the name of the specified pty master fd. + * Note that the name returned does *not* include the /dev/ prefix. + * Returns the name on success and NULL on error, setting errno. + */ +static const char * +ptmname(int mfd) +{ + struct stat sb; + const char *name; + + /* Make sure it is a pty master. */ + if (fstat(mfd, &sb) != 0) + return NULL; + if (!S_ISCHR(sb.st_mode)) { + errno = EINVAL; + return NULL; + } + name = devname(sb.st_rdev, S_IFCHR); + if (strncmp(name, "pty", 3) != 0) { + errno = EINVAL; + return NULL; + } + return name; +} + +/* + * The PTMGET ioctl handles the mode and owner for us. + */ +int +grantpt(int mfd) +{ + return ptmname(mfd) ? 0 : -1; +} + +/* + * The PTMGET ioctl unlocks the pty master and slave for us. + */ +int +unlockpt(int mfd) +{ + return ptmname(mfd) ? 0 : -1; +} + +/* + * Look up the path of the slave pty that corresponds to the master fd. + * Returns the path if successful or NULL on error. + */ +char * +ptsname(int mfd) +{ + const char *master; + static char slave[sizeof(((struct ptmget *)NULL)->sn)]; + + if ((master = ptmname(mfd)) == NULL) + return NULL; + + /* Add /dev/ prefix and convert "pty" to "tty". */ + strlcpy(slave, _PATH_DEV, sizeof(slave)); + strlcat(slave, master, sizeof(slave)); + slave[sizeof(_PATH_DEV) - 1] = 't'; + + return slave; +} diff --git a/src/lib/libc/stdlib/ptsname.3 b/src/lib/libc/stdlib/ptsname.3 new file mode 100644 index 00000000000..98705528f50 --- /dev/null +++ b/src/lib/libc/stdlib/ptsname.3 @@ -0,0 +1,160 @@ +.\" $OpenBSD: ptsname.3,v 1.2 2012/12/04 18:42:16 millert Exp $ +.\" +.\" Copyright (c) 2002 The FreeBSD Project, Inc. +.\" All rights reserved. +.\" +.\" This software includes code contributed to the FreeBSD Project +.\" by Ryan Younce of North Carolina State University. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the FreeBSD Project nor the names of its +.\" contributors may be used to endorse or promote products derived from +.\" this software without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE FREEBSD PROJECT AND CONTRIBUTORS +.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A +.\" PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FREEBSD PROJECT +.\" OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED +.\" TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR +.\" PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF +.\" LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +.\" NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +.\" SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.\" $FreeBSD: head/lib/libc/stdlib/ptsname.3 240412 2012-09-12 17:54:09Z emaste $ +.\" +.Dd $Mdocdate: December 4 2012 $ +.Dt PTSNAME 3 +.Os +.Sh NAME +.Nm grantpt , +.Nm ptsname , +.Nm unlockpt +.Nd pseudo-terminal access functions +.Sh SYNOPSIS +.In stdlib.h +.Ft int +.Fn grantpt "int fildes" +.Ft "char *" +.Fn ptsname "int fildes" +.Ft int +.Fn unlockpt "int fildes" +.Sh DESCRIPTION +The +.Fn grantpt , +.Fn ptsname , +and +.Fn unlockpt +functions allow access to pseudo-terminal devices. +These three functions accept a file descriptor that references the +master half of a pseudo-terminal pair. +This file descriptor is created with +.Xr posix_openpt 3 . +.Pp +The +.Fn grantpt +function is used to establish ownership and permissions +of the slave device counterpart to the master device +specified with +.Fa fildes . +The slave device's ownership is set to the real user ID +of the calling process, and the permissions are set to +user readable-writable and group writable. +The group owner of the slave device is also set to the +group +.Dq Li tty . +.Pp +The +.Fn ptsname +function returns the full path name of the slave device +counterpart to the master device specified with +.Fa fildes . +This value can be used +to subsequently open the appropriate slave after +.Xr posix_openpt 3 +and +.Fn grantpt +have been called. +.Pp +The +.Fn unlockpt +function clears the lock held on the pseudo-terminal pair +for the master device specified with +.Fa fildes . +.Sh RETURN VALUES +.Rv -std grantpt unlockpt +.Pp +The +.Fn ptsname +function returns a pointer to the name +of the slave device on success; otherwise a +.Dv NULL +pointer is returned. +.Sh ERRORS +The +.Fn grantpt , +.Fn ptsname +and +.Fn unlockpt +functions may fail and set +.Va errno +to: +.Bl -tag -width Er +.It Bq Er EBADF +.Fa fildes +is not a valid open file descriptor. +.It Bq Er EINVAL +.Fa fildes +is not a master pseudo-terminal device. +.El +.Pp +In addition, the +.Fn grantpt +function may set +.Va errno +to: +.Bl -tag -width Er +.It Bq Er EACCES +The slave pseudo-terminal device could not be accessed. +.El +.Sh SEE ALSO +.Xr posix_openpt 3 , +.Xr pty 4 , +.Xr tty 4 +.Sh STANDARDS +The +.Fn ptsname +function conforms to +.St -p1003.1-2008 . +.Pp +This implementation of +.Fn grantpt +and +.Fn unlockpt +does not conform to +.St -p1003.1-2008 , +because it depends on +.Xr posix_openpt 3 +to create the pseudo-terminal device with proper permissions in place. +It only validates whether +.Fa fildes +is a valid pseudo-terminal master device. +Future revisions of the specification will likely allow this behaviour, +as stated by the Austin Group. +.Sh HISTORY +The +.Fn grantpt , +.Fn ptsname +and +.Fn unlockpt +functions appeared in +.Ox 5.3 . diff --git a/src/lib/libc/stdlib/putenv.c b/src/lib/libc/stdlib/putenv.c deleted file mode 100644 index d8c4886d4b1..00000000000 --- a/src/lib/libc/stdlib/putenv.c +++ /dev/null @@ -1,58 +0,0 @@ -/*- - * Copyright (c) 1988, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: putenv.c,v 1.2 1996/08/10 05:03:00 tholo Exp $"; -#endif /* LIBC_SCCS and not lint */ - -#include -#include - -int -putenv(str) - const char *str; -{ - char *p, *equal; - int rval; - - if ((p = strdup(str)) == NULL) - return (-1); - if ((equal = strchr(p, '=')) == NULL) { - (void)free(p); - return (-1); - } - *equal = '\0'; - rval = setenv(p, equal + 1, 1); - (void)free(p); - return (rval); -} diff --git a/src/lib/libc/stdlib/qabs.3 b/src/lib/libc/stdlib/qabs.3 deleted file mode 100644 index ef0307ab25d..00000000000 --- a/src/lib/libc/stdlib/qabs.3 +++ /dev/null @@ -1,60 +0,0 @@ -.\" Copyright (c) 1990, 1991 The Regents of the University of California. -.\" All rights reserved. -.\" -.\" This code is derived from software contributed to Berkeley by -.\" the American National Standards Committee X3, on Information -.\" Processing Systems. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $OpenBSD: qabs.3,v 1.5 2000/04/20 13:50:02 aaron Exp $ -.\" -.Dd June 29, 1991 -.Dt QABS 3 -.Os -.Sh NAME -.Nm qabs -.Nd return the absolute value of a quad integer -.Sh SYNOPSIS -.Fd #include -.Ft quad_t -.Fn qabs "quad_t j" -.Sh DESCRIPTION -The -.Fn qabs -function returns the absolute value of the quad integer -.Fa j . -.Sh SEE ALSO -.Xr abs 3 , -.Xr cabs 3 , -.Xr floor 3 , -.Xr labs 3 , -.Xr math 3 -.Sh BUGS -The absolute value of the most negative integer remains negative. diff --git a/src/lib/libc/stdlib/qabs.c b/src/lib/libc/stdlib/qabs.c deleted file mode 100644 index ccc42cbec67..00000000000 --- a/src/lib/libc/stdlib/qabs.c +++ /dev/null @@ -1,45 +0,0 @@ -/*- - * Copyright (c) 1990 The Regents of the University of California. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: qabs.c,v 1.2 1996/08/19 08:33:40 tholo Exp $"; -#endif /* LIBC_SCCS and not lint */ - -#include - -quad_t -qabs(j) - quad_t j; -{ - return(j < 0 ? -j : j); -} diff --git a/src/lib/libc/stdlib/qdiv.3 b/src/lib/libc/stdlib/qdiv.3 deleted file mode 100644 index 4db47d9b4a0..00000000000 --- a/src/lib/libc/stdlib/qdiv.3 +++ /dev/null @@ -1,64 +0,0 @@ -.\" Copyright (c) 1990, 1991 The Regents of the University of California. -.\" All rights reserved. -.\" -.\" This code is derived from software contributed to Berkeley by -.\" Chris Torek and the American National Standards Committee X3, -.\" on Information Processing Systems. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $OpenBSD: qdiv.3,v 1.4 2000/12/24 00:31:00 aaron Exp $ -.\" -.Dd June 29, 1991 -.Dt QDIV 3 -.Os -.Sh NAME -.Nm qdiv -.Nd return quotient and remainder from division -.Sh SYNOPSIS -.Fd #include -.Ft qdiv_t -.Fn qdiv "quad_t num" "quad_t denom" -.Sh DESCRIPTION -The -.Fn qdiv -function computes the value -.Fa num Ns No / Ns Fa denom -and returns the quotient and remainder in a structure named -.Li qdiv_t -that contains two -.Li quad integer -members named -.Fa quot -and -.Fa rem . -.Sh SEE ALSO -.Xr div 3 , -.Xr ldiv 3 , -.Xr math 3 diff --git a/src/lib/libc/stdlib/qdiv.c b/src/lib/libc/stdlib/qdiv.c deleted file mode 100644 index 07e84cd6499..00000000000 --- a/src/lib/libc/stdlib/qdiv.c +++ /dev/null @@ -1,58 +0,0 @@ -/* - * Copyright (c) 1990 Regents of the University of California. - * All rights reserved. - * - * This code is derived from software contributed to Berkeley by - * Chris Torek. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: qdiv.c,v 1.2 1996/08/19 08:33:41 tholo Exp $"; -#endif /* LIBC_SCCS and not lint */ - -#include /* qdiv_t */ - -qdiv_t -qdiv(num, denom) - quad_t num, denom; -{ - qdiv_t r; - - /* see div.c for comments */ - - r.quot = num / denom; - r.rem = num % denom; - if (num >= 0 && r.rem < 0) { - r.quot++; - r.rem -= denom; - } - return (r); -} diff --git a/src/lib/libc/stdlib/qsort.3 b/src/lib/libc/stdlib/qsort.3 index 6c4eba46bf1..4f90eae9851 100644 --- a/src/lib/libc/stdlib/qsort.3 +++ b/src/lib/libc/stdlib/qsort.3 @@ -13,11 +13,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -33,9 +29,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: qsort.3,v 1.9 2002/02/23 19:51:46 miod Exp $ +.\" $OpenBSD: qsort.3,v 1.25 2019/03/20 04:02:06 schwarze Exp $ .\" -.Dd June 4, 1993 +.Dd $Mdocdate: March 20 2019 $ .Dt QSORT 3 .Os .Sh NAME @@ -44,7 +40,7 @@ .Nm mergesort .Nd sort functions .Sh SYNOPSIS -.Fd #include +.In stdlib.h .Ft void .Fn qsort "void *base" "size_t nmemb" "size_t size" "int (*compar)(const void *, const void *)" .Ft int @@ -89,7 +85,7 @@ a comparison function pointed to by which requires two arguments pointing to the objects being compared. .Pp -The comparison function must return an integer less than, equal to, or +The comparison function must return an int less than, equal to, or greater than zero if the first argument is considered to be respectively less than, equal to, or greater than the second. .Pp @@ -115,7 +111,9 @@ Algorithm Q. .Fn qsort takes O N lg N average time. This implementation uses median selection to avoid its -O N**2 worst-case behavior. +O N**2 worst-case behavior and will fall back to +.Fn heapsort +if the recursion depth exceeds 2 lg N. .Pp The .Fn heapsort @@ -126,7 +124,7 @@ a variant of selection sorting; in particular, see D.E. Knuth's Algorithm H. .Fn heapsort takes O N lg N worst-case time. This implementation of -.Fn qsort +.Fn heapsort is implemented without recursive function calls. .Pp The function @@ -147,18 +145,48 @@ which is faster than .Fn heapsort . Memory availability and pre-existing order in the data can make this untrue. .Sh RETURN VALUES -The -.Fn qsort -function returns no value. +.Rv -std heapsort mergesort +.Sh EXAMPLES +.Bd -literal +#include +#include +#include + +char *array[] = { "XX", "YYY", "Z" }; +#define N (sizeof(array) / sizeof(array[0])) + +int +cmp(const void *a, const void *b) +{ + /* + * a and b point to elements of the array. + * Cast and dereference to obtain the actual elements, + * which are also pointers in this case. + */ + size_t lena = strlen(*(const char **)a); + size_t lenb = strlen(*(const char **)b); + /* + * Do not subtract the lengths. The difference between values + * cannot be represented by an int. + */ + return lena < lenb ? -1 : lena > lenb; +} + +int +main() +{ + size_t i; + + qsort(array, N, sizeof(array[0]), cmp); + for (i = 0; i < N; i++) + printf("%s\en", array[i]); +} + + +.Ed .Pp -Upon successful completion, -.Fn heapsort -and -.Fn mergesort -return 0. -Otherwise, they return \-1 and the global variable -.Va errno -is set to indicate the error. +It is almost always an error to use subtraction to compute the return value +of the comparison function. .Sh ERRORS The .Fn heapsort @@ -181,12 +209,6 @@ or .Fn mergesort were unable to allocate memory. .El -.Sh COMPATIBILITY -Previous versions of -.Fn qsort -did not permit the comparison routine itself to call -.Fn qsort 3 . -This is no longer true. .Sh SEE ALSO .Xr sort 1 , .Xr radixsort 3 @@ -204,7 +226,7 @@ This is no longer true. .%T "Heapsort" .%J "Communications of the ACM" .%V 7:1 -.%P pp. 347-348 +.%P pp. 347\-348 .Re .Rs .%A Knuth, D.E. @@ -212,22 +234,45 @@ This is no longer true. .%B "The Art of Computer Programming" .%V Vol. 3 .%T "Sorting and Searching" -.%P pp. 114-123, 145-149 +.%P pp. 114\-123, 145\-149 .Re .Rs -.%A Mcilroy, P.M. +.%A McIlroy, P.M. .%T "Optimistic Sorting and Information Theoretic Complexity" .%J "Fourth Annual ACM-SIAM Symposium on Discrete Algorithms" -.%V January 1992 +.%P pp. 467\-464 +.%D January 1993 .Re .Rs .%A Bentley, J.L. +.%A McIlroy, M.D. .%T "Engineering a Sort Function" -.%J "bentley@research.att.com" -.%V January 1992 +.%J "Software \- Practice and Experience" +.%V Vol. 23(11) +.%P pp. 1249\-1265 +.%D November 1993 +.Re +.Rs +.%A Musser, D. +.%T "Introspective Sorting and Selection Algorithms" +.%J "Software \- Practice and Experience" +.%V Vol. 27(8) +.%P pp. 983\-993 +.%D August 1997 .Re .Sh STANDARDS +Previous versions of +.Fn qsort +did not permit the comparison routine itself to call +.Fn qsort . +This is no longer true. +.Pp The .Fn qsort function conforms to .St -ansiC . +.Sh HISTORY +A +.Fn qsort +function first appeared in +.At v3 . diff --git a/src/lib/libc/stdlib/qsort.c b/src/lib/libc/stdlib/qsort.c index 9b8bb5801ba..ca73e67f290 100644 --- a/src/lib/libc/stdlib/qsort.c +++ b/src/lib/libc/stdlib/qsort.c @@ -1,3 +1,4 @@ +/* $OpenBSD: qsort.c,v 1.18 2017/05/30 14:54:09 millert Exp $ */ /*- * Copyright (c) 1992, 1993 * The Regents of the University of California. All rights reserved. @@ -10,11 +11,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -31,113 +28,144 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: qsort.c,v 1.7 2002/02/17 19:42:24 millert Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include #include -static __inline char *med3(char *, char *, char *, int (*)()); -static __inline void swapfunc(char *, char *, int, int); +static __inline char *med3(char *, char *, char *, int (*)(const void *, const void *)); +static __inline void swapfunc(char *, char *, size_t, int); #define min(a, b) (a) < (b) ? a : b /* * Qsort routine from Bentley & McIlroy's "Engineering a Sort Function". + * + * This version differs from Bentley & McIlroy in the following ways: + * 1. The partition value is swapped into a[0] instead of being + * stored out of line. + * + * 2. The swap function can swap 32-bit aligned elements on 64-bit + * platforms instead of swapping them as byte-aligned. + * + * 3. It uses David Musser's introsort algorithm to fall back to + * heapsort(3) when the recursion depth reaches 2*lg(n + 1). + * This avoids quicksort's quadratic behavior for pathological + * input without appreciably changing the average run time. + * + * 4. Tail recursion is eliminated when sorting the larger of two + * subpartitions to save stack space. */ +#define SWAPTYPE_BYTEV 1 +#define SWAPTYPE_INTV 2 +#define SWAPTYPE_LONGV 3 +#define SWAPTYPE_INT 4 +#define SWAPTYPE_LONG 5 + +#define TYPE_ALIGNED(TYPE, a, es) \ + (((char *)a - (char *)0) % sizeof(TYPE) == 0 && es % sizeof(TYPE) == 0) + #define swapcode(TYPE, parmi, parmj, n) { \ - long i = (n) / sizeof (TYPE); \ - register TYPE *pi = (TYPE *) (parmi); \ - register TYPE *pj = (TYPE *) (parmj); \ + size_t i = (n) / sizeof (TYPE); \ + TYPE *pi = (TYPE *) (parmi); \ + TYPE *pj = (TYPE *) (parmj); \ do { \ - register TYPE t = *pi; \ + TYPE t = *pi; \ *pi++ = *pj; \ *pj++ = t; \ } while (--i > 0); \ } -#define SWAPINIT(a, es) swaptype = ((char *)a - (char *)0) % sizeof(long) || \ - es % sizeof(long) ? 2 : es == sizeof(long)? 0 : 1; - static __inline void -swapfunc(a, b, n, swaptype) - char *a, *b; - int n, swaptype; +swapfunc(char *a, char *b, size_t n, int swaptype) { - if (swaptype <= 1) - swapcode(long, a, b, n) - else - swapcode(char, a, b, n) + switch (swaptype) { + case SWAPTYPE_INT: + case SWAPTYPE_INTV: + swapcode(int, a, b, n); + break; + case SWAPTYPE_LONG: + case SWAPTYPE_LONGV: + swapcode(long, a, b, n); + break; + default: + swapcode(char, a, b, n); + break; + } } -#define swap(a, b) \ - if (swaptype == 0) { \ +#define swap(a, b) do { \ + switch (swaptype) { \ + case SWAPTYPE_INT: { \ + int t = *(int *)(a); \ + *(int *)(a) = *(int *)(b); \ + *(int *)(b) = t; \ + break; \ + } \ + case SWAPTYPE_LONG: { \ long t = *(long *)(a); \ *(long *)(a) = *(long *)(b); \ *(long *)(b) = t; \ - } else \ - swapfunc(a, b, es, swaptype) + break; \ + } \ + default: \ + swapfunc(a, b, es, swaptype); \ + } \ +} while (0) #define vecswap(a, b, n) if ((n) > 0) swapfunc(a, b, n, swaptype) static __inline char * -med3(a, b, c, cmp) - char *a, *b, *c; - int (*cmp)(); +med3(char *a, char *b, char *c, int (*cmp)(const void *, const void *)) { return cmp(a, b) < 0 ? (cmp(b, c) < 0 ? b : (cmp(a, c) < 0 ? c : a )) :(cmp(b, c) > 0 ? b : (cmp(a, c) < 0 ? a : c )); } -void -qsort(aa, n, es, cmp) - void *aa; - size_t n, es; - int (*cmp)(); +static void +introsort(char *a, size_t n, size_t es, size_t maxdepth, int swaptype, + int (*cmp)(const void *, const void *)) { char *pa, *pb, *pc, *pd, *pl, *pm, *pn; - int d, r, swaptype, swap_cnt; - register char *a = aa; - -loop: SWAPINIT(a, es); - swap_cnt = 0; - if (n < 7) { - for (pm = (char *)a + es; pm < (char *) a + n * es; pm += es) - for (pl = pm; pl > (char *) a && cmp(pl - es, pl) > 0; + int cmp_result; + size_t r, s; + +loop: if (n < 7) { + for (pm = a + es; pm < a + n * es; pm += es) + for (pl = pm; pl > a && cmp(pl - es, pl) > 0; pl -= es) swap(pl, pl - es); return; } - pm = (char *)a + (n / 2) * es; + if (maxdepth == 0) { + if (heapsort(a, n, es, cmp) == 0) + return; + } + maxdepth--; + pm = a + (n / 2) * es; if (n > 7) { - pl = (char *)a; - pn = (char *)a + (n - 1) * es; + pl = a; + pn = a + (n - 1) * es; if (n > 40) { - d = (n / 8) * es; - pl = med3(pl, pl + d, pl + 2 * d, cmp); - pm = med3(pm - d, pm, pm + d, cmp); - pn = med3(pn - 2 * d, pn - d, pn, cmp); + s = (n / 8) * es; + pl = med3(pl, pl + s, pl + 2 * s, cmp); + pm = med3(pm - s, pm, pm + s, cmp); + pn = med3(pn - 2 * s, pn - s, pn, cmp); } pm = med3(pl, pm, pn, cmp); } swap(a, pm); - pa = pb = (char *)a + es; - - pc = pd = (char *)a + (n - 1) * es; + pa = pb = a + es; + pc = pd = a + (n - 1) * es; for (;;) { - while (pb <= pc && (r = cmp(pb, a)) <= 0) { - if (r == 0) { - swap_cnt = 1; + while (pb <= pc && (cmp_result = cmp(pb, a)) <= 0) { + if (cmp_result == 0) { swap(pa, pb); pa += es; } pb += es; } - while (pb <= pc && (r = cmp(pc, a)) >= 0) { - if (r == 0) { - swap_cnt = 1; + while (pb <= pc && (cmp_result = cmp(pc, a)) >= 0) { + if (cmp_result == 0) { swap(pc, pd); pd -= es; } @@ -146,30 +174,65 @@ loop: SWAPINIT(a, es); if (pb > pc) break; swap(pb, pc); - swap_cnt = 1; pb += es; pc -= es; } - if (swap_cnt == 0) { /* Switch to insertion sort */ - for (pm = (char *) a + es; pm < (char *) a + n * es; pm += es) - for (pl = pm; pl > (char *) a && cmp(pl - es, pl) > 0; - pl -= es) - swap(pl, pl - es); - return; - } - pn = (char *)a + n * es; - r = min(pa - (char *)a, pb - pa); + pn = a + n * es; + r = min(pa - a, pb - pa); vecswap(a, pb - r, r); r = min(pd - pc, pn - pd - es); vecswap(pb, pn - r, r); - if ((r = pb - pa) > es) - qsort(a, r / es, es, cmp); - if ((r = pd - pc) > es) { - /* Iterate rather than recurse to save stack space */ - a = pn - r; - n = r / es; - goto loop; + /* + * To save stack space we sort the smaller side of the partition first + * using recursion and eliminate tail recursion for the larger side. + */ + r = pb - pa; + s = pd - pc; + if (r < s) { + /* Recurse for 1st side, iterate for 2nd side. */ + if (s > es) { + if (r > es) { + introsort(a, r / es, es, maxdepth, + swaptype, cmp); + } + a = pn - s; + n = s / es; + goto loop; + } + } else { + /* Recurse for 2nd side, iterate for 1st side. */ + if (r > es) { + if (s > es) { + introsort(pn - s, s / es, es, maxdepth, + swaptype, cmp); + } + n = r / es; + goto loop; + } } -/* qsort(pn - r, r / es, es, cmp);*/ } + +void +qsort(void *a, size_t n, size_t es, int (*cmp)(const void *, const void *)) +{ + size_t i, maxdepth = 0; + int swaptype; + + /* Approximate 2*ceil(lg(n + 1)) */ + for (i = n; i > 0; i >>= 1) + maxdepth++; + maxdepth *= 2; + + if (TYPE_ALIGNED(long, a, es)) + swaptype = es == sizeof(long) ? SWAPTYPE_LONG : SWAPTYPE_LONGV; + else if (sizeof(int) != sizeof(long) && TYPE_ALIGNED(int, a, es)) + swaptype = es == sizeof(int) ? SWAPTYPE_INT : SWAPTYPE_INTV; + else + swaptype = SWAPTYPE_BYTEV; + + introsort(a, n, es, maxdepth, swaptype, cmp); + +} + +DEF_STRONG(qsort); diff --git a/src/lib/libc/stdlib/radixsort.3 b/src/lib/libc/stdlib/radixsort.3 index f70990fa8ed..e706b798b73 100644 --- a/src/lib/libc/stdlib/radixsort.3 +++ b/src/lib/libc/stdlib/radixsort.3 @@ -9,11 +9,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -29,17 +25,18 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: radixsort.3,v 1.7 2001/08/06 10:42:26 mpech Exp $ +.\" $OpenBSD: radixsort.3,v 1.13 2015/01/29 01:46:31 schwarze Exp $ .\" -.Dd January 27, 1994 +.Dd $Mdocdate: January 29 2015 $ .Dt RADIXSORT 3 .Os .Sh NAME -.Nm radixsort +.Nm radixsort , +.Nm sradixsort .Nd radix sort .Sh SYNOPSIS -.Fd #include -.Fd #include +.In limits.h +.In stdlib.h .Ft int .Fn radixsort "const u_char **base" "int nmemb" "const u_char *table" "u_int endbyte" .Ft int @@ -51,8 +48,10 @@ and .Fn sradixsort functions are implementations of radix sort. .Pp -These functions sort an array of pointers to byte strings, the initial -member of which is referenced by +These functions sort an array of +.Fa nmemb +pointers to byte strings. +The initial member is referenced by .Fa base . The byte strings may contain any values; the end of each string is denoted by the user-specified value @@ -72,21 +71,20 @@ More than one byte may have the same sort weight. The .Fa table argument is useful for applications which wish to sort different characters -equally, for example, providing a table with the same weights -for A-Z as for a-z will result in a case-insensitive sort. +equally; for example, providing a table with the same weights +for A\-Z as for a\-z will result in a case-insensitive sort. If .Fa table is .Dv NULL , the contents of the array are sorted in ascending order according to the -.Tn ASCII -order of the byte strings they reference and +ASCII order of the byte strings they reference and .Fa endbyte has a sorting weight of 0. .Pp The .Fn sradixsort -function is stable, that is, if two elements compare as equal, their +function is stable; that is, if two elements compare as equal, their order in the sorted array is unchanged. The .Fn sradixsort @@ -102,10 +100,7 @@ These functions are variants of most-significant-byte radix sorting; in particular, see D.E. Knuth's Algorithm R and section 5.2.5, exercise 10. They take linear time relative to the number of bytes in the strings. .Sh RETURN VALUES -Upon successful completion 0 is returned. -Otherwise, \-1 is returned and the global variable -.Va errno -is set to indicate the error. +.Rv -std .Sh ERRORS .Bl -tag -width Er .It Bq Er EINVAL diff --git a/src/lib/libc/stdlib/radixsort.c b/src/lib/libc/stdlib/radixsort.c index e03b4797153..49d03b52d5d 100644 --- a/src/lib/libc/stdlib/radixsort.c +++ b/src/lib/libc/stdlib/radixsort.c @@ -1,3 +1,4 @@ +/* $OpenBSD: radixsort.c,v 1.9 2007/09/02 15:19:17 deraadt Exp $ */ /*- * Copyright (c) 1990, 1993 * The Regents of the University of California. All rights reserved. @@ -13,11 +14,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -34,10 +31,6 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: radixsort.c,v 1.5 2002/02/17 19:42:24 millert Exp $"; -#endif /* LIBC_SCCS and not lint */ - /* * Radixsort routines. * @@ -89,10 +82,7 @@ static void r_sort_b(const u_char **, } int -radixsort(a, n, tab, endch) - const u_char **a, *tab; - int n; - u_int endch; +radixsort(const u_char **a, int n, const u_char *tab, u_int endch) { const u_char *tr; int c; @@ -104,10 +94,7 @@ radixsort(a, n, tab, endch) } int -sradixsort(a, n, tab, endch) - const u_char **a, *tab; - int n; - u_int endch; +sradixsort(const u_char **a, int n, const u_char *tab, u_int endch) { const u_char *tr, **ta; int c; @@ -117,7 +104,7 @@ sradixsort(a, n, tab, endch) if (n < THRESHOLD) simplesort(a, n, 0, tr, endch); else { - if ((ta = malloc(n * sizeof(a))) == NULL) + if ((ta = calloc(n, sizeof(a))) == NULL) return (-1); r_sort_b(a, ta, n, 0, tr, endch); free(ta); @@ -132,15 +119,11 @@ sradixsort(a, n, tab, endch) /* Unstable, in-place sort. */ void -r_sort_a(a, n, i, tr, endch) - const u_char **a; - int n, i; - const u_char *tr; - u_int endch; +r_sort_a(const u_char **a, int n, int i, const u_char *tr, u_int endch) { static int count[256], nc, bmin; - register int c; - register const u_char **ak, *r; + int c; + const u_char **ak, *r; stack s[SIZE], *sp, *sp0, *sp1, temp; int *cp, bigc; const u_char **an, *t, **aj, **top[256]; @@ -223,15 +206,12 @@ r_sort_a(a, n, i, tr, endch) /* Stable sort, requiring additional memory. */ void -r_sort_b(a, ta, n, i, tr, endch) - const u_char **a, **ta; - int n, i; - const u_char *tr; - u_int endch; +r_sort_b(const u_char **a, const u_char **ta, int n, int i, const u_char *tr, + u_int endch) { static int count[256], nc, bmin; - register int c; - register const u_char **ak, **ai; + int c; + const u_char **ak, **ai; stack s[512], *sp, *sp0, *sp1, temp; const u_char **top[256]; int *cp, bigc; @@ -295,13 +275,10 @@ r_sort_b(a, ta, n, i, tr, endch) } static __inline void -simplesort(a, n, b, tr, endch) /* insertion sort */ - register const u_char **a; - int n, b; - register const u_char *tr; - u_int endch; +simplesort(const u_char **a, int n, int b, const u_char *tr, u_int endch) + /* insertion sort */ { - register u_char ch; + u_char ch; const u_char **ak, **ai, *s, *t; for (ak = a+1; --n >= 1; ak++) diff --git a/src/lib/libc/stdlib/rand.3 b/src/lib/libc/stdlib/rand.3 index 8899c2e104f..2fd88ac8a4b 100644 --- a/src/lib/libc/stdlib/rand.3 +++ b/src/lib/libc/stdlib/rand.3 @@ -13,11 +13,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -33,48 +29,65 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: rand.3,v 1.8 2001/05/13 23:38:02 millert Exp $ +.\" $OpenBSD: rand.3,v 1.19 2014/12/09 21:55:39 jmc Exp $ .\" -.Dd June 29, 1991 +.Dd $Mdocdate: December 9 2014 $ .Dt RAND 3 .Os .Sh NAME .Nm rand , -.Nm srand -.Nd bad random number generator +.Nm rand_r , +.Nm srand , +.Nm srand_deterministic +.Nd bad pseudo-random number generator .Sh SYNOPSIS -.Fd #include +.In stdlib.h .Ft void .Fn srand "unsigned int seed" +.Ft void +.Fn srand_deterministic "unsigned int seed" .Ft int .Fn rand void .Ft int .Fn rand_r "unsigned int *seed" .Sh DESCRIPTION .Bf -symbolic -These interfaces are obsoleted by -.Xr random 3 . +Standards insist that this interface return deterministic results. +Unsafe usage is very common, so +.Ox +changed the subsystem to return non-deterministic results by default. .Ef .Pp -The +To satisfy portable code, +.Fn srand +may be called to initialize the subsystem. +In +.Ox +the +.Ar seed +variable is ignored, and strong random number results will be provided from +.Xr arc4random 3 . +In other systems, the +.Ar seed +variable primes a simplistic deterministic algorithm. +.Pp +If the standardized behavior is required +.Fn srand_deterministic +can be substituted for +.Fn srand , +then subsequent .Fn rand -function computes a sequence of pseudo-random integers in the range -of 0 to -.Dv RAND_MAX -(as defined by the header file -.Aq Pa stdlib.h ) . +calls will return results using the deterministic algorithm. .Pp The -.Fn srand -function sets its argument as the seed for a new sequence of -pseudo-random numbers to be returned by -.Fn rand . -These sequences are repeatable by calling -.Fn srand -with the same seed value. -.Pp -If no seed value is provided, the functions are automatically -seeded with a value of 1. +.Fn rand +function returns a result in the range of 0 to +.Dv RAND_MAX . +By default, this result comes from +.Xr arc4random 3 . +If +.Fn srand_deterministic +was called, the result will be computed using the deterministic algorithm. .Pp The .Fn rand_r @@ -83,6 +96,7 @@ is a thread-safe version of Storage for the seed must be provided through the .Fa seed argument, and needs to have been initialized by the caller. +It always operates using the deterministic algorithm. .Sh SEE ALSO .Xr arc4random 3 , .Xr rand48 3 , @@ -90,13 +104,29 @@ argument, and needs to have been initialized by the caller. .Sh STANDARDS The .Fn rand -and -.Fn srand -functions conform to +function conforms to .St -ansiC . .Pp The .Fn rand_r -function conforms to ISO/IEC 9945-1 ANSI/IEEE -.Pq Dq Tn POSIX -Std 1003.1c Draft 10. +function conforms to +.St -p1003.1-2008 . +.Pp +The +.Fn srand +function does not conform to +.St -ansiC , +intentionally. +.Pp +The +.Fn srand_deterministic +function is an +.Ox +extension. +.Sh HISTORY +The functions +.Fn rand +and +.Fn srand +first appeared in +.At v3 . diff --git a/src/lib/libc/stdlib/rand.c b/src/lib/libc/stdlib/rand.c index bb180886c01..97964f6ef93 100644 --- a/src/lib/libc/stdlib/rand.c +++ b/src/lib/libc/stdlib/rand.c @@ -1,3 +1,4 @@ +/* $OpenBSD: rand.c,v 1.18 2017/11/28 06:55:49 tb Exp $ */ /*- * Copyright (c) 1990 The Regents of the University of California. * All rights reserved. @@ -10,11 +11,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -31,35 +28,47 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: rand.c,v 1.6 1998/12/07 21:47:22 millert Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include #include +static int rand_deterministic; static u_int next = 1; int -rand_r(seed) -u_int *seed; +rand_r(u_int *seed) { - *seed = *seed * 1103515245 + 12345; - return (*seed % ((u_int)RAND_MAX + 1)); + return (*seed & RAND_MAX); } +DEF_WEAK(rand_r); + +#if defined(APIWARN) +__warn_references(rand_r, + "rand_r() is not random, it is deterministic."); +#endif int -rand() +rand(void) { - + if (rand_deterministic == 0) + return (arc4random() & RAND_MAX); return (rand_r(&next)); } +#if defined(APIWARN) +__warn_references(rand, + "rand() may return deterministic values, is that what you want?"); +#endif + void -srand(seed) -u_int seed; +srand(u_int seed) { + rand_deterministic = 0; +} +void +srand_deterministic(u_int seed) +{ + rand_deterministic = 1; next = seed; } diff --git a/src/lib/libc/stdlib/rand48.3 b/src/lib/libc/stdlib/rand48.3 index 31a4fdf4ddb..cc54d9174c7 100644 --- a/src/lib/libc/stdlib/rand48.3 +++ b/src/lib/libc/stdlib/rand48.3 @@ -1,4 +1,4 @@ -\" Copyright (c) 1993 Martin Birgmeier +.\" Copyright (c) 1993 Martin Birgmeier .\" All rights reserved. .\" .\" You may redistribute unmodified or modified versions of this source @@ -9,10 +9,10 @@ .\" of any kind. I shall in no event be liable for anything that happens .\" to anyone/anything when using this software. .\" -.\" $OpenBSD: rand48.3,v 1.8 2001/08/06 10:42:26 mpech Exp $ +.\" $OpenBSD: rand48.3,v 1.20 2015/11/10 23:48:18 jmc Exp $ .\" -.Dd October 8, 1993 -.Dt RAND48 3 +.Dd $Mdocdate: November 10 2015 $ +.Dt DRAND48 3 .Os .Sh NAME .Nm drand48 , @@ -22,11 +22,14 @@ .Nm mrand48 , .Nm jrand48 , .Nm srand48 , +.Nm srand48_deterministic , .Nm seed48 , -.Nm lcong48 -.Nd pseudo random number generators and initialization routines +.Nm seed48_deterministic , +.Nm lcong48 , +.Nm lcong48_deterministic +.Nd pseudo-random number generators and initialization routines .Sh SYNOPSIS -.Fd #include +.In stdlib.h .Ft double .Fn drand48 void .Ft double @@ -41,25 +44,56 @@ .Fn jrand48 "unsigned short xseed[3]" .Ft void .Fn srand48 "long seed" +.Ft void +.Fn srand48_deterministic "long seed" .Ft "unsigned short *" .Fn seed48 "unsigned short xseed[3]" +.Ft "unsigned short *" +.Fn seed48_deterministic "unsigned short xseed[3]" .Ft void .Fn lcong48 "unsigned short p[7]" +.Ft void +.Fn lcong48_deterministic "unsigned short p[7]" .Sh DESCRIPTION -The -.Fn rand48 -family of functions generates pseudo-random numbers using a linear -congruential algorithm working on integers 48 bits in size. -The particular formula employed is -r(n+1) = (a * r(n) + c) mod m -where the default values are -for the multiplicand a = 0xfdeece66d = 25214903917 and -the addend c = 0xb = 11. -The modulus is always fixed at m = 2 ** 48. -r(n) is called the seed of the random number generator. +.Bf -symbolic +Standards insist that this interface return deterministic results. +Unsafe usage is very common, so +.Ox +changed the subsystem to return non-deterministic results by default. +.Ef .Pp -For all the six generator routines described next, the first -computational step is to perform a single iteration of the algorithm. +To satisfy portable code, +.Fn srand48 , +.Fn seed48 , +or +.Fn lcong48 +should be called to initialize the subsystem. +In +.Ox +the +seeding parameters are ignored, and strong random number results will be +provided from +.Xr arc4random 3 . +In other systems, the +parameters prime a simplistic deterministic algorithm. +.Pp +If the standardized behavior is required then +.Fn srand48_deterministic , +.Fn seed48_deterministic , +and +.Fn lcong48_deterministic +can be substituted for +.Fn srand48 , +.Fn seed48 , +and +.Fn lcong48 . +That will cause subsequent +calls to +.Fn drand48 , +.Fn lrand48 , +and +.Fn jrand48 +to return results using the deterministic algorithm. .Pp .Fn drand48 and @@ -67,7 +101,7 @@ and return values of type double. The full 48 bits of r(n+1) are loaded into the mantissa of the returned value, with the exponent set -such that the values produced lie in the interval [0.0, 1.0). +such that the values produced lie in the interval [0.0, 1.0]. .Pp .Fn lrand48 and @@ -85,6 +119,21 @@ return values of type long in the range [-2**31, 2**31-1]. The high-order (32) bits of r(n+1) are loaded into the returned value. .Pp +In the deterministic mode, the +.Fn rand48 +family of functions generates numbers using a linear congruential +algorithm working on integers 48 bits in size. +The particular formula employed is +r(n+1) = (a * r(n) + c) mod m +where the default values are +for the multiplicand a = 0xfdeece66d = 25214903917 and +the addend c = 0xb = 11. +The modulus is always fixed at m = 2 ** 48. +r(n) is called the seed of the random number generator. +.Pp +For all the six generator routines described next, the first +computational step is to perform a single iteration of the algorithm. +.Pp .Fn drand48 , .Fn lrand48 , and @@ -104,7 +153,7 @@ holds the least significant bits. .Pp All functions share the same multiplicand and addend. .Pp -.Fn srand48 +.Fn srand48_deterministic is used to initialize the internal buffer r(n) of .Fn drand48 , .Fn lrand48 , @@ -115,7 +164,7 @@ of r(n), with the lower 16 bits of r(n) arbitrarily being set to 0x330e. Additionally, the constant multiplicand and addend of the algorithm are reset to the default values given above. .Pp -.Fn seed48 +.Fn seed48_deterministic also initializes the internal buffer r(n) of .Fn drand48 , .Fn lrand48 , @@ -125,14 +174,14 @@ but here all 48 bits of the seed can be specified in an array of 3 shorts, where the zeroth member specifies the lowest bits. Again, the constant multiplicand and addend of the algorithm are reset to the default values given above. -.Fn seed48 +.Fn seed48_deterministic returns a pointer to an array of 3 shorts which contains the old seed. This array is statically allocated, so its contents are lost after each new call to -.Fn seed48 . +.Fn seed48_deterministic . .Pp Finally, -.Fn lcong48 +.Fn lcong48_deterministic allows full control over the multiplicand and addend used in .Fn drand48 , .Fn erand48 , @@ -154,12 +203,38 @@ It is thus not possible to use values greater than 0xffff as the addend. Note that all three methods of seeding the random number generator always also set the multiplicand and addend for any of the six generator calls. -.Pp -For a more powerful random number generator, see -.Xr random 3 -.Sh AUTHORS -Martin Birgmeier .Sh SEE ALSO .Xr arc4random 3 , .Xr rand 3 , .Xr random 3 +.Sh STANDARDS +The +.Fn drand48 , +.Fn erand48 , +.Fn jrand48 , +.Fn lrand48 , +.Fn mrand48 , +and +.Fn nrand48 , +functions conform to +.St -p1003.1-2008 . +.Pp +The +.Fn seed48 , +.Fn srand48 , +and +.Fn lcong48 +function do not conform to +.St -ansiC , +intentionally. +.Pp +The +.Fn seed48_deterministic , +.Fn srand48_deterministic , +and +.Fn lcong48_deterministic +functions are +.Ox +extensions. +.Sh AUTHORS +.An Martin Birgmeier diff --git a/src/lib/libc/stdlib/rand48.h b/src/lib/libc/stdlib/rand48.h index afa49f65f3c..7a719beba66 100644 --- a/src/lib/libc/stdlib/rand48.h +++ b/src/lib/libc/stdlib/rand48.h @@ -10,16 +10,22 @@ * of any kind. I shall in no event be liable for anything that happens * to anyone/anything when using this software. * - * $OpenBSD: rand48.h,v 1.3 2002/02/16 21:27:24 millert Exp $ + * $OpenBSD: rand48.h,v 1.6 2015/09/14 13:30:17 guenther Exp $ */ #ifndef _RAND48_H_ #define _RAND48_H_ -#include #include +__BEGIN_HIDDEN_DECLS +extern unsigned short __rand48_seed[3]; +extern unsigned short __rand48_mult[3]; +extern unsigned short __rand48_add; + void __dorand48(unsigned short[3]); +extern int __rand48_deterministic; +__END_HIDDEN_DECLS #define RAND48_SEED_0 (0x330e) #define RAND48_SEED_1 (0xabcd) diff --git a/src/lib/libc/stdlib/random.3 b/src/lib/libc/stdlib/random.3 index 3d4545651bb..020c72805f1 100644 --- a/src/lib/libc/stdlib/random.3 +++ b/src/lib/libc/stdlib/random.3 @@ -9,11 +9,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -29,80 +25,77 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: random.3,v 1.14 2001/09/06 15:04:34 mpech Exp $ +.\" $OpenBSD: random.3,v 1.28 2014/12/09 21:55:39 jmc Exp $ .\" -.Dd April 19, 1991 +.Dd $Mdocdate: December 9 2014 $ .Dt RANDOM 3 .Os .Sh NAME .Nm random , .Nm srandom , +.Nm srandom_deterministic , .Nm srandomdev , .Nm initstate , .Nm setstate -.Nd better random number generator; routines for changing generators +.Nd pseudo-random number generator; routines for changing generators .Sh SYNOPSIS -.Fd #include +.In stdlib.h .Ft long .Fn random void .Ft void .Fn srandom "unsigned int seed" .Ft void +.Fn srandom_deterministic "unsigned int seed" +.Ft void .Fn srandomdev void .Ft char * .Fn initstate "unsigned int seed" "char *state" "size_t n" .Ft char * -.Fn setstate "const char *state" +.Fn setstate "char *state" .Sh DESCRIPTION -The -.Fn random -function uses a non-linear additive feedback random number generator employing -a default table of size 31 long integers to return successive pseudo-random -numbers in the range from 0 to (2**31)\-1. -The period of this random number generator is very large, approximately -16*((2**31)\-1. +.Bf -symbolic +Standards insist that this interface return deterministic results. +Unsafe usage is very common, so +.Ox +changed the subsystem to return non-deterministic results by default. +.Ef .Pp -The -.Fn random -and +To satisfy portable code, .Fn srandom -functions have (almost) the same calling sequence and initialization -properties as -.Xr rand 3 Ns / Xr srand 3 . -The difference is that -.Xr rand -produces a much less random sequence \(em in fact, the low dozen bits -generated by rand go through a cyclic pattern. -All the bits generated by +or +.Fn srandomdev +may be called to initialize the subsystem. +In +.Ox +the +.Ar seed +variable is ignored, and strong random number results will be provided from +.Xr arc4random 3 . +In other systems, the +.Ar seed +variable primes a simplistic deterministic algorithm. +.Pp +If the standardized behavior is required +.Fn srandom_deterministic +can be substituted for +.Fn srandom , +then subsequent .Fn random -are usable. -For example, -.Sq Li random()&01 -will produce a random binary -value. +calls will return results using the deterministic algorithm. .Pp -Like -.Xr rand 3 , +In non-deterministic (default) mode, the .Fn random -will by default produce a sequence of numbers that can be duplicated -by calling -.Fn srandom -with -.Ql 1 -as the seed. +function returns results from +.Xr arc4random 3 +in the range from 0 to (2**31)\-1. .Pp -The -.Fn srandomdev -routine initialize a state array using the -.Xr arandom 4 -random number device which returns good random numbers, -suitable for cryptographic use. -Note that this particular seeding procedure can generate -states which are impossible to reproduce by calling -.Fn srandom -with any value, since the succeeding terms in the -state buffer are no longer derived from the LC algorithm applied to -a fixed seed. +In deterministic mode, the +.Fn random +function uses a non-linear additive feedback random number generator employing +a default table of size 31 long integers to return successive pseudo-random +numbers in the range from 0 to (2**31)\-1. +The period of this random number generator is very large, approximately +16*((2**31)\-1), but the results are a deterministic sequence from the seed. .Pp The .Fn initstate @@ -151,11 +144,12 @@ and is that the size of the state array does not have to be remembered after it is initialized. .Pp -With 256 bytes of state information, the period of the random number -generator is greater than 2**69 -which should be sufficient for most purposes. -.Sh AUTHORS -.An Earl T. Cohen +Use of +.Fn srandom_deterministic , +.Fn initstate , +or +.Fn setstate +forces the subsystem into deterministic mode. .Sh DIAGNOSTICS If .Fn initstate @@ -171,7 +165,6 @@ messages are printed on the standard error output. .Sh STANDARDS The .Fn random , -.Fn srandom , .Fn initstate , and .Fn setstate @@ -179,12 +172,23 @@ functions conform to .St -xpg4.2 . .Pp The +.Fn srandom +function does not conform to +.St -xpg4.2 , +intentionally. +.Pp +The .Fn srandomdev function is an extension. +.Pp +The +.Fn srandom_deterministic +function is an +.Ox +extension. .Sh HISTORY These functions appeared in .Bx 4.2 . -.Sh BUGS -About 2/3 the speed of -.Xr rand 3 . +.Sh AUTHORS +.An Earl T. Cohen diff --git a/src/lib/libc/stdlib/random.c b/src/lib/libc/stdlib/random.c index 5ce7c90ee9c..62a0c24bdbd 100644 --- a/src/lib/libc/stdlib/random.c +++ b/src/lib/libc/stdlib/random.c @@ -1,3 +1,4 @@ +/* $OpenBSD: random.c,v 1.31 2017/11/28 06:55:49 tb Exp $ */ /* * Copyright (c) 1983 Regents of the University of California. * All rights reserved. @@ -10,11 +11,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -31,17 +28,13 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: random.c,v 1.9 2000/04/04 14:27:00 millert Exp $"; -#endif /* LIBC_SCCS and not lint */ - -#include -#include #include #include #include #include +#include "thread_private.h" + /* * random.c: * @@ -58,10 +51,10 @@ static char *rcsid = "$OpenBSD: random.c,v 1.9 2000/04/04 14:27:00 millert Exp $ * congruential generator. If the amount of state information is less than * 32 bytes, a simple linear congruential R.N.G. is used. * - * Internally, the state information is treated as an array of longs; the + * Internally, the state information is treated as an array of int32_t; the * zeroeth element of the array is the type of R.N.G. being used (small * integer); the remainder of the array is the state information for the - * R.N.G. Thus, 32 bytes of state information will give 7 longs worth of + * R.N.G. Thus, 32 bytes of state information will give 7 int32_ts worth of * state information, which will allow a degree seven polynomial. (Note: * the zeroeth word of state information also has some other information * stored in it -- see setstate() for details). @@ -137,7 +130,7 @@ static int seps [MAX_TYPES] = { SEP_0, SEP_1, SEP_2, SEP_3, SEP_4 }; * MAX_TYPES * (rptr - state) + TYPE_3 == TYPE_3. */ -static long randtbl[DEG_3 + 1] = { +static int32_t randtbl[DEG_3 + 1] = { TYPE_3, 0x991539b1, 0x16a5bce3, 0x6774a4cd, 0x3e01511e, 0x4e508aaa, 0x61048c05, 0xf5500617, 0x846b7115, 0x6a19892c, 0x896a97af, 0xdb48f936, 0x14898454, @@ -161,8 +154,8 @@ static long randtbl[DEG_3 + 1] = { * in the initialization of randtbl) because the state table pointer is set * to point to randtbl[1] (as explained below). */ -static long *fptr = &randtbl[SEP_3 + 1]; -static long *rptr = &randtbl[1]; +static int32_t *fptr = &randtbl[SEP_3 + 1]; +static int32_t *rptr = &randtbl[1]; /* * The following things are the pointer to the state information table, the @@ -174,11 +167,19 @@ static long *rptr = &randtbl[1]; * this is more efficient than indexing every time to find the address of * the last element to see if the front and rear pointers have wrapped. */ -static long *state = &randtbl[1]; +static int32_t *state = &randtbl[1]; +static int32_t *end_ptr = &randtbl[DEG_3 + 1]; static int rand_type = TYPE_3; static int rand_deg = DEG_3; static int rand_sep = SEP_3; -static long *end_ptr = &randtbl[DEG_3 + 1]; + +static int random_deterministic; + +static void *random_mutex; +static long random_l(void); + +#define LOCK() _MUTEX_LOCK(&random_mutex) +#define UNLOCK() _MUTEX_UNLOCK(&random_mutex) /* * srandom: @@ -192,18 +193,19 @@ static long *end_ptr = &randtbl[DEG_3 + 1]; * introduced by the L.C.R.N.G. Note that the initialization of randtbl[] * for default usage relies on values produced by this routine. */ -void -srandom(x) - u_int x; +static void +srandom_l(unsigned int x) { - register long int test; - register int i; - ldiv_t val; + int i; + int32_t test; + div_t val; + random_deterministic = 1; if (rand_type == TYPE_0) state[0] = x; else { - state[0] = x; + /* A seed of 0 would result in state[] always being zero. */ + state[0] = x ? x : 1; for (i = 1; i < rand_deg; i++) { /* * Implement the following, without overflowing 31 bits: @@ -212,58 +214,35 @@ srandom(x) * * 2^31-1 (prime) = 2147483647 = 127773*16807+2836 */ - val = ldiv(state[i-1], 127773); + val = div(state[i-1], 127773); test = 16807 * val.rem - 2836 * val.quot; state[i] = test + (test < 0 ? 2147483647 : 0); } fptr = &state[rand_sep]; rptr = &state[0]; for (i = 0; i < 10 * rand_deg; i++) - (void)random(); + (void)random_l(); } } -/* - * srandomdev: - * - * Many programs choose the seed value in a totally predictable manner. - * This often causes problems. We seed the generator using the much more - * secure arandom(4) interface. Note that this particular seeding - * procedure can generate states which are impossible to reproduce by - * calling srandom() with any value, since the succeeding terms in the - * state buffer are no longer derived from the LC algorithm applied to - * a fixed seed. - */ void -srandomdev() +srandom(unsigned int x) { - int fd; - size_t len; - - if (rand_type == TYPE_0) - len = sizeof(state[0]); - else - len = rand_deg * sizeof(state[0]); - - if ((fd = open("/dev/arandom", O_RDONLY, 0)) != -1 && - read(fd, (void *) state, len) == (ssize_t) len) { - close(fd); - } else { - struct timeval tv; - u_int junk; + random_deterministic = 0; +} - /* XXX - this could be better */ - gettimeofday(&tv, NULL); - srandom(getpid() ^ tv.tv_sec ^ tv.tv_usec ^ junk); - if (fd != -1) - close(fd); - return; - } +void +srandomdev(void) +{ + random_deterministic = 0; /* back to the default */ +} - if (rand_type != TYPE_0) { - fptr = &state[rand_sep]; - rptr = &state[0]; - } +void +srandom_deterministic(unsigned int x) +{ + LOCK(); + srandom_l(x); + UNLOCK(); } /* @@ -286,19 +265,20 @@ srandomdev() * Returns a pointer to the old state. */ char * -initstate(seed, arg_state, n) - u_int seed; /* seed for R.N.G. */ - char *arg_state; /* pointer to state array */ - size_t n; /* # bytes of state info */ +initstate(u_int seed, char *arg_state, size_t n) { - register char *ostate = (char *)(&state[-1]); + char *ostate = (char *)(&state[-1]); + LOCK(); + random_deterministic = 1; if (rand_type == TYPE_0) state[-1] = rand_type; else state[-1] = MAX_TYPES * (rptr - state) + rand_type; - if (n < BREAK_0) + if (n < BREAK_0) { + UNLOCK(); return(NULL); + } if (n < BREAK_1) { rand_type = TYPE_0; rand_deg = DEG_0; @@ -320,13 +300,14 @@ initstate(seed, arg_state, n) rand_deg = DEG_4; rand_sep = SEP_4; } - state = &(((long *)arg_state)[1]); /* first location */ + state = &(((int32_t *)arg_state)[1]); /* first location */ end_ptr = &state[rand_deg]; /* must set end_ptr before srandom */ - srandom(seed); + srandom_l(seed); if (rand_type == TYPE_0) state[-1] = rand_type; else state[-1] = MAX_TYPES*(rptr - state) + rand_type; + UNLOCK(); return(ostate); } @@ -346,14 +327,15 @@ initstate(seed, arg_state, n) * Returns a pointer to the old state information. */ char * -setstate(arg_state) - const char *arg_state; +setstate(char *arg_state) { - register long *new_state = (long *)arg_state; - register int type = new_state[0] % MAX_TYPES; - register int rear = new_state[0] / MAX_TYPES; + int32_t *new_state = (int32_t *)arg_state; + int32_t type = new_state[0] % MAX_TYPES; + int32_t rear = new_state[0] / MAX_TYPES; char *ostate = (char *)(&state[-1]); + LOCK(); + random_deterministic = 1; if (rand_type == TYPE_0) state[-1] = rand_type; else @@ -369,6 +351,7 @@ setstate(arg_state) rand_sep = seps[type]; break; default: + UNLOCK(); return(NULL); } state = &new_state[1]; @@ -377,6 +360,7 @@ setstate(arg_state) fptr = &state[(rear + rand_sep) % rand_deg]; } end_ptr = &state[rand_deg]; /* set end_ptr too */ + UNLOCK(); return(ostate); } @@ -397,10 +381,13 @@ setstate(arg_state) * * Returns a 31-bit random number. */ -long -random() +static long +random_l(void) { - long i; + int32_t i; + + if (random_deterministic == 0) + return arc4random() & 0x7fffffff; if (rand_type == TYPE_0) i = state[0] = (state[0] * 1103515245 + 12345) & 0x7fffffff; @@ -413,5 +400,20 @@ random() } else if (++rptr >= end_ptr) rptr = state; } - return(i); + return((long)i); +} + +long +random(void) +{ + long r; + LOCK(); + r = random_l(); + UNLOCK(); + return r; } + +#if defined(APIWARN) +__warn_references(random, + "random() may return deterministic values, is that what you want?"); +#endif diff --git a/src/lib/libc/stdlib/reallocarray.c b/src/lib/libc/stdlib/reallocarray.c new file mode 100644 index 00000000000..baea252a874 --- /dev/null +++ b/src/lib/libc/stdlib/reallocarray.c @@ -0,0 +1,39 @@ +/* $OpenBSD: reallocarray.c,v 1.3 2015/09/13 08:31:47 guenther Exp $ */ +/* + * Copyright (c) 2008 Otto Moerbeek + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include +#include +#include + +/* + * This is sqrt(SIZE_MAX+1), as s1*s2 <= SIZE_MAX + * if both s1 < MUL_NO_OVERFLOW and s2 < MUL_NO_OVERFLOW + */ +#define MUL_NO_OVERFLOW ((size_t)1 << (sizeof(size_t) * 4)) + +void * +reallocarray(void *optr, size_t nmemb, size_t size) +{ + if ((nmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) && + nmemb > 0 && SIZE_MAX / nmemb < size) { + errno = ENOMEM; + return NULL; + } + return realloc(optr, size * nmemb); +} +DEF_WEAK(reallocarray); diff --git a/src/lib/libc/stdlib/realpath.3 b/src/lib/libc/stdlib/realpath.3 index 56fbea9edea..5966b380588 100644 --- a/src/lib/libc/stdlib/realpath.3 +++ b/src/lib/libc/stdlib/realpath.3 @@ -12,11 +12,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -32,19 +28,19 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: realpath.3,v 1.8 2001/04/23 15:30:25 aaron Exp $ +.\" $OpenBSD: realpath.3,v 1.19 2014/01/20 22:40:06 schwarze Exp $ .\" -.Dd February 16, 1994 +.Dd $Mdocdate: January 20 2014 $ .Dt REALPATH 3 .Os .Sh NAME .Nm realpath .Nd returns the canonicalized absolute pathname .Sh SYNOPSIS -.Fd #include -.Fd #include +.In limits.h +.In stdlib.h .Ft "char *" -.Fn realpath "const char *pathname" "char resolvedname[MAXPATHLEN]" +.Fn realpath "const char *pathname" "char *resolved" .Sh DESCRIPTION The .Fn realpath @@ -57,14 +53,15 @@ and in .Fa pathname , and copies the resulting absolute pathname into the memory referenced by -.Fa resolvedname . +.Fa resolved . The -.Fa resolvedname +.Fa resolved argument .Em must refer to a buffer capable of storing at least -.Dv MAXPATHLEN -characters. +.Dv PATH_MAX +characters, or be +.Dv NULL . .Pp The .Fn realpath @@ -76,33 +73,49 @@ All but the last component of must exist when .Fn realpath is called. -.Sh "RETURN VALUES" +.Sh RETURN VALUES The .Fn realpath function returns -.Fa resolvedname +.Fa resolved on success. +If +.Fa resolved +is +.Dv NULL +and no error occurred, then +.Fn realpath +returns a NUL-terminated string in a newly allocated buffer. If an error occurs, .Fn realpath returns -.Dv NULL , -and -.Fa resolvedname -contains the pathname which caused the problem. +.Dv NULL +and the contents of +.Fa resolved +are undefined. .Sh ERRORS The function .Fn realpath may fail and set the external variable .Va errno for any of the errors specified for the library functions -.Xr chdir 2 , -.Xr close 2 , -.Xr fchdir 2 , .Xr lstat 2 , -.Xr open 2 , .Xr readlink 2 , and .Xr getcwd 3 . +.Sh SEE ALSO +.Xr readlink 1 , +.Xr getcwd 3 +.Sh STANDARDS +The +.Fn realpath +function conforms to +.St -p1003.1-2008 . +.Sh HISTORY +The +.Fn realpath +function call first appeared in +.Bx 4.4 . .Sh CAVEATS This implementation of .Fn realpath @@ -112,13 +125,6 @@ The version always returns absolute pathnames, whereas the Solaris implementation will, under certain circumstances, return a relative -.Fa resolvedname +.Fa resolved when given a relative .Fa pathname . -.Sh SEE ALSO -.Xr getcwd 3 -.Sh HISTORY -The -.Fn realpath -function call first appeared in -.Bx 4.4 . diff --git a/src/lib/libc/stdlib/realpath.c b/src/lib/libc/stdlib/realpath.c index d01b19e0f2e..5d226d9abc8 100644 --- a/src/lib/libc/stdlib/realpath.c +++ b/src/lib/libc/stdlib/realpath.c @@ -1,9 +1,6 @@ +/* $OpenBSD: realpath.c,v 1.22 2017/12/24 01:50:50 millert Exp $ */ /* - * Copyright (c) 1994 - * The Regents of the University of California. All rights reserved. - * - * This code is derived from software contributed to Berkeley by - * Jan-Simon Pendry. + * Copyright (c) 2003 Constantin S. Svintsoff * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -13,18 +10,14 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * 3. The names of the authors may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) @@ -34,133 +27,207 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: realpath.c,v 1.7 2002/05/24 21:22:37 deraadt Exp $"; -#endif /* LIBC_SCCS and not lint */ - -#include -#include - #include -#include #include #include #include +#include + +/* A slightly modified copy of this file exists in libexec/ld.so */ /* - * char *realpath(const char *path, char resolved_path[MAXPATHLEN]); + * char *realpath(const char *path, char resolved[PATH_MAX]); * * Find the real name of path, by removing all ".", ".." and symlink * components. Returns (resolved) on success, or (NULL) on failure, * in which case the path which caused trouble is left in (resolved). */ char * -realpath(path, resolved) - const char *path; - char *resolved; +realpath(const char *path, char *resolved) { - struct stat sb; - int fd, n, rootd, serrno; - char *p, *q, wbuf[MAXPATHLEN]; - int symlinks = 0; - - /* Save the starting point. */ - if ((fd = open(".", O_RDONLY)) < 0) { - (void)strlcpy(resolved, ".", MAXPATHLEN); + const char *p; + char *q; + size_t left_len, resolved_len, next_token_len; + unsigned symlinks; + int serrno, mem_allocated; + ssize_t slen; + char left[PATH_MAX], next_token[PATH_MAX], symlink[PATH_MAX]; + + if (path == NULL) { + errno = EINVAL; return (NULL); } - /* Convert "." -> "" to optimize away a needless lstat() and chdir() */ - if (path[0] == '.' && path[1] == '\0') - path = ""; + if (path[0] == '\0') { + errno = ENOENT; + return (NULL); + } - /* - * Find the dirname and basename from the path to be resolved. - * Change directory to the dirname component. - * lstat the basename part. - * if it is a symlink, read in the value and loop. - * if it is a directory, then change to that directory. - * get the current directory name and append the basename. - */ - strlcpy(resolved, path, MAXPATHLEN); -loop: - q = strrchr(resolved, '/'); - if (q != NULL) { - p = q + 1; - if (q == resolved) - q = "/"; - else { - do { - --q; - } while (q > resolved && *q == '/'); - q[1] = '\0'; - q = resolved; - } - if (chdir(q) < 0) - goto err1; + serrno = errno; + + if (resolved == NULL) { + resolved = malloc(PATH_MAX); + if (resolved == NULL) + return (NULL); + mem_allocated = 1; } else - p = resolved; + mem_allocated = 0; - /* Deal with the last component. */ - if (*p != '\0' && lstat(p, &sb) == 0) { - if (S_ISLNK(sb.st_mode)) { - if (++symlinks > MAXSYMLINKS) { - errno = ELOOP; - goto err1; - } - n = readlink(p, resolved, MAXPATHLEN-1); - if (n < 0) - goto err1; - resolved[n] = '\0'; - goto loop; - } - if (S_ISDIR(sb.st_mode)) { - if (chdir(p) < 0) - goto err1; - p = ""; + symlinks = 0; + if (path[0] == '/') { + resolved[0] = '/'; + resolved[1] = '\0'; + if (path[1] == '\0') + return (resolved); + resolved_len = 1; + left_len = strlcpy(left, path + 1, sizeof(left)); + } else { + if (getcwd(resolved, PATH_MAX) == NULL) { + if (mem_allocated) + free(resolved); + else + strlcpy(resolved, ".", PATH_MAX); + return (NULL); } + resolved_len = strlen(resolved); + left_len = strlcpy(left, path, sizeof(left)); + } + if (left_len >= sizeof(left)) { + errno = ENAMETOOLONG; + goto err; } /* - * Save the last component name and get the full pathname of - * the current directory. + * Iterate over path components in `left'. */ - (void)strlcpy(wbuf, p, sizeof wbuf); - if (getcwd(resolved, MAXPATHLEN) == 0) - goto err1; + while (left_len != 0) { + /* + * Extract the next path component and adjust `left' + * and its length. + */ + p = strchr(left, '/'); - /* - * Join the two strings together, ensuring that the right thing - * happens if the last component is empty, or the dirname is root. - */ - if (resolved[0] == '/' && resolved[1] == '\0') - rootd = 1; - else - rootd = 0; + next_token_len = p ? (size_t) (p - left) : left_len; + memcpy(next_token, left, next_token_len); + next_token[next_token_len] = '\0'; - if (*wbuf) { - if (strlen(resolved) + strlen(wbuf) + rootd + 1 > MAXPATHLEN) { + if (p != NULL) { + left_len -= next_token_len + 1; + memmove(left, p + 1, left_len + 1); + } else { + left[0] = '\0'; + left_len = 0; + } + + if (resolved[resolved_len - 1] != '/') { + if (resolved_len + 1 >= PATH_MAX) { + errno = ENAMETOOLONG; + goto err; + } + resolved[resolved_len++] = '/'; + resolved[resolved_len] = '\0'; + } + if (next_token[0] == '\0') + continue; + else if (strcmp(next_token, ".") == 0) + continue; + else if (strcmp(next_token, "..") == 0) { + /* + * Strip the last path component except when we have + * single "/" + */ + if (resolved_len > 1) { + resolved[resolved_len - 1] = '\0'; + q = strrchr(resolved, '/') + 1; + *q = '\0'; + resolved_len = q - resolved; + } + continue; + } + + /* + * Append the next path component and readlink() it. If + * readlink() fails we still can return successfully if + * it exists but isn't a symlink, or if there are no more + * path components left. + */ + resolved_len = strlcat(resolved, next_token, PATH_MAX); + if (resolved_len >= PATH_MAX) { errno = ENAMETOOLONG; - goto err1; + goto err; } - if (rootd == 0) - (void)strcat(resolved, "/"); - (void)strcat(resolved, wbuf); - } + slen = readlink(resolved, symlink, sizeof(symlink)); + if (slen < 0) { + switch (errno) { + case EINVAL: + /* not a symlink, continue to next component */ + continue; + case ENOENT: + if (p == NULL) { + errno = serrno; + return (resolved); + } + /* FALLTHROUGH */ + default: + goto err; + } + } else if (slen == 0) { + errno = EINVAL; + goto err; + } else if (slen == sizeof(symlink)) { + errno = ENAMETOOLONG; + goto err; + } else { + if (symlinks++ > SYMLOOP_MAX) { + errno = ELOOP; + goto err; + } + + symlink[slen] = '\0'; + if (symlink[0] == '/') { + resolved[1] = 0; + resolved_len = 1; + } else { + /* Strip the last path component. */ + q = strrchr(resolved, '/') + 1; + *q = '\0'; + resolved_len = q - resolved; + } - /* Go back to where we came from. */ - if (fchdir(fd) < 0) { - serrno = errno; - goto err2; + /* + * If there are any path components left, then + * append them to symlink. The result is placed + * in `left'. + */ + if (p != NULL) { + if (symlink[slen - 1] != '/') { + if (slen + 1 >= sizeof(symlink)) { + errno = ENAMETOOLONG; + goto err; + } + symlink[slen] = '/'; + symlink[slen + 1] = 0; + } + left_len = strlcat(symlink, left, sizeof(symlink)); + if (left_len >= sizeof(symlink)) { + errno = ENAMETOOLONG; + goto err; + } + } + left_len = strlcpy(left, symlink, sizeof(left)); + } } - /* It's okay if the close fails, what's an fd more or less? */ - (void)close(fd); + /* + * Remove trailing slash except when the resolved pathname + * is a single "/". + */ + if (resolved_len > 1 && resolved[resolved_len - 1] == '/') + resolved[resolved_len - 1] = '\0'; return (resolved); -err1: serrno = errno; - (void)fchdir(fd); -err2: (void)close(fd); - errno = serrno; +err: + if (mem_allocated) + free(resolved); return (NULL); } diff --git a/src/lib/libc/stdlib/recallocarray.c b/src/lib/libc/stdlib/recallocarray.c new file mode 100644 index 00000000000..a2f37fe81a9 --- /dev/null +++ b/src/lib/libc/stdlib/recallocarray.c @@ -0,0 +1,81 @@ +/* $OpenBSD: recallocarray.c,v 1.1 2017/03/06 18:44:21 otto Exp $ */ +/* + * Copyright (c) 2008, 2017 Otto Moerbeek + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include +#include +#include +#include + +/* + * This is sqrt(SIZE_MAX+1), as s1*s2 <= SIZE_MAX + * if both s1 < MUL_NO_OVERFLOW and s2 < MUL_NO_OVERFLOW + */ +#define MUL_NO_OVERFLOW ((size_t)1 << (sizeof(size_t) * 4)) + +void * +recallocarray(void *ptr, size_t oldnmemb, size_t newnmemb, size_t size) +{ + size_t oldsize, newsize; + void *newptr; + + if (ptr == NULL) + return calloc(newnmemb, size); + + if ((newnmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) && + newnmemb > 0 && SIZE_MAX / newnmemb < size) { + errno = ENOMEM; + return NULL; + } + newsize = newnmemb * size; + + if ((oldnmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) && + oldnmemb > 0 && SIZE_MAX / oldnmemb < size) { + errno = EINVAL; + return NULL; + } + oldsize = oldnmemb * size; + + /* + * Don't bother too much if we're shrinking just a bit, + * we do not shrink for series of small steps, oh well. + */ + if (newsize <= oldsize) { + size_t d = oldsize - newsize; + + if (d < oldsize / 2 && d < getpagesize()) { + memset((char *)ptr + newsize, 0, d); + return ptr; + } + } + + newptr = malloc(newsize); + if (newptr == NULL) + return NULL; + + if (newsize > oldsize) { + memcpy(newptr, ptr, oldsize); + memset((char *)newptr + oldsize, 0, newsize - oldsize); + } else + memcpy(newptr, ptr, newsize); + + explicit_bzero(ptr, oldsize); + free(ptr); + + return newptr; +} +DEF_WEAK(recallocarray); diff --git a/src/lib/libc/stdlib/remque.c b/src/lib/libc/stdlib/remque.c new file mode 100644 index 00000000000..71b74b2dce0 --- /dev/null +++ b/src/lib/libc/stdlib/remque.c @@ -0,0 +1,48 @@ +/* $OpenBSD: remque.c,v 1.3 2014/08/15 04:14:36 guenther Exp $ */ + +/* + * Copyright (c) 1993 John Brezak + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#include +#include + +struct qelem { + struct qelem *q_forw; + struct qelem *q_back; +}; + +void +remque(void *element) +{ + struct qelem *e = element; + + if (e->q_forw != NULL) + e->q_forw->q_back = e->q_back; + if (e->q_back != NULL) + e->q_back->q_forw = e->q_forw; +} diff --git a/src/lib/libc/stdlib/seed48.c b/src/lib/libc/stdlib/seed48.c index c4dcd0ead80..b4b4424c73b 100644 --- a/src/lib/libc/stdlib/seed48.c +++ b/src/lib/libc/stdlib/seed48.c @@ -1,3 +1,4 @@ +/* $OpenBSD: seed48.c,v 1.6 2015/09/13 15:20:40 guenther Exp $ */ /* * Copyright (c) 1993 Martin Birgmeier * All rights reserved. @@ -11,21 +12,24 @@ * to anyone/anything when using this software. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$OpenBSD: seed48.c,v 1.2 1996/08/19 08:33:48 tholo Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include "rand48.h" -extern unsigned short __rand48_seed[3]; -extern unsigned short __rand48_mult[3]; -extern unsigned short __rand48_add; - unsigned short * seed48(unsigned short xseed[3]) +{ + unsigned short *res; + + res = seed48_deterministic(xseed); + __rand48_deterministic = 0; + return res; +} + +unsigned short * +seed48_deterministic(unsigned short xseed[3]) { static unsigned short sseed[3]; + __rand48_deterministic = 1; sseed[0] = __rand48_seed[0]; sseed[1] = __rand48_seed[1]; sseed[2] = __rand48_seed[2]; @@ -38,3 +42,4 @@ seed48(unsigned short xseed[3]) __rand48_add = RAND48_ADD; return sseed; } +DEF_WEAK(seed48_deterministic); diff --git a/src/lib/libc/stdlib/setenv.c b/src/lib/libc/stdlib/setenv.c index fc7c67a5db6..15c550ba30b 100644 --- a/src/lib/libc/stdlib/setenv.c +++ b/src/lib/libc/stdlib/setenv.c @@ -1,3 +1,4 @@ +/* $OpenBSD: setenv.c,v 1.19 2016/09/21 04:38:56 guenther Exp $ */ /* * Copyright (c) 1987 Regents of the University of California. * All rights reserved. @@ -10,11 +11,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -31,68 +28,120 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: setenv.c,v 1.4 2001/07/09 06:57:45 deraadt Exp $"; -#endif /* LIBC_SCCS and not lint */ - +#include #include #include +static char **lastenv; /* last value of environ */ + +/* + * putenv -- + * Add a name=value string directly to the environmental, replacing + * any current value. + */ +int +putenv(char *str) +{ + char **P, *cp; + size_t cnt = 0; + int offset = 0; + + for (cp = str; *cp && *cp != '='; ++cp) + ; + if (*cp != '=') { + errno = EINVAL; + return (-1); /* missing `=' in string */ + } + + if (__findenv(str, (int)(cp - str), &offset) != NULL) { + environ[offset++] = str; + /* could be set multiple times */ + while (__findenv(str, (int)(cp - str), &offset)) { + for (P = &environ[offset];; ++P) + if (!(*P = *(P + 1))) + break; + } + return (0); + } + + /* create new slot for string */ + if (environ != NULL) { + for (P = environ; *P != NULL; P++) + ; + cnt = P - environ; + } + P = reallocarray(lastenv, cnt + 2, sizeof(char *)); + if (!P) + return (-1); + if (lastenv != environ && environ != NULL) + memcpy(P, environ, cnt * sizeof(char *)); + lastenv = environ = P; + environ[cnt] = str; + environ[cnt + 1] = NULL; + return (0); +} +DEF_WEAK(putenv); + /* * setenv -- * Set the value of the environmental variable "name" to be * "value". If rewrite is set, replace any current value. */ int -setenv(name, value, rewrite) - register const char *name; - register const char *value; - int rewrite; +setenv(const char *name, const char *value, int rewrite) { - extern char **environ; - static int alloced; /* if allocated space before */ - register char *C; - int l_value, offset; - char *__findenv(); + char *C, **P; + const char *np; + int l_value, offset = 0; + + if (!name || !*name) { + errno = EINVAL; + return (-1); + } + for (np = name; *np && *np != '='; ++np) + ; + if (*np) { + errno = EINVAL; + return (-1); /* has `=' in name */ + } - if (*value == '=') /* no `=' in value */ - ++value; l_value = strlen(value); - if ((C = __findenv(name, &offset))) { /* find if already exists */ + if ((C = __findenv(name, (int)(np - name), &offset)) != NULL) { + int tmpoff = offset + 1; if (!rewrite) return (0); +#if 0 /* XXX - existing entry may not be writable */ if (strlen(C) >= l_value) { /* old larger; copy over */ while ((*C++ = *value++)) ; return (0); } +#endif + /* could be set multiple times */ + while (__findenv(name, (int)(np - name), &tmpoff)) { + for (P = &environ[tmpoff];; ++P) + if (!(*P = *(P + 1))) + break; + } } else { /* create new slot */ - register int cnt; - register char **P; + size_t cnt = 0; - for (P = environ, cnt = 0; *P; ++P, ++cnt); - if (alloced) { /* just increase size */ - P = (char **)realloc((void *)environ, - (size_t)(sizeof(char *) * (cnt + 2))); - if (!P) - return (-1); - environ = P; - } - else { /* get new space */ - alloced = 1; /* copy old entries into it */ - P = (char **)malloc((size_t)(sizeof(char *) * - (cnt + 2))); - if (!P) - return (-1); - bcopy(environ, P, cnt * sizeof(char *)); - environ = P; + if (environ != NULL) { + for (P = environ; *P != NULL; P++) + ; + cnt = P - environ; } - environ[cnt + 1] = NULL; + P = reallocarray(lastenv, cnt + 2, sizeof(char *)); + if (!P) + return (-1); + if (lastenv != environ && environ != NULL) + memcpy(P, environ, cnt * sizeof(char *)); + lastenv = environ = P; offset = cnt; + environ[cnt + 1] = NULL; } - for (C = (char *)name; *C && *C != '='; ++C); /* no `=' in name */ if (!(environ[offset] = /* name + `=' + value */ - malloc((size_t)((int)(C - name) + l_value + 2)))) + malloc((int)(np - name) + l_value + 2))) return (-1); for (C = environ[offset]; (*C = *name++) && *C != '='; ++C) ; @@ -100,22 +149,36 @@ setenv(name, value, rewrite) ; return (0); } +DEF_WEAK(setenv); /* * unsetenv(name) -- * Delete environmental variable "name". */ -void -unsetenv(name) - const char *name; +int +unsetenv(const char *name) { - extern char **environ; - register char **P; - int offset; - char *__findenv(); + char **P; + const char *np; + int offset = 0; - while (__findenv(name, &offset)) /* if set multiple times */ + if (!name || !*name) { + errno = EINVAL; + return (-1); + } + for (np = name; *np && *np != '='; ++np) + ; + if (*np) { + errno = EINVAL; + return (-1); /* has `=' in name */ + } + + /* could be set multiple times */ + while (__findenv(name, (int)(np - name), &offset)) { for (P = &environ[offset];; ++P) if (!(*P = *(P + 1))) break; + } + return (0); } +DEF_WEAK(unsetenv); diff --git a/src/lib/libc/stdlib/srand48.c b/src/lib/libc/stdlib/srand48.c index fcff8a172ec..d41391d4452 100644 --- a/src/lib/libc/stdlib/srand48.c +++ b/src/lib/libc/stdlib/srand48.c @@ -1,3 +1,4 @@ +/* $OpenBSD: srand48.c,v 1.6 2015/09/13 08:31:48 guenther Exp $ */ /* * Copyright (c) 1993 Martin Birgmeier * All rights reserved. @@ -11,19 +12,21 @@ * to anyone/anything when using this software. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char rcsid[] = "$OpenBSD: srand48.c,v 1.2 1996/08/19 08:33:49 tholo Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include "rand48.h" -extern unsigned short __rand48_seed[3]; -extern unsigned short __rand48_mult[3]; -extern unsigned short __rand48_add; +int __rand48_deterministic; void srand48(long seed) { + srand48_deterministic(seed); + __rand48_deterministic = 0; +} + +void +srand48_deterministic(long seed) +{ + __rand48_deterministic = 1; __rand48_seed[0] = RAND48_SEED_0; __rand48_seed[1] = (unsigned short) seed; __rand48_seed[2] = (unsigned short) (seed >> 16); @@ -32,3 +35,4 @@ srand48(long seed) __rand48_mult[2] = RAND48_MULT_2; __rand48_add = RAND48_ADD; } +DEF_WEAK(srand48_deterministic); diff --git a/src/lib/libc/stdlib/strtod.3 b/src/lib/libc/stdlib/strtod.3 index 4e04f6738e2..0561f3615d7 100644 --- a/src/lib/libc/stdlib/strtod.3 +++ b/src/lib/libc/stdlib/strtod.3 @@ -13,11 +13,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -33,20 +29,26 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: strtod.3,v 1.7 2000/04/20 13:50:03 aaron Exp $ +.\" $OpenBSD: strtod.3,v 1.22 2019/01/16 12:55:49 schwarze Exp $ .\" -.Dd June 29, 1991 +.Dd $Mdocdate: January 16 2019 $ .Dt STRTOD 3 .Os .Sh NAME -.Nm strtod -.Nd convert -.Tn ASCII -string to double +.Nm strtod , +.Nm strtof , +.Nm strtold +.Nd convert ASCII string to double, float or long double .Sh SYNOPSIS -.Fd #include +.In stdlib.h .Ft double .Fn strtod "const char *nptr" "char **endptr" +.Pp +.Ft float +.Fn strtof "const char *nptr" "char **endptr" +.Pp +.Ft long double +.Fn strtold "const char *nptr" "char **endptr" .Sh DESCRIPTION The .Fn strtod @@ -55,6 +57,20 @@ function converts the initial portion of the string pointed to by to .Li double representation. +The +.Fn strtof +function converts the initial portion of the string pointed to by +.Fa nptr +to +.Li float +representation. +The +.Fn strtold +function converts the initial portion of the string pointed to by +.Fa nptr +to +.Li long double +representation. .Pp The expected form of the string is an optional plus .Pq Ql + @@ -68,13 +84,41 @@ or .Sq e , followed by an optional plus or minus sign, followed by a sequence of digits. .Pp -Leading whitespace characters in the string (as defined by the +Alternatively, if the portion of the string following the optional +plus or minus sign begins with +.Dq INF +or +.Dq NAN , +ignoring case, it is interpreted as an infinity or a quiet \*(Na, +respectively. +The syntax +.Dq NAN Ns Pq Ar s , +where +.Ar s +is an alphanumeric string, produces the same value as the call +.Fo nan +.Qq Ar s Ns +.Fc +(respectively, +.Fo nanf +.Qq Ar s Ns +.Fc +and +.Fo nanl +.Qq Ar s Ns +.Fc ) . +.Pp +In any of the above cases, leading whitespace characters in the +string (as defined by the .Xr isspace 3 function) are skipped. .Sh RETURN VALUES The -.Fn strtod -function returns the converted value, if any. +.Fn strtod , +.Fn strtof +and +.Fn strtold +functions return the converted value, if any. .Pp If .Fa endptr @@ -114,4 +158,19 @@ Overflow or underflow occurred. The .Fn strtod function conforms to -.St -ansiC . +.St -ansiC-89 . +The +.Fn strtof +and +.Fn strtold +functions conform to +.St -isoC-99 . +.Sh CAVEATS +On systems other than +.Ox , +the +.Dv LC_NUMERIC +.Xr locale 1 +category can cause parsing failures; see CAVEATS in +.Xr setlocale 3 +for details. diff --git a/src/lib/libc/stdlib/strtod.c b/src/lib/libc/stdlib/strtod.c deleted file mode 100644 index ce7ce9fe562..00000000000 --- a/src/lib/libc/stdlib/strtod.c +++ /dev/null @@ -1,2528 +0,0 @@ -/**************************************************************** - * - * The author of this software is David M. Gay. - * - * Copyright (c) 1991 by AT&T. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose without fee is hereby granted, provided that this entire notice - * is included in all copies of any software which is or includes a copy - * or modification of this software and in all copies of the supporting - * documentation for such software. - * - * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR IMPLIED - * WARRANTY. IN PARTICULAR, NEITHER THE AUTHOR NOR AT&T MAKES ANY - * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE MERCHANTABILITY - * OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR PURPOSE. - * - ***************************************************************/ - -/* Please send bug reports to - David M. Gay - AT&T Bell Laboratories, Room 2C-463 - 600 Mountain Avenue - Murray Hill, NJ 07974-2070 - U.S.A. - dmg@research.att.com or research!dmg - */ - -/* strtod for IEEE-, VAX-, and IBM-arithmetic machines. - * - * This strtod returns a nearest machine number to the input decimal - * string (or sets errno to ERANGE). With IEEE arithmetic, ties are - * broken by the IEEE round-even rule. Otherwise ties are broken by - * biased rounding (add half and chop). - * - * Inspired loosely by William D. Clinger's paper "How to Read Floating - * Point Numbers Accurately" [Proc. ACM SIGPLAN '90, pp. 92-101]. - * - * Modifications: - * - * 1. We only require IEEE, IBM, or VAX double-precision - * arithmetic (not IEEE double-extended). - * 2. We get by with floating-point arithmetic in a case that - * Clinger missed -- when we're computing d * 10^n - * for a small integer d and the integer n is not too - * much larger than 22 (the maximum integer k for which - * we can represent 10^k exactly), we may be able to - * compute (d*10^k) * 10^(e-k) with just one roundoff. - * 3. Rather than a bit-at-a-time adjustment of the binary - * result in the hard case, we use floating-point - * arithmetic to determine the adjustment to within - * one bit; only in really hard cases do we need to - * compute a second residual. - * 4. Because of 3., we don't need a large table of powers of 10 - * for ten-to-e (just some small tables, e.g. of 10^k - * for 0 <= k <= 22). - */ - -/* - * #define IEEE_LITTLE_ENDIAN for IEEE-arithmetic machines where the least - * significant byte has the lowest address. - * #define IEEE_BIG_ENDIAN for IEEE-arithmetic machines where the most - * significant byte has the lowest address. - * #define Long int on machines with 32-bit ints and 64-bit longs. - * #define Sudden_Underflow for IEEE-format machines without gradual - * underflow (i.e., that flush to zero on underflow). - * #define IBM for IBM mainframe-style floating-point arithmetic. - * #define VAX for VAX-style floating-point arithmetic. - * #define Unsigned_Shifts if >> does treats its left operand as unsigned. - * #define No_leftright to omit left-right logic in fast floating-point - * computation of dtoa. - * #define Check_FLT_ROUNDS if FLT_ROUNDS can assume the values 2 or 3. - * #define RND_PRODQUOT to use rnd_prod and rnd_quot (assembly routines - * that use extended-precision instructions to compute rounded - * products and quotients) with IBM. - * #define ROUND_BIASED for IEEE-format with biased rounding. - * #define Inaccurate_Divide for IEEE-format with correctly rounded - * products but inaccurate quotients, e.g., for Intel i860. - * #define Just_16 to store 16 bits per 32-bit Long when doing high-precision - * integer arithmetic. Whether this speeds things up or slows things - * down depends on the machine and the number being converted. - * #define KR_headers for old-style C function headers. - * #define Bad_float_h if your system lacks a float.h or if it does not - * define some or all of DBL_DIG, DBL_MAX_10_EXP, DBL_MAX_EXP, - * FLT_RADIX, FLT_ROUNDS, and DBL_MAX. - * #define MALLOC your_malloc, where your_malloc(n) acts like malloc(n) - * if memory is available and otherwise does something you deem - * appropriate. If MALLOC is undefined, malloc will be invoked - * directly -- and assumed always to succeed. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: strtod.c,v 1.15 2002/02/19 19:39:37 millert Exp $"; -#endif /* LIBC_SCCS and not lint */ - -#if defined(__m68k__) || defined(__sparc__) || defined(__i386__) || \ - defined(__mips__) || defined(__ns32k__) || defined(__alpha__) || \ - defined(__powerpc__) || defined(__m88k__) || defined(__hppa__) -#include -#if BYTE_ORDER == BIG_ENDIAN -#define IEEE_BIG_ENDIAN -#else -#define IEEE_LITTLE_ENDIAN -#endif -#endif - -#ifdef __arm32__ -/* - * Although the CPU is little endian the FP has different - * byte and word endianness. The byte order is still little endian - * but the word order is big endian. - */ -#define IEEE_BIG_ENDIAN -#endif - -#ifdef __vax__ -#define VAX -#endif - -#define Long int32_t -#define ULong u_int32_t - -#ifdef DEBUG -#include "stdio.h" -#define Bug(x) {fprintf(stderr, "%s\n", x); exit(1);} -#endif - -#ifdef __cplusplus -#include "malloc.h" -#include "memory.h" -#else -#ifndef KR_headers -#include "stdlib.h" -#include "string.h" -#include "locale.h" -#else -#include "malloc.h" -#include "memory.h" -#endif -#endif - -#ifdef MALLOC -#ifdef KR_headers -extern char *MALLOC(); -#else -extern void *MALLOC(size_t); -#endif -#else -#define MALLOC malloc -#endif - -#include "ctype.h" -#include "errno.h" - -#ifdef Bad_float_h -#ifdef IEEE_BIG_ENDIAN -#define IEEE_ARITHMETIC -#endif -#ifdef IEEE_LITTLE_ENDIAN -#define IEEE_ARITHMETIC -#endif - -#ifdef IEEE_ARITHMETIC -#define DBL_DIG 15 -#define DBL_MAX_10_EXP 308 -#define DBL_MAX_EXP 1024 -#define FLT_RADIX 2 -#define FLT_ROUNDS 1 -#define DBL_MAX 1.7976931348623157e+308 -#endif - -#ifdef IBM -#define DBL_DIG 16 -#define DBL_MAX_10_EXP 75 -#define DBL_MAX_EXP 63 -#define FLT_RADIX 16 -#define FLT_ROUNDS 0 -#define DBL_MAX 7.2370055773322621e+75 -#endif - -#ifdef VAX -#define DBL_DIG 16 -#define DBL_MAX_10_EXP 38 -#define DBL_MAX_EXP 127 -#define FLT_RADIX 2 -#define FLT_ROUNDS 1 -#define DBL_MAX 1.7014118346046923e+38 -#endif - -#ifndef LONG_MAX -#define LONG_MAX 2147483647 -#endif -#else -#include "float.h" -#endif -#ifndef __MATH_H__ -#include "math.h" -#endif - -#ifdef __cplusplus -extern "C" { -#endif - -#ifndef CONST -#ifdef KR_headers -#define CONST /* blank */ -#else -#define CONST const -#endif -#endif - -#ifdef Unsigned_Shifts -#define Sign_Extend(a,b) if (b < 0) a |= 0xffff0000; -#else -#define Sign_Extend(a,b) /*no-op*/ -#endif - -#if defined(IEEE_LITTLE_ENDIAN) + defined(IEEE_BIG_ENDIAN) + defined(VAX) + \ - defined(IBM) != 1 -Exactly one of IEEE_LITTLE_ENDIAN IEEE_BIG_ENDIAN, VAX, or -IBM should be defined. -#endif - -typedef union { - double d; - ULong ul[2]; -} _double; -#define value(x) ((x).d) -#ifdef IEEE_LITTLE_ENDIAN -#define word0(x) ((x).ul[1]) -#define word1(x) ((x).ul[0]) -#else -#define word0(x) ((x).ul[0]) -#define word1(x) ((x).ul[1]) -#endif - -/* The following definition of Storeinc is appropriate for MIPS processors. - * An alternative that might be better on some machines is - * #define Storeinc(a,b,c) (*a++ = b << 16 | c & 0xffff) - */ -#if defined(IEEE_LITTLE_ENDIAN) + defined(VAX) + defined(__arm32__) -#define Storeinc(a,b,c) (((unsigned short *)a)[1] = (unsigned short)b, \ -((unsigned short *)a)[0] = (unsigned short)c, a++) -#else -#define Storeinc(a,b,c) (((unsigned short *)a)[0] = (unsigned short)b, \ -((unsigned short *)a)[1] = (unsigned short)c, a++) -#endif - -/* #define P DBL_MANT_DIG */ -/* Ten_pmax = floor(P*log(2)/log(5)) */ -/* Bletch = (highest power of 2 < DBL_MAX_10_EXP) / 16 */ -/* Quick_max = floor((P-1)*log(FLT_RADIX)/log(10) - 1) */ -/* Int_max = floor(P*log(FLT_RADIX)/log(10) - 1) */ - -#if defined(IEEE_LITTLE_ENDIAN) + defined(IEEE_BIG_ENDIAN) -#define Exp_shift 20 -#define Exp_shift1 20 -#define Exp_msk1 0x100000 -#define Exp_msk11 0x100000 -#define Exp_mask 0x7ff00000 -#define P 53 -#define Bias 1023 -#define IEEE_Arith -#define Emin (-1022) -#define Exp_1 0x3ff00000 -#define Exp_11 0x3ff00000 -#define Ebits 11 -#define Frac_mask 0xfffff -#define Frac_mask1 0xfffff -#define Ten_pmax 22 -#define Bletch 0x10 -#define Bndry_mask 0xfffff -#define Bndry_mask1 0xfffff -#define LSB 1 -#define Sign_bit 0x80000000 -#define Log2P 1 -#define Tiny0 0 -#define Tiny1 1 -#define Quick_max 14 -#define Int_max 14 -#define Infinite(x) (word0(x) == 0x7ff00000) /* sufficient test for here */ -#else -#undef Sudden_Underflow -#define Sudden_Underflow -#ifdef IBM -#define Exp_shift 24 -#define Exp_shift1 24 -#define Exp_msk1 0x1000000 -#define Exp_msk11 0x1000000 -#define Exp_mask 0x7f000000 -#define P 14 -#define Bias 65 -#define Exp_1 0x41000000 -#define Exp_11 0x41000000 -#define Ebits 8 /* exponent has 7 bits, but 8 is the right value in b2d */ -#define Frac_mask 0xffffff -#define Frac_mask1 0xffffff -#define Bletch 4 -#define Ten_pmax 22 -#define Bndry_mask 0xefffff -#define Bndry_mask1 0xffffff -#define LSB 1 -#define Sign_bit 0x80000000 -#define Log2P 4 -#define Tiny0 0x100000 -#define Tiny1 0 -#define Quick_max 14 -#define Int_max 15 -#else /* VAX */ -#define Exp_shift 23 -#define Exp_shift1 7 -#define Exp_msk1 0x80 -#define Exp_msk11 0x800000 -#define Exp_mask 0x7f80 -#define P 56 -#define Bias 129 -#define Exp_1 0x40800000 -#define Exp_11 0x4080 -#define Ebits 8 -#define Frac_mask 0x7fffff -#define Frac_mask1 0xffff007f -#define Ten_pmax 24 -#define Bletch 2 -#define Bndry_mask 0xffff007f -#define Bndry_mask1 0xffff007f -#define LSB 0x10000 -#define Sign_bit 0x8000 -#define Log2P 1 -#define Tiny0 0x80 -#define Tiny1 0 -#define Quick_max 15 -#define Int_max 15 -#endif -#endif - -#ifndef IEEE_Arith -#define ROUND_BIASED -#endif - -#ifdef RND_PRODQUOT -#define rounded_product(a,b) a = rnd_prod(a, b) -#define rounded_quotient(a,b) a = rnd_quot(a, b) -#ifdef KR_headers -extern double rnd_prod(), rnd_quot(); -#else -extern double rnd_prod(double, double), rnd_quot(double, double); -#endif -#else -#define rounded_product(a,b) a *= b -#define rounded_quotient(a,b) a /= b -#endif - -#define Big0 (Frac_mask1 | Exp_msk1*(DBL_MAX_EXP+Bias-1)) -#define Big1 0xffffffff - -#ifndef Just_16 -/* When Pack_32 is not defined, we store 16 bits per 32-bit Long. - * This makes some inner loops simpler and sometimes saves work - * during multiplications, but it often seems to make things slightly - * slower. Hence the default is now to store 32 bits per Long. - */ -#ifndef Pack_32 -#define Pack_32 -#endif -#endif - -#define Kmax 15 - -#ifdef __cplusplus -extern "C" double strtod(const char *s00, char **se); -extern "C" char *__dtoa(double d, int mode, int ndigits, - int *decpt, int *sign, char **rve); -#endif - - struct -Bigint { - struct Bigint *next; - int k, maxwds, sign, wds; - ULong x[1]; - }; - - typedef struct Bigint Bigint; - - static Bigint *freelist[Kmax+1]; - - static Bigint * -Balloc -#ifdef KR_headers - (k) int k; -#else - (int k) -#endif -{ - int x; - Bigint *rv; - - if ((rv = freelist[k])) { - freelist[k] = rv->next; - } - else { - x = 1 << k; - rv = (Bigint *)MALLOC(sizeof(Bigint) + (x-1)*sizeof(Long)); - rv->k = k; - rv->maxwds = x; - } - rv->sign = rv->wds = 0; - return rv; - } - - static void -Bfree -#ifdef KR_headers - (v) Bigint *v; -#else - (Bigint *v) -#endif -{ - if (v) { - v->next = freelist[v->k]; - freelist[v->k] = v; - } - } - -#define Bcopy(x,y) memcpy((char *)&x->sign, (char *)&y->sign, \ -y->wds*sizeof(Long) + 2*sizeof(int)) - - static Bigint * -multadd -#ifdef KR_headers - (b, m, a) Bigint *b; int m, a; -#else - (Bigint *b, int m, int a) /* multiply by m and add a */ -#endif -{ - int i, wds; - ULong *x, y; -#ifdef Pack_32 - ULong xi, z; -#endif - Bigint *b1; - - wds = b->wds; - x = b->x; - i = 0; - do { -#ifdef Pack_32 - xi = *x; - y = (xi & 0xffff) * m + a; - z = (xi >> 16) * m + (y >> 16); - a = (int)(z >> 16); - *x++ = (z << 16) + (y & 0xffff); -#else - y = *x * m + a; - a = (int)(y >> 16); - *x++ = y & 0xffff; -#endif - } - while(++i < wds); - if (a) { - if (wds >= b->maxwds) { - b1 = Balloc(b->k+1); - Bcopy(b1, b); - Bfree(b); - b = b1; - } - b->x[wds++] = a; - b->wds = wds; - } - return b; - } - - static Bigint * -s2b -#ifdef KR_headers - (s, nd0, nd, y9) CONST char *s; int nd0, nd; ULong y9; -#else - (CONST char *s, int nd0, int nd, ULong y9) -#endif -{ - Bigint *b; - int i, k; - Long x, y; - - x = (nd + 8) / 9; - for(k = 0, y = 1; x > y; y <<= 1, k++) ; -#ifdef Pack_32 - b = Balloc(k); - b->x[0] = y9; - b->wds = 1; -#else - b = Balloc(k+1); - b->x[0] = y9 & 0xffff; - b->wds = (b->x[1] = y9 >> 16) ? 2 : 1; -#endif - - i = 9; - if (9 < nd0) { - s += 9; - do b = multadd(b, 10, *s++ - '0'); - while(++i < nd0); - s++; - } - else - s += 10; - for(; i < nd; i++) - b = multadd(b, 10, *s++ - '0'); - return b; - } - - static int -hi0bits -#ifdef KR_headers - (x) register ULong x; -#else - (register ULong x) -#endif -{ - register int k = 0; - - if (!(x & 0xffff0000)) { - k = 16; - x <<= 16; - } - if (!(x & 0xff000000)) { - k += 8; - x <<= 8; - } - if (!(x & 0xf0000000)) { - k += 4; - x <<= 4; - } - if (!(x & 0xc0000000)) { - k += 2; - x <<= 2; - } - if (!(x & 0x80000000)) { - k++; - if (!(x & 0x40000000)) - return 32; - } - return k; - } - - static int -lo0bits -#ifdef KR_headers - (y) ULong *y; -#else - (ULong *y) -#endif -{ - register int k; - register ULong x = *y; - - if (x & 7) { - if (x & 1) - return 0; - if (x & 2) { - *y = x >> 1; - return 1; - } - *y = x >> 2; - return 2; - } - k = 0; - if (!(x & 0xffff)) { - k = 16; - x >>= 16; - } - if (!(x & 0xff)) { - k += 8; - x >>= 8; - } - if (!(x & 0xf)) { - k += 4; - x >>= 4; - } - if (!(x & 0x3)) { - k += 2; - x >>= 2; - } - if (!(x & 1)) { - k++; - x >>= 1; - if (!x & 1) - return 32; - } - *y = x; - return k; - } - - static Bigint * -i2b -#ifdef KR_headers - (i) int i; -#else - (int i) -#endif -{ - Bigint *b; - - b = Balloc(1); - b->x[0] = i; - b->wds = 1; - return b; - } - - static Bigint * -mult -#ifdef KR_headers - (a, b) Bigint *a, *b; -#else - (Bigint *a, Bigint *b) -#endif -{ - Bigint *c; - int k, wa, wb, wc; - ULong carry, y, z; - ULong *x, *xa, *xae, *xb, *xbe, *xc, *xc0; -#ifdef Pack_32 - ULong z2; -#endif - - if (a->wds < b->wds) { - c = a; - a = b; - b = c; - } - k = a->k; - wa = a->wds; - wb = b->wds; - wc = wa + wb; - if (wc > a->maxwds) - k++; - c = Balloc(k); - for(x = c->x, xa = x + wc; x < xa; x++) - *x = 0; - xa = a->x; - xae = xa + wa; - xb = b->x; - xbe = xb + wb; - xc0 = c->x; -#ifdef Pack_32 - for(; xb < xbe; xb++, xc0++) { - if ((y = *xb & 0xffff)) { - x = xa; - xc = xc0; - carry = 0; - do { - z = (*x & 0xffff) * y + (*xc & 0xffff) + carry; - carry = z >> 16; - z2 = (*x++ >> 16) * y + (*xc >> 16) + carry; - carry = z2 >> 16; - Storeinc(xc, z2, z); - } - while(x < xae); - *xc = carry; - } - if ((y = *xb >> 16)) { - x = xa; - xc = xc0; - carry = 0; - z2 = *xc; - do { - z = (*x & 0xffff) * y + (*xc >> 16) + carry; - carry = z >> 16; - Storeinc(xc, z, z2); - z2 = (*x++ >> 16) * y + (*xc & 0xffff) + carry; - carry = z2 >> 16; - } - while(x < xae); - *xc = z2; - } - } -#else - for(; xb < xbe; xc0++) { - if (y = *xb++) { - x = xa; - xc = xc0; - carry = 0; - do { - z = *x++ * y + *xc + carry; - carry = z >> 16; - *xc++ = z & 0xffff; - } - while(x < xae); - *xc = carry; - } - } -#endif - for(xc0 = c->x, xc = xc0 + wc; wc > 0 && !*--xc; --wc) ; - c->wds = wc; - return c; - } - - static Bigint *p5s; - - static Bigint * -pow5mult -#ifdef KR_headers - (b, k) Bigint *b; int k; -#else - (Bigint *b, int k) -#endif -{ - Bigint *b1, *p5, *p51; - int i; - static int p05[3] = { 5, 25, 125 }; - - if ((i = k & 3)) - b = multadd(b, p05[i-1], 0); - - if (!(k >>= 2)) - return b; - if (!(p5 = p5s)) { - /* first time */ - p5 = p5s = i2b(625); - p5->next = 0; - } - for(;;) { - if (k & 1) { - b1 = mult(b, p5); - Bfree(b); - b = b1; - } - if (!(k >>= 1)) - break; - if (!(p51 = p5->next)) { - p51 = p5->next = mult(p5,p5); - p51->next = 0; - } - p5 = p51; - } - return b; - } - - static Bigint * -lshift -#ifdef KR_headers - (b, k) Bigint *b; int k; -#else - (Bigint *b, int k) -#endif -{ - int i, k1, n, n1; - Bigint *b1; - ULong *x, *x1, *xe, z; - -#ifdef Pack_32 - n = k >> 5; -#else - n = k >> 4; -#endif - k1 = b->k; - n1 = n + b->wds + 1; - for(i = b->maxwds; n1 > i; i <<= 1) - k1++; - b1 = Balloc(k1); - x1 = b1->x; - for(i = 0; i < n; i++) - *x1++ = 0; - x = b->x; - xe = x + b->wds; -#ifdef Pack_32 - if (k &= 0x1f) { - k1 = 32 - k; - z = 0; - do { - *x1++ = *x << k | z; - z = *x++ >> k1; - } - while(x < xe); - if ((*x1 = z)) - ++n1; - } -#else - if (k &= 0xf) { - k1 = 16 - k; - z = 0; - do { - *x1++ = *x << k & 0xffff | z; - z = *x++ >> k1; - } - while(x < xe); - if (*x1 = z) - ++n1; - } -#endif - else do - *x1++ = *x++; - while(x < xe); - b1->wds = n1 - 1; - Bfree(b); - return b1; - } - - static int -cmp -#ifdef KR_headers - (a, b) Bigint *a, *b; -#else - (Bigint *a, Bigint *b) -#endif -{ - ULong *xa, *xa0, *xb, *xb0; - int i, j; - - i = a->wds; - j = b->wds; -#ifdef DEBUG - if (i > 1 && !a->x[i-1]) - Bug("cmp called with a->x[a->wds-1] == 0"); - if (j > 1 && !b->x[j-1]) - Bug("cmp called with b->x[b->wds-1] == 0"); -#endif - if (i -= j) - return i; - xa0 = a->x; - xa = xa0 + j; - xb0 = b->x; - xb = xb0 + j; - for(;;) { - if (*--xa != *--xb) - return *xa < *xb ? -1 : 1; - if (xa <= xa0) - break; - } - return 0; - } - - static Bigint * -diff -#ifdef KR_headers - (a, b) Bigint *a, *b; -#else - (Bigint *a, Bigint *b) -#endif -{ - Bigint *c; - int i, wa, wb; - Long borrow, y; /* We need signed shifts here. */ - ULong *xa, *xae, *xb, *xbe, *xc; -#ifdef Pack_32 - Long z; -#endif - - i = cmp(a,b); - if (!i) { - c = Balloc(0); - c->wds = 1; - c->x[0] = 0; - return c; - } - if (i < 0) { - c = a; - a = b; - b = c; - i = 1; - } - else - i = 0; - c = Balloc(a->k); - c->sign = i; - wa = a->wds; - xa = a->x; - xae = xa + wa; - wb = b->wds; - xb = b->x; - xbe = xb + wb; - xc = c->x; - borrow = 0; -#ifdef Pack_32 - do { - y = (*xa & 0xffff) - (*xb & 0xffff) + borrow; - borrow = y >> 16; - Sign_Extend(borrow, y); - z = (*xa++ >> 16) - (*xb++ >> 16) + borrow; - borrow = z >> 16; - Sign_Extend(borrow, z); - Storeinc(xc, z, y); - } - while(xb < xbe); - while(xa < xae) { - y = (*xa & 0xffff) + borrow; - borrow = y >> 16; - Sign_Extend(borrow, y); - z = (*xa++ >> 16) + borrow; - borrow = z >> 16; - Sign_Extend(borrow, z); - Storeinc(xc, z, y); - } -#else - do { - y = *xa++ - *xb++ + borrow; - borrow = y >> 16; - Sign_Extend(borrow, y); - *xc++ = y & 0xffff; - } - while(xb < xbe); - while(xa < xae) { - y = *xa++ + borrow; - borrow = y >> 16; - Sign_Extend(borrow, y); - *xc++ = y & 0xffff; - } -#endif - while(!*--xc) - wa--; - c->wds = wa; - return c; - } - - static double -ulp -#ifdef KR_headers - (_x) double _x; -#else - (double _x) -#endif -{ - _double x; - register Long L; - _double a; - - value(x) = _x; - L = (word0(x) & Exp_mask) - (P-1)*Exp_msk1; -#ifndef Sudden_Underflow - if (L > 0) { -#endif -#ifdef IBM - L |= Exp_msk1 >> 4; -#endif - word0(a) = L; - word1(a) = 0; -#ifndef Sudden_Underflow - } - else { - L = -L >> Exp_shift; - if (L < Exp_shift) { - word0(a) = 0x80000 >> L; - word1(a) = 0; - } - else { - word0(a) = 0; - L -= Exp_shift; - word1(a) = L >= 31 ? 1 : 1 << 31 - L; - } - } -#endif - return value(a); - } - - static double -b2d -#ifdef KR_headers - (a, e) Bigint *a; int *e; -#else - (Bigint *a, int *e) -#endif -{ - ULong *xa, *xa0, w, y, z; - int k; - _double d; -#ifdef VAX - ULong d0, d1; -#else -#define d0 word0(d) -#define d1 word1(d) -#endif - - xa0 = a->x; - xa = xa0 + a->wds; - y = *--xa; -#ifdef DEBUG - if (!y) Bug("zero y in b2d"); -#endif - k = hi0bits(y); - *e = 32 - k; -#ifdef Pack_32 - if (k < Ebits) { - d0 = Exp_1 | y >> Ebits - k; - w = xa > xa0 ? *--xa : 0; - d1 = y << (32-Ebits) + k | w >> Ebits - k; - goto ret_d; - } - z = xa > xa0 ? *--xa : 0; - if (k -= Ebits) { - d0 = Exp_1 | y << k | z >> 32 - k; - y = xa > xa0 ? *--xa : 0; - d1 = z << k | y >> 32 - k; - } - else { - d0 = Exp_1 | y; - d1 = z; - } -#else - if (k < Ebits + 16) { - z = xa > xa0 ? *--xa : 0; - d0 = Exp_1 | y << k - Ebits | z >> Ebits + 16 - k; - w = xa > xa0 ? *--xa : 0; - y = xa > xa0 ? *--xa : 0; - d1 = z << k + 16 - Ebits | w << k - Ebits | y >> 16 + Ebits - k; - goto ret_d; - } - z = xa > xa0 ? *--xa : 0; - w = xa > xa0 ? *--xa : 0; - k -= Ebits + 16; - d0 = Exp_1 | y << k + 16 | z << k | w >> 16 - k; - y = xa > xa0 ? *--xa : 0; - d1 = w << k + 16 | y << k; -#endif - ret_d: -#ifdef VAX - word0(d) = d0 >> 16 | d0 << 16; - word1(d) = d1 >> 16 | d1 << 16; -#else -#undef d0 -#undef d1 -#endif - return value(d); - } - - static Bigint * -d2b -#ifdef KR_headers - (_d, e, bits) double d; int *e, *bits; -#else - (double _d, int *e, int *bits) -#endif -{ - Bigint *b; - int de, i, k; - ULong *x, y, z; - _double d; -#ifdef VAX - ULong d0, d1; -#endif - - value(d) = _d; -#ifdef VAX - d0 = word0(d) >> 16 | word0(d) << 16; - d1 = word1(d) >> 16 | word1(d) << 16; -#else -#define d0 word0(d) -#define d1 word1(d) -#endif - -#ifdef Pack_32 - b = Balloc(1); -#else - b = Balloc(2); -#endif - x = b->x; - - z = d0 & Frac_mask; - d0 &= 0x7fffffff; /* clear sign bit, which we ignore */ -#ifdef Sudden_Underflow - de = (int)(d0 >> Exp_shift); -#ifndef IBM - z |= Exp_msk11; -#endif -#else - if (de = (int)(d0 >> Exp_shift)) - z |= Exp_msk1; -#endif -#ifdef Pack_32 - if (y = d1) { - if (k = lo0bits(&y)) { - x[0] = y | z << 32 - k; - z >>= k; - } - else - x[0] = y; - i = b->wds = (x[1] = z) ? 2 : 1; - } - else { -#ifdef DEBUG - if (!z) - Bug("Zero passed to d2b"); -#endif - k = lo0bits(&z); - x[0] = z; - i = b->wds = 1; - k += 32; - } -#else - if (y = d1) { - if (k = lo0bits(&y)) - if (k >= 16) { - x[0] = y | z << 32 - k & 0xffff; - x[1] = z >> k - 16 & 0xffff; - x[2] = z >> k; - i = 2; - } - else { - x[0] = y & 0xffff; - x[1] = y >> 16 | z << 16 - k & 0xffff; - x[2] = z >> k & 0xffff; - x[3] = z >> k+16; - i = 3; - } - else { - x[0] = y & 0xffff; - x[1] = y >> 16; - x[2] = z & 0xffff; - x[3] = z >> 16; - i = 3; - } - } - else { -#ifdef DEBUG - if (!z) - Bug("Zero passed to d2b"); -#endif - k = lo0bits(&z); - if (k >= 16) { - x[0] = z; - i = 0; - } - else { - x[0] = z & 0xffff; - x[1] = z >> 16; - i = 1; - } - k += 32; - } - while(!x[i]) - --i; - b->wds = i + 1; -#endif -#ifndef Sudden_Underflow - if (de) { -#endif -#ifdef IBM - *e = (de - Bias - (P-1) << 2) + k; - *bits = 4*P + 8 - k - hi0bits(word0(d) & Frac_mask); -#else - *e = de - Bias - (P-1) + k; - *bits = P - k; -#endif -#ifndef Sudden_Underflow - } - else { - *e = de - Bias - (P-1) + 1 + k; -#ifdef Pack_32 - *bits = 32*i - hi0bits(x[i-1]); -#else - *bits = (i+2)*16 - hi0bits(x[i]); -#endif - } -#endif - return b; - } -#undef d0 -#undef d1 - - static double -ratio -#ifdef KR_headers - (a, b) Bigint *a, *b; -#else - (Bigint *a, Bigint *b) -#endif -{ - _double da, db; - int k, ka, kb; - - value(da) = b2d(a, &ka); - value(db) = b2d(b, &kb); -#ifdef Pack_32 - k = ka - kb + 32*(a->wds - b->wds); -#else - k = ka - kb + 16*(a->wds - b->wds); -#endif -#ifdef IBM - if (k > 0) { - word0(da) += (k >> 2)*Exp_msk1; - if (k &= 3) - da *= 1 << k; - } - else { - k = -k; - word0(db) += (k >> 2)*Exp_msk1; - if (k &= 3) - db *= 1 << k; - } -#else - if (k > 0) - word0(da) += k*Exp_msk1; - else { - k = -k; - word0(db) += k*Exp_msk1; - } -#endif - return value(da) / value(db); - } - -static CONST double -tens[] = { - 1e0, 1e1, 1e2, 1e3, 1e4, 1e5, 1e6, 1e7, 1e8, 1e9, - 1e10, 1e11, 1e12, 1e13, 1e14, 1e15, 1e16, 1e17, 1e18, 1e19, - 1e20, 1e21, 1e22 -#ifdef VAX - , 1e23, 1e24 -#endif - }; - -#ifdef IEEE_Arith -static CONST double bigtens[] = { 1e16, 1e32, 1e64, 1e128, 1e256 }; -static CONST double tinytens[] = { 1e-16, 1e-32, 1e-64, 1e-128, 1e-256 }; -#define n_bigtens 5 -#else -#ifdef IBM -static CONST double bigtens[] = { 1e16, 1e32, 1e64 }; -static CONST double tinytens[] = { 1e-16, 1e-32, 1e-64 }; -#define n_bigtens 3 -#else -static CONST double bigtens[] = { 1e16, 1e32 }; -static CONST double tinytens[] = { 1e-16, 1e-32 }; -#define n_bigtens 2 -#endif -#endif - - double -strtod -#ifdef KR_headers - (s00, se) CONST char *s00; char **se; -#else - (CONST char *s00, char **se) -#endif -{ - int bb2, bb5, bbe, bd2, bd5, bbbits, bs2, c, dsign, - e, e1, esign, i, j, k, nd, nd0, nf, nz, nz0, sign; - CONST char *s, *s0, *s1; - double aadj, aadj1, adj; - _double rv, rv0; - Long L; - ULong y, z; - Bigint *bb, *bb1, *bd, *bd0, *bs, *delta; - -#ifndef KR_headers - CONST char decimal_point = localeconv()->decimal_point[0]; -#else - CONST char decimal_point = '.'; -#endif - - sign = nz0 = nz = 0; - value(rv) = 0.; - - - for(s = s00; isspace((unsigned char) *s); s++) - ; - - if (*s == '-') { - sign = 1; - s++; - } else if (*s == '+') { - s++; - } - - if (*s == '\0') { - s = s00; - goto ret; - } - - if (*s == '0') { - nz0 = 1; - while(*++s == '0') ; - if (!*s) - goto ret; - } - s0 = s; - y = z = 0; - for(nd = nf = 0; (c = *s) >= '0' && c <= '9'; nd++, s++) - if (nd < 9) - y = 10*y + c - '0'; - else if (nd < 16) - z = 10*z + c - '0'; - nd0 = nd; - if (c == decimal_point) { - c = *++s; - if (!nd) { - for(; c == '0'; c = *++s) - nz++; - if (c > '0' && c <= '9') { - s0 = s; - nf += nz; - nz = 0; - goto have_dig; - } - goto dig_done; - } - for(; c >= '0' && c <= '9'; c = *++s) { - have_dig: - nz++; - if (c -= '0') { - nf += nz; - for(i = 1; i < nz; i++) - if (nd++ < 9) - y *= 10; - else if (nd <= DBL_DIG + 1) - z *= 10; - if (nd++ < 9) - y = 10*y + c; - else if (nd <= DBL_DIG + 1) - z = 10*z + c; - nz = 0; - } - } - } - dig_done: - e = 0; - if (c == 'e' || c == 'E') { - if (!nd && !nz && !nz0) { - s = s00; - goto ret; - } - s00 = s; - esign = 0; - switch(c = *++s) { - case '-': - esign = 1; - case '+': - c = *++s; - } - if (c >= '0' && c <= '9') { - while(c == '0') - c = *++s; - if (c > '0' && c <= '9') { - L = c - '0'; - s1 = s; - while((c = *++s) >= '0' && c <= '9') - L = 10*L + c - '0'; - if (s - s1 > 8 || L > 19999) - /* Avoid confusion from exponents - * so large that e might overflow. - */ - e = 19999; /* safe for 16 bit ints */ - else - e = (int)L; - if (esign) - e = -e; - } - else - e = 0; - } - else - s = s00; - } - if (!nd) { - if (!nz && !nz0) - s = s00; - goto ret; - } - e1 = e -= nf; - - /* Now we have nd0 digits, starting at s0, followed by a - * decimal point, followed by nd-nd0 digits. The number we're - * after is the integer represented by those digits times - * 10**e */ - - if (!nd0) - nd0 = nd; - k = nd < DBL_DIG + 1 ? nd : DBL_DIG + 1; - value(rv) = y; - if (k > 9) - value(rv) = tens[k - 9] * value(rv) + z; - bd0 = 0; - if (nd <= DBL_DIG -#ifndef RND_PRODQUOT - && FLT_ROUNDS == 1 -#endif - ) { - if (!e) - goto ret; - if (e > 0) { - if (e <= Ten_pmax) { -#ifdef VAX - goto vax_ovfl_check; -#else - /* value(rv) = */ rounded_product(value(rv), - tens[e]); - goto ret; -#endif - } - i = DBL_DIG - nd; - if (e <= Ten_pmax + i) { - /* A fancier test would sometimes let us do - * this for larger i values. - */ - e -= i; - value(rv) *= tens[i]; -#ifdef VAX - /* VAX exponent range is so narrow we must - * worry about overflow here... - */ - vax_ovfl_check: - word0(rv) -= P*Exp_msk1; - /* value(rv) = */ rounded_product(value(rv), - tens[e]); - if ((word0(rv) & Exp_mask) - > Exp_msk1*(DBL_MAX_EXP+Bias-1-P)) - goto ovfl; - word0(rv) += P*Exp_msk1; -#else - /* value(rv) = */ rounded_product(value(rv), - tens[e]); -#endif - goto ret; - } - } -#ifndef Inaccurate_Divide - else if (e >= -Ten_pmax) { - /* value(rv) = */ rounded_quotient(value(rv), - tens[-e]); - goto ret; - } -#endif - } - e1 += nd - k; - - /* Get starting approximation = rv * 10**e1 */ - - if (e1 > 0) { - if (i = e1 & 15) - value(rv) *= tens[i]; - if (e1 &= ~15) { - if (e1 > DBL_MAX_10_EXP) { - ovfl: - errno = ERANGE; -#ifndef Bad_float_h - value(rv) = HUGE_VAL; -#else - /* Can't trust HUGE_VAL */ -#ifdef IEEE_Arith - word0(rv) = Exp_mask; - word1(rv) = 0; -#else - word0(rv) = Big0; - word1(rv) = Big1; -#endif -#endif - if (bd0) - goto retfree; - goto ret; - } - if (e1 >>= 4) { - for(j = 0; e1 > 1; j++, e1 >>= 1) - if (e1 & 1) - value(rv) *= bigtens[j]; - /* The last multiplication could overflow. */ - word0(rv) -= P*Exp_msk1; - value(rv) *= bigtens[j]; - if ((z = word0(rv) & Exp_mask) - > Exp_msk1*(DBL_MAX_EXP+Bias-P)) - goto ovfl; - if (z > Exp_msk1*(DBL_MAX_EXP+Bias-1-P)) { - /* set to largest number */ - /* (Can't trust DBL_MAX) */ - word0(rv) = Big0; - word1(rv) = Big1; - } - else - word0(rv) += P*Exp_msk1; - } - - } - } - else if (e1 < 0) { - e1 = -e1; - if (i = e1 & 15) - value(rv) /= tens[i]; - if (e1 &= ~15) { - e1 >>= 4; - if (e1 >= 1 << n_bigtens) - goto undfl; - for(j = 0; e1 > 1; j++, e1 >>= 1) - if (e1 & 1) - value(rv) *= tinytens[j]; - /* The last multiplication could underflow. */ - value(rv0) = value(rv); - value(rv) *= tinytens[j]; - if (!value(rv)) { - value(rv) = 2.*value(rv0); - value(rv) *= tinytens[j]; - if (!value(rv)) { - undfl: - value(rv) = 0.; - errno = ERANGE; - if (bd0) - goto retfree; - goto ret; - } - word0(rv) = Tiny0; - word1(rv) = Tiny1; - /* The refinement below will clean - * this approximation up. - */ - } - } - } - - /* Now the hard part -- adjusting rv to the correct value.*/ - - /* Put digits into bd: true value = bd * 10^e */ - - bd0 = s2b(s0, nd0, nd, y); - - for(;;) { - bd = Balloc(bd0->k); - Bcopy(bd, bd0); - bb = d2b(value(rv), &bbe, &bbbits); /* rv = bb * 2^bbe */ - bs = i2b(1); - - if (e >= 0) { - bb2 = bb5 = 0; - bd2 = bd5 = e; - } - else { - bb2 = bb5 = -e; - bd2 = bd5 = 0; - } - if (bbe >= 0) - bb2 += bbe; - else - bd2 -= bbe; - bs2 = bb2; -#ifdef Sudden_Underflow -#ifdef IBM - j = 1 + 4*P - 3 - bbbits + ((bbe + bbbits - 1) & 3); -#else - j = P + 1 - bbbits; -#endif -#else - i = bbe + bbbits - 1; /* logb(rv) */ - if (i < Emin) /* denormal */ - j = bbe + (P-Emin); - else - j = P + 1 - bbbits; -#endif - bb2 += j; - bd2 += j; - i = bb2 < bd2 ? bb2 : bd2; - if (i > bs2) - i = bs2; - if (i > 0) { - bb2 -= i; - bd2 -= i; - bs2 -= i; - } - if (bb5 > 0) { - bs = pow5mult(bs, bb5); - bb1 = mult(bs, bb); - Bfree(bb); - bb = bb1; - } - if (bb2 > 0) - bb = lshift(bb, bb2); - if (bd5 > 0) - bd = pow5mult(bd, bd5); - if (bd2 > 0) - bd = lshift(bd, bd2); - if (bs2 > 0) - bs = lshift(bs, bs2); - delta = diff(bb, bd); - dsign = delta->sign; - delta->sign = 0; - i = cmp(delta, bs); - if (i < 0) { - /* Error is less than half an ulp -- check for - * special case of mantissa a power of two. - */ - if (dsign || word1(rv) || word0(rv) & Bndry_mask) - break; - delta = lshift(delta,Log2P); - if (cmp(delta, bs) > 0) - goto drop_down; - break; - } - if (i == 0) { - /* exactly half-way between */ - if (dsign) { - if ((word0(rv) & Bndry_mask1) == Bndry_mask1 - && word1(rv) == 0xffffffff) { - /*boundary case -- increment exponent*/ - word0(rv) = (word0(rv) & Exp_mask) - + Exp_msk1 -#ifdef IBM - | Exp_msk1 >> 4 -#endif - ; - word1(rv) = 0; - break; - } - } - else if (!(word0(rv) & Bndry_mask) && !word1(rv)) { - drop_down: - /* boundary case -- decrement exponent */ -#ifdef Sudden_Underflow - L = word0(rv) & Exp_mask; -#ifdef IBM - if (L < Exp_msk1) -#else - if (L <= Exp_msk1) -#endif - goto undfl; - L -= Exp_msk1; -#else - L = (word0(rv) & Exp_mask) - Exp_msk1; -#endif - word0(rv) = L | Bndry_mask1; - word1(rv) = 0xffffffff; -#ifdef IBM - goto cont; -#else - break; -#endif - } -#ifndef ROUND_BIASED - if (!(word1(rv) & LSB)) - break; -#endif - if (dsign) - value(rv) += ulp(value(rv)); -#ifndef ROUND_BIASED - else { - value(rv) -= ulp(value(rv)); -#ifndef Sudden_Underflow - if (!value(rv)) - goto undfl; -#endif - } -#endif - break; - } - if ((aadj = ratio(delta, bs)) <= 2.) { - if (dsign) - aadj = aadj1 = 1.; - else if (word1(rv) || word0(rv) & Bndry_mask) { -#ifndef Sudden_Underflow - if (word1(rv) == Tiny1 && !word0(rv)) - goto undfl; -#endif - aadj = 1.; - aadj1 = -1.; - } - else { - /* special case -- power of FLT_RADIX to be */ - /* rounded down... */ - - if (aadj < 2./FLT_RADIX) - aadj = 1./FLT_RADIX; - else - aadj *= 0.5; - aadj1 = -aadj; - } - } - else { - aadj *= 0.5; - aadj1 = dsign ? aadj : -aadj; -#ifdef Check_FLT_ROUNDS - switch(FLT_ROUNDS) { - case 2: /* towards +infinity */ - aadj1 -= 0.5; - break; - case 0: /* towards 0 */ - case 3: /* towards -infinity */ - aadj1 += 0.5; - } -#else - if (FLT_ROUNDS == 0) - aadj1 += 0.5; -#endif - } - y = word0(rv) & Exp_mask; - - /* Check for overflow */ - - if (y == Exp_msk1*(DBL_MAX_EXP+Bias-1)) { - value(rv0) = value(rv); - word0(rv) -= P*Exp_msk1; - adj = aadj1 * ulp(value(rv)); - value(rv) += adj; - if ((word0(rv) & Exp_mask) >= - Exp_msk1*(DBL_MAX_EXP+Bias-P)) { - if (word0(rv0) == Big0 && word1(rv0) == Big1) - goto ovfl; - word0(rv) = Big0; - word1(rv) = Big1; - goto cont; - } - else - word0(rv) += P*Exp_msk1; - } - else { -#ifdef Sudden_Underflow - if ((word0(rv) & Exp_mask) <= P*Exp_msk1) { - value(rv0) = value(rv); - word0(rv) += P*Exp_msk1; - adj = aadj1 * ulp(value(rv)); - value(rv) += adj; -#ifdef IBM - if ((word0(rv) & Exp_mask) < P*Exp_msk1) -#else - if ((word0(rv) & Exp_mask) <= P*Exp_msk1) -#endif - { - if (word0(rv0) == Tiny0 - && word1(rv0) == Tiny1) - goto undfl; - word0(rv) = Tiny0; - word1(rv) = Tiny1; - goto cont; - } - else - word0(rv) -= P*Exp_msk1; - } - else { - adj = aadj1 * ulp(value(rv)); - value(rv) += adj; - } -#else - /* Compute adj so that the IEEE rounding rules will - * correctly round rv + adj in some half-way cases. - * If rv * ulp(rv) is denormalized (i.e., - * y <= (P-1)*Exp_msk1), we must adjust aadj to avoid - * trouble from bits lost to denormalization; - * example: 1.2e-307 . - */ - if (y <= (P-1)*Exp_msk1 && aadj >= 1.) { - aadj1 = (double)(int)(aadj + 0.5); - if (!dsign) - aadj1 = -aadj1; - } - adj = aadj1 * ulp(value(rv)); - value(rv) += adj; -#endif - } - z = word0(rv) & Exp_mask; - if (y == z) { - /* Can we stop now? */ - L = aadj; - aadj -= L; - /* The tolerances below are conservative. */ - if (dsign || word1(rv) || word0(rv) & Bndry_mask) { - if (aadj < .4999999 || aadj > .5000001) - break; - } - else if (aadj < .4999999/FLT_RADIX) - break; - } - cont: - Bfree(bb); - Bfree(bd); - Bfree(bs); - Bfree(delta); - } - retfree: - Bfree(bb); - Bfree(bd); - Bfree(bs); - Bfree(bd0); - Bfree(delta); - ret: - if (se) - *se = (char *)s; - return sign ? -value(rv) : value(rv); - } - - static int -quorem -#ifdef KR_headers - (b, S) Bigint *b, *S; -#else - (Bigint *b, Bigint *S) -#endif -{ - int n; - Long borrow, y; - ULong carry, q, ys; - ULong *bx, *bxe, *sx, *sxe; -#ifdef Pack_32 - Long z; - ULong si, zs; -#endif - - n = S->wds; -#ifdef DEBUG - /*debug*/ if (b->wds > n) - /*debug*/ Bug("oversize b in quorem"); -#endif - if (b->wds < n) - return 0; - sx = S->x; - sxe = sx + --n; - bx = b->x; - bxe = bx + n; - q = *bxe / (*sxe + 1); /* ensure q <= true quotient */ -#ifdef DEBUG - /*debug*/ if (q > 9) - /*debug*/ Bug("oversized quotient in quorem"); -#endif - if (q) { - borrow = 0; - carry = 0; - do { -#ifdef Pack_32 - si = *sx++; - ys = (si & 0xffff) * q + carry; - zs = (si >> 16) * q + (ys >> 16); - carry = zs >> 16; - y = (*bx & 0xffff) - (ys & 0xffff) + borrow; - borrow = y >> 16; - Sign_Extend(borrow, y); - z = (*bx >> 16) - (zs & 0xffff) + borrow; - borrow = z >> 16; - Sign_Extend(borrow, z); - Storeinc(bx, z, y); -#else - ys = *sx++ * q + carry; - carry = ys >> 16; - y = *bx - (ys & 0xffff) + borrow; - borrow = y >> 16; - Sign_Extend(borrow, y); - *bx++ = y & 0xffff; -#endif - } - while(sx <= sxe); - if (!*bxe) { - bx = b->x; - while(--bxe > bx && !*bxe) - --n; - b->wds = n; - } - } - if (cmp(b, S) >= 0) { - q++; - borrow = 0; - carry = 0; - bx = b->x; - sx = S->x; - do { -#ifdef Pack_32 - si = *sx++; - ys = (si & 0xffff) + carry; - zs = (si >> 16) + (ys >> 16); - carry = zs >> 16; - y = (*bx & 0xffff) - (ys & 0xffff) + borrow; - borrow = y >> 16; - Sign_Extend(borrow, y); - z = (*bx >> 16) - (zs & 0xffff) + borrow; - borrow = z >> 16; - Sign_Extend(borrow, z); - Storeinc(bx, z, y); -#else - ys = *sx++ + carry; - carry = ys >> 16; - y = *bx - (ys & 0xffff) + borrow; - borrow = y >> 16; - Sign_Extend(borrow, y); - *bx++ = y & 0xffff; -#endif - } - while(sx <= sxe); - bx = b->x; - bxe = bx + n; - if (!*bxe) { - while(--bxe > bx && !*bxe) - --n; - b->wds = n; - } - } - return q; - } - -/* dtoa for IEEE arithmetic (dmg): convert double to ASCII string. - * - * Inspired by "How to Print Floating-Point Numbers Accurately" by - * Guy L. Steele, Jr. and Jon L. White [Proc. ACM SIGPLAN '90, pp. 92-101]. - * - * Modifications: - * 1. Rather than iterating, we use a simple numeric overestimate - * to determine k = floor(log10(d)). We scale relevant - * quantities using O(log2(k)) rather than O(k) multiplications. - * 2. For some modes > 2 (corresponding to ecvt and fcvt), we don't - * try to generate digits strictly left to right. Instead, we - * compute with fewer bits and propagate the carry if necessary - * when rounding the final digit up. This is often faster. - * 3. Under the assumption that input will be rounded nearest, - * mode 0 renders 1e23 as 1e23 rather than 9.999999999999999e22. - * That is, we allow equality in stopping tests when the - * round-nearest rule will give the same floating-point value - * as would satisfaction of the stopping test with strict - * inequality. - * 4. We remove common factors of powers of 2 from relevant - * quantities. - * 5. When converting floating-point integers less than 1e16, - * we use floating-point arithmetic rather than resorting - * to multiple-precision integers. - * 6. When asked to produce fewer than 15 digits, we first try - * to get by with floating-point arithmetic; we resort to - * multiple-precision integer arithmetic only if we cannot - * guarantee that the floating-point calculation has given - * the correctly rounded result. For k requested digits and - * "uniformly" distributed input, the probability is - * something like 10^(k-15) that we must resort to the Long - * calculation. - */ - - char * -__dtoa -#ifdef KR_headers - (_d, mode, ndigits, decpt, sign, rve) - double _d; int mode, ndigits, *decpt, *sign; char **rve; -#else - (double _d, int mode, int ndigits, int *decpt, int *sign, char **rve) -#endif -{ - /* Arguments ndigits, decpt, sign are similar to those - of ecvt and fcvt; trailing zeros are suppressed from - the returned string. If not null, *rve is set to point - to the end of the return value. If d is +-Infinity or NaN, - then *decpt is set to 9999. - - mode: - 0 ==> shortest string that yields d when read in - and rounded to nearest. - 1 ==> like 0, but with Steele & White stopping rule; - e.g. with IEEE P754 arithmetic , mode 0 gives - 1e23 whereas mode 1 gives 9.999999999999999e22. - 2 ==> max(1,ndigits) significant digits. This gives a - return value similar to that of ecvt, except - that trailing zeros are suppressed. - 3 ==> through ndigits past the decimal point. This - gives a return value similar to that from fcvt, - except that trailing zeros are suppressed, and - ndigits can be negative. - 4-9 should give the same return values as 2-3, i.e., - 4 <= mode <= 9 ==> same return as mode - 2 + (mode & 1). These modes are mainly for - debugging; often they run slower but sometimes - faster than modes 2-3. - 4,5,8,9 ==> left-to-right digit generation. - 6-9 ==> don't try fast floating-point estimate - (if applicable). - - Values of mode other than 0-9 are treated as mode 0. - - Sufficient space is allocated to the return value - to hold the suppressed trailing zeros. - */ - - int bbits, b2, b5, be, dig, i, ieps, ilim, ilim0, ilim1, - j, j1, k, k0, k_check, leftright, m2, m5, s2, s5, - spec_case, try_quick; - Long L; -#ifndef Sudden_Underflow - int denorm; - ULong x; -#endif - Bigint *b, *b1, *delta, *mlo, *mhi, *S; - double ds; - char *s, *s0; - static Bigint *result; - static int result_k; - _double d, d2, eps; - - value(d) = _d; - if (result) { - result->k = result_k; - result->maxwds = 1 << result_k; - Bfree(result); - result = 0; - } - - if (word0(d) & Sign_bit) { - /* set sign for everything, including 0's and NaNs */ - *sign = 1; - word0(d) &= ~Sign_bit; /* clear sign bit */ - } - else - *sign = 0; - -#if defined(IEEE_Arith) + defined(VAX) -#ifdef IEEE_Arith - if ((word0(d) & Exp_mask) == Exp_mask) -#else - if (word0(d) == 0x8000) -#endif - { - /* Infinity or NaN */ - *decpt = 9999; - s = -#ifdef IEEE_Arith - !word1(d) && !(word0(d) & 0xfffff) ? "Infinity" : -#endif - "NaN"; - if (rve) - *rve = -#ifdef IEEE_Arith - s[3] ? s + 8 : -#endif - s + 3; - return s; - } -#endif -#ifdef IBM - value(d) += 0; /* normalize */ -#endif - if (!value(d)) { - *decpt = 1; - s = "0"; - if (rve) - *rve = s + 1; - return s; - } - - b = d2b(value(d), &be, &bbits); -#ifdef Sudden_Underflow - i = (int)(word0(d) >> Exp_shift1 & (Exp_mask>>Exp_shift1)); -#else - if (i = (int)(word0(d) >> Exp_shift1 & (Exp_mask>>Exp_shift1))) { -#endif - value(d2) = value(d); - word0(d2) &= Frac_mask1; - word0(d2) |= Exp_11; -#ifdef IBM - if (j = 11 - hi0bits(word0(d2) & Frac_mask)) - value(d2) /= 1 << j; -#endif - - /* log(x) ~=~ log(1.5) + (x-1.5)/1.5 - * log10(x) = log(x) / log(10) - * ~=~ log(1.5)/log(10) + (x-1.5)/(1.5*log(10)) - * log10(d) = (i-Bias)*log(2)/log(10) + log10(d2) - * - * This suggests computing an approximation k to log10(d) by - * - * k = (i - Bias)*0.301029995663981 - * + ( (d2-1.5)*0.289529654602168 + 0.176091259055681 ); - * - * We want k to be too large rather than too small. - * The error in the first-order Taylor series approximation - * is in our favor, so we just round up the constant enough - * to compensate for any error in the multiplication of - * (i - Bias) by 0.301029995663981; since |i - Bias| <= 1077, - * and 1077 * 0.30103 * 2^-52 ~=~ 7.2e-14, - * adding 1e-13 to the constant term more than suffices. - * Hence we adjust the constant term to 0.1760912590558. - * (We could get a more accurate k by invoking log10, - * but this is probably not worthwhile.) - */ - - i -= Bias; -#ifdef IBM - i <<= 2; - i += j; -#endif -#ifndef Sudden_Underflow - denorm = 0; - } - else { - /* d is denormalized */ - - i = bbits + be + (Bias + (P-1) - 1); - x = i > 32 ? word0(d) << 64 - i | word1(d) >> i - 32 - : word1(d) << 32 - i; - value(d2) = x; - word0(d2) -= 31*Exp_msk1; /* adjust exponent */ - i -= (Bias + (P-1) - 1) + 1; - denorm = 1; - } -#endif - ds = (value(d2)-1.5)*0.289529654602168 + 0.1760912590558 + - i*0.301029995663981; - k = (int)ds; - if (ds < 0. && ds != k) - k--; /* want k = floor(ds) */ - k_check = 1; - if (k >= 0 && k <= Ten_pmax) { - if (value(d) < tens[k]) - k--; - k_check = 0; - } - j = bbits - i - 1; - if (j >= 0) { - b2 = 0; - s2 = j; - } - else { - b2 = -j; - s2 = 0; - } - if (k >= 0) { - b5 = 0; - s5 = k; - s2 += k; - } - else { - b2 -= k; - b5 = -k; - s5 = 0; - } - if (mode < 0 || mode > 9) - mode = 0; - try_quick = 1; - if (mode > 5) { - mode -= 4; - try_quick = 0; - } - leftright = 1; - switch(mode) { - case 0: - case 1: - ilim = ilim1 = -1; - i = 18; - ndigits = 0; - break; - case 2: - leftright = 0; - /* no break */ - case 4: - if (ndigits <= 0) - ndigits = 1; - ilim = ilim1 = i = ndigits; - break; - case 3: - leftright = 0; - /* no break */ - case 5: - i = ndigits + k + 1; - ilim = i; - ilim1 = i - 1; - if (i <= 0) - i = 1; - } - j = sizeof(ULong); - for(result_k = 0; sizeof(Bigint) - sizeof(ULong) + j <= i; - j <<= 1) result_k++; - result = Balloc(result_k); - s = s0 = (char *)result; - - if (ilim >= 0 && ilim <= Quick_max && try_quick) { - - /* Try to get by with floating-point arithmetic. */ - - i = 0; - value(d2) = value(d); - k0 = k; - ilim0 = ilim; - ieps = 2; /* conservative */ - if (k > 0) { - ds = tens[k&0xf]; - j = k >> 4; - if (j & Bletch) { - /* prevent overflows */ - j &= Bletch - 1; - value(d) /= bigtens[n_bigtens-1]; - ieps++; - } - for(; j; j >>= 1, i++) - if (j & 1) { - ieps++; - ds *= bigtens[i]; - } - value(d) /= ds; - } - else if (j1 = -k) { - value(d) *= tens[j1 & 0xf]; - for(j = j1 >> 4; j; j >>= 1, i++) - if (j & 1) { - ieps++; - value(d) *= bigtens[i]; - } - } - if (k_check && value(d) < 1. && ilim > 0) { - if (ilim1 <= 0) - goto fast_failed; - ilim = ilim1; - k--; - value(d) *= 10.; - ieps++; - } - value(eps) = ieps*value(d) + 7.; - word0(eps) -= (P-1)*Exp_msk1; - if (ilim == 0) { - S = mhi = 0; - value(d) -= 5.; - if (value(d) > value(eps)) - goto one_digit; - if (value(d) < -value(eps)) - goto no_digits; - goto fast_failed; - } -#ifndef No_leftright - if (leftright) { - /* Use Steele & White method of only - * generating digits needed. - */ - value(eps) = 0.5/tens[ilim-1] - value(eps); - for(i = 0;;) { - L = value(d); - value(d) -= L; - *s++ = '0' + (int)L; - if (value(d) < value(eps)) - goto ret1; - if (1. - value(d) < value(eps)) - goto bump_up; - if (++i >= ilim) - break; - value(eps) *= 10.; - value(d) *= 10.; - } - } - else { -#endif - /* Generate ilim digits, then fix them up. */ - value(eps) *= tens[ilim-1]; - for(i = 1;; i++, value(d) *= 10.) { - L = value(d); - value(d) -= L; - *s++ = '0' + (int)L; - if (i == ilim) { - if (value(d) > 0.5 + value(eps)) - goto bump_up; - else if (value(d) < 0.5 - value(eps)) { - while(*--s == '0'); - s++; - goto ret1; - } - break; - } - } -#ifndef No_leftright - } -#endif - fast_failed: - s = s0; - value(d) = value(d2); - k = k0; - ilim = ilim0; - } - - /* Do we have a "small" integer? */ - - if (be >= 0 && k <= Int_max) { - /* Yes. */ - ds = tens[k]; - if (ndigits < 0 && ilim <= 0) { - S = mhi = 0; - if (ilim < 0 || value(d) <= 5*ds) - goto no_digits; - goto one_digit; - } - for(i = 1;; i++) { - L = value(d) / ds; - value(d) -= L*ds; -#ifdef Check_FLT_ROUNDS - /* If FLT_ROUNDS == 2, L will usually be high by 1 */ - if (value(d) < 0) { - L--; - value(d) += ds; - } -#endif - *s++ = '0' + (int)L; - if (i == ilim) { - value(d) += value(d); - if (value(d) > ds || value(d) == ds && L & 1) { - bump_up: - while(*--s == '9') - if (s == s0) { - k++; - *s = '0'; - break; - } - ++*s++; - } - break; - } - if (!(value(d) *= 10.)) - break; - } - goto ret1; - } - - m2 = b2; - m5 = b5; - mhi = mlo = 0; - if (leftright) { - if (mode < 2) { - i = -#ifndef Sudden_Underflow - denorm ? be + (Bias + (P-1) - 1 + 1) : -#endif -#ifdef IBM - 1 + 4*P - 3 - bbits + ((bbits + be - 1) & 3); -#else - 1 + P - bbits; -#endif - } - else { - j = ilim - 1; - if (m5 >= j) - m5 -= j; - else { - s5 += j -= m5; - b5 += j; - m5 = 0; - } - if ((i = ilim) < 0) { - m2 -= i; - i = 0; - } - } - b2 += i; - s2 += i; - mhi = i2b(1); - } - if (m2 > 0 && s2 > 0) { - i = m2 < s2 ? m2 : s2; - b2 -= i; - m2 -= i; - s2 -= i; - } - if (b5 > 0) { - if (leftright) { - if (m5 > 0) { - mhi = pow5mult(mhi, m5); - b1 = mult(mhi, b); - Bfree(b); - b = b1; - } - if (j = b5 - m5) - b = pow5mult(b, j); - } - else - b = pow5mult(b, b5); - } - S = i2b(1); - if (s5 > 0) - S = pow5mult(S, s5); - - /* Check for special case that d is a normalized power of 2. */ - - if (mode < 2) { - if (!word1(d) && !(word0(d) & Bndry_mask) -#ifndef Sudden_Underflow - && word0(d) & Exp_mask -#endif - ) { - /* The special case */ - b2 += Log2P; - s2 += Log2P; - spec_case = 1; - } - else - spec_case = 0; - } - - /* Arrange for convenient computation of quotients: - * shift left if necessary so divisor has 4 leading 0 bits. - * - * Perhaps we should just compute leading 28 bits of S once - * and for all and pass them and a shift to quorem, so it - * can do shifts and ors to compute the numerator for q. - */ -#ifdef Pack_32 - if (i = ((s5 ? 32 - hi0bits(S->x[S->wds-1]) : 1) + s2) & 0x1f) - i = 32 - i; -#else - if (i = ((s5 ? 32 - hi0bits(S->x[S->wds-1]) : 1) + s2) & 0xf) - i = 16 - i; -#endif - if (i > 4) { - i -= 4; - b2 += i; - m2 += i; - s2 += i; - } - else if (i < 4) { - i += 28; - b2 += i; - m2 += i; - s2 += i; - } - if (b2 > 0) - b = lshift(b, b2); - if (s2 > 0) - S = lshift(S, s2); - if (k_check) { - if (cmp(b,S) < 0) { - k--; - b = multadd(b, 10, 0); /* we botched the k estimate */ - if (leftright) - mhi = multadd(mhi, 10, 0); - ilim = ilim1; - } - } - if (ilim <= 0 && mode > 2) { - if (ilim < 0 || cmp(b,S = multadd(S,5,0)) <= 0) { - /* no digits, fcvt style */ - no_digits: - k = -1 - ndigits; - goto ret; - } - one_digit: - *s++ = '1'; - k++; - goto ret; - } - if (leftright) { - if (m2 > 0) - mhi = lshift(mhi, m2); - - /* Compute mlo -- check for special case - * that d is a normalized power of 2. - */ - - mlo = mhi; - if (spec_case) { - mhi = Balloc(mhi->k); - Bcopy(mhi, mlo); - mhi = lshift(mhi, Log2P); - } - - for(i = 1;;i++) { - dig = quorem(b,S) + '0'; - /* Do we yet have the shortest decimal string - * that will round to d? - */ - j = cmp(b, mlo); - delta = diff(S, mhi); - j1 = delta->sign ? 1 : cmp(b, delta); - Bfree(delta); -#ifndef ROUND_BIASED - if (j1 == 0 && !mode && !(word1(d) & 1)) { - if (dig == '9') - goto round_9_up; - if (j > 0) - dig++; - *s++ = dig; - goto ret; - } -#endif - if (j < 0 || j == 0 && !mode -#ifndef ROUND_BIASED - && !(word1(d) & 1) -#endif - ) { - if (j1 > 0) { - b = lshift(b, 1); - j1 = cmp(b, S); - if ((j1 > 0 || j1 == 0 && dig & 1) - && dig++ == '9') - goto round_9_up; - } - *s++ = dig; - goto ret; - } - if (j1 > 0) { - if (dig == '9') { /* possible if i == 1 */ - round_9_up: - *s++ = '9'; - goto roundoff; - } - *s++ = dig + 1; - goto ret; - } - *s++ = dig; - if (i == ilim) - break; - b = multadd(b, 10, 0); - if (mlo == mhi) - mlo = mhi = multadd(mhi, 10, 0); - else { - mlo = multadd(mlo, 10, 0); - mhi = multadd(mhi, 10, 0); - } - } - } - else - for(i = 1;; i++) { - *s++ = dig = quorem(b,S) + '0'; - if (i >= ilim) - break; - b = multadd(b, 10, 0); - } - - /* Round off last digit */ - - b = lshift(b, 1); - j = cmp(b, S); - if (j > 0 || j == 0 && dig & 1) { - roundoff: - while(*--s == '9') - if (s == s0) { - k++; - *s++ = '1'; - goto ret; - } - ++*s++; - } - else { - while(*--s == '0'); - s++; - } - ret: - Bfree(S); - if (mhi) { - if (mlo && mlo != mhi) - Bfree(mlo); - Bfree(mhi); - } - ret1: - Bfree(b); - if (s == s0) { /* don't return empty string */ - *s++ = '0'; - k = 0; - } - *s = 0; - *decpt = k + 1; - if (rve) - *rve = s; - return s0; - } -#ifdef __cplusplus -} -#endif diff --git a/src/lib/libc/stdlib/strtoimax.c b/src/lib/libc/stdlib/strtoimax.c new file mode 100644 index 00000000000..74e355626af --- /dev/null +++ b/src/lib/libc/stdlib/strtoimax.c @@ -0,0 +1,151 @@ +/* $OpenBSD: strtoimax.c,v 1.4 2017/07/06 16:23:11 millert Exp $ */ +/* + * Copyright (c) 1992 The Regents of the University of California. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +#include +#include + +/* + * Convert a string to an intmax_t + * + * Ignores `locale' stuff. Assumes that the upper and lower case + * alphabets and digits are each contiguous. + */ +intmax_t +strtoimax(const char *nptr, char **endptr, int base) +{ + const char *s; + intmax_t acc, cutoff; + int c; + int neg, any, cutlim; + + /* + * Ensure that base is between 2 and 36 inclusive, or the special + * value of 0. + */ + if (base < 0 || base == 1 || base > 36) { + if (endptr != 0) + *endptr = (char *)nptr; + errno = EINVAL; + return 0; + } + + /* + * Skip white space and pick up leading +/- sign if any. + * If base is 0, allow 0x for hex and 0 for octal, else + * assume decimal; if base is already 16, allow 0x. + */ + s = nptr; + do { + c = (unsigned char) *s++; + } while (isspace(c)); + if (c == '-') { + neg = 1; + c = *s++; + } else { + neg = 0; + if (c == '+') + c = *s++; + } + if ((base == 0 || base == 16) && c == '0' && + (*s == 'x' || *s == 'X') && isxdigit((unsigned char)s[1])) { + c = s[1]; + s += 2; + base = 16; + } + if (base == 0) + base = c == '0' ? 8 : 10; + + /* + * Compute the cutoff value between legal numbers and illegal + * numbers. That is the largest legal value, divided by the + * base. An input number that is greater than this value, if + * followed by a legal input character, is too big. One that + * is equal to this value may be valid or not; the limit + * between valid and invalid numbers is then based on the last + * digit. For instance, if the range for intmax_t is + * [-9223372036854775808..9223372036854775807] and the input base + * is 10, cutoff will be set to 922337203685477580 and cutlim to + * either 7 (neg==0) or 8 (neg==1), meaning that if we have + * accumulated a value > 922337203685477580, or equal but the + * next digit is > 7 (or 8), the number is too big, and we will + * return a range error. + * + * Set any if any `digits' consumed; make it negative to indicate + * overflow. + */ + cutoff = neg ? INTMAX_MIN : INTMAX_MAX; + cutlim = cutoff % base; + cutoff /= base; + if (neg) { + if (cutlim > 0) { + cutlim -= base; + cutoff += 1; + } + cutlim = -cutlim; + } + for (acc = 0, any = 0;; c = (unsigned char) *s++) { + if (isdigit(c)) + c -= '0'; + else if (isalpha(c)) + c -= isupper(c) ? 'A' - 10 : 'a' - 10; + else + break; + if (c >= base) + break; + if (any < 0) + continue; + if (neg) { + if (acc < cutoff || (acc == cutoff && c > cutlim)) { + any = -1; + acc = INTMAX_MIN; + errno = ERANGE; + } else { + any = 1; + acc *= base; + acc -= c; + } + } else { + if (acc > cutoff || (acc == cutoff && c > cutlim)) { + any = -1; + acc = INTMAX_MAX; + errno = ERANGE; + } else { + any = 1; + acc *= base; + acc += c; + } + } + } + if (endptr != 0) + *endptr = (char *) (any ? s - 1 : nptr); + return (acc); +} +DEF_STRONG(strtoimax); diff --git a/src/lib/libc/stdlib/strtol.3 b/src/lib/libc/stdlib/strtol.3 index a5bdff0b81b..92774d082c7 100644 --- a/src/lib/libc/stdlib/strtol.3 +++ b/src/lib/libc/stdlib/strtol.3 @@ -13,11 +13,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -33,30 +29,30 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: strtol.3,v 1.10 2002/06/29 00:20:11 millert Exp $ +.\" $OpenBSD: strtol.3,v 1.27 2015/04/14 22:16:03 nicm Exp $ .\" -.Dd June 25, 1992 +.Dd $Mdocdate: April 14 2015 $ .Dt STRTOL 3 .Os .Sh NAME .Nm strtol , .Nm strtoll , +.Nm strtoimax , .Nm strtoq -.Nd convert string value to a long or long long integer +.Nd convert string value to a long, long long or intmax_t integer .Sh SYNOPSIS -.Fd #include -.Fd #include +.In limits.h +.In stdlib.h .Ft long .Fn strtol "const char *nptr" "char **endptr" "int base" -.Pp -.Fd #include -.Fd #include .Ft long long .Fn strtoll "const char *nptr" "char **endptr" "int base" -.Pp -.Fd #include -.Fd #include -.Fd #include +.In inttypes.h +.Ft intmax_t +.Fn strtoimax "const char *nptr" "char **endptr" "int base" +.In sys/types.h +.In limits.h +.In stdlib.h .Ft quad_t .Fn strtoq "const char *nptr" "char **endptr" "int base" .Sh DESCRIPTION @@ -65,14 +61,21 @@ The function converts the string in .Fa nptr to a -.Li long +.Vt long value. The .Fn strtoll function converts the string in .Fa nptr to a -.Li long long +.Vt long long +value. +The +.Fn strtoimax +function converts the string in +.Fa nptr +to an +.Vt intmax_t value. The .Fn strtoq @@ -102,7 +105,10 @@ is taken as 10 (decimal) unless the next character is in which case it is taken as 8 (octal). .Pp The remainder of the string is converted to a -.Li long +.Vt long , +.Vt long long , +or +.Vt intmax_t value in the obvious manner, stopping at the first character which is not a valid digit in the given base. @@ -137,29 +143,32 @@ is on return, the entire string was valid.) .Sh RETURN VALUES The -.Fn strtol -function returns the result of the conversion, -unless the value would underflow or overflow. -If an underflow occurs, -.Fn strtol -returns -.Dv LONG_MIN . -If an overflow occurs, -.Fn strtol -returns -.Dv LONG_MAX . -In both cases, +.Fn strtol , +.Fn strtoll , +.Fn strtoimax , +and +.Fn strtoq +functions return the result of the conversion. +If overflow or underflow occurs, .Va errno is set to -.Er ERANGE . +.Er ERANGE +and the function return value is as follows: +.Bl -column "strtoimaxXX" "INTMAX_MIN" "INTMAX_MAX" -offset indent +.It Sy Function Ta Sy underflow Ta Sy overflow +.It Fn strtol Ta Dv LONG_MIN Ta Dv LONG_MAX +.It Fn strtoll Ta Dv LLONG_MIN Ta Dv LLONG_MAX +.It Fn strtoimax Ta Dv INTMAX_MIN Ta Dv INTMAX_MAX +.It Fn strtoq Ta Dv LLONG_MIN Ta Dv LLONG_MAX +.El .Pp -The -.Fn strtoll -function has identical return values except that -.Dv LLONG_MIN -and -.Dv LLONG_MAX -are used to indicate underflow and overflow respectively. +If there is no valid digit, 0 is returned. +If +.Ar base +is invalid, 0 is returned and the global variable +.Va errno +is set to +.Er EINVAL . .Sh EXAMPLES Ensuring that a string is a valid number (i.e., in range and containing no trailing characters) requires clearing @@ -201,9 +210,9 @@ If is being used instead of .Xr atoi 3 , error checking is further complicated because the desired return value is an -.Li int +.Vt int rather than a -.Li long ; +.Vt long ; however, on some architectures integers and long integers are the same size. Thus the following is necessary: .Bd -literal -offset indent @@ -224,6 +233,10 @@ ival = lval; .Ed .Sh ERRORS .Bl -tag -width Er +.It Bq Er EINVAL +The value of +.Ar base +was neither between 2 and 36 inclusive nor the special value 0. .It Bq Er ERANGE The given string was out of range; the value converted has been clamped. .El @@ -231,13 +244,30 @@ The given string was out of range; the value converted has been clamped. .Xr atof 3 , .Xr atoi 3 , .Xr atol 3 , +.Xr atoll 3 , .Xr sscanf 3 , .Xr strtod 3 , +.Xr strtonum 3 , .Xr strtoul 3 .Sh STANDARDS The -.Fn strtol -function conforms to -.St -ansiC . +.Fn strtol , +.Fn strtoll , +and +.Fn strtoimax +functions conform to +.St -isoC-99 . +Setting +.Va errno +to +.Dv EINVAL +is an extension to that standard required by +.St -p1003.1-2008 . +.Pp +The +.Fn strtoq +function is a +.Bx +extension and is provided for backwards compatibility with legacy programs. .Sh BUGS Ignores the current locale. diff --git a/src/lib/libc/stdlib/strtol.c b/src/lib/libc/stdlib/strtol.c index e4ad557fd54..599d2355a89 100644 --- a/src/lib/libc/stdlib/strtol.c +++ b/src/lib/libc/stdlib/strtol.c @@ -1,4 +1,5 @@ -/*- +/* $OpenBSD: strtol.c,v 1.12 2017/07/06 16:23:11 millert Exp $ */ +/* * Copyright (c) 1990 The Regents of the University of California. * All rights reserved. * @@ -10,11 +11,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -31,16 +28,11 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: strtol.c,v 1.4 1996/08/19 08:33:51 tholo Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include #include #include #include - /* * Convert a string to a long integer. * @@ -48,15 +40,23 @@ static char *rcsid = "$OpenBSD: strtol.c,v 1.4 1996/08/19 08:33:51 tholo Exp $"; * alphabets and digits are each contiguous. */ long -strtol(nptr, endptr, base) - const char *nptr; - char **endptr; - register int base; +strtol(const char *nptr, char **endptr, int base) { - register const char *s; - register long acc, cutoff; - register int c; - register int neg, any, cutlim; + const char *s; + long acc, cutoff; + int c; + int neg, any, cutlim; + + /* + * Ensure that base is between 2 and 36 inclusive, or the special + * value of 0. + */ + if (base < 0 || base == 1 || base > 36) { + if (endptr != 0) + *endptr = (char *)nptr; + errno = EINVAL; + return 0; + } /* * Skip white space and pick up leading +/- sign if any. @@ -75,8 +75,8 @@ strtol(nptr, endptr, base) if (c == '+') c = *s++; } - if ((base == 0 || base == 16) && - c == '0' && (*s == 'x' || *s == 'X')) { + if ((base == 0 || base == 16) && c == '0' && + (*s == 'x' || *s == 'X') && isxdigit((unsigned char)s[1])) { c = s[1]; s += 2; base = 16; @@ -123,7 +123,7 @@ strtol(nptr, endptr, base) if (any < 0) continue; if (neg) { - if (acc < cutoff || acc == cutoff && c > cutlim) { + if (acc < cutoff || (acc == cutoff && c > cutlim)) { any = -1; acc = LONG_MIN; errno = ERANGE; @@ -133,7 +133,7 @@ strtol(nptr, endptr, base) acc -= c; } } else { - if (acc > cutoff || acc == cutoff && c > cutlim) { + if (acc > cutoff || (acc == cutoff && c > cutlim)) { any = -1; acc = LONG_MAX; errno = ERANGE; @@ -148,3 +148,4 @@ strtol(nptr, endptr, base) *endptr = (char *) (any ? s - 1 : nptr); return (acc); } +DEF_STRONG(strtol); diff --git a/src/lib/libc/stdlib/strtoll.c b/src/lib/libc/stdlib/strtoll.c index b0eb6d198c7..d21a249a0b8 100644 --- a/src/lib/libc/stdlib/strtoll.c +++ b/src/lib/libc/stdlib/strtoll.c @@ -1,4 +1,5 @@ -/*- +/* $OpenBSD: strtoll.c,v 1.10 2017/07/06 16:23:11 millert Exp $ */ +/* * Copyright (c) 1992 The Regents of the University of California. * All rights reserved. * @@ -10,11 +11,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -31,10 +28,6 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$OpenBSD: strtoll.c,v 1.1 2002/06/29 00:20:11 millert Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include #include @@ -49,16 +42,24 @@ static const char rcsid[] = "$OpenBSD: strtoll.c,v 1.1 2002/06/29 00:20:11 mille * alphabets and digits are each contiguous. */ long long -strtoll(nptr, endptr, base) - const char *nptr; - char **endptr; - int base; +strtoll(const char *nptr, char **endptr, int base) { const char *s; long long acc, cutoff; int c; int neg, any, cutlim; + /* + * Ensure that base is between 2 and 36 inclusive, or the special + * value of 0. + */ + if (base < 0 || base == 1 || base > 36) { + if (endptr != 0) + *endptr = (char *)nptr; + errno = EINVAL; + return 0; + } + /* * Skip white space and pick up leading +/- sign if any. * If base is 0, allow 0x for hex and 0 for octal, else @@ -76,8 +77,8 @@ strtoll(nptr, endptr, base) if (c == '+') c = *s++; } - if ((base == 0 || base == 16) && - c == '0' && (*s == 'x' || *s == 'X')) { + if ((base == 0 || base == 16) && c == '0' && + (*s == 'x' || *s == 'X') && isxdigit((unsigned char)s[1])) { c = s[1]; s += 2; base = 16; @@ -150,17 +151,6 @@ strtoll(nptr, endptr, base) *endptr = (char *) (any ? s - 1 : nptr); return (acc); } +DEF_STRONG(strtoll); -#ifdef __weak_alias __weak_alias(strtoq, strtoll); -#else -quad_t -strtoq(nptr, endptr, base) - const char *nptr; - char **endptr; - int base; -{ - - return ((quad_t)strtoll(nptr, endptr, base); -} -#endif diff --git a/src/lib/libc/stdlib/strtonum.3 b/src/lib/libc/stdlib/strtonum.3 new file mode 100644 index 00000000000..43df0edc78f --- /dev/null +++ b/src/lib/libc/stdlib/strtonum.3 @@ -0,0 +1,152 @@ +.\" $OpenBSD: strtonum.3,v 1.18 2016/02/07 20:50:24 mmcc Exp $ +.\" +.\" Copyright (c) 2004 Ted Unangst +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: February 7 2016 $ +.Dt STRTONUM 3 +.Os +.Sh NAME +.Nm strtonum +.Nd reliably convert string value to an integer +.Sh SYNOPSIS +.In stdlib.h +.Ft long long +.Fo strtonum +.Fa "const char *nptr" +.Fa "long long minval" +.Fa "long long maxval" +.Fa "const char **errstr" +.Fc +.Sh DESCRIPTION +The +.Fn strtonum +function converts the string in +.Fa nptr +to a +.Li long long +value. +The +.Fn strtonum +function was designed to facilitate safe, robust programming +and overcome the shortcomings of the +.Xr atoi 3 +and +.Xr strtol 3 +family of interfaces. +.Pp +The string may begin with an arbitrary amount of whitespace +(as determined by +.Xr isspace 3 ) +followed by a single optional +.Ql + +or +.Ql - +sign. +.Pp +The remainder of the string is converted to a +.Li long long +value according to base 10. +.Pp +The value obtained is then checked against the provided +.Fa minval +and +.Fa maxval +bounds. +If +.Fa errstr +is non-null, +.Fn strtonum +stores an error string in +.Fa *errstr +indicating the failure. +.Sh RETURN VALUES +The +.Fn strtonum +function returns the result of the conversion, +unless the value would exceed the provided bounds or is invalid. +On error, 0 is returned, +.Va errno +is set, and +.Fa errstr +will point to an error message. +.Fa *errstr +will be set to +.Dv NULL +on success; +this fact can be used to differentiate +a successful return of 0 from an error. +.Sh EXAMPLES +Using +.Fn strtonum +correctly is meant to be simpler than the alternative functions. +.Bd -literal -offset indent +int iterations; +const char *errstr; + +iterations = strtonum(optarg, 1, 64, &errstr); +if (errstr != NULL) + errx(1, "number of iterations is %s: %s", errstr, optarg); +.Ed +.Pp +The above example will guarantee that the value of iterations is between +1 and 64 (inclusive). +.Sh ERRORS +.Bl -tag -width Er +.It Bq Er ERANGE +The given string was out of range. +.It Bq Er EINVAL +The given string did not consist solely of digit characters. +.It Bq Er EINVAL +.Ar minval +was larger than +.Ar maxval . +.El +.Pp +If an error occurs, +.Fa errstr +will be set to one of the following strings: +.Pp +.Bl -tag -width "too largeXX" -compact +.It Qq too large +The result was larger than the provided maximum value. +.It Qq too small +The result was smaller than the provided minimum value. +.It Qq invalid +The string did not consist solely of digit characters. +.El +.Sh SEE ALSO +.Xr atof 3 , +.Xr atoi 3 , +.Xr atol 3 , +.Xr atoll 3 , +.Xr sscanf 3 , +.Xr strtod 3 , +.Xr strtol 3 , +.Xr strtoul 3 +.Sh STANDARDS +.Fn strtonum +is an +.Ox +extension. +The existing alternatives, such as +.Xr atoi 3 +and +.Xr strtol 3 , +are either impossible or difficult to use safely. +.Sh HISTORY +The +.Fn strtonum +function first appeared in +.Ox 3.6 . diff --git a/src/lib/libc/stdlib/strtonum.c b/src/lib/libc/stdlib/strtonum.c new file mode 100644 index 00000000000..ad22d1c30c5 --- /dev/null +++ b/src/lib/libc/stdlib/strtonum.c @@ -0,0 +1,66 @@ +/* $OpenBSD: strtonum.c,v 1.8 2015/09/13 08:31:48 guenther Exp $ */ + +/* + * Copyright (c) 2004 Ted Unangst and Todd Miller + * All rights reserved. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include +#include + +#define INVALID 1 +#define TOOSMALL 2 +#define TOOLARGE 3 + +long long +strtonum(const char *numstr, long long minval, long long maxval, + const char **errstrp) +{ + long long ll = 0; + int error = 0; + char *ep; + struct errval { + const char *errstr; + int err; + } ev[4] = { + { NULL, 0 }, + { "invalid", EINVAL }, + { "too small", ERANGE }, + { "too large", ERANGE }, + }; + + ev[0].err = errno; + errno = 0; + if (minval > maxval) { + error = INVALID; + } else { + ll = strtoll(numstr, &ep, 10); + if (numstr == ep || *ep != '\0') + error = INVALID; + else if ((ll == LLONG_MIN && errno == ERANGE) || ll < minval) + error = TOOSMALL; + else if ((ll == LLONG_MAX && errno == ERANGE) || ll > maxval) + error = TOOLARGE; + } + if (errstrp != NULL) + *errstrp = ev[error].errstr; + errno = ev[error].err; + if (error) + ll = 0; + + return (ll); +} +DEF_WEAK(strtonum); diff --git a/src/lib/libc/stdlib/strtoul.3 b/src/lib/libc/stdlib/strtoul.3 index 6d55de4d7a9..dd5668d1d61 100644 --- a/src/lib/libc/stdlib/strtoul.3 +++ b/src/lib/libc/stdlib/strtoul.3 @@ -13,11 +13,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -33,30 +29,30 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: strtoul.3,v 1.10 2002/06/29 00:20:11 millert Exp $ +.\" $OpenBSD: strtoul.3,v 1.24 2014/11/30 21:21:59 schwarze Exp $ .\" -.Dd June 25, 1992 +.Dd $Mdocdate: November 30 2014 $ .Dt STRTOUL 3 .Os .Sh NAME .Nm strtoul , .Nm strtoull , +.Nm strtoumax , .Nm strtouq -.Nd convert a string to an unsigned long or unsigned long long integer +.Nd convert a string to an unsigned long, unsigned long long or uintmax_t integer .Sh SYNOPSIS -.Fd #include -.Fd #include +.In limits.h +.In stdlib.h .Ft unsigned long .Fn strtoul "const char *nptr" "char **endptr" "int base" -.Pp -.Fd #include -.Fd #include .Ft unsigned long long .Fn strtoull "const char *nptr" "char **endptr" "int base" -.Pp -.Fd #include -.Fd #include -.Fd #include +.In inttypes.h +.Ft uintmax_t +.Fn strtoumax "const char *nptr" "char **endptr" "int base" +.In sys/types.h +.In limits.h +.In stdlib.h .Ft u_quad_t .Fn strtouq "const char *nptr" "char **endptr" "int base" .Sh DESCRIPTION @@ -65,14 +61,21 @@ The function converts the string in .Fa nptr to an -.Li unsigned long +.Vt unsigned long value. The .Fn strtoull function converts the string in .Fa nptr to an -.Li unsigned long long +.Vt unsigned long long +value. +The +.Fn strtoumax +function converts the string in +.Fa nptr +to a +.Vt umaxint_t value. The .Fn strtouq @@ -81,8 +84,12 @@ function is a deprecated equivalent of and is provided for backwards compatibility with legacy programs. The conversion is done according to the given .Fa base , -which must be a number between 2 and 36 inclusive -or the special value 0. +which must be a number between 2 and 36 inclusive or the special value 0. +If the string in +.Fa nptr +represents a negative number, it will be converted to its unsigned equivalent. +This behavior is consistent with what happens when a signed integer type is +cast to its unsigned counterpart. .Pp The string may begin with an arbitrary amount of whitespace (as determined by @@ -103,9 +110,12 @@ is taken as 10 (decimal) unless the next character is in which case it is taken as 8 (octal). .Pp The remainder of the string is converted to an -.Li unsigned long -value in the obvious manner, stopping at the end of the string -or at the first character that does not produce a valid digit +.Vt unsigned long , +.Vt unsigned long long , +or +.Vt uintmax_t +value in the obvious manner, +stopping at the first character which is not a valid digit in the given base. (In bases above 10, the letter .Ql A @@ -138,34 +148,32 @@ is on return, the entire string was valid.) .Sh RETURN VALUES The -.Fn strtoul -function returns the result of the conversion, -unless the value would overflow, in which case -.Dv ULONG_MAX -is returned and -.Va errno -is set to -.Er ERANGE . -If there was a leading minus sign, -.Fn strtoul -returns the (unsigned) negation of the absolute value of the number, unless -the absolute value would overflow. -In this case, +.Fn strtoul , +.Fn strtoull , +.Fn strtoumax +and +.Fn strtouq +functions return either the result of the conversion or, +if there was a leading minus sign, +the negation of the result of the conversion, +unless the original (non-negated) value would overflow. +If overflow occurs, .Fn strtoul returns -.Dv ULONG_MAX -and sets the global variable -.Va errno -to -.Er ERANGE . -.Pp -The +.Dv ULONG_MAX , .Fn strtoull -function has identical return values except that -.Dv ULLONG_MIN -and +returns +.Dv ULLONG_MAX , +.Fn strtoumax +returns +.Dv UINTMAX_MAX , +.Fn strtouq +returns .Dv ULLONG_MAX -are used to indicate underflow and overflow respectively. +and the global variable +.Va errno +is set to +.Er ERANGE . .Pp There is no way to determine if .Fn strtoul @@ -173,6 +181,14 @@ has processed a negative number (and returned an unsigned value) short of examining the string in .Fa nptr directly. +.Pp +If there is no valid digit, 0 is returned. +If +.Ar base +is invalid, 0 is returned and the global variable +.Va errno +is set to +.Er EINVAL . .Sh EXAMPLES Ensuring that a string is a valid number (i.e., in range and containing no trailing characters) requires clearing @@ -210,6 +226,10 @@ alternately, use .Xr sscanf 3 . .Sh ERRORS .Bl -tag -width Er +.It Bq Er EINVAL +The value of +.Ar base +was neither between 2 and 36 inclusive nor the special value 0. .It Bq Er ERANGE The given string was out of range; the value converted has been clamped. .El @@ -218,8 +238,23 @@ The given string was out of range; the value converted has been clamped. .Xr strtol 3 .Sh STANDARDS The -.Fn strtoul -function conforms to -.St -ansiC . +.Fn strtoul , +.Fn strtoull , +and +.Fn strtoumax +functions conform to +.St -isoC-99 . +Setting +.Va errno +to +.Dv EINVAL +is an extension to that standard required by +.St -p1003.1-2008 . +.Pp +The +.Fn strtouq +function is a +.Bx +extension and is provided for backwards compatibility with legacy programs. .Sh BUGS Ignores the current locale. diff --git a/src/lib/libc/stdlib/strtoul.c b/src/lib/libc/stdlib/strtoul.c index d3b363fa04a..6667bea8fac 100644 --- a/src/lib/libc/stdlib/strtoul.c +++ b/src/lib/libc/stdlib/strtoul.c @@ -1,5 +1,6 @@ +/* $OpenBSD: strtoul.c,v 1.11 2017/07/06 16:23:11 millert Exp $ */ /* - * Copyright (c) 1990 Regents of the University of California. + * Copyright (c) 1990 The Regents of the University of California. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -10,11 +11,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -31,10 +28,6 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: strtoul.c,v 1.4 1996/08/19 08:33:52 tholo Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include #include #include @@ -47,19 +40,23 @@ static char *rcsid = "$OpenBSD: strtoul.c,v 1.4 1996/08/19 08:33:52 tholo Exp $" * alphabets and digits are each contiguous. */ unsigned long -strtoul(nptr, endptr, base) - const char *nptr; - char **endptr; - register int base; +strtoul(const char *nptr, char **endptr, int base) { - register const char *s; - register unsigned long acc, cutoff; - register int c; - register int neg, any, cutlim; + const char *s; + unsigned long acc, cutoff; + int c; + int neg, any, cutlim; /* * See strtol for comments as to the logic used. */ + if (base < 0 || base == 1 || base > 36) { + if (endptr != 0) + *endptr = (char *)nptr; + errno = EINVAL; + return 0; + } + s = nptr; do { c = (unsigned char) *s++; @@ -72,8 +69,8 @@ strtoul(nptr, endptr, base) if (c == '+') c = *s++; } - if ((base == 0 || base == 16) && - c == '0' && (*s == 'x' || *s == 'X')) { + if ((base == 0 || base == 16) && c == '0' && + (*s == 'x' || *s == 'X') && isxdigit((unsigned char)s[1])) { c = s[1]; s += 2; base = 16; @@ -94,7 +91,7 @@ strtoul(nptr, endptr, base) break; if (any < 0) continue; - if (acc > cutoff || acc == cutoff && c > cutlim) { + if (acc > cutoff || (acc == cutoff && c > cutlim)) { any = -1; acc = ULONG_MAX; errno = ERANGE; @@ -110,3 +107,4 @@ strtoul(nptr, endptr, base) *endptr = (char *) (any ? s - 1 : nptr); return (acc); } +DEF_STRONG(strtoul); diff --git a/src/lib/libc/stdlib/strtoull.c b/src/lib/libc/stdlib/strtoull.c index 7b4dd56c01b..d7733e40031 100644 --- a/src/lib/libc/stdlib/strtoull.c +++ b/src/lib/libc/stdlib/strtoull.c @@ -1,4 +1,5 @@ -/*- +/* $OpenBSD: strtoull.c,v 1.9 2017/07/06 16:23:11 millert Exp $ */ +/* * Copyright (c) 1992 The Regents of the University of California. * All rights reserved. * @@ -10,11 +11,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -31,10 +28,6 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$OpenBSD: strtoull.c,v 1.1 2002/06/29 00:20:11 millert Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include #include @@ -49,10 +42,7 @@ static const char rcsid[] = "$OpenBSD: strtoull.c,v 1.1 2002/06/29 00:20:11 mill * alphabets and digits are each contiguous. */ unsigned long long -strtoull(nptr, endptr, base) - const char *nptr; - char **endptr; - int base; +strtoull(const char *nptr, char **endptr, int base) { const char *s; unsigned long long acc, cutoff; @@ -60,8 +50,15 @@ strtoull(nptr, endptr, base) int neg, any, cutlim; /* - * See strtoq for comments as to the logic used. + * See strtoll for comments as to the logic used. */ + if (base < 0 || base == 1 || base > 36) { + if (endptr != 0) + *endptr = (char *)nptr; + errno = EINVAL; + return 0; + } + s = nptr; do { c = (unsigned char) *s++; @@ -69,13 +66,13 @@ strtoull(nptr, endptr, base) if (c == '-') { neg = 1; c = *s++; - } else { + } else { neg = 0; if (c == '+') c = *s++; } - if ((base == 0 || base == 16) && - c == '0' && (*s == 'x' || *s == 'X')) { + if ((base == 0 || base == 16) && c == '0' && + (*s == 'x' || *s == 'X') && isxdigit((unsigned char)s[1])) { c = s[1]; s += 2; base = 16; @@ -112,17 +109,6 @@ strtoull(nptr, endptr, base) *endptr = (char *) (any ? s - 1 : nptr); return (acc); } +DEF_STRONG(strtoull); -#ifdef __weak_alias __weak_alias(strtouq, strtoull); -#else -u_quad_t -strtouq(nptr, endptr, base) - const char *nptr; - char **endptr; - int base; -{ - - return ((u_quad_t)strtoull(nptr, endptr, base); -} -#endif diff --git a/src/lib/libc/stdlib/strtoumax.c b/src/lib/libc/stdlib/strtoumax.c new file mode 100644 index 00000000000..348184c1ac4 --- /dev/null +++ b/src/lib/libc/stdlib/strtoumax.c @@ -0,0 +1,109 @@ +/* $OpenBSD: strtoumax.c,v 1.4 2017/07/06 16:23:11 millert Exp $ */ +/* + * Copyright (c) 1992 The Regents of the University of California. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +#include +#include + +/* + * Convert a string to a uintmax_t. + * + * Ignores `locale' stuff. Assumes that the upper and lower case + * alphabets and digits are each contiguous. + */ +uintmax_t +strtoumax(const char *nptr, char **endptr, int base) +{ + const char *s; + uintmax_t acc, cutoff; + int c; + int neg, any, cutlim; + + /* + * See strtoimax for comments as to the logic used. + */ + if (base < 0 || base == 1 || base > 36) { + if (endptr != 0) + *endptr = (char *)nptr; + errno = EINVAL; + return 0; + } + + s = nptr; + do { + c = (unsigned char) *s++; + } while (isspace(c)); + if (c == '-') { + neg = 1; + c = *s++; + } else { + neg = 0; + if (c == '+') + c = *s++; + } + if ((base == 0 || base == 16) && c == '0' && + (*s == 'x' || *s == 'X') && isxdigit((unsigned char)s[1])) { + c = s[1]; + s += 2; + base = 16; + } + if (base == 0) + base = c == '0' ? 8 : 10; + + cutoff = UINTMAX_MAX / (uintmax_t)base; + cutlim = UINTMAX_MAX % (uintmax_t)base; + for (acc = 0, any = 0;; c = (unsigned char) *s++) { + if (isdigit(c)) + c -= '0'; + else if (isalpha(c)) + c -= isupper(c) ? 'A' - 10 : 'a' - 10; + else + break; + if (c >= base) + break; + if (any < 0) + continue; + if (acc > cutoff || (acc == cutoff && c > cutlim)) { + any = -1; + acc = UINTMAX_MAX; + errno = ERANGE; + } else { + any = 1; + acc *= (uintmax_t)base; + acc += c; + } + } + if (neg && any > 0) + acc = -acc; + if (endptr != 0) + *endptr = (char *) (any ? s - 1 : nptr); + return (acc); +} +DEF_STRONG(strtoumax); diff --git a/src/lib/libc/stdlib/system.3 b/src/lib/libc/stdlib/system.3 index 83c6de80e38..bdd94c01156 100644 --- a/src/lib/libc/stdlib/system.3 +++ b/src/lib/libc/stdlib/system.3 @@ -13,11 +13,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -33,16 +29,16 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: system.3,v 1.8 2000/10/06 04:17:51 aaron Exp $ +.\" $OpenBSD: system.3,v 1.14 2016/02/05 18:09:19 espie Exp $ .\" -.Dd June 29, 1991 +.Dd $Mdocdate: February 5 2016 $ .Dt SYSTEM 3 .Os .Sh NAME .Nm system .Nd pass a command to the shell .Sh SYNOPSIS -.Fd #include +.In stdlib.h .Ft int .Fn system "const char *string" .Sh DESCRIPTION @@ -70,6 +66,11 @@ Otherwise, .Fn system returns the termination status of the shell in the format specified by .Xr waitpid 2 . +.Pp +Note that fork handlers established using +.Xr pthread_atfork 3 +are not called when a multithreaded program calls +.Fn system . .Sh RETURN VALUES If a child process cannot be created, or the termination status of the shell cannot be obtained, @@ -93,6 +94,11 @@ function conforms to .St -ansiC and .St -p1003.2-92 . +.Sh HISTORY +The +.Fn system +function first appeared in +.At v6 . .Sh CAVEATS Never supply the .Fn system @@ -101,3 +107,10 @@ string. Shell meta-characters present will be honored by the .Xr sh 1 command interpreter. +.Pp +It is often simpler to bypass the shell and run an external command using +.Xr fork 2 , +.Xr execlp 3 , +and +.Xr waitpid 2 +directly instead of having to sanitize a string for shell consumption. diff --git a/src/lib/libc/stdlib/system.c b/src/lib/libc/stdlib/system.c index 636a9ebdffa..fe718276b92 100644 --- a/src/lib/libc/stdlib/system.c +++ b/src/lib/libc/stdlib/system.c @@ -1,3 +1,4 @@ +/* $OpenBSD: system.c,v 1.12 2016/03/13 18:34:21 guenther Exp $ */ /* * Copyright (c) 1988 The Regents of the University of California. * All rights reserved. @@ -10,11 +11,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -31,25 +28,19 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: system.c,v 1.5 2002/05/26 09:29:02 deraadt Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include #include +#include #include #include #include #include -extern char **environ; - int -system(command) - const char *command; +system(const char *command) { - pid_t pid; - sig_t intsave, quitsave; + pid_t pid, cpid; + struct sigaction intsave, quitsave; sigset_t mask, omask; int pstat; char *argp[] = {"sh", "-c", NULL, NULL}; @@ -62,7 +53,7 @@ system(command) sigemptyset(&mask); sigaddset(&mask, SIGCHLD); sigprocmask(SIG_BLOCK, &mask, &omask); - switch (pid = vfork()) { + switch (cpid = vfork()) { case -1: /* error */ sigprocmask(SIG_SETMASK, &omask, NULL); return(-1); @@ -72,11 +63,14 @@ system(command) _exit(127); } - intsave = signal(SIGINT, SIG_IGN); - quitsave = signal(SIGQUIT, SIG_IGN); - pid = waitpid(pid, (int *)&pstat, 0); + sigaction(SIGINT, NULL, &intsave); + sigaction(SIGQUIT, NULL, &quitsave); + do { + pid = waitpid(cpid, &pstat, 0); + } while (pid == -1 && errno == EINTR); sigprocmask(SIG_SETMASK, &omask, NULL); - (void)signal(SIGINT, intsave); - (void)signal(SIGQUIT, quitsave); + sigaction(SIGINT, &intsave, NULL); + sigaction(SIGQUIT, &quitsave, NULL); return (pid == -1 ? -1 : pstat); } +DEF_STRONG(system); diff --git a/src/lib/libc/stdlib/tfind.c b/src/lib/libc/stdlib/tfind.c index 5c3b8c17f57..49f9dbc17af 100644 --- a/src/lib/libc/stdlib/tfind.c +++ b/src/lib/libc/stdlib/tfind.c @@ -1,14 +1,15 @@ +/* $OpenBSD: tfind.c,v 1.7 2015/09/26 16:03:48 guenther Exp $ */ + /* * Tree search generalized from Knuth (6.2.2) Algorithm T just like * the AT&T man page says. * - * The node_t structure is for internal use only, lint doesn't grok it. + * The node_t structure is for internal use only * * Written by reading the System V Interface Definition, not the code. * * Totally public domain. */ -/*LINTLIBRARY*/ #include typedef struct node_t @@ -19,10 +20,8 @@ typedef struct node_t /* find a node, or return 0 */ void * -tfind(vkey, vrootp, compar) - const void *vkey; /* key to be found */ - void *const *vrootp; /* address of the tree root */ - int (*compar)(const void *, const void *); +tfind(const void *vkey, void * const *vrootp, + int (*compar)(const void *, const void *)) { char *key = (char *)vkey; node **rootp = (node **)vrootp; diff --git a/src/lib/libc/stdlib/thread_atexit.c b/src/lib/libc/stdlib/thread_atexit.c new file mode 100644 index 00000000000..2e00428eba4 --- /dev/null +++ b/src/lib/libc/stdlib/thread_atexit.c @@ -0,0 +1,49 @@ +/* $OpenBSD: thread_atexit.c,v 1.1 2017/12/16 20:06:56 guenther Exp $ */ +/* + * Copyright (c) 2017 Mark Kettenis + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include +#pragma weak _DYNAMIC +#include +#include + +#include "atexit.h" + +typeof(dlctl) dlctl asm("_dlctl") __attribute__((weak)); + +__weak_alias(__cxa_thread_atexit, __cxa_thread_atexit_impl); + +int +__cxa_thread_atexit_impl(void (*func)(void *), void *arg, void *dso) +{ + struct thread_atexit_fn *fnp; + struct tib *tib = TIB_GET(); + + fnp = calloc(1, sizeof(struct thread_atexit_fn)); + if (fnp == NULL) + return -1; + + if (_DYNAMIC) + dlctl(NULL, DL_REFERENCE, dso); + + fnp->func = func; + fnp->arg = arg; + fnp->next = tib->tib_atexit; + tib->tib_atexit = fnp; + + return 0; +} diff --git a/src/lib/libc/stdlib/tsearch.3 b/src/lib/libc/stdlib/tsearch.3 index b000a0a8b16..cd904356148 100644 --- a/src/lib/libc/stdlib/tsearch.3 +++ b/src/lib/libc/stdlib/tsearch.3 @@ -1,31 +1,20 @@ -.\" Copyright (c) 1997 Todd C. Miller -.\" All rights reserved. +.\" $OpenBSD: tsearch.3,v 1.21 2019/01/25 00:19:25 millert Exp $ .\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. The name of the author may not be used to endorse or promote products -.\" derived from this software without specific prior written permission. +.\" Copyright (c) 1997 Todd C. Miller .\" -.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, -.\" INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY -.\" AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL -.\" THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, -.\" EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, -.\" PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; -.\" OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, -.\" WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR -.\" OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF -.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. .\" -.\" $OpenBSD: tsearch.3,v 1.9 2000/08/09 15:51:21 aaron Exp $ +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd June 15, 1997 +.Dd $Mdocdate: January 25 2019 $ .Dt TSEARCH 3 .Os .Sh NAME @@ -35,15 +24,15 @@ .Nm twalk .Nd manipulate binary search trees .Sh SYNOPSIS -.Fd #include +.In search.h .Ft void * -.Fn tdelete "const void *key" "void **rootp" "int (*compar) (const void *, const void *)" +.Fn tdelete "const void *key" "void **rootp" "int (*compar)(const void *, const void *)" .Ft void * -.Fn tfind "const void *key" "void * const *rootp" "int (*compar) (const void *, const void *)" +.Fn tfind "const void *key" "void * const *rootp" "int (*compar)(const void *, const void *)" .Ft void * -.Fn tsearch "const void *key" "void **rootp" "int (*compar) (const void *, const void *)" +.Fn tsearch "const void *key" "void **rootp" "int (*compar)(const void *, const void *)" .Ft void -.Fn twalk "const void *root" "void (*action) (const void *, VISIT, int)" +.Fn twalk "const void *root" "void (*action)(const void *, VISIT, int)" .Sh DESCRIPTION The .Fn tdelete , @@ -79,13 +68,13 @@ points to a null value a new binary search tree is created. .Fn tdelete deletes a node from the specified binary search tree and returns a pointer to the parent of the node to be deleted. +If the node to be deleted is the root of the binary search tree, +.Fa rootp +will be adjusted and an unspecified non-null pointer will be returned. It takes the same arguments as .Fn tfind and .Fn tsearch . -If the node to be deleted is the root of the binary search tree, -.Fa rootp -will be adjusted. .Pp .Fn twalk walks the binary search tree rooted in @@ -99,9 +88,6 @@ a value from the enum .Sy "typedef enum { preorder, postorder, endorder, leaf } VISIT;" specifying the traversal type, and a node level (where level zero is the root of the tree). -.Sh SEE ALSO -.Xr bsearch 3 , -.Xr lsearch 3 .Sh RETURN VALUES The .Fn tsearch @@ -110,6 +96,10 @@ function returns if allocation of a new node fails (usually due to a lack of free memory). .Pp +.Fn tdelete +returns a pointer to the parent of the deleted node or an unspecified +non-null pointer if the root node is deleted. +.Pp .Fn tfind , .Fn tsearch , and @@ -121,7 +111,16 @@ if is .Dv NULL or the datum cannot be found. -.Pp -The -.Fn twalk -function returns no value. +.Sh SEE ALSO +.Xr bsearch 3 , +.Xr lsearch 3 +.Sh STANDARDS +These functions conform to +.St -p1003.1-2008 . +.Sh CAVEATS +The value returned when deleting the root node was unspecified before +the +.St -p1003.1-2008 +standard, so users of the +.Fn tdelete +function should be wary of relying on a specific behaviour. diff --git a/src/lib/libc/stdlib/tsearch.c b/src/lib/libc/stdlib/tsearch.c index 0ad5866172a..1dd31454eb3 100644 --- a/src/lib/libc/stdlib/tsearch.c +++ b/src/lib/libc/stdlib/tsearch.c @@ -1,14 +1,15 @@ +/* $OpenBSD: tsearch.c,v 1.10 2015/09/26 16:03:48 guenther Exp $ */ + /* * Tree search generalized from Knuth (6.2.2) Algorithm T just like * the AT&T man page says. * - * The node_t structure is for internal use only, lint doesn't grok it. + * The node_t structure is for internal use only * * Written by reading the System V Interface Definition, not the code. * * Totally public domain. */ -/*LINTLIBRARY*/ #include #include @@ -20,12 +21,10 @@ typedef struct node_t { /* find or insert datum into search tree */ void * -tsearch(vkey, vrootp, compar) - const void *vkey; /* key to be located */ - void **vrootp; /* address of tree root */ - int (*compar)(const void *, const void *); +tsearch(const void *vkey, void **vrootp, + int (*compar)(const void *, const void *)) { - register node *q; + node *q; char *key = (char *)vkey; node **rootp = (node **)vrootp; @@ -40,7 +39,7 @@ tsearch(vkey, vrootp, compar) &(*rootp)->left : /* T3: follow left branch */ &(*rootp)->right; /* T4: follow right branch */ } - q = (node *) malloc(sizeof(node)); /* T5: key not found */ + q = malloc(sizeof(node)); /* T5: key not found */ if (q != (struct node_t *)0) { /* make new node */ *rootp = q; /* link new node to old */ q->key = key; /* initialize new node */ @@ -51,19 +50,17 @@ tsearch(vkey, vrootp, compar) /* delete node with given key */ void * -tdelete(vkey, vrootp, compar) - const void *vkey; /* key to be deleted */ - void **vrootp; /* address of the root of tree */ - int (*compar)(const void *, const void *); +tdelete(const void *vkey, void **vrootp, + int (*compar)(const void *, const void *)) { node **rootp = (node **)vrootp; char *key = (char *)vkey; - node *p; - register node *q; - register node *r; + node *p = (node *)1; + node *q; + node *r; int cmp; - if (rootp == (struct node_t **)0 || (p = *rootp) == (struct node_t *)0) + if (rootp == (struct node_t **)0 || *rootp == (struct node_t *)0) return ((struct node_t *)0); while ((cmp = (*compar)(key, (*rootp)->key)) != 0) { p = *rootp; @@ -95,10 +92,7 @@ tdelete(vkey, vrootp, compar) /* Walk the nodes of a tree */ static void -trecurse(root, action, level) - register node *root; /* Root of the tree to be walked */ - register void (*action)(); /* Function to be called at each node */ - register int level; +trecurse(node *root, void (*action)(const void *, VISIT, int), int level) { if (root->left == (struct node_t *)0 && root->right == (struct node_t *)0) (*action)(root, leaf, level); @@ -115,12 +109,10 @@ trecurse(root, action, level) /* Walk the nodes of a tree */ void -twalk(vroot, action) - const void *vroot; /* Root of the tree to be walked */ - void (*action)(const void *, VISIT, int); +twalk(const void *vroot, void (*action)(const void *, VISIT, int)) { node *root = (node *)vroot; - if (root != (node *)0 && action != (void(*)())0) + if (root != (node *)0 && action != (void (*)(const void *, VISIT, int))0) trecurse(root, action, 0); } diff --git a/src/lib/libc/string/Makefile.inc b/src/lib/libc/string/Makefile.inc index e7b81d0c43f..a1b1934aad0 100644 --- a/src/lib/libc/string/Makefile.inc +++ b/src/lib/libc/string/Makefile.inc @@ -1,151 +1,35 @@ -# $OpenBSD: Makefile.inc,v 1.10 2001/09/05 16:27:01 mickey Exp $ +# $OpenBSD: Makefile.inc,v 1.39 2017/09/05 03:16:13 schwarze Exp $ # string sources -.PATH: ${LIBCSRCDIR}/arch/${MACHINE_ARCH}/string ${LIBCSRCDIR}/string - -SRCS+= bm.c memccpy.c strcasecmp.c strcoll.c strdup.c strerror.c \ - strlcat.c strmode.c strsignal.c strtok.c strxfrm.c \ - __strerror.c __strsignal.c +.PATH: ${LIBCSRCDIR}/arch/${MACHINE_CPU}/string ${LIBCSRCDIR}/string + +SRCS+= explicit_bzero.c memccpy.c memmem.c memrchr.c stpcpy.c stpncpy.c \ + strcasecmp.c strcasecmp_l.c strcasestr.c strcoll.c strcoll_l.c \ + strdup.c strerror.c strerror_l.c strerror_r.c strmode.c \ + strndup.c strnlen.c strsignal.c strtok.c strxfrm.c strxfrm_l.c \ + timingsafe_bcmp.c timingsafe_memcmp.c \ + wcscat.c wcschr.c wcscmp.c wcscpy.c wcscspn.c wcslcat.c wcslcpy.c \ + wcslen.c wcsncat.c wcsncmp.c wcsncpy.c wcspbrk.c wcsrchr.c wcsspn.c \ + wcsstr.c wcstok.c wcswcs.c wcswidth.c wmemchr.c wmemcmp.c wmemcpy.c \ + wmemmove.c wmemset.c wcsdup.c wcscasecmp.c wcscasecmp_l.c # machine-dependent net sources -# m-d Makefile.inc must include sources for: +# ../arch/ARCH/Makefile.inc must include sources for: # bcmp() bcopy() bzero() ffs() index() memchr() memcmp() memset() -# rindex() strcat() strcmp() strcpy() strcspn() strlen() strlcpy() -# strncat() strncmp() strncpy() strpbrk() strsep() -# strspn() strstr() swav() -# m-d Makefile.inc may include sources for: -# memcpy() memmove() strchr() strrchr() - -.include "${LIBCSRCDIR}/arch/${MACHINE_ARCH}/string/Makefile.inc" - -# if no machine specific memmove(3), build one out of bcopy(3). -.if empty(SRCS:Mmemmove.S) -OBJS+= memmove.o -memmove.o: bcopy.c - ${CC} -DMEMMOVE ${CFLAGS} ${CPPFLAGS} -c ${.ALLSRC} -o ${.TARGET} - @${LD} -x -r ${.TARGET} - @mv a.out ${.TARGET} - -memmove.go: bcopy.c - ${CC} -g -DMEMMOVE ${CFLAGS} ${CPPFLAGS} -c ${.ALLSRC} -o ${.TARGET} - @${LD} -x -r ${.TARGET} - @mv a.out ${.TARGET} - -memmove.po: bcopy.c - ${CC} -DMEMMOVE ${CFLAGS} ${CPPFLAGS} -c -p ${.ALLSRC} -o ${.TARGET} - @${LD} -X -r ${.TARGET} - @mv a.out ${.TARGET} - -memmove.so: bcopy.c - ${CC} ${PICFLAG} -DPIC -DMEMMOVE ${CFLAGS} ${CPPFLAGS} -c ${.ALLSRC} \ - -o ${.TARGET} -.endif - -# if no machine specific memcpy(3), build one out of bcopy(3). -# if there is a machine specific memmove(3), we'll assume it aliases -# memcpy(3). -.if empty(SRCS:Mmemcpy.S) -.if empty(SRCS:Mmemmove.S) -OBJS+= memcpy.o -memcpy.o: bcopy.c - ${CC} -DMEMCOPY ${CFLAGS} ${CPPFLAGS} -c ${.ALLSRC} -o ${.TARGET} - @${LD} -x -r ${.TARGET} - @mv a.out ${.TARGET} - -memcpy.go: bcopy.c - ${CC} -g -DMEMCOPY ${CFLAGS} ${CPPFLAGS} -c ${.ALLSRC} -o ${.TARGET} - @${LD} -x -r ${.TARGET} - @mv a.out ${.TARGET} - -memcpy.po: bcopy.c - ${CC} -DMEMCOPY ${CFLAGS} ${CPPFLAGS} -c -p ${.ALLSRC} -o ${.TARGET} - @${LD} -X -r ${.TARGET} - @mv a.out ${.TARGET} - -memcpy.so: bcopy.c - ${CC} ${PICFLAG} -DPIC -DMEMCOPY ${CFLAGS} ${CPPFLAGS} -c ${.ALLSRC} \ - -o ${.TARGET} -.endif -.endif - -# if no machine specific strchr(3), build one out of index(3). -.if empty(SRCS:Mstrchr.S) -OBJS+= strchr.o -strchr.o: index.c - ${CC} -DSTRCHR ${CFLAGS} ${CPPFLAGS} -c ${.ALLSRC} -o ${.TARGET} - @${LD} -x -r ${.TARGET} - @mv a.out ${.TARGET} - -strchr.go: index.c - ${CC} -g -DSTRCHR ${CFLAGS} ${CPPFLAGS} -c ${.ALLSRC} -o ${.TARGET} - @${LD} -x -r ${.TARGET} - @mv a.out ${.TARGET} - -strchr.po: index.c - ${CC} -DSTRCHR ${CFLAGS} ${CPPFLAGS} -c -p ${.ALLSRC} -o ${.TARGET} - @${LD} -X -r ${.TARGET} - @mv a.out ${.TARGET} - -strchr.so: index.c - ${CC} ${PICFLAG} -DPIC -DSTRCHR ${CFLAGS} ${CPPFLAGS} -c ${.ALLSRC} \ - -o ${.TARGET} -.endif - -# if no machine specific strrchr(3), build one out of rindex(3). -.if empty(SRCS:Mstrrchr.S) -OBJS+= strrchr.o -strrchr.o: rindex.c - ${CC} -DSTRRCHR ${CFLAGS} ${CPPFLAGS} -c ${.ALLSRC} -o ${.TARGET} - @${LD} -x -r ${.TARGET} - @mv a.out ${.TARGET} - -strrchr.go: rindex.c - ${CC} -g -DSTRRCHR ${CFLAGS} ${CPPFLAGS} -c ${.ALLSRC} -o ${.TARGET} - @${LD} -x -r ${.TARGET} - @mv a.out ${.TARGET} - -strrchr.po: rindex.c - ${CC} -DSTRRCHR ${CFLAGS} ${CPPFLAGS} -c -p ${.ALLSRC} -o ${.TARGET} - @${LD} -X -r ${.TARGET} - @mv a.out ${.TARGET} - -strrchr.so: rindex.c - ${CC} ${PICFLAG} -DPIC -DSTRRCHR ${CFLAGS} ${CPPFLAGS} -c ${.ALLSRC} \ - -o ${.TARGET} -.endif - -# build .ln files for memmove, memcpy, strchr and strrchr always from -# bcopy, index, and rindex -LOBJS+= memmove.ln memcpy.ln strchr.ln strrchr.ln - -memmove.ln: bcopy.c - lint ${LINTFLAGS} -DMEMMOVE ${CFLAGS:M-[IDU]*} -i -o ${.TARGET} \ - ${LIBCSRCDIR}/string/bcopy.c - -memcpy.ln: bcopy.c - lint ${LINTFLAGS} -DMEMCOPY ${CFLAGS:M-[IDU]*} -i -o ${.TARGET} \ - ${LIBCSRCDIR}/string/bcopy.c - -strchr.ln: index.c - lint ${LINTFLAGS} -DSTRCHR ${CFLAGS:M-[IDU]*} -i -o ${.TARGET} \ - ${LIBCSRCDIR}/string/index.c - -strrchr.ln: rindex.c - lint ${LINTFLAGS} -DSTRRCHR ${CFLAGS:M-[IDU]*} -i -o ${.TARGET} \ - ${LIBCSRCDIR}/string/rindex.c - -MAN+= bm.3 bcmp.3 bcopy.3 bstring.3 bzero.3 ffs.3 memccpy.3 memchr.3 \ - memcmp.3 memcpy.3 memmove.3 memset.3 strcasecmp.3 strcat.3 \ - strchr.3 strcmp.3 strcoll.3 strcpy.3 strcspn.3 strerror.3 \ - string.3 strlen.3 strmode.3 strdup.3 strpbrk.3 strrchr.3 strsep.3 \ - strsignal.3 strspn.3 strstr.3 strtok.3 strxfrm.3 swab.3 strlcpy.3 - -MLINKS+=bm.3 bm_comp.3 bm.3 bm_exec.3 bm.3 bm_free.3 -MLINKS+=strchr.3 index.3 -MLINKS+=strrchr.3 rindex.3 -MLINKS+=strcasecmp.3 strncasecmp.3 -MLINKS+=strcat.3 strncat.3 -MLINKS+=strcmp.3 strncmp.3 -MLINKS+=strcpy.3 strncpy.3 -MLINKS+=strlcpy.3 strlcat.3 -MLINKS+=strtok.3 strtok_r.3 +# memcpy() memmove() memset() rindex() strcat() strchr() +# strcmp() strcpy() strcspn() strlen() strlcat() strlcpy() +# strncat() strncmp() strncpy() strpbrk() strrchr() strsep() +# strspn() strstr() swab() + +.include "${LIBCSRCDIR}/arch/${MACHINE_CPU}/string/Makefile.inc" + +MAN+= bcmp.3 bcopy.3 bzero.3 ffs.3 memccpy.3 memchr.3 \ + memcmp.3 memcpy.3 memmem.3 memmove.3 memset.3 stpcpy.3 strcasecmp.3 \ + strcat.3 strchr.3 strcmp.3 strcoll.3 strcpy.3 strcspn.3 strdup.3 \ + strerror.3 strlen.3 strmode.3 strncat.3 strncpy.3 strpbrk.3 \ + strrchr.3 strsep.3 strsignal.3 strspn.3 strstr.3 strtok.3 strxfrm.3 \ + swab.3 strlcpy.3 timingsafe_bcmp.3 \ + wcscasecmp.3 wcscat.3 wcschr.3 wcscmp.3 wcscpy.3 \ + wcscspn.3 wcsdup.3 wcslcpy.3 wcslen.3 wcspbrk.3 wcsrchr.3 wcsspn.3 \ + wcsstr.3 wcstok.3 wcswidth.3 wmemchr.3 wmemcmp.3 wmemcpy.3 wmemmove.3 \ + wmemset.3 diff --git a/src/lib/libc/string/__strerror.c b/src/lib/libc/string/__strerror.c deleted file mode 100644 index ae19ab33654..00000000000 --- a/src/lib/libc/string/__strerror.c +++ /dev/null @@ -1,114 +0,0 @@ -/* - * Copyright (c) 1988 Regents of the University of California. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: __strerror.c,v 1.8 2001/12/08 20:37:32 deraadt Exp $"; -#endif /* LIBC_SCCS and not lint */ - -#ifdef NLS -#define catclose _catclose -#define catgets _catgets -#define catopen _catopen -#include -#endif - -#define sys_errlist _sys_errlist -#define sys_nerr _sys_nerr - -#include -#include -#include -#include - -static char * -itoa(num) - int num; -{ - static char buffer[11]; - char *p; - - p = buffer + 4; - while (num >= 10) { - *--p = (num % 10) + '0'; - num /= 10; - } - *p = (num % 10) + '0'; - return p; -} - -/* - * Since perror() is not allowed to change the contents of strerror()'s - * static buffer, both functions supply their own buffers to the - * internal function __strerror(). - */ - -char * -__strerror(num, buf) - int num; - char *buf; -{ -#define UPREFIX "Unknown error: " - register unsigned int errnum; -#ifdef NLS - int save_errno; - nl_catd catd; - - catd = catopen("libc", 0); -#endif - - errnum = num; /* convert to unsigned */ - if (errnum < sys_nerr) { -#ifdef NLS - strlcpy(buf, catgets(catd, 1, errnum, - (char *)sys_errlist[errnum]), NL_TEXTMAX); -#else - return(sys_errlist[errnum]); -#endif - } else { -#ifdef NLS - strlcpy(buf, catgets(catd, 1, 0xffff, UPREFIX), NL_TEXTMAX); -#else - strcpy(buf, UPREFIX); -#endif - strncat(buf, itoa(errnum), NL_TEXTMAX-strlen(buf)-1); - errno = EINVAL; - } - -#ifdef NLS - save_errno = errno; - catclose(catd); - errno = save_errno; -#endif - - return buf; -} diff --git a/src/lib/libc/string/__strsignal.c b/src/lib/libc/string/__strsignal.c deleted file mode 100644 index 4ca5bad3c0f..00000000000 --- a/src/lib/libc/string/__strsignal.c +++ /dev/null @@ -1,102 +0,0 @@ -/* - * Copyright (c) 1988 Regents of the University of California. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: __strsignal.c,v 1.6 2001/06/27 00:58:56 lebel Exp $"; -#endif /* LIBC_SCCS and not lint */ - -#ifdef NLS -#define catclose _catclose -#define catgets _catgets -#define catopen _catopen -#include -#endif - -#define sys_siglist _sys_siglist - -#include -#include -#include -#include - -static char *itoa(num) - int num; -{ - static char buffer[11]; - char *p; - - p = buffer + 4; - while (num >= 10) { - *--p = (num % 10) + '0'; - num /= 10; - } - *p = (num % 10) + '0'; - return p; -} - -char * -__strsignal(num, buf) - int num; - char *buf; -{ -#define UPREFIX "Unknown signal: " - register unsigned int signum; - -#ifdef NLS - nl_catd catd ; - catd = catopen("libc", 0); -#endif - - signum = num; /* convert to unsigned */ - if (signum < NSIG) { -#ifdef NLS - strlcpy(buf, catgets(catd, 2, signum, - (char *)sys_siglist[signum]), NL_TEXTMAX); -#else - return((char *)sys_siglist[signum]); -#endif - } else { -#ifdef NLS - strlcpy(buf, catgets(catd, 1, 0xffff, UPREFIX), NL_TEXTMAX); -#else - strcpy(buf, UPREFIX); -#endif - strncat(buf, itoa(signum), NL_TEXTMAX-strlen(buf)-1); - } - -#ifdef NLS - catclose(catd); -#endif - - return buf; -} diff --git a/src/lib/libc/string/bcmp.3 b/src/lib/libc/string/bcmp.3 index d880c1e6f08..a3cb1dfb743 100644 --- a/src/lib/libc/string/bcmp.3 +++ b/src/lib/libc/string/bcmp.3 @@ -11,11 +11,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -31,16 +27,16 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: bcmp.3,v 1.5 2000/04/21 15:24:18 aaron Exp $ +.\" $OpenBSD: bcmp.3,v 1.12 2015/11/24 09:14:35 daniel Exp $ .\" -.Dd April 19, 1991 +.Dd $Mdocdate: November 24 2015 $ .Dt BCMP 3 .Os .Sh NAME .Nm bcmp .Nd compare byte string .Sh SYNOPSIS -.Fd #include +.In strings.h .Ft int .Fn bcmp "const void *b1" "const void *b2" "size_t len" .Sh DESCRIPTION @@ -62,9 +58,10 @@ The strings may overlap. .Xr strcasecmp 3 , .Xr strcmp 3 , .Xr strcoll 3 , -.Xr strxfrm 3 +.Xr strxfrm 3 , +.Xr timingsafe_bcmp 3 .Sh HISTORY -A +The .Fn bcmp function first appeared in .Bx 4.2 . diff --git a/src/lib/libc/string/bcmp.c b/src/lib/libc/string/bcmp.c index 4ed00975a49..5d446bf0966 100644 --- a/src/lib/libc/string/bcmp.c +++ b/src/lib/libc/string/bcmp.c @@ -1,3 +1,5 @@ +/* $OpenBSD: bcmp.c,v 1.11 2015/08/31 02:53:57 guenther Exp $ */ + /* * Copyright (c) 1987 Regents of the University of California. * All rights reserved. @@ -10,11 +12,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -31,33 +29,24 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: bcmp.c,v 1.4 1996/08/19 08:33:57 tholo Exp $"; -#endif /* LIBC_SCCS and not lint */ - -#ifndef _KERNEL #include -#else -#include -#endif /* * bcmp -- vax cmpc3 instruction */ int -bcmp(b1, b2, length) - const void *b1, *b2; - register size_t length; +bcmp(const void *b1, const void *b2, size_t length) { - register char *p1, *p2; + char *p1, *p2; if (length == 0) - return(0); + return (0); p1 = (char *)b1; p2 = (char *)b2; do if (*p1++ != *p2++) - break; + return (1); while (--length); - return(length); + return (0); } +DEF_WEAK(bcmp); diff --git a/src/lib/libc/string/bcopy.3 b/src/lib/libc/string/bcopy.3 index b290418f4a3..68c63f92ec2 100644 --- a/src/lib/libc/string/bcopy.3 +++ b/src/lib/libc/string/bcopy.3 @@ -12,11 +12,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -32,16 +28,16 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: bcopy.3,v 1.5 2000/04/21 15:24:19 aaron Exp $ +.\" $OpenBSD: bcopy.3,v 1.12 2015/11/24 09:14:35 daniel Exp $ .\" -.Dd April 19, 1991 +.Dd $Mdocdate: November 24 2015 $ .Dt BCOPY 3 .Os .Sh NAME .Nm bcopy -.Nd copy byte string +.Nd copy bytes .Sh SYNOPSIS -.Fd #include +.In strings.h .Ft void .Fn bcopy "const void *src" "void *dst" "size_t len" .Sh DESCRIPTION @@ -49,11 +45,11 @@ The .Fn bcopy function copies .Fa len -bytes from string +bytes from buffer .Fa src -to string +to buffer .Fa dst . -The two strings may overlap. +The two buffers may overlap. If .Fa len is zero, no bytes are copied. @@ -62,9 +58,10 @@ is zero, no bytes are copied. .Xr memcpy 3 , .Xr memmove 3 , .Xr strcpy 3 , +.Xr strlcpy 3 , .Xr strncpy 3 .Sh HISTORY -A +The .Fn bcopy -function appeared in +function first appeared in .Bx 4.2 . diff --git a/src/lib/libc/string/bcopy.c b/src/lib/libc/string/bcopy.c index 023a3b2db2e..ef0d3680538 100644 --- a/src/lib/libc/string/bcopy.c +++ b/src/lib/libc/string/bcopy.c @@ -1,3 +1,4 @@ +/* $OpenBSD: bcopy.c,v 1.7 2015/08/31 02:53:57 guenther Exp $ */ /*- * Copyright (c) 1990 The Regents of the University of California. * All rights reserved. @@ -13,11 +14,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -34,10 +31,6 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: bcopy.c,v 1.2 1996/08/19 08:33:58 tholo Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include /* @@ -51,28 +44,13 @@ typedef long word; /* "word" used for optimal copy speed */ /* * Copy a block of memory, handling overlap. - * This is the routine that actually implements - * (the portable versions of) bcopy, memcpy, and memmove. */ -#ifdef MEMCOPY -void * -memcpy(dst0, src0, length) -#else -#ifdef MEMMOVE -void * -memmove(dst0, src0, length) -#else void -bcopy(src0, dst0, length) -#endif -#endif - void *dst0; - const void *src0; - register size_t length; +bcopy(const void *src0, void *dst0, size_t length) { - register char *dst = dst0; - register const char *src = src0; - register size_t t; + char *dst = dst0; + const char *src = src0; + size_t t; if (length == 0 || dst == src) /* nothing to do */ goto done; @@ -130,9 +108,6 @@ bcopy(src0, dst0, length) TLOOP(*--dst = *--src); } done: -#if defined(MEMCOPY) || defined(MEMMOVE) - return (dst0); -#else return; -#endif } +DEF_WEAK(bcopy); diff --git a/src/lib/libc/string/bm.3 b/src/lib/libc/string/bm.3 deleted file mode 100644 index 7138ee42716..00000000000 --- a/src/lib/libc/string/bm.3 +++ /dev/null @@ -1,115 +0,0 @@ -.\" Copyright (c) 1994 -.\" The Regents of the University of California. All rights reserved. -.\" -.\" This code is derived from software contributed to Berkeley by -.\" Andrew Hume of AT&T Bell Laboratories. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $OpenBSD: bm.3,v 1.6 2001/06/23 14:42:12 deraadt Exp $ -.\" -.Dd June 29, 1999 -.Dt BM 3 -.Os -.Sh NAME -.Nm bm_comp , -.Nm bm_exec , -.Nm bm_free -.Nd Boyer-Moore string search -.Sh SYNOPSIS -.Fd #include -.Fd #include -.Ft bm_pat * -.Fn bm_comp "u_char *pattern" "size_t patlen" "u_char freq[256]" -.Ft u_char * -.Fn bm_exec "bm_pat *pdesc" "u_char *text" "size_t len" -.Ft void -.Fn bm_free "bm_pat *pdesc" -.Sh DESCRIPTION -These routines implement an efficient mechanism to find an -occurrence of a byte string within another byte string. -.Pp -.Fn bm_comp -evaluates -.Fa patlen -bytes starting at -.Fa pattern -and returns a pointer to a structure describing them. -The bytes referenced by -.Fa pattern -may be of any value. -.Pp -The search takes advantage of the frequency distribution of the -bytes in the text to be searched. -If specified, -.Ar freq -should be an array of 256 values, -with higher values indicating that the corresponding character occurs -more frequently. -(A less than optimal frequency distribution can only result in less -than optimal performance, not incorrect results.) -If -.Ar freq -is -.Dv NULL , -a system default table is used. -.Pp -.Fn bm_exec -returns a pointer to the leftmost occurrence of the string given to -.Fn bm_comp -within -.Ar text , -or -.Dv NULL -if none occurs. -The number of bytes in -.Ar text -must be specified by -.Ar len . -.Pp -Space allocated for the returned description is discarded -by calling -.Fn bm_free -with the returned description as an argument. -.Pp -The asymptotic speed of -.Fn bm_exec -is -.Pf O Ns Pq len / patlen . -.Sh SEE ALSO -.Xr regexp 3 , -.Xr strstr 3 -.Rs -.%R "Fast String Searching" -.%A Andrew Hume -.%A Daniel Sunday -.%J "Software Practice and Experience" -.%V Volume 21, 11 (November 1991) -.%P 1221-48 -.Re diff --git a/src/lib/libc/string/bm.c b/src/lib/libc/string/bm.c deleted file mode 100644 index b191d340f6c..00000000000 --- a/src/lib/libc/string/bm.c +++ /dev/null @@ -1,219 +0,0 @@ -/*- - * Copyright (c) 1994 - * The Regents of the University of California. All rights reserved. - * - * This code is derived from software contributed to Berkeley by - * Andrew Hume of AT&T Bell Laboratories. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: bm.c,v 1.3 1996/08/19 08:33:59 tholo Exp $"; -#endif /* LIBC_SCCS and not lint */ - -#include - -#include -#include -#include -#include - -/* - * XXX - * The default frequency table starts at 99 and counts down. The default - * table should probably be oriented toward text, and will necessarily be - * locale specific. This one is for English. It was derived from the - * OSF/1 and 4.4BSD formatted and unformatted manual pages, and about 100Mb - * of email and random text. Change it if you can find something better. - */ -static u_char const freq_def[256] = { - 0, 0, 0, 0, 0, 0, 0, 0, - 0, 77, 90, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, - 99, 28, 42, 27, 16, 14, 20, 51, - 66, 65, 59, 24, 75, 76, 84, 56, - 72, 74, 64, 55, 54, 47, 41, 37, - 44, 61, 70, 43, 23, 53, 49, 22, - 33, 58, 40, 46, 45, 57, 60, 26, - 30, 63, 21, 12, 32, 50, 38, 39, - 34, 11, 48, 67, 62, 35, 15, 29, - 71, 18, 9, 17, 25, 13, 10, 52, - 36, 95, 78, 86, 87, 98, 82, 80, - 88, 94, 19, 68, 89, 83, 93, 96, - 81, 7, 91, 92, 97, 85, 69, 73, - 31, 79, 8, 5, 4, 6, 3, 0, - 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, -}; - -bm_pat * -bm_comp(pb, len, freq) - u_char const *pb; - size_t len; - u_char const *freq; -{ - register u_char const *pe, *p; - register size_t *d, r; - register int j; - int sv_errno; - bm_pat *pat; - - if (len == 0) { - errno = EINVAL; - return (NULL); - } - if ((pat = malloc(sizeof(*pat))) == NULL) - return (NULL); - pat->pat = NULL; - pat->delta = NULL; - - pat->patlen = len; /* copy pattern */ - if ((pat->pat = malloc(pat->patlen)) == NULL) - goto mem; - memcpy(pat->pat, pb, pat->patlen); - /* get skip delta */ - if ((pat->delta = malloc(256 * sizeof(*d))) == NULL) - goto mem; - for (j = 0, d = pat->delta; j < 256; j++) - d[j] = pat->patlen; - for (pe = pb + pat->patlen - 1; pb <= pe; pb++) - d[*pb] = pe - pb; - - if (freq == NULL) /* default freq table */ - freq = freq_def; - r = 0; /* get guard */ - for (pb = pat->pat, pe = pb + pat->patlen - 1; pb < pe; pb++) - if (freq[*pb] < freq[pat->pat[r]]) - r = pb - pat->pat; - pat->rarec = pat->pat[r]; - pat->rareoff = r - (pat->patlen - 1); - - /* get md2 shift */ - for (pe = pat->pat + pat->patlen - 1, p = pe - 1; p >= pat->pat; p--) - if (*p == *pe) - break; - - /* *p is first leftward reoccurrence of *pe */ - pat->md2 = pe - p; - return (pat); - -mem: sv_errno = errno; - bm_free(pat); - errno = sv_errno; - return (NULL); -} - -void -bm_free(pat) - bm_pat *pat; -{ - if (pat->pat != NULL) - free(pat->pat); - if (pat->delta != NULL) - free(pat->delta); - free(pat); -} - -u_char * -bm_exec(pat, base, n) - bm_pat *pat; - u_char *base; - size_t n; -{ - register u_char *e, *ep, *p, *q, *s; - register size_t *d0, k, md2, n1, ro; - register int rc; - - if (n == 0) - return (NULL); - - d0 = pat->delta; - n1 = pat->patlen - 1; - md2 = pat->md2; - ro = pat->rareoff; - rc = pat->rarec; - ep = pat->pat + pat->patlen - 1; - s = base + (pat->patlen - 1); - - /* fast loop up to n - 3 * patlen */ - e = base + n - 3 * pat->patlen; - while (s < e) { - k = d0[*s]; /* ufast skip loop */ - while (k) { - k = d0[*(s += k)]; - k = d0[*(s += k)]; - } - if (s >= e) - break; - if (s[ro] != rc) /* guard test */ - goto mismatch1; - /* fwd match */ - for (p = pat->pat, q = s - n1; p < ep;) - if (*q++ != *p++) - goto mismatch1; - return (s - n1); - -mismatch1: s += md2; /* md2 shift */ - } - - /* slow loop up to end */ - e = base + n; - while (s < e) { - s += d0[*s]; /* step */ - if (s >= e) - break; - if (s[ro] != rc) /* guard test */ - goto mismatch2; - /* fwd match */ - for (p = pat->pat, q = s - n1; p <= ep;) - if (*q++ != *p++) - goto mismatch2; - return (s - n1); - -mismatch2: s += md2; /* md2 shift */ - } - - return (NULL); -} diff --git a/src/lib/libc/string/bstring.3 b/src/lib/libc/string/bstring.3 deleted file mode 100644 index 85283321c83..00000000000 --- a/src/lib/libc/string/bstring.3 +++ /dev/null @@ -1,110 +0,0 @@ -.\" Copyright (c) 1990, 1991 The Regents of the University of California. -.\" All rights reserved. -.\" -.\" This code is derived from software contributed to Berkeley by -.\" Chris Torek. -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $OpenBSD: bstring.3,v 1.4 2000/04/21 15:24:19 aaron Exp $ -.\" -.Dd April 19, 1991 -.Dt BSTRING 3 -.Os -.Sh NAME -.Nm bcmp , -.Nm bcopy , -.Nm bzero , -.Nm memccpy , -.Nm memchr , -.Nm memcmp , -.Nm memcpy , -.Nm memmove , -.Nm memset -.Nd byte string operations -.Sh SYNOPSIS -.Fd #include -.Ft int -.Fn bcmp "const void *b1" "const void *b2" "size_t len" -.Ft void -.Fn bcopy "const void *src" "void *dst" "size_t len" -.Ft void -.Fn bzero "void *b" "size_t len" -.Ft void * -.Fn memchr "const void *b" "int c" "size_t len" -.Ft int -.Fn memcmp "const void *b1" "const void *b2" "size_t len" -.Ft void * -.Fn memccpy "void *dst" "const void *src" "int c" "size_t len" -.Ft void * -.Fn memcpy "void *dst" "const void *src" "size_t len" -.Ft void * -.Fn memmove "void *dst" "const void *src" "size_t len" -.Ft void * -.Fn memset "void *b" "int c" "size_t len" -.Sh DESCRIPTION -These functions operate on variable length strings of bytes. -They do not check for terminating null bytes as the routines -listed in -.Xr string 3 -do. -.Pp -See the specific manual pages for more information. -.Sh SEE ALSO -.Xr bcmp 3 , -.Xr bcopy 3 , -.Xr bzero 3 , -.Xr memccpy 3 , -.Xr memchr 3 , -.Xr memcmp 3 , -.Xr memcpy 3 , -.Xr memmove 3 , -.Xr memset 3 -.Sh STANDARDS -The functions -.Fn memchr , -.Fn memcmp , -.Fn memcpy , -.Fn memmove , -and -.Fn memset -conform to -.St -ansiC . -.Sh HISTORY -The -.Fn bzero -and -.Fn memccpy -functions appeared in -.Bx 4.3 . -The -.Fn bcmp -and -.Fn bcopy -functions appeared in -.Bx 4.2 . diff --git a/src/lib/libc/string/bzero.3 b/src/lib/libc/string/bzero.3 index a735d5ef3f2..87a23e20bb3 100644 --- a/src/lib/libc/string/bzero.3 +++ b/src/lib/libc/string/bzero.3 @@ -11,11 +11,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -31,18 +27,22 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: bzero.3,v 1.5 2000/04/21 15:24:19 aaron Exp $ +.\" $OpenBSD: bzero.3,v 1.13 2017/10/12 15:22:32 schwarze Exp $ .\" -.Dd April 19, 1991 +.Dd $Mdocdate: October 12 2017 $ .Dt BZERO 3 .Os .Sh NAME -.Nm bzero +.Nm bzero , +.Nm explicit_bzero .Nd write zeroes to a byte string .Sh SYNOPSIS -.Fd #include +.In strings.h .Ft void .Fn bzero "void *b" "size_t len" +.In string.h +.Ft void +.Fn explicit_bzero "void *b" "size_t len" .Sh DESCRIPTION The .Fn bzero @@ -55,11 +55,38 @@ If is zero, .Fn bzero does nothing. +.Pp +The +.Fn explicit_bzero +variant behaves the same, but will not be removed by a compiler's dead store +optimization pass, making it useful for clearing sensitive memory such as a +password. .Sh SEE ALSO .Xr memset 3 , .Xr swab 3 +.Sh STANDARDS +The +.Fn bzero +function conforms to the X/Open System Interfaces option of the +.St -p1003.1-2004 +specification. +It was removed from the standard in +.St -p1003.1-2008 , +which recommends using +.Xr memset 3 +instead. +.Pp +The +.Fn explicit_bzero +function is an +.Ox +extension. .Sh HISTORY -A +The .Fn bzero -function appeared in -.Bx 4.3 . +function first appeared in +.Bx 4.2 . +The +.Fn explicit_bzero +function first appeared in +.Ox 5.5 . diff --git a/src/lib/libc/string/bzero.c b/src/lib/libc/string/bzero.c index 3e660a307fe..5173de26dd1 100644 --- a/src/lib/libc/string/bzero.c +++ b/src/lib/libc/string/bzero.c @@ -1,3 +1,5 @@ +/* $OpenBSD: bzero.c,v 1.9 2015/08/31 02:53:57 guenther Exp $ */ + /* * Copyright (c) 1987 Regents of the University of California. * All rights reserved. @@ -10,11 +12,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -31,26 +29,17 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: bzero.c,v 1.3 1996/08/19 08:34:00 tholo Exp $"; -#endif /* LIBC_SCCS and not lint */ - -#ifndef _KERNEL #include -#else -#include -#endif /* * bzero -- vax movc5 instruction */ void -bzero(b, length) - void *b; - register size_t length; +bzero(void *b, size_t length) { - register char *p; + char *p; for (p = b; length--;) *p++ = '\0'; } +DEF_WEAK(bzero); diff --git a/src/lib/libc/string/explicit_bzero.c b/src/lib/libc/string/explicit_bzero.c new file mode 100644 index 00000000000..003ea7cc4c6 --- /dev/null +++ b/src/lib/libc/string/explicit_bzero.c @@ -0,0 +1,20 @@ +/* $OpenBSD: explicit_bzero.c,v 1.4 2015/08/31 02:53:57 guenther Exp $ */ +/* + * Public domain. + * Written by Matthew Dempsky. + */ + +#include + +__attribute__((weak)) void +__explicit_bzero_hook(void *buf, size_t len) +{ +} + +void +explicit_bzero(void *buf, size_t len) +{ + memset(buf, 0, len); + __explicit_bzero_hook(buf, len); +} +DEF_WEAK(explicit_bzero); diff --git a/src/lib/libc/string/ffs.3 b/src/lib/libc/string/ffs.3 index dc7a20741e6..d3ee24be5a9 100644 --- a/src/lib/libc/string/ffs.3 +++ b/src/lib/libc/string/ffs.3 @@ -11,11 +11,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -31,16 +27,16 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: ffs.3,v 1.3 2000/04/21 15:24:19 aaron Exp $ +.\" $OpenBSD: ffs.3,v 1.10 2015/11/24 09:14:35 daniel Exp $ .\" -.Dd April 19, 1991 +.Dd $Mdocdate: November 24 2015 $ .Dt FFS 3 .Os .Sh NAME .Nm ffs .Nd find first bit set in a bit string .Sh SYNOPSIS -.Fd #include +.In strings.h .Ft int .Fn ffs "int value" .Sh DESCRIPTION @@ -53,8 +49,13 @@ Bits are numbered starting from 1, starting at the rightmost bit. A return value of 0 means that the argument was zero. .Sh SEE ALSO .Xr bitstring 3 +.Sh STANDARDS +The +.Fn ffs +function conforms to +.St -p1003.1-2008 . .Sh HISTORY The .Fn ffs -function appeared in -.Bx 4.3 . +function first appeared in +.Bx 4.2 . diff --git a/src/lib/libc/string/ffs.c b/src/lib/libc/string/ffs.c index 887ce437d47..09d6e35eca2 100644 --- a/src/lib/libc/string/ffs.c +++ b/src/lib/libc/string/ffs.c @@ -1,29 +1,20 @@ -/* $OpenBSD: ffs.c,v 1.5 2000/07/02 03:10:38 mickey Exp $ */ +/* $OpenBSD: ffs.c,v 1.10 2018/01/18 08:23:44 guenther Exp $ */ /* * Public domain. * Written by Dale Rahn. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: ffs.c,v 1.5 2000/07/02 03:10:38 mickey Exp $"; -#endif /* LIBC_SCCS and not lint */ - -#if !defined(_KERNEL) && !defined(_STANDALONE) #include -#else -#include -#endif /* * ffs -- vax ffs instruction */ int -ffs(mask) - register int mask; +ffs(int mask) { - register int bit; - register unsigned int r = mask; + int bit; + unsigned int r = mask; static const signed char t[16] = { -28, 1, 2, 1, 3, 1, 2, 1, diff --git a/src/lib/libc/string/index.c b/src/lib/libc/string/index.c deleted file mode 100644 index 8e4b1464933..00000000000 --- a/src/lib/libc/string/index.c +++ /dev/null @@ -1,54 +0,0 @@ -/*- - * Copyright (c) 1990 The Regents of the University of California. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: index.c,v 1.3 2002/07/24 04:16:01 millert Exp $"; -#endif /* LIBC_SCCS and not lint */ - -#include - -char * -#ifdef STRCHR -strchr(const char *p, int ch) -#else -index(const char *p, int ch) -#endif -{ - for (;; ++p) { - if (*p == ch) - return((char *)p); - if (!*p) - return((char *)NULL); - } - /* NOTREACHED */ -} diff --git a/src/lib/libc/string/memccpy.3 b/src/lib/libc/string/memccpy.3 index feedeff3a64..98326d68713 100644 --- a/src/lib/libc/string/memccpy.3 +++ b/src/lib/libc/string/memccpy.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: memccpy.3,v 1.6 2000/04/21 15:24:19 aaron Exp $ +.\" $OpenBSD: memccpy.3,v 1.12 2013/09/25 21:49:30 millert Exp $ .\" .\" Copyright (c) 1990, 1991, 1993 .\" The Regents of the University of California. All rights reserved. @@ -11,11 +11,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -33,14 +29,14 @@ .\" .\" @(#)memccpy.3 8.1 (Berkeley) 6/9/93 .\" -.Dd June 9, 1993 +.Dd $Mdocdate: September 25 2013 $ .Dt MEMCCPY 3 .Os .Sh NAME .Nm memccpy .Nd copy string until character found .Sh SYNOPSIS -.Fd #include +.In string.h .Ft void * .Fn memccpy "void *dst" "const void *src" "int c" "size_t len" .Sh DESCRIPTION @@ -64,13 +60,22 @@ is returned. Otherwise, .Fa len bytes are copied, and a null pointer is returned. +.Pp +If the +.Fa src +and +.Fa dst +strings overlap, the behavior is undefined. .Sh SEE ALSO .Xr bcopy 3 , .Xr memcpy 3 , .Xr memmove 3 , -.Xr strcpy 3 +.Xr strcpy 3 , +.Xr strlcpy 3 .Sh HISTORY The .Fn memccpy function first appeared in -.Bx 4.4 . +.At V +and was reimplemented for +.Bx 4.3 Tahoe . diff --git a/src/lib/libc/string/memccpy.c b/src/lib/libc/string/memccpy.c index 020e6e56797..635061b8cb9 100644 --- a/src/lib/libc/string/memccpy.c +++ b/src/lib/libc/string/memccpy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: memccpy.c,v 1.3 1997/08/20 04:09:39 millert Exp $ */ +/* $OpenBSD: memccpy.c,v 1.7 2015/08/31 02:53:57 guenther Exp $ */ /*- * Copyright (c) 1990, 1993 @@ -12,11 +12,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -33,28 +29,16 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -#if 0 -static char sccsid[] = "@(#)memccpy.c 8.1 (Berkeley) 6/4/93"; -#else -static char *rcsid = "$OpenBSD: memccpy.c,v 1.3 1997/08/20 04:09:39 millert Exp $"; -#endif -#endif /* LIBC_SCCS and not lint */ - #include void * -memccpy(t, f, c, n) - void *t; - const void *f; - int c; - register size_t n; +memccpy(void *t, const void *f, int c, size_t n) { if (n) { - register unsigned char *tp = t; - register const unsigned char *fp = f; - register unsigned char uc = c; + unsigned char *tp = t; + const unsigned char *fp = f; + unsigned char uc = c; do { if ((*tp++ = *fp++) == uc) return (tp); @@ -62,3 +46,4 @@ memccpy(t, f, c, n) } return (0); } +DEF_WEAK(memccpy); diff --git a/src/lib/libc/string/memchr.3 b/src/lib/libc/string/memchr.3 index 632c440b5b8..8d8a9ddf9ce 100644 --- a/src/lib/libc/string/memchr.3 +++ b/src/lib/libc/string/memchr.3 @@ -1,3 +1,5 @@ +.\" $OpenBSD: memchr.3,v 1.12 2014/04/07 17:57:56 schwarze Exp $ +.\" .\" Copyright (c) 1990, 1991 The Regents of the University of California. .\" All rights reserved. .\" @@ -13,11 +15,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -33,18 +31,19 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: memchr.3,v 1.5 2000/04/21 15:24:19 aaron Exp $ -.\" -.Dd June 29, 1991 +.Dd $Mdocdate: April 7 2014 $ .Dt MEMCHR 3 .Os .Sh NAME -.Nm memchr +.Nm memchr , +.Nm memrchr .Nd locate byte in byte string .Sh SYNOPSIS -.Fd #include +.In string.h .Ft void * .Fn memchr "const void *b" "int c" "size_t len" +.Ft void * +.Fn memrchr "const void *b" "int c" "size_t len" .Sh DESCRIPTION The .Fn memchr @@ -54,10 +53,21 @@ function locates the first occurrence of .Li unsigned char ) in string .Fa b . +.Pp +The +.Fn memrchr +function behaves like +.Fn memchr , +except that it locates the last occurrence of +.Fa c +in string +.Fa b . .Sh RETURN VALUES The .Fn memchr -function returns a pointer to the byte located, or +and +.Fn memrchr +functions return a pointer to the byte located, or .Dv NULL if no such byte exists within .Fa len @@ -70,9 +80,23 @@ bytes. .Xr strsep 3 , .Xr strspn 3 , .Xr strstr 3 , -.Xr strtok 3 +.Xr strtok 3 , +.Xr wmemchr 3 .Sh STANDARDS The .Fn memchr function conforms to .St -ansiC . +.Pp +The +.Fn memrchr +function is an +.Ox +extension. +.Sh HISTORY +The +.Fn memchr +function first appeared in +.At V +and was reimplemented for +.Bx 4.3 Tahoe . diff --git a/src/lib/libc/string/memchr.c b/src/lib/libc/string/memchr.c index d605d4734f2..a6a4bd60d03 100644 --- a/src/lib/libc/string/memchr.c +++ b/src/lib/libc/string/memchr.c @@ -1,3 +1,4 @@ +/* $OpenBSD: memchr.c,v 1.8 2015/08/31 02:53:57 guenther Exp $ */ /*- * Copyright (c) 1990 The Regents of the University of California. * All rights reserved. @@ -13,11 +14,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -34,17 +31,10 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: memchr.c,v 1.4 2001/09/07 08:09:31 espie Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include void * -memchr(s, c, n) - const void *s; - int c; - size_t n; +memchr(const void *s, int c, size_t n) { if (n != 0) { const unsigned char *p = s; @@ -56,3 +46,4 @@ memchr(s, c, n) } return (NULL); } +DEF_STRONG(memchr); diff --git a/src/lib/libc/string/memcmp.3 b/src/lib/libc/string/memcmp.3 index db4fef364bd..25d308e6171 100644 --- a/src/lib/libc/string/memcmp.3 +++ b/src/lib/libc/string/memcmp.3 @@ -1,3 +1,5 @@ +.\" $OpenBSD: memcmp.3,v 1.9 2014/06/13 02:12:17 matthew Exp $ +.\" .\" Copyright (c) 1990, 1991 The Regents of the University of California. .\" All rights reserved. .\" @@ -13,11 +15,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -33,16 +31,14 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: memcmp.3,v 1.4 2000/04/21 15:24:19 aaron Exp $ -.\" -.Dd June 29, 1991 +.Dd $Mdocdate: June 13 2014 $ .Dt MEMCMP 3 .Os .Sh NAME .Nm memcmp .Nd compare byte string .Sh SYNOPSIS -.Fd #include +.In string.h .Ft int .Fn memcmp "const void *b1" "const void *b2" "size_t len" .Sh DESCRIPTION @@ -73,9 +69,18 @@ Zero-length strings are always identical. .Xr strcasecmp 3 , .Xr strcmp 3 , .Xr strcoll 3 , -.Xr strxfrm 3 +.Xr strxfrm 3 , +.Xr timingsafe_memcmp 3 , +.Xr wmemcmp 3 .Sh STANDARDS The .Fn memcmp function conforms to .St -ansiC . +.Sh HISTORY +The +.Fn memcmp +function first appeared in +.At V +and was reimplemented for +.Bx 4.3 Tahoe . diff --git a/src/lib/libc/string/memcmp.c b/src/lib/libc/string/memcmp.c index 5ce33e29987..0df2c54d2af 100644 --- a/src/lib/libc/string/memcmp.c +++ b/src/lib/libc/string/memcmp.c @@ -1,3 +1,4 @@ +/* $OpenBSD: memcmp.c,v 1.6 2015/08/31 02:53:57 guenther Exp $ */ /*- * Copyright (c) 1990 The Regents of the University of California. * All rights reserved. @@ -13,11 +14,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -34,22 +31,16 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: memcmp.c,v 1.2 1996/08/19 08:34:05 tholo Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include /* * Compare memory regions. */ int -memcmp(s1, s2, n) - const void *s1, *s2; - size_t n; +memcmp(const void *s1, const void *s2, size_t n) { if (n != 0) { - register const unsigned char *p1 = s1, *p2 = s2; + const unsigned char *p1 = s1, *p2 = s2; do { if (*p1++ != *p2++) @@ -58,3 +49,4 @@ memcmp(s1, s2, n) } return (0); } +DEF_STRONG(memcmp); diff --git a/src/lib/libc/string/memcpy.3 b/src/lib/libc/string/memcpy.3 index 030eadff20c..8df2a785b99 100644 --- a/src/lib/libc/string/memcpy.3 +++ b/src/lib/libc/string/memcpy.3 @@ -1,3 +1,5 @@ +.\" $OpenBSD: memcpy.3,v 1.10 2013/06/05 03:39:23 tedu Exp $ +.\" .\" Copyright (c) 1990, 1991 The Regents of the University of California. .\" All rights reserved. .\" @@ -13,11 +15,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -33,16 +31,14 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: memcpy.3,v 1.3 2000/04/21 15:24:19 aaron Exp $ -.\" -.Dd June 29, 1991 +.Dd $Mdocdate: June 5 2013 $ .Dt MEMCPY 3 .Os .Sh NAME .Nm memcpy -.Nd copy byte string +.Nd copy bytes .Sh SYNOPSIS -.Fd #include +.In string.h .Ft void * .Fn memcpy "void *dst" "const void *src" "size_t len" .Sh DESCRIPTION @@ -50,10 +46,13 @@ The .Fn memcpy function copies .Fa len -bytes from string +bytes from buffer .Fa src -to string +to buffer .Fa dst . +If the two buffers may overlap, +.Xr memmove 3 +must be used instead. .Sh RETURN VALUES The .Fn memcpy @@ -63,18 +62,18 @@ function returns the original value of .Xr bcopy 3 , .Xr memccpy 3 , .Xr memmove 3 , -.Xr strcpy 3 +.Xr strcpy 3 , +.Xr strlcpy 3 , +.Xr wmemcpy 3 .Sh STANDARDS The .Fn memcpy function conforms to .St -ansiC . -.Sh BUGS -In this implementation +.Sh HISTORY +The .Fn memcpy -is implemented using -.Xr bcopy 3 , -and therefore the strings may overlap. -On other systems, copying overlapping strings may produce surprises. -A simpler solution is to not use -.Fn memcpy . +function first appeared in +.At V +and was reimplemented for +.Bx 4.3 Tahoe . diff --git a/src/lib/libc/string/memcpy.c b/src/lib/libc/string/memcpy.c new file mode 100644 index 00000000000..19fddc0ab5f --- /dev/null +++ b/src/lib/libc/string/memcpy.c @@ -0,0 +1,109 @@ +/* $OpenBSD: memcpy.c,v 1.4 2017/11/29 05:13:57 guenther Exp $ */ +/*- + * Copyright (c) 1990 The Regents of the University of California. + * All rights reserved. + * + * This code is derived from software contributed to Berkeley by + * Chris Torek. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +#include +#include + +/* + * sizeof(word) MUST BE A POWER OF TWO + * SO THAT wmask BELOW IS ALL ONES + */ +typedef long word; /* "word" used for optimal copy speed */ + +#define wsize sizeof(word) +#define wmask (wsize - 1) + +static const char backwards_msg[] = ": backwards memcpy"; + +/* + * Copy a block of memory, not handling overlap. + */ +void * +memcpy(void *dst0, const void *src0, size_t length) +{ + char *dst = dst0; + const char *src = src0; + size_t t; + + if (length == 0 || dst == src) /* nothing to do */ + goto done; + + if ((dst < src && dst + length > src) || + (src < dst && src + length > dst)) { + char buf[1024]; + + /* <10> is LOG_CRIT */ + strlcpy(buf, "<10>", sizeof buf); + + /* Make sure progname does not fill the whole buffer */ + strlcat(buf, __progname, sizeof(buf) - sizeof backwards_msg); + strlcat(buf, backwards_msg, sizeof buf); + + sendsyslog(buf, strlen(buf), LOG_CONS); + abort(); + } + + /* + * Macros: loop-t-times; and loop-t-times, t>0 + */ +#define TLOOP(s) if (t) TLOOP1(s) +#define TLOOP1(s) do { s; } while (--t) + + /* + * Copy forward. + */ + t = (long)src; /* only need low bits */ + if ((t | (long)dst) & wmask) { + /* + * Try to align operands. This cannot be done + * unless the low bits match. + */ + if ((t ^ (long)dst) & wmask || length < wsize) + t = length; + else + t = wsize - (t & wmask); + length -= t; + TLOOP1(*dst++ = *src++); + } + /* + * Copy whole words, then mop up any trailing bytes. + */ + t = length / wsize; + TLOOP(*(word *)dst = *(word *)src; src += wsize; dst += wsize); + t = length & wmask; + TLOOP(*dst++ = *src++); +done: + return (dst0); +} +DEF_BUILTIN(memcpy); diff --git a/src/lib/libc/string/memmem.3 b/src/lib/libc/string/memmem.3 new file mode 100644 index 00000000000..b0b0bb966b7 --- /dev/null +++ b/src/lib/libc/string/memmem.3 @@ -0,0 +1,77 @@ +.\" $OpenBSD: memmem.3,v 1.2 2013/07/16 15:21:11 schwarze Exp $ +.\" +.\" Copyright (c) 2005 Pascal Gloor +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote +.\" products derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd $Mdocdate: July 16 2013 $ +.Dt MEMMEM 3 +.Os +.Sh NAME +.Nm memmem +.Nd locate a byte substring in a byte string +.Sh SYNOPSIS +.In string.h +.Ft "void *" +.Fo memmem +.Fa "const void *big" "size_t big_len" +.Fa "const void *little" "size_t little_len" +.Fc +.Sh DESCRIPTION +The +.Fn memmem +function +locates the first occurrence of the byte string +.Fa little +in the byte string +.Fa big . +.Sh RETURN VALUES +If +.Fa little +is zero length, +.Fa big +is returned; if +.Fa little +occurs nowhere in +.Fa big , +.Dv NULL +is returned; +otherwise a pointer to the first character of the first occurrence of +.Fa little +is returned. +.Sh SEE ALSO +.Xr memchr 3 , +.Xr strchr 3 , +.Xr strstr 3 +.Sh STANDARDS +.Fn memmem +is a GNU extension. +.Sh HISTORY +The +.Fn memmem +function first appeared in +.Ox 5.4 . +.Sh AUTHORS +.An Pascal Gloor Aq Mt pascal.gloor@spale.com diff --git a/src/lib/libc/string/memmem.c b/src/lib/libc/string/memmem.c new file mode 100644 index 00000000000..823443b08a6 --- /dev/null +++ b/src/lib/libc/string/memmem.c @@ -0,0 +1,64 @@ +/* $OpenBSD: memmem.c,v 1.4 2015/08/31 02:53:57 guenther Exp $ */ +/*- + * Copyright (c) 2005 Pascal Gloor + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include + +/* + * Find the first occurrence of the byte string s in byte string l. + */ + +void * +memmem(const void *l, size_t l_len, const void *s, size_t s_len) +{ + const char *cur, *last; + const char *cl = l; + const char *cs = s; + + /* a zero length needle should just return the haystack */ + if (s_len == 0) + return (void *)cl; + + /* "s" must be smaller or equal to "l" */ + if (l_len < s_len) + return NULL; + + /* special case where s_len == 1 */ + if (s_len == 1) + return memchr(l, *cs, l_len); + + /* the last position where its possible to find "s" in "l" */ + last = cl + l_len - s_len; + + for (cur = cl; cur <= last; cur++) + if (cur[0] == cs[0] && memcmp(cur, cs, s_len) == 0) + return (void *)cur; + + return NULL; +} +DEF_WEAK(memmem); diff --git a/src/lib/libc/string/memmove.3 b/src/lib/libc/string/memmove.3 index 026dab0f9fb..8665e4abcfb 100644 --- a/src/lib/libc/string/memmove.3 +++ b/src/lib/libc/string/memmove.3 @@ -1,3 +1,5 @@ +.\" $OpenBSD: memmove.3,v 1.9 2013/06/05 03:39:23 tedu Exp $ +.\" .\" Copyright (c) 1990, 1991 The Regents of the University of California. .\" All rights reserved. .\" @@ -13,11 +15,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -33,16 +31,14 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: memmove.3,v 1.3 2000/04/21 15:24:19 aaron Exp $ -.\" -.Dd June 29, 1991 +.Dd $Mdocdate: June 5 2013 $ .Dt MEMMOVE 3 .Os .Sh NAME .Nm memmove -.Nd copy byte string +.Nd copy bytes .Sh SYNOPSIS -.Fd #include +.In string.h .Ft void * .Fn memmove "void *dst" "const void *src" "size_t len" .Sh DESCRIPTION @@ -50,11 +46,11 @@ The .Fn memmove function copies .Fa len -bytes from string +bytes from buffer .Fa src -to string +to buffer .Fa dst . -The two strings may overlap; +The two buffers may overlap; the copy is always done in a non-destructive manner. .Sh RETURN VALUES The @@ -65,9 +61,16 @@ function returns the original value of .Xr bcopy 3 , .Xr memccpy 3 , .Xr memcpy 3 , -.Xr strcpy 3 +.Xr strcpy 3 , +.Xr strlcpy 3 , +.Xr wmemmove 3 .Sh STANDARDS The .Fn memmove function conforms to .St -ansiC . +.Sh HISTORY +The +.Fn memmove +function first appeared in +.Bx 4.3 Reno . diff --git a/src/lib/libc/string/memmove.c b/src/lib/libc/string/memmove.c new file mode 100644 index 00000000000..1cd1086ab97 --- /dev/null +++ b/src/lib/libc/string/memmove.c @@ -0,0 +1,113 @@ +/* $OpenBSD: memmove.c,v 1.3 2017/11/29 05:13:57 guenther Exp $ */ +/*- + * Copyright (c) 1990 The Regents of the University of California. + * All rights reserved. + * + * This code is derived from software contributed to Berkeley by + * Chris Torek. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include + +/* + * sizeof(word) MUST BE A POWER OF TWO + * SO THAT wmask BELOW IS ALL ONES + */ +typedef long word; /* "word" used for optimal copy speed */ + +#define wsize sizeof(word) +#define wmask (wsize - 1) + +/* + * Copy a block of memory, handling overlap. + */ +void * +memmove(void *dst0, const void *src0, size_t length) +{ + char *dst = dst0; + const char *src = src0; + size_t t; + + if (length == 0 || dst == src) /* nothing to do */ + goto done; + + /* + * Macros: loop-t-times; and loop-t-times, t>0 + */ +#define TLOOP(s) if (t) TLOOP1(s) +#define TLOOP1(s) do { s; } while (--t) + + if ((unsigned long)dst < (unsigned long)src) { + /* + * Copy forward. + */ + t = (long)src; /* only need low bits */ + if ((t | (long)dst) & wmask) { + /* + * Try to align operands. This cannot be done + * unless the low bits match. + */ + if ((t ^ (long)dst) & wmask || length < wsize) + t = length; + else + t = wsize - (t & wmask); + length -= t; + TLOOP1(*dst++ = *src++); + } + /* + * Copy whole words, then mop up any trailing bytes. + */ + t = length / wsize; + TLOOP(*(word *)dst = *(word *)src; src += wsize; dst += wsize); + t = length & wmask; + TLOOP(*dst++ = *src++); + } else { + /* + * Copy backwards. Otherwise essentially the same. + * Alignment works as before, except that it takes + * (t&wmask) bytes to align, not wsize-(t&wmask). + */ + src += length; + dst += length; + t = (long)src; + if ((t | (long)dst) & wmask) { + if ((t ^ (long)dst) & wmask || length <= wsize) + t = length; + else + t &= wmask; + length -= t; + TLOOP1(*--dst = *--src); + } + t = length / wsize; + TLOOP(src -= wsize; dst -= wsize; *(word *)dst = *(word *)src); + t = length & wmask; + TLOOP(*--dst = *--src); + } +done: + return (dst0); +} +DEF_BUILTIN(memmove); diff --git a/src/lib/libc/string/memrchr.c b/src/lib/libc/string/memrchr.c new file mode 100644 index 00000000000..e123bc1737d --- /dev/null +++ b/src/lib/libc/string/memrchr.c @@ -0,0 +1,39 @@ +/* $OpenBSD: memrchr.c,v 1.4 2019/01/25 00:19:25 millert Exp $ */ + +/* + * Copyright (c) 2007 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +/* + * Reverse memchr() + * Find the last occurrence of 'c' in the buffer 's' of size 'n'. + */ +void * +memrchr(const void *s, int c, size_t n) +{ + const unsigned char *cp; + + if (n != 0) { + cp = (unsigned char *)s + n; + do { + if (*(--cp) == (unsigned char)c) + return((void *)cp); + } while (--n != 0); + } + return(NULL); +} +DEF_WEAK(memrchr); diff --git a/src/lib/libc/string/memset.3 b/src/lib/libc/string/memset.3 index 9da14983c7c..ac5b7e90ad2 100644 --- a/src/lib/libc/string/memset.3 +++ b/src/lib/libc/string/memset.3 @@ -1,3 +1,5 @@ +.\" $OpenBSD: memset.3,v 1.8 2013/06/05 03:39:23 tedu Exp $ +.\" .\" Copyright (c) 1990, 1991 The Regents of the University of California. .\" All rights reserved. .\" @@ -13,11 +15,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -33,16 +31,14 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: memset.3,v 1.4 2000/04/21 15:24:19 aaron Exp $ -.\" -.Dd June 29, 1991 +.Dd $Mdocdate: June 5 2013 $ .Dt MEMSET 3 .Os .Sh NAME .Nm memset .Nd write a byte to byte string .Sh SYNOPSIS -.Fd #include +.In string.h .Ft void * .Fn memset "void *b" "int c" "size_t len" .Sh DESCRIPTION @@ -63,9 +59,17 @@ function returns the original value of .Fa b . .Sh SEE ALSO .Xr bzero 3 , -.Xr swab 3 +.Xr swab 3 , +.Xr wmemset 3 .Sh STANDARDS The .Fn memset function conforms to .St -ansiC . +.Sh HISTORY +The +.Fn memset +function first appeared in +.At V +and was reimplemented for +.Bx 4.3 Tahoe . diff --git a/src/lib/libc/string/memset.c b/src/lib/libc/string/memset.c index c3373a21a97..0c261f0965a 100644 --- a/src/lib/libc/string/memset.c +++ b/src/lib/libc/string/memset.c @@ -1,3 +1,4 @@ +/* $OpenBSD: memset.c,v 1.8 2017/11/29 05:13:57 guenther Exp $ */ /*- * Copyright (c) 1990 The Regents of the University of California. * All rights reserved. @@ -13,11 +14,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -34,25 +31,18 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: memset.c,v 1.2 1996/08/19 08:34:07 tholo Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include void * -memset(dst, c, n) - void *dst; - register int c; - register size_t n; +memset(void *dst, int c, size_t n) { - if (n != 0) { - register char *d = dst; + unsigned char *d = dst; do - *d++ = c; + *d++ = (unsigned char)c; while (--n != 0); } return (dst); } +DEF_BUILTIN(memset); diff --git a/src/lib/libc/string/rindex.c b/src/lib/libc/string/rindex.c deleted file mode 100644 index 7c7c94ae815..00000000000 --- a/src/lib/libc/string/rindex.c +++ /dev/null @@ -1,56 +0,0 @@ -/* - * Copyright (c) 1988 Regents of the University of California. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: rindex.c,v 1.3 2002/07/24 04:16:01 millert Exp $"; -#endif /* LIBC_SCCS and not lint */ - -#include - -char * -#ifdef STRRCHR -strrchr(const char *p, int ch) -#else -rindex(const char *p, int ch) -#endif -{ - register char *save; - - for (save = NULL;; ++p) { - if (*p == ch) - save = (char *)p; - if (!*p) - return(save); - } - /* NOTREACHED */ -} diff --git a/src/lib/libc/string/stpcpy.3 b/src/lib/libc/string/stpcpy.3 new file mode 100644 index 00000000000..973eebecdde --- /dev/null +++ b/src/lib/libc/string/stpcpy.3 @@ -0,0 +1,184 @@ +.\" $OpenBSD: stpcpy.3,v 1.6 2014/02/23 23:09:34 schwarze Exp $ +.\" +.\" Copyright (c) 1990, 1991 The Regents of the University of California. +.\" All rights reserved. +.\" +.\" This code is derived from software contributed to Berkeley by +.\" Chris Torek and the American National Standards Committee X3, +.\" on Information Processing Systems. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd $Mdocdate: February 23 2014 $ +.Dt STPCPY 3 +.Os +.Sh NAME +.Nm stpcpy , +.Nm stpncpy +.Nd copy strings +.Sh SYNOPSIS +.In string.h +.Ft char * +.Fn stpcpy "char *dst" "const char *src" +.Ft char * +.Fn stpncpy "char *dst" "const char *src" "size_t len" +.Sh DESCRIPTION +The +.Fn stpcpy +and +.Fn stpncpy +functions copy the string +.Fa src +to +.Fa dst +(including the terminating +.Ql \e0 +character). +.Pp +The +.Fn stpncpy +function copies not more than +.Fa len +characters into +.Fa dst , +appending +.Ql \e0 +characters if +.Fa src +is less than +.Fa len +characters long, and +.Em not +terminating +.Fa dst +if the length of +.Fa src +is greater than or equal to +.Fa len . +.Pp +If the +.Fa src +and +.Fa dst +strings overlap, the behavior is undefined. +.Sh RETURN VALUES +The +.Fn stpcpy +function returns a pointer to the terminating +.Ql \e0 +character written into +.Fa dst . +.Pp +The +.Fn stpncpy +function returns a pointer to the first +.Ql \e0 +character written into +.Fa dst , +or to +.Fa &dst[len] +if the length of +.Fa src +is greater than or equal to +.Fa len . +.Sh EXAMPLES +The most common use of +.Fn stpcpy +is to build up a string from multiple elements. +The following example builds up a pathname from +directory and file components using +.Fn stpcpy : +.Bd -literal -offset indent +char *dir, *file, pname[PATH_MAX]; + +\&... + +if (strlen(dir) + strlen("/") + strlen(file) >= sizeof(pname)) + goto toolong; +stpcpy(stpcpy(stpcpy(pname, dir), "/"), file); +.Ed +.Pp +However, the size check required to avoid a buffer overflow is error +prone since the check can become out of sync with the code that +performs the copy. +.Pp +One might expect that +.Fn stpncpy +could be safely used instead, but it suffers from the same defects as +.Fn strncpy . +The example below using +.Fn stpncpy +is even more prone to error and will not detect when truncation occurs: +.Bd -literal -offset indent +char *dir, *file, pname[PATH_MAX]; +char *p1, *p2; + +\&... + +p1 = stpncpy(pname, dir, sizeof(pname) - 1); +p2 = stpncpy(p1, "/", sizeof(pname) - 1 - (p1 - pname)); +stpncpy(p2, file, sizeof(pname) - 1 - (p2 - pname)); +pname[sizeof(pname) - 1] = '\e0'; +.Ed +.Pp +A safer (and simpler) approach is to use +.Fn snprintf : +.Bd -literal -offset indent +char *dir, *file, pname[PATH_MAX]; +int len; + +\&... + +len = snprintf(pname, sizeof(pname), "%s/%s", dir, file); +if (len >= sizeof(pname)) + goto toolong; +.Ed +.Pp +In most cases, it is better to use +.Fn snprintf , +.Fn strlcpy , +or +.Fn strlcat . +.Sh SEE ALSO +.Xr snprintf 3 , +.Xr strcpy 3 , +.Xr strlcpy 3 , +.Xr strncpy 3 +.Sh STANDARDS +The +.Fn stpcpy +and +.Fn stpncpy +functions conform to +.St -p1003.1-2008 . +.Sh HISTORY +The function +.Fn stpcpy +first appeared in the Lattice C AmigaDOS compiler (1986 or earlier). +The function +.Fn stpncpy +first appeared in the GNU C library version 1.07 (1993). +Both functions have been available since +.Ox 5.1 . diff --git a/src/lib/libc/string/stpcpy.c b/src/lib/libc/string/stpcpy.c new file mode 100644 index 00000000000..5a86541f080 --- /dev/null +++ b/src/lib/libc/string/stpcpy.c @@ -0,0 +1,44 @@ +/* $OpenBSD: stpcpy.c,v 1.3 2017/11/28 06:55:49 tb Exp $ */ + +/* + * Copyright (c) 1988 Regents of the University of California. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include + +#if defined(APIWARN) +__warn_references(stpcpy, + "stpcpy() is dangerous; do not use it"); +#endif + +char * +stpcpy(char *to, const char *from) +{ + for (; (*to = *from) != '\0'; ++from, ++to); + return(to); +} diff --git a/src/lib/libc/string/stpncpy.c b/src/lib/libc/string/stpncpy.c new file mode 100644 index 00000000000..6bdee5de164 --- /dev/null +++ b/src/lib/libc/string/stpncpy.c @@ -0,0 +1,57 @@ +/* $OpenBSD: stpncpy.c,v 1.3 2015/08/31 02:53:57 guenther Exp $ */ + +/*- + * Copyright (c) 1990 The Regents of the University of California. + * All rights reserved. + * + * This code is derived from software contributed to Berkeley by + * Chris Torek. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include + +char * +stpncpy(char *dst, const char *src, size_t n) +{ + if (n != 0) { + char *d = dst; + const char *s = src; + + dst = &dst[n]; + do { + if ((*d++ = *s++) == 0) { + dst = d - 1; + /* NUL pad the remaining n-1 bytes */ + while (--n != 0) + *d++ = 0; + break; + } + } while (--n != 0); + } + return (dst); +} +DEF_WEAK(stpncpy); diff --git a/src/lib/libc/string/strcasecmp.3 b/src/lib/libc/string/strcasecmp.3 index 3cfc76e36fe..bb39df895a0 100644 --- a/src/lib/libc/string/strcasecmp.3 +++ b/src/lib/libc/string/strcasecmp.3 @@ -1,7 +1,8 @@ -.\" $OpenBSD: strcasecmp.3,v 1.6 2000/04/21 15:24:19 aaron Exp $ +.\" $OpenBSD: strcasecmp.3,v 1.14 2017/09/05 03:16:13 schwarze Exp $ .\" .\" Copyright (c) 1990, 1991, 1993 .\" The Regents of the University of California. All rights reserved. +.\" Copyright (c) 2017 Ingo Schwarze .\" .\" This code is derived from software contributed to Berkeley by .\" Chris Torek. @@ -13,11 +14,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -35,30 +32,48 @@ .\" .\" @(#)strcasecmp.3 8.1 (Berkeley) 6/9/93 .\" -.Dd June 9, 1993 +.Dd $Mdocdate: September 5 2017 $ .Dt STRCASECMP 3 .Os .Sh NAME .Nm strcasecmp , -.Nm strncasecmp +.Nm strcasecmp_l , +.Nm strncasecmp , +.Nm strncasecmp_l .Nd compare strings, ignoring case .Sh SYNOPSIS -.Fd #include +.In strings.h .Ft int -.Fn strcasecmp "const char *s1" "const char *s2" +.Fo strcasecmp +.Fa "const char *s1" +.Fa "const char *s2" +.Fc .Ft int -.Fn strncasecmp "const char *s1" "const char *s2" "size_t len" +.Fo strcasecmp_l +.Fa "const char *s1" +.Fa "const char *s2" +.Fa "locale_t locale" +.Fc +.Ft int +.Fo strncasecmp +.Fa "const char *s1" +.Fa "const char *s2" +.Fa "size_t len" +.Fc +.Ft int +.Fo strncasecmp_l +.Fa "const char *s1" +.Fa "const char *s2" +.Fa "size_t len" +.Fa "locale_t locale" +.Fc .Sh DESCRIPTION -The -.Fn strcasecmp -and -.Fn strncasecmp -functions compare the null-terminated strings +These functions compare the NUL-terminated strings .Fa s1 and .Fa s2 and return an integer greater than, equal to, or less than 0, -according as +according to whether .Fa s1 is lexicographically greater than, equal to, or less than .Fa s2 @@ -70,19 +85,44 @@ is greater than .Ql \e0 . .Pp .Fn strncasecmp -compares at most +and +.Fn strncasecmp_l +compare at most .Fa len characters. +.Pp +On +.Ox , +these functions always use the C locale and ignore +the global locale, the thread-specific locale, and the +.Fa locale +argument. +.Sh ENVIRONMENT +On other operating systems, the behaviour of +.Fn strcasecmp +and +.Fn strncasecmp +may depend on the +.Dv LC_CTYPE +.Xr locale 1 . .Sh SEE ALSO -.Xr bcmp 3 , -.Xr memcmp 3 , .Xr strcmp 3 , .Xr strcoll 3 , -.Xr strxfrm 3 +.Xr strxfrm 3 , +.Xr wcscasecmp 3 +.Sh STANDARDS +These functions conform to +.St -p1003.1-2008 . .Sh HISTORY The .Fn strcasecmp and .Fn strncasecmp -functions first appeared in -.Bx 4.4 . +functions have been available since +.Bx 4.3 Tahoe , +and +.Fn strcasecmp_l +and +.Fn strncasecmp_l +since +.Ox 6.2 . diff --git a/src/lib/libc/string/strcasecmp.c b/src/lib/libc/string/strcasecmp.c index 1f487524aa7..edbd638722e 100644 --- a/src/lib/libc/string/strcasecmp.c +++ b/src/lib/libc/string/strcasecmp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: strcasecmp.c,v 1.3 1997/08/20 04:13:57 millert Exp $ */ +/* $OpenBSD: strcasecmp.c,v 1.7 2015/08/31 02:53:57 guenther Exp $ */ /* * Copyright (c) 1987, 1993 @@ -12,11 +12,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -35,14 +31,6 @@ #include -#if defined(LIBC_SCCS) && !defined(lint) -#if 0 -static char sccsid[] = "@(#)strcasecmp.c 8.1 (Berkeley) 6/4/93"; -#else -static char *rcsid = "$OpenBSD: strcasecmp.c,v 1.3 1997/08/20 04:13:57 millert Exp $"; -#endif -#endif /* LIBC_SCCS and not lint */ - typedef unsigned char u_char; /* @@ -86,28 +74,26 @@ static const u_char charmap[] = { }; int -strcasecmp(s1, s2) - const char *s1, *s2; +strcasecmp(const char *s1, const char *s2) { - register const u_char *cm = charmap, - *us1 = (const u_char *)s1, - *us2 = (const u_char *)s2; + const u_char *cm = charmap; + const u_char *us1 = (const u_char *)s1; + const u_char *us2 = (const u_char *)s2; while (cm[*us1] == cm[*us2++]) if (*us1++ == '\0') return (0); return (cm[*us1] - cm[*--us2]); } +DEF_WEAK(strcasecmp); int -strncasecmp(s1, s2, n) - const char *s1, *s2; - register size_t n; +strncasecmp(const char *s1, const char *s2, size_t n) { if (n != 0) { - register const u_char *cm = charmap, - *us1 = (const u_char *)s1, - *us2 = (const u_char *)s2; + const u_char *cm = charmap; + const u_char *us1 = (const u_char *)s1; + const u_char *us2 = (const u_char *)s2; do { if (cm[*us1] != cm[*us2++]) @@ -118,3 +104,4 @@ strncasecmp(s1, s2, n) } return (0); } +DEF_WEAK(strncasecmp); diff --git a/src/lib/libc/string/strcasecmp_l.c b/src/lib/libc/string/strcasecmp_l.c new file mode 100644 index 00000000000..a9543dda118 --- /dev/null +++ b/src/lib/libc/string/strcasecmp_l.c @@ -0,0 +1,21 @@ +/* $OpenBSD: strcasecmp_l.c,v 1.1 2017/09/05 03:16:13 schwarze Exp $ */ +/* + * Written in 2017 by Ingo Schwarze . + * Released into the public domain. + */ + +#include + +int +strcasecmp_l(const char *s1, const char *s2, + locale_t locale __attribute__((__unused__))) +{ + return strcasecmp(s1, s2); +} + +int +strncasecmp_l(const char *s1, const char *s2, size_t n, + locale_t locale __attribute__((__unused__))) +{ + return strncasecmp(s1, s2, n); +} diff --git a/src/lib/libc/string/strcasestr.c b/src/lib/libc/string/strcasestr.c new file mode 100644 index 00000000000..abb3e155491 --- /dev/null +++ b/src/lib/libc/string/strcasestr.c @@ -0,0 +1,61 @@ +/* $OpenBSD: strcasestr.c,v 1.4 2015/08/31 02:53:57 guenther Exp $ */ +/* $NetBSD: strcasestr.c,v 1.2 2005/02/09 21:35:47 kleink Exp $ */ + +/*- + * Copyright (c) 1990, 1993 + * The Regents of the University of California. All rights reserved. + * + * This code is derived from software contributed to Berkeley by + * Chris Torek. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +#include + +/* + * Find the first occurrence of find in s, ignore case. + */ +char * +strcasestr(const char *s, const char *find) +{ + char c, sc; + size_t len; + + if ((c = *find++) != 0) { + c = (char)tolower((unsigned char)c); + len = strlen(find); + do { + do { + if ((sc = *s++) == 0) + return (NULL); + } while ((char)tolower((unsigned char)sc) != c); + } while (strncasecmp(s, find, len) != 0); + s--; + } + return ((char *)s); +} +DEF_WEAK(strcasestr); diff --git a/src/lib/libc/string/strcat.3 b/src/lib/libc/string/strcat.3 index e9e5163bd36..76032c8e8f3 100644 --- a/src/lib/libc/string/strcat.3 +++ b/src/lib/libc/string/strcat.3 @@ -1,3 +1,5 @@ +.\" $OpenBSD: strcat.3,v 1.18 2016/05/26 21:30:13 millert Exp $ +.\" .\" Copyright (c) 1990, 1991 The Regents of the University of California. .\" All rights reserved. .\" @@ -13,11 +15,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -33,103 +31,48 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: strcat.3,v 1.8 2000/04/21 15:24:19 aaron Exp $ -.\" -.Dd July 8, 1997 +.Dd $Mdocdate: May 26 2016 $ .Dt STRCAT 3 .Os .Sh NAME -.Nm strcat , -.Nm strncat -.Nd concatenate strings +.Nm strcat +.Nd concatenate two strings without bounds checking .Sh SYNOPSIS -.Fd #include +.In string.h .Ft char * -.Fn strcat "char *s" "const char *append" -.Ft char * -.Fn strncat "char *s" "const char *append" "size_t count" +.Fn strcat "char *dst" "const char *append" .Sh DESCRIPTION The .Fn strcat -and -.Fn strncat -functions append a copy of the null-terminated string +function appends a copy of the NUL-terminated string .Fa append -to the end of the null-terminated string -.Fa s , -then add a terminating +to the end of the NUL-terminated string +.Fa dst , +then adds a terminating .Ql \e0 . -The string -.Fa s -must have sufficient space to hold the result. .Pp -The -.Fn strncat -function appends not more than -.Fa count -characters where space for the terminating -.Ql \e0 -should not be included in -.Fa count . +No bounds checking is performed. +If the buffer +.Fa dst +is not large enough to hold the result, +subsequent memory will be damaged. .Sh RETURN VALUES The .Fn strcat -and -.Fn strncat -functions return the pointer -.Fa s . -.Sh EXAMPLES -The following appends -.Dq Li abc -to -.Dq Li chararray : -.Bd -literal -offset indent -char *letters = "abcdefghi"; - -(void)strncat(chararray, letters, 3); -.Ed -.Pp -The following example shows how to use -.Fn strncat -safely in conjunction with -.Xr strncpy 3 . -.Bd -literal -offset indent -char buf[BUFSIZ]; -char *input, *suffix; - -(void)strncpy(buf, input, sizeof(buf) - 1); -buf[sizeof(buf) - 1] = '\e0'; -(void)strncat(buf, suffix, sizeof(buf) - 1 - strlen(buf)); -.Ed -.Pp -The above will copy as many characters from -.Dq Li input -to -.Dq Li buf -as will fit. -It then appends as many characters from suffix as will fit (or none -if there is no space). -For operations like this, the -.Xr strlcpy 3 -and -.Xr strlcat 3 -functions are a better choice, as shown below. -.Bd -literal -offset indent -(void)strlcpy(buf, input, sizeof(buf)); -(void)strlcat(buf, suffix, sizeof(buf)); -.Ed +function return the pointer +.Fa dst . .Sh SEE ALSO -.Xr bcopy 3 , -.Xr memccpy 3 , -.Xr memcpy 3 , -.Xr memmove 3 , -.Xr strcpy 3 , -.Xr strlcat 3 , -.Xr strlcpy 3 +.Xr strlcpy 3 , +.Xr wcscat 3 , +.Xr wcslcpy 3 .Sh STANDARDS The .Fn strcat -and -.Fn strncat -functions conform to +function conforms to .St -ansiC . +.Sh HISTORY +The +.Fn strcat +function first appeared in the Programmer's Workbench (PWB/UNIX) +and was ported to +.At v7 . diff --git a/src/lib/libc/string/strcat.c b/src/lib/libc/string/strcat.c index 374a2b74641..73da22f75da 100644 --- a/src/lib/libc/string/strcat.c +++ b/src/lib/libc/string/strcat.c @@ -1,3 +1,5 @@ +/* $OpenBSD: strcat.c,v 1.10 2017/11/28 06:55:49 tb Exp $ */ + /* * Copyright (c) 1988 Regents of the University of California. * All rights reserved. @@ -10,11 +12,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -31,20 +29,15 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: strcat.c,v 1.4 1996/08/19 08:34:10 tholo Exp $"; -#endif /* LIBC_SCCS and not lint */ - -#ifndef _KERNEL #include -#else -#include + +#if defined(APIWARN) +__warn_references(strcat, + "strcat() is almost always misused, please use strlcat()"); #endif char * -strcat(s, append) - register char *s; - register const char *append; +strcat(char *s, const char *append) { char *save = s; diff --git a/src/lib/libc/string/strchr.3 b/src/lib/libc/string/strchr.3 index 1333a305d66..07e7f29f5bb 100644 --- a/src/lib/libc/string/strchr.3 +++ b/src/lib/libc/string/strchr.3 @@ -1,3 +1,5 @@ +.\" $OpenBSD: strchr.3,v 1.13 2018/10/01 06:37:37 martijn Exp $ +.\" .\" Copyright (c) 1990, 1991 The Regents of the University of California. .\" All rights reserved. .\" @@ -13,11 +15,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -33,9 +31,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: strchr.3,v 1.7 2000/04/21 15:24:19 aaron Exp $ -.\" -.Dd June 29, 1991 +.Dd $Mdocdate: October 1 2018 $ .Dt STRCHR 3 .Os .Sh NAME @@ -43,9 +39,10 @@ .Nm index .Nd locate first occurrence of a character in a string .Sh SYNOPSIS -.Fd #include +.In string.h .Ft char * .Fn strchr "const char *s" "int c" +.In strings.h .Ft char * .Fn index "const char *s" "int c" .Sh DESCRIPTION @@ -53,6 +50,7 @@ The .Fn strchr function locates the first occurrence of the character .Fa c +.Pq converted to a char in the string .Fa s . The terminating NUL character is considered part of the string. @@ -94,7 +92,8 @@ p = strchr(s, 'o'); .Xr strsep 3 , .Xr strspn 3 , .Xr strstr 3 , -.Xr strtok 3 +.Xr strtok 3 , +.Xr wcschr 3 .Sh STANDARDS The .Fn strchr @@ -104,3 +103,14 @@ function conforms to The .Fn index function is deprecated and shouldn't be used in new code. +.Sh HISTORY +The +.Fn index +function first appeared in +.At v7 . +The +.Fn strchr +function first appeared in +.At III +and was reimplemented for +.Bx 4.3 Tahoe . diff --git a/src/lib/libc/string/strchr.c b/src/lib/libc/string/strchr.c new file mode 100644 index 00000000000..8bfa7ac3aa0 --- /dev/null +++ b/src/lib/libc/string/strchr.c @@ -0,0 +1,46 @@ +/* $OpenBSD: strchr.c,v 1.4 2018/10/01 06:37:37 martijn Exp $ */ +/*- + * Copyright (c) 1990 The Regents of the University of California. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include + +__weak_alias(index, strchr); + +char * +strchr(const char *p, int ch) +{ + for (;; ++p) { + if (*p == (char) ch) + return((char *)p); + if (!*p) + return((char *)NULL); + } + /* NOTREACHED */ +} +DEF_STRONG(strchr); diff --git a/src/lib/libc/string/strcmp.3 b/src/lib/libc/string/strcmp.3 index c1173a423a7..63dc7fed2d0 100644 --- a/src/lib/libc/string/strcmp.3 +++ b/src/lib/libc/string/strcmp.3 @@ -1,3 +1,5 @@ +.\" $OpenBSD: strcmp.3,v 1.14 2013/07/17 05:42:11 schwarze Exp $ +.\" .\" Copyright (c) 1990, 1991 The Regents of the University of California. .\" All rights reserved. .\" @@ -13,11 +15,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -33,9 +31,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: strcmp.3,v 1.5 2000/04/21 15:24:19 aaron Exp $ -.\" -.Dd June 29, 1991 +.Dd $Mdocdate: July 17 2013 $ .Dt STRCMP 3 .Os .Sh NAME @@ -43,7 +39,7 @@ .Nm strncmp .Nd compare strings .Sh SYNOPSIS -.Fd #include +.In string.h .Ft int .Fn strcmp "const char *s1" "const char *s2" .Ft int @@ -53,17 +49,22 @@ The .Fn strcmp and .Fn strncmp -functions lexicographically compare the null-terminated strings +functions lexicographically compare the NUL-terminated strings .Fa s1 and .Fa s2 . +The +.Fn strncmp +function compares at most +.Fa len +characters. .Sh RETURN VALUES The .Fn strcmp and .Fn strncmp -return an integer greater than, equal to, or less than 0, according -as the string +functions return an integer greater than, equal to, or less than 0, according +to whether the string .Fa s1 is greater than, equal to, or less than the string .Fa s2 . @@ -71,17 +72,13 @@ The comparison is done using unsigned characters, so that .Ql \e200 is greater than .Ql \e0 . -.Pp -.Fn strncmp -compares at most -.Fa len -characters. .Sh SEE ALSO .Xr bcmp 3 , .Xr memcmp 3 , .Xr strcasecmp 3 , .Xr strcoll 3 , -.Xr strxfrm 3 +.Xr strxfrm 3 , +.Xr wcscmp 3 .Sh STANDARDS The .Fn strcmp @@ -89,3 +86,12 @@ and .Fn strncmp functions conform to .St -ansiC . +.Sh HISTORY +The +.Fn strcmp +function first appeared in the Programmer's Workbench (PWB/UNIX) +and was ported to +.At v7 ; +.Fn strncmp +first appeared in +.At v7 . diff --git a/src/lib/libc/string/strcmp.c b/src/lib/libc/string/strcmp.c index 9a5b208323a..be175563d47 100644 --- a/src/lib/libc/string/strcmp.c +++ b/src/lib/libc/string/strcmp.c @@ -1,3 +1,5 @@ +/* $OpenBSD: strcmp.c,v 1.9 2015/08/31 02:53:57 guenther Exp $ */ + /*- * Copyright (c) 1990 The Regents of the University of California. * All rights reserved. @@ -13,11 +15,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -34,25 +32,17 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: strcmp.c,v 1.3 1996/08/19 08:34:12 tholo Exp $"; -#endif /* LIBC_SCCS and not lint */ - -#ifndef _KERNEL #include -#else -#include -#endif /* * Compare strings. */ int -strcmp(s1, s2) - register const char *s1, *s2; +strcmp(const char *s1, const char *s2) { while (*s1 == *s2++) if (*s1++ == 0) return (0); return (*(unsigned char *)s1 - *(unsigned char *)--s2); } +DEF_STRONG(strcmp); diff --git a/src/lib/libc/string/strcoll.3 b/src/lib/libc/string/strcoll.3 index 5d3e44ee966..9daa6cd93ff 100644 --- a/src/lib/libc/string/strcoll.3 +++ b/src/lib/libc/string/strcoll.3 @@ -1,4 +1,7 @@ +.\" $OpenBSD: strcoll.3,v 1.11 2019/01/18 07:43:36 schwarze Exp $ +.\" .\" Copyright (c) 1990, 1991 The Regents of the University of California. +.\" Copyright (c) 2017 Ingo Schwarze .\" All rights reserved. .\" .\" This code is derived from software contributed to Berkeley by @@ -13,11 +16,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -33,40 +32,72 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: strcoll.3,v 1.3 2000/04/21 15:24:19 aaron Exp $ -.\" -.Dd June 29, 1991 +.Dd $Mdocdate: January 18 2019 $ .Dt STRCOLL 3 .Os .Sh NAME -.Nm strcoll +.Nm strcoll , +.Nm strcoll_l .Nd compare strings according to current collation .Sh SYNOPSIS -.Fd #include +.In string.h .Ft int .Fn strcoll "const char *s1" "const char *s2" +.Ft int +.Fn strcoll_l "const char *s1" "const char *s2" "locale_t locale" .Sh DESCRIPTION The .Fn strcoll -function lexicographically compares the null-terminated strings +and +.Fn strcoll_l +functions lexicographically compare the NUL-terminated strings .Fa s1 and .Fa s2 according to the current locale collation -and returns an integer greater than, equal to, or less than 0, -according as +and return an integer greater than, equal to, or less than 0, +according to whether .Fa s1 is greater than, equal to, or less than .Fa s2 . +.Pp +On +.Ox , +they have the same effect as +.Xr strcmp 3 , +and the global locale, the thread-specific locale, and the +.Fa locale +argument are ignored. +On other operating systems, results may depend on the +.Dv LC_CTYPE +and +.Dv LC_COLLATE +locale categories set with +.Xr setlocale 3 , +.Xr uselocale 3 , +or +.Xr newlocale 3 . .Sh SEE ALSO -.Xr bcmp 3 , -.Xr memcmp 3 , +.Xr newlocale 3 , .Xr setlocale 3 , -.Xr strcasecmp 3 , .Xr strcmp 3 , -.Xr strxfrm 3 +.Xr strxfrm 3 , +.Xr wcscoll 3 .Sh STANDARDS The .Fn strcoll function conforms to -.St -ansiC . +.St -ansiC , +and +.Fn strcoll_l +to +.St -p1003.1-2008 . +.Sh HISTORY +The +.Fn strcoll +function has been available since +.Bx 4.3 Reno , +and +.Fn strcoll_l +since +.Ox 6.2 . diff --git a/src/lib/libc/string/strcoll.c b/src/lib/libc/string/strcoll.c index dca0b10d25e..47a6ea4f24e 100644 --- a/src/lib/libc/string/strcoll.c +++ b/src/lib/libc/string/strcoll.c @@ -1,3 +1,4 @@ +/* $OpenBSD: strcoll.c,v 1.6 2015/08/31 02:53:57 guenther Exp $ */ /*- * Copyright (c) 1990 The Regents of the University of California. * All rights reserved. @@ -13,11 +14,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -34,19 +31,15 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: strcoll.c,v 1.2 1996/08/19 08:34:13 tholo Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include /* * Compare strings according to LC_COLLATE category of current locale. */ int -strcoll(s1, s2) - const char *s1, *s2; +strcoll(const char *s1, const char *s2) { /* LC_COLLATE is unimplemented, hence always "C" */ return (strcmp(s1, s2)); } +DEF_STRONG(strcoll); diff --git a/src/lib/libc/string/strcoll_l.c b/src/lib/libc/string/strcoll_l.c new file mode 100644 index 00000000000..bcd5b0f4177 --- /dev/null +++ b/src/lib/libc/string/strcoll_l.c @@ -0,0 +1,14 @@ +/* $OpenBSD: strcoll_l.c,v 1.1 2017/09/05 03:16:13 schwarze Exp $ */ +/* + * Written in 2017 by Ingo Schwarze . + * Released into the public domain. + */ + +#include + +int +strcoll_l(const char *s1, const char *s2, + locale_t locale __attribute__((__unused__))) +{ + return strcmp(s1, s2); +} diff --git a/src/lib/libc/string/strcpy.3 b/src/lib/libc/string/strcpy.3 index d3c095916ba..7174f7c963c 100644 --- a/src/lib/libc/string/strcpy.3 +++ b/src/lib/libc/string/strcpy.3 @@ -1,3 +1,5 @@ +.\" $OpenBSD: strcpy.3,v 1.21 2014/04/19 11:30:40 deraadt Exp $ +.\" .\" Copyright (c) 1990, 1991 The Regents of the University of California. .\" All rights reserved. .\" @@ -13,11 +15,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -33,122 +31,54 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: strcpy.3,v 1.11 2002/05/13 17:04:43 millert Exp $ -.\" -.Dd June 29, 1991 +.Dd $Mdocdate: April 19 2014 $ .Dt STRCPY 3 .Os .Sh NAME -.Nm strcpy , -.Nm strncpy -.Nd copy strings +.Nm strcpy +.Nd copy a string without bounds checking .Sh SYNOPSIS -.Fd #include +.In string.h .Ft char * .Fn strcpy "char *dst" "const char *src" -.Ft char * -.Fn strncpy "char *dst" "const char *src" "size_t len" .Sh DESCRIPTION The .Fn strcpy -and -.Fn strncpy -functions copy the string +function copies the string .Fa src -to -.Fa dst (including the terminating .Ql \e0 -character). +character) to the buffer +.Fa dst . .Pp -.Fn strncpy -copies not more than -.Fa len -characters into -.Fa dst , -appending -.Ql \e0 -characters if -.Fa src -is less than -.Fa len -characters long, and -.Em not -terminating +No bounds checking is performed. +If the buffer .Fa dst -if the length of +is not large enough to hold the result, +subsequent memory will be damaged. +.Pp +If the .Fa src -is greater than or equal to -.Fa len . +string is inside the +.Fa dst +buffer, the behavior is undefined. .Sh RETURN VALUES The .Fn strcpy -and -.Fn strncpy -functions return +function returns .Fa dst . -.Sh EXAMPLES -The following sets -.Va chararray -to -.Dq abc\e0\e0\e0 : -.Bd -literal -offset indent -(void)strncpy(chararray, "abc", 6); -.Ed -.Pp -The following sets -.Va chararray -to -.Dq abcdef -and does -.Em not -null terminate -.Va chararray -because the source string is >= the length parameter. -.Fn strncpy -.Em only -null terminates the destination string when the length of the source -string is less than the length parameter. -.Bd -literal -offset indent -(void)strncpy(chararray, "abcdefgh", 6); -.Ed -.Pp -The following copies as many characters from -.Va input -to -.Va buf -as will fit and null terminates the result. -Because -.Fn strncpy -does -.Em not -guarantee to null terminate the string itself, we must do this by hand. -.Bd -literal -offset indent -char buf[BUFSIZ]; - -(void)strncpy(buf, input, sizeof(buf) - 1); -buf[sizeof(buf) - 1] = '\e0'; -.Ed -.Pp -Note that -.Xr strlcpy 3 -is a better choice for this kind of operation. -The equivalent using -.Xr strlcpy 3 -is simply: -.Bd -literal -offset indent -(void)strlcpy(buf, input, sizeof(buf)); -.Ed .Sh SEE ALSO -.Xr bcopy 3 , -.Xr memccpy 3 , -.Xr memcpy 3 , -.Xr memmove 3 , -.Xr strlcpy 3 +.Xr strlcpy 3 , +.Xr wcscpy 3 , +.Xr wcslcpy 3 .Sh STANDARDS The .Fn strcpy -and -.Fn strncpy -functions conform to +function conforms to .St -ansiC . +.Sh HISTORY +The +.Fn strcpy +function first appeared in the Programmer's Workbench (PWB/UNIX) +and was ported to +.At v7 . diff --git a/src/lib/libc/string/strcpy.c b/src/lib/libc/string/strcpy.c index 76b063fc109..290eefeabf5 100644 --- a/src/lib/libc/string/strcpy.c +++ b/src/lib/libc/string/strcpy.c @@ -1,3 +1,5 @@ +/* $OpenBSD: strcpy.c,v 1.10 2017/11/28 06:55:49 tb Exp $ */ + /* * Copyright (c) 1988 Regents of the University of California. * All rights reserved. @@ -10,11 +12,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -31,20 +29,15 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: strcpy.c,v 1.4 1996/08/19 08:34:14 tholo Exp $"; -#endif /* LIBC_SCCS and not lint */ - -#ifndef _KERNEL #include -#else -#include + +#if defined(APIWARN) +__warn_references(strcpy, + "strcpy() is almost always misused, please use strlcpy()"); #endif char * -strcpy(to, from) - register char *to; - register const char *from; +strcpy(char *to, const char *from) { char *save = to; diff --git a/src/lib/libc/string/strcspn.3 b/src/lib/libc/string/strcspn.3 index 37e8f163f18..07eb9ca26fe 100644 --- a/src/lib/libc/string/strcspn.3 +++ b/src/lib/libc/string/strcspn.3 @@ -1,3 +1,5 @@ +.\" $OpenBSD: strcspn.3,v 1.11 2013/06/05 03:39:23 tedu Exp $ +.\" .\" Copyright (c) 1990, 1991 The Regents of the University of California. .\" All rights reserved. .\" @@ -13,11 +15,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -33,22 +31,20 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: strcspn.3,v 1.5 2000/04/21 15:24:20 aaron Exp $ -.\" -.Dd June 29, 1991 +.Dd $Mdocdate: June 5 2013 $ .Dt STRCSPN 3 .Os .Sh NAME .Nm strcspn .Nd span the complement of a string .Sh SYNOPSIS -.Fd #include +.In string.h .Ft size_t .Fn strcspn "const char *s" "const char *charset" .Sh DESCRIPTION The .Fn strcspn -function spans the initial part of the null-terminated string +function spans the initial part of the NUL-terminated string .Fa s as long as the characters from .Fa s @@ -76,6 +72,18 @@ size_t span; span = strcspn(s, charset); .Ed +.Pp +The following removes the first (if any) newline character from string +.Fa line . +This is useful for trimming the newline after a +.Xr fgets 3 +call. +.Bd -literal -offset indent +char line[BUFSIZ]; + +if (fgets(line, sizeof(line), fp) != NULL) + line[strcspn(line, "\en")] = '\e0'; +.Ed .Sh SEE ALSO .Xr memchr 3 , .Xr strchr 3 , @@ -84,9 +92,17 @@ span = strcspn(s, charset); .Xr strsep 3 , .Xr strspn 3 , .Xr strstr 3 , -.Xr strtok 3 +.Xr strtok 3 , +.Xr wcscspn 3 .Sh STANDARDS The .Fn strcspn function conforms to .St -ansiC . +.Sh HISTORY +The +.Fn strcspn +function first appeared in +.At III +and was reimplemented for +.Bx 4.3 Tahoe . diff --git a/src/lib/libc/string/strcspn.c b/src/lib/libc/string/strcspn.c index f7261564a7b..3c1f5a4ceca 100644 --- a/src/lib/libc/string/strcspn.c +++ b/src/lib/libc/string/strcspn.c @@ -1,3 +1,4 @@ +/* $OpenBSD: strcspn.c,v 1.6 2015/08/31 02:53:57 guenther Exp $ */ /*- * Copyright (c) 1990 The Regents of the University of California. * All rights reserved. @@ -13,11 +14,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -34,22 +31,16 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: strcspn.c,v 1.2 1996/08/19 08:34:15 tholo Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include /* * Span the complement of string s2. */ size_t -strcspn(s1, s2) - const char *s1; - register const char *s2; +strcspn(const char *s1, const char *s2) { - register const char *p, *spanp; - register char c, sc; + const char *p, *spanp; + char c, sc; /* * Stop as soon as we find any character from s2. Note that there @@ -65,3 +56,4 @@ strcspn(s1, s2) } /* NOTREACHED */ } +DEF_STRONG(strcspn); diff --git a/src/lib/libc/string/strdup.3 b/src/lib/libc/string/strdup.3 index 9c154c7d70f..283f3bc0ea1 100644 --- a/src/lib/libc/string/strdup.3 +++ b/src/lib/libc/string/strdup.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: strdup.3,v 1.10 2000/04/21 15:32:15 aaron Exp $ +.\" $OpenBSD: strdup.3,v 1.22 2015/12/01 01:32:48 mmcc Exp $ .\" .\" Copyright (c) 1990, 1991, 1993 .\" The Regents of the University of California. All rights reserved. @@ -11,11 +11,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -33,16 +29,19 @@ .\" .\" @(#)strdup.3 8.1 (Berkeley) 6/9/93 .\" -.Dd June 9, 1993 +.Dd $Mdocdate: December 1 2015 $ .Dt STRDUP 3 .Os .Sh NAME -.Nm strdup +.Nm strdup , +.Nm strndup .Nd save a copy of a string .Sh SYNOPSIS -.Fd #include +.In string.h .Ft char * .Fn strdup "const char *s" +.Ft char * +.Fn strndup "const char *s" "size_t maxlen" .Sh DESCRIPTION The .Fn strdup @@ -52,26 +51,37 @@ does the copy, and returns a pointer to it. The pointer may subsequently be used as an argument to the function .Xr free 3 . .Pp -If insufficient memory is available, +The +.Fn strndup +function behaves similarly to +.Nm strdup +but only copies up to +.Fa maxlen +characters from +.Fa s . +The resulting string is always NUL-terminated. +.Pp +If the memory allocation fails, .Dv NULL is returned. .Sh EXAMPLES The following will point .Va p -to an allocated area of memory containing the null-terminated string +to an allocated area of memory containing the NUL-terminated string .Qq foobar : .Bd -literal -offset indent char *p; -if ((p = strdup("foobar")) == NULL) { - fprintf(stderr, "Out of memory.\en"); - exit(1); -} +p = strdup("foobar"); +if (p == NULL) + err(1, NULL); .Ed .Sh ERRORS The .Fn strdup -function may fail and set the external variable +and +.Fn strndup +functions may fail and set the external variable .Va errno for any of the errors specified for the library function .Xr malloc 3 . @@ -79,9 +89,31 @@ for any of the errors specified for the library function .Xr free 3 , .Xr malloc 3 , .Xr strcpy 3 , -.Xr strlen 3 -.Sh HISTORY +.Xr strlcpy 3 , +.Xr strlen 3 , +.Xr wcsdup 3 +.Sh STANDARDS The .Fn strdup -function first appeared in -.Bx 4.4 . +and +.Fn strndup +functions conform to +.St -p1003.1-2008 . +.Sh HISTORY +A +.Fn strdup +macro was first used in the +.Bx 4.1c +debugger, +.Sy dbx . +It was rewritten as a C function for the +.Bx 4.3 +.Xr inetd 8 +and first appeared in the C library of +.Bx 4.3 Reno . +The +.Fn strndup +function appeared in glibc 2.0, was reimplemented for +.Nx 4.0 , +and ported to +.Ox 4.8 . diff --git a/src/lib/libc/string/strdup.c b/src/lib/libc/string/strdup.c index be7f7ad0946..9aebf399c14 100644 --- a/src/lib/libc/string/strdup.c +++ b/src/lib/libc/string/strdup.c @@ -1,4 +1,4 @@ -/* $OpenBSD: strdup.c,v 1.3 1997/08/20 04:18:52 millert Exp $ */ +/* $OpenBSD: strdup.c,v 1.7 2015/08/31 02:53:57 guenther Exp $ */ /* * Copyright (c) 1988, 1993 @@ -12,11 +12,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -33,14 +29,6 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -#if 0 -static char sccsid[] = "@(#)strdup.c 8.1 (Berkeley) 6/4/93"; -#else -static char *rcsid = "$OpenBSD: strdup.c,v 1.3 1997/08/20 04:18:52 millert Exp $"; -#endif -#endif /* LIBC_SCCS and not lint */ - #include #include @@ -48,8 +36,7 @@ static char *rcsid = "$OpenBSD: strdup.c,v 1.3 1997/08/20 04:18:52 millert Exp $ #include char * -strdup(str) - const char *str; +strdup(const char *str) { size_t siz; char *copy; @@ -60,3 +47,4 @@ strdup(str) (void)memcpy(copy, str, siz); return(copy); } +DEF_WEAK(strdup); diff --git a/src/lib/libc/string/strerror.3 b/src/lib/libc/string/strerror.3 index 11bacd313e9..0d4f084e5e0 100644 --- a/src/lib/libc/string/strerror.3 +++ b/src/lib/libc/string/strerror.3 @@ -1,4 +1,7 @@ +.\" $OpenBSD: strerror.3,v 1.15 2017/09/05 03:16:13 schwarze Exp $ +.\" .\" Copyright (c) 1980, 1991 Regents of the University of California. +.\" Copyright (c) 2017 Ingo Schwarze .\" All rights reserved. .\" .\" This code is derived from software contributed to Berkeley by @@ -13,11 +16,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -33,37 +32,121 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: strerror.3,v 1.4 2000/10/23 19:14:41 aaron Exp $ -.\" -.Dd June 29, 1991 +.Dd $Mdocdate: September 5 2017 $ .Dt STRERROR 3 .Os .Sh NAME -.Nm strerror +.Nm strerror , +.Nm strerror_l , +.Nm strerror_r .Nd get error message string .Sh SYNOPSIS -.Fd #include +.In string.h .Ft char * .Fn strerror "int errnum" +.Ft char * +.Fn strerror_l "int errnum" "locale_t locale" +.Ft int +.Fn strerror_r "int errnum" "char *strerrbuf" "size_t buflen" .Sh DESCRIPTION -The +These functions map the error number +.Fa errnum +to an error message string. +.Pp .Fn strerror -function returns a pointer to the language-dependent error message -string affiliated with the specified error number -.Fa errnum . -The returned string contains a maximum of +and +.Fn strerror_l +return a string containing a maximum of .Dv NL_TEXTMAX characters, including the trailing NUL. +This string is not to be modified by the calling program. +The string returned by +.Fn strerror +may be overwritten by subsequent calls to +.Fn strerror +in any thread. +The string returned by +.Fn strerror_l +may be overwritten by subsequent calls to +.Fn strerror_l +in the same thread. +.Pp +.Fn strerror_r +is a thread safe version of +.Fn strerror +that places the error message in the specified buffer +.Fa strerrbuf . +.Pp +On +.Ox , +the global locale, the thread-specific locale, and the +.Fa locale +argument are ignored. +.Sh RETURN VALUES +.Fn strerror +and +.Fn strerror_l +return a pointer to the error message string. +If an error occurs, the error code is stored in +.Va errno . .Pp -The array pointed to is not to be modified by the program, but may be -overwritten by subsequent calls to -.Fn strerror . +.Fn strerror_r +returns zero upon successful completion. +If an error occurs, the error code is stored in +.Va errno +and the error code is returned. +.Sh ENVIRONMENT +On other operating systems, the behaviour of +.Fn strerror +and +.Fn strerror_r +may depend on the +.Dv LC_MESSAGES +.Xr locale 1 . +.Sh ERRORS +All these functions may fail if: +.Bl -tag -width Er +.It Bq Er EINVAL +.Fa errnum +is not a valid error number. +The returned error string will consist of an error message that includes +.Fa errnum . +.El +.Pp +.Fn strerror_r +may also fail if: +.Bl -tag -width Er +.It Bq Er ERANGE +The error message is larger than +.Fa buflen +characters. +The message will be truncated to fit. +.El .Sh SEE ALSO .Xr intro 2 , +.Xr newlocale 3 , .Xr perror 3 , .Xr setlocale 3 .Sh STANDARDS The .Fn strerror function conforms to -.St -ansiC . +.St -isoC-99 . +The +.Fn strerror_l +and +.Fn strerror_r +functions conform to +.St -p1003.1-2008 . +.Sh HISTORY +The +.Fn strerror +function has been available since +.Bx 4.3 Reno , +.Fn strerror_r +since +.Ox 3.3 , +and +.Fn strerror_l +since +.Ox 6.2 . diff --git a/src/lib/libc/string/strerror.c b/src/lib/libc/string/strerror.c index b884a67df39..c6f05446fd9 100644 --- a/src/lib/libc/string/strerror.c +++ b/src/lib/libc/string/strerror.c @@ -1,3 +1,4 @@ +/* $OpenBSD: strerror.c,v 1.8 2015/08/31 02:53:57 guenther Exp $ */ /* * Copyright (c) 1988 Regents of the University of California. * All rights reserved. @@ -10,11 +11,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -31,25 +28,15 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: strerror.c,v 1.3 2002/02/16 21:27:24 millert Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include #include -/* - * Since perror() is not allowed to change the contents of strerror()'s - * static buffer, both functions supply their own buffers to the - * internal function __strerror(). - */ - -extern char *__strerror(int, char *); - char * -strerror(num) - int num; +strerror(int num) { static char buf[NL_TEXTMAX]; - return __strerror(num, buf); + + (void)strerror_r(num, buf, sizeof(buf)); + return (buf); } +DEF_STRONG(strerror); diff --git a/src/lib/libc/string/strerror_l.c b/src/lib/libc/string/strerror_l.c new file mode 100644 index 00000000000..c16be7a0cc2 --- /dev/null +++ b/src/lib/libc/string/strerror_l.c @@ -0,0 +1,33 @@ +/* $OpenBSD: strerror_l.c,v 1.1 2017/09/05 03:16:13 schwarze Exp $ */ +/* + * Copyright (c) 2017 Ingo Schwarze + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include + +#include "thread_private.h" + +char * +strerror_l(int errnum, locale_t locale) +{ + static char sel_buf[NL_TEXTMAX]; + _THREAD_PRIVATE_KEY(strerror_l); + char *p = _THREAD_PRIVATE(strerror_l, sel_buf, NULL); + + return p == NULL ? "no buffer available in strerror_l" : + strerror_r(errnum, p, sizeof(sel_buf)) ? + "strerror_r failure" : p; +} diff --git a/src/lib/libc/string/strerror_r.c b/src/lib/libc/string/strerror_r.c new file mode 100644 index 00000000000..b45dee12d8a --- /dev/null +++ b/src/lib/libc/string/strerror_r.c @@ -0,0 +1,107 @@ +/* $OpenBSD: strerror_r.c,v 1.13 2016/10/19 16:26:16 bluhm Exp $ */ +/* Public Domain */ + +#include +#include +#include +#include + +static size_t +__digits10(unsigned int num) +{ + size_t i = 0; + + do { + num /= 10; + i++; + } while (num != 0); + + return i; +} + +static int +__itoa(int num, int sign, char *buffer, size_t start, size_t end) +{ + size_t pos; + unsigned int a; + int neg; + + if (sign && num < 0) { + a = -num; + neg = 1; + } + else { + a = num; + neg = 0; + } + + pos = start + __digits10(a); + if (neg) + pos++; + + if (pos < end) + buffer[pos] = '\0'; + else + return ERANGE; + pos--; + do { + buffer[pos] = (a % 10) + '0'; + pos--; + a /= 10; + } while (a != 0); + if (neg) + buffer[pos] = '-'; + return 0; +} + + +static int +__num2string(int num, int sign, int setid, char *buf, size_t buflen, + const char * const list[], size_t max, const char *def) +{ + int ret = 0; + size_t len; + + if (0 <= num && num < max) { + len = strlcpy(buf, list[num], buflen); + if (len >= buflen) + ret = ERANGE; + } else { + len = strlcpy(buf, def, buflen); + if (len >= buflen) + ret = ERANGE; + else { + ret = __itoa(num, sign, buf, len, buflen); + if (ret == 0) + ret = EINVAL; + } + } + + return ret; +} + +#define UPREFIX "Unknown error: " + +int +strerror_r(int errnum, char *strerrbuf, size_t buflen) +{ + int ret_errno; + + ret_errno = __num2string(errnum, 1, 1, strerrbuf, buflen, + sys_errlist, sys_nerr, UPREFIX); + + if (ret_errno) + errno = ret_errno; + return (ret_errno); +} +DEF_WEAK(strerror_r); + +#define USIGPREFIX "Unknown signal: " + +char * +__strsignal(int num, char *buf) +{ + __num2string(num, 0, 2, buf, NL_TEXTMAX, sys_siglist, NSIG, + USIGPREFIX); + return buf; +} diff --git a/src/lib/libc/string/string.3 b/src/lib/libc/string/string.3 deleted file mode 100644 index 7a67b96b53a..00000000000 --- a/src/lib/libc/string/string.3 +++ /dev/null @@ -1,161 +0,0 @@ -.\" Copyright (c) 1990, 1991 The Regents of the University of California. -.\" All rights reserved. -.\" -.\" This code is derived from software contributed to Berkeley by -.\" Chris Torek. -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors -.\" may be used to endorse or promote products derived from this software -.\" without specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" $OpenBSD: string.3,v 1.8 2000/04/21 15:24:20 aaron Exp $ -.\" -.Dd April 19, 1991 -.Dt STRING 3 -.Os -.Sh NAME -.Nm strcat , -.Nm strlcat , -.Nm strncat , -.Nm strchr , -.Nm strrchr , -.Nm strcmp , -.Nm strncmp , -.Nm strcasecmp , -.Nm strncasecmp , -.Nm strcpy , -.Nm strlcpy , -.Nm strncpy , -.Nm strerror , -.Nm strlen , -.Nm strpbrk , -.Nm strsep , -.Nm strspn , -.Nm strcspn , -.Nm strstr , -.Nm strtok , -.Nm index , -.Nm rindex -.Nd string specific functions -.Sh SYNOPSIS -.Fd #include -.Ft char * -.Fn strcat "char *s" "const char *append" -.Ft char * -.Fn strlcat "char *s" "const char *append" "size_t size" -.Ft char * -.Fn strncat "char *s" "const char *append" "size_t count" -.Ft char * -.Fn strchr "const char *s" "int c" -.Ft char * -.Fn strrchr "const char *s" "int c" -.Ft int -.Fn strcmp "const char *s1" "const char *s2" -.Ft int -.Fn strncmp "const char *s1" "const char *s2" "size_t count" -.Ft int -.Fn strcasecmp "const char *s1" "const char *s2" -.Ft int -.Fn strncasecmp "const char *s1" "const char *s2" "size_t count" -.Ft char * -.Fn strcpy "char *dst" "const char *src" -.Ft char * -.Fn strlcpy "char *dst" "const char *src" "size_t size" -.Ft char * -.Fn strncpy "char *dst" "const char *src" "size_t count" -.Ft char * -.Fn strerror "int errno" -.Ft size_t -.Fn strlen "const char *s" -.Ft char * -.Fn strpbrk "const char *s" "const char *charset" -.Ft char * -.Fn strsep "char **stringp" "const char *delim" -.Ft size_t -.Fn strspn "const char *s" "const char *charset" -.Ft size_t -.Fn strcspn "const char *s" "const char *charset" -.Ft char * -.Fn strstr "const char *big" "const char *little" -.Ft char * -.Fn strtok "char *s" "const char *delim" -.Ft char * -.Fn index "const char *s" "int c" -.Ft char * -.Fn rindex "const char *s" "int c" -.Sh DESCRIPTION -The string functions -manipulate strings terminated by a -null byte. -.Pp -See the specific manual pages for more information. -For manipulating variable length generic objects as byte -strings (without the null byte check), see -.Xr bstring 3 . -.Pp -Except as noted in their specific manual pages, -the string functions do not test the destination -for size limitations. -.Sh SEE ALSO -.Xr bstring 3 , -.Xr index 3 , -.Xr rindex 3 , -.Xr strcasecmp 3 , -.Xr strcat 3 , -.Xr strchr 3 , -.Xr strcmp 3 , -.Xr strcpy 3 , -.Xr strcspn 3 , -.Xr strerror 3 , -.Xr strlcat 3 , -.Xr strlcpy 3 , -.Xr strlen 3 , -.Xr strpbrk 3 , -.Xr strrchr 3 , -.Xr strsep 3 , -.Xr strspn 3 , -.Xr strstr 3 , -.Xr strtok 3 -.Sh STANDARDS -The -.Fn strcat , -.Fn strncat , -.Fn strchr , -.Fn strrchr , -.Fn strcmp , -.Fn strncmp , -.Fn strcpy , -.Fn strncpy , -.Fn strerror , -.Fn strlen , -.Fn strpbrk , -.Fn strspn , -.Fn strcspn , -.Fn strstr , -and -.Fn strtok -functions conform to -.St -ansiC . diff --git a/src/lib/libc/string/strlcat.c b/src/lib/libc/string/strlcat.c index b3096481554..aa3db7ab378 100644 --- a/src/lib/libc/string/strlcat.c +++ b/src/lib/libc/string/strlcat.c @@ -1,73 +1,56 @@ -/* $OpenBSD: strlcat.c,v 1.8 2001/05/13 15:40:15 deraadt Exp $ */ +/* $OpenBSD: strlcat.c,v 1.19 2019/01/25 00:19:25 millert Exp $ */ /* - * Copyright (c) 1998 Todd C. Miller - * All rights reserved. + * Copyright (c) 1998, 2015 Todd C. Miller * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The name of the author may not be used to endorse or promote products - * derived from this software without specific prior written permission. + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL - * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; - * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: strlcat.c,v 1.8 2001/05/13 15:40:15 deraadt Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include #include /* - * Appends src to string dst of size siz (unlike strncat, siz is the - * full size of dst, not space left). At most siz-1 characters - * will be copied. Always NUL terminates (unless siz <= strlen(dst)). - * Returns strlen(src) + MIN(siz, strlen(initial dst)). - * If retval >= siz, truncation occurred. + * Appends src to string dst of size dsize (unlike strncat, dsize is the + * full size of dst, not space left). At most dsize-1 characters + * will be copied. Always NUL terminates (unless dsize <= strlen(dst)). + * Returns strlen(src) + MIN(dsize, strlen(initial dst)). + * If retval >= dsize, truncation occurred. */ size_t -strlcat(dst, src, siz) - char *dst; - const char *src; - size_t siz; +strlcat(char *dst, const char *src, size_t dsize) { - register char *d = dst; - register const char *s = src; - register size_t n = siz; + const char *odst = dst; + const char *osrc = src; + size_t n = dsize; size_t dlen; - /* Find the end of dst and adjust bytes left but don't go past end */ - while (n-- != 0 && *d != '\0') - d++; - dlen = d - dst; - n = siz - dlen; + /* Find the end of dst and adjust bytes left but don't go past end. */ + while (n-- != 0 && *dst != '\0') + dst++; + dlen = dst - odst; + n = dsize - dlen; - if (n == 0) - return(dlen + strlen(s)); - while (*s != '\0') { - if (n != 1) { - *d++ = *s; + if (n-- == 0) + return(dlen + strlen(src)); + while (*src != '\0') { + if (n != 0) { + *dst++ = *src; n--; } - s++; + src++; } - *d = '\0'; + *dst = '\0'; - return(dlen + (s - src)); /* count does not include NUL */ + return(dlen + (src - osrc)); /* count does not include NUL */ } +DEF_WEAK(strlcat); diff --git a/src/lib/libc/string/strlcpy.3 b/src/lib/libc/string/strlcpy.3 index b103588b960..a14145e199f 100644 --- a/src/lib/libc/string/strlcpy.3 +++ b/src/lib/libc/string/strlcpy.3 @@ -1,31 +1,20 @@ -.\" $OpenBSD: strlcpy.3,v 1.14 2002/04/30 16:31:42 mpech Exp $ +.\" $OpenBSD: strlcpy.3,v 1.27 2019/01/25 00:19:25 millert Exp $ .\" -.\" Copyright (c) 1998, 2000 Todd C. Miller -.\" All rights reserved. +.\" Copyright (c) 1998, 2000 Todd C. Miller .\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. The name of the author may not be used to endorse or promote products -.\" derived from this software without specific prior written permission. +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. .\" -.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, -.\" INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY -.\" AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL -.\" THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, -.\" EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, -.\" PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; -.\" OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, -.\" WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR -.\" OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF -.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd June 22, 1998 +.Dd $Mdocdate: January 25 2019 $ .Dt STRLCPY 3 .Os .Sh NAME @@ -33,74 +22,87 @@ .Nm strlcat .Nd size-bounded string copying and concatenation .Sh SYNOPSIS -.Fd #include +.In string.h .Ft size_t -.Fn strlcpy "char *dst" "const char *src" "size_t size" +.Fn strlcpy "char *dst" "const char *src" "size_t dstsize" .Ft size_t -.Fn strlcat "char *dst" "const char *src" "size_t size" +.Fn strlcat "char *dst" "const char *src" "size_t dstsize" .Sh DESCRIPTION The .Fn strlcpy and .Fn strlcat -functions copy and concatenate strings respectively. -They are designed -to be safer, more consistent, and less error prone replacements for +functions copy and concatenate strings with the +same input parameters and output result as +.Xr snprintf 3 . +They are designed to be safer, more consistent, and less error +prone replacements for the easily misused functions .Xr strncpy 3 and .Xr strncat 3 . -Unlike those functions, -.Fn strlcpy -and -.Fn strlcat -take the full size of the buffer (not just the length) and guarantee to -NUL-terminate the result (as long as -.Fa size -is larger than 0 or, in the case of -.Fn strlcat , -as long as there is at least one byte free in -.Fa dst ) . -Note that you should include a byte for the NUL in -.Fa size . -Also note that +.Pp .Fn strlcpy and .Fn strlcat -only operate on true -.Dq C -strings. -This means that for -.Fn strlcpy -.Fa src -must be NUL-terminated and for -.Fn strlcat -both -.Fa src -and -.Fa dst -must be NUL-terminated. +take the full size of the destination buffer and guarantee +NUL-termination if there is room. +Note that room for the NUL should be included in +.Fa dstsize . .Pp -The .Fn strlcpy -function copies up to -.Fa size -- 1 characters from the NUL-terminated string +copies up to +.Fa dstsize +\- 1 characters from the string .Fa src to .Fa dst , -NUL-terminating the result. +NUL-terminating the result if +.Fa dstsize +is not 0. .Pp -The .Fn strlcat -function appends the NUL-terminated string +appends string .Fa src to the end of .Fa dst . It will append at most -.Fa size -- strlen(dst) - 1 bytes, NUL-terminating the result. +.Fa dstsize +\- strlen(dst) \- 1 characters. +It will then NUL-terminate, unless +.Fa dstsize +is 0 or the original +.Fa dst +string was longer than +.Fa dstsize +(in practice this should not happen +as it means that either +.Fa dstsize +is incorrect or that +.Fa dst +is not a proper string). +.Pp +If the +.Fa src +and +.Fa dst +strings overlap, the behavior is undefined. .Sh RETURN VALUES -The +Besides quibbles over the return type +.Pf ( Va size_t +versus +.Va int ) +and signal handler safety +.Pf ( Xr snprintf 3 +is not entirely safe on some systems), the +following two are equivalent: +.Bd -literal -offset indent +n = strlcpy(dst, src, len); +n = snprintf(dst, len, "%s", src); +.Ed +.Pp +Like +.Xr snprintf 3 , +the .Fn strlcpy and .Fn strlcat @@ -116,29 +118,12 @@ that means the initial length of plus the length of .Fa src . -While this may seem somewhat confusing it was done to make -truncation detection simple. .Pp -Note however, that if -.Fn strlcat -traverses -.Fa size -characters without finding a NUL, the length of the string is considered -to be -.Fa size -and the destination string will not be NUL-terminated (since there was -no space for the NUL). -This keeps -.Fn strlcat -from running off the end of a string. -In practice this should not happen (as it means that either -.Fa size -is incorrect or that -.Fa dst -is not a proper -.Dq C -string). -The check exists to prevent potential security problems in incorrect code. +If the return value is +.Cm >= +.Va dstsize , +the output string has been truncated. +It is the caller's responsibility to handle this. .Sh EXAMPLES The following code fragment illustrates the simple case: .Bd -literal -offset indent @@ -153,7 +138,7 @@ char *s, *p, buf[BUFSIZ]; To detect truncation, perhaps while building a pathname, something like the following might be used: .Bd -literal -offset indent -char *dir, *file, pname[MAXPATHLEN]; +char *dir, *file, pname[PATH_MAX]; \&... @@ -163,10 +148,10 @@ if (strlcat(pname, file, sizeof(pname)) >= sizeof(pname)) goto toolong; .Ed .Pp -Since we know how many characters we copied the first time, we can -speed things up a bit by using a copy instead of an append: +Since it is known how many characters were copied the first time, things +can be sped up a bit by using a copy instead of an append: .Bd -literal -offset indent -char *dir, *file, pname[MAXPATHLEN]; +char *dir, *file, pname[PATH_MAX]; size_t n; \&... @@ -187,4 +172,17 @@ As a matter of fact, the first version of this manual page got it wrong. .Sh SEE ALSO .Xr snprintf 3 , .Xr strncat 3 , -.Xr strncpy 3 +.Xr strncpy 3 , +.Xr wcslcpy 3 +.Sh HISTORY +.Fn strlcpy +and +.Fn strlcat +first appeared in +.Ox 2.4 . +.Sh AUTHORS +.Fn strlcpy +and +.Fn strlcat +were created by +.An Todd C. Miller Aq Mt millert@openbsd.org . diff --git a/src/lib/libc/string/strlcpy.c b/src/lib/libc/string/strlcpy.c index 5f586964b76..7e3b9aef6f6 100644 --- a/src/lib/libc/string/strlcpy.c +++ b/src/lib/libc/string/strlcpy.c @@ -1,69 +1,51 @@ -/* $OpenBSD: strlcpy.c,v 1.5 2001/05/13 15:40:16 deraadt Exp $ */ +/* $OpenBSD: strlcpy.c,v 1.16 2019/01/25 00:19:25 millert Exp $ */ /* - * Copyright (c) 1998 Todd C. Miller - * All rights reserved. + * Copyright (c) 1998, 2015 Todd C. Miller * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The name of the author may not be used to endorse or promote products - * derived from this software without specific prior written permission. + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL - * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; - * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: strlcpy.c,v 1.5 2001/05/13 15:40:16 deraadt Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include #include /* - * Copy src to string dst of size siz. At most siz-1 characters - * will be copied. Always NUL terminates (unless siz == 0). - * Returns strlen(src); if retval >= siz, truncation occurred. + * Copy string src to buffer dst of size dsize. At most dsize-1 + * chars will be copied. Always NUL terminates (unless dsize == 0). + * Returns strlen(src); if retval >= dsize, truncation occurred. */ size_t -strlcpy(dst, src, siz) - char *dst; - const char *src; - size_t siz; +strlcpy(char *dst, const char *src, size_t dsize) { - register char *d = dst; - register const char *s = src; - register size_t n = siz; + const char *osrc = src; + size_t nleft = dsize; - /* Copy as many bytes as will fit */ - if (n != 0 && --n != 0) { - do { - if ((*d++ = *s++) == 0) + /* Copy as many bytes as will fit. */ + if (nleft != 0) { + while (--nleft != 0) { + if ((*dst++ = *src++) == '\0') break; - } while (--n != 0); + } } - /* Not enough room in dst, add NUL and traverse rest of src */ - if (n == 0) { - if (siz != 0) - *d = '\0'; /* NUL-terminate dst */ - while (*s++) + /* Not enough room in dst, add NUL and traverse rest of src. */ + if (nleft == 0) { + if (dsize != 0) + *dst = '\0'; /* NUL-terminate dst */ + while (*src++) ; } - return(s - src - 1); /* count does not include NUL */ + return(src - osrc - 1); /* count does not include NUL */ } +DEF_WEAK(strlcpy); diff --git a/src/lib/libc/string/strlen.3 b/src/lib/libc/string/strlen.3 index 759e724056d..81ce52e5095 100644 --- a/src/lib/libc/string/strlen.3 +++ b/src/lib/libc/string/strlen.3 @@ -1,3 +1,5 @@ +.\" $OpenBSD: strlen.3,v 1.13 2014/12/09 14:41:00 jmc Exp $ +.\" .\" Copyright (c) 1990, 1991 The Regents of the University of California. .\" All rights reserved. .\" @@ -13,11 +15,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -33,33 +31,74 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: strlen.3,v 1.4 2000/04/21 15:24:20 aaron Exp $ -.\" -.Dd June 29, 1991 +.Dd $Mdocdate: December 9 2014 $ .Dt STRLEN 3 .Os .Sh NAME -.Nm strlen +.Nm strlen , +.Nm strnlen .Nd find length of a string .Sh SYNOPSIS -.Fd #include +.In string.h .Ft size_t .Fn strlen "const char *s" +.Ft size_t +.Fn strnlen "const char *s" "size_t maxlen" .Sh DESCRIPTION The .Fn strlen function computes the length of the string .Fa s . +.Pp +The +.Fn strnlen +function computes the length of the string +.Fa s , +up to +.Fa maxlen +characters. +The +.Fn strnlen +function will never attempt to address more than +.Fa maxlen +characters, making it suitable for use with character arrays that are +not guaranteed to be NUL-terminated. .Sh RETURN VALUES The .Fn strlen function returns the number of characters that precede the terminating .Tn NUL character. +.Pp +The +.Fn strnlen +function returns the number of characters that precede the terminating +.Tn NUL +or +.Fa maxlen , +whichever is smaller. .Sh SEE ALSO -.Xr string 3 +.Xr wcslen 3 .Sh STANDARDS The .Fn strlen function conforms to .St -ansiC . +.Pp +The +.Fn strlen +and +.Fn strnlen +functions conform to +.St -p1003.1-2008 . +.Sh HISTORY +The +.Fn strlen +function first appeared in the Programmer's Workbench (PWB/UNIX) +and was ported to +.At v7 . +The +.Fn strnlen +function appeared in glibc 2.0 +and was reimplemented for +.Ox 4.8 . diff --git a/src/lib/libc/string/strlen.c b/src/lib/libc/string/strlen.c index ab006e04c2b..a5721d3e7f5 100644 --- a/src/lib/libc/string/strlen.c +++ b/src/lib/libc/string/strlen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: strlen.c,v 1.4 2001/07/29 21:15:23 millert Exp $ */ +/* $OpenBSD: strlen.c,v 1.9 2015/08/31 02:53:57 guenther Exp $ */ /*- * Copyright (c) 1990, 1993 @@ -12,11 +12,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -33,19 +29,10 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: strlen.c,v 1.4 2001/07/29 21:15:23 millert Exp $"; -#endif /* LIBC_SCCS and not lint */ - -#if !defined(_KERNEL) && !defined(_STANDALONE) #include -#else -#include -#endif size_t -strlen(str) - const char *str; +strlen(const char *str) { const char *s; @@ -54,3 +41,4 @@ strlen(str) return (s - str); } +DEF_STRONG(strlen); diff --git a/src/lib/libc/string/strmode.3 b/src/lib/libc/string/strmode.3 index bf311f1f995..8135d30ba11 100644 --- a/src/lib/libc/string/strmode.3 +++ b/src/lib/libc/string/strmode.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: strmode.3,v 1.8 2000/04/21 15:24:20 aaron Exp $ +.\" $OpenBSD: strmode.3,v 1.17 2017/07/05 11:44:35 tb Exp $ .\" .\" Copyright (c) 1990, 1991, 1993 .\" The Regents of the University of California. All rights reserved. @@ -11,11 +11,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -33,14 +29,14 @@ .\" .\" @(#)strmode.3 8.3 (Berkeley) 7/28/94 .\" -.Dd July 28, 1994 +.Dd $Mdocdate: July 5 2017 $ .Dt STRMODE 3 .Os .Sh NAME .Nm strmode .Nd convert inode status information into a symbolic string .Sh SYNOPSIS -.Fd #include +.In string.h .Ft void .Fn strmode "mode_t mode" "char *bp" .Sh DESCRIPTION @@ -52,7 +48,7 @@ function converts a file .Xr stat 2 ) into a symbolic string which is stored in the location referenced by .Fa bp . -This stored string is eleven characters in length plus a trailing null byte. +This stored string is eleven characters in length plus a trailing NUL byte. .Pp The first character is the inode type, and will be one of the following: .Pp @@ -68,12 +64,10 @@ directory .It l symbolic link .It p -fifo +FIFO .It s socket -.It w -whiteout -.It ? +.It \&? unknown inode type .El .Pp @@ -146,10 +140,6 @@ The last character is a plus sign if there are any alternate or additional access control methods associated with the inode, otherwise it will be a space. -.Sh RETURN VALUES -The -.Fn strmode -function always returns 0. .Sh SEE ALSO .Xr chmod 1 , .Xr find 1 , @@ -160,4 +150,4 @@ function always returns 0. The .Fn strmode function first appeared in -.Bx 4.4 . +.Bx 4.3 Reno . diff --git a/src/lib/libc/string/strmode.c b/src/lib/libc/string/strmode.c index 5e7f15e857e..609b8931fbb 100644 --- a/src/lib/libc/string/strmode.c +++ b/src/lib/libc/string/strmode.c @@ -1,3 +1,4 @@ +/* $OpenBSD: strmode.c,v 1.8 2015/08/31 02:53:57 guenther Exp $ */ /*- * Copyright (c) 1990 The Regents of the University of California. * All rights reserved. @@ -10,11 +11,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -31,18 +28,14 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: strmode.c,v 1.3 1997/06/13 13:57:20 deraadt Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include #include #include +/* XXX mode should be mode_t */ + void -strmode(mode, p) - register mode_t mode; - register char *p; +strmode(int mode, char *p) { /* print type */ switch (mode & S_IFMT) { @@ -68,11 +61,6 @@ strmode(mode, p) case S_IFIFO: /* fifo */ *p++ = 'p'; break; -#endif -#ifdef S_IFWHT - case S_IFWHT: /* whiteout */ - *p++ = 'w'; - break; #endif default: /* unknown */ *p++ = '?'; @@ -150,3 +138,4 @@ strmode(mode, p) *p++ = ' '; /* will be a '+' if ACL's implemented */ *p = '\0'; } +DEF_WEAK(strmode); diff --git a/src/lib/libc/string/strncat.3 b/src/lib/libc/string/strncat.3 new file mode 100644 index 00000000000..d314a9999a1 --- /dev/null +++ b/src/lib/libc/string/strncat.3 @@ -0,0 +1,132 @@ +.\" $OpenBSD: strncat.3,v 1.4 2014/04/19 16:50:46 jmc Exp $ +.\" +.\" Copyright (c) 1990, 1991 The Regents of the University of California. +.\" All rights reserved. +.\" +.\" This code is derived from software contributed to Berkeley by +.\" Chris Torek and the American National Standards Committee X3, +.\" on Information Processing Systems. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd $Mdocdate: April 19 2014 $ +.Dt STRNCAT 3 +.Os +.Sh NAME +.Nm strncat +.Nd concatenate a string with part of another +.Sh SYNOPSIS +.In string.h +.Ft char * +.Fn strncat "char *dst" "const char *append" "size_t count" +.Sh DESCRIPTION +The +.Fn strncat +function appends not more than +.Fa count +characters of the string +.Fa append +to the end of the string found in the buffer +.Fa dst . +Space for the terminating +.Ql \e0 +should not be included in +.Fa count . +.Pp +Bounds checking must be performed manually with great care. +If the buffer +.Fa dst +is not large enough to hold the result, +subsequent memory will be damaged. +.Sh RETURN VALUES +The +.Fn strncat +function returns the pointer +.Fa dst . +.Sh EXAMPLES +The following example shows how to use +.Fn strncat +in conjunction with +.Xr strncpy 3 : +.Bd -literal -offset indent +char buf[BUFSIZ]; +char *base, *suffix; + +(void)strncpy(buf, base, sizeof(buf) - 1); +buf[sizeof(buf) - 1] = '\e0'; +(void)strncat(buf, suffix, sizeof(buf) - 1 - strlen(buf)); +.Ed +.Pp +The above will copy as many characters from +.Va base +to +.Va buf +as will fit. +It then appends as many characters from +.Va suffix +as will fit. +If either +.Va base +or +.Va suffix +are too large, truncation will occur without detection. +.Pp +The above example shows dangerous coding patterns, including an +inability to detect truncation. +.Fn strncat +and +.Fn strncpy +are dangerously easy to misuse. +The +.Xr strlcpy 3 +and +.Xr strlcat 3 +functions are safer for this kind of operation: +.Bd -literal -offset indent +if (strlcpy(buf, base, sizeof(buf)) >= sizeof(buf) || + strlcat(buf, suffix, sizeof(buf)) >= sizeof(buf)) + goto toolong; + +.Ed +or for greatest portability, +.Bd -literal -offset indent +if (snprintf(buf, sizeof(buf), "%s%s", + base, suffix) >= sizeof(buf)) + goto toolong; +.Ed +.Sh SEE ALSO +.Xr strlcpy 3 , +.Xr wcscat 3 , +.Xr wcslcpy 3 +.Sh STANDARDS +The +.Fn strncat +function conforms to +.St -ansiC . +.Sh HISTORY +The +.Fn strncat +function first appeared in +.At v7 . diff --git a/src/lib/libc/string/strncat.c b/src/lib/libc/string/strncat.c index 27ae2ba324a..b3388accf37 100644 --- a/src/lib/libc/string/strncat.c +++ b/src/lib/libc/string/strncat.c @@ -1,3 +1,4 @@ +/* $OpenBSD: strncat.c,v 1.6 2015/08/31 02:53:57 guenther Exp $ */ /*- * Copyright (c) 1990 The Regents of the University of California. * All rights reserved. @@ -13,11 +14,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -34,10 +31,6 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: strncat.c,v 1.2 1996/08/19 08:34:21 tholo Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include /* @@ -45,14 +38,11 @@ static char *rcsid = "$OpenBSD: strncat.c,v 1.2 1996/08/19 08:34:21 tholo Exp $" * are written at dst (at most n+1 bytes being appended). Return dst. */ char * -strncat(dst, src, n) - char *dst; - const char *src; - register size_t n; +strncat(char *dst, const char *src, size_t n) { if (n != 0) { - register char *d = dst; - register const char *s = src; + char *d = dst; + const char *s = src; while (*d != 0) d++; @@ -65,3 +55,4 @@ strncat(dst, src, n) } return (dst); } +DEF_STRONG(strncat); diff --git a/src/lib/libc/string/strncmp.c b/src/lib/libc/string/strncmp.c index 0224957f8b2..535d2a60fde 100644 --- a/src/lib/libc/string/strncmp.c +++ b/src/lib/libc/string/strncmp.c @@ -1,3 +1,5 @@ +/* $OpenBSD: strncmp.c,v 1.9 2015/08/31 02:53:57 guenther Exp $ */ + /* * Copyright (c) 1989 The Regents of the University of California. * All rights reserved. @@ -10,11 +12,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -31,20 +29,10 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: strncmp.c,v 1.3 1996/08/19 08:34:21 tholo Exp $"; -#endif /* LIBC_SCCS and not lint */ - -#ifndef _KERNEL #include -#else -#include -#endif int -strncmp(s1, s2, n) - register const char *s1, *s2; - register size_t n; +strncmp(const char *s1, const char *s2, size_t n) { if (n == 0) @@ -57,3 +45,4 @@ strncmp(s1, s2, n) } while (--n != 0); return (0); } +DEF_STRONG(strncmp); diff --git a/src/lib/libc/string/strncpy.3 b/src/lib/libc/string/strncpy.3 new file mode 100644 index 00000000000..3a68a0bd5b8 --- /dev/null +++ b/src/lib/libc/string/strncpy.3 @@ -0,0 +1,138 @@ +.\" $OpenBSD: strncpy.3,v 1.2 2014/04/19 11:30:40 deraadt Exp $ +.\" +.\" Copyright (c) 1990, 1991 The Regents of the University of California. +.\" All rights reserved. +.\" +.\" This code is derived from software contributed to Berkeley by +.\" Chris Torek and the American National Standards Committee X3, +.\" on Information Processing Systems. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd $Mdocdate: April 19 2014 $ +.Dt STRNCPY 3 +.Os +.Sh NAME +.Nm strncpy +.Nd copy part of a string to another +.Sh SYNOPSIS +.In string.h +.Ft char * +.Fn strncpy "char *dst" "const char *src" "size_t len" +.Sh DESCRIPTION +The +.Fn strncpy +function copies not more than +.Fa len +characters from the string +.Fa src +to the buffer +.Fa dst . +If +.Fa src +is less than +.Fa len +characters long, +it fills the remaining buffer with +.Ql \e0 +characters. +If the length of +.Fa src +is greater than or equal to +.Fa len , +.Fa dst +will +.Em not +be NUL-terminated. +.Pp +.Fn strncpy +.Em only +NUL terminates the destination string when the length of the source +string is less than the length parameter. +.Pp +If the +.Fa src +and +.Fa dst +strings overlap, the behavior is undefined. +.Sh RETURN VALUES +The +.Fn strncpy +function returns +.Fa dst . +.Sh EXAMPLES +The following sets +.Va chararray +to +.Dq abc\e0\e0\e0 : +.Bd -literal -offset indent +(void)strncpy(chararray, "abc", 6); +.Ed +.Pp +The following sets +.Va chararray +to +.Dq abcdef , +without a NUL-terminator: +.Bd -literal -offset indent +(void)strncpy(chararray, "abcdefgh", 6); +.Ed +.Pp +The following sequence copies as many characters from +.Va input +to +.Va buf +as will fit, and then NUL terminates the result by hand: +.Bd -literal -offset indent +char buf[BUFSIZ]; + +(void)strncpy(buf, input, sizeof(buf) - 1); +buf[sizeof(buf) - 1] = '\e0'; +.Ed +.Pp +By now it is clear that +.Nm strncpy +is dangerously easy to misuse. +The +.Xr strlcpy 3 +function is safer for this kind of operation: +.Bd -literal -offset indent +if (strlcpy(buf, input, sizeof(buf)) >= sizeof(buf)) + goto toolong; +.Ed +.Sh SEE ALSO +.Xr strlcpy 3 , +.Xr wcscpy 3 , +.Xr wcslcpy 3 +.Sh STANDARDS +The +.Fn strncpy +function conforms to +.St -ansiC . +.Sh HISTORY +The +.Fn strncpy +function first appeared in +.At v7 . diff --git a/src/lib/libc/string/strncpy.c b/src/lib/libc/string/strncpy.c index 01bc8a872e5..d6d8647fc76 100644 --- a/src/lib/libc/string/strncpy.c +++ b/src/lib/libc/string/strncpy.c @@ -1,3 +1,5 @@ +/* $OpenBSD: strncpy.c,v 1.8 2015/08/31 02:53:57 guenther Exp $ */ + /*- * Copyright (c) 1990 The Regents of the University of California. * All rights reserved. @@ -13,11 +15,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -34,10 +32,6 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: strncpy.c,v 1.2 1996/08/19 08:34:22 tholo Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include /* @@ -45,14 +39,11 @@ static char *rcsid = "$OpenBSD: strncpy.c,v 1.2 1996/08/19 08:34:22 tholo Exp $" * Return dst. */ char * -strncpy(dst, src, n) - char *dst; - const char *src; - register size_t n; +strncpy(char *dst, const char *src, size_t n) { if (n != 0) { - register char *d = dst; - register const char *s = src; + char *d = dst; + const char *s = src; do { if ((*d++ = *s++) == 0) { @@ -65,3 +56,4 @@ strncpy(dst, src, n) } return (dst); } +DEF_STRONG(strncpy); diff --git a/src/lib/libc/string/strndup.c b/src/lib/libc/string/strndup.c new file mode 100644 index 00000000000..499f9a028af --- /dev/null +++ b/src/lib/libc/string/strndup.c @@ -0,0 +1,40 @@ +/* $OpenBSD: strndup.c,v 1.3 2019/01/25 00:19:25 millert Exp $ */ + +/* + * Copyright (c) 2010 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include +#include +#include + +char * +strndup(const char *str, size_t maxlen) +{ + char *copy; + size_t len; + + len = strnlen(str, maxlen); + copy = malloc(len + 1); + if (copy != NULL) { + (void)memcpy(copy, str, len); + copy[len] = '\0'; + } + + return copy; +} +DEF_WEAK(strndup); diff --git a/src/lib/libc/string/strnlen.c b/src/lib/libc/string/strnlen.c new file mode 100644 index 00000000000..d50a927f283 --- /dev/null +++ b/src/lib/libc/string/strnlen.c @@ -0,0 +1,33 @@ +/* $OpenBSD: strnlen.c,v 1.9 2019/01/25 00:19:25 millert Exp $ */ + +/* + * Copyright (c) 2010 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include + +size_t +strnlen(const char *str, size_t maxlen) +{ + const char *cp; + + for (cp = str; maxlen != 0 && *cp != '\0'; cp++, maxlen--) + ; + + return (size_t)(cp - str); +} +DEF_WEAK(strnlen); diff --git a/src/lib/libc/string/strpbrk.3 b/src/lib/libc/string/strpbrk.3 index 52bf13b9245..b758df68543 100644 --- a/src/lib/libc/string/strpbrk.3 +++ b/src/lib/libc/string/strpbrk.3 @@ -1,3 +1,5 @@ +.\" $OpenBSD: strpbrk.3,v 1.10 2013/06/05 03:39:23 tedu Exp $ +.\" .\" Copyright (c) 1990, 1991 The Regents of the University of California. .\" All rights reserved. .\" @@ -13,11 +15,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -33,22 +31,20 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: strpbrk.3,v 1.5 2000/04/21 15:24:20 aaron Exp $ -.\" -.Dd June 29, 1991 +.Dd $Mdocdate: June 5 2013 $ .Dt STRPBRK 3 .Os .Sh NAME .Nm strpbrk .Nd locate multiple characters in string .Sh SYNOPSIS -.Fd #include +.In string.h .Ft char * .Fn strpbrk "const char *s" "const char *charset" .Sh DESCRIPTION The .Fn strpbrk -function locates in the null-terminated string +function locates in the NUL-terminated string .Fa s the first occurrence of any character in the string .Fa charset @@ -68,9 +64,17 @@ returns .Xr strsep 3 , .Xr strspn 3 , .Xr strstr 3 , -.Xr strtok 3 +.Xr strtok 3 , +.Xr wcspbrk 3 .Sh STANDARDS The .Fn strpbrk function conforms to .St -ansiC . +.Sh HISTORY +The +.Fn strpbrk +function first appeared in +.At III +and was reimplemented for +.Bx 4.3 Tahoe . diff --git a/src/lib/libc/string/strpbrk.c b/src/lib/libc/string/strpbrk.c index 748a3a8c94d..336c22dedd6 100644 --- a/src/lib/libc/string/strpbrk.c +++ b/src/lib/libc/string/strpbrk.c @@ -1,3 +1,4 @@ +/* $OpenBSD: strpbrk.c,v 1.6 2015/08/31 02:53:57 guenther Exp $ */ /* * Copyright (c) 1985 Regents of the University of California. * All rights reserved. @@ -10,11 +11,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -31,21 +28,16 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: strpbrk.c,v 1.2 1996/08/19 08:34:23 tholo Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include /* * Find the first occurrence in s1 of a character in s2 (excluding NUL). */ char * -strpbrk(s1, s2) - register const char *s1, *s2; +strpbrk(const char *s1, const char *s2) { - register const char *scanp; - register int c, sc; + const char *scanp; + int c, sc; while ((c = *s1++) != 0) { for (scanp = s2; (sc = *scanp++) != 0;) @@ -54,3 +46,4 @@ strpbrk(s1, s2) } return (NULL); } +DEF_STRONG(strpbrk); diff --git a/src/lib/libc/string/strrchr.3 b/src/lib/libc/string/strrchr.3 index 394fc2aad3b..5abb88ec70b 100644 --- a/src/lib/libc/string/strrchr.3 +++ b/src/lib/libc/string/strrchr.3 @@ -1,3 +1,5 @@ +.\" $OpenBSD: strrchr.3,v 1.12 2018/10/01 06:37:37 martijn Exp $ +.\" .\" Copyright (c) 1990, 1991 The Regents of the University of California. .\" All rights reserved. .\" @@ -13,11 +15,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -33,9 +31,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: strrchr.3,v 1.6 2000/04/21 15:24:20 aaron Exp $ -.\" -.Dd June 29, 1991 +.Dd $Mdocdate: October 1 2018 $ .Dt STRRCHR 3 .Os .Sh NAME @@ -43,9 +39,10 @@ .Nm rindex .Nd locate last occurrence of a character in a string .Sh SYNOPSIS -.Fd #include +.In string.h .Ft char * .Fn strrchr "const char *s" "int c" +.In strings.h .Ft char * .Fn rindex "const char *s" "int c" .Sh DESCRIPTION @@ -53,6 +50,7 @@ The .Fn strrchr function locates the last occurrence of the character .Fa c +.Pq converted to a char in the string .Fa s . The terminating @@ -96,7 +94,8 @@ p = strrchr(s, 'o'); .Xr strsep 3 , .Xr strspn 3 , .Xr strstr 3 , -.Xr strtok 3 +.Xr strtok 3 , +.Xr wcsrchr 3 .Sh STANDARDS The .Fn strrchr @@ -106,3 +105,14 @@ function conforms to The .Fn rindex function is deprecated and shouldn't be used in new code. +.Sh HISTORY +The +.Fn rindex +function first appeared in +.At v7 . +The +.Fn strrchr +function first appeared in +.At III +and was reimplemented for +.Bx 4.3 Tahoe . diff --git a/src/lib/libc/string/strrchr.c b/src/lib/libc/string/strrchr.c new file mode 100644 index 00000000000..848d1ad22e4 --- /dev/null +++ b/src/lib/libc/string/strrchr.c @@ -0,0 +1,48 @@ +/* $OpenBSD: strrchr.c,v 1.4 2018/10/01 06:37:37 martijn Exp $ */ +/* + * Copyright (c) 1988 Regents of the University of California. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include + +__weak_alias(rindex, strrchr); + +char * +strrchr(const char *p, int ch) +{ + char *save; + + for (save = NULL;; ++p) { + if (*p == (char) ch) + save = (char *)p; + if (!*p) + return(save); + } + /* NOTREACHED */ +} +DEF_STRONG(strrchr); diff --git a/src/lib/libc/string/strsep.3 b/src/lib/libc/string/strsep.3 index 848dab1eb3b..77053f66d73 100644 --- a/src/lib/libc/string/strsep.3 +++ b/src/lib/libc/string/strsep.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: strsep.3,v 1.10 2001/11/21 14:32:45 deraadt Exp $ +.\" $OpenBSD: strsep.3,v 1.14 2013/06/05 03:39:23 tedu Exp $ .\" .\" Copyright (c) 1990, 1991, 1993 .\" The Regents of the University of California. All rights reserved. @@ -14,11 +14,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -36,14 +32,14 @@ .\" .\" @(#)strsep.3 8.1 (Berkeley) 6/9/93 .\" -.Dd June 9, 1993 +.Dd $Mdocdate: June 5 2013 $ .Dt STRSEP 3 .Os .Sh NAME .Nm strsep .Nd separate strings .Sh SYNOPSIS -.Fd #include +.In string.h .Ft char * .Fn strsep "char **stringp" "const char *delim" .Sh DESCRIPTION @@ -100,17 +96,15 @@ for (ap = argv; ap < &argv[9] && .Sh HISTORY The .Fn strsep -function is intended as a replacement for the -.Fn strtok +function first appeared in +.Bx 4.3 Reno . +It is intended as a replacement for the +.Xr strtok 3 function. While the -.Fn strtok +.Xr strtok 3 function should be preferred for portability reasons (it conforms to .St -ansiC ) it is unable to handle empty fields, i.e., detect fields delimited by two adjacent delimiter characters, or to be used for more than a single string at a time. -The -.Fn strsep -function first appeared in -.Bx 4.4 . diff --git a/src/lib/libc/string/strsep.c b/src/lib/libc/string/strsep.c index b69b715fc5f..97c3cbf1f5d 100644 --- a/src/lib/libc/string/strsep.c +++ b/src/lib/libc/string/strsep.c @@ -1,4 +1,4 @@ -/* $OpenBSD: strsep.c,v 1.3 1997/08/20 04:28:14 millert Exp $ */ +/* $OpenBSD: strsep.c,v 1.8 2015/08/31 02:53:57 guenther Exp $ */ /*- * Copyright (c) 1990, 1993 @@ -12,11 +12,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -34,15 +30,6 @@ */ #include -#include - -#if defined(LIBC_SCCS) && !defined(lint) -#if 0 -static char sccsid[] = "@(#)strsep.c 8.1 (Berkeley) 6/4/93"; -#else -static char *rcsid = "$OpenBSD: strsep.c,v 1.3 1997/08/20 04:28:14 millert Exp $"; -#endif -#endif /* LIBC_SCCS and not lint */ /* * Get next token from string *stringp, where tokens are possibly-empty @@ -56,13 +43,11 @@ static char *rcsid = "$OpenBSD: strsep.c,v 1.3 1997/08/20 04:28:14 millert Exp $ * If *stringp is NULL, strsep returns NULL. */ char * -strsep(stringp, delim) - register char **stringp; - register const char *delim; +strsep(char **stringp, const char *delim) { - register char *s; - register const char *spanp; - register int c, sc; + char *s; + const char *spanp; + int c, sc; char *tok; if ((s = *stringp) == NULL) @@ -83,3 +68,4 @@ strsep(stringp, delim) } /* NOTREACHED */ } +DEF_WEAK(strsep); diff --git a/src/lib/libc/string/strsignal.3 b/src/lib/libc/string/strsignal.3 index 83b3775f4ef..3261f699d88 100644 --- a/src/lib/libc/string/strsignal.3 +++ b/src/lib/libc/string/strsignal.3 @@ -13,11 +13,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -33,16 +29,16 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: strsignal.3,v 1.3 1999/05/23 14:11:03 aaron Exp $ +.\" $OpenBSD: strsignal.3,v 1.8 2013/06/05 03:39:23 tedu Exp $ .\" -.Dd June 29, 1991 +.Dd $Mdocdate: June 5 2013 $ .Dt STRSIGNAL 3 .Os .Sh NAME .Nm strsignal .Nd get signal description string .Sh SYNOPSIS -.Fd #include +.In string.h .Ft char * .Fn strsignal "int sig" .Sh DESCRIPTION @@ -58,3 +54,15 @@ overwritten by subsequent calls to .Xr intro 2 , .Xr psignal 3 , .Xr setlocale 3 +.Sh STANDARDS +The +.Fn strsignal +function conforms to +.St -p1003.1-2008 . +.Sh HISTORY +The +.Fn strsignal +function first appeared in +.At V.4 +and was reimplemented for +.Nx 1.0 . diff --git a/src/lib/libc/string/strsignal.c b/src/lib/libc/string/strsignal.c index 90118f70f94..fe2a7479431 100644 --- a/src/lib/libc/string/strsignal.c +++ b/src/lib/libc/string/strsignal.c @@ -10,11 +10,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -31,19 +27,14 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: strsignal.c,v 1.3 2002/02/16 21:27:24 millert Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include #include -extern char *__strsignal(int, char *); - char * -strsignal(sig) - int sig; +strsignal(int sig) { static char buf[NL_TEXTMAX]; + return __strsignal(sig, buf); } +DEF_WEAK(strsignal); diff --git a/src/lib/libc/string/strspn.3 b/src/lib/libc/string/strspn.3 index ca965aeb184..e339d9b6af4 100644 --- a/src/lib/libc/string/strspn.3 +++ b/src/lib/libc/string/strspn.3 @@ -1,3 +1,5 @@ +.\" $OpenBSD: strspn.3,v 1.11 2013/06/05 03:39:23 tedu Exp $ +.\" .\" Copyright (c) 1990, 1991 The Regents of the University of California. .\" All rights reserved. .\" @@ -13,11 +15,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -33,22 +31,20 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: strspn.3,v 1.6 2000/04/21 15:24:20 aaron Exp $ -.\" -.Dd June 29, 1991 +.Dd $Mdocdate: June 5 2013 $ .Dt STRSPN 3 .Os .Sh NAME .Nm strspn .Nd span a string .Sh SYNOPSIS -.Fd #include +.In string.h .Ft size_t .Fn strspn "const char *s" "const char *charset" .Sh DESCRIPTION The .Fn strspn -function spans the initial part of the null-terminated string +function spans the initial part of the NUL-terminated string .Fa s as long as the characters from .Fa s @@ -80,9 +76,17 @@ span = strspn(s, charset); .Xr strrchr 3 , .Xr strsep 3 , .Xr strstr 3 , -.Xr strtok 3 +.Xr strtok 3 , +.Xr wcsspn 3 .Sh STANDARDS The .Fn strspn function conforms to .St -ansiC . +.Sh HISTORY +The +.Fn strspn +function first appeared in +.At III +and was reimplemented for +.Bx 4.3 Tahoe . diff --git a/src/lib/libc/string/strspn.c b/src/lib/libc/string/strspn.c index 41940f91903..0ce41cbb49b 100644 --- a/src/lib/libc/string/strspn.c +++ b/src/lib/libc/string/strspn.c @@ -1,3 +1,4 @@ +/* $OpenBSD: strspn.c,v 1.6 2015/08/31 02:53:57 guenther Exp $ */ /* * Copyright (c) 1989 The Regents of the University of California. * All rights reserved. @@ -10,11 +11,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -31,22 +28,16 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: strspn.c,v 1.2 1996/08/19 08:34:26 tholo Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include /* * Span the string s2 (skip characters that are in s2). */ size_t -strspn(s1, s2) - const char *s1; - register const char *s2; +strspn(const char *s1, const char *s2) { - register const char *p = s1, *spanp; - register char c, sc; + const char *p = s1, *spanp; + char c, sc; /* * Skip any characters in s2, excluding the terminating \0. @@ -58,3 +49,4 @@ strspn(s1, s2) goto cont; return (p - 1 - s1); } +DEF_STRONG(strspn); diff --git a/src/lib/libc/string/strstr.3 b/src/lib/libc/string/strstr.3 index 10beea42ca3..60d2a721a76 100644 --- a/src/lib/libc/string/strstr.3 +++ b/src/lib/libc/string/strstr.3 @@ -1,3 +1,5 @@ +.\" $OpenBSD: strstr.3,v 1.13 2016/05/11 17:51:50 schwarze Exp $ +.\" .\" Copyright (c) 1990, 1991 The Regents of the University of California. .\" All rights reserved. .\" @@ -13,11 +15,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -33,53 +31,71 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: strstr.3,v 1.5 2000/04/21 15:24:20 aaron Exp $ -.\" -.Dd June 29, 1991 +.Dd $Mdocdate: May 11 2016 $ .Dt STRSTR 3 .Os .Sh NAME -.Nm strstr +.Nm strstr , strcasestr .Nd locate a substring in a string .Sh SYNOPSIS -.Fd #include +.In string.h .Ft char * .Fn strstr "const char *big" "const char *little" +.Ft char * +.Fn strcasestr "const char *big" "const char *little" .Sh DESCRIPTION The .Fn strstr -function locates the first occurrence of the null-terminated string +function locates the first occurrence of the NUL-terminated string .Fa little -in the null-terminated string +in the NUL-terminated string .Fa big . +.Pp +The +.Fn strcasestr +function is similar to +.Fn strstr +but ignores the case of both strings. +.Sh RETURN VALUES If .Fa little -is the empty string, -.Fn strstr -returns -.Fa big ; +is an empty string, +.Fa big +is returned; if .Fa little occurs nowhere in .Fa big , -.Fn strstr -returns -.Dv NULL ; -otherwise -.Fn strstr -returns a pointer to the first character of the first occurrence of -.Fa little . +.Dv NULL +is returned; +otherwise a pointer to the first character of the first occurrence of +.Fa little +is returned. .Sh SEE ALSO .Xr memchr 3 , +.Xr memmem 3 , .Xr strchr 3 , .Xr strcspn 3 , .Xr strpbrk 3 , .Xr strrchr 3 , .Xr strsep 3 , .Xr strspn 3 , -.Xr strtok 3 +.Xr strtok 3 , +.Xr wcsstr 3 .Sh STANDARDS The .Fn strstr function conforms to .St -ansiC . +.Sh HISTORY +The +.Fn strstr +function first appeared in +.Bx 4.3 Reno . +The +.Fn strcasestr +function appeared in glibc 2.1, +was reimplemented for +.Fx 4.5 +and ported to +.Ox 3.8 . diff --git a/src/lib/libc/string/strstr.c b/src/lib/libc/string/strstr.c index 763c7e29d78..079d69d257f 100644 --- a/src/lib/libc/string/strstr.c +++ b/src/lib/libc/string/strstr.c @@ -1,64 +1,197 @@ -/*- - * Copyright (c) 1990 The Regents of the University of California. - * All rights reserved. +/* $OpenBSD: strstr.c,v 1.8 2018/04/30 07:44:56 denis Exp $ */ + +/* + * Copyright (c) 2005-2014 Rich Felker * - * This code is derived from software contributed to Berkeley by - * Chris Torek. + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. + * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY + * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, + * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE + * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: strstr.c,v 1.2 1996/08/19 08:34:27 tholo Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include +#include +#include + +#ifdef DEBUG +#include +#endif + +static char * +twobyte_strstr(const unsigned char *h, const unsigned char *n) +{ + uint16_t nw = n[0]<<8 | n[1], hw = h[0]<<8 | h[1]; + for (h++; *h && hw != nw; hw = hw<<8 | *++h); + return *h ? (char *)h-1 : 0; +} + +static char * +threebyte_strstr(const unsigned char *h, const unsigned char *n) +{ + uint32_t nw = n[0]<<24 | n[1]<<16 | n[2]<<8; + uint32_t hw = h[0]<<24 | h[1]<<16 | h[2]<<8; + for (h+=2; *h && hw != nw; hw = (hw|*++h)<<8); + return *h ? (char *)h-2 : 0; +} + +static char * +fourbyte_strstr(const unsigned char *h, const unsigned char *n) +{ + uint32_t nw = n[0]<<24 | n[1]<<16 | n[2]<<8 | n[3]; + uint32_t hw = h[0]<<24 | h[1]<<16 | h[2]<<8 | h[3]; + for (h+=3; *h && hw != nw; hw = hw<<8 | *++h); + return *h ? (char *)h-3 : 0; +} + +#define MAX(a,b) ((a)>(b)?(a):(b)) +#define MIN(a,b) ((a)<(b)?(a):(b)) + +#define BITOP(a,b,op) \ + ((a)[(size_t)(b)/(8*sizeof *(a))] op (size_t)1<<((size_t)(b)%(8*sizeof *(a)))) /* - * Find the first occurrence of find in s. + * Maxime Crochemore and Dominique Perrin, Two-way string-matching, + * Journal of the ACM, 38(3):651-675, July 1991. */ -char * -strstr(s, find) - register const char *s, *find; +static char * +twoway_strstr(const unsigned char *h, const unsigned char *n) { - register char c, sc; - register size_t len; - - if ((c = *find++) != 0) { - len = strlen(find); - do { - do { - if ((sc = *s++) == 0) - return (NULL); - } while (sc != c); - } while (strncmp(s, find, len) != 0); - s--; + const unsigned char *z; + size_t l, ip, jp, k, p, ms, p0, mem, mem0; + size_t byteset[32 / sizeof(size_t)] = { 0 }; + size_t shift[256]; + + /* Computing length of needle and fill shift table */ + for (l=0; n[l] && h[l]; l++) + BITOP(byteset, n[l], |=), shift[n[l]] = l+1; + if (n[l]) return 0; /* hit the end of h */ + + /* Compute maximal suffix */ + ip = -1; jp = 0; k = p = 1; + while (jp+k n[jp+k]) { + jp += k; + k = 1; + p = jp - ip; + } else { + ip = jp++; + k = p = 1; + } + } + ms = ip; + p0 = p; + + /* And with the opposite comparison */ + ip = -1; jp = 0; k = p = 1; + while (jp+k ms+1) ms = ip; + else p = p0; + + /* Periodic needle? */ + if (memcmp(n, n+p, ms+1)) { + mem0 = 0; + p = MAX(ms, l-ms-1) + 1; + } else mem0 = l-p; + mem = 0; + + /* Initialize incremental end-of-haystack pointer */ + z = h; + + /* Search loop */ + for (;;) { + /* Update incremental end-of-haystack pointer */ + if (z-h < l) { + /* Fast estimate for MIN(l,63) */ + size_t grow = l | 63; + const unsigned char *z2 = memchr(z, 0, grow); + if (z2) { + z = z2; + if (z-h < l) return 0; + } else z += grow; + } + + /* Check last byte first; advance by shift on mismatch */ + if (BITOP(byteset, h[l-1], &)) { + k = l-shift[h[l-1]]; +#ifdef DEBUG + printf("adv by %zu (on %c) at [%s] (%zu;l=%zu)\n", k, h[l-1], h, shift[h[l-1]], l); +#endif + if (k) { + if (mem0 && mem && k < p) k = l-p; + h += k; + mem = 0; + continue; + } + } else { + h += l; + mem = 0; + continue; + } + + /* Compare right half */ + for (k=MAX(ms+1,mem); n[k] && n[k] == h[k]; k++); + if (n[k]) { + h += k-ms; + mem = 0; + continue; + } + /* Compare left half */ + for (k=ms+1; k>mem && n[k-1] == h[k-1]; k--); + if (k <= mem) return (char *)h; + h += p; + mem = mem0; } - return ((char *)s); } + +char * +strstr(const char *h, const char *n) +{ + /* Return immediately on empty needle */ + if (!n[0]) return (char *)h; + + /* Use faster algorithms for short needles */ + h = strchr(h, *n); + if (!h || !n[1]) return (char *)h; + if (!h[1]) return 0; + if (!n[2]) return twobyte_strstr((void *)h, (void *)n); + if (!h[2]) return 0; + if (!n[3]) return threebyte_strstr((void *)h, (void *)n); + if (!h[3]) return 0; + if (!n[4]) return fourbyte_strstr((void *)h, (void *)n); + + return twoway_strstr((void *)h, (void *)n); +} +DEF_STRONG(strstr); diff --git a/src/lib/libc/string/strtok.3 b/src/lib/libc/string/strtok.3 index b8dad8eff06..0f1f359ec48 100644 --- a/src/lib/libc/string/strtok.3 +++ b/src/lib/libc/string/strtok.3 @@ -1,3 +1,5 @@ +.\" $OpenBSD: strtok.3,v 1.23 2017/09/02 13:56:44 schwarze Exp $ +.\" .\" Copyright (c) 1988, 1991 The Regents of the University of California. .\" All rights reserved. .\" @@ -13,11 +15,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -33,9 +31,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: strtok.3,v 1.15 2001/08/06 10:42:26 mpech Exp $ -.\" -.Dd June 29, 1991 +.Dd $Mdocdate: September 2 2017 $ .Dt STRTOK 3 .Os .Sh NAME @@ -43,7 +39,7 @@ .Nm strtok_r .Nd string token operations .Sh SYNOPSIS -.Fd #include +.In string.h .Ft char * .Fn strtok "char *str" "const char *sep" .Ft char * @@ -56,7 +52,7 @@ This interface is obsoleted by .Pp The .Fn strtok -function is used to isolate sequential tokens in a null-terminated string, +function is used to isolate sequential tokens in a NUL-terminated string, .Fa str . These tokens are separated in the string by at least one of the characters in @@ -77,16 +73,6 @@ function is a version of .Fn strtok that takes an explicit context argument and is reentrant. .Pp -The -.Fn strtok -and -.Fn strtok_r -functions return a pointer to the beginning of each subsequent token -in the string, after replacing the separator character itself with an -.Tn ASCII NUL -character. -When no more tokens remain, a null pointer is returned. -.Pp Since .Fn strtok and @@ -94,6 +80,15 @@ and modify the string, .Fa str should not point to an area in the initialized data segment. +.Sh RETURN VALUES +The +.Fn strtok +and +.Fn strtok_r +functions return a pointer to the beginning of each subsequent token +in the string, after replacing the separator character itself with +a NUL character. +When no more tokens remain, a null pointer is returned. .Sh EXAMPLES The following will construct an array of pointers to each individual word in the string @@ -108,9 +103,9 @@ int i = 0; snprintf(s, sizeof(s), "cat dog horse cow"); for ((p = strtok_r(s, " ", &last)); p; - (p = strtok_r(NULL, " ", &last)), i++) { + (p = strtok_r(NULL, " ", &last))) { if (i < MAXTOKENS - 1) - tokens[i] = p; + tokens[i++] = p; } tokens[i] = NULL; .Ed @@ -137,12 +132,30 @@ will point to .Xr strrchr 3 , .Xr strsep 3 , .Xr strspn 3 , -.Xr strstr 3 +.Xr strstr 3 , +.Xr wcstok 3 .Sh STANDARDS The .Fn strtok function conforms to .St -ansiC . +The +.Fn strtok_r +function conforms to +.St -p1003.1-2001 . +.Sh HISTORY +The +.Fn strtok +function first appeared in +.At III +and was reimplemented for +.Bx 4.3 Tahoe . +The +.Fn strtok_r +function first appeared in +.Nx 1.3 +and was reimplemented for +.Ox 2.7 . .Sh BUGS The System V .Fn strtok , diff --git a/src/lib/libc/string/strtok.c b/src/lib/libc/string/strtok.c index d925dc75d03..c5765756fcd 100644 --- a/src/lib/libc/string/strtok.c +++ b/src/lib/libc/string/strtok.c @@ -10,11 +10,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -31,33 +27,24 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: strtok.c,v 1.3 1999/11/09 11:19:46 art Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include char * -strtok(s, delim) - register char *s; - register const char *delim; +strtok(char *s, const char *delim) { static char *last; return strtok_r(s, delim, &last); } +DEF_STRONG(strtok); char * -strtok_r(s, delim, last) - register char *s; - register const char *delim; - char **last; +strtok_r(char *s, const char *delim, char **last) { - register char *spanp; - register int c, sc; + const char *spanp; + int c, sc; char *tok; - if (s == NULL && (s = *last) == NULL) return (NULL); @@ -66,7 +53,7 @@ strtok_r(s, delim, last) */ cont: c = *s++; - for (spanp = (char *)delim; (sc = *spanp++) != 0;) { + for (spanp = delim; (sc = *spanp++) != 0;) { if (c == sc) goto cont; } @@ -83,13 +70,13 @@ strtok_r(s, delim, last) */ for (;;) { c = *s++; - spanp = (char *)delim; + spanp = delim; do { if ((sc = *spanp++) == c) { if (c == 0) s = NULL; else - s[-1] = 0; + s[-1] = '\0'; *last = s; return (tok); } @@ -97,3 +84,4 @@ strtok_r(s, delim, last) } /* NOTREACHED */ } +DEF_WEAK(strtok_r); diff --git a/src/lib/libc/string/strxfrm.3 b/src/lib/libc/string/strxfrm.3 index 1e5338993ae..dab3673f38a 100644 --- a/src/lib/libc/string/strxfrm.3 +++ b/src/lib/libc/string/strxfrm.3 @@ -1,4 +1,7 @@ +.\" $OpenBSD: strxfrm.3,v 1.12 2019/01/18 07:43:36 schwarze Exp $ +.\" .\" Copyright (c) 1990, 1991 The Regents of the University of California. +.\" Copyright (c) 2017 Ingo Schwarze .\" All rights reserved. .\" .\" This code is derived from software contributed to Berkeley by @@ -13,11 +16,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -33,34 +32,74 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: strxfrm.3,v 1.3 2000/04/21 15:24:20 aaron Exp $ -.\" -.Dd June 29, 1991 +.Dd $Mdocdate: January 18 2019 $ .Dt STRXFRM 3 .Os .Sh NAME -.Nm strxfrm +.Nm strxfrm , +.Nm strxfrm_l .Nd transform a string under locale .Sh SYNOPSIS -.Fd #include +.In string.h .Ft size_t .Fn strxfrm "char *dst" "const char *src" "size_t n" +.Ft size_t +.Fn strxfrm_l "char *dst" "const char *src" "size_t n" "locale_t locale" .Sh DESCRIPTION -The +The idea of .Fn strxfrm -function does something horrible (see -.Tn ANSI -standard). -In this implementation it just copies. +and +.Fn strxfrm_l +is to +.Dq un-localize +a string: the functions transform +.Ar src , +storing the result in +.Ar dst , +such that +.Xr strcmp 3 +on transformed strings returns what +.Xr strcoll 3 +on the original untransformed strings would return. +.Pp +On +.Ox , +both have the same effect as +.Xr strlcpy 3 , +and the global locale, the thread-specific locale, and the +.Fa locale +argument are ignored. +On other operating systems, the behaviour may depend on the +.Dv LC_CTYPE +and +.Dv LC_COLLATE +locale categories set with +.Xr setlocale 3 , +.Xr uselocale 3 , +or +.Xr newlocale 3 . .Sh SEE ALSO -.Xr bcmp 3 , -.Xr memcmp 3 , -.\" .Xr setlocale 3 , -.Xr strcasecmp 3 , +.Xr newlocale 3 , +.Xr setlocale 3 , .Xr strcmp 3 , -.Xr strcoll 3 +.Xr strcoll 3 , +.Xr strlcpy 3 , +.Xr wcsxfrm 3 .Sh STANDARDS The .Fn strxfrm function conforms to -.St -ansiC . +.St -ansiC , +and +.Fn strxfrm_l +to +.St -p1003.1-2008 . +.Sh HISTORY +The +.Fn strxfrm +function has been available since +.Bx 4.3 Reno , +and +.Fn strxfrm_l +since +.Ox 6.2 . diff --git a/src/lib/libc/string/strxfrm.c b/src/lib/libc/string/strxfrm.c index 6b258edeccd..97df097b296 100644 --- a/src/lib/libc/string/strxfrm.c +++ b/src/lib/libc/string/strxfrm.c @@ -1,3 +1,4 @@ +/* $OpenBSD: strxfrm.c,v 1.7 2015/08/31 02:53:57 guenther Exp $ */ /*- * Copyright (c) 1990 The Regents of the University of California. * All rights reserved. @@ -13,11 +14,7 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors + * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -34,10 +31,6 @@ * SUCH DAMAGE. */ -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: strxfrm.c,v 1.2 1996/08/19 08:34:29 tholo Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include /* @@ -46,28 +39,14 @@ static char *rcsid = "$OpenBSD: strxfrm.c,v 1.2 1996/08/19 08:34:29 tholo Exp $" * on the original untransformed strings would return. */ size_t -strxfrm(dst, src, n) - register char *dst; - register const char *src; - register size_t n; +strxfrm(char *dst, const char *src, size_t n) { - register size_t r = 0; - register int c; /* * Since locales are unimplemented, this is just a copy. */ - if (n != 0) { - while ((c = *src++) != 0) { - r++; - if (--n == 0) { - while (*src++ != 0) - r++; - break; - } - *dst++ = c; - } - *dst = 0; - } - return (r); + if (n == 0) + return (strlen(src)); + return (strlcpy(dst, src, n)); } +DEF_STRONG(strxfrm); diff --git a/src/lib/libc/string/strxfrm_l.c b/src/lib/libc/string/strxfrm_l.c new file mode 100644 index 00000000000..ff77947953b --- /dev/null +++ b/src/lib/libc/string/strxfrm_l.c @@ -0,0 +1,14 @@ +/* $OpenBSD: strxfrm_l.c,v 1.1 2017/09/05 03:16:14 schwarze Exp $ */ +/* + * Written in 2017 by Ingo Schwarze . + * Released into the public domain. + */ + +#include + +size_t +strxfrm_l(char *dst, const char *src, size_t n, + locale_t locale __attribute__((__unused__))) +{ + return strxfrm(dst, src, n); +} diff --git a/src/lib/libc/string/swab.3 b/src/lib/libc/string/swab.3 index 628eb6b15f8..57afdd4d792 100644 --- a/src/lib/libc/string/swab.3 +++ b/src/lib/libc/string/swab.3 @@ -9,11 +9,7 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by the University of -.\" California, Berkeley and its contributors. -.\" 4. Neither the name of the University nor the names of its contributors +.\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" @@ -29,18 +25,22 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $OpenBSD: swab.3,v 1.4 2000/01/03 22:52:59 aaron Exp $ +.\" $OpenBSD: swab.3,v 1.9 2014/12/12 20:06:13 schwarze Exp $ .\" -.Dd May 1, 1991 +.Dd $Mdocdate: December 12 2014 $ .Dt SWAB 3 .Os .Sh NAME .Nm swab .Nd swap adjacent bytes .Sh SYNOPSIS -.Fd #include +.In unistd.h .Ft void -.Fn swab "const void *src" "void *dst" "size_t len" +.Fo swab +.Fa "const void *restrict src" +.Fa "void *restrict dst" +.Fa "ssize_t len" +.Fc .Sh DESCRIPTION The function .Fn swab @@ -52,14 +52,28 @@ to the location referenced by .Fa dst , swapping adjacent bytes. .Pp -The argument +If .Fa len -must be an even number. +is zero or less, +.Nm +does nothing. +If it is odd, what happens to the last byte is unspecified. +If +.Fa src +and +.Fa dst +overlap, behaviour is undefined. .Sh SEE ALSO .Xr bzero 3 , .Xr memset 3 +.Sh STANDARDS +The +.Nm +function is compliant with the X/Open System Interfaces option of the +.St -p1003.1-2008 +specification. .Sh HISTORY -A +The .Fn swab -function appeared in +function first appeared in .At v7 . diff --git a/src/lib/libc/string/swab.c b/src/lib/libc/string/swab.c index 311cf13a531..c7d7d72ce09 100644 --- a/src/lib/libc/string/swab.c +++ b/src/lib/libc/string/swab.c @@ -1,65 +1,35 @@ +/* $OpenBSD: swab.c,v 1.9 2014/12/11 23:05:38 tedu Exp $ */ /* - * Copyright (c) 1988 Regents of the University of California. - * All rights reserved. + * Copyright (c) 2014 Ted Unangst * - * This code is derived from software contributed to Berkeley by - * Jeffrey Mogul. + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ - -#if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: swab.c,v 1.3 1998/02/10 02:19:48 deraadt Exp $"; -#endif /* LIBC_SCCS and not lint */ - #include void -swab(from, to, len) - const void *from; - void *to; - size_t len; +swab(const void *__restrict from, void *__restrict to, ssize_t len) { - register unsigned long temp; - register int n; - register char *fp, *tp; + const unsigned char *src = from; + unsigned char *dst = to; + unsigned char t0, t1; - n = (len >> 1) + 1; - fp = (char *)from; - tp = (char *)to; -#define STEP temp = *fp++,*tp++ = *fp++,*tp++ = temp - /* round to multiple of 8 */ - while ((--n) & 07) - STEP; - n >>= 3; - while (--n >= 0) { - STEP; STEP; STEP; STEP; - STEP; STEP; STEP; STEP; + while (len > 1) { + t0 = src[0]; + t1 = src[1]; + dst[0] = t1; + dst[1] = t0; + src += 2; + dst += 2; + len -= 2; } } diff --git a/src/lib/libc/string/timingsafe_bcmp.3 b/src/lib/libc/string/timingsafe_bcmp.3 new file mode 100644 index 00000000000..00da769157e --- /dev/null +++ b/src/lib/libc/string/timingsafe_bcmp.3 @@ -0,0 +1,87 @@ +.\" $OpenBSD: timingsafe_bcmp.3,v 1.2 2014/06/21 20:22:15 tedu Exp $ +.\" +.\" Copyright (c) 2014 Google Inc. +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.Dd $Mdocdate: June 21 2014 $ +.Dt TIMINGSAFE_BCMP 3 +.Os +.Sh NAME +.Nm timingsafe_bcmp , +.Nm timingsafe_memcmp +.Nd timing-safe byte sequence comparisons +.Sh SYNOPSIS +.In string.h +.Ft int +.Fn timingsafe_bcmp "const void *b1" "const void *b2" "size_t len" +.Ft int +.Fn timingsafe_memcmp "const void *b1" "const void *b2" "size_t len" +.Sh DESCRIPTION +The +.Fn timingsafe_bcmp +and +.Fn timingsafe_memcmp +functions lexicographically compare the first +.Fa len +bytes (each interpreted as an +.Vt unsigned char ) +pointed to by +.Fa b1 +and +.Fa b2 . +.Pp +Additionally, their running times are independent of the byte sequences compared, +making them safe to use for comparing secret values such as cryptographic MACs. +In contrast, +.Xr bcmp 3 +and +.Xr memcmp 3 +may short-circuit after finding the first differing byte. +.Sh RETURN VALUES +The +.Fn timingsafe_bcmp +function returns 0 or not zero if the byte sequence pointed to by +.Fa b1 +compares equal to or not equal to (respectively) +the byte sequence pointed to by +.Fa b2 . +.Pp +The +.Fn timingsafe_memcmp +function returns a negative value, 0, or positive value if the byte sequence +pointed to by +.Fa b1 +compares less than, equal to, or greater than (respectively) +the byte sequence pointed to by +.Fa b2 . +.Sh SEE ALSO +.Xr bcmp 3 , +.Xr memcmp 3 +.Sh STANDARDS +The +.Fn timingsafe_bcmp +and +.Fn timingsafe_memcmp +functions are +.Ox +extensions. +.Sh HISTORY +The +.Fn timingsafe_bcmp +function first appeared in +.Ox 4.9 . +.Pp +The +.Fn timingsafe_memcmp +function first appeared in +.Ox 5.6 . diff --git a/src/lib/libc/string/timingsafe_bcmp.c b/src/lib/libc/string/timingsafe_bcmp.c new file mode 100644 index 00000000000..0409ec32448 --- /dev/null +++ b/src/lib/libc/string/timingsafe_bcmp.c @@ -0,0 +1,30 @@ +/* $OpenBSD: timingsafe_bcmp.c,v 1.3 2015/08/31 02:53:57 guenther Exp $ */ +/* + * Copyright (c) 2010 Damien Miller. All rights reserved. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +int +timingsafe_bcmp(const void *b1, const void *b2, size_t n) +{ + const unsigned char *p1 = b1, *p2 = b2; + int ret = 0; + + for (; n > 0; n--) + ret |= *p1++ ^ *p2++; + return (ret != 0); +} +DEF_WEAK(timingsafe_bcmp); diff --git a/src/lib/libc/string/timingsafe_memcmp.c b/src/lib/libc/string/timingsafe_memcmp.c new file mode 100644 index 00000000000..373f8cb1978 --- /dev/null +++ b/src/lib/libc/string/timingsafe_memcmp.c @@ -0,0 +1,47 @@ +/* $OpenBSD: timingsafe_memcmp.c,v 1.2 2015/08/31 02:53:57 guenther Exp $ */ +/* + * Copyright (c) 2014 Google Inc. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include + +int +timingsafe_memcmp(const void *b1, const void *b2, size_t len) +{ + const unsigned char *p1 = b1, *p2 = b2; + size_t i; + int res = 0, done = 0; + + for (i = 0; i < len; i++) { + /* lt is -1 if p1[i] < p2[i]; else 0. */ + int lt = (p1[i] - p2[i]) >> CHAR_BIT; + + /* gt is -1 if p1[i] > p2[i]; else 0. */ + int gt = (p2[i] - p1[i]) >> CHAR_BIT; + + /* cmp is 1 if p1[i] > p2[i]; -1 if p1[i] < p2[i]; else 0. */ + int cmp = lt - gt; + + /* set res = cmp if !done. */ + res |= cmp & ~done; + + /* set done if p1[i] != p2[i]. */ + done |= lt | gt; + } + + return (res); +} +DEF_WEAK(timingsafe_memcmp); diff --git a/src/lib/libc/string/wcscasecmp.3 b/src/lib/libc/string/wcscasecmp.3 new file mode 100644 index 00000000000..9db4a829b90 --- /dev/null +++ b/src/lib/libc/string/wcscasecmp.3 @@ -0,0 +1,134 @@ +.\" $OpenBSD: wcscasecmp.3,v 1.5 2017/09/05 03:16:14 schwarze Exp $ +.\" +.\" Copyright (c) 1990, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" Copyright (c) 2017 Ingo Schwarze +.\" +.\" This code is derived from software contributed to Berkeley by +.\" Chris Torek. +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)strcasecmp.3 8.1 (Berkeley) 6/9/93 +.\" +.Dd $Mdocdate: September 5 2017 $ +.Dt WCSCASECMP 3 +.Os +.Sh NAME +.Nm wcscasecmp , +.Nm wcscasecmp_l , +.Nm wcsncasecmp , +.Nm wcsncasecmp_l +.Nd compare wide strings, ignoring case +.Sh SYNOPSIS +.In wchar.h +.Ft int +.Fo wcscasecmp +.Fa "const wchar_t *s1" +.Fa "const wchar_t *s2" +.Fc +.Ft int +.Fo wcscasecmp_l +.Fa "const wchar_t *s1" +.Fa "const wchar_t *s2" +.Fa "locale_t locale" +.Fc +.Ft int +.Fo wcsncasecmp +.Fa "const wchar_t *s1" +.Fa "const wchar_t *s2" +.Fa "size_t len" +.Fc +.Ft int +.Fo wcsncasecmp_l +.Fa "const wchar_t *s1" +.Fa "const wchar_t *s2" +.Fa "size_t len" +.Fa "locale_t locale" +.Fc +.Sh DESCRIPTION +These functions compare the wide strings +.Fa s1 +and +.Fa s2 +and return an integer greater than, equal to, or less than 0, +according to whether +.Fa s1 +is lexicographically greater than, equal to, or less than +.Fa s2 +after translation of each corresponding wide character to lower case. +The wide strings themselves are not modified. +.Pp +For the translation to lower case, +.Fn wcscasecmp +and +.Fn wcsncasecmp +use the thread-specific locale as defined with +.Xr uselocale 3 , +falling back to the global locale defined with +.Xr setlocale 3 . +.Fn wcscasecmp_l +and +.Fn wcsncasecmp_l +use the +.Fa locale +argument instead. +.Pp +.Fn wcsncasecmp +and +.Fn wcsncasecmp_l +compare at most +.Fa len +wide characters. +.Sh SEE ALSO +.Xr newlocale 3 , +.Xr setlocale 3 , +.Xr strcasecmp 3 , +.Xr wcscmp 3 , +.Xr wmemcmp 3 +.Sh STANDARDS +These functions conform to +.St -p1003.1-2008 . +.Sh HISTORY +The +.Fn wcscasecmp +and +.Fn wcsncasecmp +functions have been available since +.Ox 5.0 , +and +.Fn wcscasecmp_l +and +.Fn wcsncasecmp_l +since +.Ox 6.2 . +.Sh AUTHORS +The +.Ox +versions of +.Fn wcscasecmp +and +.Fn wcsncasecmp +were implemented by +.An Marc Espie Aq Mt espie@openbsd.org . diff --git a/src/lib/libc/string/wcscasecmp.c b/src/lib/libc/string/wcscasecmp.c new file mode 100644 index 00000000000..b122e720fee --- /dev/null +++ b/src/lib/libc/string/wcscasecmp.c @@ -0,0 +1,63 @@ +/* $OpenBSD: wcscasecmp.c,v 1.3 2015/09/12 16:23:14 guenther Exp $ */ + +/* + * Copyright (c) 2011 Marc Espie + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE OPENBSD PROJECT AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OPENBSD + * PROJECT OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include +#include +#include "locale/runetype.h" + +int +wcscasecmp(const wchar_t *s1, const wchar_t *s2) +{ + wchar_t l1, l2; + + while ((l1 = towlower(*s1++)) == (l2 = towlower(*s2++))) { + if (l1 == 0) + return (0); + } + /* XXX assumes wchar_t = int */ + return ((rune_t)l1 - (rune_t)l2); +} +DEF_WEAK(wcscasecmp); + +int +wcsncasecmp(const wchar_t *s1, const wchar_t *s2, size_t n) +{ + wchar_t l1, l2; + + if (n == 0) + return (0); + do { + if (((l1 = towlower(*s1++))) != (l2 = towlower(*s2++))) { + /* XXX assumes wchar_t = int */ + return ((rune_t)l1 - (rune_t)l2); + } + if (l1 == 0) + break; + } while (--n != 0); + return (0); +} +DEF_WEAK(wcsncasecmp); diff --git a/src/lib/libc/string/wcscasecmp_l.c b/src/lib/libc/string/wcscasecmp_l.c new file mode 100644 index 00000000000..35b99225c11 --- /dev/null +++ b/src/lib/libc/string/wcscasecmp_l.c @@ -0,0 +1,63 @@ +/* $OpenBSD: wcscasecmp_l.c,v 1.1 2017/09/05 03:16:14 schwarze Exp $ */ + +/* + * Copyright (c) 2011 Marc Espie + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE OPENBSD PROJECT AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OPENBSD + * PROJECT OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include +#include +#include "locale/runetype.h" + +int +wcscasecmp_l(const wchar_t *s1, const wchar_t *s2, locale_t locale) +{ + wchar_t l1, l2; + + while ((l1 = towlower_l(*s1++, locale)) == + (l2 = towlower_l(*s2++, locale))) { + if (l1 == 0) + return (0); + } + /* XXX assumes wchar_t = int */ + return ((rune_t)l1 - (rune_t)l2); +} + +int +wcsncasecmp_l(const wchar_t *s1, const wchar_t *s2, size_t n, locale_t locale) +{ + wchar_t l1, l2; + + if (n == 0) + return (0); + do { + if (((l1 = towlower_l(*s1++, locale))) != + (l2 = towlower_l(*s2++, locale))) { + /* XXX assumes wchar_t = int */ + return ((rune_t)l1 - (rune_t)l2); + } + if (l1 == 0) + break; + } while (--n != 0); + return (0); +} diff --git a/src/lib/libc/string/wcscat.3 b/src/lib/libc/string/wcscat.3 new file mode 100644 index 00000000000..9b7588cf9e7 --- /dev/null +++ b/src/lib/libc/string/wcscat.3 @@ -0,0 +1,115 @@ +.\" $OpenBSD: wcscat.3,v 1.3 2013/06/05 03:39:23 tedu Exp $ +.\" +.\" Copyright (c) 1990, 1991 The Regents of the University of California. +.\" All rights reserved. +.\" +.\" This code is derived from software contributed to Berkeley by +.\" Chris Torek and the American National Standards Committee X3, +.\" on Information Processing Systems. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd $Mdocdate: June 5 2013 $ +.Dt WCSCAT 3 +.Os +.Sh NAME +.Nm wcscat , +.Nm wcsncat +.Nd concatenate wide strings +.Sh SYNOPSIS +.In wchar.h +.Ft wchar_t * +.Fn wcscat "wchar_t * restrict s" "const wchar_t * restrict append" +.Ft wchar_t * +.Fo wcsncat +.Fa "wchar_t * restrict s" +.Fa "const wchar_t * restrict append" +.Fa "size_t count" +.Fc +.Sh DESCRIPTION +The +.Fn wcscat +and +.Fn wcsncat +functions append a copy of the wide string +.Fa append +to the end of the wide string +.Fa s , +then add a terminating null wide character (L'\e0'). +The wide string +.Fa s +must have sufficient space to hold the result. +.Pp +The +.Fn wcsncat +function appends not more than +.Fa count +wide characters where space for the terminating null wide character +should not be included in +.Fa count . +.Sh RETURN VALUES +The +.Fn wcscat +and +.Fn wcsncat +functions return the pointer +.Fa s . +.Sh SEE ALSO +.Xr strcat 3 , +.Xr strlcpy 3 , +.Xr wcscpy 3 , +.Xr wcslcpy 3 , +.Xr wmemcpy 3 , +.Xr wmemmove 3 +.Sh STANDARDS +The +.Fn wcscat +and +.Fn wcsncat +functions conform to +.St -isoC-99 +and were first introduced in +.St -isoC-amd1 . +.Sh HISTORY +The +.Fn wcscat +and +.Fn wcsncat +functions were ported from +.Nx +and first appeared in +.Ox 3.8 . +.Sh CAVEATS +Using the functions +.Fn wcscat +and +.Fn wcsncat +is very error-prone with respect to buffer overflows; +see the EXAMPLES section in +.Xr strcat 3 +for correct usage. +Using +.Xr wcslcat 3 +is a better choice in most cases. diff --git a/src/lib/libc/string/wcscat.c b/src/lib/libc/string/wcscat.c new file mode 100644 index 00000000000..0525c3cb142 --- /dev/null +++ b/src/lib/libc/string/wcscat.c @@ -0,0 +1,56 @@ +/* $OpenBSD: wcscat.c,v 1.5 2017/11/28 06:55:49 tb Exp $ */ +/* $NetBSD: wcscat.c,v 1.2 2001/01/03 14:29:36 lukem Exp $ */ + +/*- + * Copyright (c)1999 Citrus Project, + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * citrus Id: wcscat.c,v 1.1 1999/12/29 21:47:45 tshiozak Exp + */ + +#include + +#if defined(APIWARN) +__warn_references(wcscat, + "wcscat() is almost always misused, please use wcslcat()"); +#endif + +wchar_t * +wcscat(wchar_t *s1, const wchar_t *s2) +{ + wchar_t *p; + wchar_t *q; + const wchar_t *r; + + p = s1; + while (*p) + p++; + q = p; + r = s2; + while (*r) + *q++ = *r++; + *q = '\0'; + return s1; +} +DEF_STRONG(wcscat); diff --git a/src/lib/libc/string/wcschr.3 b/src/lib/libc/string/wcschr.3 new file mode 100644 index 00000000000..bb714b2099d --- /dev/null +++ b/src/lib/libc/string/wcschr.3 @@ -0,0 +1,85 @@ +.\" $OpenBSD: wcschr.3,v 1.4 2013/06/05 03:39:23 tedu Exp $ +.\" +.\" Copyright (c) 1990, 1991 The Regents of the University of California. +.\" All rights reserved. +.\" +.\" This code is derived from software contributed to Berkeley by +.\" Chris Torek and the American National Standards Committee X3, +.\" on Information Processing Systems. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd $Mdocdate: June 5 2013 $ +.Dt WCSCHR 3 +.Os +.Sh NAME +.Nm wcschr +.Nd locate first occurrence of a wide character in a wide string +.Sh SYNOPSIS +.In wchar.h +.Ft wchar_t * +.Fn wcschr "const wchar_t *s" "wchar_t c" +.Sh DESCRIPTION +The +.Fn wcschr +function locates the first occurrence of the wide character +.Fa c +in the wide string +.Fa s . +The terminating null wide character is considered part of the wide string. +If +.Fa c +is the null wide character (L'\e0'), +.Fn wcschr +locates the terminating null wide character. +.Sh RETURN VALUES +The +.Fn wcschr +function returns a pointer to the located wide character or +.Dv NULL +if the wide character does not appear in the wide string. +.Sh SEE ALSO +.Xr strchr 3 , +.Xr wcscspn 3 , +.Xr wcspbrk 3 , +.Xr wcsrchr 3 , +.Xr wcsspn 3 , +.Xr wcsstr 3 , +.Xr wcstok 3 , +.Xr wmemchr 3 +.Sh STANDARDS +The +.Fn wcschr +function conforms to +.St -isoC-99 +and was first introduced in +.St -isoC-amd1 . +.Sh HISTORY +The +.Fn wcschr +function was ported from +.Nx +and first appeared in +.Ox 3.8 . diff --git a/src/lib/libc/string/wcschr.c b/src/lib/libc/string/wcschr.c new file mode 100644 index 00000000000..709d4797bbc --- /dev/null +++ b/src/lib/libc/string/wcschr.c @@ -0,0 +1,50 @@ +/* $OpenBSD: wcschr.c,v 1.6 2015/10/01 02:32:07 guenther Exp $ */ +/* $NetBSD: wcschr.c,v 1.2 2001/01/03 14:29:36 lukem Exp $ */ + +/*- + * Copyright (c)1999 Citrus Project, + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * citrus Id: wcschr.c,v 1.2 2000/12/21 05:07:25 itojun Exp + */ + +#include + +wchar_t * +wcschr(const wchar_t *s, wchar_t c) +{ + const wchar_t *p; + + p = s; + for (;;) { + if (*p == c) { + return (wchar_t *)p; + } + if (!*p) + return NULL; + p++; + } + /* NOTREACHED */ +} +DEF_STRONG(wcschr); diff --git a/src/lib/libc/string/wcscmp.3 b/src/lib/libc/string/wcscmp.3 new file mode 100644 index 00000000000..53cd15a1f01 --- /dev/null +++ b/src/lib/libc/string/wcscmp.3 @@ -0,0 +1,92 @@ +.\" $OpenBSD: wcscmp.3,v 1.3 2013/06/05 03:39:23 tedu Exp $ +.\" +.\" Copyright (c) 1990, 1991 The Regents of the University of California. +.\" All rights reserved. +.\" +.\" This code is derived from software contributed to Berkeley by +.\" Chris Torek and the American National Standards Committee X3, +.\" on Information Processing Systems. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd $Mdocdate: June 5 2013 $ +.Dt WCSCMP 3 +.Os +.Sh NAME +.Nm wcscmp , +.Nm wcsncmp +.Nd compare wide strings +.Sh SYNOPSIS +.In wchar.h +.Ft int +.Fn wcscmp "const wchar_t *s1" "const wchar_t *s2" +.Ft int +.Fn wcsncmp "const wchar_t *s1" "const wchar_t *s2" "size_t len" +.Sh DESCRIPTION +The +.Fn wcscmp +and +.Fn wcsncmp +functions lexicographically compare the wide strings +.Fa s1 +and +.Fa s2 . +The +.Fn wcsncmp +function compares at most +.Fa len +wide characters. +.Sh RETURN VALUES +The +.Fn wcscmp +and +.Fn wcsncmp +functions return an integer greater than, equal to, or less than 0, according +to whether the wide string +.Fa s1 +is greater than, equal to, or less than the wide string +.Fa s2 . +.Sh SEE ALSO +.Xr strcmp 3 , +.Xr wcscasecmp 3 , +.Xr wmemcmp 3 +.Sh STANDARDS +The +.Fn wcscmp +and +.Fn wcsncmp +functions conform to +.St -isoC-99 +and were first introduced in +.St -isoC-amd1 . +.Sh HISTORY +The +.Fn wcscmp +and +.Fn wcsncmp +functions were ported from +.Nx +and first appeared in +.Ox 3.8 . diff --git a/src/lib/libc/string/wcscmp.c b/src/lib/libc/string/wcscmp.c new file mode 100644 index 00000000000..42d6bca3ccb --- /dev/null +++ b/src/lib/libc/string/wcscmp.c @@ -0,0 +1,52 @@ +/* $OpenBSD: wcscmp.c,v 1.5 2015/09/12 16:23:14 guenther Exp $ */ +/* $NetBSD: wcscmp.c,v 1.5 2003/08/07 16:43:54 agc Exp $ */ + +/*- + * Copyright (c) 1990, 1993 + * The Regents of the University of California. All rights reserved. + * + * This code is derived from software contributed to Berkeley by + * Chris Torek. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +#include "locale/runetype.h" + +/* + * Compare strings. + */ +int +wcscmp(const wchar_t *s1, const wchar_t *s2) +{ + + while (*s1 == *s2++) + if (*s1++ == 0) + return (0); + /* XXX assumes wchar_t = int */ + return (*(const rune_t *)s1 - *(const rune_t *)--s2); +} +DEF_STRONG(wcscmp); diff --git a/src/lib/libc/string/wcscpy.3 b/src/lib/libc/string/wcscpy.3 new file mode 100644 index 00000000000..fcf01b5c57d --- /dev/null +++ b/src/lib/libc/string/wcscpy.3 @@ -0,0 +1,129 @@ +.\" $OpenBSD: wcscpy.3,v 1.5 2016/11/12 08:58:43 jmc Exp $ +.\" +.\" Copyright (c) 1990, 1991 The Regents of the University of California. +.\" All rights reserved. +.\" +.\" This code is derived from software contributed to Berkeley by +.\" Chris Torek and the American National Standards Committee X3, +.\" on Information Processing Systems. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd $Mdocdate: November 12 2016 $ +.Dt WCSCPY 3 +.Os +.Sh NAME +.Nm wcscpy , +.Nm wcsncpy +.Nd copy wide strings +.Sh SYNOPSIS +.In wchar.h +.Ft wchar_t * +.Fn wcscpy "wchar_t * restrict dst" "const wchar_t * restrict src" +.Ft wchar_t * +.Fo wcsncpy +.Fa "wchar_t * restrict dst" +.Fa "const wchar_t * restrict src" +.Fa "size_t len" +.Fc +.Sh DESCRIPTION +The +.Fn wcscpy +and +.Fn wcsncpy +functions copy the wide string +.Fa src +to +.Fa dst +(including the terminating null wide character). +.Pp +The +.Fn wcsncpy +function copies not more than +.Fa len +wide characters to +.Fa dst , +appending null wide characters if the length of +.Fa src +is less than +.Fa len , +and +.Em not +terminating +.Fa dst +if the length of +.Fa src +is greater than or equal to +.Fa len . +.Pp +If the +.Fa src +and +.Fa dst +strings overlap, the behavior is undefined. +.Sh RETURN VALUES +The +.Fn wcscpy +and +.Fn wcsncpy +functions return +.Fa dst . +.Sh SEE ALSO +.Xr strcpy 3 , +.Xr strlcpy 3 , +.Xr wcscat 3 , +.Xr wcslcpy 3 , +.Xr wmemcpy 3 , +.Xr wmemmove 3 +.Sh STANDARDS +The +.Fn wcscpy +and +.Fn wcsncpy +functions conform to +.St -isoC-99 +and were first introduced in +.St -isoC-amd1 . +.Sh HISTORY +The +.Fn wcscpy +and +.Fn wcsncpy +functions were ported from +.Nx +and first appeared in +.Ox 3.8 . +.Sh CAVEATS +Using the functions +.Fn wcscpy +and +.Fn wcsncpy +is very error-prone with respect to buffer overflows; +see the EXAMPLES section in +.Xr strncpy 3 +for correct usage. +Using +.Xr wcslcpy 3 +is a better choice in most cases. diff --git a/src/lib/libc/string/wcscpy.c b/src/lib/libc/string/wcscpy.c new file mode 100644 index 00000000000..f7727524135 --- /dev/null +++ b/src/lib/libc/string/wcscpy.c @@ -0,0 +1,52 @@ +/* $OpenBSD: wcscpy.c,v 1.5 2017/11/28 06:55:49 tb Exp $ */ +/* $NetBSD: wcscpy.c,v 1.2 2001/01/03 14:29:36 lukem Exp $ */ + +/*- + * Copyright (c)1999 Citrus Project, + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * citrus Id: wcscpy.c,v 1.2 2000/12/21 04:51:09 itojun Exp + */ + +#include + +#if defined(APIWARN) +__warn_references(wcscpy, + "wcscpy() is almost always misused, please use wcslcpy()"); +#endif + +wchar_t * +wcscpy(wchar_t *s1, const wchar_t *s2) +{ + wchar_t *p; + const wchar_t *q; + + p = s1; + q = s2; + while (*q) + *p++ = *q++; + *p = '\0'; + + return s1; +} diff --git a/src/lib/libc/string/wcscspn.3 b/src/lib/libc/string/wcscspn.3 new file mode 100644 index 00000000000..520a7392029 --- /dev/null +++ b/src/lib/libc/string/wcscspn.3 @@ -0,0 +1,83 @@ +.\" $OpenBSD: wcscspn.3,v 1.3 2013/06/05 03:39:23 tedu Exp $ +.\" +.\" Copyright (c) 1990, 1991 The Regents of the University of California. +.\" All rights reserved. +.\" +.\" This code is derived from software contributed to Berkeley by +.\" Chris Torek and the American National Standards Committee X3, +.\" on Information Processing Systems. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd $Mdocdate: June 5 2013 $ +.Dt WCSCSPN 3 +.Os +.Sh NAME +.Nm wcscspn +.Nd span the complement of a wide string +.Sh SYNOPSIS +.In wchar.h +.Ft size_t +.Fn wcscspn "const wchar_t *s" "const wchar_t *charset" +.Sh DESCRIPTION +The +.Fn wcscspn +function spans the initial part of the wide string +.Fa s +as long as the wide characters from +.Fa s +do not occur in string +.Fa charset +(it spans the +.Em complement +of +.Fa charset ) . +.Sh RETURN VALUES +The +.Fn wcscspn +function returns the number of wide characters spanned. +.Sh SEE ALSO +.Xr strcspn 3 , +.Xr wcschr 3 , +.Xr wcspbrk 3 , +.Xr wcsrchr 3 , +.Xr wcsspn 3 , +.Xr wcsstr 3 , +.Xr wcstok 3 , +.Xr wmemchr 3 +.Sh STANDARDS +The +.Fn wcscspn +function conforms to +.St -isoC-99 +and was first introduced in +.St -isoC-amd1 . +.Sh HISTORY +The +.Fn wcscspn +function was ported from +.Nx +and first appeared in +.Ox 3.8 . diff --git a/src/lib/libc/string/wcscspn.c b/src/lib/libc/string/wcscspn.c new file mode 100644 index 00000000000..23e78ab22fc --- /dev/null +++ b/src/lib/libc/string/wcscspn.c @@ -0,0 +1,54 @@ +/* $OpenBSD: wcscspn.c,v 1.4 2015/09/12 16:23:14 guenther Exp $ */ +/* $NetBSD: wcscspn.c,v 1.2 2001/01/03 14:29:36 lukem Exp $ */ + +/*- + * Copyright (c)1999 Citrus Project, + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * citrus Id: wcscspn.c,v 1.1 1999/12/29 21:47:45 tshiozak Exp + */ + +#include + +size_t +wcscspn(const wchar_t *s, const wchar_t *set) +{ + const wchar_t *p; + const wchar_t *q; + + p = s; + while (*p) { + q = set; + while (*q) { + if (*p == *q) + goto done; + q++; + } + p++; + } + +done: + return (p - s); +} +DEF_STRONG(wcscspn); diff --git a/src/lib/libc/string/wcsdup.3 b/src/lib/libc/string/wcsdup.3 new file mode 100644 index 00000000000..588a2571db8 --- /dev/null +++ b/src/lib/libc/string/wcsdup.3 @@ -0,0 +1,97 @@ +.\" $OpenBSD: wcsdup.3,v 1.4 2011/07/25 00:38:53 schwarze Exp $ +.\" $NetBSD: wcsdup.3,v 1.3 2010/12/16 17:42:28 wiz Exp $ +.\" +.\" Copyright (c) 1990, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)strdup.3 8.1 (Berkeley) 6/9/93 +.\" +.Dd $Mdocdate: July 25 2011 $ +.Dt WCSDUP 3 +.Os +.Sh NAME +.Nm wcsdup +.Nd save a copy of a wide string +.Sh SYNOPSIS +.In wchar.h +.Ft wchar_t * +.Fn wcsdup "const wchar_t *str" +.Sh DESCRIPTION +The +.Fn wcsdup +function +allocates sufficient memory for a copy +of the wide-character string +.Fa str , +does the copy, and returns a pointer to it. +The pointer may subsequently be used as an +argument to the function +.Xr free 3 . +.Pp +If insufficient memory is available, +.Dv NULL +is returned. +.Sh EXAMPLES +The following will point +.Va p +to an allocated area of memory containing the nul-terminated string +.Qq foobar : +.Bd -literal -offset indent +const char *o = "foobar"; +wchar_t *p, b[32]; +size_t blen; + +blen = sizeof(b) / sizeof(b[0]); +if (mbstowcs(b, o, blen) == (size_t)-1) + err(1, NULL); +b[blen - 1] = 0; +if ((p = wcsdup(b)) == NULL) + err(1, NULL); +.Ed +.Sh ERRORS +The +.Fn wcsdup +function may fail and set the external variable +.Va errno +for any of the errors specified for the library function +.Xr malloc 3 . +.Sh SEE ALSO +.Xr free 3 , +.Xr malloc 3 , +.Xr strdup 3 +.Sh STANDARDS +The +.Fn wcsdup +function conforms to +.St -p1003.1-2008 . +.Sh HISTORY +The +.Fn wcsdup +function was ported from +.Nx +and first appeared in +.Ox 5.0 . diff --git a/src/lib/libc/string/wcsdup.c b/src/lib/libc/string/wcsdup.c new file mode 100644 index 00000000000..36f19186ab7 --- /dev/null +++ b/src/lib/libc/string/wcsdup.c @@ -0,0 +1,32 @@ +/* $OpenBSD: wcsdup.c,v 1.3 2015/09/12 16:23:14 guenther Exp $ */ +/* $NetBSD: wcsdup.c,v 1.3 2008/05/26 13:17:48 haad Exp $ */ + +/* + * Copyright (C) 2006 Aleksey Cheusov + * + * This material is provided "as is", with absolutely no warranty expressed + * or implied. Any use is at your own risk. + * + * Permission to use or copy this software for any purpose is hereby granted + * without fee. Permission to modify the code and to distribute modified + * code is also granted without any restrictions. + */ + +#include +#include + +wchar_t * +wcsdup(const wchar_t *str) +{ + wchar_t *copy; + size_t len; + + len = wcslen(str) + 1; + copy = reallocarray(NULL, len, sizeof(wchar_t)); + + if (!copy) + return (NULL); + + return (wmemcpy(copy, str, len)); +} +DEF_WEAK(wcsdup); diff --git a/src/lib/libc/string/wcslcat.c b/src/lib/libc/string/wcslcat.c new file mode 100644 index 00000000000..9949057df4e --- /dev/null +++ b/src/lib/libc/string/wcslcat.c @@ -0,0 +1,56 @@ +/* $OpenBSD: wcslcat.c,v 1.7 2019/01/25 00:19:25 millert Exp $ */ + +/* + * Copyright (c) 1998, 2015 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include + +/* + * Appends src to string dst of size dsize (unlike strncat, dsize is the + * full size of dst, not space left). At most dsize-1 characters + * will be copied. Always NUL terminates (unless dsize <= wcslen(dst)). + * Returns wcslen(src) + MIN(dsize, wcslen(initial dst)). + * If retval >= siz, truncation occurred. + */ +size_t +wcslcat(wchar_t *dst, const wchar_t *src, size_t dsize) +{ + const wchar_t *odst = dst; + const wchar_t *osrc = src; + size_t n = dsize; + size_t dlen; + + /* Find the end of dst and adjust bytes left but don't go past end. */ + while (n-- != 0 && *dst != L'\0') + dst++; + dlen = dst - odst; + n = dsize - dlen; + + if (n-- == 0) + return(dlen + wcslen(src)); + while (*src != L'\0') { + if (n != 0) { + *dst++ = *src; + n--; + } + src++; + } + *dst = L'\0'; + + return(dlen + (src - osrc)); /* count does not include NUL */ +} +DEF_WEAK(wcslcat); diff --git a/src/lib/libc/string/wcslcpy.3 b/src/lib/libc/string/wcslcpy.3 new file mode 100644 index 00000000000..5d8721c35aa --- /dev/null +++ b/src/lib/libc/string/wcslcpy.3 @@ -0,0 +1,153 @@ +.\" $OpenBSD: wcslcpy.3,v 1.7 2019/01/25 00:19:25 millert Exp $ +.\" +.\" Copyright (c) 1998, 2000 Todd C. Miller +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: January 25 2019 $ +.Dt WCSLCPY 3 +.Os +.Sh NAME +.Nm wcslcpy , +.Nm wcslcat +.Nd size-bounded wide string copying and concatenation +.Sh SYNOPSIS +.In wchar.h +.Ft size_t +.Fn wcslcpy "wchar_t *dst" "const wchar_t *src" "size_t size" +.Ft size_t +.Fn wcslcat "wchar_t *dst" "const wchar_t *src" "size_t size" +.Sh DESCRIPTION +The +.Fn wcslcpy +and +.Fn wcslcat +functions copy and concatenate wide strings respectively. +They are designed to be safer, more consistent, and less error prone +replacements for +.Xr wcsncpy 3 +and +.Xr wcsncat 3 . +Unlike those functions, +.Fn wcslcpy +and +.Fn wcslcat +take the full size of the buffer (not just the length) and guarantee to +terminate the result with a null wide character (as long as +.Fa size +is larger than 0 or, in the case of +.Fn wcslcat , +as long as there is at least one wide character free in +.Fa dst ) . +Note that a wide character for the null wide character should be included in +.Fa size . +Also note that +.Fn wcslcpy +and +.Fn wcslcat +only operate on wide strings that are terminated with a null wide character +(L'\e0'). +This means that for +.Fn wcslcpy +.Fa src +must be terminated with a null wide character and for +.Fn wcslcat +both +.Fa src +and +.Fa dst +must be terminated with a null wide character. +.Pp +The +.Fn wcslcpy +function copies up to +.Fa size +\(mi 1 wide characters from the wide string +.Fa src +to +.Fa dst , +terminating the result with a null wide character. +.Pp +The +.Fn wcslcat +function appends the wide string +.Fa src +to the end of +.Fa dst . +It will append at most +.Fa size +\(mi wcslen(dst) \(mi 1 wide characters, terminating the result with a null +wide character. +.Pp +If the +.Fa src +and +.Fa dst +strings overlap, the behavior is undefined. +.Sh RETURN VALUES +The +.Fn wcslcpy +and +.Fn wcslcat +functions return the total length of the wide string they tried to create. +For +.Fn wcslcpy +that means the length of +.Fa src . +For +.Fn wcslcat +that means the initial length of +.Fa dst +plus +the length of +.Fa src . +While this may seem somewhat confusing, it was done to make +truncation detection simple. +.Pp +Note, however, that if +.Fn wcslcat +traverses +.Fa size +wide characters without finding a null wide character, the length of the +string is considered to be +.Fa size +and the destination wide string will not be terminated with a null wide +character (since there was no space for it). +This keeps +.Fn wcslcat +from running off the end of a wide string. +In practice this should not happen (as it means that either +.Fa size +is incorrect or that +.Fa dst +is not terminated with a null wide character). +The check exists to prevent potential security problems in incorrect code. +.Sh SEE ALSO +.Xr strlcpy 3 , +.Xr swprintf 3 , +.Xr wcsncat 3 , +.Xr wcsncpy 3 +.Sh HISTORY +The +.Fn wcslcpy +and +.Fn wcslcat +functions first appeared in +.Ox 3.8 . +.Sh AUTHORS +The +.Fn wcslcpy +and +.Fn wcslcat +functions are based on code by +.An Todd C. Miller Aq Mt millert@openbsd.org . diff --git a/src/lib/libc/string/wcslcpy.c b/src/lib/libc/string/wcslcpy.c new file mode 100644 index 00000000000..9c433c83dc6 --- /dev/null +++ b/src/lib/libc/string/wcslcpy.c @@ -0,0 +1,51 @@ +/* $OpenBSD: wcslcpy.c,v 1.8 2019/01/25 00:19:25 millert Exp $ */ + +/* + * Copyright (c) 1998, 2015 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include + +/* + * Copy string src to buffer dst of size dsize. At most dsize-1 + * chars will be copied. Always NUL terminates (unless dsize == 0). + * Returns wcslen(src); if retval >= dsize, truncation occurred. + */ +size_t +wcslcpy(wchar_t *dst, const wchar_t *src, size_t dsize) +{ + const wchar_t *osrc = src; + size_t nleft = dsize; + + /* Copy as many bytes as will fit. */ + if (nleft != 0) { + while (--nleft != 0) { + if ((*dst++ = *src++) == L'\0') + break; + } + } + + /* Not enough room in dst, add NUL and traverse rest of src. */ + if (nleft == 0) { + if (dsize != 0) + *dst = L'\0'; /* NUL-terminate dst */ + while (*src++) + ; + } + + return(src - osrc - 1); /* count does not include NUL */ +} +DEF_WEAK(wcslcpy); diff --git a/src/lib/libc/string/wcslen.3 b/src/lib/libc/string/wcslen.3 new file mode 100644 index 00000000000..12f81763ba3 --- /dev/null +++ b/src/lib/libc/string/wcslen.3 @@ -0,0 +1,70 @@ +.\" $OpenBSD: wcslen.3,v 1.3 2013/06/05 03:39:23 tedu Exp $ +.\" +.\" Copyright (c) 1990, 1991 The Regents of the University of California. +.\" All rights reserved. +.\" +.\" This code is derived from software contributed to Berkeley by +.\" Chris Torek and the American National Standards Committee X3, +.\" on Information Processing Systems. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd $Mdocdate: June 5 2013 $ +.Dt WCSLEN 3 +.Os +.Sh NAME +.Nm wcslen +.Nd find length of a wide string +.Sh SYNOPSIS +.In wchar.h +.Ft size_t +.Fn wcslen "const wchar_t *s" +.Sh DESCRIPTION +The +.Fn wcslen +function computes the length of the wide string +.Fa s . +.Sh RETURN VALUES +The +.Fn wcslen +function returns the number of wide characters that precede the terminating +null wide character. +.Sh SEE ALSO +.Xr strlen 3 , +.Xr wcswidth 3 +.Sh STANDARDS +The +.Fn wcslen +function conforms to +.St -isoC-99 +and was first introduced in +.St -isoC-amd1 . +.Sh HISTORY +The +.Fn wcslen +function was ported from +.Nx +and first appeared in +.Ox 3.8 . diff --git a/src/lib/libc/string/wcslen.c b/src/lib/libc/string/wcslen.c new file mode 100644 index 00000000000..16d4bba1285 --- /dev/null +++ b/src/lib/libc/string/wcslen.c @@ -0,0 +1,45 @@ +/* $OpenBSD: wcslen.c,v 1.4 2015/09/12 16:23:14 guenther Exp $ */ +/* $NetBSD: wcslen.c,v 1.2 2001/01/03 14:29:36 lukem Exp $ */ + +/*- + * Copyright (c)1999 Citrus Project, + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * citrus Id: wcslen.c,v 1.1 1999/12/29 21:47:45 tshiozak Exp + */ + +#include + +size_t +wcslen(const wchar_t *s) +{ + const wchar_t *p; + + p = s; + while (*p) + p++; + + return p - s; +} +DEF_STRONG(wcslen); diff --git a/src/lib/libc/string/wcsncat.c b/src/lib/libc/string/wcsncat.c new file mode 100644 index 00000000000..2b4b9f0d491 --- /dev/null +++ b/src/lib/libc/string/wcsncat.c @@ -0,0 +1,53 @@ +/* $OpenBSD: wcsncat.c,v 1.4 2015/09/12 16:23:14 guenther Exp $ */ +/* $NetBSD: wcsncat.c,v 1.2 2001/01/03 14:29:36 lukem Exp $ */ + +/*- + * Copyright (c)1999 Citrus Project, + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * citrus Id: wcsncat.c,v 1.1 1999/12/29 21:47:45 tshiozak Exp + */ + +#include + +wchar_t * +wcsncat(wchar_t *s1, const wchar_t *s2, size_t n) +{ + wchar_t *p; + wchar_t *q; + const wchar_t *r; + + p = s1; + while (*p) + p++; + q = p; + r = s2; + while (*r && n) { + *q++ = *r++; + n--; + } + *q = '\0'; + return s1; +} +DEF_STRONG(wcsncat); diff --git a/src/lib/libc/string/wcsncmp.c b/src/lib/libc/string/wcsncmp.c new file mode 100644 index 00000000000..bdaab33e4cb --- /dev/null +++ b/src/lib/libc/string/wcsncmp.c @@ -0,0 +1,53 @@ +/* $OpenBSD: wcsncmp.c,v 1.5 2015/09/12 16:23:14 guenther Exp $ */ +/* $NetBSD: wcsncmp.c,v 1.5 2003/08/07 16:43:54 agc Exp $ */ + +/* + * Copyright (c) 1989, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +#include "locale/runetype.h" + +int +wcsncmp(const wchar_t *s1, const wchar_t *s2, size_t n) +{ + + if (n == 0) + return (0); + do { + if (*s1 != *s2++) { + /* XXX assumes wchar_t = int */ + return (*(const rune_t *)s1 - + *(const rune_t *)--s2); + } + if (*s1++ == 0) + break; + } while (--n != 0); + return (0); +} +DEF_STRONG(wcsncmp); diff --git a/src/lib/libc/string/wcsncpy.c b/src/lib/libc/string/wcsncpy.c new file mode 100644 index 00000000000..1be482b1140 --- /dev/null +++ b/src/lib/libc/string/wcsncpy.c @@ -0,0 +1,51 @@ +/* $OpenBSD: wcsncpy.c,v 1.5 2015/09/12 16:23:14 guenther Exp $ */ +/* $NetBSD: wcsncpy.c,v 1.2 2001/01/03 14:29:37 lukem Exp $ */ + +/*- + * Copyright (c)1999 Citrus Project, + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * citrus Id: wcsncpy.c,v 1.1 1999/12/29 21:47:45 tshiozak Exp + */ + +#include + +wchar_t * +wcsncpy(wchar_t *s1, const wchar_t *s2, size_t n) +{ + wchar_t *p; + + p = s1; + while (n && *s2) { + *p++ = *s2++; + n--; + } + while (n) { + *p++ = L'\0'; + n--; + } + + return s1; +} +DEF_STRONG(wcsncpy); diff --git a/src/lib/libc/string/wcspbrk.3 b/src/lib/libc/string/wcspbrk.3 new file mode 100644 index 00000000000..602bfdc3d6e --- /dev/null +++ b/src/lib/libc/string/wcspbrk.3 @@ -0,0 +1,81 @@ +.\" $OpenBSD: wcspbrk.3,v 1.3 2013/06/05 03:39:23 tedu Exp $ +.\" +.\" Copyright (c) 1990, 1991 The Regents of the University of California. +.\" All rights reserved. +.\" +.\" This code is derived from software contributed to Berkeley by +.\" Chris Torek and the American National Standards Committee X3, +.\" on Information Processing Systems. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd $Mdocdate: June 5 2013 $ +.Dt WCSPBRK 3 +.Os +.Sh NAME +.Nm wcspbrk +.Nd locate multiple wide characters in a wide string +.Sh SYNOPSIS +.In wchar.h +.Ft wchar_t * +.Fn wcspbrk "const wchar_t *s" "const wchar_t *charset" +.Sh DESCRIPTION +The +.Fn wcspbrk +function locates in the wide string +.Fa s +the first occurrence of any wide character in the wide string +.Fa charset +and returns a pointer to this wide character. +If no wide characters from +.Fa charset +occur anywhere in +.Fa s , +.Fn wcspbrk +returns +.Dv NULL . +.Sh SEE ALSO +.Xr strpbrk 3 , +.Xr wcschr 3 , +.Xr wcscspn 3 , +.Xr wcsrchr 3 , +.Xr wcsspn 3 , +.Xr wcsstr 3 , +.Xr wcstok 3 , +.Xr wmemchr 3 +.Sh STANDARDS +The +.Fn wcspbrk +function conforms to +.St -isoC-99 +and was first introduced in +.St -isoC-amd1 . +.Sh HISTORY +The +.Fn wcspbrk +function was ported from +.Nx +and first appeared in +.Ox 3.8 . diff --git a/src/lib/libc/string/wcspbrk.c b/src/lib/libc/string/wcspbrk.c new file mode 100644 index 00000000000..f398fd92abb --- /dev/null +++ b/src/lib/libc/string/wcspbrk.c @@ -0,0 +1,53 @@ +/* $OpenBSD: wcspbrk.c,v 1.5 2015/10/01 02:32:07 guenther Exp $ */ +/* $NetBSD: wcspbrk.c,v 1.2 2001/01/03 14:29:37 lukem Exp $ */ + +/*- + * Copyright (c)1999 Citrus Project, + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * citrus Id: wcspbrk.c,v 1.2 2000/12/21 05:07:25 itojun Exp + */ + +#include + +wchar_t * +wcspbrk(const wchar_t *s, const wchar_t *set) +{ + const wchar_t *p; + const wchar_t *q; + + p = s; + while (*p) { + q = set; + while (*q) { + if (*p == *q) { + return (wchar_t *)p; + } + q++; + } + p++; + } + return NULL; +} +DEF_STRONG(wcspbrk); diff --git a/src/lib/libc/string/wcsrchr.3 b/src/lib/libc/string/wcsrchr.3 new file mode 100644 index 00000000000..d4a2e7cf787 --- /dev/null +++ b/src/lib/libc/string/wcsrchr.3 @@ -0,0 +1,85 @@ +.\" $OpenBSD: wcsrchr.3,v 1.3 2013/06/05 03:39:23 tedu Exp $ +.\" +.\" Copyright (c) 1990, 1991 The Regents of the University of California. +.\" All rights reserved. +.\" +.\" This code is derived from software contributed to Berkeley by +.\" Chris Torek and the American National Standards Committee X3, +.\" on Information Processing Systems. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd $Mdocdate: June 5 2013 $ +.Dt WCSRCHR 3 +.Os +.Sh NAME +.Nm wcsrchr +.Nd locate last occurrence of a wide character in a wide string +.Sh SYNOPSIS +.In wchar.h +.Ft wchar_t * +.Fn wcsrchr "const wchar_t *s" "wchar_t c" +.Sh DESCRIPTION +The +.Fn wcsrchr +function locates the last occurrence of the wide character +.Fa c +in the wide string +.Fa s . +The terminating null wide character is considered part of the wide string. +If +.Fa c +is the null wide character (L'\e0'), +.Fn wcsrchr +locates the terminating null wide character. +.Sh RETURN VALUES +The +.Fn wcsrchr +function returns a pointer to the located wide character or +.Dv NULL +if the wide character does not appear in the wide string. +.Sh SEE ALSO +.Xr strrchr 3 , +.Xr wcschr 3 , +.Xr wcscspn 3 , +.Xr wcspbrk 3 , +.Xr wcsspn 3 , +.Xr wcsstr 3 , +.Xr wcstok 3 , +.Xr wmemchr 3 +.Sh STANDARDS +The +.Fn wcsrchr +function conforms to +.St -isoC-99 +and was first introduced in +.St -isoC-amd1 . +.Sh HISTORY +The +.Fn wcsrchr +function was ported from +.Nx +and first appeared in +.Ox 3.8 . diff --git a/src/lib/libc/string/wcsrchr.c b/src/lib/libc/string/wcsrchr.c new file mode 100644 index 00000000000..aa936de508d --- /dev/null +++ b/src/lib/libc/string/wcsrchr.c @@ -0,0 +1,50 @@ +/* $OpenBSD: wcsrchr.c,v 1.5 2015/10/01 02:32:07 guenther Exp $ */ +/* $NetBSD: wcsrchr.c,v 1.2 2001/01/03 14:29:37 lukem Exp $ */ + +/*- + * Copyright (c)1999 Citrus Project, + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * citrus Id: wcsrchr.c,v 1.2 2000/12/21 05:07:25 itojun Exp + */ + +#include + +wchar_t * +wcsrchr(const wchar_t *s, wchar_t c) +{ + const wchar_t *p; + + p = s; + while (*p) + p++; + while (s <= p) { + if (*p == c) { + return (wchar_t *)p; + } + p--; + } + return NULL; +} +DEF_STRONG(wcsrchr); diff --git a/src/lib/libc/string/wcsspn.3 b/src/lib/libc/string/wcsspn.3 new file mode 100644 index 00000000000..3be82344dd5 --- /dev/null +++ b/src/lib/libc/string/wcsspn.3 @@ -0,0 +1,79 @@ +.\" $OpenBSD: wcsspn.3,v 1.3 2013/06/05 03:39:23 tedu Exp $ +.\" +.\" Copyright (c) 1990, 1991 The Regents of the University of California. +.\" All rights reserved. +.\" +.\" This code is derived from software contributed to Berkeley by +.\" Chris Torek and the American National Standards Committee X3, +.\" on Information Processing Systems. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd $Mdocdate: June 5 2013 $ +.Dt WCSSPN 3 +.Os +.Sh NAME +.Nm wcsspn +.Nd span a wide string +.Sh SYNOPSIS +.In wchar.h +.Ft size_t +.Fn wcsspn "const wchar_t *s" "const wchar_t *charset" +.Sh DESCRIPTION +The +.Fn wcsspn +function spans the initial part of the wide string +.Fa s +as long as the wide characters from +.Fa s +occur in the wide string +.Fa charset . +.Sh RETURN VALUES +The +.Fn wcsspn +function returns the number of wide characters spanned. +.Sh SEE ALSO +.Xr strspn 3 , +.Xr wcschr 3 , +.Xr wcscspn 3 , +.Xr wcspbrk 3 , +.Xr wcsrchr 3 , +.Xr wcsstr 3 , +.Xr wcstok 3 , +.Xr wmemchr 3 +.Sh STANDARDS +The +.Fn wcsspn +function conforms to +.St -isoC-99 +and was first introduced in +.St -isoC-amd1 . +.Sh HISTORY +The +.Fn wcsspn +function was ported from +.Nx +and first appeared in +.Ox 3.8 . diff --git a/src/lib/libc/string/wcsspn.c b/src/lib/libc/string/wcsspn.c new file mode 100644 index 00000000000..a3f28e3a49b --- /dev/null +++ b/src/lib/libc/string/wcsspn.c @@ -0,0 +1,56 @@ +/* $OpenBSD: wcsspn.c,v 1.4 2015/09/12 16:23:14 guenther Exp $ */ +/* $NetBSD: wcsspn.c,v 1.3 2001/09/21 16:09:15 yamt Exp $ */ + +/*- + * Copyright (c)1999,2001 Citrus Project, + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Citrus: xpg4dl/FreeBSD/lib/libc/string/wcsspn.c,v 1.3 2001/09/21 16:06:43 yamt Exp $ + */ + +#include + +size_t +wcsspn(const wchar_t *s, const wchar_t *set) +{ + const wchar_t *p; + const wchar_t *q; + + p = s; + while (*p) { + q = set; + while (*q) { + if (*p == *q) + break; + q++; + } + if (!*q) + goto done; + p++; + } + +done: + return (p - s); +} +DEF_STRONG(wcsspn); diff --git a/src/lib/libc/string/wcsstr.3 b/src/lib/libc/string/wcsstr.3 new file mode 100644 index 00000000000..203a76ded37 --- /dev/null +++ b/src/lib/libc/string/wcsstr.3 @@ -0,0 +1,88 @@ +.\" $OpenBSD: wcsstr.3,v 1.3 2013/06/05 03:39:23 tedu Exp $ +.\" +.\" Copyright (c) 1990, 1991 The Regents of the University of California. +.\" All rights reserved. +.\" +.\" This code is derived from software contributed to Berkeley by +.\" Chris Torek and the American National Standards Committee X3, +.\" on Information Processing Systems. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd $Mdocdate: June 5 2013 $ +.Dt WCSSTR 3 +.Os +.Sh NAME +.Nm wcsstr +.Nd locate a wide substring in a wide string +.Sh SYNOPSIS +.In wchar.h +.Ft wchar_t * +.Fn wcsstr "const wchar_t *big" "const wchar_t *little" +.Sh DESCRIPTION +The +.Fn wcsstr +function locates the first occurrence of the wide string +.Fa little +in the wide string +.Fa big . +.Pp +If +.Fa little +is an empty wide string, +.Fa big +is returned; +if +.Fa little +occurs nowhere in +.Fa big , +.Dv NULL +is returned; +otherwise a pointer to the first wide character of the first occurrence of +.Fa little +is returned. +.Sh SEE ALSO +.Xr strstr 3 , +.Xr wcschr 3 , +.Xr wcscspn 3 , +.Xr wcspbrk 3 , +.Xr wcsrchr 3 , +.Xr wcsspn 3 , +.Xr wcstok 3 , +.Xr wmemchr 3 +.Sh STANDARDS +The +.Fn wcsstr +function conforms to +.St -isoC-99 +and was first introduced in +.St -isoC-amd1 . +.Sh HISTORY +The +.Fn wcsstr +function was ported from +.Nx +and first appeared in +.Ox 3.8 . diff --git a/src/lib/libc/string/wcsstr.c b/src/lib/libc/string/wcsstr.c new file mode 100644 index 00000000000..6a7b0dac4ac --- /dev/null +++ b/src/lib/libc/string/wcsstr.c @@ -0,0 +1,71 @@ +/* $OpenBSD: wcsstr.c,v 1.5 2015/10/01 02:32:07 guenther Exp $ */ +/* $NetBSD: wcsstr.c,v 1.3 2003/03/05 20:18:17 tshiozak Exp $ */ + +/*- + * Copyright (c)1999 Citrus Project, + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * citrus Id: wcsstr.c,v 1.2 2000/12/21 05:07:25 itojun Exp + */ + +#include + +wchar_t * +#ifdef WCSWCS +wcswcs(const wchar_t *big, const wchar_t *little) +#else +wcsstr(const wchar_t *big, const wchar_t *little) +#endif +{ + const wchar_t *p; + const wchar_t *q; + const wchar_t *r; + + if (!*little) { + return (wchar_t *)big; + } + if (wcslen(big) < wcslen(little)) + return NULL; + + p = big; + q = little; + while (*p) { + q = little; + r = p; + while (*q) { + if (*r != *q) + break; + q++; + r++; + } + if (!*q) { + return (wchar_t *)p; + } + p++; + } + return NULL; +} +#ifndef WCSWCS +DEF_STRONG(wcsstr); +#endif diff --git a/src/lib/libc/string/wcstok.3 b/src/lib/libc/string/wcstok.3 new file mode 100644 index 00000000000..33ba1318a12 --- /dev/null +++ b/src/lib/libc/string/wcstok.3 @@ -0,0 +1,151 @@ +.\" $OpenBSD: wcstok.3,v 1.7 2011/07/25 00:38:53 schwarze Exp $ +.\" +.\" $NetBSD: wcstok.3,v 1.3 2003/09/08 17:54:33 wiz Exp $ +.\" +.\" Copyright (c) 1998 Softweyr LLC. All rights reserved. +.\" +.\" strtok_r, from Berkeley strtok +.\" Oct 13, 1998 by Wes Peters +.\" +.\" Copyright (c) 1988, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" This code is derived from software contributed to Berkeley by +.\" the American National Standards Committee X3, on Information +.\" Processing Systems. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notices, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above +.\" copyright notices, this list of conditions and the following +.\" disclaimer in the documentation and/or other materials provided +.\" with the distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgement: +.\" +.\" This product includes software developed by Softweyr LLC, the +.\" University of California, Berkeley, and its contributors. +.\" +.\" 4. Neither the name of Softweyr LLC, the University nor the names +.\" of its contributors may be used to endorse or promote products +.\" derived from this software without specific prior written +.\" permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY SOFTWEYR LLC, THE REGENTS AND +.\" CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, +.\" INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +.\" DISCLAIMED. IN NO EVENT SHALL SOFTWEYR LLC, THE REGENTS, OR +.\" CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF +.\" USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +.\" ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +.\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT +.\" OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" Original version ID: +.\" FreeBSD: src/lib/libc/string/wcstok.3,v 1.4 2002/10/15 09:49:54 tjr Exp +.\" +.Dd $Mdocdate: July 25 2011 $ +.Dt WCSTOK 3 +.Os +.Sh NAME +.Nm wcstok +.Nd split wide-character string into tokens +.Sh SYNOPSIS +.In wchar.h +.Ft wchar_t * +.Fn wcstok "wchar_t * restrict str" "const wchar_t * restrict sep" "wchar_t ** restrict last" +.Sh DESCRIPTION +The +.Fn wcstok +function +is used to isolate sequential tokens in a NUL-terminated wide-character +string, +.Fa str . +These tokens are separated in the string by at least one of the +characters in +.Fa sep . +The first time that +.Fn wcstok +is called, +.Fa str +should be specified; subsequent calls, wishing to obtain further tokens +from the same string, should pass a null pointer instead. +The separator string, +.Fa sep , +must be supplied each time, and may change between calls. +The context pointer +.Fa last +must be provided on each call. +.Pp +The +.Fn wcstok +function is the wide-character counterpart of the +.Xr strtok_r 3 +function. +.Pp +Since +.Fn wcstok +modifies the string, +.Fa str +should not point to an area in the initialized data segment. +.Sh RETURN VALUES +The +.Fn wcstok +function +returns a pointer to the beginning of each subsequent token in the string, +after replacing the token itself with a NUL wide character (L'\e0'). +When no more tokens remain, a null pointer is returned. +.Sh EXAMPLES +The following code fragment splits a wide-character string on +.Tn ASCII +space, tab, and newline characters and writes the tokens to +standard output: +.Bd -literal -offset indent +const wchar_t *seps = L" \et\en"; +wchar_t *last, *tok, text[] = L" \enone\ettwo\et\etthree \en"; + +for (tok = wcstok(text, seps, &last); tok != NULL; + tok = wcstok(NULL, seps, &last)) + wprintf(L"%ls\en", tok); +.Ed +.Sh SEE ALSO +.Xr strtok 3 , +.Xr wcschr 3 , +.Xr wcscspn 3 , +.Xr wcspbrk 3 , +.Xr wcsrchr 3 , +.Xr wcsspn 3 , +.Xr wcsstr 3 , +.Xr wmemchr 3 +.Sh STANDARDS +The +.Fn wcstok +function +conforms to +.St -isoC-99 . +.Sh HISTORY +The +.Fn wcstok +function was ported from +.Nx +and first appeared in +.Ox 3.8 . +.Pp +Some early implementations of +.Fn wcstok +omit the +context pointer argument, +.Fa last , +and maintain state across calls in a static variable like +.Xr strtok 3 +does. diff --git a/src/lib/libc/string/wcstok.c b/src/lib/libc/string/wcstok.c new file mode 100644 index 00000000000..bc1ac3e8cbd --- /dev/null +++ b/src/lib/libc/string/wcstok.c @@ -0,0 +1,93 @@ +/* $OpenBSD: wcstok.c,v 1.3 2005/08/08 08:05:37 espie Exp $ */ +/* $NetBSD: wcstok.c,v 1.3 2003/07/10 08:50:48 tshiozak Exp $ */ + +/*- + * Copyright (c) 1998 Softweyr LLC. All rights reserved. + * + * strtok_r, from Berkeley strtok + * Oct 13, 1998 by Wes Peters + * + * Copyright (c) 1988, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notices, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notices, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Softweyr LLC, the + * University of California, Berkeley, and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY SOFTWEYR LLC, THE REGENTS AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL SOFTWEYR LLC, THE + * REGENTS, OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * Original version ID: + * FreeBSD: src/lib/libc/string/wcstok.c,v 1.1 2002/09/07 08:16:57 tjr Exp + */ + +#include + +wchar_t * +wcstok(wchar_t * __restrict s, const wchar_t * __restrict delim, + wchar_t ** __restrict last) +{ + const wchar_t *spanp; + wchar_t c, sc; + wchar_t *tok; + + if (s == NULL && (s = *last) == NULL) + return (NULL); + + /* + * Skip (span) leading delimiters (s += wcsspn(s, delim), sort of). + */ +cont: + c = *s++; + for (spanp = delim; (sc = *spanp++) != L'\0';) { + if (c == sc) + goto cont; + } + + if (c == L'\0') { /* no non-delimiter characters */ + *last = NULL; + return (NULL); + } + tok = s - 1; + + /* + * Scan token (scan for delimiters: s += wcscspn(s, delim), sort of). + * Note that delim must have one NUL; we stop if we see that, too. + */ + for (;;) { + c = *s++; + spanp = delim; + do { + if ((sc = *spanp++) == c) { + if (c == L'\0') + s = NULL; + else + s[-1] = L'\0'; + *last = s; + return (tok); + } + } while (sc != L'\0'); + } + /* NOTREACHED */ +} diff --git a/src/lib/libc/string/wcswcs.c b/src/lib/libc/string/wcswcs.c new file mode 100644 index 00000000000..bd35605547a --- /dev/null +++ b/src/lib/libc/string/wcswcs.c @@ -0,0 +1,5 @@ +/* $OpenBSD: wcswcs.c,v 1.1 2005/04/13 16:35:58 espie Exp $ */ +/* $NetBSD: wcswcs.c,v 1.1 2003/03/05 20:18:17 tshiozak Exp $ */ + +#define WCSWCS +#include "wcsstr.c" diff --git a/src/lib/libc/string/wcswidth.3 b/src/lib/libc/string/wcswidth.3 new file mode 100644 index 00000000000..a2a5b2df862 --- /dev/null +++ b/src/lib/libc/string/wcswidth.3 @@ -0,0 +1,69 @@ +.\" $OpenBSD: wcswidth.3,v 1.2 2011/07/25 00:38:53 schwarze Exp $ +.\" +.\" Copyright (c) 2002 Tim J. Robbins +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd $Mdocdate: July 25 2011 $ +.Dt WCSWIDTH 3 +.Os +.Sh NAME +.Nm wcswidth +.Nd number of column positions in wide-character string +.Sh SYNOPSIS +.In wchar.h +.Ft int +.Fn wcswidth "const wchar_t *pwcs" "size_t n" +.Sh DESCRIPTION +The +.Fn wcswidth +function determines the number of column positions required for the first +.Fa n +characters of +.Fa pwcs , +or until a null wide character (L'\e0') is encountered. +.Sh RETURN VALUES +The +.Fn wcswidth +function returns 0 if +.Fa pwcs +is an empty string (L""), +\-1 if a non-printing wide character is encountered, +otherwise it returns the number of column positions occupied. +.Sh SEE ALSO +.Xr iswprint 3 , +.Xr strlen 3 , +.Xr wcslen 3 , +.Xr wcwidth 3 +.Sh STANDARDS +The +.Fn wcswidth +function conforms to +.St -p1003.1-2001 . +.Sh HISTORY +The +.Fn wcswidth +function was ported from +.Nx +and first appeared in +.Ox 3.8 . diff --git a/src/lib/libc/string/wcswidth.c b/src/lib/libc/string/wcswidth.c new file mode 100644 index 00000000000..9f003f96c74 --- /dev/null +++ b/src/lib/libc/string/wcswidth.c @@ -0,0 +1,51 @@ +/* $OpenBSD: wcswidth.c,v 1.5 2015/09/12 16:23:14 guenther Exp $ */ +/* $NetBSD: wcswidth.c,v 1.2 2001/01/03 14:29:37 lukem Exp $ */ + +/*- + * Copyright (c)1999 Citrus Project, + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * citrus Id: wcswidth.c,v 1.1 1999/12/29 21:47:45 tshiozak Exp + */ + +#include + +int +wcswidth(const wchar_t *s, size_t n) +{ + int w, q; + + w = 0; + while (n && *s) { + q = wcwidth(*s); + if (q == -1) + return (-1); + w += q; + s++; + n--; + } + + return w; +} +DEF_WEAK(wcswidth); diff --git a/src/lib/libc/string/wmemchr.3 b/src/lib/libc/string/wmemchr.3 new file mode 100644 index 00000000000..17fbc9dbc52 --- /dev/null +++ b/src/lib/libc/string/wmemchr.3 @@ -0,0 +1,81 @@ +.\" $OpenBSD: wmemchr.3,v 1.10 2013/06/05 03:39:23 tedu Exp $ +.\" +.\" Copyright (c) 1990, 1991 The Regents of the University of California. +.\" All rights reserved. +.\" +.\" This code is derived from software contributed to Berkeley by +.\" Chris Torek and the American National Standards Committee X3, +.\" on Information Processing Systems. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd $Mdocdate: June 5 2013 $ +.Dt WMEMCHR 3 +.Os +.Sh NAME +.Nm wmemchr +.Nd locate wide character in wide string +.Sh SYNOPSIS +.In wchar.h +.Ft wchar_t * +.Fn wmemchr "const wchar_t *b" "wchar_t c" "size_t len" +.Sh DESCRIPTION +The +.Fn wmemchr +function locates the first occurrence of +.Fa c +in wide string +.Fa b . +.Sh RETURN VALUES +The +.Fn wmemchr +function returns a pointer to the wide character located, or +.Dv NULL +if no such wide character exists within +.Fa len +wide characters. +.Sh SEE ALSO +.Xr memchr 3 , +.Xr wcschr 3 , +.Xr wcscspn 3 , +.Xr wcspbrk 3 , +.Xr wcsrchr 3 , +.Xr wcsspn 3 , +.Xr wcsstr 3 , +.Xr wcstok 3 +.Sh STANDARDS +The +.Fn wmemchr +function conforms to +.St -isoC-99 +and was first introduced in +.St -isoC-amd1 . +.Sh HISTORY +The +.Fn wmemchr +function was ported from +.Nx +and first appeared in +.Ox 3.8 . diff --git a/src/lib/libc/string/wmemchr.c b/src/lib/libc/string/wmemchr.c new file mode 100644 index 00000000000..556a0b35ccc --- /dev/null +++ b/src/lib/libc/string/wmemchr.c @@ -0,0 +1,47 @@ +/* $OpenBSD: wmemchr.c,v 1.5 2015/10/01 02:32:07 guenther Exp $ */ +/* $NetBSD: wmemchr.c,v 1.2 2001/01/03 14:29:37 lukem Exp $ */ + +/*- + * Copyright (c)1999 Citrus Project, + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * citrus Id: wmemchr.c,v 1.2 2000/12/20 14:08:31 itojun Exp + */ + +#include + +wchar_t * +wmemchr(const wchar_t *s, wchar_t c, size_t n) +{ + size_t i; + + for (i = 0; i < n; i++) { + if (*s == c) { + return (wchar_t *)s; + } + s++; + } + return NULL; +} +DEF_STRONG(wmemchr); diff --git a/src/lib/libc/string/wmemcmp.3 b/src/lib/libc/string/wmemcmp.3 new file mode 100644 index 00000000000..bd8ddfd120e --- /dev/null +++ b/src/lib/libc/string/wmemcmp.3 @@ -0,0 +1,78 @@ +.\" $OpenBSD: wmemcmp.3,v 1.3 2013/06/05 03:39:23 tedu Exp $ +.\" +.\" Copyright (c) 1990, 1991 The Regents of the University of California. +.\" All rights reserved. +.\" +.\" This code is derived from software contributed to Berkeley by +.\" Chris Torek and the American National Standards Committee X3, +.\" on Information Processing Systems. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd $Mdocdate: June 5 2013 $ +.Dt WMEMCMP 3 +.Os +.Sh NAME +.Nm wmemcmp +.Nd compare wide strings +.Sh SYNOPSIS +.In wchar.h +.Ft int +.Fn wmemcmp "const wchar_t *s1" "const wchar_t *s2" "size_t len" +.Sh DESCRIPTION +The +.Fn wmemcmp +function compares the wide string +.Fa s1 +against the wide string +.Fa s2 . +Both wide strings are assumed to be +.Fa len +wide characters long. +.Sh RETURN VALUES +The +.Fn wmemcmp +function returns zero if the two wide strings are identical, +otherwise the difference between the first two differing wide characters is +returned. +Zero-length wide strings are always identical. +.Sh SEE ALSO +.Xr memcmp 3 , +.Xr wcscasecmp 3 , +.Xr wcscmp 3 +.Sh STANDARDS +The +.Fn wmemcmp +function conforms to +.St -isoC-99 +and was first introduced in +.St -isoC-amd1 . +.Sh HISTORY +The +.Fn wmemcmp +function was ported from +.Nx +and first appeared in +.Ox 3.8 . diff --git a/src/lib/libc/string/wmemcmp.c b/src/lib/libc/string/wmemcmp.c new file mode 100644 index 00000000000..46617e29cf4 --- /dev/null +++ b/src/lib/libc/string/wmemcmp.c @@ -0,0 +1,51 @@ +/* $OpenBSD: wmemcmp.c,v 1.5 2015/09/12 16:23:14 guenther Exp $ */ +/* $NetBSD: wmemcmp.c,v 1.3 2003/04/06 18:33:23 tshiozak Exp $ */ + +/*- + * Copyright (c)1999 Citrus Project, + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * citrus Id: wmemcmp.c,v 1.2 2000/12/20 14:08:31 itojun Exp + */ + +#include +#include "locale/runetype.h" + +int +wmemcmp(const wchar_t *s1, const wchar_t *s2, size_t n) +{ + size_t i; + + for (i = 0; i < n; i++) { + if (*s1 != *s2) { + /* wchar might be unsigned */ + return *(const rune_t *)s1 > + *(const rune_t *)s2 ? 1 : -1; + } + s1++; + s2++; + } + return 0; +} +DEF_STRONG(wmemcmp); diff --git a/src/lib/libc/string/wmemcpy.3 b/src/lib/libc/string/wmemcpy.3 new file mode 100644 index 00000000000..2a6d528a1a6 --- /dev/null +++ b/src/lib/libc/string/wmemcpy.3 @@ -0,0 +1,79 @@ +.\" $OpenBSD: wmemcpy.3,v 1.5 2013/06/05 03:39:23 tedu Exp $ +.\" +.\" Copyright (c) 1990, 1991 The Regents of the University of California. +.\" All rights reserved. +.\" +.\" This code is derived from software contributed to Berkeley by +.\" Chris Torek and the American National Standards Committee X3, +.\" on Information Processing Systems. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd $Mdocdate: June 5 2013 $ +.Dt WMEMCPY 3 +.Os +.Sh NAME +.Nm wmemcpy +.Nd copy wide characters +.Sh SYNOPSIS +.In wchar.h +.Ft wchar_t * +.Fn wmemcpy "wchar_t * restrict dst" "const wchar_t * restrict src" "size_t len" +.Sh DESCRIPTION +The +.Fn wmemcpy +function copies +.Fa len +wide characters from buffer +.Fa src +to buffer +.Fa dst . +If the two buffers may overlap, +.Xr wmemmove 3 +must be used instead. +.Sh RETURN VALUES +The +.Fn wmemcpy +function returns the original value of +.Fa dst . +.Sh SEE ALSO +.Xr memcpy 3 , +.Xr wcscpy 3 , +.Xr wcslcpy 3 , +.Xr wmemmove 3 +.Sh STANDARDS +The +.Fn wmemcpy +function conforms to +.St -isoC-99 +and was first introduced in +.St -isoC-amd1 . +.Sh HISTORY +The +.Fn wmemcpy +function was ported from +.Nx +and first appeared in +.Ox 3.8 . diff --git a/src/lib/libc/string/wmemcpy.c b/src/lib/libc/string/wmemcpy.c new file mode 100644 index 00000000000..cf02ab9d566 --- /dev/null +++ b/src/lib/libc/string/wmemcpy.c @@ -0,0 +1,41 @@ +/* $OpenBSD: wmemcpy.c,v 1.4 2015/09/12 16:23:14 guenther Exp $ */ +/* $NetBSD: wmemcpy.c,v 1.2 2001/01/03 14:29:37 lukem Exp $ */ + +/*- + * Copyright (c)1999 Citrus Project, + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * citrus Id: wmemcpy.c,v 1.2 2000/12/20 14:08:31 itojun Exp + */ + +#include +#include + +wchar_t * +wmemcpy(wchar_t *d, const wchar_t *s, size_t n) +{ + + return (wchar_t *)memcpy(d, s, n * sizeof(wchar_t)); +} +DEF_STRONG(wmemcpy); diff --git a/src/lib/libc/string/wmemmove.3 b/src/lib/libc/string/wmemmove.3 new file mode 100644 index 00000000000..46942e7928b --- /dev/null +++ b/src/lib/libc/string/wmemmove.3 @@ -0,0 +1,78 @@ +.\" $OpenBSD: wmemmove.3,v 1.3 2013/06/05 03:39:23 tedu Exp $ +.\" +.\" Copyright (c) 1990, 1991 The Regents of the University of California. +.\" All rights reserved. +.\" +.\" This code is derived from software contributed to Berkeley by +.\" Chris Torek and the American National Standards Committee X3, +.\" on Information Processing Systems. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd $Mdocdate: June 5 2013 $ +.Dt WMEMMOVE 3 +.Os +.Sh NAME +.Nm wmemmove +.Nd copy wide characters +.Sh SYNOPSIS +.In wchar.h +.Ft wchar_t * +.Fn wmemmove "wchar_t *dst" "const wchar_t *src" "size_t len" +.Sh DESCRIPTION +The +.Fn wmemmove +function copies +.Fa len +wide characters from buffer +.Fa src +to buffer +.Fa dst . +The two buffers may overlap; +the copy is always done in a non-destructive manner. +.Sh RETURN VALUES +The +.Fn wmemmove +function returns the original value of +.Fa dst . +.Sh SEE ALSO +.Xr memmove 3 , +.Xr wcscpy 3 , +.Xr wcslcpy 3 , +.Xr wmemcpy 3 +.Sh STANDARDS +The +.Fn wmemmove +function conforms to +.St -isoC-99 +and was first introduced in +.St -isoC-amd1 . +.Sh HISTORY +The +.Fn wmemmove +function was ported from +.Nx +and first appeared in +.Ox 3.8 . diff --git a/src/lib/libc/string/wmemmove.c b/src/lib/libc/string/wmemmove.c new file mode 100644 index 00000000000..8bf8011064f --- /dev/null +++ b/src/lib/libc/string/wmemmove.c @@ -0,0 +1,41 @@ +/* $OpenBSD: wmemmove.c,v 1.4 2015/09/12 16:23:14 guenther Exp $ */ +/* $NetBSD: wmemmove.c,v 1.2 2001/01/03 14:29:37 lukem Exp $ */ + +/*- + * Copyright (c)1999 Citrus Project, + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * citrus Id: wmemmove.c,v 1.2 2000/12/20 14:08:31 itojun Exp + */ + +#include +#include + +wchar_t * +wmemmove(wchar_t *d, const wchar_t *s, size_t n) +{ + + return (wchar_t *)memmove(d, s, n * sizeof(wchar_t)); +} +DEF_STRONG(wmemmove); diff --git a/src/lib/libc/string/wmemset.3 b/src/lib/libc/string/wmemset.3 new file mode 100644 index 00000000000..2655d68bcb1 --- /dev/null +++ b/src/lib/libc/string/wmemset.3 @@ -0,0 +1,73 @@ +.\" $OpenBSD: wmemset.3,v 1.4 2013/06/05 03:39:23 tedu Exp $ +.\" +.\" Copyright (c) 1990, 1991 The Regents of the University of California. +.\" All rights reserved. +.\" +.\" This code is derived from software contributed to Berkeley by +.\" Chris Torek and the American National Standards Committee X3, +.\" on Information Processing Systems. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd $Mdocdate: June 5 2013 $ +.Dt WMEMSET 3 +.Os +.Sh NAME +.Nm wmemset +.Nd write a wide string +.Sh SYNOPSIS +.In wchar.h +.Ft wchar_t * +.Fn wmemset "wchar_t *s" "wchar_t c" "size_t len" +.Sh DESCRIPTION +The +.Fn wmemset +function writes +.Fa len +wide characters of value +.Fa c +to the wide string +.Fa s . +.Sh RETURN VALUES +The +.Fn wmemset +function returns the original value of +.Fa s . +.Sh SEE ALSO +.Xr memset 3 +.Sh STANDARDS +The +.Fn wmemset +function conforms to +.St -isoC-99 +and was first introduced in +.St -isoC-amd1 . +.Sh HISTORY +The +.Fn wmemset +function was ported from +.Nx +and first appeared in +.Ox 3.8 . diff --git a/src/lib/libc/string/wmemset.c b/src/lib/libc/string/wmemset.c new file mode 100644 index 00000000000..a2d3295170e --- /dev/null +++ b/src/lib/libc/string/wmemset.c @@ -0,0 +1,47 @@ +/* $OpenBSD: wmemset.c,v 1.4 2015/09/12 16:23:14 guenther Exp $ */ +/* $NetBSD: wmemset.c,v 1.2 2001/01/03 14:29:37 lukem Exp $ */ + +/*- + * Copyright (c)1999 Citrus Project, + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * citrus Id: wmemset.c,v 1.2 2000/12/20 14:08:31 itojun Exp + */ + +#include + +wchar_t * +wmemset(wchar_t *s, wchar_t c, size_t n) +{ + size_t i; + wchar_t *p; + + p = s; + for (i = 0; i < n; i++) { + *p = c; + p++; + } + return s; +} +DEF_STRONG(wmemset); diff --git a/src/lib/libcrypto/Makefile b/src/lib/libcrypto/Makefile new file mode 100644 index 00000000000..2a299398238 --- /dev/null +++ b/src/lib/libcrypto/Makefile @@ -0,0 +1,482 @@ +# $OpenBSD: Makefile,v 1.33 2019/03/17 17:42:37 tb Exp $ + +LIB= crypto +LIBREBUILD=y + +.include +.ifndef NOMAN +SUBDIR= man +.endif + +PC_FILES=libcrypto.pc + +CLEANFILES=${PC_FILES} ${VERSION_SCRIPT} + +LCRYPTO_SRC= ${.CURDIR} + +CFLAGS+= -Wall -Wundef +.if ${COMPILER_VERSION:L} == "clang" +CFLAGS+= -Werror +.endif +CFLAGS+= -DLIBRESSL_INTERNAL + +.if !defined(NOPIC) +CFLAGS+= -DDSO_DLFCN -DHAVE_DLFCN_H -DHAVE_FUNOPEN +.endif + +# Hardware engines +CFLAGS+= -DOPENSSL_NO_HW_PADLOCK # XXX enable this? + +CFLAGS+= -I${LCRYPTO_SRC} +CFLAGS+= -I${LCRYPTO_SRC}/asn1 -I${LCRYPTO_SRC}/bn -I${LCRYPTO_SRC}/evp +CFLAGS+= -I${LCRYPTO_SRC}/modes + +# XXX FIXME ecdsa and ec should be merged +CFLAGS+= -I${LCRYPTO_SRC}/ecdsa +CFLAGS+= -I${LCRYPTO_SRC}/ec + +VERSION_SCRIPT= Symbols.map +SYMBOL_LIST= ${.CURDIR}/Symbols.list + +# crypto/ +SRCS+= cryptlib.c malloc-wrapper.c mem_dbg.c cversion.c ex_data.c cpt_err.c +SRCS+= o_time.c o_str.c o_init.c +SRCS+= mem_clr.c crypto_init.c crypto_lock.c + +# aes/ +SRCS+= aes_misc.c aes_ecb.c aes_cfb.c aes_ofb.c +SRCS+= aes_ctr.c aes_ige.c aes_wrap.c + +# asn1/ +SRCS+= a_object.c a_bitstr.c a_time.c a_int.c a_octet.c +SRCS+= a_print.c a_type.c a_dup.c a_d2i_fp.c a_i2d_fp.c +SRCS+= a_enum.c a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c +SRCS+= x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c x_bignum.c +SRCS+= x_long.c x_name.c x_x509.c x_x509a.c x_crl.c x_info.c x_spki.c nsseq.c +SRCS+= x_nx509.c d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c +SRCS+= t_req.c t_x509.c t_x509a.c t_crl.c t_pkey.c t_spki.c t_bitst.c +SRCS+= tasn_new.c tasn_fre.c tasn_enc.c tasn_dec.c tasn_utl.c tasn_typ.c +SRCS+= tasn_prn.c ameth_lib.c +SRCS+= f_int.c f_string.c n_pkey.c +SRCS+= f_enum.c x_pkey.c a_bool.c x_exten.c bio_asn1.c bio_ndef.c asn_mime.c +SRCS+= asn1_gen.c asn1_par.c asn1_lib.c asn1_err.c a_strnid.c +SRCS+= evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c asn_moid.c +SRCS+= a_time_tm.c + +# bf/ +SRCS+= bf_skey.c bf_ecb.c bf_cfb64.c bf_ofb64.c + +# bio/ +SRCS+= bio_lib.c bio_cb.c bio_err.c bio_meth.c +SRCS+= bss_mem.c bss_null.c bss_fd.c +SRCS+= bss_file.c bss_sock.c bss_conn.c +SRCS+= bf_null.c bf_buff.c b_print.c b_dump.c +SRCS+= b_posix.c b_sock.c bss_acpt.c bf_nbio.c bss_log.c bss_bio.c +SRCS+= bss_dgram.c + +# bn/ +SRCS+= bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c bn_mod.c +SRCS+= bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c +SRCS+= bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c +SRCS+= bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c +SRCS+= bn_depr.c bn_const.c bn_x931p.c + +# buffer/ +SRCS+= buffer.c buf_err.c buf_str.c + +# camellia/ +SRCS+= cmll_cfb.c cmll_ctr.c cmll_ecb.c cmll_ofb.c + +# cast/ +SRCS+= c_skey.c c_ecb.c c_enc.c c_cfb64.c c_ofb64.c + +# chacha/ +SRCS+= chacha.c + +# cmac/ +SRCS+= cmac.c cm_ameth.c cm_pmeth.c + +# comp/ +SRCS+= comp_lib.c comp_err.c c_rle.c c_zlib.c + +# conf/ +SRCS+= conf_err.c conf_lib.c conf_api.c conf_def.c conf_mod.c +SRCS+= conf_mall.c conf_sap.c + +# curve25519/ +SRCS+= curve25519.c curve25519-generic.c + +# des/ +SRCS+= cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c +SRCS+= ecb3_enc.c ecb_enc.c enc_read.c enc_writ.c +SRCS+= fcrypt.c ofb64enc.c ofb_enc.c pcbc_enc.c +SRCS+= qud_cksm.c rand_key.c set_key.c xcbc_enc.c +SRCS+= str2key.c cfb64ede.c ofb64ede.c ede_cbcm_enc.c + +# dh/ +SRCS+= dh_asn1.c dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c dh_depr.c +SRCS+= dh_ameth.c dh_pmeth.c dh_prn.c + +# dsa/ +SRCS+= dsa_gen.c dsa_key.c dsa_lib.c dsa_asn1.c dsa_vrf.c dsa_sign.c +SRCS+= dsa_err.c dsa_ossl.c dsa_depr.c dsa_ameth.c dsa_pmeth.c dsa_prn.c +SRCS+= dsa_meth.c + +# dso/ +SRCS+= dso_dlfcn.c dso_err.c dso_lib.c dso_null.c +SRCS+= dso_openssl.c + +# ec/ +SRCS+= ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c ec_mult.c +SRCS+= ec_err.c ec_curve.c ec_check.c ec_print.c ec_asn1.c ec_key.c +SRCS+= ec2_smpl.c ec2_mult.c ec_ameth.c ec_pmeth.c ec_kmeth.c eck_prn.c +SRCS+= ecp_nistp224.c ecp_nistp256.c ecp_nistp521.c ecp_nistputil.c +SRCS+= ecp_oct.c ec2_oct.c ec_oct.c + +# ecdh/ +SRCS+= ech_lib.c ech_key.c ech_err.c + +# ecdsa/ +SRCS+= ecs_lib.c ecs_asn1.c ecs_ossl.c ecs_sign.c ecs_vrf.c ecs_err.c + +# engine/ +SRCS+= eng_err.c eng_lib.c eng_list.c eng_init.c eng_ctrl.c +SRCS+= eng_table.c eng_pkey.c eng_fat.c eng_all.c +SRCS+= tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c +SRCS+= tb_cipher.c tb_digest.c tb_pkmeth.c tb_asnmth.c tb_eckey.c +SRCS+= eng_openssl.c eng_cnf.c eng_dyn.c +# XXX unnecessary? handled in EVP now... +# SRCS+= eng_aesni.c # local addition + +# err/ +SRCS+= err.c err_all.c err_prn.c + +# evp/ +SRCS+= encode.c digest.c evp_enc.c evp_key.c +SRCS+= e_des.c e_bf.c e_idea.c e_des3.c e_camellia.c +SRCS+= e_rc4.c e_aes.c names.c +SRCS+= e_xcbc_d.c e_rc2.c e_cast.c +SRCS+= m_null.c m_md4.c m_md5.c m_sha1.c m_sm3.c m_wp.c +SRCS+= m_dss.c m_dss1.c m_ripemd.c m_ecdsa.c +SRCS+= p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c +SRCS+= bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c +SRCS+= c_all.c evp_lib.c +SRCS+= evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c +SRCS+= e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c +SRCS+= e_aes_cbc_hmac_sha1.c e_rc4_hmac_md5.c +SRCS+= e_chacha.c evp_aead.c e_chacha20poly1305.c +SRCS+= e_gost2814789.c m_gost2814789.c m_gostr341194.c m_streebog.c +SRCS+= e_sm4.c +SRCS+= m_md5_sha1.c + +# gost/ +SRCS+= gost2814789.c gost89_keywrap.c gost89_params.c gost89imit_ameth.c +SRCS+= gost89imit_pmeth.c gost_asn1.c gost_err.c gostr341001.c +SRCS+= gostr341001_ameth.c gostr341001_key.c gostr341001_params.c +SRCS+= gostr341001_pmeth.c gostr341194.c streebog.c + +# hkdf/ +SRCS+= hkdf.c + +# hmac/ +SRCS+= hmac.c hm_ameth.c hm_pmeth.c + +# idea/ +SRCS+= i_cbc.c i_cfb64.c i_ofb64.c i_ecb.c i_skey.c + +# lhash/ +SRCS+= lhash.c lh_stats.c + +# md4/ +SRCS+= md4_dgst.c md4_one.c + +# md5/ +SRCS+= md5_dgst.c md5_one.c + +# modes/ +SRCS+= cbc128.c ctr128.c cts128.c cfb128.c ofb128.c gcm128.c ccm128.c xts128.c + +# objects/ +SRCS+= o_names.c obj_dat.c obj_lib.c obj_err.c obj_xref.c + +# ocsp/ +SRCS+= ocsp_asn.c ocsp_ext.c ocsp_ht.c ocsp_lib.c ocsp_cl.c +SRCS+= ocsp_srv.c ocsp_prn.c ocsp_vfy.c ocsp_err.c + +# pem/ +SRCS+= pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_all.c pem_err.c +SRCS+= pem_x509.c pem_xaux.c pem_oth.c pem_pk8.c pem_pkey.c pvkfmt.c + +# pkcs12/ +SRCS+= p12_add.c p12_asn.c p12_attr.c p12_crpt.c p12_crt.c p12_decr.c +SRCS+= p12_init.c p12_key.c p12_kiss.c p12_mutl.c +SRCS+= p12_utl.c p12_npas.c pk12err.c p12_p8d.c p12_p8e.c + +# pkcs7/ +SRCS+= pk7_asn1.c pk7_lib.c pkcs7err.c pk7_doit.c pk7_smime.c pk7_attr.c +SRCS+= pk7_mime.c bio_pk7.c + +# poly1305/ +SRCS+= poly1305.c + +# rand/ +SRCS+= randfile.c rand_lib.c rand_err.c + +# rc2/ +SRCS+= rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c rc2ofb64.c + +# ripemd/ +SRCS+= rmd_dgst.c rmd_one.c + +# rsa/ +SRCS+= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c +SRCS+= rsa_pk1.c rsa_none.c rsa_oaep.c rsa_chk.c +SRCS+= rsa_pss.c rsa_x931.c rsa_asn1.c rsa_depr.c rsa_ameth.c rsa_prn.c +SRCS+= rsa_pmeth.c rsa_crpt.c rsa_meth.c + +# sha/ +SRCS+= sha1dgst.c sha1_one.c sha256.c sha512.c + +# sm2/ +SRCS+= sm2_crypt.c sm2_err.c sm2_pmeth.c sm2_sign.c sm2_za.c + +# sm3/ +SRCS+= sm3.c + +# sm4/ +SRCS+= sm4.c + +# stack/ +SRCS+= stack.c + +# ts/ +SRCS+= ts_err.c ts_req_utils.c ts_req_print.c ts_rsp_utils.c ts_rsp_print.c +SRCS+= ts_rsp_sign.c ts_rsp_verify.c ts_verify_ctx.c ts_lib.c ts_conf.c +SRCS+= ts_asn1.c + +# txt_db/ +SRCS+=txt_db.c + +# ui/ +SRCS+= ui_err.c ui_lib.c ui_openssl.c ui_util.c + +# whrlpool/ +SRCS+= wp_dgst.c + +# x509/ +SRCS+= x509_def.c x509_d2.c x509_r2x.c x509_cmp.c +SRCS+= x509_obj.c x509_req.c x509spki.c x509_vfy.c +SRCS+= x509_set.c x509cset.c x509rset.c x509_err.c +SRCS+= x509name.c x509_v3.c x509_ext.c x509_att.c +SRCS+= x509type.c x509_lu.c x_all.c x509_txt.c +SRCS+= x509_trs.c by_file.c by_dir.c by_mem.c x509_vpm.c + +# x509v3/ +SRCS+= v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c v3_lib.c +SRCS+= v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c v3_pku.c +SRCS+= v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c v3_info.c +SRCS+= v3_ocsp.c v3_akeya.c v3_pmaps.c v3_pcons.c v3_ncons.c v3_pcia.c v3_pci.c +SRCS+= pcy_cache.c pcy_node.c pcy_data.c pcy_map.c pcy_tree.c pcy_lib.c + +.PATH: ${.CURDIR}/arch/${MACHINE_CPU} \ + ${LCRYPTO_SRC} \ + ${LCRYPTO_SRC}/aes \ + ${LCRYPTO_SRC}/asn1 \ + ${LCRYPTO_SRC}/bf \ + ${LCRYPTO_SRC}/bio \ + ${LCRYPTO_SRC}/bn \ + ${LCRYPTO_SRC}/bn/asm \ + ${LCRYPTO_SRC}/buffer \ + ${LCRYPTO_SRC}/camellia \ + ${LCRYPTO_SRC}/cast \ + ${LCRYPTO_SRC}/chacha \ + ${LCRYPTO_SRC}/cmac \ + ${LCRYPTO_SRC}/comp \ + ${LCRYPTO_SRC}/conf \ + ${LCRYPTO_SRC}/curve25519 \ + ${LCRYPTO_SRC}/des \ + ${LCRYPTO_SRC}/dh \ + ${LCRYPTO_SRC}/dsa \ + ${LCRYPTO_SRC}/dso \ + ${LCRYPTO_SRC}/ec \ + ${LCRYPTO_SRC}/ecdh \ + ${LCRYPTO_SRC}/ecdsa \ + ${LCRYPTO_SRC}/engine \ + ${LCRYPTO_SRC}/err \ + ${LCRYPTO_SRC}/evp \ + ${LCRYPTO_SRC}/gost \ + ${LCRYPTO_SRC}/hkdf \ + ${LCRYPTO_SRC}/hmac \ + ${LCRYPTO_SRC}/idea \ + ${LCRYPTO_SRC}/lhash \ + ${LCRYPTO_SRC}/md4 \ + ${LCRYPTO_SRC}/md5 \ + ${LCRYPTO_SRC}/modes \ + ${LCRYPTO_SRC}/objects \ + ${LCRYPTO_SRC}/ocsp \ + ${LCRYPTO_SRC}/pem \ + ${LCRYPTO_SRC}/perlasm \ + ${LCRYPTO_SRC}/pkcs12 \ + ${LCRYPTO_SRC}/pkcs7 \ + ${LCRYPTO_SRC}/poly1305 \ + ${LCRYPTO_SRC}/rand \ + ${LCRYPTO_SRC}/rc2 \ + ${LCRYPTO_SRC}/rc4 \ + ${LCRYPTO_SRC}/ripemd \ + ${LCRYPTO_SRC}/rsa \ + ${LCRYPTO_SRC}/sha \ + ${LCRYPTO_SRC}/sm2 \ + ${LCRYPTO_SRC}/sm3 \ + ${LCRYPTO_SRC}/sm4 \ + ${LCRYPTO_SRC}/stack \ + ${LCRYPTO_SRC}/threads \ + ${LCRYPTO_SRC}/ts \ + ${LCRYPTO_SRC}/txt_db \ + ${LCRYPTO_SRC}/ui \ + ${LCRYPTO_SRC}/whrlpool \ + ${LCRYPTO_SRC}/x509 \ + ${LCRYPTO_SRC}/x509v3 + +HDRS=\ + ${LCRYPTO_SRC}/aes/aes.h \ + ${LCRYPTO_SRC}/asn1/asn1.h \ + ${LCRYPTO_SRC}/asn1/asn1t.h \ + ${LCRYPTO_SRC}/bf/blowfish.h \ + ${LCRYPTO_SRC}/bio/bio.h \ + ${LCRYPTO_SRC}/bn/bn.h \ + ${LCRYPTO_SRC}/buffer/buffer.h \ + ${LCRYPTO_SRC}/camellia/camellia.h \ + ${LCRYPTO_SRC}/cast/cast.h \ + ${LCRYPTO_SRC}/chacha/chacha.h \ + ${LCRYPTO_SRC}/cmac/cmac.h \ + ${LCRYPTO_SRC}/comp/comp.h \ + ${LCRYPTO_SRC}/conf/conf.h \ + ${LCRYPTO_SRC}/conf/conf_api.h \ + ${LCRYPTO_SRC}/crypto.h \ + ${LCRYPTO_SRC}/curve25519/curve25519.h \ + ${LCRYPTO_SRC}/des/des.h \ + ${LCRYPTO_SRC}/dh/dh.h \ + ${LCRYPTO_SRC}/dsa/dsa.h \ + ${LCRYPTO_SRC}/dso/dso.h \ + ${LCRYPTO_SRC}/ec/ec.h \ + ${LCRYPTO_SRC}/ecdh/ecdh.h \ + ${LCRYPTO_SRC}/ecdsa/ecdsa.h \ + ${LCRYPTO_SRC}/engine/engine.h \ + ${LCRYPTO_SRC}/err/err.h \ + ${LCRYPTO_SRC}/evp/evp.h \ + ${LCRYPTO_SRC}/gost/gost.h \ + ${LCRYPTO_SRC}/hkdf/hkdf.h \ + ${LCRYPTO_SRC}/hmac/hmac.h \ + ${LCRYPTO_SRC}/idea/idea.h \ + ${LCRYPTO_SRC}/lhash/lhash.h \ + ${LCRYPTO_SRC}/md4/md4.h \ + ${LCRYPTO_SRC}/md5/md5.h \ + ${LCRYPTO_SRC}/modes/modes.h \ + ${LCRYPTO_SRC}/objects/objects.h \ + ${LCRYPTO_SRC}/ocsp/ocsp.h \ + ${LCRYPTO_SRC}/opensslfeatures.h \ + ${LCRYPTO_SRC}/opensslv.h \ + ${LCRYPTO_SRC}/ossl_typ.h \ + ${LCRYPTO_SRC}/pem/pem.h \ + ${LCRYPTO_SRC}/pem/pem2.h \ + ${LCRYPTO_SRC}/pkcs12/pkcs12.h \ + ${LCRYPTO_SRC}/pkcs7/pkcs7.h \ + ${LCRYPTO_SRC}/poly1305/poly1305.h \ + ${LCRYPTO_SRC}/rand/rand.h \ + ${LCRYPTO_SRC}/rc2/rc2.h \ + ${LCRYPTO_SRC}/rc4/rc4.h \ + ${LCRYPTO_SRC}/ripemd/ripemd.h \ + ${LCRYPTO_SRC}/rsa/rsa.h \ + ${LCRYPTO_SRC}/sha/sha.h \ + ${LCRYPTO_SRC}/sm2/sm2.h \ + ${LCRYPTO_SRC}/sm3/sm3.h \ + ${LCRYPTO_SRC}/sm4/sm4.h \ + ${LCRYPTO_SRC}/stack/safestack.h \ + ${LCRYPTO_SRC}/stack/stack.h \ + ${LCRYPTO_SRC}/ts/ts.h \ + ${LCRYPTO_SRC}/txt_db/txt_db.h \ + ${LCRYPTO_SRC}/ui/ui.h \ + ${LCRYPTO_SRC}/ui/ui_compat.h \ + ${LCRYPTO_SRC}/whrlpool/whrlpool.h \ + ${LCRYPTO_SRC}/x509/x509.h \ + ${LCRYPTO_SRC}/x509/x509_vfy.h \ + ${LCRYPTO_SRC}/x509v3/x509v3.h + +HDRS_GEN=\ + ${.CURDIR}/arch/${MACHINE_CPU}/opensslconf.h \ + ${.OBJDIR}/obj_mac.h + +prereq: obj_mac.h + +includes: prereq + @test -d ${DESTDIR}/usr/include/openssl || \ + mkdir ${DESTDIR}/usr/include/openssl + @for i in $(HDRS); do \ + j="cmp -s $$i ${DESTDIR}/usr/include/openssl/`basename $$i` || \ + ${INSTALL} ${INSTALL_COPY} -o ${BINOWN} -g ${BINGRP} -m 444 $$i\ + ${DESTDIR}/usr/include/openssl"; \ + echo $$j; \ + eval "$$j"; \ + done; \ + for i in $(HDRS_GEN); do \ + j="cmp -s $$i ${DESTDIR}/usr/include/openssl/`basename $$i` || \ + ${INSTALL} ${INSTALL_COPY} -o ${BINOWN} -g ${BINGRP} -m 444 $$i\ + ${DESTDIR}/usr/include/openssl"; \ + echo $$j; \ + eval "$$j"; \ + done; + +${VERSION_SCRIPT}: ${SYMBOL_LIST} + { printf '{\n\tglobal:\n'; \ + sed '/^[._a-zA-Z]/s/$$/;/; s/^/ /' ${SYMBOL_LIST}; \ + printf '\n\tlocal:\n\t\t*;\n};\n'; } >$@.tmp && mv $@.tmp $@ + +# generated +CFLAGS+= -I${.OBJDIR} + +GENERATED=obj_mac.h obj_dat.h +CLEANFILES+=${GENERATED} obj_mac.num.tmp +SSL_OBJECTS=${LCRYPTO_SRC}/objects + +obj_mac.h: ${SSL_OBJECTS}/objects.h ${SSL_OBJECTS}/obj_mac.num ${SSL_OBJECTS}/objects.txt ${SSL_OBJECTS}/objects.pl + cat ${SSL_OBJECTS}/obj_mac.num > obj_mac.num.tmp + /usr/bin/perl ${SSL_OBJECTS}/objects.pl ${SSL_OBJECTS}/objects.txt obj_mac.num.tmp obj_mac.h + +obj_dat.h: obj_mac.h ${SSL_OBJECTS}/obj_dat.pl + /usr/bin/perl ${SSL_OBJECTS}/obj_dat.pl obj_mac.h obj_dat.h + +.if exists (${.CURDIR}/arch/${MACHINE_CPU}/Makefile.inc) +.include "${.CURDIR}/arch/${MACHINE_CPU}/Makefile.inc" +.else +CFLAGS+=-DOPENSSL_NO_ASM +SRCS+= aes_core.c aes_cbc.c +SRCS+= bf_enc.c +SRCS+= bn_asm.c +SRCS+= camellia.c cmll_cbc.c cmll_misc.c +SRCS+= des_enc.c fcrypt_b.c +SRCS+= rc4_enc.c rc4_skey.c +SRCS+= wp_block.c +.endif + +BUILDFIRST = ${GENERATED} + +.include + + +distribution: + ${INSTALL} ${INSTALL_COPY} -o ${BINOWN} -g ${BINGRP} -m 444 \ + ${.CURDIR}/openssl.cnf ${DESTDIR}/etc/ssl/openssl.cnf && \ + ${INSTALL} ${INSTALL_COPY} -o ${BINOWN} -g ${BINGRP} -m 444 \ + ${.CURDIR}/cert.pem ${DESTDIR}/etc/ssl/cert.pem && \ + ${INSTALL} ${INSTALL_COPY} -o ${BINOWN} -g ${BINGRP} -m 444 \ + ${.CURDIR}/x509v3.cnf ${DESTDIR}/etc/ssl/x509v3.cnf + +all: ${PC_FILES} +${PC_FILES}: opensslv.h + /bin/sh ${.CURDIR}/generate_pkgconfig.sh -c ${.CURDIR} -o ${.OBJDIR} + +beforeinstall: + ${INSTALL} ${INSTALL_COPY} -o root -g ${SHAREGRP} \ + -m ${SHAREMODE} ${.OBJDIR}/${PC_FILES} ${DESTDIR}/usr/lib/pkgconfig/ + +.include diff --git a/src/lib/libcrypto/Makefile.ssl b/src/lib/libcrypto/Makefile.ssl deleted file mode 100644 index 0f036167f07..00000000000 --- a/src/lib/libcrypto/Makefile.ssl +++ /dev/null @@ -1,214 +0,0 @@ -# -# SSLeay/crypto/Makefile -# - -DIR= crypto -TOP= .. -CC= cc -INCLUDE= -I. -I$(TOP) -I../include -INCLUDES= -I.. -I../.. -I../../include -CFLAG= -g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP= /usr/local/ssl -MAKE= make -f Makefile.ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) -MAKEFILE= Makefile.ssl -RM= rm -f -AR= ar r - -PEX_LIBS= -EX_LIBS= - -CFLAGS= $(INCLUDE) $(CFLAG) - - -LIBS= - -SDIRS= md2 md5 sha mdc2 hmac ripemd \ - des rc2 rc4 rc5 idea bf cast \ - bn ec rsa dsa dh dso engine aes \ - buffer bio stack lhash rand err objects \ - evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 - -GENERAL=Makefile README crypto-lib.com install.com - -LIB= $(TOP)/libcrypto.a -SHARED_LIB= libcrypto$(SHLIB_EXT) -LIBSRC= cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c o_time.c -LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o o_time.o - -SRC= $(LIBSRC) - -EXHEADER= crypto.h tmdiff.h opensslv.h opensslconf.h ebcdic.h symhacks.h \ - ossl_typ.h -HEADER= cryptlib.h buildinf.h md32_common.h o_time.h $(EXHEADER) - -ALL= $(GENERAL) $(SRC) $(HEADER) - -top: - @(cd ..; $(MAKE) DIRS=$(DIR) all) - -all: buildinf.h lib subdirs shared - -buildinf.h: ../Makefile.ssl - ( echo "#ifndef MK1MF_BUILD"; \ - echo ' /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */'; \ - echo ' #define CFLAGS "$(CC) $(CFLAG)"'; \ - echo ' #define PLATFORM "$(PLATFORM)"'; \ - echo " #define DATE \"`LC_ALL=C LC_TIME=C date`\""; \ - echo '#endif' ) >buildinf.h - -testapps: - if echo ${SDIRS} | fgrep ' des '; \ - then cd des && $(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' des; fi - cd pkcs7 && $(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' testapps - -subdirs: - @for i in $(SDIRS) ;\ - do \ - (cd $$i && echo "making all in crypto/$$i..." && \ - $(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \ - done; - -files: - $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO - @for i in $(SDIRS) ;\ - do \ - (cd $$i && echo "making 'files' in crypto/$$i..." && \ - $(MAKE) PERL='${PERL}' files ); \ - done; - -links: - @sh $(TOP)/util/point.sh Makefile.ssl Makefile - @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER) - @$(PERL) $(TOP)/util/mklink.pl ../test $(TEST) - @$(PERL) $(TOP)/util/mklink.pl ../apps $(APPS) - @sh $(TOP)/util/point.sh Makefile.ssl Makefile - @for i in $(SDIRS); do \ - (cd $$i && echo "making links in crypto/$$i..." && \ - $(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PERL='${PERL}' links ); \ - done; - -lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) || echo Never mind. - @touch lib - -shared: - if [ -n "$(SHARED_LIBS)" ]; then \ - (cd ..; make $(SHARED_LIB)); \ - fi - -libs: - @for i in $(SDIRS) ;\ - do \ - (cd $$i && echo "making libs in crypto/$$i..." && \ - $(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' lib ); \ - done; - -tests: - @for i in $(SDIRS) ;\ - do \ - (cd $$i && echo "making tests in crypto/$$i..." && \ - $(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' tests ); \ - done; - -install: - @for i in $(EXHEADER) ;\ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; - @for i in $(SDIRS) ;\ - do \ - (cd $$i && echo "making install in crypto/$$i..." && \ - $(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' install ); \ - done; - -lint: - @for i in $(SDIRS) ;\ - do \ - (cd $$i && echo "making lint in crypto/$$i..." && \ - $(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' lint ); \ - done; - -depend: - if [ ! -f buildinf.h ]; then touch buildinf.h; fi # fake buildinf.h if it does not exist - $(MAKEDEPEND) $(INCLUDE) $(DEPFLAG) $(PROGS) $(LIBSRC) - if [ ! -s buildinf.h ]; then rm buildinf.h; fi - @for i in $(SDIRS) ;\ - do \ - (cd $$i && echo "making depend in crypto/$$i..." && \ - $(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' DEPFLAG='${DEPFLAG}' depend ); \ - done; - -clean: - rm -f buildinf.h *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff - @for i in $(SDIRS) ;\ - do \ - (cd $$i && echo "making clean in crypto/$$i..." && \ - $(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' clean ); \ - done; - -dclean: - $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new - mv -f Makefile.new $(MAKEFILE) - @for i in $(SDIRS) ;\ - do \ - (cd $$i && echo "making dclean in crypto/$$i..." && \ - $(MAKE) PERL='${PERL}' CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' dclean ); \ - done; - -# DO NOT DELETE THIS LINE -- make depend depends on it. - -cpt_err.o: ../include/openssl/bio.h ../include/openssl/crypto.h -cpt_err.o: ../include/openssl/e_os2.h ../include/openssl/err.h -cpt_err.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h -cpt_err.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h -cpt_err.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cpt_err.c -cryptlib.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h -cryptlib.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h -cryptlib.o: ../include/openssl/err.h ../include/openssl/lhash.h -cryptlib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -cryptlib.o: ../include/openssl/safestack.h ../include/openssl/stack.h -cryptlib.o: ../include/openssl/symhacks.h cryptlib.c cryptlib.h -cversion.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h -cversion.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h -cversion.o: ../include/openssl/err.h ../include/openssl/lhash.h -cversion.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -cversion.o: ../include/openssl/safestack.h ../include/openssl/stack.h -cversion.o: ../include/openssl/symhacks.h buildinf.h cryptlib.h cversion.c -ebcdic.o: ../include/openssl/opensslconf.h ebcdic.c -ex_data.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h -ex_data.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h -ex_data.o: ../include/openssl/err.h ../include/openssl/lhash.h -ex_data.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ex_data.o: ../include/openssl/safestack.h ../include/openssl/stack.h -ex_data.o: ../include/openssl/symhacks.h cryptlib.h ex_data.c -mem.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h -mem.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h -mem.o: ../include/openssl/err.h ../include/openssl/lhash.h -mem.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -mem.o: ../include/openssl/safestack.h ../include/openssl/stack.h -mem.o: ../include/openssl/symhacks.h cryptlib.h mem.c -mem_dbg.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h -mem_dbg.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h -mem_dbg.o: ../include/openssl/err.h ../include/openssl/lhash.h -mem_dbg.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -mem_dbg.o: ../include/openssl/safestack.h ../include/openssl/stack.h -mem_dbg.o: ../include/openssl/symhacks.h cryptlib.h mem_dbg.c -o_time.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h o_time.c -o_time.o: o_time.h -tmdiff.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h -tmdiff.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h -tmdiff.o: ../include/openssl/err.h ../include/openssl/lhash.h -tmdiff.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -tmdiff.o: ../include/openssl/safestack.h ../include/openssl/stack.h -tmdiff.o: ../include/openssl/symhacks.h ../include/openssl/tmdiff.h cryptlib.h -tmdiff.o: tmdiff.c -uid.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h -uid.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -uid.o: ../include/openssl/safestack.h ../include/openssl/stack.h -uid.o: ../include/openssl/symhacks.h uid.c diff --git a/src/lib/libcrypto/Symbols.list b/src/lib/libcrypto/Symbols.list new file mode 100644 index 00000000000..6f6e0060837 --- /dev/null +++ b/src/lib/libcrypto/Symbols.list @@ -0,0 +1,3661 @@ +ACCESS_DESCRIPTION_free +ACCESS_DESCRIPTION_it +ACCESS_DESCRIPTION_new +AES_cbc_encrypt +AES_cfb128_encrypt +AES_cfb1_encrypt +AES_cfb8_encrypt +AES_ctr128_encrypt +AES_decrypt +AES_ecb_encrypt +AES_encrypt +AES_ige_encrypt +AES_ofb128_encrypt +AES_options +AES_set_decrypt_key +AES_set_encrypt_key +AES_unwrap_key +AES_wrap_key +ASN1_ANY_it +ASN1_BIT_STRING_check +ASN1_BIT_STRING_free +ASN1_BIT_STRING_get_bit +ASN1_BIT_STRING_it +ASN1_BIT_STRING_name_print +ASN1_BIT_STRING_new +ASN1_BIT_STRING_num_asc +ASN1_BIT_STRING_set +ASN1_BIT_STRING_set_asc +ASN1_BIT_STRING_set_bit +ASN1_BMPSTRING_free +ASN1_BMPSTRING_it +ASN1_BMPSTRING_new +ASN1_BOOLEAN_it +ASN1_ENUMERATED_free +ASN1_ENUMERATED_get +ASN1_ENUMERATED_it +ASN1_ENUMERATED_new +ASN1_ENUMERATED_set +ASN1_ENUMERATED_to_BN +ASN1_FBOOLEAN_it +ASN1_GENERALIZEDTIME_adj +ASN1_GENERALIZEDTIME_check +ASN1_GENERALIZEDTIME_free +ASN1_GENERALIZEDTIME_it +ASN1_GENERALIZEDTIME_new +ASN1_GENERALIZEDTIME_print +ASN1_GENERALIZEDTIME_set +ASN1_GENERALIZEDTIME_set_string +ASN1_GENERALSTRING_free +ASN1_GENERALSTRING_it +ASN1_GENERALSTRING_new +ASN1_IA5STRING_free +ASN1_IA5STRING_it +ASN1_IA5STRING_new +ASN1_INTEGER_cmp +ASN1_INTEGER_dup +ASN1_INTEGER_free +ASN1_INTEGER_get +ASN1_INTEGER_it +ASN1_INTEGER_new +ASN1_INTEGER_set +ASN1_INTEGER_to_BN +ASN1_NULL_free +ASN1_NULL_it +ASN1_NULL_new +ASN1_OBJECT_create +ASN1_OBJECT_free +ASN1_OBJECT_it +ASN1_OBJECT_new +ASN1_OCTET_STRING_NDEF_it +ASN1_OCTET_STRING_cmp +ASN1_OCTET_STRING_dup +ASN1_OCTET_STRING_free +ASN1_OCTET_STRING_it +ASN1_OCTET_STRING_new +ASN1_OCTET_STRING_set +ASN1_PCTX_free +ASN1_PCTX_get_cert_flags +ASN1_PCTX_get_flags +ASN1_PCTX_get_nm_flags +ASN1_PCTX_get_oid_flags +ASN1_PCTX_get_str_flags +ASN1_PCTX_new +ASN1_PCTX_set_cert_flags +ASN1_PCTX_set_flags +ASN1_PCTX_set_nm_flags +ASN1_PCTX_set_oid_flags +ASN1_PCTX_set_str_flags +ASN1_PRINTABLESTRING_free +ASN1_PRINTABLESTRING_it +ASN1_PRINTABLESTRING_new +ASN1_PRINTABLE_free +ASN1_PRINTABLE_it +ASN1_PRINTABLE_new +ASN1_PRINTABLE_type +ASN1_SEQUENCE_ANY_it +ASN1_SEQUENCE_it +ASN1_SET_ANY_it +ASN1_STRING_TABLE_add +ASN1_STRING_TABLE_cleanup +ASN1_STRING_TABLE_get +ASN1_STRING_cmp +ASN1_STRING_copy +ASN1_STRING_data +ASN1_STRING_dup +ASN1_STRING_free +ASN1_STRING_get0_data +ASN1_STRING_get_default_mask +ASN1_STRING_length +ASN1_STRING_length_set +ASN1_STRING_new +ASN1_STRING_print +ASN1_STRING_print_ex +ASN1_STRING_print_ex_fp +ASN1_STRING_set +ASN1_STRING_set0 +ASN1_STRING_set_by_NID +ASN1_STRING_set_default_mask +ASN1_STRING_set_default_mask_asc +ASN1_STRING_to_UTF8 +ASN1_STRING_type +ASN1_STRING_type_new +ASN1_T61STRING_free +ASN1_T61STRING_it +ASN1_T61STRING_new +ASN1_TBOOLEAN_it +ASN1_TIME_adj +ASN1_TIME_check +ASN1_TIME_free +ASN1_TIME_it +ASN1_TIME_new +ASN1_TIME_print +ASN1_TIME_set +ASN1_TIME_set_string +ASN1_TIME_set_tm +ASN1_TIME_to_generalizedtime +ASN1_TYPE_cmp +ASN1_TYPE_free +ASN1_TYPE_get +ASN1_TYPE_get_int_octetstring +ASN1_TYPE_get_octetstring +ASN1_TYPE_new +ASN1_TYPE_set +ASN1_TYPE_set1 +ASN1_TYPE_set_int_octetstring +ASN1_TYPE_set_octetstring +ASN1_UNIVERSALSTRING_free +ASN1_UNIVERSALSTRING_it +ASN1_UNIVERSALSTRING_new +ASN1_UNIVERSALSTRING_to_string +ASN1_UTCTIME_adj +ASN1_UTCTIME_check +ASN1_UTCTIME_cmp_time_t +ASN1_UTCTIME_free +ASN1_UTCTIME_it +ASN1_UTCTIME_new +ASN1_UTCTIME_print +ASN1_UTCTIME_set +ASN1_UTCTIME_set_string +ASN1_UTF8STRING_free +ASN1_UTF8STRING_it +ASN1_UTF8STRING_new +ASN1_VISIBLESTRING_free +ASN1_VISIBLESTRING_it +ASN1_VISIBLESTRING_new +ASN1_add_oid_module +ASN1_bn_print +ASN1_check_infinite_end +ASN1_const_check_infinite_end +ASN1_d2i_bio +ASN1_d2i_fp +ASN1_dup +ASN1_generate_nconf +ASN1_generate_v3 +ASN1_get_object +ASN1_i2d_bio +ASN1_i2d_fp +ASN1_item_d2i +ASN1_item_d2i_bio +ASN1_item_d2i_fp +ASN1_item_digest +ASN1_item_dup +ASN1_item_ex_d2i +ASN1_item_ex_free +ASN1_item_ex_i2d +ASN1_item_ex_new +ASN1_item_free +ASN1_item_i2d +ASN1_item_i2d_bio +ASN1_item_i2d_fp +ASN1_item_ndef_i2d +ASN1_item_new +ASN1_item_pack +ASN1_item_print +ASN1_item_sign +ASN1_item_sign_ctx +ASN1_item_unpack +ASN1_item_verify +ASN1_mbstring_copy +ASN1_mbstring_ncopy +ASN1_object_size +ASN1_parse +ASN1_parse_dump +ASN1_primitive_free +ASN1_primitive_new +ASN1_put_eoc +ASN1_put_object +ASN1_tag2bit +ASN1_tag2str +ASN1_template_d2i +ASN1_template_free +ASN1_template_i2d +ASN1_template_new +ASN1_time_parse +ASN1_time_tm_clamp_notafter +ASN1_time_tm_cmp +AUTHORITY_INFO_ACCESS_free +AUTHORITY_INFO_ACCESS_it +AUTHORITY_INFO_ACCESS_new +AUTHORITY_KEYID_free +AUTHORITY_KEYID_it +AUTHORITY_KEYID_new +BASIC_CONSTRAINTS_free +BASIC_CONSTRAINTS_it +BASIC_CONSTRAINTS_new +BF_cbc_encrypt +BF_cfb64_encrypt +BF_decrypt +BF_ecb_encrypt +BF_encrypt +BF_ofb64_encrypt +BF_options +BF_set_key +BIGNUM_it +BIO_CONNECT_free +BIO_CONNECT_new +BIO_accept +BIO_asn1_get_prefix +BIO_asn1_get_suffix +BIO_asn1_set_prefix +BIO_asn1_set_suffix +BIO_callback_ctrl +BIO_clear_flags +BIO_copy_next_retry +BIO_ctrl +BIO_ctrl_get_read_request +BIO_ctrl_get_write_guarantee +BIO_ctrl_pending +BIO_ctrl_reset_read_request +BIO_ctrl_wpending +BIO_debug_callback +BIO_dgram_non_fatal_error +BIO_dump +BIO_dump_cb +BIO_dump_fp +BIO_dump_indent +BIO_dump_indent_cb +BIO_dump_indent_fp +BIO_dup_chain +BIO_f_asn1 +BIO_f_base64 +BIO_f_buffer +BIO_f_cipher +BIO_f_md +BIO_f_nbio_test +BIO_f_null +BIO_fd_non_fatal_error +BIO_fd_should_retry +BIO_find_type +BIO_free +BIO_free_all +BIO_get_accept_socket +BIO_get_callback +BIO_get_callback_arg +BIO_get_data +BIO_get_ex_data +BIO_get_ex_new_index +BIO_get_host_ip +BIO_get_new_index +BIO_get_port +BIO_get_retry_BIO +BIO_get_retry_reason +BIO_get_shutdown +BIO_gethostbyname +BIO_gets +BIO_indent +BIO_int_ctrl +BIO_meth_free +BIO_meth_get_callback_ctrl +BIO_meth_get_create +BIO_meth_get_ctrl +BIO_meth_get_destroy +BIO_meth_get_gets +BIO_meth_get_puts +BIO_meth_get_read +BIO_meth_get_write +BIO_meth_new +BIO_meth_set_callback_ctrl +BIO_meth_set_create +BIO_meth_set_ctrl +BIO_meth_set_destroy +BIO_meth_set_gets +BIO_meth_set_puts +BIO_meth_set_read +BIO_meth_set_write +BIO_method_name +BIO_method_type +BIO_new +BIO_new_NDEF +BIO_new_PKCS7 +BIO_new_accept +BIO_new_bio_pair +BIO_new_connect +BIO_new_dgram +BIO_new_fd +BIO_new_file +BIO_new_fp +BIO_new_mem_buf +BIO_new_socket +BIO_next +BIO_nread +BIO_nread0 +BIO_number_read +BIO_number_written +BIO_nwrite +BIO_nwrite0 +BIO_pop +BIO_printf +BIO_ptr_ctrl +BIO_push +BIO_puts +BIO_read +BIO_s_accept +BIO_s_bio +BIO_s_connect +BIO_s_datagram +BIO_s_fd +BIO_s_file +BIO_s_log +BIO_s_mem +BIO_s_null +BIO_s_socket +BIO_set +BIO_set_callback +BIO_set_callback_arg +BIO_set_cipher +BIO_set_data +BIO_set_ex_data +BIO_set_flags +BIO_set_init +BIO_set_shutdown +BIO_set_tcp_ndelay +BIO_snprintf +BIO_sock_cleanup +BIO_sock_error +BIO_sock_init +BIO_sock_non_fatal_error +BIO_sock_should_retry +BIO_socket_ioctl +BIO_socket_nbio +BIO_test_flags +BIO_up_ref +BIO_vfree +BIO_vprintf +BIO_vsnprintf +BIO_write +BN_BLINDING_convert +BN_BLINDING_convert_ex +BN_BLINDING_create_param +BN_BLINDING_free +BN_BLINDING_get_flags +BN_BLINDING_get_thread_id +BN_BLINDING_invert +BN_BLINDING_invert_ex +BN_BLINDING_new +BN_BLINDING_set_flags +BN_BLINDING_set_thread_id +BN_BLINDING_thread_id +BN_BLINDING_update +BN_CTX_end +BN_CTX_free +BN_CTX_get +BN_CTX_init +BN_CTX_new +BN_CTX_start +BN_GENCB_call +BN_GENCB_free +BN_GENCB_get_arg +BN_GENCB_new +BN_GF2m_add +BN_GF2m_arr2poly +BN_GF2m_mod +BN_GF2m_mod_arr +BN_GF2m_mod_div +BN_GF2m_mod_div_arr +BN_GF2m_mod_exp +BN_GF2m_mod_exp_arr +BN_GF2m_mod_inv +BN_GF2m_mod_inv_arr +BN_GF2m_mod_mul +BN_GF2m_mod_mul_arr +BN_GF2m_mod_solve_quad +BN_GF2m_mod_solve_quad_arr +BN_GF2m_mod_sqr +BN_GF2m_mod_sqr_arr +BN_GF2m_mod_sqrt +BN_GF2m_mod_sqrt_arr +BN_GF2m_poly2arr +BN_MONT_CTX_copy +BN_MONT_CTX_free +BN_MONT_CTX_init +BN_MONT_CTX_new +BN_MONT_CTX_set +BN_MONT_CTX_set_locked +BN_RECP_CTX_free +BN_RECP_CTX_init +BN_RECP_CTX_new +BN_RECP_CTX_set +BN_X931_derive_prime_ex +BN_X931_generate_Xpq +BN_X931_generate_prime_ex +BN_add +BN_add_word +BN_asc2bn +BN_bin2bn +BN_bn2bin +BN_bn2dec +BN_bn2hex +BN_bn2mpi +BN_clear +BN_clear_bit +BN_clear_free +BN_cmp +BN_consttime_swap +BN_copy +BN_dec2bn +BN_div +BN_div_recp +BN_div_word +BN_dup +BN_exp +BN_free +BN_from_montgomery +BN_gcd +BN_generate_prime +BN_generate_prime_ex +BN_get0_nist_prime_192 +BN_get0_nist_prime_224 +BN_get0_nist_prime_256 +BN_get0_nist_prime_384 +BN_get0_nist_prime_521 +BN_get_params +BN_get_rfc2409_prime_1024 +BN_get_rfc2409_prime_768 +BN_get_rfc3526_prime_1536 +BN_get_rfc3526_prime_2048 +BN_get_rfc3526_prime_3072 +BN_get_rfc3526_prime_4096 +BN_get_rfc3526_prime_6144 +BN_get_rfc3526_prime_8192 +BN_get_word +BN_hex2bn +BN_init +BN_is_bit_set +BN_is_prime +BN_is_prime_ex +BN_is_prime_fasttest +BN_is_prime_fasttest_ex +BN_kronecker +BN_lshift +BN_lshift1 +BN_mask_bits +BN_mod_add +BN_mod_add_quick +BN_mod_exp +BN_mod_exp2_mont +BN_mod_exp_mont +BN_mod_exp_mont_consttime +BN_mod_exp_mont_word +BN_mod_exp_recp +BN_mod_exp_simple +BN_mod_inverse +BN_mod_lshift +BN_mod_lshift1 +BN_mod_lshift1_quick +BN_mod_lshift_quick +BN_mod_mul +BN_mod_mul_montgomery +BN_mod_mul_reciprocal +BN_mod_sqr +BN_mod_sqrt +BN_mod_sub +BN_mod_sub_quick +BN_mod_word +BN_mpi2bn +BN_mul +BN_mul_word +BN_new +BN_nist_mod_192 +BN_nist_mod_224 +BN_nist_mod_256 +BN_nist_mod_384 +BN_nist_mod_521 +BN_nnmod +BN_num_bits +BN_num_bits_word +BN_options +BN_print +BN_print_fp +BN_pseudo_rand +BN_pseudo_rand_range +BN_rand +BN_rand_range +BN_reciprocal +BN_rshift +BN_rshift1 +BN_set_bit +BN_set_negative +BN_set_params +BN_set_word +BN_sqr +BN_sub +BN_sub_word +BN_swap +BN_to_ASN1_ENUMERATED +BN_to_ASN1_INTEGER +BN_uadd +BN_ucmp +BN_usub +BN_value_one +BUF_MEM_free +BUF_MEM_grow +BUF_MEM_grow_clean +BUF_MEM_new +BUF_memdup +BUF_reverse +BUF_strdup +BUF_strlcat +BUF_strlcpy +BUF_strndup +CAST_cbc_encrypt +CAST_cfb64_encrypt +CAST_decrypt +CAST_ecb_encrypt +CAST_encrypt +CAST_ofb64_encrypt +CAST_set_key +CBIGNUM_it +CERTIFICATEPOLICIES_free +CERTIFICATEPOLICIES_it +CERTIFICATEPOLICIES_new +CMAC_CTX_cleanup +CMAC_CTX_copy +CMAC_CTX_free +CMAC_CTX_get0_cipher_ctx +CMAC_CTX_new +CMAC_Final +CMAC_Init +CMAC_Update +CMAC_resume +COMP_CTX_free +COMP_CTX_new +COMP_compress_block +COMP_expand_block +COMP_rle +COMP_zlib +COMP_zlib_cleanup +CONF_dump_bio +CONF_dump_fp +CONF_free +CONF_get1_default_config_file +CONF_get_number +CONF_get_section +CONF_get_string +CONF_imodule_get_flags +CONF_imodule_get_module +CONF_imodule_get_name +CONF_imodule_get_usr_data +CONF_imodule_get_value +CONF_imodule_set_flags +CONF_imodule_set_usr_data +CONF_load +CONF_load_bio +CONF_load_fp +CONF_module_add +CONF_module_get_usr_data +CONF_module_set_usr_data +CONF_modules_finish +CONF_modules_free +CONF_modules_load +CONF_modules_load_file +CONF_modules_unload +CONF_parse_list +CONF_set_default_method +CONF_set_nconf +CRL_DIST_POINTS_free +CRL_DIST_POINTS_it +CRL_DIST_POINTS_new +CRYPTO_THREADID_cmp +CRYPTO_THREADID_cpy +CRYPTO_THREADID_current +CRYPTO_THREADID_get_callback +CRYPTO_THREADID_hash +CRYPTO_THREADID_set_callback +CRYPTO_THREADID_set_numeric +CRYPTO_THREADID_set_pointer +CRYPTO_add_lock +CRYPTO_cbc128_decrypt +CRYPTO_cbc128_encrypt +CRYPTO_ccm128_aad +CRYPTO_ccm128_decrypt +CRYPTO_ccm128_decrypt_ccm64 +CRYPTO_ccm128_encrypt +CRYPTO_ccm128_encrypt_ccm64 +CRYPTO_ccm128_init +CRYPTO_ccm128_setiv +CRYPTO_ccm128_tag +CRYPTO_cfb128_1_encrypt +CRYPTO_cfb128_8_encrypt +CRYPTO_cfb128_encrypt +CRYPTO_chacha_20 +CRYPTO_cleanup_all_ex_data +CRYPTO_ctr128_encrypt +CRYPTO_ctr128_encrypt_ctr32 +CRYPTO_cts128_decrypt +CRYPTO_cts128_decrypt_block +CRYPTO_cts128_encrypt +CRYPTO_cts128_encrypt_block +CRYPTO_dbg_free +CRYPTO_dbg_get_options +CRYPTO_dbg_malloc +CRYPTO_dbg_realloc +CRYPTO_dbg_set_options +CRYPTO_destroy_dynlockid +CRYPTO_dup_ex_data +CRYPTO_ex_data_new_class +CRYPTO_free +CRYPTO_free_ex_data +CRYPTO_free_locked +CRYPTO_gcm128_aad +CRYPTO_gcm128_decrypt +CRYPTO_gcm128_decrypt_ctr32 +CRYPTO_gcm128_encrypt +CRYPTO_gcm128_encrypt_ctr32 +CRYPTO_gcm128_finish +CRYPTO_gcm128_init +CRYPTO_gcm128_new +CRYPTO_gcm128_release +CRYPTO_gcm128_setiv +CRYPTO_gcm128_tag +CRYPTO_get_add_lock_callback +CRYPTO_get_dynlock_create_callback +CRYPTO_get_dynlock_destroy_callback +CRYPTO_get_dynlock_lock_callback +CRYPTO_get_dynlock_value +CRYPTO_get_ex_data +CRYPTO_get_ex_data_implementation +CRYPTO_get_ex_new_index +CRYPTO_get_id_callback +CRYPTO_get_lock_name +CRYPTO_get_locked_mem_ex_functions +CRYPTO_get_locked_mem_functions +CRYPTO_get_locking_callback +CRYPTO_get_mem_debug_functions +CRYPTO_get_mem_debug_options +CRYPTO_get_mem_ex_functions +CRYPTO_get_mem_functions +CRYPTO_get_new_dynlockid +CRYPTO_get_new_lockid +CRYPTO_hchacha_20 +CRYPTO_is_mem_check_on +CRYPTO_lock +CRYPTO_malloc +CRYPTO_malloc_locked +CRYPTO_mem_ctrl +CRYPTO_mem_leaks +CRYPTO_mem_leaks_cb +CRYPTO_mem_leaks_fp +CRYPTO_memcmp +CRYPTO_new_ex_data +CRYPTO_nistcts128_decrypt +CRYPTO_nistcts128_decrypt_block +CRYPTO_nistcts128_encrypt +CRYPTO_nistcts128_encrypt_block +CRYPTO_num_locks +CRYPTO_ofb128_encrypt +CRYPTO_poly1305_finish +CRYPTO_poly1305_init +CRYPTO_poly1305_update +CRYPTO_pop_info +CRYPTO_push_info_ +CRYPTO_realloc +CRYPTO_realloc_clean +CRYPTO_remalloc +CRYPTO_remove_all_info +CRYPTO_set_add_lock_callback +CRYPTO_set_dynlock_create_callback +CRYPTO_set_dynlock_destroy_callback +CRYPTO_set_dynlock_lock_callback +CRYPTO_set_ex_data +CRYPTO_set_ex_data_implementation +CRYPTO_set_id_callback +CRYPTO_set_locked_mem_ex_functions +CRYPTO_set_locked_mem_functions +CRYPTO_set_locking_callback +CRYPTO_set_mem_debug_functions +CRYPTO_set_mem_debug_options +CRYPTO_set_mem_ex_functions +CRYPTO_set_mem_functions +CRYPTO_strdup +CRYPTO_thread_id +CRYPTO_xchacha_20 +CRYPTO_xts128_encrypt +Camellia_cbc_encrypt +Camellia_cfb128_encrypt +Camellia_cfb1_encrypt +Camellia_cfb8_encrypt +Camellia_ctr128_encrypt +Camellia_decrypt +Camellia_ecb_encrypt +Camellia_encrypt +Camellia_ofb128_encrypt +Camellia_set_key +ChaCha +ChaCha_set_iv +ChaCha_set_key +DES_cbc_cksum +DES_cbc_encrypt +DES_cfb64_encrypt +DES_cfb_encrypt +DES_check_key +DES_check_key_parity +DES_crypt +DES_decrypt3 +DES_ecb3_encrypt +DES_ecb_encrypt +DES_ede3_cbc_encrypt +DES_ede3_cbcm_encrypt +DES_ede3_cfb64_encrypt +DES_ede3_cfb_encrypt +DES_ede3_ofb64_encrypt +DES_enc_read +DES_enc_write +DES_encrypt1 +DES_encrypt2 +DES_encrypt3 +DES_fcrypt +DES_is_weak_key +DES_key_sched +DES_ncbc_encrypt +DES_ofb64_encrypt +DES_ofb_encrypt +DES_options +DES_pcbc_encrypt +DES_quad_cksum +DES_random_key +DES_rw_mode +DES_set_key +DES_set_key_checked +DES_set_key_unchecked +DES_set_odd_parity +DES_string_to_2keys +DES_string_to_key +DES_xcbc_encrypt +DH_OpenSSL +DH_bits +DH_check +DH_check_pub_key +DH_clear_flags +DH_compute_key +DH_free +DH_generate_key +DH_generate_parameters +DH_generate_parameters_ex +DH_get0_engine +DH_get0_key +DH_get0_pqg +DH_get_default_method +DH_get_ex_data +DH_get_ex_new_index +DH_new +DH_new_method +DH_set0_key +DH_set0_pqg +DH_set_default_method +DH_set_ex_data +DH_set_flags +DH_set_length +DH_set_method +DH_size +DH_test_flags +DH_up_ref +DHparams_dup +DHparams_it +DHparams_print +DHparams_print_fp +DIRECTORYSTRING_free +DIRECTORYSTRING_it +DIRECTORYSTRING_new +DISPLAYTEXT_free +DISPLAYTEXT_it +DISPLAYTEXT_new +DIST_POINT_NAME_free +DIST_POINT_NAME_it +DIST_POINT_NAME_new +DIST_POINT_free +DIST_POINT_it +DIST_POINT_new +DIST_POINT_set_dpname +DSAPrivateKey_it +DSAPublicKey_it +DSA_OpenSSL +DSA_SIG_free +DSA_SIG_get0 +DSA_SIG_it +DSA_SIG_new +DSA_SIG_set0 +DSA_clear_flags +DSA_do_sign +DSA_do_verify +DSA_dup_DH +DSA_free +DSA_generate_key +DSA_generate_parameters +DSA_generate_parameters_ex +DSA_get0_engine +DSA_get0_key +DSA_get0_pqg +DSA_get_default_method +DSA_get_ex_data +DSA_get_ex_new_index +DSA_meth_dup +DSA_meth_free +DSA_meth_new +DSA_meth_set_finish +DSA_meth_set_sign +DSA_new +DSA_new_method +DSA_print +DSA_print_fp +DSA_set0_key +DSA_set0_pqg +DSA_set_default_method +DSA_set_ex_data +DSA_set_flags +DSA_set_method +DSA_sign +DSA_sign_setup +DSA_size +DSA_test_flags +DSA_up_ref +DSA_verify +DSAparams_dup +DSAparams_it +DSAparams_print +DSAparams_print_fp +DSO_METHOD_dlfcn +DSO_METHOD_null +DSO_METHOD_openssl +DSO_bind_func +DSO_bind_var +DSO_convert_filename +DSO_ctrl +DSO_flags +DSO_free +DSO_get_default_method +DSO_get_filename +DSO_get_loaded_filename +DSO_get_method +DSO_global_lookup +DSO_load +DSO_merge +DSO_new +DSO_new_method +DSO_pathbyaddr +DSO_set_default_method +DSO_set_filename +DSO_set_method +DSO_set_name_converter +DSO_up_ref +ECDH_OpenSSL +ECDH_compute_key +ECDH_get_default_method +ECDH_get_ex_data +ECDH_get_ex_new_index +ECDH_set_default_method +ECDH_set_ex_data +ECDH_set_method +ECDH_size +ECDSA_OpenSSL +ECDSA_SIG_free +ECDSA_SIG_get0 +ECDSA_SIG_it +ECDSA_SIG_new +ECDSA_SIG_set0 +ECDSA_do_sign +ECDSA_do_sign_ex +ECDSA_do_verify +ECDSA_get_default_method +ECDSA_get_ex_data +ECDSA_get_ex_new_index +ECDSA_set_default_method +ECDSA_set_ex_data +ECDSA_set_method +ECDSA_sign +ECDSA_sign_ex +ECDSA_sign_setup +ECDSA_size +ECDSA_verify +ECPARAMETERS_free +ECPARAMETERS_it +ECPARAMETERS_new +ECPKPARAMETERS_free +ECPKPARAMETERS_it +ECPKPARAMETERS_new +ECPKParameters_print +ECPKParameters_print_fp +ECParameters_dup +ECParameters_print +ECParameters_print_fp +EC_GF2m_simple_method +EC_GFp_mont_method +EC_GFp_nist_method +EC_GFp_simple_method +EC_GROUP_check +EC_GROUP_check_discriminant +EC_GROUP_clear_free +EC_GROUP_cmp +EC_GROUP_copy +EC_GROUP_dup +EC_GROUP_free +EC_GROUP_get0_generator +EC_GROUP_get0_seed +EC_GROUP_get_asn1_flag +EC_GROUP_get_basis_type +EC_GROUP_get_cofactor +EC_GROUP_get_curve_GF2m +EC_GROUP_get_curve_GFp +EC_GROUP_get_curve_name +EC_GROUP_get_degree +EC_GROUP_get_order +EC_GROUP_get_pentanomial_basis +EC_GROUP_get_point_conversion_form +EC_GROUP_get_seed_len +EC_GROUP_get_trinomial_basis +EC_GROUP_have_precompute_mult +EC_GROUP_method_of +EC_GROUP_new +EC_GROUP_new_by_curve_name +EC_GROUP_new_curve_GF2m +EC_GROUP_new_curve_GFp +EC_GROUP_precompute_mult +EC_GROUP_set_asn1_flag +EC_GROUP_set_curve_GF2m +EC_GROUP_set_curve_GFp +EC_GROUP_set_curve_name +EC_GROUP_set_generator +EC_GROUP_set_point_conversion_form +EC_GROUP_set_seed +EC_KEY_METHOD_free +EC_KEY_METHOD_get_compute_key +EC_KEY_METHOD_get_init +EC_KEY_METHOD_get_keygen +EC_KEY_METHOD_get_sign +EC_KEY_METHOD_get_verify +EC_KEY_METHOD_new +EC_KEY_METHOD_set_compute_key +EC_KEY_METHOD_set_init +EC_KEY_METHOD_set_keygen +EC_KEY_METHOD_set_sign +EC_KEY_METHOD_set_verify +EC_KEY_OpenSSL +EC_KEY_check_key +EC_KEY_clear_flags +EC_KEY_copy +EC_KEY_dup +EC_KEY_free +EC_KEY_generate_key +EC_KEY_get0_group +EC_KEY_get0_private_key +EC_KEY_get0_public_key +EC_KEY_get_conv_form +EC_KEY_get_default_method +EC_KEY_get_enc_flags +EC_KEY_get_ex_data +EC_KEY_get_flags +EC_KEY_get_key_method_data +EC_KEY_get_method +EC_KEY_insert_key_method_data +EC_KEY_new +EC_KEY_new_by_curve_name +EC_KEY_new_method +EC_KEY_precompute_mult +EC_KEY_print +EC_KEY_print_fp +EC_KEY_set_asn1_flag +EC_KEY_set_conv_form +EC_KEY_set_default_method +EC_KEY_set_enc_flags +EC_KEY_set_ex_data +EC_KEY_set_flags +EC_KEY_set_group +EC_KEY_set_method +EC_KEY_set_private_key +EC_KEY_set_public_key +EC_KEY_set_public_key_affine_coordinates +EC_KEY_up_ref +EC_METHOD_get_field_type +EC_POINT_add +EC_POINT_bn2point +EC_POINT_clear_free +EC_POINT_cmp +EC_POINT_copy +EC_POINT_dbl +EC_POINT_dup +EC_POINT_free +EC_POINT_get_Jprojective_coordinates_GFp +EC_POINT_get_affine_coordinates_GF2m +EC_POINT_get_affine_coordinates_GFp +EC_POINT_hex2point +EC_POINT_invert +EC_POINT_is_at_infinity +EC_POINT_is_on_curve +EC_POINT_make_affine +EC_POINT_method_of +EC_POINT_mul +EC_POINT_new +EC_POINT_oct2point +EC_POINT_point2bn +EC_POINT_point2hex +EC_POINT_point2oct +EC_POINT_set_Jprojective_coordinates_GFp +EC_POINT_set_affine_coordinates_GF2m +EC_POINT_set_affine_coordinates_GFp +EC_POINT_set_compressed_coordinates_GF2m +EC_POINT_set_compressed_coordinates_GFp +EC_POINT_set_to_infinity +EC_POINTs_make_affine +EC_POINTs_mul +EC_PRIVATEKEY_free +EC_PRIVATEKEY_it +EC_PRIVATEKEY_new +EC_curve_nid2nist +EC_curve_nist2nid +EC_get_builtin_curves +EDIPARTYNAME_free +EDIPARTYNAME_it +EDIPARTYNAME_new +ENGINE_add +ENGINE_add_conf_module +ENGINE_by_id +ENGINE_cleanup +ENGINE_cmd_is_executable +ENGINE_ctrl +ENGINE_ctrl_cmd +ENGINE_ctrl_cmd_string +ENGINE_finish +ENGINE_free +ENGINE_get_DH +ENGINE_get_DSA +ENGINE_get_EC +ENGINE_get_ECDH +ENGINE_get_ECDSA +ENGINE_get_RAND +ENGINE_get_RSA +ENGINE_get_STORE +ENGINE_get_cipher +ENGINE_get_cipher_engine +ENGINE_get_ciphers +ENGINE_get_cmd_defns +ENGINE_get_ctrl_function +ENGINE_get_default_DH +ENGINE_get_default_DSA +ENGINE_get_default_EC +ENGINE_get_default_ECDH +ENGINE_get_default_ECDSA +ENGINE_get_default_RAND +ENGINE_get_default_RSA +ENGINE_get_destroy_function +ENGINE_get_digest +ENGINE_get_digest_engine +ENGINE_get_digests +ENGINE_get_ex_data +ENGINE_get_ex_new_index +ENGINE_get_finish_function +ENGINE_get_first +ENGINE_get_flags +ENGINE_get_id +ENGINE_get_init_function +ENGINE_get_last +ENGINE_get_load_privkey_function +ENGINE_get_load_pubkey_function +ENGINE_get_name +ENGINE_get_next +ENGINE_get_pkey_asn1_meth +ENGINE_get_pkey_asn1_meth_engine +ENGINE_get_pkey_asn1_meth_str +ENGINE_get_pkey_asn1_meths +ENGINE_get_pkey_meth +ENGINE_get_pkey_meth_engine +ENGINE_get_pkey_meths +ENGINE_get_prev +ENGINE_get_ssl_client_cert_function +ENGINE_get_static_state +ENGINE_get_table_flags +ENGINE_init +ENGINE_load_builtin_engines +ENGINE_load_dynamic +ENGINE_load_openssl +ENGINE_load_private_key +ENGINE_load_public_key +ENGINE_load_ssl_client_cert +ENGINE_new +ENGINE_pkey_asn1_find_str +ENGINE_register_DH +ENGINE_register_DSA +ENGINE_register_EC +ENGINE_register_ECDH +ENGINE_register_ECDSA +ENGINE_register_RAND +ENGINE_register_RSA +ENGINE_register_STORE +ENGINE_register_all_DH +ENGINE_register_all_DSA +ENGINE_register_all_EC +ENGINE_register_all_ECDH +ENGINE_register_all_ECDSA +ENGINE_register_all_RAND +ENGINE_register_all_RSA +ENGINE_register_all_STORE +ENGINE_register_all_ciphers +ENGINE_register_all_complete +ENGINE_register_all_digests +ENGINE_register_all_pkey_asn1_meths +ENGINE_register_all_pkey_meths +ENGINE_register_ciphers +ENGINE_register_complete +ENGINE_register_digests +ENGINE_register_pkey_asn1_meths +ENGINE_register_pkey_meths +ENGINE_remove +ENGINE_set_DH +ENGINE_set_DSA +ENGINE_set_EC +ENGINE_set_ECDH +ENGINE_set_ECDSA +ENGINE_set_RAND +ENGINE_set_RSA +ENGINE_set_STORE +ENGINE_set_ciphers +ENGINE_set_cmd_defns +ENGINE_set_ctrl_function +ENGINE_set_default +ENGINE_set_default_DH +ENGINE_set_default_DSA +ENGINE_set_default_EC +ENGINE_set_default_ECDH +ENGINE_set_default_ECDSA +ENGINE_set_default_RAND +ENGINE_set_default_RSA +ENGINE_set_default_ciphers +ENGINE_set_default_digests +ENGINE_set_default_pkey_asn1_meths +ENGINE_set_default_pkey_meths +ENGINE_set_default_string +ENGINE_set_destroy_function +ENGINE_set_digests +ENGINE_set_ex_data +ENGINE_set_finish_function +ENGINE_set_flags +ENGINE_set_id +ENGINE_set_init_function +ENGINE_set_load_privkey_function +ENGINE_set_load_pubkey_function +ENGINE_set_load_ssl_client_cert_function +ENGINE_set_name +ENGINE_set_pkey_asn1_meths +ENGINE_set_pkey_meths +ENGINE_set_table_flags +ENGINE_unregister_DH +ENGINE_unregister_DSA +ENGINE_unregister_EC +ENGINE_unregister_ECDH +ENGINE_unregister_ECDSA +ENGINE_unregister_RAND +ENGINE_unregister_RSA +ENGINE_unregister_STORE +ENGINE_unregister_ciphers +ENGINE_unregister_digests +ENGINE_unregister_pkey_asn1_meths +ENGINE_unregister_pkey_meths +ENGINE_up_ref +ERR_add_error_data +ERR_add_error_vdata +ERR_asprintf_error_data +ERR_clear_error +ERR_error_string +ERR_error_string_n +ERR_free_strings +ERR_func_error_string +ERR_get_err_state_table +ERR_get_error +ERR_get_error_line +ERR_get_error_line_data +ERR_get_implementation +ERR_get_next_error_library +ERR_get_state +ERR_get_string_table +ERR_lib_error_string +ERR_load_ASN1_strings +ERR_load_BIO_strings +ERR_load_BN_strings +ERR_load_BUF_strings +ERR_load_COMP_strings +ERR_load_CONF_strings +ERR_load_CRYPTO_strings +ERR_load_DH_strings +ERR_load_DSA_strings +ERR_load_DSO_strings +ERR_load_ECDH_strings +ERR_load_ECDSA_strings +ERR_load_EC_strings +ERR_load_ENGINE_strings +ERR_load_ERR_strings +ERR_load_EVP_strings +ERR_load_GOST_strings +ERR_load_OBJ_strings +ERR_load_OCSP_strings +ERR_load_PEM_strings +ERR_load_PKCS12_strings +ERR_load_PKCS7_strings +ERR_load_RAND_strings +ERR_load_RSA_strings +ERR_load_SM2_strings +ERR_load_TS_strings +ERR_load_UI_strings +ERR_load_X509V3_strings +ERR_load_X509_strings +ERR_load_crypto_strings +ERR_load_strings +ERR_peek_error +ERR_peek_error_line +ERR_peek_error_line_data +ERR_peek_last_error +ERR_peek_last_error_line +ERR_peek_last_error_line_data +ERR_pop_to_mark +ERR_print_errors +ERR_print_errors_cb +ERR_print_errors_fp +ERR_put_error +ERR_reason_error_string +ERR_release_err_state_table +ERR_remove_state +ERR_remove_thread_state +ERR_set_error_data +ERR_set_implementation +ERR_set_mark +ERR_unload_strings +ESS_CERT_ID_dup +ESS_CERT_ID_free +ESS_CERT_ID_it +ESS_CERT_ID_new +ESS_ISSUER_SERIAL_dup +ESS_ISSUER_SERIAL_free +ESS_ISSUER_SERIAL_it +ESS_ISSUER_SERIAL_new +ESS_SIGNING_CERT_dup +ESS_SIGNING_CERT_free +ESS_SIGNING_CERT_it +ESS_SIGNING_CERT_new +EVP_AEAD_CTX_cleanup +EVP_AEAD_CTX_init +EVP_AEAD_CTX_open +EVP_AEAD_CTX_seal +EVP_AEAD_key_length +EVP_AEAD_max_overhead +EVP_AEAD_max_tag_len +EVP_AEAD_nonce_length +EVP_BytesToKey +EVP_CIPHER_CTX_block_size +EVP_CIPHER_CTX_cipher +EVP_CIPHER_CTX_cleanup +EVP_CIPHER_CTX_clear_flags +EVP_CIPHER_CTX_copy +EVP_CIPHER_CTX_ctrl +EVP_CIPHER_CTX_encrypting +EVP_CIPHER_CTX_flags +EVP_CIPHER_CTX_free +EVP_CIPHER_CTX_get_app_data +EVP_CIPHER_CTX_get_iv +EVP_CIPHER_CTX_init +EVP_CIPHER_CTX_iv_length +EVP_CIPHER_CTX_key_length +EVP_CIPHER_CTX_new +EVP_CIPHER_CTX_nid +EVP_CIPHER_CTX_rand_key +EVP_CIPHER_CTX_reset +EVP_CIPHER_CTX_set_app_data +EVP_CIPHER_CTX_set_flags +EVP_CIPHER_CTX_set_iv +EVP_CIPHER_CTX_set_key_length +EVP_CIPHER_CTX_set_padding +EVP_CIPHER_CTX_test_flags +EVP_CIPHER_asn1_to_param +EVP_CIPHER_block_size +EVP_CIPHER_do_all +EVP_CIPHER_do_all_sorted +EVP_CIPHER_flags +EVP_CIPHER_get_asn1_iv +EVP_CIPHER_iv_length +EVP_CIPHER_key_length +EVP_CIPHER_nid +EVP_CIPHER_param_to_asn1 +EVP_CIPHER_set_asn1_iv +EVP_CIPHER_type +EVP_Cipher +EVP_CipherFinal +EVP_CipherFinal_ex +EVP_CipherInit +EVP_CipherInit_ex +EVP_CipherUpdate +EVP_DecodeBlock +EVP_DecodeFinal +EVP_DecodeInit +EVP_DecodeUpdate +EVP_DecryptFinal +EVP_DecryptFinal_ex +EVP_DecryptInit +EVP_DecryptInit_ex +EVP_DecryptUpdate +EVP_Digest +EVP_DigestFinal +EVP_DigestFinal_ex +EVP_DigestInit +EVP_DigestInit_ex +EVP_DigestSignFinal +EVP_DigestSignInit +EVP_DigestUpdate +EVP_DigestVerifyFinal +EVP_DigestVerifyInit +EVP_ENCODE_CTX_free +EVP_ENCODE_CTX_new +EVP_EncodeBlock +EVP_EncodeFinal +EVP_EncodeInit +EVP_EncodeUpdate +EVP_EncryptFinal +EVP_EncryptFinal_ex +EVP_EncryptInit +EVP_EncryptInit_ex +EVP_EncryptUpdate +EVP_MD_CTX_cleanup +EVP_MD_CTX_clear_flags +EVP_MD_CTX_copy +EVP_MD_CTX_copy_ex +EVP_MD_CTX_create +EVP_MD_CTX_ctrl +EVP_MD_CTX_destroy +EVP_MD_CTX_free +EVP_MD_CTX_init +EVP_MD_CTX_md +EVP_MD_CTX_new +EVP_MD_CTX_reset +EVP_MD_CTX_set_flags +EVP_MD_CTX_test_flags +EVP_MD_block_size +EVP_MD_do_all +EVP_MD_do_all_sorted +EVP_MD_flags +EVP_MD_pkey_type +EVP_MD_size +EVP_MD_type +EVP_OpenFinal +EVP_OpenInit +EVP_PBE_CipherInit +EVP_PBE_alg_add +EVP_PBE_alg_add_type +EVP_PBE_cleanup +EVP_PBE_find +EVP_PKCS82PKEY +EVP_PKEY2PKCS8 +EVP_PKEY_CTX_ctrl +EVP_PKEY_CTX_ctrl_str +EVP_PKEY_CTX_dup +EVP_PKEY_CTX_free +EVP_PKEY_CTX_get0_peerkey +EVP_PKEY_CTX_get0_pkey +EVP_PKEY_CTX_get_app_data +EVP_PKEY_CTX_get_cb +EVP_PKEY_CTX_get_data +EVP_PKEY_CTX_get_keygen_info +EVP_PKEY_CTX_get_operation +EVP_PKEY_CTX_new +EVP_PKEY_CTX_new_id +EVP_PKEY_CTX_set0_keygen_info +EVP_PKEY_CTX_set_app_data +EVP_PKEY_CTX_set_cb +EVP_PKEY_CTX_set_data +EVP_PKEY_add1_attr +EVP_PKEY_add1_attr_by_NID +EVP_PKEY_add1_attr_by_OBJ +EVP_PKEY_add1_attr_by_txt +EVP_PKEY_asn1_add0 +EVP_PKEY_asn1_add_alias +EVP_PKEY_asn1_copy +EVP_PKEY_asn1_find +EVP_PKEY_asn1_find_str +EVP_PKEY_asn1_free +EVP_PKEY_asn1_get0 +EVP_PKEY_asn1_get0_info +EVP_PKEY_asn1_get_count +EVP_PKEY_asn1_new +EVP_PKEY_asn1_set_ctrl +EVP_PKEY_asn1_set_free +EVP_PKEY_asn1_set_param +EVP_PKEY_asn1_set_private +EVP_PKEY_asn1_set_public +EVP_PKEY_assign +EVP_PKEY_base_id +EVP_PKEY_bits +EVP_PKEY_cmp +EVP_PKEY_cmp_parameters +EVP_PKEY_copy_parameters +EVP_PKEY_decrypt +EVP_PKEY_decrypt_init +EVP_PKEY_decrypt_old +EVP_PKEY_delete_attr +EVP_PKEY_derive +EVP_PKEY_derive_init +EVP_PKEY_derive_set_peer +EVP_PKEY_encrypt +EVP_PKEY_encrypt_init +EVP_PKEY_encrypt_old +EVP_PKEY_free +EVP_PKEY_get0 +EVP_PKEY_get0_DH +EVP_PKEY_get0_DSA +EVP_PKEY_get0_EC_KEY +EVP_PKEY_get0_RSA +EVP_PKEY_get0_asn1 +EVP_PKEY_get0_hmac +EVP_PKEY_get1_DH +EVP_PKEY_get1_DSA +EVP_PKEY_get1_EC_KEY +EVP_PKEY_get1_RSA +EVP_PKEY_get_attr +EVP_PKEY_get_attr_by_NID +EVP_PKEY_get_attr_by_OBJ +EVP_PKEY_get_attr_count +EVP_PKEY_get_default_digest_nid +EVP_PKEY_id +EVP_PKEY_keygen +EVP_PKEY_keygen_init +EVP_PKEY_meth_add0 +EVP_PKEY_meth_copy +EVP_PKEY_meth_find +EVP_PKEY_meth_free +EVP_PKEY_meth_get0_info +EVP_PKEY_meth_new +EVP_PKEY_meth_set_cleanup +EVP_PKEY_meth_set_copy +EVP_PKEY_meth_set_ctrl +EVP_PKEY_meth_set_decrypt +EVP_PKEY_meth_set_derive +EVP_PKEY_meth_set_encrypt +EVP_PKEY_meth_set_init +EVP_PKEY_meth_set_keygen +EVP_PKEY_meth_set_paramgen +EVP_PKEY_meth_set_sign +EVP_PKEY_meth_set_signctx +EVP_PKEY_meth_set_verify +EVP_PKEY_meth_set_verify_recover +EVP_PKEY_meth_set_verifyctx +EVP_PKEY_missing_parameters +EVP_PKEY_new +EVP_PKEY_new_mac_key +EVP_PKEY_paramgen +EVP_PKEY_paramgen_init +EVP_PKEY_print_params +EVP_PKEY_print_private +EVP_PKEY_print_public +EVP_PKEY_save_parameters +EVP_PKEY_set1_DH +EVP_PKEY_set1_DSA +EVP_PKEY_set1_EC_KEY +EVP_PKEY_set1_RSA +EVP_PKEY_set_type +EVP_PKEY_set_type_str +EVP_PKEY_set_alias_type +EVP_PKEY_sign +EVP_PKEY_sign_init +EVP_PKEY_size +EVP_PKEY_type +EVP_PKEY_up_ref +EVP_PKEY_verify +EVP_PKEY_verify_init +EVP_PKEY_verify_recover +EVP_PKEY_verify_recover_init +EVP_SealFinal +EVP_SealInit +EVP_SignFinal +EVP_VerifyFinal +EVP_add_cipher +EVP_add_digest +EVP_aead_aes_128_gcm +EVP_aead_aes_256_gcm +EVP_aead_chacha20_poly1305 +EVP_aead_xchacha20_poly1305 +EVP_aes_128_cbc +EVP_aes_128_cbc_hmac_sha1 +EVP_aes_128_ccm +EVP_aes_128_cfb +EVP_aes_128_cfb1 +EVP_aes_128_cfb128 +EVP_aes_128_cfb8 +EVP_aes_128_ctr +EVP_aes_128_ecb +EVP_aes_128_gcm +EVP_aes_128_ofb +EVP_aes_128_wrap +EVP_aes_128_xts +EVP_aes_192_cbc +EVP_aes_192_ccm +EVP_aes_192_cfb +EVP_aes_192_cfb1 +EVP_aes_192_cfb128 +EVP_aes_192_cfb8 +EVP_aes_192_ctr +EVP_aes_192_ecb +EVP_aes_192_gcm +EVP_aes_192_ofb +EVP_aes_192_wrap +EVP_aes_256_cbc +EVP_aes_256_cbc_hmac_sha1 +EVP_aes_256_ccm +EVP_aes_256_cfb +EVP_aes_256_cfb1 +EVP_aes_256_cfb128 +EVP_aes_256_cfb8 +EVP_aes_256_ctr +EVP_aes_256_ecb +EVP_aes_256_gcm +EVP_aes_256_ofb +EVP_aes_256_wrap +EVP_aes_256_xts +EVP_bf_cbc +EVP_bf_cfb +EVP_bf_cfb64 +EVP_bf_ecb +EVP_bf_ofb +EVP_camellia_128_cbc +EVP_camellia_128_cfb1 +EVP_camellia_128_cfb128 +EVP_camellia_128_cfb8 +EVP_camellia_128_ecb +EVP_camellia_128_ofb +EVP_camellia_192_cbc +EVP_camellia_192_cfb1 +EVP_camellia_192_cfb128 +EVP_camellia_192_cfb8 +EVP_camellia_192_ecb +EVP_camellia_192_ofb +EVP_camellia_256_cbc +EVP_camellia_256_cfb1 +EVP_camellia_256_cfb128 +EVP_camellia_256_cfb8 +EVP_camellia_256_ecb +EVP_camellia_256_ofb +EVP_cast5_cbc +EVP_cast5_cfb +EVP_cast5_cfb64 +EVP_cast5_ecb +EVP_cast5_ofb +EVP_chacha20 +EVP_cleanup +EVP_des_cbc +EVP_des_cfb +EVP_des_cfb1 +EVP_des_cfb64 +EVP_des_cfb8 +EVP_des_ecb +EVP_des_ede +EVP_des_ede3 +EVP_des_ede3_cbc +EVP_des_ede3_cfb +EVP_des_ede3_cfb1 +EVP_des_ede3_cfb64 +EVP_des_ede3_cfb8 +EVP_des_ede3_ecb +EVP_des_ede3_ofb +EVP_des_ede_cbc +EVP_des_ede_cfb +EVP_des_ede_cfb64 +EVP_des_ede_ecb +EVP_des_ede_ofb +EVP_des_ofb +EVP_desx_cbc +EVP_dss +EVP_dss1 +EVP_ecdsa +EVP_enc_null +EVP_get_cipherbyname +EVP_get_digestbyname +EVP_get_pw_prompt +EVP_gost2814789_cfb64 +EVP_gost2814789_cnt +EVP_gost2814789_ecb +EVP_gost2814789imit +EVP_gostr341194 +EVP_idea_cbc +EVP_idea_cfb +EVP_idea_cfb64 +EVP_idea_ecb +EVP_idea_ofb +EVP_md4 +EVP_md5 +EVP_md5_sha1 +EVP_md_null +EVP_rc2_40_cbc +EVP_rc2_64_cbc +EVP_rc2_cbc +EVP_rc2_cfb +EVP_rc2_cfb64 +EVP_rc2_ecb +EVP_rc2_ofb +EVP_rc4 +EVP_rc4_40 +EVP_rc4_hmac_md5 +EVP_read_pw_string +EVP_read_pw_string_min +EVP_ripemd160 +EVP_set_pw_prompt +EVP_sha1 +EVP_sha224 +EVP_sha256 +EVP_sha384 +EVP_sha512 +EVP_sm3 +EVP_sm4_cbc +EVP_sm4_cfb128 +EVP_sm4_ctr +EVP_sm4_ecb +EVP_sm4_ofb +EVP_streebog256 +EVP_streebog512 +EVP_whirlpool +EXTENDED_KEY_USAGE_free +EXTENDED_KEY_USAGE_it +EXTENDED_KEY_USAGE_new +GENERAL_NAMES_free +GENERAL_NAMES_it +GENERAL_NAMES_new +GENERAL_NAME_cmp +GENERAL_NAME_dup +GENERAL_NAME_free +GENERAL_NAME_get0_otherName +GENERAL_NAME_get0_value +GENERAL_NAME_it +GENERAL_NAME_new +GENERAL_NAME_print +GENERAL_NAME_set0_othername +GENERAL_NAME_set0_value +GENERAL_SUBTREE_free +GENERAL_SUBTREE_it +GENERAL_SUBTREE_new +GOST2814789IMIT +GOST2814789IMIT_Final +GOST2814789IMIT_Init +GOST2814789IMIT_Transform +GOST2814789IMIT_Update +GOSTR341194 +GOSTR341194_Final +GOSTR341194_Init +GOSTR341194_Transform +GOSTR341194_Update +GOST_CIPHER_PARAMS_free +GOST_CIPHER_PARAMS_it +GOST_CIPHER_PARAMS_new +GOST_KEY_check_key +GOST_KEY_free +GOST_KEY_get0_group +GOST_KEY_get0_private_key +GOST_KEY_get0_public_key +GOST_KEY_get_digest +GOST_KEY_get_size +GOST_KEY_new +GOST_KEY_set_digest +GOST_KEY_set_group +GOST_KEY_set_private_key +GOST_KEY_set_public_key +GOST_KEY_set_public_key_affine_coordinates +Gost2814789_cfb64_encrypt +Gost2814789_cnt_encrypt +Gost2814789_ecb_encrypt +Gost2814789_set_key +Gost2814789_set_sbox +HKDF +HKDF_expand +HKDF_extract +HMAC +HMAC_CTX_cleanup +HMAC_CTX_copy +HMAC_CTX_free +HMAC_CTX_get_md +HMAC_CTX_init +HMAC_CTX_new +HMAC_CTX_reset +HMAC_CTX_set_flags +HMAC_Final +HMAC_Init +HMAC_Init_ex +HMAC_Update +ISSUING_DIST_POINT_free +ISSUING_DIST_POINT_it +ISSUING_DIST_POINT_new +LONG_it +MD4 +MD4_Final +MD4_Init +MD4_Transform +MD4_Update +MD5 +MD5_Final +MD5_Init +MD5_Transform +MD5_Update +NAME_CONSTRAINTS_check +NAME_CONSTRAINTS_free +NAME_CONSTRAINTS_it +NAME_CONSTRAINTS_new +NCONF_WIN32 +NCONF_default +NCONF_dump_bio +NCONF_dump_fp +NCONF_free +NCONF_free_data +NCONF_get_number_e +NCONF_get_section +NCONF_get_string +NCONF_load +NCONF_load_bio +NCONF_load_fp +NCONF_new +NETSCAPE_CERT_SEQUENCE_free +NETSCAPE_CERT_SEQUENCE_it +NETSCAPE_CERT_SEQUENCE_new +NETSCAPE_ENCRYPTED_PKEY_free +NETSCAPE_ENCRYPTED_PKEY_it +NETSCAPE_ENCRYPTED_PKEY_new +NETSCAPE_PKEY_free +NETSCAPE_PKEY_it +NETSCAPE_PKEY_new +NETSCAPE_SPKAC_free +NETSCAPE_SPKAC_it +NETSCAPE_SPKAC_new +NETSCAPE_SPKI_b64_decode +NETSCAPE_SPKI_b64_encode +NETSCAPE_SPKI_free +NETSCAPE_SPKI_get_pubkey +NETSCAPE_SPKI_it +NETSCAPE_SPKI_new +NETSCAPE_SPKI_print +NETSCAPE_SPKI_set_pubkey +NETSCAPE_SPKI_sign +NETSCAPE_SPKI_verify +NETSCAPE_X509_free +NETSCAPE_X509_it +NETSCAPE_X509_new +NOTICEREF_free +NOTICEREF_it +NOTICEREF_new +OBJ_NAME_add +OBJ_NAME_cleanup +OBJ_NAME_do_all +OBJ_NAME_do_all_sorted +OBJ_NAME_get +OBJ_NAME_init +OBJ_NAME_new_index +OBJ_NAME_remove +OBJ_add_object +OBJ_add_sigid +OBJ_bsearch_ +OBJ_bsearch_ex_ +OBJ_cleanup +OBJ_cmp +OBJ_create +OBJ_create_objects +OBJ_dup +OBJ_find_sigid_algs +OBJ_find_sigid_by_algs +OBJ_ln2nid +OBJ_new_nid +OBJ_nid2ln +OBJ_nid2obj +OBJ_nid2sn +OBJ_obj2nid +OBJ_obj2txt +OBJ_sigid_free +OBJ_sn2nid +OBJ_txt2nid +OBJ_txt2obj +OCSP_BASICRESP_add1_ext_i2d +OCSP_BASICRESP_add_ext +OCSP_BASICRESP_delete_ext +OCSP_BASICRESP_free +OCSP_BASICRESP_get1_ext_d2i +OCSP_BASICRESP_get_ext +OCSP_BASICRESP_get_ext_by_NID +OCSP_BASICRESP_get_ext_by_OBJ +OCSP_BASICRESP_get_ext_by_critical +OCSP_BASICRESP_get_ext_count +OCSP_BASICRESP_it +OCSP_BASICRESP_new +OCSP_CERTID_dup +OCSP_CERTID_free +OCSP_CERTID_it +OCSP_CERTID_new +OCSP_CERTSTATUS_free +OCSP_CERTSTATUS_it +OCSP_CERTSTATUS_new +OCSP_CRLID_free +OCSP_CRLID_it +OCSP_CRLID_new +OCSP_ONEREQ_add1_ext_i2d +OCSP_ONEREQ_add_ext +OCSP_ONEREQ_delete_ext +OCSP_ONEREQ_free +OCSP_ONEREQ_get1_ext_d2i +OCSP_ONEREQ_get_ext +OCSP_ONEREQ_get_ext_by_NID +OCSP_ONEREQ_get_ext_by_OBJ +OCSP_ONEREQ_get_ext_by_critical +OCSP_ONEREQ_get_ext_count +OCSP_ONEREQ_it +OCSP_ONEREQ_new +OCSP_REQINFO_free +OCSP_REQINFO_it +OCSP_REQINFO_new +OCSP_REQUEST_add1_ext_i2d +OCSP_REQUEST_add_ext +OCSP_REQUEST_delete_ext +OCSP_REQUEST_free +OCSP_REQUEST_get1_ext_d2i +OCSP_REQUEST_get_ext +OCSP_REQUEST_get_ext_by_NID +OCSP_REQUEST_get_ext_by_OBJ +OCSP_REQUEST_get_ext_by_critical +OCSP_REQUEST_get_ext_count +OCSP_REQUEST_it +OCSP_REQUEST_new +OCSP_REQUEST_print +OCSP_REQ_CTX_add1_header +OCSP_REQ_CTX_free +OCSP_REQ_CTX_set1_req +OCSP_RESPBYTES_free +OCSP_RESPBYTES_it +OCSP_RESPBYTES_new +OCSP_RESPDATA_free +OCSP_RESPDATA_it +OCSP_RESPDATA_new +OCSP_RESPID_free +OCSP_RESPID_it +OCSP_RESPID_new +OCSP_RESPONSE_free +OCSP_RESPONSE_it +OCSP_RESPONSE_new +OCSP_RESPONSE_print +OCSP_REVOKEDINFO_free +OCSP_REVOKEDINFO_it +OCSP_REVOKEDINFO_new +OCSP_SERVICELOC_free +OCSP_SERVICELOC_it +OCSP_SERVICELOC_new +OCSP_SIGNATURE_free +OCSP_SIGNATURE_it +OCSP_SIGNATURE_new +OCSP_SINGLERESP_add1_ext_i2d +OCSP_SINGLERESP_add_ext +OCSP_SINGLERESP_delete_ext +OCSP_SINGLERESP_free +OCSP_SINGLERESP_get0_id +OCSP_SINGLERESP_get1_ext_d2i +OCSP_SINGLERESP_get_ext +OCSP_SINGLERESP_get_ext_by_NID +OCSP_SINGLERESP_get_ext_by_OBJ +OCSP_SINGLERESP_get_ext_by_critical +OCSP_SINGLERESP_get_ext_count +OCSP_SINGLERESP_it +OCSP_SINGLERESP_new +OCSP_accept_responses_new +OCSP_archive_cutoff_new +OCSP_basic_add1_cert +OCSP_basic_add1_nonce +OCSP_basic_add1_status +OCSP_basic_sign +OCSP_basic_verify +OCSP_cert_id_new +OCSP_cert_status_str +OCSP_cert_to_id +OCSP_check_nonce +OCSP_check_validity +OCSP_copy_nonce +OCSP_crlID_new +OCSP_crl_reason_str +OCSP_id_cmp +OCSP_id_get0_info +OCSP_id_issuer_cmp +OCSP_onereq_get0_id +OCSP_parse_url +OCSP_request_add0_id +OCSP_request_add1_cert +OCSP_request_add1_nonce +OCSP_request_is_signed +OCSP_request_onereq_count +OCSP_request_onereq_get0 +OCSP_request_set1_name +OCSP_request_sign +OCSP_request_verify +OCSP_resp_count +OCSP_resp_find +OCSP_resp_find_status +OCSP_resp_get0 +OCSP_response_create +OCSP_response_get1_basic +OCSP_response_status +OCSP_response_status_str +OCSP_sendreq_bio +OCSP_sendreq_nbio +OCSP_sendreq_new +OCSP_single_get0_status +OCSP_url_svcloc_new +OPENSSL_add_all_algorithms_conf +OPENSSL_add_all_algorithms_noconf +OPENSSL_asc2uni +OPENSSL_cleanse +OPENSSL_config +OPENSSL_cpu_caps +OPENSSL_cpuid_setup +OPENSSL_ia32cap_P +OPENSSL_init +OPENSSL_init_crypto +OPENSSL_load_builtin_modules +OPENSSL_no_config +OPENSSL_strcasecmp +OPENSSL_strncasecmp +OPENSSL_uni2asc +OTHERNAME_cmp +OTHERNAME_free +OTHERNAME_it +OTHERNAME_new +OpenSSLDie +OpenSSL_add_all_ciphers +OpenSSL_add_all_digests +OpenSSL_version +OpenSSL_version_num +PBE2PARAM_free +PBE2PARAM_it +PBE2PARAM_new +PBEPARAM_free +PBEPARAM_it +PBEPARAM_new +PBKDF2PARAM_free +PBKDF2PARAM_it +PBKDF2PARAM_new +PEM_ASN1_read +PEM_ASN1_read_bio +PEM_ASN1_write +PEM_ASN1_write_bio +PEM_SealFinal +PEM_SealInit +PEM_SealUpdate +PEM_SignFinal +PEM_SignInit +PEM_SignUpdate +PEM_X509_INFO_read +PEM_X509_INFO_read_bio +PEM_X509_INFO_write_bio +PEM_bytes_read_bio +PEM_def_callback +PEM_dek_info +PEM_do_header +PEM_get_EVP_CIPHER_INFO +PEM_proc_type +PEM_read +PEM_read_DHparams +PEM_read_DSAPrivateKey +PEM_read_DSA_PUBKEY +PEM_read_DSAparams +PEM_read_ECPKParameters +PEM_read_ECPrivateKey +PEM_read_EC_PUBKEY +PEM_read_NETSCAPE_CERT_SEQUENCE +PEM_read_PKCS7 +PEM_read_PKCS8 +PEM_read_PKCS8_PRIV_KEY_INFO +PEM_read_PUBKEY +PEM_read_PrivateKey +PEM_read_RSAPrivateKey +PEM_read_RSAPublicKey +PEM_read_RSA_PUBKEY +PEM_read_X509 +PEM_read_X509_AUX +PEM_read_X509_CERT_PAIR +PEM_read_X509_CRL +PEM_read_X509_REQ +PEM_read_bio +PEM_read_bio_DHparams +PEM_read_bio_DSAPrivateKey +PEM_read_bio_DSA_PUBKEY +PEM_read_bio_DSAparams +PEM_read_bio_ECPKParameters +PEM_read_bio_ECPrivateKey +PEM_read_bio_EC_PUBKEY +PEM_read_bio_NETSCAPE_CERT_SEQUENCE +PEM_read_bio_PKCS7 +PEM_read_bio_PKCS8 +PEM_read_bio_PKCS8_PRIV_KEY_INFO +PEM_read_bio_PUBKEY +PEM_read_bio_Parameters +PEM_read_bio_PrivateKey +PEM_read_bio_RSAPrivateKey +PEM_read_bio_RSAPublicKey +PEM_read_bio_RSA_PUBKEY +PEM_read_bio_X509 +PEM_read_bio_X509_AUX +PEM_read_bio_X509_CERT_PAIR +PEM_read_bio_X509_CRL +PEM_read_bio_X509_REQ +PEM_write +PEM_write_DHparams +PEM_write_DSAPrivateKey +PEM_write_DSA_PUBKEY +PEM_write_DSAparams +PEM_write_ECPKParameters +PEM_write_ECPrivateKey +PEM_write_EC_PUBKEY +PEM_write_NETSCAPE_CERT_SEQUENCE +PEM_write_PKCS7 +PEM_write_PKCS8 +PEM_write_PKCS8PrivateKey +PEM_write_PKCS8PrivateKey_nid +PEM_write_PKCS8_PRIV_KEY_INFO +PEM_write_PUBKEY +PEM_write_PrivateKey +PEM_write_RSAPrivateKey +PEM_write_RSAPublicKey +PEM_write_RSA_PUBKEY +PEM_write_X509 +PEM_write_X509_AUX +PEM_write_X509_CERT_PAIR +PEM_write_X509_CRL +PEM_write_X509_REQ +PEM_write_X509_REQ_NEW +PEM_write_bio +PEM_write_bio_ASN1_stream +PEM_write_bio_DHparams +PEM_write_bio_DSAPrivateKey +PEM_write_bio_DSA_PUBKEY +PEM_write_bio_DSAparams +PEM_write_bio_ECPKParameters +PEM_write_bio_ECPrivateKey +PEM_write_bio_EC_PUBKEY +PEM_write_bio_NETSCAPE_CERT_SEQUENCE +PEM_write_bio_PKCS7 +PEM_write_bio_PKCS7_stream +PEM_write_bio_PKCS8 +PEM_write_bio_PKCS8PrivateKey +PEM_write_bio_PKCS8PrivateKey_nid +PEM_write_bio_PKCS8_PRIV_KEY_INFO +PEM_write_bio_PUBKEY +PEM_write_bio_Parameters +PEM_write_bio_PrivateKey +PEM_write_bio_RSAPrivateKey +PEM_write_bio_RSAPublicKey +PEM_write_bio_RSA_PUBKEY +PEM_write_bio_X509 +PEM_write_bio_X509_AUX +PEM_write_bio_X509_CERT_PAIR +PEM_write_bio_X509_CRL +PEM_write_bio_X509_REQ +PEM_write_bio_X509_REQ_NEW +PKCS12_AUTHSAFES_it +PKCS12_BAGS_free +PKCS12_BAGS_it +PKCS12_BAGS_new +PKCS12_MAC_DATA_free +PKCS12_MAC_DATA_it +PKCS12_MAC_DATA_new +PKCS12_MAKE_KEYBAG +PKCS12_MAKE_SHKEYBAG +PKCS12_PBE_add +PKCS12_PBE_keyivgen +PKCS12_SAFEBAGS_it +PKCS12_SAFEBAG_free +PKCS12_SAFEBAG_it +PKCS12_SAFEBAG_new +PKCS12_add_CSPName_asc +PKCS12_add_cert +PKCS12_add_friendlyname_asc +PKCS12_add_friendlyname_uni +PKCS12_add_key +PKCS12_add_localkeyid +PKCS12_add_safe +PKCS12_add_safes +PKCS12_certbag2x509 +PKCS12_certbag2x509crl +PKCS12_create +PKCS12_decrypt_skey +PKCS12_free +PKCS12_gen_mac +PKCS12_get_attr_gen +PKCS12_get_friendlyname +PKCS12_init +PKCS12_it +PKCS12_item_decrypt_d2i +PKCS12_item_i2d_encrypt +PKCS12_item_pack_safebag +PKCS12_key_gen_asc +PKCS12_key_gen_uni +PKCS12_new +PKCS12_newpass +PKCS12_pack_authsafes +PKCS12_pack_p7data +PKCS12_pack_p7encdata +PKCS12_parse +PKCS12_pbe_crypt +PKCS12_set_mac +PKCS12_setup_mac +PKCS12_unpack_authsafes +PKCS12_unpack_p7data +PKCS12_unpack_p7encdata +PKCS12_verify_mac +PKCS12_x5092certbag +PKCS12_x509crl2certbag +PKCS1_MGF1 +PKCS5_PBE_add +PKCS5_PBE_keyivgen +PKCS5_PBKDF2_HMAC +PKCS5_PBKDF2_HMAC_SHA1 +PKCS5_pbe2_set +PKCS5_pbe2_set_iv +PKCS5_pbe_set +PKCS5_pbe_set0_algor +PKCS5_pbkdf2_set +PKCS5_v2_PBE_keyivgen +PKCS7_ATTR_SIGN_it +PKCS7_ATTR_VERIFY_it +PKCS7_DIGEST_free +PKCS7_DIGEST_it +PKCS7_DIGEST_new +PKCS7_ENCRYPT_free +PKCS7_ENCRYPT_it +PKCS7_ENCRYPT_new +PKCS7_ENC_CONTENT_free +PKCS7_ENC_CONTENT_it +PKCS7_ENC_CONTENT_new +PKCS7_ENVELOPE_free +PKCS7_ENVELOPE_it +PKCS7_ENVELOPE_new +PKCS7_ISSUER_AND_SERIAL_digest +PKCS7_ISSUER_AND_SERIAL_free +PKCS7_ISSUER_AND_SERIAL_it +PKCS7_ISSUER_AND_SERIAL_new +PKCS7_RECIP_INFO_free +PKCS7_RECIP_INFO_get0_alg +PKCS7_RECIP_INFO_it +PKCS7_RECIP_INFO_new +PKCS7_RECIP_INFO_set +PKCS7_SIGNED_free +PKCS7_SIGNED_it +PKCS7_SIGNED_new +PKCS7_SIGNER_INFO_free +PKCS7_SIGNER_INFO_get0_algs +PKCS7_SIGNER_INFO_it +PKCS7_SIGNER_INFO_new +PKCS7_SIGNER_INFO_set +PKCS7_SIGNER_INFO_sign +PKCS7_SIGN_ENVELOPE_free +PKCS7_SIGN_ENVELOPE_it +PKCS7_SIGN_ENVELOPE_new +PKCS7_add0_attrib_signing_time +PKCS7_add1_attrib_digest +PKCS7_add_attrib_content_type +PKCS7_add_attrib_smimecap +PKCS7_add_attribute +PKCS7_add_certificate +PKCS7_add_crl +PKCS7_add_recipient +PKCS7_add_recipient_info +PKCS7_add_signature +PKCS7_add_signed_attribute +PKCS7_add_signer +PKCS7_cert_from_signer_info +PKCS7_content_new +PKCS7_ctrl +PKCS7_dataDecode +PKCS7_dataFinal +PKCS7_dataInit +PKCS7_dataVerify +PKCS7_decrypt +PKCS7_digest_from_attributes +PKCS7_dup +PKCS7_encrypt +PKCS7_final +PKCS7_free +PKCS7_get0_signers +PKCS7_get_attribute +PKCS7_get_issuer_and_serial +PKCS7_get_signed_attribute +PKCS7_get_signer_info +PKCS7_get_smimecap +PKCS7_it +PKCS7_new +PKCS7_print_ctx +PKCS7_set0_type_other +PKCS7_set_attributes +PKCS7_set_cipher +PKCS7_set_content +PKCS7_set_digest +PKCS7_set_signed_attributes +PKCS7_set_type +PKCS7_sign +PKCS7_sign_add_signer +PKCS7_signatureVerify +PKCS7_simple_smimecap +PKCS7_stream +PKCS7_to_TS_TST_INFO +PKCS7_verify +PKCS8_PRIV_KEY_INFO_free +PKCS8_PRIV_KEY_INFO_it +PKCS8_PRIV_KEY_INFO_new +PKCS8_add_keyusage +PKCS8_decrypt +PKCS8_encrypt +PKCS8_pkey_add1_attr_by_NID +PKCS8_pkey_get0 +PKCS8_pkey_get0_attrs +PKCS8_pkey_set0 +PKEY_USAGE_PERIOD_free +PKEY_USAGE_PERIOD_it +PKEY_USAGE_PERIOD_new +POLICYINFO_free +POLICYINFO_it +POLICYINFO_new +POLICYQUALINFO_free +POLICYQUALINFO_it +POLICYQUALINFO_new +POLICY_CONSTRAINTS_free +POLICY_CONSTRAINTS_it +POLICY_CONSTRAINTS_new +POLICY_MAPPINGS_it +POLICY_MAPPING_free +POLICY_MAPPING_it +POLICY_MAPPING_new +PROXY_CERT_INFO_EXTENSION_free +PROXY_CERT_INFO_EXTENSION_it +PROXY_CERT_INFO_EXTENSION_new +PROXY_POLICY_free +PROXY_POLICY_it +PROXY_POLICY_new +RAND_SSLeay +RAND_add +RAND_bytes +RAND_cleanup +RAND_file_name +RAND_get_rand_method +RAND_load_file +RAND_poll +RAND_pseudo_bytes +RAND_seed +RAND_set_rand_engine +RAND_set_rand_method +RAND_status +RAND_write_file +RC2_cbc_encrypt +RC2_cfb64_encrypt +RC2_decrypt +RC2_ecb_encrypt +RC2_encrypt +RC2_ofb64_encrypt +RC2_set_key +RC4 +RC4_options +RC4_set_key +RIPEMD160 +RIPEMD160_Final +RIPEMD160_Init +RIPEMD160_Transform +RIPEMD160_Update +RSAPrivateKey_dup +RSAPrivateKey_it +RSAPublicKey_dup +RSAPublicKey_it +RSA_PKCS1_SSLeay +RSA_PSS_PARAMS_free +RSA_PSS_PARAMS_it +RSA_PSS_PARAMS_new +RSA_X931_hash_id +RSA_bits +RSA_blinding_off +RSA_blinding_on +RSA_check_key +RSA_clear_flags +RSA_flags +RSA_free +RSA_generate_key +RSA_generate_key_ex +RSA_get0_crt_params +RSA_get0_factors +RSA_get0_key +RSA_get_default_method +RSA_get_ex_data +RSA_get_ex_new_index +RSA_get_method +RSA_meth_dup +RSA_meth_free +RSA_meth_get_finish +RSA_meth_new +RSA_meth_set1_name +RSA_meth_set_finish +RSA_meth_set_priv_dec +RSA_meth_set_priv_enc +RSA_new +RSA_new_method +RSA_padding_add_PKCS1_OAEP +RSA_padding_add_PKCS1_PSS +RSA_padding_add_PKCS1_PSS_mgf1 +RSA_padding_add_PKCS1_type_1 +RSA_padding_add_PKCS1_type_2 +RSA_padding_add_X931 +RSA_padding_add_none +RSA_padding_check_PKCS1_OAEP +RSA_padding_check_PKCS1_type_1 +RSA_padding_check_PKCS1_type_2 +RSA_padding_check_X931 +RSA_padding_check_none +RSA_print +RSA_print_fp +RSA_private_decrypt +RSA_private_encrypt +RSA_public_decrypt +RSA_public_encrypt +RSA_set0_crt_params +RSA_set0_factors +RSA_set0_key +RSA_set_default_method +RSA_set_ex_data +RSA_set_flags +RSA_set_method +RSA_setup_blinding +RSA_sign +RSA_sign_ASN1_OCTET_STRING +RSA_size +RSA_test_flags +RSA_up_ref +RSA_verify +RSA_verify_ASN1_OCTET_STRING +RSA_verify_PKCS1_PSS +RSA_verify_PKCS1_PSS_mgf1 +SHA1 +SHA1_Final +SHA1_Init +SHA1_Transform +SHA1_Update +SHA224 +SHA224_Final +SHA224_Init +SHA224_Update +SHA256 +SHA256_Final +SHA256_Init +SHA256_Transform +SHA256_Update +SHA384 +SHA384_Final +SHA384_Init +SHA384_Update +SHA512 +SHA512_Final +SHA512_Init +SHA512_Transform +SHA512_Update +SM2_ciphertext_size +SM2_decrypt +SM2_encrypt +SM2_plaintext_size +SM2_sign +SM2_verify +SM3_Final +SM3_Init +SM3_Update +SM4_decrypt +SM4_encrypt +SM4_set_key +SMIME_crlf_copy +SMIME_read_ASN1 +SMIME_read_PKCS7 +SMIME_text +SMIME_write_ASN1 +SMIME_write_PKCS7 +SSLeay +SSLeay_version +STREEBOG256 +STREEBOG256_Final +STREEBOG256_Init +STREEBOG256_Update +STREEBOG512 +STREEBOG512_Final +STREEBOG512_Init +STREEBOG512_Transform +STREEBOG512_Update +SXNETID_free +SXNETID_it +SXNETID_new +SXNET_add_id_INTEGER +SXNET_add_id_asc +SXNET_add_id_ulong +SXNET_free +SXNET_get_id_INTEGER +SXNET_get_id_asc +SXNET_get_id_ulong +SXNET_it +SXNET_new +TS_ACCURACY_dup +TS_ACCURACY_free +TS_ACCURACY_get_micros +TS_ACCURACY_get_millis +TS_ACCURACY_get_seconds +TS_ACCURACY_it +TS_ACCURACY_new +TS_ACCURACY_set_micros +TS_ACCURACY_set_millis +TS_ACCURACY_set_seconds +TS_ASN1_INTEGER_print_bio +TS_CONF_get_tsa_section +TS_CONF_load_cert +TS_CONF_load_certs +TS_CONF_load_key +TS_CONF_set_accuracy +TS_CONF_set_certs +TS_CONF_set_clock_precision_digits +TS_CONF_set_crypto_device +TS_CONF_set_def_policy +TS_CONF_set_default_engine +TS_CONF_set_digests +TS_CONF_set_ess_cert_id_chain +TS_CONF_set_ordering +TS_CONF_set_policies +TS_CONF_set_serial +TS_CONF_set_signer_cert +TS_CONF_set_signer_key +TS_CONF_set_tsa_name +TS_MSG_IMPRINT_dup +TS_MSG_IMPRINT_free +TS_MSG_IMPRINT_get_algo +TS_MSG_IMPRINT_get_msg +TS_MSG_IMPRINT_it +TS_MSG_IMPRINT_new +TS_MSG_IMPRINT_print_bio +TS_MSG_IMPRINT_set_algo +TS_MSG_IMPRINT_set_msg +TS_OBJ_print_bio +TS_REQ_add_ext +TS_REQ_delete_ext +TS_REQ_dup +TS_REQ_ext_free +TS_REQ_free +TS_REQ_get_cert_req +TS_REQ_get_ext +TS_REQ_get_ext_by_NID +TS_REQ_get_ext_by_OBJ +TS_REQ_get_ext_by_critical +TS_REQ_get_ext_count +TS_REQ_get_ext_d2i +TS_REQ_get_exts +TS_REQ_get_msg_imprint +TS_REQ_get_nonce +TS_REQ_get_policy_id +TS_REQ_get_version +TS_REQ_it +TS_REQ_new +TS_REQ_print_bio +TS_REQ_set_cert_req +TS_REQ_set_msg_imprint +TS_REQ_set_nonce +TS_REQ_set_policy_id +TS_REQ_set_version +TS_REQ_to_TS_VERIFY_CTX +TS_RESP_CTX_add_failure_info +TS_RESP_CTX_add_flags +TS_RESP_CTX_add_md +TS_RESP_CTX_add_policy +TS_RESP_CTX_free +TS_RESP_CTX_get_request +TS_RESP_CTX_get_tst_info +TS_RESP_CTX_new +TS_RESP_CTX_set_accuracy +TS_RESP_CTX_set_certs +TS_RESP_CTX_set_clock_precision_digits +TS_RESP_CTX_set_def_policy +TS_RESP_CTX_set_extension_cb +TS_RESP_CTX_set_serial_cb +TS_RESP_CTX_set_signer_cert +TS_RESP_CTX_set_signer_key +TS_RESP_CTX_set_status_info +TS_RESP_CTX_set_status_info_cond +TS_RESP_create_response +TS_RESP_dup +TS_RESP_free +TS_RESP_get_status_info +TS_RESP_get_token +TS_RESP_get_tst_info +TS_RESP_it +TS_RESP_new +TS_RESP_print_bio +TS_RESP_set_status_info +TS_RESP_set_tst_info +TS_RESP_verify_response +TS_RESP_verify_signature +TS_RESP_verify_token +TS_STATUS_INFO_dup +TS_STATUS_INFO_free +TS_STATUS_INFO_it +TS_STATUS_INFO_new +TS_STATUS_INFO_print_bio +TS_TST_INFO_add_ext +TS_TST_INFO_delete_ext +TS_TST_INFO_dup +TS_TST_INFO_ext_free +TS_TST_INFO_free +TS_TST_INFO_get_accuracy +TS_TST_INFO_get_ext +TS_TST_INFO_get_ext_by_NID +TS_TST_INFO_get_ext_by_OBJ +TS_TST_INFO_get_ext_by_critical +TS_TST_INFO_get_ext_count +TS_TST_INFO_get_ext_d2i +TS_TST_INFO_get_exts +TS_TST_INFO_get_msg_imprint +TS_TST_INFO_get_nonce +TS_TST_INFO_get_ordering +TS_TST_INFO_get_policy_id +TS_TST_INFO_get_serial +TS_TST_INFO_get_time +TS_TST_INFO_get_tsa +TS_TST_INFO_get_version +TS_TST_INFO_it +TS_TST_INFO_new +TS_TST_INFO_print_bio +TS_TST_INFO_set_accuracy +TS_TST_INFO_set_msg_imprint +TS_TST_INFO_set_nonce +TS_TST_INFO_set_ordering +TS_TST_INFO_set_policy_id +TS_TST_INFO_set_serial +TS_TST_INFO_set_time +TS_TST_INFO_set_tsa +TS_TST_INFO_set_version +TS_VERIFY_CTX_cleanup +TS_VERIFY_CTX_free +TS_VERIFY_CTX_init +TS_VERIFY_CTX_new +TS_X509_ALGOR_print_bio +TS_ext_print_bio +TXT_DB_create_index +TXT_DB_free +TXT_DB_get_by_index +TXT_DB_insert +TXT_DB_read +TXT_DB_write +UI_OpenSSL +UI_UTIL_read_pw +UI_UTIL_read_pw_string +UI_add_error_string +UI_add_info_string +UI_add_input_boolean +UI_add_input_string +UI_add_user_data +UI_add_verify_string +UI_construct_prompt +UI_create_method +UI_ctrl +UI_destroy_method +UI_dup_error_string +UI_dup_info_string +UI_dup_input_boolean +UI_dup_input_string +UI_dup_verify_string +UI_free +UI_get0_action_string +UI_get0_output_string +UI_get0_result +UI_get0_result_string +UI_get0_test_string +UI_get0_user_data +UI_get_default_method +UI_get_ex_data +UI_get_ex_new_index +UI_get_input_flags +UI_get_method +UI_get_result_maxsize +UI_get_result_minsize +UI_get_string_type +UI_method_get_closer +UI_method_get_flusher +UI_method_get_opener +UI_method_get_prompt_constructor +UI_method_get_reader +UI_method_get_writer +UI_method_set_closer +UI_method_set_flusher +UI_method_set_opener +UI_method_set_prompt_constructor +UI_method_set_reader +UI_method_set_writer +UI_new +UI_new_method +UI_process +UI_set_default_method +UI_set_ex_data +UI_set_method +UI_set_result +USERNOTICE_free +USERNOTICE_it +USERNOTICE_new +WHIRLPOOL +WHIRLPOOL_BitUpdate +WHIRLPOOL_Final +WHIRLPOOL_Init +WHIRLPOOL_Update +X25519 +X25519_keypair +X509V3_EXT_CRL_add_conf +X509V3_EXT_CRL_add_nconf +X509V3_EXT_REQ_add_conf +X509V3_EXT_REQ_add_nconf +X509V3_EXT_add +X509V3_EXT_add_alias +X509V3_EXT_add_conf +X509V3_EXT_add_list +X509V3_EXT_add_nconf +X509V3_EXT_add_nconf_sk +X509V3_EXT_cleanup +X509V3_EXT_conf +X509V3_EXT_conf_nid +X509V3_EXT_d2i +X509V3_EXT_get +X509V3_EXT_get_nid +X509V3_EXT_i2d +X509V3_EXT_nconf +X509V3_EXT_nconf_nid +X509V3_EXT_print +X509V3_EXT_print_fp +X509V3_EXT_val_prn +X509V3_NAME_from_section +X509V3_add1_i2d +X509V3_add_standard_extensions +X509V3_add_value +X509V3_add_value_bool +X509V3_add_value_bool_nf +X509V3_add_value_int +X509V3_add_value_uchar +X509V3_conf_free +X509V3_extensions_print +X509V3_get_d2i +X509V3_get_section +X509V3_get_string +X509V3_get_value_bool +X509V3_get_value_int +X509V3_parse_list +X509V3_section_free +X509V3_set_conf_lhash +X509V3_set_ctx +X509V3_set_nconf +X509V3_string_free +X509_ALGORS_it +X509_ALGOR_cmp +X509_ALGOR_dup +X509_ALGOR_free +X509_ALGOR_get0 +X509_ALGOR_it +X509_ALGOR_new +X509_ALGOR_set0 +X509_ALGOR_set_md +X509_ATTRIBUTE_SET_it +X509_ATTRIBUTE_count +X509_ATTRIBUTE_create +X509_ATTRIBUTE_create_by_NID +X509_ATTRIBUTE_create_by_OBJ +X509_ATTRIBUTE_create_by_txt +X509_ATTRIBUTE_dup +X509_ATTRIBUTE_free +X509_ATTRIBUTE_get0_data +X509_ATTRIBUTE_get0_object +X509_ATTRIBUTE_get0_type +X509_ATTRIBUTE_it +X509_ATTRIBUTE_new +X509_ATTRIBUTE_set1_data +X509_ATTRIBUTE_set1_object +X509_CERT_AUX_free +X509_CERT_AUX_it +X509_CERT_AUX_new +X509_CERT_AUX_print +X509_CERT_PAIR_free +X509_CERT_PAIR_it +X509_CERT_PAIR_new +X509_CINF_free +X509_CINF_it +X509_CINF_new +X509_CRL_INFO_free +X509_CRL_INFO_it +X509_CRL_INFO_new +X509_CRL_METHOD_free +X509_CRL_METHOD_new +X509_CRL_add0_revoked +X509_CRL_add1_ext_i2d +X509_CRL_add_ext +X509_CRL_cmp +X509_CRL_delete_ext +X509_CRL_digest +X509_CRL_dup +X509_CRL_free +X509_CRL_get0_by_cert +X509_CRL_get0_by_serial +X509_CRL_get0_extensions +X509_CRL_get0_lastUpdate +X509_CRL_get0_nextUpdate +X509_CRL_get0_signature +X509_CRL_get_REVOKED +X509_CRL_get_ext +X509_CRL_get_ext_by_NID +X509_CRL_get_ext_by_OBJ +X509_CRL_get_ext_by_critical +X509_CRL_get_ext_count +X509_CRL_get_ext_d2i +X509_CRL_get_issuer +X509_CRL_get_lastUpdate +X509_CRL_get_meth_data +X509_CRL_get_nextUpdate +X509_CRL_get_signature_nid +X509_CRL_get_version +X509_CRL_it +X509_CRL_match +X509_CRL_new +X509_CRL_print +X509_CRL_print_fp +X509_CRL_set1_lastUpdate +X509_CRL_set1_nextUpdate +X509_CRL_set_default_method +X509_CRL_set_issuer_name +X509_CRL_set_lastUpdate +X509_CRL_set_meth_data +X509_CRL_set_nextUpdate +X509_CRL_set_version +X509_CRL_sign +X509_CRL_sign_ctx +X509_CRL_sort +X509_CRL_up_ref +X509_CRL_verify +X509_EXTENSIONS_it +X509_EXTENSION_create_by_NID +X509_EXTENSION_create_by_OBJ +X509_EXTENSION_dup +X509_EXTENSION_free +X509_EXTENSION_get_critical +X509_EXTENSION_get_data +X509_EXTENSION_get_object +X509_EXTENSION_it +X509_EXTENSION_new +X509_EXTENSION_set_critical +X509_EXTENSION_set_data +X509_EXTENSION_set_object +X509_INFO_free +X509_INFO_new +X509_LOOKUP_by_alias +X509_LOOKUP_by_fingerprint +X509_LOOKUP_by_issuer_serial +X509_LOOKUP_by_subject +X509_LOOKUP_ctrl +X509_LOOKUP_file +X509_LOOKUP_free +X509_LOOKUP_hash_dir +X509_LOOKUP_init +X509_LOOKUP_mem +X509_LOOKUP_new +X509_LOOKUP_shutdown +X509_NAME_ENTRIES_it +X509_NAME_ENTRY_create_by_NID +X509_NAME_ENTRY_create_by_OBJ +X509_NAME_ENTRY_create_by_txt +X509_NAME_ENTRY_dup +X509_NAME_ENTRY_free +X509_NAME_ENTRY_get_data +X509_NAME_ENTRY_get_object +X509_NAME_ENTRY_it +X509_NAME_ENTRY_new +X509_NAME_ENTRY_set +X509_NAME_ENTRY_set_data +X509_NAME_ENTRY_set_object +X509_NAME_INTERNAL_it +X509_NAME_add_entry +X509_NAME_add_entry_by_NID +X509_NAME_add_entry_by_OBJ +X509_NAME_add_entry_by_txt +X509_NAME_cmp +X509_NAME_delete_entry +X509_NAME_digest +X509_NAME_dup +X509_NAME_entry_count +X509_NAME_free +X509_NAME_get0_der +X509_NAME_get_entry +X509_NAME_get_index_by_NID +X509_NAME_get_index_by_OBJ +X509_NAME_get_text_by_NID +X509_NAME_get_text_by_OBJ +X509_NAME_hash +X509_NAME_hash_old +X509_NAME_it +X509_NAME_new +X509_NAME_oneline +X509_NAME_print +X509_NAME_print_ex +X509_NAME_print_ex_fp +X509_NAME_set +X509_OBJECT_free_contents +X509_OBJECT_get0_X509 +X509_OBJECT_get0_X509_CRL +X509_OBJECT_get_type +X509_OBJECT_idx_by_subject +X509_OBJECT_retrieve_by_subject +X509_OBJECT_retrieve_match +X509_OBJECT_up_ref_count +X509_PKEY_free +X509_PKEY_new +X509_POLICY_NODE_print +X509_PUBKEY_free +X509_PUBKEY_get +X509_PUBKEY_get0 +X509_PUBKEY_get0_param +X509_PUBKEY_it +X509_PUBKEY_new +X509_PUBKEY_set +X509_PUBKEY_set0_param +X509_PURPOSE_add +X509_PURPOSE_cleanup +X509_PURPOSE_get0 +X509_PURPOSE_get0_name +X509_PURPOSE_get0_sname +X509_PURPOSE_get_by_id +X509_PURPOSE_get_by_sname +X509_PURPOSE_get_count +X509_PURPOSE_get_id +X509_PURPOSE_get_trust +X509_PURPOSE_set +X509_REQ_INFO_free +X509_REQ_INFO_it +X509_REQ_INFO_new +X509_REQ_add1_attr +X509_REQ_add1_attr_by_NID +X509_REQ_add1_attr_by_OBJ +X509_REQ_add1_attr_by_txt +X509_REQ_add_extensions +X509_REQ_add_extensions_nid +X509_REQ_check_private_key +X509_REQ_delete_attr +X509_REQ_digest +X509_REQ_dup +X509_REQ_extension_nid +X509_REQ_free +X509_REQ_get0_signature +X509_REQ_get1_email +X509_REQ_get_attr +X509_REQ_get_attr_by_NID +X509_REQ_get_attr_by_OBJ +X509_REQ_get_attr_count +X509_REQ_get_extension_nids +X509_REQ_get_extensions +X509_REQ_get_pubkey +X509_REQ_get_signature_nid +X509_REQ_get_subject_name +X509_REQ_get_version +X509_REQ_it +X509_REQ_new +X509_REQ_print +X509_REQ_print_ex +X509_REQ_print_fp +X509_REQ_set_extension_nids +X509_REQ_set_pubkey +X509_REQ_set_subject_name +X509_REQ_set_version +X509_REQ_sign +X509_REQ_sign_ctx +X509_REQ_to_X509 +X509_REQ_verify +X509_REVOKED_add1_ext_i2d +X509_REVOKED_add_ext +X509_REVOKED_delete_ext +X509_REVOKED_dup +X509_REVOKED_free +X509_REVOKED_get0_extensions +X509_REVOKED_get0_revocationDate +X509_REVOKED_get0_serialNumber +X509_REVOKED_get_ext +X509_REVOKED_get_ext_by_NID +X509_REVOKED_get_ext_by_OBJ +X509_REVOKED_get_ext_by_critical +X509_REVOKED_get_ext_count +X509_REVOKED_get_ext_d2i +X509_REVOKED_it +X509_REVOKED_new +X509_REVOKED_set_revocationDate +X509_REVOKED_set_serialNumber +X509_SIG_free +X509_SIG_it +X509_SIG_new +X509_STORE_CTX_cleanup +X509_STORE_CTX_free +X509_STORE_CTX_get0_cert +X509_STORE_CTX_get0_chain +X509_STORE_CTX_get0_current_crl +X509_STORE_CTX_get0_current_issuer +X509_STORE_CTX_get0_param +X509_STORE_CTX_get0_parent_ctx +X509_STORE_CTX_get0_policy_tree +X509_STORE_CTX_get0_store +X509_STORE_CTX_get0_untrusted +X509_STORE_CTX_get1_chain +X509_STORE_CTX_get1_issuer +X509_STORE_CTX_get_chain +X509_STORE_CTX_get_current_cert +X509_STORE_CTX_get_error +X509_STORE_CTX_get_error_depth +X509_STORE_CTX_get_ex_data +X509_STORE_CTX_get_ex_new_index +X509_STORE_CTX_get_explicit_policy +X509_STORE_CTX_init +X509_STORE_CTX_new +X509_STORE_CTX_purpose_inherit +X509_STORE_CTX_set0_crls +X509_STORE_CTX_set0_param +X509_STORE_CTX_set0_trusted_stack +X509_STORE_CTX_set0_untrusted +X509_STORE_CTX_set_cert +X509_STORE_CTX_set_chain +X509_STORE_CTX_set_default +X509_STORE_CTX_set_depth +X509_STORE_CTX_set_error +X509_STORE_CTX_set_ex_data +X509_STORE_CTX_set_flags +X509_STORE_CTX_set_purpose +X509_STORE_CTX_set_time +X509_STORE_CTX_set_trust +X509_STORE_CTX_set_verify_cb +X509_STORE_CTX_trusted_stack +X509_STORE_add_cert +X509_STORE_add_crl +X509_STORE_add_lookup +X509_STORE_free +X509_STORE_get0_objects +X509_STORE_get0_param +X509_STORE_get1_certs +X509_STORE_get1_crls +X509_STORE_get_by_subject +X509_STORE_get_ex_data +X509_STORE_load_locations +X509_STORE_load_mem +X509_STORE_new +X509_STORE_set1_param +X509_STORE_set_default_paths +X509_STORE_set_depth +X509_STORE_set_ex_data +X509_STORE_set_flags +X509_STORE_set_purpose +X509_STORE_set_trust +X509_STORE_set_verify_cb +X509_STORE_up_ref +X509_TRUST_add +X509_TRUST_cleanup +X509_TRUST_get0 +X509_TRUST_get0_name +X509_TRUST_get_by_id +X509_TRUST_get_count +X509_TRUST_get_flags +X509_TRUST_get_trust +X509_TRUST_set +X509_TRUST_set_default +X509_VAL_free +X509_VAL_it +X509_VAL_new +X509_VERIFY_PARAM_add0_policy +X509_VERIFY_PARAM_add0_table +X509_VERIFY_PARAM_add1_host +X509_VERIFY_PARAM_clear_flags +X509_VERIFY_PARAM_free +X509_VERIFY_PARAM_get0 +X509_VERIFY_PARAM_get0_name +X509_VERIFY_PARAM_get0_peername +X509_VERIFY_PARAM_get_count +X509_VERIFY_PARAM_get_depth +X509_VERIFY_PARAM_get_flags +X509_VERIFY_PARAM_inherit +X509_VERIFY_PARAM_lookup +X509_VERIFY_PARAM_new +X509_VERIFY_PARAM_set1 +X509_VERIFY_PARAM_set1_email +X509_VERIFY_PARAM_set1_host +X509_VERIFY_PARAM_set1_ip +X509_VERIFY_PARAM_set1_ip_asc +X509_VERIFY_PARAM_set1_name +X509_VERIFY_PARAM_set1_policies +X509_VERIFY_PARAM_set_depth +X509_VERIFY_PARAM_set_flags +X509_VERIFY_PARAM_set_hostflags +X509_VERIFY_PARAM_set_purpose +X509_VERIFY_PARAM_set_time +X509_VERIFY_PARAM_set_trust +X509_VERIFY_PARAM_table_cleanup +X509_add1_ext_i2d +X509_add1_reject_object +X509_add1_trust_object +X509_add_ext +X509_alias_get0 +X509_alias_set1 +X509_certificate_type +X509_chain_up_ref +X509_check_akid +X509_check_ca +X509_check_email +X509_check_host +X509_check_ip +X509_check_ip_asc +X509_check_issued +X509_check_private_key +X509_check_purpose +X509_check_trust +X509_cmp +X509_cmp_current_time +X509_cmp_time +X509_delete_ext +X509_digest +X509_dup +X509_email_free +X509_find_by_issuer_and_serial +X509_find_by_subject +X509_free +X509_get0_extensions +X509_get0_notAfter +X509_get0_notBefore +X509_get0_pubkey +X509_get0_pubkey_bitstr +X509_get0_serialNumber +X509_get0_signature +X509_get0_tbs_sigalg +X509_get1_email +X509_get1_ocsp +X509_get_default_cert_area +X509_get_default_cert_dir +X509_get_default_cert_dir_env +X509_get_default_cert_file +X509_get_default_cert_file_env +X509_get_default_private_dir +X509_get_ex_data +X509_get_ex_new_index +X509_get_ext +X509_get_ext_by_NID +X509_get_ext_by_OBJ +X509_get_ext_by_critical +X509_get_ext_count +X509_get_ext_d2i +X509_get_issuer_name +X509_get_pubkey +X509_get_pubkey_parameters +X509_get_serialNumber +X509_get_signature_nid +X509_get_signature_type +X509_get_subject_name +X509_get_version +X509_getm_notAfter +X509_getm_notBefore +X509_gmtime_adj +X509_issuer_and_serial_cmp +X509_issuer_and_serial_hash +X509_issuer_name_cmp +X509_issuer_name_hash +X509_issuer_name_hash_old +X509_it +X509_keyid_get0 +X509_keyid_set1 +X509_load_cert_crl_file +X509_load_cert_file +X509_load_crl_file +X509_new +X509_ocspid_print +X509_policy_check +X509_policy_level_get0_node +X509_policy_level_node_count +X509_policy_node_get0_parent +X509_policy_node_get0_policy +X509_policy_node_get0_qualifiers +X509_policy_tree_free +X509_policy_tree_get0_level +X509_policy_tree_get0_policies +X509_policy_tree_get0_user_policies +X509_policy_tree_level_count +X509_print +X509_print_ex +X509_print_ex_fp +X509_print_fp +X509_pubkey_digest +X509_reject_clear +X509_set1_notAfter +X509_set1_notBefore +X509_set_ex_data +X509_set_issuer_name +X509_set_notAfter +X509_set_notBefore +X509_set_pubkey +X509_set_serialNumber +X509_set_subject_name +X509_set_version +X509_sign +X509_sign_ctx +X509_signature_dump +X509_signature_print +X509_subject_name_cmp +X509_subject_name_hash +X509_subject_name_hash_old +X509_supported_extension +X509_time_adj +X509_time_adj_ex +X509_to_X509_REQ +X509_trust_clear +X509_up_ref +X509_verify +X509_verify_cert +X509_verify_cert_error_string +X509at_add1_attr +X509at_add1_attr_by_NID +X509at_add1_attr_by_OBJ +X509at_add1_attr_by_txt +X509at_delete_attr +X509at_get0_data_by_OBJ +X509at_get_attr +X509at_get_attr_by_NID +X509at_get_attr_by_OBJ +X509at_get_attr_count +X509v3_add_ext +X509v3_delete_ext +X509v3_get_ext +X509v3_get_ext_by_NID +X509v3_get_ext_by_OBJ +X509v3_get_ext_by_critical +X509v3_get_ext_count +X9_62_CHARACTERISTIC_TWO_free +X9_62_CHARACTERISTIC_TWO_it +X9_62_CHARACTERISTIC_TWO_new +X9_62_CURVE_it +X9_62_FIELDID_it +X9_62_PENTANOMIAL_free +X9_62_PENTANOMIAL_it +X9_62_PENTANOMIAL_new +ZLONG_it +_CONF_add_string +_CONF_free_data +_CONF_get_section +_CONF_get_section_values +_CONF_get_string +_CONF_new_data +_CONF_new_section +a2d_ASN1_OBJECT +a2i_ASN1_ENUMERATED +a2i_ASN1_INTEGER +a2i_ASN1_STRING +a2i_GENERAL_NAME +a2i_IPADDRESS +a2i_IPADDRESS_NC +a2i_ipadd +asn1_do_adb +asn1_do_lock +asn1_enc_free +asn1_enc_init +asn1_enc_restore +asn1_enc_save +asn1_ex_c2i +asn1_get_choice_selector +asn1_get_field_ptr +asn1_set_choice_selector +b2i_PVK_bio +b2i_PrivateKey +b2i_PrivateKey_bio +b2i_PublicKey +b2i_PublicKey_bio +c2i_ASN1_BIT_STRING +c2i_ASN1_INTEGER +c2i_ASN1_OBJECT +check_defer +d2i_ACCESS_DESCRIPTION +d2i_ASN1_BIT_STRING +d2i_ASN1_BMPSTRING +d2i_ASN1_BOOLEAN +d2i_ASN1_ENUMERATED +d2i_ASN1_GENERALIZEDTIME +d2i_ASN1_GENERALSTRING +d2i_ASN1_IA5STRING +d2i_ASN1_INTEGER +d2i_ASN1_NULL +d2i_ASN1_OBJECT +d2i_ASN1_OCTET_STRING +d2i_ASN1_PRINTABLE +d2i_ASN1_PRINTABLESTRING +d2i_ASN1_SEQUENCE_ANY +d2i_ASN1_SET_ANY +d2i_ASN1_T61STRING +d2i_ASN1_TIME +d2i_ASN1_TYPE +d2i_ASN1_UINTEGER +d2i_ASN1_UNIVERSALSTRING +d2i_ASN1_UTCTIME +d2i_ASN1_UTF8STRING +d2i_ASN1_VISIBLESTRING +d2i_AUTHORITY_INFO_ACCESS +d2i_AUTHORITY_KEYID +d2i_AutoPrivateKey +d2i_BASIC_CONSTRAINTS +d2i_CERTIFICATEPOLICIES +d2i_CRL_DIST_POINTS +d2i_DHparams +d2i_DHparams_bio +d2i_DHparams_fp +d2i_DIRECTORYSTRING +d2i_DISPLAYTEXT +d2i_DIST_POINT +d2i_DIST_POINT_NAME +d2i_DSAPrivateKey +d2i_DSAPrivateKey_bio +d2i_DSAPrivateKey_fp +d2i_DSAPublicKey +d2i_DSA_PUBKEY +d2i_DSA_PUBKEY_bio +d2i_DSA_PUBKEY_fp +d2i_DSA_SIG +d2i_DSAparams +d2i_DSAparams_bio +d2i_DSAparams_fp +d2i_ECDSA_SIG +d2i_ECPKPARAMETERS +d2i_ECPKParameters +d2i_ECParameters +d2i_ECPrivateKey +d2i_ECPrivateKey_bio +d2i_ECPrivateKey_fp +d2i_EC_PRIVATEKEY +d2i_EC_PUBKEY +d2i_EC_PUBKEY_bio +d2i_EC_PUBKEY_fp +d2i_EDIPARTYNAME +d2i_ESS_CERT_ID +d2i_ESS_ISSUER_SERIAL +d2i_ESS_SIGNING_CERT +d2i_EXTENDED_KEY_USAGE +d2i_GENERAL_NAME +d2i_GENERAL_NAMES +d2i_GOST_CIPHER_PARAMS +d2i_ISSUING_DIST_POINT +d2i_NETSCAPE_CERT_SEQUENCE +d2i_NETSCAPE_ENCRYPTED_PKEY +d2i_NETSCAPE_PKEY +d2i_NETSCAPE_SPKAC +d2i_NETSCAPE_SPKI +d2i_NETSCAPE_X509 +d2i_NOTICEREF +d2i_Netscape_RSA +d2i_OCSP_BASICRESP +d2i_OCSP_CERTID +d2i_OCSP_CERTSTATUS +d2i_OCSP_CRLID +d2i_OCSP_ONEREQ +d2i_OCSP_REQINFO +d2i_OCSP_REQUEST +d2i_OCSP_REQUEST_bio +d2i_OCSP_RESPBYTES +d2i_OCSP_RESPDATA +d2i_OCSP_RESPID +d2i_OCSP_RESPONSE +d2i_OCSP_RESPONSE_bio +d2i_OCSP_REVOKEDINFO +d2i_OCSP_SERVICELOC +d2i_OCSP_SIGNATURE +d2i_OCSP_SINGLERESP +d2i_OTHERNAME +d2i_PBE2PARAM +d2i_PBEPARAM +d2i_PBKDF2PARAM +d2i_PKCS12 +d2i_PKCS12_BAGS +d2i_PKCS12_MAC_DATA +d2i_PKCS12_SAFEBAG +d2i_PKCS12_bio +d2i_PKCS12_fp +d2i_PKCS7 +d2i_PKCS7_DIGEST +d2i_PKCS7_ENCRYPT +d2i_PKCS7_ENC_CONTENT +d2i_PKCS7_ENVELOPE +d2i_PKCS7_ISSUER_AND_SERIAL +d2i_PKCS7_RECIP_INFO +d2i_PKCS7_SIGNED +d2i_PKCS7_SIGNER_INFO +d2i_PKCS7_SIGN_ENVELOPE +d2i_PKCS7_bio +d2i_PKCS7_fp +d2i_PKCS8PrivateKey_bio +d2i_PKCS8PrivateKey_fp +d2i_PKCS8_PRIV_KEY_INFO +d2i_PKCS8_PRIV_KEY_INFO_bio +d2i_PKCS8_PRIV_KEY_INFO_fp +d2i_PKCS8_bio +d2i_PKCS8_fp +d2i_PKEY_USAGE_PERIOD +d2i_POLICYINFO +d2i_POLICYQUALINFO +d2i_PROXY_CERT_INFO_EXTENSION +d2i_PROXY_POLICY +d2i_PUBKEY +d2i_PUBKEY_bio +d2i_PUBKEY_fp +d2i_PrivateKey +d2i_PrivateKey_bio +d2i_PrivateKey_fp +d2i_PublicKey +d2i_RSAPrivateKey +d2i_RSAPrivateKey_bio +d2i_RSAPrivateKey_fp +d2i_RSAPublicKey +d2i_RSAPublicKey_bio +d2i_RSAPublicKey_fp +d2i_RSA_NET +d2i_RSA_PSS_PARAMS +d2i_RSA_PUBKEY +d2i_RSA_PUBKEY_bio +d2i_RSA_PUBKEY_fp +d2i_SXNET +d2i_SXNETID +d2i_TS_ACCURACY +d2i_TS_MSG_IMPRINT +d2i_TS_MSG_IMPRINT_bio +d2i_TS_MSG_IMPRINT_fp +d2i_TS_REQ +d2i_TS_REQ_bio +d2i_TS_REQ_fp +d2i_TS_RESP +d2i_TS_RESP_bio +d2i_TS_RESP_fp +d2i_TS_STATUS_INFO +d2i_TS_TST_INFO +d2i_TS_TST_INFO_bio +d2i_TS_TST_INFO_fp +d2i_USERNOTICE +d2i_X509 +d2i_X509_ALGOR +d2i_X509_ALGORS +d2i_X509_ATTRIBUTE +d2i_X509_AUX +d2i_X509_CERT_AUX +d2i_X509_CERT_PAIR +d2i_X509_CINF +d2i_X509_CRL +d2i_X509_CRL_INFO +d2i_X509_CRL_bio +d2i_X509_CRL_fp +d2i_X509_EXTENSION +d2i_X509_EXTENSIONS +d2i_X509_NAME +d2i_X509_NAME_ENTRY +d2i_X509_PUBKEY +d2i_X509_REQ +d2i_X509_REQ_INFO +d2i_X509_REQ_bio +d2i_X509_REQ_fp +d2i_X509_REVOKED +d2i_X509_SIG +d2i_X509_VAL +d2i_X509_bio +d2i_X509_fp +get_rfc2409_prime_1024 +get_rfc2409_prime_768 +get_rfc3526_prime_1536 +get_rfc3526_prime_2048 +get_rfc3526_prime_3072 +get_rfc3526_prime_4096 +get_rfc3526_prime_6144 +get_rfc3526_prime_8192 +hex_to_string +i2a_ACCESS_DESCRIPTION +i2a_ASN1_ENUMERATED +i2a_ASN1_INTEGER +i2a_ASN1_OBJECT +i2a_ASN1_STRING +i2b_PVK_bio +i2b_PrivateKey_bio +i2b_PublicKey_bio +i2c_ASN1_BIT_STRING +i2c_ASN1_INTEGER +i2d_ACCESS_DESCRIPTION +i2d_ASN1_BIT_STRING +i2d_ASN1_BMPSTRING +i2d_ASN1_BOOLEAN +i2d_ASN1_ENUMERATED +i2d_ASN1_GENERALIZEDTIME +i2d_ASN1_GENERALSTRING +i2d_ASN1_IA5STRING +i2d_ASN1_INTEGER +i2d_ASN1_NULL +i2d_ASN1_OBJECT +i2d_ASN1_OCTET_STRING +i2d_ASN1_PRINTABLE +i2d_ASN1_PRINTABLESTRING +i2d_ASN1_SEQUENCE_ANY +i2d_ASN1_SET_ANY +i2d_ASN1_T61STRING +i2d_ASN1_TIME +i2d_ASN1_TYPE +i2d_ASN1_UNIVERSALSTRING +i2d_ASN1_UTCTIME +i2d_ASN1_UTF8STRING +i2d_ASN1_VISIBLESTRING +i2d_ASN1_bio_stream +i2d_AUTHORITY_INFO_ACCESS +i2d_AUTHORITY_KEYID +i2d_BASIC_CONSTRAINTS +i2d_CERTIFICATEPOLICIES +i2d_CRL_DIST_POINTS +i2d_DHparams +i2d_DHparams_bio +i2d_DHparams_fp +i2d_DIRECTORYSTRING +i2d_DISPLAYTEXT +i2d_DIST_POINT +i2d_DIST_POINT_NAME +i2d_DSAPrivateKey +i2d_DSAPrivateKey_bio +i2d_DSAPrivateKey_fp +i2d_DSAPublicKey +i2d_DSA_PUBKEY +i2d_DSA_PUBKEY_bio +i2d_DSA_PUBKEY_fp +i2d_DSA_SIG +i2d_DSAparams +i2d_DSAparams_bio +i2d_DSAparams_fp +i2d_ECDSA_SIG +i2d_ECPKPARAMETERS +i2d_ECPKParameters +i2d_ECParameters +i2d_ECPrivateKey +i2d_ECPrivateKey_bio +i2d_ECPrivateKey_fp +i2d_EC_PRIVATEKEY +i2d_EC_PUBKEY +i2d_EC_PUBKEY_bio +i2d_EC_PUBKEY_fp +i2d_EDIPARTYNAME +i2d_ESS_CERT_ID +i2d_ESS_ISSUER_SERIAL +i2d_ESS_SIGNING_CERT +i2d_EXTENDED_KEY_USAGE +i2d_GENERAL_NAME +i2d_GENERAL_NAMES +i2d_GOST_CIPHER_PARAMS +i2d_ISSUING_DIST_POINT +i2d_NETSCAPE_CERT_SEQUENCE +i2d_NETSCAPE_ENCRYPTED_PKEY +i2d_NETSCAPE_PKEY +i2d_NETSCAPE_SPKAC +i2d_NETSCAPE_SPKI +i2d_NETSCAPE_X509 +i2d_NOTICEREF +i2d_Netscape_RSA +i2d_OCSP_BASICRESP +i2d_OCSP_CERTID +i2d_OCSP_CERTSTATUS +i2d_OCSP_CRLID +i2d_OCSP_ONEREQ +i2d_OCSP_REQINFO +i2d_OCSP_REQUEST +i2d_OCSP_REQUEST_bio +i2d_OCSP_RESPBYTES +i2d_OCSP_RESPDATA +i2d_OCSP_RESPID +i2d_OCSP_RESPONSE +i2d_OCSP_RESPONSE_bio +i2d_OCSP_REVOKEDINFO +i2d_OCSP_SERVICELOC +i2d_OCSP_SIGNATURE +i2d_OCSP_SINGLERESP +i2d_OTHERNAME +i2d_PBE2PARAM +i2d_PBEPARAM +i2d_PBKDF2PARAM +i2d_PKCS12 +i2d_PKCS12_BAGS +i2d_PKCS12_MAC_DATA +i2d_PKCS12_SAFEBAG +i2d_PKCS12_bio +i2d_PKCS12_fp +i2d_PKCS7 +i2d_PKCS7_DIGEST +i2d_PKCS7_ENCRYPT +i2d_PKCS7_ENC_CONTENT +i2d_PKCS7_ENVELOPE +i2d_PKCS7_ISSUER_AND_SERIAL +i2d_PKCS7_NDEF +i2d_PKCS7_RECIP_INFO +i2d_PKCS7_SIGNED +i2d_PKCS7_SIGNER_INFO +i2d_PKCS7_SIGN_ENVELOPE +i2d_PKCS7_bio +i2d_PKCS7_bio_stream +i2d_PKCS7_fp +i2d_PKCS8PrivateKeyInfo_bio +i2d_PKCS8PrivateKeyInfo_fp +i2d_PKCS8PrivateKey_bio +i2d_PKCS8PrivateKey_fp +i2d_PKCS8PrivateKey_nid_bio +i2d_PKCS8PrivateKey_nid_fp +i2d_PKCS8_PRIV_KEY_INFO +i2d_PKCS8_PRIV_KEY_INFO_bio +i2d_PKCS8_PRIV_KEY_INFO_fp +i2d_PKCS8_bio +i2d_PKCS8_fp +i2d_PKEY_USAGE_PERIOD +i2d_POLICYINFO +i2d_POLICYQUALINFO +i2d_PROXY_CERT_INFO_EXTENSION +i2d_PROXY_POLICY +i2d_PUBKEY +i2d_PUBKEY_bio +i2d_PUBKEY_fp +i2d_PrivateKey +i2d_PrivateKey_bio +i2d_PrivateKey_fp +i2d_PublicKey +i2d_RSAPrivateKey +i2d_RSAPrivateKey_bio +i2d_RSAPrivateKey_fp +i2d_RSAPublicKey +i2d_RSAPublicKey_bio +i2d_RSAPublicKey_fp +i2d_RSA_NET +i2d_RSA_PSS_PARAMS +i2d_RSA_PUBKEY +i2d_RSA_PUBKEY_bio +i2d_RSA_PUBKEY_fp +i2d_SXNET +i2d_SXNETID +i2d_TS_ACCURACY +i2d_TS_MSG_IMPRINT +i2d_TS_MSG_IMPRINT_bio +i2d_TS_MSG_IMPRINT_fp +i2d_TS_REQ +i2d_TS_REQ_bio +i2d_TS_REQ_fp +i2d_TS_RESP +i2d_TS_RESP_bio +i2d_TS_RESP_fp +i2d_TS_STATUS_INFO +i2d_TS_TST_INFO +i2d_TS_TST_INFO_bio +i2d_TS_TST_INFO_fp +i2d_USERNOTICE +i2d_X509 +i2d_X509_ALGOR +i2d_X509_ALGORS +i2d_X509_ATTRIBUTE +i2d_X509_AUX +i2d_X509_CERT_AUX +i2d_X509_CERT_PAIR +i2d_X509_CINF +i2d_X509_CRL +i2d_X509_CRL_INFO +i2d_X509_CRL_bio +i2d_X509_CRL_fp +i2d_X509_EXTENSION +i2d_X509_EXTENSIONS +i2d_X509_NAME +i2d_X509_NAME_ENTRY +i2d_X509_PUBKEY +i2d_X509_REQ +i2d_X509_REQ_INFO +i2d_X509_REQ_bio +i2d_X509_REQ_fp +i2d_X509_REVOKED +i2d_X509_SIG +i2d_X509_VAL +i2d_X509_bio +i2d_X509_fp +i2o_ECPublicKey +i2s_ASN1_ENUMERATED +i2s_ASN1_ENUMERATED_TABLE +i2s_ASN1_INTEGER +i2s_ASN1_OCTET_STRING +i2t_ASN1_OBJECT +i2v_ASN1_BIT_STRING +i2v_GENERAL_NAME +i2v_GENERAL_NAMES +idea_cbc_encrypt +idea_cfb64_encrypt +idea_ecb_encrypt +idea_encrypt +idea_ofb64_encrypt +idea_options +idea_set_decrypt_key +idea_set_encrypt_key +lh_delete +lh_doall +lh_doall_arg +lh_free +lh_insert +lh_new +lh_node_stats +lh_node_stats_bio +lh_node_usage_stats +lh_node_usage_stats_bio +lh_num_items +lh_retrieve +lh_stats +lh_stats_bio +lh_strhash +name_cmp +o2i_ECPublicKey +obj_cleanup_defer +s2i_ASN1_INTEGER +s2i_ASN1_OCTET_STRING +sk_delete +sk_delete_ptr +sk_dup +sk_find +sk_find_ex +sk_free +sk_insert +sk_is_sorted +sk_new +sk_new_null +sk_num +sk_pop +sk_pop_free +sk_push +sk_set +sk_set_cmp_func +sk_shift +sk_sort +sk_unshift +sk_value +sk_zero +string_to_hex +v2i_ASN1_BIT_STRING +v2i_GENERAL_NAME +v2i_GENERAL_NAMES +v2i_GENERAL_NAME_ex diff --git a/src/lib/libcrypto/aes/Makefile.ssl b/src/lib/libcrypto/aes/Makefile.ssl deleted file mode 100644 index aa16bbee2a4..00000000000 --- a/src/lib/libcrypto/aes/Makefile.ssl +++ /dev/null @@ -1,103 +0,0 @@ -# -# crypto/aes/Makefile -# - -DIR= aes -TOP= ../.. -CC= cc -CPP= $(CC) -E -INCLUDES= -CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP= /usr/local/ssl -MAKE= make -f Makefile.ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) -MAKEFILE= Makefile.ssl -AR= ar r - -# CFLAGS= -mpentiumpro $(INCLUDES) $(CFLAG) -O3 -fexpensive-optimizations -funroll-loops -fforce-addr -CFLAGS= $(INCLUDES) $(CFLAG) - -GENERAL=Makefile -#TEST=aestest.c -TEST= -APPS= - -LIB=$(TOP)/libcrypto.a -LIBSRC=aes_core.c aes_misc.c aes_ecb.c aes_cbc.c aes_cfb.c aes_ofb.c aes_ctr.c -LIBOBJ=aes_core.o aes_misc.o aes_ecb.o aes_cbc.o aes_cfb.o aes_ofb.o aes_ctr.o - -SRC= $(LIBSRC) - -EXHEADER= aes.h -HEADER= aes_locl.h $(EXHEADER) - -ALL= $(GENERAL) $(SRC) $(HEADER) - -top: - (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) - -all: lib - -lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) || echo Never mind. - @touch lib - -$(LIBOBJ): $(LIBSRC) - -files: - $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO - -links: - @sh $(TOP)/util/point.sh Makefile.ssl Makefile - @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) - @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) - @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) - -install: installs - -installs: - @for i in $(EXHEADER) ; \ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; - -tags: - ctags $(SRC) - -tests: - -lint: - lint -DLINT $(INCLUDES) $(SRC)>fluff - -depend: - $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) - -dclean: - $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new - mv -f Makefile.new $(MAKEFILE) - -clean: - rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff - -# DO NOT DELETE THIS LINE -- make depend depends on it. - -aes_cbc.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h -aes_cbc.o: ../../include/openssl/opensslconf.h aes_cbc.c aes_locl.h -aes_cfb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h -aes_cfb.o: ../../include/openssl/opensslconf.h aes_cfb.c aes_locl.h -aes_core.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h -aes_core.o: ../../include/openssl/opensslconf.h aes_core.c aes_locl.h -aes_ctr.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h -aes_ctr.o: ../../include/openssl/opensslconf.h aes_ctr.c aes_locl.h -aes_ecb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h -aes_ecb.o: ../../include/openssl/opensslconf.h aes_ecb.c aes_locl.h -aes_misc.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h -aes_misc.o: ../../include/openssl/opensslconf.h -aes_misc.o: ../../include/openssl/opensslv.h aes_locl.h aes_misc.c -aes_ofb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h -aes_ofb.o: ../../include/openssl/opensslconf.h aes_locl.h aes_ofb.c diff --git a/src/lib/libcrypto/aes/aes.h b/src/lib/libcrypto/aes/aes.h index e8da921ec50..c904485d8f5 100644 --- a/src/lib/libcrypto/aes/aes.h +++ b/src/lib/libcrypto/aes/aes.h @@ -1,4 +1,4 @@ -/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */ +/* $OpenBSD: aes.h,v 1.14 2014/07/09 09:10:07 miod Exp $ */ /* ==================================================================== * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * @@ -52,12 +52,17 @@ #ifndef HEADER_AES_H #define HEADER_AES_H +#include + #ifdef OPENSSL_NO_AES #error AES is disabled. #endif -static const int AES_DECRYPT = 0; -static const int AES_ENCRYPT = 1; +#include + +#define AES_ENCRYPT 1 +#define AES_DECRYPT 0 + /* Because array size can't be a const in C, the following two are macros. Both sizes are in bytes. */ #define AES_MAXNR 14 @@ -69,37 +74,49 @@ extern "C" { /* This should be a hidden type, but EVP requires that the size be known */ struct aes_key_st { - unsigned long rd_key[4 *(AES_MAXNR + 1)]; - int rounds; + unsigned int rd_key[4 *(AES_MAXNR + 1)]; + int rounds; }; typedef struct aes_key_st AES_KEY; const char *AES_options(void); int AES_set_encrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key); + AES_KEY *key); int AES_set_decrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key); + AES_KEY *key); void AES_encrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key); + const AES_KEY *key); void AES_decrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key); + const AES_KEY *key); void AES_ecb_encrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key, const int enc); + const AES_KEY *key, const int enc); void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const AES_KEY *key, - unsigned char *ivec, const int enc); + size_t length, const AES_KEY *key, unsigned char *ivec, const int enc); void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const AES_KEY *key, - unsigned char *ivec, int *num, const int enc); + size_t length, const AES_KEY *key, unsigned char *ivec, int *num, + const int enc); +void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, unsigned char *ivec, int *num, + const int enc); +void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, unsigned char *ivec, int *num, + const int enc); void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const AES_KEY *key, - unsigned char *ivec, int *num); + size_t length, const AES_KEY *key, unsigned char *ivec, int *num); void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const AES_KEY *key, - unsigned char *counter, unsigned int *num); + size_t length, const AES_KEY *key, unsigned char ivec[AES_BLOCK_SIZE], + unsigned char ecount_buf[AES_BLOCK_SIZE], unsigned int *num); +/* NB: the IV is _two_ blocks long */ +void AES_ige_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, unsigned char *ivec, const int enc); + +int AES_wrap_key(AES_KEY *key, const unsigned char *iv, unsigned char *out, + const unsigned char *in, unsigned int inlen); +int AES_unwrap_key(AES_KEY *key, const unsigned char *iv, unsigned char *out, + const unsigned char *in, unsigned int inlen); #ifdef __cplusplus diff --git a/src/lib/libcrypto/aes/aes_cbc.c b/src/lib/libcrypto/aes/aes_cbc.c index 3dfd7aba2a1..5e76f6ea018 100644 --- a/src/lib/libcrypto/aes/aes_cbc.c +++ b/src/lib/libcrypto/aes/aes_cbc.c @@ -1,4 +1,4 @@ -/* crypto/aes/aes_cbc.c -*- mode:C; c-file-style: "eay" -*- */ +/* $OpenBSD: aes_cbc.c,v 1.12 2014/06/12 15:49:27 deraadt Exp $ */ /* ==================================================================== * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * @@ -49,41 +49,17 @@ * */ -#include #include -#include "aes_locl.h" +#include -void AES_cbc_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const AES_KEY *key, - unsigned char *ivec, const int enc) { - - int n; - unsigned long len = length; - unsigned char tmp[16]; - - assert(in && out && key && ivec); - assert(length % AES_BLOCK_SIZE == 0); - assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc)); - - if (AES_ENCRYPT == enc) - while (len > 0) { - for(n=0; n < 16; ++n) - tmp[n] = in[n] ^ ivec[n]; - AES_encrypt(tmp, out, key); - memcpy(ivec, out, 16); - len -= 16; - in += 16; - out += 16; - } +void +AES_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const AES_KEY *key, unsigned char *ivec, const int enc) +{ + if (enc) + CRYPTO_cbc128_encrypt(in, out, len, key, ivec, + (block128_f)AES_encrypt); else - while (len > 0) { - memcpy(tmp, in, 16); - AES_decrypt(in, out, key); - for(n=0; n < 16; ++n) - out[n] ^= ivec[n]; - memcpy(ivec, tmp, 16); - len -= 16; - in += 16; - out += 16; - } + CRYPTO_cbc128_decrypt(in, out, len, key, ivec, + (block128_f)AES_decrypt); } diff --git a/src/lib/libcrypto/aes/aes_cfb.c b/src/lib/libcrypto/aes/aes_cfb.c index 41c2a5ec3df..a6384f944df 100644 --- a/src/lib/libcrypto/aes/aes_cfb.c +++ b/src/lib/libcrypto/aes/aes_cfb.c @@ -1,6 +1,6 @@ -/* crypto/aes/aes_cfb.c -*- mode:C; c-file-style: "eay" -*- */ +/* $OpenBSD: aes_cfb.c,v 1.8 2014/06/12 15:49:27 deraadt Exp $ */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 2002-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -48,104 +48,37 @@ * ==================================================================== * */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -#include #include -#include "aes_locl.h" +#include /* The input and output encrypted as though 128bit cfb mode is being * used. The extra state information to record how much of the * 128bit block we have used is contained in *num; */ -void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const AES_KEY *key, - unsigned char *ivec, int *num, const int enc) { - - unsigned int n; - unsigned long l = length; - unsigned char c; - - assert(in && out && key && ivec && num); - - n = *num; +void +AES_cfb128_encrypt(const unsigned char *in, unsigned char *out, size_t length, + const AES_KEY *key, unsigned char *ivec, int *num, const int enc) +{ + CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc, + (block128_f)AES_encrypt); +} - if (enc) { - while (l--) { - if (n == 0) { - AES_encrypt(ivec, ivec, key); - } - ivec[n] = *(out++) = *(in++) ^ ivec[n]; - n = (n+1) % AES_BLOCK_SIZE; - } - } else { - while (l--) { - if (n == 0) { - AES_encrypt(ivec, ivec, key); - } - c = *(in); - *(out++) = *(in++) ^ ivec[n]; - ivec[n] = c; - n = (n+1) % AES_BLOCK_SIZE; - } - } +/* N.B. This expects the input to be packed, MS bit first */ +void +AES_cfb1_encrypt(const unsigned char *in, unsigned char *out, size_t length, + const AES_KEY *key, unsigned char *ivec, int *num, const int enc) +{ + CRYPTO_cfb128_1_encrypt(in, out, length, key, ivec, num, enc, + (block128_f)AES_encrypt); +} - *num=n; +void +AES_cfb8_encrypt(const unsigned char *in, unsigned char *out, size_t length, + const AES_KEY *key, unsigned char *ivec, int *num, const int enc) +{ + CRYPTO_cfb128_8_encrypt(in, out, length, key, ivec, num, enc, + (block128_f)AES_encrypt); } diff --git a/src/lib/libcrypto/aes/aes_core.c b/src/lib/libcrypto/aes/aes_core.c index 937988dd8c6..1b8a24c714d 100644 --- a/src/lib/libcrypto/aes/aes_core.c +++ b/src/lib/libcrypto/aes/aes_core.c @@ -1,4 +1,4 @@ -/* crypto/aes/aes_core.c -*- mode:C; c-file-style: "eay" -*- */ +/* $OpenBSD: aes_core.c,v 1.13 2015/11/05 21:59:13 miod Exp $ */ /** * rijndael-alg-fst.c * @@ -28,686 +28,592 @@ /* Note: rewritten a little bit to provide error control and an OpenSSL- compatible API */ -#include +#ifndef AES_DEBUG +# ifndef NDEBUG +# define NDEBUG +# endif +#endif + #include #include #include "aes_locl.h" +#ifndef AES_ASM /* Te0[x] = S [x].[02, 01, 01, 03]; Te1[x] = S [x].[03, 02, 01, 01]; Te2[x] = S [x].[01, 03, 02, 01]; Te3[x] = S [x].[01, 01, 03, 02]; -Te4[x] = S [x].[01, 01, 01, 01]; Td0[x] = Si[x].[0e, 09, 0d, 0b]; Td1[x] = Si[x].[0b, 0e, 09, 0d]; Td2[x] = Si[x].[0d, 0b, 0e, 09]; Td3[x] = Si[x].[09, 0d, 0b, 0e]; -Td4[x] = Si[x].[01, 01, 01, 01]; +Td4[x] = Si[x].[01]; */ static const u32 Te0[256] = { - 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU, - 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U, - 0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU, - 0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU, - 0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U, - 0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU, - 0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU, - 0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU, - 0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU, - 0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU, - 0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U, - 0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU, - 0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU, - 0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U, - 0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU, - 0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU, - 0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU, - 0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU, - 0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU, - 0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U, - 0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU, - 0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU, - 0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU, - 0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU, - 0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U, - 0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U, - 0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U, - 0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U, - 0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU, - 0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U, - 0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U, - 0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU, - 0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU, - 0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U, - 0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U, - 0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U, - 0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU, - 0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U, - 0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU, - 0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U, - 0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU, - 0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U, - 0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U, - 0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU, - 0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U, - 0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U, - 0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U, - 0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U, - 0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U, - 0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U, - 0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U, - 0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U, - 0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU, - 0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U, - 0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U, - 0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U, - 0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U, - 0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U, - 0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U, - 0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU, - 0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U, - 0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U, - 0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U, - 0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU, + 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU, + 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U, + 0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU, + 0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU, + 0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U, + 0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU, + 0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU, + 0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU, + 0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU, + 0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU, + 0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U, + 0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU, + 0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU, + 0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U, + 0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU, + 0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU, + 0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU, + 0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU, + 0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU, + 0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U, + 0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU, + 0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU, + 0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU, + 0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU, + 0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U, + 0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U, + 0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U, + 0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U, + 0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU, + 0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U, + 0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U, + 0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU, + 0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU, + 0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U, + 0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U, + 0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U, + 0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU, + 0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U, + 0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU, + 0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U, + 0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU, + 0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U, + 0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U, + 0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU, + 0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U, + 0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U, + 0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U, + 0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U, + 0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U, + 0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U, + 0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U, + 0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U, + 0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU, + 0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U, + 0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U, + 0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U, + 0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U, + 0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U, + 0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U, + 0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU, + 0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U, + 0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U, + 0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U, + 0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU, }; static const u32 Te1[256] = { - 0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU, - 0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U, - 0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU, - 0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U, - 0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU, - 0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U, - 0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU, - 0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U, - 0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U, - 0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU, - 0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U, - 0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U, - 0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U, - 0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU, - 0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U, - 0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U, - 0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU, - 0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U, - 0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U, - 0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U, - 0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU, - 0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU, - 0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U, - 0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU, - 0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU, - 0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U, - 0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU, - 0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U, - 0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU, - 0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U, - 0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U, - 0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U, - 0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU, - 0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U, - 0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU, - 0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U, - 0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU, - 0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U, - 0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U, - 0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU, - 0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU, - 0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU, - 0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U, - 0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U, - 0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU, - 0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U, - 0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU, - 0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U, - 0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU, - 0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U, - 0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU, - 0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU, - 0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U, - 0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU, - 0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U, - 0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU, - 0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U, - 0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U, - 0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U, - 0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU, - 0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU, - 0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U, - 0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU, - 0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U, + 0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU, + 0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U, + 0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU, + 0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U, + 0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU, + 0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U, + 0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU, + 0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U, + 0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U, + 0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU, + 0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U, + 0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U, + 0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U, + 0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU, + 0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U, + 0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U, + 0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU, + 0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U, + 0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U, + 0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U, + 0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU, + 0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU, + 0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U, + 0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU, + 0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU, + 0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U, + 0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU, + 0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U, + 0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU, + 0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U, + 0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U, + 0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U, + 0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU, + 0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U, + 0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU, + 0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U, + 0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU, + 0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U, + 0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U, + 0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU, + 0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU, + 0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU, + 0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U, + 0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U, + 0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU, + 0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U, + 0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU, + 0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U, + 0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU, + 0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U, + 0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU, + 0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU, + 0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U, + 0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU, + 0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U, + 0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU, + 0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U, + 0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U, + 0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U, + 0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU, + 0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU, + 0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U, + 0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU, + 0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U, }; static const u32 Te2[256] = { - 0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU, - 0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U, - 0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU, - 0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U, - 0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU, - 0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U, - 0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU, - 0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U, - 0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U, - 0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU, - 0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U, - 0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U, - 0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U, - 0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU, - 0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U, - 0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U, - 0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU, - 0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U, - 0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U, - 0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U, - 0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU, - 0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU, - 0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U, - 0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU, - 0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU, - 0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U, - 0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU, - 0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U, - 0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU, - 0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U, - 0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U, - 0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U, - 0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU, - 0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U, - 0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU, - 0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U, - 0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU, - 0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U, - 0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U, - 0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU, - 0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU, - 0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU, - 0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U, - 0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U, - 0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU, - 0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U, - 0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU, - 0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U, - 0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU, - 0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U, - 0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU, - 0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU, - 0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U, - 0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU, - 0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U, - 0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU, - 0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U, - 0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U, - 0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U, - 0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU, - 0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU, - 0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U, - 0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU, - 0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U, + 0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU, + 0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U, + 0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU, + 0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U, + 0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU, + 0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U, + 0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU, + 0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U, + 0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U, + 0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU, + 0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U, + 0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U, + 0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U, + 0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU, + 0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U, + 0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U, + 0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU, + 0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U, + 0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U, + 0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U, + 0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU, + 0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU, + 0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U, + 0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU, + 0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU, + 0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U, + 0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU, + 0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U, + 0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU, + 0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U, + 0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U, + 0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U, + 0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU, + 0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U, + 0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU, + 0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U, + 0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU, + 0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U, + 0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U, + 0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU, + 0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU, + 0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU, + 0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U, + 0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U, + 0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU, + 0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U, + 0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU, + 0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U, + 0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU, + 0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U, + 0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU, + 0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU, + 0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U, + 0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU, + 0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U, + 0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU, + 0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U, + 0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U, + 0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U, + 0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU, + 0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU, + 0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U, + 0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU, + 0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U, }; static const u32 Te3[256] = { - - 0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U, - 0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U, - 0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U, - 0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU, - 0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU, - 0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU, - 0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U, - 0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU, - 0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU, - 0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U, - 0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U, - 0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU, - 0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU, - 0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU, - 0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU, - 0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU, - 0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U, - 0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU, - 0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU, - 0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U, - 0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U, - 0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U, - 0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U, - 0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U, - 0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU, - 0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U, - 0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU, - 0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU, - 0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U, - 0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U, - 0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U, - 0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU, - 0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U, - 0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU, - 0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU, - 0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U, - 0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U, - 0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU, - 0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U, - 0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU, - 0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U, - 0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U, - 0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U, - 0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U, - 0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU, - 0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U, - 0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU, - 0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U, - 0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU, - 0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U, - 0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU, - 0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU, - 0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU, - 0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU, - 0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U, - 0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U, - 0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U, - 0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U, - 0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U, - 0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U, - 0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU, - 0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U, - 0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU, - 0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU, -}; -static const u32 Te4[256] = { - 0x63636363U, 0x7c7c7c7cU, 0x77777777U, 0x7b7b7b7bU, - 0xf2f2f2f2U, 0x6b6b6b6bU, 0x6f6f6f6fU, 0xc5c5c5c5U, - 0x30303030U, 0x01010101U, 0x67676767U, 0x2b2b2b2bU, - 0xfefefefeU, 0xd7d7d7d7U, 0xababababU, 0x76767676U, - 0xcacacacaU, 0x82828282U, 0xc9c9c9c9U, 0x7d7d7d7dU, - 0xfafafafaU, 0x59595959U, 0x47474747U, 0xf0f0f0f0U, - 0xadadadadU, 0xd4d4d4d4U, 0xa2a2a2a2U, 0xafafafafU, - 0x9c9c9c9cU, 0xa4a4a4a4U, 0x72727272U, 0xc0c0c0c0U, - 0xb7b7b7b7U, 0xfdfdfdfdU, 0x93939393U, 0x26262626U, - 0x36363636U, 0x3f3f3f3fU, 0xf7f7f7f7U, 0xccccccccU, - 0x34343434U, 0xa5a5a5a5U, 0xe5e5e5e5U, 0xf1f1f1f1U, - 0x71717171U, 0xd8d8d8d8U, 0x31313131U, 0x15151515U, - 0x04040404U, 0xc7c7c7c7U, 0x23232323U, 0xc3c3c3c3U, - 0x18181818U, 0x96969696U, 0x05050505U, 0x9a9a9a9aU, - 0x07070707U, 0x12121212U, 0x80808080U, 0xe2e2e2e2U, - 0xebebebebU, 0x27272727U, 0xb2b2b2b2U, 0x75757575U, - 0x09090909U, 0x83838383U, 0x2c2c2c2cU, 0x1a1a1a1aU, - 0x1b1b1b1bU, 0x6e6e6e6eU, 0x5a5a5a5aU, 0xa0a0a0a0U, - 0x52525252U, 0x3b3b3b3bU, 0xd6d6d6d6U, 0xb3b3b3b3U, - 0x29292929U, 0xe3e3e3e3U, 0x2f2f2f2fU, 0x84848484U, - 0x53535353U, 0xd1d1d1d1U, 0x00000000U, 0xededededU, - 0x20202020U, 0xfcfcfcfcU, 0xb1b1b1b1U, 0x5b5b5b5bU, - 0x6a6a6a6aU, 0xcbcbcbcbU, 0xbebebebeU, 0x39393939U, - 0x4a4a4a4aU, 0x4c4c4c4cU, 0x58585858U, 0xcfcfcfcfU, - 0xd0d0d0d0U, 0xefefefefU, 0xaaaaaaaaU, 0xfbfbfbfbU, - 0x43434343U, 0x4d4d4d4dU, 0x33333333U, 0x85858585U, - 0x45454545U, 0xf9f9f9f9U, 0x02020202U, 0x7f7f7f7fU, - 0x50505050U, 0x3c3c3c3cU, 0x9f9f9f9fU, 0xa8a8a8a8U, - 0x51515151U, 0xa3a3a3a3U, 0x40404040U, 0x8f8f8f8fU, - 0x92929292U, 0x9d9d9d9dU, 0x38383838U, 0xf5f5f5f5U, - 0xbcbcbcbcU, 0xb6b6b6b6U, 0xdadadadaU, 0x21212121U, - 0x10101010U, 0xffffffffU, 0xf3f3f3f3U, 0xd2d2d2d2U, - 0xcdcdcdcdU, 0x0c0c0c0cU, 0x13131313U, 0xececececU, - 0x5f5f5f5fU, 0x97979797U, 0x44444444U, 0x17171717U, - 0xc4c4c4c4U, 0xa7a7a7a7U, 0x7e7e7e7eU, 0x3d3d3d3dU, - 0x64646464U, 0x5d5d5d5dU, 0x19191919U, 0x73737373U, - 0x60606060U, 0x81818181U, 0x4f4f4f4fU, 0xdcdcdcdcU, - 0x22222222U, 0x2a2a2a2aU, 0x90909090U, 0x88888888U, - 0x46464646U, 0xeeeeeeeeU, 0xb8b8b8b8U, 0x14141414U, - 0xdedededeU, 0x5e5e5e5eU, 0x0b0b0b0bU, 0xdbdbdbdbU, - 0xe0e0e0e0U, 0x32323232U, 0x3a3a3a3aU, 0x0a0a0a0aU, - 0x49494949U, 0x06060606U, 0x24242424U, 0x5c5c5c5cU, - 0xc2c2c2c2U, 0xd3d3d3d3U, 0xacacacacU, 0x62626262U, - 0x91919191U, 0x95959595U, 0xe4e4e4e4U, 0x79797979U, - 0xe7e7e7e7U, 0xc8c8c8c8U, 0x37373737U, 0x6d6d6d6dU, - 0x8d8d8d8dU, 0xd5d5d5d5U, 0x4e4e4e4eU, 0xa9a9a9a9U, - 0x6c6c6c6cU, 0x56565656U, 0xf4f4f4f4U, 0xeaeaeaeaU, - 0x65656565U, 0x7a7a7a7aU, 0xaeaeaeaeU, 0x08080808U, - 0xbabababaU, 0x78787878U, 0x25252525U, 0x2e2e2e2eU, - 0x1c1c1c1cU, 0xa6a6a6a6U, 0xb4b4b4b4U, 0xc6c6c6c6U, - 0xe8e8e8e8U, 0xddddddddU, 0x74747474U, 0x1f1f1f1fU, - 0x4b4b4b4bU, 0xbdbdbdbdU, 0x8b8b8b8bU, 0x8a8a8a8aU, - 0x70707070U, 0x3e3e3e3eU, 0xb5b5b5b5U, 0x66666666U, - 0x48484848U, 0x03030303U, 0xf6f6f6f6U, 0x0e0e0e0eU, - 0x61616161U, 0x35353535U, 0x57575757U, 0xb9b9b9b9U, - 0x86868686U, 0xc1c1c1c1U, 0x1d1d1d1dU, 0x9e9e9e9eU, - 0xe1e1e1e1U, 0xf8f8f8f8U, 0x98989898U, 0x11111111U, - 0x69696969U, 0xd9d9d9d9U, 0x8e8e8e8eU, 0x94949494U, - 0x9b9b9b9bU, 0x1e1e1e1eU, 0x87878787U, 0xe9e9e9e9U, - 0xcecececeU, 0x55555555U, 0x28282828U, 0xdfdfdfdfU, - 0x8c8c8c8cU, 0xa1a1a1a1U, 0x89898989U, 0x0d0d0d0dU, - 0xbfbfbfbfU, 0xe6e6e6e6U, 0x42424242U, 0x68686868U, - 0x41414141U, 0x99999999U, 0x2d2d2d2dU, 0x0f0f0f0fU, - 0xb0b0b0b0U, 0x54545454U, 0xbbbbbbbbU, 0x16161616U, + 0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U, + 0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U, + 0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U, + 0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU, + 0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU, + 0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU, + 0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U, + 0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU, + 0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU, + 0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U, + 0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U, + 0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU, + 0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU, + 0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU, + 0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU, + 0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU, + 0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U, + 0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU, + 0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU, + 0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U, + 0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U, + 0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U, + 0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U, + 0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U, + 0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU, + 0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U, + 0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU, + 0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU, + 0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U, + 0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U, + 0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U, + 0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU, + 0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U, + 0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU, + 0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU, + 0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U, + 0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U, + 0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU, + 0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U, + 0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU, + 0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U, + 0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U, + 0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U, + 0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U, + 0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU, + 0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U, + 0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU, + 0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U, + 0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU, + 0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U, + 0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU, + 0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU, + 0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU, + 0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU, + 0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U, + 0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U, + 0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U, + 0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U, + 0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U, + 0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U, + 0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU, + 0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U, + 0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU, + 0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU, }; + static const u32 Td0[256] = { - 0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U, - 0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U, - 0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U, - 0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU, - 0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U, - 0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U, - 0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU, - 0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U, - 0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU, - 0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U, - 0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U, - 0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U, - 0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U, - 0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU, - 0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U, - 0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU, - 0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U, - 0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU, - 0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U, - 0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U, - 0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U, - 0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU, - 0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U, - 0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU, - 0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U, - 0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU, - 0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U, - 0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU, - 0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU, - 0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U, - 0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU, - 0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U, - 0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU, - 0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U, - 0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U, - 0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U, - 0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU, - 0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U, - 0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U, - 0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU, - 0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U, - 0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U, - 0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U, - 0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U, - 0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U, - 0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU, - 0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U, - 0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U, - 0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U, - 0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U, - 0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U, - 0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU, - 0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU, - 0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU, - 0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU, - 0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U, - 0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U, - 0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU, - 0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU, - 0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U, - 0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU, - 0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U, - 0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U, - 0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U, + 0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U, + 0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U, + 0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U, + 0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU, + 0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U, + 0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U, + 0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU, + 0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U, + 0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU, + 0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U, + 0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U, + 0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U, + 0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U, + 0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU, + 0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U, + 0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU, + 0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U, + 0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU, + 0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U, + 0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U, + 0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U, + 0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU, + 0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U, + 0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU, + 0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U, + 0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU, + 0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U, + 0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU, + 0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU, + 0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U, + 0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU, + 0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U, + 0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU, + 0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U, + 0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U, + 0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U, + 0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU, + 0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U, + 0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U, + 0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU, + 0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U, + 0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U, + 0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U, + 0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U, + 0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U, + 0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU, + 0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U, + 0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U, + 0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U, + 0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U, + 0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U, + 0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU, + 0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU, + 0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU, + 0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU, + 0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U, + 0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U, + 0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU, + 0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU, + 0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U, + 0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU, + 0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U, + 0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U, + 0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U, }; static const u32 Td1[256] = { - 0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU, - 0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U, - 0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU, - 0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U, - 0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U, - 0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U, - 0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U, - 0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U, - 0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U, - 0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU, - 0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU, - 0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU, - 0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U, - 0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU, - 0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U, - 0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U, - 0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U, - 0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU, - 0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU, - 0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U, - 0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU, - 0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U, - 0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU, - 0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU, - 0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U, - 0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U, - 0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U, - 0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU, - 0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U, - 0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU, - 0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U, - 0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U, - 0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U, - 0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU, - 0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U, - 0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U, - 0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U, - 0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U, - 0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U, - 0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U, - 0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU, - 0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU, - 0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U, - 0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU, - 0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U, - 0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU, - 0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU, - 0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U, - 0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU, - 0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U, - 0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U, - 0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U, - 0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U, - 0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U, - 0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U, - 0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U, - 0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU, - 0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U, - 0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U, - 0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU, - 0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U, - 0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U, - 0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U, - 0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U, + 0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU, + 0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U, + 0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU, + 0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U, + 0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U, + 0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U, + 0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U, + 0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U, + 0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U, + 0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU, + 0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU, + 0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU, + 0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U, + 0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU, + 0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U, + 0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U, + 0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U, + 0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU, + 0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU, + 0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U, + 0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU, + 0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U, + 0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU, + 0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU, + 0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U, + 0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U, + 0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U, + 0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU, + 0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U, + 0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU, + 0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U, + 0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U, + 0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U, + 0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU, + 0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U, + 0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U, + 0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U, + 0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U, + 0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U, + 0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U, + 0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU, + 0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU, + 0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U, + 0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU, + 0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U, + 0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU, + 0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU, + 0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U, + 0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU, + 0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U, + 0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U, + 0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U, + 0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U, + 0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U, + 0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U, + 0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U, + 0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU, + 0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U, + 0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U, + 0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU, + 0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U, + 0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U, + 0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U, + 0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U, }; static const u32 Td2[256] = { - 0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U, - 0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U, - 0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U, - 0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U, - 0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU, - 0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U, - 0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U, - 0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U, - 0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U, - 0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU, - 0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U, - 0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U, - 0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU, - 0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U, - 0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U, - 0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U, - 0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U, - 0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U, - 0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U, - 0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU, - - 0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U, - 0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U, - 0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U, - 0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U, - 0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U, - 0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU, - 0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU, - 0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U, - 0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU, - 0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U, - 0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU, - 0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU, - 0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU, - 0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU, - 0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U, - 0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U, - 0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U, - 0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U, - 0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U, - 0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U, - 0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U, - 0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU, - 0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU, - 0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U, - 0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U, - 0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU, - 0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU, - 0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U, - 0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U, - 0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U, - 0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U, - 0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U, - 0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U, - 0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U, - 0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU, - 0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U, - 0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U, - 0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U, - 0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U, - 0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U, - 0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U, - 0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU, - 0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U, - 0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U, + 0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U, + 0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U, + 0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U, + 0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U, + 0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU, + 0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U, + 0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U, + 0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U, + 0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U, + 0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU, + 0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U, + 0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U, + 0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU, + 0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U, + 0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U, + 0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U, + 0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U, + 0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U, + 0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U, + 0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU, + 0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U, + 0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U, + 0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U, + 0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U, + 0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U, + 0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU, + 0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU, + 0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U, + 0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU, + 0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U, + 0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU, + 0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU, + 0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU, + 0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU, + 0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U, + 0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U, + 0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U, + 0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U, + 0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U, + 0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U, + 0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U, + 0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU, + 0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU, + 0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U, + 0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U, + 0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU, + 0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU, + 0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U, + 0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U, + 0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U, + 0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U, + 0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U, + 0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U, + 0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U, + 0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU, + 0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U, + 0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U, + 0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U, + 0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U, + 0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U, + 0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U, + 0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU, + 0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U, + 0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U, }; static const u32 Td3[256] = { - 0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU, - 0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU, - 0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U, - 0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U, - 0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU, - 0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU, - 0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U, - 0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU, - 0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U, - 0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU, - 0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U, - 0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U, - 0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U, - 0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U, - 0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U, - 0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU, - 0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU, - 0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U, - 0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U, - 0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU, - 0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU, - 0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U, - 0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U, - 0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U, - 0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U, - 0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU, - 0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U, - 0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U, - 0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU, - 0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU, - 0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U, - 0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U, - 0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U, - 0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU, - 0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U, - 0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U, - 0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U, - 0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U, - 0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U, - 0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U, - 0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U, - 0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU, - 0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U, - 0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U, - 0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU, - 0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU, - 0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U, - 0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU, - 0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U, - 0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U, - 0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U, - 0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U, - 0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U, - 0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U, - 0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU, - 0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU, - 0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU, - 0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU, - 0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U, - 0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U, - 0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U, - 0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU, - 0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U, - 0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U, + 0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU, + 0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU, + 0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U, + 0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U, + 0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU, + 0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU, + 0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U, + 0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU, + 0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U, + 0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU, + 0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U, + 0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U, + 0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U, + 0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U, + 0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U, + 0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU, + 0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU, + 0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U, + 0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U, + 0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU, + 0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU, + 0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U, + 0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U, + 0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U, + 0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U, + 0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU, + 0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U, + 0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U, + 0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU, + 0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU, + 0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U, + 0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U, + 0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U, + 0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU, + 0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U, + 0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U, + 0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U, + 0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U, + 0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U, + 0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U, + 0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U, + 0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU, + 0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U, + 0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U, + 0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU, + 0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU, + 0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U, + 0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU, + 0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U, + 0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U, + 0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U, + 0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U, + 0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U, + 0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U, + 0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU, + 0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU, + 0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU, + 0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU, + 0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U, + 0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U, + 0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U, + 0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU, + 0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U, + 0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U, }; -static const u32 Td4[256] = { - 0x52525252U, 0x09090909U, 0x6a6a6a6aU, 0xd5d5d5d5U, - 0x30303030U, 0x36363636U, 0xa5a5a5a5U, 0x38383838U, - 0xbfbfbfbfU, 0x40404040U, 0xa3a3a3a3U, 0x9e9e9e9eU, - 0x81818181U, 0xf3f3f3f3U, 0xd7d7d7d7U, 0xfbfbfbfbU, - 0x7c7c7c7cU, 0xe3e3e3e3U, 0x39393939U, 0x82828282U, - 0x9b9b9b9bU, 0x2f2f2f2fU, 0xffffffffU, 0x87878787U, - 0x34343434U, 0x8e8e8e8eU, 0x43434343U, 0x44444444U, - 0xc4c4c4c4U, 0xdedededeU, 0xe9e9e9e9U, 0xcbcbcbcbU, - 0x54545454U, 0x7b7b7b7bU, 0x94949494U, 0x32323232U, - 0xa6a6a6a6U, 0xc2c2c2c2U, 0x23232323U, 0x3d3d3d3dU, - 0xeeeeeeeeU, 0x4c4c4c4cU, 0x95959595U, 0x0b0b0b0bU, - 0x42424242U, 0xfafafafaU, 0xc3c3c3c3U, 0x4e4e4e4eU, - 0x08080808U, 0x2e2e2e2eU, 0xa1a1a1a1U, 0x66666666U, - 0x28282828U, 0xd9d9d9d9U, 0x24242424U, 0xb2b2b2b2U, - 0x76767676U, 0x5b5b5b5bU, 0xa2a2a2a2U, 0x49494949U, - 0x6d6d6d6dU, 0x8b8b8b8bU, 0xd1d1d1d1U, 0x25252525U, - 0x72727272U, 0xf8f8f8f8U, 0xf6f6f6f6U, 0x64646464U, - 0x86868686U, 0x68686868U, 0x98989898U, 0x16161616U, - 0xd4d4d4d4U, 0xa4a4a4a4U, 0x5c5c5c5cU, 0xccccccccU, - 0x5d5d5d5dU, 0x65656565U, 0xb6b6b6b6U, 0x92929292U, - 0x6c6c6c6cU, 0x70707070U, 0x48484848U, 0x50505050U, - 0xfdfdfdfdU, 0xededededU, 0xb9b9b9b9U, 0xdadadadaU, - 0x5e5e5e5eU, 0x15151515U, 0x46464646U, 0x57575757U, - 0xa7a7a7a7U, 0x8d8d8d8dU, 0x9d9d9d9dU, 0x84848484U, - 0x90909090U, 0xd8d8d8d8U, 0xababababU, 0x00000000U, - 0x8c8c8c8cU, 0xbcbcbcbcU, 0xd3d3d3d3U, 0x0a0a0a0aU, - 0xf7f7f7f7U, 0xe4e4e4e4U, 0x58585858U, 0x05050505U, - 0xb8b8b8b8U, 0xb3b3b3b3U, 0x45454545U, 0x06060606U, - 0xd0d0d0d0U, 0x2c2c2c2cU, 0x1e1e1e1eU, 0x8f8f8f8fU, - 0xcacacacaU, 0x3f3f3f3fU, 0x0f0f0f0fU, 0x02020202U, - 0xc1c1c1c1U, 0xafafafafU, 0xbdbdbdbdU, 0x03030303U, - 0x01010101U, 0x13131313U, 0x8a8a8a8aU, 0x6b6b6b6bU, - 0x3a3a3a3aU, 0x91919191U, 0x11111111U, 0x41414141U, - 0x4f4f4f4fU, 0x67676767U, 0xdcdcdcdcU, 0xeaeaeaeaU, - 0x97979797U, 0xf2f2f2f2U, 0xcfcfcfcfU, 0xcecececeU, - 0xf0f0f0f0U, 0xb4b4b4b4U, 0xe6e6e6e6U, 0x73737373U, - 0x96969696U, 0xacacacacU, 0x74747474U, 0x22222222U, - 0xe7e7e7e7U, 0xadadadadU, 0x35353535U, 0x85858585U, - 0xe2e2e2e2U, 0xf9f9f9f9U, 0x37373737U, 0xe8e8e8e8U, - 0x1c1c1c1cU, 0x75757575U, 0xdfdfdfdfU, 0x6e6e6e6eU, - 0x47474747U, 0xf1f1f1f1U, 0x1a1a1a1aU, 0x71717171U, - 0x1d1d1d1dU, 0x29292929U, 0xc5c5c5c5U, 0x89898989U, - 0x6f6f6f6fU, 0xb7b7b7b7U, 0x62626262U, 0x0e0e0e0eU, - 0xaaaaaaaaU, 0x18181818U, 0xbebebebeU, 0x1b1b1b1bU, - 0xfcfcfcfcU, 0x56565656U, 0x3e3e3e3eU, 0x4b4b4b4bU, - 0xc6c6c6c6U, 0xd2d2d2d2U, 0x79797979U, 0x20202020U, - 0x9a9a9a9aU, 0xdbdbdbdbU, 0xc0c0c0c0U, 0xfefefefeU, - 0x78787878U, 0xcdcdcdcdU, 0x5a5a5a5aU, 0xf4f4f4f4U, - 0x1f1f1f1fU, 0xddddddddU, 0xa8a8a8a8U, 0x33333333U, - 0x88888888U, 0x07070707U, 0xc7c7c7c7U, 0x31313131U, - 0xb1b1b1b1U, 0x12121212U, 0x10101010U, 0x59595959U, - 0x27272727U, 0x80808080U, 0xececececU, 0x5f5f5f5fU, - 0x60606060U, 0x51515151U, 0x7f7f7f7fU, 0xa9a9a9a9U, - 0x19191919U, 0xb5b5b5b5U, 0x4a4a4a4aU, 0x0d0d0d0dU, - 0x2d2d2d2dU, 0xe5e5e5e5U, 0x7a7a7a7aU, 0x9f9f9f9fU, - 0x93939393U, 0xc9c9c9c9U, 0x9c9c9c9cU, 0xefefefefU, - 0xa0a0a0a0U, 0xe0e0e0e0U, 0x3b3b3b3bU, 0x4d4d4d4dU, - 0xaeaeaeaeU, 0x2a2a2a2aU, 0xf5f5f5f5U, 0xb0b0b0b0U, - 0xc8c8c8c8U, 0xebebebebU, 0xbbbbbbbbU, 0x3c3c3c3cU, - 0x83838383U, 0x53535353U, 0x99999999U, 0x61616161U, - 0x17171717U, 0x2b2b2b2bU, 0x04040404U, 0x7e7e7e7eU, - 0xbabababaU, 0x77777777U, 0xd6d6d6d6U, 0x26262626U, - 0xe1e1e1e1U, 0x69696969U, 0x14141414U, 0x63636363U, - 0x55555555U, 0x21212121U, 0x0c0c0c0cU, 0x7d7d7d7dU, +static const u8 Td4[256] = { + 0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U, + 0xbfU, 0x40U, 0xa3U, 0x9eU, 0x81U, 0xf3U, 0xd7U, 0xfbU, + 0x7cU, 0xe3U, 0x39U, 0x82U, 0x9bU, 0x2fU, 0xffU, 0x87U, + 0x34U, 0x8eU, 0x43U, 0x44U, 0xc4U, 0xdeU, 0xe9U, 0xcbU, + 0x54U, 0x7bU, 0x94U, 0x32U, 0xa6U, 0xc2U, 0x23U, 0x3dU, + 0xeeU, 0x4cU, 0x95U, 0x0bU, 0x42U, 0xfaU, 0xc3U, 0x4eU, + 0x08U, 0x2eU, 0xa1U, 0x66U, 0x28U, 0xd9U, 0x24U, 0xb2U, + 0x76U, 0x5bU, 0xa2U, 0x49U, 0x6dU, 0x8bU, 0xd1U, 0x25U, + 0x72U, 0xf8U, 0xf6U, 0x64U, 0x86U, 0x68U, 0x98U, 0x16U, + 0xd4U, 0xa4U, 0x5cU, 0xccU, 0x5dU, 0x65U, 0xb6U, 0x92U, + 0x6cU, 0x70U, 0x48U, 0x50U, 0xfdU, 0xedU, 0xb9U, 0xdaU, + 0x5eU, 0x15U, 0x46U, 0x57U, 0xa7U, 0x8dU, 0x9dU, 0x84U, + 0x90U, 0xd8U, 0xabU, 0x00U, 0x8cU, 0xbcU, 0xd3U, 0x0aU, + 0xf7U, 0xe4U, 0x58U, 0x05U, 0xb8U, 0xb3U, 0x45U, 0x06U, + 0xd0U, 0x2cU, 0x1eU, 0x8fU, 0xcaU, 0x3fU, 0x0fU, 0x02U, + 0xc1U, 0xafU, 0xbdU, 0x03U, 0x01U, 0x13U, 0x8aU, 0x6bU, + 0x3aU, 0x91U, 0x11U, 0x41U, 0x4fU, 0x67U, 0xdcU, 0xeaU, + 0x97U, 0xf2U, 0xcfU, 0xceU, 0xf0U, 0xb4U, 0xe6U, 0x73U, + 0x96U, 0xacU, 0x74U, 0x22U, 0xe7U, 0xadU, 0x35U, 0x85U, + 0xe2U, 0xf9U, 0x37U, 0xe8U, 0x1cU, 0x75U, 0xdfU, 0x6eU, + 0x47U, 0xf1U, 0x1aU, 0x71U, 0x1dU, 0x29U, 0xc5U, 0x89U, + 0x6fU, 0xb7U, 0x62U, 0x0eU, 0xaaU, 0x18U, 0xbeU, 0x1bU, + 0xfcU, 0x56U, 0x3eU, 0x4bU, 0xc6U, 0xd2U, 0x79U, 0x20U, + 0x9aU, 0xdbU, 0xc0U, 0xfeU, 0x78U, 0xcdU, 0x5aU, 0xf4U, + 0x1fU, 0xddU, 0xa8U, 0x33U, 0x88U, 0x07U, 0xc7U, 0x31U, + 0xb1U, 0x12U, 0x10U, 0x59U, 0x27U, 0x80U, 0xecU, 0x5fU, + 0x60U, 0x51U, 0x7fU, 0xa9U, 0x19U, 0xb5U, 0x4aU, 0x0dU, + 0x2dU, 0xe5U, 0x7aU, 0x9fU, 0x93U, 0xc9U, 0x9cU, 0xefU, + 0xa0U, 0xe0U, 0x3bU, 0x4dU, 0xaeU, 0x2aU, 0xf5U, 0xb0U, + 0xc8U, 0xebU, 0xbbU, 0x3cU, 0x83U, 0x53U, 0x99U, 0x61U, + 0x17U, 0x2bU, 0x04U, 0x7eU, 0xbaU, 0x77U, 0xd6U, 0x26U, + 0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU, }; static const u32 rcon[] = { 0x01000000, 0x02000000, 0x04000000, 0x08000000, @@ -718,11 +624,11 @@ static const u32 rcon[] = { /** * Expand the cipher key into the encryption key schedule. */ -int AES_set_encrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key) { - +int +AES_set_encrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key) +{ u32 *rk; - int i = 0; + int i = 0; u32 temp; if (!userKey || !key) @@ -732,26 +638,26 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, rk = key->rd_key; - if (bits==128) + if (bits == 128) key->rounds = 10; - else if (bits==192) + else if (bits == 192) key->rounds = 12; else key->rounds = 14; - rk[0] = GETU32(userKey ); - rk[1] = GETU32(userKey + 4); - rk[2] = GETU32(userKey + 8); + rk[0] = GETU32(userKey); + rk[1] = GETU32(userKey + 4); + rk[2] = GETU32(userKey + 8); rk[3] = GETU32(userKey + 12); if (bits == 128) { - for (;;) { - temp = rk[3]; + while (1) { + temp = rk[3]; rk[4] = rk[0] ^ - (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ - (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ - (Te4[(temp ) & 0xff] & 0x0000ff00) ^ - (Te4[(temp >> 24) ] & 0x000000ff) ^ - rcon[i]; + (Te2[(temp >> 16) & 0xff] & 0xff000000) ^ + (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^ + (Te0[(temp) & 0xff] & 0x0000ff00) ^ + (Te1[(temp >> 24)] & 0x000000ff) ^ + rcon[i]; rk[5] = rk[1] ^ rk[4]; rk[6] = rk[2] ^ rk[5]; rk[7] = rk[3] ^ rk[6]; @@ -764,54 +670,54 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, rk[4] = GETU32(userKey + 16); rk[5] = GETU32(userKey + 20); if (bits == 192) { - for (;;) { - temp = rk[ 5]; - rk[ 6] = rk[ 0] ^ - (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ - (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ - (Te4[(temp ) & 0xff] & 0x0000ff00) ^ - (Te4[(temp >> 24) ] & 0x000000ff) ^ - rcon[i]; - rk[ 7] = rk[ 1] ^ rk[ 6]; - rk[ 8] = rk[ 2] ^ rk[ 7]; - rk[ 9] = rk[ 3] ^ rk[ 8]; + while (1) { + temp = rk[5]; + rk[6] = rk[ 0] ^ + (Te2[(temp >> 16) & 0xff] & 0xff000000) ^ + (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^ + (Te0[(temp) & 0xff] & 0x0000ff00) ^ + (Te1[(temp >> 24)] & 0x000000ff) ^ + rcon[i]; + rk[7] = rk[1] ^ rk[6]; + rk[8] = rk[2] ^ rk[7]; + rk[9] = rk[3] ^ rk[8]; if (++i == 8) { return 0; } - rk[10] = rk[ 4] ^ rk[ 9]; - rk[11] = rk[ 5] ^ rk[10]; + rk[10] = rk[4] ^ rk[9]; + rk[11] = rk[5] ^ rk[10]; rk += 6; } } rk[6] = GETU32(userKey + 24); rk[7] = GETU32(userKey + 28); if (bits == 256) { - for (;;) { - temp = rk[ 7]; - rk[ 8] = rk[ 0] ^ - (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ - (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ - (Te4[(temp ) & 0xff] & 0x0000ff00) ^ - (Te4[(temp >> 24) ] & 0x000000ff) ^ - rcon[i]; - rk[ 9] = rk[ 1] ^ rk[ 8]; - rk[10] = rk[ 2] ^ rk[ 9]; - rk[11] = rk[ 3] ^ rk[10]; + while (1) { + temp = rk[7]; + rk[8] = rk[0] ^ + (Te2[(temp >> 16) & 0xff] & 0xff000000) ^ + (Te3[(temp >> 8) & 0xff] & 0x00ff0000) ^ + (Te0[(temp) & 0xff] & 0x0000ff00) ^ + (Te1[(temp >> 24)] & 0x000000ff) ^ + rcon[i]; + rk[9] = rk[1] ^ rk[8]; + rk[10] = rk[2] ^ rk[9]; + rk[11] = rk[3] ^ rk[10]; if (++i == 7) { return 0; } temp = rk[11]; - rk[12] = rk[ 4] ^ - (Te4[(temp >> 24) ] & 0xff000000) ^ - (Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^ - (Te4[(temp >> 8) & 0xff] & 0x0000ff00) ^ - (Te4[(temp ) & 0xff] & 0x000000ff); - rk[13] = rk[ 5] ^ rk[12]; - rk[14] = rk[ 6] ^ rk[13]; - rk[15] = rk[ 7] ^ rk[14]; + rk[12] = rk[4] ^ + (Te2[(temp >> 24)] & 0xff000000) ^ + (Te3[(temp >> 16) & 0xff] & 0x00ff0000) ^ + (Te0[(temp >> 8) & 0xff] & 0x0000ff00) ^ + (Te1[(temp) & 0xff] & 0x000000ff); + rk[13] = rk[5] ^ rk[12]; + rk[14] = rk[6] ^ rk[13]; + rk[15] = rk[7] ^ rk[14]; rk += 8; - } + } } return 0; } @@ -819,10 +725,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, /** * Expand the cipher key into the decryption key schedule. */ -int AES_set_decrypt_key(const unsigned char *userKey, const int bits, - AES_KEY *key) { - - u32 *rk; +int +AES_set_decrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key) +{ + u32 *rk; int i, j, status; u32 temp; @@ -834,35 +740,43 @@ int AES_set_decrypt_key(const unsigned char *userKey, const int bits, rk = key->rd_key; /* invert the order of the round keys: */ - for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) { - temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp; - temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp; - temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp; - temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp; + for (i = 0, j = 4 * (key->rounds); i < j; i += 4, j -= 4) { + temp = rk[i]; + rk[i] = rk[j]; + rk[j] = temp; + temp = rk[i + 1]; + rk[i + 1] = rk[j + 1]; + rk[j + 1] = temp; + temp = rk[i + 2]; + rk[i + 2] = rk[j + 2]; + rk[j + 2] = temp; + temp = rk[i + 3]; + rk[i + 3] = rk[j + 3]; + rk[j + 3] = temp; } /* apply the inverse MixColumn transform to all round keys but the first and the last: */ for (i = 1; i < (key->rounds); i++) { rk += 4; rk[0] = - Td0[Te4[(rk[0] >> 24) ] & 0xff] ^ - Td1[Te4[(rk[0] >> 16) & 0xff] & 0xff] ^ - Td2[Te4[(rk[0] >> 8) & 0xff] & 0xff] ^ - Td3[Te4[(rk[0] ) & 0xff] & 0xff]; + Td0[Te1[(rk[0] >> 24)] & 0xff] ^ + Td1[Te1[(rk[0] >> 16) & 0xff] & 0xff] ^ + Td2[Te1[(rk[0] >> 8) & 0xff] & 0xff] ^ + Td3[Te1[(rk[0]) & 0xff] & 0xff]; rk[1] = - Td0[Te4[(rk[1] >> 24) ] & 0xff] ^ - Td1[Te4[(rk[1] >> 16) & 0xff] & 0xff] ^ - Td2[Te4[(rk[1] >> 8) & 0xff] & 0xff] ^ - Td3[Te4[(rk[1] ) & 0xff] & 0xff]; + Td0[Te1[(rk[1] >> 24)] & 0xff] ^ + Td1[Te1[(rk[1] >> 16) & 0xff] & 0xff] ^ + Td2[Te1[(rk[1] >> 8) & 0xff] & 0xff] ^ + Td3[Te1[(rk[1]) & 0xff] & 0xff]; rk[2] = - Td0[Te4[(rk[2] >> 24) ] & 0xff] ^ - Td1[Te4[(rk[2] >> 16) & 0xff] & 0xff] ^ - Td2[Te4[(rk[2] >> 8) & 0xff] & 0xff] ^ - Td3[Te4[(rk[2] ) & 0xff] & 0xff]; + Td0[Te1[(rk[2] >> 24)] & 0xff] ^ + Td1[Te1[(rk[2] >> 16) & 0xff] & 0xff] ^ + Td2[Te1[(rk[2] >> 8) & 0xff] & 0xff] ^ + Td3[Te1[(rk[2]) & 0xff] & 0xff]; rk[3] = - Td0[Te4[(rk[3] >> 24) ] & 0xff] ^ - Td1[Te4[(rk[3] >> 16) & 0xff] & 0xff] ^ - Td2[Te4[(rk[3] >> 8) & 0xff] & 0xff] ^ - Td3[Te4[(rk[3] ) & 0xff] & 0xff]; + Td0[Te1[(rk[3] >> 24)] & 0xff] ^ + Td1[Te1[(rk[3] >> 16) & 0xff] & 0xff] ^ + Td2[Te1[(rk[3] >> 8) & 0xff] & 0xff] ^ + Td3[Te1[(rk[3]) & 0xff] & 0xff]; } return 0; } @@ -871,16 +785,15 @@ int AES_set_decrypt_key(const unsigned char *userKey, const int bits, * Encrypt a single block * in and out can overlap */ -void AES_encrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key) { - +void +AES_encrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key) +{ const u32 *rk; u32 s0, s1, s2, s3, t0, t1, t2, t3; #ifndef FULL_UNROLL int r; #endif /* ?FULL_UNROLL */ - assert(in && out && key); rk = key->rd_key; /* @@ -893,168 +806,168 @@ void AES_encrypt(const unsigned char *in, unsigned char *out, s3 = GETU32(in + 12) ^ rk[3]; #ifdef FULL_UNROLL /* round 1: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7]; - /* round 2: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11]; + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7]; + /* round 2: */ + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11]; /* round 3: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15]; - /* round 4: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19]; + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15]; + /* round 4: */ + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19]; /* round 5: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23]; - /* round 6: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27]; + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23]; + /* round 6: */ + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27]; /* round 7: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31]; - /* round 8: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35]; + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31]; + /* round 8: */ + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35]; /* round 9: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39]; - if (key->rounds > 10) { - /* round 10: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[41]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[42]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[43]; - /* round 11: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[44]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[45]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[46]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[47]; - if (key->rounds > 12) { - /* round 12: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[48]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[49]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[50]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[51]; - /* round 13: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[52]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[53]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[54]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[55]; - } - } - rk += key->rounds << 2; + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39]; + if (key->rounds > 10) { + /* round 10: */ + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[41]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[42]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[43]; + /* round 11: */ + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[44]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[45]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[46]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[47]; + if (key->rounds > 12) { + /* round 12: */ + s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[48]; + s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[49]; + s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[50]; + s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[51]; + /* round 13: */ + t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[52]; + t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[53]; + t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[54]; + t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[55]; + } + } + rk += key->rounds << 2; #else /* !FULL_UNROLL */ /* * Nr - 1 full rounds: */ - r = key->rounds >> 1; - for (;;) { - t0 = - Te0[(s0 >> 24) ] ^ - Te1[(s1 >> 16) & 0xff] ^ - Te2[(s2 >> 8) & 0xff] ^ - Te3[(s3 ) & 0xff] ^ - rk[4]; - t1 = - Te0[(s1 >> 24) ] ^ - Te1[(s2 >> 16) & 0xff] ^ - Te2[(s3 >> 8) & 0xff] ^ - Te3[(s0 ) & 0xff] ^ - rk[5]; - t2 = - Te0[(s2 >> 24) ] ^ - Te1[(s3 >> 16) & 0xff] ^ - Te2[(s0 >> 8) & 0xff] ^ - Te3[(s1 ) & 0xff] ^ - rk[6]; - t3 = - Te0[(s3 >> 24) ] ^ - Te1[(s0 >> 16) & 0xff] ^ - Te2[(s1 >> 8) & 0xff] ^ - Te3[(s2 ) & 0xff] ^ - rk[7]; + r = key->rounds >> 1; + for (;;) { + t0 = + Te0[(s0 >> 24)] ^ + Te1[(s1 >> 16) & 0xff] ^ + Te2[(s2 >> 8) & 0xff] ^ + Te3[(s3) & 0xff] ^ + rk[4]; + t1 = + Te0[(s1 >> 24)] ^ + Te1[(s2 >> 16) & 0xff] ^ + Te2[(s3 >> 8) & 0xff] ^ + Te3[(s0) & 0xff] ^ + rk[5]; + t2 = + Te0[(s2 >> 24)] ^ + Te1[(s3 >> 16) & 0xff] ^ + Te2[(s0 >> 8) & 0xff] ^ + Te3[(s1) & 0xff] ^ + rk[6]; + t3 = + Te0[(s3 >> 24)] ^ + Te1[(s0 >> 16) & 0xff] ^ + Te2[(s1 >> 8) & 0xff] ^ + Te3[(s2) & 0xff] ^ + rk[7]; - rk += 8; - if (--r == 0) { - break; - } + rk += 8; + if (--r == 0) { + break; + } - s0 = - Te0[(t0 >> 24) ] ^ - Te1[(t1 >> 16) & 0xff] ^ - Te2[(t2 >> 8) & 0xff] ^ - Te3[(t3 ) & 0xff] ^ - rk[0]; - s1 = - Te0[(t1 >> 24) ] ^ - Te1[(t2 >> 16) & 0xff] ^ - Te2[(t3 >> 8) & 0xff] ^ - Te3[(t0 ) & 0xff] ^ - rk[1]; - s2 = - Te0[(t2 >> 24) ] ^ - Te1[(t3 >> 16) & 0xff] ^ - Te2[(t0 >> 8) & 0xff] ^ - Te3[(t1 ) & 0xff] ^ - rk[2]; - s3 = - Te0[(t3 >> 24) ] ^ - Te1[(t0 >> 16) & 0xff] ^ - Te2[(t1 >> 8) & 0xff] ^ - Te3[(t2 ) & 0xff] ^ - rk[3]; - } + s0 = + Te0[(t0 >> 24)] ^ + Te1[(t1 >> 16) & 0xff] ^ + Te2[(t2 >> 8) & 0xff] ^ + Te3[(t3) & 0xff] ^ + rk[0]; + s1 = + Te0[(t1 >> 24)] ^ + Te1[(t2 >> 16) & 0xff] ^ + Te2[(t3 >> 8) & 0xff] ^ + Te3[(t0) & 0xff] ^ + rk[1]; + s2 = + Te0[(t2 >> 24)] ^ + Te1[(t3 >> 16) & 0xff] ^ + Te2[(t0 >> 8) & 0xff] ^ + Te3[(t1) & 0xff] ^ + rk[2]; + s3 = + Te0[(t3 >> 24)] ^ + Te1[(t0 >> 16) & 0xff] ^ + Te2[(t1 >> 8) & 0xff] ^ + Te3[(t2) & 0xff] ^ + rk[3]; + } #endif /* ?FULL_UNROLL */ - /* + /* * apply last round and * map cipher state to byte array block: */ s0 = - (Te4[(t0 >> 24) ] & 0xff000000) ^ - (Te4[(t1 >> 16) & 0xff] & 0x00ff0000) ^ - (Te4[(t2 >> 8) & 0xff] & 0x0000ff00) ^ - (Te4[(t3 ) & 0xff] & 0x000000ff) ^ - rk[0]; - PUTU32(out , s0); + (Te2[(t0 >> 24)] & 0xff000000) ^ + (Te3[(t1 >> 16) & 0xff] & 0x00ff0000) ^ + (Te0[(t2 >> 8) & 0xff] & 0x0000ff00) ^ + (Te1[(t3) & 0xff] & 0x000000ff) ^ + rk[0]; + PUTU32(out, s0); s1 = - (Te4[(t1 >> 24) ] & 0xff000000) ^ - (Te4[(t2 >> 16) & 0xff] & 0x00ff0000) ^ - (Te4[(t3 >> 8) & 0xff] & 0x0000ff00) ^ - (Te4[(t0 ) & 0xff] & 0x000000ff) ^ - rk[1]; + (Te2[(t1 >> 24)] & 0xff000000) ^ + (Te3[(t2 >> 16) & 0xff] & 0x00ff0000) ^ + (Te0[(t3 >> 8) & 0xff] & 0x0000ff00) ^ + (Te1[(t0) & 0xff] & 0x000000ff) ^ + rk[1]; PUTU32(out + 4, s1); s2 = - (Te4[(t2 >> 24) ] & 0xff000000) ^ - (Te4[(t3 >> 16) & 0xff] & 0x00ff0000) ^ - (Te4[(t0 >> 8) & 0xff] & 0x0000ff00) ^ - (Te4[(t1 ) & 0xff] & 0x000000ff) ^ - rk[2]; + (Te2[(t2 >> 24)] & 0xff000000) ^ + (Te3[(t3 >> 16) & 0xff] & 0x00ff0000) ^ + (Te0[(t0 >> 8) & 0xff] & 0x0000ff00) ^ + (Te1[(t1) & 0xff] & 0x000000ff) ^ + rk[2]; PUTU32(out + 8, s2); s3 = - (Te4[(t3 >> 24) ] & 0xff000000) ^ - (Te4[(t0 >> 16) & 0xff] & 0x00ff0000) ^ - (Te4[(t1 >> 8) & 0xff] & 0x0000ff00) ^ - (Te4[(t2 ) & 0xff] & 0x000000ff) ^ - rk[3]; + (Te2[(t3 >> 24)] & 0xff000000) ^ + (Te3[(t0 >> 16) & 0xff] & 0x00ff0000) ^ + (Te0[(t1 >> 8) & 0xff] & 0x0000ff00) ^ + (Te1[(t2) & 0xff] & 0x000000ff) ^ + rk[3]; PUTU32(out + 12, s3); } @@ -1062,190 +975,400 @@ void AES_encrypt(const unsigned char *in, unsigned char *out, * Decrypt a single block * in and out can overlap */ -void AES_decrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key) { - +void +AES_decrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key) +{ const u32 *rk; u32 s0, s1, s2, s3, t0, t1, t2, t3; #ifndef FULL_UNROLL int r; #endif /* ?FULL_UNROLL */ - assert(in && out && key); rk = key->rd_key; /* * map byte array block to cipher state * and add initial round key: */ - s0 = GETU32(in ) ^ rk[0]; - s1 = GETU32(in + 4) ^ rk[1]; - s2 = GETU32(in + 8) ^ rk[2]; - s3 = GETU32(in + 12) ^ rk[3]; + s0 = GETU32(in) ^ rk[0]; + s1 = GETU32(in + 4) ^ rk[1]; + s2 = GETU32(in + 8) ^ rk[2]; + s3 = GETU32(in + 12) ^ rk[3]; #ifdef FULL_UNROLL - /* round 1: */ - t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[ 4]; - t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[ 5]; - t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[ 6]; - t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[ 7]; - /* round 2: */ - s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[ 8]; - s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[ 9]; - s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[10]; - s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[11]; - /* round 3: */ - t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[12]; - t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[13]; - t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[14]; - t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[15]; - /* round 4: */ - s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[16]; - s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[17]; - s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[18]; - s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[19]; - /* round 5: */ - t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[20]; - t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[21]; - t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[22]; - t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[23]; - /* round 6: */ - s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[24]; - s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[25]; - s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[26]; - s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[27]; - /* round 7: */ - t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[28]; - t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[29]; - t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[30]; - t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[31]; - /* round 8: */ - s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[32]; - s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[33]; - s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[34]; - s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[35]; - /* round 9: */ - t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[36]; - t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[37]; - t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[38]; - t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[39]; - if (key->rounds > 10) { - /* round 10: */ - s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[40]; - s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[41]; - s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[42]; - s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[43]; - /* round 11: */ - t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[44]; - t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[45]; - t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[46]; - t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[47]; - if (key->rounds > 12) { - /* round 12: */ - s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[48]; - s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[49]; - s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[50]; - s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[51]; - /* round 13: */ - t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[52]; - t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[53]; - t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[54]; - t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[55]; - } - } + /* round 1: */ + t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[ 4]; + t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[ 5]; + t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[ 6]; + t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[ 7]; + /* round 2: */ + s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[ 8]; + s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[ 9]; + s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[10]; + s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[11]; + /* round 3: */ + t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[12]; + t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[13]; + t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[14]; + t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[15]; + /* round 4: */ + s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[16]; + s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[17]; + s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[18]; + s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[19]; + /* round 5: */ + t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[20]; + t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[21]; + t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[22]; + t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[23]; + /* round 6: */ + s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[24]; + s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[25]; + s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[26]; + s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[27]; + /* round 7: */ + t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[28]; + t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[29]; + t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[30]; + t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[31]; + /* round 8: */ + s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[32]; + s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[33]; + s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[34]; + s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[35]; + /* round 9: */ + t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[36]; + t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[37]; + t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[38]; + t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[39]; + if (key->rounds > 10) { + /* round 10: */ + s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[40]; + s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[41]; + s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[42]; + s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[43]; + /* round 11: */ + t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[44]; + t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[45]; + t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[46]; + t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[47]; + if (key->rounds > 12) { + /* round 12: */ + s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[48]; + s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[49]; + s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[50]; + s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[51]; + /* round 13: */ + t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[52]; + t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[53]; + t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[54]; + t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[55]; + } + } rk += key->rounds << 2; #else /* !FULL_UNROLL */ /* * Nr - 1 full rounds: */ - r = key->rounds >> 1; - for (;;) { - t0 = - Td0[(s0 >> 24) ] ^ - Td1[(s3 >> 16) & 0xff] ^ - Td2[(s2 >> 8) & 0xff] ^ - Td3[(s1 ) & 0xff] ^ - rk[4]; - t1 = - Td0[(s1 >> 24) ] ^ - Td1[(s0 >> 16) & 0xff] ^ - Td2[(s3 >> 8) & 0xff] ^ - Td3[(s2 ) & 0xff] ^ - rk[5]; - t2 = - Td0[(s2 >> 24) ] ^ - Td1[(s1 >> 16) & 0xff] ^ - Td2[(s0 >> 8) & 0xff] ^ - Td3[(s3 ) & 0xff] ^ - rk[6]; - t3 = - Td0[(s3 >> 24) ] ^ - Td1[(s2 >> 16) & 0xff] ^ - Td2[(s1 >> 8) & 0xff] ^ - Td3[(s0 ) & 0xff] ^ - rk[7]; + r = key->rounds >> 1; + for (;;) { + t0 = + Td0[(s0 >> 24)] ^ + Td1[(s3 >> 16) & 0xff] ^ + Td2[(s2 >> 8) & 0xff] ^ + Td3[(s1) & 0xff] ^ + rk[4]; + t1 = + Td0[(s1 >> 24)] ^ + Td1[(s0 >> 16) & 0xff] ^ + Td2[(s3 >> 8) & 0xff] ^ + Td3[(s2) & 0xff] ^ + rk[5]; + t2 = + Td0[(s2 >> 24)] ^ + Td1[(s1 >> 16) & 0xff] ^ + Td2[(s0 >> 8) & 0xff] ^ + Td3[(s3) & 0xff] ^ + rk[6]; + t3 = + Td0[(s3 >> 24)] ^ + Td1[(s2 >> 16) & 0xff] ^ + Td2[(s1 >> 8) & 0xff] ^ + Td3[(s0) & 0xff] ^ + rk[7]; - rk += 8; - if (--r == 0) { - break; - } + rk += 8; + if (--r == 0) { + break; + } - s0 = - Td0[(t0 >> 24) ] ^ - Td1[(t3 >> 16) & 0xff] ^ - Td2[(t2 >> 8) & 0xff] ^ - Td3[(t1 ) & 0xff] ^ - rk[0]; - s1 = - Td0[(t1 >> 24) ] ^ - Td1[(t0 >> 16) & 0xff] ^ - Td2[(t3 >> 8) & 0xff] ^ - Td3[(t2 ) & 0xff] ^ - rk[1]; - s2 = - Td0[(t2 >> 24) ] ^ - Td1[(t1 >> 16) & 0xff] ^ - Td2[(t0 >> 8) & 0xff] ^ - Td3[(t3 ) & 0xff] ^ - rk[2]; - s3 = - Td0[(t3 >> 24) ] ^ - Td1[(t2 >> 16) & 0xff] ^ - Td2[(t1 >> 8) & 0xff] ^ - Td3[(t0 ) & 0xff] ^ - rk[3]; - } + s0 = + Td0[(t0 >> 24)] ^ + Td1[(t3 >> 16) & 0xff] ^ + Td2[(t2 >> 8) & 0xff] ^ + Td3[(t1) & 0xff] ^ + rk[0]; + s1 = + Td0[(t1 >> 24)] ^ + Td1[(t0 >> 16) & 0xff] ^ + Td2[(t3 >> 8) & 0xff] ^ + Td3[(t2) & 0xff] ^ + rk[1]; + s2 = + Td0[(t2 >> 24)] ^ + Td1[(t1 >> 16) & 0xff] ^ + Td2[(t0 >> 8) & 0xff] ^ + Td3[(t3) & 0xff] ^ + rk[2]; + s3 = + Td0[(t3 >> 24)] ^ + Td1[(t2 >> 16) & 0xff] ^ + Td2[(t1 >> 8) & 0xff] ^ + Td3[(t0) & 0xff] ^ + rk[3]; + } #endif /* ?FULL_UNROLL */ /* * apply last round and * map cipher state to byte array block: */ - s0 = - (Td4[(t0 >> 24) ] & 0xff000000) ^ - (Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^ - (Td4[(t2 >> 8) & 0xff] & 0x0000ff00) ^ - (Td4[(t1 ) & 0xff] & 0x000000ff) ^ - rk[0]; - PUTU32(out , s0); - s1 = - (Td4[(t1 >> 24) ] & 0xff000000) ^ - (Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^ - (Td4[(t3 >> 8) & 0xff] & 0x0000ff00) ^ - (Td4[(t2 ) & 0xff] & 0x000000ff) ^ - rk[1]; - PUTU32(out + 4, s1); - s2 = - (Td4[(t2 >> 24) ] & 0xff000000) ^ - (Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^ - (Td4[(t0 >> 8) & 0xff] & 0x0000ff00) ^ - (Td4[(t3 ) & 0xff] & 0x000000ff) ^ - rk[2]; - PUTU32(out + 8, s2); - s3 = - (Td4[(t3 >> 24) ] & 0xff000000) ^ - (Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^ - (Td4[(t1 >> 8) & 0xff] & 0x0000ff00) ^ - (Td4[(t0 ) & 0xff] & 0x000000ff) ^ - rk[3]; + s0 = + (((uint32_t)Td4[(t0 >> 24)]) << 24) ^ + (Td4[(t3 >> 16) & 0xff] << 16) ^ + (Td4[(t2 >> 8) & 0xff] << 8) ^ + (Td4[(t1) & 0xff]) ^ + rk[0]; + PUTU32(out, s0); + s1 = + (((uint32_t)Td4[(t1 >> 24)]) << 24) ^ + (Td4[(t0 >> 16) & 0xff] << 16) ^ + (Td4[(t3 >> 8) & 0xff] << 8) ^ + (Td4[(t2) & 0xff]) ^ + rk[1]; + PUTU32(out + 4, s1); + s2 = + (((uint32_t)Td4[(t2 >> 24)]) << 24) ^ + (Td4[(t1 >> 16) & 0xff] << 16) ^ + (Td4[(t0 >> 8) & 0xff] << 8) ^ + (Td4[(t3) & 0xff]) ^ + rk[2]; + PUTU32(out + 8, s2); + s3 = + (((uint32_t)Td4[(t3 >> 24)]) << 24) ^ + (Td4[(t2 >> 16) & 0xff] << 16) ^ + (Td4[(t1 >> 8) & 0xff] << 8) ^ + (Td4[(t0) & 0xff]) ^ + rk[3]; PUTU32(out + 12, s3); } +#else /* AES_ASM */ + +static const u8 Te4[256] = { + 0x63U, 0x7cU, 0x77U, 0x7bU, 0xf2U, 0x6bU, 0x6fU, 0xc5U, + 0x30U, 0x01U, 0x67U, 0x2bU, 0xfeU, 0xd7U, 0xabU, 0x76U, + 0xcaU, 0x82U, 0xc9U, 0x7dU, 0xfaU, 0x59U, 0x47U, 0xf0U, + 0xadU, 0xd4U, 0xa2U, 0xafU, 0x9cU, 0xa4U, 0x72U, 0xc0U, + 0xb7U, 0xfdU, 0x93U, 0x26U, 0x36U, 0x3fU, 0xf7U, 0xccU, + 0x34U, 0xa5U, 0xe5U, 0xf1U, 0x71U, 0xd8U, 0x31U, 0x15U, + 0x04U, 0xc7U, 0x23U, 0xc3U, 0x18U, 0x96U, 0x05U, 0x9aU, + 0x07U, 0x12U, 0x80U, 0xe2U, 0xebU, 0x27U, 0xb2U, 0x75U, + 0x09U, 0x83U, 0x2cU, 0x1aU, 0x1bU, 0x6eU, 0x5aU, 0xa0U, + 0x52U, 0x3bU, 0xd6U, 0xb3U, 0x29U, 0xe3U, 0x2fU, 0x84U, + 0x53U, 0xd1U, 0x00U, 0xedU, 0x20U, 0xfcU, 0xb1U, 0x5bU, + 0x6aU, 0xcbU, 0xbeU, 0x39U, 0x4aU, 0x4cU, 0x58U, 0xcfU, + 0xd0U, 0xefU, 0xaaU, 0xfbU, 0x43U, 0x4dU, 0x33U, 0x85U, + 0x45U, 0xf9U, 0x02U, 0x7fU, 0x50U, 0x3cU, 0x9fU, 0xa8U, + 0x51U, 0xa3U, 0x40U, 0x8fU, 0x92U, 0x9dU, 0x38U, 0xf5U, + 0xbcU, 0xb6U, 0xdaU, 0x21U, 0x10U, 0xffU, 0xf3U, 0xd2U, + 0xcdU, 0x0cU, 0x13U, 0xecU, 0x5fU, 0x97U, 0x44U, 0x17U, + 0xc4U, 0xa7U, 0x7eU, 0x3dU, 0x64U, 0x5dU, 0x19U, 0x73U, + 0x60U, 0x81U, 0x4fU, 0xdcU, 0x22U, 0x2aU, 0x90U, 0x88U, + 0x46U, 0xeeU, 0xb8U, 0x14U, 0xdeU, 0x5eU, 0x0bU, 0xdbU, + 0xe0U, 0x32U, 0x3aU, 0x0aU, 0x49U, 0x06U, 0x24U, 0x5cU, + 0xc2U, 0xd3U, 0xacU, 0x62U, 0x91U, 0x95U, 0xe4U, 0x79U, + 0xe7U, 0xc8U, 0x37U, 0x6dU, 0x8dU, 0xd5U, 0x4eU, 0xa9U, + 0x6cU, 0x56U, 0xf4U, 0xeaU, 0x65U, 0x7aU, 0xaeU, 0x08U, + 0xbaU, 0x78U, 0x25U, 0x2eU, 0x1cU, 0xa6U, 0xb4U, 0xc6U, + 0xe8U, 0xddU, 0x74U, 0x1fU, 0x4bU, 0xbdU, 0x8bU, 0x8aU, + 0x70U, 0x3eU, 0xb5U, 0x66U, 0x48U, 0x03U, 0xf6U, 0x0eU, + 0x61U, 0x35U, 0x57U, 0xb9U, 0x86U, 0xc1U, 0x1dU, 0x9eU, + 0xe1U, 0xf8U, 0x98U, 0x11U, 0x69U, 0xd9U, 0x8eU, 0x94U, + 0x9bU, 0x1eU, 0x87U, 0xe9U, 0xceU, 0x55U, 0x28U, 0xdfU, + 0x8cU, 0xa1U, 0x89U, 0x0dU, 0xbfU, 0xe6U, 0x42U, 0x68U, + 0x41U, 0x99U, 0x2dU, 0x0fU, 0xb0U, 0x54U, 0xbbU, 0x16U +}; +static const u32 rcon[] = { + 0x01000000, 0x02000000, 0x04000000, 0x08000000, + 0x10000000, 0x20000000, 0x40000000, 0x80000000, + 0x1B000000, 0x36000000, + /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */ +}; + +/** + * Expand the cipher key into the encryption key schedule. + */ +int +AES_set_encrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key) +{ + u32 *rk; + int i = 0; + u32 temp; + + if (!userKey || !key) + return -1; + if (bits != 128 && bits != 192 && bits != 256) + return -2; + + rk = key->rd_key; + + if (bits == 128) + key->rounds = 10; + else if (bits == 192) + key->rounds = 12; + else + key->rounds = 14; + + rk[0] = GETU32(userKey); + rk[1] = GETU32(userKey + 4); + rk[2] = GETU32(userKey + 8); + rk[3] = GETU32(userKey + 12); + if (bits == 128) { + while (1) { + temp = rk[3]; + rk[4] = rk[0] ^ + (Te4[(temp >> 16) & 0xff] << 24) ^ + (Te4[(temp >> 8) & 0xff] << 16) ^ + (Te4[(temp) & 0xff] << 8) ^ + (Te4[(temp >> 24)]) ^ + rcon[i]; + rk[5] = rk[1] ^ rk[4]; + rk[6] = rk[2] ^ rk[5]; + rk[7] = rk[3] ^ rk[6]; + if (++i == 10) { + return 0; + } + rk += 4; + } + } + rk[4] = GETU32(userKey + 16); + rk[5] = GETU32(userKey + 20); + if (bits == 192) { + while (1) { + temp = rk[5]; + rk[6] = rk[0] ^ + (Te4[(temp >> 16) & 0xff] << 24) ^ + (Te4[(temp >> 8) & 0xff] << 16) ^ + (Te4[(temp) & 0xff] << 8) ^ + (Te4[(temp >> 24)]) ^ + rcon[i]; + rk[7] = rk[1] ^ rk[6]; + rk[8] = rk[2] ^ rk[7]; + rk[9] = rk[3] ^ rk[8]; + if (++i == 8) { + return 0; + } + rk[10] = rk[4] ^ rk[9]; + rk[11] = rk[5] ^ rk[10]; + rk += 6; + } + } + rk[6] = GETU32(userKey + 24); + rk[7] = GETU32(userKey + 28); + if (bits == 256) { + while (1) { + temp = rk[7]; + rk[8] = rk[0] ^ + (Te4[(temp >> 16) & 0xff] << 24) ^ + (Te4[(temp >> 8) & 0xff] << 16) ^ + (Te4[(temp) & 0xff] << 8) ^ + (Te4[(temp >> 24)]) ^ + rcon[i]; + rk[9] = rk[1] ^ rk[8]; + rk[10] = rk[2] ^ rk[9]; + rk[11] = rk[3] ^ rk[10]; + if (++i == 7) { + return 0; + } + temp = rk[11]; + rk[12] = rk[4] ^ + (Te4[(temp >> 24)] << 24) ^ + (Te4[(temp >> 16) & 0xff] << 16) ^ + (Te4[(temp >> 8) & 0xff] << 8) ^ + (Te4[(temp) & 0xff]); + rk[13] = rk[5] ^ rk[12]; + rk[14] = rk[6] ^ rk[13]; + rk[15] = rk[7] ^ rk[14]; + + rk += 8; + } + } + return 0; +} + +/** + * Expand the cipher key into the decryption key schedule. + */ +int +AES_set_decrypt_key(const unsigned char *userKey, const int bits, + AES_KEY *key) +{ + u32 *rk; + int i, j, status; + u32 temp; + + /* first, start with an encryption schedule */ + status = AES_set_encrypt_key(userKey, bits, key); + if (status < 0) + return status; + + rk = key->rd_key; + + /* invert the order of the round keys: */ + for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) { + temp = rk[i]; + rk[i] = rk[j]; + rk[j] = temp; + temp = rk[i + 1]; + rk[i + 1] = rk[j + 1]; + rk[j + 1] = temp; + temp = rk[i + 2]; + rk[i + 2] = rk[j + 2]; + rk[j + 2] = temp; + temp = rk[i + 3]; + rk[i + 3] = rk[j + 3]; + rk[j + 3] = temp; + } + /* apply the inverse MixColumn transform to all round keys but the first and the last: */ + for (i = 1; i < (key->rounds); i++) { + rk += 4; + for (j = 0; j < 4; j++) { + u32 tp1, tp2, tp4, tp8, tp9, tpb, tpd, tpe, m; + + tp1 = rk[j]; + m = tp1 & 0x80808080; + tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^ + ((m - (m >> 7)) & 0x1b1b1b1b); + m = tp2 & 0x80808080; + tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^ + ((m - (m >> 7)) & 0x1b1b1b1b); + m = tp4 & 0x80808080; + tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^ + ((m - (m >> 7)) & 0x1b1b1b1b); + tp9 = tp8 ^ tp1; + tpb = tp9 ^ tp2; + tpd = tp9 ^ tp4; + tpe = tp8 ^ tp4 ^ tp2; +#if defined(ROTATE) + rk[j] = tpe ^ ROTATE(tpd, 16) ^ + ROTATE(tp9, 24) ^ ROTATE(tpb, 8); +#else + rk[j] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^ + (tp9 >> 8) ^ (tp9 << 24) ^ + (tpb >> 24) ^ (tpb << 8); +#endif + } + } + return 0; +} + +#endif /* AES_ASM */ diff --git a/src/lib/libcrypto/aes/aes_ctr.c b/src/lib/libcrypto/aes/aes_ctr.c index aea3db20927..607914599bd 100644 --- a/src/lib/libcrypto/aes/aes_ctr.c +++ b/src/lib/libcrypto/aes/aes_ctr.c @@ -1,4 +1,4 @@ -/* crypto/aes/aes_ctr.c -*- mode:C; c-file-style: "eay" -*- */ +/* $OpenBSD: aes_ctr.c,v 1.9 2014/06/12 15:49:27 deraadt Exp $ */ /* ==================================================================== * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * @@ -49,69 +49,14 @@ * */ -#include #include -#include "aes_locl.h" - -/* NOTE: CTR mode is big-endian. The rest of the AES code - * is endian-neutral. */ - -/* increment counter (128-bit int) by 2^64 */ -static void AES_ctr128_inc(unsigned char *counter) { - unsigned long c; - - /* Grab 3rd dword of counter and increment */ -#ifdef L_ENDIAN - c = GETU32(counter + 8); - c++; - PUTU32(counter + 8, c); -#else - c = GETU32(counter + 4); - c++; - PUTU32(counter + 4, c); -#endif - - /* if no overflow, we're done */ - if (c) - return; - - /* Grab top dword of counter and increment */ -#ifdef L_ENDIAN - c = GETU32(counter + 12); - c++; - PUTU32(counter + 12, c); -#else - c = GETU32(counter + 0); - c++; - PUTU32(counter + 0, c); -#endif - -} - -/* The input encrypted as though 128bit counter mode is being - * used. The extra state information to record how much of the - * 128bit block we have used is contained in *num; - */ -void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const AES_KEY *key, - unsigned char *counter, unsigned int *num) { - - unsigned int n; - unsigned long l=length; - unsigned char tmp[AES_BLOCK_SIZE]; - - assert(in && out && key && counter && num); - - n = *num; - - while (l--) { - if (n == 0) { - AES_encrypt(counter, tmp, key); - AES_ctr128_inc(counter); - } - *(out++) = *(in++) ^ tmp[n]; - n = (n+1) % AES_BLOCK_SIZE; - } - - *num=n; +#include + +void +AES_ctr128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, unsigned char ivec[AES_BLOCK_SIZE], + unsigned char ecount_buf[AES_BLOCK_SIZE], unsigned int *num) +{ + CRYPTO_ctr128_encrypt(in, out, length, key, ivec, ecount_buf, num, + (block128_f)AES_encrypt); } diff --git a/src/lib/libcrypto/aes/aes_ecb.c b/src/lib/libcrypto/aes/aes_ecb.c index 1cb2e07d3dd..b05e53994b2 100644 --- a/src/lib/libcrypto/aes/aes_ecb.c +++ b/src/lib/libcrypto/aes/aes_ecb.c @@ -1,4 +1,4 @@ -/* crypto/aes/aes_ecb.c -*- mode:C; c-file-style: "eay" -*- */ +/* $OpenBSD: aes_ecb.c,v 1.6 2015/02/10 09:46:30 miod Exp $ */ /* ==================================================================== * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * @@ -49,19 +49,21 @@ * */ -#include +#ifndef AES_DEBUG +# ifndef NDEBUG +# define NDEBUG +# endif +#endif + #include #include "aes_locl.h" -void AES_ecb_encrypt(const unsigned char *in, unsigned char *out, - const AES_KEY *key, const int enc) { - - assert(in && out && key); - assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc)); - +void +AES_ecb_encrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key, const int enc) +{ if (AES_ENCRYPT == enc) AES_encrypt(in, out, key); else AES_decrypt(in, out, key); } - diff --git a/src/lib/libcrypto/aes/aes_ige.c b/src/lib/libcrypto/aes/aes_ige.c new file mode 100644 index 00000000000..16ef5612eb7 --- /dev/null +++ b/src/lib/libcrypto/aes/aes_ige.c @@ -0,0 +1,194 @@ +/* $OpenBSD: aes_ige.c,v 1.7 2015/02/10 09:46:30 miod Exp $ */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ + +#include +#include + +#include "aes_locl.h" + +#define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long)) +typedef struct { + unsigned long data[N_WORDS]; +} aes_block_t; + +/* XXX: probably some better way to do this */ +#if defined(__i386__) || defined(__x86_64__) +#define UNALIGNED_MEMOPS_ARE_FAST 1 +#else +#define UNALIGNED_MEMOPS_ARE_FAST 0 +#endif + +#if UNALIGNED_MEMOPS_ARE_FAST +#define load_block(d, s) (d) = *(const aes_block_t *)(s) +#define store_block(d, s) *(aes_block_t *)(d) = (s) +#else +#define load_block(d, s) memcpy((d).data, (s), AES_BLOCK_SIZE) +#define store_block(d, s) memcpy((d), (s).data, AES_BLOCK_SIZE) +#endif + +/* N.B. The IV for this mode is _twice_ the block size */ + +void +AES_ige_encrypt(const unsigned char *in, unsigned char *out, size_t length, + const AES_KEY *key, unsigned char *ivec, const int enc) +{ + size_t n; + size_t len; + + OPENSSL_assert((length % AES_BLOCK_SIZE) == 0); + + len = length / AES_BLOCK_SIZE; + + if (AES_ENCRYPT == enc) { + if (in != out && (UNALIGNED_MEMOPS_ARE_FAST || + ((size_t)in|(size_t)out|(size_t)ivec) % + sizeof(long) == 0)) { + aes_block_t *ivp = (aes_block_t *)ivec; + aes_block_t *iv2p = (aes_block_t *)(ivec + AES_BLOCK_SIZE); + + while (len) { + aes_block_t *inp = (aes_block_t *)in; + aes_block_t *outp = (aes_block_t *)out; + + for (n = 0; n < N_WORDS; ++n) + outp->data[n] = inp->data[n] ^ ivp->data[n]; + AES_encrypt((unsigned char *)outp->data, (unsigned char *)outp->data, key); + for (n = 0; n < N_WORDS; ++n) + outp->data[n] ^= iv2p->data[n]; + ivp = outp; + iv2p = inp; + --len; + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; + } + memcpy(ivec, ivp->data, AES_BLOCK_SIZE); + memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE); + } else { + aes_block_t tmp, tmp2; + aes_block_t iv; + aes_block_t iv2; + + load_block(iv, ivec); + load_block(iv2, ivec + AES_BLOCK_SIZE); + + while (len) { + load_block(tmp, in); + for (n = 0; n < N_WORDS; ++n) + tmp2.data[n] = tmp.data[n] ^ iv.data[n]; + AES_encrypt((unsigned char *)tmp2.data, + (unsigned char *)tmp2.data, key); + for (n = 0; n < N_WORDS; ++n) + tmp2.data[n] ^= iv2.data[n]; + store_block(out, tmp2); + iv = tmp2; + iv2 = tmp; + --len; + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; + } + memcpy(ivec, iv.data, AES_BLOCK_SIZE); + memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE); + } + } else { + if (in != out && (UNALIGNED_MEMOPS_ARE_FAST || + ((size_t)in|(size_t)out|(size_t)ivec) % + sizeof(long) == 0)) { + aes_block_t *ivp = (aes_block_t *)ivec; + aes_block_t *iv2p = (aes_block_t *)(ivec + AES_BLOCK_SIZE); + + while (len) { + aes_block_t tmp; + aes_block_t *inp = (aes_block_t *)in; + aes_block_t *outp = (aes_block_t *)out; + + for (n = 0; n < N_WORDS; ++n) + tmp.data[n] = inp->data[n] ^ iv2p->data[n]; + AES_decrypt((unsigned char *)tmp.data, + (unsigned char *)outp->data, key); + for (n = 0; n < N_WORDS; ++n) + outp->data[n] ^= ivp->data[n]; + ivp = inp; + iv2p = outp; + --len; + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; + } + memcpy(ivec, ivp->data, AES_BLOCK_SIZE); + memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE); + } else { + aes_block_t tmp, tmp2; + aes_block_t iv; + aes_block_t iv2; + + load_block(iv, ivec); + load_block(iv2, ivec + AES_BLOCK_SIZE); + + while (len) { + load_block(tmp, in); + tmp2 = tmp; + for (n = 0; n < N_WORDS; ++n) + tmp.data[n] ^= iv2.data[n]; + AES_decrypt((unsigned char *)tmp.data, + (unsigned char *)tmp.data, key); + for (n = 0; n < N_WORDS; ++n) + tmp.data[n] ^= iv.data[n]; + store_block(out, tmp); + iv = tmp2; + iv2 = tmp; + --len; + in += AES_BLOCK_SIZE; + out += AES_BLOCK_SIZE; + } + memcpy(ivec, iv.data, AES_BLOCK_SIZE); + memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE); + } + } +} diff --git a/src/lib/libcrypto/aes/aes_locl.h b/src/lib/libcrypto/aes/aes_locl.h index 541d1d6e845..c47f65da62b 100644 --- a/src/lib/libcrypto/aes/aes_locl.h +++ b/src/lib/libcrypto/aes/aes_locl.h @@ -1,4 +1,4 @@ -/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */ +/* $OpenBSD: aes_locl.h,v 1.11 2016/12/21 15:49:29 jsing Exp $ */ /* ==================================================================== * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * @@ -52,7 +52,7 @@ #ifndef HEADER_AES_LOCL_H #define HEADER_AES_LOCL_H -#include +#include #ifdef OPENSSL_NO_AES #error AES is disabled. @@ -60,21 +60,14 @@ #include #include - -#if defined(__STDC__) || defined(OPENSSL_SYS_VMS) || defined(M_XENIX) || defined(OPENSSL_SYS_MSDOS) #include -#endif -#ifdef _MSC_VER -# define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00) -# define GETU32(p) SWAP(*((u32 *)(p))) -# define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); } -#else -# define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] << 8) ^ ((u32)(pt)[3])) -# define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >> 8); (ct)[3] = (u8)(st); } -#endif +__BEGIN_HIDDEN_DECLS -typedef unsigned long u32; +#define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] << 8) ^ ((u32)(pt)[3])) +#define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >> 8); (ct)[3] = (u8)(st); } + +typedef unsigned int u32; typedef unsigned short u16; typedef unsigned char u8; @@ -85,4 +78,6 @@ typedef unsigned char u8; /* This controls loop-unrolling in aes_core.c */ #undef FULL_UNROLL +__END_HIDDEN_DECLS + #endif /* !HEADER_AES_LOCL_H */ diff --git a/src/lib/libcrypto/aes/aes_misc.c b/src/lib/libcrypto/aes/aes_misc.c index 090def25d5a..6c1506dd799 100644 --- a/src/lib/libcrypto/aes/aes_misc.c +++ b/src/lib/libcrypto/aes/aes_misc.c @@ -1,4 +1,4 @@ -/* crypto/aes/aes_misc.c -*- mode:C; c-file-style: "eay" -*- */ +/* $OpenBSD: aes_misc.c,v 1.10 2014/07/09 11:10:50 bcook Exp $ */ /* ==================================================================== * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * @@ -50,15 +50,16 @@ */ #include +#include #include #include "aes_locl.h" -const char *AES_version="AES" OPENSSL_VERSION_PTEXT; - -const char *AES_options(void) { +const char * +AES_options(void) +{ #ifdef FULL_UNROLL - return "aes(full)"; + return "aes(full)"; #else - return "aes(partial)"; + return "aes(partial)"; #endif } diff --git a/src/lib/libcrypto/aes/aes_ofb.c b/src/lib/libcrypto/aes/aes_ofb.c index e33bdaea285..f8dc03a26e8 100644 --- a/src/lib/libcrypto/aes/aes_ofb.c +++ b/src/lib/libcrypto/aes/aes_ofb.c @@ -1,6 +1,6 @@ -/* crypto/aes/aes_ofb.c -*- mode:C; c-file-style: "eay" -*- */ +/* $OpenBSD: aes_ofb.c,v 1.6 2014/06/12 15:49:27 deraadt Exp $ */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 2002-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -48,89 +48,14 @@ * ==================================================================== * */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -#include #include -#include "aes_locl.h" - -/* The input and output encrypted as though 128bit ofb mode is being - * used. The extra state information to record how much of the - * 128bit block we have used is contained in *num; - */ -void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out, - const unsigned long length, const AES_KEY *key, - unsigned char *ivec, int *num) { - - unsigned int n; - unsigned long l=length; - - assert(in && out && key && ivec && num); - - n = *num; - - while (l--) { - if (n == 0) { - AES_encrypt(ivec, ivec, key); - } - *(out++) = *(in++) ^ ivec[n]; - n = (n+1) % AES_BLOCK_SIZE; - } +#include - *num=n; +void +AES_ofb128_encrypt(const unsigned char *in, unsigned char *out, size_t length, + const AES_KEY *key, unsigned char *ivec, int *num) +{ + CRYPTO_ofb128_encrypt(in, out, length, key, ivec, num, + (block128_f)AES_encrypt); } diff --git a/src/lib/libcrypto/aes/aes_wrap.c b/src/lib/libcrypto/aes/aes_wrap.c new file mode 100644 index 00000000000..b30630fe479 --- /dev/null +++ b/src/lib/libcrypto/aes/aes_wrap.c @@ -0,0 +1,133 @@ +/* $OpenBSD: aes_wrap.c,v 1.12 2018/11/07 18:31:16 tb Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include + +#include +#include + +static const unsigned char default_iv[] = { + 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, +}; + +int +AES_wrap_key(AES_KEY *key, const unsigned char *iv, unsigned char *out, + const unsigned char *in, unsigned int inlen) +{ + unsigned char *A, B[16], *R; + unsigned int i, j, t; + + if ((inlen & 0x7) || (inlen < 16)) + return -1; + A = B; + t = 1; + memmove(out + 8, in, inlen); + if (!iv) + iv = default_iv; + + memcpy(A, iv, 8); + + for (j = 0; j < 6; j++) { + R = out + 8; + for (i = 0; i < inlen; i += 8, t++, R += 8) { + memcpy(B + 8, R, 8); + AES_encrypt(B, B, key); + A[7] ^= (unsigned char)(t & 0xff); + if (t > 0xff) { + A[6] ^= (unsigned char)((t >> 8) & 0xff); + A[5] ^= (unsigned char)((t >> 16) & 0xff); + A[4] ^= (unsigned char)((t >> 24) & 0xff); + } + memcpy(R, B + 8, 8); + } + } + memcpy(out, A, 8); + return inlen + 8; +} + +int +AES_unwrap_key(AES_KEY *key, const unsigned char *iv, unsigned char *out, + const unsigned char *in, unsigned int inlen) +{ + unsigned char *A, B[16], *R; + unsigned int i, j, t; + + if ((inlen & 0x7) || (inlen < 24)) + return -1; + inlen -= 8; + A = B; + t = 6 * (inlen >> 3); + memcpy(A, in, 8); + memmove(out, in + 8, inlen); + for (j = 0; j < 6; j++) { + R = out + inlen - 8; + for (i = 0; i < inlen; i += 8, t--, R -= 8) { + A[7] ^= (unsigned char)(t & 0xff); + if (t > 0xff) { + A[6] ^= (unsigned char)((t >> 8) & 0xff); + A[5] ^= (unsigned char)((t >> 16) & 0xff); + A[4] ^= (unsigned char)((t >> 24) & 0xff); + } + memcpy(B + 8, R, 8); + AES_decrypt(B, B, key); + memcpy(R, B + 8, 8); + } + } + if (!iv) + iv = default_iv; + if (memcmp(A, iv, 8)) { + explicit_bzero(out, inlen); + return 0; + } + return inlen; +} diff --git a/src/lib/libcrypto/aes/aes_x86core.c b/src/lib/libcrypto/aes/aes_x86core.c new file mode 100644 index 00000000000..d0d12dc3ae7 --- /dev/null +++ b/src/lib/libcrypto/aes/aes_x86core.c @@ -0,0 +1,1081 @@ +/* $OpenBSD: aes_x86core.c,v 1.9 2018/04/03 21:59:37 tb Exp $ */ +/** + * rijndael-alg-fst.c + * + * @version 3.0 (December 2000) + * + * Optimised ANSI C code for the Rijndael cipher (now AES) + * + * @author Vincent Rijmen + * @author Antoon Bosselaers + * @author Paulo Barreto + * + * This code is hereby placed in the public domain. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE + * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, + * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * This is experimental x86[_64] derivative. It assumes little-endian + * byte order and expects CPU to sustain unaligned memory references. + * It is used as playground for cache-time attack mitigations and + * serves as reference C implementation for x86[_64] assembler. + * + * + */ + + +#ifndef AES_DEBUG +# ifndef NDEBUG +# define NDEBUG +# endif +#endif + +#include +#include +#include "aes_locl.h" + +/* + * These two parameters control which table, 256-byte or 2KB, is + * referenced in outer and respectively inner rounds. + */ +#define AES_COMPACT_IN_OUTER_ROUNDS +#ifdef AES_COMPACT_IN_OUTER_ROUNDS +/* AES_COMPACT_IN_OUTER_ROUNDS costs ~30% in performance, while + * adding AES_COMPACT_IN_INNER_ROUNDS reduces benchmark *further* + * by factor of ~2. */ +# undef AES_COMPACT_IN_INNER_ROUNDS +#endif + +#if 1 +static void +prefetch256(const void *table) +{ + volatile unsigned long *t = (void *)table, ret; + unsigned long sum; + int i; + + /* 32 is common least cache-line size */ + for (sum = 0, i = 0; i < 256/sizeof(t[0]); i += 32 / sizeof(t[0])) + sum ^= t[i]; + + ret = sum; +} +#else +# define prefetch256(t) +#endif + +#undef GETU32 +#define GETU32(p) (*((u32*)(p))) + +#if defined(_LP64) +typedef unsigned long u64; +#define U64(C) C##UL +#else +typedef unsigned long long u64; +#define U64(C) C##ULL +#endif + +#undef ROTATE +#if defined(__GNUC__) && __GNUC__>=2 +# if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) +# define ROTATE(a,n) ({ unsigned int ret; \ + asm ( \ + "roll %1,%0" \ + : "=r"(ret) \ + : "I"(n), "0"(a) \ + : "cc"); \ + ret; \ + }) +# endif +#endif +/* +Te [x] = S [x].[02, 01, 01, 03, 02, 01, 01, 03]; +Te0[x] = S [x].[02, 01, 01, 03]; +Te1[x] = S [x].[03, 02, 01, 01]; +Te2[x] = S [x].[01, 03, 02, 01]; +Te3[x] = S [x].[01, 01, 03, 02]; +*/ +#define Te0 (u32)((u64*)((u8*)Te+0)) +#define Te1 (u32)((u64*)((u8*)Te+3)) +#define Te2 (u32)((u64*)((u8*)Te+2)) +#define Te3 (u32)((u64*)((u8*)Te+1)) +/* +Td [x] = Si[x].[0e, 09, 0d, 0b, 0e, 09, 0d, 0b]; +Td0[x] = Si[x].[0e, 09, 0d, 0b]; +Td1[x] = Si[x].[0b, 0e, 09, 0d]; +Td2[x] = Si[x].[0d, 0b, 0e, 09]; +Td3[x] = Si[x].[09, 0d, 0b, 0e]; +Td4[x] = Si[x].[01]; +*/ +#define Td0 (u32)((u64*)((u8*)Td+0)) +#define Td1 (u32)((u64*)((u8*)Td+3)) +#define Td2 (u32)((u64*)((u8*)Td+2)) +#define Td3 (u32)((u64*)((u8*)Td+1)) + +static const u64 Te[256] = { + U64(0xa56363c6a56363c6), U64(0x847c7cf8847c7cf8), + U64(0x997777ee997777ee), U64(0x8d7b7bf68d7b7bf6), + U64(0x0df2f2ff0df2f2ff), U64(0xbd6b6bd6bd6b6bd6), + U64(0xb16f6fdeb16f6fde), U64(0x54c5c59154c5c591), + U64(0x5030306050303060), U64(0x0301010203010102), + U64(0xa96767cea96767ce), U64(0x7d2b2b567d2b2b56), + U64(0x19fefee719fefee7), U64(0x62d7d7b562d7d7b5), + U64(0xe6abab4de6abab4d), U64(0x9a7676ec9a7676ec), + U64(0x45caca8f45caca8f), U64(0x9d82821f9d82821f), + U64(0x40c9c98940c9c989), U64(0x877d7dfa877d7dfa), + U64(0x15fafaef15fafaef), U64(0xeb5959b2eb5959b2), + U64(0xc947478ec947478e), U64(0x0bf0f0fb0bf0f0fb), + U64(0xecadad41ecadad41), U64(0x67d4d4b367d4d4b3), + U64(0xfda2a25ffda2a25f), U64(0xeaafaf45eaafaf45), + U64(0xbf9c9c23bf9c9c23), U64(0xf7a4a453f7a4a453), + U64(0x967272e4967272e4), U64(0x5bc0c09b5bc0c09b), + U64(0xc2b7b775c2b7b775), U64(0x1cfdfde11cfdfde1), + U64(0xae93933dae93933d), U64(0x6a26264c6a26264c), + U64(0x5a36366c5a36366c), U64(0x413f3f7e413f3f7e), + U64(0x02f7f7f502f7f7f5), U64(0x4fcccc834fcccc83), + U64(0x5c3434685c343468), U64(0xf4a5a551f4a5a551), + U64(0x34e5e5d134e5e5d1), U64(0x08f1f1f908f1f1f9), + U64(0x937171e2937171e2), U64(0x73d8d8ab73d8d8ab), + U64(0x5331316253313162), U64(0x3f15152a3f15152a), + U64(0x0c0404080c040408), U64(0x52c7c79552c7c795), + U64(0x6523234665232346), U64(0x5ec3c39d5ec3c39d), + U64(0x2818183028181830), U64(0xa1969637a1969637), + U64(0x0f05050a0f05050a), U64(0xb59a9a2fb59a9a2f), + U64(0x0907070e0907070e), U64(0x3612122436121224), + U64(0x9b80801b9b80801b), U64(0x3de2e2df3de2e2df), + U64(0x26ebebcd26ebebcd), U64(0x6927274e6927274e), + U64(0xcdb2b27fcdb2b27f), U64(0x9f7575ea9f7575ea), + U64(0x1b0909121b090912), U64(0x9e83831d9e83831d), + U64(0x742c2c58742c2c58), U64(0x2e1a1a342e1a1a34), + U64(0x2d1b1b362d1b1b36), U64(0xb26e6edcb26e6edc), + U64(0xee5a5ab4ee5a5ab4), U64(0xfba0a05bfba0a05b), + U64(0xf65252a4f65252a4), U64(0x4d3b3b764d3b3b76), + U64(0x61d6d6b761d6d6b7), U64(0xceb3b37dceb3b37d), + U64(0x7b2929527b292952), U64(0x3ee3e3dd3ee3e3dd), + U64(0x712f2f5e712f2f5e), U64(0x9784841397848413), + U64(0xf55353a6f55353a6), U64(0x68d1d1b968d1d1b9), + U64(0x0000000000000000), U64(0x2cededc12cededc1), + U64(0x6020204060202040), U64(0x1ffcfce31ffcfce3), + U64(0xc8b1b179c8b1b179), U64(0xed5b5bb6ed5b5bb6), + U64(0xbe6a6ad4be6a6ad4), U64(0x46cbcb8d46cbcb8d), + U64(0xd9bebe67d9bebe67), U64(0x4b3939724b393972), + U64(0xde4a4a94de4a4a94), U64(0xd44c4c98d44c4c98), + U64(0xe85858b0e85858b0), U64(0x4acfcf854acfcf85), + U64(0x6bd0d0bb6bd0d0bb), U64(0x2aefefc52aefefc5), + U64(0xe5aaaa4fe5aaaa4f), U64(0x16fbfbed16fbfbed), + U64(0xc5434386c5434386), U64(0xd74d4d9ad74d4d9a), + U64(0x5533336655333366), U64(0x9485851194858511), + U64(0xcf45458acf45458a), U64(0x10f9f9e910f9f9e9), + U64(0x0602020406020204), U64(0x817f7ffe817f7ffe), + U64(0xf05050a0f05050a0), U64(0x443c3c78443c3c78), + U64(0xba9f9f25ba9f9f25), U64(0xe3a8a84be3a8a84b), + U64(0xf35151a2f35151a2), U64(0xfea3a35dfea3a35d), + U64(0xc0404080c0404080), U64(0x8a8f8f058a8f8f05), + U64(0xad92923fad92923f), U64(0xbc9d9d21bc9d9d21), + U64(0x4838387048383870), U64(0x04f5f5f104f5f5f1), + U64(0xdfbcbc63dfbcbc63), U64(0xc1b6b677c1b6b677), + U64(0x75dadaaf75dadaaf), U64(0x6321214263212142), + U64(0x3010102030101020), U64(0x1affffe51affffe5), + U64(0x0ef3f3fd0ef3f3fd), U64(0x6dd2d2bf6dd2d2bf), + U64(0x4ccdcd814ccdcd81), U64(0x140c0c18140c0c18), + U64(0x3513132635131326), U64(0x2fececc32fececc3), + U64(0xe15f5fbee15f5fbe), U64(0xa2979735a2979735), + U64(0xcc444488cc444488), U64(0x3917172e3917172e), + U64(0x57c4c49357c4c493), U64(0xf2a7a755f2a7a755), + U64(0x827e7efc827e7efc), U64(0x473d3d7a473d3d7a), + U64(0xac6464c8ac6464c8), U64(0xe75d5dbae75d5dba), + U64(0x2b1919322b191932), U64(0x957373e6957373e6), + U64(0xa06060c0a06060c0), U64(0x9881811998818119), + U64(0xd14f4f9ed14f4f9e), U64(0x7fdcdca37fdcdca3), + U64(0x6622224466222244), U64(0x7e2a2a547e2a2a54), + U64(0xab90903bab90903b), U64(0x8388880b8388880b), + U64(0xca46468cca46468c), U64(0x29eeeec729eeeec7), + U64(0xd3b8b86bd3b8b86b), U64(0x3c1414283c141428), + U64(0x79dedea779dedea7), U64(0xe25e5ebce25e5ebc), + U64(0x1d0b0b161d0b0b16), U64(0x76dbdbad76dbdbad), + U64(0x3be0e0db3be0e0db), U64(0x5632326456323264), + U64(0x4e3a3a744e3a3a74), U64(0x1e0a0a141e0a0a14), + U64(0xdb494992db494992), U64(0x0a06060c0a06060c), + U64(0x6c2424486c242448), U64(0xe45c5cb8e45c5cb8), + U64(0x5dc2c29f5dc2c29f), U64(0x6ed3d3bd6ed3d3bd), + U64(0xefacac43efacac43), U64(0xa66262c4a66262c4), + U64(0xa8919139a8919139), U64(0xa4959531a4959531), + U64(0x37e4e4d337e4e4d3), U64(0x8b7979f28b7979f2), + U64(0x32e7e7d532e7e7d5), U64(0x43c8c88b43c8c88b), + U64(0x5937376e5937376e), U64(0xb76d6ddab76d6dda), + U64(0x8c8d8d018c8d8d01), U64(0x64d5d5b164d5d5b1), + U64(0xd24e4e9cd24e4e9c), U64(0xe0a9a949e0a9a949), + U64(0xb46c6cd8b46c6cd8), U64(0xfa5656acfa5656ac), + U64(0x07f4f4f307f4f4f3), U64(0x25eaeacf25eaeacf), + U64(0xaf6565caaf6565ca), U64(0x8e7a7af48e7a7af4), + U64(0xe9aeae47e9aeae47), U64(0x1808081018080810), + U64(0xd5baba6fd5baba6f), U64(0x887878f0887878f0), + U64(0x6f25254a6f25254a), U64(0x722e2e5c722e2e5c), + U64(0x241c1c38241c1c38), U64(0xf1a6a657f1a6a657), + U64(0xc7b4b473c7b4b473), U64(0x51c6c69751c6c697), + U64(0x23e8e8cb23e8e8cb), U64(0x7cdddda17cdddda1), + U64(0x9c7474e89c7474e8), U64(0x211f1f3e211f1f3e), + U64(0xdd4b4b96dd4b4b96), U64(0xdcbdbd61dcbdbd61), + U64(0x868b8b0d868b8b0d), U64(0x858a8a0f858a8a0f), + U64(0x907070e0907070e0), U64(0x423e3e7c423e3e7c), + U64(0xc4b5b571c4b5b571), U64(0xaa6666ccaa6666cc), + U64(0xd8484890d8484890), U64(0x0503030605030306), + U64(0x01f6f6f701f6f6f7), U64(0x120e0e1c120e0e1c), + U64(0xa36161c2a36161c2), U64(0x5f35356a5f35356a), + U64(0xf95757aef95757ae), U64(0xd0b9b969d0b9b969), + U64(0x9186861791868617), U64(0x58c1c19958c1c199), + U64(0x271d1d3a271d1d3a), U64(0xb99e9e27b99e9e27), + U64(0x38e1e1d938e1e1d9), U64(0x13f8f8eb13f8f8eb), + U64(0xb398982bb398982b), U64(0x3311112233111122), + U64(0xbb6969d2bb6969d2), U64(0x70d9d9a970d9d9a9), + U64(0x898e8e07898e8e07), U64(0xa7949433a7949433), + U64(0xb69b9b2db69b9b2d), U64(0x221e1e3c221e1e3c), + U64(0x9287871592878715), U64(0x20e9e9c920e9e9c9), + U64(0x49cece8749cece87), U64(0xff5555aaff5555aa), + U64(0x7828285078282850), U64(0x7adfdfa57adfdfa5), + U64(0x8f8c8c038f8c8c03), U64(0xf8a1a159f8a1a159), + U64(0x8089890980898909), U64(0x170d0d1a170d0d1a), + U64(0xdabfbf65dabfbf65), U64(0x31e6e6d731e6e6d7), + U64(0xc6424284c6424284), U64(0xb86868d0b86868d0), + U64(0xc3414182c3414182), U64(0xb0999929b0999929), + U64(0x772d2d5a772d2d5a), U64(0x110f0f1e110f0f1e), + U64(0xcbb0b07bcbb0b07b), U64(0xfc5454a8fc5454a8), + U64(0xd6bbbb6dd6bbbb6d), U64(0x3a16162c3a16162c) +}; + +static const u8 Te4[256] = { + 0x63U, 0x7cU, 0x77U, 0x7bU, 0xf2U, 0x6bU, 0x6fU, 0xc5U, + 0x30U, 0x01U, 0x67U, 0x2bU, 0xfeU, 0xd7U, 0xabU, 0x76U, + 0xcaU, 0x82U, 0xc9U, 0x7dU, 0xfaU, 0x59U, 0x47U, 0xf0U, + 0xadU, 0xd4U, 0xa2U, 0xafU, 0x9cU, 0xa4U, 0x72U, 0xc0U, + 0xb7U, 0xfdU, 0x93U, 0x26U, 0x36U, 0x3fU, 0xf7U, 0xccU, + 0x34U, 0xa5U, 0xe5U, 0xf1U, 0x71U, 0xd8U, 0x31U, 0x15U, + 0x04U, 0xc7U, 0x23U, 0xc3U, 0x18U, 0x96U, 0x05U, 0x9aU, + 0x07U, 0x12U, 0x80U, 0xe2U, 0xebU, 0x27U, 0xb2U, 0x75U, + 0x09U, 0x83U, 0x2cU, 0x1aU, 0x1bU, 0x6eU, 0x5aU, 0xa0U, + 0x52U, 0x3bU, 0xd6U, 0xb3U, 0x29U, 0xe3U, 0x2fU, 0x84U, + 0x53U, 0xd1U, 0x00U, 0xedU, 0x20U, 0xfcU, 0xb1U, 0x5bU, + 0x6aU, 0xcbU, 0xbeU, 0x39U, 0x4aU, 0x4cU, 0x58U, 0xcfU, + 0xd0U, 0xefU, 0xaaU, 0xfbU, 0x43U, 0x4dU, 0x33U, 0x85U, + 0x45U, 0xf9U, 0x02U, 0x7fU, 0x50U, 0x3cU, 0x9fU, 0xa8U, + 0x51U, 0xa3U, 0x40U, 0x8fU, 0x92U, 0x9dU, 0x38U, 0xf5U, + 0xbcU, 0xb6U, 0xdaU, 0x21U, 0x10U, 0xffU, 0xf3U, 0xd2U, + 0xcdU, 0x0cU, 0x13U, 0xecU, 0x5fU, 0x97U, 0x44U, 0x17U, + 0xc4U, 0xa7U, 0x7eU, 0x3dU, 0x64U, 0x5dU, 0x19U, 0x73U, + 0x60U, 0x81U, 0x4fU, 0xdcU, 0x22U, 0x2aU, 0x90U, 0x88U, + 0x46U, 0xeeU, 0xb8U, 0x14U, 0xdeU, 0x5eU, 0x0bU, 0xdbU, + 0xe0U, 0x32U, 0x3aU, 0x0aU, 0x49U, 0x06U, 0x24U, 0x5cU, + 0xc2U, 0xd3U, 0xacU, 0x62U, 0x91U, 0x95U, 0xe4U, 0x79U, + 0xe7U, 0xc8U, 0x37U, 0x6dU, 0x8dU, 0xd5U, 0x4eU, 0xa9U, + 0x6cU, 0x56U, 0xf4U, 0xeaU, 0x65U, 0x7aU, 0xaeU, 0x08U, + 0xbaU, 0x78U, 0x25U, 0x2eU, 0x1cU, 0xa6U, 0xb4U, 0xc6U, + 0xe8U, 0xddU, 0x74U, 0x1fU, 0x4bU, 0xbdU, 0x8bU, 0x8aU, + 0x70U, 0x3eU, 0xb5U, 0x66U, 0x48U, 0x03U, 0xf6U, 0x0eU, + 0x61U, 0x35U, 0x57U, 0xb9U, 0x86U, 0xc1U, 0x1dU, 0x9eU, + 0xe1U, 0xf8U, 0x98U, 0x11U, 0x69U, 0xd9U, 0x8eU, 0x94U, + 0x9bU, 0x1eU, 0x87U, 0xe9U, 0xceU, 0x55U, 0x28U, 0xdfU, + 0x8cU, 0xa1U, 0x89U, 0x0dU, 0xbfU, 0xe6U, 0x42U, 0x68U, + 0x41U, 0x99U, 0x2dU, 0x0fU, 0xb0U, 0x54U, 0xbbU, 0x16U +}; + +static const u64 Td[256] = { + U64(0x50a7f45150a7f451), U64(0x5365417e5365417e), + U64(0xc3a4171ac3a4171a), U64(0x965e273a965e273a), + U64(0xcb6bab3bcb6bab3b), U64(0xf1459d1ff1459d1f), + U64(0xab58faacab58faac), U64(0x9303e34b9303e34b), + U64(0x55fa302055fa3020), U64(0xf66d76adf66d76ad), + U64(0x9176cc889176cc88), U64(0x254c02f5254c02f5), + U64(0xfcd7e54ffcd7e54f), U64(0xd7cb2ac5d7cb2ac5), + U64(0x8044352680443526), U64(0x8fa362b58fa362b5), + U64(0x495ab1de495ab1de), U64(0x671bba25671bba25), + U64(0x980eea45980eea45), U64(0xe1c0fe5de1c0fe5d), + U64(0x02752fc302752fc3), U64(0x12f04c8112f04c81), + U64(0xa397468da397468d), U64(0xc6f9d36bc6f9d36b), + U64(0xe75f8f03e75f8f03), U64(0x959c9215959c9215), + U64(0xeb7a6dbfeb7a6dbf), U64(0xda595295da595295), + U64(0x2d83bed42d83bed4), U64(0xd3217458d3217458), + U64(0x2969e0492969e049), U64(0x44c8c98e44c8c98e), + U64(0x6a89c2756a89c275), U64(0x78798ef478798ef4), + U64(0x6b3e58996b3e5899), U64(0xdd71b927dd71b927), + U64(0xb64fe1beb64fe1be), U64(0x17ad88f017ad88f0), + U64(0x66ac20c966ac20c9), U64(0xb43ace7db43ace7d), + U64(0x184adf63184adf63), U64(0x82311ae582311ae5), + U64(0x6033519760335197), U64(0x457f5362457f5362), + U64(0xe07764b1e07764b1), U64(0x84ae6bbb84ae6bbb), + U64(0x1ca081fe1ca081fe), U64(0x942b08f9942b08f9), + U64(0x5868487058684870), U64(0x19fd458f19fd458f), + U64(0x876cde94876cde94), U64(0xb7f87b52b7f87b52), + U64(0x23d373ab23d373ab), U64(0xe2024b72e2024b72), + U64(0x578f1fe3578f1fe3), U64(0x2aab55662aab5566), + U64(0x0728ebb20728ebb2), U64(0x03c2b52f03c2b52f), + U64(0x9a7bc5869a7bc586), U64(0xa50837d3a50837d3), + U64(0xf2872830f2872830), U64(0xb2a5bf23b2a5bf23), + U64(0xba6a0302ba6a0302), U64(0x5c8216ed5c8216ed), + U64(0x2b1ccf8a2b1ccf8a), U64(0x92b479a792b479a7), + U64(0xf0f207f3f0f207f3), U64(0xa1e2694ea1e2694e), + U64(0xcdf4da65cdf4da65), U64(0xd5be0506d5be0506), + U64(0x1f6234d11f6234d1), U64(0x8afea6c48afea6c4), + U64(0x9d532e349d532e34), U64(0xa055f3a2a055f3a2), + U64(0x32e18a0532e18a05), U64(0x75ebf6a475ebf6a4), + U64(0x39ec830b39ec830b), U64(0xaaef6040aaef6040), + U64(0x069f715e069f715e), U64(0x51106ebd51106ebd), + U64(0xf98a213ef98a213e), U64(0x3d06dd963d06dd96), + U64(0xae053eddae053edd), U64(0x46bde64d46bde64d), + U64(0xb58d5491b58d5491), U64(0x055dc471055dc471), + U64(0x6fd406046fd40604), U64(0xff155060ff155060), + U64(0x24fb981924fb9819), U64(0x97e9bdd697e9bdd6), + U64(0xcc434089cc434089), U64(0x779ed967779ed967), + U64(0xbd42e8b0bd42e8b0), U64(0x888b8907888b8907), + U64(0x385b19e7385b19e7), U64(0xdbeec879dbeec879), + U64(0x470a7ca1470a7ca1), U64(0xe90f427ce90f427c), + U64(0xc91e84f8c91e84f8), U64(0x0000000000000000), + U64(0x8386800983868009), U64(0x48ed2b3248ed2b32), + U64(0xac70111eac70111e), U64(0x4e725a6c4e725a6c), + U64(0xfbff0efdfbff0efd), U64(0x5638850f5638850f), + U64(0x1ed5ae3d1ed5ae3d), U64(0x27392d3627392d36), + U64(0x64d90f0a64d90f0a), U64(0x21a65c6821a65c68), + U64(0xd1545b9bd1545b9b), U64(0x3a2e36243a2e3624), + U64(0xb1670a0cb1670a0c), U64(0x0fe757930fe75793), + U64(0xd296eeb4d296eeb4), U64(0x9e919b1b9e919b1b), + U64(0x4fc5c0804fc5c080), U64(0xa220dc61a220dc61), + U64(0x694b775a694b775a), U64(0x161a121c161a121c), + U64(0x0aba93e20aba93e2), U64(0xe52aa0c0e52aa0c0), + U64(0x43e0223c43e0223c), U64(0x1d171b121d171b12), + U64(0x0b0d090e0b0d090e), U64(0xadc78bf2adc78bf2), + U64(0xb9a8b62db9a8b62d), U64(0xc8a91e14c8a91e14), + U64(0x8519f1578519f157), U64(0x4c0775af4c0775af), + U64(0xbbdd99eebbdd99ee), U64(0xfd607fa3fd607fa3), + U64(0x9f2601f79f2601f7), U64(0xbcf5725cbcf5725c), + U64(0xc53b6644c53b6644), U64(0x347efb5b347efb5b), + U64(0x7629438b7629438b), U64(0xdcc623cbdcc623cb), + U64(0x68fcedb668fcedb6), U64(0x63f1e4b863f1e4b8), + U64(0xcadc31d7cadc31d7), U64(0x1085634210856342), + U64(0x4022971340229713), U64(0x2011c6842011c684), + U64(0x7d244a857d244a85), U64(0xf83dbbd2f83dbbd2), + U64(0x1132f9ae1132f9ae), U64(0x6da129c76da129c7), + U64(0x4b2f9e1d4b2f9e1d), U64(0xf330b2dcf330b2dc), + U64(0xec52860dec52860d), U64(0xd0e3c177d0e3c177), + U64(0x6c16b32b6c16b32b), U64(0x99b970a999b970a9), + U64(0xfa489411fa489411), U64(0x2264e9472264e947), + U64(0xc48cfca8c48cfca8), U64(0x1a3ff0a01a3ff0a0), + U64(0xd82c7d56d82c7d56), U64(0xef903322ef903322), + U64(0xc74e4987c74e4987), U64(0xc1d138d9c1d138d9), + U64(0xfea2ca8cfea2ca8c), U64(0x360bd498360bd498), + U64(0xcf81f5a6cf81f5a6), U64(0x28de7aa528de7aa5), + U64(0x268eb7da268eb7da), U64(0xa4bfad3fa4bfad3f), + U64(0xe49d3a2ce49d3a2c), U64(0x0d9278500d927850), + U64(0x9bcc5f6a9bcc5f6a), U64(0x62467e5462467e54), + U64(0xc2138df6c2138df6), U64(0xe8b8d890e8b8d890), + U64(0x5ef7392e5ef7392e), U64(0xf5afc382f5afc382), + U64(0xbe805d9fbe805d9f), U64(0x7c93d0697c93d069), + U64(0xa92dd56fa92dd56f), U64(0xb31225cfb31225cf), + U64(0x3b99acc83b99acc8), U64(0xa77d1810a77d1810), + U64(0x6e639ce86e639ce8), U64(0x7bbb3bdb7bbb3bdb), + U64(0x097826cd097826cd), U64(0xf418596ef418596e), + U64(0x01b79aec01b79aec), U64(0xa89a4f83a89a4f83), + U64(0x656e95e6656e95e6), U64(0x7ee6ffaa7ee6ffaa), + U64(0x08cfbc2108cfbc21), U64(0xe6e815efe6e815ef), + U64(0xd99be7bad99be7ba), U64(0xce366f4ace366f4a), + U64(0xd4099fead4099fea), U64(0xd67cb029d67cb029), + U64(0xafb2a431afb2a431), U64(0x31233f2a31233f2a), + U64(0x3094a5c63094a5c6), U64(0xc066a235c066a235), + U64(0x37bc4e7437bc4e74), U64(0xa6ca82fca6ca82fc), + U64(0xb0d090e0b0d090e0), U64(0x15d8a73315d8a733), + U64(0x4a9804f14a9804f1), U64(0xf7daec41f7daec41), + U64(0x0e50cd7f0e50cd7f), U64(0x2ff691172ff69117), + U64(0x8dd64d768dd64d76), U64(0x4db0ef434db0ef43), + U64(0x544daacc544daacc), U64(0xdf0496e4df0496e4), + U64(0xe3b5d19ee3b5d19e), U64(0x1b886a4c1b886a4c), + U64(0xb81f2cc1b81f2cc1), U64(0x7f5165467f516546), + U64(0x04ea5e9d04ea5e9d), U64(0x5d358c015d358c01), + U64(0x737487fa737487fa), U64(0x2e410bfb2e410bfb), + U64(0x5a1d67b35a1d67b3), U64(0x52d2db9252d2db92), + U64(0x335610e9335610e9), U64(0x1347d66d1347d66d), + U64(0x8c61d79a8c61d79a), U64(0x7a0ca1377a0ca137), + U64(0x8e14f8598e14f859), U64(0x893c13eb893c13eb), + U64(0xee27a9ceee27a9ce), U64(0x35c961b735c961b7), + U64(0xede51ce1ede51ce1), U64(0x3cb1477a3cb1477a), + U64(0x59dfd29c59dfd29c), U64(0x3f73f2553f73f255), + U64(0x79ce141879ce1418), U64(0xbf37c773bf37c773), + U64(0xeacdf753eacdf753), U64(0x5baafd5f5baafd5f), + U64(0x146f3ddf146f3ddf), U64(0x86db447886db4478), + U64(0x81f3afca81f3afca), U64(0x3ec468b93ec468b9), + U64(0x2c3424382c342438), U64(0x5f40a3c25f40a3c2), + U64(0x72c31d1672c31d16), U64(0x0c25e2bc0c25e2bc), + U64(0x8b493c288b493c28), U64(0x41950dff41950dff), + U64(0x7101a8397101a839), U64(0xdeb30c08deb30c08), + U64(0x9ce4b4d89ce4b4d8), U64(0x90c1566490c15664), + U64(0x6184cb7b6184cb7b), U64(0x70b632d570b632d5), + U64(0x745c6c48745c6c48), U64(0x4257b8d04257b8d0) +}; +static const u8 Td4[256] = { + 0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U, + 0xbfU, 0x40U, 0xa3U, 0x9eU, 0x81U, 0xf3U, 0xd7U, 0xfbU, + 0x7cU, 0xe3U, 0x39U, 0x82U, 0x9bU, 0x2fU, 0xffU, 0x87U, + 0x34U, 0x8eU, 0x43U, 0x44U, 0xc4U, 0xdeU, 0xe9U, 0xcbU, + 0x54U, 0x7bU, 0x94U, 0x32U, 0xa6U, 0xc2U, 0x23U, 0x3dU, + 0xeeU, 0x4cU, 0x95U, 0x0bU, 0x42U, 0xfaU, 0xc3U, 0x4eU, + 0x08U, 0x2eU, 0xa1U, 0x66U, 0x28U, 0xd9U, 0x24U, 0xb2U, + 0x76U, 0x5bU, 0xa2U, 0x49U, 0x6dU, 0x8bU, 0xd1U, 0x25U, + 0x72U, 0xf8U, 0xf6U, 0x64U, 0x86U, 0x68U, 0x98U, 0x16U, + 0xd4U, 0xa4U, 0x5cU, 0xccU, 0x5dU, 0x65U, 0xb6U, 0x92U, + 0x6cU, 0x70U, 0x48U, 0x50U, 0xfdU, 0xedU, 0xb9U, 0xdaU, + 0x5eU, 0x15U, 0x46U, 0x57U, 0xa7U, 0x8dU, 0x9dU, 0x84U, + 0x90U, 0xd8U, 0xabU, 0x00U, 0x8cU, 0xbcU, 0xd3U, 0x0aU, + 0xf7U, 0xe4U, 0x58U, 0x05U, 0xb8U, 0xb3U, 0x45U, 0x06U, + 0xd0U, 0x2cU, 0x1eU, 0x8fU, 0xcaU, 0x3fU, 0x0fU, 0x02U, + 0xc1U, 0xafU, 0xbdU, 0x03U, 0x01U, 0x13U, 0x8aU, 0x6bU, + 0x3aU, 0x91U, 0x11U, 0x41U, 0x4fU, 0x67U, 0xdcU, 0xeaU, + 0x97U, 0xf2U, 0xcfU, 0xceU, 0xf0U, 0xb4U, 0xe6U, 0x73U, + 0x96U, 0xacU, 0x74U, 0x22U, 0xe7U, 0xadU, 0x35U, 0x85U, + 0xe2U, 0xf9U, 0x37U, 0xe8U, 0x1cU, 0x75U, 0xdfU, 0x6eU, + 0x47U, 0xf1U, 0x1aU, 0x71U, 0x1dU, 0x29U, 0xc5U, 0x89U, + 0x6fU, 0xb7U, 0x62U, 0x0eU, 0xaaU, 0x18U, 0xbeU, 0x1bU, + 0xfcU, 0x56U, 0x3eU, 0x4bU, 0xc6U, 0xd2U, 0x79U, 0x20U, + 0x9aU, 0xdbU, 0xc0U, 0xfeU, 0x78U, 0xcdU, 0x5aU, 0xf4U, + 0x1fU, 0xddU, 0xa8U, 0x33U, 0x88U, 0x07U, 0xc7U, 0x31U, + 0xb1U, 0x12U, 0x10U, 0x59U, 0x27U, 0x80U, 0xecU, 0x5fU, + 0x60U, 0x51U, 0x7fU, 0xa9U, 0x19U, 0xb5U, 0x4aU, 0x0dU, + 0x2dU, 0xe5U, 0x7aU, 0x9fU, 0x93U, 0xc9U, 0x9cU, 0xefU, + 0xa0U, 0xe0U, 0x3bU, 0x4dU, 0xaeU, 0x2aU, 0xf5U, 0xb0U, + 0xc8U, 0xebU, 0xbbU, 0x3cU, 0x83U, 0x53U, 0x99U, 0x61U, + 0x17U, 0x2bU, 0x04U, 0x7eU, 0xbaU, 0x77U, 0xd6U, 0x26U, + 0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU +}; + +static const u32 rcon[] = { + 0x00000001U, 0x00000002U, 0x00000004U, 0x00000008U, + 0x00000010U, 0x00000020U, 0x00000040U, 0x00000080U, + 0x0000001bU, 0x00000036U, + /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */ +}; + +/** + * Expand the cipher key into the encryption key schedule. + */ +int +AES_set_encrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key) +{ + u32 *rk; + int i = 0; + u32 temp; + + if (!userKey || !key) + return -1; + if (bits != 128 && bits != 192 && bits != 256) + return -2; + + rk = key->rd_key; + + if (bits == 128) + key->rounds = 10; + else if (bits == 192) + key->rounds = 12; + else + key->rounds = 14; + + rk[0] = GETU32(userKey); + rk[1] = GETU32(userKey + 4); + rk[2] = GETU32(userKey + 8); + rk[3] = GETU32(userKey + 12); + if (bits == 128) { + while (1) { + temp = rk[3]; + rk[4] = rk[0] ^ + (Te4[(temp >> 8) & 0xff]) ^ + (Te4[(temp >> 16) & 0xff] << 8) ^ + (Te4[(temp >> 24)] << 16) ^ + (Te4[(temp) & 0xff] << 24) ^ + rcon[i]; + rk[5] = rk[1] ^ rk[4]; + rk[6] = rk[2] ^ rk[5]; + rk[7] = rk[3] ^ rk[6]; + if (++i == 10) { + return 0; + } + rk += 4; + } + } + rk[4] = GETU32(userKey + 16); + rk[5] = GETU32(userKey + 20); + if (bits == 192) { + while (1) { + temp = rk[5]; + rk[6] = rk[ 0] ^ + (Te4[(temp >> 8) & 0xff]) ^ + (Te4[(temp >> 16) & 0xff] << 8) ^ + (Te4[(temp >> 24)] << 16) ^ + (Te4[(temp) & 0xff] << 24) ^ + rcon[i]; + rk[7] = rk[1] ^ rk[6]; + rk[8] = rk[2] ^ rk[7]; + rk[9] = rk[3] ^ rk[8]; + if (++i == 8) { + return 0; + } + rk[10] = rk[4] ^ rk[9]; + rk[11] = rk[5] ^ rk[10]; + rk += 6; + } + } + rk[6] = GETU32(userKey + 24); + rk[7] = GETU32(userKey + 28); + if (bits == 256) { + while (1) { + temp = rk[7]; + rk[8] = rk[0] ^ + (Te4[(temp >> 8) & 0xff]) ^ + (Te4[(temp >> 16) & 0xff] << 8) ^ + (Te4[(temp >> 24)] << 16) ^ + (Te4[(temp) & 0xff] << 24) ^ + rcon[i]; + rk[9] = rk[1] ^ rk[8]; + rk[10] = rk[2] ^ rk[9]; + rk[11] = rk[3] ^ rk[10]; + if (++i == 7) { + return 0; + } + temp = rk[11]; + rk[12] = rk[4] ^ + (Te4[(temp) & 0xff]) ^ + (Te4[(temp >> 8) & 0xff] << 8) ^ + (Te4[(temp >> 16) & 0xff] << 16) ^ + (Te4[(temp >> 24)] << 24); + rk[13] = rk[5] ^ rk[12]; + rk[14] = rk[6] ^ rk[13]; + rk[15] = rk[7] ^ rk[14]; + + rk += 8; + } + } + return 0; +} + +/** + * Expand the cipher key into the decryption key schedule. + */ +int +AES_set_decrypt_key(const unsigned char *userKey, const int bits, AES_KEY *key) +{ + u32 *rk; + int i, j, status; + u32 temp; + + /* first, start with an encryption schedule */ + status = AES_set_encrypt_key(userKey, bits, key); + if (status < 0) + return status; + + rk = key->rd_key; + + /* invert the order of the round keys: */ + for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) { + temp = rk[i]; + rk[i] = rk[j]; + rk[j] = temp; + temp = rk[i + 1]; + rk[i + 1] = rk[j + 1]; + rk[j + 1] = temp; + temp = rk[i + 2]; + rk[i + 2] = rk[j + 2]; + rk[j + 2] = temp; + temp = rk[i + 3]; + rk[i + 3] = rk[j + 3]; + rk[j + 3] = temp; + } + /* apply the inverse MixColumn transform to all round keys but the first and the last: */ + for (i = 1; i < (key->rounds); i++) { + rk += 4; +#if 1 + for (j = 0; j < 4; j++) { + u32 tp1, tp2, tp4, tp8, tp9, tpb, tpd, tpe, m; + + tp1 = rk[j]; + m = tp1 & 0x80808080; + tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^ + ((m - (m >> 7)) & 0x1b1b1b1b); + m = tp2 & 0x80808080; + tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^ + ((m - (m >> 7)) & 0x1b1b1b1b); + m = tp4 & 0x80808080; + tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^ + ((m - (m >> 7)) & 0x1b1b1b1b); + tp9 = tp8 ^ tp1; + tpb = tp9 ^ tp2; + tpd = tp9 ^ tp4; + tpe = tp8 ^ tp4 ^ tp2; +#if defined(ROTATE) + rk[j] = tpe ^ ROTATE(tpd, 16) ^ + ROTATE(tp9, 8) ^ ROTATE(tpb, 24); +#else + rk[j] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^ + (tp9 >> 24) ^ (tp9 << 8) ^ + (tpb >> 8) ^ (tpb << 24); +#endif + } +#else + rk[0] = + Td0[Te2[(rk[0]) & 0xff] & 0xff] ^ + Td1[Te2[(rk[0] >> 8) & 0xff] & 0xff] ^ + Td2[Te2[(rk[0] >> 16) & 0xff] & 0xff] ^ + Td3[Te2[(rk[0] >> 24)] & 0xff]; + rk[1] = + Td0[Te2[(rk[1]) & 0xff] & 0xff] ^ + Td1[Te2[(rk[1] >> 8) & 0xff] & 0xff] ^ + Td2[Te2[(rk[1] >> 16) & 0xff] & 0xff] ^ + Td3[Te2[(rk[1] >> 24)] & 0xff]; + rk[2] = + Td0[Te2[(rk[2]) & 0xff] & 0xff] ^ + Td1[Te2[(rk[2] >> 8) & 0xff] & 0xff] ^ + Td2[Te2[(rk[2] >> 16) & 0xff] & 0xff] ^ + Td3[Te2[(rk[2] >> 24)] & 0xff]; + rk[3] = + Td0[Te2[(rk[3]) & 0xff] & 0xff] ^ + Td1[Te2[(rk[3] >> 8) & 0xff] & 0xff] ^ + Td2[Te2[(rk[3] >> 16) & 0xff] & 0xff] ^ + Td3[Te2[(rk[3] >> 24)] & 0xff]; +#endif + } + return 0; +} + +/* + * Encrypt a single block + * in and out can overlap + */ +void +AES_encrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key) +{ + const u32 *rk; + u32 s0, s1, s2, s3, t[4]; + int r; + + rk = key->rd_key; + + /* + * map byte array block to cipher state + * and add initial round key: + */ + s0 = GETU32(in) ^ rk[0]; + s1 = GETU32(in + 4) ^ rk[1]; + s2 = GETU32(in + 8) ^ rk[2]; + s3 = GETU32(in + 12) ^ rk[3]; + +#if defined(AES_COMPACT_IN_OUTER_ROUNDS) + prefetch256(Te4); + + t[0] = Te4[(s0) & 0xff] ^ + Te4[(s1 >> 8) & 0xff] << 8 ^ + Te4[(s2 >> 16) & 0xff] << 16 ^ + Te4[(s3 >> 24)] << 24; + t[1] = Te4[(s1) & 0xff] ^ + Te4[(s2 >> 8) & 0xff] << 8 ^ + Te4[(s3 >> 16) & 0xff] << 16 ^ + Te4[(s0 >> 24)] << 24; + t[2] = Te4[(s2) & 0xff] ^ + Te4[(s3 >> 8) & 0xff] << 8 ^ + Te4[(s0 >> 16) & 0xff] << 16 ^ + Te4[(s1 >> 24)] << 24; + t[3] = Te4[(s3) & 0xff] ^ + Te4[(s0 >> 8) & 0xff] << 8 ^ + Te4[(s1 >> 16) & 0xff] << 16 ^ + Te4[(s2 >> 24)] << 24; + + /* now do the linear transform using words */ + { + int i; + u32 r0, r1, r2; + + for (i = 0; i < 4; i++) { + r0 = t[i]; + r1 = r0 & 0x80808080; + r2 = ((r0 & 0x7f7f7f7f) << 1) ^ + ((r1 - (r1 >> 7)) & 0x1b1b1b1b); +#if defined(ROTATE) + t[i] = r2 ^ ROTATE(r2, 24) ^ ROTATE(r0, 24) ^ + ROTATE(r0, 16) ^ ROTATE(r0, 8); +#else + t[i] = r2 ^ ((r2 ^ r0) << 24) ^ ((r2 ^ r0) >> 8) ^ + (r0 << 16) ^ (r0 >> 16) ^ (r0 << 8) ^ (r0 >> 24); +#endif + t[i] ^= rk[4 + i]; + } + } +#else + t[0] = Te0[(s0) & 0xff] ^ + Te1[(s1 >> 8) & 0xff] ^ + Te2[(s2 >> 16) & 0xff] ^ + Te3[(s3 >> 24)] ^ + rk[4]; + t[1] = Te0[(s1) & 0xff] ^ + Te1[(s2 >> 8) & 0xff] ^ + Te2[(s3 >> 16) & 0xff] ^ + Te3[(s0 >> 24)] ^ + rk[5]; + t[2] = Te0[(s2) & 0xff] ^ + Te1[(s3 >> 8) & 0xff] ^ + Te2[(s0 >> 16) & 0xff] ^ + Te3[(s1 >> 24)] ^ + rk[6]; + t[3] = Te0[(s3) & 0xff] ^ + Te1[(s0 >> 8) & 0xff] ^ + Te2[(s1 >> 16) & 0xff] ^ + Te3[(s2 >> 24)] ^ + rk[7]; +#endif + s0 = t[0]; + s1 = t[1]; + s2 = t[2]; + s3 = t[3]; + + /* + * Nr - 2 full rounds: + */ + for (rk += 8, r = key->rounds - 2; r > 0; rk += 4, r--) { +#if defined(AES_COMPACT_IN_INNER_ROUNDS) + t[0] = Te4[(s0) & 0xff] ^ + Te4[(s1 >> 8) & 0xff] << 8 ^ + Te4[(s2 >> 16) & 0xff] << 16 ^ + Te4[(s3 >> 24)] << 24; + t[1] = Te4[(s1) & 0xff] ^ + Te4[(s2 >> 8) & 0xff] << 8 ^ + Te4[(s3 >> 16) & 0xff] << 16 ^ + Te4[(s0 >> 24)] << 24; + t[2] = Te4[(s2) & 0xff] ^ + Te4[(s3 >> 8) & 0xff] << 8 ^ + Te4[(s0 >> 16) & 0xff] << 16 ^ + Te4[(s1 >> 24)] << 24; + t[3] = Te4[(s3) & 0xff] ^ + Te4[(s0 >> 8) & 0xff] << 8 ^ + Te4[(s1 >> 16) & 0xff] << 16 ^ + Te4[(s2 >> 24)] << 24; + + /* now do the linear transform using words */ + { + int i; + u32 r0, r1, r2; + + for (i = 0; i < 4; i++) { + r0 = t[i]; + r1 = r0 & 0x80808080; + r2 = ((r0 & 0x7f7f7f7f) << 1) ^ + ((r1 - (r1 >> 7)) & 0x1b1b1b1b); +#if defined(ROTATE) + t[i] = r2 ^ ROTATE(r2, 24) ^ ROTATE(r0, 24) ^ + ROTATE(r0, 16) ^ ROTATE(r0, 8); +#else + t[i] = r2 ^ ((r2 ^ r0) << 24) ^ + ((r2 ^ r0) >> 8) ^ + (r0 << 16) ^ (r0 >> 16) ^ + (r0 << 8) ^ (r0 >> 24); +#endif + t[i] ^= rk[i]; + } + } +#else + t[0] = Te0[(s0) & 0xff] ^ + Te1[(s1 >> 8) & 0xff] ^ + Te2[(s2 >> 16) & 0xff] ^ + Te3[(s3 >> 24)] ^ + rk[0]; + t[1] = Te0[(s1) & 0xff] ^ + Te1[(s2 >> 8) & 0xff] ^ + Te2[(s3 >> 16) & 0xff] ^ + Te3[(s0 >> 24)] ^ + rk[1]; + t[2] = Te0[(s2) & 0xff] ^ + Te1[(s3 >> 8) & 0xff] ^ + Te2[(s0 >> 16) & 0xff] ^ + Te3[(s1 >> 24)] ^ + rk[2]; + t[3] = Te0[(s3) & 0xff] ^ + Te1[(s0 >> 8) & 0xff] ^ + Te2[(s1 >> 16) & 0xff] ^ + Te3[(s2 >> 24)] ^ + rk[3]; +#endif + s0 = t[0]; + s1 = t[1]; + s2 = t[2]; + s3 = t[3]; + } + /* + * apply last round and + * map cipher state to byte array block: + */ +#if defined(AES_COMPACT_IN_OUTER_ROUNDS) + prefetch256(Te4); + + *(u32*)(out + 0) = + Te4[(s0) & 0xff] ^ + Te4[(s1 >> 8) & 0xff] << 8 ^ + Te4[(s2 >> 16) & 0xff] << 16 ^ + Te4[(s3 >> 24)] << 24 ^ + rk[0]; + *(u32*)(out + 4) = + Te4[(s1) & 0xff] ^ + Te4[(s2 >> 8) & 0xff] << 8 ^ + Te4[(s3 >> 16) & 0xff] << 16 ^ + Te4[(s0 >> 24)] << 24 ^ + rk[1]; + *(u32*)(out + 8) = + Te4[(s2) & 0xff] ^ + Te4[(s3 >> 8) & 0xff] << 8 ^ + Te4[(s0 >> 16) & 0xff] << 16 ^ + Te4[(s1 >> 24)] << 24 ^ + rk[2]; + *(u32*)(out + 12) = + Te4[(s3) & 0xff] ^ + Te4[(s0 >> 8) & 0xff] << 8 ^ + Te4[(s1 >> 16) & 0xff] << 16 ^ + Te4[(s2 >> 24)] << 24 ^ + rk[3]; +#else + *(u32*)(out + 0) = + (Te2[(s0) & 0xff] & 0x000000ffU) ^ + (Te3[(s1 >> 8) & 0xff] & 0x0000ff00U) ^ + (Te0[(s2 >> 16) & 0xff] & 0x00ff0000U) ^ + (Te1[(s3 >> 24)] & 0xff000000U) ^ + rk[0]; + *(u32*)(out + 4) = + (Te2[(s1) & 0xff] & 0x000000ffU) ^ + (Te3[(s2 >> 8) & 0xff] & 0x0000ff00U) ^ + (Te0[(s3 >> 16) & 0xff] & 0x00ff0000U) ^ + (Te1[(s0 >> 24)] & 0xff000000U) ^ + rk[1]; + *(u32*)(out + 8) = + (Te2[(s2) & 0xff] & 0x000000ffU) ^ + (Te3[(s3 >> 8) & 0xff] & 0x0000ff00U) ^ + (Te0[(s0 >> 16) & 0xff] & 0x00ff0000U) ^ + (Te1[(s1 >> 24)] & 0xff000000U) ^ + rk[2]; + *(u32*)(out + 12) = + (Te2[(s3) & 0xff] & 0x000000ffU) ^ + (Te3[(s0 >> 8) & 0xff] & 0x0000ff00U) ^ + (Te0[(s1 >> 16) & 0xff] & 0x00ff0000U) ^ + (Te1[(s2 >> 24)] & 0xff000000U) ^ + rk[3]; +#endif +} + +/* + * Decrypt a single block + * in and out can overlap + */ +void +AES_decrypt(const unsigned char *in, unsigned char *out, const AES_KEY *key) +{ + const u32 *rk; + u32 s0, s1, s2, s3, t[4]; + int r; + + rk = key->rd_key; + + /* + * map byte array block to cipher state + * and add initial round key: + */ + s0 = GETU32(in) ^ rk[0]; + s1 = GETU32(in + 4) ^ rk[1]; + s2 = GETU32(in + 8) ^ rk[2]; + s3 = GETU32(in + 12) ^ rk[3]; + +#if defined(AES_COMPACT_IN_OUTER_ROUNDS) + prefetch256(Td4); + + t[0] = Td4[(s0) & 0xff] ^ + Td4[(s3 >> 8) & 0xff] << 8 ^ + Td4[(s2 >> 16) & 0xff] << 16 ^ + Td4[(s1 >> 24)] << 24; + t[1] = Td4[(s1) & 0xff] ^ + Td4[(s0 >> 8) & 0xff] << 8 ^ + Td4[(s3 >> 16) & 0xff] << 16 ^ + Td4[(s2 >> 24)] << 24; + t[2] = Td4[(s2) & 0xff] ^ + Td4[(s1 >> 8) & 0xff] << 8 ^ + Td4[(s0 >> 16) & 0xff] << 16 ^ + Td4[(s3 >> 24)] << 24; + t[3] = Td4[(s3) & 0xff] ^ + Td4[(s2 >> 8) & 0xff] << 8 ^ + Td4[(s1 >> 16) & 0xff] << 16 ^ + Td4[(s0 >> 24)] << 24; + + /* now do the linear transform using words */ + { + int i; + u32 tp1, tp2, tp4, tp8, tp9, tpb, tpd, tpe, m; + + for (i = 0; i < 4; i++) { + tp1 = t[i]; + m = tp1 & 0x80808080; + tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^ + ((m - (m >> 7)) & 0x1b1b1b1b); + m = tp2 & 0x80808080; + tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^ + ((m - (m >> 7)) & 0x1b1b1b1b); + m = tp4 & 0x80808080; + tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^ + ((m - (m >> 7)) & 0x1b1b1b1b); + tp9 = tp8 ^ tp1; + tpb = tp9 ^ tp2; + tpd = tp9 ^ tp4; + tpe = tp8 ^ tp4 ^ tp2; +#if defined(ROTATE) + t[i] = tpe ^ ROTATE(tpd, 16) ^ + ROTATE(tp9, 8) ^ ROTATE(tpb, 24); +#else + t[i] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^ + (tp9 >> 24) ^ (tp9 << 8) ^ (tpb >> 8) ^ (tpb << 24); +#endif + t[i] ^= rk[4 + i]; + } + } +#else + t[0] = Td0[(s0) & 0xff] ^ + Td1[(s3 >> 8) & 0xff] ^ + Td2[(s2 >> 16) & 0xff] ^ + Td3[(s1 >> 24)] ^ + rk[4]; + t[1] = Td0[(s1) & 0xff] ^ + Td1[(s0 >> 8) & 0xff] ^ + Td2[(s3 >> 16) & 0xff] ^ + Td3[(s2 >> 24)] ^ + rk[5]; + t[2] = Td0[(s2) & 0xff] ^ + Td1[(s1 >> 8) & 0xff] ^ + Td2[(s0 >> 16) & 0xff] ^ + Td3[(s3 >> 24)] ^ + rk[6]; + t[3] = Td0[(s3) & 0xff] ^ + Td1[(s2 >> 8) & 0xff] ^ + Td2[(s1 >> 16) & 0xff] ^ + Td3[(s0 >> 24)] ^ + rk[7]; +#endif + s0 = t[0]; + s1 = t[1]; + s2 = t[2]; + s3 = t[3]; + + /* + * Nr - 2 full rounds: + */ + for (rk += 8, r = key->rounds - 2; r > 0; rk += 4, r--) { +#if defined(AES_COMPACT_IN_INNER_ROUNDS) + t[0] = Td4[(s0) & 0xff] ^ + Td4[(s3 >> 8) & 0xff] << 8 ^ + Td4[(s2 >> 16) & 0xff] << 16 ^ + Td4[(s1 >> 24)] << 24; + t[1] = Td4[(s1) & 0xff] ^ + Td4[(s0 >> 8) & 0xff] << 8 ^ + Td4[(s3 >> 16) & 0xff] << 16 ^ + Td4[(s2 >> 24)] << 24; + t[2] = Td4[(s2) & 0xff] ^ + Td4[(s1 >> 8) & 0xff] << 8 ^ + Td4[(s0 >> 16) & 0xff] << 16 ^ + Td4[(s3 >> 24)] << 24; + t[3] = Td4[(s3) & 0xff] ^ + Td4[(s2 >> 8) & 0xff] << 8 ^ + Td4[(s1 >> 16) & 0xff] << 16 ^ + Td4[(s0 >> 24)] << 24; + + /* now do the linear transform using words */ + { + int i; + u32 tp1, tp2, tp4, tp8, tp9, tpb, tpd, tpe, m; + + for (i = 0; i < 4; i++) { + tp1 = t[i]; + m = tp1 & 0x80808080; + tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^ + ((m - (m >> 7)) & 0x1b1b1b1b); + m = tp2 & 0x80808080; + tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^ + ((m - (m >> 7)) & 0x1b1b1b1b); + m = tp4 & 0x80808080; + tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^ + ((m - (m >> 7)) & 0x1b1b1b1b); + tp9 = tp8 ^ tp1; + tpb = tp9 ^ tp2; + tpd = tp9 ^ tp4; + tpe = tp8 ^ tp4 ^ tp2; +#if defined(ROTATE) + t[i] = tpe ^ ROTATE(tpd, 16) ^ + ROTATE(tp9, 8) ^ ROTATE(tpb, 24); +#else + t[i] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^ + (tp9 >> 24) ^ (tp9 << 8) ^ + (tpb >> 8) ^ (tpb << 24); +#endif + t[i] ^= rk[i]; + } + } +#else + t[0] = Td0[(s0) & 0xff] ^ + Td1[(s3 >> 8) & 0xff] ^ + Td2[(s2 >> 16) & 0xff] ^ + Td3[(s1 >> 24)] ^ + rk[0]; + t[1] = Td0[(s1) & 0xff] ^ + Td1[(s0 >> 8) & 0xff] ^ + Td2[(s3 >> 16) & 0xff] ^ + Td3[(s2 >> 24)] ^ + rk[1]; + t[2] = Td0[(s2) & 0xff] ^ + Td1[(s1 >> 8) & 0xff] ^ + Td2[(s0 >> 16) & 0xff] ^ + Td3[(s3 >> 24)] ^ + rk[2]; + t[3] = Td0[(s3) & 0xff] ^ + Td1[(s2 >> 8) & 0xff] ^ + Td2[(s1 >> 16) & 0xff] ^ + Td3[(s0 >> 24)] ^ + rk[3]; +#endif + s0 = t[0]; + s1 = t[1]; + s2 = t[2]; + s3 = t[3]; + } + /* + * apply last round and + * map cipher state to byte array block: + */ + prefetch256(Td4); + + *(u32*)(out + 0) = + (Td4[(s0) & 0xff]) ^ + (Td4[(s3 >> 8) & 0xff] << 8) ^ + (Td4[(s2 >> 16) & 0xff] << 16) ^ + (Td4[(s1 >> 24)] << 24) ^ + rk[0]; + *(u32*)(out + 4) = + (Td4[(s1) & 0xff]) ^ + (Td4[(s0 >> 8) & 0xff] << 8) ^ + (Td4[(s3 >> 16) & 0xff] << 16) ^ + (Td4[(s2 >> 24)] << 24) ^ + rk[1]; + *(u32*)(out + 8) = + (Td4[(s2) & 0xff]) ^ + (Td4[(s1 >> 8) & 0xff] << 8) ^ + (Td4[(s0 >> 16) & 0xff] << 16) ^ + (Td4[(s3 >> 24)] << 24) ^ + rk[2]; + *(u32*)(out + 12) = + (Td4[(s3) & 0xff]) ^ + (Td4[(s2 >> 8) & 0xff] << 8) ^ + (Td4[(s1 >> 16) & 0xff] << 16) ^ + (Td4[(s0 >> 24)] << 24) ^ + rk[3]; +} diff --git a/src/lib/libcrypto/aes/asm/aes-586.pl b/src/lib/libcrypto/aes/asm/aes-586.pl new file mode 100644 index 00000000000..3ba8a26eaa3 --- /dev/null +++ b/src/lib/libcrypto/aes/asm/aes-586.pl @@ -0,0 +1,2980 @@ +#!/usr/bin/env perl +# +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== +# +# Version 4.3. +# +# You might fail to appreciate this module performance from the first +# try. If compared to "vanilla" linux-ia32-icc target, i.e. considered +# to be *the* best Intel C compiler without -KPIC, performance appears +# to be virtually identical... But try to re-configure with shared +# library support... Aha! Intel compiler "suddenly" lags behind by 30% +# [on P4, more on others]:-) And if compared to position-independent +# code generated by GNU C, this code performs *more* than *twice* as +# fast! Yes, all this buzz about PIC means that unlike other hand- +# coded implementations, this one was explicitly designed to be safe +# to use even in shared library context... This also means that this +# code isn't necessarily absolutely fastest "ever," because in order +# to achieve position independence an extra register has to be +# off-loaded to stack, which affects the benchmark result. +# +# Special note about instruction choice. Do you recall RC4_INT code +# performing poorly on P4? It might be the time to figure out why. +# RC4_INT code implies effective address calculations in base+offset*4 +# form. Trouble is that it seems that offset scaling turned to be +# critical path... At least eliminating scaling resulted in 2.8x RC4 +# performance improvement [as you might recall]. As AES code is hungry +# for scaling too, I [try to] avoid the latter by favoring off-by-2 +# shifts and masking the result with 0xFF<<2 instead of "boring" 0xFF. +# +# As was shown by Dean Gaudet , the above note turned +# void. Performance improvement with off-by-2 shifts was observed on +# intermediate implementation, which was spilling yet another register +# to stack... Final offset*4 code below runs just a tad faster on P4, +# but exhibits up to 10% improvement on other cores. +# +# Second version is "monolithic" replacement for aes_core.c, which in +# addition to AES_[de|en]crypt implements AES_set_[de|en]cryption_key. +# This made it possible to implement little-endian variant of the +# algorithm without modifying the base C code. Motivating factor for +# the undertaken effort was that it appeared that in tight IA-32 +# register window little-endian flavor could achieve slightly higher +# Instruction Level Parallelism, and it indeed resulted in up to 15% +# better performance on most recent µ-archs... +# +# Third version adds AES_cbc_encrypt implementation, which resulted in +# up to 40% performance imrovement of CBC benchmark results. 40% was +# observed on P4 core, where "overall" imrovement coefficient, i.e. if +# compared to PIC generated by GCC and in CBC mode, was observed to be +# as large as 4x:-) CBC performance is virtually identical to ECB now +# and on some platforms even better, e.g. 17.6 "small" cycles/byte on +# Opteron, because certain function prologues and epilogues are +# effectively taken out of the loop... +# +# Version 3.2 implements compressed tables and prefetch of these tables +# in CBC[!] mode. Former means that 3/4 of table references are now +# misaligned, which unfortunately has negative impact on elder IA-32 +# implementations, Pentium suffered 30% penalty, PIII - 10%. +# +# Version 3.3 avoids L1 cache aliasing between stack frame and +# S-boxes, and 3.4 - L1 cache aliasing even between key schedule. The +# latter is achieved by copying the key schedule to controlled place in +# stack. This unfortunately has rather strong impact on small block CBC +# performance, ~2x deterioration on 16-byte block if compared to 3.3. +# +# Version 3.5 checks if there is L1 cache aliasing between user-supplied +# key schedule and S-boxes and abstains from copying the former if +# there is no. This allows end-user to consciously retain small block +# performance by aligning key schedule in specific manner. +# +# Version 3.6 compresses Td4 to 256 bytes and prefetches it in ECB. +# +# Current ECB performance numbers for 128-bit key in CPU cycles per +# processed byte [measure commonly used by AES benchmarkers] are: +# +# small footprint fully unrolled +# P4 24 22 +# AMD K8 20 19 +# PIII 25 23 +# Pentium 81 78 +# +# Version 3.7 reimplements outer rounds as "compact." Meaning that +# first and last rounds reference compact 256 bytes S-box. This means +# that first round consumes a lot more CPU cycles and that encrypt +# and decrypt performance becomes asymmetric. Encrypt performance +# drops by 10-12%, while decrypt - by 20-25%:-( 256 bytes S-box is +# aggressively pre-fetched. +# +# Version 4.0 effectively rolls back to 3.6 and instead implements +# additional set of functions, _[x86|sse]_AES_[en|de]crypt_compact, +# which use exclusively 256 byte S-box. These functions are to be +# called in modes not concealing plain text, such as ECB, or when +# we're asked to process smaller amount of data [or unconditionally +# on hyper-threading CPU]. Currently it's called unconditionally from +# AES_[en|de]crypt, which affects all modes, but CBC. CBC routine +# still needs to be modified to switch between slower and faster +# mode when appropriate... But in either case benchmark landscape +# changes dramatically and below numbers are CPU cycles per processed +# byte for 128-bit key. +# +# ECB encrypt ECB decrypt CBC large chunk +# P4 56[60] 84[100] 23 +# AMD K8 48[44] 70[79] 18 +# PIII 41[50] 61[91] 24 +# Core 2 32[38] 45[70] 18.5 +# Pentium 120 160 77 +# +# Version 4.1 switches to compact S-box even in key schedule setup. +# +# Version 4.2 prefetches compact S-box in every SSE round or in other +# words every cache-line is *guaranteed* to be accessed within ~50 +# cycles window. Why just SSE? Because it's needed on hyper-threading +# CPU! Which is also why it's prefetched with 64 byte stride. Best +# part is that it has no negative effect on performance:-) +# +# Version 4.3 implements switch between compact and non-compact block +# functions in AES_cbc_encrypt depending on how much data was asked +# to be processed in one stroke. +# +###################################################################### +# Timing attacks are classified in two classes: synchronous when +# attacker consciously initiates cryptographic operation and collects +# timing data of various character afterwards, and asynchronous when +# malicious code is executed on same CPU simultaneously with AES, +# instruments itself and performs statistical analysis of this data. +# +# As far as synchronous attacks go the root to the AES timing +# vulnerability is twofold. Firstly, of 256 S-box elements at most 160 +# are referred to in single 128-bit block operation. Well, in C +# implementation with 4 distinct tables it's actually as little as 40 +# references per 256 elements table, but anyway... Secondly, even +# though S-box elements are clustered into smaller amount of cache- +# lines, smaller than 160 and even 40, it turned out that for certain +# plain-text pattern[s] or simply put chosen plain-text and given key +# few cache-lines remain unaccessed during block operation. Now, if +# attacker can figure out this access pattern, he can deduct the key +# [or at least part of it]. The natural way to mitigate this kind of +# attacks is to minimize the amount of cache-lines in S-box and/or +# prefetch them to ensure that every one is accessed for more uniform +# timing. But note that *if* plain-text was concealed in such way that +# input to block function is distributed *uniformly*, then attack +# wouldn't apply. Now note that some encryption modes, most notably +# CBC, do mask the plain-text in this exact way [secure cipher output +# is distributed uniformly]. Yes, one still might find input that +# would reveal the information about given key, but if amount of +# candidate inputs to be tried is larger than amount of possible key +# combinations then attack becomes infeasible. This is why revised +# AES_cbc_encrypt "dares" to switch to larger S-box when larger chunk +# of data is to be processed in one stroke. The current size limit of +# 512 bytes is chosen to provide same [diminishigly low] probability +# for cache-line to remain untouched in large chunk operation with +# large S-box as for single block operation with compact S-box and +# surely needs more careful consideration... +# +# As for asynchronous attacks. There are two flavours: attacker code +# being interleaved with AES on hyper-threading CPU at *instruction* +# level, and two processes time sharing single core. As for latter. +# Two vectors. 1. Given that attacker process has higher priority, +# yield execution to process performing AES just before timer fires +# off the scheduler, immediately regain control of CPU and analyze the +# cache state. For this attack to be efficient attacker would have to +# effectively slow down the operation by several *orders* of magnitute, +# by ratio of time slice to duration of handful of AES rounds, which +# unlikely to remain unnoticed. Not to mention that this also means +# that he would spend correspondigly more time to collect enough +# statistical data to mount the attack. It's probably appropriate to +# say that if adeversary reckons that this attack is beneficial and +# risks to be noticed, you probably have larger problems having him +# mere opportunity. In other words suggested code design expects you +# to preclude/mitigate this attack by overall system security design. +# 2. Attacker manages to make his code interrupt driven. In order for +# this kind of attack to be feasible, interrupt rate has to be high +# enough, again comparable to duration of handful of AES rounds. But +# is there interrupt source of such rate? Hardly, not even 1Gbps NIC +# generates interrupts at such raging rate... +# +# And now back to the former, hyper-threading CPU or more specifically +# Intel P4. Recall that asynchronous attack implies that malicious +# code instruments itself. And naturally instrumentation granularity +# has be noticeably lower than duration of codepath accessing S-box. +# Given that all cache-lines are accessed during that time that is. +# Current implementation accesses *all* cache-lines within ~50 cycles +# window, which is actually *less* than RDTSC latency on Intel P4! + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +push(@INC,"${dir}","${dir}../../perlasm"); +require "x86asm.pl"; + +&asm_init($ARGV[0],"aes-586.pl",$x86only = $ARGV[$#ARGV] eq "386"); +&static_label("AES_Te"); +&static_label("AES_Td"); + +$s0="eax"; +$s1="ebx"; +$s2="ecx"; +$s3="edx"; +$key="edi"; +$acc="esi"; +$tbl="ebp"; + +# stack frame layout in _[x86|sse]_AES_* routines, frame is allocated +# by caller +$__ra=&DWP(0,"esp"); # return address +$__s0=&DWP(4,"esp"); # s0 backing store +$__s1=&DWP(8,"esp"); # s1 backing store +$__s2=&DWP(12,"esp"); # s2 backing store +$__s3=&DWP(16,"esp"); # s3 backing store +$__key=&DWP(20,"esp"); # pointer to key schedule +$__end=&DWP(24,"esp"); # pointer to end of key schedule +$__tbl=&DWP(28,"esp"); # %ebp backing store + +# stack frame layout in AES_[en|crypt] routines, which differs from +# above by 4 and overlaps by %ebp backing store +$_tbl=&DWP(24,"esp"); +$_esp=&DWP(28,"esp"); + +sub _data_word() { my $i; while(defined($i=shift)) { &data_word($i,$i); } } + +$speed_limit=512; # chunks smaller than $speed_limit are + # processed with compact routine in CBC mode +$small_footprint=1; # $small_footprint=1 code is ~5% slower [on + # recent µ-archs], but ~5 times smaller! + # I favor compact code to minimize cache + # contention and in hope to "collect" 5% back + # in real-life applications... + +$vertical_spin=0; # shift "verticaly" defaults to 0, because of + # its proof-of-concept status... +# Note that there is no decvert(), as well as last encryption round is +# performed with "horizontal" shifts. This is because this "vertical" +# implementation [one which groups shifts on a given $s[i] to form a +# "column," unlike "horizontal" one, which groups shifts on different +# $s[i] to form a "row"] is work in progress. It was observed to run +# few percents faster on Intel cores, but not AMD. On AMD K8 core it's +# whole 12% slower:-( So we face a trade-off... Shall it be resolved +# some day? Till then the code is considered experimental and by +# default remains dormant... + +sub encvert() +{ my ($te,@s) = @_; + my $v0 = $acc, $v1 = $key; + + &mov ($v0,$s[3]); # copy s3 + &mov (&DWP(4,"esp"),$s[2]); # save s2 + &mov ($v1,$s[0]); # copy s0 + &mov (&DWP(8,"esp"),$s[1]); # save s1 + + &movz ($s[2],&HB($s[0])); + &and ($s[0],0xFF); + &mov ($s[0],&DWP(0,$te,$s[0],8)); # s0>>0 + &shr ($v1,16); + &mov ($s[3],&DWP(3,$te,$s[2],8)); # s0>>8 + &movz ($s[1],&HB($v1)); + &and ($v1,0xFF); + &mov ($s[2],&DWP(2,$te,$v1,8)); # s0>>16 + &mov ($v1,$v0); + &mov ($s[1],&DWP(1,$te,$s[1],8)); # s0>>24 + + &and ($v0,0xFF); + &xor ($s[3],&DWP(0,$te,$v0,8)); # s3>>0 + &movz ($v0,&HB($v1)); + &shr ($v1,16); + &xor ($s[2],&DWP(3,$te,$v0,8)); # s3>>8 + &movz ($v0,&HB($v1)); + &and ($v1,0xFF); + &xor ($s[1],&DWP(2,$te,$v1,8)); # s3>>16 + &mov ($v1,&DWP(4,"esp")); # restore s2 + &xor ($s[0],&DWP(1,$te,$v0,8)); # s3>>24 + + &mov ($v0,$v1); + &and ($v1,0xFF); + &xor ($s[2],&DWP(0,$te,$v1,8)); # s2>>0 + &movz ($v1,&HB($v0)); + &shr ($v0,16); + &xor ($s[1],&DWP(3,$te,$v1,8)); # s2>>8 + &movz ($v1,&HB($v0)); + &and ($v0,0xFF); + &xor ($s[0],&DWP(2,$te,$v0,8)); # s2>>16 + &mov ($v0,&DWP(8,"esp")); # restore s1 + &xor ($s[3],&DWP(1,$te,$v1,8)); # s2>>24 + + &mov ($v1,$v0); + &and ($v0,0xFF); + &xor ($s[1],&DWP(0,$te,$v0,8)); # s1>>0 + &movz ($v0,&HB($v1)); + &shr ($v1,16); + &xor ($s[0],&DWP(3,$te,$v0,8)); # s1>>8 + &movz ($v0,&HB($v1)); + &and ($v1,0xFF); + &xor ($s[3],&DWP(2,$te,$v1,8)); # s1>>16 + &mov ($key,$__key); # reincarnate v1 as key + &xor ($s[2],&DWP(1,$te,$v0,8)); # s1>>24 +} + +# Another experimental routine, which features "horizontal spin," but +# eliminates one reference to stack. Strangely enough runs slower... +sub enchoriz() +{ my $v0 = $key, $v1 = $acc; + + &movz ($v0,&LB($s0)); # 3, 2, 1, 0* + &rotr ($s2,8); # 8,11,10, 9 + &mov ($v1,&DWP(0,$te,$v0,8)); # 0 + &movz ($v0,&HB($s1)); # 7, 6, 5*, 4 + &rotr ($s3,16); # 13,12,15,14 + &xor ($v1,&DWP(3,$te,$v0,8)); # 5 + &movz ($v0,&HB($s2)); # 8,11,10*, 9 + &rotr ($s0,16); # 1, 0, 3, 2 + &xor ($v1,&DWP(2,$te,$v0,8)); # 10 + &movz ($v0,&HB($s3)); # 13,12,15*,14 + &xor ($v1,&DWP(1,$te,$v0,8)); # 15, t[0] collected + &mov ($__s0,$v1); # t[0] saved + + &movz ($v0,&LB($s1)); # 7, 6, 5, 4* + &shr ($s1,16); # -, -, 7, 6 + &mov ($v1,&DWP(0,$te,$v0,8)); # 4 + &movz ($v0,&LB($s3)); # 13,12,15,14* + &xor ($v1,&DWP(2,$te,$v0,8)); # 14 + &movz ($v0,&HB($s0)); # 1, 0, 3*, 2 + &and ($s3,0xffff0000); # 13,12, -, - + &xor ($v1,&DWP(1,$te,$v0,8)); # 3 + &movz ($v0,&LB($s2)); # 8,11,10, 9* + &or ($s3,$s1); # 13,12, 7, 6 + &xor ($v1,&DWP(3,$te,$v0,8)); # 9, t[1] collected + &mov ($s1,$v1); # s[1]=t[1] + + &movz ($v0,&LB($s0)); # 1, 0, 3, 2* + &shr ($s2,16); # -, -, 8,11 + &mov ($v1,&DWP(2,$te,$v0,8)); # 2 + &movz ($v0,&HB($s3)); # 13,12, 7*, 6 + &xor ($v1,&DWP(1,$te,$v0,8)); # 7 + &movz ($v0,&HB($s2)); # -, -, 8*,11 + &xor ($v1,&DWP(0,$te,$v0,8)); # 8 + &mov ($v0,$s3); + &shr ($v0,24); # 13 + &xor ($v1,&DWP(3,$te,$v0,8)); # 13, t[2] collected + + &movz ($v0,&LB($s2)); # -, -, 8,11* + &shr ($s0,24); # 1* + &mov ($s2,&DWP(1,$te,$v0,8)); # 11 + &xor ($s2,&DWP(3,$te,$s0,8)); # 1 + &mov ($s0,$__s0); # s[0]=t[0] + &movz ($v0,&LB($s3)); # 13,12, 7, 6* + &shr ($s3,16); # , ,13,12 + &xor ($s2,&DWP(2,$te,$v0,8)); # 6 + &mov ($key,$__key); # reincarnate v0 as key + &and ($s3,0xff); # , ,13,12* + &mov ($s3,&DWP(0,$te,$s3,8)); # 12 + &xor ($s3,$s2); # s[2]=t[3] collected + &mov ($s2,$v1); # s[2]=t[2] +} + +# More experimental code... SSE one... Even though this one eliminates +# *all* references to stack, it's not faster... +sub sse_encbody() +{ + &movz ($acc,&LB("eax")); # 0 + &mov ("ecx",&DWP(0,$tbl,$acc,8)); # 0 + &pshufw ("mm2","mm0",0x0d); # 7, 6, 3, 2 + &movz ("edx",&HB("eax")); # 1 + &mov ("edx",&DWP(3,$tbl,"edx",8)); # 1 + &shr ("eax",16); # 5, 4 + + &movz ($acc,&LB("ebx")); # 10 + &xor ("ecx",&DWP(2,$tbl,$acc,8)); # 10 + &pshufw ("mm6","mm4",0x08); # 13,12, 9, 8 + &movz ($acc,&HB("ebx")); # 11 + &xor ("edx",&DWP(1,$tbl,$acc,8)); # 11 + &shr ("ebx",16); # 15,14 + + &movz ($acc,&HB("eax")); # 5 + &xor ("ecx",&DWP(3,$tbl,$acc,8)); # 5 + &movq ("mm3",QWP(16,$key)); + &movz ($acc,&HB("ebx")); # 15 + &xor ("ecx",&DWP(1,$tbl,$acc,8)); # 15 + &movd ("mm0","ecx"); # t[0] collected + + &movz ($acc,&LB("eax")); # 4 + &mov ("ecx",&DWP(0,$tbl,$acc,8)); # 4 + &movd ("eax","mm2"); # 7, 6, 3, 2 + &movz ($acc,&LB("ebx")); # 14 + &xor ("ecx",&DWP(2,$tbl,$acc,8)); # 14 + &movd ("ebx","mm6"); # 13,12, 9, 8 + + &movz ($acc,&HB("eax")); # 3 + &xor ("ecx",&DWP(1,$tbl,$acc,8)); # 3 + &movz ($acc,&HB("ebx")); # 9 + &xor ("ecx",&DWP(3,$tbl,$acc,8)); # 9 + &movd ("mm1","ecx"); # t[1] collected + + &movz ($acc,&LB("eax")); # 2 + &mov ("ecx",&DWP(2,$tbl,$acc,8)); # 2 + &shr ("eax",16); # 7, 6 + &punpckldq ("mm0","mm1"); # t[0,1] collected + &movz ($acc,&LB("ebx")); # 8 + &xor ("ecx",&DWP(0,$tbl,$acc,8)); # 8 + &shr ("ebx",16); # 13,12 + + &movz ($acc,&HB("eax")); # 7 + &xor ("ecx",&DWP(1,$tbl,$acc,8)); # 7 + &pxor ("mm0","mm3"); + &movz ("eax",&LB("eax")); # 6 + &xor ("edx",&DWP(2,$tbl,"eax",8)); # 6 + &pshufw ("mm1","mm0",0x08); # 5, 4, 1, 0 + &movz ($acc,&HB("ebx")); # 13 + &xor ("ecx",&DWP(3,$tbl,$acc,8)); # 13 + &xor ("ecx",&DWP(24,$key)); # t[2] + &movd ("mm4","ecx"); # t[2] collected + &movz ("ebx",&LB("ebx")); # 12 + &xor ("edx",&DWP(0,$tbl,"ebx",8)); # 12 + &shr ("ecx",16); + &movd ("eax","mm1"); # 5, 4, 1, 0 + &mov ("ebx",&DWP(28,$key)); # t[3] + &xor ("ebx","edx"); + &movd ("mm5","ebx"); # t[3] collected + &and ("ebx",0xffff0000); + &or ("ebx","ecx"); + + &punpckldq ("mm4","mm5"); # t[2,3] collected +} + +###################################################################### +# "Compact" block function +###################################################################### + +sub enccompact() +{ my $Fn = mov; + while ($#_>5) { pop(@_); $Fn=sub{}; } + my ($i,$te,@s)=@_; + my $tmp = $key; + my $out = $i==3?$s[0]:$acc; + + # $Fn is used in first compact round and its purpose is to + # void restoration of some values from stack, so that after + # 4xenccompact with extra argument $key value is left there... + if ($i==3) { &$Fn ($key,$__key); }##%edx + else { &mov ($out,$s[0]); } + &and ($out,0xFF); + if ($i==1) { &shr ($s[0],16); }#%ebx[1] + if ($i==2) { &shr ($s[0],24); }#%ecx[2] + &movz ($out,&BP(-128,$te,$out,1)); + + if ($i==3) { $tmp=$s[1]; }##%eax + &movz ($tmp,&HB($s[1])); + &movz ($tmp,&BP(-128,$te,$tmp,1)); + &shl ($tmp,8); + &xor ($out,$tmp); + + if ($i==3) { $tmp=$s[2]; &mov ($s[1],$__s0); }##%ebx + else { &mov ($tmp,$s[2]); + &shr ($tmp,16); } + if ($i==2) { &and ($s[1],0xFF); }#%edx[2] + &and ($tmp,0xFF); + &movz ($tmp,&BP(-128,$te,$tmp,1)); + &shl ($tmp,16); + &xor ($out,$tmp); + + if ($i==3) { $tmp=$s[3]; &mov ($s[2],$__s1); }##%ecx + elsif($i==2){ &movz ($tmp,&HB($s[3])); }#%ebx[2] + else { &mov ($tmp,$s[3]); + &shr ($tmp,24); } + &movz ($tmp,&BP(-128,$te,$tmp,1)); + &shl ($tmp,24); + &xor ($out,$tmp); + if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); } + if ($i==3) { &mov ($s[3],$acc); } + &comment(); +} + +sub enctransform() +{ my @s = ($s0,$s1,$s2,$s3); + my $i = shift; + my $tmp = $tbl; + my $r2 = $key ; + + &mov ($acc,$s[$i]); + &and ($acc,0x80808080); + &mov ($tmp,$acc); + &shr ($tmp,7); + &lea ($r2,&DWP(0,$s[$i],$s[$i])); + &sub ($acc,$tmp); + &and ($r2,0xfefefefe); + &and ($acc,0x1b1b1b1b); + &mov ($tmp,$s[$i]); + &xor ($acc,$r2); # r2 + + &xor ($s[$i],$acc); # r0 ^ r2 + &rotl ($s[$i],24); + &xor ($s[$i],$acc) # ROTATE(r2^r0,24) ^ r2 + &rotr ($tmp,16); + &xor ($s[$i],$tmp); + &rotr ($tmp,8); + &xor ($s[$i],$tmp); +} + +&function_begin_B("_x86_AES_encrypt_compact"); + # note that caller is expected to allocate stack frame for me! + &mov ($__key,$key); # save key + + &xor ($s0,&DWP(0,$key)); # xor with key + &xor ($s1,&DWP(4,$key)); + &xor ($s2,&DWP(8,$key)); + &xor ($s3,&DWP(12,$key)); + + &mov ($acc,&DWP(240,$key)); # load key->rounds + &lea ($acc,&DWP(-2,$acc,$acc)); + &lea ($acc,&DWP(0,$key,$acc,8)); + &mov ($__end,$acc); # end of key schedule + + # prefetch Te4 + &mov ($key,&DWP(0-128,$tbl)); + &mov ($acc,&DWP(32-128,$tbl)); + &mov ($key,&DWP(64-128,$tbl)); + &mov ($acc,&DWP(96-128,$tbl)); + &mov ($key,&DWP(128-128,$tbl)); + &mov ($acc,&DWP(160-128,$tbl)); + &mov ($key,&DWP(192-128,$tbl)); + &mov ($acc,&DWP(224-128,$tbl)); + + &set_label("loop",16); + + &enccompact(0,$tbl,$s0,$s1,$s2,$s3,1); + &enccompact(1,$tbl,$s1,$s2,$s3,$s0,1); + &enccompact(2,$tbl,$s2,$s3,$s0,$s1,1); + &enccompact(3,$tbl,$s3,$s0,$s1,$s2,1); + &enctransform(2); + &enctransform(3); + &enctransform(0); + &enctransform(1); + &mov ($key,$__key); + &mov ($tbl,$__tbl); + &add ($key,16); # advance rd_key + &xor ($s0,&DWP(0,$key)); + &xor ($s1,&DWP(4,$key)); + &xor ($s2,&DWP(8,$key)); + &xor ($s3,&DWP(12,$key)); + + &cmp ($key,$__end); + &mov ($__key,$key); + &jb (&label("loop")); + + &enccompact(0,$tbl,$s0,$s1,$s2,$s3); + &enccompact(1,$tbl,$s1,$s2,$s3,$s0); + &enccompact(2,$tbl,$s2,$s3,$s0,$s1); + &enccompact(3,$tbl,$s3,$s0,$s1,$s2); + + &xor ($s0,&DWP(16,$key)); + &xor ($s1,&DWP(20,$key)); + &xor ($s2,&DWP(24,$key)); + &xor ($s3,&DWP(28,$key)); + + &ret (); +&function_end_B("_x86_AES_encrypt_compact"); + +###################################################################### +# "Compact" SSE block function. +###################################################################### +# +# Performance is not actually extraordinary in comparison to pure +# x86 code. In particular encrypt performance is virtually the same. +# Decrypt performance on the other hand is 15-20% better on newer +# µ-archs [but we're thankful for *any* improvement here], and ~50% +# better on PIII:-) And additionally on the pros side this code +# eliminates redundant references to stack and thus relieves/ +# minimizes the pressure on the memory bus. +# +# MMX register layout lsb +# +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ +# | mm4 | mm0 | +# +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ +# | s3 | s2 | s1 | s0 | +# +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ +# |15|14|13|12|11|10| 9| 8| 7| 6| 5| 4| 3| 2| 1| 0| +# +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ +# +# Indexes translate as s[N/4]>>(8*(N%4)), e.g. 5 means s1>>8. +# In this terms encryption and decryption "compact" permutation +# matrices can be depicted as following: +# +# encryption lsb # decryption lsb +# +----++----+----+----+----+ # +----++----+----+----+----+ +# | t0 || 15 | 10 | 5 | 0 | # | t0 || 7 | 10 | 13 | 0 | +# +----++----+----+----+----+ # +----++----+----+----+----+ +# | t1 || 3 | 14 | 9 | 4 | # | t1 || 11 | 14 | 1 | 4 | +# +----++----+----+----+----+ # +----++----+----+----+----+ +# | t2 || 7 | 2 | 13 | 8 | # | t2 || 15 | 2 | 5 | 8 | +# +----++----+----+----+----+ # +----++----+----+----+----+ +# | t3 || 11 | 6 | 1 | 12 | # | t3 || 3 | 6 | 9 | 12 | +# +----++----+----+----+----+ # +----++----+----+----+----+ +# +###################################################################### +# Why not xmm registers? Short answer. It was actually tested and +# was not any faster, but *contrary*, most notably on Intel CPUs. +# Longer answer. Main advantage of using mm registers is that movd +# latency is lower, especially on Intel P4. While arithmetic +# instructions are twice as many, they can be scheduled every cycle +# and not every second one when they are operating on xmm register, +# so that "arithmetic throughput" remains virtually the same. And +# finally the code can be executed even on elder SSE-only CPUs:-) + +sub sse_enccompact() +{ + &pshufw ("mm1","mm0",0x08); # 5, 4, 1, 0 + &pshufw ("mm5","mm4",0x0d); # 15,14,11,10 + &movd ("eax","mm1"); # 5, 4, 1, 0 + &movd ("ebx","mm5"); # 15,14,11,10 + + &movz ($acc,&LB("eax")); # 0 + &movz ("ecx",&BP(-128,$tbl,$acc,1)); # 0 + &pshufw ("mm2","mm0",0x0d); # 7, 6, 3, 2 + &movz ("edx",&HB("eax")); # 1 + &movz ("edx",&BP(-128,$tbl,"edx",1)); # 1 + &shl ("edx",8); # 1 + &shr ("eax",16); # 5, 4 + + &movz ($acc,&LB("ebx")); # 10 + &movz ($acc,&BP(-128,$tbl,$acc,1)); # 10 + &shl ($acc,16); # 10 + &or ("ecx",$acc); # 10 + &pshufw ("mm6","mm4",0x08); # 13,12, 9, 8 + &movz ($acc,&HB("ebx")); # 11 + &movz ($acc,&BP(-128,$tbl,$acc,1)); # 11 + &shl ($acc,24); # 11 + &or ("edx",$acc); # 11 + &shr ("ebx",16); # 15,14 + + &movz ($acc,&HB("eax")); # 5 + &movz ($acc,&BP(-128,$tbl,$acc,1)); # 5 + &shl ($acc,8); # 5 + &or ("ecx",$acc); # 5 + &movz ($acc,&HB("ebx")); # 15 + &movz ($acc,&BP(-128,$tbl,$acc,1)); # 15 + &shl ($acc,24); # 15 + &or ("ecx",$acc); # 15 + &movd ("mm0","ecx"); # t[0] collected + + &movz ($acc,&LB("eax")); # 4 + &movz ("ecx",&BP(-128,$tbl,$acc,1)); # 4 + &movd ("eax","mm2"); # 7, 6, 3, 2 + &movz ($acc,&LB("ebx")); # 14 + &movz ($acc,&BP(-128,$tbl,$acc,1)); # 14 + &shl ($acc,16); # 14 + &or ("ecx",$acc); # 14 + + &movd ("ebx","mm6"); # 13,12, 9, 8 + &movz ($acc,&HB("eax")); # 3 + &movz ($acc,&BP(-128,$tbl,$acc,1)); # 3 + &shl ($acc,24); # 3 + &or ("ecx",$acc); # 3 + &movz ($acc,&HB("ebx")); # 9 + &movz ($acc,&BP(-128,$tbl,$acc,1)); # 9 + &shl ($acc,8); # 9 + &or ("ecx",$acc); # 9 + &movd ("mm1","ecx"); # t[1] collected + + &movz ($acc,&LB("ebx")); # 8 + &movz ("ecx",&BP(-128,$tbl,$acc,1)); # 8 + &shr ("ebx",16); # 13,12 + &movz ($acc,&LB("eax")); # 2 + &movz ($acc,&BP(-128,$tbl,$acc,1)); # 2 + &shl ($acc,16); # 2 + &or ("ecx",$acc); # 2 + &shr ("eax",16); # 7, 6 + + &punpckldq ("mm0","mm1"); # t[0,1] collected + + &movz ($acc,&HB("eax")); # 7 + &movz ($acc,&BP(-128,$tbl,$acc,1)); # 7 + &shl ($acc,24); # 7 + &or ("ecx",$acc); # 7 + &and ("eax",0xff); # 6 + &movz ("eax",&BP(-128,$tbl,"eax",1)); # 6 + &shl ("eax",16); # 6 + &or ("edx","eax"); # 6 + &movz ($acc,&HB("ebx")); # 13 + &movz ($acc,&BP(-128,$tbl,$acc,1)); # 13 + &shl ($acc,8); # 13 + &or ("ecx",$acc); # 13 + &movd ("mm4","ecx"); # t[2] collected + &and ("ebx",0xff); # 12 + &movz ("ebx",&BP(-128,$tbl,"ebx",1)); # 12 + &or ("edx","ebx"); # 12 + &movd ("mm5","edx"); # t[3] collected + + &punpckldq ("mm4","mm5"); # t[2,3] collected +} + + if (!$x86only) { +&function_begin_B("_sse_AES_encrypt_compact"); + &pxor ("mm0",&QWP(0,$key)); # 7, 6, 5, 4, 3, 2, 1, 0 + &pxor ("mm4",&QWP(8,$key)); # 15,14,13,12,11,10, 9, 8 + + # note that caller is expected to allocate stack frame for me! + &mov ($acc,&DWP(240,$key)); # load key->rounds + &lea ($acc,&DWP(-2,$acc,$acc)); + &lea ($acc,&DWP(0,$key,$acc,8)); + &mov ($__end,$acc); # end of key schedule + + &mov ($s0,0x1b1b1b1b); # magic constant + &mov (&DWP(8,"esp"),$s0); + &mov (&DWP(12,"esp"),$s0); + + # prefetch Te4 + &mov ($s0,&DWP(0-128,$tbl)); + &mov ($s1,&DWP(32-128,$tbl)); + &mov ($s2,&DWP(64-128,$tbl)); + &mov ($s3,&DWP(96-128,$tbl)); + &mov ($s0,&DWP(128-128,$tbl)); + &mov ($s1,&DWP(160-128,$tbl)); + &mov ($s2,&DWP(192-128,$tbl)); + &mov ($s3,&DWP(224-128,$tbl)); + + &set_label("loop",16); + &sse_enccompact(); + &add ($key,16); + &cmp ($key,$__end); + &ja (&label("out")); + + &movq ("mm2",&QWP(8,"esp")); + &pxor ("mm3","mm3"); &pxor ("mm7","mm7"); + &movq ("mm1","mm0"); &movq ("mm5","mm4"); # r0 + &pcmpgtb("mm3","mm0"); &pcmpgtb("mm7","mm4"); + &pand ("mm3","mm2"); &pand ("mm7","mm2"); + &pshufw ("mm2","mm0",0xb1); &pshufw ("mm6","mm4",0xb1);# ROTATE(r0,16) + &paddb ("mm0","mm0"); &paddb ("mm4","mm4"); + &pxor ("mm0","mm3"); &pxor ("mm4","mm7"); # = r2 + &pshufw ("mm3","mm2",0xb1); &pshufw ("mm7","mm6",0xb1);# r0 + &pxor ("mm1","mm0"); &pxor ("mm5","mm4"); # r0^r2 + &pxor ("mm0","mm2"); &pxor ("mm4","mm6"); # ^= ROTATE(r0,16) + + &movq ("mm2","mm3"); &movq ("mm6","mm7"); + &pslld ("mm3",8); &pslld ("mm7",8); + &psrld ("mm2",24); &psrld ("mm6",24); + &pxor ("mm0","mm3"); &pxor ("mm4","mm7"); # ^= r0<<8 + &pxor ("mm0","mm2"); &pxor ("mm4","mm6"); # ^= r0>>24 + + &movq ("mm3","mm1"); &movq ("mm7","mm5"); + &movq ("mm2",&QWP(0,$key)); &movq ("mm6",&QWP(8,$key)); + &psrld ("mm1",8); &psrld ("mm5",8); + &mov ($s0,&DWP(0-128,$tbl)); + &pslld ("mm3",24); &pslld ("mm7",24); + &mov ($s1,&DWP(64-128,$tbl)); + &pxor ("mm0","mm1"); &pxor ("mm4","mm5"); # ^= (r2^r0)<<8 + &mov ($s2,&DWP(128-128,$tbl)); + &pxor ("mm0","mm3"); &pxor ("mm4","mm7"); # ^= (r2^r0)>>24 + &mov ($s3,&DWP(192-128,$tbl)); + + &pxor ("mm0","mm2"); &pxor ("mm4","mm6"); + &jmp (&label("loop")); + + &set_label("out",16); + &pxor ("mm0",&QWP(0,$key)); + &pxor ("mm4",&QWP(8,$key)); + + &ret (); +&function_end_B("_sse_AES_encrypt_compact"); + } + +###################################################################### +# Vanilla block function. +###################################################################### + +sub encstep() +{ my ($i,$te,@s) = @_; + my $tmp = $key; + my $out = $i==3?$s[0]:$acc; + + # lines marked with #%e?x[i] denote "reordered" instructions... + if ($i==3) { &mov ($key,$__key); }##%edx + else { &mov ($out,$s[0]); + &and ($out,0xFF); } + if ($i==1) { &shr ($s[0],16); }#%ebx[1] + if ($i==2) { &shr ($s[0],24); }#%ecx[2] + &mov ($out,&DWP(0,$te,$out,8)); + + if ($i==3) { $tmp=$s[1]; }##%eax + &movz ($tmp,&HB($s[1])); + &xor ($out,&DWP(3,$te,$tmp,8)); + + if ($i==3) { $tmp=$s[2]; &mov ($s[1],$__s0); }##%ebx + else { &mov ($tmp,$s[2]); + &shr ($tmp,16); } + if ($i==2) { &and ($s[1],0xFF); }#%edx[2] + &and ($tmp,0xFF); + &xor ($out,&DWP(2,$te,$tmp,8)); + + if ($i==3) { $tmp=$s[3]; &mov ($s[2],$__s1); }##%ecx + elsif($i==2){ &movz ($tmp,&HB($s[3])); }#%ebx[2] + else { &mov ($tmp,$s[3]); + &shr ($tmp,24) } + &xor ($out,&DWP(1,$te,$tmp,8)); + if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); } + if ($i==3) { &mov ($s[3],$acc); } + &comment(); +} + +sub enclast() +{ my ($i,$te,@s)=@_; + my $tmp = $key; + my $out = $i==3?$s[0]:$acc; + + if ($i==3) { &mov ($key,$__key); }##%edx + else { &mov ($out,$s[0]); } + &and ($out,0xFF); + if ($i==1) { &shr ($s[0],16); }#%ebx[1] + if ($i==2) { &shr ($s[0],24); }#%ecx[2] + &mov ($out,&DWP(2,$te,$out,8)); + &and ($out,0x000000ff); + + if ($i==3) { $tmp=$s[1]; }##%eax + &movz ($tmp,&HB($s[1])); + &mov ($tmp,&DWP(0,$te,$tmp,8)); + &and ($tmp,0x0000ff00); + &xor ($out,$tmp); + + if ($i==3) { $tmp=$s[2]; &mov ($s[1],$__s0); }##%ebx + else { &mov ($tmp,$s[2]); + &shr ($tmp,16); } + if ($i==2) { &and ($s[1],0xFF); }#%edx[2] + &and ($tmp,0xFF); + &mov ($tmp,&DWP(0,$te,$tmp,8)); + &and ($tmp,0x00ff0000); + &xor ($out,$tmp); + + if ($i==3) { $tmp=$s[3]; &mov ($s[2],$__s1); }##%ecx + elsif($i==2){ &movz ($tmp,&HB($s[3])); }#%ebx[2] + else { &mov ($tmp,$s[3]); + &shr ($tmp,24); } + &mov ($tmp,&DWP(2,$te,$tmp,8)); + &and ($tmp,0xff000000); + &xor ($out,$tmp); + if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); } + if ($i==3) { &mov ($s[3],$acc); } +} + +&function_begin_B("_x86_AES_encrypt"); + if ($vertical_spin) { + # I need high parts of volatile registers to be accessible... + &exch ($s1="edi",$key="ebx"); + &mov ($s2="esi",$acc="ecx"); + } + + # note that caller is expected to allocate stack frame for me! + &mov ($__key,$key); # save key + + &xor ($s0,&DWP(0,$key)); # xor with key + &xor ($s1,&DWP(4,$key)); + &xor ($s2,&DWP(8,$key)); + &xor ($s3,&DWP(12,$key)); + + &mov ($acc,&DWP(240,$key)); # load key->rounds + + if ($small_footprint) { + &lea ($acc,&DWP(-2,$acc,$acc)); + &lea ($acc,&DWP(0,$key,$acc,8)); + &mov ($__end,$acc); # end of key schedule + + &set_label("loop",16); + if ($vertical_spin) { + &encvert($tbl,$s0,$s1,$s2,$s3); + } else { + &encstep(0,$tbl,$s0,$s1,$s2,$s3); + &encstep(1,$tbl,$s1,$s2,$s3,$s0); + &encstep(2,$tbl,$s2,$s3,$s0,$s1); + &encstep(3,$tbl,$s3,$s0,$s1,$s2); + } + &add ($key,16); # advance rd_key + &xor ($s0,&DWP(0,$key)); + &xor ($s1,&DWP(4,$key)); + &xor ($s2,&DWP(8,$key)); + &xor ($s3,&DWP(12,$key)); + &cmp ($key,$__end); + &mov ($__key,$key); + &jb (&label("loop")); + } + else { + &cmp ($acc,10); + &jle (&label("10rounds")); + &cmp ($acc,12); + &jle (&label("12rounds")); + + &set_label("14rounds",4); + for ($i=1;$i<3;$i++) { + if ($vertical_spin) { + &encvert($tbl,$s0,$s1,$s2,$s3); + } else { + &encstep(0,$tbl,$s0,$s1,$s2,$s3); + &encstep(1,$tbl,$s1,$s2,$s3,$s0); + &encstep(2,$tbl,$s2,$s3,$s0,$s1); + &encstep(3,$tbl,$s3,$s0,$s1,$s2); + } + &xor ($s0,&DWP(16*$i+0,$key)); + &xor ($s1,&DWP(16*$i+4,$key)); + &xor ($s2,&DWP(16*$i+8,$key)); + &xor ($s3,&DWP(16*$i+12,$key)); + } + &add ($key,32); + &mov ($__key,$key); # advance rd_key + &set_label("12rounds",4); + for ($i=1;$i<3;$i++) { + if ($vertical_spin) { + &encvert($tbl,$s0,$s1,$s2,$s3); + } else { + &encstep(0,$tbl,$s0,$s1,$s2,$s3); + &encstep(1,$tbl,$s1,$s2,$s3,$s0); + &encstep(2,$tbl,$s2,$s3,$s0,$s1); + &encstep(3,$tbl,$s3,$s0,$s1,$s2); + } + &xor ($s0,&DWP(16*$i+0,$key)); + &xor ($s1,&DWP(16*$i+4,$key)); + &xor ($s2,&DWP(16*$i+8,$key)); + &xor ($s3,&DWP(16*$i+12,$key)); + } + &add ($key,32); + &mov ($__key,$key); # advance rd_key + &set_label("10rounds",4); + for ($i=1;$i<10;$i++) { + if ($vertical_spin) { + &encvert($tbl,$s0,$s1,$s2,$s3); + } else { + &encstep(0,$tbl,$s0,$s1,$s2,$s3); + &encstep(1,$tbl,$s1,$s2,$s3,$s0); + &encstep(2,$tbl,$s2,$s3,$s0,$s1); + &encstep(3,$tbl,$s3,$s0,$s1,$s2); + } + &xor ($s0,&DWP(16*$i+0,$key)); + &xor ($s1,&DWP(16*$i+4,$key)); + &xor ($s2,&DWP(16*$i+8,$key)); + &xor ($s3,&DWP(16*$i+12,$key)); + } + } + + if ($vertical_spin) { + # "reincarnate" some registers for "horizontal" spin... + &mov ($s1="ebx",$key="edi"); + &mov ($s2="ecx",$acc="esi"); + } + &enclast(0,$tbl,$s0,$s1,$s2,$s3); + &enclast(1,$tbl,$s1,$s2,$s3,$s0); + &enclast(2,$tbl,$s2,$s3,$s0,$s1); + &enclast(3,$tbl,$s3,$s0,$s1,$s2); + + &add ($key,$small_footprint?16:160); + &xor ($s0,&DWP(0,$key)); + &xor ($s1,&DWP(4,$key)); + &xor ($s2,&DWP(8,$key)); + &xor ($s3,&DWP(12,$key)); + + &ret (); + +&set_label("AES_Te",64); # Yes! I keep it in the code segment! + &_data_word(0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6); + &_data_word(0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591); + &_data_word(0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56); + &_data_word(0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec); + &_data_word(0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa); + &_data_word(0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb); + &_data_word(0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45); + &_data_word(0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b); + &_data_word(0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c); + &_data_word(0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83); + &_data_word(0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9); + &_data_word(0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a); + &_data_word(0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d); + &_data_word(0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f); + &_data_word(0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df); + &_data_word(0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea); + &_data_word(0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34); + &_data_word(0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b); + &_data_word(0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d); + &_data_word(0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413); + &_data_word(0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1); + &_data_word(0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6); + &_data_word(0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972); + &_data_word(0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85); + &_data_word(0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed); + &_data_word(0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511); + &_data_word(0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe); + &_data_word(0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b); + &_data_word(0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05); + &_data_word(0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1); + &_data_word(0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142); + &_data_word(0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf); + &_data_word(0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3); + &_data_word(0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e); + &_data_word(0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a); + &_data_word(0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6); + &_data_word(0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3); + &_data_word(0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b); + &_data_word(0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428); + &_data_word(0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad); + &_data_word(0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14); + &_data_word(0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8); + &_data_word(0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4); + &_data_word(0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2); + &_data_word(0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda); + &_data_word(0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949); + &_data_word(0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf); + &_data_word(0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810); + &_data_word(0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c); + &_data_word(0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697); + &_data_word(0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e); + &_data_word(0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f); + &_data_word(0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc); + &_data_word(0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c); + &_data_word(0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969); + &_data_word(0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27); + &_data_word(0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122); + &_data_word(0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433); + &_data_word(0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9); + &_data_word(0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5); + &_data_word(0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a); + &_data_word(0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0); + &_data_word(0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e); + &_data_word(0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c); + +#Te4 # four copies of Te4 to choose from to avoid L1 aliasing + &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5); + &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76); + &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0); + &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0); + &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc); + &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15); + &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a); + &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75); + &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0); + &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84); + &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b); + &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf); + &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85); + &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8); + &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5); + &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2); + &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17); + &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73); + &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88); + &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb); + &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c); + &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79); + &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9); + &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08); + &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6); + &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a); + &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e); + &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e); + &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94); + &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf); + &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68); + &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16); + + &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5); + &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76); + &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0); + &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0); + &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc); + &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15); + &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a); + &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75); + &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0); + &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84); + &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b); + &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf); + &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85); + &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8); + &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5); + &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2); + &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17); + &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73); + &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88); + &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb); + &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c); + &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79); + &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9); + &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08); + &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6); + &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a); + &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e); + &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e); + &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94); + &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf); + &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68); + &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16); + + &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5); + &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76); + &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0); + &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0); + &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc); + &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15); + &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a); + &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75); + &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0); + &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84); + &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b); + &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf); + &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85); + &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8); + &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5); + &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2); + &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17); + &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73); + &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88); + &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb); + &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c); + &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79); + &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9); + &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08); + &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6); + &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a); + &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e); + &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e); + &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94); + &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf); + &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68); + &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16); + + &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5); + &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76); + &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0); + &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0); + &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc); + &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15); + &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a); + &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75); + &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0); + &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84); + &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b); + &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf); + &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85); + &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8); + &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5); + &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2); + &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17); + &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73); + &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88); + &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb); + &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c); + &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79); + &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9); + &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08); + &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6); + &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a); + &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e); + &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e); + &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94); + &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf); + &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68); + &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16); +#rcon: + &data_word(0x00000001, 0x00000002, 0x00000004, 0x00000008); + &data_word(0x00000010, 0x00000020, 0x00000040, 0x00000080); + &data_word(0x0000001b, 0x00000036, 0x00000000, 0x00000000); + &data_word(0x00000000, 0x00000000, 0x00000000, 0x00000000); +&function_end_B("_x86_AES_encrypt"); + +# void AES_encrypt (const void *inp,void *out,const AES_KEY *key); +&function_begin("AES_encrypt"); + &mov ($acc,&wparam(0)); # load inp + &mov ($key,&wparam(2)); # load key + + &mov ($s0,"esp"); + &sub ("esp",36); + &and ("esp",-64); # align to cache-line + + # place stack frame just "above" the key schedule + &lea ($s1,&DWP(-64-63,$key)); + &sub ($s1,"esp"); + &neg ($s1); + &and ($s1,0x3C0); # modulo 1024, but aligned to cache-line + &sub ("esp",$s1); + &add ("esp",4); # 4 is reserved for caller's return address + &mov ($_esp,$s0); # save stack pointer + + &call (&label("pic_point")); # make it PIC! + &set_label("pic_point"); + &blindpop($tbl); + &picmeup($s0,"OPENSSL_ia32cap_P",$tbl,&label("pic_point")) if (!$x86only); + &lea ($tbl,&DWP(&label("AES_Te")."-".&label("pic_point"),$tbl)); + + # pick Te4 copy which can't "overlap" with stack frame or key schedule + &lea ($s1,&DWP(768-4,"esp")); + &sub ($s1,$tbl); + &and ($s1,0x300); + &lea ($tbl,&DWP(2048+128,$tbl,$s1)); + + if (!$x86only) { + &bt (&DWP(0,$s0),"\$IA32CAP_BIT0_SSE"); # check for SSE bit + &jnc (&label("x86")); + + &movq ("mm0",&QWP(0,$acc)); + &movq ("mm4",&QWP(8,$acc)); + &call ("_sse_AES_encrypt_compact"); + &mov ("esp",$_esp); # restore stack pointer + &mov ($acc,&wparam(1)); # load out + &movq (&QWP(0,$acc),"mm0"); # write output data + &movq (&QWP(8,$acc),"mm4"); + &emms (); + &function_end_A(); + } + &set_label("x86",16); + &mov ($_tbl,$tbl); + &mov ($s0,&DWP(0,$acc)); # load input data + &mov ($s1,&DWP(4,$acc)); + &mov ($s2,&DWP(8,$acc)); + &mov ($s3,&DWP(12,$acc)); + &call ("_x86_AES_encrypt_compact"); + &mov ("esp",$_esp); # restore stack pointer + &mov ($acc,&wparam(1)); # load out + &mov (&DWP(0,$acc),$s0); # write output data + &mov (&DWP(4,$acc),$s1); + &mov (&DWP(8,$acc),$s2); + &mov (&DWP(12,$acc),$s3); +&function_end("AES_encrypt"); + +#--------------------------------------------------------------------# + +###################################################################### +# "Compact" block function +###################################################################### + +sub deccompact() +{ my $Fn = mov; + while ($#_>5) { pop(@_); $Fn=sub{}; } + my ($i,$td,@s)=@_; + my $tmp = $key; + my $out = $i==3?$s[0]:$acc; + + # $Fn is used in first compact round and its purpose is to + # void restoration of some values from stack, so that after + # 4xdeccompact with extra argument $key, $s0 and $s1 values + # are left there... + if($i==3) { &$Fn ($key,$__key); } + else { &mov ($out,$s[0]); } + &and ($out,0xFF); + &movz ($out,&BP(-128,$td,$out,1)); + + if ($i==3) { $tmp=$s[1]; } + &movz ($tmp,&HB($s[1])); + &movz ($tmp,&BP(-128,$td,$tmp,1)); + &shl ($tmp,8); + &xor ($out,$tmp); + + if ($i==3) { $tmp=$s[2]; &mov ($s[1],$acc); } + else { mov ($tmp,$s[2]); } + &shr ($tmp,16); + &and ($tmp,0xFF); + &movz ($tmp,&BP(-128,$td,$tmp,1)); + &shl ($tmp,16); + &xor ($out,$tmp); + + if ($i==3) { $tmp=$s[3]; &$Fn ($s[2],$__s1); } + else { &mov ($tmp,$s[3]); } + &shr ($tmp,24); + &movz ($tmp,&BP(-128,$td,$tmp,1)); + &shl ($tmp,24); + &xor ($out,$tmp); + if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); } + if ($i==3) { &$Fn ($s[3],$__s0); } +} + +# must be called with 2,3,0,1 as argument sequence!!! +sub dectransform() +{ my @s = ($s0,$s1,$s2,$s3); + my $i = shift; + my $tmp = $key; + my $tp2 = @s[($i+2)%4]; $tp2 = @s[2] if ($i==1); + my $tp4 = @s[($i+3)%4]; $tp4 = @s[3] if ($i==1); + my $tp8 = $tbl; + + &mov ($acc,$s[$i]); + &and ($acc,0x80808080); + &mov ($tmp,$acc); + &shr ($tmp,7); + &lea ($tp2,&DWP(0,$s[$i],$s[$i])); + &sub ($acc,$tmp); + &and ($tp2,0xfefefefe); + &and ($acc,0x1b1b1b1b); + &xor ($acc,$tp2); + &mov ($tp2,$acc); + + &and ($acc,0x80808080); + &mov ($tmp,$acc); + &shr ($tmp,7); + &lea ($tp4,&DWP(0,$tp2,$tp2)); + &sub ($acc,$tmp); + &and ($tp4,0xfefefefe); + &and ($acc,0x1b1b1b1b); + &xor ($tp2,$s[$i]); # tp2^tp1 + &xor ($acc,$tp4); + &mov ($tp4,$acc); + + &and ($acc,0x80808080); + &mov ($tmp,$acc); + &shr ($tmp,7); + &lea ($tp8,&DWP(0,$tp4,$tp4)); + &sub ($acc,$tmp); + &and ($tp8,0xfefefefe); + &and ($acc,0x1b1b1b1b); + &xor ($tp4,$s[$i]); # tp4^tp1 + &rotl ($s[$i],8); # = ROTATE(tp1,8) + &xor ($tp8,$acc); + + &xor ($s[$i],$tp2); + &xor ($tp2,$tp8); + &rotl ($tp2,24); + &xor ($s[$i],$tp4); + &xor ($tp4,$tp8); + &rotl ($tp4,16); + &xor ($s[$i],$tp8); # ^= tp8^(tp4^tp1)^(tp2^tp1) + &rotl ($tp8,8); + &xor ($s[$i],$tp2); # ^= ROTATE(tp8^tp2^tp1,24) + &xor ($s[$i],$tp4); # ^= ROTATE(tp8^tp4^tp1,16) + &mov ($s[0],$__s0) if($i==2); #prefetch $s0 + &mov ($s[1],$__s1) if($i==3); #prefetch $s1 + &mov ($s[2],$__s2) if($i==1); + &xor ($s[$i],$tp8); # ^= ROTATE(tp8,8) + + &mov ($s[3],$__s3) if($i==1); + &mov (&DWP(4+4*$i,"esp"),$s[$i]) if($i>=2); +} + +&function_begin_B("_x86_AES_decrypt_compact"); + # note that caller is expected to allocate stack frame for me! + &mov ($__key,$key); # save key + + &xor ($s0,&DWP(0,$key)); # xor with key + &xor ($s1,&DWP(4,$key)); + &xor ($s2,&DWP(8,$key)); + &xor ($s3,&DWP(12,$key)); + + &mov ($acc,&DWP(240,$key)); # load key->rounds + + &lea ($acc,&DWP(-2,$acc,$acc)); + &lea ($acc,&DWP(0,$key,$acc,8)); + &mov ($__end,$acc); # end of key schedule + + # prefetch Td4 + &mov ($key,&DWP(0-128,$tbl)); + &mov ($acc,&DWP(32-128,$tbl)); + &mov ($key,&DWP(64-128,$tbl)); + &mov ($acc,&DWP(96-128,$tbl)); + &mov ($key,&DWP(128-128,$tbl)); + &mov ($acc,&DWP(160-128,$tbl)); + &mov ($key,&DWP(192-128,$tbl)); + &mov ($acc,&DWP(224-128,$tbl)); + + &set_label("loop",16); + + &deccompact(0,$tbl,$s0,$s3,$s2,$s1,1); + &deccompact(1,$tbl,$s1,$s0,$s3,$s2,1); + &deccompact(2,$tbl,$s2,$s1,$s0,$s3,1); + &deccompact(3,$tbl,$s3,$s2,$s1,$s0,1); + &dectransform(2); + &dectransform(3); + &dectransform(0); + &dectransform(1); + &mov ($key,$__key); + &mov ($tbl,$__tbl); + &add ($key,16); # advance rd_key + &xor ($s0,&DWP(0,$key)); + &xor ($s1,&DWP(4,$key)); + &xor ($s2,&DWP(8,$key)); + &xor ($s3,&DWP(12,$key)); + + &cmp ($key,$__end); + &mov ($__key,$key); + &jb (&label("loop")); + + &deccompact(0,$tbl,$s0,$s3,$s2,$s1); + &deccompact(1,$tbl,$s1,$s0,$s3,$s2); + &deccompact(2,$tbl,$s2,$s1,$s0,$s3); + &deccompact(3,$tbl,$s3,$s2,$s1,$s0); + + &xor ($s0,&DWP(16,$key)); + &xor ($s1,&DWP(20,$key)); + &xor ($s2,&DWP(24,$key)); + &xor ($s3,&DWP(28,$key)); + + &ret (); +&function_end_B("_x86_AES_decrypt_compact"); + +###################################################################### +# "Compact" SSE block function. +###################################################################### + +sub sse_deccompact() +{ + &pshufw ("mm1","mm0",0x0c); # 7, 6, 1, 0 + &movd ("eax","mm1"); # 7, 6, 1, 0 + + &pshufw ("mm5","mm4",0x09); # 13,12,11,10 + &movz ($acc,&LB("eax")); # 0 + &movz ("ecx",&BP(-128,$tbl,$acc,1)); # 0 + &movd ("ebx","mm5"); # 13,12,11,10 + &movz ("edx",&HB("eax")); # 1 + &movz ("edx",&BP(-128,$tbl,"edx",1)); # 1 + &shl ("edx",8); # 1 + + &pshufw ("mm2","mm0",0x06); # 3, 2, 5, 4 + &movz ($acc,&LB("ebx")); # 10 + &movz ($acc,&BP(-128,$tbl,$acc,1)); # 10 + &shl ($acc,16); # 10 + &or ("ecx",$acc); # 10 + &shr ("eax",16); # 7, 6 + &movz ($acc,&HB("ebx")); # 11 + &movz ($acc,&BP(-128,$tbl,$acc,1)); # 11 + &shl ($acc,24); # 11 + &or ("edx",$acc); # 11 + &shr ("ebx",16); # 13,12 + + &pshufw ("mm6","mm4",0x03); # 9, 8,15,14 + &movz ($acc,&HB("eax")); # 7 + &movz ($acc,&BP(-128,$tbl,$acc,1)); # 7 + &shl ($acc,24); # 7 + &or ("ecx",$acc); # 7 + &movz ($acc,&HB("ebx")); # 13 + &movz ($acc,&BP(-128,$tbl,$acc,1)); # 13 + &shl ($acc,8); # 13 + &or ("ecx",$acc); # 13 + &movd ("mm0","ecx"); # t[0] collected + + &movz ($acc,&LB("eax")); # 6 + &movd ("eax","mm2"); # 3, 2, 5, 4 + &movz ("ecx",&BP(-128,$tbl,$acc,1)); # 6 + &shl ("ecx",16); # 6 + &movz ($acc,&LB("ebx")); # 12 + &movd ("ebx","mm6"); # 9, 8,15,14 + &movz ($acc,&BP(-128,$tbl,$acc,1)); # 12 + &or ("ecx",$acc); # 12 + + &movz ($acc,&LB("eax")); # 4 + &movz ($acc,&BP(-128,$tbl,$acc,1)); # 4 + &or ("edx",$acc); # 4 + &movz ($acc,&LB("ebx")); # 14 + &movz ($acc,&BP(-128,$tbl,$acc,1)); # 14 + &shl ($acc,16); # 14 + &or ("edx",$acc); # 14 + &movd ("mm1","edx"); # t[1] collected + + &movz ($acc,&HB("eax")); # 5 + &movz ("edx",&BP(-128,$tbl,$acc,1)); # 5 + &shl ("edx",8); # 5 + &movz ($acc,&HB("ebx")); # 15 + &shr ("eax",16); # 3, 2 + &movz ($acc,&BP(-128,$tbl,$acc,1)); # 15 + &shl ($acc,24); # 15 + &or ("edx",$acc); # 15 + &shr ("ebx",16); # 9, 8 + + &punpckldq ("mm0","mm1"); # t[0,1] collected + + &movz ($acc,&HB("ebx")); # 9 + &movz ($acc,&BP(-128,$tbl,$acc,1)); # 9 + &shl ($acc,8); # 9 + &or ("ecx",$acc); # 9 + &and ("ebx",0xff); # 8 + &movz ("ebx",&BP(-128,$tbl,"ebx",1)); # 8 + &or ("edx","ebx"); # 8 + &movz ($acc,&LB("eax")); # 2 + &movz ($acc,&BP(-128,$tbl,$acc,1)); # 2 + &shl ($acc,16); # 2 + &or ("edx",$acc); # 2 + &movd ("mm4","edx"); # t[2] collected + &movz ("eax",&HB("eax")); # 3 + &movz ("eax",&BP(-128,$tbl,"eax",1)); # 3 + &shl ("eax",24); # 3 + &or ("ecx","eax"); # 3 + &movd ("mm5","ecx"); # t[3] collected + + &punpckldq ("mm4","mm5"); # t[2,3] collected +} + + if (!$x86only) { +&function_begin_B("_sse_AES_decrypt_compact"); + &pxor ("mm0",&QWP(0,$key)); # 7, 6, 5, 4, 3, 2, 1, 0 + &pxor ("mm4",&QWP(8,$key)); # 15,14,13,12,11,10, 9, 8 + + # note that caller is expected to allocate stack frame for me! + &mov ($acc,&DWP(240,$key)); # load key->rounds + &lea ($acc,&DWP(-2,$acc,$acc)); + &lea ($acc,&DWP(0,$key,$acc,8)); + &mov ($__end,$acc); # end of key schedule + + &mov ($s0,0x1b1b1b1b); # magic constant + &mov (&DWP(8,"esp"),$s0); + &mov (&DWP(12,"esp"),$s0); + + # prefetch Td4 + &mov ($s0,&DWP(0-128,$tbl)); + &mov ($s1,&DWP(32-128,$tbl)); + &mov ($s2,&DWP(64-128,$tbl)); + &mov ($s3,&DWP(96-128,$tbl)); + &mov ($s0,&DWP(128-128,$tbl)); + &mov ($s1,&DWP(160-128,$tbl)); + &mov ($s2,&DWP(192-128,$tbl)); + &mov ($s3,&DWP(224-128,$tbl)); + + &set_label("loop",16); + &sse_deccompact(); + &add ($key,16); + &cmp ($key,$__end); + &ja (&label("out")); + + # ROTATE(x^y,N) == ROTATE(x,N)^ROTATE(y,N) + &movq ("mm3","mm0"); &movq ("mm7","mm4"); + &movq ("mm2","mm0",1); &movq ("mm6","mm4",1); + &movq ("mm1","mm0"); &movq ("mm5","mm4"); + &pshufw ("mm0","mm0",0xb1); &pshufw ("mm4","mm4",0xb1);# = ROTATE(tp0,16) + &pslld ("mm2",8); &pslld ("mm6",8); + &psrld ("mm3",8); &psrld ("mm7",8); + &pxor ("mm0","mm2"); &pxor ("mm4","mm6"); # ^= tp0<<8 + &pxor ("mm0","mm3"); &pxor ("mm4","mm7"); # ^= tp0>>8 + &pslld ("mm2",16); &pslld ("mm6",16); + &psrld ("mm3",16); &psrld ("mm7",16); + &pxor ("mm0","mm2"); &pxor ("mm4","mm6"); # ^= tp0<<24 + &pxor ("mm0","mm3"); &pxor ("mm4","mm7"); # ^= tp0>>24 + + &movq ("mm3",&QWP(8,"esp")); + &pxor ("mm2","mm2"); &pxor ("mm6","mm6"); + &pcmpgtb("mm2","mm1"); &pcmpgtb("mm6","mm5"); + &pand ("mm2","mm3"); &pand ("mm6","mm3"); + &paddb ("mm1","mm1"); &paddb ("mm5","mm5"); + &pxor ("mm1","mm2"); &pxor ("mm5","mm6"); # tp2 + &movq ("mm3","mm1"); &movq ("mm7","mm5"); + &movq ("mm2","mm1"); &movq ("mm6","mm5"); + &pxor ("mm0","mm1"); &pxor ("mm4","mm5"); # ^= tp2 + &pslld ("mm3",24); &pslld ("mm7",24); + &psrld ("mm2",8); &psrld ("mm6",8); + &pxor ("mm0","mm3"); &pxor ("mm4","mm7"); # ^= tp2<<24 + &pxor ("mm0","mm2"); &pxor ("mm4","mm6"); # ^= tp2>>8 + + &movq ("mm2",&QWP(8,"esp")); + &pxor ("mm3","mm3"); &pxor ("mm7","mm7"); + &pcmpgtb("mm3","mm1"); &pcmpgtb("mm7","mm5"); + &pand ("mm3","mm2"); &pand ("mm7","mm2"); + &paddb ("mm1","mm1"); &paddb ("mm5","mm5"); + &pxor ("mm1","mm3"); &pxor ("mm5","mm7"); # tp4 + &pshufw ("mm3","mm1",0xb1); &pshufw ("mm7","mm5",0xb1); + &pxor ("mm0","mm1"); &pxor ("mm4","mm5"); # ^= tp4 + &pxor ("mm0","mm3"); &pxor ("mm4","mm7"); # ^= ROTATE(tp4,16) + + &pxor ("mm3","mm3"); &pxor ("mm7","mm7"); + &pcmpgtb("mm3","mm1"); &pcmpgtb("mm7","mm5"); + &pand ("mm3","mm2"); &pand ("mm7","mm2"); + &paddb ("mm1","mm1"); &paddb ("mm5","mm5"); + &pxor ("mm1","mm3"); &pxor ("mm5","mm7"); # tp8 + &pxor ("mm0","mm1"); &pxor ("mm4","mm5"); # ^= tp8 + &movq ("mm3","mm1"); &movq ("mm7","mm5"); + &pshufw ("mm2","mm1",0xb1); &pshufw ("mm6","mm5",0xb1); + &pxor ("mm0","mm2"); &pxor ("mm4","mm6"); # ^= ROTATE(tp8,16) + &pslld ("mm1",8); &pslld ("mm5",8); + &psrld ("mm3",8); &psrld ("mm7",8); + &movq ("mm2",&QWP(0,$key)); &movq ("mm6",&QWP(8,$key)); + &pxor ("mm0","mm1"); &pxor ("mm4","mm5"); # ^= tp8<<8 + &pxor ("mm0","mm3"); &pxor ("mm4","mm7"); # ^= tp8>>8 + &mov ($s0,&DWP(0-128,$tbl)); + &pslld ("mm1",16); &pslld ("mm5",16); + &mov ($s1,&DWP(64-128,$tbl)); + &psrld ("mm3",16); &psrld ("mm7",16); + &mov ($s2,&DWP(128-128,$tbl)); + &pxor ("mm0","mm1"); &pxor ("mm4","mm5"); # ^= tp8<<24 + &mov ($s3,&DWP(192-128,$tbl)); + &pxor ("mm0","mm3"); &pxor ("mm4","mm7"); # ^= tp8>>24 + + &pxor ("mm0","mm2"); &pxor ("mm4","mm6"); + &jmp (&label("loop")); + + &set_label("out",16); + &pxor ("mm0",&QWP(0,$key)); + &pxor ("mm4",&QWP(8,$key)); + + &ret (); +&function_end_B("_sse_AES_decrypt_compact"); + } + +###################################################################### +# Vanilla block function. +###################################################################### + +sub decstep() +{ my ($i,$td,@s) = @_; + my $tmp = $key; + my $out = $i==3?$s[0]:$acc; + + # no instructions are reordered, as performance appears + # optimal... or rather that all attempts to reorder didn't + # result in better performance [which by the way is not a + # bit lower than ecryption]. + if($i==3) { &mov ($key,$__key); } + else { &mov ($out,$s[0]); } + &and ($out,0xFF); + &mov ($out,&DWP(0,$td,$out,8)); + + if ($i==3) { $tmp=$s[1]; } + &movz ($tmp,&HB($s[1])); + &xor ($out,&DWP(3,$td,$tmp,8)); + + if ($i==3) { $tmp=$s[2]; &mov ($s[1],$acc); } + else { &mov ($tmp,$s[2]); } + &shr ($tmp,16); + &and ($tmp,0xFF); + &xor ($out,&DWP(2,$td,$tmp,8)); + + if ($i==3) { $tmp=$s[3]; &mov ($s[2],$__s1); } + else { &mov ($tmp,$s[3]); } + &shr ($tmp,24); + &xor ($out,&DWP(1,$td,$tmp,8)); + if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); } + if ($i==3) { &mov ($s[3],$__s0); } + &comment(); +} + +sub declast() +{ my ($i,$td,@s)=@_; + my $tmp = $key; + my $out = $i==3?$s[0]:$acc; + + if($i==0) { &lea ($td,&DWP(2048+128,$td)); + &mov ($tmp,&DWP(0-128,$td)); + &mov ($acc,&DWP(32-128,$td)); + &mov ($tmp,&DWP(64-128,$td)); + &mov ($acc,&DWP(96-128,$td)); + &mov ($tmp,&DWP(128-128,$td)); + &mov ($acc,&DWP(160-128,$td)); + &mov ($tmp,&DWP(192-128,$td)); + &mov ($acc,&DWP(224-128,$td)); + &lea ($td,&DWP(-128,$td)); } + if($i==3) { &mov ($key,$__key); } + else { &mov ($out,$s[0]); } + &and ($out,0xFF); + &movz ($out,&BP(0,$td,$out,1)); + + if ($i==3) { $tmp=$s[1]; } + &movz ($tmp,&HB($s[1])); + &movz ($tmp,&BP(0,$td,$tmp,1)); + &shl ($tmp,8); + &xor ($out,$tmp); + + if ($i==3) { $tmp=$s[2]; &mov ($s[1],$acc); } + else { mov ($tmp,$s[2]); } + &shr ($tmp,16); + &and ($tmp,0xFF); + &movz ($tmp,&BP(0,$td,$tmp,1)); + &shl ($tmp,16); + &xor ($out,$tmp); + + if ($i==3) { $tmp=$s[3]; &mov ($s[2],$__s1); } + else { &mov ($tmp,$s[3]); } + &shr ($tmp,24); + &movz ($tmp,&BP(0,$td,$tmp,1)); + &shl ($tmp,24); + &xor ($out,$tmp); + if ($i<2) { &mov (&DWP(4+4*$i,"esp"),$out); } + if ($i==3) { &mov ($s[3],$__s0); + &lea ($td,&DWP(-2048,$td)); } +} + +&function_begin_B("_x86_AES_decrypt"); + # note that caller is expected to allocate stack frame for me! + &mov ($__key,$key); # save key + + &xor ($s0,&DWP(0,$key)); # xor with key + &xor ($s1,&DWP(4,$key)); + &xor ($s2,&DWP(8,$key)); + &xor ($s3,&DWP(12,$key)); + + &mov ($acc,&DWP(240,$key)); # load key->rounds + + if ($small_footprint) { + &lea ($acc,&DWP(-2,$acc,$acc)); + &lea ($acc,&DWP(0,$key,$acc,8)); + &mov ($__end,$acc); # end of key schedule + &set_label("loop",16); + &decstep(0,$tbl,$s0,$s3,$s2,$s1); + &decstep(1,$tbl,$s1,$s0,$s3,$s2); + &decstep(2,$tbl,$s2,$s1,$s0,$s3); + &decstep(3,$tbl,$s3,$s2,$s1,$s0); + &add ($key,16); # advance rd_key + &xor ($s0,&DWP(0,$key)); + &xor ($s1,&DWP(4,$key)); + &xor ($s2,&DWP(8,$key)); + &xor ($s3,&DWP(12,$key)); + &cmp ($key,$__end); + &mov ($__key,$key); + &jb (&label("loop")); + } + else { + &cmp ($acc,10); + &jle (&label("10rounds")); + &cmp ($acc,12); + &jle (&label("12rounds")); + + &set_label("14rounds",4); + for ($i=1;$i<3;$i++) { + &decstep(0,$tbl,$s0,$s3,$s2,$s1); + &decstep(1,$tbl,$s1,$s0,$s3,$s2); + &decstep(2,$tbl,$s2,$s1,$s0,$s3); + &decstep(3,$tbl,$s3,$s2,$s1,$s0); + &xor ($s0,&DWP(16*$i+0,$key)); + &xor ($s1,&DWP(16*$i+4,$key)); + &xor ($s2,&DWP(16*$i+8,$key)); + &xor ($s3,&DWP(16*$i+12,$key)); + } + &add ($key,32); + &mov ($__key,$key); # advance rd_key + &set_label("12rounds",4); + for ($i=1;$i<3;$i++) { + &decstep(0,$tbl,$s0,$s3,$s2,$s1); + &decstep(1,$tbl,$s1,$s0,$s3,$s2); + &decstep(2,$tbl,$s2,$s1,$s0,$s3); + &decstep(3,$tbl,$s3,$s2,$s1,$s0); + &xor ($s0,&DWP(16*$i+0,$key)); + &xor ($s1,&DWP(16*$i+4,$key)); + &xor ($s2,&DWP(16*$i+8,$key)); + &xor ($s3,&DWP(16*$i+12,$key)); + } + &add ($key,32); + &mov ($__key,$key); # advance rd_key + &set_label("10rounds",4); + for ($i=1;$i<10;$i++) { + &decstep(0,$tbl,$s0,$s3,$s2,$s1); + &decstep(1,$tbl,$s1,$s0,$s3,$s2); + &decstep(2,$tbl,$s2,$s1,$s0,$s3); + &decstep(3,$tbl,$s3,$s2,$s1,$s0); + &xor ($s0,&DWP(16*$i+0,$key)); + &xor ($s1,&DWP(16*$i+4,$key)); + &xor ($s2,&DWP(16*$i+8,$key)); + &xor ($s3,&DWP(16*$i+12,$key)); + } + } + + &declast(0,$tbl,$s0,$s3,$s2,$s1); + &declast(1,$tbl,$s1,$s0,$s3,$s2); + &declast(2,$tbl,$s2,$s1,$s0,$s3); + &declast(3,$tbl,$s3,$s2,$s1,$s0); + + &add ($key,$small_footprint?16:160); + &xor ($s0,&DWP(0,$key)); + &xor ($s1,&DWP(4,$key)); + &xor ($s2,&DWP(8,$key)); + &xor ($s3,&DWP(12,$key)); + + &ret (); + +&set_label("AES_Td",64); # Yes! I keep it in the code segment! + &_data_word(0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a); + &_data_word(0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b); + &_data_word(0x55fa3020, 0xf66d76ad, 0x9176cc88, 0x254c02f5); + &_data_word(0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 0x8fa362b5); + &_data_word(0x495ab1de, 0x671bba25, 0x980eea45, 0xe1c0fe5d); + &_data_word(0x02752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b); + &_data_word(0xe75f8f03, 0x959c9215, 0xeb7a6dbf, 0xda595295); + &_data_word(0x2d83bed4, 0xd3217458, 0x2969e049, 0x44c8c98e); + &_data_word(0x6a89c275, 0x78798ef4, 0x6b3e5899, 0xdd71b927); + &_data_word(0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d); + &_data_word(0x184adf63, 0x82311ae5, 0x60335197, 0x457f5362); + &_data_word(0xe07764b1, 0x84ae6bbb, 0x1ca081fe, 0x942b08f9); + &_data_word(0x58684870, 0x19fd458f, 0x876cde94, 0xb7f87b52); + &_data_word(0x23d373ab, 0xe2024b72, 0x578f1fe3, 0x2aab5566); + &_data_word(0x0728ebb2, 0x03c2b52f, 0x9a7bc586, 0xa50837d3); + &_data_word(0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed); + &_data_word(0x2b1ccf8a, 0x92b479a7, 0xf0f207f3, 0xa1e2694e); + &_data_word(0xcdf4da65, 0xd5be0506, 0x1f6234d1, 0x8afea6c4); + &_data_word(0x9d532e34, 0xa055f3a2, 0x32e18a05, 0x75ebf6a4); + &_data_word(0x39ec830b, 0xaaef6040, 0x069f715e, 0x51106ebd); + &_data_word(0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d); + &_data_word(0xb58d5491, 0x055dc471, 0x6fd40604, 0xff155060); + &_data_word(0x24fb9819, 0x97e9bdd6, 0xcc434089, 0x779ed967); + &_data_word(0xbd42e8b0, 0x888b8907, 0x385b19e7, 0xdbeec879); + &_data_word(0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x00000000); + &_data_word(0x83868009, 0x48ed2b32, 0xac70111e, 0x4e725a6c); + &_data_word(0xfbff0efd, 0x5638850f, 0x1ed5ae3d, 0x27392d36); + &_data_word(0x64d90f0a, 0x21a65c68, 0xd1545b9b, 0x3a2e3624); + &_data_word(0xb1670a0c, 0x0fe75793, 0xd296eeb4, 0x9e919b1b); + &_data_word(0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c); + &_data_word(0x0aba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12); + &_data_word(0x0b0d090e, 0xadc78bf2, 0xb9a8b62d, 0xc8a91e14); + &_data_word(0x8519f157, 0x4c0775af, 0xbbdd99ee, 0xfd607fa3); + &_data_word(0x9f2601f7, 0xbcf5725c, 0xc53b6644, 0x347efb5b); + &_data_word(0x7629438b, 0xdcc623cb, 0x68fcedb6, 0x63f1e4b8); + &_data_word(0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684); + &_data_word(0x7d244a85, 0xf83dbbd2, 0x1132f9ae, 0x6da129c7); + &_data_word(0x4b2f9e1d, 0xf330b2dc, 0xec52860d, 0xd0e3c177); + &_data_word(0x6c16b32b, 0x99b970a9, 0xfa489411, 0x2264e947); + &_data_word(0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322); + &_data_word(0xc74e4987, 0xc1d138d9, 0xfea2ca8c, 0x360bd498); + &_data_word(0xcf81f5a6, 0x28de7aa5, 0x268eb7da, 0xa4bfad3f); + &_data_word(0xe49d3a2c, 0x0d927850, 0x9bcc5f6a, 0x62467e54); + &_data_word(0xc2138df6, 0xe8b8d890, 0x5ef7392e, 0xf5afc382); + &_data_word(0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf); + &_data_word(0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb); + &_data_word(0x097826cd, 0xf418596e, 0x01b79aec, 0xa89a4f83); + &_data_word(0x656e95e6, 0x7ee6ffaa, 0x08cfbc21, 0xe6e815ef); + &_data_word(0xd99be7ba, 0xce366f4a, 0xd4099fea, 0xd67cb029); + &_data_word(0xafb2a431, 0x31233f2a, 0x3094a5c6, 0xc066a235); + &_data_word(0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733); + &_data_word(0x4a9804f1, 0xf7daec41, 0x0e50cd7f, 0x2ff69117); + &_data_word(0x8dd64d76, 0x4db0ef43, 0x544daacc, 0xdf0496e4); + &_data_word(0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 0x7f516546); + &_data_word(0x04ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb); + &_data_word(0x5a1d67b3, 0x52d2db92, 0x335610e9, 0x1347d66d); + &_data_word(0x8c61d79a, 0x7a0ca137, 0x8e14f859, 0x893c13eb); + &_data_word(0xee27a9ce, 0x35c961b7, 0xede51ce1, 0x3cb1477a); + &_data_word(0x59dfd29c, 0x3f73f255, 0x79ce1418, 0xbf37c773); + &_data_word(0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478); + &_data_word(0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2); + &_data_word(0x72c31d16, 0x0c25e2bc, 0x8b493c28, 0x41950dff); + &_data_word(0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664); + &_data_word(0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0); + +#Td4: # four copies of Td4 to choose from to avoid L1 aliasing + &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38); + &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb); + &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87); + &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb); + &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d); + &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e); + &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2); + &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25); + &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16); + &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92); + &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda); + &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84); + &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a); + &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06); + &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02); + &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b); + &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea); + &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73); + &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85); + &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e); + &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89); + &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b); + &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20); + &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4); + &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31); + &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f); + &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d); + &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef); + &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0); + &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61); + &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26); + &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d); + + &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38); + &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb); + &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87); + &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb); + &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d); + &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e); + &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2); + &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25); + &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16); + &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92); + &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda); + &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84); + &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a); + &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06); + &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02); + &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b); + &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea); + &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73); + &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85); + &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e); + &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89); + &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b); + &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20); + &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4); + &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31); + &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f); + &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d); + &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef); + &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0); + &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61); + &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26); + &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d); + + &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38); + &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb); + &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87); + &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb); + &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d); + &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e); + &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2); + &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25); + &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16); + &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92); + &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda); + &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84); + &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a); + &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06); + &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02); + &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b); + &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea); + &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73); + &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85); + &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e); + &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89); + &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b); + &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20); + &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4); + &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31); + &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f); + &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d); + &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef); + &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0); + &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61); + &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26); + &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d); + + &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38); + &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb); + &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87); + &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb); + &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d); + &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e); + &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2); + &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25); + &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16); + &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92); + &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda); + &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84); + &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a); + &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06); + &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02); + &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b); + &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea); + &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73); + &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85); + &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e); + &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89); + &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b); + &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20); + &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4); + &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31); + &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f); + &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d); + &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef); + &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0); + &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61); + &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26); + &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d); +&function_end_B("_x86_AES_decrypt"); + +# void AES_decrypt (const void *inp,void *out,const AES_KEY *key); +&function_begin("AES_decrypt"); + &mov ($acc,&wparam(0)); # load inp + &mov ($key,&wparam(2)); # load key + + &mov ($s0,"esp"); + &sub ("esp",36); + &and ("esp",-64); # align to cache-line + + # place stack frame just "above" the key schedule + &lea ($s1,&DWP(-64-63,$key)); + &sub ($s1,"esp"); + &neg ($s1); + &and ($s1,0x3C0); # modulo 1024, but aligned to cache-line + &sub ("esp",$s1); + &add ("esp",4); # 4 is reserved for caller's return address + &mov ($_esp,$s0); # save stack pointer + + &call (&label("pic_point")); # make it PIC! + &set_label("pic_point"); + &blindpop($tbl); + &picmeup($s0,"OPENSSL_ia32cap_P",$tbl,&label("pic_point")) if(!$x86only); + &lea ($tbl,&DWP(&label("AES_Td")."-".&label("pic_point"),$tbl)); + + # pick Td4 copy which can't "overlap" with stack frame or key schedule + &lea ($s1,&DWP(768-4,"esp")); + &sub ($s1,$tbl); + &and ($s1,0x300); + &lea ($tbl,&DWP(2048+128,$tbl,$s1)); + + if (!$x86only) { + &bt (&DWP(0,$s0),"\$IA32CAP_BIT0_SSE"); # check for SSE bit + &jnc (&label("x86")); + + &movq ("mm0",&QWP(0,$acc)); + &movq ("mm4",&QWP(8,$acc)); + &call ("_sse_AES_decrypt_compact"); + &mov ("esp",$_esp); # restore stack pointer + &mov ($acc,&wparam(1)); # load out + &movq (&QWP(0,$acc),"mm0"); # write output data + &movq (&QWP(8,$acc),"mm4"); + &emms (); + &function_end_A(); + } + &set_label("x86",16); + &mov ($_tbl,$tbl); + &mov ($s0,&DWP(0,$acc)); # load input data + &mov ($s1,&DWP(4,$acc)); + &mov ($s2,&DWP(8,$acc)); + &mov ($s3,&DWP(12,$acc)); + &call ("_x86_AES_decrypt_compact"); + &mov ("esp",$_esp); # restore stack pointer + &mov ($acc,&wparam(1)); # load out + &mov (&DWP(0,$acc),$s0); # write output data + &mov (&DWP(4,$acc),$s1); + &mov (&DWP(8,$acc),$s2); + &mov (&DWP(12,$acc),$s3); +&function_end("AES_decrypt"); + +# void AES_cbc_encrypt (const void char *inp, unsigned char *out, +# size_t length, const AES_KEY *key, +# unsigned char *ivp,const int enc); +{ +# stack frame layout +# -4(%esp) # return address 0(%esp) +# 0(%esp) # s0 backing store 4(%esp) +# 4(%esp) # s1 backing store 8(%esp) +# 8(%esp) # s2 backing store 12(%esp) +# 12(%esp) # s3 backing store 16(%esp) +# 16(%esp) # key backup 20(%esp) +# 20(%esp) # end of key schedule 24(%esp) +# 24(%esp) # %ebp backup 28(%esp) +# 28(%esp) # %esp backup +my $_inp=&DWP(32,"esp"); # copy of wparam(0) +my $_out=&DWP(36,"esp"); # copy of wparam(1) +my $_len=&DWP(40,"esp"); # copy of wparam(2) +my $_key=&DWP(44,"esp"); # copy of wparam(3) +my $_ivp=&DWP(48,"esp"); # copy of wparam(4) +my $_tmp=&DWP(52,"esp"); # volatile variable +# +my $ivec=&DWP(60,"esp"); # ivec[16] +my $aes_key=&DWP(76,"esp"); # copy of aes_key +my $mark=&DWP(76+240,"esp"); # copy of aes_key->rounds + +&function_begin("AES_cbc_encrypt"); + &mov ($s2 eq "ecx"? $s2 : "",&wparam(2)); # load len + &cmp ($s2,0); + &je (&label("drop_out")); + + &call (&label("pic_point")); # make it PIC! + &set_label("pic_point"); + &blindpop($tbl); + &picmeup($s0,"OPENSSL_ia32cap_P",$tbl,&label("pic_point")) if(!$x86only); + + &cmp (&wparam(5),0); + &lea ($tbl,&DWP(&label("AES_Te")."-".&label("pic_point"),$tbl)); + &jne (&label("picked_te")); + &lea ($tbl,&DWP(&label("AES_Td")."-".&label("AES_Te"),$tbl)); + &set_label("picked_te"); + + # one can argue if this is required + &pushf (); + &cld (); + + &cmp ($s2,$speed_limit); + &jb (&label("slow_way")); + &test ($s2,15); + &jnz (&label("slow_way")); + if (!$x86only) { + &bt (&DWP(0,$s0),"\$IA32CAP_BIT0_HT"); # check for hyper-threading bit + &jc (&label("slow_way")); + } + # pre-allocate aligned stack frame... + &lea ($acc,&DWP(-80-244,"esp")); + &and ($acc,-64); + + # ... and make sure it doesn't alias with $tbl modulo 4096 + &mov ($s0,$tbl); + &lea ($s1,&DWP(2048+256,$tbl)); + &mov ($s3,$acc); + &and ($s0,0xfff); # s = %ebp&0xfff + &and ($s1,0xfff); # e = (%ebp+2048+256)&0xfff + &and ($s3,0xfff); # p = %esp&0xfff + + &cmp ($s3,$s1); # if (p>=e) %esp =- (p-e); + &jb (&label("tbl_break_out")); + &sub ($s3,$s1); + &sub ($acc,$s3); + &jmp (&label("tbl_ok")); + &set_label("tbl_break_out",4); # else %esp -= (p-s)&0xfff + framesz; + &sub ($s3,$s0); + &and ($s3,0xfff); + &add ($s3,384); + &sub ($acc,$s3); + &set_label("tbl_ok",4); + + &lea ($s3,&wparam(0)); # obtain pointer to parameter block + &exch ("esp",$acc); # allocate stack frame + &add ("esp",4); # reserve for return address! + &mov ($_tbl,$tbl); # save %ebp + &mov ($_esp,$acc); # save %esp + + &mov ($s0,&DWP(0,$s3)); # load inp + &mov ($s1,&DWP(4,$s3)); # load out + #&mov ($s2,&DWP(8,$s3)); # load len + &mov ($key,&DWP(12,$s3)); # load key + &mov ($acc,&DWP(16,$s3)); # load ivp + &mov ($s3,&DWP(20,$s3)); # load enc flag + + &mov ($_inp,$s0); # save copy of inp + &mov ($_out,$s1); # save copy of out + &mov ($_len,$s2); # save copy of len + &mov ($_key,$key); # save copy of key + &mov ($_ivp,$acc); # save copy of ivp + + &mov ($mark,0); # copy of aes_key->rounds = 0; + # do we copy key schedule to stack? + &mov ($s1 eq "ebx" ? $s1 : "",$key); + &mov ($s2 eq "ecx" ? $s2 : "",244/4); + &sub ($s1,$tbl); + &mov ("esi",$key); + &and ($s1,0xfff); + &lea ("edi",$aes_key); + &cmp ($s1,2048+256); + &jb (&label("do_copy")); + &cmp ($s1,4096-244); + &jb (&label("skip_copy")); + &set_label("do_copy",4); + &mov ($_key,"edi"); + &data_word(0xA5F3F689); # rep movsd + &set_label("skip_copy"); + + &mov ($key,16); + &set_label("prefetch_tbl",4); + &mov ($s0,&DWP(0,$tbl)); + &mov ($s1,&DWP(32,$tbl)); + &mov ($s2,&DWP(64,$tbl)); + &mov ($acc,&DWP(96,$tbl)); + &lea ($tbl,&DWP(128,$tbl)); + &sub ($key,1); + &jnz (&label("prefetch_tbl")); + &sub ($tbl,2048); + + &mov ($acc,$_inp); + &mov ($key,$_ivp); + + &cmp ($s3,0); + &je (&label("fast_decrypt")); + +#----------------------------- ENCRYPT -----------------------------# + &mov ($s0,&DWP(0,$key)); # load iv + &mov ($s1,&DWP(4,$key)); + + &set_label("fast_enc_loop",16); + &mov ($s2,&DWP(8,$key)); + &mov ($s3,&DWP(12,$key)); + + &xor ($s0,&DWP(0,$acc)); # xor input data + &xor ($s1,&DWP(4,$acc)); + &xor ($s2,&DWP(8,$acc)); + &xor ($s3,&DWP(12,$acc)); + + &mov ($key,$_key); # load key + &call ("_x86_AES_encrypt"); + + &mov ($acc,$_inp); # load inp + &mov ($key,$_out); # load out + + &mov (&DWP(0,$key),$s0); # save output data + &mov (&DWP(4,$key),$s1); + &mov (&DWP(8,$key),$s2); + &mov (&DWP(12,$key),$s3); + + &lea ($acc,&DWP(16,$acc)); # advance inp + &mov ($s2,$_len); # load len + &mov ($_inp,$acc); # save inp + &lea ($s3,&DWP(16,$key)); # advance out + &mov ($_out,$s3); # save out + &sub ($s2,16); # decrease len + &mov ($_len,$s2); # save len + &jnz (&label("fast_enc_loop")); + &mov ($acc,$_ivp); # load ivp + &mov ($s2,&DWP(8,$key)); # restore last 2 dwords + &mov ($s3,&DWP(12,$key)); + &mov (&DWP(0,$acc),$s0); # save ivec + &mov (&DWP(4,$acc),$s1); + &mov (&DWP(8,$acc),$s2); + &mov (&DWP(12,$acc),$s3); + + &cmp ($mark,0); # was the key schedule copied? + &mov ("edi",$_key); + &je (&label("skip_ezero")); + # zero copy of key schedule + &mov ("ecx",240/4); + &xor ("eax","eax"); + &align (4); + &data_word(0xABF3F689); # rep stosd + &set_label("skip_ezero") + &mov ("esp",$_esp); + &popf (); + &set_label("drop_out"); + &function_end_A(); + &pushf (); # kludge, never executed + +#----------------------------- DECRYPT -----------------------------# +&set_label("fast_decrypt",16); + + &cmp ($acc,$_out); + &je (&label("fast_dec_in_place")); # in-place processing... + + &mov ($_tmp,$key); + + &align (4); + &set_label("fast_dec_loop",16); + &mov ($s0,&DWP(0,$acc)); # read input + &mov ($s1,&DWP(4,$acc)); + &mov ($s2,&DWP(8,$acc)); + &mov ($s3,&DWP(12,$acc)); + + &mov ($key,$_key); # load key + &call ("_x86_AES_decrypt"); + + &mov ($key,$_tmp); # load ivp + &mov ($acc,$_len); # load len + &xor ($s0,&DWP(0,$key)); # xor iv + &xor ($s1,&DWP(4,$key)); + &xor ($s2,&DWP(8,$key)); + &xor ($s3,&DWP(12,$key)); + + &mov ($key,$_out); # load out + &mov ($acc,$_inp); # load inp + + &mov (&DWP(0,$key),$s0); # write output + &mov (&DWP(4,$key),$s1); + &mov (&DWP(8,$key),$s2); + &mov (&DWP(12,$key),$s3); + + &mov ($s2,$_len); # load len + &mov ($_tmp,$acc); # save ivp + &lea ($acc,&DWP(16,$acc)); # advance inp + &mov ($_inp,$acc); # save inp + &lea ($key,&DWP(16,$key)); # advance out + &mov ($_out,$key); # save out + &sub ($s2,16); # decrease len + &mov ($_len,$s2); # save len + &jnz (&label("fast_dec_loop")); + &mov ($key,$_tmp); # load temp ivp + &mov ($acc,$_ivp); # load user ivp + &mov ($s0,&DWP(0,$key)); # load iv + &mov ($s1,&DWP(4,$key)); + &mov ($s2,&DWP(8,$key)); + &mov ($s3,&DWP(12,$key)); + &mov (&DWP(0,$acc),$s0); # copy back to user + &mov (&DWP(4,$acc),$s1); + &mov (&DWP(8,$acc),$s2); + &mov (&DWP(12,$acc),$s3); + &jmp (&label("fast_dec_out")); + + &set_label("fast_dec_in_place",16); + &set_label("fast_dec_in_place_loop"); + &mov ($s0,&DWP(0,$acc)); # read input + &mov ($s1,&DWP(4,$acc)); + &mov ($s2,&DWP(8,$acc)); + &mov ($s3,&DWP(12,$acc)); + + &lea ($key,$ivec); + &mov (&DWP(0,$key),$s0); # copy to temp + &mov (&DWP(4,$key),$s1); + &mov (&DWP(8,$key),$s2); + &mov (&DWP(12,$key),$s3); + + &mov ($key,$_key); # load key + &call ("_x86_AES_decrypt"); + + &mov ($key,$_ivp); # load ivp + &mov ($acc,$_out); # load out + &xor ($s0,&DWP(0,$key)); # xor iv + &xor ($s1,&DWP(4,$key)); + &xor ($s2,&DWP(8,$key)); + &xor ($s3,&DWP(12,$key)); + + &mov (&DWP(0,$acc),$s0); # write output + &mov (&DWP(4,$acc),$s1); + &mov (&DWP(8,$acc),$s2); + &mov (&DWP(12,$acc),$s3); + + &lea ($acc,&DWP(16,$acc)); # advance out + &mov ($_out,$acc); # save out + + &lea ($acc,$ivec); + &mov ($s0,&DWP(0,$acc)); # read temp + &mov ($s1,&DWP(4,$acc)); + &mov ($s2,&DWP(8,$acc)); + &mov ($s3,&DWP(12,$acc)); + + &mov (&DWP(0,$key),$s0); # copy iv + &mov (&DWP(4,$key),$s1); + &mov (&DWP(8,$key),$s2); + &mov (&DWP(12,$key),$s3); + + &mov ($acc,$_inp); # load inp + &mov ($s2,$_len); # load len + &lea ($acc,&DWP(16,$acc)); # advance inp + &mov ($_inp,$acc); # save inp + &sub ($s2,16); # decrease len + &mov ($_len,$s2); # save len + &jnz (&label("fast_dec_in_place_loop")); + + &set_label("fast_dec_out",4); + &cmp ($mark,0); # was the key schedule copied? + &mov ("edi",$_key); + &je (&label("skip_dzero")); + # zero copy of key schedule + &mov ("ecx",240/4); + &xor ("eax","eax"); + &align (4); + &data_word(0xABF3F689); # rep stosd + &set_label("skip_dzero") + &mov ("esp",$_esp); + &popf (); + &function_end_A(); + &pushf (); # kludge, never executed + +#--------------------------- SLOW ROUTINE ---------------------------# +&set_label("slow_way",16); + + &mov ($s0,&DWP(0,$s0)) if (!$x86only);# load OPENSSL_ia32cap + &mov ($key,&wparam(3)); # load key + + # pre-allocate aligned stack frame... + &lea ($acc,&DWP(-80,"esp")); + &and ($acc,-64); + + # ... and make sure it doesn't alias with $key modulo 1024 + &lea ($s1,&DWP(-80-63,$key)); + &sub ($s1,$acc); + &neg ($s1); + &and ($s1,0x3C0); # modulo 1024, but aligned to cache-line + &sub ($acc,$s1); + + # pick S-box copy which can't overlap with stack frame or $key + &lea ($s1,&DWP(768,$acc)); + &sub ($s1,$tbl); + &and ($s1,0x300); + &lea ($tbl,&DWP(2048+128,$tbl,$s1)); + + &lea ($s3,&wparam(0)); # pointer to parameter block + + &exch ("esp",$acc); + &add ("esp",4); # reserve for return address! + &mov ($_tbl,$tbl); # save %ebp + &mov ($_esp,$acc); # save %esp + &mov ($_tmp,$s0); # save OPENSSL_ia32cap + + &mov ($s0,&DWP(0,$s3)); # load inp + &mov ($s1,&DWP(4,$s3)); # load out + #&mov ($s2,&DWP(8,$s3)); # load len + #&mov ($key,&DWP(12,$s3)); # load key + &mov ($acc,&DWP(16,$s3)); # load ivp + &mov ($s3,&DWP(20,$s3)); # load enc flag + + &mov ($_inp,$s0); # save copy of inp + &mov ($_out,$s1); # save copy of out + &mov ($_len,$s2); # save copy of len + &mov ($_key,$key); # save copy of key + &mov ($_ivp,$acc); # save copy of ivp + + &mov ($key,$acc); + &mov ($acc,$s0); + + &cmp ($s3,0); + &je (&label("slow_decrypt")); + +#--------------------------- SLOW ENCRYPT ---------------------------# + &cmp ($s2,16); + &mov ($s3,$s1); + &jb (&label("slow_enc_tail")); + + if (!$x86only) { + &bt ($_tmp,"\$IA32CAP_BIT0_SSE"); # check for SSE bit + &jnc (&label("slow_enc_x86")); + + &movq ("mm0",&QWP(0,$key)); # load iv + &movq ("mm4",&QWP(8,$key)); + + &set_label("slow_enc_loop_sse",16); + &pxor ("mm0",&QWP(0,$acc)); # xor input data + &pxor ("mm4",&QWP(8,$acc)); + + &mov ($key,$_key); + &call ("_sse_AES_encrypt_compact"); + + &mov ($acc,$_inp); # load inp + &mov ($key,$_out); # load out + &mov ($s2,$_len); # load len + + &movq (&QWP(0,$key),"mm0"); # save output data + &movq (&QWP(8,$key),"mm4"); + + &lea ($acc,&DWP(16,$acc)); # advance inp + &mov ($_inp,$acc); # save inp + &lea ($s3,&DWP(16,$key)); # advance out + &mov ($_out,$s3); # save out + &sub ($s2,16); # decrease len + &cmp ($s2,16); + &mov ($_len,$s2); # save len + &jae (&label("slow_enc_loop_sse")); + &test ($s2,15); + &jnz (&label("slow_enc_tail")); + &mov ($acc,$_ivp); # load ivp + &movq (&QWP(0,$acc),"mm0"); # save ivec + &movq (&QWP(8,$acc),"mm4"); + &emms (); + &mov ("esp",$_esp); + &popf (); + &function_end_A(); + &pushf (); # kludge, never executed + } + &set_label("slow_enc_x86",16); + &mov ($s0,&DWP(0,$key)); # load iv + &mov ($s1,&DWP(4,$key)); + + &set_label("slow_enc_loop_x86",4); + &mov ($s2,&DWP(8,$key)); + &mov ($s3,&DWP(12,$key)); + + &xor ($s0,&DWP(0,$acc)); # xor input data + &xor ($s1,&DWP(4,$acc)); + &xor ($s2,&DWP(8,$acc)); + &xor ($s3,&DWP(12,$acc)); + + &mov ($key,$_key); # load key + &call ("_x86_AES_encrypt_compact"); + + &mov ($acc,$_inp); # load inp + &mov ($key,$_out); # load out + + &mov (&DWP(0,$key),$s0); # save output data + &mov (&DWP(4,$key),$s1); + &mov (&DWP(8,$key),$s2); + &mov (&DWP(12,$key),$s3); + + &mov ($s2,$_len); # load len + &lea ($acc,&DWP(16,$acc)); # advance inp + &mov ($_inp,$acc); # save inp + &lea ($s3,&DWP(16,$key)); # advance out + &mov ($_out,$s3); # save out + &sub ($s2,16); # decrease len + &cmp ($s2,16); + &mov ($_len,$s2); # save len + &jae (&label("slow_enc_loop_x86")); + &test ($s2,15); + &jnz (&label("slow_enc_tail")); + &mov ($acc,$_ivp); # load ivp + &mov ($s2,&DWP(8,$key)); # restore last dwords + &mov ($s3,&DWP(12,$key)); + &mov (&DWP(0,$acc),$s0); # save ivec + &mov (&DWP(4,$acc),$s1); + &mov (&DWP(8,$acc),$s2); + &mov (&DWP(12,$acc),$s3); + + &mov ("esp",$_esp); + &popf (); + &function_end_A(); + &pushf (); # kludge, never executed + + &set_label("slow_enc_tail",16); + &emms () if (!$x86only); + &mov ($key eq "edi"? $key:"",$s3); # load out to edi + &mov ($s1,16); + &sub ($s1,$s2); + &cmp ($key,$acc eq "esi"? $acc:""); # compare with inp + &je (&label("enc_in_place")); + &align (4); + &data_word(0xA4F3F689); # rep movsb # copy input + &jmp (&label("enc_skip_in_place")); + &set_label("enc_in_place"); + &lea ($key,&DWP(0,$key,$s2)); + &set_label("enc_skip_in_place"); + &mov ($s2,$s1); + &xor ($s0,$s0); + &align (4); + &data_word(0xAAF3F689); # rep stosb # zero tail + + &mov ($key,$_ivp); # restore ivp + &mov ($acc,$s3); # output as input + &mov ($s0,&DWP(0,$key)); + &mov ($s1,&DWP(4,$key)); + &mov ($_len,16); # len=16 + &jmp (&label("slow_enc_loop_x86")); # one more spin... + +#--------------------------- SLOW DECRYPT ---------------------------# +&set_label("slow_decrypt",16); + if (!$x86only) { + &bt ($_tmp,"\$IA32CAP_BIT0_SSE"); # check for SSE bit + &jnc (&label("slow_dec_loop_x86")); + + &set_label("slow_dec_loop_sse",4); + &movq ("mm0",&QWP(0,$acc)); # read input + &movq ("mm4",&QWP(8,$acc)); + + &mov ($key,$_key); + &call ("_sse_AES_decrypt_compact"); + + &mov ($acc,$_inp); # load inp + &lea ($s0,$ivec); + &mov ($s1,$_out); # load out + &mov ($s2,$_len); # load len + &mov ($key,$_ivp); # load ivp + + &movq ("mm1",&QWP(0,$acc)); # re-read input + &movq ("mm5",&QWP(8,$acc)); + + &pxor ("mm0",&QWP(0,$key)); # xor iv + &pxor ("mm4",&QWP(8,$key)); + + &movq (&QWP(0,$key),"mm1"); # copy input to iv + &movq (&QWP(8,$key),"mm5"); + + &sub ($s2,16); # decrease len + &jc (&label("slow_dec_partial_sse")); + + &movq (&QWP(0,$s1),"mm0"); # write output + &movq (&QWP(8,$s1),"mm4"); + + &lea ($s1,&DWP(16,$s1)); # advance out + &mov ($_out,$s1); # save out + &lea ($acc,&DWP(16,$acc)); # advance inp + &mov ($_inp,$acc); # save inp + &mov ($_len,$s2); # save len + &jnz (&label("slow_dec_loop_sse")); + &emms (); + &mov ("esp",$_esp); + &popf (); + &function_end_A(); + &pushf (); # kludge, never executed + + &set_label("slow_dec_partial_sse",16); + &movq (&QWP(0,$s0),"mm0"); # save output to temp + &movq (&QWP(8,$s0),"mm4"); + &emms (); + + &add ($s2 eq "ecx" ? "ecx":"",16); + &mov ("edi",$s1); # out + &mov ("esi",$s0); # temp + &align (4); + &data_word(0xA4F3F689); # rep movsb # copy partial output + + &mov ("esp",$_esp); + &popf (); + &function_end_A(); + &pushf (); # kludge, never executed + } + &set_label("slow_dec_loop_x86",16); + &mov ($s0,&DWP(0,$acc)); # read input + &mov ($s1,&DWP(4,$acc)); + &mov ($s2,&DWP(8,$acc)); + &mov ($s3,&DWP(12,$acc)); + + &lea ($key,$ivec); + &mov (&DWP(0,$key),$s0); # copy to temp + &mov (&DWP(4,$key),$s1); + &mov (&DWP(8,$key),$s2); + &mov (&DWP(12,$key),$s3); + + &mov ($key,$_key); # load key + &call ("_x86_AES_decrypt_compact"); + + &mov ($key,$_ivp); # load ivp + &mov ($acc,$_len); # load len + &xor ($s0,&DWP(0,$key)); # xor iv + &xor ($s1,&DWP(4,$key)); + &xor ($s2,&DWP(8,$key)); + &xor ($s3,&DWP(12,$key)); + + &sub ($acc,16); + &jc (&label("slow_dec_partial_x86")); + + &mov ($_len,$acc); # save len + &mov ($acc,$_out); # load out + + &mov (&DWP(0,$acc),$s0); # write output + &mov (&DWP(4,$acc),$s1); + &mov (&DWP(8,$acc),$s2); + &mov (&DWP(12,$acc),$s3); + + &lea ($acc,&DWP(16,$acc)); # advance out + &mov ($_out,$acc); # save out + + &lea ($acc,$ivec); + &mov ($s0,&DWP(0,$acc)); # read temp + &mov ($s1,&DWP(4,$acc)); + &mov ($s2,&DWP(8,$acc)); + &mov ($s3,&DWP(12,$acc)); + + &mov (&DWP(0,$key),$s0); # copy it to iv + &mov (&DWP(4,$key),$s1); + &mov (&DWP(8,$key),$s2); + &mov (&DWP(12,$key),$s3); + + &mov ($acc,$_inp); # load inp + &lea ($acc,&DWP(16,$acc)); # advance inp + &mov ($_inp,$acc); # save inp + &jnz (&label("slow_dec_loop_x86")); + &mov ("esp",$_esp); + &popf (); + &function_end_A(); + &pushf (); # kludge, never executed + + &set_label("slow_dec_partial_x86",16); + &lea ($acc,$ivec); + &mov (&DWP(0,$acc),$s0); # save output to temp + &mov (&DWP(4,$acc),$s1); + &mov (&DWP(8,$acc),$s2); + &mov (&DWP(12,$acc),$s3); + + &mov ($acc,$_inp); + &mov ($s0,&DWP(0,$acc)); # re-read input + &mov ($s1,&DWP(4,$acc)); + &mov ($s2,&DWP(8,$acc)); + &mov ($s3,&DWP(12,$acc)); + + &mov (&DWP(0,$key),$s0); # copy it to iv + &mov (&DWP(4,$key),$s1); + &mov (&DWP(8,$key),$s2); + &mov (&DWP(12,$key),$s3); + + &mov ("ecx",$_len); + &mov ("edi",$_out); + &lea ("esi",$ivec); + &align (4); + &data_word(0xA4F3F689); # rep movsb # copy partial output + + &mov ("esp",$_esp); + &popf (); +&function_end("AES_cbc_encrypt"); +} + +#------------------------------------------------------------------# + +sub enckey() +{ + &movz ("esi",&LB("edx")); # rk[i]>>0 + &movz ("ebx",&BP(-128,$tbl,"esi",1)); + &movz ("esi",&HB("edx")); # rk[i]>>8 + &shl ("ebx",24); + &xor ("eax","ebx"); + + &movz ("ebx",&BP(-128,$tbl,"esi",1)); + &shr ("edx",16); + &movz ("esi",&LB("edx")); # rk[i]>>16 + &xor ("eax","ebx"); + + &movz ("ebx",&BP(-128,$tbl,"esi",1)); + &movz ("esi",&HB("edx")); # rk[i]>>24 + &shl ("ebx",8); + &xor ("eax","ebx"); + + &movz ("ebx",&BP(-128,$tbl,"esi",1)); + &shl ("ebx",16); + &xor ("eax","ebx"); + + &xor ("eax",&DWP(1024-128,$tbl,"ecx",4)); # rcon +} + +&function_begin("_x86_AES_set_encrypt_key"); + &mov ("esi",&wparam(1)); # user supplied key + &mov ("edi",&wparam(3)); # private key schedule + + &test ("esi",-1); + &jz (&label("badpointer")); + &test ("edi",-1); + &jz (&label("badpointer")); + + &call (&label("pic_point")); + &set_label("pic_point"); + &blindpop($tbl); + &lea ($tbl,&DWP(&label("AES_Te")."-".&label("pic_point"),$tbl)); + &lea ($tbl,&DWP(2048+128,$tbl)); + + # prefetch Te4 + &mov ("eax",&DWP(0-128,$tbl)); + &mov ("ebx",&DWP(32-128,$tbl)); + &mov ("ecx",&DWP(64-128,$tbl)); + &mov ("edx",&DWP(96-128,$tbl)); + &mov ("eax",&DWP(128-128,$tbl)); + &mov ("ebx",&DWP(160-128,$tbl)); + &mov ("ecx",&DWP(192-128,$tbl)); + &mov ("edx",&DWP(224-128,$tbl)); + + &mov ("ecx",&wparam(2)); # number of bits in key + &cmp ("ecx",128); + &je (&label("10rounds")); + &cmp ("ecx",192); + &je (&label("12rounds")); + &cmp ("ecx",256); + &je (&label("14rounds")); + &mov ("eax",-2); # invalid number of bits + &jmp (&label("exit")); + + &set_label("10rounds"); + &mov ("eax",&DWP(0,"esi")); # copy first 4 dwords + &mov ("ebx",&DWP(4,"esi")); + &mov ("ecx",&DWP(8,"esi")); + &mov ("edx",&DWP(12,"esi")); + &mov (&DWP(0,"edi"),"eax"); + &mov (&DWP(4,"edi"),"ebx"); + &mov (&DWP(8,"edi"),"ecx"); + &mov (&DWP(12,"edi"),"edx"); + + &xor ("ecx","ecx"); + &jmp (&label("10shortcut")); + + &align (4); + &set_label("10loop"); + &mov ("eax",&DWP(0,"edi")); # rk[0] + &mov ("edx",&DWP(12,"edi")); # rk[3] + &set_label("10shortcut"); + &enckey (); + + &mov (&DWP(16,"edi"),"eax"); # rk[4] + &xor ("eax",&DWP(4,"edi")); + &mov (&DWP(20,"edi"),"eax"); # rk[5] + &xor ("eax",&DWP(8,"edi")); + &mov (&DWP(24,"edi"),"eax"); # rk[6] + &xor ("eax",&DWP(12,"edi")); + &mov (&DWP(28,"edi"),"eax"); # rk[7] + &inc ("ecx"); + &add ("edi",16); + &cmp ("ecx",10); + &jl (&label("10loop")); + + &mov (&DWP(80,"edi"),10); # setup number of rounds + &xor ("eax","eax"); + &jmp (&label("exit")); + + &set_label("12rounds"); + &mov ("eax",&DWP(0,"esi")); # copy first 6 dwords + &mov ("ebx",&DWP(4,"esi")); + &mov ("ecx",&DWP(8,"esi")); + &mov ("edx",&DWP(12,"esi")); + &mov (&DWP(0,"edi"),"eax"); + &mov (&DWP(4,"edi"),"ebx"); + &mov (&DWP(8,"edi"),"ecx"); + &mov (&DWP(12,"edi"),"edx"); + &mov ("ecx",&DWP(16,"esi")); + &mov ("edx",&DWP(20,"esi")); + &mov (&DWP(16,"edi"),"ecx"); + &mov (&DWP(20,"edi"),"edx"); + + &xor ("ecx","ecx"); + &jmp (&label("12shortcut")); + + &align (4); + &set_label("12loop"); + &mov ("eax",&DWP(0,"edi")); # rk[0] + &mov ("edx",&DWP(20,"edi")); # rk[5] + &set_label("12shortcut"); + &enckey (); + + &mov (&DWP(24,"edi"),"eax"); # rk[6] + &xor ("eax",&DWP(4,"edi")); + &mov (&DWP(28,"edi"),"eax"); # rk[7] + &xor ("eax",&DWP(8,"edi")); + &mov (&DWP(32,"edi"),"eax"); # rk[8] + &xor ("eax",&DWP(12,"edi")); + &mov (&DWP(36,"edi"),"eax"); # rk[9] + + &cmp ("ecx",7); + &je (&label("12break")); + &inc ("ecx"); + + &xor ("eax",&DWP(16,"edi")); + &mov (&DWP(40,"edi"),"eax"); # rk[10] + &xor ("eax",&DWP(20,"edi")); + &mov (&DWP(44,"edi"),"eax"); # rk[11] + + &add ("edi",24); + &jmp (&label("12loop")); + + &set_label("12break"); + &mov (&DWP(72,"edi"),12); # setup number of rounds + &xor ("eax","eax"); + &jmp (&label("exit")); + + &set_label("14rounds"); + &mov ("eax",&DWP(0,"esi")); # copy first 8 dwords + &mov ("ebx",&DWP(4,"esi")); + &mov ("ecx",&DWP(8,"esi")); + &mov ("edx",&DWP(12,"esi")); + &mov (&DWP(0,"edi"),"eax"); + &mov (&DWP(4,"edi"),"ebx"); + &mov (&DWP(8,"edi"),"ecx"); + &mov (&DWP(12,"edi"),"edx"); + &mov ("eax",&DWP(16,"esi")); + &mov ("ebx",&DWP(20,"esi")); + &mov ("ecx",&DWP(24,"esi")); + &mov ("edx",&DWP(28,"esi")); + &mov (&DWP(16,"edi"),"eax"); + &mov (&DWP(20,"edi"),"ebx"); + &mov (&DWP(24,"edi"),"ecx"); + &mov (&DWP(28,"edi"),"edx"); + + &xor ("ecx","ecx"); + &jmp (&label("14shortcut")); + + &align (4); + &set_label("14loop"); + &mov ("edx",&DWP(28,"edi")); # rk[7] + &set_label("14shortcut"); + &mov ("eax",&DWP(0,"edi")); # rk[0] + + &enckey (); + + &mov (&DWP(32,"edi"),"eax"); # rk[8] + &xor ("eax",&DWP(4,"edi")); + &mov (&DWP(36,"edi"),"eax"); # rk[9] + &xor ("eax",&DWP(8,"edi")); + &mov (&DWP(40,"edi"),"eax"); # rk[10] + &xor ("eax",&DWP(12,"edi")); + &mov (&DWP(44,"edi"),"eax"); # rk[11] + + &cmp ("ecx",6); + &je (&label("14break")); + &inc ("ecx"); + + &mov ("edx","eax"); + &mov ("eax",&DWP(16,"edi")); # rk[4] + &movz ("esi",&LB("edx")); # rk[11]>>0 + &movz ("ebx",&BP(-128,$tbl,"esi",1)); + &movz ("esi",&HB("edx")); # rk[11]>>8 + &xor ("eax","ebx"); + + &movz ("ebx",&BP(-128,$tbl,"esi",1)); + &shr ("edx",16); + &shl ("ebx",8); + &movz ("esi",&LB("edx")); # rk[11]>>16 + &xor ("eax","ebx"); + + &movz ("ebx",&BP(-128,$tbl,"esi",1)); + &movz ("esi",&HB("edx")); # rk[11]>>24 + &shl ("ebx",16); + &xor ("eax","ebx"); + + &movz ("ebx",&BP(-128,$tbl,"esi",1)); + &shl ("ebx",24); + &xor ("eax","ebx"); + + &mov (&DWP(48,"edi"),"eax"); # rk[12] + &xor ("eax",&DWP(20,"edi")); + &mov (&DWP(52,"edi"),"eax"); # rk[13] + &xor ("eax",&DWP(24,"edi")); + &mov (&DWP(56,"edi"),"eax"); # rk[14] + &xor ("eax",&DWP(28,"edi")); + &mov (&DWP(60,"edi"),"eax"); # rk[15] + + &add ("edi",32); + &jmp (&label("14loop")); + + &set_label("14break"); + &mov (&DWP(48,"edi"),14); # setup number of rounds + &xor ("eax","eax"); + &jmp (&label("exit")); + + &set_label("badpointer"); + &mov ("eax",-1); + &set_label("exit"); +&function_end("_x86_AES_set_encrypt_key"); + +# int AES_set_encrypt_key(const unsigned char *userKey, const int bits, +# AES_KEY *key) +&function_begin_B("AES_set_encrypt_key"); + &call ("_x86_AES_set_encrypt_key"); + &ret (); +&function_end_B("AES_set_encrypt_key"); + +sub deckey() +{ my ($i,$key,$tp1,$tp2,$tp4,$tp8) = @_; + my $tmp = $tbl; + + &mov ($acc,$tp1); + &and ($acc,0x80808080); + &mov ($tmp,$acc); + &shr ($tmp,7); + &lea ($tp2,&DWP(0,$tp1,$tp1)); + &sub ($acc,$tmp); + &and ($tp2,0xfefefefe); + &and ($acc,0x1b1b1b1b); + &xor ($acc,$tp2); + &mov ($tp2,$acc); + + &and ($acc,0x80808080); + &mov ($tmp,$acc); + &shr ($tmp,7); + &lea ($tp4,&DWP(0,$tp2,$tp2)); + &sub ($acc,$tmp); + &and ($tp4,0xfefefefe); + &and ($acc,0x1b1b1b1b); + &xor ($tp2,$tp1); # tp2^tp1 + &xor ($acc,$tp4); + &mov ($tp4,$acc); + + &and ($acc,0x80808080); + &mov ($tmp,$acc); + &shr ($tmp,7); + &lea ($tp8,&DWP(0,$tp4,$tp4)); + &xor ($tp4,$tp1); # tp4^tp1 + &sub ($acc,$tmp); + &and ($tp8,0xfefefefe); + &and ($acc,0x1b1b1b1b); + &rotl ($tp1,8); # = ROTATE(tp1,8) + &xor ($tp8,$acc); + + &mov ($tmp,&DWP(4*($i+1),$key)); # modulo-scheduled load + + &xor ($tp1,$tp2); + &xor ($tp2,$tp8); + &xor ($tp1,$tp4); + &rotl ($tp2,24); + &xor ($tp4,$tp8); + &xor ($tp1,$tp8); # ^= tp8^(tp4^tp1)^(tp2^tp1) + &rotl ($tp4,16); + &xor ($tp1,$tp2); # ^= ROTATE(tp8^tp2^tp1,24) + &rotl ($tp8,8); + &xor ($tp1,$tp4); # ^= ROTATE(tp8^tp4^tp1,16) + &mov ($tp2,$tmp); + &xor ($tp1,$tp8); # ^= ROTATE(tp8,8) + + &mov (&DWP(4*$i,$key),$tp1); +} + +# int AES_set_decrypt_key(const unsigned char *userKey, const int bits, +# AES_KEY *key) +&function_begin_B("AES_set_decrypt_key"); + &call ("_x86_AES_set_encrypt_key"); + &cmp ("eax",0); + &je (&label("proceed")); + &ret (); + + &set_label("proceed"); + &push ("ebp"); + &push ("ebx"); + &push ("esi"); + &push ("edi"); + + &mov ("esi",&wparam(2)); + &mov ("ecx",&DWP(240,"esi")); # pull number of rounds + &lea ("ecx",&DWP(0,"","ecx",4)); + &lea ("edi",&DWP(0,"esi","ecx",4)); # pointer to last chunk + + &set_label("invert",4); # invert order of chunks + &mov ("eax",&DWP(0,"esi")); + &mov ("ebx",&DWP(4,"esi")); + &mov ("ecx",&DWP(0,"edi")); + &mov ("edx",&DWP(4,"edi")); + &mov (&DWP(0,"edi"),"eax"); + &mov (&DWP(4,"edi"),"ebx"); + &mov (&DWP(0,"esi"),"ecx"); + &mov (&DWP(4,"esi"),"edx"); + &mov ("eax",&DWP(8,"esi")); + &mov ("ebx",&DWP(12,"esi")); + &mov ("ecx",&DWP(8,"edi")); + &mov ("edx",&DWP(12,"edi")); + &mov (&DWP(8,"edi"),"eax"); + &mov (&DWP(12,"edi"),"ebx"); + &mov (&DWP(8,"esi"),"ecx"); + &mov (&DWP(12,"esi"),"edx"); + &add ("esi",16); + &sub ("edi",16); + &cmp ("esi","edi"); + &jne (&label("invert")); + + &mov ($key,&wparam(2)); + &mov ($acc,&DWP(240,$key)); # pull number of rounds + &lea ($acc,&DWP(-2,$acc,$acc)); + &lea ($acc,&DWP(0,$key,$acc,8)); + &mov (&wparam(2),$acc); + + &mov ($s0,&DWP(16,$key)); # modulo-scheduled load + &set_label("permute",4); # permute the key schedule + &add ($key,16); + &deckey (0,$key,$s0,$s1,$s2,$s3); + &deckey (1,$key,$s1,$s2,$s3,$s0); + &deckey (2,$key,$s2,$s3,$s0,$s1); + &deckey (3,$key,$s3,$s0,$s1,$s2); + &cmp ($key,&wparam(2)); + &jb (&label("permute")); + + &xor ("eax","eax"); # return success +&function_end("AES_set_decrypt_key"); +&asciz("AES for x86, CRYPTOGAMS by "); + +&asm_finish(); diff --git a/src/lib/libcrypto/aes/asm/aes-armv4.pl b/src/lib/libcrypto/aes/asm/aes-armv4.pl new file mode 100644 index 00000000000..1cb9586d4b9 --- /dev/null +++ b/src/lib/libcrypto/aes/asm/aes-armv4.pl @@ -0,0 +1,1134 @@ +#!/usr/bin/env perl + +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# AES for ARMv4 + +# January 2007. +# +# Code uses single 1K S-box and is >2 times faster than code generated +# by gcc-3.4.1. This is thanks to unique feature of ARMv4 ISA, which +# allows to merge logical or arithmetic operation with shift or rotate +# in one instruction and emit combined result every cycle. The module +# is endian-neutral. The performance is ~42 cycles/byte for 128-bit +# key [on single-issue Xscale PXA250 core]. + +# May 2007. +# +# AES_set_[en|de]crypt_key is added. + +# July 2010. +# +# Rescheduling for dual-issue pipeline resulted in 12% improvement on +# Cortex A8 core and ~25 cycles per byte processed with 128-bit key. + +# February 2011. +# +# Profiler-assisted and platform-specific optimization resulted in 16% +# improvement on Cortex A8 core and ~21.5 cycles per byte. + +while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} +open STDOUT,">$output"; + +$s0="r0"; +$s1="r1"; +$s2="r2"; +$s3="r3"; +$t1="r4"; +$t2="r5"; +$t3="r6"; +$i1="r7"; +$i2="r8"; +$i3="r9"; + +$tbl="r10"; +$key="r11"; +$rounds="r12"; + +$code=<<___; +#include "arm_arch.h" +.text +.code 32 + +.type AES_Te,%object +.align 5 +AES_Te: +.word 0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d +.word 0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554 +.word 0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d +.word 0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a +.word 0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87 +.word 0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b +.word 0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea +.word 0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b +.word 0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a +.word 0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f +.word 0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108 +.word 0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f +.word 0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e +.word 0x30181828, 0x379696a1, 0x0a05050f, 0x2f9a9ab5 +.word 0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d +.word 0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f +.word 0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e +.word 0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb +.word 0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce +.word 0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497 +.word 0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c +.word 0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed +.word 0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b +.word 0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a +.word 0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16 +.word 0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594 +.word 0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81 +.word 0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3 +.word 0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x058f8f8a +.word 0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504 +.word 0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163 +.word 0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d +.word 0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f +.word 0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739 +.word 0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47 +.word 0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395 +.word 0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f +.word 0x44222266, 0x542a2a7e, 0x3b9090ab, 0x0b888883 +.word 0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c +.word 0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76 +.word 0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e +.word 0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4 +.word 0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6 +.word 0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b +.word 0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7 +.word 0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0 +.word 0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25 +.word 0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818 +.word 0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72 +.word 0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651 +.word 0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21 +.word 0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85 +.word 0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa +.word 0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12 +.word 0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0 +.word 0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9 +.word 0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133 +.word 0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7 +.word 0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920 +.word 0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a +.word 0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17 +.word 0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8 +.word 0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11 +.word 0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a +@ Te4[256] +.byte 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5 +.byte 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76 +.byte 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0 +.byte 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0 +.byte 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc +.byte 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15 +.byte 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a +.byte 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75 +.byte 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0 +.byte 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84 +.byte 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b +.byte 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf +.byte 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85 +.byte 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8 +.byte 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5 +.byte 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2 +.byte 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17 +.byte 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73 +.byte 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88 +.byte 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb +.byte 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c +.byte 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79 +.byte 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9 +.byte 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08 +.byte 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6 +.byte 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a +.byte 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e +.byte 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e +.byte 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94 +.byte 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf +.byte 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68 +.byte 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 +@ rcon[] +.word 0x01000000, 0x02000000, 0x04000000, 0x08000000 +.word 0x10000000, 0x20000000, 0x40000000, 0x80000000 +.word 0x1B000000, 0x36000000, 0, 0, 0, 0, 0, 0 +.size AES_Te,.-AES_Te + +@ void AES_encrypt(const unsigned char *in, unsigned char *out, +@ const AES_KEY *key) { +.global AES_encrypt +.type AES_encrypt,%function +.align 5 +AES_encrypt: + sub r3,pc,#8 @ AES_encrypt + stmdb sp!,{r1,r4-r12,lr} + mov $rounds,r0 @ inp + mov $key,r2 + sub $tbl,r3,#AES_encrypt-AES_Te @ Te +#if __ARM_ARCH__<7 || defined(__STRICT_ALIGNMENT) + ldrb $s0,[$rounds,#3] @ load input data in endian-neutral + ldrb $t1,[$rounds,#2] @ manner... + ldrb $t2,[$rounds,#1] + ldrb $t3,[$rounds,#0] + orr $s0,$s0,$t1,lsl#8 + ldrb $s1,[$rounds,#7] + orr $s0,$s0,$t2,lsl#16 + ldrb $t1,[$rounds,#6] + orr $s0,$s0,$t3,lsl#24 + ldrb $t2,[$rounds,#5] + ldrb $t3,[$rounds,#4] + orr $s1,$s1,$t1,lsl#8 + ldrb $s2,[$rounds,#11] + orr $s1,$s1,$t2,lsl#16 + ldrb $t1,[$rounds,#10] + orr $s1,$s1,$t3,lsl#24 + ldrb $t2,[$rounds,#9] + ldrb $t3,[$rounds,#8] + orr $s2,$s2,$t1,lsl#8 + ldrb $s3,[$rounds,#15] + orr $s2,$s2,$t2,lsl#16 + ldrb $t1,[$rounds,#14] + orr $s2,$s2,$t3,lsl#24 + ldrb $t2,[$rounds,#13] + ldrb $t3,[$rounds,#12] + orr $s3,$s3,$t1,lsl#8 + orr $s3,$s3,$t2,lsl#16 + orr $s3,$s3,$t3,lsl#24 +#else + ldr $s0,[$rounds,#0] + ldr $s1,[$rounds,#4] + ldr $s2,[$rounds,#8] + ldr $s3,[$rounds,#12] +#ifdef __ARMEL__ + rev $s0,$s0 + rev $s1,$s1 + rev $s2,$s2 + rev $s3,$s3 +#endif +#endif + bl _armv4_AES_encrypt + + ldr $rounds,[sp],#4 @ pop out +#if __ARM_ARCH__>=7 && !defined(__STRICT_ALIGNMENT) +#ifdef __ARMEL__ + rev $s0,$s0 + rev $s1,$s1 + rev $s2,$s2 + rev $s3,$s3 +#endif + str $s0,[$rounds,#0] + str $s1,[$rounds,#4] + str $s2,[$rounds,#8] + str $s3,[$rounds,#12] +#else + mov $t1,$s0,lsr#24 @ write output in endian-neutral + mov $t2,$s0,lsr#16 @ manner... + mov $t3,$s0,lsr#8 + strb $t1,[$rounds,#0] + strb $t2,[$rounds,#1] + mov $t1,$s1,lsr#24 + strb $t3,[$rounds,#2] + mov $t2,$s1,lsr#16 + strb $s0,[$rounds,#3] + mov $t3,$s1,lsr#8 + strb $t1,[$rounds,#4] + strb $t2,[$rounds,#5] + mov $t1,$s2,lsr#24 + strb $t3,[$rounds,#6] + mov $t2,$s2,lsr#16 + strb $s1,[$rounds,#7] + mov $t3,$s2,lsr#8 + strb $t1,[$rounds,#8] + strb $t2,[$rounds,#9] + mov $t1,$s3,lsr#24 + strb $t3,[$rounds,#10] + mov $t2,$s3,lsr#16 + strb $s2,[$rounds,#11] + mov $t3,$s3,lsr#8 + strb $t1,[$rounds,#12] + strb $t2,[$rounds,#13] + strb $t3,[$rounds,#14] + strb $s3,[$rounds,#15] +#endif +#if __ARM_ARCH__>=5 + ldmia sp!,{r4-r12,pc} +#else + ldmia sp!,{r4-r12,lr} + tst lr,#1 + moveq pc,lr @ be binary compatible with V4, yet + bx lr @ interoperable with Thumb ISA:-) +#endif +.size AES_encrypt,.-AES_encrypt + +.type _armv4_AES_encrypt,%function +.align 2 +_armv4_AES_encrypt: + str lr,[sp,#-4]! @ push lr + ldmia $key!,{$t1-$i1} + eor $s0,$s0,$t1 + ldr $rounds,[$key,#240-16] + eor $s1,$s1,$t2 + eor $s2,$s2,$t3 + eor $s3,$s3,$i1 + sub $rounds,$rounds,#1 + mov lr,#255 + + and $i1,lr,$s0 + and $i2,lr,$s0,lsr#8 + and $i3,lr,$s0,lsr#16 + mov $s0,$s0,lsr#24 +.Lenc_loop: + ldr $t1,[$tbl,$i1,lsl#2] @ Te3[s0>>0] + and $i1,lr,$s1,lsr#16 @ i0 + ldr $t2,[$tbl,$i2,lsl#2] @ Te2[s0>>8] + and $i2,lr,$s1 + ldr $t3,[$tbl,$i3,lsl#2] @ Te1[s0>>16] + and $i3,lr,$s1,lsr#8 + ldr $s0,[$tbl,$s0,lsl#2] @ Te0[s0>>24] + mov $s1,$s1,lsr#24 + + ldr $i1,[$tbl,$i1,lsl#2] @ Te1[s1>>16] + ldr $i2,[$tbl,$i2,lsl#2] @ Te3[s1>>0] + ldr $i3,[$tbl,$i3,lsl#2] @ Te2[s1>>8] + eor $s0,$s0,$i1,ror#8 + ldr $s1,[$tbl,$s1,lsl#2] @ Te0[s1>>24] + and $i1,lr,$s2,lsr#8 @ i0 + eor $t2,$t2,$i2,ror#8 + and $i2,lr,$s2,lsr#16 @ i1 + eor $t3,$t3,$i3,ror#8 + and $i3,lr,$s2 + ldr $i1,[$tbl,$i1,lsl#2] @ Te2[s2>>8] + eor $s1,$s1,$t1,ror#24 + ldr $i2,[$tbl,$i2,lsl#2] @ Te1[s2>>16] + mov $s2,$s2,lsr#24 + + ldr $i3,[$tbl,$i3,lsl#2] @ Te3[s2>>0] + eor $s0,$s0,$i1,ror#16 + ldr $s2,[$tbl,$s2,lsl#2] @ Te0[s2>>24] + and $i1,lr,$s3 @ i0 + eor $s1,$s1,$i2,ror#8 + and $i2,lr,$s3,lsr#8 @ i1 + eor $t3,$t3,$i3,ror#16 + and $i3,lr,$s3,lsr#16 @ i2 + ldr $i1,[$tbl,$i1,lsl#2] @ Te3[s3>>0] + eor $s2,$s2,$t2,ror#16 + ldr $i2,[$tbl,$i2,lsl#2] @ Te2[s3>>8] + mov $s3,$s3,lsr#24 + + ldr $i3,[$tbl,$i3,lsl#2] @ Te1[s3>>16] + eor $s0,$s0,$i1,ror#24 + ldr $i1,[$key],#16 + eor $s1,$s1,$i2,ror#16 + ldr $s3,[$tbl,$s3,lsl#2] @ Te0[s3>>24] + eor $s2,$s2,$i3,ror#8 + ldr $t1,[$key,#-12] + eor $s3,$s3,$t3,ror#8 + + ldr $t2,[$key,#-8] + eor $s0,$s0,$i1 + ldr $t3,[$key,#-4] + and $i1,lr,$s0 + eor $s1,$s1,$t1 + and $i2,lr,$s0,lsr#8 + eor $s2,$s2,$t2 + and $i3,lr,$s0,lsr#16 + eor $s3,$s3,$t3 + mov $s0,$s0,lsr#24 + + subs $rounds,$rounds,#1 + bne .Lenc_loop + + add $tbl,$tbl,#2 + + ldrb $t1,[$tbl,$i1,lsl#2] @ Te4[s0>>0] + and $i1,lr,$s1,lsr#16 @ i0 + ldrb $t2,[$tbl,$i2,lsl#2] @ Te4[s0>>8] + and $i2,lr,$s1 + ldrb $t3,[$tbl,$i3,lsl#2] @ Te4[s0>>16] + and $i3,lr,$s1,lsr#8 + ldrb $s0,[$tbl,$s0,lsl#2] @ Te4[s0>>24] + mov $s1,$s1,lsr#24 + + ldrb $i1,[$tbl,$i1,lsl#2] @ Te4[s1>>16] + ldrb $i2,[$tbl,$i2,lsl#2] @ Te4[s1>>0] + ldrb $i3,[$tbl,$i3,lsl#2] @ Te4[s1>>8] + eor $s0,$i1,$s0,lsl#8 + ldrb $s1,[$tbl,$s1,lsl#2] @ Te4[s1>>24] + and $i1,lr,$s2,lsr#8 @ i0 + eor $t2,$i2,$t2,lsl#8 + and $i2,lr,$s2,lsr#16 @ i1 + eor $t3,$i3,$t3,lsl#8 + and $i3,lr,$s2 + ldrb $i1,[$tbl,$i1,lsl#2] @ Te4[s2>>8] + eor $s1,$t1,$s1,lsl#24 + ldrb $i2,[$tbl,$i2,lsl#2] @ Te4[s2>>16] + mov $s2,$s2,lsr#24 + + ldrb $i3,[$tbl,$i3,lsl#2] @ Te4[s2>>0] + eor $s0,$i1,$s0,lsl#8 + ldrb $s2,[$tbl,$s2,lsl#2] @ Te4[s2>>24] + and $i1,lr,$s3 @ i0 + eor $s1,$s1,$i2,lsl#16 + and $i2,lr,$s3,lsr#8 @ i1 + eor $t3,$i3,$t3,lsl#8 + and $i3,lr,$s3,lsr#16 @ i2 + ldrb $i1,[$tbl,$i1,lsl#2] @ Te4[s3>>0] + eor $s2,$t2,$s2,lsl#24 + ldrb $i2,[$tbl,$i2,lsl#2] @ Te4[s3>>8] + mov $s3,$s3,lsr#24 + + ldrb $i3,[$tbl,$i3,lsl#2] @ Te4[s3>>16] + eor $s0,$i1,$s0,lsl#8 + ldr $i1,[$key,#0] + ldrb $s3,[$tbl,$s3,lsl#2] @ Te4[s3>>24] + eor $s1,$s1,$i2,lsl#8 + ldr $t1,[$key,#4] + eor $s2,$s2,$i3,lsl#16 + ldr $t2,[$key,#8] + eor $s3,$t3,$s3,lsl#24 + ldr $t3,[$key,#12] + + eor $s0,$s0,$i1 + eor $s1,$s1,$t1 + eor $s2,$s2,$t2 + eor $s3,$s3,$t3 + + sub $tbl,$tbl,#2 + ldr pc,[sp],#4 @ pop and return +.size _armv4_AES_encrypt,.-_armv4_AES_encrypt + +.global AES_set_encrypt_key +.type AES_set_encrypt_key,%function +.align 5 +AES_set_encrypt_key: +_armv4_AES_set_encrypt_key: + sub r3,pc,#8 @ AES_set_encrypt_key + teq r0,#0 + moveq r0,#-1 + beq .Labrt + teq r2,#0 + moveq r0,#-1 + beq .Labrt + + teq r1,#128 + beq .Lok + teq r1,#192 + beq .Lok + teq r1,#256 + movne r0,#-1 + bne .Labrt + +.Lok: stmdb sp!,{r4-r12,lr} + sub $tbl,r3,#_armv4_AES_set_encrypt_key-AES_Te-1024 @ Te4 + + mov $rounds,r0 @ inp + mov lr,r1 @ bits + mov $key,r2 @ key + +#if __ARM_ARCH__<7 || defined(__STRICT_ALIGNMENT) + ldrb $s0,[$rounds,#3] @ load input data in endian-neutral + ldrb $t1,[$rounds,#2] @ manner... + ldrb $t2,[$rounds,#1] + ldrb $t3,[$rounds,#0] + orr $s0,$s0,$t1,lsl#8 + ldrb $s1,[$rounds,#7] + orr $s0,$s0,$t2,lsl#16 + ldrb $t1,[$rounds,#6] + orr $s0,$s0,$t3,lsl#24 + ldrb $t2,[$rounds,#5] + ldrb $t3,[$rounds,#4] + orr $s1,$s1,$t1,lsl#8 + ldrb $s2,[$rounds,#11] + orr $s1,$s1,$t2,lsl#16 + ldrb $t1,[$rounds,#10] + orr $s1,$s1,$t3,lsl#24 + ldrb $t2,[$rounds,#9] + ldrb $t3,[$rounds,#8] + orr $s2,$s2,$t1,lsl#8 + ldrb $s3,[$rounds,#15] + orr $s2,$s2,$t2,lsl#16 + ldrb $t1,[$rounds,#14] + orr $s2,$s2,$t3,lsl#24 + ldrb $t2,[$rounds,#13] + ldrb $t3,[$rounds,#12] + orr $s3,$s3,$t1,lsl#8 + str $s0,[$key],#16 + orr $s3,$s3,$t2,lsl#16 + str $s1,[$key,#-12] + orr $s3,$s3,$t3,lsl#24 + str $s2,[$key,#-8] + str $s3,[$key,#-4] +#else + ldr $s0,[$rounds,#0] + ldr $s1,[$rounds,#4] + ldr $s2,[$rounds,#8] + ldr $s3,[$rounds,#12] +#ifdef __ARMEL__ + rev $s0,$s0 + rev $s1,$s1 + rev $s2,$s2 + rev $s3,$s3 +#endif + str $s0,[$key],#16 + str $s1,[$key,#-12] + str $s2,[$key,#-8] + str $s3,[$key,#-4] +#endif + + teq lr,#128 + bne .Lnot128 + mov $rounds,#10 + str $rounds,[$key,#240-16] + add $t3,$tbl,#256 @ rcon + mov lr,#255 + +.L128_loop: + and $t2,lr,$s3,lsr#24 + and $i1,lr,$s3,lsr#16 + ldrb $t2,[$tbl,$t2] + and $i2,lr,$s3,lsr#8 + ldrb $i1,[$tbl,$i1] + and $i3,lr,$s3 + ldrb $i2,[$tbl,$i2] + orr $t2,$t2,$i1,lsl#24 + ldrb $i3,[$tbl,$i3] + orr $t2,$t2,$i2,lsl#16 + ldr $t1,[$t3],#4 @ rcon[i++] + orr $t2,$t2,$i3,lsl#8 + eor $t2,$t2,$t1 + eor $s0,$s0,$t2 @ rk[4]=rk[0]^... + eor $s1,$s1,$s0 @ rk[5]=rk[1]^rk[4] + str $s0,[$key],#16 + eor $s2,$s2,$s1 @ rk[6]=rk[2]^rk[5] + str $s1,[$key,#-12] + eor $s3,$s3,$s2 @ rk[7]=rk[3]^rk[6] + str $s2,[$key,#-8] + subs $rounds,$rounds,#1 + str $s3,[$key,#-4] + bne .L128_loop + sub r2,$key,#176 + b .Ldone + +.Lnot128: +#if __ARM_ARCH__<7 || defined(__STRICT_ALIGNMENT) + ldrb $i2,[$rounds,#19] + ldrb $t1,[$rounds,#18] + ldrb $t2,[$rounds,#17] + ldrb $t3,[$rounds,#16] + orr $i2,$i2,$t1,lsl#8 + ldrb $i3,[$rounds,#23] + orr $i2,$i2,$t2,lsl#16 + ldrb $t1,[$rounds,#22] + orr $i2,$i2,$t3,lsl#24 + ldrb $t2,[$rounds,#21] + ldrb $t3,[$rounds,#20] + orr $i3,$i3,$t1,lsl#8 + orr $i3,$i3,$t2,lsl#16 + str $i2,[$key],#8 + orr $i3,$i3,$t3,lsl#24 + str $i3,[$key,#-4] +#else + ldr $i2,[$rounds,#16] + ldr $i3,[$rounds,#20] +#ifdef __ARMEL__ + rev $i2,$i2 + rev $i3,$i3 +#endif + str $i2,[$key],#8 + str $i3,[$key,#-4] +#endif + + teq lr,#192 + bne .Lnot192 + mov $rounds,#12 + str $rounds,[$key,#240-24] + add $t3,$tbl,#256 @ rcon + mov lr,#255 + mov $rounds,#8 + +.L192_loop: + and $t2,lr,$i3,lsr#24 + and $i1,lr,$i3,lsr#16 + ldrb $t2,[$tbl,$t2] + and $i2,lr,$i3,lsr#8 + ldrb $i1,[$tbl,$i1] + and $i3,lr,$i3 + ldrb $i2,[$tbl,$i2] + orr $t2,$t2,$i1,lsl#24 + ldrb $i3,[$tbl,$i3] + orr $t2,$t2,$i2,lsl#16 + ldr $t1,[$t3],#4 @ rcon[i++] + orr $t2,$t2,$i3,lsl#8 + eor $i3,$t2,$t1 + eor $s0,$s0,$i3 @ rk[6]=rk[0]^... + eor $s1,$s1,$s0 @ rk[7]=rk[1]^rk[6] + str $s0,[$key],#24 + eor $s2,$s2,$s1 @ rk[8]=rk[2]^rk[7] + str $s1,[$key,#-20] + eor $s3,$s3,$s2 @ rk[9]=rk[3]^rk[8] + str $s2,[$key,#-16] + subs $rounds,$rounds,#1 + str $s3,[$key,#-12] + subeq r2,$key,#216 + beq .Ldone + + ldr $i1,[$key,#-32] + ldr $i2,[$key,#-28] + eor $i1,$i1,$s3 @ rk[10]=rk[4]^rk[9] + eor $i3,$i2,$i1 @ rk[11]=rk[5]^rk[10] + str $i1,[$key,#-8] + str $i3,[$key,#-4] + b .L192_loop + +.Lnot192: +#if __ARM_ARCH__<7 || defined(__STRICT_ALIGNMENT) + ldrb $i2,[$rounds,#27] + ldrb $t1,[$rounds,#26] + ldrb $t2,[$rounds,#25] + ldrb $t3,[$rounds,#24] + orr $i2,$i2,$t1,lsl#8 + ldrb $i3,[$rounds,#31] + orr $i2,$i2,$t2,lsl#16 + ldrb $t1,[$rounds,#30] + orr $i2,$i2,$t3,lsl#24 + ldrb $t2,[$rounds,#29] + ldrb $t3,[$rounds,#28] + orr $i3,$i3,$t1,lsl#8 + orr $i3,$i3,$t2,lsl#16 + str $i2,[$key],#8 + orr $i3,$i3,$t3,lsl#24 + str $i3,[$key,#-4] +#else + ldr $i2,[$rounds,#24] + ldr $i3,[$rounds,#28] +#ifdef __ARMEL__ + rev $i2,$i2 + rev $i3,$i3 +#endif + str $i2,[$key],#8 + str $i3,[$key,#-4] +#endif + + mov $rounds,#14 + str $rounds,[$key,#240-32] + add $t3,$tbl,#256 @ rcon + mov lr,#255 + mov $rounds,#7 + +.L256_loop: + and $t2,lr,$i3,lsr#24 + and $i1,lr,$i3,lsr#16 + ldrb $t2,[$tbl,$t2] + and $i2,lr,$i3,lsr#8 + ldrb $i1,[$tbl,$i1] + and $i3,lr,$i3 + ldrb $i2,[$tbl,$i2] + orr $t2,$t2,$i1,lsl#24 + ldrb $i3,[$tbl,$i3] + orr $t2,$t2,$i2,lsl#16 + ldr $t1,[$t3],#4 @ rcon[i++] + orr $t2,$t2,$i3,lsl#8 + eor $i3,$t2,$t1 + eor $s0,$s0,$i3 @ rk[8]=rk[0]^... + eor $s1,$s1,$s0 @ rk[9]=rk[1]^rk[8] + str $s0,[$key],#32 + eor $s2,$s2,$s1 @ rk[10]=rk[2]^rk[9] + str $s1,[$key,#-28] + eor $s3,$s3,$s2 @ rk[11]=rk[3]^rk[10] + str $s2,[$key,#-24] + subs $rounds,$rounds,#1 + str $s3,[$key,#-20] + subeq r2,$key,#256 + beq .Ldone + + and $t2,lr,$s3 + and $i1,lr,$s3,lsr#8 + ldrb $t2,[$tbl,$t2] + and $i2,lr,$s3,lsr#16 + ldrb $i1,[$tbl,$i1] + and $i3,lr,$s3,lsr#24 + ldrb $i2,[$tbl,$i2] + orr $t2,$t2,$i1,lsl#8 + ldrb $i3,[$tbl,$i3] + orr $t2,$t2,$i2,lsl#16 + ldr $t1,[$key,#-48] + orr $t2,$t2,$i3,lsl#24 + + ldr $i1,[$key,#-44] + ldr $i2,[$key,#-40] + eor $t1,$t1,$t2 @ rk[12]=rk[4]^... + ldr $i3,[$key,#-36] + eor $i1,$i1,$t1 @ rk[13]=rk[5]^rk[12] + str $t1,[$key,#-16] + eor $i2,$i2,$i1 @ rk[14]=rk[6]^rk[13] + str $i1,[$key,#-12] + eor $i3,$i3,$i2 @ rk[15]=rk[7]^rk[14] + str $i2,[$key,#-8] + str $i3,[$key,#-4] + b .L256_loop + +.Ldone: mov r0,#0 + ldmia sp!,{r4-r12,lr} +.Labrt: tst lr,#1 + moveq pc,lr @ be binary compatible with V4, yet + bx lr @ interoperable with Thumb ISA:-) +.size AES_set_encrypt_key,.-AES_set_encrypt_key + +.global AES_set_decrypt_key +.type AES_set_decrypt_key,%function +.align 5 +AES_set_decrypt_key: + str lr,[sp,#-4]! @ push lr + bl _armv4_AES_set_encrypt_key + teq r0,#0 + ldrne lr,[sp],#4 @ pop lr + bne .Labrt + + stmdb sp!,{r4-r12} + + ldr $rounds,[r2,#240] @ AES_set_encrypt_key preserves r2, + mov $key,r2 @ which is AES_KEY *key + mov $i1,r2 + add $i2,r2,$rounds,lsl#4 + +.Linv: ldr $s0,[$i1] + ldr $s1,[$i1,#4] + ldr $s2,[$i1,#8] + ldr $s3,[$i1,#12] + ldr $t1,[$i2] + ldr $t2,[$i2,#4] + ldr $t3,[$i2,#8] + ldr $i3,[$i2,#12] + str $s0,[$i2],#-16 + str $s1,[$i2,#16+4] + str $s2,[$i2,#16+8] + str $s3,[$i2,#16+12] + str $t1,[$i1],#16 + str $t2,[$i1,#-12] + str $t3,[$i1,#-8] + str $i3,[$i1,#-4] + teq $i1,$i2 + bne .Linv +___ +$mask80=$i1; +$mask1b=$i2; +$mask7f=$i3; +$code.=<<___; + ldr $s0,[$key,#16]! @ prefetch tp1 + mov $mask80,#0x80 + mov $mask1b,#0x1b + orr $mask80,$mask80,#0x8000 + orr $mask1b,$mask1b,#0x1b00 + orr $mask80,$mask80,$mask80,lsl#16 + orr $mask1b,$mask1b,$mask1b,lsl#16 + sub $rounds,$rounds,#1 + mvn $mask7f,$mask80 + mov $rounds,$rounds,lsl#2 @ (rounds-1)*4 + +.Lmix: and $t1,$s0,$mask80 + and $s1,$s0,$mask7f + sub $t1,$t1,$t1,lsr#7 + and $t1,$t1,$mask1b + eor $s1,$t1,$s1,lsl#1 @ tp2 + + and $t1,$s1,$mask80 + and $s2,$s1,$mask7f + sub $t1,$t1,$t1,lsr#7 + and $t1,$t1,$mask1b + eor $s2,$t1,$s2,lsl#1 @ tp4 + + and $t1,$s2,$mask80 + and $s3,$s2,$mask7f + sub $t1,$t1,$t1,lsr#7 + and $t1,$t1,$mask1b + eor $s3,$t1,$s3,lsl#1 @ tp8 + + eor $t1,$s1,$s2 + eor $t2,$s0,$s3 @ tp9 + eor $t1,$t1,$s3 @ tpe + eor $t1,$t1,$s1,ror#24 + eor $t1,$t1,$t2,ror#24 @ ^= ROTATE(tpb=tp9^tp2,8) + eor $t1,$t1,$s2,ror#16 + eor $t1,$t1,$t2,ror#16 @ ^= ROTATE(tpd=tp9^tp4,16) + eor $t1,$t1,$t2,ror#8 @ ^= ROTATE(tp9,24) + + ldr $s0,[$key,#4] @ prefetch tp1 + str $t1,[$key],#4 + subs $rounds,$rounds,#1 + bne .Lmix + + mov r0,#0 +#if __ARM_ARCH__>=5 + ldmia sp!,{r4-r12,pc} +#else + ldmia sp!,{r4-r12,lr} + tst lr,#1 + moveq pc,lr @ be binary compatible with V4, yet + bx lr @ interoperable with Thumb ISA:-) +#endif +.size AES_set_decrypt_key,.-AES_set_decrypt_key + +.type AES_Td,%object +.align 5 +AES_Td: +.word 0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96 +.word 0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393 +.word 0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25 +.word 0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f +.word 0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1 +.word 0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6 +.word 0x038f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da +.word 0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844 +.word 0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd +.word 0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4 +.word 0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45 +.word 0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94 +.word 0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7 +.word 0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a +.word 0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5 +.word 0x302887f2, 0x23bfa5b2, 0x02036aba, 0xed16825c +.word 0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1 +.word 0x65daf4cd, 0x0605bed5, 0xd134621f, 0xc4a6fe8a +.word 0x342e539d, 0xa2f355a0, 0x058ae132, 0xa4f6eb75 +.word 0x0b83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051 +.word 0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46 +.word 0x91548db5, 0x71c45d05, 0x0406d46f, 0x605015ff +.word 0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77 +.word 0xb0e842bd, 0x07898b88, 0xe7195b38, 0x79c8eedb +.word 0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x00000000 +.word 0x09808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e +.word 0xfd0efffb, 0x0f853856, 0x3daed51e, 0x362d3927 +.word 0x0a0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a +.word 0x0c0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e +.word 0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16 +.word 0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d +.word 0x0e090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8 +.word 0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd +.word 0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34 +.word 0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163 +.word 0xd731dcca, 0x42638510, 0x13972240, 0x84c61120 +.word 0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d +.word 0x1d9e2f4b, 0xdcb230f3, 0x0d8652ec, 0x77c1e3d0 +.word 0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422 +.word 0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef +.word 0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36 +.word 0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4 +.word 0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662 +.word 0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5 +.word 0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3 +.word 0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b +.word 0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8 +.word 0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6 +.word 0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6 +.word 0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0 +.word 0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815 +.word 0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f +.word 0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df +.word 0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f +.word 0x9d5eea04, 0x018c355d, 0xfa877473, 0xfb0b412e +.word 0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713 +.word 0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89 +.word 0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c +.word 0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf +.word 0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86 +.word 0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f +.word 0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541 +.word 0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190 +.word 0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742 +@ Td4[256] +.byte 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38 +.byte 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb +.byte 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87 +.byte 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb +.byte 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d +.byte 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e +.byte 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2 +.byte 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25 +.byte 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16 +.byte 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92 +.byte 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda +.byte 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84 +.byte 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a +.byte 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06 +.byte 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02 +.byte 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b +.byte 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea +.byte 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73 +.byte 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85 +.byte 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e +.byte 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89 +.byte 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b +.byte 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20 +.byte 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4 +.byte 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31 +.byte 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f +.byte 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d +.byte 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef +.byte 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0 +.byte 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61 +.byte 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26 +.byte 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d +.size AES_Td,.-AES_Td + +@ void AES_decrypt(const unsigned char *in, unsigned char *out, +@ const AES_KEY *key) { +.global AES_decrypt +.type AES_decrypt,%function +.align 5 +AES_decrypt: + sub r3,pc,#8 @ AES_decrypt + stmdb sp!,{r1,r4-r12,lr} + mov $rounds,r0 @ inp + mov $key,r2 + sub $tbl,r3,#AES_decrypt-AES_Td @ Td +#if __ARM_ARCH__<7 || defined(__STRICT_ALIGNMENT) + ldrb $s0,[$rounds,#3] @ load input data in endian-neutral + ldrb $t1,[$rounds,#2] @ manner... + ldrb $t2,[$rounds,#1] + ldrb $t3,[$rounds,#0] + orr $s0,$s0,$t1,lsl#8 + ldrb $s1,[$rounds,#7] + orr $s0,$s0,$t2,lsl#16 + ldrb $t1,[$rounds,#6] + orr $s0,$s0,$t3,lsl#24 + ldrb $t2,[$rounds,#5] + ldrb $t3,[$rounds,#4] + orr $s1,$s1,$t1,lsl#8 + ldrb $s2,[$rounds,#11] + orr $s1,$s1,$t2,lsl#16 + ldrb $t1,[$rounds,#10] + orr $s1,$s1,$t3,lsl#24 + ldrb $t2,[$rounds,#9] + ldrb $t3,[$rounds,#8] + orr $s2,$s2,$t1,lsl#8 + ldrb $s3,[$rounds,#15] + orr $s2,$s2,$t2,lsl#16 + ldrb $t1,[$rounds,#14] + orr $s2,$s2,$t3,lsl#24 + ldrb $t2,[$rounds,#13] + ldrb $t3,[$rounds,#12] + orr $s3,$s3,$t1,lsl#8 + orr $s3,$s3,$t2,lsl#16 + orr $s3,$s3,$t3,lsl#24 +#else + ldr $s0,[$rounds,#0] + ldr $s1,[$rounds,#4] + ldr $s2,[$rounds,#8] + ldr $s3,[$rounds,#12] +#ifdef __ARMEL__ + rev $s0,$s0 + rev $s1,$s1 + rev $s2,$s2 + rev $s3,$s3 +#endif +#endif + bl _armv4_AES_decrypt + + ldr $rounds,[sp],#4 @ pop out +#if __ARM_ARCH__>=7 && !defined(__STRICT_ALIGNMENT) +#ifdef __ARMEL__ + rev $s0,$s0 + rev $s1,$s1 + rev $s2,$s2 + rev $s3,$s3 +#endif + str $s0,[$rounds,#0] + str $s1,[$rounds,#4] + str $s2,[$rounds,#8] + str $s3,[$rounds,#12] +#else + mov $t1,$s0,lsr#24 @ write output in endian-neutral + mov $t2,$s0,lsr#16 @ manner... + mov $t3,$s0,lsr#8 + strb $t1,[$rounds,#0] + strb $t2,[$rounds,#1] + mov $t1,$s1,lsr#24 + strb $t3,[$rounds,#2] + mov $t2,$s1,lsr#16 + strb $s0,[$rounds,#3] + mov $t3,$s1,lsr#8 + strb $t1,[$rounds,#4] + strb $t2,[$rounds,#5] + mov $t1,$s2,lsr#24 + strb $t3,[$rounds,#6] + mov $t2,$s2,lsr#16 + strb $s1,[$rounds,#7] + mov $t3,$s2,lsr#8 + strb $t1,[$rounds,#8] + strb $t2,[$rounds,#9] + mov $t1,$s3,lsr#24 + strb $t3,[$rounds,#10] + mov $t2,$s3,lsr#16 + strb $s2,[$rounds,#11] + mov $t3,$s3,lsr#8 + strb $t1,[$rounds,#12] + strb $t2,[$rounds,#13] + strb $t3,[$rounds,#14] + strb $s3,[$rounds,#15] +#endif +#if __ARM_ARCH__>=5 + ldmia sp!,{r4-r12,pc} +#else + ldmia sp!,{r4-r12,lr} + tst lr,#1 + moveq pc,lr @ be binary compatible with V4, yet + bx lr @ interoperable with Thumb ISA:-) +#endif +.size AES_decrypt,.-AES_decrypt + +.type _armv4_AES_decrypt,%function +.align 2 +_armv4_AES_decrypt: + str lr,[sp,#-4]! @ push lr + ldmia $key!,{$t1-$i1} + eor $s0,$s0,$t1 + ldr $rounds,[$key,#240-16] + eor $s1,$s1,$t2 + eor $s2,$s2,$t3 + eor $s3,$s3,$i1 + sub $rounds,$rounds,#1 + mov lr,#255 + + and $i1,lr,$s0,lsr#16 + and $i2,lr,$s0,lsr#8 + and $i3,lr,$s0 + mov $s0,$s0,lsr#24 +.Ldec_loop: + ldr $t1,[$tbl,$i1,lsl#2] @ Td1[s0>>16] + and $i1,lr,$s1 @ i0 + ldr $t2,[$tbl,$i2,lsl#2] @ Td2[s0>>8] + and $i2,lr,$s1,lsr#16 + ldr $t3,[$tbl,$i3,lsl#2] @ Td3[s0>>0] + and $i3,lr,$s1,lsr#8 + ldr $s0,[$tbl,$s0,lsl#2] @ Td0[s0>>24] + mov $s1,$s1,lsr#24 + + ldr $i1,[$tbl,$i1,lsl#2] @ Td3[s1>>0] + ldr $i2,[$tbl,$i2,lsl#2] @ Td1[s1>>16] + ldr $i3,[$tbl,$i3,lsl#2] @ Td2[s1>>8] + eor $s0,$s0,$i1,ror#24 + ldr $s1,[$tbl,$s1,lsl#2] @ Td0[s1>>24] + and $i1,lr,$s2,lsr#8 @ i0 + eor $t2,$i2,$t2,ror#8 + and $i2,lr,$s2 @ i1 + eor $t3,$i3,$t3,ror#8 + and $i3,lr,$s2,lsr#16 + ldr $i1,[$tbl,$i1,lsl#2] @ Td2[s2>>8] + eor $s1,$s1,$t1,ror#8 + ldr $i2,[$tbl,$i2,lsl#2] @ Td3[s2>>0] + mov $s2,$s2,lsr#24 + + ldr $i3,[$tbl,$i3,lsl#2] @ Td1[s2>>16] + eor $s0,$s0,$i1,ror#16 + ldr $s2,[$tbl,$s2,lsl#2] @ Td0[s2>>24] + and $i1,lr,$s3,lsr#16 @ i0 + eor $s1,$s1,$i2,ror#24 + and $i2,lr,$s3,lsr#8 @ i1 + eor $t3,$i3,$t3,ror#8 + and $i3,lr,$s3 @ i2 + ldr $i1,[$tbl,$i1,lsl#2] @ Td1[s3>>16] + eor $s2,$s2,$t2,ror#8 + ldr $i2,[$tbl,$i2,lsl#2] @ Td2[s3>>8] + mov $s3,$s3,lsr#24 + + ldr $i3,[$tbl,$i3,lsl#2] @ Td3[s3>>0] + eor $s0,$s0,$i1,ror#8 + ldr $i1,[$key],#16 + eor $s1,$s1,$i2,ror#16 + ldr $s3,[$tbl,$s3,lsl#2] @ Td0[s3>>24] + eor $s2,$s2,$i3,ror#24 + + ldr $t1,[$key,#-12] + eor $s0,$s0,$i1 + ldr $t2,[$key,#-8] + eor $s3,$s3,$t3,ror#8 + ldr $t3,[$key,#-4] + and $i1,lr,$s0,lsr#16 + eor $s1,$s1,$t1 + and $i2,lr,$s0,lsr#8 + eor $s2,$s2,$t2 + and $i3,lr,$s0 + eor $s3,$s3,$t3 + mov $s0,$s0,lsr#24 + + subs $rounds,$rounds,#1 + bne .Ldec_loop + + add $tbl,$tbl,#1024 + + ldr $t2,[$tbl,#0] @ prefetch Td4 + ldr $t3,[$tbl,#32] + ldr $t1,[$tbl,#64] + ldr $t2,[$tbl,#96] + ldr $t3,[$tbl,#128] + ldr $t1,[$tbl,#160] + ldr $t2,[$tbl,#192] + ldr $t3,[$tbl,#224] + + ldrb $s0,[$tbl,$s0] @ Td4[s0>>24] + ldrb $t1,[$tbl,$i1] @ Td4[s0>>16] + and $i1,lr,$s1 @ i0 + ldrb $t2,[$tbl,$i2] @ Td4[s0>>8] + and $i2,lr,$s1,lsr#16 + ldrb $t3,[$tbl,$i3] @ Td4[s0>>0] + and $i3,lr,$s1,lsr#8 + + ldrb $i1,[$tbl,$i1] @ Td4[s1>>0] + ldrb $s1,[$tbl,$s1,lsr#24] @ Td4[s1>>24] + ldrb $i2,[$tbl,$i2] @ Td4[s1>>16] + eor $s0,$i1,$s0,lsl#24 + ldrb $i3,[$tbl,$i3] @ Td4[s1>>8] + eor $s1,$t1,$s1,lsl#8 + and $i1,lr,$s2,lsr#8 @ i0 + eor $t2,$t2,$i2,lsl#8 + and $i2,lr,$s2 @ i1 + ldrb $i1,[$tbl,$i1] @ Td4[s2>>8] + eor $t3,$t3,$i3,lsl#8 + ldrb $i2,[$tbl,$i2] @ Td4[s2>>0] + and $i3,lr,$s2,lsr#16 + + ldrb $s2,[$tbl,$s2,lsr#24] @ Td4[s2>>24] + eor $s0,$s0,$i1,lsl#8 + ldrb $i3,[$tbl,$i3] @ Td4[s2>>16] + eor $s1,$i2,$s1,lsl#16 + and $i1,lr,$s3,lsr#16 @ i0 + eor $s2,$t2,$s2,lsl#16 + and $i2,lr,$s3,lsr#8 @ i1 + ldrb $i1,[$tbl,$i1] @ Td4[s3>>16] + eor $t3,$t3,$i3,lsl#16 + ldrb $i2,[$tbl,$i2] @ Td4[s3>>8] + and $i3,lr,$s3 @ i2 + + ldrb $i3,[$tbl,$i3] @ Td4[s3>>0] + ldrb $s3,[$tbl,$s3,lsr#24] @ Td4[s3>>24] + eor $s0,$s0,$i1,lsl#16 + ldr $i1,[$key,#0] + eor $s1,$s1,$i2,lsl#8 + ldr $t1,[$key,#4] + eor $s2,$i3,$s2,lsl#8 + ldr $t2,[$key,#8] + eor $s3,$t3,$s3,lsl#24 + ldr $t3,[$key,#12] + + eor $s0,$s0,$i1 + eor $s1,$s1,$t1 + eor $s2,$s2,$t2 + eor $s3,$s3,$t3 + + sub $tbl,$tbl,#1024 + ldr pc,[sp],#4 @ pop and return +.size _armv4_AES_decrypt,.-_armv4_AES_decrypt +.asciz "AES for ARMv4, CRYPTOGAMS by " +.align 2 +___ + +$code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm; # make it possible to compile with -march=armv4 +print $code; +close STDOUT; # enforce flush diff --git a/src/lib/libcrypto/aes/asm/aes-mips.pl b/src/lib/libcrypto/aes/asm/aes-mips.pl new file mode 100644 index 00000000000..2f6ff74ffe1 --- /dev/null +++ b/src/lib/libcrypto/aes/asm/aes-mips.pl @@ -0,0 +1,1613 @@ +#!/usr/bin/env perl + +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# AES for MIPS + +# October 2010 +# +# Code uses 1K[+256B] S-box and on single-issue core [such as R5000] +# spends ~68 cycles per byte processed with 128-bit key. This is ~16% +# faster than gcc-generated code, which is not very impressive. But +# recall that compressed S-box requires extra processing, namely +# additional rotations. Rotations are implemented with lwl/lwr pairs, +# which is normally used for loading unaligned data. Another cool +# thing about this module is its endian neutrality, which means that +# it processes data without ever changing byte order... + +###################################################################### +# There is a number of MIPS ABI in use, O32 and N32/64 are most +# widely used. Then there is a new contender: NUBI. It appears that if +# one picks the latter, it's possible to arrange code in ABI neutral +# manner. Therefore let's stick to NUBI register layout: +# +($zero,$at,$t0,$t1,$t2)=map("\$$_",(0..2,24,25)); +($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$$_",(4..11)); +($s0,$s1,$s2,$s3,$s4,$s5,$s6,$s7,$s8,$s9,$s10,$s11)=map("\$$_",(12..23)); +($gp,$tp,$sp,$fp,$ra)=map("\$$_",(3,28..31)); +# +# The return value is placed in $a0. Following coding rules facilitate +# interoperability: +# +# - never ever touch $tp, "thread pointer", former $gp; +# - copy return value to $t0, former $v0 [or to $a0 if you're adapting +# old code]; +# - on O32 populate $a4-$a7 with 'lw $aN,4*N($sp)' if necessary; +# +# For reference here is register layout for N32/64 MIPS ABIs: +# +# ($zero,$at,$v0,$v1)=map("\$$_",(0..3)); +# ($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$$_",(4..11)); +# ($t0,$t1,$t2,$t3,$t8,$t9)=map("\$$_",(12..15,24,25)); +# ($s0,$s1,$s2,$s3,$s4,$s5,$s6,$s7)=map("\$$_",(16..23)); +# ($gp,$sp,$fp,$ra)=map("\$$_",(28..31)); +# +$flavour = shift; # supported flavours are o32,n32,64,nubi32,nubi64 + +if ($flavour =~ /64/i) { + $LA="dla"; +} else { + $LA="la"; +} + +if ($flavour =~ /64|n32/i) { + $PTR_ADD="dadd"; # incidentally works even on n32 + $PTR_SUB="dsub"; # incidentally works even on n32 + $REG_S="sd"; + $REG_L="ld"; + $PTR_SLL="dsll"; # incidentally works even on n32 + $SZREG=8; +} else { + $PTR_ADD="add"; + $PTR_SUB="sub"; + $REG_S="sw"; + $REG_L="lw"; + $PTR_SLL="sll"; + $SZREG=4; +} +$pf = ($flavour =~ /nubi/i) ? $t0 : $t2; +# +# +# +###################################################################### + +$big_endian=(`echo MIPSEL | $ENV{CC} -E -P -`=~/MIPSEL/)?1:0; + +for (@ARGV) { $output=$_ if (/^\w[\w\-]*\.\w+$/); } +open STDOUT,">$output"; + +if (!defined($big_endian)) +{ $big_endian=(unpack('L',pack('N',1))==1); } + +while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} +open STDOUT,">$output"; + +my ($MSB,$LSB)=(0,3); # automatically converted to little-endian + +$code.=<<___; +.text +#if !defined(__vxworks) || defined(__pic__) +.option pic2 +#endif +.set noat +___ + +{{{ +my $FRAMESIZE=16*$SZREG; +my $SAVED_REGS_MASK = ($flavour =~ /nubi/i) ? 0xc0fff008 : 0xc0ff0000; + +my ($inp,$out,$key,$Tbl,$s0,$s1,$s2,$s3)=($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7); +my ($i0,$i1,$i2,$i3)=($at,$t0,$t1,$t2); +my ($t0,$t1,$t2,$t3,$t4,$t5,$t6,$t7,$t8,$t9,$t10,$t11) = map("\$$_",(12..23)); +my ($key0,$cnt)=($gp,$fp); + +# instuction ordering is "stolen" from output from MIPSpro assembler +# invoked with -mips3 -O3 arguments... +$code.=<<___; +.align 5 +.ent _mips_AES_encrypt +_mips_AES_encrypt: + .frame $sp,0,$ra + .set reorder + lw $t0,0($key) + lw $t1,4($key) + lw $t2,8($key) + lw $t3,12($key) + lw $cnt,240($key) + $PTR_ADD $key0,$key,16 + + xor $s0,$t0 + xor $s1,$t1 + xor $s2,$t2 + xor $s3,$t3 + + sub $cnt,1 + _xtr $i0,$s1,16-2 +.Loop_enc: + _xtr $i1,$s2,16-2 + _xtr $i2,$s3,16-2 + _xtr $i3,$s0,16-2 + and $i0,0x3fc + and $i1,0x3fc + and $i2,0x3fc + and $i3,0x3fc + $PTR_ADD $i0,$Tbl + $PTR_ADD $i1,$Tbl + $PTR_ADD $i2,$Tbl + $PTR_ADD $i3,$Tbl + lwl $t0,3($i0) # Te1[s1>>16] + lwl $t1,3($i1) # Te1[s2>>16] + lwl $t2,3($i2) # Te1[s3>>16] + lwl $t3,3($i3) # Te1[s0>>16] + lwr $t0,2($i0) # Te1[s1>>16] + lwr $t1,2($i1) # Te1[s2>>16] + lwr $t2,2($i2) # Te1[s3>>16] + lwr $t3,2($i3) # Te1[s0>>16] + + _xtr $i0,$s2,8-2 + _xtr $i1,$s3,8-2 + _xtr $i2,$s0,8-2 + _xtr $i3,$s1,8-2 + and $i0,0x3fc + and $i1,0x3fc + and $i2,0x3fc + and $i3,0x3fc + $PTR_ADD $i0,$Tbl + $PTR_ADD $i1,$Tbl + $PTR_ADD $i2,$Tbl + $PTR_ADD $i3,$Tbl + lwl $t4,2($i0) # Te2[s2>>8] + lwl $t5,2($i1) # Te2[s3>>8] + lwl $t6,2($i2) # Te2[s0>>8] + lwl $t7,2($i3) # Te2[s1>>8] + lwr $t4,1($i0) # Te2[s2>>8] + lwr $t5,1($i1) # Te2[s3>>8] + lwr $t6,1($i2) # Te2[s0>>8] + lwr $t7,1($i3) # Te2[s1>>8] + + _xtr $i0,$s3,0-2 + _xtr $i1,$s0,0-2 + _xtr $i2,$s1,0-2 + _xtr $i3,$s2,0-2 + and $i0,0x3fc + and $i1,0x3fc + and $i2,0x3fc + and $i3,0x3fc + $PTR_ADD $i0,$Tbl + $PTR_ADD $i1,$Tbl + $PTR_ADD $i2,$Tbl + $PTR_ADD $i3,$Tbl + lwl $t8,1($i0) # Te3[s3] + lwl $t9,1($i1) # Te3[s0] + lwl $t10,1($i2) # Te3[s1] + lwl $t11,1($i3) # Te3[s2] + lwr $t8,0($i0) # Te3[s3] + lwr $t9,0($i1) # Te3[s0] + lwr $t10,0($i2) # Te3[s1] + lwr $t11,0($i3) # Te3[s2] + + _xtr $i0,$s0,24-2 + _xtr $i1,$s1,24-2 + _xtr $i2,$s2,24-2 + _xtr $i3,$s3,24-2 + and $i0,0x3fc + and $i1,0x3fc + and $i2,0x3fc + and $i3,0x3fc + $PTR_ADD $i0,$Tbl + $PTR_ADD $i1,$Tbl + $PTR_ADD $i2,$Tbl + $PTR_ADD $i3,$Tbl + xor $t0,$t4 + xor $t1,$t5 + xor $t2,$t6 + xor $t3,$t7 + lw $t4,0($i0) # Te0[s0>>24] + lw $t5,0($i1) # Te0[s1>>24] + lw $t6,0($i2) # Te0[s2>>24] + lw $t7,0($i3) # Te0[s3>>24] + + lw $s0,0($key0) + lw $s1,4($key0) + lw $s2,8($key0) + lw $s3,12($key0) + + xor $t0,$t8 + xor $t1,$t9 + xor $t2,$t10 + xor $t3,$t11 + + xor $t0,$t4 + xor $t1,$t5 + xor $t2,$t6 + xor $t3,$t7 + + sub $cnt,1 + $PTR_ADD $key0,16 + xor $s0,$t0 + xor $s1,$t1 + xor $s2,$t2 + xor $s3,$t3 + .set noreorder + bnez $cnt,.Loop_enc + _xtr $i0,$s1,16-2 + + .set reorder + _xtr $i1,$s2,16-2 + _xtr $i2,$s3,16-2 + _xtr $i3,$s0,16-2 + and $i0,0x3fc + and $i1,0x3fc + and $i2,0x3fc + and $i3,0x3fc + $PTR_ADD $i0,$Tbl + $PTR_ADD $i1,$Tbl + $PTR_ADD $i2,$Tbl + $PTR_ADD $i3,$Tbl + lbu $t0,2($i0) # Te4[s1>>16] + lbu $t1,2($i1) # Te4[s2>>16] + lbu $t2,2($i2) # Te4[s3>>16] + lbu $t3,2($i3) # Te4[s0>>16] + + _xtr $i0,$s2,8-2 + _xtr $i1,$s3,8-2 + _xtr $i2,$s0,8-2 + _xtr $i3,$s1,8-2 + and $i0,0x3fc + and $i1,0x3fc + and $i2,0x3fc + and $i3,0x3fc + $PTR_ADD $i0,$Tbl + $PTR_ADD $i1,$Tbl + $PTR_ADD $i2,$Tbl + $PTR_ADD $i3,$Tbl + lbu $t4,2($i0) # Te4[s2>>8] + lbu $t5,2($i1) # Te4[s3>>8] + lbu $t6,2($i2) # Te4[s0>>8] + lbu $t7,2($i3) # Te4[s1>>8] + + _xtr $i0,$s0,24-2 + _xtr $i1,$s1,24-2 + _xtr $i2,$s2,24-2 + _xtr $i3,$s3,24-2 + and $i0,0x3fc + and $i1,0x3fc + and $i2,0x3fc + and $i3,0x3fc + $PTR_ADD $i0,$Tbl + $PTR_ADD $i1,$Tbl + $PTR_ADD $i2,$Tbl + $PTR_ADD $i3,$Tbl + lbu $t8,2($i0) # Te4[s0>>24] + lbu $t9,2($i1) # Te4[s1>>24] + lbu $t10,2($i2) # Te4[s2>>24] + lbu $t11,2($i3) # Te4[s3>>24] + + _xtr $i0,$s3,0-2 + _xtr $i1,$s0,0-2 + _xtr $i2,$s1,0-2 + _xtr $i3,$s2,0-2 + and $i0,0x3fc + and $i1,0x3fc + and $i2,0x3fc + and $i3,0x3fc + + _ins $t0,16 + _ins $t1,16 + _ins $t2,16 + _ins $t3,16 + + _ins $t4,8 + _ins $t5,8 + _ins $t6,8 + _ins $t7,8 + + xor $t0,$t4 + xor $t1,$t5 + xor $t2,$t6 + xor $t3,$t7 + + $PTR_ADD $i0,$Tbl + $PTR_ADD $i1,$Tbl + $PTR_ADD $i2,$Tbl + $PTR_ADD $i3,$Tbl + lbu $t4,2($i0) # Te4[s3] + lbu $t5,2($i1) # Te4[s0] + lbu $t6,2($i2) # Te4[s1] + lbu $t7,2($i3) # Te4[s2] + + _ins $t8,24 + _ins $t9,24 + _ins $t10,24 + _ins $t11,24 + + lw $s0,0($key0) + lw $s1,4($key0) + lw $s2,8($key0) + lw $s3,12($key0) + + xor $t0,$t8 + xor $t1,$t9 + xor $t2,$t10 + xor $t3,$t11 + + _ins $t4,0 + _ins $t5,0 + _ins $t6,0 + _ins $t7,0 + + xor $t0,$t4 + xor $t1,$t5 + xor $t2,$t6 + xor $t3,$t7 + + xor $s0,$t0 + xor $s1,$t1 + xor $s2,$t2 + xor $s3,$t3 + + jr $ra +.end _mips_AES_encrypt + +.align 5 +.globl AES_encrypt +.ent AES_encrypt +AES_encrypt: + .frame $sp,$FRAMESIZE,$ra + .mask $SAVED_REGS_MASK,-$SZREG + .set noreorder +___ +$code.=<<___ if ($flavour =~ /o32/i); # o32 PIC-ification + .cpload $pf +___ +$code.=<<___; + $PTR_SUB $sp,$FRAMESIZE + $REG_S $ra,$FRAMESIZE-1*$SZREG($sp) + $REG_S $fp,$FRAMESIZE-2*$SZREG($sp) + $REG_S $s11,$FRAMESIZE-3*$SZREG($sp) + $REG_S $s10,$FRAMESIZE-4*$SZREG($sp) + $REG_S $s9,$FRAMESIZE-5*$SZREG($sp) + $REG_S $s8,$FRAMESIZE-6*$SZREG($sp) + $REG_S $s7,$FRAMESIZE-7*$SZREG($sp) + $REG_S $s6,$FRAMESIZE-8*$SZREG($sp) + $REG_S $s5,$FRAMESIZE-9*$SZREG($sp) + $REG_S $s4,$FRAMESIZE-10*$SZREG($sp) +___ +$code.=<<___ if ($flavour =~ /nubi/i); # optimize non-nubi prologue + $REG_S \$15,$FRAMESIZE-11*$SZREG($sp) + $REG_S \$14,$FRAMESIZE-12*$SZREG($sp) + $REG_S \$13,$FRAMESIZE-13*$SZREG($sp) + $REG_S \$12,$FRAMESIZE-14*$SZREG($sp) + $REG_S $gp,$FRAMESIZE-15*$SZREG($sp) +___ +$code.=<<___ if ($flavour !~ /o32/i); # non-o32 PIC-ification + .cplocal $Tbl + .cpsetup $pf,$zero,AES_encrypt +___ +$code.=<<___; + .set reorder + $LA $Tbl,AES_Te # PIC-ified 'load address' + + lwl $s0,0+$MSB($inp) + lwl $s1,4+$MSB($inp) + lwl $s2,8+$MSB($inp) + lwl $s3,12+$MSB($inp) + lwr $s0,0+$LSB($inp) + lwr $s1,4+$LSB($inp) + lwr $s2,8+$LSB($inp) + lwr $s3,12+$LSB($inp) + + bal _mips_AES_encrypt + + swr $s0,0+$LSB($out) + swr $s1,4+$LSB($out) + swr $s2,8+$LSB($out) + swr $s3,12+$LSB($out) + swl $s0,0+$MSB($out) + swl $s1,4+$MSB($out) + swl $s2,8+$MSB($out) + swl $s3,12+$MSB($out) + + .set noreorder + $REG_L $ra,$FRAMESIZE-1*$SZREG($sp) + $REG_L $fp,$FRAMESIZE-2*$SZREG($sp) + $REG_L $s11,$FRAMESIZE-3*$SZREG($sp) + $REG_L $s10,$FRAMESIZE-4*$SZREG($sp) + $REG_L $s9,$FRAMESIZE-5*$SZREG($sp) + $REG_L $s8,$FRAMESIZE-6*$SZREG($sp) + $REG_L $s7,$FRAMESIZE-7*$SZREG($sp) + $REG_L $s6,$FRAMESIZE-8*$SZREG($sp) + $REG_L $s5,$FRAMESIZE-9*$SZREG($sp) + $REG_L $s4,$FRAMESIZE-10*$SZREG($sp) +___ +$code.=<<___ if ($flavour =~ /nubi/i); + $REG_L \$15,$FRAMESIZE-11*$SZREG($sp) + $REG_L \$14,$FRAMESIZE-12*$SZREG($sp) + $REG_L \$13,$FRAMESIZE-13*$SZREG($sp) + $REG_L \$12,$FRAMESIZE-14*$SZREG($sp) + $REG_L $gp,$FRAMESIZE-15*$SZREG($sp) +___ +$code.=<<___; + jr $ra + $PTR_ADD $sp,$FRAMESIZE +.end AES_encrypt +___ + +$code.=<<___; +.align 5 +.ent _mips_AES_decrypt +_mips_AES_decrypt: + .frame $sp,0,$ra + .set reorder + lw $t0,0($key) + lw $t1,4($key) + lw $t2,8($key) + lw $t3,12($key) + lw $cnt,240($key) + $PTR_ADD $key0,$key,16 + + xor $s0,$t0 + xor $s1,$t1 + xor $s2,$t2 + xor $s3,$t3 + + sub $cnt,1 + _xtr $i0,$s3,16-2 +.Loop_dec: + _xtr $i1,$s0,16-2 + _xtr $i2,$s1,16-2 + _xtr $i3,$s2,16-2 + and $i0,0x3fc + and $i1,0x3fc + and $i2,0x3fc + and $i3,0x3fc + $PTR_ADD $i0,$Tbl + $PTR_ADD $i1,$Tbl + $PTR_ADD $i2,$Tbl + $PTR_ADD $i3,$Tbl + lwl $t0,3($i0) # Td1[s3>>16] + lwl $t1,3($i1) # Td1[s0>>16] + lwl $t2,3($i2) # Td1[s1>>16] + lwl $t3,3($i3) # Td1[s2>>16] + lwr $t0,2($i0) # Td1[s3>>16] + lwr $t1,2($i1) # Td1[s0>>16] + lwr $t2,2($i2) # Td1[s1>>16] + lwr $t3,2($i3) # Td1[s2>>16] + + _xtr $i0,$s2,8-2 + _xtr $i1,$s3,8-2 + _xtr $i2,$s0,8-2 + _xtr $i3,$s1,8-2 + and $i0,0x3fc + and $i1,0x3fc + and $i2,0x3fc + and $i3,0x3fc + $PTR_ADD $i0,$Tbl + $PTR_ADD $i1,$Tbl + $PTR_ADD $i2,$Tbl + $PTR_ADD $i3,$Tbl + lwl $t4,2($i0) # Td2[s2>>8] + lwl $t5,2($i1) # Td2[s3>>8] + lwl $t6,2($i2) # Td2[s0>>8] + lwl $t7,2($i3) # Td2[s1>>8] + lwr $t4,1($i0) # Td2[s2>>8] + lwr $t5,1($i1) # Td2[s3>>8] + lwr $t6,1($i2) # Td2[s0>>8] + lwr $t7,1($i3) # Td2[s1>>8] + + _xtr $i0,$s1,0-2 + _xtr $i1,$s2,0-2 + _xtr $i2,$s3,0-2 + _xtr $i3,$s0,0-2 + and $i0,0x3fc + and $i1,0x3fc + and $i2,0x3fc + and $i3,0x3fc + $PTR_ADD $i0,$Tbl + $PTR_ADD $i1,$Tbl + $PTR_ADD $i2,$Tbl + $PTR_ADD $i3,$Tbl + lwl $t8,1($i0) # Td3[s1] + lwl $t9,1($i1) # Td3[s2] + lwl $t10,1($i2) # Td3[s3] + lwl $t11,1($i3) # Td3[s0] + lwr $t8,0($i0) # Td3[s1] + lwr $t9,0($i1) # Td3[s2] + lwr $t10,0($i2) # Td3[s3] + lwr $t11,0($i3) # Td3[s0] + + _xtr $i0,$s0,24-2 + _xtr $i1,$s1,24-2 + _xtr $i2,$s2,24-2 + _xtr $i3,$s3,24-2 + and $i0,0x3fc + and $i1,0x3fc + and $i2,0x3fc + and $i3,0x3fc + $PTR_ADD $i0,$Tbl + $PTR_ADD $i1,$Tbl + $PTR_ADD $i2,$Tbl + $PTR_ADD $i3,$Tbl + + xor $t0,$t4 + xor $t1,$t5 + xor $t2,$t6 + xor $t3,$t7 + + + lw $t4,0($i0) # Td0[s0>>24] + lw $t5,0($i1) # Td0[s1>>24] + lw $t6,0($i2) # Td0[s2>>24] + lw $t7,0($i3) # Td0[s3>>24] + + lw $s0,0($key0) + lw $s1,4($key0) + lw $s2,8($key0) + lw $s3,12($key0) + + xor $t0,$t8 + xor $t1,$t9 + xor $t2,$t10 + xor $t3,$t11 + + xor $t0,$t4 + xor $t1,$t5 + xor $t2,$t6 + xor $t3,$t7 + + sub $cnt,1 + $PTR_ADD $key0,16 + xor $s0,$t0 + xor $s1,$t1 + xor $s2,$t2 + xor $s3,$t3 + .set noreorder + bnez $cnt,.Loop_dec + _xtr $i0,$s3,16-2 + + .set reorder + lw $t4,1024($Tbl) # prefetch Td4 + lw $t5,1024+32($Tbl) + lw $t6,1024+64($Tbl) + lw $t7,1024+96($Tbl) + lw $t8,1024+128($Tbl) + lw $t9,1024+160($Tbl) + lw $t10,1024+192($Tbl) + lw $t11,1024+224($Tbl) + + _xtr $i0,$s3,16 + _xtr $i1,$s0,16 + _xtr $i2,$s1,16 + _xtr $i3,$s2,16 + and $i0,0xff + and $i1,0xff + and $i2,0xff + and $i3,0xff + $PTR_ADD $i0,$Tbl + $PTR_ADD $i1,$Tbl + $PTR_ADD $i2,$Tbl + $PTR_ADD $i3,$Tbl + lbu $t0,1024($i0) # Td4[s3>>16] + lbu $t1,1024($i1) # Td4[s0>>16] + lbu $t2,1024($i2) # Td4[s1>>16] + lbu $t3,1024($i3) # Td4[s2>>16] + + _xtr $i0,$s2,8 + _xtr $i1,$s3,8 + _xtr $i2,$s0,8 + _xtr $i3,$s1,8 + and $i0,0xff + and $i1,0xff + and $i2,0xff + and $i3,0xff + $PTR_ADD $i0,$Tbl + $PTR_ADD $i1,$Tbl + $PTR_ADD $i2,$Tbl + $PTR_ADD $i3,$Tbl + lbu $t4,1024($i0) # Td4[s2>>8] + lbu $t5,1024($i1) # Td4[s3>>8] + lbu $t6,1024($i2) # Td4[s0>>8] + lbu $t7,1024($i3) # Td4[s1>>8] + + _xtr $i0,$s0,24 + _xtr $i1,$s1,24 + _xtr $i2,$s2,24 + _xtr $i3,$s3,24 + $PTR_ADD $i0,$Tbl + $PTR_ADD $i1,$Tbl + $PTR_ADD $i2,$Tbl + $PTR_ADD $i3,$Tbl + lbu $t8,1024($i0) # Td4[s0>>24] + lbu $t9,1024($i1) # Td4[s1>>24] + lbu $t10,1024($i2) # Td4[s2>>24] + lbu $t11,1024($i3) # Td4[s3>>24] + + _xtr $i0,$s1,0 + _xtr $i1,$s2,0 + _xtr $i2,$s3,0 + _xtr $i3,$s0,0 + + _ins $t0,16 + _ins $t1,16 + _ins $t2,16 + _ins $t3,16 + + _ins $t4,8 + _ins $t5,8 + _ins $t6,8 + _ins $t7,8 + + xor $t0,$t4 + xor $t1,$t5 + xor $t2,$t6 + xor $t3,$t7 + + $PTR_ADD $i0,$Tbl + $PTR_ADD $i1,$Tbl + $PTR_ADD $i2,$Tbl + $PTR_ADD $i3,$Tbl + lbu $t4,1024($i0) # Td4[s1] + lbu $t5,1024($i1) # Td4[s2] + lbu $t6,1024($i2) # Td4[s3] + lbu $t7,1024($i3) # Td4[s0] + + _ins $t8,24 + _ins $t9,24 + _ins $t10,24 + _ins $t11,24 + + lw $s0,0($key0) + lw $s1,4($key0) + lw $s2,8($key0) + lw $s3,12($key0) + + _ins $t4,0 + _ins $t5,0 + _ins $t6,0 + _ins $t7,0 + + + xor $t0,$t8 + xor $t1,$t9 + xor $t2,$t10 + xor $t3,$t11 + + xor $t0,$t4 + xor $t1,$t5 + xor $t2,$t6 + xor $t3,$t7 + + xor $s0,$t0 + xor $s1,$t1 + xor $s2,$t2 + xor $s3,$t3 + + jr $ra +.end _mips_AES_decrypt + +.align 5 +.globl AES_decrypt +.ent AES_decrypt +AES_decrypt: + .frame $sp,$FRAMESIZE,$ra + .mask $SAVED_REGS_MASK,-$SZREG + .set noreorder +___ +$code.=<<___ if ($flavour =~ /o32/i); # o32 PIC-ification + .cpload $pf +___ +$code.=<<___; + $PTR_SUB $sp,$FRAMESIZE + $REG_S $ra,$FRAMESIZE-1*$SZREG($sp) + $REG_S $fp,$FRAMESIZE-2*$SZREG($sp) + $REG_S $s11,$FRAMESIZE-3*$SZREG($sp) + $REG_S $s10,$FRAMESIZE-4*$SZREG($sp) + $REG_S $s9,$FRAMESIZE-5*$SZREG($sp) + $REG_S $s8,$FRAMESIZE-6*$SZREG($sp) + $REG_S $s7,$FRAMESIZE-7*$SZREG($sp) + $REG_S $s6,$FRAMESIZE-8*$SZREG($sp) + $REG_S $s5,$FRAMESIZE-9*$SZREG($sp) + $REG_S $s4,$FRAMESIZE-10*$SZREG($sp) +___ +$code.=<<___ if ($flavour =~ /nubi/i); # optimize non-nubi prologue + $REG_S \$15,$FRAMESIZE-11*$SZREG($sp) + $REG_S \$14,$FRAMESIZE-12*$SZREG($sp) + $REG_S \$13,$FRAMESIZE-13*$SZREG($sp) + $REG_S \$12,$FRAMESIZE-14*$SZREG($sp) + $REG_S $gp,$FRAMESIZE-15*$SZREG($sp) +___ +$code.=<<___ if ($flavour !~ /o32/i); # non-o32 PIC-ification + .cplocal $Tbl + .cpsetup $pf,$zero,AES_decrypt +___ +$code.=<<___; + .set reorder + $LA $Tbl,AES_Td # PIC-ified 'load address' + + lwl $s0,0+$MSB($inp) + lwl $s1,4+$MSB($inp) + lwl $s2,8+$MSB($inp) + lwl $s3,12+$MSB($inp) + lwr $s0,0+$LSB($inp) + lwr $s1,4+$LSB($inp) + lwr $s2,8+$LSB($inp) + lwr $s3,12+$LSB($inp) + + bal _mips_AES_decrypt + + swr $s0,0+$LSB($out) + swr $s1,4+$LSB($out) + swr $s2,8+$LSB($out) + swr $s3,12+$LSB($out) + swl $s0,0+$MSB($out) + swl $s1,4+$MSB($out) + swl $s2,8+$MSB($out) + swl $s3,12+$MSB($out) + + .set noreorder + $REG_L $ra,$FRAMESIZE-1*$SZREG($sp) + $REG_L $fp,$FRAMESIZE-2*$SZREG($sp) + $REG_L $s11,$FRAMESIZE-3*$SZREG($sp) + $REG_L $s10,$FRAMESIZE-4*$SZREG($sp) + $REG_L $s9,$FRAMESIZE-5*$SZREG($sp) + $REG_L $s8,$FRAMESIZE-6*$SZREG($sp) + $REG_L $s7,$FRAMESIZE-7*$SZREG($sp) + $REG_L $s6,$FRAMESIZE-8*$SZREG($sp) + $REG_L $s5,$FRAMESIZE-9*$SZREG($sp) + $REG_L $s4,$FRAMESIZE-10*$SZREG($sp) +___ +$code.=<<___ if ($flavour =~ /nubi/i); + $REG_L \$15,$FRAMESIZE-11*$SZREG($sp) + $REG_L \$14,$FRAMESIZE-12*$SZREG($sp) + $REG_L \$13,$FRAMESIZE-13*$SZREG($sp) + $REG_L \$12,$FRAMESIZE-14*$SZREG($sp) + $REG_L $gp,$FRAMESIZE-15*$SZREG($sp) +___ +$code.=<<___; + jr $ra + $PTR_ADD $sp,$FRAMESIZE +.end AES_decrypt +___ +}}} + +{{{ +my $FRAMESIZE=8*$SZREG; +my $SAVED_REGS_MASK = ($flavour =~ /nubi/i) ? 0xc000f008 : 0xc0000000; + +my ($inp,$bits,$key,$Tbl)=($a0,$a1,$a2,$a3); +my ($rk0,$rk1,$rk2,$rk3,$rk4,$rk5,$rk6,$rk7)=($a4,$a5,$a6,$a7,$s0,$s1,$s2,$s3); +my ($i0,$i1,$i2,$i3)=($at,$t0,$t1,$t2); +my ($rcon,$cnt)=($gp,$fp); + +$code.=<<___; +.align 5 +.ent _mips_AES_set_encrypt_key +_mips_AES_set_encrypt_key: + .frame $sp,0,$ra + .set noreorder + beqz $inp,.Lekey_done + li $t0,-1 + beqz $key,.Lekey_done + $PTR_ADD $rcon,$Tbl,1024+256 + + .set reorder + lwl $rk0,0+$MSB($inp) # load 128 bits + lwl $rk1,4+$MSB($inp) + lwl $rk2,8+$MSB($inp) + lwl $rk3,12+$MSB($inp) + li $at,128 + lwr $rk0,0+$LSB($inp) + lwr $rk1,4+$LSB($inp) + lwr $rk2,8+$LSB($inp) + lwr $rk3,12+$LSB($inp) + .set noreorder + beq $bits,$at,.L128bits + li $cnt,10 + + .set reorder + lwl $rk4,16+$MSB($inp) # load 192 bits + lwl $rk5,20+$MSB($inp) + li $at,192 + lwr $rk4,16+$LSB($inp) + lwr $rk5,20+$LSB($inp) + .set noreorder + beq $bits,$at,.L192bits + li $cnt,8 + + .set reorder + lwl $rk6,24+$MSB($inp) # load 256 bits + lwl $rk7,28+$MSB($inp) + li $at,256 + lwr $rk6,24+$LSB($inp) + lwr $rk7,28+$LSB($inp) + .set noreorder + beq $bits,$at,.L256bits + li $cnt,7 + + b .Lekey_done + li $t0,-2 + +.align 4 +.L128bits: + .set reorder + srl $i0,$rk3,16 + srl $i1,$rk3,8 + and $i0,0xff + and $i1,0xff + and $i2,$rk3,0xff + srl $i3,$rk3,24 + $PTR_ADD $i0,$Tbl + $PTR_ADD $i1,$Tbl + $PTR_ADD $i2,$Tbl + $PTR_ADD $i3,$Tbl + lbu $i0,1024($i0) + lbu $i1,1024($i1) + lbu $i2,1024($i2) + lbu $i3,1024($i3) + + sw $rk0,0($key) + sw $rk1,4($key) + sw $rk2,8($key) + sw $rk3,12($key) + sub $cnt,1 + $PTR_ADD $key,16 + + _bias $i0,24 + _bias $i1,16 + _bias $i2,8 + _bias $i3,0 + + xor $rk0,$i0 + lw $i0,0($rcon) + xor $rk0,$i1 + xor $rk0,$i2 + xor $rk0,$i3 + xor $rk0,$i0 + + xor $rk1,$rk0 + xor $rk2,$rk1 + xor $rk3,$rk2 + + .set noreorder + bnez $cnt,.L128bits + $PTR_ADD $rcon,4 + + sw $rk0,0($key) + sw $rk1,4($key) + sw $rk2,8($key) + li $cnt,10 + sw $rk3,12($key) + li $t0,0 + sw $cnt,80($key) + b .Lekey_done + $PTR_SUB $key,10*16 + +.align 4 +.L192bits: + .set reorder + srl $i0,$rk5,16 + srl $i1,$rk5,8 + and $i0,0xff + and $i1,0xff + and $i2,$rk5,0xff + srl $i3,$rk5,24 + $PTR_ADD $i0,$Tbl + $PTR_ADD $i1,$Tbl + $PTR_ADD $i2,$Tbl + $PTR_ADD $i3,$Tbl + lbu $i0,1024($i0) + lbu $i1,1024($i1) + lbu $i2,1024($i2) + lbu $i3,1024($i3) + + sw $rk0,0($key) + sw $rk1,4($key) + sw $rk2,8($key) + sw $rk3,12($key) + sw $rk4,16($key) + sw $rk5,20($key) + sub $cnt,1 + $PTR_ADD $key,24 + + _bias $i0,24 + _bias $i1,16 + _bias $i2,8 + _bias $i3,0 + + xor $rk0,$i0 + lw $i0,0($rcon) + xor $rk0,$i1 + xor $rk0,$i2 + xor $rk0,$i3 + xor $rk0,$i0 + + xor $rk1,$rk0 + xor $rk2,$rk1 + xor $rk3,$rk2 + xor $rk4,$rk3 + xor $rk5,$rk4 + + .set noreorder + bnez $cnt,.L192bits + $PTR_ADD $rcon,4 + + sw $rk0,0($key) + sw $rk1,4($key) + sw $rk2,8($key) + li $cnt,12 + sw $rk3,12($key) + li $t0,0 + sw $cnt,48($key) + b .Lekey_done + $PTR_SUB $key,12*16 + +.align 4 +.L256bits: + .set reorder + srl $i0,$rk7,16 + srl $i1,$rk7,8 + and $i0,0xff + and $i1,0xff + and $i2,$rk7,0xff + srl $i3,$rk7,24 + $PTR_ADD $i0,$Tbl + $PTR_ADD $i1,$Tbl + $PTR_ADD $i2,$Tbl + $PTR_ADD $i3,$Tbl + lbu $i0,1024($i0) + lbu $i1,1024($i1) + lbu $i2,1024($i2) + lbu $i3,1024($i3) + + sw $rk0,0($key) + sw $rk1,4($key) + sw $rk2,8($key) + sw $rk3,12($key) + sw $rk4,16($key) + sw $rk5,20($key) + sw $rk6,24($key) + sw $rk7,28($key) + sub $cnt,1 + + _bias $i0,24 + _bias $i1,16 + _bias $i2,8 + _bias $i3,0 + + xor $rk0,$i0 + lw $i0,0($rcon) + xor $rk0,$i1 + xor $rk0,$i2 + xor $rk0,$i3 + xor $rk0,$i0 + + xor $rk1,$rk0 + xor $rk2,$rk1 + xor $rk3,$rk2 + beqz $cnt,.L256bits_done + + srl $i0,$rk3,24 + srl $i1,$rk3,16 + srl $i2,$rk3,8 + and $i3,$rk3,0xff + and $i1,0xff + and $i2,0xff + $PTR_ADD $i0,$Tbl + $PTR_ADD $i1,$Tbl + $PTR_ADD $i2,$Tbl + $PTR_ADD $i3,$Tbl + lbu $i0,1024($i0) + lbu $i1,1024($i1) + lbu $i2,1024($i2) + lbu $i3,1024($i3) + sll $i0,24 + sll $i1,16 + sll $i2,8 + + xor $rk4,$i0 + xor $rk4,$i1 + xor $rk4,$i2 + xor $rk4,$i3 + + xor $rk5,$rk4 + xor $rk6,$rk5 + xor $rk7,$rk6 + + $PTR_ADD $key,32 + .set noreorder + b .L256bits + $PTR_ADD $rcon,4 + +.L256bits_done: + sw $rk0,32($key) + sw $rk1,36($key) + sw $rk2,40($key) + li $cnt,14 + sw $rk3,44($key) + li $t0,0 + sw $cnt,48($key) + $PTR_SUB $key,12*16 + +.Lekey_done: + jr $ra + nop +.end _mips_AES_set_encrypt_key + +.globl AES_set_encrypt_key +.ent AES_set_encrypt_key +AES_set_encrypt_key: + .frame $sp,$FRAMESIZE,$ra + .mask $SAVED_REGS_MASK,-$SZREG + .set noreorder +___ +$code.=<<___ if ($flavour =~ /o32/i); # o32 PIC-ification + .cpload $pf +___ +$code.=<<___; + $PTR_SUB $sp,$FRAMESIZE + $REG_S $ra,$FRAMESIZE-1*$SZREG($sp) + $REG_S $fp,$FRAMESIZE-2*$SZREG($sp) +___ +$code.=<<___ if ($flavour =~ /nubi/i); # optimize non-nubi prologue + $REG_S $s3,$FRAMESIZE-3*$SZREG($sp) + $REG_S $s2,$FRAMESIZE-4*$SZREG($sp) + $REG_S $s1,$FRAMESIZE-5*$SZREG($sp) + $REG_S $s0,$FRAMESIZE-6*$SZREG($sp) + $REG_S $gp,$FRAMESIZE-7*$SZREG($sp) +___ +$code.=<<___ if ($flavour !~ /o32/i); # non-o32 PIC-ification + .cplocal $Tbl + .cpsetup $pf,$zero,AES_set_encrypt_key +___ +$code.=<<___; + .set reorder + $LA $Tbl,AES_Te # PIC-ified 'load address' + + bal _mips_AES_set_encrypt_key + + .set noreorder + move $a0,$t0 + $REG_L $ra,$FRAMESIZE-1*$SZREG($sp) + $REG_L $fp,$FRAMESIZE-2*$SZREG($sp) +___ +$code.=<<___ if ($flavour =~ /nubi/i); + $REG_L $s3,$FRAMESIZE-11*$SZREG($sp) + $REG_L $s2,$FRAMESIZE-12*$SZREG($sp) + $REG_L $s1,$FRAMESIZE-13*$SZREG($sp) + $REG_L $s0,$FRAMESIZE-14*$SZREG($sp) + $REG_L $gp,$FRAMESIZE-15*$SZREG($sp) +___ +$code.=<<___; + jr $ra + $PTR_ADD $sp,$FRAMESIZE +.end AES_set_encrypt_key +___ + +my ($head,$tail)=($inp,$bits); +my ($tp1,$tp2,$tp4,$tp8,$tp9,$tpb,$tpd,$tpe)=($a4,$a5,$a6,$a7,$s0,$s1,$s2,$s3); +my ($m,$x80808080,$x7f7f7f7f,$x1b1b1b1b)=($at,$t0,$t1,$t2); +$code.=<<___; +.align 5 +.globl AES_set_decrypt_key +.ent AES_set_decrypt_key +AES_set_decrypt_key: + .frame $sp,$FRAMESIZE,$ra + .mask $SAVED_REGS_MASK,-$SZREG + .set noreorder +___ +$code.=<<___ if ($flavour =~ /o32/i); # o32 PIC-ification + .cpload $pf +___ +$code.=<<___; + $PTR_SUB $sp,$FRAMESIZE + $REG_S $ra,$FRAMESIZE-1*$SZREG($sp) + $REG_S $fp,$FRAMESIZE-2*$SZREG($sp) +___ +$code.=<<___ if ($flavour =~ /nubi/i); # optimize non-nubi prologue + $REG_S $s3,$FRAMESIZE-3*$SZREG($sp) + $REG_S $s2,$FRAMESIZE-4*$SZREG($sp) + $REG_S $s1,$FRAMESIZE-5*$SZREG($sp) + $REG_S $s0,$FRAMESIZE-6*$SZREG($sp) + $REG_S $gp,$FRAMESIZE-7*$SZREG($sp) +___ +$code.=<<___ if ($flavour !~ /o32/i); # non-o32 PIC-ification + .cplocal $Tbl + .cpsetup $pf,$zero,AES_set_decrypt_key +___ +$code.=<<___; + .set reorder + $LA $Tbl,AES_Te # PIC-ified 'load address' + + bal _mips_AES_set_encrypt_key + + bltz $t0,.Ldkey_done + + sll $at,$cnt,4 + $PTR_ADD $head,$key,0 + $PTR_ADD $tail,$key,$at +.align 4 +.Lswap: + lw $rk0,0($head) + lw $rk1,4($head) + lw $rk2,8($head) + lw $rk3,12($head) + lw $rk4,0($tail) + lw $rk5,4($tail) + lw $rk6,8($tail) + lw $rk7,12($tail) + sw $rk0,0($tail) + sw $rk1,4($tail) + sw $rk2,8($tail) + sw $rk3,12($tail) + $PTR_ADD $head,16 + $PTR_SUB $tail,16 + sw $rk4,-16($head) + sw $rk5,-12($head) + sw $rk6,-8($head) + sw $rk7,-4($head) + bne $head,$tail,.Lswap + + lw $tp1,16($key) # modulo-scheduled + lui $x80808080,0x8080 + sub $cnt,1 + or $x80808080,0x8080 + sll $cnt,2 + $PTR_ADD $key,16 + lui $x1b1b1b1b,0x1b1b + nor $x7f7f7f7f,$zero,$x80808080 + or $x1b1b1b1b,0x1b1b +.align 4 +.Lmix: + and $m,$tp1,$x80808080 + and $tp2,$tp1,$x7f7f7f7f + srl $tp4,$m,7 + addu $tp2,$tp2 # tp2<<1 + subu $m,$tp4 + and $m,$x1b1b1b1b + xor $tp2,$m + + and $m,$tp2,$x80808080 + and $tp4,$tp2,$x7f7f7f7f + srl $tp8,$m,7 + addu $tp4,$tp4 # tp4<<1 + subu $m,$tp8 + and $m,$x1b1b1b1b + xor $tp4,$m + + and $m,$tp4,$x80808080 + and $tp8,$tp4,$x7f7f7f7f + srl $tp9,$m,7 + addu $tp8,$tp8 # tp8<<1 + subu $m,$tp9 + and $m,$x1b1b1b1b + xor $tp8,$m + + xor $tp9,$tp8,$tp1 + xor $tpe,$tp8,$tp4 + xor $tpb,$tp9,$tp2 + xor $tpd,$tp9,$tp4 + + _ror $tp1,$tpd,16 + xor $tpe,$tp2 + _ror $tp2,$tpd,-16 + xor $tpe,$tp1 + _ror $tp1,$tp9,8 + xor $tpe,$tp2 + _ror $tp2,$tp9,-24 + xor $tpe,$tp1 + _ror $tp1,$tpb,24 + xor $tpe,$tp2 + _ror $tp2,$tpb,-8 + xor $tpe,$tp1 + lw $tp1,4($key) # modulo-scheduled + xor $tpe,$tp2 + sub $cnt,1 + sw $tpe,0($key) + $PTR_ADD $key,4 + bnez $cnt,.Lmix + + li $t0,0 +.Ldkey_done: + .set noreorder + move $a0,$t0 + $REG_L $ra,$FRAMESIZE-1*$SZREG($sp) + $REG_L $fp,$FRAMESIZE-2*$SZREG($sp) +___ +$code.=<<___ if ($flavour =~ /nubi/i); + $REG_L $s3,$FRAMESIZE-11*$SZREG($sp) + $REG_L $s2,$FRAMESIZE-12*$SZREG($sp) + $REG_L $s1,$FRAMESIZE-13*$SZREG($sp) + $REG_L $s0,$FRAMESIZE-14*$SZREG($sp) + $REG_L $gp,$FRAMESIZE-15*$SZREG($sp) +___ +$code.=<<___; + jr $ra + $PTR_ADD $sp,$FRAMESIZE +.end AES_set_decrypt_key +___ +}}} + +###################################################################### +# Tables are kept in endian-neutral manner +$code.=<<___; +.rdata +.align 6 +AES_Te: +.byte 0xc6,0x63,0x63,0xa5, 0xf8,0x7c,0x7c,0x84 # Te0 +.byte 0xee,0x77,0x77,0x99, 0xf6,0x7b,0x7b,0x8d +.byte 0xff,0xf2,0xf2,0x0d, 0xd6,0x6b,0x6b,0xbd +.byte 0xde,0x6f,0x6f,0xb1, 0x91,0xc5,0xc5,0x54 +.byte 0x60,0x30,0x30,0x50, 0x02,0x01,0x01,0x03 +.byte 0xce,0x67,0x67,0xa9, 0x56,0x2b,0x2b,0x7d +.byte 0xe7,0xfe,0xfe,0x19, 0xb5,0xd7,0xd7,0x62 +.byte 0x4d,0xab,0xab,0xe6, 0xec,0x76,0x76,0x9a +.byte 0x8f,0xca,0xca,0x45, 0x1f,0x82,0x82,0x9d +.byte 0x89,0xc9,0xc9,0x40, 0xfa,0x7d,0x7d,0x87 +.byte 0xef,0xfa,0xfa,0x15, 0xb2,0x59,0x59,0xeb +.byte 0x8e,0x47,0x47,0xc9, 0xfb,0xf0,0xf0,0x0b +.byte 0x41,0xad,0xad,0xec, 0xb3,0xd4,0xd4,0x67 +.byte 0x5f,0xa2,0xa2,0xfd, 0x45,0xaf,0xaf,0xea +.byte 0x23,0x9c,0x9c,0xbf, 0x53,0xa4,0xa4,0xf7 +.byte 0xe4,0x72,0x72,0x96, 0x9b,0xc0,0xc0,0x5b +.byte 0x75,0xb7,0xb7,0xc2, 0xe1,0xfd,0xfd,0x1c +.byte 0x3d,0x93,0x93,0xae, 0x4c,0x26,0x26,0x6a +.byte 0x6c,0x36,0x36,0x5a, 0x7e,0x3f,0x3f,0x41 +.byte 0xf5,0xf7,0xf7,0x02, 0x83,0xcc,0xcc,0x4f +.byte 0x68,0x34,0x34,0x5c, 0x51,0xa5,0xa5,0xf4 +.byte 0xd1,0xe5,0xe5,0x34, 0xf9,0xf1,0xf1,0x08 +.byte 0xe2,0x71,0x71,0x93, 0xab,0xd8,0xd8,0x73 +.byte 0x62,0x31,0x31,0x53, 0x2a,0x15,0x15,0x3f +.byte 0x08,0x04,0x04,0x0c, 0x95,0xc7,0xc7,0x52 +.byte 0x46,0x23,0x23,0x65, 0x9d,0xc3,0xc3,0x5e +.byte 0x30,0x18,0x18,0x28, 0x37,0x96,0x96,0xa1 +.byte 0x0a,0x05,0x05,0x0f, 0x2f,0x9a,0x9a,0xb5 +.byte 0x0e,0x07,0x07,0x09, 0x24,0x12,0x12,0x36 +.byte 0x1b,0x80,0x80,0x9b, 0xdf,0xe2,0xe2,0x3d +.byte 0xcd,0xeb,0xeb,0x26, 0x4e,0x27,0x27,0x69 +.byte 0x7f,0xb2,0xb2,0xcd, 0xea,0x75,0x75,0x9f +.byte 0x12,0x09,0x09,0x1b, 0x1d,0x83,0x83,0x9e +.byte 0x58,0x2c,0x2c,0x74, 0x34,0x1a,0x1a,0x2e +.byte 0x36,0x1b,0x1b,0x2d, 0xdc,0x6e,0x6e,0xb2 +.byte 0xb4,0x5a,0x5a,0xee, 0x5b,0xa0,0xa0,0xfb +.byte 0xa4,0x52,0x52,0xf6, 0x76,0x3b,0x3b,0x4d +.byte 0xb7,0xd6,0xd6,0x61, 0x7d,0xb3,0xb3,0xce +.byte 0x52,0x29,0x29,0x7b, 0xdd,0xe3,0xe3,0x3e +.byte 0x5e,0x2f,0x2f,0x71, 0x13,0x84,0x84,0x97 +.byte 0xa6,0x53,0x53,0xf5, 0xb9,0xd1,0xd1,0x68 +.byte 0x00,0x00,0x00,0x00, 0xc1,0xed,0xed,0x2c +.byte 0x40,0x20,0x20,0x60, 0xe3,0xfc,0xfc,0x1f +.byte 0x79,0xb1,0xb1,0xc8, 0xb6,0x5b,0x5b,0xed +.byte 0xd4,0x6a,0x6a,0xbe, 0x8d,0xcb,0xcb,0x46 +.byte 0x67,0xbe,0xbe,0xd9, 0x72,0x39,0x39,0x4b +.byte 0x94,0x4a,0x4a,0xde, 0x98,0x4c,0x4c,0xd4 +.byte 0xb0,0x58,0x58,0xe8, 0x85,0xcf,0xcf,0x4a +.byte 0xbb,0xd0,0xd0,0x6b, 0xc5,0xef,0xef,0x2a +.byte 0x4f,0xaa,0xaa,0xe5, 0xed,0xfb,0xfb,0x16 +.byte 0x86,0x43,0x43,0xc5, 0x9a,0x4d,0x4d,0xd7 +.byte 0x66,0x33,0x33,0x55, 0x11,0x85,0x85,0x94 +.byte 0x8a,0x45,0x45,0xcf, 0xe9,0xf9,0xf9,0x10 +.byte 0x04,0x02,0x02,0x06, 0xfe,0x7f,0x7f,0x81 +.byte 0xa0,0x50,0x50,0xf0, 0x78,0x3c,0x3c,0x44 +.byte 0x25,0x9f,0x9f,0xba, 0x4b,0xa8,0xa8,0xe3 +.byte 0xa2,0x51,0x51,0xf3, 0x5d,0xa3,0xa3,0xfe +.byte 0x80,0x40,0x40,0xc0, 0x05,0x8f,0x8f,0x8a +.byte 0x3f,0x92,0x92,0xad, 0x21,0x9d,0x9d,0xbc +.byte 0x70,0x38,0x38,0x48, 0xf1,0xf5,0xf5,0x04 +.byte 0x63,0xbc,0xbc,0xdf, 0x77,0xb6,0xb6,0xc1 +.byte 0xaf,0xda,0xda,0x75, 0x42,0x21,0x21,0x63 +.byte 0x20,0x10,0x10,0x30, 0xe5,0xff,0xff,0x1a +.byte 0xfd,0xf3,0xf3,0x0e, 0xbf,0xd2,0xd2,0x6d +.byte 0x81,0xcd,0xcd,0x4c, 0x18,0x0c,0x0c,0x14 +.byte 0x26,0x13,0x13,0x35, 0xc3,0xec,0xec,0x2f +.byte 0xbe,0x5f,0x5f,0xe1, 0x35,0x97,0x97,0xa2 +.byte 0x88,0x44,0x44,0xcc, 0x2e,0x17,0x17,0x39 +.byte 0x93,0xc4,0xc4,0x57, 0x55,0xa7,0xa7,0xf2 +.byte 0xfc,0x7e,0x7e,0x82, 0x7a,0x3d,0x3d,0x47 +.byte 0xc8,0x64,0x64,0xac, 0xba,0x5d,0x5d,0xe7 +.byte 0x32,0x19,0x19,0x2b, 0xe6,0x73,0x73,0x95 +.byte 0xc0,0x60,0x60,0xa0, 0x19,0x81,0x81,0x98 +.byte 0x9e,0x4f,0x4f,0xd1, 0xa3,0xdc,0xdc,0x7f +.byte 0x44,0x22,0x22,0x66, 0x54,0x2a,0x2a,0x7e +.byte 0x3b,0x90,0x90,0xab, 0x0b,0x88,0x88,0x83 +.byte 0x8c,0x46,0x46,0xca, 0xc7,0xee,0xee,0x29 +.byte 0x6b,0xb8,0xb8,0xd3, 0x28,0x14,0x14,0x3c +.byte 0xa7,0xde,0xde,0x79, 0xbc,0x5e,0x5e,0xe2 +.byte 0x16,0x0b,0x0b,0x1d, 0xad,0xdb,0xdb,0x76 +.byte 0xdb,0xe0,0xe0,0x3b, 0x64,0x32,0x32,0x56 +.byte 0x74,0x3a,0x3a,0x4e, 0x14,0x0a,0x0a,0x1e +.byte 0x92,0x49,0x49,0xdb, 0x0c,0x06,0x06,0x0a +.byte 0x48,0x24,0x24,0x6c, 0xb8,0x5c,0x5c,0xe4 +.byte 0x9f,0xc2,0xc2,0x5d, 0xbd,0xd3,0xd3,0x6e +.byte 0x43,0xac,0xac,0xef, 0xc4,0x62,0x62,0xa6 +.byte 0x39,0x91,0x91,0xa8, 0x31,0x95,0x95,0xa4 +.byte 0xd3,0xe4,0xe4,0x37, 0xf2,0x79,0x79,0x8b +.byte 0xd5,0xe7,0xe7,0x32, 0x8b,0xc8,0xc8,0x43 +.byte 0x6e,0x37,0x37,0x59, 0xda,0x6d,0x6d,0xb7 +.byte 0x01,0x8d,0x8d,0x8c, 0xb1,0xd5,0xd5,0x64 +.byte 0x9c,0x4e,0x4e,0xd2, 0x49,0xa9,0xa9,0xe0 +.byte 0xd8,0x6c,0x6c,0xb4, 0xac,0x56,0x56,0xfa +.byte 0xf3,0xf4,0xf4,0x07, 0xcf,0xea,0xea,0x25 +.byte 0xca,0x65,0x65,0xaf, 0xf4,0x7a,0x7a,0x8e +.byte 0x47,0xae,0xae,0xe9, 0x10,0x08,0x08,0x18 +.byte 0x6f,0xba,0xba,0xd5, 0xf0,0x78,0x78,0x88 +.byte 0x4a,0x25,0x25,0x6f, 0x5c,0x2e,0x2e,0x72 +.byte 0x38,0x1c,0x1c,0x24, 0x57,0xa6,0xa6,0xf1 +.byte 0x73,0xb4,0xb4,0xc7, 0x97,0xc6,0xc6,0x51 +.byte 0xcb,0xe8,0xe8,0x23, 0xa1,0xdd,0xdd,0x7c +.byte 0xe8,0x74,0x74,0x9c, 0x3e,0x1f,0x1f,0x21 +.byte 0x96,0x4b,0x4b,0xdd, 0x61,0xbd,0xbd,0xdc +.byte 0x0d,0x8b,0x8b,0x86, 0x0f,0x8a,0x8a,0x85 +.byte 0xe0,0x70,0x70,0x90, 0x7c,0x3e,0x3e,0x42 +.byte 0x71,0xb5,0xb5,0xc4, 0xcc,0x66,0x66,0xaa +.byte 0x90,0x48,0x48,0xd8, 0x06,0x03,0x03,0x05 +.byte 0xf7,0xf6,0xf6,0x01, 0x1c,0x0e,0x0e,0x12 +.byte 0xc2,0x61,0x61,0xa3, 0x6a,0x35,0x35,0x5f +.byte 0xae,0x57,0x57,0xf9, 0x69,0xb9,0xb9,0xd0 +.byte 0x17,0x86,0x86,0x91, 0x99,0xc1,0xc1,0x58 +.byte 0x3a,0x1d,0x1d,0x27, 0x27,0x9e,0x9e,0xb9 +.byte 0xd9,0xe1,0xe1,0x38, 0xeb,0xf8,0xf8,0x13 +.byte 0x2b,0x98,0x98,0xb3, 0x22,0x11,0x11,0x33 +.byte 0xd2,0x69,0x69,0xbb, 0xa9,0xd9,0xd9,0x70 +.byte 0x07,0x8e,0x8e,0x89, 0x33,0x94,0x94,0xa7 +.byte 0x2d,0x9b,0x9b,0xb6, 0x3c,0x1e,0x1e,0x22 +.byte 0x15,0x87,0x87,0x92, 0xc9,0xe9,0xe9,0x20 +.byte 0x87,0xce,0xce,0x49, 0xaa,0x55,0x55,0xff +.byte 0x50,0x28,0x28,0x78, 0xa5,0xdf,0xdf,0x7a +.byte 0x03,0x8c,0x8c,0x8f, 0x59,0xa1,0xa1,0xf8 +.byte 0x09,0x89,0x89,0x80, 0x1a,0x0d,0x0d,0x17 +.byte 0x65,0xbf,0xbf,0xda, 0xd7,0xe6,0xe6,0x31 +.byte 0x84,0x42,0x42,0xc6, 0xd0,0x68,0x68,0xb8 +.byte 0x82,0x41,0x41,0xc3, 0x29,0x99,0x99,0xb0 +.byte 0x5a,0x2d,0x2d,0x77, 0x1e,0x0f,0x0f,0x11 +.byte 0x7b,0xb0,0xb0,0xcb, 0xa8,0x54,0x54,0xfc +.byte 0x6d,0xbb,0xbb,0xd6, 0x2c,0x16,0x16,0x3a + +.byte 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5 # Te4 +.byte 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76 +.byte 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0 +.byte 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0 +.byte 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc +.byte 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15 +.byte 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a +.byte 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75 +.byte 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0 +.byte 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84 +.byte 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b +.byte 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf +.byte 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85 +.byte 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8 +.byte 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5 +.byte 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2 +.byte 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17 +.byte 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73 +.byte 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88 +.byte 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb +.byte 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c +.byte 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79 +.byte 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9 +.byte 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08 +.byte 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6 +.byte 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a +.byte 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e +.byte 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e +.byte 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94 +.byte 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf +.byte 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68 +.byte 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 + +.byte 0x01,0x00,0x00,0x00, 0x02,0x00,0x00,0x00 # rcon +.byte 0x04,0x00,0x00,0x00, 0x08,0x00,0x00,0x00 +.byte 0x10,0x00,0x00,0x00, 0x20,0x00,0x00,0x00 +.byte 0x40,0x00,0x00,0x00, 0x80,0x00,0x00,0x00 +.byte 0x1B,0x00,0x00,0x00, 0x36,0x00,0x00,0x00 + +.align 6 +AES_Td: +.byte 0x51,0xf4,0xa7,0x50, 0x7e,0x41,0x65,0x53 # Td0 +.byte 0x1a,0x17,0xa4,0xc3, 0x3a,0x27,0x5e,0x96 +.byte 0x3b,0xab,0x6b,0xcb, 0x1f,0x9d,0x45,0xf1 +.byte 0xac,0xfa,0x58,0xab, 0x4b,0xe3,0x03,0x93 +.byte 0x20,0x30,0xfa,0x55, 0xad,0x76,0x6d,0xf6 +.byte 0x88,0xcc,0x76,0x91, 0xf5,0x02,0x4c,0x25 +.byte 0x4f,0xe5,0xd7,0xfc, 0xc5,0x2a,0xcb,0xd7 +.byte 0x26,0x35,0x44,0x80, 0xb5,0x62,0xa3,0x8f +.byte 0xde,0xb1,0x5a,0x49, 0x25,0xba,0x1b,0x67 +.byte 0x45,0xea,0x0e,0x98, 0x5d,0xfe,0xc0,0xe1 +.byte 0xc3,0x2f,0x75,0x02, 0x81,0x4c,0xf0,0x12 +.byte 0x8d,0x46,0x97,0xa3, 0x6b,0xd3,0xf9,0xc6 +.byte 0x03,0x8f,0x5f,0xe7, 0x15,0x92,0x9c,0x95 +.byte 0xbf,0x6d,0x7a,0xeb, 0x95,0x52,0x59,0xda +.byte 0xd4,0xbe,0x83,0x2d, 0x58,0x74,0x21,0xd3 +.byte 0x49,0xe0,0x69,0x29, 0x8e,0xc9,0xc8,0x44 +.byte 0x75,0xc2,0x89,0x6a, 0xf4,0x8e,0x79,0x78 +.byte 0x99,0x58,0x3e,0x6b, 0x27,0xb9,0x71,0xdd +.byte 0xbe,0xe1,0x4f,0xb6, 0xf0,0x88,0xad,0x17 +.byte 0xc9,0x20,0xac,0x66, 0x7d,0xce,0x3a,0xb4 +.byte 0x63,0xdf,0x4a,0x18, 0xe5,0x1a,0x31,0x82 +.byte 0x97,0x51,0x33,0x60, 0x62,0x53,0x7f,0x45 +.byte 0xb1,0x64,0x77,0xe0, 0xbb,0x6b,0xae,0x84 +.byte 0xfe,0x81,0xa0,0x1c, 0xf9,0x08,0x2b,0x94 +.byte 0x70,0x48,0x68,0x58, 0x8f,0x45,0xfd,0x19 +.byte 0x94,0xde,0x6c,0x87, 0x52,0x7b,0xf8,0xb7 +.byte 0xab,0x73,0xd3,0x23, 0x72,0x4b,0x02,0xe2 +.byte 0xe3,0x1f,0x8f,0x57, 0x66,0x55,0xab,0x2a +.byte 0xb2,0xeb,0x28,0x07, 0x2f,0xb5,0xc2,0x03 +.byte 0x86,0xc5,0x7b,0x9a, 0xd3,0x37,0x08,0xa5 +.byte 0x30,0x28,0x87,0xf2, 0x23,0xbf,0xa5,0xb2 +.byte 0x02,0x03,0x6a,0xba, 0xed,0x16,0x82,0x5c +.byte 0x8a,0xcf,0x1c,0x2b, 0xa7,0x79,0xb4,0x92 +.byte 0xf3,0x07,0xf2,0xf0, 0x4e,0x69,0xe2,0xa1 +.byte 0x65,0xda,0xf4,0xcd, 0x06,0x05,0xbe,0xd5 +.byte 0xd1,0x34,0x62,0x1f, 0xc4,0xa6,0xfe,0x8a +.byte 0x34,0x2e,0x53,0x9d, 0xa2,0xf3,0x55,0xa0 +.byte 0x05,0x8a,0xe1,0x32, 0xa4,0xf6,0xeb,0x75 +.byte 0x0b,0x83,0xec,0x39, 0x40,0x60,0xef,0xaa +.byte 0x5e,0x71,0x9f,0x06, 0xbd,0x6e,0x10,0x51 +.byte 0x3e,0x21,0x8a,0xf9, 0x96,0xdd,0x06,0x3d +.byte 0xdd,0x3e,0x05,0xae, 0x4d,0xe6,0xbd,0x46 +.byte 0x91,0x54,0x8d,0xb5, 0x71,0xc4,0x5d,0x05 +.byte 0x04,0x06,0xd4,0x6f, 0x60,0x50,0x15,0xff +.byte 0x19,0x98,0xfb,0x24, 0xd6,0xbd,0xe9,0x97 +.byte 0x89,0x40,0x43,0xcc, 0x67,0xd9,0x9e,0x77 +.byte 0xb0,0xe8,0x42,0xbd, 0x07,0x89,0x8b,0x88 +.byte 0xe7,0x19,0x5b,0x38, 0x79,0xc8,0xee,0xdb +.byte 0xa1,0x7c,0x0a,0x47, 0x7c,0x42,0x0f,0xe9 +.byte 0xf8,0x84,0x1e,0xc9, 0x00,0x00,0x00,0x00 +.byte 0x09,0x80,0x86,0x83, 0x32,0x2b,0xed,0x48 +.byte 0x1e,0x11,0x70,0xac, 0x6c,0x5a,0x72,0x4e +.byte 0xfd,0x0e,0xff,0xfb, 0x0f,0x85,0x38,0x56 +.byte 0x3d,0xae,0xd5,0x1e, 0x36,0x2d,0x39,0x27 +.byte 0x0a,0x0f,0xd9,0x64, 0x68,0x5c,0xa6,0x21 +.byte 0x9b,0x5b,0x54,0xd1, 0x24,0x36,0x2e,0x3a +.byte 0x0c,0x0a,0x67,0xb1, 0x93,0x57,0xe7,0x0f +.byte 0xb4,0xee,0x96,0xd2, 0x1b,0x9b,0x91,0x9e +.byte 0x80,0xc0,0xc5,0x4f, 0x61,0xdc,0x20,0xa2 +.byte 0x5a,0x77,0x4b,0x69, 0x1c,0x12,0x1a,0x16 +.byte 0xe2,0x93,0xba,0x0a, 0xc0,0xa0,0x2a,0xe5 +.byte 0x3c,0x22,0xe0,0x43, 0x12,0x1b,0x17,0x1d +.byte 0x0e,0x09,0x0d,0x0b, 0xf2,0x8b,0xc7,0xad +.byte 0x2d,0xb6,0xa8,0xb9, 0x14,0x1e,0xa9,0xc8 +.byte 0x57,0xf1,0x19,0x85, 0xaf,0x75,0x07,0x4c +.byte 0xee,0x99,0xdd,0xbb, 0xa3,0x7f,0x60,0xfd +.byte 0xf7,0x01,0x26,0x9f, 0x5c,0x72,0xf5,0xbc +.byte 0x44,0x66,0x3b,0xc5, 0x5b,0xfb,0x7e,0x34 +.byte 0x8b,0x43,0x29,0x76, 0xcb,0x23,0xc6,0xdc +.byte 0xb6,0xed,0xfc,0x68, 0xb8,0xe4,0xf1,0x63 +.byte 0xd7,0x31,0xdc,0xca, 0x42,0x63,0x85,0x10 +.byte 0x13,0x97,0x22,0x40, 0x84,0xc6,0x11,0x20 +.byte 0x85,0x4a,0x24,0x7d, 0xd2,0xbb,0x3d,0xf8 +.byte 0xae,0xf9,0x32,0x11, 0xc7,0x29,0xa1,0x6d +.byte 0x1d,0x9e,0x2f,0x4b, 0xdc,0xb2,0x30,0xf3 +.byte 0x0d,0x86,0x52,0xec, 0x77,0xc1,0xe3,0xd0 +.byte 0x2b,0xb3,0x16,0x6c, 0xa9,0x70,0xb9,0x99 +.byte 0x11,0x94,0x48,0xfa, 0x47,0xe9,0x64,0x22 +.byte 0xa8,0xfc,0x8c,0xc4, 0xa0,0xf0,0x3f,0x1a +.byte 0x56,0x7d,0x2c,0xd8, 0x22,0x33,0x90,0xef +.byte 0x87,0x49,0x4e,0xc7, 0xd9,0x38,0xd1,0xc1 +.byte 0x8c,0xca,0xa2,0xfe, 0x98,0xd4,0x0b,0x36 +.byte 0xa6,0xf5,0x81,0xcf, 0xa5,0x7a,0xde,0x28 +.byte 0xda,0xb7,0x8e,0x26, 0x3f,0xad,0xbf,0xa4 +.byte 0x2c,0x3a,0x9d,0xe4, 0x50,0x78,0x92,0x0d +.byte 0x6a,0x5f,0xcc,0x9b, 0x54,0x7e,0x46,0x62 +.byte 0xf6,0x8d,0x13,0xc2, 0x90,0xd8,0xb8,0xe8 +.byte 0x2e,0x39,0xf7,0x5e, 0x82,0xc3,0xaf,0xf5 +.byte 0x9f,0x5d,0x80,0xbe, 0x69,0xd0,0x93,0x7c +.byte 0x6f,0xd5,0x2d,0xa9, 0xcf,0x25,0x12,0xb3 +.byte 0xc8,0xac,0x99,0x3b, 0x10,0x18,0x7d,0xa7 +.byte 0xe8,0x9c,0x63,0x6e, 0xdb,0x3b,0xbb,0x7b +.byte 0xcd,0x26,0x78,0x09, 0x6e,0x59,0x18,0xf4 +.byte 0xec,0x9a,0xb7,0x01, 0x83,0x4f,0x9a,0xa8 +.byte 0xe6,0x95,0x6e,0x65, 0xaa,0xff,0xe6,0x7e +.byte 0x21,0xbc,0xcf,0x08, 0xef,0x15,0xe8,0xe6 +.byte 0xba,0xe7,0x9b,0xd9, 0x4a,0x6f,0x36,0xce +.byte 0xea,0x9f,0x09,0xd4, 0x29,0xb0,0x7c,0xd6 +.byte 0x31,0xa4,0xb2,0xaf, 0x2a,0x3f,0x23,0x31 +.byte 0xc6,0xa5,0x94,0x30, 0x35,0xa2,0x66,0xc0 +.byte 0x74,0x4e,0xbc,0x37, 0xfc,0x82,0xca,0xa6 +.byte 0xe0,0x90,0xd0,0xb0, 0x33,0xa7,0xd8,0x15 +.byte 0xf1,0x04,0x98,0x4a, 0x41,0xec,0xda,0xf7 +.byte 0x7f,0xcd,0x50,0x0e, 0x17,0x91,0xf6,0x2f +.byte 0x76,0x4d,0xd6,0x8d, 0x43,0xef,0xb0,0x4d +.byte 0xcc,0xaa,0x4d,0x54, 0xe4,0x96,0x04,0xdf +.byte 0x9e,0xd1,0xb5,0xe3, 0x4c,0x6a,0x88,0x1b +.byte 0xc1,0x2c,0x1f,0xb8, 0x46,0x65,0x51,0x7f +.byte 0x9d,0x5e,0xea,0x04, 0x01,0x8c,0x35,0x5d +.byte 0xfa,0x87,0x74,0x73, 0xfb,0x0b,0x41,0x2e +.byte 0xb3,0x67,0x1d,0x5a, 0x92,0xdb,0xd2,0x52 +.byte 0xe9,0x10,0x56,0x33, 0x6d,0xd6,0x47,0x13 +.byte 0x9a,0xd7,0x61,0x8c, 0x37,0xa1,0x0c,0x7a +.byte 0x59,0xf8,0x14,0x8e, 0xeb,0x13,0x3c,0x89 +.byte 0xce,0xa9,0x27,0xee, 0xb7,0x61,0xc9,0x35 +.byte 0xe1,0x1c,0xe5,0xed, 0x7a,0x47,0xb1,0x3c +.byte 0x9c,0xd2,0xdf,0x59, 0x55,0xf2,0x73,0x3f +.byte 0x18,0x14,0xce,0x79, 0x73,0xc7,0x37,0xbf +.byte 0x53,0xf7,0xcd,0xea, 0x5f,0xfd,0xaa,0x5b +.byte 0xdf,0x3d,0x6f,0x14, 0x78,0x44,0xdb,0x86 +.byte 0xca,0xaf,0xf3,0x81, 0xb9,0x68,0xc4,0x3e +.byte 0x38,0x24,0x34,0x2c, 0xc2,0xa3,0x40,0x5f +.byte 0x16,0x1d,0xc3,0x72, 0xbc,0xe2,0x25,0x0c +.byte 0x28,0x3c,0x49,0x8b, 0xff,0x0d,0x95,0x41 +.byte 0x39,0xa8,0x01,0x71, 0x08,0x0c,0xb3,0xde +.byte 0xd8,0xb4,0xe4,0x9c, 0x64,0x56,0xc1,0x90 +.byte 0x7b,0xcb,0x84,0x61, 0xd5,0x32,0xb6,0x70 +.byte 0x48,0x6c,0x5c,0x74, 0xd0,0xb8,0x57,0x42 + +.byte 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38 # Td4 +.byte 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb +.byte 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87 +.byte 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb +.byte 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d +.byte 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e +.byte 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2 +.byte 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25 +.byte 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16 +.byte 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92 +.byte 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda +.byte 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84 +.byte 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a +.byte 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06 +.byte 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02 +.byte 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b +.byte 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea +.byte 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73 +.byte 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85 +.byte 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e +.byte 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89 +.byte 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b +.byte 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20 +.byte 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4 +.byte 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31 +.byte 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f +.byte 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d +.byte 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef +.byte 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0 +.byte 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61 +.byte 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26 +.byte 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d +___ + +foreach (split("\n",$code)) { + s/\`([^\`]*)\`/eval $1/ge; + + # made-up _instructions, _xtr, _ins, _ror and _bias, cope + # with byte order dependencies... + if (/^\s+_/) { + s/(_[a-z]+\s+)(\$[0-9]+),([^,]+)(#.*)*$/$1$2,$2,$3/; + + s/_xtr\s+(\$[0-9]+),(\$[0-9]+),([0-9]+(\-2)*)/ + sprintf("srl\t$1,$2,%d",$big_endian ? eval($3) + : eval("24-$3"))/e or + s/_ins\s+(\$[0-9]+),(\$[0-9]+),([0-9]+)/ + sprintf("sll\t$1,$2,%d",$big_endian ? eval($3) + : eval("24-$3"))/e or + s/_ror\s+(\$[0-9]+),(\$[0-9]+),(\-?[0-9]+)/ + sprintf("srl\t$1,$2,%d",$big_endian ? eval($3) + : eval("$3*-1"))/e or + s/_bias\s+(\$[0-9]+),(\$[0-9]+),([0-9]+)/ + sprintf("sll\t$1,$2,%d",$big_endian ? eval($3) + : eval("($3-16)&31"))/e; + + s/srl\s+(\$[0-9]+),(\$[0-9]+),\-([0-9]+)/ + sprintf("sll\t$1,$2,$3")/e or + s/srl\s+(\$[0-9]+),(\$[0-9]+),0/ + sprintf("and\t$1,$2,0xff")/e or + s/(sll\s+\$[0-9]+,\$[0-9]+,0)/#$1/; + } + + # convert lwl/lwr and swr/swl to little-endian order + if (!$big_endian && /^\s+[sl]w[lr]\s+/) { + s/([sl]wl.*)([0-9]+)\((\$[0-9]+)\)/ + sprintf("$1%d($3)",eval("$2-$2%4+($2%4-1)&3"))/e or + s/([sl]wr.*)([0-9]+)\((\$[0-9]+)\)/ + sprintf("$1%d($3)",eval("$2-$2%4+($2%4+1)&3"))/e; + } + + print $_,"\n"; +} + +close STDOUT; diff --git a/src/lib/libcrypto/aes/asm/aes-parisc.pl b/src/lib/libcrypto/aes/asm/aes-parisc.pl new file mode 100644 index 00000000000..f12a1c18ec2 --- /dev/null +++ b/src/lib/libcrypto/aes/asm/aes-parisc.pl @@ -0,0 +1,1028 @@ +#!/usr/bin/env perl + +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# AES for PA-RISC. +# +# June 2009. +# +# The module is mechanical transliteration of aes-sparcv9.pl, but with +# a twist: S-boxes are compressed even further down to 1K+256B. On +# PA-7100LC performance is ~40% better than gcc 3.2 generated code and +# is about 33 cycles per byte processed with 128-bit key. Newer CPUs +# perform at 16 cycles per byte. It's not faster than code generated +# by vendor compiler, but recall that it has compressed S-boxes, which +# requires extra processing. +# +# Special thanks to polarhome.com for providing HP-UX account. + +$flavour = shift; +$output = shift; +open STDOUT,">$output"; + +if ($flavour =~ /64/) { + $LEVEL ="2.0W"; + $SIZE_T =8; + $FRAME_MARKER =80; + $SAVED_RP =16; + $PUSH ="std"; + $PUSHMA ="std,ma"; + $POP ="ldd"; + $POPMB ="ldd,mb"; +} else { + $LEVEL ="1.0"; + $SIZE_T =4; + $FRAME_MARKER =48; + $SAVED_RP =20; + $PUSH ="stw"; + $PUSHMA ="stwm"; + $POP ="ldw"; + $POPMB ="ldwm"; +} + +$FRAME=16*$SIZE_T+$FRAME_MARKER;# 16 saved regs + frame marker + # [+ argument transfer] +$inp="%r26"; # arg0 +$out="%r25"; # arg1 +$key="%r24"; # arg2 + +($s0,$s1,$s2,$s3) = ("%r1","%r2","%r3","%r4"); +($t0,$t1,$t2,$t3) = ("%r5","%r6","%r7","%r8"); + +($acc0, $acc1, $acc2, $acc3, $acc4, $acc5, $acc6, $acc7, + $acc8, $acc9,$acc10,$acc11,$acc12,$acc13,$acc14,$acc15) = +("%r9","%r10","%r11","%r12","%r13","%r14","%r15","%r16", +"%r17","%r18","%r19","%r20","%r21","%r22","%r23","%r26"); + +$tbl="%r28"; +$rounds="%r29"; + +$code=<<___; + .LEVEL $LEVEL +#if 0 + .SPACE \$TEXT\$ + .SUBSPA \$CODE\$,QUAD=0,ALIGN=8,ACCESS=0x2C,CODE_ONLY +#else + .text +#endif + + .EXPORT AES_encrypt,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR + .ALIGN 64 +AES_encrypt + .PROC + .CALLINFO FRAME=`$FRAME-16*$SIZE_T`,NO_CALLS,SAVE_RP,ENTRY_GR=18 + .ENTRY + $PUSH %r2,-$SAVED_RP(%sp) ; standard prologue + $PUSHMA %r3,$FRAME(%sp) + $PUSH %r4,`-$FRAME+1*$SIZE_T`(%sp) + $PUSH %r5,`-$FRAME+2*$SIZE_T`(%sp) + $PUSH %r6,`-$FRAME+3*$SIZE_T`(%sp) + $PUSH %r7,`-$FRAME+4*$SIZE_T`(%sp) + $PUSH %r8,`-$FRAME+5*$SIZE_T`(%sp) + $PUSH %r9,`-$FRAME+6*$SIZE_T`(%sp) + $PUSH %r10,`-$FRAME+7*$SIZE_T`(%sp) + $PUSH %r11,`-$FRAME+8*$SIZE_T`(%sp) + $PUSH %r12,`-$FRAME+9*$SIZE_T`(%sp) + $PUSH %r13,`-$FRAME+10*$SIZE_T`(%sp) + $PUSH %r14,`-$FRAME+11*$SIZE_T`(%sp) + $PUSH %r15,`-$FRAME+12*$SIZE_T`(%sp) + $PUSH %r16,`-$FRAME+13*$SIZE_T`(%sp) + $PUSH %r17,`-$FRAME+14*$SIZE_T`(%sp) + $PUSH %r18,`-$FRAME+15*$SIZE_T`(%sp) + + blr %r0,$tbl + ldi 3,$t0 +L\$enc_pic + andcm $tbl,$t0,$tbl + ldo L\$AES_Te-L\$enc_pic($tbl),$tbl + + and $inp,$t0,$t0 + sub $inp,$t0,$inp + ldw 0($inp),$s0 + ldw 4($inp),$s1 + ldw 8($inp),$s2 + comib,= 0,$t0,L\$enc_inp_aligned + ldw 12($inp),$s3 + + sh3addl $t0,%r0,$t0 + subi 32,$t0,$t0 + mtctl $t0,%cr11 + ldw 16($inp),$t1 + vshd $s0,$s1,$s0 + vshd $s1,$s2,$s1 + vshd $s2,$s3,$s2 + vshd $s3,$t1,$s3 + +L\$enc_inp_aligned + bl _parisc_AES_encrypt,%r31 + nop + + extru,<> $out,31,2,%r0 + b L\$enc_out_aligned + nop + + _srm $s0,24,$acc0 + _srm $s0,16,$acc1 + stb $acc0,0($out) + _srm $s0,8,$acc2 + stb $acc1,1($out) + _srm $s1,24,$acc4 + stb $acc2,2($out) + _srm $s1,16,$acc5 + stb $s0,3($out) + _srm $s1,8,$acc6 + stb $acc4,4($out) + _srm $s2,24,$acc0 + stb $acc5,5($out) + _srm $s2,16,$acc1 + stb $acc6,6($out) + _srm $s2,8,$acc2 + stb $s1,7($out) + _srm $s3,24,$acc4 + stb $acc0,8($out) + _srm $s3,16,$acc5 + stb $acc1,9($out) + _srm $s3,8,$acc6 + stb $acc2,10($out) + stb $s2,11($out) + stb $acc4,12($out) + stb $acc5,13($out) + stb $acc6,14($out) + b L\$enc_done + stb $s3,15($out) + +L\$enc_out_aligned + stw $s0,0($out) + stw $s1,4($out) + stw $s2,8($out) + stw $s3,12($out) + +L\$enc_done + $POP `-$FRAME-$SAVED_RP`(%sp),%r2 ; standard epilogue + $POP `-$FRAME+1*$SIZE_T`(%sp),%r4 + $POP `-$FRAME+2*$SIZE_T`(%sp),%r5 + $POP `-$FRAME+3*$SIZE_T`(%sp),%r6 + $POP `-$FRAME+4*$SIZE_T`(%sp),%r7 + $POP `-$FRAME+5*$SIZE_T`(%sp),%r8 + $POP `-$FRAME+6*$SIZE_T`(%sp),%r9 + $POP `-$FRAME+7*$SIZE_T`(%sp),%r10 + $POP `-$FRAME+8*$SIZE_T`(%sp),%r11 + $POP `-$FRAME+9*$SIZE_T`(%sp),%r12 + $POP `-$FRAME+10*$SIZE_T`(%sp),%r13 + $POP `-$FRAME+11*$SIZE_T`(%sp),%r14 + $POP `-$FRAME+12*$SIZE_T`(%sp),%r15 + $POP `-$FRAME+13*$SIZE_T`(%sp),%r16 + $POP `-$FRAME+14*$SIZE_T`(%sp),%r17 + $POP `-$FRAME+15*$SIZE_T`(%sp),%r18 + bv (%r2) + .EXIT + $POPMB -$FRAME(%sp),%r3 + .PROCEND + + .ALIGN 16 +_parisc_AES_encrypt + .PROC + .CALLINFO MILLICODE + .ENTRY + ldw 240($key),$rounds + ldw 0($key),$t0 + ldw 4($key),$t1 + ldw 8($key),$t2 + _srm $rounds,1,$rounds + xor $t0,$s0,$s0 + ldw 12($key),$t3 + _srm $s0,24,$acc0 + xor $t1,$s1,$s1 + ldw 16($key),$t0 + _srm $s1,16,$acc1 + xor $t2,$s2,$s2 + ldw 20($key),$t1 + xor $t3,$s3,$s3 + ldw 24($key),$t2 + ldw 28($key),$t3 +L\$enc_loop + _srm $s2,8,$acc2 + ldwx,s $acc0($tbl),$acc0 + _srm $s3,0,$acc3 + ldwx,s $acc1($tbl),$acc1 + _srm $s1,24,$acc4 + ldwx,s $acc2($tbl),$acc2 + _srm $s2,16,$acc5 + ldwx,s $acc3($tbl),$acc3 + _srm $s3,8,$acc6 + ldwx,s $acc4($tbl),$acc4 + _srm $s0,0,$acc7 + ldwx,s $acc5($tbl),$acc5 + _srm $s2,24,$acc8 + ldwx,s $acc6($tbl),$acc6 + _srm $s3,16,$acc9 + ldwx,s $acc7($tbl),$acc7 + _srm $s0,8,$acc10 + ldwx,s $acc8($tbl),$acc8 + _srm $s1,0,$acc11 + ldwx,s $acc9($tbl),$acc9 + _srm $s3,24,$acc12 + ldwx,s $acc10($tbl),$acc10 + _srm $s0,16,$acc13 + ldwx,s $acc11($tbl),$acc11 + _srm $s1,8,$acc14 + ldwx,s $acc12($tbl),$acc12 + _srm $s2,0,$acc15 + ldwx,s $acc13($tbl),$acc13 + ldwx,s $acc14($tbl),$acc14 + ldwx,s $acc15($tbl),$acc15 + addib,= -1,$rounds,L\$enc_last + ldo 32($key),$key + + _ror $acc1,8,$acc1 + xor $acc0,$t0,$t0 + ldw 0($key),$s0 + _ror $acc2,16,$acc2 + xor $acc1,$t0,$t0 + ldw 4($key),$s1 + _ror $acc3,24,$acc3 + xor $acc2,$t0,$t0 + ldw 8($key),$s2 + _ror $acc5,8,$acc5 + xor $acc3,$t0,$t0 + ldw 12($key),$s3 + _ror $acc6,16,$acc6 + xor $acc4,$t1,$t1 + _ror $acc7,24,$acc7 + xor $acc5,$t1,$t1 + _ror $acc9,8,$acc9 + xor $acc6,$t1,$t1 + _ror $acc10,16,$acc10 + xor $acc7,$t1,$t1 + _ror $acc11,24,$acc11 + xor $acc8,$t2,$t2 + _ror $acc13,8,$acc13 + xor $acc9,$t2,$t2 + _ror $acc14,16,$acc14 + xor $acc10,$t2,$t2 + _ror $acc15,24,$acc15 + xor $acc11,$t2,$t2 + xor $acc12,$acc14,$acc14 + xor $acc13,$t3,$t3 + _srm $t0,24,$acc0 + xor $acc14,$t3,$t3 + _srm $t1,16,$acc1 + xor $acc15,$t3,$t3 + + _srm $t2,8,$acc2 + ldwx,s $acc0($tbl),$acc0 + _srm $t3,0,$acc3 + ldwx,s $acc1($tbl),$acc1 + _srm $t1,24,$acc4 + ldwx,s $acc2($tbl),$acc2 + _srm $t2,16,$acc5 + ldwx,s $acc3($tbl),$acc3 + _srm $t3,8,$acc6 + ldwx,s $acc4($tbl),$acc4 + _srm $t0,0,$acc7 + ldwx,s $acc5($tbl),$acc5 + _srm $t2,24,$acc8 + ldwx,s $acc6($tbl),$acc6 + _srm $t3,16,$acc9 + ldwx,s $acc7($tbl),$acc7 + _srm $t0,8,$acc10 + ldwx,s $acc8($tbl),$acc8 + _srm $t1,0,$acc11 + ldwx,s $acc9($tbl),$acc9 + _srm $t3,24,$acc12 + ldwx,s $acc10($tbl),$acc10 + _srm $t0,16,$acc13 + ldwx,s $acc11($tbl),$acc11 + _srm $t1,8,$acc14 + ldwx,s $acc12($tbl),$acc12 + _srm $t2,0,$acc15 + ldwx,s $acc13($tbl),$acc13 + _ror $acc1,8,$acc1 + ldwx,s $acc14($tbl),$acc14 + + _ror $acc2,16,$acc2 + xor $acc0,$s0,$s0 + ldwx,s $acc15($tbl),$acc15 + _ror $acc3,24,$acc3 + xor $acc1,$s0,$s0 + ldw 16($key),$t0 + _ror $acc5,8,$acc5 + xor $acc2,$s0,$s0 + ldw 20($key),$t1 + _ror $acc6,16,$acc6 + xor $acc3,$s0,$s0 + ldw 24($key),$t2 + _ror $acc7,24,$acc7 + xor $acc4,$s1,$s1 + ldw 28($key),$t3 + _ror $acc9,8,$acc9 + xor $acc5,$s1,$s1 + ldw 1024+0($tbl),%r0 ; prefetch te4 + _ror $acc10,16,$acc10 + xor $acc6,$s1,$s1 + ldw 1024+32($tbl),%r0 ; prefetch te4 + _ror $acc11,24,$acc11 + xor $acc7,$s1,$s1 + ldw 1024+64($tbl),%r0 ; prefetch te4 + _ror $acc13,8,$acc13 + xor $acc8,$s2,$s2 + ldw 1024+96($tbl),%r0 ; prefetch te4 + _ror $acc14,16,$acc14 + xor $acc9,$s2,$s2 + ldw 1024+128($tbl),%r0 ; prefetch te4 + _ror $acc15,24,$acc15 + xor $acc10,$s2,$s2 + ldw 1024+160($tbl),%r0 ; prefetch te4 + _srm $s0,24,$acc0 + xor $acc11,$s2,$s2 + ldw 1024+192($tbl),%r0 ; prefetch te4 + xor $acc12,$acc14,$acc14 + xor $acc13,$s3,$s3 + ldw 1024+224($tbl),%r0 ; prefetch te4 + _srm $s1,16,$acc1 + xor $acc14,$s3,$s3 + b L\$enc_loop + xor $acc15,$s3,$s3 + + .ALIGN 16 +L\$enc_last + ldo 1024($tbl),$rounds + _ror $acc1,8,$acc1 + xor $acc0,$t0,$t0 + ldw 0($key),$s0 + _ror $acc2,16,$acc2 + xor $acc1,$t0,$t0 + ldw 4($key),$s1 + _ror $acc3,24,$acc3 + xor $acc2,$t0,$t0 + ldw 8($key),$s2 + _ror $acc5,8,$acc5 + xor $acc3,$t0,$t0 + ldw 12($key),$s3 + _ror $acc6,16,$acc6 + xor $acc4,$t1,$t1 + _ror $acc7,24,$acc7 + xor $acc5,$t1,$t1 + _ror $acc9,8,$acc9 + xor $acc6,$t1,$t1 + _ror $acc10,16,$acc10 + xor $acc7,$t1,$t1 + _ror $acc11,24,$acc11 + xor $acc8,$t2,$t2 + _ror $acc13,8,$acc13 + xor $acc9,$t2,$t2 + _ror $acc14,16,$acc14 + xor $acc10,$t2,$t2 + _ror $acc15,24,$acc15 + xor $acc11,$t2,$t2 + xor $acc12,$acc14,$acc14 + xor $acc13,$t3,$t3 + _srm $t0,24,$acc0 + xor $acc14,$t3,$t3 + _srm $t1,16,$acc1 + xor $acc15,$t3,$t3 + + _srm $t2,8,$acc2 + ldbx $acc0($rounds),$acc0 + _srm $t1,24,$acc4 + ldbx $acc1($rounds),$acc1 + _srm $t2,16,$acc5 + _srm $t3,0,$acc3 + ldbx $acc2($rounds),$acc2 + ldbx $acc3($rounds),$acc3 + _srm $t3,8,$acc6 + ldbx $acc4($rounds),$acc4 + _srm $t2,24,$acc8 + ldbx $acc5($rounds),$acc5 + _srm $t3,16,$acc9 + _srm $t0,0,$acc7 + ldbx $acc6($rounds),$acc6 + ldbx $acc7($rounds),$acc7 + _srm $t0,8,$acc10 + ldbx $acc8($rounds),$acc8 + _srm $t3,24,$acc12 + ldbx $acc9($rounds),$acc9 + _srm $t0,16,$acc13 + _srm $t1,0,$acc11 + ldbx $acc10($rounds),$acc10 + _srm $t1,8,$acc14 + ldbx $acc11($rounds),$acc11 + ldbx $acc12($rounds),$acc12 + ldbx $acc13($rounds),$acc13 + _srm $t2,0,$acc15 + ldbx $acc14($rounds),$acc14 + + dep $acc0,7,8,$acc3 + ldbx $acc15($rounds),$acc15 + dep $acc4,7,8,$acc7 + dep $acc1,15,8,$acc3 + dep $acc5,15,8,$acc7 + dep $acc2,23,8,$acc3 + dep $acc6,23,8,$acc7 + xor $acc3,$s0,$s0 + xor $acc7,$s1,$s1 + dep $acc8,7,8,$acc11 + dep $acc12,7,8,$acc15 + dep $acc9,15,8,$acc11 + dep $acc13,15,8,$acc15 + dep $acc10,23,8,$acc11 + dep $acc14,23,8,$acc15 + xor $acc11,$s2,$s2 + + bv (%r31) + .EXIT + xor $acc15,$s3,$s3 + .PROCEND + + .ALIGN 64 +L\$AES_Te + .WORD 0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d + .WORD 0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554 + .WORD 0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d + .WORD 0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a + .WORD 0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87 + .WORD 0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b + .WORD 0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea + .WORD 0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b + .WORD 0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a + .WORD 0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f + .WORD 0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108 + .WORD 0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f + .WORD 0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e + .WORD 0x30181828, 0x379696a1, 0x0a05050f, 0x2f9a9ab5 + .WORD 0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d + .WORD 0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f + .WORD 0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e + .WORD 0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb + .WORD 0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce + .WORD 0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497 + .WORD 0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c + .WORD 0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed + .WORD 0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b + .WORD 0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a + .WORD 0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16 + .WORD 0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594 + .WORD 0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81 + .WORD 0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3 + .WORD 0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x058f8f8a + .WORD 0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504 + .WORD 0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163 + .WORD 0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d + .WORD 0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f + .WORD 0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739 + .WORD 0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47 + .WORD 0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395 + .WORD 0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f + .WORD 0x44222266, 0x542a2a7e, 0x3b9090ab, 0x0b888883 + .WORD 0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c + .WORD 0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76 + .WORD 0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e + .WORD 0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4 + .WORD 0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6 + .WORD 0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b + .WORD 0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7 + .WORD 0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0 + .WORD 0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25 + .WORD 0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818 + .WORD 0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72 + .WORD 0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651 + .WORD 0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21 + .WORD 0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85 + .WORD 0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa + .WORD 0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12 + .WORD 0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0 + .WORD 0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9 + .WORD 0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133 + .WORD 0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7 + .WORD 0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920 + .WORD 0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a + .WORD 0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17 + .WORD 0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8 + .WORD 0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11 + .WORD 0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a + .BYTE 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5 + .BYTE 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76 + .BYTE 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0 + .BYTE 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0 + .BYTE 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc + .BYTE 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15 + .BYTE 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a + .BYTE 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75 + .BYTE 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0 + .BYTE 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84 + .BYTE 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b + .BYTE 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf + .BYTE 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85 + .BYTE 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8 + .BYTE 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5 + .BYTE 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2 + .BYTE 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17 + .BYTE 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73 + .BYTE 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88 + .BYTE 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb + .BYTE 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c + .BYTE 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79 + .BYTE 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9 + .BYTE 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08 + .BYTE 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6 + .BYTE 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a + .BYTE 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e + .BYTE 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e + .BYTE 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94 + .BYTE 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf + .BYTE 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68 + .BYTE 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 +___ + +$code.=<<___; + .EXPORT AES_decrypt,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR + .ALIGN 16 +AES_decrypt + .PROC + .CALLINFO FRAME=`$FRAME-16*$SIZE_T`,NO_CALLS,SAVE_RP,ENTRY_GR=18 + .ENTRY + $PUSH %r2,-$SAVED_RP(%sp) ; standard prologue + $PUSHMA %r3,$FRAME(%sp) + $PUSH %r4,`-$FRAME+1*$SIZE_T`(%sp) + $PUSH %r5,`-$FRAME+2*$SIZE_T`(%sp) + $PUSH %r6,`-$FRAME+3*$SIZE_T`(%sp) + $PUSH %r7,`-$FRAME+4*$SIZE_T`(%sp) + $PUSH %r8,`-$FRAME+5*$SIZE_T`(%sp) + $PUSH %r9,`-$FRAME+6*$SIZE_T`(%sp) + $PUSH %r10,`-$FRAME+7*$SIZE_T`(%sp) + $PUSH %r11,`-$FRAME+8*$SIZE_T`(%sp) + $PUSH %r12,`-$FRAME+9*$SIZE_T`(%sp) + $PUSH %r13,`-$FRAME+10*$SIZE_T`(%sp) + $PUSH %r14,`-$FRAME+11*$SIZE_T`(%sp) + $PUSH %r15,`-$FRAME+12*$SIZE_T`(%sp) + $PUSH %r16,`-$FRAME+13*$SIZE_T`(%sp) + $PUSH %r17,`-$FRAME+14*$SIZE_T`(%sp) + $PUSH %r18,`-$FRAME+15*$SIZE_T`(%sp) + + blr %r0,$tbl + ldi 3,$t0 +L\$dec_pic + andcm $tbl,$t0,$tbl + ldo L\$AES_Td-L\$dec_pic($tbl),$tbl + + and $inp,$t0,$t0 + sub $inp,$t0,$inp + ldw 0($inp),$s0 + ldw 4($inp),$s1 + ldw 8($inp),$s2 + comib,= 0,$t0,L\$dec_inp_aligned + ldw 12($inp),$s3 + + sh3addl $t0,%r0,$t0 + subi 32,$t0,$t0 + mtctl $t0,%cr11 + ldw 16($inp),$t1 + vshd $s0,$s1,$s0 + vshd $s1,$s2,$s1 + vshd $s2,$s3,$s2 + vshd $s3,$t1,$s3 + +L\$dec_inp_aligned + bl _parisc_AES_decrypt,%r31 + nop + + extru,<> $out,31,2,%r0 + b L\$dec_out_aligned + nop + + _srm $s0,24,$acc0 + _srm $s0,16,$acc1 + stb $acc0,0($out) + _srm $s0,8,$acc2 + stb $acc1,1($out) + _srm $s1,24,$acc4 + stb $acc2,2($out) + _srm $s1,16,$acc5 + stb $s0,3($out) + _srm $s1,8,$acc6 + stb $acc4,4($out) + _srm $s2,24,$acc0 + stb $acc5,5($out) + _srm $s2,16,$acc1 + stb $acc6,6($out) + _srm $s2,8,$acc2 + stb $s1,7($out) + _srm $s3,24,$acc4 + stb $acc0,8($out) + _srm $s3,16,$acc5 + stb $acc1,9($out) + _srm $s3,8,$acc6 + stb $acc2,10($out) + stb $s2,11($out) + stb $acc4,12($out) + stb $acc5,13($out) + stb $acc6,14($out) + b L\$dec_done + stb $s3,15($out) + +L\$dec_out_aligned + stw $s0,0($out) + stw $s1,4($out) + stw $s2,8($out) + stw $s3,12($out) + +L\$dec_done + $POP `-$FRAME-$SAVED_RP`(%sp),%r2 ; standard epilogue + $POP `-$FRAME+1*$SIZE_T`(%sp),%r4 + $POP `-$FRAME+2*$SIZE_T`(%sp),%r5 + $POP `-$FRAME+3*$SIZE_T`(%sp),%r6 + $POP `-$FRAME+4*$SIZE_T`(%sp),%r7 + $POP `-$FRAME+5*$SIZE_T`(%sp),%r8 + $POP `-$FRAME+6*$SIZE_T`(%sp),%r9 + $POP `-$FRAME+7*$SIZE_T`(%sp),%r10 + $POP `-$FRAME+8*$SIZE_T`(%sp),%r11 + $POP `-$FRAME+9*$SIZE_T`(%sp),%r12 + $POP `-$FRAME+10*$SIZE_T`(%sp),%r13 + $POP `-$FRAME+11*$SIZE_T`(%sp),%r14 + $POP `-$FRAME+12*$SIZE_T`(%sp),%r15 + $POP `-$FRAME+13*$SIZE_T`(%sp),%r16 + $POP `-$FRAME+14*$SIZE_T`(%sp),%r17 + $POP `-$FRAME+15*$SIZE_T`(%sp),%r18 + bv (%r2) + .EXIT + $POPMB -$FRAME(%sp),%r3 + .PROCEND + + .ALIGN 16 +_parisc_AES_decrypt + .PROC + .CALLINFO MILLICODE + .ENTRY + ldw 240($key),$rounds + ldw 0($key),$t0 + ldw 4($key),$t1 + ldw 8($key),$t2 + ldw 12($key),$t3 + _srm $rounds,1,$rounds + xor $t0,$s0,$s0 + ldw 16($key),$t0 + xor $t1,$s1,$s1 + ldw 20($key),$t1 + _srm $s0,24,$acc0 + xor $t2,$s2,$s2 + ldw 24($key),$t2 + xor $t3,$s3,$s3 + ldw 28($key),$t3 + _srm $s3,16,$acc1 +L\$dec_loop + _srm $s2,8,$acc2 + ldwx,s $acc0($tbl),$acc0 + _srm $s1,0,$acc3 + ldwx,s $acc1($tbl),$acc1 + _srm $s1,24,$acc4 + ldwx,s $acc2($tbl),$acc2 + _srm $s0,16,$acc5 + ldwx,s $acc3($tbl),$acc3 + _srm $s3,8,$acc6 + ldwx,s $acc4($tbl),$acc4 + _srm $s2,0,$acc7 + ldwx,s $acc5($tbl),$acc5 + _srm $s2,24,$acc8 + ldwx,s $acc6($tbl),$acc6 + _srm $s1,16,$acc9 + ldwx,s $acc7($tbl),$acc7 + _srm $s0,8,$acc10 + ldwx,s $acc8($tbl),$acc8 + _srm $s3,0,$acc11 + ldwx,s $acc9($tbl),$acc9 + _srm $s3,24,$acc12 + ldwx,s $acc10($tbl),$acc10 + _srm $s2,16,$acc13 + ldwx,s $acc11($tbl),$acc11 + _srm $s1,8,$acc14 + ldwx,s $acc12($tbl),$acc12 + _srm $s0,0,$acc15 + ldwx,s $acc13($tbl),$acc13 + ldwx,s $acc14($tbl),$acc14 + ldwx,s $acc15($tbl),$acc15 + addib,= -1,$rounds,L\$dec_last + ldo 32($key),$key + + _ror $acc1,8,$acc1 + xor $acc0,$t0,$t0 + ldw 0($key),$s0 + _ror $acc2,16,$acc2 + xor $acc1,$t0,$t0 + ldw 4($key),$s1 + _ror $acc3,24,$acc3 + xor $acc2,$t0,$t0 + ldw 8($key),$s2 + _ror $acc5,8,$acc5 + xor $acc3,$t0,$t0 + ldw 12($key),$s3 + _ror $acc6,16,$acc6 + xor $acc4,$t1,$t1 + _ror $acc7,24,$acc7 + xor $acc5,$t1,$t1 + _ror $acc9,8,$acc9 + xor $acc6,$t1,$t1 + _ror $acc10,16,$acc10 + xor $acc7,$t1,$t1 + _ror $acc11,24,$acc11 + xor $acc8,$t2,$t2 + _ror $acc13,8,$acc13 + xor $acc9,$t2,$t2 + _ror $acc14,16,$acc14 + xor $acc10,$t2,$t2 + _ror $acc15,24,$acc15 + xor $acc11,$t2,$t2 + xor $acc12,$acc14,$acc14 + xor $acc13,$t3,$t3 + _srm $t0,24,$acc0 + xor $acc14,$t3,$t3 + xor $acc15,$t3,$t3 + _srm $t3,16,$acc1 + + _srm $t2,8,$acc2 + ldwx,s $acc0($tbl),$acc0 + _srm $t1,0,$acc3 + ldwx,s $acc1($tbl),$acc1 + _srm $t1,24,$acc4 + ldwx,s $acc2($tbl),$acc2 + _srm $t0,16,$acc5 + ldwx,s $acc3($tbl),$acc3 + _srm $t3,8,$acc6 + ldwx,s $acc4($tbl),$acc4 + _srm $t2,0,$acc7 + ldwx,s $acc5($tbl),$acc5 + _srm $t2,24,$acc8 + ldwx,s $acc6($tbl),$acc6 + _srm $t1,16,$acc9 + ldwx,s $acc7($tbl),$acc7 + _srm $t0,8,$acc10 + ldwx,s $acc8($tbl),$acc8 + _srm $t3,0,$acc11 + ldwx,s $acc9($tbl),$acc9 + _srm $t3,24,$acc12 + ldwx,s $acc10($tbl),$acc10 + _srm $t2,16,$acc13 + ldwx,s $acc11($tbl),$acc11 + _srm $t1,8,$acc14 + ldwx,s $acc12($tbl),$acc12 + _srm $t0,0,$acc15 + ldwx,s $acc13($tbl),$acc13 + _ror $acc1,8,$acc1 + ldwx,s $acc14($tbl),$acc14 + + _ror $acc2,16,$acc2 + xor $acc0,$s0,$s0 + ldwx,s $acc15($tbl),$acc15 + _ror $acc3,24,$acc3 + xor $acc1,$s0,$s0 + ldw 16($key),$t0 + _ror $acc5,8,$acc5 + xor $acc2,$s0,$s0 + ldw 20($key),$t1 + _ror $acc6,16,$acc6 + xor $acc3,$s0,$s0 + ldw 24($key),$t2 + _ror $acc7,24,$acc7 + xor $acc4,$s1,$s1 + ldw 28($key),$t3 + _ror $acc9,8,$acc9 + xor $acc5,$s1,$s1 + ldw 1024+0($tbl),%r0 ; prefetch td4 + _ror $acc10,16,$acc10 + xor $acc6,$s1,$s1 + ldw 1024+32($tbl),%r0 ; prefetch td4 + _ror $acc11,24,$acc11 + xor $acc7,$s1,$s1 + ldw 1024+64($tbl),%r0 ; prefetch td4 + _ror $acc13,8,$acc13 + xor $acc8,$s2,$s2 + ldw 1024+96($tbl),%r0 ; prefetch td4 + _ror $acc14,16,$acc14 + xor $acc9,$s2,$s2 + ldw 1024+128($tbl),%r0 ; prefetch td4 + _ror $acc15,24,$acc15 + xor $acc10,$s2,$s2 + ldw 1024+160($tbl),%r0 ; prefetch td4 + _srm $s0,24,$acc0 + xor $acc11,$s2,$s2 + ldw 1024+192($tbl),%r0 ; prefetch td4 + xor $acc12,$acc14,$acc14 + xor $acc13,$s3,$s3 + ldw 1024+224($tbl),%r0 ; prefetch td4 + xor $acc14,$s3,$s3 + xor $acc15,$s3,$s3 + b L\$dec_loop + _srm $s3,16,$acc1 + + .ALIGN 16 +L\$dec_last + ldo 1024($tbl),$rounds + _ror $acc1,8,$acc1 + xor $acc0,$t0,$t0 + ldw 0($key),$s0 + _ror $acc2,16,$acc2 + xor $acc1,$t0,$t0 + ldw 4($key),$s1 + _ror $acc3,24,$acc3 + xor $acc2,$t0,$t0 + ldw 8($key),$s2 + _ror $acc5,8,$acc5 + xor $acc3,$t0,$t0 + ldw 12($key),$s3 + _ror $acc6,16,$acc6 + xor $acc4,$t1,$t1 + _ror $acc7,24,$acc7 + xor $acc5,$t1,$t1 + _ror $acc9,8,$acc9 + xor $acc6,$t1,$t1 + _ror $acc10,16,$acc10 + xor $acc7,$t1,$t1 + _ror $acc11,24,$acc11 + xor $acc8,$t2,$t2 + _ror $acc13,8,$acc13 + xor $acc9,$t2,$t2 + _ror $acc14,16,$acc14 + xor $acc10,$t2,$t2 + _ror $acc15,24,$acc15 + xor $acc11,$t2,$t2 + xor $acc12,$acc14,$acc14 + xor $acc13,$t3,$t3 + _srm $t0,24,$acc0 + xor $acc14,$t3,$t3 + xor $acc15,$t3,$t3 + _srm $t3,16,$acc1 + + _srm $t2,8,$acc2 + ldbx $acc0($rounds),$acc0 + _srm $t1,24,$acc4 + ldbx $acc1($rounds),$acc1 + _srm $t0,16,$acc5 + _srm $t1,0,$acc3 + ldbx $acc2($rounds),$acc2 + ldbx $acc3($rounds),$acc3 + _srm $t3,8,$acc6 + ldbx $acc4($rounds),$acc4 + _srm $t2,24,$acc8 + ldbx $acc5($rounds),$acc5 + _srm $t1,16,$acc9 + _srm $t2,0,$acc7 + ldbx $acc6($rounds),$acc6 + ldbx $acc7($rounds),$acc7 + _srm $t0,8,$acc10 + ldbx $acc8($rounds),$acc8 + _srm $t3,24,$acc12 + ldbx $acc9($rounds),$acc9 + _srm $t2,16,$acc13 + _srm $t3,0,$acc11 + ldbx $acc10($rounds),$acc10 + _srm $t1,8,$acc14 + ldbx $acc11($rounds),$acc11 + ldbx $acc12($rounds),$acc12 + ldbx $acc13($rounds),$acc13 + _srm $t0,0,$acc15 + ldbx $acc14($rounds),$acc14 + + dep $acc0,7,8,$acc3 + ldbx $acc15($rounds),$acc15 + dep $acc4,7,8,$acc7 + dep $acc1,15,8,$acc3 + dep $acc5,15,8,$acc7 + dep $acc2,23,8,$acc3 + dep $acc6,23,8,$acc7 + xor $acc3,$s0,$s0 + xor $acc7,$s1,$s1 + dep $acc8,7,8,$acc11 + dep $acc12,7,8,$acc15 + dep $acc9,15,8,$acc11 + dep $acc13,15,8,$acc15 + dep $acc10,23,8,$acc11 + dep $acc14,23,8,$acc15 + xor $acc11,$s2,$s2 + + bv (%r31) + .EXIT + xor $acc15,$s3,$s3 + .PROCEND + + .ALIGN 64 +L\$AES_Td + .WORD 0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96 + .WORD 0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393 + .WORD 0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25 + .WORD 0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f + .WORD 0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1 + .WORD 0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6 + .WORD 0x038f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da + .WORD 0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844 + .WORD 0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd + .WORD 0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4 + .WORD 0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45 + .WORD 0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94 + .WORD 0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7 + .WORD 0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a + .WORD 0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5 + .WORD 0x302887f2, 0x23bfa5b2, 0x02036aba, 0xed16825c + .WORD 0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1 + .WORD 0x65daf4cd, 0x0605bed5, 0xd134621f, 0xc4a6fe8a + .WORD 0x342e539d, 0xa2f355a0, 0x058ae132, 0xa4f6eb75 + .WORD 0x0b83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051 + .WORD 0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46 + .WORD 0x91548db5, 0x71c45d05, 0x0406d46f, 0x605015ff + .WORD 0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77 + .WORD 0xb0e842bd, 0x07898b88, 0xe7195b38, 0x79c8eedb + .WORD 0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x00000000 + .WORD 0x09808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e + .WORD 0xfd0efffb, 0x0f853856, 0x3daed51e, 0x362d3927 + .WORD 0x0a0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a + .WORD 0x0c0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e + .WORD 0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16 + .WORD 0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d + .WORD 0x0e090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8 + .WORD 0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd + .WORD 0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34 + .WORD 0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163 + .WORD 0xd731dcca, 0x42638510, 0x13972240, 0x84c61120 + .WORD 0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d + .WORD 0x1d9e2f4b, 0xdcb230f3, 0x0d8652ec, 0x77c1e3d0 + .WORD 0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422 + .WORD 0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef + .WORD 0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36 + .WORD 0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4 + .WORD 0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662 + .WORD 0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5 + .WORD 0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3 + .WORD 0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b + .WORD 0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8 + .WORD 0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6 + .WORD 0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6 + .WORD 0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0 + .WORD 0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815 + .WORD 0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f + .WORD 0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df + .WORD 0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f + .WORD 0x9d5eea04, 0x018c355d, 0xfa877473, 0xfb0b412e + .WORD 0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713 + .WORD 0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89 + .WORD 0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c + .WORD 0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf + .WORD 0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86 + .WORD 0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f + .WORD 0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541 + .WORD 0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190 + .WORD 0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742 + .BYTE 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38 + .BYTE 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb + .BYTE 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87 + .BYTE 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb + .BYTE 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d + .BYTE 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e + .BYTE 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2 + .BYTE 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25 + .BYTE 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16 + .BYTE 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92 + .BYTE 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda + .BYTE 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84 + .BYTE 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a + .BYTE 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06 + .BYTE 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02 + .BYTE 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b + .BYTE 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea + .BYTE 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73 + .BYTE 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85 + .BYTE 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e + .BYTE 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89 + .BYTE 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b + .BYTE 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20 + .BYTE 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4 + .BYTE 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31 + .BYTE 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f + .BYTE 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d + .BYTE 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef + .BYTE 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0 + .BYTE 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61 + .BYTE 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26 + .BYTE 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d + + .data + .STRINGZ "AES for PA-RISC, CRYPTOGAMS by " +___ + +foreach (split("\n",$code)) { + s/\`([^\`]*)\`/eval $1/ge; + + # translate made up instructons: _ror, _srm + s/_ror(\s+)(%r[0-9]+),/shd$1$2,$2,/ or + + s/_srm(\s+%r[0-9]+),([0-9]+),/ + $SIZE_T==4 ? sprintf("extru%s,%d,8,",$1,31-$2) + : sprintf("extrd,u%s,%d,8,",$1,63-$2)/e; + + s/,\*/,/ if ($SIZE_T==4); + s/\bbv\b(.*\(%r2\))/bve$1/ if ($SIZE_T==8); + print $_,"\n"; +} +close STDOUT; diff --git a/src/lib/libcrypto/aes/asm/aes-ppc.pl b/src/lib/libcrypto/aes/asm/aes-ppc.pl new file mode 100644 index 00000000000..7c52cbe5f9f --- /dev/null +++ b/src/lib/libcrypto/aes/asm/aes-ppc.pl @@ -0,0 +1,1365 @@ +#!/usr/bin/env perl + +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# Needs more work: key setup, CBC routine... +# +# ppc_AES_[en|de]crypt perform at 18 cycles per byte processed with +# 128-bit key, which is ~40% better than 64-bit code generated by gcc +# 4.0. But these are not the ones currently used! Their "compact" +# counterparts are, for security reason. ppc_AES_encrypt_compact runs +# at 1/2 of ppc_AES_encrypt speed, while ppc_AES_decrypt_compact - +# at 1/3 of ppc_AES_decrypt. + +# February 2010 +# +# Rescheduling instructions to favour Power6 pipeline gave 10% +# performance improvement on the platfrom in question (and marginal +# improvement even on others). It should be noted that Power6 fails +# to process byte in 18 cycles, only in 23, because it fails to issue +# 4 load instructions in two cycles, only in 3. As result non-compact +# block subroutines are 25% slower than one would expect. Compact +# functions scale better, because they have pure computational part, +# which scales perfectly with clock frequency. To be specific +# ppc_AES_encrypt_compact operates at 42 cycles per byte, while +# ppc_AES_decrypt_compact - at 55 (in 64-bit build). + +$flavour = shift; + +if ($flavour =~ /64/) { + $SIZE_T =8; + $LRSAVE =2*$SIZE_T; + $STU ="stdu"; + $POP ="ld"; + $PUSH ="std"; +} elsif ($flavour =~ /32/) { + $SIZE_T =4; + $LRSAVE =$SIZE_T; + $STU ="stwu"; + $POP ="lwz"; + $PUSH ="stw"; +} else { die "nonsense $flavour"; } + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or +die "can't locate ppc-xlate.pl"; + +open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!"; + +$FRAME=32*$SIZE_T; + +sub _data_word() +{ my $i; + while(defined($i=shift)) { $code.=sprintf"\t.long\t0x%08x,0x%08x\n",$i,$i; } +} + +$sp="r1"; +$toc="r2"; +$inp="r3"; +$out="r4"; +$key="r5"; + +$Tbl0="r3"; +$Tbl1="r6"; +$Tbl2="r7"; +$Tbl3="r2"; + +$s0="r8"; +$s1="r9"; +$s2="r10"; +$s3="r11"; + +$t0="r12"; +$t1="r13"; +$t2="r14"; +$t3="r15"; + +$acc00="r16"; +$acc01="r17"; +$acc02="r18"; +$acc03="r19"; + +$acc04="r20"; +$acc05="r21"; +$acc06="r22"; +$acc07="r23"; + +$acc08="r24"; +$acc09="r25"; +$acc10="r26"; +$acc11="r27"; + +$acc12="r28"; +$acc13="r29"; +$acc14="r30"; +$acc15="r31"; + +# stay away from TLS pointer +if ($SIZE_T==8) { die if ($t1 ne "r13"); $t1="r0"; } +else { die if ($Tbl3 ne "r2"); $Tbl3=$t0; $t0="r0"; } +$mask80=$Tbl2; +$mask1b=$Tbl3; + +$code.=<<___; +.machine "any" +.text + +.align 7 +LAES_Te: + mflr r0 + bcl 20,31,\$+4 + mflr $Tbl0 ; vvvvv "distance" between . and 1st data entry + addi $Tbl0,$Tbl0,`128-8` + mtlr r0 + blr + .long 0 + .byte 0,12,0x14,0,0,0,0,0 + .space `64-9*4` +LAES_Td: + mflr r0 + bcl 20,31,\$+4 + mflr $Tbl0 ; vvvvvvvv "distance" between . and 1st data entry + addi $Tbl0,$Tbl0,`128-64-8+2048+256` + mtlr r0 + blr + .long 0 + .byte 0,12,0x14,0,0,0,0,0 + .space `128-64-9*4` +___ +&_data_word( + 0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d, + 0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554, + 0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d, + 0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a, + 0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87, + 0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b, + 0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea, + 0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b, + 0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a, + 0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f, + 0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108, + 0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f, + 0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e, + 0x30181828, 0x379696a1, 0x0a05050f, 0x2f9a9ab5, + 0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d, + 0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f, + 0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e, + 0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb, + 0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce, + 0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497, + 0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c, + 0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed, + 0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b, + 0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a, + 0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16, + 0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594, + 0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81, + 0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3, + 0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x058f8f8a, + 0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504, + 0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163, + 0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d, + 0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f, + 0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739, + 0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47, + 0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395, + 0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f, + 0x44222266, 0x542a2a7e, 0x3b9090ab, 0x0b888883, + 0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c, + 0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76, + 0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e, + 0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4, + 0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6, + 0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b, + 0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7, + 0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0, + 0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25, + 0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818, + 0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72, + 0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651, + 0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21, + 0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85, + 0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa, + 0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12, + 0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0, + 0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9, + 0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133, + 0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7, + 0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920, + 0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a, + 0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17, + 0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8, + 0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11, + 0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a); +$code.=<<___; +.byte 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5 +.byte 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76 +.byte 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0 +.byte 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0 +.byte 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc +.byte 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15 +.byte 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a +.byte 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75 +.byte 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0 +.byte 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84 +.byte 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b +.byte 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf +.byte 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85 +.byte 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8 +.byte 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5 +.byte 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2 +.byte 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17 +.byte 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73 +.byte 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88 +.byte 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb +.byte 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c +.byte 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79 +.byte 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9 +.byte 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08 +.byte 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6 +.byte 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a +.byte 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e +.byte 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e +.byte 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94 +.byte 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf +.byte 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68 +.byte 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 +___ +&_data_word( + 0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96, + 0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393, + 0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25, + 0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f, + 0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1, + 0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6, + 0x038f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da, + 0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844, + 0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd, + 0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4, + 0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45, + 0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94, + 0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7, + 0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a, + 0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5, + 0x302887f2, 0x23bfa5b2, 0x02036aba, 0xed16825c, + 0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1, + 0x65daf4cd, 0x0605bed5, 0xd134621f, 0xc4a6fe8a, + 0x342e539d, 0xa2f355a0, 0x058ae132, 0xa4f6eb75, + 0x0b83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051, + 0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46, + 0x91548db5, 0x71c45d05, 0x0406d46f, 0x605015ff, + 0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77, + 0xb0e842bd, 0x07898b88, 0xe7195b38, 0x79c8eedb, + 0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x00000000, + 0x09808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e, + 0xfd0efffb, 0x0f853856, 0x3daed51e, 0x362d3927, + 0x0a0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a, + 0x0c0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e, + 0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16, + 0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d, + 0x0e090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8, + 0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd, + 0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34, + 0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163, + 0xd731dcca, 0x42638510, 0x13972240, 0x84c61120, + 0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d, + 0x1d9e2f4b, 0xdcb230f3, 0x0d8652ec, 0x77c1e3d0, + 0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422, + 0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef, + 0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36, + 0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4, + 0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662, + 0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5, + 0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3, + 0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b, + 0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8, + 0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6, + 0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6, + 0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0, + 0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815, + 0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f, + 0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df, + 0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f, + 0x9d5eea04, 0x018c355d, 0xfa877473, 0xfb0b412e, + 0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713, + 0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89, + 0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c, + 0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf, + 0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86, + 0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f, + 0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541, + 0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190, + 0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742); +$code.=<<___; +.byte 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38 +.byte 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb +.byte 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87 +.byte 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb +.byte 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d +.byte 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e +.byte 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2 +.byte 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25 +.byte 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16 +.byte 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92 +.byte 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda +.byte 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84 +.byte 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a +.byte 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06 +.byte 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02 +.byte 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b +.byte 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea +.byte 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73 +.byte 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85 +.byte 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e +.byte 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89 +.byte 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b +.byte 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20 +.byte 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4 +.byte 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31 +.byte 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f +.byte 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d +.byte 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef +.byte 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0 +.byte 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61 +.byte 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26 +.byte 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d + + +.globl .AES_encrypt +.align 7 +.AES_encrypt: + $STU $sp,-$FRAME($sp) + mflr r0 + + $PUSH $toc,`$FRAME-$SIZE_T*20`($sp) + $PUSH r13,`$FRAME-$SIZE_T*19`($sp) + $PUSH r14,`$FRAME-$SIZE_T*18`($sp) + $PUSH r15,`$FRAME-$SIZE_T*17`($sp) + $PUSH r16,`$FRAME-$SIZE_T*16`($sp) + $PUSH r17,`$FRAME-$SIZE_T*15`($sp) + $PUSH r18,`$FRAME-$SIZE_T*14`($sp) + $PUSH r19,`$FRAME-$SIZE_T*13`($sp) + $PUSH r20,`$FRAME-$SIZE_T*12`($sp) + $PUSH r21,`$FRAME-$SIZE_T*11`($sp) + $PUSH r22,`$FRAME-$SIZE_T*10`($sp) + $PUSH r23,`$FRAME-$SIZE_T*9`($sp) + $PUSH r24,`$FRAME-$SIZE_T*8`($sp) + $PUSH r25,`$FRAME-$SIZE_T*7`($sp) + $PUSH r26,`$FRAME-$SIZE_T*6`($sp) + $PUSH r27,`$FRAME-$SIZE_T*5`($sp) + $PUSH r28,`$FRAME-$SIZE_T*4`($sp) + $PUSH r29,`$FRAME-$SIZE_T*3`($sp) + $PUSH r30,`$FRAME-$SIZE_T*2`($sp) + $PUSH r31,`$FRAME-$SIZE_T*1`($sp) + $PUSH r0,`$FRAME+$LRSAVE`($sp) + + andi. $t0,$inp,3 + andi. $t1,$out,3 + or. $t0,$t0,$t1 + bne Lenc_unaligned + +Lenc_unaligned_ok: + lwz $s0,0($inp) + lwz $s1,4($inp) + lwz $s2,8($inp) + lwz $s3,12($inp) + bl LAES_Te + bl Lppc_AES_encrypt_compact + stw $s0,0($out) + stw $s1,4($out) + stw $s2,8($out) + stw $s3,12($out) + b Lenc_done + +Lenc_unaligned: + subfic $t0,$inp,4096 + subfic $t1,$out,4096 + andi. $t0,$t0,4096-16 + beq Lenc_xpage + andi. $t1,$t1,4096-16 + bne Lenc_unaligned_ok + +Lenc_xpage: + lbz $acc00,0($inp) + lbz $acc01,1($inp) + lbz $acc02,2($inp) + lbz $s0,3($inp) + lbz $acc04,4($inp) + lbz $acc05,5($inp) + lbz $acc06,6($inp) + lbz $s1,7($inp) + lbz $acc08,8($inp) + lbz $acc09,9($inp) + lbz $acc10,10($inp) + insrwi $s0,$acc00,8,0 + lbz $s2,11($inp) + insrwi $s1,$acc04,8,0 + lbz $acc12,12($inp) + insrwi $s0,$acc01,8,8 + lbz $acc13,13($inp) + insrwi $s1,$acc05,8,8 + lbz $acc14,14($inp) + insrwi $s0,$acc02,8,16 + lbz $s3,15($inp) + insrwi $s1,$acc06,8,16 + insrwi $s2,$acc08,8,0 + insrwi $s3,$acc12,8,0 + insrwi $s2,$acc09,8,8 + insrwi $s3,$acc13,8,8 + insrwi $s2,$acc10,8,16 + insrwi $s3,$acc14,8,16 + + bl LAES_Te + bl Lppc_AES_encrypt_compact + + extrwi $acc00,$s0,8,0 + extrwi $acc01,$s0,8,8 + stb $acc00,0($out) + extrwi $acc02,$s0,8,16 + stb $acc01,1($out) + stb $acc02,2($out) + extrwi $acc04,$s1,8,0 + stb $s0,3($out) + extrwi $acc05,$s1,8,8 + stb $acc04,4($out) + extrwi $acc06,$s1,8,16 + stb $acc05,5($out) + stb $acc06,6($out) + extrwi $acc08,$s2,8,0 + stb $s1,7($out) + extrwi $acc09,$s2,8,8 + stb $acc08,8($out) + extrwi $acc10,$s2,8,16 + stb $acc09,9($out) + stb $acc10,10($out) + extrwi $acc12,$s3,8,0 + stb $s2,11($out) + extrwi $acc13,$s3,8,8 + stb $acc12,12($out) + extrwi $acc14,$s3,8,16 + stb $acc13,13($out) + stb $acc14,14($out) + stb $s3,15($out) + +Lenc_done: + $POP r0,`$FRAME+$LRSAVE`($sp) + $POP $toc,`$FRAME-$SIZE_T*20`($sp) + $POP r13,`$FRAME-$SIZE_T*19`($sp) + $POP r14,`$FRAME-$SIZE_T*18`($sp) + $POP r15,`$FRAME-$SIZE_T*17`($sp) + $POP r16,`$FRAME-$SIZE_T*16`($sp) + $POP r17,`$FRAME-$SIZE_T*15`($sp) + $POP r18,`$FRAME-$SIZE_T*14`($sp) + $POP r19,`$FRAME-$SIZE_T*13`($sp) + $POP r20,`$FRAME-$SIZE_T*12`($sp) + $POP r21,`$FRAME-$SIZE_T*11`($sp) + $POP r22,`$FRAME-$SIZE_T*10`($sp) + $POP r23,`$FRAME-$SIZE_T*9`($sp) + $POP r24,`$FRAME-$SIZE_T*8`($sp) + $POP r25,`$FRAME-$SIZE_T*7`($sp) + $POP r26,`$FRAME-$SIZE_T*6`($sp) + $POP r27,`$FRAME-$SIZE_T*5`($sp) + $POP r28,`$FRAME-$SIZE_T*4`($sp) + $POP r29,`$FRAME-$SIZE_T*3`($sp) + $POP r30,`$FRAME-$SIZE_T*2`($sp) + $POP r31,`$FRAME-$SIZE_T*1`($sp) + mtlr r0 + addi $sp,$sp,$FRAME + blr + .long 0 + .byte 0,12,4,1,0x80,18,3,0 + .long 0 + +.align 5 +Lppc_AES_encrypt: + lwz $acc00,240($key) + addi $Tbl1,$Tbl0,3 + lwz $t0,0($key) + addi $Tbl2,$Tbl0,2 + lwz $t1,4($key) + addi $Tbl3,$Tbl0,1 + lwz $t2,8($key) + addi $acc00,$acc00,-1 + lwz $t3,12($key) + addi $key,$key,16 + xor $s0,$s0,$t0 + xor $s1,$s1,$t1 + xor $s2,$s2,$t2 + xor $s3,$s3,$t3 + mtctr $acc00 +.align 4 +Lenc_loop: + rlwinm $acc00,$s0,`32-24+3`,21,28 + rlwinm $acc01,$s1,`32-24+3`,21,28 + rlwinm $acc02,$s2,`32-24+3`,21,28 + rlwinm $acc03,$s3,`32-24+3`,21,28 + lwz $t0,0($key) + rlwinm $acc04,$s1,`32-16+3`,21,28 + lwz $t1,4($key) + rlwinm $acc05,$s2,`32-16+3`,21,28 + lwz $t2,8($key) + rlwinm $acc06,$s3,`32-16+3`,21,28 + lwz $t3,12($key) + rlwinm $acc07,$s0,`32-16+3`,21,28 + lwzx $acc00,$Tbl0,$acc00 + rlwinm $acc08,$s2,`32-8+3`,21,28 + lwzx $acc01,$Tbl0,$acc01 + rlwinm $acc09,$s3,`32-8+3`,21,28 + lwzx $acc02,$Tbl0,$acc02 + rlwinm $acc10,$s0,`32-8+3`,21,28 + lwzx $acc03,$Tbl0,$acc03 + rlwinm $acc11,$s1,`32-8+3`,21,28 + lwzx $acc04,$Tbl1,$acc04 + rlwinm $acc12,$s3,`0+3`,21,28 + lwzx $acc05,$Tbl1,$acc05 + rlwinm $acc13,$s0,`0+3`,21,28 + lwzx $acc06,$Tbl1,$acc06 + rlwinm $acc14,$s1,`0+3`,21,28 + lwzx $acc07,$Tbl1,$acc07 + rlwinm $acc15,$s2,`0+3`,21,28 + lwzx $acc08,$Tbl2,$acc08 + xor $t0,$t0,$acc00 + lwzx $acc09,$Tbl2,$acc09 + xor $t1,$t1,$acc01 + lwzx $acc10,$Tbl2,$acc10 + xor $t2,$t2,$acc02 + lwzx $acc11,$Tbl2,$acc11 + xor $t3,$t3,$acc03 + lwzx $acc12,$Tbl3,$acc12 + xor $t0,$t0,$acc04 + lwzx $acc13,$Tbl3,$acc13 + xor $t1,$t1,$acc05 + lwzx $acc14,$Tbl3,$acc14 + xor $t2,$t2,$acc06 + lwzx $acc15,$Tbl3,$acc15 + xor $t3,$t3,$acc07 + xor $t0,$t0,$acc08 + xor $t1,$t1,$acc09 + xor $t2,$t2,$acc10 + xor $t3,$t3,$acc11 + xor $s0,$t0,$acc12 + xor $s1,$t1,$acc13 + xor $s2,$t2,$acc14 + xor $s3,$t3,$acc15 + addi $key,$key,16 + bdnz- Lenc_loop + + addi $Tbl2,$Tbl0,2048 + nop + lwz $t0,0($key) + rlwinm $acc00,$s0,`32-24`,24,31 + lwz $t1,4($key) + rlwinm $acc01,$s1,`32-24`,24,31 + lwz $t2,8($key) + rlwinm $acc02,$s2,`32-24`,24,31 + lwz $t3,12($key) + rlwinm $acc03,$s3,`32-24`,24,31 + lwz $acc08,`2048+0`($Tbl0) ! prefetch Te4 + rlwinm $acc04,$s1,`32-16`,24,31 + lwz $acc09,`2048+32`($Tbl0) + rlwinm $acc05,$s2,`32-16`,24,31 + lwz $acc10,`2048+64`($Tbl0) + rlwinm $acc06,$s3,`32-16`,24,31 + lwz $acc11,`2048+96`($Tbl0) + rlwinm $acc07,$s0,`32-16`,24,31 + lwz $acc12,`2048+128`($Tbl0) + rlwinm $acc08,$s2,`32-8`,24,31 + lwz $acc13,`2048+160`($Tbl0) + rlwinm $acc09,$s3,`32-8`,24,31 + lwz $acc14,`2048+192`($Tbl0) + rlwinm $acc10,$s0,`32-8`,24,31 + lwz $acc15,`2048+224`($Tbl0) + rlwinm $acc11,$s1,`32-8`,24,31 + lbzx $acc00,$Tbl2,$acc00 + rlwinm $acc12,$s3,`0`,24,31 + lbzx $acc01,$Tbl2,$acc01 + rlwinm $acc13,$s0,`0`,24,31 + lbzx $acc02,$Tbl2,$acc02 + rlwinm $acc14,$s1,`0`,24,31 + lbzx $acc03,$Tbl2,$acc03 + rlwinm $acc15,$s2,`0`,24,31 + lbzx $acc04,$Tbl2,$acc04 + rlwinm $s0,$acc00,24,0,7 + lbzx $acc05,$Tbl2,$acc05 + rlwinm $s1,$acc01,24,0,7 + lbzx $acc06,$Tbl2,$acc06 + rlwinm $s2,$acc02,24,0,7 + lbzx $acc07,$Tbl2,$acc07 + rlwinm $s3,$acc03,24,0,7 + lbzx $acc08,$Tbl2,$acc08 + rlwimi $s0,$acc04,16,8,15 + lbzx $acc09,$Tbl2,$acc09 + rlwimi $s1,$acc05,16,8,15 + lbzx $acc10,$Tbl2,$acc10 + rlwimi $s2,$acc06,16,8,15 + lbzx $acc11,$Tbl2,$acc11 + rlwimi $s3,$acc07,16,8,15 + lbzx $acc12,$Tbl2,$acc12 + rlwimi $s0,$acc08,8,16,23 + lbzx $acc13,$Tbl2,$acc13 + rlwimi $s1,$acc09,8,16,23 + lbzx $acc14,$Tbl2,$acc14 + rlwimi $s2,$acc10,8,16,23 + lbzx $acc15,$Tbl2,$acc15 + rlwimi $s3,$acc11,8,16,23 + or $s0,$s0,$acc12 + or $s1,$s1,$acc13 + or $s2,$s2,$acc14 + or $s3,$s3,$acc15 + xor $s0,$s0,$t0 + xor $s1,$s1,$t1 + xor $s2,$s2,$t2 + xor $s3,$s3,$t3 + blr + .long 0 + .byte 0,12,0x14,0,0,0,0,0 + +.align 4 +Lppc_AES_encrypt_compact: + lwz $acc00,240($key) + addi $Tbl1,$Tbl0,2048 + lwz $t0,0($key) + lis $mask80,0x8080 + lwz $t1,4($key) + lis $mask1b,0x1b1b + lwz $t2,8($key) + ori $mask80,$mask80,0x8080 + lwz $t3,12($key) + ori $mask1b,$mask1b,0x1b1b + addi $key,$key,16 + mtctr $acc00 +.align 4 +Lenc_compact_loop: + xor $s0,$s0,$t0 + xor $s1,$s1,$t1 + rlwinm $acc00,$s0,`32-24`,24,31 + xor $s2,$s2,$t2 + rlwinm $acc01,$s1,`32-24`,24,31 + xor $s3,$s3,$t3 + rlwinm $acc02,$s2,`32-24`,24,31 + rlwinm $acc03,$s3,`32-24`,24,31 + rlwinm $acc04,$s1,`32-16`,24,31 + rlwinm $acc05,$s2,`32-16`,24,31 + rlwinm $acc06,$s3,`32-16`,24,31 + rlwinm $acc07,$s0,`32-16`,24,31 + lbzx $acc00,$Tbl1,$acc00 + rlwinm $acc08,$s2,`32-8`,24,31 + lbzx $acc01,$Tbl1,$acc01 + rlwinm $acc09,$s3,`32-8`,24,31 + lbzx $acc02,$Tbl1,$acc02 + rlwinm $acc10,$s0,`32-8`,24,31 + lbzx $acc03,$Tbl1,$acc03 + rlwinm $acc11,$s1,`32-8`,24,31 + lbzx $acc04,$Tbl1,$acc04 + rlwinm $acc12,$s3,`0`,24,31 + lbzx $acc05,$Tbl1,$acc05 + rlwinm $acc13,$s0,`0`,24,31 + lbzx $acc06,$Tbl1,$acc06 + rlwinm $acc14,$s1,`0`,24,31 + lbzx $acc07,$Tbl1,$acc07 + rlwinm $acc15,$s2,`0`,24,31 + lbzx $acc08,$Tbl1,$acc08 + rlwinm $s0,$acc00,24,0,7 + lbzx $acc09,$Tbl1,$acc09 + rlwinm $s1,$acc01,24,0,7 + lbzx $acc10,$Tbl1,$acc10 + rlwinm $s2,$acc02,24,0,7 + lbzx $acc11,$Tbl1,$acc11 + rlwinm $s3,$acc03,24,0,7 + lbzx $acc12,$Tbl1,$acc12 + rlwimi $s0,$acc04,16,8,15 + lbzx $acc13,$Tbl1,$acc13 + rlwimi $s1,$acc05,16,8,15 + lbzx $acc14,$Tbl1,$acc14 + rlwimi $s2,$acc06,16,8,15 + lbzx $acc15,$Tbl1,$acc15 + rlwimi $s3,$acc07,16,8,15 + rlwimi $s0,$acc08,8,16,23 + rlwimi $s1,$acc09,8,16,23 + rlwimi $s2,$acc10,8,16,23 + rlwimi $s3,$acc11,8,16,23 + lwz $t0,0($key) + or $s0,$s0,$acc12 + lwz $t1,4($key) + or $s1,$s1,$acc13 + lwz $t2,8($key) + or $s2,$s2,$acc14 + lwz $t3,12($key) + or $s3,$s3,$acc15 + + addi $key,$key,16 + bdz Lenc_compact_done + + and $acc00,$s0,$mask80 # r1=r0&0x80808080 + and $acc01,$s1,$mask80 + and $acc02,$s2,$mask80 + and $acc03,$s3,$mask80 + srwi $acc04,$acc00,7 # r1>>7 + andc $acc08,$s0,$mask80 # r0&0x7f7f7f7f + srwi $acc05,$acc01,7 + andc $acc09,$s1,$mask80 + srwi $acc06,$acc02,7 + andc $acc10,$s2,$mask80 + srwi $acc07,$acc03,7 + andc $acc11,$s3,$mask80 + sub $acc00,$acc00,$acc04 # r1-(r1>>7) + sub $acc01,$acc01,$acc05 + sub $acc02,$acc02,$acc06 + sub $acc03,$acc03,$acc07 + add $acc08,$acc08,$acc08 # (r0&0x7f7f7f7f)<<1 + add $acc09,$acc09,$acc09 + add $acc10,$acc10,$acc10 + add $acc11,$acc11,$acc11 + and $acc00,$acc00,$mask1b # (r1-(r1>>7))&0x1b1b1b1b + and $acc01,$acc01,$mask1b + and $acc02,$acc02,$mask1b + and $acc03,$acc03,$mask1b + xor $acc00,$acc00,$acc08 # r2 + xor $acc01,$acc01,$acc09 + rotlwi $acc12,$s0,16 # ROTATE(r0,16) + xor $acc02,$acc02,$acc10 + rotlwi $acc13,$s1,16 + xor $acc03,$acc03,$acc11 + rotlwi $acc14,$s2,16 + + xor $s0,$s0,$acc00 # r0^r2 + rotlwi $acc15,$s3,16 + xor $s1,$s1,$acc01 + rotrwi $s0,$s0,24 # ROTATE(r2^r0,24) + xor $s2,$s2,$acc02 + rotrwi $s1,$s1,24 + xor $s3,$s3,$acc03 + rotrwi $s2,$s2,24 + xor $s0,$s0,$acc00 # ROTATE(r2^r0,24)^r2 + rotrwi $s3,$s3,24 + xor $s1,$s1,$acc01 + xor $s2,$s2,$acc02 + xor $s3,$s3,$acc03 + rotlwi $acc08,$acc12,8 # ROTATE(r0,24) + xor $s0,$s0,$acc12 # + rotlwi $acc09,$acc13,8 + xor $s1,$s1,$acc13 + rotlwi $acc10,$acc14,8 + xor $s2,$s2,$acc14 + rotlwi $acc11,$acc15,8 + xor $s3,$s3,$acc15 + xor $s0,$s0,$acc08 # + xor $s1,$s1,$acc09 + xor $s2,$s2,$acc10 + xor $s3,$s3,$acc11 + + b Lenc_compact_loop +.align 4 +Lenc_compact_done: + xor $s0,$s0,$t0 + xor $s1,$s1,$t1 + xor $s2,$s2,$t2 + xor $s3,$s3,$t3 + blr + .long 0 + .byte 0,12,0x14,0,0,0,0,0 + +.globl .AES_decrypt +.align 7 +.AES_decrypt: + $STU $sp,-$FRAME($sp) + mflr r0 + + $PUSH $toc,`$FRAME-$SIZE_T*20`($sp) + $PUSH r13,`$FRAME-$SIZE_T*19`($sp) + $PUSH r14,`$FRAME-$SIZE_T*18`($sp) + $PUSH r15,`$FRAME-$SIZE_T*17`($sp) + $PUSH r16,`$FRAME-$SIZE_T*16`($sp) + $PUSH r17,`$FRAME-$SIZE_T*15`($sp) + $PUSH r18,`$FRAME-$SIZE_T*14`($sp) + $PUSH r19,`$FRAME-$SIZE_T*13`($sp) + $PUSH r20,`$FRAME-$SIZE_T*12`($sp) + $PUSH r21,`$FRAME-$SIZE_T*11`($sp) + $PUSH r22,`$FRAME-$SIZE_T*10`($sp) + $PUSH r23,`$FRAME-$SIZE_T*9`($sp) + $PUSH r24,`$FRAME-$SIZE_T*8`($sp) + $PUSH r25,`$FRAME-$SIZE_T*7`($sp) + $PUSH r26,`$FRAME-$SIZE_T*6`($sp) + $PUSH r27,`$FRAME-$SIZE_T*5`($sp) + $PUSH r28,`$FRAME-$SIZE_T*4`($sp) + $PUSH r29,`$FRAME-$SIZE_T*3`($sp) + $PUSH r30,`$FRAME-$SIZE_T*2`($sp) + $PUSH r31,`$FRAME-$SIZE_T*1`($sp) + $PUSH r0,`$FRAME+$LRSAVE`($sp) + + andi. $t0,$inp,3 + andi. $t1,$out,3 + or. $t0,$t0,$t1 + bne Ldec_unaligned + +Ldec_unaligned_ok: + lwz $s0,0($inp) + lwz $s1,4($inp) + lwz $s2,8($inp) + lwz $s3,12($inp) + bl LAES_Td + bl Lppc_AES_decrypt_compact + stw $s0,0($out) + stw $s1,4($out) + stw $s2,8($out) + stw $s3,12($out) + b Ldec_done + +Ldec_unaligned: + subfic $t0,$inp,4096 + subfic $t1,$out,4096 + andi. $t0,$t0,4096-16 + beq Ldec_xpage + andi. $t1,$t1,4096-16 + bne Ldec_unaligned_ok + +Ldec_xpage: + lbz $acc00,0($inp) + lbz $acc01,1($inp) + lbz $acc02,2($inp) + lbz $s0,3($inp) + lbz $acc04,4($inp) + lbz $acc05,5($inp) + lbz $acc06,6($inp) + lbz $s1,7($inp) + lbz $acc08,8($inp) + lbz $acc09,9($inp) + lbz $acc10,10($inp) + insrwi $s0,$acc00,8,0 + lbz $s2,11($inp) + insrwi $s1,$acc04,8,0 + lbz $acc12,12($inp) + insrwi $s0,$acc01,8,8 + lbz $acc13,13($inp) + insrwi $s1,$acc05,8,8 + lbz $acc14,14($inp) + insrwi $s0,$acc02,8,16 + lbz $s3,15($inp) + insrwi $s1,$acc06,8,16 + insrwi $s2,$acc08,8,0 + insrwi $s3,$acc12,8,0 + insrwi $s2,$acc09,8,8 + insrwi $s3,$acc13,8,8 + insrwi $s2,$acc10,8,16 + insrwi $s3,$acc14,8,16 + + bl LAES_Td + bl Lppc_AES_decrypt_compact + + extrwi $acc00,$s0,8,0 + extrwi $acc01,$s0,8,8 + stb $acc00,0($out) + extrwi $acc02,$s0,8,16 + stb $acc01,1($out) + stb $acc02,2($out) + extrwi $acc04,$s1,8,0 + stb $s0,3($out) + extrwi $acc05,$s1,8,8 + stb $acc04,4($out) + extrwi $acc06,$s1,8,16 + stb $acc05,5($out) + stb $acc06,6($out) + extrwi $acc08,$s2,8,0 + stb $s1,7($out) + extrwi $acc09,$s2,8,8 + stb $acc08,8($out) + extrwi $acc10,$s2,8,16 + stb $acc09,9($out) + stb $acc10,10($out) + extrwi $acc12,$s3,8,0 + stb $s2,11($out) + extrwi $acc13,$s3,8,8 + stb $acc12,12($out) + extrwi $acc14,$s3,8,16 + stb $acc13,13($out) + stb $acc14,14($out) + stb $s3,15($out) + +Ldec_done: + $POP r0,`$FRAME+$LRSAVE`($sp) + $POP $toc,`$FRAME-$SIZE_T*20`($sp) + $POP r13,`$FRAME-$SIZE_T*19`($sp) + $POP r14,`$FRAME-$SIZE_T*18`($sp) + $POP r15,`$FRAME-$SIZE_T*17`($sp) + $POP r16,`$FRAME-$SIZE_T*16`($sp) + $POP r17,`$FRAME-$SIZE_T*15`($sp) + $POP r18,`$FRAME-$SIZE_T*14`($sp) + $POP r19,`$FRAME-$SIZE_T*13`($sp) + $POP r20,`$FRAME-$SIZE_T*12`($sp) + $POP r21,`$FRAME-$SIZE_T*11`($sp) + $POP r22,`$FRAME-$SIZE_T*10`($sp) + $POP r23,`$FRAME-$SIZE_T*9`($sp) + $POP r24,`$FRAME-$SIZE_T*8`($sp) + $POP r25,`$FRAME-$SIZE_T*7`($sp) + $POP r26,`$FRAME-$SIZE_T*6`($sp) + $POP r27,`$FRAME-$SIZE_T*5`($sp) + $POP r28,`$FRAME-$SIZE_T*4`($sp) + $POP r29,`$FRAME-$SIZE_T*3`($sp) + $POP r30,`$FRAME-$SIZE_T*2`($sp) + $POP r31,`$FRAME-$SIZE_T*1`($sp) + mtlr r0 + addi $sp,$sp,$FRAME + blr + .long 0 + .byte 0,12,4,1,0x80,18,3,0 + .long 0 + +.align 5 +Lppc_AES_decrypt: + lwz $acc00,240($key) + addi $Tbl1,$Tbl0,3 + lwz $t0,0($key) + addi $Tbl2,$Tbl0,2 + lwz $t1,4($key) + addi $Tbl3,$Tbl0,1 + lwz $t2,8($key) + addi $acc00,$acc00,-1 + lwz $t3,12($key) + addi $key,$key,16 + xor $s0,$s0,$t0 + xor $s1,$s1,$t1 + xor $s2,$s2,$t2 + xor $s3,$s3,$t3 + mtctr $acc00 +.align 4 +Ldec_loop: + rlwinm $acc00,$s0,`32-24+3`,21,28 + rlwinm $acc01,$s1,`32-24+3`,21,28 + rlwinm $acc02,$s2,`32-24+3`,21,28 + rlwinm $acc03,$s3,`32-24+3`,21,28 + lwz $t0,0($key) + rlwinm $acc04,$s3,`32-16+3`,21,28 + lwz $t1,4($key) + rlwinm $acc05,$s0,`32-16+3`,21,28 + lwz $t2,8($key) + rlwinm $acc06,$s1,`32-16+3`,21,28 + lwz $t3,12($key) + rlwinm $acc07,$s2,`32-16+3`,21,28 + lwzx $acc00,$Tbl0,$acc00 + rlwinm $acc08,$s2,`32-8+3`,21,28 + lwzx $acc01,$Tbl0,$acc01 + rlwinm $acc09,$s3,`32-8+3`,21,28 + lwzx $acc02,$Tbl0,$acc02 + rlwinm $acc10,$s0,`32-8+3`,21,28 + lwzx $acc03,$Tbl0,$acc03 + rlwinm $acc11,$s1,`32-8+3`,21,28 + lwzx $acc04,$Tbl1,$acc04 + rlwinm $acc12,$s1,`0+3`,21,28 + lwzx $acc05,$Tbl1,$acc05 + rlwinm $acc13,$s2,`0+3`,21,28 + lwzx $acc06,$Tbl1,$acc06 + rlwinm $acc14,$s3,`0+3`,21,28 + lwzx $acc07,$Tbl1,$acc07 + rlwinm $acc15,$s0,`0+3`,21,28 + lwzx $acc08,$Tbl2,$acc08 + xor $t0,$t0,$acc00 + lwzx $acc09,$Tbl2,$acc09 + xor $t1,$t1,$acc01 + lwzx $acc10,$Tbl2,$acc10 + xor $t2,$t2,$acc02 + lwzx $acc11,$Tbl2,$acc11 + xor $t3,$t3,$acc03 + lwzx $acc12,$Tbl3,$acc12 + xor $t0,$t0,$acc04 + lwzx $acc13,$Tbl3,$acc13 + xor $t1,$t1,$acc05 + lwzx $acc14,$Tbl3,$acc14 + xor $t2,$t2,$acc06 + lwzx $acc15,$Tbl3,$acc15 + xor $t3,$t3,$acc07 + xor $t0,$t0,$acc08 + xor $t1,$t1,$acc09 + xor $t2,$t2,$acc10 + xor $t3,$t3,$acc11 + xor $s0,$t0,$acc12 + xor $s1,$t1,$acc13 + xor $s2,$t2,$acc14 + xor $s3,$t3,$acc15 + addi $key,$key,16 + bdnz- Ldec_loop + + addi $Tbl2,$Tbl0,2048 + nop + lwz $t0,0($key) + rlwinm $acc00,$s0,`32-24`,24,31 + lwz $t1,4($key) + rlwinm $acc01,$s1,`32-24`,24,31 + lwz $t2,8($key) + rlwinm $acc02,$s2,`32-24`,24,31 + lwz $t3,12($key) + rlwinm $acc03,$s3,`32-24`,24,31 + lwz $acc08,`2048+0`($Tbl0) ! prefetch Td4 + rlwinm $acc04,$s3,`32-16`,24,31 + lwz $acc09,`2048+32`($Tbl0) + rlwinm $acc05,$s0,`32-16`,24,31 + lwz $acc10,`2048+64`($Tbl0) + lbzx $acc00,$Tbl2,$acc00 + lwz $acc11,`2048+96`($Tbl0) + lbzx $acc01,$Tbl2,$acc01 + lwz $acc12,`2048+128`($Tbl0) + rlwinm $acc06,$s1,`32-16`,24,31 + lwz $acc13,`2048+160`($Tbl0) + rlwinm $acc07,$s2,`32-16`,24,31 + lwz $acc14,`2048+192`($Tbl0) + rlwinm $acc08,$s2,`32-8`,24,31 + lwz $acc15,`2048+224`($Tbl0) + rlwinm $acc09,$s3,`32-8`,24,31 + lbzx $acc02,$Tbl2,$acc02 + rlwinm $acc10,$s0,`32-8`,24,31 + lbzx $acc03,$Tbl2,$acc03 + rlwinm $acc11,$s1,`32-8`,24,31 + lbzx $acc04,$Tbl2,$acc04 + rlwinm $acc12,$s1,`0`,24,31 + lbzx $acc05,$Tbl2,$acc05 + rlwinm $acc13,$s2,`0`,24,31 + lbzx $acc06,$Tbl2,$acc06 + rlwinm $acc14,$s3,`0`,24,31 + lbzx $acc07,$Tbl2,$acc07 + rlwinm $acc15,$s0,`0`,24,31 + lbzx $acc08,$Tbl2,$acc08 + rlwinm $s0,$acc00,24,0,7 + lbzx $acc09,$Tbl2,$acc09 + rlwinm $s1,$acc01,24,0,7 + lbzx $acc10,$Tbl2,$acc10 + rlwinm $s2,$acc02,24,0,7 + lbzx $acc11,$Tbl2,$acc11 + rlwinm $s3,$acc03,24,0,7 + lbzx $acc12,$Tbl2,$acc12 + rlwimi $s0,$acc04,16,8,15 + lbzx $acc13,$Tbl2,$acc13 + rlwimi $s1,$acc05,16,8,15 + lbzx $acc14,$Tbl2,$acc14 + rlwimi $s2,$acc06,16,8,15 + lbzx $acc15,$Tbl2,$acc15 + rlwimi $s3,$acc07,16,8,15 + rlwimi $s0,$acc08,8,16,23 + rlwimi $s1,$acc09,8,16,23 + rlwimi $s2,$acc10,8,16,23 + rlwimi $s3,$acc11,8,16,23 + or $s0,$s0,$acc12 + or $s1,$s1,$acc13 + or $s2,$s2,$acc14 + or $s3,$s3,$acc15 + xor $s0,$s0,$t0 + xor $s1,$s1,$t1 + xor $s2,$s2,$t2 + xor $s3,$s3,$t3 + blr + .long 0 + .byte 0,12,0x14,0,0,0,0,0 + +.align 4 +Lppc_AES_decrypt_compact: + lwz $acc00,240($key) + addi $Tbl1,$Tbl0,2048 + lwz $t0,0($key) + lis $mask80,0x8080 + lwz $t1,4($key) + lis $mask1b,0x1b1b + lwz $t2,8($key) + ori $mask80,$mask80,0x8080 + lwz $t3,12($key) + ori $mask1b,$mask1b,0x1b1b + addi $key,$key,16 +___ +$code.=<<___ if ($SIZE_T==8); + insrdi $mask80,$mask80,32,0 + insrdi $mask1b,$mask1b,32,0 +___ +$code.=<<___; + mtctr $acc00 +.align 4 +Ldec_compact_loop: + xor $s0,$s0,$t0 + xor $s1,$s1,$t1 + rlwinm $acc00,$s0,`32-24`,24,31 + xor $s2,$s2,$t2 + rlwinm $acc01,$s1,`32-24`,24,31 + xor $s3,$s3,$t3 + rlwinm $acc02,$s2,`32-24`,24,31 + rlwinm $acc03,$s3,`32-24`,24,31 + rlwinm $acc04,$s3,`32-16`,24,31 + rlwinm $acc05,$s0,`32-16`,24,31 + rlwinm $acc06,$s1,`32-16`,24,31 + rlwinm $acc07,$s2,`32-16`,24,31 + lbzx $acc00,$Tbl1,$acc00 + rlwinm $acc08,$s2,`32-8`,24,31 + lbzx $acc01,$Tbl1,$acc01 + rlwinm $acc09,$s3,`32-8`,24,31 + lbzx $acc02,$Tbl1,$acc02 + rlwinm $acc10,$s0,`32-8`,24,31 + lbzx $acc03,$Tbl1,$acc03 + rlwinm $acc11,$s1,`32-8`,24,31 + lbzx $acc04,$Tbl1,$acc04 + rlwinm $acc12,$s1,`0`,24,31 + lbzx $acc05,$Tbl1,$acc05 + rlwinm $acc13,$s2,`0`,24,31 + lbzx $acc06,$Tbl1,$acc06 + rlwinm $acc14,$s3,`0`,24,31 + lbzx $acc07,$Tbl1,$acc07 + rlwinm $acc15,$s0,`0`,24,31 + lbzx $acc08,$Tbl1,$acc08 + rlwinm $s0,$acc00,24,0,7 + lbzx $acc09,$Tbl1,$acc09 + rlwinm $s1,$acc01,24,0,7 + lbzx $acc10,$Tbl1,$acc10 + rlwinm $s2,$acc02,24,0,7 + lbzx $acc11,$Tbl1,$acc11 + rlwinm $s3,$acc03,24,0,7 + lbzx $acc12,$Tbl1,$acc12 + rlwimi $s0,$acc04,16,8,15 + lbzx $acc13,$Tbl1,$acc13 + rlwimi $s1,$acc05,16,8,15 + lbzx $acc14,$Tbl1,$acc14 + rlwimi $s2,$acc06,16,8,15 + lbzx $acc15,$Tbl1,$acc15 + rlwimi $s3,$acc07,16,8,15 + rlwimi $s0,$acc08,8,16,23 + rlwimi $s1,$acc09,8,16,23 + rlwimi $s2,$acc10,8,16,23 + rlwimi $s3,$acc11,8,16,23 + lwz $t0,0($key) + or $s0,$s0,$acc12 + lwz $t1,4($key) + or $s1,$s1,$acc13 + lwz $t2,8($key) + or $s2,$s2,$acc14 + lwz $t3,12($key) + or $s3,$s3,$acc15 + + addi $key,$key,16 + bdz Ldec_compact_done +___ +$code.=<<___ if ($SIZE_T==8); + # vectorized permutation improves decrypt performance by 10% + insrdi $s0,$s1,32,0 + insrdi $s2,$s3,32,0 + + and $acc00,$s0,$mask80 # r1=r0&0x80808080 + and $acc02,$s2,$mask80 + srdi $acc04,$acc00,7 # r1>>7 + srdi $acc06,$acc02,7 + andc $acc08,$s0,$mask80 # r0&0x7f7f7f7f + andc $acc10,$s2,$mask80 + sub $acc00,$acc00,$acc04 # r1-(r1>>7) + sub $acc02,$acc02,$acc06 + add $acc08,$acc08,$acc08 # (r0&0x7f7f7f7f)<<1 + add $acc10,$acc10,$acc10 + and $acc00,$acc00,$mask1b # (r1-(r1>>7))&0x1b1b1b1b + and $acc02,$acc02,$mask1b + xor $acc00,$acc00,$acc08 # r2 + xor $acc02,$acc02,$acc10 + + and $acc04,$acc00,$mask80 # r1=r2&0x80808080 + and $acc06,$acc02,$mask80 + srdi $acc08,$acc04,7 # r1>>7 + srdi $acc10,$acc06,7 + andc $acc12,$acc00,$mask80 # r2&0x7f7f7f7f + andc $acc14,$acc02,$mask80 + sub $acc04,$acc04,$acc08 # r1-(r1>>7) + sub $acc06,$acc06,$acc10 + add $acc12,$acc12,$acc12 # (r2&0x7f7f7f7f)<<1 + add $acc14,$acc14,$acc14 + and $acc04,$acc04,$mask1b # (r1-(r1>>7))&0x1b1b1b1b + and $acc06,$acc06,$mask1b + xor $acc04,$acc04,$acc12 # r4 + xor $acc06,$acc06,$acc14 + + and $acc08,$acc04,$mask80 # r1=r4&0x80808080 + and $acc10,$acc06,$mask80 + srdi $acc12,$acc08,7 # r1>>7 + srdi $acc14,$acc10,7 + sub $acc08,$acc08,$acc12 # r1-(r1>>7) + sub $acc10,$acc10,$acc14 + andc $acc12,$acc04,$mask80 # r4&0x7f7f7f7f + andc $acc14,$acc06,$mask80 + add $acc12,$acc12,$acc12 # (r4&0x7f7f7f7f)<<1 + add $acc14,$acc14,$acc14 + and $acc08,$acc08,$mask1b # (r1-(r1>>7))&0x1b1b1b1b + and $acc10,$acc10,$mask1b + xor $acc08,$acc08,$acc12 # r8 + xor $acc10,$acc10,$acc14 + + xor $acc00,$acc00,$s0 # r2^r0 + xor $acc02,$acc02,$s2 + xor $acc04,$acc04,$s0 # r4^r0 + xor $acc06,$acc06,$s2 + + extrdi $acc01,$acc00,32,0 + extrdi $acc03,$acc02,32,0 + extrdi $acc05,$acc04,32,0 + extrdi $acc07,$acc06,32,0 + extrdi $acc09,$acc08,32,0 + extrdi $acc11,$acc10,32,0 +___ +$code.=<<___ if ($SIZE_T==4); + and $acc00,$s0,$mask80 # r1=r0&0x80808080 + and $acc01,$s1,$mask80 + and $acc02,$s2,$mask80 + and $acc03,$s3,$mask80 + srwi $acc04,$acc00,7 # r1>>7 + andc $acc08,$s0,$mask80 # r0&0x7f7f7f7f + srwi $acc05,$acc01,7 + andc $acc09,$s1,$mask80 + srwi $acc06,$acc02,7 + andc $acc10,$s2,$mask80 + srwi $acc07,$acc03,7 + andc $acc11,$s3,$mask80 + sub $acc00,$acc00,$acc04 # r1-(r1>>7) + sub $acc01,$acc01,$acc05 + sub $acc02,$acc02,$acc06 + sub $acc03,$acc03,$acc07 + add $acc08,$acc08,$acc08 # (r0&0x7f7f7f7f)<<1 + add $acc09,$acc09,$acc09 + add $acc10,$acc10,$acc10 + add $acc11,$acc11,$acc11 + and $acc00,$acc00,$mask1b # (r1-(r1>>7))&0x1b1b1b1b + and $acc01,$acc01,$mask1b + and $acc02,$acc02,$mask1b + and $acc03,$acc03,$mask1b + xor $acc00,$acc00,$acc08 # r2 + xor $acc01,$acc01,$acc09 + xor $acc02,$acc02,$acc10 + xor $acc03,$acc03,$acc11 + + and $acc04,$acc00,$mask80 # r1=r2&0x80808080 + and $acc05,$acc01,$mask80 + and $acc06,$acc02,$mask80 + and $acc07,$acc03,$mask80 + srwi $acc08,$acc04,7 # r1>>7 + andc $acc12,$acc00,$mask80 # r2&0x7f7f7f7f + srwi $acc09,$acc05,7 + andc $acc13,$acc01,$mask80 + srwi $acc10,$acc06,7 + andc $acc14,$acc02,$mask80 + srwi $acc11,$acc07,7 + andc $acc15,$acc03,$mask80 + sub $acc04,$acc04,$acc08 # r1-(r1>>7) + sub $acc05,$acc05,$acc09 + sub $acc06,$acc06,$acc10 + sub $acc07,$acc07,$acc11 + add $acc12,$acc12,$acc12 # (r2&0x7f7f7f7f)<<1 + add $acc13,$acc13,$acc13 + add $acc14,$acc14,$acc14 + add $acc15,$acc15,$acc15 + and $acc04,$acc04,$mask1b # (r1-(r1>>7))&0x1b1b1b1b + and $acc05,$acc05,$mask1b + and $acc06,$acc06,$mask1b + and $acc07,$acc07,$mask1b + xor $acc04,$acc04,$acc12 # r4 + xor $acc05,$acc05,$acc13 + xor $acc06,$acc06,$acc14 + xor $acc07,$acc07,$acc15 + + and $acc08,$acc04,$mask80 # r1=r4&0x80808080 + and $acc09,$acc05,$mask80 + srwi $acc12,$acc08,7 # r1>>7 + and $acc10,$acc06,$mask80 + srwi $acc13,$acc09,7 + and $acc11,$acc07,$mask80 + srwi $acc14,$acc10,7 + sub $acc08,$acc08,$acc12 # r1-(r1>>7) + srwi $acc15,$acc11,7 + sub $acc09,$acc09,$acc13 + sub $acc10,$acc10,$acc14 + sub $acc11,$acc11,$acc15 + andc $acc12,$acc04,$mask80 # r4&0x7f7f7f7f + andc $acc13,$acc05,$mask80 + andc $acc14,$acc06,$mask80 + andc $acc15,$acc07,$mask80 + add $acc12,$acc12,$acc12 # (r4&0x7f7f7f7f)<<1 + add $acc13,$acc13,$acc13 + add $acc14,$acc14,$acc14 + add $acc15,$acc15,$acc15 + and $acc08,$acc08,$mask1b # (r1-(r1>>7))&0x1b1b1b1b + and $acc09,$acc09,$mask1b + and $acc10,$acc10,$mask1b + and $acc11,$acc11,$mask1b + xor $acc08,$acc08,$acc12 # r8 + xor $acc09,$acc09,$acc13 + xor $acc10,$acc10,$acc14 + xor $acc11,$acc11,$acc15 + + xor $acc00,$acc00,$s0 # r2^r0 + xor $acc01,$acc01,$s1 + xor $acc02,$acc02,$s2 + xor $acc03,$acc03,$s3 + xor $acc04,$acc04,$s0 # r4^r0 + xor $acc05,$acc05,$s1 + xor $acc06,$acc06,$s2 + xor $acc07,$acc07,$s3 +___ +$code.=<<___; + rotrwi $s0,$s0,8 # = ROTATE(r0,8) + rotrwi $s1,$s1,8 + xor $s0,$s0,$acc00 # ^= r2^r0 + rotrwi $s2,$s2,8 + xor $s1,$s1,$acc01 + rotrwi $s3,$s3,8 + xor $s2,$s2,$acc02 + xor $s3,$s3,$acc03 + xor $acc00,$acc00,$acc08 + xor $acc01,$acc01,$acc09 + xor $acc02,$acc02,$acc10 + xor $acc03,$acc03,$acc11 + xor $s0,$s0,$acc04 # ^= r4^r0 + rotrwi $acc00,$acc00,24 + xor $s1,$s1,$acc05 + rotrwi $acc01,$acc01,24 + xor $s2,$s2,$acc06 + rotrwi $acc02,$acc02,24 + xor $s3,$s3,$acc07 + rotrwi $acc03,$acc03,24 + xor $acc04,$acc04,$acc08 + xor $acc05,$acc05,$acc09 + xor $acc06,$acc06,$acc10 + xor $acc07,$acc07,$acc11 + xor $s0,$s0,$acc08 # ^= r8 [^((r4^r0)^(r2^r0)=r4^r2)] + rotrwi $acc04,$acc04,16 + xor $s1,$s1,$acc09 + rotrwi $acc05,$acc05,16 + xor $s2,$s2,$acc10 + rotrwi $acc06,$acc06,16 + xor $s3,$s3,$acc11 + rotrwi $acc07,$acc07,16 + xor $s0,$s0,$acc00 # ^= ROTATE(r8^r2^r0,24) + rotrwi $acc08,$acc08,8 + xor $s1,$s1,$acc01 + rotrwi $acc09,$acc09,8 + xor $s2,$s2,$acc02 + rotrwi $acc10,$acc10,8 + xor $s3,$s3,$acc03 + rotrwi $acc11,$acc11,8 + xor $s0,$s0,$acc04 # ^= ROTATE(r8^r4^r0,16) + xor $s1,$s1,$acc05 + xor $s2,$s2,$acc06 + xor $s3,$s3,$acc07 + xor $s0,$s0,$acc08 # ^= ROTATE(r8,8) + xor $s1,$s1,$acc09 + xor $s2,$s2,$acc10 + xor $s3,$s3,$acc11 + + b Ldec_compact_loop +.align 4 +Ldec_compact_done: + xor $s0,$s0,$t0 + xor $s1,$s1,$t1 + xor $s2,$s2,$t2 + xor $s3,$s3,$t3 + blr + .long 0 + .byte 0,12,0x14,0,0,0,0,0 + +.asciz "AES for PPC, CRYPTOGAMS by " +.align 7 +___ + +$code =~ s/\`([^\`]*)\`/eval $1/gem; +print $code; +close STDOUT; diff --git a/src/lib/libcrypto/aes/asm/aes-sparcv9.pl b/src/lib/libcrypto/aes/asm/aes-sparcv9.pl new file mode 100755 index 00000000000..403c4d12904 --- /dev/null +++ b/src/lib/libcrypto/aes/asm/aes-sparcv9.pl @@ -0,0 +1,1182 @@ +#!/usr/bin/env perl +# +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. Rights for redistribution and usage in source and binary +# forms are granted according to the OpenSSL license. +# ==================================================================== +# +# Version 1.1 +# +# The major reason for undertaken effort was to mitigate the hazard of +# cache-timing attack. This is [currently and initially!] addressed in +# two ways. 1. S-boxes are compressed from 5KB to 2KB+256B size each. +# 2. References to them are scheduled for L2 cache latency, meaning +# that the tables don't have to reside in L1 cache. Once again, this +# is an initial draft and one should expect more countermeasures to +# be implemented... +# +# Version 1.1 prefetches T[ed]4 in order to mitigate attack on last +# round. +# +# Even though performance was not the primary goal [on the contrary, +# extra shifts "induced" by compressed S-box and longer loop epilogue +# "induced" by scheduling for L2 have negative effect on performance], +# the code turned out to run in ~23 cycles per processed byte en-/ +# decrypted with 128-bit key. This is pretty good result for code +# with mentioned qualities and UltraSPARC core. Compared to Sun C +# generated code my encrypt procedure runs just few percents faster, +# while decrypt one - whole 50% faster [yes, Sun C failed to generate +# optimal decrypt procedure]. Compared to GNU C generated code both +# procedures are more than 60% faster:-) + +$bits=32; +for (@ARGV) { $bits=64 if (/\-m64/ || /\-xarch\=v9/); } +if ($bits==64) { $bias=2047; $frame=192; } +else { $bias=0; $frame=112; } +$locals=16; + +$acc0="%l0"; +$acc1="%o0"; +$acc2="%o1"; +$acc3="%o2"; + +$acc4="%l1"; +$acc5="%o3"; +$acc6="%o4"; +$acc7="%o5"; + +$acc8="%l2"; +$acc9="%o7"; +$acc10="%g1"; +$acc11="%g2"; + +$acc12="%l3"; +$acc13="%g3"; +$acc14="%g4"; +$acc15="%g5"; + +$t0="%l4"; +$t1="%l5"; +$t2="%l6"; +$t3="%l7"; + +$s0="%i0"; +$s1="%i1"; +$s2="%i2"; +$s3="%i3"; +$tbl="%i4"; +$key="%i5"; +$rounds="%i7"; # aliases with return address, which is off-loaded to stack + +sub _data_word() +{ my $i; + while(defined($i=shift)) { $code.=sprintf"\t.long\t0x%08x,0x%08x\n",$i,$i; } +} + +$code.=<<___ if ($bits==64); +.register %g2,#scratch +.register %g3,#scratch +___ +$code.=<<___; +.section ".text",#alloc,#execinstr + +.align 256 +AES_Te: +___ +&_data_word( + 0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d, + 0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554, + 0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d, + 0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a, + 0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87, + 0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b, + 0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea, + 0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b, + 0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a, + 0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f, + 0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108, + 0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f, + 0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e, + 0x30181828, 0x379696a1, 0x0a05050f, 0x2f9a9ab5, + 0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d, + 0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f, + 0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e, + 0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb, + 0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce, + 0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497, + 0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c, + 0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed, + 0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b, + 0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a, + 0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16, + 0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594, + 0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81, + 0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3, + 0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x058f8f8a, + 0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504, + 0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163, + 0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d, + 0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f, + 0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739, + 0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47, + 0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395, + 0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f, + 0x44222266, 0x542a2a7e, 0x3b9090ab, 0x0b888883, + 0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c, + 0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76, + 0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e, + 0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4, + 0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6, + 0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b, + 0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7, + 0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0, + 0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25, + 0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818, + 0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72, + 0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651, + 0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21, + 0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85, + 0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa, + 0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12, + 0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0, + 0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9, + 0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133, + 0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7, + 0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920, + 0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a, + 0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17, + 0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8, + 0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11, + 0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a); +$code.=<<___; + .byte 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5 + .byte 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76 + .byte 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0 + .byte 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0 + .byte 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc + .byte 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15 + .byte 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a + .byte 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75 + .byte 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0 + .byte 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84 + .byte 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b + .byte 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf + .byte 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85 + .byte 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8 + .byte 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5 + .byte 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2 + .byte 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17 + .byte 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73 + .byte 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88 + .byte 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb + .byte 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c + .byte 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79 + .byte 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9 + .byte 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08 + .byte 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6 + .byte 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a + .byte 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e + .byte 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e + .byte 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94 + .byte 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf + .byte 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68 + .byte 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 +.type AES_Te,#object +.size AES_Te,(.-AES_Te) + +.align 64 +.skip 16 +_sparcv9_AES_encrypt: + save %sp,-$frame-$locals,%sp + stx %i7,[%sp+$bias+$frame+0] ! off-load return address + ld [$key+240],$rounds + ld [$key+0],$t0 + ld [$key+4],$t1 ! + ld [$key+8],$t2 + srl $rounds,1,$rounds + xor $t0,$s0,$s0 + ld [$key+12],$t3 + srl $s0,21,$acc0 + xor $t1,$s1,$s1 + ld [$key+16],$t0 + srl $s1,13,$acc1 ! + xor $t2,$s2,$s2 + ld [$key+20],$t1 + xor $t3,$s3,$s3 + ld [$key+24],$t2 + and $acc0,2040,$acc0 + ld [$key+28],$t3 + nop +.Lenc_loop: + srl $s2,5,$acc2 ! + and $acc1,2040,$acc1 + ldx [$tbl+$acc0],$acc0 + sll $s3,3,$acc3 + and $acc2,2040,$acc2 + ldx [$tbl+$acc1],$acc1 + srl $s1,21,$acc4 + and $acc3,2040,$acc3 + ldx [$tbl+$acc2],$acc2 ! + srl $s2,13,$acc5 + and $acc4,2040,$acc4 + ldx [$tbl+$acc3],$acc3 + srl $s3,5,$acc6 + and $acc5,2040,$acc5 + ldx [$tbl+$acc4],$acc4 + fmovs %f0,%f0 + sll $s0,3,$acc7 ! + and $acc6,2040,$acc6 + ldx [$tbl+$acc5],$acc5 + srl $s2,21,$acc8 + and $acc7,2040,$acc7 + ldx [$tbl+$acc6],$acc6 + srl $s3,13,$acc9 + and $acc8,2040,$acc8 + ldx [$tbl+$acc7],$acc7 ! + srl $s0,5,$acc10 + and $acc9,2040,$acc9 + ldx [$tbl+$acc8],$acc8 + sll $s1,3,$acc11 + and $acc10,2040,$acc10 + ldx [$tbl+$acc9],$acc9 + fmovs %f0,%f0 + srl $s3,21,$acc12 ! + and $acc11,2040,$acc11 + ldx [$tbl+$acc10],$acc10 + srl $s0,13,$acc13 + and $acc12,2040,$acc12 + ldx [$tbl+$acc11],$acc11 + srl $s1,5,$acc14 + and $acc13,2040,$acc13 + ldx [$tbl+$acc12],$acc12 ! + sll $s2,3,$acc15 + and $acc14,2040,$acc14 + ldx [$tbl+$acc13],$acc13 + and $acc15,2040,$acc15 + add $key,32,$key + ldx [$tbl+$acc14],$acc14 + fmovs %f0,%f0 + subcc $rounds,1,$rounds ! + ldx [$tbl+$acc15],$acc15 + bz,a,pn %icc,.Lenc_last + add $tbl,2048,$rounds + + srlx $acc1,8,$acc1 + xor $acc0,$t0,$t0 + ld [$key+0],$s0 + fmovs %f0,%f0 + srlx $acc2,16,$acc2 ! + xor $acc1,$t0,$t0 + ld [$key+4],$s1 + srlx $acc3,24,$acc3 + xor $acc2,$t0,$t0 + ld [$key+8],$s2 + srlx $acc5,8,$acc5 + xor $acc3,$t0,$t0 + ld [$key+12],$s3 ! + srlx $acc6,16,$acc6 + xor $acc4,$t1,$t1 + fmovs %f0,%f0 + srlx $acc7,24,$acc7 + xor $acc5,$t1,$t1 + srlx $acc9,8,$acc9 + xor $acc6,$t1,$t1 + srlx $acc10,16,$acc10 ! + xor $acc7,$t1,$t1 + srlx $acc11,24,$acc11 + xor $acc8,$t2,$t2 + srlx $acc13,8,$acc13 + xor $acc9,$t2,$t2 + srlx $acc14,16,$acc14 + xor $acc10,$t2,$t2 + srlx $acc15,24,$acc15 ! + xor $acc11,$t2,$t2 + xor $acc12,$acc14,$acc14 + xor $acc13,$t3,$t3 + srl $t0,21,$acc0 + xor $acc14,$t3,$t3 + srl $t1,13,$acc1 + xor $acc15,$t3,$t3 + + and $acc0,2040,$acc0 ! + srl $t2,5,$acc2 + and $acc1,2040,$acc1 + ldx [$tbl+$acc0],$acc0 + sll $t3,3,$acc3 + and $acc2,2040,$acc2 + ldx [$tbl+$acc1],$acc1 + fmovs %f0,%f0 + srl $t1,21,$acc4 ! + and $acc3,2040,$acc3 + ldx [$tbl+$acc2],$acc2 + srl $t2,13,$acc5 + and $acc4,2040,$acc4 + ldx [$tbl+$acc3],$acc3 + srl $t3,5,$acc6 + and $acc5,2040,$acc5 + ldx [$tbl+$acc4],$acc4 ! + sll $t0,3,$acc7 + and $acc6,2040,$acc6 + ldx [$tbl+$acc5],$acc5 + srl $t2,21,$acc8 + and $acc7,2040,$acc7 + ldx [$tbl+$acc6],$acc6 + fmovs %f0,%f0 + srl $t3,13,$acc9 ! + and $acc8,2040,$acc8 + ldx [$tbl+$acc7],$acc7 + srl $t0,5,$acc10 + and $acc9,2040,$acc9 + ldx [$tbl+$acc8],$acc8 + sll $t1,3,$acc11 + and $acc10,2040,$acc10 + ldx [$tbl+$acc9],$acc9 ! + srl $t3,21,$acc12 + and $acc11,2040,$acc11 + ldx [$tbl+$acc10],$acc10 + srl $t0,13,$acc13 + and $acc12,2040,$acc12 + ldx [$tbl+$acc11],$acc11 + fmovs %f0,%f0 + srl $t1,5,$acc14 ! + and $acc13,2040,$acc13 + ldx [$tbl+$acc12],$acc12 + sll $t2,3,$acc15 + and $acc14,2040,$acc14 + ldx [$tbl+$acc13],$acc13 + srlx $acc1,8,$acc1 + and $acc15,2040,$acc15 + ldx [$tbl+$acc14],$acc14 ! + + srlx $acc2,16,$acc2 + xor $acc0,$s0,$s0 + ldx [$tbl+$acc15],$acc15 + srlx $acc3,24,$acc3 + xor $acc1,$s0,$s0 + ld [$key+16],$t0 + fmovs %f0,%f0 + srlx $acc5,8,$acc5 ! + xor $acc2,$s0,$s0 + ld [$key+20],$t1 + srlx $acc6,16,$acc6 + xor $acc3,$s0,$s0 + ld [$key+24],$t2 + srlx $acc7,24,$acc7 + xor $acc4,$s1,$s1 + ld [$key+28],$t3 ! + srlx $acc9,8,$acc9 + xor $acc5,$s1,$s1 + ldx [$tbl+2048+0],%g0 ! prefetch te4 + srlx $acc10,16,$acc10 + xor $acc6,$s1,$s1 + ldx [$tbl+2048+32],%g0 ! prefetch te4 + srlx $acc11,24,$acc11 + xor $acc7,$s1,$s1 + ldx [$tbl+2048+64],%g0 ! prefetch te4 + srlx $acc13,8,$acc13 + xor $acc8,$s2,$s2 + ldx [$tbl+2048+96],%g0 ! prefetch te4 + srlx $acc14,16,$acc14 ! + xor $acc9,$s2,$s2 + ldx [$tbl+2048+128],%g0 ! prefetch te4 + srlx $acc15,24,$acc15 + xor $acc10,$s2,$s2 + ldx [$tbl+2048+160],%g0 ! prefetch te4 + srl $s0,21,$acc0 + xor $acc11,$s2,$s2 + ldx [$tbl+2048+192],%g0 ! prefetch te4 + xor $acc12,$acc14,$acc14 + xor $acc13,$s3,$s3 + ldx [$tbl+2048+224],%g0 ! prefetch te4 + srl $s1,13,$acc1 ! + xor $acc14,$s3,$s3 + xor $acc15,$s3,$s3 + ba .Lenc_loop + and $acc0,2040,$acc0 + +.align 32 +.Lenc_last: + srlx $acc1,8,$acc1 ! + xor $acc0,$t0,$t0 + ld [$key+0],$s0 + srlx $acc2,16,$acc2 + xor $acc1,$t0,$t0 + ld [$key+4],$s1 + srlx $acc3,24,$acc3 + xor $acc2,$t0,$t0 + ld [$key+8],$s2 ! + srlx $acc5,8,$acc5 + xor $acc3,$t0,$t0 + ld [$key+12],$s3 + srlx $acc6,16,$acc6 + xor $acc4,$t1,$t1 + srlx $acc7,24,$acc7 + xor $acc5,$t1,$t1 + srlx $acc9,8,$acc9 ! + xor $acc6,$t1,$t1 + srlx $acc10,16,$acc10 + xor $acc7,$t1,$t1 + srlx $acc11,24,$acc11 + xor $acc8,$t2,$t2 + srlx $acc13,8,$acc13 + xor $acc9,$t2,$t2 + srlx $acc14,16,$acc14 ! + xor $acc10,$t2,$t2 + srlx $acc15,24,$acc15 + xor $acc11,$t2,$t2 + xor $acc12,$acc14,$acc14 + xor $acc13,$t3,$t3 + srl $t0,24,$acc0 + xor $acc14,$t3,$t3 + srl $t1,16,$acc1 ! + xor $acc15,$t3,$t3 + + srl $t2,8,$acc2 + and $acc1,255,$acc1 + ldub [$rounds+$acc0],$acc0 + srl $t1,24,$acc4 + and $acc2,255,$acc2 + ldub [$rounds+$acc1],$acc1 + srl $t2,16,$acc5 ! + and $t3,255,$acc3 + ldub [$rounds+$acc2],$acc2 + ldub [$rounds+$acc3],$acc3 + srl $t3,8,$acc6 + and $acc5,255,$acc5 + ldub [$rounds+$acc4],$acc4 + fmovs %f0,%f0 + srl $t2,24,$acc8 ! + and $acc6,255,$acc6 + ldub [$rounds+$acc5],$acc5 + srl $t3,16,$acc9 + and $t0,255,$acc7 + ldub [$rounds+$acc6],$acc6 + ldub [$rounds+$acc7],$acc7 + fmovs %f0,%f0 + srl $t0,8,$acc10 ! + and $acc9,255,$acc9 + ldub [$rounds+$acc8],$acc8 + srl $t3,24,$acc12 + and $acc10,255,$acc10 + ldub [$rounds+$acc9],$acc9 + srl $t0,16,$acc13 + and $t1,255,$acc11 + ldub [$rounds+$acc10],$acc10 ! + srl $t1,8,$acc14 + and $acc13,255,$acc13 + ldub [$rounds+$acc11],$acc11 + ldub [$rounds+$acc12],$acc12 + and $acc14,255,$acc14 + ldub [$rounds+$acc13],$acc13 + and $t2,255,$acc15 + ldub [$rounds+$acc14],$acc14 ! + + sll $acc0,24,$acc0 + xor $acc3,$s0,$s0 + ldub [$rounds+$acc15],$acc15 + sll $acc1,16,$acc1 + xor $acc0,$s0,$s0 + ldx [%sp+$bias+$frame+0],%i7 ! restore return address + fmovs %f0,%f0 + sll $acc2,8,$acc2 ! + xor $acc1,$s0,$s0 + sll $acc4,24,$acc4 + xor $acc2,$s0,$s0 + sll $acc5,16,$acc5 + xor $acc7,$s1,$s1 + sll $acc6,8,$acc6 + xor $acc4,$s1,$s1 + sll $acc8,24,$acc8 ! + xor $acc5,$s1,$s1 + sll $acc9,16,$acc9 + xor $acc11,$s2,$s2 + sll $acc10,8,$acc10 + xor $acc6,$s1,$s1 + sll $acc12,24,$acc12 + xor $acc8,$s2,$s2 + sll $acc13,16,$acc13 ! + xor $acc9,$s2,$s2 + sll $acc14,8,$acc14 + xor $acc10,$s2,$s2 + xor $acc12,$acc14,$acc14 + xor $acc13,$s3,$s3 + xor $acc14,$s3,$s3 + xor $acc15,$s3,$s3 + + ret + restore +.type _sparcv9_AES_encrypt,#function +.size _sparcv9_AES_encrypt,(.-_sparcv9_AES_encrypt) + +.align 32 +.globl AES_encrypt +AES_encrypt: + or %o0,%o1,%g1 + andcc %g1,3,%g0 + bnz,pn %xcc,.Lunaligned_enc + save %sp,-$frame,%sp + + ld [%i0+0],%o0 + ld [%i0+4],%o1 + ld [%i0+8],%o2 + ld [%i0+12],%o3 + +1: call .+8 + add %o7,AES_Te-1b,%o4 + call _sparcv9_AES_encrypt + mov %i2,%o5 + + st %o0,[%i1+0] + st %o1,[%i1+4] + st %o2,[%i1+8] + st %o3,[%i1+12] + + ret + restore + +.align 32 +.Lunaligned_enc: + ldub [%i0+0],%l0 + ldub [%i0+1],%l1 + ldub [%i0+2],%l2 + + sll %l0,24,%l0 + ldub [%i0+3],%l3 + sll %l1,16,%l1 + ldub [%i0+4],%l4 + sll %l2,8,%l2 + or %l1,%l0,%l0 + ldub [%i0+5],%l5 + sll %l4,24,%l4 + or %l3,%l2,%l2 + ldub [%i0+6],%l6 + sll %l5,16,%l5 + or %l0,%l2,%o0 + ldub [%i0+7],%l7 + + sll %l6,8,%l6 + or %l5,%l4,%l4 + ldub [%i0+8],%l0 + or %l7,%l6,%l6 + ldub [%i0+9],%l1 + or %l4,%l6,%o1 + ldub [%i0+10],%l2 + + sll %l0,24,%l0 + ldub [%i0+11],%l3 + sll %l1,16,%l1 + ldub [%i0+12],%l4 + sll %l2,8,%l2 + or %l1,%l0,%l0 + ldub [%i0+13],%l5 + sll %l4,24,%l4 + or %l3,%l2,%l2 + ldub [%i0+14],%l6 + sll %l5,16,%l5 + or %l0,%l2,%o2 + ldub [%i0+15],%l7 + + sll %l6,8,%l6 + or %l5,%l4,%l4 + or %l7,%l6,%l6 + or %l4,%l6,%o3 + +1: call .+8 + add %o7,AES_Te-1b,%o4 + call _sparcv9_AES_encrypt + mov %i2,%o5 + + srl %o0,24,%l0 + srl %o0,16,%l1 + stb %l0,[%i1+0] + srl %o0,8,%l2 + stb %l1,[%i1+1] + stb %l2,[%i1+2] + srl %o1,24,%l4 + stb %o0,[%i1+3] + + srl %o1,16,%l5 + stb %l4,[%i1+4] + srl %o1,8,%l6 + stb %l5,[%i1+5] + stb %l6,[%i1+6] + srl %o2,24,%l0 + stb %o1,[%i1+7] + + srl %o2,16,%l1 + stb %l0,[%i1+8] + srl %o2,8,%l2 + stb %l1,[%i1+9] + stb %l2,[%i1+10] + srl %o3,24,%l4 + stb %o2,[%i1+11] + + srl %o3,16,%l5 + stb %l4,[%i1+12] + srl %o3,8,%l6 + stb %l5,[%i1+13] + stb %l6,[%i1+14] + stb %o3,[%i1+15] + + ret + restore +.type AES_encrypt,#function +.size AES_encrypt,(.-AES_encrypt) + +___ + +$code.=<<___; +.align 256 +AES_Td: +___ +&_data_word( + 0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96, + 0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393, + 0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25, + 0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f, + 0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1, + 0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6, + 0x038f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da, + 0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844, + 0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd, + 0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4, + 0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45, + 0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94, + 0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7, + 0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a, + 0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5, + 0x302887f2, 0x23bfa5b2, 0x02036aba, 0xed16825c, + 0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1, + 0x65daf4cd, 0x0605bed5, 0xd134621f, 0xc4a6fe8a, + 0x342e539d, 0xa2f355a0, 0x058ae132, 0xa4f6eb75, + 0x0b83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051, + 0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46, + 0x91548db5, 0x71c45d05, 0x0406d46f, 0x605015ff, + 0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77, + 0xb0e842bd, 0x07898b88, 0xe7195b38, 0x79c8eedb, + 0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x00000000, + 0x09808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e, + 0xfd0efffb, 0x0f853856, 0x3daed51e, 0x362d3927, + 0x0a0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a, + 0x0c0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e, + 0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16, + 0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d, + 0x0e090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8, + 0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd, + 0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34, + 0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163, + 0xd731dcca, 0x42638510, 0x13972240, 0x84c61120, + 0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d, + 0x1d9e2f4b, 0xdcb230f3, 0x0d8652ec, 0x77c1e3d0, + 0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422, + 0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef, + 0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36, + 0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4, + 0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662, + 0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5, + 0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3, + 0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b, + 0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8, + 0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6, + 0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6, + 0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0, + 0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815, + 0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f, + 0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df, + 0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f, + 0x9d5eea04, 0x018c355d, 0xfa877473, 0xfb0b412e, + 0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713, + 0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89, + 0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c, + 0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf, + 0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86, + 0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f, + 0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541, + 0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190, + 0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742); +$code.=<<___; + .byte 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38 + .byte 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb + .byte 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87 + .byte 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb + .byte 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d + .byte 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e + .byte 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2 + .byte 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25 + .byte 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16 + .byte 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92 + .byte 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda + .byte 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84 + .byte 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a + .byte 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06 + .byte 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02 + .byte 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b + .byte 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea + .byte 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73 + .byte 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85 + .byte 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e + .byte 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89 + .byte 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b + .byte 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20 + .byte 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4 + .byte 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31 + .byte 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f + .byte 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d + .byte 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef + .byte 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0 + .byte 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61 + .byte 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26 + .byte 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d +.type AES_Td,#object +.size AES_Td,(.-AES_Td) + +.align 64 +.skip 16 +_sparcv9_AES_decrypt: + save %sp,-$frame-$locals,%sp + stx %i7,[%sp+$bias+$frame+0] ! off-load return address + ld [$key+240],$rounds + ld [$key+0],$t0 + ld [$key+4],$t1 ! + ld [$key+8],$t2 + ld [$key+12],$t3 + srl $rounds,1,$rounds + xor $t0,$s0,$s0 + ld [$key+16],$t0 + xor $t1,$s1,$s1 + ld [$key+20],$t1 + srl $s0,21,$acc0 ! + xor $t2,$s2,$s2 + ld [$key+24],$t2 + xor $t3,$s3,$s3 + and $acc0,2040,$acc0 + ld [$key+28],$t3 + srl $s3,13,$acc1 + nop +.Ldec_loop: + srl $s2,5,$acc2 ! + and $acc1,2040,$acc1 + ldx [$tbl+$acc0],$acc0 + sll $s1,3,$acc3 + and $acc2,2040,$acc2 + ldx [$tbl+$acc1],$acc1 + srl $s1,21,$acc4 + and $acc3,2040,$acc3 + ldx [$tbl+$acc2],$acc2 ! + srl $s0,13,$acc5 + and $acc4,2040,$acc4 + ldx [$tbl+$acc3],$acc3 + srl $s3,5,$acc6 + and $acc5,2040,$acc5 + ldx [$tbl+$acc4],$acc4 + fmovs %f0,%f0 + sll $s2,3,$acc7 ! + and $acc6,2040,$acc6 + ldx [$tbl+$acc5],$acc5 + srl $s2,21,$acc8 + and $acc7,2040,$acc7 + ldx [$tbl+$acc6],$acc6 + srl $s1,13,$acc9 + and $acc8,2040,$acc8 + ldx [$tbl+$acc7],$acc7 ! + srl $s0,5,$acc10 + and $acc9,2040,$acc9 + ldx [$tbl+$acc8],$acc8 + sll $s3,3,$acc11 + and $acc10,2040,$acc10 + ldx [$tbl+$acc9],$acc9 + fmovs %f0,%f0 + srl $s3,21,$acc12 ! + and $acc11,2040,$acc11 + ldx [$tbl+$acc10],$acc10 + srl $s2,13,$acc13 + and $acc12,2040,$acc12 + ldx [$tbl+$acc11],$acc11 + srl $s1,5,$acc14 + and $acc13,2040,$acc13 + ldx [$tbl+$acc12],$acc12 ! + sll $s0,3,$acc15 + and $acc14,2040,$acc14 + ldx [$tbl+$acc13],$acc13 + and $acc15,2040,$acc15 + add $key,32,$key + ldx [$tbl+$acc14],$acc14 + fmovs %f0,%f0 + subcc $rounds,1,$rounds ! + ldx [$tbl+$acc15],$acc15 + bz,a,pn %icc,.Ldec_last + add $tbl,2048,$rounds + + srlx $acc1,8,$acc1 + xor $acc0,$t0,$t0 + ld [$key+0],$s0 + fmovs %f0,%f0 + srlx $acc2,16,$acc2 ! + xor $acc1,$t0,$t0 + ld [$key+4],$s1 + srlx $acc3,24,$acc3 + xor $acc2,$t0,$t0 + ld [$key+8],$s2 + srlx $acc5,8,$acc5 + xor $acc3,$t0,$t0 + ld [$key+12],$s3 ! + srlx $acc6,16,$acc6 + xor $acc4,$t1,$t1 + fmovs %f0,%f0 + srlx $acc7,24,$acc7 + xor $acc5,$t1,$t1 + srlx $acc9,8,$acc9 + xor $acc6,$t1,$t1 + srlx $acc10,16,$acc10 ! + xor $acc7,$t1,$t1 + srlx $acc11,24,$acc11 + xor $acc8,$t2,$t2 + srlx $acc13,8,$acc13 + xor $acc9,$t2,$t2 + srlx $acc14,16,$acc14 + xor $acc10,$t2,$t2 + srlx $acc15,24,$acc15 ! + xor $acc11,$t2,$t2 + xor $acc12,$acc14,$acc14 + xor $acc13,$t3,$t3 + srl $t0,21,$acc0 + xor $acc14,$t3,$t3 + xor $acc15,$t3,$t3 + srl $t3,13,$acc1 + + and $acc0,2040,$acc0 ! + srl $t2,5,$acc2 + and $acc1,2040,$acc1 + ldx [$tbl+$acc0],$acc0 + sll $t1,3,$acc3 + and $acc2,2040,$acc2 + ldx [$tbl+$acc1],$acc1 + fmovs %f0,%f0 + srl $t1,21,$acc4 ! + and $acc3,2040,$acc3 + ldx [$tbl+$acc2],$acc2 + srl $t0,13,$acc5 + and $acc4,2040,$acc4 + ldx [$tbl+$acc3],$acc3 + srl $t3,5,$acc6 + and $acc5,2040,$acc5 + ldx [$tbl+$acc4],$acc4 ! + sll $t2,3,$acc7 + and $acc6,2040,$acc6 + ldx [$tbl+$acc5],$acc5 + srl $t2,21,$acc8 + and $acc7,2040,$acc7 + ldx [$tbl+$acc6],$acc6 + fmovs %f0,%f0 + srl $t1,13,$acc9 ! + and $acc8,2040,$acc8 + ldx [$tbl+$acc7],$acc7 + srl $t0,5,$acc10 + and $acc9,2040,$acc9 + ldx [$tbl+$acc8],$acc8 + sll $t3,3,$acc11 + and $acc10,2040,$acc10 + ldx [$tbl+$acc9],$acc9 ! + srl $t3,21,$acc12 + and $acc11,2040,$acc11 + ldx [$tbl+$acc10],$acc10 + srl $t2,13,$acc13 + and $acc12,2040,$acc12 + ldx [$tbl+$acc11],$acc11 + fmovs %f0,%f0 + srl $t1,5,$acc14 ! + and $acc13,2040,$acc13 + ldx [$tbl+$acc12],$acc12 + sll $t0,3,$acc15 + and $acc14,2040,$acc14 + ldx [$tbl+$acc13],$acc13 + srlx $acc1,8,$acc1 + and $acc15,2040,$acc15 + ldx [$tbl+$acc14],$acc14 ! + + srlx $acc2,16,$acc2 + xor $acc0,$s0,$s0 + ldx [$tbl+$acc15],$acc15 + srlx $acc3,24,$acc3 + xor $acc1,$s0,$s0 + ld [$key+16],$t0 + fmovs %f0,%f0 + srlx $acc5,8,$acc5 ! + xor $acc2,$s0,$s0 + ld [$key+20],$t1 + srlx $acc6,16,$acc6 + xor $acc3,$s0,$s0 + ld [$key+24],$t2 + srlx $acc7,24,$acc7 + xor $acc4,$s1,$s1 + ld [$key+28],$t3 ! + srlx $acc9,8,$acc9 + xor $acc5,$s1,$s1 + ldx [$tbl+2048+0],%g0 ! prefetch td4 + srlx $acc10,16,$acc10 + xor $acc6,$s1,$s1 + ldx [$tbl+2048+32],%g0 ! prefetch td4 + srlx $acc11,24,$acc11 + xor $acc7,$s1,$s1 + ldx [$tbl+2048+64],%g0 ! prefetch td4 + srlx $acc13,8,$acc13 + xor $acc8,$s2,$s2 + ldx [$tbl+2048+96],%g0 ! prefetch td4 + srlx $acc14,16,$acc14 ! + xor $acc9,$s2,$s2 + ldx [$tbl+2048+128],%g0 ! prefetch td4 + srlx $acc15,24,$acc15 + xor $acc10,$s2,$s2 + ldx [$tbl+2048+160],%g0 ! prefetch td4 + srl $s0,21,$acc0 + xor $acc11,$s2,$s2 + ldx [$tbl+2048+192],%g0 ! prefetch td4 + xor $acc12,$acc14,$acc14 + xor $acc13,$s3,$s3 + ldx [$tbl+2048+224],%g0 ! prefetch td4 + and $acc0,2040,$acc0 ! + xor $acc14,$s3,$s3 + xor $acc15,$s3,$s3 + ba .Ldec_loop + srl $s3,13,$acc1 + +.align 32 +.Ldec_last: + srlx $acc1,8,$acc1 ! + xor $acc0,$t0,$t0 + ld [$key+0],$s0 + srlx $acc2,16,$acc2 + xor $acc1,$t0,$t0 + ld [$key+4],$s1 + srlx $acc3,24,$acc3 + xor $acc2,$t0,$t0 + ld [$key+8],$s2 ! + srlx $acc5,8,$acc5 + xor $acc3,$t0,$t0 + ld [$key+12],$s3 + srlx $acc6,16,$acc6 + xor $acc4,$t1,$t1 + srlx $acc7,24,$acc7 + xor $acc5,$t1,$t1 + srlx $acc9,8,$acc9 ! + xor $acc6,$t1,$t1 + srlx $acc10,16,$acc10 + xor $acc7,$t1,$t1 + srlx $acc11,24,$acc11 + xor $acc8,$t2,$t2 + srlx $acc13,8,$acc13 + xor $acc9,$t2,$t2 + srlx $acc14,16,$acc14 ! + xor $acc10,$t2,$t2 + srlx $acc15,24,$acc15 + xor $acc11,$t2,$t2 + xor $acc12,$acc14,$acc14 + xor $acc13,$t3,$t3 + srl $t0,24,$acc0 + xor $acc14,$t3,$t3 + xor $acc15,$t3,$t3 ! + srl $t3,16,$acc1 + + srl $t2,8,$acc2 + and $acc1,255,$acc1 + ldub [$rounds+$acc0],$acc0 + srl $t1,24,$acc4 + and $acc2,255,$acc2 + ldub [$rounds+$acc1],$acc1 + srl $t0,16,$acc5 ! + and $t1,255,$acc3 + ldub [$rounds+$acc2],$acc2 + ldub [$rounds+$acc3],$acc3 + srl $t3,8,$acc6 + and $acc5,255,$acc5 + ldub [$rounds+$acc4],$acc4 + fmovs %f0,%f0 + srl $t2,24,$acc8 ! + and $acc6,255,$acc6 + ldub [$rounds+$acc5],$acc5 + srl $t1,16,$acc9 + and $t2,255,$acc7 + ldub [$rounds+$acc6],$acc6 + ldub [$rounds+$acc7],$acc7 + fmovs %f0,%f0 + srl $t0,8,$acc10 ! + and $acc9,255,$acc9 + ldub [$rounds+$acc8],$acc8 + srl $t3,24,$acc12 + and $acc10,255,$acc10 + ldub [$rounds+$acc9],$acc9 + srl $t2,16,$acc13 + and $t3,255,$acc11 + ldub [$rounds+$acc10],$acc10 ! + srl $t1,8,$acc14 + and $acc13,255,$acc13 + ldub [$rounds+$acc11],$acc11 + ldub [$rounds+$acc12],$acc12 + and $acc14,255,$acc14 + ldub [$rounds+$acc13],$acc13 + and $t0,255,$acc15 + ldub [$rounds+$acc14],$acc14 ! + + sll $acc0,24,$acc0 + xor $acc3,$s0,$s0 + ldub [$rounds+$acc15],$acc15 + sll $acc1,16,$acc1 + xor $acc0,$s0,$s0 + ldx [%sp+$bias+$frame+0],%i7 ! restore return address + fmovs %f0,%f0 + sll $acc2,8,$acc2 ! + xor $acc1,$s0,$s0 + sll $acc4,24,$acc4 + xor $acc2,$s0,$s0 + sll $acc5,16,$acc5 + xor $acc7,$s1,$s1 + sll $acc6,8,$acc6 + xor $acc4,$s1,$s1 + sll $acc8,24,$acc8 ! + xor $acc5,$s1,$s1 + sll $acc9,16,$acc9 + xor $acc11,$s2,$s2 + sll $acc10,8,$acc10 + xor $acc6,$s1,$s1 + sll $acc12,24,$acc12 + xor $acc8,$s2,$s2 + sll $acc13,16,$acc13 ! + xor $acc9,$s2,$s2 + sll $acc14,8,$acc14 + xor $acc10,$s2,$s2 + xor $acc12,$acc14,$acc14 + xor $acc13,$s3,$s3 + xor $acc14,$s3,$s3 + xor $acc15,$s3,$s3 + + ret + restore +.type _sparcv9_AES_decrypt,#function +.size _sparcv9_AES_decrypt,(.-_sparcv9_AES_decrypt) + +.align 32 +.globl AES_decrypt +AES_decrypt: + or %o0,%o1,%g1 + andcc %g1,3,%g0 + bnz,pn %xcc,.Lunaligned_dec + save %sp,-$frame,%sp + + ld [%i0+0],%o0 + ld [%i0+4],%o1 + ld [%i0+8],%o2 + ld [%i0+12],%o3 + +1: call .+8 + add %o7,AES_Td-1b,%o4 + call _sparcv9_AES_decrypt + mov %i2,%o5 + + st %o0,[%i1+0] + st %o1,[%i1+4] + st %o2,[%i1+8] + st %o3,[%i1+12] + + ret + restore + +.align 32 +.Lunaligned_dec: + ldub [%i0+0],%l0 + ldub [%i0+1],%l1 + ldub [%i0+2],%l2 + + sll %l0,24,%l0 + ldub [%i0+3],%l3 + sll %l1,16,%l1 + ldub [%i0+4],%l4 + sll %l2,8,%l2 + or %l1,%l0,%l0 + ldub [%i0+5],%l5 + sll %l4,24,%l4 + or %l3,%l2,%l2 + ldub [%i0+6],%l6 + sll %l5,16,%l5 + or %l0,%l2,%o0 + ldub [%i0+7],%l7 + + sll %l6,8,%l6 + or %l5,%l4,%l4 + ldub [%i0+8],%l0 + or %l7,%l6,%l6 + ldub [%i0+9],%l1 + or %l4,%l6,%o1 + ldub [%i0+10],%l2 + + sll %l0,24,%l0 + ldub [%i0+11],%l3 + sll %l1,16,%l1 + ldub [%i0+12],%l4 + sll %l2,8,%l2 + or %l1,%l0,%l0 + ldub [%i0+13],%l5 + sll %l4,24,%l4 + or %l3,%l2,%l2 + ldub [%i0+14],%l6 + sll %l5,16,%l5 + or %l0,%l2,%o2 + ldub [%i0+15],%l7 + + sll %l6,8,%l6 + or %l5,%l4,%l4 + or %l7,%l6,%l6 + or %l4,%l6,%o3 + +1: call .+8 + add %o7,AES_Td-1b,%o4 + call _sparcv9_AES_decrypt + mov %i2,%o5 + + srl %o0,24,%l0 + srl %o0,16,%l1 + stb %l0,[%i1+0] + srl %o0,8,%l2 + stb %l1,[%i1+1] + stb %l2,[%i1+2] + srl %o1,24,%l4 + stb %o0,[%i1+3] + + srl %o1,16,%l5 + stb %l4,[%i1+4] + srl %o1,8,%l6 + stb %l5,[%i1+5] + stb %l6,[%i1+6] + srl %o2,24,%l0 + stb %o1,[%i1+7] + + srl %o2,16,%l1 + stb %l0,[%i1+8] + srl %o2,8,%l2 + stb %l1,[%i1+9] + stb %l2,[%i1+10] + srl %o3,24,%l4 + stb %o2,[%i1+11] + + srl %o3,16,%l5 + stb %l4,[%i1+12] + srl %o3,8,%l6 + stb %l5,[%i1+13] + stb %l6,[%i1+14] + stb %o3,[%i1+15] + + ret + restore +.type AES_decrypt,#function +.size AES_decrypt,(.-AES_decrypt) +___ + +# fmovs instructions substituting for FP nops were originally added +# to meet specific instruction alignment requirements to maximize ILP. +# As UltraSPARC T1, a.k.a. Niagara, has shared FPU, FP nops can have +# undesired effect, so just omit them and sacrifice some portion of +# percent in performance... +$code =~ s/fmovs.*$//gm; + +print $code; +close STDOUT; # ensure flush diff --git a/src/lib/libcrypto/aes/asm/aes-x86_64.pl b/src/lib/libcrypto/aes/asm/aes-x86_64.pl new file mode 100755 index 00000000000..9072f603a94 --- /dev/null +++ b/src/lib/libcrypto/aes/asm/aes-x86_64.pl @@ -0,0 +1,2821 @@ +#!/usr/bin/env perl +# +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== +# +# Version 2.1. +# +# aes-*-cbc benchmarks are improved by >70% [compared to gcc 3.3.2 on +# Opteron 240 CPU] plus all the bells-n-whistles from 32-bit version +# [you'll notice a lot of resemblance], such as compressed S-boxes +# in little-endian byte order, prefetch of these tables in CBC mode, +# as well as avoiding L1 cache aliasing between stack frame and key +# schedule and already mentioned tables, compressed Td4... +# +# Performance in number of cycles per processed byte for 128-bit key: +# +# ECB encrypt ECB decrypt CBC large chunk +# AMD64 33 41 13.0 +# EM64T 38 59 18.6(*) +# Core 2 30 43 14.5(*) +# +# (*) with hyper-threading off + +$flavour = shift; +$output = shift; +if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } + +$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or +die "can't locate x86_64-xlate.pl"; + +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; + +$verticalspin=1; # unlike 32-bit version $verticalspin performs + # ~15% better on both AMD and Intel cores +$speed_limit=512; # see aes-586.pl for details + +$code=".text\n"; + +$s0="%eax"; +$s1="%ebx"; +$s2="%ecx"; +$s3="%edx"; +$acc0="%esi"; $mask80="%rsi"; +$acc1="%edi"; $maskfe="%rdi"; +$acc2="%ebp"; $mask1b="%rbp"; +$inp="%r8"; +$out="%r9"; +$t0="%r10d"; +$t1="%r11d"; +$t2="%r12d"; +$rnds="%r13d"; +$sbox="%r14"; +$key="%r15"; + +sub hi() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1h/; $r; } +sub lo() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1l/; + $r =~ s/%[er]([sd]i)/%\1l/; + $r =~ s/%(r[0-9]+)[d]?/%\1b/; $r; } +sub LO() { my $r=shift; $r =~ s/%r([a-z]+)/%e\1/; + $r =~ s/%r([0-9]+)/%r\1d/; $r; } +sub _data_word() +{ my $i; + while(defined($i=shift)) { $code.=sprintf".long\t0x%08x,0x%08x\n",$i,$i; } +} +sub data_word() +{ my $i; + my $last=pop(@_); + $code.=".long\t"; + while(defined($i=shift)) { $code.=sprintf"0x%08x,",$i; } + $code.=sprintf"0x%08x\n",$last; +} + +sub data_byte() +{ my $i; + my $last=pop(@_); + $code.=".byte\t"; + while(defined($i=shift)) { $code.=sprintf"0x%02x,",$i&0xff; } + $code.=sprintf"0x%02x\n",$last&0xff; +} + +sub encvert() +{ my $t3="%r8d"; # zaps $inp! + +$code.=<<___; + # favor 3-way issue Opteron pipeline... + movzb `&lo("$s0")`,$acc0 + movzb `&lo("$s1")`,$acc1 + movzb `&lo("$s2")`,$acc2 + mov 0($sbox,$acc0,8),$t0 + mov 0($sbox,$acc1,8),$t1 + mov 0($sbox,$acc2,8),$t2 + + movzb `&hi("$s1")`,$acc0 + movzb `&hi("$s2")`,$acc1 + movzb `&lo("$s3")`,$acc2 + xor 3($sbox,$acc0,8),$t0 + xor 3($sbox,$acc1,8),$t1 + mov 0($sbox,$acc2,8),$t3 + + movzb `&hi("$s3")`,$acc0 + shr \$16,$s2 + movzb `&hi("$s0")`,$acc2 + xor 3($sbox,$acc0,8),$t2 + shr \$16,$s3 + xor 3($sbox,$acc2,8),$t3 + + shr \$16,$s1 + lea 16($key),$key + shr \$16,$s0 + + movzb `&lo("$s2")`,$acc0 + movzb `&lo("$s3")`,$acc1 + movzb `&lo("$s0")`,$acc2 + xor 2($sbox,$acc0,8),$t0 + xor 2($sbox,$acc1,8),$t1 + xor 2($sbox,$acc2,8),$t2 + + movzb `&hi("$s3")`,$acc0 + movzb `&hi("$s0")`,$acc1 + movzb `&lo("$s1")`,$acc2 + xor 1($sbox,$acc0,8),$t0 + xor 1($sbox,$acc1,8),$t1 + xor 2($sbox,$acc2,8),$t3 + + mov 12($key),$s3 + movzb `&hi("$s1")`,$acc1 + movzb `&hi("$s2")`,$acc2 + mov 0($key),$s0 + xor 1($sbox,$acc1,8),$t2 + xor 1($sbox,$acc2,8),$t3 + + mov 4($key),$s1 + mov 8($key),$s2 + xor $t0,$s0 + xor $t1,$s1 + xor $t2,$s2 + xor $t3,$s3 +___ +} + +sub enclastvert() +{ my $t3="%r8d"; # zaps $inp! + +$code.=<<___; + movzb `&lo("$s0")`,$acc0 + movzb `&lo("$s1")`,$acc1 + movzb `&lo("$s2")`,$acc2 + movzb 2($sbox,$acc0,8),$t0 + movzb 2($sbox,$acc1,8),$t1 + movzb 2($sbox,$acc2,8),$t2 + + movzb `&lo("$s3")`,$acc0 + movzb `&hi("$s1")`,$acc1 + movzb `&hi("$s2")`,$acc2 + movzb 2($sbox,$acc0,8),$t3 + mov 0($sbox,$acc1,8),$acc1 #$t0 + mov 0($sbox,$acc2,8),$acc2 #$t1 + + and \$0x0000ff00,$acc1 + and \$0x0000ff00,$acc2 + + xor $acc1,$t0 + xor $acc2,$t1 + shr \$16,$s2 + + movzb `&hi("$s3")`,$acc0 + movzb `&hi("$s0")`,$acc1 + shr \$16,$s3 + mov 0($sbox,$acc0,8),$acc0 #$t2 + mov 0($sbox,$acc1,8),$acc1 #$t3 + + and \$0x0000ff00,$acc0 + and \$0x0000ff00,$acc1 + shr \$16,$s1 + xor $acc0,$t2 + xor $acc1,$t3 + shr \$16,$s0 + + movzb `&lo("$s2")`,$acc0 + movzb `&lo("$s3")`,$acc1 + movzb `&lo("$s0")`,$acc2 + mov 0($sbox,$acc0,8),$acc0 #$t0 + mov 0($sbox,$acc1,8),$acc1 #$t1 + mov 0($sbox,$acc2,8),$acc2 #$t2 + + and \$0x00ff0000,$acc0 + and \$0x00ff0000,$acc1 + and \$0x00ff0000,$acc2 + + xor $acc0,$t0 + xor $acc1,$t1 + xor $acc2,$t2 + + movzb `&lo("$s1")`,$acc0 + movzb `&hi("$s3")`,$acc1 + movzb `&hi("$s0")`,$acc2 + mov 0($sbox,$acc0,8),$acc0 #$t3 + mov 2($sbox,$acc1,8),$acc1 #$t0 + mov 2($sbox,$acc2,8),$acc2 #$t1 + + and \$0x00ff0000,$acc0 + and \$0xff000000,$acc1 + and \$0xff000000,$acc2 + + xor $acc0,$t3 + xor $acc1,$t0 + xor $acc2,$t1 + + movzb `&hi("$s1")`,$acc0 + movzb `&hi("$s2")`,$acc1 + mov 16+12($key),$s3 + mov 2($sbox,$acc0,8),$acc0 #$t2 + mov 2($sbox,$acc1,8),$acc1 #$t3 + mov 16+0($key),$s0 + + and \$0xff000000,$acc0 + and \$0xff000000,$acc1 + + xor $acc0,$t2 + xor $acc1,$t3 + + mov 16+4($key),$s1 + mov 16+8($key),$s2 + xor $t0,$s0 + xor $t1,$s1 + xor $t2,$s2 + xor $t3,$s3 +___ +} + +sub encstep() +{ my ($i,@s) = @_; + my $tmp0=$acc0; + my $tmp1=$acc1; + my $tmp2=$acc2; + my $out=($t0,$t1,$t2,$s[0])[$i]; + + if ($i==3) { + $tmp0=$s[1]; + $tmp1=$s[2]; + $tmp2=$s[3]; + } + $code.=" movzb ".&lo($s[0]).",$out\n"; + $code.=" mov $s[2],$tmp1\n" if ($i!=3); + $code.=" lea 16($key),$key\n" if ($i==0); + + $code.=" movzb ".&hi($s[1]).",$tmp0\n"; + $code.=" mov 0($sbox,$out,8),$out\n"; + + $code.=" shr \$16,$tmp1\n"; + $code.=" mov $s[3],$tmp2\n" if ($i!=3); + $code.=" xor 3($sbox,$tmp0,8),$out\n"; + + $code.=" movzb ".&lo($tmp1).",$tmp1\n"; + $code.=" shr \$24,$tmp2\n"; + $code.=" xor 4*$i($key),$out\n"; + + $code.=" xor 2($sbox,$tmp1,8),$out\n"; + $code.=" xor 1($sbox,$tmp2,8),$out\n"; + + $code.=" mov $t0,$s[1]\n" if ($i==3); + $code.=" mov $t1,$s[2]\n" if ($i==3); + $code.=" mov $t2,$s[3]\n" if ($i==3); + $code.="\n"; +} + +sub enclast() +{ my ($i,@s)=@_; + my $tmp0=$acc0; + my $tmp1=$acc1; + my $tmp2=$acc2; + my $out=($t0,$t1,$t2,$s[0])[$i]; + + if ($i==3) { + $tmp0=$s[1]; + $tmp1=$s[2]; + $tmp2=$s[3]; + } + $code.=" movzb ".&lo($s[0]).",$out\n"; + $code.=" mov $s[2],$tmp1\n" if ($i!=3); + + $code.=" mov 2($sbox,$out,8),$out\n"; + $code.=" shr \$16,$tmp1\n"; + $code.=" mov $s[3],$tmp2\n" if ($i!=3); + + $code.=" and \$0x000000ff,$out\n"; + $code.=" movzb ".&hi($s[1]).",$tmp0\n"; + $code.=" movzb ".&lo($tmp1).",$tmp1\n"; + $code.=" shr \$24,$tmp2\n"; + + $code.=" mov 0($sbox,$tmp0,8),$tmp0\n"; + $code.=" mov 0($sbox,$tmp1,8),$tmp1\n"; + $code.=" mov 2($sbox,$tmp2,8),$tmp2\n"; + + $code.=" and \$0x0000ff00,$tmp0\n"; + $code.=" and \$0x00ff0000,$tmp1\n"; + $code.=" and \$0xff000000,$tmp2\n"; + + $code.=" xor $tmp0,$out\n"; + $code.=" mov $t0,$s[1]\n" if ($i==3); + $code.=" xor $tmp1,$out\n"; + $code.=" mov $t1,$s[2]\n" if ($i==3); + $code.=" xor $tmp2,$out\n"; + $code.=" mov $t2,$s[3]\n" if ($i==3); + $code.="\n"; +} + +$code.=<<___; +.type _x86_64_AES_encrypt,\@abi-omnipotent +.align 16 +_x86_64_AES_encrypt: + xor 0($key),$s0 # xor with key + xor 4($key),$s1 + xor 8($key),$s2 + xor 12($key),$s3 + + mov 240($key),$rnds # load key->rounds + sub \$1,$rnds + jmp .Lenc_loop +.align 16 +.Lenc_loop: +___ + if ($verticalspin) { &encvert(); } + else { &encstep(0,$s0,$s1,$s2,$s3); + &encstep(1,$s1,$s2,$s3,$s0); + &encstep(2,$s2,$s3,$s0,$s1); + &encstep(3,$s3,$s0,$s1,$s2); + } +$code.=<<___; + sub \$1,$rnds + jnz .Lenc_loop +___ + if ($verticalspin) { &enclastvert(); } + else { &enclast(0,$s0,$s1,$s2,$s3); + &enclast(1,$s1,$s2,$s3,$s0); + &enclast(2,$s2,$s3,$s0,$s1); + &enclast(3,$s3,$s0,$s1,$s2); + $code.=<<___; + xor 16+0($key),$s0 # xor with key + xor 16+4($key),$s1 + xor 16+8($key),$s2 + xor 16+12($key),$s3 +___ + } +$code.=<<___; + retq +.size _x86_64_AES_encrypt,.-_x86_64_AES_encrypt +___ + +# it's possible to implement this by shifting tN by 8, filling least +# significant byte with byte load and finally bswap-ing at the end, +# but such partial register load kills Core 2... +sub enccompactvert() +{ my ($t3,$t4,$t5)=("%r8d","%r9d","%r13d"); + +$code.=<<___; + movzb `&lo("$s0")`,$t0 + movzb `&lo("$s1")`,$t1 + movzb `&lo("$s2")`,$t2 + movzb ($sbox,$t0,1),$t0 + movzb ($sbox,$t1,1),$t1 + movzb ($sbox,$t2,1),$t2 + + movzb `&lo("$s3")`,$t3 + movzb `&hi("$s1")`,$acc0 + movzb `&hi("$s2")`,$acc1 + movzb ($sbox,$t3,1),$t3 + movzb ($sbox,$acc0,1),$t4 #$t0 + movzb ($sbox,$acc1,1),$t5 #$t1 + + movzb `&hi("$s3")`,$acc2 + movzb `&hi("$s0")`,$acc0 + shr \$16,$s2 + movzb ($sbox,$acc2,1),$acc2 #$t2 + movzb ($sbox,$acc0,1),$acc0 #$t3 + shr \$16,$s3 + + movzb `&lo("$s2")`,$acc1 + shl \$8,$t4 + shl \$8,$t5 + movzb ($sbox,$acc1,1),$acc1 #$t0 + xor $t4,$t0 + xor $t5,$t1 + + movzb `&lo("$s3")`,$t4 + shr \$16,$s0 + shr \$16,$s1 + movzb `&lo("$s0")`,$t5 + shl \$8,$acc2 + shl \$8,$acc0 + movzb ($sbox,$t4,1),$t4 #$t1 + movzb ($sbox,$t5,1),$t5 #$t2 + xor $acc2,$t2 + xor $acc0,$t3 + + movzb `&lo("$s1")`,$acc2 + movzb `&hi("$s3")`,$acc0 + shl \$16,$acc1 + movzb ($sbox,$acc2,1),$acc2 #$t3 + movzb ($sbox,$acc0,1),$acc0 #$t0 + xor $acc1,$t0 + + movzb `&hi("$s0")`,$acc1 + shr \$8,$s2 + shr \$8,$s1 + movzb ($sbox,$acc1,1),$acc1 #$t1 + movzb ($sbox,$s2,1),$s3 #$t3 + movzb ($sbox,$s1,1),$s2 #$t2 + shl \$16,$t4 + shl \$16,$t5 + shl \$16,$acc2 + xor $t4,$t1 + xor $t5,$t2 + xor $acc2,$t3 + + shl \$24,$acc0 + shl \$24,$acc1 + shl \$24,$s3 + xor $acc0,$t0 + shl \$24,$s2 + xor $acc1,$t1 + mov $t0,$s0 + mov $t1,$s1 + xor $t2,$s2 + xor $t3,$s3 +___ +} + +sub enctransform_ref() +{ my $sn = shift; + my ($acc,$r2,$tmp)=("%r8d","%r9d","%r13d"); + +$code.=<<___; + mov $sn,$acc + and \$0x80808080,$acc + mov $acc,$tmp + shr \$7,$tmp + lea ($sn,$sn),$r2 + sub $tmp,$acc + and \$0xfefefefe,$r2 + and \$0x1b1b1b1b,$acc + mov $sn,$tmp + xor $acc,$r2 + + xor $r2,$sn + rol \$24,$sn + xor $r2,$sn + ror \$16,$tmp + xor $tmp,$sn + ror \$8,$tmp + xor $tmp,$sn +___ +} + +# unlike decrypt case it does not pay off to parallelize enctransform +sub enctransform() +{ my ($t3,$r20,$r21)=($acc2,"%r8d","%r9d"); + +$code.=<<___; + mov $s0,$acc0 + mov $s1,$acc1 + and \$0x80808080,$acc0 + and \$0x80808080,$acc1 + mov $acc0,$t0 + mov $acc1,$t1 + shr \$7,$t0 + lea ($s0,$s0),$r20 + shr \$7,$t1 + lea ($s1,$s1),$r21 + sub $t0,$acc0 + sub $t1,$acc1 + and \$0xfefefefe,$r20 + and \$0xfefefefe,$r21 + and \$0x1b1b1b1b,$acc0 + and \$0x1b1b1b1b,$acc1 + mov $s0,$t0 + mov $s1,$t1 + xor $acc0,$r20 + xor $acc1,$r21 + + xor $r20,$s0 + xor $r21,$s1 + mov $s2,$acc0 + mov $s3,$acc1 + rol \$24,$s0 + rol \$24,$s1 + and \$0x80808080,$acc0 + and \$0x80808080,$acc1 + xor $r20,$s0 + xor $r21,$s1 + mov $acc0,$t2 + mov $acc1,$t3 + ror \$16,$t0 + ror \$16,$t1 + shr \$7,$t2 + lea ($s2,$s2),$r20 + xor $t0,$s0 + xor $t1,$s1 + shr \$7,$t3 + lea ($s3,$s3),$r21 + ror \$8,$t0 + ror \$8,$t1 + sub $t2,$acc0 + sub $t3,$acc1 + xor $t0,$s0 + xor $t1,$s1 + + and \$0xfefefefe,$r20 + and \$0xfefefefe,$r21 + and \$0x1b1b1b1b,$acc0 + and \$0x1b1b1b1b,$acc1 + mov $s2,$t2 + mov $s3,$t3 + xor $acc0,$r20 + xor $acc1,$r21 + + xor $r20,$s2 + xor $r21,$s3 + rol \$24,$s2 + rol \$24,$s3 + xor $r20,$s2 + xor $r21,$s3 + mov 0($sbox),$acc0 # prefetch Te4 + ror \$16,$t2 + ror \$16,$t3 + mov 64($sbox),$acc1 + xor $t2,$s2 + xor $t3,$s3 + mov 128($sbox),$r20 + ror \$8,$t2 + ror \$8,$t3 + mov 192($sbox),$r21 + xor $t2,$s2 + xor $t3,$s3 +___ +} + +$code.=<<___; +.type _x86_64_AES_encrypt_compact,\@abi-omnipotent +.align 16 +_x86_64_AES_encrypt_compact: + lea 128($sbox),$inp # size optimization + mov 0-128($inp),$acc1 # prefetch Te4 + mov 32-128($inp),$acc2 + mov 64-128($inp),$t0 + mov 96-128($inp),$t1 + mov 128-128($inp),$acc1 + mov 160-128($inp),$acc2 + mov 192-128($inp),$t0 + mov 224-128($inp),$t1 + jmp .Lenc_loop_compact +.align 16 +.Lenc_loop_compact: + xor 0($key),$s0 # xor with key + xor 4($key),$s1 + xor 8($key),$s2 + xor 12($key),$s3 + lea 16($key),$key +___ + &enccompactvert(); +$code.=<<___; + cmp 16(%rsp),$key + je .Lenc_compact_done +___ + &enctransform(); +$code.=<<___; + jmp .Lenc_loop_compact +.align 16 +.Lenc_compact_done: + xor 0($key),$s0 + xor 4($key),$s1 + xor 8($key),$s2 + xor 12($key),$s3 + retq +.size _x86_64_AES_encrypt_compact,.-_x86_64_AES_encrypt_compact +___ + +# void AES_encrypt (const void *inp,void *out,const AES_KEY *key); +$code.=<<___; +.globl AES_encrypt +.type AES_encrypt,\@function,3 +.align 16 +.globl asm_AES_encrypt +.hidden asm_AES_encrypt +asm_AES_encrypt: +AES_encrypt: + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + + # allocate frame "above" key schedule + mov %rsp,%r10 + lea -63(%rdx),%rcx # %rdx is key argument + and \$-64,%rsp + sub %rsp,%rcx + neg %rcx + and \$0x3c0,%rcx + sub %rcx,%rsp + sub \$32,%rsp + + mov %rsi,16(%rsp) # save out + mov %r10,24(%rsp) # save real stack pointer +.Lenc_prologue: + + mov %rdx,$key + mov 240($key),$rnds # load rounds + + mov 0(%rdi),$s0 # load input vector + mov 4(%rdi),$s1 + mov 8(%rdi),$s2 + mov 12(%rdi),$s3 + + shl \$4,$rnds + lea ($key,$rnds),%rbp + mov $key,(%rsp) # key schedule + mov %rbp,8(%rsp) # end of key schedule + + # pick Te4 copy which can't "overlap" with stack frame or key schedule + lea .LAES_Te+2048(%rip),$sbox + lea 768(%rsp),%rbp + sub $sbox,%rbp + and \$0x300,%rbp + lea ($sbox,%rbp),$sbox + + call _x86_64_AES_encrypt_compact + + mov 16(%rsp),$out # restore out + mov 24(%rsp),%rsi # restore saved stack pointer + mov $s0,0($out) # write output vector + mov $s1,4($out) + mov $s2,8($out) + mov $s3,12($out) + + mov (%rsi),%r15 + mov 8(%rsi),%r14 + mov 16(%rsi),%r13 + mov 24(%rsi),%r12 + mov 32(%rsi),%rbp + mov 40(%rsi),%rbx + lea 48(%rsi),%rsp +.Lenc_epilogue: + ret +.size AES_encrypt,.-AES_encrypt +___ + +#------------------------------------------------------------------# + +sub decvert() +{ my $t3="%r8d"; # zaps $inp! + +$code.=<<___; + # favor 3-way issue Opteron pipeline... + movzb `&lo("$s0")`,$acc0 + movzb `&lo("$s1")`,$acc1 + movzb `&lo("$s2")`,$acc2 + mov 0($sbox,$acc0,8),$t0 + mov 0($sbox,$acc1,8),$t1 + mov 0($sbox,$acc2,8),$t2 + + movzb `&hi("$s3")`,$acc0 + movzb `&hi("$s0")`,$acc1 + movzb `&lo("$s3")`,$acc2 + xor 3($sbox,$acc0,8),$t0 + xor 3($sbox,$acc1,8),$t1 + mov 0($sbox,$acc2,8),$t3 + + movzb `&hi("$s1")`,$acc0 + shr \$16,$s0 + movzb `&hi("$s2")`,$acc2 + xor 3($sbox,$acc0,8),$t2 + shr \$16,$s3 + xor 3($sbox,$acc2,8),$t3 + + shr \$16,$s1 + lea 16($key),$key + shr \$16,$s2 + + movzb `&lo("$s2")`,$acc0 + movzb `&lo("$s3")`,$acc1 + movzb `&lo("$s0")`,$acc2 + xor 2($sbox,$acc0,8),$t0 + xor 2($sbox,$acc1,8),$t1 + xor 2($sbox,$acc2,8),$t2 + + movzb `&hi("$s1")`,$acc0 + movzb `&hi("$s2")`,$acc1 + movzb `&lo("$s1")`,$acc2 + xor 1($sbox,$acc0,8),$t0 + xor 1($sbox,$acc1,8),$t1 + xor 2($sbox,$acc2,8),$t3 + + movzb `&hi("$s3")`,$acc0 + mov 12($key),$s3 + movzb `&hi("$s0")`,$acc2 + xor 1($sbox,$acc0,8),$t2 + mov 0($key),$s0 + xor 1($sbox,$acc2,8),$t3 + + xor $t0,$s0 + mov 4($key),$s1 + mov 8($key),$s2 + xor $t2,$s2 + xor $t1,$s1 + xor $t3,$s3 +___ +} + +sub declastvert() +{ my $t3="%r8d"; # zaps $inp! + +$code.=<<___; + lea 2048($sbox),$sbox # size optimization + movzb `&lo("$s0")`,$acc0 + movzb `&lo("$s1")`,$acc1 + movzb `&lo("$s2")`,$acc2 + movzb ($sbox,$acc0,1),$t0 + movzb ($sbox,$acc1,1),$t1 + movzb ($sbox,$acc2,1),$t2 + + movzb `&lo("$s3")`,$acc0 + movzb `&hi("$s3")`,$acc1 + movzb `&hi("$s0")`,$acc2 + movzb ($sbox,$acc0,1),$t3 + movzb ($sbox,$acc1,1),$acc1 #$t0 + movzb ($sbox,$acc2,1),$acc2 #$t1 + + shl \$8,$acc1 + shl \$8,$acc2 + + xor $acc1,$t0 + xor $acc2,$t1 + shr \$16,$s3 + + movzb `&hi("$s1")`,$acc0 + movzb `&hi("$s2")`,$acc1 + shr \$16,$s0 + movzb ($sbox,$acc0,1),$acc0 #$t2 + movzb ($sbox,$acc1,1),$acc1 #$t3 + + shl \$8,$acc0 + shl \$8,$acc1 + shr \$16,$s1 + xor $acc0,$t2 + xor $acc1,$t3 + shr \$16,$s2 + + movzb `&lo("$s2")`,$acc0 + movzb `&lo("$s3")`,$acc1 + movzb `&lo("$s0")`,$acc2 + movzb ($sbox,$acc0,1),$acc0 #$t0 + movzb ($sbox,$acc1,1),$acc1 #$t1 + movzb ($sbox,$acc2,1),$acc2 #$t2 + + shl \$16,$acc0 + shl \$16,$acc1 + shl \$16,$acc2 + + xor $acc0,$t0 + xor $acc1,$t1 + xor $acc2,$t2 + + movzb `&lo("$s1")`,$acc0 + movzb `&hi("$s1")`,$acc1 + movzb `&hi("$s2")`,$acc2 + movzb ($sbox,$acc0,1),$acc0 #$t3 + movzb ($sbox,$acc1,1),$acc1 #$t0 + movzb ($sbox,$acc2,1),$acc2 #$t1 + + shl \$16,$acc0 + shl \$24,$acc1 + shl \$24,$acc2 + + xor $acc0,$t3 + xor $acc1,$t0 + xor $acc2,$t1 + + movzb `&hi("$s3")`,$acc0 + movzb `&hi("$s0")`,$acc1 + mov 16+12($key),$s3 + movzb ($sbox,$acc0,1),$acc0 #$t2 + movzb ($sbox,$acc1,1),$acc1 #$t3 + mov 16+0($key),$s0 + + shl \$24,$acc0 + shl \$24,$acc1 + + xor $acc0,$t2 + xor $acc1,$t3 + + mov 16+4($key),$s1 + mov 16+8($key),$s2 + lea -2048($sbox),$sbox + xor $t0,$s0 + xor $t1,$s1 + xor $t2,$s2 + xor $t3,$s3 +___ +} + +sub decstep() +{ my ($i,@s) = @_; + my $tmp0=$acc0; + my $tmp1=$acc1; + my $tmp2=$acc2; + my $out=($t0,$t1,$t2,$s[0])[$i]; + + $code.=" mov $s[0],$out\n" if ($i!=3); + $tmp1=$s[2] if ($i==3); + $code.=" mov $s[2],$tmp1\n" if ($i!=3); + $code.=" and \$0xFF,$out\n"; + + $code.=" mov 0($sbox,$out,8),$out\n"; + $code.=" shr \$16,$tmp1\n"; + $tmp2=$s[3] if ($i==3); + $code.=" mov $s[3],$tmp2\n" if ($i!=3); + + $tmp0=$s[1] if ($i==3); + $code.=" movzb ".&hi($s[1]).",$tmp0\n"; + $code.=" and \$0xFF,$tmp1\n"; + $code.=" shr \$24,$tmp2\n"; + + $code.=" xor 3($sbox,$tmp0,8),$out\n"; + $code.=" xor 2($sbox,$tmp1,8),$out\n"; + $code.=" xor 1($sbox,$tmp2,8),$out\n"; + + $code.=" mov $t2,$s[1]\n" if ($i==3); + $code.=" mov $t1,$s[2]\n" if ($i==3); + $code.=" mov $t0,$s[3]\n" if ($i==3); + $code.="\n"; +} + +sub declast() +{ my ($i,@s)=@_; + my $tmp0=$acc0; + my $tmp1=$acc1; + my $tmp2=$acc2; + my $out=($t0,$t1,$t2,$s[0])[$i]; + + $code.=" mov $s[0],$out\n" if ($i!=3); + $tmp1=$s[2] if ($i==3); + $code.=" mov $s[2],$tmp1\n" if ($i!=3); + $code.=" and \$0xFF,$out\n"; + + $code.=" movzb 2048($sbox,$out,1),$out\n"; + $code.=" shr \$16,$tmp1\n"; + $tmp2=$s[3] if ($i==3); + $code.=" mov $s[3],$tmp2\n" if ($i!=3); + + $tmp0=$s[1] if ($i==3); + $code.=" movzb ".&hi($s[1]).",$tmp0\n"; + $code.=" and \$0xFF,$tmp1\n"; + $code.=" shr \$24,$tmp2\n"; + + $code.=" movzb 2048($sbox,$tmp0,1),$tmp0\n"; + $code.=" movzb 2048($sbox,$tmp1,1),$tmp1\n"; + $code.=" movzb 2048($sbox,$tmp2,1),$tmp2\n"; + + $code.=" shl \$8,$tmp0\n"; + $code.=" shl \$16,$tmp1\n"; + $code.=" shl \$24,$tmp2\n"; + + $code.=" xor $tmp0,$out\n"; + $code.=" mov $t2,$s[1]\n" if ($i==3); + $code.=" xor $tmp1,$out\n"; + $code.=" mov $t1,$s[2]\n" if ($i==3); + $code.=" xor $tmp2,$out\n"; + $code.=" mov $t0,$s[3]\n" if ($i==3); + $code.="\n"; +} + +$code.=<<___; +.type _x86_64_AES_decrypt,\@abi-omnipotent +.align 16 +_x86_64_AES_decrypt: + xor 0($key),$s0 # xor with key + xor 4($key),$s1 + xor 8($key),$s2 + xor 12($key),$s3 + + mov 240($key),$rnds # load key->rounds + sub \$1,$rnds + jmp .Ldec_loop +.align 16 +.Ldec_loop: +___ + if ($verticalspin) { &decvert(); } + else { &decstep(0,$s0,$s3,$s2,$s1); + &decstep(1,$s1,$s0,$s3,$s2); + &decstep(2,$s2,$s1,$s0,$s3); + &decstep(3,$s3,$s2,$s1,$s0); + $code.=<<___; + lea 16($key),$key + xor 0($key),$s0 # xor with key + xor 4($key),$s1 + xor 8($key),$s2 + xor 12($key),$s3 +___ + } +$code.=<<___; + sub \$1,$rnds + jnz .Ldec_loop +___ + if ($verticalspin) { &declastvert(); } + else { &declast(0,$s0,$s3,$s2,$s1); + &declast(1,$s1,$s0,$s3,$s2); + &declast(2,$s2,$s1,$s0,$s3); + &declast(3,$s3,$s2,$s1,$s0); + $code.=<<___; + xor 16+0($key),$s0 # xor with key + xor 16+4($key),$s1 + xor 16+8($key),$s2 + xor 16+12($key),$s3 +___ + } +$code.=<<___; + retq +.size _x86_64_AES_decrypt,.-_x86_64_AES_decrypt +___ + +sub deccompactvert() +{ my ($t3,$t4,$t5)=("%r8d","%r9d","%r13d"); + +$code.=<<___; + movzb `&lo("$s0")`,$t0 + movzb `&lo("$s1")`,$t1 + movzb `&lo("$s2")`,$t2 + movzb ($sbox,$t0,1),$t0 + movzb ($sbox,$t1,1),$t1 + movzb ($sbox,$t2,1),$t2 + + movzb `&lo("$s3")`,$t3 + movzb `&hi("$s3")`,$acc0 + movzb `&hi("$s0")`,$acc1 + movzb ($sbox,$t3,1),$t3 + movzb ($sbox,$acc0,1),$t4 #$t0 + movzb ($sbox,$acc1,1),$t5 #$t1 + + movzb `&hi("$s1")`,$acc2 + movzb `&hi("$s2")`,$acc0 + shr \$16,$s2 + movzb ($sbox,$acc2,1),$acc2 #$t2 + movzb ($sbox,$acc0,1),$acc0 #$t3 + shr \$16,$s3 + + movzb `&lo("$s2")`,$acc1 + shl \$8,$t4 + shl \$8,$t5 + movzb ($sbox,$acc1,1),$acc1 #$t0 + xor $t4,$t0 + xor $t5,$t1 + + movzb `&lo("$s3")`,$t4 + shr \$16,$s0 + shr \$16,$s1 + movzb `&lo("$s0")`,$t5 + shl \$8,$acc2 + shl \$8,$acc0 + movzb ($sbox,$t4,1),$t4 #$t1 + movzb ($sbox,$t5,1),$t5 #$t2 + xor $acc2,$t2 + xor $acc0,$t3 + + movzb `&lo("$s1")`,$acc2 + movzb `&hi("$s1")`,$acc0 + shl \$16,$acc1 + movzb ($sbox,$acc2,1),$acc2 #$t3 + movzb ($sbox,$acc0,1),$acc0 #$t0 + xor $acc1,$t0 + + movzb `&hi("$s2")`,$acc1 + shl \$16,$t4 + shl \$16,$t5 + movzb ($sbox,$acc1,1),$s1 #$t1 + xor $t4,$t1 + xor $t5,$t2 + + movzb `&hi("$s3")`,$acc1 + shr \$8,$s0 + shl \$16,$acc2 + movzb ($sbox,$acc1,1),$s2 #$t2 + movzb ($sbox,$s0,1),$s3 #$t3 + xor $acc2,$t3 + + shl \$24,$acc0 + shl \$24,$s1 + shl \$24,$s2 + xor $acc0,$t0 + shl \$24,$s3 + xor $t1,$s1 + mov $t0,$s0 + xor $t2,$s2 + xor $t3,$s3 +___ +} + +# parallelized version! input is pair of 64-bit values: %rax=s1.s0 +# and %rcx=s3.s2, output is four 32-bit values in %eax=s0, %ebx=s1, +# %ecx=s2 and %edx=s3. +sub dectransform() +{ my ($tp10,$tp20,$tp40,$tp80,$acc0)=("%rax","%r8", "%r9", "%r10","%rbx"); + my ($tp18,$tp28,$tp48,$tp88,$acc8)=("%rcx","%r11","%r12","%r13","%rdx"); + my $prefetch = shift; + +$code.=<<___; + mov $tp10,$acc0 + mov $tp18,$acc8 + and $mask80,$acc0 + and $mask80,$acc8 + mov $acc0,$tp40 + mov $acc8,$tp48 + shr \$7,$tp40 + lea ($tp10,$tp10),$tp20 + shr \$7,$tp48 + lea ($tp18,$tp18),$tp28 + sub $tp40,$acc0 + sub $tp48,$acc8 + and $maskfe,$tp20 + and $maskfe,$tp28 + and $mask1b,$acc0 + and $mask1b,$acc8 + xor $tp20,$acc0 + xor $tp28,$acc8 + mov $acc0,$tp20 + mov $acc8,$tp28 + + and $mask80,$acc0 + and $mask80,$acc8 + mov $acc0,$tp80 + mov $acc8,$tp88 + shr \$7,$tp80 + lea ($tp20,$tp20),$tp40 + shr \$7,$tp88 + lea ($tp28,$tp28),$tp48 + sub $tp80,$acc0 + sub $tp88,$acc8 + and $maskfe,$tp40 + and $maskfe,$tp48 + and $mask1b,$acc0 + and $mask1b,$acc8 + xor $tp40,$acc0 + xor $tp48,$acc8 + mov $acc0,$tp40 + mov $acc8,$tp48 + + and $mask80,$acc0 + and $mask80,$acc8 + mov $acc0,$tp80 + mov $acc8,$tp88 + shr \$7,$tp80 + xor $tp10,$tp20 # tp2^=tp1 + shr \$7,$tp88 + xor $tp18,$tp28 # tp2^=tp1 + sub $tp80,$acc0 + sub $tp88,$acc8 + lea ($tp40,$tp40),$tp80 + lea ($tp48,$tp48),$tp88 + xor $tp10,$tp40 # tp4^=tp1 + xor $tp18,$tp48 # tp4^=tp1 + and $maskfe,$tp80 + and $maskfe,$tp88 + and $mask1b,$acc0 + and $mask1b,$acc8 + xor $acc0,$tp80 + xor $acc8,$tp88 + + xor $tp80,$tp10 # tp1^=tp8 + xor $tp88,$tp18 # tp1^=tp8 + xor $tp80,$tp20 # tp2^tp1^=tp8 + xor $tp88,$tp28 # tp2^tp1^=tp8 + mov $tp10,$acc0 + mov $tp18,$acc8 + xor $tp80,$tp40 # tp4^tp1^=tp8 + xor $tp88,$tp48 # tp4^tp1^=tp8 + shr \$32,$acc0 + shr \$32,$acc8 + xor $tp20,$tp80 # tp8^=tp8^tp2^tp1=tp2^tp1 + xor $tp28,$tp88 # tp8^=tp8^tp2^tp1=tp2^tp1 + rol \$8,`&LO("$tp10")` # ROTATE(tp1^tp8,8) + rol \$8,`&LO("$tp18")` # ROTATE(tp1^tp8,8) + xor $tp40,$tp80 # tp2^tp1^=tp8^tp4^tp1=tp8^tp4^tp2 + xor $tp48,$tp88 # tp2^tp1^=tp8^tp4^tp1=tp8^tp4^tp2 + + rol \$8,`&LO("$acc0")` # ROTATE(tp1^tp8,8) + rol \$8,`&LO("$acc8")` # ROTATE(tp1^tp8,8) + xor `&LO("$tp80")`,`&LO("$tp10")` + xor `&LO("$tp88")`,`&LO("$tp18")` + shr \$32,$tp80 + shr \$32,$tp88 + xor `&LO("$tp80")`,`&LO("$acc0")` + xor `&LO("$tp88")`,`&LO("$acc8")` + + mov $tp20,$tp80 + mov $tp28,$tp88 + shr \$32,$tp80 + shr \$32,$tp88 + rol \$24,`&LO("$tp20")` # ROTATE(tp2^tp1^tp8,24) + rol \$24,`&LO("$tp28")` # ROTATE(tp2^tp1^tp8,24) + rol \$24,`&LO("$tp80")` # ROTATE(tp2^tp1^tp8,24) + rol \$24,`&LO("$tp88")` # ROTATE(tp2^tp1^tp8,24) + xor `&LO("$tp20")`,`&LO("$tp10")` + xor `&LO("$tp28")`,`&LO("$tp18")` + mov $tp40,$tp20 + mov $tp48,$tp28 + xor `&LO("$tp80")`,`&LO("$acc0")` + xor `&LO("$tp88")`,`&LO("$acc8")` + + `"mov 0($sbox),$mask80" if ($prefetch)` + shr \$32,$tp20 + shr \$32,$tp28 + `"mov 64($sbox),$maskfe" if ($prefetch)` + rol \$16,`&LO("$tp40")` # ROTATE(tp4^tp1^tp8,16) + rol \$16,`&LO("$tp48")` # ROTATE(tp4^tp1^tp8,16) + `"mov 128($sbox),$mask1b" if ($prefetch)` + rol \$16,`&LO("$tp20")` # ROTATE(tp4^tp1^tp8,16) + rol \$16,`&LO("$tp28")` # ROTATE(tp4^tp1^tp8,16) + `"mov 192($sbox),$tp80" if ($prefetch)` + xor `&LO("$tp40")`,`&LO("$tp10")` + xor `&LO("$tp48")`,`&LO("$tp18")` + `"mov 256($sbox),$tp88" if ($prefetch)` + xor `&LO("$tp20")`,`&LO("$acc0")` + xor `&LO("$tp28")`,`&LO("$acc8")` +___ +} + +$code.=<<___; +.type _x86_64_AES_decrypt_compact,\@abi-omnipotent +.align 16 +_x86_64_AES_decrypt_compact: + lea 128($sbox),$inp # size optimization + mov 0-128($inp),$acc1 # prefetch Td4 + mov 32-128($inp),$acc2 + mov 64-128($inp),$t0 + mov 96-128($inp),$t1 + mov 128-128($inp),$acc1 + mov 160-128($inp),$acc2 + mov 192-128($inp),$t0 + mov 224-128($inp),$t1 + jmp .Ldec_loop_compact + +.align 16 +.Ldec_loop_compact: + xor 0($key),$s0 # xor with key + xor 4($key),$s1 + xor 8($key),$s2 + xor 12($key),$s3 + lea 16($key),$key +___ + &deccompactvert(); +$code.=<<___; + cmp 16(%rsp),$key + je .Ldec_compact_done + + mov 256+0($sbox),$mask80 + shl \$32,%rbx + shl \$32,%rdx + mov 256+8($sbox),$maskfe + or %rbx,%rax + or %rdx,%rcx + mov 256+16($sbox),$mask1b +___ + &dectransform(1); +$code.=<<___; + jmp .Ldec_loop_compact +.align 16 +.Ldec_compact_done: + xor 0($key),$s0 + xor 4($key),$s1 + xor 8($key),$s2 + xor 12($key),$s3 + retq +.size _x86_64_AES_decrypt_compact,.-_x86_64_AES_decrypt_compact +___ + +# void AES_decrypt (const void *inp,void *out,const AES_KEY *key); +$code.=<<___; +.globl AES_decrypt +.type AES_decrypt,\@function,3 +.align 16 +.globl asm_AES_decrypt +.hidden asm_AES_decrypt +asm_AES_decrypt: +AES_decrypt: + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + + # allocate frame "above" key schedule + mov %rsp,%r10 + lea -63(%rdx),%rcx # %rdx is key argument + and \$-64,%rsp + sub %rsp,%rcx + neg %rcx + and \$0x3c0,%rcx + sub %rcx,%rsp + sub \$32,%rsp + + mov %rsi,16(%rsp) # save out + mov %r10,24(%rsp) # save real stack pointer +.Ldec_prologue: + + mov %rdx,$key + mov 240($key),$rnds # load rounds + + mov 0(%rdi),$s0 # load input vector + mov 4(%rdi),$s1 + mov 8(%rdi),$s2 + mov 12(%rdi),$s3 + + shl \$4,$rnds + lea ($key,$rnds),%rbp + mov $key,(%rsp) # key schedule + mov %rbp,8(%rsp) # end of key schedule + + # pick Td4 copy which can't "overlap" with stack frame or key schedule + lea .LAES_Td+2048(%rip),$sbox + lea 768(%rsp),%rbp + sub $sbox,%rbp + and \$0x300,%rbp + lea ($sbox,%rbp),$sbox + shr \$3,%rbp # recall "magic" constants! + add %rbp,$sbox + + call _x86_64_AES_decrypt_compact + + mov 16(%rsp),$out # restore out + mov 24(%rsp),%rsi # restore saved stack pointer + mov $s0,0($out) # write output vector + mov $s1,4($out) + mov $s2,8($out) + mov $s3,12($out) + + mov (%rsi),%r15 + mov 8(%rsi),%r14 + mov 16(%rsi),%r13 + mov 24(%rsi),%r12 + mov 32(%rsi),%rbp + mov 40(%rsi),%rbx + lea 48(%rsi),%rsp +.Ldec_epilogue: + ret +.size AES_decrypt,.-AES_decrypt +___ +#------------------------------------------------------------------# + +sub enckey() +{ +$code.=<<___; + movz %dl,%esi # rk[i]>>0 + movzb -128(%rbp,%rsi),%ebx + movz %dh,%esi # rk[i]>>8 + shl \$24,%ebx + xor %ebx,%eax + + movzb -128(%rbp,%rsi),%ebx + shr \$16,%edx + movz %dl,%esi # rk[i]>>16 + xor %ebx,%eax + + movzb -128(%rbp,%rsi),%ebx + movz %dh,%esi # rk[i]>>24 + shl \$8,%ebx + xor %ebx,%eax + + movzb -128(%rbp,%rsi),%ebx + shl \$16,%ebx + xor %ebx,%eax + + xor 1024-128(%rbp,%rcx,4),%eax # rcon +___ +} + +# int AES_set_encrypt_key(const unsigned char *userKey, const int bits, +# AES_KEY *key) +$code.=<<___; +.globl AES_set_encrypt_key +.type AES_set_encrypt_key,\@function,3 +.align 16 +AES_set_encrypt_key: + push %rbx + push %rbp + push %r12 # redundant, but allows to share + push %r13 # exception handler... + push %r14 + push %r15 + sub \$8,%rsp +.Lenc_key_prologue: + + call _x86_64_AES_set_encrypt_key + + mov 8(%rsp),%r15 + mov 16(%rsp),%r14 + mov 24(%rsp),%r13 + mov 32(%rsp),%r12 + mov 40(%rsp),%rbp + mov 48(%rsp),%rbx + add \$56,%rsp +.Lenc_key_epilogue: + ret +.size AES_set_encrypt_key,.-AES_set_encrypt_key + +.type _x86_64_AES_set_encrypt_key,\@abi-omnipotent +.align 16 +_x86_64_AES_set_encrypt_key: + mov %esi,%ecx # %ecx=bits + mov %rdi,%rsi # %rsi=userKey + mov %rdx,%rdi # %rdi=key + + test \$-1,%rsi + jz .Lbadpointer + test \$-1,%rdi + jz .Lbadpointer + + lea .LAES_Te(%rip),%rbp + lea 2048+128(%rbp),%rbp + + # prefetch Te4 + mov 0-128(%rbp),%eax + mov 32-128(%rbp),%ebx + mov 64-128(%rbp),%r8d + mov 96-128(%rbp),%edx + mov 128-128(%rbp),%eax + mov 160-128(%rbp),%ebx + mov 192-128(%rbp),%r8d + mov 224-128(%rbp),%edx + + cmp \$128,%ecx + je .L10rounds + cmp \$192,%ecx + je .L12rounds + cmp \$256,%ecx + je .L14rounds + mov \$-2,%rax # invalid number of bits + jmp .Lexit + +.L10rounds: + mov 0(%rsi),%rax # copy first 4 dwords + mov 8(%rsi),%rdx + mov %rax,0(%rdi) + mov %rdx,8(%rdi) + + shr \$32,%rdx + xor %ecx,%ecx + jmp .L10shortcut +.align 4 +.L10loop: + mov 0(%rdi),%eax # rk[0] + mov 12(%rdi),%edx # rk[3] +.L10shortcut: +___ + &enckey (); +$code.=<<___; + mov %eax,16(%rdi) # rk[4] + xor 4(%rdi),%eax + mov %eax,20(%rdi) # rk[5] + xor 8(%rdi),%eax + mov %eax,24(%rdi) # rk[6] + xor 12(%rdi),%eax + mov %eax,28(%rdi) # rk[7] + add \$1,%ecx + lea 16(%rdi),%rdi + cmp \$10,%ecx + jl .L10loop + + movl \$10,80(%rdi) # setup number of rounds + xor %rax,%rax + jmp .Lexit + +.L12rounds: + mov 0(%rsi),%rax # copy first 6 dwords + mov 8(%rsi),%rbx + mov 16(%rsi),%rdx + mov %rax,0(%rdi) + mov %rbx,8(%rdi) + mov %rdx,16(%rdi) + + shr \$32,%rdx + xor %ecx,%ecx + jmp .L12shortcut +.align 4 +.L12loop: + mov 0(%rdi),%eax # rk[0] + mov 20(%rdi),%edx # rk[5] +.L12shortcut: +___ + &enckey (); +$code.=<<___; + mov %eax,24(%rdi) # rk[6] + xor 4(%rdi),%eax + mov %eax,28(%rdi) # rk[7] + xor 8(%rdi),%eax + mov %eax,32(%rdi) # rk[8] + xor 12(%rdi),%eax + mov %eax,36(%rdi) # rk[9] + + cmp \$7,%ecx + je .L12break + add \$1,%ecx + + xor 16(%rdi),%eax + mov %eax,40(%rdi) # rk[10] + xor 20(%rdi),%eax + mov %eax,44(%rdi) # rk[11] + + lea 24(%rdi),%rdi + jmp .L12loop +.L12break: + movl \$12,72(%rdi) # setup number of rounds + xor %rax,%rax + jmp .Lexit + +.L14rounds: + mov 0(%rsi),%rax # copy first 8 dwords + mov 8(%rsi),%rbx + mov 16(%rsi),%rcx + mov 24(%rsi),%rdx + mov %rax,0(%rdi) + mov %rbx,8(%rdi) + mov %rcx,16(%rdi) + mov %rdx,24(%rdi) + + shr \$32,%rdx + xor %ecx,%ecx + jmp .L14shortcut +.align 4 +.L14loop: + mov 0(%rdi),%eax # rk[0] + mov 28(%rdi),%edx # rk[4] +.L14shortcut: +___ + &enckey (); +$code.=<<___; + mov %eax,32(%rdi) # rk[8] + xor 4(%rdi),%eax + mov %eax,36(%rdi) # rk[9] + xor 8(%rdi),%eax + mov %eax,40(%rdi) # rk[10] + xor 12(%rdi),%eax + mov %eax,44(%rdi) # rk[11] + + cmp \$6,%ecx + je .L14break + add \$1,%ecx + + mov %eax,%edx + mov 16(%rdi),%eax # rk[4] + movz %dl,%esi # rk[11]>>0 + movzb -128(%rbp,%rsi),%ebx + movz %dh,%esi # rk[11]>>8 + xor %ebx,%eax + + movzb -128(%rbp,%rsi),%ebx + shr \$16,%edx + shl \$8,%ebx + movz %dl,%esi # rk[11]>>16 + xor %ebx,%eax + + movzb -128(%rbp,%rsi),%ebx + movz %dh,%esi # rk[11]>>24 + shl \$16,%ebx + xor %ebx,%eax + + movzb -128(%rbp,%rsi),%ebx + shl \$24,%ebx + xor %ebx,%eax + + mov %eax,48(%rdi) # rk[12] + xor 20(%rdi),%eax + mov %eax,52(%rdi) # rk[13] + xor 24(%rdi),%eax + mov %eax,56(%rdi) # rk[14] + xor 28(%rdi),%eax + mov %eax,60(%rdi) # rk[15] + + lea 32(%rdi),%rdi + jmp .L14loop +.L14break: + movl \$14,48(%rdi) # setup number of rounds + xor %rax,%rax + jmp .Lexit + +.Lbadpointer: + mov \$-1,%rax +.Lexit: + retq +.size _x86_64_AES_set_encrypt_key,.-_x86_64_AES_set_encrypt_key +___ + +sub deckey_ref() +{ my ($i,$ptr,$te,$td) = @_; + my ($tp1,$tp2,$tp4,$tp8,$acc)=("%eax","%ebx","%edi","%edx","%r8d"); +$code.=<<___; + mov $i($ptr),$tp1 + mov $tp1,$acc + and \$0x80808080,$acc + mov $acc,$tp4 + shr \$7,$tp4 + lea 0($tp1,$tp1),$tp2 + sub $tp4,$acc + and \$0xfefefefe,$tp2 + and \$0x1b1b1b1b,$acc + xor $tp2,$acc + mov $acc,$tp2 + + and \$0x80808080,$acc + mov $acc,$tp8 + shr \$7,$tp8 + lea 0($tp2,$tp2),$tp4 + sub $tp8,$acc + and \$0xfefefefe,$tp4 + and \$0x1b1b1b1b,$acc + xor $tp1,$tp2 # tp2^tp1 + xor $tp4,$acc + mov $acc,$tp4 + + and \$0x80808080,$acc + mov $acc,$tp8 + shr \$7,$tp8 + sub $tp8,$acc + lea 0($tp4,$tp4),$tp8 + xor $tp1,$tp4 # tp4^tp1 + and \$0xfefefefe,$tp8 + and \$0x1b1b1b1b,$acc + xor $acc,$tp8 + + xor $tp8,$tp1 # tp1^tp8 + rol \$8,$tp1 # ROTATE(tp1^tp8,8) + xor $tp8,$tp2 # tp2^tp1^tp8 + xor $tp8,$tp4 # tp4^tp1^tp8 + xor $tp2,$tp8 + xor $tp4,$tp8 # tp8^(tp8^tp4^tp1)^(tp8^tp2^tp1)=tp8^tp4^tp2 + + xor $tp8,$tp1 + rol \$24,$tp2 # ROTATE(tp2^tp1^tp8,24) + xor $tp2,$tp1 + rol \$16,$tp4 # ROTATE(tp4^tp1^tp8,16) + xor $tp4,$tp1 + + mov $tp1,$i($ptr) +___ +} + +# int AES_set_decrypt_key(const unsigned char *userKey, const int bits, +# AES_KEY *key) +$code.=<<___; +.globl AES_set_decrypt_key +.type AES_set_decrypt_key,\@function,3 +.align 16 +AES_set_decrypt_key: + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + push %rdx # save key schedule +.Ldec_key_prologue: + + call _x86_64_AES_set_encrypt_key + mov (%rsp),%r8 # restore key schedule + cmp \$0,%eax + jne .Labort + + mov 240(%r8),%r14d # pull number of rounds + xor %rdi,%rdi + lea (%rdi,%r14d,4),%rcx + mov %r8,%rsi + lea (%r8,%rcx,4),%rdi # pointer to last chunk +.align 4 +.Linvert: + mov 0(%rsi),%rax + mov 8(%rsi),%rbx + mov 0(%rdi),%rcx + mov 8(%rdi),%rdx + mov %rax,0(%rdi) + mov %rbx,8(%rdi) + mov %rcx,0(%rsi) + mov %rdx,8(%rsi) + lea 16(%rsi),%rsi + lea -16(%rdi),%rdi + cmp %rsi,%rdi + jne .Linvert + + lea .LAES_Te+2048+1024(%rip),%rax # rcon + + mov 40(%rax),$mask80 + mov 48(%rax),$maskfe + mov 56(%rax),$mask1b + + mov %r8,$key + sub \$1,%r14d +.align 4 +.Lpermute: + lea 16($key),$key + mov 0($key),%rax + mov 8($key),%rcx +___ + &dectransform (); +$code.=<<___; + mov %eax,0($key) + mov %ebx,4($key) + mov %ecx,8($key) + mov %edx,12($key) + sub \$1,%r14d + jnz .Lpermute + + xor %rax,%rax +.Labort: + mov 8(%rsp),%r15 + mov 16(%rsp),%r14 + mov 24(%rsp),%r13 + mov 32(%rsp),%r12 + mov 40(%rsp),%rbp + mov 48(%rsp),%rbx + add \$56,%rsp +.Ldec_key_epilogue: + ret +.size AES_set_decrypt_key,.-AES_set_decrypt_key +___ + +# void AES_cbc_encrypt (const void char *inp, unsigned char *out, +# size_t length, const AES_KEY *key, +# unsigned char *ivp,const int enc); +{ +# stack frame layout +# -8(%rsp) return address +my $keyp="0(%rsp)"; # one to pass as $key +my $keyend="8(%rsp)"; # &(keyp->rd_key[4*keyp->rounds]) +my $_rsp="16(%rsp)"; # saved %rsp +my $_inp="24(%rsp)"; # copy of 1st parameter, inp +my $_out="32(%rsp)"; # copy of 2nd parameter, out +my $_len="40(%rsp)"; # copy of 3rd parameter, length +my $_key="48(%rsp)"; # copy of 4th parameter, key +my $_ivp="56(%rsp)"; # copy of 5th parameter, ivp +my $ivec="64(%rsp)"; # ivec[16] +my $aes_key="80(%rsp)"; # copy of aes_key +my $mark="80+240(%rsp)"; # copy of aes_key->rounds + +$code.=<<___; +.globl AES_cbc_encrypt +.type AES_cbc_encrypt,\@function,6 +.align 16 +.extern OPENSSL_ia32cap_P +.hidden OPENSSL_ia32cap_P +.globl asm_AES_cbc_encrypt +.hidden asm_AES_cbc_encrypt +asm_AES_cbc_encrypt: +AES_cbc_encrypt: + cmp \$0,%rdx # check length + je .Lcbc_epilogue + pushfq + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 +.Lcbc_prologue: + + cld + mov %r9d,%r9d # clear upper half of enc + + lea .LAES_Te(%rip),$sbox + cmp \$0,%r9 + jne .Lcbc_picked_te + lea .LAES_Td(%rip),$sbox +.Lcbc_picked_te: + + mov OPENSSL_ia32cap_P(%rip),%r10d + cmp \$$speed_limit,%rdx + jb .Lcbc_slow_prologue + test \$15,%rdx + jnz .Lcbc_slow_prologue + bt \$IA32CAP_BIT0_HT,%r10d + jc .Lcbc_slow_prologue + + # allocate aligned stack frame... + lea -88-248(%rsp),$key + and \$-64,$key + + # ... and make sure it doesn't alias with AES_T[ed] modulo 4096 + mov $sbox,%r10 + lea 2304($sbox),%r11 + mov $key,%r12 + and \$0xFFF,%r10 # s = $sbox&0xfff + and \$0xFFF,%r11 # e = ($sbox+2048)&0xfff + and \$0xFFF,%r12 # p = %rsp&0xfff + + cmp %r11,%r12 # if (p=>e) %rsp =- (p-e); + jb .Lcbc_te_break_out + sub %r11,%r12 + sub %r12,$key + jmp .Lcbc_te_ok +.Lcbc_te_break_out: # else %rsp -= (p-s)&0xfff + framesz + sub %r10,%r12 + and \$0xFFF,%r12 + add \$320,%r12 + sub %r12,$key +.align 4 +.Lcbc_te_ok: + + xchg %rsp,$key + #add \$8,%rsp # reserve for return address! + mov $key,$_rsp # save %rsp +.Lcbc_fast_body: + mov %rdi,$_inp # save copy of inp + mov %rsi,$_out # save copy of out + mov %rdx,$_len # save copy of len + mov %rcx,$_key # save copy of key + mov %r8,$_ivp # save copy of ivp + movl \$0,$mark # copy of aes_key->rounds = 0; + mov %r8,%rbp # rearrange input arguments + mov %r9,%rbx + mov %rsi,$out + mov %rdi,$inp + mov %rcx,$key + + mov 240($key),%eax # key->rounds + # do we copy key schedule to stack? + mov $key,%r10 + sub $sbox,%r10 + and \$0xfff,%r10 + cmp \$2304,%r10 + jb .Lcbc_do_ecopy + cmp \$4096-248,%r10 + jb .Lcbc_skip_ecopy +.align 4 +.Lcbc_do_ecopy: + mov $key,%rsi + lea $aes_key,%rdi + lea $aes_key,$key + mov \$240/8,%ecx + .long 0x90A548F3 # rep movsq + mov %eax,(%rdi) # copy aes_key->rounds +.Lcbc_skip_ecopy: + mov $key,$keyp # save key pointer + + mov \$18,%ecx +.align 4 +.Lcbc_prefetch_te: + mov 0($sbox),%r10 + mov 32($sbox),%r11 + mov 64($sbox),%r12 + mov 96($sbox),%r13 + lea 128($sbox),$sbox + sub \$1,%ecx + jnz .Lcbc_prefetch_te + lea -2304($sbox),$sbox + + cmp \$0,%rbx + je .LFAST_DECRYPT + +#----------------------------- ENCRYPT -----------------------------# + mov 0(%rbp),$s0 # load iv + mov 4(%rbp),$s1 + mov 8(%rbp),$s2 + mov 12(%rbp),$s3 + +.align 4 +.Lcbc_fast_enc_loop: + xor 0($inp),$s0 + xor 4($inp),$s1 + xor 8($inp),$s2 + xor 12($inp),$s3 + mov $keyp,$key # restore key + mov $inp,$_inp # if ($verticalspin) save inp + + call _x86_64_AES_encrypt + + mov $_inp,$inp # if ($verticalspin) restore inp + mov $_len,%r10 + mov $s0,0($out) + mov $s1,4($out) + mov $s2,8($out) + mov $s3,12($out) + + lea 16($inp),$inp + lea 16($out),$out + sub \$16,%r10 + test \$-16,%r10 + mov %r10,$_len + jnz .Lcbc_fast_enc_loop + mov $_ivp,%rbp # restore ivp + mov $s0,0(%rbp) # save ivec + mov $s1,4(%rbp) + mov $s2,8(%rbp) + mov $s3,12(%rbp) + + jmp .Lcbc_fast_cleanup + +#----------------------------- DECRYPT -----------------------------# +.align 16 +.LFAST_DECRYPT: + cmp $inp,$out + je .Lcbc_fast_dec_in_place + + mov %rbp,$ivec +.align 4 +.Lcbc_fast_dec_loop: + mov 0($inp),$s0 # read input + mov 4($inp),$s1 + mov 8($inp),$s2 + mov 12($inp),$s3 + mov $keyp,$key # restore key + mov $inp,$_inp # if ($verticalspin) save inp + + call _x86_64_AES_decrypt + + mov $ivec,%rbp # load ivp + mov $_inp,$inp # if ($verticalspin) restore inp + mov $_len,%r10 # load len + xor 0(%rbp),$s0 # xor iv + xor 4(%rbp),$s1 + xor 8(%rbp),$s2 + xor 12(%rbp),$s3 + mov $inp,%rbp # current input, next iv + + sub \$16,%r10 + mov %r10,$_len # update len + mov %rbp,$ivec # update ivp + + mov $s0,0($out) # write output + mov $s1,4($out) + mov $s2,8($out) + mov $s3,12($out) + + lea 16($inp),$inp + lea 16($out),$out + jnz .Lcbc_fast_dec_loop + mov $_ivp,%r12 # load user ivp + mov 0(%rbp),%r10 # load iv + mov 8(%rbp),%r11 + mov %r10,0(%r12) # copy back to user + mov %r11,8(%r12) + jmp .Lcbc_fast_cleanup + +.align 16 +.Lcbc_fast_dec_in_place: + mov 0(%rbp),%r10 # copy iv to stack + mov 8(%rbp),%r11 + mov %r10,0+$ivec + mov %r11,8+$ivec +.align 4 +.Lcbc_fast_dec_in_place_loop: + mov 0($inp),$s0 # load input + mov 4($inp),$s1 + mov 8($inp),$s2 + mov 12($inp),$s3 + mov $keyp,$key # restore key + mov $inp,$_inp # if ($verticalspin) save inp + + call _x86_64_AES_decrypt + + mov $_inp,$inp # if ($verticalspin) restore inp + mov $_len,%r10 + xor 0+$ivec,$s0 + xor 4+$ivec,$s1 + xor 8+$ivec,$s2 + xor 12+$ivec,$s3 + + mov 0($inp),%r11 # load input + mov 8($inp),%r12 + sub \$16,%r10 + jz .Lcbc_fast_dec_in_place_done + + mov %r11,0+$ivec # copy input to iv + mov %r12,8+$ivec + + mov $s0,0($out) # save output [zaps input] + mov $s1,4($out) + mov $s2,8($out) + mov $s3,12($out) + + lea 16($inp),$inp + lea 16($out),$out + mov %r10,$_len + jmp .Lcbc_fast_dec_in_place_loop +.Lcbc_fast_dec_in_place_done: + mov $_ivp,%rdi + mov %r11,0(%rdi) # copy iv back to user + mov %r12,8(%rdi) + + mov $s0,0($out) # save output [zaps input] + mov $s1,4($out) + mov $s2,8($out) + mov $s3,12($out) + +.align 4 +.Lcbc_fast_cleanup: + cmpl \$0,$mark # was the key schedule copied? + lea $aes_key,%rdi + je .Lcbc_exit + mov \$240/8,%ecx + xor %rax,%rax + .long 0x90AB48F3 # rep stosq + + jmp .Lcbc_exit + +#--------------------------- SLOW ROUTINE ---------------------------# +.align 16 +.Lcbc_slow_prologue: + # allocate aligned stack frame... + lea -88(%rsp),%rbp + and \$-64,%rbp + # ... just "above" key schedule + lea -88-63(%rcx),%r10 + sub %rbp,%r10 + neg %r10 + and \$0x3c0,%r10 + sub %r10,%rbp + + xchg %rsp,%rbp + #add \$8,%rsp # reserve for return address! + mov %rbp,$_rsp # save %rsp +.Lcbc_slow_body: + #mov %rdi,$_inp # save copy of inp + #mov %rsi,$_out # save copy of out + #mov %rdx,$_len # save copy of len + #mov %rcx,$_key # save copy of key + mov %r8,$_ivp # save copy of ivp + mov %r8,%rbp # rearrange input arguments + mov %r9,%rbx + mov %rsi,$out + mov %rdi,$inp + mov %rcx,$key + mov %rdx,%r10 + + mov 240($key),%eax + mov $key,$keyp # save key pointer + shl \$4,%eax + lea ($key,%rax),%rax + mov %rax,$keyend + + # pick Te4 copy which can't "overlap" with stack frame or key schedule + lea 2048($sbox),$sbox + lea 768-8(%rsp),%rax + sub $sbox,%rax + and \$0x300,%rax + lea ($sbox,%rax),$sbox + + cmp \$0,%rbx + je .LSLOW_DECRYPT + +#--------------------------- SLOW ENCRYPT ---------------------------# + test \$-16,%r10 # check upon length + mov 0(%rbp),$s0 # load iv + mov 4(%rbp),$s1 + mov 8(%rbp),$s2 + mov 12(%rbp),$s3 + jz .Lcbc_slow_enc_tail # short input... + +.align 4 +.Lcbc_slow_enc_loop: + xor 0($inp),$s0 + xor 4($inp),$s1 + xor 8($inp),$s2 + xor 12($inp),$s3 + mov $keyp,$key # restore key + mov $inp,$_inp # save inp + mov $out,$_out # save out + mov %r10,$_len # save len + + call _x86_64_AES_encrypt_compact + + mov $_inp,$inp # restore inp + mov $_out,$out # restore out + mov $_len,%r10 # restore len + mov $s0,0($out) + mov $s1,4($out) + mov $s2,8($out) + mov $s3,12($out) + + lea 16($inp),$inp + lea 16($out),$out + sub \$16,%r10 + test \$-16,%r10 + jnz .Lcbc_slow_enc_loop + test \$15,%r10 + jnz .Lcbc_slow_enc_tail + mov $_ivp,%rbp # restore ivp + mov $s0,0(%rbp) # save ivec + mov $s1,4(%rbp) + mov $s2,8(%rbp) + mov $s3,12(%rbp) + + jmp .Lcbc_exit + +.align 4 +.Lcbc_slow_enc_tail: + mov %rax,%r11 + mov %rcx,%r12 + mov %r10,%rcx + mov $inp,%rsi + mov $out,%rdi + .long 0x9066A4F3 # rep movsb + mov \$16,%rcx # zero tail + sub %r10,%rcx + xor %rax,%rax + .long 0x9066AAF3 # rep stosb + mov $out,$inp # this is not a mistake! + mov \$16,%r10 # len=16 + mov %r11,%rax + mov %r12,%rcx + jmp .Lcbc_slow_enc_loop # one more spin... +#--------------------------- SLOW DECRYPT ---------------------------# +.align 16 +.LSLOW_DECRYPT: + shr \$3,%rax + add %rax,$sbox # recall "magic" constants! + + mov 0(%rbp),%r11 # copy iv to stack + mov 8(%rbp),%r12 + mov %r11,0+$ivec + mov %r12,8+$ivec + +.align 4 +.Lcbc_slow_dec_loop: + mov 0($inp),$s0 # load input + mov 4($inp),$s1 + mov 8($inp),$s2 + mov 12($inp),$s3 + mov $keyp,$key # restore key + mov $inp,$_inp # save inp + mov $out,$_out # save out + mov %r10,$_len # save len + + call _x86_64_AES_decrypt_compact + + mov $_inp,$inp # restore inp + mov $_out,$out # restore out + mov $_len,%r10 + xor 0+$ivec,$s0 + xor 4+$ivec,$s1 + xor 8+$ivec,$s2 + xor 12+$ivec,$s3 + + mov 0($inp),%r11 # load input + mov 8($inp),%r12 + sub \$16,%r10 + jc .Lcbc_slow_dec_partial + jz .Lcbc_slow_dec_done + + mov %r11,0+$ivec # copy input to iv + mov %r12,8+$ivec + + mov $s0,0($out) # save output [can zap input] + mov $s1,4($out) + mov $s2,8($out) + mov $s3,12($out) + + lea 16($inp),$inp + lea 16($out),$out + jmp .Lcbc_slow_dec_loop +.Lcbc_slow_dec_done: + mov $_ivp,%rdi + mov %r11,0(%rdi) # copy iv back to user + mov %r12,8(%rdi) + + mov $s0,0($out) # save output [can zap input] + mov $s1,4($out) + mov $s2,8($out) + mov $s3,12($out) + + jmp .Lcbc_exit + +.align 4 +.Lcbc_slow_dec_partial: + mov $_ivp,%rdi + mov %r11,0(%rdi) # copy iv back to user + mov %r12,8(%rdi) + + mov $s0,0+$ivec # save output to stack + mov $s1,4+$ivec + mov $s2,8+$ivec + mov $s3,12+$ivec + + mov $out,%rdi + lea $ivec,%rsi + lea 16(%r10),%rcx + .long 0x9066A4F3 # rep movsb + jmp .Lcbc_exit + +.align 16 +.Lcbc_exit: + mov $_rsp,%rsi + mov (%rsi),%r15 + mov 8(%rsi),%r14 + mov 16(%rsi),%r13 + mov 24(%rsi),%r12 + mov 32(%rsi),%rbp + mov 40(%rsi),%rbx + lea 48(%rsi),%rsp +.Lcbc_popfq: + popfq +.Lcbc_epilogue: + ret +.size AES_cbc_encrypt,.-AES_cbc_encrypt +___ +} + +$code.=<<___; +.align 64 +.LAES_Te: +___ + &_data_word(0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6); + &_data_word(0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591); + &_data_word(0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56); + &_data_word(0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec); + &_data_word(0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa); + &_data_word(0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb); + &_data_word(0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45); + &_data_word(0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b); + &_data_word(0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c); + &_data_word(0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83); + &_data_word(0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9); + &_data_word(0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a); + &_data_word(0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d); + &_data_word(0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f); + &_data_word(0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df); + &_data_word(0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea); + &_data_word(0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34); + &_data_word(0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b); + &_data_word(0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d); + &_data_word(0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413); + &_data_word(0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1); + &_data_word(0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6); + &_data_word(0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972); + &_data_word(0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85); + &_data_word(0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed); + &_data_word(0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511); + &_data_word(0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe); + &_data_word(0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b); + &_data_word(0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05); + &_data_word(0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1); + &_data_word(0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142); + &_data_word(0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf); + &_data_word(0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3); + &_data_word(0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e); + &_data_word(0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a); + &_data_word(0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6); + &_data_word(0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3); + &_data_word(0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b); + &_data_word(0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428); + &_data_word(0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad); + &_data_word(0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14); + &_data_word(0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8); + &_data_word(0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4); + &_data_word(0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2); + &_data_word(0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda); + &_data_word(0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949); + &_data_word(0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf); + &_data_word(0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810); + &_data_word(0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c); + &_data_word(0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697); + &_data_word(0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e); + &_data_word(0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f); + &_data_word(0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc); + &_data_word(0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c); + &_data_word(0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969); + &_data_word(0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27); + &_data_word(0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122); + &_data_word(0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433); + &_data_word(0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9); + &_data_word(0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5); + &_data_word(0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a); + &_data_word(0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0); + &_data_word(0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e); + &_data_word(0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c); + +#Te4 # four copies of Te4 to choose from to avoid L1 aliasing + &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5); + &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76); + &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0); + &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0); + &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc); + &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15); + &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a); + &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75); + &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0); + &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84); + &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b); + &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf); + &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85); + &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8); + &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5); + &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2); + &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17); + &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73); + &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88); + &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb); + &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c); + &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79); + &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9); + &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08); + &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6); + &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a); + &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e); + &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e); + &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94); + &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf); + &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68); + &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16); + + &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5); + &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76); + &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0); + &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0); + &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc); + &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15); + &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a); + &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75); + &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0); + &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84); + &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b); + &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf); + &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85); + &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8); + &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5); + &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2); + &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17); + &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73); + &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88); + &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb); + &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c); + &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79); + &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9); + &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08); + &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6); + &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a); + &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e); + &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e); + &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94); + &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf); + &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68); + &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16); + + &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5); + &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76); + &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0); + &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0); + &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc); + &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15); + &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a); + &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75); + &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0); + &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84); + &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b); + &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf); + &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85); + &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8); + &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5); + &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2); + &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17); + &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73); + &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88); + &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb); + &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c); + &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79); + &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9); + &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08); + &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6); + &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a); + &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e); + &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e); + &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94); + &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf); + &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68); + &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16); + + &data_byte(0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5); + &data_byte(0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76); + &data_byte(0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0); + &data_byte(0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0); + &data_byte(0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc); + &data_byte(0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15); + &data_byte(0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a); + &data_byte(0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75); + &data_byte(0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0); + &data_byte(0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84); + &data_byte(0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b); + &data_byte(0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf); + &data_byte(0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85); + &data_byte(0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8); + &data_byte(0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5); + &data_byte(0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2); + &data_byte(0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17); + &data_byte(0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73); + &data_byte(0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88); + &data_byte(0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb); + &data_byte(0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c); + &data_byte(0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79); + &data_byte(0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9); + &data_byte(0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08); + &data_byte(0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6); + &data_byte(0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a); + &data_byte(0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e); + &data_byte(0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e); + &data_byte(0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94); + &data_byte(0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf); + &data_byte(0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68); + &data_byte(0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16); +#rcon: +$code.=<<___; + .long 0x00000001, 0x00000002, 0x00000004, 0x00000008 + .long 0x00000010, 0x00000020, 0x00000040, 0x00000080 + .long 0x0000001b, 0x00000036, 0x80808080, 0x80808080 + .long 0xfefefefe, 0xfefefefe, 0x1b1b1b1b, 0x1b1b1b1b +___ +$code.=<<___; +.align 64 +.LAES_Td: +___ + &_data_word(0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a); + &_data_word(0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b); + &_data_word(0x55fa3020, 0xf66d76ad, 0x9176cc88, 0x254c02f5); + &_data_word(0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 0x8fa362b5); + &_data_word(0x495ab1de, 0x671bba25, 0x980eea45, 0xe1c0fe5d); + &_data_word(0x02752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b); + &_data_word(0xe75f8f03, 0x959c9215, 0xeb7a6dbf, 0xda595295); + &_data_word(0x2d83bed4, 0xd3217458, 0x2969e049, 0x44c8c98e); + &_data_word(0x6a89c275, 0x78798ef4, 0x6b3e5899, 0xdd71b927); + &_data_word(0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d); + &_data_word(0x184adf63, 0x82311ae5, 0x60335197, 0x457f5362); + &_data_word(0xe07764b1, 0x84ae6bbb, 0x1ca081fe, 0x942b08f9); + &_data_word(0x58684870, 0x19fd458f, 0x876cde94, 0xb7f87b52); + &_data_word(0x23d373ab, 0xe2024b72, 0x578f1fe3, 0x2aab5566); + &_data_word(0x0728ebb2, 0x03c2b52f, 0x9a7bc586, 0xa50837d3); + &_data_word(0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed); + &_data_word(0x2b1ccf8a, 0x92b479a7, 0xf0f207f3, 0xa1e2694e); + &_data_word(0xcdf4da65, 0xd5be0506, 0x1f6234d1, 0x8afea6c4); + &_data_word(0x9d532e34, 0xa055f3a2, 0x32e18a05, 0x75ebf6a4); + &_data_word(0x39ec830b, 0xaaef6040, 0x069f715e, 0x51106ebd); + &_data_word(0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d); + &_data_word(0xb58d5491, 0x055dc471, 0x6fd40604, 0xff155060); + &_data_word(0x24fb9819, 0x97e9bdd6, 0xcc434089, 0x779ed967); + &_data_word(0xbd42e8b0, 0x888b8907, 0x385b19e7, 0xdbeec879); + &_data_word(0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x00000000); + &_data_word(0x83868009, 0x48ed2b32, 0xac70111e, 0x4e725a6c); + &_data_word(0xfbff0efd, 0x5638850f, 0x1ed5ae3d, 0x27392d36); + &_data_word(0x64d90f0a, 0x21a65c68, 0xd1545b9b, 0x3a2e3624); + &_data_word(0xb1670a0c, 0x0fe75793, 0xd296eeb4, 0x9e919b1b); + &_data_word(0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c); + &_data_word(0x0aba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12); + &_data_word(0x0b0d090e, 0xadc78bf2, 0xb9a8b62d, 0xc8a91e14); + &_data_word(0x8519f157, 0x4c0775af, 0xbbdd99ee, 0xfd607fa3); + &_data_word(0x9f2601f7, 0xbcf5725c, 0xc53b6644, 0x347efb5b); + &_data_word(0x7629438b, 0xdcc623cb, 0x68fcedb6, 0x63f1e4b8); + &_data_word(0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684); + &_data_word(0x7d244a85, 0xf83dbbd2, 0x1132f9ae, 0x6da129c7); + &_data_word(0x4b2f9e1d, 0xf330b2dc, 0xec52860d, 0xd0e3c177); + &_data_word(0x6c16b32b, 0x99b970a9, 0xfa489411, 0x2264e947); + &_data_word(0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322); + &_data_word(0xc74e4987, 0xc1d138d9, 0xfea2ca8c, 0x360bd498); + &_data_word(0xcf81f5a6, 0x28de7aa5, 0x268eb7da, 0xa4bfad3f); + &_data_word(0xe49d3a2c, 0x0d927850, 0x9bcc5f6a, 0x62467e54); + &_data_word(0xc2138df6, 0xe8b8d890, 0x5ef7392e, 0xf5afc382); + &_data_word(0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf); + &_data_word(0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb); + &_data_word(0x097826cd, 0xf418596e, 0x01b79aec, 0xa89a4f83); + &_data_word(0x656e95e6, 0x7ee6ffaa, 0x08cfbc21, 0xe6e815ef); + &_data_word(0xd99be7ba, 0xce366f4a, 0xd4099fea, 0xd67cb029); + &_data_word(0xafb2a431, 0x31233f2a, 0x3094a5c6, 0xc066a235); + &_data_word(0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733); + &_data_word(0x4a9804f1, 0xf7daec41, 0x0e50cd7f, 0x2ff69117); + &_data_word(0x8dd64d76, 0x4db0ef43, 0x544daacc, 0xdf0496e4); + &_data_word(0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 0x7f516546); + &_data_word(0x04ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb); + &_data_word(0x5a1d67b3, 0x52d2db92, 0x335610e9, 0x1347d66d); + &_data_word(0x8c61d79a, 0x7a0ca137, 0x8e14f859, 0x893c13eb); + &_data_word(0xee27a9ce, 0x35c961b7, 0xede51ce1, 0x3cb1477a); + &_data_word(0x59dfd29c, 0x3f73f255, 0x79ce1418, 0xbf37c773); + &_data_word(0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478); + &_data_word(0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2); + &_data_word(0x72c31d16, 0x0c25e2bc, 0x8b493c28, 0x41950dff); + &_data_word(0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664); + &_data_word(0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0); + +#Td4: # four copies of Td4 to choose from to avoid L1 aliasing + &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38); + &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb); + &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87); + &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb); + &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d); + &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e); + &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2); + &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25); + &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16); + &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92); + &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda); + &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84); + &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a); + &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06); + &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02); + &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b); + &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea); + &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73); + &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85); + &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e); + &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89); + &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b); + &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20); + &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4); + &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31); + &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f); + &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d); + &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef); + &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0); + &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61); + &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26); + &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d); +$code.=<<___; + .long 0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe + .long 0x1b1b1b1b, 0x1b1b1b1b, 0, 0 +___ + &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38); + &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb); + &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87); + &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb); + &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d); + &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e); + &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2); + &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25); + &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16); + &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92); + &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda); + &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84); + &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a); + &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06); + &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02); + &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b); + &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea); + &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73); + &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85); + &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e); + &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89); + &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b); + &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20); + &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4); + &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31); + &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f); + &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d); + &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef); + &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0); + &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61); + &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26); + &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d); +$code.=<<___; + .long 0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe + .long 0x1b1b1b1b, 0x1b1b1b1b, 0, 0 +___ + &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38); + &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb); + &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87); + &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb); + &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d); + &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e); + &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2); + &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25); + &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16); + &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92); + &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda); + &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84); + &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a); + &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06); + &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02); + &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b); + &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea); + &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73); + &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85); + &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e); + &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89); + &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b); + &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20); + &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4); + &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31); + &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f); + &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d); + &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef); + &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0); + &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61); + &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26); + &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d); +$code.=<<___; + .long 0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe + .long 0x1b1b1b1b, 0x1b1b1b1b, 0, 0 +___ + &data_byte(0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38); + &data_byte(0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb); + &data_byte(0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87); + &data_byte(0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb); + &data_byte(0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d); + &data_byte(0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e); + &data_byte(0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2); + &data_byte(0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25); + &data_byte(0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16); + &data_byte(0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92); + &data_byte(0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda); + &data_byte(0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84); + &data_byte(0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a); + &data_byte(0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06); + &data_byte(0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02); + &data_byte(0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b); + &data_byte(0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea); + &data_byte(0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73); + &data_byte(0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85); + &data_byte(0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e); + &data_byte(0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89); + &data_byte(0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b); + &data_byte(0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20); + &data_byte(0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4); + &data_byte(0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31); + &data_byte(0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f); + &data_byte(0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d); + &data_byte(0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef); + &data_byte(0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0); + &data_byte(0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61); + &data_byte(0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26); + &data_byte(0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d); +$code.=<<___; + .long 0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe + .long 0x1b1b1b1b, 0x1b1b1b1b, 0, 0 +.asciz "AES for x86_64, CRYPTOGAMS by " +.align 64 +___ + +# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, +# CONTEXT *context,DISPATCHER_CONTEXT *disp) +if ($win64) { +$rec="%rcx"; +$frame="%rdx"; +$context="%r8"; +$disp="%r9"; + +$code.=<<___; +.extern __imp_RtlVirtualUnwind +.type block_se_handler,\@abi-omnipotent +.align 16 +block_se_handler: + push %rsi + push %rdi + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + pushfq + sub \$64,%rsp + + mov 120($context),%rax # pull context->Rax + mov 248($context),%rbx # pull context->Rip + + mov 8($disp),%rsi # disp->ImageBase + mov 56($disp),%r11 # disp->HandlerData + + mov 0(%r11),%r10d # HandlerData[0] + lea (%rsi,%r10),%r10 # prologue label + cmp %r10,%rbx # context->RipRsp + + mov 4(%r11),%r10d # HandlerData[1] + lea (%rsi,%r10),%r10 # epilogue label + cmp %r10,%rbx # context->Rip>=epilogue label + jae .Lin_block_prologue + + mov 24(%rax),%rax # pull saved real stack pointer + lea 48(%rax),%rax # adjust... + + mov -8(%rax),%rbx + mov -16(%rax),%rbp + mov -24(%rax),%r12 + mov -32(%rax),%r13 + mov -40(%rax),%r14 + mov -48(%rax),%r15 + mov %rbx,144($context) # restore context->Rbx + mov %rbp,160($context) # restore context->Rbp + mov %r12,216($context) # restore context->R12 + mov %r13,224($context) # restore context->R13 + mov %r14,232($context) # restore context->R14 + mov %r15,240($context) # restore context->R15 + +.Lin_block_prologue: + mov 8(%rax),%rdi + mov 16(%rax),%rsi + mov %rax,152($context) # restore context->Rsp + mov %rsi,168($context) # restore context->Rsi + mov %rdi,176($context) # restore context->Rdi + + jmp .Lcommon_seh_exit +.size block_se_handler,.-block_se_handler + +.type key_se_handler,\@abi-omnipotent +.align 16 +key_se_handler: + push %rsi + push %rdi + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + pushfq + sub \$64,%rsp + + mov 120($context),%rax # pull context->Rax + mov 248($context),%rbx # pull context->Rip + + mov 8($disp),%rsi # disp->ImageBase + mov 56($disp),%r11 # disp->HandlerData + + mov 0(%r11),%r10d # HandlerData[0] + lea (%rsi,%r10),%r10 # prologue label + cmp %r10,%rbx # context->RipRsp + + mov 4(%r11),%r10d # HandlerData[1] + lea (%rsi,%r10),%r10 # epilogue label + cmp %r10,%rbx # context->Rip>=epilogue label + jae .Lin_key_prologue + + lea 56(%rax),%rax + + mov -8(%rax),%rbx + mov -16(%rax),%rbp + mov -24(%rax),%r12 + mov -32(%rax),%r13 + mov -40(%rax),%r14 + mov -48(%rax),%r15 + mov %rbx,144($context) # restore context->Rbx + mov %rbp,160($context) # restore context->Rbp + mov %r12,216($context) # restore context->R12 + mov %r13,224($context) # restore context->R13 + mov %r14,232($context) # restore context->R14 + mov %r15,240($context) # restore context->R15 + +.Lin_key_prologue: + mov 8(%rax),%rdi + mov 16(%rax),%rsi + mov %rax,152($context) # restore context->Rsp + mov %rsi,168($context) # restore context->Rsi + mov %rdi,176($context) # restore context->Rdi + + jmp .Lcommon_seh_exit +.size key_se_handler,.-key_se_handler + +.type cbc_se_handler,\@abi-omnipotent +.align 16 +cbc_se_handler: + push %rsi + push %rdi + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + pushfq + sub \$64,%rsp + + mov 120($context),%rax # pull context->Rax + mov 248($context),%rbx # pull context->Rip + + lea .Lcbc_prologue(%rip),%r10 + cmp %r10,%rbx # context->Rip<.Lcbc_prologue + jb .Lin_cbc_prologue + + lea .Lcbc_fast_body(%rip),%r10 + cmp %r10,%rbx # context->Rip<.Lcbc_fast_body + jb .Lin_cbc_frame_setup + + lea .Lcbc_slow_prologue(%rip),%r10 + cmp %r10,%rbx # context->Rip<.Lcbc_slow_prologue + jb .Lin_cbc_body + + lea .Lcbc_slow_body(%rip),%r10 + cmp %r10,%rbx # context->Rip<.Lcbc_slow_body + jb .Lin_cbc_frame_setup + +.Lin_cbc_body: + mov 152($context),%rax # pull context->Rsp + + lea .Lcbc_epilogue(%rip),%r10 + cmp %r10,%rbx # context->Rip>=.Lcbc_epilogue + jae .Lin_cbc_prologue + + lea 8(%rax),%rax + + lea .Lcbc_popfq(%rip),%r10 + cmp %r10,%rbx # context->Rip>=.Lcbc_popfq + jae .Lin_cbc_prologue + + mov `16-8`(%rax),%rax # biased $_rsp + lea 56(%rax),%rax + +.Lin_cbc_frame_setup: + mov -16(%rax),%rbx + mov -24(%rax),%rbp + mov -32(%rax),%r12 + mov -40(%rax),%r13 + mov -48(%rax),%r14 + mov -56(%rax),%r15 + mov %rbx,144($context) # restore context->Rbx + mov %rbp,160($context) # restore context->Rbp + mov %r12,216($context) # restore context->R12 + mov %r13,224($context) # restore context->R13 + mov %r14,232($context) # restore context->R14 + mov %r15,240($context) # restore context->R15 + +.Lin_cbc_prologue: + mov 8(%rax),%rdi + mov 16(%rax),%rsi + mov %rax,152($context) # restore context->Rsp + mov %rsi,168($context) # restore context->Rsi + mov %rdi,176($context) # restore context->Rdi + +.Lcommon_seh_exit: + + mov 40($disp),%rdi # disp->ContextRecord + mov $context,%rsi # context + mov \$`1232/8`,%ecx # sizeof(CONTEXT) + .long 0xa548f3fc # cld; rep movsq + + mov $disp,%rsi + xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER + mov 8(%rsi),%rdx # arg2, disp->ImageBase + mov 0(%rsi),%r8 # arg3, disp->ControlPc + mov 16(%rsi),%r9 # arg4, disp->FunctionEntry + mov 40(%rsi),%r10 # disp->ContextRecord + lea 56(%rsi),%r11 # &disp->HandlerData + lea 24(%rsi),%r12 # &disp->EstablisherFrame + mov %r10,32(%rsp) # arg5 + mov %r11,40(%rsp) # arg6 + mov %r12,48(%rsp) # arg7 + mov %rcx,56(%rsp) # arg8, (NULL) + call *__imp_RtlVirtualUnwind(%rip) + + mov \$1,%eax # ExceptionContinueSearch + add \$64,%rsp + popfq + pop %r15 + pop %r14 + pop %r13 + pop %r12 + pop %rbp + pop %rbx + pop %rdi + pop %rsi + ret +.size cbc_se_handler,.-cbc_se_handler + +.section .pdata +.align 4 + .rva .LSEH_begin_AES_encrypt + .rva .LSEH_end_AES_encrypt + .rva .LSEH_info_AES_encrypt + + .rva .LSEH_begin_AES_decrypt + .rva .LSEH_end_AES_decrypt + .rva .LSEH_info_AES_decrypt + + .rva .LSEH_begin_AES_set_encrypt_key + .rva .LSEH_end_AES_set_encrypt_key + .rva .LSEH_info_AES_set_encrypt_key + + .rva .LSEH_begin_AES_set_decrypt_key + .rva .LSEH_end_AES_set_decrypt_key + .rva .LSEH_info_AES_set_decrypt_key + + .rva .LSEH_begin_AES_cbc_encrypt + .rva .LSEH_end_AES_cbc_encrypt + .rva .LSEH_info_AES_cbc_encrypt + +.section .xdata +.align 8 +.LSEH_info_AES_encrypt: + .byte 9,0,0,0 + .rva block_se_handler + .rva .Lenc_prologue,.Lenc_epilogue # HandlerData[] +.LSEH_info_AES_decrypt: + .byte 9,0,0,0 + .rva block_se_handler + .rva .Ldec_prologue,.Ldec_epilogue # HandlerData[] +.LSEH_info_AES_set_encrypt_key: + .byte 9,0,0,0 + .rva key_se_handler + .rva .Lenc_key_prologue,.Lenc_key_epilogue # HandlerData[] +.LSEH_info_AES_set_decrypt_key: + .byte 9,0,0,0 + .rva key_se_handler + .rva .Ldec_key_prologue,.Ldec_key_epilogue # HandlerData[] +.LSEH_info_AES_cbc_encrypt: + .byte 9,0,0,0 + .rva cbc_se_handler +___ +} + +$code =~ s/\`([^\`]*)\`/eval($1)/gem; + +print "#include \"x86_arch.h\"\n"; +print $code; + +close STDOUT; diff --git a/src/lib/libcrypto/aes/asm/aesni-sha1-x86_64.pl b/src/lib/libcrypto/aes/asm/aesni-sha1-x86_64.pl new file mode 100644 index 00000000000..bc6c8f3fc08 --- /dev/null +++ b/src/lib/libcrypto/aes/asm/aesni-sha1-x86_64.pl @@ -0,0 +1,1233 @@ +#!/usr/bin/env perl +# +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== +# +# June 2011 +# +# This is AESNI-CBC+SHA1 "stitch" implementation. The idea, as spelled +# in http://download.intel.com/design/intarch/papers/323686.pdf, is +# that since AESNI-CBC encrypt exhibit *very* low instruction-level +# parallelism, interleaving it with another algorithm would allow to +# utilize processor resources better and achieve better performance. +# SHA1 instruction sequences(*) are taken from sha1-x86_64.pl and +# AESNI code is weaved into it. Below are performance numbers in +# cycles per processed byte, less is better, for standalone AESNI-CBC +# encrypt, sum of the latter and standalone SHA1, and "stitched" +# subroutine: +# +# AES-128-CBC +SHA1 stitch gain +# Westmere 3.77[+5.6] 9.37 6.65 +41% +# Sandy Bridge 5.05[+5.2(6.3)] 10.25(11.35) 6.16(7.08) +67%(+60%) +# +# AES-192-CBC +# Westmere 4.51 10.11 6.97 +45% +# Sandy Bridge 6.05 11.25(12.35) 6.34(7.27) +77%(+70%) +# +# AES-256-CBC +# Westmere 5.25 10.85 7.25 +50% +# Sandy Bridge 7.05 12.25(13.35) 7.06(7.70) +74%(+73%) +# +# (*) There are two code paths: SSSE3 and AVX. See sha1-568.pl for +# background information. Above numbers in parentheses are SSSE3 +# results collected on AVX-capable CPU, i.e. apply on OSes that +# don't support AVX. +# +# Needless to mention that it makes no sense to implement "stitched" +# *decrypt* subroutine. Because *both* AESNI-CBC decrypt and SHA1 +# fully utilize parallelism, so stitching would not give any gain +# anyway. Well, there might be some, e.g. because of better cache +# locality... For reference, here are performance results for +# standalone AESNI-CBC decrypt: +# +# AES-128-CBC AES-192-CBC AES-256-CBC +# Westmere 1.31 1.55 1.80 +# Sandy Bridge 0.93 1.06 1.22 + +$flavour = shift; +$output = shift; +if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } + +$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or +die "can't locate x86_64-xlate.pl"; + +$avx=1 if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` + =~ /GNU assembler version ([2-9]\.[0-9]+)/ && + $1>=2.19); +$avx=1 if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) && + `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/ && + $1>=2.09); +$avx=1 if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && + `ml64 2>&1` =~ /Version ([0-9]+)\./ && + $1>=10); + +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; + +# void aesni_cbc_sha1_enc(const void *inp, +# void *out, +# size_t length, +# const AES_KEY *key, +# unsigned char *iv, +# SHA_CTX *ctx, +# const void *in0); + +$code.=<<___; +.text +.extern OPENSSL_ia32cap_P +.hidden OPENSSL_ia32cap_P + +.globl aesni_cbc_sha1_enc +.type aesni_cbc_sha1_enc,\@abi-omnipotent +.align 16 +aesni_cbc_sha1_enc: + # caller should check for SSSE3 and AES-NI bits + mov OPENSSL_ia32cap_P+0(%rip),%r10d + mov OPENSSL_ia32cap_P+4(%rip),%r11d +___ +$code.=<<___ if ($avx); + and \$IA32CAP_MASK1_AVX,%r11d # mask AVX bit + and \$IA32CAP_MASK0_INTEL,%r10d # mask "Intel CPU" bit + or %r11d,%r10d + cmp \$(IA32CAP_MASK1_AVX|IA32CAP_MASK0_INTEL),%r10d + je aesni_cbc_sha1_enc_avx +___ +$code.=<<___; + jmp aesni_cbc_sha1_enc_ssse3 + ret +.size aesni_cbc_sha1_enc,.-aesni_cbc_sha1_enc +___ + +my ($in0,$out,$len,$key,$ivp,$ctx,$inp)=("%rdi","%rsi","%rdx","%rcx","%r8","%r9","%r10"); + +my $Xi=4; +my @X=map("%xmm$_",(4..7,0..3)); +my @Tx=map("%xmm$_",(8..10)); +my @V=($A,$B,$C,$D,$E)=("%eax","%ebx","%ecx","%edx","%ebp"); # size optimization +my @T=("%esi","%edi"); +my $j=0; my $jj=0; my $r=0; my $sn=0; +my $K_XX_XX="%r11"; +my ($iv,$in,$rndkey0)=map("%xmm$_",(11..13)); +my @rndkey=("%xmm14","%xmm15"); + +sub AUTOLOAD() # thunk [simplified] 32-bit style perlasm +{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://; + my $arg = pop; + $arg = "\$$arg" if ($arg*1 eq $arg); + $code .= "\t$opcode\t".join(',',$arg,reverse @_)."\n"; +} + +my $_rol=sub { &rol(@_) }; +my $_ror=sub { &ror(@_) }; + +$code.=<<___; +.type aesni_cbc_sha1_enc_ssse3,\@function,6 +.align 16 +aesni_cbc_sha1_enc_ssse3: + mov `($win64?56:8)`(%rsp),$inp # load 7th argument + #shr \$6,$len # debugging artefact + #jz .Lepilogue_ssse3 # debugging artefact + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + lea `-104-($win64?10*16:0)`(%rsp),%rsp + #mov $in0,$inp # debugging artefact + #lea 64(%rsp),$ctx # debugging artefact +___ +$code.=<<___ if ($win64); + movaps %xmm6,96+0(%rsp) + movaps %xmm7,96+16(%rsp) + movaps %xmm8,96+32(%rsp) + movaps %xmm9,96+48(%rsp) + movaps %xmm10,96+64(%rsp) + movaps %xmm11,96+80(%rsp) + movaps %xmm12,96+96(%rsp) + movaps %xmm13,96+112(%rsp) + movaps %xmm14,96+128(%rsp) + movaps %xmm15,96+144(%rsp) +.Lprologue_ssse3: +___ +$code.=<<___; + mov $in0,%r12 # reassign arguments + mov $out,%r13 + mov $len,%r14 + mov $key,%r15 + movdqu ($ivp),$iv # load IV + mov $ivp,88(%rsp) # save $ivp +___ +my ($in0,$out,$len,$key)=map("%r$_",(12..15)); # reassign arguments +my $rounds="${ivp}d"; +$code.=<<___; + shl \$6,$len + sub $in0,$out + mov 240($key),$rounds + add $inp,$len # end of input + + lea K_XX_XX(%rip),$K_XX_XX + mov 0($ctx),$A # load context + mov 4($ctx),$B + mov 8($ctx),$C + mov 12($ctx),$D + mov $B,@T[0] # magic seed + mov 16($ctx),$E + + movdqa 64($K_XX_XX),@X[2] # pbswap mask + movdqa 0($K_XX_XX),@Tx[1] # K_00_19 + movdqu 0($inp),@X[-4&7] # load input to %xmm[0-3] + movdqu 16($inp),@X[-3&7] + movdqu 32($inp),@X[-2&7] + movdqu 48($inp),@X[-1&7] + pshufb @X[2],@X[-4&7] # byte swap + add \$64,$inp + pshufb @X[2],@X[-3&7] + pshufb @X[2],@X[-2&7] + pshufb @X[2],@X[-1&7] + paddd @Tx[1],@X[-4&7] # add K_00_19 + paddd @Tx[1],@X[-3&7] + paddd @Tx[1],@X[-2&7] + movdqa @X[-4&7],0(%rsp) # X[]+K xfer to IALU + psubd @Tx[1],@X[-4&7] # restore X[] + movdqa @X[-3&7],16(%rsp) + psubd @Tx[1],@X[-3&7] + movdqa @X[-2&7],32(%rsp) + psubd @Tx[1],@X[-2&7] + movups ($key),$rndkey0 # $key[0] + movups 16($key),$rndkey[0] # forward reference + jmp .Loop_ssse3 +___ + +my $aesenc=sub { + use integer; + my ($n,$k)=($r/10,$r%10); + if ($k==0) { + $code.=<<___; + movups `16*$n`($in0),$in # load input + xorps $rndkey0,$in +___ + $code.=<<___ if ($n); + movups $iv,`16*($n-1)`($out,$in0) # write output +___ + $code.=<<___; + xorps $in,$iv + aesenc $rndkey[0],$iv + movups `32+16*$k`($key),$rndkey[1] +___ + } elsif ($k==9) { + $sn++; + $code.=<<___; + cmp \$11,$rounds + jb .Laesenclast$sn + movups `32+16*($k+0)`($key),$rndkey[1] + aesenc $rndkey[0],$iv + movups `32+16*($k+1)`($key),$rndkey[0] + aesenc $rndkey[1],$iv + je .Laesenclast$sn + movups `32+16*($k+2)`($key),$rndkey[1] + aesenc $rndkey[0],$iv + movups `32+16*($k+3)`($key),$rndkey[0] + aesenc $rndkey[1],$iv +.Laesenclast$sn: + aesenclast $rndkey[0],$iv + movups 16($key),$rndkey[1] # forward reference +___ + } else { + $code.=<<___; + aesenc $rndkey[0],$iv + movups `32+16*$k`($key),$rndkey[1] +___ + } + $r++; unshift(@rndkey,pop(@rndkey)); +}; + +sub Xupdate_ssse3_16_31() # recall that $Xi starts wtih 4 +{ use integer; + my $body = shift; + my @insns = (&$body,&$body,&$body,&$body); # 40 instructions + my ($a,$b,$c,$d,$e); + + &movdqa (@X[0],@X[-3&7]); + eval(shift(@insns)); + eval(shift(@insns)); + &movdqa (@Tx[0],@X[-1&7]); + &palignr(@X[0],@X[-4&7],8); # compose "X[-14]" in "X[0]" + eval(shift(@insns)); + eval(shift(@insns)); + + &paddd (@Tx[1],@X[-1&7]); + eval(shift(@insns)); + eval(shift(@insns)); + &psrldq (@Tx[0],4); # "X[-3]", 3 dwords + eval(shift(@insns)); + eval(shift(@insns)); + &pxor (@X[0],@X[-4&7]); # "X[0]"^="X[-16]" + eval(shift(@insns)); + eval(shift(@insns)); + + &pxor (@Tx[0],@X[-2&7]); # "X[-3]"^"X[-8]" + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + + &pxor (@X[0],@Tx[0]); # "X[0]"^="X[-3]"^"X[-8]" + eval(shift(@insns)); + eval(shift(@insns)); + &movdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer to IALU + eval(shift(@insns)); + eval(shift(@insns)); + + &movdqa (@Tx[2],@X[0]); + &movdqa (@Tx[0],@X[0]); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + + &pslldq (@Tx[2],12); # "X[0]"<<96, extract one dword + &paddd (@X[0],@X[0]); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + + &psrld (@Tx[0],31); + eval(shift(@insns)); + eval(shift(@insns)); + &movdqa (@Tx[1],@Tx[2]); + eval(shift(@insns)); + eval(shift(@insns)); + + &psrld (@Tx[2],30); + &por (@X[0],@Tx[0]); # "X[0]"<<<=1 + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + + &pslld (@Tx[1],2); + &pxor (@X[0],@Tx[2]); + eval(shift(@insns)); + eval(shift(@insns)); + &movdqa (@Tx[2],eval(16*(($Xi)/5))."($K_XX_XX)"); # K_XX_XX + eval(shift(@insns)); + eval(shift(@insns)); + + &pxor (@X[0],@Tx[1]); # "X[0]"^=("X[0]">>96)<<<2 + + foreach (@insns) { eval; } # remaining instructions [if any] + + $Xi++; push(@X,shift(@X)); # "rotate" X[] + push(@Tx,shift(@Tx)); +} + +sub Xupdate_ssse3_32_79() +{ use integer; + my $body = shift; + my @insns = (&$body,&$body,&$body,&$body); # 32 to 48 instructions + my ($a,$b,$c,$d,$e); + + &movdqa (@Tx[0],@X[-1&7]) if ($Xi==8); + eval(shift(@insns)); # body_20_39 + &pxor (@X[0],@X[-4&7]); # "X[0]"="X[-32]"^"X[-16]" + &palignr(@Tx[0],@X[-2&7],8); # compose "X[-6]" + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); # rol + + &pxor (@X[0],@X[-7&7]); # "X[0]"^="X[-28]" + eval(shift(@insns)); + eval(shift(@insns)) if (@insns[0] !~ /&ro[rl]/); + if ($Xi%5) { + &movdqa (@Tx[2],@Tx[1]);# "perpetuate" K_XX_XX... + } else { # ... or load next one + &movdqa (@Tx[2],eval(16*($Xi/5))."($K_XX_XX)"); + } + &paddd (@Tx[1],@X[-1&7]); + eval(shift(@insns)); # ror + eval(shift(@insns)); + + &pxor (@X[0],@Tx[0]); # "X[0]"^="X[-6]" + eval(shift(@insns)); # body_20_39 + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); # rol + + &movdqa (@Tx[0],@X[0]); + &movdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer to IALU + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); # ror + eval(shift(@insns)); + + &pslld (@X[0],2); + eval(shift(@insns)); # body_20_39 + eval(shift(@insns)); + &psrld (@Tx[0],30); + eval(shift(@insns)); + eval(shift(@insns)); # rol + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); # ror + eval(shift(@insns)); + + &por (@X[0],@Tx[0]); # "X[0]"<<<=2 + eval(shift(@insns)); # body_20_39 + eval(shift(@insns)); + &movdqa (@Tx[1],@X[0]) if ($Xi<19); + eval(shift(@insns)); + eval(shift(@insns)); # rol + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); # rol + eval(shift(@insns)); + + foreach (@insns) { eval; } # remaining instructions + + $Xi++; push(@X,shift(@X)); # "rotate" X[] + push(@Tx,shift(@Tx)); +} + +sub Xuplast_ssse3_80() +{ use integer; + my $body = shift; + my @insns = (&$body,&$body,&$body,&$body); # 32 instructions + my ($a,$b,$c,$d,$e); + + eval(shift(@insns)); + &paddd (@Tx[1],@X[-1&7]); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + + &movdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer IALU + + foreach (@insns) { eval; } # remaining instructions + + &cmp ($inp,$len); + &je (".Ldone_ssse3"); + + unshift(@Tx,pop(@Tx)); + + &movdqa (@X[2],"64($K_XX_XX)"); # pbswap mask + &movdqa (@Tx[1],"0($K_XX_XX)"); # K_00_19 + &movdqu (@X[-4&7],"0($inp)"); # load input + &movdqu (@X[-3&7],"16($inp)"); + &movdqu (@X[-2&7],"32($inp)"); + &movdqu (@X[-1&7],"48($inp)"); + &pshufb (@X[-4&7],@X[2]); # byte swap + &add ($inp,64); + + $Xi=0; +} + +sub Xloop_ssse3() +{ use integer; + my $body = shift; + my @insns = (&$body,&$body,&$body,&$body); # 32 instructions + my ($a,$b,$c,$d,$e); + + eval(shift(@insns)); + eval(shift(@insns)); + &pshufb (@X[($Xi-3)&7],@X[2]); + eval(shift(@insns)); + eval(shift(@insns)); + &paddd (@X[($Xi-4)&7],@Tx[1]); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + &movdqa (eval(16*$Xi)."(%rsp)",@X[($Xi-4)&7]); # X[]+K xfer to IALU + eval(shift(@insns)); + eval(shift(@insns)); + &psubd (@X[($Xi-4)&7],@Tx[1]); + + foreach (@insns) { eval; } + $Xi++; +} + +sub Xtail_ssse3() +{ use integer; + my $body = shift; + my @insns = (&$body,&$body,&$body,&$body); # 32 instructions + my ($a,$b,$c,$d,$e); + + foreach (@insns) { eval; } +} + +sub body_00_19 () { + use integer; + my ($k,$n); + my @r=( + '($a,$b,$c,$d,$e)=@V;'. + '&add ($e,eval(4*($j&15))."(%rsp)");', # X[]+K xfer + '&xor ($c,$d);', + '&mov (@T[1],$a);', # $b in next round + '&$_rol ($a,5);', + '&and (@T[0],$c);', # ($b&($c^$d)) + '&xor ($c,$d);', # restore $c + '&xor (@T[0],$d);', + '&add ($e,$a);', + '&$_ror ($b,$j?7:2);', # $b>>>2 + '&add ($e,@T[0]);' .'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));' + ); + $n = scalar(@r); + $k = (($jj+1)*12/20)*20*$n/12; # 12 aesencs per these 20 rounds + @r[$k%$n].='&$aesenc();' if ($jj==$k/$n); + $jj++; + return @r; +} + +sub body_20_39 () { + use integer; + my ($k,$n); + my @r=( + '($a,$b,$c,$d,$e)=@V;'. + '&add ($e,eval(4*($j++&15))."(%rsp)");', # X[]+K xfer + '&xor (@T[0],$d);', # ($b^$d) + '&mov (@T[1],$a);', # $b in next round + '&$_rol ($a,5);', + '&xor (@T[0],$c);', # ($b^$d^$c) + '&add ($e,$a);', + '&$_ror ($b,7);', # $b>>>2 + '&add ($e,@T[0]);' .'unshift(@V,pop(@V)); unshift(@T,pop(@T));' + ); + $n = scalar(@r); + $k = (($jj+1)*8/20)*20*$n/8; # 8 aesencs per these 20 rounds + @r[$k%$n].='&$aesenc();' if ($jj==$k/$n); + $jj++; + return @r; +} + +sub body_40_59 () { + use integer; + my ($k,$n); + my @r=( + '($a,$b,$c,$d,$e)=@V;'. + '&mov (@T[1],$c);', + '&xor ($c,$d);', + '&add ($e,eval(4*($j++&15))."(%rsp)");', # X[]+K xfer + '&and (@T[1],$d);', + '&and (@T[0],$c);', # ($b&($c^$d)) + '&$_ror ($b,7);', # $b>>>2 + '&add ($e,@T[1]);', + '&mov (@T[1],$a);', # $b in next round + '&$_rol ($a,5);', + '&add ($e,@T[0]);', + '&xor ($c,$d);', # restore $c + '&add ($e,$a);' .'unshift(@V,pop(@V)); unshift(@T,pop(@T));' + ); + $n = scalar(@r); + $k=(($jj+1)*12/20)*20*$n/12; # 12 aesencs per these 20 rounds + @r[$k%$n].='&$aesenc();' if ($jj==$k/$n); + $jj++; + return @r; +} +$code.=<<___; +.align 16 +.Loop_ssse3: +___ + &Xupdate_ssse3_16_31(\&body_00_19); + &Xupdate_ssse3_16_31(\&body_00_19); + &Xupdate_ssse3_16_31(\&body_00_19); + &Xupdate_ssse3_16_31(\&body_00_19); + &Xupdate_ssse3_32_79(\&body_00_19); + &Xupdate_ssse3_32_79(\&body_20_39); + &Xupdate_ssse3_32_79(\&body_20_39); + &Xupdate_ssse3_32_79(\&body_20_39); + &Xupdate_ssse3_32_79(\&body_20_39); + &Xupdate_ssse3_32_79(\&body_20_39); + &Xupdate_ssse3_32_79(\&body_40_59); + &Xupdate_ssse3_32_79(\&body_40_59); + &Xupdate_ssse3_32_79(\&body_40_59); + &Xupdate_ssse3_32_79(\&body_40_59); + &Xupdate_ssse3_32_79(\&body_40_59); + &Xupdate_ssse3_32_79(\&body_20_39); + &Xuplast_ssse3_80(\&body_20_39); # can jump to "done" + + $saved_j=$j; @saved_V=@V; + $saved_r=$r; @saved_rndkey=@rndkey; + + &Xloop_ssse3(\&body_20_39); + &Xloop_ssse3(\&body_20_39); + &Xloop_ssse3(\&body_20_39); + +$code.=<<___; + movups $iv,48($out,$in0) # write output + lea 64($in0),$in0 + + add 0($ctx),$A # update context + add 4($ctx),@T[0] + add 8($ctx),$C + add 12($ctx),$D + mov $A,0($ctx) + add 16($ctx),$E + mov @T[0],4($ctx) + mov @T[0],$B # magic seed + mov $C,8($ctx) + mov $D,12($ctx) + mov $E,16($ctx) + jmp .Loop_ssse3 + +.align 16 +.Ldone_ssse3: +___ + $jj=$j=$saved_j; @V=@saved_V; + $r=$saved_r; @rndkey=@saved_rndkey; + + &Xtail_ssse3(\&body_20_39); + &Xtail_ssse3(\&body_20_39); + &Xtail_ssse3(\&body_20_39); + +$code.=<<___; + movups $iv,48($out,$in0) # write output + mov 88(%rsp),$ivp # restore $ivp + + add 0($ctx),$A # update context + add 4($ctx),@T[0] + add 8($ctx),$C + mov $A,0($ctx) + add 12($ctx),$D + mov @T[0],4($ctx) + add 16($ctx),$E + mov $C,8($ctx) + mov $D,12($ctx) + mov $E,16($ctx) + movups $iv,($ivp) # write IV +___ +$code.=<<___ if ($win64); + movaps 96+0(%rsp),%xmm6 + movaps 96+16(%rsp),%xmm7 + movaps 96+32(%rsp),%xmm8 + movaps 96+48(%rsp),%xmm9 + movaps 96+64(%rsp),%xmm10 + movaps 96+80(%rsp),%xmm11 + movaps 96+96(%rsp),%xmm12 + movaps 96+112(%rsp),%xmm13 + movaps 96+128(%rsp),%xmm14 + movaps 96+144(%rsp),%xmm15 +___ +$code.=<<___; + lea `104+($win64?10*16:0)`(%rsp),%rsi + mov 0(%rsi),%r15 + mov 8(%rsi),%r14 + mov 16(%rsi),%r13 + mov 24(%rsi),%r12 + mov 32(%rsi),%rbp + mov 40(%rsi),%rbx + lea 48(%rsi),%rsp +.Lepilogue_ssse3: + ret +.size aesni_cbc_sha1_enc_ssse3,.-aesni_cbc_sha1_enc_ssse3 +___ + +$j=$jj=$r=$sn=0; + +if ($avx) { +my ($in0,$out,$len,$key,$ivp,$ctx,$inp)=("%rdi","%rsi","%rdx","%rcx","%r8","%r9","%r10"); + +my $Xi=4; +my @X=map("%xmm$_",(4..7,0..3)); +my @Tx=map("%xmm$_",(8..10)); +my @V=($A,$B,$C,$D,$E)=("%eax","%ebx","%ecx","%edx","%ebp"); # size optimization +my @T=("%esi","%edi"); + +my $_rol=sub { &shld(@_[0],@_) }; +my $_ror=sub { &shrd(@_[0],@_) }; + +$code.=<<___; +.type aesni_cbc_sha1_enc_avx,\@function,6 +.align 16 +aesni_cbc_sha1_enc_avx: + mov `($win64?56:8)`(%rsp),$inp # load 7th argument + #shr \$6,$len # debugging artefact + #jz .Lepilogue_avx # debugging artefact + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + lea `-104-($win64?10*16:0)`(%rsp),%rsp + #mov $in0,$inp # debugging artefact + #lea 64(%rsp),$ctx # debugging artefact +___ +$code.=<<___ if ($win64); + movaps %xmm6,96+0(%rsp) + movaps %xmm7,96+16(%rsp) + movaps %xmm8,96+32(%rsp) + movaps %xmm9,96+48(%rsp) + movaps %xmm10,96+64(%rsp) + movaps %xmm11,96+80(%rsp) + movaps %xmm12,96+96(%rsp) + movaps %xmm13,96+112(%rsp) + movaps %xmm14,96+128(%rsp) + movaps %xmm15,96+144(%rsp) +.Lprologue_avx: +___ +$code.=<<___; + vzeroall + mov $in0,%r12 # reassign arguments + mov $out,%r13 + mov $len,%r14 + mov $key,%r15 + vmovdqu ($ivp),$iv # load IV + mov $ivp,88(%rsp) # save $ivp +___ +my ($in0,$out,$len,$key)=map("%r$_",(12..15)); # reassign arguments +my $rounds="${ivp}d"; +$code.=<<___; + shl \$6,$len + sub $in0,$out + mov 240($key),$rounds + add \$112,$key # size optimization + add $inp,$len # end of input + + lea K_XX_XX(%rip),$K_XX_XX + mov 0($ctx),$A # load context + mov 4($ctx),$B + mov 8($ctx),$C + mov 12($ctx),$D + mov $B,@T[0] # magic seed + mov 16($ctx),$E + + vmovdqa 64($K_XX_XX),@X[2] # pbswap mask + vmovdqa 0($K_XX_XX),@Tx[1] # K_00_19 + vmovdqu 0($inp),@X[-4&7] # load input to %xmm[0-3] + vmovdqu 16($inp),@X[-3&7] + vmovdqu 32($inp),@X[-2&7] + vmovdqu 48($inp),@X[-1&7] + vpshufb @X[2],@X[-4&7],@X[-4&7] # byte swap + add \$64,$inp + vpshufb @X[2],@X[-3&7],@X[-3&7] + vpshufb @X[2],@X[-2&7],@X[-2&7] + vpshufb @X[2],@X[-1&7],@X[-1&7] + vpaddd @Tx[1],@X[-4&7],@X[0] # add K_00_19 + vpaddd @Tx[1],@X[-3&7],@X[1] + vpaddd @Tx[1],@X[-2&7],@X[2] + vmovdqa @X[0],0(%rsp) # X[]+K xfer to IALU + vmovdqa @X[1],16(%rsp) + vmovdqa @X[2],32(%rsp) + vmovups -112($key),$rndkey0 # $key[0] + vmovups 16-112($key),$rndkey[0] # forward reference + jmp .Loop_avx +___ + +my $aesenc=sub { + use integer; + my ($n,$k)=($r/10,$r%10); + if ($k==0) { + $code.=<<___; + vmovups `16*$n`($in0),$in # load input + vxorps $rndkey0,$in,$in +___ + $code.=<<___ if ($n); + vmovups $iv,`16*($n-1)`($out,$in0) # write output +___ + $code.=<<___; + vxorps $in,$iv,$iv + vaesenc $rndkey[0],$iv,$iv + vmovups `32+16*$k-112`($key),$rndkey[1] +___ + } elsif ($k==9) { + $sn++; + $code.=<<___; + cmp \$11,$rounds + jb .Lvaesenclast$sn + vaesenc $rndkey[0],$iv,$iv + vmovups `32+16*($k+0)-112`($key),$rndkey[1] + vaesenc $rndkey[1],$iv,$iv + vmovups `32+16*($k+1)-112`($key),$rndkey[0] + je .Lvaesenclast$sn + vaesenc $rndkey[0],$iv,$iv + vmovups `32+16*($k+2)-112`($key),$rndkey[1] + vaesenc $rndkey[1],$iv,$iv + vmovups `32+16*($k+3)-112`($key),$rndkey[0] +.Lvaesenclast$sn: + vaesenclast $rndkey[0],$iv,$iv + vmovups 16-112($key),$rndkey[1] # forward reference +___ + } else { + $code.=<<___; + vaesenc $rndkey[0],$iv,$iv + vmovups `32+16*$k-112`($key),$rndkey[1] +___ + } + $r++; unshift(@rndkey,pop(@rndkey)); +}; + +sub Xupdate_avx_16_31() # recall that $Xi starts wtih 4 +{ use integer; + my $body = shift; + my @insns = (&$body,&$body,&$body,&$body); # 40 instructions + my ($a,$b,$c,$d,$e); + + eval(shift(@insns)); + eval(shift(@insns)); + &vpalignr(@X[0],@X[-3&7],@X[-4&7],8); # compose "X[-14]" in "X[0]" + eval(shift(@insns)); + eval(shift(@insns)); + + &vpaddd (@Tx[1],@Tx[1],@X[-1&7]); + eval(shift(@insns)); + eval(shift(@insns)); + &vpsrldq(@Tx[0],@X[-1&7],4); # "X[-3]", 3 dwords + eval(shift(@insns)); + eval(shift(@insns)); + &vpxor (@X[0],@X[0],@X[-4&7]); # "X[0]"^="X[-16]" + eval(shift(@insns)); + eval(shift(@insns)); + + &vpxor (@Tx[0],@Tx[0],@X[-2&7]); # "X[-3]"^"X[-8]" + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + + &vpxor (@X[0],@X[0],@Tx[0]); # "X[0]"^="X[-3]"^"X[-8]" + eval(shift(@insns)); + eval(shift(@insns)); + &vmovdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer to IALU + eval(shift(@insns)); + eval(shift(@insns)); + + &vpsrld (@Tx[0],@X[0],31); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + + &vpslldq(@Tx[2],@X[0],12); # "X[0]"<<96, extract one dword + &vpaddd (@X[0],@X[0],@X[0]); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + + &vpsrld (@Tx[1],@Tx[2],30); + &vpor (@X[0],@X[0],@Tx[0]); # "X[0]"<<<=1 + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + + &vpslld (@Tx[2],@Tx[2],2); + &vpxor (@X[0],@X[0],@Tx[1]); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + + &vpxor (@X[0],@X[0],@Tx[2]); # "X[0]"^=("X[0]">>96)<<<2 + eval(shift(@insns)); + eval(shift(@insns)); + &vmovdqa (@Tx[2],eval(16*(($Xi)/5))."($K_XX_XX)"); # K_XX_XX + eval(shift(@insns)); + eval(shift(@insns)); + + + foreach (@insns) { eval; } # remaining instructions [if any] + + $Xi++; push(@X,shift(@X)); # "rotate" X[] + push(@Tx,shift(@Tx)); +} + +sub Xupdate_avx_32_79() +{ use integer; + my $body = shift; + my @insns = (&$body,&$body,&$body,&$body); # 32 to 48 instructions + my ($a,$b,$c,$d,$e); + + &vpalignr(@Tx[0],@X[-1&7],@X[-2&7],8); # compose "X[-6]" + &vpxor (@X[0],@X[0],@X[-4&7]); # "X[0]"="X[-32]"^"X[-16]" + eval(shift(@insns)); # body_20_39 + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); # rol + + &vpxor (@X[0],@X[0],@X[-7&7]); # "X[0]"^="X[-28]" + eval(shift(@insns)); + eval(shift(@insns)) if (@insns[0] !~ /&ro[rl]/); + if ($Xi%5) { + &vmovdqa (@Tx[2],@Tx[1]);# "perpetuate" K_XX_XX... + } else { # ... or load next one + &vmovdqa (@Tx[2],eval(16*($Xi/5))."($K_XX_XX)"); + } + &vpaddd (@Tx[1],@Tx[1],@X[-1&7]); + eval(shift(@insns)); # ror + eval(shift(@insns)); + + &vpxor (@X[0],@X[0],@Tx[0]); # "X[0]"^="X[-6]" + eval(shift(@insns)); # body_20_39 + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); # rol + + &vpsrld (@Tx[0],@X[0],30); + &vmovdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer to IALU + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); # ror + eval(shift(@insns)); + + &vpslld (@X[0],@X[0],2); + eval(shift(@insns)); # body_20_39 + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); # rol + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); # ror + eval(shift(@insns)); + + &vpor (@X[0],@X[0],@Tx[0]); # "X[0]"<<<=2 + eval(shift(@insns)); # body_20_39 + eval(shift(@insns)); + &vmovdqa (@Tx[1],@X[0]) if ($Xi<19); + eval(shift(@insns)); + eval(shift(@insns)); # rol + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); # rol + eval(shift(@insns)); + + foreach (@insns) { eval; } # remaining instructions + + $Xi++; push(@X,shift(@X)); # "rotate" X[] + push(@Tx,shift(@Tx)); +} + +sub Xuplast_avx_80() +{ use integer; + my $body = shift; + my @insns = (&$body,&$body,&$body,&$body); # 32 instructions + my ($a,$b,$c,$d,$e); + + eval(shift(@insns)); + &vpaddd (@Tx[1],@Tx[1],@X[-1&7]); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + + &movdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer IALU + + foreach (@insns) { eval; } # remaining instructions + + &cmp ($inp,$len); + &je (".Ldone_avx"); + + unshift(@Tx,pop(@Tx)); + + &vmovdqa(@X[2],"64($K_XX_XX)"); # pbswap mask + &vmovdqa(@Tx[1],"0($K_XX_XX)"); # K_00_19 + &vmovdqu(@X[-4&7],"0($inp)"); # load input + &vmovdqu(@X[-3&7],"16($inp)"); + &vmovdqu(@X[-2&7],"32($inp)"); + &vmovdqu(@X[-1&7],"48($inp)"); + &vpshufb(@X[-4&7],@X[-4&7],@X[2]); # byte swap + &add ($inp,64); + + $Xi=0; +} + +sub Xloop_avx() +{ use integer; + my $body = shift; + my @insns = (&$body,&$body,&$body,&$body); # 32 instructions + my ($a,$b,$c,$d,$e); + + eval(shift(@insns)); + eval(shift(@insns)); + &vpshufb(@X[($Xi-3)&7],@X[($Xi-3)&7],@X[2]); + eval(shift(@insns)); + eval(shift(@insns)); + &vpaddd (@X[$Xi&7],@X[($Xi-4)&7],@Tx[1]); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + &vmovdqa(eval(16*$Xi)."(%rsp)",@X[$Xi&7]); # X[]+K xfer to IALU + eval(shift(@insns)); + eval(shift(@insns)); + + foreach (@insns) { eval; } + $Xi++; +} + +sub Xtail_avx() +{ use integer; + my $body = shift; + my @insns = (&$body,&$body,&$body,&$body); # 32 instructions + my ($a,$b,$c,$d,$e); + + foreach (@insns) { eval; } +} + +$code.=<<___; +.align 16 +.Loop_avx: +___ + &Xupdate_avx_16_31(\&body_00_19); + &Xupdate_avx_16_31(\&body_00_19); + &Xupdate_avx_16_31(\&body_00_19); + &Xupdate_avx_16_31(\&body_00_19); + &Xupdate_avx_32_79(\&body_00_19); + &Xupdate_avx_32_79(\&body_20_39); + &Xupdate_avx_32_79(\&body_20_39); + &Xupdate_avx_32_79(\&body_20_39); + &Xupdate_avx_32_79(\&body_20_39); + &Xupdate_avx_32_79(\&body_20_39); + &Xupdate_avx_32_79(\&body_40_59); + &Xupdate_avx_32_79(\&body_40_59); + &Xupdate_avx_32_79(\&body_40_59); + &Xupdate_avx_32_79(\&body_40_59); + &Xupdate_avx_32_79(\&body_40_59); + &Xupdate_avx_32_79(\&body_20_39); + &Xuplast_avx_80(\&body_20_39); # can jump to "done" + + $saved_j=$j; @saved_V=@V; + $saved_r=$r; @saved_rndkey=@rndkey; + + &Xloop_avx(\&body_20_39); + &Xloop_avx(\&body_20_39); + &Xloop_avx(\&body_20_39); + +$code.=<<___; + vmovups $iv,48($out,$in0) # write output + lea 64($in0),$in0 + + add 0($ctx),$A # update context + add 4($ctx),@T[0] + add 8($ctx),$C + add 12($ctx),$D + mov $A,0($ctx) + add 16($ctx),$E + mov @T[0],4($ctx) + mov @T[0],$B # magic seed + mov $C,8($ctx) + mov $D,12($ctx) + mov $E,16($ctx) + jmp .Loop_avx + +.align 16 +.Ldone_avx: +___ + $jj=$j=$saved_j; @V=@saved_V; + $r=$saved_r; @rndkey=@saved_rndkey; + + &Xtail_avx(\&body_20_39); + &Xtail_avx(\&body_20_39); + &Xtail_avx(\&body_20_39); + +$code.=<<___; + vmovups $iv,48($out,$in0) # write output + mov 88(%rsp),$ivp # restore $ivp + + add 0($ctx),$A # update context + add 4($ctx),@T[0] + add 8($ctx),$C + mov $A,0($ctx) + add 12($ctx),$D + mov @T[0],4($ctx) + add 16($ctx),$E + mov $C,8($ctx) + mov $D,12($ctx) + mov $E,16($ctx) + vmovups $iv,($ivp) # write IV + vzeroall +___ +$code.=<<___ if ($win64); + movaps 96+0(%rsp),%xmm6 + movaps 96+16(%rsp),%xmm7 + movaps 96+32(%rsp),%xmm8 + movaps 96+48(%rsp),%xmm9 + movaps 96+64(%rsp),%xmm10 + movaps 96+80(%rsp),%xmm11 + movaps 96+96(%rsp),%xmm12 + movaps 96+112(%rsp),%xmm13 + movaps 96+128(%rsp),%xmm14 + movaps 96+144(%rsp),%xmm15 +___ +$code.=<<___; + lea `104+($win64?10*16:0)`(%rsp),%rsi + mov 0(%rsi),%r15 + mov 8(%rsi),%r14 + mov 16(%rsi),%r13 + mov 24(%rsi),%r12 + mov 32(%rsi),%rbp + mov 40(%rsi),%rbx + lea 48(%rsi),%rsp +.Lepilogue_avx: + ret +.size aesni_cbc_sha1_enc_avx,.-aesni_cbc_sha1_enc_avx +___ +} +$code.=<<___; +.align 64 +K_XX_XX: +.long 0x5a827999,0x5a827999,0x5a827999,0x5a827999 # K_00_19 +.long 0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1 # K_20_39 +.long 0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc # K_40_59 +.long 0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6 # K_60_79 +.long 0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f # pbswap mask + +.asciz "AESNI-CBC+SHA1 stitch for x86_64, CRYPTOGAMS by " +.align 64 +___ + +# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, +# CONTEXT *context,DISPATCHER_CONTEXT *disp) +if ($win64) { +$rec="%rcx"; +$frame="%rdx"; +$context="%r8"; +$disp="%r9"; + +$code.=<<___; +.extern __imp_RtlVirtualUnwind +.type ssse3_handler,\@abi-omnipotent +.align 16 +ssse3_handler: + push %rsi + push %rdi + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + pushfq + sub \$64,%rsp + + mov 120($context),%rax # pull context->Rax + mov 248($context),%rbx # pull context->Rip + + mov 8($disp),%rsi # disp->ImageBase + mov 56($disp),%r11 # disp->HandlerData + + mov 0(%r11),%r10d # HandlerData[0] + lea (%rsi,%r10),%r10 # prologue label + cmp %r10,%rbx # context->RipRsp + + mov 4(%r11),%r10d # HandlerData[1] + lea (%rsi,%r10),%r10 # epilogue label + cmp %r10,%rbx # context->Rip>=epilogue label + jae .Lcommon_seh_tail + + lea 96(%rax),%rsi + lea 512($context),%rdi # &context.Xmm6 + mov \$20,%ecx + .long 0xa548f3fc # cld; rep movsq + lea `104+10*16`(%rax),%rax # adjust stack pointer + + mov 0(%rax),%r15 + mov 8(%rax),%r14 + mov 16(%rax),%r13 + mov 24(%rax),%r12 + mov 32(%rax),%rbp + mov 40(%rax),%rbx + lea 48(%rax),%rax + mov %rbx,144($context) # restore context->Rbx + mov %rbp,160($context) # restore context->Rbp + mov %r12,216($context) # restore context->R12 + mov %r13,224($context) # restore context->R13 + mov %r14,232($context) # restore context->R14 + mov %r15,240($context) # restore context->R15 + +.Lcommon_seh_tail: + mov 8(%rax),%rdi + mov 16(%rax),%rsi + mov %rax,152($context) # restore context->Rsp + mov %rsi,168($context) # restore context->Rsi + mov %rdi,176($context) # restore context->Rdi + + mov 40($disp),%rdi # disp->ContextRecord + mov $context,%rsi # context + mov \$154,%ecx # sizeof(CONTEXT) + .long 0xa548f3fc # cld; rep movsq + + mov $disp,%rsi + xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER + mov 8(%rsi),%rdx # arg2, disp->ImageBase + mov 0(%rsi),%r8 # arg3, disp->ControlPc + mov 16(%rsi),%r9 # arg4, disp->FunctionEntry + mov 40(%rsi),%r10 # disp->ContextRecord + lea 56(%rsi),%r11 # &disp->HandlerData + lea 24(%rsi),%r12 # &disp->EstablisherFrame + mov %r10,32(%rsp) # arg5 + mov %r11,40(%rsp) # arg6 + mov %r12,48(%rsp) # arg7 + mov %rcx,56(%rsp) # arg8, (NULL) + call *__imp_RtlVirtualUnwind(%rip) + + mov \$1,%eax # ExceptionContinueSearch + add \$64,%rsp + popfq + pop %r15 + pop %r14 + pop %r13 + pop %r12 + pop %rbp + pop %rbx + pop %rdi + pop %rsi + ret +.size ssse3_handler,.-ssse3_handler + +.section .pdata +.align 4 + .rva .LSEH_begin_aesni_cbc_sha1_enc_ssse3 + .rva .LSEH_end_aesni_cbc_sha1_enc_ssse3 + .rva .LSEH_info_aesni_cbc_sha1_enc_ssse3 +___ +$code.=<<___ if ($avx); + .rva .LSEH_begin_aesni_cbc_sha1_enc_avx + .rva .LSEH_end_aesni_cbc_sha1_enc_avx + .rva .LSEH_info_aesni_cbc_sha1_enc_avx +___ +$code.=<<___; +.section .xdata +.align 8 +.LSEH_info_aesni_cbc_sha1_enc_ssse3: + .byte 9,0,0,0 + .rva ssse3_handler + .rva .Lprologue_ssse3,.Lepilogue_ssse3 # HandlerData[] +___ +$code.=<<___ if ($avx); +.LSEH_info_aesni_cbc_sha1_enc_avx: + .byte 9,0,0,0 + .rva ssse3_handler + .rva .Lprologue_avx,.Lepilogue_avx # HandlerData[] +___ +} + +#################################################################### +sub rex { + local *opcode=shift; + my ($dst,$src)=@_; + my $rex=0; + + $rex|=0x04 if($dst>=8); + $rex|=0x01 if($src>=8); + push @opcode,$rex|0x40 if($rex); +} + +$code =~ s/\`([^\`]*)\`/eval($1)/gem; + +print $code; +close STDOUT; diff --git a/src/lib/libcrypto/aes/asm/aesni-x86.pl b/src/lib/libcrypto/aes/asm/aesni-x86.pl new file mode 100644 index 00000000000..8c1d0b5bed2 --- /dev/null +++ b/src/lib/libcrypto/aes/asm/aesni-x86.pl @@ -0,0 +1,2189 @@ +#!/usr/bin/env perl + +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== +# +# This module implements support for Intel AES-NI extension. In +# OpenSSL context it's used with Intel engine, but can also be used as +# drop-in replacement for crypto/aes/asm/aes-586.pl [see below for +# details]. +# +# Performance. +# +# To start with see corresponding paragraph in aesni-x86_64.pl... +# Instead of filling table similar to one found there I've chosen to +# summarize *comparison* results for raw ECB, CTR and CBC benchmarks. +# The simplified table below represents 32-bit performance relative +# to 64-bit one in every given point. Ratios vary for different +# encryption modes, therefore interval values. +# +# 16-byte 64-byte 256-byte 1-KB 8-KB +# 53-67% 67-84% 91-94% 95-98% 97-99.5% +# +# Lower ratios for smaller block sizes are perfectly understandable, +# because function call overhead is higher in 32-bit mode. Largest +# 8-KB block performance is virtually same: 32-bit code is less than +# 1% slower for ECB, CBC and CCM, and ~3% slower otherwise. + +# January 2011 +# +# See aesni-x86_64.pl for details. Unlike x86_64 version this module +# interleaves at most 6 aes[enc|dec] instructions, because there are +# not enough registers for 8x interleave [which should be optimal for +# Sandy Bridge]. Actually, performance results for 6x interleave +# factor presented in aesni-x86_64.pl (except for CTR) are for this +# module. + +# April 2011 +# +# Add aesni_xts_[en|de]crypt. Westmere spends 1.50 cycles processing +# one byte out of 8KB with 128-bit key, Sandy Bridge - 1.09. + +$PREFIX="aesni"; # if $PREFIX is set to "AES", the script + # generates drop-in replacement for + # crypto/aes/asm/aes-586.pl:-) +$inline=1; # inline _aesni_[en|de]crypt + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +push(@INC,"${dir}","${dir}../../perlasm"); +require "x86asm.pl"; + +&asm_init($ARGV[0],$0); + +if ($PREFIX eq "aesni") { $movekey=*movups; } +else { $movekey=*movups; } + +$len="eax"; +$rounds="ecx"; +$key="edx"; +$inp="esi"; +$out="edi"; +$rounds_="ebx"; # backup copy for $rounds +$key_="ebp"; # backup copy for $key + +$rndkey0="xmm0"; +$rndkey1="xmm1"; +$inout0="xmm2"; +$inout1="xmm3"; +$inout2="xmm4"; +$inout3="xmm5"; $in1="xmm5"; +$inout4="xmm6"; $in0="xmm6"; +$inout5="xmm7"; $ivec="xmm7"; + +# AESNI extension +sub aeskeygenassist +{ my($dst,$src,$imm)=@_; + if ("$dst:$src" =~ /xmm([0-7]):xmm([0-7])/) + { &data_byte(0x66,0x0f,0x3a,0xdf,0xc0|($1<<3)|$2,$imm); } +} +sub aescommon +{ my($opcodelet,$dst,$src)=@_; + if ("$dst:$src" =~ /xmm([0-7]):xmm([0-7])/) + { &data_byte(0x66,0x0f,0x38,$opcodelet,0xc0|($1<<3)|$2);} +} +sub aesimc { aescommon(0xdb,@_); } +sub aesenc { aescommon(0xdc,@_); } +sub aesenclast { aescommon(0xdd,@_); } +sub aesdec { aescommon(0xde,@_); } +sub aesdeclast { aescommon(0xdf,@_); } + +# Inline version of internal aesni_[en|de]crypt1 +{ my $sn; +sub aesni_inline_generate1 +{ my ($p,$inout,$ivec)=@_; $inout=$inout0 if (!defined($inout)); + $sn++; + + &$movekey ($rndkey0,&QWP(0,$key)); + &$movekey ($rndkey1,&QWP(16,$key)); + &xorps ($ivec,$rndkey0) if (defined($ivec)); + &lea ($key,&DWP(32,$key)); + &xorps ($inout,$ivec) if (defined($ivec)); + &xorps ($inout,$rndkey0) if (!defined($ivec)); + &set_label("${p}1_loop_$sn"); + eval"&aes${p} ($inout,$rndkey1)"; + &dec ($rounds); + &$movekey ($rndkey1,&QWP(0,$key)); + &lea ($key,&DWP(16,$key)); + &jnz (&label("${p}1_loop_$sn")); + eval"&aes${p}last ($inout,$rndkey1)"; +}} + +sub aesni_generate1 # fully unrolled loop +{ my ($p,$inout)=@_; $inout=$inout0 if (!defined($inout)); + + &function_begin_B("_aesni_${p}rypt1"); + &movups ($rndkey0,&QWP(0,$key)); + &$movekey ($rndkey1,&QWP(0x10,$key)); + &xorps ($inout,$rndkey0); + &$movekey ($rndkey0,&QWP(0x20,$key)); + &lea ($key,&DWP(0x30,$key)); + &cmp ($rounds,11); + &jb (&label("${p}128")); + &lea ($key,&DWP(0x20,$key)); + &je (&label("${p}192")); + &lea ($key,&DWP(0x20,$key)); + eval"&aes${p} ($inout,$rndkey1)"; + &$movekey ($rndkey1,&QWP(-0x40,$key)); + eval"&aes${p} ($inout,$rndkey0)"; + &$movekey ($rndkey0,&QWP(-0x30,$key)); + &set_label("${p}192"); + eval"&aes${p} ($inout,$rndkey1)"; + &$movekey ($rndkey1,&QWP(-0x20,$key)); + eval"&aes${p} ($inout,$rndkey0)"; + &$movekey ($rndkey0,&QWP(-0x10,$key)); + &set_label("${p}128"); + eval"&aes${p} ($inout,$rndkey1)"; + &$movekey ($rndkey1,&QWP(0,$key)); + eval"&aes${p} ($inout,$rndkey0)"; + &$movekey ($rndkey0,&QWP(0x10,$key)); + eval"&aes${p} ($inout,$rndkey1)"; + &$movekey ($rndkey1,&QWP(0x20,$key)); + eval"&aes${p} ($inout,$rndkey0)"; + &$movekey ($rndkey0,&QWP(0x30,$key)); + eval"&aes${p} ($inout,$rndkey1)"; + &$movekey ($rndkey1,&QWP(0x40,$key)); + eval"&aes${p} ($inout,$rndkey0)"; + &$movekey ($rndkey0,&QWP(0x50,$key)); + eval"&aes${p} ($inout,$rndkey1)"; + &$movekey ($rndkey1,&QWP(0x60,$key)); + eval"&aes${p} ($inout,$rndkey0)"; + &$movekey ($rndkey0,&QWP(0x70,$key)); + eval"&aes${p} ($inout,$rndkey1)"; + eval"&aes${p}last ($inout,$rndkey0)"; + &ret(); + &function_end_B("_aesni_${p}rypt1"); +} + +# void $PREFIX_encrypt (const void *inp,void *out,const AES_KEY *key); +&aesni_generate1("enc") if (!$inline); +&function_begin_B("${PREFIX}_encrypt"); + &mov ("eax",&wparam(0)); + &mov ($key,&wparam(2)); + &movups ($inout0,&QWP(0,"eax")); + &mov ($rounds,&DWP(240,$key)); + &mov ("eax",&wparam(1)); + if ($inline) + { &aesni_inline_generate1("enc"); } + else + { &call ("_aesni_encrypt1"); } + &movups (&QWP(0,"eax"),$inout0); + &ret (); +&function_end_B("${PREFIX}_encrypt"); + +# void $PREFIX_decrypt (const void *inp,void *out,const AES_KEY *key); +&aesni_generate1("dec") if(!$inline); +&function_begin_B("${PREFIX}_decrypt"); + &mov ("eax",&wparam(0)); + &mov ($key,&wparam(2)); + &movups ($inout0,&QWP(0,"eax")); + &mov ($rounds,&DWP(240,$key)); + &mov ("eax",&wparam(1)); + if ($inline) + { &aesni_inline_generate1("dec"); } + else + { &call ("_aesni_decrypt1"); } + &movups (&QWP(0,"eax"),$inout0); + &ret (); +&function_end_B("${PREFIX}_decrypt"); + +# _aesni_[en|de]cryptN are private interfaces, N denotes interleave +# factor. Why 3x subroutine were originally used in loops? Even though +# aes[enc|dec] latency was originally 6, it could be scheduled only +# every *2nd* cycle. Thus 3x interleave was the one providing optimal +# utilization, i.e. when subroutine's throughput is virtually same as +# of non-interleaved subroutine [for number of input blocks up to 3]. +# This is why it makes no sense to implement 2x subroutine. +# aes[enc|dec] latency in next processor generation is 8, but the +# instructions can be scheduled every cycle. Optimal interleave for +# new processor is therefore 8x, but it's unfeasible to accommodate it +# in XMM registers addreassable in 32-bit mode and therefore 6x is +# used instead... + +sub aesni_generate3 +{ my $p=shift; + + &function_begin_B("_aesni_${p}rypt3"); + &$movekey ($rndkey0,&QWP(0,$key)); + &shr ($rounds,1); + &$movekey ($rndkey1,&QWP(16,$key)); + &lea ($key,&DWP(32,$key)); + &xorps ($inout0,$rndkey0); + &pxor ($inout1,$rndkey0); + &pxor ($inout2,$rndkey0); + &$movekey ($rndkey0,&QWP(0,$key)); + + &set_label("${p}3_loop"); + eval"&aes${p} ($inout0,$rndkey1)"; + eval"&aes${p} ($inout1,$rndkey1)"; + &dec ($rounds); + eval"&aes${p} ($inout2,$rndkey1)"; + &$movekey ($rndkey1,&QWP(16,$key)); + eval"&aes${p} ($inout0,$rndkey0)"; + eval"&aes${p} ($inout1,$rndkey0)"; + &lea ($key,&DWP(32,$key)); + eval"&aes${p} ($inout2,$rndkey0)"; + &$movekey ($rndkey0,&QWP(0,$key)); + &jnz (&label("${p}3_loop")); + eval"&aes${p} ($inout0,$rndkey1)"; + eval"&aes${p} ($inout1,$rndkey1)"; + eval"&aes${p} ($inout2,$rndkey1)"; + eval"&aes${p}last ($inout0,$rndkey0)"; + eval"&aes${p}last ($inout1,$rndkey0)"; + eval"&aes${p}last ($inout2,$rndkey0)"; + &ret(); + &function_end_B("_aesni_${p}rypt3"); +} + +# 4x interleave is implemented to improve small block performance, +# most notably [and naturally] 4 block by ~30%. One can argue that one +# should have implemented 5x as well, but improvement would be <20%, +# so it's not worth it... +sub aesni_generate4 +{ my $p=shift; + + &function_begin_B("_aesni_${p}rypt4"); + &$movekey ($rndkey0,&QWP(0,$key)); + &$movekey ($rndkey1,&QWP(16,$key)); + &shr ($rounds,1); + &lea ($key,&DWP(32,$key)); + &xorps ($inout0,$rndkey0); + &pxor ($inout1,$rndkey0); + &pxor ($inout2,$rndkey0); + &pxor ($inout3,$rndkey0); + &$movekey ($rndkey0,&QWP(0,$key)); + + &set_label("${p}4_loop"); + eval"&aes${p} ($inout0,$rndkey1)"; + eval"&aes${p} ($inout1,$rndkey1)"; + &dec ($rounds); + eval"&aes${p} ($inout2,$rndkey1)"; + eval"&aes${p} ($inout3,$rndkey1)"; + &$movekey ($rndkey1,&QWP(16,$key)); + eval"&aes${p} ($inout0,$rndkey0)"; + eval"&aes${p} ($inout1,$rndkey0)"; + &lea ($key,&DWP(32,$key)); + eval"&aes${p} ($inout2,$rndkey0)"; + eval"&aes${p} ($inout3,$rndkey0)"; + &$movekey ($rndkey0,&QWP(0,$key)); + &jnz (&label("${p}4_loop")); + + eval"&aes${p} ($inout0,$rndkey1)"; + eval"&aes${p} ($inout1,$rndkey1)"; + eval"&aes${p} ($inout2,$rndkey1)"; + eval"&aes${p} ($inout3,$rndkey1)"; + eval"&aes${p}last ($inout0,$rndkey0)"; + eval"&aes${p}last ($inout1,$rndkey0)"; + eval"&aes${p}last ($inout2,$rndkey0)"; + eval"&aes${p}last ($inout3,$rndkey0)"; + &ret(); + &function_end_B("_aesni_${p}rypt4"); +} + +sub aesni_generate6 +{ my $p=shift; + + &function_begin_B("_aesni_${p}rypt6"); + &static_label("_aesni_${p}rypt6_enter"); + &$movekey ($rndkey0,&QWP(0,$key)); + &shr ($rounds,1); + &$movekey ($rndkey1,&QWP(16,$key)); + &lea ($key,&DWP(32,$key)); + &xorps ($inout0,$rndkey0); + &pxor ($inout1,$rndkey0); # pxor does better here + eval"&aes${p} ($inout0,$rndkey1)"; + &pxor ($inout2,$rndkey0); + eval"&aes${p} ($inout1,$rndkey1)"; + &pxor ($inout3,$rndkey0); + &dec ($rounds); + eval"&aes${p} ($inout2,$rndkey1)"; + &pxor ($inout4,$rndkey0); + eval"&aes${p} ($inout3,$rndkey1)"; + &pxor ($inout5,$rndkey0); + eval"&aes${p} ($inout4,$rndkey1)"; + &$movekey ($rndkey0,&QWP(0,$key)); + eval"&aes${p} ($inout5,$rndkey1)"; + &jmp (&label("_aesni_${p}rypt6_enter")); + + &set_label("${p}6_loop",16); + eval"&aes${p} ($inout0,$rndkey1)"; + eval"&aes${p} ($inout1,$rndkey1)"; + &dec ($rounds); + eval"&aes${p} ($inout2,$rndkey1)"; + eval"&aes${p} ($inout3,$rndkey1)"; + eval"&aes${p} ($inout4,$rndkey1)"; + eval"&aes${p} ($inout5,$rndkey1)"; + &set_label("_aesni_${p}rypt6_enter",16); + &$movekey ($rndkey1,&QWP(16,$key)); + eval"&aes${p} ($inout0,$rndkey0)"; + eval"&aes${p} ($inout1,$rndkey0)"; + &lea ($key,&DWP(32,$key)); + eval"&aes${p} ($inout2,$rndkey0)"; + eval"&aes${p} ($inout3,$rndkey0)"; + eval"&aes${p} ($inout4,$rndkey0)"; + eval"&aes${p} ($inout5,$rndkey0)"; + &$movekey ($rndkey0,&QWP(0,$key)); + &jnz (&label("${p}6_loop")); + + eval"&aes${p} ($inout0,$rndkey1)"; + eval"&aes${p} ($inout1,$rndkey1)"; + eval"&aes${p} ($inout2,$rndkey1)"; + eval"&aes${p} ($inout3,$rndkey1)"; + eval"&aes${p} ($inout4,$rndkey1)"; + eval"&aes${p} ($inout5,$rndkey1)"; + eval"&aes${p}last ($inout0,$rndkey0)"; + eval"&aes${p}last ($inout1,$rndkey0)"; + eval"&aes${p}last ($inout2,$rndkey0)"; + eval"&aes${p}last ($inout3,$rndkey0)"; + eval"&aes${p}last ($inout4,$rndkey0)"; + eval"&aes${p}last ($inout5,$rndkey0)"; + &ret(); + &function_end_B("_aesni_${p}rypt6"); +} +&aesni_generate3("enc") if ($PREFIX eq "aesni"); +&aesni_generate3("dec"); +&aesni_generate4("enc") if ($PREFIX eq "aesni"); +&aesni_generate4("dec"); +&aesni_generate6("enc") if ($PREFIX eq "aesni"); +&aesni_generate6("dec"); + +if ($PREFIX eq "aesni") { +###################################################################### +# void aesni_ecb_encrypt (const void *in, void *out, +# size_t length, const AES_KEY *key, +# int enc); +&function_begin("aesni_ecb_encrypt"); + &mov ($inp,&wparam(0)); + &mov ($out,&wparam(1)); + &mov ($len,&wparam(2)); + &mov ($key,&wparam(3)); + &mov ($rounds_,&wparam(4)); + &and ($len,-16); + &jz (&label("ecb_ret")); + &mov ($rounds,&DWP(240,$key)); + &test ($rounds_,$rounds_); + &jz (&label("ecb_decrypt")); + + &mov ($key_,$key); # backup $key + &mov ($rounds_,$rounds); # backup $rounds + &cmp ($len,0x60); + &jb (&label("ecb_enc_tail")); + + &movdqu ($inout0,&QWP(0,$inp)); + &movdqu ($inout1,&QWP(0x10,$inp)); + &movdqu ($inout2,&QWP(0x20,$inp)); + &movdqu ($inout3,&QWP(0x30,$inp)); + &movdqu ($inout4,&QWP(0x40,$inp)); + &movdqu ($inout5,&QWP(0x50,$inp)); + &lea ($inp,&DWP(0x60,$inp)); + &sub ($len,0x60); + &jmp (&label("ecb_enc_loop6_enter")); + +&set_label("ecb_enc_loop6",16); + &movups (&QWP(0,$out),$inout0); + &movdqu ($inout0,&QWP(0,$inp)); + &movups (&QWP(0x10,$out),$inout1); + &movdqu ($inout1,&QWP(0x10,$inp)); + &movups (&QWP(0x20,$out),$inout2); + &movdqu ($inout2,&QWP(0x20,$inp)); + &movups (&QWP(0x30,$out),$inout3); + &movdqu ($inout3,&QWP(0x30,$inp)); + &movups (&QWP(0x40,$out),$inout4); + &movdqu ($inout4,&QWP(0x40,$inp)); + &movups (&QWP(0x50,$out),$inout5); + &lea ($out,&DWP(0x60,$out)); + &movdqu ($inout5,&QWP(0x50,$inp)); + &lea ($inp,&DWP(0x60,$inp)); +&set_label("ecb_enc_loop6_enter"); + + &call ("_aesni_encrypt6"); + + &mov ($key,$key_); # restore $key + &mov ($rounds,$rounds_); # restore $rounds + &sub ($len,0x60); + &jnc (&label("ecb_enc_loop6")); + + &movups (&QWP(0,$out),$inout0); + &movups (&QWP(0x10,$out),$inout1); + &movups (&QWP(0x20,$out),$inout2); + &movups (&QWP(0x30,$out),$inout3); + &movups (&QWP(0x40,$out),$inout4); + &movups (&QWP(0x50,$out),$inout5); + &lea ($out,&DWP(0x60,$out)); + &add ($len,0x60); + &jz (&label("ecb_ret")); + +&set_label("ecb_enc_tail"); + &movups ($inout0,&QWP(0,$inp)); + &cmp ($len,0x20); + &jb (&label("ecb_enc_one")); + &movups ($inout1,&QWP(0x10,$inp)); + &je (&label("ecb_enc_two")); + &movups ($inout2,&QWP(0x20,$inp)); + &cmp ($len,0x40); + &jb (&label("ecb_enc_three")); + &movups ($inout3,&QWP(0x30,$inp)); + &je (&label("ecb_enc_four")); + &movups ($inout4,&QWP(0x40,$inp)); + &xorps ($inout5,$inout5); + &call ("_aesni_encrypt6"); + &movups (&QWP(0,$out),$inout0); + &movups (&QWP(0x10,$out),$inout1); + &movups (&QWP(0x20,$out),$inout2); + &movups (&QWP(0x30,$out),$inout3); + &movups (&QWP(0x40,$out),$inout4); + jmp (&label("ecb_ret")); + +&set_label("ecb_enc_one",16); + if ($inline) + { &aesni_inline_generate1("enc"); } + else + { &call ("_aesni_encrypt1"); } + &movups (&QWP(0,$out),$inout0); + &jmp (&label("ecb_ret")); + +&set_label("ecb_enc_two",16); + &xorps ($inout2,$inout2); + &call ("_aesni_encrypt3"); + &movups (&QWP(0,$out),$inout0); + &movups (&QWP(0x10,$out),$inout1); + &jmp (&label("ecb_ret")); + +&set_label("ecb_enc_three",16); + &call ("_aesni_encrypt3"); + &movups (&QWP(0,$out),$inout0); + &movups (&QWP(0x10,$out),$inout1); + &movups (&QWP(0x20,$out),$inout2); + &jmp (&label("ecb_ret")); + +&set_label("ecb_enc_four",16); + &call ("_aesni_encrypt4"); + &movups (&QWP(0,$out),$inout0); + &movups (&QWP(0x10,$out),$inout1); + &movups (&QWP(0x20,$out),$inout2); + &movups (&QWP(0x30,$out),$inout3); + &jmp (&label("ecb_ret")); +###################################################################### +&set_label("ecb_decrypt",16); + &mov ($key_,$key); # backup $key + &mov ($rounds_,$rounds); # backup $rounds + &cmp ($len,0x60); + &jb (&label("ecb_dec_tail")); + + &movdqu ($inout0,&QWP(0,$inp)); + &movdqu ($inout1,&QWP(0x10,$inp)); + &movdqu ($inout2,&QWP(0x20,$inp)); + &movdqu ($inout3,&QWP(0x30,$inp)); + &movdqu ($inout4,&QWP(0x40,$inp)); + &movdqu ($inout5,&QWP(0x50,$inp)); + &lea ($inp,&DWP(0x60,$inp)); + &sub ($len,0x60); + &jmp (&label("ecb_dec_loop6_enter")); + +&set_label("ecb_dec_loop6",16); + &movups (&QWP(0,$out),$inout0); + &movdqu ($inout0,&QWP(0,$inp)); + &movups (&QWP(0x10,$out),$inout1); + &movdqu ($inout1,&QWP(0x10,$inp)); + &movups (&QWP(0x20,$out),$inout2); + &movdqu ($inout2,&QWP(0x20,$inp)); + &movups (&QWP(0x30,$out),$inout3); + &movdqu ($inout3,&QWP(0x30,$inp)); + &movups (&QWP(0x40,$out),$inout4); + &movdqu ($inout4,&QWP(0x40,$inp)); + &movups (&QWP(0x50,$out),$inout5); + &lea ($out,&DWP(0x60,$out)); + &movdqu ($inout5,&QWP(0x50,$inp)); + &lea ($inp,&DWP(0x60,$inp)); +&set_label("ecb_dec_loop6_enter"); + + &call ("_aesni_decrypt6"); + + &mov ($key,$key_); # restore $key + &mov ($rounds,$rounds_); # restore $rounds + &sub ($len,0x60); + &jnc (&label("ecb_dec_loop6")); + + &movups (&QWP(0,$out),$inout0); + &movups (&QWP(0x10,$out),$inout1); + &movups (&QWP(0x20,$out),$inout2); + &movups (&QWP(0x30,$out),$inout3); + &movups (&QWP(0x40,$out),$inout4); + &movups (&QWP(0x50,$out),$inout5); + &lea ($out,&DWP(0x60,$out)); + &add ($len,0x60); + &jz (&label("ecb_ret")); + +&set_label("ecb_dec_tail"); + &movups ($inout0,&QWP(0,$inp)); + &cmp ($len,0x20); + &jb (&label("ecb_dec_one")); + &movups ($inout1,&QWP(0x10,$inp)); + &je (&label("ecb_dec_two")); + &movups ($inout2,&QWP(0x20,$inp)); + &cmp ($len,0x40); + &jb (&label("ecb_dec_three")); + &movups ($inout3,&QWP(0x30,$inp)); + &je (&label("ecb_dec_four")); + &movups ($inout4,&QWP(0x40,$inp)); + &xorps ($inout5,$inout5); + &call ("_aesni_decrypt6"); + &movups (&QWP(0,$out),$inout0); + &movups (&QWP(0x10,$out),$inout1); + &movups (&QWP(0x20,$out),$inout2); + &movups (&QWP(0x30,$out),$inout3); + &movups (&QWP(0x40,$out),$inout4); + &jmp (&label("ecb_ret")); + +&set_label("ecb_dec_one",16); + if ($inline) + { &aesni_inline_generate1("dec"); } + else + { &call ("_aesni_decrypt1"); } + &movups (&QWP(0,$out),$inout0); + &jmp (&label("ecb_ret")); + +&set_label("ecb_dec_two",16); + &xorps ($inout2,$inout2); + &call ("_aesni_decrypt3"); + &movups (&QWP(0,$out),$inout0); + &movups (&QWP(0x10,$out),$inout1); + &jmp (&label("ecb_ret")); + +&set_label("ecb_dec_three",16); + &call ("_aesni_decrypt3"); + &movups (&QWP(0,$out),$inout0); + &movups (&QWP(0x10,$out),$inout1); + &movups (&QWP(0x20,$out),$inout2); + &jmp (&label("ecb_ret")); + +&set_label("ecb_dec_four",16); + &call ("_aesni_decrypt4"); + &movups (&QWP(0,$out),$inout0); + &movups (&QWP(0x10,$out),$inout1); + &movups (&QWP(0x20,$out),$inout2); + &movups (&QWP(0x30,$out),$inout3); + +&set_label("ecb_ret"); +&function_end("aesni_ecb_encrypt"); + +###################################################################### +# void aesni_ccm64_[en|de]crypt_blocks (const void *in, void *out, +# size_t blocks, const AES_KEY *key, +# const char *ivec,char *cmac); +# +# Handles only complete blocks, operates on 64-bit counter and +# does not update *ivec! Nor does it finalize CMAC value +# (see engine/eng_aesni.c for details) +# +{ my $cmac=$inout1; +&function_begin("aesni_ccm64_encrypt_blocks"); + &mov ($inp,&wparam(0)); + &mov ($out,&wparam(1)); + &mov ($len,&wparam(2)); + &mov ($key,&wparam(3)); + &mov ($rounds_,&wparam(4)); + &mov ($rounds,&wparam(5)); + &mov ($key_,"esp"); + &sub ("esp",60); + &and ("esp",-16); # align stack + &mov (&DWP(48,"esp"),$key_); + + &movdqu ($ivec,&QWP(0,$rounds_)); # load ivec + &movdqu ($cmac,&QWP(0,$rounds)); # load cmac + &mov ($rounds,&DWP(240,$key)); + + # compose byte-swap control mask for pshufb on stack + &mov (&DWP(0,"esp"),0x0c0d0e0f); + &mov (&DWP(4,"esp"),0x08090a0b); + &mov (&DWP(8,"esp"),0x04050607); + &mov (&DWP(12,"esp"),0x00010203); + + # compose counter increment vector on stack + &mov ($rounds_,1); + &xor ($key_,$key_); + &mov (&DWP(16,"esp"),$rounds_); + &mov (&DWP(20,"esp"),$key_); + &mov (&DWP(24,"esp"),$key_); + &mov (&DWP(28,"esp"),$key_); + + &shr ($rounds,1); + &lea ($key_,&DWP(0,$key)); + &movdqa ($inout3,&QWP(0,"esp")); + &movdqa ($inout0,$ivec); + &mov ($rounds_,$rounds); + &pshufb ($ivec,$inout3); + +&set_label("ccm64_enc_outer"); + &$movekey ($rndkey0,&QWP(0,$key_)); + &mov ($rounds,$rounds_); + &movups ($in0,&QWP(0,$inp)); + + &xorps ($inout0,$rndkey0); + &$movekey ($rndkey1,&QWP(16,$key_)); + &xorps ($rndkey0,$in0); + &lea ($key,&DWP(32,$key_)); + &xorps ($cmac,$rndkey0); # cmac^=inp + &$movekey ($rndkey0,&QWP(0,$key)); + +&set_label("ccm64_enc2_loop"); + &aesenc ($inout0,$rndkey1); + &dec ($rounds); + &aesenc ($cmac,$rndkey1); + &$movekey ($rndkey1,&QWP(16,$key)); + &aesenc ($inout0,$rndkey0); + &lea ($key,&DWP(32,$key)); + &aesenc ($cmac,$rndkey0); + &$movekey ($rndkey0,&QWP(0,$key)); + &jnz (&label("ccm64_enc2_loop")); + &aesenc ($inout0,$rndkey1); + &aesenc ($cmac,$rndkey1); + &paddq ($ivec,&QWP(16,"esp")); + &aesenclast ($inout0,$rndkey0); + &aesenclast ($cmac,$rndkey0); + + &dec ($len); + &lea ($inp,&DWP(16,$inp)); + &xorps ($in0,$inout0); # inp^=E(ivec) + &movdqa ($inout0,$ivec); + &movups (&QWP(0,$out),$in0); # save output + &lea ($out,&DWP(16,$out)); + &pshufb ($inout0,$inout3); + &jnz (&label("ccm64_enc_outer")); + + &mov ("esp",&DWP(48,"esp")); + &mov ($out,&wparam(5)); + &movups (&QWP(0,$out),$cmac); +&function_end("aesni_ccm64_encrypt_blocks"); + +&function_begin("aesni_ccm64_decrypt_blocks"); + &mov ($inp,&wparam(0)); + &mov ($out,&wparam(1)); + &mov ($len,&wparam(2)); + &mov ($key,&wparam(3)); + &mov ($rounds_,&wparam(4)); + &mov ($rounds,&wparam(5)); + &mov ($key_,"esp"); + &sub ("esp",60); + &and ("esp",-16); # align stack + &mov (&DWP(48,"esp"),$key_); + + &movdqu ($ivec,&QWP(0,$rounds_)); # load ivec + &movdqu ($cmac,&QWP(0,$rounds)); # load cmac + &mov ($rounds,&DWP(240,$key)); + + # compose byte-swap control mask for pshufb on stack + &mov (&DWP(0,"esp"),0x0c0d0e0f); + &mov (&DWP(4,"esp"),0x08090a0b); + &mov (&DWP(8,"esp"),0x04050607); + &mov (&DWP(12,"esp"),0x00010203); + + # compose counter increment vector on stack + &mov ($rounds_,1); + &xor ($key_,$key_); + &mov (&DWP(16,"esp"),$rounds_); + &mov (&DWP(20,"esp"),$key_); + &mov (&DWP(24,"esp"),$key_); + &mov (&DWP(28,"esp"),$key_); + + &movdqa ($inout3,&QWP(0,"esp")); # bswap mask + &movdqa ($inout0,$ivec); + + &mov ($key_,$key); + &mov ($rounds_,$rounds); + + &pshufb ($ivec,$inout3); + if ($inline) + { &aesni_inline_generate1("enc"); } + else + { &call ("_aesni_encrypt1"); } + &movups ($in0,&QWP(0,$inp)); # load inp + &paddq ($ivec,&QWP(16,"esp")); + &lea ($inp,&QWP(16,$inp)); + &jmp (&label("ccm64_dec_outer")); + +&set_label("ccm64_dec_outer",16); + &xorps ($in0,$inout0); # inp ^= E(ivec) + &movdqa ($inout0,$ivec); + &mov ($rounds,$rounds_); + &movups (&QWP(0,$out),$in0); # save output + &lea ($out,&DWP(16,$out)); + &pshufb ($inout0,$inout3); + + &sub ($len,1); + &jz (&label("ccm64_dec_break")); + + &$movekey ($rndkey0,&QWP(0,$key_)); + &shr ($rounds,1); + &$movekey ($rndkey1,&QWP(16,$key_)); + &xorps ($in0,$rndkey0); + &lea ($key,&DWP(32,$key_)); + &xorps ($inout0,$rndkey0); + &xorps ($cmac,$in0); # cmac^=out + &$movekey ($rndkey0,&QWP(0,$key)); + +&set_label("ccm64_dec2_loop"); + &aesenc ($inout0,$rndkey1); + &dec ($rounds); + &aesenc ($cmac,$rndkey1); + &$movekey ($rndkey1,&QWP(16,$key)); + &aesenc ($inout0,$rndkey0); + &lea ($key,&DWP(32,$key)); + &aesenc ($cmac,$rndkey0); + &$movekey ($rndkey0,&QWP(0,$key)); + &jnz (&label("ccm64_dec2_loop")); + &movups ($in0,&QWP(0,$inp)); # load inp + &paddq ($ivec,&QWP(16,"esp")); + &aesenc ($inout0,$rndkey1); + &aesenc ($cmac,$rndkey1); + &lea ($inp,&QWP(16,$inp)); + &aesenclast ($inout0,$rndkey0); + &aesenclast ($cmac,$rndkey0); + &jmp (&label("ccm64_dec_outer")); + +&set_label("ccm64_dec_break",16); + &mov ($key,$key_); + if ($inline) + { &aesni_inline_generate1("enc",$cmac,$in0); } + else + { &call ("_aesni_encrypt1",$cmac); } + + &mov ("esp",&DWP(48,"esp")); + &mov ($out,&wparam(5)); + &movups (&QWP(0,$out),$cmac); +&function_end("aesni_ccm64_decrypt_blocks"); +} + +###################################################################### +# void aesni_ctr32_encrypt_blocks (const void *in, void *out, +# size_t blocks, const AES_KEY *key, +# const char *ivec); +# +# Handles only complete blocks, operates on 32-bit counter and +# does not update *ivec! (see engine/eng_aesni.c for details) +# +# stack layout: +# 0 pshufb mask +# 16 vector addend: 0,6,6,6 +# 32 counter-less ivec +# 48 1st triplet of counter vector +# 64 2nd triplet of counter vector +# 80 saved %esp + +&function_begin("aesni_ctr32_encrypt_blocks"); + &mov ($inp,&wparam(0)); + &mov ($out,&wparam(1)); + &mov ($len,&wparam(2)); + &mov ($key,&wparam(3)); + &mov ($rounds_,&wparam(4)); + &mov ($key_,"esp"); + &sub ("esp",88); + &and ("esp",-16); # align stack + &mov (&DWP(80,"esp"),$key_); + + &cmp ($len,1); + &je (&label("ctr32_one_shortcut")); + + &movdqu ($inout5,&QWP(0,$rounds_)); # load ivec + + # compose byte-swap control mask for pshufb on stack + &mov (&DWP(0,"esp"),0x0c0d0e0f); + &mov (&DWP(4,"esp"),0x08090a0b); + &mov (&DWP(8,"esp"),0x04050607); + &mov (&DWP(12,"esp"),0x00010203); + + # compose counter increment vector on stack + &mov ($rounds,6); + &xor ($key_,$key_); + &mov (&DWP(16,"esp"),$rounds); + &mov (&DWP(20,"esp"),$rounds); + &mov (&DWP(24,"esp"),$rounds); + &mov (&DWP(28,"esp"),$key_); + + &pextrd ($rounds_,$inout5,3); # pull 32-bit counter + &pinsrd ($inout5,$key_,3); # wipe 32-bit counter + + &mov ($rounds,&DWP(240,$key)); # key->rounds + + # compose 2 vectors of 3x32-bit counters + &bswap ($rounds_); + &pxor ($rndkey1,$rndkey1); + &pxor ($rndkey0,$rndkey0); + &movdqa ($inout0,&QWP(0,"esp")); # load byte-swap mask + &pinsrd ($rndkey1,$rounds_,0); + &lea ($key_,&DWP(3,$rounds_)); + &pinsrd ($rndkey0,$key_,0); + &inc ($rounds_); + &pinsrd ($rndkey1,$rounds_,1); + &inc ($key_); + &pinsrd ($rndkey0,$key_,1); + &inc ($rounds_); + &pinsrd ($rndkey1,$rounds_,2); + &inc ($key_); + &pinsrd ($rndkey0,$key_,2); + &movdqa (&QWP(48,"esp"),$rndkey1); # save 1st triplet + &pshufb ($rndkey1,$inout0); # byte swap + &movdqa (&QWP(64,"esp"),$rndkey0); # save 2nd triplet + &pshufb ($rndkey0,$inout0); # byte swap + + &pshufd ($inout0,$rndkey1,3<<6); # place counter to upper dword + &pshufd ($inout1,$rndkey1,2<<6); + &cmp ($len,6); + &jb (&label("ctr32_tail")); + &movdqa (&QWP(32,"esp"),$inout5); # save counter-less ivec + &shr ($rounds,1); + &mov ($key_,$key); # backup $key + &mov ($rounds_,$rounds); # backup $rounds + &sub ($len,6); + &jmp (&label("ctr32_loop6")); + +&set_label("ctr32_loop6",16); + &pshufd ($inout2,$rndkey1,1<<6); + &movdqa ($rndkey1,&QWP(32,"esp")); # pull counter-less ivec + &pshufd ($inout3,$rndkey0,3<<6); + &por ($inout0,$rndkey1); # merge counter-less ivec + &pshufd ($inout4,$rndkey0,2<<6); + &por ($inout1,$rndkey1); + &pshufd ($inout5,$rndkey0,1<<6); + &por ($inout2,$rndkey1); + &por ($inout3,$rndkey1); + &por ($inout4,$rndkey1); + &por ($inout5,$rndkey1); + + # inlining _aesni_encrypt6's prologue gives ~4% improvement... + &$movekey ($rndkey0,&QWP(0,$key_)); + &$movekey ($rndkey1,&QWP(16,$key_)); + &lea ($key,&DWP(32,$key_)); + &dec ($rounds); + &pxor ($inout0,$rndkey0); + &pxor ($inout1,$rndkey0); + &aesenc ($inout0,$rndkey1); + &pxor ($inout2,$rndkey0); + &aesenc ($inout1,$rndkey1); + &pxor ($inout3,$rndkey0); + &aesenc ($inout2,$rndkey1); + &pxor ($inout4,$rndkey0); + &aesenc ($inout3,$rndkey1); + &pxor ($inout5,$rndkey0); + &aesenc ($inout4,$rndkey1); + &$movekey ($rndkey0,&QWP(0,$key)); + &aesenc ($inout5,$rndkey1); + + &call (&label("_aesni_encrypt6_enter")); + + &movups ($rndkey1,&QWP(0,$inp)); + &movups ($rndkey0,&QWP(0x10,$inp)); + &xorps ($inout0,$rndkey1); + &movups ($rndkey1,&QWP(0x20,$inp)); + &xorps ($inout1,$rndkey0); + &movups (&QWP(0,$out),$inout0); + &movdqa ($rndkey0,&QWP(16,"esp")); # load increment + &xorps ($inout2,$rndkey1); + &movdqa ($rndkey1,&QWP(48,"esp")); # load 1st triplet + &movups (&QWP(0x10,$out),$inout1); + &movups (&QWP(0x20,$out),$inout2); + + &paddd ($rndkey1,$rndkey0); # 1st triplet increment + &paddd ($rndkey0,&QWP(64,"esp")); # 2nd triplet increment + &movdqa ($inout0,&QWP(0,"esp")); # load byte swap mask + + &movups ($inout1,&QWP(0x30,$inp)); + &movups ($inout2,&QWP(0x40,$inp)); + &xorps ($inout3,$inout1); + &movups ($inout1,&QWP(0x50,$inp)); + &lea ($inp,&DWP(0x60,$inp)); + &movdqa (&QWP(48,"esp"),$rndkey1); # save 1st triplet + &pshufb ($rndkey1,$inout0); # byte swap + &xorps ($inout4,$inout2); + &movups (&QWP(0x30,$out),$inout3); + &xorps ($inout5,$inout1); + &movdqa (&QWP(64,"esp"),$rndkey0); # save 2nd triplet + &pshufb ($rndkey0,$inout0); # byte swap + &movups (&QWP(0x40,$out),$inout4); + &pshufd ($inout0,$rndkey1,3<<6); + &movups (&QWP(0x50,$out),$inout5); + &lea ($out,&DWP(0x60,$out)); + + &mov ($rounds,$rounds_); + &pshufd ($inout1,$rndkey1,2<<6); + &sub ($len,6); + &jnc (&label("ctr32_loop6")); + + &add ($len,6); + &jz (&label("ctr32_ret")); + &mov ($key,$key_); + &lea ($rounds,&DWP(1,"",$rounds,2)); # restore $rounds + &movdqa ($inout5,&QWP(32,"esp")); # pull count-less ivec + +&set_label("ctr32_tail"); + &por ($inout0,$inout5); + &cmp ($len,2); + &jb (&label("ctr32_one")); + + &pshufd ($inout2,$rndkey1,1<<6); + &por ($inout1,$inout5); + &je (&label("ctr32_two")); + + &pshufd ($inout3,$rndkey0,3<<6); + &por ($inout2,$inout5); + &cmp ($len,4); + &jb (&label("ctr32_three")); + + &pshufd ($inout4,$rndkey0,2<<6); + &por ($inout3,$inout5); + &je (&label("ctr32_four")); + + &por ($inout4,$inout5); + &call ("_aesni_encrypt6"); + &movups ($rndkey1,&QWP(0,$inp)); + &movups ($rndkey0,&QWP(0x10,$inp)); + &xorps ($inout0,$rndkey1); + &movups ($rndkey1,&QWP(0x20,$inp)); + &xorps ($inout1,$rndkey0); + &movups ($rndkey0,&QWP(0x30,$inp)); + &xorps ($inout2,$rndkey1); + &movups ($rndkey1,&QWP(0x40,$inp)); + &xorps ($inout3,$rndkey0); + &movups (&QWP(0,$out),$inout0); + &xorps ($inout4,$rndkey1); + &movups (&QWP(0x10,$out),$inout1); + &movups (&QWP(0x20,$out),$inout2); + &movups (&QWP(0x30,$out),$inout3); + &movups (&QWP(0x40,$out),$inout4); + &jmp (&label("ctr32_ret")); + +&set_label("ctr32_one_shortcut",16); + &movups ($inout0,&QWP(0,$rounds_)); # load ivec + &mov ($rounds,&DWP(240,$key)); + +&set_label("ctr32_one"); + if ($inline) + { &aesni_inline_generate1("enc"); } + else + { &call ("_aesni_encrypt1"); } + &movups ($in0,&QWP(0,$inp)); + &xorps ($in0,$inout0); + &movups (&QWP(0,$out),$in0); + &jmp (&label("ctr32_ret")); + +&set_label("ctr32_two",16); + &call ("_aesni_encrypt3"); + &movups ($inout3,&QWP(0,$inp)); + &movups ($inout4,&QWP(0x10,$inp)); + &xorps ($inout0,$inout3); + &xorps ($inout1,$inout4); + &movups (&QWP(0,$out),$inout0); + &movups (&QWP(0x10,$out),$inout1); + &jmp (&label("ctr32_ret")); + +&set_label("ctr32_three",16); + &call ("_aesni_encrypt3"); + &movups ($inout3,&QWP(0,$inp)); + &movups ($inout4,&QWP(0x10,$inp)); + &xorps ($inout0,$inout3); + &movups ($inout5,&QWP(0x20,$inp)); + &xorps ($inout1,$inout4); + &movups (&QWP(0,$out),$inout0); + &xorps ($inout2,$inout5); + &movups (&QWP(0x10,$out),$inout1); + &movups (&QWP(0x20,$out),$inout2); + &jmp (&label("ctr32_ret")); + +&set_label("ctr32_four",16); + &call ("_aesni_encrypt4"); + &movups ($inout4,&QWP(0,$inp)); + &movups ($inout5,&QWP(0x10,$inp)); + &movups ($rndkey1,&QWP(0x20,$inp)); + &xorps ($inout0,$inout4); + &movups ($rndkey0,&QWP(0x30,$inp)); + &xorps ($inout1,$inout5); + &movups (&QWP(0,$out),$inout0); + &xorps ($inout2,$rndkey1); + &movups (&QWP(0x10,$out),$inout1); + &xorps ($inout3,$rndkey0); + &movups (&QWP(0x20,$out),$inout2); + &movups (&QWP(0x30,$out),$inout3); + +&set_label("ctr32_ret"); + &mov ("esp",&DWP(80,"esp")); +&function_end("aesni_ctr32_encrypt_blocks"); + +###################################################################### +# void aesni_xts_[en|de]crypt(const char *inp,char *out,size_t len, +# const AES_KEY *key1, const AES_KEY *key2 +# const unsigned char iv[16]); +# +{ my ($tweak,$twtmp,$twres,$twmask)=($rndkey1,$rndkey0,$inout0,$inout1); + +&function_begin("aesni_xts_encrypt"); + &mov ($key,&wparam(4)); # key2 + &mov ($inp,&wparam(5)); # clear-text tweak + + &mov ($rounds,&DWP(240,$key)); # key2->rounds + &movups ($inout0,&QWP(0,$inp)); + if ($inline) + { &aesni_inline_generate1("enc"); } + else + { &call ("_aesni_encrypt1"); } + + &mov ($inp,&wparam(0)); + &mov ($out,&wparam(1)); + &mov ($len,&wparam(2)); + &mov ($key,&wparam(3)); # key1 + + &mov ($key_,"esp"); + &sub ("esp",16*7+8); + &mov ($rounds,&DWP(240,$key)); # key1->rounds + &and ("esp",-16); # align stack + + &mov (&DWP(16*6+0,"esp"),0x87); # compose the magic constant + &mov (&DWP(16*6+4,"esp"),0); + &mov (&DWP(16*6+8,"esp"),1); + &mov (&DWP(16*6+12,"esp"),0); + &mov (&DWP(16*7+0,"esp"),$len); # save original $len + &mov (&DWP(16*7+4,"esp"),$key_); # save original %esp + + &movdqa ($tweak,$inout0); + &pxor ($twtmp,$twtmp); + &movdqa ($twmask,&QWP(6*16,"esp")); # 0x0...010...87 + &pcmpgtd($twtmp,$tweak); # broadcast upper bits + + &and ($len,-16); + &mov ($key_,$key); # backup $key + &mov ($rounds_,$rounds); # backup $rounds + &sub ($len,16*6); + &jc (&label("xts_enc_short")); + + &shr ($rounds,1); + &mov ($rounds_,$rounds); + &jmp (&label("xts_enc_loop6")); + +&set_label("xts_enc_loop6",16); + for ($i=0;$i<4;$i++) { + &pshufd ($twres,$twtmp,0x13); + &pxor ($twtmp,$twtmp); + &movdqa (&QWP(16*$i,"esp"),$tweak); + &paddq ($tweak,$tweak); # &psllq($tweak,1); + &pand ($twres,$twmask); # isolate carry and residue + &pcmpgtd ($twtmp,$tweak); # broadcast upper bits + &pxor ($tweak,$twres); + } + &pshufd ($inout5,$twtmp,0x13); + &movdqa (&QWP(16*$i++,"esp"),$tweak); + &paddq ($tweak,$tweak); # &psllq($tweak,1); + &$movekey ($rndkey0,&QWP(0,$key_)); + &pand ($inout5,$twmask); # isolate carry and residue + &movups ($inout0,&QWP(0,$inp)); # load input + &pxor ($inout5,$tweak); + + # inline _aesni_encrypt6 prologue and flip xor with tweak and key[0] + &movdqu ($inout1,&QWP(16*1,$inp)); + &xorps ($inout0,$rndkey0); # input^=rndkey[0] + &movdqu ($inout2,&QWP(16*2,$inp)); + &pxor ($inout1,$rndkey0); + &movdqu ($inout3,&QWP(16*3,$inp)); + &pxor ($inout2,$rndkey0); + &movdqu ($inout4,&QWP(16*4,$inp)); + &pxor ($inout3,$rndkey0); + &movdqu ($rndkey1,&QWP(16*5,$inp)); + &pxor ($inout4,$rndkey0); + &lea ($inp,&DWP(16*6,$inp)); + &pxor ($inout0,&QWP(16*0,"esp")); # input^=tweak + &movdqa (&QWP(16*$i,"esp"),$inout5); # save last tweak + &pxor ($inout5,$rndkey1); + + &$movekey ($rndkey1,&QWP(16,$key_)); + &lea ($key,&DWP(32,$key_)); + &pxor ($inout1,&QWP(16*1,"esp")); + &aesenc ($inout0,$rndkey1); + &pxor ($inout2,&QWP(16*2,"esp")); + &aesenc ($inout1,$rndkey1); + &pxor ($inout3,&QWP(16*3,"esp")); + &dec ($rounds); + &aesenc ($inout2,$rndkey1); + &pxor ($inout4,&QWP(16*4,"esp")); + &aesenc ($inout3,$rndkey1); + &pxor ($inout5,$rndkey0); + &aesenc ($inout4,$rndkey1); + &$movekey ($rndkey0,&QWP(0,$key)); + &aesenc ($inout5,$rndkey1); + &call (&label("_aesni_encrypt6_enter")); + + &movdqa ($tweak,&QWP(16*5,"esp")); # last tweak + &pxor ($twtmp,$twtmp); + &xorps ($inout0,&QWP(16*0,"esp")); # output^=tweak + &pcmpgtd ($twtmp,$tweak); # broadcast upper bits + &xorps ($inout1,&QWP(16*1,"esp")); + &movups (&QWP(16*0,$out),$inout0); # write output + &xorps ($inout2,&QWP(16*2,"esp")); + &movups (&QWP(16*1,$out),$inout1); + &xorps ($inout3,&QWP(16*3,"esp")); + &movups (&QWP(16*2,$out),$inout2); + &xorps ($inout4,&QWP(16*4,"esp")); + &movups (&QWP(16*3,$out),$inout3); + &xorps ($inout5,$tweak); + &movups (&QWP(16*4,$out),$inout4); + &pshufd ($twres,$twtmp,0x13); + &movups (&QWP(16*5,$out),$inout5); + &lea ($out,&DWP(16*6,$out)); + &movdqa ($twmask,&QWP(16*6,"esp")); # 0x0...010...87 + + &pxor ($twtmp,$twtmp); + &paddq ($tweak,$tweak); # &psllq($tweak,1); + &pand ($twres,$twmask); # isolate carry and residue + &pcmpgtd($twtmp,$tweak); # broadcast upper bits + &mov ($rounds,$rounds_); # restore $rounds + &pxor ($tweak,$twres); + + &sub ($len,16*6); + &jnc (&label("xts_enc_loop6")); + + &lea ($rounds,&DWP(1,"",$rounds,2)); # restore $rounds + &mov ($key,$key_); # restore $key + &mov ($rounds_,$rounds); + +&set_label("xts_enc_short"); + &add ($len,16*6); + &jz (&label("xts_enc_done6x")); + + &movdqa ($inout3,$tweak); # put aside previous tweak + &cmp ($len,0x20); + &jb (&label("xts_enc_one")); + + &pshufd ($twres,$twtmp,0x13); + &pxor ($twtmp,$twtmp); + &paddq ($tweak,$tweak); # &psllq($tweak,1); + &pand ($twres,$twmask); # isolate carry and residue + &pcmpgtd($twtmp,$tweak); # broadcast upper bits + &pxor ($tweak,$twres); + &je (&label("xts_enc_two")); + + &pshufd ($twres,$twtmp,0x13); + &pxor ($twtmp,$twtmp); + &movdqa ($inout4,$tweak); # put aside previous tweak + &paddq ($tweak,$tweak); # &psllq($tweak,1); + &pand ($twres,$twmask); # isolate carry and residue + &pcmpgtd($twtmp,$tweak); # broadcast upper bits + &pxor ($tweak,$twres); + &cmp ($len,0x40); + &jb (&label("xts_enc_three")); + + &pshufd ($twres,$twtmp,0x13); + &pxor ($twtmp,$twtmp); + &movdqa ($inout5,$tweak); # put aside previous tweak + &paddq ($tweak,$tweak); # &psllq($tweak,1); + &pand ($twres,$twmask); # isolate carry and residue + &pcmpgtd($twtmp,$tweak); # broadcast upper bits + &pxor ($tweak,$twres); + &movdqa (&QWP(16*0,"esp"),$inout3); + &movdqa (&QWP(16*1,"esp"),$inout4); + &je (&label("xts_enc_four")); + + &movdqa (&QWP(16*2,"esp"),$inout5); + &pshufd ($inout5,$twtmp,0x13); + &movdqa (&QWP(16*3,"esp"),$tweak); + &paddq ($tweak,$tweak); # &psllq($inout0,1); + &pand ($inout5,$twmask); # isolate carry and residue + &pxor ($inout5,$tweak); + + &movdqu ($inout0,&QWP(16*0,$inp)); # load input + &movdqu ($inout1,&QWP(16*1,$inp)); + &movdqu ($inout2,&QWP(16*2,$inp)); + &pxor ($inout0,&QWP(16*0,"esp")); # input^=tweak + &movdqu ($inout3,&QWP(16*3,$inp)); + &pxor ($inout1,&QWP(16*1,"esp")); + &movdqu ($inout4,&QWP(16*4,$inp)); + &pxor ($inout2,&QWP(16*2,"esp")); + &lea ($inp,&DWP(16*5,$inp)); + &pxor ($inout3,&QWP(16*3,"esp")); + &movdqa (&QWP(16*4,"esp"),$inout5); # save last tweak + &pxor ($inout4,$inout5); + + &call ("_aesni_encrypt6"); + + &movaps ($tweak,&QWP(16*4,"esp")); # last tweak + &xorps ($inout0,&QWP(16*0,"esp")); # output^=tweak + &xorps ($inout1,&QWP(16*1,"esp")); + &xorps ($inout2,&QWP(16*2,"esp")); + &movups (&QWP(16*0,$out),$inout0); # write output + &xorps ($inout3,&QWP(16*3,"esp")); + &movups (&QWP(16*1,$out),$inout1); + &xorps ($inout4,$tweak); + &movups (&QWP(16*2,$out),$inout2); + &movups (&QWP(16*3,$out),$inout3); + &movups (&QWP(16*4,$out),$inout4); + &lea ($out,&DWP(16*5,$out)); + &jmp (&label("xts_enc_done")); + +&set_label("xts_enc_one",16); + &movups ($inout0,&QWP(16*0,$inp)); # load input + &lea ($inp,&DWP(16*1,$inp)); + &xorps ($inout0,$inout3); # input^=tweak + if ($inline) + { &aesni_inline_generate1("enc"); } + else + { &call ("_aesni_encrypt1"); } + &xorps ($inout0,$inout3); # output^=tweak + &movups (&QWP(16*0,$out),$inout0); # write output + &lea ($out,&DWP(16*1,$out)); + + &movdqa ($tweak,$inout3); # last tweak + &jmp (&label("xts_enc_done")); + +&set_label("xts_enc_two",16); + &movaps ($inout4,$tweak); # put aside last tweak + + &movups ($inout0,&QWP(16*0,$inp)); # load input + &movups ($inout1,&QWP(16*1,$inp)); + &lea ($inp,&DWP(16*2,$inp)); + &xorps ($inout0,$inout3); # input^=tweak + &xorps ($inout1,$inout4); + &xorps ($inout2,$inout2); + + &call ("_aesni_encrypt3"); + + &xorps ($inout0,$inout3); # output^=tweak + &xorps ($inout1,$inout4); + &movups (&QWP(16*0,$out),$inout0); # write output + &movups (&QWP(16*1,$out),$inout1); + &lea ($out,&DWP(16*2,$out)); + + &movdqa ($tweak,$inout4); # last tweak + &jmp (&label("xts_enc_done")); + +&set_label("xts_enc_three",16); + &movaps ($inout5,$tweak); # put aside last tweak + &movups ($inout0,&QWP(16*0,$inp)); # load input + &movups ($inout1,&QWP(16*1,$inp)); + &movups ($inout2,&QWP(16*2,$inp)); + &lea ($inp,&DWP(16*3,$inp)); + &xorps ($inout0,$inout3); # input^=tweak + &xorps ($inout1,$inout4); + &xorps ($inout2,$inout5); + + &call ("_aesni_encrypt3"); + + &xorps ($inout0,$inout3); # output^=tweak + &xorps ($inout1,$inout4); + &xorps ($inout2,$inout5); + &movups (&QWP(16*0,$out),$inout0); # write output + &movups (&QWP(16*1,$out),$inout1); + &movups (&QWP(16*2,$out),$inout2); + &lea ($out,&DWP(16*3,$out)); + + &movdqa ($tweak,$inout5); # last tweak + &jmp (&label("xts_enc_done")); + +&set_label("xts_enc_four",16); + &movaps ($inout4,$tweak); # put aside last tweak + + &movups ($inout0,&QWP(16*0,$inp)); # load input + &movups ($inout1,&QWP(16*1,$inp)); + &movups ($inout2,&QWP(16*2,$inp)); + &xorps ($inout0,&QWP(16*0,"esp")); # input^=tweak + &movups ($inout3,&QWP(16*3,$inp)); + &lea ($inp,&DWP(16*4,$inp)); + &xorps ($inout1,&QWP(16*1,"esp")); + &xorps ($inout2,$inout5); + &xorps ($inout3,$inout4); + + &call ("_aesni_encrypt4"); + + &xorps ($inout0,&QWP(16*0,"esp")); # output^=tweak + &xorps ($inout1,&QWP(16*1,"esp")); + &xorps ($inout2,$inout5); + &movups (&QWP(16*0,$out),$inout0); # write output + &xorps ($inout3,$inout4); + &movups (&QWP(16*1,$out),$inout1); + &movups (&QWP(16*2,$out),$inout2); + &movups (&QWP(16*3,$out),$inout3); + &lea ($out,&DWP(16*4,$out)); + + &movdqa ($tweak,$inout4); # last tweak + &jmp (&label("xts_enc_done")); + +&set_label("xts_enc_done6x",16); # $tweak is pre-calculated + &mov ($len,&DWP(16*7+0,"esp")); # restore original $len + &and ($len,15); + &jz (&label("xts_enc_ret")); + &movdqa ($inout3,$tweak); + &mov (&DWP(16*7+0,"esp"),$len); # save $len%16 + &jmp (&label("xts_enc_steal")); + +&set_label("xts_enc_done",16); + &mov ($len,&DWP(16*7+0,"esp")); # restore original $len + &pxor ($twtmp,$twtmp); + &and ($len,15); + &jz (&label("xts_enc_ret")); + + &pcmpgtd($twtmp,$tweak); # broadcast upper bits + &mov (&DWP(16*7+0,"esp"),$len); # save $len%16 + &pshufd ($inout3,$twtmp,0x13); + &paddq ($tweak,$tweak); # &psllq($tweak,1); + &pand ($inout3,&QWP(16*6,"esp")); # isolate carry and residue + &pxor ($inout3,$tweak); + +&set_label("xts_enc_steal"); + &movz ($rounds,&BP(0,$inp)); + &movz ($key,&BP(-16,$out)); + &lea ($inp,&DWP(1,$inp)); + &mov (&BP(-16,$out),&LB($rounds)); + &mov (&BP(0,$out),&LB($key)); + &lea ($out,&DWP(1,$out)); + &sub ($len,1); + &jnz (&label("xts_enc_steal")); + + &sub ($out,&DWP(16*7+0,"esp")); # rewind $out + &mov ($key,$key_); # restore $key + &mov ($rounds,$rounds_); # restore $rounds + + &movups ($inout0,&QWP(-16,$out)); # load input + &xorps ($inout0,$inout3); # input^=tweak + if ($inline) + { &aesni_inline_generate1("enc"); } + else + { &call ("_aesni_encrypt1"); } + &xorps ($inout0,$inout3); # output^=tweak + &movups (&QWP(-16,$out),$inout0); # write output + +&set_label("xts_enc_ret"); + &mov ("esp",&DWP(16*7+4,"esp")); # restore %esp +&function_end("aesni_xts_encrypt"); + +&function_begin("aesni_xts_decrypt"); + &mov ($key,&wparam(4)); # key2 + &mov ($inp,&wparam(5)); # clear-text tweak + + &mov ($rounds,&DWP(240,$key)); # key2->rounds + &movups ($inout0,&QWP(0,$inp)); + if ($inline) + { &aesni_inline_generate1("enc"); } + else + { &call ("_aesni_encrypt1"); } + + &mov ($inp,&wparam(0)); + &mov ($out,&wparam(1)); + &mov ($len,&wparam(2)); + &mov ($key,&wparam(3)); # key1 + + &mov ($key_,"esp"); + &sub ("esp",16*7+8); + &and ("esp",-16); # align stack + + &xor ($rounds_,$rounds_); # if(len%16) len-=16; + &test ($len,15); + &setnz (&LB($rounds_)); + &shl ($rounds_,4); + &sub ($len,$rounds_); + + &mov (&DWP(16*6+0,"esp"),0x87); # compose the magic constant + &mov (&DWP(16*6+4,"esp"),0); + &mov (&DWP(16*6+8,"esp"),1); + &mov (&DWP(16*6+12,"esp"),0); + &mov (&DWP(16*7+0,"esp"),$len); # save original $len + &mov (&DWP(16*7+4,"esp"),$key_); # save original %esp + + &mov ($rounds,&DWP(240,$key)); # key1->rounds + &mov ($key_,$key); # backup $key + &mov ($rounds_,$rounds); # backup $rounds + + &movdqa ($tweak,$inout0); + &pxor ($twtmp,$twtmp); + &movdqa ($twmask,&QWP(6*16,"esp")); # 0x0...010...87 + &pcmpgtd($twtmp,$tweak); # broadcast upper bits + + &and ($len,-16); + &sub ($len,16*6); + &jc (&label("xts_dec_short")); + + &shr ($rounds,1); + &mov ($rounds_,$rounds); + &jmp (&label("xts_dec_loop6")); + +&set_label("xts_dec_loop6",16); + for ($i=0;$i<4;$i++) { + &pshufd ($twres,$twtmp,0x13); + &pxor ($twtmp,$twtmp); + &movdqa (&QWP(16*$i,"esp"),$tweak); + &paddq ($tweak,$tweak); # &psllq($tweak,1); + &pand ($twres,$twmask); # isolate carry and residue + &pcmpgtd ($twtmp,$tweak); # broadcast upper bits + &pxor ($tweak,$twres); + } + &pshufd ($inout5,$twtmp,0x13); + &movdqa (&QWP(16*$i++,"esp"),$tweak); + &paddq ($tweak,$tweak); # &psllq($tweak,1); + &$movekey ($rndkey0,&QWP(0,$key_)); + &pand ($inout5,$twmask); # isolate carry and residue + &movups ($inout0,&QWP(0,$inp)); # load input + &pxor ($inout5,$tweak); + + # inline _aesni_encrypt6 prologue and flip xor with tweak and key[0] + &movdqu ($inout1,&QWP(16*1,$inp)); + &xorps ($inout0,$rndkey0); # input^=rndkey[0] + &movdqu ($inout2,&QWP(16*2,$inp)); + &pxor ($inout1,$rndkey0); + &movdqu ($inout3,&QWP(16*3,$inp)); + &pxor ($inout2,$rndkey0); + &movdqu ($inout4,&QWP(16*4,$inp)); + &pxor ($inout3,$rndkey0); + &movdqu ($rndkey1,&QWP(16*5,$inp)); + &pxor ($inout4,$rndkey0); + &lea ($inp,&DWP(16*6,$inp)); + &pxor ($inout0,&QWP(16*0,"esp")); # input^=tweak + &movdqa (&QWP(16*$i,"esp"),$inout5); # save last tweak + &pxor ($inout5,$rndkey1); + + &$movekey ($rndkey1,&QWP(16,$key_)); + &lea ($key,&DWP(32,$key_)); + &pxor ($inout1,&QWP(16*1,"esp")); + &aesdec ($inout0,$rndkey1); + &pxor ($inout2,&QWP(16*2,"esp")); + &aesdec ($inout1,$rndkey1); + &pxor ($inout3,&QWP(16*3,"esp")); + &dec ($rounds); + &aesdec ($inout2,$rndkey1); + &pxor ($inout4,&QWP(16*4,"esp")); + &aesdec ($inout3,$rndkey1); + &pxor ($inout5,$rndkey0); + &aesdec ($inout4,$rndkey1); + &$movekey ($rndkey0,&QWP(0,$key)); + &aesdec ($inout5,$rndkey1); + &call (&label("_aesni_decrypt6_enter")); + + &movdqa ($tweak,&QWP(16*5,"esp")); # last tweak + &pxor ($twtmp,$twtmp); + &xorps ($inout0,&QWP(16*0,"esp")); # output^=tweak + &pcmpgtd ($twtmp,$tweak); # broadcast upper bits + &xorps ($inout1,&QWP(16*1,"esp")); + &movups (&QWP(16*0,$out),$inout0); # write output + &xorps ($inout2,&QWP(16*2,"esp")); + &movups (&QWP(16*1,$out),$inout1); + &xorps ($inout3,&QWP(16*3,"esp")); + &movups (&QWP(16*2,$out),$inout2); + &xorps ($inout4,&QWP(16*4,"esp")); + &movups (&QWP(16*3,$out),$inout3); + &xorps ($inout5,$tweak); + &movups (&QWP(16*4,$out),$inout4); + &pshufd ($twres,$twtmp,0x13); + &movups (&QWP(16*5,$out),$inout5); + &lea ($out,&DWP(16*6,$out)); + &movdqa ($twmask,&QWP(16*6,"esp")); # 0x0...010...87 + + &pxor ($twtmp,$twtmp); + &paddq ($tweak,$tweak); # &psllq($tweak,1); + &pand ($twres,$twmask); # isolate carry and residue + &pcmpgtd($twtmp,$tweak); # broadcast upper bits + &mov ($rounds,$rounds_); # restore $rounds + &pxor ($tweak,$twres); + + &sub ($len,16*6); + &jnc (&label("xts_dec_loop6")); + + &lea ($rounds,&DWP(1,"",$rounds,2)); # restore $rounds + &mov ($key,$key_); # restore $key + &mov ($rounds_,$rounds); + +&set_label("xts_dec_short"); + &add ($len,16*6); + &jz (&label("xts_dec_done6x")); + + &movdqa ($inout3,$tweak); # put aside previous tweak + &cmp ($len,0x20); + &jb (&label("xts_dec_one")); + + &pshufd ($twres,$twtmp,0x13); + &pxor ($twtmp,$twtmp); + &paddq ($tweak,$tweak); # &psllq($tweak,1); + &pand ($twres,$twmask); # isolate carry and residue + &pcmpgtd($twtmp,$tweak); # broadcast upper bits + &pxor ($tweak,$twres); + &je (&label("xts_dec_two")); + + &pshufd ($twres,$twtmp,0x13); + &pxor ($twtmp,$twtmp); + &movdqa ($inout4,$tweak); # put aside previous tweak + &paddq ($tweak,$tweak); # &psllq($tweak,1); + &pand ($twres,$twmask); # isolate carry and residue + &pcmpgtd($twtmp,$tweak); # broadcast upper bits + &pxor ($tweak,$twres); + &cmp ($len,0x40); + &jb (&label("xts_dec_three")); + + &pshufd ($twres,$twtmp,0x13); + &pxor ($twtmp,$twtmp); + &movdqa ($inout5,$tweak); # put aside previous tweak + &paddq ($tweak,$tweak); # &psllq($tweak,1); + &pand ($twres,$twmask); # isolate carry and residue + &pcmpgtd($twtmp,$tweak); # broadcast upper bits + &pxor ($tweak,$twres); + &movdqa (&QWP(16*0,"esp"),$inout3); + &movdqa (&QWP(16*1,"esp"),$inout4); + &je (&label("xts_dec_four")); + + &movdqa (&QWP(16*2,"esp"),$inout5); + &pshufd ($inout5,$twtmp,0x13); + &movdqa (&QWP(16*3,"esp"),$tweak); + &paddq ($tweak,$tweak); # &psllq($inout0,1); + &pand ($inout5,$twmask); # isolate carry and residue + &pxor ($inout5,$tweak); + + &movdqu ($inout0,&QWP(16*0,$inp)); # load input + &movdqu ($inout1,&QWP(16*1,$inp)); + &movdqu ($inout2,&QWP(16*2,$inp)); + &pxor ($inout0,&QWP(16*0,"esp")); # input^=tweak + &movdqu ($inout3,&QWP(16*3,$inp)); + &pxor ($inout1,&QWP(16*1,"esp")); + &movdqu ($inout4,&QWP(16*4,$inp)); + &pxor ($inout2,&QWP(16*2,"esp")); + &lea ($inp,&DWP(16*5,$inp)); + &pxor ($inout3,&QWP(16*3,"esp")); + &movdqa (&QWP(16*4,"esp"),$inout5); # save last tweak + &pxor ($inout4,$inout5); + + &call ("_aesni_decrypt6"); + + &movaps ($tweak,&QWP(16*4,"esp")); # last tweak + &xorps ($inout0,&QWP(16*0,"esp")); # output^=tweak + &xorps ($inout1,&QWP(16*1,"esp")); + &xorps ($inout2,&QWP(16*2,"esp")); + &movups (&QWP(16*0,$out),$inout0); # write output + &xorps ($inout3,&QWP(16*3,"esp")); + &movups (&QWP(16*1,$out),$inout1); + &xorps ($inout4,$tweak); + &movups (&QWP(16*2,$out),$inout2); + &movups (&QWP(16*3,$out),$inout3); + &movups (&QWP(16*4,$out),$inout4); + &lea ($out,&DWP(16*5,$out)); + &jmp (&label("xts_dec_done")); + +&set_label("xts_dec_one",16); + &movups ($inout0,&QWP(16*0,$inp)); # load input + &lea ($inp,&DWP(16*1,$inp)); + &xorps ($inout0,$inout3); # input^=tweak + if ($inline) + { &aesni_inline_generate1("dec"); } + else + { &call ("_aesni_decrypt1"); } + &xorps ($inout0,$inout3); # output^=tweak + &movups (&QWP(16*0,$out),$inout0); # write output + &lea ($out,&DWP(16*1,$out)); + + &movdqa ($tweak,$inout3); # last tweak + &jmp (&label("xts_dec_done")); + +&set_label("xts_dec_two",16); + &movaps ($inout4,$tweak); # put aside last tweak + + &movups ($inout0,&QWP(16*0,$inp)); # load input + &movups ($inout1,&QWP(16*1,$inp)); + &lea ($inp,&DWP(16*2,$inp)); + &xorps ($inout0,$inout3); # input^=tweak + &xorps ($inout1,$inout4); + + &call ("_aesni_decrypt3"); + + &xorps ($inout0,$inout3); # output^=tweak + &xorps ($inout1,$inout4); + &movups (&QWP(16*0,$out),$inout0); # write output + &movups (&QWP(16*1,$out),$inout1); + &lea ($out,&DWP(16*2,$out)); + + &movdqa ($tweak,$inout4); # last tweak + &jmp (&label("xts_dec_done")); + +&set_label("xts_dec_three",16); + &movaps ($inout5,$tweak); # put aside last tweak + &movups ($inout0,&QWP(16*0,$inp)); # load input + &movups ($inout1,&QWP(16*1,$inp)); + &movups ($inout2,&QWP(16*2,$inp)); + &lea ($inp,&DWP(16*3,$inp)); + &xorps ($inout0,$inout3); # input^=tweak + &xorps ($inout1,$inout4); + &xorps ($inout2,$inout5); + + &call ("_aesni_decrypt3"); + + &xorps ($inout0,$inout3); # output^=tweak + &xorps ($inout1,$inout4); + &xorps ($inout2,$inout5); + &movups (&QWP(16*0,$out),$inout0); # write output + &movups (&QWP(16*1,$out),$inout1); + &movups (&QWP(16*2,$out),$inout2); + &lea ($out,&DWP(16*3,$out)); + + &movdqa ($tweak,$inout5); # last tweak + &jmp (&label("xts_dec_done")); + +&set_label("xts_dec_four",16); + &movaps ($inout4,$tweak); # put aside last tweak + + &movups ($inout0,&QWP(16*0,$inp)); # load input + &movups ($inout1,&QWP(16*1,$inp)); + &movups ($inout2,&QWP(16*2,$inp)); + &xorps ($inout0,&QWP(16*0,"esp")); # input^=tweak + &movups ($inout3,&QWP(16*3,$inp)); + &lea ($inp,&DWP(16*4,$inp)); + &xorps ($inout1,&QWP(16*1,"esp")); + &xorps ($inout2,$inout5); + &xorps ($inout3,$inout4); + + &call ("_aesni_decrypt4"); + + &xorps ($inout0,&QWP(16*0,"esp")); # output^=tweak + &xorps ($inout1,&QWP(16*1,"esp")); + &xorps ($inout2,$inout5); + &movups (&QWP(16*0,$out),$inout0); # write output + &xorps ($inout3,$inout4); + &movups (&QWP(16*1,$out),$inout1); + &movups (&QWP(16*2,$out),$inout2); + &movups (&QWP(16*3,$out),$inout3); + &lea ($out,&DWP(16*4,$out)); + + &movdqa ($tweak,$inout4); # last tweak + &jmp (&label("xts_dec_done")); + +&set_label("xts_dec_done6x",16); # $tweak is pre-calculated + &mov ($len,&DWP(16*7+0,"esp")); # restore original $len + &and ($len,15); + &jz (&label("xts_dec_ret")); + &mov (&DWP(16*7+0,"esp"),$len); # save $len%16 + &jmp (&label("xts_dec_only_one_more")); + +&set_label("xts_dec_done",16); + &mov ($len,&DWP(16*7+0,"esp")); # restore original $len + &pxor ($twtmp,$twtmp); + &and ($len,15); + &jz (&label("xts_dec_ret")); + + &pcmpgtd($twtmp,$tweak); # broadcast upper bits + &mov (&DWP(16*7+0,"esp"),$len); # save $len%16 + &pshufd ($twres,$twtmp,0x13); + &pxor ($twtmp,$twtmp); + &movdqa ($twmask,&QWP(16*6,"esp")); + &paddq ($tweak,$tweak); # &psllq($tweak,1); + &pand ($twres,$twmask); # isolate carry and residue + &pcmpgtd($twtmp,$tweak); # broadcast upper bits + &pxor ($tweak,$twres); + +&set_label("xts_dec_only_one_more"); + &pshufd ($inout3,$twtmp,0x13); + &movdqa ($inout4,$tweak); # put aside previous tweak + &paddq ($tweak,$tweak); # &psllq($tweak,1); + &pand ($inout3,$twmask); # isolate carry and residue + &pxor ($inout3,$tweak); + + &mov ($key,$key_); # restore $key + &mov ($rounds,$rounds_); # restore $rounds + + &movups ($inout0,&QWP(0,$inp)); # load input + &xorps ($inout0,$inout3); # input^=tweak + if ($inline) + { &aesni_inline_generate1("dec"); } + else + { &call ("_aesni_decrypt1"); } + &xorps ($inout0,$inout3); # output^=tweak + &movups (&QWP(0,$out),$inout0); # write output + +&set_label("xts_dec_steal"); + &movz ($rounds,&BP(16,$inp)); + &movz ($key,&BP(0,$out)); + &lea ($inp,&DWP(1,$inp)); + &mov (&BP(0,$out),&LB($rounds)); + &mov (&BP(16,$out),&LB($key)); + &lea ($out,&DWP(1,$out)); + &sub ($len,1); + &jnz (&label("xts_dec_steal")); + + &sub ($out,&DWP(16*7+0,"esp")); # rewind $out + &mov ($key,$key_); # restore $key + &mov ($rounds,$rounds_); # restore $rounds + + &movups ($inout0,&QWP(0,$out)); # load input + &xorps ($inout0,$inout4); # input^=tweak + if ($inline) + { &aesni_inline_generate1("dec"); } + else + { &call ("_aesni_decrypt1"); } + &xorps ($inout0,$inout4); # output^=tweak + &movups (&QWP(0,$out),$inout0); # write output + +&set_label("xts_dec_ret"); + &mov ("esp",&DWP(16*7+4,"esp")); # restore %esp +&function_end("aesni_xts_decrypt"); +} +} + +###################################################################### +# void $PREFIX_cbc_encrypt (const void *inp, void *out, +# size_t length, const AES_KEY *key, +# unsigned char *ivp,const int enc); +&function_begin("${PREFIX}_cbc_encrypt"); + &mov ($inp,&wparam(0)); + &mov ($rounds_,"esp"); + &mov ($out,&wparam(1)); + &sub ($rounds_,24); + &mov ($len,&wparam(2)); + &and ($rounds_,-16); + &mov ($key,&wparam(3)); + &mov ($key_,&wparam(4)); + &test ($len,$len); + &jz (&label("cbc_abort")); + + &cmp (&wparam(5),0); + &xchg ($rounds_,"esp"); # alloca + &movups ($ivec,&QWP(0,$key_)); # load IV + &mov ($rounds,&DWP(240,$key)); + &mov ($key_,$key); # backup $key + &mov (&DWP(16,"esp"),$rounds_); # save original %esp + &mov ($rounds_,$rounds); # backup $rounds + &je (&label("cbc_decrypt")); + + &movaps ($inout0,$ivec); + &cmp ($len,16); + &jb (&label("cbc_enc_tail")); + &sub ($len,16); + &jmp (&label("cbc_enc_loop")); + +&set_label("cbc_enc_loop",16); + &movups ($ivec,&QWP(0,$inp)); # input actually + &lea ($inp,&DWP(16,$inp)); + if ($inline) + { &aesni_inline_generate1("enc",$inout0,$ivec); } + else + { &xorps($inout0,$ivec); &call("_aesni_encrypt1"); } + &mov ($rounds,$rounds_); # restore $rounds + &mov ($key,$key_); # restore $key + &movups (&QWP(0,$out),$inout0); # store output + &lea ($out,&DWP(16,$out)); + &sub ($len,16); + &jnc (&label("cbc_enc_loop")); + &add ($len,16); + &jnz (&label("cbc_enc_tail")); + &movaps ($ivec,$inout0); + &jmp (&label("cbc_ret")); + +&set_label("cbc_enc_tail"); + &mov ("ecx",$len); # zaps $rounds + &data_word(0xA4F3F689); # rep movsb + &mov ("ecx",16); # zero tail + &sub ("ecx",$len); + &xor ("eax","eax"); # zaps $len + &data_word(0xAAF3F689); # rep stosb + &lea ($out,&DWP(-16,$out)); # rewind $out by 1 block + &mov ($rounds,$rounds_); # restore $rounds + &mov ($inp,$out); # $inp and $out are the same + &mov ($key,$key_); # restore $key + &jmp (&label("cbc_enc_loop")); +###################################################################### +&set_label("cbc_decrypt",16); + &cmp ($len,0x50); + &jbe (&label("cbc_dec_tail")); + &movaps (&QWP(0,"esp"),$ivec); # save IV + &sub ($len,0x50); + &jmp (&label("cbc_dec_loop6_enter")); + +&set_label("cbc_dec_loop6",16); + &movaps (&QWP(0,"esp"),$rndkey0); # save IV + &movups (&QWP(0,$out),$inout5); + &lea ($out,&DWP(0x10,$out)); +&set_label("cbc_dec_loop6_enter"); + &movdqu ($inout0,&QWP(0,$inp)); + &movdqu ($inout1,&QWP(0x10,$inp)); + &movdqu ($inout2,&QWP(0x20,$inp)); + &movdqu ($inout3,&QWP(0x30,$inp)); + &movdqu ($inout4,&QWP(0x40,$inp)); + &movdqu ($inout5,&QWP(0x50,$inp)); + + &call ("_aesni_decrypt6"); + + &movups ($rndkey1,&QWP(0,$inp)); + &movups ($rndkey0,&QWP(0x10,$inp)); + &xorps ($inout0,&QWP(0,"esp")); # ^=IV + &xorps ($inout1,$rndkey1); + &movups ($rndkey1,&QWP(0x20,$inp)); + &xorps ($inout2,$rndkey0); + &movups ($rndkey0,&QWP(0x30,$inp)); + &xorps ($inout3,$rndkey1); + &movups ($rndkey1,&QWP(0x40,$inp)); + &xorps ($inout4,$rndkey0); + &movups ($rndkey0,&QWP(0x50,$inp)); # IV + &xorps ($inout5,$rndkey1); + &movups (&QWP(0,$out),$inout0); + &movups (&QWP(0x10,$out),$inout1); + &lea ($inp,&DWP(0x60,$inp)); + &movups (&QWP(0x20,$out),$inout2); + &mov ($rounds,$rounds_) # restore $rounds + &movups (&QWP(0x30,$out),$inout3); + &mov ($key,$key_); # restore $key + &movups (&QWP(0x40,$out),$inout4); + &lea ($out,&DWP(0x50,$out)); + &sub ($len,0x60); + &ja (&label("cbc_dec_loop6")); + + &movaps ($inout0,$inout5); + &movaps ($ivec,$rndkey0); + &add ($len,0x50); + &jle (&label("cbc_dec_tail_collected")); + &movups (&QWP(0,$out),$inout0); + &lea ($out,&DWP(0x10,$out)); +&set_label("cbc_dec_tail"); + &movups ($inout0,&QWP(0,$inp)); + &movaps ($in0,$inout0); + &cmp ($len,0x10); + &jbe (&label("cbc_dec_one")); + + &movups ($inout1,&QWP(0x10,$inp)); + &movaps ($in1,$inout1); + &cmp ($len,0x20); + &jbe (&label("cbc_dec_two")); + + &movups ($inout2,&QWP(0x20,$inp)); + &cmp ($len,0x30); + &jbe (&label("cbc_dec_three")); + + &movups ($inout3,&QWP(0x30,$inp)); + &cmp ($len,0x40); + &jbe (&label("cbc_dec_four")); + + &movups ($inout4,&QWP(0x40,$inp)); + &movaps (&QWP(0,"esp"),$ivec); # save IV + &movups ($inout0,&QWP(0,$inp)); + &xorps ($inout5,$inout5); + &call ("_aesni_decrypt6"); + &movups ($rndkey1,&QWP(0,$inp)); + &movups ($rndkey0,&QWP(0x10,$inp)); + &xorps ($inout0,&QWP(0,"esp")); # ^= IV + &xorps ($inout1,$rndkey1); + &movups ($rndkey1,&QWP(0x20,$inp)); + &xorps ($inout2,$rndkey0); + &movups ($rndkey0,&QWP(0x30,$inp)); + &xorps ($inout3,$rndkey1); + &movups ($ivec,&QWP(0x40,$inp)); # IV + &xorps ($inout4,$rndkey0); + &movups (&QWP(0,$out),$inout0); + &movups (&QWP(0x10,$out),$inout1); + &movups (&QWP(0x20,$out),$inout2); + &movups (&QWP(0x30,$out),$inout3); + &lea ($out,&DWP(0x40,$out)); + &movaps ($inout0,$inout4); + &sub ($len,0x50); + &jmp (&label("cbc_dec_tail_collected")); + +&set_label("cbc_dec_one",16); + if ($inline) + { &aesni_inline_generate1("dec"); } + else + { &call ("_aesni_decrypt1"); } + &xorps ($inout0,$ivec); + &movaps ($ivec,$in0); + &sub ($len,0x10); + &jmp (&label("cbc_dec_tail_collected")); + +&set_label("cbc_dec_two",16); + &xorps ($inout2,$inout2); + &call ("_aesni_decrypt3"); + &xorps ($inout0,$ivec); + &xorps ($inout1,$in0); + &movups (&QWP(0,$out),$inout0); + &movaps ($inout0,$inout1); + &lea ($out,&DWP(0x10,$out)); + &movaps ($ivec,$in1); + &sub ($len,0x20); + &jmp (&label("cbc_dec_tail_collected")); + +&set_label("cbc_dec_three",16); + &call ("_aesni_decrypt3"); + &xorps ($inout0,$ivec); + &xorps ($inout1,$in0); + &xorps ($inout2,$in1); + &movups (&QWP(0,$out),$inout0); + &movaps ($inout0,$inout2); + &movups (&QWP(0x10,$out),$inout1); + &lea ($out,&DWP(0x20,$out)); + &movups ($ivec,&QWP(0x20,$inp)); + &sub ($len,0x30); + &jmp (&label("cbc_dec_tail_collected")); + +&set_label("cbc_dec_four",16); + &call ("_aesni_decrypt4"); + &movups ($rndkey1,&QWP(0x10,$inp)); + &movups ($rndkey0,&QWP(0x20,$inp)); + &xorps ($inout0,$ivec); + &movups ($ivec,&QWP(0x30,$inp)); + &xorps ($inout1,$in0); + &movups (&QWP(0,$out),$inout0); + &xorps ($inout2,$rndkey1); + &movups (&QWP(0x10,$out),$inout1); + &xorps ($inout3,$rndkey0); + &movups (&QWP(0x20,$out),$inout2); + &lea ($out,&DWP(0x30,$out)); + &movaps ($inout0,$inout3); + &sub ($len,0x40); + +&set_label("cbc_dec_tail_collected"); + &and ($len,15); + &jnz (&label("cbc_dec_tail_partial")); + &movups (&QWP(0,$out),$inout0); + &jmp (&label("cbc_ret")); + +&set_label("cbc_dec_tail_partial",16); + &movaps (&QWP(0,"esp"),$inout0); + &mov ("ecx",16); + &mov ($inp,"esp"); + &sub ("ecx",$len); + &data_word(0xA4F3F689); # rep movsb + +&set_label("cbc_ret"); + &mov ("esp",&DWP(16,"esp")); # pull original %esp + &mov ($key_,&wparam(4)); + &movups (&QWP(0,$key_),$ivec); # output IV +&set_label("cbc_abort"); +&function_end("${PREFIX}_cbc_encrypt"); + +###################################################################### +# Mechanical port from aesni-x86_64.pl. +# +# _aesni_set_encrypt_key is private interface, +# input: +# "eax" const unsigned char *userKey +# $rounds int bits +# $key AES_KEY *key +# output: +# "eax" return code +# $round rounds + +&function_begin_B("_aesni_set_encrypt_key"); + &test ("eax","eax"); + &jz (&label("bad_pointer")); + &test ($key,$key); + &jz (&label("bad_pointer")); + + &movups ("xmm0",&QWP(0,"eax")); # pull first 128 bits of *userKey + &xorps ("xmm4","xmm4"); # low dword of xmm4 is assumed 0 + &lea ($key,&DWP(16,$key)); + &cmp ($rounds,256); + &je (&label("14rounds")); + &cmp ($rounds,192); + &je (&label("12rounds")); + &cmp ($rounds,128); + &jne (&label("bad_keybits")); + +&set_label("10rounds",16); + &mov ($rounds,9); + &$movekey (&QWP(-16,$key),"xmm0"); # round 0 + &aeskeygenassist("xmm1","xmm0",0x01); # round 1 + &call (&label("key_128_cold")); + &aeskeygenassist("xmm1","xmm0",0x2); # round 2 + &call (&label("key_128")); + &aeskeygenassist("xmm1","xmm0",0x04); # round 3 + &call (&label("key_128")); + &aeskeygenassist("xmm1","xmm0",0x08); # round 4 + &call (&label("key_128")); + &aeskeygenassist("xmm1","xmm0",0x10); # round 5 + &call (&label("key_128")); + &aeskeygenassist("xmm1","xmm0",0x20); # round 6 + &call (&label("key_128")); + &aeskeygenassist("xmm1","xmm0",0x40); # round 7 + &call (&label("key_128")); + &aeskeygenassist("xmm1","xmm0",0x80); # round 8 + &call (&label("key_128")); + &aeskeygenassist("xmm1","xmm0",0x1b); # round 9 + &call (&label("key_128")); + &aeskeygenassist("xmm1","xmm0",0x36); # round 10 + &call (&label("key_128")); + &$movekey (&QWP(0,$key),"xmm0"); + &mov (&DWP(80,$key),$rounds); + &xor ("eax","eax"); + &ret(); + +&set_label("key_128",16); + &$movekey (&QWP(0,$key),"xmm0"); + &lea ($key,&DWP(16,$key)); +&set_label("key_128_cold"); + &shufps ("xmm4","xmm0",0b00010000); + &xorps ("xmm0","xmm4"); + &shufps ("xmm4","xmm0",0b10001100); + &xorps ("xmm0","xmm4"); + &shufps ("xmm1","xmm1",0b11111111); # critical path + &xorps ("xmm0","xmm1"); + &ret(); + +&set_label("12rounds",16); + &movq ("xmm2",&QWP(16,"eax")); # remaining 1/3 of *userKey + &mov ($rounds,11); + &$movekey (&QWP(-16,$key),"xmm0") # round 0 + &aeskeygenassist("xmm1","xmm2",0x01); # round 1,2 + &call (&label("key_192a_cold")); + &aeskeygenassist("xmm1","xmm2",0x02); # round 2,3 + &call (&label("key_192b")); + &aeskeygenassist("xmm1","xmm2",0x04); # round 4,5 + &call (&label("key_192a")); + &aeskeygenassist("xmm1","xmm2",0x08); # round 5,6 + &call (&label("key_192b")); + &aeskeygenassist("xmm1","xmm2",0x10); # round 7,8 + &call (&label("key_192a")); + &aeskeygenassist("xmm1","xmm2",0x20); # round 8,9 + &call (&label("key_192b")); + &aeskeygenassist("xmm1","xmm2",0x40); # round 10,11 + &call (&label("key_192a")); + &aeskeygenassist("xmm1","xmm2",0x80); # round 11,12 + &call (&label("key_192b")); + &$movekey (&QWP(0,$key),"xmm0"); + &mov (&DWP(48,$key),$rounds); + &xor ("eax","eax"); + &ret(); + +&set_label("key_192a",16); + &$movekey (&QWP(0,$key),"xmm0"); + &lea ($key,&DWP(16,$key)); +&set_label("key_192a_cold",16); + &movaps ("xmm5","xmm2"); +&set_label("key_192b_warm"); + &shufps ("xmm4","xmm0",0b00010000); + &movdqa ("xmm3","xmm2"); + &xorps ("xmm0","xmm4"); + &shufps ("xmm4","xmm0",0b10001100); + &pslldq ("xmm3",4); + &xorps ("xmm0","xmm4"); + &pshufd ("xmm1","xmm1",0b01010101); # critical path + &pxor ("xmm2","xmm3"); + &pxor ("xmm0","xmm1"); + &pshufd ("xmm3","xmm0",0b11111111); + &pxor ("xmm2","xmm3"); + &ret(); + +&set_label("key_192b",16); + &movaps ("xmm3","xmm0"); + &shufps ("xmm5","xmm0",0b01000100); + &$movekey (&QWP(0,$key),"xmm5"); + &shufps ("xmm3","xmm2",0b01001110); + &$movekey (&QWP(16,$key),"xmm3"); + &lea ($key,&DWP(32,$key)); + &jmp (&label("key_192b_warm")); + +&set_label("14rounds",16); + &movups ("xmm2",&QWP(16,"eax")); # remaining half of *userKey + &mov ($rounds,13); + &lea ($key,&DWP(16,$key)); + &$movekey (&QWP(-32,$key),"xmm0"); # round 0 + &$movekey (&QWP(-16,$key),"xmm2"); # round 1 + &aeskeygenassist("xmm1","xmm2",0x01); # round 2 + &call (&label("key_256a_cold")); + &aeskeygenassist("xmm1","xmm0",0x01); # round 3 + &call (&label("key_256b")); + &aeskeygenassist("xmm1","xmm2",0x02); # round 4 + &call (&label("key_256a")); + &aeskeygenassist("xmm1","xmm0",0x02); # round 5 + &call (&label("key_256b")); + &aeskeygenassist("xmm1","xmm2",0x04); # round 6 + &call (&label("key_256a")); + &aeskeygenassist("xmm1","xmm0",0x04); # round 7 + &call (&label("key_256b")); + &aeskeygenassist("xmm1","xmm2",0x08); # round 8 + &call (&label("key_256a")); + &aeskeygenassist("xmm1","xmm0",0x08); # round 9 + &call (&label("key_256b")); + &aeskeygenassist("xmm1","xmm2",0x10); # round 10 + &call (&label("key_256a")); + &aeskeygenassist("xmm1","xmm0",0x10); # round 11 + &call (&label("key_256b")); + &aeskeygenassist("xmm1","xmm2",0x20); # round 12 + &call (&label("key_256a")); + &aeskeygenassist("xmm1","xmm0",0x20); # round 13 + &call (&label("key_256b")); + &aeskeygenassist("xmm1","xmm2",0x40); # round 14 + &call (&label("key_256a")); + &$movekey (&QWP(0,$key),"xmm0"); + &mov (&DWP(16,$key),$rounds); + &xor ("eax","eax"); + &ret(); + +&set_label("key_256a",16); + &$movekey (&QWP(0,$key),"xmm2"); + &lea ($key,&DWP(16,$key)); +&set_label("key_256a_cold"); + &shufps ("xmm4","xmm0",0b00010000); + &xorps ("xmm0","xmm4"); + &shufps ("xmm4","xmm0",0b10001100); + &xorps ("xmm0","xmm4"); + &shufps ("xmm1","xmm1",0b11111111); # critical path + &xorps ("xmm0","xmm1"); + &ret(); + +&set_label("key_256b",16); + &$movekey (&QWP(0,$key),"xmm0"); + &lea ($key,&DWP(16,$key)); + + &shufps ("xmm4","xmm2",0b00010000); + &xorps ("xmm2","xmm4"); + &shufps ("xmm4","xmm2",0b10001100); + &xorps ("xmm2","xmm4"); + &shufps ("xmm1","xmm1",0b10101010); # critical path + &xorps ("xmm2","xmm1"); + &ret(); + +&set_label("bad_pointer",4); + &mov ("eax",-1); + &ret (); +&set_label("bad_keybits",4); + &mov ("eax",-2); + &ret (); +&function_end_B("_aesni_set_encrypt_key"); + +# int $PREFIX_set_encrypt_key (const unsigned char *userKey, int bits, +# AES_KEY *key) +&function_begin_B("${PREFIX}_set_encrypt_key"); + &mov ("eax",&wparam(0)); + &mov ($rounds,&wparam(1)); + &mov ($key,&wparam(2)); + &call ("_aesni_set_encrypt_key"); + &ret (); +&function_end_B("${PREFIX}_set_encrypt_key"); + +# int $PREFIX_set_decrypt_key (const unsigned char *userKey, int bits, +# AES_KEY *key) +&function_begin_B("${PREFIX}_set_decrypt_key"); + &mov ("eax",&wparam(0)); + &mov ($rounds,&wparam(1)); + &mov ($key,&wparam(2)); + &call ("_aesni_set_encrypt_key"); + &mov ($key,&wparam(2)); + &shl ($rounds,4) # rounds-1 after _aesni_set_encrypt_key + &test ("eax","eax"); + &jnz (&label("dec_key_ret")); + &lea ("eax",&DWP(16,$key,$rounds)); # end of key schedule + + &$movekey ("xmm0",&QWP(0,$key)); # just swap + &$movekey ("xmm1",&QWP(0,"eax")); + &$movekey (&QWP(0,"eax"),"xmm0"); + &$movekey (&QWP(0,$key),"xmm1"); + &lea ($key,&DWP(16,$key)); + &lea ("eax",&DWP(-16,"eax")); + +&set_label("dec_key_inverse"); + &$movekey ("xmm0",&QWP(0,$key)); # swap and inverse + &$movekey ("xmm1",&QWP(0,"eax")); + &aesimc ("xmm0","xmm0"); + &aesimc ("xmm1","xmm1"); + &lea ($key,&DWP(16,$key)); + &lea ("eax",&DWP(-16,"eax")); + &$movekey (&QWP(16,"eax"),"xmm0"); + &$movekey (&QWP(-16,$key),"xmm1"); + &cmp ("eax",$key); + &ja (&label("dec_key_inverse")); + + &$movekey ("xmm0",&QWP(0,$key)); # inverse middle + &aesimc ("xmm0","xmm0"); + &$movekey (&QWP(0,$key),"xmm0"); + + &xor ("eax","eax"); # return success +&set_label("dec_key_ret"); + &ret (); +&function_end_B("${PREFIX}_set_decrypt_key"); +&asciz("AES for Intel AES-NI, CRYPTOGAMS by "); + +&asm_finish(); diff --git a/src/lib/libcrypto/aes/asm/aesni-x86_64.pl b/src/lib/libcrypto/aes/asm/aesni-x86_64.pl new file mode 100644 index 00000000000..c073667fcbc --- /dev/null +++ b/src/lib/libcrypto/aes/asm/aesni-x86_64.pl @@ -0,0 +1,3041 @@ +#!/usr/bin/env perl +# +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== +# +# This module implements support for Intel AES-NI extension. In +# OpenSSL context it's used with Intel engine, but can also be used as +# drop-in replacement for crypto/aes/asm/aes-x86_64.pl [see below for +# details]. +# +# Performance. +# +# Given aes(enc|dec) instructions' latency asymptotic performance for +# non-parallelizable modes such as CBC encrypt is 3.75 cycles per byte +# processed with 128-bit key. And given their throughput asymptotic +# performance for parallelizable modes is 1.25 cycles per byte. Being +# asymptotic limit it's not something you commonly achieve in reality, +# but how close does one get? Below are results collected for +# different modes and block sized. Pairs of numbers are for en-/ +# decryption. +# +# 16-byte 64-byte 256-byte 1-KB 8-KB +# ECB 4.25/4.25 1.38/1.38 1.28/1.28 1.26/1.26 1.26/1.26 +# CTR 5.42/5.42 1.92/1.92 1.44/1.44 1.28/1.28 1.26/1.26 +# CBC 4.38/4.43 4.15/1.43 4.07/1.32 4.07/1.29 4.06/1.28 +# CCM 5.66/9.42 4.42/5.41 4.16/4.40 4.09/4.15 4.06/4.07 +# OFB 5.42/5.42 4.64/4.64 4.44/4.44 4.39/4.39 4.38/4.38 +# CFB 5.73/5.85 5.56/5.62 5.48/5.56 5.47/5.55 5.47/5.55 +# +# ECB, CTR, CBC and CCM results are free from EVP overhead. This means +# that otherwise used 'openssl speed -evp aes-128-??? -engine aesni +# [-decrypt]' will exhibit 10-15% worse results for smaller blocks. +# The results were collected with specially crafted speed.c benchmark +# in order to compare them with results reported in "Intel Advanced +# Encryption Standard (AES) New Instruction Set" White Paper Revision +# 3.0 dated May 2010. All above results are consistently better. This +# module also provides better performance for block sizes smaller than +# 128 bytes in points *not* represented in the above table. +# +# Looking at the results for 8-KB buffer. +# +# CFB and OFB results are far from the limit, because implementation +# uses "generic" CRYPTO_[c|o]fb128_encrypt interfaces relying on +# single-block aesni_encrypt, which is not the most optimal way to go. +# CBC encrypt result is unexpectedly high and there is no documented +# explanation for it. Seemingly there is a small penalty for feeding +# the result back to AES unit the way it's done in CBC mode. There is +# nothing one can do and the result appears optimal. CCM result is +# identical to CBC, because CBC-MAC is essentially CBC encrypt without +# saving output. CCM CTR "stays invisible," because it's neatly +# interleaved wih CBC-MAC. This provides ~30% improvement over +# "straghtforward" CCM implementation with CTR and CBC-MAC performed +# disjointly. Parallelizable modes practically achieve the theoretical +# limit. +# +# Looking at how results vary with buffer size. +# +# Curves are practically saturated at 1-KB buffer size. In most cases +# "256-byte" performance is >95%, and "64-byte" is ~90% of "8-KB" one. +# CTR curve doesn't follow this pattern and is "slowest" changing one +# with "256-byte" result being 87% of "8-KB." This is because overhead +# in CTR mode is most computationally intensive. Small-block CCM +# decrypt is slower than encrypt, because first CTR and last CBC-MAC +# iterations can't be interleaved. +# +# Results for 192- and 256-bit keys. +# +# EVP-free results were observed to scale perfectly with number of +# rounds for larger block sizes, i.e. 192-bit result being 10/12 times +# lower and 256-bit one - 10/14. Well, in CBC encrypt case differences +# are a tad smaller, because the above mentioned penalty biases all +# results by same constant value. In similar way function call +# overhead affects small-block performance, as well as OFB and CFB +# results. Differences are not large, most common coefficients are +# 10/11.7 and 10/13.4 (as opposite to 10/12.0 and 10/14.0), but one +# observe even 10/11.2 and 10/12.4 (CTR, OFB, CFB)... + +# January 2011 +# +# While Westmere processor features 6 cycles latency for aes[enc|dec] +# instructions, which can be scheduled every second cycle, Sandy +# Bridge spends 8 cycles per instruction, but it can schedule them +# every cycle. This means that code targeting Westmere would perform +# suboptimally on Sandy Bridge. Therefore this update. +# +# In addition, non-parallelizable CBC encrypt (as well as CCM) is +# optimized. Relative improvement might appear modest, 8% on Westmere, +# but in absolute terms it's 3.77 cycles per byte encrypted with +# 128-bit key on Westmere, and 5.07 - on Sandy Bridge. These numbers +# should be compared to asymptotic limits of 3.75 for Westmere and +# 5.00 for Sandy Bridge. Actually, the fact that they get this close +# to asymptotic limits is quite amazing. Indeed, the limit is +# calculated as latency times number of rounds, 10 for 128-bit key, +# and divided by 16, the number of bytes in block, or in other words +# it accounts *solely* for aesenc instructions. But there are extra +# instructions, and numbers so close to the asymptotic limits mean +# that it's as if it takes as little as *one* additional cycle to +# execute all of them. How is it possible? It is possible thanks to +# out-of-order execution logic, which manages to overlap post- +# processing of previous block, things like saving the output, with +# actual encryption of current block, as well as pre-processing of +# current block, things like fetching input and xor-ing it with +# 0-round element of the key schedule, with actual encryption of +# previous block. Keep this in mind... +# +# For parallelizable modes, such as ECB, CBC decrypt, CTR, higher +# performance is achieved by interleaving instructions working on +# independent blocks. In which case asymptotic limit for such modes +# can be obtained by dividing above mentioned numbers by AES +# instructions' interleave factor. Westmere can execute at most 3 +# instructions at a time, meaning that optimal interleave factor is 3, +# and that's where the "magic" number of 1.25 come from. "Optimal +# interleave factor" means that increase of interleave factor does +# not improve performance. The formula has proven to reflect reality +# pretty well on Westmere... Sandy Bridge on the other hand can +# execute up to 8 AES instructions at a time, so how does varying +# interleave factor affect the performance? Here is table for ECB +# (numbers are cycles per byte processed with 128-bit key): +# +# instruction interleave factor 3x 6x 8x +# theoretical asymptotic limit 1.67 0.83 0.625 +# measured performance for 8KB block 1.05 0.86 0.84 +# +# "as if" interleave factor 4.7x 5.8x 6.0x +# +# Further data for other parallelizable modes: +# +# CBC decrypt 1.16 0.93 0.93 +# CTR 1.14 0.91 n/a +# +# Well, given 3x column it's probably inappropriate to call the limit +# asymptotic, if it can be surpassed, isn't it? What happens there? +# Rewind to CBC paragraph for the answer. Yes, out-of-order execution +# magic is responsible for this. Processor overlaps not only the +# additional instructions with AES ones, but even AES instuctions +# processing adjacent triplets of independent blocks. In the 6x case +# additional instructions still claim disproportionally small amount +# of additional cycles, but in 8x case number of instructions must be +# a tad too high for out-of-order logic to cope with, and AES unit +# remains underutilized... As you can see 8x interleave is hardly +# justifiable, so there no need to feel bad that 32-bit aesni-x86.pl +# utilizies 6x interleave because of limited register bank capacity. +# +# Higher interleave factors do have negative impact on Westmere +# performance. While for ECB mode it's negligible ~1.5%, other +# parallelizables perform ~5% worse, which is outweighed by ~25% +# improvement on Sandy Bridge. To balance regression on Westmere +# CTR mode was implemented with 6x aesenc interleave factor. + +# April 2011 +# +# Add aesni_xts_[en|de]crypt. Westmere spends 1.33 cycles processing +# one byte out of 8KB with 128-bit key, Sandy Bridge - 0.97. Just like +# in CTR mode AES instruction interleave factor was chosen to be 6x. + +$PREFIX="aesni"; # if $PREFIX is set to "AES", the script + # generates drop-in replacement for + # crypto/aes/asm/aes-x86_64.pl:-) + +$flavour = shift; +$output = shift; +if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } + +$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or +die "can't locate x86_64-xlate.pl"; + +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; + +$movkey = $PREFIX eq "aesni" ? "movups" : "movups"; +@_4args=$win64? ("%rcx","%rdx","%r8", "%r9") : # Win64 order + ("%rdi","%rsi","%rdx","%rcx"); # Unix order + +$code=".text\n"; + +$rounds="%eax"; # input to and changed by aesni_[en|de]cryptN !!! +# this is natural Unix argument order for public $PREFIX_[ecb|cbc]_encrypt ... +$inp="%rdi"; +$out="%rsi"; +$len="%rdx"; +$key="%rcx"; # input to and changed by aesni_[en|de]cryptN !!! +$ivp="%r8"; # cbc, ctr, ... + +$rnds_="%r10d"; # backup copy for $rounds +$key_="%r11"; # backup copy for $key + +# %xmm register layout +$rndkey0="%xmm0"; $rndkey1="%xmm1"; +$inout0="%xmm2"; $inout1="%xmm3"; +$inout2="%xmm4"; $inout3="%xmm5"; +$inout4="%xmm6"; $inout5="%xmm7"; +$inout6="%xmm8"; $inout7="%xmm9"; + +$in2="%xmm6"; $in1="%xmm7"; # used in CBC decrypt, CTR, ... +$in0="%xmm8"; $iv="%xmm9"; + +# Inline version of internal aesni_[en|de]crypt1. +# +# Why folded loop? Because aes[enc|dec] is slow enough to accommodate +# cycles which take care of loop variables... +{ my $sn; +sub aesni_generate1 { +my ($p,$key,$rounds,$inout,$ivec)=@_; $inout=$inout0 if (!defined($inout)); +++$sn; +$code.=<<___; + $movkey ($key),$rndkey0 + $movkey 16($key),$rndkey1 +___ +$code.=<<___ if (defined($ivec)); + xorps $rndkey0,$ivec + lea 32($key),$key + xorps $ivec,$inout +___ +$code.=<<___ if (!defined($ivec)); + lea 32($key),$key + xorps $rndkey0,$inout +___ +$code.=<<___; +.Loop_${p}1_$sn: + aes${p} $rndkey1,$inout + dec $rounds + $movkey ($key),$rndkey1 + lea 16($key),$key + jnz .Loop_${p}1_$sn # loop body is 16 bytes + aes${p}last $rndkey1,$inout +___ +}} +# void $PREFIX_[en|de]crypt (const void *inp,void *out,const AES_KEY *key); +# +{ my ($inp,$out,$key) = @_4args; + +$code.=<<___; +.globl ${PREFIX}_encrypt +.type ${PREFIX}_encrypt,\@abi-omnipotent +.align 16 +${PREFIX}_encrypt: + movups ($inp),$inout0 # load input + mov 240($key),$rounds # key->rounds +___ + &aesni_generate1("enc",$key,$rounds); +$code.=<<___; + movups $inout0,($out) # output + ret +.size ${PREFIX}_encrypt,.-${PREFIX}_encrypt + +.globl ${PREFIX}_decrypt +.type ${PREFIX}_decrypt,\@abi-omnipotent +.align 16 +${PREFIX}_decrypt: + movups ($inp),$inout0 # load input + mov 240($key),$rounds # key->rounds +___ + &aesni_generate1("dec",$key,$rounds); +$code.=<<___; + movups $inout0,($out) # output + ret +.size ${PREFIX}_decrypt, .-${PREFIX}_decrypt +___ +} + +# _aesni_[en|de]cryptN are private interfaces, N denotes interleave +# factor. Why 3x subroutine were originally used in loops? Even though +# aes[enc|dec] latency was originally 6, it could be scheduled only +# every *2nd* cycle. Thus 3x interleave was the one providing optimal +# utilization, i.e. when subroutine's throughput is virtually same as +# of non-interleaved subroutine [for number of input blocks up to 3]. +# This is why it makes no sense to implement 2x subroutine. +# aes[enc|dec] latency in next processor generation is 8, but the +# instructions can be scheduled every cycle. Optimal interleave for +# new processor is therefore 8x... +sub aesni_generate3 { +my $dir=shift; +# As already mentioned it takes in $key and $rounds, which are *not* +# preserved. $inout[0-2] is cipher/clear text... +$code.=<<___; +.type _aesni_${dir}rypt3,\@abi-omnipotent +.align 16 +_aesni_${dir}rypt3: + $movkey ($key),$rndkey0 + shr \$1,$rounds + $movkey 16($key),$rndkey1 + lea 32($key),$key + xorps $rndkey0,$inout0 + xorps $rndkey0,$inout1 + xorps $rndkey0,$inout2 + $movkey ($key),$rndkey0 + +.L${dir}_loop3: + aes${dir} $rndkey1,$inout0 + aes${dir} $rndkey1,$inout1 + dec $rounds + aes${dir} $rndkey1,$inout2 + $movkey 16($key),$rndkey1 + aes${dir} $rndkey0,$inout0 + aes${dir} $rndkey0,$inout1 + lea 32($key),$key + aes${dir} $rndkey0,$inout2 + $movkey ($key),$rndkey0 + jnz .L${dir}_loop3 + + aes${dir} $rndkey1,$inout0 + aes${dir} $rndkey1,$inout1 + aes${dir} $rndkey1,$inout2 + aes${dir}last $rndkey0,$inout0 + aes${dir}last $rndkey0,$inout1 + aes${dir}last $rndkey0,$inout2 + ret +.size _aesni_${dir}rypt3,.-_aesni_${dir}rypt3 +___ +} +# 4x interleave is implemented to improve small block performance, +# most notably [and naturally] 4 block by ~30%. One can argue that one +# should have implemented 5x as well, but improvement would be <20%, +# so it's not worth it... +sub aesni_generate4 { +my $dir=shift; +# As already mentioned it takes in $key and $rounds, which are *not* +# preserved. $inout[0-3] is cipher/clear text... +$code.=<<___; +.type _aesni_${dir}rypt4,\@abi-omnipotent +.align 16 +_aesni_${dir}rypt4: + $movkey ($key),$rndkey0 + shr \$1,$rounds + $movkey 16($key),$rndkey1 + lea 32($key),$key + xorps $rndkey0,$inout0 + xorps $rndkey0,$inout1 + xorps $rndkey0,$inout2 + xorps $rndkey0,$inout3 + $movkey ($key),$rndkey0 + +.L${dir}_loop4: + aes${dir} $rndkey1,$inout0 + aes${dir} $rndkey1,$inout1 + dec $rounds + aes${dir} $rndkey1,$inout2 + aes${dir} $rndkey1,$inout3 + $movkey 16($key),$rndkey1 + aes${dir} $rndkey0,$inout0 + aes${dir} $rndkey0,$inout1 + lea 32($key),$key + aes${dir} $rndkey0,$inout2 + aes${dir} $rndkey0,$inout3 + $movkey ($key),$rndkey0 + jnz .L${dir}_loop4 + + aes${dir} $rndkey1,$inout0 + aes${dir} $rndkey1,$inout1 + aes${dir} $rndkey1,$inout2 + aes${dir} $rndkey1,$inout3 + aes${dir}last $rndkey0,$inout0 + aes${dir}last $rndkey0,$inout1 + aes${dir}last $rndkey0,$inout2 + aes${dir}last $rndkey0,$inout3 + ret +.size _aesni_${dir}rypt4,.-_aesni_${dir}rypt4 +___ +} +sub aesni_generate6 { +my $dir=shift; +# As already mentioned it takes in $key and $rounds, which are *not* +# preserved. $inout[0-5] is cipher/clear text... +$code.=<<___; +.type _aesni_${dir}rypt6,\@abi-omnipotent +.align 16 +_aesni_${dir}rypt6: + $movkey ($key),$rndkey0 + shr \$1,$rounds + $movkey 16($key),$rndkey1 + lea 32($key),$key + xorps $rndkey0,$inout0 + pxor $rndkey0,$inout1 + aes${dir} $rndkey1,$inout0 + pxor $rndkey0,$inout2 + aes${dir} $rndkey1,$inout1 + pxor $rndkey0,$inout3 + aes${dir} $rndkey1,$inout2 + pxor $rndkey0,$inout4 + aes${dir} $rndkey1,$inout3 + pxor $rndkey0,$inout5 + dec $rounds + aes${dir} $rndkey1,$inout4 + $movkey ($key),$rndkey0 + aes${dir} $rndkey1,$inout5 + jmp .L${dir}_loop6_enter +.align 16 +.L${dir}_loop6: + aes${dir} $rndkey1,$inout0 + aes${dir} $rndkey1,$inout1 + dec $rounds + aes${dir} $rndkey1,$inout2 + aes${dir} $rndkey1,$inout3 + aes${dir} $rndkey1,$inout4 + aes${dir} $rndkey1,$inout5 +.L${dir}_loop6_enter: # happens to be 16-byte aligned + $movkey 16($key),$rndkey1 + aes${dir} $rndkey0,$inout0 + aes${dir} $rndkey0,$inout1 + lea 32($key),$key + aes${dir} $rndkey0,$inout2 + aes${dir} $rndkey0,$inout3 + aes${dir} $rndkey0,$inout4 + aes${dir} $rndkey0,$inout5 + $movkey ($key),$rndkey0 + jnz .L${dir}_loop6 + + aes${dir} $rndkey1,$inout0 + aes${dir} $rndkey1,$inout1 + aes${dir} $rndkey1,$inout2 + aes${dir} $rndkey1,$inout3 + aes${dir} $rndkey1,$inout4 + aes${dir} $rndkey1,$inout5 + aes${dir}last $rndkey0,$inout0 + aes${dir}last $rndkey0,$inout1 + aes${dir}last $rndkey0,$inout2 + aes${dir}last $rndkey0,$inout3 + aes${dir}last $rndkey0,$inout4 + aes${dir}last $rndkey0,$inout5 + ret +.size _aesni_${dir}rypt6,.-_aesni_${dir}rypt6 +___ +} +sub aesni_generate8 { +my $dir=shift; +# As already mentioned it takes in $key and $rounds, which are *not* +# preserved. $inout[0-7] is cipher/clear text... +$code.=<<___; +.type _aesni_${dir}rypt8,\@abi-omnipotent +.align 16 +_aesni_${dir}rypt8: + $movkey ($key),$rndkey0 + shr \$1,$rounds + $movkey 16($key),$rndkey1 + lea 32($key),$key + xorps $rndkey0,$inout0 + xorps $rndkey0,$inout1 + aes${dir} $rndkey1,$inout0 + pxor $rndkey0,$inout2 + aes${dir} $rndkey1,$inout1 + pxor $rndkey0,$inout3 + aes${dir} $rndkey1,$inout2 + pxor $rndkey0,$inout4 + aes${dir} $rndkey1,$inout3 + pxor $rndkey0,$inout5 + dec $rounds + aes${dir} $rndkey1,$inout4 + pxor $rndkey0,$inout6 + aes${dir} $rndkey1,$inout5 + pxor $rndkey0,$inout7 + $movkey ($key),$rndkey0 + aes${dir} $rndkey1,$inout6 + aes${dir} $rndkey1,$inout7 + $movkey 16($key),$rndkey1 + jmp .L${dir}_loop8_enter +.align 16 +.L${dir}_loop8: + aes${dir} $rndkey1,$inout0 + aes${dir} $rndkey1,$inout1 + dec $rounds + aes${dir} $rndkey1,$inout2 + aes${dir} $rndkey1,$inout3 + aes${dir} $rndkey1,$inout4 + aes${dir} $rndkey1,$inout5 + aes${dir} $rndkey1,$inout6 + aes${dir} $rndkey1,$inout7 + $movkey 16($key),$rndkey1 +.L${dir}_loop8_enter: # happens to be 16-byte aligned + aes${dir} $rndkey0,$inout0 + aes${dir} $rndkey0,$inout1 + lea 32($key),$key + aes${dir} $rndkey0,$inout2 + aes${dir} $rndkey0,$inout3 + aes${dir} $rndkey0,$inout4 + aes${dir} $rndkey0,$inout5 + aes${dir} $rndkey0,$inout6 + aes${dir} $rndkey0,$inout7 + $movkey ($key),$rndkey0 + jnz .L${dir}_loop8 + + aes${dir} $rndkey1,$inout0 + aes${dir} $rndkey1,$inout1 + aes${dir} $rndkey1,$inout2 + aes${dir} $rndkey1,$inout3 + aes${dir} $rndkey1,$inout4 + aes${dir} $rndkey1,$inout5 + aes${dir} $rndkey1,$inout6 + aes${dir} $rndkey1,$inout7 + aes${dir}last $rndkey0,$inout0 + aes${dir}last $rndkey0,$inout1 + aes${dir}last $rndkey0,$inout2 + aes${dir}last $rndkey0,$inout3 + aes${dir}last $rndkey0,$inout4 + aes${dir}last $rndkey0,$inout5 + aes${dir}last $rndkey0,$inout6 + aes${dir}last $rndkey0,$inout7 + ret +.size _aesni_${dir}rypt8,.-_aesni_${dir}rypt8 +___ +} +&aesni_generate3("enc") if ($PREFIX eq "aesni"); +&aesni_generate3("dec"); +&aesni_generate4("enc") if ($PREFIX eq "aesni"); +&aesni_generate4("dec"); +&aesni_generate6("enc") if ($PREFIX eq "aesni"); +&aesni_generate6("dec"); +&aesni_generate8("enc") if ($PREFIX eq "aesni"); +&aesni_generate8("dec"); + +if ($PREFIX eq "aesni") { +######################################################################## +# void aesni_ecb_encrypt (const void *in, void *out, +# size_t length, const AES_KEY *key, +# int enc); +$code.=<<___; +.globl aesni_ecb_encrypt +.type aesni_ecb_encrypt,\@function,5 +.align 16 +aesni_ecb_encrypt: + and \$-16,$len + jz .Lecb_ret + + mov 240($key),$rounds # key->rounds + $movkey ($key),$rndkey0 + mov $key,$key_ # backup $key + mov $rounds,$rnds_ # backup $rounds + test %r8d,%r8d # 5th argument + jz .Lecb_decrypt +#--------------------------- ECB ENCRYPT ------------------------------# + cmp \$0x80,$len + jb .Lecb_enc_tail + + movdqu ($inp),$inout0 + movdqu 0x10($inp),$inout1 + movdqu 0x20($inp),$inout2 + movdqu 0x30($inp),$inout3 + movdqu 0x40($inp),$inout4 + movdqu 0x50($inp),$inout5 + movdqu 0x60($inp),$inout6 + movdqu 0x70($inp),$inout7 + lea 0x80($inp),$inp + sub \$0x80,$len + jmp .Lecb_enc_loop8_enter +.align 16 +.Lecb_enc_loop8: + movups $inout0,($out) + mov $key_,$key # restore $key + movdqu ($inp),$inout0 + mov $rnds_,$rounds # restore $rounds + movups $inout1,0x10($out) + movdqu 0x10($inp),$inout1 + movups $inout2,0x20($out) + movdqu 0x20($inp),$inout2 + movups $inout3,0x30($out) + movdqu 0x30($inp),$inout3 + movups $inout4,0x40($out) + movdqu 0x40($inp),$inout4 + movups $inout5,0x50($out) + movdqu 0x50($inp),$inout5 + movups $inout6,0x60($out) + movdqu 0x60($inp),$inout6 + movups $inout7,0x70($out) + lea 0x80($out),$out + movdqu 0x70($inp),$inout7 + lea 0x80($inp),$inp +.Lecb_enc_loop8_enter: + + call _aesni_encrypt8 + + sub \$0x80,$len + jnc .Lecb_enc_loop8 + + movups $inout0,($out) + mov $key_,$key # restore $key + movups $inout1,0x10($out) + mov $rnds_,$rounds # restore $rounds + movups $inout2,0x20($out) + movups $inout3,0x30($out) + movups $inout4,0x40($out) + movups $inout5,0x50($out) + movups $inout6,0x60($out) + movups $inout7,0x70($out) + lea 0x80($out),$out + add \$0x80,$len + jz .Lecb_ret + +.Lecb_enc_tail: + movups ($inp),$inout0 + cmp \$0x20,$len + jb .Lecb_enc_one + movups 0x10($inp),$inout1 + je .Lecb_enc_two + movups 0x20($inp),$inout2 + cmp \$0x40,$len + jb .Lecb_enc_three + movups 0x30($inp),$inout3 + je .Lecb_enc_four + movups 0x40($inp),$inout4 + cmp \$0x60,$len + jb .Lecb_enc_five + movups 0x50($inp),$inout5 + je .Lecb_enc_six + movdqu 0x60($inp),$inout6 + call _aesni_encrypt8 + movups $inout0,($out) + movups $inout1,0x10($out) + movups $inout2,0x20($out) + movups $inout3,0x30($out) + movups $inout4,0x40($out) + movups $inout5,0x50($out) + movups $inout6,0x60($out) + jmp .Lecb_ret +.align 16 +.Lecb_enc_one: +___ + &aesni_generate1("enc",$key,$rounds); +$code.=<<___; + movups $inout0,($out) + jmp .Lecb_ret +.align 16 +.Lecb_enc_two: + xorps $inout2,$inout2 + call _aesni_encrypt3 + movups $inout0,($out) + movups $inout1,0x10($out) + jmp .Lecb_ret +.align 16 +.Lecb_enc_three: + call _aesni_encrypt3 + movups $inout0,($out) + movups $inout1,0x10($out) + movups $inout2,0x20($out) + jmp .Lecb_ret +.align 16 +.Lecb_enc_four: + call _aesni_encrypt4 + movups $inout0,($out) + movups $inout1,0x10($out) + movups $inout2,0x20($out) + movups $inout3,0x30($out) + jmp .Lecb_ret +.align 16 +.Lecb_enc_five: + xorps $inout5,$inout5 + call _aesni_encrypt6 + movups $inout0,($out) + movups $inout1,0x10($out) + movups $inout2,0x20($out) + movups $inout3,0x30($out) + movups $inout4,0x40($out) + jmp .Lecb_ret +.align 16 +.Lecb_enc_six: + call _aesni_encrypt6 + movups $inout0,($out) + movups $inout1,0x10($out) + movups $inout2,0x20($out) + movups $inout3,0x30($out) + movups $inout4,0x40($out) + movups $inout5,0x50($out) + jmp .Lecb_ret + #--------------------------- ECB DECRYPT ------------------------------# +.align 16 +.Lecb_decrypt: + cmp \$0x80,$len + jb .Lecb_dec_tail + + movdqu ($inp),$inout0 + movdqu 0x10($inp),$inout1 + movdqu 0x20($inp),$inout2 + movdqu 0x30($inp),$inout3 + movdqu 0x40($inp),$inout4 + movdqu 0x50($inp),$inout5 + movdqu 0x60($inp),$inout6 + movdqu 0x70($inp),$inout7 + lea 0x80($inp),$inp + sub \$0x80,$len + jmp .Lecb_dec_loop8_enter +.align 16 +.Lecb_dec_loop8: + movups $inout0,($out) + mov $key_,$key # restore $key + movdqu ($inp),$inout0 + mov $rnds_,$rounds # restore $rounds + movups $inout1,0x10($out) + movdqu 0x10($inp),$inout1 + movups $inout2,0x20($out) + movdqu 0x20($inp),$inout2 + movups $inout3,0x30($out) + movdqu 0x30($inp),$inout3 + movups $inout4,0x40($out) + movdqu 0x40($inp),$inout4 + movups $inout5,0x50($out) + movdqu 0x50($inp),$inout5 + movups $inout6,0x60($out) + movdqu 0x60($inp),$inout6 + movups $inout7,0x70($out) + lea 0x80($out),$out + movdqu 0x70($inp),$inout7 + lea 0x80($inp),$inp +.Lecb_dec_loop8_enter: + + call _aesni_decrypt8 + + $movkey ($key_),$rndkey0 + sub \$0x80,$len + jnc .Lecb_dec_loop8 + + movups $inout0,($out) + mov $key_,$key # restore $key + movups $inout1,0x10($out) + mov $rnds_,$rounds # restore $rounds + movups $inout2,0x20($out) + movups $inout3,0x30($out) + movups $inout4,0x40($out) + movups $inout5,0x50($out) + movups $inout6,0x60($out) + movups $inout7,0x70($out) + lea 0x80($out),$out + add \$0x80,$len + jz .Lecb_ret + +.Lecb_dec_tail: + movups ($inp),$inout0 + cmp \$0x20,$len + jb .Lecb_dec_one + movups 0x10($inp),$inout1 + je .Lecb_dec_two + movups 0x20($inp),$inout2 + cmp \$0x40,$len + jb .Lecb_dec_three + movups 0x30($inp),$inout3 + je .Lecb_dec_four + movups 0x40($inp),$inout4 + cmp \$0x60,$len + jb .Lecb_dec_five + movups 0x50($inp),$inout5 + je .Lecb_dec_six + movups 0x60($inp),$inout6 + $movkey ($key),$rndkey0 + call _aesni_decrypt8 + movups $inout0,($out) + movups $inout1,0x10($out) + movups $inout2,0x20($out) + movups $inout3,0x30($out) + movups $inout4,0x40($out) + movups $inout5,0x50($out) + movups $inout6,0x60($out) + jmp .Lecb_ret +.align 16 +.Lecb_dec_one: +___ + &aesni_generate1("dec",$key,$rounds); +$code.=<<___; + movups $inout0,($out) + jmp .Lecb_ret +.align 16 +.Lecb_dec_two: + xorps $inout2,$inout2 + call _aesni_decrypt3 + movups $inout0,($out) + movups $inout1,0x10($out) + jmp .Lecb_ret +.align 16 +.Lecb_dec_three: + call _aesni_decrypt3 + movups $inout0,($out) + movups $inout1,0x10($out) + movups $inout2,0x20($out) + jmp .Lecb_ret +.align 16 +.Lecb_dec_four: + call _aesni_decrypt4 + movups $inout0,($out) + movups $inout1,0x10($out) + movups $inout2,0x20($out) + movups $inout3,0x30($out) + jmp .Lecb_ret +.align 16 +.Lecb_dec_five: + xorps $inout5,$inout5 + call _aesni_decrypt6 + movups $inout0,($out) + movups $inout1,0x10($out) + movups $inout2,0x20($out) + movups $inout3,0x30($out) + movups $inout4,0x40($out) + jmp .Lecb_ret +.align 16 +.Lecb_dec_six: + call _aesni_decrypt6 + movups $inout0,($out) + movups $inout1,0x10($out) + movups $inout2,0x20($out) + movups $inout3,0x30($out) + movups $inout4,0x40($out) + movups $inout5,0x50($out) + +.Lecb_ret: + ret +.size aesni_ecb_encrypt,.-aesni_ecb_encrypt +___ + +{ +###################################################################### +# void aesni_ccm64_[en|de]crypt_blocks (const void *in, void *out, +# size_t blocks, const AES_KEY *key, +# const char *ivec,char *cmac); +# +# Handles only complete blocks, operates on 64-bit counter and +# does not update *ivec! Nor does it finalize CMAC value +# (see engine/eng_aesni.c for details) +# +{ +my $cmac="%r9"; # 6th argument + +my $increment="%xmm6"; +my $bswap_mask="%xmm7"; + +$code.=<<___; +.globl aesni_ccm64_encrypt_blocks +.type aesni_ccm64_encrypt_blocks,\@function,6 +.align 16 +aesni_ccm64_encrypt_blocks: +___ +$code.=<<___ if ($win64); + lea -0x58(%rsp),%rsp + movaps %xmm6,(%rsp) + movaps %xmm7,0x10(%rsp) + movaps %xmm8,0x20(%rsp) + movaps %xmm9,0x30(%rsp) +.Lccm64_enc_body: +___ +$code.=<<___; + mov 240($key),$rounds # key->rounds + movdqu ($ivp),$iv + movdqa .Lincrement64(%rip),$increment + movdqa .Lbswap_mask(%rip),$bswap_mask + + shr \$1,$rounds + lea 0($key),$key_ + movdqu ($cmac),$inout1 + movdqa $iv,$inout0 + mov $rounds,$rnds_ + pshufb $bswap_mask,$iv + jmp .Lccm64_enc_outer +.align 16 +.Lccm64_enc_outer: + $movkey ($key_),$rndkey0 + mov $rnds_,$rounds + movups ($inp),$in0 # load inp + + xorps $rndkey0,$inout0 # counter + $movkey 16($key_),$rndkey1 + xorps $in0,$rndkey0 + lea 32($key_),$key + xorps $rndkey0,$inout1 # cmac^=inp + $movkey ($key),$rndkey0 + +.Lccm64_enc2_loop: + aesenc $rndkey1,$inout0 + dec $rounds + aesenc $rndkey1,$inout1 + $movkey 16($key),$rndkey1 + aesenc $rndkey0,$inout0 + lea 32($key),$key + aesenc $rndkey0,$inout1 + $movkey 0($key),$rndkey0 + jnz .Lccm64_enc2_loop + aesenc $rndkey1,$inout0 + aesenc $rndkey1,$inout1 + paddq $increment,$iv + aesenclast $rndkey0,$inout0 + aesenclast $rndkey0,$inout1 + + dec $len + lea 16($inp),$inp + xorps $inout0,$in0 # inp ^= E(iv) + movdqa $iv,$inout0 + movups $in0,($out) # save output + lea 16($out),$out + pshufb $bswap_mask,$inout0 + jnz .Lccm64_enc_outer + + movups $inout1,($cmac) +___ +$code.=<<___ if ($win64); + movaps (%rsp),%xmm6 + movaps 0x10(%rsp),%xmm7 + movaps 0x20(%rsp),%xmm8 + movaps 0x30(%rsp),%xmm9 + lea 0x58(%rsp),%rsp +.Lccm64_enc_ret: +___ +$code.=<<___; + ret +.size aesni_ccm64_encrypt_blocks,.-aesni_ccm64_encrypt_blocks +___ +###################################################################### +$code.=<<___; +.globl aesni_ccm64_decrypt_blocks +.type aesni_ccm64_decrypt_blocks,\@function,6 +.align 16 +aesni_ccm64_decrypt_blocks: +___ +$code.=<<___ if ($win64); + lea -0x58(%rsp),%rsp + movaps %xmm6,(%rsp) + movaps %xmm7,0x10(%rsp) + movaps %xmm8,0x20(%rsp) + movaps %xmm9,0x30(%rsp) +.Lccm64_dec_body: +___ +$code.=<<___; + mov 240($key),$rounds # key->rounds + movups ($ivp),$iv + movdqu ($cmac),$inout1 + movdqa .Lincrement64(%rip),$increment + movdqa .Lbswap_mask(%rip),$bswap_mask + + movaps $iv,$inout0 + mov $rounds,$rnds_ + mov $key,$key_ + pshufb $bswap_mask,$iv +___ + &aesni_generate1("enc",$key,$rounds); +$code.=<<___; + movups ($inp),$in0 # load inp + paddq $increment,$iv + lea 16($inp),$inp + jmp .Lccm64_dec_outer +.align 16 +.Lccm64_dec_outer: + xorps $inout0,$in0 # inp ^= E(iv) + movdqa $iv,$inout0 + mov $rnds_,$rounds + movups $in0,($out) # save output + lea 16($out),$out + pshufb $bswap_mask,$inout0 + + sub \$1,$len + jz .Lccm64_dec_break + + $movkey ($key_),$rndkey0 + shr \$1,$rounds + $movkey 16($key_),$rndkey1 + xorps $rndkey0,$in0 + lea 32($key_),$key + xorps $rndkey0,$inout0 + xorps $in0,$inout1 # cmac^=out + $movkey ($key),$rndkey0 + +.Lccm64_dec2_loop: + aesenc $rndkey1,$inout0 + dec $rounds + aesenc $rndkey1,$inout1 + $movkey 16($key),$rndkey1 + aesenc $rndkey0,$inout0 + lea 32($key),$key + aesenc $rndkey0,$inout1 + $movkey 0($key),$rndkey0 + jnz .Lccm64_dec2_loop + movups ($inp),$in0 # load inp + paddq $increment,$iv + aesenc $rndkey1,$inout0 + aesenc $rndkey1,$inout1 + lea 16($inp),$inp + aesenclast $rndkey0,$inout0 + aesenclast $rndkey0,$inout1 + jmp .Lccm64_dec_outer + +.align 16 +.Lccm64_dec_break: + #xorps $in0,$inout1 # cmac^=out +___ + &aesni_generate1("enc",$key_,$rounds,$inout1,$in0); +$code.=<<___; + movups $inout1,($cmac) +___ +$code.=<<___ if ($win64); + movaps (%rsp),%xmm6 + movaps 0x10(%rsp),%xmm7 + movaps 0x20(%rsp),%xmm8 + movaps 0x30(%rsp),%xmm9 + lea 0x58(%rsp),%rsp +.Lccm64_dec_ret: +___ +$code.=<<___; + ret +.size aesni_ccm64_decrypt_blocks,.-aesni_ccm64_decrypt_blocks +___ +} +###################################################################### +# void aesni_ctr32_encrypt_blocks (const void *in, void *out, +# size_t blocks, const AES_KEY *key, +# const char *ivec); +# +# Handles only complete blocks, operates on 32-bit counter and +# does not update *ivec! (see engine/eng_aesni.c for details) +# +{ +my $reserved = $win64?0:-0x28; +my ($in0,$in1,$in2,$in3)=map("%xmm$_",(8..11)); +my ($iv0,$iv1,$ivec)=("%xmm12","%xmm13","%xmm14"); +my $bswap_mask="%xmm15"; + +$code.=<<___; +.globl aesni_ctr32_encrypt_blocks +.type aesni_ctr32_encrypt_blocks,\@function,5 +.align 16 +aesni_ctr32_encrypt_blocks: +___ +$code.=<<___ if ($win64); + lea -0xc8(%rsp),%rsp + movaps %xmm6,0x20(%rsp) + movaps %xmm7,0x30(%rsp) + movaps %xmm8,0x40(%rsp) + movaps %xmm9,0x50(%rsp) + movaps %xmm10,0x60(%rsp) + movaps %xmm11,0x70(%rsp) + movaps %xmm12,0x80(%rsp) + movaps %xmm13,0x90(%rsp) + movaps %xmm14,0xa0(%rsp) + movaps %xmm15,0xb0(%rsp) +.Lctr32_body: +___ +$code.=<<___; + cmp \$1,$len + je .Lctr32_one_shortcut + + movdqu ($ivp),$ivec + movdqa .Lbswap_mask(%rip),$bswap_mask + xor $rounds,$rounds + pextrd \$3,$ivec,$rnds_ # pull 32-bit counter + pinsrd \$3,$rounds,$ivec # wipe 32-bit counter + + mov 240($key),$rounds # key->rounds + bswap $rnds_ + pxor $iv0,$iv0 # vector of 3 32-bit counters + pxor $iv1,$iv1 # vector of 3 32-bit counters + pinsrd \$0,$rnds_,$iv0 + lea 3($rnds_),$key_ + pinsrd \$0,$key_,$iv1 + inc $rnds_ + pinsrd \$1,$rnds_,$iv0 + inc $key_ + pinsrd \$1,$key_,$iv1 + inc $rnds_ + pinsrd \$2,$rnds_,$iv0 + inc $key_ + pinsrd \$2,$key_,$iv1 + movdqa $iv0,$reserved(%rsp) + pshufb $bswap_mask,$iv0 + movdqa $iv1,`$reserved+0x10`(%rsp) + pshufb $bswap_mask,$iv1 + + pshufd \$`3<<6`,$iv0,$inout0 # place counter to upper dword + pshufd \$`2<<6`,$iv0,$inout1 + pshufd \$`1<<6`,$iv0,$inout2 + cmp \$6,$len + jb .Lctr32_tail + shr \$1,$rounds + mov $key,$key_ # backup $key + mov $rounds,$rnds_ # backup $rounds + sub \$6,$len + jmp .Lctr32_loop6 + +.align 16 +.Lctr32_loop6: + pshufd \$`3<<6`,$iv1,$inout3 + por $ivec,$inout0 # merge counter-less ivec + $movkey ($key_),$rndkey0 + pshufd \$`2<<6`,$iv1,$inout4 + por $ivec,$inout1 + $movkey 16($key_),$rndkey1 + pshufd \$`1<<6`,$iv1,$inout5 + por $ivec,$inout2 + por $ivec,$inout3 + xorps $rndkey0,$inout0 + por $ivec,$inout4 + por $ivec,$inout5 + + # inline _aesni_encrypt6 and interleave last rounds + # with own code... + + pxor $rndkey0,$inout1 + aesenc $rndkey1,$inout0 + lea 32($key_),$key + pxor $rndkey0,$inout2 + aesenc $rndkey1,$inout1 + movdqa .Lincrement32(%rip),$iv1 + pxor $rndkey0,$inout3 + aesenc $rndkey1,$inout2 + movdqa $reserved(%rsp),$iv0 + pxor $rndkey0,$inout4 + aesenc $rndkey1,$inout3 + pxor $rndkey0,$inout5 + $movkey ($key),$rndkey0 + dec $rounds + aesenc $rndkey1,$inout4 + aesenc $rndkey1,$inout5 + jmp .Lctr32_enc_loop6_enter +.align 16 +.Lctr32_enc_loop6: + aesenc $rndkey1,$inout0 + aesenc $rndkey1,$inout1 + dec $rounds + aesenc $rndkey1,$inout2 + aesenc $rndkey1,$inout3 + aesenc $rndkey1,$inout4 + aesenc $rndkey1,$inout5 +.Lctr32_enc_loop6_enter: + $movkey 16($key),$rndkey1 + aesenc $rndkey0,$inout0 + aesenc $rndkey0,$inout1 + lea 32($key),$key + aesenc $rndkey0,$inout2 + aesenc $rndkey0,$inout3 + aesenc $rndkey0,$inout4 + aesenc $rndkey0,$inout5 + $movkey ($key),$rndkey0 + jnz .Lctr32_enc_loop6 + + aesenc $rndkey1,$inout0 + paddd $iv1,$iv0 # increment counter vector + aesenc $rndkey1,$inout1 + paddd `$reserved+0x10`(%rsp),$iv1 + aesenc $rndkey1,$inout2 + movdqa $iv0,$reserved(%rsp) # save counter vector + aesenc $rndkey1,$inout3 + movdqa $iv1,`$reserved+0x10`(%rsp) + aesenc $rndkey1,$inout4 + pshufb $bswap_mask,$iv0 # byte swap + aesenc $rndkey1,$inout5 + pshufb $bswap_mask,$iv1 + + aesenclast $rndkey0,$inout0 + movups ($inp),$in0 # load input + aesenclast $rndkey0,$inout1 + movups 0x10($inp),$in1 + aesenclast $rndkey0,$inout2 + movups 0x20($inp),$in2 + aesenclast $rndkey0,$inout3 + movups 0x30($inp),$in3 + aesenclast $rndkey0,$inout4 + movups 0x40($inp),$rndkey1 + aesenclast $rndkey0,$inout5 + movups 0x50($inp),$rndkey0 + lea 0x60($inp),$inp + + xorps $inout0,$in0 # xor + pshufd \$`3<<6`,$iv0,$inout0 + xorps $inout1,$in1 + pshufd \$`2<<6`,$iv0,$inout1 + movups $in0,($out) # store output + xorps $inout2,$in2 + pshufd \$`1<<6`,$iv0,$inout2 + movups $in1,0x10($out) + xorps $inout3,$in3 + movups $in2,0x20($out) + xorps $inout4,$rndkey1 + movups $in3,0x30($out) + xorps $inout5,$rndkey0 + movups $rndkey1,0x40($out) + movups $rndkey0,0x50($out) + lea 0x60($out),$out + mov $rnds_,$rounds + sub \$6,$len + jnc .Lctr32_loop6 + + add \$6,$len + jz .Lctr32_done + mov $key_,$key # restore $key + lea 1($rounds,$rounds),$rounds # restore original value + +.Lctr32_tail: + por $ivec,$inout0 + movups ($inp),$in0 + cmp \$2,$len + jb .Lctr32_one + + por $ivec,$inout1 + movups 0x10($inp),$in1 + je .Lctr32_two + + pshufd \$`3<<6`,$iv1,$inout3 + por $ivec,$inout2 + movups 0x20($inp),$in2 + cmp \$4,$len + jb .Lctr32_three + + pshufd \$`2<<6`,$iv1,$inout4 + por $ivec,$inout3 + movups 0x30($inp),$in3 + je .Lctr32_four + + por $ivec,$inout4 + xorps $inout5,$inout5 + + call _aesni_encrypt6 + + movups 0x40($inp),$rndkey1 + xorps $inout0,$in0 + xorps $inout1,$in1 + movups $in0,($out) + xorps $inout2,$in2 + movups $in1,0x10($out) + xorps $inout3,$in3 + movups $in2,0x20($out) + xorps $inout4,$rndkey1 + movups $in3,0x30($out) + movups $rndkey1,0x40($out) + jmp .Lctr32_done + +.align 16 +.Lctr32_one_shortcut: + movups ($ivp),$inout0 + movups ($inp),$in0 + mov 240($key),$rounds # key->rounds +.Lctr32_one: +___ + &aesni_generate1("enc",$key,$rounds); +$code.=<<___; + xorps $inout0,$in0 + movups $in0,($out) + jmp .Lctr32_done + +.align 16 +.Lctr32_two: + xorps $inout2,$inout2 + call _aesni_encrypt3 + xorps $inout0,$in0 + xorps $inout1,$in1 + movups $in0,($out) + movups $in1,0x10($out) + jmp .Lctr32_done + +.align 16 +.Lctr32_three: + call _aesni_encrypt3 + xorps $inout0,$in0 + xorps $inout1,$in1 + movups $in0,($out) + xorps $inout2,$in2 + movups $in1,0x10($out) + movups $in2,0x20($out) + jmp .Lctr32_done + +.align 16 +.Lctr32_four: + call _aesni_encrypt4 + xorps $inout0,$in0 + xorps $inout1,$in1 + movups $in0,($out) + xorps $inout2,$in2 + movups $in1,0x10($out) + xorps $inout3,$in3 + movups $in2,0x20($out) + movups $in3,0x30($out) + +.Lctr32_done: +___ +$code.=<<___ if ($win64); + movaps 0x20(%rsp),%xmm6 + movaps 0x30(%rsp),%xmm7 + movaps 0x40(%rsp),%xmm8 + movaps 0x50(%rsp),%xmm9 + movaps 0x60(%rsp),%xmm10 + movaps 0x70(%rsp),%xmm11 + movaps 0x80(%rsp),%xmm12 + movaps 0x90(%rsp),%xmm13 + movaps 0xa0(%rsp),%xmm14 + movaps 0xb0(%rsp),%xmm15 + lea 0xc8(%rsp),%rsp +.Lctr32_ret: +___ +$code.=<<___; + ret +.size aesni_ctr32_encrypt_blocks,.-aesni_ctr32_encrypt_blocks +___ +} + +###################################################################### +# void aesni_xts_[en|de]crypt(const char *inp,char *out,size_t len, +# const AES_KEY *key1, const AES_KEY *key2 +# const unsigned char iv[16]); +# +{ +my @tweak=map("%xmm$_",(10..15)); +my ($twmask,$twres,$twtmp)=("%xmm8","%xmm9",@tweak[4]); +my ($key2,$ivp,$len_)=("%r8","%r9","%r9"); +my $frame_size = 0x68 + ($win64?160:0); + +$code.=<<___; +.globl aesni_xts_encrypt +.type aesni_xts_encrypt,\@function,6 +.align 16 +aesni_xts_encrypt: + lea -$frame_size(%rsp),%rsp +___ +$code.=<<___ if ($win64); + movaps %xmm6,0x60(%rsp) + movaps %xmm7,0x70(%rsp) + movaps %xmm8,0x80(%rsp) + movaps %xmm9,0x90(%rsp) + movaps %xmm10,0xa0(%rsp) + movaps %xmm11,0xb0(%rsp) + movaps %xmm12,0xc0(%rsp) + movaps %xmm13,0xd0(%rsp) + movaps %xmm14,0xe0(%rsp) + movaps %xmm15,0xf0(%rsp) +.Lxts_enc_body: +___ +$code.=<<___; + movups ($ivp),@tweak[5] # load clear-text tweak + mov 240(%r8),$rounds # key2->rounds + mov 240($key),$rnds_ # key1->rounds +___ + # generate the tweak + &aesni_generate1("enc",$key2,$rounds,@tweak[5]); +$code.=<<___; + mov $key,$key_ # backup $key + mov $rnds_,$rounds # backup $rounds + mov $len,$len_ # backup $len + and \$-16,$len + + movdqa .Lxts_magic(%rip),$twmask + pxor $twtmp,$twtmp + pcmpgtd @tweak[5],$twtmp # broadcast upper bits +___ + for ($i=0;$i<4;$i++) { + $code.=<<___; + pshufd \$0x13,$twtmp,$twres + pxor $twtmp,$twtmp + movdqa @tweak[5],@tweak[$i] + paddq @tweak[5],@tweak[5] # psllq 1,$tweak + pand $twmask,$twres # isolate carry and residue + pcmpgtd @tweak[5],$twtmp # broadcat upper bits + pxor $twres,@tweak[5] +___ + } +$code.=<<___; + sub \$16*6,$len + jc .Lxts_enc_short + + shr \$1,$rounds + sub \$1,$rounds + mov $rounds,$rnds_ + jmp .Lxts_enc_grandloop + +.align 16 +.Lxts_enc_grandloop: + pshufd \$0x13,$twtmp,$twres + movdqa @tweak[5],@tweak[4] + paddq @tweak[5],@tweak[5] # psllq 1,$tweak + movdqu `16*0`($inp),$inout0 # load input + pand $twmask,$twres # isolate carry and residue + movdqu `16*1`($inp),$inout1 + pxor $twres,@tweak[5] + + movdqu `16*2`($inp),$inout2 + pxor @tweak[0],$inout0 # input^=tweak + movdqu `16*3`($inp),$inout3 + pxor @tweak[1],$inout1 + movdqu `16*4`($inp),$inout4 + pxor @tweak[2],$inout2 + movdqu `16*5`($inp),$inout5 + lea `16*6`($inp),$inp + pxor @tweak[3],$inout3 + $movkey ($key_),$rndkey0 + pxor @tweak[4],$inout4 + pxor @tweak[5],$inout5 + + # inline _aesni_encrypt6 and interleave first and last rounds + # with own code... + $movkey 16($key_),$rndkey1 + pxor $rndkey0,$inout0 + pxor $rndkey0,$inout1 + movdqa @tweak[0],`16*0`(%rsp) # put aside tweaks + aesenc $rndkey1,$inout0 + lea 32($key_),$key + pxor $rndkey0,$inout2 + movdqa @tweak[1],`16*1`(%rsp) + aesenc $rndkey1,$inout1 + pxor $rndkey0,$inout3 + movdqa @tweak[2],`16*2`(%rsp) + aesenc $rndkey1,$inout2 + pxor $rndkey0,$inout4 + movdqa @tweak[3],`16*3`(%rsp) + aesenc $rndkey1,$inout3 + pxor $rndkey0,$inout5 + $movkey ($key),$rndkey0 + dec $rounds + movdqa @tweak[4],`16*4`(%rsp) + aesenc $rndkey1,$inout4 + movdqa @tweak[5],`16*5`(%rsp) + aesenc $rndkey1,$inout5 + pxor $twtmp,$twtmp + pcmpgtd @tweak[5],$twtmp + jmp .Lxts_enc_loop6_enter + +.align 16 +.Lxts_enc_loop6: + aesenc $rndkey1,$inout0 + aesenc $rndkey1,$inout1 + dec $rounds + aesenc $rndkey1,$inout2 + aesenc $rndkey1,$inout3 + aesenc $rndkey1,$inout4 + aesenc $rndkey1,$inout5 +.Lxts_enc_loop6_enter: + $movkey 16($key),$rndkey1 + aesenc $rndkey0,$inout0 + aesenc $rndkey0,$inout1 + lea 32($key),$key + aesenc $rndkey0,$inout2 + aesenc $rndkey0,$inout3 + aesenc $rndkey0,$inout4 + aesenc $rndkey0,$inout5 + $movkey ($key),$rndkey0 + jnz .Lxts_enc_loop6 + + pshufd \$0x13,$twtmp,$twres + pxor $twtmp,$twtmp + paddq @tweak[5],@tweak[5] # psllq 1,$tweak + aesenc $rndkey1,$inout0 + pand $twmask,$twres # isolate carry and residue + aesenc $rndkey1,$inout1 + pcmpgtd @tweak[5],$twtmp # broadcast upper bits + aesenc $rndkey1,$inout2 + pxor $twres,@tweak[5] + aesenc $rndkey1,$inout3 + aesenc $rndkey1,$inout4 + aesenc $rndkey1,$inout5 + $movkey 16($key),$rndkey1 + + pshufd \$0x13,$twtmp,$twres + pxor $twtmp,$twtmp + movdqa @tweak[5],@tweak[0] + paddq @tweak[5],@tweak[5] # psllq 1,$tweak + aesenc $rndkey0,$inout0 + pand $twmask,$twres # isolate carry and residue + aesenc $rndkey0,$inout1 + pcmpgtd @tweak[5],$twtmp # broadcat upper bits + aesenc $rndkey0,$inout2 + pxor $twres,@tweak[5] + aesenc $rndkey0,$inout3 + aesenc $rndkey0,$inout4 + aesenc $rndkey0,$inout5 + $movkey 32($key),$rndkey0 + + pshufd \$0x13,$twtmp,$twres + pxor $twtmp,$twtmp + movdqa @tweak[5],@tweak[1] + paddq @tweak[5],@tweak[5] # psllq 1,$tweak + aesenc $rndkey1,$inout0 + pand $twmask,$twres # isolate carry and residue + aesenc $rndkey1,$inout1 + pcmpgtd @tweak[5],$twtmp # broadcat upper bits + aesenc $rndkey1,$inout2 + pxor $twres,@tweak[5] + aesenc $rndkey1,$inout3 + aesenc $rndkey1,$inout4 + aesenc $rndkey1,$inout5 + + pshufd \$0x13,$twtmp,$twres + pxor $twtmp,$twtmp + movdqa @tweak[5],@tweak[2] + paddq @tweak[5],@tweak[5] # psllq 1,$tweak + aesenclast $rndkey0,$inout0 + pand $twmask,$twres # isolate carry and residue + aesenclast $rndkey0,$inout1 + pcmpgtd @tweak[5],$twtmp # broadcat upper bits + aesenclast $rndkey0,$inout2 + pxor $twres,@tweak[5] + aesenclast $rndkey0,$inout3 + aesenclast $rndkey0,$inout4 + aesenclast $rndkey0,$inout5 + + pshufd \$0x13,$twtmp,$twres + pxor $twtmp,$twtmp + movdqa @tweak[5],@tweak[3] + paddq @tweak[5],@tweak[5] # psllq 1,$tweak + xorps `16*0`(%rsp),$inout0 # output^=tweak + pand $twmask,$twres # isolate carry and residue + xorps `16*1`(%rsp),$inout1 + pcmpgtd @tweak[5],$twtmp # broadcat upper bits + pxor $twres,@tweak[5] + + xorps `16*2`(%rsp),$inout2 + movups $inout0,`16*0`($out) # write output + xorps `16*3`(%rsp),$inout3 + movups $inout1,`16*1`($out) + xorps `16*4`(%rsp),$inout4 + movups $inout2,`16*2`($out) + xorps `16*5`(%rsp),$inout5 + movups $inout3,`16*3`($out) + mov $rnds_,$rounds # restore $rounds + movups $inout4,`16*4`($out) + movups $inout5,`16*5`($out) + lea `16*6`($out),$out + sub \$16*6,$len + jnc .Lxts_enc_grandloop + + lea 3($rounds,$rounds),$rounds # restore original value + mov $key_,$key # restore $key + mov $rounds,$rnds_ # backup $rounds + +.Lxts_enc_short: + add \$16*6,$len + jz .Lxts_enc_done + + cmp \$0x20,$len + jb .Lxts_enc_one + je .Lxts_enc_two + + cmp \$0x40,$len + jb .Lxts_enc_three + je .Lxts_enc_four + + pshufd \$0x13,$twtmp,$twres + movdqa @tweak[5],@tweak[4] + paddq @tweak[5],@tweak[5] # psllq 1,$tweak + movdqu ($inp),$inout0 + pand $twmask,$twres # isolate carry and residue + movdqu 16*1($inp),$inout1 + pxor $twres,@tweak[5] + + movdqu 16*2($inp),$inout2 + pxor @tweak[0],$inout0 + movdqu 16*3($inp),$inout3 + pxor @tweak[1],$inout1 + movdqu 16*4($inp),$inout4 + lea 16*5($inp),$inp + pxor @tweak[2],$inout2 + pxor @tweak[3],$inout3 + pxor @tweak[4],$inout4 + + call _aesni_encrypt6 + + xorps @tweak[0],$inout0 + movdqa @tweak[5],@tweak[0] + xorps @tweak[1],$inout1 + xorps @tweak[2],$inout2 + movdqu $inout0,($out) + xorps @tweak[3],$inout3 + movdqu $inout1,16*1($out) + xorps @tweak[4],$inout4 + movdqu $inout2,16*2($out) + movdqu $inout3,16*3($out) + movdqu $inout4,16*4($out) + lea 16*5($out),$out + jmp .Lxts_enc_done + +.align 16 +.Lxts_enc_one: + movups ($inp),$inout0 + lea 16*1($inp),$inp + xorps @tweak[0],$inout0 +___ + &aesni_generate1("enc",$key,$rounds); +$code.=<<___; + xorps @tweak[0],$inout0 + movdqa @tweak[1],@tweak[0] + movups $inout0,($out) + lea 16*1($out),$out + jmp .Lxts_enc_done + +.align 16 +.Lxts_enc_two: + movups ($inp),$inout0 + movups 16($inp),$inout1 + lea 32($inp),$inp + xorps @tweak[0],$inout0 + xorps @tweak[1],$inout1 + + call _aesni_encrypt3 + + xorps @tweak[0],$inout0 + movdqa @tweak[2],@tweak[0] + xorps @tweak[1],$inout1 + movups $inout0,($out) + movups $inout1,16*1($out) + lea 16*2($out),$out + jmp .Lxts_enc_done + +.align 16 +.Lxts_enc_three: + movups ($inp),$inout0 + movups 16*1($inp),$inout1 + movups 16*2($inp),$inout2 + lea 16*3($inp),$inp + xorps @tweak[0],$inout0 + xorps @tweak[1],$inout1 + xorps @tweak[2],$inout2 + + call _aesni_encrypt3 + + xorps @tweak[0],$inout0 + movdqa @tweak[3],@tweak[0] + xorps @tweak[1],$inout1 + xorps @tweak[2],$inout2 + movups $inout0,($out) + movups $inout1,16*1($out) + movups $inout2,16*2($out) + lea 16*3($out),$out + jmp .Lxts_enc_done + +.align 16 +.Lxts_enc_four: + movups ($inp),$inout0 + movups 16*1($inp),$inout1 + movups 16*2($inp),$inout2 + xorps @tweak[0],$inout0 + movups 16*3($inp),$inout3 + lea 16*4($inp),$inp + xorps @tweak[1],$inout1 + xorps @tweak[2],$inout2 + xorps @tweak[3],$inout3 + + call _aesni_encrypt4 + + xorps @tweak[0],$inout0 + movdqa @tweak[5],@tweak[0] + xorps @tweak[1],$inout1 + xorps @tweak[2],$inout2 + movups $inout0,($out) + xorps @tweak[3],$inout3 + movups $inout1,16*1($out) + movups $inout2,16*2($out) + movups $inout3,16*3($out) + lea 16*4($out),$out + jmp .Lxts_enc_done + +.align 16 +.Lxts_enc_done: + and \$15,$len_ + jz .Lxts_enc_ret + mov $len_,$len + +.Lxts_enc_steal: + movzb ($inp),%eax # borrow $rounds ... + movzb -16($out),%ecx # ... and $key + lea 1($inp),$inp + mov %al,-16($out) + mov %cl,0($out) + lea 1($out),$out + sub \$1,$len + jnz .Lxts_enc_steal + + sub $len_,$out # rewind $out + mov $key_,$key # restore $key + mov $rnds_,$rounds # restore $rounds + + movups -16($out),$inout0 + xorps @tweak[0],$inout0 +___ + &aesni_generate1("enc",$key,$rounds); +$code.=<<___; + xorps @tweak[0],$inout0 + movups $inout0,-16($out) + +.Lxts_enc_ret: +___ +$code.=<<___ if ($win64); + movaps 0x60(%rsp),%xmm6 + movaps 0x70(%rsp),%xmm7 + movaps 0x80(%rsp),%xmm8 + movaps 0x90(%rsp),%xmm9 + movaps 0xa0(%rsp),%xmm10 + movaps 0xb0(%rsp),%xmm11 + movaps 0xc0(%rsp),%xmm12 + movaps 0xd0(%rsp),%xmm13 + movaps 0xe0(%rsp),%xmm14 + movaps 0xf0(%rsp),%xmm15 +___ +$code.=<<___; + lea $frame_size(%rsp),%rsp +.Lxts_enc_epilogue: + ret +.size aesni_xts_encrypt,.-aesni_xts_encrypt +___ + +$code.=<<___; +.globl aesni_xts_decrypt +.type aesni_xts_decrypt,\@function,6 +.align 16 +aesni_xts_decrypt: + lea -$frame_size(%rsp),%rsp +___ +$code.=<<___ if ($win64); + movaps %xmm6,0x60(%rsp) + movaps %xmm7,0x70(%rsp) + movaps %xmm8,0x80(%rsp) + movaps %xmm9,0x90(%rsp) + movaps %xmm10,0xa0(%rsp) + movaps %xmm11,0xb0(%rsp) + movaps %xmm12,0xc0(%rsp) + movaps %xmm13,0xd0(%rsp) + movaps %xmm14,0xe0(%rsp) + movaps %xmm15,0xf0(%rsp) +.Lxts_dec_body: +___ +$code.=<<___; + movups ($ivp),@tweak[5] # load clear-text tweak + mov 240($key2),$rounds # key2->rounds + mov 240($key),$rnds_ # key1->rounds +___ + # generate the tweak + &aesni_generate1("enc",$key2,$rounds,@tweak[5]); +$code.=<<___; + xor %eax,%eax # if ($len%16) len-=16; + test \$15,$len + setnz %al + shl \$4,%rax + sub %rax,$len + + mov $key,$key_ # backup $key + mov $rnds_,$rounds # backup $rounds + mov $len,$len_ # backup $len + and \$-16,$len + + movdqa .Lxts_magic(%rip),$twmask + pxor $twtmp,$twtmp + pcmpgtd @tweak[5],$twtmp # broadcast upper bits +___ + for ($i=0;$i<4;$i++) { + $code.=<<___; + pshufd \$0x13,$twtmp,$twres + pxor $twtmp,$twtmp + movdqa @tweak[5],@tweak[$i] + paddq @tweak[5],@tweak[5] # psllq 1,$tweak + pand $twmask,$twres # isolate carry and residue + pcmpgtd @tweak[5],$twtmp # broadcat upper bits + pxor $twres,@tweak[5] +___ + } +$code.=<<___; + sub \$16*6,$len + jc .Lxts_dec_short + + shr \$1,$rounds + sub \$1,$rounds + mov $rounds,$rnds_ + jmp .Lxts_dec_grandloop + +.align 16 +.Lxts_dec_grandloop: + pshufd \$0x13,$twtmp,$twres + movdqa @tweak[5],@tweak[4] + paddq @tweak[5],@tweak[5] # psllq 1,$tweak + movdqu `16*0`($inp),$inout0 # load input + pand $twmask,$twres # isolate carry and residue + movdqu `16*1`($inp),$inout1 + pxor $twres,@tweak[5] + + movdqu `16*2`($inp),$inout2 + pxor @tweak[0],$inout0 # input^=tweak + movdqu `16*3`($inp),$inout3 + pxor @tweak[1],$inout1 + movdqu `16*4`($inp),$inout4 + pxor @tweak[2],$inout2 + movdqu `16*5`($inp),$inout5 + lea `16*6`($inp),$inp + pxor @tweak[3],$inout3 + $movkey ($key_),$rndkey0 + pxor @tweak[4],$inout4 + pxor @tweak[5],$inout5 + + # inline _aesni_decrypt6 and interleave first and last rounds + # with own code... + $movkey 16($key_),$rndkey1 + pxor $rndkey0,$inout0 + pxor $rndkey0,$inout1 + movdqa @tweak[0],`16*0`(%rsp) # put aside tweaks + aesdec $rndkey1,$inout0 + lea 32($key_),$key + pxor $rndkey0,$inout2 + movdqa @tweak[1],`16*1`(%rsp) + aesdec $rndkey1,$inout1 + pxor $rndkey0,$inout3 + movdqa @tweak[2],`16*2`(%rsp) + aesdec $rndkey1,$inout2 + pxor $rndkey0,$inout4 + movdqa @tweak[3],`16*3`(%rsp) + aesdec $rndkey1,$inout3 + pxor $rndkey0,$inout5 + $movkey ($key),$rndkey0 + dec $rounds + movdqa @tweak[4],`16*4`(%rsp) + aesdec $rndkey1,$inout4 + movdqa @tweak[5],`16*5`(%rsp) + aesdec $rndkey1,$inout5 + pxor $twtmp,$twtmp + pcmpgtd @tweak[5],$twtmp + jmp .Lxts_dec_loop6_enter + +.align 16 +.Lxts_dec_loop6: + aesdec $rndkey1,$inout0 + aesdec $rndkey1,$inout1 + dec $rounds + aesdec $rndkey1,$inout2 + aesdec $rndkey1,$inout3 + aesdec $rndkey1,$inout4 + aesdec $rndkey1,$inout5 +.Lxts_dec_loop6_enter: + $movkey 16($key),$rndkey1 + aesdec $rndkey0,$inout0 + aesdec $rndkey0,$inout1 + lea 32($key),$key + aesdec $rndkey0,$inout2 + aesdec $rndkey0,$inout3 + aesdec $rndkey0,$inout4 + aesdec $rndkey0,$inout5 + $movkey ($key),$rndkey0 + jnz .Lxts_dec_loop6 + + pshufd \$0x13,$twtmp,$twres + pxor $twtmp,$twtmp + paddq @tweak[5],@tweak[5] # psllq 1,$tweak + aesdec $rndkey1,$inout0 + pand $twmask,$twres # isolate carry and residue + aesdec $rndkey1,$inout1 + pcmpgtd @tweak[5],$twtmp # broadcast upper bits + aesdec $rndkey1,$inout2 + pxor $twres,@tweak[5] + aesdec $rndkey1,$inout3 + aesdec $rndkey1,$inout4 + aesdec $rndkey1,$inout5 + $movkey 16($key),$rndkey1 + + pshufd \$0x13,$twtmp,$twres + pxor $twtmp,$twtmp + movdqa @tweak[5],@tweak[0] + paddq @tweak[5],@tweak[5] # psllq 1,$tweak + aesdec $rndkey0,$inout0 + pand $twmask,$twres # isolate carry and residue + aesdec $rndkey0,$inout1 + pcmpgtd @tweak[5],$twtmp # broadcat upper bits + aesdec $rndkey0,$inout2 + pxor $twres,@tweak[5] + aesdec $rndkey0,$inout3 + aesdec $rndkey0,$inout4 + aesdec $rndkey0,$inout5 + $movkey 32($key),$rndkey0 + + pshufd \$0x13,$twtmp,$twres + pxor $twtmp,$twtmp + movdqa @tweak[5],@tweak[1] + paddq @tweak[5],@tweak[5] # psllq 1,$tweak + aesdec $rndkey1,$inout0 + pand $twmask,$twres # isolate carry and residue + aesdec $rndkey1,$inout1 + pcmpgtd @tweak[5],$twtmp # broadcat upper bits + aesdec $rndkey1,$inout2 + pxor $twres,@tweak[5] + aesdec $rndkey1,$inout3 + aesdec $rndkey1,$inout4 + aesdec $rndkey1,$inout5 + + pshufd \$0x13,$twtmp,$twres + pxor $twtmp,$twtmp + movdqa @tweak[5],@tweak[2] + paddq @tweak[5],@tweak[5] # psllq 1,$tweak + aesdeclast $rndkey0,$inout0 + pand $twmask,$twres # isolate carry and residue + aesdeclast $rndkey0,$inout1 + pcmpgtd @tweak[5],$twtmp # broadcat upper bits + aesdeclast $rndkey0,$inout2 + pxor $twres,@tweak[5] + aesdeclast $rndkey0,$inout3 + aesdeclast $rndkey0,$inout4 + aesdeclast $rndkey0,$inout5 + + pshufd \$0x13,$twtmp,$twres + pxor $twtmp,$twtmp + movdqa @tweak[5],@tweak[3] + paddq @tweak[5],@tweak[5] # psllq 1,$tweak + xorps `16*0`(%rsp),$inout0 # output^=tweak + pand $twmask,$twres # isolate carry and residue + xorps `16*1`(%rsp),$inout1 + pcmpgtd @tweak[5],$twtmp # broadcat upper bits + pxor $twres,@tweak[5] + + xorps `16*2`(%rsp),$inout2 + movups $inout0,`16*0`($out) # write output + xorps `16*3`(%rsp),$inout3 + movups $inout1,`16*1`($out) + xorps `16*4`(%rsp),$inout4 + movups $inout2,`16*2`($out) + xorps `16*5`(%rsp),$inout5 + movups $inout3,`16*3`($out) + mov $rnds_,$rounds # restore $rounds + movups $inout4,`16*4`($out) + movups $inout5,`16*5`($out) + lea `16*6`($out),$out + sub \$16*6,$len + jnc .Lxts_dec_grandloop + + lea 3($rounds,$rounds),$rounds # restore original value + mov $key_,$key # restore $key + mov $rounds,$rnds_ # backup $rounds + +.Lxts_dec_short: + add \$16*6,$len + jz .Lxts_dec_done + + cmp \$0x20,$len + jb .Lxts_dec_one + je .Lxts_dec_two + + cmp \$0x40,$len + jb .Lxts_dec_three + je .Lxts_dec_four + + pshufd \$0x13,$twtmp,$twres + movdqa @tweak[5],@tweak[4] + paddq @tweak[5],@tweak[5] # psllq 1,$tweak + movdqu ($inp),$inout0 + pand $twmask,$twres # isolate carry and residue + movdqu 16*1($inp),$inout1 + pxor $twres,@tweak[5] + + movdqu 16*2($inp),$inout2 + pxor @tweak[0],$inout0 + movdqu 16*3($inp),$inout3 + pxor @tweak[1],$inout1 + movdqu 16*4($inp),$inout4 + lea 16*5($inp),$inp + pxor @tweak[2],$inout2 + pxor @tweak[3],$inout3 + pxor @tweak[4],$inout4 + + call _aesni_decrypt6 + + xorps @tweak[0],$inout0 + xorps @tweak[1],$inout1 + xorps @tweak[2],$inout2 + movdqu $inout0,($out) + xorps @tweak[3],$inout3 + movdqu $inout1,16*1($out) + xorps @tweak[4],$inout4 + movdqu $inout2,16*2($out) + pxor $twtmp,$twtmp + movdqu $inout3,16*3($out) + pcmpgtd @tweak[5],$twtmp + movdqu $inout4,16*4($out) + lea 16*5($out),$out + pshufd \$0x13,$twtmp,@tweak[1] # $twres + and \$15,$len_ + jz .Lxts_dec_ret + + movdqa @tweak[5],@tweak[0] + paddq @tweak[5],@tweak[5] # psllq 1,$tweak + pand $twmask,@tweak[1] # isolate carry and residue + pxor @tweak[5],@tweak[1] + jmp .Lxts_dec_done2 + +.align 16 +.Lxts_dec_one: + movups ($inp),$inout0 + lea 16*1($inp),$inp + xorps @tweak[0],$inout0 +___ + &aesni_generate1("dec",$key,$rounds); +$code.=<<___; + xorps @tweak[0],$inout0 + movdqa @tweak[1],@tweak[0] + movups $inout0,($out) + movdqa @tweak[2],@tweak[1] + lea 16*1($out),$out + jmp .Lxts_dec_done + +.align 16 +.Lxts_dec_two: + movups ($inp),$inout0 + movups 16($inp),$inout1 + lea 32($inp),$inp + xorps @tweak[0],$inout0 + xorps @tweak[1],$inout1 + + call _aesni_decrypt3 + + xorps @tweak[0],$inout0 + movdqa @tweak[2],@tweak[0] + xorps @tweak[1],$inout1 + movdqa @tweak[3],@tweak[1] + movups $inout0,($out) + movups $inout1,16*1($out) + lea 16*2($out),$out + jmp .Lxts_dec_done + +.align 16 +.Lxts_dec_three: + movups ($inp),$inout0 + movups 16*1($inp),$inout1 + movups 16*2($inp),$inout2 + lea 16*3($inp),$inp + xorps @tweak[0],$inout0 + xorps @tweak[1],$inout1 + xorps @tweak[2],$inout2 + + call _aesni_decrypt3 + + xorps @tweak[0],$inout0 + movdqa @tweak[3],@tweak[0] + xorps @tweak[1],$inout1 + movdqa @tweak[5],@tweak[1] + xorps @tweak[2],$inout2 + movups $inout0,($out) + movups $inout1,16*1($out) + movups $inout2,16*2($out) + lea 16*3($out),$out + jmp .Lxts_dec_done + +.align 16 +.Lxts_dec_four: + pshufd \$0x13,$twtmp,$twres + movdqa @tweak[5],@tweak[4] + paddq @tweak[5],@tweak[5] # psllq 1,$tweak + movups ($inp),$inout0 + pand $twmask,$twres # isolate carry and residue + movups 16*1($inp),$inout1 + pxor $twres,@tweak[5] + + movups 16*2($inp),$inout2 + xorps @tweak[0],$inout0 + movups 16*3($inp),$inout3 + lea 16*4($inp),$inp + xorps @tweak[1],$inout1 + xorps @tweak[2],$inout2 + xorps @tweak[3],$inout3 + + call _aesni_decrypt4 + + xorps @tweak[0],$inout0 + movdqa @tweak[4],@tweak[0] + xorps @tweak[1],$inout1 + movdqa @tweak[5],@tweak[1] + xorps @tweak[2],$inout2 + movups $inout0,($out) + xorps @tweak[3],$inout3 + movups $inout1,16*1($out) + movups $inout2,16*2($out) + movups $inout3,16*3($out) + lea 16*4($out),$out + jmp .Lxts_dec_done + +.align 16 +.Lxts_dec_done: + and \$15,$len_ + jz .Lxts_dec_ret +.Lxts_dec_done2: + mov $len_,$len + mov $key_,$key # restore $key + mov $rnds_,$rounds # restore $rounds + + movups ($inp),$inout0 + xorps @tweak[1],$inout0 +___ + &aesni_generate1("dec",$key,$rounds); +$code.=<<___; + xorps @tweak[1],$inout0 + movups $inout0,($out) + +.Lxts_dec_steal: + movzb 16($inp),%eax # borrow $rounds ... + movzb ($out),%ecx # ... and $key + lea 1($inp),$inp + mov %al,($out) + mov %cl,16($out) + lea 1($out),$out + sub \$1,$len + jnz .Lxts_dec_steal + + sub $len_,$out # rewind $out + mov $key_,$key # restore $key + mov $rnds_,$rounds # restore $rounds + + movups ($out),$inout0 + xorps @tweak[0],$inout0 +___ + &aesni_generate1("dec",$key,$rounds); +$code.=<<___; + xorps @tweak[0],$inout0 + movups $inout0,($out) + +.Lxts_dec_ret: +___ +$code.=<<___ if ($win64); + movaps 0x60(%rsp),%xmm6 + movaps 0x70(%rsp),%xmm7 + movaps 0x80(%rsp),%xmm8 + movaps 0x90(%rsp),%xmm9 + movaps 0xa0(%rsp),%xmm10 + movaps 0xb0(%rsp),%xmm11 + movaps 0xc0(%rsp),%xmm12 + movaps 0xd0(%rsp),%xmm13 + movaps 0xe0(%rsp),%xmm14 + movaps 0xf0(%rsp),%xmm15 +___ +$code.=<<___; + lea $frame_size(%rsp),%rsp +.Lxts_dec_epilogue: + ret +.size aesni_xts_decrypt,.-aesni_xts_decrypt +___ +} }} + +######################################################################## +# void $PREFIX_cbc_encrypt (const void *inp, void *out, +# size_t length, const AES_KEY *key, +# unsigned char *ivp,const int enc); +{ +my $reserved = $win64?0x40:-0x18; # used in decrypt +$code.=<<___; +.globl ${PREFIX}_cbc_encrypt +.type ${PREFIX}_cbc_encrypt,\@function,6 +.align 16 +${PREFIX}_cbc_encrypt: + test $len,$len # check length + jz .Lcbc_ret + + mov 240($key),$rnds_ # key->rounds + mov $key,$key_ # backup $key + test %r9d,%r9d # 6th argument + jz .Lcbc_decrypt +#--------------------------- CBC ENCRYPT ------------------------------# + movups ($ivp),$inout0 # load iv as initial state + mov $rnds_,$rounds + cmp \$16,$len + jb .Lcbc_enc_tail + sub \$16,$len + jmp .Lcbc_enc_loop +.align 16 +.Lcbc_enc_loop: + movups ($inp),$inout1 # load input + lea 16($inp),$inp + #xorps $inout1,$inout0 +___ + &aesni_generate1("enc",$key,$rounds,$inout0,$inout1); +$code.=<<___; + mov $rnds_,$rounds # restore $rounds + mov $key_,$key # restore $key + movups $inout0,0($out) # store output + lea 16($out),$out + sub \$16,$len + jnc .Lcbc_enc_loop + add \$16,$len + jnz .Lcbc_enc_tail + movups $inout0,($ivp) + jmp .Lcbc_ret + +.Lcbc_enc_tail: + mov $len,%rcx # zaps $key + xchg $inp,$out # $inp is %rsi and $out is %rdi now + .long 0x9066A4F3 # rep movsb + mov \$16,%ecx # zero tail + sub $len,%rcx + xor %eax,%eax + .long 0x9066AAF3 # rep stosb + lea -16(%rdi),%rdi # rewind $out by 1 block + mov $rnds_,$rounds # restore $rounds + mov %rdi,%rsi # $inp and $out are the same + mov $key_,$key # restore $key + xor $len,$len # len=16 + jmp .Lcbc_enc_loop # one more spin + #--------------------------- CBC DECRYPT ------------------------------# +.align 16 +.Lcbc_decrypt: +___ +$code.=<<___ if ($win64); + lea -0x58(%rsp),%rsp + movaps %xmm6,(%rsp) + movaps %xmm7,0x10(%rsp) + movaps %xmm8,0x20(%rsp) + movaps %xmm9,0x30(%rsp) +.Lcbc_decrypt_body: +___ +$code.=<<___; + movups ($ivp),$iv + mov $rnds_,$rounds + cmp \$0x70,$len + jbe .Lcbc_dec_tail + shr \$1,$rnds_ + sub \$0x70,$len + mov $rnds_,$rounds + movaps $iv,$reserved(%rsp) + jmp .Lcbc_dec_loop8_enter +.align 16 +.Lcbc_dec_loop8: + movaps $rndkey0,$reserved(%rsp) # save IV + movups $inout7,($out) + lea 0x10($out),$out +.Lcbc_dec_loop8_enter: + $movkey ($key),$rndkey0 + movups ($inp),$inout0 # load input + movups 0x10($inp),$inout1 + $movkey 16($key),$rndkey1 + + lea 32($key),$key + movdqu 0x20($inp),$inout2 + xorps $rndkey0,$inout0 + movdqu 0x30($inp),$inout3 + xorps $rndkey0,$inout1 + movdqu 0x40($inp),$inout4 + aesdec $rndkey1,$inout0 + pxor $rndkey0,$inout2 + movdqu 0x50($inp),$inout5 + aesdec $rndkey1,$inout1 + pxor $rndkey0,$inout3 + movdqu 0x60($inp),$inout6 + aesdec $rndkey1,$inout2 + pxor $rndkey0,$inout4 + movdqu 0x70($inp),$inout7 + aesdec $rndkey1,$inout3 + pxor $rndkey0,$inout5 + dec $rounds + aesdec $rndkey1,$inout4 + pxor $rndkey0,$inout6 + aesdec $rndkey1,$inout5 + pxor $rndkey0,$inout7 + $movkey ($key),$rndkey0 + aesdec $rndkey1,$inout6 + aesdec $rndkey1,$inout7 + $movkey 16($key),$rndkey1 + + call .Ldec_loop8_enter + + movups ($inp),$rndkey1 # re-load input + movups 0x10($inp),$rndkey0 + xorps $reserved(%rsp),$inout0 # ^= IV + xorps $rndkey1,$inout1 + movups 0x20($inp),$rndkey1 + xorps $rndkey0,$inout2 + movups 0x30($inp),$rndkey0 + xorps $rndkey1,$inout3 + movups 0x40($inp),$rndkey1 + xorps $rndkey0,$inout4 + movups 0x50($inp),$rndkey0 + xorps $rndkey1,$inout5 + movups 0x60($inp),$rndkey1 + xorps $rndkey0,$inout6 + movups 0x70($inp),$rndkey0 # IV + xorps $rndkey1,$inout7 + movups $inout0,($out) + movups $inout1,0x10($out) + movups $inout2,0x20($out) + movups $inout3,0x30($out) + mov $rnds_,$rounds # restore $rounds + movups $inout4,0x40($out) + mov $key_,$key # restore $key + movups $inout5,0x50($out) + lea 0x80($inp),$inp + movups $inout6,0x60($out) + lea 0x70($out),$out + sub \$0x80,$len + ja .Lcbc_dec_loop8 + + movaps $inout7,$inout0 + movaps $rndkey0,$iv + add \$0x70,$len + jle .Lcbc_dec_tail_collected + movups $inout0,($out) + lea 1($rnds_,$rnds_),$rounds + lea 0x10($out),$out +.Lcbc_dec_tail: + movups ($inp),$inout0 + movaps $inout0,$in0 + cmp \$0x10,$len + jbe .Lcbc_dec_one + + movups 0x10($inp),$inout1 + movaps $inout1,$in1 + cmp \$0x20,$len + jbe .Lcbc_dec_two + + movups 0x20($inp),$inout2 + movaps $inout2,$in2 + cmp \$0x30,$len + jbe .Lcbc_dec_three + + movups 0x30($inp),$inout3 + cmp \$0x40,$len + jbe .Lcbc_dec_four + + movups 0x40($inp),$inout4 + cmp \$0x50,$len + jbe .Lcbc_dec_five + + movups 0x50($inp),$inout5 + cmp \$0x60,$len + jbe .Lcbc_dec_six + + movups 0x60($inp),$inout6 + movaps $iv,$reserved(%rsp) # save IV + call _aesni_decrypt8 + movups ($inp),$rndkey1 + movups 0x10($inp),$rndkey0 + xorps $reserved(%rsp),$inout0 # ^= IV + xorps $rndkey1,$inout1 + movups 0x20($inp),$rndkey1 + xorps $rndkey0,$inout2 + movups 0x30($inp),$rndkey0 + xorps $rndkey1,$inout3 + movups 0x40($inp),$rndkey1 + xorps $rndkey0,$inout4 + movups 0x50($inp),$rndkey0 + xorps $rndkey1,$inout5 + movups 0x60($inp),$iv # IV + xorps $rndkey0,$inout6 + movups $inout0,($out) + movups $inout1,0x10($out) + movups $inout2,0x20($out) + movups $inout3,0x30($out) + movups $inout4,0x40($out) + movups $inout5,0x50($out) + lea 0x60($out),$out + movaps $inout6,$inout0 + sub \$0x70,$len + jmp .Lcbc_dec_tail_collected +.align 16 +.Lcbc_dec_one: +___ + &aesni_generate1("dec",$key,$rounds); +$code.=<<___; + xorps $iv,$inout0 + movaps $in0,$iv + sub \$0x10,$len + jmp .Lcbc_dec_tail_collected +.align 16 +.Lcbc_dec_two: + xorps $inout2,$inout2 + call _aesni_decrypt3 + xorps $iv,$inout0 + xorps $in0,$inout1 + movups $inout0,($out) + movaps $in1,$iv + movaps $inout1,$inout0 + lea 0x10($out),$out + sub \$0x20,$len + jmp .Lcbc_dec_tail_collected +.align 16 +.Lcbc_dec_three: + call _aesni_decrypt3 + xorps $iv,$inout0 + xorps $in0,$inout1 + movups $inout0,($out) + xorps $in1,$inout2 + movups $inout1,0x10($out) + movaps $in2,$iv + movaps $inout2,$inout0 + lea 0x20($out),$out + sub \$0x30,$len + jmp .Lcbc_dec_tail_collected +.align 16 +.Lcbc_dec_four: + call _aesni_decrypt4 + xorps $iv,$inout0 + movups 0x30($inp),$iv + xorps $in0,$inout1 + movups $inout0,($out) + xorps $in1,$inout2 + movups $inout1,0x10($out) + xorps $in2,$inout3 + movups $inout2,0x20($out) + movaps $inout3,$inout0 + lea 0x30($out),$out + sub \$0x40,$len + jmp .Lcbc_dec_tail_collected +.align 16 +.Lcbc_dec_five: + xorps $inout5,$inout5 + call _aesni_decrypt6 + movups 0x10($inp),$rndkey1 + movups 0x20($inp),$rndkey0 + xorps $iv,$inout0 + xorps $in0,$inout1 + xorps $rndkey1,$inout2 + movups 0x30($inp),$rndkey1 + xorps $rndkey0,$inout3 + movups 0x40($inp),$iv + xorps $rndkey1,$inout4 + movups $inout0,($out) + movups $inout1,0x10($out) + movups $inout2,0x20($out) + movups $inout3,0x30($out) + lea 0x40($out),$out + movaps $inout4,$inout0 + sub \$0x50,$len + jmp .Lcbc_dec_tail_collected +.align 16 +.Lcbc_dec_six: + call _aesni_decrypt6 + movups 0x10($inp),$rndkey1 + movups 0x20($inp),$rndkey0 + xorps $iv,$inout0 + xorps $in0,$inout1 + xorps $rndkey1,$inout2 + movups 0x30($inp),$rndkey1 + xorps $rndkey0,$inout3 + movups 0x40($inp),$rndkey0 + xorps $rndkey1,$inout4 + movups 0x50($inp),$iv + xorps $rndkey0,$inout5 + movups $inout0,($out) + movups $inout1,0x10($out) + movups $inout2,0x20($out) + movups $inout3,0x30($out) + movups $inout4,0x40($out) + lea 0x50($out),$out + movaps $inout5,$inout0 + sub \$0x60,$len + jmp .Lcbc_dec_tail_collected +.align 16 +.Lcbc_dec_tail_collected: + and \$15,$len + movups $iv,($ivp) + jnz .Lcbc_dec_tail_partial + movups $inout0,($out) + jmp .Lcbc_dec_ret +.align 16 +.Lcbc_dec_tail_partial: + movaps $inout0,$reserved(%rsp) + mov \$16,%rcx + mov $out,%rdi + sub $len,%rcx + lea $reserved(%rsp),%rsi + .long 0x9066A4F3 # rep movsb + +.Lcbc_dec_ret: +___ +$code.=<<___ if ($win64); + movaps (%rsp),%xmm6 + movaps 0x10(%rsp),%xmm7 + movaps 0x20(%rsp),%xmm8 + movaps 0x30(%rsp),%xmm9 + lea 0x58(%rsp),%rsp +___ +$code.=<<___; +.Lcbc_ret: + ret +.size ${PREFIX}_cbc_encrypt,.-${PREFIX}_cbc_encrypt +___ +} +# int $PREFIX_set_[en|de]crypt_key (const unsigned char *userKey, +# int bits, AES_KEY *key) +{ my ($inp,$bits,$key) = @_4args; + $bits =~ s/%r/%e/; + +$code.=<<___; +.globl ${PREFIX}_set_decrypt_key +.type ${PREFIX}_set_decrypt_key,\@abi-omnipotent +.align 16 +${PREFIX}_set_decrypt_key: + sub \$8,%rsp + call __aesni_set_encrypt_key + shl \$4,$bits # rounds-1 after _aesni_set_encrypt_key + test %eax,%eax + jnz .Ldec_key_ret + lea 16($key,$bits),$inp # points at the end of key schedule + + $movkey ($key),%xmm0 # just swap + $movkey ($inp),%xmm1 + $movkey %xmm0,($inp) + $movkey %xmm1,($key) + lea 16($key),$key + lea -16($inp),$inp + +.Ldec_key_inverse: + $movkey ($key),%xmm0 # swap and inverse + $movkey ($inp),%xmm1 + aesimc %xmm0,%xmm0 + aesimc %xmm1,%xmm1 + lea 16($key),$key + lea -16($inp),$inp + $movkey %xmm0,16($inp) + $movkey %xmm1,-16($key) + cmp $key,$inp + ja .Ldec_key_inverse + + $movkey ($key),%xmm0 # inverse middle + aesimc %xmm0,%xmm0 + $movkey %xmm0,($inp) +.Ldec_key_ret: + add \$8,%rsp + ret +.LSEH_end_set_decrypt_key: +.size ${PREFIX}_set_decrypt_key,.-${PREFIX}_set_decrypt_key +___ + +# This is based on submission by +# +# Huang Ying +# Vinodh Gopal +# Kahraman Akdemir +# +# Agressively optimized in respect to aeskeygenassist's critical path +# and is contained in %xmm0-5 to meet Win64 ABI requirement. +# +$code.=<<___; +.globl ${PREFIX}_set_encrypt_key +.type ${PREFIX}_set_encrypt_key,\@abi-omnipotent +.align 16 +${PREFIX}_set_encrypt_key: +__aesni_set_encrypt_key: + sub \$8,%rsp + mov \$-1,%rax + test $inp,$inp + jz .Lenc_key_ret + test $key,$key + jz .Lenc_key_ret + + movups ($inp),%xmm0 # pull first 128 bits of *userKey + xorps %xmm4,%xmm4 # low dword of xmm4 is assumed 0 + lea 16($key),%rax + cmp \$256,$bits + je .L14rounds + cmp \$192,$bits + je .L12rounds + cmp \$128,$bits + jne .Lbad_keybits + +.L10rounds: + mov \$9,$bits # 10 rounds for 128-bit key + $movkey %xmm0,($key) # round 0 + aeskeygenassist \$0x1,%xmm0,%xmm1 # round 1 + call .Lkey_expansion_128_cold + aeskeygenassist \$0x2,%xmm0,%xmm1 # round 2 + call .Lkey_expansion_128 + aeskeygenassist \$0x4,%xmm0,%xmm1 # round 3 + call .Lkey_expansion_128 + aeskeygenassist \$0x8,%xmm0,%xmm1 # round 4 + call .Lkey_expansion_128 + aeskeygenassist \$0x10,%xmm0,%xmm1 # round 5 + call .Lkey_expansion_128 + aeskeygenassist \$0x20,%xmm0,%xmm1 # round 6 + call .Lkey_expansion_128 + aeskeygenassist \$0x40,%xmm0,%xmm1 # round 7 + call .Lkey_expansion_128 + aeskeygenassist \$0x80,%xmm0,%xmm1 # round 8 + call .Lkey_expansion_128 + aeskeygenassist \$0x1b,%xmm0,%xmm1 # round 9 + call .Lkey_expansion_128 + aeskeygenassist \$0x36,%xmm0,%xmm1 # round 10 + call .Lkey_expansion_128 + $movkey %xmm0,(%rax) + mov $bits,80(%rax) # 240(%rdx) + xor %eax,%eax + jmp .Lenc_key_ret + +.align 16 +.L12rounds: + movq 16($inp),%xmm2 # remaining 1/3 of *userKey + mov \$11,$bits # 12 rounds for 192 + $movkey %xmm0,($key) # round 0 + aeskeygenassist \$0x1,%xmm2,%xmm1 # round 1,2 + call .Lkey_expansion_192a_cold + aeskeygenassist \$0x2,%xmm2,%xmm1 # round 2,3 + call .Lkey_expansion_192b + aeskeygenassist \$0x4,%xmm2,%xmm1 # round 4,5 + call .Lkey_expansion_192a + aeskeygenassist \$0x8,%xmm2,%xmm1 # round 5,6 + call .Lkey_expansion_192b + aeskeygenassist \$0x10,%xmm2,%xmm1 # round 7,8 + call .Lkey_expansion_192a + aeskeygenassist \$0x20,%xmm2,%xmm1 # round 8,9 + call .Lkey_expansion_192b + aeskeygenassist \$0x40,%xmm2,%xmm1 # round 10,11 + call .Lkey_expansion_192a + aeskeygenassist \$0x80,%xmm2,%xmm1 # round 11,12 + call .Lkey_expansion_192b + $movkey %xmm0,(%rax) + mov $bits,48(%rax) # 240(%rdx) + xor %rax, %rax + jmp .Lenc_key_ret + +.align 16 +.L14rounds: + movups 16($inp),%xmm2 # remaning half of *userKey + mov \$13,$bits # 14 rounds for 256 + lea 16(%rax),%rax + $movkey %xmm0,($key) # round 0 + $movkey %xmm2,16($key) # round 1 + aeskeygenassist \$0x1,%xmm2,%xmm1 # round 2 + call .Lkey_expansion_256a_cold + aeskeygenassist \$0x1,%xmm0,%xmm1 # round 3 + call .Lkey_expansion_256b + aeskeygenassist \$0x2,%xmm2,%xmm1 # round 4 + call .Lkey_expansion_256a + aeskeygenassist \$0x2,%xmm0,%xmm1 # round 5 + call .Lkey_expansion_256b + aeskeygenassist \$0x4,%xmm2,%xmm1 # round 6 + call .Lkey_expansion_256a + aeskeygenassist \$0x4,%xmm0,%xmm1 # round 7 + call .Lkey_expansion_256b + aeskeygenassist \$0x8,%xmm2,%xmm1 # round 8 + call .Lkey_expansion_256a + aeskeygenassist \$0x8,%xmm0,%xmm1 # round 9 + call .Lkey_expansion_256b + aeskeygenassist \$0x10,%xmm2,%xmm1 # round 10 + call .Lkey_expansion_256a + aeskeygenassist \$0x10,%xmm0,%xmm1 # round 11 + call .Lkey_expansion_256b + aeskeygenassist \$0x20,%xmm2,%xmm1 # round 12 + call .Lkey_expansion_256a + aeskeygenassist \$0x20,%xmm0,%xmm1 # round 13 + call .Lkey_expansion_256b + aeskeygenassist \$0x40,%xmm2,%xmm1 # round 14 + call .Lkey_expansion_256a + $movkey %xmm0,(%rax) + mov $bits,16(%rax) # 240(%rdx) + xor %rax,%rax + jmp .Lenc_key_ret + +.align 16 +.Lbad_keybits: + mov \$-2,%rax +.Lenc_key_ret: + add \$8,%rsp + ret +.LSEH_end_set_encrypt_key: + +.align 16 +.Lkey_expansion_128: + $movkey %xmm0,(%rax) + lea 16(%rax),%rax +.Lkey_expansion_128_cold: + shufps \$0b00010000,%xmm0,%xmm4 + xorps %xmm4, %xmm0 + shufps \$0b10001100,%xmm0,%xmm4 + xorps %xmm4, %xmm0 + shufps \$0b11111111,%xmm1,%xmm1 # critical path + xorps %xmm1,%xmm0 + ret + +.align 16 +.Lkey_expansion_192a: + $movkey %xmm0,(%rax) + lea 16(%rax),%rax +.Lkey_expansion_192a_cold: + movaps %xmm2, %xmm5 +.Lkey_expansion_192b_warm: + shufps \$0b00010000,%xmm0,%xmm4 + movdqa %xmm2,%xmm3 + xorps %xmm4,%xmm0 + shufps \$0b10001100,%xmm0,%xmm4 + pslldq \$4,%xmm3 + xorps %xmm4,%xmm0 + pshufd \$0b01010101,%xmm1,%xmm1 # critical path + pxor %xmm3,%xmm2 + pxor %xmm1,%xmm0 + pshufd \$0b11111111,%xmm0,%xmm3 + pxor %xmm3,%xmm2 + ret + +.align 16 +.Lkey_expansion_192b: + movaps %xmm0,%xmm3 + shufps \$0b01000100,%xmm0,%xmm5 + $movkey %xmm5,(%rax) + shufps \$0b01001110,%xmm2,%xmm3 + $movkey %xmm3,16(%rax) + lea 32(%rax),%rax + jmp .Lkey_expansion_192b_warm + +.align 16 +.Lkey_expansion_256a: + $movkey %xmm2,(%rax) + lea 16(%rax),%rax +.Lkey_expansion_256a_cold: + shufps \$0b00010000,%xmm0,%xmm4 + xorps %xmm4,%xmm0 + shufps \$0b10001100,%xmm0,%xmm4 + xorps %xmm4,%xmm0 + shufps \$0b11111111,%xmm1,%xmm1 # critical path + xorps %xmm1,%xmm0 + ret + +.align 16 +.Lkey_expansion_256b: + $movkey %xmm0,(%rax) + lea 16(%rax),%rax + + shufps \$0b00010000,%xmm2,%xmm4 + xorps %xmm4,%xmm2 + shufps \$0b10001100,%xmm2,%xmm4 + xorps %xmm4,%xmm2 + shufps \$0b10101010,%xmm1,%xmm1 # critical path + xorps %xmm1,%xmm2 + ret +.size ${PREFIX}_set_encrypt_key,.-${PREFIX}_set_encrypt_key +.size __aesni_set_encrypt_key,.-__aesni_set_encrypt_key +___ +} + +$code.=<<___; +.align 64 +.Lbswap_mask: + .byte 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0 +.Lincrement32: + .long 6,6,6,0 +.Lincrement64: + .long 1,0,0,0 +.Lxts_magic: + .long 0x87,0,1,0 + +.asciz "AES for Intel AES-NI, CRYPTOGAMS by " +.align 64 +___ + +# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, +# CONTEXT *context,DISPATCHER_CONTEXT *disp) +if ($win64) { +$rec="%rcx"; +$frame="%rdx"; +$context="%r8"; +$disp="%r9"; + +$code.=<<___; +.extern __imp_RtlVirtualUnwind +___ +$code.=<<___ if ($PREFIX eq "aesni"); +.type ecb_se_handler,\@abi-omnipotent +.align 16 +ecb_se_handler: + push %rsi + push %rdi + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + pushfq + sub \$64,%rsp + + mov 152($context),%rax # pull context->Rsp + + jmp .Lcommon_seh_tail +.size ecb_se_handler,.-ecb_se_handler + +.type ccm64_se_handler,\@abi-omnipotent +.align 16 +ccm64_se_handler: + push %rsi + push %rdi + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + pushfq + sub \$64,%rsp + + mov 120($context),%rax # pull context->Rax + mov 248($context),%rbx # pull context->Rip + + mov 8($disp),%rsi # disp->ImageBase + mov 56($disp),%r11 # disp->HandlerData + + mov 0(%r11),%r10d # HandlerData[0] + lea (%rsi,%r10),%r10 # prologue label + cmp %r10,%rbx # context->RipRsp + + mov 4(%r11),%r10d # HandlerData[1] + lea (%rsi,%r10),%r10 # epilogue label + cmp %r10,%rbx # context->Rip>=epilogue label + jae .Lcommon_seh_tail + + lea 0(%rax),%rsi # %xmm save area + lea 512($context),%rdi # &context.Xmm6 + mov \$8,%ecx # 4*sizeof(%xmm0)/sizeof(%rax) + .long 0xa548f3fc # cld; rep movsq + lea 0x58(%rax),%rax # adjust stack pointer + + jmp .Lcommon_seh_tail +.size ccm64_se_handler,.-ccm64_se_handler + +.type ctr32_se_handler,\@abi-omnipotent +.align 16 +ctr32_se_handler: + push %rsi + push %rdi + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + pushfq + sub \$64,%rsp + + mov 120($context),%rax # pull context->Rax + mov 248($context),%rbx # pull context->Rip + + lea .Lctr32_body(%rip),%r10 + cmp %r10,%rbx # context->Rip<"prologue" label + jb .Lcommon_seh_tail + + mov 152($context),%rax # pull context->Rsp + + lea .Lctr32_ret(%rip),%r10 + cmp %r10,%rbx + jae .Lcommon_seh_tail + + lea 0x20(%rax),%rsi # %xmm save area + lea 512($context),%rdi # &context.Xmm6 + mov \$20,%ecx # 10*sizeof(%xmm0)/sizeof(%rax) + .long 0xa548f3fc # cld; rep movsq + lea 0xc8(%rax),%rax # adjust stack pointer + + jmp .Lcommon_seh_tail +.size ctr32_se_handler,.-ctr32_se_handler + +.type xts_se_handler,\@abi-omnipotent +.align 16 +xts_se_handler: + push %rsi + push %rdi + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + pushfq + sub \$64,%rsp + + mov 120($context),%rax # pull context->Rax + mov 248($context),%rbx # pull context->Rip + + mov 8($disp),%rsi # disp->ImageBase + mov 56($disp),%r11 # disp->HandlerData + + mov 0(%r11),%r10d # HandlerData[0] + lea (%rsi,%r10),%r10 # prologue lable + cmp %r10,%rbx # context->RipRsp + + mov 4(%r11),%r10d # HandlerData[1] + lea (%rsi,%r10),%r10 # epilogue label + cmp %r10,%rbx # context->Rip>=epilogue label + jae .Lcommon_seh_tail + + lea 0x60(%rax),%rsi # %xmm save area + lea 512($context),%rdi # & context.Xmm6 + mov \$20,%ecx # 10*sizeof(%xmm0)/sizeof(%rax) + .long 0xa548f3fc # cld; rep movsq + lea 0x68+160(%rax),%rax # adjust stack pointer + + jmp .Lcommon_seh_tail +.size xts_se_handler,.-xts_se_handler +___ +$code.=<<___; +.type cbc_se_handler,\@abi-omnipotent +.align 16 +cbc_se_handler: + push %rsi + push %rdi + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + pushfq + sub \$64,%rsp + + mov 152($context),%rax # pull context->Rsp + mov 248($context),%rbx # pull context->Rip + + lea .Lcbc_decrypt(%rip),%r10 + cmp %r10,%rbx # context->Rip<"prologue" label + jb .Lcommon_seh_tail + + lea .Lcbc_decrypt_body(%rip),%r10 + cmp %r10,%rbx # context->RipRip>="epilogue" label + jae .Lcommon_seh_tail + + lea 0(%rax),%rsi # top of stack + lea 512($context),%rdi # &context.Xmm6 + mov \$8,%ecx # 4*sizeof(%xmm0)/sizeof(%rax) + .long 0xa548f3fc # cld; rep movsq + lea 0x58(%rax),%rax # adjust stack pointer + jmp .Lcommon_seh_tail + +.Lrestore_cbc_rax: + mov 120($context),%rax + +.Lcommon_seh_tail: + mov 8(%rax),%rdi + mov 16(%rax),%rsi + mov %rax,152($context) # restore context->Rsp + mov %rsi,168($context) # restore context->Rsi + mov %rdi,176($context) # restore context->Rdi + + mov 40($disp),%rdi # disp->ContextRecord + mov $context,%rsi # context + mov \$154,%ecx # sizeof(CONTEXT) + .long 0xa548f3fc # cld; rep movsq + + mov $disp,%rsi + xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER + mov 8(%rsi),%rdx # arg2, disp->ImageBase + mov 0(%rsi),%r8 # arg3, disp->ControlPc + mov 16(%rsi),%r9 # arg4, disp->FunctionEntry + mov 40(%rsi),%r10 # disp->ContextRecord + lea 56(%rsi),%r11 # &disp->HandlerData + lea 24(%rsi),%r12 # &disp->EstablisherFrame + mov %r10,32(%rsp) # arg5 + mov %r11,40(%rsp) # arg6 + mov %r12,48(%rsp) # arg7 + mov %rcx,56(%rsp) # arg8, (NULL) + call *__imp_RtlVirtualUnwind(%rip) + + mov \$1,%eax # ExceptionContinueSearch + add \$64,%rsp + popfq + pop %r15 + pop %r14 + pop %r13 + pop %r12 + pop %rbp + pop %rbx + pop %rdi + pop %rsi + ret +.size cbc_se_handler,.-cbc_se_handler + +.section .pdata +.align 4 +___ +$code.=<<___ if ($PREFIX eq "aesni"); + .rva .LSEH_begin_aesni_ecb_encrypt + .rva .LSEH_end_aesni_ecb_encrypt + .rva .LSEH_info_ecb + + .rva .LSEH_begin_aesni_ccm64_encrypt_blocks + .rva .LSEH_end_aesni_ccm64_encrypt_blocks + .rva .LSEH_info_ccm64_enc + + .rva .LSEH_begin_aesni_ccm64_decrypt_blocks + .rva .LSEH_end_aesni_ccm64_decrypt_blocks + .rva .LSEH_info_ccm64_dec + + .rva .LSEH_begin_aesni_ctr32_encrypt_blocks + .rva .LSEH_end_aesni_ctr32_encrypt_blocks + .rva .LSEH_info_ctr32 + + .rva .LSEH_begin_aesni_xts_encrypt + .rva .LSEH_end_aesni_xts_encrypt + .rva .LSEH_info_xts_enc + + .rva .LSEH_begin_aesni_xts_decrypt + .rva .LSEH_end_aesni_xts_decrypt + .rva .LSEH_info_xts_dec +___ +$code.=<<___; + .rva .LSEH_begin_${PREFIX}_cbc_encrypt + .rva .LSEH_end_${PREFIX}_cbc_encrypt + .rva .LSEH_info_cbc + + .rva ${PREFIX}_set_decrypt_key + .rva .LSEH_end_set_decrypt_key + .rva .LSEH_info_key + + .rva ${PREFIX}_set_encrypt_key + .rva .LSEH_end_set_encrypt_key + .rva .LSEH_info_key +.section .xdata +.align 8 +___ +$code.=<<___ if ($PREFIX eq "aesni"); +.LSEH_info_ecb: + .byte 9,0,0,0 + .rva ecb_se_handler +.LSEH_info_ccm64_enc: + .byte 9,0,0,0 + .rva ccm64_se_handler + .rva .Lccm64_enc_body,.Lccm64_enc_ret # HandlerData[] +.LSEH_info_ccm64_dec: + .byte 9,0,0,0 + .rva ccm64_se_handler + .rva .Lccm64_dec_body,.Lccm64_dec_ret # HandlerData[] +.LSEH_info_ctr32: + .byte 9,0,0,0 + .rva ctr32_se_handler +.LSEH_info_xts_enc: + .byte 9,0,0,0 + .rva xts_se_handler + .rva .Lxts_enc_body,.Lxts_enc_epilogue # HandlerData[] +.LSEH_info_xts_dec: + .byte 9,0,0,0 + .rva xts_se_handler + .rva .Lxts_dec_body,.Lxts_dec_epilogue # HandlerData[] +___ +$code.=<<___; +.LSEH_info_cbc: + .byte 9,0,0,0 + .rva cbc_se_handler +.LSEH_info_key: + .byte 0x01,0x04,0x01,0x00 + .byte 0x04,0x02,0x00,0x00 # sub rsp,8 +___ +} + +sub rex { + local *opcode=shift; + my ($dst,$src)=@_; + my $rex=0; + + $rex|=0x04 if($dst>=8); + $rex|=0x01 if($src>=8); + push @opcode,$rex|0x40 if($rex); +} + +$code =~ s/\`([^\`]*)\`/eval($1)/gem; + +print $code; + +close STDOUT; diff --git a/src/lib/libcrypto/aes/asm/bsaes-x86_64.pl b/src/lib/libcrypto/aes/asm/bsaes-x86_64.pl new file mode 100644 index 00000000000..41b90f08443 --- /dev/null +++ b/src/lib/libcrypto/aes/asm/bsaes-x86_64.pl @@ -0,0 +1,3108 @@ +#!/usr/bin/env perl + +################################################################### +### AES-128 [originally in CTR mode] ### +### bitsliced implementation for Intel Core 2 processors ### +### requires support of SSE extensions up to SSSE3 ### +### Author: Emilia Käsper and Peter Schwabe ### +### Date: 2009-03-19 ### +### Public domain ### +### ### +### See http://homes.esat.kuleuven.be/~ekasper/#software for ### +### further information. ### +################################################################### +# +# September 2011. +# +# Started as transliteration to "perlasm" the original code has +# undergone following changes: +# +# - code was made position-independent; +# - rounds were folded into a loop resulting in >5x size reduction +# from 12.5KB to 2.2KB; +# - above was possibile thanks to mixcolumns() modification that +# allowed to feed its output back to aesenc[last], this was +# achieved at cost of two additional inter-registers moves; +# - some instruction reordering and interleaving; +# - this module doesn't implement key setup subroutine, instead it +# relies on conversion of "conventional" key schedule as returned +# by AES_set_encrypt_key (see discussion below); +# - first and last round keys are treated differently, which allowed +# to skip one shiftrows(), reduce bit-sliced key schedule and +# speed-up conversion by 22%; +# - support for 192- and 256-bit keys was added; +# +# Resulting performance in CPU cycles spent to encrypt one byte out +# of 4096-byte buffer with 128-bit key is: +# +# Emilia's this(*) difference +# +# Core 2 9.30 8.69 +7% +# Nehalem(**) 7.63 6.98 +9% +# Atom 17.1 17.4 -2%(***) +# +# (*) Comparison is not completely fair, because "this" is ECB, +# i.e. no extra processing such as counter values calculation +# and xor-ing input as in Emilia's CTR implementation is +# performed. However, the CTR calculations stand for not more +# than 1% of total time, so comparison is *rather* fair. +# +# (**) Results were collected on Westmere, which is considered to +# be equivalent to Nehalem for this code. +# +# (***) Slowdown on Atom is rather strange per se, because original +# implementation has a number of 9+-bytes instructions, which +# are bad for Atom front-end, and which I eliminated completely. +# In attempt to address deterioration sbox() was tested in FP +# SIMD "domain" (movaps instead of movdqa, xorps instead of +# pxor, etc.). While it resulted in nominal 4% improvement on +# Atom, it hurted Westmere by more than 2x factor. +# +# As for key schedule conversion subroutine. Interface to OpenSSL +# relies on per-invocation on-the-fly conversion. This naturally +# has impact on performance, especially for short inputs. Conversion +# time in CPU cycles and its ratio to CPU cycles spent in 8x block +# function is: +# +# conversion conversion/8x block +# Core 2 240 0.22 +# Nehalem 180 0.20 +# Atom 430 0.19 +# +# The ratio values mean that 128-byte blocks will be processed +# 16-18% slower, 256-byte blocks - 9-10%, 384-byte blocks - 6-7%, +# etc. Then keep in mind that input sizes not divisible by 128 are +# *effectively* slower, especially shortest ones, e.g. consecutive +# 144-byte blocks are processed 44% slower than one would expect, +# 272 - 29%, 400 - 22%, etc. Yet, despite all these "shortcomings" +# it's still faster than ["hyper-threading-safe" code path in] +# aes-x86_64.pl on all lengths above 64 bytes... +# +# October 2011. +# +# Add decryption procedure. Performance in CPU cycles spent to decrypt +# one byte out of 4096-byte buffer with 128-bit key is: +# +# Core 2 9.83 +# Nehalem 7.74 +# Atom 19.0 +# +# November 2011. +# +# Add bsaes_xts_[en|de]crypt. Less-than-80-bytes-block performance is +# suboptimal, but XTS is meant to be used with larger blocks... +# +# + +$flavour = shift; +$output = shift; +if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } + +$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or +die "can't locate x86_64-xlate.pl"; + +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; + +my ($inp,$out,$len,$key,$ivp)=("%rdi","%rsi","%rdx","%rcx"); +my @XMM=map("%xmm$_",(15,0..14)); # best on Atom, +10% over (0..15) +my $ecb=0; # suppress unreferenced ECB subroutines, spare some space... + +{ +my ($key,$rounds,$const)=("%rax","%r10d","%r11"); + +sub Sbox { +# input in lsb > [b0, b1, b2, b3, b4, b5, b6, b7] < msb +# output in lsb > [b0, b1, b4, b6, b3, b7, b2, b5] < msb +my @b=@_[0..7]; +my @t=@_[8..11]; +my @s=@_[12..15]; + &InBasisChange (@b); + &Inv_GF256 (@b[6,5,0,3,7,1,4,2],@t,@s); + &OutBasisChange (@b[7,1,4,2,6,5,0,3]); +} + +sub InBasisChange { +# input in lsb > [b0, b1, b2, b3, b4, b5, b6, b7] < msb +# output in lsb > [b6, b5, b0, b3, b7, b1, b4, b2] < msb +my @b=@_[0..7]; +$code.=<<___; + pxor @b[6], @b[5] + pxor @b[1], @b[2] + pxor @b[0], @b[3] + pxor @b[2], @b[6] + pxor @b[0], @b[5] + + pxor @b[3], @b[6] + pxor @b[7], @b[3] + pxor @b[5], @b[7] + pxor @b[4], @b[3] + pxor @b[5], @b[4] + pxor @b[1], @b[3] + + pxor @b[7], @b[2] + pxor @b[5], @b[1] +___ +} + +sub OutBasisChange { +# input in lsb > [b0, b1, b2, b3, b4, b5, b6, b7] < msb +# output in lsb > [b6, b1, b2, b4, b7, b0, b3, b5] < msb +my @b=@_[0..7]; +$code.=<<___; + pxor @b[6], @b[0] + pxor @b[4], @b[1] + pxor @b[0], @b[2] + pxor @b[6], @b[4] + pxor @b[1], @b[6] + + pxor @b[5], @b[1] + pxor @b[3], @b[5] + pxor @b[7], @b[3] + pxor @b[5], @b[7] + pxor @b[5], @b[2] + + pxor @b[7], @b[4] +___ +} + +sub InvSbox { +# input in lsb > [b0, b1, b2, b3, b4, b5, b6, b7] < msb +# output in lsb > [b0, b1, b6, b4, b2, b7, b3, b5] < msb +my @b=@_[0..7]; +my @t=@_[8..11]; +my @s=@_[12..15]; + &InvInBasisChange (@b); + &Inv_GF256 (@b[5,1,2,6,3,7,0,4],@t,@s); + &InvOutBasisChange (@b[3,7,0,4,5,1,2,6]); +} + +sub InvInBasisChange { # OutBasisChange in reverse +my @b=@_[5,1,2,6,3,7,0,4]; +$code.=<<___ + pxor @b[7], @b[4] + + pxor @b[5], @b[7] + pxor @b[5], @b[2] + pxor @b[7], @b[3] + pxor @b[3], @b[5] + pxor @b[5], @b[1] + + pxor @b[1], @b[6] + pxor @b[0], @b[2] + pxor @b[6], @b[4] + pxor @b[6], @b[0] + pxor @b[4], @b[1] +___ +} + +sub InvOutBasisChange { # InBasisChange in reverse +my @b=@_[2,5,7,3,6,1,0,4]; +$code.=<<___; + pxor @b[5], @b[1] + pxor @b[7], @b[2] + + pxor @b[1], @b[3] + pxor @b[5], @b[4] + pxor @b[5], @b[7] + pxor @b[4], @b[3] + pxor @b[0], @b[5] + pxor @b[7], @b[3] + pxor @b[2], @b[6] + pxor @b[1], @b[2] + pxor @b[3], @b[6] + + pxor @b[0], @b[3] + pxor @b[6], @b[5] +___ +} + +sub Mul_GF4 { +#;************************************************************* +#;* Mul_GF4: Input x0-x1,y0-y1 Output x0-x1 Temp t0 (8) * +#;************************************************************* +my ($x0,$x1,$y0,$y1,$t0)=@_; +$code.=<<___; + movdqa $y0, $t0 + pxor $y1, $t0 + pand $x0, $t0 + pxor $x1, $x0 + pand $y0, $x1 + pand $y1, $x0 + pxor $x1, $x0 + pxor $t0, $x1 +___ +} + +sub Mul_GF4_N { # not used, see next subroutine +# multiply and scale by N +my ($x0,$x1,$y0,$y1,$t0)=@_; +$code.=<<___; + movdqa $y0, $t0 + pxor $y1, $t0 + pand $x0, $t0 + pxor $x1, $x0 + pand $y0, $x1 + pand $y1, $x0 + pxor $x0, $x1 + pxor $t0, $x0 +___ +} + +sub Mul_GF4_N_GF4 { +# interleaved Mul_GF4_N and Mul_GF4 +my ($x0,$x1,$y0,$y1,$t0, + $x2,$x3,$y2,$y3,$t1)=@_; +$code.=<<___; + movdqa $y0, $t0 + movdqa $y2, $t1 + pxor $y1, $t0 + pxor $y3, $t1 + pand $x0, $t0 + pand $x2, $t1 + pxor $x1, $x0 + pxor $x3, $x2 + pand $y0, $x1 + pand $y2, $x3 + pand $y1, $x0 + pand $y3, $x2 + pxor $x0, $x1 + pxor $x3, $x2 + pxor $t0, $x0 + pxor $t1, $x3 +___ +} +sub Mul_GF16_2 { +my @x=@_[0..7]; +my @y=@_[8..11]; +my @t=@_[12..15]; +$code.=<<___; + movdqa @x[0], @t[0] + movdqa @x[1], @t[1] +___ + &Mul_GF4 (@x[0], @x[1], @y[0], @y[1], @t[2]); +$code.=<<___; + pxor @x[2], @t[0] + pxor @x[3], @t[1] + pxor @y[2], @y[0] + pxor @y[3], @y[1] +___ + Mul_GF4_N_GF4 (@t[0], @t[1], @y[0], @y[1], @t[3], + @x[2], @x[3], @y[2], @y[3], @t[2]); +$code.=<<___; + pxor @t[0], @x[0] + pxor @t[0], @x[2] + pxor @t[1], @x[1] + pxor @t[1], @x[3] + + movdqa @x[4], @t[0] + movdqa @x[5], @t[1] + pxor @x[6], @t[0] + pxor @x[7], @t[1] +___ + &Mul_GF4_N_GF4 (@t[0], @t[1], @y[0], @y[1], @t[3], + @x[6], @x[7], @y[2], @y[3], @t[2]); +$code.=<<___; + pxor @y[2], @y[0] + pxor @y[3], @y[1] +___ + &Mul_GF4 (@x[4], @x[5], @y[0], @y[1], @t[3]); +$code.=<<___; + pxor @t[0], @x[4] + pxor @t[0], @x[6] + pxor @t[1], @x[5] + pxor @t[1], @x[7] +___ +} +sub Inv_GF256 { +#;******************************************************************** +#;* Inv_GF256: Input x0-x7 Output x0-x7 Temp t0-t3,s0-s3 (144) * +#;******************************************************************** +my @x=@_[0..7]; +my @t=@_[8..11]; +my @s=@_[12..15]; +# direct optimizations from hardware +$code.=<<___; + movdqa @x[4], @t[3] + movdqa @x[5], @t[2] + movdqa @x[1], @t[1] + movdqa @x[7], @s[1] + movdqa @x[0], @s[0] + + pxor @x[6], @t[3] + pxor @x[7], @t[2] + pxor @x[3], @t[1] + movdqa @t[3], @s[2] + pxor @x[6], @s[1] + movdqa @t[2], @t[0] + pxor @x[2], @s[0] + movdqa @t[3], @s[3] + + por @t[1], @t[2] + por @s[0], @t[3] + pxor @t[0], @s[3] + pand @s[0], @s[2] + pxor @t[1], @s[0] + pand @t[1], @t[0] + pand @s[0], @s[3] + movdqa @x[3], @s[0] + pxor @x[2], @s[0] + pand @s[0], @s[1] + pxor @s[1], @t[3] + pxor @s[1], @t[2] + movdqa @x[4], @s[1] + movdqa @x[1], @s[0] + pxor @x[5], @s[1] + pxor @x[0], @s[0] + movdqa @s[1], @t[1] + pand @s[0], @s[1] + por @s[0], @t[1] + pxor @s[1], @t[0] + pxor @s[3], @t[3] + pxor @s[2], @t[2] + pxor @s[3], @t[1] + movdqa @x[7], @s[0] + pxor @s[2], @t[0] + movdqa @x[6], @s[1] + pxor @s[2], @t[1] + movdqa @x[5], @s[2] + pand @x[3], @s[0] + movdqa @x[4], @s[3] + pand @x[2], @s[1] + pand @x[1], @s[2] + por @x[0], @s[3] + pxor @s[0], @t[3] + pxor @s[1], @t[2] + pxor @s[2], @t[1] + pxor @s[3], @t[0] + + #Inv_GF16 \t0, \t1, \t2, \t3, \s0, \s1, \s2, \s3 + + # new smaller inversion + + movdqa @t[3], @s[0] + pand @t[1], @t[3] + pxor @t[2], @s[0] + + movdqa @t[0], @s[2] + movdqa @s[0], @s[3] + pxor @t[3], @s[2] + pand @s[2], @s[3] + + movdqa @t[1], @s[1] + pxor @t[2], @s[3] + pxor @t[0], @s[1] + + pxor @t[2], @t[3] + + pand @t[3], @s[1] + + movdqa @s[2], @t[2] + pxor @t[0], @s[1] + + pxor @s[1], @t[2] + pxor @s[1], @t[1] + + pand @t[0], @t[2] + + pxor @t[2], @s[2] + pxor @t[2], @t[1] + + pand @s[3], @s[2] + + pxor @s[0], @s[2] +___ +# output in s3, s2, s1, t1 + +# Mul_GF16_2 \x0, \x1, \x2, \x3, \x4, \x5, \x6, \x7, \t2, \t3, \t0, \t1, \s0, \s1, \s2, \s3 + +# Mul_GF16_2 \x0, \x1, \x2, \x3, \x4, \x5, \x6, \x7, \s3, \s2, \s1, \t1, \s0, \t0, \t2, \t3 + &Mul_GF16_2(@x,@s[3,2,1],@t[1],@s[0],@t[0,2,3]); + +### output msb > [x3,x2,x1,x0,x7,x6,x5,x4] < lsb +} + +# AES linear components + +sub ShiftRows { +my @x=@_[0..7]; +my $mask=pop; +$code.=<<___; + pxor 0x00($key),@x[0] + pxor 0x10($key),@x[1] + pshufb $mask,@x[0] + pxor 0x20($key),@x[2] + pshufb $mask,@x[1] + pxor 0x30($key),@x[3] + pshufb $mask,@x[2] + pxor 0x40($key),@x[4] + pshufb $mask,@x[3] + pxor 0x50($key),@x[5] + pshufb $mask,@x[4] + pxor 0x60($key),@x[6] + pshufb $mask,@x[5] + pxor 0x70($key),@x[7] + pshufb $mask,@x[6] + lea 0x80($key),$key + pshufb $mask,@x[7] +___ +} + +sub MixColumns { +# modified to emit output in order suitable for feeding back to aesenc[last] +my @x=@_[0..7]; +my @t=@_[8..15]; +my $inv=@_[16]; # optional +$code.=<<___; + pshufd \$0x93, @x[0], @t[0] # x0 <<< 32 + pshufd \$0x93, @x[1], @t[1] + pxor @t[0], @x[0] # x0 ^ (x0 <<< 32) + pshufd \$0x93, @x[2], @t[2] + pxor @t[1], @x[1] + pshufd \$0x93, @x[3], @t[3] + pxor @t[2], @x[2] + pshufd \$0x93, @x[4], @t[4] + pxor @t[3], @x[3] + pshufd \$0x93, @x[5], @t[5] + pxor @t[4], @x[4] + pshufd \$0x93, @x[6], @t[6] + pxor @t[5], @x[5] + pshufd \$0x93, @x[7], @t[7] + pxor @t[6], @x[6] + pxor @t[7], @x[7] + + pxor @x[0], @t[1] + pxor @x[7], @t[0] + pxor @x[7], @t[1] + pshufd \$0x4E, @x[0], @x[0] # (x0 ^ (x0 <<< 32)) <<< 64) + pxor @x[1], @t[2] + pshufd \$0x4E, @x[1], @x[1] + pxor @x[4], @t[5] + pxor @t[0], @x[0] + pxor @x[5], @t[6] + pxor @t[1], @x[1] + pxor @x[3], @t[4] + pshufd \$0x4E, @x[4], @t[0] + pxor @x[6], @t[7] + pshufd \$0x4E, @x[5], @t[1] + pxor @x[2], @t[3] + pshufd \$0x4E, @x[3], @x[4] + pxor @x[7], @t[3] + pshufd \$0x4E, @x[7], @x[5] + pxor @x[7], @t[4] + pshufd \$0x4E, @x[6], @x[3] + pxor @t[4], @t[0] + pshufd \$0x4E, @x[2], @x[6] + pxor @t[5], @t[1] +___ +$code.=<<___ if (!$inv); + pxor @t[3], @x[4] + pxor @t[7], @x[5] + pxor @t[6], @x[3] + movdqa @t[0], @x[2] + pxor @t[2], @x[6] + movdqa @t[1], @x[7] +___ +$code.=<<___ if ($inv); + pxor @x[4], @t[3] + pxor @t[7], @x[5] + pxor @x[3], @t[6] + movdqa @t[0], @x[3] + pxor @t[2], @x[6] + movdqa @t[6], @x[2] + movdqa @t[1], @x[7] + movdqa @x[6], @x[4] + movdqa @t[3], @x[6] +___ +} + +sub InvMixColumns_orig { +my @x=@_[0..7]; +my @t=@_[8..15]; + +$code.=<<___; + # multiplication by 0x0e + pshufd \$0x93, @x[7], @t[7] + movdqa @x[2], @t[2] + pxor @x[5], @x[7] # 7 5 + pxor @x[5], @x[2] # 2 5 + pshufd \$0x93, @x[0], @t[0] + movdqa @x[5], @t[5] + pxor @x[0], @x[5] # 5 0 [1] + pxor @x[1], @x[0] # 0 1 + pshufd \$0x93, @x[1], @t[1] + pxor @x[2], @x[1] # 1 25 + pxor @x[6], @x[0] # 01 6 [2] + pxor @x[3], @x[1] # 125 3 [4] + pshufd \$0x93, @x[3], @t[3] + pxor @x[0], @x[2] # 25 016 [3] + pxor @x[7], @x[3] # 3 75 + pxor @x[6], @x[7] # 75 6 [0] + pshufd \$0x93, @x[6], @t[6] + movdqa @x[4], @t[4] + pxor @x[4], @x[6] # 6 4 + pxor @x[3], @x[4] # 4 375 [6] + pxor @x[7], @x[3] # 375 756=36 + pxor @t[5], @x[6] # 64 5 [7] + pxor @t[2], @x[3] # 36 2 + pxor @t[4], @x[3] # 362 4 [5] + pshufd \$0x93, @t[5], @t[5] +___ + my @y = @x[7,5,0,2,1,3,4,6]; +$code.=<<___; + # multiplication by 0x0b + pxor @y[0], @y[1] + pxor @t[0], @y[0] + pxor @t[1], @y[1] + pshufd \$0x93, @t[2], @t[2] + pxor @t[5], @y[0] + pxor @t[6], @y[1] + pxor @t[7], @y[0] + pshufd \$0x93, @t[4], @t[4] + pxor @t[6], @t[7] # clobber t[7] + pxor @y[0], @y[1] + + pxor @t[0], @y[3] + pshufd \$0x93, @t[0], @t[0] + pxor @t[1], @y[2] + pxor @t[1], @y[4] + pxor @t[2], @y[2] + pshufd \$0x93, @t[1], @t[1] + pxor @t[2], @y[3] + pxor @t[2], @y[5] + pxor @t[7], @y[2] + pshufd \$0x93, @t[2], @t[2] + pxor @t[3], @y[3] + pxor @t[3], @y[6] + pxor @t[3], @y[4] + pshufd \$0x93, @t[3], @t[3] + pxor @t[4], @y[7] + pxor @t[4], @y[5] + pxor @t[7], @y[7] + pxor @t[5], @y[3] + pxor @t[4], @y[4] + pxor @t[5], @t[7] # clobber t[7] even more + + pxor @t[7], @y[5] + pshufd \$0x93, @t[4], @t[4] + pxor @t[7], @y[6] + pxor @t[7], @y[4] + + pxor @t[5], @t[7] + pshufd \$0x93, @t[5], @t[5] + pxor @t[6], @t[7] # restore t[7] + + # multiplication by 0x0d + pxor @y[7], @y[4] + pxor @t[4], @y[7] + pshufd \$0x93, @t[6], @t[6] + pxor @t[0], @y[2] + pxor @t[5], @y[7] + pxor @t[2], @y[2] + pshufd \$0x93, @t[7], @t[7] + + pxor @y[1], @y[3] + pxor @t[1], @y[1] + pxor @t[0], @y[0] + pxor @t[0], @y[3] + pxor @t[5], @y[1] + pxor @t[5], @y[0] + pxor @t[7], @y[1] + pshufd \$0x93, @t[0], @t[0] + pxor @t[6], @y[0] + pxor @y[1], @y[3] + pxor @t[1], @y[4] + pshufd \$0x93, @t[1], @t[1] + + pxor @t[7], @y[7] + pxor @t[2], @y[4] + pxor @t[2], @y[5] + pshufd \$0x93, @t[2], @t[2] + pxor @t[6], @y[2] + pxor @t[3], @t[6] # clobber t[6] + pxor @y[7], @y[4] + pxor @t[6], @y[3] + + pxor @t[6], @y[6] + pxor @t[5], @y[5] + pxor @t[4], @y[6] + pshufd \$0x93, @t[4], @t[4] + pxor @t[6], @y[5] + pxor @t[7], @y[6] + pxor @t[3], @t[6] # restore t[6] + + pshufd \$0x93, @t[5], @t[5] + pshufd \$0x93, @t[6], @t[6] + pshufd \$0x93, @t[7], @t[7] + pshufd \$0x93, @t[3], @t[3] + + # multiplication by 0x09 + pxor @y[1], @y[4] + pxor @y[1], @t[1] # t[1]=y[1] + pxor @t[5], @t[0] # clobber t[0] + pxor @t[5], @t[1] + pxor @t[0], @y[3] + pxor @y[0], @t[0] # t[0]=y[0] + pxor @t[6], @t[1] + pxor @t[7], @t[6] # clobber t[6] + pxor @t[1], @y[4] + pxor @t[4], @y[7] + pxor @y[4], @t[4] # t[4]=y[4] + pxor @t[3], @y[6] + pxor @y[3], @t[3] # t[3]=y[3] + pxor @t[2], @y[5] + pxor @y[2], @t[2] # t[2]=y[2] + pxor @t[7], @t[3] + pxor @y[5], @t[5] # t[5]=y[5] + pxor @t[6], @t[2] + pxor @t[6], @t[5] + pxor @y[6], @t[6] # t[6]=y[6] + pxor @y[7], @t[7] # t[7]=y[7] + + movdqa @t[0],@XMM[0] + movdqa @t[1],@XMM[1] + movdqa @t[2],@XMM[2] + movdqa @t[3],@XMM[3] + movdqa @t[4],@XMM[4] + movdqa @t[5],@XMM[5] + movdqa @t[6],@XMM[6] + movdqa @t[7],@XMM[7] +___ +} + +sub InvMixColumns { +my @x=@_[0..7]; +my @t=@_[8..15]; + +# Thanks to Jussi Kivilinna for providing pointer to +# +# | 0e 0b 0d 09 | | 02 03 01 01 | | 05 00 04 00 | +# | 09 0e 0b 0d | = | 01 02 03 01 | x | 00 05 00 04 | +# | 0d 09 0e 0b | | 01 01 02 03 | | 04 00 05 00 | +# | 0b 0d 09 0e | | 03 01 01 02 | | 00 04 00 05 | + +$code.=<<___; + # multiplication by 0x05-0x00-0x04-0x00 + pshufd \$0x4E, @x[0], @t[0] + pshufd \$0x4E, @x[6], @t[6] + pxor @x[0], @t[0] + pshufd \$0x4E, @x[7], @t[7] + pxor @x[6], @t[6] + pshufd \$0x4E, @x[1], @t[1] + pxor @x[7], @t[7] + pshufd \$0x4E, @x[2], @t[2] + pxor @x[1], @t[1] + pshufd \$0x4E, @x[3], @t[3] + pxor @x[2], @t[2] + pxor @t[6], @x[0] + pxor @t[6], @x[1] + pshufd \$0x4E, @x[4], @t[4] + pxor @x[3], @t[3] + pxor @t[0], @x[2] + pxor @t[1], @x[3] + pshufd \$0x4E, @x[5], @t[5] + pxor @x[4], @t[4] + pxor @t[7], @x[1] + pxor @t[2], @x[4] + pxor @x[5], @t[5] + + pxor @t[7], @x[2] + pxor @t[6], @x[3] + pxor @t[6], @x[4] + pxor @t[3], @x[5] + pxor @t[4], @x[6] + pxor @t[7], @x[4] + pxor @t[7], @x[5] + pxor @t[5], @x[7] +___ + &MixColumns (@x,@t,1); # flipped 2<->3 and 4<->6 +} + +sub aesenc { # not used +my @b=@_[0..7]; +my @t=@_[8..15]; +$code.=<<___; + movdqa 0x30($const),@t[0] # .LSR +___ + &ShiftRows (@b,@t[0]); + &Sbox (@b,@t); + &MixColumns (@b[0,1,4,6,3,7,2,5],@t); +} + +sub aesenclast { # not used +my @b=@_[0..7]; +my @t=@_[8..15]; +$code.=<<___; + movdqa 0x40($const),@t[0] # .LSRM0 +___ + &ShiftRows (@b,@t[0]); + &Sbox (@b,@t); +$code.=<<___ + pxor 0x00($key),@b[0] + pxor 0x10($key),@b[1] + pxor 0x20($key),@b[4] + pxor 0x30($key),@b[6] + pxor 0x40($key),@b[3] + pxor 0x50($key),@b[7] + pxor 0x60($key),@b[2] + pxor 0x70($key),@b[5] +___ +} + +sub swapmove { +my ($a,$b,$n,$mask,$t)=@_; +$code.=<<___; + movdqa $b,$t + psrlq \$$n,$b + pxor $a,$b + pand $mask,$b + pxor $b,$a + psllq \$$n,$b + pxor $t,$b +___ +} +sub swapmove2x { +my ($a0,$b0,$a1,$b1,$n,$mask,$t0,$t1)=@_; +$code.=<<___; + movdqa $b0,$t0 + psrlq \$$n,$b0 + movdqa $b1,$t1 + psrlq \$$n,$b1 + pxor $a0,$b0 + pxor $a1,$b1 + pand $mask,$b0 + pand $mask,$b1 + pxor $b0,$a0 + psllq \$$n,$b0 + pxor $b1,$a1 + psllq \$$n,$b1 + pxor $t0,$b0 + pxor $t1,$b1 +___ +} + +sub bitslice { +my @x=reverse(@_[0..7]); +my ($t0,$t1,$t2,$t3)=@_[8..11]; +$code.=<<___; + movdqa 0x00($const),$t0 # .LBS0 + movdqa 0x10($const),$t1 # .LBS1 +___ + &swapmove2x(@x[0,1,2,3],1,$t0,$t2,$t3); + &swapmove2x(@x[4,5,6,7],1,$t0,$t2,$t3); +$code.=<<___; + movdqa 0x20($const),$t0 # .LBS2 +___ + &swapmove2x(@x[0,2,1,3],2,$t1,$t2,$t3); + &swapmove2x(@x[4,6,5,7],2,$t1,$t2,$t3); + + &swapmove2x(@x[0,4,1,5],4,$t0,$t2,$t3); + &swapmove2x(@x[2,6,3,7],4,$t0,$t2,$t3); +} + +$code.=<<___; +.text + +.extern asm_AES_encrypt +.extern asm_AES_decrypt + +.type _bsaes_encrypt8,\@abi-omnipotent +.align 64 +_bsaes_encrypt8: + lea .LBS0(%rip), $const # constants table + + movdqa ($key), @XMM[9] # round 0 key + lea 0x10($key), $key + movdqa 0x50($const), @XMM[8] # .LM0SR + pxor @XMM[9], @XMM[0] # xor with round0 key + pxor @XMM[9], @XMM[1] + pshufb @XMM[8], @XMM[0] + pxor @XMM[9], @XMM[2] + pshufb @XMM[8], @XMM[1] + pxor @XMM[9], @XMM[3] + pshufb @XMM[8], @XMM[2] + pxor @XMM[9], @XMM[4] + pshufb @XMM[8], @XMM[3] + pxor @XMM[9], @XMM[5] + pshufb @XMM[8], @XMM[4] + pxor @XMM[9], @XMM[6] + pshufb @XMM[8], @XMM[5] + pxor @XMM[9], @XMM[7] + pshufb @XMM[8], @XMM[6] + pshufb @XMM[8], @XMM[7] +_bsaes_encrypt8_bitslice: +___ + &bitslice (@XMM[0..7, 8..11]); +$code.=<<___; + dec $rounds + jmp .Lenc_sbox +.align 16 +.Lenc_loop: +___ + &ShiftRows (@XMM[0..7, 8]); +$code.=".Lenc_sbox:\n"; + &Sbox (@XMM[0..7, 8..15]); +$code.=<<___; + dec $rounds + jl .Lenc_done +___ + &MixColumns (@XMM[0,1,4,6,3,7,2,5, 8..15]); +$code.=<<___; + movdqa 0x30($const), @XMM[8] # .LSR + jnz .Lenc_loop + movdqa 0x40($const), @XMM[8] # .LSRM0 + jmp .Lenc_loop +.align 16 +.Lenc_done: +___ + # output in lsb > [t0, t1, t4, t6, t3, t7, t2, t5] < msb + &bitslice (@XMM[0,1,4,6,3,7,2,5, 8..11]); +$code.=<<___; + movdqa ($key), @XMM[8] # last round key + pxor @XMM[8], @XMM[4] + pxor @XMM[8], @XMM[6] + pxor @XMM[8], @XMM[3] + pxor @XMM[8], @XMM[7] + pxor @XMM[8], @XMM[2] + pxor @XMM[8], @XMM[5] + pxor @XMM[8], @XMM[0] + pxor @XMM[8], @XMM[1] + ret +.size _bsaes_encrypt8,.-_bsaes_encrypt8 + +.type _bsaes_decrypt8,\@abi-omnipotent +.align 64 +_bsaes_decrypt8: + lea .LBS0(%rip), $const # constants table + + movdqa ($key), @XMM[9] # round 0 key + lea 0x10($key), $key + movdqa -0x30($const), @XMM[8] # .LM0ISR + pxor @XMM[9], @XMM[0] # xor with round0 key + pxor @XMM[9], @XMM[1] + pshufb @XMM[8], @XMM[0] + pxor @XMM[9], @XMM[2] + pshufb @XMM[8], @XMM[1] + pxor @XMM[9], @XMM[3] + pshufb @XMM[8], @XMM[2] + pxor @XMM[9], @XMM[4] + pshufb @XMM[8], @XMM[3] + pxor @XMM[9], @XMM[5] + pshufb @XMM[8], @XMM[4] + pxor @XMM[9], @XMM[6] + pshufb @XMM[8], @XMM[5] + pxor @XMM[9], @XMM[7] + pshufb @XMM[8], @XMM[6] + pshufb @XMM[8], @XMM[7] +___ + &bitslice (@XMM[0..7, 8..11]); +$code.=<<___; + dec $rounds + jmp .Ldec_sbox +.align 16 +.Ldec_loop: +___ + &ShiftRows (@XMM[0..7, 8]); +$code.=".Ldec_sbox:\n"; + &InvSbox (@XMM[0..7, 8..15]); +$code.=<<___; + dec $rounds + jl .Ldec_done +___ + &InvMixColumns (@XMM[0,1,6,4,2,7,3,5, 8..15]); +$code.=<<___; + movdqa -0x10($const), @XMM[8] # .LISR + jnz .Ldec_loop + movdqa -0x20($const), @XMM[8] # .LISRM0 + jmp .Ldec_loop +.align 16 +.Ldec_done: +___ + &bitslice (@XMM[0,1,6,4,2,7,3,5, 8..11]); +$code.=<<___; + movdqa ($key), @XMM[8] # last round key + pxor @XMM[8], @XMM[6] + pxor @XMM[8], @XMM[4] + pxor @XMM[8], @XMM[2] + pxor @XMM[8], @XMM[7] + pxor @XMM[8], @XMM[3] + pxor @XMM[8], @XMM[5] + pxor @XMM[8], @XMM[0] + pxor @XMM[8], @XMM[1] + ret +.size _bsaes_decrypt8,.-_bsaes_decrypt8 +___ +} +{ +my ($out,$inp,$rounds,$const)=("%rax","%rcx","%r10d","%r11"); + +sub bitslice_key { +my @x=reverse(@_[0..7]); +my ($bs0,$bs1,$bs2,$t2,$t3)=@_[8..12]; + + &swapmove (@x[0,1],1,$bs0,$t2,$t3); +$code.=<<___; + #&swapmove(@x[2,3],1,$t0,$t2,$t3); + movdqa @x[0], @x[2] + movdqa @x[1], @x[3] +___ + #&swapmove2x(@x[4,5,6,7],1,$t0,$t2,$t3); + + &swapmove2x (@x[0,2,1,3],2,$bs1,$t2,$t3); +$code.=<<___; + #&swapmove2x(@x[4,6,5,7],2,$t1,$t2,$t3); + movdqa @x[0], @x[4] + movdqa @x[2], @x[6] + movdqa @x[1], @x[5] + movdqa @x[3], @x[7] +___ + &swapmove2x (@x[0,4,1,5],4,$bs2,$t2,$t3); + &swapmove2x (@x[2,6,3,7],4,$bs2,$t2,$t3); +} + +$code.=<<___; +.type _bsaes_key_convert,\@abi-omnipotent +.align 16 +_bsaes_key_convert: + lea .Lmasks(%rip), $const + movdqu ($inp), %xmm7 # load round 0 key + lea 0x10($inp), $inp + movdqa 0x00($const), %xmm0 # 0x01... + movdqa 0x10($const), %xmm1 # 0x02... + movdqa 0x20($const), %xmm2 # 0x04... + movdqa 0x30($const), %xmm3 # 0x08... + movdqa 0x40($const), %xmm4 # .LM0 + pcmpeqd %xmm5, %xmm5 # .LNOT + + movdqu ($inp), %xmm6 # load round 1 key + movdqa %xmm7, ($out) # save round 0 key + lea 0x10($out), $out + dec $rounds + jmp .Lkey_loop +.align 16 +.Lkey_loop: + pshufb %xmm4, %xmm6 # .LM0 + + movdqa %xmm0, %xmm8 + movdqa %xmm1, %xmm9 + + pand %xmm6, %xmm8 + pand %xmm6, %xmm9 + movdqa %xmm2, %xmm10 + pcmpeqb %xmm0, %xmm8 + psllq \$4, %xmm0 # 0x10... + movdqa %xmm3, %xmm11 + pcmpeqb %xmm1, %xmm9 + psllq \$4, %xmm1 # 0x20... + + pand %xmm6, %xmm10 + pand %xmm6, %xmm11 + movdqa %xmm0, %xmm12 + pcmpeqb %xmm2, %xmm10 + psllq \$4, %xmm2 # 0x40... + movdqa %xmm1, %xmm13 + pcmpeqb %xmm3, %xmm11 + psllq \$4, %xmm3 # 0x80... + + movdqa %xmm2, %xmm14 + movdqa %xmm3, %xmm15 + pxor %xmm5, %xmm8 # "pnot" + pxor %xmm5, %xmm9 + + pand %xmm6, %xmm12 + pand %xmm6, %xmm13 + movdqa %xmm8, 0x00($out) # write bit-sliced round key + pcmpeqb %xmm0, %xmm12 + psrlq \$4, %xmm0 # 0x01... + movdqa %xmm9, 0x10($out) + pcmpeqb %xmm1, %xmm13 + psrlq \$4, %xmm1 # 0x02... + lea 0x10($inp), $inp + + pand %xmm6, %xmm14 + pand %xmm6, %xmm15 + movdqa %xmm10, 0x20($out) + pcmpeqb %xmm2, %xmm14 + psrlq \$4, %xmm2 # 0x04... + movdqa %xmm11, 0x30($out) + pcmpeqb %xmm3, %xmm15 + psrlq \$4, %xmm3 # 0x08... + movdqu ($inp), %xmm6 # load next round key + + pxor %xmm5, %xmm13 # "pnot" + pxor %xmm5, %xmm14 + movdqa %xmm12, 0x40($out) + movdqa %xmm13, 0x50($out) + movdqa %xmm14, 0x60($out) + movdqa %xmm15, 0x70($out) + lea 0x80($out),$out + dec $rounds + jnz .Lkey_loop + + movdqa 0x50($const), %xmm7 # .L63 + #movdqa %xmm6, ($out) # don't save last round key + ret +.size _bsaes_key_convert,.-_bsaes_key_convert +___ +} + +if (0 && !$win64) { # following four functions are unsupported interface + # used for benchmarking... +$code.=<<___; +.globl bsaes_enc_key_convert +.type bsaes_enc_key_convert,\@function,2 +.align 16 +bsaes_enc_key_convert: + mov 240($inp),%r10d # pass rounds + mov $inp,%rcx # pass key + mov $out,%rax # pass key schedule + call _bsaes_key_convert + pxor %xmm6,%xmm7 # fix up last round key + movdqa %xmm7,(%rax) # save last round key + ret +.size bsaes_enc_key_convert,.-bsaes_enc_key_convert + +.globl bsaes_encrypt_128 +.type bsaes_encrypt_128,\@function,4 +.align 16 +bsaes_encrypt_128: +.Lenc128_loop: + movdqu 0x00($inp), @XMM[0] # load input + movdqu 0x10($inp), @XMM[1] + movdqu 0x20($inp), @XMM[2] + movdqu 0x30($inp), @XMM[3] + movdqu 0x40($inp), @XMM[4] + movdqu 0x50($inp), @XMM[5] + movdqu 0x60($inp), @XMM[6] + movdqu 0x70($inp), @XMM[7] + mov $key, %rax # pass the $key + lea 0x80($inp), $inp + mov \$10,%r10d + + call _bsaes_encrypt8 + + movdqu @XMM[0], 0x00($out) # write output + movdqu @XMM[1], 0x10($out) + movdqu @XMM[4], 0x20($out) + movdqu @XMM[6], 0x30($out) + movdqu @XMM[3], 0x40($out) + movdqu @XMM[7], 0x50($out) + movdqu @XMM[2], 0x60($out) + movdqu @XMM[5], 0x70($out) + lea 0x80($out), $out + sub \$0x80,$len + ja .Lenc128_loop + ret +.size bsaes_encrypt_128,.-bsaes_encrypt_128 + +.globl bsaes_dec_key_convert +.type bsaes_dec_key_convert,\@function,2 +.align 16 +bsaes_dec_key_convert: + mov 240($inp),%r10d # pass rounds + mov $inp,%rcx # pass key + mov $out,%rax # pass key schedule + call _bsaes_key_convert + pxor ($out),%xmm7 # fix up round 0 key + movdqa %xmm6,(%rax) # save last round key + movdqa %xmm7,($out) + ret +.size bsaes_dec_key_convert,.-bsaes_dec_key_convert + +.globl bsaes_decrypt_128 +.type bsaes_decrypt_128,\@function,4 +.align 16 +bsaes_decrypt_128: +.Ldec128_loop: + movdqu 0x00($inp), @XMM[0] # load input + movdqu 0x10($inp), @XMM[1] + movdqu 0x20($inp), @XMM[2] + movdqu 0x30($inp), @XMM[3] + movdqu 0x40($inp), @XMM[4] + movdqu 0x50($inp), @XMM[5] + movdqu 0x60($inp), @XMM[6] + movdqu 0x70($inp), @XMM[7] + mov $key, %rax # pass the $key + lea 0x80($inp), $inp + mov \$10,%r10d + + call _bsaes_decrypt8 + + movdqu @XMM[0], 0x00($out) # write output + movdqu @XMM[1], 0x10($out) + movdqu @XMM[6], 0x20($out) + movdqu @XMM[4], 0x30($out) + movdqu @XMM[2], 0x40($out) + movdqu @XMM[7], 0x50($out) + movdqu @XMM[3], 0x60($out) + movdqu @XMM[5], 0x70($out) + lea 0x80($out), $out + sub \$0x80,$len + ja .Ldec128_loop + ret +.size bsaes_decrypt_128,.-bsaes_decrypt_128 +___ +} +{ +###################################################################### +# +# OpenSSL interface +# +my ($arg1,$arg2,$arg3,$arg4,$arg5,$arg6)=$win64 ? ("%rcx","%rdx","%r8","%r9","%r10","%r11d") + : ("%rdi","%rsi","%rdx","%rcx","%r8","%r9d"); +my ($inp,$out,$len,$key)=("%r12","%r13","%r14","%r15"); + +if ($ecb) { +$code.=<<___; +.globl bsaes_ecb_encrypt_blocks +.type bsaes_ecb_encrypt_blocks,\@abi-omnipotent +.align 16 +bsaes_ecb_encrypt_blocks: + mov %rsp, %rax +.Lecb_enc_prologue: + push %rbp + push %rbx + push %r12 + push %r13 + push %r14 + push %r15 + lea -0x48(%rsp),%rsp +___ +$code.=<<___ if ($win64); + lea -0xa0(%rsp), %rsp + movaps %xmm6, 0x40(%rsp) + movaps %xmm7, 0x50(%rsp) + movaps %xmm8, 0x60(%rsp) + movaps %xmm9, 0x70(%rsp) + movaps %xmm10, 0x80(%rsp) + movaps %xmm11, 0x90(%rsp) + movaps %xmm12, 0xa0(%rsp) + movaps %xmm13, 0xb0(%rsp) + movaps %xmm14, 0xc0(%rsp) + movaps %xmm15, 0xd0(%rsp) +.Lecb_enc_body: +___ +$code.=<<___; + mov %rsp,%rbp # backup %rsp + mov 240($arg4),%eax # rounds + mov $arg1,$inp # backup arguments + mov $arg2,$out + mov $arg3,$len + mov $arg4,$key + cmp \$8,$arg3 + jb .Lecb_enc_short + + mov %eax,%ebx # backup rounds + shl \$7,%rax # 128 bytes per inner round key + sub \$`128-32`,%rax # size of bit-sliced key schedule + sub %rax,%rsp + mov %rsp,%rax # pass key schedule + mov $key,%rcx # pass key + mov %ebx,%r10d # pass rounds + call _bsaes_key_convert + pxor %xmm6,%xmm7 # fix up last round key + movdqa %xmm7,(%rax) # save last round key + + sub \$8,$len +.Lecb_enc_loop: + movdqu 0x00($inp), @XMM[0] # load input + movdqu 0x10($inp), @XMM[1] + movdqu 0x20($inp), @XMM[2] + movdqu 0x30($inp), @XMM[3] + movdqu 0x40($inp), @XMM[4] + movdqu 0x50($inp), @XMM[5] + mov %rsp, %rax # pass key schedule + movdqu 0x60($inp), @XMM[6] + mov %ebx,%r10d # pass rounds + movdqu 0x70($inp), @XMM[7] + lea 0x80($inp), $inp + + call _bsaes_encrypt8 + + movdqu @XMM[0], 0x00($out) # write output + movdqu @XMM[1], 0x10($out) + movdqu @XMM[4], 0x20($out) + movdqu @XMM[6], 0x30($out) + movdqu @XMM[3], 0x40($out) + movdqu @XMM[7], 0x50($out) + movdqu @XMM[2], 0x60($out) + movdqu @XMM[5], 0x70($out) + lea 0x80($out), $out + sub \$8,$len + jnc .Lecb_enc_loop + + add \$8,$len + jz .Lecb_enc_done + + movdqu 0x00($inp), @XMM[0] # load input + mov %rsp, %rax # pass key schedule + mov %ebx,%r10d # pass rounds + cmp \$2,$len + jb .Lecb_enc_one + movdqu 0x10($inp), @XMM[1] + je .Lecb_enc_two + movdqu 0x20($inp), @XMM[2] + cmp \$4,$len + jb .Lecb_enc_three + movdqu 0x30($inp), @XMM[3] + je .Lecb_enc_four + movdqu 0x40($inp), @XMM[4] + cmp \$6,$len + jb .Lecb_enc_five + movdqu 0x50($inp), @XMM[5] + je .Lecb_enc_six + movdqu 0x60($inp), @XMM[6] + call _bsaes_encrypt8 + movdqu @XMM[0], 0x00($out) # write output + movdqu @XMM[1], 0x10($out) + movdqu @XMM[4], 0x20($out) + movdqu @XMM[6], 0x30($out) + movdqu @XMM[3], 0x40($out) + movdqu @XMM[7], 0x50($out) + movdqu @XMM[2], 0x60($out) + jmp .Lecb_enc_done +.align 16 +.Lecb_enc_six: + call _bsaes_encrypt8 + movdqu @XMM[0], 0x00($out) # write output + movdqu @XMM[1], 0x10($out) + movdqu @XMM[4], 0x20($out) + movdqu @XMM[6], 0x30($out) + movdqu @XMM[3], 0x40($out) + movdqu @XMM[7], 0x50($out) + jmp .Lecb_enc_done +.align 16 +.Lecb_enc_five: + call _bsaes_encrypt8 + movdqu @XMM[0], 0x00($out) # write output + movdqu @XMM[1], 0x10($out) + movdqu @XMM[4], 0x20($out) + movdqu @XMM[6], 0x30($out) + movdqu @XMM[3], 0x40($out) + jmp .Lecb_enc_done +.align 16 +.Lecb_enc_four: + call _bsaes_encrypt8 + movdqu @XMM[0], 0x00($out) # write output + movdqu @XMM[1], 0x10($out) + movdqu @XMM[4], 0x20($out) + movdqu @XMM[6], 0x30($out) + jmp .Lecb_enc_done +.align 16 +.Lecb_enc_three: + call _bsaes_encrypt8 + movdqu @XMM[0], 0x00($out) # write output + movdqu @XMM[1], 0x10($out) + movdqu @XMM[4], 0x20($out) + jmp .Lecb_enc_done +.align 16 +.Lecb_enc_two: + call _bsaes_encrypt8 + movdqu @XMM[0], 0x00($out) # write output + movdqu @XMM[1], 0x10($out) + jmp .Lecb_enc_done +.align 16 +.Lecb_enc_one: + call _bsaes_encrypt8 + movdqu @XMM[0], 0x00($out) # write output + jmp .Lecb_enc_done +.align 16 +.Lecb_enc_short: + lea ($inp), $arg1 + lea ($out), $arg2 + lea ($key), $arg3 + call asm_AES_encrypt + lea 16($inp), $inp + lea 16($out), $out + dec $len + jnz .Lecb_enc_short + +.Lecb_enc_done: + lea (%rsp),%rax + pxor %xmm0, %xmm0 +.Lecb_enc_bzero: # wipe key schedule [if any] + movdqa %xmm0, 0x00(%rax) + movdqa %xmm0, 0x10(%rax) + lea 0x20(%rax), %rax + cmp %rax, %rbp + jb .Lecb_enc_bzero + + lea (%rbp),%rsp # restore %rsp +___ +$code.=<<___ if ($win64); + movaps 0x40(%rbp), %xmm6 + movaps 0x50(%rbp), %xmm7 + movaps 0x60(%rbp), %xmm8 + movaps 0x70(%rbp), %xmm9 + movaps 0x80(%rbp), %xmm10 + movaps 0x90(%rbp), %xmm11 + movaps 0xa0(%rbp), %xmm12 + movaps 0xb0(%rbp), %xmm13 + movaps 0xc0(%rbp), %xmm14 + movaps 0xd0(%rbp), %xmm15 + lea 0xa0(%rbp), %rsp +___ +$code.=<<___; + mov 0x48(%rsp), %r15 + mov 0x50(%rsp), %r14 + mov 0x58(%rsp), %r13 + mov 0x60(%rsp), %r12 + mov 0x68(%rsp), %rbx + mov 0x70(%rsp), %rax + lea 0x78(%rsp), %rsp + mov %rax, %rbp +.Lecb_enc_epilogue: + ret +.size bsaes_ecb_encrypt_blocks,.-bsaes_ecb_encrypt_blocks + +.globl bsaes_ecb_decrypt_blocks +.type bsaes_ecb_decrypt_blocks,\@abi-omnipotent +.align 16 +bsaes_ecb_decrypt_blocks: + mov %rsp, %rax +.Lecb_dec_prologue: + push %rbp + push %rbx + push %r12 + push %r13 + push %r14 + push %r15 + lea -0x48(%rsp),%rsp +___ +$code.=<<___ if ($win64); + lea -0xa0(%rsp), %rsp + movaps %xmm6, 0x40(%rsp) + movaps %xmm7, 0x50(%rsp) + movaps %xmm8, 0x60(%rsp) + movaps %xmm9, 0x70(%rsp) + movaps %xmm10, 0x80(%rsp) + movaps %xmm11, 0x90(%rsp) + movaps %xmm12, 0xa0(%rsp) + movaps %xmm13, 0xb0(%rsp) + movaps %xmm14, 0xc0(%rsp) + movaps %xmm15, 0xd0(%rsp) +.Lecb_dec_body: +___ +$code.=<<___; + mov %rsp,%rbp # backup %rsp + mov 240($arg4),%eax # rounds + mov $arg1,$inp # backup arguments + mov $arg2,$out + mov $arg3,$len + mov $arg4,$key + cmp \$8,$arg3 + jb .Lecb_dec_short + + mov %eax,%ebx # backup rounds + shl \$7,%rax # 128 bytes per inner round key + sub \$`128-32`,%rax # size of bit-sliced key schedule + sub %rax,%rsp + mov %rsp,%rax # pass key schedule + mov $key,%rcx # pass key + mov %ebx,%r10d # pass rounds + call _bsaes_key_convert + pxor (%rsp),%xmm7 # fix up 0 round key + movdqa %xmm6,(%rax) # save last round key + movdqa %xmm7,(%rsp) + + sub \$8,$len +.Lecb_dec_loop: + movdqu 0x00($inp), @XMM[0] # load input + movdqu 0x10($inp), @XMM[1] + movdqu 0x20($inp), @XMM[2] + movdqu 0x30($inp), @XMM[3] + movdqu 0x40($inp), @XMM[4] + movdqu 0x50($inp), @XMM[5] + mov %rsp, %rax # pass key schedule + movdqu 0x60($inp), @XMM[6] + mov %ebx,%r10d # pass rounds + movdqu 0x70($inp), @XMM[7] + lea 0x80($inp), $inp + + call _bsaes_decrypt8 + + movdqu @XMM[0], 0x00($out) # write output + movdqu @XMM[1], 0x10($out) + movdqu @XMM[6], 0x20($out) + movdqu @XMM[4], 0x30($out) + movdqu @XMM[2], 0x40($out) + movdqu @XMM[7], 0x50($out) + movdqu @XMM[3], 0x60($out) + movdqu @XMM[5], 0x70($out) + lea 0x80($out), $out + sub \$8,$len + jnc .Lecb_dec_loop + + add \$8,$len + jz .Lecb_dec_done + + movdqu 0x00($inp), @XMM[0] # load input + mov %rsp, %rax # pass key schedule + mov %ebx,%r10d # pass rounds + cmp \$2,$len + jb .Lecb_dec_one + movdqu 0x10($inp), @XMM[1] + je .Lecb_dec_two + movdqu 0x20($inp), @XMM[2] + cmp \$4,$len + jb .Lecb_dec_three + movdqu 0x30($inp), @XMM[3] + je .Lecb_dec_four + movdqu 0x40($inp), @XMM[4] + cmp \$6,$len + jb .Lecb_dec_five + movdqu 0x50($inp), @XMM[5] + je .Lecb_dec_six + movdqu 0x60($inp), @XMM[6] + call _bsaes_decrypt8 + movdqu @XMM[0], 0x00($out) # write output + movdqu @XMM[1], 0x10($out) + movdqu @XMM[6], 0x20($out) + movdqu @XMM[4], 0x30($out) + movdqu @XMM[2], 0x40($out) + movdqu @XMM[7], 0x50($out) + movdqu @XMM[3], 0x60($out) + jmp .Lecb_dec_done +.align 16 +.Lecb_dec_six: + call _bsaes_decrypt8 + movdqu @XMM[0], 0x00($out) # write output + movdqu @XMM[1], 0x10($out) + movdqu @XMM[6], 0x20($out) + movdqu @XMM[4], 0x30($out) + movdqu @XMM[2], 0x40($out) + movdqu @XMM[7], 0x50($out) + jmp .Lecb_dec_done +.align 16 +.Lecb_dec_five: + call _bsaes_decrypt8 + movdqu @XMM[0], 0x00($out) # write output + movdqu @XMM[1], 0x10($out) + movdqu @XMM[6], 0x20($out) + movdqu @XMM[4], 0x30($out) + movdqu @XMM[2], 0x40($out) + jmp .Lecb_dec_done +.align 16 +.Lecb_dec_four: + call _bsaes_decrypt8 + movdqu @XMM[0], 0x00($out) # write output + movdqu @XMM[1], 0x10($out) + movdqu @XMM[6], 0x20($out) + movdqu @XMM[4], 0x30($out) + jmp .Lecb_dec_done +.align 16 +.Lecb_dec_three: + call _bsaes_decrypt8 + movdqu @XMM[0], 0x00($out) # write output + movdqu @XMM[1], 0x10($out) + movdqu @XMM[6], 0x20($out) + jmp .Lecb_dec_done +.align 16 +.Lecb_dec_two: + call _bsaes_decrypt8 + movdqu @XMM[0], 0x00($out) # write output + movdqu @XMM[1], 0x10($out) + jmp .Lecb_dec_done +.align 16 +.Lecb_dec_one: + call _bsaes_decrypt8 + movdqu @XMM[0], 0x00($out) # write output + jmp .Lecb_dec_done +.align 16 +.Lecb_dec_short: + lea ($inp), $arg1 + lea ($out), $arg2 + lea ($key), $arg3 + call asm_AES_decrypt + lea 16($inp), $inp + lea 16($out), $out + dec $len + jnz .Lecb_dec_short + +.Lecb_dec_done: + lea (%rsp),%rax + pxor %xmm0, %xmm0 +.Lecb_dec_bzero: # wipe key schedule [if any] + movdqa %xmm0, 0x00(%rax) + movdqa %xmm0, 0x10(%rax) + lea 0x20(%rax), %rax + cmp %rax, %rbp + jb .Lecb_dec_bzero + + lea (%rbp),%rsp # restore %rsp +___ +$code.=<<___ if ($win64); + movaps 0x40(%rbp), %xmm6 + movaps 0x50(%rbp), %xmm7 + movaps 0x60(%rbp), %xmm8 + movaps 0x70(%rbp), %xmm9 + movaps 0x80(%rbp), %xmm10 + movaps 0x90(%rbp), %xmm11 + movaps 0xa0(%rbp), %xmm12 + movaps 0xb0(%rbp), %xmm13 + movaps 0xc0(%rbp), %xmm14 + movaps 0xd0(%rbp), %xmm15 + lea 0xa0(%rbp), %rsp +___ +$code.=<<___; + mov 0x48(%rsp), %r15 + mov 0x50(%rsp), %r14 + mov 0x58(%rsp), %r13 + mov 0x60(%rsp), %r12 + mov 0x68(%rsp), %rbx + mov 0x70(%rsp), %rax + lea 0x78(%rsp), %rsp + mov %rax, %rbp +.Lecb_dec_epilogue: + ret +.size bsaes_ecb_decrypt_blocks,.-bsaes_ecb_decrypt_blocks +___ +} +$code.=<<___; +.extern asm_AES_cbc_encrypt +.globl bsaes_cbc_encrypt +.type bsaes_cbc_encrypt,\@abi-omnipotent +.align 16 +bsaes_cbc_encrypt: +___ +$code.=<<___ if ($win64); + mov 48(%rsp),$arg6 # pull direction flag +___ +$code.=<<___; + cmp \$0,$arg6 + jne asm_AES_cbc_encrypt + cmp \$128,$arg3 + jb asm_AES_cbc_encrypt + + mov %rsp, %rax +.Lcbc_dec_prologue: + push %rbp + push %rbx + push %r12 + push %r13 + push %r14 + push %r15 + lea -0x48(%rsp), %rsp +___ +$code.=<<___ if ($win64); + mov 0xa0(%rsp),$arg5 # pull ivp + lea -0xa0(%rsp), %rsp + movaps %xmm6, 0x40(%rsp) + movaps %xmm7, 0x50(%rsp) + movaps %xmm8, 0x60(%rsp) + movaps %xmm9, 0x70(%rsp) + movaps %xmm10, 0x80(%rsp) + movaps %xmm11, 0x90(%rsp) + movaps %xmm12, 0xa0(%rsp) + movaps %xmm13, 0xb0(%rsp) + movaps %xmm14, 0xc0(%rsp) + movaps %xmm15, 0xd0(%rsp) +.Lcbc_dec_body: +___ +$code.=<<___; + mov %rsp, %rbp # backup %rsp + mov 240($arg4), %eax # rounds + mov $arg1, $inp # backup arguments + mov $arg2, $out + mov $arg3, $len + mov $arg4, $key + mov $arg5, %rbx + shr \$4, $len # bytes to blocks + + mov %eax, %edx # rounds + shl \$7, %rax # 128 bytes per inner round key + sub \$`128-32`, %rax # size of bit-sliced key schedule + sub %rax, %rsp + + mov %rsp, %rax # pass key schedule + mov $key, %rcx # pass key + mov %edx, %r10d # pass rounds + call _bsaes_key_convert + pxor (%rsp),%xmm7 # fix up 0 round key + movdqa %xmm6,(%rax) # save last round key + movdqa %xmm7,(%rsp) + + movdqu (%rbx), @XMM[15] # load IV + sub \$8,$len +.Lcbc_dec_loop: + movdqu 0x00($inp), @XMM[0] # load input + movdqu 0x10($inp), @XMM[1] + movdqu 0x20($inp), @XMM[2] + movdqu 0x30($inp), @XMM[3] + movdqu 0x40($inp), @XMM[4] + movdqu 0x50($inp), @XMM[5] + mov %rsp, %rax # pass key schedule + movdqu 0x60($inp), @XMM[6] + mov %edx,%r10d # pass rounds + movdqu 0x70($inp), @XMM[7] + movdqa @XMM[15], 0x20(%rbp) # put aside IV + + call _bsaes_decrypt8 + + pxor 0x20(%rbp), @XMM[0] # ^= IV + movdqu 0x00($inp), @XMM[8] # re-load input + movdqu 0x10($inp), @XMM[9] + pxor @XMM[8], @XMM[1] + movdqu 0x20($inp), @XMM[10] + pxor @XMM[9], @XMM[6] + movdqu 0x30($inp), @XMM[11] + pxor @XMM[10], @XMM[4] + movdqu 0x40($inp), @XMM[12] + pxor @XMM[11], @XMM[2] + movdqu 0x50($inp), @XMM[13] + pxor @XMM[12], @XMM[7] + movdqu 0x60($inp), @XMM[14] + pxor @XMM[13], @XMM[3] + movdqu 0x70($inp), @XMM[15] # IV + pxor @XMM[14], @XMM[5] + movdqu @XMM[0], 0x00($out) # write output + lea 0x80($inp), $inp + movdqu @XMM[1], 0x10($out) + movdqu @XMM[6], 0x20($out) + movdqu @XMM[4], 0x30($out) + movdqu @XMM[2], 0x40($out) + movdqu @XMM[7], 0x50($out) + movdqu @XMM[3], 0x60($out) + movdqu @XMM[5], 0x70($out) + lea 0x80($out), $out + sub \$8,$len + jnc .Lcbc_dec_loop + + add \$8,$len + jz .Lcbc_dec_done + + movdqu 0x00($inp), @XMM[0] # load input + mov %rsp, %rax # pass key schedule + mov %edx, %r10d # pass rounds + cmp \$2,$len + jb .Lcbc_dec_one + movdqu 0x10($inp), @XMM[1] + je .Lcbc_dec_two + movdqu 0x20($inp), @XMM[2] + cmp \$4,$len + jb .Lcbc_dec_three + movdqu 0x30($inp), @XMM[3] + je .Lcbc_dec_four + movdqu 0x40($inp), @XMM[4] + cmp \$6,$len + jb .Lcbc_dec_five + movdqu 0x50($inp), @XMM[5] + je .Lcbc_dec_six + movdqu 0x60($inp), @XMM[6] + movdqa @XMM[15], 0x20(%rbp) # put aside IV + call _bsaes_decrypt8 + pxor 0x20(%rbp), @XMM[0] # ^= IV + movdqu 0x00($inp), @XMM[8] # re-load input + movdqu 0x10($inp), @XMM[9] + pxor @XMM[8], @XMM[1] + movdqu 0x20($inp), @XMM[10] + pxor @XMM[9], @XMM[6] + movdqu 0x30($inp), @XMM[11] + pxor @XMM[10], @XMM[4] + movdqu 0x40($inp), @XMM[12] + pxor @XMM[11], @XMM[2] + movdqu 0x50($inp), @XMM[13] + pxor @XMM[12], @XMM[7] + movdqu 0x60($inp), @XMM[15] # IV + pxor @XMM[13], @XMM[3] + movdqu @XMM[0], 0x00($out) # write output + movdqu @XMM[1], 0x10($out) + movdqu @XMM[6], 0x20($out) + movdqu @XMM[4], 0x30($out) + movdqu @XMM[2], 0x40($out) + movdqu @XMM[7], 0x50($out) + movdqu @XMM[3], 0x60($out) + jmp .Lcbc_dec_done +.align 16 +.Lcbc_dec_six: + movdqa @XMM[15], 0x20(%rbp) # put aside IV + call _bsaes_decrypt8 + pxor 0x20(%rbp), @XMM[0] # ^= IV + movdqu 0x00($inp), @XMM[8] # re-load input + movdqu 0x10($inp), @XMM[9] + pxor @XMM[8], @XMM[1] + movdqu 0x20($inp), @XMM[10] + pxor @XMM[9], @XMM[6] + movdqu 0x30($inp), @XMM[11] + pxor @XMM[10], @XMM[4] + movdqu 0x40($inp), @XMM[12] + pxor @XMM[11], @XMM[2] + movdqu 0x50($inp), @XMM[15] # IV + pxor @XMM[12], @XMM[7] + movdqu @XMM[0], 0x00($out) # write output + movdqu @XMM[1], 0x10($out) + movdqu @XMM[6], 0x20($out) + movdqu @XMM[4], 0x30($out) + movdqu @XMM[2], 0x40($out) + movdqu @XMM[7], 0x50($out) + jmp .Lcbc_dec_done +.align 16 +.Lcbc_dec_five: + movdqa @XMM[15], 0x20(%rbp) # put aside IV + call _bsaes_decrypt8 + pxor 0x20(%rbp), @XMM[0] # ^= IV + movdqu 0x00($inp), @XMM[8] # re-load input + movdqu 0x10($inp), @XMM[9] + pxor @XMM[8], @XMM[1] + movdqu 0x20($inp), @XMM[10] + pxor @XMM[9], @XMM[6] + movdqu 0x30($inp), @XMM[11] + pxor @XMM[10], @XMM[4] + movdqu 0x40($inp), @XMM[15] # IV + pxor @XMM[11], @XMM[2] + movdqu @XMM[0], 0x00($out) # write output + movdqu @XMM[1], 0x10($out) + movdqu @XMM[6], 0x20($out) + movdqu @XMM[4], 0x30($out) + movdqu @XMM[2], 0x40($out) + jmp .Lcbc_dec_done +.align 16 +.Lcbc_dec_four: + movdqa @XMM[15], 0x20(%rbp) # put aside IV + call _bsaes_decrypt8 + pxor 0x20(%rbp), @XMM[0] # ^= IV + movdqu 0x00($inp), @XMM[8] # re-load input + movdqu 0x10($inp), @XMM[9] + pxor @XMM[8], @XMM[1] + movdqu 0x20($inp), @XMM[10] + pxor @XMM[9], @XMM[6] + movdqu 0x30($inp), @XMM[15] # IV + pxor @XMM[10], @XMM[4] + movdqu @XMM[0], 0x00($out) # write output + movdqu @XMM[1], 0x10($out) + movdqu @XMM[6], 0x20($out) + movdqu @XMM[4], 0x30($out) + jmp .Lcbc_dec_done +.align 16 +.Lcbc_dec_three: + movdqa @XMM[15], 0x20(%rbp) # put aside IV + call _bsaes_decrypt8 + pxor 0x20(%rbp), @XMM[0] # ^= IV + movdqu 0x00($inp), @XMM[8] # re-load input + movdqu 0x10($inp), @XMM[9] + pxor @XMM[8], @XMM[1] + movdqu 0x20($inp), @XMM[15] # IV + pxor @XMM[9], @XMM[6] + movdqu @XMM[0], 0x00($out) # write output + movdqu @XMM[1], 0x10($out) + movdqu @XMM[6], 0x20($out) + jmp .Lcbc_dec_done +.align 16 +.Lcbc_dec_two: + movdqa @XMM[15], 0x20(%rbp) # put aside IV + call _bsaes_decrypt8 + pxor 0x20(%rbp), @XMM[0] # ^= IV + movdqu 0x00($inp), @XMM[8] # re-load input + movdqu 0x10($inp), @XMM[15] # IV + pxor @XMM[8], @XMM[1] + movdqu @XMM[0], 0x00($out) # write output + movdqu @XMM[1], 0x10($out) + jmp .Lcbc_dec_done +.align 16 +.Lcbc_dec_one: + lea ($inp), $arg1 + lea 0x20(%rbp), $arg2 # buffer output + lea ($key), $arg3 + call asm_AES_decrypt # doesn't touch %xmm + pxor 0x20(%rbp), @XMM[15] # ^= IV + movdqu @XMM[15], ($out) # write output + movdqa @XMM[0], @XMM[15] # IV + +.Lcbc_dec_done: + movdqu @XMM[15], (%rbx) # return IV + lea (%rsp), %rax + pxor %xmm0, %xmm0 +.Lcbc_dec_bzero: # wipe key schedule [if any] + movdqa %xmm0, 0x00(%rax) + movdqa %xmm0, 0x10(%rax) + lea 0x20(%rax), %rax + cmp %rax, %rbp + ja .Lcbc_dec_bzero + + lea (%rbp),%rsp # restore %rsp +___ +$code.=<<___ if ($win64); + movaps 0x40(%rbp), %xmm6 + movaps 0x50(%rbp), %xmm7 + movaps 0x60(%rbp), %xmm8 + movaps 0x70(%rbp), %xmm9 + movaps 0x80(%rbp), %xmm10 + movaps 0x90(%rbp), %xmm11 + movaps 0xa0(%rbp), %xmm12 + movaps 0xb0(%rbp), %xmm13 + movaps 0xc0(%rbp), %xmm14 + movaps 0xd0(%rbp), %xmm15 + lea 0xa0(%rbp), %rsp +___ +$code.=<<___; + mov 0x48(%rsp), %r15 + mov 0x50(%rsp), %r14 + mov 0x58(%rsp), %r13 + mov 0x60(%rsp), %r12 + mov 0x68(%rsp), %rbx + mov 0x70(%rsp), %rax + lea 0x78(%rsp), %rsp + mov %rax, %rbp +.Lcbc_dec_epilogue: + ret +.size bsaes_cbc_encrypt,.-bsaes_cbc_encrypt + +.globl bsaes_ctr32_encrypt_blocks +.type bsaes_ctr32_encrypt_blocks,\@abi-omnipotent +.align 16 +bsaes_ctr32_encrypt_blocks: + mov %rsp, %rax +.Lctr_enc_prologue: + push %rbp + push %rbx + push %r12 + push %r13 + push %r14 + push %r15 + lea -0x48(%rsp), %rsp +___ +$code.=<<___ if ($win64); + mov 0xa0(%rsp),$arg5 # pull ivp + lea -0xa0(%rsp), %rsp + movaps %xmm6, 0x40(%rsp) + movaps %xmm7, 0x50(%rsp) + movaps %xmm8, 0x60(%rsp) + movaps %xmm9, 0x70(%rsp) + movaps %xmm10, 0x80(%rsp) + movaps %xmm11, 0x90(%rsp) + movaps %xmm12, 0xa0(%rsp) + movaps %xmm13, 0xb0(%rsp) + movaps %xmm14, 0xc0(%rsp) + movaps %xmm15, 0xd0(%rsp) +.Lctr_enc_body: +___ +$code.=<<___; + mov %rsp, %rbp # backup %rsp + movdqu ($arg5), %xmm0 # load counter + mov 240($arg4), %eax # rounds + mov $arg1, $inp # backup arguments + mov $arg2, $out + mov $arg3, $len + mov $arg4, $key + movdqa %xmm0, 0x20(%rbp) # copy counter + cmp \$8, $arg3 + jb .Lctr_enc_short + + mov %eax, %ebx # rounds + shl \$7, %rax # 128 bytes per inner round key + sub \$`128-32`, %rax # size of bit-sliced key schedule + sub %rax, %rsp + + mov %rsp, %rax # pass key schedule + mov $key, %rcx # pass key + mov %ebx, %r10d # pass rounds + call _bsaes_key_convert + pxor %xmm6,%xmm7 # fix up last round key + movdqa %xmm7,(%rax) # save last round key + + movdqa (%rsp), @XMM[9] # load round0 key + lea .LADD1(%rip), %r11 + movdqa 0x20(%rbp), @XMM[0] # counter copy + movdqa -0x20(%r11), @XMM[8] # .LSWPUP + pshufb @XMM[8], @XMM[9] # byte swap upper part + pshufb @XMM[8], @XMM[0] + movdqa @XMM[9], (%rsp) # save adjusted round0 key + jmp .Lctr_enc_loop +.align 16 +.Lctr_enc_loop: + movdqa @XMM[0], 0x20(%rbp) # save counter + movdqa @XMM[0], @XMM[1] # prepare 8 counter values + movdqa @XMM[0], @XMM[2] + paddd 0x00(%r11), @XMM[1] # .LADD1 + movdqa @XMM[0], @XMM[3] + paddd 0x10(%r11), @XMM[2] # .LADD2 + movdqa @XMM[0], @XMM[4] + paddd 0x20(%r11), @XMM[3] # .LADD3 + movdqa @XMM[0], @XMM[5] + paddd 0x30(%r11), @XMM[4] # .LADD4 + movdqa @XMM[0], @XMM[6] + paddd 0x40(%r11), @XMM[5] # .LADD5 + movdqa @XMM[0], @XMM[7] + paddd 0x50(%r11), @XMM[6] # .LADD6 + paddd 0x60(%r11), @XMM[7] # .LADD7 + + # Borrow prologue from _bsaes_encrypt8 to use the opportunity + # to flip byte order in 32-bit counter + movdqa (%rsp), @XMM[9] # round 0 key + lea 0x10(%rsp), %rax # pass key schedule + movdqa -0x10(%r11), @XMM[8] # .LSWPUPM0SR + pxor @XMM[9], @XMM[0] # xor with round0 key + pxor @XMM[9], @XMM[1] + pshufb @XMM[8], @XMM[0] + pxor @XMM[9], @XMM[2] + pshufb @XMM[8], @XMM[1] + pxor @XMM[9], @XMM[3] + pshufb @XMM[8], @XMM[2] + pxor @XMM[9], @XMM[4] + pshufb @XMM[8], @XMM[3] + pxor @XMM[9], @XMM[5] + pshufb @XMM[8], @XMM[4] + pxor @XMM[9], @XMM[6] + pshufb @XMM[8], @XMM[5] + pxor @XMM[9], @XMM[7] + pshufb @XMM[8], @XMM[6] + lea .LBS0(%rip), %r11 # constants table + pshufb @XMM[8], @XMM[7] + mov %ebx,%r10d # pass rounds + + call _bsaes_encrypt8_bitslice + + sub \$8,$len + jc .Lctr_enc_loop_done + + movdqu 0x00($inp), @XMM[8] # load input + movdqu 0x10($inp), @XMM[9] + movdqu 0x20($inp), @XMM[10] + movdqu 0x30($inp), @XMM[11] + movdqu 0x40($inp), @XMM[12] + movdqu 0x50($inp), @XMM[13] + movdqu 0x60($inp), @XMM[14] + movdqu 0x70($inp), @XMM[15] + lea 0x80($inp),$inp + pxor @XMM[0], @XMM[8] + movdqa 0x20(%rbp), @XMM[0] # load counter + pxor @XMM[9], @XMM[1] + movdqu @XMM[8], 0x00($out) # write output + pxor @XMM[10], @XMM[4] + movdqu @XMM[1], 0x10($out) + pxor @XMM[11], @XMM[6] + movdqu @XMM[4], 0x20($out) + pxor @XMM[12], @XMM[3] + movdqu @XMM[6], 0x30($out) + pxor @XMM[13], @XMM[7] + movdqu @XMM[3], 0x40($out) + pxor @XMM[14], @XMM[2] + movdqu @XMM[7], 0x50($out) + pxor @XMM[15], @XMM[5] + movdqu @XMM[2], 0x60($out) + lea .LADD1(%rip), %r11 + movdqu @XMM[5], 0x70($out) + lea 0x80($out), $out + paddd 0x70(%r11), @XMM[0] # .LADD8 + jnz .Lctr_enc_loop + + jmp .Lctr_enc_done +.align 16 +.Lctr_enc_loop_done: + add \$8, $len + movdqu 0x00($inp), @XMM[8] # load input + pxor @XMM[8], @XMM[0] + movdqu @XMM[0], 0x00($out) # write output + cmp \$2,$len + jb .Lctr_enc_done + movdqu 0x10($inp), @XMM[9] + pxor @XMM[9], @XMM[1] + movdqu @XMM[1], 0x10($out) + je .Lctr_enc_done + movdqu 0x20($inp), @XMM[10] + pxor @XMM[10], @XMM[4] + movdqu @XMM[4], 0x20($out) + cmp \$4,$len + jb .Lctr_enc_done + movdqu 0x30($inp), @XMM[11] + pxor @XMM[11], @XMM[6] + movdqu @XMM[6], 0x30($out) + je .Lctr_enc_done + movdqu 0x40($inp), @XMM[12] + pxor @XMM[12], @XMM[3] + movdqu @XMM[3], 0x40($out) + cmp \$6,$len + jb .Lctr_enc_done + movdqu 0x50($inp), @XMM[13] + pxor @XMM[13], @XMM[7] + movdqu @XMM[7], 0x50($out) + je .Lctr_enc_done + movdqu 0x60($inp), @XMM[14] + pxor @XMM[14], @XMM[2] + movdqu @XMM[2], 0x60($out) + jmp .Lctr_enc_done + +.align 16 +.Lctr_enc_short: + lea 0x20(%rbp), $arg1 + lea 0x30(%rbp), $arg2 + lea ($key), $arg3 + call asm_AES_encrypt + movdqu ($inp), @XMM[1] + lea 16($inp), $inp + mov 0x2c(%rbp), %eax # load 32-bit counter + bswap %eax + pxor 0x30(%rbp), @XMM[1] + inc %eax # increment + movdqu @XMM[1], ($out) + bswap %eax + lea 16($out), $out + mov %eax, 0x2c(%rsp) # save 32-bit counter + dec $len + jnz .Lctr_enc_short + +.Lctr_enc_done: + lea (%rsp), %rax + pxor %xmm0, %xmm0 +.Lctr_enc_bzero: # wipe key schedule [if any] + movdqa %xmm0, 0x00(%rax) + movdqa %xmm0, 0x10(%rax) + lea 0x20(%rax), %rax + cmp %rax, %rbp + ja .Lctr_enc_bzero + + lea (%rbp),%rsp # restore %rsp +___ +$code.=<<___ if ($win64); + movaps 0x40(%rbp), %xmm6 + movaps 0x50(%rbp), %xmm7 + movaps 0x60(%rbp), %xmm8 + movaps 0x70(%rbp), %xmm9 + movaps 0x80(%rbp), %xmm10 + movaps 0x90(%rbp), %xmm11 + movaps 0xa0(%rbp), %xmm12 + movaps 0xb0(%rbp), %xmm13 + movaps 0xc0(%rbp), %xmm14 + movaps 0xd0(%rbp), %xmm15 + lea 0xa0(%rbp), %rsp +___ +$code.=<<___; + mov 0x48(%rsp), %r15 + mov 0x50(%rsp), %r14 + mov 0x58(%rsp), %r13 + mov 0x60(%rsp), %r12 + mov 0x68(%rsp), %rbx + mov 0x70(%rsp), %rax + lea 0x78(%rsp), %rsp + mov %rax, %rbp +.Lctr_enc_epilogue: + ret +.size bsaes_ctr32_encrypt_blocks,.-bsaes_ctr32_encrypt_blocks +___ +###################################################################### +# void bsaes_xts_[en|de]crypt(const char *inp,char *out,size_t len, +# const AES_KEY *key1, const AES_KEY *key2, +# const unsigned char iv[16]); +# +my ($twmask,$twres,$twtmp)=@XMM[13..15]; +$arg6=~s/d$//; + +$code.=<<___; +.globl bsaes_xts_encrypt +.type bsaes_xts_encrypt,\@abi-omnipotent +.align 16 +bsaes_xts_encrypt: + mov %rsp, %rax +.Lxts_enc_prologue: + push %rbp + push %rbx + push %r12 + push %r13 + push %r14 + push %r15 + lea -0x48(%rsp), %rsp +___ +$code.=<<___ if ($win64); + mov 0xa0(%rsp),$arg5 # pull key2 + mov 0xa8(%rsp),$arg6 # pull ivp + lea -0xa0(%rsp), %rsp + movaps %xmm6, 0x40(%rsp) + movaps %xmm7, 0x50(%rsp) + movaps %xmm8, 0x60(%rsp) + movaps %xmm9, 0x70(%rsp) + movaps %xmm10, 0x80(%rsp) + movaps %xmm11, 0x90(%rsp) + movaps %xmm12, 0xa0(%rsp) + movaps %xmm13, 0xb0(%rsp) + movaps %xmm14, 0xc0(%rsp) + movaps %xmm15, 0xd0(%rsp) +.Lxts_enc_body: +___ +$code.=<<___; + mov %rsp, %rbp # backup %rsp + mov $arg1, $inp # backup arguments + mov $arg2, $out + mov $arg3, $len + mov $arg4, $key + + lea ($arg6), $arg1 + lea 0x20(%rbp), $arg2 + lea ($arg5), $arg3 + call asm_AES_encrypt # generate initial tweak + + mov 240($key), %eax # rounds + mov $len, %rbx # backup $len + + mov %eax, %edx # rounds + shl \$7, %rax # 128 bytes per inner round key + sub \$`128-32`, %rax # size of bit-sliced key schedule + sub %rax, %rsp + + mov %rsp, %rax # pass key schedule + mov $key, %rcx # pass key + mov %edx, %r10d # pass rounds + call _bsaes_key_convert + pxor %xmm6, %xmm7 # fix up last round key + movdqa %xmm7, (%rax) # save last round key + + and \$-16, $len + sub \$0x80, %rsp # place for tweak[8] + movdqa 0x20(%rbp), @XMM[7] # initial tweak + + pxor $twtmp, $twtmp + movdqa .Lxts_magic(%rip), $twmask + pcmpgtd @XMM[7], $twtmp # broadcast upper bits + + sub \$0x80, $len + jc .Lxts_enc_short + jmp .Lxts_enc_loop + +.align 16 +.Lxts_enc_loop: +___ + for ($i=0;$i<7;$i++) { + $code.=<<___; + pshufd \$0x13, $twtmp, $twres + pxor $twtmp, $twtmp + movdqa @XMM[7], @XMM[$i] + movdqa @XMM[7], `0x10*$i`(%rsp)# save tweak[$i] + paddq @XMM[7], @XMM[7] # psllq 1,$tweak + pand $twmask, $twres # isolate carry and residue + pcmpgtd @XMM[7], $twtmp # broadcast upper bits + pxor $twres, @XMM[7] +___ + $code.=<<___ if ($i>=1); + movdqu `0x10*($i-1)`($inp), @XMM[8+$i-1] +___ + $code.=<<___ if ($i>=2); + pxor @XMM[8+$i-2], @XMM[$i-2]# input[] ^ tweak[] +___ + } +$code.=<<___; + movdqu 0x60($inp), @XMM[8+6] + pxor @XMM[8+5], @XMM[5] + movdqu 0x70($inp), @XMM[8+7] + lea 0x80($inp), $inp + movdqa @XMM[7], 0x70(%rsp) + pxor @XMM[8+6], @XMM[6] + lea 0x80(%rsp), %rax # pass key schedule + pxor @XMM[8+7], @XMM[7] + mov %edx, %r10d # pass rounds + + call _bsaes_encrypt8 + + pxor 0x00(%rsp), @XMM[0] # ^= tweak[] + pxor 0x10(%rsp), @XMM[1] + movdqu @XMM[0], 0x00($out) # write output + pxor 0x20(%rsp), @XMM[4] + movdqu @XMM[1], 0x10($out) + pxor 0x30(%rsp), @XMM[6] + movdqu @XMM[4], 0x20($out) + pxor 0x40(%rsp), @XMM[3] + movdqu @XMM[6], 0x30($out) + pxor 0x50(%rsp), @XMM[7] + movdqu @XMM[3], 0x40($out) + pxor 0x60(%rsp), @XMM[2] + movdqu @XMM[7], 0x50($out) + pxor 0x70(%rsp), @XMM[5] + movdqu @XMM[2], 0x60($out) + movdqu @XMM[5], 0x70($out) + lea 0x80($out), $out + + movdqa 0x70(%rsp), @XMM[7] # prepare next iteration tweak + pxor $twtmp, $twtmp + movdqa .Lxts_magic(%rip), $twmask + pcmpgtd @XMM[7], $twtmp + pshufd \$0x13, $twtmp, $twres + pxor $twtmp, $twtmp + paddq @XMM[7], @XMM[7] # psllq 1,$tweak + pand $twmask, $twres # isolate carry and residue + pcmpgtd @XMM[7], $twtmp # broadcast upper bits + pxor $twres, @XMM[7] + + sub \$0x80,$len + jnc .Lxts_enc_loop + +.Lxts_enc_short: + add \$0x80, $len + jz .Lxts_enc_done +___ + for ($i=0;$i<7;$i++) { + $code.=<<___; + pshufd \$0x13, $twtmp, $twres + pxor $twtmp, $twtmp + movdqa @XMM[7], @XMM[$i] + movdqa @XMM[7], `0x10*$i`(%rsp)# save tweak[$i] + paddq @XMM[7], @XMM[7] # psllq 1,$tweak + pand $twmask, $twres # isolate carry and residue + pcmpgtd @XMM[7], $twtmp # broadcast upper bits + pxor $twres, @XMM[7] +___ + $code.=<<___ if ($i>=1); + movdqu `0x10*($i-1)`($inp), @XMM[8+$i-1] + cmp \$`0x10*$i`,$len + je .Lxts_enc_$i +___ + $code.=<<___ if ($i>=2); + pxor @XMM[8+$i-2], @XMM[$i-2]# input[] ^ tweak[] +___ + } +$code.=<<___; + movdqu 0x60($inp), @XMM[8+6] + pxor @XMM[8+5], @XMM[5] + movdqa @XMM[7], 0x70(%rsp) + lea 0x70($inp), $inp + pxor @XMM[8+6], @XMM[6] + lea 0x80(%rsp), %rax # pass key schedule + mov %edx, %r10d # pass rounds + + call _bsaes_encrypt8 + + pxor 0x00(%rsp), @XMM[0] # ^= tweak[] + pxor 0x10(%rsp), @XMM[1] + movdqu @XMM[0], 0x00($out) # write output + pxor 0x20(%rsp), @XMM[4] + movdqu @XMM[1], 0x10($out) + pxor 0x30(%rsp), @XMM[6] + movdqu @XMM[4], 0x20($out) + pxor 0x40(%rsp), @XMM[3] + movdqu @XMM[6], 0x30($out) + pxor 0x50(%rsp), @XMM[7] + movdqu @XMM[3], 0x40($out) + pxor 0x60(%rsp), @XMM[2] + movdqu @XMM[7], 0x50($out) + movdqu @XMM[2], 0x60($out) + lea 0x70($out), $out + + movdqa 0x70(%rsp), @XMM[7] # next iteration tweak + jmp .Lxts_enc_done +.align 16 +.Lxts_enc_6: + pxor @XMM[8+4], @XMM[4] + lea 0x60($inp), $inp + pxor @XMM[8+5], @XMM[5] + lea 0x80(%rsp), %rax # pass key schedule + mov %edx, %r10d # pass rounds + + call _bsaes_encrypt8 + + pxor 0x00(%rsp), @XMM[0] # ^= tweak[] + pxor 0x10(%rsp), @XMM[1] + movdqu @XMM[0], 0x00($out) # write output + pxor 0x20(%rsp), @XMM[4] + movdqu @XMM[1], 0x10($out) + pxor 0x30(%rsp), @XMM[6] + movdqu @XMM[4], 0x20($out) + pxor 0x40(%rsp), @XMM[3] + movdqu @XMM[6], 0x30($out) + pxor 0x50(%rsp), @XMM[7] + movdqu @XMM[3], 0x40($out) + movdqu @XMM[7], 0x50($out) + lea 0x60($out), $out + + movdqa 0x60(%rsp), @XMM[7] # next iteration tweak + jmp .Lxts_enc_done +.align 16 +.Lxts_enc_5: + pxor @XMM[8+3], @XMM[3] + lea 0x50($inp), $inp + pxor @XMM[8+4], @XMM[4] + lea 0x80(%rsp), %rax # pass key schedule + mov %edx, %r10d # pass rounds + + call _bsaes_encrypt8 + + pxor 0x00(%rsp), @XMM[0] # ^= tweak[] + pxor 0x10(%rsp), @XMM[1] + movdqu @XMM[0], 0x00($out) # write output + pxor 0x20(%rsp), @XMM[4] + movdqu @XMM[1], 0x10($out) + pxor 0x30(%rsp), @XMM[6] + movdqu @XMM[4], 0x20($out) + pxor 0x40(%rsp), @XMM[3] + movdqu @XMM[6], 0x30($out) + movdqu @XMM[3], 0x40($out) + lea 0x50($out), $out + + movdqa 0x50(%rsp), @XMM[7] # next iteration tweak + jmp .Lxts_enc_done +.align 16 +.Lxts_enc_4: + pxor @XMM[8+2], @XMM[2] + lea 0x40($inp), $inp + pxor @XMM[8+3], @XMM[3] + lea 0x80(%rsp), %rax # pass key schedule + mov %edx, %r10d # pass rounds + + call _bsaes_encrypt8 + + pxor 0x00(%rsp), @XMM[0] # ^= tweak[] + pxor 0x10(%rsp), @XMM[1] + movdqu @XMM[0], 0x00($out) # write output + pxor 0x20(%rsp), @XMM[4] + movdqu @XMM[1], 0x10($out) + pxor 0x30(%rsp), @XMM[6] + movdqu @XMM[4], 0x20($out) + movdqu @XMM[6], 0x30($out) + lea 0x40($out), $out + + movdqa 0x40(%rsp), @XMM[7] # next iteration tweak + jmp .Lxts_enc_done +.align 16 +.Lxts_enc_3: + pxor @XMM[8+1], @XMM[1] + lea 0x30($inp), $inp + pxor @XMM[8+2], @XMM[2] + lea 0x80(%rsp), %rax # pass key schedule + mov %edx, %r10d # pass rounds + + call _bsaes_encrypt8 + + pxor 0x00(%rsp), @XMM[0] # ^= tweak[] + pxor 0x10(%rsp), @XMM[1] + movdqu @XMM[0], 0x00($out) # write output + pxor 0x20(%rsp), @XMM[4] + movdqu @XMM[1], 0x10($out) + movdqu @XMM[4], 0x20($out) + lea 0x30($out), $out + + movdqa 0x30(%rsp), @XMM[7] # next iteration tweak + jmp .Lxts_enc_done +.align 16 +.Lxts_enc_2: + pxor @XMM[8+0], @XMM[0] + lea 0x20($inp), $inp + pxor @XMM[8+1], @XMM[1] + lea 0x80(%rsp), %rax # pass key schedule + mov %edx, %r10d # pass rounds + + call _bsaes_encrypt8 + + pxor 0x00(%rsp), @XMM[0] # ^= tweak[] + pxor 0x10(%rsp), @XMM[1] + movdqu @XMM[0], 0x00($out) # write output + movdqu @XMM[1], 0x10($out) + lea 0x20($out), $out + + movdqa 0x20(%rsp), @XMM[7] # next iteration tweak + jmp .Lxts_enc_done +.align 16 +.Lxts_enc_1: + pxor @XMM[0], @XMM[8] + lea 0x10($inp), $inp + movdqa @XMM[8], 0x20(%rbp) + lea 0x20(%rbp), $arg1 + lea 0x20(%rbp), $arg2 + lea ($key), $arg3 + call asm_AES_encrypt # doesn't touch %xmm + pxor 0x20(%rbp), @XMM[0] # ^= tweak[] + #pxor @XMM[8], @XMM[0] + #lea 0x80(%rsp), %rax # pass key schedule + #mov %edx, %r10d # pass rounds + #call _bsaes_encrypt8 + #pxor 0x00(%rsp), @XMM[0] # ^= tweak[] + movdqu @XMM[0], 0x00($out) # write output + lea 0x10($out), $out + + movdqa 0x10(%rsp), @XMM[7] # next iteration tweak + +.Lxts_enc_done: + and \$15, %ebx + jz .Lxts_enc_ret + mov $out, %rdx + +.Lxts_enc_steal: + movzb ($inp), %eax + movzb -16(%rdx), %ecx + lea 1($inp), $inp + mov %al, -16(%rdx) + mov %cl, 0(%rdx) + lea 1(%rdx), %rdx + sub \$1,%ebx + jnz .Lxts_enc_steal + + movdqu -16($out), @XMM[0] + lea 0x20(%rbp), $arg1 + pxor @XMM[7], @XMM[0] + lea 0x20(%rbp), $arg2 + movdqa @XMM[0], 0x20(%rbp) + lea ($key), $arg3 + call asm_AES_encrypt # doesn't touch %xmm + pxor 0x20(%rbp), @XMM[7] + movdqu @XMM[7], -16($out) + +.Lxts_enc_ret: + lea (%rsp), %rax + pxor %xmm0, %xmm0 +.Lxts_enc_bzero: # wipe key schedule [if any] + movdqa %xmm0, 0x00(%rax) + movdqa %xmm0, 0x10(%rax) + lea 0x20(%rax), %rax + cmp %rax, %rbp + ja .Lxts_enc_bzero + + lea (%rbp),%rsp # restore %rsp +___ +$code.=<<___ if ($win64); + movaps 0x40(%rbp), %xmm6 + movaps 0x50(%rbp), %xmm7 + movaps 0x60(%rbp), %xmm8 + movaps 0x70(%rbp), %xmm9 + movaps 0x80(%rbp), %xmm10 + movaps 0x90(%rbp), %xmm11 + movaps 0xa0(%rbp), %xmm12 + movaps 0xb0(%rbp), %xmm13 + movaps 0xc0(%rbp), %xmm14 + movaps 0xd0(%rbp), %xmm15 + lea 0xa0(%rbp), %rsp +___ +$code.=<<___; + mov 0x48(%rsp), %r15 + mov 0x50(%rsp), %r14 + mov 0x58(%rsp), %r13 + mov 0x60(%rsp), %r12 + mov 0x68(%rsp), %rbx + mov 0x70(%rsp), %rax + lea 0x78(%rsp), %rsp + mov %rax, %rbp +.Lxts_enc_epilogue: + ret +.size bsaes_xts_encrypt,.-bsaes_xts_encrypt + +.globl bsaes_xts_decrypt +.type bsaes_xts_decrypt,\@abi-omnipotent +.align 16 +bsaes_xts_decrypt: + mov %rsp, %rax +.Lxts_dec_prologue: + push %rbp + push %rbx + push %r12 + push %r13 + push %r14 + push %r15 + lea -0x48(%rsp), %rsp +___ +$code.=<<___ if ($win64); + mov 0xa0(%rsp),$arg5 # pull key2 + mov 0xa8(%rsp),$arg6 # pull ivp + lea -0xa0(%rsp), %rsp + movaps %xmm6, 0x40(%rsp) + movaps %xmm7, 0x50(%rsp) + movaps %xmm8, 0x60(%rsp) + movaps %xmm9, 0x70(%rsp) + movaps %xmm10, 0x80(%rsp) + movaps %xmm11, 0x90(%rsp) + movaps %xmm12, 0xa0(%rsp) + movaps %xmm13, 0xb0(%rsp) + movaps %xmm14, 0xc0(%rsp) + movaps %xmm15, 0xd0(%rsp) +.Lxts_dec_body: +___ +$code.=<<___; + mov %rsp, %rbp # backup %rsp + mov $arg1, $inp # backup arguments + mov $arg2, $out + mov $arg3, $len + mov $arg4, $key + + lea ($arg6), $arg1 + lea 0x20(%rbp), $arg2 + lea ($arg5), $arg3 + call asm_AES_encrypt # generate initial tweak + + mov 240($key), %eax # rounds + mov $len, %rbx # backup $len + + mov %eax, %edx # rounds + shl \$7, %rax # 128 bytes per inner round key + sub \$`128-32`, %rax # size of bit-sliced key schedule + sub %rax, %rsp + + mov %rsp, %rax # pass key schedule + mov $key, %rcx # pass key + mov %edx, %r10d # pass rounds + call _bsaes_key_convert + pxor (%rsp), %xmm7 # fix up round 0 key + movdqa %xmm6, (%rax) # save last round key + movdqa %xmm7, (%rsp) + + xor %eax, %eax # if ($len%16) len-=16; + and \$-16, $len + test \$15, %ebx + setnz %al + shl \$4, %rax + sub %rax, $len + + sub \$0x80, %rsp # place for tweak[8] + movdqa 0x20(%rbp), @XMM[7] # initial tweak + + pxor $twtmp, $twtmp + movdqa .Lxts_magic(%rip), $twmask + pcmpgtd @XMM[7], $twtmp # broadcast upper bits + + sub \$0x80, $len + jc .Lxts_dec_short + jmp .Lxts_dec_loop + +.align 16 +.Lxts_dec_loop: +___ + for ($i=0;$i<7;$i++) { + $code.=<<___; + pshufd \$0x13, $twtmp, $twres + pxor $twtmp, $twtmp + movdqa @XMM[7], @XMM[$i] + movdqa @XMM[7], `0x10*$i`(%rsp)# save tweak[$i] + paddq @XMM[7], @XMM[7] # psllq 1,$tweak + pand $twmask, $twres # isolate carry and residue + pcmpgtd @XMM[7], $twtmp # broadcast upper bits + pxor $twres, @XMM[7] +___ + $code.=<<___ if ($i>=1); + movdqu `0x10*($i-1)`($inp), @XMM[8+$i-1] +___ + $code.=<<___ if ($i>=2); + pxor @XMM[8+$i-2], @XMM[$i-2]# input[] ^ tweak[] +___ + } +$code.=<<___; + movdqu 0x60($inp), @XMM[8+6] + pxor @XMM[8+5], @XMM[5] + movdqu 0x70($inp), @XMM[8+7] + lea 0x80($inp), $inp + movdqa @XMM[7], 0x70(%rsp) + pxor @XMM[8+6], @XMM[6] + lea 0x80(%rsp), %rax # pass key schedule + pxor @XMM[8+7], @XMM[7] + mov %edx, %r10d # pass rounds + + call _bsaes_decrypt8 + + pxor 0x00(%rsp), @XMM[0] # ^= tweak[] + pxor 0x10(%rsp), @XMM[1] + movdqu @XMM[0], 0x00($out) # write output + pxor 0x20(%rsp), @XMM[6] + movdqu @XMM[1], 0x10($out) + pxor 0x30(%rsp), @XMM[4] + movdqu @XMM[6], 0x20($out) + pxor 0x40(%rsp), @XMM[2] + movdqu @XMM[4], 0x30($out) + pxor 0x50(%rsp), @XMM[7] + movdqu @XMM[2], 0x40($out) + pxor 0x60(%rsp), @XMM[3] + movdqu @XMM[7], 0x50($out) + pxor 0x70(%rsp), @XMM[5] + movdqu @XMM[3], 0x60($out) + movdqu @XMM[5], 0x70($out) + lea 0x80($out), $out + + movdqa 0x70(%rsp), @XMM[7] # prepare next iteration tweak + pxor $twtmp, $twtmp + movdqa .Lxts_magic(%rip), $twmask + pcmpgtd @XMM[7], $twtmp + pshufd \$0x13, $twtmp, $twres + pxor $twtmp, $twtmp + paddq @XMM[7], @XMM[7] # psllq 1,$tweak + pand $twmask, $twres # isolate carry and residue + pcmpgtd @XMM[7], $twtmp # broadcast upper bits + pxor $twres, @XMM[7] + + sub \$0x80,$len + jnc .Lxts_dec_loop + +.Lxts_dec_short: + add \$0x80, $len + jz .Lxts_dec_done +___ + for ($i=0;$i<7;$i++) { + $code.=<<___; + pshufd \$0x13, $twtmp, $twres + pxor $twtmp, $twtmp + movdqa @XMM[7], @XMM[$i] + movdqa @XMM[7], `0x10*$i`(%rsp)# save tweak[$i] + paddq @XMM[7], @XMM[7] # psllq 1,$tweak + pand $twmask, $twres # isolate carry and residue + pcmpgtd @XMM[7], $twtmp # broadcast upper bits + pxor $twres, @XMM[7] +___ + $code.=<<___ if ($i>=1); + movdqu `0x10*($i-1)`($inp), @XMM[8+$i-1] + cmp \$`0x10*$i`,$len + je .Lxts_dec_$i +___ + $code.=<<___ if ($i>=2); + pxor @XMM[8+$i-2], @XMM[$i-2]# input[] ^ tweak[] +___ + } +$code.=<<___; + movdqu 0x60($inp), @XMM[8+6] + pxor @XMM[8+5], @XMM[5] + movdqa @XMM[7], 0x70(%rsp) + lea 0x70($inp), $inp + pxor @XMM[8+6], @XMM[6] + lea 0x80(%rsp), %rax # pass key schedule + mov %edx, %r10d # pass rounds + + call _bsaes_decrypt8 + + pxor 0x00(%rsp), @XMM[0] # ^= tweak[] + pxor 0x10(%rsp), @XMM[1] + movdqu @XMM[0], 0x00($out) # write output + pxor 0x20(%rsp), @XMM[6] + movdqu @XMM[1], 0x10($out) + pxor 0x30(%rsp), @XMM[4] + movdqu @XMM[6], 0x20($out) + pxor 0x40(%rsp), @XMM[2] + movdqu @XMM[4], 0x30($out) + pxor 0x50(%rsp), @XMM[7] + movdqu @XMM[2], 0x40($out) + pxor 0x60(%rsp), @XMM[3] + movdqu @XMM[7], 0x50($out) + movdqu @XMM[3], 0x60($out) + lea 0x70($out), $out + + movdqa 0x70(%rsp), @XMM[7] # next iteration tweak + jmp .Lxts_dec_done +.align 16 +.Lxts_dec_6: + pxor @XMM[8+4], @XMM[4] + lea 0x60($inp), $inp + pxor @XMM[8+5], @XMM[5] + lea 0x80(%rsp), %rax # pass key schedule + mov %edx, %r10d # pass rounds + + call _bsaes_decrypt8 + + pxor 0x00(%rsp), @XMM[0] # ^= tweak[] + pxor 0x10(%rsp), @XMM[1] + movdqu @XMM[0], 0x00($out) # write output + pxor 0x20(%rsp), @XMM[6] + movdqu @XMM[1], 0x10($out) + pxor 0x30(%rsp), @XMM[4] + movdqu @XMM[6], 0x20($out) + pxor 0x40(%rsp), @XMM[2] + movdqu @XMM[4], 0x30($out) + pxor 0x50(%rsp), @XMM[7] + movdqu @XMM[2], 0x40($out) + movdqu @XMM[7], 0x50($out) + lea 0x60($out), $out + + movdqa 0x60(%rsp), @XMM[7] # next iteration tweak + jmp .Lxts_dec_done +.align 16 +.Lxts_dec_5: + pxor @XMM[8+3], @XMM[3] + lea 0x50($inp), $inp + pxor @XMM[8+4], @XMM[4] + lea 0x80(%rsp), %rax # pass key schedule + mov %edx, %r10d # pass rounds + + call _bsaes_decrypt8 + + pxor 0x00(%rsp), @XMM[0] # ^= tweak[] + pxor 0x10(%rsp), @XMM[1] + movdqu @XMM[0], 0x00($out) # write output + pxor 0x20(%rsp), @XMM[6] + movdqu @XMM[1], 0x10($out) + pxor 0x30(%rsp), @XMM[4] + movdqu @XMM[6], 0x20($out) + pxor 0x40(%rsp), @XMM[2] + movdqu @XMM[4], 0x30($out) + movdqu @XMM[2], 0x40($out) + lea 0x50($out), $out + + movdqa 0x50(%rsp), @XMM[7] # next iteration tweak + jmp .Lxts_dec_done +.align 16 +.Lxts_dec_4: + pxor @XMM[8+2], @XMM[2] + lea 0x40($inp), $inp + pxor @XMM[8+3], @XMM[3] + lea 0x80(%rsp), %rax # pass key schedule + mov %edx, %r10d # pass rounds + + call _bsaes_decrypt8 + + pxor 0x00(%rsp), @XMM[0] # ^= tweak[] + pxor 0x10(%rsp), @XMM[1] + movdqu @XMM[0], 0x00($out) # write output + pxor 0x20(%rsp), @XMM[6] + movdqu @XMM[1], 0x10($out) + pxor 0x30(%rsp), @XMM[4] + movdqu @XMM[6], 0x20($out) + movdqu @XMM[4], 0x30($out) + lea 0x40($out), $out + + movdqa 0x40(%rsp), @XMM[7] # next iteration tweak + jmp .Lxts_dec_done +.align 16 +.Lxts_dec_3: + pxor @XMM[8+1], @XMM[1] + lea 0x30($inp), $inp + pxor @XMM[8+2], @XMM[2] + lea 0x80(%rsp), %rax # pass key schedule + mov %edx, %r10d # pass rounds + + call _bsaes_decrypt8 + + pxor 0x00(%rsp), @XMM[0] # ^= tweak[] + pxor 0x10(%rsp), @XMM[1] + movdqu @XMM[0], 0x00($out) # write output + pxor 0x20(%rsp), @XMM[6] + movdqu @XMM[1], 0x10($out) + movdqu @XMM[6], 0x20($out) + lea 0x30($out), $out + + movdqa 0x30(%rsp), @XMM[7] # next iteration tweak + jmp .Lxts_dec_done +.align 16 +.Lxts_dec_2: + pxor @XMM[8+0], @XMM[0] + lea 0x20($inp), $inp + pxor @XMM[8+1], @XMM[1] + lea 0x80(%rsp), %rax # pass key schedule + mov %edx, %r10d # pass rounds + + call _bsaes_decrypt8 + + pxor 0x00(%rsp), @XMM[0] # ^= tweak[] + pxor 0x10(%rsp), @XMM[1] + movdqu @XMM[0], 0x00($out) # write output + movdqu @XMM[1], 0x10($out) + lea 0x20($out), $out + + movdqa 0x20(%rsp), @XMM[7] # next iteration tweak + jmp .Lxts_dec_done +.align 16 +.Lxts_dec_1: + pxor @XMM[0], @XMM[8] + lea 0x10($inp), $inp + movdqa @XMM[8], 0x20(%rbp) + lea 0x20(%rbp), $arg1 + lea 0x20(%rbp), $arg2 + lea ($key), $arg3 + call asm_AES_decrypt # doesn't touch %xmm + pxor 0x20(%rbp), @XMM[0] # ^= tweak[] + #pxor @XMM[8], @XMM[0] + #lea 0x80(%rsp), %rax # pass key schedule + #mov %edx, %r10d # pass rounds + #call _bsaes_decrypt8 + #pxor 0x00(%rsp), @XMM[0] # ^= tweak[] + movdqu @XMM[0], 0x00($out) # write output + lea 0x10($out), $out + + movdqa 0x10(%rsp), @XMM[7] # next iteration tweak + +.Lxts_dec_done: + and \$15, %ebx + jz .Lxts_dec_ret + + pxor $twtmp, $twtmp + movdqa .Lxts_magic(%rip), $twmask + pcmpgtd @XMM[7], $twtmp + pshufd \$0x13, $twtmp, $twres + movdqa @XMM[7], @XMM[6] + paddq @XMM[7], @XMM[7] # psllq 1,$tweak + pand $twmask, $twres # isolate carry and residue + movdqu ($inp), @XMM[0] + pxor $twres, @XMM[7] + + lea 0x20(%rbp), $arg1 + pxor @XMM[7], @XMM[0] + lea 0x20(%rbp), $arg2 + movdqa @XMM[0], 0x20(%rbp) + lea ($key), $arg3 + call asm_AES_decrypt # doesn't touch %xmm + pxor 0x20(%rbp), @XMM[7] + mov $out, %rdx + movdqu @XMM[7], ($out) + +.Lxts_dec_steal: + movzb 16($inp), %eax + movzb (%rdx), %ecx + lea 1($inp), $inp + mov %al, (%rdx) + mov %cl, 16(%rdx) + lea 1(%rdx), %rdx + sub \$1,%ebx + jnz .Lxts_dec_steal + + movdqu ($out), @XMM[0] + lea 0x20(%rbp), $arg1 + pxor @XMM[6], @XMM[0] + lea 0x20(%rbp), $arg2 + movdqa @XMM[0], 0x20(%rbp) + lea ($key), $arg3 + call asm_AES_decrypt # doesn't touch %xmm + pxor 0x20(%rbp), @XMM[6] + movdqu @XMM[6], ($out) + +.Lxts_dec_ret: + lea (%rsp), %rax + pxor %xmm0, %xmm0 +.Lxts_dec_bzero: # wipe key schedule [if any] + movdqa %xmm0, 0x00(%rax) + movdqa %xmm0, 0x10(%rax) + lea 0x20(%rax), %rax + cmp %rax, %rbp + ja .Lxts_dec_bzero + + lea (%rbp),%rsp # restore %rsp +___ +$code.=<<___ if ($win64); + movaps 0x40(%rbp), %xmm6 + movaps 0x50(%rbp), %xmm7 + movaps 0x60(%rbp), %xmm8 + movaps 0x70(%rbp), %xmm9 + movaps 0x80(%rbp), %xmm10 + movaps 0x90(%rbp), %xmm11 + movaps 0xa0(%rbp), %xmm12 + movaps 0xb0(%rbp), %xmm13 + movaps 0xc0(%rbp), %xmm14 + movaps 0xd0(%rbp), %xmm15 + lea 0xa0(%rbp), %rsp +___ +$code.=<<___; + mov 0x48(%rsp), %r15 + mov 0x50(%rsp), %r14 + mov 0x58(%rsp), %r13 + mov 0x60(%rsp), %r12 + mov 0x68(%rsp), %rbx + mov 0x70(%rsp), %rax + lea 0x78(%rsp), %rsp + mov %rax, %rbp +.Lxts_dec_epilogue: + ret +.size bsaes_xts_decrypt,.-bsaes_xts_decrypt +___ +} +$code.=<<___; +.type _bsaes_const,\@object +.align 64 +_bsaes_const: +.LM0ISR: # InvShiftRows constants + .quad 0x0a0e0206070b0f03, 0x0004080c0d010509 +.LISRM0: + .quad 0x01040b0e0205080f, 0x0306090c00070a0d +.LISR: + .quad 0x0504070602010003, 0x0f0e0d0c080b0a09 +.LBS0: # bit-slice constants + .quad 0x5555555555555555, 0x5555555555555555 +.LBS1: + .quad 0x3333333333333333, 0x3333333333333333 +.LBS2: + .quad 0x0f0f0f0f0f0f0f0f, 0x0f0f0f0f0f0f0f0f +.LSR: # shiftrows constants + .quad 0x0504070600030201, 0x0f0e0d0c0a09080b +.LSRM0: + .quad 0x0304090e00050a0f, 0x01060b0c0207080d +.LM0SR: + .quad 0x0a0e02060f03070b, 0x0004080c05090d01 +.LSWPUP: # byte-swap upper dword + .quad 0x0706050403020100, 0x0c0d0e0f0b0a0908 +.LSWPUPM0SR: + .quad 0x0a0d02060c03070b, 0x0004080f05090e01 +.LADD1: # counter increment constants + .quad 0x0000000000000000, 0x0000000100000000 +.LADD2: + .quad 0x0000000000000000, 0x0000000200000000 +.LADD3: + .quad 0x0000000000000000, 0x0000000300000000 +.LADD4: + .quad 0x0000000000000000, 0x0000000400000000 +.LADD5: + .quad 0x0000000000000000, 0x0000000500000000 +.LADD6: + .quad 0x0000000000000000, 0x0000000600000000 +.LADD7: + .quad 0x0000000000000000, 0x0000000700000000 +.LADD8: + .quad 0x0000000000000000, 0x0000000800000000 +.Lxts_magic: + .long 0x87,0,1,0 +.Lmasks: + .quad 0x0101010101010101, 0x0101010101010101 + .quad 0x0202020202020202, 0x0202020202020202 + .quad 0x0404040404040404, 0x0404040404040404 + .quad 0x0808080808080808, 0x0808080808080808 +.LM0: + .quad 0x02060a0e03070b0f, 0x0004080c0105090d +.L63: + .quad 0x6363636363636363, 0x6363636363636363 +.asciz "Bit-sliced AES for x86_64/SSSE3, Emilia Käsper, Peter Schwabe, Andy Polyakov" +.align 64 +.size _bsaes_const,.-_bsaes_const +___ + +# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, +# CONTEXT *context,DISPATCHER_CONTEXT *disp) +if ($win64) { +$rec="%rcx"; +$frame="%rdx"; +$context="%r8"; +$disp="%r9"; + +$code.=<<___; +.extern __imp_RtlVirtualUnwind +.type se_handler,\@abi-omnipotent +.align 16 +se_handler: + push %rsi + push %rdi + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + pushfq + sub \$64,%rsp + + mov 120($context),%rax # pull context->Rax + mov 248($context),%rbx # pull context->Rip + + mov 8($disp),%rsi # disp->ImageBase + mov 56($disp),%r11 # disp->HandlerData + + mov 0(%r11),%r10d # HandlerData[0] + lea (%rsi,%r10),%r10 # prologue label + cmp %r10,%rbx # context->RipRsp + + mov 4(%r11),%r10d # HandlerData[1] + lea (%rsi,%r10),%r10 # epilogue label + cmp %r10,%rbx # context->Rip>=epilogue label + jae .Lin_prologue + + mov 160($context),%rax # pull context->Rbp + + lea 0x40(%rax),%rsi # %xmm save area + lea 512($context),%rdi # &context.Xmm6 + mov \$20,%ecx # 10*sizeof(%xmm0)/sizeof(%rax) + .long 0xa548f3fc # cld; rep movsq + lea 0xa0(%rax),%rax # adjust stack pointer + + mov 0x70(%rax),%rbp + mov 0x68(%rax),%rbx + mov 0x60(%rax),%r12 + mov 0x58(%rax),%r13 + mov 0x50(%rax),%r14 + mov 0x48(%rax),%r15 + lea 0x78(%rax),%rax # adjust stack pointer + mov %rbx,144($context) # restore context->Rbx + mov %rbp,160($context) # restore context->Rbp + mov %r12,216($context) # restore context->R12 + mov %r13,224($context) # restore context->R13 + mov %r14,232($context) # restore context->R14 + mov %r15,240($context) # restore context->R15 + +.Lin_prologue: + mov %rax,152($context) # restore context->Rsp + + mov 40($disp),%rdi # disp->ContextRecord + mov $context,%rsi # context + mov \$`1232/8`,%ecx # sizeof(CONTEXT) + .long 0xa548f3fc # cld; rep movsq + + mov $disp,%rsi + xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER + mov 8(%rsi),%rdx # arg2, disp->ImageBase + mov 0(%rsi),%r8 # arg3, disp->ControlPc + mov 16(%rsi),%r9 # arg4, disp->FunctionEntry + mov 40(%rsi),%r10 # disp->ContextRecord + lea 56(%rsi),%r11 # &disp->HandlerData + lea 24(%rsi),%r12 # &disp->EstablisherFrame + mov %r10,32(%rsp) # arg5 + mov %r11,40(%rsp) # arg6 + mov %r12,48(%rsp) # arg7 + mov %rcx,56(%rsp) # arg8, (NULL) + call *__imp_RtlVirtualUnwind(%rip) + + mov \$1,%eax # ExceptionContinueSearch + add \$64,%rsp + popfq + pop %r15 + pop %r14 + pop %r13 + pop %r12 + pop %rbp + pop %rbx + pop %rdi + pop %rsi + ret +.size se_handler,.-se_handler + +.section .pdata +.align 4 +___ +$code.=<<___ if ($ecb); + .rva .Lecb_enc_prologue + .rva .Lecb_enc_epilogue + .rva .Lecb_enc_info + + .rva .Lecb_dec_prologue + .rva .Lecb_dec_epilogue + .rva .Lecb_dec_info +___ +$code.=<<___; + .rva .Lcbc_dec_prologue + .rva .Lcbc_dec_epilogue + .rva .Lcbc_dec_info + + .rva .Lctr_enc_prologue + .rva .Lctr_enc_epilogue + .rva .Lctr_enc_info + + .rva .Lxts_enc_prologue + .rva .Lxts_enc_epilogue + .rva .Lxts_enc_info + + .rva .Lxts_dec_prologue + .rva .Lxts_dec_epilogue + .rva .Lxts_dec_info + +.section .xdata +.align 8 +___ +$code.=<<___ if ($ecb); +.Lecb_enc_info: + .byte 9,0,0,0 + .rva se_handler + .rva .Lecb_enc_body,.Lecb_enc_epilogue # HandlerData[] +.Lecb_dec_info: + .byte 9,0,0,0 + .rva se_handler + .rva .Lecb_dec_body,.Lecb_dec_epilogue # HandlerData[] +___ +$code.=<<___; +.Lcbc_dec_info: + .byte 9,0,0,0 + .rva se_handler + .rva .Lcbc_dec_body,.Lcbc_dec_epilogue # HandlerData[] +.Lctr_enc_info: + .byte 9,0,0,0 + .rva se_handler + .rva .Lctr_enc_body,.Lctr_enc_epilogue # HandlerData[] +.Lxts_enc_info: + .byte 9,0,0,0 + .rva se_handler + .rva .Lxts_enc_body,.Lxts_enc_epilogue # HandlerData[] +.Lxts_dec_info: + .byte 9,0,0,0 + .rva se_handler + .rva .Lxts_dec_body,.Lxts_dec_epilogue # HandlerData[] +___ +} + +$code =~ s/\`([^\`]*)\`/eval($1)/gem; + +print $code; + +close STDOUT; diff --git a/src/lib/libcrypto/aes/asm/vpaes-x86.pl b/src/lib/libcrypto/aes/asm/vpaes-x86.pl new file mode 100644 index 00000000000..1533e2c3042 --- /dev/null +++ b/src/lib/libcrypto/aes/asm/vpaes-x86.pl @@ -0,0 +1,903 @@ +#!/usr/bin/env perl + +###################################################################### +## Constant-time SSSE3 AES core implementation. +## version 0.1 +## +## By Mike Hamburg (Stanford University), 2009 +## Public domain. +## +## For details see http://shiftleft.org/papers/vector_aes/ and +## http://crypto.stanford.edu/vpaes/. + +###################################################################### +# September 2011. +# +# Port vpaes-x86_64.pl as 32-bit "almost" drop-in replacement for +# aes-586.pl. "Almost" refers to the fact that AES_cbc_encrypt +# doesn't handle partial vectors (doesn't have to if called from +# EVP only). "Drop-in" implies that this module doesn't share key +# schedule structure with the original nor does it make assumption +# about its alignment... +# +# Performance summary. aes-586.pl column lists large-block CBC +# encrypt/decrypt/with-hyper-threading-off(*) results in cycles per +# byte processed with 128-bit key, and vpaes-x86.pl column - [also +# large-block CBC] encrypt/decrypt. +# +# aes-586.pl vpaes-x86.pl +# +# Core 2(**) 29.1/42.3/18.3 22.0/25.6(***) +# Nehalem 27.9/40.4/18.1 10.3/12.0 +# Atom 102./119./60.1 64.5/85.3(***) +# +# (*) "Hyper-threading" in the context refers rather to cache shared +# among multiple cores, than to specifically Intel HTT. As vast +# majority of contemporary cores share cache, slower code path +# is common place. In other words "with-hyper-threading-off" +# results are presented mostly for reference purposes. +# +# (**) "Core 2" refers to initial 65nm design, a.k.a. Conroe. +# +# (***) Less impressive improvement on Core 2 and Atom is due to slow +# pshufb, yet it's respectable +32%/65% improvement on Core 2 +# and +58%/40% on Atom (as implied, over "hyper-threading-safe" +# code path). +# +# + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +push(@INC,"${dir}","${dir}../../perlasm"); +require "x86asm.pl"; + +&asm_init($ARGV[0],"vpaes-x86.pl",$x86only = $ARGV[$#ARGV] eq "386"); + +$PREFIX="vpaes"; + +my ($round, $base, $magic, $key, $const, $inp, $out)= + ("eax", "ebx", "ecx", "edx","ebp", "esi","edi"); + +&static_label("_vpaes_consts"); +&static_label("_vpaes_schedule_low_round"); + +&set_label("_vpaes_consts",64); +$k_inv=-0x30; # inv, inva + &data_word(0x0D080180,0x0E05060F,0x0A0B0C02,0x04070309); + &data_word(0x0F0B0780,0x01040A06,0x02050809,0x030D0E0C); + +$k_s0F=-0x10; # s0F + &data_word(0x0F0F0F0F,0x0F0F0F0F,0x0F0F0F0F,0x0F0F0F0F); + +$k_ipt=0x00; # input transform (lo, hi) + &data_word(0x5A2A7000,0xC2B2E898,0x52227808,0xCABAE090); + &data_word(0x317C4D00,0x4C01307D,0xB0FDCC81,0xCD80B1FC); + +$k_sb1=0x20; # sb1u, sb1t + &data_word(0xCB503E00,0xB19BE18F,0x142AF544,0xA5DF7A6E); + &data_word(0xFAE22300,0x3618D415,0x0D2ED9EF,0x3BF7CCC1); +$k_sb2=0x40; # sb2u, sb2t + &data_word(0x0B712400,0xE27A93C6,0xBC982FCD,0x5EB7E955); + &data_word(0x0AE12900,0x69EB8840,0xAB82234A,0xC2A163C8); +$k_sbo=0x60; # sbou, sbot + &data_word(0x6FBDC700,0xD0D26D17,0xC502A878,0x15AABF7A); + &data_word(0x5FBB6A00,0xCFE474A5,0x412B35FA,0x8E1E90D1); + +$k_mc_forward=0x80; # mc_forward + &data_word(0x00030201,0x04070605,0x080B0A09,0x0C0F0E0D); + &data_word(0x04070605,0x080B0A09,0x0C0F0E0D,0x00030201); + &data_word(0x080B0A09,0x0C0F0E0D,0x00030201,0x04070605); + &data_word(0x0C0F0E0D,0x00030201,0x04070605,0x080B0A09); + +$k_mc_backward=0xc0; # mc_backward + &data_word(0x02010003,0x06050407,0x0A09080B,0x0E0D0C0F); + &data_word(0x0E0D0C0F,0x02010003,0x06050407,0x0A09080B); + &data_word(0x0A09080B,0x0E0D0C0F,0x02010003,0x06050407); + &data_word(0x06050407,0x0A09080B,0x0E0D0C0F,0x02010003); + +$k_sr=0x100; # sr + &data_word(0x03020100,0x07060504,0x0B0A0908,0x0F0E0D0C); + &data_word(0x0F0A0500,0x030E0904,0x07020D08,0x0B06010C); + &data_word(0x0B020900,0x0F060D04,0x030A0108,0x070E050C); + &data_word(0x070A0D00,0x0B0E0104,0x0F020508,0x0306090C); + +$k_rcon=0x140; # rcon + &data_word(0xAF9DEEB6,0x1F8391B9,0x4D7C7D81,0x702A9808); + +$k_s63=0x150; # s63: all equal to 0x63 transformed + &data_word(0x5B5B5B5B,0x5B5B5B5B,0x5B5B5B5B,0x5B5B5B5B); + +$k_opt=0x160; # output transform + &data_word(0xD6B66000,0xFF9F4929,0xDEBE6808,0xF7974121); + &data_word(0x50BCEC00,0x01EDBD51,0xB05C0CE0,0xE10D5DB1); + +$k_deskew=0x180; # deskew tables: inverts the sbox's "skew" + &data_word(0x47A4E300,0x07E4A340,0x5DBEF91A,0x1DFEB95A); + &data_word(0x83EA6900,0x5F36B5DC,0xF49D1E77,0x2841C2AB); +## +## Decryption stuff +## Key schedule constants +## +$k_dksd=0x1a0; # decryption key schedule: invskew x*D + &data_word(0xA3E44700,0xFEB91A5D,0x5A1DBEF9,0x0740E3A4); + &data_word(0xB5368300,0x41C277F4,0xAB289D1E,0x5FDC69EA); +$k_dksb=0x1c0; # decryption key schedule: invskew x*B + &data_word(0x8550D500,0x9A4FCA1F,0x1CC94C99,0x03D65386); + &data_word(0xB6FC4A00,0x115BEDA7,0x7E3482C8,0xD993256F); +$k_dkse=0x1e0; # decryption key schedule: invskew x*E + 0x63 + &data_word(0x1FC9D600,0xD5031CCA,0x994F5086,0x53859A4C); + &data_word(0x4FDC7BE8,0xA2319605,0x20B31487,0xCD5EF96A); +$k_dks9=0x200; # decryption key schedule: invskew x*9 + &data_word(0x7ED9A700,0xB6116FC8,0x82255BFC,0x4AED9334); + &data_word(0x27143300,0x45765162,0xE9DAFDCE,0x8BB89FAC); + +## +## Decryption stuff +## Round function constants +## +$k_dipt=0x220; # decryption input transform + &data_word(0x0B545F00,0x0F505B04,0x114E451A,0x154A411E); + &data_word(0x60056500,0x86E383E6,0xF491F194,0x12771772); + +$k_dsb9=0x240; # decryption sbox output *9*u, *9*t + &data_word(0x9A86D600,0x851C0353,0x4F994CC9,0xCAD51F50); + &data_word(0xECD74900,0xC03B1789,0xB2FBA565,0x725E2C9E); +$k_dsbd=0x260; # decryption sbox output *D*u, *D*t + &data_word(0xE6B1A200,0x7D57CCDF,0x882A4439,0xF56E9B13); + &data_word(0x24C6CB00,0x3CE2FAF7,0x15DEEFD3,0x2931180D); +$k_dsbb=0x280; # decryption sbox output *B*u, *B*t + &data_word(0x96B44200,0xD0226492,0xB0F2D404,0x602646F6); + &data_word(0xCD596700,0xC19498A6,0x3255AA6B,0xF3FF0C3E); +$k_dsbe=0x2a0; # decryption sbox output *E*u, *E*t + &data_word(0x26D4D000,0x46F29296,0x64B4F6B0,0x22426004); + &data_word(0xFFAAC100,0x0C55A6CD,0x98593E32,0x9467F36B); +$k_dsbo=0x2c0; # decryption sbox final output + &data_word(0x7EF94000,0x1387EA53,0xD4943E2D,0xC7AA6DB9); + &data_word(0x93441D00,0x12D7560F,0xD8C58E9C,0xCA4B8159); +&asciz ("Vector Permutation AES for x86/SSSE3, Mike Hamburg (Stanford University)"); +&align (64); + +&function_begin_B("_vpaes_preheat"); + &add ($const,&DWP(0,"esp")); + &movdqa ("xmm7",&QWP($k_inv,$const)); + &movdqa ("xmm6",&QWP($k_s0F,$const)); + &ret (); +&function_end_B("_vpaes_preheat"); + +## +## _aes_encrypt_core +## +## AES-encrypt %xmm0. +## +## Inputs: +## %xmm0 = input +## %xmm6-%xmm7 as in _vpaes_preheat +## (%edx) = scheduled keys +## +## Output in %xmm0 +## Clobbers %xmm1-%xmm5, %eax, %ebx, %ecx, %edx +## +## +&function_begin_B("_vpaes_encrypt_core"); + &mov ($magic,16); + &mov ($round,&DWP(240,$key)); + &movdqa ("xmm1","xmm6") + &movdqa ("xmm2",&QWP($k_ipt,$const)); + &pandn ("xmm1","xmm0"); + &movdqu ("xmm5",&QWP(0,$key)); + &psrld ("xmm1",4); + &pand ("xmm0","xmm6"); + &pshufb ("xmm2","xmm0"); + &movdqa ("xmm0",&QWP($k_ipt+16,$const)); + &pshufb ("xmm0","xmm1"); + &pxor ("xmm2","xmm5"); + &pxor ("xmm0","xmm2"); + &add ($key,16); + &lea ($base,&DWP($k_mc_backward,$const)); + &jmp (&label("enc_entry")); + + +&set_label("enc_loop",16); + # middle of middle round + &movdqa ("xmm4",&QWP($k_sb1,$const)); # 4 : sb1u + &pshufb ("xmm4","xmm2"); # 4 = sb1u + &pxor ("xmm4","xmm5"); # 4 = sb1u + k + &movdqa ("xmm0",&QWP($k_sb1+16,$const));# 0 : sb1t + &pshufb ("xmm0","xmm3"); # 0 = sb1t + &pxor ("xmm0","xmm4"); # 0 = A + &movdqa ("xmm5",&QWP($k_sb2,$const)); # 4 : sb2u + &pshufb ("xmm5","xmm2"); # 4 = sb2u + &movdqa ("xmm1",&QWP(-0x40,$base,$magic));# .Lk_mc_forward[] + &movdqa ("xmm2",&QWP($k_sb2+16,$const));# 2 : sb2t + &pshufb ("xmm2","xmm3"); # 2 = sb2t + &pxor ("xmm2","xmm5"); # 2 = 2A + &movdqa ("xmm4",&QWP(0,$base,$magic)); # .Lk_mc_backward[] + &movdqa ("xmm3","xmm0"); # 3 = A + &pshufb ("xmm0","xmm1"); # 0 = B + &add ($key,16); # next key + &pxor ("xmm0","xmm2"); # 0 = 2A+B + &pshufb ("xmm3","xmm4"); # 3 = D + &add ($magic,16); # next mc + &pxor ("xmm3","xmm0"); # 3 = 2A+B+D + &pshufb ("xmm0","xmm1"); # 0 = 2B+C + &and ($magic,0x30); # ... mod 4 + &pxor ("xmm0","xmm3"); # 0 = 2A+3B+C+D + &sub ($round,1); # nr-- + +&set_label("enc_entry"); + # top of round + &movdqa ("xmm1","xmm6"); # 1 : i + &pandn ("xmm1","xmm0"); # 1 = i<<4 + &psrld ("xmm1",4); # 1 = i + &pand ("xmm0","xmm6"); # 0 = k + &movdqa ("xmm5",&QWP($k_inv+16,$const));# 2 : a/k + &pshufb ("xmm5","xmm0"); # 2 = a/k + &pxor ("xmm0","xmm1"); # 0 = j + &movdqa ("xmm3","xmm7"); # 3 : 1/i + &pshufb ("xmm3","xmm1"); # 3 = 1/i + &pxor ("xmm3","xmm5"); # 3 = iak = 1/i + a/k + &movdqa ("xmm4","xmm7"); # 4 : 1/j + &pshufb ("xmm4","xmm0"); # 4 = 1/j + &pxor ("xmm4","xmm5"); # 4 = jak = 1/j + a/k + &movdqa ("xmm2","xmm7"); # 2 : 1/iak + &pshufb ("xmm2","xmm3"); # 2 = 1/iak + &pxor ("xmm2","xmm0"); # 2 = io + &movdqa ("xmm3","xmm7"); # 3 : 1/jak + &movdqu ("xmm5",&QWP(0,$key)); + &pshufb ("xmm3","xmm4"); # 3 = 1/jak + &pxor ("xmm3","xmm1"); # 3 = jo + &jnz (&label("enc_loop")); + + # middle of last round + &movdqa ("xmm4",&QWP($k_sbo,$const)); # 3 : sbou .Lk_sbo + &movdqa ("xmm0",&QWP($k_sbo+16,$const));# 3 : sbot .Lk_sbo+16 + &pshufb ("xmm4","xmm2"); # 4 = sbou + &pxor ("xmm4","xmm5"); # 4 = sb1u + k + &pshufb ("xmm0","xmm3"); # 0 = sb1t + &movdqa ("xmm1",&QWP(0x40,$base,$magic));# .Lk_sr[] + &pxor ("xmm0","xmm4"); # 0 = A + &pshufb ("xmm0","xmm1"); + &ret (); +&function_end_B("_vpaes_encrypt_core"); + +## +## Decryption core +## +## Same API as encryption core. +## +&function_begin_B("_vpaes_decrypt_core"); + &mov ($round,&DWP(240,$key)); + &lea ($base,&DWP($k_dsbd,$const)); + &movdqa ("xmm1","xmm6"); + &movdqa ("xmm2",&QWP($k_dipt-$k_dsbd,$base)); + &pandn ("xmm1","xmm0"); + &mov ($magic,$round); + &psrld ("xmm1",4) + &movdqu ("xmm5",&QWP(0,$key)); + &shl ($magic,4); + &pand ("xmm0","xmm6"); + &pshufb ("xmm2","xmm0"); + &movdqa ("xmm0",&QWP($k_dipt-$k_dsbd+16,$base)); + &xor ($magic,0x30); + &pshufb ("xmm0","xmm1"); + &and ($magic,0x30); + &pxor ("xmm2","xmm5"); + &movdqa ("xmm5",&QWP($k_mc_forward+48,$const)); + &pxor ("xmm0","xmm2"); + &add ($key,16); + &lea ($magic,&DWP($k_sr-$k_dsbd,$base,$magic)); + &jmp (&label("dec_entry")); + +&set_label("dec_loop",16); +## +## Inverse mix columns +## + &movdqa ("xmm4",&QWP(-0x20,$base)); # 4 : sb9u + &pshufb ("xmm4","xmm2"); # 4 = sb9u + &pxor ("xmm4","xmm0"); + &movdqa ("xmm0",&QWP(-0x10,$base)); # 0 : sb9t + &pshufb ("xmm0","xmm3"); # 0 = sb9t + &pxor ("xmm0","xmm4"); # 0 = ch + &add ($key,16); # next round key + + &pshufb ("xmm0","xmm5"); # MC ch + &movdqa ("xmm4",&QWP(0,$base)); # 4 : sbdu + &pshufb ("xmm4","xmm2"); # 4 = sbdu + &pxor ("xmm4","xmm0"); # 4 = ch + &movdqa ("xmm0",&QWP(0x10,$base)); # 0 : sbdt + &pshufb ("xmm0","xmm3"); # 0 = sbdt + &pxor ("xmm0","xmm4"); # 0 = ch + &sub ($round,1); # nr-- + + &pshufb ("xmm0","xmm5"); # MC ch + &movdqa ("xmm4",&QWP(0x20,$base)); # 4 : sbbu + &pshufb ("xmm4","xmm2"); # 4 = sbbu + &pxor ("xmm4","xmm0"); # 4 = ch + &movdqa ("xmm0",&QWP(0x30,$base)); # 0 : sbbt + &pshufb ("xmm0","xmm3"); # 0 = sbbt + &pxor ("xmm0","xmm4"); # 0 = ch + + &pshufb ("xmm0","xmm5"); # MC ch + &movdqa ("xmm4",&QWP(0x40,$base)); # 4 : sbeu + &pshufb ("xmm4","xmm2"); # 4 = sbeu + &pxor ("xmm4","xmm0"); # 4 = ch + &movdqa ("xmm0",&QWP(0x50,$base)); # 0 : sbet + &pshufb ("xmm0","xmm3"); # 0 = sbet + &pxor ("xmm0","xmm4"); # 0 = ch + + &palignr("xmm5","xmm5",12); + +&set_label("dec_entry"); + # top of round + &movdqa ("xmm1","xmm6"); # 1 : i + &pandn ("xmm1","xmm0"); # 1 = i<<4 + &psrld ("xmm1",4); # 1 = i + &pand ("xmm0","xmm6"); # 0 = k + &movdqa ("xmm2",&QWP($k_inv+16,$const));# 2 : a/k + &pshufb ("xmm2","xmm0"); # 2 = a/k + &pxor ("xmm0","xmm1"); # 0 = j + &movdqa ("xmm3","xmm7"); # 3 : 1/i + &pshufb ("xmm3","xmm1"); # 3 = 1/i + &pxor ("xmm3","xmm2"); # 3 = iak = 1/i + a/k + &movdqa ("xmm4","xmm7"); # 4 : 1/j + &pshufb ("xmm4","xmm0"); # 4 = 1/j + &pxor ("xmm4","xmm2"); # 4 = jak = 1/j + a/k + &movdqa ("xmm2","xmm7"); # 2 : 1/iak + &pshufb ("xmm2","xmm3"); # 2 = 1/iak + &pxor ("xmm2","xmm0"); # 2 = io + &movdqa ("xmm3","xmm7"); # 3 : 1/jak + &pshufb ("xmm3","xmm4"); # 3 = 1/jak + &pxor ("xmm3","xmm1"); # 3 = jo + &movdqu ("xmm0",&QWP(0,$key)); + &jnz (&label("dec_loop")); + + # middle of last round + &movdqa ("xmm4",&QWP(0x60,$base)); # 3 : sbou + &pshufb ("xmm4","xmm2"); # 4 = sbou + &pxor ("xmm4","xmm0"); # 4 = sb1u + k + &movdqa ("xmm0",&QWP(0x70,$base)); # 0 : sbot + &movdqa ("xmm2",&QWP(0,$magic)); + &pshufb ("xmm0","xmm3"); # 0 = sb1t + &pxor ("xmm0","xmm4"); # 0 = A + &pshufb ("xmm0","xmm2"); + &ret (); +&function_end_B("_vpaes_decrypt_core"); + +######################################################## +## ## +## AES key schedule ## +## ## +######################################################## +&function_begin_B("_vpaes_schedule_core"); + &add ($const,&DWP(0,"esp")); + &movdqu ("xmm0",&QWP(0,$inp)); # load key (unaligned) + &movdqa ("xmm2",&QWP($k_rcon,$const)); # load rcon + + # input transform + &movdqa ("xmm3","xmm0"); + &lea ($base,&DWP($k_ipt,$const)); + &movdqa (&QWP(4,"esp"),"xmm2"); # xmm8 + &call ("_vpaes_schedule_transform"); + &movdqa ("xmm7","xmm0"); + + &test ($out,$out); + &jnz (&label("schedule_am_decrypting")); + + # encrypting, output zeroth round key after transform + &movdqu (&QWP(0,$key),"xmm0"); + &jmp (&label("schedule_go")); + +&set_label("schedule_am_decrypting"); + # decrypting, output zeroth round key after shiftrows + &movdqa ("xmm1",&QWP($k_sr,$const,$magic)); + &pshufb ("xmm3","xmm1"); + &movdqu (&QWP(0,$key),"xmm3"); + &xor ($magic,0x30); + +&set_label("schedule_go"); + &cmp ($round,192); + &ja (&label("schedule_256")); + &je (&label("schedule_192")); + # 128: fall though + +## +## .schedule_128 +## +## 128-bit specific part of key schedule. +## +## This schedule is really simple, because all its parts +## are accomplished by the subroutines. +## +&set_label("schedule_128"); + &mov ($round,10); + +&set_label("loop_schedule_128"); + &call ("_vpaes_schedule_round"); + &dec ($round); + &jz (&label("schedule_mangle_last")); + &call ("_vpaes_schedule_mangle"); # write output + &jmp (&label("loop_schedule_128")); + +## +## .aes_schedule_192 +## +## 192-bit specific part of key schedule. +## +## The main body of this schedule is the same as the 128-bit +## schedule, but with more smearing. The long, high side is +## stored in %xmm7 as before, and the short, low side is in +## the high bits of %xmm6. +## +## This schedule is somewhat nastier, however, because each +## round produces 192 bits of key material, or 1.5 round keys. +## Therefore, on each cycle we do 2 rounds and produce 3 round +## keys. +## +&set_label("schedule_192",16); + &movdqu ("xmm0",&QWP(8,$inp)); # load key part 2 (very unaligned) + &call ("_vpaes_schedule_transform"); # input transform + &movdqa ("xmm6","xmm0"); # save short part + &pxor ("xmm4","xmm4"); # clear 4 + &movhlps("xmm6","xmm4"); # clobber low side with zeros + &mov ($round,4); + +&set_label("loop_schedule_192"); + &call ("_vpaes_schedule_round"); + &palignr("xmm0","xmm6",8); + &call ("_vpaes_schedule_mangle"); # save key n + &call ("_vpaes_schedule_192_smear"); + &call ("_vpaes_schedule_mangle"); # save key n+1 + &call ("_vpaes_schedule_round"); + &dec ($round); + &jz (&label("schedule_mangle_last")); + &call ("_vpaes_schedule_mangle"); # save key n+2 + &call ("_vpaes_schedule_192_smear"); + &jmp (&label("loop_schedule_192")); + +## +## .aes_schedule_256 +## +## 256-bit specific part of key schedule. +## +## The structure here is very similar to the 128-bit +## schedule, but with an additional "low side" in +## %xmm6. The low side's rounds are the same as the +## high side's, except no rcon and no rotation. +## +&set_label("schedule_256",16); + &movdqu ("xmm0",&QWP(16,$inp)); # load key part 2 (unaligned) + &call ("_vpaes_schedule_transform"); # input transform + &mov ($round,7); + +&set_label("loop_schedule_256"); + &call ("_vpaes_schedule_mangle"); # output low result + &movdqa ("xmm6","xmm0"); # save cur_lo in xmm6 + + # high round + &call ("_vpaes_schedule_round"); + &dec ($round); + &jz (&label("schedule_mangle_last")); + &call ("_vpaes_schedule_mangle"); + + # low round. swap xmm7 and xmm6 + &pshufd ("xmm0","xmm0",0xFF); + &movdqa (&QWP(20,"esp"),"xmm7"); + &movdqa ("xmm7","xmm6"); + &call ("_vpaes_schedule_low_round"); + &movdqa ("xmm7",&QWP(20,"esp")); + + &jmp (&label("loop_schedule_256")); + +## +## .aes_schedule_mangle_last +## +## Mangler for last round of key schedule +## Mangles %xmm0 +## when encrypting, outputs out(%xmm0) ^ 63 +## when decrypting, outputs unskew(%xmm0) +## +## Always called right before return... jumps to cleanup and exits +## +&set_label("schedule_mangle_last",16); + # schedule last round key from xmm0 + &lea ($base,&DWP($k_deskew,$const)); + &test ($out,$out); + &jnz (&label("schedule_mangle_last_dec")); + + # encrypting + &movdqa ("xmm1",&QWP($k_sr,$const,$magic)); + &pshufb ("xmm0","xmm1"); # output permute + &lea ($base,&DWP($k_opt,$const)); # prepare to output transform + &add ($key,32); + +&set_label("schedule_mangle_last_dec"); + &add ($key,-16); + &pxor ("xmm0",&QWP($k_s63,$const)); + &call ("_vpaes_schedule_transform"); # output transform + &movdqu (&QWP(0,$key),"xmm0"); # save last key + + # cleanup + &pxor ("xmm0","xmm0"); + &pxor ("xmm1","xmm1"); + &pxor ("xmm2","xmm2"); + &pxor ("xmm3","xmm3"); + &pxor ("xmm4","xmm4"); + &pxor ("xmm5","xmm5"); + &pxor ("xmm6","xmm6"); + &pxor ("xmm7","xmm7"); + &ret (); +&function_end_B("_vpaes_schedule_core"); + +## +## .aes_schedule_192_smear +## +## Smear the short, low side in the 192-bit key schedule. +## +## Inputs: +## %xmm7: high side, b a x y +## %xmm6: low side, d c 0 0 +## %xmm13: 0 +## +## Outputs: +## %xmm6: b+c+d b+c 0 0 +## %xmm0: b+c+d b+c b a +## +&function_begin_B("_vpaes_schedule_192_smear"); + &pshufd ("xmm0","xmm6",0x80); # d c 0 0 -> c 0 0 0 + &pxor ("xmm6","xmm0"); # -> c+d c 0 0 + &pshufd ("xmm0","xmm7",0xFE); # b a _ _ -> b b b a + &pxor ("xmm6","xmm0"); # -> b+c+d b+c b a + &movdqa ("xmm0","xmm6"); + &pxor ("xmm1","xmm1"); + &movhlps("xmm6","xmm1"); # clobber low side with zeros + &ret (); +&function_end_B("_vpaes_schedule_192_smear"); + +## +## .aes_schedule_round +## +## Runs one main round of the key schedule on %xmm0, %xmm7 +## +## Specifically, runs subbytes on the high dword of %xmm0 +## then rotates it by one byte and xors into the low dword of +## %xmm7. +## +## Adds rcon from low byte of %xmm8, then rotates %xmm8 for +## next rcon. +## +## Smears the dwords of %xmm7 by xoring the low into the +## second low, result into third, result into highest. +## +## Returns results in %xmm7 = %xmm0. +## Clobbers %xmm1-%xmm5. +## +&function_begin_B("_vpaes_schedule_round"); + # extract rcon from xmm8 + &movdqa ("xmm2",&QWP(8,"esp")); # xmm8 + &pxor ("xmm1","xmm1"); + &palignr("xmm1","xmm2",15); + &palignr("xmm2","xmm2",15); + &pxor ("xmm7","xmm1"); + + # rotate + &pshufd ("xmm0","xmm0",0xFF); + &palignr("xmm0","xmm0",1); + + # fall through... + &movdqa (&QWP(8,"esp"),"xmm2"); # xmm8 + + # low round: same as high round, but no rotation and no rcon. +&set_label("_vpaes_schedule_low_round"); + # smear xmm7 + &movdqa ("xmm1","xmm7"); + &pslldq ("xmm7",4); + &pxor ("xmm7","xmm1"); + &movdqa ("xmm1","xmm7"); + &pslldq ("xmm7",8); + &pxor ("xmm7","xmm1"); + &pxor ("xmm7",&QWP($k_s63,$const)); + + # subbyte + &movdqa ("xmm4",&QWP($k_s0F,$const)); + &movdqa ("xmm5",&QWP($k_inv,$const)); # 4 : 1/j + &movdqa ("xmm1","xmm4"); + &pandn ("xmm1","xmm0"); + &psrld ("xmm1",4); # 1 = i + &pand ("xmm0","xmm4"); # 0 = k + &movdqa ("xmm2",&QWP($k_inv+16,$const));# 2 : a/k + &pshufb ("xmm2","xmm0"); # 2 = a/k + &pxor ("xmm0","xmm1"); # 0 = j + &movdqa ("xmm3","xmm5"); # 3 : 1/i + &pshufb ("xmm3","xmm1"); # 3 = 1/i + &pxor ("xmm3","xmm2"); # 3 = iak = 1/i + a/k + &movdqa ("xmm4","xmm5"); # 4 : 1/j + &pshufb ("xmm4","xmm0"); # 4 = 1/j + &pxor ("xmm4","xmm2"); # 4 = jak = 1/j + a/k + &movdqa ("xmm2","xmm5"); # 2 : 1/iak + &pshufb ("xmm2","xmm3"); # 2 = 1/iak + &pxor ("xmm2","xmm0"); # 2 = io + &movdqa ("xmm3","xmm5"); # 3 : 1/jak + &pshufb ("xmm3","xmm4"); # 3 = 1/jak + &pxor ("xmm3","xmm1"); # 3 = jo + &movdqa ("xmm4",&QWP($k_sb1,$const)); # 4 : sbou + &pshufb ("xmm4","xmm2"); # 4 = sbou + &movdqa ("xmm0",&QWP($k_sb1+16,$const));# 0 : sbot + &pshufb ("xmm0","xmm3"); # 0 = sb1t + &pxor ("xmm0","xmm4"); # 0 = sbox output + + # add in smeared stuff + &pxor ("xmm0","xmm7"); + &movdqa ("xmm7","xmm0"); + &ret (); +&function_end_B("_vpaes_schedule_round"); + +## +## .aes_schedule_transform +## +## Linear-transform %xmm0 according to tables at (%ebx) +## +## Output in %xmm0 +## Clobbers %xmm1, %xmm2 +## +&function_begin_B("_vpaes_schedule_transform"); + &movdqa ("xmm2",&QWP($k_s0F,$const)); + &movdqa ("xmm1","xmm2"); + &pandn ("xmm1","xmm0"); + &psrld ("xmm1",4); + &pand ("xmm0","xmm2"); + &movdqa ("xmm2",&QWP(0,$base)); + &pshufb ("xmm2","xmm0"); + &movdqa ("xmm0",&QWP(16,$base)); + &pshufb ("xmm0","xmm1"); + &pxor ("xmm0","xmm2"); + &ret (); +&function_end_B("_vpaes_schedule_transform"); + +## +## .aes_schedule_mangle +## +## Mangle xmm0 from (basis-transformed) standard version +## to our version. +## +## On encrypt, +## xor with 0x63 +## multiply by circulant 0,1,1,1 +## apply shiftrows transform +## +## On decrypt, +## xor with 0x63 +## multiply by "inverse mixcolumns" circulant E,B,D,9 +## deskew +## apply shiftrows transform +## +## +## Writes out to (%edx), and increments or decrements it +## Keeps track of round number mod 4 in %ecx +## Preserves xmm0 +## Clobbers xmm1-xmm5 +## +&function_begin_B("_vpaes_schedule_mangle"); + &movdqa ("xmm4","xmm0"); # save xmm0 for later + &movdqa ("xmm5",&QWP($k_mc_forward,$const)); + &test ($out,$out); + &jnz (&label("schedule_mangle_dec")); + + # encrypting + &add ($key,16); + &pxor ("xmm4",&QWP($k_s63,$const)); + &pshufb ("xmm4","xmm5"); + &movdqa ("xmm3","xmm4"); + &pshufb ("xmm4","xmm5"); + &pxor ("xmm3","xmm4"); + &pshufb ("xmm4","xmm5"); + &pxor ("xmm3","xmm4"); + + &jmp (&label("schedule_mangle_both")); + +&set_label("schedule_mangle_dec",16); + # inverse mix columns + &movdqa ("xmm2",&QWP($k_s0F,$const)); + &lea ($inp,&DWP($k_dksd,$const)); + &movdqa ("xmm1","xmm2"); + &pandn ("xmm1","xmm4"); + &psrld ("xmm1",4); # 1 = hi + &pand ("xmm4","xmm2"); # 4 = lo + + &movdqa ("xmm2",&QWP(0,$inp)); + &pshufb ("xmm2","xmm4"); + &movdqa ("xmm3",&QWP(0x10,$inp)); + &pshufb ("xmm3","xmm1"); + &pxor ("xmm3","xmm2"); + &pshufb ("xmm3","xmm5"); + + &movdqa ("xmm2",&QWP(0x20,$inp)); + &pshufb ("xmm2","xmm4"); + &pxor ("xmm2","xmm3"); + &movdqa ("xmm3",&QWP(0x30,$inp)); + &pshufb ("xmm3","xmm1"); + &pxor ("xmm3","xmm2"); + &pshufb ("xmm3","xmm5"); + + &movdqa ("xmm2",&QWP(0x40,$inp)); + &pshufb ("xmm2","xmm4"); + &pxor ("xmm2","xmm3"); + &movdqa ("xmm3",&QWP(0x50,$inp)); + &pshufb ("xmm3","xmm1"); + &pxor ("xmm3","xmm2"); + &pshufb ("xmm3","xmm5"); + + &movdqa ("xmm2",&QWP(0x60,$inp)); + &pshufb ("xmm2","xmm4"); + &pxor ("xmm2","xmm3"); + &movdqa ("xmm3",&QWP(0x70,$inp)); + &pshufb ("xmm3","xmm1"); + &pxor ("xmm3","xmm2"); + + &add ($key,-16); + +&set_label("schedule_mangle_both"); + &movdqa ("xmm1",&QWP($k_sr,$const,$magic)); + &pshufb ("xmm3","xmm1"); + &add ($magic,-16); + &and ($magic,0x30); + &movdqu (&QWP(0,$key),"xmm3"); + &ret (); +&function_end_B("_vpaes_schedule_mangle"); + +# +# Interface to OpenSSL +# +&function_begin("${PREFIX}_set_encrypt_key"); + &mov ($inp,&wparam(0)); # inp + &lea ($base,&DWP(-56,"esp")); + &mov ($round,&wparam(1)); # bits + &and ($base,-16); + &mov ($key,&wparam(2)); # key + &xchg ($base,"esp"); # alloca + &mov (&DWP(48,"esp"),$base); + + &mov ($base,$round); + &shr ($base,5); + &add ($base,5); + &mov (&DWP(240,$key),$base); # AES_KEY->rounds = nbits/32+5; + &mov ($magic,0x30); + &mov ($out,0); + + &lea ($const,&DWP(&label("_vpaes_consts")."+0x30-".&label("pic_point"))); + &call ("_vpaes_schedule_core"); +&set_label("pic_point"); + + &mov ("esp",&DWP(48,"esp")); + &xor ("eax","eax"); +&function_end("${PREFIX}_set_encrypt_key"); + +&function_begin("${PREFIX}_set_decrypt_key"); + &mov ($inp,&wparam(0)); # inp + &lea ($base,&DWP(-56,"esp")); + &mov ($round,&wparam(1)); # bits + &and ($base,-16); + &mov ($key,&wparam(2)); # key + &xchg ($base,"esp"); # alloca + &mov (&DWP(48,"esp"),$base); + + &mov ($base,$round); + &shr ($base,5); + &add ($base,5); + &mov (&DWP(240,$key),$base); # AES_KEY->rounds = nbits/32+5; + &shl ($base,4); + &lea ($key,&DWP(16,$key,$base)); + + &mov ($out,1); + &mov ($magic,$round); + &shr ($magic,1); + &and ($magic,32); + &xor ($magic,32); # nbist==192?0:32; + + &lea ($const,&DWP(&label("_vpaes_consts")."+0x30-".&label("pic_point"))); + &call ("_vpaes_schedule_core"); +&set_label("pic_point"); + + &mov ("esp",&DWP(48,"esp")); + &xor ("eax","eax"); +&function_end("${PREFIX}_set_decrypt_key"); + +&function_begin("${PREFIX}_encrypt"); + &lea ($const,&DWP(&label("_vpaes_consts")."+0x30-".&label("pic_point"))); + &call ("_vpaes_preheat"); +&set_label("pic_point"); + &mov ($inp,&wparam(0)); # inp + &lea ($base,&DWP(-56,"esp")); + &mov ($out,&wparam(1)); # out + &and ($base,-16); + &mov ($key,&wparam(2)); # key + &xchg ($base,"esp"); # alloca + &mov (&DWP(48,"esp"),$base); + + &movdqu ("xmm0",&QWP(0,$inp)); + &call ("_vpaes_encrypt_core"); + &movdqu (&QWP(0,$out),"xmm0"); + + &mov ("esp",&DWP(48,"esp")); +&function_end("${PREFIX}_encrypt"); + +&function_begin("${PREFIX}_decrypt"); + &lea ($const,&DWP(&label("_vpaes_consts")."+0x30-".&label("pic_point"))); + &call ("_vpaes_preheat"); +&set_label("pic_point"); + &mov ($inp,&wparam(0)); # inp + &lea ($base,&DWP(-56,"esp")); + &mov ($out,&wparam(1)); # out + &and ($base,-16); + &mov ($key,&wparam(2)); # key + &xchg ($base,"esp"); # alloca + &mov (&DWP(48,"esp"),$base); + + &movdqu ("xmm0",&QWP(0,$inp)); + &call ("_vpaes_decrypt_core"); + &movdqu (&QWP(0,$out),"xmm0"); + + &mov ("esp",&DWP(48,"esp")); +&function_end("${PREFIX}_decrypt"); + +&function_begin("${PREFIX}_cbc_encrypt"); + &mov ($inp,&wparam(0)); # inp + &mov ($out,&wparam(1)); # out + &mov ($round,&wparam(2)); # len + &mov ($key,&wparam(3)); # key + &sub ($round,16); + &jc (&label("cbc_abort")); + &lea ($base,&DWP(-56,"esp")); + &mov ($const,&wparam(4)); # ivp + &and ($base,-16); + &mov ($magic,&wparam(5)); # enc + &xchg ($base,"esp"); # alloca + &movdqu ("xmm1",&QWP(0,$const)); # load IV + &sub ($out,$inp); + &mov (&DWP(48,"esp"),$base); + + &mov (&DWP(0,"esp"),$out); # save out + &mov (&DWP(4,"esp"),$key) # save key + &mov (&DWP(8,"esp"),$const); # save ivp + &mov ($out,$round); # $out works as $len + + &lea ($const,&DWP(&label("_vpaes_consts")."+0x30-".&label("pic_point"))); + &call ("_vpaes_preheat"); +&set_label("pic_point"); + &cmp ($magic,0); + &je (&label("cbc_dec_loop")); + &jmp (&label("cbc_enc_loop")); + +&set_label("cbc_enc_loop",16); + &movdqu ("xmm0",&QWP(0,$inp)); # load input + &pxor ("xmm0","xmm1"); # inp^=iv + &call ("_vpaes_encrypt_core"); + &mov ($base,&DWP(0,"esp")); # restore out + &mov ($key,&DWP(4,"esp")); # restore key + &movdqa ("xmm1","xmm0"); + &movdqu (&QWP(0,$base,$inp),"xmm0"); # write output + &lea ($inp,&DWP(16,$inp)); + &sub ($out,16); + &jnc (&label("cbc_enc_loop")); + &jmp (&label("cbc_done")); + +&set_label("cbc_dec_loop",16); + &movdqu ("xmm0",&QWP(0,$inp)); # load input + &movdqa (&QWP(16,"esp"),"xmm1"); # save IV + &movdqa (&QWP(32,"esp"),"xmm0"); # save future IV + &call ("_vpaes_decrypt_core"); + &mov ($base,&DWP(0,"esp")); # restore out + &mov ($key,&DWP(4,"esp")); # restore key + &pxor ("xmm0",&QWP(16,"esp")); # out^=iv + &movdqa ("xmm1",&QWP(32,"esp")); # load next IV + &movdqu (&QWP(0,$base,$inp),"xmm0"); # write output + &lea ($inp,&DWP(16,$inp)); + &sub ($out,16); + &jnc (&label("cbc_dec_loop")); + +&set_label("cbc_done"); + &mov ($base,&DWP(8,"esp")); # restore ivp + &mov ("esp",&DWP(48,"esp")); + &movdqu (&QWP(0,$base),"xmm1"); # write IV +&set_label("cbc_abort"); +&function_end("${PREFIX}_cbc_encrypt"); + +&asm_finish(); diff --git a/src/lib/libcrypto/aes/asm/vpaes-x86_64.pl b/src/lib/libcrypto/aes/asm/vpaes-x86_64.pl new file mode 100644 index 00000000000..bd7f45b8509 --- /dev/null +++ b/src/lib/libcrypto/aes/asm/vpaes-x86_64.pl @@ -0,0 +1,1207 @@ +#!/usr/bin/env perl + +###################################################################### +## Constant-time SSSE3 AES core implementation. +## version 0.1 +## +## By Mike Hamburg (Stanford University), 2009 +## Public domain. +## +## For details see http://shiftleft.org/papers/vector_aes/ and +## http://crypto.stanford.edu/vpaes/. + +###################################################################### +# September 2011. +# +# Interface to OpenSSL as "almost" drop-in replacement for +# aes-x86_64.pl. "Almost" refers to the fact that AES_cbc_encrypt +# doesn't handle partial vectors (doesn't have to if called from +# EVP only). "Drop-in" implies that this module doesn't share key +# schedule structure with the original nor does it make assumption +# about its alignment... +# +# Performance summary. aes-x86_64.pl column lists large-block CBC +# encrypt/decrypt/with-hyper-threading-off(*) results in cycles per +# byte processed with 128-bit key, and vpaes-x86_64.pl column - +# [also large-block CBC] encrypt/decrypt. +# +# aes-x86_64.pl vpaes-x86_64.pl +# +# Core 2(**) 30.5/43.7/14.3 21.8/25.7(***) +# Nehalem 30.5/42.2/14.6 9.8/11.8 +# Atom 63.9/79.0/32.1 64.0/84.8(***) +# +# (*) "Hyper-threading" in the context refers rather to cache shared +# among multiple cores, than to specifically Intel HTT. As vast +# majority of contemporary cores share cache, slower code path +# is common place. In other words "with-hyper-threading-off" +# results are presented mostly for reference purposes. +# +# (**) "Core 2" refers to initial 65nm design, a.k.a. Conroe. +# +# (***) Less impressive improvement on Core 2 and Atom is due to slow +# pshufb, yet it's respectable +40%/78% improvement on Core 2 +# (as implied, over "hyper-threading-safe" code path). +# +# + +$flavour = shift; +$output = shift; +if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } + +$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or +die "can't locate x86_64-xlate.pl"; + +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; + +$PREFIX="vpaes"; + +$code.=<<___; +.text + +## +## _aes_encrypt_core +## +## AES-encrypt %xmm0. +## +## Inputs: +## %xmm0 = input +## %xmm9-%xmm15 as in _vpaes_preheat +## (%rdx) = scheduled keys +## +## Output in %xmm0 +## Clobbers %xmm1-%xmm5, %r9, %r10, %r11, %rax +## Preserves %xmm6 - %xmm8 so you get some local vectors +## +## +.type _vpaes_encrypt_core,\@abi-omnipotent +.align 16 +_vpaes_encrypt_core: + mov %rdx, %r9 + mov \$16, %r11 + mov 240(%rdx),%eax + movdqa %xmm9, %xmm1 + movdqa .Lk_ipt(%rip), %xmm2 # iptlo + pandn %xmm0, %xmm1 + movdqu (%r9), %xmm5 # round0 key + psrld \$4, %xmm1 + pand %xmm9, %xmm0 + pshufb %xmm0, %xmm2 + movdqa .Lk_ipt+16(%rip), %xmm0 # ipthi + pshufb %xmm1, %xmm0 + pxor %xmm5, %xmm2 + pxor %xmm2, %xmm0 + add \$16, %r9 + lea .Lk_mc_backward(%rip),%r10 + jmp .Lenc_entry + +.align 16 +.Lenc_loop: + # middle of middle round + movdqa %xmm13, %xmm4 # 4 : sb1u + pshufb %xmm2, %xmm4 # 4 = sb1u + pxor %xmm5, %xmm4 # 4 = sb1u + k + movdqa %xmm12, %xmm0 # 0 : sb1t + pshufb %xmm3, %xmm0 # 0 = sb1t + pxor %xmm4, %xmm0 # 0 = A + movdqa %xmm15, %xmm5 # 4 : sb2u + pshufb %xmm2, %xmm5 # 4 = sb2u + movdqa -0x40(%r11,%r10), %xmm1 # .Lk_mc_forward[] + movdqa %xmm14, %xmm2 # 2 : sb2t + pshufb %xmm3, %xmm2 # 2 = sb2t + pxor %xmm5, %xmm2 # 2 = 2A + movdqa (%r11,%r10), %xmm4 # .Lk_mc_backward[] + movdqa %xmm0, %xmm3 # 3 = A + pshufb %xmm1, %xmm0 # 0 = B + add \$16, %r9 # next key + pxor %xmm2, %xmm0 # 0 = 2A+B + pshufb %xmm4, %xmm3 # 3 = D + add \$16, %r11 # next mc + pxor %xmm0, %xmm3 # 3 = 2A+B+D + pshufb %xmm1, %xmm0 # 0 = 2B+C + and \$0x30, %r11 # ... mod 4 + pxor %xmm3, %xmm0 # 0 = 2A+3B+C+D + sub \$1,%rax # nr-- + +.Lenc_entry: + # top of round + movdqa %xmm9, %xmm1 # 1 : i + pandn %xmm0, %xmm1 # 1 = i<<4 + psrld \$4, %xmm1 # 1 = i + pand %xmm9, %xmm0 # 0 = k + movdqa %xmm11, %xmm5 # 2 : a/k + pshufb %xmm0, %xmm5 # 2 = a/k + pxor %xmm1, %xmm0 # 0 = j + movdqa %xmm10, %xmm3 # 3 : 1/i + pshufb %xmm1, %xmm3 # 3 = 1/i + pxor %xmm5, %xmm3 # 3 = iak = 1/i + a/k + movdqa %xmm10, %xmm4 # 4 : 1/j + pshufb %xmm0, %xmm4 # 4 = 1/j + pxor %xmm5, %xmm4 # 4 = jak = 1/j + a/k + movdqa %xmm10, %xmm2 # 2 : 1/iak + pshufb %xmm3, %xmm2 # 2 = 1/iak + pxor %xmm0, %xmm2 # 2 = io + movdqa %xmm10, %xmm3 # 3 : 1/jak + movdqu (%r9), %xmm5 + pshufb %xmm4, %xmm3 # 3 = 1/jak + pxor %xmm1, %xmm3 # 3 = jo + jnz .Lenc_loop + + # middle of last round + movdqa -0x60(%r10), %xmm4 # 3 : sbou .Lk_sbo + movdqa -0x50(%r10), %xmm0 # 0 : sbot .Lk_sbo+16 + pshufb %xmm2, %xmm4 # 4 = sbou + pxor %xmm5, %xmm4 # 4 = sb1u + k + pshufb %xmm3, %xmm0 # 0 = sb1t + movdqa 0x40(%r11,%r10), %xmm1 # .Lk_sr[] + pxor %xmm4, %xmm0 # 0 = A + pshufb %xmm1, %xmm0 + ret +.size _vpaes_encrypt_core,.-_vpaes_encrypt_core + +## +## Decryption core +## +## Same API as encryption core. +## +.type _vpaes_decrypt_core,\@abi-omnipotent +.align 16 +_vpaes_decrypt_core: + mov %rdx, %r9 # load key + mov 240(%rdx),%eax + movdqa %xmm9, %xmm1 + movdqa .Lk_dipt(%rip), %xmm2 # iptlo + pandn %xmm0, %xmm1 + mov %rax, %r11 + psrld \$4, %xmm1 + movdqu (%r9), %xmm5 # round0 key + shl \$4, %r11 + pand %xmm9, %xmm0 + pshufb %xmm0, %xmm2 + movdqa .Lk_dipt+16(%rip), %xmm0 # ipthi + xor \$0x30, %r11 + lea .Lk_dsbd(%rip),%r10 + pshufb %xmm1, %xmm0 + and \$0x30, %r11 + pxor %xmm5, %xmm2 + movdqa .Lk_mc_forward+48(%rip), %xmm5 + pxor %xmm2, %xmm0 + add \$16, %r9 + add %r10, %r11 + jmp .Ldec_entry + +.align 16 +.Ldec_loop: +## +## Inverse mix columns +## + movdqa -0x20(%r10),%xmm4 # 4 : sb9u + pshufb %xmm2, %xmm4 # 4 = sb9u + pxor %xmm0, %xmm4 + movdqa -0x10(%r10),%xmm0 # 0 : sb9t + pshufb %xmm3, %xmm0 # 0 = sb9t + pxor %xmm4, %xmm0 # 0 = ch + add \$16, %r9 # next round key + + pshufb %xmm5, %xmm0 # MC ch + movdqa 0x00(%r10),%xmm4 # 4 : sbdu + pshufb %xmm2, %xmm4 # 4 = sbdu + pxor %xmm0, %xmm4 # 4 = ch + movdqa 0x10(%r10),%xmm0 # 0 : sbdt + pshufb %xmm3, %xmm0 # 0 = sbdt + pxor %xmm4, %xmm0 # 0 = ch + sub \$1,%rax # nr-- + + pshufb %xmm5, %xmm0 # MC ch + movdqa 0x20(%r10),%xmm4 # 4 : sbbu + pshufb %xmm2, %xmm4 # 4 = sbbu + pxor %xmm0, %xmm4 # 4 = ch + movdqa 0x30(%r10),%xmm0 # 0 : sbbt + pshufb %xmm3, %xmm0 # 0 = sbbt + pxor %xmm4, %xmm0 # 0 = ch + + pshufb %xmm5, %xmm0 # MC ch + movdqa 0x40(%r10),%xmm4 # 4 : sbeu + pshufb %xmm2, %xmm4 # 4 = sbeu + pxor %xmm0, %xmm4 # 4 = ch + movdqa 0x50(%r10),%xmm0 # 0 : sbet + pshufb %xmm3, %xmm0 # 0 = sbet + pxor %xmm4, %xmm0 # 0 = ch + + palignr \$12, %xmm5, %xmm5 + +.Ldec_entry: + # top of round + movdqa %xmm9, %xmm1 # 1 : i + pandn %xmm0, %xmm1 # 1 = i<<4 + psrld \$4, %xmm1 # 1 = i + pand %xmm9, %xmm0 # 0 = k + movdqa %xmm11, %xmm2 # 2 : a/k + pshufb %xmm0, %xmm2 # 2 = a/k + pxor %xmm1, %xmm0 # 0 = j + movdqa %xmm10, %xmm3 # 3 : 1/i + pshufb %xmm1, %xmm3 # 3 = 1/i + pxor %xmm2, %xmm3 # 3 = iak = 1/i + a/k + movdqa %xmm10, %xmm4 # 4 : 1/j + pshufb %xmm0, %xmm4 # 4 = 1/j + pxor %xmm2, %xmm4 # 4 = jak = 1/j + a/k + movdqa %xmm10, %xmm2 # 2 : 1/iak + pshufb %xmm3, %xmm2 # 2 = 1/iak + pxor %xmm0, %xmm2 # 2 = io + movdqa %xmm10, %xmm3 # 3 : 1/jak + pshufb %xmm4, %xmm3 # 3 = 1/jak + pxor %xmm1, %xmm3 # 3 = jo + movdqu (%r9), %xmm0 + jnz .Ldec_loop + + # middle of last round + movdqa 0x60(%r10), %xmm4 # 3 : sbou + pshufb %xmm2, %xmm4 # 4 = sbou + pxor %xmm0, %xmm4 # 4 = sb1u + k + movdqa 0x70(%r10), %xmm0 # 0 : sbot + movdqa -0x160(%r11), %xmm2 # .Lk_sr-.Lk_dsbd=-0x160 + pshufb %xmm3, %xmm0 # 0 = sb1t + pxor %xmm4, %xmm0 # 0 = A + pshufb %xmm2, %xmm0 + ret +.size _vpaes_decrypt_core,.-_vpaes_decrypt_core + +######################################################## +## ## +## AES key schedule ## +## ## +######################################################## +.type _vpaes_schedule_core,\@abi-omnipotent +.align 16 +_vpaes_schedule_core: + # rdi = key + # rsi = size in bits + # rdx = buffer + # rcx = direction. 0=encrypt, 1=decrypt + + call _vpaes_preheat # load the tables + movdqa .Lk_rcon(%rip), %xmm8 # load rcon + movdqu (%rdi), %xmm0 # load key (unaligned) + + # input transform + movdqa %xmm0, %xmm3 + lea .Lk_ipt(%rip), %r11 + call _vpaes_schedule_transform + movdqa %xmm0, %xmm7 + + lea .Lk_sr(%rip),%r10 + test %rcx, %rcx + jnz .Lschedule_am_decrypting + + # encrypting, output zeroth round key after transform + movdqu %xmm0, (%rdx) + jmp .Lschedule_go + +.Lschedule_am_decrypting: + # decrypting, output zeroth round key after shiftrows + movdqa (%r8,%r10),%xmm1 + pshufb %xmm1, %xmm3 + movdqu %xmm3, (%rdx) + xor \$0x30, %r8 + +.Lschedule_go: + cmp \$192, %esi + ja .Lschedule_256 + je .Lschedule_192 + # 128: fall though + +## +## .schedule_128 +## +## 128-bit specific part of key schedule. +## +## This schedule is really simple, because all its parts +## are accomplished by the subroutines. +## +.Lschedule_128: + mov \$10, %esi + +.Loop_schedule_128: + call _vpaes_schedule_round + dec %rsi + jz .Lschedule_mangle_last + call _vpaes_schedule_mangle # write output + jmp .Loop_schedule_128 + +## +## .aes_schedule_192 +## +## 192-bit specific part of key schedule. +## +## The main body of this schedule is the same as the 128-bit +## schedule, but with more smearing. The long, high side is +## stored in %xmm7 as before, and the short, low side is in +## the high bits of %xmm6. +## +## This schedule is somewhat nastier, however, because each +## round produces 192 bits of key material, or 1.5 round keys. +## Therefore, on each cycle we do 2 rounds and produce 3 round +## keys. +## +.align 16 +.Lschedule_192: + movdqu 8(%rdi),%xmm0 # load key part 2 (very unaligned) + call _vpaes_schedule_transform # input transform + movdqa %xmm0, %xmm6 # save short part + pxor %xmm4, %xmm4 # clear 4 + movhlps %xmm4, %xmm6 # clobber low side with zeros + mov \$4, %esi + +.Loop_schedule_192: + call _vpaes_schedule_round + palignr \$8,%xmm6,%xmm0 + call _vpaes_schedule_mangle # save key n + call _vpaes_schedule_192_smear + call _vpaes_schedule_mangle # save key n+1 + call _vpaes_schedule_round + dec %rsi + jz .Lschedule_mangle_last + call _vpaes_schedule_mangle # save key n+2 + call _vpaes_schedule_192_smear + jmp .Loop_schedule_192 + +## +## .aes_schedule_256 +## +## 256-bit specific part of key schedule. +## +## The structure here is very similar to the 128-bit +## schedule, but with an additional "low side" in +## %xmm6. The low side's rounds are the same as the +## high side's, except no rcon and no rotation. +## +.align 16 +.Lschedule_256: + movdqu 16(%rdi),%xmm0 # load key part 2 (unaligned) + call _vpaes_schedule_transform # input transform + mov \$7, %esi + +.Loop_schedule_256: + call _vpaes_schedule_mangle # output low result + movdqa %xmm0, %xmm6 # save cur_lo in xmm6 + + # high round + call _vpaes_schedule_round + dec %rsi + jz .Lschedule_mangle_last + call _vpaes_schedule_mangle + + # low round. swap xmm7 and xmm6 + pshufd \$0xFF, %xmm0, %xmm0 + movdqa %xmm7, %xmm5 + movdqa %xmm6, %xmm7 + call _vpaes_schedule_low_round + movdqa %xmm5, %xmm7 + + jmp .Loop_schedule_256 + + +## +## .aes_schedule_mangle_last +## +## Mangler for last round of key schedule +## Mangles %xmm0 +## when encrypting, outputs out(%xmm0) ^ 63 +## when decrypting, outputs unskew(%xmm0) +## +## Always called right before return... jumps to cleanup and exits +## +.align 16 +.Lschedule_mangle_last: + # schedule last round key from xmm0 + lea .Lk_deskew(%rip),%r11 # prepare to deskew + test %rcx, %rcx + jnz .Lschedule_mangle_last_dec + + # encrypting + movdqa (%r8,%r10),%xmm1 + pshufb %xmm1, %xmm0 # output permute + lea .Lk_opt(%rip), %r11 # prepare to output transform + add \$32, %rdx + +.Lschedule_mangle_last_dec: + add \$-16, %rdx + pxor .Lk_s63(%rip), %xmm0 + call _vpaes_schedule_transform # output transform + movdqu %xmm0, (%rdx) # save last key + + # cleanup + pxor %xmm0, %xmm0 + pxor %xmm1, %xmm1 + pxor %xmm2, %xmm2 + pxor %xmm3, %xmm3 + pxor %xmm4, %xmm4 + pxor %xmm5, %xmm5 + pxor %xmm6, %xmm6 + pxor %xmm7, %xmm7 + ret +.size _vpaes_schedule_core,.-_vpaes_schedule_core + +## +## .aes_schedule_192_smear +## +## Smear the short, low side in the 192-bit key schedule. +## +## Inputs: +## %xmm7: high side, b a x y +## %xmm6: low side, d c 0 0 +## %xmm13: 0 +## +## Outputs: +## %xmm6: b+c+d b+c 0 0 +## %xmm0: b+c+d b+c b a +## +.type _vpaes_schedule_192_smear,\@abi-omnipotent +.align 16 +_vpaes_schedule_192_smear: + pshufd \$0x80, %xmm6, %xmm0 # d c 0 0 -> c 0 0 0 + pxor %xmm0, %xmm6 # -> c+d c 0 0 + pshufd \$0xFE, %xmm7, %xmm0 # b a _ _ -> b b b a + pxor %xmm0, %xmm6 # -> b+c+d b+c b a + movdqa %xmm6, %xmm0 + pxor %xmm1, %xmm1 + movhlps %xmm1, %xmm6 # clobber low side with zeros + ret +.size _vpaes_schedule_192_smear,.-_vpaes_schedule_192_smear + +## +## .aes_schedule_round +## +## Runs one main round of the key schedule on %xmm0, %xmm7 +## +## Specifically, runs subbytes on the high dword of %xmm0 +## then rotates it by one byte and xors into the low dword of +## %xmm7. +## +## Adds rcon from low byte of %xmm8, then rotates %xmm8 for +## next rcon. +## +## Smears the dwords of %xmm7 by xoring the low into the +## second low, result into third, result into highest. +## +## Returns results in %xmm7 = %xmm0. +## Clobbers %xmm1-%xmm4, %r11. +## +.type _vpaes_schedule_round,\@abi-omnipotent +.align 16 +_vpaes_schedule_round: + # extract rcon from xmm8 + pxor %xmm1, %xmm1 + palignr \$15, %xmm8, %xmm1 + palignr \$15, %xmm8, %xmm8 + pxor %xmm1, %xmm7 + + # rotate + pshufd \$0xFF, %xmm0, %xmm0 + palignr \$1, %xmm0, %xmm0 + + # fall through... + + # low round: same as high round, but no rotation and no rcon. +_vpaes_schedule_low_round: + # smear xmm7 + movdqa %xmm7, %xmm1 + pslldq \$4, %xmm7 + pxor %xmm1, %xmm7 + movdqa %xmm7, %xmm1 + pslldq \$8, %xmm7 + pxor %xmm1, %xmm7 + pxor .Lk_s63(%rip), %xmm7 + + # subbytes + movdqa %xmm9, %xmm1 + pandn %xmm0, %xmm1 + psrld \$4, %xmm1 # 1 = i + pand %xmm9, %xmm0 # 0 = k + movdqa %xmm11, %xmm2 # 2 : a/k + pshufb %xmm0, %xmm2 # 2 = a/k + pxor %xmm1, %xmm0 # 0 = j + movdqa %xmm10, %xmm3 # 3 : 1/i + pshufb %xmm1, %xmm3 # 3 = 1/i + pxor %xmm2, %xmm3 # 3 = iak = 1/i + a/k + movdqa %xmm10, %xmm4 # 4 : 1/j + pshufb %xmm0, %xmm4 # 4 = 1/j + pxor %xmm2, %xmm4 # 4 = jak = 1/j + a/k + movdqa %xmm10, %xmm2 # 2 : 1/iak + pshufb %xmm3, %xmm2 # 2 = 1/iak + pxor %xmm0, %xmm2 # 2 = io + movdqa %xmm10, %xmm3 # 3 : 1/jak + pshufb %xmm4, %xmm3 # 3 = 1/jak + pxor %xmm1, %xmm3 # 3 = jo + movdqa %xmm13, %xmm4 # 4 : sbou + pshufb %xmm2, %xmm4 # 4 = sbou + movdqa %xmm12, %xmm0 # 0 : sbot + pshufb %xmm3, %xmm0 # 0 = sb1t + pxor %xmm4, %xmm0 # 0 = sbox output + + # add in smeared stuff + pxor %xmm7, %xmm0 + movdqa %xmm0, %xmm7 + ret +.size _vpaes_schedule_round,.-_vpaes_schedule_round + +## +## .aes_schedule_transform +## +## Linear-transform %xmm0 according to tables at (%r11) +## +## Requires that %xmm9 = 0x0F0F... as in preheat +## Output in %xmm0 +## Clobbers %xmm1, %xmm2 +## +.type _vpaes_schedule_transform,\@abi-omnipotent +.align 16 +_vpaes_schedule_transform: + movdqa %xmm9, %xmm1 + pandn %xmm0, %xmm1 + psrld \$4, %xmm1 + pand %xmm9, %xmm0 + movdqa (%r11), %xmm2 # lo + pshufb %xmm0, %xmm2 + movdqa 16(%r11), %xmm0 # hi + pshufb %xmm1, %xmm0 + pxor %xmm2, %xmm0 + ret +.size _vpaes_schedule_transform,.-_vpaes_schedule_transform + +## +## .aes_schedule_mangle +## +## Mangle xmm0 from (basis-transformed) standard version +## to our version. +## +## On encrypt, +## xor with 0x63 +## multiply by circulant 0,1,1,1 +## apply shiftrows transform +## +## On decrypt, +## xor with 0x63 +## multiply by "inverse mixcolumns" circulant E,B,D,9 +## deskew +## apply shiftrows transform +## +## +## Writes out to (%rdx), and increments or decrements it +## Keeps track of round number mod 4 in %r8 +## Preserves xmm0 +## Clobbers xmm1-xmm5 +## +.type _vpaes_schedule_mangle,\@abi-omnipotent +.align 16 +_vpaes_schedule_mangle: + movdqa %xmm0, %xmm4 # save xmm0 for later + movdqa .Lk_mc_forward(%rip),%xmm5 + test %rcx, %rcx + jnz .Lschedule_mangle_dec + + # encrypting + add \$16, %rdx + pxor .Lk_s63(%rip),%xmm4 + pshufb %xmm5, %xmm4 + movdqa %xmm4, %xmm3 + pshufb %xmm5, %xmm4 + pxor %xmm4, %xmm3 + pshufb %xmm5, %xmm4 + pxor %xmm4, %xmm3 + + jmp .Lschedule_mangle_both +.align 16 +.Lschedule_mangle_dec: + # inverse mix columns + lea .Lk_dksd(%rip),%r11 + movdqa %xmm9, %xmm1 + pandn %xmm4, %xmm1 + psrld \$4, %xmm1 # 1 = hi + pand %xmm9, %xmm4 # 4 = lo + + movdqa 0x00(%r11), %xmm2 + pshufb %xmm4, %xmm2 + movdqa 0x10(%r11), %xmm3 + pshufb %xmm1, %xmm3 + pxor %xmm2, %xmm3 + pshufb %xmm5, %xmm3 + + movdqa 0x20(%r11), %xmm2 + pshufb %xmm4, %xmm2 + pxor %xmm3, %xmm2 + movdqa 0x30(%r11), %xmm3 + pshufb %xmm1, %xmm3 + pxor %xmm2, %xmm3 + pshufb %xmm5, %xmm3 + + movdqa 0x40(%r11), %xmm2 + pshufb %xmm4, %xmm2 + pxor %xmm3, %xmm2 + movdqa 0x50(%r11), %xmm3 + pshufb %xmm1, %xmm3 + pxor %xmm2, %xmm3 + pshufb %xmm5, %xmm3 + + movdqa 0x60(%r11), %xmm2 + pshufb %xmm4, %xmm2 + pxor %xmm3, %xmm2 + movdqa 0x70(%r11), %xmm3 + pshufb %xmm1, %xmm3 + pxor %xmm2, %xmm3 + + add \$-16, %rdx + +.Lschedule_mangle_both: + movdqa (%r8,%r10),%xmm1 + pshufb %xmm1,%xmm3 + add \$-16, %r8 + and \$0x30, %r8 + movdqu %xmm3, (%rdx) + ret +.size _vpaes_schedule_mangle,.-_vpaes_schedule_mangle + +# +# Interface to OpenSSL +# +.globl ${PREFIX}_set_encrypt_key +.type ${PREFIX}_set_encrypt_key,\@function,3 +.align 16 +${PREFIX}_set_encrypt_key: +___ +$code.=<<___ if ($win64); + lea -0xb8(%rsp),%rsp + movaps %xmm6,0x10(%rsp) + movaps %xmm7,0x20(%rsp) + movaps %xmm8,0x30(%rsp) + movaps %xmm9,0x40(%rsp) + movaps %xmm10,0x50(%rsp) + movaps %xmm11,0x60(%rsp) + movaps %xmm12,0x70(%rsp) + movaps %xmm13,0x80(%rsp) + movaps %xmm14,0x90(%rsp) + movaps %xmm15,0xa0(%rsp) +.Lenc_key_body: +___ +$code.=<<___; + mov %esi,%eax + shr \$5,%eax + add \$5,%eax + mov %eax,240(%rdx) # AES_KEY->rounds = nbits/32+5; + + mov \$0,%ecx + mov \$0x30,%r8d + call _vpaes_schedule_core +___ +$code.=<<___ if ($win64); + movaps 0x10(%rsp),%xmm6 + movaps 0x20(%rsp),%xmm7 + movaps 0x30(%rsp),%xmm8 + movaps 0x40(%rsp),%xmm9 + movaps 0x50(%rsp),%xmm10 + movaps 0x60(%rsp),%xmm11 + movaps 0x70(%rsp),%xmm12 + movaps 0x80(%rsp),%xmm13 + movaps 0x90(%rsp),%xmm14 + movaps 0xa0(%rsp),%xmm15 + lea 0xb8(%rsp),%rsp +.Lenc_key_epilogue: +___ +$code.=<<___; + xor %eax,%eax + ret +.size ${PREFIX}_set_encrypt_key,.-${PREFIX}_set_encrypt_key + +.globl ${PREFIX}_set_decrypt_key +.type ${PREFIX}_set_decrypt_key,\@function,3 +.align 16 +${PREFIX}_set_decrypt_key: +___ +$code.=<<___ if ($win64); + lea -0xb8(%rsp),%rsp + movaps %xmm6,0x10(%rsp) + movaps %xmm7,0x20(%rsp) + movaps %xmm8,0x30(%rsp) + movaps %xmm9,0x40(%rsp) + movaps %xmm10,0x50(%rsp) + movaps %xmm11,0x60(%rsp) + movaps %xmm12,0x70(%rsp) + movaps %xmm13,0x80(%rsp) + movaps %xmm14,0x90(%rsp) + movaps %xmm15,0xa0(%rsp) +.Ldec_key_body: +___ +$code.=<<___; + mov %esi,%eax + shr \$5,%eax + add \$5,%eax + mov %eax,240(%rdx) # AES_KEY->rounds = nbits/32+5; + shl \$4,%eax + lea 16(%rdx,%rax),%rdx + + mov \$1,%ecx + mov %esi,%r8d + shr \$1,%r8d + and \$32,%r8d + xor \$32,%r8d # nbits==192?0:32 + call _vpaes_schedule_core +___ +$code.=<<___ if ($win64); + movaps 0x10(%rsp),%xmm6 + movaps 0x20(%rsp),%xmm7 + movaps 0x30(%rsp),%xmm8 + movaps 0x40(%rsp),%xmm9 + movaps 0x50(%rsp),%xmm10 + movaps 0x60(%rsp),%xmm11 + movaps 0x70(%rsp),%xmm12 + movaps 0x80(%rsp),%xmm13 + movaps 0x90(%rsp),%xmm14 + movaps 0xa0(%rsp),%xmm15 + lea 0xb8(%rsp),%rsp +.Ldec_key_epilogue: +___ +$code.=<<___; + xor %eax,%eax + ret +.size ${PREFIX}_set_decrypt_key,.-${PREFIX}_set_decrypt_key + +.globl ${PREFIX}_encrypt +.type ${PREFIX}_encrypt,\@function,3 +.align 16 +${PREFIX}_encrypt: +___ +$code.=<<___ if ($win64); + lea -0xb8(%rsp),%rsp + movaps %xmm6,0x10(%rsp) + movaps %xmm7,0x20(%rsp) + movaps %xmm8,0x30(%rsp) + movaps %xmm9,0x40(%rsp) + movaps %xmm10,0x50(%rsp) + movaps %xmm11,0x60(%rsp) + movaps %xmm12,0x70(%rsp) + movaps %xmm13,0x80(%rsp) + movaps %xmm14,0x90(%rsp) + movaps %xmm15,0xa0(%rsp) +.Lenc_body: +___ +$code.=<<___; + movdqu (%rdi),%xmm0 + call _vpaes_preheat + call _vpaes_encrypt_core + movdqu %xmm0,(%rsi) +___ +$code.=<<___ if ($win64); + movaps 0x10(%rsp),%xmm6 + movaps 0x20(%rsp),%xmm7 + movaps 0x30(%rsp),%xmm8 + movaps 0x40(%rsp),%xmm9 + movaps 0x50(%rsp),%xmm10 + movaps 0x60(%rsp),%xmm11 + movaps 0x70(%rsp),%xmm12 + movaps 0x80(%rsp),%xmm13 + movaps 0x90(%rsp),%xmm14 + movaps 0xa0(%rsp),%xmm15 + lea 0xb8(%rsp),%rsp +.Lenc_epilogue: +___ +$code.=<<___; + ret +.size ${PREFIX}_encrypt,.-${PREFIX}_encrypt + +.globl ${PREFIX}_decrypt +.type ${PREFIX}_decrypt,\@function,3 +.align 16 +${PREFIX}_decrypt: +___ +$code.=<<___ if ($win64); + lea -0xb8(%rsp),%rsp + movaps %xmm6,0x10(%rsp) + movaps %xmm7,0x20(%rsp) + movaps %xmm8,0x30(%rsp) + movaps %xmm9,0x40(%rsp) + movaps %xmm10,0x50(%rsp) + movaps %xmm11,0x60(%rsp) + movaps %xmm12,0x70(%rsp) + movaps %xmm13,0x80(%rsp) + movaps %xmm14,0x90(%rsp) + movaps %xmm15,0xa0(%rsp) +.Ldec_body: +___ +$code.=<<___; + movdqu (%rdi),%xmm0 + call _vpaes_preheat + call _vpaes_decrypt_core + movdqu %xmm0,(%rsi) +___ +$code.=<<___ if ($win64); + movaps 0x10(%rsp),%xmm6 + movaps 0x20(%rsp),%xmm7 + movaps 0x30(%rsp),%xmm8 + movaps 0x40(%rsp),%xmm9 + movaps 0x50(%rsp),%xmm10 + movaps 0x60(%rsp),%xmm11 + movaps 0x70(%rsp),%xmm12 + movaps 0x80(%rsp),%xmm13 + movaps 0x90(%rsp),%xmm14 + movaps 0xa0(%rsp),%xmm15 + lea 0xb8(%rsp),%rsp +.Ldec_epilogue: +___ +$code.=<<___; + ret +.size ${PREFIX}_decrypt,.-${PREFIX}_decrypt +___ +{ +my ($inp,$out,$len,$key,$ivp,$enc)=("%rdi","%rsi","%rdx","%rcx","%r8","%r9"); +# void AES_cbc_encrypt (const void char *inp, unsigned char *out, +# size_t length, const AES_KEY *key, +# unsigned char *ivp,const int enc); +$code.=<<___; +.globl ${PREFIX}_cbc_encrypt +.type ${PREFIX}_cbc_encrypt,\@function,6 +.align 16 +${PREFIX}_cbc_encrypt: + xchg $key,$len +___ +($len,$key)=($key,$len); +$code.=<<___; + sub \$16,$len + jc .Lcbc_abort +___ +$code.=<<___ if ($win64); + lea -0xb8(%rsp),%rsp + movaps %xmm6,0x10(%rsp) + movaps %xmm7,0x20(%rsp) + movaps %xmm8,0x30(%rsp) + movaps %xmm9,0x40(%rsp) + movaps %xmm10,0x50(%rsp) + movaps %xmm11,0x60(%rsp) + movaps %xmm12,0x70(%rsp) + movaps %xmm13,0x80(%rsp) + movaps %xmm14,0x90(%rsp) + movaps %xmm15,0xa0(%rsp) +.Lcbc_body: +___ +$code.=<<___; + movdqu ($ivp),%xmm6 # load IV + sub $inp,$out + call _vpaes_preheat + cmp \$0,${enc}d + je .Lcbc_dec_loop + jmp .Lcbc_enc_loop +.align 16 +.Lcbc_enc_loop: + movdqu ($inp),%xmm0 + pxor %xmm6,%xmm0 + call _vpaes_encrypt_core + movdqa %xmm0,%xmm6 + movdqu %xmm0,($out,$inp) + lea 16($inp),$inp + sub \$16,$len + jnc .Lcbc_enc_loop + jmp .Lcbc_done +.align 16 +.Lcbc_dec_loop: + movdqu ($inp),%xmm0 + movdqa %xmm0,%xmm7 + call _vpaes_decrypt_core + pxor %xmm6,%xmm0 + movdqa %xmm7,%xmm6 + movdqu %xmm0,($out,$inp) + lea 16($inp),$inp + sub \$16,$len + jnc .Lcbc_dec_loop +.Lcbc_done: + movdqu %xmm6,($ivp) # save IV +___ +$code.=<<___ if ($win64); + movaps 0x10(%rsp),%xmm6 + movaps 0x20(%rsp),%xmm7 + movaps 0x30(%rsp),%xmm8 + movaps 0x40(%rsp),%xmm9 + movaps 0x50(%rsp),%xmm10 + movaps 0x60(%rsp),%xmm11 + movaps 0x70(%rsp),%xmm12 + movaps 0x80(%rsp),%xmm13 + movaps 0x90(%rsp),%xmm14 + movaps 0xa0(%rsp),%xmm15 + lea 0xb8(%rsp),%rsp +.Lcbc_epilogue: +___ +$code.=<<___; +.Lcbc_abort: + ret +.size ${PREFIX}_cbc_encrypt,.-${PREFIX}_cbc_encrypt +___ +} +$code.=<<___; +## +## _aes_preheat +## +## Fills register %r10 -> .aes_consts (so you can -fPIC) +## and %xmm9-%xmm15 as specified below. +## +.type _vpaes_preheat,\@abi-omnipotent +.align 16 +_vpaes_preheat: + lea .Lk_s0F(%rip), %r10 + movdqa -0x20(%r10), %xmm10 # .Lk_inv + movdqa -0x10(%r10), %xmm11 # .Lk_inv+16 + movdqa 0x00(%r10), %xmm9 # .Lk_s0F + movdqa 0x30(%r10), %xmm13 # .Lk_sb1 + movdqa 0x40(%r10), %xmm12 # .Lk_sb1+16 + movdqa 0x50(%r10), %xmm15 # .Lk_sb2 + movdqa 0x60(%r10), %xmm14 # .Lk_sb2+16 + ret +.size _vpaes_preheat,.-_vpaes_preheat +######################################################## +## ## +## Constants ## +## ## +######################################################## +.type _vpaes_consts,\@object +.align 64 +_vpaes_consts: +.Lk_inv: # inv, inva + .quad 0x0E05060F0D080180, 0x040703090A0B0C02 + .quad 0x01040A060F0B0780, 0x030D0E0C02050809 + +.Lk_s0F: # s0F + .quad 0x0F0F0F0F0F0F0F0F, 0x0F0F0F0F0F0F0F0F + +.Lk_ipt: # input transform (lo, hi) + .quad 0xC2B2E8985A2A7000, 0xCABAE09052227808 + .quad 0x4C01307D317C4D00, 0xCD80B1FCB0FDCC81 + +.Lk_sb1: # sb1u, sb1t + .quad 0xB19BE18FCB503E00, 0xA5DF7A6E142AF544 + .quad 0x3618D415FAE22300, 0x3BF7CCC10D2ED9EF +.Lk_sb2: # sb2u, sb2t + .quad 0xE27A93C60B712400, 0x5EB7E955BC982FCD + .quad 0x69EB88400AE12900, 0xC2A163C8AB82234A +.Lk_sbo: # sbou, sbot + .quad 0xD0D26D176FBDC700, 0x15AABF7AC502A878 + .quad 0xCFE474A55FBB6A00, 0x8E1E90D1412B35FA + +.Lk_mc_forward: # mc_forward + .quad 0x0407060500030201, 0x0C0F0E0D080B0A09 + .quad 0x080B0A0904070605, 0x000302010C0F0E0D + .quad 0x0C0F0E0D080B0A09, 0x0407060500030201 + .quad 0x000302010C0F0E0D, 0x080B0A0904070605 + +.Lk_mc_backward:# mc_backward + .quad 0x0605040702010003, 0x0E0D0C0F0A09080B + .quad 0x020100030E0D0C0F, 0x0A09080B06050407 + .quad 0x0E0D0C0F0A09080B, 0x0605040702010003 + .quad 0x0A09080B06050407, 0x020100030E0D0C0F + +.Lk_sr: # sr + .quad 0x0706050403020100, 0x0F0E0D0C0B0A0908 + .quad 0x030E09040F0A0500, 0x0B06010C07020D08 + .quad 0x0F060D040B020900, 0x070E050C030A0108 + .quad 0x0B0E0104070A0D00, 0x0306090C0F020508 + +.Lk_rcon: # rcon + .quad 0x1F8391B9AF9DEEB6, 0x702A98084D7C7D81 + +.Lk_s63: # s63: all equal to 0x63 transformed + .quad 0x5B5B5B5B5B5B5B5B, 0x5B5B5B5B5B5B5B5B + +.Lk_opt: # output transform + .quad 0xFF9F4929D6B66000, 0xF7974121DEBE6808 + .quad 0x01EDBD5150BCEC00, 0xE10D5DB1B05C0CE0 + +.Lk_deskew: # deskew tables: inverts the sbox's "skew" + .quad 0x07E4A34047A4E300, 0x1DFEB95A5DBEF91A + .quad 0x5F36B5DC83EA6900, 0x2841C2ABF49D1E77 + +## +## Decryption stuff +## Key schedule constants +## +.Lk_dksd: # decryption key schedule: invskew x*D + .quad 0xFEB91A5DA3E44700, 0x0740E3A45A1DBEF9 + .quad 0x41C277F4B5368300, 0x5FDC69EAAB289D1E +.Lk_dksb: # decryption key schedule: invskew x*B + .quad 0x9A4FCA1F8550D500, 0x03D653861CC94C99 + .quad 0x115BEDA7B6FC4A00, 0xD993256F7E3482C8 +.Lk_dkse: # decryption key schedule: invskew x*E + 0x63 + .quad 0xD5031CCA1FC9D600, 0x53859A4C994F5086 + .quad 0xA23196054FDC7BE8, 0xCD5EF96A20B31487 +.Lk_dks9: # decryption key schedule: invskew x*9 + .quad 0xB6116FC87ED9A700, 0x4AED933482255BFC + .quad 0x4576516227143300, 0x8BB89FACE9DAFDCE + +## +## Decryption stuff +## Round function constants +## +.Lk_dipt: # decryption input transform + .quad 0x0F505B040B545F00, 0x154A411E114E451A + .quad 0x86E383E660056500, 0x12771772F491F194 + +.Lk_dsb9: # decryption sbox output *9*u, *9*t + .quad 0x851C03539A86D600, 0xCAD51F504F994CC9 + .quad 0xC03B1789ECD74900, 0x725E2C9EB2FBA565 +.Lk_dsbd: # decryption sbox output *D*u, *D*t + .quad 0x7D57CCDFE6B1A200, 0xF56E9B13882A4439 + .quad 0x3CE2FAF724C6CB00, 0x2931180D15DEEFD3 +.Lk_dsbb: # decryption sbox output *B*u, *B*t + .quad 0xD022649296B44200, 0x602646F6B0F2D404 + .quad 0xC19498A6CD596700, 0xF3FF0C3E3255AA6B +.Lk_dsbe: # decryption sbox output *E*u, *E*t + .quad 0x46F2929626D4D000, 0x2242600464B4F6B0 + .quad 0x0C55A6CDFFAAC100, 0x9467F36B98593E32 +.Lk_dsbo: # decryption sbox final output + .quad 0x1387EA537EF94000, 0xC7AA6DB9D4943E2D + .quad 0x12D7560F93441D00, 0xCA4B8159D8C58E9C +.asciz "Vector Permutation AES for x86_64/SSSE3, Mike Hamburg (Stanford University)" +.align 64 +.size _vpaes_consts,.-_vpaes_consts +___ + +if ($win64) { +# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, +# CONTEXT *context,DISPATCHER_CONTEXT *disp) +$rec="%rcx"; +$frame="%rdx"; +$context="%r8"; +$disp="%r9"; + +$code.=<<___; +.extern __imp_RtlVirtualUnwind +.type se_handler,\@abi-omnipotent +.align 16 +se_handler: + push %rsi + push %rdi + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + pushfq + sub \$64,%rsp + + mov 120($context),%rax # pull context->Rax + mov 248($context),%rbx # pull context->Rip + + mov 8($disp),%rsi # disp->ImageBase + mov 56($disp),%r11 # disp->HandlerData + + mov 0(%r11),%r10d # HandlerData[0] + lea (%rsi,%r10),%r10 # prologue label + cmp %r10,%rbx # context->RipRsp + + mov 4(%r11),%r10d # HandlerData[1] + lea (%rsi,%r10),%r10 # epilogue label + cmp %r10,%rbx # context->Rip>=epilogue label + jae .Lin_prologue + + lea 16(%rax),%rsi # %xmm save area + lea 512($context),%rdi # &context.Xmm6 + mov \$20,%ecx # 10*sizeof(%xmm0)/sizeof(%rax) + .long 0xa548f3fc # cld; rep movsq + lea 0xb8(%rax),%rax # adjust stack pointer + +.Lin_prologue: + mov 8(%rax),%rdi + mov 16(%rax),%rsi + mov %rax,152($context) # restore context->Rsp + mov %rsi,168($context) # restore context->Rsi + mov %rdi,176($context) # restore context->Rdi + + mov 40($disp),%rdi # disp->ContextRecord + mov $context,%rsi # context + mov \$`1232/8`,%ecx # sizeof(CONTEXT) + .long 0xa548f3fc # cld; rep movsq + + mov $disp,%rsi + xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER + mov 8(%rsi),%rdx # arg2, disp->ImageBase + mov 0(%rsi),%r8 # arg3, disp->ControlPc + mov 16(%rsi),%r9 # arg4, disp->FunctionEntry + mov 40(%rsi),%r10 # disp->ContextRecord + lea 56(%rsi),%r11 # &disp->HandlerData + lea 24(%rsi),%r12 # &disp->EstablisherFrame + mov %r10,32(%rsp) # arg5 + mov %r11,40(%rsp) # arg6 + mov %r12,48(%rsp) # arg7 + mov %rcx,56(%rsp) # arg8, (NULL) + call *__imp_RtlVirtualUnwind(%rip) + + mov \$1,%eax # ExceptionContinueSearch + add \$64,%rsp + popfq + pop %r15 + pop %r14 + pop %r13 + pop %r12 + pop %rbp + pop %rbx + pop %rdi + pop %rsi + ret +.size se_handler,.-se_handler + +.section .pdata +.align 4 + .rva .LSEH_begin_${PREFIX}_set_encrypt_key + .rva .LSEH_end_${PREFIX}_set_encrypt_key + .rva .LSEH_info_${PREFIX}_set_encrypt_key + + .rva .LSEH_begin_${PREFIX}_set_decrypt_key + .rva .LSEH_end_${PREFIX}_set_decrypt_key + .rva .LSEH_info_${PREFIX}_set_decrypt_key + + .rva .LSEH_begin_${PREFIX}_encrypt + .rva .LSEH_end_${PREFIX}_encrypt + .rva .LSEH_info_${PREFIX}_encrypt + + .rva .LSEH_begin_${PREFIX}_decrypt + .rva .LSEH_end_${PREFIX}_decrypt + .rva .LSEH_info_${PREFIX}_decrypt + + .rva .LSEH_begin_${PREFIX}_cbc_encrypt + .rva .LSEH_end_${PREFIX}_cbc_encrypt + .rva .LSEH_info_${PREFIX}_cbc_encrypt + +.section .xdata +.align 8 +.LSEH_info_${PREFIX}_set_encrypt_key: + .byte 9,0,0,0 + .rva se_handler + .rva .Lenc_key_body,.Lenc_key_epilogue # HandlerData[] +.LSEH_info_${PREFIX}_set_decrypt_key: + .byte 9,0,0,0 + .rva se_handler + .rva .Ldec_key_body,.Ldec_key_epilogue # HandlerData[] +.LSEH_info_${PREFIX}_encrypt: + .byte 9,0,0,0 + .rva se_handler + .rva .Lenc_body,.Lenc_epilogue # HandlerData[] +.LSEH_info_${PREFIX}_decrypt: + .byte 9,0,0,0 + .rva se_handler + .rva .Ldec_body,.Ldec_epilogue # HandlerData[] +.LSEH_info_${PREFIX}_cbc_encrypt: + .byte 9,0,0,0 + .rva se_handler + .rva .Lcbc_body,.Lcbc_epilogue # HandlerData[] +___ +} + +$code =~ s/\`([^\`]*)\`/eval($1)/gem; + +print $code; + +close STDOUT; diff --git a/src/lib/libcrypto/alphacpuid.pl b/src/lib/libcrypto/alphacpuid.pl new file mode 100644 index 00000000000..0ff4ae22e33 --- /dev/null +++ b/src/lib/libcrypto/alphacpuid.pl @@ -0,0 +1,80 @@ +#!/usr/bin/env perl +print <<'___'; +.text + +.set noat + +.globl OPENSSL_cpuid_setup +.ent OPENSSL_cpuid_setup +OPENSSL_cpuid_setup: + .frame $30,0,$26 + .prologue 0 + ret ($26) +.end OPENSSL_cpuid_setup + +.globl OPENSSL_wipe_cpu +.ent OPENSSL_wipe_cpu +OPENSSL_wipe_cpu: + .frame $30,0,$26 + .prologue 0 + clr $1 + clr $2 + clr $3 + clr $4 + clr $5 + clr $6 + clr $7 + clr $8 + clr $16 + clr $17 + clr $18 + clr $19 + clr $20 + clr $21 + clr $22 + clr $23 + clr $24 + clr $25 + clr $27 + clr $at + clr $29 + fclr $f0 + fclr $f1 + fclr $f10 + fclr $f11 + fclr $f12 + fclr $f13 + fclr $f14 + fclr $f15 + fclr $f16 + fclr $f17 + fclr $f18 + fclr $f19 + fclr $f20 + fclr $f21 + fclr $f22 + fclr $f23 + fclr $f24 + fclr $f25 + fclr $f26 + fclr $f27 + fclr $f28 + fclr $f29 + fclr $f30 + mov $sp,$0 + ret ($26) +.end OPENSSL_wipe_cpu + +.globl OPENSSL_atomic_add +.ent OPENSSL_atomic_add +OPENSSL_atomic_add: + .frame $30,0,$26 + .prologue 0 +1: ldl_l $0,0($16) + addl $0,$17,$1 + stl_c $1,0($16) + beq $1,1b + addl $0,$17,$0 + ret ($26) +.end OPENSSL_atomic_add +___ diff --git a/src/lib/libcrypto/arc4random/arc4random_aix.h b/src/lib/libcrypto/arc4random/arc4random_aix.h new file mode 100644 index 00000000000..3142a1f2789 --- /dev/null +++ b/src/lib/libcrypto/arc4random/arc4random_aix.h @@ -0,0 +1,81 @@ +/* $OpenBSD: arc4random_aix.h,v 1.2 2016/06/30 12:19:51 bcook Exp $ */ + +/* + * Copyright (c) 1996, David Mazieres + * Copyright (c) 2008, Damien Miller + * Copyright (c) 2013, Markus Friedl + * Copyright (c) 2014, Theo de Raadt + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * Stub functions for portability. + */ + +#include + +#include +#include + +static pthread_mutex_t arc4random_mtx = PTHREAD_MUTEX_INITIALIZER; +#define _ARC4_LOCK() pthread_mutex_lock(&arc4random_mtx) +#define _ARC4_UNLOCK() pthread_mutex_unlock(&arc4random_mtx) + +#define _ARC4_ATFORK(f) pthread_atfork(NULL, NULL, (f)) + +static inline void +_getentropy_fail(void) +{ + raise(SIGKILL); +} + +static volatile sig_atomic_t _rs_forked; + +static inline void +_rs_forkhandler(void) +{ + _rs_forked = 1; +} + +static inline void +_rs_forkdetect(void) +{ + static pid_t _rs_pid = 0; + pid_t pid = getpid(); + + if (_rs_pid == 0 || _rs_pid != pid || _rs_forked) { + _rs_pid = pid; + _rs_forked = 0; + if (rs) + memset(rs, 0, sizeof(*rs)); + } +} + +static inline int +_rs_allocate(struct _rs **rsp, struct _rsx **rsxp) +{ + if ((*rsp = mmap(NULL, sizeof(**rsp), PROT_READ|PROT_WRITE, + MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) + return (-1); + + if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE, + MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) { + munmap(*rsp, sizeof(**rsp)); + *rsp = NULL; + return (-1); + } + + _ARC4_ATFORK(_rs_forkhandler); + return (0); +} diff --git a/src/lib/libcrypto/arc4random/arc4random_freebsd.h b/src/lib/libcrypto/arc4random/arc4random_freebsd.h new file mode 100644 index 00000000000..3faa5e4d317 --- /dev/null +++ b/src/lib/libcrypto/arc4random/arc4random_freebsd.h @@ -0,0 +1,87 @@ +/* $OpenBSD: arc4random_freebsd.h,v 1.4 2016/06/30 12:19:51 bcook Exp $ */ + +/* + * Copyright (c) 1996, David Mazieres + * Copyright (c) 2008, Damien Miller + * Copyright (c) 2013, Markus Friedl + * Copyright (c) 2014, Theo de Raadt + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * Stub functions for portability. + */ + +#include + +#include +#include + +static pthread_mutex_t arc4random_mtx = PTHREAD_MUTEX_INITIALIZER; +#define _ARC4_LOCK() pthread_mutex_lock(&arc4random_mtx) +#define _ARC4_UNLOCK() pthread_mutex_unlock(&arc4random_mtx) + +/* + * Unfortunately, pthread_atfork() is broken on FreeBSD (at least 9 and 10) if + * a program does not link to -lthr. Callbacks registered with pthread_atfork() + * appear to fail silently. So, it is not always possible to detect a PID + * wraparound. + */ +#define _ARC4_ATFORK(f) pthread_atfork(NULL, NULL, (f)) + +static inline void +_getentropy_fail(void) +{ + raise(SIGKILL); +} + +static volatile sig_atomic_t _rs_forked; + +static inline void +_rs_forkhandler(void) +{ + _rs_forked = 1; +} + +static inline void +_rs_forkdetect(void) +{ + static pid_t _rs_pid = 0; + pid_t pid = getpid(); + + if (_rs_pid == 0 || _rs_pid != pid || _rs_forked) { + _rs_pid = pid; + _rs_forked = 0; + if (rs) + memset(rs, 0, sizeof(*rs)); + } +} + +static inline int +_rs_allocate(struct _rs **rsp, struct _rsx **rsxp) +{ + if ((*rsp = mmap(NULL, sizeof(**rsp), PROT_READ|PROT_WRITE, + MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) + return (-1); + + if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE, + MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) { + munmap(*rsp, sizeof(**rsp)); + *rsp = NULL; + return (-1); + } + + _ARC4_ATFORK(_rs_forkhandler); + return (0); +} diff --git a/src/lib/libcrypto/arc4random/arc4random_hpux.h b/src/lib/libcrypto/arc4random/arc4random_hpux.h new file mode 100644 index 00000000000..2a3fe8c6114 --- /dev/null +++ b/src/lib/libcrypto/arc4random/arc4random_hpux.h @@ -0,0 +1,81 @@ +/* $OpenBSD: arc4random_hpux.h,v 1.3 2016/06/30 12:19:51 bcook Exp $ */ + +/* + * Copyright (c) 1996, David Mazieres + * Copyright (c) 2008, Damien Miller + * Copyright (c) 2013, Markus Friedl + * Copyright (c) 2014, Theo de Raadt + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * Stub functions for portability. + */ + +#include + +#include +#include + +static pthread_mutex_t arc4random_mtx = PTHREAD_MUTEX_INITIALIZER; +#define _ARC4_LOCK() pthread_mutex_lock(&arc4random_mtx) +#define _ARC4_UNLOCK() pthread_mutex_unlock(&arc4random_mtx) + +#define _ARC4_ATFORK(f) pthread_atfork(NULL, NULL, (f)) + +static inline void +_getentropy_fail(void) +{ + raise(SIGKILL); +} + +static volatile sig_atomic_t _rs_forked; + +static inline void +_rs_forkhandler(void) +{ + _rs_forked = 1; +} + +static inline void +_rs_forkdetect(void) +{ + static pid_t _rs_pid = 0; + pid_t pid = getpid(); + + if (_rs_pid == 0 || _rs_pid != pid || _rs_forked) { + _rs_pid = pid; + _rs_forked = 0; + if (rs) + memset(rs, 0, sizeof(*rs)); + } +} + +static inline int +_rs_allocate(struct _rs **rsp, struct _rsx **rsxp) +{ + if ((*rsp = mmap(NULL, sizeof(**rsp), PROT_READ|PROT_WRITE, + MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) + return (-1); + + if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE, + MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) { + munmap(*rsp, sizeof(**rsp)); + *rsp = NULL; + return (-1); + } + + _ARC4_ATFORK(_rs_forkhandler); + return (0); +} diff --git a/src/lib/libcrypto/arc4random/arc4random_linux.h b/src/lib/libcrypto/arc4random/arc4random_linux.h new file mode 100644 index 00000000000..879f9663914 --- /dev/null +++ b/src/lib/libcrypto/arc4random/arc4random_linux.h @@ -0,0 +1,88 @@ +/* $OpenBSD: arc4random_linux.h,v 1.11 2016/06/30 12:19:51 bcook Exp $ */ + +/* + * Copyright (c) 1996, David Mazieres + * Copyright (c) 2008, Damien Miller + * Copyright (c) 2013, Markus Friedl + * Copyright (c) 2014, Theo de Raadt + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * Stub functions for portability. + */ + +#include + +#include +#include + +static pthread_mutex_t arc4random_mtx = PTHREAD_MUTEX_INITIALIZER; +#define _ARC4_LOCK() pthread_mutex_lock(&arc4random_mtx) +#define _ARC4_UNLOCK() pthread_mutex_unlock(&arc4random_mtx) + +#ifdef __GLIBC__ +extern void *__dso_handle; +extern int __register_atfork(void (*)(void), void(*)(void), void (*)(void), void *); +#define _ARC4_ATFORK(f) __register_atfork(NULL, NULL, (f), __dso_handle) +#else +#define _ARC4_ATFORK(f) pthread_atfork(NULL, NULL, (f)) +#endif + +static inline void +_getentropy_fail(void) +{ + raise(SIGKILL); +} + +static volatile sig_atomic_t _rs_forked; + +static inline void +_rs_forkhandler(void) +{ + _rs_forked = 1; +} + +static inline void +_rs_forkdetect(void) +{ + static pid_t _rs_pid = 0; + pid_t pid = getpid(); + + /* XXX unusual calls to clone() can bypass checks */ + if (_rs_pid == 0 || _rs_pid == 1 || _rs_pid != pid || _rs_forked) { + _rs_pid = pid; + _rs_forked = 0; + if (rs) + memset(rs, 0, sizeof(*rs)); + } +} + +static inline int +_rs_allocate(struct _rs **rsp, struct _rsx **rsxp) +{ + if ((*rsp = mmap(NULL, sizeof(**rsp), PROT_READ|PROT_WRITE, + MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) + return (-1); + + if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE, + MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) { + munmap(*rsp, sizeof(**rsp)); + *rsp = NULL; + return (-1); + } + + _ARC4_ATFORK(_rs_forkhandler); + return (0); +} diff --git a/src/lib/libcrypto/arc4random/arc4random_netbsd.h b/src/lib/libcrypto/arc4random/arc4random_netbsd.h new file mode 100644 index 00000000000..611997d54d6 --- /dev/null +++ b/src/lib/libcrypto/arc4random/arc4random_netbsd.h @@ -0,0 +1,87 @@ +/* $OpenBSD: arc4random_netbsd.h,v 1.3 2016/06/30 12:19:51 bcook Exp $ */ + +/* + * Copyright (c) 1996, David Mazieres + * Copyright (c) 2008, Damien Miller + * Copyright (c) 2013, Markus Friedl + * Copyright (c) 2014, Theo de Raadt + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * Stub functions for portability. + */ + +#include + +#include +#include + +static pthread_mutex_t arc4random_mtx = PTHREAD_MUTEX_INITIALIZER; +#define _ARC4_LOCK() pthread_mutex_lock(&arc4random_mtx) +#define _ARC4_UNLOCK() pthread_mutex_unlock(&arc4random_mtx) + +/* + * Unfortunately, pthread_atfork() is broken on FreeBSD (at least 9 and 10) if + * a program does not link to -lthr. Callbacks registered with pthread_atfork() + * appear to fail silently. So, it is not always possible to detect a PID + * wraparound. + */ +#define _ARC4_ATFORK(f) pthread_atfork(NULL, NULL, (f)) + +static inline void +_getentropy_fail(void) +{ + raise(SIGKILL); +} + +static volatile sig_atomic_t _rs_forked; + +static inline void +_rs_forkhandler(void) +{ + _rs_forked = 1; +} + +static inline void +_rs_forkdetect(void) +{ + static pid_t _rs_pid = 0; + pid_t pid = getpid(); + + if (_rs_pid == 0 || _rs_pid != pid || _rs_forked) { + _rs_pid = pid; + _rs_forked = 0; + if (rs) + memset(rs, 0, sizeof(*rs)); + } +} + +static inline int +_rs_allocate(struct _rs **rsp, struct _rsx **rsxp) +{ + if ((*rsp = mmap(NULL, sizeof(**rsp), PROT_READ|PROT_WRITE, + MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) + return (-1); + + if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE, + MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) { + munmap(*rsp, sizeof(**rsp)); + *rsp = NULL; + return (-1); + } + + _ARC4_ATFORK(_rs_forkhandler); + return (0); +} diff --git a/src/lib/libcrypto/arc4random/arc4random_osx.h b/src/lib/libcrypto/arc4random/arc4random_osx.h new file mode 100644 index 00000000000..818ae6bbf48 --- /dev/null +++ b/src/lib/libcrypto/arc4random/arc4random_osx.h @@ -0,0 +1,81 @@ +/* $OpenBSD: arc4random_osx.h,v 1.11 2016/06/30 12:19:51 bcook Exp $ */ + +/* + * Copyright (c) 1996, David Mazieres + * Copyright (c) 2008, Damien Miller + * Copyright (c) 2013, Markus Friedl + * Copyright (c) 2014, Theo de Raadt + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * Stub functions for portability. + */ + +#include + +#include +#include + +static pthread_mutex_t arc4random_mtx = PTHREAD_MUTEX_INITIALIZER; +#define _ARC4_LOCK() pthread_mutex_lock(&arc4random_mtx) +#define _ARC4_UNLOCK() pthread_mutex_unlock(&arc4random_mtx) + +#define _ARC4_ATFORK(f) pthread_atfork(NULL, NULL, (f)) + +static inline void +_getentropy_fail(void) +{ + raise(SIGKILL); +} + +static volatile sig_atomic_t _rs_forked; + +static inline void +_rs_forkhandler(void) +{ + _rs_forked = 1; +} + +static inline void +_rs_forkdetect(void) +{ + static pid_t _rs_pid = 0; + pid_t pid = getpid(); + + if (_rs_pid == 0 || _rs_pid != pid || _rs_forked) { + _rs_pid = pid; + _rs_forked = 0; + if (rs) + memset(rs, 0, sizeof(*rs)); + } +} + +static inline int +_rs_allocate(struct _rs **rsp, struct _rsx **rsxp) +{ + if ((*rsp = mmap(NULL, sizeof(**rsp), PROT_READ|PROT_WRITE, + MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) + return (-1); + + if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE, + MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) { + munmap(*rsp, sizeof(**rsp)); + *rsp = NULL; + return (-1); + } + + _ARC4_ATFORK(_rs_forkhandler); + return (0); +} diff --git a/src/lib/libcrypto/arc4random/arc4random_solaris.h b/src/lib/libcrypto/arc4random/arc4random_solaris.h new file mode 100644 index 00000000000..b1084cda087 --- /dev/null +++ b/src/lib/libcrypto/arc4random/arc4random_solaris.h @@ -0,0 +1,81 @@ +/* $OpenBSD: arc4random_solaris.h,v 1.10 2016/06/30 12:19:51 bcook Exp $ */ + +/* + * Copyright (c) 1996, David Mazieres + * Copyright (c) 2008, Damien Miller + * Copyright (c) 2013, Markus Friedl + * Copyright (c) 2014, Theo de Raadt + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * Stub functions for portability. + */ + +#include + +#include +#include + +static pthread_mutex_t arc4random_mtx = PTHREAD_MUTEX_INITIALIZER; +#define _ARC4_LOCK() pthread_mutex_lock(&arc4random_mtx) +#define _ARC4_UNLOCK() pthread_mutex_unlock(&arc4random_mtx) + +#define _ARC4_ATFORK(f) pthread_atfork(NULL, NULL, (f)) + +static inline void +_getentropy_fail(void) +{ + raise(SIGKILL); +} + +static volatile sig_atomic_t _rs_forked; + +static inline void +_rs_forkhandler(void) +{ + _rs_forked = 1; +} + +static inline void +_rs_forkdetect(void) +{ + static pid_t _rs_pid = 0; + pid_t pid = getpid(); + + if (_rs_pid == 0 || _rs_pid != pid || _rs_forked) { + _rs_pid = pid; + _rs_forked = 0; + if (rs) + memset(rs, 0, sizeof(*rs)); + } +} + +static inline int +_rs_allocate(struct _rs **rsp, struct _rsx **rsxp) +{ + if ((*rsp = mmap(NULL, sizeof(**rsp), PROT_READ|PROT_WRITE, + MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) + return (-1); + + if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE, + MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) { + munmap(*rsp, sizeof(**rsp)); + *rsp = NULL; + return (-1); + } + + _ARC4_ATFORK(_rs_forkhandler); + return (0); +} diff --git a/src/lib/libcrypto/arc4random/arc4random_win.h b/src/lib/libcrypto/arc4random/arc4random_win.h new file mode 100644 index 00000000000..deec8a1efe8 --- /dev/null +++ b/src/lib/libcrypto/arc4random/arc4random_win.h @@ -0,0 +1,78 @@ +/* $OpenBSD: arc4random_win.h,v 1.6 2016/06/30 12:17:29 bcook Exp $ */ + +/* + * Copyright (c) 1996, David Mazieres + * Copyright (c) 2008, Damien Miller + * Copyright (c) 2013, Markus Friedl + * Copyright (c) 2014, Theo de Raadt + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * Stub functions for portability. + */ + +#include + +static volatile HANDLE arc4random_mtx = NULL; + +/* + * Initialize the mutex on the first lock attempt. On collision, each thread + * will attempt to allocate a mutex and compare-and-swap it into place as the + * global mutex. On failure to swap in the global mutex, the mutex is closed. + */ +#define _ARC4_LOCK() { \ + if (!arc4random_mtx) { \ + HANDLE p = CreateMutex(NULL, FALSE, NULL); \ + if (InterlockedCompareExchangePointer((void **)&arc4random_mtx, (void *)p, NULL)) \ + CloseHandle(p); \ + } \ + WaitForSingleObject(arc4random_mtx, INFINITE); \ +} \ + +#define _ARC4_UNLOCK() ReleaseMutex(arc4random_mtx) + +static inline void +_getentropy_fail(void) +{ + TerminateProcess(GetCurrentProcess(), 0); +} + +static inline int +_rs_allocate(struct _rs **rsp, struct _rsx **rsxp) +{ + *rsp = VirtualAlloc(NULL, sizeof(**rsp), + MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE); + if (*rsp == NULL) + return (-1); + + *rsxp = VirtualAlloc(NULL, sizeof(**rsxp), + MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE); + if (*rsxp == NULL) { + VirtualFree(*rsp, 0, MEM_RELEASE); + *rsp = NULL; + return (-1); + } + return (0); +} + +static inline void +_rs_forkhandler(void) +{ +} + +static inline void +_rs_forkdetect(void) +{ +} diff --git a/src/lib/libcrypto/arc4random/getentropy_aix.c b/src/lib/libcrypto/arc4random/getentropy_aix.c new file mode 100644 index 00000000000..bd8818f264d --- /dev/null +++ b/src/lib/libcrypto/arc4random/getentropy_aix.c @@ -0,0 +1,402 @@ +/* $OpenBSD: getentropy_aix.c,v 1.6 2018/11/20 08:04:28 deraadt Exp $ */ + +/* + * Copyright (c) 2015 Michael Felt + * Copyright (c) 2014 Theo de Raadt + * Copyright (c) 2014 Bob Beck + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Emulation of getentropy(2) as documented at: + * http://man.openbsd.org/getentropy.2 + */ +/* + * -lperfstat is needed for the psuedo entropy data + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +#include + +#define REPEAT 5 +#define min(a, b) (((a) < (b)) ? (a) : (b)) + +#define HX(a, b) \ + do { \ + if ((a)) \ + HD(errno); \ + else \ + HD(b); \ + } while (0) + +#define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l))) +#define HD(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (x))) +#define HF(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (void*))) + +int getentropy(void *buf, size_t len); + +static int getentropy_urandom(void *buf, size_t len, const char *path, + int devfscheck); +static int getentropy_fallback(void *buf, size_t len); + +int +getentropy(void *buf, size_t len) +{ + int ret = -1; + + if (len > 256) { + errno = EIO; + return (-1); + } + + /* + * Try to get entropy with /dev/urandom + */ + ret = getentropy_urandom(buf, len, "/dev/urandom", 0); + if (ret != -1) + return (ret); + + /* + * Entropy collection via /dev/urandom has failed. + * + * No other API exists for collecting entropy, and we have + * no failsafe way to get it on AIX that is not sensitive + * to resource exhaustion. + * + * We have very few options: + * - Even syslog_r is unsafe to call at this low level, so + * there is no way to alert the user or program. + * - Cannot call abort() because some systems have unsafe + * corefiles. + * - Could raise(SIGKILL) resulting in silent program termination. + * - Return EIO, to hint that arc4random's stir function + * should raise(SIGKILL) + * - Do the best under the circumstances.... + * + * This code path exists to bring light to the issue that AIX + * does not provide a failsafe API for entropy collection. + * + * We hope this demonstrates that AIX should consider + * providing a new failsafe API which works in a chroot or + * when file descriptors are exhausted. + */ +#undef FAIL_INSTEAD_OF_TRYING_FALLBACK +#ifdef FAIL_INSTEAD_OF_TRYING_FALLBACK + raise(SIGKILL); +#endif + ret = getentropy_fallback(buf, len); + if (ret != -1) + return (ret); + + errno = EIO; + return (ret); +} + +static int +getentropy_urandom(void *buf, size_t len, const char *path, int devfscheck) +{ + struct stat st; + size_t i; + int fd, flags; + int save_errno = errno; + +start: + + flags = O_RDONLY; +#ifdef O_NOFOLLOW + flags |= O_NOFOLLOW; +#endif +#ifdef O_CLOEXEC + flags |= O_CLOEXEC; +#endif + fd = open(path, flags, 0); + if (fd == -1) { + if (errno == EINTR) + goto start; + goto nodevrandom; + } +#ifndef O_CLOEXEC + fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC); +#endif + + /* Lightly verify that the device node looks sane */ + if (fstat(fd, &st) == -1 || !S_ISCHR(st.st_mode)) { + close(fd); + goto nodevrandom; + } + for (i = 0; i < len; ) { + size_t wanted = len - i; + ssize_t ret = read(fd, (char *)buf + i, wanted); + + if (ret == -1) { + if (errno == EAGAIN || errno == EINTR) + continue; + close(fd); + goto nodevrandom; + } + i += ret; + } + close(fd); + errno = save_errno; + return (0); /* satisfied */ +nodevrandom: + errno = EIO; + return (-1); +} + +static const int cl[] = { + CLOCK_REALTIME, +#ifdef CLOCK_MONOTONIC + CLOCK_MONOTONIC, +#endif +#ifdef CLOCK_MONOTONIC_RAW + CLOCK_MONOTONIC_RAW, +#endif +#ifdef CLOCK_TAI + CLOCK_TAI, +#endif +#ifdef CLOCK_VIRTUAL + CLOCK_VIRTUAL, +#endif +#ifdef CLOCK_UPTIME + CLOCK_UPTIME, +#endif +#ifdef CLOCK_PROCESS_CPUTIME_ID + CLOCK_PROCESS_CPUTIME_ID, +#endif +#ifdef CLOCK_THREAD_CPUTIME_ID + CLOCK_THREAD_CPUTIME_ID, +#endif +}; + +static int +getentropy_fallback(void *buf, size_t len) +{ + uint8_t results[SHA512_DIGEST_LENGTH]; + int save_errno = errno, e, pgs = sysconf(_SC_PAGESIZE), faster = 0, repeat; + static int cnt; + struct timespec ts; + struct timeval tv; + perfstat_cpu_total_t cpustats; +#ifdef _AIX61 + perfstat_cpu_total_wpar_t cpustats_wpar; +#endif + perfstat_partition_total_t lparstats; + perfstat_disk_total_t diskinfo; + perfstat_netinterface_total_t netinfo; + struct rusage ru; + sigset_t sigset; + struct stat st; + SHA512_CTX ctx; + static pid_t lastpid; + pid_t pid; + size_t i, ii, m; + char *p; + + pid = getpid(); + if (lastpid == pid) { + faster = 1; + repeat = 2; + } else { + faster = 0; + lastpid = pid; + repeat = REPEAT; + } + for (i = 0; i < len; ) { + int j; + SHA512_Init(&ctx); + for (j = 0; j < repeat; j++) { + HX((e = gettimeofday(&tv, NULL)) == -1, tv); + if (e != -1) { + cnt += (int)tv.tv_sec; + cnt += (int)tv.tv_usec; + } + + HX(perfstat_cpu_total(NULL, &cpustats, + sizeof(cpustats), 1) == -1, cpustats); + +#ifdef _AIX61 + HX(perfstat_cpu_total_wpar(NULL, &cpustats_wpar, + sizeof(cpustats_wpar), 1) == -1, cpustats_wpar); +#endif + + HX(perfstat_partition_total(NULL, &lparstats, + sizeof(lparstats), 1) == -1, lparstats); + + HX(perfstat_disk_total(NULL, &diskinfo, + sizeof(diskinfo), 1) == -1, diskinfo); + + HX(perfstat_netinterface_total(NULL, &netinfo, + sizeof(netinfo), 1) == -1, netinfo); + + for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]); ii++) + HX(clock_gettime(cl[ii], &ts) == -1, ts); + + HX((pid = getpid()) == -1, pid); + HX((pid = getsid(pid)) == -1, pid); + HX((pid = getppid()) == -1, pid); + HX((pid = getpgid(0)) == -1, pid); + HX((e = getpriority(0, 0)) == -1, e); + + if (!faster) { + ts.tv_sec = 0; + ts.tv_nsec = 1; + (void) nanosleep(&ts, NULL); + } + + HX(sigpending(&sigset) == -1, sigset); + HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1, + sigset); + + HF(getentropy); /* an addr in this library */ + HF(printf); /* an addr in libc */ + p = (char *)&p; + HD(p); /* an addr on stack */ + p = (char *)&errno; + HD(p); /* the addr of errno */ + + if (i == 0) { + struct sockaddr_storage ss; + struct statvfs stvfs; + struct termios tios; + socklen_t ssl; + off_t off; + + /* + * Prime-sized mappings encourage fragmentation; + * thus exposing some address entropy. + */ + struct mm { + size_t npg; + void *p; + } mm[] = { + { 17, MAP_FAILED }, { 3, MAP_FAILED }, + { 11, MAP_FAILED }, { 2, MAP_FAILED }, + { 5, MAP_FAILED }, { 3, MAP_FAILED }, + { 7, MAP_FAILED }, { 1, MAP_FAILED }, + { 57, MAP_FAILED }, { 3, MAP_FAILED }, + { 131, MAP_FAILED }, { 1, MAP_FAILED }, + }; + + for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) { + HX(mm[m].p = mmap(NULL, + mm[m].npg * pgs, + PROT_READ|PROT_WRITE, + MAP_PRIVATE|MAP_ANON, -1, + (off_t)0), mm[m].p); + if (mm[m].p != MAP_FAILED) { + size_t mo; + + /* Touch some memory... */ + p = mm[m].p; + mo = cnt % + (mm[m].npg * pgs - 1); + p[mo] = 1; + cnt += (int)((long)(mm[m].p) + / pgs); + } + + /* Check cnts and times... */ + for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]); + ii++) { + HX((e = clock_gettime(cl[ii], + &ts)) == -1, ts); + if (e != -1) + cnt += (int)ts.tv_nsec; + } + + HX((e = getrusage(RUSAGE_SELF, + &ru)) == -1, ru); + if (e != -1) { + cnt += (int)ru.ru_utime.tv_sec; + cnt += (int)ru.ru_utime.tv_usec; + } + } + + for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) { + if (mm[m].p != MAP_FAILED) + munmap(mm[m].p, mm[m].npg * pgs); + mm[m].p = MAP_FAILED; + } + + HX(stat(".", &st) == -1, st); + HX(statvfs(".", &stvfs) == -1, stvfs); + + HX(stat("/", &st) == -1, st); + HX(statvfs("/", &stvfs) == -1, stvfs); + + HX((e = fstat(0, &st)) == -1, st); + if (e == -1) { + if (S_ISREG(st.st_mode) || + S_ISFIFO(st.st_mode) || + S_ISSOCK(st.st_mode)) { + HX(fstatvfs(0, &stvfs) == -1, + stvfs); + HX((off = lseek(0, (off_t)0, + SEEK_CUR)) < 0, off); + } + if (S_ISCHR(st.st_mode)) { + HX(tcgetattr(0, &tios) == -1, + tios); + } else if (S_ISSOCK(st.st_mode)) { + memset(&ss, 0, sizeof ss); + ssl = sizeof(ss); + HX(getpeername(0, + (void *)&ss, &ssl) == -1, + ss); + } + } + + HX((e = getrusage(RUSAGE_CHILDREN, + &ru)) == -1, ru); + if (e != -1) { + cnt += (int)ru.ru_utime.tv_sec; + cnt += (int)ru.ru_utime.tv_usec; + } + } else { + /* Subsequent hashes absorb previous result */ + HD(results); + } + + HX((e = gettimeofday(&tv, NULL)) == -1, tv); + if (e != -1) { + cnt += (int)tv.tv_sec; + cnt += (int)tv.tv_usec; + } + + HD(cnt); + } + SHA512_Final(results, &ctx); + memcpy((char *)buf + i, results, min(sizeof(results), len - i)); + i += min(sizeof(results), len - i); + } + explicit_bzero(&ctx, sizeof ctx); + explicit_bzero(results, sizeof results); + errno = save_errno; + return (0); /* satisfied */ +} diff --git a/src/lib/libcrypto/arc4random/getentropy_freebsd.c b/src/lib/libcrypto/arc4random/getentropy_freebsd.c new file mode 100644 index 00000000000..30cd68e97d6 --- /dev/null +++ b/src/lib/libcrypto/arc4random/getentropy_freebsd.c @@ -0,0 +1,62 @@ +/* $OpenBSD: getentropy_freebsd.c,v 1.3 2016/08/07 03:27:21 tb Exp $ */ + +/* + * Copyright (c) 2014 Pawel Jakub Dawidek + * Copyright (c) 2014 Brent Cook + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Emulation of getentropy(2) as documented at: + * http://man.openbsd.org/getentropy.2 + */ + +#include +#include + +#include +#include + +/* + * Derived from lib/libc/gen/arc4random.c from FreeBSD. + */ +static size_t +getentropy_sysctl(u_char *buf, size_t size) +{ + int mib[2]; + size_t len, done; + + mib[0] = CTL_KERN; + mib[1] = KERN_ARND; + done = 0; + + do { + len = size; + if (sysctl(mib, 2, buf, &len, NULL, 0) == -1) + return (done); + done += len; + buf += len; + size -= len; + } while (size > 0); + + return (done); +} + +int +getentropy(void *buf, size_t len) +{ + if (len <= 256 && getentropy_sysctl(buf, len) == len) + return (0); + + errno = EIO; + return (-1); +} diff --git a/src/lib/libcrypto/arc4random/getentropy_hpux.c b/src/lib/libcrypto/arc4random/getentropy_hpux.c new file mode 100644 index 00000000000..7208aa44c45 --- /dev/null +++ b/src/lib/libcrypto/arc4random/getentropy_hpux.c @@ -0,0 +1,396 @@ +/* $OpenBSD: getentropy_hpux.c,v 1.6 2018/11/20 08:04:28 deraadt Exp $ */ + +/* + * Copyright (c) 2014 Theo de Raadt + * Copyright (c) 2014 Bob Beck + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Emulation of getentropy(2) as documented at: + * http://man.openbsd.org/getentropy.2 + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include + +#include + +#define REPEAT 5 +#define min(a, b) (((a) < (b)) ? (a) : (b)) + +#define HX(a, b) \ + do { \ + if ((a)) \ + HD(errno); \ + else \ + HD(b); \ + } while (0) + +#define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l))) +#define HD(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (x))) +#define HF(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (void*))) + +int getentropy(void *buf, size_t len); + +static int getentropy_urandom(void *buf, size_t len, const char *path, + int devfscheck); +static int getentropy_fallback(void *buf, size_t len); + +int +getentropy(void *buf, size_t len) +{ + int ret = -1; + + if (len > 256) { + errno = EIO; + return (-1); + } + + /* + * Try to get entropy with /dev/urandom + */ + ret = getentropy_urandom(buf, len, "/dev/urandom", 0); + if (ret != -1) + return (ret); + + /* + * Entropy collection via /dev/urandom has failed. + * + * No other API exists for collecting entropy, and we have + * no failsafe way to get it on hpux that is not sensitive + * to resource exhaustion. + * + * We have very few options: + * - Even syslog_r is unsafe to call at this low level, so + * there is no way to alert the user or program. + * - Cannot call abort() because some systems have unsafe + * corefiles. + * - Could raise(SIGKILL) resulting in silent program termination. + * - Return EIO, to hint that arc4random's stir function + * should raise(SIGKILL) + * - Do the best under the circumstances.... + * + * This code path exists to bring light to the issue that hpux + * does not provide a failsafe API for entropy collection. + * + * We hope this demonstrates that hpux should consider + * providing a new failsafe API which works in a chroot or + * when file descriptors are exhausted. + */ +#undef FAIL_INSTEAD_OF_TRYING_FALLBACK +#ifdef FAIL_INSTEAD_OF_TRYING_FALLBACK + raise(SIGKILL); +#endif + ret = getentropy_fallback(buf, len); + if (ret != -1) + return (ret); + + errno = EIO; + return (ret); +} + +static int +getentropy_urandom(void *buf, size_t len, const char *path, int devfscheck) +{ + struct stat st; + size_t i; + int fd, flags; + int save_errno = errno; + +start: + + flags = O_RDONLY; +#ifdef O_NOFOLLOW + flags |= O_NOFOLLOW; +#endif +#ifdef O_CLOEXEC + flags |= O_CLOEXEC; +#endif + fd = open(path, flags, 0); + if (fd == -1) { + if (errno == EINTR) + goto start; + goto nodevrandom; + } +#ifndef O_CLOEXEC + fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC); +#endif + + /* Lightly verify that the device node looks sane */ + if (fstat(fd, &st) == -1 || !S_ISCHR(st.st_mode)) { + close(fd); + goto nodevrandom; + } + for (i = 0; i < len; ) { + size_t wanted = len - i; + ssize_t ret = read(fd, (char *)buf + i, wanted); + + if (ret == -1) { + if (errno == EAGAIN || errno == EINTR) + continue; + close(fd); + goto nodevrandom; + } + i += ret; + } + close(fd); + errno = save_errno; + return (0); /* satisfied */ +nodevrandom: + errno = EIO; + return (-1); +} + +static const int cl[] = { + CLOCK_REALTIME, +#ifdef CLOCK_MONOTONIC + CLOCK_MONOTONIC, +#endif +#ifdef CLOCK_MONOTONIC_RAW + CLOCK_MONOTONIC_RAW, +#endif +#ifdef CLOCK_TAI + CLOCK_TAI, +#endif +#ifdef CLOCK_VIRTUAL + CLOCK_VIRTUAL, +#endif +#ifdef CLOCK_UPTIME + CLOCK_UPTIME, +#endif +#ifdef CLOCK_PROCESS_CPUTIME_ID + CLOCK_PROCESS_CPUTIME_ID, +#endif +#ifdef CLOCK_THREAD_CPUTIME_ID + CLOCK_THREAD_CPUTIME_ID, +#endif +}; + +static int +getentropy_fallback(void *buf, size_t len) +{ + uint8_t results[SHA512_DIGEST_LENGTH]; + int save_errno = errno, e, pgs = sysconf(_SC_PAGESIZE), faster = 0, repeat; + static int cnt; + struct timespec ts; + struct timeval tv; + struct pst_vminfo pvi; + struct pst_vm_status pvs; + struct pst_dynamic pdy; + struct rusage ru; + sigset_t sigset; + struct stat st; + SHA512_CTX ctx; + static pid_t lastpid; + pid_t pid; + size_t i, ii, m; + char *p; + + pid = getpid(); + if (lastpid == pid) { + faster = 1; + repeat = 2; + } else { + faster = 0; + lastpid = pid; + repeat = REPEAT; + } + for (i = 0; i < len; ) { + int j; + SHA512_Init(&ctx); + for (j = 0; j < repeat; j++) { + HX((e = gettimeofday(&tv, NULL)) == -1, tv); + if (e != -1) { + cnt += (int)tv.tv_sec; + cnt += (int)tv.tv_usec; + } + + HX(pstat_getvminfo(&pvi, sizeof(pvi), 1, 0) != 1, pvi); + HX(pstat_getprocvm(&pvs, sizeof(pvs), 0, 0) != 1, pvs); + + for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]); ii++) + HX(clock_gettime(cl[ii], &ts) == -1, ts); + + HX((pid = getpid()) == -1, pid); + HX((pid = getsid(pid)) == -1, pid); + HX((pid = getppid()) == -1, pid); + HX((pid = getpgid(0)) == -1, pid); + HX((e = getpriority(0, 0)) == -1, e); + + if(pstat_getdynamic(&pdy, sizeof(pdy), 1, 0) != 1) { + HD(errno); + } else { + HD(pdy.psd_avg_1_min); + HD(pdy.psd_avg_5_min); + HD(pdy.psd_avg_15_min); + } + + if (!faster) { + ts.tv_sec = 0; + ts.tv_nsec = 1; + (void) nanosleep(&ts, NULL); + } + + HX(sigpending(&sigset) == -1, sigset); + HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1, + sigset); + + HF(getentropy); /* an addr in this library */ + HF(printf); /* an addr in libc */ + p = (char *)&p; + HD(p); /* an addr on stack */ + p = (char *)&errno; + HD(p); /* the addr of errno */ + + if (i == 0) { + struct sockaddr_storage ss; + struct statvfs stvfs; + struct termios tios; + socklen_t ssl; + off_t off; + + /* + * Prime-sized mappings encourage fragmentation; + * thus exposing some address entropy. + */ + struct mm { + size_t npg; + void *p; + } mm[] = { + { 17, MAP_FAILED }, { 3, MAP_FAILED }, + { 11, MAP_FAILED }, { 2, MAP_FAILED }, + { 5, MAP_FAILED }, { 3, MAP_FAILED }, + { 7, MAP_FAILED }, { 1, MAP_FAILED }, + { 57, MAP_FAILED }, { 3, MAP_FAILED }, + { 131, MAP_FAILED }, { 1, MAP_FAILED }, + }; + + for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) { + HX(mm[m].p = mmap(NULL, + mm[m].npg * pgs, + PROT_READ|PROT_WRITE, + MAP_PRIVATE|MAP_ANON, -1, + (off_t)0), mm[m].p); + if (mm[m].p != MAP_FAILED) { + size_t mo; + + /* Touch some memory... */ + p = mm[m].p; + mo = cnt % + (mm[m].npg * pgs - 1); + p[mo] = 1; + cnt += (int)((long)(mm[m].p) + / pgs); + } + + /* Check cnts and times... */ + for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]); + ii++) { + HX((e = clock_gettime(cl[ii], + &ts)) == -1, ts); + if (e != -1) + cnt += (int)ts.tv_nsec; + } + + HX((e = getrusage(RUSAGE_SELF, + &ru)) == -1, ru); + if (e != -1) { + cnt += (int)ru.ru_utime.tv_sec; + cnt += (int)ru.ru_utime.tv_usec; + } + } + + for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) { + if (mm[m].p != MAP_FAILED) + munmap(mm[m].p, mm[m].npg * pgs); + mm[m].p = MAP_FAILED; + } + + HX(stat(".", &st) == -1, st); + HX(statvfs(".", &stvfs) == -1, stvfs); + + HX(stat("/", &st) == -1, st); + HX(statvfs("/", &stvfs) == -1, stvfs); + + HX((e = fstat(0, &st)) == -1, st); + if (e == -1) { + if (S_ISREG(st.st_mode) || + S_ISFIFO(st.st_mode) || + S_ISSOCK(st.st_mode)) { + HX(fstatvfs(0, &stvfs) == -1, + stvfs); + HX((off = lseek(0, (off_t)0, + SEEK_CUR)) < 0, off); + } + if (S_ISCHR(st.st_mode)) { + HX(tcgetattr(0, &tios) == -1, + tios); + } else if (S_ISSOCK(st.st_mode)) { + memset(&ss, 0, sizeof ss); + ssl = sizeof(ss); + HX(getpeername(0, + (void *)&ss, &ssl) == -1, + ss); + } + } + + HX((e = getrusage(RUSAGE_CHILDREN, + &ru)) == -1, ru); + if (e != -1) { + cnt += (int)ru.ru_utime.tv_sec; + cnt += (int)ru.ru_utime.tv_usec; + } + } else { + /* Subsequent hashes absorb previous result */ + HD(results); + } + + HX((e = gettimeofday(&tv, NULL)) == -1, tv); + if (e != -1) { + cnt += (int)tv.tv_sec; + cnt += (int)tv.tv_usec; + } + + HD(cnt); + } + SHA512_Final(results, &ctx); + memcpy((char *)buf + i, results, min(sizeof(results), len - i)); + i += min(sizeof(results), len - i); + } + explicit_bzero(&ctx, sizeof ctx); + explicit_bzero(results, sizeof results); + errno = save_errno; + return (0); /* satisfied */ +} diff --git a/src/lib/libcrypto/arc4random/getentropy_linux.c b/src/lib/libcrypto/arc4random/getentropy_linux.c new file mode 100644 index 00000000000..6b220be3115 --- /dev/null +++ b/src/lib/libcrypto/arc4random/getentropy_linux.c @@ -0,0 +1,525 @@ +/* $OpenBSD: getentropy_linux.c,v 1.46 2018/11/20 08:04:28 deraadt Exp $ */ + +/* + * Copyright (c) 2014 Theo de Raadt + * Copyright (c) 2014 Bob Beck + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Emulation of getentropy(2) as documented at: + * http://man.openbsd.org/getentropy.2 + */ + +#define _POSIX_C_SOURCE 199309L +#define _GNU_SOURCE 1 +#include +#include +#include +#include +#include +#ifdef SYS__sysctl +#include +#endif +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#ifdef HAVE_GETAUXVAL +#include +#endif +#include + +#define REPEAT 5 +#define min(a, b) (((a) < (b)) ? (a) : (b)) + +#define HX(a, b) \ + do { \ + if ((a)) \ + HD(errno); \ + else \ + HD(b); \ + } while (0) + +#define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l))) +#define HD(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (x))) +#define HF(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (void*))) + +int getentropy(void *buf, size_t len); + +#if defined(SYS_getrandom) && defined(GRND_NONBLOCK) +static int getentropy_getrandom(void *buf, size_t len); +#endif +static int getentropy_urandom(void *buf, size_t len); +#ifdef SYS__sysctl +static int getentropy_sysctl(void *buf, size_t len); +#endif +static int getentropy_fallback(void *buf, size_t len); +static int getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data); + +int +getentropy(void *buf, size_t len) +{ + int ret = -1; + + if (len > 256) { + errno = EIO; + return (-1); + } + +#if defined(SYS_getrandom) && defined(GRND_NONBLOCK) + /* + * Try descriptor-less getrandom(), in non-blocking mode. + * + * The design of Linux getrandom is broken. It has an + * uninitialized phase coupled with blocking behaviour, which + * is unacceptable from within a library at boot time without + * possible recovery. See http://bugs.python.org/issue26839#msg267745 + */ + ret = getentropy_getrandom(buf, len); + if (ret != -1) + return (ret); +#endif + + /* + * Try to get entropy with /dev/urandom + * + * This can fail if the process is inside a chroot or if file + * descriptors are exhausted. + */ + ret = getentropy_urandom(buf, len); + if (ret != -1) + return (ret); + +#ifdef SYS__sysctl + /* + * Try to use sysctl CTL_KERN, KERN_RANDOM, RANDOM_UUID. + * sysctl is a failsafe API, so it guarantees a result. This + * should work inside a chroot, or when file descriptors are + * exhausted. + * + * However this can fail if the Linux kernel removes support + * for sysctl. Starting in 2007, there have been efforts to + * deprecate the sysctl API/ABI, and push callers towards use + * of the chroot-unavailable fd-using /proc mechanism -- + * essentially the same problems as /dev/urandom. + * + * Numerous setbacks have been encountered in their deprecation + * schedule, so as of June 2014 the kernel ABI still exists on + * most Linux architectures. The sysctl() stub in libc is missing + * on some systems. There are also reports that some kernels + * spew messages to the console. + */ + ret = getentropy_sysctl(buf, len); + if (ret != -1) + return (ret); +#endif /* SYS__sysctl */ + + /* + * Entropy collection via /dev/urandom and sysctl have failed. + * + * No other API exists for collecting entropy. See the large + * comment block above. + * + * We have very few options: + * - Even syslog_r is unsafe to call at this low level, so + * there is no way to alert the user or program. + * - Cannot call abort() because some systems have unsafe + * corefiles. + * - Could raise(SIGKILL) resulting in silent program termination. + * - Return EIO, to hint that arc4random's stir function + * should raise(SIGKILL) + * - Do the best under the circumstances.... + * + * This code path exists to bring light to the issue that Linux + * still does not provide a failsafe API for entropy collection. + * + * We hope this demonstrates that Linux should either retain their + * sysctl ABI, or consider providing a new failsafe API which + * works in a chroot or when file descriptors are exhausted. + */ +#undef FAIL_INSTEAD_OF_TRYING_FALLBACK +#ifdef FAIL_INSTEAD_OF_TRYING_FALLBACK + raise(SIGKILL); +#endif + ret = getentropy_fallback(buf, len); + if (ret != -1) + return (ret); + + errno = EIO; + return (ret); +} + +#if defined(SYS_getrandom) && defined(GRND_NONBLOCK) +static int +getentropy_getrandom(void *buf, size_t len) +{ + int pre_errno = errno; + int ret; + if (len > 256) + return (-1); + do { + ret = syscall(SYS_getrandom, buf, len, GRND_NONBLOCK); + } while (ret == -1 && errno == EINTR); + + if (ret != len) + return (-1); + errno = pre_errno; + return (0); +} +#endif + +static int +getentropy_urandom(void *buf, size_t len) +{ + struct stat st; + size_t i; + int fd, cnt, flags; + int save_errno = errno; + +start: + + flags = O_RDONLY; +#ifdef O_NOFOLLOW + flags |= O_NOFOLLOW; +#endif +#ifdef O_CLOEXEC + flags |= O_CLOEXEC; +#endif + fd = open("/dev/urandom", flags, 0); + if (fd == -1) { + if (errno == EINTR) + goto start; + goto nodevrandom; + } +#ifndef O_CLOEXEC + fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC); +#endif + + /* Lightly verify that the device node looks sane */ + if (fstat(fd, &st) == -1 || !S_ISCHR(st.st_mode)) { + close(fd); + goto nodevrandom; + } + if (ioctl(fd, RNDGETENTCNT, &cnt) == -1) { + close(fd); + goto nodevrandom; + } + for (i = 0; i < len; ) { + size_t wanted = len - i; + ssize_t ret = read(fd, (char *)buf + i, wanted); + + if (ret == -1) { + if (errno == EAGAIN || errno == EINTR) + continue; + close(fd); + goto nodevrandom; + } + i += ret; + } + close(fd); + errno = save_errno; + return (0); /* satisfied */ +nodevrandom: + errno = EIO; + return (-1); +} + +#ifdef SYS__sysctl +static int +getentropy_sysctl(void *buf, size_t len) +{ + static int mib[] = { CTL_KERN, KERN_RANDOM, RANDOM_UUID }; + size_t i; + int save_errno = errno; + + for (i = 0; i < len; ) { + size_t chunk = min(len - i, 16); + + /* SYS__sysctl because some systems already removed sysctl() */ + struct __sysctl_args args = { + .name = mib, + .nlen = 3, + .oldval = (char *)buf + i, + .oldlenp = &chunk, + }; + if (syscall(SYS__sysctl, &args) != 0) + goto sysctlfailed; + i += chunk; + } + errno = save_errno; + return (0); /* satisfied */ +sysctlfailed: + errno = EIO; + return (-1); +} +#endif /* SYS__sysctl */ + +static const int cl[] = { + CLOCK_REALTIME, +#ifdef CLOCK_MONOTONIC + CLOCK_MONOTONIC, +#endif +#ifdef CLOCK_MONOTONIC_RAW + CLOCK_MONOTONIC_RAW, +#endif +#ifdef CLOCK_TAI + CLOCK_TAI, +#endif +#ifdef CLOCK_VIRTUAL + CLOCK_VIRTUAL, +#endif +#ifdef CLOCK_UPTIME + CLOCK_UPTIME, +#endif +#ifdef CLOCK_PROCESS_CPUTIME_ID + CLOCK_PROCESS_CPUTIME_ID, +#endif +#ifdef CLOCK_THREAD_CPUTIME_ID + CLOCK_THREAD_CPUTIME_ID, +#endif +}; + +static int +getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data) +{ + SHA512_CTX *ctx = data; + + SHA512_Update(ctx, &info->dlpi_addr, sizeof (info->dlpi_addr)); + return (0); +} + +static int +getentropy_fallback(void *buf, size_t len) +{ + uint8_t results[SHA512_DIGEST_LENGTH]; + int save_errno = errno, e, pgs = getpagesize(), faster = 0, repeat; + static int cnt; + struct timespec ts; + struct timeval tv; + struct rusage ru; + sigset_t sigset; + struct stat st; + SHA512_CTX ctx; + static pid_t lastpid; + pid_t pid; + size_t i, ii, m; + char *p; + + pid = getpid(); + if (lastpid == pid) { + faster = 1; + repeat = 2; + } else { + faster = 0; + lastpid = pid; + repeat = REPEAT; + } + for (i = 0; i < len; ) { + int j; + SHA512_Init(&ctx); + for (j = 0; j < repeat; j++) { + HX((e = gettimeofday(&tv, NULL)) == -1, tv); + if (e != -1) { + cnt += (int)tv.tv_sec; + cnt += (int)tv.tv_usec; + } + + dl_iterate_phdr(getentropy_phdr, &ctx); + + for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]); ii++) + HX(clock_gettime(cl[ii], &ts) == -1, ts); + + HX((pid = getpid()) == -1, pid); + HX((pid = getsid(pid)) == -1, pid); + HX((pid = getppid()) == -1, pid); + HX((pid = getpgid(0)) == -1, pid); + HX((e = getpriority(0, 0)) == -1, e); + + if (!faster) { + ts.tv_sec = 0; + ts.tv_nsec = 1; + (void) nanosleep(&ts, NULL); + } + + HX(sigpending(&sigset) == -1, sigset); + HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1, + sigset); + + HF(getentropy); /* an addr in this library */ + HF(printf); /* an addr in libc */ + p = (char *)&p; + HD(p); /* an addr on stack */ + p = (char *)&errno; + HD(p); /* the addr of errno */ + + if (i == 0) { + struct sockaddr_storage ss; + struct statvfs stvfs; + struct termios tios; + struct statfs stfs; + socklen_t ssl; + off_t off; + + /* + * Prime-sized mappings encourage fragmentation; + * thus exposing some address entropy. + */ + struct mm { + size_t npg; + void *p; + } mm[] = { + { 17, MAP_FAILED }, { 3, MAP_FAILED }, + { 11, MAP_FAILED }, { 2, MAP_FAILED }, + { 5, MAP_FAILED }, { 3, MAP_FAILED }, + { 7, MAP_FAILED }, { 1, MAP_FAILED }, + { 57, MAP_FAILED }, { 3, MAP_FAILED }, + { 131, MAP_FAILED }, { 1, MAP_FAILED }, + }; + + for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) { + HX(mm[m].p = mmap(NULL, + mm[m].npg * pgs, + PROT_READ|PROT_WRITE, + MAP_PRIVATE|MAP_ANON, -1, + (off_t)0), mm[m].p); + if (mm[m].p != MAP_FAILED) { + size_t mo; + + /* Touch some memory... */ + p = mm[m].p; + mo = cnt % + (mm[m].npg * pgs - 1); + p[mo] = 1; + cnt += (int)((long)(mm[m].p) + / pgs); + } + + /* Check cnts and times... */ + for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]); + ii++) { + HX((e = clock_gettime(cl[ii], + &ts)) == -1, ts); + if (e != -1) + cnt += (int)ts.tv_nsec; + } + + HX((e = getrusage(RUSAGE_SELF, + &ru)) == -1, ru); + if (e != -1) { + cnt += (int)ru.ru_utime.tv_sec; + cnt += (int)ru.ru_utime.tv_usec; + } + } + + for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) { + if (mm[m].p != MAP_FAILED) + munmap(mm[m].p, mm[m].npg * pgs); + mm[m].p = MAP_FAILED; + } + + HX(stat(".", &st) == -1, st); + HX(statvfs(".", &stvfs) == -1, stvfs); + HX(statfs(".", &stfs) == -1, stfs); + + HX(stat("/", &st) == -1, st); + HX(statvfs("/", &stvfs) == -1, stvfs); + HX(statfs("/", &stfs) == -1, stfs); + + HX((e = fstat(0, &st)) == -1, st); + if (e == -1) { + if (S_ISREG(st.st_mode) || + S_ISFIFO(st.st_mode) || + S_ISSOCK(st.st_mode)) { + HX(fstatvfs(0, &stvfs) == -1, + stvfs); + HX(fstatfs(0, &stfs) == -1, + stfs); + HX((off = lseek(0, (off_t)0, + SEEK_CUR)) < 0, off); + } + if (S_ISCHR(st.st_mode)) { + HX(tcgetattr(0, &tios) == -1, + tios); + } else if (S_ISSOCK(st.st_mode)) { + memset(&ss, 0, sizeof ss); + ssl = sizeof(ss); + HX(getpeername(0, + (void *)&ss, &ssl) == -1, + ss); + } + } + + HX((e = getrusage(RUSAGE_CHILDREN, + &ru)) == -1, ru); + if (e != -1) { + cnt += (int)ru.ru_utime.tv_sec; + cnt += (int)ru.ru_utime.tv_usec; + } + } else { + /* Subsequent hashes absorb previous result */ + HD(results); + } + + HX((e = gettimeofday(&tv, NULL)) == -1, tv); + if (e != -1) { + cnt += (int)tv.tv_sec; + cnt += (int)tv.tv_usec; + } + + HD(cnt); + } +#ifdef HAVE_GETAUXVAL +#ifdef AT_RANDOM + /* Not as random as you think but we take what we are given */ + p = (char *) getauxval(AT_RANDOM); + if (p) + HR(p, 16); +#endif +#ifdef AT_SYSINFO_EHDR + p = (char *) getauxval(AT_SYSINFO_EHDR); + if (p) + HR(p, pgs); +#endif +#ifdef AT_BASE + p = (char *) getauxval(AT_BASE); + if (p) + HD(p); +#endif +#endif + + SHA512_Final(results, &ctx); + memcpy((char *)buf + i, results, min(sizeof(results), len - i)); + i += min(sizeof(results), len - i); + } + explicit_bzero(&ctx, sizeof ctx); + explicit_bzero(results, sizeof results); + errno = save_errno; + return (0); /* satisfied */ +} diff --git a/src/lib/libcrypto/arc4random/getentropy_netbsd.c b/src/lib/libcrypto/arc4random/getentropy_netbsd.c new file mode 100644 index 00000000000..45d68c9fda4 --- /dev/null +++ b/src/lib/libcrypto/arc4random/getentropy_netbsd.c @@ -0,0 +1,64 @@ +/* $OpenBSD: getentropy_netbsd.c,v 1.3 2016/08/07 03:27:21 tb Exp $ */ + +/* + * Copyright (c) 2014 Pawel Jakub Dawidek + * Copyright (c) 2014 Brent Cook + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Emulation of getentropy(2) as documented at: + * http://man.openbsd.org/getentropy.2 + */ + +#include +#include + +#include +#include + +/* + * Derived from lib/libc/gen/arc4random.c from FreeBSD. + */ +static size_t +getentropy_sysctl(u_char *buf, size_t size) +{ + int mib[2]; + size_t len, done; + + mib[0] = CTL_KERN; + mib[1] = KERN_ARND; + done = 0; + + do { + len = size; + if (sysctl(mib, 2, buf, &len, NULL, 0) == -1) + return (done); + done += len; + buf += len; + size -= len; + } while (size > 0); + + return (done); +} + +int +getentropy(void *buf, size_t len) +{ + if (len <= 256 && + getentropy_sysctl(buf, len) == len) { + return (0); + } + + errno = EIO; + return (-1); +} diff --git a/src/lib/libcrypto/arc4random/getentropy_osx.c b/src/lib/libcrypto/arc4random/getentropy_osx.c new file mode 100644 index 00000000000..26dcc824dee --- /dev/null +++ b/src/lib/libcrypto/arc4random/getentropy_osx.c @@ -0,0 +1,417 @@ +/* $OpenBSD: getentropy_osx.c,v 1.12 2018/11/20 08:04:28 deraadt Exp $ */ + +/* + * Copyright (c) 2014 Theo de Raadt + * Copyright (c) 2014 Bob Beck + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Emulation of getentropy(2) as documented at: + * http://man.openbsd.org/getentropy.2 + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#if TARGET_OS_OSX +#include +#include +#endif +#include +#include +#if TARGET_OS_OSX +#include +#include +#include +#include +#endif +#include +#define SHA512_Update(a, b, c) (CC_SHA512_Update((a), (b), (c))) +#define SHA512_Init(xxx) (CC_SHA512_Init((xxx))) +#define SHA512_Final(xxx, yyy) (CC_SHA512_Final((xxx), (yyy))) +#define SHA512_CTX CC_SHA512_CTX +#define SHA512_DIGEST_LENGTH CC_SHA512_DIGEST_LENGTH + +#define REPEAT 5 +#define min(a, b) (((a) < (b)) ? (a) : (b)) + +#define HX(a, b) \ + do { \ + if ((a)) \ + HD(errno); \ + else \ + HD(b); \ + } while (0) + +#define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l))) +#define HD(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (x))) +#define HF(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (void*))) + +int getentropy(void *buf, size_t len); + +static int getentropy_urandom(void *buf, size_t len); +static int getentropy_fallback(void *buf, size_t len); + +int +getentropy(void *buf, size_t len) +{ + int ret = -1; + + if (len > 256) { + errno = EIO; + return (-1); + } + + /* + * Try to get entropy with /dev/urandom + * + * This can fail if the process is inside a chroot or if file + * descriptors are exhausted. + */ + ret = getentropy_urandom(buf, len); + if (ret != -1) + return (ret); + + /* + * Entropy collection via /dev/urandom and sysctl have failed. + * + * No other API exists for collecting entropy, and we have + * no failsafe way to get it on OSX that is not sensitive + * to resource exhaustion. + * + * We have very few options: + * - Even syslog_r is unsafe to call at this low level, so + * there is no way to alert the user or program. + * - Cannot call abort() because some systems have unsafe + * corefiles. + * - Could raise(SIGKILL) resulting in silent program termination. + * - Return EIO, to hint that arc4random's stir function + * should raise(SIGKILL) + * - Do the best under the circumstances.... + * + * This code path exists to bring light to the issue that OSX + * does not provide a failsafe API for entropy collection. + * + * We hope this demonstrates that OSX should consider + * providing a new failsafe API which works in a chroot or + * when file descriptors are exhausted. + */ +#undef FAIL_INSTEAD_OF_TRYING_FALLBACK +#ifdef FAIL_INSTEAD_OF_TRYING_FALLBACK + raise(SIGKILL); +#endif + ret = getentropy_fallback(buf, len); + if (ret != -1) + return (ret); + + errno = EIO; + return (ret); +} + +static int +getentropy_urandom(void *buf, size_t len) +{ + struct stat st; + size_t i; + int fd, flags; + int save_errno = errno; + +start: + + flags = O_RDONLY; +#ifdef O_NOFOLLOW + flags |= O_NOFOLLOW; +#endif +#ifdef O_CLOEXEC + flags |= O_CLOEXEC; +#endif + fd = open("/dev/urandom", flags, 0); + if (fd == -1) { + if (errno == EINTR) + goto start; + goto nodevrandom; + } +#ifndef O_CLOEXEC + fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC); +#endif + + /* Lightly verify that the device node looks sane */ + if (fstat(fd, &st) == -1 || !S_ISCHR(st.st_mode)) { + close(fd); + goto nodevrandom; + } + for (i = 0; i < len; ) { + size_t wanted = len - i; + ssize_t ret = read(fd, (char *)buf + i, wanted); + + if (ret == -1) { + if (errno == EAGAIN || errno == EINTR) + continue; + close(fd); + goto nodevrandom; + } + i += ret; + } + close(fd); + errno = save_errno; + return (0); /* satisfied */ +nodevrandom: + errno = EIO; + return (-1); +} + +#if TARGET_OS_OSX +static int tcpmib[] = { CTL_NET, AF_INET, IPPROTO_TCP, TCPCTL_STATS }; +static int udpmib[] = { CTL_NET, AF_INET, IPPROTO_UDP, UDPCTL_STATS }; +static int ipmib[] = { CTL_NET, AF_INET, IPPROTO_IP, IPCTL_STATS }; +#endif +static int kmib[] = { CTL_KERN, KERN_USRSTACK }; +static int hwmib[] = { CTL_HW, HW_USERMEM }; + +static int +getentropy_fallback(void *buf, size_t len) +{ + uint8_t results[SHA512_DIGEST_LENGTH]; + int save_errno = errno, e, pgs = getpagesize(), faster = 0, repeat; + static int cnt; + struct timespec ts; + struct timeval tv; + struct rusage ru; + sigset_t sigset; + struct stat st; + SHA512_CTX ctx; + static pid_t lastpid; + pid_t pid; + size_t i, ii, m; + char *p; +#if TARGET_OS_OSX + struct tcpstat tcpstat; + struct udpstat udpstat; + struct ipstat ipstat; +#endif + u_int64_t mach_time; + unsigned int idata; + void *addr; + + pid = getpid(); + if (lastpid == pid) { + faster = 1; + repeat = 2; + } else { + faster = 0; + lastpid = pid; + repeat = REPEAT; + } + for (i = 0; i < len; ) { + int j; + SHA512_Init(&ctx); + for (j = 0; j < repeat; j++) { + HX((e = gettimeofday(&tv, NULL)) == -1, tv); + if (e != -1) { + cnt += (int)tv.tv_sec; + cnt += (int)tv.tv_usec; + } + + mach_time = mach_absolute_time(); + HD(mach_time); + + ii = sizeof(addr); + HX(sysctl(kmib, sizeof(kmib) / sizeof(kmib[0]), + &addr, &ii, NULL, 0) == -1, addr); + + ii = sizeof(idata); + HX(sysctl(hwmib, sizeof(hwmib) / sizeof(hwmib[0]), + &idata, &ii, NULL, 0) == -1, idata); + +#if TARGET_OS_OSX + ii = sizeof(tcpstat); + HX(sysctl(tcpmib, sizeof(tcpmib) / sizeof(tcpmib[0]), + &tcpstat, &ii, NULL, 0) == -1, tcpstat); + + ii = sizeof(udpstat); + HX(sysctl(udpmib, sizeof(udpmib) / sizeof(udpmib[0]), + &udpstat, &ii, NULL, 0) == -1, udpstat); + + ii = sizeof(ipstat); + HX(sysctl(ipmib, sizeof(ipmib) / sizeof(ipmib[0]), + &ipstat, &ii, NULL, 0) == -1, ipstat); +#endif + + HX((pid = getpid()) == -1, pid); + HX((pid = getsid(pid)) == -1, pid); + HX((pid = getppid()) == -1, pid); + HX((pid = getpgid(0)) == -1, pid); + HX((e = getpriority(0, 0)) == -1, e); + + if (!faster) { + ts.tv_sec = 0; + ts.tv_nsec = 1; + (void) nanosleep(&ts, NULL); + } + + HX(sigpending(&sigset) == -1, sigset); + HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1, + sigset); + + HF(getentropy); /* an addr in this library */ + HF(printf); /* an addr in libc */ + p = (char *)&p; + HD(p); /* an addr on stack */ + p = (char *)&errno; + HD(p); /* the addr of errno */ + + if (i == 0) { + struct sockaddr_storage ss; + struct statvfs stvfs; + struct termios tios; + struct statfs stfs; + socklen_t ssl; + off_t off; + + /* + * Prime-sized mappings encourage fragmentation; + * thus exposing some address entropy. + */ + struct mm { + size_t npg; + void *p; + } mm[] = { + { 17, MAP_FAILED }, { 3, MAP_FAILED }, + { 11, MAP_FAILED }, { 2, MAP_FAILED }, + { 5, MAP_FAILED }, { 3, MAP_FAILED }, + { 7, MAP_FAILED }, { 1, MAP_FAILED }, + { 57, MAP_FAILED }, { 3, MAP_FAILED }, + { 131, MAP_FAILED }, { 1, MAP_FAILED }, + }; + + for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) { + HX(mm[m].p = mmap(NULL, + mm[m].npg * pgs, + PROT_READ|PROT_WRITE, + MAP_PRIVATE|MAP_ANON, -1, + (off_t)0), mm[m].p); + if (mm[m].p != MAP_FAILED) { + size_t mo; + + /* Touch some memory... */ + p = mm[m].p; + mo = cnt % + (mm[m].npg * pgs - 1); + p[mo] = 1; + cnt += (int)((long)(mm[m].p) + / pgs); + } + + /* Check cnts and times... */ + mach_time = mach_absolute_time(); + HD(mach_time); + cnt += (int)mach_time; + + HX((e = getrusage(RUSAGE_SELF, + &ru)) == -1, ru); + if (e != -1) { + cnt += (int)ru.ru_utime.tv_sec; + cnt += (int)ru.ru_utime.tv_usec; + } + } + + for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) { + if (mm[m].p != MAP_FAILED) + munmap(mm[m].p, mm[m].npg * pgs); + mm[m].p = MAP_FAILED; + } + + HX(stat(".", &st) == -1, st); + HX(statvfs(".", &stvfs) == -1, stvfs); + HX(statfs(".", &stfs) == -1, stfs); + + HX(stat("/", &st) == -1, st); + HX(statvfs("/", &stvfs) == -1, stvfs); + HX(statfs("/", &stfs) == -1, stfs); + + HX((e = fstat(0, &st)) == -1, st); + if (e == -1) { + if (S_ISREG(st.st_mode) || + S_ISFIFO(st.st_mode) || + S_ISSOCK(st.st_mode)) { + HX(fstatvfs(0, &stvfs) == -1, + stvfs); + HX(fstatfs(0, &stfs) == -1, + stfs); + HX((off = lseek(0, (off_t)0, + SEEK_CUR)) < 0, off); + } + if (S_ISCHR(st.st_mode)) { + HX(tcgetattr(0, &tios) == -1, + tios); + } else if (S_ISSOCK(st.st_mode)) { + memset(&ss, 0, sizeof ss); + ssl = sizeof(ss); + HX(getpeername(0, + (void *)&ss, &ssl) == -1, + ss); + } + } + + HX((e = getrusage(RUSAGE_CHILDREN, + &ru)) == -1, ru); + if (e != -1) { + cnt += (int)ru.ru_utime.tv_sec; + cnt += (int)ru.ru_utime.tv_usec; + } + } else { + /* Subsequent hashes absorb previous result */ + HD(results); + } + + HX((e = gettimeofday(&tv, NULL)) == -1, tv); + if (e != -1) { + cnt += (int)tv.tv_sec; + cnt += (int)tv.tv_usec; + } + + HD(cnt); + } + + SHA512_Final(results, &ctx); + memcpy((char *)buf + i, results, min(sizeof(results), len - i)); + i += min(sizeof(results), len - i); + } + explicit_bzero(&ctx, sizeof ctx); + explicit_bzero(results, sizeof results); + errno = save_errno; + return (0); /* satisfied */ +} diff --git a/src/lib/libcrypto/arc4random/getentropy_solaris.c b/src/lib/libcrypto/arc4random/getentropy_solaris.c new file mode 100644 index 00000000000..b80c84de9e5 --- /dev/null +++ b/src/lib/libcrypto/arc4random/getentropy_solaris.c @@ -0,0 +1,422 @@ +/* $OpenBSD: getentropy_solaris.c,v 1.13 2018/11/20 08:04:28 deraadt Exp $ */ + +/* + * Copyright (c) 2014 Theo de Raadt + * Copyright (c) 2014 Bob Beck + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Emulation of getentropy(2) as documented at: + * http://man.openbsd.org/getentropy.2 + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#define SHA512_Init SHA512Init +#define SHA512_Update SHA512Update +#define SHA512_Final SHA512Final + +#include +#include +#include + +#define REPEAT 5 +#define min(a, b) (((a) < (b)) ? (a) : (b)) + +#define HX(a, b) \ + do { \ + if ((a)) \ + HD(errno); \ + else \ + HD(b); \ + } while (0) + +#define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l))) +#define HD(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (x))) +#define HF(x) (SHA512_Update(&ctx, (char *)&(x), sizeof (void*))) + +int getentropy(void *buf, size_t len); + +static int getentropy_urandom(void *buf, size_t len, const char *path, + int devfscheck); +static int getentropy_fallback(void *buf, size_t len); +static int getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data); + +int +getentropy(void *buf, size_t len) +{ + int ret = -1; + + if (len > 256) { + errno = EIO; + return (-1); + } + + /* + * Try to get entropy with /dev/urandom + * + * Solaris provides /dev/urandom as a symbolic link to + * /devices/pseudo/random@0:urandom which is provided by + * a devfs filesystem. Best practice is to use O_NOFOLLOW, + * so we must try the unpublished name directly. + * + * This can fail if the process is inside a chroot which lacks + * the devfs mount, or if file descriptors are exhausted. + */ + ret = getentropy_urandom(buf, len, + "/devices/pseudo/random@0:urandom", 1); + if (ret != -1) + return (ret); + + /* + * Unfortunately, chroot spaces on Solaris are sometimes setup + * with direct device node of the well-known /dev/urandom name + * (perhaps to avoid dragging all of devfs into the space). + * + * This can fail if the process is inside a chroot or if file + * descriptors are exhausted. + */ + ret = getentropy_urandom(buf, len, "/dev/urandom", 0); + if (ret != -1) + return (ret); + + /* + * Entropy collection via /dev/urandom has failed. + * + * No other API exists for collecting entropy, and we have + * no failsafe way to get it on Solaris that is not sensitive + * to resource exhaustion. + * + * We have very few options: + * - Even syslog_r is unsafe to call at this low level, so + * there is no way to alert the user or program. + * - Cannot call abort() because some systems have unsafe + * corefiles. + * - Could raise(SIGKILL) resulting in silent program termination. + * - Return EIO, to hint that arc4random's stir function + * should raise(SIGKILL) + * - Do the best under the circumstances.... + * + * This code path exists to bring light to the issue that Solaris + * does not provide a failsafe API for entropy collection. + * + * We hope this demonstrates that Solaris should consider + * providing a new failsafe API which works in a chroot or + * when file descriptors are exhausted. + */ +#undef FAIL_INSTEAD_OF_TRYING_FALLBACK +#ifdef FAIL_INSTEAD_OF_TRYING_FALLBACK + raise(SIGKILL); +#endif + ret = getentropy_fallback(buf, len); + if (ret != -1) + return (ret); + + errno = EIO; + return (ret); +} + +static int +getentropy_urandom(void *buf, size_t len, const char *path, int devfscheck) +{ + struct stat st; + size_t i; + int fd, flags; + int save_errno = errno; + +start: + + flags = O_RDONLY; +#ifdef O_NOFOLLOW + flags |= O_NOFOLLOW; +#endif +#ifdef O_CLOEXEC + flags |= O_CLOEXEC; +#endif + fd = open(path, flags, 0); + if (fd == -1) { + if (errno == EINTR) + goto start; + goto nodevrandom; + } +#ifndef O_CLOEXEC + fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC); +#endif + + /* Lightly verify that the device node looks sane */ + if (fstat(fd, &st) == -1 || !S_ISCHR(st.st_mode) || + (devfscheck && (strcmp(st.st_fstype, "devfs") != 0))) { + close(fd); + goto nodevrandom; + } + for (i = 0; i < len; ) { + size_t wanted = len - i; + ssize_t ret = read(fd, (char *)buf + i, wanted); + + if (ret == -1) { + if (errno == EAGAIN || errno == EINTR) + continue; + close(fd); + goto nodevrandom; + } + i += ret; + } + close(fd); + errno = save_errno; + return (0); /* satisfied */ +nodevrandom: + errno = EIO; + return (-1); +} + +static const int cl[] = { + CLOCK_REALTIME, +#ifdef CLOCK_MONOTONIC + CLOCK_MONOTONIC, +#endif +#ifdef CLOCK_MONOTONIC_RAW + CLOCK_MONOTONIC_RAW, +#endif +#ifdef CLOCK_TAI + CLOCK_TAI, +#endif +#ifdef CLOCK_VIRTUAL + CLOCK_VIRTUAL, +#endif +#ifdef CLOCK_UPTIME + CLOCK_UPTIME, +#endif +#ifdef CLOCK_PROCESS_CPUTIME_ID + CLOCK_PROCESS_CPUTIME_ID, +#endif +#ifdef CLOCK_THREAD_CPUTIME_ID + CLOCK_THREAD_CPUTIME_ID, +#endif +}; + +static int +getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data) +{ + SHA512_CTX *ctx = data; + + SHA512_Update(ctx, &info->dlpi_addr, sizeof (info->dlpi_addr)); + return (0); +} + +static int +getentropy_fallback(void *buf, size_t len) +{ + uint8_t results[SHA512_DIGEST_LENGTH]; + int save_errno = errno, e, pgs = getpagesize(), faster = 0, repeat; + static int cnt; + struct timespec ts; + struct timeval tv; + double loadavg[3]; + struct rusage ru; + sigset_t sigset; + struct stat st; + SHA512_CTX ctx; + static pid_t lastpid; + pid_t pid; + size_t i, ii, m; + char *p; + + pid = getpid(); + if (lastpid == pid) { + faster = 1; + repeat = 2; + } else { + faster = 0; + lastpid = pid; + repeat = REPEAT; + } + for (i = 0; i < len; ) { + int j; + SHA512_Init(&ctx); + for (j = 0; j < repeat; j++) { + HX((e = gettimeofday(&tv, NULL)) == -1, tv); + if (e != -1) { + cnt += (int)tv.tv_sec; + cnt += (int)tv.tv_usec; + } + + dl_iterate_phdr(getentropy_phdr, &ctx); + + for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]); ii++) + HX(clock_gettime(cl[ii], &ts) == -1, ts); + + HX((pid = getpid()) == -1, pid); + HX((pid = getsid(pid)) == -1, pid); + HX((pid = getppid()) == -1, pid); + HX((pid = getpgid(0)) == -1, pid); + HX((e = getpriority(0, 0)) == -1, e); + HX((getloadavg(loadavg, 3) == -1), loadavg); + + if (!faster) { + ts.tv_sec = 0; + ts.tv_nsec = 1; + (void) nanosleep(&ts, NULL); + } + + HX(sigpending(&sigset) == -1, sigset); + HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1, + sigset); + + HF(getentropy); /* an addr in this library */ + HF(printf); /* an addr in libc */ + p = (char *)&p; + HD(p); /* an addr on stack */ + p = (char *)&errno; + HD(p); /* the addr of errno */ + + if (i == 0) { + struct sockaddr_storage ss; + struct statvfs stvfs; + struct termios tios; + socklen_t ssl; + off_t off; + + /* + * Prime-sized mappings encourage fragmentation; + * thus exposing some address entropy. + */ + struct mm { + size_t npg; + void *p; + } mm[] = { + { 17, MAP_FAILED }, { 3, MAP_FAILED }, + { 11, MAP_FAILED }, { 2, MAP_FAILED }, + { 5, MAP_FAILED }, { 3, MAP_FAILED }, + { 7, MAP_FAILED }, { 1, MAP_FAILED }, + { 57, MAP_FAILED }, { 3, MAP_FAILED }, + { 131, MAP_FAILED }, { 1, MAP_FAILED }, + }; + + for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) { + HX(mm[m].p = mmap(NULL, + mm[m].npg * pgs, + PROT_READ|PROT_WRITE, + MAP_PRIVATE|MAP_ANON, -1, + (off_t)0), mm[m].p); + if (mm[m].p != MAP_FAILED) { + size_t mo; + + /* Touch some memory... */ + p = mm[m].p; + mo = cnt % + (mm[m].npg * pgs - 1); + p[mo] = 1; + cnt += (int)((long)(mm[m].p) + / pgs); + } + + /* Check cnts and times... */ + for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]); + ii++) { + HX((e = clock_gettime(cl[ii], + &ts)) == -1, ts); + if (e != -1) + cnt += (int)ts.tv_nsec; + } + + HX((e = getrusage(RUSAGE_SELF, + &ru)) == -1, ru); + if (e != -1) { + cnt += (int)ru.ru_utime.tv_sec; + cnt += (int)ru.ru_utime.tv_usec; + } + } + + for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) { + if (mm[m].p != MAP_FAILED) + munmap(mm[m].p, mm[m].npg * pgs); + mm[m].p = MAP_FAILED; + } + + HX(stat(".", &st) == -1, st); + HX(statvfs(".", &stvfs) == -1, stvfs); + + HX(stat("/", &st) == -1, st); + HX(statvfs("/", &stvfs) == -1, stvfs); + + HX((e = fstat(0, &st)) == -1, st); + if (e == -1) { + if (S_ISREG(st.st_mode) || + S_ISFIFO(st.st_mode) || + S_ISSOCK(st.st_mode)) { + HX(fstatvfs(0, &stvfs) == -1, + stvfs); + HX((off = lseek(0, (off_t)0, + SEEK_CUR)) < 0, off); + } + if (S_ISCHR(st.st_mode)) { + HX(tcgetattr(0, &tios) == -1, + tios); + } else if (S_ISSOCK(st.st_mode)) { + memset(&ss, 0, sizeof ss); + ssl = sizeof(ss); + HX(getpeername(0, + (void *)&ss, &ssl) == -1, + ss); + } + } + + HX((e = getrusage(RUSAGE_CHILDREN, + &ru)) == -1, ru); + if (e != -1) { + cnt += (int)ru.ru_utime.tv_sec; + cnt += (int)ru.ru_utime.tv_usec; + } + } else { + /* Subsequent hashes absorb previous result */ + HD(results); + } + + HX((e = gettimeofday(&tv, NULL)) == -1, tv); + if (e != -1) { + cnt += (int)tv.tv_sec; + cnt += (int)tv.tv_usec; + } + + HD(cnt); + } + SHA512_Final(results, &ctx); + memcpy((char *)buf + i, results, min(sizeof(results), len - i)); + i += min(sizeof(results), len - i); + } + explicit_bzero(&ctx, sizeof ctx); + explicit_bzero(results, sizeof results); + errno = save_errno; + return (0); /* satisfied */ +} diff --git a/src/lib/libcrypto/arc4random/getentropy_win.c b/src/lib/libcrypto/arc4random/getentropy_win.c new file mode 100644 index 00000000000..2abeb27bc62 --- /dev/null +++ b/src/lib/libcrypto/arc4random/getentropy_win.c @@ -0,0 +1,59 @@ +/* $OpenBSD: getentropy_win.c,v 1.5 2016/08/07 03:27:21 tb Exp $ */ + +/* + * Copyright (c) 2014, Theo de Raadt + * Copyright (c) 2014, Bob Beck + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Emulation of getentropy(2) as documented at: + * http://man.openbsd.org/getentropy.2 + */ + +#include +#include +#include +#include +#include +#include + +int getentropy(void *buf, size_t len); + +/* + * On Windows, CryptGenRandom is supposed to be a well-seeded + * cryptographically strong random number generator. + */ +int +getentropy(void *buf, size_t len) +{ + HCRYPTPROV provider; + + if (len > 256) { + errno = EIO; + return (-1); + } + + if (CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL, + CRYPT_VERIFYCONTEXT) == 0) + goto fail; + if (CryptGenRandom(provider, len, buf) == 0) { + CryptReleaseContext(provider, 0); + goto fail; + } + CryptReleaseContext(provider, 0); + return (0); + +fail: + errno = EIO; + return (-1); +} diff --git a/src/lib/libcrypto/arch/aarch64/Makefile.inc b/src/lib/libcrypto/arch/aarch64/Makefile.inc new file mode 100644 index 00000000000..8742504f2d4 --- /dev/null +++ b/src/lib/libcrypto/arch/aarch64/Makefile.inc @@ -0,0 +1,28 @@ +# $OpenBSD: Makefile.inc,v 1.1 2017/01/11 18:11:01 patrick Exp $ + +# aarch64-specific libcrypto build rules + +# aes +SRCS+= aes_core.c aes_cbc.c +# bf +SRCS+= bf_enc.c +# bn +SRCS+= bn_asm.c +# camellia +SRCS+= camellia.c cmll_cbc.c cmll_misc.c +# des +SRCS+= des_enc.c fcrypt_b.c +# modes +# rc4 +SRCS+= rc4_enc.c rc4_skey.c +# sha +# whrlpool +SRCS+= wp_block.c + +.for dir f in ${SSLASM} +SRCS+= ${f}.S +GENERATED+=${f}.S +${f}.S: ${LCRYPTO_SRC}/${dir}/asm/${f}.pl + /usr/bin/perl \ + ${LCRYPTO_SRC}/${dir}/asm/${f}.pl void ${.TARGET} > ${.TARGET} +.endfor diff --git a/src/lib/libcrypto/arch/aarch64/opensslconf.h b/src/lib/libcrypto/arch/aarch64/opensslconf.h new file mode 100644 index 00000000000..ab3e2d89b00 --- /dev/null +++ b/src/lib/libcrypto/arch/aarch64/opensslconf.h @@ -0,0 +1,154 @@ +#include +/* crypto/opensslconf.h.in */ + +#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) +#define OPENSSLDIR "/etc/ssl" +#endif + +#undef OPENSSL_UNISTD +#define OPENSSL_UNISTD + +#undef OPENSSL_EXPORT_VAR_AS_FUNCTION + +#if defined(HEADER_IDEA_H) && !defined(IDEA_INT) +#define IDEA_INT unsigned int +#endif + +#if defined(HEADER_MD2_H) && !defined(MD2_INT) +#define MD2_INT unsigned int +#endif + +#if defined(HEADER_RC2_H) && !defined(RC2_INT) +/* I need to put in a mod for the alpha - eay */ +#define RC2_INT unsigned int +#endif + +#if defined(HEADER_RC4_H) +#if !defined(RC4_INT) +/* using int types make the structure larger but make the code faster + * on most boxes I have tested - up to %20 faster. */ +/* + * I don't know what does "most" mean, but declaring "int" is a must on: + * - Intel P6 because partial register stalls are very expensive; + * - elder Alpha because it lacks byte load/store instructions; + */ +#define RC4_INT unsigned int +#endif +#if !defined(RC4_CHUNK) +/* + * This enables code handling data aligned at natural CPU word + * boundary. See crypto/rc4/rc4_enc.c for further details. + */ +#define RC4_CHUNK unsigned long +#endif +#endif + +#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG) +/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a + * %20 speed up (longs are 8 bytes, int's are 4). */ +#ifndef DES_LONG +#define DES_LONG unsigned int +#endif +#endif + +#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) +#define CONFIG_HEADER_BN_H +#undef BN_LLONG + +/* Should we define BN_DIV2W here? */ + +/* Only one for the following should be defined */ +/* The prime number generation stuff may not work when + * EIGHT_BIT but I don't care since I've only used this mode + * for debuging the bignum libraries */ +#define SIXTY_FOUR_BIT_LONG +#undef SIXTY_FOUR_BIT +#undef THIRTY_TWO_BIT +#undef SIXTEEN_BIT +#undef EIGHT_BIT +#endif + +#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) +#define CONFIG_HEADER_RC4_LOCL_H +/* if this is defined data[i] is used instead of *data, this is a %20 + * speedup on x86 */ +#undef RC4_INDEX +#endif + +#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H) +#define CONFIG_HEADER_BF_LOCL_H +#undef BF_PTR +#endif /* HEADER_BF_LOCL_H */ + +#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H) +#define CONFIG_HEADER_DES_LOCL_H +#ifndef DES_DEFAULT_OPTIONS +/* the following is tweaked from a config script, that is why it is a + * protected undef/define */ +#ifndef DES_PTR +#undef DES_PTR +#endif + +/* This helps C compiler generate the correct code for multiple functional + * units. It reduces register dependancies at the expense of 2 more + * registers */ +#ifndef DES_RISC1 +#undef DES_RISC1 +#endif + +#ifndef DES_RISC2 +#undef DES_RISC2 +#endif + +#if defined(DES_RISC1) && defined(DES_RISC2) +YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! +#endif + +/* Unroll the inner loop, this sometimes helps, sometimes hinders. + * Very mucy CPU dependant */ +#ifndef DES_UNROLL +#define DES_UNROLL +#endif + +/* These default values were supplied by + * Peter Gutman + * They are only used if nothing else has been defined */ +#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL) +/* Special defines which change the way the code is built depending on the + CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find + even newer MIPS CPU's, but at the moment one size fits all for + optimization options. Older Sparc's work better with only UNROLL, but + there's no way to tell at compile time what it is you're running on */ + +#if defined( sun ) /* Newer Sparc's */ +# define DES_PTR +# define DES_RISC1 +# define DES_UNROLL +#elif defined( __ultrix ) /* Older MIPS */ +# define DES_PTR +# define DES_RISC2 +# define DES_UNROLL +#elif defined( __osf1__ ) /* Alpha */ +# define DES_PTR +# define DES_RISC2 +#elif defined ( _AIX ) /* RS6000 */ + /* Unknown */ +#elif defined( __hpux ) /* HP-PA */ + /* Unknown */ +#elif defined( __aux ) /* 68K */ + /* Unknown */ +#elif defined( __dgux ) /* 88K (but P6 in latest boxes) */ +# define DES_UNROLL +#elif defined( __sgi ) /* Newer MIPS */ +# define DES_PTR +# define DES_RISC2 +# define DES_UNROLL +#elif defined(i386) || defined(__i386__) /* x86 boxes, should be gcc */ +# define DES_PTR +# define DES_RISC1 +# define DES_UNROLL +#endif /* Systems-specific speed defines */ +#endif + +#endif /* DES_DEFAULT_OPTIONS */ +#endif /* HEADER_DES_LOCL_H */ diff --git a/src/lib/libcrypto/arch/alpha/Makefile.inc b/src/lib/libcrypto/arch/alpha/Makefile.inc new file mode 100644 index 00000000000..82fa9fc1f47 --- /dev/null +++ b/src/lib/libcrypto/arch/alpha/Makefile.inc @@ -0,0 +1,43 @@ +# $OpenBSD: Makefile.inc,v 1.3 2014/11/17 20:31:21 miod Exp $ + +# alpha-specific libcrypto build rules + +# aes +SRCS+= aes_core.c aes_cbc.c +# bf +SRCS+= bf_enc.c +# bn +SRCS+= bn_asm.c +SSLASM+= bn alpha-mont +CFLAGS+= -DOPENSSL_BN_ASM_MONT +# camellia +SRCS+= camellia.c cmll_cbc.c cmll_misc.c +# des +SRCS+= des_enc.c fcrypt_b.c +# modes +CFLAGS+= -DGHASH_ASM +SSLASM+= modes ghash-alpha +# rc4 +SRCS+= rc4_enc.c rc4_skey.c +## rc5 +#SRCS+= rc5_enc.c +# sha +CFLAGS+= -DSHA1_ASM +SSLASM+= sha sha1-alpha +# whrlpool +SRCS+= wp_block.c + +.for dir f in ${SSLASM} +SRCS+= ${f}.S +GENERATED+=${f}.S +${f}.S: ${LCRYPTO_SRC}/${dir}/asm/${f}.pl + /usr/bin/perl \ + ${LCRYPTO_SRC}/${dir}/asm/${f}.pl > ${.TARGET} +.endfor + +CFLAGS+= -DOPENSSL_CPUID_OBJ +SRCS+= alphacpuid.S +GENERATED+=alphacpuid.S +alphacpuid.S: ${LCRYPTO_SRC}/alphacpuid.pl + /usr/bin/perl \ + ${LCRYPTO_SRC}/alphacpuid.pl > ${.TARGET} diff --git a/src/lib/libcrypto/arch/alpha/opensslconf.h b/src/lib/libcrypto/arch/alpha/opensslconf.h new file mode 100644 index 00000000000..a1331118f40 --- /dev/null +++ b/src/lib/libcrypto/arch/alpha/opensslconf.h @@ -0,0 +1,152 @@ +#include +/* crypto/opensslconf.h.in */ + +#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) +#define OPENSSLDIR "/etc/ssl" +#endif + +#undef OPENSSL_UNISTD +#define OPENSSL_UNISTD + +#undef OPENSSL_EXPORT_VAR_AS_FUNCTION + +#if defined(HEADER_IDEA_H) && !defined(IDEA_INT) +#define IDEA_INT unsigned int +#endif + +#if defined(HEADER_MD2_H) && !defined(MD2_INT) +#define MD2_INT unsigned int +#endif + +#if defined(HEADER_RC2_H) && !defined(RC2_INT) +/* I need to put in a mod for the alpha - eay */ +#define RC2_INT unsigned int +#endif + +#if defined(HEADER_RC4_H) +#if !defined(RC4_INT) +/* using int types make the structure larger but make the code faster + * on most boxes I have tested - up to %20 faster. */ +/* + * I don't know what does "most" mean, but declaring "int" is a must on: + * - Intel P6 because partial register stalls are very expensive; + * - elder Alpha because it lacks byte load/store instructions; + */ +#define RC4_INT unsigned int +#endif +#if !defined(RC4_CHUNK) +/* + * This enables code handling data aligned at natural CPU word + * boundary. See crypto/rc4/rc4_enc.c for further details. + */ +#define RC4_CHUNK unsigned long +#endif +#endif + +#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG) +/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a + * %20 speed up (longs are 8 bytes, int's are 4). */ +#ifndef DES_LONG +#define DES_LONG unsigned int +#endif +#endif + +#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) +#define CONFIG_HEADER_BN_H +#undef BN_LLONG + +/* Should we define BN_DIV2W here? */ + +/* Only one for the following should be defined */ +/* The prime number generation stuff may not work when + * EIGHT_BIT but I don't care since I've only used this mode + * for debuging the bignum libraries */ +#define SIXTY_FOUR_BIT_LONG +#undef SIXTY_FOUR_BIT +#undef THIRTY_TWO_BIT +#endif + +#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) +#define CONFIG_HEADER_RC4_LOCL_H +/* if this is defined data[i] is used instead of *data, this is a %20 + * speedup on x86 */ +#undef RC4_INDEX +#endif + +#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H) +#define CONFIG_HEADER_BF_LOCL_H +#define BF_PTR +#endif /* HEADER_BF_LOCL_H */ + +#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H) +#define CONFIG_HEADER_DES_LOCL_H +#ifndef DES_DEFAULT_OPTIONS +/* the following is tweaked from a config script, that is why it is a + * protected undef/define */ +#ifndef DES_PTR +#define DES_PTR +#endif + +/* This helps C compiler generate the correct code for multiple functional + * units. It reduces register dependancies at the expense of 2 more + * registers */ +#ifndef DES_RISC1 +#undef DES_RISC1 +#endif + +#ifndef DES_RISC2 +#define DES_RISC2 +#endif + +#if defined(DES_RISC1) && defined(DES_RISC2) +YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! +#endif + +/* Unroll the inner loop, this sometimes helps, sometimes hinders. + * Very mucy CPU dependant */ +#ifndef DES_UNROLL +#undef DES_UNROLL +#endif + +/* These default values were supplied by + * Peter Gutman + * They are only used if nothing else has been defined */ +#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL) +/* Special defines which change the way the code is built depending on the + CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find + even newer MIPS CPU's, but at the moment one size fits all for + optimization options. Older Sparc's work better with only UNROLL, but + there's no way to tell at compile time what it is you're running on */ + +#if defined( sun ) /* Newer Sparc's */ +# define DES_PTR +# define DES_RISC1 +# define DES_UNROLL +#elif defined( __ultrix ) /* Older MIPS */ +# define DES_PTR +# define DES_RISC2 +# define DES_UNROLL +#elif defined( __osf1__ ) /* Alpha */ +# define DES_PTR +# define DES_RISC2 +#elif defined ( _AIX ) /* RS6000 */ + /* Unknown */ +#elif defined( __hpux ) /* HP-PA */ + /* Unknown */ +#elif defined( __aux ) /* 68K */ + /* Unknown */ +#elif defined( __dgux ) /* 88K (but P6 in latest boxes) */ +# define DES_UNROLL +#elif defined( __sgi ) /* Newer MIPS */ +# define DES_PTR +# define DES_RISC2 +# define DES_UNROLL +#elif defined(i386) || defined(__i386__) /* x86 boxes, should be gcc */ +# define DES_PTR +# define DES_RISC1 +# define DES_UNROLL +#endif /* Systems-specific speed defines */ +#endif + +#endif /* DES_DEFAULT_OPTIONS */ +#endif /* HEADER_DES_LOCL_H */ diff --git a/src/lib/libcrypto/arch/amd64/Makefile.inc b/src/lib/libcrypto/arch/amd64/Makefile.inc new file mode 100644 index 00000000000..8b875625003 --- /dev/null +++ b/src/lib/libcrypto/arch/amd64/Makefile.inc @@ -0,0 +1,82 @@ +# $OpenBSD: Makefile.inc,v 1.8 2017/08/20 17:53:13 espie Exp $ + +# amd64-specific libcrypto build rules + +# all amd64 code generators use this +EXTRA_PL = ${LCRYPTO_SRC}/perlasm/x86_64-xlate.pl + +# aes +CFLAGS+= -DAES_ASM +SSLASM+= aes aes-x86_64 +CFLAGS+= -DBSAES_ASM +SSLASM+= aes bsaes-x86_64 +CFLAGS+= -DVPAES_ASM +SSLASM+= aes vpaes-x86_64 +SSLASM+= aes aesni-x86_64 +SSLASM+= aes aesni-sha1-x86_64 +# bf +SRCS+= bf_enc.c +# bn +CFLAGS+= -DOPENSSL_IA32_SSE2 +CFLAGS+= -DRSA_ASM +SSLASM+= bn modexp512-x86_64 +CFLAGS+= -DOPENSSL_BN_ASM_MONT +SSLASM+= bn x86_64-mont +CFLAGS+= -DOPENSSL_BN_ASM_MONT5 +SSLASM+= bn x86_64-mont5 +CFLAGS+= -DOPENSSL_BN_ASM_GF2m +SSLASM+= bn x86_64-gf2m +# camellia +SRCS+= cmll_misc.c +SSLASM+= camellia cmll-x86_64 +# des +SRCS+= des_enc.c fcrypt_b.c +# ec +#CFLAGS+= -DECP_NISTZ256_ASM +#SRCS+= ecp_nistz256.c +#SSLASM+= ec ecp_nistz256-x86_64 +# md5 +CFLAGS+= -DMD5_ASM +SSLASM+= md5 md5-x86_64 +# modes +CFLAGS+= -DGHASH_ASM +SSLASM+= modes ghash-x86_64 +# rc4 +CFLAGS+= -DRC4_MD5_ASM +SSLASM+= rc4 rc4-x86_64 +SSLASM+= rc4 rc4-md5-x86_64 +# ripemd +# sha +CFLAGS+= -DSHA1_ASM +SSLASM+= sha sha1-x86_64 +CFLAGS+= -DSHA256_ASM +SRCS+= sha256-x86_64.S +GENERATED+= sha256-x86_64.S +sha256-x86_64.S: ${LCRYPTO_SRC}/sha/asm/sha512-x86_64.pl ${EXTRA_PL} + cd ${LCRYPTO_SRC}/sha/asm ; \ + /usr/bin/perl ./sha512-x86_64.pl ${.OBJDIR}/${.TARGET} +CFLAGS+= -DSHA512_ASM +SRCS+= sha512-x86_64.S +GENERATED+= sha512-x86_64.S +sha512-x86_64.S: ${LCRYPTO_SRC}/sha/asm/sha512-x86_64.pl ${EXTRA_PL} + cd ${LCRYPTO_SRC}/sha/asm ; \ + /usr/bin/perl ./sha512-x86_64.pl ${.OBJDIR}/${.TARGET} +# whrlpool +CFLAGS+= -DWHIRLPOOL_ASM +SSLASM+= whrlpool wp-x86_64 + +.for dir f in ${SSLASM} +SRCS+= ${f}.S +GENERATED+=${f}.S +${f}.S: ${LCRYPTO_SRC}/${dir}/asm/${f}.pl ${EXTRA_PL} + (cd ${LCRYPTO_SRC}/${dir} ; \ + /usr/bin/perl ./asm/${f}.pl openbsd) > ${.TARGET} +.endfor + +CFLAGS+= -DOPENSSL_CPUID_OBJ +SRCS+= x86_64cpuid.S x86_64-gcc.c +GENERATED+=x86_64cpuid.S + +x86_64cpuid.S: ${LCRYPTO_SRC}/x86_64cpuid.pl ${EXTRA_PL} + (cd ${LCRYPTO_SRC}/${dir} ; \ + /usr/bin/perl ./x86_64cpuid.pl) > ${.TARGET} diff --git a/src/lib/libcrypto/arch/amd64/opensslconf.h b/src/lib/libcrypto/arch/amd64/opensslconf.h new file mode 100644 index 00000000000..f8cbb5d652f --- /dev/null +++ b/src/lib/libcrypto/arch/amd64/opensslconf.h @@ -0,0 +1,149 @@ +#include +/* crypto/opensslconf.h.in */ + +#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) +#define OPENSSLDIR "/etc/ssl" +#endif + +#undef OPENSSL_UNISTD +#define OPENSSL_UNISTD + +#undef OPENSSL_EXPORT_VAR_AS_FUNCTION + +#if defined(HEADER_IDEA_H) && !defined(IDEA_INT) +#define IDEA_INT unsigned int +#endif + +#if defined(HEADER_MD2_H) && !defined(MD2_INT) +#define MD2_INT unsigned int +#endif + +#if defined(HEADER_RC2_H) && !defined(RC2_INT) +/* I need to put in a mod for the alpha - eay */ +#define RC2_INT unsigned int +#endif + +#if defined(HEADER_RC4_H) +#if !defined(RC4_INT) +/* using int types make the structure larger but make the code faster + * on most boxes I have tested - up to %20 faster. */ +/* + * I don't know what does "most" mean, but declaring "int" is a must on: + * - Intel P6 because partial register stalls are very expensive; + * - elder Alpha because it lacks byte load/store instructions; + */ +#define RC4_INT unsigned int +#endif +#if !defined(RC4_CHUNK) +/* + * This enables code handling data aligned at natural CPU word + * boundary. See crypto/rc4/rc4_enc.c for further details. + */ +#define RC4_CHUNK unsigned long +#endif +#endif + +#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG) +/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a + * %20 speed up (longs are 8 bytes, int's are 4). */ +#ifndef DES_LONG +#define DES_LONG unsigned int +#endif +#endif + +#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) +#define CONFIG_HEADER_BN_H +#undef BN_LLONG + +/* Should we define BN_DIV2W here? */ + +/* Only one for the following should be defined */ +#define SIXTY_FOUR_BIT_LONG +#undef SIXTY_FOUR_BIT +#undef THIRTY_TWO_BIT +#endif + +#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) +#define CONFIG_HEADER_RC4_LOCL_H +/* if this is defined data[i] is used instead of *data, this is a %20 + * speedup on x86 */ +#undef RC4_INDEX +#endif + +#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H) +#define CONFIG_HEADER_BF_LOCL_H +#undef BF_PTR +#endif /* HEADER_BF_LOCL_H */ + +#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H) +#define CONFIG_HEADER_DES_LOCL_H +#ifndef DES_DEFAULT_OPTIONS +/* the following is tweaked from a config script, that is why it is a + * protected undef/define */ +#ifndef DES_PTR +#undef DES_PTR +#endif + +/* This helps C compiler generate the correct code for multiple functional + * units. It reduces register dependancies at the expense of 2 more + * registers */ +#ifndef DES_RISC1 +#undef DES_RISC1 +#endif + +#ifndef DES_RISC2 +#undef DES_RISC2 +#endif + +#if defined(DES_RISC1) && defined(DES_RISC2) +YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! +#endif + +/* Unroll the inner loop, this sometimes helps, sometimes hinders. + * Very mucy CPU dependant */ +#ifndef DES_UNROLL +#define DES_UNROLL +#endif + +/* These default values were supplied by + * Peter Gutman + * They are only used if nothing else has been defined */ +#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL) +/* Special defines which change the way the code is built depending on the + CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find + even newer MIPS CPU's, but at the moment one size fits all for + optimization options. Older Sparc's work better with only UNROLL, but + there's no way to tell at compile time what it is you're running on */ + +#if defined( sun ) /* Newer Sparc's */ +# define DES_PTR +# define DES_RISC1 +# define DES_UNROLL +#elif defined( __ultrix ) /* Older MIPS */ +# define DES_PTR +# define DES_RISC2 +# define DES_UNROLL +#elif defined( __osf1__ ) /* Alpha */ +# define DES_PTR +# define DES_RISC2 +#elif defined ( _AIX ) /* RS6000 */ + /* Unknown */ +#elif defined( __hpux ) /* HP-PA */ + /* Unknown */ +#elif defined( __aux ) /* 68K */ + /* Unknown */ +#elif defined( __dgux ) /* 88K (but P6 in latest boxes) */ +# define DES_UNROLL +#elif defined( __sgi ) /* Newer MIPS */ +# define DES_PTR +# define DES_RISC2 +# define DES_UNROLL +#elif defined(i386) || defined(__i386__) /* x86 boxes, should be gcc */ +# define DES_PTR +# define DES_RISC1 +# define DES_UNROLL +#endif /* Systems-specific speed defines */ +#endif + +#endif /* DES_DEFAULT_OPTIONS */ +#endif /* HEADER_DES_LOCL_H */ diff --git a/src/lib/libcrypto/arch/arm/Makefile.inc b/src/lib/libcrypto/arch/arm/Makefile.inc new file mode 100644 index 00000000000..76e158660ab --- /dev/null +++ b/src/lib/libcrypto/arch/arm/Makefile.inc @@ -0,0 +1,51 @@ +# $oPenBSD: Makefile.inc,v 1.2 2014/05/02 18:21:39 miod Exp $ + +# arm-specific libcrypto build rules + +# aes +SRCS+= aes_cbc.c +CFLAGS+= -DAES_ASM +SSLASM+= aes aes-armv4 +# bf +SRCS+= bf_enc.c +# bn +SRCS+= bn_asm.c +CFLAGS+= -DOPENSSL_BN_ASM_MONT +SSLASM+= bn armv4-mont +CFLAGS+= -DOPENSSL_BN_ASM_GF2m +SSLASM+= bn armv4-gf2m +# camellia +SRCS+= camellia.c cmll_cbc.c cmll_misc.c +# des +SRCS+= des_enc.c fcrypt_b.c +# # ec +# CFLAGS+= -DECP_NISTZ256_ASM +# SRCS+= ecp_nistz256.c +# SSLASM+= ec ecp_nistz256-armv4 +# modes +CFLAGS+= -DGHASH_ASM +SSLASM+= modes ghash-armv4 +# rc4 +SRCS+= rc4_enc.c rc4_skey.c +## rc5 +#SRCS+= rc5_enc.c +# sha +CFLAGS+= -DSHA1_ASM +SSLASM+= sha sha1-armv4-large +CFLAGS+= -DSHA256_ASM +SSLASM+= sha sha256-armv4 +CFLAGS+= -DSHA512_ASM +SSLASM+= sha sha512-armv4 +# whrlpool +SRCS+= wp_block.c + +.for dir f in ${SSLASM} +SRCS+= ${f}.S +GENERATED+=${f}.S +${f}.S: ${LCRYPTO_SRC}/${dir}/asm/${f}.pl + /usr/bin/perl \ + ${LCRYPTO_SRC}/${dir}/asm/${f}.pl void ${.TARGET} > ${.TARGET} +.endfor + +CFLAGS+= -DOPENSSL_CPUID_OBJ +SRCS+= armv4cpuid.S armcap.c diff --git a/src/lib/libcrypto/arch/arm/opensslconf.h b/src/lib/libcrypto/arch/arm/opensslconf.h new file mode 100644 index 00000000000..78cd6d856fb --- /dev/null +++ b/src/lib/libcrypto/arch/arm/opensslconf.h @@ -0,0 +1,154 @@ +#include +/* crypto/opensslconf.h.in */ + +#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) +#define OPENSSLDIR "/etc/ssl" +#endif + +#undef OPENSSL_UNISTD +#define OPENSSL_UNISTD + +#undef OPENSSL_EXPORT_VAR_AS_FUNCTION + +#if defined(HEADER_IDEA_H) && !defined(IDEA_INT) +#define IDEA_INT unsigned int +#endif + +#if defined(HEADER_MD2_H) && !defined(MD2_INT) +#define MD2_INT unsigned int +#endif + +#if defined(HEADER_RC2_H) && !defined(RC2_INT) +/* I need to put in a mod for the alpha - eay */ +#define RC2_INT unsigned int +#endif + +#if defined(HEADER_RC4_H) +#if !defined(RC4_INT) +/* using int types make the structure larger but make the code faster + * on most boxes I have tested - up to %20 faster. */ +/* + * I don't know what does "most" mean, but declaring "int" is a must on: + * - Intel P6 because partial register stalls are very expensive; + * - elder Alpha because it lacks byte load/store instructions; + */ +#define RC4_INT unsigned int +#endif +#if !defined(RC4_CHUNK) +/* + * This enables code handling data aligned at natural CPU word + * boundary. See crypto/rc4/rc4_enc.c for further details. + */ +#undef RC4_CHUNK +#endif +#endif + +#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG) +/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a + * %20 speed up (longs are 8 bytes, int's are 4). */ +#ifndef DES_LONG +#define DES_LONG unsigned int +#endif +#endif + +#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) +#define CONFIG_HEADER_BN_H +#define BN_LLONG + +/* Should we define BN_DIV2W here? */ + +/* Only one for the following should be defined */ +/* The prime number generation stuff may not work when + * EIGHT_BIT but I don't care since I've only used this mode + * for debuging the bignum libraries */ +#undef SIXTY_FOUR_BIT_LONG +#undef SIXTY_FOUR_BIT +#define THIRTY_TWO_BIT +#undef SIXTEEN_BIT +#undef EIGHT_BIT +#endif + +#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) +#define CONFIG_HEADER_RC4_LOCL_H +/* if this is defined data[i] is used instead of *data, this is a %20 + * speedup on x86 */ +#define RC4_INDEX +#endif + +#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H) +#define CONFIG_HEADER_BF_LOCL_H +#undef BF_PTR +#endif /* HEADER_BF_LOCL_H */ + +#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H) +#define CONFIG_HEADER_DES_LOCL_H +#ifndef DES_DEFAULT_OPTIONS +/* the following is tweaked from a config script, that is why it is a + * protected undef/define */ +#ifndef DES_PTR +#undef DES_PTR +#endif + +/* This helps C compiler generate the correct code for multiple functional + * units. It reduces register dependancies at the expense of 2 more + * registers */ +#ifndef DES_RISC1 +#undef DES_RISC1 +#endif + +#ifndef DES_RISC2 +#undef DES_RISC2 +#endif + +#if defined(DES_RISC1) && defined(DES_RISC2) +YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! +#endif + +/* Unroll the inner loop, this sometimes helps, sometimes hinders. + * Very mucy CPU dependant */ +#ifndef DES_UNROLL +#define DES_UNROLL +#endif + +/* These default values were supplied by + * Peter Gutman + * They are only used if nothing else has been defined */ +#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL) +/* Special defines which change the way the code is built depending on the + CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find + even newer MIPS CPU's, but at the moment one size fits all for + optimization options. Older Sparc's work better with only UNROLL, but + there's no way to tell at compile time what it is you're running on */ + +#if defined( sun ) /* Newer Sparc's */ +# define DES_PTR +# define DES_RISC1 +# define DES_UNROLL +#elif defined( __ultrix ) /* Older MIPS */ +# define DES_PTR +# define DES_RISC2 +# define DES_UNROLL +#elif defined( __osf1__ ) /* Alpha */ +# define DES_PTR +# define DES_RISC2 +#elif defined ( _AIX ) /* RS6000 */ + /* Unknown */ +#elif defined( __hpux ) /* HP-PA */ + /* Unknown */ +#elif defined( __aux ) /* 68K */ + /* Unknown */ +#elif defined( __dgux ) /* 88K (but P6 in latest boxes) */ +# define DES_UNROLL +#elif defined( __sgi ) /* Newer MIPS */ +# define DES_PTR +# define DES_RISC2 +# define DES_UNROLL +#elif defined(i386) || defined(__i386__) /* x86 boxes, should be gcc */ +# define DES_PTR +# define DES_RISC1 +# define DES_UNROLL +#endif /* Systems-specific speed defines */ +#endif + +#endif /* DES_DEFAULT_OPTIONS */ +#endif /* HEADER_DES_LOCL_H */ diff --git a/src/lib/libcrypto/arch/hppa/Makefile.inc b/src/lib/libcrypto/arch/hppa/Makefile.inc new file mode 100644 index 00000000000..0e18de20746 --- /dev/null +++ b/src/lib/libcrypto/arch/hppa/Makefile.inc @@ -0,0 +1,51 @@ +# $OpenBSD: Makefile.inc,v 1.9 2015/03/18 05:26:10 miod Exp $ + +# hppa-specific libcrypto build rules + +# aes +SRCS+= aes_core.c aes_cbc.c +CFLAGS+= -DAES_ASM +SSLASM+= aes aes-parisc aes-parisc +# bf +SRCS+= bf_enc.c +# bn +SRCS+= bn_asm.c +SSLASM+= bn parisc-mont parisc-mont +CFLAGS+= -DOPENSSL_BN_ASM_MONT -DBN_DIV2W +# camellia +SRCS+= camellia.c cmll_cbc.c cmll_misc.c +# des +SRCS+= des_enc.c fcrypt_b.c +# modes +CFLAGS+= -DGHASH_ASM +SSLASM+= modes ghash-parisc ghash-parisc +# rc4 +.if 0 # about 35% slower than C code +SSLASM+= rc4 rc4-parisc rc4-parisc +.else +SRCS+= rc4_enc.c rc4_skey.c +.endif +## rc5 +#SRCS+= rc5_enc.c +# sha +CFLAGS+= -DSHA1_ASM +SSLASM+= sha sha1-parisc sha1-parisc +CFLAGS+= -DSHA256_ASM +SSLASM+= sha sha512-parisc sha256-parisc +# whrlpool +SRCS+= wp_block.c + +.for dir src dst in ${SSLASM} +SRCS+= ${dst}.S +GENERATED+=${dst}.S +${dst}.S: ${LCRYPTO_SRC}/${dir}/asm/${src}.pl + /usr/bin/perl \ + ${LCRYPTO_SRC}/${dir}/asm/${src}.pl 32 ${.TARGET} > ${.TARGET} +.endfor + +CFLAGS+= -DOPENSSL_CPUID_OBJ +SRCS+= pariscid.S +GENERATED+=pariscid.S +pariscid.S: ${LCRYPTO_SRC}/pariscid.pl + /usr/bin/perl \ + ${LCRYPTO_SRC}/pariscid.pl 32 > ${.TARGET} diff --git a/src/lib/libcrypto/arch/hppa/opensslconf.h b/src/lib/libcrypto/arch/hppa/opensslconf.h new file mode 100644 index 00000000000..78cd6d856fb --- /dev/null +++ b/src/lib/libcrypto/arch/hppa/opensslconf.h @@ -0,0 +1,154 @@ +#include +/* crypto/opensslconf.h.in */ + +#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) +#define OPENSSLDIR "/etc/ssl" +#endif + +#undef OPENSSL_UNISTD +#define OPENSSL_UNISTD + +#undef OPENSSL_EXPORT_VAR_AS_FUNCTION + +#if defined(HEADER_IDEA_H) && !defined(IDEA_INT) +#define IDEA_INT unsigned int +#endif + +#if defined(HEADER_MD2_H) && !defined(MD2_INT) +#define MD2_INT unsigned int +#endif + +#if defined(HEADER_RC2_H) && !defined(RC2_INT) +/* I need to put in a mod for the alpha - eay */ +#define RC2_INT unsigned int +#endif + +#if defined(HEADER_RC4_H) +#if !defined(RC4_INT) +/* using int types make the structure larger but make the code faster + * on most boxes I have tested - up to %20 faster. */ +/* + * I don't know what does "most" mean, but declaring "int" is a must on: + * - Intel P6 because partial register stalls are very expensive; + * - elder Alpha because it lacks byte load/store instructions; + */ +#define RC4_INT unsigned int +#endif +#if !defined(RC4_CHUNK) +/* + * This enables code handling data aligned at natural CPU word + * boundary. See crypto/rc4/rc4_enc.c for further details. + */ +#undef RC4_CHUNK +#endif +#endif + +#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG) +/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a + * %20 speed up (longs are 8 bytes, int's are 4). */ +#ifndef DES_LONG +#define DES_LONG unsigned int +#endif +#endif + +#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) +#define CONFIG_HEADER_BN_H +#define BN_LLONG + +/* Should we define BN_DIV2W here? */ + +/* Only one for the following should be defined */ +/* The prime number generation stuff may not work when + * EIGHT_BIT but I don't care since I've only used this mode + * for debuging the bignum libraries */ +#undef SIXTY_FOUR_BIT_LONG +#undef SIXTY_FOUR_BIT +#define THIRTY_TWO_BIT +#undef SIXTEEN_BIT +#undef EIGHT_BIT +#endif + +#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) +#define CONFIG_HEADER_RC4_LOCL_H +/* if this is defined data[i] is used instead of *data, this is a %20 + * speedup on x86 */ +#define RC4_INDEX +#endif + +#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H) +#define CONFIG_HEADER_BF_LOCL_H +#undef BF_PTR +#endif /* HEADER_BF_LOCL_H */ + +#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H) +#define CONFIG_HEADER_DES_LOCL_H +#ifndef DES_DEFAULT_OPTIONS +/* the following is tweaked from a config script, that is why it is a + * protected undef/define */ +#ifndef DES_PTR +#undef DES_PTR +#endif + +/* This helps C compiler generate the correct code for multiple functional + * units. It reduces register dependancies at the expense of 2 more + * registers */ +#ifndef DES_RISC1 +#undef DES_RISC1 +#endif + +#ifndef DES_RISC2 +#undef DES_RISC2 +#endif + +#if defined(DES_RISC1) && defined(DES_RISC2) +YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! +#endif + +/* Unroll the inner loop, this sometimes helps, sometimes hinders. + * Very mucy CPU dependant */ +#ifndef DES_UNROLL +#define DES_UNROLL +#endif + +/* These default values were supplied by + * Peter Gutman + * They are only used if nothing else has been defined */ +#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL) +/* Special defines which change the way the code is built depending on the + CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find + even newer MIPS CPU's, but at the moment one size fits all for + optimization options. Older Sparc's work better with only UNROLL, but + there's no way to tell at compile time what it is you're running on */ + +#if defined( sun ) /* Newer Sparc's */ +# define DES_PTR +# define DES_RISC1 +# define DES_UNROLL +#elif defined( __ultrix ) /* Older MIPS */ +# define DES_PTR +# define DES_RISC2 +# define DES_UNROLL +#elif defined( __osf1__ ) /* Alpha */ +# define DES_PTR +# define DES_RISC2 +#elif defined ( _AIX ) /* RS6000 */ + /* Unknown */ +#elif defined( __hpux ) /* HP-PA */ + /* Unknown */ +#elif defined( __aux ) /* 68K */ + /* Unknown */ +#elif defined( __dgux ) /* 88K (but P6 in latest boxes) */ +# define DES_UNROLL +#elif defined( __sgi ) /* Newer MIPS */ +# define DES_PTR +# define DES_RISC2 +# define DES_UNROLL +#elif defined(i386) || defined(__i386__) /* x86 boxes, should be gcc */ +# define DES_PTR +# define DES_RISC1 +# define DES_UNROLL +#endif /* Systems-specific speed defines */ +#endif + +#endif /* DES_DEFAULT_OPTIONS */ +#endif /* HEADER_DES_LOCL_H */ diff --git a/src/lib/libcrypto/arch/i386/Makefile.inc b/src/lib/libcrypto/arch/i386/Makefile.inc new file mode 100644 index 00000000000..7986a0f54ed --- /dev/null +++ b/src/lib/libcrypto/arch/i386/Makefile.inc @@ -0,0 +1,73 @@ +# $OpenBSD: Makefile.inc,v 1.6 2017/08/20 17:53:13 espie Exp $ + +# i386-specific libcrypto build rules + +# all i386 code generators use these +EXTRA_PL = ${LCRYPTO_SRC}/perlasm/x86gas.pl ${LCRYPTO_SRC}/perlasm/x86asm.pl + +# aes +CFLAGS+= -DAES_ASM +SSLASM+= aes aes-586 +CFLAGS+= -DVPAES_ASM +SSLASM+= aes vpaes-x86 +SSLASM+= aes aesni-x86 +# bf +SRCS+= bf_cbc.c +SSLASM+= bf bf-586 +# bn +CFLAGS+= -DOPENSSL_IA32_SSE2 +CFLAGS+= -DOPENSSL_BN_ASM_PART_WORDS +SSLASM+= bn bn-586 +SSLASM+= bn co-586 +CFLAGS+= -DOPENSSL_BN_ASM_MONT +SSLASM+= bn x86-mont +CFLAGS+= -DOPENSSL_BN_ASM_GF2m +SSLASM+= bn x86-gf2m +# camellia +SSLASM+= camellia cmll-x86 +# des +SRCS+= fcrypt_b.c +SSLASM+= des des-586 +# # ec +# CFLAGS+= -DECP_NISTZ256_ASM +# SRCS+= ecp_nistz256.c +# SSLASM+= ec ecp_nistz256-x86 +# md5 +CFLAGS+= -DMD5_ASM +SSLASM+= md5 md5-586 +# modes +CFLAGS+= -DGHASH_ASM +SSLASM+= modes ghash-x86 +# rc4 +SSLASM+= rc4 rc4-586 +# ripemd +CFLAGS+= -DRMD160_ASM +SSLASM+= ripemd rmd-586 +# sha +CFLAGS+= -DSHA1_ASM +SSLASM+= sha sha1-586 +CFLAGS+= -DSHA256_ASM +SSLASM+= sha sha256-586 +CFLAGS+= -DSHA512_ASM +SSLASM+= sha sha512-586 +# whrlpool +SRCS+= wp_block.c +CFLAGS+= -DWHIRLPOOL_ASM +SSLASM+= whrlpool wp-mmx + +.for dir f in ${SSLASM} +SRCS+= ${f}.S +GENERATED+=${f}.S +${f}.S: ${LCRYPTO_SRC}/${dir}/asm/${f}.pl ${EXTRA_PL} + /usr/bin/perl -I${LCRYPTO_SRC}/perlasm -I${LCRYPTO_SRC}/${dir}/asm \ + ${LCRYPTO_SRC}/${dir}/asm/${f}.pl \ + openbsd-elf ${CFLAGS} 386 ${PICFLAG} > ${.TARGET} +.endfor + +CFLAGS+= -DOPENSSL_CPUID_OBJ +SRCS+= x86cpuid.S +GENERATED+=x86cpuid.S + +x86cpuid.S: ${LCRYPTO_SRC}/x86cpuid.pl ${EXTRA_PL} + /usr/bin/perl -I${LCRYPTO_SRC}/perlasm ${LCRYPTO_SRC}/x86cpuid.pl \ + openbsd-elf ${CFLAGS} 386 ${PICFLAG} > ${.TARGET} diff --git a/src/lib/libcrypto/arch/i386/opensslconf.h b/src/lib/libcrypto/arch/i386/opensslconf.h new file mode 100644 index 00000000000..bf439696d89 --- /dev/null +++ b/src/lib/libcrypto/arch/i386/opensslconf.h @@ -0,0 +1,154 @@ +#include +/* crypto/opensslconf.h.in */ + +#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) +#define OPENSSLDIR "/etc/ssl" +#endif + +#undef OPENSSL_UNISTD +#define OPENSSL_UNISTD + +#undef OPENSSL_EXPORT_VAR_AS_FUNCTION + +#if defined(HEADER_IDEA_H) && !defined(IDEA_INT) +#define IDEA_INT unsigned int +#endif + +#if defined(HEADER_MD2_H) && !defined(MD2_INT) +#define MD2_INT unsigned int +#endif + +#if defined(HEADER_RC2_H) && !defined(RC2_INT) +/* I need to put in a mod for the alpha - eay */ +#define RC2_INT unsigned int +#endif + +#if defined(HEADER_RC4_H) +#if !defined(RC4_INT) +/* using int types make the structure larger but make the code faster + * on most boxes I have tested - up to %20 faster. */ +/* + * I don't know what does "most" mean, but declaring "int" is a must on: + * - Intel P6 because partial register stalls are very expensive; + * - elder Alpha because it lacks byte load/store instructions; + */ +#define RC4_INT unsigned int +#endif +#if !defined(RC4_CHUNK) +/* + * This enables code handling data aligned at natural CPU word + * boundary. See crypto/rc4/rc4_enc.c for further details. + */ +#undef RC4_CHUNK +#endif +#endif + +#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG) +/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a + * %20 speed up (longs are 8 bytes, int's are 4). */ +#ifndef DES_LONG +#define DES_LONG unsigned long +#endif +#endif + +#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) +#define CONFIG_HEADER_BN_H +#define BN_LLONG + +/* Should we define BN_DIV2W here? */ + +/* Only one for the following should be defined */ +/* The prime number generation stuff may not work when + * EIGHT_BIT but I don't care since I've only used this mode + * for debuging the bignum libraries */ +#undef SIXTY_FOUR_BIT_LONG +#undef SIXTY_FOUR_BIT +#define THIRTY_TWO_BIT +#undef SIXTEEN_BIT +#undef EIGHT_BIT +#endif + +#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) +#define CONFIG_HEADER_RC4_LOCL_H +/* if this is defined data[i] is used instead of *data, this is a %20 + * speedup on x86 */ +#define RC4_INDEX +#endif + +#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H) +#define CONFIG_HEADER_BF_LOCL_H +#undef BF_PTR +#endif /* HEADER_BF_LOCL_H */ + +#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H) +#define CONFIG_HEADER_DES_LOCL_H +#ifndef DES_DEFAULT_OPTIONS +/* the following is tweaked from a config script, that is why it is a + * protected undef/define */ +#ifndef DES_PTR +#define DES_PTR +#endif + +/* This helps C compiler generate the correct code for multiple functional + * units. It reduces register dependancies at the expense of 2 more + * registers */ +#ifndef DES_RISC1 +#define DES_RISC1 +#endif + +#ifndef DES_RISC2 +#undef DES_RISC2 +#endif + +#if defined(DES_RISC1) && defined(DES_RISC2) +YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! +#endif + +/* Unroll the inner loop, this sometimes helps, sometimes hinders. + * Very mucy CPU dependant */ +#ifndef DES_UNROLL +#define DES_UNROLL +#endif + +/* These default values were supplied by + * Peter Gutman + * They are only used if nothing else has been defined */ +#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL) +/* Special defines which change the way the code is built depending on the + CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find + even newer MIPS CPU's, but at the moment one size fits all for + optimization options. Older Sparc's work better with only UNROLL, but + there's no way to tell at compile time what it is you're running on */ + +#if defined( sun ) /* Newer Sparc's */ +# define DES_PTR +# define DES_RISC1 +# define DES_UNROLL +#elif defined( __ultrix ) /* Older MIPS */ +# define DES_PTR +# define DES_RISC2 +# define DES_UNROLL +#elif defined( __osf1__ ) /* Alpha */ +# define DES_PTR +# define DES_RISC2 +#elif defined ( _AIX ) /* RS6000 */ + /* Unknown */ +#elif defined( __hpux ) /* HP-PA */ + /* Unknown */ +#elif defined( __aux ) /* 68K */ + /* Unknown */ +#elif defined( __dgux ) /* 88K (but P6 in latest boxes) */ +# define DES_UNROLL +#elif defined( __sgi ) /* Newer MIPS */ +# define DES_PTR +# define DES_RISC2 +# define DES_UNROLL +#elif defined(i386) || defined(__i386__) /* x86 boxes, should be gcc */ +# define DES_PTR +# define DES_RISC1 +# define DES_UNROLL +#endif /* Systems-specific speed defines */ +#endif + +#endif /* DES_DEFAULT_OPTIONS */ +#endif /* HEADER_DES_LOCL_H */ diff --git a/src/lib/libcrypto/arch/m88k/opensslconf.h b/src/lib/libcrypto/arch/m88k/opensslconf.h new file mode 100644 index 00000000000..78cd6d856fb --- /dev/null +++ b/src/lib/libcrypto/arch/m88k/opensslconf.h @@ -0,0 +1,154 @@ +#include +/* crypto/opensslconf.h.in */ + +#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) +#define OPENSSLDIR "/etc/ssl" +#endif + +#undef OPENSSL_UNISTD +#define OPENSSL_UNISTD + +#undef OPENSSL_EXPORT_VAR_AS_FUNCTION + +#if defined(HEADER_IDEA_H) && !defined(IDEA_INT) +#define IDEA_INT unsigned int +#endif + +#if defined(HEADER_MD2_H) && !defined(MD2_INT) +#define MD2_INT unsigned int +#endif + +#if defined(HEADER_RC2_H) && !defined(RC2_INT) +/* I need to put in a mod for the alpha - eay */ +#define RC2_INT unsigned int +#endif + +#if defined(HEADER_RC4_H) +#if !defined(RC4_INT) +/* using int types make the structure larger but make the code faster + * on most boxes I have tested - up to %20 faster. */ +/* + * I don't know what does "most" mean, but declaring "int" is a must on: + * - Intel P6 because partial register stalls are very expensive; + * - elder Alpha because it lacks byte load/store instructions; + */ +#define RC4_INT unsigned int +#endif +#if !defined(RC4_CHUNK) +/* + * This enables code handling data aligned at natural CPU word + * boundary. See crypto/rc4/rc4_enc.c for further details. + */ +#undef RC4_CHUNK +#endif +#endif + +#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG) +/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a + * %20 speed up (longs are 8 bytes, int's are 4). */ +#ifndef DES_LONG +#define DES_LONG unsigned int +#endif +#endif + +#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) +#define CONFIG_HEADER_BN_H +#define BN_LLONG + +/* Should we define BN_DIV2W here? */ + +/* Only one for the following should be defined */ +/* The prime number generation stuff may not work when + * EIGHT_BIT but I don't care since I've only used this mode + * for debuging the bignum libraries */ +#undef SIXTY_FOUR_BIT_LONG +#undef SIXTY_FOUR_BIT +#define THIRTY_TWO_BIT +#undef SIXTEEN_BIT +#undef EIGHT_BIT +#endif + +#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) +#define CONFIG_HEADER_RC4_LOCL_H +/* if this is defined data[i] is used instead of *data, this is a %20 + * speedup on x86 */ +#define RC4_INDEX +#endif + +#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H) +#define CONFIG_HEADER_BF_LOCL_H +#undef BF_PTR +#endif /* HEADER_BF_LOCL_H */ + +#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H) +#define CONFIG_HEADER_DES_LOCL_H +#ifndef DES_DEFAULT_OPTIONS +/* the following is tweaked from a config script, that is why it is a + * protected undef/define */ +#ifndef DES_PTR +#undef DES_PTR +#endif + +/* This helps C compiler generate the correct code for multiple functional + * units. It reduces register dependancies at the expense of 2 more + * registers */ +#ifndef DES_RISC1 +#undef DES_RISC1 +#endif + +#ifndef DES_RISC2 +#undef DES_RISC2 +#endif + +#if defined(DES_RISC1) && defined(DES_RISC2) +YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! +#endif + +/* Unroll the inner loop, this sometimes helps, sometimes hinders. + * Very mucy CPU dependant */ +#ifndef DES_UNROLL +#define DES_UNROLL +#endif + +/* These default values were supplied by + * Peter Gutman + * They are only used if nothing else has been defined */ +#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL) +/* Special defines which change the way the code is built depending on the + CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find + even newer MIPS CPU's, but at the moment one size fits all for + optimization options. Older Sparc's work better with only UNROLL, but + there's no way to tell at compile time what it is you're running on */ + +#if defined( sun ) /* Newer Sparc's */ +# define DES_PTR +# define DES_RISC1 +# define DES_UNROLL +#elif defined( __ultrix ) /* Older MIPS */ +# define DES_PTR +# define DES_RISC2 +# define DES_UNROLL +#elif defined( __osf1__ ) /* Alpha */ +# define DES_PTR +# define DES_RISC2 +#elif defined ( _AIX ) /* RS6000 */ + /* Unknown */ +#elif defined( __hpux ) /* HP-PA */ + /* Unknown */ +#elif defined( __aux ) /* 68K */ + /* Unknown */ +#elif defined( __dgux ) /* 88K (but P6 in latest boxes) */ +# define DES_UNROLL +#elif defined( __sgi ) /* Newer MIPS */ +# define DES_PTR +# define DES_RISC2 +# define DES_UNROLL +#elif defined(i386) || defined(__i386__) /* x86 boxes, should be gcc */ +# define DES_PTR +# define DES_RISC1 +# define DES_UNROLL +#endif /* Systems-specific speed defines */ +#endif + +#endif /* DES_DEFAULT_OPTIONS */ +#endif /* HEADER_DES_LOCL_H */ diff --git a/src/lib/libcrypto/arch/mips64/Makefile.inc b/src/lib/libcrypto/arch/mips64/Makefile.inc new file mode 100644 index 00000000000..b6fc8971e7b --- /dev/null +++ b/src/lib/libcrypto/arch/mips64/Makefile.inc @@ -0,0 +1,44 @@ +# $OpenBSD: Makefile.inc,v 1.4 2014/12/07 15:45:44 miod Exp $ + +# mips64-specific libcrypto build rules + +# aes +SRCS+= aes_cbc.c +CFLAGS+= -DAES_ASM +SSLASM+= aes aes-mips aes-mips +# bf +SRCS+= bf_enc.c +# bn +.if ${MACHINE} == "sgi" # because of R4000 support +SRCS+= bn_asm.c +.else +SSLASM+= bn mips bn-mips +CFLAGS+= -DBN_DIV3W +.endif +SSLASM+= bn mips-mont mips-mont +CFLAGS+= -DOPENSSL_BN_ASM_MONT +# camellia +SRCS+= camellia.c cmll_cbc.c cmll_misc.c +# des +SRCS+= des_enc.c fcrypt_b.c +# rc4 +SRCS+= rc4_enc.c rc4_skey.c +## rc5 +#SRCS+= rc5_enc.c +# sha +SSLASM+= sha sha1-mips sha1-mips +CFLAGS+= -DSHA1_ASM +SSLASM+= sha sha512-mips sha256-mips +CFLAGS+= -DSHA256_ASM +SSLASM+= sha sha512-mips sha512-mips +CFLAGS+= -DSHA512_ASM +# whrlpool +SRCS+= wp_block.c + +.for dir src dst in ${SSLASM} +SRCS+= ${dst}.S +GENERATED+=${dst}.S +${dst}.S: ${LCRYPTO_SRC}/${dir}/asm/${src}.pl + /usr/bin/env CC=${CC} /usr/bin/perl \ + ${LCRYPTO_SRC}/${dir}/asm/${src}.pl 64 ${.TARGET} > ${.TARGET} +.endfor diff --git a/src/lib/libcrypto/arch/mips64/opensslconf.h b/src/lib/libcrypto/arch/mips64/opensslconf.h new file mode 100644 index 00000000000..226951eded1 --- /dev/null +++ b/src/lib/libcrypto/arch/mips64/opensslconf.h @@ -0,0 +1,154 @@ +#include +/* crypto/opensslconf.h.in */ + +#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) +#define OPENSSLDIR "/etc/ssl" +#endif + +#undef OPENSSL_UNISTD +#define OPENSSL_UNISTD + +#undef OPENSSL_EXPORT_VAR_AS_FUNCTION + +#if defined(HEADER_IDEA_H) && !defined(IDEA_INT) +#define IDEA_INT unsigned int +#endif + +#if defined(HEADER_MD2_H) && !defined(MD2_INT) +#define MD2_INT unsigned int +#endif + +#if defined(HEADER_RC2_H) && !defined(RC2_INT) +/* I need to put in a mod for the alpha - eay */ +#define RC2_INT unsigned int +#endif + +#if defined(HEADER_RC4_H) +#if !defined(RC4_INT) +/* using int types make the structure larger but make the code faster + * on most boxes I have tested - up to %20 faster. */ +/* + * I don't know what does "most" mean, but declaring "int" is a must on: + * - Intel P6 because partial register stalls are very expensive; + * - elder Alpha because it lacks byte load/store instructions; + */ +#define RC4_INT unsigned int +#endif +#if !defined(RC4_CHUNK) +/* + * This enables code handling data aligned at natural CPU word + * boundary. See crypto/rc4/rc4_enc.c for further details. + */ +#define RC4_CHUNK unsigned long +#endif +#endif + +#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG) +/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a + * %20 speed up (longs are 8 bytes, int's are 4). */ +#ifndef DES_LONG +#define DES_LONG unsigned int +#endif +#endif + +#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) +#define CONFIG_HEADER_BN_H +#undef BN_LLONG + +/* Should we define BN_DIV2W here? */ + +/* Only one for the following should be defined */ +/* The prime number generation stuff may not work when + * EIGHT_BIT but I don't care since I've only used this mode + * for debuging the bignum libraries */ +#define SIXTY_FOUR_BIT_LONG +#undef SIXTY_FOUR_BIT +#undef THIRTY_TWO_BIT +#undef SIXTEEN_BIT +#undef EIGHT_BIT +#endif + +#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) +#define CONFIG_HEADER_RC4_LOCL_H +/* if this is defined data[i] is used instead of *data, this is a %20 + * speedup on x86 */ +#undef RC4_INDEX +#endif + +#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H) +#define CONFIG_HEADER_BF_LOCL_H +#define BF_PTR +#endif /* HEADER_BF_LOCL_H */ + +#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H) +#define CONFIG_HEADER_DES_LOCL_H +#ifndef DES_DEFAULT_OPTIONS +/* the following is tweaked from a config script, that is why it is a + * protected undef/define */ +#ifndef DES_PTR +#define DES_PTR +#endif + +/* This helps C compiler generate the correct code for multiple functional + * units. It reduces register dependancies at the expense of 2 more + * registers */ +#ifndef DES_RISC1 +#undef DES_RISC1 +#endif + +#ifndef DES_RISC2 +#define DES_RISC2 +#endif + +#if defined(DES_RISC1) && defined(DES_RISC2) +YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! +#endif + +/* Unroll the inner loop, this sometimes helps, sometimes hinders. + * Very mucy CPU dependant */ +#ifndef DES_UNROLL +#undef DES_UNROLL +#endif + +/* These default values were supplied by + * Peter Gutman + * They are only used if nothing else has been defined */ +#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL) +/* Special defines which change the way the code is built depending on the + CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find + even newer MIPS CPU's, but at the moment one size fits all for + optimization options. Older Sparc's work better with only UNROLL, but + there's no way to tell at compile time what it is you're running on */ + +#if defined( sun ) /* Newer Sparc's */ +# define DES_PTR +# define DES_RISC1 +# define DES_UNROLL +#elif defined( __ultrix ) /* Older MIPS */ +# define DES_PTR +# define DES_RISC2 +# define DES_UNROLL +#elif defined( __osf1__ ) /* Alpha */ +# define DES_PTR +# define DES_RISC2 +#elif defined ( _AIX ) /* RS6000 */ + /* Unknown */ +#elif defined( __hpux ) /* HP-PA */ + /* Unknown */ +#elif defined( __aux ) /* 68K */ + /* Unknown */ +#elif defined( __dgux ) /* 88K (but P6 in latest boxes) */ +# define DES_UNROLL +#elif defined( __sgi ) /* Newer MIPS */ +# define DES_PTR +# define DES_RISC2 +# define DES_UNROLL +#elif defined(i386) || defined(__i386__) /* x86 boxes, should be gcc */ +# define DES_PTR +# define DES_RISC1 +# define DES_UNROLL +#endif /* Systems-specific speed defines */ +#endif + +#endif /* DES_DEFAULT_OPTIONS */ +#endif /* HEADER_DES_LOCL_H */ diff --git a/src/lib/libcrypto/arch/powerpc/Makefile.inc b/src/lib/libcrypto/arch/powerpc/Makefile.inc new file mode 100644 index 00000000000..46790859b5a --- /dev/null +++ b/src/lib/libcrypto/arch/powerpc/Makefile.inc @@ -0,0 +1,46 @@ +# $OpenBSD: Makefile.inc,v 1.2 2014/11/17 20:31:22 miod Exp $ + +# powerpc-specific libcrypto build rules + +# aes +SRCS+= aes_core.c aes_cbc.c +# slower than C code +#CFLAGS+= -DAES_ASM +#SSLASM+= aes aes-ppc aes-ppc +# bf +SRCS+= bf_enc.c +# bn +SSLASM+= bn ppc bn-ppc +SSLASM+= bn ppc-mont ppc-mont # bn_mul_mont_int +#SSLASM+= bn ppc64-mont ppc64-mont # bn_mul_mont_fpu64 +CFLAGS+= -DOPENSSL_BN_ASM_MONT +# camellia +SRCS+= camellia.c cmll_cbc.c cmll_misc.c +# des +SRCS+= des_enc.c fcrypt_b.c +# rc4 +SRCS+= rc4_enc.c rc4_skey.c +## rc5 +#SRCS+= rc5_enc.c +# sha +CFLAGS+= -DSHA1_ASM +SSLASM+= sha sha1-ppc sha1-ppc +CFLAGS+= -DSHA256_ASM +SSLASM+= sha sha512-ppc sha256-ppc +# whrlpool +SRCS+= wp_block.c + +.for dir src dst in ${SSLASM} +SRCS+= ${dst}.S +GENERATED+=${dst}.S +${dst}.S: ${LCRYPTO_SRC}/${dir}/asm/${src}.pl + /usr/bin/perl \ + ${LCRYPTO_SRC}/${dir}/asm/${src}.pl linux32 ${.TARGET} > ${.TARGET} +.endfor + +#CFLAGS+= -DOPENSSL_CPUID_OBJ # it's commented out in ppccap.c +SRCS+= ppccpuid.S ppccap.c +GENERATED+=ppccpuid.S +ppccpuid.S: ${LCRYPTO_SRC}/ppccpuid.pl + /usr/bin/perl \ + ${LCRYPTO_SRC}/ppccpuid.pl linux32 > ${.TARGET} diff --git a/src/lib/libcrypto/arch/powerpc/opensslconf.h b/src/lib/libcrypto/arch/powerpc/opensslconf.h new file mode 100644 index 00000000000..78cd6d856fb --- /dev/null +++ b/src/lib/libcrypto/arch/powerpc/opensslconf.h @@ -0,0 +1,154 @@ +#include +/* crypto/opensslconf.h.in */ + +#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) +#define OPENSSLDIR "/etc/ssl" +#endif + +#undef OPENSSL_UNISTD +#define OPENSSL_UNISTD + +#undef OPENSSL_EXPORT_VAR_AS_FUNCTION + +#if defined(HEADER_IDEA_H) && !defined(IDEA_INT) +#define IDEA_INT unsigned int +#endif + +#if defined(HEADER_MD2_H) && !defined(MD2_INT) +#define MD2_INT unsigned int +#endif + +#if defined(HEADER_RC2_H) && !defined(RC2_INT) +/* I need to put in a mod for the alpha - eay */ +#define RC2_INT unsigned int +#endif + +#if defined(HEADER_RC4_H) +#if !defined(RC4_INT) +/* using int types make the structure larger but make the code faster + * on most boxes I have tested - up to %20 faster. */ +/* + * I don't know what does "most" mean, but declaring "int" is a must on: + * - Intel P6 because partial register stalls are very expensive; + * - elder Alpha because it lacks byte load/store instructions; + */ +#define RC4_INT unsigned int +#endif +#if !defined(RC4_CHUNK) +/* + * This enables code handling data aligned at natural CPU word + * boundary. See crypto/rc4/rc4_enc.c for further details. + */ +#undef RC4_CHUNK +#endif +#endif + +#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG) +/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a + * %20 speed up (longs are 8 bytes, int's are 4). */ +#ifndef DES_LONG +#define DES_LONG unsigned int +#endif +#endif + +#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) +#define CONFIG_HEADER_BN_H +#define BN_LLONG + +/* Should we define BN_DIV2W here? */ + +/* Only one for the following should be defined */ +/* The prime number generation stuff may not work when + * EIGHT_BIT but I don't care since I've only used this mode + * for debuging the bignum libraries */ +#undef SIXTY_FOUR_BIT_LONG +#undef SIXTY_FOUR_BIT +#define THIRTY_TWO_BIT +#undef SIXTEEN_BIT +#undef EIGHT_BIT +#endif + +#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) +#define CONFIG_HEADER_RC4_LOCL_H +/* if this is defined data[i] is used instead of *data, this is a %20 + * speedup on x86 */ +#define RC4_INDEX +#endif + +#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H) +#define CONFIG_HEADER_BF_LOCL_H +#undef BF_PTR +#endif /* HEADER_BF_LOCL_H */ + +#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H) +#define CONFIG_HEADER_DES_LOCL_H +#ifndef DES_DEFAULT_OPTIONS +/* the following is tweaked from a config script, that is why it is a + * protected undef/define */ +#ifndef DES_PTR +#undef DES_PTR +#endif + +/* This helps C compiler generate the correct code for multiple functional + * units. It reduces register dependancies at the expense of 2 more + * registers */ +#ifndef DES_RISC1 +#undef DES_RISC1 +#endif + +#ifndef DES_RISC2 +#undef DES_RISC2 +#endif + +#if defined(DES_RISC1) && defined(DES_RISC2) +YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! +#endif + +/* Unroll the inner loop, this sometimes helps, sometimes hinders. + * Very mucy CPU dependant */ +#ifndef DES_UNROLL +#define DES_UNROLL +#endif + +/* These default values were supplied by + * Peter Gutman + * They are only used if nothing else has been defined */ +#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL) +/* Special defines which change the way the code is built depending on the + CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find + even newer MIPS CPU's, but at the moment one size fits all for + optimization options. Older Sparc's work better with only UNROLL, but + there's no way to tell at compile time what it is you're running on */ + +#if defined( sun ) /* Newer Sparc's */ +# define DES_PTR +# define DES_RISC1 +# define DES_UNROLL +#elif defined( __ultrix ) /* Older MIPS */ +# define DES_PTR +# define DES_RISC2 +# define DES_UNROLL +#elif defined( __osf1__ ) /* Alpha */ +# define DES_PTR +# define DES_RISC2 +#elif defined ( _AIX ) /* RS6000 */ + /* Unknown */ +#elif defined( __hpux ) /* HP-PA */ + /* Unknown */ +#elif defined( __aux ) /* 68K */ + /* Unknown */ +#elif defined( __dgux ) /* 88K (but P6 in latest boxes) */ +# define DES_UNROLL +#elif defined( __sgi ) /* Newer MIPS */ +# define DES_PTR +# define DES_RISC2 +# define DES_UNROLL +#elif defined(i386) || defined(__i386__) /* x86 boxes, should be gcc */ +# define DES_PTR +# define DES_RISC1 +# define DES_UNROLL +#endif /* Systems-specific speed defines */ +#endif + +#endif /* DES_DEFAULT_OPTIONS */ +#endif /* HEADER_DES_LOCL_H */ diff --git a/src/lib/libcrypto/arch/sh/opensslconf.h b/src/lib/libcrypto/arch/sh/opensslconf.h new file mode 100644 index 00000000000..78cd6d856fb --- /dev/null +++ b/src/lib/libcrypto/arch/sh/opensslconf.h @@ -0,0 +1,154 @@ +#include +/* crypto/opensslconf.h.in */ + +#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) +#define OPENSSLDIR "/etc/ssl" +#endif + +#undef OPENSSL_UNISTD +#define OPENSSL_UNISTD + +#undef OPENSSL_EXPORT_VAR_AS_FUNCTION + +#if defined(HEADER_IDEA_H) && !defined(IDEA_INT) +#define IDEA_INT unsigned int +#endif + +#if defined(HEADER_MD2_H) && !defined(MD2_INT) +#define MD2_INT unsigned int +#endif + +#if defined(HEADER_RC2_H) && !defined(RC2_INT) +/* I need to put in a mod for the alpha - eay */ +#define RC2_INT unsigned int +#endif + +#if defined(HEADER_RC4_H) +#if !defined(RC4_INT) +/* using int types make the structure larger but make the code faster + * on most boxes I have tested - up to %20 faster. */ +/* + * I don't know what does "most" mean, but declaring "int" is a must on: + * - Intel P6 because partial register stalls are very expensive; + * - elder Alpha because it lacks byte load/store instructions; + */ +#define RC4_INT unsigned int +#endif +#if !defined(RC4_CHUNK) +/* + * This enables code handling data aligned at natural CPU word + * boundary. See crypto/rc4/rc4_enc.c for further details. + */ +#undef RC4_CHUNK +#endif +#endif + +#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG) +/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a + * %20 speed up (longs are 8 bytes, int's are 4). */ +#ifndef DES_LONG +#define DES_LONG unsigned int +#endif +#endif + +#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) +#define CONFIG_HEADER_BN_H +#define BN_LLONG + +/* Should we define BN_DIV2W here? */ + +/* Only one for the following should be defined */ +/* The prime number generation stuff may not work when + * EIGHT_BIT but I don't care since I've only used this mode + * for debuging the bignum libraries */ +#undef SIXTY_FOUR_BIT_LONG +#undef SIXTY_FOUR_BIT +#define THIRTY_TWO_BIT +#undef SIXTEEN_BIT +#undef EIGHT_BIT +#endif + +#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) +#define CONFIG_HEADER_RC4_LOCL_H +/* if this is defined data[i] is used instead of *data, this is a %20 + * speedup on x86 */ +#define RC4_INDEX +#endif + +#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H) +#define CONFIG_HEADER_BF_LOCL_H +#undef BF_PTR +#endif /* HEADER_BF_LOCL_H */ + +#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H) +#define CONFIG_HEADER_DES_LOCL_H +#ifndef DES_DEFAULT_OPTIONS +/* the following is tweaked from a config script, that is why it is a + * protected undef/define */ +#ifndef DES_PTR +#undef DES_PTR +#endif + +/* This helps C compiler generate the correct code for multiple functional + * units. It reduces register dependancies at the expense of 2 more + * registers */ +#ifndef DES_RISC1 +#undef DES_RISC1 +#endif + +#ifndef DES_RISC2 +#undef DES_RISC2 +#endif + +#if defined(DES_RISC1) && defined(DES_RISC2) +YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! +#endif + +/* Unroll the inner loop, this sometimes helps, sometimes hinders. + * Very mucy CPU dependant */ +#ifndef DES_UNROLL +#define DES_UNROLL +#endif + +/* These default values were supplied by + * Peter Gutman + * They are only used if nothing else has been defined */ +#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL) +/* Special defines which change the way the code is built depending on the + CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find + even newer MIPS CPU's, but at the moment one size fits all for + optimization options. Older Sparc's work better with only UNROLL, but + there's no way to tell at compile time what it is you're running on */ + +#if defined( sun ) /* Newer Sparc's */ +# define DES_PTR +# define DES_RISC1 +# define DES_UNROLL +#elif defined( __ultrix ) /* Older MIPS */ +# define DES_PTR +# define DES_RISC2 +# define DES_UNROLL +#elif defined( __osf1__ ) /* Alpha */ +# define DES_PTR +# define DES_RISC2 +#elif defined ( _AIX ) /* RS6000 */ + /* Unknown */ +#elif defined( __hpux ) /* HP-PA */ + /* Unknown */ +#elif defined( __aux ) /* 68K */ + /* Unknown */ +#elif defined( __dgux ) /* 88K (but P6 in latest boxes) */ +# define DES_UNROLL +#elif defined( __sgi ) /* Newer MIPS */ +# define DES_PTR +# define DES_RISC2 +# define DES_UNROLL +#elif defined(i386) || defined(__i386__) /* x86 boxes, should be gcc */ +# define DES_PTR +# define DES_RISC1 +# define DES_UNROLL +#endif /* Systems-specific speed defines */ +#endif + +#endif /* DES_DEFAULT_OPTIONS */ +#endif /* HEADER_DES_LOCL_H */ diff --git a/src/lib/libcrypto/arch/sparc/Makefile.inc b/src/lib/libcrypto/arch/sparc/Makefile.inc new file mode 100644 index 00000000000..ba9954c85eb --- /dev/null +++ b/src/lib/libcrypto/arch/sparc/Makefile.inc @@ -0,0 +1,29 @@ +# $OpenBSD: Makefile.inc,v 1.2 2014/11/17 20:31:22 miod Exp $ + +# sparc-specific libcrypto build rules + +# aes +SRCS+= aes_core.c aes_cbc.c +# bf +SRCS+= bf_enc.c +# bn +.if 0 # uses `umul' and `udiv' instructions +SRCS+= sparcv8.S +.PATH: ${LCRYPTO_SRC}/bn/asm +.else +SRCS+= bn_asm.c +.endif +# camellia +SRCS+= camellia.c cmll_cbc.c cmll_misc.c +# des +SRCS+= fcrypt_b.c +SRCS+= des_enc-sparc.S +GENERATED+= des_enc-sparc.S +des_enc-sparc.S: ${LCRYPTO_SRC}/des/asm/des_enc.m4 + m4 ${LCRYPTO_SRC}/des/asm/des_enc.m4 > ${.TARGET} +# rc4 +SRCS+= rc4_enc.c rc4_skey.c +## rc5 +#SRCS+= rc5_enc.c +# whrlpool +SRCS+= wp_block.c diff --git a/src/lib/libcrypto/arch/sparc/opensslconf.h b/src/lib/libcrypto/arch/sparc/opensslconf.h new file mode 100644 index 00000000000..78cd6d856fb --- /dev/null +++ b/src/lib/libcrypto/arch/sparc/opensslconf.h @@ -0,0 +1,154 @@ +#include +/* crypto/opensslconf.h.in */ + +#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) +#define OPENSSLDIR "/etc/ssl" +#endif + +#undef OPENSSL_UNISTD +#define OPENSSL_UNISTD + +#undef OPENSSL_EXPORT_VAR_AS_FUNCTION + +#if defined(HEADER_IDEA_H) && !defined(IDEA_INT) +#define IDEA_INT unsigned int +#endif + +#if defined(HEADER_MD2_H) && !defined(MD2_INT) +#define MD2_INT unsigned int +#endif + +#if defined(HEADER_RC2_H) && !defined(RC2_INT) +/* I need to put in a mod for the alpha - eay */ +#define RC2_INT unsigned int +#endif + +#if defined(HEADER_RC4_H) +#if !defined(RC4_INT) +/* using int types make the structure larger but make the code faster + * on most boxes I have tested - up to %20 faster. */ +/* + * I don't know what does "most" mean, but declaring "int" is a must on: + * - Intel P6 because partial register stalls are very expensive; + * - elder Alpha because it lacks byte load/store instructions; + */ +#define RC4_INT unsigned int +#endif +#if !defined(RC4_CHUNK) +/* + * This enables code handling data aligned at natural CPU word + * boundary. See crypto/rc4/rc4_enc.c for further details. + */ +#undef RC4_CHUNK +#endif +#endif + +#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG) +/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a + * %20 speed up (longs are 8 bytes, int's are 4). */ +#ifndef DES_LONG +#define DES_LONG unsigned int +#endif +#endif + +#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) +#define CONFIG_HEADER_BN_H +#define BN_LLONG + +/* Should we define BN_DIV2W here? */ + +/* Only one for the following should be defined */ +/* The prime number generation stuff may not work when + * EIGHT_BIT but I don't care since I've only used this mode + * for debuging the bignum libraries */ +#undef SIXTY_FOUR_BIT_LONG +#undef SIXTY_FOUR_BIT +#define THIRTY_TWO_BIT +#undef SIXTEEN_BIT +#undef EIGHT_BIT +#endif + +#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) +#define CONFIG_HEADER_RC4_LOCL_H +/* if this is defined data[i] is used instead of *data, this is a %20 + * speedup on x86 */ +#define RC4_INDEX +#endif + +#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H) +#define CONFIG_HEADER_BF_LOCL_H +#undef BF_PTR +#endif /* HEADER_BF_LOCL_H */ + +#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H) +#define CONFIG_HEADER_DES_LOCL_H +#ifndef DES_DEFAULT_OPTIONS +/* the following is tweaked from a config script, that is why it is a + * protected undef/define */ +#ifndef DES_PTR +#undef DES_PTR +#endif + +/* This helps C compiler generate the correct code for multiple functional + * units. It reduces register dependancies at the expense of 2 more + * registers */ +#ifndef DES_RISC1 +#undef DES_RISC1 +#endif + +#ifndef DES_RISC2 +#undef DES_RISC2 +#endif + +#if defined(DES_RISC1) && defined(DES_RISC2) +YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! +#endif + +/* Unroll the inner loop, this sometimes helps, sometimes hinders. + * Very mucy CPU dependant */ +#ifndef DES_UNROLL +#define DES_UNROLL +#endif + +/* These default values were supplied by + * Peter Gutman + * They are only used if nothing else has been defined */ +#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL) +/* Special defines which change the way the code is built depending on the + CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find + even newer MIPS CPU's, but at the moment one size fits all for + optimization options. Older Sparc's work better with only UNROLL, but + there's no way to tell at compile time what it is you're running on */ + +#if defined( sun ) /* Newer Sparc's */ +# define DES_PTR +# define DES_RISC1 +# define DES_UNROLL +#elif defined( __ultrix ) /* Older MIPS */ +# define DES_PTR +# define DES_RISC2 +# define DES_UNROLL +#elif defined( __osf1__ ) /* Alpha */ +# define DES_PTR +# define DES_RISC2 +#elif defined ( _AIX ) /* RS6000 */ + /* Unknown */ +#elif defined( __hpux ) /* HP-PA */ + /* Unknown */ +#elif defined( __aux ) /* 68K */ + /* Unknown */ +#elif defined( __dgux ) /* 88K (but P6 in latest boxes) */ +# define DES_UNROLL +#elif defined( __sgi ) /* Newer MIPS */ +# define DES_PTR +# define DES_RISC2 +# define DES_UNROLL +#elif defined(i386) || defined(__i386__) /* x86 boxes, should be gcc */ +# define DES_PTR +# define DES_RISC1 +# define DES_UNROLL +#endif /* Systems-specific speed defines */ +#endif + +#endif /* DES_DEFAULT_OPTIONS */ +#endif /* HEADER_DES_LOCL_H */ diff --git a/src/lib/libcrypto/arch/sparc64/Makefile.inc b/src/lib/libcrypto/arch/sparc64/Makefile.inc new file mode 100644 index 00000000000..46f79d0f414 --- /dev/null +++ b/src/lib/libcrypto/arch/sparc64/Makefile.inc @@ -0,0 +1,52 @@ +# $OpenBSD: Makefile.inc,v 1.3 2016/11/04 18:12:14 miod Exp $ + +# sparc64-specific libcrypto build rules + +# aes +SRCS+= aes_core.c aes_cbc.c +CFLAGS+= -DAES_ASM +SSLASM+= aes aes-sparcv9 aes-sparcv9 +# bf +SRCS+= bf_enc.c +# bn +SRCS+= bn_asm.c +# camellia +SRCS+= camellia.c cmll_cbc.c cmll_misc.c +# des +SRCS+= fcrypt_b.c +SRCS+= des_enc-sparc.S +GENERATED+= des_enc-sparc.S +des_enc-sparc.S: ${LCRYPTO_SRC}/des/asm/des_enc.m4 + m4 ${LCRYPTO_SRC}/des/asm/des_enc.m4 > ${.TARGET} +# # ec +# CFLAGS+= -DECP_NISTZ256_ASM +# SRCS+= ecp_nistz256.c +# SSLASM+= ec ecp_nistz256-sparcv9 +# modes +CFLAGS+= -DGHASH_ASM +SSLASM+= modes ghash-sparcv9 ghash-sparcv9 +# rc4 +SRCS+= rc4_enc.c rc4_skey.c +## rc5 +#SRCS+= rc5_enc.c +# sha +SSLASM+= sha sha1-sparcv9 sha1-sparcv9 +CFLAGS+= -DSHA1_ASM +SSLASM+= sha sha512-sparcv9 sha256-sparcv9 +CFLAGS+= -DSHA256_ASM +SSLASM+= sha sha512-sparcv9 sha512-sparcv9 +CFLAGS+= -DSHA512_ASM +# whrlpool +SRCS+= wp_block.c + +.for dir src dst in ${SSLASM} +SRCS+= ${dst}.S +GENERATED+=${dst}.S +${dst}.S: ${LCRYPTO_SRC}/${dir}/asm/${src}.pl + /usr/bin/env CC=${CC} /usr/bin/perl \ + ${LCRYPTO_SRC}/${dir}/asm/${src}.pl ${.TARGET} -m64 > ${.TARGET} +.endfor + +# not until Montgomery code enabled +#CFLAGS+= -DOPENSSL_CPUID_OBJ +#SRCS+= sparccpuid.S sparcv9cap.c diff --git a/src/lib/libcrypto/arch/sparc64/opensslconf.h b/src/lib/libcrypto/arch/sparc64/opensslconf.h new file mode 100644 index 00000000000..226951eded1 --- /dev/null +++ b/src/lib/libcrypto/arch/sparc64/opensslconf.h @@ -0,0 +1,154 @@ +#include +/* crypto/opensslconf.h.in */ + +#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) +#define OPENSSLDIR "/etc/ssl" +#endif + +#undef OPENSSL_UNISTD +#define OPENSSL_UNISTD + +#undef OPENSSL_EXPORT_VAR_AS_FUNCTION + +#if defined(HEADER_IDEA_H) && !defined(IDEA_INT) +#define IDEA_INT unsigned int +#endif + +#if defined(HEADER_MD2_H) && !defined(MD2_INT) +#define MD2_INT unsigned int +#endif + +#if defined(HEADER_RC2_H) && !defined(RC2_INT) +/* I need to put in a mod for the alpha - eay */ +#define RC2_INT unsigned int +#endif + +#if defined(HEADER_RC4_H) +#if !defined(RC4_INT) +/* using int types make the structure larger but make the code faster + * on most boxes I have tested - up to %20 faster. */ +/* + * I don't know what does "most" mean, but declaring "int" is a must on: + * - Intel P6 because partial register stalls are very expensive; + * - elder Alpha because it lacks byte load/store instructions; + */ +#define RC4_INT unsigned int +#endif +#if !defined(RC4_CHUNK) +/* + * This enables code handling data aligned at natural CPU word + * boundary. See crypto/rc4/rc4_enc.c for further details. + */ +#define RC4_CHUNK unsigned long +#endif +#endif + +#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG) +/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a + * %20 speed up (longs are 8 bytes, int's are 4). */ +#ifndef DES_LONG +#define DES_LONG unsigned int +#endif +#endif + +#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) +#define CONFIG_HEADER_BN_H +#undef BN_LLONG + +/* Should we define BN_DIV2W here? */ + +/* Only one for the following should be defined */ +/* The prime number generation stuff may not work when + * EIGHT_BIT but I don't care since I've only used this mode + * for debuging the bignum libraries */ +#define SIXTY_FOUR_BIT_LONG +#undef SIXTY_FOUR_BIT +#undef THIRTY_TWO_BIT +#undef SIXTEEN_BIT +#undef EIGHT_BIT +#endif + +#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) +#define CONFIG_HEADER_RC4_LOCL_H +/* if this is defined data[i] is used instead of *data, this is a %20 + * speedup on x86 */ +#undef RC4_INDEX +#endif + +#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H) +#define CONFIG_HEADER_BF_LOCL_H +#define BF_PTR +#endif /* HEADER_BF_LOCL_H */ + +#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H) +#define CONFIG_HEADER_DES_LOCL_H +#ifndef DES_DEFAULT_OPTIONS +/* the following is tweaked from a config script, that is why it is a + * protected undef/define */ +#ifndef DES_PTR +#define DES_PTR +#endif + +/* This helps C compiler generate the correct code for multiple functional + * units. It reduces register dependancies at the expense of 2 more + * registers */ +#ifndef DES_RISC1 +#undef DES_RISC1 +#endif + +#ifndef DES_RISC2 +#define DES_RISC2 +#endif + +#if defined(DES_RISC1) && defined(DES_RISC2) +YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! +#endif + +/* Unroll the inner loop, this sometimes helps, sometimes hinders. + * Very mucy CPU dependant */ +#ifndef DES_UNROLL +#undef DES_UNROLL +#endif + +/* These default values were supplied by + * Peter Gutman + * They are only used if nothing else has been defined */ +#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL) +/* Special defines which change the way the code is built depending on the + CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find + even newer MIPS CPU's, but at the moment one size fits all for + optimization options. Older Sparc's work better with only UNROLL, but + there's no way to tell at compile time what it is you're running on */ + +#if defined( sun ) /* Newer Sparc's */ +# define DES_PTR +# define DES_RISC1 +# define DES_UNROLL +#elif defined( __ultrix ) /* Older MIPS */ +# define DES_PTR +# define DES_RISC2 +# define DES_UNROLL +#elif defined( __osf1__ ) /* Alpha */ +# define DES_PTR +# define DES_RISC2 +#elif defined ( _AIX ) /* RS6000 */ + /* Unknown */ +#elif defined( __hpux ) /* HP-PA */ + /* Unknown */ +#elif defined( __aux ) /* 68K */ + /* Unknown */ +#elif defined( __dgux ) /* 88K (but P6 in latest boxes) */ +# define DES_UNROLL +#elif defined( __sgi ) /* Newer MIPS */ +# define DES_PTR +# define DES_RISC2 +# define DES_UNROLL +#elif defined(i386) || defined(__i386__) /* x86 boxes, should be gcc */ +# define DES_PTR +# define DES_RISC1 +# define DES_UNROLL +#endif /* Systems-specific speed defines */ +#endif + +#endif /* DES_DEFAULT_OPTIONS */ +#endif /* HEADER_DES_LOCL_H */ diff --git a/src/lib/libcrypto/arm_arch.h b/src/lib/libcrypto/arm_arch.h new file mode 100644 index 00000000000..a64c6da46eb --- /dev/null +++ b/src/lib/libcrypto/arm_arch.h @@ -0,0 +1,55 @@ +/* $OpenBSD: arm_arch.h,v 1.9 2019/03/13 10:18:30 patrick Exp $ */ +#ifndef __ARM_ARCH_H__ +#define __ARM_ARCH_H__ + +#if !defined(__ARM_ARCH__) +# if defined(__CC_ARM) +# define __ARM_ARCH__ __TARGET_ARCH_ARM +# if defined(__BIG_ENDIAN) +# define __ARMEB__ +# else +# define __ARMEL__ +# endif +# elif defined(__GNUC__) + /* + * Why doesn't gcc define __ARM_ARCH__? Instead it defines + * bunch of below macros. See all_architectures[] table in + * gcc/config/arm/arm.c. On a side note it defines + * __ARMEL__/__ARMEB__ for little-/big-endian. + */ +# if defined(__ARM_ARCH_7__) || defined(__ARM_ARCH_7A__) || \ + defined(__ARM_ARCH_7R__)|| defined(__ARM_ARCH_7M__) || \ + defined(__ARM_ARCH_7EM__) +# define __ARM_ARCH__ 7 +# elif defined(__ARM_ARCH_6__) || defined(__ARM_ARCH_6J__) || \ + defined(__ARM_ARCH_6K__)|| defined(__ARM_ARCH_6M__) || \ + defined(__ARM_ARCH_6Z__)|| defined(__ARM_ARCH_6ZK__) || \ + defined(__ARM_ARCH_6T2__) +# define __ARM_ARCH__ 6 +# elif defined(__ARM_ARCH_5__) || defined(__ARM_ARCH_5T__) || \ + defined(__ARM_ARCH_5E__)|| defined(__ARM_ARCH_5TE__) || \ + defined(__ARM_ARCH_5TEJ__) +# define __ARM_ARCH__ 5 +# elif defined(__ARM_ARCH_4__) || defined(__ARM_ARCH_4T__) +# define __ARM_ARCH__ 4 +# else +# error "unsupported ARM architecture" +# endif +# endif +#endif + +#if !defined(__ASSEMBLER__) +extern unsigned int OPENSSL_armcap_P; + +#define ARMV7_NEON (1<<0) +#define ARMV8_AES (1<<1) +#define ARMV8_SHA1 (1<<2) +#define ARMV8_SHA256 (1<<3) +#define ARMV8_PMULL (1<<4) +#endif + +#if defined(__OpenBSD__) +#define __STRICT_ALIGNMENT +#endif + +#endif diff --git a/src/lib/libcrypto/armcap.c b/src/lib/libcrypto/armcap.c new file mode 100644 index 00000000000..8c4983280e8 --- /dev/null +++ b/src/lib/libcrypto/armcap.c @@ -0,0 +1,88 @@ +/* $OpenBSD: armcap.c,v 1.8 2019/03/13 10:18:30 patrick Exp $ */ +#include +#include +#include +#include +#include +#include + +#include "arm_arch.h" + +unsigned int OPENSSL_armcap_P; + +#if __ARM_ARCH__ >= 7 +static sigset_t all_masked; + +static sigjmp_buf ill_jmp; + static void ill_handler (int sig) { siglongjmp(ill_jmp, sig); +} + +/* + * Following subroutines could have been inlined, but it's not all + * ARM compilers support inline assembler... + */ +void _armv7_neon_probe(void); +void _armv8_aes_probe(void); +void _armv8_sha1_probe(void); +void _armv8_sha256_probe(void); +void _armv8_pmull_probe(void); +#endif + +#if defined(__GNUC__) && __GNUC__>=2 +void OPENSSL_cpuid_setup(void) __attribute__((constructor)); +#endif + +void +OPENSSL_cpuid_setup(void) +{ +#if __ARM_ARCH__ >= 7 + struct sigaction ill_oact, ill_act; + sigset_t oset; +#endif + static int trigger = 0; + + if (trigger) + return; + trigger = 1; + + OPENSSL_armcap_P = 0; + +#if __ARM_ARCH__ >= 7 + sigfillset(&all_masked); + sigdelset(&all_masked, SIGILL); + sigdelset(&all_masked, SIGTRAP); + sigdelset(&all_masked, SIGFPE); + sigdelset(&all_masked, SIGBUS); + sigdelset(&all_masked, SIGSEGV); + + memset(&ill_act, 0, sizeof(ill_act)); + ill_act.sa_handler = ill_handler; + ill_act.sa_mask = all_masked; + + sigprocmask(SIG_SETMASK, &ill_act.sa_mask, &oset); + sigaction(SIGILL, &ill_act, &ill_oact); + + if (sigsetjmp(ill_jmp, 1) == 0) { + _armv7_neon_probe(); + OPENSSL_armcap_P |= ARMV7_NEON; + if (sigsetjmp(ill_jmp, 1) == 0) { + _armv8_pmull_probe(); + OPENSSL_armcap_P |= ARMV8_PMULL | ARMV8_AES; + } else if (sigsetjmp(ill_jmp, 1) == 0) { + _armv8_aes_probe(); + OPENSSL_armcap_P |= ARMV8_AES; + } + if (sigsetjmp(ill_jmp, 1) == 0) { + _armv8_sha1_probe(); + OPENSSL_armcap_P |= ARMV8_SHA1; + } + if (sigsetjmp(ill_jmp, 1) == 0) { + _armv8_sha256_probe(); + OPENSSL_armcap_P |= ARMV8_SHA256; + } + } + + sigaction (SIGILL, &ill_oact, NULL); + sigprocmask(SIG_SETMASK, &oset, NULL); +#endif +} diff --git a/src/lib/libcrypto/armv4cpuid.S b/src/lib/libcrypto/armv4cpuid.S new file mode 100644 index 00000000000..bb9abafebe5 --- /dev/null +++ b/src/lib/libcrypto/armv4cpuid.S @@ -0,0 +1,165 @@ +#include "arm_arch.h" + +.text +#if defined(__thumb2__) && !defined(__APPLE__) +.syntax unified +.thumb +#else +.code 32 +#undef __thumb2__ +#endif + +.align 5 +.globl OPENSSL_atomic_add +.type OPENSSL_atomic_add,%function +OPENSSL_atomic_add: +#if __ARM_ARCH__>=6 +.Ladd: ldrex r2,[r0] + add r3,r2,r1 + strex r2,r3,[r0] + cmp r2,#0 + bne .Ladd + mov r0,r3 + bx lr +#else + stmdb sp!,{r4,r5,r6,lr} + ldr r2,.Lspinlock + adr r3,.Lspinlock + mov r4,r0 + mov r5,r1 + add r6,r3,r2 @ &spinlock + b .+8 +.Lspin: bl sched_yield + mov r0,#-1 + swp r0,r0,[r6] + cmp r0,#0 + bne .Lspin + + ldr r2,[r4] + add r2,r2,r5 + str r2,[r4] + str r0,[r6] @ release spinlock + ldmia sp!,{r4,r5,r6,lr} + tst lr,#1 + moveq pc,lr +.word 0xe12fff1e @ bx lr +#endif +.size OPENSSL_atomic_add,.-OPENSSL_atomic_add + +#if __ARM_ARCH__>=7 +.arch armv7-a +.fpu neon + +.align 5 +.globl _armv7_neon_probe +.type _armv7_neon_probe,%function +_armv7_neon_probe: + vorr q0,q0,q0 + bx lr +.size _armv7_neon_probe,.-_armv7_neon_probe + +.globl _armv8_aes_probe +.type _armv8_aes_probe,%function +_armv8_aes_probe: +#if defined(__thumb2__) && !defined(__APPLE__) +.byte 0xb0,0xff,0x00,0x03 @ aese.8 q0,q0 +#else +.byte 0x00,0x03,0xb0,0xf3 @ aese.8 q0,q0 +#endif + bx lr +.size _armv8_aes_probe,.-_armv8_aes_probe + +.globl _armv8_sha1_probe +.type _armv8_sha1_probe,%function +_armv8_sha1_probe: +#if defined(__thumb2__) && !defined(__APPLE__) +.byte 0x00,0xef,0x40,0x0c @ sha1c.32 q0,q0,q0 +#else +.byte 0x40,0x0c,0x00,0xf2 @ sha1c.32 q0,q0,q0 +#endif + bx lr +.size _armv8_sha1_probe,.-_armv8_sha1_probe + +.globl _armv8_sha256_probe +.type _armv8_sha256_probe,%function +_armv8_sha256_probe: +#if defined(__thumb2__) && !defined(__APPLE__) +.byte 0x00,0xff,0x40,0x0c @ sha256h.32 q0,q0,q0 +#else +.byte 0x40,0x0c,0x00,0xf3 @ sha256h.32 q0,q0,q0 +#endif + bx lr +.size _armv8_sha256_probe,.-_armv8_sha256_probe +.globl _armv8_pmull_probe +.type _armv8_pmull_probe,%function +_armv8_pmull_probe: +#if defined(__thumb2__) && !defined(__APPLE__) +.byte 0xa0,0xef,0x00,0x0e @ vmull.p64 q0,d0,d0 +#else +.byte 0x00,0x0e,0xa0,0xf2 @ vmull.p64 q0,d0,d0 +#endif + bx lr +.size _armv8_pmull_probe,.-_armv8_pmull_probe +#endif + +.globl OPENSSL_wipe_cpu +.type OPENSSL_wipe_cpu,%function +OPENSSL_wipe_cpu: +#if __ARM_ARCH__>=7 + ldr r0,.LOPENSSL_armcap + adr r1,.LOPENSSL_armcap + ldr r0,[r1,r0] +#ifdef __APPLE__ + ldr r0,[r0] +#endif +#endif + eor r2,r2,r2 + eor r3,r3,r3 + eor ip,ip,ip +#if __ARM_ARCH__>=7 + tst r0,#1 + beq .Lwipe_done + veor q0, q0, q0 + veor q1, q1, q1 + veor q2, q2, q2 + veor q3, q3, q3 + veor q8, q8, q8 + veor q9, q9, q9 + veor q10, q10, q10 + veor q11, q11, q11 + veor q12, q12, q12 + veor q13, q13, q13 + veor q14, q14, q14 + veor q15, q15, q15 +.Lwipe_done: +#endif + mov r0,sp +#if __ARM_ARCH__>=5 + bx lr +#else + tst lr,#1 + moveq pc,lr +.word 0xe12fff1e @ bx lr +#endif +.size OPENSSL_wipe_cpu,.-OPENSSL_wipe_cpu + +.align 5 +#if __ARM_ARCH__>=7 +.LOPENSSL_armcap: +.word OPENSSL_armcap_P-. +#endif +#if __ARM_ARCH__>=6 +.align 5 +#else +.Lspinlock: +.word atomic_add_spinlock-.Lspinlock +.align 5 + +.data +.align 2 +atomic_add_spinlock: +.word 0 +#endif + +.comm OPENSSL_armcap_P,4,4 +.hidden OPENSSL_armcap_P diff --git a/src/lib/libcrypto/asn1/Makefile.ssl b/src/lib/libcrypto/asn1/Makefile.ssl deleted file mode 100644 index 71397df5c86..00000000000 --- a/src/lib/libcrypto/asn1/Makefile.ssl +++ /dev/null @@ -1,886 +0,0 @@ -# -# SSLeay/crypto/asn1/Makefile -# - -DIR= asn1 -TOP= ../.. -CC= cc -INCLUDES= -I.. -I$(TOP) -I../../include -CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKE= make -f Makefile.ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) -MAKEFILE= Makefile.ssl -AR= ar r - -CFLAGS= $(INCLUDES) $(CFLAG) - -GENERAL=Makefile README -TEST= -APPS= - -LIB=$(TOP)/libcrypto.a -LIBSRC= a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \ - a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c \ - a_enum.c a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c \ - x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c x_bignum.c \ - x_long.c x_name.c x_x509.c x_x509a.c x_crl.c x_info.c x_spki.c nsseq.c \ - d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\ - t_req.c t_x509.c t_x509a.c t_crl.c t_pkey.c t_spki.c t_bitst.c \ - tasn_new.c tasn_fre.c tasn_enc.c tasn_dec.c tasn_utl.c tasn_typ.c \ - f_int.c f_string.c n_pkey.c \ - f_enum.c a_hdr.c x_pkey.c a_bool.c x_exten.c \ - asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c a_strnid.c \ - evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c asn_moid.c -LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \ - a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o \ - a_enum.o a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o a_strex.o \ - x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_attrib.o x_bignum.o \ - x_long.o x_name.o x_x509.o x_x509a.o x_crl.o x_info.o x_spki.o nsseq.o \ - d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \ - t_req.o t_x509.o t_x509a.o t_crl.o t_pkey.o t_spki.o t_bitst.o \ - tasn_new.o tasn_fre.o tasn_enc.o tasn_dec.o tasn_utl.o tasn_typ.o \ - f_int.o f_string.o n_pkey.o \ - f_enum.o a_hdr.o x_pkey.o a_bool.o x_exten.o \ - asn1_par.o asn1_lib.o asn1_err.o a_meth.o a_bytes.o a_strnid.o \ - evp_asn1.o asn_pack.o p5_pbe.o p5_pbev2.o p8_pkey.o asn_moid.o - -SRC= $(LIBSRC) - -EXHEADER= asn1.h asn1_mac.h asn1t.h -HEADER= $(EXHEADER) - -ALL= $(GENERAL) $(SRC) $(HEADER) - -top: - (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) - -test: test.c - cc -g -I../../include -c test.c - cc -g -I../../include -o test test.o -L../.. -lcrypto - -pk: pk.c - cc -g -I../../include -c pk.c - cc -g -I../../include -o pk pk.o -L../.. -lcrypto - -all: lib - -lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) || echo Never mind. - @touch lib - -files: - $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO - -links: - @sh $(TOP)/util/point.sh Makefile.ssl Makefile - @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) - @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) - @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) - -install: - @for i in $(EXHEADER) ; \ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; - -tags: - ctags $(SRC) - -tests: - -lint: - lint -DLINT $(INCLUDES) $(SRC)>fluff - -depend: - $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) - -dclean: - $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new - mv -f Makefile.new $(MAKEFILE) - -clean: - rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff - - -# DO NOT DELETE THIS LINE -- make depend depends on it. - -a_bitstr.o: ../../e_os.h ../../include/openssl/asn1.h -a_bitstr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -a_bitstr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -a_bitstr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -a_bitstr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -a_bitstr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -a_bitstr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -a_bitstr.o: ../../include/openssl/symhacks.h ../cryptlib.h a_bitstr.c -a_bool.o: ../../e_os.h ../../include/openssl/asn1.h -a_bool.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -a_bool.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -a_bool.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -a_bool.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -a_bool.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -a_bool.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -a_bool.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -a_bool.o: ../cryptlib.h a_bool.c -a_bytes.o: ../../e_os.h ../../include/openssl/asn1.h -a_bytes.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -a_bytes.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -a_bytes.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -a_bytes.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -a_bytes.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -a_bytes.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -a_bytes.o: ../../include/openssl/symhacks.h ../cryptlib.h a_bytes.c -a_d2i_fp.o: ../../e_os.h ../../include/openssl/asn1.h -a_d2i_fp.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h -a_d2i_fp.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -a_d2i_fp.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -a_d2i_fp.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -a_d2i_fp.o: ../../include/openssl/opensslconf.h -a_d2i_fp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -a_d2i_fp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -a_d2i_fp.o: ../../include/openssl/symhacks.h ../cryptlib.h a_d2i_fp.c -a_digest.o: ../../e_os.h ../../include/openssl/asn1.h -a_digest.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -a_digest.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -a_digest.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -a_digest.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -a_digest.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -a_digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -a_digest.o: ../../include/openssl/opensslconf.h -a_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -a_digest.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -a_digest.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -a_digest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -a_digest.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -a_digest.o: ../cryptlib.h a_digest.c -a_dup.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -a_dup.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -a_dup.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -a_dup.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -a_dup.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -a_dup.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -a_dup.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -a_dup.o: ../cryptlib.h a_dup.c -a_enum.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -a_enum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -a_enum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -a_enum.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -a_enum.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -a_enum.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -a_enum.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -a_enum.o: ../cryptlib.h a_enum.c -a_gentm.o: ../../e_os.h ../../include/openssl/asn1.h -a_gentm.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -a_gentm.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -a_gentm.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -a_gentm.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -a_gentm.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -a_gentm.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -a_gentm.o: ../../include/openssl/symhacks.h ../cryptlib.h ../o_time.h a_gentm.c -a_hdr.o: ../../e_os.h ../../include/openssl/asn1.h -a_hdr.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h -a_hdr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -a_hdr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -a_hdr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -a_hdr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -a_hdr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -a_hdr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -a_hdr.o: ../cryptlib.h a_hdr.c -a_i2d_fp.o: ../../e_os.h ../../include/openssl/asn1.h -a_i2d_fp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -a_i2d_fp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -a_i2d_fp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -a_i2d_fp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -a_i2d_fp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -a_i2d_fp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -a_i2d_fp.o: ../../include/openssl/symhacks.h ../cryptlib.h a_i2d_fp.c -a_int.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -a_int.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -a_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -a_int.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -a_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -a_int.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -a_int.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -a_int.o: ../cryptlib.h a_int.c -a_mbstr.o: ../../e_os.h ../../include/openssl/asn1.h -a_mbstr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -a_mbstr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -a_mbstr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -a_mbstr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -a_mbstr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -a_mbstr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -a_mbstr.o: ../../include/openssl/symhacks.h ../cryptlib.h a_mbstr.c -a_meth.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -a_meth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -a_meth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -a_meth.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -a_meth.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -a_meth.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -a_meth.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -a_meth.o: ../cryptlib.h a_meth.c -a_object.o: ../../e_os.h ../../include/openssl/asn1.h -a_object.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -a_object.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -a_object.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -a_object.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -a_object.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -a_object.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -a_object.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -a_object.o: ../../include/openssl/symhacks.h ../cryptlib.h a_object.c -a_octet.o: ../../e_os.h ../../include/openssl/asn1.h -a_octet.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -a_octet.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -a_octet.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -a_octet.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -a_octet.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -a_octet.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -a_octet.o: ../../include/openssl/symhacks.h ../cryptlib.h a_octet.c -a_print.o: ../../e_os.h ../../include/openssl/asn1.h -a_print.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -a_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -a_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -a_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -a_print.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -a_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -a_print.o: ../../include/openssl/symhacks.h ../cryptlib.h a_print.c -a_set.o: ../../e_os.h ../../include/openssl/asn1.h -a_set.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h -a_set.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -a_set.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -a_set.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -a_set.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -a_set.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -a_set.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -a_set.o: ../cryptlib.h a_set.c -a_sign.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -a_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -a_sign.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -a_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -a_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h -a_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -a_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -a_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -a_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -a_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -a_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -a_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -a_sign.o: ../cryptlib.h a_sign.c -a_strex.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -a_strex.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -a_strex.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -a_strex.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -a_strex.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -a_strex.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -a_strex.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -a_strex.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -a_strex.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -a_strex.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -a_strex.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -a_strex.o: ../../include/openssl/x509_vfy.h a_strex.c charmap.h -a_strnid.o: ../../e_os.h ../../include/openssl/asn1.h -a_strnid.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -a_strnid.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -a_strnid.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -a_strnid.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -a_strnid.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -a_strnid.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -a_strnid.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -a_strnid.o: ../../include/openssl/symhacks.h ../cryptlib.h a_strnid.c -a_time.o: ../../e_os.h ../../include/openssl/asn1.h -a_time.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -a_time.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -a_time.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -a_time.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -a_time.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -a_time.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -a_time.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -a_time.o: ../cryptlib.h ../o_time.h a_time.c -a_type.o: ../../e_os.h ../../include/openssl/asn1.h -a_type.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -a_type.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -a_type.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -a_type.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -a_type.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -a_type.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -a_type.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -a_type.o: ../cryptlib.h a_type.c -a_utctm.o: ../../e_os.h ../../include/openssl/asn1.h -a_utctm.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -a_utctm.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -a_utctm.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -a_utctm.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -a_utctm.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -a_utctm.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -a_utctm.o: ../../include/openssl/symhacks.h ../cryptlib.h ../o_time.h a_utctm.c -a_utf8.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -a_utf8.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -a_utf8.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -a_utf8.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -a_utf8.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -a_utf8.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -a_utf8.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -a_utf8.o: ../cryptlib.h a_utf8.c -a_verify.o: ../../e_os.h ../../include/openssl/asn1.h -a_verify.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -a_verify.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -a_verify.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -a_verify.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -a_verify.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -a_verify.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -a_verify.o: ../../include/openssl/opensslconf.h -a_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -a_verify.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -a_verify.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -a_verify.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -a_verify.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -a_verify.o: ../cryptlib.h a_verify.c -asn1_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -asn1_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -asn1_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -asn1_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -asn1_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -asn1_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -asn1_err.o: ../../include/openssl/symhacks.h asn1_err.c -asn1_lib.o: ../../e_os.h ../../include/openssl/asn1.h -asn1_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -asn1_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -asn1_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -asn1_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -asn1_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -asn1_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -asn1_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h asn1_lib.c -asn1_par.o: ../../e_os.h ../../include/openssl/asn1.h -asn1_par.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -asn1_par.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -asn1_par.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -asn1_par.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -asn1_par.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -asn1_par.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -asn1_par.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -asn1_par.o: ../../include/openssl/symhacks.h ../cryptlib.h asn1_par.c -asn_moid.o: ../../e_os.h ../../include/openssl/asn1.h -asn_moid.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -asn_moid.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h -asn_moid.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -asn_moid.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h -asn_moid.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -asn_moid.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -asn_moid.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -asn_moid.o: ../../include/openssl/opensslconf.h -asn_moid.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -asn_moid.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -asn_moid.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -asn_moid.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -asn_moid.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -asn_moid.o: ../cryptlib.h asn_moid.c -asn_pack.o: ../../e_os.h ../../include/openssl/asn1.h -asn_pack.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -asn_pack.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -asn_pack.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -asn_pack.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -asn_pack.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -asn_pack.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -asn_pack.o: ../../include/openssl/symhacks.h ../cryptlib.h asn_pack.c -d2i_pr.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -d2i_pr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -d2i_pr.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -d2i_pr.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -d2i_pr.o: ../../include/openssl/err.h ../../include/openssl/evp.h -d2i_pr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -d2i_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -d2i_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -d2i_pr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -d2i_pr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -d2i_pr.o: ../cryptlib.h d2i_pr.c -d2i_pu.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -d2i_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -d2i_pu.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -d2i_pu.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -d2i_pu.o: ../../include/openssl/err.h ../../include/openssl/evp.h -d2i_pu.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -d2i_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -d2i_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -d2i_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -d2i_pu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -d2i_pu.o: ../cryptlib.h d2i_pu.c -evp_asn1.o: ../../e_os.h ../../include/openssl/asn1.h -evp_asn1.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h -evp_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -evp_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -evp_asn1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -evp_asn1.o: ../../include/openssl/opensslconf.h -evp_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -evp_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -evp_asn1.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_asn1.c -f_enum.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -f_enum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -f_enum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -f_enum.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -f_enum.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -f_enum.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -f_enum.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -f_enum.o: ../cryptlib.h f_enum.c -f_int.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -f_int.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -f_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -f_int.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -f_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -f_int.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -f_int.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -f_int.o: ../cryptlib.h f_int.c -f_string.o: ../../e_os.h ../../include/openssl/asn1.h -f_string.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -f_string.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -f_string.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -f_string.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -f_string.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -f_string.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -f_string.o: ../../include/openssl/symhacks.h ../cryptlib.h f_string.c -i2d_pr.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -i2d_pr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -i2d_pr.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -i2d_pr.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -i2d_pr.o: ../../include/openssl/err.h ../../include/openssl/evp.h -i2d_pr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -i2d_pr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -i2d_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -i2d_pr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -i2d_pr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -i2d_pr.o: ../cryptlib.h i2d_pr.c -i2d_pu.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -i2d_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -i2d_pu.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -i2d_pu.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -i2d_pu.o: ../../include/openssl/err.h ../../include/openssl/evp.h -i2d_pu.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -i2d_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -i2d_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -i2d_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -i2d_pu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -i2d_pu.o: ../cryptlib.h i2d_pu.c -n_pkey.o: ../../e_os.h ../../include/openssl/asn1.h -n_pkey.o: ../../include/openssl/asn1_mac.h ../../include/openssl/asn1t.h -n_pkey.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -n_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -n_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -n_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -n_pkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -n_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -n_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -n_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -n_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -n_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -n_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -n_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h n_pkey.c -nsseq.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -nsseq.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -nsseq.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -nsseq.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -nsseq.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h -nsseq.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -nsseq.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -nsseq.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -nsseq.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -nsseq.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -nsseq.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -nsseq.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h nsseq.c -p5_pbe.o: ../../e_os.h ../../include/openssl/asn1.h -p5_pbe.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -p5_pbe.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -p5_pbe.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -p5_pbe.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -p5_pbe.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p5_pbe.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p5_pbe.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -p5_pbe.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -p5_pbe.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -p5_pbe.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -p5_pbe.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p5_pbe.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p5_pbe.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p5_pbe.c -p5_pbev2.o: ../../e_os.h ../../include/openssl/asn1.h -p5_pbev2.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -p5_pbev2.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -p5_pbev2.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -p5_pbev2.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -p5_pbev2.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p5_pbev2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p5_pbev2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -p5_pbev2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -p5_pbev2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -p5_pbev2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -p5_pbev2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p5_pbev2.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p5_pbev2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p5_pbev2.c -p8_pkey.o: ../../e_os.h ../../include/openssl/asn1.h -p8_pkey.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -p8_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -p8_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -p8_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -p8_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p8_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p8_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -p8_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -p8_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -p8_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p8_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p8_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p8_pkey.o: ../cryptlib.h p8_pkey.c -t_bitst.o: ../../e_os.h ../../include/openssl/asn1.h -t_bitst.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -t_bitst.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h -t_bitst.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -t_bitst.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -t_bitst.o: ../../include/openssl/err.h ../../include/openssl/evp.h -t_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -t_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -t_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -t_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -t_bitst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -t_bitst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -t_bitst.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -t_bitst.o: ../../include/openssl/x509v3.h ../cryptlib.h t_bitst.c -t_crl.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -t_crl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -t_crl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -t_crl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -t_crl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -t_crl.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -t_crl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -t_crl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -t_crl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -t_crl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -t_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -t_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -t_crl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -t_crl.o: ../cryptlib.h t_crl.c -t_pkey.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -t_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -t_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -t_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -t_pkey.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -t_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -t_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h -t_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -t_pkey.o: ../../include/openssl/symhacks.h ../cryptlib.h t_pkey.c -t_req.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -t_req.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -t_req.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -t_req.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -t_req.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -t_req.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -t_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -t_req.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -t_req.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -t_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -t_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -t_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -t_req.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -t_req.o: ../cryptlib.h t_req.c -t_spki.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -t_spki.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -t_spki.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -t_spki.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -t_spki.o: ../../include/openssl/err.h ../../include/openssl/evp.h -t_spki.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -t_spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -t_spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -t_spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -t_spki.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -t_spki.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -t_spki.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -t_spki.o: ../cryptlib.h t_spki.c -t_x509.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -t_x509.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -t_x509.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -t_x509.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -t_x509.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -t_x509.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -t_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -t_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -t_x509.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -t_x509.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -t_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -t_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -t_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -t_x509.o: ../cryptlib.h t_x509.c -t_x509a.o: ../../e_os.h ../../include/openssl/asn1.h -t_x509a.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -t_x509a.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -t_x509a.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -t_x509a.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -t_x509a.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -t_x509a.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -t_x509a.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -t_x509a.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -t_x509a.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -t_x509a.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -t_x509a.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -t_x509a.o: ../../include/openssl/x509_vfy.h ../cryptlib.h t_x509a.c -tasn_dec.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -tasn_dec.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -tasn_dec.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -tasn_dec.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -tasn_dec.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -tasn_dec.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -tasn_dec.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -tasn_dec.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -tasn_dec.o: ../../include/openssl/symhacks.h tasn_dec.c -tasn_enc.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -tasn_enc.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -tasn_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -tasn_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -tasn_enc.o: ../../include/openssl/opensslconf.h -tasn_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -tasn_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -tasn_enc.o: ../../include/openssl/symhacks.h tasn_enc.c -tasn_fre.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -tasn_fre.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -tasn_fre.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -tasn_fre.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -tasn_fre.o: ../../include/openssl/opensslconf.h -tasn_fre.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -tasn_fre.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -tasn_fre.o: ../../include/openssl/symhacks.h tasn_fre.c -tasn_new.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -tasn_new.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -tasn_new.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -tasn_new.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -tasn_new.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -tasn_new.o: ../../include/openssl/opensslconf.h -tasn_new.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -tasn_new.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -tasn_new.o: ../../include/openssl/symhacks.h tasn_new.c -tasn_typ.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -tasn_typ.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -tasn_typ.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -tasn_typ.o: ../../include/openssl/opensslconf.h -tasn_typ.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -tasn_typ.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -tasn_typ.o: ../../include/openssl/symhacks.h tasn_typ.c -tasn_utl.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -tasn_utl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -tasn_utl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -tasn_utl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -tasn_utl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -tasn_utl.o: ../../include/openssl/opensslconf.h -tasn_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -tasn_utl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -tasn_utl.o: ../../include/openssl/symhacks.h tasn_utl.c -x_algor.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -x_algor.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -x_algor.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -x_algor.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -x_algor.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h -x_algor.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x_algor.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -x_algor.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x_algor.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -x_algor.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_algor.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_algor.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_algor.o: x_algor.c -x_attrib.o: ../../e_os.h ../../include/openssl/asn1.h -x_attrib.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -x_attrib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -x_attrib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -x_attrib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -x_attrib.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_attrib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x_attrib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -x_attrib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x_attrib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -x_attrib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_attrib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_attrib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_attrib.o: ../cryptlib.h x_attrib.c -x_bignum.o: ../../e_os.h ../../include/openssl/asn1.h -x_bignum.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -x_bignum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -x_bignum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -x_bignum.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -x_bignum.o: ../../include/openssl/opensslconf.h -x_bignum.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x_bignum.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -x_bignum.o: ../../include/openssl/symhacks.h ../cryptlib.h x_bignum.c -x_crl.o: ../../e_os.h ../../include/openssl/asn1.h -x_crl.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -x_crl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -x_crl.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -x_crl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -x_crl.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_crl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x_crl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -x_crl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x_crl.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -x_crl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_crl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_crl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_crl.o: ../cryptlib.h x_crl.c -x_exten.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -x_exten.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -x_exten.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -x_exten.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -x_exten.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h -x_exten.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x_exten.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -x_exten.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x_exten.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -x_exten.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_exten.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_exten.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_exten.o: x_exten.c -x_info.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -x_info.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -x_info.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -x_info.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -x_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_info.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -x_info.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -x_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_info.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_info.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_info.o: ../cryptlib.h x_info.c -x_long.o: ../../e_os.h ../../include/openssl/asn1.h -x_long.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -x_long.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -x_long.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -x_long.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -x_long.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x_long.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -x_long.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_long.o: ../cryptlib.h x_long.c -x_name.o: ../../e_os.h ../../include/openssl/asn1.h -x_name.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -x_name.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -x_name.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -x_name.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -x_name.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_name.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x_name.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -x_name.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x_name.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -x_name.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_name.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_name.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_name.o: ../cryptlib.h x_name.c -x_pkey.o: ../../e_os.h ../../include/openssl/asn1.h -x_pkey.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h -x_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -x_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -x_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -x_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -x_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -x_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_pkey.o: ../cryptlib.h x_pkey.c -x_pubkey.o: ../../e_os.h ../../include/openssl/asn1.h -x_pubkey.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -x_pubkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -x_pubkey.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -x_pubkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -x_pubkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_pubkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x_pubkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -x_pubkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x_pubkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -x_pubkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_pubkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_pubkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_pubkey.o: ../cryptlib.h x_pubkey.c -x_req.o: ../../e_os.h ../../include/openssl/asn1.h -x_req.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -x_req.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -x_req.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -x_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -x_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_req.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -x_req.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -x_req.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_req.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_req.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_req.o: ../cryptlib.h x_req.c -x_sig.o: ../../e_os.h ../../include/openssl/asn1.h -x_sig.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -x_sig.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -x_sig.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -x_sig.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -x_sig.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_sig.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x_sig.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -x_sig.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x_sig.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -x_sig.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_sig.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_sig.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_sig.o: ../cryptlib.h x_sig.c -x_spki.o: ../../e_os.h ../../include/openssl/asn1.h -x_spki.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -x_spki.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -x_spki.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -x_spki.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -x_spki.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_spki.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x_spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -x_spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x_spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -x_spki.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_spki.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_spki.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_spki.o: ../cryptlib.h x_spki.c -x_val.o: ../../e_os.h ../../include/openssl/asn1.h -x_val.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -x_val.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -x_val.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -x_val.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -x_val.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_val.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x_val.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -x_val.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x_val.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -x_val.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_val.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_val.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_val.o: ../cryptlib.h x_val.c -x_x509.o: ../../e_os.h ../../include/openssl/asn1.h -x_x509.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -x_x509.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -x_x509.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -x_x509.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -x_x509.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -x_x509.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -x_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x_x509.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x_x509.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -x_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -x_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -x_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -x_x509.o: ../cryptlib.h x_x509.c -x_x509a.o: ../../e_os.h ../../include/openssl/asn1.h -x_x509a.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -x_x509a.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -x_x509a.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -x_x509a.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -x_x509a.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_x509a.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x_x509a.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -x_x509a.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x_x509a.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -x_x509a.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_x509a.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_x509a.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_x509a.o: ../cryptlib.h x_x509a.c diff --git a/src/lib/libcrypto/asn1/a_bitstr.c b/src/lib/libcrypto/asn1/a_bitstr.c index ed0bdfbde1a..7fd40d8a8c6 100644 --- a/src/lib/libcrypto/asn1/a_bitstr.c +++ b/src/lib/libcrypto/asn1/a_bitstr.c @@ -1,25 +1,25 @@ -/* crypto/asn1/a_bitstr.c */ +/* $OpenBSD: a_bitstr.c,v 1.29 2018/10/20 16:07:09 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,154 +57,210 @@ */ #include -#include "cryptlib.h" +#include + #include +#include -int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len) -{ return M_ASN1_BIT_STRING_set(x, d, len); } +int +ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len) +{ + return ASN1_STRING_set(x, d, len); +} -int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp) - { - int ret,j,bits,len; - unsigned char *p,*d; +int +i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp) +{ + int ret, j, bits, len; + unsigned char *p, *d; - if (a == NULL) return(0); + if (a == NULL) + return (0); - len=a->length; + len = a->length; - if (len > 0) - { - if (a->flags & ASN1_STRING_FLAG_BITS_LEFT) - { - bits=(int)a->flags&0x07; - } - else - { - for ( ; len > 0; len--) - { - if (a->data[len-1]) break; - } - j=a->data[len-1]; - if (j & 0x01) bits=0; - else if (j & 0x02) bits=1; - else if (j & 0x04) bits=2; - else if (j & 0x08) bits=3; - else if (j & 0x10) bits=4; - else if (j & 0x20) bits=5; - else if (j & 0x40) bits=6; - else if (j & 0x80) bits=7; - else bits=0; /* should not happen */ + if (len > 0) { + if (a->flags & ASN1_STRING_FLAG_BITS_LEFT) { + bits = (int)a->flags & 0x07; + } else { + for (; len > 0; len--) { + if (a->data[len - 1]) + break; } + j = a->data[len - 1]; + if (j & 0x01) + bits = 0; + else if (j & 0x02) + bits = 1; + else if (j & 0x04) + bits = 2; + else if (j & 0x08) + bits = 3; + else if (j & 0x10) + bits = 4; + else if (j & 0x20) + bits = 5; + else if (j & 0x40) + bits = 6; + else if (j & 0x80) + bits = 7; + else + bits = 0; /* should not happen */ } - else - bits=0; + } else + bits = 0; - ret=1+len; - if (pp == NULL) return(ret); + ret = 1 + len; + if (pp == NULL) + return (ret); p= *pp; - *(p++)=(unsigned char)bits; - d=a->data; - memcpy(p,d,len); - p+=len; - if (len > 0) p[-1]&=(0xff<data; + if (len > 0) { + memcpy(p, d, len); + p += len; + p[-1] &= 0xff << bits; } + *pp = p; + return (ret); +} -ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp, - long len) - { - ASN1_BIT_STRING *ret=NULL; - unsigned char *p,*s; +ASN1_BIT_STRING * +c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, const unsigned char **pp, long len) +{ + ASN1_BIT_STRING *ret = NULL; + const unsigned char *p; + unsigned char *s; int i; - if ((a == NULL) || ((*a) == NULL)) - { - if ((ret=M_ASN1_BIT_STRING_new()) == NULL) return(NULL); - } - else - ret=(*a); + if (len < 1) { + ASN1error(ASN1_R_STRING_TOO_SHORT); + goto err; + } - p= *pp; - i= *(p++); - /* We do this to preserve the settings. If we modify - * the settings, via the _set_bit function, we will recalculate - * on output */ - ret->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear */ - ret->flags|=(ASN1_STRING_FLAG_BITS_LEFT|(i&0x07)); /* set */ - - if (len-- > 1) /* using one because of the bits left byte */ - { - s=(unsigned char *)OPENSSL_malloc((int)len); - if (s == NULL) - { - i=ERR_R_MALLOC_FAILURE; + if (a == NULL || *a == NULL) { + if ((ret = ASN1_BIT_STRING_new()) == NULL) + return (NULL); + } else + ret = *a; + + p = *pp; + i = *(p++); + if (i > 7) { + ASN1error(ASN1_R_INVALID_BIT_STRING_BITS_LEFT); + goto err; + } + + /* + * We do this to preserve the settings. If we modify the settings, + * via the _set_bit function, we will recalculate on output. + */ + ret->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); /* clear */ + ret->flags |= (ASN1_STRING_FLAG_BITS_LEFT | i); /* set */ + + /* using one because of the bits left byte */ + if (len-- > 1) { + if ((s = malloc(len)) == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); goto err; - } - memcpy(s,p,(int)len); - s[len-1]&=(0xff<length=(int)len; - if (ret->data != NULL) OPENSSL_free(ret->data); - ret->data=s; - ret->type=V_ASN1_BIT_STRING; - if (a != NULL) (*a)=ret; - *pp=p; - return(ret); -err: - ASN1err(ASN1_F_D2I_ASN1_BIT_STRING,i); - if ((ret != NULL) && ((a == NULL) || (*a != ret))) - M_ASN1_BIT_STRING_free(ret); - return(NULL); - } + memcpy(s, p, len); + s[len - 1] &= (0xff << i); + p += len; + } else + s = NULL; -/* These next 2 functions from Goetz Babin-Ebell - */ -int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value) - { - int w,v,iv; + free(ret->data); + ret->data = s; + ret->length = (int)len; + ret->type = V_ASN1_BIT_STRING; + + if (a != NULL) + *a = ret; + + *pp = p; + + return (ret); + + err: + if (a == NULL || *a != ret) + ASN1_BIT_STRING_free(ret); + + return (NULL); +} + +int +ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value) +{ + int w, v, iv; unsigned char *c; - w=n/8; - v=1<<(7-(n&0x07)); - iv= ~v; - if (!value) v=0; - - a->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear, set on write */ - - if (a == NULL) return(0); - if ((a->length < (w+1)) || (a->data == NULL)) - { - if (!value) return(1); /* Don't need to set */ - if (a->data == NULL) - c=(unsigned char *)OPENSSL_malloc(w+1); - else - c=(unsigned char *)OPENSSL_realloc(a->data,w+1); - if (c == NULL) return(0); - if (w+1-a->length > 0) memset(c+a->length, 0, w+1-a->length); - a->data=c; - a->length=w+1; + w = n/8; + v = 1 << (7 - (n & 0x07)); + iv = ~v; + if (!value) + v = 0; + + if (a == NULL) + return 0; + + a->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); /* clear, set on write */ + + if ((a->length < (w + 1)) || (a->data == NULL)) { + if (!value) + return(1); /* Don't need to set */ + if ((c = recallocarray(a->data, a->length, w + 1, 1)) == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); + return 0; + } + if (w + 1 - a->length > 0) + memset(c + a->length, 0, w + 1 - a->length); + a->data = c; + a->length = w + 1; } - a->data[w]=((a->data[w])&iv)|v; - while ((a->length > 0) && (a->data[a->length-1] == 0)) + a->data[w] = ((a->data[w]) & iv) | v; + while ((a->length > 0) && (a->data[a->length - 1] == 0)) a->length--; - return(1); - } -int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n) - { - int w,v; + return (1); +} - w=n/8; - v=1<<(7-(n&0x07)); - if ((a == NULL) || (a->length < (w+1)) || (a->data == NULL)) - return(0); - return((a->data[w]&v) != 0); - } +int +ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n) +{ + int w, v; + + w = n / 8; + v = 1 << (7 - (n & 0x07)); + if ((a == NULL) || (a->length < (w + 1)) || (a->data == NULL)) + return (0); + return ((a->data[w] & v) != 0); +} +/* + * Checks if the given bit string contains only bits specified by + * the flags vector. Returns 0 if there is at least one bit set in 'a' + * which is not specified in 'flags', 1 otherwise. + * 'len' is the length of 'flags'. + */ +int +ASN1_BIT_STRING_check(const ASN1_BIT_STRING *a, const unsigned char *flags, + int flags_len) +{ + int i, ok; + + /* Check if there is one bit set at all. */ + if (!a || !a->data) + return 1; + + /* Check each byte of the internal representation of the bit string. */ + ok = 1; + for (i = 0; i < a->length && ok; ++i) { + unsigned char mask = i < flags_len ? ~flags[i] : 0xff; + /* We are done if there is an unneeded bit set. */ + ok = (a->data[i] & mask) == 0; + } + return ok; +} diff --git a/src/lib/libcrypto/asn1/a_bool.c b/src/lib/libcrypto/asn1/a_bool.c index 24333ea4d52..e8469bec650 100644 --- a/src/lib/libcrypto/asn1/a_bool.c +++ b/src/lib/libcrypto/asn1/a_bool.c @@ -1,25 +1,25 @@ -/* crypto/asn1/a_bool.c */ +/* $OpenBSD: a_bool.c,v 1.8 2017/01/29 17:49:22 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,58 +57,59 @@ */ #include -#include "cryptlib.h" + #include +#include -int i2d_ASN1_BOOLEAN(int a, unsigned char **pp) - { +int +i2d_ASN1_BOOLEAN(int a, unsigned char **pp) +{ int r; unsigned char *p; - r=ASN1_object_size(0,1,V_ASN1_BOOLEAN); - if (pp == NULL) return(r); - p= *pp; + r = ASN1_object_size(0, 1, V_ASN1_BOOLEAN); + if (pp == NULL) + return (r); + p = *pp; - ASN1_put_object(&p,0,1,V_ASN1_BOOLEAN,V_ASN1_UNIVERSAL); - *(p++)= (unsigned char)a; - *pp=p; - return(r); - } + ASN1_put_object(&p, 0, 1, V_ASN1_BOOLEAN, V_ASN1_UNIVERSAL); + *(p++) = (unsigned char)a; + *pp = p; + return (r); +} -int d2i_ASN1_BOOLEAN(int *a, unsigned char **pp, long length) - { - int ret= -1; - unsigned char *p; +int +d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length) +{ + int ret = -1; + const unsigned char *p; long len; - int inf,tag,xclass; - int i=0; + int inf, tag, xclass; + int i = 0; - p= *pp; - inf=ASN1_get_object(&p,&len,&tag,&xclass,length); - if (inf & 0x80) - { - i=ASN1_R_BAD_OBJECT_HEADER; + p = *pp; + inf = ASN1_get_object(&p, &len, &tag, &xclass, length); + if (inf & 0x80) { + i = ASN1_R_BAD_OBJECT_HEADER; goto err; - } + } - if (tag != V_ASN1_BOOLEAN) - { - i=ASN1_R_EXPECTING_A_BOOLEAN; + if (tag != V_ASN1_BOOLEAN) { + i = ASN1_R_EXPECTING_A_BOOLEAN; goto err; - } + } - if (len != 1) - { - i=ASN1_R_BOOLEAN_IS_WRONG_LENGTH; + if (len != 1) { + i = ASN1_R_BOOLEAN_IS_WRONG_LENGTH; goto err; - } - ret= (int)*(p++); - if (a != NULL) (*a)=ret; - *pp=p; - return(ret); -err: - ASN1err(ASN1_F_D2I_ASN1_BOOLEAN,i); - return(ret); } + ret = (int)*(p++); + if (a != NULL) + (*a) = ret; + *pp = p; + return (ret); - +err: + ASN1error(i); + return (ret); +} diff --git a/src/lib/libcrypto/asn1/a_bytes.c b/src/lib/libcrypto/asn1/a_bytes.c deleted file mode 100644 index bb88660f58c..00000000000 --- a/src/lib/libcrypto/asn1/a_bytes.c +++ /dev/null @@ -1,312 +0,0 @@ -/* crypto/asn1/a_bytes.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include "cryptlib.h" -#include - -static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c); -/* type is a 'bitmap' of acceptable string types. - */ -ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, unsigned char **pp, - long length, int type) - { - ASN1_STRING *ret=NULL; - unsigned char *p,*s; - long len; - int inf,tag,xclass; - int i=0; - - p= *pp; - inf=ASN1_get_object(&p,&len,&tag,&xclass,length); - if (inf & 0x80) goto err; - - if (tag >= 32) - { - i=ASN1_R_TAG_VALUE_TOO_HIGH;; - goto err; - } - if (!(ASN1_tag2bit(tag) & type)) - { - i=ASN1_R_WRONG_TYPE; - goto err; - } - - /* If a bit-string, exit early */ - if (tag == V_ASN1_BIT_STRING) - return(d2i_ASN1_BIT_STRING(a,pp,length)); - - if ((a == NULL) || ((*a) == NULL)) - { - if ((ret=ASN1_STRING_new()) == NULL) return(NULL); - } - else - ret=(*a); - - if (len != 0) - { - s=(unsigned char *)OPENSSL_malloc((int)len+1); - if (s == NULL) - { - i=ERR_R_MALLOC_FAILURE; - goto err; - } - memcpy(s,p,(int)len); - s[len]='\0'; - p+=len; - } - else - s=NULL; - - if (ret->data != NULL) OPENSSL_free(ret->data); - ret->length=(int)len; - ret->data=s; - ret->type=tag; - if (a != NULL) (*a)=ret; - *pp=p; - return(ret); -err: - ASN1err(ASN1_F_D2I_ASN1_TYPE_BYTES,i); - if ((ret != NULL) && ((a == NULL) || (*a != ret))) - ASN1_STRING_free(ret); - return(NULL); - } - -int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass) - { - int ret,r,constructed; - unsigned char *p; - - if (a == NULL) return(0); - - if (tag == V_ASN1_BIT_STRING) - return(i2d_ASN1_BIT_STRING(a,pp)); - - ret=a->length; - r=ASN1_object_size(0,ret,tag); - if (pp == NULL) return(r); - p= *pp; - - if ((tag == V_ASN1_SEQUENCE) || (tag == V_ASN1_SET)) - constructed=1; - else - constructed=0; - ASN1_put_object(&p,constructed,ret,tag,xclass); - memcpy(p,a->data,a->length); - p+=a->length; - *pp= p; - return(r); - } - -ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, unsigned char **pp, long length, - int Ptag, int Pclass) - { - ASN1_STRING *ret=NULL; - unsigned char *p,*s; - long len; - int inf,tag,xclass; - int i=0; - - if ((a == NULL) || ((*a) == NULL)) - { - if ((ret=ASN1_STRING_new()) == NULL) return(NULL); - } - else - ret=(*a); - - p= *pp; - inf=ASN1_get_object(&p,&len,&tag,&xclass,length); - if (inf & 0x80) - { - i=ASN1_R_BAD_OBJECT_HEADER; - goto err; - } - - if (tag != Ptag) - { - i=ASN1_R_WRONG_TAG; - goto err; - } - - if (inf & V_ASN1_CONSTRUCTED) - { - ASN1_CTX c; - - c.pp=pp; - c.p=p; - c.inf=inf; - c.slen=len; - c.tag=Ptag; - c.xclass=Pclass; - c.max=(length == 0)?0:(p+length); - if (!asn1_collate_primitive(ret,&c)) - goto err; - else - { - p=c.p; - } - } - else - { - if (len != 0) - { - if ((ret->length < len) || (ret->data == NULL)) - { - if (ret->data != NULL) OPENSSL_free(ret->data); - s=(unsigned char *)OPENSSL_malloc((int)len + 1); - if (s == NULL) - { - i=ERR_R_MALLOC_FAILURE; - goto err; - } - } - else - s=ret->data; - memcpy(s,p,(int)len); - s[len] = '\0'; - p+=len; - } - else - { - s=NULL; - if (ret->data != NULL) OPENSSL_free(ret->data); - } - - ret->length=(int)len; - ret->data=s; - ret->type=Ptag; - } - - if (a != NULL) (*a)=ret; - *pp=p; - return(ret); -err: - if ((ret != NULL) && ((a == NULL) || (*a != ret))) - ASN1_STRING_free(ret); - ASN1err(ASN1_F_D2I_ASN1_BYTES,i); - return(NULL); - } - - -/* We are about to parse 0..n d2i_ASN1_bytes objects, we are to collapse - * them into the one structure that is then returned */ -/* There have been a few bug fixes for this function from - * Paul Keogh , many thanks to him */ -static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c) - { - ASN1_STRING *os=NULL; - BUF_MEM b; - int num; - - b.length=0; - b.max=0; - b.data=NULL; - - if (a == NULL) - { - c->error=ERR_R_PASSED_NULL_PARAMETER; - goto err; - } - - num=0; - for (;;) - { - if (c->inf & 1) - { - c->eos=ASN1_check_infinite_end(&c->p, - (long)(c->max-c->p)); - if (c->eos) break; - } - else - { - if (c->slen <= 0) break; - } - - c->q=c->p; - if (d2i_ASN1_bytes(&os,&c->p,c->max-c->p,c->tag,c->xclass) - == NULL) - { - c->error=ERR_R_ASN1_LIB; - goto err; - } - - if (!BUF_MEM_grow(&b,num+os->length)) - { - c->error=ERR_R_BUF_LIB; - goto err; - } - memcpy(&(b.data[num]),os->data,os->length); - if (!(c->inf & 1)) - c->slen-=(c->p-c->q); - num+=os->length; - } - - if (!asn1_Finish(c)) goto err; - - a->length=num; - if (a->data != NULL) OPENSSL_free(a->data); - a->data=(unsigned char *)b.data; - if (os != NULL) ASN1_STRING_free(os); - return(1); -err: - ASN1err(ASN1_F_ASN1_COLLATE_PRIMITIVE,c->error); - if (os != NULL) ASN1_STRING_free(os); - if (b.data != NULL) OPENSSL_free(b.data); - return(0); - } - diff --git a/src/lib/libcrypto/asn1/a_d2i_fp.c b/src/lib/libcrypto/asn1/a_d2i_fp.c index a80fbe9ff7f..390a1072d52 100644 --- a/src/lib/libcrypto/asn1/a_d2i_fp.c +++ b/src/lib/libcrypto/asn1/a_d2i_fp.c @@ -1,25 +1,25 @@ -/* crypto/asn1/a_d2i_fp.c */ +/* $OpenBSD: a_d2i_fp.c,v 1.16 2017/01/29 17:49:22 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,204 +49,241 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ +#include #include -#include "cryptlib.h" + +#include #include -#include +#include static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb); #ifndef NO_OLD_ASN1 -#ifndef OPENSSL_NO_FP_API - -char *ASN1_d2i_fp(char *(*xnew)(), char *(*d2i)(), FILE *in, - unsigned char **x) - { - BIO *b; - char *ret; - - if ((b=BIO_new(BIO_s_file())) == NULL) - { - ASN1err(ASN1_F_ASN1_D2I_FP,ERR_R_BUF_LIB); - return(NULL); - } - BIO_set_fp(b,in,BIO_NOCLOSE); - ret=ASN1_d2i_bio(xnew,d2i,b,x); - BIO_free(b); - return(ret); - } -#endif -char *ASN1_d2i_bio(char *(*xnew)(), char *(*d2i)(), BIO *in, - unsigned char **x) - { +void * +ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x) +{ + BIO *b; + void *ret; + + if ((b = BIO_new(BIO_s_file())) == NULL) { + ASN1error(ERR_R_BUF_LIB); + return (NULL); + } + BIO_set_fp(b, in, BIO_NOCLOSE); + ret = ASN1_d2i_bio(xnew, d2i, b, x); + BIO_free(b); + return (ret); +} + +void * +ASN1_d2i_bio(void *(*xnew)(void), d2i_of_void *d2i, BIO *in, void **x) +{ BUF_MEM *b = NULL; - unsigned char *p; - char *ret=NULL; + const unsigned char *p; + void *ret = NULL; int len; len = asn1_d2i_read_bio(in, &b); - if(len < 0) goto err; + if (len < 0) + goto err; + + p = (unsigned char *)b->data; + ret = d2i(x, &p, len); - p=(unsigned char *)b->data; - ret=d2i(x,&p,len); err: - if (b != NULL) BUF_MEM_free(b); - return(ret); - } + if (b != NULL) + BUF_MEM_free(b); + return (ret); +} #endif -void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x) - { +void * +ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x) +{ BUF_MEM *b = NULL; - unsigned char *p; - void *ret=NULL; + const unsigned char *p; + void *ret = NULL; int len; len = asn1_d2i_read_bio(in, &b); - if(len < 0) goto err; + if (len < 0) + goto err; + + p = (const unsigned char *)b->data; + ret = ASN1_item_d2i(x, &p, len, it); - p=(unsigned char *)b->data; - ret=ASN1_item_d2i(x,&p,len, it); err: - if (b != NULL) BUF_MEM_free(b); - return(ret); - } + if (b != NULL) + BUF_MEM_free(b); + return (ret); +} -#ifndef OPENSSL_NO_FP_API -void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x) - { - BIO *b; - char *ret; +void * +ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x) +{ + BIO *b; + char *ret; - if ((b=BIO_new(BIO_s_file())) == NULL) - { - ASN1err(ASN1_F_ASN1_D2I_FP,ERR_R_BUF_LIB); - return(NULL); - } - BIO_set_fp(b,in,BIO_NOCLOSE); - ret=ASN1_item_d2i_bio(it,b,x); - BIO_free(b); - return(ret); - } -#endif + if ((b = BIO_new(BIO_s_file())) == NULL) { + ASN1error(ERR_R_BUF_LIB); + return (NULL); + } + BIO_set_fp(b, in, BIO_NOCLOSE); + ret = ASN1_item_d2i_bio(it, b, x); + BIO_free(b); + return (ret); +} #define HEADER_SIZE 8 -static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) - { +#define ASN1_CHUNK_INITIAL_SIZE (16 * 1024) +static int +asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) +{ BUF_MEM *b; unsigned char *p; int i; - int ret=-1; - ASN1_CTX c; - int want=HEADER_SIZE; - int eos=0; - int off=0; - int len=0; - - b=BUF_MEM_new(); - if (b == NULL) - { - ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE); + ASN1_const_CTX c; + size_t want = HEADER_SIZE; + int eos = 0; + size_t off = 0; + size_t len = 0; + + b = BUF_MEM_new(); + if (b == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); return -1; - } + } ERR_clear_error(); - for (;;) - { - if (want >= (len-off)) - { - want-=(len-off); - - if (!BUF_MEM_grow(b,len+want)) - { - ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE); + for (;;) { + if (want >= (len - off)) { + want -= (len - off); + + if (len + want < len || + !BUF_MEM_grow_clean(b, len + want)) { + ASN1error(ERR_R_MALLOC_FAILURE); goto err; - } - i=BIO_read(in,&(b->data[len]),want); - if ((i < 0) && ((len-off) == 0)) - { - ASN1err(ASN1_F_ASN1_D2I_BIO,ASN1_R_NOT_ENOUGH_DATA); + } + i = BIO_read(in, &(b->data[len]), want); + if ((i < 0) && ((len - off) == 0)) { + ASN1error(ASN1_R_NOT_ENOUGH_DATA); goto err; + } + if (i > 0) { + if (len + i < len) { + ASN1error(ASN1_R_TOO_LONG); + goto err; } - if (i > 0) - len+=i; + len += i; } + } /* else data already loaded */ - p=(unsigned char *)&(b->data[off]); - c.p=p; - c.inf=ASN1_get_object(&(c.p),&(c.slen),&(c.tag),&(c.xclass), - len-off); - if (c.inf & 0x80) - { + p = (unsigned char *) & (b->data[off]); + c.p = p; + c.inf = ASN1_get_object(&(c.p), &(c.slen), &(c.tag), + &(c.xclass), len - off); + if (c.inf & 0x80) { unsigned long e; - e=ERR_GET_REASON(ERR_peek_error()); + e = ERR_GET_REASON(ERR_peek_error()); if (e != ASN1_R_TOO_LONG) goto err; else - ERR_get_error(); /* clear error */ - } - i=c.p-p;/* header length */ - off+=i; /* end of data */ + ERR_clear_error(); /* clear error */ + } + i = c.p - p; /* header length */ + off += i; /* end of data */ - if (c.inf & 1) - { + if (c.inf & 1) { /* no data body so go round again */ eos++; - want=HEADER_SIZE; + if (eos < 0) { + ASN1error(ASN1_R_HEADER_TOO_LONG); + goto err; } - else if (eos && (c.slen == 0) && (c.tag == V_ASN1_EOC)) - { + want = HEADER_SIZE; + } else if (eos && (c.slen == 0) && (c.tag == V_ASN1_EOC)) { /* eos value, so go back and read another header */ eos--; if (eos <= 0) break; else - want=HEADER_SIZE; - } - else - { + want = HEADER_SIZE; + } else { /* suck in c.slen bytes of data */ - want=(int)c.slen; - if (want > (len-off)) - { - want-=(len-off); - if (!BUF_MEM_grow(b,len+want)) - { - ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE); + want = c.slen; + if (want > (len - off)) { + size_t chunk_max = ASN1_CHUNK_INITIAL_SIZE; + + want -= (len - off); + if (want > INT_MAX /* BIO_read takes an int length */ || + len+want < len) { + ASN1error(ASN1_R_TOO_LONG); goto err; + } + while (want > 0) { + /* + * Read content in chunks of increasing size + * so we can return an error for EOF without + * having to allocate the entire content length + * in one go. + */ + size_t chunk = want > chunk_max ? chunk_max : want; + + if (!BUF_MEM_grow_clean(b, len + chunk)) { + ASN1error(ERR_R_MALLOC_FAILURE); + goto err; } - i=BIO_read(in,&(b->data[len]),want); - if (i <= 0) - { - ASN1err(ASN1_F_ASN1_D2I_BIO,ASN1_R_NOT_ENOUGH_DATA); - goto err; + want -= chunk; + while (chunk > 0) { + i = BIO_read(in, &(b->data[len]), chunk); + if (i <= 0) { + ASN1error(ASN1_R_NOT_ENOUGH_DATA); + goto err; + } + /* + * This can't overflow because |len+want| + * didn't overflow. + */ + len += i; + chunk -= i; } - len+=i; + if (chunk_max < INT_MAX/2) + chunk_max *= 2; } - off+=(int)c.slen; - if (eos <= 0) - { - break; - } - else - want=HEADER_SIZE; } + if (off + c.slen < off) { + ASN1error(ASN1_R_TOO_LONG); + goto err; + } + off += c.slen; + if (eos <= 0) { + break; + } else + want = HEADER_SIZE; } + } + + if (off > INT_MAX) { + ASN1error(ASN1_R_TOO_LONG); + goto err; + } *pb = b; return off; + err: - if (b != NULL) BUF_MEM_free(b); - return(ret); - } + if (b != NULL) + BUF_MEM_free(b); + return -1; +} diff --git a/src/lib/libcrypto/asn1/a_digest.c b/src/lib/libcrypto/asn1/a_digest.c index 4931e222a05..5b95adf1155 100644 --- a/src/lib/libcrypto/asn1/a_digest.c +++ b/src/lib/libcrypto/asn1/a_digest.c @@ -1,25 +1,25 @@ -/* crypto/asn1/a_digest.c */ +/* $OpenBSD: a_digest.c,v 1.16 2018/04/06 09:19:36 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,58 +49,39 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ +#include + #include #include -#include "cryptlib.h" - -#ifndef NO_SYS_TYPES_H -# include -#endif - -#include #include +#include +#include #include -#ifndef NO_ASN1_OLD - -int ASN1_digest(int (*i2d)(), const EVP_MD *type, char *data, - unsigned char *md, unsigned int *len) - { - int i; - unsigned char *str,*p; - - i=i2d(data,NULL); - if ((str=(unsigned char *)OPENSSL_malloc(i)) == NULL) return(0); - p=str; - i2d(data,&p); - - EVP_Digest(str, i, md, len, type, NULL); - OPENSSL_free(str); - return(1); - } - -#endif - - -int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn, - unsigned char *md, unsigned int *len) - { +int +ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn, + unsigned char *md, unsigned int *len) +{ int i; unsigned char *str = NULL; - i=ASN1_item_i2d(asn,&str, it); - if (!str) return(0); + i = ASN1_item_i2d(asn, &str, it); + if (!str) + return (0); - EVP_Digest(str, i, md, len, type, NULL); - OPENSSL_free(str); - return(1); + if (!EVP_Digest(str, i, md, len, type, NULL)) { + free(str); + return (0); } + free(str); + return (1); +} diff --git a/src/lib/libcrypto/asn1/a_dup.c b/src/lib/libcrypto/asn1/a_dup.c index 58a017884cb..2e17a1e2194 100644 --- a/src/lib/libcrypto/asn1/a_dup.c +++ b/src/lib/libcrypto/asn1/a_dup.c @@ -1,25 +1,25 @@ -/* crypto/asn1/a_dup.c */ +/* $OpenBSD: a_dup.c,v 1.14 2017/01/29 17:49:22 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,30 +57,36 @@ */ #include -#include "cryptlib.h" + #include +#include #ifndef NO_OLD_ASN1 -char *ASN1_dup(int (*i2d)(), char *(*d2i)(), char *x) - { - unsigned char *b,*p; - long i; +void * +ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x) +{ + unsigned char *b, *p; + const unsigned char *p2; + int i; char *ret; - if (x == NULL) return(NULL); + if (x == NULL) + return (NULL); - i=(long)i2d(x,NULL); - b=(unsigned char *)OPENSSL_malloc((unsigned int)i+10); - if (b == NULL) - { ASN1err(ASN1_F_ASN1_DUP,ERR_R_MALLOC_FAILURE); return(NULL); } - p= b; - i=i2d(x,&p); - p= b; - ret=d2i(NULL,&p,i); - OPENSSL_free(b); - return(ret); + i = i2d(x, NULL); + b = malloc(i + 10); + if (b == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); + return (NULL); } + p = b; + i = i2d(x, &p); + p2 = b; + ret = d2i(NULL, &p2, i); + free(b); + return (ret); +} #endif @@ -89,19 +95,24 @@ char *ASN1_dup(int (*i2d)(), char *(*d2i)(), char *x) * the underlying structure instead of doing and encode and decode. */ -void *ASN1_item_dup(const ASN1_ITEM *it, void *x) - { - unsigned char *b = NULL, *p; +void * +ASN1_item_dup(const ASN1_ITEM *it, void *x) +{ + unsigned char *b = NULL; + const unsigned char *p; long i; void *ret; - if (x == NULL) return(NULL); + if (x == NULL) + return (NULL); - i=ASN1_item_i2d(x,&b,it); - if (b == NULL) - { ASN1err(ASN1_F_ASN1_DUP,ERR_R_MALLOC_FAILURE); return(NULL); } - p= b; - ret=ASN1_item_d2i(NULL,&p,i, it); - OPENSSL_free(b); - return(ret); + i = ASN1_item_i2d(x, &b, it); + if (b == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); + return (NULL); } + p = b; + ret = ASN1_item_d2i(NULL, &p, i, it); + free(b); + return (ret); +} diff --git a/src/lib/libcrypto/asn1/a_enum.c b/src/lib/libcrypto/asn1/a_enum.c index ad8f0ffd1ab..c7d3a9a0ac4 100644 --- a/src/lib/libcrypto/asn1/a_enum.c +++ b/src/lib/libcrypto/asn1/a_enum.c @@ -1,25 +1,25 @@ -/* crypto/asn1/a_enum.c */ +/* $OpenBSD: a_enum.c,v 1.19 2018/04/25 11:48:21 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,124 +57,133 @@ */ #include -#include "cryptlib.h" + #include +#include +#include -/* +/* * Code for ENUMERATED type: identical to INTEGER apart from a different tag. * for comments on encoding see a_int.c */ -int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v) - { - int i,j,k; - unsigned char buf[sizeof(long)+1]; +int +ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v) +{ + int j, k; + unsigned int i; + unsigned char buf[sizeof(long) + 1]; long d; - a->type=V_ASN1_ENUMERATED; - if (a->length < (sizeof(long)+1)) - { - if (a->data != NULL) - OPENSSL_free(a->data); - if ((a->data=(unsigned char *)OPENSSL_malloc(sizeof(long)+1)) != NULL) - memset((char *)a->data,0,sizeof(long)+1); - } - if (a->data == NULL) - { - ASN1err(ASN1_F_ASN1_ENUMERATED_SET,ERR_R_MALLOC_FAILURE); - return(0); - } - d=v; - if (d < 0) - { - d= -d; - a->type=V_ASN1_NEG_ENUMERATED; - } + a->type = V_ASN1_ENUMERATED; + if (a->length < (int)(sizeof(long) + 1)) { + free(a->data); + a->data = calloc(1, sizeof(long) + 1); + } + if (a->data == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); + return (0); + } + d = v; + if (d < 0) { + d = -d; + a->type = V_ASN1_NEG_ENUMERATED; + } - for (i=0; i>=8; - } - j=0; - for (k=i-1; k >=0; k--) - a->data[j++]=buf[k]; - a->length=j; - return(1); + for (i = 0; i < sizeof(long); i++) { + if (d == 0) + break; + buf[i] = (int)d & 0xff; + d >>= 8; } + j = 0; + for (k = i - 1; k >= 0; k--) + a->data[j++] = buf[k]; + a->length = j; + return (1); +} -long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a) - { - int neg=0,i; - long r=0; +long +ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a) +{ + int neg = 0, i; + long r = 0; - if (a == NULL) return(0L); - i=a->type; + if (a == NULL) + return (0L); + i = a->type; if (i == V_ASN1_NEG_ENUMERATED) - neg=1; + neg = 1; else if (i != V_ASN1_ENUMERATED) return -1; - - if (a->length > sizeof(long)) - { + + if (a->length > (int)sizeof(long)) { /* hmm... a bit ugly */ - return(0xffffffffL); - } + return -1; + } if (a->data == NULL) return 0; - for (i=0; ilength; i++) - { - r<<=8; - r|=(unsigned char)a->data[i]; - } - if (neg) r= -r; - return(r); + for (i = 0; i < a->length; i++) { + r <<= 8; + r |= (unsigned char)a->data[i]; } + if (neg) + r = -r; + return (r); +} -ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai) - { +ASN1_ENUMERATED * +BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai) +{ ASN1_ENUMERATED *ret; - int len,j; + int len, j; if (ai == NULL) - ret=M_ASN1_ENUMERATED_new(); + ret = ASN1_ENUMERATED_new(); else - ret=ai; - if (ret == NULL) - { - ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED,ERR_R_NESTED_ASN1_ERROR); + ret = ai; + if (ret == NULL) { + ASN1error(ERR_R_NESTED_ASN1_ERROR); goto err; - } - if(bn->neg) ret->type = V_ASN1_NEG_ENUMERATED; - else ret->type=V_ASN1_ENUMERATED; - j=BN_num_bits(bn); - len=((j == 0)?0:((j/8)+1)); - if (ret->length < len+4) - { - unsigned char *new_data=OPENSSL_realloc(ret->data, len+4); - if (!new_data) - { - ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE); + } + if (BN_is_negative(bn)) + ret->type = V_ASN1_NEG_ENUMERATED; + else + ret->type = V_ASN1_ENUMERATED; + j = BN_num_bits(bn); + len = ((j == 0) ? 0 : ((j / 8) + 1)); + if (ret->length < len + 4) { + unsigned char *new_data = realloc(ret->data, len + 4); + if (!new_data) { + ASN1error(ERR_R_MALLOC_FAILURE); goto err; - } - ret->data=new_data; } + ret->data = new_data; + } + ret->length = BN_bn2bin(bn, ret->data); - ret->length=BN_bn2bin(bn,ret->data); - return(ret); -err: - if (ret != ai) M_ASN1_ENUMERATED_free(ret); - return(NULL); + /* Correct zero case */ + if (!ret->length) { + ret->data[0] = 0; + ret->length = 1; } + return (ret); -BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn) - { +err: + if (ret != ai) + ASN1_ENUMERATED_free(ret); + return (NULL); +} + +BIGNUM * +ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai, BIGNUM *bn) +{ BIGNUM *ret; - if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL) - ASN1err(ASN1_F_ASN1_ENUMERATED_TO_BN,ASN1_R_BN_LIB); - else if(ai->type == V_ASN1_NEG_ENUMERATED) ret->neg = 1; - return(ret); - } + if ((ret = BN_bin2bn(ai->data, ai->length, bn)) == NULL) + ASN1error(ASN1_R_BN_LIB); + else if (ai->type == V_ASN1_NEG_ENUMERATED) + BN_set_negative(ret, 1); + return (ret); +} diff --git a/src/lib/libcrypto/asn1/a_gentm.c b/src/lib/libcrypto/asn1/a_gentm.c deleted file mode 100644 index cd09f68b38f..00000000000 --- a/src/lib/libcrypto/asn1/a_gentm.c +++ /dev/null @@ -1,239 +0,0 @@ -/* crypto/asn1/a_gentm.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -/* GENERALIZEDTIME implementation, written by Steve Henson. Based on UTCTIME */ - -#include -#include -#include "cryptlib.h" -#include "o_time.h" -#include - -#if 0 - -int i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *a, unsigned char **pp) - { -#ifdef CHARSET_EBCDIC - /* KLUDGE! We convert to ascii before writing DER */ - int len; - char tmp[24]; - ASN1_STRING tmpstr = *(ASN1_STRING *)a; - - len = tmpstr.length; - ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof tmp) ? sizeof tmp : len); - tmpstr.data = tmp; - - a = (ASN1_GENERALIZEDTIME *) &tmpstr; -#endif - return(i2d_ASN1_bytes((ASN1_STRING *)a,pp, - V_ASN1_GENERALIZEDTIME,V_ASN1_UNIVERSAL)); - } - - -ASN1_GENERALIZEDTIME *d2i_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME **a, - unsigned char **pp, long length) - { - ASN1_GENERALIZEDTIME *ret=NULL; - - ret=(ASN1_GENERALIZEDTIME *)d2i_ASN1_bytes((ASN1_STRING **)a,pp,length, - V_ASN1_GENERALIZEDTIME,V_ASN1_UNIVERSAL); - if (ret == NULL) - { - ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME,ERR_R_NESTED_ASN1_ERROR); - return(NULL); - } -#ifdef CHARSET_EBCDIC - ascii2ebcdic(ret->data, ret->data, ret->length); -#endif - if (!ASN1_GENERALIZEDTIME_check(ret)) - { - ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME,ASN1_R_INVALID_TIME_FORMAT); - goto err; - } - - return(ret); -err: - if ((ret != NULL) && ((a == NULL) || (*a != ret))) - M_ASN1_GENERALIZEDTIME_free(ret); - return(NULL); - } - -#endif - -int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d) - { - static int min[9]={ 0, 0, 1, 1, 0, 0, 0, 0, 0}; - static int max[9]={99, 99,12,31,23,59,59,12,59}; - char *a; - int n,i,l,o; - - if (d->type != V_ASN1_GENERALIZEDTIME) return(0); - l=d->length; - a=(char *)d->data; - o=0; - /* GENERALIZEDTIME is similar to UTCTIME except the year is - * represented as YYYY. This stuff treats everything as a two digit - * field so make first two fields 00 to 99 - */ - if (l < 13) goto err; - for (i=0; i<7; i++) - { - if ((i == 6) && ((a[o] == 'Z') || - (a[o] == '+') || (a[o] == '-'))) - { i++; break; } - if ((a[o] < '0') || (a[o] > '9')) goto err; - n= a[o]-'0'; - if (++o > l) goto err; - - if ((a[o] < '0') || (a[o] > '9')) goto err; - n=(n*10)+ a[o]-'0'; - if (++o > l) goto err; - - if ((n < min[i]) || (n > max[i])) goto err; - } - /* Optional fractional seconds: decimal point followed by one - * or more digits. - */ - if (a[o] == '.') - { - if (++o > l) goto err; - i = o; - while ((a[o] >= '0') && (a[o] <= '9') && (o <= l)) - o++; - /* Must have at least one digit after decimal point */ - if (i == o) goto err; - } - - if (a[o] == 'Z') - o++; - else if ((a[o] == '+') || (a[o] == '-')) - { - o++; - if (o+4 > l) goto err; - for (i=7; i<9; i++) - { - if ((a[o] < '0') || (a[o] > '9')) goto err; - n= a[o]-'0'; - o++; - if ((a[o] < '0') || (a[o] > '9')) goto err; - n=(n*10)+ a[o]-'0'; - if ((n < min[i]) || (n > max[i])) goto err; - o++; - } - } - return(o == l); -err: - return(0); - } - -int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, char *str) - { - ASN1_GENERALIZEDTIME t; - - t.type=V_ASN1_GENERALIZEDTIME; - t.length=strlen(str); - t.data=(unsigned char *)str; - if (ASN1_GENERALIZEDTIME_check(&t)) - { - if (s != NULL) - { - ASN1_STRING_set((ASN1_STRING *)s, - (unsigned char *)str,t.length); - s->type=V_ASN1_GENERALIZEDTIME; - } - return(1); - } - else - return(0); - } - -ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, - time_t t) - { - char *p; - struct tm *ts; - struct tm data; - - if (s == NULL) - s=M_ASN1_GENERALIZEDTIME_new(); - if (s == NULL) - return(NULL); - - ts=OPENSSL_gmtime(&t, &data); - if (ts == NULL) - return(NULL); - - p=(char *)s->data; - if ((p == NULL) || (s->length < 16)) - { - p=OPENSSL_malloc(20); - if (p == NULL) return(NULL); - if (s->data != NULL) - OPENSSL_free(s->data); - s->data=(unsigned char *)p; - } - - sprintf(p,"%04d%02d%02d%02d%02d%02dZ",ts->tm_year + 1900, - ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec); - s->length=strlen(p); - s->type=V_ASN1_GENERALIZEDTIME; -#ifdef CHARSET_EBCDIC_not - ebcdic2ascii(s->data, s->data, s->length); -#endif - return(s); - } diff --git a/src/lib/libcrypto/asn1/a_hdr.c b/src/lib/libcrypto/asn1/a_hdr.c deleted file mode 100644 index b1aad81f773..00000000000 --- a/src/lib/libcrypto/asn1/a_hdr.c +++ /dev/null @@ -1,119 +0,0 @@ -/* crypto/asn1/a_hdr.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include "cryptlib.h" -#include -#include - -int i2d_ASN1_HEADER(ASN1_HEADER *a, unsigned char **pp) - { - M_ASN1_I2D_vars(a); - - M_ASN1_I2D_len(a->header, i2d_ASN1_OCTET_STRING); - M_ASN1_I2D_len(a->data, a->meth->i2d); - - M_ASN1_I2D_seq_total(); - - M_ASN1_I2D_put(a->header, i2d_ASN1_OCTET_STRING); - M_ASN1_I2D_put(a->data, a->meth->i2d); - - M_ASN1_I2D_finish(); - } - -ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER **a, unsigned char **pp, - long length) - { - M_ASN1_D2I_vars(a,ASN1_HEADER *,ASN1_HEADER_new); - - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); - M_ASN1_D2I_get(ret->header,d2i_ASN1_OCTET_STRING); - if (ret->meth != NULL) - { - M_ASN1_D2I_get(ret->data,ret->meth->d2i); - } - else - { - if (a != NULL) (*a)=ret; - return(ret); - } - M_ASN1_D2I_Finish(a,ASN1_HEADER_free,ASN1_F_D2I_ASN1_HEADER); - } - -ASN1_HEADER *ASN1_HEADER_new(void) - { - ASN1_HEADER *ret=NULL; - ASN1_CTX c; - - M_ASN1_New_Malloc(ret,ASN1_HEADER); - M_ASN1_New(ret->header,M_ASN1_OCTET_STRING_new); - ret->meth=NULL; - ret->data=NULL; - return(ret); - M_ASN1_New_Error(ASN1_F_ASN1_HEADER_NEW); - } - -void ASN1_HEADER_free(ASN1_HEADER *a) - { - if (a == NULL) return; - M_ASN1_OCTET_STRING_free(a->header); - if (a->meth != NULL) - a->meth->destroy(a->data); - OPENSSL_free(a); - } diff --git a/src/lib/libcrypto/asn1/a_i2d_fp.c b/src/lib/libcrypto/asn1/a_i2d_fp.c index f4f1b73ebe8..6398978aac9 100644 --- a/src/lib/libcrypto/asn1/a_i2d_fp.c +++ b/src/lib/libcrypto/asn1/a_i2d_fp.c @@ -1,25 +1,25 @@ -/* crypto/asn1/a_i2d_fp.c */ +/* $OpenBSD: a_i2d_fp.c,v 1.15 2017/01/29 17:49:22 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,107 +57,102 @@ */ #include -#include "cryptlib.h" -#include + #include +#include +#include #ifndef NO_OLD_ASN1 -#ifndef OPENSSL_NO_FP_API -int ASN1_i2d_fp(int (*i2d)(), FILE *out, unsigned char *x) - { - BIO *b; - int ret; +int +ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x) +{ + BIO *b; + int ret; - if ((b=BIO_new(BIO_s_file())) == NULL) - { - ASN1err(ASN1_F_ASN1_I2D_FP,ERR_R_BUF_LIB); - return(0); - } - BIO_set_fp(b,out,BIO_NOCLOSE); - ret=ASN1_i2d_bio(i2d,b,x); - BIO_free(b); - return(ret); - } -#endif + if ((b = BIO_new(BIO_s_file())) == NULL) { + ASN1error(ERR_R_BUF_LIB); + return (0); + } + BIO_set_fp(b, out, BIO_NOCLOSE); + ret = ASN1_i2d_bio(i2d, b, x); + BIO_free(b); + return (ret); +} -int ASN1_i2d_bio(int (*i2d)(), BIO *out, unsigned char *x) - { +int +ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x) +{ char *b; unsigned char *p; - int i,j=0,n,ret=1; + int i, j = 0, n, ret = 1; - n=i2d(x,NULL); - b=(char *)OPENSSL_malloc(n); - if (b == NULL) - { - ASN1err(ASN1_F_ASN1_I2D_BIO,ERR_R_MALLOC_FAILURE); - return(0); - } + n = i2d(x, NULL); + b = malloc(n); + if (b == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); + return (0); + } + + p = (unsigned char *)b; + i2d(x, &p); - p=(unsigned char *)b; - i2d(x,&p); - - for (;;) - { - i=BIO_write(out,&(b[j]),n); - if (i == n) break; - if (i <= 0) - { - ret=0; + for (;;) { + i = BIO_write(out, &(b[j]), n); + if (i == n) + break; + if (i <= 0) { + ret = 0; break; - } - j+=i; - n-=i; } - OPENSSL_free(b); - return(ret); + j += i; + n -= i; } + free(b); + return (ret); +} #endif -#ifndef OPENSSL_NO_FP_API -int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x) - { - BIO *b; - int ret; +int +ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x) +{ + BIO *b; + int ret; - if ((b=BIO_new(BIO_s_file())) == NULL) - { - ASN1err(ASN1_F_ASN1_I2D_FP,ERR_R_BUF_LIB); - return(0); - } - BIO_set_fp(b,out,BIO_NOCLOSE); - ret=ASN1_item_i2d_bio(it,b,x); - BIO_free(b); - return(ret); - } -#endif + if ((b = BIO_new(BIO_s_file())) == NULL) { + ASN1error(ERR_R_BUF_LIB); + return (0); + } + BIO_set_fp(b, out, BIO_NOCLOSE); + ret = ASN1_item_i2d_bio(it, b, x); + BIO_free(b); + return (ret); +} -int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x) - { +int +ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x) +{ unsigned char *b = NULL; - int i,j=0,n,ret=1; + int i, j = 0, n, ret = 1; n = ASN1_item_i2d(x, &b, it); - if (b == NULL) - { - ASN1err(ASN1_F_ASN1_I2D_BIO,ERR_R_MALLOC_FAILURE); - return(0); - } + if (b == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); + return (0); + } - for (;;) - { - i=BIO_write(out,&(b[j]),n); - if (i == n) break; - if (i <= 0) - { - ret=0; + for (;;) { + i = BIO_write(out, &(b[j]), n); + if (i == n) + break; + if (i <= 0) { + ret = 0; break; - } - j+=i; - n-=i; } - OPENSSL_free(b); - return(ret); + j += i; + n -= i; } + free(b); + return (ret); +} diff --git a/src/lib/libcrypto/asn1/a_int.c b/src/lib/libcrypto/asn1/a_int.c index edb243c0217..1b2ebfb3a95 100644 --- a/src/lib/libcrypto/asn1/a_int.c +++ b/src/lib/libcrypto/asn1/a_int.c @@ -1,25 +1,25 @@ -/* crypto/asn1/a_int.c */ +/* $OpenBSD: a_int.c,v 1.33 2019/03/26 09:15:07 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,38 +49,74 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ +#include #include -#include "cryptlib.h" +#include + #include +#include +#include + +static int +ASN1_INTEGER_valid(const ASN1_INTEGER *a) +{ + return (a != NULL && a->length >= 0); +} + +ASN1_INTEGER * +ASN1_INTEGER_dup(const ASN1_INTEGER *x) +{ + if (!ASN1_INTEGER_valid(x)) + return NULL; + + return ASN1_STRING_dup(x); +} + +int +ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y) +{ + int neg, ret; + + /* Compare signs */ + neg = x->type & V_ASN1_NEG; + if (neg != (y->type & V_ASN1_NEG)) { + if (neg) + return -1; + else + return 1; + } + + ret = ASN1_STRING_cmp(x, y); -ASN1_INTEGER *ASN1_INTEGER_dup(ASN1_INTEGER *x) -{ return M_ASN1_INTEGER_dup(x);} + if (neg) + return -ret; + else + return ret; +} -int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y) -{ return M_ASN1_INTEGER_cmp(x,y);} -/* +/* * This converts an ASN1 INTEGER into its content encoding. * The internal representation is an ASN1_STRING whose data is a big endian * representation of the value, ignoring the sign. The sign is determined by - * the type: V_ASN1_INTEGER for positive and V_ASN1_NEG_INTEGER for negative. + * the type: V_ASN1_INTEGER for positive and V_ASN1_NEG_INTEGER for negative. * * Positive integers are no problem: they are almost the same as the DER * encoding, except if the first byte is >= 0x80 we need to add a zero pad. * * Negative integers are a bit trickier... * The DER representation of negative integers is in 2s complement form. - * The internal form is converted by complementing each octet and finally + * The internal form is converted by complementing each octet and finally * adding one to the result. This can be done less messily with a little trick. * If the internal form has trailing zeroes then they will become FF by the - * complement and 0 by the add one (due to carry) so just copy as many trailing + * complement and 0 by the add one (due to carry) so just copy as many trailing * zeros to the destination as there are in the source. The carry will add one * to the last none zero octet: so complement this octet and add one and finally * complement any left over until you get to the start of the string. @@ -91,53 +127,59 @@ int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y) * followed by optional zeros isn't padded. */ -int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp) - { - int pad=0,ret,i,neg; - unsigned char *p,*n,pb=0; +int +i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp) +{ + int pad = 0, ret, i, neg; + unsigned char *p, *n, pb = 0; + + if (!ASN1_INTEGER_valid(a)) + return 0; - if ((a == NULL) || (a->data == NULL)) return(0); - neg=a->type & V_ASN1_NEG; + neg = a->type & V_ASN1_NEG; if (a->length == 0) - ret=1; - else - { - ret=a->length; - i=a->data[0]; + ret = 1; + else { + ret = a->length; + i = a->data[0]; if (!neg && (i > 127)) { - pad=1; - pb=0; - } else if(neg) { - if(i>128) { - pad=1; - pb=0xFF; - } else if(i == 128) { - /* - * Special case: if any other bytes non zero we pad: - * otherwise we don't. - */ - for(i = 1; i < a->length; i++) if(a->data[i]) { - pad=1; - pb=0xFF; - break; + pad = 1; + pb = 0; + } else if (neg) { + if (i > 128) { + pad = 1; + pb = 0xFF; + } else if (i == 128) { + /* + * Special case: if any other bytes non zero we pad: + * otherwise we don't. + */ + for (i = 1; i < a->length; i++) if (a->data[i]) { + pad = 1; + pb = 0xFF; + break; } } } - ret+=pad; - } - if (pp == NULL) return(ret); + ret += pad; + } + if (pp == NULL) + return (ret); p= *pp; - if (pad) *(p++)=pb; - if (a->length == 0) *(p++)=0; - else if (!neg) memcpy(p,a->data,(unsigned int)a->length); + if (pad) + *(p++) = pb; + if (a->length == 0) + *(p++) = 0; + else if (!neg) + memcpy(p, a->data, a->length); else { /* Begin at the end of the encoding */ - n=a->data + a->length - 1; + n = a->data + a->length - 1; p += a->length - 1; i = a->length; /* Copy zeros to destination as long as source is zero */ - while(!*n) { + while (!*n) { *(p--) = 0; n--; i--; @@ -146,50 +188,61 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp) *(p--) = ((*(n--)) ^ 0xff) + 1; i--; /* Complement any octets left */ - for(;i > 0; i--) *(p--) = *(n--) ^ 0xff; + for (; i > 0; i--) + *(p--) = *(n--) ^ 0xff; } - *pp+=ret; - return(ret); - } + *pp += ret; + return (ret); +} /* Convert just ASN1 INTEGER content octets to ASN1_INTEGER structure */ -ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, unsigned char **pp, - long len) - { - ASN1_INTEGER *ret=NULL; - unsigned char *p,*to,*s, *pend; +ASN1_INTEGER * +c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp, long len) +{ + ASN1_INTEGER *ret = NULL; + const unsigned char *p, *pend; + unsigned char *to, *s; int i; - if ((a == NULL) || ((*a) == NULL)) - { - if ((ret=M_ASN1_INTEGER_new()) == NULL) return(NULL); - ret->type=V_ASN1_INTEGER; - } - else - ret=(*a); + if ((a == NULL) || ((*a) == NULL)) { + if ((ret = ASN1_INTEGER_new()) == NULL) + return (NULL); + } else + ret = (*a); - p= *pp; + if (!ASN1_INTEGER_valid(ret)) { + /* + * XXX using i for an alert is confusing, + * we should call this al + */ + i = ERR_R_ASN1_LENGTH_MISMATCH; + goto err; + } + + p = *pp; pend = p + len; - /* We must OPENSSL_malloc stuff, even for 0 bytes otherwise it + /* We must malloc stuff, even for 0 bytes otherwise it * signifies a missing NULL parameter. */ - s=(unsigned char *)OPENSSL_malloc((int)len+1); - if (s == NULL) - { - i=ERR_R_MALLOC_FAILURE; + if (len < 0 || len > INT_MAX) { + i = ERR_R_ASN1_LENGTH_MISMATCH; goto err; - } - to=s; - if(!len) { + } + s = malloc(len + 1); + if (s == NULL) { + i = ERR_R_MALLOC_FAILURE; + goto err; + } + to = s; + if (!len) { /* Strictly speaking this is an illegal INTEGER but we * tolerate it. */ - ret->type=V_ASN1_INTEGER; - } else if (*p & 0x80) /* a negative number */ - { - ret->type=V_ASN1_NEG_INTEGER; + ret->type = V_ASN1_INTEGER; + } else if (*p & 0x80) /* a negative number */ { + ret->type = V_ASN1_NEG_INTEGER; if ((*p == 0xff) && (len != 1)) { p++; len--; @@ -209,37 +262,39 @@ ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, unsigned char **pp, * a 1. This is treated separately because it is the only case * where the number of bytes is larger than len. */ - if(!i) { + if (!i) { *s = 1; s[len] = 0; len++; } else { *(to--) = (*(p--) ^ 0xff) + 1; i--; - for(;i > 0; i--) *(to--) = *(p--) ^ 0xff; + for (; i > 0; i--) + *(to--) = *(p--) ^ 0xff; } } else { - ret->type=V_ASN1_INTEGER; - if ((*p == 0) && (len != 1)) - { + ret->type = V_ASN1_INTEGER; + if ((*p == 0) && (len != 1)) { p++; len--; - } - memcpy(s,p,(int)len); + } + memcpy(s, p, len); } - if (ret->data != NULL) OPENSSL_free(ret->data); - ret->data=s; - ret->length=(int)len; - if (a != NULL) (*a)=ret; - *pp=pend; - return(ret); + free(ret->data); + ret->data = s; + ret->length = (int)len; + if (a != NULL) + (*a) = ret; + *pp = pend; + return (ret); + err: - ASN1err(ASN1_F_D2I_ASN1_INTEGER,i); - if ((ret != NULL) && ((a == NULL) || (*a != ret))) - M_ASN1_INTEGER_free(ret); - return(NULL); - } + ASN1error(i); + if (a == NULL || *a != ret) + ASN1_INTEGER_free(ret); + return (NULL); +} /* This is a version of d2i_ASN1_INTEGER that ignores the sign bit of @@ -247,188 +302,209 @@ ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, unsigned char **pp, * with its MSB set as negative (it doesn't add a padding zero). */ -ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, unsigned char **pp, - long length) - { - ASN1_INTEGER *ret=NULL; - unsigned char *p,*to,*s; +ASN1_INTEGER * +d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, long length) +{ + ASN1_INTEGER *ret = NULL; + const unsigned char *p; + unsigned char *s; long len; - int inf,tag,xclass; + int inf, tag, xclass; int i; - if ((a == NULL) || ((*a) == NULL)) - { - if ((ret=M_ASN1_INTEGER_new()) == NULL) return(NULL); - ret->type=V_ASN1_INTEGER; - } - else - ret=(*a); + if ((a == NULL) || ((*a) == NULL)) { + if ((ret = ASN1_INTEGER_new()) == NULL) + return (NULL); + } else + ret = (*a); - p= *pp; - inf=ASN1_get_object(&p,&len,&tag,&xclass,length); - if (inf & 0x80) - { - i=ASN1_R_BAD_OBJECT_HEADER; + if (!ASN1_INTEGER_valid(ret)) { + i = ERR_R_ASN1_LENGTH_MISMATCH; goto err; - } + } - if (tag != V_ASN1_INTEGER) - { - i=ASN1_R_EXPECTING_AN_INTEGER; + p = *pp; + inf = ASN1_get_object(&p, &len, &tag, &xclass, length); + if (inf & 0x80) { + i = ASN1_R_BAD_OBJECT_HEADER; goto err; - } + } + + if (tag != V_ASN1_INTEGER) { + i = ASN1_R_EXPECTING_AN_INTEGER; + goto err; + } - /* We must OPENSSL_malloc stuff, even for 0 bytes otherwise it + /* We must malloc stuff, even for 0 bytes otherwise it * signifies a missing NULL parameter. */ - s=(unsigned char *)OPENSSL_malloc((int)len+1); - if (s == NULL) - { - i=ERR_R_MALLOC_FAILURE; + if (len < 0 || len > INT_MAX) { + i = ERR_R_ASN1_LENGTH_MISMATCH; goto err; - } - to=s; - ret->type=V_ASN1_INTEGER; - if(len) { - if ((*p == 0) && (len != 1)) - { + } + s = malloc(len + 1); + if (s == NULL) { + i = ERR_R_MALLOC_FAILURE; + goto err; + } + ret->type = V_ASN1_INTEGER; + if (len) { + if ((*p == 0) && (len != 1)) { p++; len--; - } - memcpy(s,p,(int)len); - p+=len; + } + memcpy(s, p, len); + p += len; } - if (ret->data != NULL) OPENSSL_free(ret->data); - ret->data=s; - ret->length=(int)len; - if (a != NULL) (*a)=ret; - *pp=p; - return(ret); -err: - ASN1err(ASN1_F_D2I_ASN1_UINTEGER,i); - if ((ret != NULL) && ((a == NULL) || (*a != ret))) - M_ASN1_INTEGER_free(ret); - return(NULL); - } + free(ret->data); + ret->data = s; + ret->length = (int)len; + if (a != NULL) + (*a) = ret; + *pp = p; + return (ret); -int ASN1_INTEGER_set(ASN1_INTEGER *a, long v) - { - int i,j,k; - unsigned char buf[sizeof(long)+1]; +err: + ASN1error(i); + if (a == NULL || *a != ret) + ASN1_INTEGER_free(ret); + return (NULL); +} + +int +ASN1_INTEGER_set(ASN1_INTEGER *a, long v) +{ + int j, k; + unsigned int i; + unsigned char buf[sizeof(long) + 1]; long d; - a->type=V_ASN1_INTEGER; - if (a->length < (sizeof(long)+1)) - { - if (a->data != NULL) - OPENSSL_free(a->data); - if ((a->data=(unsigned char *)OPENSSL_malloc(sizeof(long)+1)) != NULL) - memset((char *)a->data,0,sizeof(long)+1); - } - if (a->data == NULL) - { - ASN1err(ASN1_F_ASN1_INTEGER_SET,ERR_R_MALLOC_FAILURE); - return(0); - } - d=v; - if (d < 0) - { - d= -d; - a->type=V_ASN1_NEG_INTEGER; - } - - for (i=0; i>=8; - } - j=0; - for (k=i-1; k >=0; k--) - a->data[j++]=buf[k]; - a->length=j; - return(1); + a->type = V_ASN1_INTEGER; + /* XXX ssl/ssl_asn1.c:i2d_SSL_SESSION() depends upon this bound vae */ + if (a->length < (int)(sizeof(long) + 1)) { + free(a->data); + a->data = calloc(1, sizeof(long) + 1); + } + if (a->data == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); + return (0); + } + d = v; + if (d < 0) { + d = -d; + a->type = V_ASN1_NEG_INTEGER; } -long ASN1_INTEGER_get(ASN1_INTEGER *a) - { - int neg=0,i; - long r=0; - - if (a == NULL) return(0L); - i=a->type; + for (i = 0; i < sizeof(long); i++) { + if (d == 0) + break; + buf[i] = (int)d & 0xff; + d >>= 8; + } + j = 0; + for (k = i - 1; k >= 0; k--) + a->data[j++] = buf[k]; + a->length = j; + return (1); +} + +/* + * XXX this particular API is a gibbering eidrich horror that makes it + * impossible to determine valid return cases from errors.. "a bit + * ugly" is preserved for posterity, unfortunately this is probably + * unfixable without changing public API + */ +long +ASN1_INTEGER_get(const ASN1_INTEGER *a) +{ + int neg = 0, i; + long r = 0; + + if (a == NULL) + return (0L); + i = a->type; if (i == V_ASN1_NEG_INTEGER) - neg=1; + neg = 1; else if (i != V_ASN1_INTEGER) return -1; - - if (a->length > sizeof(long)) - { - /* hmm... a bit ugly */ - return(0xffffffffL); - } + + if (!ASN1_INTEGER_valid(a)) + return -1; /* XXX best effort */ + + if (a->length > (int)sizeof(long)) { + /* hmm... a bit ugly, return all ones */ + return -1; + } if (a->data == NULL) return 0; - for (i=0; ilength; i++) - { - r<<=8; - r|=(unsigned char)a->data[i]; - } - if (neg) r= -r; - return(r); + for (i = 0; i < a->length; i++) { + r <<= 8; + r |= (unsigned char)a->data[i]; } - -ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai) - { + if (neg) + r = -r; + return (r); +} + +ASN1_INTEGER * +BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai) +{ ASN1_INTEGER *ret; - int len,j; + int len, j; if (ai == NULL) - ret=M_ASN1_INTEGER_new(); + ret = ASN1_INTEGER_new(); else - ret=ai; - if (ret == NULL) - { - ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_NESTED_ASN1_ERROR); + ret = ai; + if (ret == NULL) { + ASN1error(ERR_R_NESTED_ASN1_ERROR); goto err; - } - if(bn->neg) ret->type = V_ASN1_NEG_INTEGER; - else ret->type=V_ASN1_INTEGER; - j=BN_num_bits(bn); - len=((j == 0)?0:((j/8)+1)); - if (ret->length < len+4) - { - unsigned char *new_data=OPENSSL_realloc(ret->data, len+4); - if (!new_data) - { - ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE); + } + + if (!ASN1_INTEGER_valid(ret)) + goto err; + + if (BN_is_negative(bn)) + ret->type = V_ASN1_NEG_INTEGER; + else + ret->type = V_ASN1_INTEGER; + j = BN_num_bits(bn); + len = ((j == 0) ? 0 : ((j / 8) + 1)); + if (ret->length < len + 4) { + unsigned char *new_data = realloc(ret->data, len + 4); + if (!new_data) { + ASN1error(ERR_R_MALLOC_FAILURE); goto err; - } - ret->data=new_data; } - ret->length=BN_bn2bin(bn,ret->data); + ret->data = new_data; + } + ret->length = BN_bn2bin(bn, ret->data); + /* Correct zero case */ - if(!ret->length) - { + if (!ret->length) { ret->data[0] = 0; ret->length = 1; - } - return(ret); -err: - if (ret != ai) M_ASN1_INTEGER_free(ret); - return(NULL); } + return (ret); -BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai, BIGNUM *bn) - { +err: + if (ret != ai) + ASN1_INTEGER_free(ret); + return (NULL); +} + +BIGNUM * +ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn) +{ BIGNUM *ret; - if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL) - ASN1err(ASN1_F_ASN1_INTEGER_TO_BN,ASN1_R_BN_LIB); - else if(ai->type == V_ASN1_NEG_INTEGER) ret->neg = 1; - return(ret); - } + if (!ASN1_INTEGER_valid(ai)) + return (NULL); -IMPLEMENT_STACK_OF(ASN1_INTEGER) -IMPLEMENT_ASN1_SET_OF(ASN1_INTEGER) + if ((ret = BN_bin2bn(ai->data, ai->length, bn)) == NULL) + ASN1error(ASN1_R_BN_LIB); + else if (ai->type == V_ASN1_NEG_INTEGER) + BN_set_negative(ret, 1); + return (ret); +} diff --git a/src/lib/libcrypto/asn1/a_mbstr.c b/src/lib/libcrypto/asn1/a_mbstr.c index 5d981c65538..b7cfba379a2 100644 --- a/src/lib/libcrypto/asn1/a_mbstr.c +++ b/src/lib/libcrypto/asn1/a_mbstr.c @@ -1,5 +1,5 @@ -/* a_mbstr.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: a_mbstr.c,v 1.23 2017/01/29 17:49:22 beck Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -56,13 +56,17 @@ * */ -#include #include -#include "cryptlib.h" +#include +#include + #include +#include + +#include "asn1_locl.h" static int traverse_string(const unsigned char *p, int len, int inform, - int (*rfunc)(unsigned long value, void *in), void *arg); + int (*rfunc)(unsigned long value, void *in), void *arg); static int in_utf8(unsigned long value, void *arg); static int out_utf8(unsigned long value, void *arg); static int type_str(unsigned long value, void *arg); @@ -80,201 +84,224 @@ static int is_printable(unsigned long value); * The 'ncopy' form checks minimum and maximum size limits too. */ -int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len, - int inform, unsigned long mask) +int +ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len, + int inform, unsigned long mask) { return ASN1_mbstring_ncopy(out, in, len, inform, mask, 0, 0); } -int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, - int inform, unsigned long mask, - long minsize, long maxsize) +int +ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, + int inform, unsigned long mask, long minsize, long maxsize) { int str_type; int ret; char free_out; - int outform, outlen; + int outform, outlen = 0; ASN1_STRING *dest; unsigned char *p; int nchar; - char strbuf[32]; - int (*cpyfunc)(unsigned long,void *) = NULL; - if(len == -1) len = strlen((const char *)in); - if(!mask) mask = DIRSTRING_TYPE; + int (*cpyfunc)(unsigned long, void *) = NULL; - /* First do a string check and work out the number of characters */ - switch(inform) { + if (len < 0) + len = strlen((const char *)in); + if (!mask) + mask = DIRSTRING_TYPE; - case MBSTRING_BMP: - if(len & 1) { - ASN1err(ASN1_F_ASN1_MBSTRING_COPY, - ASN1_R_INVALID_BMPSTRING_LENGTH); + /* First do a string check and work out the number of characters */ + switch (inform) { + case MBSTRING_BMP: + if (len & 1) { + ASN1error(ASN1_R_INVALID_BMPSTRING_LENGTH); return -1; } nchar = len >> 1; break; - case MBSTRING_UNIV: - if(len & 3) { - ASN1err(ASN1_F_ASN1_MBSTRING_COPY, - ASN1_R_INVALID_UNIVERSALSTRING_LENGTH); + case MBSTRING_UNIV: + if (len & 3) { + ASN1error(ASN1_R_INVALID_UNIVERSALSTRING_LENGTH); return -1; } nchar = len >> 2; break; - case MBSTRING_UTF8: + case MBSTRING_UTF8: nchar = 0; /* This counts the characters and does utf8 syntax checking */ ret = traverse_string(in, len, MBSTRING_UTF8, in_utf8, &nchar); - if(ret < 0) { - ASN1err(ASN1_F_ASN1_MBSTRING_COPY, - ASN1_R_INVALID_UTF8STRING); + if (ret < 0) { + ASN1error(ASN1_R_INVALID_UTF8STRING); return -1; } break; - case MBSTRING_ASC: + case MBSTRING_ASC: nchar = len; break; - default: - ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_UNKNOWN_FORMAT); + default: + ASN1error(ASN1_R_UNKNOWN_FORMAT); return -1; } - if((minsize > 0) && (nchar < minsize)) { - ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_STRING_TOO_SHORT); - sprintf(strbuf, "%ld", minsize); - ERR_add_error_data(2, "minsize=", strbuf); + if ((minsize > 0) && (nchar < minsize)) { + ASN1error(ASN1_R_STRING_TOO_SHORT); + ERR_asprintf_error_data("minsize=%ld", minsize); return -1; } - if((maxsize > 0) && (nchar > maxsize)) { - ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_STRING_TOO_LONG); - sprintf(strbuf, "%ld", maxsize); - ERR_add_error_data(2, "maxsize=", strbuf); + if ((maxsize > 0) && (nchar > maxsize)) { + ASN1error(ASN1_R_STRING_TOO_LONG); + ERR_asprintf_error_data("maxsize=%ld", maxsize); return -1; } /* Now work out minimal type (if any) */ - if(traverse_string(in, len, inform, type_str, &mask) < 0) { - ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_ILLEGAL_CHARACTERS); + if (traverse_string(in, len, inform, type_str, &mask) < 0) { + ASN1error(ASN1_R_ILLEGAL_CHARACTERS); return -1; } /* Now work out output format and string type */ outform = MBSTRING_ASC; - if(mask & B_ASN1_PRINTABLESTRING) str_type = V_ASN1_PRINTABLESTRING; - else if(mask & B_ASN1_IA5STRING) str_type = V_ASN1_IA5STRING; - else if(mask & B_ASN1_T61STRING) str_type = V_ASN1_T61STRING; - else if(mask & B_ASN1_BMPSTRING) { + if (mask & B_ASN1_PRINTABLESTRING) + str_type = V_ASN1_PRINTABLESTRING; + else if (mask & B_ASN1_IA5STRING) + str_type = V_ASN1_IA5STRING; + else if (mask & B_ASN1_T61STRING) + str_type = V_ASN1_T61STRING; + else if (mask & B_ASN1_BMPSTRING) { str_type = V_ASN1_BMPSTRING; outform = MBSTRING_BMP; - } else if(mask & B_ASN1_UNIVERSALSTRING) { + } else if (mask & B_ASN1_UNIVERSALSTRING) { str_type = V_ASN1_UNIVERSALSTRING; outform = MBSTRING_UNIV; } else { str_type = V_ASN1_UTF8STRING; outform = MBSTRING_UTF8; } - if(!out) return str_type; - if(*out) { + if (!out) + return str_type; + if (*out) { free_out = 0; dest = *out; - if(dest->data) { + if (dest->data) { dest->length = 0; - OPENSSL_free(dest->data); + free(dest->data); dest->data = NULL; } dest->type = str_type; } else { free_out = 1; dest = ASN1_STRING_type_new(str_type); - if(!dest) { - ASN1err(ASN1_F_ASN1_MBSTRING_COPY, - ERR_R_MALLOC_FAILURE); + if (!dest) { + ASN1error(ERR_R_MALLOC_FAILURE); return -1; } *out = dest; } /* If both the same type just copy across */ - if(inform == outform) { - if(!ASN1_STRING_set(dest, in, len)) { - ASN1err(ASN1_F_ASN1_MBSTRING_COPY,ERR_R_MALLOC_FAILURE); - return -1; + if (inform == outform) { + if (!ASN1_STRING_set(dest, in, len)) { + ASN1error(ERR_R_MALLOC_FAILURE); + goto err; } return str_type; - } + } /* Work out how much space the destination will need */ - switch(outform) { - case MBSTRING_ASC: + switch (outform) { + case MBSTRING_ASC: outlen = nchar; cpyfunc = cpy_asc; break; - case MBSTRING_BMP: + case MBSTRING_BMP: outlen = nchar << 1; cpyfunc = cpy_bmp; break; - case MBSTRING_UNIV: + case MBSTRING_UNIV: outlen = nchar << 2; cpyfunc = cpy_univ; break; - case MBSTRING_UTF8: + case MBSTRING_UTF8: outlen = 0; - traverse_string(in, len, inform, out_utf8, &outlen); + if (traverse_string(in, len, inform, out_utf8, &outlen) < 0) { + ASN1error(ASN1_R_ILLEGAL_CHARACTERS); + goto err; + } cpyfunc = cpy_utf8; break; } - if(!(p = OPENSSL_malloc(outlen + 1))) { - if(free_out) ASN1_STRING_free(dest); - ASN1err(ASN1_F_ASN1_MBSTRING_COPY,ERR_R_MALLOC_FAILURE); - return -1; + if (!(p = malloc(outlen + 1))) { + ASN1error(ERR_R_MALLOC_FAILURE); + goto err; } dest->length = outlen; dest->data = p; p[outlen] = 0; traverse_string(in, len, inform, cpyfunc, &p); - return str_type; + return str_type; + +err: + if (free_out) { + ASN1_STRING_free(dest); + *out = NULL; + } + return -1; } /* This function traverses a string and passes the value of each character * to an optional function along with a void * argument. */ -static int traverse_string(const unsigned char *p, int len, int inform, - int (*rfunc)(unsigned long value, void *in), void *arg) +static int +traverse_string(const unsigned char *p, int len, int inform, + int (*rfunc)(unsigned long value, void *in), void *arg) { unsigned long value; int ret; - while(len) { - if(inform == MBSTRING_ASC) { + + while (len) { + switch (inform) { + case MBSTRING_ASC: value = *p++; len--; - } else if(inform == MBSTRING_BMP) { + break; + case MBSTRING_BMP: value = *p++ << 8; value |= *p++; + /* BMP is explictly defined to not support surrogates */ + if (UNICODE_IS_SURROGATE(value)) + return -1; len -= 2; - } else if(inform == MBSTRING_UNIV) { - value = ((unsigned long)*p++) << 24; - value |= ((unsigned long)*p++) << 16; + break; + case MBSTRING_UNIV: + value = (unsigned long)*p++ << 24; + value |= *p++ << 16; value |= *p++ << 8; value |= *p++; + if (value > UNICODE_MAX || UNICODE_IS_SURROGATE(value)) + return -1; len -= 4; - } else { + break; + default: ret = UTF8_getc(p, len, &value); - if(ret < 0) return -1; + if (ret < 0) + return -1; len -= ret; p += ret; + break; } - if(rfunc) { + if (rfunc) { ret = rfunc(value, arg); - if(ret <= 0) return ret; + if (ret <= 0) + return ret; } } return 1; @@ -284,9 +311,11 @@ static int traverse_string(const unsigned char *p, int len, int inform, /* Just count number of characters */ -static int in_utf8(unsigned long value, void *arg) +static int +in_utf8(unsigned long value, void *arg) { int *nchar; + nchar = arg; (*nchar)++; return 1; @@ -294,11 +323,17 @@ static int in_utf8(unsigned long value, void *arg) /* Determine size of output as a UTF8 String */ -static int out_utf8(unsigned long value, void *arg) +static int +out_utf8(unsigned long value, void *arg) { - long *outlen; + int *outlen; + int ret; + outlen = arg; - *outlen += UTF8_putc(NULL, -1, value); + ret = UTF8_putc(NULL, -1, value); + if (ret < 0) + return ret; + *outlen += ret; return 1; } @@ -306,68 +341,79 @@ static int out_utf8(unsigned long value, void *arg) * supplied "mask". */ -static int type_str(unsigned long value, void *arg) +static int +type_str(unsigned long value, void *arg) { unsigned long types; + types = *((unsigned long *)arg); - if((types & B_ASN1_PRINTABLESTRING) && !is_printable(value)) - types &= ~B_ASN1_PRINTABLESTRING; - if((types & B_ASN1_IA5STRING) && (value > 127)) - types &= ~B_ASN1_IA5STRING; - if((types & B_ASN1_T61STRING) && (value > 0xff)) - types &= ~B_ASN1_T61STRING; - if((types & B_ASN1_BMPSTRING) && (value > 0xffff)) - types &= ~B_ASN1_BMPSTRING; - if(!types) return -1; + if ((types & B_ASN1_PRINTABLESTRING) && !is_printable(value)) + types &= ~B_ASN1_PRINTABLESTRING; + if ((types & B_ASN1_IA5STRING) && (value > 127)) + types &= ~B_ASN1_IA5STRING; + if ((types & B_ASN1_T61STRING) && (value > 0xff)) + types &= ~B_ASN1_T61STRING; + if ((types & B_ASN1_BMPSTRING) && (value > 0xffff)) + types &= ~B_ASN1_BMPSTRING; + if (!types) + return -1; *((unsigned long *)arg) = types; return 1; } /* Copy one byte per character ASCII like strings */ -static int cpy_asc(unsigned long value, void *arg) +static int +cpy_asc(unsigned long value, void *arg) { unsigned char **p, *q; + p = arg; q = *p; - *q = (unsigned char) value; + *q = value; (*p)++; return 1; } /* Copy two byte per character BMPStrings */ -static int cpy_bmp(unsigned long value, void *arg) +static int +cpy_bmp(unsigned long value, void *arg) { unsigned char **p, *q; + p = arg; q = *p; - *q++ = (unsigned char) ((value >> 8) & 0xff); - *q = (unsigned char) (value & 0xff); + *q++ = (value >> 8) & 0xff; + *q = value & 0xff; *p += 2; return 1; } /* Copy four byte per character UniversalStrings */ -static int cpy_univ(unsigned long value, void *arg) +static int +cpy_univ(unsigned long value, void *arg) { unsigned char **p, *q; + p = arg; q = *p; - *q++ = (unsigned char) ((value >> 24) & 0xff); - *q++ = (unsigned char) ((value >> 16) & 0xff); - *q++ = (unsigned char) ((value >> 8) & 0xff); - *q = (unsigned char) (value & 0xff); + *q++ = (value >> 24) & 0xff; + *q++ = (value >> 16) & 0xff; + *q++ = (value >> 8) & 0xff; + *q = value & 0xff; *p += 4; return 1; } /* Copy to a UTF8String */ -static int cpy_utf8(unsigned long value, void *arg) +static int +cpy_utf8(unsigned long value, void *arg) { unsigned char **p; + int ret; p = arg; /* We already know there is enough room so pass 0xff as the length */ @@ -377,24 +423,25 @@ static int cpy_utf8(unsigned long value, void *arg) } /* Return 1 if the character is permitted in a PrintableString */ -static int is_printable(unsigned long value) +static int +is_printable(unsigned long value) { int ch; - if(value > 0x7f) return 0; - ch = (int) value; - /* Note: we can't use 'isalnum' because certain accented + + if (value > 0x7f) + return 0; + ch = (int)value; + + /* Note: we can't use 'isalnum' because certain accented * characters may count as alphanumeric in some environments. */ -#ifndef CHARSET_EBCDIC - if((ch >= 'a') && (ch <= 'z')) return 1; - if((ch >= 'A') && (ch <= 'Z')) return 1; - if((ch >= '0') && (ch <= '9')) return 1; - if ((ch == ' ') || strchr("'()+,-./:=?", ch)) return 1; -#else /*CHARSET_EBCDIC*/ - if((ch >= os_toascii['a']) && (ch <= os_toascii['z'])) return 1; - if((ch >= os_toascii['A']) && (ch <= os_toascii['Z'])) return 1; - if((ch >= os_toascii['0']) && (ch <= os_toascii['9'])) return 1; - if ((ch == os_toascii[' ']) || strchr("'()+,-./:=?", os_toebcdic[ch])) return 1; -#endif /*CHARSET_EBCDIC*/ + if ((ch >= 'a') && (ch <= 'z')) + return 1; + if ((ch >= 'A') && (ch <= 'Z')) + return 1; + if ((ch >= '0') && (ch <= '9')) + return 1; + if ((ch == ' ') || strchr("'()+,-./:=?", ch)) + return 1; return 0; } diff --git a/src/lib/libcrypto/asn1/a_meth.c b/src/lib/libcrypto/asn1/a_meth.c deleted file mode 100644 index 63158e9cab2..00000000000 --- a/src/lib/libcrypto/asn1/a_meth.c +++ /dev/null @@ -1,84 +0,0 @@ -/* crypto/asn1/a_meth.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include "cryptlib.h" -#include -#include - -static ASN1_METHOD ia5string_meth={ - (int (*)()) i2d_ASN1_IA5STRING, - (char *(*)()) d2i_ASN1_IA5STRING, - (char *(*)()) ASN1_STRING_new, - (void (*)()) ASN1_STRING_free}; - -static ASN1_METHOD bit_string_meth={ - (int (*)()) i2d_ASN1_BIT_STRING, - (char *(*)()) d2i_ASN1_BIT_STRING, - (char *(*)()) ASN1_STRING_new, - (void (*)()) ASN1_STRING_free}; - -ASN1_METHOD *ASN1_IA5STRING_asn1_meth(void) - { - return(&ia5string_meth); - } - -ASN1_METHOD *ASN1_BIT_STRING_asn1_meth(void) - { - return(&bit_string_meth); - } diff --git a/src/lib/libcrypto/asn1/a_object.c b/src/lib/libcrypto/asn1/a_object.c index 71ce7c3896c..16c3a1c0fdb 100644 --- a/src/lib/libcrypto/asn1/a_object.c +++ b/src/lib/libcrypto/asn1/a_object.c @@ -1,25 +1,25 @@ -/* crypto/asn1/a_object.c */ +/* $OpenBSD: a_object.c,v 1.31 2018/04/25 11:48:21 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,272 +49,353 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ +#include #include -#include "cryptlib.h" -#include +#include + #include +#include +#include +#include #include -int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp) - { +int +i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp) +{ unsigned char *p; int objsize; - if ((a == NULL) || (a->data == NULL)) return(0); + if ((a == NULL) || (a->data == NULL)) + return (0); - objsize = ASN1_object_size(0,a->length,V_ASN1_OBJECT); - if (pp == NULL) return objsize; + objsize = ASN1_object_size(0, a->length, V_ASN1_OBJECT); + if (pp == NULL) + return objsize; - p= *pp; - ASN1_put_object(&p,0,a->length,V_ASN1_OBJECT,V_ASN1_UNIVERSAL); - memcpy(p,a->data,a->length); - p+=a->length; + p = *pp; + ASN1_put_object(&p, 0, a->length, V_ASN1_OBJECT, V_ASN1_UNIVERSAL); + memcpy(p, a->data, a->length); + p += a->length; - *pp=p; - return(objsize); - } + *pp = p; + return (objsize); +} -int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) - { - int i,first,len=0,c; - char tmp[24]; +int +a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) +{ + int i, first, len = 0, c, use_bn; + char ftmp[24], *tmp = ftmp; + int tmpsize = sizeof ftmp; const char *p; unsigned long l; + BIGNUM *bl = NULL; if (num == 0) - return(0); + return (0); else if (num == -1) - num=strlen(buf); + num = strlen(buf); - p=buf; - c= *(p++); + p = buf; + c = *(p++); num--; - if ((c >= '0') && (c <= '2')) - { - first=(c-'0')*40; - } - else - { - ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_FIRST_NUM_TOO_LARGE); + if ((c >= '0') && (c <= '2')) { + first= c-'0'; + } else { + ASN1error(ASN1_R_FIRST_NUM_TOO_LARGE); goto err; - } + } - if (num <= 0) - { - ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_MISSING_SECOND_NUMBER); + if (num <= 0) { + ASN1error(ASN1_R_MISSING_SECOND_NUMBER); goto err; - } - c= *(p++); + } + c = *(p++); num--; - for (;;) - { - if (num <= 0) break; - if ((c != '.') && (c != ' ')) - { - ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_SEPARATOR); + for (;;) { + if (num <= 0) + break; + if ((c != '.') && (c != ' ')) { + ASN1error(ASN1_R_INVALID_SEPARATOR); goto err; - } - l=0; - for (;;) - { - if (num <= 0) break; + } + l = 0; + use_bn = 0; + for (;;) { + if (num <= 0) + break; num--; - c= *(p++); + c = *(p++); if ((c == ' ') || (c == '.')) break; - if ((c < '0') || (c > '9')) - { - ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_DIGIT); + if ((c < '0') || (c > '9')) { + ASN1error(ASN1_R_INVALID_DIGIT); goto err; - } - l=l*10L+(long)(c-'0'); } - if (len == 0) - { - if ((first < 2) && (l >= 40)) - { - ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_SECOND_NUMBER_TOO_LARGE); + if (!use_bn && l >= ((ULONG_MAX - 80) / 10L)) { + use_bn = 1; + if (!bl) + bl = BN_new(); + if (!bl || !BN_set_word(bl, l)) + goto err; + } + if (use_bn) { + if (!BN_mul_word(bl, 10L) || + !BN_add_word(bl, c-'0')) + goto err; + } else + l = l * 10L + (long)(c - '0'); + } + if (len == 0) { + if ((first < 2) && (l >= 40)) { + ASN1error(ASN1_R_SECOND_NUMBER_TOO_LARGE); goto err; - } - l+=(long)first; } - i=0; - for (;;) - { - tmp[i++]=(unsigned char)l&0x7f; - l>>=7L; - if (l == 0L) break; + if (use_bn) { + if (!BN_add_word(bl, first * 40)) + goto err; + } else + l += (long)first * 40; + } + i = 0; + if (use_bn) { + int blsize; + blsize = BN_num_bits(bl); + blsize = (blsize + 6) / 7; + if (blsize > tmpsize) { + if (tmp != ftmp) + free(tmp); + tmpsize = blsize + 32; + tmp = malloc(tmpsize); + if (!tmp) + goto err; } - if (out != NULL) - { - if (len+i > olen) - { - ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_BUFFER_TOO_SMALL); - goto err; - } - while (--i > 0) - out[len++]=tmp[i]|0x80; - out[len++]=tmp[0]; + while (blsize--) + tmp[i++] = (unsigned char)BN_div_word(bl, 0x80L); + } else { + + for (;;) { + tmp[i++] = (unsigned char)l & 0x7f; + l >>= 7L; + if (l == 0L) + break; } - else - len+=i; + } - return(len); -err: - return(0); + if (out != NULL) { + if (len + i > olen) { + ASN1error(ASN1_R_BUFFER_TOO_SMALL); + goto err; + } + while (--i > 0) + out[len++] = tmp[i]|0x80; + out[len++] = tmp[0]; + } else + len += i; } + if (tmp != ftmp) + free(tmp); + BN_free(bl); + return (len); -int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a) +err: + if (tmp != ftmp) + free(tmp); + BN_free(bl); + return (0); +} + +int +i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *a) { return OBJ_obj2txt(buf, buf_len, a, 0); } -int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a) - { - char buf[80]; - int i; +int +i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a) +{ + char *tmp = NULL; + size_t tlen = 256; + int i = -1; if ((a == NULL) || (a->data == NULL)) - return(BIO_write(bp,"NULL",4)); - i=i2t_ASN1_OBJECT(buf,80,a); - if (i > 80) i=80; - BIO_write(bp,buf,i); - return(i); + return(BIO_write(bp, "NULL", 4)); + if ((tmp = malloc(tlen)) == NULL) + return -1; + i = i2t_ASN1_OBJECT(tmp, tlen, a); + if (i > (int)(tlen - 1)) { + freezero(tmp, tlen); + if ((tmp = malloc(i + 1)) == NULL) + return -1; + tlen = i + 1; + i = i2t_ASN1_OBJECT(tmp, tlen, a); } + if (i <= 0) + i = BIO_write(bp, "", 9); + else + i = BIO_write(bp, tmp, i); + freezero(tmp, tlen); + return (i); +} -ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp, - long length) +ASN1_OBJECT * +d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, long length) { - unsigned char *p; + const unsigned char *p; long len; - int tag,xclass; - int inf,i; + int tag, xclass; + int inf, i; ASN1_OBJECT *ret = NULL; - p= *pp; - inf=ASN1_get_object(&p,&len,&tag,&xclass,length); - if (inf & 0x80) - { - i=ASN1_R_BAD_OBJECT_HEADER; + + p = *pp; + inf = ASN1_get_object(&p, &len, &tag, &xclass, length); + if (inf & 0x80) { + i = ASN1_R_BAD_OBJECT_HEADER; goto err; - } + } - if (tag != V_ASN1_OBJECT) - { - i=ASN1_R_EXPECTING_AN_OBJECT; + if (tag != V_ASN1_OBJECT) { + i = ASN1_R_EXPECTING_AN_OBJECT; goto err; - } + } ret = c2i_ASN1_OBJECT(a, &p, len); - if(ret) *pp = p; + if (ret) + *pp = p; return ret; + err: - ASN1err(ASN1_F_D2I_ASN1_OBJECT,i); - if ((ret != NULL) && ((a == NULL) || (*a != ret))) - ASN1_OBJECT_free(ret); - return(NULL); + ASN1error(i); + return (NULL); } -ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp, - long len) - { - ASN1_OBJECT *ret=NULL; - unsigned char *p; - int i; + +ASN1_OBJECT * +c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, long len) +{ + ASN1_OBJECT *ret; + const unsigned char *p; + unsigned char *data; + int i, length; + + /* + * Sanity check OID encoding: + * - need at least one content octet + * - MSB must be clear in the last octet + * - can't have leading 0x80 in subidentifiers, see: X.690 8.19.2 + */ + if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL || + p[len - 1] & 0x80) { + ASN1error(ASN1_R_INVALID_OBJECT_ENCODING); + return (NULL); + } + + /* Now 0 < len <= INT_MAX, so the cast is safe. */ + length = (int)len; + for (i = 0; i < length; i++, p++) { + if (*p == 0x80 && (!i || !(p[-1] & 0x80))) { + ASN1error(ASN1_R_INVALID_OBJECT_ENCODING); + return (NULL); + } + } /* only the ASN1_OBJECTs from the 'table' will have values * for ->sn or ->ln */ if ((a == NULL) || ((*a) == NULL) || - !((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC)) - { - if ((ret=ASN1_OBJECT_new()) == NULL) return(NULL); - } - else ret=(*a); - - p= *pp; - if ((ret->data == NULL) || (ret->length < len)) - { - if (ret->data != NULL) OPENSSL_free(ret->data); - ret->data=(unsigned char *)OPENSSL_malloc(len ? (int)len : 1); - ret->flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA; - if (ret->data == NULL) - { i=ERR_R_MALLOC_FAILURE; goto err; } - } - memcpy(ret->data,p,(int)len); - ret->length=(int)len; - ret->sn=NULL; - ret->ln=NULL; - /* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */ - p+=len; - - if (a != NULL) (*a)=ret; - *pp=p; - return(ret); + !((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC)) { + if ((ret = ASN1_OBJECT_new()) == NULL) + return (NULL); + } else + ret = *a; + + p = *pp; + + /* detach data from object */ + data = (unsigned char *)ret->data; + freezero(data, ret->length); + + data = malloc(length); + if (data == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); + goto err; + } + + memcpy(data, p, length); + + /* reattach data to object, after which it remains const */ + ret->data = data; + ret->length = length; + ret->sn = NULL; + ret->ln = NULL; + ret->flags |= ASN1_OBJECT_FLAG_DYNAMIC_DATA; + p += length; + + if (a != NULL) + *a = ret; + *pp = p; + return (ret); + err: - ASN1err(ASN1_F_D2I_ASN1_OBJECT,i); - if ((ret != NULL) && ((a == NULL) || (*a != ret))) + if (a == NULL || ret != *a) ASN1_OBJECT_free(ret); - return(NULL); - } + return (NULL); +} -ASN1_OBJECT *ASN1_OBJECT_new(void) - { +ASN1_OBJECT * +ASN1_OBJECT_new(void) +{ ASN1_OBJECT *ret; - ret=(ASN1_OBJECT *)OPENSSL_malloc(sizeof(ASN1_OBJECT)); - if (ret == NULL) - { - ASN1err(ASN1_F_ASN1_OBJECT_NEW,ERR_R_MALLOC_FAILURE); - return(NULL); - } - ret->length=0; - ret->data=NULL; - ret->nid=0; - ret->sn=NULL; - ret->ln=NULL; - ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; - return(ret); + ret = malloc(sizeof(ASN1_OBJECT)); + if (ret == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); + return (NULL); } + ret->length = 0; + ret->data = NULL; + ret->nid = 0; + ret->sn = NULL; + ret->ln = NULL; + ret->flags = ASN1_OBJECT_FLAG_DYNAMIC; + return (ret); +} -void ASN1_OBJECT_free(ASN1_OBJECT *a) - { - if (a == NULL) return; - if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS) - { -#ifndef CONST_STRICT /* disable purely for compile-time strict const checking. Doing this on a "real" compile will cause memory leaks */ - if (a->sn != NULL) OPENSSL_free((void *)a->sn); - if (a->ln != NULL) OPENSSL_free((void *)a->ln); -#endif - a->sn=a->ln=NULL; - } - if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA) - { - if (a->data != NULL) OPENSSL_free(a->data); - a->data=NULL; - a->length=0; - } - if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC) - OPENSSL_free(a); +void +ASN1_OBJECT_free(ASN1_OBJECT *a) +{ + if (a == NULL) + return; + if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS) { + free((void *)a->sn); + free((void *)a->ln); + a->sn = a->ln = NULL; } + if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA) { + freezero((void *)a->data, a->length); + a->data = NULL; + a->length = 0; + } + if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC) + free(a); +} -ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len, - const char *sn, const char *ln) - { +ASN1_OBJECT * +ASN1_OBJECT_create(int nid, unsigned char *data, int len, + const char *sn, const char *ln) +{ ASN1_OBJECT o; - o.sn=sn; - o.ln=ln; - o.data=data; - o.nid=nid; - o.length=len; - o.flags=ASN1_OBJECT_FLAG_DYNAMIC|ASN1_OBJECT_FLAG_DYNAMIC_STRINGS| - ASN1_OBJECT_FLAG_DYNAMIC_DATA; - return(OBJ_dup(&o)); - } - -IMPLEMENT_STACK_OF(ASN1_OBJECT) -IMPLEMENT_ASN1_SET_OF(ASN1_OBJECT) + o.sn = sn; + o.ln = ln; + o.data = data; + o.nid = nid; + o.length = len; + o.flags = ASN1_OBJECT_FLAG_DYNAMIC | ASN1_OBJECT_FLAG_DYNAMIC_STRINGS | + ASN1_OBJECT_FLAG_DYNAMIC_DATA; + return (OBJ_dup(&o)); +} diff --git a/src/lib/libcrypto/asn1/a_octet.c b/src/lib/libcrypto/asn1/a_octet.c index 9690bae0f12..d998675d3f2 100644 --- a/src/lib/libcrypto/asn1/a_octet.c +++ b/src/lib/libcrypto/asn1/a_octet.c @@ -1,25 +1,25 @@ -/* crypto/asn1/a_octet.c */ +/* $OpenBSD: a_octet.c,v 1.10 2015/07/29 14:58:34 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,15 +57,23 @@ */ #include -#include "cryptlib.h" -#include -ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *x) -{ return M_ASN1_OCTET_STRING_dup(x); } +#include -int ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b) -{ return M_ASN1_OCTET_STRING_cmp(a, b); } +ASN1_OCTET_STRING * +ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *x) +{ + return ASN1_STRING_dup(x); +} -int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, unsigned char *d, int len) -{ return M_ASN1_OCTET_STRING_set(x, d, len); } +int +ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a, const ASN1_OCTET_STRING *b) +{ + return ASN1_STRING_cmp(a, b); +} +int +ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, const unsigned char *d, int len) +{ + return ASN1_STRING_set(x, d, len); +} diff --git a/src/lib/libcrypto/asn1/a_print.c b/src/lib/libcrypto/asn1/a_print.c index 8035513f047..ddcee54c7d8 100644 --- a/src/lib/libcrypto/asn1/a_print.c +++ b/src/lib/libcrypto/asn1/a_print.c @@ -1,25 +1,25 @@ -/* crypto/asn1/a_print.c */ +/* $OpenBSD: a_print.c,v 1.11 2014/07/11 08:44:47 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,71 +57,69 @@ */ #include -#include "cryptlib.h" + #include -int ASN1_PRINTABLE_type(unsigned char *s, int len) - { +int +ASN1_PRINTABLE_type(const unsigned char *s, int len) +{ int c; - int ia5=0; - int t61=0; + int ia5 = 0; + int t61 = 0; - if (len <= 0) len= -1; - if (s == NULL) return(V_ASN1_PRINTABLESTRING); + if (len <= 0) + len = -1; + if (s == NULL) + return (V_ASN1_PRINTABLESTRING); - while ((*s) && (len-- != 0)) - { + while ((*s) && (len-- != 0)) { c= *(s++); -#ifndef CHARSET_EBCDIC - if (!( ((c >= 'a') && (c <= 'z')) || - ((c >= 'A') && (c <= 'Z')) || - (c == ' ') || - ((c >= '0') && (c <= '9')) || - (c == ' ') || (c == '\'') || - (c == '(') || (c == ')') || - (c == '+') || (c == ',') || - (c == '-') || (c == '.') || - (c == '/') || (c == ':') || - (c == '=') || (c == '?'))) - ia5=1; - if (c&0x80) - t61=1; -#else - if (!isalnum(c) && (c != ' ') && - strchr("'()+,-./:=?", c) == NULL) - ia5=1; - if (os_toascii[c] & 0x80) - t61=1; -#endif - } - if (t61) return(V_ASN1_T61STRING); - if (ia5) return(V_ASN1_IA5STRING); - return(V_ASN1_PRINTABLESTRING); + if (!(((c >= 'a') && (c <= 'z')) || + ((c >= 'A') && (c <= 'Z')) || + (c == ' ') || + ((c >= '0') && (c <= '9')) || + (c == ' ') || (c == '\'') || + (c == '(') || (c == ')') || + (c == '+') || (c == ',') || + (c == '-') || (c == '.') || + (c == '/') || (c == ':') || + (c == '=') || (c == '?'))) + ia5 = 1; + if (c & 0x80) + t61 = 1; } + if (t61) + return (V_ASN1_T61STRING); + if (ia5) + return (V_ASN1_IA5STRING); + return (V_ASN1_PRINTABLESTRING); +} -int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s) - { +int +ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s) +{ int i; unsigned char *p; - if (s->type != V_ASN1_UNIVERSALSTRING) return(0); - if ((s->length%4) != 0) return(0); - p=s->data; - for (i=0; ilength; i+=4) - { + if (s->type != V_ASN1_UNIVERSALSTRING) + return (0); + if ((s->length % 4) != 0) + return (0); + p = s->data; + for (i = 0; i < s->length; i += 4) { if ((p[0] != '\0') || (p[1] != '\0') || (p[2] != '\0')) break; else - p+=4; - } - if (i < s->length) return(0); - p=s->data; - for (i=3; ilength; i+=4) - { - *(p++)=s->data[i]; - } - *(p)='\0'; - s->length/=4; - s->type=ASN1_PRINTABLE_type(s->data,s->length); - return(1); + p += 4; + } + if (i < s->length) + return (0); + p = s->data; + for (i = 3; i < s->length; i += 4) { + *(p++) = s->data[i]; } + *(p) = '\0'; + s->length /= 4; + s->type = ASN1_PRINTABLE_type(s->data, s->length); + return (1); +} diff --git a/src/lib/libcrypto/asn1/a_set.c b/src/lib/libcrypto/asn1/a_set.c deleted file mode 100644 index 0f839822ff2..00000000000 --- a/src/lib/libcrypto/asn1/a_set.c +++ /dev/null @@ -1,220 +0,0 @@ -/* crypto/asn1/a_set.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include "cryptlib.h" -#include - -#ifndef NO_ASN1_OLD - -typedef struct - { - unsigned char *pbData; - int cbData; - } MYBLOB; - -/* SetBlobCmp - * This function compares two elements of SET_OF block - */ -static int SetBlobCmp(const void *elem1, const void *elem2 ) - { - const MYBLOB *b1 = (const MYBLOB *)elem1; - const MYBLOB *b2 = (const MYBLOB *)elem2; - int r; - - r = memcmp(b1->pbData, b2->pbData, - b1->cbData < b2->cbData ? b1->cbData : b2->cbData); - if(r != 0) - return r; - return b1->cbData-b2->cbData; - } - -/* int is_set: if TRUE, then sort the contents (i.e. it isn't a SEQUENCE) */ -int i2d_ASN1_SET(STACK *a, unsigned char **pp, int (*func)(), int ex_tag, - int ex_class, int is_set) - { - int ret=0,r; - int i; - unsigned char *p; - unsigned char *pStart, *pTempMem; - MYBLOB *rgSetBlob; - int totSize; - - if (a == NULL) return(0); - for (i=sk_num(a)-1; i>=0; i--) - ret+=func(sk_value(a,i),NULL); - r=ASN1_object_size(1,ret,ex_tag); - if (pp == NULL) return(r); - - p= *pp; - ASN1_put_object(&p,1,ret,ex_tag,ex_class); - -/* Modified by gp@nsj.co.jp */ - /* And then again by Ben */ - /* And again by Steve */ - - if(!is_set || (sk_num(a) < 2)) - { - for (i=0; i c.max) - { - ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_LENGTH_ERROR); - goto err; - } - /* check for infinite constructed - it can be as long - * as the amount of data passed to us */ - if (c.inf == (V_ASN1_CONSTRUCTED+1)) - c.slen=length+ *pp-c.p; - c.max=c.p+c.slen; - - while (c.p < c.max) - { - char *s; - - if (M_ASN1_D2I_end_sequence()) break; - if ((s=func(NULL,&c.p,c.slen,c.max-c.p)) == NULL) - { - ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_ERROR_PARSING_SET_ELEMENT); - asn1_add_error(*pp,(int)(c.q- *pp)); - goto err; - } - if (!sk_push(ret,s)) goto err; - } - if (a != NULL) (*a)=ret; - *pp=c.p; - return(ret); -err: - if ((ret != NULL) && ((a == NULL) || (*a != ret))) - { - if (free_func != NULL) - sk_pop_free(ret,free_func); - else - sk_free(ret); - } - return(NULL); - } - -#endif diff --git a/src/lib/libcrypto/asn1/a_sign.c b/src/lib/libcrypto/asn1/a_sign.c index de53b441448..df955be7456 100644 --- a/src/lib/libcrypto/asn1/a_sign.c +++ b/src/lib/libcrypto/asn1/a_sign.c @@ -1,25 +1,25 @@ -/* crypto/asn1/a_sign.c */ +/* $OpenBSD: a_sign.c,v 1.23 2017/05/02 03:59:44 deraadt Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,21 +49,21 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -109,186 +109,125 @@ * */ +#include + #include +#include #include -#include "cryptlib.h" - -#ifndef NO_SYS_TYPES_H -# include -#endif - #include +#include +#include #include -#include #include -#include +#include -#ifndef NO_ASN1_OLD +#include "asn1_locl.h" -int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2, - ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey, - const EVP_MD *type) - { +int +ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, + ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey, const EVP_MD *type) +{ EVP_MD_CTX ctx; - unsigned char *p,*buf_in=NULL,*buf_out=NULL; - int i,inl=0,outl=0,outll=0; - X509_ALGOR *a; - EVP_MD_CTX_init(&ctx); - for (i=0; i<2; i++) - { - if (i == 0) - a=algor1; - else - a=algor2; - if (a == NULL) continue; - if (type->pkey_type == NID_dsaWithSHA1) - { - /* special case: RFC 2459 tells us to omit 'parameters' - * with id-dsa-with-sha1 */ - ASN1_TYPE_free(a->parameter); - a->parameter = NULL; - } - else if ((a->parameter == NULL) || - (a->parameter->type != V_ASN1_NULL)) - { - ASN1_TYPE_free(a->parameter); - if ((a->parameter=ASN1_TYPE_new()) == NULL) goto err; - a->parameter->type=V_ASN1_NULL; - } - ASN1_OBJECT_free(a->algorithm); - a->algorithm=OBJ_nid2obj(type->pkey_type); - if (a->algorithm == NULL) - { - ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE); - goto err; - } - if (a->algorithm->length == 0) - { - ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD); - goto err; - } - } - inl=i2d(data,NULL); - buf_in=(unsigned char *)OPENSSL_malloc((unsigned int)inl); - outll=outl=EVP_PKEY_size(pkey); - buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl); - if ((buf_in == NULL) || (buf_out == NULL)) - { - outl=0; - ASN1err(ASN1_F_ASN1_SIGN,ERR_R_MALLOC_FAILURE); - goto err; - } - p=buf_in; - - i2d(data,&p); - EVP_SignInit_ex(&ctx,type, NULL); - EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl); - if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out, - (unsigned int *)&outl,pkey)) - { - outl=0; - ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB); - goto err; - } - if (signature->data != NULL) OPENSSL_free(signature->data); - signature->data=buf_out; - buf_out=NULL; - signature->length=outl; - /* In the interests of compatibility, I'll make sure that - * the bit string has a 'not-used bits' value of 0 - */ - signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); - signature->flags|=ASN1_STRING_FLAG_BITS_LEFT; -err: - EVP_MD_CTX_cleanup(&ctx); - if (buf_in != NULL) - { memset((char *)buf_in,0,(unsigned int)inl); OPENSSL_free(buf_in); } - if (buf_out != NULL) - { memset((char *)buf_out,0,outll); OPENSSL_free(buf_out); } - return(outl); + if (!EVP_DigestSignInit(&ctx, NULL, type, NULL, pkey)) { + EVP_MD_CTX_cleanup(&ctx); + return 0; } + return ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, &ctx); +} -#endif -int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, - ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey, - const EVP_MD *type) - { - EVP_MD_CTX ctx; - unsigned char *buf_in=NULL,*buf_out=NULL; - int i,inl=0,outl=0,outll=0; - X509_ALGOR *a; +int +ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, + ASN1_BIT_STRING *signature, void *asn, EVP_MD_CTX *ctx) +{ + const EVP_MD *type; + EVP_PKEY *pkey; + unsigned char *buf_in = NULL, *buf_out = NULL; + size_t inl = 0, outl = 0, outll = 0; + int signid, paramtype; + int rv; - EVP_MD_CTX_init(&ctx); - for (i=0; i<2; i++) - { - if (i == 0) - a=algor1; - else - a=algor2; - if (a == NULL) continue; - if (type->pkey_type == NID_dsaWithSHA1) - { - /* special case: RFC 2459 tells us to omit 'parameters' - * with id-dsa-with-sha1 */ - ASN1_TYPE_free(a->parameter); - a->parameter = NULL; - } - else if ((a->parameter == NULL) || - (a->parameter->type != V_ASN1_NULL)) - { - ASN1_TYPE_free(a->parameter); - if ((a->parameter=ASN1_TYPE_new()) == NULL) goto err; - a->parameter->type=V_ASN1_NULL; - } - ASN1_OBJECT_free(a->algorithm); - a->algorithm=OBJ_nid2obj(type->pkey_type); - if (a->algorithm == NULL) - { - ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE); - goto err; - } - if (a->algorithm->length == 0) - { - ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD); + type = EVP_MD_CTX_md(ctx); + pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx); + + if (!type || !pkey) { + ASN1error(ASN1_R_CONTEXT_NOT_INITIALISED); + return 0; + } + + if (pkey->ameth->item_sign) { + rv = pkey->ameth->item_sign(ctx, it, asn, algor1, algor2, + signature); + if (rv == 1) + outl = signature->length; + /* Return value meanings: + * <=0: error. + * 1: method does everything. + * 2: carry on as normal. + * 3: ASN1 method sets algorithm identifiers: just sign. + */ + if (rv <= 0) + ASN1error(ERR_R_EVP_LIB); + if (rv <= 1) goto err; + } else + rv = 2; + + if (rv == 2) { + if (type->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) { + if (!pkey->ameth || + !OBJ_find_sigid_by_algs(&signid, + EVP_MD_nid(type), pkey->ameth->pkey_id)) { + ASN1error(ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED); + return 0; } - } - inl=ASN1_item_i2d(asn,&buf_in, it); - outll=outl=EVP_PKEY_size(pkey); - buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl); - if ((buf_in == NULL) || (buf_out == NULL)) - { - outl=0; - ASN1err(ASN1_F_ASN1_SIGN,ERR_R_MALLOC_FAILURE); + } else + signid = type->pkey_type; + + if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL) + paramtype = V_ASN1_NULL; + else + paramtype = V_ASN1_UNDEF; + + if (algor1) + X509_ALGOR_set0(algor1, + OBJ_nid2obj(signid), paramtype, NULL); + if (algor2) + X509_ALGOR_set0(algor2, + OBJ_nid2obj(signid), paramtype, NULL); + + } + + inl = ASN1_item_i2d(asn, &buf_in, it); + outll = outl = EVP_PKEY_size(pkey); + buf_out = malloc(outl); + if ((buf_in == NULL) || (buf_out == NULL)) { + outl = 0; + ASN1error(ERR_R_MALLOC_FAILURE); goto err; - } + } - EVP_SignInit_ex(&ctx,type, NULL); - EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl); - if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out, - (unsigned int *)&outl,pkey)) - { - outl=0; - ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB); + if (!EVP_DigestSignUpdate(ctx, buf_in, inl) || + !EVP_DigestSignFinal(ctx, buf_out, &outl)) { + outl = 0; + ASN1error(ERR_R_EVP_LIB); goto err; - } - if (signature->data != NULL) OPENSSL_free(signature->data); - signature->data=buf_out; - buf_out=NULL; - signature->length=outl; + } + free(signature->data); + signature->data = buf_out; + buf_out = NULL; + signature->length = outl; /* In the interests of compatibility, I'll make sure that * the bit string has a 'not-used bits' value of 0 */ - signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); - signature->flags|=ASN1_STRING_FLAG_BITS_LEFT; + signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); + signature->flags |= ASN1_STRING_FLAG_BITS_LEFT; + err: - EVP_MD_CTX_cleanup(&ctx); - if (buf_in != NULL) - { memset((char *)buf_in,0,(unsigned int)inl); OPENSSL_free(buf_in); } - if (buf_out != NULL) - { memset((char *)buf_out,0,outll); OPENSSL_free(buf_out); } - return(outl); - } + EVP_MD_CTX_cleanup(ctx); + freezero((char *)buf_in, inl); + freezero((char *)buf_out, outll); + return (outl); +} diff --git a/src/lib/libcrypto/asn1/a_strex.c b/src/lib/libcrypto/asn1/a_strex.c index 128aa7e772c..4e3deccfdaf 100644 --- a/src/lib/libcrypto/asn1/a_strex.c +++ b/src/lib/libcrypto/asn1/a_strex.c @@ -1,5 +1,5 @@ -/* a_strex.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: a_strex.c,v 1.28 2018/05/19 10:46:28 tb Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -58,9 +58,12 @@ #include #include + +#include #include #include -#include + +#include "asn1_locl.h" #include "charmap.h" @@ -70,34 +73,34 @@ * options. */ - #define CHARTYPE_BS_ESC (ASN1_STRFLGS_ESC_2253 | CHARTYPE_FIRST_ESC_2253 | CHARTYPE_LAST_ESC_2253) +#define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \ + ASN1_STRFLGS_ESC_QUOTE | \ + ASN1_STRFLGS_ESC_CTRL | \ + ASN1_STRFLGS_ESC_MSB) + /* Three IO functions for sending data to memory, a BIO and * and a FILE pointer. */ - -int send_mem_chars(void *arg, const void *buf, int len) -{ - unsigned char **out = arg; - if(!out) return 1; - memcpy(*out, buf, len); - *out += len; - return 1; -} - -int send_bio_chars(void *arg, const void *buf, int len) +static int +send_bio_chars(void *arg, const void *buf, int len) { - if(!arg) return 1; - if(BIO_write(arg, buf, len) != len) return 0; + if (!arg) + return 1; + if (BIO_write(arg, buf, len) != len) + return 0; return 1; } -int send_fp_chars(void *arg, const void *buf, int len) +static int +send_fp_chars(void *arg, const void *buf, int len) { - if(!arg) return 1; - if(fwrite(buf, 1, len, arg) != (unsigned int)len) return 0; + if (!arg) + return 1; + if (fwrite(buf, 1, (size_t)len, arg) != (size_t)len) + return 0; return 1; } @@ -110,40 +113,63 @@ typedef int char_io(void *arg, const void *buf, int len); * 4 byte forms. */ -static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, char_io *io_ch, void *arg) +static int +do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, + char_io *io_ch, void *arg) { unsigned char chflgs, chtmp; - char tmphex[11]; - if(c > 0xffff) { - BIO_snprintf(tmphex, 11, "\\W%08lX", c); - if(!io_ch(arg, tmphex, 10)) return -1; + char tmphex[sizeof(long) * 2 + 3]; + + if (c > 0xffffffffL) + return -1; + if (c > 0xffff) { + snprintf(tmphex, sizeof tmphex, "\\W%08lX", c); + if (!io_ch(arg, tmphex, 10)) + return -1; return 10; } - if(c > 0xff) { - BIO_snprintf(tmphex, 11, "\\U%04lX", c); - if(!io_ch(arg, tmphex, 6)) return -1; + if (c > 0xff) { + snprintf(tmphex, sizeof tmphex, "\\U%04lX", c); + if (!io_ch(arg, tmphex, 6)) + return -1; return 6; } chtmp = (unsigned char)c; - if(chtmp > 0x7f) chflgs = flags & ASN1_STRFLGS_ESC_MSB; - else chflgs = char_type[chtmp] & flags; - if(chflgs & CHARTYPE_BS_ESC) { + if (chtmp > 0x7f) + chflgs = flags & ASN1_STRFLGS_ESC_MSB; + else + chflgs = char_type[chtmp] & flags; + if (chflgs & CHARTYPE_BS_ESC) { /* If we don't escape with quotes, signal we need quotes */ - if(chflgs & ASN1_STRFLGS_ESC_QUOTE) { - if(do_quotes) *do_quotes = 1; - if(!io_ch(arg, &chtmp, 1)) return -1; + if (chflgs & ASN1_STRFLGS_ESC_QUOTE) { + if (do_quotes) + *do_quotes = 1; + if (!io_ch(arg, &chtmp, 1)) + return -1; return 1; } - if(!io_ch(arg, "\\", 1)) return -1; - if(!io_ch(arg, &chtmp, 1)) return -1; + if (!io_ch(arg, "\\", 1)) + return -1; + if (!io_ch(arg, &chtmp, 1)) + return -1; return 2; } - if(chflgs & (ASN1_STRFLGS_ESC_CTRL|ASN1_STRFLGS_ESC_MSB)) { - BIO_snprintf(tmphex, 11, "\\%02X", chtmp); - if(!io_ch(arg, tmphex, 3)) return -1; + if (chflgs & (ASN1_STRFLGS_ESC_CTRL|ASN1_STRFLGS_ESC_MSB)) { + snprintf(tmphex, sizeof tmphex, "\\%02X", chtmp); + if (!io_ch(arg, tmphex, 3)) + return -1; return 3; } - if(!io_ch(arg, &chtmp, 1)) return -1; + /* If we get this far and do any escaping at all must escape + * the escape character itself: backslash. + */ + if (chtmp == '\\' && flags & ESC_FLAGS) { + if (!io_ch(arg, "\\\\", 2)) + return -1; + return 2; + } + if (!io_ch(arg, &chtmp, 1)) + return -1; return 1; } @@ -155,59 +181,79 @@ static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, ch * and converts to or from UTF8 as appropriate. */ -static int do_buf(unsigned char *buf, int buflen, - int type, unsigned char flags, char *quotes, char_io *io_ch, void *arg) +static int +do_buf(unsigned char *buf, int buflen, int type, unsigned char flags, + char *quotes, char_io *io_ch, void *arg) { int i, outlen, len; unsigned char orflags, *p, *q; unsigned long c; + p = buf; q = buf + buflen; outlen = 0; - while(p != q) { - if(p == buf) orflags = CHARTYPE_FIRST_ESC_2253; - else orflags = 0; - switch(type & BUF_TYPE_WIDTH_MASK) { - case 4: + while (p != q) { + if (p == buf && flags & ASN1_STRFLGS_ESC_2253) + orflags = CHARTYPE_FIRST_ESC_2253; + else + orflags = 0; + switch (type & BUF_TYPE_WIDTH_MASK) { + case 4: c = ((unsigned long)*p++) << 24; c |= ((unsigned long)*p++) << 16; c |= ((unsigned long)*p++) << 8; c |= *p++; + if (c > UNICODE_MAX || UNICODE_IS_SURROGATE(c)) + return -1; break; - case 2: + case 2: c = ((unsigned long)*p++) << 8; c |= *p++; + if (UNICODE_IS_SURROGATE(c)) + return -1; break; - case 1: + case 1: c = *p++; break; - - case 0: - i = UTF8_getc(p, buflen, &c); - if(i < 0) return -1; /* Invalid UTF8String */ + + case 0: + i = UTF8_getc(p, q - p, &c); + if (i < 0) + return -1; /* Invalid UTF8String */ p += i; break; + default: + return -1; /* invalid width */ } - if (p == q) orflags = CHARTYPE_LAST_ESC_2253; - if(type & BUF_TYPE_CONVUTF8) { + if (p == q && flags & ASN1_STRFLGS_ESC_2253) + orflags = CHARTYPE_LAST_ESC_2253; + if (type & BUF_TYPE_CONVUTF8) { unsigned char utfbuf[6]; int utflen; - utflen = UTF8_putc(utfbuf, 6, c); - for(i = 0; i < utflen; i++) { + + utflen = UTF8_putc(utfbuf, sizeof utfbuf, c); + if (utflen < 0) + return -1; + for (i = 0; i < utflen; i++) { /* We don't need to worry about setting orflags correctly - * because if utflen==1 its value will be correct anyway - * otherwise each character will be > 0x7f and so the + * because if utflen==1 its value will be correct anyway + * otherwise each character will be > 0x7f and so the * character will never be escaped on first and last. */ - len = do_esc_char(utfbuf[i], (unsigned char)(flags | orflags), quotes, io_ch, arg); - if(len < 0) return -1; + len = do_esc_char(utfbuf[i], + (unsigned char)(flags | orflags), quotes, + io_ch, arg); + if (len < 0) + return -1; outlen += len; } } else { - len = do_esc_char(c, (unsigned char)(flags | orflags), quotes, io_ch, arg); - if(len < 0) return -1; + len = do_esc_char(c, (unsigned char)(flags | orflags), + quotes, io_ch, arg); + if (len < 0) + return -1; outlen += len; } } @@ -216,18 +262,20 @@ static int do_buf(unsigned char *buf, int buflen, /* This function hex dumps a buffer of characters */ -static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf, int buflen) +static int +do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf, int buflen) { - const static char hexdig[] = "0123456789ABCDEF"; + static const char hexdig[] = "0123456789ABCDEF"; unsigned char *p, *q; char hextmp[2]; - if(arg) { + if (arg) { p = buf; q = buf + buflen; - while(p != q) { + while (p != q) { hextmp[0] = hexdig[*p >> 4]; hextmp[1] = hexdig[*p & 0xf]; - if(!io_ch(arg, hextmp, 2)) return -1; + if (!io_ch(arg, hextmp, 2)) + return -1; p++; } } @@ -240,7 +288,8 @@ static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf, int buflen * #01234 format. */ -int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING *str) +static int +do_dump(unsigned long lflags, char_io *io_ch, void *arg, const ASN1_STRING *str) { /* Placing the ASN1_STRING in a temp ASN1_TYPE allows * the DER encoding to readily obtained @@ -249,23 +298,27 @@ int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING *str) unsigned char *der_buf, *p; int outlen, der_len; - if(!io_ch(arg, "#", 1)) return -1; + if (!io_ch(arg, "#", 1)) + return -1; /* If we don't dump DER encoding just dump content octets */ - if(!(lflags & ASN1_STRFLGS_DUMP_DER)) { + if (!(lflags & ASN1_STRFLGS_DUMP_DER)) { outlen = do_hex_dump(io_ch, arg, str->data, str->length); - if(outlen < 0) return -1; + if (outlen < 0) + return -1; return outlen + 1; } t.type = str->type; t.value.ptr = (char *)str; der_len = i2d_ASN1_TYPE(&t, NULL); - der_buf = OPENSSL_malloc(der_len); - if(!der_buf) return -1; + der_buf = malloc(der_len); + if (!der_buf) + return -1; p = der_buf; i2d_ASN1_TYPE(&t, &p); outlen = do_hex_dump(io_ch, arg, der_buf, der_len); - OPENSSL_free(der_buf); - if(outlen < 0) return -1; + free(der_buf); + if (outlen < 0) + return -1; return outlen + 1; } @@ -274,22 +327,17 @@ int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING *str) * otherwise it is the number of bytes per character */ -const static char tag2nbyte[] = { +static const signed char tag2nbyte[] = { -1, -1, -1, -1, -1, /* 0-4 */ -1, -1, -1, -1, -1, /* 5-9 */ -1, -1, 0, -1, /* 10-13 */ -1, -1, -1, -1, /* 15-17 */ -1, 1, 1, /* 18-20 */ - -1, 1, -1,-1, /* 21-24 */ + -1, 1, 1, 1, /* 21-24 */ -1, 1, -1, /* 25-27 */ 4, -1, 2 /* 28-30 */ }; -#define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \ - ASN1_STRFLGS_ESC_QUOTE | \ - ASN1_STRFLGS_ESC_CTRL | \ - ASN1_STRFLGS_ESC_MSB) - /* This is the main function, print out an * ASN1_STRING taking note of various escape * and display options. Returns number of @@ -297,85 +345,103 @@ const static char tag2nbyte[] = { * occurred. */ -static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags, ASN1_STRING *str) +static int +do_print_ex(char_io *io_ch, void *arg, unsigned long lflags, + const ASN1_STRING *str) { int outlen, len; int type; char quotes; unsigned char flags; + quotes = 0; /* Keep a copy of escape flags */ flags = (unsigned char)(lflags & ESC_FLAGS); - type = str->type; - outlen = 0; - - if(lflags & ASN1_STRFLGS_SHOW_TYPE) { + if (lflags & ASN1_STRFLGS_SHOW_TYPE) { const char *tagname; tagname = ASN1_tag2str(type); outlen += strlen(tagname); - if(!io_ch(arg, tagname, outlen) || !io_ch(arg, ":", 1)) return -1; + if (!io_ch(arg, tagname, outlen) || !io_ch(arg, ":", 1)) + return -1; outlen++; } /* Decide what to do with type, either dump content or display it */ /* Dump everything */ - if(lflags & ASN1_STRFLGS_DUMP_ALL) type = -1; + if (lflags & ASN1_STRFLGS_DUMP_ALL) + type = -1; /* Ignore the string type */ - else if(lflags & ASN1_STRFLGS_IGNORE_TYPE) type = 1; + else if (lflags & ASN1_STRFLGS_IGNORE_TYPE) + type = 1; else { /* Else determine width based on type */ - if((type > 0) && (type < 31)) type = tag2nbyte[type]; - else type = -1; - if((type == -1) && !(lflags & ASN1_STRFLGS_DUMP_UNKNOWN)) type = 1; + if ((type > 0) && (type < 31)) + type = tag2nbyte[type]; + else + type = -1; + if ((type == -1) && !(lflags & ASN1_STRFLGS_DUMP_UNKNOWN)) + type = 1; } - if(type == -1) { + if (type == -1) { len = do_dump(lflags, io_ch, arg, str); - if(len < 0) return -1; + if (len < 0) + return -1; outlen += len; return outlen; } - if(lflags & ASN1_STRFLGS_UTF8_CONVERT) { + if (lflags & ASN1_STRFLGS_UTF8_CONVERT) { /* Note: if string is UTF8 and we want * to convert to UTF8 then we just interpret * it as 1 byte per character to avoid converting * twice. */ - if(!type) type = 1; - else type |= BUF_TYPE_CONVUTF8; + if (!type) + type = 1; + else + type |= BUF_TYPE_CONVUTF8; } len = do_buf(str->data, str->length, type, flags, "es, io_ch, NULL); - if(outlen < 0) return -1; + if (len < 0) + return -1; outlen += len; - if(quotes) outlen += 2; - if(!arg) return outlen; - if(quotes && !io_ch(arg, "\"", 1)) return -1; - do_buf(str->data, str->length, type, flags, NULL, io_ch, arg); - if(quotes && !io_ch(arg, "\"", 1)) return -1; + if (quotes) + outlen += 2; + if (!arg) + return outlen; + if (quotes && !io_ch(arg, "\"", 1)) + return -1; + if (do_buf(str->data, str->length, type, flags, NULL, io_ch, arg) < 0) + return -1; + if (quotes && !io_ch(arg, "\"", 1)) + return -1; return outlen; } /* Used for line indenting: print 'indent' spaces */ -static int do_indent(char_io *io_ch, void *arg, int indent) +static int +do_indent(char_io *io_ch, void *arg, int indent) { int i; - for(i = 0; i < indent; i++) - if(!io_ch(arg, " ", 1)) return 0; + for (i = 0; i < indent; i++) + if (!io_ch(arg, " ", 1)) + return 0; return 1; } #define FN_WIDTH_LN 25 #define FN_WIDTH_SN 10 -static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n, - int indent, unsigned long flags) +static int +do_name_ex(char_io *io_ch, void *arg, const X509_NAME *n, int indent, + unsigned long flags) { int i, prev = -1, orflags, cnt; int fn_opt, fn_nid; @@ -387,19 +453,22 @@ static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n, int outlen, len; char *sep_dn, *sep_mv, *sep_eq; int sep_dn_len, sep_mv_len, sep_eq_len; - if(indent < 0) indent = 0; + + if (indent < 0) + indent = 0; outlen = indent; - if(!do_indent(io_ch, arg, indent)) return -1; - switch (flags & XN_FLAG_SEP_MASK) - { - case XN_FLAG_SEP_MULTILINE: + if (!do_indent(io_ch, arg, indent)) + return -1; + + switch (flags & XN_FLAG_SEP_MASK) { + case XN_FLAG_SEP_MULTILINE: sep_dn = "\n"; sep_dn_len = 1; sep_mv = " + "; sep_mv_len = 3; break; - case XN_FLAG_SEP_COMMA_PLUS: + case XN_FLAG_SEP_COMMA_PLUS: sep_dn = ","; sep_dn_len = 1; sep_mv = "+"; @@ -407,7 +476,7 @@ static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n, indent = 0; break; - case XN_FLAG_SEP_CPLUS_SPC: + case XN_FLAG_SEP_CPLUS_SPC: sep_dn = ", "; sep_dn_len = 2; sep_mv = " + "; @@ -415,7 +484,7 @@ static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n, indent = 0; break; - case XN_FLAG_SEP_SPLUS_SPC: + case XN_FLAG_SEP_SPLUS_SPC: sep_dn = "; "; sep_dn_len = 2; sep_mv = " + "; @@ -423,11 +492,11 @@ static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n, indent = 0; break; - default: + default: return -1; } - if(flags & XN_FLAG_SPC_EQ) { + if (flags & XN_FLAG_SPC_EQ) { sep_eq = " = "; sep_eq_len = 3; } else { @@ -437,19 +506,23 @@ static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n, fn_opt = flags & XN_FLAG_FN_MASK; - cnt = X509_NAME_entry_count(n); - for(i = 0; i < cnt; i++) { - if(flags & XN_FLAG_DN_REV) - ent = X509_NAME_get_entry(n, cnt - i - 1); - else ent = X509_NAME_get_entry(n, i); - if(prev != -1) { - if(prev == ent->set) { - if(!io_ch(arg, sep_mv, sep_mv_len)) return -1; + cnt = X509_NAME_entry_count(n); + for (i = 0; i < cnt; i++) { + if (flags & XN_FLAG_DN_REV) + ent = X509_NAME_get_entry(n, cnt - i - 1); + else + ent = X509_NAME_get_entry(n, i); + if (prev != -1) { + if (prev == ent->set) { + if (!io_ch(arg, sep_mv, sep_mv_len)) + return -1; outlen += sep_mv_len; } else { - if(!io_ch(arg, sep_dn, sep_dn_len)) return -1; + if (!io_ch(arg, sep_dn, sep_dn_len)) + return -1; outlen += sep_dn_len; - if(!do_indent(io_ch, arg, indent)) return -1; + if (!do_indent(io_ch, arg, indent)) + return -1; outlen += indent; } } @@ -457,17 +530,18 @@ static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n, fn = X509_NAME_ENTRY_get_object(ent); val = X509_NAME_ENTRY_get_data(ent); fn_nid = OBJ_obj2nid(fn); - if(fn_opt != XN_FLAG_FN_NONE) { + if (fn_opt != XN_FLAG_FN_NONE) { int objlen, fld_len; - if((fn_opt == XN_FLAG_FN_OID) || (fn_nid==NID_undef) ) { - OBJ_obj2txt(objtmp, 80, fn, 1); + if ((fn_opt == XN_FLAG_FN_OID) || + (fn_nid == NID_undef)) { + OBJ_obj2txt(objtmp, sizeof objtmp, fn, 1); fld_len = 0; /* XXX: what should this be? */ objbuf = objtmp; } else { - if(fn_opt == XN_FLAG_FN_SN) { + if (fn_opt == XN_FLAG_FN_SN) { fld_len = FN_WIDTH_SN; objbuf = OBJ_nid2sn(fn_nid); - } else if(fn_opt == XN_FLAG_FN_LN) { + } else if (fn_opt == XN_FLAG_FN_LN) { fld_len = FN_WIDTH_LN; objbuf = OBJ_nid2ln(fn_nid); } else { @@ -476,24 +550,30 @@ static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n, } } objlen = strlen(objbuf); - if(!io_ch(arg, objbuf, objlen)) return -1; + if (!io_ch(arg, objbuf, objlen)) + return -1; if ((objlen < fld_len) && (flags & XN_FLAG_FN_ALIGN)) { - if (!do_indent(io_ch, arg, fld_len - objlen)) return -1; + if (!do_indent(io_ch, arg, fld_len - objlen)) + return -1; outlen += fld_len - objlen; } - if(!io_ch(arg, sep_eq, sep_eq_len)) return -1; + if (!io_ch(arg, sep_eq, sep_eq_len)) + return -1; outlen += objlen + sep_eq_len; } /* If the field name is unknown then fix up the DER dump * flag. We might want to limit this further so it will * DER dump on anything other than a few 'standard' fields. */ - if((fn_nid == NID_undef) && (flags & XN_FLAG_DUMP_UNKNOWN_FIELDS)) - orflags = ASN1_STRFLGS_DUMP_ALL; - else orflags = 0; - + if ((fn_nid == NID_undef) && + (flags & XN_FLAG_DUMP_UNKNOWN_FIELDS)) + orflags = ASN1_STRFLGS_DUMP_ALL; + else + orflags = 0; + len = do_print_ex(io_ch, arg, flags | orflags, val); - if(len < 0) return -1; + if (len < 0) + return -1; outlen += len; } return outlen; @@ -501,36 +581,40 @@ static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n, /* Wrappers round the main functions */ -int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags) +int +X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent, + unsigned long flags) { - if(flags == XN_FLAG_COMPAT) + if (flags == XN_FLAG_COMPAT) return X509_NAME_print(out, nm, indent); return do_name_ex(send_bio_chars, out, nm, indent, flags); } - -int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags) +int +X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent, + unsigned long flags) { - if(flags == XN_FLAG_COMPAT) - { + if (flags == XN_FLAG_COMPAT) { BIO *btmp; int ret; btmp = BIO_new_fp(fp, BIO_NOCLOSE); - if(!btmp) return -1; + if (!btmp) + return -1; ret = X509_NAME_print(btmp, nm, indent); BIO_free(btmp); return ret; - } + } return do_name_ex(send_fp_chars, fp, nm, indent, flags); } -int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags) +int +ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str, unsigned long flags) { return do_print_ex(send_bio_chars, out, flags, str); } - -int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags) +int +ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, unsigned long flags) { return do_print_ex(send_fp_chars, fp, flags, str); } @@ -539,19 +623,27 @@ int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags) * in output string or a negative error code */ -int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in) +int +ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in) { ASN1_STRING stmp, *str = &stmp; int mbflag, type, ret; - if(!*out || !in) return -1; + + if (!in) + return -1; type = in->type; - if((type < 0) || (type > 30)) return -1; + if ((type < 0) || (type > 30)) + return -1; mbflag = tag2nbyte[type]; - if(mbflag == -1) return -1; + if (mbflag == -1) + return -1; mbflag |= MBSTRING_FLAG; stmp.data = NULL; - ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING); - if(ret < 0) return ret; - if(out) *out = stmp.data; + stmp.length = 0; + ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, + B_ASN1_UTF8STRING); + if (ret < 0) + return ret; + *out = stmp.data; return stmp.length; } diff --git a/src/lib/libcrypto/asn1/a_strnid.c b/src/lib/libcrypto/asn1/a_strnid.c index 04789d1c63f..0585f7050b6 100644 --- a/src/lib/libcrypto/asn1/a_strnid.c +++ b/src/lib/libcrypto/asn1/a_strnid.c @@ -1,5 +1,5 @@ -/* a_strnid.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: a_strnid.c,v 1.21 2017/01/29 17:49:22 beck Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -56,18 +56,18 @@ * */ -#include #include -#include "cryptlib.h" +#include +#include + #include +#include #include - static STACK_OF(ASN1_STRING_TABLE) *stable = NULL; static void st_free(ASN1_STRING_TABLE *tbl); static int sk_table_cmp(const ASN1_STRING_TABLE * const *a, - const ASN1_STRING_TABLE * const *b); -static int table_cmp(const void *a, const void *b); + const ASN1_STRING_TABLE * const *b); /* This is the global mask for the mbstring functions: this is use to @@ -75,14 +75,16 @@ static int table_cmp(const void *a, const void *b); * certain software (e.g. Netscape) has problems with them. */ -static unsigned long global_mask = 0xFFFFFFFFL; +static unsigned long global_mask = B_ASN1_UTF8STRING; -void ASN1_STRING_set_default_mask(unsigned long mask) +void +ASN1_STRING_set_default_mask(unsigned long mask) { global_mask = mask; } -unsigned long ASN1_STRING_get_default_mask(void) +unsigned long +ASN1_STRING_get_default_mask(void) { return global_mask; } @@ -96,54 +98,66 @@ unsigned long ASN1_STRING_get_default_mask(void) * default: the default value, Printable, T61, BMP. */ -int ASN1_STRING_set_default_mask_asc(char *p) +int +ASN1_STRING_set_default_mask_asc(const char *p) { unsigned long mask; char *end; - if(!strncmp(p, "MASK:", 5)) { - if(!p[5]) return 0; + + if (!strncmp(p, "MASK:", 5)) { + if (!p[5]) + return 0; mask = strtoul(p + 5, &end, 0); - if(*end) return 0; - } else if(!strcmp(p, "nombstr")) - mask = ~((unsigned long)(B_ASN1_BMPSTRING|B_ASN1_UTF8STRING)); - else if(!strcmp(p, "pkix")) - mask = ~((unsigned long)B_ASN1_T61STRING); - else if(!strcmp(p, "utf8only")) mask = B_ASN1_UTF8STRING; - else if(!strcmp(p, "default")) - mask = 0xFFFFFFFFL; - else return 0; + if (*end) + return 0; + } else if (!strcmp(p, "nombstr")) + mask = ~((unsigned long)(B_ASN1_BMPSTRING|B_ASN1_UTF8STRING)); + else if (!strcmp(p, "pkix")) + mask = ~((unsigned long)B_ASN1_T61STRING); + else if (!strcmp(p, "utf8only")) + mask = B_ASN1_UTF8STRING; + else if (!strcmp(p, "default")) + mask = 0xFFFFFFFFL; + else + return 0; ASN1_STRING_set_default_mask(mask); return 1; } /* The following function generates an ASN1_STRING based on limits in a table. - * Frequently the types and length of an ASN1_STRING are restricted by a + * Frequently the types and length of an ASN1_STRING are restricted by a * corresponding OID. For example certificates and certificate requests. */ -ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in, - int inlen, int inform, int nid) +ASN1_STRING * +ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in, int inlen, + int inform, int nid) { ASN1_STRING_TABLE *tbl; ASN1_STRING *str = NULL; unsigned long mask; int ret; - if(!out) out = &str; + if (!out) + out = &str; tbl = ASN1_STRING_TABLE_get(nid); - if(tbl) { + if (tbl) { mask = tbl->mask; - if(!(tbl->flags & STABLE_NO_MASK)) mask &= global_mask; + if (!(tbl->flags & STABLE_NO_MASK)) + mask &= global_mask; ret = ASN1_mbstring_ncopy(out, in, inlen, inform, mask, - tbl->minsize, tbl->maxsize); - } else ret = ASN1_mbstring_copy(out, in, inlen, inform, DIRSTRING_TYPE & global_mask); - if(ret <= 0) return NULL; + tbl->minsize, tbl->maxsize); + } else + ret = ASN1_mbstring_copy(out, in, inlen, inform, + DIRSTRING_TYPE & global_mask); + if (ret <= 0) + return NULL; return *out; } /* Now the tables and helper functions for the string table: */ -/* size limits: this stuff is taken straight from RFC2459 */ +/* size limits: this stuff is taken straight from RFC3280 */ #define ub_name 32768 #define ub_common_name 64 @@ -153,100 +167,140 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in, #define ub_organization_unit_name 64 #define ub_title 64 #define ub_email_address 128 +#define ub_serial_number 64 + /* This table must be kept in NID order */ -static ASN1_STRING_TABLE tbl_standard[] = { -{NID_commonName, 1, ub_common_name, DIRSTRING_TYPE, 0}, -{NID_countryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, -{NID_localityName, 1, ub_locality_name, DIRSTRING_TYPE, 0}, -{NID_stateOrProvinceName, 1, ub_state_name, DIRSTRING_TYPE, 0}, -{NID_organizationName, 1, ub_organization_name, DIRSTRING_TYPE, 0}, -{NID_organizationalUnitName, 1, ub_organization_unit_name, DIRSTRING_TYPE, 0}, -{NID_pkcs9_emailAddress, 1, ub_email_address, B_ASN1_IA5STRING, STABLE_NO_MASK}, -{NID_pkcs9_unstructuredName, 1, -1, PKCS9STRING_TYPE, 0}, -{NID_pkcs9_challengePassword, 1, -1, PKCS9STRING_TYPE, 0}, -{NID_pkcs9_unstructuredAddress, 1, -1, DIRSTRING_TYPE, 0}, -{NID_givenName, 1, ub_name, DIRSTRING_TYPE, 0}, -{NID_surname, 1, ub_name, DIRSTRING_TYPE, 0}, -{NID_initials, 1, ub_name, DIRSTRING_TYPE, 0}, -{NID_friendlyName, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}, -{NID_name, 1, ub_name, DIRSTRING_TYPE, 0}, -{NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, -{NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK} +static const ASN1_STRING_TABLE tbl_standard[] = { + {NID_commonName, 1, ub_common_name, DIRSTRING_TYPE, 0}, + {NID_countryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, + {NID_localityName, 1, ub_locality_name, DIRSTRING_TYPE, 0}, + {NID_stateOrProvinceName, 1, ub_state_name, DIRSTRING_TYPE, 0}, + {NID_organizationName, 1, ub_organization_name, DIRSTRING_TYPE, 0}, + {NID_organizationalUnitName, 1, ub_organization_unit_name, DIRSTRING_TYPE, 0}, + {NID_pkcs9_emailAddress, 1, ub_email_address, B_ASN1_IA5STRING, STABLE_NO_MASK}, + {NID_pkcs9_unstructuredName, 1, -1, PKCS9STRING_TYPE, 0}, + {NID_pkcs9_challengePassword, 1, -1, PKCS9STRING_TYPE, 0}, + {NID_pkcs9_unstructuredAddress, 1, -1, DIRSTRING_TYPE, 0}, + {NID_givenName, 1, ub_name, DIRSTRING_TYPE, 0}, + {NID_surname, 1, ub_name, DIRSTRING_TYPE, 0}, + {NID_initials, 1, ub_name, DIRSTRING_TYPE, 0}, + {NID_serialNumber, 1, ub_serial_number, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, + {NID_friendlyName, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}, + {NID_name, 1, ub_name, DIRSTRING_TYPE, 0}, + {NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, + {NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK}, + {NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK} }; -static int sk_table_cmp(const ASN1_STRING_TABLE * const *a, - const ASN1_STRING_TABLE * const *b) +static int +sk_table_cmp(const ASN1_STRING_TABLE * const *a, + const ASN1_STRING_TABLE * const *b) { return (*a)->nid - (*b)->nid; } -static int table_cmp(const void *a, const void *b) +static int table_cmp_BSEARCH_CMP_FN(const void *, const void *); +static int table_cmp(ASN1_STRING_TABLE const *, ASN1_STRING_TABLE const *); +static ASN1_STRING_TABLE *OBJ_bsearch_table(ASN1_STRING_TABLE *key, ASN1_STRING_TABLE const *base, int num); + +static int +table_cmp(const ASN1_STRING_TABLE *a, const ASN1_STRING_TABLE *b) +{ + return a->nid - b->nid; +} + + +static int +table_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) { - const ASN1_STRING_TABLE *sa = a, *sb = b; - return sa->nid - sb->nid; + ASN1_STRING_TABLE const *a = a_; + ASN1_STRING_TABLE const *b = b_; + return table_cmp(a, b); } -ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid) +static ASN1_STRING_TABLE * +OBJ_bsearch_table(ASN1_STRING_TABLE *key, ASN1_STRING_TABLE const *base, int num) +{ + return (ASN1_STRING_TABLE *)OBJ_bsearch_(key, base, num, sizeof(ASN1_STRING_TABLE), + table_cmp_BSEARCH_CMP_FN); +} + +ASN1_STRING_TABLE * +ASN1_STRING_TABLE_get(int nid) { int idx; ASN1_STRING_TABLE *ttmp; ASN1_STRING_TABLE fnd; + fnd.nid = nid; - ttmp = (ASN1_STRING_TABLE *) OBJ_bsearch((char *)&fnd, - (char *)tbl_standard, - sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE), - sizeof(ASN1_STRING_TABLE), table_cmp); - if(ttmp) return ttmp; - if(!stable) return NULL; + ttmp = OBJ_bsearch_table(&fnd, tbl_standard, + sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE)); + if (ttmp) + return ttmp; + if (!stable) + return NULL; idx = sk_ASN1_STRING_TABLE_find(stable, &fnd); - if(idx < 0) return NULL; + if (idx < 0) + return NULL; return sk_ASN1_STRING_TABLE_value(stable, idx); } - -int ASN1_STRING_TABLE_add(int nid, - long minsize, long maxsize, unsigned long mask, - unsigned long flags) + +int +ASN1_STRING_TABLE_add(int nid, long minsize, long maxsize, unsigned long mask, + unsigned long flags) { ASN1_STRING_TABLE *tmp; char new_nid = 0; + flags &= ~STABLE_FLAGS_MALLOC; - if(!stable) stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp); - if(!stable) { - ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, ERR_R_MALLOC_FAILURE); + if (!stable) + stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp); + if (!stable) { + ASN1error(ERR_R_MALLOC_FAILURE); return 0; } - if(!(tmp = ASN1_STRING_TABLE_get(nid))) { - tmp = OPENSSL_malloc(sizeof(ASN1_STRING_TABLE)); - if(!tmp) { - ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, - ERR_R_MALLOC_FAILURE); + if (!(tmp = ASN1_STRING_TABLE_get(nid))) { + tmp = malloc(sizeof(ASN1_STRING_TABLE)); + if (!tmp) { + ASN1error(ERR_R_MALLOC_FAILURE); return 0; } tmp->flags = flags | STABLE_FLAGS_MALLOC; tmp->nid = nid; new_nid = 1; } else tmp->flags = (tmp->flags & STABLE_FLAGS_MALLOC) | flags; - if(minsize != -1) tmp->minsize = minsize; - if(maxsize != -1) tmp->maxsize = maxsize; + if (minsize != -1) + tmp->minsize = minsize; + if (maxsize != -1) + tmp->maxsize = maxsize; tmp->mask = mask; - if(new_nid) sk_ASN1_STRING_TABLE_push(stable, tmp); + if (new_nid) { + if (sk_ASN1_STRING_TABLE_push(stable, tmp) == 0) { + free(tmp); + ASN1error(ERR_R_MALLOC_FAILURE); + return 0; + } + } return 1; } -void ASN1_STRING_TABLE_cleanup(void) +void +ASN1_STRING_TABLE_cleanup(void) { STACK_OF(ASN1_STRING_TABLE) *tmp; + tmp = stable; - if(!tmp) return; + if (!tmp) + return; stable = NULL; sk_ASN1_STRING_TABLE_pop_free(tmp, st_free); } -static void st_free(ASN1_STRING_TABLE *tbl) +static void +st_free(ASN1_STRING_TABLE *tbl) { - if(tbl->flags & STABLE_FLAGS_MALLOC) OPENSSL_free(tbl); + if (tbl->flags & STABLE_FLAGS_MALLOC) + free(tbl); } - -IMPLEMENT_STACK_OF(ASN1_STRING_TABLE) diff --git a/src/lib/libcrypto/asn1/a_time.c b/src/lib/libcrypto/asn1/a_time.c index 27ddd30899b..7a3742fd70b 100644 --- a/src/lib/libcrypto/asn1/a_time.c +++ b/src/lib/libcrypto/asn1/a_time.c @@ -1,4 +1,4 @@ -/* crypto/asn1/a_time.c */ +/* $OpenBSD: a_time.c,v 1.27 2015/10/19 16:32:37 beck Exp $ */ /* ==================================================================== * Copyright (c) 1999 The OpenSSL Project. All rights reserved. * @@ -7,7 +7,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -53,7 +53,6 @@ * */ - /* This is an implementation of the ASN1 Time structure which is: * Time ::= CHOICE { * utcTime UTCTime, @@ -62,97 +61,47 @@ */ #include +#include #include -#include "cryptlib.h" -#include "o_time.h" -#include - -IMPLEMENT_ASN1_MSTRING(ASN1_TIME, B_ASN1_TIME) - -IMPLEMENT_ASN1_FUNCTIONS(ASN1_TIME) - -#if 0 -int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **pp) - { -#ifdef CHARSET_EBCDIC - /* KLUDGE! We convert to ascii before writing DER */ - char tmp[24]; - ASN1_STRING tmpstr; - - if(a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME) { - int len; - - tmpstr = *(ASN1_STRING *)a; - len = tmpstr.length; - ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof tmp) ? sizeof tmp : len); - tmpstr.data = tmp; - a = (ASN1_GENERALIZEDTIME *) &tmpstr; - } -#endif - if(a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME) - return(i2d_ASN1_bytes((ASN1_STRING *)a,pp, - a->type ,V_ASN1_UNIVERSAL)); - ASN1err(ASN1_F_I2D_ASN1_TIME,ASN1_R_EXPECTING_A_TIME); - return -1; - } -#endif - - -ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t) - { - struct tm *ts; - struct tm data; - ts=OPENSSL_gmtime(&t,&data); - if (ts == NULL) - return NULL; - if((ts->tm_year >= 50) && (ts->tm_year < 150)) - return ASN1_UTCTIME_set(s, t); - return ASN1_GENERALIZEDTIME_set(s,t); - } - -int ASN1_TIME_check(ASN1_TIME *t) - { - if (t->type == V_ASN1_GENERALIZEDTIME) - return ASN1_GENERALIZEDTIME_check(t); - else if (t->type == V_ASN1_UTCTIME) - return ASN1_UTCTIME_check(t); - return 0; - } - -/* Convert an ASN1_TIME structure to GeneralizedTime */ -ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out) - { - ASN1_GENERALIZEDTIME *ret; - char *str; - - if (!ASN1_TIME_check(t)) return NULL; - - if (!out || !*out) - { - if (!(ret = ASN1_GENERALIZEDTIME_new ())) - return NULL; - if (out) *out = ret; - } - else ret = *out; - - /* If already GeneralizedTime just copy across */ - if (t->type == V_ASN1_GENERALIZEDTIME) - { - if(!ASN1_STRING_set(ret, t->data, t->length)) - return NULL; - return ret; - } - - /* grow the string */ - if (!ASN1_STRING_set(ret, NULL, t->length + 2)) - return NULL; - str = (char *)ret->data; - /* Work out the century and prepend */ - if (t->data[0] >= '5') strcpy(str, "19"); - else strcpy(str, "20"); - - strcat(str, (char *)t->data); +#include +#include - return ret; - } +#include "o_time.h" +#include "asn1_locl.h" + +const ASN1_ITEM ASN1_TIME_it = { + .itype = ASN1_ITYPE_MSTRING, + .utype = B_ASN1_TIME, + .templates = NULL, + .tcount = 0, + .funcs = NULL, + .size = sizeof(ASN1_STRING), + .sname = "ASN1_TIME", +}; + + +ASN1_TIME * +d2i_ASN1_TIME(ASN1_TIME **a, const unsigned char **in, long len) +{ + return (ASN1_TIME *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &ASN1_TIME_it); +} + +int +i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_TIME_it); +} + +ASN1_TIME * +ASN1_TIME_new(void) +{ + return (ASN1_TIME *)ASN1_item_new(&ASN1_TIME_it); +} + +void +ASN1_TIME_free(ASN1_TIME *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &ASN1_TIME_it); +} diff --git a/src/lib/libcrypto/asn1/a_time_tm.c b/src/lib/libcrypto/asn1/a_time_tm.c new file mode 100644 index 00000000000..b6e22cbd27b --- /dev/null +++ b/src/lib/libcrypto/asn1/a_time_tm.c @@ -0,0 +1,472 @@ +/* $OpenBSD: a_time_tm.c,v 1.15 2018/04/25 11:48:21 tb Exp $ */ +/* + * Copyright (c) 2015 Bob Beck + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ +#include +#include +#include +#include +#include + +#include +#include + +#include "o_time.h" + +#define RFC5280 0 +#define GENTIME_LENGTH 15 +#define UTCTIME_LENGTH 13 + +int +ASN1_time_tm_cmp(struct tm *tm1, struct tm *tm2) +{ + if (tm1->tm_year < tm2->tm_year) + return (-1); + if (tm1->tm_year > tm2->tm_year) + return (1); + if (tm1->tm_mon < tm2->tm_mon) + return (-1); + if (tm1->tm_mon > tm2->tm_mon) + return (1); + if (tm1->tm_mday < tm2->tm_mday) + return (-1); + if (tm1->tm_mday > tm2->tm_mday) + return (1); + if (tm1->tm_hour < tm2->tm_hour) + return (-1); + if (tm1->tm_hour > tm2->tm_hour) + return (1); + if (tm1->tm_min < tm2->tm_min) + return (-1); + if (tm1->tm_min > tm2->tm_min) + return (1); + if (tm1->tm_sec < tm2->tm_sec) + return (-1); + if (tm1->tm_sec > tm2->tm_sec) + return (1); + return 0; +} + +int +ASN1_time_tm_clamp_notafter(struct tm *tm) +{ +#ifdef SMALL_TIME_T + struct tm broken_os_epoch_tm; + time_t broken_os_epoch_time = INT_MAX; + + if (gmtime_r(&broken_os_epoch_time, &broken_os_epoch_tm) == NULL) + return 0; + + if (ASN1_time_tm_cmp(tm, &broken_os_epoch_tm) == 1) + memcpy(tm, &broken_os_epoch_tm, sizeof(*tm)); +#endif + return 1; +} + +/* Format a time as an RFC 5280 format Generalized time */ +char * +gentime_string_from_tm(struct tm *tm) +{ + char *ret = NULL; + int year; + + year = tm->tm_year + 1900; + if (year < 0 || year > 9999) + return (NULL); + + if (asprintf(&ret, "%04u%02u%02u%02u%02u%02uZ", year, + tm->tm_mon + 1, tm->tm_mday, tm->tm_hour, tm->tm_min, + tm->tm_sec) == -1) + ret = NULL; + + return (ret); +} + +/* Format a time as an RFC 5280 format UTC time */ +char * +utctime_string_from_tm(struct tm *tm) +{ + char *ret = NULL; + + if (tm->tm_year >= 150 || tm->tm_year < 50) + return (NULL); + + if (asprintf(&ret, "%02u%02u%02u%02u%02u%02uZ", + tm->tm_year % 100, tm->tm_mon + 1, tm->tm_mday, + tm->tm_hour, tm->tm_min, tm->tm_sec) == -1) + ret = NULL; + + return (ret); +} + +/* Format a time correctly for an X509 object as per RFC 5280 */ +char * +rfc5280_string_from_tm(struct tm *tm) +{ + char *ret = NULL; + int year; + + year = tm->tm_year + 1900; + if (year < 1950 || year > 9999) + return (NULL); + + if (year < 2050) + ret = utctime_string_from_tm(tm); + else + ret = gentime_string_from_tm(tm); + + return (ret); +} + +/* + * Parse an RFC 5280 format ASN.1 time string. + * + * mode must be: + * 0 if we expect to parse a time as specified in RFC 5280 for an X509 object. + * V_ASN1_UTCTIME if we wish to parse an RFC5280 format UTC time. + * V_ASN1_GENERALIZEDTIME if we wish to parse an RFC5280 format Generalized time. + * + * Returns: + * -1 if the string was invalid. + * V_ASN1_UTCTIME if the string validated as a UTC time string. + * V_ASN1_GENERALIZEDTIME if the string validated as a Generalized time string. + * + * Fills in *tm with the corresponding time if tm is non NULL. + */ +#define ATOI2(ar) ((ar) += 2, ((ar)[-2] - '0') * 10 + ((ar)[-1] - '0')) +int +ASN1_time_parse(const char *bytes, size_t len, struct tm *tm, int mode) +{ + size_t i; + int type = 0; + struct tm ltm; + struct tm *lt; + const char *p; + + if (bytes == NULL) + return (-1); + + /* Constrain to valid lengths. */ + if (len != UTCTIME_LENGTH && len != GENTIME_LENGTH) + return (-1); + + lt = tm; + if (lt == NULL) { + memset(<m, 0, sizeof(ltm)); + lt = <m; + } + + /* Timezone is required and must be GMT (Zulu). */ + if (bytes[len - 1] != 'Z') + return (-1); + + /* Make sure everything else is digits. */ + for (i = 0; i < len - 1; i++) { + if (isdigit((unsigned char)bytes[i])) + continue; + return (-1); + } + + /* + * Validate and convert the time + */ + p = bytes; + switch (len) { + case GENTIME_LENGTH: + if (mode == V_ASN1_UTCTIME) + return (-1); + lt->tm_year = (ATOI2(p) * 100) - 1900; /* cc */ + type = V_ASN1_GENERALIZEDTIME; + /* FALLTHROUGH */ + case UTCTIME_LENGTH: + if (type == 0) { + if (mode == V_ASN1_GENERALIZEDTIME) + return (-1); + type = V_ASN1_UTCTIME; + } + lt->tm_year += ATOI2(p); /* yy */ + if (type == V_ASN1_UTCTIME) { + if (lt->tm_year < 50) + lt->tm_year += 100; + } + lt->tm_mon = ATOI2(p) - 1; /* mm */ + if (lt->tm_mon < 0 || lt->tm_mon > 11) + return (-1); + lt->tm_mday = ATOI2(p); /* dd */ + if (lt->tm_mday < 1 || lt->tm_mday > 31) + return (-1); + lt->tm_hour = ATOI2(p); /* HH */ + if (lt->tm_hour < 0 || lt->tm_hour > 23) + return (-1); + lt->tm_min = ATOI2(p); /* MM */ + if (lt->tm_min < 0 || lt->tm_min > 59) + return (-1); + lt->tm_sec = ATOI2(p); /* SS */ + /* Leap second 60 is not accepted. Reconsider later? */ + if (lt->tm_sec < 0 || lt->tm_sec > 59) + return (-1); + break; + default: + return (-1); + } + + return (type); +} + +/* + * ASN1_TIME generic functions. + */ + +static int +ASN1_TIME_set_string_internal(ASN1_TIME *s, const char *str, int mode) +{ + int type; + char *tmp; + + if ((type = ASN1_time_parse(str, strlen(str), NULL, mode)) == -1) + return (0); + if (mode != 0 && mode != type) + return (0); + + if (s == NULL) + return (1); + + if ((tmp = strdup(str)) == NULL) + return (0); + free(s->data); + s->data = tmp; + s->length = strlen(tmp); + s->type = type; + + return (1); +} + +static ASN1_TIME * +ASN1_TIME_adj_internal(ASN1_TIME *s, time_t t, int offset_day, long offset_sec, + int mode) +{ + int allocated = 0; + struct tm tm; + size_t len; + char * p; + + if (gmtime_r(&t, &tm) == NULL) + return (NULL); + + if (offset_day || offset_sec) { + if (!OPENSSL_gmtime_adj(&tm, offset_day, offset_sec)) + return (NULL); + } + + switch (mode) { + case V_ASN1_UTCTIME: + p = utctime_string_from_tm(&tm); + break; + case V_ASN1_GENERALIZEDTIME: + p = gentime_string_from_tm(&tm); + break; + case RFC5280: + p = rfc5280_string_from_tm(&tm); + break; + default: + return (NULL); + } + if (p == NULL) { + ASN1error(ASN1_R_ILLEGAL_TIME_VALUE); + return (NULL); + } + + if (s == NULL) { + if ((s = ASN1_TIME_new()) == NULL) + return (NULL); + allocated = 1; + } + + len = strlen(p); + switch (len) { + case GENTIME_LENGTH: + s->type = V_ASN1_GENERALIZEDTIME; + break; + case UTCTIME_LENGTH: + s->type = V_ASN1_UTCTIME; + break; + default: + if (allocated) + ASN1_TIME_free(s); + free(p); + return (NULL); + } + free(s->data); + s->data = p; + s->length = len; + return (s); +} + +ASN1_TIME * +ASN1_TIME_set(ASN1_TIME *s, time_t t) +{ + return (ASN1_TIME_adj(s, t, 0, 0)); +} + +ASN1_TIME * +ASN1_TIME_set_tm(ASN1_TIME *s, struct tm *tm) +{ + time_t t; + + if ((t = timegm(tm)) == -1) + return NULL; + return (ASN1_TIME_adj(s, t, 0, 0)); +} + +ASN1_TIME * +ASN1_TIME_adj(ASN1_TIME *s, time_t t, int offset_day, long offset_sec) +{ + return (ASN1_TIME_adj_internal(s, t, offset_day, offset_sec, RFC5280)); +} + +int +ASN1_TIME_check(const ASN1_TIME *t) +{ + if (t->type != V_ASN1_GENERALIZEDTIME && t->type != V_ASN1_UTCTIME) + return (0); + return (t->type == ASN1_time_parse(t->data, t->length, NULL, t->type)); +} + +ASN1_GENERALIZEDTIME * +ASN1_TIME_to_generalizedtime(const ASN1_TIME *t, ASN1_GENERALIZEDTIME **out) +{ + ASN1_GENERALIZEDTIME *tmp = NULL; + struct tm tm; + char *str; + + if (t->type != V_ASN1_GENERALIZEDTIME && t->type != V_ASN1_UTCTIME) + return (NULL); + + memset(&tm, 0, sizeof(tm)); + if (t->type != ASN1_time_parse(t->data, t->length, &tm, t->type)) + return (NULL); + if ((str = gentime_string_from_tm(&tm)) == NULL) + return (NULL); + + if (out != NULL) + tmp = *out; + if (tmp == NULL && (tmp = ASN1_GENERALIZEDTIME_new()) == NULL) { + free(str); + return (NULL); + } + if (out != NULL) + *out = tmp; + + free(tmp->data); + tmp->data = str; + tmp->length = strlen(str); + return (tmp); +} + +int +ASN1_TIME_set_string(ASN1_TIME *s, const char *str) +{ + return (ASN1_TIME_set_string_internal(s, str, 0)); +} + +/* + * ASN1_UTCTIME wrappers + */ + +int +ASN1_UTCTIME_check(const ASN1_UTCTIME *d) +{ + if (d->type != V_ASN1_UTCTIME) + return (0); + return (d->type == ASN1_time_parse(d->data, d->length, NULL, d->type)); +} + +int +ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str) +{ + if (s != NULL && s->type != V_ASN1_UTCTIME) + return (0); + return (ASN1_TIME_set_string_internal(s, str, V_ASN1_UTCTIME)); +} + +ASN1_UTCTIME * +ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t) +{ + return (ASN1_UTCTIME_adj(s, t, 0, 0)); +} + +ASN1_UTCTIME * +ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, int offset_day, long offset_sec) +{ + return (ASN1_TIME_adj_internal(s, t, offset_day, offset_sec, + V_ASN1_UTCTIME)); +} + +int +ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t2) +{ + struct tm tm1, tm2; + + /* + * This function has never handled failure conditions properly + * and should be deprecated. The OpenSSL version used to + * simply follow NULL pointers on failure. BoringSSL and + * OpenSSL now make it return -2 on failure. + * + * The danger is that users of this function will not + * differentiate the -2 failure case from t1 < t2. + */ + if (ASN1_time_parse(s->data, s->length, &tm1, V_ASN1_UTCTIME) == -1) + return (-2); /* XXX */ + + if (gmtime_r(&t2, &tm2) == NULL) + return (-2); /* XXX */ + + return ASN1_time_tm_cmp(&tm1, &tm2); +} + +/* + * ASN1_GENERALIZEDTIME wrappers + */ + +int +ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *d) +{ + if (d->type != V_ASN1_GENERALIZEDTIME) + return (0); + return (d->type == ASN1_time_parse(d->data, d->length, NULL, d->type)); +} + +int +ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str) +{ + if (s != NULL && s->type != V_ASN1_GENERALIZEDTIME) + return (0); + return (ASN1_TIME_set_string_internal(s, str, V_ASN1_GENERALIZEDTIME)); +} + +ASN1_GENERALIZEDTIME * +ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, time_t t) +{ + return (ASN1_GENERALIZEDTIME_adj(s, t, 0, 0)); +} + +ASN1_GENERALIZEDTIME * +ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s, time_t t, int offset_day, + long offset_sec) +{ + return (ASN1_TIME_adj_internal(s, t, offset_day, offset_sec, + V_ASN1_GENERALIZEDTIME)); +} diff --git a/src/lib/libcrypto/asn1/a_type.c b/src/lib/libcrypto/asn1/a_type.c index 96e111cf237..11d38300d65 100644 --- a/src/lib/libcrypto/asn1/a_type.c +++ b/src/lib/libcrypto/asn1/a_type.c @@ -1,25 +1,25 @@ -/* crypto/asn1/a_type.c */ +/* $OpenBSD: a_type.c,v 1.20 2018/04/25 11:48:21 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,25 +57,100 @@ */ #include + #include -#include "cryptlib.h" +#include -int ASN1_TYPE_get(ASN1_TYPE *a) - { - if (a->value.ptr != NULL) - return(a->type); +int +ASN1_TYPE_get(const ASN1_TYPE *a) +{ + if ((a->value.ptr != NULL) || (a->type == V_ASN1_NULL)) + return (a->type); else - return(0); + return (0); +} + +void +ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value) +{ + if (a->value.ptr != NULL) { + ASN1_TYPE **tmp_a = &a; + ASN1_primitive_free((ASN1_VALUE **)tmp_a, NULL); } + a->type = type; + if (type == V_ASN1_BOOLEAN) + a->value.boolean = value ? 0xff : 0; + else + a->value.ptr = value; +} -void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value) - { - if (a->value.ptr != NULL) - ASN1_primitive_free((ASN1_VALUE **)&a, NULL); - a->type=type; - a->value.ptr=value; +int +ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value) +{ + if (!value || (type == V_ASN1_BOOLEAN)) { + void *p = (void *)value; + ASN1_TYPE_set(a, type, p); + } else if (type == V_ASN1_OBJECT) { + ASN1_OBJECT *odup; + odup = OBJ_dup(value); + if (!odup) + return 0; + ASN1_TYPE_set(a, type, odup); + } else { + ASN1_STRING *sdup; + sdup = ASN1_STRING_dup(value); + if (!sdup) + return 0; + ASN1_TYPE_set(a, type, sdup); } + return 1; +} + +/* Returns 0 if they are equal, != 0 otherwise. */ +int +ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b) +{ + int result = -1; + if (!a || !b || a->type != b->type) + return -1; + + switch (a->type) { + case V_ASN1_OBJECT: + result = OBJ_cmp(a->value.object, b->value.object); + break; + case V_ASN1_BOOLEAN: + result = a->value.boolean - b->value.boolean; + break; + case V_ASN1_NULL: + result = 0; /* They do not have content. */ + break; + + case V_ASN1_INTEGER: + case V_ASN1_ENUMERATED: + case V_ASN1_BIT_STRING: + case V_ASN1_OCTET_STRING: + case V_ASN1_SEQUENCE: + case V_ASN1_SET: + case V_ASN1_NUMERICSTRING: + case V_ASN1_PRINTABLESTRING: + case V_ASN1_T61STRING: + case V_ASN1_VIDEOTEXSTRING: + case V_ASN1_IA5STRING: + case V_ASN1_UTCTIME: + case V_ASN1_GENERALIZEDTIME: + case V_ASN1_GRAPHICSTRING: + case V_ASN1_VISIBLESTRING: + case V_ASN1_GENERALSTRING: + case V_ASN1_UNIVERSALSTRING: + case V_ASN1_BMPSTRING: + case V_ASN1_UTF8STRING: + case V_ASN1_OTHER: + default: + result = ASN1_STRING_cmp((ASN1_STRING *)a->value.ptr, + (ASN1_STRING *)b->value.ptr); + break; + } -IMPLEMENT_STACK_OF(ASN1_TYPE) -IMPLEMENT_ASN1_SET_OF(ASN1_TYPE) + return result; +} diff --git a/src/lib/libcrypto/asn1/a_utctm.c b/src/lib/libcrypto/asn1/a_utctm.c deleted file mode 100644 index dbb4a42c9d1..00000000000 --- a/src/lib/libcrypto/asn1/a_utctm.c +++ /dev/null @@ -1,297 +0,0 @@ -/* crypto/asn1/a_utctm.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include "cryptlib.h" -#include "o_time.h" -#include - -#if 0 -int i2d_ASN1_UTCTIME(ASN1_UTCTIME *a, unsigned char **pp) - { -#ifndef CHARSET_EBCDIC - return(i2d_ASN1_bytes((ASN1_STRING *)a,pp, - V_ASN1_UTCTIME,V_ASN1_UNIVERSAL)); -#else - /* KLUDGE! We convert to ascii before writing DER */ - int len; - char tmp[24]; - ASN1_STRING x = *(ASN1_STRING *)a; - - len = x.length; - ebcdic2ascii(tmp, x.data, (len >= sizeof tmp) ? sizeof tmp : len); - x.data = tmp; - return i2d_ASN1_bytes(&x, pp, V_ASN1_UTCTIME,V_ASN1_UNIVERSAL); -#endif - } - - -ASN1_UTCTIME *d2i_ASN1_UTCTIME(ASN1_UTCTIME **a, unsigned char **pp, - long length) - { - ASN1_UTCTIME *ret=NULL; - - ret=(ASN1_UTCTIME *)d2i_ASN1_bytes((ASN1_STRING **)a,pp,length, - V_ASN1_UTCTIME,V_ASN1_UNIVERSAL); - if (ret == NULL) - { - ASN1err(ASN1_F_D2I_ASN1_UTCTIME,ERR_R_NESTED_ASN1_ERROR); - return(NULL); - } -#ifdef CHARSET_EBCDIC - ascii2ebcdic(ret->data, ret->data, ret->length); -#endif - if (!ASN1_UTCTIME_check(ret)) - { - ASN1err(ASN1_F_D2I_ASN1_UTCTIME,ASN1_R_INVALID_TIME_FORMAT); - goto err; - } - - return(ret); -err: - if ((ret != NULL) && ((a == NULL) || (*a != ret))) - M_ASN1_UTCTIME_free(ret); - return(NULL); - } - -#endif - -int ASN1_UTCTIME_check(ASN1_UTCTIME *d) - { - static int min[8]={ 0, 1, 1, 0, 0, 0, 0, 0}; - static int max[8]={99,12,31,23,59,59,12,59}; - char *a; - int n,i,l,o; - - if (d->type != V_ASN1_UTCTIME) return(0); - l=d->length; - a=(char *)d->data; - o=0; - - if (l < 11) goto err; - for (i=0; i<6; i++) - { - if ((i == 5) && ((a[o] == 'Z') || - (a[o] == '+') || (a[o] == '-'))) - { i++; break; } - if ((a[o] < '0') || (a[o] > '9')) goto err; - n= a[o]-'0'; - if (++o > l) goto err; - - if ((a[o] < '0') || (a[o] > '9')) goto err; - n=(n*10)+ a[o]-'0'; - if (++o > l) goto err; - - if ((n < min[i]) || (n > max[i])) goto err; - } - if (a[o] == 'Z') - o++; - else if ((a[o] == '+') || (a[o] == '-')) - { - o++; - if (o+4 > l) goto err; - for (i=6; i<8; i++) - { - if ((a[o] < '0') || (a[o] > '9')) goto err; - n= a[o]-'0'; - o++; - if ((a[o] < '0') || (a[o] > '9')) goto err; - n=(n*10)+ a[o]-'0'; - if ((n < min[i]) || (n > max[i])) goto err; - o++; - } - } - return(o == l); -err: - return(0); - } - -int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, char *str) - { - ASN1_UTCTIME t; - - t.type=V_ASN1_UTCTIME; - t.length=strlen(str); - t.data=(unsigned char *)str; - if (ASN1_UTCTIME_check(&t)) - { - if (s != NULL) - { - ASN1_STRING_set((ASN1_STRING *)s, - (unsigned char *)str,t.length); - s->type = V_ASN1_UTCTIME; - } - return(1); - } - else - return(0); - } - -ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t) - { - char *p; - struct tm *ts; - struct tm data; - - if (s == NULL) - s=M_ASN1_UTCTIME_new(); - if (s == NULL) - return(NULL); - - ts=OPENSSL_gmtime(&t, &data); - if (ts == NULL) - return(NULL); - - p=(char *)s->data; - if ((p == NULL) || (s->length < 14)) - { - p=OPENSSL_malloc(20); - if (p == NULL) return(NULL); - if (s->data != NULL) - OPENSSL_free(s->data); - s->data=(unsigned char *)p; - } - - sprintf(p,"%02d%02d%02d%02d%02d%02dZ",ts->tm_year%100, - ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec); - s->length=strlen(p); - s->type=V_ASN1_UTCTIME; -#ifdef CHARSET_EBCDIC_not - ebcdic2ascii(s->data, s->data, s->length); -#endif - return(s); - } - - -int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t) - { - struct tm *tm; - struct tm data; - int offset; - int year; - -#define g2(p) (((p)[0]-'0')*10+(p)[1]-'0') - - if (s->data[12] == 'Z') - offset=0; - else - { - offset = g2(s->data+13)*60+g2(s->data+15); - if (s->data[12] == '-') - offset = -offset; - } - - t -= offset*60; /* FIXME: may overflow in extreme cases */ - - tm = OPENSSL_gmtime(&t, &data); - -#define return_cmp(a,b) if ((a)<(b)) return -1; else if ((a)>(b)) return 1 - year = g2(s->data); - if (year < 50) - year += 100; - return_cmp(year, tm->tm_year); - return_cmp(g2(s->data+2) - 1, tm->tm_mon); - return_cmp(g2(s->data+4), tm->tm_mday); - return_cmp(g2(s->data+6), tm->tm_hour); - return_cmp(g2(s->data+8), tm->tm_min); - return_cmp(g2(s->data+10), tm->tm_sec); -#undef g2 -#undef return_cmp - - return 0; - } - - -#if 0 -time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s) - { - struct tm tm; - int offset; - - memset(&tm,'\0',sizeof tm); - -#define g2(p) (((p)[0]-'0')*10+(p)[1]-'0') - tm.tm_year=g2(s->data); - if(tm.tm_year < 50) - tm.tm_year+=100; - tm.tm_mon=g2(s->data+2)-1; - tm.tm_mday=g2(s->data+4); - tm.tm_hour=g2(s->data+6); - tm.tm_min=g2(s->data+8); - tm.tm_sec=g2(s->data+10); - if(s->data[12] == 'Z') - offset=0; - else - { - offset=g2(s->data+13)*60+g2(s->data+15); - if(s->data[12] == '-') - offset= -offset; - } -#undef g2 - - return mktime(&tm)-offset*60; /* FIXME: mktime assumes the current timezone - * instead of UTC, and unless we rewrite OpenSSL - * in Lisp we cannot locally change the timezone - * without possibly interfering with other parts - * of the program. timegm, which uses UTC, is - * non-standard. - * Also time_t is inappropriate for general - * UTC times because it may a 32 bit type. */ - } -#endif diff --git a/src/lib/libcrypto/asn1/a_utf8.c b/src/lib/libcrypto/asn1/a_utf8.c index 508e11e527c..113a3a2e369 100644 --- a/src/lib/libcrypto/asn1/a_utf8.c +++ b/src/lib/libcrypto/asn1/a_utf8.c @@ -1,25 +1,25 @@ -/* crypto/asn1/a_utf8.c */ +/* $OpenBSD: a_utf8.c,v 1.8 2014/07/11 08:44:47 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,13 +57,15 @@ */ #include -#include "cryptlib.h" + #include +#include "asn1_locl.h" /* UTF8 utilities */ -/* This parses a UTF8 string one character at a time. It is passed a pointer +/* + * This parses a UTF8 string one character at a time. It is passed a pointer * to the string and the length of the string. It sets 'value' to the value of * the current character. It returns the number of characters read or a * negative error code: @@ -73,139 +75,125 @@ * -4 = character encoded incorrectly (not minimal length). */ -int UTF8_getc(const unsigned char *str, int len, unsigned long *val) +int +UTF8_getc(const unsigned char *str, int len, unsigned long *val) { const unsigned char *p; unsigned long value; int ret; - if(len <= 0) return 0; + if (len <= 0) + return 0; p = str; /* Check syntax and work out the encoded value (if correct) */ - if((*p & 0x80) == 0) { + if ((*p & 0x80) == 0) { value = *p++ & 0x7f; ret = 1; - } else if((*p & 0xe0) == 0xc0) { - if(len < 2) return -1; - if((p[1] & 0xc0) != 0x80) return -3; + } else if ((*p & 0xe0) == 0xc0) { + if (*p < 0xc2) + return -2; + if (len < 2) + return -1; + if ((p[1] & 0xc0) != 0x80) + return -3; value = (*p++ & 0x1f) << 6; value |= *p++ & 0x3f; - if(value < 0x80) return -4; + if (value < 0x80) + return -4; ret = 2; - } else if((*p & 0xf0) == 0xe0) { - if(len < 3) return -1; - if( ((p[1] & 0xc0) != 0x80) - || ((p[2] & 0xc0) != 0x80) ) return -3; + } else if ((*p & 0xf0) == 0xe0) { + if (len < 3) + return -1; + if (((p[1] & 0xc0) != 0x80) || + ((p[2] & 0xc0) != 0x80)) + return -3; value = (*p++ & 0xf) << 12; value |= (*p++ & 0x3f) << 6; value |= *p++ & 0x3f; - if(value < 0x800) return -4; + if (value < 0x800) + return -4; + /* surrogate pair code points are not valid */ + if (value >= 0xd800 && value < 0xe000) + return -2; ret = 3; - } else if((*p & 0xf8) == 0xf0) { - if(len < 4) return -1; - if( ((p[1] & 0xc0) != 0x80) - || ((p[2] & 0xc0) != 0x80) - || ((p[3] & 0xc0) != 0x80) ) return -3; + } else if ((*p & 0xf8) == 0xf0 && (*p < 0xf5)) { + if (len < 4) + return -1; + if (((p[1] & 0xc0) != 0x80) || + ((p[2] & 0xc0) != 0x80) || + ((p[3] & 0xc0) != 0x80)) + return -3; value = ((unsigned long)(*p++ & 0x7)) << 18; value |= (*p++ & 0x3f) << 12; value |= (*p++ & 0x3f) << 6; value |= *p++ & 0x3f; - if(value < 0x10000) return -4; + if (value < 0x10000) + return -4; + if (value > UNICODE_MAX) + return -2; ret = 4; - } else if((*p & 0xfc) == 0xf8) { - if(len < 5) return -1; - if( ((p[1] & 0xc0) != 0x80) - || ((p[2] & 0xc0) != 0x80) - || ((p[3] & 0xc0) != 0x80) - || ((p[4] & 0xc0) != 0x80) ) return -3; - value = ((unsigned long)(*p++ & 0x3)) << 24; - value |= ((unsigned long)(*p++ & 0x3f)) << 18; - value |= ((unsigned long)(*p++ & 0x3f)) << 12; - value |= (*p++ & 0x3f) << 6; - value |= *p++ & 0x3f; - if(value < 0x200000) return -4; - ret = 5; - } else if((*p & 0xfe) == 0xfc) { - if(len < 6) return -1; - if( ((p[1] & 0xc0) != 0x80) - || ((p[2] & 0xc0) != 0x80) - || ((p[3] & 0xc0) != 0x80) - || ((p[4] & 0xc0) != 0x80) - || ((p[5] & 0xc0) != 0x80) ) return -3; - value = ((unsigned long)(*p++ & 0x1)) << 30; - value |= ((unsigned long)(*p++ & 0x3f)) << 24; - value |= ((unsigned long)(*p++ & 0x3f)) << 18; - value |= ((unsigned long)(*p++ & 0x3f)) << 12; - value |= (*p++ & 0x3f) << 6; - value |= *p++ & 0x3f; - if(value < 0x4000000) return -4; - ret = 6; - } else return -2; + } else + return -2; *val = value; return ret; } -/* This takes a character 'value' and writes the UTF8 encoded value in - * 'str' where 'str' is a buffer containing 'len' characters. Returns - * the number of characters written or -1 if 'len' is too small. 'str' can - * be set to NULL in which case it just returns the number of characters. - * It will need at most 6 characters. +/* This takes a Unicode code point 'value' and writes its UTF-8 encoded form + * in 'str' where 'str' is a buffer of at least length 'len'. If 'str' + * is NULL, then nothing is written and just the return code is determined. + + * Returns less than zero on error: + * -1 if 'str' is not NULL and 'len' is too small + * -2 if 'value' is an invalid character (surrogate or out-of-range) + * + * Otherwise, returns the number of bytes in 'value's encoded form + * (i.e., the number of bytes written to 'str' when it's not NULL). + * + * It will need at most 4 characters. */ -int UTF8_putc(unsigned char *str, int len, unsigned long value) +int +UTF8_putc(unsigned char *str, int len, unsigned long value) { - if(!str) len = 6; /* Maximum we will need */ - else if(len <= 0) return -1; - if(value < 0x80) { - if(str) *str = (unsigned char)value; + if (value < 0x80) { + if (str != NULL) { + if (len < 1) + return -1; + str[0] = (unsigned char)value; + } return 1; } - if(value < 0x800) { - if(len < 2) return -1; - if(str) { - *str++ = (unsigned char)(((value >> 6) & 0x1f) | 0xc0); - *str = (unsigned char)((value & 0x3f) | 0x80); + if (value < 0x800) { + if (str != NULL) { + if (len < 2) + return -1; + str[0] = (unsigned char)(((value >> 6) & 0x1f) | 0xc0); + str[1] = (unsigned char)((value & 0x3f) | 0x80); } return 2; } - if(value < 0x10000) { - if(len < 3) return -1; - if(str) { - *str++ = (unsigned char)(((value >> 12) & 0xf) | 0xe0); - *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80); - *str = (unsigned char)((value & 0x3f) | 0x80); + if (value < 0x10000) { + if (UNICODE_IS_SURROGATE(value)) + return -2; + if (str != NULL) { + if (len < 3) + return -1; + str[0] = (unsigned char)(((value >> 12) & 0xf) | 0xe0); + str[1] = (unsigned char)(((value >> 6) & 0x3f) | 0x80); + str[2] = (unsigned char)((value & 0x3f) | 0x80); } return 3; } - if(value < 0x200000) { - if(len < 4) return -1; - if(str) { - *str++ = (unsigned char)(((value >> 18) & 0x7) | 0xf0); - *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80); - *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80); - *str = (unsigned char)((value & 0x3f) | 0x80); + if (value <= UNICODE_MAX) { + if (str != NULL) { + if (len < 4) + return -1; + str[0] = (unsigned char)(((value >> 18) & 0x7) | 0xf0); + str[1] = (unsigned char)(((value >> 12) & 0x3f) | 0x80); + str[2] = (unsigned char)(((value >> 6) & 0x3f) | 0x80); + str[3] = (unsigned char)((value & 0x3f) | 0x80); } return 4; } - if(value < 0x4000000) { - if(len < 5) return -1; - if(str) { - *str++ = (unsigned char)(((value >> 24) & 0x3) | 0xf8); - *str++ = (unsigned char)(((value >> 18) & 0x3f) | 0x80); - *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80); - *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80); - *str = (unsigned char)((value & 0x3f) | 0x80); - } - return 5; - } - if(len < 6) return -1; - if(str) { - *str++ = (unsigned char)(((value >> 30) & 0x1) | 0xfc); - *str++ = (unsigned char)(((value >> 24) & 0x3f) | 0x80); - *str++ = (unsigned char)(((value >> 18) & 0x3f) | 0x80); - *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80); - *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80); - *str = (unsigned char)((value & 0x3f) | 0x80); - } - return 6; + return -2; } diff --git a/src/lib/libcrypto/asn1/a_verify.c b/src/lib/libcrypto/asn1/a_verify.c index bf41de5146d..6f0cd1080bc 100644 --- a/src/lib/libcrypto/asn1/a_verify.c +++ b/src/lib/libcrypto/asn1/a_verify.c @@ -1,25 +1,25 @@ -/* crypto/asn1/a_verify.c */ +/* $OpenBSD: a_verify.c,v 1.24 2017/05/02 03:59:44 deraadt Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,127 +49,119 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ +#include + #include +#include #include -#include "cryptlib.h" - -#ifndef NO_SYS_TYPES_H -# include -#endif - #include -#include -#include #include +#include #include +#include +#include -#ifndef NO_ASN1_OLD +#include "asn1_locl.h" -int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature, - char *data, EVP_PKEY *pkey) - { +int +ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, + ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey) +{ EVP_MD_CTX ctx; - const EVP_MD *type; - unsigned char *p,*buf_in=NULL; - int ret= -1,i,inl; + unsigned char *buf_in = NULL; + int ret = -1, inl; + + int mdnid, pknid; + + if (!pkey) { + ASN1error(ERR_R_PASSED_NULL_PARAMETER); + return -1; + } + + if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) + { + ASN1error(ASN1_R_INVALID_BIT_STRING_BITS_LEFT); + return -1; + } EVP_MD_CTX_init(&ctx); - i=OBJ_obj2nid(a->algorithm); - type=EVP_get_digestbyname(OBJ_nid2sn(i)); - if (type == NULL) - { - ASN1err(ASN1_F_ASN1_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); + + /* Convert signature OID into digest and public key OIDs */ + if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid)) { + ASN1error(ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); goto err; + } + if (mdnid == NID_undef) { + if (!pkey->ameth || !pkey->ameth->item_verify) { + ASN1error(ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); + goto err; } - - inl=i2d(data,NULL); - buf_in=OPENSSL_malloc((unsigned int)inl); - if (buf_in == NULL) - { - ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_MALLOC_FAILURE); - goto err; + ret = pkey->ameth->item_verify(&ctx, it, asn, a, + signature, pkey); + /* Return value of 2 means carry on, anything else means we + * exit straight away: either a fatal error of the underlying + * verification routine handles all verification. + */ + if (ret != 2) + goto err; + ret = -1; + } else { + const EVP_MD *type; + type = EVP_get_digestbynid(mdnid); + if (type == NULL) { + ASN1error(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); + goto err; } - p=buf_in; - i2d(data,&p); - EVP_VerifyInit_ex(&ctx,type, NULL); - EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl); - - memset(buf_in,0,(unsigned int)inl); - OPENSSL_free(buf_in); - - if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data, - (unsigned int)signature->length,pkey) <= 0) - { - ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB); - ret=0; - goto err; + /* Check public key OID matches public key type */ + if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id) { + ASN1error(ASN1_R_WRONG_PUBLIC_KEY_TYPE); + goto err; } - /* we don't need to zero the 'ctx' because we just checked - * public information */ - /* memset(&ctx,0,sizeof(ctx)); */ - ret=1; -err: - EVP_MD_CTX_cleanup(&ctx); - return(ret); - } -#endif + if (!EVP_DigestVerifyInit(&ctx, NULL, type, NULL, pkey)) { + ASN1error(ERR_R_EVP_LIB); + ret = 0; + goto err; + } + } -int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signature, - void *asn, EVP_PKEY *pkey) - { - EVP_MD_CTX ctx; - const EVP_MD *type; - unsigned char *buf_in=NULL; - int ret= -1,i,inl; + inl = ASN1_item_i2d(asn, &buf_in, it); - EVP_MD_CTX_init(&ctx); - i=OBJ_obj2nid(a->algorithm); - type=EVP_get_digestbyname(OBJ_nid2sn(i)); - if (type == NULL) - { - ASN1err(ASN1_F_ASN1_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); + if (buf_in == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); goto err; - } + } - inl = ASN1_item_i2d(asn, &buf_in, it); - - if (buf_in == NULL) - { - ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_MALLOC_FAILURE); + if (!EVP_DigestVerifyUpdate(&ctx, buf_in, inl)) { + ASN1error(ERR_R_EVP_LIB); + ret = 0; goto err; - } - - EVP_VerifyInit_ex(&ctx,type, NULL); - EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl); + } - memset(buf_in,0,(unsigned int)inl); - OPENSSL_free(buf_in); + freezero(buf_in, (unsigned int)inl); - if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data, - (unsigned int)signature->length,pkey) <= 0) - { - ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB); - ret=0; + if (EVP_DigestVerifyFinal(&ctx, signature->data, + (size_t)signature->length) <= 0) { + ASN1error(ERR_R_EVP_LIB); + ret = 0; goto err; - } + } /* we don't need to zero the 'ctx' because we just checked * public information */ /* memset(&ctx,0,sizeof(ctx)); */ - ret=1; + ret = 1; + err: EVP_MD_CTX_cleanup(&ctx); - return(ret); - } - - + return (ret); +} diff --git a/src/lib/libcrypto/asn1/ameth_lib.c b/src/lib/libcrypto/asn1/ameth_lib.c new file mode 100644 index 00000000000..9d756fe4783 --- /dev/null +++ b/src/lib/libcrypto/asn1/ameth_lib.c @@ -0,0 +1,443 @@ +/* $OpenBSD: ameth_lib.c,v 1.19 2018/08/24 20:22:15 tb Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2006. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include + +#include + +#include +#include + +#ifndef OPENSSL_NO_ENGINE +#include +#endif + +#include "asn1_locl.h" + +extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[]; +extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[]; +extern const EVP_PKEY_ASN1_METHOD dh_asn1_meth; +extern const EVP_PKEY_ASN1_METHOD eckey_asn1_meth; +extern const EVP_PKEY_ASN1_METHOD gostr01_asn1_meths[]; +extern const EVP_PKEY_ASN1_METHOD gostimit_asn1_meth; +extern const EVP_PKEY_ASN1_METHOD sm2_asn1_meth; +extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth; +extern const EVP_PKEY_ASN1_METHOD cmac_asn1_meth; + +/* Keep this sorted in type order !! */ +static const EVP_PKEY_ASN1_METHOD *standard_methods[] = { +#ifndef OPENSSL_NO_RSA + &rsa_asn1_meths[0], + &rsa_asn1_meths[1], +#endif +#ifndef OPENSSL_NO_DH + &dh_asn1_meth, +#endif +#ifndef OPENSSL_NO_DSA + &dsa_asn1_meths[0], + &dsa_asn1_meths[1], + &dsa_asn1_meths[2], + &dsa_asn1_meths[3], + &dsa_asn1_meths[4], +#endif +#ifndef OPENSSL_NO_EC + &eckey_asn1_meth, +#endif +#ifndef OPENSSL_NO_GOST + &gostr01_asn1_meths[0], + &gostimit_asn1_meth, +#endif + &hmac_asn1_meth, + &cmac_asn1_meth, +#ifndef OPENSSL_NO_GOST + &gostr01_asn1_meths[1], + &gostr01_asn1_meths[2], +#endif +#ifndef OPENSSL_NO_SM2 + &sm2_asn1_meth, +#endif +}; + +typedef int sk_cmp_fn_type(const char * const *a, const char * const *b); +DECLARE_STACK_OF(EVP_PKEY_ASN1_METHOD) +static STACK_OF(EVP_PKEY_ASN1_METHOD) *app_methods = NULL; + +static int ameth_cmp_BSEARCH_CMP_FN(const void *, const void *); +static int ameth_cmp(const EVP_PKEY_ASN1_METHOD * const *, const EVP_PKEY_ASN1_METHOD * const *); +static const EVP_PKEY_ASN1_METHOD * *OBJ_bsearch_ameth(const EVP_PKEY_ASN1_METHOD * *key, const EVP_PKEY_ASN1_METHOD * const *base, int num); + +static int +ameth_cmp(const EVP_PKEY_ASN1_METHOD * const *a, + const EVP_PKEY_ASN1_METHOD * const *b) +{ + return ((*a)->pkey_id - (*b)->pkey_id); +} + + +static int +ameth_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) +{ + const EVP_PKEY_ASN1_METHOD * const *a = a_; + const EVP_PKEY_ASN1_METHOD * const *b = b_; + return ameth_cmp(a, b); +} + +static const EVP_PKEY_ASN1_METHOD * * +OBJ_bsearch_ameth(const EVP_PKEY_ASN1_METHOD * *key, const EVP_PKEY_ASN1_METHOD * const *base, int num) +{ + return (const EVP_PKEY_ASN1_METHOD * *)OBJ_bsearch_(key, base, num, sizeof(const EVP_PKEY_ASN1_METHOD *), + ameth_cmp_BSEARCH_CMP_FN); +} + +int +EVP_PKEY_asn1_get_count(void) +{ + int num = sizeof(standard_methods) / sizeof(EVP_PKEY_ASN1_METHOD *); + if (app_methods) + num += sk_EVP_PKEY_ASN1_METHOD_num(app_methods); + return num; +} + +const EVP_PKEY_ASN1_METHOD * +EVP_PKEY_asn1_get0(int idx) +{ + int num = sizeof(standard_methods) / sizeof(EVP_PKEY_ASN1_METHOD *); + if (idx < 0) + return NULL; + if (idx < num) + return standard_methods[idx]; + idx -= num; + return sk_EVP_PKEY_ASN1_METHOD_value(app_methods, idx); +} + +static const EVP_PKEY_ASN1_METHOD * +pkey_asn1_find(int type) +{ + EVP_PKEY_ASN1_METHOD tmp; + const EVP_PKEY_ASN1_METHOD *t = &tmp, **ret; + tmp.pkey_id = type; + if (app_methods) { + int idx; + idx = sk_EVP_PKEY_ASN1_METHOD_find(app_methods, &tmp); + if (idx >= 0) + return sk_EVP_PKEY_ASN1_METHOD_value(app_methods, idx); + } + ret = OBJ_bsearch_ameth(&t, standard_methods, + sizeof(standard_methods) / sizeof(EVP_PKEY_ASN1_METHOD *)); + if (!ret || !*ret) + return NULL; + return *ret; +} + +/* Find an implementation of an ASN1 algorithm. If 'pe' is not NULL + * also search through engines and set *pe to a functional reference + * to the engine implementing 'type' or NULL if no engine implements + * it. + */ + +const EVP_PKEY_ASN1_METHOD * +EVP_PKEY_asn1_find(ENGINE **pe, int type) +{ + const EVP_PKEY_ASN1_METHOD *t; + + for (;;) { + t = pkey_asn1_find(type); + if (!t || !(t->pkey_flags & ASN1_PKEY_ALIAS)) + break; + type = t->pkey_base_id; + } + if (pe) { +#ifndef OPENSSL_NO_ENGINE + ENGINE *e; + /* type will contain the final unaliased type */ + e = ENGINE_get_pkey_asn1_meth_engine(type); + if (e) { + *pe = e; + return ENGINE_get_pkey_asn1_meth(e, type); + } +#endif + *pe = NULL; + } + return t; +} + +const EVP_PKEY_ASN1_METHOD * +EVP_PKEY_asn1_find_str(ENGINE **pe, const char *str, int len) +{ + int i; + const EVP_PKEY_ASN1_METHOD *ameth; + if (len == -1) + len = strlen(str); + if (pe) { +#ifndef OPENSSL_NO_ENGINE + ENGINE *e; + ameth = ENGINE_pkey_asn1_find_str(&e, str, len); + if (ameth) { + /* Convert structural into + * functional reference + */ + if (!ENGINE_init(e)) + ameth = NULL; + ENGINE_free(e); + *pe = e; + return ameth; + } +#endif + *pe = NULL; + } + for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) { + ameth = EVP_PKEY_asn1_get0(i); + if (ameth->pkey_flags & ASN1_PKEY_ALIAS) + continue; + if (((int)strlen(ameth->pem_str) == len) && + !strncasecmp(ameth->pem_str, str, len)) + return ameth; + } + return NULL; +} + +int +EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth) +{ + if (app_methods == NULL) { + app_methods = sk_EVP_PKEY_ASN1_METHOD_new(ameth_cmp); + if (!app_methods) + return 0; + } + if (!sk_EVP_PKEY_ASN1_METHOD_push(app_methods, ameth)) + return 0; + sk_EVP_PKEY_ASN1_METHOD_sort(app_methods); + return 1; +} + +int +EVP_PKEY_asn1_add_alias(int to, int from) +{ + EVP_PKEY_ASN1_METHOD *ameth; + + ameth = EVP_PKEY_asn1_new(from, ASN1_PKEY_ALIAS, NULL, NULL); + if (!ameth) + return 0; + ameth->pkey_base_id = to; + if (!EVP_PKEY_asn1_add0(ameth)) { + EVP_PKEY_asn1_free(ameth); + return 0; + } + return 1; +} + +int +EVP_PKEY_asn1_get0_info(int *ppkey_id, int *ppkey_base_id, int *ppkey_flags, + const char **pinfo, const char **ppem_str, + const EVP_PKEY_ASN1_METHOD *ameth) +{ + if (!ameth) + return 0; + if (ppkey_id) + *ppkey_id = ameth->pkey_id; + if (ppkey_base_id) + *ppkey_base_id = ameth->pkey_base_id; + if (ppkey_flags) + *ppkey_flags = ameth->pkey_flags; + if (pinfo) + *pinfo = ameth->info; + if (ppem_str) + *ppem_str = ameth->pem_str; + return 1; +} + +const EVP_PKEY_ASN1_METHOD* +EVP_PKEY_get0_asn1(const EVP_PKEY *pkey) +{ + return pkey->ameth; +} + +EVP_PKEY_ASN1_METHOD* +EVP_PKEY_asn1_new(int id, int flags, const char *pem_str, const char *info) +{ + EVP_PKEY_ASN1_METHOD *ameth; + + if ((ameth = calloc(1, sizeof(EVP_PKEY_ASN1_METHOD))) == NULL) + return NULL; + + ameth->pkey_id = id; + ameth->pkey_base_id = id; + ameth->pkey_flags = flags | ASN1_PKEY_DYNAMIC; + + if (info != NULL) { + if ((ameth->info = strdup(info)) == NULL) + goto err; + } + + if (pem_str != NULL) { + if ((ameth->pem_str = strdup(pem_str)) == NULL) + goto err; + } + + return ameth; + + err: + EVP_PKEY_asn1_free(ameth); + return NULL; +} + +void +EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst, const EVP_PKEY_ASN1_METHOD *src) +{ + dst->pub_decode = src->pub_decode; + dst->pub_encode = src->pub_encode; + dst->pub_cmp = src->pub_cmp; + dst->pub_print = src->pub_print; + + dst->priv_decode = src->priv_decode; + dst->priv_encode = src->priv_encode; + dst->priv_print = src->priv_print; + + dst->old_priv_encode = src->old_priv_encode; + dst->old_priv_decode = src->old_priv_decode; + + dst->pkey_size = src->pkey_size; + dst->pkey_bits = src->pkey_bits; + + dst->param_decode = src->param_decode; + dst->param_encode = src->param_encode; + dst->param_missing = src->param_missing; + dst->param_copy = src->param_copy; + dst->param_cmp = src->param_cmp; + dst->param_print = src->param_print; + dst->sig_print = src->sig_print; + + dst->pkey_free = src->pkey_free; + dst->pkey_ctrl = src->pkey_ctrl; + + dst->item_sign = src->item_sign; + dst->item_verify = src->item_verify; +} + +void +EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth) +{ + if (ameth && (ameth->pkey_flags & ASN1_PKEY_DYNAMIC)) { + free(ameth->pem_str); + free(ameth->info); + free(ameth); + } +} + +void +EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth, + int (*pub_decode)(EVP_PKEY *pk, X509_PUBKEY *pub), + int (*pub_encode)(X509_PUBKEY *pub, const EVP_PKEY *pk), + int (*pub_cmp)(const EVP_PKEY *a, const EVP_PKEY *b), + int (*pub_print)(BIO *out, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *pctx), + int (*pkey_size)(const EVP_PKEY *pk), + int (*pkey_bits)(const EVP_PKEY *pk)) +{ + ameth->pub_decode = pub_decode; + ameth->pub_encode = pub_encode; + ameth->pub_cmp = pub_cmp; + ameth->pub_print = pub_print; + ameth->pkey_size = pkey_size; + ameth->pkey_bits = pkey_bits; +} + +void +EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth, + int (*priv_decode)(EVP_PKEY *pk, const PKCS8_PRIV_KEY_INFO *p8inf), + int (*priv_encode)(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk), + int (*priv_print)(BIO *out, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *pctx)) +{ + ameth->priv_decode = priv_decode; + ameth->priv_encode = priv_encode; + ameth->priv_print = priv_print; +} + +void +EVP_PKEY_asn1_set_param(EVP_PKEY_ASN1_METHOD *ameth, + int (*param_decode)(EVP_PKEY *pkey, const unsigned char **pder, int derlen), + int (*param_encode)(const EVP_PKEY *pkey, unsigned char **pder), + int (*param_missing)(const EVP_PKEY *pk), + int (*param_copy)(EVP_PKEY *to, const EVP_PKEY *from), + int (*param_cmp)(const EVP_PKEY *a, const EVP_PKEY *b), + int (*param_print)(BIO *out, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *pctx)) +{ + ameth->param_decode = param_decode; + ameth->param_encode = param_encode; + ameth->param_missing = param_missing; + ameth->param_copy = param_copy; + ameth->param_cmp = param_cmp; + ameth->param_print = param_print; +} + +void +EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth, + void (*pkey_free)(EVP_PKEY *pkey)) +{ + ameth->pkey_free = pkey_free; +} + +void +EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_ctrl)(EVP_PKEY *pkey, int op, long arg1, void *arg2)) +{ + ameth->pkey_ctrl = pkey_ctrl; +} diff --git a/src/lib/libcrypto/asn1/asn1.h b/src/lib/libcrypto/asn1/asn1.h index 0d1713f8dd7..0a8da415fb4 100644 --- a/src/lib/libcrypto/asn1/asn1.h +++ b/src/lib/libcrypto/asn1/asn1.h @@ -1,25 +1,25 @@ -/* crypto/asn1/asn1.h */ +/* $OpenBSD: asn1.h,v 1.53 2018/11/30 04:51:19 jeremy Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -60,22 +60,18 @@ #define HEADER_ASN1_H #include + +#include + #ifndef OPENSSL_NO_BIO #include #endif -#include -#include #include #include -#include - -#include #include - -#ifdef OPENSSL_BUILD_SHLIBCRYPTO -# undef OPENSSL_EXTERN -# define OPENSSL_EXTERN OPENSSL_EXPORT +#ifndef OPENSSL_NO_DEPRECATED +#include #endif #ifdef __cplusplus @@ -129,11 +125,10 @@ extern "C" { #define V_ASN1_UNIVERSALSTRING 28 /**/ #define V_ASN1_BMPSTRING 30 -/* For use with d2i_ASN1_type_bytes() */ #define B_ASN1_NUMERICSTRING 0x0001 #define B_ASN1_PRINTABLESTRING 0x0002 #define B_ASN1_T61STRING 0x0004 -#define B_ASN1_TELETEXSTRING 0x0008 +#define B_ASN1_TELETEXSTRING 0x0004 #define B_ASN1_VIDEOTEXSTRING 0x0008 #define B_ASN1_IA5STRING 0x0010 #define B_ASN1_GRAPHICSTRING 0x0020 @@ -148,21 +143,30 @@ extern "C" { #define B_ASN1_UTF8STRING 0x2000 #define B_ASN1_UTCTIME 0x4000 #define B_ASN1_GENERALIZEDTIME 0x8000 +#define B_ASN1_SEQUENCE 0x10000 /* For use with ASN1_mbstring_copy() */ #define MBSTRING_FLAG 0x1000 +#define MBSTRING_UTF8 (MBSTRING_FLAG) #define MBSTRING_ASC (MBSTRING_FLAG|1) #define MBSTRING_BMP (MBSTRING_FLAG|2) -#define MBSTRING_UNIV (MBSTRING_FLAG|3) -#define MBSTRING_UTF8 (MBSTRING_FLAG|4) +#define MBSTRING_UNIV (MBSTRING_FLAG|4) + +#define SMIME_OLDMIME 0x400 +#define SMIME_CRLFEOL 0x800 +#define SMIME_STREAM 0x1000 struct X509_algor_st; +DECLARE_STACK_OF(X509_ALGOR) #define DECLARE_ASN1_SET_OF(type) /* filled in by mkstack.pl */ #define IMPLEMENT_ASN1_SET_OF(type) /* nothing, no longer needed */ -typedef struct asn1_ctx_st - { +/* We MUST make sure that, except for constness, asn1_ctx_st and + asn1_const_ctx are exactly the same. Fortunately, as soon as + the old ASN1 parsing macros are gone, we can throw this away + as well... */ +typedef struct asn1_ctx_st { unsigned char *p;/* work char pointer */ int eos; /* end of sequence read for indefinite encoding */ int error; /* error code to use when returning an error */ @@ -174,7 +178,21 @@ typedef struct asn1_ctx_st unsigned char *q;/* temporary variable */ unsigned char **pp;/* variable */ int line; /* used in error processing */ - } ASN1_CTX; +} ASN1_CTX; + +typedef struct asn1_const_ctx_st { + const unsigned char *p;/* work char pointer */ + int eos; /* end of sequence read for indefinite encoding */ + int error; /* error code to use when returning an error */ + int inf; /* constructed if 0x20, indefinite is 0x21 */ + int tag; /* tag from last 'get object' */ + int xclass; /* class from last 'get object' */ + long slen; /* length of last 'get object' */ + const unsigned char *max; /* largest value of p allowed */ + const unsigned char *q;/* temporary variable */ + const unsigned char **pp;/* variable */ + int line; /* used in error processing */ +} ASN1_const_CTX; /* These are used internally in the ASN1_OBJECT to keep track of * whether the names and data need to be free()ed */ @@ -182,19 +200,33 @@ typedef struct asn1_ctx_st #define ASN1_OBJECT_FLAG_CRITICAL 0x02 /* critical x509v3 object id */ #define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04 /* internal use */ #define ASN1_OBJECT_FLAG_DYNAMIC_DATA 0x08 /* internal use */ -typedef struct asn1_object_st - { - const char *sn,*ln; +typedef struct asn1_object_st { + const char *sn, *ln; int nid; int length; - unsigned char *data; + const unsigned char *data; /* data remains const after init */ int flags; /* Should we free this one */ - } ASN1_OBJECT; +} ASN1_OBJECT; #define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */ +/* This indicates that the ASN1_STRING is not a real value but just a place + * holder for the location where indefinite length constructed data should + * be inserted in the memory buffer + */ +#define ASN1_STRING_FLAG_NDEF 0x010 + +/* This flag is used by the CMS code to indicate that a string is not + * complete and is a place holder for content when it had all been + * accessed. The flag will be reset when content has been written to it. + */ + +#define ASN1_STRING_FLAG_CONT 0x020 +/* This flag is used by ASN1 code to indicate an ASN1_STRING is an MSTRING + * type. + */ +#define ASN1_STRING_FLAG_MSTRING 0x040 /* This is the base type that holds just about everything :-) */ -typedef struct asn1_string_st - { +struct asn1_string_st { int length; int type; unsigned char *data; @@ -203,19 +235,18 @@ typedef struct asn1_string_st * input data has a non-zero 'unused bits' value, it will be * handled correctly */ long flags; - } ASN1_STRING; +}; /* ASN1_ENCODING structure: this is used to save the received * encoding of an ASN1 type. This is useful to get round * problems with invalid encodings which can break signatures. */ -typedef struct ASN1_ENCODING_st - { +typedef struct ASN1_ENCODING_st { unsigned char *enc; /* DER encoding */ long len; /* Length of encoding */ int modified; /* set to 1 if 'enc' is invalid */ - } ASN1_ENCODING; +} ASN1_ENCODING; /* Used with ASN1 LONG type: if a long is set to this it is omitted */ #define ASN1_LONG_UNDEF 0x7fffffffL @@ -251,27 +282,29 @@ DECLARE_STACK_OF(ASN1_STRING_TABLE) * see asn1t.h */ typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE; -typedef struct ASN1_ITEM_st ASN1_ITEM; typedef struct ASN1_TLC_st ASN1_TLC; /* This is just an opaque pointer */ typedef struct ASN1_VALUE_st ASN1_VALUE; +#ifndef LIBRESSL_INTERNAL + /* Declare ASN1 functions: the implement macro in in asn1t.h */ #define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type) +#define DECLARE_ASN1_ALLOC_FUNCTIONS(type) \ + DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, type) + #define DECLARE_ASN1_FUNCTIONS_name(type, name) \ - type *name##_new(void); \ - void name##_free(type *a); \ + DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) #define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \ - type *name##_new(void); \ - void name##_free(type *a); \ + DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) #define DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \ - type *d2i_##name(type **a, unsigned char **in, long len); \ + type *d2i_##name(type **a, const unsigned char **in, long len); \ int i2d_##name(type *a, unsigned char **out); \ DECLARE_ASN1_ITEM(itname) @@ -280,10 +313,46 @@ typedef struct ASN1_VALUE_st ASN1_VALUE; int i2d_##name(const type *a, unsigned char **out); \ DECLARE_ASN1_ITEM(name) +#define DECLARE_ASN1_NDEF_FUNCTION(name) \ + int i2d_##name##_NDEF(name *a, unsigned char **out); + #define DECLARE_ASN1_FUNCTIONS_const(name) \ - name *name##_new(void); \ - void name##_free(name *a); + DECLARE_ASN1_ALLOC_FUNCTIONS(name) \ + DECLARE_ASN1_ENCODE_FUNCTIONS_const(name, name) + +#define DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ + type *name##_new(void); \ + void name##_free(type *a); + +#define DECLARE_ASN1_PRINT_FUNCTION(stname) \ + DECLARE_ASN1_PRINT_FUNCTION_fname(stname, stname) +#define DECLARE_ASN1_PRINT_FUNCTION_fname(stname, fname) \ + int fname##_print_ctx(BIO *out, stname *x, int indent, \ + const ASN1_PCTX *pctx); + +#endif /* !LIBRESSL_INTERNAL */ + +#define D2I_OF(type) type *(*)(type **,const unsigned char **,long) +#define I2D_OF(type) int (*)(type *,unsigned char **) +#define I2D_OF_const(type) int (*)(const type *,unsigned char **) + +#define CHECKED_D2I_OF(type, d2i) \ + ((d2i_of_void*) (1 ? d2i : ((D2I_OF(type))0))) +#define CHECKED_I2D_OF(type, i2d) \ + ((i2d_of_void*) (1 ? i2d : ((I2D_OF(type))0))) +#define CHECKED_NEW_OF(type, xnew) \ + ((void *(*)(void)) (1 ? xnew : ((type *(*)(void))0))) +#define CHECKED_PTR_OF(type, p) \ + ((void*) (1 ? p : (type*)0)) +#define CHECKED_PPTR_OF(type, p) \ + ((void**) (1 ? p : (type**)0)) + +#define TYPEDEF_D2I_OF(type) typedef type *d2i_of_##type(type **,const unsigned char **,long) +#define TYPEDEF_I2D_OF(type) typedef int i2d_of_##type(type *,unsigned char **) +#define TYPEDEF_D2I2D_OF(type) TYPEDEF_D2I_OF(type); TYPEDEF_I2D_OF(type) + +TYPEDEF_D2I2D_OF(void); /* The following macros and typedefs allow an ASN1_ITEM * to be embedded in a structure and referenced. Since @@ -304,7 +373,7 @@ typedef struct ASN1_VALUE_st ASN1_VALUE; * ... * ASN1_ITEM_EXP *iptr; * ... - * } SOMETHING; + * } SOMETHING; * * It would be initialised as e.g.: * @@ -320,11 +389,11 @@ typedef struct ASN1_VALUE_st ASN1_VALUE; * */ -#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION - /* ASN1_ITEM pointer exported type */ typedef const ASN1_ITEM ASN1_ITEM_EXP; +#ifndef LIBRESSL_INTERNAL + /* Macro to obtain ASN1_ITEM pointer from exported type */ #define ASN1_ITEM_ptr(iptr) (iptr) @@ -334,29 +403,9 @@ typedef const ASN1_ITEM ASN1_ITEM_EXP; #define ASN1_ITEM_rptr(ref) (&(ref##_it)) #define DECLARE_ASN1_ITEM(name) \ - OPENSSL_EXTERN const ASN1_ITEM name##_it; - -#else - -/* Platforms that can't easily handle shared global variables are declared - * as functions returning ASN1_ITEM pointers. - */ - -/* ASN1_ITEM pointer exported type */ -typedef const ASN1_ITEM * ASN1_ITEM_EXP(void); - -/* Macro to obtain ASN1_ITEM pointer from exported type */ -#define ASN1_ITEM_ptr(iptr) (iptr()) - -/* Macro to include ASN1_ITEM pointer from base type */ -#define ASN1_ITEM_ref(iptr) (iptr##_it) - -#define ASN1_ITEM_rptr(ref) (ref##_it()) - -#define DECLARE_ASN1_ITEM(name) \ - const ASN1_ITEM * name##_it(void); + extern const ASN1_ITEM name##_it; -#endif +#endif /* !LIBRESSL_INTERNAL */ /* Parameters used by ASN1_STRING_print_ex() */ @@ -392,7 +441,7 @@ typedef const ASN1_ITEM * ASN1_ITEM_EXP(void); */ /* If this is set we convert all character strings - * to UTF8 first + * to UTF8 first */ #define ASN1_STRFLGS_UTF8_CONVERT 0x10 @@ -420,7 +469,7 @@ typedef const ASN1_ITEM * ASN1_ITEM_EXP(void); /* These determine what 'dumping' does, we can dump the * content octets or the DER encoding: both use the - * RFC2253 #XXXXX notation. + * RFC2253 #NNNNN notation. */ #define ASN1_STRFLGS_DUMP_DER 0x200 @@ -438,14 +487,12 @@ typedef const ASN1_ITEM * ASN1_ITEM_EXP(void); ASN1_STRFLGS_DUMP_DER) DECLARE_STACK_OF(ASN1_INTEGER) -DECLARE_ASN1_SET_OF(ASN1_INTEGER) DECLARE_STACK_OF(ASN1_GENERALSTRING) -typedef struct asn1_type_st - { +typedef struct asn1_type_st { int type; - union { + union { char *ptr; ASN1_BOOLEAN boolean; ASN1_STRING * asn1_string; @@ -468,27 +515,25 @@ typedef struct asn1_type_st * contain the set or sequence bytes */ ASN1_STRING * set; ASN1_STRING * sequence; - } value; - } ASN1_TYPE; + ASN1_VALUE * asn1_value; + } value; +} ASN1_TYPE; DECLARE_STACK_OF(ASN1_TYPE) -DECLARE_ASN1_SET_OF(ASN1_TYPE) - -typedef struct asn1_method_st - { - int (*i2d)(); - char *(*d2i)(); - char *(*create)(); - void (*destroy)(); - } ASN1_METHOD; - -/* This is used when parsing some Netscape objects */ -typedef struct asn1_header_st - { + +typedef STACK_OF(ASN1_TYPE) ASN1_SEQUENCE_ANY; + +ASN1_SEQUENCE_ANY *d2i_ASN1_SEQUENCE_ANY(ASN1_SEQUENCE_ANY **a, const unsigned char **in, long len); +int i2d_ASN1_SEQUENCE_ANY(const ASN1_SEQUENCE_ANY *a, unsigned char **out); +extern const ASN1_ITEM ASN1_SEQUENCE_ANY_it; +ASN1_SEQUENCE_ANY *d2i_ASN1_SET_ANY(ASN1_SEQUENCE_ANY **a, const unsigned char **in, long len); +int i2d_ASN1_SET_ANY(const ASN1_SEQUENCE_ANY *a, unsigned char **out); +extern const ASN1_ITEM ASN1_SET_ANY_it; + +typedef struct NETSCAPE_X509_st { ASN1_OCTET_STRING *header; - char *data; - ASN1_METHOD *meth; - } ASN1_HEADER; + X509 *cert; +} NETSCAPE_X509; /* This is used to contain a list of bit names */ typedef struct BIT_STRING_BITNAME_st { @@ -497,54 +542,12 @@ typedef struct BIT_STRING_BITNAME_st { const char *sname; } BIT_STRING_BITNAME; - -#define M_ASN1_STRING_length(x) ((x)->length) -#define M_ASN1_STRING_length_set(x, n) ((x)->length = (n)) -#define M_ASN1_STRING_type(x) ((x)->type) -#define M_ASN1_STRING_data(x) ((x)->data) - -/* Macros for string operations */ -#define M_ASN1_BIT_STRING_new() (ASN1_BIT_STRING *)\ - ASN1_STRING_type_new(V_ASN1_BIT_STRING) -#define M_ASN1_BIT_STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_ASN1_BIT_STRING_dup(a) (ASN1_BIT_STRING *)\ - ASN1_STRING_dup((ASN1_STRING *)a) -#define M_ASN1_BIT_STRING_cmp(a,b) ASN1_STRING_cmp(\ - (ASN1_STRING *)a,(ASN1_STRING *)b) -#define M_ASN1_BIT_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c) - -#define M_ASN1_INTEGER_new() (ASN1_INTEGER *)\ - ASN1_STRING_type_new(V_ASN1_INTEGER) -#define M_ASN1_INTEGER_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_ASN1_INTEGER_dup(a) (ASN1_INTEGER *)ASN1_STRING_dup((ASN1_STRING *)a) -#define M_ASN1_INTEGER_cmp(a,b) ASN1_STRING_cmp(\ - (ASN1_STRING *)a,(ASN1_STRING *)b) - -#define M_ASN1_ENUMERATED_new() (ASN1_ENUMERATED *)\ - ASN1_STRING_type_new(V_ASN1_ENUMERATED) -#define M_ASN1_ENUMERATED_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_ASN1_ENUMERATED_dup(a) (ASN1_ENUMERATED *)ASN1_STRING_dup((ASN1_STRING *)a) -#define M_ASN1_ENUMERATED_cmp(a,b) ASN1_STRING_cmp(\ - (ASN1_STRING *)a,(ASN1_STRING *)b) - -#define M_ASN1_OCTET_STRING_new() (ASN1_OCTET_STRING *)\ - ASN1_STRING_type_new(V_ASN1_OCTET_STRING) -#define M_ASN1_OCTET_STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_ASN1_OCTET_STRING_dup(a) (ASN1_OCTET_STRING *)\ - ASN1_STRING_dup((ASN1_STRING *)a) -#define M_ASN1_OCTET_STRING_cmp(a,b) ASN1_STRING_cmp(\ - (ASN1_STRING *)a,(ASN1_STRING *)b) -#define M_ASN1_OCTET_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c) -#define M_ASN1_OCTET_STRING_print(a,b) ASN1_STRING_print(a,(ASN1_STRING *)b) -#define M_i2d_ASN1_OCTET_STRING(a,pp) \ - i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_OCTET_STRING,\ - V_ASN1_UNIVERSAL) - #define B_ASN1_TIME \ B_ASN1_UTCTIME | \ B_ASN1_GENERALIZEDTIME #define B_ASN1_PRINTABLE \ + B_ASN1_NUMERICSTRING| \ B_ASN1_PRINTABLESTRING| \ B_ASN1_T61STRING| \ B_ASN1_IA5STRING| \ @@ -552,6 +555,7 @@ typedef struct BIT_STRING_BITNAME_st { B_ASN1_UNIVERSALSTRING|\ B_ASN1_BMPSTRING|\ B_ASN1_UTF8STRING|\ + B_ASN1_SEQUENCE|\ B_ASN1_UNKNOWN #define B_ASN1_DIRECTORYSTRING \ @@ -567,362 +571,362 @@ typedef struct BIT_STRING_BITNAME_st { B_ASN1_BMPSTRING|\ B_ASN1_UTF8STRING -#define M_ASN1_PRINTABLE_new() ASN1_STRING_type_new(V_ASN1_T61STRING) -#define M_ASN1_PRINTABLE_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_i2d_ASN1_PRINTABLE(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\ - pp,a->type,V_ASN1_UNIVERSAL) -#define M_d2i_ASN1_PRINTABLE(a,pp,l) \ - d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \ - B_ASN1_PRINTABLE) - -#define M_DIRECTORYSTRING_new() ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING) -#define M_DIRECTORYSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_i2d_DIRECTORYSTRING(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\ - pp,a->type,V_ASN1_UNIVERSAL) -#define M_d2i_DIRECTORYSTRING(a,pp,l) \ - d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \ - B_ASN1_DIRECTORYSTRING) - -#define M_DISPLAYTEXT_new() ASN1_STRING_type_new(V_ASN1_VISIBLESTRING) -#define M_DISPLAYTEXT_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_i2d_DISPLAYTEXT(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\ - pp,a->type,V_ASN1_UNIVERSAL) -#define M_d2i_DISPLAYTEXT(a,pp,l) \ - d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \ - B_ASN1_DISPLAYTEXT) - -#define M_ASN1_PRINTABLESTRING_new() (ASN1_PRINTABLESTRING *)\ - ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING) -#define M_ASN1_PRINTABLESTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_i2d_ASN1_PRINTABLESTRING(a,pp) \ - i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_PRINTABLESTRING,\ - V_ASN1_UNIVERSAL) -#define M_d2i_ASN1_PRINTABLESTRING(a,pp,l) \ - (ASN1_PRINTABLESTRING *)d2i_ASN1_type_bytes\ - ((ASN1_STRING **)a,pp,l,B_ASN1_PRINTABLESTRING) - -#define M_ASN1_T61STRING_new() (ASN1_T61STRING *)\ - ASN1_STRING_type_new(V_ASN1_T61STRING) -#define M_ASN1_T61STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_i2d_ASN1_T61STRING(a,pp) \ - i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_T61STRING,\ - V_ASN1_UNIVERSAL) -#define M_d2i_ASN1_T61STRING(a,pp,l) \ - (ASN1_T61STRING *)d2i_ASN1_type_bytes\ - ((ASN1_STRING **)a,pp,l,B_ASN1_T61STRING) - -#define M_ASN1_IA5STRING_new() (ASN1_IA5STRING *)\ - ASN1_STRING_type_new(V_ASN1_IA5STRING) -#define M_ASN1_IA5STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_ASN1_IA5STRING_dup(a) \ - (ASN1_IA5STRING *)ASN1_STRING_dup((ASN1_STRING *)a) -#define M_i2d_ASN1_IA5STRING(a,pp) \ - i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_IA5STRING,\ - V_ASN1_UNIVERSAL) -#define M_d2i_ASN1_IA5STRING(a,pp,l) \ - (ASN1_IA5STRING *)d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l,\ - B_ASN1_IA5STRING) - -#define M_ASN1_UTCTIME_new() (ASN1_UTCTIME *)\ - ASN1_STRING_type_new(V_ASN1_UTCTIME) -#define M_ASN1_UTCTIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_ASN1_UTCTIME_dup(a) (ASN1_UTCTIME *)ASN1_STRING_dup((ASN1_STRING *)a) - -#define M_ASN1_GENERALIZEDTIME_new() (ASN1_GENERALIZEDTIME *)\ - ASN1_STRING_type_new(V_ASN1_GENERALIZEDTIME) -#define M_ASN1_GENERALIZEDTIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_ASN1_GENERALIZEDTIME_dup(a) (ASN1_GENERALIZEDTIME *)ASN1_STRING_dup(\ - (ASN1_STRING *)a) - -#define M_ASN1_TIME_new() (ASN1_TIME *)\ - ASN1_STRING_type_new(V_ASN1_UTCTIME) -#define M_ASN1_TIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_ASN1_TIME_dup(a) (ASN1_TIME *)ASN1_STRING_dup((ASN1_STRING *)a) - -#define M_ASN1_GENERALSTRING_new() (ASN1_GENERALSTRING *)\ - ASN1_STRING_type_new(V_ASN1_GENERALSTRING) -#define M_ASN1_GENERALSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_i2d_ASN1_GENERALSTRING(a,pp) \ - i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_GENERALSTRING,\ - V_ASN1_UNIVERSAL) -#define M_d2i_ASN1_GENERALSTRING(a,pp,l) \ - (ASN1_GENERALSTRING *)d2i_ASN1_type_bytes\ - ((ASN1_STRING **)a,pp,l,B_ASN1_GENERALSTRING) - -#define M_ASN1_UNIVERSALSTRING_new() (ASN1_UNIVERSALSTRING *)\ - ASN1_STRING_type_new(V_ASN1_UNIVERSALSTRING) -#define M_ASN1_UNIVERSALSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_i2d_ASN1_UNIVERSALSTRING(a,pp) \ - i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UNIVERSALSTRING,\ - V_ASN1_UNIVERSAL) -#define M_d2i_ASN1_UNIVERSALSTRING(a,pp,l) \ - (ASN1_UNIVERSALSTRING *)d2i_ASN1_type_bytes\ - ((ASN1_STRING **)a,pp,l,B_ASN1_UNIVERSALSTRING) - -#define M_ASN1_BMPSTRING_new() (ASN1_BMPSTRING *)\ - ASN1_STRING_type_new(V_ASN1_BMPSTRING) -#define M_ASN1_BMPSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_i2d_ASN1_BMPSTRING(a,pp) \ - i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_BMPSTRING,\ - V_ASN1_UNIVERSAL) -#define M_d2i_ASN1_BMPSTRING(a,pp,l) \ - (ASN1_BMPSTRING *)d2i_ASN1_type_bytes\ - ((ASN1_STRING **)a,pp,l,B_ASN1_BMPSTRING) - -#define M_ASN1_VISIBLESTRING_new() (ASN1_VISIBLESTRING *)\ - ASN1_STRING_type_new(V_ASN1_VISIBLESTRING) -#define M_ASN1_VISIBLESTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_i2d_ASN1_VISIBLESTRING(a,pp) \ - i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_VISIBLESTRING,\ - V_ASN1_UNIVERSAL) -#define M_d2i_ASN1_VISIBLESTRING(a,pp,l) \ - (ASN1_VISIBLESTRING *)d2i_ASN1_type_bytes\ - ((ASN1_STRING **)a,pp,l,B_ASN1_VISIBLESTRING) - -#define M_ASN1_UTF8STRING_new() (ASN1_UTF8STRING *)\ - ASN1_STRING_type_new(V_ASN1_UTF8STRING) -#define M_ASN1_UTF8STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) -#define M_i2d_ASN1_UTF8STRING(a,pp) \ - i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UTF8STRING,\ - V_ASN1_UNIVERSAL) -#define M_d2i_ASN1_UTF8STRING(a,pp,l) \ - (ASN1_UTF8STRING *)d2i_ASN1_type_bytes\ - ((ASN1_STRING **)a,pp,l,B_ASN1_UTF8STRING) - - /* for the is_set parameter to i2d_ASN1_SET */ -#define IS_SEQUENCE 0 -#define IS_SET 1 - -DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE) - -int ASN1_TYPE_get(ASN1_TYPE *a); +#ifndef LIBRESSL_INTERNAL +#define M_ASN1_IA5STRING_new ASN1_IA5STRING_new + +#define M_ASN1_INTEGER_free ASN1_INTEGER_free +#define M_ASN1_ENUMERATED_free ASN1_ENUMERATED_free +#define M_ASN1_OCTET_STRING_free ASN1_OCTET_STRING_free + +#define M_ASN1_OCTET_STRING_print ASN1_STRING_print + +#define M_ASN1_STRING_data ASN1_STRING_data +#define M_ASN1_STRING_length ASN1_STRING_length +#endif + +ASN1_TYPE *ASN1_TYPE_new(void); +void ASN1_TYPE_free(ASN1_TYPE *a); +ASN1_TYPE *d2i_ASN1_TYPE(ASN1_TYPE **a, const unsigned char **in, long len); +int i2d_ASN1_TYPE(ASN1_TYPE *a, unsigned char **out); +extern const ASN1_ITEM ASN1_ANY_it; + +int ASN1_TYPE_get(const ASN1_TYPE *a); void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value); +int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value); +int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b); -ASN1_OBJECT * ASN1_OBJECT_new(void ); -void ASN1_OBJECT_free(ASN1_OBJECT *a); -int i2d_ASN1_OBJECT(ASN1_OBJECT *a,unsigned char **pp); -ASN1_OBJECT * c2i_ASN1_OBJECT(ASN1_OBJECT **a,unsigned char **pp, - long length); -ASN1_OBJECT * d2i_ASN1_OBJECT(ASN1_OBJECT **a,unsigned char **pp, - long length); +ASN1_OBJECT *ASN1_OBJECT_new(void); +void ASN1_OBJECT_free(ASN1_OBJECT *a); +int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp); +ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, + long length); +ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, + long length); -DECLARE_ASN1_ITEM(ASN1_OBJECT) +extern const ASN1_ITEM ASN1_OBJECT_it; DECLARE_STACK_OF(ASN1_OBJECT) -DECLARE_ASN1_SET_OF(ASN1_OBJECT) -ASN1_STRING * ASN1_STRING_new(void); -void ASN1_STRING_free(ASN1_STRING *a); -ASN1_STRING * ASN1_STRING_dup(ASN1_STRING *a); -ASN1_STRING * ASN1_STRING_type_new(int type ); -int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b); +ASN1_STRING *ASN1_STRING_new(void); +void ASN1_STRING_free(ASN1_STRING *a); +int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str); +ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *a); +ASN1_STRING *ASN1_STRING_type_new(int type); +int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b); /* Since this is used to store all sorts of things, via macros, for now, make its data void * */ -int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len); -int ASN1_STRING_length(ASN1_STRING *x); +int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len); +void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len); +int ASN1_STRING_length(const ASN1_STRING *x); void ASN1_STRING_length_set(ASN1_STRING *x, int n); -int ASN1_STRING_type(ASN1_STRING *x); -unsigned char * ASN1_STRING_data(ASN1_STRING *x); - -DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING) -int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a,unsigned char **pp); -ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,unsigned char **pp, - long length); -int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, - int length ); -int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value); -int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n); +int ASN1_STRING_type(const ASN1_STRING *x); +unsigned char *ASN1_STRING_data(ASN1_STRING *x); +const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x); + +ASN1_BIT_STRING *ASN1_BIT_STRING_new(void); +void ASN1_BIT_STRING_free(ASN1_BIT_STRING *a); +ASN1_BIT_STRING *d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, const unsigned char **in, long len); +int i2d_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **out); +extern const ASN1_ITEM ASN1_BIT_STRING_it; +int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp); +ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, + const unsigned char **pp, long length); +int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, int length); +int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value); +int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n); +int ASN1_BIT_STRING_check(const ASN1_BIT_STRING *a, + const unsigned char *flags, int flags_len); #ifndef OPENSSL_NO_BIO int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs, - BIT_STRING_BITNAME *tbl, int indent); + BIT_STRING_BITNAME *tbl, int indent); #endif -int ASN1_BIT_STRING_num_asc(char *name, BIT_STRING_BITNAME *tbl); -int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value, - BIT_STRING_BITNAME *tbl); - -int i2d_ASN1_BOOLEAN(int a,unsigned char **pp); -int d2i_ASN1_BOOLEAN(int *a,unsigned char **pp,long length); - -DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER) -int i2c_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp); -ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a,unsigned char **pp, - long length); -ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a,unsigned char **pp, - long length); -ASN1_INTEGER * ASN1_INTEGER_dup(ASN1_INTEGER *x); -int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y); - -DECLARE_ASN1_FUNCTIONS(ASN1_ENUMERATED) - -int ASN1_UTCTIME_check(ASN1_UTCTIME *a); -ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s,time_t t); -int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, char *str); +int ASN1_BIT_STRING_num_asc(const char *name, BIT_STRING_BITNAME *tbl); +int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, const char *name, int value, + BIT_STRING_BITNAME *tbl); + +int i2d_ASN1_BOOLEAN(int a, unsigned char **pp); +int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length); + +ASN1_INTEGER *ASN1_INTEGER_new(void); +void ASN1_INTEGER_free(ASN1_INTEGER *a); +ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **in, long len); +int i2d_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **out); +extern const ASN1_ITEM ASN1_INTEGER_it; +int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp); +ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp, + long length); +ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, + long length); +ASN1_INTEGER * ASN1_INTEGER_dup(const ASN1_INTEGER *x); +int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y); + +ASN1_ENUMERATED *ASN1_ENUMERATED_new(void); +void ASN1_ENUMERATED_free(ASN1_ENUMERATED *a); +ASN1_ENUMERATED *d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **a, const unsigned char **in, long len); +int i2d_ASN1_ENUMERATED(ASN1_ENUMERATED *a, unsigned char **out); +extern const ASN1_ITEM ASN1_ENUMERATED_it; + +int ASN1_UTCTIME_check(const ASN1_UTCTIME *a); +ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t); +ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, + int offset_day, long offset_sec); +int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str); + +#ifndef LIBRESSL_INTERNAL int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t); -#if 0 -time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s); -#endif - -int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a); -ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,time_t t); -int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, char *str); - -DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING) -ASN1_OCTET_STRING * ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *a); -int ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b); -int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, unsigned char *data, int len); - -DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING) -DECLARE_ASN1_FUNCTIONS(ASN1_UTF8STRING) -DECLARE_ASN1_FUNCTIONS(ASN1_NULL) -DECLARE_ASN1_FUNCTIONS(ASN1_BMPSTRING) - -int UTF8_getc(const unsigned char *str, int len, unsigned long *val); -int UTF8_putc(unsigned char *str, int len, unsigned long value); - -DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE) - -DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING) -DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DISPLAYTEXT) -DECLARE_ASN1_FUNCTIONS(ASN1_PRINTABLESTRING) -DECLARE_ASN1_FUNCTIONS(ASN1_T61STRING) -DECLARE_ASN1_FUNCTIONS(ASN1_IA5STRING) -DECLARE_ASN1_FUNCTIONS(ASN1_GENERALSTRING) -DECLARE_ASN1_FUNCTIONS(ASN1_UTCTIME) -DECLARE_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME) -DECLARE_ASN1_FUNCTIONS(ASN1_TIME) - -ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s,time_t t); -int ASN1_TIME_check(ASN1_TIME *t); -ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out); - -int i2d_ASN1_SET(STACK *a, unsigned char **pp, - int (*func)(), int ex_tag, int ex_class, int is_set); -STACK * d2i_ASN1_SET(STACK **a, unsigned char **pp, long length, - char *(*func)(), void (*free_func)(void *), - int ex_tag, int ex_class); +#endif /* !LIBRESSL_INTERNAL */ + +int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *a); +ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, + time_t t); +ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s, + time_t t, int offset_day, long offset_sec); +int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str); + +ASN1_OCTET_STRING *ASN1_OCTET_STRING_new(void); +void ASN1_OCTET_STRING_free(ASN1_OCTET_STRING *a); +ASN1_OCTET_STRING *d2i_ASN1_OCTET_STRING(ASN1_OCTET_STRING **a, const unsigned char **in, long len); +int i2d_ASN1_OCTET_STRING(ASN1_OCTET_STRING *a, unsigned char **out); +extern const ASN1_ITEM ASN1_OCTET_STRING_it; +ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *a); +int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a, + const ASN1_OCTET_STRING *b); +int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, const unsigned char *data, + int len); + +ASN1_VISIBLESTRING *ASN1_VISIBLESTRING_new(void); +void ASN1_VISIBLESTRING_free(ASN1_VISIBLESTRING *a); +ASN1_VISIBLESTRING *d2i_ASN1_VISIBLESTRING(ASN1_VISIBLESTRING **a, const unsigned char **in, long len); +int i2d_ASN1_VISIBLESTRING(ASN1_VISIBLESTRING *a, unsigned char **out); +extern const ASN1_ITEM ASN1_VISIBLESTRING_it; +ASN1_UNIVERSALSTRING *ASN1_UNIVERSALSTRING_new(void); +void ASN1_UNIVERSALSTRING_free(ASN1_UNIVERSALSTRING *a); +ASN1_UNIVERSALSTRING *d2i_ASN1_UNIVERSALSTRING(ASN1_UNIVERSALSTRING **a, const unsigned char **in, long len); +int i2d_ASN1_UNIVERSALSTRING(ASN1_UNIVERSALSTRING *a, unsigned char **out); +extern const ASN1_ITEM ASN1_UNIVERSALSTRING_it; +ASN1_UTF8STRING *ASN1_UTF8STRING_new(void); +void ASN1_UTF8STRING_free(ASN1_UTF8STRING *a); +ASN1_UTF8STRING *d2i_ASN1_UTF8STRING(ASN1_UTF8STRING **a, const unsigned char **in, long len); +int i2d_ASN1_UTF8STRING(ASN1_UTF8STRING *a, unsigned char **out); +extern const ASN1_ITEM ASN1_UTF8STRING_it; +ASN1_NULL *ASN1_NULL_new(void); +void ASN1_NULL_free(ASN1_NULL *a); +ASN1_NULL *d2i_ASN1_NULL(ASN1_NULL **a, const unsigned char **in, long len); +int i2d_ASN1_NULL(ASN1_NULL *a, unsigned char **out); +extern const ASN1_ITEM ASN1_NULL_it; +ASN1_BMPSTRING *ASN1_BMPSTRING_new(void); +void ASN1_BMPSTRING_free(ASN1_BMPSTRING *a); +ASN1_BMPSTRING *d2i_ASN1_BMPSTRING(ASN1_BMPSTRING **a, const unsigned char **in, long len); +int i2d_ASN1_BMPSTRING(ASN1_BMPSTRING *a, unsigned char **out); +extern const ASN1_ITEM ASN1_BMPSTRING_it; + +ASN1_STRING *ASN1_PRINTABLE_new(void); +void ASN1_PRINTABLE_free(ASN1_STRING *a); +ASN1_STRING *d2i_ASN1_PRINTABLE(ASN1_STRING **a, const unsigned char **in, long len); +int i2d_ASN1_PRINTABLE(ASN1_STRING *a, unsigned char **out); +extern const ASN1_ITEM ASN1_PRINTABLE_it; + +ASN1_STRING *DIRECTORYSTRING_new(void); +void DIRECTORYSTRING_free(ASN1_STRING *a); +ASN1_STRING *d2i_DIRECTORYSTRING(ASN1_STRING **a, const unsigned char **in, long len); +int i2d_DIRECTORYSTRING(ASN1_STRING *a, unsigned char **out); +extern const ASN1_ITEM DIRECTORYSTRING_it; +ASN1_STRING *DISPLAYTEXT_new(void); +void DISPLAYTEXT_free(ASN1_STRING *a); +ASN1_STRING *d2i_DISPLAYTEXT(ASN1_STRING **a, const unsigned char **in, long len); +int i2d_DISPLAYTEXT(ASN1_STRING *a, unsigned char **out); +extern const ASN1_ITEM DISPLAYTEXT_it; +ASN1_PRINTABLESTRING *ASN1_PRINTABLESTRING_new(void); +void ASN1_PRINTABLESTRING_free(ASN1_PRINTABLESTRING *a); +ASN1_PRINTABLESTRING *d2i_ASN1_PRINTABLESTRING(ASN1_PRINTABLESTRING **a, const unsigned char **in, long len); +int i2d_ASN1_PRINTABLESTRING(ASN1_PRINTABLESTRING *a, unsigned char **out); +extern const ASN1_ITEM ASN1_PRINTABLESTRING_it; +ASN1_T61STRING *ASN1_T61STRING_new(void); +void ASN1_T61STRING_free(ASN1_T61STRING *a); +ASN1_T61STRING *d2i_ASN1_T61STRING(ASN1_T61STRING **a, const unsigned char **in, long len); +int i2d_ASN1_T61STRING(ASN1_T61STRING *a, unsigned char **out); +extern const ASN1_ITEM ASN1_T61STRING_it; +ASN1_IA5STRING *ASN1_IA5STRING_new(void); +void ASN1_IA5STRING_free(ASN1_IA5STRING *a); +ASN1_IA5STRING *d2i_ASN1_IA5STRING(ASN1_IA5STRING **a, const unsigned char **in, long len); +int i2d_ASN1_IA5STRING(ASN1_IA5STRING *a, unsigned char **out); +extern const ASN1_ITEM ASN1_IA5STRING_it; +ASN1_GENERALSTRING *ASN1_GENERALSTRING_new(void); +void ASN1_GENERALSTRING_free(ASN1_GENERALSTRING *a); +ASN1_GENERALSTRING *d2i_ASN1_GENERALSTRING(ASN1_GENERALSTRING **a, const unsigned char **in, long len); +int i2d_ASN1_GENERALSTRING(ASN1_GENERALSTRING *a, unsigned char **out); +extern const ASN1_ITEM ASN1_GENERALSTRING_it; +ASN1_UTCTIME *ASN1_UTCTIME_new(void); +void ASN1_UTCTIME_free(ASN1_UTCTIME *a); +ASN1_UTCTIME *d2i_ASN1_UTCTIME(ASN1_UTCTIME **a, const unsigned char **in, long len); +int i2d_ASN1_UTCTIME(ASN1_UTCTIME *a, unsigned char **out); +extern const ASN1_ITEM ASN1_UTCTIME_it; +ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_new(void); +void ASN1_GENERALIZEDTIME_free(ASN1_GENERALIZEDTIME *a); +ASN1_GENERALIZEDTIME *d2i_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME **a, const unsigned char **in, long len); +int i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *a, unsigned char **out); +extern const ASN1_ITEM ASN1_GENERALIZEDTIME_it; +ASN1_TIME *ASN1_TIME_new(void); +void ASN1_TIME_free(ASN1_TIME *a); +ASN1_TIME *d2i_ASN1_TIME(ASN1_TIME **a, const unsigned char **in, long len); +int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **out); +extern const ASN1_ITEM ASN1_TIME_it; + +extern const ASN1_ITEM ASN1_OCTET_STRING_NDEF_it; + +ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t); +ASN1_TIME *ASN1_TIME_set_tm(ASN1_TIME *s, struct tm *tm); +ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, int offset_day, + long offset_sec); +int ASN1_TIME_check(const ASN1_TIME *t); +ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t, + ASN1_GENERALIZEDTIME **out); +int ASN1_TIME_set_string(ASN1_TIME *s, const char *str); #ifndef OPENSSL_NO_BIO -int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a); -int a2i_ASN1_INTEGER(BIO *bp,ASN1_INTEGER *bs,char *buf,int size); -int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a); -int a2i_ASN1_ENUMERATED(BIO *bp,ASN1_ENUMERATED *bs,char *buf,int size); -int i2a_ASN1_OBJECT(BIO *bp,ASN1_OBJECT *a); -int a2i_ASN1_STRING(BIO *bp,ASN1_STRING *bs,char *buf,int size); -int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type); +int i2a_ASN1_INTEGER(BIO *bp, const ASN1_INTEGER *a); +int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size); +int i2a_ASN1_ENUMERATED(BIO *bp, const ASN1_ENUMERATED *a); +int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size); +int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a); +int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size); +int i2a_ASN1_STRING(BIO *bp, const ASN1_STRING *a, int type); #endif -int i2t_ASN1_OBJECT(char *buf,int buf_len,ASN1_OBJECT *a); +int i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *a); -int a2d_ASN1_OBJECT(unsigned char *out,int olen, const char *buf, int num); -ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data,int len, - const char *sn, const char *ln); +int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num); +ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len, + const char *sn, const char *ln); int ASN1_INTEGER_set(ASN1_INTEGER *a, long v); -long ASN1_INTEGER_get(ASN1_INTEGER *a); -ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai); -BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai,BIGNUM *bn); +long ASN1_INTEGER_get(const ASN1_INTEGER *a); +ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai); +BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn); int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v); -long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a); -ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai); -BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai,BIGNUM *bn); +long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a); +ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai); +BIGNUM *ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai, BIGNUM *bn); /* General */ /* given a string, return the correct type, max is the maximum length */ -int ASN1_PRINTABLE_type(unsigned char *s, int max); - -int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass); -ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, unsigned char **pp, - long length, int Ptag, int Pclass); -unsigned long ASN1_tag2bit(int tag); -/* type is one or more of the B_ASN1_ values. */ -ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a,unsigned char **pp, - long length,int type); - -/* PARSING */ -int asn1_Finish(ASN1_CTX *c); +int ASN1_PRINTABLE_type(const unsigned char *s, int max); /* SPECIALS */ -int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, - int *pclass, long omax); -int ASN1_check_infinite_end(unsigned char **p,long len); -void ASN1_put_object(unsigned char **pp, int constructed, int length, - int tag, int xclass); +int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, + int *pclass, long omax); +int ASN1_check_infinite_end(unsigned char **p, long len); +int ASN1_const_check_infinite_end(const unsigned char **p, long len); +void ASN1_put_object(unsigned char **pp, int constructed, int length, int tag, + int xclass); +int ASN1_put_eoc(unsigned char **pp); int ASN1_object_size(int constructed, int length, int tag); -/* Used to implement other functions */ -char *ASN1_dup(int (*i2d)(),char *(*d2i)(),char *x); - void *ASN1_item_dup(const ASN1_ITEM *it, void *x); -#ifndef OPENSSL_NO_FP_API -char *ASN1_d2i_fp(char *(*xnew)(),char *(*d2i)(),FILE *fp,unsigned char **x); +#ifndef LIBRESSL_INTERNAL + +void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x); + +#endif /* !LIBRESSL_INTERNAL */ + +void *ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x); + +#define ASN1_d2i_fp_of(type,xnew,d2i,in,x) \ + ((type*)ASN1_d2i_fp(CHECKED_NEW_OF(type, xnew), \ + CHECKED_D2I_OF(type, d2i), \ + in, \ + CHECKED_PPTR_OF(type, x))) + void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x); -int ASN1_i2d_fp(int (*i2d)(),FILE *out,unsigned char *x); +int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x); + +#define ASN1_i2d_fp_of(type,i2d,out,x) \ + (ASN1_i2d_fp(CHECKED_I2D_OF(type, i2d), \ + out, \ + CHECKED_PTR_OF(type, x))) + +#define ASN1_i2d_fp_of_const(type,i2d,out,x) \ + (ASN1_i2d_fp(CHECKED_I2D_OF(const type, i2d), \ + out, \ + CHECKED_PTR_OF(const type, x))) + int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x); -int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags); -#endif +int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, + unsigned long flags); -int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in); +int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in); #ifndef OPENSSL_NO_BIO -char *ASN1_d2i_bio(char *(*xnew)(),char *(*d2i)(),BIO *bp,unsigned char **x); +void *ASN1_d2i_bio(void *(*xnew)(void), d2i_of_void *d2i, BIO *in, void **x); + +#define ASN1_d2i_bio_of(type,xnew,d2i,in,x) \ + ((type*)ASN1_d2i_bio( CHECKED_NEW_OF(type, xnew), \ + CHECKED_D2I_OF(type, d2i), \ + in, \ + CHECKED_PPTR_OF(type, x))) + void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x); -int ASN1_i2d_bio(int (*i2d)(),BIO *out,unsigned char *x); +int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x); + +#define ASN1_i2d_bio_of(type,i2d,out,x) \ + (ASN1_i2d_bio(CHECKED_I2D_OF(type, i2d), \ + out, \ + CHECKED_PTR_OF(type, x))) + +#define ASN1_i2d_bio_of_const(type,i2d,out,x) \ + (ASN1_i2d_bio(CHECKED_I2D_OF(const type, i2d), \ + out, \ + CHECKED_PTR_OF(const type, x))) + int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x); -int ASN1_UTCTIME_print(BIO *fp,ASN1_UTCTIME *a); -int ASN1_GENERALIZEDTIME_print(BIO *fp,ASN1_GENERALIZEDTIME *a); -int ASN1_TIME_print(BIO *fp,ASN1_TIME *a); -int ASN1_STRING_print(BIO *bp,ASN1_STRING *v); -int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags); -int ASN1_parse(BIO *bp,unsigned char *pp,long len,int indent); -int ASN1_parse_dump(BIO *bp,unsigned char *pp,long len,int indent,int dump); +int ASN1_UTCTIME_print(BIO *fp, const ASN1_UTCTIME *a); +int ASN1_GENERALIZEDTIME_print(BIO *fp, const ASN1_GENERALIZEDTIME *a); +int ASN1_TIME_print(BIO *fp, const ASN1_TIME *a); +int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v); +int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str, unsigned long flags); +int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num, + unsigned char *buf, int off); +int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent); +int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent, int dump); #endif + +unsigned long ASN1_tag2bit(int tag); const char *ASN1_tag2str(int tag); -/* Used to load and write netscape format cert/key */ -int i2d_ASN1_HEADER(ASN1_HEADER *a,unsigned char **pp); -ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER **a,unsigned char **pp, long length); -ASN1_HEADER *ASN1_HEADER_new(void ); -void ASN1_HEADER_free(ASN1_HEADER *a); +/* Used to load and write netscape format cert */ + +NETSCAPE_X509 *NETSCAPE_X509_new(void); +void NETSCAPE_X509_free(NETSCAPE_X509 *a); +NETSCAPE_X509 *d2i_NETSCAPE_X509(NETSCAPE_X509 **a, const unsigned char **in, long len); +int i2d_NETSCAPE_X509(NETSCAPE_X509 *a, unsigned char **out); +extern const ASN1_ITEM NETSCAPE_X509_it; int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s); -/* Not used that much at this point, except for the first two */ -ASN1_METHOD *X509_asn1_meth(void); -ASN1_METHOD *RSAPrivateKey_asn1_meth(void); -ASN1_METHOD *ASN1_IA5STRING_asn1_meth(void); -ASN1_METHOD *ASN1_BIT_STRING_asn1_meth(void); - -int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, - unsigned char *data, int len); -int ASN1_TYPE_get_octetstring(ASN1_TYPE *a, - unsigned char *data, int max_len); -int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, - unsigned char *data, int len); -int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a,long *num, - unsigned char *data, int max_len); - -STACK *ASN1_seq_unpack(unsigned char *buf, int len, char *(*d2i)(), - void (*free_func)(void *) ); -unsigned char *ASN1_seq_pack(STACK *safes, int (*i2d)(), unsigned char **buf, - int *len ); -void *ASN1_unpack_string(ASN1_STRING *oct, char *(*d2i)()); -void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it); -ASN1_STRING *ASN1_pack_string(void *obj, int (*i2d)(), ASN1_OCTET_STRING **oct); -ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_OCTET_STRING **oct); +int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, const unsigned char *data, int len); +int ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data, + int max_len); +int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, const unsigned char *data, + int len); +int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num, + unsigned char *data, int max_len); + +ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, + ASN1_OCTET_STRING **oct); +void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it); void ASN1_STRING_set_default_mask(unsigned long mask); -int ASN1_STRING_set_default_mask_asc(char *p); +int ASN1_STRING_set_default_mask_asc(const char *p); unsigned long ASN1_STRING_get_default_mask(void); int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len, - int inform, unsigned long mask); + int inform, unsigned long mask); int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, - int inform, unsigned long mask, - long minsize, long maxsize); + int inform, unsigned long mask, long minsize, long maxsize); -ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, - const unsigned char *in, int inlen, int inform, int nid); +ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, + const unsigned char *in, int inlen, int inform, int nid); ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid); int ASN1_STRING_TABLE_add(int, long, long, unsigned long, unsigned long); void ASN1_STRING_TABLE_cleanup(void); @@ -932,11 +936,67 @@ void ASN1_STRING_TABLE_cleanup(void); /* Old API compatible functions */ ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it); void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it); -ASN1_VALUE * ASN1_item_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_ITEM *it); +ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **val, const unsigned char **in, + long len, const ASN1_ITEM *it); int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it); +int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it); void ASN1_add_oid_module(void); +ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf); +ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf); + +/* ASN1 Print flags */ + +/* Indicate missing OPTIONAL fields */ +#define ASN1_PCTX_FLAGS_SHOW_ABSENT 0x001 +/* Mark start and end of SEQUENCE */ +#define ASN1_PCTX_FLAGS_SHOW_SEQUENCE 0x002 +/* Mark start and end of SEQUENCE/SET OF */ +#define ASN1_PCTX_FLAGS_SHOW_SSOF 0x004 +/* Show the ASN1 type of primitives */ +#define ASN1_PCTX_FLAGS_SHOW_TYPE 0x008 +/* Don't show ASN1 type of ANY */ +#define ASN1_PCTX_FLAGS_NO_ANY_TYPE 0x010 +/* Don't show ASN1 type of MSTRINGs */ +#define ASN1_PCTX_FLAGS_NO_MSTRING_TYPE 0x020 +/* Don't show field names in SEQUENCE */ +#define ASN1_PCTX_FLAGS_NO_FIELD_NAME 0x040 +/* Show structure names of each SEQUENCE field */ +#define ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME 0x080 +/* Don't show structure name even at top level */ +#define ASN1_PCTX_FLAGS_NO_STRUCT_NAME 0x100 + +int ASN1_item_print(BIO *out, ASN1_VALUE *ifld, int indent, + const ASN1_ITEM *it, const ASN1_PCTX *pctx); +ASN1_PCTX *ASN1_PCTX_new(void); +void ASN1_PCTX_free(ASN1_PCTX *p); +unsigned long ASN1_PCTX_get_flags(const ASN1_PCTX *p); +void ASN1_PCTX_set_flags(ASN1_PCTX *p, unsigned long flags); +unsigned long ASN1_PCTX_get_nm_flags(const ASN1_PCTX *p); +void ASN1_PCTX_set_nm_flags(ASN1_PCTX *p, unsigned long flags); +unsigned long ASN1_PCTX_get_cert_flags(const ASN1_PCTX *p); +void ASN1_PCTX_set_cert_flags(ASN1_PCTX *p, unsigned long flags); +unsigned long ASN1_PCTX_get_oid_flags(const ASN1_PCTX *p); +void ASN1_PCTX_set_oid_flags(ASN1_PCTX *p, unsigned long flags); +unsigned long ASN1_PCTX_get_str_flags(const ASN1_PCTX *p); +void ASN1_PCTX_set_str_flags(ASN1_PCTX *p, unsigned long flags); + +const BIO_METHOD *BIO_f_asn1(void); + +BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it); + +int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags, + const ASN1_ITEM *it); +int PEM_write_bio_ASN1_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags, + const char *hdr, const ASN1_ITEM *it); +int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags, + int ctype_nid, int econt_nid, STACK_OF(X509_ALGOR) *mdalgs, + const ASN1_ITEM *it); +ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it); +int SMIME_crlf_copy(BIO *in, BIO *out, int flags); +int SMIME_text(BIO *in, BIO *out); + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. @@ -950,42 +1010,75 @@ void ERR_load_ASN1_strings(void); #define ASN1_F_A2I_ASN1_ENUMERATED 101 #define ASN1_F_A2I_ASN1_INTEGER 102 #define ASN1_F_A2I_ASN1_STRING 103 +#define ASN1_F_APPEND_EXP 176 +#define ASN1_F_ASN1_BIT_STRING_SET_BIT 183 +#define ASN1_F_ASN1_CB 177 #define ASN1_F_ASN1_CHECK_TLEN 104 #define ASN1_F_ASN1_COLLATE_PRIMITIVE 105 #define ASN1_F_ASN1_COLLECT 106 -#define ASN1_F_ASN1_D2I_BIO 107 #define ASN1_F_ASN1_D2I_EX_PRIMITIVE 108 #define ASN1_F_ASN1_D2I_FP 109 +#define ASN1_F_ASN1_D2I_READ_BIO 107 +#define ASN1_F_ASN1_DIGEST 184 #define ASN1_F_ASN1_DO_ADB 110 #define ASN1_F_ASN1_DUP 111 #define ASN1_F_ASN1_ENUMERATED_SET 112 #define ASN1_F_ASN1_ENUMERATED_TO_BN 113 +#define ASN1_F_ASN1_EX_C2I 204 +#define ASN1_F_ASN1_FIND_END 190 +#define ASN1_F_ASN1_GENERALIZEDTIME_ADJ 216 +#define ASN1_F_ASN1_GENERALIZEDTIME_SET 185 +#define ASN1_F_ASN1_GENERATE_V3 178 #define ASN1_F_ASN1_GET_OBJECT 114 #define ASN1_F_ASN1_HEADER_NEW 115 #define ASN1_F_ASN1_I2D_BIO 116 #define ASN1_F_ASN1_I2D_FP 117 #define ASN1_F_ASN1_INTEGER_SET 118 #define ASN1_F_ASN1_INTEGER_TO_BN 119 +#define ASN1_F_ASN1_ITEM_D2I_FP 206 +#define ASN1_F_ASN1_ITEM_DUP 191 +#define ASN1_F_ASN1_ITEM_EX_COMBINE_NEW 121 #define ASN1_F_ASN1_ITEM_EX_D2I 120 -#define ASN1_F_ASN1_ITEM_NEW 121 -#define ASN1_F_ASN1_MBSTRING_COPY 122 +#define ASN1_F_ASN1_ITEM_I2D_BIO 192 +#define ASN1_F_ASN1_ITEM_I2D_FP 193 +#define ASN1_F_ASN1_ITEM_PACK 198 +#define ASN1_F_ASN1_ITEM_SIGN 195 +#define ASN1_F_ASN1_ITEM_SIGN_CTX 220 +#define ASN1_F_ASN1_ITEM_UNPACK 199 +#define ASN1_F_ASN1_ITEM_VERIFY 197 +#define ASN1_F_ASN1_MBSTRING_NCOPY 122 #define ASN1_F_ASN1_OBJECT_NEW 123 +#define ASN1_F_ASN1_OUTPUT_DATA 214 #define ASN1_F_ASN1_PACK_STRING 124 -#define ASN1_F_ASN1_PBE_SET 125 +#define ASN1_F_ASN1_PCTX_NEW 205 +#define ASN1_F_ASN1_PKCS5_PBE_SET 125 #define ASN1_F_ASN1_SEQ_PACK 126 #define ASN1_F_ASN1_SEQ_UNPACK 127 #define ASN1_F_ASN1_SIGN 128 +#define ASN1_F_ASN1_STR2TYPE 179 +#define ASN1_F_ASN1_STRING_SET 186 #define ASN1_F_ASN1_STRING_TABLE_ADD 129 #define ASN1_F_ASN1_STRING_TYPE_NEW 130 -#define ASN1_F_ASN1_TEMPLATE_D2I 131 #define ASN1_F_ASN1_TEMPLATE_EX_D2I 132 #define ASN1_F_ASN1_TEMPLATE_NEW 133 +#define ASN1_F_ASN1_TEMPLATE_NOEXP_D2I 131 +#define ASN1_F_ASN1_TIME_ADJ 217 +#define ASN1_F_ASN1_TIME_SET 175 #define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 134 #define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 135 #define ASN1_F_ASN1_UNPACK_STRING 136 +#define ASN1_F_ASN1_UTCTIME_ADJ 218 +#define ASN1_F_ASN1_UTCTIME_SET 187 #define ASN1_F_ASN1_VERIFY 137 +#define ASN1_F_B64_READ_ASN1 209 +#define ASN1_F_B64_WRITE_ASN1 210 +#define ASN1_F_BIO_NEW_NDEF 208 +#define ASN1_F_BITSTR_CB 180 #define ASN1_F_BN_TO_ASN1_ENUMERATED 138 #define ASN1_F_BN_TO_ASN1_INTEGER 139 +#define ASN1_F_C2I_ASN1_BIT_STRING 189 +#define ASN1_F_C2I_ASN1_INTEGER 194 +#define ASN1_F_C2I_ASN1_OBJECT 196 #define ASN1_F_COLLECT_DATA 140 #define ASN1_F_D2I_ASN1_BIT_STRING 141 #define ASN1_F_D2I_ASN1_BOOLEAN 142 @@ -998,45 +1091,65 @@ void ERR_load_ASN1_strings(void); #define ASN1_F_D2I_ASN1_TYPE_BYTES 149 #define ASN1_F_D2I_ASN1_UINTEGER 150 #define ASN1_F_D2I_ASN1_UTCTIME 151 +#define ASN1_F_D2I_AUTOPRIVATEKEY 207 #define ASN1_F_D2I_NETSCAPE_RSA 152 #define ASN1_F_D2I_NETSCAPE_RSA_2 153 #define ASN1_F_D2I_PRIVATEKEY 154 #define ASN1_F_D2I_PUBLICKEY 155 +#define ASN1_F_D2I_RSA_NET 200 +#define ASN1_F_D2I_RSA_NET_2 201 #define ASN1_F_D2I_X509 156 #define ASN1_F_D2I_X509_CINF 157 -#define ASN1_F_D2I_X509_NAME 158 #define ASN1_F_D2I_X509_PKEY 159 +#define ASN1_F_I2D_ASN1_BIO_STREAM 211 +#define ASN1_F_I2D_ASN1_SET 188 #define ASN1_F_I2D_ASN1_TIME 160 #define ASN1_F_I2D_DSA_PUBKEY 161 -#define ASN1_F_I2D_NETSCAPE_RSA 162 +#define ASN1_F_I2D_EC_PUBKEY 181 #define ASN1_F_I2D_PRIVATEKEY 163 #define ASN1_F_I2D_PUBLICKEY 164 +#define ASN1_F_I2D_RSA_NET 162 #define ASN1_F_I2D_RSA_PUBKEY 165 #define ASN1_F_LONG_C2I 166 #define ASN1_F_OID_MODULE_INIT 174 -#define ASN1_F_PKCS5_PBE2_SET 167 +#define ASN1_F_PARSE_TAGGING 182 +#define ASN1_F_PKCS5_PBE2_SET_IV 167 +#define ASN1_F_PKCS5_PBE_SET 202 +#define ASN1_F_PKCS5_PBE_SET0_ALGOR 215 +#define ASN1_F_PKCS5_PBKDF2_SET 219 +#define ASN1_F_SMIME_READ_ASN1 212 +#define ASN1_F_SMIME_TEXT 213 #define ASN1_F_X509_CINF_NEW 168 #define ASN1_F_X509_CRL_ADD0_REVOKED 169 #define ASN1_F_X509_INFO_NEW 170 -#define ASN1_F_X509_NAME_NEW 171 +#define ASN1_F_X509_NAME_ENCODE 203 +#define ASN1_F_X509_NAME_EX_D2I 158 +#define ASN1_F_X509_NAME_EX_NEW 171 #define ASN1_F_X509_NEW 172 #define ASN1_F_X509_PKEY_NEW 173 /* Reason codes. */ #define ASN1_R_ADDING_OBJECT 171 +#define ASN1_R_ASN1_PARSE_ERROR 203 +#define ASN1_R_ASN1_SIG_PARSE_ERROR 204 #define ASN1_R_AUX_ERROR 100 #define ASN1_R_BAD_CLASS 101 #define ASN1_R_BAD_OBJECT_HEADER 102 #define ASN1_R_BAD_PASSWORD_READ 103 #define ASN1_R_BAD_TAG 104 +#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 214 #define ASN1_R_BN_LIB 105 #define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106 #define ASN1_R_BUFFER_TOO_SMALL 107 #define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 108 +#define ASN1_R_CONTEXT_NOT_INITIALISED 217 #define ASN1_R_DATA_IS_WRONG 109 #define ASN1_R_DECODE_ERROR 110 #define ASN1_R_DECODING_ERROR 111 +#define ASN1_R_DEPTH_EXCEEDED 174 +#define ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED 198 #define ASN1_R_ENCODE_ERROR 112 +#define ASN1_R_ERROR_GETTING_TIME 173 #define ASN1_R_ERROR_LOADING_SECTION 172 #define ASN1_R_ERROR_PARSING_SET_ELEMENT 113 #define ASN1_R_ERROR_SETTING_CIPHER_PARAMS 114 @@ -1049,54 +1162,97 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_FIELD_MISSING 121 #define ASN1_R_FIRST_NUM_TOO_LARGE 122 #define ASN1_R_HEADER_TOO_LONG 123 +#define ASN1_R_ILLEGAL_BITSTRING_FORMAT 175 +#define ASN1_R_ILLEGAL_BOOLEAN 176 #define ASN1_R_ILLEGAL_CHARACTERS 124 +#define ASN1_R_ILLEGAL_FORMAT 177 +#define ASN1_R_ILLEGAL_HEX 178 +#define ASN1_R_ILLEGAL_IMPLICIT_TAG 179 +#define ASN1_R_ILLEGAL_INTEGER 180 +#define ASN1_R_ILLEGAL_NESTED_TAGGING 181 #define ASN1_R_ILLEGAL_NULL 125 +#define ASN1_R_ILLEGAL_NULL_VALUE 182 +#define ASN1_R_ILLEGAL_OBJECT 183 #define ASN1_R_ILLEGAL_OPTIONAL_ANY 126 #define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE 170 #define ASN1_R_ILLEGAL_TAGGED_ANY 127 +#define ASN1_R_ILLEGAL_TIME_VALUE 184 +#define ASN1_R_INTEGER_NOT_ASCII_FORMAT 185 #define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 128 +#define ASN1_R_INVALID_BIT_STRING_BITS_LEFT 220 #define ASN1_R_INVALID_BMPSTRING_LENGTH 129 #define ASN1_R_INVALID_DIGIT 130 +#define ASN1_R_INVALID_MIME_TYPE 205 +#define ASN1_R_INVALID_MODIFIER 186 +#define ASN1_R_INVALID_NUMBER 187 +#define ASN1_R_INVALID_OBJECT_ENCODING 216 #define ASN1_R_INVALID_SEPARATOR 131 #define ASN1_R_INVALID_TIME_FORMAT 132 #define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 133 #define ASN1_R_INVALID_UTF8STRING 134 #define ASN1_R_IV_TOO_LARGE 135 #define ASN1_R_LENGTH_ERROR 136 +#define ASN1_R_LIST_ERROR 188 +#define ASN1_R_MIME_NO_CONTENT_TYPE 206 +#define ASN1_R_MIME_PARSE_ERROR 207 +#define ASN1_R_MIME_SIG_PARSE_ERROR 208 #define ASN1_R_MISSING_EOC 137 #define ASN1_R_MISSING_SECOND_NUMBER 138 +#define ASN1_R_MISSING_VALUE 189 #define ASN1_R_MSTRING_NOT_UNIVERSAL 139 #define ASN1_R_MSTRING_WRONG_TAG 140 +#define ASN1_R_NESTED_ASN1_STRING 197 +#define ASN1_R_NESTED_TOO_DEEP 219 #define ASN1_R_NON_HEX_CHARACTERS 141 +#define ASN1_R_NOT_ASCII_FORMAT 190 #define ASN1_R_NOT_ENOUGH_DATA 142 +#define ASN1_R_NO_CONTENT_TYPE 209 +#define ASN1_R_NO_DEFAULT_DIGEST 201 #define ASN1_R_NO_MATCHING_CHOICE_TYPE 143 +#define ASN1_R_NO_MULTIPART_BODY_FAILURE 210 +#define ASN1_R_NO_MULTIPART_BOUNDARY 211 +#define ASN1_R_NO_SIG_CONTENT_TYPE 212 #define ASN1_R_NULL_IS_WRONG_LENGTH 144 +#define ASN1_R_OBJECT_NOT_ASCII_FORMAT 191 #define ASN1_R_ODD_NUMBER_OF_CHARS 145 #define ASN1_R_PRIVATE_KEY_HEADER_MISSING 146 #define ASN1_R_SECOND_NUMBER_TOO_LARGE 147 #define ASN1_R_SEQUENCE_LENGTH_MISMATCH 148 #define ASN1_R_SEQUENCE_NOT_CONSTRUCTED 149 +#define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG 192 #define ASN1_R_SHORT_LINE 150 +#define ASN1_R_SIG_INVALID_MIME_TYPE 213 +#define ASN1_R_STREAMING_NOT_SUPPORTED 202 #define ASN1_R_STRING_TOO_LONG 151 #define ASN1_R_STRING_TOO_SHORT 152 #define ASN1_R_TAG_VALUE_TOO_HIGH 153 #define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154 +#define ASN1_R_TIME_NOT_ASCII_FORMAT 193 #define ASN1_R_TOO_LONG 155 #define ASN1_R_TYPE_NOT_CONSTRUCTED 156 #define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157 #define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158 #define ASN1_R_UNEXPECTED_EOC 159 +#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 215 #define ASN1_R_UNKNOWN_FORMAT 160 #define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161 #define ASN1_R_UNKNOWN_OBJECT_TYPE 162 #define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE 163 +#define ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM 199 +#define ASN1_R_UNKNOWN_TAG 194 +#define ASN1_R_UNKOWN_FORMAT 195 #define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 164 #define ASN1_R_UNSUPPORTED_CIPHER 165 #define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM 166 #define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 167 +#define ASN1_R_UNSUPPORTED_TYPE 196 +#define ASN1_R_WRONG_PUBLIC_KEY_TYPE 200 #define ASN1_R_WRONG_TAG 168 #define ASN1_R_WRONG_TYPE 169 + +int ASN1_time_parse(const char *_bytes, size_t _len, struct tm *_tm, int _mode); +int ASN1_time_tm_cmp(struct tm *_tm1, struct tm *_tm2); #ifdef __cplusplus } #endif diff --git a/src/lib/libcrypto/asn1/asn1_err.c b/src/lib/libcrypto/asn1/asn1_err.c index c4c3d2a91df..5cc355084f0 100644 --- a/src/lib/libcrypto/asn1/asn1_err.c +++ b/src/lib/libcrypto/asn1/asn1_err.c @@ -1,13 +1,13 @@ -/* crypto/asn1/asn1_err.c */ +/* $OpenBSD: asn1_err.c,v 1.21 2018/03/29 02:29:24 inoguchi Exp $ */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -59,182 +59,156 @@ */ #include + +#include + #include #include /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -static ERR_STRING_DATA ASN1_str_functs[]= - { -{ERR_PACK(0,ASN1_F_A2D_ASN1_OBJECT,0), "a2d_ASN1_OBJECT"}, -{ERR_PACK(0,ASN1_F_A2I_ASN1_ENUMERATED,0), "a2i_ASN1_ENUMERATED"}, -{ERR_PACK(0,ASN1_F_A2I_ASN1_INTEGER,0), "a2i_ASN1_INTEGER"}, -{ERR_PACK(0,ASN1_F_A2I_ASN1_STRING,0), "a2i_ASN1_STRING"}, -{ERR_PACK(0,ASN1_F_ASN1_CHECK_TLEN,0), "ASN1_CHECK_TLEN"}, -{ERR_PACK(0,ASN1_F_ASN1_COLLATE_PRIMITIVE,0), "ASN1_COLLATE_PRIMITIVE"}, -{ERR_PACK(0,ASN1_F_ASN1_COLLECT,0), "ASN1_COLLECT"}, -{ERR_PACK(0,ASN1_F_ASN1_D2I_BIO,0), "ASN1_d2i_bio"}, -{ERR_PACK(0,ASN1_F_ASN1_D2I_EX_PRIMITIVE,0), "ASN1_D2I_EX_PRIMITIVE"}, -{ERR_PACK(0,ASN1_F_ASN1_D2I_FP,0), "ASN1_d2i_fp"}, -{ERR_PACK(0,ASN1_F_ASN1_DO_ADB,0), "ASN1_DO_ADB"}, -{ERR_PACK(0,ASN1_F_ASN1_DUP,0), "ASN1_dup"}, -{ERR_PACK(0,ASN1_F_ASN1_ENUMERATED_SET,0), "ASN1_ENUMERATED_set"}, -{ERR_PACK(0,ASN1_F_ASN1_ENUMERATED_TO_BN,0), "ASN1_ENUMERATED_to_BN"}, -{ERR_PACK(0,ASN1_F_ASN1_GET_OBJECT,0), "ASN1_get_object"}, -{ERR_PACK(0,ASN1_F_ASN1_HEADER_NEW,0), "ASN1_HEADER_new"}, -{ERR_PACK(0,ASN1_F_ASN1_I2D_BIO,0), "ASN1_i2d_bio"}, -{ERR_PACK(0,ASN1_F_ASN1_I2D_FP,0), "ASN1_i2d_fp"}, -{ERR_PACK(0,ASN1_F_ASN1_INTEGER_SET,0), "ASN1_INTEGER_set"}, -{ERR_PACK(0,ASN1_F_ASN1_INTEGER_TO_BN,0), "ASN1_INTEGER_to_BN"}, -{ERR_PACK(0,ASN1_F_ASN1_ITEM_EX_D2I,0), "ASN1_ITEM_EX_D2I"}, -{ERR_PACK(0,ASN1_F_ASN1_ITEM_NEW,0), "ASN1_item_new"}, -{ERR_PACK(0,ASN1_F_ASN1_MBSTRING_COPY,0), "ASN1_mbstring_copy"}, -{ERR_PACK(0,ASN1_F_ASN1_OBJECT_NEW,0), "ASN1_OBJECT_new"}, -{ERR_PACK(0,ASN1_F_ASN1_PACK_STRING,0), "ASN1_pack_string"}, -{ERR_PACK(0,ASN1_F_ASN1_PBE_SET,0), "ASN1_PBE_SET"}, -{ERR_PACK(0,ASN1_F_ASN1_SEQ_PACK,0), "ASN1_seq_pack"}, -{ERR_PACK(0,ASN1_F_ASN1_SEQ_UNPACK,0), "ASN1_seq_unpack"}, -{ERR_PACK(0,ASN1_F_ASN1_SIGN,0), "ASN1_sign"}, -{ERR_PACK(0,ASN1_F_ASN1_STRING_TABLE_ADD,0), "ASN1_STRING_TABLE_add"}, -{ERR_PACK(0,ASN1_F_ASN1_STRING_TYPE_NEW,0), "ASN1_STRING_type_new"}, -{ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_D2I,0), "ASN1_TEMPLATE_D2I"}, -{ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_EX_D2I,0), "ASN1_TEMPLATE_EX_D2I"}, -{ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_NEW,0), "ASN1_TEMPLATE_NEW"}, -{ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,0), "ASN1_TYPE_get_int_octetstring"}, -{ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_OCTETSTRING,0), "ASN1_TYPE_get_octetstring"}, -{ERR_PACK(0,ASN1_F_ASN1_UNPACK_STRING,0), "ASN1_unpack_string"}, -{ERR_PACK(0,ASN1_F_ASN1_VERIFY,0), "ASN1_verify"}, -{ERR_PACK(0,ASN1_F_BN_TO_ASN1_ENUMERATED,0), "BN_to_ASN1_ENUMERATED"}, -{ERR_PACK(0,ASN1_F_BN_TO_ASN1_INTEGER,0), "BN_to_ASN1_INTEGER"}, -{ERR_PACK(0,ASN1_F_COLLECT_DATA,0), "COLLECT_DATA"}, -{ERR_PACK(0,ASN1_F_D2I_ASN1_BIT_STRING,0), "D2I_ASN1_BIT_STRING"}, -{ERR_PACK(0,ASN1_F_D2I_ASN1_BOOLEAN,0), "d2i_ASN1_BOOLEAN"}, -{ERR_PACK(0,ASN1_F_D2I_ASN1_BYTES,0), "d2i_ASN1_bytes"}, -{ERR_PACK(0,ASN1_F_D2I_ASN1_GENERALIZEDTIME,0), "D2I_ASN1_GENERALIZEDTIME"}, -{ERR_PACK(0,ASN1_F_D2I_ASN1_HEADER,0), "d2i_ASN1_HEADER"}, -{ERR_PACK(0,ASN1_F_D2I_ASN1_INTEGER,0), "D2I_ASN1_INTEGER"}, -{ERR_PACK(0,ASN1_F_D2I_ASN1_OBJECT,0), "d2i_ASN1_OBJECT"}, -{ERR_PACK(0,ASN1_F_D2I_ASN1_SET,0), "d2i_ASN1_SET"}, -{ERR_PACK(0,ASN1_F_D2I_ASN1_TYPE_BYTES,0), "d2i_ASN1_type_bytes"}, -{ERR_PACK(0,ASN1_F_D2I_ASN1_UINTEGER,0), "d2i_ASN1_UINTEGER"}, -{ERR_PACK(0,ASN1_F_D2I_ASN1_UTCTIME,0), "D2I_ASN1_UTCTIME"}, -{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA,0), "d2i_Netscape_RSA"}, -{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA_2,0), "D2I_NETSCAPE_RSA_2"}, -{ERR_PACK(0,ASN1_F_D2I_PRIVATEKEY,0), "d2i_PrivateKey"}, -{ERR_PACK(0,ASN1_F_D2I_PUBLICKEY,0), "d2i_PublicKey"}, -{ERR_PACK(0,ASN1_F_D2I_X509,0), "D2I_X509"}, -{ERR_PACK(0,ASN1_F_D2I_X509_CINF,0), "D2I_X509_CINF"}, -{ERR_PACK(0,ASN1_F_D2I_X509_NAME,0), "D2I_X509_NAME"}, -{ERR_PACK(0,ASN1_F_D2I_X509_PKEY,0), "d2i_X509_PKEY"}, -{ERR_PACK(0,ASN1_F_I2D_ASN1_TIME,0), "I2D_ASN1_TIME"}, -{ERR_PACK(0,ASN1_F_I2D_DSA_PUBKEY,0), "i2d_DSA_PUBKEY"}, -{ERR_PACK(0,ASN1_F_I2D_NETSCAPE_RSA,0), "i2d_Netscape_RSA"}, -{ERR_PACK(0,ASN1_F_I2D_PRIVATEKEY,0), "i2d_PrivateKey"}, -{ERR_PACK(0,ASN1_F_I2D_PUBLICKEY,0), "i2d_PublicKey"}, -{ERR_PACK(0,ASN1_F_I2D_RSA_PUBKEY,0), "i2d_RSA_PUBKEY"}, -{ERR_PACK(0,ASN1_F_LONG_C2I,0), "LONG_C2I"}, -{ERR_PACK(0,ASN1_F_OID_MODULE_INIT,0), "OID_MODULE_INIT"}, -{ERR_PACK(0,ASN1_F_PKCS5_PBE2_SET,0), "PKCS5_pbe2_set"}, -{ERR_PACK(0,ASN1_F_X509_CINF_NEW,0), "X509_CINF_NEW"}, -{ERR_PACK(0,ASN1_F_X509_CRL_ADD0_REVOKED,0), "X509_CRL_add0_revoked"}, -{ERR_PACK(0,ASN1_F_X509_INFO_NEW,0), "X509_INFO_new"}, -{ERR_PACK(0,ASN1_F_X509_NAME_NEW,0), "X509_NAME_NEW"}, -{ERR_PACK(0,ASN1_F_X509_NEW,0), "X509_NEW"}, -{ERR_PACK(0,ASN1_F_X509_PKEY_NEW,0), "X509_PKEY_new"}, -{0,NULL} - }; -static ERR_STRING_DATA ASN1_str_reasons[]= - { -{ASN1_R_ADDING_OBJECT ,"adding object"}, -{ASN1_R_AUX_ERROR ,"aux error"}, -{ASN1_R_BAD_CLASS ,"bad class"}, -{ASN1_R_BAD_OBJECT_HEADER ,"bad object header"}, -{ASN1_R_BAD_PASSWORD_READ ,"bad password read"}, -{ASN1_R_BAD_TAG ,"bad tag"}, -{ASN1_R_BN_LIB ,"bn lib"}, -{ASN1_R_BOOLEAN_IS_WRONG_LENGTH ,"boolean is wrong length"}, -{ASN1_R_BUFFER_TOO_SMALL ,"buffer too small"}, -{ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER ,"cipher has no object identifier"}, -{ASN1_R_DATA_IS_WRONG ,"data is wrong"}, -{ASN1_R_DECODE_ERROR ,"decode error"}, -{ASN1_R_DECODING_ERROR ,"decoding error"}, -{ASN1_R_ENCODE_ERROR ,"encode error"}, -{ASN1_R_ERROR_LOADING_SECTION ,"error loading section"}, -{ASN1_R_ERROR_PARSING_SET_ELEMENT ,"error parsing set element"}, -{ASN1_R_ERROR_SETTING_CIPHER_PARAMS ,"error setting cipher params"}, -{ASN1_R_EXPECTING_AN_INTEGER ,"expecting an integer"}, -{ASN1_R_EXPECTING_AN_OBJECT ,"expecting an object"}, -{ASN1_R_EXPECTING_A_BOOLEAN ,"expecting a boolean"}, -{ASN1_R_EXPECTING_A_TIME ,"expecting a time"}, -{ASN1_R_EXPLICIT_LENGTH_MISMATCH ,"explicit length mismatch"}, -{ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED ,"explicit tag not constructed"}, -{ASN1_R_FIELD_MISSING ,"field missing"}, -{ASN1_R_FIRST_NUM_TOO_LARGE ,"first num too large"}, -{ASN1_R_HEADER_TOO_LONG ,"header too long"}, -{ASN1_R_ILLEGAL_CHARACTERS ,"illegal characters"}, -{ASN1_R_ILLEGAL_NULL ,"illegal null"}, -{ASN1_R_ILLEGAL_OPTIONAL_ANY ,"illegal optional any"}, -{ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE ,"illegal options on item template"}, -{ASN1_R_ILLEGAL_TAGGED_ANY ,"illegal tagged any"}, -{ASN1_R_INTEGER_TOO_LARGE_FOR_LONG ,"integer too large for long"}, -{ASN1_R_INVALID_BMPSTRING_LENGTH ,"invalid bmpstring length"}, -{ASN1_R_INVALID_DIGIT ,"invalid digit"}, -{ASN1_R_INVALID_SEPARATOR ,"invalid separator"}, -{ASN1_R_INVALID_TIME_FORMAT ,"invalid time format"}, -{ASN1_R_INVALID_UNIVERSALSTRING_LENGTH ,"invalid universalstring length"}, -{ASN1_R_INVALID_UTF8STRING ,"invalid utf8string"}, -{ASN1_R_IV_TOO_LARGE ,"iv too large"}, -{ASN1_R_LENGTH_ERROR ,"length error"}, -{ASN1_R_MISSING_EOC ,"missing eoc"}, -{ASN1_R_MISSING_SECOND_NUMBER ,"missing second number"}, -{ASN1_R_MSTRING_NOT_UNIVERSAL ,"mstring not universal"}, -{ASN1_R_MSTRING_WRONG_TAG ,"mstring wrong tag"}, -{ASN1_R_NON_HEX_CHARACTERS ,"non hex characters"}, -{ASN1_R_NOT_ENOUGH_DATA ,"not enough data"}, -{ASN1_R_NO_MATCHING_CHOICE_TYPE ,"no matching choice type"}, -{ASN1_R_NULL_IS_WRONG_LENGTH ,"null is wrong length"}, -{ASN1_R_ODD_NUMBER_OF_CHARS ,"odd number of chars"}, -{ASN1_R_PRIVATE_KEY_HEADER_MISSING ,"private key header missing"}, -{ASN1_R_SECOND_NUMBER_TOO_LARGE ,"second number too large"}, -{ASN1_R_SEQUENCE_LENGTH_MISMATCH ,"sequence length mismatch"}, -{ASN1_R_SEQUENCE_NOT_CONSTRUCTED ,"sequence not constructed"}, -{ASN1_R_SHORT_LINE ,"short line"}, -{ASN1_R_STRING_TOO_LONG ,"string too long"}, -{ASN1_R_STRING_TOO_SHORT ,"string too short"}, -{ASN1_R_TAG_VALUE_TOO_HIGH ,"tag value too high"}, -{ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD,"the asn1 object identifier is not known for this md"}, -{ASN1_R_TOO_LONG ,"too long"}, -{ASN1_R_TYPE_NOT_CONSTRUCTED ,"type not constructed"}, -{ASN1_R_UNABLE_TO_DECODE_RSA_KEY ,"unable to decode rsa key"}, -{ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY ,"unable to decode rsa private key"}, -{ASN1_R_UNEXPECTED_EOC ,"unexpected eoc"}, -{ASN1_R_UNKNOWN_FORMAT ,"unknown format"}, -{ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM ,"unknown message digest algorithm"}, -{ASN1_R_UNKNOWN_OBJECT_TYPE ,"unknown object type"}, -{ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE ,"unknown public key type"}, -{ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE ,"unsupported any defined by type"}, -{ASN1_R_UNSUPPORTED_CIPHER ,"unsupported cipher"}, -{ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM ,"unsupported encryption algorithm"}, -{ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE ,"unsupported public key type"}, -{ASN1_R_WRONG_TAG ,"wrong tag"}, -{ASN1_R_WRONG_TYPE ,"wrong type"}, -{0,NULL} - }; +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ASN1,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ASN1,0,reason) -#endif +static ERR_STRING_DATA ASN1_str_functs[] = { + {ERR_FUNC(0xfff), "CRYPTO_internal"}, + {0, NULL} +}; -void ERR_load_ASN1_strings(void) - { - static int init=1; +static ERR_STRING_DATA ASN1_str_reasons[] = { + {ERR_REASON(ASN1_R_ADDING_OBJECT) , "adding object"}, + {ERR_REASON(ASN1_R_ASN1_PARSE_ERROR) , "asn1 parse error"}, + {ERR_REASON(ASN1_R_ASN1_SIG_PARSE_ERROR) , "asn1 sig parse error"}, + {ERR_REASON(ASN1_R_AUX_ERROR) , "aux error"}, + {ERR_REASON(ASN1_R_BAD_CLASS) , "bad class"}, + {ERR_REASON(ASN1_R_BAD_OBJECT_HEADER) , "bad object header"}, + {ERR_REASON(ASN1_R_BAD_PASSWORD_READ) , "bad password read"}, + {ERR_REASON(ASN1_R_BAD_TAG) , "bad tag"}, + {ERR_REASON(ASN1_R_BMPSTRING_IS_WRONG_LENGTH), "bmpstring is wrong length"}, + {ERR_REASON(ASN1_R_BN_LIB) , "bn lib"}, + {ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH), "boolean is wrong length"}, + {ERR_REASON(ASN1_R_BUFFER_TOO_SMALL) , "buffer too small"}, + {ERR_REASON(ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER), "cipher has no object identifier"}, + {ERR_REASON(ASN1_R_CONTEXT_NOT_INITIALISED), "context not initialised"}, + {ERR_REASON(ASN1_R_DATA_IS_WRONG) , "data is wrong"}, + {ERR_REASON(ASN1_R_DECODE_ERROR) , "decode error"}, + {ERR_REASON(ASN1_R_DECODING_ERROR) , "decoding error"}, + {ERR_REASON(ASN1_R_DEPTH_EXCEEDED) , "depth exceeded"}, + {ERR_REASON(ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED), "digest and key type not supported"}, + {ERR_REASON(ASN1_R_ENCODE_ERROR) , "encode error"}, + {ERR_REASON(ASN1_R_ERROR_GETTING_TIME) , "error getting time"}, + {ERR_REASON(ASN1_R_ERROR_LOADING_SECTION), "error loading section"}, + {ERR_REASON(ASN1_R_ERROR_PARSING_SET_ELEMENT), "error parsing set element"}, + {ERR_REASON(ASN1_R_ERROR_SETTING_CIPHER_PARAMS), "error setting cipher params"}, + {ERR_REASON(ASN1_R_EXPECTING_AN_INTEGER) , "expecting an integer"}, + {ERR_REASON(ASN1_R_EXPECTING_AN_OBJECT) , "expecting an object"}, + {ERR_REASON(ASN1_R_EXPECTING_A_BOOLEAN) , "expecting a boolean"}, + {ERR_REASON(ASN1_R_EXPECTING_A_TIME) , "expecting a time"}, + {ERR_REASON(ASN1_R_EXPLICIT_LENGTH_MISMATCH), "explicit length mismatch"}, + {ERR_REASON(ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED), "explicit tag not constructed"}, + {ERR_REASON(ASN1_R_FIELD_MISSING) , "field missing"}, + {ERR_REASON(ASN1_R_FIRST_NUM_TOO_LARGE) , "first num too large"}, + {ERR_REASON(ASN1_R_HEADER_TOO_LONG) , "header too long"}, + {ERR_REASON(ASN1_R_ILLEGAL_BITSTRING_FORMAT), "illegal bitstring format"}, + {ERR_REASON(ASN1_R_ILLEGAL_BOOLEAN) , "illegal boolean"}, + {ERR_REASON(ASN1_R_ILLEGAL_CHARACTERS) , "illegal characters"}, + {ERR_REASON(ASN1_R_ILLEGAL_FORMAT) , "illegal format"}, + {ERR_REASON(ASN1_R_ILLEGAL_HEX) , "illegal hex"}, + {ERR_REASON(ASN1_R_ILLEGAL_IMPLICIT_TAG) , "illegal implicit tag"}, + {ERR_REASON(ASN1_R_ILLEGAL_INTEGER) , "illegal integer"}, + {ERR_REASON(ASN1_R_ILLEGAL_NESTED_TAGGING), "illegal nested tagging"}, + {ERR_REASON(ASN1_R_ILLEGAL_NULL) , "illegal null"}, + {ERR_REASON(ASN1_R_ILLEGAL_NULL_VALUE) , "illegal null value"}, + {ERR_REASON(ASN1_R_ILLEGAL_OBJECT) , "illegal object"}, + {ERR_REASON(ASN1_R_ILLEGAL_OPTIONAL_ANY) , "illegal optional any"}, + {ERR_REASON(ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE), "illegal options on item template"}, + {ERR_REASON(ASN1_R_ILLEGAL_TAGGED_ANY) , "illegal tagged any"}, + {ERR_REASON(ASN1_R_ILLEGAL_TIME_VALUE) , "illegal time value"}, + {ERR_REASON(ASN1_R_INTEGER_NOT_ASCII_FORMAT), "integer not ascii format"}, + {ERR_REASON(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG), "integer too large for long"}, + {ERR_REASON(ASN1_R_INVALID_BIT_STRING_BITS_LEFT), "invalid bit string bits left"}, + {ERR_REASON(ASN1_R_INVALID_BMPSTRING_LENGTH), "invalid bmpstring length"}, + {ERR_REASON(ASN1_R_INVALID_DIGIT) , "invalid digit"}, + {ERR_REASON(ASN1_R_INVALID_MIME_TYPE) , "invalid mime type"}, + {ERR_REASON(ASN1_R_INVALID_MODIFIER) , "invalid modifier"}, + {ERR_REASON(ASN1_R_INVALID_NUMBER) , "invalid number"}, + {ERR_REASON(ASN1_R_INVALID_OBJECT_ENCODING), "invalid object encoding"}, + {ERR_REASON(ASN1_R_INVALID_SEPARATOR) , "invalid separator"}, + {ERR_REASON(ASN1_R_INVALID_TIME_FORMAT) , "invalid time format"}, + {ERR_REASON(ASN1_R_INVALID_UNIVERSALSTRING_LENGTH), "invalid universalstring length"}, + {ERR_REASON(ASN1_R_INVALID_UTF8STRING) , "invalid utf8string"}, + {ERR_REASON(ASN1_R_IV_TOO_LARGE) , "iv too large"}, + {ERR_REASON(ASN1_R_LENGTH_ERROR) , "length error"}, + {ERR_REASON(ASN1_R_LIST_ERROR) , "list error"}, + {ERR_REASON(ASN1_R_MIME_NO_CONTENT_TYPE) , "mime no content type"}, + {ERR_REASON(ASN1_R_MIME_PARSE_ERROR) , "mime parse error"}, + {ERR_REASON(ASN1_R_MIME_SIG_PARSE_ERROR) , "mime sig parse error"}, + {ERR_REASON(ASN1_R_MISSING_EOC) , "missing eoc"}, + {ERR_REASON(ASN1_R_MISSING_SECOND_NUMBER), "missing second number"}, + {ERR_REASON(ASN1_R_MISSING_VALUE) , "missing value"}, + {ERR_REASON(ASN1_R_MSTRING_NOT_UNIVERSAL), "mstring not universal"}, + {ERR_REASON(ASN1_R_MSTRING_WRONG_TAG) , "mstring wrong tag"}, + {ERR_REASON(ASN1_R_NESTED_ASN1_STRING) , "nested asn1 string"}, + {ERR_REASON(ASN1_R_NESTED_TOO_DEEP) , "nested too deep"}, + {ERR_REASON(ASN1_R_NON_HEX_CHARACTERS) , "non hex characters"}, + {ERR_REASON(ASN1_R_NOT_ASCII_FORMAT) , "not ascii format"}, + {ERR_REASON(ASN1_R_NOT_ENOUGH_DATA) , "not enough data"}, + {ERR_REASON(ASN1_R_NO_CONTENT_TYPE) , "no content type"}, + {ERR_REASON(ASN1_R_NO_DEFAULT_DIGEST) , "no default digest"}, + {ERR_REASON(ASN1_R_NO_MATCHING_CHOICE_TYPE), "no matching choice type"}, + {ERR_REASON(ASN1_R_NO_MULTIPART_BODY_FAILURE), "no multipart body failure"}, + {ERR_REASON(ASN1_R_NO_MULTIPART_BOUNDARY), "no multipart boundary"}, + {ERR_REASON(ASN1_R_NO_SIG_CONTENT_TYPE) , "no sig content type"}, + {ERR_REASON(ASN1_R_NULL_IS_WRONG_LENGTH) , "null is wrong length"}, + {ERR_REASON(ASN1_R_OBJECT_NOT_ASCII_FORMAT), "object not ascii format"}, + {ERR_REASON(ASN1_R_ODD_NUMBER_OF_CHARS) , "odd number of chars"}, + {ERR_REASON(ASN1_R_PRIVATE_KEY_HEADER_MISSING), "private key header missing"}, + {ERR_REASON(ASN1_R_SECOND_NUMBER_TOO_LARGE), "second number too large"}, + {ERR_REASON(ASN1_R_SEQUENCE_LENGTH_MISMATCH), "sequence length mismatch"}, + {ERR_REASON(ASN1_R_SEQUENCE_NOT_CONSTRUCTED), "sequence not constructed"}, + {ERR_REASON(ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG), "sequence or set needs config"}, + {ERR_REASON(ASN1_R_SHORT_LINE) , "short line"}, + {ERR_REASON(ASN1_R_SIG_INVALID_MIME_TYPE), "sig invalid mime type"}, + {ERR_REASON(ASN1_R_STREAMING_NOT_SUPPORTED), "streaming not supported"}, + {ERR_REASON(ASN1_R_STRING_TOO_LONG) , "string too long"}, + {ERR_REASON(ASN1_R_STRING_TOO_SHORT) , "string too short"}, + {ERR_REASON(ASN1_R_TAG_VALUE_TOO_HIGH) , "tag value too high"}, + {ERR_REASON(ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD), "the asn1 object identifier is not known for this md"}, + {ERR_REASON(ASN1_R_TIME_NOT_ASCII_FORMAT), "time not ascii format"}, + {ERR_REASON(ASN1_R_TOO_LONG) , "too long"}, + {ERR_REASON(ASN1_R_TYPE_NOT_CONSTRUCTED) , "type not constructed"}, + {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY), "unable to decode rsa key"}, + {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY), "unable to decode rsa private key"}, + {ERR_REASON(ASN1_R_UNEXPECTED_EOC) , "unexpected eoc"}, + {ERR_REASON(ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH), "universalstring is wrong length"}, + {ERR_REASON(ASN1_R_UNKNOWN_FORMAT) , "unknown format"}, + {ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM), "unknown message digest algorithm"}, + {ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE) , "unknown object type"}, + {ERR_REASON(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE), "unknown public key type"}, + {ERR_REASON(ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM), "unknown signature algorithm"}, + {ERR_REASON(ASN1_R_UNKNOWN_TAG) , "unknown tag"}, + {ERR_REASON(ASN1_R_UNKOWN_FORMAT) , "unknown format"}, + {ERR_REASON(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE), "unsupported any defined by type"}, + {ERR_REASON(ASN1_R_UNSUPPORTED_CIPHER) , "unsupported cipher"}, + {ERR_REASON(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM), "unsupported encryption algorithm"}, + {ERR_REASON(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE), "unsupported public key type"}, + {ERR_REASON(ASN1_R_UNSUPPORTED_TYPE) , "unsupported type"}, + {ERR_REASON(ASN1_R_WRONG_PUBLIC_KEY_TYPE), "wrong public key type"}, + {ERR_REASON(ASN1_R_WRONG_TAG) , "wrong tag"}, + {ERR_REASON(ASN1_R_WRONG_TYPE) , "wrong type"}, + {0, NULL} +}; - if (init) - { - init=0; -#ifndef OPENSSL_NO_ERR - ERR_load_strings(ERR_LIB_ASN1,ASN1_str_functs); - ERR_load_strings(ERR_LIB_ASN1,ASN1_str_reasons); #endif - } +void +ERR_load_ASN1_strings(void) +{ +#ifndef OPENSSL_NO_ERR + if (ERR_func_error_string(ASN1_str_functs[0].error) == NULL) { + ERR_load_strings(0, ASN1_str_functs); + ERR_load_strings(0, ASN1_str_reasons); } +#endif +} diff --git a/src/lib/libcrypto/asn1/asn1_gen.c b/src/lib/libcrypto/asn1/asn1_gen.c new file mode 100644 index 00000000000..ad7802cb11e --- /dev/null +++ b/src/lib/libcrypto/asn1/asn1_gen.c @@ -0,0 +1,801 @@ +/* $OpenBSD: asn1_gen.c,v 1.17 2018/04/25 11:48:21 tb Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2002. + */ +/* ==================================================================== + * Copyright (c) 2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include + +#include +#include +#include + +#define ASN1_GEN_FLAG 0x10000 +#define ASN1_GEN_FLAG_IMP (ASN1_GEN_FLAG|1) +#define ASN1_GEN_FLAG_EXP (ASN1_GEN_FLAG|2) +#define ASN1_GEN_FLAG_TAG (ASN1_GEN_FLAG|3) +#define ASN1_GEN_FLAG_BITWRAP (ASN1_GEN_FLAG|4) +#define ASN1_GEN_FLAG_OCTWRAP (ASN1_GEN_FLAG|5) +#define ASN1_GEN_FLAG_SEQWRAP (ASN1_GEN_FLAG|6) +#define ASN1_GEN_FLAG_SETWRAP (ASN1_GEN_FLAG|7) +#define ASN1_GEN_FLAG_FORMAT (ASN1_GEN_FLAG|8) + +#define ASN1_GEN_STR(str,val){str, sizeof(str) - 1, val} + +#define ASN1_FLAG_EXP_MAX 20 + +/* Input formats */ + +/* ASCII: default */ +#define ASN1_GEN_FORMAT_ASCII 1 +/* UTF8 */ +#define ASN1_GEN_FORMAT_UTF8 2 +/* Hex */ +#define ASN1_GEN_FORMAT_HEX 3 +/* List of bits */ +#define ASN1_GEN_FORMAT_BITLIST 4 + +struct tag_name_st { + const char *strnam; + int len; + int tag; +}; + +typedef struct { + int exp_tag; + int exp_class; + int exp_constructed; + int exp_pad; + long exp_len; +} tag_exp_type; + +typedef struct { + int imp_tag; + int imp_class; + int utype; + int format; + const char *str; + tag_exp_type exp_list[ASN1_FLAG_EXP_MAX]; + int exp_count; +} tag_exp_arg; + +static int bitstr_cb(const char *elem, int len, void *bitstr); +static int asn1_cb(const char *elem, int len, void *bitstr); +static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, + int exp_constructed, int exp_pad, int imp_ok); +static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass); +static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf); +static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype); +static int asn1_str2tag(const char *tagstr, int len); + +ASN1_TYPE * +ASN1_generate_nconf(const char *str, CONF *nconf) +{ + X509V3_CTX cnf; + + if (!nconf) + return ASN1_generate_v3(str, NULL); + + X509V3_set_nconf(&cnf, nconf); + return ASN1_generate_v3(str, &cnf); +} + +ASN1_TYPE * +ASN1_generate_v3(const char *str, X509V3_CTX *cnf) +{ + ASN1_TYPE *ret; + tag_exp_arg asn1_tags; + tag_exp_type *etmp; + + int i, len; + + unsigned char *orig_der = NULL, *new_der = NULL; + const unsigned char *cpy_start; + unsigned char *p; + const unsigned char *cp; + int cpy_len; + long hdr_len = 0; + int hdr_constructed = 0, hdr_tag, hdr_class; + int r; + + asn1_tags.imp_tag = -1; + asn1_tags.imp_class = -1; + asn1_tags.format = ASN1_GEN_FORMAT_ASCII; + asn1_tags.exp_count = 0; + if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0) + return NULL; + + if ((asn1_tags.utype == V_ASN1_SEQUENCE) || + (asn1_tags.utype == V_ASN1_SET)) { + if (!cnf) { + ASN1error(ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG); + return NULL; + } + ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf); + } else + ret = asn1_str2type(asn1_tags.str, asn1_tags.format, + asn1_tags.utype); + + if (!ret) + return NULL; + + /* If no tagging return base type */ + if ((asn1_tags.imp_tag == -1) && (asn1_tags.exp_count == 0)) + return ret; + + /* Generate the encoding */ + cpy_len = i2d_ASN1_TYPE(ret, &orig_der); + ASN1_TYPE_free(ret); + ret = NULL; + /* Set point to start copying for modified encoding */ + cpy_start = orig_der; + + /* Do we need IMPLICIT tagging? */ + if (asn1_tags.imp_tag != -1) { + /* If IMPLICIT we will replace the underlying tag */ + /* Skip existing tag+len */ + r = ASN1_get_object(&cpy_start, &hdr_len, &hdr_tag, + &hdr_class, cpy_len); + if (r & 0x80) + goto err; + /* Update copy length */ + cpy_len -= cpy_start - orig_der; + /* For IMPLICIT tagging the length should match the + * original length and constructed flag should be + * consistent. + */ + if (r & 0x1) { + /* Indefinite length constructed */ + hdr_constructed = 2; + hdr_len = 0; + } else + /* Just retain constructed flag */ + hdr_constructed = r & V_ASN1_CONSTRUCTED; + /* Work out new length with IMPLICIT tag: ignore constructed + * because it will mess up if indefinite length + */ + len = ASN1_object_size(0, hdr_len, asn1_tags.imp_tag); + } else + len = cpy_len; + + /* Work out length in any EXPLICIT, starting from end */ + + for (i = 0, etmp = asn1_tags.exp_list + asn1_tags.exp_count - 1; + i < asn1_tags.exp_count; i++, etmp--) { + /* Content length: number of content octets + any padding */ + len += etmp->exp_pad; + etmp->exp_len = len; + /* Total object length: length including new header */ + len = ASN1_object_size(0, len, etmp->exp_tag); + } + + /* Allocate buffer for new encoding */ + + new_der = malloc(len); + if (!new_der) + goto err; + + /* Generate tagged encoding */ + p = new_der; + + /* Output explicit tags first */ + for (i = 0, etmp = asn1_tags.exp_list; i < asn1_tags.exp_count; + i++, etmp++) { + ASN1_put_object(&p, etmp->exp_constructed, etmp->exp_len, + etmp->exp_tag, etmp->exp_class); + if (etmp->exp_pad) + *p++ = 0; + } + + /* If IMPLICIT, output tag */ + + if (asn1_tags.imp_tag != -1) { + if (asn1_tags.imp_class == V_ASN1_UNIVERSAL && + (asn1_tags.imp_tag == V_ASN1_SEQUENCE || + asn1_tags.imp_tag == V_ASN1_SET)) + hdr_constructed = V_ASN1_CONSTRUCTED; + ASN1_put_object(&p, hdr_constructed, hdr_len, + asn1_tags.imp_tag, asn1_tags.imp_class); + } + + /* Copy across original encoding */ + memcpy(p, cpy_start, cpy_len); + + cp = new_der; + + /* Obtain new ASN1_TYPE structure */ + ret = d2i_ASN1_TYPE(NULL, &cp, len); + +err: + free(orig_der); + free(new_der); + + return ret; +} + +static int +asn1_cb(const char *elem, int len, void *bitstr) +{ + tag_exp_arg *arg = bitstr; + int i; + int utype; + int vlen = 0; + const char *p, *vstart = NULL; + + int tmp_tag, tmp_class; + + for (i = 0, p = elem; i < len; p++, i++) { + /* Look for the ':' in name value pairs */ + if (*p == ':') { + vstart = p + 1; + vlen = len - (vstart - elem); + len = p - elem; + break; + } + } + + utype = asn1_str2tag(elem, len); + + if (utype == -1) { + ASN1error(ASN1_R_UNKNOWN_TAG); + ERR_asprintf_error_data("tag=%s", elem); + return -1; + } + + /* If this is not a modifier mark end of string and exit */ + if (!(utype & ASN1_GEN_FLAG)) { + arg->utype = utype; + arg->str = vstart; + /* If no value and not end of string, error */ + if (!vstart && elem[len]) { + ASN1error(ASN1_R_MISSING_VALUE); + return -1; + } + return 0; + } + + switch (utype) { + + case ASN1_GEN_FLAG_IMP: + /* Check for illegal multiple IMPLICIT tagging */ + if (arg->imp_tag != -1) { + ASN1error(ASN1_R_ILLEGAL_NESTED_TAGGING); + return -1; + } + if (!parse_tagging(vstart, vlen, &arg->imp_tag, + &arg->imp_class)) + return -1; + break; + + case ASN1_GEN_FLAG_EXP: + if (!parse_tagging(vstart, vlen, &tmp_tag, &tmp_class)) + return -1; + if (!append_exp(arg, tmp_tag, tmp_class, 1, 0, 0)) + return -1; + break; + + case ASN1_GEN_FLAG_SEQWRAP: + if (!append_exp(arg, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, 1, 0, 1)) + return -1; + break; + + case ASN1_GEN_FLAG_SETWRAP: + if (!append_exp(arg, V_ASN1_SET, V_ASN1_UNIVERSAL, 1, 0, 1)) + return -1; + break; + + case ASN1_GEN_FLAG_BITWRAP: + if (!append_exp(arg, V_ASN1_BIT_STRING, V_ASN1_UNIVERSAL, 0, 1, 1)) + return -1; + break; + + case ASN1_GEN_FLAG_OCTWRAP: + if (!append_exp(arg, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL, 0, 0, 1)) + return -1; + break; + + case ASN1_GEN_FLAG_FORMAT: + if (vstart == NULL) { + ASN1error(ASN1_R_ILLEGAL_FORMAT); + return -1; + } + if (!strncmp(vstart, "ASCII", 5)) + arg->format = ASN1_GEN_FORMAT_ASCII; + else if (!strncmp(vstart, "UTF8", 4)) + arg->format = ASN1_GEN_FORMAT_UTF8; + else if (!strncmp(vstart, "HEX", 3)) + arg->format = ASN1_GEN_FORMAT_HEX; + else if (!strncmp(vstart, "BITLIST", 7)) + arg->format = ASN1_GEN_FORMAT_BITLIST; + else { + ASN1error(ASN1_R_UNKOWN_FORMAT); + return -1; + } + break; + + } + + return 1; +} + +static int +parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass) +{ + long tag_num; + char *eptr; + + if (!vstart) + return 0; + tag_num = strtoul(vstart, &eptr, 10); + /* Check we haven't gone past max length: should be impossible */ + if (eptr && *eptr && (eptr > vstart + vlen)) + return 0; + if (tag_num < 0) { + ASN1error(ASN1_R_INVALID_NUMBER); + return 0; + } + *ptag = tag_num; + /* If we have non numeric characters, parse them */ + if (eptr) + vlen -= eptr - vstart; + else + vlen = 0; + if (vlen) { + switch (*eptr) { + + case 'U': + *pclass = V_ASN1_UNIVERSAL; + break; + + case 'A': + *pclass = V_ASN1_APPLICATION; + break; + + case 'P': + *pclass = V_ASN1_PRIVATE; + break; + + case 'C': + *pclass = V_ASN1_CONTEXT_SPECIFIC; + break; + + default: + ASN1error(ASN1_R_INVALID_MODIFIER); + ERR_asprintf_error_data("Char=%c", *eptr); + return 0; + break; + + } + } else + *pclass = V_ASN1_CONTEXT_SPECIFIC; + + return 1; + +} + +/* Handle multiple types: SET and SEQUENCE */ + +static ASN1_TYPE * +asn1_multi(int utype, const char *section, X509V3_CTX *cnf) +{ + ASN1_TYPE *ret = NULL; + STACK_OF(ASN1_TYPE) *sk = NULL; + STACK_OF(CONF_VALUE) *sect = NULL; + unsigned char *der = NULL; + int derlen; + int i; + sk = sk_ASN1_TYPE_new_null(); + if (!sk) + goto bad; + if (section) { + if (!cnf) + goto bad; + sect = X509V3_get_section(cnf, (char *)section); + if (!sect) + goto bad; + for (i = 0; i < sk_CONF_VALUE_num(sect); i++) { + ASN1_TYPE *typ = ASN1_generate_v3( + sk_CONF_VALUE_value(sect, i)->value, cnf); + if (!typ) + goto bad; + if (!sk_ASN1_TYPE_push(sk, typ)) + goto bad; + } + } + + /* Now we has a STACK of the components, convert to the correct form */ + + if (utype == V_ASN1_SET) + derlen = i2d_ASN1_SET_ANY(sk, &der); + else + derlen = i2d_ASN1_SEQUENCE_ANY(sk, &der); + + if (derlen < 0) + goto bad; + + if (!(ret = ASN1_TYPE_new())) + goto bad; + + if (!(ret->value.asn1_string = ASN1_STRING_type_new(utype))) + goto bad; + + ret->type = utype; + + ret->value.asn1_string->data = der; + ret->value.asn1_string->length = derlen; + + der = NULL; + +bad: + free(der); + if (sk) + sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free); + if (sect) + X509V3_section_free(cnf, sect); + + return ret; +} + +static int +append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_constructed, + int exp_pad, int imp_ok) +{ + tag_exp_type *exp_tmp; + + /* Can only have IMPLICIT if permitted */ + if ((arg->imp_tag != -1) && !imp_ok) { + ASN1error(ASN1_R_ILLEGAL_IMPLICIT_TAG); + return 0; + } + + if (arg->exp_count == ASN1_FLAG_EXP_MAX) { + ASN1error(ASN1_R_DEPTH_EXCEEDED); + return 0; + } + + exp_tmp = &arg->exp_list[arg->exp_count++]; + + /* If IMPLICIT set tag to implicit value then + * reset implicit tag since it has been used. + */ + if (arg->imp_tag != -1) { + exp_tmp->exp_tag = arg->imp_tag; + exp_tmp->exp_class = arg->imp_class; + arg->imp_tag = -1; + arg->imp_class = -1; + } else { + exp_tmp->exp_tag = exp_tag; + exp_tmp->exp_class = exp_class; + } + exp_tmp->exp_constructed = exp_constructed; + exp_tmp->exp_pad = exp_pad; + + return 1; +} + +static int +asn1_str2tag(const char *tagstr, int len) +{ + unsigned int i; + static const struct tag_name_st *tntmp, tnst [] = { + ASN1_GEN_STR("BOOL", V_ASN1_BOOLEAN), + ASN1_GEN_STR("BOOLEAN", V_ASN1_BOOLEAN), + ASN1_GEN_STR("NULL", V_ASN1_NULL), + ASN1_GEN_STR("INT", V_ASN1_INTEGER), + ASN1_GEN_STR("INTEGER", V_ASN1_INTEGER), + ASN1_GEN_STR("ENUM", V_ASN1_ENUMERATED), + ASN1_GEN_STR("ENUMERATED", V_ASN1_ENUMERATED), + ASN1_GEN_STR("OID", V_ASN1_OBJECT), + ASN1_GEN_STR("OBJECT", V_ASN1_OBJECT), + ASN1_GEN_STR("UTCTIME", V_ASN1_UTCTIME), + ASN1_GEN_STR("UTC", V_ASN1_UTCTIME), + ASN1_GEN_STR("GENERALIZEDTIME", V_ASN1_GENERALIZEDTIME), + ASN1_GEN_STR("GENTIME", V_ASN1_GENERALIZEDTIME), + ASN1_GEN_STR("OCT", V_ASN1_OCTET_STRING), + ASN1_GEN_STR("OCTETSTRING", V_ASN1_OCTET_STRING), + ASN1_GEN_STR("BITSTR", V_ASN1_BIT_STRING), + ASN1_GEN_STR("BITSTRING", V_ASN1_BIT_STRING), + ASN1_GEN_STR("UNIVERSALSTRING", V_ASN1_UNIVERSALSTRING), + ASN1_GEN_STR("UNIV", V_ASN1_UNIVERSALSTRING), + ASN1_GEN_STR("IA5", V_ASN1_IA5STRING), + ASN1_GEN_STR("IA5STRING", V_ASN1_IA5STRING), + ASN1_GEN_STR("UTF8", V_ASN1_UTF8STRING), + ASN1_GEN_STR("UTF8String", V_ASN1_UTF8STRING), + ASN1_GEN_STR("BMP", V_ASN1_BMPSTRING), + ASN1_GEN_STR("BMPSTRING", V_ASN1_BMPSTRING), + ASN1_GEN_STR("VISIBLESTRING", V_ASN1_VISIBLESTRING), + ASN1_GEN_STR("VISIBLE", V_ASN1_VISIBLESTRING), + ASN1_GEN_STR("PRINTABLESTRING", V_ASN1_PRINTABLESTRING), + ASN1_GEN_STR("PRINTABLE", V_ASN1_PRINTABLESTRING), + ASN1_GEN_STR("T61", V_ASN1_T61STRING), + ASN1_GEN_STR("T61STRING", V_ASN1_T61STRING), + ASN1_GEN_STR("TELETEXSTRING", V_ASN1_T61STRING), + ASN1_GEN_STR("GeneralString", V_ASN1_GENERALSTRING), + ASN1_GEN_STR("GENSTR", V_ASN1_GENERALSTRING), + ASN1_GEN_STR("NUMERIC", V_ASN1_NUMERICSTRING), + ASN1_GEN_STR("NUMERICSTRING", V_ASN1_NUMERICSTRING), + + /* Special cases */ + ASN1_GEN_STR("SEQUENCE", V_ASN1_SEQUENCE), + ASN1_GEN_STR("SEQ", V_ASN1_SEQUENCE), + ASN1_GEN_STR("SET", V_ASN1_SET), + /* type modifiers */ + /* Explicit tag */ + ASN1_GEN_STR("EXP", ASN1_GEN_FLAG_EXP), + ASN1_GEN_STR("EXPLICIT", ASN1_GEN_FLAG_EXP), + /* Implicit tag */ + ASN1_GEN_STR("IMP", ASN1_GEN_FLAG_IMP), + ASN1_GEN_STR("IMPLICIT", ASN1_GEN_FLAG_IMP), + /* OCTET STRING wrapper */ + ASN1_GEN_STR("OCTWRAP", ASN1_GEN_FLAG_OCTWRAP), + /* SEQUENCE wrapper */ + ASN1_GEN_STR("SEQWRAP", ASN1_GEN_FLAG_SEQWRAP), + /* SET wrapper */ + ASN1_GEN_STR("SETWRAP", ASN1_GEN_FLAG_SETWRAP), + /* BIT STRING wrapper */ + ASN1_GEN_STR("BITWRAP", ASN1_GEN_FLAG_BITWRAP), + ASN1_GEN_STR("FORM", ASN1_GEN_FLAG_FORMAT), + ASN1_GEN_STR("FORMAT", ASN1_GEN_FLAG_FORMAT), + }; + + if (len == -1) + len = strlen(tagstr); + + tntmp = tnst; + for (i = 0; i < sizeof(tnst) / sizeof(struct tag_name_st); + i++, tntmp++) { + if ((len == tntmp->len) && !strncmp(tntmp->strnam, tagstr, len)) + return tntmp->tag; + } + + return -1; +} + +static ASN1_TYPE * +asn1_str2type(const char *str, int format, int utype) +{ + ASN1_TYPE *atmp = NULL; + CONF_VALUE vtmp; + unsigned char *rdata; + long rdlen; + int no_unused = 1; + + if (!(atmp = ASN1_TYPE_new())) { + ASN1error(ERR_R_MALLOC_FAILURE); + return NULL; + } + + if (!str) + str = ""; + + switch (utype) { + + case V_ASN1_NULL: + if (str && *str) { + ASN1error(ASN1_R_ILLEGAL_NULL_VALUE); + goto bad_form; + } + break; + + case V_ASN1_BOOLEAN: + if (format != ASN1_GEN_FORMAT_ASCII) { + ASN1error(ASN1_R_NOT_ASCII_FORMAT); + goto bad_form; + } + vtmp.name = NULL; + vtmp.section = NULL; + vtmp.value = (char *)str; + if (!X509V3_get_value_bool(&vtmp, &atmp->value.boolean)) { + ASN1error(ASN1_R_ILLEGAL_BOOLEAN); + goto bad_str; + } + break; + + case V_ASN1_INTEGER: + case V_ASN1_ENUMERATED: + if (format != ASN1_GEN_FORMAT_ASCII) { + ASN1error(ASN1_R_INTEGER_NOT_ASCII_FORMAT); + goto bad_form; + } + if (!(atmp->value.integer = + s2i_ASN1_INTEGER(NULL, (char *)str))) { + ASN1error(ASN1_R_ILLEGAL_INTEGER); + goto bad_str; + } + break; + + case V_ASN1_OBJECT: + if (format != ASN1_GEN_FORMAT_ASCII) { + ASN1error(ASN1_R_OBJECT_NOT_ASCII_FORMAT); + goto bad_form; + } + if (!(atmp->value.object = OBJ_txt2obj(str, 0))) { + ASN1error(ASN1_R_ILLEGAL_OBJECT); + goto bad_str; + } + break; + + case V_ASN1_UTCTIME: + case V_ASN1_GENERALIZEDTIME: + if (format != ASN1_GEN_FORMAT_ASCII) { + ASN1error(ASN1_R_TIME_NOT_ASCII_FORMAT); + goto bad_form; + } + if (!(atmp->value.asn1_string = ASN1_STRING_new())) { + ASN1error(ERR_R_MALLOC_FAILURE); + goto bad_str; + } + if (!ASN1_STRING_set(atmp->value.asn1_string, str, -1)) { + ASN1error(ERR_R_MALLOC_FAILURE); + goto bad_str; + } + atmp->value.asn1_string->type = utype; + if (!ASN1_TIME_check(atmp->value.asn1_string)) { + ASN1error(ASN1_R_ILLEGAL_TIME_VALUE); + goto bad_str; + } + break; + + case V_ASN1_BMPSTRING: + case V_ASN1_PRINTABLESTRING: + case V_ASN1_IA5STRING: + case V_ASN1_T61STRING: + case V_ASN1_UTF8STRING: + case V_ASN1_VISIBLESTRING: + case V_ASN1_UNIVERSALSTRING: + case V_ASN1_GENERALSTRING: + case V_ASN1_NUMERICSTRING: + + if (format == ASN1_GEN_FORMAT_ASCII) + format = MBSTRING_ASC; + else if (format == ASN1_GEN_FORMAT_UTF8) + format = MBSTRING_UTF8; + else { + ASN1error(ASN1_R_ILLEGAL_FORMAT); + goto bad_form; + } + + if (ASN1_mbstring_copy(&atmp->value.asn1_string, + (unsigned char *)str, -1, format, + ASN1_tag2bit(utype)) <= 0) { + ASN1error(ERR_R_MALLOC_FAILURE); + goto bad_str; + } + break; + + case V_ASN1_BIT_STRING: + case V_ASN1_OCTET_STRING: + if (!(atmp->value.asn1_string = ASN1_STRING_new())) { + ASN1error(ERR_R_MALLOC_FAILURE); + goto bad_form; + } + + if (format == ASN1_GEN_FORMAT_HEX) { + + if (!(rdata = string_to_hex((char *)str, &rdlen))) { + ASN1error(ASN1_R_ILLEGAL_HEX); + goto bad_str; + } + + atmp->value.asn1_string->data = rdata; + atmp->value.asn1_string->length = rdlen; + atmp->value.asn1_string->type = utype; + + } else if (format == ASN1_GEN_FORMAT_ASCII) { + if (ASN1_STRING_set(atmp->value.asn1_string, str, + -1) == 0) { + ASN1error(ERR_R_MALLOC_FAILURE); + goto bad_str; + } + } else if ((format == ASN1_GEN_FORMAT_BITLIST) && + (utype == V_ASN1_BIT_STRING)) { + if (!CONF_parse_list(str, ',', 1, bitstr_cb, + atmp->value.bit_string)) { + ASN1error(ASN1_R_LIST_ERROR); + goto bad_str; + } + no_unused = 0; + + } else { + ASN1error(ASN1_R_ILLEGAL_BITSTRING_FORMAT); + goto bad_form; + } + + if ((utype == V_ASN1_BIT_STRING) && no_unused) { + atmp->value.asn1_string->flags &= + ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); + atmp->value.asn1_string->flags |= + ASN1_STRING_FLAG_BITS_LEFT; + } + + break; + + default: + ASN1error(ASN1_R_UNSUPPORTED_TYPE); + goto bad_str; + break; + } + + atmp->type = utype; + return atmp; + +bad_str: + ERR_asprintf_error_data("string=%s", str); +bad_form: + ASN1_TYPE_free(atmp); + return NULL; +} + +static int +bitstr_cb(const char *elem, int len, void *bitstr) +{ + long bitnum; + char *eptr; + + if (!elem) + return 0; + bitnum = strtoul(elem, &eptr, 10); + if (eptr && *eptr && (eptr != elem + len)) + return 0; + if (bitnum < 0) { + ASN1error(ASN1_R_INVALID_NUMBER); + return 0; + } + if (!ASN1_BIT_STRING_set_bit(bitstr, bitnum, 1)) { + ASN1error(ERR_R_MALLOC_FAILURE); + return 0; + } + return 1; +} diff --git a/src/lib/libcrypto/asn1/asn1_lib.c b/src/lib/libcrypto/asn1/asn1_lib.c index f210be9559a..5dc520c428e 100644 --- a/src/lib/libcrypto/asn1/asn1_lib.c +++ b/src/lib/libcrypto/asn1/asn1_lib.c @@ -1,25 +1,25 @@ -/* crypto/asn1/asn1_lib.c */ +/* $OpenBSD: asn1_lib.c,v 1.44 2018/11/17 09:34:11 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,381 +49,388 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ -#include #include -#include "cryptlib.h" +#include +#include + #include +#include -static int asn1_get_length(unsigned char **pp,int *inf,long *rl,int max); +static int asn1_get_length(const unsigned char **pp, int *inf, long *rl, int max); static void asn1_put_length(unsigned char **pp, int length); -const char *ASN1_version="ASN.1" OPENSSL_VERSION_PTEXT; -int ASN1_check_infinite_end(unsigned char **p, long len) - { +static int +_asn1_check_infinite_end(const unsigned char **p, long len) +{ /* If there is 0 or 1 byte left, the length check should pick * things up */ if (len <= 0) - return(1); - else if ((len >= 2) && ((*p)[0] == 0) && ((*p)[1] == 0)) - { - (*p)+=2; - return(1); - } - return(0); + return (1); + else if ((len >= 2) && ((*p)[0] == 0) && ((*p)[1] == 0)) { + (*p) += 2; + return (1); } - - -int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, int *pclass, - long omax) - { - int i,ret; + return (0); +} + +int +ASN1_check_infinite_end(unsigned char **p, long len) +{ + return _asn1_check_infinite_end((const unsigned char **)p, len); +} + +int +ASN1_const_check_infinite_end(const unsigned char **p, long len) +{ + return _asn1_check_infinite_end(p, len); +} + +int +ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, + int *pclass, long omax) +{ + int i, ret; long l; - unsigned char *p= *pp; - int tag,xclass,inf; - long max=omax; - - if (!max) goto err; - ret=(*p&V_ASN1_CONSTRUCTED); - xclass=(*p&V_ASN1_PRIVATE); - i= *p&V_ASN1_PRIMITIVE_TAG; - if (i == V_ASN1_PRIMITIVE_TAG) - { /* high-tag */ + const unsigned char *p = *pp; + int tag, xclass, inf; + long max = omax; + + if (!max) + goto err; + ret = (*p & V_ASN1_CONSTRUCTED); + xclass = (*p & V_ASN1_PRIVATE); + i = *p & V_ASN1_PRIMITIVE_TAG; + if (i == V_ASN1_PRIMITIVE_TAG) { /* high-tag */ p++; - if (--max == 0) goto err; - l=0; - while (*p&0x80) - { - l<<=7L; - l|= *(p++)&0x7f; - if (--max == 0) goto err; - } - l<<=7L; - l|= *(p++)&0x7f; - tag=(int)l; + if (--max == 0) + goto err; + l = 0; + while (*p & 0x80) { + l <<= 7L; + l |= *(p++) & 0x7f; + if (--max == 0) + goto err; + if (l > (INT_MAX >> 7L)) + goto err; } - else - { - tag=i; + l <<= 7L; + l |= *(p++) & 0x7f; + tag = (int)l; + if (--max == 0) + goto err; + } else { + tag = i; p++; - if (--max == 0) goto err; - } - *ptag=tag; - *pclass=xclass; - if (!asn1_get_length(&p,&inf,plength,(int)max)) goto err; - -#if 0 - fprintf(stderr,"p=%d + *plength=%ld > omax=%ld + *pp=%d (%d > %d)\n", - (int)p,*plength,omax,(int)*pp,(int)(p+ *plength), - (int)(omax+ *pp)); - -#endif - if (*plength > (omax - (p - *pp))) - { - ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG); + if (--max == 0) + goto err; + } + *ptag = tag; + *pclass = xclass; + if (!asn1_get_length(&p, &inf, plength, (int)max)) + goto err; + + if (inf && !(ret & V_ASN1_CONSTRUCTED)) + goto err; + + if (*plength > (omax - (p - *pp))) { + ASN1error(ASN1_R_TOO_LONG); /* Set this so that even if things are not long enough * the values are set correctly */ - ret|=0x80; - } - *pp=p; - return(ret|inf); -err: - ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_HEADER_TOO_LONG); - return(0x80); + ret |= 0x80; } + *pp = p; + return (ret | inf); -static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max) - { - unsigned char *p= *pp; - unsigned long ret=0; - int i; - - if (max-- < 1) return(0); - if (*p == 0x80) - { - *inf=1; - ret=0; +err: + ASN1error(ASN1_R_HEADER_TOO_LONG); + return (0x80); +} + +static int +asn1_get_length(const unsigned char **pp, int *inf, long *rl, int max) +{ + const unsigned char *p = *pp; + unsigned long ret = 0; + unsigned int i; + + if (max-- < 1) + return (0); + if (*p == 0x80) { + *inf = 1; + ret = 0; p++; - } - else - { - *inf=0; - i= *p&0x7f; - if (*(p++) & 0x80) - { + } else { + *inf = 0; + i = *p & 0x7f; + if (*(p++) & 0x80) { + if (max < (int)i) + return (0); + /* skip leading zeroes */ + while (i && *p == 0) { + p++; + i--; + } if (i > sizeof(long)) return 0; - if (max-- == 0) return(0); - while (i-- > 0) - { - ret<<=8L; - ret|= *(p++); - if (max-- == 0) return(0); - } + while (i-- > 0) { + ret <<= 8L; + ret |= *(p++); } - else - ret=i; - } + } else + ret = i; + } if (ret > LONG_MAX) return 0; - *pp=p; - *rl=(long)ret; - return(1); - } + *pp = p; + *rl = (long)ret; + return (1); +} /* class 0 is constructed * constructed == 2 for indefinite length constructed */ -void ASN1_put_object(unsigned char **pp, int constructed, int length, int tag, - int xclass) - { - unsigned char *p= *pp; +void +ASN1_put_object(unsigned char **pp, int constructed, int length, int tag, + int xclass) +{ + unsigned char *p = *pp; int i, ttag; - i=(constructed)?V_ASN1_CONSTRUCTED:0; - i|=(xclass&V_ASN1_PRIVATE); + i = (constructed) ? V_ASN1_CONSTRUCTED : 0; + i |= (xclass & V_ASN1_PRIVATE); if (tag < 31) - *(p++)=i|(tag&V_ASN1_PRIMITIVE_TAG); - else - { - *(p++)=i|V_ASN1_PRIMITIVE_TAG; - for(i = 0, ttag = tag; ttag > 0; i++) ttag >>=7; + *(p++) = i | (tag & V_ASN1_PRIMITIVE_TAG); + else { + *(p++) = i | V_ASN1_PRIMITIVE_TAG; + for(i = 0, ttag = tag; ttag > 0; i++) + ttag >>= 7; ttag = i; - while(i-- > 0) - { + while (i-- > 0) { p[i] = tag & 0x7f; - if(i != (ttag - 1)) p[i] |= 0x80; + if (i != (ttag - 1)) + p[i] |= 0x80; tag >>= 7; - } - p += ttag; } - if ((constructed == 2) && (length == 0)) - *(p++)=0x80; /* der_put_length would output 0 instead */ - else - asn1_put_length(&p,length); - *pp=p; + p += ttag; } - -static void asn1_put_length(unsigned char **pp, int length) - { - unsigned char *p= *pp; - int i,l; - if (length <= 127) - *(p++)=(unsigned char)length; + if (constructed == 2) + *(p++) = 0x80; else - { - l=length; - for (i=0; l > 0; i++) - l>>=8; - *(p++)=i|0x80; - l=i; - while (i-- > 0) - { - p[i]=length&0xff; - length>>=8; - } - p+=l; + asn1_put_length(&p, length); + *pp = p; +} + +int +ASN1_put_eoc(unsigned char **pp) +{ + unsigned char *p = *pp; + + *p++ = 0; + *p++ = 0; + *pp = p; + return 2; +} + +static void +asn1_put_length(unsigned char **pp, int length) +{ + unsigned char *p = *pp; + + int i, l; + if (length <= 127) + *(p++) = (unsigned char)length; + else { + l = length; + for (i = 0; l > 0; i++) + l >>= 8; + *(p++) = i | 0x80; + l = i; + while (i-- > 0) { + p[i] = length & 0xff; + length >>= 8; } - *pp=p; + p += l; } + *pp = p; +} -int ASN1_object_size(int constructed, int length, int tag) - { +int +ASN1_object_size(int constructed, int length, int tag) +{ int ret; - ret=length; + ret = length; ret++; - if (tag >= 31) - { - while (tag > 0) - { - tag>>=7; + if (tag >= 31) { + while (tag > 0) { + tag >>= 7; ret++; - } } - if ((length == 0) && (constructed == 2)) - ret+=2; + } + if (constructed == 2) + return ret + 3; ret++; - if (length > 127) - { - while (length > 0) - { - length>>=8; + if (length > 127) { + while (length > 0) { + length >>= 8; ret++; - } - } - return(ret); - } - -int asn1_Finish(ASN1_CTX *c) - { - if ((c->inf == (1|V_ASN1_CONSTRUCTED)) && (!c->eos)) - { - if (!ASN1_check_infinite_end(&c->p,c->slen)) - { - c->error=ERR_R_MISSING_ASN1_EOS; - return(0); - } - } - if ( ((c->slen != 0) && !(c->inf & 1)) || - ((c->slen < 0) && (c->inf & 1))) - { - c->error=ERR_R_ASN1_LENGTH_MISMATCH; - return(0); } - return(1); } + return (ret); +} -int asn1_GetSequence(ASN1_CTX *c, long *length) - { - unsigned char *q; - - q=c->p; - c->inf=ASN1_get_object(&(c->p),&(c->slen),&(c->tag),&(c->xclass), - *length); - if (c->inf & 0x80) - { - c->error=ERR_R_BAD_GET_ASN1_OBJECT_CALL; - return(0); - } - if (c->tag != V_ASN1_SEQUENCE) - { - c->error=ERR_R_EXPECTING_AN_ASN1_SEQUENCE; - return(0); - } - (*length)-=(c->p-q); - if (c->max && (*length < 0)) - { - c->error=ERR_R_ASN1_LENGTH_MISMATCH; - return(0); - } - if (c->inf == (1|V_ASN1_CONSTRUCTED)) - c->slen= *length+ *(c->pp)-c->p; - c->eos=0; - return(1); - } +int +ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str) +{ + if (str == NULL) + return 0; + dst->type = str->type; + if (!ASN1_STRING_set(dst, str->data, str->length)) + return 0; + dst->flags = str->flags; + return 1; +} -ASN1_STRING *ASN1_STRING_dup(ASN1_STRING *str) - { +ASN1_STRING * +ASN1_STRING_dup(const ASN1_STRING *str) +{ ASN1_STRING *ret; - if (str == NULL) return(NULL); - if ((ret=ASN1_STRING_type_new(str->type)) == NULL) - return(NULL); - if (!ASN1_STRING_set(ret,str->data,str->length)) - { + if (!str) + return NULL; + ret = ASN1_STRING_new(); + if (!ret) + return NULL; + if (!ASN1_STRING_copy(ret, str)) { ASN1_STRING_free(ret); - return(NULL); - } - ret->flags = str->flags; - return(ret); + return NULL; } + return ret; +} -int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len) - { - unsigned char *c; - const char *data=_data; +int +ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len) +{ + const char *data = _data; - if (len < 0) - { + if (len < 0) { if (data == NULL) - return(0); + return (0); else - len=strlen(data); - } - if ((str->length < len) || (str->data == NULL)) - { - c=str->data; - if (c == NULL) - str->data=OPENSSL_malloc(len+1); - else - str->data=OPENSSL_realloc(c,len+1); - - if (str->data == NULL) - { - str->data=c; - return(0); - } - } - str->length=len; - if (data != NULL) - { - memcpy(str->data,data,len); - /* an allowance for strings :-) */ - str->data[len]='\0'; + len = strlen(data); + } + if ((str->length < len) || (str->data == NULL)) { + unsigned char *tmp; + tmp = realloc(str->data, len + 1); + if (tmp == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); + return (0); } - return(1); + str->data = tmp; } - -ASN1_STRING *ASN1_STRING_new(void) - { - return(ASN1_STRING_type_new(V_ASN1_OCTET_STRING)); + str->length = len; + if (data != NULL) { + memmove(str->data, data, len); } - - -ASN1_STRING *ASN1_STRING_type_new(int type) - { + str->data[str->length] = '\0'; + return (1); +} + +void +ASN1_STRING_set0(ASN1_STRING *str, void *data, int len) +{ + freezero(str->data, str->length); + str->data = data; + str->length = len; +} + +ASN1_STRING * +ASN1_STRING_new(void) +{ + return (ASN1_STRING_type_new(V_ASN1_OCTET_STRING)); +} + +ASN1_STRING * +ASN1_STRING_type_new(int type) +{ ASN1_STRING *ret; - ret=(ASN1_STRING *)OPENSSL_malloc(sizeof(ASN1_STRING)); - if (ret == NULL) - { - ASN1err(ASN1_F_ASN1_STRING_TYPE_NEW,ERR_R_MALLOC_FAILURE); - return(NULL); - } - ret->length=0; - ret->type=type; - ret->data=NULL; - ret->flags=0; - return(ret); - } - -void ASN1_STRING_free(ASN1_STRING *a) - { - if (a == NULL) return; - if (a->data != NULL) OPENSSL_free(a->data); - OPENSSL_free(a); + ret = malloc(sizeof(ASN1_STRING)); + if (ret == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); + return (NULL); } - -int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b) - { + ret->length = 0; + ret->type = type; + ret->data = NULL; + ret->flags = 0; + return (ret); +} + +void +ASN1_STRING_free(ASN1_STRING *a) +{ + if (a == NULL) + return; + if (a->data != NULL && !(a->flags & ASN1_STRING_FLAG_NDEF)) + freezero(a->data, a->length); + free(a); +} + +int +ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b) +{ int i; - i=(a->length-b->length); - if (i == 0) - { - i=memcmp(a->data,b->data,a->length); + i = (a->length - b->length); + if (i == 0) { + i = memcmp(a->data, b->data, a->length); if (i == 0) - return(a->type-b->type); + return (a->type - b->type); else - return(i); - } - else - return(i); - } - -void asn1_add_error(unsigned char *address, int offset) - { - char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1]; - - sprintf(buf1,"%lu",(unsigned long)address); - sprintf(buf2,"%d",offset); - ERR_add_error_data(4,"address=",buf1," offset=",buf2); - } - -int ASN1_STRING_length(ASN1_STRING *x) -{ return M_ASN1_STRING_length(x); } - -void ASN1_STRING_length_set(ASN1_STRING *x, int len) -{ M_ASN1_STRING_length_set(x, len); return; } - -int ASN1_STRING_type(ASN1_STRING *x) -{ return M_ASN1_STRING_type(x); } - -unsigned char * ASN1_STRING_data(ASN1_STRING *x) -{ return M_ASN1_STRING_data(x); } + return (i); + } else + return (i); +} + +void +asn1_add_error(const unsigned char *address, int offset) +{ + ERR_asprintf_error_data("offset=%d", offset); +} + +int +ASN1_STRING_length(const ASN1_STRING *x) +{ + return (x->length); +} + +void +ASN1_STRING_length_set(ASN1_STRING *x, int len) +{ + x->length = len; +} + +int +ASN1_STRING_type(const ASN1_STRING *x) +{ + return (x->type); +} + +unsigned char * +ASN1_STRING_data(ASN1_STRING *x) +{ + return (x->data); +} + +const unsigned char * +ASN1_STRING_get0_data(const ASN1_STRING *x) +{ + return (x->data); +} diff --git a/src/lib/libcrypto/asn1/asn1_locl.h b/src/lib/libcrypto/asn1/asn1_locl.h new file mode 100644 index 00000000000..5ade6c7e3fd --- /dev/null +++ b/src/lib/libcrypto/asn1/asn1_locl.h @@ -0,0 +1,155 @@ +/* $OpenBSD: asn1_locl.h,v 1.11 2018/08/24 20:22:15 tb Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2006. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +__BEGIN_HIDDEN_DECLS + +/* Internal ASN1 structures and functions: not for application use */ + +/* ASN1 print context structure */ + +struct asn1_pctx_st { + unsigned long flags; + unsigned long nm_flags; + unsigned long cert_flags; + unsigned long oid_flags; + unsigned long str_flags; +} /* ASN1_PCTX */; + +/* ASN1 public key method structure */ + +struct evp_pkey_asn1_method_st { + int pkey_id; + int pkey_base_id; + unsigned long pkey_flags; + + char *pem_str; + char *info; + + int (*pub_decode)(EVP_PKEY *pk, X509_PUBKEY *pub); + int (*pub_encode)(X509_PUBKEY *pub, const EVP_PKEY *pk); + int (*pub_cmp)(const EVP_PKEY *a, const EVP_PKEY *b); + int (*pub_print)(BIO *out, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *pctx); + + int (*priv_decode)(EVP_PKEY *pk, const PKCS8_PRIV_KEY_INFO *p8inf); + int (*priv_encode)(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk); + int (*priv_print)(BIO *out, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *pctx); + + int (*pkey_size)(const EVP_PKEY *pk); + int (*pkey_bits)(const EVP_PKEY *pk); + + int (*param_decode)(EVP_PKEY *pkey, const unsigned char **pder, + int derlen); + int (*param_encode)(const EVP_PKEY *pkey, unsigned char **pder); + int (*param_missing)(const EVP_PKEY *pk); + int (*param_copy)(EVP_PKEY *to, const EVP_PKEY *from); + int (*param_cmp)(const EVP_PKEY *a, const EVP_PKEY *b); + int (*param_print)(BIO *out, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *pctx); + int (*sig_print)(BIO *out, const X509_ALGOR *sigalg, + const ASN1_STRING *sig, int indent, ASN1_PCTX *pctx); + + void (*pkey_free)(EVP_PKEY *pkey); + int (*pkey_ctrl)(EVP_PKEY *pkey, int op, long arg1, void *arg2); + + /* Legacy functions for old PEM */ + + int (*old_priv_decode)(EVP_PKEY *pkey, const unsigned char **pder, + int derlen); + int (*old_priv_encode)(const EVP_PKEY *pkey, unsigned char **pder); + /* Custom ASN1 signature verification */ + int (*item_verify)(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, + X509_ALGOR *a, ASN1_BIT_STRING *sig, EVP_PKEY *pkey); + int (*item_sign)(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, + X509_ALGOR *alg1, X509_ALGOR *alg2, ASN1_BIT_STRING *sig); + +} /* EVP_PKEY_ASN1_METHOD */; + +/* Method to handle CRL access. + * In general a CRL could be very large (several Mb) and can consume large + * amounts of resources if stored in memory by multiple processes. + * This method allows general CRL operations to be redirected to more + * efficient callbacks: for example a CRL entry database. + */ + +#define X509_CRL_METHOD_DYNAMIC 1 + +struct x509_crl_method_st { + int flags; + int (*crl_init)(X509_CRL *crl); + int (*crl_free)(X509_CRL *crl); + int (*crl_lookup)(X509_CRL *crl, X509_REVOKED **ret, + ASN1_INTEGER *ser, X509_NAME *issuer); + int (*crl_verify)(X509_CRL *crl, EVP_PKEY *pk); +}; + +/* + * Unicode codepoint constants + */ +#define UNICODE_MAX 0x10FFFF +#define UNICODE_SURROGATE_MIN 0x00D800 +#define UNICODE_SURROGATE_MAX 0x00DFFF + +#define UNICODE_IS_SURROGATE(x) \ + ((x) >= UNICODE_SURROGATE_MIN && (x) <= UNICODE_SURROGATE_MAX) + +int UTF8_getc(const unsigned char *str, int len, unsigned long *val); +int UTF8_putc(unsigned char *str, int len, unsigned long value); + +__END_HIDDEN_DECLS diff --git a/src/lib/libcrypto/asn1/asn1_mac.h b/src/lib/libcrypto/asn1/asn1_mac.h deleted file mode 100644 index a48649ceeb3..00000000000 --- a/src/lib/libcrypto/asn1/asn1_mac.h +++ /dev/null @@ -1,560 +0,0 @@ -/* crypto/asn1/asn1_mac.h */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#ifndef HEADER_ASN1_MAC_H -#define HEADER_ASN1_MAC_H - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -#ifndef ASN1_MAC_ERR_LIB -#define ASN1_MAC_ERR_LIB ERR_LIB_ASN1 -#endif - -#define ASN1_MAC_H_err(f,r,line) \ - ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),__FILE__,(line)) - -#define M_ASN1_D2I_vars(a,type,func) \ - ASN1_CTX c; \ - type ret=NULL; \ - \ - c.pp=(unsigned char **)pp; \ - c.q= *(unsigned char **)pp; \ - c.error=ERR_R_NESTED_ASN1_ERROR; \ - if ((a == NULL) || ((*a) == NULL)) \ - { if ((ret=(type)func()) == NULL) \ - { c.line=__LINE__; goto err; } } \ - else ret=(*a); - -#define M_ASN1_D2I_Init() \ - c.p= *(unsigned char **)pp; \ - c.max=(length == 0)?0:(c.p+length); - -#define M_ASN1_D2I_Finish_2(a) \ - if (!asn1_Finish(&c)) \ - { c.line=__LINE__; goto err; } \ - *(unsigned char **)pp=c.p; \ - if (a != NULL) (*a)=ret; \ - return(ret); - -#define M_ASN1_D2I_Finish(a,func,e) \ - M_ASN1_D2I_Finish_2(a); \ -err:\ - ASN1_MAC_H_err((e),c.error,c.line); \ - asn1_add_error(*(unsigned char **)pp,(int)(c.q- *pp)); \ - if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \ - return(NULL) - -#define M_ASN1_D2I_start_sequence() \ - if (!asn1_GetSequence(&c,&length)) \ - { c.line=__LINE__; goto err; } -/* Begin reading ASN1 without a surrounding sequence */ -#define M_ASN1_D2I_begin() \ - c.slen = length; - -/* End reading ASN1 with no check on length */ -#define M_ASN1_D2I_Finish_nolen(a, func, e) \ - *pp=c.p; \ - if (a != NULL) (*a)=ret; \ - return(ret); \ -err:\ - ASN1_MAC_H_err((e),c.error,c.line); \ - asn1_add_error(*pp,(int)(c.q- *pp)); \ - if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \ - return(NULL) - -#define M_ASN1_D2I_end_sequence() \ - (((c.inf&1) == 0)?(c.slen <= 0): \ - (c.eos=ASN1_check_infinite_end(&c.p,c.slen))) - -/* Don't use this with d2i_ASN1_BOOLEAN() */ -#define M_ASN1_D2I_get(b,func) \ - c.q=c.p; \ - if (func(&(b),&c.p,c.slen) == NULL) \ - {c.line=__LINE__; goto err; } \ - c.slen-=(c.p-c.q); - -/* use this instead () */ -#define M_ASN1_D2I_get_int(b,func) \ - c.q=c.p; \ - if (func(&(b),&c.p,c.slen) < 0) \ - {c.line=__LINE__; goto err; } \ - c.slen-=(c.p-c.q); - -#define M_ASN1_D2I_get_opt(b,func,type) \ - if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) \ - == (V_ASN1_UNIVERSAL|(type)))) \ - { \ - M_ASN1_D2I_get(b,func); \ - } - -#define M_ASN1_D2I_get_imp(b,func, type) \ - M_ASN1_next=(_tmp& V_ASN1_CONSTRUCTED)|type; \ - c.q=c.p; \ - if (func(&(b),&c.p,c.slen) == NULL) \ - {c.line=__LINE__; M_ASN1_next_prev = _tmp; goto err; } \ - c.slen-=(c.p-c.q);\ - M_ASN1_next_prev=_tmp; - -#define M_ASN1_D2I_get_IMP_opt(b,func,tag,type) \ - if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) == \ - (V_ASN1_CONTEXT_SPECIFIC|(tag)))) \ - { \ - unsigned char _tmp = M_ASN1_next; \ - M_ASN1_D2I_get_imp(b,func, type);\ - } - -#define M_ASN1_D2I_get_set(r,func,free_func) \ - M_ASN1_D2I_get_imp_set(r,func,free_func, \ - V_ASN1_SET,V_ASN1_UNIVERSAL); - -#define M_ASN1_D2I_get_set_type(type,r,func,free_func) \ - M_ASN1_D2I_get_imp_set_type(type,r,func,free_func, \ - V_ASN1_SET,V_ASN1_UNIVERSAL); - -#define M_ASN1_D2I_get_set_opt(r,func,free_func) \ - if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \ - V_ASN1_CONSTRUCTED|V_ASN1_SET)))\ - { M_ASN1_D2I_get_set(r,func,free_func); } - -#define M_ASN1_D2I_get_set_opt_type(type,r,func,free_func) \ - if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \ - V_ASN1_CONSTRUCTED|V_ASN1_SET)))\ - { M_ASN1_D2I_get_set_type(type,r,func,free_func); } - -#define M_ASN1_I2D_len_SET_opt(a,f) \ - if ((a != NULL) && (sk_num(a) != 0)) \ - M_ASN1_I2D_len_SET(a,f); - -#define M_ASN1_I2D_put_SET_opt(a,f) \ - if ((a != NULL) && (sk_num(a) != 0)) \ - M_ASN1_I2D_put_SET(a,f); - -#define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \ - if ((a != NULL) && (sk_num(a) != 0)) \ - M_ASN1_I2D_put_SEQUENCE(a,f); - -#define M_ASN1_I2D_put_SEQUENCE_opt_type(type,a,f) \ - if ((a != NULL) && (sk_##type##_num(a) != 0)) \ - M_ASN1_I2D_put_SEQUENCE_type(type,a,f); - -#define M_ASN1_D2I_get_IMP_set_opt(b,func,free_func,tag) \ - if ((c.slen != 0) && \ - (M_ASN1_next == \ - (V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\ - { \ - M_ASN1_D2I_get_imp_set(b,func,free_func,\ - tag,V_ASN1_CONTEXT_SPECIFIC); \ - } - -#define M_ASN1_D2I_get_IMP_set_opt_type(type,b,func,free_func,tag) \ - if ((c.slen != 0) && \ - (M_ASN1_next == \ - (V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\ - { \ - M_ASN1_D2I_get_imp_set_type(type,b,func,free_func,\ - tag,V_ASN1_CONTEXT_SPECIFIC); \ - } - -#define M_ASN1_D2I_get_seq(r,func,free_func) \ - M_ASN1_D2I_get_imp_set(r,func,free_func,\ - V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL); - -#define M_ASN1_D2I_get_seq_type(type,r,func,free_func) \ - M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\ - V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL) - -#define M_ASN1_D2I_get_seq_opt(r,func,free_func) \ - if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \ - V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\ - { M_ASN1_D2I_get_seq(r,func,free_func); } - -#define M_ASN1_D2I_get_seq_opt_type(type,r,func,free_func) \ - if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \ - V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\ - { M_ASN1_D2I_get_seq_type(type,r,func,free_func); } - -#define M_ASN1_D2I_get_IMP_set(r,func,free_func,x) \ - M_ASN1_D2I_get_imp_set(r,func,free_func,\ - x,V_ASN1_CONTEXT_SPECIFIC); - -#define M_ASN1_D2I_get_IMP_set_type(type,r,func,free_func,x) \ - M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\ - x,V_ASN1_CONTEXT_SPECIFIC); - -#define M_ASN1_D2I_get_imp_set(r,func,free_func,a,b) \ - c.q=c.p; \ - if (d2i_ASN1_SET(&(r),&c.p,c.slen,(char *(*)())func,\ - (void (*)())free_func,a,b) == NULL) \ - { c.line=__LINE__; goto err; } \ - c.slen-=(c.p-c.q); - -#define M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,a,b) \ - c.q=c.p; \ - if (d2i_ASN1_SET_OF_##type(&(r),&c.p,c.slen,func,\ - free_func,a,b) == NULL) \ - { c.line=__LINE__; goto err; } \ - c.slen-=(c.p-c.q); - -#define M_ASN1_D2I_get_set_strings(r,func,a,b) \ - c.q=c.p; \ - if (d2i_ASN1_STRING_SET(&(r),&c.p,c.slen,a,b) == NULL) \ - { c.line=__LINE__; goto err; } \ - c.slen-=(c.p-c.q); - -#define M_ASN1_D2I_get_EXP_opt(r,func,tag) \ - if ((c.slen != 0L) && (M_ASN1_next == \ - (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \ - { \ - int Tinf,Ttag,Tclass; \ - long Tlen; \ - \ - c.q=c.p; \ - Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \ - if (Tinf & 0x80) \ - { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \ - c.line=__LINE__; goto err; } \ - if (Tinf == (V_ASN1_CONSTRUCTED+1)) \ - Tlen = c.slen - (c.p - c.q) - 2; \ - if (func(&(r),&c.p,Tlen) == NULL) \ - { c.line=__LINE__; goto err; } \ - if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \ - Tlen = c.slen - (c.p - c.q); \ - if(!ASN1_check_infinite_end(&c.p, Tlen)) \ - { c.error=ERR_R_MISSING_ASN1_EOS; \ - c.line=__LINE__; goto err; } \ - }\ - c.slen-=(c.p-c.q); \ - } - -#define M_ASN1_D2I_get_EXP_set_opt(r,func,free_func,tag,b) \ - if ((c.slen != 0) && (M_ASN1_next == \ - (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \ - { \ - int Tinf,Ttag,Tclass; \ - long Tlen; \ - \ - c.q=c.p; \ - Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \ - if (Tinf & 0x80) \ - { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \ - c.line=__LINE__; goto err; } \ - if (Tinf == (V_ASN1_CONSTRUCTED+1)) \ - Tlen = c.slen - (c.p - c.q) - 2; \ - if (d2i_ASN1_SET(&(r),&c.p,Tlen,(char *(*)())func, \ - (void (*)())free_func, \ - b,V_ASN1_UNIVERSAL) == NULL) \ - { c.line=__LINE__; goto err; } \ - if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \ - Tlen = c.slen - (c.p - c.q); \ - if(!ASN1_check_infinite_end(&c.p, Tlen)) \ - { c.error=ERR_R_MISSING_ASN1_EOS; \ - c.line=__LINE__; goto err; } \ - }\ - c.slen-=(c.p-c.q); \ - } - -#define M_ASN1_D2I_get_EXP_set_opt_type(type,r,func,free_func,tag,b) \ - if ((c.slen != 0) && (M_ASN1_next == \ - (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \ - { \ - int Tinf,Ttag,Tclass; \ - long Tlen; \ - \ - c.q=c.p; \ - Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \ - if (Tinf & 0x80) \ - { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \ - c.line=__LINE__; goto err; } \ - if (Tinf == (V_ASN1_CONSTRUCTED+1)) \ - Tlen = c.slen - (c.p - c.q) - 2; \ - if (d2i_ASN1_SET_OF_##type(&(r),&c.p,Tlen,func, \ - free_func,b,V_ASN1_UNIVERSAL) == NULL) \ - { c.line=__LINE__; goto err; } \ - if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \ - Tlen = c.slen - (c.p - c.q); \ - if(!ASN1_check_infinite_end(&c.p, Tlen)) \ - { c.error=ERR_R_MISSING_ASN1_EOS; \ - c.line=__LINE__; goto err; } \ - }\ - c.slen-=(c.p-c.q); \ - } - -/* New macros */ -#define M_ASN1_New_Malloc(ret,type) \ - if ((ret=(type *)OPENSSL_malloc(sizeof(type))) == NULL) \ - { c.line=__LINE__; goto err2; } - -#define M_ASN1_New(arg,func) \ - if (((arg)=func()) == NULL) return(NULL) - -#define M_ASN1_New_Error(a) \ -/* err: ASN1_MAC_H_err((a),ERR_R_NESTED_ASN1_ERROR,c.line); \ - return(NULL);*/ \ - err2: ASN1_MAC_H_err((a),ERR_R_MALLOC_FAILURE,c.line); \ - return(NULL) - - -#define M_ASN1_next (*c.p) -#define M_ASN1_next_prev (*c.q) - -/*************************************************/ - -#define M_ASN1_I2D_vars(a) int r=0,ret=0; \ - unsigned char *p; \ - if (a == NULL) return(0) - -/* Length Macros */ -#define M_ASN1_I2D_len(a,f) ret+=f(a,NULL) -#define M_ASN1_I2D_len_IMP_opt(a,f) if (a != NULL) M_ASN1_I2D_len(a,f) - -#define M_ASN1_I2D_len_SET(a,f) \ - ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET); - -#define M_ASN1_I2D_len_SET_type(type,a,f) \ - ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SET, \ - V_ASN1_UNIVERSAL,IS_SET); - -#define M_ASN1_I2D_len_SEQUENCE(a,f) \ - ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, \ - IS_SEQUENCE); - -#define M_ASN1_I2D_len_SEQUENCE_type(type,a,f) \ - ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SEQUENCE, \ - V_ASN1_UNIVERSAL,IS_SEQUENCE) - -#define M_ASN1_I2D_len_SEQUENCE_opt(a,f) \ - if ((a != NULL) && (sk_num(a) != 0)) \ - M_ASN1_I2D_len_SEQUENCE(a,f); - -#define M_ASN1_I2D_len_SEQUENCE_opt_type(type,a,f) \ - if ((a != NULL) && (sk_##type##_num(a) != 0)) \ - M_ASN1_I2D_len_SEQUENCE_type(type,a,f); - -#define M_ASN1_I2D_len_IMP_SET(a,f,x) \ - ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET); - -#define M_ASN1_I2D_len_IMP_SET_type(type,a,f,x) \ - ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \ - V_ASN1_CONTEXT_SPECIFIC,IS_SET); - -#define M_ASN1_I2D_len_IMP_SET_opt(a,f,x) \ - if ((a != NULL) && (sk_num(a) != 0)) \ - ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \ - IS_SET); - -#define M_ASN1_I2D_len_IMP_SET_opt_type(type,a,f,x) \ - if ((a != NULL) && (sk_##type##_num(a) != 0)) \ - ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \ - V_ASN1_CONTEXT_SPECIFIC,IS_SET); - -#define M_ASN1_I2D_len_IMP_SEQUENCE(a,f,x) \ - ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \ - IS_SEQUENCE); - -#define M_ASN1_I2D_len_IMP_SEQUENCE_opt(a,f,x) \ - if ((a != NULL) && (sk_num(a) != 0)) \ - ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \ - IS_SEQUENCE); - -#define M_ASN1_I2D_len_IMP_SEQUENCE_opt_type(type,a,f,x) \ - if ((a != NULL) && (sk_##type##_num(a) != 0)) \ - ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \ - V_ASN1_CONTEXT_SPECIFIC, \ - IS_SEQUENCE); - -#define M_ASN1_I2D_len_EXP_opt(a,f,mtag,v) \ - if (a != NULL)\ - { \ - v=f(a,NULL); \ - ret+=ASN1_object_size(1,v,mtag); \ - } - -#define M_ASN1_I2D_len_EXP_SET_opt(a,f,mtag,tag,v) \ - if ((a != NULL) && (sk_num(a) != 0))\ - { \ - v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL,IS_SET); \ - ret+=ASN1_object_size(1,v,mtag); \ - } - -#define M_ASN1_I2D_len_EXP_SEQUENCE_opt(a,f,mtag,tag,v) \ - if ((a != NULL) && (sk_num(a) != 0))\ - { \ - v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL, \ - IS_SEQUENCE); \ - ret+=ASN1_object_size(1,v,mtag); \ - } - -#define M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \ - if ((a != NULL) && (sk_##type##_num(a) != 0))\ - { \ - v=i2d_ASN1_SET_OF_##type(a,NULL,f,tag, \ - V_ASN1_UNIVERSAL, \ - IS_SEQUENCE); \ - ret+=ASN1_object_size(1,v,mtag); \ - } - -/* Put Macros */ -#define M_ASN1_I2D_put(a,f) f(a,&p) - -#define M_ASN1_I2D_put_IMP_opt(a,f,t) \ - if (a != NULL) \ - { \ - unsigned char *q=p; \ - f(a,&p); \ - *q=(V_ASN1_CONTEXT_SPECIFIC|t|(*q&V_ASN1_CONSTRUCTED));\ - } - -#define M_ASN1_I2D_put_SET(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SET,\ - V_ASN1_UNIVERSAL,IS_SET) -#define M_ASN1_I2D_put_SET_type(type,a,f) \ - i2d_ASN1_SET_OF_##type(a,&p,f,V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET) -#define M_ASN1_I2D_put_IMP_SET(a,f,x) i2d_ASN1_SET(a,&p,f,x,\ - V_ASN1_CONTEXT_SPECIFIC,IS_SET) -#define M_ASN1_I2D_put_IMP_SET_type(type,a,f,x) \ - i2d_ASN1_SET_OF_##type(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET) -#define M_ASN1_I2D_put_IMP_SEQUENCE(a,f,x) i2d_ASN1_SET(a,&p,f,x,\ - V_ASN1_CONTEXT_SPECIFIC,IS_SEQUENCE) - -#define M_ASN1_I2D_put_SEQUENCE(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SEQUENCE,\ - V_ASN1_UNIVERSAL,IS_SEQUENCE) - -#define M_ASN1_I2D_put_SEQUENCE_type(type,a,f) \ - i2d_ASN1_SET_OF_##type(a,&p,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, \ - IS_SEQUENCE) - -#define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \ - if ((a != NULL) && (sk_num(a) != 0)) \ - M_ASN1_I2D_put_SEQUENCE(a,f); - -#define M_ASN1_I2D_put_IMP_SET_opt(a,f,x) \ - if ((a != NULL) && (sk_num(a) != 0)) \ - { i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC, \ - IS_SET); } - -#define M_ASN1_I2D_put_IMP_SET_opt_type(type,a,f,x) \ - if ((a != NULL) && (sk_##type##_num(a) != 0)) \ - { i2d_ASN1_SET_OF_##type(a,&p,f,x, \ - V_ASN1_CONTEXT_SPECIFIC, \ - IS_SET); } - -#define M_ASN1_I2D_put_IMP_SEQUENCE_opt(a,f,x) \ - if ((a != NULL) && (sk_num(a) != 0)) \ - { i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC, \ - IS_SEQUENCE); } - -#define M_ASN1_I2D_put_IMP_SEQUENCE_opt_type(type,a,f,x) \ - if ((a != NULL) && (sk_##type##_num(a) != 0)) \ - { i2d_ASN1_SET_OF_##type(a,&p,f,x, \ - V_ASN1_CONTEXT_SPECIFIC, \ - IS_SEQUENCE); } - -#define M_ASN1_I2D_put_EXP_opt(a,f,tag,v) \ - if (a != NULL) \ - { \ - ASN1_put_object(&p,1,v,tag,V_ASN1_CONTEXT_SPECIFIC); \ - f(a,&p); \ - } - -#define M_ASN1_I2D_put_EXP_SET_opt(a,f,mtag,tag,v) \ - if ((a != NULL) && (sk_num(a) != 0)) \ - { \ - ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \ - i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL,IS_SET); \ - } - -#define M_ASN1_I2D_put_EXP_SEQUENCE_opt(a,f,mtag,tag,v) \ - if ((a != NULL) && (sk_num(a) != 0)) \ - { \ - ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \ - i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL,IS_SEQUENCE); \ - } - -#define M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \ - if ((a != NULL) && (sk_##type##_num(a) != 0)) \ - { \ - ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \ - i2d_ASN1_SET_OF_##type(a,&p,f,tag,V_ASN1_UNIVERSAL, \ - IS_SEQUENCE); \ - } - -#define M_ASN1_I2D_seq_total() \ - r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE); \ - if (pp == NULL) return(r); \ - p= *pp; \ - ASN1_put_object(&p,1,ret,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL) - -#define M_ASN1_I2D_INF_seq_start(tag,ctx) \ - *(p++)=(V_ASN1_CONSTRUCTED|(tag)|(ctx)); \ - *(p++)=0x80 - -#define M_ASN1_I2D_INF_seq_end() *(p++)=0x00; *(p++)=0x00 - -#define M_ASN1_I2D_finish() *pp=p; \ - return(r); - -int asn1_GetSequence(ASN1_CTX *c, long *length); -void asn1_add_error(unsigned char *address,int offset); -#ifdef __cplusplus -} -#endif - -#endif diff --git a/src/lib/libcrypto/asn1/asn1_par.c b/src/lib/libcrypto/asn1/asn1_par.c index facfdd27fca..21f92d298d7 100644 --- a/src/lib/libcrypto/asn1/asn1_par.c +++ b/src/lib/libcrypto/asn1/asn1_par.c @@ -1,25 +1,25 @@ -/* crypto/asn1/asn1_par.c */ +/* $OpenBSD: asn1_par.c,v 1.27 2019/03/24 16:07:25 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,367 +57,348 @@ */ #include -#include "cryptlib.h" + +#include #include #include -#include -static int asn1_print_info(BIO *bp, int tag, int xclass,int constructed, - int indent); -static int asn1_parse2(BIO *bp, unsigned char **pp, long length, - int offset, int depth, int indent, int dump); static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed, - int indent) - { - static const char fmt[]="%-18s"; - static const char fmt2[]="%2d %-15s"; + int indent); +static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, + int offset, int depth, int indent, int dump); + +static int +asn1_print_info(BIO *bp, int tag, int xclass, int constructed, + int indent) +{ char str[128]; - const char *p,*p2=NULL; + const char *p; if (constructed & V_ASN1_CONSTRUCTED) p="cons: "; else p="prim: "; - if (BIO_write(bp,p,6) < 6) goto err; - if (indent) - { - if (indent > 128) indent=128; - memset(str,' ',indent); - if (BIO_write(bp,str,indent) < indent) goto err; - } + if (BIO_write(bp, p, 6) < 6) + goto err; + BIO_indent(bp, indent, 128); - p=str; + p = str; if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE) - sprintf(str,"priv [ %d ] ",tag); + snprintf(str, sizeof str, "priv [ %d ] ", tag); else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC) - sprintf(str,"cont [ %d ]",tag); + snprintf(str, sizeof str, "cont [ %d ]", tag); else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION) - sprintf(str,"appl [ %d ]",tag); - else p = ASN1_tag2str(tag); - - if (p2 != NULL) - { - if (BIO_printf(bp,fmt2,tag,p2) <= 0) goto err; - } + snprintf(str, sizeof str, "appl [ %d ]", tag); + else if (tag > 30) + snprintf(str, sizeof str, "", tag); else - { - if (BIO_printf(bp,fmt,p) <= 0) goto err; - } - return(1); + p = ASN1_tag2str(tag); + + if (BIO_printf(bp, "%-18s", p) <= 0) + goto err; + return (1); err: - return(0); - } + return (0); +} -int ASN1_parse(BIO *bp, unsigned char *pp, long len, int indent) - { - return(asn1_parse2(bp,&pp,len,0,0,indent,0)); - } +int +ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent) +{ + return (asn1_parse2(bp, &pp, len, 0, 0, indent, 0)); +} -int ASN1_parse_dump(BIO *bp, unsigned char *pp, long len, int indent, int dump) - { - return(asn1_parse2(bp,&pp,len,0,0,indent,dump)); - } +int +ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent, int dump) +{ + return (asn1_parse2(bp, &pp, len, 0, 0, indent, dump)); +} -static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset, - int depth, int indent, int dump) - { - unsigned char *p,*ep,*tot,*op,*opp; +static int +asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offset, + int depth, int indent, int dump) +{ + const unsigned char *p, *ep, *tot, *op, *opp; long len; - int tag,xclass,ret=0; - int nl,hl,j,r; - ASN1_OBJECT *o=NULL; - ASN1_OCTET_STRING *os=NULL; + int tag, xclass, ret = 0; + int nl, hl, j, r; + ASN1_OBJECT *o = NULL; + ASN1_OCTET_STRING *os = NULL; /* ASN1_BMPSTRING *bmp=NULL;*/ int dump_indent; -#if 0 - dump_indent = indent; -#else dump_indent = 6; /* Because we know BIO_dump_indent() */ -#endif - p= *pp; - tot=p+length; - op=p-1; - while ((p < tot) && (op < p)) - { - op=p; - j=ASN1_get_object(&p,&len,&tag,&xclass,length); -#ifdef LINT - j=j; -#endif - if (j & 0x80) - { - if (BIO_write(bp,"Error in encoding\n",18) <= 0) + p = *pp; + tot = p + length; + op = p - 1; + if (depth > 128) { + BIO_printf(bp, "Max depth exceeded\n"); + goto end; + } + while ((p < tot) && (op < p)) { + op = p; + j = ASN1_get_object(&p, &len, &tag, &xclass, length); + + if (j & 0x80) { + if (BIO_write(bp, "Error in encoding\n", 18) <= 0) goto end; - ret=0; + ret = 0; goto end; - } - hl=(p-op); - length-=hl; + } + hl = (p - op); + length -= hl; /* if j == 0x21 it is a constructed indefinite length object */ - if (BIO_printf(bp,"%5ld:",(long)offset+(long)(op- *pp)) - <= 0) goto end; + if (BIO_printf(bp, "%5ld:", (long)offset + + (long)(op - *pp)) <= 0) + goto end; - if (j != (V_ASN1_CONSTRUCTED | 1)) - { - if (BIO_printf(bp,"d=%-2d hl=%ld l=%4ld ", - depth,(long)hl,len) <= 0) + if (j != (V_ASN1_CONSTRUCTED | 1)) { + if (BIO_printf(bp, "d=%-2d hl=%ld l=%4ld ", + depth, (long)hl, len) <= 0) goto end; - } - else - { - if (BIO_printf(bp,"d=%-2d hl=%ld l=inf ", - depth,(long)hl) <= 0) + } else { + if (BIO_printf(bp, "d=%-2d hl=%ld l=inf ", + depth, (long)hl) <= 0) goto end; - } - if (!asn1_print_info(bp,tag,xclass,j,(indent)?depth:0)) + } + if (!asn1_print_info(bp, tag, xclass, j, (indent) ? depth : 0)) goto end; - if (j & V_ASN1_CONSTRUCTED) - { - ep=p+len; - if (BIO_write(bp,"\n",1) <= 0) goto end; - if (len > length) - { - BIO_printf(bp, - "length is greater than %ld\n",length); - ret=0; + if (j & V_ASN1_CONSTRUCTED) { + ep = p + len; + if (BIO_write(bp, "\n", 1) <= 0) goto end; - } - if ((j == 0x21) && (len == 0)) - { - for (;;) - { - r=asn1_parse2(bp,&p,(long)(tot-p), - offset+(p - *pp),depth+1, - indent,dump); - if (r == 0) { ret=0; goto end; } - if ((r == 2) || (p >= tot)) break; + if (len > length) { + BIO_printf(bp, "length is greater than %ld\n", + length); + ret = 0; + goto end; + } + if ((j == 0x21) && (len == 0)) { + for (;;) { + r = asn1_parse2(bp, &p, (long)(tot - p), + offset + (p - *pp), depth + 1, + indent, dump); + if (r == 0) { + ret = 0; + goto end; + } + if ((r == 2) || (p >= tot)) { + len = (long)(p - ep); + break; } } - else - while (p < ep) - { - r=asn1_parse2(bp,&p,(long)len, - offset+(p - *pp),depth+1, - indent,dump); - if (r == 0) { ret=0; goto end; } + } else { + while (p < ep) { + r = asn1_parse2(bp, &p, (long)(ep - p), + offset + (p - *pp), depth + 1, + indent, dump); + if (r == 0) { + ret = 0; + goto end; } + } } - else if (xclass != 0) - { - p+=len; - if (BIO_write(bp,"\n",1) <= 0) goto end; - } - else - { - nl=0; - if ( (tag == V_ASN1_PRINTABLESTRING) || - (tag == V_ASN1_T61STRING) || - (tag == V_ASN1_IA5STRING) || - (tag == V_ASN1_VISIBLESTRING) || - (tag == V_ASN1_UTCTIME) || - (tag == V_ASN1_GENERALIZEDTIME)) - { - if (BIO_write(bp,":",1) <= 0) goto end; + } else if (xclass != 0) { + p += len; + if (BIO_write(bp, "\n", 1) <= 0) + goto end; + } else { + nl = 0; + if ((tag == V_ASN1_PRINTABLESTRING) || + (tag == V_ASN1_T61STRING) || + (tag == V_ASN1_IA5STRING) || + (tag == V_ASN1_VISIBLESTRING) || + (tag == V_ASN1_NUMERICSTRING) || + (tag == V_ASN1_UTF8STRING) || + (tag == V_ASN1_UTCTIME) || + (tag == V_ASN1_GENERALIZEDTIME)) { + if (BIO_write(bp, ":", 1) <= 0) + goto end; if ((len > 0) && - BIO_write(bp,(char *)p,(int)len) - != (int)len) + BIO_write(bp, (const char *)p, (int)len) != + (int)len) goto end; - } - else if (tag == V_ASN1_OBJECT) - { - opp=op; - if (d2i_ASN1_OBJECT(&o,&opp,len+hl) != NULL) - { - if (BIO_write(bp,":",1) <= 0) goto end; - i2a_ASN1_OBJECT(bp,o); - } - else - { - if (BIO_write(bp,":BAD OBJECT",11) <= 0) + } else if (tag == V_ASN1_OBJECT) { + opp = op; + if (d2i_ASN1_OBJECT(&o, &opp, len + hl) != + NULL) { + if (BIO_write(bp, ":", 1) <= 0) + goto end; + i2a_ASN1_OBJECT(bp, o); + } else { + if (BIO_write(bp, ":BAD OBJECT", + 11) <= 0) goto end; - } } - else if (tag == V_ASN1_BOOLEAN) - { + } else if (tag == V_ASN1_BOOLEAN) { int ii; - opp=op; - ii=d2i_ASN1_BOOLEAN(NULL,&opp,len+hl); - if (ii < 0) - { - if (BIO_write(bp,"Bad boolean\n",12)) + opp = op; + ii = d2i_ASN1_BOOLEAN(NULL, &opp, len + hl); + if (ii < 0) { + if (BIO_write(bp, "Bad boolean\n", + 12) <= 0) goto end; - } - BIO_printf(bp,":%d",ii); } - else if (tag == V_ASN1_BMPSTRING) - { + BIO_printf(bp, ":%d", ii); + } else if (tag == V_ASN1_BMPSTRING) { /* do the BMP thang */ - } - else if (tag == V_ASN1_OCTET_STRING) - { - int i,printable=1; + } else if (tag == V_ASN1_OCTET_STRING) { + int i, printable = 1; - opp=op; - os=d2i_ASN1_OCTET_STRING(NULL,&opp,len+hl); - if (os != NULL) - { - opp=os->data; - for (i=0; ilength; i++) - { - if (( (opp[i] < ' ') && - (opp[i] != '\n') && - (opp[i] != '\r') && - (opp[i] != '\t')) || - (opp[i] > '~')) - { - printable=0; + opp = op; + os = d2i_ASN1_OCTET_STRING(NULL, &opp, len + hl); + if (os != NULL && os->length > 0) { + opp = os->data; + /* testing whether the octet string is + * printable */ + for (i = 0; i < os->length; i++) { + if (((opp[i] < ' ') && + (opp[i] != '\n') && + (opp[i] != '\r') && + (opp[i] != '\t')) || + (opp[i] > '~')) { + printable = 0; break; - } } - if (printable && (os->length > 0)) - { - if (BIO_write(bp,":",1) <= 0) + } + if (printable) { + /* printable string */ + if (BIO_write(bp, ":", 1) <= 0) goto end; - if (BIO_write(bp,(char *)opp, - os->length) <= 0) + if (BIO_write(bp, (const char *)opp, + os->length) <= 0) goto end; + } else if (!dump) { + /* not printable => print octet string + * as hex dump */ + if (BIO_write(bp, "[HEX DUMP]:", 11) <= 0) + goto end; + for (i = 0; i < os->length; i++) { + if (BIO_printf(bp, + "%02X", opp[i]) <= 0) + goto end; } - if (!printable && (os->length > 0) - && dump) - { - if (!nl) - { - if (BIO_write(bp,"\n",1) <= 0) + } else { + /* print the normal dump */ + if (!nl) { + if (BIO_write(bp, "\n", 1) <= 0) goto end; - } - if (BIO_dump_indent(bp,(char *)opp, - ((dump == -1 || dump > os->length)?os->length:dump), - dump_indent) <= 0) - goto end; - nl=1; } - M_ASN1_OCTET_STRING_free(os); - os=NULL; + if (BIO_dump_indent(bp, + (const char *)opp, + ((dump == -1 || dump > + os->length) ? os->length : dump), + dump_indent) <= 0) + goto end; + nl = 1; } } - else if (tag == V_ASN1_INTEGER) - { + ASN1_OCTET_STRING_free(os); + os = NULL; + } else if (tag == V_ASN1_INTEGER) { ASN1_INTEGER *bs; int i; - opp=op; - bs=d2i_ASN1_INTEGER(NULL,&opp,len+hl); - if (bs != NULL) - { - if (BIO_write(bp,":",1) <= 0) goto end; + opp = op; + bs = d2i_ASN1_INTEGER(NULL, &opp, len + hl); + if (bs != NULL) { + if (BIO_write(bp, ":", 1) <= 0) + goto end; if (bs->type == V_ASN1_NEG_INTEGER) - if (BIO_write(bp,"-",1) <= 0) + if (BIO_write(bp, "-", 1) <= 0) goto end; - for (i=0; ilength; i++) - { - if (BIO_printf(bp,"%02X", - bs->data[i]) <= 0) + for (i = 0; i < bs->length; i++) { + if (BIO_printf(bp, "%02X", + bs->data[i]) <= 0) goto end; - } - if (bs->length == 0) - { - if (BIO_write(bp,"00",2) <= 0) + } + if (bs->length == 0) { + if (BIO_write(bp, "00", 2) <= 0) goto end; - } } - else - { - if (BIO_write(bp,"BAD INTEGER",11) <= 0) + } else { + if (BIO_write(bp, "BAD INTEGER", 11) <= 0) goto end; - } - M_ASN1_INTEGER_free(bs); } - else if (tag == V_ASN1_ENUMERATED) - { + ASN1_INTEGER_free(bs); + } else if (tag == V_ASN1_ENUMERATED) { ASN1_ENUMERATED *bs; int i; - opp=op; - bs=d2i_ASN1_ENUMERATED(NULL,&opp,len+hl); - if (bs != NULL) - { - if (BIO_write(bp,":",1) <= 0) goto end; + opp = op; + bs = d2i_ASN1_ENUMERATED(NULL, &opp, len + hl); + if (bs != NULL) { + if (BIO_write(bp, ":", 1) <= 0) + goto end; if (bs->type == V_ASN1_NEG_ENUMERATED) - if (BIO_write(bp,"-",1) <= 0) + if (BIO_write(bp, "-", 1) <= 0) goto end; - for (i=0; ilength; i++) - { - if (BIO_printf(bp,"%02X", - bs->data[i]) <= 0) + for (i = 0; i < bs->length; i++) { + if (BIO_printf(bp, "%02X", + bs->data[i]) <= 0) goto end; - } - if (bs->length == 0) - { - if (BIO_write(bp,"00",2) <= 0) + } + if (bs->length == 0) { + if (BIO_write(bp, "00", 2) <= 0) goto end; - } } - else - { - if (BIO_write(bp,"BAD ENUMERATED",11) <= 0) + } else { + if (BIO_write(bp, "BAD ENUMERATED", 14) <= 0) goto end; - } - M_ASN1_ENUMERATED_free(bs); } - else if (len > 0 && dump) - { - if (!nl) - { - if (BIO_write(bp,"\n",1) <= 0) + ASN1_ENUMERATED_free(bs); + } else if (len > 0 && dump) { + if (!nl) { + if (BIO_write(bp, "\n", 1) <= 0) goto end; - } - if (BIO_dump_indent(bp,(char *)p, - ((dump == -1 || dump > len)?len:dump), - dump_indent) <= 0) - goto end; - nl=1; } + if (BIO_dump_indent(bp, (const char *)p, + ((dump == -1 || dump > len) ? len : dump), + dump_indent) <= 0) + goto end; + nl = 1; + } - if (!nl) - { - if (BIO_write(bp,"\n",1) <= 0) goto end; - } - p+=len; - if ((tag == V_ASN1_EOC) && (xclass == 0)) - { - ret=2; /* End of sequence */ + if (!nl) { + if (BIO_write(bp, "\n", 1) <= 0) + goto end; + } + p += len; + if ((tag == V_ASN1_EOC) && (xclass == 0)) { + ret = 2; /* End of sequence */ goto end; - } } - length-=len; } - ret=1; -end: - if (o != NULL) ASN1_OBJECT_free(o); - if (os != NULL) M_ASN1_OCTET_STRING_free(os); - *pp=p; - return(ret); + length -= len; } + ret = 1; -const char *ASN1_tag2str(int tag) +end: + if (o != NULL) + ASN1_OBJECT_free(o); + ASN1_OCTET_STRING_free(os); + *pp = p; + return (ret); +} + +const char * +ASN1_tag2str(int tag) { - const static char *tag2str[] = { - "EOC", "BOOLEAN", "INTEGER", "BIT STRING", "OCTET STRING", /* 0-4 */ - "NULL", "OBJECT", "OBJECT DESCRIPTOR", "EXTERNAL", "REAL", /* 5-9 */ - "ENUMERATED", "", "UTF8STRING", "", /* 10-13 */ - "", "", "SEQUENCE", "SET", /* 15-17 */ - "NUMERICSTRING", "PRINTABLESTRING", "T61STRING", /* 18-20 */ - "VIDEOTEXSTRING", "IA5STRING", "UTCTIME","GENERALIZEDTIME", /* 21-24 */ - "GRAPHICSTRING", "VISIBLESTRING", "GENERALSTRING", /* 25-27 */ - "UNIVERSALSTRING", "", "BMPSTRING" /* 28-30 */ + static const char * const tag2str[] = { + "EOC", "BOOLEAN", "INTEGER", "BIT STRING", "OCTET STRING", /* 0-4 */ + "NULL", "OBJECT", "OBJECT DESCRIPTOR", "EXTERNAL", "REAL", /* 5-9 */ + "ENUMERATED", "", "UTF8STRING", "", /* 10-13 */ + "", "", "SEQUENCE", "SET", /* 15-17 */ + "NUMERICSTRING", "PRINTABLESTRING", "T61STRING", /* 18-20 */ + "VIDEOTEXSTRING", "IA5STRING", "UTCTIME", "GENERALIZEDTIME", /* 21-24 */ + "GRAPHICSTRING", "VISIBLESTRING", "GENERALSTRING", /* 25-27 */ + "UNIVERSALSTRING", "", "BMPSTRING" /* 28-30 */ }; - if((tag == V_ASN1_NEG_INTEGER) || (tag == V_ASN1_NEG_ENUMERATED)) - tag &= ~0x100; + if ((tag == V_ASN1_NEG_INTEGER) || (tag == V_ASN1_NEG_ENUMERATED)) + tag &= ~0x100; - if(tag < 0 || tag > 30) return "(unknown)"; + if (tag < 0 || tag > 30) + return "(unknown)"; return tag2str[tag]; } - diff --git a/src/lib/libcrypto/asn1/asn1t.h b/src/lib/libcrypto/asn1/asn1t.h index ed372f85541..ba380bdf413 100644 --- a/src/lib/libcrypto/asn1/asn1t.h +++ b/src/lib/libcrypto/asn1/asn1t.h @@ -1,9 +1,9 @@ -/* asn1t.h */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: asn1t.h,v 1.14 2016/12/27 15:12:51 jsing Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -59,13 +59,10 @@ #define HEADER_ASN1T_H #include -#include -#include -#ifdef OPENSSL_BUILD_SHLIBCRYPTO -# undef OPENSSL_EXTERN -# define OPENSSL_EXTERN OPENSSL_EXPORT -#endif +#include + +#include /* ASN1 template defines, structures and functions */ @@ -73,8 +70,7 @@ extern "C" { #endif - -#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION +#ifndef LIBRESSL_INTERNAL /* Macro to obtain ASN1_ADB pointer from a type (only used internally) */ #define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr)) @@ -83,36 +79,17 @@ extern "C" { /* Macros for start and end of ASN1_ITEM definition */ #define ASN1_ITEM_start(itname) \ - OPENSSL_GLOBAL const ASN1_ITEM itname##_it = { + const ASN1_ITEM itname##_it = { #define ASN1_ITEM_end(itname) \ }; -#else - -/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */ -#define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr())) - - -/* Macros for start and end of ASN1_ITEM definition */ - -#define ASN1_ITEM_start(itname) \ - const ASN1_ITEM * itname##_it(void) \ - { \ - static const ASN1_ITEM local_it = { \ - -#define ASN1_ITEM_end(itname) \ - }; \ - return &local_it; \ - } - -#endif /* Macros to aid ASN1 template writing */ #define ASN1_ITEM_TEMPLATE(tname) \ - const static ASN1_TEMPLATE tname##_item_tt + static const ASN1_TEMPLATE tname##_item_tt #define ASN1_ITEM_TEMPLATE_END(tname) \ ;\ @@ -150,7 +127,7 @@ extern "C" { */ #define ASN1_SEQUENCE(tname) \ - const static ASN1_TEMPLATE tname##_seq_tt[] + static const ASN1_TEMPLATE tname##_seq_tt[] #define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname) @@ -166,22 +143,40 @@ extern "C" { #stname \ ASN1_ITEM_end(tname) +#define ASN1_NDEF_SEQUENCE(tname) \ + ASN1_SEQUENCE(tname) + +#define ASN1_NDEF_SEQUENCE_cb(tname, cb) \ + ASN1_SEQUENCE_cb(tname, cb) + #define ASN1_SEQUENCE_cb(tname, cb) \ - const static ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \ + static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \ ASN1_SEQUENCE(tname) #define ASN1_BROKEN_SEQUENCE(tname) \ - const static ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 0}; \ + static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 0}; \ ASN1_SEQUENCE(tname) #define ASN1_SEQUENCE_ref(tname, cb, lck) \ - const static ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), lck, cb, 0}; \ + static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), lck, cb, 0}; \ ASN1_SEQUENCE(tname) #define ASN1_SEQUENCE_enc(tname, enc, cb) \ - const static ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, 0, cb, offsetof(tname, enc)}; \ + static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, 0, cb, offsetof(tname, enc)}; \ ASN1_SEQUENCE(tname) +#define ASN1_NDEF_SEQUENCE_END(tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_NDEF_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + NULL,\ + sizeof(tname),\ + #tname \ + ASN1_ITEM_end(tname) + #define ASN1_BROKEN_SEQUENCE_END(stname) ASN1_SEQUENCE_END_ref(stname, stname) #define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname) @@ -200,6 +195,18 @@ extern "C" { #stname \ ASN1_ITEM_end(tname) +#define ASN1_NDEF_SEQUENCE_END_cb(stname, tname) \ + ;\ + ASN1_ITEM_start(tname) \ + ASN1_ITYPE_NDEF_SEQUENCE,\ + V_ASN1_SEQUENCE,\ + tname##_seq_tt,\ + sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\ + &tname##_aux,\ + sizeof(stname),\ + #stname \ + ASN1_ITEM_end(tname) + /* This pair helps declare a CHOICE type. We can do: * @@ -224,10 +231,10 @@ extern "C" { */ #define ASN1_CHOICE(tname) \ - const static ASN1_TEMPLATE tname##_ch_tt[] + static const ASN1_TEMPLATE tname##_ch_tt[] #define ASN1_CHOICE_cb(tname, cb) \ - const static ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \ + static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \ ASN1_CHOICE(tname) #define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname) @@ -287,13 +294,8 @@ extern "C" { /* Any defined by macros: the field used is in the table itself */ -#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION #define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) } #define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) } -#else -#define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, tblname##_adb } -#define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, tblname##_adb } -#endif /* Plain simple type */ #define ASN1_SIMPLE(stname, field, type) ASN1_EX_TYPE(0,0, stname, field, type) @@ -353,16 +355,23 @@ extern "C" { #define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \ ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL) +/* EXPLICIT using indefinite length constructed form */ +#define ASN1_NDEF_EXP(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_NDEF) + +/* EXPLICIT OPTIONAL using indefinite length constructed form */ +#define ASN1_NDEF_EXP_OPT(stname, field, type, tag) \ + ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_NDEF) + /* Macros for the ASN1_ADB structure */ #define ASN1_ADB(name) \ - const static ASN1_ADB_TABLE name##_adbtbl[] + static const ASN1_ADB_TABLE name##_adbtbl[] -#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION #define ASN1_ADB_END(name, flags, field, app_table, def, none) \ ;\ - const static ASN1_ADB name##_adb = {\ + static const ASN1_ADB name##_adb = {\ flags,\ offsetof(name, field),\ app_table,\ @@ -372,32 +381,13 @@ extern "C" { none\ } -#else - -#define ASN1_ADB_END(name, flags, field, app_table, def, none) \ - ;\ - const static ASN1_ITEM *name##_adb(void) \ - { \ - const static ASN1_ADB internal_adb = \ - {\ - flags,\ - offsetof(name, field),\ - app_table,\ - name##_adbtbl,\ - sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\ - def,\ - none\ - }; \ - return (const ASN1_ITEM *) &internal_adb; \ - } \ - void dummy_function(void) - -#endif #define ADB_ENTRY(val, template) {val, template} #define ASN1_ADB_TEMPLATE(name) \ - const static ASN1_TEMPLATE name##_tt + static const ASN1_TEMPLATE name##_tt + +#endif /* !LIBRESSL_INTERNAL */ /* This is the ASN1 template structure that defines * a wrapper round the actual type. It determines the @@ -410,7 +400,7 @@ unsigned long flags; /* Various flags */ long tag; /* tag, not used if no tagging */ unsigned long offset; /* Offset of this field in structure */ #ifndef NO_ASN1_FIELD_NAMES -char *field_name; /* Field name */ +const char *field_name; /* Field name */ #endif ASN1_ITEM_EXP *item; /* Relevant ASN1_ITEM or ASN1_ADB */ }; @@ -518,6 +508,13 @@ struct ASN1_ADB_TABLE_st { #define ASN1_TFLG_COMBINE (0x1<<10) +/* This flag when present in a SEQUENCE OF, SET OF + * or EXPLICIT causes indefinite length constructed + * encoding to be used if required. + */ + +#define ASN1_TFLG_NDEF (0x1<<11) + /* This is the actual ASN1 item itself */ struct ASN1_ITEM_st { @@ -554,10 +551,6 @@ const char *sname; /* Structure name */ * The 'funcs' field is used for application * specific functions. * - * For COMPAT types the funcs field gives a - * set of functions that handle this type, this - * supports the old d2i, i2d convention. - * * The EXTERN type uses a new style d2i/i2d. * The new style should be used where possible * because it avoids things like the d2i IMPLICIT @@ -570,19 +563,23 @@ const char *sname; /* Structure name */ * has a special meaning, it is used as a mask * of acceptable types using the B_ASN1 constants. * + * NDEF_SEQUENCE is the same as SEQUENCE except + * that it will use indefinite length constructed + * encoding if requested. + * */ -#define ASN1_ITYPE_PRIMITIVE 0x0 +#define ASN1_ITYPE_PRIMITIVE 0x0 -#define ASN1_ITYPE_SEQUENCE 0x1 +#define ASN1_ITYPE_SEQUENCE 0x1 -#define ASN1_ITYPE_CHOICE 0x2 +#define ASN1_ITYPE_CHOICE 0x2 -#define ASN1_ITYPE_COMPAT 0x3 +#define ASN1_ITYPE_EXTERN 0x4 -#define ASN1_ITYPE_EXTERN 0x4 +#define ASN1_ITYPE_MSTRING 0x5 -#define ASN1_ITYPE_MSTRING 0x5 +#define ASN1_ITYPE_NDEF_SEQUENCE 0x6 /* Cache for ASN1 tag and length, so we * don't keep re-reading it for things @@ -602,25 +599,23 @@ struct ASN1_TLC_st{ typedef ASN1_VALUE * ASN1_new_func(void); typedef void ASN1_free_func(ASN1_VALUE *a); -typedef ASN1_VALUE * ASN1_d2i_func(ASN1_VALUE **a, unsigned char ** in, long length); +typedef ASN1_VALUE * ASN1_d2i_func(ASN1_VALUE **a, const unsigned char ** in, long length); typedef int ASN1_i2d_func(ASN1_VALUE * a, unsigned char **in); -typedef int ASN1_ex_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_ITEM *it, +typedef int ASN1_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it, int tag, int aclass, char opt, ASN1_TLC *ctx); typedef int ASN1_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass); typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it); typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it); -typedef int ASN1_primitive_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it); -typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it); +typedef int ASN1_ex_print_func(BIO *out, ASN1_VALUE **pval, + int indent, const char *fname, + const ASN1_PCTX *pctx); -typedef struct ASN1_COMPAT_FUNCS_st { - ASN1_new_func *asn1_new; - ASN1_free_func *asn1_free; - ASN1_d2i_func *asn1_d2i; - ASN1_i2d_func *asn1_i2d; -} ASN1_COMPAT_FUNCS; +typedef int ASN1_primitive_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it); +typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it); +typedef int ASN1_primitive_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, int indent, const ASN1_PCTX *pctx); typedef struct ASN1_EXTERN_FUNCS_st { void *app_data; @@ -629,6 +624,7 @@ typedef struct ASN1_EXTERN_FUNCS_st { ASN1_ex_free_func *asn1_ex_clear; ASN1_ex_d2i *asn1_ex_d2i; ASN1_ex_i2d *asn1_ex_i2d; + ASN1_ex_print_func *asn1_ex_print; } ASN1_EXTERN_FUNCS; typedef struct ASN1_PRIMITIVE_FUNCS_st { @@ -639,6 +635,7 @@ typedef struct ASN1_PRIMITIVE_FUNCS_st { ASN1_ex_free_func *prim_clear; ASN1_primitive_c2i *prim_c2i; ASN1_primitive_i2c *prim_i2c; + ASN1_primitive_print *prim_print; } ASN1_PRIMITIVE_FUNCS; /* This is the ASN1_AUX structure: it handles various @@ -658,7 +655,8 @@ typedef struct ASN1_PRIMITIVE_FUNCS_st { * then an external type is more appropriate. */ -typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it); +typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it, + void *exarg); typedef struct ASN1_AUX_st { void *app_data; @@ -669,6 +667,23 @@ typedef struct ASN1_AUX_st { int enc_offset; /* Offset of ASN1_ENCODING structure */ } ASN1_AUX; +/* For print related callbacks exarg points to this structure */ +typedef struct ASN1_PRINT_ARG_st { + BIO *out; + int indent; + const ASN1_PCTX *pctx; +} ASN1_PRINT_ARG; + +/* For streaming related callbacks exarg points to this structure */ +typedef struct ASN1_STREAM_ARG_st { + /* BIO to stream through */ + BIO *out; + /* BIO with filters appended */ + BIO *ndef_bio; + /* Streaming I/O boundary */ + unsigned char **boundary; +} ASN1_STREAM_ARG; + /* Flags in ASN1_AUX */ /* Use a reference count */ @@ -688,6 +703,14 @@ typedef struct ASN1_AUX_st { #define ASN1_OP_D2I_POST 5 #define ASN1_OP_I2D_PRE 6 #define ASN1_OP_I2D_POST 7 +#define ASN1_OP_PRINT_PRE 8 +#define ASN1_OP_PRINT_POST 9 +#define ASN1_OP_STREAM_PRE 10 +#define ASN1_OP_STREAM_POST 11 +#define ASN1_OP_DETACHED_PRE 12 +#define ASN1_OP_DETACHED_POST 13 + +#ifndef LIBRESSL_INTERNAL /* Macro to implement a primitive type */ #define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0) @@ -701,28 +724,6 @@ typedef struct ASN1_AUX_st { ASN1_ITEM_start(itname) \ ASN1_ITYPE_MSTRING, mask, NULL, 0, NULL, sizeof(ASN1_STRING), #itname \ ASN1_ITEM_end(itname) - -/* Macro to implement an ASN1_ITEM in terms of old style funcs */ - -#define IMPLEMENT_COMPAT_ASN1(sname) IMPLEMENT_COMPAT_ASN1_type(sname, V_ASN1_SEQUENCE) - -#define IMPLEMENT_COMPAT_ASN1_type(sname, tag) \ - static const ASN1_COMPAT_FUNCS sname##_ff = { \ - (ASN1_new_func *)sname##_new, \ - (ASN1_free_func *)sname##_free, \ - (ASN1_d2i_func *)d2i_##sname, \ - (ASN1_i2d_func *)i2d_##sname, \ - }; \ - ASN1_ITEM_start(sname) \ - ASN1_ITYPE_COMPAT, \ - tag, \ - NULL, \ - 0, \ - &sname##_ff, \ - 0, \ - #sname \ - ASN1_ITEM_end(sname) - #define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) \ ASN1_ITEM_start(sname) \ ASN1_ITYPE_EXTERN, \ @@ -743,6 +744,22 @@ typedef struct ASN1_AUX_st { #define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \ IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname) +#define IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(stname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(static, stname, stname, stname) + +#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS(stname) \ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, stname, stname) + +#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(pre, stname, itname, fname) \ + pre stname *fname##_new(void) \ + { \ + return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \ + } \ + pre void fname##_free(stname *a) \ + { \ + ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \ + } + #define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \ stname *fname##_new(void) \ { \ @@ -758,7 +775,7 @@ typedef struct ASN1_AUX_st { IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) #define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \ - stname *d2i_##fname(stname **a, unsigned char **in, long len) \ + stname *d2i_##fname(stname **a, const unsigned char **in, long len) \ { \ return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\ } \ @@ -767,13 +784,19 @@ typedef struct ASN1_AUX_st { return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\ } +#define IMPLEMENT_ASN1_NDEF_FUNCTION(stname) \ + int i2d_##stname##_NDEF(stname *a, unsigned char **out) \ + { \ + return ASN1_item_ndef_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(stname));\ + } + /* This includes evil casts to remove const: they will go away when full * ASN1 constification is done. */ #define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \ stname *d2i_##fname(stname **a, const unsigned char **in, long len) \ { \ - return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, (unsigned char **)in, len, ASN1_ITEM_rptr(itname));\ + return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\ } \ int i2d_##fname(const stname *a, unsigned char **out) \ { \ @@ -786,6 +809,17 @@ typedef struct ASN1_AUX_st { return ASN1_item_dup(ASN1_ITEM_rptr(stname), x); \ } +#define IMPLEMENT_ASN1_PRINT_FUNCTION(stname) \ + IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, stname, stname) + +#define IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, itname, fname) \ + int fname##_print_ctx(BIO *out, stname *x, int indent, \ + const ASN1_PCTX *pctx) \ + { \ + return ASN1_item_print(out, (ASN1_VALUE *)x, indent, \ + ASN1_ITEM_rptr(itname), pctx); \ + } + #define IMPLEMENT_ASN1_FUNCTIONS_const(name) \ IMPLEMENT_ASN1_FUNCTIONS_const_fname(name, name, name) @@ -793,17 +827,18 @@ typedef struct ASN1_AUX_st { IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \ IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) +#endif /* !LIBRESSL_INTERNAL */ + /* external definitions for primitive types */ -DECLARE_ASN1_ITEM(ASN1_BOOLEAN) -DECLARE_ASN1_ITEM(ASN1_TBOOLEAN) -DECLARE_ASN1_ITEM(ASN1_FBOOLEAN) -DECLARE_ASN1_ITEM(ASN1_ANY) -DECLARE_ASN1_ITEM(ASN1_SEQUENCE) -DECLARE_ASN1_ITEM(CBIGNUM) -DECLARE_ASN1_ITEM(BIGNUM) -DECLARE_ASN1_ITEM(LONG) -DECLARE_ASN1_ITEM(ZLONG) +extern const ASN1_ITEM ASN1_BOOLEAN_it; +extern const ASN1_ITEM ASN1_TBOOLEAN_it; +extern const ASN1_ITEM ASN1_FBOOLEAN_it; +extern const ASN1_ITEM ASN1_SEQUENCE_it; +extern const ASN1_ITEM CBIGNUM_it; +extern const ASN1_ITEM BIGNUM_it; +extern const ASN1_ITEM LONG_it; +extern const ASN1_ITEM ZLONG_it; DECLARE_STACK_OF(ASN1_VALUE) @@ -815,16 +850,15 @@ int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it); void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); -int ASN1_template_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_TEMPLATE *tt); -int ASN1_item_ex_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_ITEM *it, +int ASN1_template_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_TEMPLATE *tt); +int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it, int tag, int aclass, char opt, ASN1_TLC *ctx); int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass); int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_TEMPLATE *tt); void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it); -int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it); -int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it); +int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it); int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it); int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it); @@ -838,7 +872,7 @@ int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it); void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it); void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it); int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, const ASN1_ITEM *it); -int asn1_enc_save(ASN1_VALUE **pval, unsigned char *in, int inlen, const ASN1_ITEM *it); +int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, const ASN1_ITEM *it); #ifdef __cplusplus } diff --git a/src/lib/libcrypto/asn1/asn_mime.c b/src/lib/libcrypto/asn1/asn_mime.c new file mode 100644 index 00000000000..6bad111775b --- /dev/null +++ b/src/lib/libcrypto/asn1/asn_mime.c @@ -0,0 +1,1011 @@ +/* $OpenBSD: asn_mime.c,v 1.27 2017/01/29 17:49:22 beck Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ + +#include +#include +#include +#include + +#include +#include +#include +#include + +#include "asn1_locl.h" + +/* Generalised MIME like utilities for streaming ASN1. Although many + * have a PKCS7/CMS like flavour others are more general purpose. + */ + +/* MIME format structures + * Note that all are translated to lower case apart from + * parameter values. Quotes are stripped off + */ + +typedef struct { + char *param_name; /* Param name e.g. "micalg" */ + char *param_value; /* Param value e.g. "sha1" */ +} MIME_PARAM; + +DECLARE_STACK_OF(MIME_PARAM) + +typedef struct { + char *name; /* Name of line e.g. "content-type" */ + char *value; /* Value of line e.g. "text/plain" */ + STACK_OF(MIME_PARAM) *params; /* Zero or more parameters */ +} MIME_HEADER; + +DECLARE_STACK_OF(MIME_HEADER) + +static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags, + const ASN1_ITEM *it); +static char * strip_ends(char *name); +static char * strip_start(char *name); +static char * strip_end(char *name); +static MIME_HEADER *mime_hdr_new(char *name, char *value); +static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value); +static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio); +static int mime_hdr_cmp(const MIME_HEADER * const *a, + const MIME_HEADER * const *b); +static int mime_param_cmp(const MIME_PARAM * const *a, + const MIME_PARAM * const *b); +static void mime_param_free(MIME_PARAM *param); +static int mime_bound_check(char *line, int linelen, char *bound, int blen); +static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret); +static int strip_eol(char *linebuf, int *plen); +static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name); +static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name); +static void mime_hdr_free(MIME_HEADER *hdr); + +#define MAX_SMLEN 1024 +#define mime_debug(x) /* x */ + +/* Output an ASN1 structure in BER format streaming if necessary */ + +int +i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags, + const ASN1_ITEM *it) +{ + /* If streaming create stream BIO and copy all content through it */ + if (flags & SMIME_STREAM) { + BIO *bio, *tbio; + bio = BIO_new_NDEF(out, val, it); + if (!bio) { + ASN1error(ERR_R_MALLOC_FAILURE); + return 0; + } + SMIME_crlf_copy(in, bio, flags); + (void)BIO_flush(bio); + /* Free up successive BIOs until we hit the old output BIO */ + do { + tbio = BIO_pop(bio); + BIO_free(bio); + bio = tbio; + } while (bio != out); + } + /* else just write out ASN1 structure which will have all content + * stored internally + */ + else + ASN1_item_i2d_bio(it, out, val); + return 1; +} + +/* Base 64 read and write of ASN1 structure */ + +static int +B64_write_ASN1(BIO *out, ASN1_VALUE *val, BIO *in, int flags, + const ASN1_ITEM *it) +{ + BIO *b64; + int r; + + b64 = BIO_new(BIO_f_base64()); + if (!b64) { + ASN1error(ERR_R_MALLOC_FAILURE); + return 0; + } + /* prepend the b64 BIO so all data is base64 encoded. + */ + out = BIO_push(b64, out); + r = i2d_ASN1_bio_stream(out, val, in, flags, it); + (void)BIO_flush(out); + BIO_pop(out); + BIO_free(b64); + return r; +} + +/* Streaming ASN1 PEM write */ + +int +PEM_write_bio_ASN1_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags, + const char *hdr, const ASN1_ITEM *it) +{ + int r; + + BIO_printf(out, "-----BEGIN %s-----\n", hdr); + r = B64_write_ASN1(out, val, in, flags, it); + BIO_printf(out, "-----END %s-----\n", hdr); + return r; +} + +static ASN1_VALUE * +b64_read_asn1(BIO *bio, const ASN1_ITEM *it) +{ + BIO *b64; + ASN1_VALUE *val; + if (!(b64 = BIO_new(BIO_f_base64()))) { + ASN1error(ERR_R_MALLOC_FAILURE); + return 0; + } + bio = BIO_push(b64, bio); + val = ASN1_item_d2i_bio(it, bio, NULL); + if (!val) + ASN1error(ASN1_R_DECODE_ERROR); + (void)BIO_flush(bio); + bio = BIO_pop(bio); + BIO_free(b64); + return val; +} + +/* Generate the MIME "micalg" parameter from RFC3851, RFC4490 */ + +static int +asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs) +{ + const EVP_MD *md; + int i, have_unknown = 0, write_comma, ret = 0, md_nid; + + have_unknown = 0; + write_comma = 0; + for (i = 0; i < sk_X509_ALGOR_num(mdalgs); i++) { + if (write_comma) + BIO_write(out, ",", 1); + write_comma = 1; + md_nid = OBJ_obj2nid(sk_X509_ALGOR_value(mdalgs, i)->algorithm); + md = EVP_get_digestbynid(md_nid); + if (md && md->md_ctrl) { + int rv; + char *micstr; + rv = md->md_ctrl(NULL, EVP_MD_CTRL_MICALG, 0, &micstr); + if (rv > 0) { + BIO_puts(out, micstr); + free(micstr); + continue; + } + if (rv != -2) + goto err; + } + switch (md_nid) { + case NID_sha1: + BIO_puts(out, "sha1"); + break; + + case NID_md5: + BIO_puts(out, "md5"); + break; + + case NID_sha256: + BIO_puts(out, "sha-256"); + break; + + case NID_sha384: + BIO_puts(out, "sha-384"); + break; + + case NID_sha512: + BIO_puts(out, "sha-512"); + break; + + case NID_id_GostR3411_94: + BIO_puts(out, "gostr3411-94"); + goto err; + break; + + default: + if (have_unknown) + write_comma = 0; + else { + BIO_puts(out, "unknown"); + have_unknown = 1; + } + break; + + } + } + + ret = 1; + +err: + return ret; +} + +/* SMIME sender */ + +int +SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags, + int ctype_nid, int econt_nid, STACK_OF(X509_ALGOR) *mdalgs, + const ASN1_ITEM *it) +{ + char bound[33], c; + int i; + const char *mime_prefix, *mime_eol, *cname = "smime.p7m"; + const char *msg_type = NULL; + + if (flags & SMIME_OLDMIME) + mime_prefix = "application/x-pkcs7-"; + else + mime_prefix = "application/pkcs7-"; + + if (flags & SMIME_CRLFEOL) + mime_eol = "\r\n"; + else + mime_eol = "\n"; + if ((flags & SMIME_DETACHED) && data) { + /* We want multipart/signed */ + /* Generate a random boundary */ + arc4random_buf(bound, 32); + for (i = 0; i < 32; i++) { + c = bound[i] & 0xf; + if (c < 10) + c += '0'; + else + c += 'A' - 10; + bound[i] = c; + } + bound[32] = 0; + BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol); + BIO_printf(bio, "Content-Type: multipart/signed;"); + BIO_printf(bio, " protocol=\"%ssignature\";", mime_prefix); + BIO_puts(bio, " micalg=\""); + asn1_write_micalg(bio, mdalgs); + BIO_printf(bio, "\"; boundary=\"----%s\"%s%s", + bound, mime_eol, mime_eol); + BIO_printf(bio, "This is an S/MIME signed message%s%s", + mime_eol, mime_eol); + /* Now write out the first part */ + BIO_printf(bio, "------%s%s", bound, mime_eol); + if (!asn1_output_data(bio, data, val, flags, it)) + return 0; + BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol); + + /* Headers for signature */ + + BIO_printf(bio, "Content-Type: %ssignature;", mime_prefix); + BIO_printf(bio, " name=\"smime.p7s\"%s", mime_eol); + BIO_printf(bio, "Content-Transfer-Encoding: base64%s", + mime_eol); + BIO_printf(bio, "Content-Disposition: attachment;"); + BIO_printf(bio, " filename=\"smime.p7s\"%s%s", + mime_eol, mime_eol); + B64_write_ASN1(bio, val, NULL, 0, it); + BIO_printf(bio, "%s------%s--%s%s", mime_eol, bound, + mime_eol, mime_eol); + return 1; + } + + /* Determine smime-type header */ + + if (ctype_nid == NID_pkcs7_enveloped) + msg_type = "enveloped-data"; + else if (ctype_nid == NID_pkcs7_signed) { + if (econt_nid == NID_id_smime_ct_receipt) + msg_type = "signed-receipt"; + else if (sk_X509_ALGOR_num(mdalgs) >= 0) + msg_type = "signed-data"; + else + msg_type = "certs-only"; + } else if (ctype_nid == NID_id_smime_ct_compressedData) { + msg_type = "compressed-data"; + cname = "smime.p7z"; + } + /* MIME headers */ + BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol); + BIO_printf(bio, "Content-Disposition: attachment;"); + BIO_printf(bio, " filename=\"%s\"%s", cname, mime_eol); + BIO_printf(bio, "Content-Type: %smime;", mime_prefix); + if (msg_type) + BIO_printf(bio, " smime-type=%s;", msg_type); + BIO_printf(bio, " name=\"%s\"%s", cname, mime_eol); + BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s", + mime_eol, mime_eol); + if (!B64_write_ASN1(bio, val, data, flags, it)) + return 0; + BIO_printf(bio, "%s", mime_eol); + return 1; +} + +/* Handle output of ASN1 data */ + + +static int +asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags, + const ASN1_ITEM *it) +{ + BIO *tmpbio; + const ASN1_AUX *aux = it->funcs; + ASN1_STREAM_ARG sarg; + int rv = 1; + + /* If data is not deteched or resigning then the output BIO is + * already set up to finalise when it is written through. + */ + if (!(flags & SMIME_DETACHED) || (flags & PKCS7_REUSE_DIGEST)) { + SMIME_crlf_copy(data, out, flags); + return 1; + } + + if (!aux || !aux->asn1_cb) { + ASN1error(ASN1_R_STREAMING_NOT_SUPPORTED); + return 0; + } + + sarg.out = out; + sarg.ndef_bio = NULL; + sarg.boundary = NULL; + + /* Let ASN1 code prepend any needed BIOs */ + + if (aux->asn1_cb(ASN1_OP_DETACHED_PRE, &val, it, &sarg) <= 0) + return 0; + + /* Copy data across, passing through filter BIOs for processing */ + SMIME_crlf_copy(data, sarg.ndef_bio, flags); + + /* Finalize structure */ + if (aux->asn1_cb(ASN1_OP_DETACHED_POST, &val, it, &sarg) <= 0) + rv = 0; + + /* Now remove any digests prepended to the BIO */ + + while (sarg.ndef_bio != out) { + tmpbio = BIO_pop(sarg.ndef_bio); + BIO_free(sarg.ndef_bio); + sarg.ndef_bio = tmpbio; + } + + return rv; +} + +/* SMIME reader: handle multipart/signed and opaque signing. + * in multipart case the content is placed in a memory BIO + * pointed to by "bcont". In opaque this is set to NULL + */ + +ASN1_VALUE * +SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it) +{ + BIO *asnin; + STACK_OF(MIME_HEADER) *headers = NULL; + STACK_OF(BIO) *parts = NULL; + MIME_HEADER *hdr; + MIME_PARAM *prm; + ASN1_VALUE *val; + int ret; + + if (bcont) + *bcont = NULL; + + if (!(headers = mime_parse_hdr(bio))) { + ASN1error(ASN1_R_MIME_PARSE_ERROR); + return NULL; + } + + if (!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) { + sk_MIME_HEADER_pop_free(headers, mime_hdr_free); + ASN1error(ASN1_R_NO_CONTENT_TYPE); + return NULL; + } + + /* Handle multipart/signed */ + + if (!strcmp(hdr->value, "multipart/signed")) { + /* Split into two parts */ + prm = mime_param_find(hdr, "boundary"); + if (!prm || !prm->param_value) { + sk_MIME_HEADER_pop_free(headers, mime_hdr_free); + ASN1error(ASN1_R_NO_MULTIPART_BOUNDARY); + return NULL; + } + ret = multi_split(bio, prm->param_value, &parts); + sk_MIME_HEADER_pop_free(headers, mime_hdr_free); + if (!ret || (sk_BIO_num(parts) != 2) ) { + ASN1error(ASN1_R_NO_MULTIPART_BODY_FAILURE); + sk_BIO_pop_free(parts, BIO_vfree); + return NULL; + } + + /* Parse the signature piece */ + asnin = sk_BIO_value(parts, 1); + + if (!(headers = mime_parse_hdr(asnin))) { + ASN1error(ASN1_R_MIME_SIG_PARSE_ERROR); + sk_BIO_pop_free(parts, BIO_vfree); + return NULL; + } + + /* Get content type */ + + if (!(hdr = mime_hdr_find(headers, "content-type")) || + !hdr->value) { + sk_MIME_HEADER_pop_free(headers, mime_hdr_free); + sk_BIO_pop_free(parts, BIO_vfree); + ASN1error(ASN1_R_NO_SIG_CONTENT_TYPE); + return NULL; + } + + if (strcmp(hdr->value, "application/x-pkcs7-signature") && + strcmp(hdr->value, "application/pkcs7-signature")) { + ASN1error(ASN1_R_SIG_INVALID_MIME_TYPE); + ERR_asprintf_error_data("type: %s", hdr->value); + sk_MIME_HEADER_pop_free(headers, mime_hdr_free); + sk_BIO_pop_free(parts, BIO_vfree); + return NULL; + } + sk_MIME_HEADER_pop_free(headers, mime_hdr_free); + /* Read in ASN1 */ + if (!(val = b64_read_asn1(asnin, it))) { + ASN1error(ASN1_R_ASN1_SIG_PARSE_ERROR); + sk_BIO_pop_free(parts, BIO_vfree); + return NULL; + } + + if (bcont) { + *bcont = sk_BIO_value(parts, 0); + BIO_free(asnin); + sk_BIO_free(parts); + } else sk_BIO_pop_free(parts, BIO_vfree); + return val; + } + + /* OK, if not multipart/signed try opaque signature */ + + if (strcmp (hdr->value, "application/x-pkcs7-mime") && + strcmp (hdr->value, "application/pkcs7-mime")) { + ASN1error(ASN1_R_INVALID_MIME_TYPE); + ERR_asprintf_error_data("type: %s", hdr->value); + sk_MIME_HEADER_pop_free(headers, mime_hdr_free); + return NULL; + } + + sk_MIME_HEADER_pop_free(headers, mime_hdr_free); + + if (!(val = b64_read_asn1(bio, it))) { + ASN1error(ASN1_R_ASN1_PARSE_ERROR); + return NULL; + } + return val; +} + +/* Copy text from one BIO to another making the output CRLF at EOL */ +int +SMIME_crlf_copy(BIO *in, BIO *out, int flags) +{ + BIO *bf; + char eol; + int len; + char linebuf[MAX_SMLEN]; + + /* Buffer output so we don't write one line at a time. This is + * useful when streaming as we don't end up with one OCTET STRING + * per line. + */ + bf = BIO_new(BIO_f_buffer()); + if (!bf) + return 0; + out = BIO_push(bf, out); + if (flags & SMIME_BINARY) { + while ((len = BIO_read(in, linebuf, MAX_SMLEN)) > 0) + BIO_write(out, linebuf, len); + } else { + if (flags & SMIME_TEXT) + BIO_printf(out, "Content-Type: text/plain\r\n\r\n"); + while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) { + eol = strip_eol(linebuf, &len); + if (len) + BIO_write(out, linebuf, len); + if (eol) + BIO_write(out, "\r\n", 2); + } + } + (void)BIO_flush(out); + BIO_pop(out); + BIO_free(bf); + return 1; +} + +/* Strip off headers if they are text/plain */ +int +SMIME_text(BIO *in, BIO *out) +{ + char iobuf[4096]; + int len; + STACK_OF(MIME_HEADER) *headers; + MIME_HEADER *hdr; + + if (!(headers = mime_parse_hdr(in))) { + ASN1error(ASN1_R_MIME_PARSE_ERROR); + return 0; + } + if (!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) { + ASN1error(ASN1_R_MIME_NO_CONTENT_TYPE); + sk_MIME_HEADER_pop_free(headers, mime_hdr_free); + return 0; + } + if (strcmp (hdr->value, "text/plain")) { + ASN1error(ASN1_R_INVALID_MIME_TYPE); + ERR_asprintf_error_data("type: %s", hdr->value); + sk_MIME_HEADER_pop_free(headers, mime_hdr_free); + return 0; + } + sk_MIME_HEADER_pop_free(headers, mime_hdr_free); + while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0) + BIO_write(out, iobuf, len); + if (len < 0) + return 0; + return 1; +} + +/* + * Split a multipart/XXX message body into component parts: result is + * canonical parts in a STACK of bios + */ +static int +multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret) +{ + char linebuf[MAX_SMLEN]; + int len, blen; + int eol = 0, next_eol = 0; + BIO *bpart = NULL; + STACK_OF(BIO) *parts; + char state, part, first; + + blen = strlen(bound); + part = 0; + state = 0; + first = 1; + parts = sk_BIO_new_null(); + *ret = parts; + if (parts == NULL) + return 0; + while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) { + state = mime_bound_check(linebuf, len, bound, blen); + if (state == 1) { + first = 1; + part++; + } else if (state == 2) { + if (sk_BIO_push(parts, bpart) == 0) + return 0; + return 1; + } else if (part) { + /* Strip CR+LF from linebuf */ + next_eol = strip_eol(linebuf, &len); + if (first) { + first = 0; + if (bpart != NULL) { + if (sk_BIO_push(parts, bpart) == 0) + return 0; + } + bpart = BIO_new(BIO_s_mem()); + if (bpart == NULL) + return 0; + BIO_set_mem_eof_return(bpart, 0); + } else if (eol) + BIO_write(bpart, "\r\n", 2); + eol = next_eol; + if (len) + BIO_write(bpart, linebuf, len); + } + } + BIO_free(bpart); + return 0; +} + +/* This is the big one: parse MIME header lines up to message body */ + +#define MIME_INVALID 0 +#define MIME_START 1 +#define MIME_TYPE 2 +#define MIME_NAME 3 +#define MIME_VALUE 4 +#define MIME_QUOTE 5 +#define MIME_COMMENT 6 + + +static +STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio) +{ + char *p, *q, c; + char *ntmp; + char linebuf[MAX_SMLEN]; + MIME_HEADER *mhdr = NULL; + STACK_OF(MIME_HEADER) *headers; + int len, state, save_state = 0; + + headers = sk_MIME_HEADER_new(mime_hdr_cmp); + if (!headers) + return NULL; + while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) { + /* If whitespace at line start then continuation line */ + if (mhdr && isspace((unsigned char)linebuf[0])) + state = MIME_NAME; + else + state = MIME_START; + ntmp = NULL; + + /* Go through all characters */ + for (p = linebuf, q = linebuf; + (c = *p) && (c != '\r') && (c != '\n'); p++) { + + /* State machine to handle MIME headers + * if this looks horrible that's because it *is* + */ + + switch (state) { + case MIME_START: + if (c == ':') { + state = MIME_TYPE; + *p = 0; + ntmp = strip_ends(q); + q = p + 1; + } + break; + + case MIME_TYPE: + if (c == ';') { + mime_debug("Found End Value\n"); + *p = 0; + mhdr = mime_hdr_new(ntmp, + strip_ends(q)); + if (mhdr == NULL) + goto merr; + if (sk_MIME_HEADER_push(headers, + mhdr) == 0) + goto merr; + ntmp = NULL; + q = p + 1; + state = MIME_NAME; + } else if (c == '(') { + save_state = state; + state = MIME_COMMENT; + } + break; + + case MIME_COMMENT: + if (c == ')') { + state = save_state; + } + break; + + case MIME_NAME: + if (c == '=') { + state = MIME_VALUE; + *p = 0; + ntmp = strip_ends(q); + q = p + 1; + } + break; + + case MIME_VALUE: + if (c == ';') { + state = MIME_NAME; + *p = 0; + mime_hdr_addparam(mhdr, ntmp, + strip_ends(q)); + ntmp = NULL; + q = p + 1; + } else if (c == '"') { + mime_debug("Found Quote\n"); + state = MIME_QUOTE; + } else if (c == '(') { + save_state = state; + state = MIME_COMMENT; + } + break; + + case MIME_QUOTE: + if (c == '"') { + mime_debug("Found Match Quote\n"); + state = MIME_VALUE; + } + break; + } + } + + if (state == MIME_TYPE) { + mhdr = mime_hdr_new(ntmp, strip_ends(q)); + if (mhdr == NULL) + goto merr; + if (sk_MIME_HEADER_push(headers, mhdr) == 0) + goto merr; + } else if (state == MIME_VALUE) + mime_hdr_addparam(mhdr, ntmp, strip_ends(q)); + + if (p == linebuf) + break; /* Blank line means end of headers */ + } + + return headers; + +merr: + if (mhdr != NULL) + mime_hdr_free(mhdr); + sk_MIME_HEADER_pop_free(headers, mime_hdr_free); + return NULL; +} + +static char * +strip_ends(char *name) +{ + return strip_end(strip_start(name)); +} + +/* Strip a parameter of whitespace from start of param */ +static char * +strip_start(char *name) +{ + char *p, c; + + /* Look for first non white space or quote */ + for (p = name; (c = *p); p++) { + if (c == '"') { + /* Next char is start of string if non null */ + if (p[1]) + return p + 1; + /* Else null string */ + return NULL; + } + if (!isspace((unsigned char)c)) + return p; + } + return NULL; +} + +/* As above but strip from end of string : maybe should handle brackets? */ +static char * +strip_end(char *name) +{ + char *p, c; + + if (!name) + return NULL; + + /* Look for first non white space or quote */ + for (p = name + strlen(name) - 1; p >= name; p--) { + c = *p; + if (c == '"') { + if (p - 1 == name) + return NULL; + *p = 0; + return name; + } + if (isspace((unsigned char)c)) + *p = 0; + else + return name; + } + return NULL; +} + +static MIME_HEADER * +mime_hdr_new(char *name, char *value) +{ + MIME_HEADER *mhdr; + char *tmpname = NULL, *tmpval = NULL, *p; + + if (name) { + if (!(tmpname = strdup(name))) + goto err; + for (p = tmpname; *p; p++) + *p = tolower((unsigned char)*p); + } + if (value) { + if (!(tmpval = strdup(value))) + goto err; + for (p = tmpval; *p; p++) + *p = tolower((unsigned char)*p); + } + mhdr = malloc(sizeof(MIME_HEADER)); + if (!mhdr) + goto err; + mhdr->name = tmpname; + mhdr->value = tmpval; + if (!(mhdr->params = sk_MIME_PARAM_new(mime_param_cmp))) { + free(mhdr); + goto err; + } + return mhdr; +err: + free(tmpname); + free(tmpval); + return NULL; +} + +static int +mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value) +{ + char *tmpname = NULL, *tmpval = NULL, *p; + MIME_PARAM *mparam; + + if (name) { + tmpname = strdup(name); + if (!tmpname) + goto err; + for (p = tmpname; *p; p++) + *p = tolower((unsigned char)*p); + } + if (value) { + tmpval = strdup(value); + if (!tmpval) + goto err; + } + /* Parameter values are case sensitive so leave as is */ + mparam = malloc(sizeof(MIME_PARAM)); + if (!mparam) + goto err; + mparam->param_name = tmpname; + mparam->param_value = tmpval; + if (sk_MIME_PARAM_push(mhdr->params, mparam) == 0) { + free(mparam); + goto err; + } + return 1; +err: + free(tmpname); + free(tmpval); + return 0; +} + +static int +mime_hdr_cmp(const MIME_HEADER * const *a, const MIME_HEADER * const *b) +{ + if (!(*a)->name || !(*b)->name) + return !!(*a)->name - !!(*b)->name; + return (strcmp((*a)->name, (*b)->name)); +} + +static int +mime_param_cmp(const MIME_PARAM * const *a, const MIME_PARAM * const *b) +{ + if (!(*a)->param_name || !(*b)->param_name) + return !!(*a)->param_name - !!(*b)->param_name; + return (strcmp((*a)->param_name, (*b)->param_name)); +} + +/* Find a header with a given name (if possible) */ + +static MIME_HEADER * +mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name) +{ + MIME_HEADER htmp; + int idx; + htmp.name = name; + idx = sk_MIME_HEADER_find(hdrs, &htmp); + if (idx < 0) + return NULL; + return sk_MIME_HEADER_value(hdrs, idx); +} + +static MIME_PARAM * +mime_param_find(MIME_HEADER *hdr, char *name) +{ + MIME_PARAM param; + int idx; + param.param_name = name; + idx = sk_MIME_PARAM_find(hdr->params, ¶m); + if (idx < 0) + return NULL; + return sk_MIME_PARAM_value(hdr->params, idx); +} + +static void +mime_hdr_free(MIME_HEADER *hdr) +{ + free(hdr->name); + free(hdr->value); + if (hdr->params) + sk_MIME_PARAM_pop_free(hdr->params, mime_param_free); + free(hdr); +} + +static void +mime_param_free(MIME_PARAM *param) +{ + free(param->param_name); + free(param->param_value); + free(param); +} + +/* Check for a multipart boundary. Returns: + * 0 : no boundary + * 1 : part boundary + * 2 : final boundary + */ +static int +mime_bound_check(char *line, int linelen, char *bound, int blen) +{ + if (linelen == -1) + linelen = strlen(line); + if (blen == -1) + blen = strlen(bound); + /* Quickly eliminate if line length too short */ + if (blen + 2 > linelen) + return 0; + /* Check for part boundary */ + if (!strncmp(line, "--", 2) && !strncmp(line + 2, bound, blen)) { + if (!strncmp(line + blen + 2, "--", 2)) + return 2; + else + return 1; + } + return 0; +} + +static int +strip_eol(char *linebuf, int *plen) +{ + int len = *plen; + char *p, c; + int is_eol = 0; + + for (p = linebuf + len - 1; len > 0; len--, p--) { + c = *p; + if (c == '\n') + is_eol = 1; + else if (c != '\r') + break; + } + *plen = len; + return is_eol; +} diff --git a/src/lib/libcrypto/asn1/asn_moid.c b/src/lib/libcrypto/asn1/asn_moid.c index be20db4bad7..7bf493e2884 100644 --- a/src/lib/libcrypto/asn1/asn_moid.c +++ b/src/lib/libcrypto/asn1/asn_moid.c @@ -1,16 +1,16 @@ -/* asn_moid.c */ -/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: asn_moid.c,v 1.13 2017/01/29 17:49:22 beck Exp $ */ +/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL * project 2001. */ /* ==================================================================== - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 2001-2004 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -56,40 +56,103 @@ * */ +#include #include -#include -#include "cryptlib.h" +#include + +#include #include -#include +#include #include /* Simple ASN1 OID module: add all objects in a given section */ -static int oid_module_init(CONF_IMODULE *md, const CONF *cnf) - { +static int do_create(char *value, char *name); + +static int +oid_module_init(CONF_IMODULE *md, const CONF *cnf) +{ int i; const char *oid_section; STACK_OF(CONF_VALUE) *sktmp; CONF_VALUE *oval; + oid_section = CONF_imodule_get_value(md); - if(!(sktmp = NCONF_get_section(cnf, oid_section))) - { - ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ERROR_LOADING_SECTION); + if (!(sktmp = NCONF_get_section(cnf, oid_section))) { + ASN1error(ASN1_R_ERROR_LOADING_SECTION); return 0; - } - for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++) - { + } + for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) { oval = sk_CONF_VALUE_value(sktmp, i); - if(OBJ_create(oval->value, oval->name, oval->name) == NID_undef) - { - ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ADDING_OBJECT); + if (!do_create(oval->value, oval->name)) { + ASN1error(ASN1_R_ADDING_OBJECT); return 0; - } } + } return 1; } -void ASN1_add_oid_module(void) - { - CONF_module_add("oid_section", oid_module_init, 0); +static void +oid_module_finish(CONF_IMODULE *md) +{ + OBJ_cleanup(); +} + +void +ASN1_add_oid_module(void) +{ + CONF_module_add("oid_section", oid_module_init, oid_module_finish); +} + +/* Create an OID based on a name value pair. Accept two formats. + * shortname = 1.2.3.4 + * shortname = some long name, 1.2.3.4 + */ + +static int +do_create(char *value, char *name) +{ + int nid; + ASN1_OBJECT *oid; + char *ln, *ostr, *p, *lntmp; + + p = strrchr(value, ','); + if (!p) { + ln = name; + ostr = value; + } else { + ln = NULL; + ostr = p + 1; + if (!*ostr) + return 0; + while (isspace((unsigned char)*ostr)) + ostr++; } + + nid = OBJ_create(ostr, name, ln); + + if (nid == NID_undef) + return 0; + + if (p) { + ln = value; + while (isspace((unsigned char)*ln)) + ln++; + p--; + while (isspace((unsigned char)*p)) { + if (p == ln) + return 0; + p--; + } + p++; + lntmp = malloc((p - ln) + 1); + if (lntmp == NULL) + return 0; + memcpy(lntmp, ln, p - ln); + lntmp[p - ln] = 0; + oid = OBJ_nid2obj(nid); + oid->ln = lntmp; + } + + return 1; +} diff --git a/src/lib/libcrypto/asn1/asn_pack.c b/src/lib/libcrypto/asn1/asn_pack.c index e6051db2dc9..090beff0f0e 100644 --- a/src/lib/libcrypto/asn1/asn_pack.c +++ b/src/lib/libcrypto/asn1/asn_pack.c @@ -1,5 +1,5 @@ -/* asn_pack.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: asn_pack.c,v 1.18 2018/10/24 17:57:22 jsing Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,135 +57,53 @@ */ #include -#include "cryptlib.h" -#include - -#ifndef NO_ASN1_OLD - -/* ASN1 packing and unpacking functions */ - -/* Turn an ASN1 encoded SEQUENCE OF into a STACK of structures */ - -STACK *ASN1_seq_unpack(unsigned char *buf, int len, char *(*d2i)(), - void (*free_func)(void *)) -{ - STACK *sk; - unsigned char *pbuf; - pbuf = buf; - if (!(sk = d2i_ASN1_SET(NULL, &pbuf, len, d2i, free_func, - V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL))) - ASN1err(ASN1_F_ASN1_SEQ_UNPACK,ASN1_R_DECODE_ERROR); - return sk; -} -/* Turn a STACK structures into an ASN1 encoded SEQUENCE OF structure in a - * OPENSSL_malloc'ed buffer - */ - -unsigned char *ASN1_seq_pack(STACK *safes, int (*i2d)(), unsigned char **buf, - int *len) -{ - int safelen; - unsigned char *safe, *p; - if (!(safelen = i2d_ASN1_SET(safes, NULL, i2d, V_ASN1_SEQUENCE, - V_ASN1_UNIVERSAL, IS_SEQUENCE))) { - ASN1err(ASN1_F_ASN1_SEQ_PACK,ASN1_R_ENCODE_ERROR); - return NULL; - } - if (!(safe = OPENSSL_malloc (safelen))) { - ASN1err(ASN1_F_ASN1_SEQ_PACK,ERR_R_MALLOC_FAILURE); - return NULL; - } - p = safe; - i2d_ASN1_SET(safes, &p, i2d, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, - IS_SEQUENCE); - if (len) *len = safelen; - if (buf) *buf = safe; - return safe; -} - -/* Extract an ASN1 object from an ASN1_STRING */ - -void *ASN1_unpack_string (ASN1_STRING *oct, char *(*d2i)()) -{ - unsigned char *p; - char *ret; - - p = oct->data; - if(!(ret = d2i(NULL, &p, oct->length))) - ASN1err(ASN1_F_ASN1_UNPACK_STRING,ASN1_R_DECODE_ERROR); - return ret; -} - -/* Pack an ASN1 object into an ASN1_STRING */ +#include +#include -ASN1_STRING *ASN1_pack_string(void *obj, int (*i2d)(), ASN1_STRING **oct) +/* Pack an ASN1 object into an ASN1_STRING. */ +ASN1_STRING * +ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct) { - unsigned char *p; ASN1_STRING *octmp; if (!oct || !*oct) { if (!(octmp = ASN1_STRING_new ())) { - ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE); + ASN1error(ERR_R_MALLOC_FAILURE); return NULL; } - if (oct) *oct = octmp; - } else octmp = *oct; - - if (!(octmp->length = i2d(obj, NULL))) { - ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR); - return NULL; - } - if (!(p = OPENSSL_malloc (octmp->length))) { - ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE); - return NULL; - } - octmp->data = p; - i2d (obj, &p); - return octmp; -} - -#endif - -/* ASN1_ITEM versions of the above */ + } else + octmp = *oct; -ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct) -{ - ASN1_STRING *octmp; + free(octmp->data); + octmp->data = NULL; - if (!oct || !*oct) { - if (!(octmp = ASN1_STRING_new ())) { - ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE); - return NULL; - } - if (oct) *oct = octmp; - } else octmp = *oct; - - if(octmp->data) { - OPENSSL_free(octmp->data); - octmp->data = NULL; - } - if (!(octmp->length = ASN1_item_i2d(obj, &octmp->data, it))) { - ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR); - return NULL; + ASN1error(ASN1_R_ENCODE_ERROR); + goto err; } if (!octmp->data) { - ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE); - return NULL; + ASN1error(ERR_R_MALLOC_FAILURE); + goto err; } + if (oct) + *oct = octmp; return octmp; +err: + if (!oct || octmp != *oct) + ASN1_STRING_free(octmp); + return NULL; } -/* Extract an ASN1 object from an ASN1_STRING */ - -void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it) +/* Extract an ASN1 object from an ASN1_STRING. */ +void * +ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it) { - unsigned char *p; + const unsigned char *p; void *ret; p = oct->data; - if(!(ret = ASN1_item_d2i(NULL, &p, oct->length, it))) - ASN1err(ASN1_F_ASN1_UNPACK_STRING,ASN1_R_DECODE_ERROR); + if (!(ret = ASN1_item_d2i(NULL, &p, oct->length, it))) + ASN1error(ASN1_R_DECODE_ERROR); return ret; } diff --git a/src/lib/libcrypto/asn1/bio_asn1.c b/src/lib/libcrypto/asn1/bio_asn1.c new file mode 100644 index 00000000000..93bcb33888e --- /dev/null +++ b/src/lib/libcrypto/asn1/bio_asn1.c @@ -0,0 +1,496 @@ +/* $OpenBSD: bio_asn1.c,v 1.13 2018/05/01 13:29:09 tb Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* Experimental ASN1 BIO. When written through the data is converted + * to an ASN1 string type: default is OCTET STRING. Additional functions + * can be provided to add prefix and suffix data. + */ + +#include +#include + +#include +#include + +/* Must be large enough for biggest tag+length */ +#define DEFAULT_ASN1_BUF_SIZE 20 + +typedef enum { + ASN1_STATE_START, + ASN1_STATE_PRE_COPY, + ASN1_STATE_HEADER, + ASN1_STATE_HEADER_COPY, + ASN1_STATE_DATA_COPY, + ASN1_STATE_POST_COPY, + ASN1_STATE_DONE +} asn1_bio_state_t; + +typedef struct BIO_ASN1_EX_FUNCS_st { + asn1_ps_func *ex_func; + asn1_ps_func *ex_free_func; +} BIO_ASN1_EX_FUNCS; + +typedef struct BIO_ASN1_BUF_CTX_t { + /* Internal state */ + asn1_bio_state_t state; + /* Internal buffer */ + unsigned char *buf; + /* Size of buffer */ + int bufsize; + /* Current position in buffer */ + int bufpos; + /* Current buffer length */ + int buflen; + /* Amount of data to copy */ + int copylen; + /* Class and tag to use */ + int asn1_class, asn1_tag; + asn1_ps_func *prefix, *prefix_free, *suffix, *suffix_free; + /* Extra buffer for prefix and suffix data */ + unsigned char *ex_buf; + int ex_len; + int ex_pos; + void *ex_arg; +} BIO_ASN1_BUF_CTX; + + +static int asn1_bio_write(BIO *h, const char *buf, int num); +static int asn1_bio_read(BIO *h, char *buf, int size); +static int asn1_bio_puts(BIO *h, const char *str); +static int asn1_bio_gets(BIO *h, char *str, int size); +static long asn1_bio_ctrl(BIO *h, int cmd, long arg1, void *arg2); +static int asn1_bio_new(BIO *h); +static int asn1_bio_free(BIO *data); +static long asn1_bio_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); + +static int asn1_bio_init(BIO_ASN1_BUF_CTX *ctx, int size); +static int asn1_bio_flush_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx, + asn1_ps_func *cleanup, asn1_bio_state_t next); +static int asn1_bio_setup_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx, + asn1_ps_func *setup, asn1_bio_state_t ex_state, + asn1_bio_state_t other_state); + +static const BIO_METHOD methods_asn1 = { + .type = BIO_TYPE_ASN1, + .name = "asn1", + .bwrite = asn1_bio_write, + .bread = asn1_bio_read, + .bputs = asn1_bio_puts, + .bgets = asn1_bio_gets, + .ctrl = asn1_bio_ctrl, + .create = asn1_bio_new, + .destroy = asn1_bio_free, + .callback_ctrl = asn1_bio_callback_ctrl +}; + +const BIO_METHOD * +BIO_f_asn1(void) +{ + return (&methods_asn1); +} + +static int +asn1_bio_new(BIO *b) +{ + BIO_ASN1_BUF_CTX *ctx; + ctx = malloc(sizeof(BIO_ASN1_BUF_CTX)); + if (!ctx) + return 0; + if (!asn1_bio_init(ctx, DEFAULT_ASN1_BUF_SIZE)) { + free(ctx); + return 0; + } + b->init = 1; + b->ptr = (char *)ctx; + b->flags = 0; + return 1; +} + +static int +asn1_bio_init(BIO_ASN1_BUF_CTX *ctx, int size) +{ + ctx->buf = malloc(size); + if (!ctx->buf) + return 0; + ctx->bufsize = size; + ctx->bufpos = 0; + ctx->buflen = 0; + ctx->copylen = 0; + ctx->asn1_class = V_ASN1_UNIVERSAL; + ctx->asn1_tag = V_ASN1_OCTET_STRING; + ctx->ex_buf = NULL; + ctx->ex_pos = 0; + ctx->ex_len = 0; + ctx->state = ASN1_STATE_START; + return 1; +} + +static int +asn1_bio_free(BIO *b) +{ + BIO_ASN1_BUF_CTX *ctx; + + ctx = (BIO_ASN1_BUF_CTX *) b->ptr; + if (ctx == NULL) + return 0; + free(ctx->buf); + free(ctx); + b->init = 0; + b->ptr = NULL; + b->flags = 0; + return 1; +} + +static int +asn1_bio_write(BIO *b, const char *in , int inl) +{ + BIO_ASN1_BUF_CTX *ctx; + int wrmax, wrlen, ret, buflen; + unsigned char *p; + + if (!in || (inl < 0) || (b->next_bio == NULL)) + return 0; + ctx = (BIO_ASN1_BUF_CTX *) b->ptr; + if (ctx == NULL) + return 0; + + wrlen = 0; + ret = -1; + + for (;;) { + switch (ctx->state) { + + /* Setup prefix data, call it */ + case ASN1_STATE_START: + if (!asn1_bio_setup_ex(b, ctx, ctx->prefix, + ASN1_STATE_PRE_COPY, ASN1_STATE_HEADER)) + return 0; + break; + + /* Copy any pre data first */ + case ASN1_STATE_PRE_COPY: + ret = asn1_bio_flush_ex(b, ctx, ctx->prefix_free, + ASN1_STATE_HEADER); + if (ret <= 0) + goto done; + break; + + case ASN1_STATE_HEADER: + buflen = ASN1_object_size(0, inl, ctx->asn1_tag) - inl; + if (buflen <= 0 || buflen > ctx->bufsize) + return -1; + ctx->buflen = buflen; + p = ctx->buf; + ASN1_put_object(&p, 0, inl, + ctx->asn1_tag, ctx->asn1_class); + ctx->copylen = inl; + ctx->state = ASN1_STATE_HEADER_COPY; + break; + + case ASN1_STATE_HEADER_COPY: + ret = BIO_write(b->next_bio, + ctx->buf + ctx->bufpos, ctx->buflen); + if (ret <= 0) + goto done; + + ctx->buflen -= ret; + if (ctx->buflen) + ctx->bufpos += ret; + else { + ctx->bufpos = 0; + ctx->state = ASN1_STATE_DATA_COPY; + } + break; + + case ASN1_STATE_DATA_COPY: + + if (inl > ctx->copylen) + wrmax = ctx->copylen; + else + wrmax = inl; + ret = BIO_write(b->next_bio, in, wrmax); + if (ret <= 0) + break; + wrlen += ret; + ctx->copylen -= ret; + in += ret; + inl -= ret; + + if (ctx->copylen == 0) + ctx->state = ASN1_STATE_HEADER; + if (inl == 0) + goto done; + break; + + default: + BIO_clear_retry_flags(b); + return 0; + } + + } + +done: + BIO_clear_retry_flags(b); + BIO_copy_next_retry(b); + + return (wrlen > 0) ? wrlen : ret; +} + +static int +asn1_bio_flush_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx, asn1_ps_func *cleanup, + asn1_bio_state_t next) +{ + int ret; + + if (ctx->ex_len <= 0) + return 1; + for (;;) { + ret = BIO_write(b->next_bio, ctx->ex_buf + ctx->ex_pos, + ctx->ex_len); + if (ret <= 0) + break; + ctx->ex_len -= ret; + if (ctx->ex_len > 0) + ctx->ex_pos += ret; + else { + if (cleanup) + cleanup(b, &ctx->ex_buf, &ctx->ex_len, + &ctx->ex_arg); + ctx->state = next; + ctx->ex_pos = 0; + break; + } + } + return ret; +} + +static int +asn1_bio_setup_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx, asn1_ps_func *setup, + asn1_bio_state_t ex_state, asn1_bio_state_t other_state) +{ + if (setup && !setup(b, &ctx->ex_buf, &ctx->ex_len, &ctx->ex_arg)) { + BIO_clear_retry_flags(b); + return 0; + } + if (ctx->ex_len > 0) + ctx->state = ex_state; + else + ctx->state = other_state; + return 1; +} + +static int +asn1_bio_read(BIO *b, char *in , int inl) +{ + if (!b->next_bio) + return 0; + return BIO_read(b->next_bio, in , inl); +} + +static int +asn1_bio_puts(BIO *b, const char *str) +{ + return asn1_bio_write(b, str, strlen(str)); +} + +static int +asn1_bio_gets(BIO *b, char *str, int size) +{ + if (!b->next_bio) + return 0; + return BIO_gets(b->next_bio, str , size); +} + +static long +asn1_bio_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) +{ + if (b->next_bio == NULL) + return (0); + return BIO_callback_ctrl(b->next_bio, cmd, fp); +} + +static long +asn1_bio_ctrl(BIO *b, int cmd, long arg1, void *arg2) +{ + BIO_ASN1_BUF_CTX *ctx; + BIO_ASN1_EX_FUNCS *ex_func; + long ret = 1; + + ctx = (BIO_ASN1_BUF_CTX *) b->ptr; + if (ctx == NULL) + return 0; + switch (cmd) { + + case BIO_C_SET_PREFIX: + ex_func = arg2; + ctx->prefix = ex_func->ex_func; + ctx->prefix_free = ex_func->ex_free_func; + break; + + case BIO_C_GET_PREFIX: + ex_func = arg2; + ex_func->ex_func = ctx->prefix; + ex_func->ex_free_func = ctx->prefix_free; + break; + + case BIO_C_SET_SUFFIX: + ex_func = arg2; + ctx->suffix = ex_func->ex_func; + ctx->suffix_free = ex_func->ex_free_func; + break; + + case BIO_C_GET_SUFFIX: + ex_func = arg2; + ex_func->ex_func = ctx->suffix; + ex_func->ex_free_func = ctx->suffix_free; + break; + + case BIO_C_SET_EX_ARG: + ctx->ex_arg = arg2; + break; + + case BIO_C_GET_EX_ARG: + *(void **)arg2 = ctx->ex_arg; + break; + + case BIO_CTRL_FLUSH: + if (!b->next_bio) + return 0; + + /* Call post function if possible */ + if (ctx->state == ASN1_STATE_HEADER) { + if (!asn1_bio_setup_ex(b, ctx, ctx->suffix, + ASN1_STATE_POST_COPY, ASN1_STATE_DONE)) + return 0; + } + + if (ctx->state == ASN1_STATE_POST_COPY) { + ret = asn1_bio_flush_ex(b, ctx, ctx->suffix_free, + ASN1_STATE_DONE); + if (ret <= 0) + return ret; + } + + if (ctx->state == ASN1_STATE_DONE) + return BIO_ctrl(b->next_bio, cmd, arg1, arg2); + else { + BIO_clear_retry_flags(b); + return 0; + } + break; + + + default: + if (!b->next_bio) + return 0; + return BIO_ctrl(b->next_bio, cmd, arg1, arg2); + + } + + return ret; +} + +static int +asn1_bio_set_ex(BIO *b, int cmd, asn1_ps_func *ex_func, asn1_ps_func + *ex_free_func) +{ + BIO_ASN1_EX_FUNCS extmp; + + extmp.ex_func = ex_func; + extmp.ex_free_func = ex_free_func; + return BIO_ctrl(b, cmd, 0, &extmp); +} + +static int +asn1_bio_get_ex(BIO *b, int cmd, asn1_ps_func **ex_func, + asn1_ps_func **ex_free_func) +{ + BIO_ASN1_EX_FUNCS extmp; + int ret; + + ret = BIO_ctrl(b, cmd, 0, &extmp); + if (ret > 0) { + *ex_func = extmp.ex_func; + *ex_free_func = extmp.ex_free_func; + } + return ret; +} + +int +BIO_asn1_set_prefix(BIO *b, asn1_ps_func *prefix, asn1_ps_func *prefix_free) +{ + return asn1_bio_set_ex(b, BIO_C_SET_PREFIX, prefix, prefix_free); +} + +int +BIO_asn1_get_prefix(BIO *b, asn1_ps_func **pprefix, asn1_ps_func **pprefix_free) +{ + return asn1_bio_get_ex(b, BIO_C_GET_PREFIX, pprefix, pprefix_free); +} + +int +BIO_asn1_set_suffix(BIO *b, asn1_ps_func *suffix, asn1_ps_func *suffix_free) +{ + return asn1_bio_set_ex(b, BIO_C_SET_SUFFIX, suffix, suffix_free); +} + +int +BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix, asn1_ps_func **psuffix_free) +{ + return asn1_bio_get_ex(b, BIO_C_GET_SUFFIX, psuffix, psuffix_free); +} diff --git a/src/lib/libcrypto/asn1/bio_ndef.c b/src/lib/libcrypto/asn1/bio_ndef.c new file mode 100644 index 00000000000..890b1413049 --- /dev/null +++ b/src/lib/libcrypto/asn1/bio_ndef.c @@ -0,0 +1,243 @@ +/* $OpenBSD: bio_ndef.c,v 1.10 2017/01/29 17:49:22 beck Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ + +#include +#include +#include +#include + +#include + +/* Experimental NDEF ASN1 BIO support routines */ + +/* The usage is quite simple, initialize an ASN1 structure, + * get a BIO from it then any data written through the BIO + * will end up translated to approptiate format on the fly. + * The data is streamed out and does *not* need to be + * all held in memory at once. + * + * When the BIO is flushed the output is finalized and any + * signatures etc written out. + * + * The BIO is a 'proper' BIO and can handle non blocking I/O + * correctly. + * + * The usage is simple. The implementation is *not*... + */ + +/* BIO support data stored in the ASN1 BIO ex_arg */ + +typedef struct ndef_aux_st { + /* ASN1 structure this BIO refers to */ + ASN1_VALUE *val; + const ASN1_ITEM *it; + /* Top of the BIO chain */ + BIO *ndef_bio; + /* Output BIO */ + BIO *out; + /* Boundary where content is inserted */ + unsigned char **boundary; + /* DER buffer start */ + unsigned char *derbuf; +} NDEF_SUPPORT; + +static int ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg); +static int ndef_prefix_free(BIO *b, unsigned char **pbuf, int *plen, void *parg); +static int ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg); +static int ndef_suffix_free(BIO *b, unsigned char **pbuf, int *plen, void *parg); + +BIO * +BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it) +{ + NDEF_SUPPORT *ndef_aux = NULL; + BIO *asn_bio = NULL; + const ASN1_AUX *aux = it->funcs; + ASN1_STREAM_ARG sarg; + + if (!aux || !aux->asn1_cb) { + ASN1error(ASN1_R_STREAMING_NOT_SUPPORTED); + return NULL; + } + ndef_aux = malloc(sizeof(NDEF_SUPPORT)); + asn_bio = BIO_new(BIO_f_asn1()); + + /* ASN1 bio needs to be next to output BIO */ + + out = BIO_push(asn_bio, out); + + if (!ndef_aux || !asn_bio || !out) + goto err; + + BIO_asn1_set_prefix(asn_bio, ndef_prefix, ndef_prefix_free); + BIO_asn1_set_suffix(asn_bio, ndef_suffix, ndef_suffix_free); + + /* Now let callback prepend any digest, cipher etc BIOs + * ASN1 structure needs. + */ + + sarg.out = out; + sarg.ndef_bio = NULL; + sarg.boundary = NULL; + + if (aux->asn1_cb(ASN1_OP_STREAM_PRE, &val, it, &sarg) <= 0) + goto err; + + ndef_aux->val = val; + ndef_aux->it = it; + ndef_aux->ndef_bio = sarg.ndef_bio; + ndef_aux->boundary = sarg.boundary; + ndef_aux->out = out; + + BIO_ctrl(asn_bio, BIO_C_SET_EX_ARG, 0, ndef_aux); + + return sarg.ndef_bio; + +err: + BIO_free(asn_bio); + free(ndef_aux); + return NULL; +} + +static int +ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg) +{ + NDEF_SUPPORT *ndef_aux; + unsigned char *p; + int derlen; + + if (!parg) + return 0; + + ndef_aux = *(NDEF_SUPPORT **)parg; + + derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it); + p = malloc(derlen); + ndef_aux->derbuf = p; + *pbuf = p; + derlen = ASN1_item_ndef_i2d(ndef_aux->val, &p, ndef_aux->it); + + if (!*ndef_aux->boundary) + return 0; + + *plen = *ndef_aux->boundary - *pbuf; + + return 1; +} + +static int +ndef_prefix_free(BIO *b, unsigned char **pbuf, int *plen, void *parg) +{ + NDEF_SUPPORT *ndef_aux; + + if (!parg) + return 0; + + ndef_aux = *(NDEF_SUPPORT **)parg; + + free(ndef_aux->derbuf); + + ndef_aux->derbuf = NULL; + *pbuf = NULL; + *plen = 0; + return 1; +} + +static int +ndef_suffix_free(BIO *b, unsigned char **pbuf, int *plen, void *parg) +{ + NDEF_SUPPORT **pndef_aux = (NDEF_SUPPORT **)parg; + if (!ndef_prefix_free(b, pbuf, plen, parg)) + return 0; + free(*pndef_aux); + *pndef_aux = NULL; + return 1; +} + +static int +ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg) +{ + NDEF_SUPPORT *ndef_aux; + unsigned char *p; + int derlen; + const ASN1_AUX *aux; + ASN1_STREAM_ARG sarg; + + if (!parg) + return 0; + + ndef_aux = *(NDEF_SUPPORT **)parg; + + aux = ndef_aux->it->funcs; + + /* Finalize structures */ + sarg.ndef_bio = ndef_aux->ndef_bio; + sarg.out = ndef_aux->out; + sarg.boundary = ndef_aux->boundary; + if (aux->asn1_cb(ASN1_OP_STREAM_POST, + &ndef_aux->val, ndef_aux->it, &sarg) <= 0) + return 0; + + derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it); + p = malloc(derlen); + ndef_aux->derbuf = p; + *pbuf = p; + derlen = ASN1_item_ndef_i2d(ndef_aux->val, &p, ndef_aux->it); + + if (!*ndef_aux->boundary) + return 0; + *pbuf = *ndef_aux->boundary; + *plen = derlen - (*ndef_aux->boundary - ndef_aux->derbuf); + + return 1; +} diff --git a/src/lib/libcrypto/asn1/charmap.h b/src/lib/libcrypto/asn1/charmap.h index bd020a9562f..bed5487600c 100644 --- a/src/lib/libcrypto/asn1/charmap.h +++ b/src/lib/libcrypto/asn1/charmap.h @@ -1,15 +1,19 @@ +/* $OpenBSD: charmap.h,v 1.5 2016/12/21 15:49:29 jsing Exp $ */ /* Auto generated with chartype.pl script. * Mask of various character properties */ -static unsigned char char_type[] = { - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, - 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, -120, 0, 1,40, 0, 0, 0,16,16,16, 0,25,25,16,16,16, -16,16,16,16,16,16,16,16,16,16,16, 9, 9,16, 9,16, - 0,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16, -16,16,16,16,16,16,16,16,16,16,16, 0, 1, 0, 0, 0, - 0,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16, -16,16,16,16,16,16,16,16,16,16,16, 0, 0, 0, 0, 2 +__BEGIN_HIDDEN_DECLS + +static const unsigned char char_type[] = { + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, + 120, 0, 1, 40, 0, 0, 0, 16, 16, 16, 0, 25, 25, 16, 16, 16, + 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 9, 9, 16, 9, 16, + 0, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, + 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 0, 1, 0, 0, 0, + 0, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, + 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 0, 0, 0, 0, 2 }; +__END_HIDDEN_DECLS diff --git a/src/lib/libcrypto/asn1/d2i_pr.c b/src/lib/libcrypto/asn1/d2i_pr.c index 2e7d96af904..a657a1f3cd1 100644 --- a/src/lib/libcrypto/asn1/d2i_pr.c +++ b/src/lib/libcrypto/asn1/d2i_pr.c @@ -1,25 +1,25 @@ -/* crypto/asn1/d2i_pr.c */ +/* $OpenBSD: d2i_pr.c,v 1.16 2018/04/14 07:09:21 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,89 +57,111 @@ */ #include -#include "cryptlib.h" + +#include + +#include #include +#include #include #include -#include -#ifndef OPENSSL_NO_RSA -#include -#endif -#ifndef OPENSSL_NO_DSA -#include +#include + +#ifndef OPENSSL_NO_ENGINE +#include #endif -EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, unsigned char **pp, - long length) - { +#include "asn1_locl.h" + +EVP_PKEY * +d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, long length) +{ EVP_PKEY *ret; - if ((a == NULL) || (*a == NULL)) - { - if ((ret=EVP_PKEY_new()) == NULL) - { - ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_EVP_LIB); - return(NULL); - } + if ((a == NULL) || (*a == NULL)) { + if ((ret = EVP_PKEY_new()) == NULL) { + ASN1error(ERR_R_EVP_LIB); + return (NULL); } - else ret= *a; - - ret->save_type=type; - ret->type=EVP_PKEY_type(type); - switch (ret->type) - { -#ifndef OPENSSL_NO_RSA - case EVP_PKEY_RSA: - if ((ret->pkey.rsa=d2i_RSAPrivateKey(NULL, - (const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */ - { - ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB); - goto err; - } - break; + } else { + ret = *a; +#ifndef OPENSSL_NO_ENGINE + ENGINE_finish(ret->engine); + ret->engine = NULL; #endif -#ifndef OPENSSL_NO_DSA - case EVP_PKEY_DSA: - if ((ret->pkey.dsa=d2i_DSAPrivateKey(NULL, - (const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */ - { - ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB); - goto err; - } - break; -#endif - default: - ASN1err(ASN1_F_D2I_PRIVATEKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE); + } + + if (!EVP_PKEY_set_type(ret, type)) { + ASN1error(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE); goto err; - /* break; */ + } + + if (!ret->ameth->old_priv_decode || + !ret->ameth->old_priv_decode(ret, pp, length)) { + if (ret->ameth->priv_decode) { + PKCS8_PRIV_KEY_INFO *p8 = NULL; + p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, pp, length); + if (!p8) + goto err; + EVP_PKEY_free(ret); + ret = EVP_PKCS82PKEY(p8); + PKCS8_PRIV_KEY_INFO_free(p8); + } else { + ASN1error(ERR_R_ASN1_LIB); + goto err; } - if (a != NULL) (*a)=ret; - return(ret); -err: - if ((ret != NULL) && ((a == NULL) || (*a != ret))) EVP_PKEY_free(ret); - return(NULL); } + if (a != NULL) + (*a) = ret; + return (ret); + +err: + if (a == NULL || *a != ret) + EVP_PKEY_free(ret); + return (NULL); +} /* This works like d2i_PrivateKey() except it automatically works out the type */ -EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, unsigned char **pp, - long length) +EVP_PKEY * +d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, long length) { STACK_OF(ASN1_TYPE) *inkey; - unsigned char *p; + const unsigned char *p; int keytype; + p = *pp; /* Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE): * by analyzing it we can determine the passed structure: this * assumes the input is surrounded by an ASN1 SEQUENCE. */ - inkey = d2i_ASN1_SET_OF_ASN1_TYPE(NULL, &p, length, d2i_ASN1_TYPE, - ASN1_TYPE_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); + inkey = d2i_ASN1_SEQUENCE_ANY(NULL, &p, length); /* Since we only need to discern "traditional format" RSA and DSA * keys we can just count the elements. */ - if(sk_ASN1_TYPE_num(inkey) == 6) keytype = EVP_PKEY_DSA; - else keytype = EVP_PKEY_RSA; + if (sk_ASN1_TYPE_num(inkey) == 6) + keytype = EVP_PKEY_DSA; + else if (sk_ASN1_TYPE_num(inkey) == 4) + keytype = EVP_PKEY_EC; + else if (sk_ASN1_TYPE_num(inkey) == 3) { + /* This seems to be PKCS8, not traditional format */ + PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO( + NULL, pp, length); + EVP_PKEY *ret; + + sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free); + if (!p8) { + ASN1error(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); + return NULL; + } + ret = EVP_PKCS82PKEY(p8); + PKCS8_PRIV_KEY_INFO_free(p8); + if (a) { + *a = ret; + } + return ret; + } else + keytype = EVP_PKEY_RSA; sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free); return d2i_PrivateKey(keytype, a, pp, length); } diff --git a/src/lib/libcrypto/asn1/d2i_pu.c b/src/lib/libcrypto/asn1/d2i_pu.c index 71f2eb361bd..3750265e7f3 100644 --- a/src/lib/libcrypto/asn1/d2i_pu.c +++ b/src/lib/libcrypto/asn1/d2i_pu.c @@ -1,25 +1,25 @@ -/* crypto/asn1/d2i_pu.c */ +/* $OpenBSD: d2i_pu.c,v 1.14 2017/01/29 17:49:22 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,66 +57,80 @@ */ #include -#include "cryptlib.h" + +#include + +#include #include +#include #include #include -#include -#ifndef OPENSSL_NO_RSA -#include -#endif + #ifndef OPENSSL_NO_DSA #include #endif +#ifndef OPENSSL_NO_EC +#include +#endif +#ifndef OPENSSL_NO_RSA +#include +#endif -EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, unsigned char **pp, - long length) - { +EVP_PKEY * +d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, long length) +{ EVP_PKEY *ret; - if ((a == NULL) || (*a == NULL)) - { - if ((ret=EVP_PKEY_new()) == NULL) - { - ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_EVP_LIB); - return(NULL); - } + if ((a == NULL) || (*a == NULL)) { + if ((ret = EVP_PKEY_new()) == NULL) { + ASN1error(ERR_R_EVP_LIB); + return (NULL); } - else ret= *a; + } else + ret = *a; - ret->save_type=type; - ret->type=EVP_PKEY_type(type); - switch (ret->type) - { + if (!EVP_PKEY_set_type(ret, type)) { + ASN1error(ERR_R_EVP_LIB); + goto err; + } + + switch (EVP_PKEY_id(ret)) { #ifndef OPENSSL_NO_RSA case EVP_PKEY_RSA: - if ((ret->pkey.rsa=d2i_RSAPublicKey(NULL, - (const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */ - { - ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB); + if ((ret->pkey.rsa = d2i_RSAPublicKey(NULL, pp, length)) == + NULL) { + ASN1error(ERR_R_ASN1_LIB); goto err; - } + } break; #endif #ifndef OPENSSL_NO_DSA case EVP_PKEY_DSA: - if ((ret->pkey.dsa=d2i_DSAPublicKey(NULL, - (const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */ - { - ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB); + if (!d2i_DSAPublicKey(&(ret->pkey.dsa), pp, length)) { + ASN1error(ERR_R_ASN1_LIB); + goto err; + } + break; +#endif +#ifndef OPENSSL_NO_EC + case EVP_PKEY_EC: + if (!o2i_ECPublicKey(&(ret->pkey.ec), pp, length)) { + ASN1error(ERR_R_ASN1_LIB); goto err; - } + } break; #endif default: - ASN1err(ASN1_F_D2I_PUBLICKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE); + ASN1error(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE); goto err; /* break; */ - } - if (a != NULL) (*a)=ret; - return(ret); -err: - if ((ret != NULL) && ((a == NULL) || (*a != ret))) EVP_PKEY_free(ret); - return(NULL); } + if (a != NULL) + (*a) = ret; + return (ret); +err: + if (a == NULL || *a != ret) + EVP_PKEY_free(ret); + return (NULL); +} diff --git a/src/lib/libcrypto/asn1/evp_asn1.c b/src/lib/libcrypto/asn1/evp_asn1.c index 3506005a714..4b7ebbb0224 100644 --- a/src/lib/libcrypto/asn1/evp_asn1.c +++ b/src/lib/libcrypto/asn1/evp_asn1.c @@ -1,25 +1,25 @@ -/* crypto/asn1/evp_asn1.c */ +/* $OpenBSD: evp_asn1.c,v 1.23 2018/11/09 04:20:27 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,129 +57,137 @@ */ #include -#include "cryptlib.h" +#include + #include -#include +#include +#include -int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len) - { +int +ASN1_TYPE_set_octetstring(ASN1_TYPE *a, const unsigned char *data, int len) +{ ASN1_STRING *os; - if ((os=M_ASN1_OCTET_STRING_new()) == NULL) return(0); - if (!M_ASN1_OCTET_STRING_set(os,data,len)) return(0); - ASN1_TYPE_set(a,V_ASN1_OCTET_STRING,os); - return(1); + if ((os = ASN1_OCTET_STRING_new()) == NULL) + return (0); + if (!ASN1_STRING_set(os, data, len)) { + ASN1_OCTET_STRING_free(os); + return (0); } - -/* int max_len: for returned value */ -int ASN1_TYPE_get_octetstring(ASN1_TYPE *a, unsigned char *data, - int max_len) - { - int ret,num; + ASN1_TYPE_set(a, V_ASN1_OCTET_STRING, os); + return (1); +} + +int +ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data, int max_len) +{ + int ret, num; unsigned char *p; - if ((a->type != V_ASN1_OCTET_STRING) || (a->value.octet_string == NULL)) - { - ASN1err(ASN1_F_ASN1_TYPE_GET_OCTETSTRING,ASN1_R_DATA_IS_WRONG); - return(-1); - } - p=M_ASN1_STRING_data(a->value.octet_string); - ret=M_ASN1_STRING_length(a->value.octet_string); + if ((a->type != V_ASN1_OCTET_STRING) || + (a->value.octet_string == NULL)) { + ASN1error(ASN1_R_DATA_IS_WRONG); + return (-1); + } + p = ASN1_STRING_data(a->value.octet_string); + ret = ASN1_STRING_length(a->value.octet_string); if (ret < max_len) - num=ret; + num = ret; else - num=max_len; - memcpy(data,p,num); - return(ret); - } + num = max_len; + memcpy(data, p, num); + return (ret); +} -int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, unsigned char *data, - int len) - { - int n,size; - ASN1_OCTET_STRING os,*osp; - ASN1_INTEGER in; - unsigned char *p; - unsigned char buf[32]; /* when they have 256bit longs, - * I'll be in trouble */ - in.data=buf; - in.length=32; - os.data=data; - os.type=V_ASN1_OCTET_STRING; - os.length=len; - ASN1_INTEGER_set(&in,num); - n = i2d_ASN1_INTEGER(&in,NULL); - n+=M_i2d_ASN1_OCTET_STRING(&os,NULL); - - size=ASN1_object_size(1,n,V_ASN1_SEQUENCE); - - if ((osp=ASN1_STRING_new()) == NULL) return(0); - /* Grow the 'string' */ - ASN1_STRING_set(osp,NULL,size); - - M_ASN1_STRING_length_set(osp, size); - p=M_ASN1_STRING_data(osp); - - ASN1_put_object(&p,1,n,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL); - i2d_ASN1_INTEGER(&in,&p); - M_i2d_ASN1_OCTET_STRING(&os,&p); - - ASN1_TYPE_set(a,V_ASN1_SEQUENCE,osp); - return(1); - } +typedef struct { + ASN1_INTEGER *num; + ASN1_OCTET_STRING *value; +} ASN1_int_octetstring; -/* we return the actual length..., num may be missing, in which - * case, set it to zero */ -/* int max_len: for returned value */ -int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a, long *num, unsigned char *data, - int max_len) +static const ASN1_TEMPLATE ASN1_INT_OCTETSTRING_seq_tt[] = { { - int ret= -1,n; - ASN1_INTEGER *ai=NULL; - ASN1_OCTET_STRING *os=NULL; - unsigned char *p; - long length; - ASN1_CTX c; + .offset = offsetof(ASN1_int_octetstring, num), + .field_name = "num", + .item = &ASN1_INTEGER_it, + }, + { + .offset = offsetof(ASN1_int_octetstring, value), + .field_name = "value", + .item = &ASN1_OCTET_STRING_it, + }, +}; + +const ASN1_ITEM ASN1_INT_OCTETSTRING_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = ASN1_INT_OCTETSTRING_seq_tt, + .tcount = sizeof(ASN1_INT_OCTETSTRING_seq_tt) / sizeof(ASN1_TEMPLATE), + .size = sizeof(ASN1_int_octetstring), + .sname = "ASN1_INT_OCTETSTRING", +}; + +int +ASN1_TYPE_set_int_octetstring(ASN1_TYPE *at, long num, const unsigned char *data, + int len) +{ + ASN1_int_octetstring *ios; + ASN1_STRING *sp = NULL; + int ret = 0; + + if ((ios = (ASN1_int_octetstring *)ASN1_item_new( + &ASN1_INT_OCTETSTRING_it)) == NULL) + goto err; + if (!ASN1_INTEGER_set(ios->num, num)) + goto err; + if (!ASN1_OCTET_STRING_set(ios->value, data, len)) + goto err; - if ((a->type != V_ASN1_SEQUENCE) || (a->value.sequence == NULL)) - { + if ((sp = ASN1_item_pack(ios, &ASN1_INT_OCTETSTRING_it, NULL)) == NULL) goto err; - } - p=M_ASN1_STRING_data(a->value.sequence); - length=M_ASN1_STRING_length(a->value.sequence); - - c.pp= &p; - c.p=p; - c.max=p+length; - c.error=ASN1_R_DATA_IS_WRONG; - - M_ASN1_D2I_start_sequence(); - c.q=c.p; - if ((ai=d2i_ASN1_INTEGER(NULL,&c.p,c.slen)) == NULL) goto err; - c.slen-=(c.p-c.q); - c.q=c.p; - if ((os=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) goto err; - c.slen-=(c.p-c.q); - if (!M_ASN1_D2I_end_sequence()) goto err; - if (num != NULL) - *num=ASN1_INTEGER_get(ai); + ASN1_TYPE_set(at, V_ASN1_SEQUENCE, sp); + sp = NULL; - ret=M_ASN1_STRING_length(os); - if (max_len > ret) - n=ret; - else - n=max_len; - - if (data != NULL) - memcpy(data,M_ASN1_STRING_data(os),n); - if (0) - { -err: - ASN1err(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,ASN1_R_DATA_IS_WRONG); - } - if (os != NULL) M_ASN1_OCTET_STRING_free(os); - if (ai != NULL) M_ASN1_INTEGER_free(ai); - return(ret); + ret = 1; + + err: + ASN1_item_free((ASN1_VALUE *)ios, &ASN1_INT_OCTETSTRING_it); + ASN1_STRING_free(sp); + + return ret; +} + +int +ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *at, long *num, unsigned char *data, + int max_len) +{ + ASN1_STRING *sp = at->value.sequence; + ASN1_int_octetstring *ios = NULL; + int ret = -1; + int len; + + if (at->type != V_ASN1_SEQUENCE || sp == NULL) + goto err; + + if ((ios = ASN1_item_unpack(sp, &ASN1_INT_OCTETSTRING_it)) == NULL) + goto err; + + if (num != NULL) + *num = ASN1_INTEGER_get(ios->num); + if (data != NULL) { + len = ASN1_STRING_length(ios->value); + if (len > max_len) + len = max_len; + memcpy(data, ASN1_STRING_data(ios->value), len); } + ret = ASN1_STRING_length(ios->value); + + err: + ASN1_item_free((ASN1_VALUE *)ios, &ASN1_INT_OCTETSTRING_it); + + if (ret == -1) + ASN1error(ASN1_R_DATA_IS_WRONG); + + return ret; +} diff --git a/src/lib/libcrypto/asn1/f.c b/src/lib/libcrypto/asn1/f.c deleted file mode 100644 index 82bccdfd510..00000000000 --- a/src/lib/libcrypto/asn1/f.c +++ /dev/null @@ -1,80 +0,0 @@ -/* crypto/asn1/f.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -#include -#include -#include - -main() - { - ASN1_TYPE *at; - char buf[512]; - int n; - long l; - - at=ASN1_TYPE_new(); - - n=ASN1_TYPE_set_int_octetstring(at,98736,"01234567",8); - printf("%d\n",n); - n=ASN1_TYPE_get_int_octetstring(at,&l,buf,8); - buf[8]='\0'; - printf("%ld %d %d\n",l,n,buf[8]); - buf[8]='\0'; - printf("%s\n",buf); - ERR_load_crypto_strings(); - ERR_print_errors_fp(stderr); - } diff --git a/src/lib/libcrypto/asn1/f_enum.c b/src/lib/libcrypto/asn1/f_enum.c index 56e3cc8df2b..cc4b7dfc916 100644 --- a/src/lib/libcrypto/asn1/f_enum.c +++ b/src/lib/libcrypto/asn1/f_enum.c @@ -1,25 +1,25 @@ -/* crypto/asn1/f_enum.c */ +/* $OpenBSD: f_enum.c,v 1.16 2018/04/25 11:48:21 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,151 +57,142 @@ */ #include -#include "cryptlib.h" -#include + #include +#include +#include /* Based on a_int.c: equivalent ENUMERATED functions */ -int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a) - { - int i,n=0; - static const char *h="0123456789ABCDEF"; +int +i2a_ASN1_ENUMERATED(BIO *bp, const ASN1_ENUMERATED *a) +{ + int i, n = 0; + static const char h[] = "0123456789ABCDEF"; char buf[2]; - if (a == NULL) return(0); + if (a == NULL) + return (0); - if (a->length == 0) - { - if (BIO_write(bp,"00",2) != 2) goto err; - n=2; - } - else - { - for (i=0; ilength; i++) - { - if ((i != 0) && (i%35 == 0)) - { - if (BIO_write(bp,"\\\n",2) != 2) goto err; - n+=2; - } - buf[0]=h[((unsigned char)a->data[i]>>4)&0x0f]; - buf[1]=h[((unsigned char)a->data[i] )&0x0f]; - if (BIO_write(bp,buf,2) != 2) goto err; - n+=2; + if (a->length == 0) { + if (BIO_write(bp, "00", 2) != 2) + goto err; + n = 2; + } else { + for (i = 0; i < a->length; i++) { + if ((i != 0) && (i % 35 == 0)) { + if (BIO_write(bp, "\\\n", 2) != 2) + goto err; + n += 2; } + buf[0] = h[((unsigned char)a->data[i] >> 4) & 0x0f]; + buf[1] = h[((unsigned char)a->data[i]) & 0x0f]; + if (BIO_write(bp, buf, 2) != 2) + goto err; + n += 2; } - return(n); -err: - return(-1); } + return (n); + +err: + return (-1); +} -int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size) - { - int ret=0; - int i,j,k,m,n,again,bufsize; - unsigned char *s=NULL,*sp; +int +a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size) +{ + int ret = 0; + int i, j,k, m,n, again, bufsize; + unsigned char *s = NULL, *sp; unsigned char *bufp; - int num=0,slen=0,first=1; + int first = 1; + size_t num = 0, slen = 0; - bs->type=V_ASN1_ENUMERATED; + bs->type = V_ASN1_ENUMERATED; - bufsize=BIO_gets(bp,buf,size); - for (;;) - { - if (bufsize < 1) goto err_sl; - i=bufsize; - if (buf[i-1] == '\n') buf[--i]='\0'; - if (i == 0) goto err_sl; - if (buf[i-1] == '\r') buf[--i]='\0'; - if (i == 0) goto err_sl; - again=(buf[i-1] == '\\'); + bufsize = BIO_gets(bp, buf, size); + for (;;) { + if (bufsize < 1) + goto err_sl; + i = bufsize; + if (buf[i-1] == '\n') + buf[--i] = '\0'; + if (i == 0) + goto err_sl; + if (buf[i-1] == '\r') + buf[--i] = '\0'; + if (i == 0) + goto err_sl; + again = (buf[i - 1] == '\\'); - for (j=0; j= '0') && (buf[j] <= '9')) || - ((buf[j] >= 'a') && (buf[j] <= 'f')) || - ((buf[j] >= 'A') && (buf[j] <= 'F')))) - { - i=j; + for (j = 0; j < i; j++) { + if (!(((buf[j] >= '0') && (buf[j] <= '9')) || + ((buf[j] >= 'a') && (buf[j] <= 'f')) || + ((buf[j] >= 'A') && (buf[j] <= 'F')))) { + i = j; break; - } } - buf[i]='\0'; + } + buf[i] = '\0'; /* We have now cleared all the crap off the end of the * line */ - if (i < 2) goto err_sl; + if (i < 2) + goto err_sl; - bufp=(unsigned char *)buf; - if (first) - { - first=0; - if ((bufp[0] == '0') && (buf[1] == '0')) - { - bufp+=2; - i-=2; - } + bufp = (unsigned char *)buf; + if (first) { + first = 0; + if ((bufp[0] == '0') && (buf[1] == '0')) { + bufp += 2; + i -= 2; } - k=0; - i-=again; - if (i%2 != 0) - { - ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ASN1_R_ODD_NUMBER_OF_CHARS); + } + k = 0; + i -= again; + if (i % 2 != 0) { + ASN1error(ASN1_R_ODD_NUMBER_OF_CHARS); goto err; - } - i/=2; - if (num+i > slen) - { - if (s == NULL) - sp=(unsigned char *)OPENSSL_malloc( - (unsigned int)num+i*2); - else - sp=(unsigned char *)OPENSSL_realloc(s, - (unsigned int)num+i*2); - if (sp == NULL) - { - ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE); - if (s != NULL) OPENSSL_free(s); + } + i /= 2; + if (num + i > slen) { + sp = realloc(s, num + i); + if (sp == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); goto err; - } - s=sp; - slen=num+i*2; } - for (j=0; j= '0') && (m <= '9')) - m-='0'; + m -= '0'; else if ((m >= 'a') && (m <= 'f')) - m=m-'a'+10; + m = m - 'a' + 10; else if ((m >= 'A') && (m <= 'F')) - m=m-'A'+10; - else - { - ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ASN1_R_NON_HEX_CHARACTERS); + m = m - 'A' + 10; + else { + ASN1error(ASN1_R_NON_HEX_CHARACTERS); goto err; - } - s[num+j]<<=4; - s[num+j]|=m; } + s[num + j] <<= 4; + s[num + j] |= m; } - num+=i; + } + num += i; if (again) - bufsize=BIO_gets(bp,buf,size); + bufsize = BIO_gets(bp, buf, size); else break; - } - bs->length=num; - bs->data=s; - ret=1; -err: - if (0) - { -err_sl: - ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ASN1_R_SHORT_LINE); - } - return(ret); } + bs->length = num; + bs->data = s; + return (1); +err_sl: + ASN1error(ASN1_R_SHORT_LINE); +err: + free(s); + return (ret); +} diff --git a/src/lib/libcrypto/asn1/f_int.c b/src/lib/libcrypto/asn1/f_int.c index 48cc3bfb90d..d03fafe87d3 100644 --- a/src/lib/libcrypto/asn1/f_int.c +++ b/src/lib/libcrypto/asn1/f_int.c @@ -1,25 +1,25 @@ -/* crypto/asn1/f_int.c */ +/* $OpenBSD: f_int.c,v 1.20 2018/05/13 13:48:08 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,164 +57,144 @@ */ #include -#include "cryptlib.h" -#include + #include +#include +#include -int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a) - { - int i,n=0; - static const char *h="0123456789ABCDEF"; +int +i2a_ASN1_INTEGER(BIO *bp, const ASN1_INTEGER *a) +{ + int i, n = 0; + static const char h[] = "0123456789ABCDEF"; char buf[2]; - if (a == NULL) return(0); + if (a == NULL) + return (0); - if (a->type & V_ASN1_NEG) - { - if (BIO_write(bp, "-", 1) != 1) goto err; + if (a->type & V_ASN1_NEG) { + if (BIO_write(bp, "-", 1) != 1) + goto err; n = 1; - } + } - if (a->length == 0) - { - if (BIO_write(bp,"00",2) != 2) goto err; + if (a->length == 0) { + if (BIO_write(bp, "00", 2) != 2) + goto err; n += 2; - } - else - { - for (i=0; ilength; i++) - { - if ((i != 0) && (i%35 == 0)) - { - if (BIO_write(bp,"\\\n",2) != 2) goto err; - n+=2; - } - buf[0]=h[((unsigned char)a->data[i]>>4)&0x0f]; - buf[1]=h[((unsigned char)a->data[i] )&0x0f]; - if (BIO_write(bp,buf,2) != 2) goto err; - n+=2; + } else { + for (i = 0; i < a->length; i++) { + if ((i != 0) && (i % 35 == 0)) { + if (BIO_write(bp, "\\\n", 2) != 2) + goto err; + n += 2; } + buf[0] = h[((unsigned char)a->data[i] >> 4) & 0x0f]; + buf[1] = h[((unsigned char)a->data[i]) & 0x0f]; + if (BIO_write(bp, buf, 2) != 2) + goto err; + n += 2; } - return(n); -err: - return(-1); } + return (n); -int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size) - { - int ret=0; - int i,j,k,m,n,again,bufsize; - unsigned char *s=NULL,*sp; +err: + return (-1); +} + +int +a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size) +{ + int ret = 0; + int i, j,k, m,n, again, bufsize; + unsigned char *s = NULL, *sp; unsigned char *bufp; - int num=0,slen=0,first=1; + int num = 0, slen = 0, first = 1; - bs->type=V_ASN1_INTEGER; + bs->type = V_ASN1_INTEGER; - bufsize=BIO_gets(bp,buf,size); - for (;;) - { - if (bufsize < 1) goto err_sl; - i=bufsize; - if (buf[i-1] == '\n') buf[--i]='\0'; - if (i == 0) goto err_sl; - if (buf[i-1] == '\r') buf[--i]='\0'; - if (i == 0) goto err_sl; - again=(buf[i-1] == '\\'); + bufsize = BIO_gets(bp, buf, size); + for (;;) { + if (bufsize < 1) + goto err_sl; + i = bufsize; + if (buf[i - 1] == '\n') + buf[--i] = '\0'; + if (i == 0) + goto err_sl; + if (buf[i - 1] == '\r') + buf[--i] = '\0'; + if (i == 0) + goto err_sl; + again = (buf[i - 1] == '\\'); - for (j=0; j= '0') && (buf[j] <= '9')) || - ((buf[j] >= 'a') && (buf[j] <= 'f')) || - ((buf[j] >= 'A') && (buf[j] <= 'F')))) -#else - /* This #ifdef is not strictly necessary, since - * the characters A...F a...f 0...9 are contiguous - * (yes, even in EBCDIC - but not the whole alphabet). - * Nevertheless, isxdigit() is faster. - */ - if (!isxdigit(buf[j])) -#endif - { - i=j; + for (j = 0; j < i; j++) { + if (!(((buf[j] >= '0') && (buf[j] <= '9')) || + ((buf[j] >= 'a') && (buf[j] <= 'f')) || + ((buf[j] >= 'A') && (buf[j] <= 'F')))) { + i = j; break; - } } - buf[i]='\0'; + } + buf[i] = '\0'; /* We have now cleared all the crap off the end of the * line */ - if (i < 2) goto err_sl; + if (i < 2) + goto err_sl; - bufp=(unsigned char *)buf; - if (first) - { - first=0; - if ((bufp[0] == '0') && (buf[1] == '0')) - { - bufp+=2; - i-=2; - } + bufp = (unsigned char *)buf; + if (first) { + first = 0; + if ((bufp[0] == '0') && (buf[1] == '0')) { + bufp += 2; + i -= 2; } - k=0; - i-=again; - if (i%2 != 0) - { - ASN1err(ASN1_F_A2I_ASN1_INTEGER,ASN1_R_ODD_NUMBER_OF_CHARS); + } + k = 0; + i -= again; + if (i % 2 != 0) { + ASN1error(ASN1_R_ODD_NUMBER_OF_CHARS); goto err; - } - i/=2; - if (num+i > slen) - { - if (s == NULL) - sp=(unsigned char *)OPENSSL_malloc( - (unsigned int)num+i*2); - else - sp=(unsigned char *)OPENSSL_realloc(s, - (unsigned int)num+i*2); - if (sp == NULL) - { - ASN1err(ASN1_F_A2I_ASN1_INTEGER,ERR_R_MALLOC_FAILURE); - if (s != NULL) OPENSSL_free(s); + } + i /= 2; + if (num + i > slen) { + if ((sp = recallocarray(s, slen, num + i, 1)) == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); goto err; - } - s=sp; - slen=num+i*2; } - for (j=0; j= '0') && (m <= '9')) - m-='0'; + m -= '0'; else if ((m >= 'a') && (m <= 'f')) - m=m-'a'+10; + m = m - 'a' + 10; else if ((m >= 'A') && (m <= 'F')) - m=m-'A'+10; - else - { - ASN1err(ASN1_F_A2I_ASN1_INTEGER,ASN1_R_NON_HEX_CHARACTERS); + m = m - 'A' + 10; + else { + ASN1error(ASN1_R_NON_HEX_CHARACTERS); goto err; - } - s[num+j]<<=4; - s[num+j]|=m; } + s[num + j] <<= 4; + s[num + j] |= m; } - num+=i; + } + num += i; if (again) - bufsize=BIO_gets(bp,buf,size); + bufsize = BIO_gets(bp, buf, size); else break; - } - bs->length=num; - bs->data=s; - ret=1; -err: - if (0) - { -err_sl: - ASN1err(ASN1_F_A2I_ASN1_INTEGER,ASN1_R_SHORT_LINE); - } - return(ret); } + bs->length = num; + bs->data = s; + return (1); +err_sl: + ASN1error(ASN1_R_SHORT_LINE); +err: + free(s); + return (ret); +} diff --git a/src/lib/libcrypto/asn1/f_string.c b/src/lib/libcrypto/asn1/f_string.c index 968698a7988..af17f43e1d1 100644 --- a/src/lib/libcrypto/asn1/f_string.c +++ b/src/lib/libcrypto/asn1/f_string.c @@ -1,25 +1,25 @@ -/* crypto/asn1/f_string.c */ +/* $OpenBSD: f_string.c,v 1.18 2018/04/25 11:48:21 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,156 +57,138 @@ */ #include -#include "cryptlib.h" -#include + #include +#include +#include -int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type) - { - int i,n=0; - static const char *h="0123456789ABCDEF"; +int +i2a_ASN1_STRING(BIO *bp, const ASN1_STRING *a, int type) +{ + int i, n = 0; + static const char h[] = "0123456789ABCDEF"; char buf[2]; - if (a == NULL) return(0); + if (a == NULL) + return (0); - if (a->length == 0) - { - if (BIO_write(bp,"0",1) != 1) goto err; - n=1; - } - else - { - for (i=0; ilength; i++) - { - if ((i != 0) && (i%35 == 0)) - { - if (BIO_write(bp,"\\\n",2) != 2) goto err; - n+=2; - } - buf[0]=h[((unsigned char)a->data[i]>>4)&0x0f]; - buf[1]=h[((unsigned char)a->data[i] )&0x0f]; - if (BIO_write(bp,buf,2) != 2) goto err; - n+=2; + if (a->length == 0) { + if (BIO_write(bp, "0", 1) != 1) + goto err; + n = 1; + } else { + for (i = 0; i < a->length; i++) { + if ((i != 0) && (i % 35 == 0)) { + if (BIO_write(bp, "\\\n", 2) != 2) + goto err; + n += 2; } + buf[0] = h[((unsigned char)a->data[i] >> 4) & 0x0f]; + buf[1] = h[((unsigned char)a->data[i]) & 0x0f]; + if (BIO_write(bp, buf, 2) != 2) + goto err; + n += 2; } - return(n); -err: - return(-1); } + return (n); + +err: + return (-1); +} -int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size) - { - int ret=0; - int i,j,k,m,n,again,bufsize; - unsigned char *s=NULL,*sp; +int +a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size) +{ + int ret = 0; + int i, j, k, m, n, again, bufsize; + unsigned char *s = NULL, *sp; unsigned char *bufp; - int num=0,slen=0,first=1; + int first = 1; + size_t num = 0, slen = 0; - bufsize=BIO_gets(bp,buf,size); - for (;;) - { - if (bufsize < 1) - { + bufsize = BIO_gets(bp, buf, size); + for (;;) { + if (bufsize < 1) { if (first) break; else goto err_sl; - } - first=0; + } + first = 0; - i=bufsize; - if (buf[i-1] == '\n') buf[--i]='\0'; - if (i == 0) goto err_sl; - if (buf[i-1] == '\r') buf[--i]='\0'; - if (i == 0) goto err_sl; - again=(buf[i-1] == '\\'); + i = bufsize; + if (buf[i-1] == '\n') + buf[--i] = '\0'; + if (i == 0) + goto err_sl; + if (buf[i-1] == '\r') + buf[--i] = '\0'; + if (i == 0) + goto err_sl; + again = (buf[i - 1] == '\\'); - for (j=i-1; j>0; j--) - { -#ifndef CHARSET_EBCDIC - if (!( ((buf[j] >= '0') && (buf[j] <= '9')) || - ((buf[j] >= 'a') && (buf[j] <= 'f')) || - ((buf[j] >= 'A') && (buf[j] <= 'F')))) -#else - /* This #ifdef is not strictly necessary, since - * the characters A...F a...f 0...9 are contiguous - * (yes, even in EBCDIC - but not the whole alphabet). - * Nevertheless, isxdigit() is faster. - */ - if (!isxdigit(buf[j])) -#endif - { - i=j; + for (j = i - 1; j > 0; j--) { + if (!(((buf[j] >= '0') && (buf[j] <= '9')) || + ((buf[j] >= 'a') && (buf[j] <= 'f')) || + ((buf[j] >= 'A') && (buf[j] <= 'F')))) { + i = j; break; - } } - buf[i]='\0'; + } + buf[i] = '\0'; /* We have now cleared all the crap off the end of the * line */ - if (i < 2) goto err_sl; + if (i < 2) + goto err_sl; - bufp=(unsigned char *)buf; + bufp = (unsigned char *)buf; - k=0; - i-=again; - if (i%2 != 0) - { - ASN1err(ASN1_F_A2I_ASN1_STRING,ASN1_R_ODD_NUMBER_OF_CHARS); + k = 0; + i -= again; + if (i % 2 != 0) { + ASN1error(ASN1_R_ODD_NUMBER_OF_CHARS); goto err; - } - i/=2; - if (num+i > slen) - { - if (s == NULL) - sp=(unsigned char *)OPENSSL_malloc( - (unsigned int)num+i*2); - else - sp=(unsigned char *)OPENSSL_realloc(s, - (unsigned int)num+i*2); - if (sp == NULL) - { - ASN1err(ASN1_F_A2I_ASN1_STRING,ERR_R_MALLOC_FAILURE); - if (s != NULL) OPENSSL_free(s); + } + i /= 2; + if (num + i > slen) { + sp = realloc(s, num + i); + if (sp == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); goto err; - } - s=sp; - slen=num+i*2; } - for (j=0; j= '0') && (m <= '9')) - m-='0'; + m -= '0'; else if ((m >= 'a') && (m <= 'f')) - m=m-'a'+10; + m = m - 'a' + 10; else if ((m >= 'A') && (m <= 'F')) - m=m-'A'+10; - else - { - ASN1err(ASN1_F_A2I_ASN1_STRING,ASN1_R_NON_HEX_CHARACTERS); + m = m - 'A' + 10; + else { + ASN1error(ASN1_R_NON_HEX_CHARACTERS); goto err; - } - s[num+j]<<=4; - s[num+j]|=m; } + s[num + j] <<= 4; + s[num + j] |= m; } - num+=i; + } + num += i; if (again) - bufsize=BIO_gets(bp,buf,size); + bufsize = BIO_gets(bp, buf, size); else break; - } - bs->length=num; - bs->data=s; - ret=1; -err: - if (0) - { -err_sl: - ASN1err(ASN1_F_A2I_ASN1_STRING,ASN1_R_SHORT_LINE); - } - return(ret); } + bs->length = num; + bs->data = s; + return (1); +err_sl: + ASN1error(ASN1_R_SHORT_LINE); +err: + free(s); + return (ret); +} diff --git a/src/lib/libcrypto/asn1/i2d_pr.c b/src/lib/libcrypto/asn1/i2d_pr.c index 1e951ae01d3..0b545aeb499 100644 --- a/src/lib/libcrypto/asn1/i2d_pr.c +++ b/src/lib/libcrypto/asn1/i2d_pr.c @@ -1,25 +1,25 @@ -/* crypto/asn1/i2d_pr.c */ +/* $OpenBSD: i2d_pr.c,v 1.11 2017/01/29 17:49:22 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,34 +57,25 @@ */ #include -#include "cryptlib.h" -#include + +#include #include -#include -#ifndef OPENSSL_NO_RSA -#include -#endif -#ifndef OPENSSL_NO_DSA -#include -#endif +#include -int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp) - { -#ifndef OPENSSL_NO_RSA - if (a->type == EVP_PKEY_RSA) - { - return(i2d_RSAPrivateKey(a->pkey.rsa,pp)); - } - else -#endif -#ifndef OPENSSL_NO_DSA - if (a->type == EVP_PKEY_DSA) - { - return(i2d_DSAPrivateKey(a->pkey.dsa,pp)); - } -#endif +#include "asn1_locl.h" - ASN1err(ASN1_F_I2D_PRIVATEKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); - return(-1); +int +i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp) +{ + if (a->ameth && a->ameth->old_priv_encode) { + return a->ameth->old_priv_encode(a, pp); } - + if (a->ameth && a->ameth->priv_encode) { + PKCS8_PRIV_KEY_INFO *p8 = EVP_PKEY2PKCS8(a); + int ret = i2d_PKCS8_PRIV_KEY_INFO(p8, pp); + PKCS8_PRIV_KEY_INFO_free(p8); + return ret; + } + ASN1error(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); + return (-1); +} diff --git a/src/lib/libcrypto/asn1/i2d_pu.c b/src/lib/libcrypto/asn1/i2d_pu.c index 013d19bbf41..9baa84967be 100644 --- a/src/lib/libcrypto/asn1/i2d_pu.c +++ b/src/lib/libcrypto/asn1/i2d_pu.c @@ -1,25 +1,25 @@ -/* crypto/asn1/i2d_pu.c */ +/* $OpenBSD: i2d_pu.c,v 1.11 2017/01/29 17:49:22 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,32 +57,42 @@ */ #include -#include "cryptlib.h" + +#include + #include +#include #include #include -#ifndef OPENSSL_NO_RSA -#include -#endif + #ifndef OPENSSL_NO_DSA #include #endif +#ifndef OPENSSL_NO_EC +#include +#endif +#ifndef OPENSSL_NO_RSA +#include +#endif -int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp) - { - switch (a->type) - { +int +i2d_PublicKey(EVP_PKEY *a, unsigned char **pp) +{ + switch (a->type) { #ifndef OPENSSL_NO_RSA case EVP_PKEY_RSA: - return(i2d_RSAPublicKey(a->pkey.rsa,pp)); + return (i2d_RSAPublicKey(a->pkey.rsa, pp)); #endif #ifndef OPENSSL_NO_DSA case EVP_PKEY_DSA: - return(i2d_DSAPublicKey(a->pkey.dsa,pp)); + return (i2d_DSAPublicKey(a->pkey.dsa, pp)); +#endif +#ifndef OPENSSL_NO_EC + case EVP_PKEY_EC: + return (i2o_ECPublicKey(a->pkey.ec, pp)); #endif default: - ASN1err(ASN1_F_I2D_PUBLICKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); - return(-1); - } + ASN1error(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); + return (-1); } - +} diff --git a/src/lib/libcrypto/asn1/n_pkey.c b/src/lib/libcrypto/asn1/n_pkey.c index 49f80fffd24..6c7031677df 100644 --- a/src/lib/libcrypto/asn1/n_pkey.c +++ b/src/lib/libcrypto/asn1/n_pkey.c @@ -1,25 +1,25 @@ -/* crypto/asn1/n_pkey.c */ +/* $OpenBSD: n_pkey.c,v 1.32 2018/08/05 13:35:45 bcook Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,281 +49,384 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_RSA #include -#include "cryptlib.h" -#include -#include +#include + +#include + +#ifndef OPENSSL_NO_RSA #include -#include +#include #include +#include +#include #include - #ifndef OPENSSL_NO_RC4 -typedef struct netscape_pkey_st - { +typedef struct netscape_pkey_st { long version; X509_ALGOR *algor; ASN1_OCTET_STRING *private_key; - } NETSCAPE_PKEY; +} NETSCAPE_PKEY; -typedef struct netscape_encrypted_pkey_st - { +typedef struct netscape_encrypted_pkey_st { ASN1_OCTET_STRING *os; /* This is the same structure as DigestInfo so use it: * although this isn't really anything to do with * digests. */ X509_SIG *enckey; - } NETSCAPE_ENCRYPTED_PKEY; +} NETSCAPE_ENCRYPTED_PKEY; + + +static const ASN1_AUX NETSCAPE_ENCRYPTED_PKEY_aux = { + .flags = ASN1_AFLG_BROKEN, +}; +static const ASN1_TEMPLATE NETSCAPE_ENCRYPTED_PKEY_seq_tt[] = { + { + .offset = offsetof(NETSCAPE_ENCRYPTED_PKEY, os), + .field_name = "os", + .item = &ASN1_OCTET_STRING_it, + }, + { + .offset = offsetof(NETSCAPE_ENCRYPTED_PKEY, enckey), + .field_name = "enckey", + .item = &X509_SIG_it, + }, +}; + +const ASN1_ITEM NETSCAPE_ENCRYPTED_PKEY_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = NETSCAPE_ENCRYPTED_PKEY_seq_tt, + .tcount = sizeof(NETSCAPE_ENCRYPTED_PKEY_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = &NETSCAPE_ENCRYPTED_PKEY_aux, + .size = sizeof(NETSCAPE_ENCRYPTED_PKEY), + .sname = "NETSCAPE_ENCRYPTED_PKEY", +}; + +NETSCAPE_ENCRYPTED_PKEY *NETSCAPE_ENCRYPTED_PKEY_new(void); +void NETSCAPE_ENCRYPTED_PKEY_free(NETSCAPE_ENCRYPTED_PKEY *a); +NETSCAPE_ENCRYPTED_PKEY *d2i_NETSCAPE_ENCRYPTED_PKEY(NETSCAPE_ENCRYPTED_PKEY **a, const unsigned char **in, long len); +int i2d_NETSCAPE_ENCRYPTED_PKEY(const NETSCAPE_ENCRYPTED_PKEY *a, unsigned char **out); + +NETSCAPE_ENCRYPTED_PKEY * +d2i_NETSCAPE_ENCRYPTED_PKEY(NETSCAPE_ENCRYPTED_PKEY **a, const unsigned char **in, long len) +{ + return (NETSCAPE_ENCRYPTED_PKEY *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &NETSCAPE_ENCRYPTED_PKEY_it); +} + +int +i2d_NETSCAPE_ENCRYPTED_PKEY(const NETSCAPE_ENCRYPTED_PKEY *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &NETSCAPE_ENCRYPTED_PKEY_it); +} + +NETSCAPE_ENCRYPTED_PKEY * +NETSCAPE_ENCRYPTED_PKEY_new(void) +{ + return (NETSCAPE_ENCRYPTED_PKEY *)ASN1_item_new(&NETSCAPE_ENCRYPTED_PKEY_it); +} +void +NETSCAPE_ENCRYPTED_PKEY_free(NETSCAPE_ENCRYPTED_PKEY *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &NETSCAPE_ENCRYPTED_PKEY_it); +} -ASN1_BROKEN_SEQUENCE(NETSCAPE_ENCRYPTED_PKEY) = { - ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, os, ASN1_OCTET_STRING), - ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, enckey, X509_SIG) -} ASN1_BROKEN_SEQUENCE_END(NETSCAPE_ENCRYPTED_PKEY) +static const ASN1_TEMPLATE NETSCAPE_PKEY_seq_tt[] = { + { + .offset = offsetof(NETSCAPE_PKEY, version), + .field_name = "version", + .item = &LONG_it, + }, + { + .offset = offsetof(NETSCAPE_PKEY, algor), + .field_name = "algor", + .item = &X509_ALGOR_it, + }, + { + .offset = offsetof(NETSCAPE_PKEY, private_key), + .field_name = "private_key", + .item = &ASN1_OCTET_STRING_it, + }, +}; + +const ASN1_ITEM NETSCAPE_PKEY_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = NETSCAPE_PKEY_seq_tt, + .tcount = sizeof(NETSCAPE_PKEY_seq_tt) / sizeof(ASN1_TEMPLATE), + .size = sizeof(NETSCAPE_PKEY), + .sname = "NETSCAPE_PKEY", +}; + +NETSCAPE_PKEY *NETSCAPE_PKEY_new(void); +void NETSCAPE_PKEY_free(NETSCAPE_PKEY *a); +NETSCAPE_PKEY *d2i_NETSCAPE_PKEY(NETSCAPE_PKEY **a, const unsigned char **in, long len); +int i2d_NETSCAPE_PKEY(const NETSCAPE_PKEY *a, unsigned char **out); + +NETSCAPE_PKEY * +d2i_NETSCAPE_PKEY(NETSCAPE_PKEY **a, const unsigned char **in, long len) +{ + return (NETSCAPE_PKEY *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &NETSCAPE_PKEY_it); +} -IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY) +int +i2d_NETSCAPE_PKEY(const NETSCAPE_PKEY *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &NETSCAPE_PKEY_it); +} -ASN1_SEQUENCE(NETSCAPE_PKEY) = { - ASN1_SIMPLE(NETSCAPE_PKEY, version, LONG), - ASN1_SIMPLE(NETSCAPE_PKEY, algor, X509_ALGOR), - ASN1_SIMPLE(NETSCAPE_PKEY, private_key, ASN1_OCTET_STRING) -} ASN1_SEQUENCE_END(NETSCAPE_PKEY) +NETSCAPE_PKEY * +NETSCAPE_PKEY_new(void) +{ + return (NETSCAPE_PKEY *)ASN1_item_new(&NETSCAPE_PKEY_it); +} -IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY) +void +NETSCAPE_PKEY_free(NETSCAPE_PKEY *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &NETSCAPE_PKEY_it); +} static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os, - int (*cb)(), int sgckey); + int (*cb)(char *buf, int len, const char *prompt, int verify), int sgckey); -int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, int (*cb)()) +int +i2d_Netscape_RSA(const RSA *a, unsigned char **pp, + int (*cb)(char *buf, int len, const char *prompt, int verify)) { return i2d_RSA_NET(a, pp, cb, 0); } -int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey) - { +int +i2d_RSA_NET(const RSA *a, unsigned char **pp, + int (*cb)(char *buf, int len, const char *prompt, int verify), int sgckey) +{ int i, j, ret = 0; int rsalen, pkeylen, olen; NETSCAPE_PKEY *pkey = NULL; NETSCAPE_ENCRYPTED_PKEY *enckey = NULL; - unsigned char buf[256],*zz; + unsigned char buf[256], *zz; unsigned char key[EVP_MAX_KEY_LENGTH]; EVP_CIPHER_CTX ctx; + EVP_CIPHER_CTX_init(&ctx); - if (a == NULL) return(0); + if (a == NULL) + return (0); - if ((pkey=NETSCAPE_PKEY_new()) == NULL) goto err; - if ((enckey=NETSCAPE_ENCRYPTED_PKEY_new()) == NULL) goto err; + if ((pkey = NETSCAPE_PKEY_new()) == NULL) + goto err; + if ((enckey = NETSCAPE_ENCRYPTED_PKEY_new()) == NULL) + goto err; pkey->version = 0; - pkey->algor->algorithm=OBJ_nid2obj(NID_rsaEncryption); - if ((pkey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err; - pkey->algor->parameter->type=V_ASN1_NULL; + pkey->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption); + if ((pkey->algor->parameter = ASN1_TYPE_new()) == NULL) + goto err; + pkey->algor->parameter->type = V_ASN1_NULL; rsalen = i2d_RSAPrivateKey(a, NULL); /* Fake some octet strings just for the initial length * calculation. */ - - pkey->private_key->length=rsalen; - - pkeylen=i2d_NETSCAPE_PKEY(pkey,NULL); - + pkey->private_key->length = rsalen; + pkeylen = i2d_NETSCAPE_PKEY(pkey, NULL); enckey->enckey->digest->length = pkeylen; - enckey->os->length = 11; /* "private-key" */ + enckey->enckey->algor->algorithm = OBJ_nid2obj(NID_rc4); + if ((enckey->enckey->algor->parameter = ASN1_TYPE_new()) == NULL) + goto err; + enckey->enckey->algor->parameter->type = V_ASN1_NULL; - enckey->enckey->algor->algorithm=OBJ_nid2obj(NID_rc4); - if ((enckey->enckey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err; - enckey->enckey->algor->parameter->type=V_ASN1_NULL; - - if (pp == NULL) - { + if (pp == NULL) { olen = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, NULL); NETSCAPE_PKEY_free(pkey); NETSCAPE_ENCRYPTED_PKEY_free(enckey); return olen; - } - + } /* Since its RC4 encrypted length is actual length */ - if ((zz=(unsigned char *)OPENSSL_malloc(rsalen)) == NULL) - { - ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE); + if ((zz = malloc(rsalen)) == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); goto err; - } + } pkey->private_key->data = zz; /* Write out private key encoding */ - i2d_RSAPrivateKey(a,&zz); + i2d_RSAPrivateKey(a, &zz); - if ((zz=OPENSSL_malloc(pkeylen)) == NULL) - { - ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE); + if ((zz = malloc(pkeylen)) == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); goto err; - } + } - if (!ASN1_STRING_set(enckey->os, "private-key", -1)) - { - ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE); - goto err; - } enckey->enckey->digest->data = zz; - i2d_NETSCAPE_PKEY(pkey,&zz); + if (!ASN1_STRING_set(enckey->os, "private-key", -1)) { + ASN1error(ERR_R_MALLOC_FAILURE); + goto err; + } + i2d_NETSCAPE_PKEY(pkey, &zz); /* Wipe the private key encoding */ - memset(pkey->private_key->data, 0, rsalen); - + explicit_bzero(pkey->private_key->data, rsalen); + if (cb == NULL) - cb=EVP_read_pw_string; - i=cb(buf,256,"Enter Private Key password:",1); - if (i != 0) - { - ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ASN1_R_BAD_PASSWORD_READ); + cb = EVP_read_pw_string; + i = cb((char *)buf, sizeof(buf), "Enter Private Key password:", 1); + if (i != 0) { + ASN1error(ASN1_R_BAD_PASSWORD_READ); goto err; - } + } i = strlen((char *)buf); /* If the key is used for SGC the algorithm is modified a little. */ - if(sgckey) { - EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL); + if (sgckey) { + if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL)) + goto err; memcpy(buf + 16, "SGCKEYSALT", 10); i = 26; } - EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL); - memset(buf,0,256); + if (!EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i,1, key, NULL)) + goto err; + explicit_bzero(buf, sizeof(buf)); /* Encrypt private key in place */ zz = enckey->enckey->digest->data; - EVP_CIPHER_CTX_init(&ctx); - EVP_EncryptInit_ex(&ctx,EVP_rc4(),NULL,key,NULL); - EVP_EncryptUpdate(&ctx,zz,&i,zz,pkeylen); - EVP_EncryptFinal_ex(&ctx,zz + i,&j); - EVP_CIPHER_CTX_cleanup(&ctx); + if (!EVP_EncryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL)) + goto err; + if (!EVP_EncryptUpdate(&ctx, zz, &i, zz, pkeylen)) + goto err; + if (!EVP_EncryptFinal_ex(&ctx, zz + i, &j)) + goto err; ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp); err: + EVP_CIPHER_CTX_cleanup(&ctx); NETSCAPE_ENCRYPTED_PKEY_free(enckey); NETSCAPE_PKEY_free(pkey); - return(ret); - } + return (ret); +} -RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int (*cb)()) +RSA * +d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, + int (*cb)(char *buf, int len, const char *prompt, int verify)) { return d2i_RSA_NET(a, pp, length, cb, 0); } -RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, int (*cb)(), int sgckey) - { - RSA *ret=NULL; - const unsigned char *p, *kp; +RSA * +d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, + int (*cb)(char *buf, int len, const char *prompt, int verify), int sgckey) +{ + RSA *ret = NULL; + const unsigned char *p; NETSCAPE_ENCRYPTED_PKEY *enckey = NULL; p = *pp; enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length); - if(!enckey) { - ASN1err(ASN1_F_D2I_NETSCAPE_RSA,ASN1_R_DECODING_ERROR); + if (!enckey) { + ASN1error(ASN1_R_DECODING_ERROR); return NULL; } - if ((enckey->os->length != 11) || (strncmp("private-key", - (char *)enckey->os->data,11) != 0)) - { - ASN1err(ASN1_F_D2I_NETSCAPE_RSA,ASN1_R_PRIVATE_KEY_HEADER_MISSING); - NETSCAPE_ENCRYPTED_PKEY_free(enckey); - return NULL; - } - if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4) - { - ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM); + /* XXX 11 == strlen("private-key") */ + if (enckey->os->length != 11 || + memcmp("private-key", enckey->os->data, 11) != 0) { + ASN1error(ASN1_R_PRIVATE_KEY_HEADER_MISSING); + goto err; + } + if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4) { + ASN1error(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM); goto err; } - kp = enckey->enckey->digest->data; if (cb == NULL) - cb=EVP_read_pw_string; - if ((ret=d2i_RSA_NET_2(a, enckey->enckey->digest,cb, sgckey)) == NULL) goto err; + cb = EVP_read_pw_string; + if ((ret = d2i_RSA_NET_2(a, enckey->enckey->digest, cb, + sgckey)) == NULL) + goto err; *pp = p; - err: +err: NETSCAPE_ENCRYPTED_PKEY_free(enckey); return ret; - } +} -static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os, - int (*cb)(), int sgckey) - { - NETSCAPE_PKEY *pkey=NULL; - RSA *ret=NULL; - int i,j; +static RSA * +d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os, + int (*cb)(char *buf, int len, const char *prompt, int verify), int sgckey) +{ + NETSCAPE_PKEY *pkey = NULL; + RSA *ret = NULL; + int i, j; unsigned char buf[256]; const unsigned char *zz; unsigned char key[EVP_MAX_KEY_LENGTH]; EVP_CIPHER_CTX ctx; + EVP_CIPHER_CTX_init(&ctx); - i=cb(buf,256,"Enter Private Key password:",0); - if (i != 0) - { - ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_BAD_PASSWORD_READ); + i=cb((char *)buf, sizeof(buf), "Enter Private Key password:",0); + if (i != 0) { + ASN1error(ASN1_R_BAD_PASSWORD_READ); goto err; - } + } i = strlen((char *)buf); - if(sgckey){ - EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL); + if (sgckey){ + if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL)) + goto err; memcpy(buf + 16, "SGCKEYSALT", 10); i = 26; } - - EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL); - memset(buf,0,256); - EVP_CIPHER_CTX_init(&ctx); - EVP_DecryptInit_ex(&ctx,EVP_rc4(),NULL, key,NULL); - EVP_DecryptUpdate(&ctx,os->data,&i,os->data,os->length); - EVP_DecryptFinal_ex(&ctx,&(os->data[i]),&j); - EVP_CIPHER_CTX_cleanup(&ctx); - os->length=i+j; + if (!EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i,1, key, NULL)) + goto err; + explicit_bzero(buf, sizeof(buf)); - zz=os->data; + if (!EVP_DecryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL)) + goto err; + if (!EVP_DecryptUpdate(&ctx, os->data, &i, os->data, os->length)) + goto err; + if (!EVP_DecryptFinal_ex(&ctx, &(os->data[i]), &j)) + goto err; + os->length = i + j; + + zz = os->data; - if ((pkey=d2i_NETSCAPE_PKEY(NULL,&zz,os->length)) == NULL) - { - ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY); + if ((pkey = d2i_NETSCAPE_PKEY(NULL, &zz, os->length)) == NULL) { + ASN1error(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY); goto err; - } - - zz=pkey->private_key->data; - if ((ret=d2i_RSAPrivateKey(a,&zz,pkey->private_key->length)) == NULL) - { - ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNABLE_TO_DECODE_RSA_KEY); + } + + zz = pkey->private_key->data; + if ((ret = d2i_RSAPrivateKey(a, &zz, + pkey->private_key->length)) == NULL) { + ASN1error(ASN1_R_UNABLE_TO_DECODE_RSA_KEY); goto err; - } + } + err: + EVP_CIPHER_CTX_cleanup(&ctx); NETSCAPE_PKEY_free(pkey); - return(ret); - } + return (ret); +} #endif /* OPENSSL_NO_RC4 */ -#else /* !OPENSSL_NO_RSA */ - -# if PEDANTIC -static void *dummy=&dummy; -# endif - #endif diff --git a/src/lib/libcrypto/asn1/nsseq.c b/src/lib/libcrypto/asn1/nsseq.c index 50e2d4d07a1..8b39278692d 100644 --- a/src/lib/libcrypto/asn1/nsseq.c +++ b/src/lib/libcrypto/asn1/nsseq.c @@ -1,16 +1,16 @@ -/* nsseq.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: nsseq.c,v 1.10 2015/02/11 04:00:39 jsing Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -62,9 +62,10 @@ #include #include -static int nsseq_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) +static int +nsseq_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) { - if(operation == ASN1_OP_NEW_POST) { + if (operation == ASN1_OP_NEW_POST) { NETSCAPE_CERT_SEQUENCE *nsseq; nsseq = (NETSCAPE_CERT_SEQUENCE *)*pval; nsseq->type = OBJ_nid2obj(NID_netscape_cert_sequence); @@ -74,9 +75,55 @@ static int nsseq_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) /* Netscape certificate sequence structure */ -ASN1_SEQUENCE_cb(NETSCAPE_CERT_SEQUENCE, nsseq_cb) = { - ASN1_SIMPLE(NETSCAPE_CERT_SEQUENCE, type, ASN1_OBJECT), - ASN1_EXP_SEQUENCE_OF_OPT(NETSCAPE_CERT_SEQUENCE, certs, X509, 0) -} ASN1_SEQUENCE_END_cb(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE) +static const ASN1_AUX NETSCAPE_CERT_SEQUENCE_aux = { + .asn1_cb = nsseq_cb, +}; +static const ASN1_TEMPLATE NETSCAPE_CERT_SEQUENCE_seq_tt[] = { + { + .offset = offsetof(NETSCAPE_CERT_SEQUENCE, type), + .field_name = "type", + .item = &ASN1_OBJECT_it, + }, + { + .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL, + .offset = offsetof(NETSCAPE_CERT_SEQUENCE, certs), + .field_name = "certs", + .item = &X509_it, + }, +}; -IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE) +const ASN1_ITEM NETSCAPE_CERT_SEQUENCE_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = NETSCAPE_CERT_SEQUENCE_seq_tt, + .tcount = sizeof(NETSCAPE_CERT_SEQUENCE_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = &NETSCAPE_CERT_SEQUENCE_aux, + .size = sizeof(NETSCAPE_CERT_SEQUENCE), + .sname = "NETSCAPE_CERT_SEQUENCE", +}; + + +NETSCAPE_CERT_SEQUENCE * +d2i_NETSCAPE_CERT_SEQUENCE(NETSCAPE_CERT_SEQUENCE **a, const unsigned char **in, long len) +{ + return (NETSCAPE_CERT_SEQUENCE *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &NETSCAPE_CERT_SEQUENCE_it); +} + +int +i2d_NETSCAPE_CERT_SEQUENCE(NETSCAPE_CERT_SEQUENCE *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &NETSCAPE_CERT_SEQUENCE_it); +} + +NETSCAPE_CERT_SEQUENCE * +NETSCAPE_CERT_SEQUENCE_new(void) +{ + return (NETSCAPE_CERT_SEQUENCE *)ASN1_item_new(&NETSCAPE_CERT_SEQUENCE_it); +} + +void +NETSCAPE_CERT_SEQUENCE_free(NETSCAPE_CERT_SEQUENCE *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &NETSCAPE_CERT_SEQUENCE_it); +} diff --git a/src/lib/libcrypto/asn1/p5_pbe.c b/src/lib/libcrypto/asn1/p5_pbe.c index 891150638e9..8fd416a3e52 100644 --- a/src/lib/libcrypto/asn1/p5_pbe.c +++ b/src/lib/libcrypto/asn1/p5_pbe.c @@ -1,5 +1,5 @@ -/* p5_pbe.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: p5_pbe.c,v 1.22 2017/01/29 17:49:22 beck Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,66 +57,130 @@ */ #include -#include "cryptlib.h" +#include +#include + #include +#include #include -#include /* PKCS#5 password based encryption structure */ -ASN1_SEQUENCE(PBEPARAM) = { - ASN1_SIMPLE(PBEPARAM, salt, ASN1_OCTET_STRING), - ASN1_SIMPLE(PBEPARAM, iter, ASN1_INTEGER) -} ASN1_SEQUENCE_END(PBEPARAM) +static const ASN1_TEMPLATE PBEPARAM_seq_tt[] = { + { + .offset = offsetof(PBEPARAM, salt), + .field_name = "salt", + .item = &ASN1_OCTET_STRING_it, + }, + { + .offset = offsetof(PBEPARAM, iter), + .field_name = "iter", + .item = &ASN1_INTEGER_it, + }, +}; -IMPLEMENT_ASN1_FUNCTIONS(PBEPARAM) +const ASN1_ITEM PBEPARAM_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = PBEPARAM_seq_tt, + .tcount = sizeof(PBEPARAM_seq_tt) / sizeof(ASN1_TEMPLATE), + .size = sizeof(PBEPARAM), + .sname = "PBEPARAM", +}; -/* Return an algorithm identifier for a PKCS#5 PBE algorithm */ -X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt, - int saltlen) +PBEPARAM * +d2i_PBEPARAM(PBEPARAM **a, const unsigned char **in, long len) { - PBEPARAM *pbe; - ASN1_OBJECT *al; - X509_ALGOR *algor; - ASN1_TYPE *astype; + return (PBEPARAM *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &PBEPARAM_it); +} - if (!(pbe = PBEPARAM_new ())) { - ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE); - return NULL; +int +i2d_PBEPARAM(PBEPARAM *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &PBEPARAM_it); +} + +PBEPARAM * +PBEPARAM_new(void) +{ + return (PBEPARAM *)ASN1_item_new(&PBEPARAM_it); +} + +void +PBEPARAM_free(PBEPARAM *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &PBEPARAM_it); +} + + +/* Set an algorithm identifier for a PKCS#5 PBE algorithm */ + +int +PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, + const unsigned char *salt, int saltlen) +{ + PBEPARAM *pbe = NULL; + ASN1_STRING *pbe_str = NULL; + unsigned char *sstr; + + pbe = PBEPARAM_new(); + if (!pbe) { + ASN1error(ERR_R_MALLOC_FAILURE); + goto err; } - if(iter <= 0) iter = PKCS5_DEFAULT_ITER; - ASN1_INTEGER_set (pbe->iter, iter); - if (!saltlen) saltlen = PKCS5_SALT_LEN; - if (!(pbe->salt->data = OPENSSL_malloc (saltlen))) { - ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE); - return NULL; + if (iter <= 0) + iter = PKCS5_DEFAULT_ITER; + if (!ASN1_INTEGER_set(pbe->iter, iter)) { + ASN1error(ERR_R_MALLOC_FAILURE); + goto err; } - pbe->salt->length = saltlen; - if (salt) memcpy (pbe->salt->data, salt, saltlen); - else if (RAND_pseudo_bytes (pbe->salt->data, saltlen) < 0) - return NULL; - - if (!(astype = ASN1_TYPE_new())) { - ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE); - return NULL; + if (!saltlen) + saltlen = PKCS5_SALT_LEN; + if (!ASN1_STRING_set(pbe->salt, NULL, saltlen)) { + ASN1error(ERR_R_MALLOC_FAILURE); + goto err; } + sstr = ASN1_STRING_data(pbe->salt); + if (salt) + memcpy(sstr, salt, saltlen); + else + arc4random_buf(sstr, saltlen); - astype->type = V_ASN1_SEQUENCE; - if(!ASN1_pack_string(pbe, i2d_PBEPARAM, &astype->value.sequence)) { - ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE); - return NULL; + if (!ASN1_item_pack(pbe, &PBEPARAM_it, &pbe_str)) { + ASN1error(ERR_R_MALLOC_FAILURE); + goto err; } - PBEPARAM_free (pbe); - - al = OBJ_nid2obj(alg); /* never need to free al */ - if (!(algor = X509_ALGOR_new())) { - ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE); + + PBEPARAM_free(pbe); + pbe = NULL; + + if (X509_ALGOR_set0(algor, OBJ_nid2obj(alg), V_ASN1_SEQUENCE, pbe_str)) + return 1; + +err: + if (pbe != NULL) + PBEPARAM_free(pbe); + ASN1_STRING_free(pbe_str); + return 0; +} + +/* Return an algorithm identifier for a PKCS#5 PBE algorithm */ + +X509_ALGOR * +PKCS5_pbe_set(int alg, int iter, const unsigned char *salt, int saltlen) +{ + X509_ALGOR *ret; + ret = X509_ALGOR_new(); + if (!ret) { + ASN1error(ERR_R_MALLOC_FAILURE); return NULL; } - ASN1_OBJECT_free(algor->algorithm); - algor->algorithm = al; - algor->parameter = astype; - return (algor); + if (PKCS5_pbe_set0_algor(ret, alg, iter, salt, saltlen)) + return ret; + + X509_ALGOR_free(ret); + return NULL; } diff --git a/src/lib/libcrypto/asn1/p5_pbev2.c b/src/lib/libcrypto/asn1/p5_pbev2.c index 91e1c8987d3..0105c59549d 100644 --- a/src/lib/libcrypto/asn1/p5_pbev2.c +++ b/src/lib/libcrypto/asn1/p5_pbev2.c @@ -1,6 +1,6 @@ -/* p5_pbev2.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 1999. +/* $OpenBSD: p5_pbev2.c,v 1.25 2017/01/29 17:49:22 beck Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 1999-2004. */ /* ==================================================================== * Copyright (c) 1999 The OpenSSL Project. All rights reserved. @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,129 +57,214 @@ */ #include -#include "cryptlib.h" +#include +#include + #include +#include #include -#include /* PKCS#5 v2.0 password based encryption structures */ -ASN1_SEQUENCE(PBE2PARAM) = { - ASN1_SIMPLE(PBE2PARAM, keyfunc, X509_ALGOR), - ASN1_SIMPLE(PBE2PARAM, encryption, X509_ALGOR) -} ASN1_SEQUENCE_END(PBE2PARAM) +static const ASN1_TEMPLATE PBE2PARAM_seq_tt[] = { + { + .offset = offsetof(PBE2PARAM, keyfunc), + .field_name = "keyfunc", + .item = &X509_ALGOR_it, + }, + { + .offset = offsetof(PBE2PARAM, encryption), + .field_name = "encryption", + .item = &X509_ALGOR_it, + }, +}; + +const ASN1_ITEM PBE2PARAM_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = PBE2PARAM_seq_tt, + .tcount = sizeof(PBE2PARAM_seq_tt) / sizeof(ASN1_TEMPLATE), + .size = sizeof(PBE2PARAM), + .sname = "PBE2PARAM", +}; + + +PBE2PARAM * +d2i_PBE2PARAM(PBE2PARAM **a, const unsigned char **in, long len) +{ + return (PBE2PARAM *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &PBE2PARAM_it); +} + +int +i2d_PBE2PARAM(PBE2PARAM *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &PBE2PARAM_it); +} -IMPLEMENT_ASN1_FUNCTIONS(PBE2PARAM) +PBE2PARAM * +PBE2PARAM_new(void) +{ + return (PBE2PARAM *)ASN1_item_new(&PBE2PARAM_it); +} -ASN1_SEQUENCE(PBKDF2PARAM) = { - ASN1_SIMPLE(PBKDF2PARAM, salt, ASN1_ANY), - ASN1_SIMPLE(PBKDF2PARAM, iter, ASN1_INTEGER), - ASN1_OPT(PBKDF2PARAM, keylength, ASN1_INTEGER), - ASN1_OPT(PBKDF2PARAM, prf, X509_ALGOR) -} ASN1_SEQUENCE_END(PBKDF2PARAM) +void +PBE2PARAM_free(PBE2PARAM *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &PBE2PARAM_it); +} + +static const ASN1_TEMPLATE PBKDF2PARAM_seq_tt[] = { + { + .offset = offsetof(PBKDF2PARAM, salt), + .field_name = "salt", + .item = &ASN1_ANY_it, + }, + { + .offset = offsetof(PBKDF2PARAM, iter), + .field_name = "iter", + .item = &ASN1_INTEGER_it, + }, + { + .flags = ASN1_TFLG_OPTIONAL, + .offset = offsetof(PBKDF2PARAM, keylength), + .field_name = "keylength", + .item = &ASN1_INTEGER_it, + }, + { + .flags = ASN1_TFLG_OPTIONAL, + .offset = offsetof(PBKDF2PARAM, prf), + .field_name = "prf", + .item = &X509_ALGOR_it, + }, +}; + +const ASN1_ITEM PBKDF2PARAM_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = PBKDF2PARAM_seq_tt, + .tcount = sizeof(PBKDF2PARAM_seq_tt) / sizeof(ASN1_TEMPLATE), + .size = sizeof(PBKDF2PARAM), + .sname = "PBKDF2PARAM", +}; + + +PBKDF2PARAM * +d2i_PBKDF2PARAM(PBKDF2PARAM **a, const unsigned char **in, long len) +{ + return (PBKDF2PARAM *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &PBKDF2PARAM_it); +} + +int +i2d_PBKDF2PARAM(PBKDF2PARAM *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &PBKDF2PARAM_it); +} + +PBKDF2PARAM * +PBKDF2PARAM_new(void) +{ + return (PBKDF2PARAM *)ASN1_item_new(&PBKDF2PARAM_it); +} -IMPLEMENT_ASN1_FUNCTIONS(PBKDF2PARAM) +void +PBKDF2PARAM_free(PBKDF2PARAM *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &PBKDF2PARAM_it); +} /* Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm: * yes I know this is horrible! + * + * Extended version to allow application supplied PRF NID and IV. */ -X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, - unsigned char *salt, int saltlen) +X509_ALGOR * +PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, unsigned char *salt, + int saltlen, unsigned char *aiv, int prf_nid) { X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL; - int alg_nid; + int alg_nid, keylen; EVP_CIPHER_CTX ctx; unsigned char iv[EVP_MAX_IV_LENGTH]; - PBKDF2PARAM *kdf = NULL; PBE2PARAM *pbe2 = NULL; - ASN1_OCTET_STRING *osalt = NULL; ASN1_OBJECT *obj; alg_nid = EVP_CIPHER_type(cipher); - if(alg_nid == NID_undef) { - ASN1err(ASN1_F_PKCS5_PBE2_SET, - ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); + if (alg_nid == NID_undef) { + ASN1error(ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); goto err; } obj = OBJ_nid2obj(alg_nid); - if(!(pbe2 = PBE2PARAM_new())) goto merr; + if (!(pbe2 = PBE2PARAM_new())) + goto merr; /* Setup the AlgorithmIdentifier for the encryption scheme */ scheme = pbe2->encryption; scheme->algorithm = obj; - if(!(scheme->parameter = ASN1_TYPE_new())) goto merr; + if (!(scheme->parameter = ASN1_TYPE_new())) + goto merr; /* Create random IV */ - if (RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0) - goto err; + if (EVP_CIPHER_iv_length(cipher)) { + if (aiv) + memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher)); + else + arc4random_buf(iv, EVP_CIPHER_iv_length(cipher)); + } EVP_CIPHER_CTX_init(&ctx); - /* Dummy cipherinit to just setup the IV */ - EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0); - if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) { - ASN1err(ASN1_F_PKCS5_PBE2_SET, - ASN1_R_ERROR_SETTING_CIPHER_PARAMS); + /* Dummy cipherinit to just setup the IV, and PRF */ + if (!EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0)) + goto err; + if (EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) { + ASN1error(ASN1_R_ERROR_SETTING_CIPHER_PARAMS); + EVP_CIPHER_CTX_cleanup(&ctx); goto err; } + /* If prf NID unspecified see if cipher has a preference. + * An error is OK here: just means use default PRF. + */ + if ((prf_nid == -1) && + EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0) { + ERR_clear_error(); + prf_nid = NID_hmacWithSHA1; + } EVP_CIPHER_CTX_cleanup(&ctx); - if(!(kdf = PBKDF2PARAM_new())) goto merr; - if(!(osalt = M_ASN1_OCTET_STRING_new())) goto merr; - - if (!saltlen) saltlen = PKCS5_SALT_LEN; - if (!(osalt->data = OPENSSL_malloc (saltlen))) goto merr; - osalt->length = saltlen; - if (salt) memcpy (osalt->data, salt, saltlen); - else if (RAND_pseudo_bytes (osalt->data, saltlen) < 0) goto merr; - - if(iter <= 0) iter = PKCS5_DEFAULT_ITER; - if(!ASN1_INTEGER_set(kdf->iter, iter)) goto merr; - - /* Now include salt in kdf structure */ - kdf->salt->value.octet_string = osalt; - kdf->salt->type = V_ASN1_OCTET_STRING; - osalt = NULL; - /* If its RC2 then we'd better setup the key length */ - if(alg_nid == NID_rc2_cbc) { - if(!(kdf->keylength = M_ASN1_INTEGER_new())) goto merr; - if(!ASN1_INTEGER_set (kdf->keylength, - EVP_CIPHER_key_length(cipher))) goto merr; - } - - /* prf can stay NULL because we are using hmacWithSHA1 */ - - /* Now setup the PBE2PARAM keyfunc structure */ + if (alg_nid == NID_rc2_cbc) + keylen = EVP_CIPHER_key_length(cipher); + else + keylen = -1; - pbe2->keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2); + /* Setup keyfunc */ - /* Encode PBKDF2PARAM into parameter of pbe2 */ - - if(!(pbe2->keyfunc->parameter = ASN1_TYPE_new())) goto merr; + X509_ALGOR_free(pbe2->keyfunc); - if(!ASN1_pack_string(kdf, i2d_PBKDF2PARAM, - &pbe2->keyfunc->parameter->value.sequence)) goto merr; - pbe2->keyfunc->parameter->type = V_ASN1_SEQUENCE; + pbe2->keyfunc = PKCS5_pbkdf2_set(iter, salt, saltlen, prf_nid, keylen); - PBKDF2PARAM_free(kdf); - kdf = NULL; + if (!pbe2->keyfunc) + goto merr; /* Now set up top level AlgorithmIdentifier */ - if(!(ret = X509_ALGOR_new())) goto merr; - if(!(ret->parameter = ASN1_TYPE_new())) goto merr; + if (!(ret = X509_ALGOR_new())) + goto merr; + if (!(ret->parameter = ASN1_TYPE_new())) + goto merr; ret->algorithm = OBJ_nid2obj(NID_pbes2); /* Encode PBE2PARAM into parameter */ - if(!ASN1_pack_string(pbe2, i2d_PBE2PARAM, - &ret->parameter->value.sequence)) goto merr; + if (!ASN1_item_pack(pbe2, &PBE2PARAM_it, + &ret->parameter->value.sequence)) goto merr; ret->parameter->type = V_ASN1_SEQUENCE; PBE2PARAM_free(pbe2); @@ -187,17 +272,101 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, return ret; - merr: - ASN1err(ASN1_F_PKCS5_PBE2_SET,ERR_R_MALLOC_FAILURE); +merr: + ASN1error(ERR_R_MALLOC_FAILURE); - err: +err: PBE2PARAM_free(pbe2); /* Note 'scheme' is freed as part of pbe2 */ - M_ASN1_OCTET_STRING_free(osalt); - PBKDF2PARAM_free(kdf); X509_ALGOR_free(kalg); X509_ALGOR_free(ret); return NULL; +} + +X509_ALGOR * +PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, unsigned char *salt, + int saltlen) +{ + return PKCS5_pbe2_set_iv(cipher, iter, salt, saltlen, NULL, -1); +} + +X509_ALGOR * +PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, int prf_nid, + int keylen) +{ + X509_ALGOR *keyfunc = NULL; + PBKDF2PARAM *kdf = NULL; + ASN1_OCTET_STRING *osalt = NULL; + + if (!(kdf = PBKDF2PARAM_new())) + goto merr; + if (!(osalt = ASN1_OCTET_STRING_new())) + goto merr; + + kdf->salt->value.octet_string = osalt; + kdf->salt->type = V_ASN1_OCTET_STRING; + + if (!saltlen) + saltlen = PKCS5_SALT_LEN; + if (!(osalt->data = malloc (saltlen))) + goto merr; + + osalt->length = saltlen; + if (salt) + memcpy (osalt->data, salt, saltlen); + else + arc4random_buf(osalt->data, saltlen); + + if (iter <= 0) + iter = PKCS5_DEFAULT_ITER; + + if (!ASN1_INTEGER_set(kdf->iter, iter)) + goto merr; + + /* If have a key len set it up */ + + if (keylen > 0) { + if (!(kdf->keylength = ASN1_INTEGER_new())) + goto merr; + if (!ASN1_INTEGER_set(kdf->keylength, keylen)) + goto merr; + } + + /* prf can stay NULL if we are using hmacWithSHA1 */ + if (prf_nid > 0 && prf_nid != NID_hmacWithSHA1) { + kdf->prf = X509_ALGOR_new(); + if (!kdf->prf) + goto merr; + X509_ALGOR_set0(kdf->prf, OBJ_nid2obj(prf_nid), + V_ASN1_NULL, NULL); + } + + /* Finally setup the keyfunc structure */ + + keyfunc = X509_ALGOR_new(); + if (!keyfunc) + goto merr; + + keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2); + + /* Encode PBKDF2PARAM into parameter of pbe2 */ + + if (!(keyfunc->parameter = ASN1_TYPE_new())) + goto merr; + + if (!ASN1_item_pack(kdf, &PBKDF2PARAM_it, + &keyfunc->parameter->value.sequence)) + goto merr; + keyfunc->parameter->type = V_ASN1_SEQUENCE; + + PBKDF2PARAM_free(kdf); + return keyfunc; + +merr: + ASN1error(ERR_R_MALLOC_FAILURE); + PBKDF2PARAM_free(kdf); + X509_ALGOR_free(keyfunc); + return NULL; } diff --git a/src/lib/libcrypto/asn1/p8_key.c b/src/lib/libcrypto/asn1/p8_key.c deleted file mode 100644 index 3a31248e14b..00000000000 --- a/src/lib/libcrypto/asn1/p8_key.c +++ /dev/null @@ -1,131 +0,0 @@ -/* crypto/asn1/p8_key.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include "cryptlib.h" -#include -#include - -int i2d_X509_KEY(X509 *a, unsigned char **pp) - { - M_ASN1_I2D_vars(a); - - M_ASN1_I2D_len(a->cert_info, i2d_X509_CINF); - M_ASN1_I2D_len(a->sig_alg, i2d_X509_ALGOR); - M_ASN1_I2D_len(a->signature, i2d_ASN1_BIT_STRING); - - M_ASN1_I2D_seq_total(); - - M_ASN1_I2D_put(a->cert_info, i2d_X509_CINF); - M_ASN1_I2D_put(a->sig_alg, i2d_X509_ALGOR); - M_ASN1_I2D_put(a->signature, i2d_ASN1_BIT_STRING); - - M_ASN1_I2D_finish(); - } - -X509 *d2i_X509_KEY(X509 **a, unsigned char **pp, long length) - { - M_ASN1_D2I_vars(a,X509 *,X509_new); - - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); - M_ASN1_D2I_get(ret->cert_info,d2i_X509_CINF); - M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR); - M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING); - M_ASN1_D2I_Finish(a,X509_free,ASN1_F_D2I_X509); - } - -X509 *X509_KEY_new(void) - { - X509_KEY *ret=NULL; - - M_ASN1_New_OPENSSL_malloc(ret,X509_KEY); - ret->references=1; - ret->type=NID - M_ASN1_New(ret->cert_info,X509_CINF_new); - M_ASN1_New(ret->sig_alg,X509_ALGOR_new); - M_ASN1_New(ret->signature,ASN1_BIT_STRING_new); - return(ret); - M_ASN1_New_Error(ASN1_F_X509_NEW); - } - -void X509_KEY_free(X509 *a) - { - int i; - - if (a == NULL) return; - - i=CRYPTO_add_lock(&a->references,-1,CRYPTO_LOCK_X509_KEY); -#ifdef REF_PRINT - REF_PRINT("X509_KEY",a); -#endif - if (i > 0) return; -#ifdef REF_CHECK - if (i < 0) - { - fprintf(stderr,"X509_KEY_free, bad reference count\n"); - abort(); - } -#endif - - X509_CINF_free(a->cert_info); - X509_ALGOR_free(a->sig_alg); - ASN1_BIT_STRING_free(a->signature); - OPENSSL_free(a); - } - diff --git a/src/lib/libcrypto/asn1/p8_pkey.c b/src/lib/libcrypto/asn1/p8_pkey.c index b634d5bc85c..d2f8e6b0557 100644 --- a/src/lib/libcrypto/asn1/p8_pkey.c +++ b/src/lib/libcrypto/asn1/p8_pkey.c @@ -1,16 +1,16 @@ -/* p8_pkey.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: p8_pkey.c,v 1.19 2018/08/24 20:17:33 tb Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,28 +57,130 @@ */ #include -#include "cryptlib.h" +#include + #include #include /* Minor tweak to operation: zero private key data */ -static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) +static int +pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) { /* Since the structure must still be valid use ASN1_OP_FREE_PRE */ - if(operation == ASN1_OP_FREE_PRE) { + if (operation == ASN1_OP_FREE_PRE) { PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval; - if (key->pkey->value.octet_string) - memset(key->pkey->value.octet_string->data, - 0, key->pkey->value.octet_string->length); + if (key->pkey != NULL) + explicit_bzero(key->pkey->data, key->pkey->length); } return 1; } -ASN1_SEQUENCE_cb(PKCS8_PRIV_KEY_INFO, pkey_cb) = { - ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, version, ASN1_INTEGER), - ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkeyalg, X509_ALGOR), - ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkey, ASN1_ANY), - ASN1_IMP_SET_OF_OPT(PKCS8_PRIV_KEY_INFO, attributes, X509_ATTRIBUTE, 0) -} ASN1_SEQUENCE_END_cb(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO) +static const ASN1_AUX PKCS8_PRIV_KEY_INFO_aux = { + .asn1_cb = pkey_cb, +}; +static const ASN1_TEMPLATE PKCS8_PRIV_KEY_INFO_seq_tt[] = { + { + .offset = offsetof(PKCS8_PRIV_KEY_INFO, version), + .field_name = "version", + .item = &ASN1_INTEGER_it, + }, + { + .offset = offsetof(PKCS8_PRIV_KEY_INFO, pkeyalg), + .field_name = "pkeyalg", + .item = &X509_ALGOR_it, + }, + { + .offset = offsetof(PKCS8_PRIV_KEY_INFO, pkey), + .field_name = "pkey", + .item = &ASN1_OCTET_STRING_it, + }, + { + .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL, + .offset = offsetof(PKCS8_PRIV_KEY_INFO, attributes), + .field_name = "attributes", + .item = &X509_ATTRIBUTE_it, + }, +}; + +const ASN1_ITEM PKCS8_PRIV_KEY_INFO_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = PKCS8_PRIV_KEY_INFO_seq_tt, + .tcount = sizeof(PKCS8_PRIV_KEY_INFO_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = &PKCS8_PRIV_KEY_INFO_aux, + .size = sizeof(PKCS8_PRIV_KEY_INFO), + .sname = "PKCS8_PRIV_KEY_INFO", +}; + + +PKCS8_PRIV_KEY_INFO * +d2i_PKCS8_PRIV_KEY_INFO(PKCS8_PRIV_KEY_INFO **a, const unsigned char **in, long len) +{ + return (PKCS8_PRIV_KEY_INFO *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &PKCS8_PRIV_KEY_INFO_it); +} + +int +i2d_PKCS8_PRIV_KEY_INFO(PKCS8_PRIV_KEY_INFO *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS8_PRIV_KEY_INFO_it); +} + +PKCS8_PRIV_KEY_INFO * +PKCS8_PRIV_KEY_INFO_new(void) +{ + return (PKCS8_PRIV_KEY_INFO *)ASN1_item_new(&PKCS8_PRIV_KEY_INFO_it); +} + +void +PKCS8_PRIV_KEY_INFO_free(PKCS8_PRIV_KEY_INFO *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &PKCS8_PRIV_KEY_INFO_it); +} + +int +PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, int version, + int ptype, void *pval, unsigned char *penc, int penclen) +{ + if (version >= 0) { + if (!ASN1_INTEGER_set(priv->version, version)) + return 0; + } + if (!X509_ALGOR_set0(priv->pkeyalg, aobj, ptype, pval)) + return 0; + if (penc != NULL) + ASN1_STRING_set0(priv->pkey, penc, penclen); + return 1; +} + +int +PKCS8_pkey_get0(const ASN1_OBJECT **ppkalg, const unsigned char **pk, + int *ppklen, const X509_ALGOR **pa, const PKCS8_PRIV_KEY_INFO *p8) +{ + if (ppkalg != NULL) + *ppkalg = p8->pkeyalg->algorithm; + if (pk != NULL) { + *pk = ASN1_STRING_data(p8->pkey); + *ppklen = ASN1_STRING_length(p8->pkey); + } + if (pa != NULL) + *pa = p8->pkeyalg; + return 1; +} + +const STACK_OF(X509_ATTRIBUTE) * +PKCS8_pkey_get0_attrs(const PKCS8_PRIV_KEY_INFO *p8) +{ + return p8->attributes; +} + +int +PKCS8_pkey_add1_attr_by_NID(PKCS8_PRIV_KEY_INFO *p8, int nid, int type, + const unsigned char *bytes, int len) +{ + if (X509at_add1_attr_by_NID(&p8->attributes, nid, type, bytes, + len) != NULL) + return 1; + return 0; +} -IMPLEMENT_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO) diff --git a/src/lib/libcrypto/asn1/t_bitst.c b/src/lib/libcrypto/asn1/t_bitst.c index 8ee789f0825..51515b88e25 100644 --- a/src/lib/libcrypto/asn1/t_bitst.c +++ b/src/lib/libcrypto/asn1/t_bitst.c @@ -1,5 +1,5 @@ -/* t_bitst.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: t_bitst.c,v 1.8 2018/04/25 11:48:21 tb Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,19 +57,23 @@ */ #include -#include "cryptlib.h" +#include + #include #include -int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs, - BIT_STRING_BITNAME *tbl, int indent) +int +ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs, + BIT_STRING_BITNAME *tbl, int indent) { BIT_STRING_BITNAME *bnam; char first = 1; + BIO_printf(out, "%*s", indent, ""); - for(bnam = tbl; bnam->lname; bnam++) { - if(ASN1_BIT_STRING_get_bit(bs, bnam->bitnum)) { - if(!first) BIO_puts(out, ", "); + for (bnam = tbl; bnam->lname; bnam++) { + if (ASN1_BIT_STRING_get_bit(bs, bnam->bitnum)) { + if (!first) + BIO_puts(out, ", "); BIO_puts(out, bnam->lname); first = 0; } @@ -78,22 +82,31 @@ int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs, return 1; } -int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value, - BIT_STRING_BITNAME *tbl) +int +ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, const char *name, int value, + BIT_STRING_BITNAME *tbl) { int bitnum; + bitnum = ASN1_BIT_STRING_num_asc(name, tbl); - if(bitnum < 0) return 0; - if(bs) ASN1_BIT_STRING_set_bit(bs, bitnum, value); + if (bitnum < 0) + return 0; + if (bs) { + if (!ASN1_BIT_STRING_set_bit(bs, bitnum, value)) + return 0; + } return 1; } -int ASN1_BIT_STRING_num_asc(char *name, BIT_STRING_BITNAME *tbl) +int +ASN1_BIT_STRING_num_asc(const char *name, BIT_STRING_BITNAME *tbl) { BIT_STRING_BITNAME *bnam; - for(bnam = tbl; bnam->lname; bnam++) { - if(!strcmp(bnam->sname, name) || - !strcmp(bnam->lname, name) ) return bnam->bitnum; + + for (bnam = tbl; bnam->lname; bnam++) { + if (!strcmp(bnam->sname, name) || + !strcmp(bnam->lname, name)) + return bnam->bitnum; } return -1; } diff --git a/src/lib/libcrypto/asn1/t_crl.c b/src/lib/libcrypto/asn1/t_crl.c index 60db3057560..c8122442bbd 100644 --- a/src/lib/libcrypto/asn1/t_crl.c +++ b/src/lib/libcrypto/asn1/t_crl.c @@ -1,5 +1,5 @@ -/* t_crl.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: t_crl.c,v 1.17 2017/01/29 17:49:22 beck Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,77 +57,84 @@ */ #include -#include "cryptlib.h" -#include + #include +#include +#include #include #include #include -#ifndef OPENSSL_NO_FP_API -int X509_CRL_print_fp(FILE *fp, X509_CRL *x) - { - BIO *b; - int ret; +int +X509_CRL_print_fp(FILE *fp, X509_CRL *x) +{ + BIO *b; + int ret; - if ((b=BIO_new(BIO_s_file())) == NULL) - { - X509err(X509_F_X509_PRINT_FP,ERR_R_BUF_LIB); - return(0); - } - BIO_set_fp(b,fp,BIO_NOCLOSE); - ret=X509_CRL_print(b, x); - BIO_free(b); - return(ret); - } -#endif + if ((b = BIO_new(BIO_s_file())) == NULL) { + X509error(ERR_R_BUF_LIB); + return (0); + } + BIO_set_fp(b, fp, BIO_NOCLOSE); + ret = X509_CRL_print(b, x); + BIO_free(b); + return (ret); +} -int X509_CRL_print(BIO *out, X509_CRL *x) +int +X509_CRL_print(BIO *out, X509_CRL *x) { - char buf[256]; STACK_OF(X509_REVOKED) *rev; X509_REVOKED *r; long l; - int i, n; + int i; + char *p; BIO_printf(out, "Certificate Revocation List (CRL):\n"); l = X509_CRL_get_version(x); - BIO_printf(out, "%8sVersion %lu (0x%lx)\n", "", l+1, l); + BIO_printf(out, "%8sVersion %lu (0x%lx)\n", "", l + 1, l); i = OBJ_obj2nid(x->sig_alg->algorithm); - BIO_printf(out, "%8sSignature Algorithm: %s\n", "", - (i == NID_undef) ? "NONE" : OBJ_nid2ln(i)); - X509_NAME_oneline(X509_CRL_get_issuer(x),buf,256); - BIO_printf(out,"%8sIssuer: %s\n","",buf); - BIO_printf(out,"%8sLast Update: ",""); - ASN1_TIME_print(out,X509_CRL_get_lastUpdate(x)); - BIO_printf(out,"\n%8sNext Update: ",""); + if (X509_signature_print(out, x->sig_alg, NULL) == 0) + goto err; + p = X509_NAME_oneline(X509_CRL_get_issuer(x), NULL, 0); + if (p == NULL) + goto err; + BIO_printf(out, "%8sIssuer: %s\n", "", p); + free(p); + BIO_printf(out, "%8sLast Update: ", ""); + ASN1_TIME_print(out, X509_CRL_get_lastUpdate(x)); + BIO_printf(out, "\n%8sNext Update: ", ""); if (X509_CRL_get_nextUpdate(x)) - ASN1_TIME_print(out,X509_CRL_get_nextUpdate(x)); - else BIO_printf(out,"NONE"); - BIO_printf(out,"\n"); + ASN1_TIME_print(out, X509_CRL_get_nextUpdate(x)); + else + BIO_printf(out, "NONE"); + BIO_printf(out, "\n"); - n=X509_CRL_get_ext_count(x); X509V3_extensions_print(out, "CRL extensions", - x->crl->extensions, 0, 8); + x->crl->extensions, 0, 8); rev = X509_CRL_get_REVOKED(x); - if(sk_X509_REVOKED_num(rev) > 0) - BIO_printf(out, "Revoked Certificates:\n"); - else BIO_printf(out, "No Revoked Certificates.\n"); + if (sk_X509_REVOKED_num(rev) > 0) + BIO_printf(out, "Revoked Certificates:\n"); + else + BIO_printf(out, "No Revoked Certificates.\n"); - for(i = 0; i < sk_X509_REVOKED_num(rev); i++) { + for (i = 0; i < sk_X509_REVOKED_num(rev); i++) { r = sk_X509_REVOKED_value(rev, i); - BIO_printf(out," Serial Number: "); - i2a_ASN1_INTEGER(out,r->serialNumber); - BIO_printf(out,"\n Revocation Date: ",""); - ASN1_TIME_print(out,r->revocationDate); - BIO_printf(out,"\n"); + BIO_printf(out, " Serial Number: "); + i2a_ASN1_INTEGER(out, r->serialNumber); + BIO_printf(out, "\n Revocation Date: "); + ASN1_TIME_print(out, r->revocationDate); + BIO_printf(out, "\n"); X509V3_extensions_print(out, "CRL entry extensions", - r->extensions, 0, 8); + r->extensions, 0, 8); } - X509_signature_print(out, x->sig_alg, x->signature); + if (X509_signature_print(out, x->sig_alg, x->signature) == 0) + goto err; return 1; +err: + return 0; } diff --git a/src/lib/libcrypto/asn1/t_pkey.c b/src/lib/libcrypto/asn1/t_pkey.c index 80601152021..b3f7d084c54 100644 --- a/src/lib/libcrypto/asn1/t_pkey.c +++ b/src/lib/libcrypto/asn1/t_pkey.c @@ -1,25 +1,25 @@ -/* crypto/asn1/t_pkey.c */ +/* $OpenBSD: t_pkey.c,v 1.16 2014/07/11 08:44:47 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,305 +57,58 @@ */ #include -#include "cryptlib.h" -#include -#include -#ifndef OPENSSL_NO_RSA -#include -#endif -#ifndef OPENSSL_NO_DH -#include -#endif -#ifndef OPENSSL_NO_DSA -#include -#endif -static int print(BIO *fp,const char *str,BIGNUM *num, - unsigned char *buf,int off); -#ifndef OPENSSL_NO_RSA -#ifndef OPENSSL_NO_FP_API -int RSA_print_fp(FILE *fp, const RSA *x, int off) - { - BIO *b; - int ret; - - if ((b=BIO_new(BIO_s_file())) == NULL) - { - RSAerr(RSA_F_RSA_PRINT_FP,ERR_R_BUF_LIB); - return(0); - } - BIO_set_fp(b,fp,BIO_NOCLOSE); - ret=RSA_print(b,x,off); - BIO_free(b); - return(ret); - } -#endif - -int RSA_print(BIO *bp, const RSA *x, int off) - { - char str[128]; - const char *s; - unsigned char *m=NULL; - int i,ret=0; - - i=RSA_size(x); - m=(unsigned char *)OPENSSL_malloc((unsigned int)i+10); - if (m == NULL) - { - RSAerr(RSA_F_RSA_PRINT,ERR_R_MALLOC_FAILURE); - goto err; - } - - if (off) - { - if (off > 128) off=128; - memset(str,' ',off); - } - if (x->d != NULL) - { - if (off && (BIO_write(bp,str,off) <= 0)) goto err; - if (BIO_printf(bp,"Private-Key: (%d bit)\n",BN_num_bits(x->n)) - <= 0) goto err; - } - - if (x->d == NULL) - sprintf(str,"Modulus (%d bit):",BN_num_bits(x->n)); - else - strcpy(str,"modulus:"); - if (!print(bp,str,x->n,m,off)) goto err; - s=(x->d == NULL)?"Exponent:":"publicExponent:"; - if (!print(bp,s,x->e,m,off)) goto err; - if (!print(bp,"privateExponent:",x->d,m,off)) goto err; - if (!print(bp,"prime1:",x->p,m,off)) goto err; - if (!print(bp,"prime2:",x->q,m,off)) goto err; - if (!print(bp,"exponent1:",x->dmp1,m,off)) goto err; - if (!print(bp,"exponent2:",x->dmq1,m,off)) goto err; - if (!print(bp,"coefficient:",x->iqmp,m,off)) goto err; - ret=1; -err: - if (m != NULL) OPENSSL_free(m); - return(ret); - } -#endif /* OPENSSL_NO_RSA */ - -#ifndef OPENSSL_NO_DSA -#ifndef OPENSSL_NO_FP_API -int DSA_print_fp(FILE *fp, const DSA *x, int off) - { - BIO *b; - int ret; - - if ((b=BIO_new(BIO_s_file())) == NULL) - { - DSAerr(DSA_F_DSA_PRINT_FP,ERR_R_BUF_LIB); - return(0); - } - BIO_set_fp(b,fp,BIO_NOCLOSE); - ret=DSA_print(b,x,off); - BIO_free(b); - return(ret); - } -#endif - -int DSA_print(BIO *bp, const DSA *x, int off) - { - char str[128]; - unsigned char *m=NULL; - int i,ret=0; - BIGNUM *bn=NULL; - - if (x->p != NULL) - bn=x->p; - else if (x->priv_key != NULL) - bn=x->priv_key; - else if (x->pub_key != NULL) - bn=x->pub_key; - - /* larger than needed but what the hell :-) */ - if (bn != NULL) - i=BN_num_bytes(bn)*2; - else - i=256; - m=(unsigned char *)OPENSSL_malloc((unsigned int)i+10); - if (m == NULL) - { - DSAerr(DSA_F_DSA_PRINT,ERR_R_MALLOC_FAILURE); - goto err; - } +#include +#include +#include - if (off) - { - if (off > 128) off=128; - memset(str,' ',off); - } - if (x->priv_key != NULL) - { - if (off && (BIO_write(bp,str,off) <= 0)) goto err; - if (BIO_printf(bp,"Private-Key: (%d bit)\n",BN_num_bits(x->p)) - <= 0) goto err; - } +int +ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num, + unsigned char *buf, int off) +{ + int n, i; + const char *neg; - if ((x->priv_key != NULL) && !print(bp,"priv:",x->priv_key,m,off)) - goto err; - if ((x->pub_key != NULL) && !print(bp,"pub: ",x->pub_key,m,off)) - goto err; - if ((x->p != NULL) && !print(bp,"P: ",x->p,m,off)) goto err; - if ((x->q != NULL) && !print(bp,"Q: ",x->q,m,off)) goto err; - if ((x->g != NULL) && !print(bp,"G: ",x->g,m,off)) goto err; - ret=1; -err: - if (m != NULL) OPENSSL_free(m); - return(ret); + if (num == NULL) + return (1); + neg = (BN_is_negative(num)) ? "-" : ""; + if (!BIO_indent(bp, off, 128)) + return 0; + if (BN_is_zero(num)) { + if (BIO_printf(bp, "%s 0\n", number) <= 0) + return 0; + return 1; } -#endif /* !OPENSSL_NO_DSA */ -static int print(BIO *bp, const char *number, BIGNUM *num, unsigned char *buf, - int off) - { - int n,i; - char str[128]; - const char *neg; + if (BN_num_bytes(num) <= BN_BYTES) { + if (BIO_printf(bp, "%s %s%lu (%s0x%lx)\n", number, neg, + (unsigned long)num->d[0], neg, + (unsigned long)num->d[0]) <= 0) + return (0); + } else { + buf[0] = 0; + if (BIO_printf(bp, "%s%s", number, + (neg[0] == '-') ? " (Negative)" : "") <= 0) + return (0); + n = BN_bn2bin(num, &buf[1]); - if (num == NULL) return(1); - neg=(num->neg)?"-":""; - if (off) - { - if (off > 128) off=128; - memset(str,' ',off); - if (BIO_write(bp,str,off) <= 0) return(0); - } - - if (BN_num_bytes(num) <= BN_BYTES) - { - if (BIO_printf(bp,"%s %s%lu (%s0x%lx)\n",number,neg, - (unsigned long)num->d[0],neg,(unsigned long)num->d[0]) - <= 0) return(0); - } - else - { - buf[0]=0; - if (BIO_printf(bp,"%s%s",number, - (neg[0] == '-')?" (Negative)":"") <= 0) - return(0); - n=BN_bn2bin(num,&buf[1]); - if (buf[1] & 0x80) n++; - else buf++; - - for (i=0; ip); - m=(unsigned char *)OPENSSL_malloc((unsigned int)i+10); - if (m == NULL) - { - reason=ERR_R_MALLOC_FAILURE; - goto err; - } - - if (BIO_printf(bp,"Diffie-Hellman-Parameters: (%d bit)\n", - BN_num_bits(x->p)) <= 0) - goto err; - if (!print(bp,"prime:",x->p,m,4)) goto err; - if (!print(bp,"generator:",x->g,m,4)) goto err; - if (x->length != 0) - { - if (BIO_printf(bp," recommended-private-length: %d bits\n", - (int)x->length) <= 0) goto err; - } - ret=1; - if (0) - { -err: - DHerr(DH_F_DHPARAMS_PRINT,reason); - } - if (m != NULL) OPENSSL_free(m); - return(ret); - } -#endif - -#ifndef OPENSSL_NO_DSA -#ifndef OPENSSL_NO_FP_API -int DSAparams_print_fp(FILE *fp, const DSA *x) - { - BIO *b; - int ret; - - if ((b=BIO_new(BIO_s_file())) == NULL) - { - DSAerr(DSA_F_DSAPARAMS_PRINT_FP,ERR_R_BUF_LIB); - return(0); - } - BIO_set_fp(b,fp,BIO_NOCLOSE); - ret=DSAparams_print(b, x); - BIO_free(b); - return(ret); - } -#endif - -int DSAparams_print(BIO *bp, const DSA *x) - { - unsigned char *m=NULL; - int reason=ERR_R_BUF_LIB,i,ret=0; - - i=BN_num_bytes(x->p); - m=(unsigned char *)OPENSSL_malloc((unsigned int)i+10); - if (m == NULL) - { - reason=ERR_R_MALLOC_FAILURE; - goto err; - } - - if (BIO_printf(bp,"DSA-Parameters: (%d bit)\n", - BN_num_bits(x->p)) <= 0) - goto err; - if (!print(bp,"p:",x->p,m,4)) goto err; - if (!print(bp,"q:",x->q,m,4)) goto err; - if (!print(bp,"g:",x->g,m,4)) goto err; - ret=1; -err: - if (m != NULL) OPENSSL_free(m); - DSAerr(DSA_F_DSAPARAMS_PRINT,reason); - return(ret); - } - -#endif /* !OPENSSL_NO_DSA */ - + return (1); +} diff --git a/src/lib/libcrypto/asn1/t_req.c b/src/lib/libcrypto/asn1/t_req.c index 848c29a2dd3..a9b14fed73d 100644 --- a/src/lib/libcrypto/asn1/t_req.c +++ b/src/lib/libcrypto/asn1/t_req.c @@ -1,25 +1,25 @@ -/* crypto/asn1/t_req.c */ +/* $OpenBSD: t_req.c,v 1.19 2017/01/29 17:49:22 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,33 +57,43 @@ */ #include -#include "cryptlib.h" -#include + +#include + #include +#include +#include #include #include #include -#ifndef OPENSSL_NO_FP_API -int X509_REQ_print_fp(FILE *fp, X509_REQ *x) - { - BIO *b; - int ret; - - if ((b=BIO_new(BIO_s_file())) == NULL) - { - X509err(X509_F_X509_REQ_PRINT_FP,ERR_R_BUF_LIB); - return(0); - } - BIO_set_fp(b,fp,BIO_NOCLOSE); - ret=X509_REQ_print(b, x); - BIO_free(b); - return(ret); - } +#ifndef OPENSSL_NO_DSA +#include #endif +#ifndef OPENSSL_NO_RSA +#include +#endif + +int +X509_REQ_print_fp(FILE *fp, X509_REQ *x) +{ + BIO *b; + int ret; -int X509_REQ_print(BIO *bp, X509_REQ *x) - { + if ((b = BIO_new(BIO_s_file())) == NULL) { + X509error(ERR_R_BUF_LIB); + return (0); + } + BIO_set_fp(b, fp, BIO_NOCLOSE); + ret = X509_REQ_print(b, x); + BIO_free(b); + return (ret); +} + +int +X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, + unsigned long cflag) +{ unsigned long l; int i; const char *neg; @@ -91,144 +101,167 @@ int X509_REQ_print(BIO *bp, X509_REQ *x) EVP_PKEY *pkey; STACK_OF(X509_ATTRIBUTE) *sk; STACK_OF(X509_EXTENSION) *exts; - char str[128]; - - ri=x->req_info; - sprintf(str,"Certificate Request:\n"); - if (BIO_puts(bp,str) <= 0) goto err; - sprintf(str,"%4sData:\n",""); - if (BIO_puts(bp,str) <= 0) goto err; - - neg=(ri->version->type == V_ASN1_NEG_INTEGER)?"-":""; - l=0; - for (i=0; iversion->length; i++) - { l<<=8; l+=ri->version->data[i]; } - sprintf(str,"%8sVersion: %s%lu (%s0x%lx)\n","",neg,l,neg,l); - if (BIO_puts(bp,str) <= 0) goto err; - sprintf(str,"%8sSubject: ",""); - if (BIO_puts(bp,str) <= 0) goto err; - - X509_NAME_print(bp,ri->subject,16); - sprintf(str,"\n%8sSubject Public Key Info:\n",""); - if (BIO_puts(bp,str) <= 0) goto err; - i=OBJ_obj2nid(ri->pubkey->algor->algorithm); - sprintf(str,"%12sPublic Key Algorithm: %s\n","", - (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)); - if (BIO_puts(bp,str) <= 0) goto err; - - pkey=X509_REQ_get_pubkey(x); -#ifndef OPENSSL_NO_RSA - if (pkey != NULL && pkey->type == EVP_PKEY_RSA) - { - BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","", - BN_num_bits(pkey->pkey.rsa->n)); - RSA_print(bp,pkey->pkey.rsa,16); + char mlch = ' '; + int nmindent = 0; + + if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) { + mlch = '\n'; + nmindent = 12; + } + + if (nmflags == X509_FLAG_COMPAT) + nmindent = 16; + + ri = x->req_info; + if (!(cflag & X509_FLAG_NO_HEADER)) { + if (BIO_write(bp, "Certificate Request:\n", 21) <= 0) + goto err; + if (BIO_write(bp, " Data:\n", 10) <= 0) + + goto err; + } + if (!(cflag & X509_FLAG_NO_VERSION)) { + neg = (ri->version->type == V_ASN1_NEG_INTEGER) ? "-" : ""; + l = 0; + for (i = 0; i < ri->version->length; i++) { + l <<= 8; + l += ri->version->data[i]; } - else -#endif -#ifndef OPENSSL_NO_DSA - if (pkey != NULL && pkey->type == EVP_PKEY_DSA) - { - BIO_printf(bp,"%12sDSA Public Key:\n",""); - DSA_print(bp,pkey->pkey.dsa,16); + if (BIO_printf(bp, "%8sVersion: %s%lu (%s0x%lx)\n", "", neg, + l, neg, l) <= 0) + goto err; + } + if (!(cflag & X509_FLAG_NO_SUBJECT)) { + if (BIO_printf(bp, " Subject:%c", mlch) <= 0) + goto err; + if (X509_NAME_print_ex(bp, ri->subject, nmindent, nmflags) < 0) + goto err; + if (BIO_write(bp, "\n", 1) <= 0) + goto err; + } + if (!(cflag & X509_FLAG_NO_PUBKEY)) { + if (BIO_write(bp, " Subject Public Key Info:\n", + 33) <= 0) + goto err; + if (BIO_printf(bp, "%12sPublic Key Algorithm: ", "") <= 0) + goto err; + if (i2a_ASN1_OBJECT(bp, ri->pubkey->algor->algorithm) <= 0) + goto err; + if (BIO_puts(bp, "\n") <= 0) + goto err; + + pkey = X509_REQ_get_pubkey(x); + if (pkey == NULL) { + BIO_printf(bp, "%12sUnable to load Public Key\n", ""); + ERR_print_errors(bp); + } else { + EVP_PKEY_print_public(bp, pkey, 16, NULL); + EVP_PKEY_free(pkey); } - else -#endif - BIO_printf(bp,"%12sUnknown Public Key:\n",""); + } - if (pkey != NULL) - EVP_PKEY_free(pkey); + if (!(cflag & X509_FLAG_NO_ATTRIBUTES)) { + /* may not be */ + if (BIO_printf(bp, "%8sAttributes:\n", "") <= 0) + goto err; - /* may not be */ - sprintf(str,"%8sAttributes:\n",""); - if (BIO_puts(bp,str) <= 0) goto err; + sk = x->req_info->attributes; + if (sk_X509_ATTRIBUTE_num(sk) == 0) { + if (BIO_printf(bp, "%12sa0:00\n", "") <= 0) + goto err; + } else { + for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) { + ASN1_TYPE *at; + X509_ATTRIBUTE *a; + ASN1_BIT_STRING *bs = NULL; + ASN1_TYPE *t; + int j, type = 0, count = 1, ii = 0; - sk=x->req_info->attributes; - if (sk_X509_ATTRIBUTE_num(sk) == 0) - { - sprintf(str,"%12sa0:00\n",""); - if (BIO_puts(bp,str) <= 0) goto err; - } - else - { - for (i=0; iobject))) - continue; - sprintf(str,"%12s",""); - if (BIO_puts(bp,str) <= 0) goto err; - if ((j=i2a_ASN1_OBJECT(bp,a->object)) > 0) - { - if (a->single) - { - t=a->value.single; - type=t->type; - bs=t->value.bit_string; - } - else - { - ii=0; - count=sk_ASN1_TYPE_num(a->value.set); + a = sk_X509_ATTRIBUTE_value(sk, i); + if (X509_REQ_extension_nid( + OBJ_obj2nid(a->object))) + continue; + if (BIO_printf(bp, "%12s", "") <= 0) + goto err; + if ((j = i2a_ASN1_OBJECT(bp, a->object)) > 0) { + if (a->single) { + t = a->value.single; + type = t->type; + bs = t->value.bit_string; + } else { + ii = 0; + count = sk_ASN1_TYPE_num( + a->value.set); get_next: - at=sk_ASN1_TYPE_value(a->value.set,ii); - type=at->type; - bs=at->value.asn1_string; + at = sk_ASN1_TYPE_value( + a->value.set, ii); + type = at->type; + bs = at->value.asn1_string; + } } - } - for (j=25-j; j>0; j--) - if (BIO_write(bp," ",1) != 1) goto err; - if (BIO_puts(bp,":") <= 0) goto err; - if ( (type == V_ASN1_PRINTABLESTRING) || - (type == V_ASN1_T61STRING) || - (type == V_ASN1_IA5STRING)) - { - if (BIO_write(bp,(char *)bs->data,bs->length) - != bs->length) + for (j = 25 - j; j > 0; j--) + if (BIO_write(bp, " ", 1) != 1) + goto err; + if (BIO_puts(bp, ":") <= 0) goto err; - BIO_puts(bp,"\n"); + if ((type == V_ASN1_PRINTABLESTRING) || + (type == V_ASN1_T61STRING) || + (type == V_ASN1_IA5STRING)) { + if (BIO_write(bp, (char *)bs->data, + bs->length) != bs->length) + goto err; + BIO_puts(bp, "\n"); + } else { + BIO_puts(bp, + "unable to print attribute\n"); } - else - { - BIO_puts(bp,"unable to print attribute\n"); - } - if (++ii < count) goto get_next; + if (++ii < count) + goto get_next; } } - - exts = X509_REQ_get_extensions(x); - if(exts) { - BIO_printf(bp,"%8sRequested Extensions:\n",""); - for (i=0; ivalue); + } + if (!(cflag & X509_FLAG_NO_EXTENSIONS)) { + exts = X509_REQ_get_extensions(x); + if (exts) { + BIO_printf(bp, "%8sRequested Extensions:\n", ""); + for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) { + ASN1_OBJECT *obj; + X509_EXTENSION *ex; + int j; + ex = sk_X509_EXTENSION_value(exts, i); + if (BIO_printf(bp, "%12s", "") <= 0) + goto err; + obj = X509_EXTENSION_get_object(ex); + i2a_ASN1_OBJECT(bp, obj); + j = X509_EXTENSION_get_critical(ex); + if (BIO_printf(bp, ": %s\n", + j ? "critical" : "") <= 0) + goto err; + if (!X509V3_EXT_print(bp, ex, cflag, 16)) { + BIO_printf(bp, "%16s", ""); + ASN1_STRING_print(bp, ex->value); + } + if (BIO_write(bp, "\n", 1) <= 0) + goto err; } - if (BIO_write(bp,"\n",1) <= 0) goto err; + sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); } - sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); } - if(!X509_signature_print(bp, x->sig_alg, x->signature)) goto err; + if (!(cflag & X509_FLAG_NO_SIGDUMP)) { + if (!X509_signature_print(bp, x->sig_alg, x->signature)) + goto err; + } + + return (1); - return(1); err: - X509err(X509_F_X509_REQ_PRINT,ERR_R_BUF_LIB); - return(0); - } + X509error(ERR_R_BUF_LIB); + return (0); +} + +int +X509_REQ_print(BIO *bp, X509_REQ *x) +{ + return X509_REQ_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT); +} diff --git a/src/lib/libcrypto/asn1/t_spki.c b/src/lib/libcrypto/asn1/t_spki.c index 5abfbc815ea..39ff0670b6d 100644 --- a/src/lib/libcrypto/asn1/t_spki.c +++ b/src/lib/libcrypto/asn1/t_spki.c @@ -1,5 +1,5 @@ -/* t_spki.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: t_spki.c,v 1.11 2014/07/11 08:44:47 jsing Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,60 +57,56 @@ */ #include -#include "cryptlib.h" -#include + +#include + #include +#include +#include + +#ifndef OPENSSL_NO_DSA +#include +#endif +#ifndef OPENSSL_NO_RSA +#include +#endif /* Print out an SPKI */ -int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki) +int +NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki) { EVP_PKEY *pkey; ASN1_IA5STRING *chal; int i, n; char *s; + BIO_printf(out, "Netscape SPKI:\n"); - i=OBJ_obj2nid(spki->spkac->pubkey->algor->algorithm); - BIO_printf(out," Public Key Algorithm: %s\n", - (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)); + i = OBJ_obj2nid(spki->spkac->pubkey->algor->algorithm); + BIO_printf(out, " Public Key Algorithm: %s\n", + (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i)); pkey = X509_PUBKEY_get(spki->spkac->pubkey); - if(!pkey) BIO_printf(out, " Unable to load public key\n"); + if (!pkey) + BIO_printf(out, " Unable to load public key\n"); else { -#ifndef OPENSSL_NO_RSA - if (pkey->type == EVP_PKEY_RSA) - { - BIO_printf(out," RSA Public Key: (%d bit)\n", - BN_num_bits(pkey->pkey.rsa->n)); - RSA_print(out,pkey->pkey.rsa,2); - } - else -#endif -#ifndef OPENSSL_NO_DSA - if (pkey->type == EVP_PKEY_DSA) - { - BIO_printf(out," DSA Public Key:\n"); - DSA_print(out,pkey->pkey.dsa,2); - } - else -#endif - BIO_printf(out," Unknown Public Key:\n"); + EVP_PKEY_print_public(out, pkey, 4, NULL); EVP_PKEY_free(pkey); } chal = spki->spkac->challenge; - if(chal->length) + if (chal->length) BIO_printf(out, " Challenge String: %s\n", chal->data); - i=OBJ_obj2nid(spki->sig_algor->algorithm); - BIO_printf(out," Signature Algorithm: %s", - (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)); + i = OBJ_obj2nid(spki->sig_algor->algorithm); + BIO_printf(out, " Signature Algorithm: %s", + (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i)); - n=spki->signature->length; - s=(char *)spki->signature->data; - for (i=0; isignature->length; + s = (char *)spki->signature->data; + for (i = 0; i < n; i++) { + if ((i % 18) == 0) + BIO_write(out, "\n ", 7); + BIO_printf(out, "%02x%s", (unsigned char)s[i], + ((i + 1) == n) ? "" : ":"); + } + BIO_write(out, "\n", 1); return 1; } diff --git a/src/lib/libcrypto/asn1/t_x509.c b/src/lib/libcrypto/asn1/t_x509.c index 5de4833ed05..e287a6cf6a4 100644 --- a/src/lib/libcrypto/asn1/t_x509.c +++ b/src/lib/libcrypto/asn1/t_x509.c @@ -1,25 +1,25 @@ -/* crypto/asn1/t_x509.c */ +/* $OpenBSD: t_x509.c,v 1.31 2018/05/18 18:23:24 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,205 +57,199 @@ */ #include -#include "cryptlib.h" -#include + +#include + #include -#ifndef OPENSSL_NO_RSA -#include -#endif -#ifndef OPENSSL_NO_DSA -#include -#endif +#include +#include #include #include #include -#ifndef OPENSSL_NO_FP_API -int X509_print_fp(FILE *fp, X509 *x) - { +#ifndef OPENSSL_NO_DSA +#include +#endif +#ifndef OPENSSL_NO_EC +#include +#endif +#ifndef OPENSSL_NO_RSA +#include +#endif + +#include "asn1_locl.h" + +int +X509_print_fp(FILE *fp, X509 *x) +{ return X509_print_ex_fp(fp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT); - } +} -int X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag, unsigned long cflag) - { - BIO *b; - int ret; +int +X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag, unsigned long cflag) +{ + BIO *b; + int ret; - if ((b=BIO_new(BIO_s_file())) == NULL) - { - X509err(X509_F_X509_PRINT_FP,ERR_R_BUF_LIB); - return(0); - } - BIO_set_fp(b,fp,BIO_NOCLOSE); - ret=X509_print_ex(b, x, nmflag, cflag); - BIO_free(b); - return(ret); - } -#endif + if ((b = BIO_new(BIO_s_file())) == NULL) { + X509error(ERR_R_BUF_LIB); + return (0); + } + BIO_set_fp(b, fp, BIO_NOCLOSE); + ret = X509_print_ex(b, x, nmflag, cflag); + BIO_free(b); + return (ret); +} -int X509_print(BIO *bp, X509 *x) +int +X509_print(BIO *bp, X509 *x) { return X509_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT); } -int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag) - { +int +X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag) +{ long l; - int ret=0,i; - char *m=NULL,mlch = ' '; + int ret = 0, i; + char *m = NULL, mlch = ' '; int nmindent = 0; X509_CINF *ci; ASN1_INTEGER *bs; - EVP_PKEY *pkey=NULL; + EVP_PKEY *pkey = NULL; const char *neg; - ASN1_STRING *str=NULL; - if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) { - mlch = '\n'; - nmindent = 12; + if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) { + mlch = '\n'; + nmindent = 12; } - if(nmflags == X509_FLAG_COMPAT) + if (nmflags == X509_FLAG_COMPAT) nmindent = 16; - ci=x->cert_info; - if(!(cflag & X509_FLAG_NO_HEADER)) - { - if (BIO_write(bp,"Certificate:\n",13) <= 0) goto err; - if (BIO_write(bp," Data:\n",10) <= 0) goto err; - } - if(!(cflag & X509_FLAG_NO_VERSION)) - { - l=X509_get_version(x); - if (BIO_printf(bp,"%8sVersion: %lu (0x%lx)\n","",l+1,l) <= 0) goto err; - } - if(!(cflag & X509_FLAG_NO_SERIAL)) - { - - if (BIO_write(bp," Serial Number:",22) <= 0) goto err; - - bs=X509_get_serialNumber(x); - if (bs->length <= 4) - { - l=ASN1_INTEGER_get(bs); - if (l < 0) - { - l= -l; - neg="-"; - } - else - neg=""; - if (BIO_printf(bp," %s%lu (%s0x%lx)\n",neg,l,neg,l) <= 0) + ci = x->cert_info; + if (!(cflag & X509_FLAG_NO_HEADER)) { + if (BIO_write(bp, "Certificate:\n", 13) <= 0) + goto err; + if (BIO_write(bp, " Data:\n", 10) <= 0) + goto err; + } + if (!(cflag & X509_FLAG_NO_VERSION)) { + l = X509_get_version(x); + if (BIO_printf(bp, "%8sVersion: %lu (0x%lx)\n", + "", l + 1, l) <= 0) + goto err; + } + if (!(cflag & X509_FLAG_NO_SERIAL)) { + if (BIO_write(bp, " Serial Number:", 22) <= 0) + goto err; + + bs = X509_get_serialNumber(x); + if (bs->length <= (int)sizeof(long)) { + l = ASN1_INTEGER_get(bs); + if (bs->type == V_ASN1_NEG_INTEGER) { + l = -l; + neg = "-"; + } else + neg = ""; + if (BIO_printf(bp, " %s%lu (%s0x%lx)\n", + neg, l, neg, l) <= 0) goto err; - } - else - { - neg=(bs->type == V_ASN1_NEG_INTEGER)?" (Negative)":""; - if (BIO_printf(bp,"\n%12s%s","",neg) <= 0) goto err; - - for (i=0; ilength; i++) - { - if (BIO_printf(bp,"%02x%c",bs->data[i], - ((i+1 == bs->length)?'\n':':')) <= 0) + } else { + neg = (bs->type == V_ASN1_NEG_INTEGER) ? + " (Negative)" : ""; + if (BIO_printf(bp, "\n%12s%s", "", neg) <= 0) + goto err; + for (i = 0; i < bs->length; i++) { + if (BIO_printf(bp, "%02x%c", bs->data[i], + ((i + 1 == bs->length) ? '\n' : ':')) <= 0) goto err; - } } - } - if(!(cflag & X509_FLAG_NO_SIGNAME)) - { - if (BIO_printf(bp,"%8sSignature Algorithm: ","") <= 0) + } + + if (!(cflag & X509_FLAG_NO_SIGNAME)) { + if (X509_signature_print(bp, x->sig_alg, NULL) <= 0) goto err; - if (i2a_ASN1_OBJECT(bp, ci->signature->algorithm) <= 0) + } + + if (!(cflag & X509_FLAG_NO_ISSUER)) { + if (BIO_printf(bp, " Issuer:%c", mlch) <= 0) goto err; - if (BIO_puts(bp, "\n") <= 0) + if (X509_NAME_print_ex(bp, X509_get_issuer_name(x), + nmindent, nmflags) < 0) goto err; - } - - if(!(cflag & X509_FLAG_NO_ISSUER)) - { - if (BIO_printf(bp," Issuer:%c",mlch) <= 0) goto err; - if (X509_NAME_print_ex(bp,X509_get_issuer_name(x),nmindent, nmflags) < 0) goto err; - if (BIO_write(bp,"\n",1) <= 0) goto err; - } - if(!(cflag & X509_FLAG_NO_VALIDITY)) - { - if (BIO_write(bp," Validity\n",17) <= 0) goto err; - if (BIO_write(bp," Not Before: ",24) <= 0) goto err; - if (!ASN1_TIME_print(bp,X509_get_notBefore(x))) goto err; - if (BIO_write(bp,"\n Not After : ",25) <= 0) goto err; - if (!ASN1_TIME_print(bp,X509_get_notAfter(x))) goto err; - if (BIO_write(bp,"\n",1) <= 0) goto err; - } - if(!(cflag & X509_FLAG_NO_SUBJECT)) - { - if (BIO_printf(bp," Subject:%c",mlch) <= 0) goto err; - if (X509_NAME_print_ex(bp,X509_get_subject_name(x),nmindent, nmflags) < 0) goto err; - if (BIO_write(bp,"\n",1) <= 0) goto err; - } - if(!(cflag & X509_FLAG_NO_PUBKEY)) - { - if (BIO_write(bp," Subject Public Key Info:\n",33) <= 0) + if (BIO_write(bp, "\n", 1) <= 0) + goto err; + } + if (!(cflag & X509_FLAG_NO_VALIDITY)) { + if (BIO_write(bp, " Validity\n", 17) <= 0) + goto err; + if (BIO_write(bp, " Not Before: ", 24) <= 0) + goto err; + if (!ASN1_TIME_print(bp, X509_get_notBefore(x))) + goto err; + if (BIO_write(bp, "\n Not After : ", 25) <= 0) + goto err; + if (!ASN1_TIME_print(bp, X509_get_notAfter(x))) goto err; - if (BIO_printf(bp,"%12sPublic Key Algorithm: ","") <= 0) + if (BIO_write(bp, "\n", 1) <= 0) + goto err; + } + if (!(cflag & X509_FLAG_NO_SUBJECT)) { + if (BIO_printf(bp, " Subject:%c", mlch) <= 0) + goto err; + if (X509_NAME_print_ex(bp, X509_get_subject_name(x), + nmindent, nmflags) < 0) + goto err; + if (BIO_write(bp, "\n", 1) <= 0) + goto err; + } + if (!(cflag & X509_FLAG_NO_PUBKEY)) { + if (BIO_write(bp, " Subject Public Key Info:\n", + 33) <= 0) + goto err; + if (BIO_printf(bp, "%12sPublic Key Algorithm: ", "") <= 0) goto err; if (i2a_ASN1_OBJECT(bp, ci->key->algor->algorithm) <= 0) goto err; if (BIO_puts(bp, "\n") <= 0) goto err; - pkey=X509_get_pubkey(x); - if (pkey == NULL) - { - BIO_printf(bp,"%12sUnable to load Public Key\n",""); + pkey = X509_get_pubkey(x); + if (pkey == NULL) { + BIO_printf(bp, "%12sUnable to load Public Key\n", ""); ERR_print_errors(bp); - } - else -#ifndef OPENSSL_NO_RSA - if (pkey->type == EVP_PKEY_RSA) - { - BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","", - BN_num_bits(pkey->pkey.rsa->n)); - RSA_print(bp,pkey->pkey.rsa,16); - } - else -#endif -#ifndef OPENSSL_NO_DSA - if (pkey->type == EVP_PKEY_DSA) - { - BIO_printf(bp,"%12sDSA Public Key:\n",""); - DSA_print(bp,pkey->pkey.dsa,16); - } - else -#endif - BIO_printf(bp,"%12sUnknown Public Key:\n",""); - - EVP_PKEY_free(pkey); + } else { + EVP_PKEY_print_public(bp, pkey, 16, NULL); + EVP_PKEY_free(pkey); } + } if (!(cflag & X509_FLAG_NO_EXTENSIONS)) X509V3_extensions_print(bp, "X509v3 extensions", - ci->extensions, cflag, 8); + ci->extensions, cflag, 8); - if(!(cflag & X509_FLAG_NO_SIGDUMP)) - { - if(X509_signature_print(bp, x->sig_alg, x->signature) <= 0) goto err; - } - if(!(cflag & X509_FLAG_NO_AUX)) - { - if (!X509_CERT_AUX_print(bp, x->aux, 0)) goto err; - } - ret=1; -err: - if (str != NULL) ASN1_STRING_free(str); - if (m != NULL) OPENSSL_free(m); - return(ret); + if (!(cflag & X509_FLAG_NO_SIGDUMP)) { + if (X509_signature_print(bp, x->sig_alg, x->signature) <= 0) + goto err; } + if (!(cflag & X509_FLAG_NO_AUX)) { + if (!X509_CERT_AUX_print(bp, x->aux, 0)) + goto err; + } + ret = 1; -int X509_ocspid_print (BIO *bp, X509 *x) - { - unsigned char *der=NULL ; +err: + free(m); + return (ret); +} + +int +X509_ocspid_print(BIO *bp, X509 *x) +{ + unsigned char *der = NULL; unsigned char *dertmp; int derlen; int i; @@ -263,240 +257,282 @@ int X509_ocspid_print (BIO *bp, X509 *x) /* display the hash of the subject as it would appear in OCSP requests */ - if (BIO_printf(bp," Subject OCSP hash: ") <= 0) + if (BIO_printf(bp, " Subject OCSP hash: ") <= 0) goto err; derlen = i2d_X509_NAME(x->cert_info->subject, NULL); - if ((der = dertmp = (unsigned char *)OPENSSL_malloc (derlen)) == NULL) + if ((der = dertmp = malloc(derlen)) == NULL) goto err; i2d_X509_NAME(x->cert_info->subject, &dertmp); - EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL); - for (i=0; i < SHA_DIGEST_LENGTH; i++) - { - if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0) goto err; - } - OPENSSL_free (der); - der=NULL; + if (!EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL)) + goto err; + for (i = 0; i < SHA_DIGEST_LENGTH; i++) { + if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0) + goto err; + } + free (der); + der = NULL; /* display the hash of the public key as it would appear in OCSP requests */ - if (BIO_printf(bp,"\n Public key OCSP hash: ") <= 0) + if (BIO_printf(bp, "\n Public key OCSP hash: ") <= 0) goto err; - EVP_Digest(x->cert_info->key->public_key->data, - x->cert_info->key->public_key->length, SHA1md, NULL, EVP_sha1(), NULL); - for (i=0; i < SHA_DIGEST_LENGTH; i++) - { - if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0) + if (!EVP_Digest(x->cert_info->key->public_key->data, + x->cert_info->key->public_key->length, + SHA1md, NULL, EVP_sha1(), NULL)) + goto err; + for (i = 0; i < SHA_DIGEST_LENGTH; i++) { + if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0) goto err; - } - BIO_printf(bp,"\n"); + } + BIO_printf(bp, "\n"); return (1); + err: - if (der != NULL) OPENSSL_free(der); - return(0); - } + free(der); + return (0); +} -int X509_signature_print(BIO *bp, X509_ALGOR *sigalg, ASN1_STRING *sig) +int +X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent) { - unsigned char *s; + const unsigned char *s; int i, n; - if (BIO_puts(bp," Signature Algorithm: ") <= 0) return 0; - if (i2a_ASN1_OBJECT(bp, sigalg->algorithm) <= 0) return 0; - - n=sig->length; - s=sig->data; - for (i=0; ilength; + s = sig->data; + for (i = 0; i < n; i++) { + if ((i % 18) == 0) { + if (BIO_write(bp, "\n", 1) <= 0) + return 0; + if (BIO_indent(bp, indent, indent) <= 0) + return 0; } - if (BIO_write(bp,"\n",1) != 1) return 0; + if (BIO_printf(bp, "%02x%s", s[i], + ((i + 1) == n) ? "" : ":") <= 0) + return 0; + } + if (BIO_write(bp, "\n", 1) != 1) + return 0; + return 1; } -int ASN1_STRING_print(BIO *bp, ASN1_STRING *v) - { - int i,n; - char buf[80],*p;; +int +X509_signature_print(BIO *bp, const X509_ALGOR *sigalg, const ASN1_STRING *sig) +{ + int sig_nid; + if (BIO_puts(bp, " Signature Algorithm: ") <= 0) + return 0; + if (i2a_ASN1_OBJECT(bp, sigalg->algorithm) <= 0) + return 0; + + sig_nid = OBJ_obj2nid(sigalg->algorithm); + if (sig_nid != NID_undef) { + int pkey_nid, dig_nid; + const EVP_PKEY_ASN1_METHOD *ameth; + if (OBJ_find_sigid_algs(sig_nid, &dig_nid, &pkey_nid)) { + ameth = EVP_PKEY_asn1_find(NULL, pkey_nid); + if (ameth && ameth->sig_print) + return ameth->sig_print(bp, sigalg, sig, 9, 0); + } + } + if (sig) + return X509_signature_dump(bp, sig, 9); + else if (BIO_puts(bp, "\n") <= 0) + return 0; + return 1; +} - if (v == NULL) return(0); - n=0; - p=(char *)v->data; - for (i=0; ilength; i++) - { +int +ASN1_STRING_print(BIO *bp, const ASN1_STRING *v) +{ + int i, n; + char buf[80]; + const char *p; + + if (v == NULL) + return (0); + n = 0; + p = (const char *)v->data; + for (i = 0; i < v->length; i++) { if ((p[i] > '~') || ((p[i] < ' ') && - (p[i] != '\n') && (p[i] != '\r'))) - buf[n]='.'; + (p[i] != '\n') && (p[i] != '\r'))) + buf[n] = '.'; else - buf[n]=p[i]; + buf[n] = p[i]; n++; - if (n >= 80) - { - if (BIO_write(bp,buf,n) <= 0) - return(0); - n=0; - } + if (n >= 80) { + if (BIO_write(bp, buf, n) <= 0) + return (0); + n = 0; } - if (n > 0) - if (BIO_write(bp,buf,n) <= 0) - return(0); - return(1); } + if (n > 0) + if (BIO_write(bp, buf, n) <= 0) + return (0); + return (1); +} -int ASN1_TIME_print(BIO *bp, ASN1_TIME *tm) +int +ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm) { - if(tm->type == V_ASN1_UTCTIME) return ASN1_UTCTIME_print(bp, tm); - if(tm->type == V_ASN1_GENERALIZEDTIME) - return ASN1_GENERALIZEDTIME_print(bp, tm); - BIO_write(bp,"Bad time value",14); - return(0); + if (tm->type == V_ASN1_UTCTIME) + return ASN1_UTCTIME_print(bp, tm); + if (tm->type == V_ASN1_GENERALIZEDTIME) + return ASN1_GENERALIZEDTIME_print(bp, tm); + BIO_write(bp, "Bad time value", 14); + return (0); } -static const char *mon[12]= - { - "Jan","Feb","Mar","Apr","May","Jun", - "Jul","Aug","Sep","Oct","Nov","Dec" - }; +static const char *mon[12] = { + "Jan", "Feb", "Mar", "Apr", "May", "Jun", + "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" +}; -int ASN1_GENERALIZEDTIME_print(BIO *bp, ASN1_GENERALIZEDTIME *tm) - { +int +ASN1_GENERALIZEDTIME_print(BIO *bp, const ASN1_GENERALIZEDTIME *tm) +{ char *v; - int gmt=0; + int gmt = 0; int i; - int y=0,M=0,d=0,h=0,m=0,s=0; - - i=tm->length; - v=(char *)tm->data; - - if (i < 12) goto err; - if (v[i-1] == 'Z') gmt=1; - for (i=0; i<12; i++) - if ((v[i] > '9') || (v[i] < '0')) goto err; - y= (v[0]-'0')*1000+(v[1]-'0')*100 + (v[2]-'0')*10+(v[3]-'0'); - M= (v[4]-'0')*10+(v[5]-'0'); - if ((M > 12) || (M < 1)) goto err; - d= (v[6]-'0')*10+(v[7]-'0'); - h= (v[8]-'0')*10+(v[9]-'0'); - m= (v[10]-'0')*10+(v[11]-'0'); - if ( (v[12] >= '0') && (v[12] <= '9') && - (v[13] >= '0') && (v[13] <= '9')) - s= (v[12]-'0')*10+(v[13]-'0'); - - if (BIO_printf(bp,"%s %2d %02d:%02d:%02d %d%s", - mon[M-1],d,h,m,s,y,(gmt)?" GMT":"") <= 0) - return(0); + int y = 0, M = 0, d = 0, h = 0, m = 0, s = 0; + char *f = ""; + int f_len = 0; + + i = tm->length; + v = (char *)tm->data; + + if (i < 12) + goto err; + if (v[i-1] == 'Z') + gmt = 1; + for (i = 0; i < 12; i++) + if ((v[i] > '9') || (v[i] < '0')) + goto err; + y = (v[0] - '0') * 1000 + (v[1] - '0') * 100 + + (v[2] - '0') * 10 + (v[3] - '0'); + M = (v[4] - '0') * 10 + (v[5] - '0'); + if ((M > 12) || (M < 1)) + goto err; + d = (v[6] - '0') * 10 + (v[7] - '0'); + h = (v[8] - '0') * 10 + (v[9] - '0'); + m = (v[10] - '0') * 10 + (v[11] - '0'); + if (tm->length >= 14 && + (v[12] >= '0') && (v[12] <= '9') && + (v[13] >= '0') && (v[13] <= '9')) { + s = (v[12] - '0') * 10 + (v[13] - '0'); + /* Check for fractions of seconds. */ + if (tm->length >= 15 && v[14] == '.') { + int l = tm->length; + f = &v[14]; /* The decimal point. */ + f_len = 1; + while (14 + f_len < l && f[f_len] >= '0' && + f[f_len] <= '9') + ++f_len; + } + } + + if (BIO_printf(bp, "%s %2d %02d:%02d:%02d%.*s %d%s", + mon[M - 1], d, h, m, s, f_len, f, y, (gmt) ? " GMT" : "") <= 0) + return (0); else - return(1); + return (1); + err: - BIO_write(bp,"Bad time value",14); - return(0); - } + BIO_write(bp, "Bad time value", 14); + return (0); +} -int ASN1_UTCTIME_print(BIO *bp, ASN1_UTCTIME *tm) - { - char *v; - int gmt=0; +int +ASN1_UTCTIME_print(BIO *bp, const ASN1_UTCTIME *tm) +{ + const char *v; + int gmt = 0; int i; - int y=0,M=0,d=0,h=0,m=0,s=0; - - i=tm->length; - v=(char *)tm->data; - - if (i < 10) goto err; - if (v[i-1] == 'Z') gmt=1; - for (i=0; i<10; i++) - if ((v[i] > '9') || (v[i] < '0')) goto err; - y= (v[0]-'0')*10+(v[1]-'0'); - if (y < 50) y+=100; - M= (v[2]-'0')*10+(v[3]-'0'); - if ((M > 12) || (M < 1)) goto err; - d= (v[4]-'0')*10+(v[5]-'0'); - h= (v[6]-'0')*10+(v[7]-'0'); - m= (v[8]-'0')*10+(v[9]-'0'); - if ( (v[10] >= '0') && (v[10] <= '9') && - (v[11] >= '0') && (v[11] <= '9')) - s= (v[10]-'0')*10+(v[11]-'0'); - - if (BIO_printf(bp,"%s %2d %02d:%02d:%02d %d%s", - mon[M-1],d,h,m,s,y+1900,(gmt)?" GMT":"") <= 0) - return(0); + int y = 0, M = 0, d = 0, h = 0, m = 0, s = 0; + + i = tm->length; + v = (const char *)tm->data; + + if (i < 10) + goto err; + if (v[i-1] == 'Z') + gmt = 1; + for (i = 0; i < 10; i++) + if ((v[i] > '9') || (v[i] < '0')) + goto err; + y = (v[0] - '0') * 10 + (v[1] - '0'); + if (y < 50) + y += 100; + M = (v[2] - '0') * 10 + (v[3] - '0'); + if ((M > 12) || (M < 1)) + goto err; + d = (v[4] - '0') * 10 + (v[5] - '0'); + h = (v[6] - '0') * 10 + (v[7] - '0'); + m = (v[8] - '0') * 10 + (v[9] - '0'); + if (tm->length >=12 && + (v[10] >= '0') && (v[10] <= '9') && + (v[11] >= '0') && (v[11] <= '9')) + s = (v[10] - '0') * 10 + (v[11] - '0'); + + if (BIO_printf(bp, "%s %2d %02d:%02d:%02d %d%s", + mon[M - 1], d, h, m, s, y + 1900, (gmt) ? " GMT" : "") <= 0) + return (0); else - return(1); + return (1); + err: - BIO_write(bp,"Bad time value",14); - return(0); - } + BIO_write(bp, "Bad time value", 14); + return (0); +} -int X509_NAME_print(BIO *bp, X509_NAME *name, int obase) - { - char *s,*c; - int ret=0,l,ll,i,first=1; - char buf[256]; +int +X509_NAME_print(BIO *bp, const X509_NAME *name, int obase) +{ + char *s, *c, *b; + int ret = 0, l, i; - ll=80-2-obase; + l = 80 - 2 - obase; - s=X509_NAME_oneline(name,buf,256); - if (!*s) + b = X509_NAME_oneline(name, NULL, 0); + if (b == NULL) + return 0; + if (*b == '\0') { + free(b); return 1; - s++; /* skip the first slash */ - - l=ll; - c=s; - for (;;) - { -#ifndef CHARSET_EBCDIC - if ( ((*s == '/') && - ((s[1] >= 'A') && (s[1] <= 'Z') && ( - (s[2] == '=') || - ((s[2] >= 'A') && (s[2] <= 'Z') && - (s[3] == '=')) - ))) || - (*s == '\0')) -#else - if ( ((*s == '/') && - (isupper(s[1]) && ( - (s[2] == '=') || - (isupper(s[2]) && - (s[3] == '=')) - ))) || - (*s == '\0')) -#endif - { - if ((l <= 0) && !first) - { - first=0; - if (BIO_write(bp,"\n",1) != 1) goto err; - for (i=0; i= 'A') && (s[1] <= 'Z') && + ((s[2] == '=') || ((s[2] >= 'A') && (s[2] <= 'Z') && + (s[3] == '='))))) || (*s == '\0')) { + i = s - c; + if (BIO_write(bp, c, i) != i) + goto err; + c = s + 1; /* skip following slash */ + if (*s != '\0') { + if (BIO_write(bp, ", ", 2) != 2) + goto err; } - if (*s == '\0') break; + l--; + } + if (*s == '\0') + break; s++; l--; - } - - ret=1; - if (0) - { -err: - X509err(X509_F_X509_NAME_PRINT,ERR_R_BUF_LIB); - } - return(ret); } + ret = 1; + if (0) { +err: + X509error(ERR_R_BUF_LIB); + } + free(b); + return (ret); +} diff --git a/src/lib/libcrypto/asn1/t_x509a.c b/src/lib/libcrypto/asn1/t_x509a.c index 7d4a6e60843..fd68211b849 100644 --- a/src/lib/libcrypto/asn1/t_x509a.c +++ b/src/lib/libcrypto/asn1/t_x509a.c @@ -1,5 +1,5 @@ -/* t_x509a.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: t_x509a.c,v 1.8 2014/07/11 08:44:47 jsing Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,54 +57,62 @@ */ #include -#include "cryptlib.h" -#include + #include +#include #include /* X509_CERT_AUX and string set routines */ -int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent) +int +X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent) { char oidstr[80], first; int i; - if(!aux) return 1; - if(aux->trust) { + if (!aux) + return 1; + if (aux->trust) { first = 1; BIO_printf(out, "%*sTrusted Uses:\n%*s", - indent, "", indent + 2, ""); - for(i = 0; i < sk_ASN1_OBJECT_num(aux->trust); i++) { - if(!first) BIO_puts(out, ", "); - else first = 0; - OBJ_obj2txt(oidstr, 80, - sk_ASN1_OBJECT_value(aux->trust, i), 0); + indent, "", indent + 2, ""); + for (i = 0; i < sk_ASN1_OBJECT_num(aux->trust); i++) { + if (!first) + BIO_puts(out, ", "); + else + first = 0; + OBJ_obj2txt(oidstr, sizeof oidstr, + sk_ASN1_OBJECT_value(aux->trust, i), 0); BIO_puts(out, oidstr); } BIO_puts(out, "\n"); - } else BIO_printf(out, "%*sNo Trusted Uses.\n", indent, ""); - if(aux->reject) { + } else + BIO_printf(out, "%*sNo Trusted Uses.\n", indent, ""); + if (aux->reject) { first = 1; BIO_printf(out, "%*sRejected Uses:\n%*s", - indent, "", indent + 2, ""); - for(i = 0; i < sk_ASN1_OBJECT_num(aux->reject); i++) { - if(!first) BIO_puts(out, ", "); - else first = 0; - OBJ_obj2txt(oidstr, 80, - sk_ASN1_OBJECT_value(aux->reject, i), 0); + indent, "", indent + 2, ""); + for (i = 0; i < sk_ASN1_OBJECT_num(aux->reject); i++) { + if (!first) + BIO_puts(out, ", "); + else + first = 0; + OBJ_obj2txt(oidstr, sizeof oidstr, + sk_ASN1_OBJECT_value(aux->reject, i), 0); BIO_puts(out, oidstr); } BIO_puts(out, "\n"); - } else BIO_printf(out, "%*sNo Rejected Uses.\n", indent, ""); - if(aux->alias) BIO_printf(out, "%*sAlias: %s\n", indent, "", - aux->alias->data); - if(aux->keyid) { + } else + BIO_printf(out, "%*sNo Rejected Uses.\n", indent, ""); + if (aux->alias) + BIO_printf(out, "%*sAlias: %s\n", indent, "", + aux->alias->data); + if (aux->keyid) { BIO_printf(out, "%*sKey Id: ", indent, ""); - for(i = 0; i < aux->keyid->length; i++) - BIO_printf(out, "%s%02X", - i ? ":" : "", - aux->keyid->data[i]); - BIO_write(out,"\n",1); + for (i = 0; i < aux->keyid->length; i++) + BIO_printf(out, "%s%02X", i ? ":" : "", + aux->keyid->data[i]); + BIO_write(out, "\n", 1); } return 1; } diff --git a/src/lib/libcrypto/asn1/tasn_dec.c b/src/lib/libcrypto/asn1/tasn_dec.c index 0fc1f421e28..3a27b82288f 100644 --- a/src/lib/libcrypto/asn1/tasn_dec.c +++ b/src/lib/libcrypto/asn1/tasn_dec.c @@ -1,16 +1,16 @@ -/* tasn_dec.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: tasn_dec.c,v 1.36 2018/09/17 18:18:01 tb Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -65,63 +65,90 @@ #include #include -static int asn1_check_eoc(unsigned char **in, long len); -static int asn1_collect(BUF_MEM *buf, unsigned char **in, long len, char inf, int tag, int aclass); -static int collect_data(BUF_MEM *buf, unsigned char **p, long plen); -static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, char *inf, char *cst, - unsigned char **in, long len, int exptag, int expclass, char opt, ASN1_TLC *ctx); -static int asn1_template_ex_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_TEMPLATE *tt, char opt, ASN1_TLC *ctx); -static int asn1_template_noexp_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_TEMPLATE *tt, char opt, ASN1_TLC *ctx); -static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, unsigned char **in, long len, - const ASN1_ITEM *it, int tag, int aclass, char opt, ASN1_TLC *ctx); +/* Constructed types with a recursive definition (such as can be found in PKCS7) + * could eventually exceed the stack given malicious input with excessive + * recursion. Therefore we limit the stack depth. + */ +#define ASN1_MAX_CONSTRUCTED_NEST 30 + +static int asn1_check_eoc(const unsigned char **in, long len); +static int asn1_find_end(const unsigned char **in, long len, char inf); + +static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, + char inf, int tag, int aclass, int depth); + +static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen); + +static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, + char *inf, char *cst, const unsigned char **in, long len, int exptag, + int expclass, char opt, ASN1_TLC *ctx); + +static int asn1_template_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, + long len, const ASN1_TEMPLATE *tt, char opt, ASN1_TLC *ctx, int depth); +static int asn1_template_noexp_d2i(ASN1_VALUE **val, const unsigned char **in, + long len, const ASN1_TEMPLATE *tt, char opt, ASN1_TLC *ctx, int depth); +static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, const unsigned char **in, + long len, const ASN1_ITEM *it, int tag, int aclass, char opt, + ASN1_TLC *ctx); /* Table to convert tags to bit values, used for MSTRING type */ -static unsigned long tag2bit[32]={ -0, 0, 0, B_ASN1_BIT_STRING, /* tags 0 - 3 */ -B_ASN1_OCTET_STRING, 0, 0, B_ASN1_UNKNOWN,/* tags 4- 7 */ -B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN,/* tags 8-11 */ -B_ASN1_UTF8STRING,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,/* tags 12-15 */ -0, 0, B_ASN1_NUMERICSTRING,B_ASN1_PRINTABLESTRING, /* tags 16-19 */ -B_ASN1_T61STRING,B_ASN1_VIDEOTEXSTRING,B_ASN1_IA5STRING, /* tags 20-22 */ -B_ASN1_UTCTIME, B_ASN1_GENERALIZEDTIME, /* tags 23-24 */ -B_ASN1_GRAPHICSTRING,B_ASN1_ISO64STRING,B_ASN1_GENERALSTRING, /* tags 25-27 */ -B_ASN1_UNIVERSALSTRING,B_ASN1_UNKNOWN,B_ASN1_BMPSTRING,B_ASN1_UNKNOWN, /* tags 28-31 */ - }; - -unsigned long ASN1_tag2bit(int tag) +static const unsigned long tag2bit[32] = { + 0, 0, 0, B_ASN1_BIT_STRING, /* tags 0 - 3 */ + B_ASN1_OCTET_STRING, 0, 0, B_ASN1_UNKNOWN,/* tags 4- 7 */ + B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN,/* tags 8-11 */ + B_ASN1_UTF8STRING,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,/* tags 12-15 */ + B_ASN1_SEQUENCE,0,B_ASN1_NUMERICSTRING,B_ASN1_PRINTABLESTRING, /* tags 16-19 */ + B_ASN1_T61STRING,B_ASN1_VIDEOTEXSTRING,B_ASN1_IA5STRING, /* tags 20-22 */ + B_ASN1_UTCTIME, B_ASN1_GENERALIZEDTIME, /* tags 23-24 */ + B_ASN1_GRAPHICSTRING,B_ASN1_ISO64STRING,B_ASN1_GENERALSTRING, /* tags 25-27 */ + B_ASN1_UNIVERSALSTRING,B_ASN1_UNKNOWN,B_ASN1_BMPSTRING,B_ASN1_UNKNOWN, /* tags 28-31 */ +}; + +unsigned long +ASN1_tag2bit(int tag) { - if((tag < 0) || (tag > 30)) return 0; + if ((tag < 0) || (tag > 30)) + return 0; return tag2bit[tag]; } /* Macro to initialize and invalidate the cache */ -#define asn1_tlc_clear(c) if(c) (c)->valid = 0 +#define asn1_tlc_clear(c) if (c) (c)->valid = 0 +/* Version to avoid compiler warning about 'c' always non-NULL */ +#define asn1_tlc_clear_nc(c) (c)->valid = 0 -/* Decode an ASN1 item, this currently behaves just - * like a standard 'd2i' function. 'in' points to +/* Decode an ASN1 item, this currently behaves just + * like a standard 'd2i' function. 'in' points to * a buffer to read the data from, in future we will * have more advanced versions that can input data * a piece at a time and this will simply be a special * case. */ -ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_ITEM *it) +ASN1_VALUE * +ASN1_item_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, + const ASN1_ITEM *it) { ASN1_TLC c; ASN1_VALUE *ptmpval = NULL; - if(!pval) pval = &ptmpval; - asn1_tlc_clear(&c); - if(ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) + + if (!pval) + pval = &ptmpval; + asn1_tlc_clear_nc(&c); + if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) return *pval; return NULL; } -int ASN1_template_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_TEMPLATE *tt) +int +ASN1_template_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, + const ASN1_TEMPLATE *tt) { ASN1_TLC c; - asn1_tlc_clear(&c); - return asn1_template_ex_d2i(pval, in, len, tt, 0, &c); + + asn1_tlc_clear_nc(&c); + return asn1_template_ex_d2i(pval, in, len, tt, 0, &c, 0); } @@ -129,212 +156,216 @@ int ASN1_template_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN * If 'opt' set and tag mismatch return -1 to handle OPTIONAL */ -int ASN1_item_ex_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_ITEM *it, - int tag, int aclass, char opt, ASN1_TLC *ctx) +static int +asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, + const ASN1_ITEM *it, int tag, int aclass, char opt, ASN1_TLC *ctx, + int depth) { const ASN1_TEMPLATE *tt, *errtt = NULL; - const ASN1_COMPAT_FUNCS *cf; const ASN1_EXTERN_FUNCS *ef; const ASN1_AUX *aux = it->funcs; - ASN1_aux_cb *asn1_cb; - unsigned char *p, *q, imphack = 0, oclass; + ASN1_aux_cb *asn1_cb = NULL; + const unsigned char *p = NULL, *q; + unsigned char oclass; char seq_eoc, seq_nolen, cst, isopt; long tmplen; int i; int otag; int ret = 0; - ASN1_VALUE *pchval, **pchptr, *ptmpval; - if(!pval) return 0; - if(aux && aux->asn1_cb) asn1_cb = aux->asn1_cb; - else asn1_cb = 0; - - switch(it->itype) { - - case ASN1_ITYPE_PRIMITIVE: - if(it->templates) { - /* tagging or OPTIONAL is currently illegal on an item template - * because the flags can't get passed down. In practice this isn't - * a problem: we include the relevant flags from the item template - * in the template itself. + ASN1_VALUE **pchptr; + int combine; + + combine = aclass & ASN1_TFLG_COMBINE; + aclass &= ~ASN1_TFLG_COMBINE; + + if (!pval) + return 0; + + if (aux && aux->asn1_cb) + asn1_cb = aux->asn1_cb; + + if (++depth > ASN1_MAX_CONSTRUCTED_NEST) { + ASN1error(ASN1_R_NESTED_TOO_DEEP); + goto err; + } + + switch (it->itype) { + case ASN1_ITYPE_PRIMITIVE: + if (it->templates) { + /* tagging or OPTIONAL is currently illegal on an item + * template because the flags can't get passed down. + * In practice this isn't a problem: we include the + * relevant flags from the item template in the + * template itself. */ if ((tag != -1) || opt) { - ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE); + ASN1error(ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE); goto err; } - return asn1_template_ex_d2i(pval, in, len, it->templates, opt, ctx); + return asn1_template_ex_d2i(pval, in, len, + it->templates, opt, ctx, depth); } - return asn1_d2i_ex_primitive(pval, in, len, it, tag, aclass, opt, ctx); + return asn1_d2i_ex_primitive(pval, in, len, it, + tag, aclass, opt, ctx); break; - case ASN1_ITYPE_MSTRING: + case ASN1_ITYPE_MSTRING: p = *in; /* Just read in tag and class */ - ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL, &p, len, -1, 0, 1, ctx); - if(!ret) { - ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); + ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL, + &p, len, -1, 0, 1, ctx); + if (!ret) { + ASN1error(ERR_R_NESTED_ASN1_ERROR); goto err; - } + } + /* Must be UNIVERSAL class */ - if(oclass != V_ASN1_UNIVERSAL) { + if (oclass != V_ASN1_UNIVERSAL) { /* If OPTIONAL, assume this is OK */ - if(opt) return -1; - ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MSTRING_NOT_UNIVERSAL); + if (opt) + return -1; + ASN1error(ASN1_R_MSTRING_NOT_UNIVERSAL); goto err; - } + } /* Check tag matches bit map */ - if(!(ASN1_tag2bit(otag) & it->utype)) { + if (!(ASN1_tag2bit(otag) & it->utype)) { /* If OPTIONAL, assume this is OK */ - if(opt) return -1; - ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MSTRING_WRONG_TAG); + if (opt) + return -1; + ASN1error(ASN1_R_MSTRING_WRONG_TAG); goto err; - } - return asn1_d2i_ex_primitive(pval, in, len, it, otag, 0, 0, ctx); + } + return asn1_d2i_ex_primitive(pval, in, len, + it, otag, 0, 0, ctx); - case ASN1_ITYPE_EXTERN: + case ASN1_ITYPE_EXTERN: /* Use new style d2i */ ef = it->funcs; - return ef->asn1_ex_d2i(pval, in, len, it, tag, aclass, opt, ctx); - - case ASN1_ITYPE_COMPAT: - /* we must resort to old style evil hackery */ - cf = it->funcs; - - /* If OPTIONAL see if it is there */ - if(opt) { - int exptag; - p = *in; - if(tag == -1) exptag = it->utype; - else exptag = tag; - /* Don't care about anything other than presence of expected tag */ - ret = asn1_check_tlen(NULL, NULL, NULL, NULL, NULL, &p, len, exptag, aclass, 1, ctx); - if(!ret) { - ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); - goto err; - } - if(ret == -1) return -1; - } - /* This is the old style evil hack IMPLICIT handling: - * since the underlying code is expecting a tag and - * class other than the one present we change the - * buffer temporarily then change it back afterwards. - * This doesn't and never did work for tags > 30. - * - * Yes this is *horrible* but it is only needed for - * old style d2i which will hopefully not be around - * for much longer. - * FIXME: should copy the buffer then modify it so - * the input buffer can be const: we should *always* - * copy because the old style d2i might modify the - * buffer. - */ - - if(tag != -1) { - p = *in; - imphack = *p; - *p = (unsigned char)((*p & V_ASN1_CONSTRUCTED) | it->utype); - } - - ptmpval = cf->asn1_d2i(pval, in, len); - - if(tag != -1) *p = imphack; - - if(ptmpval) return 1; - ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); - goto err; - - - case ASN1_ITYPE_CHOICE: - if(asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it)) - goto auxerr; - - /* Allocate structure */ - if(!*pval) { - if(!ASN1_item_ex_new(pval, it)) { - ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); - goto err; + return ef->asn1_ex_d2i(pval, in, len, + it, tag, aclass, opt, ctx); + + case ASN1_ITYPE_CHOICE: + if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL)) + goto auxerr; + + if (*pval) { + /* Free up and zero CHOICE value if initialised */ + i = asn1_get_choice_selector(pval, it); + if ((i >= 0) && (i < it->tcount)) { + tt = it->templates + i; + pchptr = asn1_get_field_ptr(pval, tt); + ASN1_template_free(pchptr, tt); + asn1_set_choice_selector(pval, -1, it); } + } else if (!ASN1_item_ex_new(pval, it)) { + ASN1error(ERR_R_NESTED_ASN1_ERROR); + goto err; } /* CHOICE type, try each possibility in turn */ - pchval = NULL; p = *in; - for(i = 0, tt=it->templates; i < it->tcount; i++, tt++) { + for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) { pchptr = asn1_get_field_ptr(pval, tt); /* We mark field as OPTIONAL so its absence * can be recognised. */ - ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx); + ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx, + depth); /* If field not present, try the next one */ - if(ret == -1) continue; + if (ret == -1) + continue; /* If positive return, read OK, break loop */ - if(ret > 0) break; + if (ret > 0) + break; /* Otherwise must be an ASN1 parsing error */ errtt = tt; - ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); + ASN1error(ERR_R_NESTED_ASN1_ERROR); goto err; } + /* Did we fall off the end without reading anything? */ - if(i == it->tcount) { + if (i == it->tcount) { /* If OPTIONAL, this is OK */ - if(opt) { + if (opt) { /* Free and zero it */ ASN1_item_ex_free(pval, it); return -1; } - ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_NO_MATCHING_CHOICE_TYPE); + ASN1error(ASN1_R_NO_MATCHING_CHOICE_TYPE); goto err; } + asn1_set_choice_selector(pval, i, it); *in = p; - if(asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it)) - goto auxerr; + if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL)) + goto auxerr; return 1; - case ASN1_ITYPE_SEQUENCE: + case ASN1_ITYPE_NDEF_SEQUENCE: + case ASN1_ITYPE_SEQUENCE: p = *in; tmplen = len; /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */ - if(tag == -1) { + if (tag == -1) { tag = V_ASN1_SEQUENCE; aclass = V_ASN1_UNIVERSAL; } /* Get SEQUENCE length and update len, p */ - ret = asn1_check_tlen(&len, NULL, NULL, &seq_eoc, &cst, &p, len, tag, aclass, opt, ctx); - if(!ret) { - ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); + ret = asn1_check_tlen(&len, NULL, NULL, &seq_eoc, &cst, + &p, len, tag, aclass, opt, ctx); + if (!ret) { + ASN1error(ERR_R_NESTED_ASN1_ERROR); goto err; - } else if(ret == -1) return -1; - if(aux && (aux->flags & ASN1_AFLG_BROKEN)) { + } else if (ret == -1) + return -1; + if (aux && (aux->flags & ASN1_AFLG_BROKEN)) { len = tmplen - (p - *in); seq_nolen = 1; - } else seq_nolen = seq_eoc; /* If indefinite we don't do a length check */ - if(!cst) { - ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_SEQUENCE_NOT_CONSTRUCTED); + } + /* If indefinite we don't do a length check */ + else + seq_nolen = seq_eoc; + if (!cst) { + ASN1error(ASN1_R_SEQUENCE_NOT_CONSTRUCTED); goto err; } - if(!*pval) { - if(!ASN1_item_ex_new(pval, it)) { - ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); - goto err; + if (!*pval && !ASN1_item_ex_new(pval, it)) { + ASN1error(ERR_R_NESTED_ASN1_ERROR); + goto err; + } + + if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL)) + goto auxerr; + + /* Free up and zero any ADB found */ + for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) { + if (tt->flags & ASN1_TFLG_ADB_MASK) { + const ASN1_TEMPLATE *seqtt; + ASN1_VALUE **pseqval; + seqtt = asn1_do_adb(pval, tt, 1); + if (!seqtt) + goto err; + pseqval = asn1_get_field_ptr(pval, seqtt); + ASN1_template_free(pseqval, seqtt); } } - if(asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it)) - goto auxerr; /* Get each field entry */ - for(i = 0, tt = it->templates; i < it->tcount; i++, tt++) { + for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) { const ASN1_TEMPLATE *seqtt; ASN1_VALUE **pseqval; seqtt = asn1_do_adb(pval, tt, 1); - if(!seqtt) goto err; + if (!seqtt) + goto err; pseqval = asn1_get_field_ptr(pval, seqtt); /* Have we ran out of data? */ - if(!len) break; + if (!len) + break; q = p; - if(asn1_check_eoc(&p, len)) { - if(!seq_eoc) { - ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_UNEXPECTED_EOC); + if (asn1_check_eoc(&p, len)) { + if (!seq_eoc) { + ASN1error(ASN1_R_UNEXPECTED_EOC); goto err; } len -= p - q; @@ -342,20 +373,27 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1 q = p; break; } - /* This determines the OPTIONAL flag value. The field cannot - * be omitted if it is the last of a SEQUENCE and there is - * still data to be read. This isn't strictly necessary but - * it increases efficiency in some cases. + /* This determines the OPTIONAL flag value. The field + * cannot be omitted if it is the last of a SEQUENCE + * and there is still data to be read. This isn't + * strictly necessary but it increases efficiency in + * some cases. */ - if(i == (it->tcount - 1)) isopt = 0; - else isopt = (char)(seqtt->flags & ASN1_TFLG_OPTIONAL); - /* attempt to read in field, allowing each to be OPTIONAL */ - ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx); - if(!ret) { + if (i == (it->tcount - 1)) + isopt = 0; + else + isopt = (char)(seqtt->flags & ASN1_TFLG_OPTIONAL); + /* attempt to read in field, allowing each to be + * OPTIONAL */ + + ret = asn1_template_ex_d2i(pseqval, &p, len, + seqtt, isopt, ctx, depth); + if (!ret) { errtt = seqtt; goto err; - } else if(ret == -1) { - /* OPTIONAL component absent. Free and zero the field + } else if (ret == -1) { + /* OPTIONAL component absent. + * Free and zero the field. */ ASN1_template_free(pseqval, seqtt); continue; @@ -363,14 +401,15 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1 /* Update length */ len -= p - q; } + /* Check for EOC if expecting one */ - if(seq_eoc && !asn1_check_eoc(&p, len)) { - ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MISSING_EOC); + if (seq_eoc && !asn1_check_eoc(&p, len)) { + ASN1error(ASN1_R_MISSING_EOC); goto err; } /* Check all data read */ - if(!seq_nolen && len) { - ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_SEQUENCE_LENGTH_MISMATCH); + if (!seq_nolen && len) { + ASN1error(ASN1_R_SEQUENCE_LENGTH_MISMATCH); goto err; } @@ -378,159 +417,195 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1 * however we may not have read all fields so check all * remaining are OPTIONAL and clear any that are. */ - for(; i < it->tcount; tt++, i++) { + for (; i < it->tcount; tt++, i++) { const ASN1_TEMPLATE *seqtt; seqtt = asn1_do_adb(pval, tt, 1); - if(!seqtt) goto err; - if(seqtt->flags & ASN1_TFLG_OPTIONAL) { + if (!seqtt) + goto err; + if (seqtt->flags & ASN1_TFLG_OPTIONAL) { ASN1_VALUE **pseqval; pseqval = asn1_get_field_ptr(pval, seqtt); ASN1_template_free(pseqval, seqtt); } else { errtt = seqtt; - ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_FIELD_MISSING); + ASN1error(ASN1_R_FIELD_MISSING); goto err; } } /* Save encoding */ - if(!asn1_enc_save(pval, *in, p - *in, it)) goto auxerr; + if (!asn1_enc_save(pval, *in, p - *in, it)) { + ASN1error(ERR_R_MALLOC_FAILURE); + goto auxerr; + } *in = p; - if(asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it)) - goto auxerr; + if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL)) + goto auxerr; return 1; - default: + default: return 0; } - auxerr: - ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR); - err: - ASN1_item_ex_free(pval, it); - if(errtt) ERR_add_error_data(4, "Field=", errtt->field_name, ", Type=", it->sname); - else ERR_add_error_data(2, "Type=", it->sname); + +auxerr: + ASN1error(ASN1_R_AUX_ERROR); +err: + if (combine == 0) + ASN1_item_ex_free(pval, it); + if (errtt) + ERR_asprintf_error_data("Field=%s, Type=%s", errtt->field_name, + it->sname); + else + ERR_asprintf_error_data("Type=%s", it->sname); return 0; } -/* Templates are handled with two separate functions. One handles any EXPLICIT tag and the other handles the - * rest. +int +ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, + const ASN1_ITEM *it, int tag, int aclass, char opt, ASN1_TLC *ctx) +{ + return asn1_item_ex_d2i(pval, in, len, it, tag, aclass, opt, ctx, 0); +} + +/* Templates are handled with two separate functions. + * One handles any EXPLICIT tag and the other handles the rest. */ -static int asn1_template_ex_d2i(ASN1_VALUE **val, unsigned char **in, long inlen, const ASN1_TEMPLATE *tt, char opt, ASN1_TLC *ctx) +static int +asn1_template_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long inlen, + const ASN1_TEMPLATE *tt, char opt, ASN1_TLC *ctx, int depth) { int flags, aclass; int ret; long len; - unsigned char *p, *q; + const unsigned char *p, *q; char exp_eoc; - if(!val) return 0; + + if (!val) + return 0; flags = tt->flags; aclass = flags & ASN1_TFLG_TAG_CLASS; p = *in; /* Check if EXPLICIT tag expected */ - if(flags & ASN1_TFLG_EXPTAG) { + if (flags & ASN1_TFLG_EXPTAG) { char cst; - /* Need to work out amount of data available to the inner content and where it - * starts: so read in EXPLICIT header to get the info. + /* Need to work out amount of data available to the inner + * content and where it starts: so read in EXPLICIT header to + * get the info. */ - ret = asn1_check_tlen(&len, NULL, NULL, &exp_eoc, &cst, &p, inlen, tt->tag, aclass, opt, ctx); + ret = asn1_check_tlen(&len, NULL, NULL, &exp_eoc, &cst, + &p, inlen, tt->tag, aclass, opt, ctx); q = p; - if(!ret) { - ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR); + if (!ret) { + ASN1error(ERR_R_NESTED_ASN1_ERROR); return 0; - } else if(ret == -1) return -1; - if(!cst) { - ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED); + } else if (ret == -1) + return -1; + if (!cst) { + ASN1error(ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED); return 0; } /* We've found the field so it can't be OPTIONAL now */ - ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx); - if(!ret) { - ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR); + ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx, depth); + if (!ret) { + ASN1error(ERR_R_NESTED_ASN1_ERROR); return 0; } /* We read the field in OK so update length */ len -= p - q; - if(exp_eoc) { + if (exp_eoc) { /* If NDEF we must have an EOC here */ - if(!asn1_check_eoc(&p, len)) { - ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ASN1_R_MISSING_EOC); + if (!asn1_check_eoc(&p, len)) { + ASN1error(ASN1_R_MISSING_EOC); goto err; } } else { - /* Otherwise we must hit the EXPLICIT tag end or its an error */ - if(len) { - ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ASN1_R_EXPLICIT_LENGTH_MISMATCH); + /* Otherwise we must hit the EXPLICIT tag end or its + * an error */ + if (len) { + ASN1error(ASN1_R_EXPLICIT_LENGTH_MISMATCH); goto err; } } - } else - return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx); + } else + return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx, + depth); *in = p; return 1; - err: +err: ASN1_template_free(val, tt); - *val = NULL; return 0; } -static int asn1_template_noexp_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_TEMPLATE *tt, char opt, ASN1_TLC *ctx) +static int +asn1_template_noexp_d2i(ASN1_VALUE **val, const unsigned char **in, long len, + const ASN1_TEMPLATE *tt, char opt, ASN1_TLC *ctx, int depth) { int flags, aclass; int ret; - unsigned char *p, *q; - if(!val) return 0; + const unsigned char *p, *q; + + if (!val) + return 0; flags = tt->flags; aclass = flags & ASN1_TFLG_TAG_CLASS; p = *in; q = p; - if(flags & ASN1_TFLG_SK_MASK) { + if (flags & ASN1_TFLG_SK_MASK) { /* SET OF, SEQUENCE OF */ int sktag, skaclass; char sk_eoc; /* First work out expected inner tag value */ - if(flags & ASN1_TFLG_IMPTAG) { + if (flags & ASN1_TFLG_IMPTAG) { sktag = tt->tag; skaclass = aclass; } else { skaclass = V_ASN1_UNIVERSAL; - if(flags & ASN1_TFLG_SET_OF) sktag = V_ASN1_SET; - else sktag = V_ASN1_SEQUENCE; + if (flags & ASN1_TFLG_SET_OF) + sktag = V_ASN1_SET; + else + sktag = V_ASN1_SEQUENCE; } /* Get the tag */ - ret = asn1_check_tlen(&len, NULL, NULL, &sk_eoc, NULL, &p, len, sktag, skaclass, opt, ctx); - if(!ret) { - ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR); + ret = asn1_check_tlen(&len, NULL, NULL, &sk_eoc, NULL, + &p, len, sktag, skaclass, opt, ctx); + if (!ret) { + ASN1error(ERR_R_NESTED_ASN1_ERROR); return 0; - } else if(ret == -1) return -1; - if(!*val) *val = (ASN1_VALUE *)sk_new_null(); + } else if (ret == -1) + return -1; + if (!*val) + *val = (ASN1_VALUE *)sk_new_null(); else { /* We've got a valid STACK: free up any items present */ - STACK *sktmp = (STACK *)*val; + STACK_OF(ASN1_VALUE) *sktmp = + (STACK_OF(ASN1_VALUE) *)*val; ASN1_VALUE *vtmp; - while(sk_num(sktmp) > 0) { - vtmp = (ASN1_VALUE *)sk_pop(sktmp); - ASN1_item_ex_free(&vtmp, ASN1_ITEM_ptr(tt->item)); + while (sk_ASN1_VALUE_num(sktmp) > 0) { + vtmp = sk_ASN1_VALUE_pop(sktmp); + ASN1_item_ex_free(&vtmp, + tt->item); } } - - if(!*val) { - ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_MALLOC_FAILURE); + + if (!*val) { + ASN1error(ERR_R_MALLOC_FAILURE); goto err; } + /* Read as many items as we can */ - while(len > 0) { + while (len > 0) { ASN1_VALUE *skfield; q = p; /* See if EOC found */ - if(asn1_check_eoc(&p, len)) { - if(!sk_eoc) { - ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ASN1_R_UNEXPECTED_EOC); + if (asn1_check_eoc(&p, len)) { + if (!sk_eoc) { + ASN1error(ASN1_R_UNEXPECTED_EOC); goto err; } len -= p - q; @@ -538,138 +613,157 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, unsigned char **in, long le break; } skfield = NULL; - if(!ASN1_item_ex_d2i(&skfield, &p, len, ASN1_ITEM_ptr(tt->item), -1, 0, 0, ctx)) { - ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ERR_R_NESTED_ASN1_ERROR); + if (!asn1_item_ex_d2i(&skfield, &p, len, + tt->item, -1, 0, 0, ctx, depth)) { + ASN1error(ERR_R_NESTED_ASN1_ERROR); goto err; } len -= p - q; - if(!sk_push((STACK *)*val, (char *)skfield)) { - ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ERR_R_MALLOC_FAILURE); + if (!sk_ASN1_VALUE_push((STACK_OF(ASN1_VALUE) *)*val, + skfield)) { + ASN1error(ERR_R_MALLOC_FAILURE); goto err; } } - if(sk_eoc) { - ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ASN1_R_MISSING_EOC); + if (sk_eoc) { + ASN1error(ASN1_R_MISSING_EOC); goto err; } - } else if(flags & ASN1_TFLG_IMPTAG) { + } else if (flags & ASN1_TFLG_IMPTAG) { /* IMPLICIT tagging */ - ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt, ctx); - if(!ret) { - ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ERR_R_NESTED_ASN1_ERROR); + ret = asn1_item_ex_d2i(val, &p, len, + tt->item, tt->tag, aclass, opt, ctx, depth); + if (!ret) { + ASN1error(ERR_R_NESTED_ASN1_ERROR); goto err; - } else if(ret == -1) return -1; + } else if (ret == -1) + return -1; } else { /* Nothing special */ - ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), -1, 0, opt, ctx); - if(!ret) { - ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ERR_R_NESTED_ASN1_ERROR); + ret = asn1_item_ex_d2i(val, &p, len, tt->item, + -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx, depth); + if (!ret) { + ASN1error(ERR_R_NESTED_ASN1_ERROR); goto err; - } else if(ret == -1) return -1; + } else if (ret == -1) + return -1; } *in = p; return 1; - err: +err: ASN1_template_free(val, tt); - *val = NULL; return 0; } -static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, unsigned char **in, long inlen, - const ASN1_ITEM *it, - int tag, int aclass, char opt, ASN1_TLC *ctx) +static int +asn1_d2i_ex_primitive(ASN1_VALUE **pval, const unsigned char **in, long inlen, + const ASN1_ITEM *it, int tag, int aclass, char opt, ASN1_TLC *ctx) { int ret = 0, utype; long plen; char cst, inf, free_cont = 0; - unsigned char *p; + const unsigned char *p; BUF_MEM buf; - unsigned char *cont = NULL; - long len; - if(!pval) { - ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_NULL); + const unsigned char *cont = NULL; + long len; + + buf.length = 0; + buf.max = 0; + buf.data = NULL; + + if (!pval) { + ASN1error(ASN1_R_ILLEGAL_NULL); return 0; /* Should never happen */ } - if(it->itype == ASN1_ITYPE_MSTRING) { + if (it->itype == ASN1_ITYPE_MSTRING) { utype = tag; tag = -1; - } else utype = it->utype; + } else + utype = it->utype; - if(utype == V_ASN1_ANY) { + if (utype == V_ASN1_ANY) { /* If type is ANY need to figure out type from tag */ unsigned char oclass; - if(tag >= 0) { - ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_TAGGED_ANY); + if (tag >= 0) { + ASN1error(ASN1_R_ILLEGAL_TAGGED_ANY); return 0; } - if(opt) { - ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_OPTIONAL_ANY); + if (opt) { + ASN1error(ASN1_R_ILLEGAL_OPTIONAL_ANY); return 0; } p = *in; - ret = asn1_check_tlen(NULL, &utype, &oclass, NULL, NULL, &p, inlen, -1, 0, 0, ctx); - if(!ret) { - ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR); + ret = asn1_check_tlen(NULL, &utype, &oclass, NULL, NULL, + &p, inlen, -1, 0, 0, ctx); + if (!ret) { + ASN1error(ERR_R_NESTED_ASN1_ERROR); return 0; } - if(oclass != V_ASN1_UNIVERSAL) utype = V_ASN1_OTHER; + if (oclass != V_ASN1_UNIVERSAL) + utype = V_ASN1_OTHER; } - if(tag == -1) { + if (tag == -1) { tag = utype; aclass = V_ASN1_UNIVERSAL; } p = *in; /* Check header */ - ret = asn1_check_tlen(&plen, NULL, NULL, &inf, &cst, &p, inlen, tag, aclass, opt, ctx); - if(!ret) { - ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR); + ret = asn1_check_tlen(&plen, NULL, NULL, &inf, &cst, + &p, inlen, tag, aclass, opt, ctx); + if (!ret) { + ASN1error(ERR_R_NESTED_ASN1_ERROR); return 0; - } else if(ret == -1) return -1; + } else if (ret == -1) + return -1; + ret = 0; /* SEQUENCE, SET and "OTHER" are left in encoded form */ - if((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER)) { - /* Clear context cache for type OTHER because the auto clear when - * we have a exact match wont work + if ((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) || + (utype == V_ASN1_OTHER)) { + /* Clear context cache for type OTHER because the auto clear + * when we have a exact match wont work */ - if(utype == V_ASN1_OTHER) { + if (utype == V_ASN1_OTHER) { asn1_tlc_clear(ctx); + } /* SEQUENCE and SET must be constructed */ - } else if(!cst) { - ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_TYPE_NOT_CONSTRUCTED); + else if (!cst) { + ASN1error(ASN1_R_TYPE_NOT_CONSTRUCTED); return 0; } cont = *in; /* If indefinite length constructed find the real end */ - if(inf) { - if(!asn1_collect(NULL, &p, plen, inf, -1, -1)) goto err; + if (inf) { + if (!asn1_find_end(&p, plen, inf)) + goto err; len = p - cont; } else { len = p - cont + plen; p += plen; buf.data = NULL; } - } else if(cst) { - buf.length = 0; - buf.max = 0; - buf.data = NULL; + } else if (cst) { /* Should really check the internal tags are correct but * some things may get this wrong. The relevant specs * say that constructed string types should be OCTET STRINGs * internally irrespective of the type. So instead just check * for UNIVERSAL class and ignore the tag. */ - if(!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL)) goto err; + if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL, 0)) { + free_cont = 1; + goto err; + } len = buf.length; /* Append a final null to string */ - if(!BUF_MEM_grow(&buf, len + 1)) { - ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_MALLOC_FAILURE); + if (!BUF_MEM_grow_clean(&buf, len + 1)) { + ASN1error(ERR_R_MALLOC_FAILURE); return 0; } buf.data[len] = 0; - cont = (unsigned char *)buf.data; + cont = (const unsigned char *)buf.data; free_cont = 1; } else { cont = p; @@ -678,51 +772,67 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, unsigned char **in, long inl } /* We now have content length and type: translate into a structure */ - if(!asn1_ex_c2i(pval, cont, len, utype, &free_cont, it)) goto err; + if (!asn1_ex_c2i(pval, cont, len, utype, &free_cont, it)) + goto err; *in = p; ret = 1; - err: - if(free_cont && buf.data) OPENSSL_free(buf.data); + +err: + if (free_cont && buf.data) + free(buf.data); return ret; } /* Translate ASN1 content octets into a structure */ -int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it) +int +asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, + char *free_cont, const ASN1_ITEM *it) { + ASN1_VALUE **opval = NULL; ASN1_STRING *stmp; ASN1_TYPE *typ = NULL; int ret = 0; const ASN1_PRIMITIVE_FUNCS *pf; ASN1_INTEGER **tint; + pf = it->funcs; - if(pf && pf->prim_c2i) return pf->prim_c2i(pval, cont, len, utype, free_cont, it); + + if (pf && pf->prim_c2i) + return pf->prim_c2i(pval, cont, len, utype, free_cont, it); /* If ANY type clear type and set pointer to internal value */ - if(it->utype == V_ASN1_ANY) { - if(!*pval) { + if (it->utype == V_ASN1_ANY) { + if (!*pval) { typ = ASN1_TYPE_new(); + if (typ == NULL) + goto err; *pval = (ASN1_VALUE *)typ; - } else typ = (ASN1_TYPE *)*pval; - if(utype != typ->type) ASN1_TYPE_set(typ, utype, NULL); - pval = (ASN1_VALUE **)&typ->value.ptr; + } else + typ = (ASN1_TYPE *)*pval; + + if (utype != typ->type) + ASN1_TYPE_set(typ, utype, NULL); + opval = pval; + pval = &typ->value.asn1_value; } - switch(utype) { - case V_ASN1_OBJECT: - if(!c2i_ASN1_OBJECT((ASN1_OBJECT **)pval, &cont, len)) goto err; + switch (utype) { + case V_ASN1_OBJECT: + if (!c2i_ASN1_OBJECT((ASN1_OBJECT **)pval, &cont, len)) + goto err; break; - case V_ASN1_NULL: - if(len) { - ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_NULL_IS_WRONG_LENGTH); + case V_ASN1_NULL: + if (len) { + ASN1error(ASN1_R_NULL_IS_WRONG_LENGTH); goto err; } *pval = (ASN1_VALUE *)1; break; - case V_ASN1_BOOLEAN: - if(len != 1) { - ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_BOOLEAN_IS_WRONG_LENGTH); + case V_ASN1_BOOLEAN: + if (len != 1) { + ASN1error(ASN1_R_BOOLEAN_IS_WRONG_LENGTH); goto err; } else { ASN1_BOOLEAN *tbool; @@ -731,43 +841,51 @@ int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char } break; - case V_ASN1_BIT_STRING: - if(!c2i_ASN1_BIT_STRING((ASN1_BIT_STRING **)pval, &cont, len)) goto err; + case V_ASN1_BIT_STRING: + if (!c2i_ASN1_BIT_STRING((ASN1_BIT_STRING **)pval, &cont, len)) + goto err; break; - case V_ASN1_INTEGER: - case V_ASN1_NEG_INTEGER: - case V_ASN1_ENUMERATED: - case V_ASN1_NEG_ENUMERATED: + case V_ASN1_INTEGER: + case V_ASN1_ENUMERATED: tint = (ASN1_INTEGER **)pval; - if(!c2i_ASN1_INTEGER(tint, &cont, len)) goto err; + if (!c2i_ASN1_INTEGER(tint, &cont, len)) + goto err; /* Fixup type to match the expected form */ (*tint)->type = utype | ((*tint)->type & V_ASN1_NEG); break; - case V_ASN1_OCTET_STRING: - case V_ASN1_NUMERICSTRING: - case V_ASN1_PRINTABLESTRING: - case V_ASN1_T61STRING: - case V_ASN1_VIDEOTEXSTRING: - case V_ASN1_IA5STRING: - case V_ASN1_UTCTIME: - case V_ASN1_GENERALIZEDTIME: - case V_ASN1_GRAPHICSTRING: - case V_ASN1_VISIBLESTRING: - case V_ASN1_GENERALSTRING: - case V_ASN1_UNIVERSALSTRING: - case V_ASN1_BMPSTRING: - case V_ASN1_UTF8STRING: - case V_ASN1_OTHER: - case V_ASN1_SET: - case V_ASN1_SEQUENCE: - default: + case V_ASN1_OCTET_STRING: + case V_ASN1_NUMERICSTRING: + case V_ASN1_PRINTABLESTRING: + case V_ASN1_T61STRING: + case V_ASN1_VIDEOTEXSTRING: + case V_ASN1_IA5STRING: + case V_ASN1_UTCTIME: + case V_ASN1_GENERALIZEDTIME: + case V_ASN1_GRAPHICSTRING: + case V_ASN1_VISIBLESTRING: + case V_ASN1_GENERALSTRING: + case V_ASN1_UNIVERSALSTRING: + case V_ASN1_BMPSTRING: + case V_ASN1_UTF8STRING: + case V_ASN1_OTHER: + case V_ASN1_SET: + case V_ASN1_SEQUENCE: + default: + if (utype == V_ASN1_BMPSTRING && (len & 1)) { + ASN1error(ASN1_R_BMPSTRING_IS_WRONG_LENGTH); + goto err; + } + if (utype == V_ASN1_UNIVERSALSTRING && (len & 3)) { + ASN1error(ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH); + goto err; + } /* All based on ASN1_STRING and handled the same */ - if(!*pval) { + if (!*pval) { stmp = ASN1_STRING_type_new(utype); - if(!stmp) { - ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_MALLOC_FAILURE); + if (!stmp) { + ASN1error(ERR_R_MALLOC_FAILURE); goto err; } *pval = (ASN1_VALUE *)stmp; @@ -776,15 +894,15 @@ int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char stmp->type = utype; } /* If we've already allocated a buffer use it */ - if(*free_cont) { - if(stmp->data) OPENSSL_free(stmp->data); - stmp->data = cont; + if (*free_cont) { + free(stmp->data); + stmp->data = (unsigned char *)cont; /* UGLY CAST! RL */ stmp->length = len; *free_cont = 0; } else { - if(!ASN1_STRING_set(stmp, cont, len)) { - ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_MALLOC_FAILURE); - ASN1_STRING_free(stmp); + if (!ASN1_STRING_set(stmp, cont, len)) { + ASN1error(ERR_R_MALLOC_FAILURE); + ASN1_STRING_free(stmp); *pval = NULL; goto err; } @@ -792,89 +910,172 @@ int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char break; } /* If ASN1_ANY and NULL type fix up value */ - if(typ && utype==V_ASN1_NULL) typ->value.ptr = NULL; + if (typ && (utype == V_ASN1_NULL)) + typ->value.ptr = NULL; ret = 1; - err: - if(!ret) ASN1_TYPE_free(typ); + +err: + if (!ret) { + ASN1_TYPE_free(typ); + if (opval) + *opval = NULL; + } return ret; } + +/* This function finds the end of an ASN1 structure when passed its maximum + * length, whether it is indefinite length and a pointer to the content. + * This is more efficient than calling asn1_collect because it does not + * recurse on each indefinite length header. + */ + +static int +asn1_find_end(const unsigned char **in, long len, char inf) +{ + int expected_eoc; + long plen; + const unsigned char *p = *in, *q; + + /* If not indefinite length constructed just add length */ + if (inf == 0) { + *in += len; + return 1; + } + expected_eoc = 1; + /* Indefinite length constructed form. Find the end when enough EOCs + * are found. If more indefinite length constructed headers + * are encountered increment the expected eoc count otherwise just + * skip to the end of the data. + */ + while (len > 0) { + if (asn1_check_eoc(&p, len)) { + expected_eoc--; + if (expected_eoc == 0) + break; + len -= 2; + continue; + } + q = p; + /* Just read in a header: only care about the length */ + if (!asn1_check_tlen(&plen, NULL, NULL, &inf, NULL, &p, len, + -1, 0, 0, NULL)) { + ASN1error(ERR_R_NESTED_ASN1_ERROR); + return 0; + } + if (inf) + expected_eoc++; + else + p += plen; + len -= p - q; + } + if (expected_eoc) { + ASN1error(ASN1_R_MISSING_EOC); + return 0; + } + *in = p; + return 1; +} /* This function collects the asn1 data from a constructred string * type into a buffer. The values of 'in' and 'len' should refer * to the contents of the constructed type and 'inf' should be set - * if it is indefinite length. If 'buf' is NULL then we just want - * to find the end of the current structure: useful for indefinite - * length constructed stuff. + * if it is indefinite length. */ -static int asn1_collect(BUF_MEM *buf, unsigned char **in, long len, char inf, int tag, int aclass) +#ifndef ASN1_MAX_STRING_NEST +/* This determines how many levels of recursion are permitted in ASN1 + * string types. If it is not limited stack overflows can occur. If set + * to zero no recursion is allowed at all. Although zero should be adequate + * examples exist that require a value of 1. So 5 should be more than enough. + */ +#define ASN1_MAX_STRING_NEST 5 +#endif + +static int +asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, char inf, + int tag, int aclass, int depth) { - unsigned char *p, *q; + const unsigned char *p, *q; long plen; char cst, ininf; + p = *in; inf &= 1; - /* If no buffer and not indefinite length constructed just pass over the encoded data */ - if(!buf && !inf) { + /* If no buffer and not indefinite length constructed just pass over + * the encoded data */ + if (!buf && !inf) { *in += len; return 1; } - while(len > 0) { + while (len > 0) { q = p; /* Check for EOC */ - if(asn1_check_eoc(&p, len)) { - /* EOC is illegal outside indefinite length constructed form */ - if(!inf) { - ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_UNEXPECTED_EOC); + if (asn1_check_eoc(&p, len)) { + /* EOC is illegal outside indefinite length + * constructed form */ + if (!inf) { + ASN1error(ASN1_R_UNEXPECTED_EOC); return 0; } inf = 0; break; } - if(!asn1_check_tlen(&plen, NULL, NULL, &ininf, &cst, &p, len, tag, aclass, 0, NULL)) { - ASN1err(ASN1_F_ASN1_COLLECT, ERR_R_NESTED_ASN1_ERROR); + + if (!asn1_check_tlen(&plen, NULL, NULL, &ininf, &cst, &p, + len, tag, aclass, 0, NULL)) { + ASN1error(ERR_R_NESTED_ASN1_ERROR); return 0; } + /* If indefinite length constructed update max length */ - if(cst) { - if(!asn1_collect(buf, &p, plen, ininf, tag, aclass)) return 0; - } else { - if(!collect_data(buf, &p, plen)) return 0; - } + if (cst) { + if (depth >= ASN1_MAX_STRING_NEST) { + ASN1error(ASN1_R_NESTED_ASN1_STRING); + return 0; + } + if (!asn1_collect(buf, &p, plen, ininf, tag, aclass, + depth + 1)) + return 0; + } else if (plen && !collect_data(buf, &p, plen)) + return 0; len -= p - q; } - if(inf) { - ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_MISSING_EOC); + if (inf) { + ASN1error(ASN1_R_MISSING_EOC); return 0; } *in = p; return 1; } -static int collect_data(BUF_MEM *buf, unsigned char **p, long plen) +static int +collect_data(BUF_MEM *buf, const unsigned char **p, long plen) { - int len; - if(buf) { - len = buf->length; - if(!BUF_MEM_grow(buf, len + plen)) { - ASN1err(ASN1_F_COLLECT_DATA, ERR_R_MALLOC_FAILURE); - return 0; - } - memcpy(buf->data + len, *p, plen); + int len; + if (buf) { + len = buf->length; + if (!BUF_MEM_grow_clean(buf, len + plen)) { + ASN1error(ERR_R_MALLOC_FAILURE); + return 0; } - *p += plen; - return 1; + memcpy(buf->data + len, *p, plen); + } + *p += plen; + return 1; } /* Check for ASN1 EOC and swallow it if found */ -static int asn1_check_eoc(unsigned char **in, long len) +static int +asn1_check_eoc(const unsigned char **in, long len) { - unsigned char *p; - if(len < 2) return 0; + const unsigned char *p; + + if (len < 2) + return 0; p = *in; - if(!p[0] && !p[1]) { + if (!p[0] && !p[1]) { *in += 2; return 1; } @@ -888,17 +1089,20 @@ static int asn1_check_eoc(unsigned char **in, long len) * header length just read. */ -static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, char *inf, char *cst, - unsigned char **in, long len, int exptag, int expclass, char opt, ASN1_TLC *ctx) +static int +asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, char *inf, + char *cst, const unsigned char **in, long len, int exptag, int expclass, + char opt, ASN1_TLC *ctx) { int i; int ptag, pclass; long plen; - unsigned char *p, *q; + const unsigned char *p, *q; + p = *in; q = p; - if(ctx && ctx->valid) { + if (ctx && ctx->valid) { i = ctx->ret; plen = ctx->plen; pclass = ctx->pclass; @@ -906,52 +1110,57 @@ static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, char *i p += ctx->hdrlen; } else { i = ASN1_get_object(&p, &plen, &ptag, &pclass, len); - if(ctx) { + if (ctx) { ctx->ret = i; ctx->plen = plen; ctx->pclass = pclass; ctx->ptag = ptag; ctx->hdrlen = p - q; ctx->valid = 1; - /* If definite length, length + header can't exceed total - * amount of data available. + /* If definite length, and no error, length + + * header can't exceed total amount of data available. */ - if(!(i & 1) && ((plen + ctx->hdrlen) > len)) { - ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_TOO_LONG); + if (!(i & 0x81) && ((plen + ctx->hdrlen) > len)) { + ASN1error(ASN1_R_TOO_LONG); asn1_tlc_clear(ctx); return 0; } } } - if(i & 0x80) { - ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_BAD_OBJECT_HEADER); + if (i & 0x80) { + ASN1error(ASN1_R_BAD_OBJECT_HEADER); asn1_tlc_clear(ctx); return 0; } - if(exptag >= 0) { - if((exptag != ptag) || (expclass != pclass)) { - /* If type is OPTIONAL, not an error, but indicate missing - * type. + if (exptag >= 0) { + if ((exptag != ptag) || (expclass != pclass)) { + /* If type is OPTIONAL, not an error: + * indicate missing type. */ - if(opt) return -1; + if (opt) + return -1; asn1_tlc_clear(ctx); - ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_WRONG_TAG); + ASN1error(ASN1_R_WRONG_TAG); return 0; } - /* We have a tag and class match, so assume we are going to do something with it */ + /* We have a tag and class match: + * assume we are going to do something with it */ asn1_tlc_clear(ctx); } - if(i & 1) plen = len - (p - q); - - if(inf) *inf = i & 1; - - if(cst) *cst = i & V_ASN1_CONSTRUCTED; - - if(olen) *olen = plen; - if(oclass) *oclass = pclass; - if(otag) *otag = ptag; + if (i & 1) + plen = len - (p - q); + if (inf) + *inf = i & 1; + if (cst) + *cst = i & V_ASN1_CONSTRUCTED; + if (olen) + *olen = plen; + if (oclass) + *oclass = pclass; + if (otag) + *otag = ptag; *in = p; return 1; diff --git a/src/lib/libcrypto/asn1/tasn_enc.c b/src/lib/libcrypto/asn1/tasn_enc.c index f6c8ddef0aa..f3341901fea 100644 --- a/src/lib/libcrypto/asn1/tasn_enc.c +++ b/src/lib/libcrypto/asn1/tasn_enc.c @@ -1,16 +1,16 @@ -/* tasn_enc.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: tasn_enc.c,v 1.21 2016/12/30 16:04:34 jsing Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -56,45 +56,69 @@ * */ - #include #include + #include #include #include -static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass); -static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *seq, unsigned char **out, int skcontlen, const ASN1_ITEM *item, int isset); +static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, + const ASN1_ITEM *it, int tag, int aclass); +static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out, + int skcontlen, const ASN1_ITEM *item, int do_sort, int iclass); +static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out, + const ASN1_TEMPLATE *tt, int tag, int aclass); +static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out, + const ASN1_ITEM *it, int flags); +static int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, + const ASN1_ITEM *it); + +/* Top level i2d equivalents: the 'ndef' variant instructs the encoder + * to use indefinite length constructed encoding, where appropriate + */ + +int +ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it) +{ + return asn1_item_flags_i2d(val, out, it, ASN1_TFLG_NDEF); +} -/* Encode an ASN1 item, this is compatible with the - * standard 'i2d' function. 'out' points to - * a buffer to output the data to, in future we will - * have more advanced versions that can output data - * a piece at a time and this will simply be a special - * case. +int +ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it) +{ + return asn1_item_flags_i2d(val, out, it, 0); +} + +/* Encode an ASN1 item, this is use by the + * standard 'i2d' function. 'out' points to + * a buffer to output the data to. * * The new i2d has one additional feature. If the output * buffer is NULL (i.e. *out == NULL) then a buffer is * allocated and populated with the encoding. */ - -int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it) +static int +asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it, + int flags) { - if(out && !*out) { + if (out && !*out) { unsigned char *p, *buf; int len; - len = ASN1_item_ex_i2d(&val, NULL, it, -1, 0); - if(len <= 0) return len; - buf = OPENSSL_malloc(len); - if(!buf) return -1; + len = ASN1_item_ex_i2d(&val, NULL, it, -1, flags); + if (len <= 0) + return len; + buf = malloc(len); + if (!buf) + return -1; p = buf; - ASN1_item_ex_i2d(&val, &p, it, -1, 0); + ASN1_item_ex_i2d(&val, &p, it, -1, flags); *out = buf; return len; } - - return ASN1_item_ex_i2d(&val, out, it, -1, 0); + + return ASN1_item_ex_i2d(&val, out, it, -1, flags); } /* Encode an item, taking care of IMPLICIT tagging (if any). @@ -102,186 +126,263 @@ int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it) * used in external types. */ -int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass) +int +ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, + int tag, int aclass) { const ASN1_TEMPLATE *tt = NULL; - unsigned char *p = NULL; - int i, seqcontlen, seqlen; - ASN1_STRING *strtmp; - const ASN1_COMPAT_FUNCS *cf; + int i, seqcontlen, seqlen, ndef = 1; const ASN1_EXTERN_FUNCS *ef; const ASN1_AUX *aux = it->funcs; - ASN1_aux_cb *asn1_cb; - if((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval) return 0; - if(aux && aux->asn1_cb) asn1_cb = aux->asn1_cb; - else asn1_cb = 0; + ASN1_aux_cb *asn1_cb = NULL; + + if ((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval) + return 0; + + if (aux && aux->asn1_cb) + asn1_cb = aux->asn1_cb; - switch(it->itype) { + switch (it->itype) { - case ASN1_ITYPE_PRIMITIVE: - if(it->templates) - return ASN1_template_i2d(pval, out, it->templates); + case ASN1_ITYPE_PRIMITIVE: + if (it->templates) + return asn1_template_ex_i2d(pval, out, it->templates, + tag, aclass); return asn1_i2d_ex_primitive(pval, out, it, tag, aclass); break; - case ASN1_ITYPE_MSTRING: - strtmp = (ASN1_STRING *)*pval; - return asn1_i2d_ex_primitive(pval, out, it, -1, 0); + case ASN1_ITYPE_MSTRING: + return asn1_i2d_ex_primitive(pval, out, it, -1, aclass); - case ASN1_ITYPE_CHOICE: - if(asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it)) - return 0; + case ASN1_ITYPE_CHOICE: + if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it, NULL)) + return 0; i = asn1_get_choice_selector(pval, it); - if((i >= 0) && (i < it->tcount)) { + if ((i >= 0) && (i < it->tcount)) { ASN1_VALUE **pchval; const ASN1_TEMPLATE *chtt; chtt = it->templates + i; pchval = asn1_get_field_ptr(pval, chtt); - return ASN1_template_i2d(pchval, out, chtt); - } + return asn1_template_ex_i2d(pchval, out, chtt, + -1, aclass); + } /* Fixme: error condition if selector out of range */ - if(asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it)) - return 0; + if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it, NULL)) + return 0; break; - case ASN1_ITYPE_EXTERN: + case ASN1_ITYPE_EXTERN: /* If new style i2d it does all the work */ ef = it->funcs; return ef->asn1_ex_i2d(pval, out, it, tag, aclass); - case ASN1_ITYPE_COMPAT: - /* old style hackery... */ - cf = it->funcs; - if(out) p = *out; - i = cf->asn1_i2d(*pval, out); - /* Fixup for IMPLICIT tag: note this messes up for tags > 30, - * but so did the old code. Tags > 30 are very rare anyway. - */ - if(out && (tag != -1)) - *p = aclass | tag | (*p & V_ASN1_CONSTRUCTED); - return i; - - case ASN1_ITYPE_SEQUENCE: + case ASN1_ITYPE_NDEF_SEQUENCE: + /* Use indefinite length constructed if requested */ + if (aclass & ASN1_TFLG_NDEF) + ndef = 2; + /* fall through */ + + case ASN1_ITYPE_SEQUENCE: i = asn1_enc_restore(&seqcontlen, out, pval, it); /* An error occurred */ - if(i < 0) return 0; + if (i < 0) + return 0; /* We have a valid cached encoding... */ - if(i > 0) return seqcontlen; + if (i > 0) + return seqcontlen; /* Otherwise carry on */ seqcontlen = 0; /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */ - if(tag == -1) { + if (tag == -1) { tag = V_ASN1_SEQUENCE; - aclass = V_ASN1_UNIVERSAL; + /* Retain any other flags in aclass */ + aclass = (aclass & ~ASN1_TFLG_TAG_CLASS) | + V_ASN1_UNIVERSAL; } - if(asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it)) - return 0; + if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it, NULL)) + return 0; /* First work out sequence content length */ - for(i = 0, tt = it->templates; i < it->tcount; tt++, i++) { + for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) { const ASN1_TEMPLATE *seqtt; ASN1_VALUE **pseqval; seqtt = asn1_do_adb(pval, tt, 1); - if(!seqtt) return 0; + if (!seqtt) + return 0; pseqval = asn1_get_field_ptr(pval, seqtt); /* FIXME: check for errors in enhanced version */ - /* FIXME: special handling of indefinite length encoding */ - seqcontlen += ASN1_template_i2d(pseqval, NULL, seqtt); + seqcontlen += asn1_template_ex_i2d(pseqval, NULL, seqtt, + -1, aclass); } - seqlen = ASN1_object_size(1, seqcontlen, tag); - if(!out) return seqlen; + + seqlen = ASN1_object_size(ndef, seqcontlen, tag); + if (!out) + return seqlen; /* Output SEQUENCE header */ - ASN1_put_object(out, 1, seqcontlen, tag, aclass); - for(i = 0, tt = it->templates; i < it->tcount; tt++, i++) { + ASN1_put_object(out, ndef, seqcontlen, tag, aclass); + for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) { const ASN1_TEMPLATE *seqtt; ASN1_VALUE **pseqval; seqtt = asn1_do_adb(pval, tt, 1); - if(!seqtt) return 0; + if (!seqtt) + return 0; pseqval = asn1_get_field_ptr(pval, seqtt); /* FIXME: check for errors in enhanced version */ - ASN1_template_i2d(pseqval, out, seqtt); + asn1_template_ex_i2d(pseqval, out, seqtt, -1, aclass); } - if(asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it)) - return 0; + if (ndef == 2) + ASN1_put_eoc(out); + if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it, NULL)) + return 0; return seqlen; - default: + default: return 0; + } return 0; } -int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_TEMPLATE *tt) +int +ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out, + const ASN1_TEMPLATE *tt) { - int i, ret, flags, aclass; + return asn1_template_ex_i2d(pval, out, tt, -1, 0); +} + +static int +asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out, + const ASN1_TEMPLATE *tt, int tag, int iclass) +{ + int i, ret, flags, ttag, tclass, ndef; flags = tt->flags; - aclass = flags & ASN1_TFLG_TAG_CLASS; - if(flags & ASN1_TFLG_SK_MASK) { + /* Work out tag and class to use: tagging may come + * either from the template or the arguments, not both + * because this would create ambiguity. Additionally + * the iclass argument may contain some additional flags + * which should be noted and passed down to other levels. + */ + if (flags & ASN1_TFLG_TAG_MASK) { + /* Error if argument and template tagging */ + if (tag != -1) + /* FIXME: error code here */ + return -1; + /* Get tagging from template */ + ttag = tt->tag; + tclass = flags & ASN1_TFLG_TAG_CLASS; + } else if (tag != -1) { + /* No template tagging, get from arguments */ + ttag = tag; + tclass = iclass & ASN1_TFLG_TAG_CLASS; + } else { + ttag = -1; + tclass = 0; + } + /* + * Remove any class mask from iflag. + */ + iclass &= ~ASN1_TFLG_TAG_CLASS; + + /* At this point 'ttag' contains the outer tag to use, + * 'tclass' is the class and iclass is any flags passed + * to this function. + */ + + /* if template and arguments require ndef, use it */ + if ((flags & ASN1_TFLG_NDEF) && (iclass & ASN1_TFLG_NDEF)) + ndef = 2; + else + ndef = 1; + + if (flags & ASN1_TFLG_SK_MASK) { /* SET OF, SEQUENCE OF */ STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval; int isset, sktag, skaclass; int skcontlen, sklen; ASN1_VALUE *skitem; - if(!*pval) return 0; - if(flags & ASN1_TFLG_SET_OF) { + + if (!*pval) + return 0; + + if (flags & ASN1_TFLG_SET_OF) { isset = 1; /* 2 means we reorder */ - if(flags & ASN1_TFLG_SEQUENCE_OF) isset = 2; - } else isset = 0; - /* First work out inner tag value */ - if(flags & ASN1_TFLG_IMPTAG) { - sktag = tt->tag; - skaclass = aclass; + if (flags & ASN1_TFLG_SEQUENCE_OF) + isset = 2; + } else + isset = 0; + + /* Work out inner tag value: if EXPLICIT + * or no tagging use underlying type. + */ + if ((ttag != -1) && !(flags & ASN1_TFLG_EXPTAG)) { + sktag = ttag; + skaclass = tclass; } else { skaclass = V_ASN1_UNIVERSAL; - if(isset) sktag = V_ASN1_SET; - else sktag = V_ASN1_SEQUENCE; + if (isset) + sktag = V_ASN1_SET; + else + sktag = V_ASN1_SEQUENCE; } - /* Now work out length of items */ + + /* Determine total length of items */ skcontlen = 0; - for(i = 0; i < sk_ASN1_VALUE_num(sk); i++) { + for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) { skitem = sk_ASN1_VALUE_value(sk, i); - skcontlen += ASN1_item_ex_i2d(&skitem, NULL, ASN1_ITEM_ptr(tt->item), -1, 0); + skcontlen += ASN1_item_ex_i2d(&skitem, NULL, + tt->item, -1, iclass); } - sklen = ASN1_object_size(1, skcontlen, sktag); + sklen = ASN1_object_size(ndef, skcontlen, sktag); /* If EXPLICIT need length of surrounding tag */ - if(flags & ASN1_TFLG_EXPTAG) - ret = ASN1_object_size(1, sklen, tt->tag); - else ret = sklen; + if (flags & ASN1_TFLG_EXPTAG) + ret = ASN1_object_size(ndef, sklen, ttag); + else + ret = sklen; - if(!out) return ret; + if (!out) + return ret; /* Now encode this lot... */ /* EXPLICIT tag */ - if(flags & ASN1_TFLG_EXPTAG) - ASN1_put_object(out, 1, sklen, tt->tag, aclass); + if (flags & ASN1_TFLG_EXPTAG) + ASN1_put_object(out, ndef, sklen, ttag, tclass); /* SET or SEQUENCE and IMPLICIT tag */ - ASN1_put_object(out, 1, skcontlen, sktag, skaclass); - /* And finally the stuff itself */ - asn1_set_seq_out(sk, out, skcontlen, ASN1_ITEM_ptr(tt->item), isset); + ASN1_put_object(out, ndef, skcontlen, sktag, skaclass); + /* And the stuff itself */ + asn1_set_seq_out(sk, out, skcontlen, tt->item, + isset, iclass); + if (ndef == 2) { + ASN1_put_eoc(out); + if (flags & ASN1_TFLG_EXPTAG) + ASN1_put_eoc(out); + } return ret; } - - if(flags & ASN1_TFLG_EXPTAG) { + + if (flags & ASN1_TFLG_EXPTAG) { /* EXPLICIT tagging */ /* Find length of tagged item */ - i = ASN1_item_ex_i2d(pval, NULL, ASN1_ITEM_ptr(tt->item), -1, 0); - if(!i) return 0; + i = ASN1_item_ex_i2d(pval, NULL, tt->item, + -1, iclass); + if (!i) + return 0; /* Find length of EXPLICIT tag */ - ret = ASN1_object_size(1, i, tt->tag); - if(out) { + ret = ASN1_object_size(ndef, i, ttag); + if (out) { /* Output tag and item */ - ASN1_put_object(out, 1, i, tt->tag, aclass); - ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), -1, 0); + ASN1_put_object(out, ndef, i, ttag, tclass); + ASN1_item_ex_i2d(pval, out, tt->item, + -1, iclass); + if (ndef == 2) + ASN1_put_eoc(out); } return ret; } - if(flags & ASN1_TFLG_IMPTAG) { - /* IMPLICIT tagging */ - return ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), tt->tag, aclass); - } - /* Nothing special: treat as normal */ - return ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), -1, 0); + + /* Either normal or IMPLICIT tagging: combine class and flags */ + return ASN1_item_ex_i2d(pval, out, tt->item, + ttag, tclass | iclass); } /* Temporary structure used to hold DER encoding of items for SET OF */ @@ -292,73 +393,90 @@ typedef struct { ASN1_VALUE *field; } DER_ENC; -static int der_cmp(const void *a, const void *b) +static int +der_cmp(const void *a, const void *b) { const DER_ENC *d1 = a, *d2 = b; int cmplen, i; + cmplen = (d1->length < d2->length) ? d1->length : d2->length; i = memcmp(d1->data, d2->data, cmplen); - if(i) return i; + if (i) + return i; return d1->length - d2->length; } /* Output the content octets of SET OF or SEQUENCE OF */ -static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out, int skcontlen, const ASN1_ITEM *item, int do_sort) +static int +asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out, int skcontlen, + const ASN1_ITEM *item, int do_sort, int iclass) { int i; ASN1_VALUE *skitem; unsigned char *tmpdat = NULL, *p = NULL; DER_ENC *derlst = NULL, *tder; - if(do_sort) { + + if (do_sort) { /* Don't need to sort less than 2 items */ - if(sk_ASN1_VALUE_num(sk) < 2) do_sort = 0; + if (sk_ASN1_VALUE_num(sk) < 2) + do_sort = 0; else { - derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk) * sizeof(*derlst)); - tmpdat = OPENSSL_malloc(skcontlen); - if(!derlst || !tmpdat) return 0; + derlst = reallocarray(NULL, sk_ASN1_VALUE_num(sk), + sizeof(*derlst)); + tmpdat = malloc(skcontlen); + if (!derlst || !tmpdat) { + free(derlst); + free(tmpdat); + return 0; + } } } /* If not sorting just output each item */ - if(!do_sort) { - for(i = 0; i < sk_ASN1_VALUE_num(sk); i++) { + if (!do_sort) { + for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) { skitem = sk_ASN1_VALUE_value(sk, i); - ASN1_item_i2d(skitem, out, item); + ASN1_item_ex_i2d(&skitem, out, item, -1, iclass); } return 1; } p = tmpdat; + /* Doing sort: build up a list of each member's DER encoding */ - for(i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) { + for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) { skitem = sk_ASN1_VALUE_value(sk, i); tder->data = p; - tder->length = ASN1_item_i2d(skitem, &p, item); + tder->length = ASN1_item_ex_i2d(&skitem, &p, item, -1, iclass); tder->field = skitem; } + /* Now sort them */ qsort(derlst, sk_ASN1_VALUE_num(sk), sizeof(*derlst), der_cmp); - /* Output sorted DER encoding */ + /* Output sorted DER encoding */ p = *out; - for(i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) { + for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) { memcpy(p, tder->data, tder->length); p += tder->length; } *out = p; /* If do_sort is 2 then reorder the STACK */ - if(do_sort == 2) { - for(i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) - sk_ASN1_VALUE_set(sk, i, tder->field); + if (do_sort == 2) { + for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) + (void)sk_ASN1_VALUE_set(sk, i, tder->field); } - OPENSSL_free(derlst); - OPENSSL_free(tmpdat); + free(derlst); + free(tmpdat); return 1; } -static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass) +static int +asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, + const ASN1_ITEM *it, int tag, int aclass) { int len; int utype; int usetag; + int ndef = 0; utype = it->utype; @@ -374,124 +492,161 @@ static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, const A * because the call to asn1_ex_i2c() could change * utype. */ - if((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) || - (utype == V_ASN1_OTHER)) + if ((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) || + (utype == V_ASN1_OTHER)) usetag = 0; - else usetag = 1; + else + usetag = 1; /* -1 means omit type */ + if (len == -1) + return 0; - if(len == -1) return 0; + /* -2 return is special meaning use ndef */ + if (len == -2) { + ndef = 2; + len = 0; + } /* If not implicitly tagged get tag from underlying type */ - if(tag == -1) tag = utype; + if (tag == -1) + tag = utype; /* Output tag+length followed by content octets */ - if(out) { - if(usetag) ASN1_put_object(out, 0, len, tag, aclass); + if (out) { + if (usetag) + ASN1_put_object(out, ndef, len, tag, aclass); asn1_ex_i2c(pval, *out, &utype, it); - *out += len; + if (ndef) + ASN1_put_eoc(out); + else + *out += len; } - if(usetag) return ASN1_object_size(0, len, tag); + if (usetag) + return ASN1_object_size(ndef, len, tag); return len; } /* Produce content octets from a structure */ -int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, const ASN1_ITEM *it) +static int +asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, + const ASN1_ITEM *it) { ASN1_BOOLEAN *tbool = NULL; ASN1_STRING *strtmp; ASN1_OBJECT *otmp; int utype; - unsigned char *cont, c; + const unsigned char *cont; + unsigned char c; int len; const ASN1_PRIMITIVE_FUNCS *pf; + pf = it->funcs; - if(pf && pf->prim_i2c) return pf->prim_i2c(pval, cout, putype, it); + if (pf && pf->prim_i2c) + return pf->prim_i2c(pval, cout, putype, it); /* Should type be omitted? */ - if((it->itype != ASN1_ITYPE_PRIMITIVE) || (it->utype != V_ASN1_BOOLEAN)) { - if(!*pval) return -1; + if ((it->itype != ASN1_ITYPE_PRIMITIVE) || + (it->utype != V_ASN1_BOOLEAN)) { + if (!*pval) + return -1; } - if(it->itype == ASN1_ITYPE_MSTRING) { + if (it->itype == ASN1_ITYPE_MSTRING) { /* If MSTRING type set the underlying type */ strtmp = (ASN1_STRING *)*pval; utype = strtmp->type; *putype = utype; - } else if(it->utype == V_ASN1_ANY) { + } else if (it->utype == V_ASN1_ANY) { /* If ANY set type and pointer to value */ ASN1_TYPE *typ; typ = (ASN1_TYPE *)*pval; utype = typ->type; *putype = utype; - pval = (ASN1_VALUE **)&typ->value.ptr; - } else utype = *putype; + pval = &typ->value.asn1_value; + } else + utype = *putype; - switch(utype) { - case V_ASN1_OBJECT: + switch (utype) { + case V_ASN1_OBJECT: otmp = (ASN1_OBJECT *)*pval; cont = otmp->data; len = otmp->length; break; - case V_ASN1_NULL: + case V_ASN1_NULL: cont = NULL; len = 0; break; - case V_ASN1_BOOLEAN: + case V_ASN1_BOOLEAN: tbool = (ASN1_BOOLEAN *)pval; - if(*tbool == -1) return -1; - /* Default handling if value == size field then omit */ - if(*tbool && (it->size > 0)) return -1; - if(!*tbool && !it->size) return -1; + if (*tbool == -1) + return -1; + if (it->utype != V_ASN1_ANY) { + /* Default handling if value == size field then omit */ + if (*tbool && (it->size > 0)) + return -1; + if (!*tbool && !it->size) + return -1; + } c = (unsigned char)*tbool; cont = &c; len = 1; break; - case V_ASN1_BIT_STRING: - return i2c_ASN1_BIT_STRING((ASN1_BIT_STRING *)*pval, cout ? &cout : NULL); + case V_ASN1_BIT_STRING: + return i2c_ASN1_BIT_STRING((ASN1_BIT_STRING *)*pval, + cout ? &cout : NULL); break; - case V_ASN1_INTEGER: - case V_ASN1_NEG_INTEGER: - case V_ASN1_ENUMERATED: - case V_ASN1_NEG_ENUMERATED: + case V_ASN1_INTEGER: + case V_ASN1_ENUMERATED: /* These are all have the same content format * as ASN1_INTEGER */ - return i2c_ASN1_INTEGER((ASN1_INTEGER *)*pval, cout ? &cout : NULL); + return i2c_ASN1_INTEGER((ASN1_INTEGER *)*pval, + cout ? &cout : NULL); break; - case V_ASN1_OCTET_STRING: - case V_ASN1_NUMERICSTRING: - case V_ASN1_PRINTABLESTRING: - case V_ASN1_T61STRING: - case V_ASN1_VIDEOTEXSTRING: - case V_ASN1_IA5STRING: - case V_ASN1_UTCTIME: - case V_ASN1_GENERALIZEDTIME: - case V_ASN1_GRAPHICSTRING: - case V_ASN1_VISIBLESTRING: - case V_ASN1_GENERALSTRING: - case V_ASN1_UNIVERSALSTRING: - case V_ASN1_BMPSTRING: - case V_ASN1_UTF8STRING: - case V_ASN1_SEQUENCE: - case V_ASN1_SET: - default: + case V_ASN1_OCTET_STRING: + case V_ASN1_NUMERICSTRING: + case V_ASN1_PRINTABLESTRING: + case V_ASN1_T61STRING: + case V_ASN1_VIDEOTEXSTRING: + case V_ASN1_IA5STRING: + case V_ASN1_UTCTIME: + case V_ASN1_GENERALIZEDTIME: + case V_ASN1_GRAPHICSTRING: + case V_ASN1_VISIBLESTRING: + case V_ASN1_GENERALSTRING: + case V_ASN1_UNIVERSALSTRING: + case V_ASN1_BMPSTRING: + case V_ASN1_UTF8STRING: + case V_ASN1_SEQUENCE: + case V_ASN1_SET: + default: /* All based on ASN1_STRING and handled the same */ strtmp = (ASN1_STRING *)*pval; + /* Special handling for NDEF */ + if ((it->size == ASN1_TFLG_NDEF) && + (strtmp->flags & ASN1_STRING_FLAG_NDEF)) { + if (cout) { + strtmp->data = cout; + strtmp->length = 0; + } + /* Special return code */ + return -2; + } cont = strtmp->data; len = strtmp->length; break; } - if(cout && len) memcpy(cout, cont, len); + if (cout && len) + memcpy(cout, cont, len); return len; } diff --git a/src/lib/libcrypto/asn1/tasn_fre.c b/src/lib/libcrypto/asn1/tasn_fre.c index c7610776f25..c05310ec285 100644 --- a/src/lib/libcrypto/asn1/tasn_fre.c +++ b/src/lib/libcrypto/asn1/tasn_fre.c @@ -1,5 +1,5 @@ -/* tasn_fre.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: tasn_fre.c,v 1.16 2018/04/06 12:16:06 bluhm Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -62,164 +62,184 @@ #include #include -static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine); +static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, + int combine); /* Free up an ASN1 structure */ -void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it) +void +ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it) { asn1_item_combine_free(&val, it, 0); } -void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it) +void +ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it) { asn1_item_combine_free(pval, it, 0); } -static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine) +static void +asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine) { const ASN1_TEMPLATE *tt = NULL, *seqtt; const ASN1_EXTERN_FUNCS *ef; - const ASN1_COMPAT_FUNCS *cf; const ASN1_AUX *aux = it->funcs; - ASN1_aux_cb *asn1_cb; + ASN1_aux_cb *asn1_cb = NULL; int i; - if(!pval) return; - if((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval) return; - if(aux && aux->asn1_cb) asn1_cb = aux->asn1_cb; - else asn1_cb = 0; - switch(it->itype) { + if (pval == NULL) + return; + /* For primitive types *pval may be something other than C pointer. */ + if (it->itype != ASN1_ITYPE_PRIMITIVE && *pval == NULL) + return; + + if (aux != NULL && aux->asn1_cb != NULL) + asn1_cb = aux->asn1_cb; - case ASN1_ITYPE_PRIMITIVE: - if(it->templates) ASN1_template_free(pval, it->templates); - else ASN1_primitive_free(pval, it); + switch (it->itype) { + case ASN1_ITYPE_PRIMITIVE: + if (it->templates) + ASN1_template_free(pval, it->templates); + else + ASN1_primitive_free(pval, it); break; - case ASN1_ITYPE_MSTRING: + case ASN1_ITYPE_MSTRING: ASN1_primitive_free(pval, it); break; - case ASN1_ITYPE_CHOICE: - if(asn1_cb) { - i = asn1_cb(ASN1_OP_FREE_PRE, pval, it); - if(i == 2) return; + case ASN1_ITYPE_CHOICE: + if (asn1_cb) { + i = asn1_cb(ASN1_OP_FREE_PRE, pval, it, NULL); + if (i == 2) + return; } i = asn1_get_choice_selector(pval, it); - if(asn1_cb) asn1_cb(ASN1_OP_FREE_PRE, pval, it); - if((i >= 0) && (i < it->tcount)) { + if ((i >= 0) && (i < it->tcount)) { ASN1_VALUE **pchval; tt = it->templates + i; pchval = asn1_get_field_ptr(pval, tt); ASN1_template_free(pchval, tt); } - if(asn1_cb) asn1_cb(ASN1_OP_FREE_POST, pval, it); - if(!combine) { - OPENSSL_free(*pval); + if (asn1_cb) + asn1_cb(ASN1_OP_FREE_POST, pval, it, NULL); + if (!combine) { + free(*pval); *pval = NULL; } break; - case ASN1_ITYPE_COMPAT: - cf = it->funcs; - if(cf && cf->asn1_free) cf->asn1_free(*pval); - break; - - case ASN1_ITYPE_EXTERN: + case ASN1_ITYPE_EXTERN: ef = it->funcs; - if(ef && ef->asn1_ex_free) ef->asn1_ex_free(pval, it); + if (ef && ef->asn1_ex_free) + ef->asn1_ex_free(pval, it); break; - case ASN1_ITYPE_SEQUENCE: - if(asn1_do_lock(pval, -1, it) > 0) return; - if(asn1_cb) { - i = asn1_cb(ASN1_OP_FREE_PRE, pval, it); - if(i == 2) return; - } + case ASN1_ITYPE_NDEF_SEQUENCE: + case ASN1_ITYPE_SEQUENCE: + if (asn1_do_lock(pval, -1, it) > 0) + return; + if (asn1_cb) { + i = asn1_cb(ASN1_OP_FREE_PRE, pval, it, NULL); + if (i == 2) + return; + } asn1_enc_free(pval, it); /* If we free up as normal we will invalidate any - * ANY DEFINED BY field and we wont be able to + * ANY DEFINED BY field and we wont be able to * determine the type of the field it defines. So * free up in reverse order. */ tt = it->templates + it->tcount - 1; - for(i = 0; i < it->tcount; tt--, i++) { + for (i = 0; i < it->tcount; tt--, i++) { ASN1_VALUE **pseqval; seqtt = asn1_do_adb(pval, tt, 0); - if(!seqtt) continue; + if (!seqtt) + continue; pseqval = asn1_get_field_ptr(pval, seqtt); ASN1_template_free(pseqval, seqtt); } - if(asn1_cb) asn1_cb(ASN1_OP_FREE_POST, pval, it); - if(!combine) { - OPENSSL_free(*pval); + if (asn1_cb) + asn1_cb(ASN1_OP_FREE_POST, pval, it, NULL); + if (!combine) { + free(*pval); *pval = NULL; } break; } } -void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) +void +ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) { int i; - if(tt->flags & ASN1_TFLG_SK_MASK) { + if (tt->flags & ASN1_TFLG_SK_MASK) { STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval; - for(i = 0; i < sk_ASN1_VALUE_num(sk); i++) { + for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) { ASN1_VALUE *vtmp; vtmp = sk_ASN1_VALUE_value(sk, i); - asn1_item_combine_free(&vtmp, ASN1_ITEM_ptr(tt->item), 0); + asn1_item_combine_free(&vtmp, tt->item, + 0); } sk_ASN1_VALUE_free(sk); *pval = NULL; - } else asn1_item_combine_free(pval, ASN1_ITEM_ptr(tt->item), - tt->flags & ASN1_TFLG_COMBINE); + } else + asn1_item_combine_free(pval, tt->item, + tt->flags & ASN1_TFLG_COMBINE); } -void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it) +void +ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it) { int utype; - if(it) { + if (it) { const ASN1_PRIMITIVE_FUNCS *pf; pf = it->funcs; - if(pf && pf->prim_free) { + if (pf && pf->prim_free) { pf->prim_free(pval, it); return; } } /* Special case: if 'it' is NULL free contents of ASN1_TYPE */ - if(!it) { + if (!it) { ASN1_TYPE *typ = (ASN1_TYPE *)*pval; utype = typ->type; - pval = (ASN1_VALUE **)&typ->value.ptr; - if(!*pval) return; - } else if(it->itype == ASN1_ITYPE_MSTRING) { + pval = &typ->value.asn1_value; + if (!*pval) + return; + } else if (it->itype == ASN1_ITYPE_MSTRING) { utype = -1; - if(!*pval) return; + if (!*pval) + return; } else { utype = it->utype; - if((utype != V_ASN1_BOOLEAN) && !*pval) return; + if ((utype != V_ASN1_BOOLEAN) && !*pval) + return; } - switch(utype) { - case V_ASN1_OBJECT: + switch (utype) { + case V_ASN1_OBJECT: ASN1_OBJECT_free((ASN1_OBJECT *)*pval); break; - case V_ASN1_BOOLEAN: - *(ASN1_BOOLEAN *)pval = it->size; + case V_ASN1_BOOLEAN: + if (it) + *(ASN1_BOOLEAN *)pval = it->size; + else + *(ASN1_BOOLEAN *)pval = -1; return; - case V_ASN1_NULL: + case V_ASN1_NULL: break; - case V_ASN1_ANY: + case V_ASN1_ANY: ASN1_primitive_free(pval, NULL); - OPENSSL_free(*pval); + free(*pval); break; - default: + default: ASN1_STRING_free((ASN1_STRING *)*pval); - *pval = NULL; break; } *pval = NULL; diff --git a/src/lib/libcrypto/asn1/tasn_new.c b/src/lib/libcrypto/asn1/tasn_new.c index e33861f864a..e9bbc05e088 100644 --- a/src/lib/libcrypto/asn1/tasn_new.c +++ b/src/lib/libcrypto/asn1/tasn_new.c @@ -1,16 +1,16 @@ -/* tasn_new.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: tasn_new.c,v 1.17 2017/01/29 17:49:22 beck Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -64,202 +64,209 @@ #include #include -static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine); +static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, + int combine); static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it); static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); -void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it); +static void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it); -ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it) +ASN1_VALUE * +ASN1_item_new(const ASN1_ITEM *it) { ASN1_VALUE *ret = NULL; - if(ASN1_item_ex_new(&ret, it) > 0) return ret; + if (ASN1_item_ex_new(&ret, it) > 0) + return ret; return NULL; } /* Allocate an ASN1 structure */ -int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it) +int +ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it) { return asn1_item_ex_combine_new(pval, it, 0); } -static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine) +static int +asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine) { const ASN1_TEMPLATE *tt = NULL; - const ASN1_COMPAT_FUNCS *cf; const ASN1_EXTERN_FUNCS *ef; const ASN1_AUX *aux = it->funcs; - ASN1_aux_cb *asn1_cb; + ASN1_aux_cb *asn1_cb = NULL; ASN1_VALUE **pseqval; int i; - if(aux && aux->asn1_cb) asn1_cb = aux->asn1_cb; - else asn1_cb = 0; - if(!combine) *pval = NULL; + if (aux != NULL && aux->asn1_cb != NULL) + asn1_cb = aux->asn1_cb; + + if (!combine) + *pval = NULL; #ifdef CRYPTO_MDEBUG - if(it->sname) CRYPTO_push_info(it->sname); + if (it->sname) + CRYPTO_push_info(it->sname); #endif - switch(it->itype) { - - case ASN1_ITYPE_EXTERN: + switch (it->itype) { + case ASN1_ITYPE_EXTERN: ef = it->funcs; - if(ef && ef->asn1_ex_new) { - if(!ef->asn1_ex_new(pval, it)) + if (ef && ef->asn1_ex_new) { + if (!ef->asn1_ex_new(pval, it)) goto memerr; } break; - case ASN1_ITYPE_COMPAT: - cf = it->funcs; - if(cf && cf->asn1_new) { - *pval = cf->asn1_new(); - if(!*pval) goto memerr; - } - break; - - case ASN1_ITYPE_PRIMITIVE: - if(it->templates) { - if(!ASN1_template_new(pval, it->templates)) + case ASN1_ITYPE_PRIMITIVE: + if (it->templates) { + if (!ASN1_template_new(pval, it->templates)) goto memerr; - } else { - if(!ASN1_primitive_new(pval, it)) - goto memerr; - } + } else if (!ASN1_primitive_new(pval, it)) + goto memerr; break; - case ASN1_ITYPE_MSTRING: - if(!ASN1_primitive_new(pval, it)) - goto memerr; + case ASN1_ITYPE_MSTRING: + if (!ASN1_primitive_new(pval, it)) + goto memerr; break; - case ASN1_ITYPE_CHOICE: - if(asn1_cb) { - i = asn1_cb(ASN1_OP_NEW_PRE, pval, it); - if(!i) goto auxerr; - if(i==2) { + case ASN1_ITYPE_CHOICE: + if (asn1_cb) { + i = asn1_cb(ASN1_OP_NEW_PRE, pval, it, NULL); + if (!i) + goto auxerr; + if (i == 2) { #ifdef CRYPTO_MDEBUG - if(it->sname) CRYPTO_pop_info(); + if (it->sname) + CRYPTO_pop_info(); #endif return 1; } } - if(!combine) { - *pval = OPENSSL_malloc(it->size); - if(!*pval) goto memerr; - memset(*pval, 0, it->size); + if (!combine) { + *pval = calloc(1, it->size); + if (!*pval) + goto memerr; } asn1_set_choice_selector(pval, -1, it); - if(asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it)) - goto auxerr; + if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL)) + goto auxerr; break; - case ASN1_ITYPE_SEQUENCE: - if(asn1_cb) { - i = asn1_cb(ASN1_OP_NEW_PRE, pval, it); - if(!i) goto auxerr; - if(i==2) { + case ASN1_ITYPE_NDEF_SEQUENCE: + case ASN1_ITYPE_SEQUENCE: + if (asn1_cb) { + i = asn1_cb(ASN1_OP_NEW_PRE, pval, it, NULL); + if (!i) + goto auxerr; + if (i == 2) { #ifdef CRYPTO_MDEBUG - if(it->sname) CRYPTO_pop_info(); + if (it->sname) + CRYPTO_pop_info(); #endif return 1; } } - if(!combine) { - *pval = OPENSSL_malloc(it->size); - if(!*pval) goto memerr; - memset(*pval, 0, it->size); + if (!combine) { + *pval = calloc(1, it->size); + if (!*pval) + goto memerr; asn1_do_lock(pval, 0, it); asn1_enc_init(pval, it); } - for(i = 0, tt = it->templates; i < it->tcount; tt++, i++) { + for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) { pseqval = asn1_get_field_ptr(pval, tt); - if(!ASN1_template_new(pseqval, tt)) goto memerr; + if (!ASN1_template_new(pseqval, tt)) + goto memerr; } - if(asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it)) - goto auxerr; + if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL)) + goto auxerr; break; } #ifdef CRYPTO_MDEBUG - if(it->sname) CRYPTO_pop_info(); + if (it->sname) + CRYPTO_pop_info(); #endif return 1; - memerr: - ASN1err(ASN1_F_ASN1_ITEM_NEW, ERR_R_MALLOC_FAILURE); +memerr: + ASN1error(ERR_R_MALLOC_FAILURE); #ifdef CRYPTO_MDEBUG - if(it->sname) CRYPTO_pop_info(); + if (it->sname) + CRYPTO_pop_info(); #endif return 0; - auxerr: - ASN1err(ASN1_F_ASN1_ITEM_NEW, ASN1_R_AUX_ERROR); +auxerr: + ASN1error(ASN1_R_AUX_ERROR); ASN1_item_ex_free(pval, it); #ifdef CRYPTO_MDEBUG - if(it->sname) CRYPTO_pop_info(); + if (it->sname) + CRYPTO_pop_info(); #endif return 0; } -static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it) +static void +asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it) { const ASN1_EXTERN_FUNCS *ef; - switch(it->itype) { - - case ASN1_ITYPE_EXTERN: + switch (it->itype) { + case ASN1_ITYPE_EXTERN: ef = it->funcs; - if(ef && ef->asn1_ex_clear) + if (ef && ef->asn1_ex_clear) ef->asn1_ex_clear(pval, it); - else *pval = NULL; + else + *pval = NULL; break; - - case ASN1_ITYPE_PRIMITIVE: - if(it->templates) + case ASN1_ITYPE_PRIMITIVE: + if (it->templates) asn1_template_clear(pval, it->templates); else asn1_primitive_clear(pval, it); break; - case ASN1_ITYPE_MSTRING: + case ASN1_ITYPE_MSTRING: asn1_primitive_clear(pval, it); break; - case ASN1_ITYPE_COMPAT: - case ASN1_ITYPE_CHOICE: - case ASN1_ITYPE_SEQUENCE: + case ASN1_ITYPE_CHOICE: + case ASN1_ITYPE_SEQUENCE: + case ASN1_ITYPE_NDEF_SEQUENCE: *pval = NULL; break; } } - -int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) +int +ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) { - const ASN1_ITEM *it = ASN1_ITEM_ptr(tt->item); + const ASN1_ITEM *it = tt->item; int ret; - if(tt->flags & ASN1_TFLG_OPTIONAL) { + + if (tt->flags & ASN1_TFLG_OPTIONAL) { asn1_template_clear(pval, tt); return 1; } /* If ANY DEFINED BY nothing to do */ - if(tt->flags & ASN1_TFLG_ADB_MASK) { + if (tt->flags & ASN1_TFLG_ADB_MASK) { *pval = NULL; return 1; } #ifdef CRYPTO_MDEBUG - if(tt->field_name) CRYPTO_push_info(tt->field_name); + if (tt->field_name) + CRYPTO_push_info(tt->field_name); #endif /* If SET OF or SEQUENCE OF, its a STACK */ - if(tt->flags & ASN1_TFLG_SK_MASK) { + if (tt->flags & ASN1_TFLG_SK_MASK) { STACK_OF(ASN1_VALUE) *skval; skval = sk_ASN1_VALUE_new_null(); - if(!skval) { - ASN1err(ASN1_F_ASN1_TEMPLATE_NEW, ERR_R_MALLOC_FAILURE); + if (!skval) { + ASN1error(ERR_R_MALLOC_FAILURE); ret = 0; goto done; } @@ -269,80 +276,99 @@ int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) } /* Otherwise pass it back to the item routine */ ret = asn1_item_ex_combine_new(pval, it, tt->flags & ASN1_TFLG_COMBINE); - done: +done: #ifdef CRYPTO_MDEBUG - if(it->sname) CRYPTO_pop_info(); + if (it->sname) + CRYPTO_pop_info(); #endif return ret; } -static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) +static void +asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) { /* If ADB or STACK just NULL the field */ - if(tt->flags & (ASN1_TFLG_ADB_MASK|ASN1_TFLG_SK_MASK)) + if (tt->flags & (ASN1_TFLG_ADB_MASK|ASN1_TFLG_SK_MASK)) *pval = NULL; else - asn1_item_clear(pval, ASN1_ITEM_ptr(tt->item)); + asn1_item_clear(pval, tt->item); } -/* NB: could probably combine most of the real XXX_new() behaviour and junk all the old - * functions. +/* NB: could probably combine most of the real XXX_new() behaviour and junk + * all the old functions. */ -int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it) +int +ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it) { ASN1_TYPE *typ; + ASN1_STRING *str; int utype; - const ASN1_PRIMITIVE_FUNCS *pf; - pf = it->funcs; - if(pf && pf->prim_new) return pf->prim_new(pval, it); - if(!it || (it->itype == ASN1_ITYPE_MSTRING)) utype = -1; - else utype = it->utype; - switch(utype) { - case V_ASN1_OBJECT: + + if (it && it->funcs) { + const ASN1_PRIMITIVE_FUNCS *pf = it->funcs; + if (pf->prim_new) + return pf->prim_new(pval, it); + } + + if (!it || (it->itype == ASN1_ITYPE_MSTRING)) + utype = V_ASN1_UNDEF; + else + utype = it->utype; + switch (utype) { + case V_ASN1_OBJECT: *pval = (ASN1_VALUE *)OBJ_nid2obj(NID_undef); return 1; - case V_ASN1_BOOLEAN: + case V_ASN1_BOOLEAN: *(ASN1_BOOLEAN *)pval = it->size; return 1; - case V_ASN1_NULL: + case V_ASN1_NULL: *pval = (ASN1_VALUE *)1; return 1; - case V_ASN1_ANY: - typ = OPENSSL_malloc(sizeof(ASN1_TYPE)); - if(!typ) return 0; - typ->value.ptr = NULL; - typ->type = -1; + case V_ASN1_ANY: + typ = malloc(sizeof(ASN1_TYPE)); + if (typ != NULL) { + typ->value.ptr = NULL; + typ->type = V_ASN1_UNDEF; + } *pval = (ASN1_VALUE *)typ; break; - default: - *pval = (ASN1_VALUE *)ASN1_STRING_type_new(utype); + default: + str = ASN1_STRING_type_new(utype); + if (it != NULL && it->itype == ASN1_ITYPE_MSTRING && + str != NULL) + str->flags |= ASN1_STRING_FLAG_MSTRING; + *pval = (ASN1_VALUE *)str; break; } - if(*pval) return 1; + if (*pval) + return 1; return 0; } -void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it) +static void +asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it) { int utype; - const ASN1_PRIMITIVE_FUNCS *pf; - pf = it->funcs; - if(pf) { - if(pf->prim_clear) + if (it && it->funcs) { + const ASN1_PRIMITIVE_FUNCS *pf = it->funcs; + if (pf->prim_clear) pf->prim_clear(pval, it); - else + else *pval = NULL; return; } - if(!it || (it->itype == ASN1_ITYPE_MSTRING)) utype = -1; - else utype = it->utype; - if(utype == V_ASN1_BOOLEAN) + if (!it || (it->itype == ASN1_ITYPE_MSTRING)) + utype = V_ASN1_UNDEF; + else + utype = it->utype; + if (utype == V_ASN1_BOOLEAN) *(ASN1_BOOLEAN *)pval = it->size; - else *pval = NULL; + else + *pval = NULL; } diff --git a/src/lib/libcrypto/asn1/tasn_prn.c b/src/lib/libcrypto/asn1/tasn_prn.c index fab67ae5ac8..9fbf177ba4c 100644 --- a/src/lib/libcrypto/asn1/tasn_prn.c +++ b/src/lib/libcrypto/asn1/tasn_prn.c @@ -1,16 +1,16 @@ -/* tasn_prn.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: tasn_prn.c,v 1.18 2019/03/23 18:48:14 beck Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * Copyright (c) 2000,2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -56,143 +56,545 @@ * */ - #include + #include -#include +#include #include #include -#include +#include +#include + +#include "asn1_locl.h" -/* Print routines. Print out a whole structure from a template. +/* Print routines. */ -static int asn1_item_print_nm(BIO *out, void *fld, int indent, const ASN1_ITEM *it, const char *name); +/* ASN1_PCTX routines */ -int ASN1_item_print(BIO *out, void *fld, int indent, const ASN1_ITEM *it) +ASN1_PCTX default_pctx = { + ASN1_PCTX_FLAGS_SHOW_ABSENT, /* flags */ + 0, /* nm_flags */ + 0, /* cert_flags */ + 0, /* oid_flags */ + 0 /* str_flags */ +}; + + +ASN1_PCTX * +ASN1_PCTX_new(void) { - return asn1_item_print_nm(out, fld, indent, it, it->sname); + ASN1_PCTX *ret; + ret = malloc(sizeof(ASN1_PCTX)); + if (ret == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); + return NULL; + } + ret->flags = 0; + ret->nm_flags = 0; + ret->cert_flags = 0; + ret->oid_flags = 0; + ret->str_flags = 0; + return ret; } -static int asn1_item_print_nm(BIO *out, void *fld, int indent, const ASN1_ITEM *it, const char *name) +void +ASN1_PCTX_free(ASN1_PCTX *p) +{ + free(p); +} + +unsigned long +ASN1_PCTX_get_flags(const ASN1_PCTX *p) +{ + return p->flags; +} + +void +ASN1_PCTX_set_flags(ASN1_PCTX *p, unsigned long flags) +{ + p->flags = flags; +} + +unsigned long +ASN1_PCTX_get_nm_flags(const ASN1_PCTX *p) +{ + return p->nm_flags; +} + +void +ASN1_PCTX_set_nm_flags(ASN1_PCTX *p, unsigned long flags) +{ + p->nm_flags = flags; +} + +unsigned long +ASN1_PCTX_get_cert_flags(const ASN1_PCTX *p) +{ + return p->cert_flags; +} + +void +ASN1_PCTX_set_cert_flags(ASN1_PCTX *p, unsigned long flags) +{ + p->cert_flags = flags; +} + +unsigned long +ASN1_PCTX_get_oid_flags(const ASN1_PCTX *p) +{ + return p->oid_flags; +} + +void +ASN1_PCTX_set_oid_flags(ASN1_PCTX *p, unsigned long flags) +{ + p->oid_flags = flags; +} + +unsigned long +ASN1_PCTX_get_str_flags(const ASN1_PCTX *p) +{ + return p->str_flags; +} + +void +ASN1_PCTX_set_str_flags(ASN1_PCTX *p, unsigned long flags) +{ + p->str_flags = flags; +} + +/* Main print routines */ + +static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, + const ASN1_ITEM *it, const char *fname, const char *sname, int nohdr, + const ASN1_PCTX *pctx); + +int asn1_template_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, + const ASN1_TEMPLATE *tt, const ASN1_PCTX *pctx); + +static int asn1_primitive_print(BIO *out, ASN1_VALUE **fld, + const ASN1_ITEM *it, int indent, const char *fname, const char *sname, + const ASN1_PCTX *pctx); + +static int asn1_print_fsname(BIO *out, int indent, const char *fname, + const char *sname, const ASN1_PCTX *pctx); + +int +ASN1_item_print(BIO *out, ASN1_VALUE *ifld, int indent, const ASN1_ITEM *it, + const ASN1_PCTX *pctx) +{ + const char *sname; + + if (pctx == NULL) + pctx = &default_pctx; + if (pctx->flags & ASN1_PCTX_FLAGS_NO_STRUCT_NAME) + sname = NULL; + else + sname = it->sname; + return asn1_item_print_ctx(out, &ifld, indent, it, NULL, sname, + 0, pctx); +} + +static int +asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, const ASN1_ITEM *it, + const char *fname, const char *sname, int nohdr, const ASN1_PCTX *pctx) { - ASN1_STRING *str; const ASN1_TEMPLATE *tt; - void *tmpfld; + const ASN1_EXTERN_FUNCS *ef; + ASN1_VALUE **tmpfld; + const ASN1_AUX *aux = it->funcs; + ASN1_aux_cb *asn1_cb; + ASN1_PRINT_ARG parg; int i; - if(!fld) { - BIO_printf(out, "%*s%s ABSENT\n", indent, "", name); + + if (aux && aux->asn1_cb) { + parg.out = out; + parg.indent = indent; + parg.pctx = pctx; + asn1_cb = aux->asn1_cb; + } else + asn1_cb = NULL; + + if (*fld == NULL) { + if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_ABSENT) { + if (!nohdr && + !asn1_print_fsname(out, indent, fname, sname, pctx)) + return 0; + if (BIO_puts(out, "\n") <= 0) + return 0; + } return 1; } - switch(it->itype) { - case ASN1_ITYPE_PRIMITIVE: - if(it->templates) - return ASN1_template_print(out, fld, indent, it->templates); - return asn1_primitive_print(out, fld, it->utype, indent, name); + switch (it->itype) { + case ASN1_ITYPE_PRIMITIVE: + if (it->templates) { + if (!asn1_template_print_ctx(out, fld, indent, + it->templates, pctx)) + return 0; + } + /* fall thru */ + case ASN1_ITYPE_MSTRING: + if (!asn1_primitive_print(out, fld, it, + indent, fname, sname, pctx)) + return 0; break; - case ASN1_ITYPE_MSTRING: - str = fld; - return asn1_primitive_print(out, fld, str->type, indent, name); - - case ASN1_ITYPE_EXTERN: - BIO_printf(out, "%*s%s:EXTERNAL TYPE %s %s\n", indent, "", name, it->sname, fld ? "" : "ABSENT"); - return 1; - case ASN1_ITYPE_COMPAT: - BIO_printf(out, "%*s%s:COMPATIBLE TYPE %s %s\n", indent, "", name, it->sname, fld ? "" : "ABSENT"); - return 1; - + case ASN1_ITYPE_EXTERN: + if (!nohdr && + !asn1_print_fsname(out, indent, fname, sname, pctx)) + return 0; + /* Use new style print routine if possible */ + ef = it->funcs; + if (ef && ef->asn1_ex_print) { + i = ef->asn1_ex_print(out, fld, indent, "", pctx); + if (!i) + return 0; + if ((i == 2) && (BIO_puts(out, "\n") <= 0)) + return 0; + return 1; + } else if (sname && + BIO_printf(out, ":EXTERNAL TYPE %s\n", sname) <= 0) + return 0; + break; - case ASN1_ITYPE_CHOICE: + case ASN1_ITYPE_CHOICE: /* CHOICE type, get selector */ i = asn1_get_choice_selector(fld, it); /* This should never happen... */ - if((i < 0) || (i >= it->tcount)) { - BIO_printf(out, "%s selector [%d] out of range\n", it->sname, i); + if ((i < 0) || (i >= it->tcount)) { + if (BIO_printf(out, + "ERROR: selector [%d] invalid\n", i) <= 0) + return 0; return 1; } tt = it->templates + i; - tmpfld = asn1_get_field(fld, tt); - return ASN1_template_print(out, tmpfld, indent, tt); - - case ASN1_ITYPE_SEQUENCE: - BIO_printf(out, "%*s%s {\n", indent, "", name); - /* Get each field entry */ - for(i = 0, tt = it->templates; i < it->tcount; i++, tt++) { - tmpfld = asn1_get_field(fld, tt); - ASN1_template_print(out, tmpfld, indent + 2, tt); + tmpfld = asn1_get_field_ptr(fld, tt); + if (!asn1_template_print_ctx(out, tmpfld, indent, tt, pctx)) + return 0; + break; + + case ASN1_ITYPE_SEQUENCE: + case ASN1_ITYPE_NDEF_SEQUENCE: + if (!nohdr && + !asn1_print_fsname(out, indent, fname, sname, pctx)) + return 0; + if (fname || sname) { + if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_SEQUENCE) { + if (BIO_puts(out, " {\n") <= 0) + return 0; + } else { + if (BIO_puts(out, "\n") <= 0) + return 0; + } + } + + if (asn1_cb) { + i = asn1_cb(ASN1_OP_PRINT_PRE, fld, it, &parg); + if (i == 0) + return 0; + if (i == 2) + return 1; } - BIO_printf(out, "%*s}\n", indent, ""); - return 1; - default: + /* Print each field entry */ + for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) { + const ASN1_TEMPLATE *seqtt; + + seqtt = asn1_do_adb(fld, tt, 1); + if (seqtt == NULL) + return 0; + tmpfld = asn1_get_field_ptr(fld, seqtt); + if (!asn1_template_print_ctx(out, tmpfld, indent + 2, + seqtt, pctx)) + return 0; + } + if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_SEQUENCE) { + if (BIO_printf(out, "%*s}\n", indent, "") < 0) + return 0; + } + + if (asn1_cb) { + i = asn1_cb(ASN1_OP_PRINT_POST, fld, it, &parg); + if (i == 0) + return 0; + } + break; + + default: + BIO_printf(out, "Unprocessed type %d\n", it->itype); return 0; } + + return 1; } -int ASN1_template_print(BIO *out, void *fld, int indent, const ASN1_TEMPLATE *tt) +int +asn1_template_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, + const ASN1_TEMPLATE *tt, const ASN1_PCTX *pctx) { int i, flags; -#if 0 - if(!fld) return 0; -#endif + const char *sname, *fname; + flags = tt->flags; - if(flags & ASN1_TFLG_SK_MASK) { + if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME) + sname = tt->item->sname; + else + sname = NULL; + if (pctx->flags & ASN1_PCTX_FLAGS_NO_FIELD_NAME) + fname = NULL; + else + fname = tt->field_name; + if (flags & ASN1_TFLG_SK_MASK) { char *tname; - void *skitem; + ASN1_VALUE *skitem; + STACK_OF(ASN1_VALUE) *stack; + /* SET OF, SEQUENCE OF */ - if(flags & ASN1_TFLG_SET_OF) tname = "SET"; - else tname = "SEQUENCE"; - if(fld) { - BIO_printf(out, "%*s%s OF %s {\n", indent, "", tname, tt->field_name); - for(i = 0; i < sk_num(fld); i++) { - skitem = sk_value(fld, i); - asn1_item_print_nm(out, skitem, indent + 2, tt->item, ""); - } - BIO_printf(out, "%*s}\n", indent, ""); - } else - BIO_printf(out, "%*s%s OF %s ABSENT\n", indent, "", tname, tt->field_name); + if (fname) { + if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_SSOF) { + if (flags & ASN1_TFLG_SET_OF) + tname = "SET"; + else + tname = "SEQUENCE"; + if (BIO_printf(out, "%*s%s OF %s {\n", + indent, "", tname, tt->field_name) <= 0) + return 0; + } else if (BIO_printf(out, "%*s%s:\n", indent, "", + fname) <= 0) + return 0; + } + stack = (STACK_OF(ASN1_VALUE) *)*fld; + for (i = 0; i < sk_ASN1_VALUE_num(stack); i++) { + if ((i > 0) && (BIO_puts(out, "\n") <= 0)) + return 0; + skitem = sk_ASN1_VALUE_value(stack, i); + if (!asn1_item_print_ctx(out, &skitem, indent + 2, + tt->item, NULL, NULL, 1, pctx)) + return 0; + } + if (!i && BIO_printf(out, "%*s\n", indent + 2, "") <= 0) + return 0; + if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_SEQUENCE) { + if (BIO_printf(out, "%*s}\n", indent, "") <= 0) + return 0; + } + return 1; + } + return asn1_item_print_ctx(out, fld, indent, tt->item, + fname, sname, 0, pctx); +} + +static int +asn1_print_fsname(BIO *out, int indent, const char *fname, const char *sname, + const ASN1_PCTX *pctx) +{ + static char spaces[] = " "; + const int nspaces = sizeof(spaces) - 1; + + while (indent > nspaces) { + if (BIO_write(out, spaces, nspaces) != nspaces) + return 0; + indent -= nspaces; + } + if (BIO_write(out, spaces, indent) != indent) + return 0; + if (pctx->flags & ASN1_PCTX_FLAGS_NO_STRUCT_NAME) + sname = NULL; + if (pctx->flags & ASN1_PCTX_FLAGS_NO_FIELD_NAME) + fname = NULL; + if (!sname && !fname) return 1; + if (fname) { + if (BIO_puts(out, fname) <= 0) + return 0; } - return asn1_item_print_nm(out, fld, indent, tt->item, tt->field_name); -} - -static int asn1_primitive_print(BIO *out, void *fld, long utype, int indent, const char *name) -{ - ASN1_STRING *str = fld; - if(fld) { - if(utype == V_ASN1_BOOLEAN) { - int *bool = fld; -if(*bool == -1) printf("BOOL MISSING\n"); - BIO_printf(out, "%*s%s:%s", indent, "", "BOOLEAN", *bool ? "TRUE" : "FALSE"); - } else if((utype == V_ASN1_INTEGER) - || (utype == V_ASN1_ENUMERATED)) { - char *s, *nm; - s = i2s_ASN1_INTEGER(NULL, fld); - if(utype == V_ASN1_INTEGER) nm = "INTEGER"; - else nm = "ENUMERATED"; - BIO_printf(out, "%*s%s:%s", indent, "", nm, s); - OPENSSL_free(s); - } else if(utype == V_ASN1_NULL) { - BIO_printf(out, "%*s%s", indent, "", "NULL"); - } else if(utype == V_ASN1_UTCTIME) { - BIO_printf(out, "%*s%s:%s:", indent, "", name, "UTCTIME"); - ASN1_UTCTIME_print(out, str); - } else if(utype == V_ASN1_GENERALIZEDTIME) { - BIO_printf(out, "%*s%s:%s:", indent, "", name, "GENERALIZEDTIME"); - ASN1_GENERALIZEDTIME_print(out, str); - } else if(utype == V_ASN1_OBJECT) { - char objbuf[80], *ln; - ln = OBJ_nid2ln(OBJ_obj2nid(fld)); - if(!ln) ln = ""; - OBJ_obj2txt(objbuf, 80, fld, 1); - BIO_printf(out, "%*s%s:%s (%s)", indent, "", "OBJECT", ln, objbuf); + if (sname) { + if (fname) { + if (BIO_printf(out, " (%s)", sname) <= 0) + return 0; } else { - BIO_printf(out, "%*s%s:", indent, "", name); - ASN1_STRING_print_ex(out, str, ASN1_STRFLGS_DUMP_UNKNOWN|ASN1_STRFLGS_SHOW_TYPE); + if (BIO_puts(out, sname) <= 0) + return 0; + } + } + if (BIO_write(out, ": ", 2) != 2) + return 0; + return 1; +} + +static int +asn1_print_boolean_ctx(BIO *out, int boolval, const ASN1_PCTX *pctx) +{ + const char *str; + switch (boolval) { + case -1: + str = "BOOL ABSENT"; + break; + + case 0: + str = "FALSE"; + break; + + default: + str = "TRUE"; + break; + + } + + if (BIO_puts(out, str) <= 0) + return 0; + return 1; + +} + +static int +asn1_print_integer_ctx(BIO *out, ASN1_INTEGER *str, const ASN1_PCTX *pctx) +{ + char *s; + int ret = 1; + s = i2s_ASN1_INTEGER(NULL, str); + if (BIO_puts(out, s) <= 0) + ret = 0; + free(s); + return ret; +} + +static int +asn1_print_oid_ctx(BIO *out, const ASN1_OBJECT *oid, const ASN1_PCTX *pctx) +{ + char objbuf[80]; + const char *ln; + ln = OBJ_nid2ln(OBJ_obj2nid(oid)); + if (!ln) + ln = ""; + OBJ_obj2txt(objbuf, sizeof objbuf, oid, 1); + if (BIO_printf(out, "%s (%s)", ln, objbuf) <= 0) + return 0; + return 1; +} + +static int +asn1_print_obstring_ctx(BIO *out, ASN1_STRING *str, int indent, + const ASN1_PCTX *pctx) +{ + if (str->type == V_ASN1_BIT_STRING) { + if (BIO_printf(out, " (%ld unused bits)\n", + str->flags & 0x7) <= 0) + return 0; + } else if (BIO_puts(out, "\n") <= 0) + return 0; + if ((str->length > 0) && + BIO_dump_indent(out, (char *)str->data, str->length, + indent + 2) <= 0) + return 0; + return 1; +} + +static int +asn1_primitive_print(BIO *out, ASN1_VALUE **fld, const ASN1_ITEM *it, + int indent, const char *fname, const char *sname, const ASN1_PCTX *pctx) +{ + long utype; + ASN1_STRING *str; + int ret = 1, needlf = 1; + const char *pname; + const ASN1_PRIMITIVE_FUNCS *pf; + + pf = it->funcs; + if (!asn1_print_fsname(out, indent, fname, sname, pctx)) + return 0; + if (pf && pf->prim_print) + return pf->prim_print(out, fld, it, indent, pctx); + + str = (ASN1_STRING *)*fld; + + if (str->length < 0) + return 0; + + if (it->itype == ASN1_ITYPE_MSTRING) + utype = str->type & ~V_ASN1_NEG; + else + utype = it->utype; + if (utype == V_ASN1_ANY) { + ASN1_TYPE *atype = (ASN1_TYPE *)*fld; + utype = atype->type; + fld = &atype->value.asn1_value; + if (pctx->flags & ASN1_PCTX_FLAGS_NO_ANY_TYPE) + pname = NULL; + else + pname = ASN1_tag2str(utype); + } else { + if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_TYPE) + pname = ASN1_tag2str(utype); + else + pname = NULL; + } + + if (utype == V_ASN1_NULL) { + if (BIO_puts(out, "NULL\n") <= 0) + return 0; + return 1; + } + + if (pname) { + if (BIO_puts(out, pname) <= 0) + return 0; + if (BIO_puts(out, ":") <= 0) + return 0; + } + + switch (utype) { + case V_ASN1_BOOLEAN: + { + int boolval = *(int *)fld; + if (boolval == -1) + boolval = it->size; + ret = asn1_print_boolean_ctx(out, boolval, pctx); } - BIO_printf(out, "\n"); - } else BIO_printf(out, "%*s%s [ABSENT]\n", indent, "", name); + break; + + case V_ASN1_INTEGER: + case V_ASN1_ENUMERATED: + ret = asn1_print_integer_ctx(out, str, pctx); + break; + + case V_ASN1_UTCTIME: + ret = ASN1_UTCTIME_print(out, str); + break; + + case V_ASN1_GENERALIZEDTIME: + ret = ASN1_GENERALIZEDTIME_print(out, str); + break; + + case V_ASN1_OBJECT: + ret = asn1_print_oid_ctx(out, (const ASN1_OBJECT *)*fld, pctx); + break; + + case V_ASN1_OCTET_STRING: + case V_ASN1_BIT_STRING: + ret = asn1_print_obstring_ctx(out, str, indent, pctx); + needlf = 0; + break; + + case V_ASN1_SEQUENCE: + case V_ASN1_SET: + case V_ASN1_OTHER: + if (BIO_puts(out, "\n") <= 0) + return 0; + if (ASN1_parse_dump(out, str->data, str->length, + indent, 0) <= 0) + ret = 0; + needlf = 0; + break; + + default: + ret = ASN1_STRING_print_ex(out, str, pctx->str_flags); + } + if (!ret) + return 0; + if (needlf && BIO_puts(out, "\n") <= 0) + return 0; return 1; } diff --git a/src/lib/libcrypto/asn1/tasn_typ.c b/src/lib/libcrypto/asn1/tasn_typ.c index 804d2eeba27..542713aa097 100644 --- a/src/lib/libcrypto/asn1/tasn_typ.c +++ b/src/lib/libcrypto/asn1/tasn_typ.c @@ -1,5 +1,5 @@ -/* tasn_typ.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: tasn_typ.c,v 1.13 2015/07/24 15:09:52 jsing Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -61,73 +61,739 @@ /* Declarations for string types */ +const ASN1_ITEM ASN1_INTEGER_it = { + .itype = ASN1_ITYPE_PRIMITIVE, + .utype = V_ASN1_INTEGER, + .sname = "ASN1_INTEGER", +}; -IMPLEMENT_ASN1_TYPE(ASN1_INTEGER) -IMPLEMENT_ASN1_FUNCTIONS(ASN1_INTEGER) +ASN1_INTEGER * +d2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **in, long len) +{ + return (ASN1_INTEGER *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &ASN1_INTEGER_it); +} -IMPLEMENT_ASN1_TYPE(ASN1_ENUMERATED) -IMPLEMENT_ASN1_FUNCTIONS(ASN1_ENUMERATED) +int +i2d_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_INTEGER_it); +} -IMPLEMENT_ASN1_TYPE(ASN1_BIT_STRING) -IMPLEMENT_ASN1_FUNCTIONS(ASN1_BIT_STRING) +ASN1_INTEGER * +ASN1_INTEGER_new(void) +{ + return (ASN1_INTEGER *)ASN1_item_new(&ASN1_INTEGER_it); +} -IMPLEMENT_ASN1_TYPE(ASN1_OCTET_STRING) -IMPLEMENT_ASN1_FUNCTIONS(ASN1_OCTET_STRING) +void +ASN1_INTEGER_free(ASN1_INTEGER *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &ASN1_INTEGER_it); +} -IMPLEMENT_ASN1_TYPE(ASN1_NULL) -IMPLEMENT_ASN1_FUNCTIONS(ASN1_NULL) -IMPLEMENT_ASN1_TYPE(ASN1_OBJECT) +const ASN1_ITEM ASN1_ENUMERATED_it = { + .itype = ASN1_ITYPE_PRIMITIVE, + .utype = V_ASN1_ENUMERATED, + .sname = "ASN1_ENUMERATED", +}; -IMPLEMENT_ASN1_TYPE(ASN1_UTF8STRING) -IMPLEMENT_ASN1_FUNCTIONS(ASN1_UTF8STRING) +ASN1_ENUMERATED * +d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **a, const unsigned char **in, long len) +{ + return (ASN1_ENUMERATED *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &ASN1_ENUMERATED_it); +} -IMPLEMENT_ASN1_TYPE(ASN1_PRINTABLESTRING) -IMPLEMENT_ASN1_FUNCTIONS(ASN1_PRINTABLESTRING) +int +i2d_ASN1_ENUMERATED(ASN1_ENUMERATED *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_ENUMERATED_it); +} -IMPLEMENT_ASN1_TYPE(ASN1_T61STRING) -IMPLEMENT_ASN1_FUNCTIONS(ASN1_T61STRING) +ASN1_ENUMERATED * +ASN1_ENUMERATED_new(void) +{ + return (ASN1_ENUMERATED *)ASN1_item_new(&ASN1_ENUMERATED_it); +} -IMPLEMENT_ASN1_TYPE(ASN1_IA5STRING) -IMPLEMENT_ASN1_FUNCTIONS(ASN1_IA5STRING) +void +ASN1_ENUMERATED_free(ASN1_ENUMERATED *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &ASN1_ENUMERATED_it); +} -IMPLEMENT_ASN1_TYPE(ASN1_GENERALSTRING) -IMPLEMENT_ASN1_FUNCTIONS(ASN1_GENERALSTRING) -IMPLEMENT_ASN1_TYPE(ASN1_UTCTIME) -IMPLEMENT_ASN1_FUNCTIONS(ASN1_UTCTIME) +const ASN1_ITEM ASN1_BIT_STRING_it = { + .itype = ASN1_ITYPE_PRIMITIVE, + .utype = V_ASN1_BIT_STRING, + .sname = "ASN1_BIT_STRING", +}; -IMPLEMENT_ASN1_TYPE(ASN1_GENERALIZEDTIME) -IMPLEMENT_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME) +ASN1_BIT_STRING * +d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, const unsigned char **in, long len) +{ + return (ASN1_BIT_STRING *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &ASN1_BIT_STRING_it); +} -IMPLEMENT_ASN1_TYPE(ASN1_VISIBLESTRING) -IMPLEMENT_ASN1_FUNCTIONS(ASN1_VISIBLESTRING) +int +i2d_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_BIT_STRING_it); +} -IMPLEMENT_ASN1_TYPE(ASN1_UNIVERSALSTRING) -IMPLEMENT_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING) +ASN1_BIT_STRING * +ASN1_BIT_STRING_new(void) +{ + return (ASN1_BIT_STRING *)ASN1_item_new(&ASN1_BIT_STRING_it); +} -IMPLEMENT_ASN1_TYPE(ASN1_BMPSTRING) -IMPLEMENT_ASN1_FUNCTIONS(ASN1_BMPSTRING) +void +ASN1_BIT_STRING_free(ASN1_BIT_STRING *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &ASN1_BIT_STRING_it); +} -IMPLEMENT_ASN1_TYPE(ASN1_ANY) + +const ASN1_ITEM ASN1_OCTET_STRING_it = { + .itype = ASN1_ITYPE_PRIMITIVE, + .utype = V_ASN1_OCTET_STRING, + .sname = "ASN1_OCTET_STRING", +}; + +ASN1_OCTET_STRING * +d2i_ASN1_OCTET_STRING(ASN1_OCTET_STRING **a, const unsigned char **in, long len) +{ + return (ASN1_OCTET_STRING *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &ASN1_OCTET_STRING_it); +} + +int +i2d_ASN1_OCTET_STRING(ASN1_OCTET_STRING *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_OCTET_STRING_it); +} + +ASN1_OCTET_STRING * +ASN1_OCTET_STRING_new(void) +{ + return (ASN1_OCTET_STRING *)ASN1_item_new(&ASN1_OCTET_STRING_it); +} + +void +ASN1_OCTET_STRING_free(ASN1_OCTET_STRING *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &ASN1_OCTET_STRING_it); +} + + +const ASN1_ITEM ASN1_NULL_it = { + .itype = ASN1_ITYPE_PRIMITIVE, + .utype = V_ASN1_NULL, + .sname = "ASN1_NULL", +}; + +ASN1_NULL * +d2i_ASN1_NULL(ASN1_NULL **a, const unsigned char **in, long len) +{ + return (ASN1_NULL *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &ASN1_NULL_it); +} + +int +i2d_ASN1_NULL(ASN1_NULL *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_NULL_it); +} + +ASN1_NULL * +ASN1_NULL_new(void) +{ + return (ASN1_NULL *)ASN1_item_new(&ASN1_NULL_it); +} + +void +ASN1_NULL_free(ASN1_NULL *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &ASN1_NULL_it); +} + + +const ASN1_ITEM ASN1_OBJECT_it = { + .itype = ASN1_ITYPE_PRIMITIVE, + .utype = V_ASN1_OBJECT, + .sname = "ASN1_OBJECT", +}; + + +const ASN1_ITEM ASN1_UTF8STRING_it = { + .itype = ASN1_ITYPE_PRIMITIVE, + .utype = V_ASN1_UTF8STRING, + .sname = "ASN1_UTF8STRING", +}; + +ASN1_UTF8STRING * +d2i_ASN1_UTF8STRING(ASN1_UTF8STRING **a, const unsigned char **in, long len) +{ + return (ASN1_UTF8STRING *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &ASN1_UTF8STRING_it); +} + +int +i2d_ASN1_UTF8STRING(ASN1_UTF8STRING *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_UTF8STRING_it); +} + +ASN1_UTF8STRING * +ASN1_UTF8STRING_new(void) +{ + return (ASN1_UTF8STRING *)ASN1_item_new(&ASN1_UTF8STRING_it); +} + +void +ASN1_UTF8STRING_free(ASN1_UTF8STRING *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &ASN1_UTF8STRING_it); +} + + +const ASN1_ITEM ASN1_PRINTABLESTRING_it = { + .itype = ASN1_ITYPE_PRIMITIVE, + .utype = V_ASN1_PRINTABLESTRING, + .sname = "ASN1_PRINTABLESTRING", +}; + +ASN1_PRINTABLESTRING * +d2i_ASN1_PRINTABLESTRING(ASN1_PRINTABLESTRING **a, const unsigned char **in, + long len) +{ + return (ASN1_PRINTABLESTRING *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &ASN1_PRINTABLESTRING_it); +} + +int +i2d_ASN1_PRINTABLESTRING(ASN1_PRINTABLESTRING *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_PRINTABLESTRING_it); +} + +ASN1_PRINTABLESTRING * +ASN1_PRINTABLESTRING_new(void) +{ + return (ASN1_PRINTABLESTRING *)ASN1_item_new(&ASN1_PRINTABLESTRING_it); +} + +void +ASN1_PRINTABLESTRING_free(ASN1_PRINTABLESTRING *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &ASN1_PRINTABLESTRING_it); +} + + +const ASN1_ITEM ASN1_T61STRING_it = { + .itype = ASN1_ITYPE_PRIMITIVE, + .utype = V_ASN1_T61STRING, + .sname = "ASN1_T61STRING", +}; + +ASN1_T61STRING * +d2i_ASN1_T61STRING(ASN1_T61STRING **a, const unsigned char **in, long len) +{ + return (ASN1_T61STRING *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &ASN1_T61STRING_it); +} + +int +i2d_ASN1_T61STRING(ASN1_T61STRING *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_T61STRING_it); +} + +ASN1_T61STRING * +ASN1_T61STRING_new(void) +{ + return (ASN1_T61STRING *)ASN1_item_new(&ASN1_T61STRING_it); +} + +void +ASN1_T61STRING_free(ASN1_T61STRING *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &ASN1_T61STRING_it); +} + + +const ASN1_ITEM ASN1_IA5STRING_it = { + .itype = ASN1_ITYPE_PRIMITIVE, + .utype = V_ASN1_IA5STRING, + .sname = "ASN1_IA5STRING", +}; + +ASN1_IA5STRING * +d2i_ASN1_IA5STRING(ASN1_IA5STRING **a, const unsigned char **in, long len) +{ + return (ASN1_IA5STRING *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &ASN1_IA5STRING_it); +} + +int +i2d_ASN1_IA5STRING(ASN1_IA5STRING *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_IA5STRING_it); +} + +ASN1_IA5STRING * +ASN1_IA5STRING_new(void) +{ + return (ASN1_IA5STRING *)ASN1_item_new(&ASN1_IA5STRING_it); +} + +void +ASN1_IA5STRING_free(ASN1_IA5STRING *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &ASN1_IA5STRING_it); +} + + +const ASN1_ITEM ASN1_GENERALSTRING_it = { + .itype = ASN1_ITYPE_PRIMITIVE, + .utype = V_ASN1_GENERALSTRING, + .sname = "ASN1_GENERALSTRING", +}; + +ASN1_GENERALSTRING * +d2i_ASN1_GENERALSTRING(ASN1_GENERALSTRING **a, const unsigned char **in, + long len) +{ + return (ASN1_GENERALSTRING *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &ASN1_GENERALSTRING_it); +} + +int +i2d_ASN1_GENERALSTRING(ASN1_GENERALSTRING *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_GENERALSTRING_it); +} + +ASN1_GENERALSTRING * +ASN1_GENERALSTRING_new(void) +{ + return (ASN1_GENERALSTRING *)ASN1_item_new(&ASN1_GENERALSTRING_it); +} + +void +ASN1_GENERALSTRING_free(ASN1_GENERALSTRING *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &ASN1_GENERALSTRING_it); +} + + +const ASN1_ITEM ASN1_UTCTIME_it = { + .itype = ASN1_ITYPE_PRIMITIVE, + .utype = V_ASN1_UTCTIME, + .sname = "ASN1_UTCTIME", +}; + +ASN1_UTCTIME * +d2i_ASN1_UTCTIME(ASN1_UTCTIME **a, const unsigned char **in, long len) +{ + return (ASN1_UTCTIME *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &ASN1_UTCTIME_it); +} + +int +i2d_ASN1_UTCTIME(ASN1_UTCTIME *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_UTCTIME_it); +} + +ASN1_UTCTIME * +ASN1_UTCTIME_new(void) +{ + return (ASN1_UTCTIME *)ASN1_item_new(&ASN1_UTCTIME_it); +} + +void +ASN1_UTCTIME_free(ASN1_UTCTIME *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &ASN1_UTCTIME_it); +} + + +const ASN1_ITEM ASN1_GENERALIZEDTIME_it = { + .itype = ASN1_ITYPE_PRIMITIVE, + .utype = V_ASN1_GENERALIZEDTIME, + .sname = "ASN1_GENERALIZEDTIME", +}; + +ASN1_GENERALIZEDTIME * +d2i_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME **a, const unsigned char **in, + long len) +{ + return (ASN1_GENERALIZEDTIME *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &ASN1_GENERALIZEDTIME_it); +} + +int +i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_GENERALIZEDTIME_it); +} + +ASN1_GENERALIZEDTIME * +ASN1_GENERALIZEDTIME_new(void) +{ + return (ASN1_GENERALIZEDTIME *)ASN1_item_new(&ASN1_GENERALIZEDTIME_it); +} + +void +ASN1_GENERALIZEDTIME_free(ASN1_GENERALIZEDTIME *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &ASN1_GENERALIZEDTIME_it); +} + + +const ASN1_ITEM ASN1_VISIBLESTRING_it = { + .itype = ASN1_ITYPE_PRIMITIVE, + .utype = V_ASN1_VISIBLESTRING, + .sname = "ASN1_VISIBLESTRING", +}; + +ASN1_VISIBLESTRING * +d2i_ASN1_VISIBLESTRING(ASN1_VISIBLESTRING **a, const unsigned char **in, + long len) +{ + return (ASN1_VISIBLESTRING *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &ASN1_VISIBLESTRING_it); +} + +int +i2d_ASN1_VISIBLESTRING(ASN1_VISIBLESTRING *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_VISIBLESTRING_it); +} + +ASN1_VISIBLESTRING * +ASN1_VISIBLESTRING_new(void) +{ + return (ASN1_VISIBLESTRING *)ASN1_item_new(&ASN1_VISIBLESTRING_it); +} + +void +ASN1_VISIBLESTRING_free(ASN1_VISIBLESTRING *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &ASN1_VISIBLESTRING_it); +} + + +const ASN1_ITEM ASN1_UNIVERSALSTRING_it = { + .itype = ASN1_ITYPE_PRIMITIVE, + .utype = V_ASN1_UNIVERSALSTRING, + .sname = "ASN1_UNIVERSALSTRING", +}; + +ASN1_UNIVERSALSTRING * +d2i_ASN1_UNIVERSALSTRING(ASN1_UNIVERSALSTRING **a, const unsigned char **in, + long len) +{ + return (ASN1_UNIVERSALSTRING *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &ASN1_UNIVERSALSTRING_it); +} + +int +i2d_ASN1_UNIVERSALSTRING(ASN1_UNIVERSALSTRING *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_UNIVERSALSTRING_it); +} + +ASN1_UNIVERSALSTRING * +ASN1_UNIVERSALSTRING_new(void) +{ + return (ASN1_UNIVERSALSTRING *)ASN1_item_new(&ASN1_UNIVERSALSTRING_it); +} + +void +ASN1_UNIVERSALSTRING_free(ASN1_UNIVERSALSTRING *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &ASN1_UNIVERSALSTRING_it); +} + + +const ASN1_ITEM ASN1_BMPSTRING_it = { + .itype = ASN1_ITYPE_PRIMITIVE, + .utype = V_ASN1_BMPSTRING, + .sname = "ASN1_BMPSTRING", +}; + +ASN1_BMPSTRING * +d2i_ASN1_BMPSTRING(ASN1_BMPSTRING **a, const unsigned char **in, long len) +{ + return (ASN1_BMPSTRING *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &ASN1_BMPSTRING_it); +} + +int +i2d_ASN1_BMPSTRING(ASN1_BMPSTRING *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_BMPSTRING_it); +} + +ASN1_BMPSTRING * +ASN1_BMPSTRING_new(void) +{ + return (ASN1_BMPSTRING *)ASN1_item_new(&ASN1_BMPSTRING_it); +} + +void +ASN1_BMPSTRING_free(ASN1_BMPSTRING *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &ASN1_BMPSTRING_it); +} + + +const ASN1_ITEM ASN1_ANY_it = { + .itype = ASN1_ITYPE_PRIMITIVE, + .utype = V_ASN1_ANY, + .sname = "ASN1_ANY", +}; /* Just swallow an ASN1_SEQUENCE in an ASN1_STRING */ -IMPLEMENT_ASN1_TYPE(ASN1_SEQUENCE) -IMPLEMENT_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE) +const ASN1_ITEM ASN1_SEQUENCE_it = { + .itype = ASN1_ITYPE_PRIMITIVE, + .utype = V_ASN1_SEQUENCE, + .sname = "ASN1_SEQUENCE", +}; + + +ASN1_TYPE * +d2i_ASN1_TYPE(ASN1_TYPE **a, const unsigned char **in, long len) +{ + return (ASN1_TYPE *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &ASN1_ANY_it); +} + +int +i2d_ASN1_TYPE(ASN1_TYPE *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_ANY_it); +} + +ASN1_TYPE * +ASN1_TYPE_new(void) +{ + return (ASN1_TYPE *)ASN1_item_new(&ASN1_ANY_it); +} + +void +ASN1_TYPE_free(ASN1_TYPE *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &ASN1_ANY_it); +} /* Multistring types */ -IMPLEMENT_ASN1_MSTRING(ASN1_PRINTABLE, B_ASN1_PRINTABLE) -IMPLEMENT_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE) -IMPLEMENT_ASN1_MSTRING(DISPLAYTEXT, B_ASN1_DISPLAYTEXT) -IMPLEMENT_ASN1_FUNCTIONS_name(ASN1_STRING, DISPLAYTEXT) +const ASN1_ITEM ASN1_PRINTABLE_it = { + .itype = ASN1_ITYPE_MSTRING, + .utype = B_ASN1_PRINTABLE, + .templates = NULL, + .tcount = 0, + .funcs = NULL, + .size = sizeof(ASN1_STRING), + .sname = "ASN1_PRINTABLE", +}; + +ASN1_STRING * +d2i_ASN1_PRINTABLE(ASN1_STRING **a, const unsigned char **in, long len) +{ + return (ASN1_STRING *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &ASN1_PRINTABLE_it); +} + +int +i2d_ASN1_PRINTABLE(ASN1_STRING *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_PRINTABLE_it); +} -IMPLEMENT_ASN1_MSTRING(DIRECTORYSTRING, B_ASN1_DIRECTORYSTRING) -IMPLEMENT_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING) +ASN1_STRING * +ASN1_PRINTABLE_new(void) +{ + return (ASN1_STRING *)ASN1_item_new(&ASN1_PRINTABLE_it); +} + +void +ASN1_PRINTABLE_free(ASN1_STRING *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &ASN1_PRINTABLE_it); +} + + +const ASN1_ITEM DISPLAYTEXT_it = { + .itype = ASN1_ITYPE_MSTRING, + .utype = B_ASN1_DISPLAYTEXT, + .templates = NULL, + .tcount = 0, + .funcs = NULL, + .size = sizeof(ASN1_STRING), + .sname = "DISPLAYTEXT", +}; + +ASN1_STRING * +d2i_DISPLAYTEXT(ASN1_STRING **a, const unsigned char **in, long len) +{ + return (ASN1_STRING *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &DISPLAYTEXT_it); +} + +int +i2d_DISPLAYTEXT(ASN1_STRING *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &DISPLAYTEXT_it); +} + +ASN1_STRING * +DISPLAYTEXT_new(void) +{ + return (ASN1_STRING *)ASN1_item_new(&DISPLAYTEXT_it); +} + +void +DISPLAYTEXT_free(ASN1_STRING *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &DISPLAYTEXT_it); +} + + +const ASN1_ITEM DIRECTORYSTRING_it = { + .itype = ASN1_ITYPE_MSTRING, + .utype = B_ASN1_DIRECTORYSTRING, + .templates = NULL, + .tcount = 0, + .funcs = NULL, + .size = sizeof(ASN1_STRING), + .sname = "DIRECTORYSTRING", +}; + +ASN1_STRING * +d2i_DIRECTORYSTRING(ASN1_STRING **a, const unsigned char **in, long len) +{ + return (ASN1_STRING *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &DIRECTORYSTRING_it); +} + +int +i2d_DIRECTORYSTRING(ASN1_STRING *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &DIRECTORYSTRING_it); +} + +ASN1_STRING * +DIRECTORYSTRING_new(void) +{ + return (ASN1_STRING *)ASN1_item_new(&DIRECTORYSTRING_it); +} + +void +DIRECTORYSTRING_free(ASN1_STRING *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &DIRECTORYSTRING_it); +} /* Three separate BOOLEAN type: normal, DEFAULT TRUE and DEFAULT FALSE */ -IMPLEMENT_ASN1_TYPE_ex(ASN1_BOOLEAN, ASN1_BOOLEAN, -1) -IMPLEMENT_ASN1_TYPE_ex(ASN1_TBOOLEAN, ASN1_BOOLEAN, 1) -IMPLEMENT_ASN1_TYPE_ex(ASN1_FBOOLEAN, ASN1_BOOLEAN, 0) + +const ASN1_ITEM ASN1_BOOLEAN_it = { + .itype = ASN1_ITYPE_PRIMITIVE, + .utype = V_ASN1_BOOLEAN, + .size = -1, + .sname = "ASN1_BOOLEAN", +}; + +const ASN1_ITEM ASN1_TBOOLEAN_it = { + .itype = ASN1_ITYPE_PRIMITIVE, + .utype = V_ASN1_BOOLEAN, + .size = 1, + .sname = "ASN1_TBOOLEAN", +}; + +const ASN1_ITEM ASN1_FBOOLEAN_it = { + .itype = ASN1_ITYPE_PRIMITIVE, + .utype = V_ASN1_BOOLEAN, + .size = 0, + .sname = "ASN1_FBOOLEAN", +}; + +/* Special, OCTET STRING with indefinite length constructed support */ + +const ASN1_ITEM ASN1_OCTET_STRING_NDEF_it = { + .itype = ASN1_ITYPE_PRIMITIVE, + .utype = V_ASN1_OCTET_STRING, + .size = ASN1_TFLG_NDEF, + .sname = "ASN1_OCTET_STRING_NDEF", +}; + +static const ASN1_TEMPLATE ASN1_SEQUENCE_ANY_item_tt = { + .flags = ASN1_TFLG_SEQUENCE_OF, + .tag = 0, + .offset = 0, + .field_name = "ASN1_SEQUENCE_ANY", + .item = &ASN1_ANY_it, +}; + +const ASN1_ITEM ASN1_SEQUENCE_ANY_it = { + .itype = ASN1_ITYPE_PRIMITIVE, + .utype = -1, + .templates = &ASN1_SEQUENCE_ANY_item_tt, + .tcount = 0, + .funcs = NULL, + .size = 0, + .sname = "ASN1_SEQUENCE_ANY", +}; + +static const ASN1_TEMPLATE ASN1_SET_ANY_item_tt = { + .flags = ASN1_TFLG_SET_OF, + .tag = 0, + .offset = 0, + .field_name = "ASN1_SET_ANY", + .item = &ASN1_ANY_it, +}; + +const ASN1_ITEM ASN1_SET_ANY_it = { + .itype = ASN1_ITYPE_PRIMITIVE, + .utype = -1, + .templates = &ASN1_SET_ANY_item_tt, + .tcount = 0, + .funcs = NULL, + .size = 0, + .sname = "ASN1_SET_ANY", +}; + + +ASN1_SEQUENCE_ANY * +d2i_ASN1_SEQUENCE_ANY(ASN1_SEQUENCE_ANY **a, const unsigned char **in, long len) +{ + return (ASN1_SEQUENCE_ANY *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &ASN1_SEQUENCE_ANY_it); +} + +int +i2d_ASN1_SEQUENCE_ANY(const ASN1_SEQUENCE_ANY *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_SEQUENCE_ANY_it); +} + +ASN1_SEQUENCE_ANY * +d2i_ASN1_SET_ANY(ASN1_SEQUENCE_ANY **a, const unsigned char **in, long len) +{ + return (ASN1_SEQUENCE_ANY *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &ASN1_SET_ANY_it); +} + +int +i2d_ASN1_SET_ANY(const ASN1_SEQUENCE_ANY *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_SET_ANY_it); +} diff --git a/src/lib/libcrypto/asn1/tasn_utl.c b/src/lib/libcrypto/asn1/tasn_utl.c index 8996ce8c13d..391ef01a575 100644 --- a/src/lib/libcrypto/asn1/tasn_utl.c +++ b/src/lib/libcrypto/asn1/tasn_utl.c @@ -1,16 +1,16 @@ -/* tasn_utl.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: tasn_utl.c,v 1.12 2017/01/29 17:49:22 beck Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -56,7 +56,6 @@ * */ - #include #include #include @@ -73,7 +72,8 @@ * the selector value */ -int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it) +int +asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it) { int *sel = offset2ptr(*pval, it->utype); return *sel; @@ -83,8 +83,9 @@ int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it) * the selector value, return old value. */ -int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it) -{ +int +asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it) +{ int *sel, ret; sel = offset2ptr(*pval, it->utype); ret = *sel; @@ -92,101 +93,120 @@ int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it) return ret; } -/* Do reference counting. The value 'op' decides what to do. +/* Do reference counting. The value 'op' decides what to do. * if it is +1 then the count is incremented. If op is 0 count is * set to 1. If op is -1 count is decremented and the return value * is the current refrence count or 0 if no reference count exists. */ -int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it) +int +asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it) { const ASN1_AUX *aux; int *lck, ret; - if(it->itype != ASN1_ITYPE_SEQUENCE) return 0; + + if ((it->itype != ASN1_ITYPE_SEQUENCE) && + (it->itype != ASN1_ITYPE_NDEF_SEQUENCE)) + return 0; aux = it->funcs; - if(!aux || !(aux->flags & ASN1_AFLG_REFCOUNT)) return 0; + if (!aux || !(aux->flags & ASN1_AFLG_REFCOUNT)) + return 0; lck = offset2ptr(*pval, aux->ref_offset); - if(op == 0) { + if (op == 0) { *lck = 1; return 1; } ret = CRYPTO_add(lck, op, aux->ref_lock); -#ifdef REF_PRINT - fprintf(stderr, "%s: Reference Count: %d\n", it->sname, *lck); -#endif -#ifdef REF_CHECK - if(ret < 0) - fprintf(stderr, "%s, bad reference count\n", it->sname); -#endif return ret; } -static ASN1_ENCODING *asn1_get_enc_ptr(ASN1_VALUE **pval, const ASN1_ITEM *it) +static ASN1_ENCODING * +asn1_get_enc_ptr(ASN1_VALUE **pval, const ASN1_ITEM *it) { const ASN1_AUX *aux; - if(!pval || !*pval) return NULL; + + if (!pval || !*pval) + return NULL; aux = it->funcs; - if(!aux || !(aux->flags & ASN1_AFLG_ENCODING)) return NULL; + if (!aux || !(aux->flags & ASN1_AFLG_ENCODING)) + return NULL; return offset2ptr(*pval, aux->enc_offset); } -void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it) +void +asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it) { ASN1_ENCODING *enc; + enc = asn1_get_enc_ptr(pval, it); - if(enc) { + if (enc) { enc->enc = NULL; enc->len = 0; enc->modified = 1; } } -void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it) +void +asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it) { ASN1_ENCODING *enc; + enc = asn1_get_enc_ptr(pval, it); - if(enc) { - if(enc->enc) OPENSSL_free(enc->enc); + if (enc) { + free(enc->enc); enc->enc = NULL; enc->len = 0; enc->modified = 1; } } -int asn1_enc_save(ASN1_VALUE **pval, unsigned char *in, int inlen, const ASN1_ITEM *it) +int +asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, + const ASN1_ITEM *it) { ASN1_ENCODING *enc; + enc = asn1_get_enc_ptr(pval, it); - if(!enc) return 1; + if (!enc) + return 1; - if(enc->enc) OPENSSL_free(enc->enc); - enc->enc = OPENSSL_malloc(inlen); - if(!enc->enc) return 0; + free(enc->enc); + enc->enc = malloc(inlen); + if (!enc->enc) + return 0; memcpy(enc->enc, in, inlen); enc->len = inlen; enc->modified = 0; return 1; } - -int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, const ASN1_ITEM *it) + +int +asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, + const ASN1_ITEM *it) { ASN1_ENCODING *enc; + enc = asn1_get_enc_ptr(pval, it); - if(!enc || enc->modified) return 0; - if(out) { + if (!enc || enc->modified) + return 0; + if (out) { memcpy(*out, enc->enc, enc->len); *out += enc->len; } - if(len) *len = enc->len; + if (len) + *len = enc->len; return 1; } /* Given an ASN1_TEMPLATE get a pointer to a field */ -ASN1_VALUE ** asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) +ASN1_VALUE ** +asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) { ASN1_VALUE **pvaltmp; - if(tt->flags & ASN1_TFLG_COMBINE) return pval; + + if (tt->flags & ASN1_TFLG_COMBINE) + return pval; pvaltmp = offset2ptr(*pval, tt->offset); /* NOTE for BOOLEAN types the field is just a plain * int so we can't return int **, so settle for @@ -199,24 +219,28 @@ ASN1_VALUE ** asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) * the relevant ASN1_TEMPLATE in the table and return it. */ -const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, int nullerr) +const ASN1_TEMPLATE * +asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, int nullerr) { const ASN1_ADB *adb; const ASN1_ADB_TABLE *atbl; long selector; ASN1_VALUE **sfld; int i; - if(!(tt->flags & ASN1_TFLG_ADB_MASK)) return tt; + + if (!(tt->flags & ASN1_TFLG_ADB_MASK)) + return tt; /* Else ANY DEFINED BY ... get the table */ - adb = ASN1_ADB_ptr(tt->item); + adb = (const ASN1_ADB *)tt->item; /* Get the selector field */ sfld = offset2ptr(*pval, adb->offset); /* Check if NULL */ - if(!sfld) { - if(!adb->null_tt) goto err; + if (!sfld) { + if (!adb->null_tt) + goto err; return adb->null_tt; } @@ -224,9 +248,9 @@ const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, int * NB: don't check for NID_undef here because it * might be a legitimate value in the table */ - if(tt->flags & ASN1_TFLG_ADB_OID) + if (tt->flags & ASN1_TFLG_ADB_OID) selector = OBJ_obj2nid((ASN1_OBJECT *)*sfld); - else + else selector = ASN1_INTEGER_get((ASN1_INTEGER *)*sfld); /* Try to find matching entry in table @@ -237,17 +261,20 @@ const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, int * linear search. */ - for(atbl = adb->tbl, i = 0; i < adb->tblcount; i++, atbl++) - if(atbl->value == selector) return &atbl->tt; + for (atbl = adb->tbl, i = 0; i < adb->tblcount; i++, atbl++) + if (atbl->value == selector) + return &atbl->tt; /* FIXME: need to search application table too */ /* No match, return default type */ - if(!adb->default_tt) goto err; + if (!adb->default_tt) + goto err; return adb->default_tt; - - err: + +err: /* FIXME: should log the value or OID of unsupported type */ - if(nullerr) ASN1err(ASN1_F_ASN1_DO_ADB, ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE); + if (nullerr) + ASN1error(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE); return NULL; } diff --git a/src/lib/libcrypto/asn1/x_algor.c b/src/lib/libcrypto/asn1/x_algor.c index 00b9ea54a15..2013de795d1 100644 --- a/src/lib/libcrypto/asn1/x_algor.c +++ b/src/lib/libcrypto/asn1/x_algor.c @@ -1,5 +1,5 @@ -/* x_algor.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: x_algor.c,v 1.22 2018/05/01 19:01:27 tb Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -61,13 +61,162 @@ #include #include -ASN1_SEQUENCE(X509_ALGOR) = { - ASN1_SIMPLE(X509_ALGOR, algorithm, ASN1_OBJECT), - ASN1_OPT(X509_ALGOR, parameter, ASN1_ANY) -} ASN1_SEQUENCE_END(X509_ALGOR) +static const ASN1_TEMPLATE X509_ALGOR_seq_tt[] = { + { + .offset = offsetof(X509_ALGOR, algorithm), + .field_name = "algorithm", + .item = &ASN1_OBJECT_it, + }, + { + .flags = ASN1_TFLG_OPTIONAL, + .offset = offsetof(X509_ALGOR, parameter), + .field_name = "parameter", + .item = &ASN1_ANY_it, + }, +}; -IMPLEMENT_ASN1_FUNCTIONS(X509_ALGOR) -IMPLEMENT_ASN1_DUP_FUNCTION(X509_ALGOR) +const ASN1_ITEM X509_ALGOR_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = X509_ALGOR_seq_tt, + .tcount = sizeof(X509_ALGOR_seq_tt) / sizeof(ASN1_TEMPLATE), + .size = sizeof(X509_ALGOR), + .sname = "X509_ALGOR", +}; -IMPLEMENT_STACK_OF(X509_ALGOR) -IMPLEMENT_ASN1_SET_OF(X509_ALGOR) +static const ASN1_TEMPLATE X509_ALGORS_item_tt = { + .flags = ASN1_TFLG_SEQUENCE_OF, + .tag = 0, + .offset = 0, + .field_name = "algorithms", + .item = &X509_ALGOR_it, +}; + +const ASN1_ITEM X509_ALGORS_it = { + .itype = ASN1_ITYPE_PRIMITIVE, + .utype = -1, + .templates = &X509_ALGORS_item_tt, + .tcount = 0, + .funcs = NULL, + .size = 0, + .sname = "X509_ALGORS", +}; + + +X509_ALGOR * +d2i_X509_ALGOR(X509_ALGOR **a, const unsigned char **in, long len) +{ + return (X509_ALGOR *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &X509_ALGOR_it); +} + +int +i2d_X509_ALGOR(X509_ALGOR *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_ALGOR_it); +} + +X509_ALGOR * +X509_ALGOR_new(void) +{ + return (X509_ALGOR *)ASN1_item_new(&X509_ALGOR_it); +} + +void +X509_ALGOR_free(X509_ALGOR *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &X509_ALGOR_it); +} + +X509_ALGORS * +d2i_X509_ALGORS(X509_ALGORS **a, const unsigned char **in, long len) +{ + return (X509_ALGORS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &X509_ALGORS_it); +} + +int +i2d_X509_ALGORS(X509_ALGORS *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_ALGORS_it); +} + +X509_ALGOR * +X509_ALGOR_dup(X509_ALGOR *x) +{ + return ASN1_item_dup(&X509_ALGOR_it, x); +} + +int +X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval) +{ + if (!alg) + return 0; + if (ptype != V_ASN1_UNDEF) { + if (alg->parameter == NULL) + alg->parameter = ASN1_TYPE_new(); + if (alg->parameter == NULL) + return 0; + } + if (alg) { + if (alg->algorithm) + ASN1_OBJECT_free(alg->algorithm); + alg->algorithm = aobj; + } + if (ptype == 0) + return 1; + if (ptype == V_ASN1_UNDEF) { + if (alg->parameter) { + ASN1_TYPE_free(alg->parameter); + alg->parameter = NULL; + } + } else + ASN1_TYPE_set(alg->parameter, ptype, pval); + return 1; +} + +void +X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype, const void **ppval, + const X509_ALGOR *algor) +{ + if (paobj) + *paobj = algor->algorithm; + if (pptype) { + if (algor->parameter == NULL) { + *pptype = V_ASN1_UNDEF; + return; + } else + *pptype = algor->parameter->type; + if (ppval) + *ppval = algor->parameter->value.ptr; + } +} + +/* Set up an X509_ALGOR DigestAlgorithmIdentifier from an EVP_MD */ + +void +X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md) +{ + int param_type; + + if (md->flags & EVP_MD_FLAG_DIGALGID_ABSENT) + param_type = V_ASN1_UNDEF; + else + param_type = V_ASN1_NULL; + + X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_type(md)), param_type, NULL); +} + +/* Returns 0 if they are equal, != 0 otherwise. */ +int +X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b) +{ + int rv = OBJ_cmp(a->algorithm, b->algorithm); + if (!rv) { + if (!a->parameter && !b->parameter) + rv = 0; + else + rv = ASN1_TYPE_cmp(a->parameter, b->parameter); + } + return(rv); +} diff --git a/src/lib/libcrypto/asn1/x_attrib.c b/src/lib/libcrypto/asn1/x_attrib.c index 1e3713f18f2..bb74a1b6c71 100644 --- a/src/lib/libcrypto/asn1/x_attrib.c +++ b/src/lib/libcrypto/asn1/x_attrib.c @@ -1,25 +1,25 @@ -/* crypto/asn1/x_attrib.c */ +/* $OpenBSD: x_attrib.c,v 1.13 2015/02/14 14:56:45 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,9 +57,9 @@ */ #include -#include "cryptlib.h" -#include + #include +#include #include /* X509_ATTRIBUTE: this has the following form: @@ -82,37 +82,117 @@ * SET OF structure. */ -ASN1_CHOICE(X509_ATTRIBUTE_SET) = { - ASN1_SET_OF(X509_ATTRIBUTE, value.set, ASN1_ANY), - ASN1_SIMPLE(X509_ATTRIBUTE, value.single, ASN1_ANY) -} ASN1_CHOICE_END_selector(X509_ATTRIBUTE, X509_ATTRIBUTE_SET, single) +static const ASN1_TEMPLATE X509_ATTRIBUTE_SET_ch_tt[] = { + { + .flags = ASN1_TFLG_SET_OF, + .tag = 0, + .offset = offsetof(X509_ATTRIBUTE, value.set), + .field_name = "value.set", + .item = &ASN1_ANY_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(X509_ATTRIBUTE, value.single), + .field_name = "value.single", + .item = &ASN1_ANY_it, + }, +}; + +const ASN1_ITEM X509_ATTRIBUTE_SET_it = { + .itype = ASN1_ITYPE_CHOICE, + .utype = offsetof(X509_ATTRIBUTE, single), + .templates = X509_ATTRIBUTE_SET_ch_tt, + .tcount = sizeof(X509_ATTRIBUTE_SET_ch_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(X509_ATTRIBUTE), + .sname = "X509_ATTRIBUTE", +}; -ASN1_SEQUENCE(X509_ATTRIBUTE) = { - ASN1_SIMPLE(X509_ATTRIBUTE, object, ASN1_OBJECT), +static const ASN1_TEMPLATE X509_ATTRIBUTE_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(X509_ATTRIBUTE, object), + .field_name = "object", + .item = &ASN1_OBJECT_it, + }, /* CHOICE type merged with parent */ - ASN1_EX_COMBINE(0, 0, X509_ATTRIBUTE_SET) -} ASN1_SEQUENCE_END(X509_ATTRIBUTE) + { + .flags = 0 | ASN1_TFLG_COMBINE, + .tag = 0, + .offset = 0, + .field_name = NULL, + .item = &X509_ATTRIBUTE_SET_it, + }, +}; -IMPLEMENT_ASN1_FUNCTIONS(X509_ATTRIBUTE) -IMPLEMENT_ASN1_DUP_FUNCTION(X509_ATTRIBUTE) +const ASN1_ITEM X509_ATTRIBUTE_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = X509_ATTRIBUTE_seq_tt, + .tcount = sizeof(X509_ATTRIBUTE_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(X509_ATTRIBUTE), + .sname = "X509_ATTRIBUTE", +}; + + +X509_ATTRIBUTE * +d2i_X509_ATTRIBUTE(X509_ATTRIBUTE **a, const unsigned char **in, long len) +{ + return (X509_ATTRIBUTE *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &X509_ATTRIBUTE_it); +} + +int +i2d_X509_ATTRIBUTE(X509_ATTRIBUTE *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_ATTRIBUTE_it); +} + +X509_ATTRIBUTE * +X509_ATTRIBUTE_new(void) +{ + return (X509_ATTRIBUTE *)ASN1_item_new(&X509_ATTRIBUTE_it); +} + +void +X509_ATTRIBUTE_free(X509_ATTRIBUTE *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &X509_ATTRIBUTE_it); +} + +X509_ATTRIBUTE * +X509_ATTRIBUTE_dup(X509_ATTRIBUTE *x) +{ + return ASN1_item_dup(&X509_ATTRIBUTE_it, x); +} + +X509_ATTRIBUTE * +X509_ATTRIBUTE_create(int nid, int atrtype, void *value) +{ + X509_ATTRIBUTE *ret = NULL; + ASN1_TYPE *val = NULL; + + if ((ret = X509_ATTRIBUTE_new()) == NULL) + return (NULL); + ret->object = OBJ_nid2obj(nid); + ret->single = 0; + if ((ret->value.set = sk_ASN1_TYPE_new_null()) == NULL) + goto err; + if ((val = ASN1_TYPE_new()) == NULL) + goto err; + if (!sk_ASN1_TYPE_push(ret->value.set, val)) + goto err; + + ASN1_TYPE_set(val, atrtype, value); + return (ret); -X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value) - { - X509_ATTRIBUTE *ret=NULL; - ASN1_TYPE *val=NULL; - - if ((ret=X509_ATTRIBUTE_new()) == NULL) - return(NULL); - ret->object=OBJ_nid2obj(nid); - ret->single=0; - if ((ret->value.set=sk_ASN1_TYPE_new_null()) == NULL) goto err; - if ((val=ASN1_TYPE_new()) == NULL) goto err; - if (!sk_ASN1_TYPE_push(ret->value.set,val)) goto err; - - ASN1_TYPE_set(val,atrtype,value); - return(ret); err: - if (ret != NULL) X509_ATTRIBUTE_free(ret); - if (val != NULL) ASN1_TYPE_free(val); - return(NULL); - } + if (ret != NULL) + X509_ATTRIBUTE_free(ret); + if (val != NULL) + ASN1_TYPE_free(val); + return (NULL); +} diff --git a/src/lib/libcrypto/asn1/x_bignum.c b/src/lib/libcrypto/asn1/x_bignum.c index 848c7a08779..73f0f73c1c6 100644 --- a/src/lib/libcrypto/asn1/x_bignum.c +++ b/src/lib/libcrypto/asn1/x_bignum.c @@ -1,5 +1,5 @@ -/* x_bignum.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: x_bignum.c,v 1.8 2015/07/25 17:07:17 jsing Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,25 +57,28 @@ */ #include -#include "cryptlib.h" + #include +#include -/* Custom primitive type for BIGNUM handling. This reads in an ASN1_INTEGER as a - * BIGNUM directly. Currently it ignores the sign which isn't a problem since all - * BIGNUMs used are non negative and anything that looks negative is normally due - * to an encoding error. +/* + * Custom primitive type for BIGNUM handling. This reads in an ASN1_INTEGER as a + * BIGNUM directly. Currently it ignores the sign which isn't a problem since + * all BIGNUMs used are non negative and anything that looks negative is + * normally due to an encoding error. */ -#define BN_SENSITIVE 1 - static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it); static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it); -static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it); -static int bn_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it); +static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, + const ASN1_ITEM *it); +static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, + int utype, char *free_cont, const ASN1_ITEM *it); static ASN1_PRIMITIVE_FUNCS bignum_pf = { - NULL, 0, + NULL, + 0, bn_new, bn_free, 0, @@ -83,55 +86,82 @@ static ASN1_PRIMITIVE_FUNCS bignum_pf = { bn_i2c }; -ASN1_ITEM_start(BIGNUM) - ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, 0, "BIGNUM" -ASN1_ITEM_end(BIGNUM) +const ASN1_ITEM BIGNUM_it = { + .itype = ASN1_ITYPE_PRIMITIVE, + .utype = V_ASN1_INTEGER, + .templates = NULL, + .tcount = 0, + .funcs = &bignum_pf, + .size = 0, + .sname = "BIGNUM", +}; -ASN1_ITEM_start(CBIGNUM) - ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, BN_SENSITIVE, "BIGNUM" -ASN1_ITEM_end(CBIGNUM) +const ASN1_ITEM CBIGNUM_it = { + .itype = ASN1_ITYPE_PRIMITIVE, + .utype = V_ASN1_INTEGER, + .templates = NULL, + .tcount = 0, + .funcs = &bignum_pf, + .size = 0, + .sname = "BIGNUM", +}; -static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it) +static int +bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it) { *pval = (ASN1_VALUE *)BN_new(); - if(*pval) return 1; - else return 0; + if (*pval) + return 1; + else + return 0; } -static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it) +static void +bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it) { - if(!*pval) return; - if(it->size & BN_SENSITIVE) BN_clear_free((BIGNUM *)*pval); - else BN_free((BIGNUM *)*pval); + if (*pval == NULL) + return; + BN_clear_free((BIGNUM *)*pval); *pval = NULL; } -static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it) +static int +bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it) { BIGNUM *bn; - int pad; - if(!*pval) return -1; + int pad, len; + + if (*pval == NULL) + return -1; bn = (BIGNUM *)*pval; /* If MSB set in an octet we need a padding byte */ - if(BN_num_bits(bn) & 0x7) pad = 0; - else pad = 1; - if(cont) { - if(pad) *cont++ = 0; - BN_bn2bin(bn, cont); - } - return pad + BN_num_bytes(bn); + if (BN_num_bits(bn) & 0x7) + pad = 0; + else + pad = 1; + if (cont) { + if (pad) + *cont++ = 0; + len = BN_bn2bin(bn, cont); + } else + len = BN_num_bytes(bn); + return pad + len; } -static int bn_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it) +static int +bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, + char *free_cont, const ASN1_ITEM *it) { BIGNUM *bn; - if(!*pval) bn_new(pval, it); - bn = (BIGNUM *)*pval; - if(!BN_bin2bn(cont, len, bn)) { + + if (*pval == NULL) { + if (bn_new(pval, it) == 0) + return 0; + } + bn = (BIGNUM *)*pval; + if (!BN_bin2bn(cont, len, bn)) { bn_free(pval, it); return 0; } return 1; } - - diff --git a/src/lib/libcrypto/asn1/x_cinf.c b/src/lib/libcrypto/asn1/x_cinf.c deleted file mode 100644 index 339a110eefd..00000000000 --- a/src/lib/libcrypto/asn1/x_cinf.c +++ /dev/null @@ -1,201 +0,0 @@ -/* crypto/asn1/x_cinf.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include "cryptlib.h" -#include -#include - -int i2d_X509_CINF(X509_CINF *a, unsigned char **pp) - { - int v1=0,v2=0; - M_ASN1_I2D_vars(a); - - M_ASN1_I2D_len_EXP_opt(a->version,i2d_ASN1_INTEGER,0,v1); - M_ASN1_I2D_len(a->serialNumber, i2d_ASN1_INTEGER); - M_ASN1_I2D_len(a->signature, i2d_X509_ALGOR); - M_ASN1_I2D_len(a->issuer, i2d_X509_NAME); - M_ASN1_I2D_len(a->validity, i2d_X509_VAL); - M_ASN1_I2D_len(a->subject, i2d_X509_NAME); - M_ASN1_I2D_len(a->key, i2d_X509_PUBKEY); - M_ASN1_I2D_len_IMP_opt(a->issuerUID, i2d_ASN1_BIT_STRING); - M_ASN1_I2D_len_IMP_opt(a->subjectUID, i2d_ASN1_BIT_STRING); - M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(X509_EXTENSION,a->extensions, - i2d_X509_EXTENSION,3, - V_ASN1_SEQUENCE,v2); - - M_ASN1_I2D_seq_total(); - - M_ASN1_I2D_put_EXP_opt(a->version,i2d_ASN1_INTEGER,0,v1); - M_ASN1_I2D_put(a->serialNumber, i2d_ASN1_INTEGER); - M_ASN1_I2D_put(a->signature, i2d_X509_ALGOR); - M_ASN1_I2D_put(a->issuer, i2d_X509_NAME); - M_ASN1_I2D_put(a->validity, i2d_X509_VAL); - M_ASN1_I2D_put(a->subject, i2d_X509_NAME); - M_ASN1_I2D_put(a->key, i2d_X509_PUBKEY); - M_ASN1_I2D_put_IMP_opt(a->issuerUID, i2d_ASN1_BIT_STRING,1); - M_ASN1_I2D_put_IMP_opt(a->subjectUID, i2d_ASN1_BIT_STRING,2); - M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(X509_EXTENSION,a->extensions, - i2d_X509_EXTENSION,3, - V_ASN1_SEQUENCE,v2); - - M_ASN1_I2D_finish(); - } - -X509_CINF *d2i_X509_CINF(X509_CINF **a, unsigned char **pp, long length) - { - int ver=0; - M_ASN1_D2I_vars(a,X509_CINF *,X509_CINF_new); - - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); - /* we have the optional version field */ - if (M_ASN1_next == (V_ASN1_CONTEXT_SPECIFIC | V_ASN1_CONSTRUCTED | 0)) - { - M_ASN1_D2I_get_EXP_opt(ret->version,d2i_ASN1_INTEGER,0); - if (ret->version->data != NULL) - ver=ret->version->data[0]; - } - else - { - if (ret->version != NULL) - { - M_ASN1_INTEGER_free(ret->version); - ret->version=NULL; - } - } - M_ASN1_D2I_get(ret->serialNumber,d2i_ASN1_INTEGER); - M_ASN1_D2I_get(ret->signature,d2i_X509_ALGOR); - M_ASN1_D2I_get(ret->issuer,d2i_X509_NAME); - M_ASN1_D2I_get(ret->validity,d2i_X509_VAL); - M_ASN1_D2I_get(ret->subject,d2i_X509_NAME); - M_ASN1_D2I_get(ret->key,d2i_X509_PUBKEY); - if (ver >= 1) /* version 2 extensions */ - { - if (ret->issuerUID != NULL) - { - M_ASN1_BIT_STRING_free(ret->issuerUID); - ret->issuerUID=NULL; - } - if (ret->subjectUID != NULL) - { - M_ASN1_BIT_STRING_free(ret->subjectUID); - ret->subjectUID=NULL; - } - M_ASN1_D2I_get_IMP_opt(ret->issuerUID,d2i_ASN1_BIT_STRING, 1, - V_ASN1_BIT_STRING); - M_ASN1_D2I_get_IMP_opt(ret->subjectUID,d2i_ASN1_BIT_STRING, 2, - V_ASN1_BIT_STRING); - } -/* Note: some broken certificates include extensions but don't set - * the version number properly. By bypassing this check they can - * be parsed. - */ - -#ifdef VERSION_EXT_CHECK - if (ver >= 2) /* version 3 extensions */ -#endif - { - if (ret->extensions != NULL) - while (sk_X509_EXTENSION_num(ret->extensions)) - X509_EXTENSION_free( - sk_X509_EXTENSION_pop(ret->extensions)); - M_ASN1_D2I_get_EXP_set_opt_type(X509_EXTENSION,ret->extensions, - d2i_X509_EXTENSION, - X509_EXTENSION_free,3, - V_ASN1_SEQUENCE); - } - M_ASN1_D2I_Finish(a,X509_CINF_free,ASN1_F_D2I_X509_CINF); - } - -X509_CINF *X509_CINF_new(void) - { - X509_CINF *ret=NULL; - ASN1_CTX c; - - M_ASN1_New_Malloc(ret,X509_CINF); - ret->version=NULL; - M_ASN1_New(ret->serialNumber,M_ASN1_INTEGER_new); - M_ASN1_New(ret->signature,X509_ALGOR_new); - M_ASN1_New(ret->issuer,X509_NAME_new); - M_ASN1_New(ret->validity,X509_VAL_new); - M_ASN1_New(ret->subject,X509_NAME_new); - M_ASN1_New(ret->key,X509_PUBKEY_new); - ret->issuerUID=NULL; - ret->subjectUID=NULL; - ret->extensions=NULL; - return(ret); - M_ASN1_New_Error(ASN1_F_X509_CINF_NEW); - } - -void X509_CINF_free(X509_CINF *a) - { - if (a == NULL) return; - M_ASN1_INTEGER_free(a->version); - M_ASN1_INTEGER_free(a->serialNumber); - X509_ALGOR_free(a->signature); - X509_NAME_free(a->issuer); - X509_VAL_free(a->validity); - X509_NAME_free(a->subject); - X509_PUBKEY_free(a->key); - M_ASN1_BIT_STRING_free(a->issuerUID); - M_ASN1_BIT_STRING_free(a->subjectUID); - sk_X509_EXTENSION_pop_free(a->extensions,X509_EXTENSION_free); - OPENSSL_free(a); - } - diff --git a/src/lib/libcrypto/asn1/x_crl.c b/src/lib/libcrypto/asn1/x_crl.c index 11fce968257..bc1783dbfbc 100644 --- a/src/lib/libcrypto/asn1/x_crl.c +++ b/src/lib/libcrypto/asn1/x_crl.c @@ -1,25 +1,25 @@ -/* crypto/asn1/x_crl.c */ +/* $OpenBSD: x_crl.c,v 1.34 2019/03/13 20:34:00 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,106 +57,701 @@ */ #include -#include "cryptlib.h" + +#include + #include +#include #include +#include + +#include "asn1_locl.h" static int X509_REVOKED_cmp(const X509_REVOKED * const *a, - const X509_REVOKED * const *b); -static int X509_REVOKED_seq_cmp(const X509_REVOKED * const *a, - const X509_REVOKED * const *b); - -ASN1_SEQUENCE(X509_REVOKED) = { - ASN1_SIMPLE(X509_REVOKED,serialNumber, ASN1_INTEGER), - ASN1_SIMPLE(X509_REVOKED,revocationDate, ASN1_TIME), - ASN1_SEQUENCE_OF_OPT(X509_REVOKED,extensions, X509_EXTENSION) -} ASN1_SEQUENCE_END(X509_REVOKED) - -/* The X509_CRL_INFO structure needs a bit of customisation. This is actually - * mirroring the old behaviour: its purpose is to allow the use of - * sk_X509_REVOKED_find to lookup revoked certificates. Unfortunately - * this will zap the original order and the signature so we keep a copy - * of the original positions and reorder appropriately before encoding. - * - * Might want to see if there's a better way of doing this later... + const X509_REVOKED * const *b); +static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp); + +static const ASN1_TEMPLATE X509_REVOKED_seq_tt[] = { + { + .offset = offsetof(X509_REVOKED, serialNumber), + .field_name = "serialNumber", + .item = &ASN1_INTEGER_it, + }, + { + .offset = offsetof(X509_REVOKED, revocationDate), + .field_name = "revocationDate", + .item = &ASN1_TIME_it, + }, + { + .flags = ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL, + .offset = offsetof(X509_REVOKED, extensions), + .field_name = "extensions", + .item = &X509_EXTENSION_it, + }, +}; + +const ASN1_ITEM X509_REVOKED_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = X509_REVOKED_seq_tt, + .tcount = sizeof(X509_REVOKED_seq_tt) / sizeof(ASN1_TEMPLATE), + .size = sizeof(X509_REVOKED), + .sname = "X509_REVOKED", +}; + +static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r); +static int def_crl_lookup(X509_CRL *crl, X509_REVOKED **ret, + ASN1_INTEGER *serial, X509_NAME *issuer); + +static X509_CRL_METHOD int_crl_meth = { + .crl_lookup = def_crl_lookup, + .crl_verify = def_crl_verify +}; + +static const X509_CRL_METHOD *default_crl_method = &int_crl_meth; + +/* The X509_CRL_INFO structure needs a bit of customisation. + * Since we cache the original encoding the signature wont be affected by + * reordering of the revoked field. */ -static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) +static int +crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) { X509_CRL_INFO *a = (X509_CRL_INFO *)*pval; - int i; - int (*old_cmp)(const X509_REVOKED * const *, - const X509_REVOKED * const *); - if(!a || !a->revoked) return 1; - switch(operation) { + if (!a || !a->revoked) + return 1; + switch (operation) { + /* Just set cmp function here. We don't sort because that + * would affect the output of X509_CRL_print(). + */ + case ASN1_OP_D2I_POST: + (void)sk_X509_REVOKED_set_cmp_func(a->revoked, X509_REVOKED_cmp); + break; + } + return 1; +} + + +static const ASN1_AUX X509_CRL_INFO_aux = { + .flags = ASN1_AFLG_ENCODING, + .asn1_cb = crl_inf_cb, + .enc_offset = offsetof(X509_CRL_INFO, enc), +}; +static const ASN1_TEMPLATE X509_CRL_INFO_seq_tt[] = { + { + .flags = ASN1_TFLG_OPTIONAL, + .offset = offsetof(X509_CRL_INFO, version), + .field_name = "version", + .item = &ASN1_INTEGER_it, + }, + { + .offset = offsetof(X509_CRL_INFO, sig_alg), + .field_name = "sig_alg", + .item = &X509_ALGOR_it, + }, + { + .offset = offsetof(X509_CRL_INFO, issuer), + .field_name = "issuer", + .item = &X509_NAME_it, + }, + { + .offset = offsetof(X509_CRL_INFO, lastUpdate), + .field_name = "lastUpdate", + .item = &ASN1_TIME_it, + }, + { + .flags = ASN1_TFLG_OPTIONAL, + .offset = offsetof(X509_CRL_INFO, nextUpdate), + .field_name = "nextUpdate", + .item = &ASN1_TIME_it, + }, + { + .flags = ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL, + .offset = offsetof(X509_CRL_INFO, revoked), + .field_name = "revoked", + .item = &X509_REVOKED_it, + }, + { + .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL, + .offset = offsetof(X509_CRL_INFO, extensions), + .field_name = "extensions", + .item = &X509_EXTENSION_it, + }, +}; + +const ASN1_ITEM X509_CRL_INFO_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = X509_CRL_INFO_seq_tt, + .tcount = sizeof(X509_CRL_INFO_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = &X509_CRL_INFO_aux, + .size = sizeof(X509_CRL_INFO), + .sname = "X509_CRL_INFO", +}; + +/* Set CRL entry issuer according to CRL certificate issuer extension. + * Check for unhandled critical CRL entry extensions. + */ + +static int +crl_set_issuers(X509_CRL *crl) +{ + int i, j; + GENERAL_NAMES *gens, *gtmp; + STACK_OF(X509_REVOKED) *revoked; + + revoked = X509_CRL_get_REVOKED(crl); - /* Save original order */ - case ASN1_OP_D2I_POST: - for (i=0; irevoked); i++) - sk_X509_REVOKED_value(a->revoked,i)->sequence=i; - sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_cmp); + gens = NULL; + for (i = 0; i < sk_X509_REVOKED_num(revoked); i++) { + X509_REVOKED *rev = sk_X509_REVOKED_value(revoked, i); + STACK_OF(X509_EXTENSION) *exts; + ASN1_ENUMERATED *reason; + X509_EXTENSION *ext; + gtmp = X509_REVOKED_get_ext_d2i(rev, NID_certificate_issuer, + &j, NULL); + if (!gtmp && (j != -1)) { + crl->flags |= EXFLAG_INVALID; + return 1; + } + + if (gtmp) { + gens = gtmp; + if (!crl->issuers) { + crl->issuers = sk_GENERAL_NAMES_new_null(); + if (!crl->issuers) + return 0; + } + if (!sk_GENERAL_NAMES_push(crl->issuers, gtmp)) + return 0; + } + rev->issuer = gens; + + reason = X509_REVOKED_get_ext_d2i(rev, NID_crl_reason, + &j, NULL); + if (!reason && (j != -1)) { + crl->flags |= EXFLAG_INVALID; + return 1; + } + + if (reason) { + rev->reason = ASN1_ENUMERATED_get(reason); + ASN1_ENUMERATED_free(reason); + } else + rev->reason = CRL_REASON_NONE; + + /* Check for critical CRL entry extensions */ + + exts = rev->extensions; + + for (j = 0; j < sk_X509_EXTENSION_num(exts); j++) { + ext = sk_X509_EXTENSION_value(exts, j); + if (ext->critical > 0) { + if (OBJ_obj2nid(ext->object) == + NID_certificate_issuer) + continue; + crl->flags |= EXFLAG_CRITICAL; + break; + } + } + } + + return 1; +} + +/* The X509_CRL structure needs a bit of customisation. Cache some extensions + * and hash of the whole CRL. + */ +static int +crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) +{ + X509_CRL *crl = (X509_CRL *)*pval; + STACK_OF(X509_EXTENSION) *exts; + X509_EXTENSION *ext; + int idx; + int rc = 1; + + switch (operation) { + case ASN1_OP_NEW_POST: + crl->idp = NULL; + crl->akid = NULL; + crl->flags = 0; + crl->idp_flags = 0; + crl->idp_reasons = CRLDP_ALL_REASONS; + crl->meth = default_crl_method; + crl->meth_data = NULL; + crl->issuers = NULL; + crl->crl_number = NULL; + crl->base_crl_number = NULL; break; - /* Restore original order */ - case ASN1_OP_I2D_PRE: - old_cmp=sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_seq_cmp); - sk_X509_REVOKED_sort(a->revoked); - sk_X509_REVOKED_set_cmp_func(a->revoked,old_cmp); + case ASN1_OP_D2I_POST: +#ifndef OPENSSL_NO_SHA + X509_CRL_digest(crl, EVP_sha1(), crl->sha1_hash, NULL); +#endif + crl->idp = X509_CRL_get_ext_d2i(crl, + NID_issuing_distribution_point, NULL, NULL); + if (crl->idp) + setup_idp(crl, crl->idp); + + crl->akid = X509_CRL_get_ext_d2i(crl, + NID_authority_key_identifier, NULL, NULL); + + crl->crl_number = X509_CRL_get_ext_d2i(crl, + NID_crl_number, NULL, NULL); + + crl->base_crl_number = X509_CRL_get_ext_d2i(crl, + NID_delta_crl, NULL, NULL); + /* Delta CRLs must have CRL number */ + if (crl->base_crl_number && !crl->crl_number) + crl->flags |= EXFLAG_INVALID; + + /* See if we have any unhandled critical CRL extensions and + * indicate this in a flag. We only currently handle IDP, + * AKID and deltas, so anything else critical sets the flag. + * + * This code accesses the X509_CRL structure directly: + * applications shouldn't do this. + */ + + exts = crl->crl->extensions; + + for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++) { + int nid; + ext = sk_X509_EXTENSION_value(exts, idx); + nid = OBJ_obj2nid(ext->object); + if (nid == NID_freshest_crl) + crl->flags |= EXFLAG_FRESHEST; + if (ext->critical > 0) { + /* We handle IDP, AKID and deltas */ + if (nid == NID_issuing_distribution_point || + nid == NID_authority_key_identifier || + nid == NID_delta_crl) + break; + crl->flags |= EXFLAG_CRITICAL; + break; + } + } + + if (!crl_set_issuers(crl)) + return 0; + + if (crl->meth->crl_init) { + if (crl->meth->crl_init(crl) == 0) + return 0; + } + break; + + case ASN1_OP_FREE_POST: + if (crl->meth->crl_free) { + if (!crl->meth->crl_free(crl)) + rc = 0; + } + if (crl->akid) + AUTHORITY_KEYID_free(crl->akid); + if (crl->idp) + ISSUING_DIST_POINT_free(crl->idp); + ASN1_INTEGER_free(crl->crl_number); + ASN1_INTEGER_free(crl->base_crl_number); + sk_GENERAL_NAMES_pop_free(crl->issuers, GENERAL_NAMES_free); break; } - return 1; + return rc; } +/* Convert IDP into a more convenient form */ -ASN1_SEQUENCE_cb(X509_CRL_INFO, crl_inf_cb) = { - ASN1_OPT(X509_CRL_INFO, version, ASN1_INTEGER), - ASN1_SIMPLE(X509_CRL_INFO, sig_alg, X509_ALGOR), - ASN1_SIMPLE(X509_CRL_INFO, issuer, X509_NAME), - ASN1_SIMPLE(X509_CRL_INFO, lastUpdate, ASN1_TIME), - ASN1_OPT(X509_CRL_INFO, nextUpdate, ASN1_TIME), - ASN1_SEQUENCE_OF_OPT(X509_CRL_INFO, revoked, X509_REVOKED), - ASN1_EXP_SEQUENCE_OF_OPT(X509_CRL_INFO, extensions, X509_EXTENSION, 0) -} ASN1_SEQUENCE_END_cb(X509_CRL_INFO, X509_CRL_INFO) +static void +setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp) +{ + int idp_only = 0; -ASN1_SEQUENCE_ref(X509_CRL, 0, CRYPTO_LOCK_X509_CRL) = { - ASN1_SIMPLE(X509_CRL, crl, X509_CRL_INFO), - ASN1_SIMPLE(X509_CRL, sig_alg, X509_ALGOR), - ASN1_SIMPLE(X509_CRL, signature, ASN1_BIT_STRING) -} ASN1_SEQUENCE_END_ref(X509_CRL, X509_CRL) + /* Set various flags according to IDP */ + crl->idp_flags |= IDP_PRESENT; + if (idp->onlyuser > 0) { + idp_only++; + crl->idp_flags |= IDP_ONLYUSER; + } + if (idp->onlyCA > 0) { + idp_only++; + crl->idp_flags |= IDP_ONLYCA; + } + if (idp->onlyattr > 0) { + idp_only++; + crl->idp_flags |= IDP_ONLYATTR; + } -IMPLEMENT_ASN1_FUNCTIONS(X509_REVOKED) -IMPLEMENT_ASN1_FUNCTIONS(X509_CRL_INFO) -IMPLEMENT_ASN1_FUNCTIONS(X509_CRL) -IMPLEMENT_ASN1_DUP_FUNCTION(X509_CRL) + if (idp_only > 1) + crl->idp_flags |= IDP_INVALID; -static int X509_REVOKED_cmp(const X509_REVOKED * const *a, - const X509_REVOKED * const *b) - { - return(ASN1_STRING_cmp( - (ASN1_STRING *)(*a)->serialNumber, - (ASN1_STRING *)(*b)->serialNumber)); + if (idp->indirectCRL > 0) + crl->idp_flags |= IDP_INDIRECT; + + if (idp->onlysomereasons) { + crl->idp_flags |= IDP_REASONS; + if (idp->onlysomereasons->length > 0) + crl->idp_reasons = idp->onlysomereasons->data[0]; + if (idp->onlysomereasons->length > 1) + crl->idp_reasons |= + (idp->onlysomereasons->data[1] << 8); + crl->idp_reasons &= CRLDP_ALL_REASONS; } -static int X509_REVOKED_seq_cmp(const X509_REVOKED * const *a, - const X509_REVOKED * const *b) + DIST_POINT_set_dpname(idp->distpoint, X509_CRL_get_issuer(crl)); +} + +static const ASN1_AUX X509_CRL_aux = { + .app_data = NULL, + .flags = ASN1_AFLG_REFCOUNT, + .ref_offset = offsetof(X509_CRL, references), + .ref_lock = CRYPTO_LOCK_X509_CRL, + .asn1_cb = crl_cb, +}; +static const ASN1_TEMPLATE X509_CRL_seq_tt[] = { { - return((*a)->sequence-(*b)->sequence); - } + .offset = offsetof(X509_CRL, crl), + .field_name = "crl", + .item = &X509_CRL_INFO_it, + }, + { + .offset = offsetof(X509_CRL, sig_alg), + .field_name = "sig_alg", + .item = &X509_ALGOR_it, + }, + { + .offset = offsetof(X509_CRL, signature), + .field_name = "signature", + .item = &ASN1_BIT_STRING_it, + }, +}; + +const ASN1_ITEM X509_CRL_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = X509_CRL_seq_tt, + .tcount = sizeof(X509_CRL_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = &X509_CRL_aux, + .size = sizeof(X509_CRL), + .sname = "X509_CRL", +}; + + +X509_REVOKED * +d2i_X509_REVOKED(X509_REVOKED **a, const unsigned char **in, long len) +{ + return (X509_REVOKED *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &X509_REVOKED_it); +} + +int +i2d_X509_REVOKED(X509_REVOKED *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_REVOKED_it); +} + +X509_REVOKED * +X509_REVOKED_new(void) +{ + return (X509_REVOKED *)ASN1_item_new(&X509_REVOKED_it); +} + +void +X509_REVOKED_free(X509_REVOKED *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &X509_REVOKED_it); +} + +X509_REVOKED * +X509_REVOKED_dup(X509_REVOKED *a) +{ + return ASN1_item_dup(&X509_REVOKED_it, a); +} + +X509_CRL_INFO * +d2i_X509_CRL_INFO(X509_CRL_INFO **a, const unsigned char **in, long len) +{ + return (X509_CRL_INFO *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &X509_CRL_INFO_it); +} + +int +i2d_X509_CRL_INFO(X509_CRL_INFO *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_CRL_INFO_it); +} + +X509_CRL_INFO * +X509_CRL_INFO_new(void) +{ + return (X509_CRL_INFO *)ASN1_item_new(&X509_CRL_INFO_it); +} -int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev) +void +X509_CRL_INFO_free(X509_CRL_INFO *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &X509_CRL_INFO_it); +} + +X509_CRL * +d2i_X509_CRL(X509_CRL **a, const unsigned char **in, long len) +{ + return (X509_CRL *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &X509_CRL_it); +} + +int +i2d_X509_CRL(X509_CRL *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_CRL_it); +} + +X509_CRL * +X509_CRL_new(void) +{ + return (X509_CRL *)ASN1_item_new(&X509_CRL_it); +} + +void +X509_CRL_free(X509_CRL *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &X509_CRL_it); +} + +X509_CRL * +X509_CRL_dup(X509_CRL *x) +{ + return ASN1_item_dup(&X509_CRL_it, x); +} + +static int +X509_REVOKED_cmp(const X509_REVOKED * const *a, const X509_REVOKED * const *b) +{ + return(ASN1_INTEGER_cmp((*a)->serialNumber, (*b)->serialNumber)); +} + +int +X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev) { X509_CRL_INFO *inf; + inf = crl->crl; - if(!inf->revoked) + if (!inf->revoked) inf->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp); - if(!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev)) { - ASN1err(ASN1_F_X509_CRL_ADD0_REVOKED, ERR_R_MALLOC_FAILURE); + if (!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev)) { + ASN1error(ERR_R_MALLOC_FAILURE); return 0; } + inf->enc.modified = 1; return 1; } -IMPLEMENT_STACK_OF(X509_REVOKED) -IMPLEMENT_ASN1_SET_OF(X509_REVOKED) -IMPLEMENT_STACK_OF(X509_CRL) -IMPLEMENT_ASN1_SET_OF(X509_CRL) +int +X509_CRL_verify(X509_CRL *crl, EVP_PKEY *r) +{ + if (crl->meth->crl_verify) + return crl->meth->crl_verify(crl, r); + return 0; +} + +int +X509_CRL_get0_by_serial(X509_CRL *crl, X509_REVOKED **ret, + ASN1_INTEGER *serial) +{ + if (crl->meth->crl_lookup) + return crl->meth->crl_lookup(crl, ret, serial, NULL); + return 0; +} + +int +X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x) +{ + if (crl->meth->crl_lookup) + return crl->meth->crl_lookup(crl, ret, + X509_get_serialNumber(x), X509_get_issuer_name(x)); + return 0; +} + +static int +def_crl_verify(X509_CRL *crl, EVP_PKEY *r) +{ + return(ASN1_item_verify(&X509_CRL_INFO_it, + crl->sig_alg, crl->signature, crl->crl, r)); +} + +static int +crl_revoked_issuer_match(X509_CRL *crl, X509_NAME *nm, X509_REVOKED *rev) +{ + int i; + + if (!rev->issuer) { + if (!nm) + return 1; + if (!X509_NAME_cmp(nm, X509_CRL_get_issuer(crl))) + return 1; + return 0; + } + + if (!nm) + nm = X509_CRL_get_issuer(crl); + + for (i = 0; i < sk_GENERAL_NAME_num(rev->issuer); i++) { + GENERAL_NAME *gen = sk_GENERAL_NAME_value(rev->issuer, i); + if (gen->type != GEN_DIRNAME) + continue; + if (!X509_NAME_cmp(nm, gen->d.directoryName)) + return 1; + } + return 0; + +} + +static int +def_crl_lookup(X509_CRL *crl, X509_REVOKED **ret, ASN1_INTEGER *serial, + X509_NAME *issuer) +{ + X509_REVOKED rtmp, *rev; + int idx; + + rtmp.serialNumber = serial; + /* Sort revoked into serial number order if not already sorted. + * Do this under a lock to avoid race condition. + */ + if (!sk_X509_REVOKED_is_sorted(crl->crl->revoked)) { + CRYPTO_w_lock(CRYPTO_LOCK_X509_CRL); + sk_X509_REVOKED_sort(crl->crl->revoked); + CRYPTO_w_unlock(CRYPTO_LOCK_X509_CRL); + } + idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp); + if (idx < 0) + return 0; + /* Need to look for matching name */ + for (; idx < sk_X509_REVOKED_num(crl->crl->revoked); idx++) { + rev = sk_X509_REVOKED_value(crl->crl->revoked, idx); + if (ASN1_INTEGER_cmp(rev->serialNumber, serial)) + return 0; + if (crl_revoked_issuer_match(crl, issuer, rev)) { + if (ret) + *ret = rev; + if (rev->reason == CRL_REASON_REMOVE_FROM_CRL) + return 2; + return 1; + } + } + return 0; +} + +void +X509_CRL_set_default_method(const X509_CRL_METHOD *meth) +{ + if (meth == NULL) + default_crl_method = &int_crl_meth; + else + default_crl_method = meth; +} + +X509_CRL_METHOD * +X509_CRL_METHOD_new(int (*crl_init)(X509_CRL *crl), + int (*crl_free)(X509_CRL *crl), + int (*crl_lookup)(X509_CRL *crl, X509_REVOKED **ret, + ASN1_INTEGER *ser, X509_NAME *issuer), + int (*crl_verify)(X509_CRL *crl, EVP_PKEY *pk)) +{ + X509_CRL_METHOD *m; + + m = malloc(sizeof(X509_CRL_METHOD)); + if (!m) + return NULL; + m->crl_init = crl_init; + m->crl_free = crl_free; + m->crl_lookup = crl_lookup; + m->crl_verify = crl_verify; + m->flags = X509_CRL_METHOD_DYNAMIC; + return m; +} + +void +X509_CRL_METHOD_free(X509_CRL_METHOD *m) +{ + if (m == NULL) + return; + if (!(m->flags & X509_CRL_METHOD_DYNAMIC)) + return; + free(m); +} + +void +X509_CRL_set_meth_data(X509_CRL *crl, void *dat) +{ + crl->meth_data = dat; +} + +void * +X509_CRL_get_meth_data(X509_CRL *crl) +{ + return crl->meth_data; +} + +int +X509_CRL_get_signature_nid(const X509_CRL *crl) +{ + return OBJ_obj2nid(crl->sig_alg->algorithm); +} + +const STACK_OF(X509_EXTENSION) * +X509_CRL_get0_extensions(const X509_CRL *crl) +{ + return crl->crl->extensions; +} + +long +X509_CRL_get_version(const X509_CRL *crl) +{ + return ASN1_INTEGER_get(crl->crl->version); +} + +const ASN1_TIME * +X509_CRL_get0_lastUpdate(const X509_CRL *crl) +{ + return crl->crl->lastUpdate; +} + +ASN1_TIME * +X509_CRL_get_lastUpdate(X509_CRL *crl) +{ + return crl->crl->lastUpdate; +} + +const ASN1_TIME * +X509_CRL_get0_nextUpdate(const X509_CRL *crl) +{ + return crl->crl->nextUpdate; +} + +ASN1_TIME * +X509_CRL_get_nextUpdate(X509_CRL *crl) +{ + return crl->crl->nextUpdate; +} + +X509_NAME * +X509_CRL_get_issuer(const X509_CRL *crl) +{ + return crl->crl->issuer; +} + +STACK_OF(X509_REVOKED) * +X509_CRL_get_REVOKED(X509_CRL *crl) +{ + return crl->crl->revoked; +} + +void +X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg) +{ + if (psig != NULL) + *psig = crl->signature; + if (palg != NULL) + *palg = crl->sig_alg; +} diff --git a/src/lib/libcrypto/asn1/x_exten.c b/src/lib/libcrypto/asn1/x_exten.c index 702421b6c85..bb3dffc8218 100644 --- a/src/lib/libcrypto/asn1/x_exten.c +++ b/src/lib/libcrypto/asn1/x_exten.c @@ -1,5 +1,5 @@ -/* x_exten.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: x_exten.c,v 1.16 2015/07/24 15:09:52 jsing Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -61,11 +61,93 @@ #include #include -ASN1_SEQUENCE(X509_EXTENSION) = { - ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT), - ASN1_OPT(X509_EXTENSION, critical, ASN1_BOOLEAN), - ASN1_SIMPLE(X509_EXTENSION, value, ASN1_OCTET_STRING) -} ASN1_SEQUENCE_END(X509_EXTENSION) +static const ASN1_TEMPLATE X509_EXTENSION_seq_tt[] = { + { + .offset = offsetof(X509_EXTENSION, object), + .field_name = "object", + .item = &ASN1_OBJECT_it, + }, + { + .flags = ASN1_TFLG_OPTIONAL, + .offset = offsetof(X509_EXTENSION, critical), + .field_name = "critical", + .item = &ASN1_BOOLEAN_it, + }, + { + .offset = offsetof(X509_EXTENSION, value), + .field_name = "value", + .item = &ASN1_OCTET_STRING_it, + }, +}; -IMPLEMENT_ASN1_FUNCTIONS(X509_EXTENSION) -IMPLEMENT_ASN1_DUP_FUNCTION(X509_EXTENSION) +const ASN1_ITEM X509_EXTENSION_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = X509_EXTENSION_seq_tt, + .tcount = sizeof(X509_EXTENSION_seq_tt) / sizeof(ASN1_TEMPLATE), + .size = sizeof(X509_EXTENSION), + .sname = "X509_EXTENSION", +}; + +static const ASN1_TEMPLATE X509_EXTENSIONS_item_tt = { + .flags = ASN1_TFLG_SEQUENCE_OF, + .tag = 0, + .offset = 0, + .field_name = "Extension", + .item = &X509_EXTENSION_it, +}; + +const ASN1_ITEM X509_EXTENSIONS_it = { + .itype = ASN1_ITYPE_PRIMITIVE, + .utype = -1, + .templates = &X509_EXTENSIONS_item_tt, + .tcount = 0, + .funcs = NULL, + .size = 0, + .sname = "X509_EXTENSIONS", +}; + + +X509_EXTENSION * +d2i_X509_EXTENSION(X509_EXTENSION **a, const unsigned char **in, long len) +{ + return (X509_EXTENSION *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &X509_EXTENSION_it); +} + +int +i2d_X509_EXTENSION(X509_EXTENSION *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_EXTENSION_it); +} + +X509_EXTENSION * +X509_EXTENSION_new(void) +{ + return (X509_EXTENSION *)ASN1_item_new(&X509_EXTENSION_it); +} + +void +X509_EXTENSION_free(X509_EXTENSION *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &X509_EXTENSION_it); +} + +X509_EXTENSIONS * +d2i_X509_EXTENSIONS(X509_EXTENSIONS **a, const unsigned char **in, long len) +{ + return (X509_EXTENSIONS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &X509_EXTENSIONS_it); +} + +int +i2d_X509_EXTENSIONS(X509_EXTENSIONS *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_EXTENSIONS_it); +} + +X509_EXTENSION * +X509_EXTENSION_dup(X509_EXTENSION *x) +{ + return ASN1_item_dup(&X509_EXTENSION_it, x); +} diff --git a/src/lib/libcrypto/asn1/x_info.c b/src/lib/libcrypto/asn1/x_info.c index d44f6cdb019..c4769231582 100644 --- a/src/lib/libcrypto/asn1/x_info.c +++ b/src/lib/libcrypto/asn1/x_info.c @@ -1,25 +1,25 @@ -/* crypto/asn1/x_info.c */ +/* $OpenBSD: x_info.c,v 1.17 2017/01/29 17:49:22 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,58 +57,51 @@ */ #include -#include "cryptlib.h" -#include + #include +#include +#include #include -X509_INFO *X509_INFO_new(void) - { - X509_INFO *ret=NULL; +X509_INFO * +X509_INFO_new(void) +{ + X509_INFO *ret = NULL; - ret=(X509_INFO *)OPENSSL_malloc(sizeof(X509_INFO)); - if (ret == NULL) - { - ASN1err(ASN1_F_X509_INFO_NEW,ERR_R_MALLOC_FAILURE); - return(NULL); - } - - ret->enc_cipher.cipher=NULL; - ret->enc_len=0; - ret->enc_data=NULL; - - ret->references=1; - ret->x509=NULL; - ret->crl=NULL; - ret->x_pkey=NULL; - return(ret); + ret = malloc(sizeof(X509_INFO)); + if (ret == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); + return (NULL); } -void X509_INFO_free(X509_INFO *x) - { - int i; + ret->enc_cipher.cipher = NULL; + ret->enc_len = 0; + ret->enc_data = NULL; - if (x == NULL) return; + ret->references = 1; + ret->x509 = NULL; + ret->crl = NULL; + ret->x_pkey = NULL; + return (ret); +} - i=CRYPTO_add(&x->references,-1,CRYPTO_LOCK_X509_INFO); -#ifdef REF_PRINT - REF_PRINT("X509_INFO",x); -#endif - if (i > 0) return; -#ifdef REF_CHECK - if (i < 0) - { - fprintf(stderr,"X509_INFO_free, bad reference count\n"); - abort(); - } -#endif +void +X509_INFO_free(X509_INFO *x) +{ + int i; - if (x->x509 != NULL) X509_free(x->x509); - if (x->crl != NULL) X509_CRL_free(x->crl); - if (x->x_pkey != NULL) X509_PKEY_free(x->x_pkey); - if (x->enc_data != NULL) OPENSSL_free(x->enc_data); - OPENSSL_free(x); - } + if (x == NULL) + return; -IMPLEMENT_STACK_OF(X509_INFO) + i = CRYPTO_add(&x->references, -1, CRYPTO_LOCK_X509_INFO); + if (i > 0) + return; + X509_free(x->x509); + if (x->crl != NULL) + X509_CRL_free(x->crl); + if (x->x_pkey != NULL) + X509_PKEY_free(x->x_pkey); + free(x->enc_data); + free(x); +} diff --git a/src/lib/libcrypto/asn1/x_long.c b/src/lib/libcrypto/asn1/x_long.c index c5f25956cb2..9df3a3181a5 100644 --- a/src/lib/libcrypto/asn1/x_long.c +++ b/src/lib/libcrypto/asn1/x_long.c @@ -1,5 +1,5 @@ -/* x_long.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: x_long.c,v 1.11 2017/01/29 17:49:22 beck Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,8 +57,11 @@ */ #include -#include "cryptlib.h" +#include + #include +#include +#include /* Custom primitive type for long handling. This converts between an ASN1_INTEGER * and a long directly. @@ -69,7 +72,8 @@ static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it); static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it); static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it); -static int long_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it); +static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it); +static int long_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, int indent, const ASN1_PCTX *pctx); static ASN1_PRIMITIVE_FUNCS long_pf = { NULL, 0, @@ -77,29 +81,46 @@ static ASN1_PRIMITIVE_FUNCS long_pf = { long_free, long_free, /* Clear should set to initial value */ long_c2i, - long_i2c + long_i2c, + long_print }; -ASN1_ITEM_start(LONG) - ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, ASN1_LONG_UNDEF, "LONG" -ASN1_ITEM_end(LONG) +const ASN1_ITEM LONG_it = { + .itype = ASN1_ITYPE_PRIMITIVE, + .utype = V_ASN1_INTEGER, + .templates = NULL, + .tcount = 0, + .funcs = &long_pf, + .size = ASN1_LONG_UNDEF, + .sname = "LONG", +}; -ASN1_ITEM_start(ZLONG) - ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, 0, "ZLONG" -ASN1_ITEM_end(ZLONG) +const ASN1_ITEM ZLONG_it = { + .itype = ASN1_ITYPE_PRIMITIVE, + .utype = V_ASN1_INTEGER, + .templates = NULL, + .tcount = 0, + .funcs = &long_pf, + .size = 0, + .sname = "ZLONG", +}; -static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it) +static int +long_new(ASN1_VALUE **pval, const ASN1_ITEM *it) { *(long *)pval = it->size; return 1; } -static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it) +static void +long_free(ASN1_VALUE **pval, const ASN1_ITEM *it) { *(long *)pval = it->size; } -static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it) +static int +long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, + const ASN1_ITEM *it) { long ltmp; unsigned long utmp; @@ -110,60 +131,80 @@ static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const A /* use memcpy, because we may not be long aligned */ memcpy(<mp, cp, sizeof(long)); - if(ltmp == it->size) return -1; + if (ltmp == it->size) + return -1; /* Convert the long to positive: we subtract one if negative so * we can cleanly handle the padding if only the MSB of the leading - * octet is set. + * octet is set. */ - if(ltmp < 0) utmp = -ltmp - 1; - else utmp = ltmp; + if (ltmp < 0) + utmp = -ltmp - 1; + else + utmp = ltmp; clen = BN_num_bits_word(utmp); /* If MSB of leading octet set we need to pad */ - if(!(clen & 0x7)) pad = 1; - else pad = 0; + if (!(clen & 0x7)) + pad = 1; + else + pad = 0; /* Convert number of bits to number of octets */ clen = (clen + 7) >> 3; - if(cont) { - if(pad) *cont++ = (ltmp < 0) ? 0xff : 0; - for(i = clen - 1; i >= 0; i--) { + if (cont) { + if (pad) + *cont++ = (ltmp < 0) ? 0xff : 0; + for (i = clen - 1; i >= 0; i--) { cont[i] = (unsigned char)(utmp & 0xff); - if(ltmp < 0) cont[i] ^= 0xff; + if (ltmp < 0) + cont[i] ^= 0xff; utmp >>= 8; } } return clen + pad; } -static int long_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it) +static int +long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, + char *free_cont, const ASN1_ITEM *it) { int neg, i; long ltmp; unsigned long utmp = 0; char *cp = (char *)pval; - if(len > sizeof(long)) { - ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); + if (len > (int)sizeof(long)) { + ASN1error(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); return 0; } /* Is it negative? */ - if(len && (cont[0] & 0x80)) neg = 1; - else neg = 0; + if (len && (cont[0] & 0x80)) + neg = 1; + else + neg = 0; utmp = 0; - for(i = 0; i < len; i++) { + for (i = 0; i < len; i++) { utmp <<= 8; - if(neg) utmp |= cont[i] ^ 0xff; - else utmp |= cont[i]; + if (neg) + utmp |= cont[i] ^ 0xff; + else + utmp |= cont[i]; } ltmp = (long)utmp; - if(neg) { + if (neg) { ltmp++; ltmp = -ltmp; } - if(ltmp == it->size) { - ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); + if (ltmp == it->size) { + ASN1error(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); return 0; } memcpy(cp, <mp, sizeof(long)); return 1; } + +static int +long_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, int indent, + const ASN1_PCTX *pctx) +{ + return BIO_printf(out, "%ld\n", *(long *)pval); +} diff --git a/src/lib/libcrypto/asn1/x_name.c b/src/lib/libcrypto/asn1/x_name.c index caece0f1585..4bf184252f1 100644 --- a/src/lib/libcrypto/asn1/x_name.c +++ b/src/lib/libcrypto/asn1/x_name.c @@ -1,25 +1,25 @@ -/* crypto/asn1/x_name.c */ +/* $OpenBSD: x_name.c,v 1.34 2018/02/20 17:09:20 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,46 +49,137 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ +#include #include -#include "cryptlib.h" +#include + #include +#include #include -static int x509_name_ex_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_ITEM *it, - int tag, int aclass, char opt, ASN1_TLC *ctx); +#include "asn1_locl.h" + +typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY; +DECLARE_STACK_OF(STACK_OF_X509_NAME_ENTRY) -static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass); +static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, + long len, const ASN1_ITEM *it, int tag, int aclass, char opt, + ASN1_TLC *ctx); + +static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, + const ASN1_ITEM *it, int tag, int aclass); static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it); static void x509_name_ex_free(ASN1_VALUE **val, const ASN1_ITEM *it); static int x509_name_encode(X509_NAME *a); +static int x509_name_canon(X509_NAME *a); +static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in); +static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname, + unsigned char **in); + +static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval, int indent, + const char *fname, const ASN1_PCTX *pctx); -ASN1_SEQUENCE(X509_NAME_ENTRY) = { - ASN1_SIMPLE(X509_NAME_ENTRY, object, ASN1_OBJECT), - ASN1_SIMPLE(X509_NAME_ENTRY, value, ASN1_PRINTABLE) -} ASN1_SEQUENCE_END(X509_NAME_ENTRY) +static const ASN1_TEMPLATE X509_NAME_ENTRY_seq_tt[] = { + { + .offset = offsetof(X509_NAME_ENTRY, object), + .field_name = "object", + .item = &ASN1_OBJECT_it, + }, + { + .offset = offsetof(X509_NAME_ENTRY, value), + .field_name = "value", + .item = &ASN1_PRINTABLE_it, + }, +}; + +const ASN1_ITEM X509_NAME_ENTRY_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = X509_NAME_ENTRY_seq_tt, + .tcount = sizeof(X509_NAME_ENTRY_seq_tt) / sizeof(ASN1_TEMPLATE), + .size = sizeof(X509_NAME_ENTRY), + .sname = "X509_NAME_ENTRY", +}; -IMPLEMENT_ASN1_FUNCTIONS(X509_NAME_ENTRY) -IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME_ENTRY) + +X509_NAME_ENTRY * +d2i_X509_NAME_ENTRY(X509_NAME_ENTRY **a, const unsigned char **in, long len) +{ + return (X509_NAME_ENTRY *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &X509_NAME_ENTRY_it); +} + +int +i2d_X509_NAME_ENTRY(X509_NAME_ENTRY *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_NAME_ENTRY_it); +} + +X509_NAME_ENTRY * +X509_NAME_ENTRY_new(void) +{ + return (X509_NAME_ENTRY *)ASN1_item_new(&X509_NAME_ENTRY_it); +} + +void +X509_NAME_ENTRY_free(X509_NAME_ENTRY *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &X509_NAME_ENTRY_it); +} + +X509_NAME_ENTRY * +X509_NAME_ENTRY_dup(X509_NAME_ENTRY *x) +{ + return ASN1_item_dup(&X509_NAME_ENTRY_it, x); +} /* For the "Name" type we need a SEQUENCE OF { SET OF X509_NAME_ENTRY } * so declare two template wrappers for this */ -ASN1_ITEM_TEMPLATE(X509_NAME_ENTRIES) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, RDNS, X509_NAME_ENTRY) -ASN1_ITEM_TEMPLATE_END(X509_NAME_ENTRIES) +static const ASN1_TEMPLATE X509_NAME_ENTRIES_item_tt = { + .flags = ASN1_TFLG_SET_OF, + .tag = 0, + .offset = 0, + .field_name = "RDNS", + .item = &X509_NAME_ENTRY_it, +}; + +const ASN1_ITEM X509_NAME_ENTRIES_it = { + .itype = ASN1_ITYPE_PRIMITIVE, + .utype = -1, + .templates = &X509_NAME_ENTRIES_item_tt, + .tcount = 0, + .funcs = NULL, + .size = 0, + .sname = "X509_NAME_ENTRIES", +}; + +static const ASN1_TEMPLATE X509_NAME_INTERNAL_item_tt = { + .flags = ASN1_TFLG_SEQUENCE_OF, + .tag = 0, + .offset = 0, + .field_name = "Name", + .item = &X509_NAME_ENTRIES_it, +}; -ASN1_ITEM_TEMPLATE(X509_NAME_INTERNAL) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Name, X509_NAME_ENTRIES) -ASN1_ITEM_TEMPLATE_END(X509_NAME_INTERNAL) +const ASN1_ITEM X509_NAME_INTERNAL_it = { + .itype = ASN1_ITYPE_PRIMITIVE, + .utype = -1, + .templates = &X509_NAME_INTERNAL_item_tt, + .tcount = 0, + .funcs = NULL, + .size = 0, + .sname = "X509_NAME_INTERNAL", +}; /* Normally that's where it would end: we'd have two nested STACK structures * representing the ASN1. Unfortunately X509_NAME uses a completely different @@ -102,171 +193,463 @@ const ASN1_EXTERN_FUNCS x509_name_ff = { x509_name_ex_free, 0, /* Default clear behaviour is OK */ x509_name_ex_d2i, - x509_name_ex_i2d + x509_name_ex_i2d, + x509_name_ex_print }; -IMPLEMENT_EXTERN_ASN1(X509_NAME, V_ASN1_SEQUENCE, x509_name_ff) +const ASN1_ITEM X509_NAME_it = { + .itype = ASN1_ITYPE_EXTERN, + .utype = V_ASN1_SEQUENCE, + .templates = NULL, + .tcount = 0, + .funcs = &x509_name_ff, + .size = 0, + .sname = "X509_NAME", +}; -IMPLEMENT_ASN1_FUNCTIONS(X509_NAME) -IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME) +X509_NAME * +d2i_X509_NAME(X509_NAME **a, const unsigned char **in, long len) +{ + return (X509_NAME *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &X509_NAME_it); +} + +int +i2d_X509_NAME(X509_NAME *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_NAME_it); +} + +X509_NAME * +X509_NAME_new(void) +{ + return (X509_NAME *)ASN1_item_new(&X509_NAME_it); +} -static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it) +void +X509_NAME_free(X509_NAME *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &X509_NAME_it); +} + +X509_NAME * +X509_NAME_dup(X509_NAME *x) +{ + return ASN1_item_dup(&X509_NAME_it, x); +} + +static int +x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it) { X509_NAME *ret = NULL; - ret = OPENSSL_malloc(sizeof(X509_NAME)); - if(!ret) goto memerr; - if ((ret->entries=sk_X509_NAME_ENTRY_new_null()) == NULL) + + ret = malloc(sizeof(X509_NAME)); + if (!ret) + goto memerr; + if ((ret->entries = sk_X509_NAME_ENTRY_new_null()) == NULL) goto memerr; - if((ret->bytes = BUF_MEM_new()) == NULL) goto memerr; - ret->modified=1; + if ((ret->bytes = BUF_MEM_new()) == NULL) + goto memerr; + ret->canon_enc = NULL; + ret->canon_enclen = 0; + ret->modified = 1; *val = (ASN1_VALUE *)ret; return 1; - memerr: - ASN1err(ASN1_F_X509_NAME_NEW, ERR_R_MALLOC_FAILURE); - if (ret) - { +memerr: + ASN1error(ERR_R_MALLOC_FAILURE); + if (ret) { if (ret->entries) sk_X509_NAME_ENTRY_free(ret->entries); - OPENSSL_free(ret); - } + free(ret); + } return 0; } -static void x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it) +static void +x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it) { X509_NAME *a; - if(!pval || !*pval) - return; + + if (!pval || !*pval) + return; a = (X509_NAME *)*pval; BUF_MEM_free(a->bytes); - sk_X509_NAME_ENTRY_pop_free(a->entries,X509_NAME_ENTRY_free); - OPENSSL_free(a); + sk_X509_NAME_ENTRY_pop_free(a->entries, X509_NAME_ENTRY_free); + free(a->canon_enc); + free(a); *pval = NULL; } -/* Used with sk_pop_free() to free up the internal representation. - * NB: we only free the STACK and not its contents because it is - * already present in the X509_NAME structure. - */ - -static void sk_internal_free(void *a) -{ - sk_free(a); -} - -static int x509_name_ex_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_ITEM *it, - int tag, int aclass, char opt, ASN1_TLC *ctx) +static int +x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long len, + const ASN1_ITEM *it, int tag, int aclass, char opt, ASN1_TLC *ctx) { - unsigned char *p = *in, *q; - STACK *intname = NULL; + const unsigned char *p = *in, *q; + union { + STACK_OF(STACK_OF_X509_NAME_ENTRY) *s; + ASN1_VALUE *a; + } intname = {NULL}; + union { + X509_NAME *x; + ASN1_VALUE *a; + } nm = {NULL}; int i, j, ret; - X509_NAME *nm = NULL; STACK_OF(X509_NAME_ENTRY) *entries; X509_NAME_ENTRY *entry; q = p; /* Get internal representation of Name */ - ret = ASN1_item_ex_d2i((ASN1_VALUE **)&intname, &p, len, ASN1_ITEM_rptr(X509_NAME_INTERNAL), - tag, aclass, opt, ctx); - - if(ret <= 0) return ret; + ret = ASN1_item_ex_d2i(&intname.a, &p, len, + &X509_NAME_INTERNAL_it, tag, aclass, opt, ctx); - if(*val) x509_name_ex_free(val, NULL); - if(!x509_name_ex_new((ASN1_VALUE **)&nm, NULL)) goto err; + if (ret <= 0) + return ret; + + if (*val) + x509_name_ex_free(val, NULL); + if (!x509_name_ex_new(&nm.a, NULL)) + goto err; /* We've decoded it: now cache encoding */ - if(!BUF_MEM_grow(nm->bytes, p - q)) goto err; - memcpy(nm->bytes->data, q, p - q); + if (!BUF_MEM_grow(nm.x->bytes, p - q)) + goto err; + memcpy(nm.x->bytes->data, q, p - q); /* Convert internal representation to X509_NAME structure */ - for(i = 0; i < sk_num(intname); i++) { - entries = (STACK_OF(X509_NAME_ENTRY) *)sk_value(intname, i); - for(j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) { + for (i = 0; i < sk_STACK_OF_X509_NAME_ENTRY_num(intname.s); i++) { + entries = sk_STACK_OF_X509_NAME_ENTRY_value(intname.s, i); + for (j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) { entry = sk_X509_NAME_ENTRY_value(entries, j); entry->set = i; - if(!sk_X509_NAME_ENTRY_push(nm->entries, entry)) + if (!sk_X509_NAME_ENTRY_push(nm.x->entries, entry)) goto err; } sk_X509_NAME_ENTRY_free(entries); } - sk_free(intname); - nm->modified = 0; - *val = (ASN1_VALUE *)nm; + sk_STACK_OF_X509_NAME_ENTRY_free(intname.s); + ret = x509_name_canon(nm.x); + if (!ret) + goto err; + nm.x->modified = 0; + *val = nm.a; *in = p; return ret; - err: - ASN1err(ASN1_F_D2I_X509_NAME, ERR_R_NESTED_ASN1_ERROR); + +err: + if (nm.x != NULL) + X509_NAME_free(nm.x); + ASN1error(ERR_R_NESTED_ASN1_ERROR); return 0; } -static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass) +static int +x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_ITEM *it, + int tag, int aclass) { int ret; X509_NAME *a = (X509_NAME *)*val; - if(a->modified) { - ret = x509_name_encode((X509_NAME *)a); - if(ret < 0) return ret; + + if (a->modified) { + ret = x509_name_encode(a); + if (ret < 0) + return ret; + ret = x509_name_canon(a); + if (ret < 0) + return ret; } ret = a->bytes->length; - if(out != NULL) { - memcpy(*out,a->bytes->data,ret); - *out+=ret; + if (out != NULL) { + memcpy(*out, a->bytes->data, ret); + *out += ret; } return ret; } -static int x509_name_encode(X509_NAME *a) +static void +local_sk_X509_NAME_ENTRY_free(STACK_OF(X509_NAME_ENTRY) *ne) +{ + sk_X509_NAME_ENTRY_free(ne); +} + +static void +local_sk_X509_NAME_ENTRY_pop_free(STACK_OF(X509_NAME_ENTRY) *ne) +{ + sk_X509_NAME_ENTRY_pop_free(ne, X509_NAME_ENTRY_free); +} + +static int +x509_name_encode(X509_NAME *a) { - STACK *intname = NULL; + union { + STACK_OF(STACK_OF_X509_NAME_ENTRY) *s; + ASN1_VALUE *a; + } intname = {NULL}; int len; unsigned char *p; STACK_OF(X509_NAME_ENTRY) *entries = NULL; X509_NAME_ENTRY *entry; int i, set = -1; - intname = sk_new_null(); - if(!intname) goto memerr; - for(i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) { + + intname.s = sk_STACK_OF_X509_NAME_ENTRY_new_null(); + if (!intname.s) + goto memerr; + for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) { entry = sk_X509_NAME_ENTRY_value(a->entries, i); - if(entry->set != set) { + if (entry->set != set) { entries = sk_X509_NAME_ENTRY_new_null(); - if(!entries) goto memerr; - if(!sk_push(intname, (char *)entries)) goto memerr; + if (!entries) + goto memerr; + if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname.s, + entries)) + goto memerr; set = entry->set; } - if(!sk_X509_NAME_ENTRY_push(entries, entry)) goto memerr; + if (entries == NULL /* if entry->set is bogusly -1 */ || + !sk_X509_NAME_ENTRY_push(entries, entry)) + goto memerr; } - len = ASN1_item_ex_i2d((ASN1_VALUE **)&intname, NULL, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1); - if (!BUF_MEM_grow(a->bytes,len)) goto memerr; - p=(unsigned char *)a->bytes->data; - ASN1_item_ex_i2d((ASN1_VALUE **)&intname, &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1); - sk_pop_free(intname, sk_internal_free); + len = ASN1_item_ex_i2d(&intname.a, NULL, + &X509_NAME_INTERNAL_it, -1, -1); + if (!BUF_MEM_grow(a->bytes, len)) + goto memerr; + p = (unsigned char *)a->bytes->data; + ASN1_item_ex_i2d(&intname.a, &p, &X509_NAME_INTERNAL_it, + -1, -1); + sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s, + local_sk_X509_NAME_ENTRY_free); a->modified = 0; return len; - memerr: - sk_pop_free(intname, sk_internal_free); - ASN1err(ASN1_F_D2I_X509_NAME, ERR_R_MALLOC_FAILURE); + +memerr: + sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s, + local_sk_X509_NAME_ENTRY_free); + ASN1error(ERR_R_MALLOC_FAILURE); return -1; } +static int +x509_name_ex_print(BIO *out, ASN1_VALUE **pval, int indent, const char *fname, + const ASN1_PCTX *pctx) +{ + if (X509_NAME_print_ex(out, (X509_NAME *)*pval, indent, + pctx->nm_flags) <= 0) + return 0; + return 2; +} -int X509_NAME_set(X509_NAME **xn, X509_NAME *name) - { +/* This function generates the canonical encoding of the Name structure. + * In it all strings are converted to UTF8, leading, trailing and + * multiple spaces collapsed, converted to lower case and the leading + * SEQUENCE header removed. + * + * In future we could also normalize the UTF8 too. + * + * By doing this comparison of Name structures can be rapidly + * performed by just using memcmp() of the canonical encoding. + * By omitting the leading SEQUENCE name constraints of type + * dirName can also be checked with a simple memcmp(). + */ + +static int +x509_name_canon(X509_NAME *a) +{ + unsigned char *p; + STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname = NULL; + STACK_OF(X509_NAME_ENTRY) *entries = NULL; + X509_NAME_ENTRY *entry, *tmpentry = NULL; + int i, len, set = -1, ret = 0; + + if (a->canon_enc) { + free(a->canon_enc); + a->canon_enc = NULL; + } + /* Special case: empty X509_NAME => null encoding */ + if (sk_X509_NAME_ENTRY_num(a->entries) == 0) { + a->canon_enclen = 0; + return 1; + } + intname = sk_STACK_OF_X509_NAME_ENTRY_new_null(); + if (!intname) + goto err; + for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) { + entry = sk_X509_NAME_ENTRY_value(a->entries, i); + if (entry->set != set) { + entries = sk_X509_NAME_ENTRY_new_null(); + if (!entries) + goto err; + if (sk_STACK_OF_X509_NAME_ENTRY_push(intname, + entries) == 0) { + sk_X509_NAME_ENTRY_free(entries); + goto err; + } + set = entry->set; + } + tmpentry = X509_NAME_ENTRY_new(); + if (tmpentry == NULL) + goto err; + tmpentry->object = OBJ_dup(entry->object); + if (tmpentry->object == NULL) + goto err; + if (!asn1_string_canon(tmpentry->value, entry->value)) + goto err; + if (entries == NULL /* if entry->set is bogusly -1 */ || + !sk_X509_NAME_ENTRY_push(entries, tmpentry)) + goto err; + tmpentry = NULL; + } + + /* Finally generate encoding */ + len = i2d_name_canon(intname, NULL); + if (len < 0) + goto err; + p = malloc(len); + if (p == NULL) + goto err; + a->canon_enc = p; + a->canon_enclen = len; + i2d_name_canon(intname, &p); + ret = 1; + +err: + if (tmpentry) + X509_NAME_ENTRY_free(tmpentry); + if (intname) + sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname, + local_sk_X509_NAME_ENTRY_pop_free); + return ret; +} + +/* Bitmap of all the types of string that will be canonicalized. */ + +#define ASN1_MASK_CANON \ + (B_ASN1_UTF8STRING | B_ASN1_BMPSTRING | B_ASN1_UNIVERSALSTRING \ + | B_ASN1_PRINTABLESTRING | B_ASN1_T61STRING | B_ASN1_IA5STRING \ + | B_ASN1_VISIBLESTRING) + + +static int +asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in) +{ + unsigned char *to, *from; + int len, i; + + /* If type not in bitmask just copy string across */ + if (!(ASN1_tag2bit(in->type) & ASN1_MASK_CANON)) { + if (!ASN1_STRING_copy(out, in)) + return 0; + return 1; + } + + out->type = V_ASN1_UTF8STRING; + out->length = ASN1_STRING_to_UTF8(&out->data, in); + if (out->length == -1) + return 0; + + to = out->data; + from = to; + + len = out->length; + + /* Convert string in place to canonical form. + * Ultimately we may need to handle a wider range of characters + * but for now ignore anything with MSB set and rely on the + * isspace() and tolower() functions. + */ + + /* Ignore leading spaces */ + while ((len > 0) && !(*from & 0x80) && isspace(*from)) { + from++; + len--; + } + + to = from + len - 1; + + /* Ignore trailing spaces */ + while ((len > 0) && !(*to & 0x80) && isspace(*to)) { + to--; + len--; + } + + to = out->data; + + i = 0; + while (i < len) { + /* If MSB set just copy across */ + if (*from & 0x80) { + *to++ = *from++; + i++; + } + /* Collapse multiple spaces */ + else if (isspace(*from)) { + /* Copy one space across */ + *to++ = ' '; + /* Ignore subsequent spaces. Note: don't need to + * check len here because we know the last + * character is a non-space so we can't overflow. + */ + do { + from++; + i++; + } while (!(*from & 0x80) && isspace(*from)); + } else { + *to++ = tolower(*from); + from++; + i++; + } + } + + out->length = to - out->data; + + return 1; +} + +static int +i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) *_intname, unsigned char **in) +{ + int i, len, ltmp; + ASN1_VALUE *v; + STACK_OF(ASN1_VALUE) *intname = (STACK_OF(ASN1_VALUE) *)_intname; + + len = 0; + for (i = 0; i < sk_ASN1_VALUE_num(intname); i++) { + v = sk_ASN1_VALUE_value(intname, i); + ltmp = ASN1_item_ex_i2d(&v, in, + &X509_NAME_ENTRIES_it, -1, -1); + if (ltmp < 0) + return ltmp; + len += ltmp; + } + return len; +} + +int +X509_NAME_set(X509_NAME **xn, X509_NAME *name) +{ X509_NAME *in; - if (!xn || !name) return(0); + if (!xn || !name) + return (0); - if (*xn != name) - { - in=X509_NAME_dup(name); - if (in != NULL) - { + if (*xn != name) { + in = X509_NAME_dup(name); + if (in != NULL) { X509_NAME_free(*xn); - *xn=in; - } + *xn = in; } - return(*xn != NULL); } - -IMPLEMENT_STACK_OF(X509_NAME_ENTRY) -IMPLEMENT_ASN1_SET_OF(X509_NAME_ENTRY) + return (*xn != NULL); +} + +int +X509_NAME_get0_der(X509_NAME *nm, const unsigned char **pder, size_t *pderlen) +{ + /* Make sure encoding is valid. */ + if (i2d_X509_NAME(nm, NULL) <= 0) + return 0; + if (pder != NULL) + *pder = (unsigned char *)nm->bytes->data; + if (pderlen != NULL) + *pderlen = nm->bytes->length; + return 1; +} diff --git a/src/lib/libcrypto/asn1/x_nx509.c b/src/lib/libcrypto/asn1/x_nx509.c new file mode 100644 index 00000000000..7e18be8c796 --- /dev/null +++ b/src/lib/libcrypto/asn1/x_nx509.c @@ -0,0 +1,113 @@ +/* $OpenBSD: x_nx509.c,v 1.6 2015/02/11 04:00:39 jsing Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2005. + */ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include +#include +#include + +/* Old netscape certificate wrapper format */ + +static const ASN1_TEMPLATE NETSCAPE_X509_seq_tt[] = { + { + .offset = offsetof(NETSCAPE_X509, header), + .field_name = "header", + .item = &ASN1_OCTET_STRING_it, + }, + { + .flags = ASN1_TFLG_OPTIONAL, + .offset = offsetof(NETSCAPE_X509, cert), + .field_name = "cert", + .item = &X509_it, + }, +}; + +const ASN1_ITEM NETSCAPE_X509_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = NETSCAPE_X509_seq_tt, + .tcount = sizeof(NETSCAPE_X509_seq_tt) / sizeof(ASN1_TEMPLATE), + .size = sizeof(NETSCAPE_X509), + .sname = "NETSCAPE_X509", +}; + + +NETSCAPE_X509 * +d2i_NETSCAPE_X509(NETSCAPE_X509 **a, const unsigned char **in, long len) +{ + return (NETSCAPE_X509 *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &NETSCAPE_X509_it); +} + +int +i2d_NETSCAPE_X509(NETSCAPE_X509 *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &NETSCAPE_X509_it); +} + +NETSCAPE_X509 * +NETSCAPE_X509_new(void) +{ + return (NETSCAPE_X509 *)ASN1_item_new(&NETSCAPE_X509_it); +} + +void +NETSCAPE_X509_free(NETSCAPE_X509 *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &NETSCAPE_X509_it); +} diff --git a/src/lib/libcrypto/asn1/x_pkey.c b/src/lib/libcrypto/asn1/x_pkey.c index f1c6221ac3f..c946281f4a0 100644 --- a/src/lib/libcrypto/asn1/x_pkey.c +++ b/src/lib/libcrypto/asn1/x_pkey.c @@ -1,25 +1,25 @@ -/* crypto/asn1/x_pkey.c */ +/* $OpenBSD: x_pkey.c,v 1.20 2017/01/29 17:49:22 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,95 +57,65 @@ */ #include -#include "cryptlib.h" +#include + +#include #include #include -#include #include -/* need to implement */ -int i2d_X509_PKEY(X509_PKEY *a, unsigned char **pp) - { - return(0); - } - -X509_PKEY *d2i_X509_PKEY(X509_PKEY **a, unsigned char **pp, long length) - { - int i; - M_ASN1_D2I_vars(a,X509_PKEY *,X509_PKEY_new); - - M_ASN1_D2I_Init(); - M_ASN1_D2I_start_sequence(); - M_ASN1_D2I_get(ret->enc_algor,d2i_X509_ALGOR); - M_ASN1_D2I_get(ret->enc_pkey,d2i_ASN1_OCTET_STRING); +X509_PKEY * +X509_PKEY_new(void) +{ + X509_PKEY *ret = NULL; - ret->cipher.cipher=EVP_get_cipherbyname( - OBJ_nid2ln(OBJ_obj2nid(ret->enc_algor->algorithm))); - if (ret->cipher.cipher == NULL) - { - c.error=ASN1_R_UNSUPPORTED_CIPHER; - c.line=__LINE__; + if ((ret = malloc(sizeof(X509_PKEY))) == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); goto err; - } - if (ret->enc_algor->parameter->type == V_ASN1_OCTET_STRING) - { - i=ret->enc_algor->parameter->value.octet_string->length; - if (i > EVP_MAX_IV_LENGTH) - { - c.error=ASN1_R_IV_TOO_LARGE; - c.line=__LINE__; - goto err; - } - memcpy(ret->cipher.iv, - ret->enc_algor->parameter->value.octet_string->data,i); - } - else - memset(ret->cipher.iv,0,EVP_MAX_IV_LENGTH); - M_ASN1_D2I_Finish(a,X509_PKEY_free,ASN1_F_D2I_X509_PKEY); } + ret->version = 0; + if ((ret->enc_algor = X509_ALGOR_new()) == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); + goto err; + } + if ((ret->enc_pkey = ASN1_OCTET_STRING_new()) == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); + goto err; + } + ret->dec_pkey = NULL; + ret->key_length = 0; + ret->key_data = NULL; + ret->key_free = 0; + ret->cipher.cipher = NULL; + memset(ret->cipher.iv, 0, EVP_MAX_IV_LENGTH); + ret->references = 1; + return (ret); -X509_PKEY *X509_PKEY_new(void) - { - X509_PKEY *ret=NULL; - ASN1_CTX c; - - M_ASN1_New_Malloc(ret,X509_PKEY); - ret->version=0; - M_ASN1_New(ret->enc_algor,X509_ALGOR_new); - M_ASN1_New(ret->enc_pkey,M_ASN1_OCTET_STRING_new); - ret->dec_pkey=NULL; - ret->key_length=0; - ret->key_data=NULL; - ret->key_free=0; - ret->cipher.cipher=NULL; - memset(ret->cipher.iv,0,EVP_MAX_IV_LENGTH); - ret->references=1; - return(ret); - M_ASN1_New_Error(ASN1_F_X509_PKEY_NEW); +err: + if (ret) { + X509_ALGOR_free(ret->enc_algor); + free(ret); } + return NULL; +} -void X509_PKEY_free(X509_PKEY *x) - { +void +X509_PKEY_free(X509_PKEY *x) +{ int i; - if (x == NULL) return; + if (x == NULL) + return; - i=CRYPTO_add(&x->references,-1,CRYPTO_LOCK_X509_PKEY); -#ifdef REF_PRINT - REF_PRINT("X509_PKEY",x); -#endif - if (i > 0) return; -#ifdef REF_CHECK - if (i < 0) - { - fprintf(stderr,"X509_PKEY_free, bad reference count\n"); - abort(); - } -#endif + i = CRYPTO_add(&x->references, -1, CRYPTO_LOCK_X509_PKEY); + if (i > 0) + return; - if (x->enc_algor != NULL) X509_ALGOR_free(x->enc_algor); - if (x->enc_pkey != NULL) M_ASN1_OCTET_STRING_free(x->enc_pkey); - if (x->dec_pkey != NULL)EVP_PKEY_free(x->dec_pkey); - if ((x->key_data != NULL) && (x->key_free)) OPENSSL_free(x->key_data); - OPENSSL_free(x); - } + if (x->enc_algor != NULL) + X509_ALGOR_free(x->enc_algor); + ASN1_OCTET_STRING_free(x->enc_pkey); + EVP_PKEY_free(x->dec_pkey); + if ((x->key_data != NULL) && (x->key_free)) + free(x->key_data); + free(x); +} diff --git a/src/lib/libcrypto/asn1/x_pubkey.c b/src/lib/libcrypto/asn1/x_pubkey.c index d9585401206..ea67419cb20 100644 --- a/src/lib/libcrypto/asn1/x_pubkey.c +++ b/src/lib/libcrypto/asn1/x_pubkey.c @@ -1,25 +1,25 @@ -/* crypto/asn1/x_pubkey.c */ +/* $OpenBSD: x_pubkey.c,v 1.27 2018/03/17 14:55:39 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,198 +57,220 @@ */ #include -#include "cryptlib.h" + +#include + #include +#include #include +#ifndef OPENSSL_NO_DSA +#include +#endif +#ifndef OPENSSL_NO_RSA +#include +#endif + +#include "asn1_locl.h" + /* Minor tweak to operation: free up EVP_PKEY */ -static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) +static int +pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) { - if(operation == ASN1_OP_FREE_POST) { + if (operation == ASN1_OP_FREE_POST) { X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval; EVP_PKEY_free(pubkey->pkey); } return 1; } -ASN1_SEQUENCE_cb(X509_PUBKEY, pubkey_cb) = { - ASN1_SIMPLE(X509_PUBKEY, algor, X509_ALGOR), - ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING) -} ASN1_SEQUENCE_END_cb(X509_PUBKEY, X509_PUBKEY) +static const ASN1_AUX X509_PUBKEY_aux = { + .asn1_cb = pubkey_cb, +}; +static const ASN1_TEMPLATE X509_PUBKEY_seq_tt[] = { + { + .offset = offsetof(X509_PUBKEY, algor), + .field_name = "algor", + .item = &X509_ALGOR_it, + }, + { + .offset = offsetof(X509_PUBKEY, public_key), + .field_name = "public_key", + .item = &ASN1_BIT_STRING_it, + }, +}; -IMPLEMENT_ASN1_FUNCTIONS(X509_PUBKEY) +const ASN1_ITEM X509_PUBKEY_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = X509_PUBKEY_seq_tt, + .tcount = sizeof(X509_PUBKEY_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = &X509_PUBKEY_aux, + .size = sizeof(X509_PUBKEY), + .sname = "X509_PUBKEY", +}; -int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) - { - int ok=0; - X509_PUBKEY *pk; - X509_ALGOR *a; - ASN1_OBJECT *o; - unsigned char *s,*p = NULL; - int i; - - if (x == NULL) return(0); - - if ((pk=X509_PUBKEY_new()) == NULL) goto err; - a=pk->algor; - - /* set the algorithm id */ - if ((o=OBJ_nid2obj(pkey->type)) == NULL) goto err; - ASN1_OBJECT_free(a->algorithm); - a->algorithm=o; - - /* Set the parameter list */ - if (!pkey->save_parameters || (pkey->type == EVP_PKEY_RSA)) - { - if ((a->parameter == NULL) || - (a->parameter->type != V_ASN1_NULL)) - { - ASN1_TYPE_free(a->parameter); - a->parameter=ASN1_TYPE_new(); - a->parameter->type=V_ASN1_NULL; - } - } - else -#ifndef OPENSSL_NO_DSA - if (pkey->type == EVP_PKEY_DSA) - { - unsigned char *pp; - DSA *dsa; - - dsa=pkey->pkey.dsa; - dsa->write_params=0; - ASN1_TYPE_free(a->parameter); - i=i2d_DSAparams(dsa,NULL); - if ((p=(unsigned char *)OPENSSL_malloc(i)) == NULL) goto err; - pp=p; - i2d_DSAparams(dsa,&pp); - a->parameter=ASN1_TYPE_new(); - a->parameter->type=V_ASN1_SEQUENCE; - a->parameter->value.sequence=ASN1_STRING_new(); - ASN1_STRING_set(a->parameter->value.sequence,p,i); - OPENSSL_free(p); - } - else -#endif - { - X509err(X509_F_X509_PUBKEY_SET,X509_R_UNSUPPORTED_ALGORITHM); - goto err; - } - if ((i=i2d_PublicKey(pkey,NULL)) <= 0) goto err; - if ((s=(unsigned char *)OPENSSL_malloc(i+1)) == NULL) - { - X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); - goto err; +X509_PUBKEY * +d2i_X509_PUBKEY(X509_PUBKEY **a, const unsigned char **in, long len) +{ + return (X509_PUBKEY *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &X509_PUBKEY_it); +} + +int +i2d_X509_PUBKEY(X509_PUBKEY *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_PUBKEY_it); +} + +X509_PUBKEY * +X509_PUBKEY_new(void) +{ + return (X509_PUBKEY *)ASN1_item_new(&X509_PUBKEY_it); +} + +void +X509_PUBKEY_free(X509_PUBKEY *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &X509_PUBKEY_it); +} + +int +X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) +{ + X509_PUBKEY *pk = NULL; + + if (x == NULL) + return (0); + if ((pk = X509_PUBKEY_new()) == NULL) + goto error; + + if (pkey->ameth) { + if (pkey->ameth->pub_encode) { + if (!pkey->ameth->pub_encode(pk, pkey)) { + X509error(X509_R_PUBLIC_KEY_ENCODE_ERROR); + goto error; + } + } else { + X509error(X509_R_METHOD_NOT_SUPPORTED); + goto error; } - p=s; - i2d_PublicKey(pkey,&p); - if (!M_ASN1_BIT_STRING_set(pk->public_key,s,i)) goto err; - /* Set number of unused bits to zero */ - pk->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); - pk->public_key->flags|=ASN1_STRING_FLAG_BITS_LEFT; - - OPENSSL_free(s); - -#if 0 - CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); - pk->pkey=pkey; -#endif + } else { + X509error(X509_R_UNSUPPORTED_ALGORITHM); + goto error; + } if (*x != NULL) X509_PUBKEY_free(*x); - *x=pk; - pk=NULL; + *x = pk; - ok=1; -err: - if (pk != NULL) X509_PUBKEY_free(pk); - return(ok); - } + return 1; -EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) - { - EVP_PKEY *ret=NULL; - long j; - int type; - unsigned char *p; -#ifndef OPENSSL_NO_DSA - const unsigned char *cp; - X509_ALGOR *a; -#endif +error: + if (pk != NULL) + X509_PUBKEY_free(pk); + return 0; +} - if (key == NULL) goto err; +EVP_PKEY * +X509_PUBKEY_get0(X509_PUBKEY *key) +{ + EVP_PKEY *ret = NULL; + + if (key == NULL) + goto error; if (key->pkey != NULL) - { - CRYPTO_add(&key->pkey->references,1,CRYPTO_LOCK_EVP_PKEY); - return(key->pkey); - } - - if (key->public_key == NULL) goto err; - - type=OBJ_obj2nid(key->algor->algorithm); - p=key->public_key->data; - j=key->public_key->length; - if ((ret=d2i_PublicKey(type,NULL,&p,(long)j)) == NULL) - { - X509err(X509_F_X509_PUBKEY_GET,X509_R_ERR_ASN1_LIB); - goto err; - } - ret->save_parameters=0; + return key->pkey; -#ifndef OPENSSL_NO_DSA - a=key->algor; - if (ret->type == EVP_PKEY_DSA) - { - if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE)) - { - ret->pkey.dsa->write_params=0; - cp=p=a->parameter->value.sequence->data; - j=a->parameter->value.sequence->length; - if (!d2i_DSAparams(&ret->pkey.dsa,&cp,(long)j)) - goto err; - } - ret->save_parameters=1; + if (key->public_key == NULL) + goto error; + + if ((ret = EVP_PKEY_new()) == NULL) { + X509error(ERR_R_MALLOC_FAILURE); + goto error; + } + + if (!EVP_PKEY_set_type(ret, OBJ_obj2nid(key->algor->algorithm))) { + X509error(X509_R_UNSUPPORTED_ALGORITHM); + goto error; + } + + if (ret->ameth->pub_decode) { + if (!ret->ameth->pub_decode(ret, key)) { + X509error(X509_R_PUBLIC_KEY_DECODE_ERROR); + goto error; } -#endif - key->pkey=ret; - CRYPTO_add(&ret->references,1,CRYPTO_LOCK_EVP_PKEY); - return(ret); -err: - if (ret != NULL) + } else { + X509error(X509_R_METHOD_NOT_SUPPORTED); + goto error; + } + + /* Check to see if another thread set key->pkey first */ + CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY); + if (key->pkey) { + CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); EVP_PKEY_free(ret); - return(NULL); + ret = key->pkey; + } else { + key->pkey = ret; + CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); } + return ret; + +error: + EVP_PKEY_free(ret); + return (NULL); +} + +EVP_PKEY * +X509_PUBKEY_get(X509_PUBKEY *key) +{ + EVP_PKEY *pkey; + + if ((pkey = X509_PUBKEY_get0(key)) == NULL) + return (NULL); + + CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); + + return pkey; +} + /* Now two pseudo ASN1 routines that take an EVP_PKEY structure * and encode or decode as X509_PUBKEY */ -EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, unsigned char **pp, - long length) +EVP_PKEY * +d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length) { X509_PUBKEY *xpk; EVP_PKEY *pktmp; xpk = d2i_X509_PUBKEY(NULL, pp, length); - if(!xpk) return NULL; + if (!xpk) + return NULL; pktmp = X509_PUBKEY_get(xpk); X509_PUBKEY_free(xpk); - if(!pktmp) return NULL; - if(a) { + if (!pktmp) + return NULL; + if (a) { EVP_PKEY_free(*a); *a = pktmp; } return pktmp; } -int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp) +int +i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp) { - X509_PUBKEY *xpk=NULL; + X509_PUBKEY *xpk = NULL; int ret; - if(!a) return 0; - if(!X509_PUBKEY_set(&xpk, a)) return 0; + if (!a) + return 0; + if (!X509_PUBKEY_set(&xpk, a)) + return 0; ret = i2d_X509_PUBKEY(xpk, pp); X509_PUBKEY_free(xpk); return ret; @@ -258,34 +280,38 @@ int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp) * keys */ #ifndef OPENSSL_NO_RSA -RSA *d2i_RSA_PUBKEY(RSA **a, unsigned char **pp, - long length) +RSA * +d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length) { EVP_PKEY *pkey; RSA *key; - unsigned char *q; + const unsigned char *q; q = *pp; pkey = d2i_PUBKEY(NULL, &q, length); - if(!pkey) return NULL; + if (!pkey) + return NULL; key = EVP_PKEY_get1_RSA(pkey); EVP_PKEY_free(pkey); - if(!key) return NULL; + if (!key) + return NULL; *pp = q; - if(a) { + if (a) { RSA_free(*a); *a = key; } return key; } -int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp) +int +i2d_RSA_PUBKEY(RSA *a, unsigned char **pp) { EVP_PKEY *pktmp; int ret; - if(!a) return 0; + if (!a) + return 0; pktmp = EVP_PKEY_new(); - if(!pktmp) { - ASN1err(ASN1_F_I2D_RSA_PUBKEY, ERR_R_MALLOC_FAILURE); + if (!pktmp) { + ASN1error(ERR_R_MALLOC_FAILURE); return 0; } EVP_PKEY_set1_RSA(pktmp, a); @@ -296,34 +322,38 @@ int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp) #endif #ifndef OPENSSL_NO_DSA -DSA *d2i_DSA_PUBKEY(DSA **a, unsigned char **pp, - long length) +DSA * +d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length) { EVP_PKEY *pkey; DSA *key; - unsigned char *q; + const unsigned char *q; q = *pp; pkey = d2i_PUBKEY(NULL, &q, length); - if(!pkey) return NULL; + if (!pkey) + return NULL; key = EVP_PKEY_get1_DSA(pkey); EVP_PKEY_free(pkey); - if(!key) return NULL; + if (!key) + return NULL; *pp = q; - if(a) { + if (a) { DSA_free(*a); *a = key; } return key; } -int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp) +int +i2d_DSA_PUBKEY(DSA *a, unsigned char **pp) { EVP_PKEY *pktmp; int ret; - if(!a) return 0; + if (!a) + return 0; pktmp = EVP_PKEY_new(); - if(!pktmp) { - ASN1err(ASN1_F_I2D_DSA_PUBKEY, ERR_R_MALLOC_FAILURE); + if (!pktmp) { + ASN1error(ERR_R_MALLOC_FAILURE); return 0; } EVP_PKEY_set1_DSA(pktmp, a); @@ -332,3 +362,76 @@ int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp) return ret; } #endif + +#ifndef OPENSSL_NO_EC +EC_KEY * +d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length) +{ + EVP_PKEY *pkey; + EC_KEY *key; + const unsigned char *q; + q = *pp; + pkey = d2i_PUBKEY(NULL, &q, length); + if (!pkey) + return (NULL); + key = EVP_PKEY_get1_EC_KEY(pkey); + EVP_PKEY_free(pkey); + if (!key) + return (NULL); + *pp = q; + if (a) { + EC_KEY_free(*a); + *a = key; + } + return (key); +} + +int +i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp) +{ + EVP_PKEY *pktmp; + int ret; + if (!a) + return (0); + if ((pktmp = EVP_PKEY_new()) == NULL) { + ASN1error(ERR_R_MALLOC_FAILURE); + return (0); + } + EVP_PKEY_set1_EC_KEY(pktmp, a); + ret = i2d_PUBKEY(pktmp, pp); + EVP_PKEY_free(pktmp); + return (ret); +} +#endif + +int +X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, int ptype, + void *pval, unsigned char *penc, int penclen) +{ + if (!X509_ALGOR_set0(pub->algor, aobj, ptype, pval)) + return 0; + if (penc) { + free(pub->public_key->data); + pub->public_key->data = penc; + pub->public_key->length = penclen; + /* Set number of unused bits to zero */ + pub->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); + pub->public_key->flags |= ASN1_STRING_FLAG_BITS_LEFT; + } + return 1; +} + +int +X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, const unsigned char **pk, + int *ppklen, X509_ALGOR **pa, X509_PUBKEY *pub) +{ + if (ppkalg) + *ppkalg = pub->algor->algorithm; + if (pk) { + *pk = pub->public_key->data; + *ppklen = pub->public_key->length; + } + if (pa) + *pa = pub->algor; + return 1; +} diff --git a/src/lib/libcrypto/asn1/x_req.c b/src/lib/libcrypto/asn1/x_req.c index b3f18ebc12f..eb5210aef6c 100644 --- a/src/lib/libcrypto/asn1/x_req.c +++ b/src/lib/libcrypto/asn1/x_req.c @@ -1,25 +1,25 @@ -/* crypto/asn1/x_req.c */ +/* $OpenBSD: x_req.c,v 1.17 2018/02/22 16:50:30 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" + #include #include @@ -66,7 +66,7 @@ * encode the attributes field if it is empty. This is in * violation of PKCS#10 but we need to tolerate it. We do * this by making the attributes field OPTIONAL then using - * the callback to initialise it to an empty STACK. + * the callback to initialise it to an empty STACK. * * This means that the field will be correctly encoded unless * we NULL out the field. @@ -79,34 +79,165 @@ * */ -static int rinf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) +static int +rinf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) { X509_REQ_INFO *rinf = (X509_REQ_INFO *)*pval; - if(operation == ASN1_OP_NEW_POST) { + if (operation == ASN1_OP_NEW_POST) { rinf->attributes = sk_X509_ATTRIBUTE_new_null(); - if(!rinf->attributes) return 0; + if (!rinf->attributes) + return 0; } return 1; } -ASN1_SEQUENCE_enc(X509_REQ_INFO, enc, rinf_cb) = { - ASN1_SIMPLE(X509_REQ_INFO, version, ASN1_INTEGER), - ASN1_SIMPLE(X509_REQ_INFO, subject, X509_NAME), - ASN1_SIMPLE(X509_REQ_INFO, pubkey, X509_PUBKEY), +static const ASN1_AUX X509_REQ_INFO_aux = { + .flags = ASN1_AFLG_ENCODING, + .asn1_cb = rinf_cb, + .enc_offset = offsetof(X509_REQ_INFO, enc), +}; +static const ASN1_TEMPLATE X509_REQ_INFO_seq_tt[] = { + { + .offset = offsetof(X509_REQ_INFO, version), + .field_name = "version", + .item = &ASN1_INTEGER_it, + }, + { + .offset = offsetof(X509_REQ_INFO, subject), + .field_name = "subject", + .item = &X509_NAME_it, + }, + { + .offset = offsetof(X509_REQ_INFO, pubkey), + .field_name = "pubkey", + .item = &X509_PUBKEY_it, + }, /* This isn't really OPTIONAL but it gets round invalid * encodings */ - ASN1_IMP_SET_OF_OPT(X509_REQ_INFO, attributes, X509_ATTRIBUTE, 0) -} ASN1_SEQUENCE_END_enc(X509_REQ_INFO, X509_REQ_INFO) + { + .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL, + .offset = offsetof(X509_REQ_INFO, attributes), + .field_name = "attributes", + .item = &X509_ATTRIBUTE_it, + }, +}; + +const ASN1_ITEM X509_REQ_INFO_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = X509_REQ_INFO_seq_tt, + .tcount = sizeof(X509_REQ_INFO_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = &X509_REQ_INFO_aux, + .size = sizeof(X509_REQ_INFO), + .sname = "X509_REQ_INFO", +}; + + +X509_REQ_INFO * +d2i_X509_REQ_INFO(X509_REQ_INFO **a, const unsigned char **in, long len) +{ + return (X509_REQ_INFO *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &X509_REQ_INFO_it); +} + +int +i2d_X509_REQ_INFO(X509_REQ_INFO *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_REQ_INFO_it); +} + +X509_REQ_INFO * +X509_REQ_INFO_new(void) +{ + return (X509_REQ_INFO *)ASN1_item_new(&X509_REQ_INFO_it); +} + +void +X509_REQ_INFO_free(X509_REQ_INFO *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &X509_REQ_INFO_it); +} + +static const ASN1_AUX X509_REQ_aux = { + .app_data = NULL, + .flags = ASN1_AFLG_REFCOUNT, + .ref_offset = offsetof(X509_REQ, references), + .ref_lock = CRYPTO_LOCK_X509_REQ, +}; +static const ASN1_TEMPLATE X509_REQ_seq_tt[] = { + { + .offset = offsetof(X509_REQ, req_info), + .field_name = "req_info", + .item = &X509_REQ_INFO_it, + }, + { + .offset = offsetof(X509_REQ, sig_alg), + .field_name = "sig_alg", + .item = &X509_ALGOR_it, + }, + { + .offset = offsetof(X509_REQ, signature), + .field_name = "signature", + .item = &ASN1_BIT_STRING_it, + }, +}; -IMPLEMENT_ASN1_FUNCTIONS(X509_REQ_INFO) +const ASN1_ITEM X509_REQ_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = X509_REQ_seq_tt, + .tcount = sizeof(X509_REQ_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = &X509_REQ_aux, + .size = sizeof(X509_REQ), + .sname = "X509_REQ", +}; -ASN1_SEQUENCE_ref(X509_REQ, 0, CRYPTO_LOCK_X509_INFO) = { - ASN1_SIMPLE(X509_REQ, req_info, X509_REQ_INFO), - ASN1_SIMPLE(X509_REQ, sig_alg, X509_ALGOR), - ASN1_SIMPLE(X509_REQ, signature, ASN1_BIT_STRING) -} ASN1_SEQUENCE_END_ref(X509_REQ, X509_REQ) -IMPLEMENT_ASN1_FUNCTIONS(X509_REQ) -IMPLEMENT_ASN1_DUP_FUNCTION(X509_REQ) +X509_REQ * +d2i_X509_REQ(X509_REQ **a, const unsigned char **in, long len) +{ + return (X509_REQ *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &X509_REQ_it); +} + +int +i2d_X509_REQ(X509_REQ *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_REQ_it); +} + +X509_REQ * +X509_REQ_new(void) +{ + return (X509_REQ *)ASN1_item_new(&X509_REQ_it); +} + +void +X509_REQ_free(X509_REQ *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &X509_REQ_it); +} + +X509_REQ * +X509_REQ_dup(X509_REQ *x) +{ + return ASN1_item_dup(&X509_REQ_it, x); +} + +int +X509_REQ_get_signature_nid(const X509_REQ *req) +{ + return OBJ_obj2nid(req->sig_alg->algorithm); +} + +void +X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg) +{ + if (psig != NULL) + *psig = req->signature; + if (palg != NULL) + *palg = req->sig_alg; +} diff --git a/src/lib/libcrypto/asn1/x_sig.c b/src/lib/libcrypto/asn1/x_sig.c index 42efa86c1cd..702bc40e558 100644 --- a/src/lib/libcrypto/asn1/x_sig.c +++ b/src/lib/libcrypto/asn1/x_sig.c @@ -1,25 +1,25 @@ -/* crypto/asn1/x_sig.c */ +/* $OpenBSD: x_sig.c,v 1.11 2015/02/11 04:00:39 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,13 +57,54 @@ */ #include -#include "cryptlib.h" + #include #include -ASN1_SEQUENCE(X509_SIG) = { - ASN1_SIMPLE(X509_SIG, algor, X509_ALGOR), - ASN1_SIMPLE(X509_SIG, digest, ASN1_OCTET_STRING) -} ASN1_SEQUENCE_END(X509_SIG) +static const ASN1_TEMPLATE X509_SIG_seq_tt[] = { + { + .offset = offsetof(X509_SIG, algor), + .field_name = "algor", + .item = &X509_ALGOR_it, + }, + { + .offset = offsetof(X509_SIG, digest), + .field_name = "digest", + .item = &ASN1_OCTET_STRING_it, + }, +}; + +const ASN1_ITEM X509_SIG_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = X509_SIG_seq_tt, + .tcount = sizeof(X509_SIG_seq_tt) / sizeof(ASN1_TEMPLATE), + .size = sizeof(X509_SIG), + .sname = "X509_SIG", +}; + + +X509_SIG * +d2i_X509_SIG(X509_SIG **a, const unsigned char **in, long len) +{ + return (X509_SIG *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &X509_SIG_it); +} + +int +i2d_X509_SIG(X509_SIG *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_SIG_it); +} + +X509_SIG * +X509_SIG_new(void) +{ + return (X509_SIG *)ASN1_item_new(&X509_SIG_it); +} -IMPLEMENT_ASN1_FUNCTIONS(X509_SIG) +void +X509_SIG_free(X509_SIG *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &X509_SIG_it); +} diff --git a/src/lib/libcrypto/asn1/x_spki.c b/src/lib/libcrypto/asn1/x_spki.c index 2aece077c53..2aa860feb91 100644 --- a/src/lib/libcrypto/asn1/x_spki.c +++ b/src/lib/libcrypto/asn1/x_spki.c @@ -1,25 +1,25 @@ -/* crypto/asn1/x_spki.c */ +/* $OpenBSD: x_spki.c,v 1.11 2015/02/11 04:00:39 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -61,21 +61,114 @@ */ #include -#include "cryptlib.h" + #include #include -ASN1_SEQUENCE(NETSCAPE_SPKAC) = { - ASN1_SIMPLE(NETSCAPE_SPKAC, pubkey, X509_PUBKEY), - ASN1_SIMPLE(NETSCAPE_SPKAC, challenge, ASN1_IA5STRING) -} ASN1_SEQUENCE_END(NETSCAPE_SPKAC) +static const ASN1_TEMPLATE NETSCAPE_SPKAC_seq_tt[] = { + { + .offset = offsetof(NETSCAPE_SPKAC, pubkey), + .field_name = "pubkey", + .item = &X509_PUBKEY_it, + }, + { + .offset = offsetof(NETSCAPE_SPKAC, challenge), + .field_name = "challenge", + .item = &ASN1_IA5STRING_it, + }, +}; + +const ASN1_ITEM NETSCAPE_SPKAC_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = NETSCAPE_SPKAC_seq_tt, + .tcount = sizeof(NETSCAPE_SPKAC_seq_tt) / sizeof(ASN1_TEMPLATE), + .size = sizeof(NETSCAPE_SPKAC), + .sname = "NETSCAPE_SPKAC", +}; + + +NETSCAPE_SPKAC * +d2i_NETSCAPE_SPKAC(NETSCAPE_SPKAC **a, const unsigned char **in, long len) +{ + return (NETSCAPE_SPKAC *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &NETSCAPE_SPKAC_it); +} + +int +i2d_NETSCAPE_SPKAC(NETSCAPE_SPKAC *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &NETSCAPE_SPKAC_it); +} + +NETSCAPE_SPKAC * +NETSCAPE_SPKAC_new(void) +{ + return (NETSCAPE_SPKAC *)ASN1_item_new(&NETSCAPE_SPKAC_it); +} + +void +NETSCAPE_SPKAC_free(NETSCAPE_SPKAC *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &NETSCAPE_SPKAC_it); +} + +static const ASN1_TEMPLATE NETSCAPE_SPKI_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(NETSCAPE_SPKI, spkac), + .field_name = "spkac", + .item = &NETSCAPE_SPKAC_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(NETSCAPE_SPKI, sig_algor), + .field_name = "sig_algor", + .item = &X509_ALGOR_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(NETSCAPE_SPKI, signature), + .field_name = "signature", + .item = &ASN1_BIT_STRING_it, + }, +}; + +const ASN1_ITEM NETSCAPE_SPKI_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = NETSCAPE_SPKI_seq_tt, + .tcount = sizeof(NETSCAPE_SPKI_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(NETSCAPE_SPKI), + .sname = "NETSCAPE_SPKI", +}; + + +NETSCAPE_SPKI * +d2i_NETSCAPE_SPKI(NETSCAPE_SPKI **a, const unsigned char **in, long len) +{ + return (NETSCAPE_SPKI *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &NETSCAPE_SPKI_it); +} -IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_SPKAC) +int +i2d_NETSCAPE_SPKI(NETSCAPE_SPKI *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &NETSCAPE_SPKI_it); +} -ASN1_SEQUENCE(NETSCAPE_SPKI) = { - ASN1_SIMPLE(NETSCAPE_SPKI, spkac, NETSCAPE_SPKAC), - ASN1_SIMPLE(NETSCAPE_SPKI, sig_algor, X509_ALGOR), - ASN1_SIMPLE(NETSCAPE_SPKI, signature, ASN1_BIT_STRING) -} ASN1_SEQUENCE_END(NETSCAPE_SPKI) +NETSCAPE_SPKI * +NETSCAPE_SPKI_new(void) +{ + return (NETSCAPE_SPKI *)ASN1_item_new(&NETSCAPE_SPKI_it); +} -IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_SPKI) +void +NETSCAPE_SPKI_free(NETSCAPE_SPKI *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &NETSCAPE_SPKI_it); +} diff --git a/src/lib/libcrypto/asn1/x_val.c b/src/lib/libcrypto/asn1/x_val.c index dc17c67758c..eb2ba783bb1 100644 --- a/src/lib/libcrypto/asn1/x_val.c +++ b/src/lib/libcrypto/asn1/x_val.c @@ -1,25 +1,25 @@ -/* crypto/asn1/x_val.c */ +/* $OpenBSD: x_val.c,v 1.11 2015/02/11 04:00:39 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,13 +57,54 @@ */ #include -#include "cryptlib.h" + #include #include -ASN1_SEQUENCE(X509_VAL) = { - ASN1_SIMPLE(X509_VAL, notBefore, ASN1_TIME), - ASN1_SIMPLE(X509_VAL, notAfter, ASN1_TIME) -} ASN1_SEQUENCE_END(X509_VAL) +static const ASN1_TEMPLATE X509_VAL_seq_tt[] = { + { + .offset = offsetof(X509_VAL, notBefore), + .field_name = "notBefore", + .item = &ASN1_TIME_it, + }, + { + .offset = offsetof(X509_VAL, notAfter), + .field_name = "notAfter", + .item = &ASN1_TIME_it, + }, +}; + +const ASN1_ITEM X509_VAL_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = X509_VAL_seq_tt, + .tcount = sizeof(X509_VAL_seq_tt) / sizeof(ASN1_TEMPLATE), + .size = sizeof(X509_VAL), + .sname = "X509_VAL", +}; + + +X509_VAL * +d2i_X509_VAL(X509_VAL **a, const unsigned char **in, long len) +{ + return (X509_VAL *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &X509_VAL_it); +} + +int +i2d_X509_VAL(X509_VAL *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_VAL_it); +} + +X509_VAL * +X509_VAL_new(void) +{ + return (X509_VAL *)ASN1_item_new(&X509_VAL_it); +} -IMPLEMENT_ASN1_FUNCTIONS(X509_VAL) +void +X509_VAL_free(X509_VAL *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &X509_VAL_it); +} diff --git a/src/lib/libcrypto/asn1/x_x509.c b/src/lib/libcrypto/asn1/x_x509.c index b50167ce433..6a56a795c0b 100644 --- a/src/lib/libcrypto/asn1/x_x509.c +++ b/src/lib/libcrypto/asn1/x_x509.c @@ -1,25 +1,25 @@ -/* crypto/asn1/x_x509.c */ +/* $OpenBSD: x_x509.c,v 1.26 2018/02/17 15:50:42 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,101 +57,245 @@ */ #include -#include "cryptlib.h" -#include + +#include + #include +#include #include #include -ASN1_SEQUENCE(X509_CINF) = { - ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0), - ASN1_SIMPLE(X509_CINF, serialNumber, ASN1_INTEGER), - ASN1_SIMPLE(X509_CINF, signature, X509_ALGOR), - ASN1_SIMPLE(X509_CINF, issuer, X509_NAME), - ASN1_SIMPLE(X509_CINF, validity, X509_VAL), - ASN1_SIMPLE(X509_CINF, subject, X509_NAME), - ASN1_SIMPLE(X509_CINF, key, X509_PUBKEY), - ASN1_IMP_OPT(X509_CINF, issuerUID, ASN1_BIT_STRING, 1), - ASN1_IMP_OPT(X509_CINF, subjectUID, ASN1_BIT_STRING, 2), - ASN1_EXP_SEQUENCE_OF_OPT(X509_CINF, extensions, X509_EXTENSION, 3) -} ASN1_SEQUENCE_END(X509_CINF) - -IMPLEMENT_ASN1_FUNCTIONS(X509_CINF) +static const ASN1_AUX X509_CINF_aux = { + .flags = ASN1_AFLG_ENCODING, + .enc_offset = offsetof(X509_CINF, enc), +}; +static const ASN1_TEMPLATE X509_CINF_seq_tt[] = { + { + .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL, + .offset = offsetof(X509_CINF, version), + .field_name = "version", + .item = &ASN1_INTEGER_it, + }, + { + .offset = offsetof(X509_CINF, serialNumber), + .field_name = "serialNumber", + .item = &ASN1_INTEGER_it, + }, + { + .offset = offsetof(X509_CINF, signature), + .field_name = "signature", + .item = &X509_ALGOR_it, + }, + { + .offset = offsetof(X509_CINF, issuer), + .field_name = "issuer", + .item = &X509_NAME_it, + }, + { + .offset = offsetof(X509_CINF, validity), + .field_name = "validity", + .item = &X509_VAL_it, + }, + { + .offset = offsetof(X509_CINF, subject), + .field_name = "subject", + .item = &X509_NAME_it, + }, + { + .offset = offsetof(X509_CINF, key), + .field_name = "key", + .item = &X509_PUBKEY_it, + }, + { + .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL, + .tag = 1, + .offset = offsetof(X509_CINF, issuerUID), + .field_name = "issuerUID", + .item = &ASN1_BIT_STRING_it, + }, + { + .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL, + .tag = 2, + .offset = offsetof(X509_CINF, subjectUID), + .field_name = "subjectUID", + .item = &ASN1_BIT_STRING_it, + }, + { + .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_SEQUENCE_OF | + ASN1_TFLG_OPTIONAL, + .tag = 3, + .offset = offsetof(X509_CINF, extensions), + .field_name = "extensions", + .item = &X509_EXTENSION_it, + }, +}; + +const ASN1_ITEM X509_CINF_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = X509_CINF_seq_tt, + .tcount = sizeof(X509_CINF_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = &X509_CINF_aux, + .size = sizeof(X509_CINF), + .sname = "X509_CINF", +}; + + +X509_CINF * +d2i_X509_CINF(X509_CINF **a, const unsigned char **in, long len) +{ + return (X509_CINF *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &X509_CINF_it); +} + +int +i2d_X509_CINF(X509_CINF *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_CINF_it); +} + +X509_CINF * +X509_CINF_new(void) +{ + return (X509_CINF *)ASN1_item_new(&X509_CINF_it); +} + +void +X509_CINF_free(X509_CINF *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &X509_CINF_it); +} /* X509 top level structure needs a bit of customisation */ -static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) +extern void policy_cache_free(X509_POLICY_CACHE *cache); + +static int +x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) { X509 *ret = (X509 *)*pval; - switch(operation) { + switch (operation) { - case ASN1_OP_NEW_POST: - ret->valid=0; + case ASN1_OP_NEW_POST: + ret->valid = 0; ret->name = NULL; ret->ex_flags = 0; ret->ex_pathlen = -1; ret->skid = NULL; ret->akid = NULL; ret->aux = NULL; + ret->crldp = NULL; CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data); break; - case ASN1_OP_D2I_POST: - if (ret->name != NULL) OPENSSL_free(ret->name); - ret->name=X509_NAME_oneline(ret->cert_info->subject,NULL,0); + case ASN1_OP_D2I_POST: + free(ret->name); + ret->name = X509_NAME_oneline(ret->cert_info->subject, NULL, 0); break; - case ASN1_OP_FREE_POST: + case ASN1_OP_FREE_POST: CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data); X509_CERT_AUX_free(ret->aux); ASN1_OCTET_STRING_free(ret->skid); AUTHORITY_KEYID_free(ret->akid); - - if (ret->name != NULL) OPENSSL_free(ret->name); + CRL_DIST_POINTS_free(ret->crldp); + policy_cache_free(ret->policy_cache); + GENERAL_NAMES_free(ret->altname); + NAME_CONSTRAINTS_free(ret->nc); + free(ret->name); + ret->name = NULL; break; - } return 1; +} +static const ASN1_AUX X509_aux = { + .app_data = NULL, + .flags = ASN1_AFLG_REFCOUNT, + .ref_offset = offsetof(X509, references), + .ref_lock = CRYPTO_LOCK_X509, + .asn1_cb = x509_cb, +}; +static const ASN1_TEMPLATE X509_seq_tt[] = { + { + .offset = offsetof(X509, cert_info), + .field_name = "cert_info", + .item = &X509_CINF_it, + }, + { + .offset = offsetof(X509, sig_alg), + .field_name = "sig_alg", + .item = &X509_ALGOR_it, + }, + { + .offset = offsetof(X509, signature), + .field_name = "signature", + .item = &ASN1_BIT_STRING_it, + }, +}; + +const ASN1_ITEM X509_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = X509_seq_tt, + .tcount = sizeof(X509_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = &X509_aux, + .size = sizeof(X509), + .sname = "X509", +}; + + +X509 * +d2i_X509(X509 **a, const unsigned char **in, long len) +{ + return (X509 *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &X509_it); } -ASN1_SEQUENCE_ref(X509, x509_cb, CRYPTO_LOCK_X509) = { - ASN1_SIMPLE(X509, cert_info, X509_CINF), - ASN1_SIMPLE(X509, sig_alg, X509_ALGOR), - ASN1_SIMPLE(X509, signature, ASN1_BIT_STRING) -} ASN1_SEQUENCE_END_ref(X509, X509) +int +i2d_X509(X509 *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_it); +} -IMPLEMENT_ASN1_FUNCTIONS(X509) -IMPLEMENT_ASN1_DUP_FUNCTION(X509) +X509 * +X509_new(void) +{ + return (X509 *)ASN1_item_new(&X509_it); +} -static ASN1_METHOD meth={ - (int (*)()) i2d_X509, - (char *(*)())d2i_X509, - (char *(*)())X509_new, - (void (*)()) X509_free}; +void +X509_free(X509 *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &X509_it); +} -ASN1_METHOD *X509_asn1_meth(void) - { - return(&meth); - } +X509 * +X509_dup(X509 *x) +{ + return ASN1_item_dup(&X509_it, x); +} -int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) - { +int +X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) +{ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, argl, argp, - new_func, dup_func, free_func); - } + new_func, dup_func, free_func); +} -int X509_set_ex_data(X509 *r, int idx, void *arg) - { - return(CRYPTO_set_ex_data(&r->ex_data,idx,arg)); - } +int +X509_set_ex_data(X509 *r, int idx, void *arg) +{ + return (CRYPTO_set_ex_data(&r->ex_data, idx, arg)); +} -void *X509_get_ex_data(X509 *r, int idx) - { - return(CRYPTO_get_ex_data(&r->ex_data,idx)); - } +void * +X509_get_ex_data(X509 *r, int idx) +{ + return (CRYPTO_get_ex_data(&r->ex_data, idx)); +} /* X509_AUX ASN1 routines. X509_AUX is the name given to * a certificate with extra info tagged on the end. Since these @@ -161,29 +305,58 @@ void *X509_get_ex_data(X509 *r, int idx) * */ -X509 *d2i_X509_AUX(X509 **a, unsigned char **pp, long length) +X509 * +d2i_X509_AUX(X509 **a, const unsigned char **pp, long length) { - unsigned char *q; + const unsigned char *q; X509 *ret; + /* Save start position */ q = *pp; - ret = d2i_X509(a, pp, length); + ret = d2i_X509(NULL, pp, length); /* If certificate unreadable then forget it */ - if(!ret) return NULL; + if (!ret) + return NULL; /* update length */ length -= *pp - q; - if(!length) return ret; - if(!d2i_X509_CERT_AUX(&ret->aux, pp, length)) goto err; + if (length > 0) { + if (!d2i_X509_CERT_AUX(&ret->aux, pp, length)) + goto err; + } + if (a != NULL) { + X509_free(*a); + *a = ret; + } return ret; - err: + +err: X509_free(ret); return NULL; } -int i2d_X509_AUX(X509 *a, unsigned char **pp) +int +i2d_X509_AUX(X509 *a, unsigned char **pp) { int length; + length = i2d_X509(a, pp); - if(a) length += i2d_X509_CERT_AUX(a->aux, pp); + if (a) + length += i2d_X509_CERT_AUX(a->aux, pp); return length; } + +void +X509_get0_signature(const ASN1_BIT_STRING **psig, const X509_ALGOR **palg, + const X509 *x) +{ + if (psig != NULL) + *psig = x->signature; + if (palg != NULL) + *palg = x->sig_alg; +} + +int +X509_get_signature_nid(const X509 *x) +{ + return OBJ_obj2nid(x->sig_alg->algorithm); +} diff --git a/src/lib/libcrypto/asn1/x_x509a.c b/src/lib/libcrypto/asn1/x_x509a.c index f244768b7e1..b0d7150b930 100644 --- a/src/lib/libcrypto/asn1/x_x509a.c +++ b/src/lib/libcrypto/asn1/x_x509a.c @@ -1,5 +1,5 @@ -/* a_x509a.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: x_x509a.c,v 1.15 2018/05/01 19:01:27 tb Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,95 +57,269 @@ */ #include -#include "cryptlib.h" -#include + #include +#include #include /* X509_CERT_AUX routines. These are used to encode additional * user modifiable data about a certificate. This data is * appended to the X509 encoding when the *_X509_AUX routines * are used. This means that the "traditional" X509 routines - * will simply ignore the extra data. + * will simply ignore the extra data. */ static X509_CERT_AUX *aux_get(X509 *x); -ASN1_SEQUENCE(X509_CERT_AUX) = { - ASN1_SEQUENCE_OF_OPT(X509_CERT_AUX, trust, ASN1_OBJECT), - ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, reject, ASN1_OBJECT, 0), - ASN1_OPT(X509_CERT_AUX, alias, ASN1_UTF8STRING), - ASN1_OPT(X509_CERT_AUX, keyid, ASN1_OCTET_STRING), - ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, other, X509_ALGOR, 1) -} ASN1_SEQUENCE_END(X509_CERT_AUX) +static const ASN1_TEMPLATE X509_CERT_AUX_seq_tt[] = { + { + .flags = ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL, + .offset = offsetof(X509_CERT_AUX, trust), + .field_name = "trust", + .item = &ASN1_OBJECT_it, + }, + { + .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SEQUENCE_OF | + ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(X509_CERT_AUX, reject), + .field_name = "reject", + .item = &ASN1_OBJECT_it, + }, + { + .flags = ASN1_TFLG_OPTIONAL, + .offset = offsetof(X509_CERT_AUX, alias), + .field_name = "alias", + .item = &ASN1_UTF8STRING_it, + }, + { + .flags = ASN1_TFLG_OPTIONAL, + .offset = offsetof(X509_CERT_AUX, keyid), + .field_name = "keyid", + .item = &ASN1_OCTET_STRING_it, + }, + { + .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SEQUENCE_OF | + ASN1_TFLG_OPTIONAL, + .tag = 1, + .offset = offsetof(X509_CERT_AUX, other), + .field_name = "other", + .item = &X509_ALGOR_it, + }, +}; + +const ASN1_ITEM X509_CERT_AUX_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = X509_CERT_AUX_seq_tt, + .tcount = sizeof(X509_CERT_AUX_seq_tt) / sizeof(ASN1_TEMPLATE), + .size = sizeof(X509_CERT_AUX), + .sname = "X509_CERT_AUX", +}; + + +X509_CERT_AUX * +d2i_X509_CERT_AUX(X509_CERT_AUX **a, const unsigned char **in, long len) +{ + return (X509_CERT_AUX *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &X509_CERT_AUX_it); +} + +int +i2d_X509_CERT_AUX(X509_CERT_AUX *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_CERT_AUX_it); +} + +X509_CERT_AUX * +X509_CERT_AUX_new(void) +{ + return (X509_CERT_AUX *)ASN1_item_new(&X509_CERT_AUX_it); +} -IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_AUX) +void +X509_CERT_AUX_free(X509_CERT_AUX *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &X509_CERT_AUX_it); +} -static X509_CERT_AUX *aux_get(X509 *x) +static X509_CERT_AUX * +aux_get(X509 *x) { - if(!x) return NULL; - if(!x->aux && !(x->aux = X509_CERT_AUX_new())) return NULL; + if (!x) + return NULL; + if (!x->aux && !(x->aux = X509_CERT_AUX_new())) + return NULL; return x->aux; } -int X509_alias_set1(X509 *x, unsigned char *name, int len) +int +X509_alias_set1(X509 *x, const unsigned char *name, int len) { X509_CERT_AUX *aux; - if(!(aux = aux_get(x))) return 0; - if(!aux->alias && !(aux->alias = ASN1_UTF8STRING_new())) return 0; + if (!name) { + if (!x || !x->aux || !x->aux->alias) + return 1; + ASN1_UTF8STRING_free(x->aux->alias); + x->aux->alias = NULL; + return 1; + } + if (!(aux = aux_get(x))) + return 0; + if (!aux->alias && !(aux->alias = ASN1_UTF8STRING_new())) + return 0; return ASN1_STRING_set(aux->alias, name, len); } -int X509_keyid_set1(X509 *x, unsigned char *id, int len) +int +X509_keyid_set1(X509 *x, const unsigned char *id, int len) { X509_CERT_AUX *aux; - if(!(aux = aux_get(x))) return 0; - if(!aux->keyid && !(aux->keyid = ASN1_OCTET_STRING_new())) return 0; + if (!id) { + if (!x || !x->aux || !x->aux->keyid) + return 1; + ASN1_OCTET_STRING_free(x->aux->keyid); + x->aux->keyid = NULL; + return 1; + } + if (!(aux = aux_get(x))) + return 0; + if (!aux->keyid && !(aux->keyid = ASN1_OCTET_STRING_new())) + return 0; return ASN1_STRING_set(aux->keyid, id, len); } -unsigned char *X509_alias_get0(X509 *x, int *len) +unsigned char * +X509_alias_get0(X509 *x, int *len) { - if(!x->aux || !x->aux->alias) return NULL; - if(len) *len = x->aux->alias->length; + if (!x->aux || !x->aux->alias) + return NULL; + if (len) + *len = x->aux->alias->length; return x->aux->alias->data; } -int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj) +unsigned char * +X509_keyid_get0(X509 *x, int *len) +{ + if (!x->aux || !x->aux->keyid) + return NULL; + if (len) + *len = x->aux->keyid->length; + return x->aux->keyid->data; +} + +int +X509_add1_trust_object(X509 *x, const ASN1_OBJECT *obj) { X509_CERT_AUX *aux; ASN1_OBJECT *objtmp; - if(!(objtmp = OBJ_dup(obj))) return 0; - if(!(aux = aux_get(x))) return 0; - if(!aux->trust - && !(aux->trust = sk_ASN1_OBJECT_new_null())) return 0; - return sk_ASN1_OBJECT_push(aux->trust, objtmp); + int rc; + + if (!(objtmp = OBJ_dup(obj))) + return 0; + if (!(aux = aux_get(x))) + goto err; + if (!aux->trust && !(aux->trust = sk_ASN1_OBJECT_new_null())) + goto err; + rc = sk_ASN1_OBJECT_push(aux->trust, objtmp); + if (rc != 0) + return rc; + +err: + ASN1_OBJECT_free(objtmp); + return 0; } -int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj) +int +X509_add1_reject_object(X509 *x, const ASN1_OBJECT *obj) { X509_CERT_AUX *aux; ASN1_OBJECT *objtmp; - if(!(objtmp = OBJ_dup(obj))) return 0; - if(!(aux = aux_get(x))) return 0; - if(!aux->reject - && !(aux->reject = sk_ASN1_OBJECT_new_null())) return 0; - return sk_ASN1_OBJECT_push(aux->reject, objtmp); + int rc; + + if (!(objtmp = OBJ_dup(obj))) + return 0; + if (!(aux = aux_get(x))) + goto err; + if (!aux->reject && !(aux->reject = sk_ASN1_OBJECT_new_null())) + goto err; + rc = sk_ASN1_OBJECT_push(aux->reject, objtmp); + if (rc != 0) + return rc; + +err: + ASN1_OBJECT_free(objtmp); + return 0; } -void X509_trust_clear(X509 *x) +void +X509_trust_clear(X509 *x) { - if(x->aux && x->aux->trust) { + if (x->aux && x->aux->trust) { sk_ASN1_OBJECT_pop_free(x->aux->trust, ASN1_OBJECT_free); x->aux->trust = NULL; } } -void X509_reject_clear(X509 *x) +void +X509_reject_clear(X509 *x) { - if(x->aux && x->aux->reject) { + if (x->aux && x->aux->reject) { sk_ASN1_OBJECT_pop_free(x->aux->reject, ASN1_OBJECT_free); x->aux->reject = NULL; } } +static const ASN1_TEMPLATE X509_CERT_PAIR_seq_tt[] = { + { + .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(X509_CERT_PAIR, forward), + .field_name = "forward", + .item = &X509_it, + }, + { + .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL, + .tag = 1, + .offset = offsetof(X509_CERT_PAIR, reverse), + .field_name = "reverse", + .item = &X509_it, + }, +}; + +const ASN1_ITEM X509_CERT_PAIR_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = X509_CERT_PAIR_seq_tt, + .tcount = sizeof(X509_CERT_PAIR_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(X509_CERT_PAIR), + .sname = "X509_CERT_PAIR", +}; + + +X509_CERT_PAIR * +d2i_X509_CERT_PAIR(X509_CERT_PAIR **a, const unsigned char **in, long len) +{ + return (X509_CERT_PAIR *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &X509_CERT_PAIR_it); +} + +int +i2d_X509_CERT_PAIR(X509_CERT_PAIR *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_CERT_PAIR_it); +} + +X509_CERT_PAIR * +X509_CERT_PAIR_new(void) +{ + return (X509_CERT_PAIR *)ASN1_item_new(&X509_CERT_PAIR_it); +} + +void +X509_CERT_PAIR_free(X509_CERT_PAIR *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &X509_CERT_PAIR_it); +} diff --git a/src/lib/libcrypto/bf/Makefile.ssl b/src/lib/libcrypto/bf/Makefile.ssl deleted file mode 100644 index e304d33732b..00000000000 --- a/src/lib/libcrypto/bf/Makefile.ssl +++ /dev/null @@ -1,120 +0,0 @@ -# -# SSLeay/crypto/blowfish/Makefile -# - -DIR= bf -TOP= ../.. -CC= cc -CPP= $(CC) -E -INCLUDES= -CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKE= make -f Makefile.ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) -MAKEFILE= Makefile.ssl -AR= ar r - -BF_ENC= bf_enc.o -# or use -#DES_ENC= bx86-elf.o - -CFLAGS= $(INCLUDES) $(CFLAG) - -GENERAL=Makefile -TEST=bftest.c -APPS= - -LIB=$(TOP)/libcrypto.a -LIBSRC=bf_skey.c bf_ecb.c bf_enc.c bf_cfb64.c bf_ofb64.c -LIBOBJ=bf_skey.o bf_ecb.o $(BF_ENC) bf_cfb64.o bf_ofb64.o - -SRC= $(LIBSRC) - -EXHEADER= blowfish.h -HEADER= bf_pi.h bf_locl.h $(EXHEADER) - -ALL= $(GENERAL) $(SRC) $(HEADER) - -top: - (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) - -all: lib - -lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) || echo Never mind. - @touch lib - -# elf -asm/bx86-elf.o: asm/bx86unix.cpp - $(CPP) -DELF -x c asm/bx86unix.cpp | as -o asm/bx86-elf.o - -# solaris -asm/bx86-sol.o: asm/bx86unix.cpp - $(CC) -E -DSOL asm/bx86unix.cpp | sed 's/^#.*//' > asm/bx86-sol.s - as -o asm/bx86-sol.o asm/bx86-sol.s - rm -f asm/bx86-sol.s - -# a.out -asm/bx86-out.o: asm/bx86unix.cpp - $(CPP) -DOUT asm/bx86unix.cpp | as -o asm/bx86-out.o - -# bsdi -asm/bx86bsdi.o: asm/bx86unix.cpp - $(CPP) -DBSDI asm/bx86unix.cpp | sed 's/ :/:/' | as -o asm/bx86bsdi.o - -asm/bx86unix.cpp: asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) bf-586.pl cpp $(PROCESSOR) >bx86unix.cpp) - -files: - $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO - -links: - @sh $(TOP)/util/point.sh Makefile.ssl Makefile - @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) - @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) - @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) - -install: installs - -installs: - @for i in $(EXHEADER) ; \ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; - -tags: - ctags $(SRC) - -tests: - -lint: - lint -DLINT $(INCLUDES) $(SRC)>fluff - -depend: - $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) - -dclean: - $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new - mv -f Makefile.new $(MAKEFILE) - -clean: - rm -f asm/bx86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff - -# DO NOT DELETE THIS LINE -- make depend depends on it. - -bf_cfb64.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h -bf_cfb64.o: ../../include/openssl/opensslconf.h bf_cfb64.c bf_locl.h -bf_ecb.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h -bf_ecb.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -bf_ecb.o: bf_ecb.c bf_locl.h -bf_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h -bf_enc.o: ../../include/openssl/opensslconf.h bf_enc.c bf_locl.h -bf_ofb64.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h -bf_ofb64.o: ../../include/openssl/opensslconf.h bf_locl.h bf_ofb64.c -bf_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h -bf_skey.o: ../../include/openssl/opensslconf.h bf_locl.h bf_pi.h bf_skey.c diff --git a/src/lib/libcrypto/bf/asm/bf-586.pl b/src/lib/libcrypto/bf/asm/bf-586.pl index b556642c949..1f9b345aeed 100644 --- a/src/lib/libcrypto/bf/asm/bf-586.pl +++ b/src/lib/libcrypto/bf/asm/bf-586.pl @@ -1,6 +1,7 @@ #!/usr/local/bin/perl -push(@INC,"perlasm","../../perlasm"); +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +push(@INC,"${dir}","${dir}../../perlasm"); require "x86asm.pl"; require "cbc.pl"; @@ -18,7 +19,7 @@ &BF_encrypt("BF_encrypt",1); &BF_encrypt("BF_decrypt",0); -&cbc("BF_cbc_encrypt","BF_encrypt","BF_decrypt",1,4,5,3,-1,-1); +&cbc("BF_cbc_encrypt","BF_encrypt","BF_decrypt",1,4,5,3,-1,-1) unless $main'openbsd; &asm_finish(); sub BF_encrypt diff --git a/src/lib/libcrypto/bf/asm/bf-686.pl b/src/lib/libcrypto/bf/asm/bf-686.pl deleted file mode 100644 index 8e4c25f5984..00000000000 --- a/src/lib/libcrypto/bf/asm/bf-686.pl +++ /dev/null @@ -1,127 +0,0 @@ -#!/usr/local/bin/perl - -push(@INC,"perlasm","../../perlasm"); -require "x86asm.pl"; -require "cbc.pl"; - -&asm_init($ARGV[0],"bf-686.pl"); - -$BF_ROUNDS=16; -$BF_OFF=($BF_ROUNDS+2)*4; -$L="ecx"; -$R="edx"; -$P="edi"; -$tot="esi"; -$tmp1="eax"; -$tmp2="ebx"; -$tmp3="ebp"; - -&des_encrypt("BF_encrypt",1); -&des_encrypt("BF_decrypt",0); -&cbc("BF_cbc_encrypt","BF_encrypt","BF_decrypt",1,4,5,3,-1,-1); - -&asm_finish(); - -&file_end(); - -sub des_encrypt - { - local($name,$enc)=@_; - - &function_begin($name,""); - - &comment(""); - &comment("Load the 2 words"); - &mov("eax",&wparam(0)); - &mov($L,&DWP(0,"eax","",0)); - &mov($R,&DWP(4,"eax","",0)); - - &comment(""); - &comment("P pointer, s and enc flag"); - &mov($P,&wparam(1)); - - &xor( $tmp1, $tmp1); - &xor( $tmp2, $tmp2); - - # encrypting part - - if ($enc) - { - &xor($L,&DWP(0,$P,"",0)); - for ($i=0; $i<$BF_ROUNDS; $i+=2) - { - &comment(""); - &comment("Round $i"); - &BF_ENCRYPT($i+1,$R,$L,$P,$tot,$tmp1,$tmp2,$tmp3); - - &comment(""); - &comment("Round ".sprintf("%d",$i+1)); - &BF_ENCRYPT($i+2,$L,$R,$P,$tot,$tmp1,$tmp2,$tmp3); - } - &xor($R,&DWP(($BF_ROUNDS+1)*4,$P,"",0)); - - &mov("eax",&wparam(0)); - &mov(&DWP(0,"eax","",0),$R); - &mov(&DWP(4,"eax","",0),$L); - &function_end_A($name); - } - else - { - &xor($L,&DWP(($BF_ROUNDS+1)*4,$P,"",0)); - for ($i=$BF_ROUNDS; $i>0; $i-=2) - { - &comment(""); - &comment("Round $i"); - &BF_ENCRYPT($i,$R,$L,$P,$tot,$tmp1,$tmp2,$tmp3); - &comment(""); - &comment("Round ".sprintf("%d",$i-1)); - &BF_ENCRYPT($i-1,$L,$R,$P,$tot,$tmp1,$tmp2,$tmp3); - } - &xor($R,&DWP(0,$P,"",0)); - - &mov("eax",&wparam(0)); - &mov(&DWP(0,"eax","",0),$R); - &mov(&DWP(4,"eax","",0),$L); - &function_end_A($name); - } - - &function_end_B($name); - } - -sub BF_ENCRYPT - { - local($i,$L,$R,$P,$tot,$tmp1,$tmp2,$tmp3)=@_; - - &rotr( $R, 16); - &mov( $tot, &DWP(&n2a($i*4),$P,"",0)); - - &movb( &LB($tmp1), &HB($R)); - &movb( &LB($tmp2), &LB($R)); - - &rotr( $R, 16); - &xor( $L, $tot); - - &mov( $tot, &DWP(&n2a($BF_OFF+0x0000),$P,$tmp1,4)); - &mov( $tmp3, &DWP(&n2a($BF_OFF+0x0400),$P,$tmp2,4)); - - &movb( &LB($tmp1), &HB($R)); - &movb( &LB($tmp2), &LB($R)); - - &add( $tot, $tmp3); - &mov( $tmp1, &DWP(&n2a($BF_OFF+0x0800),$P,$tmp1,4)); # delay - - &xor( $tot, $tmp1); - &mov( $tmp3, &DWP(&n2a($BF_OFF+0x0C00),$P,$tmp2,4)); - - &add( $tot, $tmp3); - &xor( $tmp1, $tmp1); - - &xor( $L, $tot); - # delay - } - -sub n2a - { - sprintf("%d",$_[0]); - } - diff --git a/src/lib/libcrypto/bf/asm/readme b/src/lib/libcrypto/bf/asm/readme deleted file mode 100644 index 2385fa3812c..00000000000 --- a/src/lib/libcrypto/bf/asm/readme +++ /dev/null @@ -1,10 +0,0 @@ -There are blowfish assembler generation scripts. -bf-586.pl version is for the pentium and -bf-686.pl is my original version, which is faster on the pentium pro. - -When using a bf-586.pl, the pentium pro/II is %8 slower than using -bf-686.pl. When using a bf-686.pl, the pentium is %16 slower -than bf-586.pl - -So the default is bf-586.pl - diff --git a/src/lib/libcrypto/bf/bf_cbc.c b/src/lib/libcrypto/bf/bf_cbc.c index f949629dc67..6f45f9ae4c3 100644 --- a/src/lib/libcrypto/bf/bf_cbc.c +++ b/src/lib/libcrypto/bf/bf_cbc.c @@ -1,4 +1,4 @@ -/* crypto/bf/bf_cbc.c */ +/* $OpenBSD: bf_cbc.c,v 1.5 2014/10/28 07:35:58 jsg Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -62,9 +62,9 @@ void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, const BF_KEY *schedule, unsigned char *ivec, int encrypt) { - register BF_LONG tin0,tin1; - register BF_LONG tout0,tout1,xor0,xor1; - register long l=length; + BF_LONG tin0,tin1; + BF_LONG tout0,tout1,xor0,xor1; + long l=length; BF_LONG tin[2]; if (encrypt) diff --git a/src/lib/libcrypto/bf/bf_cfb64.c b/src/lib/libcrypto/bf/bf_cfb64.c index 6451c8d407f..6cc0bb999bd 100644 --- a/src/lib/libcrypto/bf/bf_cfb64.c +++ b/src/lib/libcrypto/bf/bf_cfb64.c @@ -1,4 +1,4 @@ -/* crypto/bf/bf_cfb64.c */ +/* $OpenBSD: bf_cfb64.c,v 1.5 2014/10/28 07:35:58 jsg Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -67,9 +67,9 @@ void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, long length, const BF_KEY *schedule, unsigned char *ivec, int *num, int encrypt) { - register BF_LONG v0,v1,t; - register int n= *num; - register long l=length; + BF_LONG v0,v1,t; + int n= *num; + long l=length; BF_LONG ti[2]; unsigned char *iv,c,cc; diff --git a/src/lib/libcrypto/bf/bf_ecb.c b/src/lib/libcrypto/bf/bf_ecb.c index 341991636f4..305bd78260b 100644 --- a/src/lib/libcrypto/bf/bf_ecb.c +++ b/src/lib/libcrypto/bf/bf_ecb.c @@ -1,4 +1,4 @@ -/* crypto/bf/bf_ecb.c */ +/* $OpenBSD: bf_ecb.c,v 1.6 2014/07/09 11:10:50 bcook Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -65,8 +65,6 @@ * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993) */ -const char *BF_version="Blowfish" OPENSSL_VERSION_PTEXT; - const char *BF_options(void) { #ifdef BF_PTR diff --git a/src/lib/libcrypto/bf/bf_enc.c b/src/lib/libcrypto/bf/bf_enc.c index b380acf9594..2cf1c860630 100644 --- a/src/lib/libcrypto/bf/bf_enc.c +++ b/src/lib/libcrypto/bf/bf_enc.c @@ -1,4 +1,4 @@ -/* crypto/bf/bf_enc.c */ +/* $OpenBSD: bf_enc.c,v 1.6 2014/10/28 07:35:58 jsg Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -72,8 +72,8 @@ to modify the code. void BF_encrypt(BF_LONG *data, const BF_KEY *key) { #ifndef BF_PTR2 - register BF_LONG l,r; - const register BF_LONG *p,*s; + BF_LONG l,r; + const BF_LONG *p,*s; p=key->P; s= &(key->S[0]); @@ -108,7 +108,7 @@ void BF_encrypt(BF_LONG *data, const BF_KEY *key) data[1]=l&0xffffffffL; data[0]=r&0xffffffffL; #else - register BF_LONG l,r,t,*k; + BF_LONG l,r,t,*k; l=data[0]; r=data[1]; @@ -149,8 +149,8 @@ void BF_encrypt(BF_LONG *data, const BF_KEY *key) void BF_decrypt(BF_LONG *data, const BF_KEY *key) { #ifndef BF_PTR2 - register BF_LONG l,r; - const register BF_LONG *p,*s; + BF_LONG l,r; + const BF_LONG *p,*s; p=key->P; s= &(key->S[0]); @@ -185,7 +185,7 @@ void BF_decrypt(BF_LONG *data, const BF_KEY *key) data[1]=l&0xffffffffL; data[0]=r&0xffffffffL; #else - register BF_LONG l,r,t,*k; + BF_LONG l,r,t,*k; l=data[0]; r=data[1]; @@ -224,9 +224,9 @@ void BF_decrypt(BF_LONG *data, const BF_KEY *key) void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, const BF_KEY *schedule, unsigned char *ivec, int encrypt) { - register BF_LONG tin0,tin1; - register BF_LONG tout0,tout1,xor0,xor1; - register long l=length; + BF_LONG tin0,tin1; + BF_LONG tout0,tout1,xor0,xor1; + long l=length; BF_LONG tin[2]; if (encrypt) diff --git a/src/lib/libcrypto/bf/bf_locl.h b/src/lib/libcrypto/bf/bf_locl.h index cc7c3ec9922..0b663622d82 100644 --- a/src/lib/libcrypto/bf/bf_locl.h +++ b/src/lib/libcrypto/bf/bf_locl.h @@ -1,4 +1,4 @@ -/* crypto/bf/bf_locl.h */ +/* $OpenBSD: bf_locl.h,v 1.3 2014/06/12 15:49:28 deraadt Exp $ */ /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) * All rights reserved. * diff --git a/src/lib/libcrypto/bf/bf_ofb64.c b/src/lib/libcrypto/bf/bf_ofb64.c index f2a9ff6e417..9e33162aab3 100644 --- a/src/lib/libcrypto/bf/bf_ofb64.c +++ b/src/lib/libcrypto/bf/bf_ofb64.c @@ -1,4 +1,4 @@ -/* crypto/bf/bf_ofb64.c */ +/* $OpenBSD: bf_ofb64.c,v 1.5 2014/10/28 07:35:58 jsg Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -66,11 +66,11 @@ void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, long length, const BF_KEY *schedule, unsigned char *ivec, int *num) { - register BF_LONG v0,v1,t; - register int n= *num; - register long l=length; + BF_LONG v0,v1,t; + int n= *num; + long l=length; unsigned char d[8]; - register char *dp; + char *dp; BF_LONG ti[2]; unsigned char *iv; int save=0; diff --git a/src/lib/libcrypto/bf/bf_opts.c b/src/lib/libcrypto/bf/bf_opts.c deleted file mode 100644 index 171dada2cab..00000000000 --- a/src/lib/libcrypto/bf/bf_opts.c +++ /dev/null @@ -1,328 +0,0 @@ -/* crypto/bf/bf_opts.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -/* define PART1, PART2, PART3 or PART4 to build only with a few of the options. - * This is for machines with 64k code segment size restrictions. */ - -#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX) -#define TIMES -#endif - -#include - -#include -#include OPENSSL_UNISTD_IO -OPENSSL_DECLARE_EXIT - -#include -#ifndef _IRIX -#include -#endif -#ifdef TIMES -#include -#include -#endif - -/* Depending on the VMS version, the tms structure is perhaps defined. - The __TMS macro will show if it was. If it wasn't defined, we should - undefine TIMES, since that tells the rest of the program how things - should be handled. -- Richard Levitte */ -#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS) -#undef TIMES -#endif - -#ifndef TIMES -#include -#endif - -#if defined(sun) || defined(__ultrix) -#define _POSIX_SOURCE -#include -#include -#endif - -#include - -#define BF_DEFAULT_OPTIONS - -#undef BF_ENC -#define BF_encrypt BF_encrypt_normal -#undef HEADER_BF_LOCL_H -#include "bf_enc.c" - -#define BF_PTR -#undef BF_PTR2 -#undef BF_ENC -#undef BF_encrypt -#define BF_encrypt BF_encrypt_ptr -#undef HEADER_BF_LOCL_H -#include "bf_enc.c" - -#undef BF_PTR -#define BF_PTR2 -#undef BF_ENC -#undef BF_encrypt -#define BF_encrypt BF_encrypt_ptr2 -#undef HEADER_BF_LOCL_H -#include "bf_enc.c" - -/* The following if from times(3) man page. It may need to be changed */ -#ifndef HZ -# ifndef CLK_TCK -# ifndef _BSD_CLK_TCK_ /* FreeBSD fix */ -# define HZ 100.0 -# else /* _BSD_CLK_TCK_ */ -# define HZ ((double)_BSD_CLK_TCK_) -# endif -# else /* CLK_TCK */ -# define HZ ((double)CLK_TCK) -# endif -#endif - -#define BUFSIZE ((long)1024) -long run=0; - -double Time_F(int s); -#ifdef SIGALRM -#if defined(__STDC__) || defined(sgi) -#define SIGRETTYPE void -#else -#define SIGRETTYPE int -#endif - -SIGRETTYPE sig_done(int sig); -SIGRETTYPE sig_done(int sig) - { - signal(SIGALRM,sig_done); - run=0; -#ifdef LINT - sig=sig; -#endif - } -#endif - -#define START 0 -#define STOP 1 - -double Time_F(int s) - { - double ret; -#ifdef TIMES - static struct tms tstart,tend; - - if (s == START) - { - times(&tstart); - return(0); - } - else - { - times(&tend); - ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ; - return((ret == 0.0)?1e-6:ret); - } -#else /* !times() */ - static struct timeb tstart,tend; - long i; - - if (s == START) - { - ftime(&tstart); - return(0); - } - else - { - ftime(&tend); - i=(long)tend.millitm-(long)tstart.millitm; - ret=((double)(tend.time-tstart.time))+((double)i)/1000.0; - return((ret == 0.0)?1e-6:ret); - } -#endif - } - -#ifdef SIGALRM -#define print_name(name) fprintf(stderr,"Doing %s's for 10 seconds\n",name); alarm(10); -#else -#define print_name(name) fprintf(stderr,"Doing %s %ld times\n",name,cb); -#endif - -#define time_it(func,name,index) \ - print_name(name); \ - Time_F(START); \ - for (count=0,run=1; COND(cb); count+=4) \ - { \ - unsigned long d[2]; \ - func(d,&sch); \ - func(d,&sch); \ - func(d,&sch); \ - func(d,&sch); \ - } \ - tm[index]=Time_F(STOP); \ - fprintf(stderr,"%ld %s's in %.2f second\n",count,name,tm[index]); \ - tm[index]=((double)COUNT(cb))/tm[index]; - -#define print_it(name,index) \ - fprintf(stderr,"%s bytes per sec = %12.2f (%5.1fuS)\n",name, \ - tm[index]*8,1.0e6/tm[index]); - -int main(int argc, char **argv) - { - long count; - static unsigned char buf[BUFSIZE]; - static char key[16]={ 0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0, - 0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0}; - BF_KEY sch; - double d,tm[16],max=0; - int rank[16]; - char *str[16]; - int max_idx=0,i,num=0,j; -#ifndef SIGALARM - long ca,cb,cc,cd,ce; -#endif - - for (i=0; i<12; i++) - { - tm[i]=0.0; - rank[i]=0; - } - -#ifndef TIMES - fprintf(stderr,"To get the most accurate results, try to run this\n"); - fprintf(stderr,"program when this computer is idle.\n"); -#endif - - BF_set_key(&sch,16,key); - -#ifndef SIGALRM - fprintf(stderr,"First we calculate the approximate speed ...\n"); - count=10; - do { - long i; - unsigned long data[2]; - - count*=2; - Time_F(START); - for (i=count; i; i--) - BF_encrypt(data,&sch); - d=Time_F(STOP); - } while (d < 3.0); - ca=count; - cb=count*3; - cc=count*3*8/BUFSIZE+1; - cd=count*8/BUFSIZE+1; - - ce=count/20+1; -#define COND(d) (count != (d)) -#define COUNT(d) (d) -#else -#define COND(c) (run) -#define COUNT(d) (count) - signal(SIGALRM,sig_done); - alarm(10); -#endif - - time_it(BF_encrypt_normal, "BF_encrypt_normal ", 0); - time_it(BF_encrypt_ptr, "BF_encrypt_ptr ", 1); - time_it(BF_encrypt_ptr2, "BF_encrypt_ptr2 ", 2); - num+=3; - - str[0]=""; - print_it("BF_encrypt_normal ",0); - max=tm[0]; - max_idx=0; - str[1]="ptr "; - print_it("BF_encrypt_ptr ",1); - if (max < tm[1]) { max=tm[1]; max_idx=1; } - str[2]="ptr2 "; - print_it("BF_encrypt_ptr2 ",2); - if (max < tm[2]) { max=tm[2]; max_idx=2; } - - printf("options BF ecb/s\n"); - printf("%s %12.2f 100.0%%\n",str[max_idx],tm[max_idx]); - d=tm[max_idx]; - tm[max_idx]= -2.0; - max= -1.0; - for (;;) - { - for (i=0; i<3; i++) - { - if (max < tm[i]) { max=tm[i]; j=i; } - } - if (max < 0.0) break; - printf("%s %12.2f %4.1f%%\n",str[j],tm[j],tm[j]/d*100.0); - tm[j]= -2.0; - max= -1.0; - } - - switch (max_idx) - { - case 0: - printf("-DBF_DEFAULT_OPTIONS\n"); - break; - case 1: - printf("-DBF_PTR\n"); - break; - case 2: - printf("-DBF_PTR2\n"); - break; - } - exit(0); -#if defined(LINT) || defined(OPENSSL_SYS_MSDOS) - return(0); -#endif - } diff --git a/src/lib/libcrypto/bf/bf_pi.h b/src/lib/libcrypto/bf/bf_pi.h index 9949513c682..ce4843a6b2a 100644 --- a/src/lib/libcrypto/bf/bf_pi.h +++ b/src/lib/libcrypto/bf/bf_pi.h @@ -1,4 +1,4 @@ -/* crypto/bf/bf_pi.h */ +/* $OpenBSD: bf_pi.h,v 1.4 2016/12/21 15:49:29 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -56,6 +56,8 @@ * [including the GNU Public Licence.] */ +__BEGIN_HIDDEN_DECLS + static const BF_KEY bf_init= { { 0x243f6a88L, 0x85a308d3L, 0x13198a2eL, 0x03707344L, @@ -323,3 +325,4 @@ static const BF_KEY bf_init= { } }; +__END_HIDDEN_DECLS diff --git a/src/lib/libcrypto/bf/bf_skey.c b/src/lib/libcrypto/bf/bf_skey.c index 3673cdee6e2..8191d17d8e3 100644 --- a/src/lib/libcrypto/bf/bf_skey.c +++ b/src/lib/libcrypto/bf/bf_skey.c @@ -1,4 +1,4 @@ -/* crypto/bf/bf_skey.c */ +/* $OpenBSD: bf_skey.c,v 1.12 2014/06/12 15:49:28 deraadt Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -58,6 +58,7 @@ #include #include +#include #include #include "bf_locl.h" #include "bf_pi.h" diff --git a/src/lib/libcrypto/bf/bfs.cpp b/src/lib/libcrypto/bf/bfs.cpp deleted file mode 100644 index d74c4577607..00000000000 --- a/src/lib/libcrypto/bf/bfs.cpp +++ /dev/null @@ -1,67 +0,0 @@ -// -// gettsc.inl -// -// gives access to the Pentium's (secret) cycle counter -// -// This software was written by Leonard Janke (janke@unixg.ubc.ca) -// in 1996-7 and is entered, by him, into the public domain. - -#if defined(__WATCOMC__) -void GetTSC(unsigned long&); -#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax]; -#elif defined(__GNUC__) -inline -void GetTSC(unsigned long& tsc) -{ - asm volatile(".byte 15, 49\n\t" - : "=eax" (tsc) - : - : "%edx", "%eax"); -} -#elif defined(_MSC_VER) -inline -void GetTSC(unsigned long& tsc) -{ - unsigned long a; - __asm _emit 0fh - __asm _emit 31h - __asm mov a, eax; - tsc=a; -} -#endif - -#include -#include -#include - -void main(int argc,char *argv[]) - { - BF_KEY key; - unsigned long s1,s2,e1,e2; - unsigned long data[2]; - int i,j; - - for (j=0; j<6; j++) - { - for (i=0; i<1000; i++) /**/ - { - BF_encrypt(&data[0],&key); - GetTSC(s1); - BF_encrypt(&data[0],&key); - BF_encrypt(&data[0],&key); - BF_encrypt(&data[0],&key); - GetTSC(e1); - GetTSC(s2); - BF_encrypt(&data[0],&key); - BF_encrypt(&data[0],&key); - BF_encrypt(&data[0],&key); - BF_encrypt(&data[0],&key); - GetTSC(e2); - BF_encrypt(&data[0],&key); - } - - printf("blowfish %d %d (%d)\n", - e1-s1,e2-s2,((e2-s2)-(e1-s1))); - } - } - diff --git a/src/lib/libcrypto/bf/bfspeed.c b/src/lib/libcrypto/bf/bfspeed.c deleted file mode 100644 index f346af64f30..00000000000 --- a/src/lib/libcrypto/bf/bfspeed.c +++ /dev/null @@ -1,274 +0,0 @@ -/* crypto/bf/bfspeed.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -/* 11-Sep-92 Andrew Daviel Support for Silicon Graphics IRIX added */ -/* 06-Apr-92 Luke Brennan Support for VMS and add extra signal calls */ - -#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX) -#define TIMES -#endif - -#include - -#include -#include OPENSSL_UNISTD_IO -OPENSSL_DECLARE_EXIT - -#include -#ifndef _IRIX -#include -#endif -#ifdef TIMES -#include -#include -#endif - -/* Depending on the VMS version, the tms structure is perhaps defined. - The __TMS macro will show if it was. If it wasn't defined, we should - undefine TIMES, since that tells the rest of the program how things - should be handled. -- Richard Levitte */ -#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS) -#undef TIMES -#endif - -#ifndef TIMES -#include -#endif - -#if defined(sun) || defined(__ultrix) -#define _POSIX_SOURCE -#include -#include -#endif - -#include - -/* The following if from times(3) man page. It may need to be changed */ -#ifndef HZ -#ifndef CLK_TCK -#define HZ 100.0 -#else /* CLK_TCK */ -#define HZ ((double)CLK_TCK) -#endif -#endif - -#define BUFSIZE ((long)1024) -long run=0; - -double Time_F(int s); -#ifdef SIGALRM -#if defined(__STDC__) || defined(sgi) || defined(_AIX) -#define SIGRETTYPE void -#else -#define SIGRETTYPE int -#endif - -SIGRETTYPE sig_done(int sig); -SIGRETTYPE sig_done(int sig) - { - signal(SIGALRM,sig_done); - run=0; -#ifdef LINT - sig=sig; -#endif - } -#endif - -#define START 0 -#define STOP 1 - -double Time_F(int s) - { - double ret; -#ifdef TIMES - static struct tms tstart,tend; - - if (s == START) - { - times(&tstart); - return(0); - } - else - { - times(&tend); - ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ; - return((ret == 0.0)?1e-6:ret); - } -#else /* !times() */ - static struct timeb tstart,tend; - long i; - - if (s == START) - { - ftime(&tstart); - return(0); - } - else - { - ftime(&tend); - i=(long)tend.millitm-(long)tstart.millitm; - ret=((double)(tend.time-tstart.time))+((double)i)/1e3; - return((ret == 0.0)?1e-6:ret); - } -#endif - } - -int main(int argc, char **argv) - { - long count; - static unsigned char buf[BUFSIZE]; - static unsigned char key[] ={ - 0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0, - 0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10, - }; - BF_KEY sch; - double a,b,c,d; -#ifndef SIGALRM - long ca,cb,cc; -#endif - -#ifndef TIMES - printf("To get the most accurate results, try to run this\n"); - printf("program when this computer is idle.\n"); -#endif - -#ifndef SIGALRM - printf("First we calculate the approximate speed ...\n"); - BF_set_key(&sch,16,key); - count=10; - do { - long i; - BF_LONG data[2]; - - count*=2; - Time_F(START); - for (i=count; i; i--) - BF_encrypt(data,&sch); - d=Time_F(STOP); - } while (d < 3.0); - ca=count/512; - cb=count; - cc=count*8/BUFSIZE+1; - printf("Doing BF_set_key %ld times\n",ca); -#define COND(d) (count != (d)) -#define COUNT(d) (d) -#else -#define COND(c) (run) -#define COUNT(d) (count) - signal(SIGALRM,sig_done); - printf("Doing BF_set_key for 10 seconds\n"); - alarm(10); -#endif - - Time_F(START); - for (count=0,run=1; COND(ca); count+=4) - { - BF_set_key(&sch,16,key); - BF_set_key(&sch,16,key); - BF_set_key(&sch,16,key); - BF_set_key(&sch,16,key); - } - d=Time_F(STOP); - printf("%ld BF_set_key's in %.2f seconds\n",count,d); - a=((double)COUNT(ca))/d; - -#ifdef SIGALRM - printf("Doing BF_encrypt's for 10 seconds\n"); - alarm(10); -#else - printf("Doing BF_encrypt %ld times\n",cb); -#endif - Time_F(START); - for (count=0,run=1; COND(cb); count+=4) - { - BF_LONG data[2]; - - BF_encrypt(data,&sch); - BF_encrypt(data,&sch); - BF_encrypt(data,&sch); - BF_encrypt(data,&sch); - } - d=Time_F(STOP); - printf("%ld BF_encrypt's in %.2f second\n",count,d); - b=((double)COUNT(cb)*8)/d; - -#ifdef SIGALRM - printf("Doing BF_cbc_encrypt on %ld byte blocks for 10 seconds\n", - BUFSIZE); - alarm(10); -#else - printf("Doing BF_cbc_encrypt %ld times on %ld byte blocks\n",cc, - BUFSIZE); -#endif - Time_F(START); - for (count=0,run=1; COND(cc); count++) - BF_cbc_encrypt(buf,buf,BUFSIZE,&sch, - &(key[0]),BF_ENCRYPT); - d=Time_F(STOP); - printf("%ld BF_cbc_encrypt's of %ld byte blocks in %.2f second\n", - count,BUFSIZE,d); - c=((double)COUNT(cc)*BUFSIZE)/d; - - printf("Blowfish set_key per sec = %12.3f (%9.3fuS)\n",a,1.0e6/a); - printf("Blowfish raw ecb bytes per sec = %12.3f (%9.3fuS)\n",b,8.0e6/b); - printf("Blowfish cbc bytes per sec = %12.3f (%9.3fuS)\n",c,8.0e6/c); - exit(0); -#if defined(LINT) || defined(OPENSSL_SYS_MSDOS) - return(0); -#endif - } diff --git a/src/lib/libcrypto/bf/bftest.c b/src/lib/libcrypto/bf/bftest.c deleted file mode 100644 index 09895f25424..00000000000 --- a/src/lib/libcrypto/bf/bftest.c +++ /dev/null @@ -1,534 +0,0 @@ -/* crypto/bf/bftest.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -/* This has been a quickly hacked 'ideatest.c'. When I add tests for other - * RC2 modes, more of the code will be uncommented. */ - -#include -#include -#include - -#ifdef OPENSSL_NO_BF -int main(int argc, char *argv[]) -{ - printf("No BF support\n"); - return(0); -} -#else -#include - -#ifdef CHARSET_EBCDIC -#include -#endif - -static char *bf_key[2]={ - "abcdefghijklmnopqrstuvwxyz", - "Who is John Galt?" - }; - -/* big endian */ -static BF_LONG bf_plain[2][2]={ - {0x424c4f57L,0x46495348L}, - {0xfedcba98L,0x76543210L} - }; - -static BF_LONG bf_cipher[2][2]={ - {0x324ed0feL,0xf413a203L}, - {0xcc91732bL,0x8022f684L} - }; -/************/ - -/* Lets use the DES test vectors :-) */ -#define NUM_TESTS 34 -static unsigned char ecb_data[NUM_TESTS][8]={ - {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, - {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}, - {0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, - {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11}, - {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF}, - {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11}, - {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, - {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10}, - {0x7C,0xA1,0x10,0x45,0x4A,0x1A,0x6E,0x57}, - {0x01,0x31,0xD9,0x61,0x9D,0xC1,0x37,0x6E}, - {0x07,0xA1,0x13,0x3E,0x4A,0x0B,0x26,0x86}, - {0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E}, - {0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6}, - {0x01,0x13,0xB9,0x70,0xFD,0x34,0xF2,0xCE}, - {0x01,0x70,0xF1,0x75,0x46,0x8F,0xB5,0xE6}, - {0x43,0x29,0x7F,0xAD,0x38,0xE3,0x73,0xFE}, - {0x07,0xA7,0x13,0x70,0x45,0xDA,0x2A,0x16}, - {0x04,0x68,0x91,0x04,0xC2,0xFD,0x3B,0x2F}, - {0x37,0xD0,0x6B,0xB5,0x16,0xCB,0x75,0x46}, - {0x1F,0x08,0x26,0x0D,0x1A,0xC2,0x46,0x5E}, - {0x58,0x40,0x23,0x64,0x1A,0xBA,0x61,0x76}, - {0x02,0x58,0x16,0x16,0x46,0x29,0xB0,0x07}, - {0x49,0x79,0x3E,0xBC,0x79,0xB3,0x25,0x8F}, - {0x4F,0xB0,0x5E,0x15,0x15,0xAB,0x73,0xA7}, - {0x49,0xE9,0x5D,0x6D,0x4C,0xA2,0x29,0xBF}, - {0x01,0x83,0x10,0xDC,0x40,0x9B,0x26,0xD6}, - {0x1C,0x58,0x7F,0x1C,0x13,0x92,0x4F,0xEF}, - {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01}, - {0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E}, - {0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE}, - {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, - {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}, - {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF}, - {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10}}; - -static unsigned char plain_data[NUM_TESTS][8]={ - {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, - {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}, - {0x10,0x00,0x00,0x00,0x00,0x00,0x00,0x01}, - {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11}, - {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11}, - {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF}, - {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, - {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF}, - {0x01,0xA1,0xD6,0xD0,0x39,0x77,0x67,0x42}, - {0x5C,0xD5,0x4C,0xA8,0x3D,0xEF,0x57,0xDA}, - {0x02,0x48,0xD4,0x38,0x06,0xF6,0x71,0x72}, - {0x51,0x45,0x4B,0x58,0x2D,0xDF,0x44,0x0A}, - {0x42,0xFD,0x44,0x30,0x59,0x57,0x7F,0xA2}, - {0x05,0x9B,0x5E,0x08,0x51,0xCF,0x14,0x3A}, - {0x07,0x56,0xD8,0xE0,0x77,0x47,0x61,0xD2}, - {0x76,0x25,0x14,0xB8,0x29,0xBF,0x48,0x6A}, - {0x3B,0xDD,0x11,0x90,0x49,0x37,0x28,0x02}, - {0x26,0x95,0x5F,0x68,0x35,0xAF,0x60,0x9A}, - {0x16,0x4D,0x5E,0x40,0x4F,0x27,0x52,0x32}, - {0x6B,0x05,0x6E,0x18,0x75,0x9F,0x5C,0xCA}, - {0x00,0x4B,0xD6,0xEF,0x09,0x17,0x60,0x62}, - {0x48,0x0D,0x39,0x00,0x6E,0xE7,0x62,0xF2}, - {0x43,0x75,0x40,0xC8,0x69,0x8F,0x3C,0xFA}, - {0x07,0x2D,0x43,0xA0,0x77,0x07,0x52,0x92}, - {0x02,0xFE,0x55,0x77,0x81,0x17,0xF1,0x2A}, - {0x1D,0x9D,0x5C,0x50,0x18,0xF7,0x28,0xC2}, - {0x30,0x55,0x32,0x28,0x6D,0x6F,0x29,0x5A}, - {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF}, - {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF}, - {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF}, - {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}, - {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, - {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, - {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}}; - -static unsigned char cipher_data[NUM_TESTS][8]={ - {0x4E,0xF9,0x97,0x45,0x61,0x98,0xDD,0x78}, - {0x51,0x86,0x6F,0xD5,0xB8,0x5E,0xCB,0x8A}, - {0x7D,0x85,0x6F,0x9A,0x61,0x30,0x63,0xF2}, - {0x24,0x66,0xDD,0x87,0x8B,0x96,0x3C,0x9D}, - {0x61,0xF9,0xC3,0x80,0x22,0x81,0xB0,0x96}, - {0x7D,0x0C,0xC6,0x30,0xAF,0xDA,0x1E,0xC7}, - {0x4E,0xF9,0x97,0x45,0x61,0x98,0xDD,0x78}, - {0x0A,0xCE,0xAB,0x0F,0xC6,0xA0,0xA2,0x8D}, - {0x59,0xC6,0x82,0x45,0xEB,0x05,0x28,0x2B}, - {0xB1,0xB8,0xCC,0x0B,0x25,0x0F,0x09,0xA0}, - {0x17,0x30,0xE5,0x77,0x8B,0xEA,0x1D,0xA4}, - {0xA2,0x5E,0x78,0x56,0xCF,0x26,0x51,0xEB}, - {0x35,0x38,0x82,0xB1,0x09,0xCE,0x8F,0x1A}, - {0x48,0xF4,0xD0,0x88,0x4C,0x37,0x99,0x18}, - {0x43,0x21,0x93,0xB7,0x89,0x51,0xFC,0x98}, - {0x13,0xF0,0x41,0x54,0xD6,0x9D,0x1A,0xE5}, - {0x2E,0xED,0xDA,0x93,0xFF,0xD3,0x9C,0x79}, - {0xD8,0x87,0xE0,0x39,0x3C,0x2D,0xA6,0xE3}, - {0x5F,0x99,0xD0,0x4F,0x5B,0x16,0x39,0x69}, - {0x4A,0x05,0x7A,0x3B,0x24,0xD3,0x97,0x7B}, - {0x45,0x20,0x31,0xC1,0xE4,0xFA,0xDA,0x8E}, - {0x75,0x55,0xAE,0x39,0xF5,0x9B,0x87,0xBD}, - {0x53,0xC5,0x5F,0x9C,0xB4,0x9F,0xC0,0x19}, - {0x7A,0x8E,0x7B,0xFA,0x93,0x7E,0x89,0xA3}, - {0xCF,0x9C,0x5D,0x7A,0x49,0x86,0xAD,0xB5}, - {0xD1,0xAB,0xB2,0x90,0x65,0x8B,0xC7,0x78}, - {0x55,0xCB,0x37,0x74,0xD1,0x3E,0xF2,0x01}, - {0xFA,0x34,0xEC,0x48,0x47,0xB2,0x68,0xB2}, - {0xA7,0x90,0x79,0x51,0x08,0xEA,0x3C,0xAE}, - {0xC3,0x9E,0x07,0x2D,0x9F,0xAC,0x63,0x1D}, - {0x01,0x49,0x33,0xE0,0xCD,0xAF,0xF6,0xE4}, - {0xF2,0x1E,0x9A,0x77,0xB7,0x1C,0x49,0xBC}, - {0x24,0x59,0x46,0x88,0x57,0x54,0x36,0x9A}, - {0x6B,0x5C,0x5A,0x9C,0x5D,0x9E,0x0A,0x5A}, - }; - -static unsigned char cbc_key [16]={ - 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, - 0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87}; -static unsigned char cbc_iv [8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10}; -static char cbc_data[40]="7654321 Now is the time for "; -static unsigned char cbc_ok[32]={ - 0x6B,0x77,0xB4,0xD6,0x30,0x06,0xDE,0xE6, - 0x05,0xB1,0x56,0xE2,0x74,0x03,0x97,0x93, - 0x58,0xDE,0xB9,0xE7,0x15,0x46,0x16,0xD9, - 0x59,0xF1,0x65,0x2B,0xD5,0xFF,0x92,0xCC}; - -static unsigned char cfb64_ok[]={ - 0xE7,0x32,0x14,0xA2,0x82,0x21,0x39,0xCA, - 0xF2,0x6E,0xCF,0x6D,0x2E,0xB9,0xE7,0x6E, - 0x3D,0xA3,0xDE,0x04,0xD1,0x51,0x72,0x00, - 0x51,0x9D,0x57,0xA6,0xC3}; - -static unsigned char ofb64_ok[]={ - 0xE7,0x32,0x14,0xA2,0x82,0x21,0x39,0xCA, - 0x62,0xB3,0x43,0xCC,0x5B,0x65,0x58,0x73, - 0x10,0xDD,0x90,0x8D,0x0C,0x24,0x1B,0x22, - 0x63,0xC2,0xCF,0x80,0xDA}; - -#define KEY_TEST_NUM 25 -static unsigned char key_test[KEY_TEST_NUM]={ - 0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87, - 0x78,0x69,0x5a,0x4b,0x3c,0x2d,0x1e,0x0f, - 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77, - 0x88}; - -static unsigned char key_data[8]= - {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10}; - -static unsigned char key_out[KEY_TEST_NUM][8]={ - {0xF9,0xAD,0x59,0x7C,0x49,0xDB,0x00,0x5E}, - {0xE9,0x1D,0x21,0xC1,0xD9,0x61,0xA6,0xD6}, - {0xE9,0xC2,0xB7,0x0A,0x1B,0xC6,0x5C,0xF3}, - {0xBE,0x1E,0x63,0x94,0x08,0x64,0x0F,0x05}, - {0xB3,0x9E,0x44,0x48,0x1B,0xDB,0x1E,0x6E}, - {0x94,0x57,0xAA,0x83,0xB1,0x92,0x8C,0x0D}, - {0x8B,0xB7,0x70,0x32,0xF9,0x60,0x62,0x9D}, - {0xE8,0x7A,0x24,0x4E,0x2C,0xC8,0x5E,0x82}, - {0x15,0x75,0x0E,0x7A,0x4F,0x4E,0xC5,0x77}, - {0x12,0x2B,0xA7,0x0B,0x3A,0xB6,0x4A,0xE0}, - {0x3A,0x83,0x3C,0x9A,0xFF,0xC5,0x37,0xF6}, - {0x94,0x09,0xDA,0x87,0xA9,0x0F,0x6B,0xF2}, - {0x88,0x4F,0x80,0x62,0x50,0x60,0xB8,0xB4}, - {0x1F,0x85,0x03,0x1C,0x19,0xE1,0x19,0x68}, - {0x79,0xD9,0x37,0x3A,0x71,0x4C,0xA3,0x4F}, - {0x93,0x14,0x28,0x87,0xEE,0x3B,0xE1,0x5C}, - {0x03,0x42,0x9E,0x83,0x8C,0xE2,0xD1,0x4B}, - {0xA4,0x29,0x9E,0x27,0x46,0x9F,0xF6,0x7B}, - {0xAF,0xD5,0xAE,0xD1,0xC1,0xBC,0x96,0xA8}, - {0x10,0x85,0x1C,0x0E,0x38,0x58,0xDA,0x9F}, - {0xE6,0xF5,0x1E,0xD7,0x9B,0x9D,0xB2,0x1F}, - {0x64,0xA6,0xE1,0x4A,0xFD,0x36,0xB4,0x6F}, - {0x80,0xC7,0xD7,0xD4,0x5A,0x54,0x79,0xAD}, - {0x05,0x04,0x4B,0x62,0xFA,0x52,0xD0,0x80}, - }; - -static int test(void ); -static int print_test_data(void ); -int main(int argc, char *argv[]) - { - int ret; - - if (argc > 1) - ret=print_test_data(); - else - ret=test(); - - exit(ret); - return(0); - } - -static int print_test_data(void) - { - unsigned int i,j; - - printf("ecb test data\n"); - printf("key bytes\t\tclear bytes\t\tcipher bytes\n"); - for (i=0; i +#include #ifdef __cplusplus extern "C" { @@ -79,21 +79,7 @@ extern "C" { * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! */ -#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__) -#define BF_LONG unsigned long -#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) -#define BF_LONG unsigned long -#define BF_LONG_LOG2 3 -/* - * _CRAY note. I could declare short, but I have no idea what impact - * does it have on performance on none-T3E machines. I could declare - * int, but at least on C90 sizeof(int) can be chosen at compile time. - * So I've chosen long... - * - */ -#else #define BF_LONG unsigned int -#endif #define BF_ROUNDS 16 #define BF_BLOCK 8 @@ -104,7 +90,6 @@ typedef struct bf_key_st BF_LONG S[4*256]; } BF_KEY; - void BF_set_key(BF_KEY *key, int len, const unsigned char *data); void BF_encrypt(BF_LONG *data,const BF_KEY *key); diff --git a/src/lib/libcrypto/bio/Makefile.ssl b/src/lib/libcrypto/bio/Makefile.ssl deleted file mode 100644 index e8826ae2927..00000000000 --- a/src/lib/libcrypto/bio/Makefile.ssl +++ /dev/null @@ -1,216 +0,0 @@ -# -# SSLeay/crypto/bio/Makefile -# - -DIR= bio -TOP= ../.. -CC= cc -INCLUDES= -I.. -I$(TOP) -I../../include -CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKE= make -f Makefile.ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) -MAKEFILE= Makefile.ssl -AR= ar r - -CFLAGS= $(INCLUDES) $(CFLAG) - -GENERAL=Makefile -TEST= -APPS= - -LIB=$(TOP)/libcrypto.a -LIBSRC= bio_lib.c bio_cb.c bio_err.c \ - bss_mem.c bss_null.c bss_fd.c \ - bss_file.c bss_sock.c bss_conn.c \ - bf_null.c bf_buff.c b_print.c b_dump.c \ - b_sock.c bss_acpt.c bf_nbio.c bss_log.c bss_bio.c -# bf_lbuf.c -LIBOBJ= bio_lib.o bio_cb.o bio_err.o \ - bss_mem.o bss_null.o bss_fd.o \ - bss_file.o bss_sock.o bss_conn.o \ - bf_null.o bf_buff.o b_print.o b_dump.o \ - b_sock.o bss_acpt.o bf_nbio.o bss_log.o bss_bio.o -# bf_lbuf.o - -SRC= $(LIBSRC) - -EXHEADER= bio.h -HEADER= bss_file.c $(EXHEADER) - -ALL= $(GENERAL) $(SRC) $(HEADER) - -top: - (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) - -all: lib - -lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) || echo Never mind. - @touch lib - -files: - $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO - -links: - @sh $(TOP)/util/point.sh Makefile.ssl Makefile - @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) - @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) - @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) - -install: - @for i in $(EXHEADER); \ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; - -tags: - ctags $(SRC) - -tests: - -lint: - lint -DLINT $(INCLUDES) $(SRC)>fluff - -depend: - $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) - -dclean: - $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new - mv -f Makefile.new $(MAKEFILE) - -clean: - rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff - -# DO NOT DELETE THIS LINE -- make depend depends on it. - -b_dump.o: ../../e_os.h ../../include/openssl/bio.h -b_dump.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -b_dump.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -b_dump.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -b_dump.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -b_dump.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -b_dump.o: ../cryptlib.h b_dump.c -b_print.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h -b_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -b_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -b_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -b_print.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -b_print.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -b_print.o: ../cryptlib.h b_print.c -b_sock.o: ../../e_os.h ../../include/openssl/bio.h -b_sock.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -b_sock.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -b_sock.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -b_sock.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -b_sock.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -b_sock.o: ../cryptlib.h b_sock.c -bf_buff.o: ../../e_os.h ../../include/openssl/bio.h -bf_buff.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bf_buff.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bf_buff.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bf_buff.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bf_buff.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bf_buff.o: ../cryptlib.h bf_buff.c -bf_nbio.o: ../../e_os.h ../../include/openssl/bio.h -bf_nbio.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bf_nbio.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bf_nbio.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bf_nbio.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -bf_nbio.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -bf_nbio.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bf_nbio.o: ../cryptlib.h bf_nbio.c -bf_null.o: ../../e_os.h ../../include/openssl/bio.h -bf_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bf_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bf_null.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bf_null.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bf_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bf_null.o: ../cryptlib.h bf_null.c -bio_cb.o: ../../e_os.h ../../include/openssl/bio.h -bio_cb.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bio_cb.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bio_cb.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bio_cb.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bio_cb.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bio_cb.o: ../cryptlib.h bio_cb.c -bio_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h -bio_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bio_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bio_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bio_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bio_err.o: bio_err.c -bio_lib.o: ../../e_os.h ../../include/openssl/bio.h -bio_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bio_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bio_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bio_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bio_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bio_lib.o: ../cryptlib.h bio_lib.c -bss_acpt.o: ../../e_os.h ../../include/openssl/bio.h -bss_acpt.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bss_acpt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bss_acpt.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bss_acpt.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bss_acpt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bss_acpt.o: ../cryptlib.h bss_acpt.c -bss_bio.o: ../../e_os.h ../../include/openssl/bio.h -bss_bio.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -bss_bio.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -bss_bio.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -bss_bio.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bss_bio.o: ../../include/openssl/symhacks.h bss_bio.c -bss_conn.o: ../../e_os.h ../../include/openssl/bio.h -bss_conn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bss_conn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bss_conn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bss_conn.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bss_conn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bss_conn.o: ../cryptlib.h bss_conn.c -bss_fd.o: ../../e_os.h ../../include/openssl/bio.h -bss_fd.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bss_fd.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bss_fd.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bss_fd.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bss_fd.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bss_fd.o: ../cryptlib.h bss_fd.c -bss_file.o: ../../e_os.h ../../include/openssl/bio.h -bss_file.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bss_file.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bss_file.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bss_file.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bss_file.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bss_file.o: ../cryptlib.h bss_file.c -bss_log.o: ../../e_os.h ../../include/openssl/bio.h -bss_log.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bss_log.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bss_log.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bss_log.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bss_log.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bss_log.o: ../cryptlib.h bss_log.c -bss_mem.o: ../../e_os.h ../../include/openssl/bio.h -bss_mem.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bss_mem.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bss_mem.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bss_mem.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bss_mem.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bss_mem.o: ../cryptlib.h bss_mem.c -bss_null.o: ../../e_os.h ../../include/openssl/bio.h -bss_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bss_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bss_null.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bss_null.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bss_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bss_null.o: ../cryptlib.h bss_null.c -bss_sock.o: ../../e_os.h ../../include/openssl/bio.h -bss_sock.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bss_sock.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bss_sock.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bss_sock.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bss_sock.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bss_sock.o: ../cryptlib.h bss_sock.c diff --git a/src/lib/libcrypto/bio/b_dump.c b/src/lib/libcrypto/bio/b_dump.c index 8397cfab6a2..0214addc8be 100644 --- a/src/lib/libcrypto/bio/b_dump.c +++ b/src/lib/libcrypto/bio/b_dump.c @@ -1,25 +1,25 @@ -/* crypto/bio/b_dump.c */ +/* $OpenBSD: b_dump.c,v 1.21 2015/04/23 06:11:19 deraadt Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,104 +49,134 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ -/* +/* * Stolen from tjh's ssl/ssl_trc.c stuff. */ #include -#include "cryptlib.h" +#include + #include #define TRUNCATE #define DUMP_WIDTH 16 -#define DUMP_WIDTH_LESS_INDENT(i) (DUMP_WIDTH-((i-(i>6?6:i)+3)/4)) +#define DUMP_WIDTH_LESS_INDENT(i) (DUMP_WIDTH - ((i - (i > 6 ? 6 : i) + 3) / 4)) -int BIO_dump(BIO *bio, const char *s, int len) - { - return BIO_dump_indent(bio, s, len, 0); - } +int +BIO_dump_cb(int (*cb)(const void *data, size_t len, void *u), + void *u, const char *s, int len) +{ + return BIO_dump_indent_cb(cb, u, s, len, 0); +} -int BIO_dump_indent(BIO *bio, const char *s, int len, int indent) - { - int ret=0; - char buf[288+1],tmp[20],str[128+1]; - int i,j,rows,trunc; +int +BIO_dump_indent_cb(int (*cb)(const void *data, size_t len, void *u), + void *u, const char *s, int len, int indent) +{ + int ret = 0; + char buf[288 + 1], tmp[20], str[128 + 1]; + int i, j, rows, trc; unsigned char ch; int dump_width; - - trunc=0; - + + trc = 0; + #ifdef TRUNCATE - for(; (len > 0) && ((s[len-1] == ' ') || (s[len-1] == '\0')); len--) - trunc++; + for (; (len > 0) && ((s[len - 1] == ' ') || (s[len - 1] == '\0')); len--) + trc++; #endif if (indent < 0) indent = 0; - if (indent) - { - if (indent > 128) indent=128; - memset(str,' ',indent); - } - str[indent]='\0'; - - dump_width=DUMP_WIDTH_LESS_INDENT(indent); - rows=(len/dump_width); - if ((rows*dump_width) 128) + indent = 128; + memset(str, ' ', indent); + } + str[indent] = '\0'; + + dump_width = DUMP_WIDTH_LESS_INDENT(indent); + rows = (len / dump_width); + if ((rows * dump_width) < len) rows++; - for(i=0;i=len) - { - strcat(buf," "); - } - else - { - ch=((unsigned char)*(s+i*dump_width+j)) & 0xff; - sprintf(tmp,"%02x%c",ch,j==7?'-':' '); - strcat(buf,tmp); - } + for (i = 0; i < rows; i++) { + strlcpy(buf, str, sizeof buf); + snprintf(tmp, sizeof tmp, "%04x - ", i*dump_width); + strlcat(buf, tmp, sizeof buf); + for (j = 0; j < dump_width; j++) { + if (((i*dump_width) + j) >= len) { + strlcat(buf, " ", sizeof buf); + } else { + ch = ((unsigned char)*(s + i*dump_width + j)) & 0xff; + snprintf(tmp, sizeof tmp, "%02x%c", ch, + j == 7 ? '-' : ' '); + strlcat(buf, tmp, sizeof buf); } - strcat(buf," "); - for(j=0;j=len) + } + strlcat(buf, " ", sizeof buf); + for (j = 0; j < dump_width; j++) { + if (((i*dump_width) + j) >= len) break; - ch=((unsigned char)*(s+i*dump_width+j)) & 0xff; -#ifndef CHARSET_EBCDIC - sprintf(tmp,"%c",((ch>=' ')&&(ch<='~'))?ch:'.'); -#else - sprintf(tmp,"%c",((ch>=os_toascii[' '])&&(ch<=os_toascii['~'])) - ? os_toebcdic[ch] - : '.'); -#endif - strcat(buf,tmp); - } - strcat(buf,"\n"); - /* if this is the last call then update the ddt_dump thing so that - * we will move the selection point in the debug window - */ - ret+=BIO_write(bio,(char *)buf,strlen(buf)); + ch = ((unsigned char)*(s + i * dump_width + j)) & 0xff; + snprintf(tmp, sizeof tmp, "%c", + ((ch >= ' ') && (ch <= '~')) ? ch : '.'); + strlcat(buf, tmp, sizeof buf); } + strlcat(buf, "\n", sizeof buf); + /* if this is the last call then update the ddt_dump thing so + * that we will move the selection point in the debug window + */ + ret += cb((void *)buf, strlen(buf), u); + } #ifdef TRUNCATE - if (trunc > 0) - { - sprintf(buf,"%s%04x - \n",str,len+trunc); - ret+=BIO_write(bio,(char *)buf,strlen(buf)); - } -#endif - return(ret); + if (trc > 0) { + snprintf(buf, sizeof buf, "%s%04x - \n", + str, len + trc); + ret += cb((void *)buf, strlen(buf), u); } +#endif + return (ret); +} + +static int +write_fp(const void *data, size_t len, void *fp) +{ + return fwrite(data, 1, len, fp); +} + +int +BIO_dump_fp(FILE *fp, const char *s, int len) +{ + return BIO_dump_cb(write_fp, fp, s, len); +} + +int +BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent) +{ + return BIO_dump_indent_cb(write_fp, fp, s, len, indent); +} + +static int +write_bio(const void *data, size_t len, void *bp) +{ + return BIO_write((BIO *)bp, (const char *)data, len); +} + +int +BIO_dump(BIO *bp, const char *s, int len) +{ + return BIO_dump_cb(write_bio, bp, s, len); +} + +int +BIO_dump_indent(BIO *bp, const char *s, int len, int indent) +{ + return BIO_dump_indent_cb(write_bio, bp, s, len, indent); +} diff --git a/src/lib/libcrypto/bio/b_posix.c b/src/lib/libcrypto/bio/b_posix.c new file mode 100644 index 00000000000..aed51bd7170 --- /dev/null +++ b/src/lib/libcrypto/bio/b_posix.c @@ -0,0 +1,90 @@ +/* $OpenBSD: b_posix.c,v 1.2 2018/03/17 16:20:01 beck Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +/* + * Functions that need to be overridden by non-POSIX operating systems. + */ + +#include +#include + +#include + +int +BIO_sock_init(void) +{ + if (!OPENSSL_init_crypto(0, NULL)) /* XXX do we need this? */ + return (0); + return (1); +} + +void +BIO_sock_cleanup(void) +{ +} + +int +BIO_socket_nbio(int s, int mode) +{ + int flags = fcntl(s, F_GETFD); + if (mode && !(flags & O_NONBLOCK)) + return (fcntl(s, F_SETFL, flags | O_NONBLOCK) != -1); + else if (!mode && (flags & O_NONBLOCK)) + return (fcntl(s, F_SETFL, flags & ~O_NONBLOCK) != -1); + return (1); +} diff --git a/src/lib/libcrypto/bio/b_print.c b/src/lib/libcrypto/bio/b_print.c index 3ce12907728..09747767dde 100644 --- a/src/lib/libcrypto/bio/b_print.c +++ b/src/lib/libcrypto/bio/b_print.c @@ -1,829 +1,109 @@ -/* crypto/bio/b_print.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -/* disable assert() unless BIO_DEBUG has been defined */ -#ifndef BIO_DEBUG -# ifndef NDEBUG -# define NDEBUG -# endif -#endif +/* $OpenBSD: b_print.c,v 1.25 2014/06/12 15:49:28 deraadt Exp $ */ -/* - * Stolen from tjh's ssl/ssl_trc.c stuff. - */ +/* Theo de Raadt places this file in the public domain. */ -#include -#include -#include -#include -#include -#include "cryptlib.h" -#ifndef NO_SYS_TYPES_H -#include -#endif -#include /* To get BN_LLONG properly defined */ #include -#ifdef BN_LLONG -# ifndef HAVE_LONG_LONG -# define HAVE_LONG_LONG 1 -# endif -#endif - -/***************************************************************************/ - -/* - * Copyright Patrick Powell 1995 - * This code is based on code written by Patrick Powell - * It may be used for any purpose as long as this notice remains intact - * on all source code distributions. - */ - -/* - * This code contains numerious changes and enhancements which were - * made by lots of contributors over the last years to Patrick Powell's - * original code: - * - * o Patrick Powell (1995) - * o Brandon Long (1996, for Mutt) - * o Thomas Roessler (1998, for Mutt) - * o Michael Elkins (1998, for Mutt) - * o Andrew Tridgell (1998, for Samba) - * o Luke Mewburn (1999, for LukemFTP) - * o Ralf S. Engelschall (1999, for Pth) - * o ... (for OpenSSL) - */ - -#if HAVE_LONG_DOUBLE -#define LDOUBLE long double -#else -#define LDOUBLE double -#endif - -#if HAVE_LONG_LONG -# if defined(OPENSSL_SYS_WIN32) && !defined(__GNUC__) -# define LLONG _int64 -# else -# define LLONG long long -# endif -#else -#define LLONG long -#endif - -static void fmtstr (char **, char **, size_t *, size_t *, - const char *, int, int, int); -static void fmtint (char **, char **, size_t *, size_t *, - LLONG, int, int, int, int); -static void fmtfp (char **, char **, size_t *, size_t *, - LDOUBLE, int, int, int); -static void doapr_outch (char **, char **, size_t *, size_t *, int); -static void _dopr(char **sbuffer, char **buffer, - size_t *maxlen, size_t *retlen, int *truncated, - const char *format, va_list args); - -/* format read states */ -#define DP_S_DEFAULT 0 -#define DP_S_FLAGS 1 -#define DP_S_MIN 2 -#define DP_S_DOT 3 -#define DP_S_MAX 4 -#define DP_S_MOD 5 -#define DP_S_CONV 6 -#define DP_S_DONE 7 - -/* format flags - Bits */ -#define DP_F_MINUS (1 << 0) -#define DP_F_PLUS (1 << 1) -#define DP_F_SPACE (1 << 2) -#define DP_F_NUM (1 << 3) -#define DP_F_ZERO (1 << 4) -#define DP_F_UP (1 << 5) -#define DP_F_UNSIGNED (1 << 6) - -/* conversion flags */ -#define DP_C_SHORT 1 -#define DP_C_LONG 2 -#define DP_C_LDOUBLE 3 -#define DP_C_LLONG 4 - -/* some handy macros */ -#define char_to_int(p) (p - '0') -#define OSSL_MAX(p,q) ((p >= q) ? p : q) - -static void -_dopr( - char **sbuffer, - char **buffer, - size_t *maxlen, - size_t *retlen, - int *truncated, - const char *format, - va_list args) -{ - char ch; - LLONG value; - LDOUBLE fvalue; - char *strvalue; - int min; - int max; - int state; - int flags; - int cflags; - size_t currlen; - - state = DP_S_DEFAULT; - flags = currlen = cflags = min = 0; - max = -1; - ch = *format++; - - while (state != DP_S_DONE) { - if (ch == '\0' || (buffer == NULL && currlen >= *maxlen)) - state = DP_S_DONE; - - switch (state) { - case DP_S_DEFAULT: - if (ch == '%') - state = DP_S_FLAGS; - else - doapr_outch(sbuffer,buffer, &currlen, maxlen, ch); - ch = *format++; - break; - case DP_S_FLAGS: - switch (ch) { - case '-': - flags |= DP_F_MINUS; - ch = *format++; - break; - case '+': - flags |= DP_F_PLUS; - ch = *format++; - break; - case ' ': - flags |= DP_F_SPACE; - ch = *format++; - break; - case '#': - flags |= DP_F_NUM; - ch = *format++; - break; - case '0': - flags |= DP_F_ZERO; - ch = *format++; - break; - default: - state = DP_S_MIN; - break; - } - break; - case DP_S_MIN: - if (isdigit((unsigned char)ch)) { - min = 10 * min + char_to_int(ch); - ch = *format++; - } else if (ch == '*') { - min = va_arg(args, int); - ch = *format++; - state = DP_S_DOT; - } else - state = DP_S_DOT; - break; - case DP_S_DOT: - if (ch == '.') { - state = DP_S_MAX; - ch = *format++; - } else - state = DP_S_MOD; - break; - case DP_S_MAX: - if (isdigit((unsigned char)ch)) { - if (max < 0) - max = 0; - max = 10 * max + char_to_int(ch); - ch = *format++; - } else if (ch == '*') { - max = va_arg(args, int); - ch = *format++; - state = DP_S_MOD; - } else - state = DP_S_MOD; - break; - case DP_S_MOD: - switch (ch) { - case 'h': - cflags = DP_C_SHORT; - ch = *format++; - break; - case 'l': - if (*format == 'l') { - cflags = DP_C_LLONG; - format++; - } else - cflags = DP_C_LONG; - ch = *format++; - break; - case 'q': - cflags = DP_C_LLONG; - ch = *format++; - break; - case 'L': - cflags = DP_C_LDOUBLE; - ch = *format++; - break; - default: - break; - } - state = DP_S_CONV; - break; - case DP_S_CONV: - switch (ch) { - case 'd': - case 'i': - switch (cflags) { - case DP_C_SHORT: - value = (short int)va_arg(args, int); - break; - case DP_C_LONG: - value = va_arg(args, long int); - break; - case DP_C_LLONG: - value = va_arg(args, LLONG); - break; - default: - value = va_arg(args, int); - break; - } - fmtint(sbuffer, buffer, &currlen, maxlen, - value, 10, min, max, flags); - break; - case 'X': - flags |= DP_F_UP; - /* FALLTHROUGH */ - case 'x': - case 'o': - case 'u': - flags |= DP_F_UNSIGNED; - switch (cflags) { - case DP_C_SHORT: - value = (unsigned short int)va_arg(args, unsigned int); - break; - case DP_C_LONG: - value = (LLONG) va_arg(args, - unsigned long int); - break; - case DP_C_LLONG: - value = va_arg(args, unsigned LLONG); - break; - default: - value = (LLONG) va_arg(args, - unsigned int); - break; - } - fmtint(sbuffer, buffer, &currlen, maxlen, value, - ch == 'o' ? 8 : (ch == 'u' ? 10 : 16), - min, max, flags); - break; - case 'f': - if (cflags == DP_C_LDOUBLE) - fvalue = va_arg(args, LDOUBLE); - else - fvalue = va_arg(args, double); - fmtfp(sbuffer, buffer, &currlen, maxlen, - fvalue, min, max, flags); - break; - case 'E': - flags |= DP_F_UP; - case 'e': - if (cflags == DP_C_LDOUBLE) - fvalue = va_arg(args, LDOUBLE); - else - fvalue = va_arg(args, double); - break; - case 'G': - flags |= DP_F_UP; - case 'g': - if (cflags == DP_C_LDOUBLE) - fvalue = va_arg(args, LDOUBLE); - else - fvalue = va_arg(args, double); - break; - case 'c': - doapr_outch(sbuffer, buffer, &currlen, maxlen, - va_arg(args, int)); - break; - case 's': - strvalue = va_arg(args, char *); - if (max < 0) { - if (buffer) - max = INT_MAX; - else - max = *maxlen; - } - fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue, - flags, min, max); - break; - case 'p': - value = (long)va_arg(args, void *); - fmtint(sbuffer, buffer, &currlen, maxlen, - value, 16, min, max, flags); - break; - case 'n': /* XXX */ - if (cflags == DP_C_SHORT) { - short int *num; - num = va_arg(args, short int *); - *num = currlen; - } else if (cflags == DP_C_LONG) { /* XXX */ - long int *num; - num = va_arg(args, long int *); - *num = (long int) currlen; - } else if (cflags == DP_C_LLONG) { /* XXX */ - LLONG *num; - num = va_arg(args, LLONG *); - *num = (LLONG) currlen; - } else { - int *num; - num = va_arg(args, int *); - *num = currlen; - } - break; - case '%': - doapr_outch(sbuffer, buffer, &currlen, maxlen, ch); - break; - case 'w': - /* not supported yet, treat as next char */ - ch = *format++; - break; - default: - /* unknown, skip */ - break; - } - ch = *format++; - state = DP_S_DEFAULT; - flags = cflags = min = 0; - max = -1; - break; - case DP_S_DONE: - break; - default: - break; - } - } - *truncated = (currlen > *maxlen - 1); - if (*truncated) - currlen = *maxlen - 1; - doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0'); - *retlen = currlen - 1; - return; -} - -static void -fmtstr( - char **sbuffer, - char **buffer, - size_t *currlen, - size_t *maxlen, - const char *value, - int flags, - int min, - int max) +int +BIO_printf(BIO *bio, const char *format, ...) { - int padlen, strln; - int cnt = 0; - - if (value == 0) - value = ""; - for (strln = 0; value[strln]; ++strln) - ; - padlen = min - strln; - if (padlen < 0) - padlen = 0; - if (flags & DP_F_MINUS) - padlen = -padlen; - - while ((padlen > 0) && (cnt < max)) { - doapr_outch(sbuffer, buffer, currlen, maxlen, ' '); - --padlen; - ++cnt; - } - while (*value && (cnt < max)) { - doapr_outch(sbuffer, buffer, currlen, maxlen, *value++); - ++cnt; - } - while ((padlen < 0) && (cnt < max)) { - doapr_outch(sbuffer, buffer, currlen, maxlen, ' '); - ++padlen; - ++cnt; - } -} - -static void -fmtint( - char **sbuffer, - char **buffer, - size_t *currlen, - size_t *maxlen, - LLONG value, - int base, - int min, - int max, - int flags) -{ - int signvalue = 0; - unsigned LLONG uvalue; - char convert[20]; - int place = 0; - int spadlen = 0; - int zpadlen = 0; - int caps = 0; - - if (max < 0) - max = 0; - uvalue = value; - if (!(flags & DP_F_UNSIGNED)) { - if (value < 0) { - signvalue = '-'; - uvalue = -value; - } else if (flags & DP_F_PLUS) - signvalue = '+'; - else if (flags & DP_F_SPACE) - signvalue = ' '; - } - if (flags & DP_F_UP) - caps = 1; - do { - convert[place++] = - (caps ? "0123456789ABCDEF" : "0123456789abcdef") - [uvalue % (unsigned) base]; - uvalue = (uvalue / (unsigned) base); - } while (uvalue && (place < 20)); - if (place == 20) - place--; - convert[place] = 0; - - zpadlen = max - place; - spadlen = min - OSSL_MAX(max, place) - (signvalue ? 1 : 0); - if (zpadlen < 0) - zpadlen = 0; - if (spadlen < 0) - spadlen = 0; - if (flags & DP_F_ZERO) { - zpadlen = OSSL_MAX(zpadlen, spadlen); - spadlen = 0; - } - if (flags & DP_F_MINUS) - spadlen = -spadlen; - - /* spaces */ - while (spadlen > 0) { - doapr_outch(sbuffer, buffer, currlen, maxlen, ' '); - --spadlen; - } - - /* sign */ - if (signvalue) - doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue); - - /* zeros */ - if (zpadlen > 0) { - while (zpadlen > 0) { - doapr_outch(sbuffer, buffer, currlen, maxlen, '0'); - --zpadlen; - } - } - /* digits */ - while (place > 0) - doapr_outch(sbuffer, buffer, currlen, maxlen, convert[--place]); + va_list args; + int ret; - /* left justified spaces */ - while (spadlen < 0) { - doapr_outch(sbuffer, buffer, currlen, maxlen, ' '); - ++spadlen; - } - return; + va_start(args, format); + ret = BIO_vprintf(bio, format, args); + va_end(args); + return (ret); } -static LDOUBLE -abs_val(LDOUBLE value) +#ifdef HAVE_FUNOPEN +static int +_BIO_write(void *cookie, const char *buf, int nbytes) { - LDOUBLE result = value; - if (value < 0) - result = -value; - return result; + return BIO_write(cookie, buf, nbytes); } -static LDOUBLE -pow10(int exp) +int +BIO_vprintf(BIO *bio, const char *format, va_list args) { - LDOUBLE result = 1; - while (exp) { - result *= 10; - exp--; - } - return result; -} + int ret; + FILE *fp; -static long -roundv(LDOUBLE value) -{ - long intpart; - intpart = (long) value; - value = value - intpart; - if (value >= 0.5) - intpart++; - return intpart; + fp = funopen(bio, NULL, &_BIO_write, NULL, NULL); + if (fp == NULL) { + ret = -1; + goto fail; + } + ret = vfprintf(fp, format, args); + fclose(fp); +fail: + return (ret); } -static void -fmtfp( - char **sbuffer, - char **buffer, - size_t *currlen, - size_t *maxlen, - LDOUBLE fvalue, - int min, - int max, - int flags) -{ - int signvalue = 0; - LDOUBLE ufvalue; - char iconvert[20]; - char fconvert[20]; - int iplace = 0; - int fplace = 0; - int padlen = 0; - int zpadlen = 0; - int caps = 0; - long intpart; - long fracpart; - - if (max < 0) - max = 6; - ufvalue = abs_val(fvalue); - if (fvalue < 0) - signvalue = '-'; - else if (flags & DP_F_PLUS) - signvalue = '+'; - else if (flags & DP_F_SPACE) - signvalue = ' '; - - intpart = (long)ufvalue; - - /* sorry, we only support 9 digits past the decimal because of our - conversion method */ - if (max > 9) - max = 9; - - /* we "cheat" by converting the fractional part to integer by - multiplying by a factor of 10 */ - fracpart = roundv((pow10(max)) * (ufvalue - intpart)); - - if (fracpart >= pow10(max)) { - intpart++; - fracpart -= (long)pow10(max); - } - - /* convert integer part */ - do { - iconvert[iplace++] = - (caps ? "0123456789ABCDEF" - : "0123456789abcdef")[intpart % 10]; - intpart = (intpart / 10); - } while (intpart && (iplace < 20)); - if (iplace == 20) - iplace--; - iconvert[iplace] = 0; - - /* convert fractional part */ - do { - fconvert[fplace++] = - (caps ? "0123456789ABCDEF" - : "0123456789abcdef")[fracpart % 10]; - fracpart = (fracpart / 10); - } while (fplace < max); - if (fplace == 20) - fplace--; - fconvert[fplace] = 0; - - /* -1 for decimal point, another -1 if we are printing a sign */ - padlen = min - iplace - max - 1 - ((signvalue) ? 1 : 0); - zpadlen = max - fplace; - if (zpadlen < 0) - zpadlen = 0; - if (padlen < 0) - padlen = 0; - if (flags & DP_F_MINUS) - padlen = -padlen; - - if ((flags & DP_F_ZERO) && (padlen > 0)) { - if (signvalue) { - doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue); - --padlen; - signvalue = 0; - } - while (padlen > 0) { - doapr_outch(sbuffer, buffer, currlen, maxlen, '0'); - --padlen; - } - } - while (padlen > 0) { - doapr_outch(sbuffer, buffer, currlen, maxlen, ' '); - --padlen; - } - if (signvalue) - doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue); +#else /* !HAVE_FUNOPEN */ - while (iplace > 0) - doapr_outch(sbuffer, buffer, currlen, maxlen, iconvert[--iplace]); - - /* - * Decimal point. This should probably use locale to find the correct - * char to print out. - */ - if (max > 0) { - doapr_outch(sbuffer, buffer, currlen, maxlen, '.'); - - while (fplace > 0) - doapr_outch(sbuffer, buffer, currlen, maxlen, fconvert[--fplace]); - } - while (zpadlen > 0) { - doapr_outch(sbuffer, buffer, currlen, maxlen, '0'); - --zpadlen; - } - - while (padlen < 0) { - doapr_outch(sbuffer, buffer, currlen, maxlen, ' '); - ++padlen; - } -} - -static void -doapr_outch( - char **sbuffer, - char **buffer, - size_t *currlen, - size_t *maxlen, - int c) +int +BIO_vprintf(BIO *bio, const char *format, va_list args) { - /* If we haven't at least one buffer, someone has doe a big booboo */ - assert(*sbuffer != NULL || buffer != NULL); + int ret; + char *buf = NULL; - if (buffer) { - while (*currlen >= *maxlen) { - if (*buffer == NULL) { - if (*maxlen == 0) - *maxlen = 1024; - *buffer = OPENSSL_malloc(*maxlen); - if (*currlen > 0) { - assert(*sbuffer != NULL); - memcpy(*buffer, *sbuffer, *currlen); - } - *sbuffer = NULL; - } else { - *maxlen += 1024; - *buffer = OPENSSL_realloc(*buffer, *maxlen); - } + ret = vasprintf(&buf, format, args); + if (buf == NULL) { + ret = -1; + goto fail; } - /* What to do if *buffer is NULL? */ - assert(*sbuffer != NULL || *buffer != NULL); - } - - if (*currlen < *maxlen) { - if (*sbuffer) - (*sbuffer)[(*currlen)++] = (char)c; - else - (*buffer)[(*currlen)++] = (char)c; - } - - return; + BIO_write(bio, buf, ret); + free(buf); +fail: + return (ret); } -/***************************************************************************/ +#endif /* HAVE_FUNOPEN */ -int BIO_printf (BIO *bio, const char *format, ...) - { +/* + * BIO_snprintf and BIO_vsnprintf return -1 for overflow, + * due to the history of this API. Justification: + * + * Traditional snprintf surfaced in 4.4BSD, and returned + * "number of bytes wanted". Solaris and Windows opted to + * return -1. A draft standard was written which returned -1. + * Due to the large volume of code already using the first + * semantics, the draft was repaired before standardization to + * specify "number of bytes wanted" plus "-1 for character conversion + * style errors". Solaris adapted to this rule, but Windows stuck + * with -1. + * + * Original OpenSSL comment which is full of lies: + * + * "In case of truncation, return -1 like traditional snprintf. + * (Current drafts for ISO/IEC 9899 say snprintf should return + * the number of characters that would have been written, + * had the buffer been large enough.)" + */ +int +BIO_snprintf(char *buf, size_t n, const char *format, ...) +{ va_list args; int ret; va_start(args, format); - - ret = BIO_vprintf(bio, format, args); - + ret = vsnprintf(buf, n, format, args); va_end(args); - return(ret); - } - -int BIO_vprintf (BIO *bio, const char *format, va_list args) - { - int ret; - size_t retlen; - char hugebuf[1024*2]; /* Was previously 10k, which is unreasonable - in small-stack environments, like threads - or DOS programs. */ - char *hugebufp = hugebuf; - size_t hugebufsize = sizeof(hugebuf); - char *dynbuf = NULL; - int ignored; - dynbuf = NULL; - CRYPTO_push_info("doapr()"); - _dopr(&hugebufp, &dynbuf, &hugebufsize, - &retlen, &ignored, format, args); - if (dynbuf) - { - ret=BIO_write(bio, dynbuf, (int)retlen); - OPENSSL_free(dynbuf); - } - else - { - ret=BIO_write(bio, hugebuf, (int)retlen); - } - CRYPTO_pop_info(); - return(ret); - } + if (ret >= n || ret == -1) + return (-1); + return (ret); +} -/* As snprintf is not available everywhere, we provide our own implementation. - * This function has nothing to do with BIOs, but it's closely related - * to BIO_printf, and we need *some* name prefix ... - * (XXX the function should be renamed, but to what?) */ -int BIO_snprintf(char *buf, size_t n, const char *format, ...) - { - va_list args; +int +BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) +{ int ret; - va_start(args, format); - - ret = BIO_vsnprintf(buf, n, format, args); + ret = vsnprintf(buf, n, format, args); - va_end(args); - return(ret); - } - -int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) - { - size_t retlen; - int truncated; - - _dopr(&buf, NULL, &n, &retlen, &truncated, format, args); - - if (truncated) - /* In case of truncation, return -1 like traditional snprintf. - * (Current drafts for ISO/IEC 9899 say snprintf should return - * the number of characters that would have been written, - * had the buffer been large enough.) */ - return -1; - else - return (retlen <= INT_MAX) ? retlen : -1; - } + if (ret >= n || ret == -1) + return (-1); + return (ret); +} diff --git a/src/lib/libcrypto/bio/b_sock.c b/src/lib/libcrypto/bio/b_sock.c index dcaef68ea7c..152b0809022 100644 --- a/src/lib/libcrypto/bio/b_sock.c +++ b/src/lib/libcrypto/bio/b_sock.c @@ -1,736 +1,243 @@ -/* crypto/bio/b_sock.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. +/* $OpenBSD: b_sock.c,v 1.69 2018/02/07 00:52:05 bluhm Exp $ */ +/* + * Copyright (c) 2017 Bob Beck * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#ifndef OPENSSL_NO_SOCK +#include +#include +#include + +#include +#include +#include +#include +#include +#include #include #include -#include -#define USE_SOCKETS -#include "cryptlib.h" -#include - -#ifdef OPENSSL_SYS_WIN16 -#define SOCKET_PROTOCOL 0 /* more microsoft stupidity */ -#else -#define SOCKET_PROTOCOL IPPROTO_TCP -#endif - -#ifdef SO_MAXCONN -#define MAX_LISTEN SO_MAXCONN -#elif defined(SOMAXCONN) -#define MAX_LISTEN SOMAXCONN -#else -#define MAX_LISTEN 32 -#endif - -#ifdef OPENSSL_SYS_WINDOWS -static int wsa_init_done=0; -#endif - -static unsigned long BIO_ghbn_hits=0L; -static unsigned long BIO_ghbn_miss=0L; - -#define GHBN_NUM 4 -static struct ghbn_cache_st - { - char name[129]; - struct hostent *ent; - unsigned long order; - } ghbn_cache[GHBN_NUM]; - -static int get_ip(const char *str,unsigned char *ip); -#if 0 -static void ghbn_free(struct hostent *a); -static struct hostent *ghbn_dup(struct hostent *a); -#endif -int BIO_get_host_ip(const char *str, unsigned char *ip) - { - int i; - int err = 1; - int locked = 0; - struct hostent *he; - - i=get_ip(str,ip); - if (i < 0) - { - BIOerr(BIO_F_BIO_GET_HOST_IP,BIO_R_INVALID_IP_ADDRESS); - goto err; - } +#include - /* At this point, we have something that is most probably correct - in some way, so let's init the socket. */ - if (BIO_sock_init() != 1) - return 0; /* don't generate another error code here */ - - /* If the string actually contained an IP address, we need not do - anything more */ - if (i > 0) return(1); - - /* do a gethostbyname */ - CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME); - locked = 1; - he=BIO_gethostbyname(str); - if (he == NULL) - { - BIOerr(BIO_F_BIO_GET_HOST_IP,BIO_R_BAD_HOSTNAME_LOOKUP); - goto err; - } - - /* cast to short because of win16 winsock definition */ - if ((short)he->h_addrtype != AF_INET) - { - BIOerr(BIO_F_BIO_GET_HOST_IP,BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET); - goto err; - } - for (i=0; i<4; i++) - ip[i]=he->h_addr_list[0][i]; - err = 0; - - err: - if (locked) - CRYPTO_w_unlock(CRYPTO_LOCK_GETHOSTBYNAME); - if (err) - { - ERR_add_error_data(2,"host=",str); - return 0; - } - else - return 1; +#include +#include +#include + +int +BIO_get_host_ip(const char *str, unsigned char *ip) +{ + struct addrinfo *res = NULL; + struct addrinfo hints = { + .ai_family = AF_INET, + .ai_socktype = SOCK_STREAM, + .ai_flags = AI_PASSIVE, + }; + uint32_t *iap = (in_addr_t *)ip; + int error; + + if (str == NULL) { + ERR_asprintf_error_data("NULL host provided"); + return (0); } -int BIO_get_port(const char *str, unsigned short *port_ptr) - { - int i; - struct servent *s; - - if (str == NULL) - { - BIOerr(BIO_F_BIO_GET_PORT,BIO_R_NO_PORT_DEFINED); - return(0); - } - i=atoi(str); - if (i != 0) - *port_ptr=(unsigned short)i; - else - { - CRYPTO_w_lock(CRYPTO_LOCK_GETSERVBYNAME); - /* Note: under VMS with SOCKETSHR, it seems like the first - * parameter is 'char *', instead of 'const char *' - */ - s=getservbyname( -#ifndef CONST_STRICT - (char *) -#endif - str,"tcp"); - if(s != NULL) - *port_ptr=ntohs((unsigned short)s->s_port); - CRYPTO_w_unlock(CRYPTO_LOCK_GETSERVBYNAME); - if(s == NULL) - { - if (strcmp(str,"http") == 0) - *port_ptr=80; - else if (strcmp(str,"telnet") == 0) - *port_ptr=23; - else if (strcmp(str,"socks") == 0) - *port_ptr=1080; - else if (strcmp(str,"https") == 0) - *port_ptr=443; - else if (strcmp(str,"ssl") == 0) - *port_ptr=443; - else if (strcmp(str,"ftp") == 0) - *port_ptr=21; - else if (strcmp(str,"gopher") == 0) - *port_ptr=70; -#if 0 - else if (strcmp(str,"wais") == 0) - *port_ptr=21; -#endif - else - { - SYSerr(SYS_F_GETSERVBYNAME,get_last_socket_error()); - ERR_add_error_data(3,"service='",str,"'"); - return(0); - } - } - } - return(1); + if ((error = getaddrinfo(str, NULL, &hints, &res)) != 0) { + BIOerror(BIO_R_BAD_HOSTNAME_LOOKUP); + ERR_asprintf_error_data("getaddrinfo: host='%s' : %s'", str, + gai_strerror(error)); + return (0); } - -int BIO_sock_error(int sock) - { - int j,i; - int size; - - size=sizeof(int); - /* Note: under Windows the third parameter is of type (char *) - * whereas under other systems it is (void *) if you don't have - * a cast it will choke the compiler: if you do have a cast then - * you can either go for (char *) or (void *). - */ - i=getsockopt(sock,SOL_SOCKET,SO_ERROR,(void *)&j,(void *)&size); - if (i < 0) - return(1); - else - return(j); + *iap = (uint32_t)(((struct sockaddr_in *)(res->ai_addr))->sin_addr.s_addr); + freeaddrinfo(res); + return (1); +} + +int +BIO_get_port(const char *str, unsigned short *port_ptr) +{ + struct addrinfo *res = NULL; + struct addrinfo hints = { + .ai_family = AF_UNSPEC, + .ai_socktype = SOCK_STREAM, + .ai_flags = AI_PASSIVE, + }; + int error; + + if (str == NULL) { + BIOerror(BIO_R_NO_PORT_SPECIFIED); + return (0); } -long BIO_ghbn_ctrl(int cmd, int iarg, char *parg) - { - int i; - char **p; - - switch (cmd) - { - case BIO_GHBN_CTRL_HITS: - return(BIO_ghbn_hits); - /* break; */ - case BIO_GHBN_CTRL_MISSES: - return(BIO_ghbn_miss); - /* break; */ - case BIO_GHBN_CTRL_CACHE_SIZE: - return(GHBN_NUM); - /* break; */ - case BIO_GHBN_CTRL_GET_ENTRY: - if ((iarg >= 0) && (iarg 0)) - { - p=(char **)parg; - if (p == NULL) return(0); - *p=ghbn_cache[iarg].name; - ghbn_cache[iarg].name[128]='\0'; - return(1); - } - return(0); - /* break; */ - case BIO_GHBN_CTRL_FLUSH: - for (i=0; ih_aliases[i] != NULL; i++) - ; - i++; - ret->h_aliases = (char **)OPENSSL_malloc(i*sizeof(char *)); - if (ret->h_aliases == NULL) - goto err; - memset(ret->h_aliases, 0, i*sizeof(char *)); - - for (i=0; a->h_addr_list[i] != NULL; i++) - ; - i++; - ret->h_addr_list=(char **)OPENSSL_malloc(i*sizeof(char *)); - if (ret->h_addr_list == NULL) - goto err; - memset(ret->h_addr_list, 0, i*sizeof(char *)); - - j=strlen(a->h_name)+1; - if ((ret->h_name=OPENSSL_malloc(j)) == NULL) goto err; - memcpy((char *)ret->h_name,a->h_name,j); - for (i=0; a->h_aliases[i] != NULL; i++) - { - j=strlen(a->h_aliases[i])+1; - if ((ret->h_aliases[i]=OPENSSL_malloc(j)) == NULL) goto err; - memcpy(ret->h_aliases[i],a->h_aliases[i],j); - } - ret->h_length=a->h_length; - ret->h_addrtype=a->h_addrtype; - for (i=0; a->h_addr_list[i] != NULL; i++) - { - if ((ret->h_addr_list[i]=OPENSSL_malloc(a->h_length)) == NULL) + *port_ptr = ntohs(((struct sockaddr_in *)(res->ai_addr))->sin_port); + freeaddrinfo(res); + return (1); +} + +int +BIO_sock_error(int sock) +{ + socklen_t len; + int err; + + len = sizeof(err); + if (getsockopt(sock, SOL_SOCKET, SO_ERROR, &err, &len) != 0) + return (1); + return (err); +} + +struct hostent * +BIO_gethostbyname(const char *name) +{ + return gethostbyname(name); +} + +int +BIO_socket_ioctl(int fd, long type, void *arg) +{ + int ret; + + ret = ioctl(fd, type, arg); + if (ret < 0) + SYSerror(errno); + return (ret); +} + +int +BIO_get_accept_socket(char *host, int bind_mode) +{ + struct addrinfo hints = { + .ai_family = AF_INET, + .ai_socktype = SOCK_STREAM, + .ai_flags = AI_PASSIVE, + }; + struct addrinfo *res = NULL; + char *h, *p, *str = NULL; + int error, ret = 0, s = -1; + + if (host == NULL || (str = strdup(host)) == NULL) + return (-1); + p = NULL; + h = str; + if ((p = strrchr(str, ':')) == NULL) { + /* A string without a colon is treated as a port. */ + p = str; + h = NULL; + } else { + *p++ = '\0'; + if (*p == '\0') { + BIOerror(BIO_R_NO_PORT_SPECIFIED); goto err; - memcpy(ret->h_addr_list[i],a->h_addr_list[i],a->h_length); - } - if (0) - { -err: - if (ret != NULL) - ghbn_free(ret); - ret=NULL; } - MemCheck_on(); - return(ret); + if (*h == '\0' || strcmp(h, "*") == 0) + h = NULL; } -static void ghbn_free(struct hostent *a) - { - int i; - - if(a == NULL) - return; - - if (a->h_aliases != NULL) - { - for (i=0; a->h_aliases[i] != NULL; i++) - OPENSSL_free(a->h_aliases[i]); - OPENSSL_free(a->h_aliases); - } - if (a->h_addr_list != NULL) - { - for (i=0; a->h_addr_list[i] != NULL; i++) - OPENSSL_free(a->h_addr_list[i]); - OPENSSL_free(a->h_addr_list); - } - if (a->h_name != NULL) OPENSSL_free(a->h_name); - OPENSSL_free(a); - } - -#endif - -struct hostent *BIO_gethostbyname(const char *name) - { -#if 1 - /* Caching gethostbyname() results forever is wrong, - * so we have to let the true gethostbyname() worry about this */ - return gethostbyname(name); -#else - struct hostent *ret; - int i,lowi=0,j; - unsigned long low= (unsigned long)-1; - - -# if 0 - /* It doesn't make sense to use locking here: The function interface - * is not thread-safe, because threads can never be sure when - * some other thread destroys the data they were given a pointer to. - */ - CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME); -# endif - j=strlen(name); - if (j < 128) - { - for (i=0; i ghbn_cache[i].order) - { - low=ghbn_cache[i].order; - lowi=i; - } - if (ghbn_cache[i].order > 0) - { - if (strncmp(name,ghbn_cache[i].name,128) == 0) - break; - } - } - } - else - i=GHBN_NUM; - - if (i == GHBN_NUM) /* no hit*/ - { - BIO_ghbn_miss++; - /* Note: under VMS with SOCKETSHR, it seems like the first - * parameter is 'char *', instead of 'const char *' - */ - ret=gethostbyname( -# ifndef CONST_STRICT - (char *) -# endif - name); - - if (ret == NULL) - goto end; - if (j > 128) /* too big to cache */ - { -# if 0 - /* If we were trying to make this function thread-safe (which - * is bound to fail), we'd have to give up in this case - * (or allocate more memory). */ - ret = NULL; -# endif - goto end; - } - - /* else add to cache */ - if (ghbn_cache[lowi].ent != NULL) - ghbn_free(ghbn_cache[lowi].ent); /* XXX not thread-safe */ - ghbn_cache[lowi].name[0] = '\0'; - - if((ret=ghbn_cache[lowi].ent=ghbn_dup(ret)) == NULL) - { - BIOerr(BIO_F_BIO_GETHOSTBYNAME,ERR_R_MALLOC_FAILURE); - goto end; - } - strncpy(ghbn_cache[lowi].name,name,128); - ghbn_cache[lowi].order=BIO_ghbn_miss+BIO_ghbn_hits; - } - else - { - BIO_ghbn_hits++; - ret= ghbn_cache[i].ent; - ghbn_cache[i].order=BIO_ghbn_miss+BIO_ghbn_hits; - } -end: -# if 0 - CRYPTO_w_unlock(CRYPTO_LOCK_GETHOSTBYNAME); -# endif - return(ret); -#endif + if ((error = getaddrinfo(h, p, &hints, &res)) != 0) { + ERR_asprintf_error_data("getaddrinfo: '%s:%s': %s'", h, p, + gai_strerror(error)); + goto err; } - - -int BIO_sock_init(void) - { -#ifdef OPENSSL_SYS_WINDOWS - static struct WSAData wsa_state; - - if (!wsa_init_done) - { - int err; - -#ifdef SIGINT - signal(SIGINT,(void (*)(int))BIO_sock_cleanup); -#endif - wsa_init_done=1; - memset(&wsa_state,0,sizeof(wsa_state)); - if (WSAStartup(0x0101,&wsa_state)!=0) - { - err=WSAGetLastError(); - SYSerr(SYS_F_WSASTARTUP,err); - BIOerr(BIO_F_BIO_SOCK_INIT,BIO_R_WSASTARTUP); - return(-1); - } - } -#endif /* OPENSSL_SYS_WINDOWS */ - return(1); + if (h == NULL) { + struct sockaddr_in *sin = (struct sockaddr_in *)res->ai_addr; + sin->sin_addr.s_addr = INADDR_ANY; } -void BIO_sock_cleanup(void) - { -#ifdef OPENSSL_SYS_WINDOWS - if (wsa_init_done) - { - wsa_init_done=0; - WSACancelBlockingCall(); - WSACleanup(); - } -#endif + s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); + if (s == -1) { + SYSerror(errno); + ERR_asprintf_error_data("host='%s'", host); + BIOerror(BIO_R_UNABLE_TO_CREATE_SOCKET); + goto err; } + if (bind_mode == BIO_BIND_REUSEADDR) { + int i = 1; -#if !defined(OPENSSL_SYS_VMS) || __VMS_VER >= 70000000 - -int BIO_socket_ioctl(int fd, long type, unsigned long *arg) - { - int i; - - i=ioctlsocket(fd,type,arg); - if (i < 0) - SYSerr(SYS_F_IOCTLSOCKET,get_last_socket_error()); - return(i); + ret = setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &i, sizeof(i)); + bind_mode = BIO_BIND_NORMAL; } -#endif /* __VMS_VER */ - -/* The reason I have implemented this instead of using sscanf is because - * Visual C 1.52c gives an unresolved external when linking a DLL :-( */ -static int get_ip(const char *str, unsigned char ip[4]) - { - unsigned int tmp[4]; - int num=0,c,ok=0; - - tmp[0]=tmp[1]=tmp[2]=tmp[3]=0; - - for (;;) - { - c= *(str++); - if ((c >= '0') && (c <= '9')) - { - ok=1; - tmp[num]=tmp[num]*10+c-'0'; - if (tmp[num] > 255) return(0); - } - else if (c == '.') - { - if (!ok) return(-1); - if (num == 3) return(0); - num++; - ok=0; - } - else if (c == '\0' && (num == 3) && ok) - break; - else - return(0); - } - ip[0]=tmp[0]; - ip[1]=tmp[1]; - ip[2]=tmp[2]; - ip[3]=tmp[3]; - return(1); + if (bind(s, res->ai_addr, res->ai_addrlen) == -1) { + SYSerror(errno); + ERR_asprintf_error_data("host='%s'", host); + BIOerror(BIO_R_UNABLE_TO_BIND_SOCKET); + goto err; } - -int BIO_get_accept_socket(char *host, int bind_mode) - { - int ret=0; - struct sockaddr_in server,client; - int s=INVALID_SOCKET,cs; - unsigned char ip[4]; - unsigned short port; - char *str=NULL,*e; - const char *h,*p; - unsigned long l; - int err_num; - - if (BIO_sock_init() != 1) return(INVALID_SOCKET); - - if ((str=BUF_strdup(host)) == NULL) return(INVALID_SOCKET); - - h=p=NULL; - h=str; - for (e=str; *e; e++) - { - if (*e == ':') - { - p= &(e[1]); - *e='\0'; - } - else if (*e == '/') - { - *e='\0'; - break; - } - } - - if (p == NULL) - { - p=h; - h="*"; - } - - if (!BIO_get_port(p,&port)) goto err; - - memset((char *)&server,0,sizeof(server)); - server.sin_family=AF_INET; - server.sin_port=htons(port); - - if (strcmp(h,"*") == 0) - server.sin_addr.s_addr=INADDR_ANY; - else - { - if (!BIO_get_host_ip(h,&(ip[0]))) goto err; - l=(unsigned long) - ((unsigned long)ip[0]<<24L)| - ((unsigned long)ip[1]<<16L)| - ((unsigned long)ip[2]<< 8L)| - ((unsigned long)ip[3]); - server.sin_addr.s_addr=htonl(l); - } - -again: - s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL); - if (s == INVALID_SOCKET) - { - SYSerr(SYS_F_SOCKET,get_last_socket_error()); - ERR_add_error_data(3,"port='",host,"'"); - BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET,BIO_R_UNABLE_TO_CREATE_SOCKET); + if (listen(s, SOMAXCONN) == -1) { + SYSerror(errno); + ERR_asprintf_error_data("host='%s'", host); + BIOerror(BIO_R_UNABLE_TO_LISTEN_SOCKET); goto err; - } - -#ifdef SO_REUSEADDR - if (bind_mode == BIO_BIND_REUSEADDR) - { - int i=1; + } + ret = 1; - ret=setsockopt(s,SOL_SOCKET,SO_REUSEADDR,(char *)&i,sizeof(i)); - bind_mode=BIO_BIND_NORMAL; - } -#endif - if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1) - { -#ifdef SO_REUSEADDR - err_num=get_last_socket_error(); - if ((bind_mode == BIO_BIND_REUSEADDR_IF_UNUSED) && - (err_num == EADDRINUSE)) - { - memcpy((char *)&client,(char *)&server,sizeof(server)); - if (strcmp(h,"*") == 0) - client.sin_addr.s_addr=htonl(0x7F000001); - cs=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL); - if (cs != INVALID_SOCKET) - { - int ii; - ii=connect(cs,(struct sockaddr *)&client, - sizeof(client)); - closesocket(cs); - if (ii == INVALID_SOCKET) - { - bind_mode=BIO_BIND_REUSEADDR; - closesocket(s); - goto again; - } - /* else error */ - } - /* else error */ - } -#endif - SYSerr(SYS_F_BIND,err_num); - ERR_add_error_data(3,"port='",host,"'"); - BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET,BIO_R_UNABLE_TO_BIND_SOCKET); - goto err; - } - if (listen(s,MAX_LISTEN) == -1) - { - SYSerr(SYS_F_BIND,get_last_socket_error()); - ERR_add_error_data(3,"port='",host,"'"); - BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET,BIO_R_UNABLE_TO_LISTEN_SOCKET); - goto err; - } - ret=1; err: - if (str != NULL) OPENSSL_free(str); - if ((ret == 0) && (s != INVALID_SOCKET)) - { - closesocket(s); - s= INVALID_SOCKET; - } - return(s); + free(str); + if (res != NULL) + freeaddrinfo(res); + if ((ret == 0) && (s != -1)) { + close(s); + s = -1; } - -int BIO_accept(int sock, char **addr) - { - int ret=INVALID_SOCKET; - static struct sockaddr_in from; - unsigned long l; - unsigned short port; - int len; - char *p; - - memset((char *)&from,0,sizeof(from)); - len=sizeof(from); - /* Note: under VMS with SOCKETSHR the fourth parameter is currently - * of type (int *) whereas under other systems it is (void *) if - * you don't have a cast it will choke the compiler: if you do - * have a cast then you can either go for (int *) or (void *). - */ - ret=accept(sock,(struct sockaddr *)&from,(void *)&len); - if (ret == INVALID_SOCKET) - { - if(BIO_sock_should_retry(ret)) return -2; - SYSerr(SYS_F_ACCEPT,get_last_socket_error()); - BIOerr(BIO_F_BIO_ACCEPT,BIO_R_ACCEPT_ERROR); + return (s); +} + +int +BIO_accept(int sock, char **addr) +{ + char h[NI_MAXHOST], s[NI_MAXSERV]; + struct sockaddr_in sin; + socklen_t sin_len = sizeof(sin); + int ret = -1; + + if (addr == NULL) goto end; - } - if (addr == NULL) goto end; - - l=ntohl(from.sin_addr.s_addr); - port=ntohs(from.sin_port); - if (*addr == NULL) - { - if ((p=OPENSSL_malloc(24)) == NULL) - { - BIOerr(BIO_F_BIO_ACCEPT,ERR_R_MALLOC_FAILURE); - goto end; - } - *addr=p; - } - sprintf(*addr,"%d.%d.%d.%d:%d", - (unsigned char)(l>>24L)&0xff, - (unsigned char)(l>>16L)&0xff, - (unsigned char)(l>> 8L)&0xff, - (unsigned char)(l )&0xff, - port); -end: - return(ret); + ret = accept(sock, (struct sockaddr *)&sin, &sin_len); + if (ret == -1) { + if (BIO_sock_should_retry(ret)) + return -2; + SYSerror(errno); + BIOerror(BIO_R_ACCEPT_ERROR); + goto end; } - -int BIO_set_tcp_ndelay(int s, int on) - { - int ret=0; -#if defined(TCP_NODELAY) && (defined(IPPROTO_TCP) || defined(SOL_TCP)) - int opt; - -#ifdef SOL_TCP - opt=SOL_TCP; -#else -#ifdef IPPROTO_TCP - opt=IPPROTO_TCP; -#endif -#endif - - ret=setsockopt(s,opt,TCP_NODELAY,(char *)&on,sizeof(on)); -#endif - return(ret == 0); + /* XXX Crazy API. Can't be helped */ + if (*addr != NULL) { + free(*addr); + *addr = NULL; } -#endif -int BIO_socket_nbio(int s, int mode) - { - int ret= -1; - unsigned long l; + if (sin.sin_family != AF_INET) + goto end; + + if (getnameinfo((struct sockaddr *)&sin, sin_len, h, sizeof(h), + s, sizeof(s), NI_NUMERICHOST|NI_NUMERICSERV) != 0) + goto end; - l=mode; -#ifdef FIONBIO - ret=BIO_socket_ioctl(s,FIONBIO,&l); -#endif - return(ret == 0); + if ((asprintf(addr, "%s:%s", h, s)) == -1) { + BIOerror(ERR_R_MALLOC_FAILURE); + *addr = NULL; + goto end; } +end: + return (ret); +} + +int +BIO_set_tcp_ndelay(int s, int on) +{ + return (setsockopt(s, IPPROTO_TCP, TCP_NODELAY, &on, sizeof(on)) == 0); +} diff --git a/src/lib/libcrypto/bio/bf_buff.c b/src/lib/libcrypto/bio/bf_buff.c index 6ccda06596c..5b9ee35da84 100644 --- a/src/lib/libcrypto/bio/bf_buff.c +++ b/src/lib/libcrypto/bio/bf_buff.c @@ -1,25 +1,25 @@ -/* crypto/bio/bf_buff.c */ +/* $OpenBSD: bf_buff.c,v 1.25 2018/05/01 13:29:09 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,19 +49,21 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ -#include #include -#include "cryptlib.h" +#include +#include + #include +#include -static int buffer_write(BIO *h, const char *buf,int num); +static int buffer_write(BIO *h, const char *buf, int num); static int buffer_read(BIO *h, char *buf, int size); static int buffer_puts(BIO *h, const char *str); static int buffer_gets(BIO *h, char *str, int size); @@ -71,440 +73,448 @@ static int buffer_free(BIO *data); static long buffer_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); #define DEFAULT_BUFFER_SIZE 4096 -static BIO_METHOD methods_buffer= - { - BIO_TYPE_BUFFER, - "buffer", - buffer_write, - buffer_read, - buffer_puts, - buffer_gets, - buffer_ctrl, - buffer_new, - buffer_free, - buffer_callback_ctrl, - }; - -BIO_METHOD *BIO_f_buffer(void) - { - return(&methods_buffer); - } - -static int buffer_new(BIO *bi) - { +static const BIO_METHOD methods_buffer = { + .type = BIO_TYPE_BUFFER, + .name = "buffer", + .bwrite = buffer_write, + .bread = buffer_read, + .bputs = buffer_puts, + .bgets = buffer_gets, + .ctrl = buffer_ctrl, + .create = buffer_new, + .destroy = buffer_free, + .callback_ctrl = buffer_callback_ctrl +}; + +const BIO_METHOD * +BIO_f_buffer(void) +{ + return (&methods_buffer); +} + +static int +buffer_new(BIO *bi) +{ BIO_F_BUFFER_CTX *ctx; - ctx=(BIO_F_BUFFER_CTX *)OPENSSL_malloc(sizeof(BIO_F_BUFFER_CTX)); - if (ctx == NULL) return(0); - ctx->ibuf=(char *)OPENSSL_malloc(DEFAULT_BUFFER_SIZE); - if (ctx->ibuf == NULL) { OPENSSL_free(ctx); return(0); } - ctx->obuf=(char *)OPENSSL_malloc(DEFAULT_BUFFER_SIZE); - if (ctx->obuf == NULL) { OPENSSL_free(ctx->ibuf); OPENSSL_free(ctx); return(0); } - ctx->ibuf_size=DEFAULT_BUFFER_SIZE; - ctx->obuf_size=DEFAULT_BUFFER_SIZE; - ctx->ibuf_len=0; - ctx->ibuf_off=0; - ctx->obuf_len=0; - ctx->obuf_off=0; - - bi->init=1; - bi->ptr=(char *)ctx; - bi->flags=0; - return(1); + ctx = malloc(sizeof(BIO_F_BUFFER_CTX)); + if (ctx == NULL) + return (0); + ctx->ibuf = malloc(DEFAULT_BUFFER_SIZE); + if (ctx->ibuf == NULL) { + free(ctx); + return (0); } - -static int buffer_free(BIO *a) - { + ctx->obuf = malloc(DEFAULT_BUFFER_SIZE); + if (ctx->obuf == NULL) { + free(ctx->ibuf); + free(ctx); + return (0); + } + ctx->ibuf_size = DEFAULT_BUFFER_SIZE; + ctx->obuf_size = DEFAULT_BUFFER_SIZE; + ctx->ibuf_len = 0; + ctx->ibuf_off = 0; + ctx->obuf_len = 0; + ctx->obuf_off = 0; + + bi->init = 1; + bi->ptr = (char *)ctx; + bi->flags = 0; + return (1); +} + +static int +buffer_free(BIO *a) +{ BIO_F_BUFFER_CTX *b; - if (a == NULL) return(0); - b=(BIO_F_BUFFER_CTX *)a->ptr; - if (b->ibuf != NULL) OPENSSL_free(b->ibuf); - if (b->obuf != NULL) OPENSSL_free(b->obuf); - OPENSSL_free(a->ptr); - a->ptr=NULL; - a->init=0; - a->flags=0; - return(1); - } - -static int buffer_read(BIO *b, char *out, int outl) - { - int i,num=0; + if (a == NULL) + return (0); + b = (BIO_F_BUFFER_CTX *)a->ptr; + free(b->ibuf); + free(b->obuf); + free(a->ptr); + a->ptr = NULL; + a->init = 0; + a->flags = 0; + return (1); +} + +static int +buffer_read(BIO *b, char *out, int outl) +{ + int i, num = 0; BIO_F_BUFFER_CTX *ctx; - if (out == NULL) return(0); - ctx=(BIO_F_BUFFER_CTX *)b->ptr; + if (out == NULL) + return (0); + ctx = (BIO_F_BUFFER_CTX *)b->ptr; - if ((ctx == NULL) || (b->next_bio == NULL)) return(0); - num=0; + if ((ctx == NULL) || (b->next_bio == NULL)) + return (0); + num = 0; BIO_clear_retry_flags(b); start: - i=ctx->ibuf_len; + i = ctx->ibuf_len; /* If there is stuff left over, grab it */ - if (i != 0) - { - if (i > outl) i=outl; - memcpy(out,&(ctx->ibuf[ctx->ibuf_off]),i); - ctx->ibuf_off+=i; - ctx->ibuf_len-=i; - num+=i; - if (outl == i) return(num); - outl-=i; - out+=i; - } + if (i != 0) { + if (i > outl) + i = outl; + memcpy(out, &(ctx->ibuf[ctx->ibuf_off]), i); + ctx->ibuf_off += i; + ctx->ibuf_len -= i; + num += i; + if (outl == i) + return (num); + outl -= i; + out += i; + } /* We may have done a partial read. try to do more. * We have nothing in the buffer. * If we get an error and have read some data, just return it * and let them retry to get the error again. * copy direct to parent address space */ - if (outl > ctx->ibuf_size) - { - for (;;) - { - i=BIO_read(b->next_bio,out,outl); - if (i <= 0) - { + if (outl > ctx->ibuf_size) { + for (;;) { + i = BIO_read(b->next_bio, out, outl); + if (i <= 0) { BIO_copy_next_retry(b); - if (i < 0) return((num > 0)?num:i); - if (i == 0) return(num); - } - num+=i; - if (outl == i) return(num); - out+=i; - outl-=i; + if (i < 0) + return ((num > 0) ? num : i); + if (i == 0) + return (num); } + num += i; + if (outl == i) + return (num); + out += i; + outl -= i; } + } /* else */ /* we are going to be doing some buffering */ - i=BIO_read(b->next_bio,ctx->ibuf,ctx->ibuf_size); - if (i <= 0) - { + i = BIO_read(b->next_bio, ctx->ibuf, ctx->ibuf_size); + if (i <= 0) { BIO_copy_next_retry(b); - if (i < 0) return((num > 0)?num:i); - if (i == 0) return(num); - } - ctx->ibuf_off=0; - ctx->ibuf_len=i; + if (i < 0) + return ((num > 0) ? num : i); + if (i == 0) + return (num); + } + ctx->ibuf_off = 0; + ctx->ibuf_len = i; /* Lets re-read using ourselves :-) */ goto start; - } +} -static int buffer_write(BIO *b, const char *in, int inl) - { - int i,num=0; +static int +buffer_write(BIO *b, const char *in, int inl) +{ + int i, num = 0; BIO_F_BUFFER_CTX *ctx; - if ((in == NULL) || (inl <= 0)) return(0); - ctx=(BIO_F_BUFFER_CTX *)b->ptr; - if ((ctx == NULL) || (b->next_bio == NULL)) return(0); + if ((in == NULL) || (inl <= 0)) + return (0); + ctx = (BIO_F_BUFFER_CTX *)b->ptr; + if ((ctx == NULL) || (b->next_bio == NULL)) + return (0); BIO_clear_retry_flags(b); start: - i=ctx->obuf_size-(ctx->obuf_len+ctx->obuf_off); + i = ctx->obuf_size - (ctx->obuf_len + ctx->obuf_off); /* add to buffer and return */ - if (i >= inl) - { - memcpy(&(ctx->obuf[ctx->obuf_len]),in,inl); - ctx->obuf_len+=inl; - return(num+inl); - } + if (i >= inl) { + memcpy(&(ctx->obuf[ctx->obuf_off + ctx->obuf_len]), in, inl); + ctx->obuf_len += inl; + return (num + inl); + } /* else */ /* stuff already in buffer, so add to it first, then flush */ - if (ctx->obuf_len != 0) - { + if (ctx->obuf_len != 0) { if (i > 0) /* lets fill it up if we can */ - { - memcpy(&(ctx->obuf[ctx->obuf_len]),in,i); - in+=i; - inl-=i; - num+=i; - ctx->obuf_len+=i; - } + { + memcpy(&(ctx->obuf[ctx->obuf_off + ctx->obuf_len]), in, i); + in += i; + inl -= i; + num += i; + ctx->obuf_len += i; + } /* we now have a full buffer needing flushing */ - for (;;) - { - i=BIO_write(b->next_bio,&(ctx->obuf[ctx->obuf_off]), - ctx->obuf_len); - if (i <= 0) - { + for (;;) { + i = BIO_write(b->next_bio, &(ctx->obuf[ctx->obuf_off]), + ctx->obuf_len); + if (i <= 0) { BIO_copy_next_retry(b); - if (i < 0) return((num > 0)?num:i); - if (i == 0) return(num); - } - ctx->obuf_off+=i; - ctx->obuf_len-=i; - if (ctx->obuf_len == 0) break; + if (i < 0) + return ((num > 0) ? num : i); + if (i == 0) + return (num); } + ctx->obuf_off += i; + ctx->obuf_len -= i; + if (ctx->obuf_len == 0) + break; } + } /* we only get here if the buffer has been flushed and we * still have stuff to write */ - ctx->obuf_off=0; + ctx->obuf_off = 0; /* we now have inl bytes to write */ - while (inl >= ctx->obuf_size) - { - i=BIO_write(b->next_bio,in,inl); - if (i <= 0) - { + while (inl >= ctx->obuf_size) { + i = BIO_write(b->next_bio, in, inl); + if (i <= 0) { BIO_copy_next_retry(b); - if (i < 0) return((num > 0)?num:i); - if (i == 0) return(num); - } - num+=i; - in+=i; - inl-=i; - if (inl == 0) return(num); + if (i < 0) + return ((num > 0) ? num : i); + if (i == 0) + return (num); } + num += i; + in += i; + inl -= i; + if (inl == 0) + return (num); + } - /* copy the rest into the buffer since we have only a small + /* copy the rest into the buffer since we have only a small * amount left */ goto start; - } +} -static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr) - { +static long +buffer_ctrl(BIO *b, int cmd, long num, void *ptr) +{ BIO *dbio; BIO_F_BUFFER_CTX *ctx; - long ret=1; - char *p1,*p2; - int r,i,*ip; - int ibs,obs; + long ret = 1; + char *p1, *p2; + int r, i, *ip; + int ibs, obs; - ctx=(BIO_F_BUFFER_CTX *)b->ptr; + ctx = (BIO_F_BUFFER_CTX *)b->ptr; - switch (cmd) - { + switch (cmd) { case BIO_CTRL_RESET: - ctx->ibuf_off=0; - ctx->ibuf_len=0; - ctx->obuf_off=0; - ctx->obuf_len=0; - if (b->next_bio == NULL) return(0); - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + ctx->ibuf_off = 0; + ctx->ibuf_len = 0; + ctx->obuf_off = 0; + ctx->obuf_len = 0; + if (b->next_bio == NULL) + return (0); + ret = BIO_ctrl(b->next_bio, cmd, num, ptr); break; case BIO_CTRL_INFO: - ret=(long)ctx->obuf_len; + ret = (long)ctx->obuf_len; break; case BIO_C_GET_BUFF_NUM_LINES: - ret=0; - p1=ctx->ibuf; - for (i=ctx->ibuf_off; iibuf_len; i++) - { - if (p1[i] == '\n') ret++; - } + ret = 0; + p1 = ctx->ibuf; + for (i = 0; i < ctx->ibuf_len; i++) { + if (p1[ctx->ibuf_off + i] == '\n') + ret++; + } break; case BIO_CTRL_WPENDING: - ret=(long)ctx->obuf_len; - if (ret == 0) - { - if (b->next_bio == NULL) return(0); - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); - } + ret = (long)ctx->obuf_len; + if (ret == 0) { + if (b->next_bio == NULL) + return (0); + ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + } break; case BIO_CTRL_PENDING: - ret=(long)ctx->ibuf_len; - if (ret == 0) - { - if (b->next_bio == NULL) return(0); - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); - } + ret = (long)ctx->ibuf_len; + if (ret == 0) { + if (b->next_bio == NULL) + return (0); + ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + } break; case BIO_C_SET_BUFF_READ_DATA: - if (num > ctx->ibuf_size) - { - p1=OPENSSL_malloc((int)num); - if (p1 == NULL) goto malloc_error; - if (ctx->ibuf != NULL) OPENSSL_free(ctx->ibuf); - ctx->ibuf=p1; - } - ctx->ibuf_off=0; - ctx->ibuf_len=(int)num; - memcpy(ctx->ibuf,ptr,(int)num); - ret=1; + if (num > ctx->ibuf_size) { + p1 = malloc(num); + if (p1 == NULL) + goto malloc_error; + free(ctx->ibuf); + ctx->ibuf = p1; + } + ctx->ibuf_off = 0; + ctx->ibuf_len = (int)num; + memcpy(ctx->ibuf, ptr, num); + ret = 1; break; case BIO_C_SET_BUFF_SIZE: - if (ptr != NULL) - { - ip=(int *)ptr; - if (*ip == 0) - { - ibs=(int)num; - obs=ctx->obuf_size; - } - else /* if (*ip == 1) */ - { - ibs=ctx->ibuf_size; - obs=(int)num; - } + if (ptr != NULL) { + ip = (int *)ptr; + if (*ip == 0) { + ibs = (int)num; + obs = ctx->obuf_size; } - else - { - ibs=(int)num; - obs=(int)num; - } - p1=ctx->ibuf; - p2=ctx->obuf; - if ((ibs > DEFAULT_BUFFER_SIZE) && (ibs != ctx->ibuf_size)) + else /* if (*ip == 1) */ { - p1=(char *)OPENSSL_malloc((int)num); - if (p1 == NULL) goto malloc_error; + ibs = ctx->ibuf_size; + obs = (int)num; } - if ((obs > DEFAULT_BUFFER_SIZE) && (obs != ctx->obuf_size)) - { - p2=(char *)OPENSSL_malloc((int)num); - if (p2 == NULL) - { - if (p1 != ctx->ibuf) OPENSSL_free(p1); + } else { + ibs = (int)num; + obs = (int)num; + } + p1 = ctx->ibuf; + p2 = ctx->obuf; + if ((ibs > DEFAULT_BUFFER_SIZE) && (ibs != ctx->ibuf_size)) { + p1 = malloc(num); + if (p1 == NULL) + goto malloc_error; + } + if ((obs > DEFAULT_BUFFER_SIZE) && (obs != ctx->obuf_size)) { + p2 = malloc(num); + if (p2 == NULL) { + if (p1 != ctx->ibuf) + free(p1); goto malloc_error; - } - } - if (ctx->ibuf != p1) - { - OPENSSL_free(ctx->ibuf); - ctx->ibuf=p1; - ctx->ibuf_off=0; - ctx->ibuf_len=0; - ctx->ibuf_size=ibs; - } - if (ctx->obuf != p2) - { - OPENSSL_free(ctx->obuf); - ctx->obuf=p2; - ctx->obuf_off=0; - ctx->obuf_len=0; - ctx->obuf_size=obs; } + } + if (ctx->ibuf != p1) { + free(ctx->ibuf); + ctx->ibuf = p1; + ctx->ibuf_off = 0; + ctx->ibuf_len = 0; + ctx->ibuf_size = ibs; + } + if (ctx->obuf != p2) { + free(ctx->obuf); + ctx->obuf = p2; + ctx->obuf_off = 0; + ctx->obuf_len = 0; + ctx->obuf_size = obs; + } break; case BIO_C_DO_STATE_MACHINE: - if (b->next_bio == NULL) return(0); + if (b->next_bio == NULL) + return (0); BIO_clear_retry_flags(b); - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + ret = BIO_ctrl(b->next_bio, cmd, num, ptr); BIO_copy_next_retry(b); break; case BIO_CTRL_FLUSH: - if (b->next_bio == NULL) return(0); - if (ctx->obuf_len <= 0) - { - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + if (b->next_bio == NULL) + return (0); + if (ctx->obuf_len <= 0) { + ret = BIO_ctrl(b->next_bio, cmd, num, ptr); break; - } + } - for (;;) - { + for (;;) { BIO_clear_retry_flags(b); - if (ctx->obuf_len > ctx->obuf_off) - { - r=BIO_write(b->next_bio, - &(ctx->obuf[ctx->obuf_off]), - ctx->obuf_len-ctx->obuf_off); -#if 0 -fprintf(stderr,"FLUSH [%3d] %3d -> %3d\n",ctx->obuf_off,ctx->obuf_len-ctx->obuf_off,r); -#endif + if (ctx->obuf_len > 0) { + r = BIO_write(b->next_bio, + &(ctx->obuf[ctx->obuf_off]), + ctx->obuf_len); BIO_copy_next_retry(b); - if (r <= 0) return((long)r); - ctx->obuf_off+=r; - } - else - { - ctx->obuf_len=0; - ctx->obuf_off=0; - ret=1; + if (r <= 0) + return ((long)r); + ctx->obuf_off += r; + ctx->obuf_len -= r; + } else { + ctx->obuf_len = 0; + ctx->obuf_off = 0; break; - } } - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + } + ret = BIO_ctrl(b->next_bio, cmd, num, ptr); break; case BIO_CTRL_DUP: - dbio=(BIO *)ptr; - if ( !BIO_set_read_buffer_size(dbio,ctx->ibuf_size) || - !BIO_set_write_buffer_size(dbio,ctx->obuf_size)) - ret=0; + dbio = (BIO *)ptr; + if (!BIO_set_read_buffer_size(dbio, ctx->ibuf_size) || + !BIO_set_write_buffer_size(dbio, ctx->obuf_size)) + ret = 0; break; default: - if (b->next_bio == NULL) return(0); - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + if (b->next_bio == NULL) + return (0); + ret = BIO_ctrl(b->next_bio, cmd, num, ptr); break; - } - return(ret); -malloc_error: - BIOerr(BIO_F_BUFFER_CTRL,ERR_R_MALLOC_FAILURE); - return(0); } - -static long buffer_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) - { - long ret=1; - - if (b->next_bio == NULL) return(0); - switch (cmd) - { + return (ret); +malloc_error: + BIOerror(ERR_R_MALLOC_FAILURE); + return (0); +} + +static long +buffer_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) +{ + long ret = 1; + + if (b->next_bio == NULL) + return (0); + switch (cmd) { default: - ret=BIO_callback_ctrl(b->next_bio,cmd,fp); + ret = BIO_callback_ctrl(b->next_bio, cmd, fp); break; - } - return(ret); } + return (ret); +} -static int buffer_gets(BIO *b, char *buf, int size) - { +static int +buffer_gets(BIO *b, char *buf, int size) +{ BIO_F_BUFFER_CTX *ctx; - int num=0,i,flag; + int num = 0, i, flag; char *p; - ctx=(BIO_F_BUFFER_CTX *)b->ptr; + ctx = (BIO_F_BUFFER_CTX *)b->ptr; size--; /* reserve space for a '\0' */ BIO_clear_retry_flags(b); - for (;;) - { - if (ctx->ibuf_len > 0) - { - p= &(ctx->ibuf[ctx->ibuf_off]); - flag=0; - for (i=0; (iibuf_len) && (iibuf_len > 0) { + p = &(ctx->ibuf[ctx->ibuf_off]); + flag = 0; + for (i = 0; (i < ctx->ibuf_len) && (i < size); i++) { + *(buf++) = p[i]; + if (p[i] == '\n') { + flag = 1; i++; break; - } - } - num+=i; - size-=i; - ctx->ibuf_len-=i; - ctx->ibuf_off+=i; - if ((flag) || (i == size)) - { - *buf='\0'; - return(num); } } + num += i; + size -= i; + ctx->ibuf_len -= i; + ctx->ibuf_off += i; + if (flag || size == 0) { + *buf = '\0'; + return (num); + } + } else /* read another chunk */ - { - i=BIO_read(b->next_bio,ctx->ibuf,ctx->ibuf_size); - if (i <= 0) - { + { + i = BIO_read(b->next_bio, ctx->ibuf, ctx->ibuf_size); + if (i <= 0) { BIO_copy_next_retry(b); - if (i < 0) return((num > 0)?num:i); - if (i == 0) return(num); - } - ctx->ibuf_len=i; - ctx->ibuf_off=0; + *buf = '\0'; + if (i < 0) + return ((num > 0) ? num : i); + if (i == 0) + return (num); } + ctx->ibuf_len = i; + ctx->ibuf_off = 0; } } +} -static int buffer_puts(BIO *b, const char *str) - { - return(buffer_write(b,str,strlen(str))); - } - +static int +buffer_puts(BIO *b, const char *str) +{ + return (buffer_write(b, str, strlen(str))); +} diff --git a/src/lib/libcrypto/bio/bf_lbuf.c b/src/lib/libcrypto/bio/bf_lbuf.c index ec0f7eb0b7e..5d9ec0f0254 100644 --- a/src/lib/libcrypto/bio/bf_lbuf.c +++ b/src/lib/libcrypto/bio/bf_lbuf.c @@ -1,25 +1,25 @@ -/* crypto/bio/bf_buff.c */ +/* $OpenBSD: bf_lbuf.c,v 1.14 2017/01/29 17:49:22 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,20 +49,20 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ -#include #include -#include "cryptlib.h" +#include + #include #include -static int linebuffer_write(BIO *h, const char *buf,int num); +static int linebuffer_write(BIO *h, const char *buf, int num); static int linebuffer_read(BIO *h, char *buf, int size); static int linebuffer_puts(BIO *h, const char *str); static int linebuffer_gets(BIO *h, char *str, int size); @@ -76,322 +76,302 @@ static long linebuffer_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); /* #define DEBUG */ -static BIO_METHOD methods_linebuffer= - { - BIO_TYPE_LINEBUFFER, - "linebuffer", - linebuffer_write, - linebuffer_read, - linebuffer_puts, - linebuffer_gets, - linebuffer_ctrl, - linebuffer_new, - linebuffer_free, - linebuffer_callback_ctrl, - }; - -BIO_METHOD *BIO_f_linebuffer(void) - { - return(&methods_linebuffer); - } +static BIO_METHOD methods_linebuffer = { + .type = BIO_TYPE_LINEBUFFER, + .name = "linebuffer", + .bwrite = linebuffer_write, + .bread = linebuffer_read, + .bputs = linebuffer_puts, + .bgets = linebuffer_gets, + .ctrl = linebuffer_ctrl, + .create = linebuffer_new, + .destroy = linebuffer_free, + .callback_ctrl = linebuffer_callback_ctrl +}; -typedef struct bio_linebuffer_ctx_struct - { +BIO_METHOD * +BIO_f_linebuffer(void) +{ + return (&methods_linebuffer); +} + +typedef struct bio_linebuffer_ctx_struct { char *obuf; /* the output char array */ int obuf_size; /* how big is the output buffer */ int obuf_len; /* how many bytes are in it */ - } BIO_LINEBUFFER_CTX; +} BIO_LINEBUFFER_CTX; -static int linebuffer_new(BIO *bi) - { +static int +linebuffer_new(BIO *bi) +{ BIO_LINEBUFFER_CTX *ctx; - ctx=(BIO_LINEBUFFER_CTX *)OPENSSL_malloc(sizeof(BIO_LINEBUFFER_CTX)); - if (ctx == NULL) return(0); - ctx->obuf=(char *)OPENSSL_malloc(DEFAULT_LINEBUFFER_SIZE); - if (ctx->obuf == NULL) { OPENSSL_free(ctx); return(0); } - ctx->obuf_size=DEFAULT_LINEBUFFER_SIZE; - ctx->obuf_len=0; - - bi->init=1; - bi->ptr=(char *)ctx; - bi->flags=0; - return(1); + ctx = malloc(sizeof(BIO_LINEBUFFER_CTX)); + if (ctx == NULL) + return (0); + ctx->obuf = malloc(DEFAULT_LINEBUFFER_SIZE); + if (ctx->obuf == NULL) { + free(ctx); + return (0); } + ctx->obuf_size = DEFAULT_LINEBUFFER_SIZE; + ctx->obuf_len = 0; + + bi->init = 1; + bi->ptr = (char *)ctx; + bi->flags = 0; + return (1); +} -static int linebuffer_free(BIO *a) - { +static int +linebuffer_free(BIO *a) +{ BIO_LINEBUFFER_CTX *b; - if (a == NULL) return(0); - b=(BIO_LINEBUFFER_CTX *)a->ptr; - if (b->obuf != NULL) OPENSSL_free(b->obuf); - OPENSSL_free(a->ptr); - a->ptr=NULL; - a->init=0; - a->flags=0; - return(1); - } - -static int linebuffer_read(BIO *b, char *out, int outl) - { - int ret=0; - - if (out == NULL) return(0); - if (b->next_bio == NULL) return(0); - ret=BIO_read(b->next_bio,out,outl); + if (a == NULL) + return (0); + b = (BIO_LINEBUFFER_CTX *)a->ptr; + free(b->obuf); + free(a->ptr); + a->ptr = NULL; + a->init = 0; + a->flags = 0; + return (1); +} + +static int +linebuffer_read(BIO *b, char *out, int outl) +{ + int ret = 0; + + if (out == NULL) + return (0); + if (b->next_bio == NULL) + return (0); + ret = BIO_read(b->next_bio, out, outl); BIO_clear_retry_flags(b); BIO_copy_next_retry(b); - return(ret); - } + return (ret); +} -static int linebuffer_write(BIO *b, const char *in, int inl) - { - int i,num=0,foundnl; +static int +linebuffer_write(BIO *b, const char *in, int inl) +{ + int i, num = 0, foundnl; BIO_LINEBUFFER_CTX *ctx; - if ((in == NULL) || (inl <= 0)) return(0); - ctx=(BIO_LINEBUFFER_CTX *)b->ptr; - if ((ctx == NULL) || (b->next_bio == NULL)) return(0); + if ((in == NULL) || (inl <= 0)) + return (0); + ctx = (BIO_LINEBUFFER_CTX *)b->ptr; + if ((ctx == NULL) || (b->next_bio == NULL)) + return (0); BIO_clear_retry_flags(b); - do - { + do { const char *p; - for(p = in; p < in + inl && *p != '\n'; p++) + for (p = in; p < in + inl && *p != '\n'; p++) ; - if (*p == '\n') - { + if (*p == '\n') { p++; foundnl = 1; - } - else + } else foundnl = 0; /* If a NL was found and we already have text in the save buffer, concatenate them and write */ - while ((foundnl || p - in > ctx->obuf_size - ctx->obuf_len) - && ctx->obuf_len > 0) - { + while ((foundnl || p - in > ctx->obuf_size - ctx->obuf_len) && + ctx->obuf_len > 0) { int orig_olen = ctx->obuf_len; - + i = ctx->obuf_size - ctx->obuf_len; - if (p - in > 0) - { - if (i >= p - in) - { + if (p - in > 0) { + if (i >= p - in) { memcpy(&(ctx->obuf[ctx->obuf_len]), - in,p - in); + in, p - in); ctx->obuf_len += p - in; inl -= p - in; num += p - in; in = p; - } - else - { + } else { memcpy(&(ctx->obuf[ctx->obuf_len]), - in,i); + in, i); ctx->obuf_len += i; inl -= i; in += i; num += i; - } } + } -#if 0 -BIO_write(b->next_bio, "<*<", 3); -#endif - i=BIO_write(b->next_bio, - ctx->obuf, ctx->obuf_len); - if (i <= 0) - { + i = BIO_write(b->next_bio, ctx->obuf, ctx->obuf_len); + if (i <= 0) { ctx->obuf_len = orig_olen; BIO_copy_next_retry(b); - -#if 0 -BIO_write(b->next_bio, ">*>", 3); -#endif - if (i < 0) return((num > 0)?num:i); - if (i == 0) return(num); - } -#if 0 -BIO_write(b->next_bio, ">*>", 3); -#endif + if (i < 0) + return ((num > 0) ? num : i); + if (i == 0) + return (num); + } if (i < ctx->obuf_len) memmove(ctx->obuf, ctx->obuf + i, - ctx->obuf_len - i); - ctx->obuf_len-=i; - } + ctx->obuf_len - i); + ctx->obuf_len -= i; + } /* Now that the save buffer is emptied, let's write the input buffer if a NL was found and there is anything to write. */ - if ((foundnl || p - in > ctx->obuf_size) && p - in > 0) - { -#if 0 -BIO_write(b->next_bio, "<*<", 3); -#endif - i=BIO_write(b->next_bio,in,p - in); - if (i <= 0) - { + if ((foundnl || p - in > ctx->obuf_size) && p - in > 0) { + i = BIO_write(b->next_bio, in, p - in); + if (i <= 0) { BIO_copy_next_retry(b); -#if 0 -BIO_write(b->next_bio, ">*>", 3); -#endif - if (i < 0) return((num > 0)?num:i); - if (i == 0) return(num); - } -#if 0 -BIO_write(b->next_bio, ">*>", 3); -#endif - num+=i; - in+=i; - inl-=i; + if (i < 0) + return ((num > 0) ? num : i); + if (i == 0) + return (num); } + num += i; + in += i; + inl -= i; } - while(foundnl && inl > 0); + } while (foundnl && inl > 0); /* We've written as much as we can. The rest of the input buffer, if any, is text that doesn't and with a NL and therefore needs to be saved for the next trip. */ - if (inl > 0) - { + if (inl > 0) { memcpy(&(ctx->obuf[ctx->obuf_len]), in, inl); ctx->obuf_len += inl; num += inl; - } - return num; } + return num; +} -static long linebuffer_ctrl(BIO *b, int cmd, long num, void *ptr) - { +static long +linebuffer_ctrl(BIO *b, int cmd, long num, void *ptr) +{ BIO *dbio; BIO_LINEBUFFER_CTX *ctx; - long ret=1; + long ret = 1; char *p; int r; int obs; - ctx=(BIO_LINEBUFFER_CTX *)b->ptr; + ctx = (BIO_LINEBUFFER_CTX *)b->ptr; - switch (cmd) - { + switch (cmd) { case BIO_CTRL_RESET: - ctx->obuf_len=0; - if (b->next_bio == NULL) return(0); - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + ctx->obuf_len = 0; + if (b->next_bio == NULL) + return (0); + ret = BIO_ctrl(b->next_bio, cmd, num, ptr); break; case BIO_CTRL_INFO: - ret=(long)ctx->obuf_len; + ret = (long)ctx->obuf_len; break; case BIO_CTRL_WPENDING: - ret=(long)ctx->obuf_len; - if (ret == 0) - { - if (b->next_bio == NULL) return(0); - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); - } + ret = (long)ctx->obuf_len; + if (ret == 0) { + if (b->next_bio == NULL) + return (0); + ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + } break; case BIO_C_SET_BUFF_SIZE: - obs=(int)num; - p=ctx->obuf; - if ((obs > DEFAULT_LINEBUFFER_SIZE) && (obs != ctx->obuf_size)) - { - p=(char *)OPENSSL_malloc((int)num); + obs = (int)num; + p = ctx->obuf; + if ((obs > DEFAULT_LINEBUFFER_SIZE) && (obs != ctx->obuf_size)) { + p = malloc(num); if (p == NULL) goto malloc_error; - } - if (ctx->obuf != p) - { - if (ctx->obuf_len > obs) - { + } + if (ctx->obuf != p) { + if (ctx->obuf_len > obs) { ctx->obuf_len = obs; - } - memcpy(p, ctx->obuf, ctx->obuf_len); - OPENSSL_free(ctx->obuf); - ctx->obuf=p; - ctx->obuf_size=obs; } + memcpy(p, ctx->obuf, ctx->obuf_len); + free(ctx->obuf); + ctx->obuf = p; + ctx->obuf_size = obs; + } break; case BIO_C_DO_STATE_MACHINE: - if (b->next_bio == NULL) return(0); + if (b->next_bio == NULL) + return (0); BIO_clear_retry_flags(b); - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + ret = BIO_ctrl(b->next_bio, cmd, num, ptr); BIO_copy_next_retry(b); break; case BIO_CTRL_FLUSH: - if (b->next_bio == NULL) return(0); - if (ctx->obuf_len <= 0) - { - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + if (b->next_bio == NULL) + return (0); + if (ctx->obuf_len <= 0) { + ret = BIO_ctrl(b->next_bio, cmd, num, ptr); break; - } + } - for (;;) - { + for (;;) { BIO_clear_retry_flags(b); - if (ctx->obuf_len > 0) - { - r=BIO_write(b->next_bio, - ctx->obuf, ctx->obuf_len); -#if 0 -fprintf(stderr,"FLUSH %3d -> %3d\n",ctx->obuf_len,r); -#endif + if (ctx->obuf_len > 0) { + r = BIO_write(b->next_bio, + ctx->obuf, ctx->obuf_len); BIO_copy_next_retry(b); - if (r <= 0) return((long)r); + if (r <= 0) + return ((long)r); if (r < ctx->obuf_len) memmove(ctx->obuf, ctx->obuf + r, - ctx->obuf_len - r); - ctx->obuf_len-=r; - } - else - { - ctx->obuf_len=0; - ret=1; + ctx->obuf_len - r); + ctx->obuf_len -= r; + } else { + ctx->obuf_len = 0; + ret = 1; break; - } } - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + } + ret = BIO_ctrl(b->next_bio, cmd, num, ptr); break; case BIO_CTRL_DUP: - dbio=(BIO *)ptr; - if ( !BIO_set_write_buffer_size(dbio,ctx->obuf_size)) - ret=0; + dbio = (BIO *)ptr; + if (!BIO_set_write_buffer_size(dbio, ctx->obuf_size)) + ret = 0; break; default: - if (b->next_bio == NULL) return(0); - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + if (b->next_bio == NULL) + return (0); + ret = BIO_ctrl(b->next_bio, cmd, num, ptr); break; - } - return(ret); -malloc_error: - BIOerr(BIO_F_LINEBUFFER_CTRL,ERR_R_MALLOC_FAILURE); - return(0); } + return (ret); +malloc_error: + BIOerror(ERR_R_MALLOC_FAILURE); + return (0); +} -static long linebuffer_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) - { - long ret=1; +static long +linebuffer_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) +{ + long ret = 1; - if (b->next_bio == NULL) return(0); - switch (cmd) - { + if (b->next_bio == NULL) + return (0); + switch (cmd) { default: - ret=BIO_callback_ctrl(b->next_bio,cmd,fp); + ret = BIO_callback_ctrl(b->next_bio, cmd, fp); break; - } - return(ret); } + return (ret); +} -static int linebuffer_gets(BIO *b, char *buf, int size) - { - if (b->next_bio == NULL) return(0); - return(BIO_gets(b->next_bio,buf,size)); - } - -static int linebuffer_puts(BIO *b, const char *str) - { - return(linebuffer_write(b,str,strlen(str))); - } +static int +linebuffer_gets(BIO *b, char *buf, int size) +{ + if (b->next_bio == NULL) + return (0); + return (BIO_gets(b->next_bio, buf, size)); +} +static int +linebuffer_puts(BIO *b, const char *str) +{ + return (linebuffer_write(b, str, strlen(str))); +} diff --git a/src/lib/libcrypto/bio/bf_nbio.c b/src/lib/libcrypto/bio/bf_nbio.c index 1ce2bfacc06..05fa9161fbb 100644 --- a/src/lib/libcrypto/bio/bf_nbio.c +++ b/src/lib/libcrypto/bio/bf_nbio.c @@ -1,25 +1,25 @@ -/* crypto/bio/bf_nbio.c */ +/* $OpenBSD: bf_nbio.c,v 1.20 2018/05/01 13:29:09 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,207 +49,204 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ -#include #include -#include "cryptlib.h" -#include +#include +#include + #include /* BIO_put and BIO_get both add to the digest, * BIO_gets returns the digest */ -static int nbiof_write(BIO *h,const char *buf,int num); -static int nbiof_read(BIO *h,char *buf,int size); -static int nbiof_puts(BIO *h,const char *str); -static int nbiof_gets(BIO *h,char *str,int size); -static long nbiof_ctrl(BIO *h,int cmd,long arg1,void *arg2); +static int nbiof_write(BIO *h, const char *buf, int num); +static int nbiof_read(BIO *h, char *buf, int size); +static int nbiof_puts(BIO *h, const char *str); +static int nbiof_gets(BIO *h, char *str, int size); +static long nbiof_ctrl(BIO *h, int cmd, long arg1, void *arg2); static int nbiof_new(BIO *h); static int nbiof_free(BIO *data); -static long nbiof_callback_ctrl(BIO *h,int cmd,bio_info_cb *fp); -typedef struct nbio_test_st - { +static long nbiof_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); + +typedef struct nbio_test_st { /* only set if we sent a 'should retry' error */ int lrn; int lwn; - } NBIO_TEST; - -static BIO_METHOD methods_nbiof= - { - BIO_TYPE_NBIO_TEST, - "non-blocking IO test filter", - nbiof_write, - nbiof_read, - nbiof_puts, - nbiof_gets, - nbiof_ctrl, - nbiof_new, - nbiof_free, - nbiof_callback_ctrl, - }; - -BIO_METHOD *BIO_f_nbio_test(void) - { - return(&methods_nbiof); - } - -static int nbiof_new(BIO *bi) - { +} NBIO_TEST; + +static const BIO_METHOD methods_nbiof = { + .type = BIO_TYPE_NBIO_TEST, + .name = "non-blocking IO test filter", + .bwrite = nbiof_write, + .bread = nbiof_read, + .bputs = nbiof_puts, + .bgets = nbiof_gets, + .ctrl = nbiof_ctrl, + .create = nbiof_new, + .destroy = nbiof_free, + .callback_ctrl = nbiof_callback_ctrl +}; + +const BIO_METHOD * +BIO_f_nbio_test(void) +{ + return (&methods_nbiof); +} + +static int +nbiof_new(BIO *bi) +{ NBIO_TEST *nt; - if (!(nt=(NBIO_TEST *)OPENSSL_malloc(sizeof(NBIO_TEST)))) return(0); - nt->lrn= -1; - nt->lwn= -1; - bi->ptr=(char *)nt; - bi->init=1; - bi->flags=0; - return(1); - } - -static int nbiof_free(BIO *a) - { - if (a == NULL) return(0); - if (a->ptr != NULL) - OPENSSL_free(a->ptr); - a->ptr=NULL; - a->init=0; - a->flags=0; - return(1); - } - -static int nbiof_read(BIO *b, char *out, int outl) - { - NBIO_TEST *nt; - int ret=0; -#if 0 + if (!(nt = malloc(sizeof(NBIO_TEST)))) + return (0); + nt->lrn = -1; + nt->lwn = -1; + bi->ptr = (char *)nt; + bi->init = 1; + bi->flags = 0; + return (1); +} + +static int +nbiof_free(BIO *a) +{ + if (a == NULL) + return (0); + free(a->ptr); + a->ptr = NULL; + a->init = 0; + a->flags = 0; + return (1); +} + +static int +nbiof_read(BIO *b, char *out, int outl) +{ + int ret = 0; int num; unsigned char n; -#endif - if (out == NULL) return(0); - if (b->next_bio == NULL) return(0); - nt=(NBIO_TEST *)b->ptr; + if (out == NULL) + return (0); + if (b->next_bio == NULL) + return (0); BIO_clear_retry_flags(b); -#if 0 - RAND_pseudo_bytes(&n,1); - num=(n&0x07); - if (outl > num) outl=num; + arc4random_buf(&n, 1); + num = (n & 0x07); + + if (outl > num) + outl = num; - if (num == 0) - { - ret= -1; + if (num == 0) { + ret = -1; BIO_set_retry_read(b); - } - else -#endif - { - ret=BIO_read(b->next_bio,out,outl); + } else { + ret = BIO_read(b->next_bio, out, outl); if (ret < 0) BIO_copy_next_retry(b); - } - return(ret); } + return (ret); +} -static int nbiof_write(BIO *b, const char *in, int inl) - { +static int +nbiof_write(BIO *b, const char *in, int inl) +{ NBIO_TEST *nt; - int ret=0; + int ret = 0; int num; unsigned char n; - if ((in == NULL) || (inl <= 0)) return(0); - if (b->next_bio == NULL) return(0); - nt=(NBIO_TEST *)b->ptr; + if ((in == NULL) || (inl <= 0)) + return (0); + if (b->next_bio == NULL) + return (0); + nt = (NBIO_TEST *)b->ptr; BIO_clear_retry_flags(b); -#if 1 - if (nt->lwn > 0) - { - num=nt->lwn; - nt->lwn=0; - } - else - { - RAND_pseudo_bytes(&n,1); - num=(n&7); - } + if (nt->lwn > 0) { + num = nt->lwn; + nt->lwn = 0; + } else { + arc4random_buf(&n, 1); + num = (n&7); + } - if (inl > num) inl=num; + if (inl > num) + inl = num; - if (num == 0) - { - ret= -1; + if (num == 0) { + ret = -1; BIO_set_retry_write(b); - } - else -#endif - { - ret=BIO_write(b->next_bio,in,inl); - if (ret < 0) - { + } else { + ret = BIO_write(b->next_bio, in, inl); + if (ret < 0) { BIO_copy_next_retry(b); - nt->lwn=inl; - } + nt->lwn = inl; } - return(ret); } + return (ret); +} -static long nbiof_ctrl(BIO *b, int cmd, long num, void *ptr) - { +static long +nbiof_ctrl(BIO *b, int cmd, long num, void *ptr) +{ long ret; - if (b->next_bio == NULL) return(0); - switch (cmd) - { - case BIO_C_DO_STATE_MACHINE: + if (b->next_bio == NULL) + return (0); + switch (cmd) { + case BIO_C_DO_STATE_MACHINE: BIO_clear_retry_flags(b); - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + ret = BIO_ctrl(b->next_bio, cmd, num, ptr); BIO_copy_next_retry(b); break; case BIO_CTRL_DUP: - ret=0L; + ret = 0L; break; default: - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + ret = BIO_ctrl(b->next_bio, cmd, num, ptr); break; - } - return(ret); } + return (ret); +} -static long nbiof_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) - { - long ret=1; +static long +nbiof_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) +{ + long ret = 1; - if (b->next_bio == NULL) return(0); - switch (cmd) - { + if (b->next_bio == NULL) + return (0); + switch (cmd) { default: - ret=BIO_callback_ctrl(b->next_bio,cmd,fp); + ret = BIO_callback_ctrl(b->next_bio, cmd, fp); break; - } - return(ret); - } - -static int nbiof_gets(BIO *bp, char *buf, int size) - { - if (bp->next_bio == NULL) return(0); - return(BIO_gets(bp->next_bio,buf,size)); - } - - -static int nbiof_puts(BIO *bp, const char *str) - { - if (bp->next_bio == NULL) return(0); - return(BIO_puts(bp->next_bio,str)); } - - + return (ret); +} + +static int +nbiof_gets(BIO *bp, char *buf, int size) +{ + if (bp->next_bio == NULL) + return (0); + return (BIO_gets(bp->next_bio, buf, size)); +} + +static int +nbiof_puts(BIO *bp, const char *str) +{ + if (bp->next_bio == NULL) + return (0); + return (BIO_puts(bp->next_bio, str)); +} diff --git a/src/lib/libcrypto/bio/bf_null.c b/src/lib/libcrypto/bio/bf_null.c index c1bf39a904f..25abb8a5744 100644 --- a/src/lib/libcrypto/bio/bf_null.c +++ b/src/lib/libcrypto/bio/bf_null.c @@ -1,25 +1,25 @@ -/* crypto/bio/bf_null.c */ +/* $OpenBSD: bf_null.c,v 1.12 2018/05/01 13:29:09 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,16 +49,16 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ -#include #include -#include "cryptlib.h" +#include + #include /* BIO_put and BIO_get both add to the digest, @@ -72,112 +72,125 @@ static long nullf_ctrl(BIO *h, int cmd, long arg1, void *arg2); static int nullf_new(BIO *h); static int nullf_free(BIO *data); static long nullf_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); -static BIO_METHOD methods_nullf= - { - BIO_TYPE_NULL_FILTER, - "NULL filter", - nullf_write, - nullf_read, - nullf_puts, - nullf_gets, - nullf_ctrl, - nullf_new, - nullf_free, - nullf_callback_ctrl, - }; - -BIO_METHOD *BIO_f_null(void) - { - return(&methods_nullf); - } -static int nullf_new(BIO *bi) - { - bi->init=1; - bi->ptr=NULL; - bi->flags=0; - return(1); - } - -static int nullf_free(BIO *a) - { - if (a == NULL) return(0); +static const BIO_METHOD methods_nullf = { + .type = BIO_TYPE_NULL_FILTER, + .name = "NULL filter", + .bwrite = nullf_write, + .bread = nullf_read, + .bputs = nullf_puts, + .bgets = nullf_gets, + .ctrl = nullf_ctrl, + .create = nullf_new, + .destroy = nullf_free, + .callback_ctrl = nullf_callback_ctrl +}; + +const BIO_METHOD * +BIO_f_null(void) +{ + return (&methods_nullf); +} + +static int +nullf_new(BIO *bi) +{ + bi->init = 1; + bi->ptr = NULL; + bi->flags = 0; + return (1); +} + +static int +nullf_free(BIO *a) +{ + if (a == NULL) + return (0); /* a->ptr=NULL; a->init=0; a->flags=0;*/ - return(1); - } - -static int nullf_read(BIO *b, char *out, int outl) - { - int ret=0; - - if (out == NULL) return(0); - if (b->next_bio == NULL) return(0); - ret=BIO_read(b->next_bio,out,outl); + return (1); +} + +static int +nullf_read(BIO *b, char *out, int outl) +{ + int ret = 0; + + if (out == NULL) + return (0); + if (b->next_bio == NULL) + return (0); + ret = BIO_read(b->next_bio, out, outl); BIO_clear_retry_flags(b); BIO_copy_next_retry(b); - return(ret); - } - -static int nullf_write(BIO *b, const char *in, int inl) - { - int ret=0; - - if ((in == NULL) || (inl <= 0)) return(0); - if (b->next_bio == NULL) return(0); - ret=BIO_write(b->next_bio,in,inl); + return (ret); +} + +static int +nullf_write(BIO *b, const char *in, int inl) +{ + int ret = 0; + + if ((in == NULL) || (inl <= 0)) + return (0); + if (b->next_bio == NULL) + return (0); + ret = BIO_write(b->next_bio, in, inl); BIO_clear_retry_flags(b); BIO_copy_next_retry(b); - return(ret); - } + return (ret); +} -static long nullf_ctrl(BIO *b, int cmd, long num, void *ptr) - { +static long +nullf_ctrl(BIO *b, int cmd, long num, void *ptr) +{ long ret; - if (b->next_bio == NULL) return(0); - switch(cmd) - { - case BIO_C_DO_STATE_MACHINE: + if (b->next_bio == NULL) + return (0); + switch (cmd) { + case BIO_C_DO_STATE_MACHINE: BIO_clear_retry_flags(b); - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + ret = BIO_ctrl(b->next_bio, cmd, num, ptr); BIO_copy_next_retry(b); break; case BIO_CTRL_DUP: - ret=0L; + ret = 0L; break; default: - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); - } - return(ret); + ret = BIO_ctrl(b->next_bio, cmd, num, ptr); } + return (ret); +} -static long nullf_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) - { - long ret=1; +static long +nullf_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) +{ + long ret = 1; - if (b->next_bio == NULL) return(0); - switch (cmd) - { + if (b->next_bio == NULL) + return (0); + switch (cmd) { default: - ret=BIO_callback_ctrl(b->next_bio,cmd,fp); + ret = BIO_callback_ctrl(b->next_bio, cmd, fp); break; - } - return(ret); - } - -static int nullf_gets(BIO *bp, char *buf, int size) - { - if (bp->next_bio == NULL) return(0); - return(BIO_gets(bp->next_bio,buf,size)); } - - -static int nullf_puts(BIO *bp, const char *str) - { - if (bp->next_bio == NULL) return(0); - return(BIO_puts(bp->next_bio,str)); - } - - + return (ret); +} + +static int +nullf_gets(BIO *bp, char *buf, int size) +{ + if (bp->next_bio == NULL) + return (0); + return (BIO_gets(bp->next_bio, buf, size)); +} + +static int +nullf_puts(BIO *bp, const char *str) +{ + if (bp->next_bio == NULL) + return (0); + return (BIO_puts(bp->next_bio, str)); +} diff --git a/src/lib/libcrypto/bio/bio.h b/src/lib/libcrypto/bio/bio.h index b122c7069d0..82463c6bebd 100644 --- a/src/lib/libcrypto/bio/bio.h +++ b/src/lib/libcrypto/bio/bio.h @@ -1,4 +1,4 @@ -/* crypto/bio/bio.h */ +/* $OpenBSD: bio.h,v 1.45 2018/06/02 04:41:12 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -58,14 +58,16 @@ #ifndef HEADER_BIO_H #define HEADER_BIO_H +#if !defined(HAVE_ATTRIBUTE__BOUNDED__) && !defined(__OpenBSD__) +#define __bounded__(x, y, z) +#endif +#include -#ifndef OPENSSL_NO_FP_API # include -#endif #include #include -#include + #ifdef __cplusplus extern "C" { @@ -93,11 +95,20 @@ extern "C" { #define BIO_TYPE_BER (18|0x0200) /* BER -> bin filter */ #define BIO_TYPE_BIO (19|0x0400) /* (half a) BIO pair */ #define BIO_TYPE_LINEBUFFER (20|0x0200) /* filter */ +#define BIO_TYPE_DGRAM (21|0x0400|0x0100) +#define BIO_TYPE_ASN1 (22|0x0200) /* filter */ +#define BIO_TYPE_COMP (23|0x0200) /* filter */ #define BIO_TYPE_DESCRIPTOR 0x0100 /* socket, fd, connect or accept */ #define BIO_TYPE_FILTER 0x0200 #define BIO_TYPE_SOURCE_SINK 0x0400 +/* + * BIO_TYPE_START is the first user-allocated BIO type. No pre-defined type, + * flag bits aside, may exceed this value. + */ +#define BIO_TYPE_START 128 + /* BIO_FILENAME_READ|BIO_CLOSE to open or close on free. * BIO_set_fp(in,stdin,BIO_NOCLOSE); */ #define BIO_NOCLOSE 0x00 @@ -124,6 +135,43 @@ extern "C" { #define BIO_CTRL_SET_FILENAME 30 /* BIO_s_file special */ +/* dgram BIO stuff */ +#define BIO_CTRL_DGRAM_CONNECT 31 /* BIO dgram special */ +#define BIO_CTRL_DGRAM_SET_CONNECTED 32 /* allow for an externally + * connected socket to be + * passed in */ +#define BIO_CTRL_DGRAM_SET_RECV_TIMEOUT 33 /* setsockopt, essentially */ +#define BIO_CTRL_DGRAM_GET_RECV_TIMEOUT 34 /* getsockopt, essentially */ +#define BIO_CTRL_DGRAM_SET_SEND_TIMEOUT 35 /* setsockopt, essentially */ +#define BIO_CTRL_DGRAM_GET_SEND_TIMEOUT 36 /* getsockopt, essentially */ + +#define BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP 37 /* flag whether the last */ +#define BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP 38 /* I/O operation tiemd out */ + +/* #ifdef IP_MTU_DISCOVER */ +#define BIO_CTRL_DGRAM_MTU_DISCOVER 39 /* set DF bit on egress packets */ +/* #endif */ + +#define BIO_CTRL_DGRAM_QUERY_MTU 40 /* as kernel for current MTU */ +#define BIO_CTRL_DGRAM_GET_FALLBACK_MTU 47 +#define BIO_CTRL_DGRAM_GET_MTU 41 /* get cached value for MTU */ +#define BIO_CTRL_DGRAM_SET_MTU 42 /* set cached value for + * MTU. want to use this + * if asking the kernel + * fails */ + +#define BIO_CTRL_DGRAM_MTU_EXCEEDED 43 /* check whether the MTU + * was exceed in the + * previous write + * operation */ + +#define BIO_CTRL_DGRAM_GET_PEER 46 +#define BIO_CTRL_DGRAM_SET_PEER 44 /* Destination for the data */ + +#define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT 45 /* Next DTLS handshake timeout to + * adjust socket timeouts */ + + /* modifiers */ #define BIO_FP_READ 0x02 #define BIO_FP_WRITE 0x04 @@ -157,28 +205,32 @@ extern "C" { */ #define BIO_FLAGS_MEM_RDONLY 0x200 -#define BIO_set_flags(b,f) ((b)->flags|=(f)) -#define BIO_get_flags(b) ((b)->flags) +typedef struct bio_st BIO; + +void BIO_set_flags(BIO *b, int flags); +int BIO_test_flags(const BIO *b, int flags); +void BIO_clear_flags(BIO *b, int flags); + +#define BIO_get_flags(b) BIO_test_flags(b, ~(0x0)) #define BIO_set_retry_special(b) \ - ((b)->flags|=(BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY)) + BIO_set_flags(b, (BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY)) #define BIO_set_retry_read(b) \ - ((b)->flags|=(BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY)) + BIO_set_flags(b, (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY)) #define BIO_set_retry_write(b) \ - ((b)->flags|=(BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY)) + BIO_set_flags(b, (BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY)) /* These are normally used internally in BIOs */ -#define BIO_clear_flags(b,f) ((b)->flags&= ~(f)) #define BIO_clear_retry_flags(b) \ - ((b)->flags&= ~(BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY)) + BIO_clear_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY)) #define BIO_get_retry_flags(b) \ - ((b)->flags&(BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY)) + BIO_test_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY)) /* These should be used by the application to tell why we should retry */ -#define BIO_should_read(a) ((a)->flags & BIO_FLAGS_READ) -#define BIO_should_write(a) ((a)->flags & BIO_FLAGS_WRITE) -#define BIO_should_io_special(a) ((a)->flags & BIO_FLAGS_IO_SPECIAL) -#define BIO_retry_type(a) ((a)->flags & BIO_FLAGS_RWS) -#define BIO_should_retry(a) ((a)->flags & BIO_FLAGS_SHOULD_RETRY) +#define BIO_should_read(a) BIO_test_flags(a, BIO_FLAGS_READ) +#define BIO_should_write(a) BIO_test_flags(a, BIO_FLAGS_WRITE) +#define BIO_should_io_special(a) BIO_test_flags(a, BIO_FLAGS_IO_SPECIAL) +#define BIO_retry_type(a) BIO_test_flags(a, BIO_FLAGS_RWS) +#define BIO_should_retry(a) BIO_test_flags(a, BIO_FLAGS_SHOULD_RETRY) /* The next three are used in conjunction with the * BIO_should_io_special() condition. After this returns true, @@ -207,20 +259,20 @@ extern "C" { #define BIO_cb_pre(a) (!((a)&BIO_CB_RETURN)) #define BIO_cb_post(a) ((a)&BIO_CB_RETURN) -#define BIO_set_callback(b,cb) ((b)->callback=(cb)) -#define BIO_set_callback_arg(b,arg) ((b)->cb_arg=(char *)(arg)) -#define BIO_get_callback_arg(b) ((b)->cb_arg) -#define BIO_get_callback(b) ((b)->callback) -#define BIO_method_name(b) ((b)->method->name) -#define BIO_method_type(b) ((b)->method->type) +long (*BIO_get_callback(const BIO *b))(struct bio_st *, int, const char *, + int, long, long); +void BIO_set_callback(BIO *b, + long (*callback)(struct bio_st *, int, const char *, int, long, long)); +char *BIO_get_callback_arg(const BIO *b); +void BIO_set_callback_arg(BIO *b, char *arg); -typedef struct bio_st BIO; +const char * BIO_method_name(const BIO *b); +int BIO_method_type(const BIO *b); typedef void bio_info_cb(struct bio_st *, int, const char *, int, long, long); +typedef int BIO_info_cb(BIO *, int, int); -#ifndef OPENSSL_SYS_WIN16 -typedef struct bio_method_st - { +typedef struct bio_method_st { int type; const char *name; int (*bwrite)(BIO *, const char *, int); @@ -230,29 +282,13 @@ typedef struct bio_method_st long (*ctrl)(BIO *, int, long, void *); int (*create)(BIO *); int (*destroy)(BIO *); - long (*callback_ctrl)(BIO *, int, bio_info_cb *); - } BIO_METHOD; -#else -typedef struct bio_method_st - { - int type; - const char *name; - int (_far *bwrite)(); - int (_far *bread)(); - int (_far *bputs)(); - int (_far *bgets)(); - long (_far *ctrl)(); - int (_far *create)(); - int (_far *destroy)(); - long (_fat *callback_ctrl)(); - } BIO_METHOD; -#endif + long (*callback_ctrl)(BIO *, int, bio_info_cb *); +} BIO_METHOD; -struct bio_st - { - BIO_METHOD *method; +struct bio_st { + const BIO_METHOD *method; /* bio, mode, argp, argi, argl, ret */ - long (*callback)(struct bio_st *,int,const char *,int, long,long); + long (*callback)(struct bio_st *, int, const char *, int, long, long); char *cb_arg; /* first argument for the callback */ int init; @@ -268,24 +304,57 @@ struct bio_st unsigned long num_write; CRYPTO_EX_DATA ex_data; - }; +}; DECLARE_STACK_OF(BIO) -typedef struct bio_f_buffer_ctx_struct - { +typedef struct bio_f_buffer_ctx_struct { + /* Buffers are setup like this: + * + * <---------------------- size -----------------------> + * +---------------------------------------------------+ + * | consumed | remaining | free space | + * +---------------------------------------------------+ + * <-- off --><------- len -------> + */ + /* BIO *bio; */ /* this is now in the BIO struct */ int ibuf_size; /* how big is the input buffer */ int obuf_size; /* how big is the output buffer */ - char *ibuf; /* the char array */ - int ibuf_len; /* how many bytes are in it */ - int ibuf_off; /* write/read offset */ - - char *obuf; /* the char array */ - int obuf_len; /* how many bytes are in it */ - int obuf_off; /* write/read offset */ - } BIO_F_BUFFER_CTX; + char *ibuf; /* the char array */ + int ibuf_len; /* how many bytes are in it */ + int ibuf_off; /* write/read offset */ + + char *obuf; /* the char array */ + int obuf_len; /* how many bytes are in it */ + int obuf_off; /* write/read offset */ +} BIO_F_BUFFER_CTX; + +/* Prefix and suffix callback in ASN1 BIO */ +typedef int asn1_ps_func(BIO *b, unsigned char **pbuf, int *plen, void *parg); + +/* BIO_METHOD accessors */ +BIO_METHOD *BIO_meth_new(int type, const char *name); +void BIO_meth_free(BIO_METHOD *biom); +int (*BIO_meth_get_write(const BIO_METHOD *biom))(BIO *, const char *, int); +int BIO_meth_set_write(BIO_METHOD *biom, + int (*write)(BIO *, const char *, int)); +int (*BIO_meth_get_read(const BIO_METHOD *biom))(BIO *, char *, int); +int BIO_meth_set_read(BIO_METHOD *biom, int (*read)(BIO *, char *, int)); +int (*BIO_meth_get_puts(const BIO_METHOD *biom))(BIO *, const char *); +int BIO_meth_set_puts(BIO_METHOD *biom, int (*puts)(BIO *, const char *)); +int (*BIO_meth_get_gets(const BIO_METHOD *biom))(BIO *, char *, int); +int BIO_meth_set_gets(BIO_METHOD *biom, int (*gets)(BIO *, char *, int)); +long (*BIO_meth_get_ctrl(const BIO_METHOD *biom))(BIO *, int, long, void *); +int BIO_meth_set_ctrl(BIO_METHOD *biom, long (*ctrl)(BIO *, int, long, void *)); +int (*BIO_meth_get_create(const BIO_METHOD *biom))(BIO *); +int BIO_meth_set_create(BIO_METHOD *biom, int (*create)(BIO *)); +int (*BIO_meth_get_destroy(const BIO_METHOD *biom))(BIO *); +int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy)(BIO *)); +long (*BIO_meth_get_callback_ctrl(const BIO_METHOD *biom))(BIO *, int, BIO_info_cb *); +int BIO_meth_set_callback_ctrl(BIO_METHOD *biom, + long (*callback_ctrl)(BIO *, int, BIO_info_cb *)); /* connect BIO stuff */ #define BIO_CONN_S_BEFORE 1 @@ -347,7 +416,15 @@ typedef struct bio_f_buffer_ctx_struct #define BIO_C_NWRITE0 145 #define BIO_C_NWRITE 146 #define BIO_C_RESET_READ_REQUEST 147 +#define BIO_C_SET_MD_CTX 148 + +#define BIO_C_SET_PREFIX 149 +#define BIO_C_GET_PREFIX 150 +#define BIO_C_SET_SUFFIX 151 +#define BIO_C_GET_SUFFIX 152 +#define BIO_C_SET_EX_ARG 153 +#define BIO_C_GET_EX_ARG 154 #define BIO_set_app_data(s,arg) BIO_set_ex_data(s,0,arg) #define BIO_get_app_data(s) BIO_get_ex_data(s,0) @@ -360,7 +437,7 @@ typedef struct bio_f_buffer_ctx_struct #define BIO_get_conn_hostname(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0) #define BIO_get_conn_port(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1) #define BIO_get_conn_ip(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2) -#define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3) +#define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3,0) #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) @@ -369,7 +446,7 @@ typedef struct bio_f_buffer_ctx_struct #define BIO_set_accept_port(b,name) BIO_ctrl(b,BIO_C_SET_ACCEPT,0,(char *)name) #define BIO_get_accept_port(b) BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0) /* #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */ -#define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(n)?"a":NULL) +#define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(n)?(void *)"a":NULL) #define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(char *)bio) #define BIO_BIND_NORMAL 0 @@ -408,15 +485,8 @@ typedef struct bio_f_buffer_ctx_struct /* name is cast to lose const, but might be better to route through a function so we can do it safely */ -#ifdef CONST_STRICT -/* If you are wondering why this isn't defined, its because CONST_STRICT is - * purely a compile-time kludge to allow const to be checked. - */ -int BIO_read_filename(BIO *b,const char *name); -#else #define BIO_read_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \ BIO_CLOSE|BIO_FP_READ,(char *)name) -#endif #define BIO_write_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \ BIO_CLOSE|BIO_FP_WRITE,name) #define BIO_append_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \ @@ -432,11 +502,11 @@ int BIO_read_filename(BIO *b,const char *name); #define BIO_get_ssl(b,sslp) BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp) #define BIO_set_ssl_mode(b,client) BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL) #define BIO_set_ssl_renegotiate_bytes(b,num) \ - BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL); + BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL) #define BIO_get_num_renegotiates(b) \ - BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL); + BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL) #define BIO_set_ssl_renegotiate_timeout(b,seconds) \ - BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL); + BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL) /* defined in evp.h */ /* #define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,1,(char *)md) */ @@ -487,49 +557,77 @@ size_t BIO_ctrl_get_write_guarantee(BIO *b); size_t BIO_ctrl_get_read_request(BIO *b); int BIO_ctrl_reset_read_request(BIO *b); +/* ctrl macros for dgram */ +#define BIO_ctrl_dgram_connect(b,peer) \ + (int)BIO_ctrl(b,BIO_CTRL_DGRAM_CONNECT,0, (char *)peer) +#define BIO_ctrl_set_connected(b, state, peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_CONNECTED, state, (char *)peer) +#define BIO_dgram_recv_timedout(b) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP, 0, NULL) +#define BIO_dgram_send_timedout(b) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP, 0, NULL) +#define BIO_dgram_get_peer(b,peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)peer) +#define BIO_dgram_set_peer(b,peer) \ + (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)peer) + /* These two aren't currently implemented */ /* int BIO_get_ex_num(BIO *bio); */ /* void BIO_set_ex_free_func(BIO *bio,int idx,void (*cb)()); */ -int BIO_set_ex_data(BIO *bio,int idx,void *data); -void *BIO_get_ex_data(BIO *bio,int idx); -int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +int BIO_set_ex_data(BIO *bio, int idx, void *data); +void *BIO_get_ex_data(BIO *bio, int idx); +int +BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, +CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); unsigned long BIO_number_read(BIO *bio); unsigned long BIO_number_written(BIO *bio); -# ifndef OPENSSL_NO_FP_API -# if defined(OPENSSL_SYS_WIN16) && defined(_WINDLL) -BIO_METHOD *BIO_s_file_internal(void); -BIO *BIO_new_file_internal(char *filename, char *mode); -BIO *BIO_new_fp_internal(FILE *stream, int close_flag); -# define BIO_s_file BIO_s_file_internal -# define BIO_new_file BIO_new_file_internal -# define BIO_new_fp BIO_new_fp_internal -# else /* FP_API */ -BIO_METHOD *BIO_s_file(void ); +/* For BIO_f_asn1() */ +int +BIO_asn1_set_prefix(BIO *b, asn1_ps_func *prefix, +asn1_ps_func *prefix_free); +int +BIO_asn1_get_prefix(BIO *b, asn1_ps_func **pprefix, +asn1_ps_func **pprefix_free); +int +BIO_asn1_set_suffix(BIO *b, asn1_ps_func *suffix, +asn1_ps_func *suffix_free); +int +BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix, +asn1_ps_func **psuffix_free); + +int BIO_get_new_index(void); +const BIO_METHOD *BIO_s_file(void); BIO *BIO_new_file(const char *filename, const char *mode); BIO *BIO_new_fp(FILE *stream, int close_flag); -# define BIO_s_file_internal BIO_s_file -# define BIO_new_file_internal BIO_new_file -# define BIO_new_fp_internal BIO_s_file -# endif /* FP_API */ -# endif -BIO * BIO_new(BIO_METHOD *type); -int BIO_set(BIO *a,BIO_METHOD *type); +# define BIO_s_file_internal BIO_s_file +BIO *BIO_new(const BIO_METHOD *type); +int BIO_set(BIO *a, const BIO_METHOD *type); int BIO_free(BIO *a); +int BIO_up_ref(BIO *bio); +void *BIO_get_data(BIO *a); +void BIO_set_data(BIO *a, void *ptr); +void BIO_set_init(BIO *a, int init); +int BIO_get_shutdown(BIO *a); +void BIO_set_shutdown(BIO *a, int shut); void BIO_vfree(BIO *a); -int BIO_read(BIO *b, void *data, int len); -int BIO_gets(BIO *bp,char *buf, int size); -int BIO_write(BIO *b, const void *data, int len); -int BIO_puts(BIO *bp,const char *buf); -long BIO_ctrl(BIO *bp,int cmd,long larg,void *parg); -long BIO_callback_ctrl(BIO *b, int cmd, void (*fp)(struct bio_st *, int, const char *, int, long, long)); -char * BIO_ptr_ctrl(BIO *bp,int cmd,long larg); -long BIO_int_ctrl(BIO *bp,int cmd,long larg,int iarg); -BIO * BIO_push(BIO *b,BIO *append); +int BIO_read(BIO *b, void *data, int len) + __attribute__((__bounded__(__buffer__,2,3))); +int BIO_gets(BIO *bp, char *buf, int size) + __attribute__((__bounded__ (__string__,2,3))); +int BIO_write(BIO *b, const void *data, int len) + __attribute__((__bounded__(__buffer__,2,3))); +int BIO_puts(BIO *bp, const char *buf); +int BIO_indent(BIO *b, int indent, int max); +long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg); +long BIO_callback_ctrl(BIO *b, int cmd, + void (*fp)(struct bio_st *, int, const char *, int, long, long)); +char * BIO_ptr_ctrl(BIO *bp, int cmd, long larg); +long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg); +BIO * BIO_push(BIO *b, BIO *append); BIO * BIO_pop(BIO *b); void BIO_free_all(BIO *a); -BIO * BIO_find_type(BIO *b,int bio_type); +BIO * BIO_find_type(BIO *b, int bio_type); BIO * BIO_next(BIO *b); BIO * BIO_get_retry_BIO(BIO *bio, int *reason); int BIO_get_retry_reason(BIO *bio); @@ -540,38 +638,43 @@ int BIO_nread(BIO *bio, char **buf, int num); int BIO_nwrite0(BIO *bio, char **buf); int BIO_nwrite(BIO *bio, char **buf, int num); -#ifndef OPENSSL_SYS_WIN16 -long BIO_debug_callback(BIO *bio,int cmd,const char *argp,int argi, - long argl,long ret); -#else -long _far _loadds BIO_debug_callback(BIO *bio,int cmd,const char *argp,int argi, - long argl,long ret); +long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi, + long argl, long ret); + +const BIO_METHOD *BIO_s_mem(void); +BIO *BIO_new_mem_buf(const void *buf, int len); +const BIO_METHOD *BIO_s_socket(void); +const BIO_METHOD *BIO_s_connect(void); +const BIO_METHOD *BIO_s_accept(void); +const BIO_METHOD *BIO_s_fd(void); +const BIO_METHOD *BIO_s_log(void); +const BIO_METHOD *BIO_s_bio(void); +const BIO_METHOD *BIO_s_null(void); +const BIO_METHOD *BIO_f_null(void); +const BIO_METHOD *BIO_f_buffer(void); +const BIO_METHOD *BIO_f_nbio_test(void); +#ifndef OPENSSL_NO_DGRAM +const BIO_METHOD *BIO_s_datagram(void); #endif -BIO_METHOD *BIO_s_mem(void); -BIO *BIO_new_mem_buf(void *buf, int len); -BIO_METHOD *BIO_s_socket(void); -BIO_METHOD *BIO_s_connect(void); -BIO_METHOD *BIO_s_accept(void); -BIO_METHOD *BIO_s_fd(void); -BIO_METHOD *BIO_s_log(void); -BIO_METHOD *BIO_s_bio(void); -BIO_METHOD *BIO_s_null(void); -BIO_METHOD *BIO_f_null(void); -BIO_METHOD *BIO_f_buffer(void); -#ifdef OPENSSL_SYS_VMS -BIO_METHOD *BIO_f_linebuffer(void); -#endif -BIO_METHOD *BIO_f_nbio_test(void); /* BIO_METHOD *BIO_f_ber(void); */ int BIO_sock_should_retry(int i); -int BIO_sock_non_fatal_error(int error); -int BIO_fd_should_retry(int i); -int BIO_fd_non_fatal_error(int error); -int BIO_dump(BIO *b,const char *bytes,int len); -int BIO_dump_indent(BIO *b,const char *bytes,int len,int indent); +int BIO_sock_non_fatal_error(int _error); +int BIO_dgram_non_fatal_error(int _error); +int BIO_fd_should_retry(int i); +int BIO_fd_non_fatal_error(int _error); +int +BIO_dump_cb(int (*cb)(const void *data, size_t len, void *u), +void *u, const char *s, int len); +int +BIO_dump_indent_cb(int (*cb)(const void *data, size_t len, void *u), +void *u, const char *s, int len, int indent); +int BIO_dump(BIO *b, const char *bytes, int len); +int BIO_dump_indent(BIO *b, const char *bytes, int len, int indent); +int BIO_dump_fp(FILE *fp, const char *s, int len); +int BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent); struct hostent *BIO_gethostbyname(const char *name); /* We might want a thread-safe interface too: * struct hostent *BIO_gethostbyname_r(const char *name, @@ -582,23 +685,25 @@ struct hostent *BIO_gethostbyname(const char *name); * and an appropriate error code is set). */ int BIO_sock_error(int sock); -int BIO_socket_ioctl(int fd, long type, unsigned long *arg); -int BIO_socket_nbio(int fd,int mode); +int BIO_socket_ioctl(int fd, long type, void *arg); +int BIO_socket_nbio(int fd, int mode); int BIO_get_port(const char *str, unsigned short *port_ptr); int BIO_get_host_ip(const char *str, unsigned char *ip); -int BIO_get_accept_socket(char *host_port,int mode); -int BIO_accept(int sock,char **ip_port); +int BIO_get_accept_socket(char *host_port, int mode); +int BIO_accept(int sock, char **ip_port); int BIO_sock_init(void ); void BIO_sock_cleanup(void); -int BIO_set_tcp_ndelay(int sock,int turn_on); +int BIO_set_tcp_ndelay(int sock, int turn_on); BIO *BIO_new_socket(int sock, int close_flag); +BIO *BIO_new_dgram(int fd, int close_flag); BIO *BIO_new_fd(int fd, int close_flag); -BIO *BIO_new_connect(char *host_port); -BIO *BIO_new_accept(char *host_port); +BIO *BIO_new_connect(const char *host_port); +BIO *BIO_new_accept(const char *host_port); -int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, - BIO **bio2, size_t writebuf2); +int +BIO_new_bio_pair(BIO **bio1, size_t writebuf1, +BIO **bio2, size_t writebuf2); /* If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints. * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. * Size 0 uses default value. @@ -606,12 +711,22 @@ int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, void BIO_copy_next_retry(BIO *b); -long BIO_ghbn_ctrl(int cmd,int iarg,char *parg); - -int BIO_printf(BIO *bio, const char *format, ...); -int BIO_vprintf(BIO *bio, const char *format, va_list args); -int BIO_snprintf(char *buf, size_t n, const char *format, ...); -int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args); +/*long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);*/ + +int +BIO_printf(BIO *bio, const char *format, ...) + __attribute__((__format__(__printf__, 2, 3), __nonnull__(2))); +int +BIO_vprintf(BIO *bio, const char *format, va_list args) + __attribute__((__format__(__printf__, 2, 0), __nonnull__(2))); +int +BIO_snprintf(char *buf, size_t n, const char *format, ...) + __attribute__((__deprecated__, __format__(__printf__, 3, 4), + __nonnull__(3))); +int +BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) + __attribute__((__deprecated__, __format__(__printf__, 3, 0), + __nonnull__(3))); /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes @@ -625,6 +740,7 @@ void ERR_load_BIO_strings(void); #define BIO_F_ACPT_STATE 100 #define BIO_F_BIO_ACCEPT 101 #define BIO_F_BIO_BER_GET_HEADER 102 +#define BIO_F_BIO_CALLBACK_CTRL 131 #define BIO_F_BIO_CTRL 103 #define BIO_F_BIO_GETHOSTBYNAME 120 #define BIO_F_BIO_GETS 104 @@ -646,7 +762,9 @@ void ERR_load_BIO_strings(void); #define BIO_F_BUFFER_CTRL 114 #define BIO_F_CONN_CTRL 127 #define BIO_F_CONN_STATE 115 +#define BIO_F_DGRAM_SCTP_READ 132 #define BIO_F_FILE_CTRL 116 +#define BIO_F_FILE_READ 130 #define BIO_F_LINEBUFFER_CTRL 129 #define BIO_F_MEM_READ 128 #define BIO_F_MEM_WRITE 117 @@ -666,6 +784,7 @@ void ERR_load_BIO_strings(void); #define BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET 107 #define BIO_R_INVALID_ARGUMENT 125 #define BIO_R_INVALID_IP_ADDRESS 108 +#define BIO_R_INVALID_PORT_NUMBER 129 #define BIO_R_IN_USE 123 #define BIO_R_KEEPALIVE 109 #define BIO_R_NBIO_CONNECT_ERROR 110 diff --git a/src/lib/libcrypto/bio/bio_cb.c b/src/lib/libcrypto/bio/bio_cb.c index 0ffa4d21367..ab0e3a92cee 100644 --- a/src/lib/libcrypto/bio/bio_cb.c +++ b/src/lib/libcrypto/bio/bio_cb.c @@ -1,25 +1,25 @@ -/* crypto/bio/bio_cb.c */ +/* $OpenBSD: bio_cb.c,v 1.16 2014/12/08 03:54:19 bcook Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,77 +57,89 @@ */ #include -#include #include -#include "cryptlib.h" -#include +#include + #include +#include -long MS_CALLBACK BIO_debug_callback(BIO *bio, int cmd, const char *argp, - int argi, long argl, long ret) - { +long +BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi, long argl, + long ret) +{ BIO *b; - MS_STATIC char buf[256]; + char buf[256]; char *p; - long r=1; + long r = 1; + size_t p_maxlen; if (BIO_CB_RETURN & cmd) - r=ret; + r = ret; - sprintf(buf,"BIO[%08lX]:",(unsigned long)bio); - p= &(buf[14]); - switch (cmd) - { + snprintf(buf, sizeof buf, "BIO[%p]:", bio); + p = &(buf[14]); + p_maxlen = sizeof buf - 14; + switch (cmd) { case BIO_CB_FREE: - sprintf(p,"Free - %s\n",bio->method->name); + snprintf(p, p_maxlen, "Free - %s\n", bio->method->name); break; case BIO_CB_READ: if (bio->method->type & BIO_TYPE_DESCRIPTOR) - sprintf(p,"read(%d,%d) - %s fd=%d\n",bio->num,argi,bio->method->name,bio->num); + snprintf(p, p_maxlen, + "read(%d,%lu) - %s fd=%d\n", + bio->num, (unsigned long)argi, + bio->method->name, bio->num); else - sprintf(p,"read(%d,%d) - %s\n",bio->num,argi,bio->method->name); + snprintf(p, p_maxlen, "read(%d,%lu) - %s\n", + bio->num, (unsigned long)argi, bio->method->name); break; case BIO_CB_WRITE: if (bio->method->type & BIO_TYPE_DESCRIPTOR) - sprintf(p,"write(%d,%d) - %s fd=%d\n",bio->num,argi,bio->method->name,bio->num); + snprintf(p, p_maxlen, + "write(%d,%lu) - %s fd=%d\n", + bio->num, (unsigned long)argi, + bio->method->name, bio->num); else - sprintf(p,"write(%d,%d) - %s\n",bio->num,argi,bio->method->name); + snprintf(p, p_maxlen, "write(%d,%lu) - %s\n", + bio->num, (unsigned long)argi, bio->method->name); break; case BIO_CB_PUTS: - sprintf(p,"puts() - %s\n",bio->method->name); + snprintf(p, p_maxlen, + "puts() - %s\n", bio->method->name); break; case BIO_CB_GETS: - sprintf(p,"gets(%d) - %s\n",argi,bio->method->name); + snprintf(p, p_maxlen, "gets(%lu) - %s\n", + (unsigned long)argi, bio->method->name); break; case BIO_CB_CTRL: - sprintf(p,"ctrl(%d) - %s\n",argi,bio->method->name); + snprintf(p, p_maxlen, "ctrl(%lu) - %s\n", + (unsigned long)argi, bio->method->name); break; case BIO_CB_RETURN|BIO_CB_READ: - sprintf(p,"read return %ld\n",ret); + snprintf(p, p_maxlen, "read return %ld\n", ret); break; case BIO_CB_RETURN|BIO_CB_WRITE: - sprintf(p,"write return %ld\n",ret); + snprintf(p, p_maxlen, "write return %ld\n", ret); break; case BIO_CB_RETURN|BIO_CB_GETS: - sprintf(p,"gets return %ld\n",ret); + snprintf(p, p_maxlen, "gets return %ld\n", ret); break; case BIO_CB_RETURN|BIO_CB_PUTS: - sprintf(p,"puts return %ld\n",ret); + snprintf(p, p_maxlen, "puts return %ld\n", ret); break; case BIO_CB_RETURN|BIO_CB_CTRL: - sprintf(p,"ctrl return %ld\n",ret); + snprintf(p, p_maxlen, "ctrl return %ld\n", ret); break; default: - sprintf(p,"bio callback - unknown type (%d)\n",cmd); + snprintf(p, p_maxlen, + "bio callback - unknown type (%d)\n", cmd); break; - } + } - b=(BIO *)bio->cb_arg; + b = (BIO *)bio->cb_arg; if (b != NULL) - BIO_write(b,buf,strlen(buf)); -#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) + BIO_write(b, buf, strlen(buf)); else - fputs(buf,stderr); -#endif - return(r); - } + fputs(buf, stderr); + return (r); +} diff --git a/src/lib/libcrypto/bio/bio_err.c b/src/lib/libcrypto/bio/bio_err.c index 99ca3cd0da9..2920e321034 100644 --- a/src/lib/libcrypto/bio/bio_err.c +++ b/src/lib/libcrypto/bio/bio_err.c @@ -1,13 +1,13 @@ -/* crypto/bio/bio_err.c */ +/* $OpenBSD: bio_err.c,v 1.17 2017/01/29 17:49:22 beck Exp $ */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -59,93 +59,66 @@ */ #include + +#include + #include #include /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -static ERR_STRING_DATA BIO_str_functs[]= - { -{ERR_PACK(0,BIO_F_ACPT_STATE,0), "ACPT_STATE"}, -{ERR_PACK(0,BIO_F_BIO_ACCEPT,0), "BIO_accept"}, -{ERR_PACK(0,BIO_F_BIO_BER_GET_HEADER,0), "BIO_BER_GET_HEADER"}, -{ERR_PACK(0,BIO_F_BIO_CTRL,0), "BIO_ctrl"}, -{ERR_PACK(0,BIO_F_BIO_GETHOSTBYNAME,0), "BIO_gethostbyname"}, -{ERR_PACK(0,BIO_F_BIO_GETS,0), "BIO_gets"}, -{ERR_PACK(0,BIO_F_BIO_GET_ACCEPT_SOCKET,0), "BIO_get_accept_socket"}, -{ERR_PACK(0,BIO_F_BIO_GET_HOST_IP,0), "BIO_get_host_ip"}, -{ERR_PACK(0,BIO_F_BIO_GET_PORT,0), "BIO_get_port"}, -{ERR_PACK(0,BIO_F_BIO_MAKE_PAIR,0), "BIO_MAKE_PAIR"}, -{ERR_PACK(0,BIO_F_BIO_NEW,0), "BIO_new"}, -{ERR_PACK(0,BIO_F_BIO_NEW_FILE,0), "BIO_new_file"}, -{ERR_PACK(0,BIO_F_BIO_NEW_MEM_BUF,0), "BIO_new_mem_buf"}, -{ERR_PACK(0,BIO_F_BIO_NREAD,0), "BIO_nread"}, -{ERR_PACK(0,BIO_F_BIO_NREAD0,0), "BIO_nread0"}, -{ERR_PACK(0,BIO_F_BIO_NWRITE,0), "BIO_nwrite"}, -{ERR_PACK(0,BIO_F_BIO_NWRITE0,0), "BIO_nwrite0"}, -{ERR_PACK(0,BIO_F_BIO_PUTS,0), "BIO_puts"}, -{ERR_PACK(0,BIO_F_BIO_READ,0), "BIO_read"}, -{ERR_PACK(0,BIO_F_BIO_SOCK_INIT,0), "BIO_sock_init"}, -{ERR_PACK(0,BIO_F_BIO_WRITE,0), "BIO_write"}, -{ERR_PACK(0,BIO_F_BUFFER_CTRL,0), "BUFFER_CTRL"}, -{ERR_PACK(0,BIO_F_CONN_CTRL,0), "CONN_CTRL"}, -{ERR_PACK(0,BIO_F_CONN_STATE,0), "CONN_STATE"}, -{ERR_PACK(0,BIO_F_FILE_CTRL,0), "FILE_CTRL"}, -{ERR_PACK(0,BIO_F_LINEBUFFER_CTRL,0), "LINEBUFFER_CTRL"}, -{ERR_PACK(0,BIO_F_MEM_READ,0), "MEM_READ"}, -{ERR_PACK(0,BIO_F_MEM_WRITE,0), "MEM_WRITE"}, -{ERR_PACK(0,BIO_F_SSL_NEW,0), "SSL_new"}, -{ERR_PACK(0,BIO_F_WSASTARTUP,0), "WSASTARTUP"}, -{0,NULL} - }; -static ERR_STRING_DATA BIO_str_reasons[]= - { -{BIO_R_ACCEPT_ERROR ,"accept error"}, -{BIO_R_BAD_FOPEN_MODE ,"bad fopen mode"}, -{BIO_R_BAD_HOSTNAME_LOOKUP ,"bad hostname lookup"}, -{BIO_R_BROKEN_PIPE ,"broken pipe"}, -{BIO_R_CONNECT_ERROR ,"connect error"}, -{BIO_R_EOF_ON_MEMORY_BIO ,"EOF on memory BIO"}, -{BIO_R_ERROR_SETTING_NBIO ,"error setting nbio"}, -{BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET,"error setting nbio on accepted socket"}, -{BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET,"error setting nbio on accept socket"}, -{BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET ,"gethostbyname addr is not af inet"}, -{BIO_R_INVALID_ARGUMENT ,"invalid argument"}, -{BIO_R_INVALID_IP_ADDRESS ,"invalid ip address"}, -{BIO_R_IN_USE ,"in use"}, -{BIO_R_KEEPALIVE ,"keepalive"}, -{BIO_R_NBIO_CONNECT_ERROR ,"nbio connect error"}, -{BIO_R_NO_ACCEPT_PORT_SPECIFIED ,"no accept port specified"}, -{BIO_R_NO_HOSTNAME_SPECIFIED ,"no hostname specified"}, -{BIO_R_NO_PORT_DEFINED ,"no port defined"}, -{BIO_R_NO_PORT_SPECIFIED ,"no port specified"}, -{BIO_R_NO_SUCH_FILE ,"no such file"}, -{BIO_R_NULL_PARAMETER ,"null parameter"}, -{BIO_R_TAG_MISMATCH ,"tag mismatch"}, -{BIO_R_UNABLE_TO_BIND_SOCKET ,"unable to bind socket"}, -{BIO_R_UNABLE_TO_CREATE_SOCKET ,"unable to create socket"}, -{BIO_R_UNABLE_TO_LISTEN_SOCKET ,"unable to listen socket"}, -{BIO_R_UNINITIALIZED ,"uninitialized"}, -{BIO_R_UNSUPPORTED_METHOD ,"unsupported method"}, -{BIO_R_WRITE_TO_READ_ONLY_BIO ,"write to read only BIO"}, -{BIO_R_WSASTARTUP ,"WSAStartup"}, -{0,NULL} - }; +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_BIO,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_BIO,0,reason) -#endif +static ERR_STRING_DATA BIO_str_functs[] = { + {ERR_FUNC(0xfff), "CRYPTO_internal"}, + {0, NULL} +}; -void ERR_load_BIO_strings(void) - { - static int init=1; +static ERR_STRING_DATA BIO_str_reasons[] = { + {ERR_REASON(BIO_R_ACCEPT_ERROR) , "accept error"}, + {ERR_REASON(BIO_R_BAD_FOPEN_MODE) , "bad fopen mode"}, + {ERR_REASON(BIO_R_BAD_HOSTNAME_LOOKUP) , "bad hostname lookup"}, + {ERR_REASON(BIO_R_BROKEN_PIPE) , "broken pipe"}, + {ERR_REASON(BIO_R_CONNECT_ERROR) , "connect error"}, + {ERR_REASON(BIO_R_EOF_ON_MEMORY_BIO) , "EOF on memory BIO"}, + {ERR_REASON(BIO_R_ERROR_SETTING_NBIO) , "error setting nbio"}, + {ERR_REASON(BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET), "error setting nbio on accepted socket"}, + {ERR_REASON(BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET), "error setting nbio on accept socket"}, + {ERR_REASON(BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET), "gethostbyname addr is not af inet"}, + {ERR_REASON(BIO_R_INVALID_ARGUMENT) , "invalid argument"}, + {ERR_REASON(BIO_R_INVALID_IP_ADDRESS) , "invalid ip address"}, + {ERR_REASON(BIO_R_INVALID_PORT_NUMBER) , "invalid port number"}, + {ERR_REASON(BIO_R_IN_USE) , "in use"}, + {ERR_REASON(BIO_R_KEEPALIVE) , "keepalive"}, + {ERR_REASON(BIO_R_NBIO_CONNECT_ERROR) , "nbio connect error"}, + {ERR_REASON(BIO_R_NO_ACCEPT_PORT_SPECIFIED), "no accept port specified"}, + {ERR_REASON(BIO_R_NO_HOSTNAME_SPECIFIED) , "no hostname specified"}, + {ERR_REASON(BIO_R_NO_PORT_DEFINED) , "no port defined"}, + {ERR_REASON(BIO_R_NO_PORT_SPECIFIED) , "no port specified"}, + {ERR_REASON(BIO_R_NO_SUCH_FILE) , "no such file"}, + {ERR_REASON(BIO_R_NULL_PARAMETER) , "null parameter"}, + {ERR_REASON(BIO_R_TAG_MISMATCH) , "tag mismatch"}, + {ERR_REASON(BIO_R_UNABLE_TO_BIND_SOCKET) , "unable to bind socket"}, + {ERR_REASON(BIO_R_UNABLE_TO_CREATE_SOCKET), "unable to create socket"}, + {ERR_REASON(BIO_R_UNABLE_TO_LISTEN_SOCKET), "unable to listen socket"}, + {ERR_REASON(BIO_R_UNINITIALIZED) , "uninitialized"}, + {ERR_REASON(BIO_R_UNSUPPORTED_METHOD) , "unsupported method"}, + {ERR_REASON(BIO_R_WRITE_TO_READ_ONLY_BIO), "write to read only BIO"}, + {ERR_REASON(BIO_R_WSASTARTUP) , "WSAStartup"}, + {0, NULL} +}; - if (init) - { - init=0; -#ifndef OPENSSL_NO_ERR - ERR_load_strings(ERR_LIB_BIO,BIO_str_functs); - ERR_load_strings(ERR_LIB_BIO,BIO_str_reasons); #endif - } +void +ERR_load_BIO_strings(void) +{ +#ifndef OPENSSL_NO_ERR + if (ERR_func_error_string(BIO_str_functs[0].error) == NULL) { + ERR_load_strings(0, BIO_str_functs); + ERR_load_strings(0, BIO_str_reasons); } +#endif +} diff --git a/src/lib/libcrypto/bio/bio_lib.c b/src/lib/libcrypto/bio/bio_lib.c index 50df2238fac..de039a7f5d6 100644 --- a/src/lib/libcrypto/bio/bio_lib.c +++ b/src/lib/libcrypto/bio/bio_lib.c @@ -1,25 +1,25 @@ -/* crypto/bio/bio_lib.c */ +/* $OpenBSD: bio_lib.c,v 1.28 2018/05/01 13:29:09 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,495 +49,627 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ -#include #include -#include -#include "cryptlib.h" +#include + #include +#include +#include #include -BIO *BIO_new(BIO_METHOD *method) - { - BIO *ret=NULL; +int +BIO_get_new_index(void) +{ + static int bio_type_index = BIO_TYPE_START; + int index; - ret=(BIO *)OPENSSL_malloc(sizeof(BIO)); - if (ret == NULL) - { - BIOerr(BIO_F_BIO_NEW,ERR_R_MALLOC_FAILURE); - return(NULL); - } - if (!BIO_set(ret,method)) - { - OPENSSL_free(ret); - ret=NULL; - } - return(ret); + /* The index will collide with the BIO flag bits if it exceeds 255. */ + index = CRYPTO_add(&bio_type_index, 1, CRYPTO_LOCK_BIO); + if (index > 255) + return -1; + + return index; +} + +BIO * +BIO_new(const BIO_METHOD *method) +{ + BIO *ret = NULL; + + ret = malloc(sizeof(BIO)); + if (ret == NULL) { + BIOerror(ERR_R_MALLOC_FAILURE); + return (NULL); } + if (!BIO_set(ret, method)) { + free(ret); + ret = NULL; + } + return (ret); +} -int BIO_set(BIO *bio, BIO_METHOD *method) - { - bio->method=method; - bio->callback=NULL; - bio->cb_arg=NULL; - bio->init=0; - bio->shutdown=1; - bio->flags=0; - bio->retry_reason=0; - bio->num=0; - bio->ptr=NULL; - bio->prev_bio=NULL; - bio->next_bio=NULL; - bio->references=1; - bio->num_read=0L; - bio->num_write=0L; +int +BIO_set(BIO *bio, const BIO_METHOD *method) +{ + bio->method = method; + bio->callback = NULL; + bio->cb_arg = NULL; + bio->init = 0; + bio->shutdown = 1; + bio->flags = 0; + bio->retry_reason = 0; + bio->num = 0; + bio->ptr = NULL; + bio->prev_bio = NULL; + bio->next_bio = NULL; + bio->references = 1; + bio->num_read = 0L; + bio->num_write = 0L; CRYPTO_new_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data); if (method->create != NULL) - if (!method->create(bio)) - { + if (!method->create(bio)) { CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, - &bio->ex_data); - return(0); - } - return(1); - } - -int BIO_free(BIO *a) - { - int ret=0,i; - - if (a == NULL) return(0); - - i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_BIO); -#ifdef REF_PRINT - REF_PRINT("BIO",a); -#endif - if (i > 0) return(1); -#ifdef REF_CHECK - if (i < 0) - { - fprintf(stderr,"BIO_free, bad reference count\n"); - abort(); + &bio->ex_data); + return (0); } -#endif + return (1); +} + +int +BIO_free(BIO *a) +{ + int i; + + if (a == NULL) + return (0); + + i = CRYPTO_add(&a->references, -1, CRYPTO_LOCK_BIO); + if (i > 0) + return (1); if ((a->callback != NULL) && - ((i=(int)a->callback(a,BIO_CB_FREE,NULL,0,0L,1L)) <= 0)) - return(i); + ((i = (int)a->callback(a, BIO_CB_FREE, NULL, 0, 0L, 1L)) <= 0)) + return (i); CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data); - if ((a->method == NULL) || (a->method->destroy == NULL)) return(1); - ret=a->method->destroy(a); - OPENSSL_free(a); - return(1); - } + if (a->method != NULL && a->method->destroy != NULL) + a->method->destroy(a); + free(a); + return (1); +} + +void +BIO_vfree(BIO *a) +{ + BIO_free(a); +} -void BIO_vfree(BIO *a) - { BIO_free(a); } +int +BIO_up_ref(BIO *bio) +{ + int refs = CRYPTO_add(&bio->references, 1, CRYPTO_LOCK_BIO); + return (refs > 1) ? 1 : 0; +} + +void * +BIO_get_data(BIO *a) +{ + return (a->ptr); +} + +void +BIO_set_data(BIO *a, void *ptr) +{ + a->ptr = ptr; +} + +void +BIO_set_init(BIO *a, int init) +{ + a->init = init; +} -int BIO_read(BIO *b, void *out, int outl) - { +int +BIO_get_shutdown(BIO *a) +{ + return (a->shutdown); +} + +void +BIO_set_shutdown(BIO *a, int shut) +{ + a->shutdown = shut; +} + +void +BIO_clear_flags(BIO *b, int flags) +{ + b->flags &= ~flags; +} + +int +BIO_test_flags(const BIO *b, int flags) +{ + return (b->flags & flags); +} + +void +BIO_set_flags(BIO *b, int flags) +{ + b->flags |= flags; +} + +long +(*BIO_get_callback(const BIO *b))(struct bio_st *, int, const char *, int, + long, long) +{ + return b->callback; +} + +void +BIO_set_callback(BIO *b, long (*cb)(struct bio_st *, int, const char *, int, + long, long)) +{ + b->callback = cb; +} + +void +BIO_set_callback_arg(BIO *b, char *arg) +{ + b->cb_arg = arg; +} + +char * +BIO_get_callback_arg(const BIO *b) +{ + return b->cb_arg; +} + +const char * +BIO_method_name(const BIO *b) +{ + return b->method->name; +} + +int +BIO_method_type(const BIO *b) +{ + return b->method->type; +} + +int +BIO_read(BIO *b, void *out, int outl) +{ int i; - long (*cb)(); + long (*cb)(BIO *, int, const char *, int, long, long); - if ((b == NULL) || (b->method == NULL) || (b->method->bread == NULL)) - { - BIOerr(BIO_F_BIO_READ,BIO_R_UNSUPPORTED_METHOD); - return(-2); - } + if ((b == NULL) || (b->method == NULL) || (b->method->bread == NULL)) { + BIOerror(BIO_R_UNSUPPORTED_METHOD); + return (-2); + } - cb=b->callback; + cb = b->callback; if ((cb != NULL) && - ((i=(int)cb(b,BIO_CB_READ,out,outl,0L,1L)) <= 0)) - return(i); + ((i = (int)cb(b, BIO_CB_READ, out, outl, 0L, 1L)) <= 0)) + return (i); - if (!b->init) - { - BIOerr(BIO_F_BIO_READ,BIO_R_UNINITIALIZED); - return(-2); - } + if (!b->init) { + BIOerror(BIO_R_UNINITIALIZED); + return (-2); + } - i=b->method->bread(b,out,outl); + i = b->method->bread(b, out, outl); - if (i > 0) b->num_read+=(unsigned long)i; + if (i > 0) + b->num_read += (unsigned long)i; if (cb != NULL) - i=(int)cb(b,BIO_CB_READ|BIO_CB_RETURN,out,outl, - 0L,(long)i); - return(i); - } + i = (int)cb(b, BIO_CB_READ|BIO_CB_RETURN, out, outl, + 0L, (long)i); + return (i); +} -int BIO_write(BIO *b, const void *in, int inl) - { +int +BIO_write(BIO *b, const void *in, int inl) +{ int i; - long (*cb)(); + long (*cb)(BIO *, int, const char *, int, long, long); if (b == NULL) - return(0); + return (0); - cb=b->callback; - if ((b->method == NULL) || (b->method->bwrite == NULL)) - { - BIOerr(BIO_F_BIO_WRITE,BIO_R_UNSUPPORTED_METHOD); - return(-2); - } + cb = b->callback; + if ((b->method == NULL) || (b->method->bwrite == NULL)) { + BIOerror(BIO_R_UNSUPPORTED_METHOD); + return (-2); + } if ((cb != NULL) && - ((i=(int)cb(b,BIO_CB_WRITE,in,inl,0L,1L)) <= 0)) - return(i); + ((i = (int)cb(b, BIO_CB_WRITE, in, inl, 0L, 1L)) <= 0)) + return (i); - if (!b->init) - { - BIOerr(BIO_F_BIO_WRITE,BIO_R_UNINITIALIZED); - return(-2); - } + if (!b->init) { + BIOerror(BIO_R_UNINITIALIZED); + return (-2); + } - i=b->method->bwrite(b,in,inl); + i = b->method->bwrite(b, in, inl); - if (i > 0) b->num_write+=(unsigned long)i; + if (i > 0) + b->num_write += (unsigned long)i; if (cb != NULL) - i=(int)cb(b,BIO_CB_WRITE|BIO_CB_RETURN,in,inl, - 0L,(long)i); - return(i); - } + i = (int)cb(b, BIO_CB_WRITE|BIO_CB_RETURN, in, inl, + 0L, (long)i); + return (i); +} -int BIO_puts(BIO *b, const char *in) - { +int +BIO_puts(BIO *b, const char *in) +{ int i; - long (*cb)(); + long (*cb)(BIO *, int, const char *, int, long, long); - if ((b == NULL) || (b->method == NULL) || (b->method->bputs == NULL)) - { - BIOerr(BIO_F_BIO_PUTS,BIO_R_UNSUPPORTED_METHOD); - return(-2); - } + if ((b == NULL) || (b->method == NULL) || (b->method->bputs == NULL)) { + BIOerror(BIO_R_UNSUPPORTED_METHOD); + return (-2); + } - cb=b->callback; + cb = b->callback; if ((cb != NULL) && - ((i=(int)cb(b,BIO_CB_PUTS,in,0,0L,1L)) <= 0)) - return(i); + ((i = (int)cb(b, BIO_CB_PUTS, in, 0, 0L, 1L)) <= 0)) + return (i); - if (!b->init) - { - BIOerr(BIO_F_BIO_PUTS,BIO_R_UNINITIALIZED); - return(-2); - } + if (!b->init) { + BIOerror(BIO_R_UNINITIALIZED); + return (-2); + } - i=b->method->bputs(b,in); + i = b->method->bputs(b, in); - if (i > 0) b->num_write+=(unsigned long)i; + if (i > 0) + b->num_write += (unsigned long)i; if (cb != NULL) - i=(int)cb(b,BIO_CB_PUTS|BIO_CB_RETURN,in,0, - 0L,(long)i); - return(i); - } + i = (int)cb(b, BIO_CB_PUTS|BIO_CB_RETURN, in, 0, 0L, (long)i); + return (i); +} -int BIO_gets(BIO *b, char *in, int inl) - { +int +BIO_gets(BIO *b, char *in, int inl) +{ int i; - long (*cb)(); + long (*cb)(BIO *, int, const char *, int, long, long); - if ((b == NULL) || (b->method == NULL) || (b->method->bgets == NULL)) - { - BIOerr(BIO_F_BIO_GETS,BIO_R_UNSUPPORTED_METHOD); - return(-2); - } + if ((b == NULL) || (b->method == NULL) || (b->method->bgets == NULL)) { + BIOerror(BIO_R_UNSUPPORTED_METHOD); + return (-2); + } - cb=b->callback; + cb = b->callback; if ((cb != NULL) && - ((i=(int)cb(b,BIO_CB_GETS,in,inl,0L,1L)) <= 0)) - return(i); + ((i = (int)cb(b, BIO_CB_GETS, in, inl, 0L, 1L)) <= 0)) + return (i); - if (!b->init) - { - BIOerr(BIO_F_BIO_GETS,BIO_R_UNINITIALIZED); - return(-2); - } + if (!b->init) { + BIOerror(BIO_R_UNINITIALIZED); + return (-2); + } - i=b->method->bgets(b,in,inl); + i = b->method->bgets(b, in, inl); if (cb != NULL) - i=(int)cb(b,BIO_CB_GETS|BIO_CB_RETURN,in,inl, - 0L,(long)i); - return(i); - } + i = (int)cb(b, BIO_CB_GETS|BIO_CB_RETURN, in, inl, 0L, (long)i); + return (i); +} -long BIO_int_ctrl(BIO *b, int cmd, long larg, int iarg) - { +int +BIO_indent(BIO *b, int indent, int max) +{ + if (indent < 0) + indent = 0; + if (indent > max) + indent = max; + while (indent--) + if (BIO_puts(b, " ") != 1) + return 0; + return 1; +} + +long +BIO_int_ctrl(BIO *b, int cmd, long larg, int iarg) +{ int i; - i=iarg; - return(BIO_ctrl(b,cmd,larg,(char *)&i)); - } + i = iarg; + return (BIO_ctrl(b, cmd, larg, (char *)&i)); +} -char *BIO_ptr_ctrl(BIO *b, int cmd, long larg) - { - char *p=NULL; +char * +BIO_ptr_ctrl(BIO *b, int cmd, long larg) +{ + char *p = NULL; - if (BIO_ctrl(b,cmd,larg,(char *)&p) <= 0) - return(NULL); + if (BIO_ctrl(b, cmd, larg, (char *)&p) <= 0) + return (NULL); else - return(p); - } + return (p); +} -long BIO_ctrl(BIO *b, int cmd, long larg, void *parg) - { +long +BIO_ctrl(BIO *b, int cmd, long larg, void *parg) +{ long ret; - long (*cb)(); + long (*cb)(BIO *, int, const char *, int, long, long); - if (b == NULL) return(0); + if (b == NULL) + return (0); - if ((b->method == NULL) || (b->method->ctrl == NULL)) - { - BIOerr(BIO_F_BIO_CTRL,BIO_R_UNSUPPORTED_METHOD); - return(-2); - } + if ((b->method == NULL) || (b->method->ctrl == NULL)) { + BIOerror(BIO_R_UNSUPPORTED_METHOD); + return (-2); + } - cb=b->callback; + cb = b->callback; if ((cb != NULL) && - ((ret=cb(b,BIO_CB_CTRL,parg,cmd,larg,1L)) <= 0)) - return(ret); + ((ret = cb(b, BIO_CB_CTRL, parg, cmd, larg, 1L)) <= 0)) + return (ret); - ret=b->method->ctrl(b,cmd,larg,parg); + ret = b->method->ctrl(b, cmd, larg, parg); if (cb != NULL) - ret=cb(b,BIO_CB_CTRL|BIO_CB_RETURN,parg,cmd, - larg,ret); - return(ret); - } + ret = cb(b, BIO_CB_CTRL|BIO_CB_RETURN, parg, cmd, larg, ret); + return (ret); +} -long BIO_callback_ctrl(BIO *b, int cmd, void (*fp)(struct bio_st *, int, const char *, int, long, long)) - { +long +BIO_callback_ctrl(BIO *b, int cmd, + void (*fp)(struct bio_st *, int, const char *, int, long, long)) +{ long ret; - long (*cb)(); + long (*cb)(BIO *, int, const char *, int, long, long); - if (b == NULL) return(0); + if (b == NULL) + return (0); - if ((b->method == NULL) || (b->method->callback_ctrl == NULL)) - { - BIOerr(BIO_F_BIO_CTRL,BIO_R_UNSUPPORTED_METHOD); - return(-2); - } + if ((b->method == NULL) || (b->method->callback_ctrl == NULL)) { + BIOerror(BIO_R_UNSUPPORTED_METHOD); + return (-2); + } - cb=b->callback; + cb = b->callback; if ((cb != NULL) && - ((ret=cb(b,BIO_CB_CTRL,(void *)&fp,cmd,0,1L)) <= 0)) - return(ret); + ((ret = cb(b, BIO_CB_CTRL, (void *)&fp, cmd, 0, 1L)) <= 0)) + return (ret); - ret=b->method->callback_ctrl(b,cmd,fp); + ret = b->method->callback_ctrl(b, cmd, fp); if (cb != NULL) - ret=cb(b,BIO_CB_CTRL|BIO_CB_RETURN,(void *)&fp,cmd, - 0,ret); - return(ret); - } + ret = cb(b, BIO_CB_CTRL|BIO_CB_RETURN, (void *)&fp, cmd, 0, ret); + return (ret); +} /* It is unfortunate to duplicate in functions what the BIO_(w)pending macros * do; but those macros have inappropriate return type, and for interfacing * from other programming languages, C macros aren't much of a help anyway. */ -size_t BIO_ctrl_pending(BIO *bio) - { +size_t +BIO_ctrl_pending(BIO *bio) +{ return BIO_ctrl(bio, BIO_CTRL_PENDING, 0, NULL); - } +} -size_t BIO_ctrl_wpending(BIO *bio) - { +size_t +BIO_ctrl_wpending(BIO *bio) +{ return BIO_ctrl(bio, BIO_CTRL_WPENDING, 0, NULL); - } +} /* put the 'bio' on the end of b's list of operators */ -BIO *BIO_push(BIO *b, BIO *bio) - { +BIO * +BIO_push(BIO *b, BIO *bio) +{ BIO *lb; - if (b == NULL) return(bio); - lb=b; + if (b == NULL) + return (bio); + lb = b; while (lb->next_bio != NULL) - lb=lb->next_bio; - lb->next_bio=bio; + lb = lb->next_bio; + lb->next_bio = bio; if (bio != NULL) - bio->prev_bio=lb; + bio->prev_bio = lb; /* called to do internal processing */ - BIO_ctrl(b,BIO_CTRL_PUSH,0,NULL); - return(b); - } + BIO_ctrl(b, BIO_CTRL_PUSH, 0, lb); + return (b); +} /* Remove the first and return the rest */ -BIO *BIO_pop(BIO *b) - { +BIO * +BIO_pop(BIO *b) +{ BIO *ret; - if (b == NULL) return(NULL); - ret=b->next_bio; + if (b == NULL) + return (NULL); + ret = b->next_bio; + + BIO_ctrl(b, BIO_CTRL_POP, 0, b); if (b->prev_bio != NULL) - b->prev_bio->next_bio=b->next_bio; + b->prev_bio->next_bio = b->next_bio; if (b->next_bio != NULL) - b->next_bio->prev_bio=b->prev_bio; + b->next_bio->prev_bio = b->prev_bio; - b->next_bio=NULL; - b->prev_bio=NULL; - BIO_ctrl(b,BIO_CTRL_POP,0,NULL); - return(ret); - } + b->next_bio = NULL; + b->prev_bio = NULL; + return (ret); +} -BIO *BIO_get_retry_BIO(BIO *bio, int *reason) - { - BIO *b,*last; - - b=last=bio; - for (;;) - { - if (!BIO_should_retry(b)) break; - last=b; - b=b->next_bio; - if (b == NULL) break; - } - if (reason != NULL) *reason=last->retry_reason; - return(last); +BIO * +BIO_get_retry_BIO(BIO *bio, int *reason) +{ + BIO *b, *last; + + b = last = bio; + for (;;) { + if (!BIO_should_retry(b)) + break; + last = b; + b = b->next_bio; + if (b == NULL) + break; } + if (reason != NULL) + *reason = last->retry_reason; + return (last); +} -int BIO_get_retry_reason(BIO *bio) - { - return(bio->retry_reason); - } +int +BIO_get_retry_reason(BIO *bio) +{ + return (bio->retry_reason); +} -BIO *BIO_find_type(BIO *bio, int type) - { - int mt,mask; - - if(!bio) return NULL; - mask=type&0xff; - do { - if (bio->method != NULL) - { - mt=bio->method->type; - - if (!mask) - { - if (mt & type) return(bio); - } - else if (mt == type) - return(bio); - } - bio=bio->next_bio; - } while (bio != NULL); - return(NULL); - } +BIO * +BIO_find_type(BIO *bio, int type) +{ + int mt, mask; + + if (!bio) + return NULL; + mask = type & 0xff; + do { + if (bio->method != NULL) { + mt = bio->method->type; + if (!mask) { + if (mt & type) + return (bio); + } else if (mt == type) + return (bio); + } + bio = bio->next_bio; + } while (bio != NULL); + return (NULL); +} -BIO *BIO_next(BIO *b) - { - if(!b) return NULL; +BIO * +BIO_next(BIO *b) +{ + if (!b) + return NULL; return b->next_bio; - } +} -void BIO_free_all(BIO *bio) - { +void +BIO_free_all(BIO *bio) +{ BIO *b; int ref; - while (bio != NULL) - { - b=bio; - ref=b->references; - bio=bio->next_bio; + while (bio != NULL) { + b = bio; + ref = b->references; + bio = bio->next_bio; BIO_free(b); /* Since ref count > 1, don't free anyone else. */ - if (ref > 1) break; - } + if (ref > 1) + break; } +} -BIO *BIO_dup_chain(BIO *in) - { - BIO *ret=NULL,*eoc=NULL,*bio,*new; +BIO * +BIO_dup_chain(BIO *in) +{ + BIO *ret = NULL, *eoc = NULL, *bio, *new_bio; - for (bio=in; bio != NULL; bio=bio->next_bio) - { - if ((new=BIO_new(bio->method)) == NULL) goto err; - new->callback=bio->callback; - new->cb_arg=bio->cb_arg; - new->init=bio->init; - new->shutdown=bio->shutdown; - new->flags=bio->flags; + for (bio = in; bio != NULL; bio = bio->next_bio) { + if ((new_bio = BIO_new(bio->method)) == NULL) + goto err; + new_bio->callback = bio->callback; + new_bio->cb_arg = bio->cb_arg; + new_bio->init = bio->init; + new_bio->shutdown = bio->shutdown; + new_bio->flags = bio->flags; /* This will let SSL_s_sock() work with stdin/stdout */ - new->num=bio->num; + new_bio->num = bio->num; - if (!BIO_dup_state(bio,(char *)new)) - { - BIO_free(new); + if (!BIO_dup_state(bio, (char *)new_bio)) { + BIO_free(new_bio); goto err; - } + } /* copy app data */ - if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new->ex_data, - &bio->ex_data)) + if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, + &new_bio->ex_data, &bio->ex_data)) goto err; - if (ret == NULL) - { - eoc=new; - ret=eoc; - } - else - { - BIO_push(eoc,new); - eoc=new; - } + if (ret == NULL) { + eoc = new_bio; + ret = eoc; + } else { + BIO_push(eoc, new_bio); + eoc = new_bio; } - return(ret); -err: - if (ret != NULL) - BIO_free(ret); - return(NULL); } + return (ret); +err: + BIO_free(ret); + return (NULL); -void BIO_copy_next_retry(BIO *b) - { - BIO_set_flags(b,BIO_get_retry_flags(b->next_bio)); - b->retry_reason=b->next_bio->retry_reason; - } +} + +void +BIO_copy_next_retry(BIO *b) +{ + BIO_set_flags(b, BIO_get_retry_flags(b->next_bio)); + b->retry_reason = b->next_bio->retry_reason; +} -int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) - { +int +BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) +{ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_BIO, argl, argp, - new_func, dup_func, free_func); - } + new_func, dup_func, free_func); +} -int BIO_set_ex_data(BIO *bio, int idx, void *data) - { - return(CRYPTO_set_ex_data(&(bio->ex_data),idx,data)); - } +int +BIO_set_ex_data(BIO *bio, int idx, void *data) +{ + return (CRYPTO_set_ex_data(&(bio->ex_data), idx, data)); +} -void *BIO_get_ex_data(BIO *bio, int idx) - { - return(CRYPTO_get_ex_data(&(bio->ex_data),idx)); - } +void * +BIO_get_ex_data(BIO *bio, int idx) +{ + return (CRYPTO_get_ex_data(&(bio->ex_data), idx)); +} -unsigned long BIO_number_read(BIO *bio) +unsigned long +BIO_number_read(BIO *bio) { - if(bio) return bio->num_read; + if (bio) + return bio->num_read; return 0; } -unsigned long BIO_number_written(BIO *bio) +unsigned long +BIO_number_written(BIO *bio) { - if(bio) return bio->num_write; + if (bio) + return bio->num_write; return 0; } - -IMPLEMENT_STACK_OF(BIO) diff --git a/src/lib/libcrypto/bio/bio_meth.c b/src/lib/libcrypto/bio/bio_meth.c new file mode 100644 index 00000000000..4327c010b17 --- /dev/null +++ b/src/lib/libcrypto/bio/bio_meth.c @@ -0,0 +1,147 @@ +/* $OpenBSD: bio_meth.c,v 1.6 2018/06/02 04:41:12 tb Exp $ */ +/* + * Copyright (c) 2018 Theo Buehler + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include + +BIO_METHOD * +BIO_meth_new(int type, const char *name) +{ + BIO_METHOD *biom; + + if ((biom = calloc(1, sizeof(*biom))) == NULL) + return NULL; + + biom->type = type; + biom->name = name; + + return biom; +} + +void +BIO_meth_free(BIO_METHOD *biom) +{ + free(biom); +} + +int +(*BIO_meth_get_write(const BIO_METHOD *biom))(BIO *, const char *, int) +{ + return biom->bwrite; +} + +int +BIO_meth_set_write(BIO_METHOD *biom, int (*write)(BIO *, const char *, int)) +{ + biom->bwrite = write; + return 1; +} + +int +(*BIO_meth_get_read(const BIO_METHOD *biom))(BIO *, char *, int) +{ + return biom->bread; +} + +int +BIO_meth_set_read(BIO_METHOD *biom, int (*read)(BIO *, char *, int)) +{ + biom->bread = read; + return 1; +} + +int +(*BIO_meth_get_puts(const BIO_METHOD *biom))(BIO *, const char *) +{ + return biom->bputs; +} + +int +BIO_meth_set_puts(BIO_METHOD *biom, int (*puts)(BIO *, const char *)) +{ + biom->bputs = puts; + return 1; +} + +int +(*BIO_meth_get_gets(const BIO_METHOD *biom))(BIO *, char *, int) +{ + return biom->bgets; +} + +int +BIO_meth_set_gets(BIO_METHOD *biom, int (*gets)(BIO *, char *, int)) +{ + biom->bgets = gets; + return 1; +} + +long +(*BIO_meth_get_ctrl(const BIO_METHOD *biom))(BIO *, int, long, void *) +{ + return biom->ctrl; +} + +int +BIO_meth_set_ctrl(BIO_METHOD *biom, long (*ctrl)(BIO *, int, long, void *)) +{ + biom->ctrl = ctrl; + return 1; +} + +int +(*BIO_meth_get_create(const BIO_METHOD *biom))(BIO *) +{ + return biom->create; +} + +int +BIO_meth_set_create(BIO_METHOD *biom, int (*create)(BIO *)) +{ + biom->create = create; + return 1; +} + +int +(*BIO_meth_get_destroy(const BIO_METHOD *biom))(BIO *) +{ + return biom->destroy; +} + +int +BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy)(BIO *)) +{ + biom->destroy = destroy; + return 1; +} + +long +(*BIO_meth_get_callback_ctrl(const BIO_METHOD *biom))(BIO *, int, BIO_info_cb *) +{ + return + (long (*)(BIO *, int, BIO_info_cb *))biom->callback_ctrl; /* XXX */ +} + +int +BIO_meth_set_callback_ctrl(BIO_METHOD *biom, + long (*callback_ctrl)(BIO *, int, BIO_info_cb *)) +{ + biom->callback_ctrl = + (long (*)(BIO *, int, bio_info_cb *))callback_ctrl; /* XXX */ + return 1; +} diff --git a/src/lib/libcrypto/bio/bss_acpt.c b/src/lib/libcrypto/bio/bss_acpt.c index 8ea1db158b8..c95ddde7bb5 100644 --- a/src/lib/libcrypto/bio/bss_acpt.c +++ b/src/lib/libcrypto/bio/bss_acpt.c @@ -1,4 +1,4 @@ -/* crypto/bio/bss_acpt.c */ +/* $OpenBSD: bss_acpt.c,v 1.29 2018/05/12 18:51:59 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -56,27 +56,20 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_SOCK +#include -#include #include -#define USE_SOCKETS -#include "cryptlib.h" +#include +#include +#include + #include +#include +#include -#ifdef OPENSSL_SYS_WIN16 -#define SOCKET_PROTOCOL 0 /* more microsoft stupidity */ -#else #define SOCKET_PROTOCOL IPPROTO_TCP -#endif -#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000) -/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */ -#undef FIONBIO -#endif - -typedef struct bio_accept_st - { +typedef struct bio_accept_st { int state; char *param_addr; @@ -90,7 +83,7 @@ typedef struct bio_accept_st * If 2, always use SO_REUSEADDR. */ int bind_mode; BIO *bio_chain; - } BIO_ACCEPT; +} BIO_ACCEPT; static int acpt_write(BIO *h, const char *buf, int num); static int acpt_read(BIO *h, char *buf, int size); @@ -100,380 +93,361 @@ static int acpt_new(BIO *h); static int acpt_free(BIO *data); static int acpt_state(BIO *b, BIO_ACCEPT *c); static void acpt_close_socket(BIO *data); -BIO_ACCEPT *BIO_ACCEPT_new(void ); -void BIO_ACCEPT_free(BIO_ACCEPT *a); +static BIO_ACCEPT *BIO_ACCEPT_new(void ); +static void BIO_ACCEPT_free(BIO_ACCEPT *a); #define ACPT_S_BEFORE 1 #define ACPT_S_GET_ACCEPT_SOCKET 2 #define ACPT_S_OK 3 -static BIO_METHOD methods_acceptp= - { - BIO_TYPE_ACCEPT, - "socket accept", - acpt_write, - acpt_read, - acpt_puts, - NULL, /* connect_gets, */ - acpt_ctrl, - acpt_new, - acpt_free, - NULL, - }; - -BIO_METHOD *BIO_s_accept(void) - { - return(&methods_acceptp); - } - -static int acpt_new(BIO *bi) - { +static const BIO_METHOD methods_acceptp = { + .type = BIO_TYPE_ACCEPT, + .name = "socket accept", + .bwrite = acpt_write, + .bread = acpt_read, + .bputs = acpt_puts, + .ctrl = acpt_ctrl, + .create = acpt_new, + .destroy = acpt_free +}; + +const BIO_METHOD * +BIO_s_accept(void) +{ + return (&methods_acceptp); +} + +static int +acpt_new(BIO *bi) +{ BIO_ACCEPT *ba; - bi->init=0; - bi->num=INVALID_SOCKET; - bi->flags=0; - if ((ba=BIO_ACCEPT_new()) == NULL) - return(0); - bi->ptr=(char *)ba; - ba->state=ACPT_S_BEFORE; - bi->shutdown=1; - return(1); - } - -BIO_ACCEPT *BIO_ACCEPT_new(void) - { + bi->init = 0; + bi->num = -1; + bi->flags = 0; + if ((ba = BIO_ACCEPT_new()) == NULL) + return (0); + bi->ptr = (char *)ba; + ba->state = ACPT_S_BEFORE; + bi->shutdown = 1; + return (1); +} + +static BIO_ACCEPT * +BIO_ACCEPT_new(void) +{ BIO_ACCEPT *ret; - if ((ret=(BIO_ACCEPT *)OPENSSL_malloc(sizeof(BIO_ACCEPT))) == NULL) - return(NULL); - - memset(ret,0,sizeof(BIO_ACCEPT)); - ret->accept_sock=INVALID_SOCKET; - ret->bind_mode=BIO_BIND_NORMAL; - return(ret); - } - -void BIO_ACCEPT_free(BIO_ACCEPT *a) - { - if(a == NULL) - return; - - if (a->param_addr != NULL) OPENSSL_free(a->param_addr); - if (a->addr != NULL) OPENSSL_free(a->addr); - if (a->bio_chain != NULL) BIO_free(a->bio_chain); - OPENSSL_free(a); - } - -static void acpt_close_socket(BIO *bio) - { + if ((ret = calloc(1, sizeof(BIO_ACCEPT))) == NULL) + return (NULL); + ret->accept_sock = -1; + ret->bind_mode = BIO_BIND_NORMAL; + return (ret); +} + +static void +BIO_ACCEPT_free(BIO_ACCEPT *a) +{ + if (a == NULL) + return; + + free(a->param_addr); + free(a->addr); + BIO_free(a->bio_chain); + free(a); +} + +static void +acpt_close_socket(BIO *bio) +{ BIO_ACCEPT *c; - c=(BIO_ACCEPT *)bio->ptr; - if (c->accept_sock != INVALID_SOCKET) - { - shutdown(c->accept_sock,2); - closesocket(c->accept_sock); - c->accept_sock=INVALID_SOCKET; - bio->num=INVALID_SOCKET; - } + c = (BIO_ACCEPT *)bio->ptr; + if (c->accept_sock != -1) { + shutdown(c->accept_sock, SHUT_RDWR); + close(c->accept_sock); + c->accept_sock = -1; + bio->num = -1; } +} -static int acpt_free(BIO *a) - { +static int +acpt_free(BIO *a) +{ BIO_ACCEPT *data; - if (a == NULL) return(0); - data=(BIO_ACCEPT *)a->ptr; - - if (a->shutdown) - { + if (a == NULL) + return (0); + data = (BIO_ACCEPT *)a->ptr; + + if (a->shutdown) { acpt_close_socket(a); BIO_ACCEPT_free(data); - a->ptr=NULL; - a->flags=0; - a->init=0; - } - return(1); + a->ptr = NULL; + a->flags = 0; + a->init = 0; } - -static int acpt_state(BIO *b, BIO_ACCEPT *c) - { - BIO *bio=NULL,*dbio; - int s= -1; + return (1); +} + +static int +acpt_state(BIO *b, BIO_ACCEPT *c) +{ + BIO *bio = NULL, *dbio; + int s = -1; int i; again: - switch (c->state) - { + switch (c->state) { case ACPT_S_BEFORE: - if (c->param_addr == NULL) - { - BIOerr(BIO_F_ACPT_STATE,BIO_R_NO_ACCEPT_PORT_SPECIFIED); - return(-1); - } - s=BIO_get_accept_socket(c->param_addr,c->bind_mode); - if (s == INVALID_SOCKET) - return(-1); - - if (c->accept_nbio) - { - if (!BIO_socket_nbio(s,1)) - { - closesocket(s); - BIOerr(BIO_F_ACPT_STATE,BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET); - return(-1); - } + if (c->param_addr == NULL) { + BIOerror(BIO_R_NO_ACCEPT_PORT_SPECIFIED); + return (-1); + } + s = BIO_get_accept_socket(c->param_addr, c->bind_mode); + if (s == -1) + return (-1); + + if (c->accept_nbio) { + if (!BIO_socket_nbio(s, 1)) { + close(s); + BIOerror(BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET); + return (-1); } - c->accept_sock=s; - b->num=s; - c->state=ACPT_S_GET_ACCEPT_SOCKET; - return(1); + } + c->accept_sock = s; + b->num = s; + c->state = ACPT_S_GET_ACCEPT_SOCKET; + return (1); /* break; */ case ACPT_S_GET_ACCEPT_SOCKET: - if (b->next_bio != NULL) - { - c->state=ACPT_S_OK; + if (b->next_bio != NULL) { + c->state = ACPT_S_OK; goto again; - } + } BIO_clear_retry_flags(b); - b->retry_reason=0; - i=BIO_accept(c->accept_sock,&(c->addr)); + b->retry_reason = 0; + i = BIO_accept(c->accept_sock, &(c->addr)); /* -2 return means we should retry */ - if(i == -2) - { + if (i == -2) { BIO_set_retry_special(b); - b->retry_reason=BIO_RR_ACCEPT; + b->retry_reason = BIO_RR_ACCEPT; return -1; - } + } - if (i < 0) return(i); + if (i < 0) + return (i); - bio=BIO_new_socket(i,BIO_CLOSE); - if (bio == NULL) goto err; + bio = BIO_new_socket(i, BIO_CLOSE); + if (bio == NULL) + goto err; - BIO_set_callback(bio,BIO_get_callback(b)); - BIO_set_callback_arg(bio,BIO_get_callback_arg(b)); + BIO_set_callback(bio, BIO_get_callback(b)); + BIO_set_callback_arg(bio, BIO_get_callback_arg(b)); - if (c->nbio) - { - if (!BIO_socket_nbio(i,1)) - { - BIOerr(BIO_F_ACPT_STATE,BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET); + if (c->nbio) { + if (!BIO_socket_nbio(i, 1)) { + BIOerror(BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET); goto err; - } } + } /* If the accept BIO has an bio_chain, we dup it and * put the new socket at the end. */ - if (c->bio_chain != NULL) - { - if ((dbio=BIO_dup_chain(c->bio_chain)) == NULL) + if (c->bio_chain != NULL) { + if ((dbio = BIO_dup_chain(c->bio_chain)) == NULL) goto err; - if (!BIO_push(dbio,bio)) goto err; - bio=dbio; - } - if (BIO_push(b,bio) == NULL) goto err; + if (!BIO_push(dbio, bio)) goto err; + bio = dbio; + } + if (BIO_push(b, bio) + == NULL) goto err; + + c->state = ACPT_S_OK; + return (1); - c->state=ACPT_S_OK; - return(1); err: if (bio != NULL) BIO_free(bio); - else if (s >= 0) - closesocket(s); - return(0); + return (0); /* break; */ case ACPT_S_OK: - if (b->next_bio == NULL) - { - c->state=ACPT_S_GET_ACCEPT_SOCKET; + if (b->next_bio == NULL) { + c->state = ACPT_S_GET_ACCEPT_SOCKET; goto again; - } - return(1); + } + return (1); /* break; */ - default: - return(0); + default: + return (0); /* break; */ - } - } +} -static int acpt_read(BIO *b, char *out, int outl) - { - int ret=0; +static int +acpt_read(BIO *b, char *out, int outl) +{ + int ret = 0; BIO_ACCEPT *data; BIO_clear_retry_flags(b); - data=(BIO_ACCEPT *)b->ptr; + data = (BIO_ACCEPT *)b->ptr; - while (b->next_bio == NULL) - { - ret=acpt_state(b,data); - if (ret <= 0) return(ret); - } + while (b->next_bio == NULL) { + ret = acpt_state(b, data); + if (ret <= 0) + return (ret); + } - ret=BIO_read(b->next_bio,out,outl); + ret = BIO_read(b->next_bio, out, outl); BIO_copy_next_retry(b); - return(ret); - } + return (ret); +} -static int acpt_write(BIO *b, const char *in, int inl) - { +static int +acpt_write(BIO *b, const char *in, int inl) +{ int ret; BIO_ACCEPT *data; BIO_clear_retry_flags(b); - data=(BIO_ACCEPT *)b->ptr; + data = (BIO_ACCEPT *)b->ptr; - while (b->next_bio == NULL) - { - ret=acpt_state(b,data); - if (ret <= 0) return(ret); - } + while (b->next_bio == NULL) { + ret = acpt_state(b, data); + if (ret <= 0) + return (ret); + } - ret=BIO_write(b->next_bio,in,inl); + ret = BIO_write(b->next_bio, in, inl); BIO_copy_next_retry(b); - return(ret); - } + return (ret); +} -static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr) - { - BIO *dbio; +static long +acpt_ctrl(BIO *b, int cmd, long num, void *ptr) +{ int *ip; - long ret=1; + long ret = 1; BIO_ACCEPT *data; char **pp; - data=(BIO_ACCEPT *)b->ptr; + data = (BIO_ACCEPT *)b->ptr; - switch (cmd) - { + switch (cmd) { case BIO_CTRL_RESET: - ret=0; - data->state=ACPT_S_BEFORE; + ret = 0; + data->state = ACPT_S_BEFORE; acpt_close_socket(b); - b->flags=0; + b->flags = 0; break; case BIO_C_DO_STATE_MACHINE: /* use this one to start the connection */ - ret=(long)acpt_state(b,data); + ret = (long)acpt_state(b, data); break; case BIO_C_SET_ACCEPT: - if (ptr != NULL) - { - if (num == 0) - { - b->init=1; - if (data->param_addr != NULL) - OPENSSL_free(data->param_addr); - data->param_addr=BUF_strdup(ptr); - } - else if (num == 1) - { - data->accept_nbio=(ptr != NULL); - } - else if (num == 2) - { - if (data->bio_chain != NULL) - BIO_free(data->bio_chain); - data->bio_chain=(BIO *)ptr; - } + if (ptr != NULL) { + if (num == 0) { + b->init = 1; + free(data->param_addr); + data->param_addr = strdup(ptr); + } else if (num == 1) { + data->accept_nbio = (ptr != NULL); + } else if (num == 2) { + BIO_free(data->bio_chain); + data->bio_chain = (BIO *)ptr; } + } break; case BIO_C_SET_NBIO: - data->nbio=(int)num; + data->nbio = (int)num; break; case BIO_C_SET_FD: - b->init=1; + b->init = 1; b->num= *((int *)ptr); - data->accept_sock=b->num; - data->state=ACPT_S_GET_ACCEPT_SOCKET; - b->shutdown=(int)num; - b->init=1; + data->accept_sock = b->num; + data->state = ACPT_S_GET_ACCEPT_SOCKET; + b->shutdown = (int)num; + b->init = 1; break; case BIO_C_GET_FD: - if (b->init) - { - ip=(int *)ptr; + if (b->init) { + ip = (int *)ptr; if (ip != NULL) - *ip=data->accept_sock; - ret=data->accept_sock; - } - else - ret= -1; + *ip = data->accept_sock; + ret = data->accept_sock; + } else + ret = -1; break; case BIO_C_GET_ACCEPT: - if (b->init) - { - if (ptr != NULL) - { - pp=(char **)ptr; - *pp=data->param_addr; - } - else - ret= -1; - } - else - ret= -1; + if (b->init) { + if (ptr != NULL) { + pp = (char **)ptr; + *pp = data->param_addr; + } else + ret = -1; + } else + ret = -1; break; case BIO_CTRL_GET_CLOSE: - ret=b->shutdown; + ret = b->shutdown; break; case BIO_CTRL_SET_CLOSE: - b->shutdown=(int)num; + b->shutdown = (int)num; break; case BIO_CTRL_PENDING: case BIO_CTRL_WPENDING: - ret=0; + ret = 0; break; case BIO_CTRL_FLUSH: break; case BIO_C_SET_BIND_MODE: - data->bind_mode=(int)num; + data->bind_mode = (int)num; break; case BIO_C_GET_BIND_MODE: - ret=(long)data->bind_mode; + ret = (long)data->bind_mode; break; case BIO_CTRL_DUP: - dbio=(BIO *)ptr; -/* if (data->param_port) EAY EAY +/* dbio=(BIO *)ptr; + if (data->param_port) EAY EAY BIO_set_port(dbio,data->param_port); if (data->param_hostname) BIO_set_hostname(dbio,data->param_hostname); - BIO_set_nbio(dbio,data->nbio); */ + BIO_set_nbio(dbio,data->nbio); +*/ break; default: - ret=0; + ret = 0; break; - } - return(ret); - } - -static int acpt_puts(BIO *bp, const char *str) - { - int n,ret; - - n=strlen(str); - ret=acpt_write(bp,str,n); - return(ret); } - -BIO *BIO_new_accept(char *str) - { + return (ret); +} + +static int +acpt_puts(BIO *bp, const char *str) +{ + int n, ret; + + n = strlen(str); + ret = acpt_write(bp, str, n); + return (ret); +} + +BIO * +BIO_new_accept(const char *str) +{ BIO *ret; - ret=BIO_new(BIO_s_accept()); - if (ret == NULL) return(NULL); - if (BIO_set_accept_port(ret,str)) - return(ret); - else - { + ret = BIO_new(BIO_s_accept()); + if (ret == NULL) + return (NULL); + if (BIO_set_accept_port(ret, str)) + return (ret); + else { BIO_free(ret); - return(NULL); - } + return (NULL); } +} -#endif diff --git a/src/lib/libcrypto/bio/bss_bio.c b/src/lib/libcrypto/bio/bss_bio.c index 1c485a4479a..74f86a51ee7 100644 --- a/src/lib/libcrypto/bio/bss_bio.c +++ b/src/lib/libcrypto/bio/bss_bio.c @@ -1,4 +1,57 @@ -/* crypto/bio/bss_bio.c -*- Mode: C; c-file-style: "eay" -*- */ +/* $OpenBSD: bss_bio.c,v 1.24 2018/05/01 13:29:09 tb Exp $ */ +/* ==================================================================== + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ /* Special method for a BIO where the other endpoint is also a BIO * of this kind, handled by the same thread (i.e. the "peer" is actually @@ -25,22 +78,12 @@ #include #include #include +#include #include #include -#include #include -#include "e_os.h" - -/* VxWorks defines SSIZE_MAX with an empty value causing compile errors */ -#if defined(OPENSSL_SYS_VSWORKS) -# undef SSIZE_MAX -#endif -#ifndef SSIZE_MAX -# define SSIZE_MAX INT_MAX -#endif - static int bio_new(BIO *bio); static int bio_free(BIO *bio); static int bio_read(BIO *bio, char *buf, int size); @@ -51,64 +94,62 @@ static int bio_puts(BIO *bio, const char *str); static int bio_make_pair(BIO *bio1, BIO *bio2); static void bio_destroy_pair(BIO *bio); -static BIO_METHOD methods_biop = -{ - BIO_TYPE_BIO, - "BIO pair", - bio_write, - bio_read, - bio_puts, - NULL /* no bio_gets */, - bio_ctrl, - bio_new, - bio_free, - NULL /* no bio_callback_ctrl */ +static const BIO_METHOD methods_biop = { + .type = BIO_TYPE_BIO, + .name = "BIO pair", + .bwrite = bio_write, + .bread = bio_read, + .bputs = bio_puts, + .ctrl = bio_ctrl, + .create = bio_new, + .destroy = bio_free }; -BIO_METHOD *BIO_s_bio(void) - { +const BIO_METHOD * +BIO_s_bio(void) +{ return &methods_biop; - } +} + +struct bio_bio_st { + BIO *peer; /* NULL if buf == NULL. + * If peer != NULL, then peer->ptr is also a bio_bio_st, + * and its "peer" member points back to us. + * peer != NULL iff init != 0 in the BIO. */ -struct bio_bio_st -{ - BIO *peer; /* NULL if buf == NULL. - * If peer != NULL, then peer->ptr is also a bio_bio_st, - * and its "peer" member points back to us. - * peer != NULL iff init != 0 in the BIO. */ - /* This is for what we write (i.e. reading uses peer's struct): */ - int closed; /* valid iff peer != NULL */ - size_t len; /* valid iff buf != NULL; 0 if peer == NULL */ - size_t offset; /* valid iff buf != NULL; 0 if len == 0 */ + int closed; /* valid iff peer != NULL */ + size_t len; /* valid iff buf != NULL; 0 if peer == NULL */ + size_t offset; /* valid iff buf != NULL; 0 if len == 0 */ size_t size; char *buf; /* "size" elements (if != NULL) */ size_t request; /* valid iff peer != NULL; 0 if len != 0, - * otherwise set by peer to number of bytes - * it (unsuccessfully) tried to read, + * otherwise set by peer to number of bytes + * it (unsuccessfully) tried to read, * never more than buffer space (size-len) warrants. */ }; -static int bio_new(BIO *bio) - { +static int +bio_new(BIO *bio) +{ struct bio_bio_st *b; - - b = OPENSSL_malloc(sizeof *b); + + b = malloc(sizeof *b); if (b == NULL) return 0; b->peer = NULL; - b->size = 17*1024; /* enough for one TLS record (just a default) */ + b->size = 17 * 1024; /* enough for one TLS record (just a default) */ b->buf = NULL; bio->ptr = b; return 1; - } +} - -static int bio_free(BIO *bio) - { +static int +bio_free(BIO *bio) +{ struct bio_bio_st *b; if (bio == NULL) @@ -119,21 +160,17 @@ static int bio_free(BIO *bio) if (b->peer) bio_destroy_pair(bio); - - if (b->buf != NULL) - { - OPENSSL_free(b->buf); - } - - OPENSSL_free(b); + free(b->buf); + free(b); return 1; - } +} -static int bio_read(BIO *bio, char *buf, int size_) - { +static int +bio_read(BIO *bio, char *buf, int size_) +{ size_t size = size_; size_t rest; struct bio_bio_st *b, *peer_b; @@ -155,12 +192,10 @@ static int bio_read(BIO *bio, char *buf, int size_) if (buf == NULL || size == 0) return 0; - if (peer_b->len == 0) - { + if (peer_b->len == 0) { if (peer_b->closed) return 0; /* writer has closed, and no data is left */ - else - { + else { BIO_set_retry_read(bio); /* buffer is empty */ if (size <= peer_b->size) peer_b->request = size; @@ -169,22 +204,22 @@ static int bio_read(BIO *bio, char *buf, int size_) * deliver in one write */ peer_b->request = peer_b->size; return -1; - } } + } /* we can read */ if (peer_b->len < size) size = peer_b->len; /* now read "size" bytes */ - + rest = size; - + assert(rest > 0); do /* one or two iterations */ - { + { size_t chunk; - + assert(rest <= peer_b->len); if (peer_b->offset + rest <= peer_b->size) chunk = rest; @@ -192,30 +227,26 @@ static int bio_read(BIO *bio, char *buf, int size_) /* wrap around ring buffer */ chunk = peer_b->size - peer_b->offset; assert(peer_b->offset + chunk <= peer_b->size); - + memcpy(buf, peer_b->buf + peer_b->offset, chunk); - + peer_b->len -= chunk; - if (peer_b->len) - { + if (peer_b->len) { peer_b->offset += chunk; assert(peer_b->offset <= peer_b->size); if (peer_b->offset == peer_b->size) peer_b->offset = 0; buf += chunk; - } - else - { + } else { /* buffer now empty, no need to advance "buf" */ assert(chunk == rest); peer_b->offset = 0; - } - rest -= chunk; } - while (rest); - + rest -= chunk; + } while (rest); + return size; - } +} /* non-copying interface: provide pointer to available data in buffer * bio_nread0: return number of available bytes @@ -225,32 +256,32 @@ static int bio_read(BIO *bio, char *buf, int size_) */ /* WARNING: The non-copying interface is largely untested as of yet * and may contain bugs. */ -static ssize_t bio_nread0(BIO *bio, char **buf) - { +static ssize_t +bio_nread0(BIO *bio, char **buf) +{ struct bio_bio_st *b, *peer_b; ssize_t num; - + BIO_clear_retry_flags(bio); if (!bio->init) return 0; - + b = bio->ptr; assert(b != NULL); assert(b->peer != NULL); peer_b = b->peer->ptr; assert(peer_b != NULL); assert(peer_b->buf != NULL); - + peer_b->request = 0; - - if (peer_b->len == 0) - { + + if (peer_b->len == 0) { char dummy; - + /* avoid code duplication -- nothing available for reading */ return bio_read(bio, &dummy, 1); /* returns 0 or -1 */ - } + } num = peer_b->len; if (peer_b->size < peer_b->offset + num) @@ -261,10 +292,11 @@ static ssize_t bio_nread0(BIO *bio, char **buf) if (buf != NULL) *buf = peer_b->buf + peer_b->offset; return num; - } +} -static ssize_t bio_nread(BIO *bio, char **buf, size_t num_) - { +static ssize_t +bio_nread(BIO *bio, char **buf, size_t num_) +{ struct bio_bio_st *b, *peer_b; ssize_t num, available; @@ -283,22 +315,21 @@ static ssize_t bio_nread(BIO *bio, char **buf, size_t num_) peer_b = b->peer->ptr; peer_b->len -= num; - if (peer_b->len) - { + if (peer_b->len) { peer_b->offset += num; assert(peer_b->offset <= peer_b->size); if (peer_b->offset == peer_b->size) peer_b->offset = 0; - } - else + } else peer_b->offset = 0; return num; - } +} -static int bio_write(BIO *bio, const char *buf, int num_) - { +static int +bio_write(BIO *bio, const char *buf, int num_) +{ size_t num = num_; size_t rest; struct bio_bio_st *b; @@ -308,38 +339,37 @@ static int bio_write(BIO *bio, const char *buf, int num_) if (!bio->init || buf == NULL || num == 0) return 0; - b = bio->ptr; + b = bio->ptr; + assert(b != NULL); assert(b->peer != NULL); assert(b->buf != NULL); b->request = 0; - if (b->closed) - { + if (b->closed) { /* we already closed */ - BIOerr(BIO_F_BIO_WRITE, BIO_R_BROKEN_PIPE); + BIOerror(BIO_R_BROKEN_PIPE); return -1; - } + } assert(b->len <= b->size); - if (b->len == b->size) - { + if (b->len == b->size) { BIO_set_retry_write(bio); /* buffer is full */ return -1; - } + } /* we can write */ if (num > b->size - b->len) num = b->size - b->len; - + /* now write "num" bytes */ rest = num; - + assert(rest > 0); do /* one or two iterations */ - { + { size_t write_offset; size_t chunk; @@ -355,20 +385,19 @@ static int bio_write(BIO *bio, const char *buf, int num_) else /* wrap around ring buffer */ chunk = b->size - write_offset; - + memcpy(b->buf + write_offset, buf, chunk); - + b->len += chunk; assert(b->len <= b->size); - + rest -= chunk; buf += chunk; - } - while (rest); + } while (rest); return num; - } +} /* non-copying interface: provide pointer to region to write to * bio_nwrite0: check how much space is available @@ -376,8 +405,9 @@ static int bio_write(BIO *bio, const char *buf, int num_) * (example usage: bio_nwrite0(), write to buffer, bio_nwrite() * or just bio_nwrite(), write to buffer) */ -static ssize_t bio_nwrite0(BIO *bio, char **buf) - { +static ssize_t +bio_nwrite0(BIO *bio, char **buf) +{ struct bio_bio_st *b; size_t num; size_t write_offset; @@ -387,25 +417,24 @@ static ssize_t bio_nwrite0(BIO *bio, char **buf) if (!bio->init) return 0; - b = bio->ptr; + b = bio->ptr; + assert(b != NULL); assert(b->peer != NULL); assert(b->buf != NULL); b->request = 0; - if (b->closed) - { - BIOerr(BIO_F_BIO_NWRITE0, BIO_R_BROKEN_PIPE); + if (b->closed) { + BIOerror(BIO_R_BROKEN_PIPE); return -1; - } + } assert(b->len <= b->size); - if (b->len == b->size) - { + if (b->len == b->size) { BIO_set_retry_write(bio); return -1; - } + } num = b->size - b->len; write_offset = b->offset + b->len; @@ -422,10 +451,11 @@ static ssize_t bio_nwrite0(BIO *bio, char **buf) assert(write_offset + num <= b->size); return num; - } +} -static ssize_t bio_nwrite(BIO *bio, char **buf, size_t num_) - { +static ssize_t +bio_nwrite(BIO *bio, char **buf, size_t num_) +{ struct bio_bio_st *b; ssize_t num, space; @@ -445,46 +475,37 @@ static ssize_t bio_nwrite(BIO *bio, char **buf, size_t num_) assert(b->len <= b->size); return num; - } +} -static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr) - { +static long +bio_ctrl(BIO *bio, int cmd, long num, void *ptr) +{ long ret; struct bio_bio_st *b = bio->ptr; - + assert(b != NULL); - switch (cmd) - { - /* specific CTRL codes */ + switch (cmd) { + /* specific CTRL codes */ case BIO_C_SET_WRITE_BUF_SIZE: - if (b->peer) - { - BIOerr(BIO_F_BIO_CTRL, BIO_R_IN_USE); + if (b->peer) { + BIOerror(BIO_R_IN_USE); ret = 0; - } - else if (num == 0) - { - BIOerr(BIO_F_BIO_CTRL, BIO_R_INVALID_ARGUMENT); + } else if (num == 0) { + BIOerror(BIO_R_INVALID_ARGUMENT); ret = 0; - } - else - { + } else { size_t new_size = num; - if (b->size != new_size) - { - if (b->buf) - { - OPENSSL_free(b->buf); - b->buf = NULL; - } + if (b->size != new_size) { + free(b->buf); + b->buf = NULL; b->size = new_size; - } - ret = 1; } + ret = 1; + } break; case BIO_C_GET_WRITE_BUF_SIZE: @@ -493,17 +514,17 @@ static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr) case BIO_C_MAKE_BIO_PAIR: { - BIO *other_bio = ptr; - - if (bio_make_pair(bio, other_bio)) - ret = 1; - else - ret = 0; + BIO *other_bio = ptr; + + if (bio_make_pair(bio, other_bio)) + ret = 1; + else + ret = 0; } break; - + case BIO_C_DESTROY_BIO_PAIR: - /* Effects both BIOs in the pair -- call just once! + /* Affects both BIOs in the pair -- call just once! * Or let BIO_free(bio1); BIO_free(bio2); do the job. */ bio_destroy_pair(bio); ret = 1; @@ -544,12 +565,12 @@ static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr) /* prepare for non-copying read */ ret = (long) bio_nread0(bio, ptr); break; - + case BIO_C_NREAD: /* non-copying read */ ret = (long) bio_nread(bio, ptr, (size_t) num); break; - + case BIO_C_NWRITE0: /* prepare for non-copying write */ ret = (long) bio_nwrite0(bio, ptr); @@ -559,18 +580,18 @@ static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr) /* non-copying write */ ret = (long) bio_nwrite(bio, ptr, (size_t) num); break; - - /* standard CTRL codes follow */ + + /* standard CTRL codes follow */ case BIO_CTRL_RESET: - if (b->buf != NULL) - { + if (b->buf != NULL) { b->len = 0; b->offset = 0; - } + } ret = 0; - break; + break; + case BIO_CTRL_GET_CLOSE: ret = bio->shutdown; @@ -582,13 +603,11 @@ static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr) break; case BIO_CTRL_PENDING: - if (b->peer != NULL) - { + if (b->peer != NULL) { struct bio_bio_st *peer_b = b->peer->ptr; - + ret = (long) peer_b->len; - } - else + } else ret = 0; break; @@ -602,16 +621,16 @@ static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr) case BIO_CTRL_DUP: /* See BIO_dup_chain for circumstances we have to expect. */ { - BIO *other_bio = ptr; - struct bio_bio_st *other_b; - - assert(other_bio != NULL); - other_b = other_bio->ptr; - assert(other_b != NULL); - - assert(other_b->buf == NULL); /* other_bio is always fresh */ - - other_b->size = b->size; + BIO *other_bio = ptr; + struct bio_bio_st *other_b; + + assert(other_bio != NULL); + other_b = other_bio->ptr; + assert(other_b != NULL); + + assert(other_b->buf == NULL); /* other_bio is always fresh */ + + other_b->size = b->size; } ret = 1; @@ -623,34 +642,34 @@ static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr) case BIO_CTRL_EOF: { - BIO *other_bio = ptr; - - if (other_bio) - { - struct bio_bio_st *other_b = other_bio->ptr; - - assert(other_b != NULL); - ret = other_b->len == 0 && other_b->closed; - } - else - ret = 1; + BIO *other_bio = ptr; + + if (other_bio) { + struct bio_bio_st *other_b = other_bio->ptr; + + assert(other_b != NULL); + ret = other_b->len == 0 && other_b->closed; + } else + ret = 1; } break; default: ret = 0; - } - return ret; } + return ret; +} -static int bio_puts(BIO *bio, const char *str) - { +static int +bio_puts(BIO *bio, const char *str) +{ return bio_write(bio, str, strlen(str)); - } +} -static int bio_make_pair(BIO *bio1, BIO *bio2) - { +static int +bio_make_pair(BIO *bio1, BIO *bio2) +{ struct bio_bio_st *b1, *b2; assert(bio1 != NULL); @@ -658,37 +677,32 @@ static int bio_make_pair(BIO *bio1, BIO *bio2) b1 = bio1->ptr; b2 = bio2->ptr; - - if (b1->peer != NULL || b2->peer != NULL) - { - BIOerr(BIO_F_BIO_MAKE_PAIR, BIO_R_IN_USE); + + if (b1->peer != NULL || b2->peer != NULL) { + BIOerror(BIO_R_IN_USE); return 0; - } - - if (b1->buf == NULL) - { - b1->buf = OPENSSL_malloc(b1->size); - if (b1->buf == NULL) - { - BIOerr(BIO_F_BIO_MAKE_PAIR, ERR_R_MALLOC_FAILURE); + } + + if (b1->buf == NULL) { + b1->buf = malloc(b1->size); + if (b1->buf == NULL) { + BIOerror(ERR_R_MALLOC_FAILURE); return 0; - } + } b1->len = 0; b1->offset = 0; - } - - if (b2->buf == NULL) - { - b2->buf = OPENSSL_malloc(b2->size); - if (b2->buf == NULL) - { - BIOerr(BIO_F_BIO_MAKE_PAIR, ERR_R_MALLOC_FAILURE); + } + + if (b2->buf == NULL) { + b2->buf = malloc(b2->size); + if (b2->buf == NULL) { + BIOerror(ERR_R_MALLOC_FAILURE); return 0; - } + } b2->len = 0; b2->offset = 0; - } - + } + b1->peer = bio2; b1->closed = 0; b1->request = 0; @@ -700,18 +714,17 @@ static int bio_make_pair(BIO *bio1, BIO *bio2) bio2->init = 1; return 1; - } +} -static void bio_destroy_pair(BIO *bio) - { +static void +bio_destroy_pair(BIO *bio) +{ struct bio_bio_st *b = bio->ptr; - if (b != NULL) - { + if (b != NULL) { BIO *peer_bio = b->peer; - if (peer_bio != NULL) - { + if (peer_bio != NULL) { struct bio_bio_st *peer_b = peer_bio->ptr; assert(peer_b != NULL); @@ -722,151 +735,149 @@ static void bio_destroy_pair(BIO *bio) assert(peer_b->buf != NULL); peer_b->len = 0; peer_b->offset = 0; - + b->peer = NULL; bio->init = 0; assert(b->buf != NULL); b->len = 0; b->offset = 0; - } } } - +} + /* Exported convenience functions */ -int BIO_new_bio_pair(BIO **bio1_p, size_t writebuf1, - BIO **bio2_p, size_t writebuf2) - { - BIO *bio1 = NULL, *bio2 = NULL; - long r; - int ret = 0; - - bio1 = BIO_new(BIO_s_bio()); - if (bio1 == NULL) - goto err; - bio2 = BIO_new(BIO_s_bio()); - if (bio2 == NULL) - goto err; - - if (writebuf1) - { - r = BIO_set_write_buf_size(bio1, writebuf1); - if (!r) - goto err; - } - if (writebuf2) - { - r = BIO_set_write_buf_size(bio2, writebuf2); - if (!r) - goto err; - } - - r = BIO_make_bio_pair(bio1, bio2); - if (!r) - goto err; - ret = 1; - - err: - if (ret == 0) - { - if (bio1) - { - BIO_free(bio1); - bio1 = NULL; - } - if (bio2) - { - BIO_free(bio2); - bio2 = NULL; - } - } - - *bio1_p = bio1; - *bio2_p = bio2; - return ret; - } - -size_t BIO_ctrl_get_write_guarantee(BIO *bio) - { - return BIO_ctrl(bio, BIO_C_GET_WRITE_GUARANTEE, 0, NULL); +int +BIO_new_bio_pair(BIO **bio1_p, size_t writebuf1, BIO **bio2_p, size_t writebuf2) +{ + BIO *bio1 = NULL, *bio2 = NULL; + long r; + int ret = 0; + + bio1 = BIO_new(BIO_s_bio()); + if (bio1 == NULL) + goto err; + bio2 = BIO_new(BIO_s_bio()); + if (bio2 == NULL) + goto err; + + if (writebuf1) { + r = BIO_set_write_buf_size(bio1, writebuf1); + if (!r) + goto err; + } + if (writebuf2) { + r = BIO_set_write_buf_size(bio2, writebuf2); + if (!r) + goto err; } -size_t BIO_ctrl_get_read_request(BIO *bio) - { - return BIO_ctrl(bio, BIO_C_GET_READ_REQUEST, 0, NULL); + r = BIO_make_bio_pair(bio1, bio2); + if (!r) + goto err; + ret = 1; + + err: + if (ret == 0) { + if (bio1) { + BIO_free(bio1); + bio1 = NULL; + } + if (bio2) { + BIO_free(bio2); + bio2 = NULL; + } } -int BIO_ctrl_reset_read_request(BIO *bio) - { + *bio1_p = bio1; + *bio2_p = bio2; + return ret; +} + +size_t +BIO_ctrl_get_write_guarantee(BIO *bio) +{ + return BIO_ctrl(bio, BIO_C_GET_WRITE_GUARANTEE, 0, NULL); +} + +size_t +BIO_ctrl_get_read_request(BIO *bio) +{ + return BIO_ctrl(bio, BIO_C_GET_READ_REQUEST, 0, NULL); +} + +int +BIO_ctrl_reset_read_request(BIO *bio) +{ return (BIO_ctrl(bio, BIO_C_RESET_READ_REQUEST, 0, NULL) != 0); - } +} /* BIO_nread0/nread/nwrite0/nwrite are available only for BIO pairs for now * (conceivably some other BIOs could allow non-copying reads and writes too.) */ -int BIO_nread0(BIO *bio, char **buf) - { +int +BIO_nread0(BIO *bio, char **buf) +{ long ret; - if (!bio->init) - { - BIOerr(BIO_F_BIO_NREAD0, BIO_R_UNINITIALIZED); + if (!bio->init) { + BIOerror(BIO_R_UNINITIALIZED); return -2; - } + } ret = BIO_ctrl(bio, BIO_C_NREAD0, 0, buf); if (ret > INT_MAX) return INT_MAX; else return (int) ret; - } +} -int BIO_nread(BIO *bio, char **buf, int num) - { +int +BIO_nread(BIO *bio, char **buf, int num) +{ int ret; - if (!bio->init) - { - BIOerr(BIO_F_BIO_NREAD, BIO_R_UNINITIALIZED); + if (!bio->init) { + BIOerror(BIO_R_UNINITIALIZED); return -2; - } + } ret = (int) BIO_ctrl(bio, BIO_C_NREAD, num, buf); if (ret > 0) bio->num_read += ret; return ret; - } +} -int BIO_nwrite0(BIO *bio, char **buf) - { +int +BIO_nwrite0(BIO *bio, char **buf) +{ long ret; - if (!bio->init) - { - BIOerr(BIO_F_BIO_NWRITE0, BIO_R_UNINITIALIZED); + if (!bio->init) { + BIOerror(BIO_R_UNINITIALIZED); return -2; - } + } ret = BIO_ctrl(bio, BIO_C_NWRITE0, 0, buf); if (ret > INT_MAX) return INT_MAX; else return (int) ret; - } +} -int BIO_nwrite(BIO *bio, char **buf, int num) - { +int +BIO_nwrite(BIO *bio, char **buf, int num) +{ int ret; - if (!bio->init) - { - BIOerr(BIO_F_BIO_NWRITE, BIO_R_UNINITIALIZED); + if (!bio->init) { + BIOerror(BIO_R_UNINITIALIZED); return -2; - } + } ret = BIO_ctrl(bio, BIO_C_NWRITE, num, buf); if (ret > 0) - bio->num_read += ret; + bio->num_write += ret; return ret; - } +} diff --git a/src/lib/libcrypto/bio/bss_conn.c b/src/lib/libcrypto/bio/bss_conn.c index f91ae4c8c6c..46a37b06087 100644 --- a/src/lib/libcrypto/bio/bss_conn.c +++ b/src/lib/libcrypto/bio/bss_conn.c @@ -1,4 +1,4 @@ -/* crypto/bio/bss_conn.c */ +/* $OpenBSD: bss_conn.c,v 1.35 2018/05/12 18:51:59 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -56,28 +56,23 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_SOCK +#include + +#include -#include #include -#define USE_SOCKETS -#include "cryptlib.h" +#include +#include +#include +#include + #include +#include +#include -#ifdef OPENSSL_SYS_WIN16 -#define SOCKET_PROTOCOL 0 /* more microsoft stupidity */ -#else #define SOCKET_PROTOCOL IPPROTO_TCP -#endif -#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000) -/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */ -#undef FIONBIO -#endif - - -typedef struct bio_connect_st - { +typedef struct bio_connect_st { int state; char *param_hostname; @@ -95,8 +90,8 @@ typedef struct bio_connect_st /* called when the connection is initially made * callback(BIO,state,ret); The callback should return * 'ret'. state is for compatibility with the ssl info_callback */ - int (*info_callback)(const BIO *bio,int state,int ret); - } BIO_CONNECT; + int (*info_callback)(const BIO *bio, int state, int ret); +} BIO_CONNECT; static int conn_write(BIO *h, const char *buf, int num); static int conn_read(BIO *h, char *buf, int size); @@ -108,545 +103,498 @@ static long conn_callback_ctrl(BIO *h, int cmd, bio_info_cb *); static int conn_state(BIO *b, BIO_CONNECT *c); static void conn_close_socket(BIO *data); -BIO_CONNECT *BIO_CONNECT_new(void ); +BIO_CONNECT *BIO_CONNECT_new(void); void BIO_CONNECT_free(BIO_CONNECT *a); -static BIO_METHOD methods_connectp= - { - BIO_TYPE_CONNECT, - "socket connect", - conn_write, - conn_read, - conn_puts, - NULL, /* connect_gets, */ - conn_ctrl, - conn_new, - conn_free, - conn_callback_ctrl, - }; - -static int conn_state(BIO *b, BIO_CONNECT *c) - { - int ret= -1,i; +static const BIO_METHOD methods_connectp = { + .type = BIO_TYPE_CONNECT, + .name = "socket connect", + .bwrite = conn_write, + .bread = conn_read, + .bputs = conn_puts, + .ctrl = conn_ctrl, + .create = conn_new, + .destroy = conn_free, + .callback_ctrl = conn_callback_ctrl +}; + +static int +conn_state(BIO *b, BIO_CONNECT *c) +{ + int ret = -1, i; unsigned long l; - char *p,*q; - int (*cb)()=NULL; + char *p, *q; + int (*cb)(const BIO *, int, int) = NULL; if (c->info_callback != NULL) - cb=c->info_callback; + cb = c->info_callback; - for (;;) - { - switch (c->state) - { + for (;;) { + switch (c->state) { case BIO_CONN_S_BEFORE: - p=c->param_hostname; - if (p == NULL) - { - BIOerr(BIO_F_CONN_STATE,BIO_R_NO_HOSTNAME_SPECIFIED); + p = c->param_hostname; + if (p == NULL) { + BIOerror(BIO_R_NO_HOSTNAME_SPECIFIED); goto exit_loop; - } - for ( ; *p != '\0'; p++) - { - if ((*p == ':') || (*p == '/')) break; - } + } + for (; *p != '\0'; p++) { + if ((*p == ':') || (*p == '/')) + break; + } i= *p; - if ((i == ':') || (i == '/')) - { - - *(p++)='\0'; - if (i == ':') - { - for (q=p; *q; q++) - if (*q == '/') - { - *q='\0'; + if ((i == ':') || (i == '/')) { + *(p++) = '\0'; + if (i == ':') { + for (q = p; *q; q++) + if (*q == '/') { + *q = '\0'; break; - } - if (c->param_port != NULL) - OPENSSL_free(c->param_port); - c->param_port=BUF_strdup(p); - } + } + free(c->param_port); + c->param_port = strdup(p); } + } - if (c->param_port == NULL) - { - BIOerr(BIO_F_CONN_STATE,BIO_R_NO_PORT_SPECIFIED); - ERR_add_error_data(2,"host=",c->param_hostname); + if (c->param_port == NULL) { + BIOerror(BIO_R_NO_PORT_SPECIFIED); + ERR_asprintf_error_data("host=%s", + c->param_hostname); goto exit_loop; - } - c->state=BIO_CONN_S_GET_IP; + } + c->state = BIO_CONN_S_GET_IP; break; case BIO_CONN_S_GET_IP: - if (BIO_get_host_ip(c->param_hostname,&(c->ip[0])) <= 0) + if (BIO_get_host_ip(c->param_hostname, &(c->ip[0])) <= 0) goto exit_loop; - c->state=BIO_CONN_S_GET_PORT; + c->state = BIO_CONN_S_GET_PORT; break; case BIO_CONN_S_GET_PORT: - if (c->param_port == NULL) - { + if (c->param_port == NULL) { /* abort(); */ goto exit_loop; - } - else if (BIO_get_port(c->param_port,&c->port) <= 0) + } else if (BIO_get_port(c->param_port, &c->port) <= 0) goto exit_loop; - c->state=BIO_CONN_S_CREATE_SOCKET; + c->state = BIO_CONN_S_CREATE_SOCKET; break; case BIO_CONN_S_CREATE_SOCKET: /* now setup address */ - memset((char *)&c->them,0,sizeof(c->them)); - c->them.sin_family=AF_INET; - c->them.sin_port=htons((unsigned short)c->port); - l=(unsigned long) - ((unsigned long)c->ip[0]<<24L)| - ((unsigned long)c->ip[1]<<16L)| - ((unsigned long)c->ip[2]<< 8L)| - ((unsigned long)c->ip[3]); - c->them.sin_addr.s_addr=htonl(l); - c->state=BIO_CONN_S_CREATE_SOCKET; - - ret=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL); - if (ret == INVALID_SOCKET) - { - SYSerr(SYS_F_SOCKET,get_last_socket_error()); - ERR_add_error_data(4,"host=",c->param_hostname, - ":",c->param_port); - BIOerr(BIO_F_CONN_STATE,BIO_R_UNABLE_TO_CREATE_SOCKET); + memset((char *)&c->them, 0, sizeof(c->them)); + c->them.sin_family = AF_INET; + c->them.sin_port = htons((unsigned short)c->port); + l = (unsigned long) + ((unsigned long)c->ip[0] << 24L)| + ((unsigned long)c->ip[1] << 16L)| + ((unsigned long)c->ip[2] << 8L)| + ((unsigned long)c->ip[3]); + c->them.sin_addr.s_addr = htonl(l); + c->state = BIO_CONN_S_CREATE_SOCKET; + + ret = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL); + if (ret == -1) { + SYSerror(errno); + ERR_asprintf_error_data("host=%s:%s", + c->param_hostname, c->param_port); + BIOerror(BIO_R_UNABLE_TO_CREATE_SOCKET); goto exit_loop; - } - b->num=ret; - c->state=BIO_CONN_S_NBIO; + } + b->num = ret; + c->state = BIO_CONN_S_NBIO; break; case BIO_CONN_S_NBIO: - if (c->nbio) - { - if (!BIO_socket_nbio(b->num,1)) - { - BIOerr(BIO_F_CONN_STATE,BIO_R_ERROR_SETTING_NBIO); - ERR_add_error_data(4,"host=", - c->param_hostname, - ":",c->param_port); + if (c->nbio) { + if (!BIO_socket_nbio(b->num, 1)) { + BIOerror(BIO_R_ERROR_SETTING_NBIO); + ERR_asprintf_error_data("host=%s:%s", + c->param_hostname, c->param_port); goto exit_loop; - } } - c->state=BIO_CONN_S_CONNECT; - -#if defined(SO_KEEPALIVE) && !defined(OPENSSL_SYS_MPE) - i=1; - i=setsockopt(b->num,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i)); - if (i < 0) - { - SYSerr(SYS_F_SOCKET,get_last_socket_error()); - ERR_add_error_data(4,"host=",c->param_hostname, - ":",c->param_port); - BIOerr(BIO_F_CONN_STATE,BIO_R_KEEPALIVE); + } + c->state = BIO_CONN_S_CONNECT; + +#if defined(SO_KEEPALIVE) + i = 1; + i = setsockopt(b->num, SOL_SOCKET, SO_KEEPALIVE, &i, sizeof(i)); + if (i < 0) { + SYSerror(errno); + ERR_asprintf_error_data("host=%s:%s", + c->param_hostname, c->param_port); + BIOerror(BIO_R_KEEPALIVE); goto exit_loop; - } + } #endif break; case BIO_CONN_S_CONNECT: BIO_clear_retry_flags(b); - ret=connect(b->num, - (struct sockaddr *)&c->them, - sizeof(c->them)); - b->retry_reason=0; - if (ret < 0) - { - if (BIO_sock_should_retry(ret)) - { + ret = connect(b->num, + (struct sockaddr *)&c->them, + sizeof(c->them)); + b->retry_reason = 0; + if (ret < 0) { + if (BIO_sock_should_retry(ret)) { BIO_set_retry_special(b); - c->state=BIO_CONN_S_BLOCKED_CONNECT; - b->retry_reason=BIO_RR_CONNECT; - } - else - { - SYSerr(SYS_F_CONNECT,get_last_socket_error()); - ERR_add_error_data(4,"host=", - c->param_hostname, - ":",c->param_port); - BIOerr(BIO_F_CONN_STATE,BIO_R_CONNECT_ERROR); - } - goto exit_loop; + c->state = BIO_CONN_S_BLOCKED_CONNECT; + b->retry_reason = BIO_RR_CONNECT; + } else { + SYSerror(errno); + ERR_asprintf_error_data("host=%s:%s", + c->param_hostname, c->param_port); + BIOerror(BIO_R_CONNECT_ERROR); } - else - c->state=BIO_CONN_S_OK; + goto exit_loop; + } else + c->state = BIO_CONN_S_OK; break; case BIO_CONN_S_BLOCKED_CONNECT: - i=BIO_sock_error(b->num); - if (i) - { + i = BIO_sock_error(b->num); + if (i) { BIO_clear_retry_flags(b); - SYSerr(SYS_F_CONNECT,i); - ERR_add_error_data(4,"host=", - c->param_hostname, - ":",c->param_port); - BIOerr(BIO_F_CONN_STATE,BIO_R_NBIO_CONNECT_ERROR); - ret=0; + SYSerror(i); + ERR_asprintf_error_data("host=%s:%s", + c->param_hostname, c->param_port); + BIOerror(BIO_R_NBIO_CONNECT_ERROR); + ret = 0; goto exit_loop; - } - else - c->state=BIO_CONN_S_OK; + } else + c->state = BIO_CONN_S_OK; break; case BIO_CONN_S_OK: - ret=1; + ret = 1; goto exit_loop; default: /* abort(); */ goto exit_loop; - } + } - if (cb != NULL) - { - if (!(ret=cb((BIO *)b,c->state,ret))) + if (cb != NULL) { + if (!(ret = cb((BIO *)b, c->state, ret))) goto end; - } } + } /* Loop does not exit */ exit_loop: if (cb != NULL) - ret=cb((BIO *)b,c->state,ret); + ret = cb((BIO *)b, c->state, ret); end: - return(ret); - } + return (ret); +} -BIO_CONNECT *BIO_CONNECT_new(void) - { +BIO_CONNECT * +BIO_CONNECT_new(void) +{ BIO_CONNECT *ret; - if ((ret=(BIO_CONNECT *)OPENSSL_malloc(sizeof(BIO_CONNECT))) == NULL) - return(NULL); - ret->state=BIO_CONN_S_BEFORE; - ret->param_hostname=NULL; - ret->param_port=NULL; - ret->info_callback=NULL; - ret->nbio=0; - ret->ip[0]=0; - ret->ip[1]=0; - ret->ip[2]=0; - ret->ip[3]=0; - ret->port=0; - memset((char *)&ret->them,0,sizeof(ret->them)); - return(ret); - } - -void BIO_CONNECT_free(BIO_CONNECT *a) - { - if(a == NULL) - return; - - if (a->param_hostname != NULL) - OPENSSL_free(a->param_hostname); - if (a->param_port != NULL) - OPENSSL_free(a->param_port); - OPENSSL_free(a); - } - -BIO_METHOD *BIO_s_connect(void) - { - return(&methods_connectp); - } - -static int conn_new(BIO *bi) - { - bi->init=0; - bi->num=INVALID_SOCKET; - bi->flags=0; - if ((bi->ptr=(char *)BIO_CONNECT_new()) == NULL) - return(0); + if ((ret = malloc(sizeof(BIO_CONNECT))) == NULL) + return (NULL); + ret->state = BIO_CONN_S_BEFORE; + ret->param_hostname = NULL; + ret->param_port = NULL; + ret->info_callback = NULL; + ret->nbio = 0; + ret->ip[0] = 0; + ret->ip[1] = 0; + ret->ip[2] = 0; + ret->ip[3] = 0; + ret->port = 0; + memset((char *)&ret->them, 0, sizeof(ret->them)); + return (ret); +} + +void +BIO_CONNECT_free(BIO_CONNECT *a) +{ + if (a == NULL) + return; + + free(a->param_hostname); + free(a->param_port); + free(a); +} + +const BIO_METHOD * +BIO_s_connect(void) +{ + return (&methods_connectp); +} + +static int +conn_new(BIO *bi) +{ + bi->init = 0; + bi->num = -1; + bi->flags = 0; + if ((bi->ptr = (char *)BIO_CONNECT_new()) == NULL) + return (0); else - return(1); - } + return (1); +} -static void conn_close_socket(BIO *bio) - { +static void +conn_close_socket(BIO *bio) +{ BIO_CONNECT *c; - c=(BIO_CONNECT *)bio->ptr; - if (bio->num != INVALID_SOCKET) - { + c = (BIO_CONNECT *)bio->ptr; + if (bio->num != -1) { /* Only do a shutdown if things were established */ if (c->state == BIO_CONN_S_OK) - shutdown(bio->num,2); - closesocket(bio->num); - bio->num=INVALID_SOCKET; - } + shutdown(bio->num, SHUT_RDWR); + close(bio->num); + bio->num = -1; } +} -static int conn_free(BIO *a) - { +static int +conn_free(BIO *a) +{ BIO_CONNECT *data; - if (a == NULL) return(0); - data=(BIO_CONNECT *)a->ptr; - - if (a->shutdown) - { + if (a == NULL) + return (0); + data = (BIO_CONNECT *)a->ptr; + + if (a->shutdown) { conn_close_socket(a); BIO_CONNECT_free(data); - a->ptr=NULL; - a->flags=0; - a->init=0; - } - return(1); + a->ptr = NULL; + a->flags = 0; + a->init = 0; } - -static int conn_read(BIO *b, char *out, int outl) - { - int ret=0; + return (1); +} + +static int +conn_read(BIO *b, char *out, int outl) +{ + int ret = 0; BIO_CONNECT *data; - data=(BIO_CONNECT *)b->ptr; - if (data->state != BIO_CONN_S_OK) - { - ret=conn_state(b,data); + data = (BIO_CONNECT *)b->ptr; + if (data->state != BIO_CONN_S_OK) { + ret = conn_state(b, data); if (ret <= 0) - return(ret); - } + return (ret); + } - if (out != NULL) - { - clear_socket_error(); - ret=readsocket(b->num,out,outl); + if (out != NULL) { + errno = 0; + ret = read(b->num, out, outl); BIO_clear_retry_flags(b); - if (ret <= 0) - { + if (ret <= 0) { if (BIO_sock_should_retry(ret)) BIO_set_retry_read(b); - } } - return(ret); } + return (ret); +} -static int conn_write(BIO *b, const char *in, int inl) - { +static int +conn_write(BIO *b, const char *in, int inl) +{ int ret; BIO_CONNECT *data; - data=(BIO_CONNECT *)b->ptr; - if (data->state != BIO_CONN_S_OK) - { - ret=conn_state(b,data); - if (ret <= 0) return(ret); - } + data = (BIO_CONNECT *)b->ptr; + if (data->state != BIO_CONN_S_OK) { + ret = conn_state(b, data); + if (ret <= 0) + return (ret); + } - clear_socket_error(); - ret=writesocket(b->num,in,inl); + errno = 0; + ret = write(b->num, in, inl); BIO_clear_retry_flags(b); - if (ret <= 0) - { + if (ret <= 0) { if (BIO_sock_should_retry(ret)) BIO_set_retry_write(b); - } - return(ret); } + return (ret); +} -static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) - { +static long +conn_ctrl(BIO *b, int cmd, long num, void *ptr) +{ BIO *dbio; int *ip; const char **pptr; - long ret=1; + long ret = 1; BIO_CONNECT *data; - data=(BIO_CONNECT *)b->ptr; + data = (BIO_CONNECT *)b->ptr; - switch (cmd) - { + switch (cmd) { case BIO_CTRL_RESET: - ret=0; - data->state=BIO_CONN_S_BEFORE; + ret = 0; + data->state = BIO_CONN_S_BEFORE; conn_close_socket(b); - b->flags=0; + b->flags = 0; break; case BIO_C_DO_STATE_MACHINE: /* use this one to start the connection */ - if (!data->state != BIO_CONN_S_OK) - ret=(long)conn_state(b,data); + if (data->state != BIO_CONN_S_OK) + ret = (long)conn_state(b, data); else - ret=1; + ret = 1; break; case BIO_C_GET_CONNECT: - if (ptr != NULL) - { - pptr=(const char **)ptr; - if (num == 0) - { - *pptr=data->param_hostname; - - } - else if (num == 1) - { - *pptr=data->param_port; - } - else if (num == 2) - { - *pptr= (char *)&(data->ip[0]); - } - else if (num == 3) - { - *((int *)ptr)=data->port; - } - if ((!b->init) || (ptr == NULL)) - *pptr="not initialized"; - ret=1; + if (ptr != NULL) { + pptr = (const char **)ptr; + if (num == 0) { + *pptr = data->param_hostname; + + } else if (num == 1) { + *pptr = data->param_port; + } else if (num == 2) { + *pptr = (char *)&(data->ip[0]); + } else if (num == 3) { + *((int *)ptr) = data->port; } + if ((!b->init) || (ptr == NULL)) + *pptr = "not initialized"; + ret = 1; + } break; case BIO_C_SET_CONNECT: - if (ptr != NULL) - { - b->init=1; - if (num == 0) - { - if (data->param_hostname != NULL) - OPENSSL_free(data->param_hostname); - data->param_hostname=BUF_strdup(ptr); - } - else if (num == 1) - { - if (data->param_port != NULL) - OPENSSL_free(data->param_port); - data->param_port=BUF_strdup(ptr); - } - else if (num == 2) - { - char buf[16]; - char *p = ptr; - - sprintf(buf,"%d.%d.%d.%d", - p[0],p[1],p[2],p[3]); - if (data->param_hostname != NULL) - OPENSSL_free(data->param_hostname); - data->param_hostname=BUF_strdup(buf); - memcpy(&(data->ip[0]),ptr,4); - } - else if (num == 3) - { - char buf[16]; - - sprintf(buf,"%d",*(int *)ptr); - if (data->param_port != NULL) - OPENSSL_free(data->param_port); - data->param_port=BUF_strdup(buf); + if (ptr != NULL) { + b->init = 1; + if (num == 0) { + free(data->param_hostname); + data->param_hostname = strdup(ptr); + } else if (num == 1) { + free(data->param_port); + data->param_port = strdup(ptr); + } else if (num == 2) { + unsigned char *p = ptr; + free(data->param_hostname); + if (asprintf(&data->param_hostname, + "%u.%u.%u.%u", p[0], p[1], + p[2], p[3]) == -1) + data->param_hostname = NULL; + memcpy(&(data->ip[0]), ptr, 4); + } else if (num == 3) { + free(data->param_port); data->port= *(int *)ptr; - } + if (asprintf(&data->param_port, "%d", + data->port) == -1) + data->param_port = NULL; } + } break; case BIO_C_SET_NBIO: - data->nbio=(int)num; + data->nbio = (int)num; break; case BIO_C_GET_FD: - if (b->init) - { - ip=(int *)ptr; + if (b->init) { + ip = (int *)ptr; if (ip != NULL) - *ip=b->num; - ret=b->num; - } - else - ret= -1; + *ip = b->num; + ret = b->num; + } else + ret = -1; break; case BIO_CTRL_GET_CLOSE: - ret=b->shutdown; + ret = b->shutdown; break; case BIO_CTRL_SET_CLOSE: - b->shutdown=(int)num; + b->shutdown = (int)num; break; case BIO_CTRL_PENDING: case BIO_CTRL_WPENDING: - ret=0; + ret = 0; break; case BIO_CTRL_FLUSH: break; case BIO_CTRL_DUP: { - dbio=(BIO *)ptr; - if (data->param_port) - BIO_set_conn_port(dbio,data->param_port); - if (data->param_hostname) - BIO_set_conn_hostname(dbio,data->param_hostname); - BIO_set_nbio(dbio,data->nbio); - /* FIXME: the cast of the function seems unlikely to be a good idea */ - (void)BIO_set_info_callback(dbio,(bio_info_cb *)data->info_callback); + dbio = (BIO *)ptr; + if (data->param_port) + BIO_set_conn_port(dbio, data->param_port); + if (data->param_hostname) + BIO_set_conn_hostname(dbio, + data->param_hostname); + BIO_set_nbio(dbio, data->nbio); + /* FIXME: the cast of the function seems unlikely to be a good idea */ + (void)BIO_set_info_callback(dbio, + (bio_info_cb *)data->info_callback); } break; case BIO_CTRL_SET_CALLBACK: { #if 0 /* FIXME: Should this be used? -- Richard Levitte */ - BIOerr(BIO_F_CONN_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - ret = -1; + BIOerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + ret = -1; #else - ret=0; + ret = 0; #endif } break; case BIO_CTRL_GET_CALLBACK: { - int (**fptr)(); + int (**fptr)(const BIO *bio, int state, int xret); - fptr=(int (**)())ptr; - *fptr=data->info_callback; + fptr = (int (**)(const BIO *bio, int state, int xret))ptr; + *fptr = data->info_callback; } break; default: - ret=0; + ret = 0; break; - } - return(ret); } + return (ret); +} -static long conn_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) - { - long ret=1; +static long +conn_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) +{ + long ret = 1; BIO_CONNECT *data; - data=(BIO_CONNECT *)b->ptr; + data = (BIO_CONNECT *)b->ptr; - switch (cmd) - { + switch (cmd) { case BIO_CTRL_SET_CALLBACK: { - data->info_callback=(int (*)(const struct bio_st *, int, int))fp; + data->info_callback = (int (*)(const struct bio_st *, int, int))fp; } break; default: - ret=0; + ret = 0; break; - } - return(ret); } - -static int conn_puts(BIO *bp, const char *str) - { - int n,ret; - - n=strlen(str); - ret=conn_write(bp,str,n); - return(ret); - } - -BIO *BIO_new_connect(char *str) - { + return (ret); +} + +static int +conn_puts(BIO *bp, const char *str) +{ + int n, ret; + + n = strlen(str); + ret = conn_write(bp, str, n); + return (ret); +} + +BIO * +BIO_new_connect(const char *str) +{ BIO *ret; - ret=BIO_new(BIO_s_connect()); - if (ret == NULL) return(NULL); - if (BIO_set_conn_hostname(ret,str)) - return(ret); - else - { + ret = BIO_new(BIO_s_connect()); + if (ret == NULL) + return (NULL); + if (BIO_set_conn_hostname(ret, str)) + return (ret); + else { BIO_free(ret); - return(NULL); - } + return (NULL); } - -#endif +} diff --git a/src/lib/libcrypto/bio/bss_dgram.c b/src/lib/libcrypto/bio/bss_dgram.c new file mode 100644 index 00000000000..794b6d1b56a --- /dev/null +++ b/src/lib/libcrypto/bio/bss_dgram.c @@ -0,0 +1,658 @@ +/* $OpenBSD: bss_dgram.c,v 1.42 2018/05/12 17:47:53 tb Exp $ */ +/* + * DTLS implementation written by Nagendra Modadugu + * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. + */ +/* ==================================================================== + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include + +#include + +#include +#include +#include +#include +#include + +#include + +#include + +#ifndef OPENSSL_NO_DGRAM + + +static int dgram_write(BIO *h, const char *buf, int num); +static int dgram_read(BIO *h, char *buf, int size); +static int dgram_puts(BIO *h, const char *str); +static long dgram_ctrl(BIO *h, int cmd, long arg1, void *arg2); +static int dgram_new(BIO *h); +static int dgram_free(BIO *data); +static int dgram_clear(BIO *bio); + + +static int BIO_dgram_should_retry(int s); + +static const BIO_METHOD methods_dgramp = { + .type = BIO_TYPE_DGRAM, + .name = "datagram socket", + .bwrite = dgram_write, + .bread = dgram_read, + .bputs = dgram_puts, + .ctrl = dgram_ctrl, + .create = dgram_new, + .destroy = dgram_free +}; + + +typedef struct bio_dgram_data_st { + union { + struct sockaddr sa; + struct sockaddr_in sa_in; + struct sockaddr_in6 sa_in6; + } peer; + unsigned int connected; + unsigned int _errno; + unsigned int mtu; + struct timeval next_timeout; + struct timeval socket_timeout; +} bio_dgram_data; + + +const BIO_METHOD * +BIO_s_datagram(void) +{ + return (&methods_dgramp); +} + +BIO * +BIO_new_dgram(int fd, int close_flag) +{ + BIO *ret; + + ret = BIO_new(BIO_s_datagram()); + if (ret == NULL) + return (NULL); + BIO_set_fd(ret, fd, close_flag); + return (ret); +} + +static int +dgram_new(BIO *bi) +{ + bio_dgram_data *data = NULL; + + bi->init = 0; + bi->num = 0; + data = calloc(1, sizeof(bio_dgram_data)); + if (data == NULL) + return 0; + bi->ptr = data; + + bi->flags = 0; + return (1); +} + +static int +dgram_free(BIO *a) +{ + bio_dgram_data *data; + + if (a == NULL) + return (0); + if (!dgram_clear(a)) + return 0; + + data = (bio_dgram_data *)a->ptr; + free(data); + + return (1); +} + +static int +dgram_clear(BIO *a) +{ + if (a == NULL) + return (0); + if (a->shutdown) { + if (a->init) { + shutdown(a->num, SHUT_RDWR); + close(a->num); + } + a->init = 0; + a->flags = 0; + } + return (1); +} + +static void +dgram_adjust_rcv_timeout(BIO *b) +{ +#if defined(SO_RCVTIMEO) + bio_dgram_data *data = (bio_dgram_data *)b->ptr; + + /* Is a timer active? */ + if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0) { + struct timeval timenow, timeleft; + + /* Read current socket timeout */ + socklen_t sz = sizeof(data->socket_timeout); + if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, + &(data->socket_timeout), &sz) < 0) { + perror("getsockopt"); + } + + /* Get current time */ + gettimeofday(&timenow, NULL); + + /* Calculate time left until timer expires */ + memcpy(&timeleft, &(data->next_timeout), sizeof(struct timeval)); + timeleft.tv_sec -= timenow.tv_sec; + timeleft.tv_usec -= timenow.tv_usec; + if (timeleft.tv_usec < 0) { + timeleft.tv_sec--; + timeleft.tv_usec += 1000000; + } + + if (timeleft.tv_sec < 0) { + timeleft.tv_sec = 0; + timeleft.tv_usec = 1; + } + + /* Adjust socket timeout if next handhake message timer + * will expire earlier. + */ + if ((data->socket_timeout.tv_sec == 0 && + data->socket_timeout.tv_usec == 0) || + (data->socket_timeout.tv_sec > timeleft.tv_sec) || + (data->socket_timeout.tv_sec == timeleft.tv_sec && + data->socket_timeout.tv_usec >= timeleft.tv_usec)) { + if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, + &timeleft, sizeof(struct timeval)) < 0) { + perror("setsockopt"); + } + } + } +#endif +} + +static void +dgram_reset_rcv_timeout(BIO *b) +{ +#if defined(SO_RCVTIMEO) + bio_dgram_data *data = (bio_dgram_data *)b->ptr; + + /* Is a timer active? */ + if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0) { + if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, + &(data->socket_timeout), sizeof(struct timeval)) < 0) { + perror("setsockopt"); + } + } +#endif +} + +static int +dgram_read(BIO *b, char *out, int outl) +{ + int ret = 0; + bio_dgram_data *data = (bio_dgram_data *)b->ptr; + + struct { + socklen_t len; + union { + struct sockaddr sa; + struct sockaddr_in sa_in; + struct sockaddr_in6 sa_in6; + } peer; + } sa; + + sa.len = sizeof(sa.peer); + + if (out != NULL) { + errno = 0; + memset(&sa.peer, 0, sizeof(sa.peer)); + dgram_adjust_rcv_timeout(b); + ret = recvfrom(b->num, out, outl, 0, &sa.peer.sa, &sa.len); + + if (! data->connected && ret >= 0) + BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &sa.peer); + + BIO_clear_retry_flags(b); + if (ret < 0) { + if (BIO_dgram_should_retry(ret)) { + BIO_set_retry_read(b); + data->_errno = errno; + } + } + + dgram_reset_rcv_timeout(b); + } + return (ret); +} + +static int +dgram_write(BIO *b, const char *in, int inl) +{ + int ret; + bio_dgram_data *data = (bio_dgram_data *)b->ptr; + errno = 0; + + if (data->connected) + ret = write(b->num, in, inl); + else { + int peerlen = sizeof(data->peer); + + if (data->peer.sa.sa_family == AF_INET) + peerlen = sizeof(data->peer.sa_in); + else if (data->peer.sa.sa_family == AF_INET6) + peerlen = sizeof(data->peer.sa_in6); + ret = sendto(b->num, in, inl, 0, &data->peer.sa, peerlen); + } + + BIO_clear_retry_flags(b); + if (ret <= 0) { + if (BIO_dgram_should_retry(ret)) { + BIO_set_retry_write(b); + + data->_errno = errno; + /* + * higher layers are responsible for querying MTU, + * if necessary + */ + } + } + return (ret); +} + +static long +dgram_ctrl(BIO *b, int cmd, long num, void *ptr) +{ + long ret = 1; + int *ip; + struct sockaddr *to = NULL; + bio_dgram_data *data = NULL; +#if (defined(IP_MTU_DISCOVER) || defined(IP_MTU)) + int sockopt_val = 0; + socklen_t sockopt_len; /* assume that system supporting IP_MTU is + * modern enough to define socklen_t */ + socklen_t addr_len; + union { + struct sockaddr sa; + struct sockaddr_in s4; + struct sockaddr_in6 s6; + } addr; +#endif + + data = (bio_dgram_data *)b->ptr; + + switch (cmd) { + case BIO_CTRL_RESET: + num = 0; + case BIO_C_FILE_SEEK: + ret = 0; + break; + case BIO_C_FILE_TELL: + case BIO_CTRL_INFO: + ret = 0; + break; + case BIO_C_SET_FD: + dgram_clear(b); + b->num= *((int *)ptr); + b->shutdown = (int)num; + b->init = 1; + break; + case BIO_C_GET_FD: + if (b->init) { + ip = (int *)ptr; + if (ip != NULL) + *ip = b->num; + ret = b->num; + } else + ret = -1; + break; + case BIO_CTRL_GET_CLOSE: + ret = b->shutdown; + break; + case BIO_CTRL_SET_CLOSE: + b->shutdown = (int)num; + break; + case BIO_CTRL_PENDING: + case BIO_CTRL_WPENDING: + ret = 0; + break; + case BIO_CTRL_DUP: + case BIO_CTRL_FLUSH: + ret = 1; + break; + case BIO_CTRL_DGRAM_CONNECT: + to = (struct sockaddr *)ptr; + switch (to->sa_family) { + case AF_INET: + memcpy(&data->peer, to, sizeof(data->peer.sa_in)); + break; + case AF_INET6: + memcpy(&data->peer, to, sizeof(data->peer.sa_in6)); + break; + default: + memcpy(&data->peer, to, sizeof(data->peer.sa)); + break; + } + break; + /* (Linux)kernel sets DF bit on outgoing IP packets */ + case BIO_CTRL_DGRAM_MTU_DISCOVER: +#if defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DO) + addr_len = (socklen_t)sizeof(addr); + memset((void *)&addr, 0, sizeof(addr)); + if (getsockname(b->num, &addr.sa, &addr_len) < 0) { + ret = 0; + break; + } + switch (addr.sa.sa_family) { + case AF_INET: + sockopt_val = IP_PMTUDISC_DO; + ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER, + &sockopt_val, sizeof(sockopt_val)); + if (ret < 0) + perror("setsockopt"); + break; +#if defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_DO) + case AF_INET6: + sockopt_val = IPV6_PMTUDISC_DO; + ret = setsockopt(b->num, IPPROTO_IPV6, + IPV6_MTU_DISCOVER, &sockopt_val, + sizeof(sockopt_val)); + if (ret < 0) + perror("setsockopt"); + break; +#endif + default: + ret = -1; + break; + } +#else + ret = -1; +#endif + break; + case BIO_CTRL_DGRAM_QUERY_MTU: +#if defined(IP_MTU) + addr_len = (socklen_t)sizeof(addr); + memset((void *)&addr, 0, sizeof(addr)); + if (getsockname(b->num, &addr.sa, &addr_len) < 0) { + ret = 0; + break; + } + sockopt_len = sizeof(sockopt_val); + switch (addr.sa.sa_family) { + case AF_INET: + ret = getsockopt(b->num, IPPROTO_IP, IP_MTU, + &sockopt_val, &sockopt_len); + if (ret < 0 || sockopt_val < 0) { + ret = 0; + } else { + /* we assume that the transport protocol is UDP and no + * IP options are used. + */ + data->mtu = sockopt_val - 8 - 20; + ret = data->mtu; + } + break; +#if defined(IPV6_MTU) + case AF_INET6: + ret = getsockopt(b->num, IPPROTO_IPV6, IPV6_MTU, + &sockopt_val, &sockopt_len); + if (ret < 0 || sockopt_val < 0) { + ret = 0; + } else { + /* we assume that the transport protocol is UDP and no + * IPV6 options are used. + */ + data->mtu = sockopt_val - 8 - 40; + ret = data->mtu; + } + break; +#endif +default: + ret = 0; + break; + } +#else + ret = 0; +#endif + break; + case BIO_CTRL_DGRAM_GET_FALLBACK_MTU: + switch (data->peer.sa.sa_family) { + case AF_INET: + ret = 576 - 20 - 8; + break; + case AF_INET6: +#ifdef IN6_IS_ADDR_V4MAPPED + if (IN6_IS_ADDR_V4MAPPED(&data->peer.sa_in6.sin6_addr)) + ret = 576 - 20 - 8; + else +#endif + ret = 1280 - 40 - 8; + break; + default: + ret = 576 - 20 - 8; + break; + } + break; + case BIO_CTRL_DGRAM_GET_MTU: + return data->mtu; + break; + case BIO_CTRL_DGRAM_SET_MTU: + data->mtu = num; + ret = num; + break; + case BIO_CTRL_DGRAM_SET_CONNECTED: + to = (struct sockaddr *)ptr; + + if (to != NULL) { + data->connected = 1; + switch (to->sa_family) { + case AF_INET: + memcpy(&data->peer, to, sizeof(data->peer.sa_in)); + break; + case AF_INET6: + memcpy(&data->peer, to, sizeof(data->peer.sa_in6)); + break; + default: + memcpy(&data->peer, to, sizeof(data->peer.sa)); + break; + } + } else { + data->connected = 0; + memset(&(data->peer), 0, sizeof(data->peer)); + } + break; + case BIO_CTRL_DGRAM_GET_PEER: + switch (data->peer.sa.sa_family) { + case AF_INET: + ret = sizeof(data->peer.sa_in); + break; + case AF_INET6: + ret = sizeof(data->peer.sa_in6); + break; + default: + ret = sizeof(data->peer.sa); + break; + } + if (num == 0 || num > ret) + num = ret; + memcpy(ptr, &data->peer, (ret = num)); + break; + case BIO_CTRL_DGRAM_SET_PEER: + to = (struct sockaddr *) ptr; + switch (to->sa_family) { + case AF_INET: + memcpy(&data->peer, to, sizeof(data->peer.sa_in)); + break; + case AF_INET6: + memcpy(&data->peer, to, sizeof(data->peer.sa_in6)); + break; + default: + memcpy(&data->peer, to, sizeof(data->peer.sa)); + break; + } + break; + case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT: + memcpy(&(data->next_timeout), ptr, sizeof(struct timeval)); + break; +#if defined(SO_RCVTIMEO) + case BIO_CTRL_DGRAM_SET_RECV_TIMEOUT: + if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, ptr, + sizeof(struct timeval)) < 0) { + perror("setsockopt"); + ret = -1; + } + break; + case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT: + { + socklen_t sz = sizeof(struct timeval); + if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, + ptr, &sz) < 0) { + perror("getsockopt"); + ret = -1; + } else + ret = sz; + } + break; +#endif +#if defined(SO_SNDTIMEO) + case BIO_CTRL_DGRAM_SET_SEND_TIMEOUT: + if (setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, ptr, + sizeof(struct timeval)) < 0) { + perror("setsockopt"); + ret = -1; + } + break; + case BIO_CTRL_DGRAM_GET_SEND_TIMEOUT: + { + socklen_t sz = sizeof(struct timeval); + if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, + ptr, &sz) < 0) { + perror("getsockopt"); + ret = -1; + } else + ret = sz; + } + break; +#endif + case BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP: + /* fall-through */ + case BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP: + if (data->_errno == EAGAIN) { + ret = 1; + data->_errno = 0; + } else + ret = 0; + break; +#ifdef EMSGSIZE + case BIO_CTRL_DGRAM_MTU_EXCEEDED: + if (data->_errno == EMSGSIZE) { + ret = 1; + data->_errno = 0; + } else + ret = 0; + break; +#endif + default: + ret = 0; + break; + } + return (ret); +} + +static int +dgram_puts(BIO *bp, const char *str) +{ + int n, ret; + + n = strlen(str); + ret = dgram_write(bp, str, n); + return (ret); +} + + +static int +BIO_dgram_should_retry(int i) +{ + int err; + + if ((i == 0) || (i == -1)) { + err = errno; + return (BIO_dgram_non_fatal_error(err)); + } + return (0); +} + +int +BIO_dgram_non_fatal_error(int err) +{ + switch (err) { + case EINTR: + case EAGAIN: + case EINPROGRESS: + case EALREADY: + return (1); + default: + break; + } + return (0); +} + +#endif diff --git a/src/lib/libcrypto/bio/bss_fd.c b/src/lib/libcrypto/bio/bss_fd.c index 5e3e187de68..bbe08efc4ea 100644 --- a/src/lib/libcrypto/bio/bss_fd.c +++ b/src/lib/libcrypto/bio/bss_fd.c @@ -1,4 +1,4 @@ -/* crypto/bio/bss_fd.c */ +/* $OpenBSD: bss_fd.c,v 1.19 2018/05/01 13:29:09 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -56,227 +56,212 @@ * [including the GNU Public Licence.] */ -#include #include -#define USE_SOCKETS -#include "cryptlib.h" +#include +#include +#include + +#include + #include static int fd_write(BIO *h, const char *buf, int num); static int fd_read(BIO *h, char *buf, int size); static int fd_puts(BIO *h, const char *str); +static int fd_gets(BIO *h, char *buf, int size); static long fd_ctrl(BIO *h, int cmd, long arg1, void *arg2); static int fd_new(BIO *h); static int fd_free(BIO *data); int BIO_fd_should_retry(int s); -static BIO_METHOD methods_fdp= - { - BIO_TYPE_FD,"file descriptor", - fd_write, - fd_read, - fd_puts, - NULL, /* fd_gets, */ - fd_ctrl, - fd_new, - fd_free, - NULL, - }; +static const BIO_METHOD methods_fdp = { + .type = BIO_TYPE_FD, + .name = "file descriptor", + .bwrite = fd_write, + .bread = fd_read, + .bputs = fd_puts, + .bgets = fd_gets, + .ctrl = fd_ctrl, + .create = fd_new, + .destroy = fd_free +}; -BIO_METHOD *BIO_s_fd(void) - { - return(&methods_fdp); - } +const BIO_METHOD * +BIO_s_fd(void) +{ + return (&methods_fdp); +} -BIO *BIO_new_fd(int fd,int close_flag) - { +BIO * +BIO_new_fd(int fd, int close_flag) +{ BIO *ret; - ret=BIO_new(BIO_s_fd()); - if (ret == NULL) return(NULL); - BIO_set_fd(ret,fd,close_flag); - return(ret); - } + ret = BIO_new(BIO_s_fd()); + if (ret == NULL) + return (NULL); + BIO_set_fd(ret, fd, close_flag); + return (ret); +} -static int fd_new(BIO *bi) - { - bi->init=0; - bi->num=0; - bi->ptr=NULL; +static int +fd_new(BIO *bi) +{ + bi->init = 0; + bi->num = -1; + bi->ptr = NULL; bi->flags=0; - return(1); - } + return (1); +} -static int fd_free(BIO *a) - { - if (a == NULL) return(0); - if (a->shutdown) - { - if (a->init) - { +static int +fd_free(BIO *a) +{ + if (a == NULL) + return (0); + if (a->shutdown) { + if (a->init) { close(a->num); - } - a->init=0; - a->flags=0; } - return(1); + a->init = 0; + a->flags = 0; } - -static int fd_read(BIO *b, char *out,int outl) - { - int ret=0; + return (1); +} + +static int +fd_read(BIO *b, char *out, int outl) +{ + int ret = 0; - if (out != NULL) - { - clear_sys_error(); - ret=read(b->num,out,outl); + if (out != NULL) { + errno = 0; + ret = read(b->num, out, outl); BIO_clear_retry_flags(b); - if (ret <= 0) - { + if (ret <= 0) { if (BIO_fd_should_retry(ret)) BIO_set_retry_read(b); - } } - return(ret); } + return (ret); +} -static int fd_write(BIO *b, const char *in, int inl) - { +static int +fd_write(BIO *b, const char *in, int inl) +{ int ret; - clear_sys_error(); - ret=write(b->num,in,inl); + errno = 0; + ret = write(b->num, in, inl); BIO_clear_retry_flags(b); - if (ret <= 0) - { + if (ret <= 0) { if (BIO_fd_should_retry(ret)) BIO_set_retry_write(b); - } - return(ret); } + return (ret); +} -static long fd_ctrl(BIO *b, int cmd, long num, void *ptr) - { - long ret=1; +static long +fd_ctrl(BIO *b, int cmd, long num, void *ptr) +{ + long ret = 1; int *ip; - switch (cmd) - { + switch (cmd) { case BIO_CTRL_RESET: - num=0; + num = 0; case BIO_C_FILE_SEEK: - ret=(long)lseek(b->num,num,0); + ret = (long)lseek(b->num, num, 0); break; case BIO_C_FILE_TELL: case BIO_CTRL_INFO: - ret=(long)lseek(b->num,0,1); + ret = (long)lseek(b->num, 0, 1); break; case BIO_C_SET_FD: fd_free(b); b->num= *((int *)ptr); - b->shutdown=(int)num; - b->init=1; + b->shutdown = (int)num; + b->init = 1; break; case BIO_C_GET_FD: - if (b->init) - { - ip=(int *)ptr; - if (ip != NULL) *ip=b->num; - ret=b->num; - } - else - ret= -1; + if (b->init) { + ip = (int *)ptr; + if (ip != NULL) + *ip = b->num; + ret = b->num; + } else + ret = -1; break; case BIO_CTRL_GET_CLOSE: - ret=b->shutdown; + ret = b->shutdown; break; case BIO_CTRL_SET_CLOSE: - b->shutdown=(int)num; + b->shutdown = (int)num; break; case BIO_CTRL_PENDING: case BIO_CTRL_WPENDING: - ret=0; + ret = 0; break; case BIO_CTRL_DUP: case BIO_CTRL_FLUSH: - ret=1; + ret = 1; break; default: - ret=0; + ret = 0; break; - } - return(ret); } + return (ret); +} -static int fd_puts(BIO *bp, const char *str) - { - int n,ret; +static int +fd_puts(BIO *bp, const char *str) +{ + int n, ret; - n=strlen(str); - ret=fd_write(bp,str,n); - return(ret); - } + n = strlen(str); + ret = fd_write(bp, str, n); + return (ret); +} -int BIO_fd_should_retry(int i) - { - int err; +static int +fd_gets(BIO *bp, char *buf, int size) +{ + int ret = 0; + char *ptr = buf; + char *end = buf + size - 1; - if ((i == 0) || (i == -1)) - { - err=get_last_sys_error(); + while ((ptr < end) && (fd_read(bp, ptr, 1) > 0) && (ptr[0] != '\n')) + ptr++; -#if defined(OPENSSL_SYS_WINDOWS) && 0 /* more microsoft stupidity? perhaps not? Ben 4/1/99 */ - if ((i == -1) && (err == 0)) - return(1); -#endif + ptr[0] = '\0'; - return(BIO_fd_non_fatal_error(err)); - } - return(0); - } + if (buf[0] != '\0') + ret = strlen(buf); + return (ret); +} -int BIO_fd_non_fatal_error(int err) - { - switch (err) - { +int +BIO_fd_should_retry(int i) +{ + int err; -#ifdef EWOULDBLOCK -# ifdef WSAEWOULDBLOCK -# if WSAEWOULDBLOCK != EWOULDBLOCK - case EWOULDBLOCK: -# endif -# else - case EWOULDBLOCK: -# endif -#endif + if ((i == 0) || (i == -1)) { + err = errno; + return (BIO_fd_non_fatal_error(err)); + } + return (0); +} -#if defined(ENOTCONN) +int +BIO_fd_non_fatal_error(int err) +{ + switch (err) { case ENOTCONN: -#endif - -#ifdef EINTR case EINTR: -#endif - -#ifdef EAGAIN -#if EWOULDBLOCK != EAGAIN case EAGAIN: -# endif -#endif - -#ifdef EPROTO - case EPROTO: -#endif - -#ifdef EINPROGRESS case EINPROGRESS: -#endif - -#ifdef EALREADY case EALREADY: -#endif - return(1); - /* break; */ + return (1); default: break; - } - return(0); } + return (0); +} diff --git a/src/lib/libcrypto/bio/bss_file.c b/src/lib/libcrypto/bio/bss_file.c index 8b3ff278d90..fe937388b2c 100644 --- a/src/lib/libcrypto/bio/bss_file.c +++ b/src/lib/libcrypto/bio/bss_file.c @@ -1,4 +1,4 @@ -/* crypto/bio/bss_file.c */ +/* $OpenBSD: bss_file.c,v 1.33 2018/05/30 00:23:04 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -65,219 +65,220 @@ #ifndef HEADER_BSS_FILE_C #define HEADER_BSS_FILE_C -#include +#if defined(__linux) || defined(__sun) || defined(__hpux) +/* Following definition aliases fopen to fopen64 on above mentioned + * platforms. This makes it possible to open and sequentially access + * files larger than 2GB from 32-bit application. It does not allow to + * traverse them beyond 2GB with fseek/ftell, but on the other hand *no* + * 32-bit platform permits that, not with fseek/ftell. Not to mention + * that breaking 2GB limit for seeking would require surgery to *our* + * API. But sequential access suffices for practical cases when you + * can run into large files, such as fingerprinting, so we can let API + * alone. For reference, the list of 32-bit platforms which allow for + * sequential access of large files without extra "magic" comprise *BSD, + * Darwin, IRIX... + */ +#ifndef _FILE_OFFSET_BITS +#define _FILE_OFFSET_BITS 64 +#endif +#endif + #include -#include "cryptlib.h" +#include +#include + #include #include -#if !defined(OPENSSL_NO_STDIO) +static int file_write(BIO *h, const char *buf, int num); +static int file_read(BIO *h, char *buf, int size); +static int file_puts(BIO *h, const char *str); +static int file_gets(BIO *h, char *str, int size); +static long file_ctrl(BIO *h, int cmd, long arg1, void *arg2); +static int file_new(BIO *h); +static int file_free(BIO *data); -static int MS_CALLBACK file_write(BIO *h, const char *buf, int num); -static int MS_CALLBACK file_read(BIO *h, char *buf, int size); -static int MS_CALLBACK file_puts(BIO *h, const char *str); -static int MS_CALLBACK file_gets(BIO *h, char *str, int size); -static long MS_CALLBACK file_ctrl(BIO *h, int cmd, long arg1, void *arg2); -static int MS_CALLBACK file_new(BIO *h); -static int MS_CALLBACK file_free(BIO *data); -static BIO_METHOD methods_filep= - { - BIO_TYPE_FILE, - "FILE pointer", - file_write, - file_read, - file_puts, - file_gets, - file_ctrl, - file_new, - file_free, - NULL, - }; +static const BIO_METHOD methods_filep = { + .type = BIO_TYPE_FILE, + .name = "FILE pointer", + .bwrite = file_write, + .bread = file_read, + .bputs = file_puts, + .bgets = file_gets, + .ctrl = file_ctrl, + .create = file_new, + .destroy = file_free +}; -BIO *BIO_new_file(const char *filename, const char *mode) - { - BIO *ret; - FILE *file; +BIO * +BIO_new_file(const char *filename, const char *mode) +{ + BIO *ret; + FILE *file = NULL; + + file = fopen(filename, mode); - if ((file=fopen(filename,mode)) == NULL) - { - SYSerr(SYS_F_FOPEN,get_last_sys_error()); - ERR_add_error_data(5,"fopen('",filename,"','",mode,"')"); + if (file == NULL) { + SYSerror(errno); + ERR_asprintf_error_data("fopen('%s', '%s')", filename, mode); if (errno == ENOENT) - BIOerr(BIO_F_BIO_NEW_FILE,BIO_R_NO_SUCH_FILE); + BIOerror(BIO_R_NO_SUCH_FILE); else - BIOerr(BIO_F_BIO_NEW_FILE,ERR_R_SYS_LIB); - return(NULL); - } - if ((ret=BIO_new(BIO_s_file_internal())) == NULL) - return(NULL); - - BIO_set_fp(ret,file,BIO_CLOSE); - return(ret); + BIOerror(ERR_R_SYS_LIB); + return (NULL); } + if ((ret = BIO_new(BIO_s_file())) == NULL) { + fclose(file); + return (NULL); + } + + BIO_set_fp(ret, file, BIO_CLOSE); + return (ret); +} -BIO *BIO_new_fp(FILE *stream, int close_flag) - { +BIO * +BIO_new_fp(FILE *stream, int close_flag) +{ BIO *ret; - if ((ret=BIO_new(BIO_s_file())) == NULL) - return(NULL); + if ((ret = BIO_new(BIO_s_file())) == NULL) + return (NULL); - BIO_set_fp(ret,stream,close_flag); - return(ret); - } + BIO_set_fp(ret, stream, close_flag); + return (ret); +} -BIO_METHOD *BIO_s_file(void) - { - return(&methods_filep); - } +const BIO_METHOD * +BIO_s_file(void) +{ + return (&methods_filep); +} -static int MS_CALLBACK file_new(BIO *bi) - { - bi->init=0; - bi->num=0; - bi->ptr=NULL; - return(1); - } +static int +file_new(BIO *bi) +{ + bi->init = 0; + bi->num = 0; + bi->ptr = NULL; + bi->flags=0; + return (1); +} -static int MS_CALLBACK file_free(BIO *a) - { - if (a == NULL) return(0); - if (a->shutdown) - { - if ((a->init) && (a->ptr != NULL)) - { - fclose((FILE *)a->ptr); - a->ptr=NULL; - } - a->init=0; +static int +file_free(BIO *a) +{ + if (a == NULL) + return (0); + if (a->shutdown) { + if ((a->init) && (a->ptr != NULL)) { + fclose (a->ptr); + a->ptr = NULL; + a->flags = 0; } - return(1); + a->init = 0; } - -static int MS_CALLBACK file_read(BIO *b, char *out, int outl) - { - int ret=0; + return (1); +} + +static int +file_read(BIO *b, char *out, int outl) +{ + int ret = 0; - if (b->init && (out != NULL)) - { - ret=fread(out,1,(int)outl,(FILE *)b->ptr); + if (b->init && out != NULL) { + ret = fread(out, 1, outl, (FILE *)b->ptr); + if (ret == 0 && ferror((FILE *)b->ptr)) { + SYSerror(errno); + BIOerror(ERR_R_SYS_LIB); + ret = -1; } - return(ret); } + return (ret); +} -static int MS_CALLBACK file_write(BIO *b, const char *in, int inl) - { - int ret=0; +static int +file_write(BIO *b, const char *in, int inl) +{ + int ret = 0; - if (b->init && (in != NULL)) - { - if (fwrite(in,(int)inl,1,(FILE *)b->ptr)) - ret=inl; - /* ret=fwrite(in,1,(int)inl,(FILE *)b->ptr); */ - /* according to Tim Hudson , the commented - * out version above can cause 'inl' write calls under - * some stupid stdio implementations (VMS) */ - } - return(ret); - } + if (b->init && in != NULL) + ret = fwrite(in, 1, inl, (FILE *)b->ptr); + return (ret); +} -static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) - { - long ret=1; - FILE *fp=(FILE *)b->ptr; +static long +file_ctrl(BIO *b, int cmd, long num, void *ptr) +{ + long ret = 1; + FILE *fp = (FILE *)b->ptr; FILE **fpp; char p[4]; - switch (cmd) - { + switch (cmd) { case BIO_C_FILE_SEEK: case BIO_CTRL_RESET: - ret=(long)fseek(fp,num,0); + ret = (long)fseek(fp, num, 0); break; case BIO_CTRL_EOF: - ret=(long)feof(fp); + ret = (long)feof(fp); break; case BIO_C_FILE_TELL: case BIO_CTRL_INFO: - ret=ftell(fp); + ret = ftell(fp); break; case BIO_C_SET_FILE_PTR: file_free(b); - b->shutdown=(int)num&BIO_CLOSE; - b->ptr=(char *)ptr; - b->init=1; -#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) - /* Set correct text/binary mode */ - if (num & BIO_FP_TEXT) - _setmode(fileno((FILE *)ptr),_O_TEXT); - else - _setmode(fileno((FILE *)ptr),_O_BINARY); -#elif defined(OPENSSL_SYS_OS2) - if (num & BIO_FP_TEXT) - setmode(fileno((FILE *)ptr), O_TEXT); - else - setmode(fileno((FILE *)ptr), O_BINARY); -#endif + b->shutdown = (int)num&BIO_CLOSE; + b->ptr = ptr; + b->init = 1; break; case BIO_C_SET_FILENAME: file_free(b); - b->shutdown=(int)num&BIO_CLOSE; - if (num & BIO_FP_APPEND) - { + b->shutdown = (int)num&BIO_CLOSE; + if (num & BIO_FP_APPEND) { if (num & BIO_FP_READ) - strcpy(p,"a+"); - else strcpy(p,"a"); - } - else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE)) - strcpy(p,"r+"); + strlcpy(p, "a+", sizeof p); + else strlcpy(p, "a", sizeof p); + } else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE)) + strlcpy(p, "r+", sizeof p); else if (num & BIO_FP_WRITE) - strcpy(p,"w"); + strlcpy(p, "w", sizeof p); else if (num & BIO_FP_READ) - strcpy(p,"r"); - else - { - BIOerr(BIO_F_FILE_CTRL,BIO_R_BAD_FOPEN_MODE); - ret=0; + strlcpy(p, "r", sizeof p); + else { + BIOerror(BIO_R_BAD_FOPEN_MODE); + ret = 0; break; - } -#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) - if (!(num & BIO_FP_TEXT)) - strcat(p,"b"); - else - strcat(p,"t"); -#endif - fp=fopen(ptr,p); - if (fp == NULL) - { - SYSerr(SYS_F_FOPEN,get_last_sys_error()); - ERR_add_error_data(5,"fopen('",ptr,"','",p,"')"); - BIOerr(BIO_F_FILE_CTRL,ERR_R_SYS_LIB); - ret=0; + } + fp = fopen(ptr, p); + if (fp == NULL) { + SYSerror(errno); + ERR_asprintf_error_data("fopen('%s', '%s')", ptr, p); + BIOerror(ERR_R_SYS_LIB); + ret = 0; break; - } - b->ptr=(char *)fp; - b->init=1; + } + b->ptr = fp; + b->init = 1; break; case BIO_C_GET_FILE_PTR: /* the ptr parameter is actually a FILE ** in this case. */ - if (ptr != NULL) - { - fpp=(FILE **)ptr; - *fpp=(FILE *)b->ptr; - } + if (ptr != NULL) { + fpp = (FILE **)ptr; + *fpp = (FILE *)b->ptr; + } break; case BIO_CTRL_GET_CLOSE: - ret=(long)b->shutdown; + ret = (long)b->shutdown; break; case BIO_CTRL_SET_CLOSE: - b->shutdown=(int)num; + b->shutdown = (int)num; break; case BIO_CTRL_FLUSH: fflush((FILE *)b->ptr); break; case BIO_CTRL_DUP: - ret=1; + ret = 1; break; case BIO_CTRL_WPENDING: @@ -285,34 +286,35 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) case BIO_CTRL_PUSH: case BIO_CTRL_POP: default: - ret=0; + ret = 0; break; - } - return(ret); } + return (ret); +} -static int MS_CALLBACK file_gets(BIO *bp, char *buf, int size) - { - int ret=0; +static int +file_gets(BIO *bp, char *buf, int size) +{ + int ret = 0; - buf[0]='\0'; - fgets(buf,size,(FILE *)bp->ptr); + buf[0] = '\0'; + if (!fgets(buf, size,(FILE *)bp->ptr)) + goto err; if (buf[0] != '\0') - ret=strlen(buf); - return(ret); - } + ret = strlen(buf); +err: + return (ret); +} -static int MS_CALLBACK file_puts(BIO *bp, const char *str) - { - int n,ret; +static int +file_puts(BIO *bp, const char *str) +{ + int n, ret; - n=strlen(str); - ret=file_write(bp,str,n); - return(ret); - } + n = strlen(str); + ret = file_write(bp, str, n); + return (ret); +} -#endif /* OPENSSL_NO_STDIO */ #endif /* HEADER_BSS_FILE_C */ - - diff --git a/src/lib/libcrypto/bio/bss_log.c b/src/lib/libcrypto/bio/bss_log.c index a39d95297c5..7ef1312d79b 100644 --- a/src/lib/libcrypto/bio/bss_log.c +++ b/src/lib/libcrypto/bio/bss_log.c @@ -1,4 +1,4 @@ -/* crypto/bio/bss_log.c */ +/* $OpenBSD: bss_log.c,v 1.22 2018/05/01 13:29:10 tb Exp $ */ /* ==================================================================== * Copyright (c) 1999 The OpenSSL Project. All rights reserved. * @@ -62,124 +62,73 @@ */ - -#include #include - -#include "cryptlib.h" - -#if defined(OPENSSL_SYS_WIN32) -# include -#elif defined(OPENSSL_SYS_VMS) -# include -# include -# include -# include -#elif defined(__ultrix) -# include -#elif !defined(MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && !defined(NO_SYSLOG) /* Unix */ -# include -#endif +#include +#include +#include #include #include #ifndef NO_SYSLOG -#if defined(OPENSSL_SYS_WIN32) -#define LOG_EMERG 0 -#define LOG_ALERT 1 -#define LOG_CRIT 2 -#define LOG_ERR 3 -#define LOG_WARNING 4 -#define LOG_NOTICE 5 -#define LOG_INFO 6 -#define LOG_DEBUG 7 - -#define LOG_DAEMON (3<<3) -#elif defined(OPENSSL_SYS_VMS) -/* On VMS, we don't really care about these, but we need them to compile */ -#define LOG_EMERG 0 -#define LOG_ALERT 1 -#define LOG_CRIT 2 -#define LOG_ERR 3 -#define LOG_WARNING 4 -#define LOG_NOTICE 5 -#define LOG_INFO 6 -#define LOG_DEBUG 7 - -#define LOG_DAEMON OPC$M_NM_NTWORK -#endif - -static int MS_CALLBACK slg_write(BIO *h, const char *buf, int num); -static int MS_CALLBACK slg_puts(BIO *h, const char *str); -static long MS_CALLBACK slg_ctrl(BIO *h, int cmd, long arg1, void *arg2); -static int MS_CALLBACK slg_new(BIO *h); -static int MS_CALLBACK slg_free(BIO *data); +static int slg_write(BIO *h, const char *buf, int num); +static int slg_puts(BIO *h, const char *str); +static long slg_ctrl(BIO *h, int cmd, long arg1, void *arg2); +static int slg_new(BIO *h); +static int slg_free(BIO *data); static void xopenlog(BIO* bp, char* name, int level); static void xsyslog(BIO* bp, int priority, const char* string); static void xcloselog(BIO* bp); -#ifdef OPENSSL_SYS_WIN32 -LONG (WINAPI *go_for_advapi)() = RegOpenKeyEx; -HANDLE (WINAPI *register_event_source)() = NULL; -BOOL (WINAPI *deregister_event_source)() = NULL; -BOOL (WINAPI *report_event)() = NULL; -#define DL_PROC(m,f) (GetProcAddress( m, f )) -#ifdef UNICODE -#define DL_PROC_X(m,f) DL_PROC( m, f "W" ) -#else -#define DL_PROC_X(m,f) DL_PROC( m, f "A" ) -#endif -#endif -static BIO_METHOD methods_slg= - { - BIO_TYPE_MEM,"syslog", - slg_write, - NULL, - slg_puts, - NULL, - slg_ctrl, - slg_new, - slg_free, - NULL, - }; - -BIO_METHOD *BIO_s_log(void) - { - return(&methods_slg); - } +static const BIO_METHOD methods_slg = { + .type = BIO_TYPE_MEM, + .name = "syslog", + .bwrite = slg_write, + .bputs = slg_puts, + .ctrl = slg_ctrl, + .create = slg_new, + .destroy = slg_free +}; + +const BIO_METHOD * +BIO_s_log(void) +{ + return (&methods_slg); +} -static int MS_CALLBACK slg_new(BIO *bi) - { - bi->init=1; - bi->num=0; - bi->ptr=NULL; +static int +slg_new(BIO *bi) +{ + bi->init = 1; + bi->num = 0; + bi->ptr = NULL; xopenlog(bi, "application", LOG_DAEMON); - return(1); - } + return (1); +} -static int MS_CALLBACK slg_free(BIO *a) - { - if (a == NULL) return(0); +static int +slg_free(BIO *a) +{ + if (a == NULL) + return (0); xcloselog(a); - return(1); - } - -static int MS_CALLBACK slg_write(BIO *b, const char *in, int inl) - { - int ret= inl; + return (1); +} + +static int +slg_write(BIO *b, const char *in, int inl) +{ + int ret = inl; char* buf; char* pp; int priority, i; - static struct - { + static const struct { int strl; char str[10]; int log_level; - } - mapping[] = - { + } + mapping[] = { { 6, "PANIC ", LOG_EMERG }, { 6, "EMERG ", LOG_EMERG }, { 4, "EMR ", LOG_EMERG }, @@ -200,196 +149,65 @@ static int MS_CALLBACK slg_write(BIO *b, const char *in, int inl) { 6, "DEBUG ", LOG_DEBUG }, { 4, "DBG ", LOG_DEBUG }, { 0, "", LOG_ERR } /* The default */ - }; + }; - if((buf= (char *)OPENSSL_malloc(inl+ 1)) == NULL){ - return(0); + if ((buf = malloc(inl + 1)) == NULL) { + return (0); } - strncpy(buf, in, inl); - buf[inl]= '\0'; - + strlcpy(buf, in, inl + 1); i = 0; - while(strncmp(buf, mapping[i].str, mapping[i].strl) != 0) i++; + while (strncmp(buf, mapping[i].str, mapping[i].strl) != 0) + i++; priority = mapping[i].log_level; pp = buf + mapping[i].strl; xsyslog(b, priority, pp); - OPENSSL_free(buf); - return(ret); - } + free(buf); + return (ret); +} -static long MS_CALLBACK slg_ctrl(BIO *b, int cmd, long num, void *ptr) - { - switch (cmd) - { +static long +slg_ctrl(BIO *b, int cmd, long num, void *ptr) +{ + switch (cmd) { case BIO_CTRL_SET: xcloselog(b); xopenlog(b, ptr, num); break; default: break; - } - return(0); - } - -static int MS_CALLBACK slg_puts(BIO *bp, const char *str) - { - int n,ret; - - n=strlen(str); - ret=slg_write(bp,str,n); - return(ret); } - -#if defined(OPENSSL_SYS_WIN32) - -static void xopenlog(BIO* bp, char* name, int level) -{ - if ( !register_event_source ) - { - HANDLE advapi; - if ( !(advapi = GetModuleHandle("advapi32")) ) - return; - register_event_source = (HANDLE (WINAPI *)())DL_PROC_X(advapi, - "RegisterEventSource" ); - deregister_event_source = (BOOL (WINAPI *)())DL_PROC(advapi, - "DeregisterEventSource"); - report_event = (BOOL (WINAPI *)())DL_PROC_X(advapi, - "ReportEvent" ); - if ( !(register_event_source && deregister_event_source && - report_event) ) - { - register_event_source = NULL; - deregister_event_source = NULL; - report_event = NULL; - return; - } - } - bp->ptr= (char *)register_event_source(NULL, name); -} - -static void xsyslog(BIO *bp, int priority, const char *string) -{ - LPCSTR lpszStrings[2]; - WORD evtype= EVENTLOG_ERROR_TYPE; - int pid = _getpid(); - char pidbuf[20]; - - switch (priority) - { - case LOG_EMERG: - case LOG_ALERT: - case LOG_CRIT: - case LOG_ERR: - evtype = EVENTLOG_ERROR_TYPE; - break; - case LOG_WARNING: - evtype = EVENTLOG_WARNING_TYPE; - break; - case LOG_NOTICE: - case LOG_INFO: - case LOG_DEBUG: - evtype = EVENTLOG_INFORMATION_TYPE; - break; - default: /* Should never happen, but set it - as error anyway. */ - evtype = EVENTLOG_ERROR_TYPE; - break; - } - - sprintf(pidbuf, "[%d] ", pid); - lpszStrings[0] = pidbuf; - lpszStrings[1] = string; - - if(report_event && bp->ptr) - report_event(bp->ptr, evtype, 0, 1024, NULL, 2, 0, - lpszStrings, NULL); -} - -static void xcloselog(BIO* bp) -{ - if(deregister_event_source && bp->ptr) - deregister_event_source((HANDLE)(bp->ptr)); - bp->ptr= NULL; + return (0); } -#elif defined(OPENSSL_SYS_VMS) - -static int VMS_OPC_target = LOG_DAEMON; - -static void xopenlog(BIO* bp, char* name, int level) -{ - VMS_OPC_target = level; -} - -static void xsyslog(BIO *bp, int priority, const char *string) +static int +slg_puts(BIO *bp, const char *str) { - struct dsc$descriptor_s opc_dsc; - struct opcdef *opcdef_p; - char buf[10240]; - unsigned int len; - struct dsc$descriptor_s buf_dsc; - $DESCRIPTOR(fao_cmd, "!AZ: !AZ"); - char *priority_tag; - - switch (priority) - { - case LOG_EMERG: priority_tag = "Emergency"; break; - case LOG_ALERT: priority_tag = "Alert"; break; - case LOG_CRIT: priority_tag = "Critical"; break; - case LOG_ERR: priority_tag = "Error"; break; - case LOG_WARNING: priority_tag = "Warning"; break; - case LOG_NOTICE: priority_tag = "Notice"; break; - case LOG_INFO: priority_tag = "Info"; break; - case LOG_DEBUG: priority_tag = "DEBUG"; break; - } - - buf_dsc.dsc$b_dtype = DSC$K_DTYPE_T; - buf_dsc.dsc$b_class = DSC$K_CLASS_S; - buf_dsc.dsc$a_pointer = buf; - buf_dsc.dsc$w_length = sizeof(buf) - 1; - - lib$sys_fao(&fao_cmd, &len, &buf_dsc, priority_tag, string); + int n, ret; - /* we know there's an 8 byte header. That's documented */ - opcdef_p = (struct opcdef *) OPENSSL_malloc(8 + len); - opcdef_p->opc$b_ms_type = OPC$_RQ_RQST; - memcpy(opcdef_p->opc$z_ms_target_classes, &VMS_OPC_target, 3); - opcdef_p->opc$l_ms_rqstid = 0; - memcpy(&opcdef_p->opc$l_ms_text, buf, len); - - opc_dsc.dsc$b_dtype = DSC$K_DTYPE_T; - opc_dsc.dsc$b_class = DSC$K_CLASS_S; - opc_dsc.dsc$a_pointer = (char *)opcdef_p; - opc_dsc.dsc$w_length = len + 8; - - sys$sndopr(opc_dsc, 0); - - OPENSSL_free(opcdef_p); + n = strlen(str); + ret = slg_write(bp, str, n); + return (ret); } -static void xcloselog(BIO* bp) -{ -} - -#else /* Unix */ -static void xopenlog(BIO* bp, char* name, int level) +static void +xopenlog(BIO* bp, char* name, int level) { openlog(name, LOG_PID|LOG_CONS, level); } -static void xsyslog(BIO *bp, int priority, const char *string) +static void +xsyslog(BIO *bp, int priority, const char *string) { syslog(priority, "%s", string); } -static void xcloselog(BIO* bp) +static void +xcloselog(BIO* bp) { closelog(); } -#endif /* Unix */ - #endif /* NO_SYSLOG */ diff --git a/src/lib/libcrypto/bio/bss_mem.c b/src/lib/libcrypto/bio/bss_mem.c index 28ff7582bff..e76e1ad2e72 100644 --- a/src/lib/libcrypto/bio/bss_mem.c +++ b/src/lib/libcrypto/bio/bss_mem.c @@ -1,4 +1,4 @@ -/* crypto/bio/bss_mem.c */ +/* $OpenBSD: bss_mem.c,v 1.17 2018/05/12 18:51:59 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -56,10 +56,13 @@ * [including the GNU Public Licence.] */ -#include #include -#include "cryptlib.h" +#include +#include + #include +#include +#include static int mem_write(BIO *h, const char *buf, int num); static int mem_read(BIO *h, char *buf, int size); @@ -68,250 +71,251 @@ static int mem_gets(BIO *h, char *str, int size); static long mem_ctrl(BIO *h, int cmd, long arg1, void *arg2); static int mem_new(BIO *h); static int mem_free(BIO *data); -static BIO_METHOD mem_method= - { - BIO_TYPE_MEM, - "memory buffer", - mem_write, - mem_read, - mem_puts, - mem_gets, - mem_ctrl, - mem_new, - mem_free, - NULL, - }; + +static const BIO_METHOD mem_method = { + .type = BIO_TYPE_MEM, + .name = "memory buffer", + .bwrite = mem_write, + .bread = mem_read, + .bputs = mem_puts, + .bgets = mem_gets, + .ctrl = mem_ctrl, + .create = mem_new, + .destroy = mem_free +}; /* bio->num is used to hold the value to return on 'empty', if it is * 0, should_retry is not set */ -BIO_METHOD *BIO_s_mem(void) - { - return(&mem_method); - } +const BIO_METHOD * +BIO_s_mem(void) +{ + return (&mem_method); +} -BIO *BIO_new_mem_buf(void *buf, int len) +BIO * +BIO_new_mem_buf(const void *buf, int len) { BIO *ret; BUF_MEM *b; + size_t sz; + if (!buf) { - BIOerr(BIO_F_BIO_NEW_MEM_BUF,BIO_R_NULL_PARAMETER); + BIOerror(BIO_R_NULL_PARAMETER); return NULL; } - if(len == -1) len = strlen(buf); - if(!(ret = BIO_new(BIO_s_mem())) ) return NULL; + sz = (len < 0) ? strlen(buf) : (size_t)len; + if (!(ret = BIO_new(BIO_s_mem()))) + return NULL; b = (BUF_MEM *)ret->ptr; - b->data = buf; - b->length = len; - b->max = len; + b->data = (void *)buf; /* Trust in the BIO_FLAGS_MEM_RDONLY flag. */ + b->length = sz; + b->max = sz; ret->flags |= BIO_FLAGS_MEM_RDONLY; /* Since this is static data retrying wont help */ ret->num = 0; return ret; } -static int mem_new(BIO *bi) - { +static int +mem_new(BIO *bi) +{ BUF_MEM *b; - if ((b=BUF_MEM_new()) == NULL) - return(0); - bi->shutdown=1; - bi->init=1; - bi->num= -1; - bi->ptr=(char *)b; - return(1); - } + if ((b = BUF_MEM_new()) == NULL) + return (0); + bi->shutdown = 1; + bi->init = 1; + bi->num = -1; + bi->ptr = (char *)b; + return (1); +} -static int mem_free(BIO *a) - { - if (a == NULL) return(0); - if (a->shutdown) - { - if ((a->init) && (a->ptr != NULL)) - { +static int +mem_free(BIO *a) +{ + if (a == NULL) + return (0); + if (a->shutdown) { + if ((a->init) && (a->ptr != NULL)) { BUF_MEM *b; b = (BUF_MEM *)a->ptr; - if(a->flags & BIO_FLAGS_MEM_RDONLY) b->data = NULL; + if (a->flags & BIO_FLAGS_MEM_RDONLY) + b->data = NULL; BUF_MEM_free(b); - a->ptr=NULL; - } + a->ptr = NULL; } - return(1); } - -static int mem_read(BIO *b, char *out, int outl) - { - int ret= -1; + return (1); +} + +static int +mem_read(BIO *b, char *out, int outl) +{ + int ret = -1; BUF_MEM *bm; - int i; - char *from,*to; - bm=(BUF_MEM *)b->ptr; + bm = (BUF_MEM *)b->ptr; BIO_clear_retry_flags(b); - ret=(outl > bm->length)?bm->length:outl; + ret = (outl >=0 && (size_t)outl > bm->length) ? (int)bm->length : outl; if ((out != NULL) && (ret > 0)) { - memcpy(out,bm->data,ret); - bm->length-=ret; - /* memmove(&(bm->data[0]),&(bm->data[ret]), bm->length); */ - if(b->flags & BIO_FLAGS_MEM_RDONLY) bm->data += ret; + memcpy(out, bm->data, ret); + bm->length -= ret; + if (b->flags & BIO_FLAGS_MEM_RDONLY) + bm->data += ret; else { - from=(char *)&(bm->data[ret]); - to=(char *)&(bm->data[0]); - for (i=0; ilength; i++) - to[i]=from[i]; + memmove(&(bm->data[0]), &(bm->data[ret]), bm->length); } - } else if (bm->length == 0) - { + } else if (bm->length == 0) { ret = b->num; if (ret != 0) BIO_set_retry_read(b); - } - return(ret); } + return (ret); +} -static int mem_write(BIO *b, const char *in, int inl) - { - int ret= -1; +static int +mem_write(BIO *b, const char *in, int inl) +{ + int ret = -1; int blen; BUF_MEM *bm; - bm=(BUF_MEM *)b->ptr; - if (in == NULL) - { - BIOerr(BIO_F_MEM_WRITE,BIO_R_NULL_PARAMETER); + bm = (BUF_MEM *)b->ptr; + if (in == NULL) { + BIOerror(BIO_R_NULL_PARAMETER); goto end; - } + } - if(b->flags & BIO_FLAGS_MEM_RDONLY) { - BIOerr(BIO_F_MEM_WRITE,BIO_R_WRITE_TO_READ_ONLY_BIO); + if (b->flags & BIO_FLAGS_MEM_RDONLY) { + BIOerror(BIO_R_WRITE_TO_READ_ONLY_BIO); goto end; } BIO_clear_retry_flags(b); - blen=bm->length; - if (BUF_MEM_grow(bm,blen+inl) != (blen+inl)) + blen = bm->length; + if (BUF_MEM_grow_clean(bm, blen + inl) != (blen + inl)) goto end; - memcpy(&(bm->data[blen]),in,inl); - ret=inl; + memcpy(&(bm->data[blen]), in, inl); + ret = inl; end: - return(ret); - } + return (ret); +} -static long mem_ctrl(BIO *b, int cmd, long num, void *ptr) - { - long ret=1; +static long +mem_ctrl(BIO *b, int cmd, long num, void *ptr) +{ + long ret = 1; char **pptr; - BUF_MEM *bm=(BUF_MEM *)b->ptr; + BUF_MEM *bm = (BUF_MEM *)b->ptr; - switch (cmd) - { + switch (cmd) { case BIO_CTRL_RESET: - if (bm->data != NULL) - { + if (bm->data != NULL) { /* For read only case reset to the start again */ - if(b->flags & BIO_FLAGS_MEM_RDONLY) - { + if (b->flags & BIO_FLAGS_MEM_RDONLY) { bm->data -= bm->max - bm->length; bm->length = bm->max; - } - else - { - memset(bm->data,0,bm->max); - bm->length=0; - } + } else { + memset(bm->data, 0, bm->max); + bm->length = 0; } + } break; case BIO_CTRL_EOF: - ret=(long)(bm->length == 0); + ret = (long)(bm->length == 0); break; case BIO_C_SET_BUF_MEM_EOF_RETURN: - b->num=(int)num; + b->num = (int)num; break; case BIO_CTRL_INFO: - ret=(long)bm->length; - if (ptr != NULL) - { - pptr=(char **)ptr; - *pptr=(char *)&(bm->data[0]); - } + ret = (long)bm->length; + if (ptr != NULL) { + pptr = (char **)ptr; + *pptr = (char *)&(bm->data[0]); + } break; case BIO_C_SET_BUF_MEM: mem_free(b); - b->shutdown=(int)num; - b->ptr=ptr; + b->shutdown = (int)num; + b->ptr = ptr; break; case BIO_C_GET_BUF_MEM_PTR: - if (ptr != NULL) - { - pptr=(char **)ptr; - *pptr=(char *)bm; - } + if (ptr != NULL) { + pptr = (char **)ptr; + *pptr = (char *)bm; + } break; case BIO_CTRL_GET_CLOSE: - ret=(long)b->shutdown; + ret = (long)b->shutdown; break; case BIO_CTRL_SET_CLOSE: - b->shutdown=(int)num; + b->shutdown = (int)num; break; case BIO_CTRL_WPENDING: - ret=0L; + ret = 0L; break; case BIO_CTRL_PENDING: - ret=(long)bm->length; + ret = (long)bm->length; break; case BIO_CTRL_DUP: case BIO_CTRL_FLUSH: - ret=1; + ret = 1; break; case BIO_CTRL_PUSH: case BIO_CTRL_POP: default: - ret=0; + ret = 0; break; - } - return(ret); } + return (ret); +} -static int mem_gets(BIO *bp, char *buf, int size) - { - int i,j; - int ret= -1; +static int +mem_gets(BIO *bp, char *buf, int size) +{ + int i, j; + int ret = -1; char *p; - BUF_MEM *bm=(BUF_MEM *)bp->ptr; + BUF_MEM *bm = (BUF_MEM *)bp->ptr; BIO_clear_retry_flags(bp); - j=bm->length; - if (j <= 0) return(0); - p=bm->data; - for (i=0; ilength; + if ((size - 1) < j) + j = size - 1; + if (j <= 0) { + *buf = '\0'; + return 0; + } + p = bm->data; + for (i = 0; i < j; i++) { + if (p[i] == '\n') { + i++; + break; } - else - i++; - /* i is the max to copy */ - if ((size-1) < i) i=size-1; - i=mem_read(bp,buf,i); - if (i > 0) buf[i]='\0'; - ret=i; - return(ret); } -static int mem_puts(BIO *bp, const char *str) - { - int n,ret; + /* + * i is now the max num of bytes to copy, either j or up to + * and including the first newline + */ - n=strlen(str); - ret=mem_write(bp,str,n); - /* memory semantics is that it will always work */ - return(ret); - } + i = mem_read(bp, buf, i); + if (i > 0) + buf[i] = '\0'; + ret = i; + return (ret); +} + +static int +mem_puts(BIO *bp, const char *str) +{ + int n, ret; + n = strlen(str); + ret = mem_write(bp, str, n); + /* memory semantics is that it will always work */ + return (ret); +} diff --git a/src/lib/libcrypto/bio/bss_null.c b/src/lib/libcrypto/bio/bss_null.c index 46b73339dff..c6de844da5f 100644 --- a/src/lib/libcrypto/bio/bss_null.c +++ b/src/lib/libcrypto/bio/bss_null.c @@ -1,4 +1,4 @@ -/* crypto/bio/bss_null.c */ +/* $OpenBSD: bss_null.c,v 1.11 2018/05/01 13:29:10 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -56,9 +56,10 @@ * [including the GNU Public Licence.] */ -#include #include -#include "cryptlib.h" +#include +#include + #include static int null_write(BIO *h, const char *buf, int num); @@ -68,62 +69,67 @@ static int null_gets(BIO *h, char *str, int size); static long null_ctrl(BIO *h, int cmd, long arg1, void *arg2); static int null_new(BIO *h); static int null_free(BIO *data); -static BIO_METHOD null_method= - { - BIO_TYPE_NULL, - "NULL", - null_write, - null_read, - null_puts, - null_gets, - null_ctrl, - null_new, - null_free, - NULL, - }; -BIO_METHOD *BIO_s_null(void) - { - return(&null_method); - } +static const BIO_METHOD null_method = { + .type = BIO_TYPE_NULL, + .name = "NULL", + .bwrite = null_write, + .bread = null_read, + .bputs = null_puts, + .bgets = null_gets, + .ctrl = null_ctrl, + .create = null_new, + .destroy = null_free +}; -static int null_new(BIO *bi) - { - bi->init=1; - bi->num=0; - bi->ptr=(NULL); - return(1); - } +const BIO_METHOD * +BIO_s_null(void) +{ + return (&null_method); +} -static int null_free(BIO *a) - { - if (a == NULL) return(0); - return(1); - } - -static int null_read(BIO *b, char *out, int outl) - { - return(0); - } +static int +null_new(BIO *bi) +{ + bi->init = 1; + bi->num = 0; + bi->ptr = (NULL); + return (1); +} -static int null_write(BIO *b, const char *in, int inl) - { - return(inl); - } +static int +null_free(BIO *a) +{ + if (a == NULL) + return (0); + return (1); +} + +static int +null_read(BIO *b, char *out, int outl) +{ + return (0); +} + +static int +null_write(BIO *b, const char *in, int inl) +{ + return (inl); +} -static long null_ctrl(BIO *b, int cmd, long num, void *ptr) - { - long ret=1; +static long +null_ctrl(BIO *b, int cmd, long num, void *ptr) +{ + long ret = 1; - switch (cmd) - { + switch (cmd) { case BIO_CTRL_RESET: case BIO_CTRL_EOF: case BIO_CTRL_SET: case BIO_CTRL_SET_CLOSE: case BIO_CTRL_FLUSH: case BIO_CTRL_DUP: - ret=1; + ret = 1; break; case BIO_CTRL_GET_CLOSE: case BIO_CTRL_INFO: @@ -131,20 +137,22 @@ static long null_ctrl(BIO *b, int cmd, long num, void *ptr) case BIO_CTRL_PENDING: case BIO_CTRL_WPENDING: default: - ret=0; + ret = 0; break; - } - return(ret); } + return (ret); +} -static int null_gets(BIO *bp, char *buf, int size) - { - return(0); - } - -static int null_puts(BIO *bp, const char *str) - { - if (str == NULL) return(0); - return(strlen(str)); - } +static int +null_gets(BIO *bp, char *buf, int size) +{ + return (0); +} +static int +null_puts(BIO *bp, const char *str) +{ + if (str == NULL) + return (0); + return (strlen(str)); +} diff --git a/src/lib/libcrypto/bio/bss_rtcp.c b/src/lib/libcrypto/bio/bss_rtcp.c deleted file mode 100644 index 7dae4855640..00000000000 --- a/src/lib/libcrypto/bio/bss_rtcp.c +++ /dev/null @@ -1,294 +0,0 @@ -/* crypto/bio/bss_rtcp.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -/* Written by David L. Jones - * Date: 22-JUL-1996 - * Revised: 25-SEP-1997 Update for 0.8.1, BIO_CTRL_SET -> BIO_C_SET_FD - */ -/* VMS */ -#include -#include -#include -#include -#include "cryptlib.h" -#include - -#include /* VMS IO$_ definitions */ -#include - -typedef unsigned short io_channel; -/*************************************************************************/ -struct io_status { short status, count; long flags; }; - -struct rpc_msg { /* Should have member alignment inhibited */ - char channel; /* 'A'-app data. 'R'-remote client 'G'-global */ - char function; /* 'G'-get, 'P'-put, 'C'-confirm, 'X'-close */ - unsigned short int length; /* Amount of data returned or max to return */ - char data[4092]; /* variable data */ -}; -#define RPC_HDR_SIZE (sizeof(struct rpc_msg) - 4092) - -struct rpc_ctx { - int filled, pos; - struct rpc_msg msg; -}; - -static int rtcp_write(BIO *h,const char *buf,int num); -static int rtcp_read(BIO *h,char *buf,int size); -static int rtcp_puts(BIO *h,const char *str); -static int rtcp_gets(BIO *h,char *str,int size); -static long rtcp_ctrl(BIO *h,int cmd,long arg1,void *arg2); -static int rtcp_new(BIO *h); -static int rtcp_free(BIO *data); - -static BIO_METHOD rtcp_method= - { - BIO_TYPE_FD, - "RTCP", - rtcp_write, - rtcp_read, - rtcp_puts, - rtcp_gets, - rtcp_ctrl, - rtcp_new, - rtcp_free, - NULL, - }; - -BIO_METHOD *BIO_s_rtcp(void) - { - return(&rtcp_method); - } -/*****************************************************************************/ -/* Decnet I/O routines. - */ - -#ifdef __DECC -#pragma message save -#pragma message disable DOLLARID -#endif - -static int get ( io_channel chan, char *buffer, int maxlen, int *length ) -{ - int status; - struct io_status iosb; - status = sys$qiow ( 0, chan, IO$_READVBLK, &iosb, 0, 0, - buffer, maxlen, 0, 0, 0, 0 ); - if ( (status&1) == 1 ) status = iosb.status; - if ( (status&1) == 1 ) *length = iosb.count; - return status; -} - -static int put ( io_channel chan, char *buffer, int length ) -{ - int status; - struct io_status iosb; - status = sys$qiow ( 0, chan, IO$_WRITEVBLK, &iosb, 0, 0, - buffer, length, 0, 0, 0, 0 ); - if ( (status&1) == 1 ) status = iosb.status; - return status; -} - -#ifdef __DECC -#pragma message restore -#endif - -/***************************************************************************/ - -static int rtcp_new(BIO *bi) -{ - struct rpc_ctx *ctx; - bi->init=1; - bi->num=0; - bi->flags = 0; - bi->ptr=OPENSSL_malloc(sizeof(struct rpc_ctx)); - ctx = (struct rpc_ctx *) bi->ptr; - ctx->filled = 0; - ctx->pos = 0; - return(1); -} - -static int rtcp_free(BIO *a) -{ - if (a == NULL) return(0); - if ( a->ptr ) OPENSSL_free ( a->ptr ); - a->ptr = NULL; - return(1); -} - -static int rtcp_read(BIO *b, char *out, int outl) -{ - int status, length; - struct rpc_ctx *ctx; - /* - * read data, return existing. - */ - ctx = (struct rpc_ctx *) b->ptr; - if ( ctx->pos < ctx->filled ) { - length = ctx->filled - ctx->pos; - if ( length > outl ) length = outl; - memmove ( out, &ctx->msg.data[ctx->pos], length ); - ctx->pos += length; - return length; - } - /* - * Requst more data from R channel. - */ - ctx->msg.channel = 'R'; - ctx->msg.function = 'G'; - ctx->msg.length = sizeof(ctx->msg.data); - status = put ( b->num, (char *) &ctx->msg, RPC_HDR_SIZE ); - if ( (status&1) == 0 ) { - return -1; - } - /* - * Read. - */ - ctx->pos = ctx->filled = 0; - status = get ( b->num, (char *) &ctx->msg, sizeof(ctx->msg), &length ); - if ( (status&1) == 0 ) length = -1; - if ( ctx->msg.channel != 'R' || ctx->msg.function != 'C' ) { - length = -1; - } - ctx->filled = length - RPC_HDR_SIZE; - - if ( ctx->pos < ctx->filled ) { - length = ctx->filled - ctx->pos; - if ( length > outl ) length = outl; - memmove ( out, ctx->msg.data, length ); - ctx->pos += length; - return length; - } - - return length; -} - -static int rtcp_write(BIO *b, const char *in, int inl) -{ - int status, i, segment, length; - struct rpc_ctx *ctx; - /* - * Output data, send in chunks no larger that sizeof(ctx->msg.data). - */ - ctx = (struct rpc_ctx *) b->ptr; - for ( i = 0; i < inl; i += segment ) { - segment = inl - i; - if ( segment > sizeof(ctx->msg.data) ) segment = sizeof(ctx->msg.data); - ctx->msg.channel = 'R'; - ctx->msg.function = 'P'; - ctx->msg.length = segment; - memmove ( ctx->msg.data, &in[i], segment ); - status = put ( b->num, (char *) &ctx->msg, segment + RPC_HDR_SIZE ); - if ((status&1) == 0 ) { i = -1; break; } - - status = get ( b->num, (char *) &ctx->msg, sizeof(ctx->msg), &length ); - if ( ((status&1) == 0) || (length < RPC_HDR_SIZE) ) { i = -1; break; } - if ( (ctx->msg.channel != 'R') || (ctx->msg.function != 'C') ) { - printf("unexpected response when confirming put %c %c\n", - ctx->msg.channel, ctx->msg.function ); - - } - } - return(i); -} - -static long rtcp_ctrl(BIO *b, int cmd, long num, void *ptr) - { - long ret=1; - - switch (cmd) - { - case BIO_CTRL_RESET: - case BIO_CTRL_EOF: - ret = 1; - break; - case BIO_C_SET_FD: - b->num = num; - ret = 1; - break; - case BIO_CTRL_SET_CLOSE: - case BIO_CTRL_FLUSH: - case BIO_CTRL_DUP: - ret=1; - break; - case BIO_CTRL_GET_CLOSE: - case BIO_CTRL_INFO: - case BIO_CTRL_GET: - case BIO_CTRL_PENDING: - case BIO_CTRL_WPENDING: - default: - ret=0; - break; - } - return(ret); - } - -static int rtcp_gets(BIO *bp, char *buf, int size) - { - return(0); - } - -static int rtcp_puts(BIO *bp, const char *str) -{ - int length; - if (str == NULL) return(0); - length = strlen ( str ); - if ( length == 0 ) return (0); - return rtcp_write ( bp,str, length ); -} - diff --git a/src/lib/libcrypto/bio/bss_sock.c b/src/lib/libcrypto/bio/bss_sock.c index fdabd16d7ea..9c650a8041d 100644 --- a/src/lib/libcrypto/bio/bss_sock.c +++ b/src/lib/libcrypto/bio/bss_sock.c @@ -1,4 +1,4 @@ -/* crypto/bio/bss_sock.c */ +/* $OpenBSD: bss_sock.c,v 1.24 2018/05/01 13:29:10 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -56,12 +56,13 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_SOCK +#include -#include #include -#define USE_SOCKETS -#include "cryptlib.h" +#include +#include +#include + #include static int sock_write(BIO *h, const char *buf, int num); @@ -72,228 +73,167 @@ static int sock_new(BIO *h); static int sock_free(BIO *data); int BIO_sock_should_retry(int s); -static BIO_METHOD methods_sockp= - { - BIO_TYPE_SOCKET, - "socket", - sock_write, - sock_read, - sock_puts, - NULL, /* sock_gets, */ - sock_ctrl, - sock_new, - sock_free, - NULL, - }; - -BIO_METHOD *BIO_s_socket(void) - { - return(&methods_sockp); - } - -BIO *BIO_new_socket(int fd, int close_flag) - { +static const BIO_METHOD methods_sockp = { + .type = BIO_TYPE_SOCKET, + .name = "socket", + .bwrite = sock_write, + .bread = sock_read, + .bputs = sock_puts, + .ctrl = sock_ctrl, + .create = sock_new, + .destroy = sock_free +}; + +const BIO_METHOD * +BIO_s_socket(void) +{ + return (&methods_sockp); +} + +BIO * +BIO_new_socket(int fd, int close_flag) +{ BIO *ret; - ret=BIO_new(BIO_s_socket()); - if (ret == NULL) return(NULL); - BIO_set_fd(ret,fd,close_flag); - return(ret); - } - -static int sock_new(BIO *bi) - { - bi->init=0; - bi->num=0; - bi->ptr=NULL; - bi->flags=0; - return(1); - } - -static int sock_free(BIO *a) - { - if (a == NULL) return(0); - if (a->shutdown) - { - if (a->init) - { - SHUTDOWN2(a->num); - } - a->init=0; - a->flags=0; + ret = BIO_new(BIO_s_socket()); + if (ret == NULL) + return (NULL); + BIO_set_fd(ret, fd, close_flag); + return (ret); +} + +static int +sock_new(BIO *bi) +{ + bi->init = 0; + bi->num = 0; + bi->ptr = NULL; + bi->flags = 0; + return (1); +} + +static int +sock_free(BIO *a) +{ + if (a == NULL) + return (0); + if (a->shutdown) { + if (a->init) { + shutdown(a->num, SHUT_RDWR); + close(a->num); } - return(1); + a->init = 0; + a->flags = 0; } - -static int sock_read(BIO *b, char *out, int outl) - { - int ret=0; + return (1); +} + +static int +sock_read(BIO *b, char *out, int outl) +{ + int ret = 0; - if (out != NULL) - { - clear_socket_error(); - ret=readsocket(b->num,out,outl); + if (out != NULL) { + errno = 0; + ret = read(b->num, out, outl); BIO_clear_retry_flags(b); - if (ret <= 0) - { + if (ret <= 0) { if (BIO_sock_should_retry(ret)) BIO_set_retry_read(b); - } } - return(ret); } + return (ret); +} -static int sock_write(BIO *b, const char *in, int inl) - { +static int +sock_write(BIO *b, const char *in, int inl) +{ int ret; - - clear_socket_error(); - ret=writesocket(b->num,in,inl); + + errno = 0; + ret = write(b->num, in, inl); BIO_clear_retry_flags(b); - if (ret <= 0) - { + if (ret <= 0) { if (BIO_sock_should_retry(ret)) BIO_set_retry_write(b); - } - return(ret); } + return (ret); +} -static long sock_ctrl(BIO *b, int cmd, long num, void *ptr) - { - long ret=1; +static long +sock_ctrl(BIO *b, int cmd, long num, void *ptr) +{ + long ret = 1; int *ip; - switch (cmd) - { - case BIO_CTRL_RESET: - num=0; - case BIO_C_FILE_SEEK: - ret=0; - break; - case BIO_C_FILE_TELL: - case BIO_CTRL_INFO: - ret=0; - break; + switch (cmd) { case BIO_C_SET_FD: sock_free(b); b->num= *((int *)ptr); - b->shutdown=(int)num; - b->init=1; + b->shutdown = (int)num; + b->init = 1; break; case BIO_C_GET_FD: - if (b->init) - { - ip=(int *)ptr; - if (ip != NULL) *ip=b->num; - ret=b->num; - } - else - ret= -1; + if (b->init) { + ip = (int *)ptr; + if (ip != NULL) + *ip = b->num; + ret = b->num; + } else + ret = -1; break; case BIO_CTRL_GET_CLOSE: - ret=b->shutdown; + ret = b->shutdown; break; case BIO_CTRL_SET_CLOSE: - b->shutdown=(int)num; - break; - case BIO_CTRL_PENDING: - case BIO_CTRL_WPENDING: - ret=0; + b->shutdown = (int)num; break; case BIO_CTRL_DUP: case BIO_CTRL_FLUSH: - ret=1; + ret = 1; break; default: - ret=0; + ret = 0; break; - } - return(ret); } - -static int sock_puts(BIO *bp, const char *str) - { - int n,ret; - - n=strlen(str); - ret=sock_write(bp,str,n); - return(ret); - } - -int BIO_sock_should_retry(int i) - { + return (ret); +} + +static int +sock_puts(BIO *bp, const char *str) +{ + int n, ret; + + n = strlen(str); + ret = sock_write(bp, str, n); + return (ret); +} + +int +BIO_sock_should_retry(int i) +{ int err; - if ((i == 0) || (i == -1)) - { - err=get_last_socket_error(); - -#if defined(OPENSSL_SYS_WINDOWS) && 0 /* more microsoft stupidity? perhaps not? Ben 4/1/99 */ - if ((i == -1) && (err == 0)) - return(1); -#endif - - return(BIO_sock_non_fatal_error(err)); - } - return(0); + if ((i == 0) || (i == -1)) { + err = errno; + return (BIO_sock_non_fatal_error(err)); } + return (0); +} -int BIO_sock_non_fatal_error(int err) - { - switch (err) - { -#if defined(OPENSSL_SYS_WINDOWS) -# if defined(WSAEWOULDBLOCK) - case WSAEWOULDBLOCK: -# endif - -# if 0 /* This appears to always be an error */ -# if defined(WSAENOTCONN) - case WSAENOTCONN: -# endif -# endif -#endif - -#ifdef EWOULDBLOCK -# ifdef WSAEWOULDBLOCK -# if WSAEWOULDBLOCK != EWOULDBLOCK - case EWOULDBLOCK: -# endif -# else - case EWOULDBLOCK: -# endif -#endif - -#if defined(ENOTCONN) +int +BIO_sock_non_fatal_error(int err) +{ + switch (err) { case ENOTCONN: -#endif - -#ifdef EINTR case EINTR: -#endif - -#ifdef EAGAIN -#if EWOULDBLOCK != EAGAIN case EAGAIN: -# endif -#endif - -#ifdef EPROTO - case EPROTO: -#endif - -#ifdef EINPROGRESS case EINPROGRESS: -#endif - -#ifdef EALREADY case EALREADY: -#endif - return(1); - /* break; */ + return (1); default: break; - } - return(0); } -#endif + return (0); +} + diff --git a/src/lib/libcrypto/bn/Makefile.ssl b/src/lib/libcrypto/bn/Makefile.ssl deleted file mode 100644 index 9d67fab1d6d..00000000000 --- a/src/lib/libcrypto/bn/Makefile.ssl +++ /dev/null @@ -1,339 +0,0 @@ -# -# SSLeay/crypto/bn/Makefile -# - -DIR= bn -TOP= ../.. -CC= cc -CPP= $(CC) -E -INCLUDES= -I.. -I$(TOP) -I../../include -CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKE= make -f Makefile.ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) -MAKEFILE= Makefile.ssl -AR= ar r - -BN_ASM= bn_asm.o -# or use -#BN_ASM= bn86-elf.o - -CFLAGS= $(INCLUDES) $(CFLAG) - -# We let the C compiler driver to take care of .s files. This is done in -# order to be excused from maintaining a separate set of architecture -# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC -# gcc, then the driver will automatically translate it to -xarch=v8plus -# and pass it down to assembler. -AS=$(CC) -c -ASFLAGS=$(CFLAGS) - -GENERAL=Makefile -TEST=bntest.c exptest.c -APPS= - -LIB=$(TOP)/libcrypto.a -LIBSRC= bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c bn_mod.c \ - bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \ - bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c \ - bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c - -LIBOBJ= bn_add.o bn_div.o bn_exp.o bn_lib.o bn_ctx.o bn_mul.o bn_mod.o \ - bn_print.o bn_rand.o bn_shift.o bn_word.o bn_blind.o \ - bn_kron.o bn_sqrt.o bn_gcd.o bn_prime.o bn_err.o bn_sqr.o $(BN_ASM) \ - bn_recp.o bn_mont.o bn_mpi.o bn_exp2.o - -SRC= $(LIBSRC) - -EXHEADER= bn.h -HEADER= bn_lcl.h bn_prime.h $(EXHEADER) - -ALL= $(GENERAL) $(SRC) $(HEADER) - -top: - (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) - -all: lib - -bn_prime.h: bn_prime.pl - $(PERL) bn_prime.pl >bn_prime.h - -divtest: divtest.c ../../libcrypto.a - cc -I../../include divtest.c -o divtest ../../libcrypto.a - -bnbug: bnbug.c ../../libcrypto.a top - cc -g -I../../include bnbug.c -o bnbug ../../libcrypto.a - -lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) || echo Never mind. - @touch lib - -# elf -asm/bn86-elf.o: asm/bn86unix.cpp - $(CPP) -DELF -x c asm/bn86unix.cpp | as -o asm/bn86-elf.o - -asm/co86-elf.o: asm/co86unix.cpp - $(CPP) -DELF -x c asm/co86unix.cpp | as -o asm/co86-elf.o - -# solaris -asm/bn86-sol.o: asm/bn86unix.cpp - $(CC) -E -DSOL asm/bn86unix.cpp | sed 's/^#.*//' > asm/bn86-sol.s - as -o asm/bn86-sol.o asm/bn86-sol.s - rm -f asm/bn86-sol.s - -asm/co86-sol.o: asm/co86unix.cpp - $(CC) -E -DSOL asm/co86unix.cpp | sed 's/^#.*//' > asm/co86-sol.s - as -o asm/co86-sol.o asm/co86-sol.s - rm -f asm/co86-sol.s - -# a.out -asm/bn86-out.o: asm/bn86unix.cpp - $(CPP) -DOUT asm/bn86unix.cpp | as -o asm/bn86-out.o - -asm/co86-out.o: asm/co86unix.cpp - $(CPP) -DOUT asm/co86unix.cpp | as -o asm/co86-out.o - -# bsdi -asm/bn86bsdi.o: asm/bn86unix.cpp - $(CPP) -DBSDI asm/bn86unix.cpp | sed 's/ :/:/' | as -o asm/bn86bsdi.o - -asm/co86bsdi.o: asm/co86unix.cpp - $(CPP) -DBSDI asm/co86unix.cpp | sed 's/ :/:/' | as -o asm/co86bsdi.o - -asm/bn86unix.cpp: asm/bn-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) bn-586.pl cpp >bn86unix.cpp ) - -asm/co86unix.cpp: asm/co-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) co-586.pl cpp >co86unix.cpp ) - -asm/sparcv8.o: asm/sparcv8.S - -asm/sparcv8plus.o: asm/sparcv8plus.S - -# Old GNU assembler doesn't understand V9 instructions, so we -# hire /usr/ccs/bin/as to do the job. Note that option is called -# *-gcc27, but even gcc 2>=8 users may experience similar problem -# if they didn't bother to upgrade GNU assembler. Such users should -# not choose this option, but be adviced to *remove* GNU assembler -# or upgrade it. -asm/sparcv8plus-gcc27.o: asm/sparcv8plus.S - $(CC) $(ASFLAGS) -E asm/sparcv8plus.S | \ - /usr/ccs/bin/as -xarch=v8plus - -o asm/sparcv8plus-gcc27.o - - -asm/ia64.o: asm/ia64.S - -# Some compiler drivers (most notably HP-UX and Intel C++) don't -# understand .S extension:-( I wish I could pipe output from cc -E, -# but it's too compiler driver/ABI dependent to cover with a single -# rule... -asm/ia64-cpp.o: asm/ia64.S - $(CC) $(ASFLAGS) -E asm/ia64.S > /tmp/ia64.$$$$.s && \ - $(CC) $(ASFLAGS) -c -o asm/ia64-cpp.o /tmp/ia64.$$$$.s; \ - rm -f /tmp/ia64.$$$$.s - -files: - $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO - -links: - @sh $(TOP)/util/point.sh Makefile.ssl Makefile - @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) - @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) - @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) - -install: - @for i in $(EXHEADER) ; \ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; - -exptest: - rm -f exptest - gcc -I../../include -g2 -ggdb -o exptest exptest.c ../../libcrypto.a - -div: - rm -f a.out - gcc -I.. -g div.c ../../libcrypto.a - -tags: - ctags $(SRC) - -tests: - -lint: - lint -DLINT $(INCLUDES) $(SRC)>fluff - -depend: - $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) - -dclean: - $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new - mv -f Makefile.new $(MAKEFILE) - -clean: - rm -f asm/co86unix.cpp asm/bn86unix.cpp *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff bn_asm.s - -# DO NOT DELETE THIS LINE -- make depend depends on it. - -bn_add.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h -bn_add.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bn_add.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bn_add.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_add.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bn_add.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bn_add.o: ../cryptlib.h bn_add.c bn_lcl.h -bn_asm.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h -bn_asm.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bn_asm.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bn_asm.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_asm.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bn_asm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bn_asm.o: ../cryptlib.h bn_asm.c bn_lcl.h -bn_blind.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h -bn_blind.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bn_blind.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bn_blind.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_blind.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bn_blind.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bn_blind.o: ../cryptlib.h bn_blind.c bn_lcl.h -bn_ctx.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h -bn_ctx.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bn_ctx.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bn_ctx.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_ctx.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bn_ctx.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bn_ctx.o: ../cryptlib.h bn_ctx.c bn_lcl.h -bn_div.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h -bn_div.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bn_div.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bn_div.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_div.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bn_div.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bn_div.o: ../cryptlib.h bn_div.c bn_lcl.h -bn_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -bn_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -bn_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -bn_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -bn_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_err.o: ../../include/openssl/symhacks.h bn_err.c -bn_exp.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h -bn_exp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bn_exp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bn_exp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_exp.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bn_exp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bn_exp.o: ../cryptlib.h bn_exp.c bn_lcl.h -bn_exp2.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h -bn_exp2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bn_exp2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bn_exp2.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_exp2.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bn_exp2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bn_exp2.o: ../cryptlib.h bn_exp2.c bn_lcl.h -bn_gcd.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h -bn_gcd.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bn_gcd.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bn_gcd.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_gcd.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bn_gcd.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bn_gcd.o: ../cryptlib.h bn_gcd.c bn_lcl.h -bn_kron.o: ../../include/openssl/bn.h ../../include/openssl/e_os2.h -bn_kron.o: ../../include/openssl/opensslconf.h bn_kron.c bn_lcl.h -bn_lib.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h -bn_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bn_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bn_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bn_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bn_lib.o: ../cryptlib.h bn_lcl.h bn_lib.c -bn_mod.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h -bn_mod.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bn_mod.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bn_mod.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_mod.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bn_mod.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bn_mod.o: ../cryptlib.h bn_lcl.h bn_mod.c -bn_mont.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h -bn_mont.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bn_mont.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bn_mont.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_mont.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bn_mont.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bn_mont.o: ../cryptlib.h bn_lcl.h bn_mont.c -bn_mpi.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h -bn_mpi.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bn_mpi.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bn_mpi.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_mpi.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bn_mpi.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bn_mpi.o: ../cryptlib.h bn_lcl.h bn_mpi.c -bn_mul.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h -bn_mul.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bn_mul.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bn_mul.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_mul.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bn_mul.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bn_mul.o: ../cryptlib.h bn_lcl.h bn_mul.c -bn_prime.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h -bn_prime.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bn_prime.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bn_prime.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_prime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -bn_prime.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -bn_prime.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bn_prime.o: ../cryptlib.h bn_lcl.h bn_prime.c bn_prime.h -bn_print.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h -bn_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bn_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bn_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_print.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bn_print.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bn_print.o: ../cryptlib.h bn_lcl.h bn_print.c -bn_rand.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h -bn_rand.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bn_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bn_rand.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -bn_rand.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -bn_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bn_rand.o: ../cryptlib.h bn_lcl.h bn_rand.c -bn_recp.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h -bn_recp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bn_recp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bn_recp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_recp.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bn_recp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bn_recp.o: ../cryptlib.h bn_lcl.h bn_recp.c -bn_shift.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h -bn_shift.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bn_shift.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bn_shift.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_shift.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bn_shift.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bn_shift.o: ../cryptlib.h bn_lcl.h bn_shift.c -bn_sqr.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h -bn_sqr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bn_sqr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bn_sqr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_sqr.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bn_sqr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bn_sqr.o: ../cryptlib.h bn_lcl.h bn_sqr.c -bn_sqrt.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h -bn_sqrt.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bn_sqrt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bn_sqrt.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_sqrt.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bn_sqrt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bn_sqrt.o: ../cryptlib.h bn_lcl.h bn_sqrt.c -bn_word.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h -bn_word.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bn_word.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bn_word.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -bn_word.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -bn_word.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bn_word.o: ../cryptlib.h bn_lcl.h bn_word.c diff --git a/src/lib/libcrypto/bn/asm/README b/src/lib/libcrypto/bn/asm/README deleted file mode 100644 index b0f3a68a06a..00000000000 --- a/src/lib/libcrypto/bn/asm/README +++ /dev/null @@ -1,27 +0,0 @@ - - -All assember in this directory are just version of the file -crypto/bn/bn_asm.c. - -Quite a few of these files are just the assember output from gcc since on -quite a few machines they are 2 times faster than the system compiler. - -For the x86, I have hand written assember because of the bad job all -compilers seem to do on it. This normally gives a 2 time speed up in the RSA -routines. - -For the DEC alpha, I also hand wrote the assember (except the division which -is just the output from the C compiler pasted on the end of the file). -On the 2 alpha C compilers I had access to, it was not possible to do -64b x 64b -> 128b calculations (both long and the long long data types -were 64 bits). So the hand assember gives access to the 128 bit result and -a 2 times speedup :-). - -There are 3 versions of assember for the HP PA-RISC. - -pa-risc.s is the origional one which works fine and generated using gcc :-) - -pa-risc2W.s and pa-risc2.s are 64 and 32-bit PA-RISC 2.0 implementations -by Chris Ruemmler from HP (with some help from the HP C compiler). - - diff --git a/src/lib/libcrypto/bn/asm/alpha-mont.pl b/src/lib/libcrypto/bn/asm/alpha-mont.pl new file mode 100644 index 00000000000..41700d5bd58 --- /dev/null +++ b/src/lib/libcrypto/bn/asm/alpha-mont.pl @@ -0,0 +1,316 @@ +#!/usr/bin/env perl +# +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== +# +# On 21264 RSA sign performance improves by 70/35/20/15 percent for +# 512/1024/2048/4096 bit key lengths. This is against vendor compiler +# instructed to '-tune host' code with in-line assembler. Other +# benchmarks improve by 15-20%. To anchor it to something else, the +# code provides approximately the same performance per GHz as AMD64. +# I.e. if you compare 1GHz 21264 and 2GHz Opteron, you'll observe ~2x +# difference. + +# int bn_mul_mont( +$rp="a0"; # BN_ULONG *rp, +$ap="a1"; # const BN_ULONG *ap, +$bp="a2"; # const BN_ULONG *bp, +$np="a3"; # const BN_ULONG *np, +$n0="a4"; # const BN_ULONG *n0, +$num="a5"; # int num); + +$lo0="t0"; +$hi0="t1"; +$lo1="t2"; +$hi1="t3"; +$aj="t4"; +$bi="t5"; +$nj="t6"; +$tp="t7"; +$alo="t8"; +$ahi="t9"; +$nlo="t10"; +$nhi="t11"; +$tj="t12"; +$i="s3"; +$j="s4"; +$m1="s5"; + +$code=<<___; +#include + +.text + +.set noat +.set noreorder + +.globl bn_mul_mont +.align 5 +.ent bn_mul_mont +bn_mul_mont: + lda sp,-48(sp) + stq ra,0(sp) + stq s3,8(sp) + stq s4,16(sp) + stq s5,24(sp) + stq fp,32(sp) + mov sp,fp + .mask 0x0400f000,-48 + .frame fp,48,ra + .prologue 0 + + .align 4 + .set reorder + sextl $num,$num + mov 0,v0 + cmplt $num,4,AT + bne AT,.Lexit + + ldq $hi0,0($ap) # ap[0] + s8addq $num,16,AT + ldq $aj,8($ap) + subq sp,AT,sp + ldq $bi,0($bp) # bp[0] + lda AT,-4096(zero) # mov -4096,AT + ldq $n0,0($n0) + and sp,AT,sp + + mulq $hi0,$bi,$lo0 + ldq $hi1,0($np) # np[0] + umulh $hi0,$bi,$hi0 + ldq $nj,8($np) + + mulq $lo0,$n0,$m1 + + mulq $hi1,$m1,$lo1 + umulh $hi1,$m1,$hi1 + + addq $lo1,$lo0,$lo1 + cmpult $lo1,$lo0,AT + addq $hi1,AT,$hi1 + + mulq $aj,$bi,$alo + mov 2,$j + umulh $aj,$bi,$ahi + mov sp,$tp + + mulq $nj,$m1,$nlo + s8addq $j,$ap,$aj + umulh $nj,$m1,$nhi + s8addq $j,$np,$nj +.align 4 +.L1st: + .set noreorder + ldq $aj,0($aj) + addl $j,1,$j + ldq $nj,0($nj) + lda $tp,8($tp) + + addq $alo,$hi0,$lo0 + mulq $aj,$bi,$alo + cmpult $lo0,$hi0,AT + addq $nlo,$hi1,$lo1 + + mulq $nj,$m1,$nlo + addq $ahi,AT,$hi0 + cmpult $lo1,$hi1,v0 + cmplt $j,$num,$tj + + umulh $aj,$bi,$ahi + addq $nhi,v0,$hi1 + addq $lo1,$lo0,$lo1 + s8addq $j,$ap,$aj + + umulh $nj,$m1,$nhi + cmpult $lo1,$lo0,v0 + addq $hi1,v0,$hi1 + s8addq $j,$np,$nj + + stq $lo1,-8($tp) + nop + unop + bne $tj,.L1st + .set reorder + + addq $alo,$hi0,$lo0 + addq $nlo,$hi1,$lo1 + cmpult $lo0,$hi0,AT + cmpult $lo1,$hi1,v0 + addq $ahi,AT,$hi0 + addq $nhi,v0,$hi1 + + addq $lo1,$lo0,$lo1 + cmpult $lo1,$lo0,v0 + addq $hi1,v0,$hi1 + + stq $lo1,0($tp) + + addq $hi1,$hi0,$hi1 + cmpult $hi1,$hi0,AT + stq $hi1,8($tp) + stq AT,16($tp) + + mov 1,$i +.align 4 +.Louter: + s8addq $i,$bp,$bi + ldq $hi0,0($ap) + ldq $aj,8($ap) + ldq $bi,0($bi) + ldq $hi1,0($np) + ldq $nj,8($np) + ldq $tj,0(sp) + + mulq $hi0,$bi,$lo0 + umulh $hi0,$bi,$hi0 + + addq $lo0,$tj,$lo0 + cmpult $lo0,$tj,AT + addq $hi0,AT,$hi0 + + mulq $lo0,$n0,$m1 + + mulq $hi1,$m1,$lo1 + umulh $hi1,$m1,$hi1 + + addq $lo1,$lo0,$lo1 + cmpult $lo1,$lo0,AT + mov 2,$j + addq $hi1,AT,$hi1 + + mulq $aj,$bi,$alo + mov sp,$tp + umulh $aj,$bi,$ahi + + mulq $nj,$m1,$nlo + s8addq $j,$ap,$aj + umulh $nj,$m1,$nhi +.align 4 +.Linner: + .set noreorder + ldq $tj,8($tp) #L0 + nop #U1 + ldq $aj,0($aj) #L1 + s8addq $j,$np,$nj #U0 + + ldq $nj,0($nj) #L0 + nop #U1 + addq $alo,$hi0,$lo0 #L1 + lda $tp,8($tp) + + mulq $aj,$bi,$alo #U1 + cmpult $lo0,$hi0,AT #L0 + addq $nlo,$hi1,$lo1 #L1 + addl $j,1,$j + + mulq $nj,$m1,$nlo #U1 + addq $ahi,AT,$hi0 #L0 + addq $lo0,$tj,$lo0 #L1 + cmpult $lo1,$hi1,v0 #U0 + + umulh $aj,$bi,$ahi #U1 + cmpult $lo0,$tj,AT #L0 + addq $lo1,$lo0,$lo1 #L1 + addq $nhi,v0,$hi1 #U0 + + umulh $nj,$m1,$nhi #U1 + s8addq $j,$ap,$aj #L0 + cmpult $lo1,$lo0,v0 #L1 + cmplt $j,$num,$tj #U0 # borrow $tj + + addq $hi0,AT,$hi0 #L0 + addq $hi1,v0,$hi1 #U1 + stq $lo1,-8($tp) #L1 + bne $tj,.Linner #U0 + .set reorder + + ldq $tj,8($tp) + addq $alo,$hi0,$lo0 + addq $nlo,$hi1,$lo1 + cmpult $lo0,$hi0,AT + cmpult $lo1,$hi1,v0 + addq $ahi,AT,$hi0 + addq $nhi,v0,$hi1 + + addq $lo0,$tj,$lo0 + cmpult $lo0,$tj,AT + addq $hi0,AT,$hi0 + + ldq $tj,16($tp) + addq $lo1,$lo0,$j + cmpult $j,$lo0,v0 + addq $hi1,v0,$hi1 + + addq $hi1,$hi0,$lo1 + stq $j,0($tp) + cmpult $lo1,$hi0,$hi1 + addq $lo1,$tj,$lo1 + cmpult $lo1,$tj,AT + addl $i,1,$i + addq $hi1,AT,$hi1 + stq $lo1,8($tp) + cmplt $i,$num,$tj # borrow $tj + stq $hi1,16($tp) + bne $tj,.Louter + + s8addq $num,sp,$tj # &tp[num] + mov $rp,$bp # put rp aside + mov sp,$tp + mov sp,$ap + mov 0,$hi0 # clear borrow bit + +.align 4 +.Lsub: ldq $lo0,0($tp) + ldq $lo1,0($np) + lda $tp,8($tp) + lda $np,8($np) + subq $lo0,$lo1,$lo1 # tp[i]-np[i] + cmpult $lo0,$lo1,AT + subq $lo1,$hi0,$lo0 + cmpult $lo1,$lo0,$hi0 + or $hi0,AT,$hi0 + stq $lo0,0($rp) + cmpult $tp,$tj,v0 + lda $rp,8($rp) + bne v0,.Lsub + + subq $hi1,$hi0,$hi0 # handle upmost overflow bit + mov sp,$tp + mov $bp,$rp # restore rp + + and sp,$hi0,$ap + bic $bp,$hi0,$bp + bis $bp,$ap,$ap # ap=borrow?tp:rp + +.align 4 +.Lcopy: ldq $aj,0($ap) # copy or in-place refresh + lda $tp,8($tp) + lda $rp,8($rp) + lda $ap,8($ap) + stq zero,-8($tp) # zap tp + cmpult $tp,$tj,AT + stq $aj,-8($rp) + bne AT,.Lcopy + mov 1,v0 + +.Lexit: + .set noreorder + mov fp,sp + /*ldq ra,0(sp)*/ + ldq s3,8(sp) + ldq s4,16(sp) + ldq s5,24(sp) + ldq fp,32(sp) + lda sp,48(sp) + ret (ra) +.end bn_mul_mont +.ascii "Montgomery Multiplication for Alpha, CRYPTOGAMS by " +.align 2 +___ + +print $code; +close STDOUT; diff --git a/src/lib/libcrypto/bn/asm/alpha.s b/src/lib/libcrypto/bn/asm/alpha.s deleted file mode 100644 index 555ff0b92d1..00000000000 --- a/src/lib/libcrypto/bn/asm/alpha.s +++ /dev/null @@ -1,3199 +0,0 @@ - # DEC Alpha assember - # The bn_div_words is actually gcc output but the other parts are hand done. - # Thanks to tzeruch@ceddec.com for sending me the gcc output for - # bn_div_words. - # I've gone back and re-done most of routines. - # The key thing to remeber for the 164 CPU is that while a - # multiply operation takes 8 cycles, another one can only be issued - # after 4 cycles have elapsed. I've done modification to help - # improve this. Also, normally, a ld instruction will not be available - # for about 3 cycles. - .file 1 "bn_asm.c" - .set noat -gcc2_compiled.: -__gnu_compiled_c: - .text - .align 3 - .globl bn_mul_add_words - .ent bn_mul_add_words -bn_mul_add_words: -bn_mul_add_words..ng: - .frame $30,0,$26,0 - .prologue 0 - .align 5 - subq $18,4,$18 - bis $31,$31,$0 - blt $18,$43 # if we are -1, -2, -3 or -4 goto tail code - ldq $20,0($17) # 1 1 - ldq $1,0($16) # 1 1 - .align 3 -$42: - mulq $20,$19,$5 # 1 2 1 ###### - ldq $21,8($17) # 2 1 - ldq $2,8($16) # 2 1 - umulh $20,$19,$20 # 1 2 ###### - ldq $27,16($17) # 3 1 - ldq $3,16($16) # 3 1 - mulq $21,$19,$6 # 2 2 1 ###### - ldq $28,24($17) # 4 1 - addq $1,$5,$1 # 1 2 2 - ldq $4,24($16) # 4 1 - umulh $21,$19,$21 # 2 2 ###### - cmpult $1,$5,$22 # 1 2 3 1 - addq $20,$22,$20 # 1 3 1 - addq $1,$0,$1 # 1 2 3 1 - mulq $27,$19,$7 # 3 2 1 ###### - cmpult $1,$0,$0 # 1 2 3 2 - addq $2,$6,$2 # 2 2 2 - addq $20,$0,$0 # 1 3 2 - cmpult $2,$6,$23 # 2 2 3 1 - addq $21,$23,$21 # 2 3 1 - umulh $27,$19,$27 # 3 2 ###### - addq $2,$0,$2 # 2 2 3 1 - cmpult $2,$0,$0 # 2 2 3 2 - subq $18,4,$18 - mulq $28,$19,$8 # 4 2 1 ###### - addq $21,$0,$0 # 2 3 2 - addq $3,$7,$3 # 3 2 2 - addq $16,32,$16 - cmpult $3,$7,$24 # 3 2 3 1 - stq $1,-32($16) # 1 2 4 - umulh $28,$19,$28 # 4 2 ###### - addq $27,$24,$27 # 3 3 1 - addq $3,$0,$3 # 3 2 3 1 - stq $2,-24($16) # 2 2 4 - cmpult $3,$0,$0 # 3 2 3 2 - stq $3,-16($16) # 3 2 4 - addq $4,$8,$4 # 4 2 2 - addq $27,$0,$0 # 3 3 2 - cmpult $4,$8,$25 # 4 2 3 1 - addq $17,32,$17 - addq $28,$25,$28 # 4 3 1 - addq $4,$0,$4 # 4 2 3 1 - cmpult $4,$0,$0 # 4 2 3 2 - stq $4,-8($16) # 4 2 4 - addq $28,$0,$0 # 4 3 2 - blt $18,$43 - - ldq $20,0($17) # 1 1 - ldq $1,0($16) # 1 1 - - br $42 - - .align 4 -$45: - ldq $20,0($17) # 4 1 - ldq $1,0($16) # 4 1 - mulq $20,$19,$5 # 4 2 1 - subq $18,1,$18 - addq $16,8,$16 - addq $17,8,$17 - umulh $20,$19,$20 # 4 2 - addq $1,$5,$1 # 4 2 2 - cmpult $1,$5,$22 # 4 2 3 1 - addq $20,$22,$20 # 4 3 1 - addq $1,$0,$1 # 4 2 3 1 - cmpult $1,$0,$0 # 4 2 3 2 - addq $20,$0,$0 # 4 3 2 - stq $1,-8($16) # 4 2 4 - bgt $18,$45 - ret $31,($26),1 # else exit - - .align 4 -$43: - addq $18,4,$18 - bgt $18,$45 # goto tail code - ret $31,($26),1 # else exit - - .end bn_mul_add_words - .align 3 - .globl bn_mul_words - .ent bn_mul_words -bn_mul_words: -bn_mul_words..ng: - .frame $30,0,$26,0 - .prologue 0 - .align 5 - subq $18,4,$18 - bis $31,$31,$0 - blt $18,$143 # if we are -1, -2, -3 or -4 goto tail code - ldq $20,0($17) # 1 1 - .align 3 -$142: - - mulq $20,$19,$5 # 1 2 1 ##### - ldq $21,8($17) # 2 1 - ldq $27,16($17) # 3 1 - umulh $20,$19,$20 # 1 2 ##### - ldq $28,24($17) # 4 1 - mulq $21,$19,$6 # 2 2 1 ##### - addq $5,$0,$5 # 1 2 3 1 - subq $18,4,$18 - cmpult $5,$0,$0 # 1 2 3 2 - umulh $21,$19,$21 # 2 2 ##### - addq $20,$0,$0 # 1 3 2 - addq $17,32,$17 - addq $6,$0,$6 # 2 2 3 1 - mulq $27,$19,$7 # 3 2 1 ##### - cmpult $6,$0,$0 # 2 2 3 2 - addq $21,$0,$0 # 2 3 2 - addq $16,32,$16 - umulh $27,$19,$27 # 3 2 ##### - stq $5,-32($16) # 1 2 4 - mulq $28,$19,$8 # 4 2 1 ##### - addq $7,$0,$7 # 3 2 3 1 - stq $6,-24($16) # 2 2 4 - cmpult $7,$0,$0 # 3 2 3 2 - umulh $28,$19,$28 # 4 2 ##### - addq $27,$0,$0 # 3 3 2 - stq $7,-16($16) # 3 2 4 - addq $8,$0,$8 # 4 2 3 1 - cmpult $8,$0,$0 # 4 2 3 2 - - addq $28,$0,$0 # 4 3 2 - - stq $8,-8($16) # 4 2 4 - - blt $18,$143 - - ldq $20,0($17) # 1 1 - - br $142 - - .align 4 -$145: - ldq $20,0($17) # 4 1 - mulq $20,$19,$5 # 4 2 1 - subq $18,1,$18 - umulh $20,$19,$20 # 4 2 - addq $5,$0,$5 # 4 2 3 1 - addq $16,8,$16 - cmpult $5,$0,$0 # 4 2 3 2 - addq $17,8,$17 - addq $20,$0,$0 # 4 3 2 - stq $5,-8($16) # 4 2 4 - - bgt $18,$145 - ret $31,($26),1 # else exit - - .align 4 -$143: - addq $18,4,$18 - bgt $18,$145 # goto tail code - ret $31,($26),1 # else exit - - .end bn_mul_words - .align 3 - .globl bn_sqr_words - .ent bn_sqr_words -bn_sqr_words: -bn_sqr_words..ng: - .frame $30,0,$26,0 - .prologue 0 - - subq $18,4,$18 - blt $18,$543 # if we are -1, -2, -3 or -4 goto tail code - ldq $20,0($17) # 1 1 - .align 3 -$542: - mulq $20,$20,$5 ###### - ldq $21,8($17) # 1 1 - subq $18,4 - umulh $20,$20,$1 ###### - ldq $27,16($17) # 1 1 - mulq $21,$21,$6 ###### - ldq $28,24($17) # 1 1 - stq $5,0($16) # r[0] - umulh $21,$21,$2 ###### - stq $1,8($16) # r[1] - mulq $27,$27,$7 ###### - stq $6,16($16) # r[0] - umulh $27,$27,$3 ###### - stq $2,24($16) # r[1] - mulq $28,$28,$8 ###### - stq $7,32($16) # r[0] - umulh $28,$28,$4 ###### - stq $3,40($16) # r[1] - - addq $16,64,$16 - addq $17,32,$17 - stq $8,-16($16) # r[0] - stq $4,-8($16) # r[1] - - blt $18,$543 - ldq $20,0($17) # 1 1 - br $542 - -$442: - ldq $20,0($17) # a[0] - mulq $20,$20,$5 # a[0]*w low part r2 - addq $16,16,$16 - addq $17,8,$17 - subq $18,1,$18 - umulh $20,$20,$1 # a[0]*w high part r3 - stq $5,-16($16) # r[0] - stq $1,-8($16) # r[1] - - bgt $18,$442 - ret $31,($26),1 # else exit - - .align 4 -$543: - addq $18,4,$18 - bgt $18,$442 # goto tail code - ret $31,($26),1 # else exit - .end bn_sqr_words - - .align 3 - .globl bn_add_words - .ent bn_add_words -bn_add_words: -bn_add_words..ng: - .frame $30,0,$26,0 - .prologue 0 - - subq $19,4,$19 - bis $31,$31,$0 # carry = 0 - blt $19,$900 - ldq $5,0($17) # a[0] - ldq $1,0($18) # b[1] - .align 3 -$901: - addq $1,$5,$1 # r=a+b; - ldq $6,8($17) # a[1] - cmpult $1,$5,$22 # did we overflow? - ldq $2,8($18) # b[1] - addq $1,$0,$1 # c+= overflow - ldq $7,16($17) # a[2] - cmpult $1,$0,$0 # overflow? - ldq $3,16($18) # b[2] - addq $0,$22,$0 - ldq $8,24($17) # a[3] - addq $2,$6,$2 # r=a+b; - ldq $4,24($18) # b[3] - cmpult $2,$6,$23 # did we overflow? - addq $3,$7,$3 # r=a+b; - addq $2,$0,$2 # c+= overflow - cmpult $3,$7,$24 # did we overflow? - cmpult $2,$0,$0 # overflow? - addq $4,$8,$4 # r=a+b; - addq $0,$23,$0 - cmpult $4,$8,$25 # did we overflow? - addq $3,$0,$3 # c+= overflow - stq $1,0($16) # r[0]=c - cmpult $3,$0,$0 # overflow? - stq $2,8($16) # r[1]=c - addq $0,$24,$0 - stq $3,16($16) # r[2]=c - addq $4,$0,$4 # c+= overflow - subq $19,4,$19 # loop-- - cmpult $4,$0,$0 # overflow? - addq $17,32,$17 # a++ - addq $0,$25,$0 - stq $4,24($16) # r[3]=c - addq $18,32,$18 # b++ - addq $16,32,$16 # r++ - - blt $19,$900 - ldq $5,0($17) # a[0] - ldq $1,0($18) # b[1] - br $901 - .align 4 -$945: - ldq $5,0($17) # a[0] - ldq $1,0($18) # b[1] - addq $1,$5,$1 # r=a+b; - subq $19,1,$19 # loop-- - addq $1,$0,$1 # c+= overflow - addq $17,8,$17 # a++ - cmpult $1,$5,$22 # did we overflow? - cmpult $1,$0,$0 # overflow? - addq $18,8,$18 # b++ - stq $1,0($16) # r[0]=c - addq $0,$22,$0 - addq $16,8,$16 # r++ - - bgt $19,$945 - ret $31,($26),1 # else exit - -$900: - addq $19,4,$19 - bgt $19,$945 # goto tail code - ret $31,($26),1 # else exit - .end bn_add_words - - # - # What follows was taken directly from the C compiler with a few - # hacks to redo the lables. - # -.text - .align 3 - .globl bn_div_words - .ent bn_div_words -bn_div_words: - ldgp $29,0($27) -bn_div_words..ng: - lda $30,-48($30) - .frame $30,48,$26,0 - stq $26,0($30) - stq $9,8($30) - stq $10,16($30) - stq $11,24($30) - stq $12,32($30) - stq $13,40($30) - .mask 0x4003e00,-48 - .prologue 1 - bis $16,$16,$9 - bis $17,$17,$10 - bis $18,$18,$11 - bis $31,$31,$13 - bis $31,2,$12 - bne $11,$119 - lda $0,-1 - br $31,$136 - .align 4 -$119: - bis $11,$11,$16 - jsr $26,BN_num_bits_word - ldgp $29,0($26) - subq $0,64,$1 - beq $1,$120 - bis $31,1,$1 - sll $1,$0,$1 - cmpule $9,$1,$1 - bne $1,$120 - # lda $16,_IO_stderr_ - # lda $17,$C32 - # bis $0,$0,$18 - # jsr $26,fprintf - # ldgp $29,0($26) - jsr $26,abort - ldgp $29,0($26) - .align 4 -$120: - bis $31,64,$3 - cmpult $9,$11,$2 - subq $3,$0,$1 - addl $1,$31,$0 - subq $9,$11,$1 - cmoveq $2,$1,$9 - beq $0,$122 - zapnot $0,15,$2 - subq $3,$0,$1 - sll $11,$2,$11 - sll $9,$2,$3 - srl $10,$1,$1 - sll $10,$2,$10 - bis $3,$1,$9 -$122: - srl $11,32,$5 - zapnot $11,15,$6 - lda $7,-1 - .align 5 -$123: - srl $9,32,$1 - subq $1,$5,$1 - bne $1,$126 - zapnot $7,15,$27 - br $31,$127 - .align 4 -$126: - bis $9,$9,$24 - bis $5,$5,$25 - divqu $24,$25,$27 -$127: - srl $10,32,$4 - .align 5 -$128: - mulq $27,$5,$1 - subq $9,$1,$3 - zapnot $3,240,$1 - bne $1,$129 - mulq $6,$27,$2 - sll $3,32,$1 - addq $1,$4,$1 - cmpule $2,$1,$2 - bne $2,$129 - subq $27,1,$27 - br $31,$128 - .align 4 -$129: - mulq $27,$6,$1 - mulq $27,$5,$4 - srl $1,32,$3 - sll $1,32,$1 - addq $4,$3,$4 - cmpult $10,$1,$2 - subq $10,$1,$10 - addq $2,$4,$2 - cmpult $9,$2,$1 - bis $2,$2,$4 - beq $1,$134 - addq $9,$11,$9 - subq $27,1,$27 -$134: - subl $12,1,$12 - subq $9,$4,$9 - beq $12,$124 - sll $27,32,$13 - sll $9,32,$2 - srl $10,32,$1 - sll $10,32,$10 - bis $2,$1,$9 - br $31,$123 - .align 4 -$124: - bis $13,$27,$0 -$136: - ldq $26,0($30) - ldq $9,8($30) - ldq $10,16($30) - ldq $11,24($30) - ldq $12,32($30) - ldq $13,40($30) - addq $30,48,$30 - ret $31,($26),1 - .end bn_div_words - - .set noat - .text - .align 3 - .globl bn_sub_words - .ent bn_sub_words -bn_sub_words: -bn_sub_words..ng: - .frame $30,0,$26,0 - .prologue 0 - - subq $19, 4, $19 - bis $31, $31, $0 - blt $19, $100 - ldq $1, 0($17) - ldq $2, 0($18) -$101: - ldq $3, 8($17) - cmpult $1, $2, $4 - ldq $5, 8($18) - subq $1, $2, $1 - ldq $6, 16($17) - cmpult $1, $0, $2 - ldq $7, 16($18) - subq $1, $0, $23 - ldq $8, 24($17) - addq $2, $4, $0 - cmpult $3, $5, $24 - subq $3, $5, $3 - ldq $22, 24($18) - cmpult $3, $0, $5 - subq $3, $0, $25 - addq $5, $24, $0 - cmpult $6, $7, $27 - subq $6, $7, $6 - stq $23, 0($16) - cmpult $6, $0, $7 - subq $6, $0, $28 - addq $7, $27, $0 - cmpult $8, $22, $21 - subq $8, $22, $8 - stq $25, 8($16) - cmpult $8, $0, $22 - subq $8, $0, $20 - addq $22, $21, $0 - stq $28, 16($16) - subq $19, 4, $19 - stq $20, 24($16) - addq $17, 32, $17 - addq $18, 32, $18 - addq $16, 32, $16 - blt $19, $100 - ldq $1, 0($17) - ldq $2, 0($18) - br $101 -$102: - ldq $1, 0($17) - ldq $2, 0($18) - cmpult $1, $2, $27 - subq $1, $2, $1 - cmpult $1, $0, $2 - subq $1, $0, $1 - stq $1, 0($16) - addq $2, $27, $0 - addq $17, 8, $17 - addq $18, 8, $18 - addq $16, 8, $16 - subq $19, 1, $19 - bgt $19, $102 - ret $31,($26),1 -$100: - addq $19, 4, $19 - bgt $19, $102 -$103: - ret $31,($26),1 - .end bn_sub_words - .text - .align 3 - .globl bn_mul_comba4 - .ent bn_mul_comba4 -bn_mul_comba4: -bn_mul_comba4..ng: - .frame $30,0,$26,0 - .prologue 0 - - ldq $0, 0($17) - ldq $1, 0($18) - ldq $2, 8($17) - ldq $3, 8($18) - ldq $4, 16($17) - ldq $5, 16($18) - ldq $6, 24($17) - ldq $7, 24($18) - bis $31, $31, $23 - mulq $0, $1, $8 - umulh $0, $1, $22 - stq $8, 0($16) - bis $31, $31, $8 - mulq $0, $3, $24 - umulh $0, $3, $25 - addq $22, $24, $22 - cmpult $22, $24, $27 - addq $27, $25, $25 - addq $23, $25, $23 - cmpult $23, $25, $28 - addq $8, $28, $8 - mulq $2, $1, $21 - umulh $2, $1, $20 - addq $22, $21, $22 - cmpult $22, $21, $19 - addq $19, $20, $20 - addq $23, $20, $23 - cmpult $23, $20, $17 - addq $8, $17, $8 - stq $22, 8($16) - bis $31, $31, $22 - mulq $2, $3, $18 - umulh $2, $3, $24 - addq $23, $18, $23 - cmpult $23, $18, $27 - addq $27, $24, $24 - addq $8, $24, $8 - cmpult $8, $24, $25 - addq $22, $25, $22 - mulq $0, $5, $28 - umulh $0, $5, $21 - addq $23, $28, $23 - cmpult $23, $28, $19 - addq $19, $21, $21 - addq $8, $21, $8 - cmpult $8, $21, $20 - addq $22, $20, $22 - mulq $4, $1, $17 - umulh $4, $1, $18 - addq $23, $17, $23 - cmpult $23, $17, $27 - addq $27, $18, $18 - addq $8, $18, $8 - cmpult $8, $18, $24 - addq $22, $24, $22 - stq $23, 16($16) - bis $31, $31, $23 - mulq $0, $7, $25 - umulh $0, $7, $28 - addq $8, $25, $8 - cmpult $8, $25, $19 - addq $19, $28, $28 - addq $22, $28, $22 - cmpult $22, $28, $21 - addq $23, $21, $23 - mulq $2, $5, $20 - umulh $2, $5, $17 - addq $8, $20, $8 - cmpult $8, $20, $27 - addq $27, $17, $17 - addq $22, $17, $22 - cmpult $22, $17, $18 - addq $23, $18, $23 - mulq $4, $3, $24 - umulh $4, $3, $25 - addq $8, $24, $8 - cmpult $8, $24, $19 - addq $19, $25, $25 - addq $22, $25, $22 - cmpult $22, $25, $28 - addq $23, $28, $23 - mulq $6, $1, $21 - umulh $6, $1, $0 - addq $8, $21, $8 - cmpult $8, $21, $20 - addq $20, $0, $0 - addq $22, $0, $22 - cmpult $22, $0, $27 - addq $23, $27, $23 - stq $8, 24($16) - bis $31, $31, $8 - mulq $2, $7, $17 - umulh $2, $7, $18 - addq $22, $17, $22 - cmpult $22, $17, $24 - addq $24, $18, $18 - addq $23, $18, $23 - cmpult $23, $18, $19 - addq $8, $19, $8 - mulq $4, $5, $25 - umulh $4, $5, $28 - addq $22, $25, $22 - cmpult $22, $25, $21 - addq $21, $28, $28 - addq $23, $28, $23 - cmpult $23, $28, $20 - addq $8, $20, $8 - mulq $6, $3, $0 - umulh $6, $3, $27 - addq $22, $0, $22 - cmpult $22, $0, $1 - addq $1, $27, $27 - addq $23, $27, $23 - cmpult $23, $27, $17 - addq $8, $17, $8 - stq $22, 32($16) - bis $31, $31, $22 - mulq $4, $7, $24 - umulh $4, $7, $18 - addq $23, $24, $23 - cmpult $23, $24, $19 - addq $19, $18, $18 - addq $8, $18, $8 - cmpult $8, $18, $2 - addq $22, $2, $22 - mulq $6, $5, $25 - umulh $6, $5, $21 - addq $23, $25, $23 - cmpult $23, $25, $28 - addq $28, $21, $21 - addq $8, $21, $8 - cmpult $8, $21, $20 - addq $22, $20, $22 - stq $23, 40($16) - bis $31, $31, $23 - mulq $6, $7, $0 - umulh $6, $7, $1 - addq $8, $0, $8 - cmpult $8, $0, $27 - addq $27, $1, $1 - addq $22, $1, $22 - cmpult $22, $1, $17 - addq $23, $17, $23 - stq $8, 48($16) - stq $22, 56($16) - ret $31,($26),1 - .end bn_mul_comba4 - .text - .align 3 - .globl bn_mul_comba8 - .ent bn_mul_comba8 -bn_mul_comba8: -bn_mul_comba8..ng: - .frame $30,0,$26,0 - .prologue 0 - ldq $1, 0($17) - ldq $2, 0($18) - zapnot $1, 15, $7 - srl $2, 32, $8 - mulq $8, $7, $22 - srl $1, 32, $6 - zapnot $2, 15, $5 - mulq $5, $6, $4 - mulq $7, $5, $24 - addq $22, $4, $22 - cmpult $22, $4, $1 - mulq $6, $8, $3 - beq $1, $173 - bis $31, 1, $1 - sll $1, 32, $1 - addq $3, $1, $3 -$173: - sll $22, 32, $4 - addq $24, $4, $24 - stq $24, 0($16) - ldq $2, 0($17) - ldq $1, 8($18) - zapnot $2, 15, $7 - srl $1, 32, $8 - mulq $8, $7, $25 - zapnot $1, 15, $5 - mulq $7, $5, $0 - srl $2, 32, $6 - mulq $5, $6, $23 - mulq $6, $8, $6 - srl $22, 32, $1 - cmpult $24, $4, $2 - addq $3, $1, $3 - addq $2, $3, $22 - addq $25, $23, $25 - cmpult $25, $23, $1 - bis $31, 1, $2 - beq $1, $177 - sll $2, 32, $1 - addq $6, $1, $6 -$177: - sll $25, 32, $23 - ldq $1, 0($18) - addq $0, $23, $0 - bis $0, $0, $7 - ldq $3, 8($17) - addq $22, $7, $22 - srl $1, 32, $8 - cmpult $22, $7, $4 - zapnot $3, 15, $7 - mulq $8, $7, $28 - zapnot $1, 15, $5 - mulq $7, $5, $21 - srl $25, 32, $1 - cmpult $0, $23, $2 - addq $6, $1, $6 - addq $2, $6, $6 - addq $4, $6, $24 - srl $3, 32, $6 - mulq $5, $6, $2 - mulq $6, $8, $6 - addq $28, $2, $28 - cmpult $28, $2, $1 - bis $31, 1, $2 - beq $1, $181 - sll $2, 32, $1 - addq $6, $1, $6 -$181: - sll $28, 32, $2 - addq $21, $2, $21 - bis $21, $21, $7 - addq $22, $7, $22 - stq $22, 8($16) - ldq $3, 16($17) - ldq $1, 0($18) - cmpult $22, $7, $4 - zapnot $3, 15, $7 - srl $1, 32, $8 - mulq $8, $7, $22 - zapnot $1, 15, $5 - mulq $7, $5, $20 - srl $28, 32, $1 - cmpult $21, $2, $2 - addq $6, $1, $6 - addq $2, $6, $6 - addq $4, $6, $6 - addq $24, $6, $24 - cmpult $24, $6, $23 - srl $3, 32, $6 - mulq $5, $6, $2 - mulq $6, $8, $6 - addq $22, $2, $22 - cmpult $22, $2, $1 - bis $31, 1, $2 - beq $1, $185 - sll $2, 32, $1 - addq $6, $1, $6 -$185: - sll $22, 32, $2 - ldq $1, 8($18) - addq $20, $2, $20 - bis $20, $20, $7 - ldq $4, 8($17) - addq $24, $7, $24 - srl $1, 32, $8 - cmpult $24, $7, $3 - zapnot $4, 15, $7 - mulq $8, $7, $25 - zapnot $1, 15, $5 - mulq $7, $5, $0 - srl $22, 32, $1 - cmpult $20, $2, $2 - addq $6, $1, $6 - addq $2, $6, $6 - addq $3, $6, $6 - addq $23, $6, $23 - cmpult $23, $6, $22 - srl $4, 32, $6 - mulq $5, $6, $5 - bis $31, 1, $21 - addq $25, $5, $25 - cmpult $25, $5, $1 - mulq $6, $8, $6 - beq $1, $189 - sll $21, 32, $1 - addq $6, $1, $6 -$189: - sll $25, 32, $5 - ldq $2, 16($18) - addq $0, $5, $0 - bis $0, $0, $7 - ldq $4, 0($17) - addq $24, $7, $24 - srl $2, 32, $8 - cmpult $24, $7, $3 - zapnot $4, 15, $7 - mulq $8, $7, $28 - srl $25, 32, $1 - addq $6, $1, $6 - cmpult $0, $5, $1 - zapnot $2, 15, $5 - addq $1, $6, $6 - addq $3, $6, $6 - addq $23, $6, $23 - cmpult $23, $6, $1 - srl $4, 32, $6 - mulq $5, $6, $25 - mulq $7, $5, $2 - addq $1, $22, $22 - addq $28, $25, $28 - cmpult $28, $25, $1 - mulq $6, $8, $6 - beq $1, $193 - sll $21, 32, $1 - addq $6, $1, $6 -$193: - sll $28, 32, $25 - addq $2, $25, $2 - bis $2, $2, $7 - addq $24, $7, $24 - stq $24, 16($16) - ldq $4, 0($17) - ldq $5, 24($18) - cmpult $24, $7, $3 - zapnot $4, 15, $7 - srl $5, 32, $8 - mulq $8, $7, $0 - srl $28, 32, $1 - cmpult $2, $25, $2 - addq $6, $1, $6 - addq $2, $6, $6 - addq $3, $6, $6 - addq $23, $6, $23 - cmpult $23, $6, $1 - srl $4, 32, $6 - zapnot $5, 15, $5 - mulq $5, $6, $24 - mulq $7, $5, $2 - addq $1, $22, $22 - addq $0, $24, $0 - cmpult $0, $24, $1 - mulq $6, $8, $6 - beq $1, $197 - sll $21, 32, $1 - addq $6, $1, $6 -$197: - sll $0, 32, $24 - ldq $1, 16($18) - addq $2, $24, $2 - bis $2, $2, $7 - ldq $4, 8($17) - addq $23, $7, $23 - srl $1, 32, $8 - cmpult $23, $7, $3 - zapnot $4, 15, $7 - mulq $8, $7, $25 - zapnot $1, 15, $5 - mulq $7, $5, $21 - srl $0, 32, $1 - cmpult $2, $24, $2 - addq $6, $1, $6 - addq $2, $6, $6 - addq $3, $6, $6 - addq $22, $6, $22 - cmpult $22, $6, $24 - srl $4, 32, $6 - mulq $5, $6, $5 - bis $31, 1, $20 - addq $25, $5, $25 - cmpult $25, $5, $1 - mulq $6, $8, $6 - beq $1, $201 - sll $20, 32, $1 - addq $6, $1, $6 -$201: - sll $25, 32, $5 - ldq $2, 8($18) - addq $21, $5, $21 - bis $21, $21, $7 - ldq $4, 16($17) - addq $23, $7, $23 - srl $2, 32, $8 - cmpult $23, $7, $3 - zapnot $4, 15, $7 - mulq $8, $7, $28 - srl $25, 32, $1 - addq $6, $1, $6 - cmpult $21, $5, $1 - zapnot $2, 15, $5 - addq $1, $6, $6 - addq $3, $6, $6 - addq $22, $6, $22 - cmpult $22, $6, $1 - srl $4, 32, $6 - mulq $5, $6, $25 - mulq $7, $5, $5 - addq $1, $24, $24 - addq $28, $25, $28 - cmpult $28, $25, $1 - mulq $6, $8, $6 - beq $1, $205 - sll $20, 32, $1 - addq $6, $1, $6 -$205: - sll $28, 32, $25 - ldq $2, 0($18) - addq $5, $25, $5 - bis $5, $5, $7 - ldq $4, 24($17) - addq $23, $7, $23 - srl $2, 32, $8 - cmpult $23, $7, $3 - zapnot $4, 15, $7 - mulq $8, $7, $0 - srl $28, 32, $1 - addq $6, $1, $6 - cmpult $5, $25, $1 - zapnot $2, 15, $5 - addq $1, $6, $6 - addq $3, $6, $6 - addq $22, $6, $22 - cmpult $22, $6, $1 - srl $4, 32, $6 - mulq $5, $6, $25 - mulq $7, $5, $2 - addq $1, $24, $24 - addq $0, $25, $0 - cmpult $0, $25, $1 - mulq $6, $8, $6 - beq $1, $209 - sll $20, 32, $1 - addq $6, $1, $6 -$209: - sll $0, 32, $25 - addq $2, $25, $2 - bis $2, $2, $7 - addq $23, $7, $23 - stq $23, 24($16) - ldq $4, 32($17) - ldq $5, 0($18) - cmpult $23, $7, $3 - zapnot $4, 15, $7 - srl $5, 32, $8 - mulq $8, $7, $28 - srl $0, 32, $1 - cmpult $2, $25, $2 - addq $6, $1, $6 - addq $2, $6, $6 - addq $3, $6, $6 - addq $22, $6, $22 - cmpult $22, $6, $1 - srl $4, 32, $6 - zapnot $5, 15, $5 - mulq $5, $6, $23 - mulq $7, $5, $2 - addq $1, $24, $24 - addq $28, $23, $28 - cmpult $28, $23, $1 - mulq $6, $8, $6 - beq $1, $213 - sll $20, 32, $1 - addq $6, $1, $6 -$213: - sll $28, 32, $23 - ldq $1, 8($18) - addq $2, $23, $2 - bis $2, $2, $7 - ldq $4, 24($17) - addq $22, $7, $22 - srl $1, 32, $8 - cmpult $22, $7, $3 - zapnot $4, 15, $7 - mulq $8, $7, $25 - zapnot $1, 15, $5 - mulq $7, $5, $0 - srl $28, 32, $1 - cmpult $2, $23, $2 - addq $6, $1, $6 - addq $2, $6, $6 - addq $3, $6, $6 - addq $24, $6, $24 - cmpult $24, $6, $23 - srl $4, 32, $6 - mulq $5, $6, $5 - bis $31, 1, $21 - addq $25, $5, $25 - cmpult $25, $5, $1 - mulq $6, $8, $6 - beq $1, $217 - sll $21, 32, $1 - addq $6, $1, $6 -$217: - sll $25, 32, $5 - ldq $2, 16($18) - addq $0, $5, $0 - bis $0, $0, $7 - ldq $4, 16($17) - addq $22, $7, $22 - srl $2, 32, $8 - cmpult $22, $7, $3 - zapnot $4, 15, $7 - mulq $8, $7, $28 - srl $25, 32, $1 - addq $6, $1, $6 - cmpult $0, $5, $1 - zapnot $2, 15, $5 - addq $1, $6, $6 - addq $3, $6, $6 - addq $24, $6, $24 - cmpult $24, $6, $1 - srl $4, 32, $6 - mulq $5, $6, $25 - mulq $7, $5, $5 - addq $1, $23, $23 - addq $28, $25, $28 - cmpult $28, $25, $1 - mulq $6, $8, $6 - beq $1, $221 - sll $21, 32, $1 - addq $6, $1, $6 -$221: - sll $28, 32, $25 - ldq $2, 24($18) - addq $5, $25, $5 - bis $5, $5, $7 - ldq $4, 8($17) - addq $22, $7, $22 - srl $2, 32, $8 - cmpult $22, $7, $3 - zapnot $4, 15, $7 - mulq $8, $7, $0 - srl $28, 32, $1 - addq $6, $1, $6 - cmpult $5, $25, $1 - zapnot $2, 15, $5 - addq $1, $6, $6 - addq $3, $6, $6 - addq $24, $6, $24 - cmpult $24, $6, $1 - srl $4, 32, $6 - mulq $5, $6, $25 - mulq $7, $5, $5 - addq $1, $23, $23 - addq $0, $25, $0 - cmpult $0, $25, $1 - mulq $6, $8, $6 - beq $1, $225 - sll $21, 32, $1 - addq $6, $1, $6 -$225: - sll $0, 32, $25 - ldq $2, 32($18) - addq $5, $25, $5 - bis $5, $5, $7 - ldq $4, 0($17) - addq $22, $7, $22 - srl $2, 32, $8 - cmpult $22, $7, $3 - zapnot $4, 15, $7 - mulq $8, $7, $28 - srl $0, 32, $1 - addq $6, $1, $6 - cmpult $5, $25, $1 - zapnot $2, 15, $5 - addq $1, $6, $6 - addq $3, $6, $6 - addq $24, $6, $24 - cmpult $24, $6, $1 - srl $4, 32, $6 - mulq $5, $6, $25 - mulq $7, $5, $2 - addq $1, $23, $23 - addq $28, $25, $28 - cmpult $28, $25, $1 - mulq $6, $8, $6 - beq $1, $229 - sll $21, 32, $1 - addq $6, $1, $6 -$229: - sll $28, 32, $25 - addq $2, $25, $2 - bis $2, $2, $7 - addq $22, $7, $22 - stq $22, 32($16) - ldq $4, 0($17) - ldq $5, 40($18) - cmpult $22, $7, $3 - zapnot $4, 15, $7 - srl $5, 32, $8 - mulq $8, $7, $0 - srl $28, 32, $1 - cmpult $2, $25, $2 - addq $6, $1, $6 - addq $2, $6, $6 - addq $3, $6, $6 - addq $24, $6, $24 - cmpult $24, $6, $1 - srl $4, 32, $6 - zapnot $5, 15, $5 - mulq $5, $6, $22 - mulq $7, $5, $2 - addq $1, $23, $23 - addq $0, $22, $0 - cmpult $0, $22, $1 - mulq $6, $8, $6 - beq $1, $233 - sll $21, 32, $1 - addq $6, $1, $6 -$233: - sll $0, 32, $22 - ldq $1, 32($18) - addq $2, $22, $2 - bis $2, $2, $7 - ldq $4, 8($17) - addq $24, $7, $24 - srl $1, 32, $8 - cmpult $24, $7, $3 - zapnot $4, 15, $7 - mulq $8, $7, $25 - zapnot $1, 15, $5 - mulq $7, $5, $21 - srl $0, 32, $1 - cmpult $2, $22, $2 - addq $6, $1, $6 - addq $2, $6, $6 - addq $3, $6, $6 - addq $23, $6, $23 - cmpult $23, $6, $22 - srl $4, 32, $6 - mulq $5, $6, $5 - bis $31, 1, $20 - addq $25, $5, $25 - cmpult $25, $5, $1 - mulq $6, $8, $6 - beq $1, $237 - sll $20, 32, $1 - addq $6, $1, $6 -$237: - sll $25, 32, $5 - ldq $2, 24($18) - addq $21, $5, $21 - bis $21, $21, $7 - ldq $4, 16($17) - addq $24, $7, $24 - srl $2, 32, $8 - cmpult $24, $7, $3 - zapnot $4, 15, $7 - mulq $8, $7, $28 - srl $25, 32, $1 - addq $6, $1, $6 - cmpult $21, $5, $1 - zapnot $2, 15, $5 - addq $1, $6, $6 - addq $3, $6, $6 - addq $23, $6, $23 - cmpult $23, $6, $1 - srl $4, 32, $6 - mulq $5, $6, $25 - mulq $7, $5, $5 - addq $1, $22, $22 - addq $28, $25, $28 - cmpult $28, $25, $1 - mulq $6, $8, $6 - beq $1, $241 - sll $20, 32, $1 - addq $6, $1, $6 -$241: - sll $28, 32, $25 - ldq $2, 16($18) - addq $5, $25, $5 - bis $5, $5, $7 - ldq $4, 24($17) - addq $24, $7, $24 - srl $2, 32, $8 - cmpult $24, $7, $3 - zapnot $4, 15, $7 - mulq $8, $7, $0 - srl $28, 32, $1 - addq $6, $1, $6 - cmpult $5, $25, $1 - zapnot $2, 15, $5 - addq $1, $6, $6 - addq $3, $6, $6 - addq $23, $6, $23 - cmpult $23, $6, $1 - srl $4, 32, $6 - mulq $5, $6, $25 - mulq $7, $5, $5 - addq $1, $22, $22 - addq $0, $25, $0 - cmpult $0, $25, $1 - mulq $6, $8, $6 - beq $1, $245 - sll $20, 32, $1 - addq $6, $1, $6 -$245: - sll $0, 32, $25 - ldq $2, 8($18) - addq $5, $25, $5 - bis $5, $5, $7 - ldq $4, 32($17) - addq $24, $7, $24 - srl $2, 32, $8 - cmpult $24, $7, $3 - zapnot $4, 15, $7 - mulq $8, $7, $28 - srl $0, 32, $1 - addq $6, $1, $6 - cmpult $5, $25, $1 - zapnot $2, 15, $5 - addq $1, $6, $6 - addq $3, $6, $6 - addq $23, $6, $23 - cmpult $23, $6, $1 - srl $4, 32, $6 - mulq $5, $6, $25 - mulq $7, $5, $5 - addq $1, $22, $22 - addq $28, $25, $28 - cmpult $28, $25, $1 - mulq $6, $8, $6 - beq $1, $249 - sll $20, 32, $1 - addq $6, $1, $6 -$249: - sll $28, 32, $25 - ldq $2, 0($18) - addq $5, $25, $5 - bis $5, $5, $7 - ldq $4, 40($17) - addq $24, $7, $24 - srl $2, 32, $8 - cmpult $24, $7, $3 - zapnot $4, 15, $7 - mulq $8, $7, $0 - srl $28, 32, $1 - addq $6, $1, $6 - cmpult $5, $25, $1 - zapnot $2, 15, $5 - addq $1, $6, $6 - addq $3, $6, $6 - addq $23, $6, $23 - cmpult $23, $6, $1 - srl $4, 32, $6 - mulq $5, $6, $25 - mulq $7, $5, $2 - addq $1, $22, $22 - addq $0, $25, $0 - cmpult $0, $25, $1 - mulq $6, $8, $6 - beq $1, $253 - sll $20, 32, $1 - addq $6, $1, $6 -$253: - sll $0, 32, $25 - addq $2, $25, $2 - bis $2, $2, $7 - addq $24, $7, $24 - stq $24, 40($16) - ldq $4, 48($17) - ldq $5, 0($18) - cmpult $24, $7, $3 - zapnot $4, 15, $7 - srl $5, 32, $8 - mulq $8, $7, $28 - srl $0, 32, $1 - cmpult $2, $25, $2 - addq $6, $1, $6 - addq $2, $6, $6 - addq $3, $6, $6 - addq $23, $6, $23 - cmpult $23, $6, $1 - srl $4, 32, $6 - zapnot $5, 15, $5 - mulq $5, $6, $24 - mulq $7, $5, $2 - addq $1, $22, $22 - addq $28, $24, $28 - cmpult $28, $24, $1 - mulq $6, $8, $6 - beq $1, $257 - sll $20, 32, $1 - addq $6, $1, $6 -$257: - sll $28, 32, $24 - ldq $1, 8($18) - addq $2, $24, $2 - bis $2, $2, $7 - ldq $4, 40($17) - addq $23, $7, $23 - srl $1, 32, $8 - cmpult $23, $7, $3 - zapnot $4, 15, $7 - mulq $8, $7, $25 - zapnot $1, 15, $5 - mulq $7, $5, $0 - srl $28, 32, $1 - cmpult $2, $24, $2 - addq $6, $1, $6 - addq $2, $6, $6 - addq $3, $6, $6 - addq $22, $6, $22 - cmpult $22, $6, $24 - srl $4, 32, $6 - mulq $5, $6, $5 - bis $31, 1, $21 - addq $25, $5, $25 - cmpult $25, $5, $1 - mulq $6, $8, $6 - beq $1, $261 - sll $21, 32, $1 - addq $6, $1, $6 -$261: - sll $25, 32, $5 - ldq $2, 16($18) - addq $0, $5, $0 - bis $0, $0, $7 - ldq $4, 32($17) - addq $23, $7, $23 - srl $2, 32, $8 - cmpult $23, $7, $3 - zapnot $4, 15, $7 - mulq $8, $7, $28 - srl $25, 32, $1 - addq $6, $1, $6 - cmpult $0, $5, $1 - zapnot $2, 15, $5 - addq $1, $6, $6 - addq $3, $6, $6 - addq $22, $6, $22 - cmpult $22, $6, $1 - srl $4, 32, $6 - mulq $5, $6, $25 - mulq $7, $5, $5 - addq $1, $24, $24 - addq $28, $25, $28 - cmpult $28, $25, $1 - mulq $6, $8, $6 - beq $1, $265 - sll $21, 32, $1 - addq $6, $1, $6 -$265: - sll $28, 32, $25 - ldq $2, 24($18) - addq $5, $25, $5 - bis $5, $5, $7 - ldq $4, 24($17) - addq $23, $7, $23 - srl $2, 32, $8 - cmpult $23, $7, $3 - zapnot $4, 15, $7 - mulq $8, $7, $0 - srl $28, 32, $1 - addq $6, $1, $6 - cmpult $5, $25, $1 - zapnot $2, 15, $5 - addq $1, $6, $6 - addq $3, $6, $6 - addq $22, $6, $22 - cmpult $22, $6, $1 - srl $4, 32, $6 - mulq $5, $6, $25 - mulq $7, $5, $5 - addq $1, $24, $24 - addq $0, $25, $0 - cmpult $0, $25, $1 - mulq $6, $8, $6 - beq $1, $269 - sll $21, 32, $1 - addq $6, $1, $6 -$269: - sll $0, 32, $25 - ldq $2, 32($18) - addq $5, $25, $5 - bis $5, $5, $7 - ldq $4, 16($17) - addq $23, $7, $23 - srl $2, 32, $8 - cmpult $23, $7, $3 - zapnot $4, 15, $7 - mulq $8, $7, $28 - srl $0, 32, $1 - addq $6, $1, $6 - cmpult $5, $25, $1 - zapnot $2, 15, $5 - addq $1, $6, $6 - addq $3, $6, $6 - addq $22, $6, $22 - cmpult $22, $6, $1 - srl $4, 32, $6 - mulq $5, $6, $25 - mulq $7, $5, $5 - addq $1, $24, $24 - addq $28, $25, $28 - cmpult $28, $25, $1 - mulq $6, $8, $6 - beq $1, $273 - sll $21, 32, $1 - addq $6, $1, $6 -$273: - sll $28, 32, $25 - ldq $2, 40($18) - addq $5, $25, $5 - bis $5, $5, $7 - ldq $4, 8($17) - addq $23, $7, $23 - srl $2, 32, $8 - cmpult $23, $7, $3 - zapnot $4, 15, $7 - mulq $8, $7, $0 - srl $28, 32, $1 - addq $6, $1, $6 - cmpult $5, $25, $1 - zapnot $2, 15, $5 - addq $1, $6, $6 - addq $3, $6, $6 - addq $22, $6, $22 - cmpult $22, $6, $1 - srl $4, 32, $6 - mulq $5, $6, $25 - mulq $7, $5, $5 - addq $1, $24, $24 - addq $0, $25, $0 - cmpult $0, $25, $1 - mulq $6, $8, $6 - beq $1, $277 - sll $21, 32, $1 - addq $6, $1, $6 -$277: - sll $0, 32, $25 - ldq $2, 48($18) - addq $5, $25, $5 - bis $5, $5, $7 - ldq $4, 0($17) - addq $23, $7, $23 - srl $2, 32, $8 - cmpult $23, $7, $3 - zapnot $4, 15, $7 - mulq $8, $7, $28 - srl $0, 32, $1 - addq $6, $1, $6 - cmpult $5, $25, $1 - zapnot $2, 15, $5 - addq $1, $6, $6 - addq $3, $6, $6 - addq $22, $6, $22 - cmpult $22, $6, $1 - srl $4, 32, $6 - mulq $5, $6, $25 - mulq $7, $5, $2 - addq $1, $24, $24 - addq $28, $25, $28 - cmpult $28, $25, $1 - mulq $6, $8, $6 - beq $1, $281 - sll $21, 32, $1 - addq $6, $1, $6 -$281: - sll $28, 32, $25 - addq $2, $25, $2 - bis $2, $2, $7 - addq $23, $7, $23 - stq $23, 48($16) - ldq $4, 0($17) - ldq $5, 56($18) - cmpult $23, $7, $3 - zapnot $4, 15, $7 - srl $5, 32, $8 - mulq $8, $7, $0 - srl $28, 32, $1 - cmpult $2, $25, $2 - addq $6, $1, $6 - addq $2, $6, $6 - addq $3, $6, $6 - addq $22, $6, $22 - cmpult $22, $6, $1 - srl $4, 32, $6 - zapnot $5, 15, $5 - mulq $5, $6, $23 - mulq $7, $5, $2 - addq $1, $24, $24 - addq $0, $23, $0 - cmpult $0, $23, $1 - mulq $6, $8, $6 - beq $1, $285 - sll $21, 32, $1 - addq $6, $1, $6 -$285: - sll $0, 32, $23 - ldq $1, 48($18) - addq $2, $23, $2 - bis $2, $2, $7 - ldq $4, 8($17) - addq $22, $7, $22 - srl $1, 32, $8 - cmpult $22, $7, $3 - zapnot $4, 15, $7 - mulq $8, $7, $25 - zapnot $1, 15, $5 - mulq $7, $5, $21 - srl $0, 32, $1 - cmpult $2, $23, $2 - addq $6, $1, $6 - addq $2, $6, $6 - addq $3, $6, $6 - addq $24, $6, $24 - cmpult $24, $6, $23 - srl $4, 32, $6 - mulq $5, $6, $5 - bis $31, 1, $20 - addq $25, $5, $25 - cmpult $25, $5, $1 - mulq $6, $8, $6 - beq $1, $289 - sll $20, 32, $1 - addq $6, $1, $6 -$289: - sll $25, 32, $5 - ldq $2, 40($18) - addq $21, $5, $21 - bis $21, $21, $7 - ldq $4, 16($17) - addq $22, $7, $22 - srl $2, 32, $8 - cmpult $22, $7, $3 - zapnot $4, 15, $7 - mulq $8, $7, $28 - srl $25, 32, $1 - addq $6, $1, $6 - cmpult $21, $5, $1 - zapnot $2, 15, $5 - addq $1, $6, $6 - addq $3, $6, $6 - addq $24, $6, $24 - cmpult $24, $6, $1 - srl $4, 32, $6 - mulq $5, $6, $25 - mulq $7, $5, $5 - addq $1, $23, $23 - addq $28, $25, $28 - cmpult $28, $25, $1 - mulq $6, $8, $6 - beq $1, $293 - sll $20, 32, $1 - addq $6, $1, $6 -$293: - sll $28, 32, $25 - ldq $2, 32($18) - addq $5, $25, $5 - bis $5, $5, $7 - ldq $4, 24($17) - addq $22, $7, $22 - srl $2, 32, $8 - cmpult $22, $7, $3 - zapnot $4, 15, $7 - mulq $8, $7, $0 - srl $28, 32, $1 - addq $6, $1, $6 - cmpult $5, $25, $1 - zapnot $2, 15, $5 - addq $1, $6, $6 - addq $3, $6, $6 - addq $24, $6, $24 - cmpult $24, $6, $1 - srl $4, 32, $6 - mulq $5, $6, $25 - mulq $7, $5, $5 - addq $1, $23, $23 - addq $0, $25, $0 - cmpult $0, $25, $1 - mulq $6, $8, $6 - beq $1, $297 - sll $20, 32, $1 - addq $6, $1, $6 -$297: - sll $0, 32, $25 - ldq $2, 24($18) - addq $5, $25, $5 - bis $5, $5, $7 - ldq $4, 32($17) - addq $22, $7, $22 - srl $2, 32, $8 - cmpult $22, $7, $3 - zapnot $4, 15, $7 - mulq $8, $7, $28 - srl $0, 32, $1 - addq $6, $1, $6 - cmpult $5, $25, $1 - zapnot $2, 15, $5 - addq $1, $6, $6 - addq $3, $6, $6 - addq $24, $6, $24 - cmpult $24, $6, $1 - srl $4, 32, $6 - mulq $5, $6, $25 - mulq $7, $5, $5 - addq $1, $23, $23 - addq $28, $25, $28 - cmpult $28, $25, $1 - mulq $6, $8, $6 - beq $1, $301 - sll $20, 32, $1 - addq $6, $1, $6 -$301: - sll $28, 32, $25 - ldq $2, 16($18) - addq $5, $25, $5 - bis $5, $5, $7 - ldq $4, 40($17) - addq $22, $7, $22 - srl $2, 32, $8 - cmpult $22, $7, $3 - zapnot $4, 15, $7 - mulq $8, $7, $0 - srl $28, 32, $1 - addq $6, $1, $6 - cmpult $5, $25, $1 - zapnot $2, 15, $5 - addq $1, $6, $6 - addq $3, $6, $6 - addq $24, $6, $24 - cmpult $24, $6, $1 - srl $4, 32, $6 - mulq $5, $6, $25 - mulq $7, $5, $5 - addq $1, $23, $23 - addq $0, $25, $0 - cmpult $0, $25, $1 - mulq $6, $8, $6 - beq $1, $305 - sll $20, 32, $1 - addq $6, $1, $6 -$305: - sll $0, 32, $25 - ldq $2, 8($18) - addq $5, $25, $5 - bis $5, $5, $7 - ldq $4, 48($17) - addq $22, $7, $22 - srl $2, 32, $8 - cmpult $22, $7, $3 - zapnot $4, 15, $7 - mulq $8, $7, $28 - srl $0, 32, $1 - addq $6, $1, $6 - cmpult $5, $25, $1 - zapnot $2, 15, $5 - addq $1, $6, $6 - addq $3, $6, $6 - addq $24, $6, $24 - cmpult $24, $6, $1 - srl $4, 32, $6 - mulq $5, $6, $25 - mulq $7, $5, $5 - addq $1, $23, $23 - addq $28, $25, $28 - cmpult $28, $25, $1 - mulq $6, $8, $6 - beq $1, $309 - sll $20, 32, $1 - addq $6, $1, $6 -$309: - sll $28, 32, $25 - ldq $2, 0($18) - addq $5, $25, $5 - bis $5, $5, $7 - ldq $4, 56($17) - addq $22, $7, $22 - srl $2, 32, $8 - cmpult $22, $7, $3 - zapnot $4, 15, $7 - mulq $8, $7, $0 - srl $28, 32, $1 - addq $6, $1, $6 - cmpult $5, $25, $1 - zapnot $2, 15, $5 - addq $1, $6, $6 - addq $3, $6, $6 - addq $24, $6, $24 - cmpult $24, $6, $1 - srl $4, 32, $6 - mulq $5, $6, $25 - mulq $7, $5, $2 - addq $1, $23, $23 - addq $0, $25, $0 - cmpult $0, $25, $1 - mulq $6, $8, $6 - beq $1, $313 - sll $20, 32, $1 - addq $6, $1, $6 -$313: - sll $0, 32, $25 - addq $2, $25, $2 - bis $2, $2, $7 - addq $22, $7, $22 - stq $22, 56($16) - ldq $4, 56($17) - ldq $5, 8($18) - cmpult $22, $7, $3 - zapnot $4, 15, $7 - srl $5, 32, $8 - mulq $8, $7, $28 - srl $0, 32, $1 - cmpult $2, $25, $2 - addq $6, $1, $6 - addq $2, $6, $6 - addq $3, $6, $6 - addq $24, $6, $24 - cmpult $24, $6, $1 - srl $4, 32, $6 - zapnot $5, 15, $5 - mulq $5, $6, $22 - mulq $7, $5, $2 - addq $1, $23, $23 - addq $28, $22, $28 - cmpult $28, $22, $1 - mulq $6, $8, $6 - beq $1, $317 - sll $20, 32, $1 - addq $6, $1, $6 -$317: - sll $28, 32, $22 - ldq $1, 16($18) - addq $2, $22, $2 - bis $2, $2, $7 - ldq $4, 48($17) - addq $24, $7, $24 - srl $1, 32, $8 - cmpult $24, $7, $3 - zapnot $4, 15, $7 - mulq $8, $7, $25 - zapnot $1, 15, $5 - mulq $7, $5, $0 - srl $28, 32, $1 - cmpult $2, $22, $2 - addq $6, $1, $6 - addq $2, $6, $6 - addq $3, $6, $6 - addq $23, $6, $23 - cmpult $23, $6, $22 - srl $4, 32, $6 - mulq $5, $6, $5 - bis $31, 1, $21 - addq $25, $5, $25 - cmpult $25, $5, $1 - mulq $6, $8, $6 - beq $1, $321 - sll $21, 32, $1 - addq $6, $1, $6 -$321: - sll $25, 32, $5 - ldq $2, 24($18) - addq $0, $5, $0 - bis $0, $0, $7 - ldq $4, 40($17) - addq $24, $7, $24 - srl $2, 32, $8 - cmpult $24, $7, $3 - zapnot $4, 15, $7 - mulq $8, $7, $28 - srl $25, 32, $1 - addq $6, $1, $6 - cmpult $0, $5, $1 - zapnot $2, 15, $5 - addq $1, $6, $6 - addq $3, $6, $6 - addq $23, $6, $23 - cmpult $23, $6, $1 - srl $4, 32, $6 - mulq $5, $6, $25 - mulq $7, $5, $5 - addq $1, $22, $22 - addq $28, $25, $28 - cmpult $28, $25, $1 - mulq $6, $8, $6 - beq $1, $325 - sll $21, 32, $1 - addq $6, $1, $6 -$325: - sll $28, 32, $25 - ldq $2, 32($18) - addq $5, $25, $5 - bis $5, $5, $7 - ldq $4, 32($17) - addq $24, $7, $24 - srl $2, 32, $8 - cmpult $24, $7, $3 - zapnot $4, 15, $7 - mulq $8, $7, $0 - srl $28, 32, $1 - addq $6, $1, $6 - cmpult $5, $25, $1 - zapnot $2, 15, $5 - addq $1, $6, $6 - addq $3, $6, $6 - addq $23, $6, $23 - cmpult $23, $6, $1 - srl $4, 32, $6 - mulq $5, $6, $25 - mulq $7, $5, $5 - addq $1, $22, $22 - addq $0, $25, $0 - cmpult $0, $25, $1 - mulq $6, $8, $6 - beq $1, $329 - sll $21, 32, $1 - addq $6, $1, $6 -$329: - sll $0, 32, $25 - ldq $2, 40($18) - addq $5, $25, $5 - bis $5, $5, $7 - ldq $4, 24($17) - addq $24, $7, $24 - srl $2, 32, $8 - cmpult $24, $7, $3 - zapnot $4, 15, $7 - mulq $8, $7, $28 - srl $0, 32, $1 - addq $6, $1, $6 - cmpult $5, $25, $1 - zapnot $2, 15, $5 - addq $1, $6, $6 - addq $3, $6, $6 - addq $23, $6, $23 - cmpult $23, $6, $1 - srl $4, 32, $6 - mulq $5, $6, $25 - mulq $7, $5, $5 - addq $1, $22, $22 - addq $28, $25, $28 - cmpult $28, $25, $1 - mulq $6, $8, $6 - beq $1, $333 - sll $21, 32, $1 - addq $6, $1, $6 -$333: - sll $28, 32, $25 - ldq $2, 48($18) - addq $5, $25, $5 - bis $5, $5, $7 - ldq $4, 16($17) - addq $24, $7, $24 - srl $2, 32, $8 - cmpult $24, $7, $3 - zapnot $4, 15, $7 - mulq $8, $7, $0 - srl $28, 32, $1 - addq $6, $1, $6 - cmpult $5, $25, $1 - zapnot $2, 15, $5 - addq $1, $6, $6 - addq $3, $6, $6 - addq $23, $6, $23 - cmpult $23, $6, $1 - srl $4, 32, $6 - mulq $5, $6, $25 - mulq $7, $5, $5 - addq $1, $22, $22 - addq $0, $25, $0 - cmpult $0, $25, $1 - mulq $6, $8, $6 - beq $1, $337 - sll $21, 32, $1 - addq $6, $1, $6 -$337: - sll $0, 32, $25 - ldq $2, 56($18) - addq $5, $25, $5 - bis $5, $5, $7 - ldq $4, 8($17) - addq $24, $7, $24 - srl $2, 32, $8 - cmpult $24, $7, $3 - zapnot $4, 15, $7 - mulq $8, $7, $28 - srl $0, 32, $1 - addq $6, $1, $6 - cmpult $5, $25, $1 - zapnot $2, 15, $5 - addq $1, $6, $6 - addq $3, $6, $6 - addq $23, $6, $23 - cmpult $23, $6, $1 - srl $4, 32, $6 - mulq $5, $6, $25 - mulq $7, $5, $2 - addq $1, $22, $22 - addq $28, $25, $28 - cmpult $28, $25, $1 - mulq $6, $8, $6 - beq $1, $341 - sll $21, 32, $1 - addq $6, $1, $6 -$341: - sll $28, 32, $25 - addq $2, $25, $2 - bis $2, $2, $7 - addq $24, $7, $24 - stq $24, 64($16) - ldq $4, 16($17) - ldq $5, 56($18) - cmpult $24, $7, $3 - zapnot $4, 15, $7 - srl $5, 32, $8 - mulq $8, $7, $0 - srl $28, 32, $1 - cmpult $2, $25, $2 - addq $6, $1, $6 - addq $2, $6, $6 - addq $3, $6, $6 - addq $23, $6, $23 - cmpult $23, $6, $1 - srl $4, 32, $6 - zapnot $5, 15, $5 - mulq $5, $6, $24 - mulq $7, $5, $2 - addq $1, $22, $22 - addq $0, $24, $0 - cmpult $0, $24, $1 - mulq $6, $8, $6 - beq $1, $345 - sll $21, 32, $1 - addq $6, $1, $6 -$345: - sll $0, 32, $24 - ldq $1, 48($18) - addq $2, $24, $2 - bis $2, $2, $7 - ldq $4, 24($17) - addq $23, $7, $23 - srl $1, 32, $8 - cmpult $23, $7, $3 - zapnot $4, 15, $7 - mulq $8, $7, $25 - zapnot $1, 15, $5 - mulq $7, $5, $21 - srl $0, 32, $1 - cmpult $2, $24, $2 - addq $6, $1, $6 - addq $2, $6, $6 - addq $3, $6, $6 - addq $22, $6, $22 - cmpult $22, $6, $24 - srl $4, 32, $6 - mulq $5, $6, $5 - bis $31, 1, $20 - addq $25, $5, $25 - cmpult $25, $5, $1 - mulq $6, $8, $6 - beq $1, $349 - sll $20, 32, $1 - addq $6, $1, $6 -$349: - sll $25, 32, $5 - ldq $2, 40($18) - addq $21, $5, $21 - bis $21, $21, $7 - ldq $4, 32($17) - addq $23, $7, $23 - srl $2, 32, $8 - cmpult $23, $7, $3 - zapnot $4, 15, $7 - mulq $8, $7, $28 - srl $25, 32, $1 - addq $6, $1, $6 - cmpult $21, $5, $1 - zapnot $2, 15, $5 - addq $1, $6, $6 - addq $3, $6, $6 - addq $22, $6, $22 - cmpult $22, $6, $1 - srl $4, 32, $6 - mulq $5, $6, $25 - mulq $7, $5, $5 - addq $1, $24, $24 - addq $28, $25, $28 - cmpult $28, $25, $1 - mulq $6, $8, $6 - beq $1, $353 - sll $20, 32, $1 - addq $6, $1, $6 -$353: - sll $28, 32, $25 - ldq $2, 32($18) - addq $5, $25, $5 - bis $5, $5, $7 - ldq $4, 40($17) - addq $23, $7, $23 - srl $2, 32, $8 - cmpult $23, $7, $3 - zapnot $4, 15, $7 - mulq $8, $7, $0 - srl $28, 32, $1 - addq $6, $1, $6 - cmpult $5, $25, $1 - zapnot $2, 15, $5 - addq $1, $6, $6 - addq $3, $6, $6 - addq $22, $6, $22 - cmpult $22, $6, $1 - srl $4, 32, $6 - mulq $5, $6, $25 - mulq $7, $5, $5 - addq $1, $24, $24 - addq $0, $25, $0 - cmpult $0, $25, $1 - mulq $6, $8, $6 - beq $1, $357 - sll $20, 32, $1 - addq $6, $1, $6 -$357: - sll $0, 32, $25 - ldq $2, 24($18) - addq $5, $25, $5 - bis $5, $5, $7 - ldq $4, 48($17) - addq $23, $7, $23 - srl $2, 32, $8 - cmpult $23, $7, $3 - zapnot $4, 15, $7 - mulq $8, $7, $28 - srl $0, 32, $1 - addq $6, $1, $6 - cmpult $5, $25, $1 - zapnot $2, 15, $5 - addq $1, $6, $6 - addq $3, $6, $6 - addq $22, $6, $22 - cmpult $22, $6, $1 - srl $4, 32, $6 - mulq $5, $6, $25 - mulq $7, $5, $5 - addq $1, $24, $24 - addq $28, $25, $28 - cmpult $28, $25, $1 - mulq $6, $8, $6 - beq $1, $361 - sll $20, 32, $1 - addq $6, $1, $6 -$361: - sll $28, 32, $25 - ldq $2, 16($18) - addq $5, $25, $5 - bis $5, $5, $7 - ldq $4, 56($17) - addq $23, $7, $23 - srl $2, 32, $8 - cmpult $23, $7, $3 - zapnot $4, 15, $7 - mulq $8, $7, $0 - srl $28, 32, $1 - addq $6, $1, $6 - cmpult $5, $25, $1 - zapnot $2, 15, $5 - addq $1, $6, $6 - addq $3, $6, $6 - addq $22, $6, $22 - cmpult $22, $6, $1 - srl $4, 32, $6 - mulq $5, $6, $25 - mulq $7, $5, $2 - addq $1, $24, $24 - addq $0, $25, $0 - cmpult $0, $25, $1 - mulq $6, $8, $6 - beq $1, $365 - sll $20, 32, $1 - addq $6, $1, $6 -$365: - sll $0, 32, $25 - addq $2, $25, $2 - bis $2, $2, $7 - addq $23, $7, $23 - stq $23, 72($16) - ldq $4, 56($17) - ldq $5, 24($18) - cmpult $23, $7, $3 - zapnot $4, 15, $7 - srl $5, 32, $8 - mulq $8, $7, $28 - srl $0, 32, $1 - cmpult $2, $25, $2 - addq $6, $1, $6 - addq $2, $6, $6 - addq $3, $6, $6 - addq $22, $6, $22 - cmpult $22, $6, $1 - srl $4, 32, $6 - zapnot $5, 15, $5 - mulq $5, $6, $23 - mulq $7, $5, $2 - addq $1, $24, $24 - addq $28, $23, $28 - cmpult $28, $23, $1 - mulq $6, $8, $6 - beq $1, $369 - sll $20, 32, $1 - addq $6, $1, $6 -$369: - sll $28, 32, $23 - ldq $1, 32($18) - addq $2, $23, $2 - bis $2, $2, $7 - ldq $4, 48($17) - addq $22, $7, $22 - srl $1, 32, $8 - cmpult $22, $7, $3 - zapnot $4, 15, $7 - mulq $8, $7, $25 - zapnot $1, 15, $5 - mulq $7, $5, $0 - srl $28, 32, $1 - cmpult $2, $23, $2 - addq $6, $1, $6 - addq $2, $6, $6 - addq $3, $6, $6 - addq $24, $6, $24 - cmpult $24, $6, $23 - srl $4, 32, $6 - mulq $5, $6, $5 - bis $31, 1, $21 - addq $25, $5, $25 - cmpult $25, $5, $1 - mulq $6, $8, $6 - beq $1, $373 - sll $21, 32, $1 - addq $6, $1, $6 -$373: - sll $25, 32, $5 - ldq $2, 40($18) - addq $0, $5, $0 - bis $0, $0, $7 - ldq $4, 40($17) - addq $22, $7, $22 - srl $2, 32, $8 - cmpult $22, $7, $3 - zapnot $4, 15, $7 - mulq $8, $7, $28 - srl $25, 32, $1 - addq $6, $1, $6 - cmpult $0, $5, $1 - zapnot $2, 15, $5 - addq $1, $6, $6 - addq $3, $6, $6 - addq $24, $6, $24 - cmpult $24, $6, $1 - srl $4, 32, $6 - mulq $5, $6, $25 - mulq $7, $5, $5 - addq $1, $23, $23 - addq $28, $25, $28 - cmpult $28, $25, $1 - mulq $6, $8, $6 - beq $1, $377 - sll $21, 32, $1 - addq $6, $1, $6 -$377: - sll $28, 32, $25 - ldq $2, 48($18) - addq $5, $25, $5 - bis $5, $5, $7 - ldq $4, 32($17) - addq $22, $7, $22 - srl $2, 32, $8 - cmpult $22, $7, $3 - zapnot $4, 15, $7 - mulq $8, $7, $0 - srl $28, 32, $1 - addq $6, $1, $6 - cmpult $5, $25, $1 - zapnot $2, 15, $5 - addq $1, $6, $6 - addq $3, $6, $6 - addq $24, $6, $24 - cmpult $24, $6, $1 - srl $4, 32, $6 - mulq $5, $6, $25 - mulq $7, $5, $5 - addq $1, $23, $23 - addq $0, $25, $0 - cmpult $0, $25, $1 - mulq $6, $8, $6 - beq $1, $381 - sll $21, 32, $1 - addq $6, $1, $6 -$381: - sll $0, 32, $25 - ldq $2, 56($18) - addq $5, $25, $5 - bis $5, $5, $7 - ldq $4, 24($17) - addq $22, $7, $22 - srl $2, 32, $8 - cmpult $22, $7, $3 - zapnot $4, 15, $7 - mulq $8, $7, $28 - srl $0, 32, $1 - addq $6, $1, $6 - cmpult $5, $25, $1 - zapnot $2, 15, $5 - addq $1, $6, $6 - addq $3, $6, $6 - addq $24, $6, $24 - cmpult $24, $6, $1 - srl $4, 32, $6 - mulq $5, $6, $25 - mulq $7, $5, $2 - addq $1, $23, $23 - addq $28, $25, $28 - cmpult $28, $25, $1 - mulq $6, $8, $6 - beq $1, $385 - sll $21, 32, $1 - addq $6, $1, $6 -$385: - sll $28, 32, $25 - addq $2, $25, $2 - bis $2, $2, $7 - addq $22, $7, $22 - stq $22, 80($16) - ldq $4, 32($17) - ldq $5, 56($18) - cmpult $22, $7, $3 - zapnot $4, 15, $7 - srl $5, 32, $8 - mulq $8, $7, $0 - srl $28, 32, $1 - cmpult $2, $25, $2 - addq $6, $1, $6 - addq $2, $6, $6 - addq $3, $6, $6 - addq $24, $6, $24 - cmpult $24, $6, $1 - srl $4, 32, $6 - zapnot $5, 15, $5 - mulq $5, $6, $22 - mulq $7, $5, $2 - addq $1, $23, $23 - addq $0, $22, $0 - cmpult $0, $22, $1 - mulq $6, $8, $6 - beq $1, $389 - sll $21, 32, $1 - addq $6, $1, $6 -$389: - sll $0, 32, $22 - ldq $1, 48($18) - addq $2, $22, $2 - bis $2, $2, $7 - ldq $4, 40($17) - addq $24, $7, $24 - srl $1, 32, $8 - cmpult $24, $7, $3 - zapnot $4, 15, $7 - mulq $8, $7, $25 - zapnot $1, 15, $5 - mulq $7, $5, $21 - srl $0, 32, $1 - cmpult $2, $22, $2 - addq $6, $1, $6 - addq $2, $6, $6 - addq $3, $6, $6 - addq $23, $6, $23 - cmpult $23, $6, $22 - srl $4, 32, $6 - mulq $5, $6, $5 - bis $31, 1, $20 - addq $25, $5, $25 - cmpult $25, $5, $1 - mulq $6, $8, $6 - beq $1, $393 - sll $20, 32, $1 - addq $6, $1, $6 -$393: - sll $25, 32, $5 - ldq $2, 40($18) - addq $21, $5, $21 - bis $21, $21, $7 - ldq $4, 48($17) - addq $24, $7, $24 - srl $2, 32, $8 - cmpult $24, $7, $3 - zapnot $4, 15, $7 - mulq $8, $7, $28 - srl $25, 32, $1 - addq $6, $1, $6 - cmpult $21, $5, $1 - zapnot $2, 15, $5 - addq $1, $6, $6 - addq $3, $6, $6 - addq $23, $6, $23 - cmpult $23, $6, $1 - srl $4, 32, $6 - mulq $5, $6, $25 - mulq $7, $5, $5 - addq $1, $22, $22 - addq $28, $25, $28 - cmpult $28, $25, $1 - mulq $6, $8, $6 - beq $1, $397 - sll $20, 32, $1 - addq $6, $1, $6 -$397: - sll $28, 32, $25 - ldq $2, 32($18) - addq $5, $25, $5 - bis $5, $5, $7 - ldq $4, 56($17) - addq $24, $7, $24 - srl $2, 32, $8 - cmpult $24, $7, $3 - zapnot $4, 15, $7 - mulq $8, $7, $21 - srl $28, 32, $1 - addq $6, $1, $6 - cmpult $5, $25, $1 - zapnot $2, 15, $5 - addq $1, $6, $6 - addq $3, $6, $6 - addq $23, $6, $23 - cmpult $23, $6, $1 - srl $4, 32, $6 - mulq $5, $6, $25 - mulq $7, $5, $2 - addq $1, $22, $22 - addq $21, $25, $21 - cmpult $21, $25, $1 - mulq $6, $8, $6 - beq $1, $401 - sll $20, 32, $1 - addq $6, $1, $6 -$401: - sll $21, 32, $25 - addq $2, $25, $2 - bis $2, $2, $7 - addq $24, $7, $24 - stq $24, 88($16) - ldq $4, 56($17) - ldq $5, 40($18) - cmpult $24, $7, $3 - zapnot $4, 15, $7 - srl $5, 32, $8 - mulq $8, $7, $0 - srl $21, 32, $1 - cmpult $2, $25, $2 - addq $6, $1, $6 - addq $2, $6, $6 - addq $3, $6, $6 - addq $23, $6, $23 - cmpult $23, $6, $1 - srl $4, 32, $6 - zapnot $5, 15, $5 - mulq $5, $6, $24 - mulq $7, $5, $5 - addq $1, $22, $22 - addq $0, $24, $0 - cmpult $0, $24, $1 - mulq $6, $8, $6 - beq $1, $405 - sll $20, 32, $1 - addq $6, $1, $6 -$405: - sll $0, 32, $24 - ldq $2, 48($18) - addq $5, $24, $5 - bis $5, $5, $7 - ldq $4, 48($17) - addq $23, $7, $23 - srl $2, 32, $8 - cmpult $23, $7, $3 - zapnot $4, 15, $7 - mulq $8, $7, $28 - srl $0, 32, $1 - addq $6, $1, $6 - cmpult $5, $24, $1 - zapnot $2, 15, $5 - addq $1, $6, $6 - addq $3, $6, $6 - addq $22, $6, $22 - cmpult $22, $6, $24 - srl $4, 32, $6 - mulq $5, $6, $25 - mulq $7, $5, $5 - addq $28, $25, $28 - cmpult $28, $25, $1 - mulq $6, $8, $6 - beq $1, $409 - sll $20, 32, $1 - addq $6, $1, $6 -$409: - sll $28, 32, $25 - ldq $2, 56($18) - addq $5, $25, $5 - bis $5, $5, $7 - ldq $4, 40($17) - addq $23, $7, $23 - srl $2, 32, $8 - cmpult $23, $7, $3 - zapnot $4, 15, $7 - mulq $8, $7, $0 - srl $28, 32, $1 - addq $6, $1, $6 - cmpult $5, $25, $1 - zapnot $2, 15, $5 - addq $1, $6, $6 - addq $3, $6, $6 - addq $22, $6, $22 - cmpult $22, $6, $1 - srl $4, 32, $6 - mulq $5, $6, $25 - mulq $7, $5, $2 - addq $1, $24, $24 - addq $0, $25, $0 - cmpult $0, $25, $1 - mulq $6, $8, $6 - beq $1, $413 - sll $20, 32, $1 - addq $6, $1, $6 -$413: - sll $0, 32, $25 - addq $2, $25, $2 - bis $2, $2, $7 - addq $23, $7, $23 - stq $23, 96($16) - ldq $4, 48($17) - ldq $5, 56($18) - cmpult $23, $7, $3 - zapnot $4, 15, $7 - srl $5, 32, $8 - mulq $8, $7, $28 - srl $0, 32, $1 - cmpult $2, $25, $2 - addq $6, $1, $6 - addq $2, $6, $6 - addq $3, $6, $6 - addq $22, $6, $22 - cmpult $22, $6, $1 - srl $4, 32, $6 - zapnot $5, 15, $5 - mulq $5, $6, $23 - mulq $7, $5, $5 - addq $1, $24, $24 - addq $28, $23, $28 - cmpult $28, $23, $1 - mulq $6, $8, $6 - beq $1, $417 - sll $20, 32, $1 - addq $6, $1, $6 -$417: - sll $28, 32, $23 - ldq $2, 48($18) - addq $5, $23, $5 - bis $5, $5, $7 - ldq $4, 56($17) - addq $22, $7, $22 - srl $2, 32, $8 - cmpult $22, $7, $3 - zapnot $4, 15, $7 - mulq $8, $7, $0 - srl $28, 32, $1 - addq $6, $1, $6 - cmpult $5, $23, $1 - zapnot $2, 15, $5 - addq $1, $6, $6 - addq $3, $6, $6 - addq $24, $6, $24 - cmpult $24, $6, $23 - srl $4, 32, $6 - mulq $5, $6, $25 - mulq $7, $5, $2 - addq $0, $25, $0 - cmpult $0, $25, $1 - mulq $6, $8, $6 - beq $1, $421 - sll $20, 32, $1 - addq $6, $1, $6 -$421: - sll $0, 32, $25 - addq $2, $25, $2 - bis $2, $2, $7 - addq $22, $7, $22 - stq $22, 104($16) - ldq $4, 56($17) - ldq $5, 56($18) - cmpult $22, $7, $3 - zapnot $4, 15, $7 - srl $5, 32, $8 - mulq $8, $7, $28 - srl $0, 32, $1 - cmpult $2, $25, $2 - addq $6, $1, $6 - addq $2, $6, $6 - addq $3, $6, $6 - addq $24, $6, $24 - cmpult $24, $6, $1 - srl $4, 32, $6 - zapnot $5, 15, $5 - mulq $5, $6, $22 - mulq $7, $5, $2 - addq $1, $23, $23 - addq $28, $22, $28 - cmpult $28, $22, $1 - mulq $6, $8, $3 - beq $1, $425 - sll $20, 32, $1 - addq $3, $1, $3 -$425: - sll $28, 32, $22 - srl $28, 32, $1 - addq $2, $22, $2 - addq $3, $1, $3 - bis $2, $2, $7 - addq $24, $7, $24 - cmpult $7, $22, $1 - cmpult $24, $7, $2 - addq $1, $3, $6 - addq $2, $6, $6 - stq $24, 112($16) - addq $23, $6, $23 - stq $23, 120($16) - ret $31, ($26), 1 - .end bn_mul_comba8 - .text - .align 3 - .globl bn_sqr_comba4 - .ent bn_sqr_comba4 -bn_sqr_comba4: -bn_sqr_comba4..ng: - .frame $30,0,$26,0 - .prologue 0 - - ldq $0, 0($17) - ldq $1, 8($17) - ldq $2, 16($17) - ldq $3, 24($17) - bis $31, $31, $6 - mulq $0, $0, $4 - umulh $0, $0, $5 - stq $4, 0($16) - bis $31, $31, $4 - mulq $0, $1, $7 - umulh $0, $1, $8 - cmplt $7, $31, $22 - cmplt $8, $31, $23 - addq $7, $7, $7 - addq $8, $8, $8 - addq $8, $22, $8 - addq $4, $23, $4 - addq $5, $7, $5 - addq $6, $8, $6 - cmpult $5, $7, $24 - cmpult $6, $8, $25 - addq $6, $24, $6 - addq $4, $25, $4 - stq $5, 8($16) - bis $31, $31, $5 - mulq $1, $1, $27 - umulh $1, $1, $28 - addq $6, $27, $6 - addq $4, $28, $4 - cmpult $6, $27, $21 - cmpult $4, $28, $20 - addq $4, $21, $4 - addq $5, $20, $5 - mulq $2, $0, $19 - umulh $2, $0, $18 - cmplt $19, $31, $17 - cmplt $18, $31, $22 - addq $19, $19, $19 - addq $18, $18, $18 - addq $18, $17, $18 - addq $5, $22, $5 - addq $6, $19, $6 - addq $4, $18, $4 - cmpult $6, $19, $23 - cmpult $4, $18, $7 - addq $4, $23, $4 - addq $5, $7, $5 - stq $6, 16($16) - bis $31, $31, $6 - mulq $3, $0, $8 - umulh $3, $0, $24 - cmplt $8, $31, $25 - cmplt $24, $31, $27 - addq $8, $8, $8 - addq $24, $24, $24 - addq $24, $25, $24 - addq $6, $27, $6 - addq $4, $8, $4 - addq $5, $24, $5 - cmpult $4, $8, $28 - cmpult $5, $24, $21 - addq $5, $28, $5 - addq $6, $21, $6 - mulq $2, $1, $20 - umulh $2, $1, $17 - cmplt $20, $31, $22 - cmplt $17, $31, $19 - addq $20, $20, $20 - addq $17, $17, $17 - addq $17, $22, $17 - addq $6, $19, $6 - addq $4, $20, $4 - addq $5, $17, $5 - cmpult $4, $20, $18 - cmpult $5, $17, $23 - addq $5, $18, $5 - addq $6, $23, $6 - stq $4, 24($16) - bis $31, $31, $4 - mulq $2, $2, $7 - umulh $2, $2, $25 - addq $5, $7, $5 - addq $6, $25, $6 - cmpult $5, $7, $27 - cmpult $6, $25, $8 - addq $6, $27, $6 - addq $4, $8, $4 - mulq $3, $1, $24 - umulh $3, $1, $28 - cmplt $24, $31, $21 - cmplt $28, $31, $22 - addq $24, $24, $24 - addq $28, $28, $28 - addq $28, $21, $28 - addq $4, $22, $4 - addq $5, $24, $5 - addq $6, $28, $6 - cmpult $5, $24, $19 - cmpult $6, $28, $20 - addq $6, $19, $6 - addq $4, $20, $4 - stq $5, 32($16) - bis $31, $31, $5 - mulq $3, $2, $17 - umulh $3, $2, $18 - cmplt $17, $31, $23 - cmplt $18, $31, $7 - addq $17, $17, $17 - addq $18, $18, $18 - addq $18, $23, $18 - addq $5, $7, $5 - addq $6, $17, $6 - addq $4, $18, $4 - cmpult $6, $17, $25 - cmpult $4, $18, $27 - addq $4, $25, $4 - addq $5, $27, $5 - stq $6, 40($16) - bis $31, $31, $6 - mulq $3, $3, $8 - umulh $3, $3, $21 - addq $4, $8, $4 - addq $5, $21, $5 - cmpult $4, $8, $22 - cmpult $5, $21, $24 - addq $5, $22, $5 - addq $6, $24, $6 - stq $4, 48($16) - stq $5, 56($16) - ret $31,($26),1 - .end bn_sqr_comba4 - .text - .align 3 - .globl bn_sqr_comba8 - .ent bn_sqr_comba8 -bn_sqr_comba8: -bn_sqr_comba8..ng: - .frame $30,0,$26,0 - .prologue 0 - - ldq $0, 0($17) - ldq $1, 8($17) - ldq $2, 16($17) - ldq $3, 24($17) - ldq $4, 32($17) - ldq $5, 40($17) - ldq $6, 48($17) - ldq $7, 56($17) - bis $31, $31, $23 - mulq $0, $0, $8 - umulh $0, $0, $22 - stq $8, 0($16) - bis $31, $31, $8 - mulq $1, $0, $24 - umulh $1, $0, $25 - cmplt $24, $31, $27 - cmplt $25, $31, $28 - addq $24, $24, $24 - addq $25, $25, $25 - addq $25, $27, $25 - addq $8, $28, $8 - addq $22, $24, $22 - addq $23, $25, $23 - cmpult $22, $24, $21 - cmpult $23, $25, $20 - addq $23, $21, $23 - addq $8, $20, $8 - stq $22, 8($16) - bis $31, $31, $22 - mulq $1, $1, $19 - umulh $1, $1, $18 - addq $23, $19, $23 - addq $8, $18, $8 - cmpult $23, $19, $17 - cmpult $8, $18, $27 - addq $8, $17, $8 - addq $22, $27, $22 - mulq $2, $0, $28 - umulh $2, $0, $24 - cmplt $28, $31, $25 - cmplt $24, $31, $21 - addq $28, $28, $28 - addq $24, $24, $24 - addq $24, $25, $24 - addq $22, $21, $22 - addq $23, $28, $23 - addq $8, $24, $8 - cmpult $23, $28, $20 - cmpult $8, $24, $19 - addq $8, $20, $8 - addq $22, $19, $22 - stq $23, 16($16) - bis $31, $31, $23 - mulq $2, $1, $18 - umulh $2, $1, $17 - cmplt $18, $31, $27 - cmplt $17, $31, $25 - addq $18, $18, $18 - addq $17, $17, $17 - addq $17, $27, $17 - addq $23, $25, $23 - addq $8, $18, $8 - addq $22, $17, $22 - cmpult $8, $18, $21 - cmpult $22, $17, $28 - addq $22, $21, $22 - addq $23, $28, $23 - mulq $3, $0, $24 - umulh $3, $0, $20 - cmplt $24, $31, $19 - cmplt $20, $31, $27 - addq $24, $24, $24 - addq $20, $20, $20 - addq $20, $19, $20 - addq $23, $27, $23 - addq $8, $24, $8 - addq $22, $20, $22 - cmpult $8, $24, $25 - cmpult $22, $20, $18 - addq $22, $25, $22 - addq $23, $18, $23 - stq $8, 24($16) - bis $31, $31, $8 - mulq $2, $2, $17 - umulh $2, $2, $21 - addq $22, $17, $22 - addq $23, $21, $23 - cmpult $22, $17, $28 - cmpult $23, $21, $19 - addq $23, $28, $23 - addq $8, $19, $8 - mulq $3, $1, $27 - umulh $3, $1, $24 - cmplt $27, $31, $20 - cmplt $24, $31, $25 - addq $27, $27, $27 - addq $24, $24, $24 - addq $24, $20, $24 - addq $8, $25, $8 - addq $22, $27, $22 - addq $23, $24, $23 - cmpult $22, $27, $18 - cmpult $23, $24, $17 - addq $23, $18, $23 - addq $8, $17, $8 - mulq $4, $0, $21 - umulh $4, $0, $28 - cmplt $21, $31, $19 - cmplt $28, $31, $20 - addq $21, $21, $21 - addq $28, $28, $28 - addq $28, $19, $28 - addq $8, $20, $8 - addq $22, $21, $22 - addq $23, $28, $23 - cmpult $22, $21, $25 - cmpult $23, $28, $27 - addq $23, $25, $23 - addq $8, $27, $8 - stq $22, 32($16) - bis $31, $31, $22 - mulq $3, $2, $24 - umulh $3, $2, $18 - cmplt $24, $31, $17 - cmplt $18, $31, $19 - addq $24, $24, $24 - addq $18, $18, $18 - addq $18, $17, $18 - addq $22, $19, $22 - addq $23, $24, $23 - addq $8, $18, $8 - cmpult $23, $24, $20 - cmpult $8, $18, $21 - addq $8, $20, $8 - addq $22, $21, $22 - mulq $4, $1, $28 - umulh $4, $1, $25 - cmplt $28, $31, $27 - cmplt $25, $31, $17 - addq $28, $28, $28 - addq $25, $25, $25 - addq $25, $27, $25 - addq $22, $17, $22 - addq $23, $28, $23 - addq $8, $25, $8 - cmpult $23, $28, $19 - cmpult $8, $25, $24 - addq $8, $19, $8 - addq $22, $24, $22 - mulq $5, $0, $18 - umulh $5, $0, $20 - cmplt $18, $31, $21 - cmplt $20, $31, $27 - addq $18, $18, $18 - addq $20, $20, $20 - addq $20, $21, $20 - addq $22, $27, $22 - addq $23, $18, $23 - addq $8, $20, $8 - cmpult $23, $18, $17 - cmpult $8, $20, $28 - addq $8, $17, $8 - addq $22, $28, $22 - stq $23, 40($16) - bis $31, $31, $23 - mulq $3, $3, $25 - umulh $3, $3, $19 - addq $8, $25, $8 - addq $22, $19, $22 - cmpult $8, $25, $24 - cmpult $22, $19, $21 - addq $22, $24, $22 - addq $23, $21, $23 - mulq $4, $2, $27 - umulh $4, $2, $18 - cmplt $27, $31, $20 - cmplt $18, $31, $17 - addq $27, $27, $27 - addq $18, $18, $18 - addq $18, $20, $18 - addq $23, $17, $23 - addq $8, $27, $8 - addq $22, $18, $22 - cmpult $8, $27, $28 - cmpult $22, $18, $25 - addq $22, $28, $22 - addq $23, $25, $23 - mulq $5, $1, $19 - umulh $5, $1, $24 - cmplt $19, $31, $21 - cmplt $24, $31, $20 - addq $19, $19, $19 - addq $24, $24, $24 - addq $24, $21, $24 - addq $23, $20, $23 - addq $8, $19, $8 - addq $22, $24, $22 - cmpult $8, $19, $17 - cmpult $22, $24, $27 - addq $22, $17, $22 - addq $23, $27, $23 - mulq $6, $0, $18 - umulh $6, $0, $28 - cmplt $18, $31, $25 - cmplt $28, $31, $21 - addq $18, $18, $18 - addq $28, $28, $28 - addq $28, $25, $28 - addq $23, $21, $23 - addq $8, $18, $8 - addq $22, $28, $22 - cmpult $8, $18, $20 - cmpult $22, $28, $19 - addq $22, $20, $22 - addq $23, $19, $23 - stq $8, 48($16) - bis $31, $31, $8 - mulq $4, $3, $24 - umulh $4, $3, $17 - cmplt $24, $31, $27 - cmplt $17, $31, $25 - addq $24, $24, $24 - addq $17, $17, $17 - addq $17, $27, $17 - addq $8, $25, $8 - addq $22, $24, $22 - addq $23, $17, $23 - cmpult $22, $24, $21 - cmpult $23, $17, $18 - addq $23, $21, $23 - addq $8, $18, $8 - mulq $5, $2, $28 - umulh $5, $2, $20 - cmplt $28, $31, $19 - cmplt $20, $31, $27 - addq $28, $28, $28 - addq $20, $20, $20 - addq $20, $19, $20 - addq $8, $27, $8 - addq $22, $28, $22 - addq $23, $20, $23 - cmpult $22, $28, $25 - cmpult $23, $20, $24 - addq $23, $25, $23 - addq $8, $24, $8 - mulq $6, $1, $17 - umulh $6, $1, $21 - cmplt $17, $31, $18 - cmplt $21, $31, $19 - addq $17, $17, $17 - addq $21, $21, $21 - addq $21, $18, $21 - addq $8, $19, $8 - addq $22, $17, $22 - addq $23, $21, $23 - cmpult $22, $17, $27 - cmpult $23, $21, $28 - addq $23, $27, $23 - addq $8, $28, $8 - mulq $7, $0, $20 - umulh $7, $0, $25 - cmplt $20, $31, $24 - cmplt $25, $31, $18 - addq $20, $20, $20 - addq $25, $25, $25 - addq $25, $24, $25 - addq $8, $18, $8 - addq $22, $20, $22 - addq $23, $25, $23 - cmpult $22, $20, $19 - cmpult $23, $25, $17 - addq $23, $19, $23 - addq $8, $17, $8 - stq $22, 56($16) - bis $31, $31, $22 - mulq $4, $4, $21 - umulh $4, $4, $27 - addq $23, $21, $23 - addq $8, $27, $8 - cmpult $23, $21, $28 - cmpult $8, $27, $24 - addq $8, $28, $8 - addq $22, $24, $22 - mulq $5, $3, $18 - umulh $5, $3, $20 - cmplt $18, $31, $25 - cmplt $20, $31, $19 - addq $18, $18, $18 - addq $20, $20, $20 - addq $20, $25, $20 - addq $22, $19, $22 - addq $23, $18, $23 - addq $8, $20, $8 - cmpult $23, $18, $17 - cmpult $8, $20, $21 - addq $8, $17, $8 - addq $22, $21, $22 - mulq $6, $2, $27 - umulh $6, $2, $28 - cmplt $27, $31, $24 - cmplt $28, $31, $25 - addq $27, $27, $27 - addq $28, $28, $28 - addq $28, $24, $28 - addq $22, $25, $22 - addq $23, $27, $23 - addq $8, $28, $8 - cmpult $23, $27, $19 - cmpult $8, $28, $18 - addq $8, $19, $8 - addq $22, $18, $22 - mulq $7, $1, $20 - umulh $7, $1, $17 - cmplt $20, $31, $21 - cmplt $17, $31, $24 - addq $20, $20, $20 - addq $17, $17, $17 - addq $17, $21, $17 - addq $22, $24, $22 - addq $23, $20, $23 - addq $8, $17, $8 - cmpult $23, $20, $25 - cmpult $8, $17, $27 - addq $8, $25, $8 - addq $22, $27, $22 - stq $23, 64($16) - bis $31, $31, $23 - mulq $5, $4, $28 - umulh $5, $4, $19 - cmplt $28, $31, $18 - cmplt $19, $31, $21 - addq $28, $28, $28 - addq $19, $19, $19 - addq $19, $18, $19 - addq $23, $21, $23 - addq $8, $28, $8 - addq $22, $19, $22 - cmpult $8, $28, $24 - cmpult $22, $19, $20 - addq $22, $24, $22 - addq $23, $20, $23 - mulq $6, $3, $17 - umulh $6, $3, $25 - cmplt $17, $31, $27 - cmplt $25, $31, $18 - addq $17, $17, $17 - addq $25, $25, $25 - addq $25, $27, $25 - addq $23, $18, $23 - addq $8, $17, $8 - addq $22, $25, $22 - cmpult $8, $17, $21 - cmpult $22, $25, $28 - addq $22, $21, $22 - addq $23, $28, $23 - mulq $7, $2, $19 - umulh $7, $2, $24 - cmplt $19, $31, $20 - cmplt $24, $31, $27 - addq $19, $19, $19 - addq $24, $24, $24 - addq $24, $20, $24 - addq $23, $27, $23 - addq $8, $19, $8 - addq $22, $24, $22 - cmpult $8, $19, $18 - cmpult $22, $24, $17 - addq $22, $18, $22 - addq $23, $17, $23 - stq $8, 72($16) - bis $31, $31, $8 - mulq $5, $5, $25 - umulh $5, $5, $21 - addq $22, $25, $22 - addq $23, $21, $23 - cmpult $22, $25, $28 - cmpult $23, $21, $20 - addq $23, $28, $23 - addq $8, $20, $8 - mulq $6, $4, $27 - umulh $6, $4, $19 - cmplt $27, $31, $24 - cmplt $19, $31, $18 - addq $27, $27, $27 - addq $19, $19, $19 - addq $19, $24, $19 - addq $8, $18, $8 - addq $22, $27, $22 - addq $23, $19, $23 - cmpult $22, $27, $17 - cmpult $23, $19, $25 - addq $23, $17, $23 - addq $8, $25, $8 - mulq $7, $3, $21 - umulh $7, $3, $28 - cmplt $21, $31, $20 - cmplt $28, $31, $24 - addq $21, $21, $21 - addq $28, $28, $28 - addq $28, $20, $28 - addq $8, $24, $8 - addq $22, $21, $22 - addq $23, $28, $23 - cmpult $22, $21, $18 - cmpult $23, $28, $27 - addq $23, $18, $23 - addq $8, $27, $8 - stq $22, 80($16) - bis $31, $31, $22 - mulq $6, $5, $19 - umulh $6, $5, $17 - cmplt $19, $31, $25 - cmplt $17, $31, $20 - addq $19, $19, $19 - addq $17, $17, $17 - addq $17, $25, $17 - addq $22, $20, $22 - addq $23, $19, $23 - addq $8, $17, $8 - cmpult $23, $19, $24 - cmpult $8, $17, $21 - addq $8, $24, $8 - addq $22, $21, $22 - mulq $7, $4, $28 - umulh $7, $4, $18 - cmplt $28, $31, $27 - cmplt $18, $31, $25 - addq $28, $28, $28 - addq $18, $18, $18 - addq $18, $27, $18 - addq $22, $25, $22 - addq $23, $28, $23 - addq $8, $18, $8 - cmpult $23, $28, $20 - cmpult $8, $18, $19 - addq $8, $20, $8 - addq $22, $19, $22 - stq $23, 88($16) - bis $31, $31, $23 - mulq $6, $6, $17 - umulh $6, $6, $24 - addq $8, $17, $8 - addq $22, $24, $22 - cmpult $8, $17, $21 - cmpult $22, $24, $27 - addq $22, $21, $22 - addq $23, $27, $23 - mulq $7, $5, $25 - umulh $7, $5, $28 - cmplt $25, $31, $18 - cmplt $28, $31, $20 - addq $25, $25, $25 - addq $28, $28, $28 - addq $28, $18, $28 - addq $23, $20, $23 - addq $8, $25, $8 - addq $22, $28, $22 - cmpult $8, $25, $19 - cmpult $22, $28, $17 - addq $22, $19, $22 - addq $23, $17, $23 - stq $8, 96($16) - bis $31, $31, $8 - mulq $7, $6, $24 - umulh $7, $6, $21 - cmplt $24, $31, $27 - cmplt $21, $31, $18 - addq $24, $24, $24 - addq $21, $21, $21 - addq $21, $27, $21 - addq $8, $18, $8 - addq $22, $24, $22 - addq $23, $21, $23 - cmpult $22, $24, $20 - cmpult $23, $21, $25 - addq $23, $20, $23 - addq $8, $25, $8 - stq $22, 104($16) - bis $31, $31, $22 - mulq $7, $7, $28 - umulh $7, $7, $19 - addq $23, $28, $23 - addq $8, $19, $8 - cmpult $23, $28, $17 - cmpult $8, $19, $27 - addq $8, $17, $8 - addq $22, $27, $22 - stq $23, 112($16) - stq $8, 120($16) - ret $31,($26),1 - .end bn_sqr_comba8 diff --git a/src/lib/libcrypto/bn/asm/alpha.s.works b/src/lib/libcrypto/bn/asm/alpha.s.works deleted file mode 100644 index ee6c5878099..00000000000 --- a/src/lib/libcrypto/bn/asm/alpha.s.works +++ /dev/null @@ -1,533 +0,0 @@ - - # DEC Alpha assember - # The bn_div64 is actually gcc output but the other parts are hand done. - # Thanks to tzeruch@ceddec.com for sending me the gcc output for - # bn_div64. - # I've gone back and re-done most of routines. - # The key thing to remeber for the 164 CPU is that while a - # multiply operation takes 8 cycles, another one can only be issued - # after 4 cycles have elapsed. I've done modification to help - # improve this. Also, normally, a ld instruction will not be available - # for about 3 cycles. - .file 1 "bn_asm.c" - .set noat -gcc2_compiled.: -__gnu_compiled_c: - .text - .align 3 - .globl bn_mul_add_words - .ent bn_mul_add_words -bn_mul_add_words: -bn_mul_add_words..ng: - .frame $30,0,$26,0 - .prologue 0 - .align 5 - subq $18,4,$18 - bis $31,$31,$0 - blt $18,$43 # if we are -1, -2, -3 or -4 goto tail code - ldq $20,0($17) # 1 1 - ldq $1,0($16) # 1 1 - .align 3 -$42: - mulq $20,$19,$5 # 1 2 1 ###### - ldq $21,8($17) # 2 1 - ldq $2,8($16) # 2 1 - umulh $20,$19,$20 # 1 2 ###### - ldq $27,16($17) # 3 1 - ldq $3,16($16) # 3 1 - mulq $21,$19,$6 # 2 2 1 ###### - ldq $28,24($17) # 4 1 - addq $1,$5,$1 # 1 2 2 - ldq $4,24($16) # 4 1 - umulh $21,$19,$21 # 2 2 ###### - cmpult $1,$5,$22 # 1 2 3 1 - addq $20,$22,$20 # 1 3 1 - addq $1,$0,$1 # 1 2 3 1 - mulq $27,$19,$7 # 3 2 1 ###### - cmpult $1,$0,$0 # 1 2 3 2 - addq $2,$6,$2 # 2 2 2 - addq $20,$0,$0 # 1 3 2 - cmpult $2,$6,$23 # 2 2 3 1 - addq $21,$23,$21 # 2 3 1 - umulh $27,$19,$27 # 3 2 ###### - addq $2,$0,$2 # 2 2 3 1 - cmpult $2,$0,$0 # 2 2 3 2 - subq $18,4,$18 - mulq $28,$19,$8 # 4 2 1 ###### - addq $21,$0,$0 # 2 3 2 - addq $3,$7,$3 # 3 2 2 - addq $16,32,$16 - cmpult $3,$7,$24 # 3 2 3 1 - stq $1,-32($16) # 1 2 4 - umulh $28,$19,$28 # 4 2 ###### - addq $27,$24,$27 # 3 3 1 - addq $3,$0,$3 # 3 2 3 1 - stq $2,-24($16) # 2 2 4 - cmpult $3,$0,$0 # 3 2 3 2 - stq $3,-16($16) # 3 2 4 - addq $4,$8,$4 # 4 2 2 - addq $27,$0,$0 # 3 3 2 - cmpult $4,$8,$25 # 4 2 3 1 - addq $17,32,$17 - addq $28,$25,$28 # 4 3 1 - addq $4,$0,$4 # 4 2 3 1 - cmpult $4,$0,$0 # 4 2 3 2 - stq $4,-8($16) # 4 2 4 - addq $28,$0,$0 # 4 3 2 - blt $18,$43 - - ldq $20,0($17) # 1 1 - ldq $1,0($16) # 1 1 - - br $42 - - .align 4 -$45: - ldq $20,0($17) # 4 1 - ldq $1,0($16) # 4 1 - mulq $20,$19,$5 # 4 2 1 - subq $18,1,$18 - addq $16,8,$16 - addq $17,8,$17 - umulh $20,$19,$20 # 4 2 - addq $1,$5,$1 # 4 2 2 - cmpult $1,$5,$22 # 4 2 3 1 - addq $20,$22,$20 # 4 3 1 - addq $1,$0,$1 # 4 2 3 1 - cmpult $1,$0,$0 # 4 2 3 2 - addq $20,$0,$0 # 4 3 2 - stq $1,-8($16) # 4 2 4 - bgt $18,$45 - ret $31,($26),1 # else exit - - .align 4 -$43: - addq $18,4,$18 - bgt $18,$45 # goto tail code - ret $31,($26),1 # else exit - - .end bn_mul_add_words - .align 3 - .globl bn_mul_words - .ent bn_mul_words -bn_mul_words: -bn_mul_words..ng: - .frame $30,0,$26,0 - .prologue 0 - .align 5 - subq $18,4,$18 - bis $31,$31,$0 - blt $18,$143 # if we are -1, -2, -3 or -4 goto tail code - ldq $20,0($17) # 1 1 - .align 3 -$142: - - mulq $20,$19,$5 # 1 2 1 ##### - ldq $21,8($17) # 2 1 - ldq $27,16($17) # 3 1 - umulh $20,$19,$20 # 1 2 ##### - ldq $28,24($17) # 4 1 - mulq $21,$19,$6 # 2 2 1 ##### - addq $5,$0,$5 # 1 2 3 1 - subq $18,4,$18 - cmpult $5,$0,$0 # 1 2 3 2 - umulh $21,$19,$21 # 2 2 ##### - addq $20,$0,$0 # 1 3 2 - addq $17,32,$17 - addq $6,$0,$6 # 2 2 3 1 - mulq $27,$19,$7 # 3 2 1 ##### - cmpult $6,$0,$0 # 2 2 3 2 - addq $21,$0,$0 # 2 3 2 - addq $16,32,$16 - umulh $27,$19,$27 # 3 2 ##### - stq $5,-32($16) # 1 2 4 - mulq $28,$19,$8 # 4 2 1 ##### - addq $7,$0,$7 # 3 2 3 1 - stq $6,-24($16) # 2 2 4 - cmpult $7,$0,$0 # 3 2 3 2 - umulh $28,$19,$28 # 4 2 ##### - addq $27,$0,$0 # 3 3 2 - stq $7,-16($16) # 3 2 4 - addq $8,$0,$8 # 4 2 3 1 - cmpult $8,$0,$0 # 4 2 3 2 - - addq $28,$0,$0 # 4 3 2 - - stq $8,-8($16) # 4 2 4 - - blt $18,$143 - - ldq $20,0($17) # 1 1 - - br $142 - - .align 4 -$145: - ldq $20,0($17) # 4 1 - mulq $20,$19,$5 # 4 2 1 - subq $18,1,$18 - umulh $20,$19,$20 # 4 2 - addq $5,$0,$5 # 4 2 3 1 - addq $16,8,$16 - cmpult $5,$0,$0 # 4 2 3 2 - addq $17,8,$17 - addq $20,$0,$0 # 4 3 2 - stq $5,-8($16) # 4 2 4 - - bgt $18,$145 - ret $31,($26),1 # else exit - - .align 4 -$143: - addq $18,4,$18 - bgt $18,$145 # goto tail code - ret $31,($26),1 # else exit - - .end bn_mul_words - .align 3 - .globl bn_sqr_words - .ent bn_sqr_words -bn_sqr_words: -bn_sqr_words..ng: - .frame $30,0,$26,0 - .prologue 0 - - subq $18,4,$18 - blt $18,$543 # if we are -1, -2, -3 or -4 goto tail code - ldq $20,0($17) # 1 1 - .align 3 -$542: - mulq $20,$20,$5 ###### - ldq $21,8($17) # 1 1 - subq $18,4 - umulh $20,$20,$1 ###### - ldq $27,16($17) # 1 1 - mulq $21,$21,$6 ###### - ldq $28,24($17) # 1 1 - stq $5,0($16) # r[0] - umulh $21,$21,$2 ###### - stq $1,8($16) # r[1] - mulq $27,$27,$7 ###### - stq $6,16($16) # r[0] - umulh $27,$27,$3 ###### - stq $2,24($16) # r[1] - mulq $28,$28,$8 ###### - stq $7,32($16) # r[0] - umulh $28,$28,$4 ###### - stq $3,40($16) # r[1] - - addq $16,64,$16 - addq $17,32,$17 - stq $8,-16($16) # r[0] - stq $4,-8($16) # r[1] - - blt $18,$543 - ldq $20,0($17) # 1 1 - br $542 - -$442: - ldq $20,0($17) # a[0] - mulq $20,$20,$5 # a[0]*w low part r2 - addq $16,16,$16 - addq $17,8,$17 - subq $18,1,$18 - umulh $20,$20,$1 # a[0]*w high part r3 - stq $5,-16($16) # r[0] - stq $1,-8($16) # r[1] - - bgt $18,$442 - ret $31,($26),1 # else exit - - .align 4 -$543: - addq $18,4,$18 - bgt $18,$442 # goto tail code - ret $31,($26),1 # else exit - .end bn_sqr_words - - .align 3 - .globl bn_add_words - .ent bn_add_words -bn_add_words: -bn_add_words..ng: - .frame $30,0,$26,0 - .prologue 0 - - subq $19,4,$19 - bis $31,$31,$0 # carry = 0 - blt $19,$900 - ldq $5,0($17) # a[0] - ldq $1,0($18) # b[1] - .align 3 -$901: - addq $1,$5,$1 # r=a+b; - ldq $6,8($17) # a[1] - cmpult $1,$5,$22 # did we overflow? - ldq $2,8($18) # b[1] - addq $1,$0,$1 # c+= overflow - ldq $7,16($17) # a[2] - cmpult $1,$0,$0 # overflow? - ldq $3,16($18) # b[2] - addq $0,$22,$0 - ldq $8,24($17) # a[3] - addq $2,$6,$2 # r=a+b; - ldq $4,24($18) # b[3] - cmpult $2,$6,$23 # did we overflow? - addq $3,$7,$3 # r=a+b; - addq $2,$0,$2 # c+= overflow - cmpult $3,$7,$24 # did we overflow? - cmpult $2,$0,$0 # overflow? - addq $4,$8,$4 # r=a+b; - addq $0,$23,$0 - cmpult $4,$8,$25 # did we overflow? - addq $3,$0,$3 # c+= overflow - stq $1,0($16) # r[0]=c - cmpult $3,$0,$0 # overflow? - stq $2,8($16) # r[1]=c - addq $0,$24,$0 - stq $3,16($16) # r[2]=c - addq $4,$0,$4 # c+= overflow - subq $19,4,$19 # loop-- - cmpult $4,$0,$0 # overflow? - addq $17,32,$17 # a++ - addq $0,$25,$0 - stq $4,24($16) # r[3]=c - addq $18,32,$18 # b++ - addq $16,32,$16 # r++ - - blt $19,$900 - ldq $5,0($17) # a[0] - ldq $1,0($18) # b[1] - br $901 - .align 4 -$945: - ldq $5,0($17) # a[0] - ldq $1,0($18) # b[1] - addq $1,$5,$1 # r=a+b; - subq $19,1,$19 # loop-- - addq $1,$0,$1 # c+= overflow - addq $17,8,$17 # a++ - cmpult $1,$5,$22 # did we overflow? - cmpult $1,$0,$0 # overflow? - addq $18,8,$18 # b++ - stq $1,0($16) # r[0]=c - addq $0,$22,$0 - addq $16,8,$16 # r++ - - bgt $19,$945 - ret $31,($26),1 # else exit - -$900: - addq $19,4,$19 - bgt $19,$945 # goto tail code - ret $31,($26),1 # else exit - .end bn_add_words - - # - # What follows was taken directly from the C compiler with a few - # hacks to redo the lables. - # -.text - .align 3 - .globl bn_div64 - .ent bn_div64 -bn_div64: - ldgp $29,0($27) -bn_div64..ng: - lda $30,-48($30) - .frame $30,48,$26,0 - stq $26,0($30) - stq $9,8($30) - stq $10,16($30) - stq $11,24($30) - stq $12,32($30) - stq $13,40($30) - .mask 0x4003e00,-48 - .prologue 1 - bis $16,$16,$9 - bis $17,$17,$10 - bis $18,$18,$11 - bis $31,$31,$13 - bis $31,2,$12 - bne $11,$119 - lda $0,-1 - br $31,$136 - .align 4 -$119: - bis $11,$11,$16 - jsr $26,BN_num_bits_word - ldgp $29,0($26) - subq $0,64,$1 - beq $1,$120 - bis $31,1,$1 - sll $1,$0,$1 - cmpule $9,$1,$1 - bne $1,$120 - # lda $16,_IO_stderr_ - # lda $17,$C32 - # bis $0,$0,$18 - # jsr $26,fprintf - # ldgp $29,0($26) - jsr $26,abort - ldgp $29,0($26) - .align 4 -$120: - bis $31,64,$3 - cmpult $9,$11,$2 - subq $3,$0,$1 - addl $1,$31,$0 - subq $9,$11,$1 - cmoveq $2,$1,$9 - beq $0,$122 - zapnot $0,15,$2 - subq $3,$0,$1 - sll $11,$2,$11 - sll $9,$2,$3 - srl $10,$1,$1 - sll $10,$2,$10 - bis $3,$1,$9 -$122: - srl $11,32,$5 - zapnot $11,15,$6 - lda $7,-1 - .align 5 -$123: - srl $9,32,$1 - subq $1,$5,$1 - bne $1,$126 - zapnot $7,15,$27 - br $31,$127 - .align 4 -$126: - bis $9,$9,$24 - bis $5,$5,$25 - divqu $24,$25,$27 -$127: - srl $10,32,$4 - .align 5 -$128: - mulq $27,$5,$1 - subq $9,$1,$3 - zapnot $3,240,$1 - bne $1,$129 - mulq $6,$27,$2 - sll $3,32,$1 - addq $1,$4,$1 - cmpule $2,$1,$2 - bne $2,$129 - subq $27,1,$27 - br $31,$128 - .align 4 -$129: - mulq $27,$6,$1 - mulq $27,$5,$4 - srl $1,32,$3 - sll $1,32,$1 - addq $4,$3,$4 - cmpult $10,$1,$2 - subq $10,$1,$10 - addq $2,$4,$2 - cmpult $9,$2,$1 - bis $2,$2,$4 - beq $1,$134 - addq $9,$11,$9 - subq $27,1,$27 -$134: - subl $12,1,$12 - subq $9,$4,$9 - beq $12,$124 - sll $27,32,$13 - sll $9,32,$2 - srl $10,32,$1 - sll $10,32,$10 - bis $2,$1,$9 - br $31,$123 - .align 4 -$124: - bis $13,$27,$0 -$136: - ldq $26,0($30) - ldq $9,8($30) - ldq $10,16($30) - ldq $11,24($30) - ldq $12,32($30) - ldq $13,40($30) - addq $30,48,$30 - ret $31,($26),1 - .end bn_div64 - - .set noat - .text - .align 3 - .globl bn_sub_words - .ent bn_sub_words -bn_sub_words: -bn_sub_words..ng: - .frame $30,0,$26,0 - .prologue 0 - - subq $19, 4, $19 - bis $31, $31, $0 - blt $19, $100 - ldq $1, 0($17) - ldq $2, 0($18) -$101: - ldq $3, 8($17) - cmpult $1, $2, $4 - ldq $5, 8($18) - subq $1, $2, $1 - ldq $6, 16($17) - cmpult $1, $0, $2 - ldq $7, 16($18) - subq $1, $0, $23 - ldq $8, 24($17) - addq $2, $4, $0 - cmpult $3, $5, $24 - subq $3, $5, $3 - ldq $22, 24($18) - cmpult $3, $0, $5 - subq $3, $0, $25 - addq $5, $24, $0 - cmpult $6, $7, $27 - subq $6, $7, $6 - stq $23, 0($16) - cmpult $6, $0, $7 - subq $6, $0, $28 - addq $7, $27, $0 - cmpult $8, $22, $21 - subq $8, $22, $8 - stq $25, 8($16) - cmpult $8, $0, $22 - subq $8, $0, $20 - addq $22, $21, $0 - stq $28, 16($16) - subq $19, 4, $19 - stq $20, 24($16) - addq $17, 32, $17 - addq $18, 32, $18 - addq $16, 32, $16 - blt $19, $100 - ldq $1, 0($17) - ldq $2, 0($18) - br $101 -$102: - ldq $1, 0($17) - ldq $2, 0($18) - cmpult $1, $2, $27 - subq $1, $2, $1 - cmpult $1, $0, $2 - subq $1, $0, $1 - stq $1, 0($16) - addq $2, $27, $0 - addq $17, 8, $17 - addq $18, 8, $18 - addq $16, 8, $16 - subq $19, 1, $19 - bgt $19, $102 - ret $31,($26),1 -$100: - addq $19, 4, $19 - bgt $19, $102 -$103: - ret $31,($26),1 - .end bn_sub_words diff --git a/src/lib/libcrypto/bn/asm/alpha.works/add.pl b/src/lib/libcrypto/bn/asm/alpha.works/add.pl deleted file mode 100644 index 4dc76e6b69f..00000000000 --- a/src/lib/libcrypto/bn/asm/alpha.works/add.pl +++ /dev/null @@ -1,119 +0,0 @@ -#!/usr/local/bin/perl -# alpha assember - -sub bn_add_words - { - local($name)=@_; - local($cc,$a,$b,$r); - - &init_pool(4); - ($cc)=GR("r0"); - - $rp=&wparam(0); - $ap=&wparam(1); - $bp=&wparam(2); - $count=&wparam(3); - - &function_begin($name,""); - - &comment(""); - &sub($count,4,$count); - &mov("zero",$cc); - &br(&label("finish")); - &blt($count,&label("finish")); - - ($a0,$b0)=&NR(2); - &ld($a0,&QWPw(0,$ap)); - &ld($b0,&QWPw(0,$bp)); - -########################################################## - &set_label("loop"); - - ($a1)=&NR(1); &ld($a1,&QWPw(1,$ap)); - ($b1)=&NR(1); &ld($b1,&QWPw(1,$bp)); - ($a2)=&NR(1); &ld($a2,&QWPw(2,$ap)); - ($b2)=&NR(1); &ld($b2,&QWPw(2,$bp)); - ($a3)=&NR(1); &ld($a3,&QWPw(3,$ap)); - ($b3)=&NR(1); &ld($b3,&QWPw(3,$bp)); - - ($o0,$t0)=&NR(2); - &add($a0,$b0,$o0); - &cmpult($o0,$b0,$t0); - &add($o0,$cc,$o0); - &cmpult($o0,$cc,$cc); - &add($cc,$t0,$cc); &FR($t0); - - ($t1,$o1)=&NR(2); - - &add($a1,$b1,$o1); &FR($a1); - &cmpult($o1,$b1,$t1); &FR($b1); - &add($o1,$cc,$o1); - &cmpult($o1,$cc,$cc); - &add($cc,$t1,$cc); &FR($t1); - - ($t2,$o2)=&NR(2); - - &add($a2,$b2,$o2); &FR($a2); - &cmpult($o2,$b2,$t2); &FR($b2); - &add($o2,$cc,$o2); - &cmpult($o2,$cc,$cc); - &add($cc,$t2,$cc); &FR($t2); - - ($t3,$o3)=&NR(2); - - &add($a3,$b3,$o3); &FR($a3); - &cmpult($o3,$b3,$t3); &FR($b3); - &add($o3,$cc,$o3); - &cmpult($o3,$cc,$cc); - &add($cc,$t3,$cc); &FR($t3); - - &st($o0,&QWPw(0,$rp)); &FR($o0); - &st($o1,&QWPw(0,$rp)); &FR($o1); - &st($o2,&QWPw(0,$rp)); &FR($o2); - &st($o3,&QWPw(0,$rp)); &FR($o3); - - &sub($count,4,$count); # count-=4 - &add($ap,4*$QWS,$ap); # count+=4 - &add($bp,4*$QWS,$bp); # count+=4 - &add($rp,4*$QWS,$rp); # count+=4 - - &blt($count,&label("finish")); - &ld($a0,&QWPw(0,$ap)); - &ld($b0,&QWPw(0,$bp)); - &br(&label("loop")); -################################################## - # Do the last 0..3 words - - ($t0,$o0)=&NR(2); - &set_label("last_loop"); - - &ld($a0,&QWPw(0,$ap)); # get a - &ld($b0,&QWPw(0,$bp)); # get b - - &add($a0,$b0,$o0); - &cmpult($o0,$b0,$t0); # will we borrow? - &add($o0,$cc,$o0); # will we borrow? - &cmpult($o0,$cc,$cc); # will we borrow? - &add($cc,$t0,$cc); # add the borrows - &st($o0,&QWPw(0,$rp)); # save - - &add($ap,$QWS,$ap); - &add($bp,$QWS,$bp); - &add($rp,$QWS,$rp); - &sub($count,1,$count); - &bgt($count,&label("last_loop")); - &function_end_A($name); - -###################################################### - &set_label("finish"); - &add($count,4,$count); - &bgt($count,&label("last_loop")); - - &FR($o0,$t0,$a0,$b0); - &set_label("end"); - &function_end($name); - - &fin_pool; - } - -1; diff --git a/src/lib/libcrypto/bn/asm/alpha.works/div.pl b/src/lib/libcrypto/bn/asm/alpha.works/div.pl deleted file mode 100644 index 7ec144377fa..00000000000 --- a/src/lib/libcrypto/bn/asm/alpha.works/div.pl +++ /dev/null @@ -1,144 +0,0 @@ -#!/usr/local/bin/perl - -sub bn_div64 - { - local($data)=<<'EOF'; - # - # What follows was taken directly from the C compiler with a few - # hacks to redo the lables. - # -.text - .set noreorder - .set volatile - .align 3 - .globl bn_div64 - .ent bn_div64 -bn_div64: - ldgp $29,0($27) -bn_div64..ng: - lda $30,-48($30) - .frame $30,48,$26,0 - stq $26,0($30) - stq $9,8($30) - stq $10,16($30) - stq $11,24($30) - stq $12,32($30) - stq $13,40($30) - .mask 0x4003e00,-48 - .prologue 1 - bis $16,$16,$9 - bis $17,$17,$10 - bis $18,$18,$11 - bis $31,$31,$13 - bis $31,2,$12 - bne $11,$9119 - lda $0,-1 - br $31,$9136 - .align 4 -$9119: - bis $11,$11,$16 - jsr $26,BN_num_bits_word - ldgp $29,0($26) - subq $0,64,$1 - beq $1,$9120 - bis $31,1,$1 - sll $1,$0,$1 - cmpule $9,$1,$1 - bne $1,$9120 - # lda $16,_IO_stderr_ - # lda $17,$C32 - # bis $0,$0,$18 - # jsr $26,fprintf - # ldgp $29,0($26) - jsr $26,abort - ldgp $29,0($26) - .align 4 -$9120: - bis $31,64,$3 - cmpult $9,$11,$2 - subq $3,$0,$1 - addl $1,$31,$0 - subq $9,$11,$1 - cmoveq $2,$1,$9 - beq $0,$9122 - zapnot $0,15,$2 - subq $3,$0,$1 - sll $11,$2,$11 - sll $9,$2,$3 - srl $10,$1,$1 - sll $10,$2,$10 - bis $3,$1,$9 -$9122: - srl $11,32,$5 - zapnot $11,15,$6 - lda $7,-1 - .align 5 -$9123: - srl $9,32,$1 - subq $1,$5,$1 - bne $1,$9126 - zapnot $7,15,$27 - br $31,$9127 - .align 4 -$9126: - bis $9,$9,$24 - bis $5,$5,$25 - divqu $24,$25,$27 -$9127: - srl $10,32,$4 - .align 5 -$9128: - mulq $27,$5,$1 - subq $9,$1,$3 - zapnot $3,240,$1 - bne $1,$9129 - mulq $6,$27,$2 - sll $3,32,$1 - addq $1,$4,$1 - cmpule $2,$1,$2 - bne $2,$9129 - subq $27,1,$27 - br $31,$9128 - .align 4 -$9129: - mulq $27,$6,$1 - mulq $27,$5,$4 - srl $1,32,$3 - sll $1,32,$1 - addq $4,$3,$4 - cmpult $10,$1,$2 - subq $10,$1,$10 - addq $2,$4,$2 - cmpult $9,$2,$1 - bis $2,$2,$4 - beq $1,$9134 - addq $9,$11,$9 - subq $27,1,$27 -$9134: - subl $12,1,$12 - subq $9,$4,$9 - beq $12,$9124 - sll $27,32,$13 - sll $9,32,$2 - srl $10,32,$1 - sll $10,32,$10 - bis $2,$1,$9 - br $31,$9123 - .align 4 -$9124: - bis $13,$27,$0 -$9136: - ldq $26,0($30) - ldq $9,8($30) - ldq $10,16($30) - ldq $11,24($30) - ldq $12,32($30) - ldq $13,40($30) - addq $30,48,$30 - ret $31,($26),1 - .end bn_div64 -EOF - &asm_add($data); - } - -1; diff --git a/src/lib/libcrypto/bn/asm/alpha.works/mul.pl b/src/lib/libcrypto/bn/asm/alpha.works/mul.pl deleted file mode 100644 index b182bae4520..00000000000 --- a/src/lib/libcrypto/bn/asm/alpha.works/mul.pl +++ /dev/null @@ -1,116 +0,0 @@ -#!/usr/local/bin/perl -# alpha assember - -sub bn_mul_words - { - local($name)=@_; - local($cc,$a,$b,$r,$couny); - - &init_pool(4); - ($cc)=GR("r0"); - - $rp=&wparam(0); - $ap=&wparam(1); - $count=&wparam(2); - $word=&wparam(3); - - &function_begin($name,""); - - &comment(""); - &sub($count,4,$count); - &mov("zero",$cc); - &br(&label("finish")); - &blt($count,&label("finish")); - - ($a0,$r0)=&NR(2); - &ld($a0,&QWPw(0,$ap)); - &ld($r0,&QWPw(0,$rp)); - -$a=<<'EOF'; -########################################################## - &set_label("loop"); - - ($a1)=&NR(1); &ld($a1,&QWPw(1,$ap)); - ($b1)=&NR(1); &ld($b1,&QWPw(1,$bp)); - ($a2)=&NR(1); &ld($a2,&QWPw(2,$ap)); - ($b2)=&NR(1); &ld($b2,&QWPw(2,$bp)); - ($a3)=&NR(1); &ld($a3,&QWPw(3,$ap)); - ($b3)=&NR(1); &ld($b3,&QWPw(3,$bp)); - - ($o0,$t0)=&NR(2); - &add($a0,$b0,$o0); - &cmpult($o0,$b0,$t0); - &add($o0,$cc,$o0); - &cmpult($o0,$cc,$cc); - &add($cc,$t0,$cc); &FR($t0); - - ($t1,$o1)=&NR(2); - - &add($a1,$b1,$o1); &FR($a1); - &cmpult($o1,$b1,$t1); &FR($b1); - &add($o1,$cc,$o1); - &cmpult($o1,$cc,$cc); - &add($cc,$t1,$cc); &FR($t1); - - ($t2,$o2)=&NR(2); - - &add($a2,$b2,$o2); &FR($a2); - &cmpult($o2,$b2,$t2); &FR($b2); - &add($o2,$cc,$o2); - &cmpult($o2,$cc,$cc); - &add($cc,$t2,$cc); &FR($t2); - - ($t3,$o3)=&NR(2); - - &add($a3,$b3,$o3); &FR($a3); - &cmpult($o3,$b3,$t3); &FR($b3); - &add($o3,$cc,$o3); - &cmpult($o3,$cc,$cc); - &add($cc,$t3,$cc); &FR($t3); - - &st($o0,&QWPw(0,$rp)); &FR($o0); - &st($o1,&QWPw(0,$rp)); &FR($o1); - &st($o2,&QWPw(0,$rp)); &FR($o2); - &st($o3,&QWPw(0,$rp)); &FR($o3); - - &sub($count,4,$count); # count-=4 - &add($ap,4*$QWS,$ap); # count+=4 - &add($bp,4*$QWS,$bp); # count+=4 - &add($rp,4*$QWS,$rp); # count+=4 - - &blt($count,&label("finish")); - &ld($a0,&QWPw(0,$ap)); - &ld($b0,&QWPw(0,$bp)); - &br(&label("loop")); -EOF -################################################## - # Do the last 0..3 words - - &set_label("last_loop"); - - &ld(($a0)=&NR(1),&QWPw(0,$ap)); # get a - &mul($a0,$word,($l0)=&NR(1)); - &add($ap,$QWS,$ap); - &muh($a0,$word,($h0)=&NR(1)); &FR($a0); - &add($l0,$cc,$l0); - &add($rp,$QWS,$rp); - &sub($count,1,$count); - &cmpult($l0,$cc,$cc); - &st($l0,&QWPw(-1,$rp)); &FR($l0); - &add($h0,$cc,$cc); &FR($h0); - - &bgt($count,&label("last_loop")); - &function_end_A($name); - -###################################################### - &set_label("finish"); - &add($count,4,$count); - &bgt($count,&label("last_loop")); - - &set_label("end"); - &function_end($name); - - &fin_pool; - } - -1; diff --git a/src/lib/libcrypto/bn/asm/alpha.works/mul_add.pl b/src/lib/libcrypto/bn/asm/alpha.works/mul_add.pl deleted file mode 100644 index e37f6315fbc..00000000000 --- a/src/lib/libcrypto/bn/asm/alpha.works/mul_add.pl +++ /dev/null @@ -1,120 +0,0 @@ -#!/usr/local/bin/perl -# alpha assember - -sub bn_mul_add_words - { - local($name)=@_; - local($cc,$a,$b,$r,$couny); - - &init_pool(4); - ($cc)=GR("r0"); - - $rp=&wparam(0); - $ap=&wparam(1); - $count=&wparam(2); - $word=&wparam(3); - - &function_begin($name,""); - - &comment(""); - &sub($count,4,$count); - &mov("zero",$cc); - &br(&label("finish")); - &blt($count,&label("finish")); - - ($a0,$r0)=&NR(2); - &ld($a0,&QWPw(0,$ap)); - &ld($r0,&QWPw(0,$rp)); - -$a=<<'EOF'; -########################################################## - &set_label("loop"); - - ($a1)=&NR(1); &ld($a1,&QWPw(1,$ap)); - ($b1)=&NR(1); &ld($b1,&QWPw(1,$bp)); - ($a2)=&NR(1); &ld($a2,&QWPw(2,$ap)); - ($b2)=&NR(1); &ld($b2,&QWPw(2,$bp)); - ($a3)=&NR(1); &ld($a3,&QWPw(3,$ap)); - ($b3)=&NR(1); &ld($b3,&QWPw(3,$bp)); - - ($o0,$t0)=&NR(2); - &add($a0,$b0,$o0); - &cmpult($o0,$b0,$t0); - &add($o0,$cc,$o0); - &cmpult($o0,$cc,$cc); - &add($cc,$t0,$cc); &FR($t0); - - ($t1,$o1)=&NR(2); - - &add($a1,$b1,$o1); &FR($a1); - &cmpult($o1,$b1,$t1); &FR($b1); - &add($o1,$cc,$o1); - &cmpult($o1,$cc,$cc); - &add($cc,$t1,$cc); &FR($t1); - - ($t2,$o2)=&NR(2); - - &add($a2,$b2,$o2); &FR($a2); - &cmpult($o2,$b2,$t2); &FR($b2); - &add($o2,$cc,$o2); - &cmpult($o2,$cc,$cc); - &add($cc,$t2,$cc); &FR($t2); - - ($t3,$o3)=&NR(2); - - &add($a3,$b3,$o3); &FR($a3); - &cmpult($o3,$b3,$t3); &FR($b3); - &add($o3,$cc,$o3); - &cmpult($o3,$cc,$cc); - &add($cc,$t3,$cc); &FR($t3); - - &st($o0,&QWPw(0,$rp)); &FR($o0); - &st($o1,&QWPw(0,$rp)); &FR($o1); - &st($o2,&QWPw(0,$rp)); &FR($o2); - &st($o3,&QWPw(0,$rp)); &FR($o3); - - &sub($count,4,$count); # count-=4 - &add($ap,4*$QWS,$ap); # count+=4 - &add($bp,4*$QWS,$bp); # count+=4 - &add($rp,4*$QWS,$rp); # count+=4 - - &blt($count,&label("finish")); - &ld($a0,&QWPw(0,$ap)); - &ld($b0,&QWPw(0,$bp)); - &br(&label("loop")); -EOF -################################################## - # Do the last 0..3 words - - &set_label("last_loop"); - - &ld(($a0)=&NR(1),&QWPw(0,$ap)); # get a - &ld(($r0)=&NR(1),&QWPw(0,$rp)); # get b - &mul($a0,$word,($l0)=&NR(1)); - &sub($count,1,$count); - &add($ap,$QWS,$ap); - &muh($a0,$word,($h0)=&NR(1)); &FR($a0); - &add($r0,$l0,$r0); - &add($rp,$QWS,$rp); - &cmpult($r0,$l0,($t0)=&NR(1)); &FR($l0); - &add($r0,$cc,$r0); - &add($h0,$t0,$h0); &FR($t0); - &cmpult($r0,$cc,$cc); - &st($r0,&QWPw(-1,$rp)); &FR($r0); - &add($h0,$cc,$cc); &FR($h0); - - &bgt($count,&label("last_loop")); - &function_end_A($name); - -###################################################### - &set_label("finish"); - &add($count,4,$count); - &bgt($count,&label("last_loop")); - - &set_label("end"); - &function_end($name); - - &fin_pool; - } - -1; diff --git a/src/lib/libcrypto/bn/asm/alpha.works/mul_c4.pl b/src/lib/libcrypto/bn/asm/alpha.works/mul_c4.pl deleted file mode 100644 index 5efd2012814..00000000000 --- a/src/lib/libcrypto/bn/asm/alpha.works/mul_c4.pl +++ /dev/null @@ -1,213 +0,0 @@ -#!/usr/local/bin/perl -# alpha assember - -sub mul_add_c - { - local($a,$b,$c0,$c1,$c2)=@_; - local($l1,$h1,$t1,$t2); - - &mul($a,$b,($l1)=&NR(1)); - &muh($a,$b,($h1)=&NR(1)); - &add($c0,$l1,$c0); - &cmpult($c0,$l1,($t1)=&NR(1)); &FR($l1); - &add($t1,$h1,$h1); &FR($t1); - &add($c1,$h1,$c1); - &cmpult($c1,$h1,($t2)=&NR(1)); &FR($h1); - &add($c2,$t2,$c2); &FR($t2); - } - -sub bn_mul_comba4 - { - local($name)=@_; - local(@a,@b,$r,$c0,$c1,$c2); - - $cnt=1; - &init_pool(3); - - $rp=&wparam(0); - $ap=&wparam(1); - $bp=&wparam(2); - - &function_begin($name,""); - - &comment(""); - - &ld(($a[0])=&NR(1),&QWPw(0,$ap)); - &ld(($b[0])=&NR(1),&QWPw(0,$bp)); - &ld(($a[1])=&NR(1),&QWPw(1,$ap)); - &ld(($b[1])=&NR(1),&QWPw(1,$bp)); - &mul($a[0],$b[0],($r00)=&NR(1)); - &ld(($a[2])=&NR(1),&QWPw(2,$ap)); - &ld(($b[2])=&NR(1),&QWPw(2,$bp)); - &muh($a[0],$b[0],($r01)=&NR(1)); - &FR($ap); &ld(($a[3])=&NR(1),&QWPw(3,$ap)); - &FR($bp); &ld(($b[3])=&NR(1),&QWPw(3,$bp)); - &mul($a[0],$b[1],($r02)=&NR(1)); - - ($R,$H1,$H2)=&NR(3); - - &st($r00,&QWPw(0,$rp)); &FR($r00); - - &mov("zero",$R); - &mul($a[1],$b[0],($r03)=&NR(1)); - - &mov("zero",$H1); - &mov("zero",$H0); - &add($R,$r01,$R); - &muh($a[0],$b[1],($r04)=&NR(1)); - &cmpult($R,$r01,($t01)=&NR(1)); &FR($r01); - &add($R,$r02,$R); - &add($H1,$t01,$H1) &FR($t01); - &muh($a[1],$b[0],($r05)=&NR(1)); - &cmpult($R,$r02,($t02)=&NR(1)); &FR($r02); - &add($R,$r03,$R); - &add($H2,$t02,$H2) &FR($t02); - &mul($a[0],$b[2],($r06)=&NR(1)); - &cmpult($R,$r03,($t03)=&NR(1)); &FR($r03); - &add($H1,$t03,$H1) &FR($t03); - &st($R,&QWPw(1,$rp)); - &add($H1,$H2,$R); - - &mov("zero",$H1); - &add($R,$r04,$R); - &mov("zero",$H2); - &mul($a[1],$b[1],($r07)=&NR(1)); - &cmpult($R,$r04,($t04)=&NR(1)); &FR($r04); - &add($R,$r05,$R); - &add($H1,$t04,$H1) &FR($t04); - &mul($a[2],$b[0],($r08)=&NR(1)); - &cmpult($R,$r05,($t05)=&NR(1)); &FR($r05); - &add($R,$r01,$R); - &add($H2,$t05,$H2) &FR($t05); - &muh($a[0],$b[2],($r09)=&NR(1)); - &cmpult($R,$r06,($t06)=&NR(1)); &FR($r06); - &add($R,$r07,$R); - &add($H1,$t06,$H1) &FR($t06); - &muh($a[1],$b[1],($r10)=&NR(1)); - &cmpult($R,$r07,($t07)=&NR(1)); &FR($r07); - &add($R,$r08,$R); - &add($H2,$t07,$H2) &FR($t07); - &muh($a[2],$b[0],($r11)=&NR(1)); - &cmpult($R,$r08,($t08)=&NR(1)); &FR($r08); - &add($H1,$t08,$H1) &FR($t08); - &st($R,&QWPw(2,$rp)); - &add($H1,$H2,$R); - - &mov("zero",$H1); - &add($R,$r09,$R); - &mov("zero",$H2); - &mul($a[0],$b[3],($r12)=&NR(1)); - &cmpult($R,$r09,($t09)=&NR(1)); &FR($r09); - &add($R,$r10,$R); - &add($H1,$t09,$H1) &FR($t09); - &mul($a[1],$b[2],($r13)=&NR(1)); - &cmpult($R,$r10,($t10)=&NR(1)); &FR($r10); - &add($R,$r11,$R); - &add($H1,$t10,$H1) &FR($t10); - &mul($a[2],$b[1],($r14)=&NR(1)); - &cmpult($R,$r11,($t11)=&NR(1)); &FR($r11); - &add($R,$r12,$R); - &add($H1,$t11,$H1) &FR($t11); - &mul($a[3],$b[0],($r15)=&NR(1)); - &cmpult($R,$r12,($t12)=&NR(1)); &FR($r12); - &add($R,$r13,$R); - &add($H1,$t12,$H1) &FR($t12); - &muh($a[0],$b[3],($r16)=&NR(1)); - &cmpult($R,$r13,($t13)=&NR(1)); &FR($r13); - &add($R,$r14,$R); - &add($H1,$t13,$H1) &FR($t13); - &muh($a[1],$b[2],($r17)=&NR(1)); - &cmpult($R,$r14,($t14)=&NR(1)); &FR($r14); - &add($R,$r15,$R); - &add($H1,$t14,$H1) &FR($t14); - &muh($a[2],$b[1],($r18)=&NR(1)); - &cmpult($R,$r15,($t15)=&NR(1)); &FR($r15); - &add($H1,$t15,$H1) &FR($t15); - &st($R,&QWPw(3,$rp)); - &add($H1,$H2,$R); - - &mov("zero",$H1); - &add($R,$r16,$R); - &mov("zero",$H2); - &muh($a[3],$b[0],($r19)=&NR(1)); - &cmpult($R,$r16,($t16)=&NR(1)); &FR($r16); - &add($R,$r17,$R); - &add($H1,$t16,$H1) &FR($t16); - &mul($a[1],$b[3],($r20)=&NR(1)); - &cmpult($R,$r17,($t17)=&NR(1)); &FR($r17); - &add($R,$r18,$R); - &add($H1,$t17,$H1) &FR($t17); - &mul($a[2],$b[2],($r21)=&NR(1)); - &cmpult($R,$r18,($t18)=&NR(1)); &FR($r18); - &add($R,$r19,$R); - &add($H1,$t18,$H1) &FR($t18); - &mul($a[3],$b[1],($r22)=&NR(1)); - &cmpult($R,$r19,($t19)=&NR(1)); &FR($r19); - &add($R,$r20,$R); - &add($H1,$t19,$H1) &FR($t19); - &muh($a[1],$b[3],($r23)=&NR(1)); - &cmpult($R,$r20,($t20)=&NR(1)); &FR($r20); - &add($R,$r21,$R); - &add($H1,$t20,$H1) &FR($t20); - &muh($a[2],$b[2],($r24)=&NR(1)); - &cmpult($R,$r21,($t21)=&NR(1)); &FR($r21); - &add($R,$r22,$R); - &add($H1,$t21,$H1) &FR($t21); - &muh($a[3],$b[1],($r25)=&NR(1)); - &cmpult($R,$r22,($t22)=&NR(1)); &FR($r22); - &add($H1,$t22,$H1) &FR($t22); - &st($R,&QWPw(4,$rp)); - &add($H1,$H2,$R); - - &mov("zero",$H1); - &add($R,$r23,$R); - &mov("zero",$H2); - &mul($a[2],$b[3],($r26)=&NR(1)); - &cmpult($R,$r23,($t23)=&NR(1)); &FR($r23); - &add($R,$r24,$R); - &add($H1,$t23,$H1) &FR($t23); - &mul($a[3],$b[2],($r27)=&NR(1)); - &cmpult($R,$r24,($t24)=&NR(1)); &FR($r24); - &add($R,$r25,$R); - &add($H1,$t24,$H1) &FR($t24); - &muh($a[2],$b[3],($r28)=&NR(1)); - &cmpult($R,$r25,($t25)=&NR(1)); &FR($r25); - &add($R,$r26,$R); - &add($H1,$t25,$H1) &FR($t25); - &muh($a[3],$b[2],($r29)=&NR(1)); - &cmpult($R,$r26,($t26)=&NR(1)); &FR($r26); - &add($R,$r27,$R); - &add($H1,$t26,$H1) &FR($t26); - &mul($a[3],$b[3],($r30)=&NR(1)); - &cmpult($R,$r27,($t27)=&NR(1)); &FR($r27); - &add($H1,$t27,$H1) &FR($t27); - &st($R,&QWPw(5,$rp)); - &add($H1,$H2,$R); - - &mov("zero",$H1); - &add($R,$r28,$R); - &mov("zero",$H2); - &muh($a[3],$b[3],($r31)=&NR(1)); - &cmpult($R,$r28,($t28)=&NR(1)); &FR($r28); - &add($R,$r29,$R); - &add($H1,$t28,$H1) &FR($t28); - ############ - &cmpult($R,$r29,($t29)=&NR(1)); &FR($r29); - &add($R,$r30,$R); - &add($H1,$t29,$H1) &FR($t29); - ############ - &cmpult($R,$r30,($t30)=&NR(1)); &FR($r30); - &add($H1,$t30,$H1) &FR($t30); - &st($R,&QWPw(6,$rp)); - &add($H1,$H2,$R); - - &add($R,$r31,$R); &FR($r31); - &st($R,&QWPw(7,$rp)); - - &FR($R,$H1,$H2); - &function_end($name); - - &fin_pool; - } - -1; diff --git a/src/lib/libcrypto/bn/asm/alpha.works/mul_c4.works.pl b/src/lib/libcrypto/bn/asm/alpha.works/mul_c4.works.pl deleted file mode 100644 index 79d86dd25cd..00000000000 --- a/src/lib/libcrypto/bn/asm/alpha.works/mul_c4.works.pl +++ /dev/null @@ -1,98 +0,0 @@ -#!/usr/local/bin/perl -# alpha assember - -sub mul_add_c - { - local($a,$b,$c0,$c1,$c2)=@_; - local($l1,$h1,$t1,$t2); - -print STDERR "count=$cnt\n"; $cnt++; - &mul($a,$b,($l1)=&NR(1)); - &muh($a,$b,($h1)=&NR(1)); - &add($c0,$l1,$c0); - &cmpult($c0,$l1,($t1)=&NR(1)); &FR($l1); - &add($t1,$h1,$h1); &FR($t1); - &add($c1,$h1,$c1); - &cmpult($c1,$h1,($t2)=&NR(1)); &FR($h1); - &add($c2,$t2,$c2); &FR($t2); - } - -sub bn_mul_comba4 - { - local($name)=@_; - local(@a,@b,$r,$c0,$c1,$c2); - - $cnt=1; - &init_pool(3); - - $rp=&wparam(0); - $ap=&wparam(1); - $bp=&wparam(2); - - &function_begin($name,""); - - &comment(""); - - &ld(($a[0])=&NR(1),&QWPw(0,$ap)); - &ld(($b[0])=&NR(1),&QWPw(0,$bp)); - &ld(($a[1])=&NR(1),&QWPw(1,$ap)); - &ld(($b[1])=&NR(1),&QWPw(1,$bp)); - &ld(($a[2])=&NR(1),&QWPw(2,$ap)); - &ld(($b[2])=&NR(1),&QWPw(2,$bp)); - &ld(($a[3])=&NR(1),&QWPw(3,$ap)); &FR($ap); - &ld(($b[3])=&NR(1),&QWPw(3,$bp)); &FR($bp); - - ($c0,$c1,$c2)=&NR(3); - &mov("zero",$c2); - &mul($a[0],$b[0],$c0); - &muh($a[0],$b[0],$c1); - &st($c0,&QWPw(0,$rp)); &FR($c0); ($c0)=&NR($c0); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &mul_add_c($a[0],$b[1],$c0,$c1,$c2); - &mul_add_c($a[1],$b[0],$c0,$c1,$c2); - &st($c0,&QWPw(1,$rp)); &FR($c0); ($c0)=&NR($c0); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &mul_add_c($a[1],$b[1],$c0,$c1,$c2); - &mul_add_c($a[0],$b[2],$c0,$c1,$c2); - &mul_add_c($a[2],$b[0],$c0,$c1,$c2); - &st($c0,&QWPw(2,$rp)); &FR($c0); ($c0)=&NR($c0); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &mul_add_c($a[0],$b[3],$c0,$c1,$c2); &FR($a[0]); - &mul_add_c($a[1],$b[2],$c0,$c1,$c2); - &mul_add_c($a[2],$b[1],$c0,$c1,$c2); - &mul_add_c($a[3],$b[0],$c0,$c1,$c2); &FR($b[0]); - &st($c0,&QWPw(3,$rp)); &FR($c0); ($c0)=&NR($c0); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &mul_add_c($a[1],$b[3],$c0,$c1,$c2); &FR($a[1]); - &mul_add_c($a[2],$b[2],$c0,$c1,$c2); - &mul_add_c($a[3],$b[1],$c0,$c1,$c2); &FR($b[1]); - &st($c0,&QWPw(4,$rp)); &FR($c0); ($c0)=&NR($c0); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &mul_add_c($a[2],$b[3],$c0,$c1,$c2); &FR($a[2]); - &mul_add_c($a[3],$b[2],$c0,$c1,$c2); &FR($b[2]); - &st($c0,&QWPw(5,$rp)); &FR($c0); ($c0)=&NR($c0); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &mul_add_c($a[3],$b[3],$c0,$c1,$c2); &FR($a[3],$b[3]); - &st($c0,&QWPw(6,$rp)); - &st($c1,&QWPw(7,$rp)); - - &FR($c0,$c1,$c2); - - &function_end($name); - - &fin_pool; - } - -1; diff --git a/src/lib/libcrypto/bn/asm/alpha.works/mul_c8.pl b/src/lib/libcrypto/bn/asm/alpha.works/mul_c8.pl deleted file mode 100644 index 525ca7494b7..00000000000 --- a/src/lib/libcrypto/bn/asm/alpha.works/mul_c8.pl +++ /dev/null @@ -1,177 +0,0 @@ -#!/usr/local/bin/perl -# alpha assember - -sub bn_mul_comba8 - { - local($name)=@_; - local(@a,@b,$r,$c0,$c1,$c2); - - $cnt=1; - &init_pool(3); - - $rp=&wparam(0); - $ap=&wparam(1); - $bp=&wparam(2); - - &function_begin($name,""); - - &comment(""); - - &stack_push(2); - &ld(($a[0])=&NR(1),&QWPw(0,$ap)); - &ld(($b[0])=&NR(1),&QWPw(0,$bp)); - &st($reg_s0,&swtmp(0)); &FR($reg_s0); - &st($reg_s1,&swtmp(1)); &FR($reg_s1); - &ld(($a[1])=&NR(1),&QWPw(1,$ap)); - &ld(($b[1])=&NR(1),&QWPw(1,$bp)); - &ld(($a[2])=&NR(1),&QWPw(2,$ap)); - &ld(($b[2])=&NR(1),&QWPw(2,$bp)); - &ld(($a[3])=&NR(1),&QWPw(3,$ap)); - &ld(($b[3])=&NR(1),&QWPw(3,$bp)); - &ld(($a[4])=&NR(1),&QWPw(1,$ap)); - &ld(($b[4])=&NR(1),&QWPw(1,$bp)); - &ld(($a[5])=&NR(1),&QWPw(1,$ap)); - &ld(($b[5])=&NR(1),&QWPw(1,$bp)); - &ld(($a[6])=&NR(1),&QWPw(1,$ap)); - &ld(($b[6])=&NR(1),&QWPw(1,$bp)); - &ld(($a[7])=&NR(1),&QWPw(1,$ap)); &FR($ap); - &ld(($b[7])=&NR(1),&QWPw(1,$bp)); &FR($bp); - - ($c0,$c1,$c2)=&NR(3); - &mov("zero",$c2); - &mul($a[0],$b[0],$c0); - &muh($a[0],$b[0],$c1); - &st($c0,&QWPw(0,$rp)); &FR($c0); ($c0)=&NR(1); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &mul_add_c($a[0],$b[1],$c0,$c1,$c2); - &mul_add_c($a[1],$b[0],$c0,$c1,$c2); - &st($c0,&QWPw(1,$rp)); &FR($c0); ($c0)=&NR(1); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &mul_add_c($a[0],$b[2],$c0,$c1,$c2); - &mul_add_c($a[1],$b[1],$c0,$c1,$c2); - &mul_add_c($a[2],$b[0],$c0,$c1,$c2); - &st($c0,&QWPw(2,$rp)); &FR($c0); ($c0)=&NR(1); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &mul_add_c($a[0],$b[3],$c0,$c1,$c2); - &mul_add_c($a[1],$b[2],$c0,$c1,$c2); - &mul_add_c($a[2],$b[1],$c0,$c1,$c2); - &mul_add_c($a[3],$b[0],$c0,$c1,$c2); - &st($c0,&QWPw(3,$rp)); &FR($c0); ($c0)=&NR(1); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &mul_add_c($a[0],$b[4],$c0,$c1,$c2); - &mul_add_c($a[1],$b[3],$c0,$c1,$c2); - &mul_add_c($a[2],$b[2],$c0,$c1,$c2); - &mul_add_c($a[3],$b[1],$c0,$c1,$c2); - &mul_add_c($a[4],$b[0],$c0,$c1,$c2); - &st($c0,&QWPw(4,$rp)); &FR($c0); ($c0)=&NR(1); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &mul_add_c($a[0],$b[5],$c0,$c1,$c2); - &mul_add_c($a[1],$b[4],$c0,$c1,$c2); - &mul_add_c($a[2],$b[3],$c0,$c1,$c2); - &mul_add_c($a[3],$b[2],$c0,$c1,$c2); - &mul_add_c($a[4],$b[1],$c0,$c1,$c2); - &mul_add_c($a[5],$b[0],$c0,$c1,$c2); - &st($c0,&QWPw(5,$rp)); &FR($c0); ($c0)=&NR(1); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &mul_add_c($a[0],$b[6],$c0,$c1,$c2); - &mul_add_c($a[1],$b[5],$c0,$c1,$c2); - &mul_add_c($a[2],$b[4],$c0,$c1,$c2); - &mul_add_c($a[3],$b[3],$c0,$c1,$c2); - &mul_add_c($a[4],$b[2],$c0,$c1,$c2); - &mul_add_c($a[5],$b[1],$c0,$c1,$c2); - &mul_add_c($a[6],$b[0],$c0,$c1,$c2); - &st($c0,&QWPw(6,$rp)); &FR($c0); ($c0)=&NR(1); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &mul_add_c($a[0],$b[7],$c0,$c1,$c2); &FR($a[0]); - &mul_add_c($a[1],$b[6],$c0,$c1,$c2); - &mul_add_c($a[2],$b[5],$c0,$c1,$c2); - &mul_add_c($a[3],$b[4],$c0,$c1,$c2); - &mul_add_c($a[4],$b[3],$c0,$c1,$c2); - &mul_add_c($a[5],$b[2],$c0,$c1,$c2); - &mul_add_c($a[6],$b[1],$c0,$c1,$c2); - &mul_add_c($a[7],$b[0],$c0,$c1,$c2); &FR($b[0]); - &st($c0,&QWPw(7,$rp)); &FR($c0); ($c0)=&NR(1); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &mul_add_c($a[1],$b[7],$c0,$c1,$c2); &FR($a[1]); - &mul_add_c($a[2],$b[6],$c0,$c1,$c2); - &mul_add_c($a[3],$b[5],$c0,$c1,$c2); - &mul_add_c($a[4],$b[4],$c0,$c1,$c2); - &mul_add_c($a[5],$b[3],$c0,$c1,$c2); - &mul_add_c($a[6],$b[2],$c0,$c1,$c2); - &mul_add_c($a[7],$b[1],$c0,$c1,$c2); &FR($b[1]); - &st($c0,&QWPw(8,$rp)); &FR($c0); ($c0)=&NR(1); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &mul_add_c($a[2],$b[7],$c0,$c1,$c2); &FR($a[2]); - &mul_add_c($a[3],$b[6],$c0,$c1,$c2); - &mul_add_c($a[4],$b[5],$c0,$c1,$c2); - &mul_add_c($a[5],$b[4],$c0,$c1,$c2); - &mul_add_c($a[6],$b[3],$c0,$c1,$c2); - &mul_add_c($a[7],$b[2],$c0,$c1,$c2); &FR($b[2]); - &st($c0,&QWPw(9,$rp)); &FR($c0); ($c0)=&NR(1); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &mul_add_c($a[3],$b[7],$c0,$c1,$c2); &FR($a[3]); - &mul_add_c($a[4],$b[6],$c0,$c1,$c2); - &mul_add_c($a[5],$b[5],$c0,$c1,$c2); - &mul_add_c($a[6],$b[4],$c0,$c1,$c2); - &mul_add_c($a[7],$b[3],$c0,$c1,$c2); &FR($b[3]); - &st($c0,&QWPw(10,$rp)); &FR($c0); ($c0)=&NR(1); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &mul_add_c($a[4],$b[7],$c0,$c1,$c2); &FR($a[4]); - &mul_add_c($a[5],$b[6],$c0,$c1,$c2); - &mul_add_c($a[6],$b[5],$c0,$c1,$c2); - &mul_add_c($a[7],$b[4],$c0,$c1,$c2); &FR($b[4]); - &st($c0,&QWPw(11,$rp)); &FR($c0); ($c0)=&NR(1); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &mul_add_c($a[5],$b[7],$c0,$c1,$c2); &FR($a[5]); - &mul_add_c($a[6],$b[6],$c0,$c1,$c2); - &mul_add_c($a[7],$b[5],$c0,$c1,$c2); &FR($b[5]); - &st($c0,&QWPw(12,$rp)); &FR($c0); ($c0)=&NR(1); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &mul_add_c($a[6],$b[7],$c0,$c1,$c2); &FR($a[6]); - &mul_add_c($a[7],$b[6],$c0,$c1,$c2); &FR($b[6]); - &st($c0,&QWPw(13,$rp)); &FR($c0); ($c0)=&NR(1); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &mul_add_c($a[7],$b[7],$c0,$c1,$c2); &FR($a[7],$b[7]); - &st($c0,&QWPw(14,$rp)); - &st($c1,&QWPw(15,$rp)); - - &FR($c0,$c1,$c2); - - &ld($reg_s0,&swtmp(0)); - &ld($reg_s1,&swtmp(1)); - &stack_pop(2); - - &function_end($name); - - &fin_pool; - } - -1; diff --git a/src/lib/libcrypto/bn/asm/alpha.works/sqr.pl b/src/lib/libcrypto/bn/asm/alpha.works/sqr.pl deleted file mode 100644 index a55b696906e..00000000000 --- a/src/lib/libcrypto/bn/asm/alpha.works/sqr.pl +++ /dev/null @@ -1,113 +0,0 @@ -#!/usr/local/bin/perl -# alpha assember - -sub bn_sqr_words - { - local($name)=@_; - local($cc,$a,$b,$r,$couny); - - &init_pool(3); - ($cc)=GR("r0"); - - $rp=&wparam(0); - $ap=&wparam(1); - $count=&wparam(2); - - &function_begin($name,""); - - &comment(""); - &sub($count,4,$count); - &mov("zero",$cc); - &br(&label("finish")); - &blt($count,&label("finish")); - - ($a0,$r0)=&NR(2); - &ld($a0,&QWPw(0,$ap)); - &ld($r0,&QWPw(0,$rp)); - -$a=<<'EOF'; -########################################################## - &set_label("loop"); - - ($a1)=&NR(1); &ld($a1,&QWPw(1,$ap)); - ($b1)=&NR(1); &ld($b1,&QWPw(1,$bp)); - ($a2)=&NR(1); &ld($a2,&QWPw(2,$ap)); - ($b2)=&NR(1); &ld($b2,&QWPw(2,$bp)); - ($a3)=&NR(1); &ld($a3,&QWPw(3,$ap)); - ($b3)=&NR(1); &ld($b3,&QWPw(3,$bp)); - - ($o0,$t0)=&NR(2); - &add($a0,$b0,$o0); - &cmpult($o0,$b0,$t0); - &add($o0,$cc,$o0); - &cmpult($o0,$cc,$cc); - &add($cc,$t0,$cc); &FR($t0); - - ($t1,$o1)=&NR(2); - - &add($a1,$b1,$o1); &FR($a1); - &cmpult($o1,$b1,$t1); &FR($b1); - &add($o1,$cc,$o1); - &cmpult($o1,$cc,$cc); - &add($cc,$t1,$cc); &FR($t1); - - ($t2,$o2)=&NR(2); - - &add($a2,$b2,$o2); &FR($a2); - &cmpult($o2,$b2,$t2); &FR($b2); - &add($o2,$cc,$o2); - &cmpult($o2,$cc,$cc); - &add($cc,$t2,$cc); &FR($t2); - - ($t3,$o3)=&NR(2); - - &add($a3,$b3,$o3); &FR($a3); - &cmpult($o3,$b3,$t3); &FR($b3); - &add($o3,$cc,$o3); - &cmpult($o3,$cc,$cc); - &add($cc,$t3,$cc); &FR($t3); - - &st($o0,&QWPw(0,$rp)); &FR($o0); - &st($o1,&QWPw(0,$rp)); &FR($o1); - &st($o2,&QWPw(0,$rp)); &FR($o2); - &st($o3,&QWPw(0,$rp)); &FR($o3); - - &sub($count,4,$count); # count-=4 - &add($ap,4*$QWS,$ap); # count+=4 - &add($bp,4*$QWS,$bp); # count+=4 - &add($rp,4*$QWS,$rp); # count+=4 - - &blt($count,&label("finish")); - &ld($a0,&QWPw(0,$ap)); - &ld($b0,&QWPw(0,$bp)); - &br(&label("loop")); -EOF -################################################## - # Do the last 0..3 words - - &set_label("last_loop"); - - &ld(($a0)=&NR(1),&QWPw(0,$ap)); # get a - &mul($a0,$a0,($l0)=&NR(1)); - &add($ap,$QWS,$ap); - &add($rp,2*$QWS,$rp); - &sub($count,1,$count); - &muh($a0,$a0,($h0)=&NR(1)); &FR($a0); - &st($l0,&QWPw(-2,$rp)); &FR($l0); - &st($h0,&QWPw(-1,$rp)); &FR($h0); - - &bgt($count,&label("last_loop")); - &function_end_A($name); - -###################################################### - &set_label("finish"); - &add($count,4,$count); - &bgt($count,&label("last_loop")); - - &set_label("end"); - &function_end($name); - - &fin_pool; - } - -1; diff --git a/src/lib/libcrypto/bn/asm/alpha.works/sqr_c4.pl b/src/lib/libcrypto/bn/asm/alpha.works/sqr_c4.pl deleted file mode 100644 index bf33f5b5037..00000000000 --- a/src/lib/libcrypto/bn/asm/alpha.works/sqr_c4.pl +++ /dev/null @@ -1,109 +0,0 @@ -#!/usr/local/bin/perl -# alpha assember - -sub sqr_add_c - { - local($a,$c0,$c1,$c2)=@_; - local($l1,$h1,$t1,$t2); - - &mul($a,$a,($l1)=&NR(1)); - &muh($a,$a,($h1)=&NR(1)); - &add($c0,$l1,$c0); - &add($c1,$h1,$c1); - &cmpult($c0,$l1,($t1)=&NR(1)); &FR($l1); - &cmpult($c1,$h1,($t2)=&NR(1)); &FR($h1); - &add($c1,$t1,$c1); &FR($t1); - &add($c2,$t2,$c2); &FR($t2); - } - -sub sqr_add_c2 - { - local($a,$b,$c0,$c1,$c2)=@_; - local($l1,$h1,$t1,$t2); - - &mul($a,$b,($l1)=&NR(1)); - &muh($a,$b,($h1)=&NR(1)); - &cmplt($l1,"zero",($lc1)=&NR(1)); - &cmplt($h1,"zero",($hc1)=&NR(1)); - &add($l1,$l1,$l1); - &add($h1,$h1,$h1); - &add($h1,$lc1,$h1); &FR($lc1); - &add($c2,$hc1,$c2); &FR($hc1); - - &add($c0,$l1,$c0); - &add($c1,$h1,$c1); - &cmpult($c0,$l1,($lc1)=&NR(1)); &FR($l1); - &cmpult($c1,$h1,($hc1)=&NR(1)); &FR($h1); - - &add($c1,$lc1,$c1); &FR($lc1); - &add($c2,$hc1,$c2); &FR($hc1); - } - - -sub bn_sqr_comba4 - { - local($name)=@_; - local(@a,@b,$r,$c0,$c1,$c2); - - $cnt=1; - &init_pool(2); - - $rp=&wparam(0); - $ap=&wparam(1); - - &function_begin($name,""); - - &comment(""); - - &ld(($a[0])=&NR(1),&QWPw(0,$ap)); - &ld(($a[1])=&NR(1),&QWPw(1,$ap)); - &ld(($a[2])=&NR(1),&QWPw(2,$ap)); - &ld(($a[3])=&NR(1),&QWPw(3,$ap)); &FR($ap); - - ($c0,$c1,$c2)=&NR(3); - - &mov("zero",$c2); - &mul($a[0],$a[0],$c0); - &muh($a[0],$a[0],$c1); - &st($c0,&QWPw(0,$rp)); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &sqr_add_c2($a[0],$a[1],$c0,$c1,$c2); - &st($c0,&QWPw(1,$rp)); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &sqr_add_c($a[1],$c0,$c1,$c2); - &sqr_add_c2($a[2],$a[0],$c0,$c1,$c2); - &st($c0,&QWPw(2,$rp)); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &sqr_add_c2($a[3],$a[0],$c0,$c1,$c2); - &sqr_add_c2($a[2],$a[1],$c0,$c1,$c2); - &st($c0,&QWPw(3,$rp)); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &sqr_add_c($a[2],$c0,$c1,$c2); - &sqr_add_c2($a[3],$a[1],$c0,$c1,$c2); - &st($c0,&QWPw(4,$rp)); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &sqr_add_c2($a[3],$a[2],$c0,$c1,$c2); - &st($c0,&QWPw(5,$rp)); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &sqr_add_c($a[3],$c0,$c1,$c2); - &st($c0,&QWPw(6,$rp)); - &st($c1,&QWPw(7,$rp)); - - &function_end($name); - - &fin_pool; - } - -1; diff --git a/src/lib/libcrypto/bn/asm/alpha.works/sqr_c8.pl b/src/lib/libcrypto/bn/asm/alpha.works/sqr_c8.pl deleted file mode 100644 index b4afe085f1c..00000000000 --- a/src/lib/libcrypto/bn/asm/alpha.works/sqr_c8.pl +++ /dev/null @@ -1,132 +0,0 @@ -#!/usr/local/bin/perl -# alpha assember - -sub bn_sqr_comba8 - { - local($name)=@_; - local(@a,@b,$r,$c0,$c1,$c2); - - $cnt=1; - &init_pool(2); - - $rp=&wparam(0); - $ap=&wparam(1); - - &function_begin($name,""); - - &comment(""); - - &ld(($a[0])=&NR(1),&QWPw(0,$ap)); - &ld(($a[1])=&NR(1),&QWPw(1,$ap)); - &ld(($a[2])=&NR(1),&QWPw(2,$ap)); - &ld(($a[3])=&NR(1),&QWPw(3,$ap)); - &ld(($a[4])=&NR(1),&QWPw(4,$ap)); - &ld(($a[5])=&NR(1),&QWPw(5,$ap)); - &ld(($a[6])=&NR(1),&QWPw(6,$ap)); - &ld(($a[7])=&NR(1),&QWPw(7,$ap)); &FR($ap); - - ($c0,$c1,$c2)=&NR(3); - - &mov("zero",$c2); - &mul($a[0],$a[0],$c0); - &muh($a[0],$a[0],$c1); - &st($c0,&QWPw(0,$rp)); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &sqr_add_c2($a[1],$a[0],$c0,$c1,$c2); - &st($c0,&QWPw(1,$rp)); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &sqr_add_c($a[1],$c0,$c1,$c2); - &sqr_add_c2($a[2],$a[0],$c0,$c1,$c2); - &st($c0,&QWPw(2,$rp)); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &sqr_add_c2($a[2],$a[1],$c0,$c1,$c2); - &sqr_add_c2($a[3],$a[0],$c0,$c1,$c2); - &st($c0,&QWPw(3,$rp)); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &sqr_add_c($a[2],$c0,$c1,$c2); - &sqr_add_c2($a[3],$a[1],$c0,$c1,$c2); - &sqr_add_c2($a[4],$a[0],$c0,$c1,$c2); - &st($c0,&QWPw(4,$rp)); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &sqr_add_c2($a[3],$a[2],$c0,$c1,$c2); - &sqr_add_c2($a[4],$a[1],$c0,$c1,$c2); - &sqr_add_c2($a[5],$a[0],$c0,$c1,$c2); - &st($c0,&QWPw(5,$rp)); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &sqr_add_c($a[3],$c0,$c1,$c2); - &sqr_add_c2($a[4],$a[2],$c0,$c1,$c2); - &sqr_add_c2($a[5],$a[1],$c0,$c1,$c2); - &sqr_add_c2($a[6],$a[0],$c0,$c1,$c2); - &st($c0,&QWPw(6,$rp)); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &sqr_add_c2($a[4],$a[3],$c0,$c1,$c2); - &sqr_add_c2($a[5],$a[2],$c0,$c1,$c2); - &sqr_add_c2($a[6],$a[1],$c0,$c1,$c2); - &sqr_add_c2($a[7],$a[0],$c0,$c1,$c2); - &st($c0,&QWPw(7,$rp)); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &sqr_add_c($a[4],$c0,$c1,$c2); - &sqr_add_c2($a[5],$a[3],$c0,$c1,$c2); - &sqr_add_c2($a[6],$a[2],$c0,$c1,$c2); - &sqr_add_c2($a[7],$a[1],$c0,$c1,$c2); - &st($c0,&QWPw(8,$rp)); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &sqr_add_c2($a[5],$a[4],$c0,$c1,$c2); - &sqr_add_c2($a[6],$a[3],$c0,$c1,$c2); - &sqr_add_c2($a[7],$a[2],$c0,$c1,$c2); - &st($c0,&QWPw(9,$rp)); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &sqr_add_c($a[5],$c0,$c1,$c2); - &sqr_add_c2($a[6],$a[4],$c0,$c1,$c2); - &sqr_add_c2($a[7],$a[3],$c0,$c1,$c2); - &st($c0,&QWPw(10,$rp)); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &sqr_add_c2($a[6],$a[5],$c0,$c1,$c2); - &sqr_add_c2($a[7],$a[4],$c0,$c1,$c2); - &st($c0,&QWPw(11,$rp)); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &sqr_add_c($a[6],$c0,$c1,$c2); - &sqr_add_c2($a[7],$a[5],$c0,$c1,$c2); - &st($c0,&QWPw(12,$rp)); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &sqr_add_c2($a[7],$a[6],$c0,$c1,$c2); - &st($c0,&QWPw(13,$rp)); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &sqr_add_c($a[7],$c0,$c1,$c2); - &st($c0,&QWPw(14,$rp)); - &st($c1,&QWPw(15,$rp)); - - &function_end($name); - - &fin_pool; - } - -1; diff --git a/src/lib/libcrypto/bn/asm/alpha.works/sub.pl b/src/lib/libcrypto/bn/asm/alpha.works/sub.pl deleted file mode 100644 index d998da5c21a..00000000000 --- a/src/lib/libcrypto/bn/asm/alpha.works/sub.pl +++ /dev/null @@ -1,108 +0,0 @@ -#!/usr/local/bin/perl -# alpha assember - -sub bn_sub_words - { - local($name)=@_; - local($cc,$a,$b,$r); - - &init_pool(4); - ($cc)=GR("r0"); - - $rp=&wparam(0); - $ap=&wparam(1); - $bp=&wparam(2); - $count=&wparam(3); - - &function_begin($name,""); - - &comment(""); - &sub($count,4,$count); - &mov("zero",$cc); - &blt($count,&label("finish")); - - ($a0,$b0)=&NR(2); - &ld($a0,&QWPw(0,$ap)); - &ld($b0,&QWPw(0,$bp)); - -########################################################## - &set_label("loop"); - - ($a1,$tmp,$b1,$a2,$b2,$a3,$b3,$o0)=&NR(8); - &ld($a1,&QWPw(1,$ap)); - &cmpult($a0,$b0,$tmp); # will we borrow? - &ld($b1,&QWPw(1,$bp)); - &sub($a0,$b0,$a0); # do the subtract - &ld($a2,&QWPw(2,$ap)); - &cmpult($a0,$cc,$b0); # will we borrow? - &ld($b2,&QWPw(2,$bp)); - &sub($a0,$cc,$o0); # will we borrow? - &ld($a3,&QWPw(3,$ap)); - &add($b0,$tmp,$cc); ($t1,$o1)=&NR(2); &FR($tmp); - - &cmpult($a1,$b1,$t1); # will we borrow? - &sub($a1,$b1,$a1); # do the subtract - &ld($b3,&QWPw(3,$bp)); - &cmpult($a1,$cc,$b1); # will we borrow? - &sub($a1,$cc,$o1); # will we borrow? - &add($b1,$t1,$cc); ($tmp,$o2)=&NR(2); &FR($t1,$a1,$b1); - - &cmpult($a2,$b2,$tmp); # will we borrow? - &sub($a2,$b2,$a2); # do the subtract - &st($o0,&QWPw(0,$rp)); &FR($o0); # save - &cmpult($a2,$cc,$b2); # will we borrow? - &sub($a2,$cc,$o2); # will we borrow? - &add($b2,$tmp,$cc); ($t3,$o3)=&NR(2); &FR($tmp,$a2,$b2); - - &cmpult($a3,$b3,$t3); # will we borrow? - &sub($a3,$b3,$a3); # do the subtract - &st($o1,&QWPw(1,$rp)); &FR($o1); - &cmpult($a3,$cc,$b3); # will we borrow? - &sub($a3,$cc,$o3); # will we borrow? - &add($b3,$t3,$cc); &FR($t3,$a3,$b3); - - &st($o2,&QWPw(2,$rp)); &FR($o2); - &sub($count,4,$count); # count-=4 - &st($o3,&QWPw(3,$rp)); &FR($o3); - &add($ap,4*$QWS,$ap); # count+=4 - &add($bp,4*$QWS,$bp); # count+=4 - &add($rp,4*$QWS,$rp); # count+=4 - - &blt($count,&label("finish")); - &ld($a0,&QWPw(0,$ap)); - &ld($b0,&QWPw(0,$bp)); - &br(&label("loop")); -################################################## - # Do the last 0..3 words - - &set_label("last_loop"); - - &ld($a0,&QWPw(0,$ap)); # get a - &ld($b0,&QWPw(0,$bp)); # get b - &cmpult($a0,$b0,$tmp); # will we borrow? - &sub($a0,$b0,$a0); # do the subtract - &cmpult($a0,$cc,$b0); # will we borrow? - &sub($a0,$cc,$a0); # will we borrow? - &st($a0,&QWPw(0,$rp)); # save - &add($b0,$tmp,$cc); # add the borrows - - &add($ap,$QWS,$ap); - &add($bp,$QWS,$bp); - &add($rp,$QWS,$rp); - &sub($count,1,$count); - &bgt($count,&label("last_loop")); - &function_end_A($name); - -###################################################### - &set_label("finish"); - &add($count,4,$count); - &bgt($count,&label("last_loop")); - - &FR($a0,$b0); - &set_label("end"); - &function_end($name); - - &fin_pool; - } - -1; diff --git a/src/lib/libcrypto/bn/asm/alpha/add.pl b/src/lib/libcrypto/bn/asm/alpha/add.pl deleted file mode 100644 index 13bf5164281..00000000000 --- a/src/lib/libcrypto/bn/asm/alpha/add.pl +++ /dev/null @@ -1,118 +0,0 @@ -#!/usr/local/bin/perl -# alpha assember - -sub bn_add_words - { - local($name)=@_; - local($cc,$a,$b,$r); - - &init_pool(4); - ($cc)=GR("r0"); - - $rp=&wparam(0); - $ap=&wparam(1); - $bp=&wparam(2); - $count=&wparam(3); - - &function_begin($name,""); - - &comment(""); - &sub($count,4,$count); - &mov("zero",$cc); - &blt($count,&label("finish")); - - ($a0,$b0)=&NR(2); - -########################################################## - &set_label("loop"); - - &ld(($a0)=&NR(1),&QWPw(0,$ap)); - &ld(($b0)=&NR(1),&QWPw(0,$bp)); - &ld(($a1)=&NR(1),&QWPw(1,$ap)); - &ld(($b1)=&NR(1),&QWPw(1,$bp)); - - ($o0,$t0)=&NR(2); - &add($a0,$b0,$o0); - &ld(($a2)=&NR(1),&QWPw(2,$ap)); - &cmpult($o0,$b0,$t0); - &add($o0,$cc,$o0); - &cmpult($o0,$cc,$cc); - &ld(($b2)=&NR(1),&QWPw(2,$bp)); - &add($cc,$t0,$cc); &FR($t0); - - ($t1,$o1)=&NR(2); - - &add($a1,$b1,$o1); &FR($a1); - &cmpult($o1,$b1,$t1); &FR($b1); - &add($o1,$cc,$o1); - &cmpult($o1,$cc,$cc); - &ld(($a3)=&NR(1),&QWPw(3,$ap)); - &add($cc,$t1,$cc); &FR($t1); - - ($t2,$o2)=&NR(2); - - &add($a2,$b2,$o2); &FR($a2); - &cmpult($o2,$b2,$t2); &FR($b2); - &add($o2,$cc,$o2); - &cmpult($o2,$cc,$cc); - &ld(($b3)=&NR(1),&QWPw(3,$bp)); - &st($o0,&QWPw(0,$rp)); &FR($o0); - &add($cc,$t2,$cc); &FR($t2); - - ($t3,$o3)=&NR(2); - - &st($o1,&QWPw(0,$rp)); &FR($o1); - &add($a3,$b3,$o3); &FR($a3); - &cmpult($o3,$b3,$t3); &FR($b3); - &add($o3,$cc,$o3); - &st($o2,&QWPw(0,$rp)); &FR($o2); - &cmpult($o3,$cc,$cc); - &st($o3,&QWPw(0,$rp)); &FR($o3); - &add($cc,$t3,$cc); &FR($t3); - - - &sub($count,4,$count); # count-=4 - &add($ap,4*$QWS,$ap); # count+=4 - &add($bp,4*$QWS,$bp); # count+=4 - &add($rp,4*$QWS,$rp); # count+=4 - - ### - &bge($count,&label("loop")); - ### - &br(&label("finish")); -################################################## - # Do the last 0..3 words - - ($t0,$o0)=&NR(2); - &set_label("last_loop"); - - &ld($a0,&QWPw(0,$ap)); # get a - &ld($b0,&QWPw(0,$bp)); # get b - &add($ap,$QWS,$ap); - &add($bp,$QWS,$bp); - &add($a0,$b0,$o0); - &sub($count,1,$count); - &cmpult($o0,$b0,$t0); # will we borrow? - &add($o0,$cc,$o0); # will we borrow? - &cmpult($o0,$cc,$cc); # will we borrow? - &add($rp,$QWS,$rp); - &st($o0,&QWPw(-1,$rp)); # save - &add($cc,$t0,$cc); # add the borrows - - ### - &bgt($count,&label("last_loop")); - &function_end_A($name); - -###################################################### - &set_label("finish"); - &add($count,4,$count); - &bgt($count,&label("last_loop")); - - &FR($o0,$t0,$a0,$b0); - &set_label("end"); - &function_end($name); - - &fin_pool; - } - -1; diff --git a/src/lib/libcrypto/bn/asm/alpha/div.pl b/src/lib/libcrypto/bn/asm/alpha/div.pl deleted file mode 100644 index e9e680897aa..00000000000 --- a/src/lib/libcrypto/bn/asm/alpha/div.pl +++ /dev/null @@ -1,144 +0,0 @@ -#!/usr/local/bin/perl - -sub bn_div_words - { - local($data)=<<'EOF'; - # - # What follows was taken directly from the C compiler with a few - # hacks to redo the lables. - # -.text - .set noreorder - .set volatile - .align 3 - .globl bn_div_words - .ent bn_div_words -bn_div_words - ldgp $29,0($27) -bn_div_words.ng: - lda $30,-48($30) - .frame $30,48,$26,0 - stq $26,0($30) - stq $9,8($30) - stq $10,16($30) - stq $11,24($30) - stq $12,32($30) - stq $13,40($30) - .mask 0x4003e00,-48 - .prologue 1 - bis $16,$16,$9 - bis $17,$17,$10 - bis $18,$18,$11 - bis $31,$31,$13 - bis $31,2,$12 - bne $11,$9119 - lda $0,-1 - br $31,$9136 - .align 4 -$9119: - bis $11,$11,$16 - jsr $26,BN_num_bits_word - ldgp $29,0($26) - subq $0,64,$1 - beq $1,$9120 - bis $31,1,$1 - sll $1,$0,$1 - cmpule $9,$1,$1 - bne $1,$9120 - # lda $16,_IO_stderr_ - # lda $17,$C32 - # bis $0,$0,$18 - # jsr $26,fprintf - # ldgp $29,0($26) - jsr $26,abort - ldgp $29,0($26) - .align 4 -$9120: - bis $31,64,$3 - cmpult $9,$11,$2 - subq $3,$0,$1 - addl $1,$31,$0 - subq $9,$11,$1 - cmoveq $2,$1,$9 - beq $0,$9122 - zapnot $0,15,$2 - subq $3,$0,$1 - sll $11,$2,$11 - sll $9,$2,$3 - srl $10,$1,$1 - sll $10,$2,$10 - bis $3,$1,$9 -$9122: - srl $11,32,$5 - zapnot $11,15,$6 - lda $7,-1 - .align 5 -$9123: - srl $9,32,$1 - subq $1,$5,$1 - bne $1,$9126 - zapnot $7,15,$27 - br $31,$9127 - .align 4 -$9126: - bis $9,$9,$24 - bis $5,$5,$25 - divqu $24,$25,$27 -$9127: - srl $10,32,$4 - .align 5 -$9128: - mulq $27,$5,$1 - subq $9,$1,$3 - zapnot $3,240,$1 - bne $1,$9129 - mulq $6,$27,$2 - sll $3,32,$1 - addq $1,$4,$1 - cmpule $2,$1,$2 - bne $2,$9129 - subq $27,1,$27 - br $31,$9128 - .align 4 -$9129: - mulq $27,$6,$1 - mulq $27,$5,$4 - srl $1,32,$3 - sll $1,32,$1 - addq $4,$3,$4 - cmpult $10,$1,$2 - subq $10,$1,$10 - addq $2,$4,$2 - cmpult $9,$2,$1 - bis $2,$2,$4 - beq $1,$9134 - addq $9,$11,$9 - subq $27,1,$27 -$9134: - subl $12,1,$12 - subq $9,$4,$9 - beq $12,$9124 - sll $27,32,$13 - sll $9,32,$2 - srl $10,32,$1 - sll $10,32,$10 - bis $2,$1,$9 - br $31,$9123 - .align 4 -$9124: - bis $13,$27,$0 -$9136: - ldq $26,0($30) - ldq $9,8($30) - ldq $10,16($30) - ldq $11,24($30) - ldq $12,32($30) - ldq $13,40($30) - addq $30,48,$30 - ret $31,($26),1 - .end bn_div_words -EOF - &asm_add($data); - } - -1; diff --git a/src/lib/libcrypto/bn/asm/alpha/mul.pl b/src/lib/libcrypto/bn/asm/alpha/mul.pl deleted file mode 100644 index 76c926566c7..00000000000 --- a/src/lib/libcrypto/bn/asm/alpha/mul.pl +++ /dev/null @@ -1,104 +0,0 @@ -#!/usr/local/bin/perl -# alpha assember - -sub bn_mul_words - { - local($name)=@_; - local($cc,$a,$b,$r,$couny); - - &init_pool(4); - ($cc)=GR("r0"); - - $rp=&wparam(0); - $ap=&wparam(1); - $count=&wparam(2); - $word=&wparam(3); - - &function_begin($name,""); - - &comment(""); - &sub($count,4,$count); - &mov("zero",$cc); - ### - &blt($count,&label("finish")); - - ($a0)=&NR(1); &ld($a0,&QWPw(0,$ap)); - - &set_label("loop"); - - ($a1)=&NR(1); &ld($a1,&QWPw(1,$ap)); - ($a2)=&NR(1); &ld($a2,&QWPw(2,$ap)); - - &muh($a0,$word,($h0)=&NR(1)); &FR($a0); - ($a3)=&NR(1); &ld($a3,&QWPw(3,$ap)); - ### wait 8 - &mul($a0,$word,($l0)=&NR(1)); &FR($a0); - ### wait 8 - &muh($a1,$word,($h1)=&NR(1)); &FR($a1); - &add($l0,$cc,$l0); ### wait 8 - &mul($a1,$word,($l1)=&NR(1)); &FR($a1); - &cmpult($l0,$cc,$cc); ### wait 8 - &muh($a2,$word,($h2)=&NR(1)); &FR($a2); - &add($h0,$cc,$cc); &FR($h0); ### wait 8 - &mul($a2,$word,($l2)=&NR(1)); &FR($a2); - &add($l1,$cc,$l1); ### wait 8 - &st($l0,&QWPw(0,$rp)); &FR($l0); - &cmpult($l1,$cc,$cc); ### wait 8 - &muh($a3,$word,($h3)=&NR(1)); &FR($a3); - &add($h1,$cc,$cc); &FR($h1); - &mul($a3,$word,($l3)=&NR(1)); &FR($a3); - &add($l2,$cc,$l2); - &st($l1,&QWPw(1,$rp)); &FR($l1); - &cmpult($l2,$cc,$cc); - &add($h2,$cc,$cc); &FR($h2); - &sub($count,4,$count); # count-=4 - &st($l2,&QWPw(2,$rp)); &FR($l2); - &add($l3,$cc,$l3); - &cmpult($l3,$cc,$cc); - &add($bp,4*$QWS,$bp); # count+=4 - &add($h3,$cc,$cc); &FR($h3); - &add($ap,4*$QWS,$ap); # count+=4 - &st($l3,&QWPw(3,$rp)); &FR($l3); - &add($rp,4*$QWS,$rp); # count+=4 - ### - &blt($count,&label("finish")); - ($a0)=&NR(1); &ld($a0,&QWPw(0,$ap)); - &br(&label("finish")); -################################################## - -################################################## - # Do the last 0..3 words - - &set_label("last_loop"); - - &ld(($a0)=&NR(1),&QWPw(0,$ap)); # get a - ### - ### - ### - &muh($a0,$word,($h0)=&NR(1)); - ### Wait 8 for next mul issue - &mul($a0,$word,($l0)=&NR(1)); &FR($a0) - &add($ap,$QWS,$ap); - ### Loose 12 until result is available - &add($rp,$QWS,$rp); - &sub($count,1,$count); - &add($l0,$cc,$l0); - ### - &st($l0,&QWPw(-1,$rp)); &FR($l0); - &cmpult($l0,$cc,$cc); - &add($h0,$cc,$cc); &FR($h0); - &bgt($count,&label("last_loop")); - &function_end_A($name); - -###################################################### - &set_label("finish"); - &add($count,4,$count); - &bgt($count,&label("last_loop")); - - &set_label("end"); - &function_end($name); - - &fin_pool; - } - -1; diff --git a/src/lib/libcrypto/bn/asm/alpha/mul_add.pl b/src/lib/libcrypto/bn/asm/alpha/mul_add.pl deleted file mode 100644 index 0d6df69bc4b..00000000000 --- a/src/lib/libcrypto/bn/asm/alpha/mul_add.pl +++ /dev/null @@ -1,123 +0,0 @@ -#!/usr/local/bin/perl -# alpha assember - -sub bn_mul_add_words - { - local($name)=@_; - local($cc,$a,$b,$r,$couny); - - &init_pool(4); - ($cc)=GR("r0"); - - $rp=&wparam(0); - $ap=&wparam(1); - $count=&wparam(2); - $word=&wparam(3); - - &function_begin($name,""); - - &comment(""); - &sub($count,4,$count); - &mov("zero",$cc); - ### - &blt($count,&label("finish")); - - &ld(($a0)=&NR(1),&QWPw(0,$ap)); - -$a=<<'EOF'; -########################################################## - &set_label("loop"); - - &ld(($r0)=&NR(1),&QWPw(0,$rp)); - &ld(($a1)=&NR(1),&QWPw(1,$ap)); - &muh($a0,$word,($h0)=&NR(1)); - &ld(($r1)=&NR(1),&QWPw(1,$rp)); - &ld(($a2)=&NR(1),&QWPw(2,$ap)); - ### - &mul($a0,$word,($l0)=&NR(1)); &FR($a0); - &ld(($r2)=&NR(1),&QWPw(2,$rp)); - &muh($a1,$word,($h1)=&NR(1)); - &ld(($a3)=&NR(1),&QWPw(3,$ap)); - &mul($a1,$word,($l1)=&NR(1)); &FR($a1); - &ld(($r3)=&NR(1),&QWPw(3,$rp)); - &add($r0,$l0,$r0); - &add($r1,$l1,$r1); - &cmpult($r0,$l0,($t0)=&NR(1)); &FR($l0); - &cmpult($r1,$l1,($t1)=&NR(1)); &FR($l1); - &muh($a2,$word,($h2)=&NR(1)); - &add($r0,$cc,$r0); - &add($h0,$t0,$h0); &FR($t0); - &cmpult($r0,$cc,$cc); - &add($h1,$t1,$h1); &FR($t1); - &add($h0,$cc,$cc); &FR($h0); - &mul($a2,$word,($l2)=&NR(1)); &FR($a2); - &add($r1,$cc,$r1); - &cmpult($r1,$cc,$cc); - &add($r2,$l2,$r2); - &add($h1,$cc,$cc); &FR($h1); - &cmpult($r2,$l2,($t2)=&NR(1)); &FR($l2); - &muh($a3,$word,($h3)=&NR(1)); - &add($r2,$cc,$r2); - &st($r0,&QWPw(0,$rp)); &FR($r0); - &add($h2,$t2,$h2); &FR($t2); - &st($r1,&QWPw(1,$rp)); &FR($r1); - &cmpult($r2,$cc,$cc); - &mul($a3,$word,($l3)=&NR(1)); &FR($a3); - &add($h2,$cc,$cc); &FR($h2); - &st($r2,&QWPw(2,$rp)); &FR($r2); - &sub($count,4,$count); # count-=4 - &add($rp,4*$QWS,$rp); # count+=4 - &add($r3,$l3,$r3); - &add($ap,4*$QWS,$ap); # count+=4 - &cmpult($r3,$l3,($t3)=&NR(1)); &FR($l3); - &add($r3,$cc,$r3); - &add($h3,$t3,$h3); &FR($t3); - &cmpult($r3,$cc,$cc); - &st($r3,&QWPw(-1,$rp)); &FR($r3); - &add($h3,$cc,$cc); &FR($h3); - - ### - &blt($count,&label("finish")); - &ld(($a0)=&NR(1),&QWPw(0,$ap)); - &br(&label("loop")); -EOF -################################################## - # Do the last 0..3 words - - &set_label("last_loop"); - - &ld(($a0)=&NR(1),&QWPw(0,$ap)); # get a - &ld(($r0)=&NR(1),&QWPw(0,$rp)); # get b - ### - ### - &muh($a0,$word,($h0)=&NR(1)); &FR($a0); - ### wait 8 - &mul($a0,$word,($l0)=&NR(1)); &FR($a0); - &add($rp,$QWS,$rp); - &add($ap,$QWS,$ap); - &sub($count,1,$count); - ### wait 3 until l0 is available - &add($r0,$l0,$r0); - ### - &cmpult($r0,$l0,($t0)=&NR(1)); &FR($l0); - &add($r0,$cc,$r0); - &add($h0,$t0,$h0); &FR($t0); - &cmpult($r0,$cc,$cc); - &add($h0,$cc,$cc); &FR($h0); - - &st($r0,&QWPw(-1,$rp)); &FR($r0); - &bgt($count,&label("last_loop")); - &function_end_A($name); - -###################################################### - &set_label("finish"); - &add($count,4,$count); - &bgt($count,&label("last_loop")); - - &set_label("end"); - &function_end($name); - - &fin_pool; - } - -1; diff --git a/src/lib/libcrypto/bn/asm/alpha/mul_c4.pl b/src/lib/libcrypto/bn/asm/alpha/mul_c4.pl deleted file mode 100644 index 9cc876ded4a..00000000000 --- a/src/lib/libcrypto/bn/asm/alpha/mul_c4.pl +++ /dev/null @@ -1,215 +0,0 @@ -#!/usr/local/bin/perl -# alpha assember - -# upto - -sub mul_add_c - { - local($a,$b,$c0,$c1,$c2)=@_; - local($l1,$h1,$t1,$t2); - - &mul($a,$b,($l1)=&NR(1)); - &muh($a,$b,($h1)=&NR(1)); - &add($c0,$l1,$c0); - &cmpult($c0,$l1,($t1)=&NR(1)); &FR($l1); - &add($t1,$h1,$h1); &FR($t1); - &add($c1,$h1,$c1); - &cmpult($c1,$h1,($t2)=&NR(1)); &FR($h1); - &add($c2,$t2,$c2); &FR($t2); - } - -sub bn_mul_comba4 - { - local($name)=@_; - local(@a,@b,$r,$c0,$c1,$c2); - - $cnt=1; - &init_pool(3); - - $rp=&wparam(0); - $ap=&wparam(1); - $bp=&wparam(2); - - &function_begin($name,""); - - &comment(""); - - &ld(($a[0])=&NR(1),&QWPw(0,$ap)); - &ld(($b[0])=&NR(1),&QWPw(0,$bp)); - &ld(($a[1])=&NR(1),&QWPw(1,$ap)); - &ld(($b[1])=&NR(1),&QWPw(1,$bp)); - &mul($a[0],$b[0],($r00)=&NR(1)); - &ld(($a[2])=&NR(1),&QWPw(2,$ap)); - &ld(($b[2])=&NR(1),&QWPw(2,$bp)); - &muh($a[0],$b[0],($r01)=&NR(1)); - &FR($ap); &ld(($a[3])=&NR(1),&QWPw(3,$ap)); - &FR($bp); &ld(($b[3])=&NR(1),&QWPw(3,$bp)); - &mul($a[0],$b[1],($r02)=&NR(1)); - - ($R,$H1,$H2)=&NR(3); - - &st($r00,&QWPw(0,$rp)); &FR($r00); - - &mov("zero",$R); - &mul($a[1],$b[0],($r03)=&NR(1)); - - &mov("zero",$H1); - &mov("zero",$H0); - &add($R,$r01,$R); - &muh($a[0],$b[1],($r04)=&NR(1)); - &cmpult($R,$r01,($t01)=&NR(1)); &FR($r01); - &add($R,$r02,$R); - &add($H1,$t01,$H1) &FR($t01); - &muh($a[1],$b[0],($r05)=&NR(1)); - &cmpult($R,$r02,($t02)=&NR(1)); &FR($r02); - &add($R,$r03,$R); - &add($H2,$t02,$H2) &FR($t02); - &mul($a[0],$b[2],($r06)=&NR(1)); - &cmpult($R,$r03,($t03)=&NR(1)); &FR($r03); - &add($H1,$t03,$H1) &FR($t03); - &st($R,&QWPw(1,$rp)); - &add($H1,$H2,$R); - - &mov("zero",$H1); - &add($R,$r04,$R); - &mov("zero",$H2); - &mul($a[1],$b[1],($r07)=&NR(1)); - &cmpult($R,$r04,($t04)=&NR(1)); &FR($r04); - &add($R,$r05,$R); - &add($H1,$t04,$H1) &FR($t04); - &mul($a[2],$b[0],($r08)=&NR(1)); - &cmpult($R,$r05,($t05)=&NR(1)); &FR($r05); - &add($R,$r01,$R); - &add($H2,$t05,$H2) &FR($t05); - &muh($a[0],$b[2],($r09)=&NR(1)); - &cmpult($R,$r06,($t06)=&NR(1)); &FR($r06); - &add($R,$r07,$R); - &add($H1,$t06,$H1) &FR($t06); - &muh($a[1],$b[1],($r10)=&NR(1)); - &cmpult($R,$r07,($t07)=&NR(1)); &FR($r07); - &add($R,$r08,$R); - &add($H2,$t07,$H2) &FR($t07); - &muh($a[2],$b[0],($r11)=&NR(1)); - &cmpult($R,$r08,($t08)=&NR(1)); &FR($r08); - &add($H1,$t08,$H1) &FR($t08); - &st($R,&QWPw(2,$rp)); - &add($H1,$H2,$R); - - &mov("zero",$H1); - &add($R,$r09,$R); - &mov("zero",$H2); - &mul($a[0],$b[3],($r12)=&NR(1)); - &cmpult($R,$r09,($t09)=&NR(1)); &FR($r09); - &add($R,$r10,$R); - &add($H1,$t09,$H1) &FR($t09); - &mul($a[1],$b[2],($r13)=&NR(1)); - &cmpult($R,$r10,($t10)=&NR(1)); &FR($r10); - &add($R,$r11,$R); - &add($H1,$t10,$H1) &FR($t10); - &mul($a[2],$b[1],($r14)=&NR(1)); - &cmpult($R,$r11,($t11)=&NR(1)); &FR($r11); - &add($R,$r12,$R); - &add($H1,$t11,$H1) &FR($t11); - &mul($a[3],$b[0],($r15)=&NR(1)); - &cmpult($R,$r12,($t12)=&NR(1)); &FR($r12); - &add($R,$r13,$R); - &add($H1,$t12,$H1) &FR($t12); - &muh($a[0],$b[3],($r16)=&NR(1)); - &cmpult($R,$r13,($t13)=&NR(1)); &FR($r13); - &add($R,$r14,$R); - &add($H1,$t13,$H1) &FR($t13); - &muh($a[1],$b[2],($r17)=&NR(1)); - &cmpult($R,$r14,($t14)=&NR(1)); &FR($r14); - &add($R,$r15,$R); - &add($H1,$t14,$H1) &FR($t14); - &muh($a[2],$b[1],($r18)=&NR(1)); - &cmpult($R,$r15,($t15)=&NR(1)); &FR($r15); - &add($H1,$t15,$H1) &FR($t15); - &st($R,&QWPw(3,$rp)); - &add($H1,$H2,$R); - - &mov("zero",$H1); - &add($R,$r16,$R); - &mov("zero",$H2); - &muh($a[3],$b[0],($r19)=&NR(1)); - &cmpult($R,$r16,($t16)=&NR(1)); &FR($r16); - &add($R,$r17,$R); - &add($H1,$t16,$H1) &FR($t16); - &mul($a[1],$b[3],($r20)=&NR(1)); - &cmpult($R,$r17,($t17)=&NR(1)); &FR($r17); - &add($R,$r18,$R); - &add($H1,$t17,$H1) &FR($t17); - &mul($a[2],$b[2],($r21)=&NR(1)); - &cmpult($R,$r18,($t18)=&NR(1)); &FR($r18); - &add($R,$r19,$R); - &add($H1,$t18,$H1) &FR($t18); - &mul($a[3],$b[1],($r22)=&NR(1)); - &cmpult($R,$r19,($t19)=&NR(1)); &FR($r19); - &add($R,$r20,$R); - &add($H1,$t19,$H1) &FR($t19); - &muh($a[1],$b[3],($r23)=&NR(1)); - &cmpult($R,$r20,($t20)=&NR(1)); &FR($r20); - &add($R,$r21,$R); - &add($H1,$t20,$H1) &FR($t20); - &muh($a[2],$b[2],($r24)=&NR(1)); - &cmpult($R,$r21,($t21)=&NR(1)); &FR($r21); - &add($R,$r22,$R); - &add($H1,$t21,$H1) &FR($t21); - &muh($a[3],$b[1],($r25)=&NR(1)); - &cmpult($R,$r22,($t22)=&NR(1)); &FR($r22); - &add($H1,$t22,$H1) &FR($t22); - &st($R,&QWPw(4,$rp)); - &add($H1,$H2,$R); - - &mov("zero",$H1); - &add($R,$r23,$R); - &mov("zero",$H2); - &mul($a[2],$b[3],($r26)=&NR(1)); - &cmpult($R,$r23,($t23)=&NR(1)); &FR($r23); - &add($R,$r24,$R); - &add($H1,$t23,$H1) &FR($t23); - &mul($a[3],$b[2],($r27)=&NR(1)); - &cmpult($R,$r24,($t24)=&NR(1)); &FR($r24); - &add($R,$r25,$R); - &add($H1,$t24,$H1) &FR($t24); - &muh($a[2],$b[3],($r28)=&NR(1)); - &cmpult($R,$r25,($t25)=&NR(1)); &FR($r25); - &add($R,$r26,$R); - &add($H1,$t25,$H1) &FR($t25); - &muh($a[3],$b[2],($r29)=&NR(1)); - &cmpult($R,$r26,($t26)=&NR(1)); &FR($r26); - &add($R,$r27,$R); - &add($H1,$t26,$H1) &FR($t26); - &mul($a[3],$b[3],($r30)=&NR(1)); - &cmpult($R,$r27,($t27)=&NR(1)); &FR($r27); - &add($H1,$t27,$H1) &FR($t27); - &st($R,&QWPw(5,$rp)); - &add($H1,$H2,$R); - - &mov("zero",$H1); - &add($R,$r28,$R); - &mov("zero",$H2); - &muh($a[3],$b[3],($r31)=&NR(1)); - &cmpult($R,$r28,($t28)=&NR(1)); &FR($r28); - &add($R,$r29,$R); - &add($H1,$t28,$H1) &FR($t28); - ############ - &cmpult($R,$r29,($t29)=&NR(1)); &FR($r29); - &add($R,$r30,$R); - &add($H1,$t29,$H1) &FR($t29); - ############ - &cmpult($R,$r30,($t30)=&NR(1)); &FR($r30); - &add($H1,$t30,$H1) &FR($t30); - &st($R,&QWPw(6,$rp)); - &add($H1,$H2,$R); - - &add($R,$r31,$R); &FR($r31); - &st($R,&QWPw(7,$rp)); - - &FR($R,$H1,$H2); - &function_end($name); - - &fin_pool; - } - -1; diff --git a/src/lib/libcrypto/bn/asm/alpha/mul_c4.works.pl b/src/lib/libcrypto/bn/asm/alpha/mul_c4.works.pl deleted file mode 100644 index 79d86dd25cd..00000000000 --- a/src/lib/libcrypto/bn/asm/alpha/mul_c4.works.pl +++ /dev/null @@ -1,98 +0,0 @@ -#!/usr/local/bin/perl -# alpha assember - -sub mul_add_c - { - local($a,$b,$c0,$c1,$c2)=@_; - local($l1,$h1,$t1,$t2); - -print STDERR "count=$cnt\n"; $cnt++; - &mul($a,$b,($l1)=&NR(1)); - &muh($a,$b,($h1)=&NR(1)); - &add($c0,$l1,$c0); - &cmpult($c0,$l1,($t1)=&NR(1)); &FR($l1); - &add($t1,$h1,$h1); &FR($t1); - &add($c1,$h1,$c1); - &cmpult($c1,$h1,($t2)=&NR(1)); &FR($h1); - &add($c2,$t2,$c2); &FR($t2); - } - -sub bn_mul_comba4 - { - local($name)=@_; - local(@a,@b,$r,$c0,$c1,$c2); - - $cnt=1; - &init_pool(3); - - $rp=&wparam(0); - $ap=&wparam(1); - $bp=&wparam(2); - - &function_begin($name,""); - - &comment(""); - - &ld(($a[0])=&NR(1),&QWPw(0,$ap)); - &ld(($b[0])=&NR(1),&QWPw(0,$bp)); - &ld(($a[1])=&NR(1),&QWPw(1,$ap)); - &ld(($b[1])=&NR(1),&QWPw(1,$bp)); - &ld(($a[2])=&NR(1),&QWPw(2,$ap)); - &ld(($b[2])=&NR(1),&QWPw(2,$bp)); - &ld(($a[3])=&NR(1),&QWPw(3,$ap)); &FR($ap); - &ld(($b[3])=&NR(1),&QWPw(3,$bp)); &FR($bp); - - ($c0,$c1,$c2)=&NR(3); - &mov("zero",$c2); - &mul($a[0],$b[0],$c0); - &muh($a[0],$b[0],$c1); - &st($c0,&QWPw(0,$rp)); &FR($c0); ($c0)=&NR($c0); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &mul_add_c($a[0],$b[1],$c0,$c1,$c2); - &mul_add_c($a[1],$b[0],$c0,$c1,$c2); - &st($c0,&QWPw(1,$rp)); &FR($c0); ($c0)=&NR($c0); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &mul_add_c($a[1],$b[1],$c0,$c1,$c2); - &mul_add_c($a[0],$b[2],$c0,$c1,$c2); - &mul_add_c($a[2],$b[0],$c0,$c1,$c2); - &st($c0,&QWPw(2,$rp)); &FR($c0); ($c0)=&NR($c0); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &mul_add_c($a[0],$b[3],$c0,$c1,$c2); &FR($a[0]); - &mul_add_c($a[1],$b[2],$c0,$c1,$c2); - &mul_add_c($a[2],$b[1],$c0,$c1,$c2); - &mul_add_c($a[3],$b[0],$c0,$c1,$c2); &FR($b[0]); - &st($c0,&QWPw(3,$rp)); &FR($c0); ($c0)=&NR($c0); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &mul_add_c($a[1],$b[3],$c0,$c1,$c2); &FR($a[1]); - &mul_add_c($a[2],$b[2],$c0,$c1,$c2); - &mul_add_c($a[3],$b[1],$c0,$c1,$c2); &FR($b[1]); - &st($c0,&QWPw(4,$rp)); &FR($c0); ($c0)=&NR($c0); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &mul_add_c($a[2],$b[3],$c0,$c1,$c2); &FR($a[2]); - &mul_add_c($a[3],$b[2],$c0,$c1,$c2); &FR($b[2]); - &st($c0,&QWPw(5,$rp)); &FR($c0); ($c0)=&NR($c0); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &mul_add_c($a[3],$b[3],$c0,$c1,$c2); &FR($a[3],$b[3]); - &st($c0,&QWPw(6,$rp)); - &st($c1,&QWPw(7,$rp)); - - &FR($c0,$c1,$c2); - - &function_end($name); - - &fin_pool; - } - -1; diff --git a/src/lib/libcrypto/bn/asm/alpha/mul_c8.pl b/src/lib/libcrypto/bn/asm/alpha/mul_c8.pl deleted file mode 100644 index 525ca7494b7..00000000000 --- a/src/lib/libcrypto/bn/asm/alpha/mul_c8.pl +++ /dev/null @@ -1,177 +0,0 @@ -#!/usr/local/bin/perl -# alpha assember - -sub bn_mul_comba8 - { - local($name)=@_; - local(@a,@b,$r,$c0,$c1,$c2); - - $cnt=1; - &init_pool(3); - - $rp=&wparam(0); - $ap=&wparam(1); - $bp=&wparam(2); - - &function_begin($name,""); - - &comment(""); - - &stack_push(2); - &ld(($a[0])=&NR(1),&QWPw(0,$ap)); - &ld(($b[0])=&NR(1),&QWPw(0,$bp)); - &st($reg_s0,&swtmp(0)); &FR($reg_s0); - &st($reg_s1,&swtmp(1)); &FR($reg_s1); - &ld(($a[1])=&NR(1),&QWPw(1,$ap)); - &ld(($b[1])=&NR(1),&QWPw(1,$bp)); - &ld(($a[2])=&NR(1),&QWPw(2,$ap)); - &ld(($b[2])=&NR(1),&QWPw(2,$bp)); - &ld(($a[3])=&NR(1),&QWPw(3,$ap)); - &ld(($b[3])=&NR(1),&QWPw(3,$bp)); - &ld(($a[4])=&NR(1),&QWPw(1,$ap)); - &ld(($b[4])=&NR(1),&QWPw(1,$bp)); - &ld(($a[5])=&NR(1),&QWPw(1,$ap)); - &ld(($b[5])=&NR(1),&QWPw(1,$bp)); - &ld(($a[6])=&NR(1),&QWPw(1,$ap)); - &ld(($b[6])=&NR(1),&QWPw(1,$bp)); - &ld(($a[7])=&NR(1),&QWPw(1,$ap)); &FR($ap); - &ld(($b[7])=&NR(1),&QWPw(1,$bp)); &FR($bp); - - ($c0,$c1,$c2)=&NR(3); - &mov("zero",$c2); - &mul($a[0],$b[0],$c0); - &muh($a[0],$b[0],$c1); - &st($c0,&QWPw(0,$rp)); &FR($c0); ($c0)=&NR(1); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &mul_add_c($a[0],$b[1],$c0,$c1,$c2); - &mul_add_c($a[1],$b[0],$c0,$c1,$c2); - &st($c0,&QWPw(1,$rp)); &FR($c0); ($c0)=&NR(1); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &mul_add_c($a[0],$b[2],$c0,$c1,$c2); - &mul_add_c($a[1],$b[1],$c0,$c1,$c2); - &mul_add_c($a[2],$b[0],$c0,$c1,$c2); - &st($c0,&QWPw(2,$rp)); &FR($c0); ($c0)=&NR(1); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &mul_add_c($a[0],$b[3],$c0,$c1,$c2); - &mul_add_c($a[1],$b[2],$c0,$c1,$c2); - &mul_add_c($a[2],$b[1],$c0,$c1,$c2); - &mul_add_c($a[3],$b[0],$c0,$c1,$c2); - &st($c0,&QWPw(3,$rp)); &FR($c0); ($c0)=&NR(1); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &mul_add_c($a[0],$b[4],$c0,$c1,$c2); - &mul_add_c($a[1],$b[3],$c0,$c1,$c2); - &mul_add_c($a[2],$b[2],$c0,$c1,$c2); - &mul_add_c($a[3],$b[1],$c0,$c1,$c2); - &mul_add_c($a[4],$b[0],$c0,$c1,$c2); - &st($c0,&QWPw(4,$rp)); &FR($c0); ($c0)=&NR(1); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &mul_add_c($a[0],$b[5],$c0,$c1,$c2); - &mul_add_c($a[1],$b[4],$c0,$c1,$c2); - &mul_add_c($a[2],$b[3],$c0,$c1,$c2); - &mul_add_c($a[3],$b[2],$c0,$c1,$c2); - &mul_add_c($a[4],$b[1],$c0,$c1,$c2); - &mul_add_c($a[5],$b[0],$c0,$c1,$c2); - &st($c0,&QWPw(5,$rp)); &FR($c0); ($c0)=&NR(1); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &mul_add_c($a[0],$b[6],$c0,$c1,$c2); - &mul_add_c($a[1],$b[5],$c0,$c1,$c2); - &mul_add_c($a[2],$b[4],$c0,$c1,$c2); - &mul_add_c($a[3],$b[3],$c0,$c1,$c2); - &mul_add_c($a[4],$b[2],$c0,$c1,$c2); - &mul_add_c($a[5],$b[1],$c0,$c1,$c2); - &mul_add_c($a[6],$b[0],$c0,$c1,$c2); - &st($c0,&QWPw(6,$rp)); &FR($c0); ($c0)=&NR(1); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &mul_add_c($a[0],$b[7],$c0,$c1,$c2); &FR($a[0]); - &mul_add_c($a[1],$b[6],$c0,$c1,$c2); - &mul_add_c($a[2],$b[5],$c0,$c1,$c2); - &mul_add_c($a[3],$b[4],$c0,$c1,$c2); - &mul_add_c($a[4],$b[3],$c0,$c1,$c2); - &mul_add_c($a[5],$b[2],$c0,$c1,$c2); - &mul_add_c($a[6],$b[1],$c0,$c1,$c2); - &mul_add_c($a[7],$b[0],$c0,$c1,$c2); &FR($b[0]); - &st($c0,&QWPw(7,$rp)); &FR($c0); ($c0)=&NR(1); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &mul_add_c($a[1],$b[7],$c0,$c1,$c2); &FR($a[1]); - &mul_add_c($a[2],$b[6],$c0,$c1,$c2); - &mul_add_c($a[3],$b[5],$c0,$c1,$c2); - &mul_add_c($a[4],$b[4],$c0,$c1,$c2); - &mul_add_c($a[5],$b[3],$c0,$c1,$c2); - &mul_add_c($a[6],$b[2],$c0,$c1,$c2); - &mul_add_c($a[7],$b[1],$c0,$c1,$c2); &FR($b[1]); - &st($c0,&QWPw(8,$rp)); &FR($c0); ($c0)=&NR(1); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &mul_add_c($a[2],$b[7],$c0,$c1,$c2); &FR($a[2]); - &mul_add_c($a[3],$b[6],$c0,$c1,$c2); - &mul_add_c($a[4],$b[5],$c0,$c1,$c2); - &mul_add_c($a[5],$b[4],$c0,$c1,$c2); - &mul_add_c($a[6],$b[3],$c0,$c1,$c2); - &mul_add_c($a[7],$b[2],$c0,$c1,$c2); &FR($b[2]); - &st($c0,&QWPw(9,$rp)); &FR($c0); ($c0)=&NR(1); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &mul_add_c($a[3],$b[7],$c0,$c1,$c2); &FR($a[3]); - &mul_add_c($a[4],$b[6],$c0,$c1,$c2); - &mul_add_c($a[5],$b[5],$c0,$c1,$c2); - &mul_add_c($a[6],$b[4],$c0,$c1,$c2); - &mul_add_c($a[7],$b[3],$c0,$c1,$c2); &FR($b[3]); - &st($c0,&QWPw(10,$rp)); &FR($c0); ($c0)=&NR(1); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &mul_add_c($a[4],$b[7],$c0,$c1,$c2); &FR($a[4]); - &mul_add_c($a[5],$b[6],$c0,$c1,$c2); - &mul_add_c($a[6],$b[5],$c0,$c1,$c2); - &mul_add_c($a[7],$b[4],$c0,$c1,$c2); &FR($b[4]); - &st($c0,&QWPw(11,$rp)); &FR($c0); ($c0)=&NR(1); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &mul_add_c($a[5],$b[7],$c0,$c1,$c2); &FR($a[5]); - &mul_add_c($a[6],$b[6],$c0,$c1,$c2); - &mul_add_c($a[7],$b[5],$c0,$c1,$c2); &FR($b[5]); - &st($c0,&QWPw(12,$rp)); &FR($c0); ($c0)=&NR(1); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &mul_add_c($a[6],$b[7],$c0,$c1,$c2); &FR($a[6]); - &mul_add_c($a[7],$b[6],$c0,$c1,$c2); &FR($b[6]); - &st($c0,&QWPw(13,$rp)); &FR($c0); ($c0)=&NR(1); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &mul_add_c($a[7],$b[7],$c0,$c1,$c2); &FR($a[7],$b[7]); - &st($c0,&QWPw(14,$rp)); - &st($c1,&QWPw(15,$rp)); - - &FR($c0,$c1,$c2); - - &ld($reg_s0,&swtmp(0)); - &ld($reg_s1,&swtmp(1)); - &stack_pop(2); - - &function_end($name); - - &fin_pool; - } - -1; diff --git a/src/lib/libcrypto/bn/asm/alpha/sqr.pl b/src/lib/libcrypto/bn/asm/alpha/sqr.pl deleted file mode 100644 index a55b696906e..00000000000 --- a/src/lib/libcrypto/bn/asm/alpha/sqr.pl +++ /dev/null @@ -1,113 +0,0 @@ -#!/usr/local/bin/perl -# alpha assember - -sub bn_sqr_words - { - local($name)=@_; - local($cc,$a,$b,$r,$couny); - - &init_pool(3); - ($cc)=GR("r0"); - - $rp=&wparam(0); - $ap=&wparam(1); - $count=&wparam(2); - - &function_begin($name,""); - - &comment(""); - &sub($count,4,$count); - &mov("zero",$cc); - &br(&label("finish")); - &blt($count,&label("finish")); - - ($a0,$r0)=&NR(2); - &ld($a0,&QWPw(0,$ap)); - &ld($r0,&QWPw(0,$rp)); - -$a=<<'EOF'; -########################################################## - &set_label("loop"); - - ($a1)=&NR(1); &ld($a1,&QWPw(1,$ap)); - ($b1)=&NR(1); &ld($b1,&QWPw(1,$bp)); - ($a2)=&NR(1); &ld($a2,&QWPw(2,$ap)); - ($b2)=&NR(1); &ld($b2,&QWPw(2,$bp)); - ($a3)=&NR(1); &ld($a3,&QWPw(3,$ap)); - ($b3)=&NR(1); &ld($b3,&QWPw(3,$bp)); - - ($o0,$t0)=&NR(2); - &add($a0,$b0,$o0); - &cmpult($o0,$b0,$t0); - &add($o0,$cc,$o0); - &cmpult($o0,$cc,$cc); - &add($cc,$t0,$cc); &FR($t0); - - ($t1,$o1)=&NR(2); - - &add($a1,$b1,$o1); &FR($a1); - &cmpult($o1,$b1,$t1); &FR($b1); - &add($o1,$cc,$o1); - &cmpult($o1,$cc,$cc); - &add($cc,$t1,$cc); &FR($t1); - - ($t2,$o2)=&NR(2); - - &add($a2,$b2,$o2); &FR($a2); - &cmpult($o2,$b2,$t2); &FR($b2); - &add($o2,$cc,$o2); - &cmpult($o2,$cc,$cc); - &add($cc,$t2,$cc); &FR($t2); - - ($t3,$o3)=&NR(2); - - &add($a3,$b3,$o3); &FR($a3); - &cmpult($o3,$b3,$t3); &FR($b3); - &add($o3,$cc,$o3); - &cmpult($o3,$cc,$cc); - &add($cc,$t3,$cc); &FR($t3); - - &st($o0,&QWPw(0,$rp)); &FR($o0); - &st($o1,&QWPw(0,$rp)); &FR($o1); - &st($o2,&QWPw(0,$rp)); &FR($o2); - &st($o3,&QWPw(0,$rp)); &FR($o3); - - &sub($count,4,$count); # count-=4 - &add($ap,4*$QWS,$ap); # count+=4 - &add($bp,4*$QWS,$bp); # count+=4 - &add($rp,4*$QWS,$rp); # count+=4 - - &blt($count,&label("finish")); - &ld($a0,&QWPw(0,$ap)); - &ld($b0,&QWPw(0,$bp)); - &br(&label("loop")); -EOF -################################################## - # Do the last 0..3 words - - &set_label("last_loop"); - - &ld(($a0)=&NR(1),&QWPw(0,$ap)); # get a - &mul($a0,$a0,($l0)=&NR(1)); - &add($ap,$QWS,$ap); - &add($rp,2*$QWS,$rp); - &sub($count,1,$count); - &muh($a0,$a0,($h0)=&NR(1)); &FR($a0); - &st($l0,&QWPw(-2,$rp)); &FR($l0); - &st($h0,&QWPw(-1,$rp)); &FR($h0); - - &bgt($count,&label("last_loop")); - &function_end_A($name); - -###################################################### - &set_label("finish"); - &add($count,4,$count); - &bgt($count,&label("last_loop")); - - &set_label("end"); - &function_end($name); - - &fin_pool; - } - -1; diff --git a/src/lib/libcrypto/bn/asm/alpha/sqr_c4.pl b/src/lib/libcrypto/bn/asm/alpha/sqr_c4.pl deleted file mode 100644 index bf33f5b5037..00000000000 --- a/src/lib/libcrypto/bn/asm/alpha/sqr_c4.pl +++ /dev/null @@ -1,109 +0,0 @@ -#!/usr/local/bin/perl -# alpha assember - -sub sqr_add_c - { - local($a,$c0,$c1,$c2)=@_; - local($l1,$h1,$t1,$t2); - - &mul($a,$a,($l1)=&NR(1)); - &muh($a,$a,($h1)=&NR(1)); - &add($c0,$l1,$c0); - &add($c1,$h1,$c1); - &cmpult($c0,$l1,($t1)=&NR(1)); &FR($l1); - &cmpult($c1,$h1,($t2)=&NR(1)); &FR($h1); - &add($c1,$t1,$c1); &FR($t1); - &add($c2,$t2,$c2); &FR($t2); - } - -sub sqr_add_c2 - { - local($a,$b,$c0,$c1,$c2)=@_; - local($l1,$h1,$t1,$t2); - - &mul($a,$b,($l1)=&NR(1)); - &muh($a,$b,($h1)=&NR(1)); - &cmplt($l1,"zero",($lc1)=&NR(1)); - &cmplt($h1,"zero",($hc1)=&NR(1)); - &add($l1,$l1,$l1); - &add($h1,$h1,$h1); - &add($h1,$lc1,$h1); &FR($lc1); - &add($c2,$hc1,$c2); &FR($hc1); - - &add($c0,$l1,$c0); - &add($c1,$h1,$c1); - &cmpult($c0,$l1,($lc1)=&NR(1)); &FR($l1); - &cmpult($c1,$h1,($hc1)=&NR(1)); &FR($h1); - - &add($c1,$lc1,$c1); &FR($lc1); - &add($c2,$hc1,$c2); &FR($hc1); - } - - -sub bn_sqr_comba4 - { - local($name)=@_; - local(@a,@b,$r,$c0,$c1,$c2); - - $cnt=1; - &init_pool(2); - - $rp=&wparam(0); - $ap=&wparam(1); - - &function_begin($name,""); - - &comment(""); - - &ld(($a[0])=&NR(1),&QWPw(0,$ap)); - &ld(($a[1])=&NR(1),&QWPw(1,$ap)); - &ld(($a[2])=&NR(1),&QWPw(2,$ap)); - &ld(($a[3])=&NR(1),&QWPw(3,$ap)); &FR($ap); - - ($c0,$c1,$c2)=&NR(3); - - &mov("zero",$c2); - &mul($a[0],$a[0],$c0); - &muh($a[0],$a[0],$c1); - &st($c0,&QWPw(0,$rp)); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &sqr_add_c2($a[0],$a[1],$c0,$c1,$c2); - &st($c0,&QWPw(1,$rp)); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &sqr_add_c($a[1],$c0,$c1,$c2); - &sqr_add_c2($a[2],$a[0],$c0,$c1,$c2); - &st($c0,&QWPw(2,$rp)); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &sqr_add_c2($a[3],$a[0],$c0,$c1,$c2); - &sqr_add_c2($a[2],$a[1],$c0,$c1,$c2); - &st($c0,&QWPw(3,$rp)); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &sqr_add_c($a[2],$c0,$c1,$c2); - &sqr_add_c2($a[3],$a[1],$c0,$c1,$c2); - &st($c0,&QWPw(4,$rp)); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &sqr_add_c2($a[3],$a[2],$c0,$c1,$c2); - &st($c0,&QWPw(5,$rp)); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &sqr_add_c($a[3],$c0,$c1,$c2); - &st($c0,&QWPw(6,$rp)); - &st($c1,&QWPw(7,$rp)); - - &function_end($name); - - &fin_pool; - } - -1; diff --git a/src/lib/libcrypto/bn/asm/alpha/sqr_c8.pl b/src/lib/libcrypto/bn/asm/alpha/sqr_c8.pl deleted file mode 100644 index b4afe085f1c..00000000000 --- a/src/lib/libcrypto/bn/asm/alpha/sqr_c8.pl +++ /dev/null @@ -1,132 +0,0 @@ -#!/usr/local/bin/perl -# alpha assember - -sub bn_sqr_comba8 - { - local($name)=@_; - local(@a,@b,$r,$c0,$c1,$c2); - - $cnt=1; - &init_pool(2); - - $rp=&wparam(0); - $ap=&wparam(1); - - &function_begin($name,""); - - &comment(""); - - &ld(($a[0])=&NR(1),&QWPw(0,$ap)); - &ld(($a[1])=&NR(1),&QWPw(1,$ap)); - &ld(($a[2])=&NR(1),&QWPw(2,$ap)); - &ld(($a[3])=&NR(1),&QWPw(3,$ap)); - &ld(($a[4])=&NR(1),&QWPw(4,$ap)); - &ld(($a[5])=&NR(1),&QWPw(5,$ap)); - &ld(($a[6])=&NR(1),&QWPw(6,$ap)); - &ld(($a[7])=&NR(1),&QWPw(7,$ap)); &FR($ap); - - ($c0,$c1,$c2)=&NR(3); - - &mov("zero",$c2); - &mul($a[0],$a[0],$c0); - &muh($a[0],$a[0],$c1); - &st($c0,&QWPw(0,$rp)); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &sqr_add_c2($a[1],$a[0],$c0,$c1,$c2); - &st($c0,&QWPw(1,$rp)); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &sqr_add_c($a[1],$c0,$c1,$c2); - &sqr_add_c2($a[2],$a[0],$c0,$c1,$c2); - &st($c0,&QWPw(2,$rp)); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &sqr_add_c2($a[2],$a[1],$c0,$c1,$c2); - &sqr_add_c2($a[3],$a[0],$c0,$c1,$c2); - &st($c0,&QWPw(3,$rp)); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &sqr_add_c($a[2],$c0,$c1,$c2); - &sqr_add_c2($a[3],$a[1],$c0,$c1,$c2); - &sqr_add_c2($a[4],$a[0],$c0,$c1,$c2); - &st($c0,&QWPw(4,$rp)); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &sqr_add_c2($a[3],$a[2],$c0,$c1,$c2); - &sqr_add_c2($a[4],$a[1],$c0,$c1,$c2); - &sqr_add_c2($a[5],$a[0],$c0,$c1,$c2); - &st($c0,&QWPw(5,$rp)); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &sqr_add_c($a[3],$c0,$c1,$c2); - &sqr_add_c2($a[4],$a[2],$c0,$c1,$c2); - &sqr_add_c2($a[5],$a[1],$c0,$c1,$c2); - &sqr_add_c2($a[6],$a[0],$c0,$c1,$c2); - &st($c0,&QWPw(6,$rp)); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &sqr_add_c2($a[4],$a[3],$c0,$c1,$c2); - &sqr_add_c2($a[5],$a[2],$c0,$c1,$c2); - &sqr_add_c2($a[6],$a[1],$c0,$c1,$c2); - &sqr_add_c2($a[7],$a[0],$c0,$c1,$c2); - &st($c0,&QWPw(7,$rp)); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &sqr_add_c($a[4],$c0,$c1,$c2); - &sqr_add_c2($a[5],$a[3],$c0,$c1,$c2); - &sqr_add_c2($a[6],$a[2],$c0,$c1,$c2); - &sqr_add_c2($a[7],$a[1],$c0,$c1,$c2); - &st($c0,&QWPw(8,$rp)); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &sqr_add_c2($a[5],$a[4],$c0,$c1,$c2); - &sqr_add_c2($a[6],$a[3],$c0,$c1,$c2); - &sqr_add_c2($a[7],$a[2],$c0,$c1,$c2); - &st($c0,&QWPw(9,$rp)); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &sqr_add_c($a[5],$c0,$c1,$c2); - &sqr_add_c2($a[6],$a[4],$c0,$c1,$c2); - &sqr_add_c2($a[7],$a[3],$c0,$c1,$c2); - &st($c0,&QWPw(10,$rp)); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &sqr_add_c2($a[6],$a[5],$c0,$c1,$c2); - &sqr_add_c2($a[7],$a[4],$c0,$c1,$c2); - &st($c0,&QWPw(11,$rp)); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &sqr_add_c($a[6],$c0,$c1,$c2); - &sqr_add_c2($a[7],$a[5],$c0,$c1,$c2); - &st($c0,&QWPw(12,$rp)); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &sqr_add_c2($a[7],$a[6],$c0,$c1,$c2); - &st($c0,&QWPw(13,$rp)); - ($c0,$c1,$c2)=($c1,$c2,$c0); - &mov("zero",$c2); - - &sqr_add_c($a[7],$c0,$c1,$c2); - &st($c0,&QWPw(14,$rp)); - &st($c1,&QWPw(15,$rp)); - - &function_end($name); - - &fin_pool; - } - -1; diff --git a/src/lib/libcrypto/bn/asm/alpha/sub.pl b/src/lib/libcrypto/bn/asm/alpha/sub.pl deleted file mode 100644 index d998da5c21a..00000000000 --- a/src/lib/libcrypto/bn/asm/alpha/sub.pl +++ /dev/null @@ -1,108 +0,0 @@ -#!/usr/local/bin/perl -# alpha assember - -sub bn_sub_words - { - local($name)=@_; - local($cc,$a,$b,$r); - - &init_pool(4); - ($cc)=GR("r0"); - - $rp=&wparam(0); - $ap=&wparam(1); - $bp=&wparam(2); - $count=&wparam(3); - - &function_begin($name,""); - - &comment(""); - &sub($count,4,$count); - &mov("zero",$cc); - &blt($count,&label("finish")); - - ($a0,$b0)=&NR(2); - &ld($a0,&QWPw(0,$ap)); - &ld($b0,&QWPw(0,$bp)); - -########################################################## - &set_label("loop"); - - ($a1,$tmp,$b1,$a2,$b2,$a3,$b3,$o0)=&NR(8); - &ld($a1,&QWPw(1,$ap)); - &cmpult($a0,$b0,$tmp); # will we borrow? - &ld($b1,&QWPw(1,$bp)); - &sub($a0,$b0,$a0); # do the subtract - &ld($a2,&QWPw(2,$ap)); - &cmpult($a0,$cc,$b0); # will we borrow? - &ld($b2,&QWPw(2,$bp)); - &sub($a0,$cc,$o0); # will we borrow? - &ld($a3,&QWPw(3,$ap)); - &add($b0,$tmp,$cc); ($t1,$o1)=&NR(2); &FR($tmp); - - &cmpult($a1,$b1,$t1); # will we borrow? - &sub($a1,$b1,$a1); # do the subtract - &ld($b3,&QWPw(3,$bp)); - &cmpult($a1,$cc,$b1); # will we borrow? - &sub($a1,$cc,$o1); # will we borrow? - &add($b1,$t1,$cc); ($tmp,$o2)=&NR(2); &FR($t1,$a1,$b1); - - &cmpult($a2,$b2,$tmp); # will we borrow? - &sub($a2,$b2,$a2); # do the subtract - &st($o0,&QWPw(0,$rp)); &FR($o0); # save - &cmpult($a2,$cc,$b2); # will we borrow? - &sub($a2,$cc,$o2); # will we borrow? - &add($b2,$tmp,$cc); ($t3,$o3)=&NR(2); &FR($tmp,$a2,$b2); - - &cmpult($a3,$b3,$t3); # will we borrow? - &sub($a3,$b3,$a3); # do the subtract - &st($o1,&QWPw(1,$rp)); &FR($o1); - &cmpult($a3,$cc,$b3); # will we borrow? - &sub($a3,$cc,$o3); # will we borrow? - &add($b3,$t3,$cc); &FR($t3,$a3,$b3); - - &st($o2,&QWPw(2,$rp)); &FR($o2); - &sub($count,4,$count); # count-=4 - &st($o3,&QWPw(3,$rp)); &FR($o3); - &add($ap,4*$QWS,$ap); # count+=4 - &add($bp,4*$QWS,$bp); # count+=4 - &add($rp,4*$QWS,$rp); # count+=4 - - &blt($count,&label("finish")); - &ld($a0,&QWPw(0,$ap)); - &ld($b0,&QWPw(0,$bp)); - &br(&label("loop")); -################################################## - # Do the last 0..3 words - - &set_label("last_loop"); - - &ld($a0,&QWPw(0,$ap)); # get a - &ld($b0,&QWPw(0,$bp)); # get b - &cmpult($a0,$b0,$tmp); # will we borrow? - &sub($a0,$b0,$a0); # do the subtract - &cmpult($a0,$cc,$b0); # will we borrow? - &sub($a0,$cc,$a0); # will we borrow? - &st($a0,&QWPw(0,$rp)); # save - &add($b0,$tmp,$cc); # add the borrows - - &add($ap,$QWS,$ap); - &add($bp,$QWS,$bp); - &add($rp,$QWS,$rp); - &sub($count,1,$count); - &bgt($count,&label("last_loop")); - &function_end_A($name); - -###################################################### - &set_label("finish"); - &add($count,4,$count); - &bgt($count,&label("last_loop")); - - &FR($a0,$b0); - &set_label("end"); - &function_end($name); - - &fin_pool; - } - -1; diff --git a/src/lib/libcrypto/bn/asm/armv4-gf2m.pl b/src/lib/libcrypto/bn/asm/armv4-gf2m.pl new file mode 100644 index 00000000000..89159246413 --- /dev/null +++ b/src/lib/libcrypto/bn/asm/armv4-gf2m.pl @@ -0,0 +1,278 @@ +#!/usr/bin/env perl +# +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== +# +# May 2011 +# +# The module implements bn_GF2m_mul_2x2 polynomial multiplication +# used in bn_gf2m.c. It's kind of low-hanging mechanical port from +# C for the time being... Except that it has two code paths: pure +# integer code suitable for any ARMv4 and later CPU and NEON code +# suitable for ARMv7. Pure integer 1x1 multiplication subroutine runs +# in ~45 cycles on dual-issue core such as Cortex A8, which is ~50% +# faster than compiler-generated code. For ECDH and ECDSA verify (but +# not for ECDSA sign) it means 25%-45% improvement depending on key +# length, more for longer keys. Even though NEON 1x1 multiplication +# runs in even less cycles, ~30, improvement is measurable only on +# longer keys. One has to optimize code elsewhere to get NEON glow... + +while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} +open STDOUT,">$output"; + +sub Dlo() { shift=~m|q([1]?[0-9])|?"d".($1*2):""; } +sub Dhi() { shift=~m|q([1]?[0-9])|?"d".($1*2+1):""; } +sub Q() { shift=~m|d([1-3]?[02468])|?"q".($1/2):""; } + +$code=<<___; +#include "arm_arch.h" + +.text +.code 32 + +#if __ARM_ARCH__>=7 +.fpu neon + +.type mul_1x1_neon,%function +.align 5 +mul_1x1_neon: + vshl.u64 `&Dlo("q1")`,d16,#8 @ q1-q3 are slided $a + vmull.p8 `&Q("d0")`,d16,d17 @ a·bb + vshl.u64 `&Dlo("q2")`,d16,#16 + vmull.p8 q1,`&Dlo("q1")`,d17 @ a<<8·bb + vshl.u64 `&Dlo("q3")`,d16,#24 + vmull.p8 q2,`&Dlo("q2")`,d17 @ a<<16·bb + vshr.u64 `&Dlo("q1")`,#8 + vmull.p8 q3,`&Dlo("q3")`,d17 @ a<<24·bb + vshl.u64 `&Dhi("q1")`,#24 + veor d0,`&Dlo("q1")` + vshr.u64 `&Dlo("q2")`,#16 + veor d0,`&Dhi("q1")` + vshl.u64 `&Dhi("q2")`,#16 + veor d0,`&Dlo("q2")` + vshr.u64 `&Dlo("q3")`,#24 + veor d0,`&Dhi("q2")` + vshl.u64 `&Dhi("q3")`,#8 + veor d0,`&Dlo("q3")` + veor d0,`&Dhi("q3")` + bx lr +.size mul_1x1_neon,.-mul_1x1_neon +#endif +___ +################ +# private interface to mul_1x1_ialu +# +$a="r1"; +$b="r0"; + +($a0,$a1,$a2,$a12,$a4,$a14)= +($hi,$lo,$t0,$t1, $i0,$i1 )=map("r$_",(4..9),12); + +$mask="r12"; + +$code.=<<___; +.type mul_1x1_ialu,%function +.align 5 +mul_1x1_ialu: + mov $a0,#0 + bic $a1,$a,#3<<30 @ a1=a&0x3fffffff + str $a0,[sp,#0] @ tab[0]=0 + add $a2,$a1,$a1 @ a2=a1<<1 + str $a1,[sp,#4] @ tab[1]=a1 + eor $a12,$a1,$a2 @ a1^a2 + str $a2,[sp,#8] @ tab[2]=a2 + mov $a4,$a1,lsl#2 @ a4=a1<<2 + str $a12,[sp,#12] @ tab[3]=a1^a2 + eor $a14,$a1,$a4 @ a1^a4 + str $a4,[sp,#16] @ tab[4]=a4 + eor $a0,$a2,$a4 @ a2^a4 + str $a14,[sp,#20] @ tab[5]=a1^a4 + eor $a12,$a12,$a4 @ a1^a2^a4 + str $a0,[sp,#24] @ tab[6]=a2^a4 + and $i0,$mask,$b,lsl#2 + str $a12,[sp,#28] @ tab[7]=a1^a2^a4 + + and $i1,$mask,$b,lsr#1 + ldr $lo,[sp,$i0] @ tab[b & 0x7] + and $i0,$mask,$b,lsr#4 + ldr $t1,[sp,$i1] @ tab[b >> 3 & 0x7] + and $i1,$mask,$b,lsr#7 + ldr $t0,[sp,$i0] @ tab[b >> 6 & 0x7] + eor $lo,$lo,$t1,lsl#3 @ stall + mov $hi,$t1,lsr#29 + ldr $t1,[sp,$i1] @ tab[b >> 9 & 0x7] + + and $i0,$mask,$b,lsr#10 + eor $lo,$lo,$t0,lsl#6 + eor $hi,$hi,$t0,lsr#26 + ldr $t0,[sp,$i0] @ tab[b >> 12 & 0x7] + + and $i1,$mask,$b,lsr#13 + eor $lo,$lo,$t1,lsl#9 + eor $hi,$hi,$t1,lsr#23 + ldr $t1,[sp,$i1] @ tab[b >> 15 & 0x7] + + and $i0,$mask,$b,lsr#16 + eor $lo,$lo,$t0,lsl#12 + eor $hi,$hi,$t0,lsr#20 + ldr $t0,[sp,$i0] @ tab[b >> 18 & 0x7] + + and $i1,$mask,$b,lsr#19 + eor $lo,$lo,$t1,lsl#15 + eor $hi,$hi,$t1,lsr#17 + ldr $t1,[sp,$i1] @ tab[b >> 21 & 0x7] + + and $i0,$mask,$b,lsr#22 + eor $lo,$lo,$t0,lsl#18 + eor $hi,$hi,$t0,lsr#14 + ldr $t0,[sp,$i0] @ tab[b >> 24 & 0x7] + + and $i1,$mask,$b,lsr#25 + eor $lo,$lo,$t1,lsl#21 + eor $hi,$hi,$t1,lsr#11 + ldr $t1,[sp,$i1] @ tab[b >> 27 & 0x7] + + tst $a,#1<<30 + and $i0,$mask,$b,lsr#28 + eor $lo,$lo,$t0,lsl#24 + eor $hi,$hi,$t0,lsr#8 + ldr $t0,[sp,$i0] @ tab[b >> 30 ] + + eorne $lo,$lo,$b,lsl#30 + eorne $hi,$hi,$b,lsr#2 + tst $a,#1<<31 + eor $lo,$lo,$t1,lsl#27 + eor $hi,$hi,$t1,lsr#5 + eorne $lo,$lo,$b,lsl#31 + eorne $hi,$hi,$b,lsr#1 + eor $lo,$lo,$t0,lsl#30 + eor $hi,$hi,$t0,lsr#2 + + mov pc,lr +.size mul_1x1_ialu,.-mul_1x1_ialu +___ +################ +# void bn_GF2m_mul_2x2(BN_ULONG *r, +# BN_ULONG a1,BN_ULONG a0, +# BN_ULONG b1,BN_ULONG b0); # r[3..0]=a1a0·b1b0 + +($A1,$B1,$A0,$B0,$A1B1,$A0B0)=map("d$_",(18..23)); + +$code.=<<___; +.global bn_GF2m_mul_2x2 +.type bn_GF2m_mul_2x2,%function +.align 5 +bn_GF2m_mul_2x2: +#if __ARM_ARCH__>=7 + ldr r12,.LOPENSSL_armcap +.Lpic: ldr r12,[pc,r12] + tst r12,#1 + beq .Lialu + + veor $A1,$A1 + vmov $B1,r3,r3 @ two copies of b1 + vmov.32 ${A1}[0],r1 @ a1 + + veor $A0,$A0 + vld1.32 ${B0}[],[sp,:32] @ two copies of b0 + vmov.32 ${A0}[0],r2 @ a0 + mov r12,lr + + vmov d16,$A1 + vmov d17,$B1 + bl mul_1x1_neon @ a1·b1 + vmov $A1B1,d0 + + vmov d16,$A0 + vmov d17,$B0 + bl mul_1x1_neon @ a0·b0 + vmov $A0B0,d0 + + veor d16,$A0,$A1 + veor d17,$B0,$B1 + veor $A0,$A0B0,$A1B1 + bl mul_1x1_neon @ (a0+a1)·(b0+b1) + + veor d0,$A0 @ (a0+a1)·(b0+b1)-a0·b0-a1·b1 + vshl.u64 d1,d0,#32 + vshr.u64 d0,d0,#32 + veor $A0B0,d1 + veor $A1B1,d0 + vst1.32 {${A0B0}[0]},[r0,:32]! + vst1.32 {${A0B0}[1]},[r0,:32]! + vst1.32 {${A1B1}[0]},[r0,:32]! + vst1.32 {${A1B1}[1]},[r0,:32] + bx r12 +.align 4 +.Lialu: +#endif +___ +$ret="r10"; # reassigned 1st argument +$code.=<<___; + stmdb sp!,{r4-r10,lr} + mov $ret,r0 @ reassign 1st argument + mov $b,r3 @ $b=b1 + ldr r3,[sp,#32] @ load b0 + mov $mask,#7<<2 + sub sp,sp,#32 @ allocate tab[8] + + bl mul_1x1_ialu @ a1·b1 + str $lo,[$ret,#8] + str $hi,[$ret,#12] + + eor $b,$b,r3 @ flip b0 and b1 + eor $a,$a,r2 @ flip a0 and a1 + eor r3,r3,$b + eor r2,r2,$a + eor $b,$b,r3 + eor $a,$a,r2 + bl mul_1x1_ialu @ a0·b0 + str $lo,[$ret] + str $hi,[$ret,#4] + + eor $a,$a,r2 + eor $b,$b,r3 + bl mul_1x1_ialu @ (a1+a0)·(b1+b0) +___ +@r=map("r$_",(6..9)); +$code.=<<___; + ldmia $ret,{@r[0]-@r[3]} + eor $lo,$lo,$hi + eor $hi,$hi,@r[1] + eor $lo,$lo,@r[0] + eor $hi,$hi,@r[2] + eor $lo,$lo,@r[3] + eor $hi,$hi,@r[3] + str $hi,[$ret,#8] + eor $lo,$lo,$hi + add sp,sp,#32 @ destroy tab[8] + str $lo,[$ret,#4] + +#if __ARM_ARCH__>=5 + ldmia sp!,{r4-r10,pc} +#else + ldmia sp!,{r4-r10,lr} + tst lr,#1 + moveq pc,lr @ be binary compatible with V4, yet + bx lr @ interoperable with Thumb ISA:-) +#endif +.size bn_GF2m_mul_2x2,.-bn_GF2m_mul_2x2 +#if __ARM_ARCH__>=7 +.align 5 +.LOPENSSL_armcap: +.word OPENSSL_armcap_P-(.Lpic+8) +#endif +.asciz "GF(2^m) Multiplication for ARMv4/NEON, CRYPTOGAMS by " +.align 5 + +.comm OPENSSL_armcap_P,4,4 +___ + +$code =~ s/\`([^\`]*)\`/eval $1/gem; +$code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm; # make it possible to compile with -march=armv4 +print $code; +close STDOUT; # enforce flush diff --git a/src/lib/libcrypto/bn/asm/armv4-mont.pl b/src/lib/libcrypto/bn/asm/armv4-mont.pl new file mode 100644 index 00000000000..f78a8b5f0f5 --- /dev/null +++ b/src/lib/libcrypto/bn/asm/armv4-mont.pl @@ -0,0 +1,204 @@ +#!/usr/bin/env perl + +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# January 2007. + +# Montgomery multiplication for ARMv4. +# +# Performance improvement naturally varies among CPU implementations +# and compilers. The code was observed to provide +65-35% improvement +# [depending on key length, less for longer keys] on ARM920T, and +# +115-80% on Intel IXP425. This is compared to pre-bn_mul_mont code +# base and compiler generated code with in-lined umull and even umlal +# instructions. The latter means that this code didn't really have an +# "advantage" of utilizing some "secret" instruction. +# +# The code is interoperable with Thumb ISA and is rather compact, less +# than 1/2KB. Windows CE port would be trivial, as it's exclusively +# about decorations, ABI and instruction syntax are identical. + +while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} +open STDOUT,">$output"; + +$num="r0"; # starts as num argument, but holds &tp[num-1] +$ap="r1"; +$bp="r2"; $bi="r2"; $rp="r2"; +$np="r3"; +$tp="r4"; +$aj="r5"; +$nj="r6"; +$tj="r7"; +$n0="r8"; +########### # r9 is reserved by ELF as platform specific, e.g. TLS pointer +$alo="r10"; # sl, gcc uses it to keep @GOT +$ahi="r11"; # fp +$nlo="r12"; # ip +########### # r13 is stack pointer +$nhi="r14"; # lr +########### # r15 is program counter + +#### argument block layout relative to &tp[num-1], a.k.a. $num +$_rp="$num,#12*4"; +# ap permanently resides in r1 +$_bp="$num,#13*4"; +# np permanently resides in r3 +$_n0="$num,#14*4"; +$_num="$num,#15*4"; $_bpend=$_num; + +$code=<<___; +.text + +.global bn_mul_mont +.type bn_mul_mont,%function + +.align 2 +bn_mul_mont: + stmdb sp!,{r0,r2} @ sp points at argument block + ldr $num,[sp,#3*4] @ load num + cmp $num,#2 + movlt r0,#0 + addlt sp,sp,#2*4 + blt .Labrt + + stmdb sp!,{r4-r12,lr} @ save 10 registers + + mov $num,$num,lsl#2 @ rescale $num for byte count + sub sp,sp,$num @ alloca(4*num) + sub sp,sp,#4 @ +extra dword + sub $num,$num,#4 @ "num=num-1" + add $tp,$bp,$num @ &bp[num-1] + + add $num,sp,$num @ $num to point at &tp[num-1] + ldr $n0,[$_n0] @ &n0 + ldr $bi,[$bp] @ bp[0] + ldr $aj,[$ap],#4 @ ap[0],ap++ + ldr $nj,[$np],#4 @ np[0],np++ + ldr $n0,[$n0] @ *n0 + str $tp,[$_bpend] @ save &bp[num] + + umull $alo,$ahi,$aj,$bi @ ap[0]*bp[0] + str $n0,[$_n0] @ save n0 value + mul $n0,$alo,$n0 @ "tp[0]"*n0 + mov $nlo,#0 + umlal $alo,$nlo,$nj,$n0 @ np[0]*n0+"t[0]" + mov $tp,sp + +.L1st: + ldr $aj,[$ap],#4 @ ap[j],ap++ + mov $alo,$ahi + ldr $nj,[$np],#4 @ np[j],np++ + mov $ahi,#0 + umlal $alo,$ahi,$aj,$bi @ ap[j]*bp[0] + mov $nhi,#0 + umlal $nlo,$nhi,$nj,$n0 @ np[j]*n0 + adds $nlo,$nlo,$alo + str $nlo,[$tp],#4 @ tp[j-1]=,tp++ + adc $nlo,$nhi,#0 + cmp $tp,$num + bne .L1st + + adds $nlo,$nlo,$ahi + ldr $tp,[$_bp] @ restore bp + mov $nhi,#0 + ldr $n0,[$_n0] @ restore n0 + adc $nhi,$nhi,#0 + str $nlo,[$num] @ tp[num-1]= + str $nhi,[$num,#4] @ tp[num]= + +.Louter: + sub $tj,$num,sp @ "original" $num-1 value + sub $ap,$ap,$tj @ "rewind" ap to &ap[1] + ldr $bi,[$tp,#4]! @ *(++bp) + sub $np,$np,$tj @ "rewind" np to &np[1] + ldr $aj,[$ap,#-4] @ ap[0] + ldr $alo,[sp] @ tp[0] + ldr $nj,[$np,#-4] @ np[0] + ldr $tj,[sp,#4] @ tp[1] + + mov $ahi,#0 + umlal $alo,$ahi,$aj,$bi @ ap[0]*bp[i]+tp[0] + str $tp,[$_bp] @ save bp + mul $n0,$alo,$n0 + mov $nlo,#0 + umlal $alo,$nlo,$nj,$n0 @ np[0]*n0+"tp[0]" + mov $tp,sp + +.Linner: + ldr $aj,[$ap],#4 @ ap[j],ap++ + adds $alo,$ahi,$tj @ +=tp[j] + ldr $nj,[$np],#4 @ np[j],np++ + mov $ahi,#0 + umlal $alo,$ahi,$aj,$bi @ ap[j]*bp[i] + mov $nhi,#0 + umlal $nlo,$nhi,$nj,$n0 @ np[j]*n0 + adc $ahi,$ahi,#0 + ldr $tj,[$tp,#8] @ tp[j+1] + adds $nlo,$nlo,$alo + str $nlo,[$tp],#4 @ tp[j-1]=,tp++ + adc $nlo,$nhi,#0 + cmp $tp,$num + bne .Linner + + adds $nlo,$nlo,$ahi + mov $nhi,#0 + ldr $tp,[$_bp] @ restore bp + adc $nhi,$nhi,#0 + ldr $n0,[$_n0] @ restore n0 + adds $nlo,$nlo,$tj + ldr $tj,[$_bpend] @ restore &bp[num] + adc $nhi,$nhi,#0 + str $nlo,[$num] @ tp[num-1]= + str $nhi,[$num,#4] @ tp[num]= + + cmp $tp,$tj + bne .Louter + + ldr $rp,[$_rp] @ pull rp + add $num,$num,#4 @ $num to point at &tp[num] + sub $aj,$num,sp @ "original" num value + mov $tp,sp @ "rewind" $tp + mov $ap,$tp @ "borrow" $ap + sub $np,$np,$aj @ "rewind" $np to &np[0] + + subs $tj,$tj,$tj @ "clear" carry flag +.Lsub: ldr $tj,[$tp],#4 + ldr $nj,[$np],#4 + sbcs $tj,$tj,$nj @ tp[j]-np[j] + str $tj,[$rp],#4 @ rp[j]= + teq $tp,$num @ preserve carry + bne .Lsub + sbcs $nhi,$nhi,#0 @ upmost carry + mov $tp,sp @ "rewind" $tp + sub $rp,$rp,$aj @ "rewind" $rp + + and $ap,$tp,$nhi + bic $np,$rp,$nhi + orr $ap,$ap,$np @ ap=borrow?tp:rp + +.Lcopy: ldr $tj,[$ap],#4 @ copy or in-place refresh + str sp,[$tp],#4 @ zap tp + str $tj,[$rp],#4 + cmp $tp,$num + bne .Lcopy + + add sp,$num,#4 @ skip over tp[num+1] + ldmia sp!,{r4-r12,lr} @ restore registers + add sp,sp,#2*4 @ skip over {r0,r2} + mov r0,#1 +.Labrt: tst lr,#1 + moveq pc,lr @ be binary compatible with V4, yet + bx lr @ interoperable with Thumb ISA:-) +.size bn_mul_mont,.-bn_mul_mont +.asciz "Montgomery multiplication for ARMv4, CRYPTOGAMS by " +.align 2 +___ + +$code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm; # make it possible to compile with -march=armv4 +print $code; +close STDOUT; diff --git a/src/lib/libcrypto/bn/asm/bn-586.pl b/src/lib/libcrypto/bn/asm/bn-586.pl index 33f61259201..c4e2baa6c5a 100644 --- a/src/lib/libcrypto/bn/asm/bn-586.pl +++ b/src/lib/libcrypto/bn/asm/bn-586.pl @@ -1,10 +1,16 @@ #!/usr/local/bin/perl -push(@INC,"perlasm","../../perlasm"); +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +push(@INC,"${dir}","${dir}../../perlasm"); require "x86asm.pl"; &asm_init($ARGV[0],$0); +$sse2=0; +for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } + +&external_label("OPENSSL_ia32cap_P") if ($sse2); + &bn_mul_add_words("bn_mul_add_words"); &bn_mul_words("bn_mul_words"); &bn_sqr_words("bn_sqr_words"); @@ -19,7 +25,115 @@ sub bn_mul_add_words { local($name)=@_; - &function_begin($name,""); + &function_begin_B($name,""); + + $r="eax"; + $a="edx"; + $c="ecx"; + + if ($sse2) { + &picmeup("eax","OPENSSL_ia32cap_P"); + &bt(&DWP(0,"eax"),"\$IA32CAP_BIT0_SSE2"); + &jnc(&label("maw_non_sse2")); + + &mov($r,&wparam(0)); + &mov($a,&wparam(1)); + &mov($c,&wparam(2)); + &movd("mm0",&wparam(3)); # mm0 = w + &pxor("mm1","mm1"); # mm1 = carry_in + &jmp(&label("maw_sse2_entry")); + + &set_label("maw_sse2_unrolled",16); + &movd("mm3",&DWP(0,$r,"",0)); # mm3 = r[0] + &paddq("mm1","mm3"); # mm1 = carry_in + r[0] + &movd("mm2",&DWP(0,$a,"",0)); # mm2 = a[0] + &pmuludq("mm2","mm0"); # mm2 = w*a[0] + &movd("mm4",&DWP(4,$a,"",0)); # mm4 = a[1] + &pmuludq("mm4","mm0"); # mm4 = w*a[1] + &movd("mm6",&DWP(8,$a,"",0)); # mm6 = a[2] + &pmuludq("mm6","mm0"); # mm6 = w*a[2] + &movd("mm7",&DWP(12,$a,"",0)); # mm7 = a[3] + &pmuludq("mm7","mm0"); # mm7 = w*a[3] + &paddq("mm1","mm2"); # mm1 = carry_in + r[0] + w*a[0] + &movd("mm3",&DWP(4,$r,"",0)); # mm3 = r[1] + &paddq("mm3","mm4"); # mm3 = r[1] + w*a[1] + &movd("mm5",&DWP(8,$r,"",0)); # mm5 = r[2] + &paddq("mm5","mm6"); # mm5 = r[2] + w*a[2] + &movd("mm4",&DWP(12,$r,"",0)); # mm4 = r[3] + &paddq("mm7","mm4"); # mm7 = r[3] + w*a[3] + &movd(&DWP(0,$r,"",0),"mm1"); + &movd("mm2",&DWP(16,$a,"",0)); # mm2 = a[4] + &pmuludq("mm2","mm0"); # mm2 = w*a[4] + &psrlq("mm1",32); # mm1 = carry0 + &movd("mm4",&DWP(20,$a,"",0)); # mm4 = a[5] + &pmuludq("mm4","mm0"); # mm4 = w*a[5] + &paddq("mm1","mm3"); # mm1 = carry0 + r[1] + w*a[1] + &movd("mm6",&DWP(24,$a,"",0)); # mm6 = a[6] + &pmuludq("mm6","mm0"); # mm6 = w*a[6] + &movd(&DWP(4,$r,"",0),"mm1"); + &psrlq("mm1",32); # mm1 = carry1 + &movd("mm3",&DWP(28,$a,"",0)); # mm3 = a[7] + &add($a,32); + &pmuludq("mm3","mm0"); # mm3 = w*a[7] + &paddq("mm1","mm5"); # mm1 = carry1 + r[2] + w*a[2] + &movd("mm5",&DWP(16,$r,"",0)); # mm5 = r[4] + &paddq("mm2","mm5"); # mm2 = r[4] + w*a[4] + &movd(&DWP(8,$r,"",0),"mm1"); + &psrlq("mm1",32); # mm1 = carry2 + &paddq("mm1","mm7"); # mm1 = carry2 + r[3] + w*a[3] + &movd("mm5",&DWP(20,$r,"",0)); # mm5 = r[5] + &paddq("mm4","mm5"); # mm4 = r[5] + w*a[5] + &movd(&DWP(12,$r,"",0),"mm1"); + &psrlq("mm1",32); # mm1 = carry3 + &paddq("mm1","mm2"); # mm1 = carry3 + r[4] + w*a[4] + &movd("mm5",&DWP(24,$r,"",0)); # mm5 = r[6] + &paddq("mm6","mm5"); # mm6 = r[6] + w*a[6] + &movd(&DWP(16,$r,"",0),"mm1"); + &psrlq("mm1",32); # mm1 = carry4 + &paddq("mm1","mm4"); # mm1 = carry4 + r[5] + w*a[5] + &movd("mm5",&DWP(28,$r,"",0)); # mm5 = r[7] + &paddq("mm3","mm5"); # mm3 = r[7] + w*a[7] + &movd(&DWP(20,$r,"",0),"mm1"); + &psrlq("mm1",32); # mm1 = carry5 + &paddq("mm1","mm6"); # mm1 = carry5 + r[6] + w*a[6] + &movd(&DWP(24,$r,"",0),"mm1"); + &psrlq("mm1",32); # mm1 = carry6 + &paddq("mm1","mm3"); # mm1 = carry6 + r[7] + w*a[7] + &movd(&DWP(28,$r,"",0),"mm1"); + &lea($r,&DWP(32,$r)); + &psrlq("mm1",32); # mm1 = carry_out + + &sub($c,8); + &jz(&label("maw_sse2_exit")); + &set_label("maw_sse2_entry"); + &test($c,0xfffffff8); + &jnz(&label("maw_sse2_unrolled")); + + &set_label("maw_sse2_loop",4); + &movd("mm2",&DWP(0,$a)); # mm2 = a[i] + &movd("mm3",&DWP(0,$r)); # mm3 = r[i] + &pmuludq("mm2","mm0"); # a[i] *= w + &lea($a,&DWP(4,$a)); + &paddq("mm1","mm3"); # carry += r[i] + &paddq("mm1","mm2"); # carry += a[i]*w + &movd(&DWP(0,$r),"mm1"); # r[i] = carry_low + &sub($c,1); + &psrlq("mm1",32); # carry = carry_high + &lea($r,&DWP(4,$r)); + &jnz(&label("maw_sse2_loop")); + &set_label("maw_sse2_exit"); + &movd("eax","mm1"); # c = carry_out + &emms(); + &ret(); + + &set_label("maw_non_sse2",16); + } + + # function_begin prologue + &push("ebp"); + &push("ebx"); + &push("esi"); + &push("edi"); &comment(""); $Low="eax"; @@ -42,30 +156,26 @@ sub bn_mul_add_words &jz(&label("maw_finish")); - &set_label("maw_loop",0); - - &mov(&swtmp(0),"ecx"); # + &set_label("maw_loop",16); for ($i=0; $i<32; $i+=4) { &comment("Round $i"); - &mov("eax",&DWP($i,$a,"",0)); # *a + &mov("eax",&DWP($i,$a)); # *a &mul($w); # *a * w - &add("eax",$c); # L(t)+= *r - &mov($c,&DWP($i,$r,"",0)); # L(t)+= *r + &add("eax",$c); # L(t)+= c &adc("edx",0); # H(t)+=carry - &add("eax",$c); # L(t)+=c + &add("eax",&DWP($i,$r)); # L(t)+= *r &adc("edx",0); # H(t)+=carry - &mov(&DWP($i,$r,"",0),"eax"); # *r= L(t); + &mov(&DWP($i,$r),"eax"); # *r= L(t); &mov($c,"edx"); # c= H(t); } &comment(""); - &mov("ecx",&swtmp(0)); # - &add($a,32); - &add($r,32); &sub("ecx",8); + &lea($a,&DWP(32,$a)); + &lea($r,&DWP(32,$r)); &jnz(&label("maw_loop")); &set_label("maw_finish",0); @@ -78,16 +188,15 @@ sub bn_mul_add_words for ($i=0; $i<7; $i++) { &comment("Tail Round $i"); - &mov("eax",&DWP($i*4,$a,"",0));# *a + &mov("eax",&DWP($i*4,$a)); # *a &mul($w); # *a * w &add("eax",$c); # L(t)+=c - &mov($c,&DWP($i*4,$r,"",0)); # L(t)+= *r &adc("edx",0); # H(t)+=carry - &add("eax",$c); + &add("eax",&DWP($i*4,$r)); # L(t)+= *r &adc("edx",0); # H(t)+=carry &dec("ecx") if ($i != 7-1); - &mov(&DWP($i*4,$r,"",0),"eax"); # *r= L(t); - &mov($c,"edx"); # c= H(t); + &mov(&DWP($i*4,$r),"eax"); # *r= L(t); + &mov($c,"edx"); # c= H(t); &jz(&label("maw_end")) if ($i != 7-1); } &set_label("maw_end",0); @@ -102,7 +211,45 @@ sub bn_mul_words { local($name)=@_; - &function_begin($name,""); + &function_begin_B($name,""); + + $r="eax"; + $a="edx"; + $c="ecx"; + + if ($sse2) { + &picmeup("eax","OPENSSL_ia32cap_P"); + &bt(&DWP(0,"eax"),"\$IA32CAP_BIT0_SSE2"); + &jnc(&label("mw_non_sse2")); + + &mov($r,&wparam(0)); + &mov($a,&wparam(1)); + &mov($c,&wparam(2)); + &movd("mm0",&wparam(3)); # mm0 = w + &pxor("mm1","mm1"); # mm1 = carry = 0 + + &set_label("mw_sse2_loop",16); + &movd("mm2",&DWP(0,$a)); # mm2 = a[i] + &pmuludq("mm2","mm0"); # a[i] *= w + &lea($a,&DWP(4,$a)); + &paddq("mm1","mm2"); # carry += a[i]*w + &movd(&DWP(0,$r),"mm1"); # r[i] = carry_low + &sub($c,1); + &psrlq("mm1",32); # carry = carry_high + &lea($r,&DWP(4,$r)); + &jnz(&label("mw_sse2_loop")); + + &movd("eax","mm1"); # return carry + &emms(); + &ret(); + &set_label("mw_non_sse2",16); + } + + # function_begin prologue + &push("ebp"); + &push("ebx"); + &push("esi"); + &push("edi"); &comment(""); $Low="eax"; @@ -175,7 +322,40 @@ sub bn_sqr_words { local($name)=@_; - &function_begin($name,""); + &function_begin_B($name,""); + + $r="eax"; + $a="edx"; + $c="ecx"; + + if ($sse2) { + &picmeup("eax","OPENSSL_ia32cap_P"); + &bt(&DWP(0,"eax"),"\$IA32CAP_BIT0_SSE2"); + &jnc(&label("sqr_non_sse2")); + + &mov($r,&wparam(0)); + &mov($a,&wparam(1)); + &mov($c,&wparam(2)); + + &set_label("sqr_sse2_loop",16); + &movd("mm0",&DWP(0,$a)); # mm0 = a[i] + &pmuludq("mm0","mm0"); # a[i] *= a[i] + &lea($a,&DWP(4,$a)); # a++ + &movq(&QWP(0,$r),"mm0"); # r[i] = a[i]*a[i] + &sub($c,1); + &lea($r,&DWP(8,$r)); # r += 2 + &jnz(&label("sqr_sse2_loop")); + + &emms(); + &ret(); + &set_label("sqr_non_sse2",16); + } + + # function_begin prologue + &push("ebp"); + &push("ebx"); + &push("esi"); + &push("edi"); &comment(""); $r="esi"; @@ -231,12 +411,13 @@ sub bn_div_words { local($name)=@_; - &function_begin($name,""); + &function_begin_B($name,""); &mov("edx",&wparam(0)); # &mov("eax",&wparam(1)); # - &mov("ebx",&wparam(2)); # - &div("ebx"); - &function_end($name); + &mov("ecx",&wparam(2)); # + &div("ecx"); + &ret(); + &function_end_B($name); } sub bn_add_words diff --git a/src/lib/libcrypto/bn/asm/bn-alpha.pl b/src/lib/libcrypto/bn/asm/bn-alpha.pl deleted file mode 100644 index 302edf23767..00000000000 --- a/src/lib/libcrypto/bn/asm/bn-alpha.pl +++ /dev/null @@ -1,571 +0,0 @@ -#!/usr/local/bin/perl -# I have this in perl so I can use more usefull register names and then convert -# them into alpha registers. -# - -$d=&data(); -$d =~ s/CC/0/g; -$d =~ s/R1/1/g; -$d =~ s/R2/2/g; -$d =~ s/R3/3/g; -$d =~ s/R4/4/g; -$d =~ s/L1/5/g; -$d =~ s/L2/6/g; -$d =~ s/L3/7/g; -$d =~ s/L4/8/g; -$d =~ s/O1/22/g; -$d =~ s/O2/23/g; -$d =~ s/O3/24/g; -$d =~ s/O4/25/g; -$d =~ s/A1/20/g; -$d =~ s/A2/21/g; -$d =~ s/A3/27/g; -$d =~ s/A4/28/g; -if (0){ -} - -print $d; - -sub data - { - local($data)=<<'EOF'; - - # DEC Alpha assember - # The bn_div_words is actually gcc output but the other parts are hand done. - # Thanks to tzeruch@ceddec.com for sending me the gcc output for - # bn_div_words. - # I've gone back and re-done most of routines. - # The key thing to remeber for the 164 CPU is that while a - # multiply operation takes 8 cycles, another one can only be issued - # after 4 cycles have elapsed. I've done modification to help - # improve this. Also, normally, a ld instruction will not be available - # for about 3 cycles. - .file 1 "bn_asm.c" - .set noat -gcc2_compiled.: -__gnu_compiled_c: - .text - .align 3 - .globl bn_mul_add_words - .ent bn_mul_add_words -bn_mul_add_words: -bn_mul_add_words..ng: - .frame $30,0,$26,0 - .prologue 0 - .align 5 - subq $18,4,$18 - bis $31,$31,$CC - blt $18,$43 # if we are -1, -2, -3 or -4 goto tail code - ldq $A1,0($17) # 1 1 - ldq $R1,0($16) # 1 1 - .align 3 -$42: - mulq $A1,$19,$L1 # 1 2 1 ###### - ldq $A2,8($17) # 2 1 - ldq $R2,8($16) # 2 1 - umulh $A1,$19,$A1 # 1 2 ###### - ldq $A3,16($17) # 3 1 - ldq $R3,16($16) # 3 1 - mulq $A2,$19,$L2 # 2 2 1 ###### - ldq $A4,24($17) # 4 1 - addq $R1,$L1,$R1 # 1 2 2 - ldq $R4,24($16) # 4 1 - umulh $A2,$19,$A2 # 2 2 ###### - cmpult $R1,$L1,$O1 # 1 2 3 1 - addq $A1,$O1,$A1 # 1 3 1 - addq $R1,$CC,$R1 # 1 2 3 1 - mulq $A3,$19,$L3 # 3 2 1 ###### - cmpult $R1,$CC,$CC # 1 2 3 2 - addq $R2,$L2,$R2 # 2 2 2 - addq $A1,$CC,$CC # 1 3 2 - cmpult $R2,$L2,$O2 # 2 2 3 1 - addq $A2,$O2,$A2 # 2 3 1 - umulh $A3,$19,$A3 # 3 2 ###### - addq $R2,$CC,$R2 # 2 2 3 1 - cmpult $R2,$CC,$CC # 2 2 3 2 - subq $18,4,$18 - mulq $A4,$19,$L4 # 4 2 1 ###### - addq $A2,$CC,$CC # 2 3 2 - addq $R3,$L3,$R3 # 3 2 2 - addq $16,32,$16 - cmpult $R3,$L3,$O3 # 3 2 3 1 - stq $R1,-32($16) # 1 2 4 - umulh $A4,$19,$A4 # 4 2 ###### - addq $A3,$O3,$A3 # 3 3 1 - addq $R3,$CC,$R3 # 3 2 3 1 - stq $R2,-24($16) # 2 2 4 - cmpult $R3,$CC,$CC # 3 2 3 2 - stq $R3,-16($16) # 3 2 4 - addq $R4,$L4,$R4 # 4 2 2 - addq $A3,$CC,$CC # 3 3 2 - cmpult $R4,$L4,$O4 # 4 2 3 1 - addq $17,32,$17 - addq $A4,$O4,$A4 # 4 3 1 - addq $R4,$CC,$R4 # 4 2 3 1 - cmpult $R4,$CC,$CC # 4 2 3 2 - stq $R4,-8($16) # 4 2 4 - addq $A4,$CC,$CC # 4 3 2 - blt $18,$43 - - ldq $A1,0($17) # 1 1 - ldq $R1,0($16) # 1 1 - - br $42 - - .align 4 -$45: - ldq $A1,0($17) # 4 1 - ldq $R1,0($16) # 4 1 - mulq $A1,$19,$L1 # 4 2 1 - subq $18,1,$18 - addq $16,8,$16 - addq $17,8,$17 - umulh $A1,$19,$A1 # 4 2 - addq $R1,$L1,$R1 # 4 2 2 - cmpult $R1,$L1,$O1 # 4 2 3 1 - addq $A1,$O1,$A1 # 4 3 1 - addq $R1,$CC,$R1 # 4 2 3 1 - cmpult $R1,$CC,$CC # 4 2 3 2 - addq $A1,$CC,$CC # 4 3 2 - stq $R1,-8($16) # 4 2 4 - bgt $18,$45 - ret $31,($26),1 # else exit - - .align 4 -$43: - addq $18,4,$18 - bgt $18,$45 # goto tail code - ret $31,($26),1 # else exit - - .end bn_mul_add_words - .align 3 - .globl bn_mul_words - .ent bn_mul_words -bn_mul_words: -bn_mul_words..ng: - .frame $30,0,$26,0 - .prologue 0 - .align 5 - subq $18,4,$18 - bis $31,$31,$CC - blt $18,$143 # if we are -1, -2, -3 or -4 goto tail code - ldq $A1,0($17) # 1 1 - .align 3 -$142: - - mulq $A1,$19,$L1 # 1 2 1 ##### - ldq $A2,8($17) # 2 1 - ldq $A3,16($17) # 3 1 - umulh $A1,$19,$A1 # 1 2 ##### - ldq $A4,24($17) # 4 1 - mulq $A2,$19,$L2 # 2 2 1 ##### - addq $L1,$CC,$L1 # 1 2 3 1 - subq $18,4,$18 - cmpult $L1,$CC,$CC # 1 2 3 2 - umulh $A2,$19,$A2 # 2 2 ##### - addq $A1,$CC,$CC # 1 3 2 - addq $17,32,$17 - addq $L2,$CC,$L2 # 2 2 3 1 - mulq $A3,$19,$L3 # 3 2 1 ##### - cmpult $L2,$CC,$CC # 2 2 3 2 - addq $A2,$CC,$CC # 2 3 2 - addq $16,32,$16 - umulh $A3,$19,$A3 # 3 2 ##### - stq $L1,-32($16) # 1 2 4 - mulq $A4,$19,$L4 # 4 2 1 ##### - addq $L3,$CC,$L3 # 3 2 3 1 - stq $L2,-24($16) # 2 2 4 - cmpult $L3,$CC,$CC # 3 2 3 2 - umulh $A4,$19,$A4 # 4 2 ##### - addq $A3,$CC,$CC # 3 3 2 - stq $L3,-16($16) # 3 2 4 - addq $L4,$CC,$L4 # 4 2 3 1 - cmpult $L4,$CC,$CC # 4 2 3 2 - - addq $A4,$CC,$CC # 4 3 2 - - stq $L4,-8($16) # 4 2 4 - - blt $18,$143 - - ldq $A1,0($17) # 1 1 - - br $142 - - .align 4 -$145: - ldq $A1,0($17) # 4 1 - mulq $A1,$19,$L1 # 4 2 1 - subq $18,1,$18 - umulh $A1,$19,$A1 # 4 2 - addq $L1,$CC,$L1 # 4 2 3 1 - addq $16,8,$16 - cmpult $L1,$CC,$CC # 4 2 3 2 - addq $17,8,$17 - addq $A1,$CC,$CC # 4 3 2 - stq $L1,-8($16) # 4 2 4 - - bgt $18,$145 - ret $31,($26),1 # else exit - - .align 4 -$143: - addq $18,4,$18 - bgt $18,$145 # goto tail code - ret $31,($26),1 # else exit - - .end bn_mul_words - .align 3 - .globl bn_sqr_words - .ent bn_sqr_words -bn_sqr_words: -bn_sqr_words..ng: - .frame $30,0,$26,0 - .prologue 0 - - subq $18,4,$18 - blt $18,$543 # if we are -1, -2, -3 or -4 goto tail code - ldq $A1,0($17) # 1 1 - .align 3 -$542: - mulq $A1,$A1,$L1 ###### - ldq $A2,8($17) # 1 1 - subq $18,4 - umulh $A1,$A1,$R1 ###### - ldq $A3,16($17) # 1 1 - mulq $A2,$A2,$L2 ###### - ldq $A4,24($17) # 1 1 - stq $L1,0($16) # r[0] - umulh $A2,$A2,$R2 ###### - stq $R1,8($16) # r[1] - mulq $A3,$A3,$L3 ###### - stq $L2,16($16) # r[0] - umulh $A3,$A3,$R3 ###### - stq $R2,24($16) # r[1] - mulq $A4,$A4,$L4 ###### - stq $L3,32($16) # r[0] - umulh $A4,$A4,$R4 ###### - stq $R3,40($16) # r[1] - - addq $16,64,$16 - addq $17,32,$17 - stq $L4,-16($16) # r[0] - stq $R4,-8($16) # r[1] - - blt $18,$543 - ldq $A1,0($17) # 1 1 - br $542 - -$442: - ldq $A1,0($17) # a[0] - mulq $A1,$A1,$L1 # a[0]*w low part r2 - addq $16,16,$16 - addq $17,8,$17 - subq $18,1,$18 - umulh $A1,$A1,$R1 # a[0]*w high part r3 - stq $L1,-16($16) # r[0] - stq $R1,-8($16) # r[1] - - bgt $18,$442 - ret $31,($26),1 # else exit - - .align 4 -$543: - addq $18,4,$18 - bgt $18,$442 # goto tail code - ret $31,($26),1 # else exit - .end bn_sqr_words - - .align 3 - .globl bn_add_words - .ent bn_add_words -bn_add_words: -bn_add_words..ng: - .frame $30,0,$26,0 - .prologue 0 - - subq $19,4,$19 - bis $31,$31,$CC # carry = 0 - blt $19,$900 - ldq $L1,0($17) # a[0] - ldq $R1,0($18) # b[1] - .align 3 -$901: - addq $R1,$L1,$R1 # r=a+b; - ldq $L2,8($17) # a[1] - cmpult $R1,$L1,$O1 # did we overflow? - ldq $R2,8($18) # b[1] - addq $R1,$CC,$R1 # c+= overflow - ldq $L3,16($17) # a[2] - cmpult $R1,$CC,$CC # overflow? - ldq $R3,16($18) # b[2] - addq $CC,$O1,$CC - ldq $L4,24($17) # a[3] - addq $R2,$L2,$R2 # r=a+b; - ldq $R4,24($18) # b[3] - cmpult $R2,$L2,$O2 # did we overflow? - addq $R3,$L3,$R3 # r=a+b; - addq $R2,$CC,$R2 # c+= overflow - cmpult $R3,$L3,$O3 # did we overflow? - cmpult $R2,$CC,$CC # overflow? - addq $R4,$L4,$R4 # r=a+b; - addq $CC,$O2,$CC - cmpult $R4,$L4,$O4 # did we overflow? - addq $R3,$CC,$R3 # c+= overflow - stq $R1,0($16) # r[0]=c - cmpult $R3,$CC,$CC # overflow? - stq $R2,8($16) # r[1]=c - addq $CC,$O3,$CC - stq $R3,16($16) # r[2]=c - addq $R4,$CC,$R4 # c+= overflow - subq $19,4,$19 # loop-- - cmpult $R4,$CC,$CC # overflow? - addq $17,32,$17 # a++ - addq $CC,$O4,$CC - stq $R4,24($16) # r[3]=c - addq $18,32,$18 # b++ - addq $16,32,$16 # r++ - - blt $19,$900 - ldq $L1,0($17) # a[0] - ldq $R1,0($18) # b[1] - br $901 - .align 4 -$945: - ldq $L1,0($17) # a[0] - ldq $R1,0($18) # b[1] - addq $R1,$L1,$R1 # r=a+b; - subq $19,1,$19 # loop-- - addq $R1,$CC,$R1 # c+= overflow - addq $17,8,$17 # a++ - cmpult $R1,$L1,$O1 # did we overflow? - cmpult $R1,$CC,$CC # overflow? - addq $18,8,$18 # b++ - stq $R1,0($16) # r[0]=c - addq $CC,$O1,$CC - addq $16,8,$16 # r++ - - bgt $19,$945 - ret $31,($26),1 # else exit - -$900: - addq $19,4,$19 - bgt $19,$945 # goto tail code - ret $31,($26),1 # else exit - .end bn_add_words - - .align 3 - .globl bn_sub_words - .ent bn_sub_words -bn_sub_words: -bn_sub_words..ng: - .frame $30,0,$26,0 - .prologue 0 - - subq $19,4,$19 - bis $31,$31,$CC # carry = 0 - br $800 - blt $19,$800 - ldq $L1,0($17) # a[0] - ldq $R1,0($18) # b[1] - .align 3 -$801: - addq $R1,$L1,$R1 # r=a+b; - ldq $L2,8($17) # a[1] - cmpult $R1,$L1,$O1 # did we overflow? - ldq $R2,8($18) # b[1] - addq $R1,$CC,$R1 # c+= overflow - ldq $L3,16($17) # a[2] - cmpult $R1,$CC,$CC # overflow? - ldq $R3,16($18) # b[2] - addq $CC,$O1,$CC - ldq $L4,24($17) # a[3] - addq $R2,$L2,$R2 # r=a+b; - ldq $R4,24($18) # b[3] - cmpult $R2,$L2,$O2 # did we overflow? - addq $R3,$L3,$R3 # r=a+b; - addq $R2,$CC,$R2 # c+= overflow - cmpult $R3,$L3,$O3 # did we overflow? - cmpult $R2,$CC,$CC # overflow? - addq $R4,$L4,$R4 # r=a+b; - addq $CC,$O2,$CC - cmpult $R4,$L4,$O4 # did we overflow? - addq $R3,$CC,$R3 # c+= overflow - stq $R1,0($16) # r[0]=c - cmpult $R3,$CC,$CC # overflow? - stq $R2,8($16) # r[1]=c - addq $CC,$O3,$CC - stq $R3,16($16) # r[2]=c - addq $R4,$CC,$R4 # c+= overflow - subq $19,4,$19 # loop-- - cmpult $R4,$CC,$CC # overflow? - addq $17,32,$17 # a++ - addq $CC,$O4,$CC - stq $R4,24($16) # r[3]=c - addq $18,32,$18 # b++ - addq $16,32,$16 # r++ - - blt $19,$800 - ldq $L1,0($17) # a[0] - ldq $R1,0($18) # b[1] - br $801 - .align 4 -$845: - ldq $L1,0($17) # a[0] - ldq $R1,0($18) # b[1] - cmpult $L1,$R1,$O1 # will we borrow? - subq $L1,$R1,$R1 # r=a-b; - subq $19,1,$19 # loop-- - cmpult $R1,$CC,$O2 # will we borrow? - subq $R1,$CC,$R1 # c+= overflow - addq $17,8,$17 # a++ - addq $18,8,$18 # b++ - stq $R1,0($16) # r[0]=c - addq $O2,$O1,$CC - addq $16,8,$16 # r++ - - bgt $19,$845 - ret $31,($26),1 # else exit - -$800: - addq $19,4,$19 - bgt $19,$845 # goto tail code - ret $31,($26),1 # else exit - .end bn_sub_words - - # - # What follows was taken directly from the C compiler with a few - # hacks to redo the lables. - # -.text - .align 3 - .globl bn_div_words - .ent bn_div_words -bn_div_words: - ldgp $29,0($27) -bn_div_words..ng: - lda $30,-48($30) - .frame $30,48,$26,0 - stq $26,0($30) - stq $9,8($30) - stq $10,16($30) - stq $11,24($30) - stq $12,32($30) - stq $13,40($30) - .mask 0x4003e00,-48 - .prologue 1 - bis $16,$16,$9 - bis $17,$17,$10 - bis $18,$18,$11 - bis $31,$31,$13 - bis $31,2,$12 - bne $11,$119 - lda $0,-1 - br $31,$136 - .align 4 -$119: - bis $11,$11,$16 - jsr $26,BN_num_bits_word - ldgp $29,0($26) - subq $0,64,$1 - beq $1,$120 - bis $31,1,$1 - sll $1,$0,$1 - cmpule $9,$1,$1 - bne $1,$120 - # lda $16,_IO_stderr_ - # lda $17,$C32 - # bis $0,$0,$18 - # jsr $26,fprintf - # ldgp $29,0($26) - jsr $26,abort - ldgp $29,0($26) - .align 4 -$120: - bis $31,64,$3 - cmpult $9,$11,$2 - subq $3,$0,$1 - addl $1,$31,$0 - subq $9,$11,$1 - cmoveq $2,$1,$9 - beq $0,$122 - zapnot $0,15,$2 - subq $3,$0,$1 - sll $11,$2,$11 - sll $9,$2,$3 - srl $10,$1,$1 - sll $10,$2,$10 - bis $3,$1,$9 -$122: - srl $11,32,$5 - zapnot $11,15,$6 - lda $7,-1 - .align 5 -$123: - srl $9,32,$1 - subq $1,$5,$1 - bne $1,$126 - zapnot $7,15,$27 - br $31,$127 - .align 4 -$126: - bis $9,$9,$24 - bis $5,$5,$25 - divqu $24,$25,$27 -$127: - srl $10,32,$4 - .align 5 -$128: - mulq $27,$5,$1 - subq $9,$1,$3 - zapnot $3,240,$1 - bne $1,$129 - mulq $6,$27,$2 - sll $3,32,$1 - addq $1,$4,$1 - cmpule $2,$1,$2 - bne $2,$129 - subq $27,1,$27 - br $31,$128 - .align 4 -$129: - mulq $27,$6,$1 - mulq $27,$5,$4 - srl $1,32,$3 - sll $1,32,$1 - addq $4,$3,$4 - cmpult $10,$1,$2 - subq $10,$1,$10 - addq $2,$4,$2 - cmpult $9,$2,$1 - bis $2,$2,$4 - beq $1,$134 - addq $9,$11,$9 - subq $27,1,$27 -$134: - subl $12,1,$12 - subq $9,$4,$9 - beq $12,$124 - sll $27,32,$13 - sll $9,32,$2 - srl $10,32,$1 - sll $10,32,$10 - bis $2,$1,$9 - br $31,$123 - .align 4 -$124: - bis $13,$27,$0 -$136: - ldq $26,0($30) - ldq $9,8($30) - ldq $10,16($30) - ldq $11,24($30) - ldq $12,32($30) - ldq $13,40($30) - addq $30,48,$30 - ret $31,($26),1 - .end bn_div_words -EOF - return($data); - } - diff --git a/src/lib/libcrypto/bn/asm/ca.pl b/src/lib/libcrypto/bn/asm/ca.pl deleted file mode 100644 index c1ce67a6b4d..00000000000 --- a/src/lib/libcrypto/bn/asm/ca.pl +++ /dev/null @@ -1,33 +0,0 @@ -#!/usr/local/bin/perl -# I have this in perl so I can use more usefull register names and then convert -# them into alpha registers. -# - -push(@INC,"perlasm","../../perlasm"); -require "alpha.pl"; -require "alpha/mul_add.pl"; -require "alpha/mul.pl"; -require "alpha/sqr.pl"; -require "alpha/add.pl"; -require "alpha/sub.pl"; -require "alpha/mul_c8.pl"; -require "alpha/mul_c4.pl"; -require "alpha/sqr_c4.pl"; -require "alpha/sqr_c8.pl"; -require "alpha/div.pl"; - -&asm_init($ARGV[0],$0); - -&bn_mul_words("bn_mul_words"); -&bn_sqr_words("bn_sqr_words"); -&bn_mul_add_words("bn_mul_add_words"); -&bn_add_words("bn_add_words"); -&bn_sub_words("bn_sub_words"); -&bn_div_words("bn_div_words"); -&bn_mul_comba8("bn_mul_comba8"); -&bn_mul_comba4("bn_mul_comba4"); -&bn_sqr_comba4("bn_sqr_comba4"); -&bn_sqr_comba8("bn_sqr_comba8"); - -&asm_finish(); - diff --git a/src/lib/libcrypto/bn/asm/co-586.pl b/src/lib/libcrypto/bn/asm/co-586.pl index 5d962cb957d..57101a6bd77 100644 --- a/src/lib/libcrypto/bn/asm/co-586.pl +++ b/src/lib/libcrypto/bn/asm/co-586.pl @@ -1,6 +1,7 @@ #!/usr/local/bin/perl -push(@INC,"perlasm","../../perlasm"); +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +push(@INC,"${dir}","${dir}../../perlasm"); require "x86asm.pl"; &asm_init($ARGV[0],$0); diff --git a/src/lib/libcrypto/bn/asm/co-alpha.pl b/src/lib/libcrypto/bn/asm/co-alpha.pl deleted file mode 100644 index 67dad3e3d5f..00000000000 --- a/src/lib/libcrypto/bn/asm/co-alpha.pl +++ /dev/null @@ -1,116 +0,0 @@ -#!/usr/local/bin/perl -# I have this in perl so I can use more usefull register names and then convert -# them into alpha registers. -# - -push(@INC,"perlasm","../../perlasm"); -require "alpha.pl"; - -&asm_init($ARGV[0],$0); - -print &bn_sub_words("bn_sub_words"); - -&asm_finish(); - -sub bn_sub_words - { - local($name)=@_; - local($cc,$a,$b,$r); - - $cc="r0"; - $a0="r1"; $b0="r5"; $r0="r9"; $tmp="r13"; - $a1="r2"; $b1="r6"; $r1="r10"; $t1="r14"; - $a2="r3"; $b2="r7"; $r2="r11"; - $a3="r4"; $b3="r8"; $r3="r12"; $t3="r15"; - - $rp=&wparam(0); - $ap=&wparam(1); - $bp=&wparam(2); - $count=&wparam(3); - - &function_begin($name,""); - - &comment(""); - &sub($count,4,$count); - &mov("zero",$cc); - &blt($count,&label("finish")); - - &ld($a0,&QWPw(0,$ap)); - &ld($b0,&QWPw(0,$bp)); - -########################################################## - &set_label("loop"); - - &ld($a1,&QWPw(1,$ap)); - &cmpult($a0,$b0,$tmp); # will we borrow? - &ld($b1,&QWPw(1,$bp)); - &sub($a0,$b0,$a0); # do the subtract - &ld($a2,&QWPw(2,$ap)); - &cmpult($a0,$cc,$b0); # will we borrow? - &ld($b2,&QWPw(2,$bp)); - &sub($a0,$cc,$a0); # will we borrow? - &ld($a3,&QWPw(3,$ap)); - &add($b0,$tmp,$cc); # add the borrows - - &cmpult($a1,$b1,$t1); # will we borrow? - &sub($a1,$b1,$a1); # do the subtract - &ld($b3,&QWPw(3,$bp)); - &cmpult($a1,$cc,$b1); # will we borrow? - &sub($a1,$cc,$a1); # will we borrow? - &add($b1,$t1,$cc); # add the borrows - - &cmpult($a2,$b2,$tmp); # will we borrow? - &sub($a2,$b2,$a2); # do the subtract - &st($a0,&QWPw(0,$rp)); # save - &cmpult($a2,$cc,$b2); # will we borrow? - &sub($a2,$cc,$a2); # will we borrow? - &add($b2,$tmp,$cc); # add the borrows - - &cmpult($a3,$b3,$t3); # will we borrow? - &sub($a3,$b3,$a3); # do the subtract - &st($a1,&QWPw(1,$rp)); # save - &cmpult($a3,$cc,$b3); # will we borrow? - &sub($a3,$cc,$a3); # will we borrow? - &add($b3,$t3,$cc); # add the borrows - - &st($a2,&QWPw(2,$rp)); # save - &sub($count,4,$count); # count-=4 - &st($a3,&QWPw(3,$rp)); # save - &add($ap,4*$QWS,$ap); # count+=4 - &add($bp,4*$QWS,$bp); # count+=4 - &add($rp,4*$QWS,$rp); # count+=4 - - &blt($count,&label("finish")); - &ld($a0,&QWPw(0,$ap)); - &ld($b0,&QWPw(0,$bp)); - &br(&label("loop")); -################################################## - # Do the last 0..3 words - - &set_label("last_loop"); - - &ld($a0,&QWPw(0,$ap)); # get a - &ld($b0,&QWPw(0,$bp)); # get b - &cmpult($a0,$b0,$tmp); # will we borrow? - &sub($a0,$b0,$a0); # do the subtract - &cmpult($a0,$cc,$b0); # will we borrow? - &sub($a0,$cc,$a0); # will we borrow? - &st($a0,&QWPw(0,$rp)); # save - &add($b0,$tmp,$cc); # add the borrows - - &add($ap,$QWS,$ap); - &add($bp,$QWS,$bp); - &add($rp,$QWS,$rp); - &sub($count,1,$count); - &bgt($count,&label("last_loop")); - &function_end_A($name); - -###################################################### - &set_label("finish"); - &add($count,4,$count); - &bgt($count,&label("last_loop")); - - &set_label("end"); - &function_end($name); - } - diff --git a/src/lib/libcrypto/bn/asm/ia64.S b/src/lib/libcrypto/bn/asm/ia64.S deleted file mode 100644 index ae56066310b..00000000000 --- a/src/lib/libcrypto/bn/asm/ia64.S +++ /dev/null @@ -1,1498 +0,0 @@ -.explicit -.text -.ident "ia64.S, Version 1.1" -.ident "IA-64 ISA artwork by Andy Polyakov " - -// -// ==================================================================== -// Written by Andy Polyakov for the OpenSSL -// project. -// -// Rights for redistribution and usage in source and binary forms are -// granted according to the OpenSSL license. Warranty of any kind is -// disclaimed. -// ==================================================================== -// - -// Q. How much faster does it get? -// A. Here is the output from 'openssl speed rsa dsa' for vanilla -// 0.9.6a compiled with gcc version 2.96 20000731 (Red Hat -// Linux 7.1 2.96-81): -// -// sign verify sign/s verify/s -// rsa 512 bits 0.0036s 0.0003s 275.3 2999.2 -// rsa 1024 bits 0.0203s 0.0011s 49.3 894.1 -// rsa 2048 bits 0.1331s 0.0040s 7.5 250.9 -// rsa 4096 bits 0.9270s 0.0147s 1.1 68.1 -// sign verify sign/s verify/s -// dsa 512 bits 0.0035s 0.0043s 288.3 234.8 -// dsa 1024 bits 0.0111s 0.0135s 90.0 74.2 -// -// And here is similar output but for this assembler -// implementation:-) -// -// sign verify sign/s verify/s -// rsa 512 bits 0.0021s 0.0001s 549.4 9638.5 -// rsa 1024 bits 0.0055s 0.0002s 183.8 4481.1 -// rsa 2048 bits 0.0244s 0.0006s 41.4 1726.3 -// rsa 4096 bits 0.1295s 0.0018s 7.7 561.5 -// sign verify sign/s verify/s -// dsa 512 bits 0.0012s 0.0013s 891.9 756.6 -// dsa 1024 bits 0.0023s 0.0028s 440.4 376.2 -// -// Yes, you may argue that it's not fair comparison as it's -// possible to craft the C implementation with BN_UMULT_HIGH -// inline assembler macro. But of course! Here is the output -// with the macro: -// -// sign verify sign/s verify/s -// rsa 512 bits 0.0020s 0.0002s 495.0 6561.0 -// rsa 1024 bits 0.0086s 0.0004s 116.2 2235.7 -// rsa 2048 bits 0.0519s 0.0015s 19.3 667.3 -// rsa 4096 bits 0.3464s 0.0053s 2.9 187.7 -// sign verify sign/s verify/s -// dsa 512 bits 0.0016s 0.0020s 613.1 510.5 -// dsa 1024 bits 0.0045s 0.0054s 221.0 183.9 -// -// My code is still way faster, huh:-) And I believe that even -// higher performance can be achieved. Note that as keys get -// longer, performance gain is larger. Why? According to the -// profiler there is another player in the field, namely -// BN_from_montgomery consuming larger and larger portion of CPU -// time as keysize decreases. I therefore consider putting effort -// to assembler implementation of the following routine: -// -// void bn_mul_add_mont (BN_ULONG *rp,BN_ULONG *np,int nl,BN_ULONG n0) -// { -// int i,j; -// BN_ULONG v; -// -// for (i=0; i for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# This module doesn't present direct interest for OpenSSL, because it +# doesn't provide better performance for longer keys, at least not on +# in-order-execution cores. While 512-bit RSA sign operations can be +# 65% faster in 64-bit mode, 1024-bit ones are only 15% faster, and +# 4096-bit ones are up to 15% slower. In 32-bit mode it varies from +# 16% improvement for 512-bit RSA sign to -33% for 4096-bit RSA +# verify:-( All comparisons are against bn_mul_mont-free assembler. +# The module might be of interest to embedded system developers, as +# the code is smaller than 1KB, yet offers >3x improvement on MIPS64 +# and 75-30% [less for longer keys] on MIPS32 over compiler-generated +# code. + +###################################################################### +# There is a number of MIPS ABI in use, O32 and N32/64 are most +# widely used. Then there is a new contender: NUBI. It appears that if +# one picks the latter, it's possible to arrange code in ABI neutral +# manner. Therefore let's stick to NUBI register layout: +# +($zero,$at,$t0,$t1,$t2)=map("\$$_",(0..2,24,25)); +($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$$_",(4..11)); +($s0,$s1,$s2,$s3,$s4,$s5,$s6,$s7,$s8,$s9,$s10,$s11)=map("\$$_",(12..23)); +($gp,$tp,$sp,$fp,$ra)=map("\$$_",(3,28..31)); +# +# The return value is placed in $a0. Following coding rules facilitate +# interoperability: +# +# - never ever touch $tp, "thread pointer", former $gp; +# - copy return value to $t0, former $v0 [or to $a0 if you're adapting +# old code]; +# - on O32 populate $a4-$a7 with 'lw $aN,4*N($sp)' if necessary; +# +# For reference here is register layout for N32/64 MIPS ABIs: +# +# ($zero,$at,$v0,$v1)=map("\$$_",(0..3)); +# ($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$$_",(4..11)); +# ($t0,$t1,$t2,$t3,$t8,$t9)=map("\$$_",(12..15,24,25)); +# ($s0,$s1,$s2,$s3,$s4,$s5,$s6,$s7)=map("\$$_",(16..23)); +# ($gp,$sp,$fp,$ra)=map("\$$_",(28..31)); +# +$flavour = shift; # supported flavours are o32,n32,64,nubi32,nubi64 + +if ($flavour =~ /64|n32/i) { + $PTR_ADD="dadd"; # incidentally works even on n32 + $PTR_SUB="dsub"; # incidentally works even on n32 + $REG_S="sd"; + $REG_L="ld"; + $SZREG=8; +} else { + $PTR_ADD="add"; + $PTR_SUB="sub"; + $REG_S="sw"; + $REG_L="lw"; + $SZREG=4; +} +$SAVED_REGS_MASK = ($flavour =~ /nubi/i) ? 0x00fff000 : 0x00ff0000; +# +# +# +###################################################################### + +while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} +open STDOUT,">$output"; + +if ($flavour =~ /64|n32/i) { + $LD="ld"; + $ST="sd"; + $MULTU="dmultu"; + $ADDU="daddu"; + $SUBU="dsubu"; + $BNSZ=8; +} else { + $LD="lw"; + $ST="sw"; + $MULTU="multu"; + $ADDU="addu"; + $SUBU="subu"; + $BNSZ=4; +} + +# int bn_mul_mont( +$rp=$a0; # BN_ULONG *rp, +$ap=$a1; # const BN_ULONG *ap, +$bp=$a2; # const BN_ULONG *bp, +$np=$a3; # const BN_ULONG *np, +$n0=$a4; # const BN_ULONG *n0, +$num=$a5; # int num); + +$lo0=$a6; +$hi0=$a7; +$lo1=$t1; +$hi1=$t2; +$aj=$s0; +$bi=$s1; +$nj=$s2; +$tp=$s3; +$alo=$s4; +$ahi=$s5; +$nlo=$s6; +$nhi=$s7; +$tj=$s8; +$i=$s9; +$j=$s10; +$m1=$s11; + +$FRAMESIZE=14; + +$code=<<___; +.text + +.set noat +.set noreorder + +.align 5 +.globl bn_mul_mont +.ent bn_mul_mont +bn_mul_mont: +___ +$code.=<<___ if ($flavour =~ /o32/i); + lw $n0,16($sp) + lw $num,20($sp) +___ +$code.=<<___; + slt $at,$num,4 + bnez $at,1f + li $t0,0 + slt $at,$num,17 # on in-order CPU + bnez $at,bn_mul_mont_internal + nop +1: jr $ra + li $a0,0 +.end bn_mul_mont + +.align 5 +.ent bn_mul_mont_internal +bn_mul_mont_internal: + .frame $fp,$FRAMESIZE*$SZREG,$ra + .mask 0x40000000|$SAVED_REGS_MASK,-$SZREG + $PTR_SUB $sp,$FRAMESIZE*$SZREG + $REG_S $fp,($FRAMESIZE-1)*$SZREG($sp) + $REG_S $s11,($FRAMESIZE-2)*$SZREG($sp) + $REG_S $s10,($FRAMESIZE-3)*$SZREG($sp) + $REG_S $s9,($FRAMESIZE-4)*$SZREG($sp) + $REG_S $s8,($FRAMESIZE-5)*$SZREG($sp) + $REG_S $s7,($FRAMESIZE-6)*$SZREG($sp) + $REG_S $s6,($FRAMESIZE-7)*$SZREG($sp) + $REG_S $s5,($FRAMESIZE-8)*$SZREG($sp) + $REG_S $s4,($FRAMESIZE-9)*$SZREG($sp) +___ +$code.=<<___ if ($flavour =~ /nubi/i); + $REG_S $s3,($FRAMESIZE-10)*$SZREG($sp) + $REG_S $s2,($FRAMESIZE-11)*$SZREG($sp) + $REG_S $s1,($FRAMESIZE-12)*$SZREG($sp) + $REG_S $s0,($FRAMESIZE-13)*$SZREG($sp) +___ +$code.=<<___; + move $fp,$sp + + .set reorder + $LD $n0,0($n0) + $LD $bi,0($bp) # bp[0] + $LD $aj,0($ap) # ap[0] + $LD $nj,0($np) # np[0] + + $PTR_SUB $sp,2*$BNSZ # place for two extra words + sll $num,`log($BNSZ)/log(2)` + li $at,-4096 + $PTR_SUB $sp,$num + and $sp,$at + + $MULTU $aj,$bi + $LD $alo,$BNSZ($ap) + $LD $nlo,$BNSZ($np) + mflo $lo0 + mfhi $hi0 + $MULTU $lo0,$n0 + mflo $m1 + + $MULTU $alo,$bi + mflo $alo + mfhi $ahi + + $MULTU $nj,$m1 + mflo $lo1 + mfhi $hi1 + $MULTU $nlo,$m1 + $ADDU $lo1,$lo0 + sltu $at,$lo1,$lo0 + $ADDU $hi1,$at + mflo $nlo + mfhi $nhi + + move $tp,$sp + li $j,2*$BNSZ +.align 4 +.L1st: + .set noreorder + $PTR_ADD $aj,$ap,$j + $PTR_ADD $nj,$np,$j + $LD $aj,($aj) + $LD $nj,($nj) + + $MULTU $aj,$bi + $ADDU $lo0,$alo,$hi0 + $ADDU $lo1,$nlo,$hi1 + sltu $at,$lo0,$hi0 + sltu $t0,$lo1,$hi1 + $ADDU $hi0,$ahi,$at + $ADDU $hi1,$nhi,$t0 + mflo $alo + mfhi $ahi + + $ADDU $lo1,$lo0 + sltu $at,$lo1,$lo0 + $MULTU $nj,$m1 + $ADDU $hi1,$at + addu $j,$BNSZ + $ST $lo1,($tp) + sltu $t0,$j,$num + mflo $nlo + mfhi $nhi + + bnez $t0,.L1st + $PTR_ADD $tp,$BNSZ + .set reorder + + $ADDU $lo0,$alo,$hi0 + sltu $at,$lo0,$hi0 + $ADDU $hi0,$ahi,$at + + $ADDU $lo1,$nlo,$hi1 + sltu $t0,$lo1,$hi1 + $ADDU $hi1,$nhi,$t0 + $ADDU $lo1,$lo0 + sltu $at,$lo1,$lo0 + $ADDU $hi1,$at + + $ST $lo1,($tp) + + $ADDU $hi1,$hi0 + sltu $at,$hi1,$hi0 + $ST $hi1,$BNSZ($tp) + $ST $at,2*$BNSZ($tp) + + li $i,$BNSZ +.align 4 +.Louter: + $PTR_ADD $bi,$bp,$i + $LD $bi,($bi) + $LD $aj,($ap) + $LD $alo,$BNSZ($ap) + $LD $tj,($sp) + + $MULTU $aj,$bi + $LD $nj,($np) + $LD $nlo,$BNSZ($np) + mflo $lo0 + mfhi $hi0 + $ADDU $lo0,$tj + $MULTU $lo0,$n0 + sltu $at,$lo0,$tj + $ADDU $hi0,$at + mflo $m1 + + $MULTU $alo,$bi + mflo $alo + mfhi $ahi + + $MULTU $nj,$m1 + mflo $lo1 + mfhi $hi1 + + $MULTU $nlo,$m1 + $ADDU $lo1,$lo0 + sltu $at,$lo1,$lo0 + $ADDU $hi1,$at + mflo $nlo + mfhi $nhi + + move $tp,$sp + li $j,2*$BNSZ + $LD $tj,$BNSZ($tp) +.align 4 +.Linner: + .set noreorder + $PTR_ADD $aj,$ap,$j + $PTR_ADD $nj,$np,$j + $LD $aj,($aj) + $LD $nj,($nj) + + $MULTU $aj,$bi + $ADDU $lo0,$alo,$hi0 + $ADDU $lo1,$nlo,$hi1 + sltu $at,$lo0,$hi0 + sltu $t0,$lo1,$hi1 + $ADDU $hi0,$ahi,$at + $ADDU $hi1,$nhi,$t0 + mflo $alo + mfhi $ahi + + $ADDU $lo0,$tj + addu $j,$BNSZ + $MULTU $nj,$m1 + sltu $at,$lo0,$tj + $ADDU $lo1,$lo0 + $ADDU $hi0,$at + sltu $t0,$lo1,$lo0 + $LD $tj,2*$BNSZ($tp) + $ADDU $hi1,$t0 + sltu $at,$j,$num + mflo $nlo + mfhi $nhi + $ST $lo1,($tp) + bnez $at,.Linner + $PTR_ADD $tp,$BNSZ + .set reorder + + $ADDU $lo0,$alo,$hi0 + sltu $at,$lo0,$hi0 + $ADDU $hi0,$ahi,$at + $ADDU $lo0,$tj + sltu $t0,$lo0,$tj + $ADDU $hi0,$t0 + + $LD $tj,2*$BNSZ($tp) + $ADDU $lo1,$nlo,$hi1 + sltu $at,$lo1,$hi1 + $ADDU $hi1,$nhi,$at + $ADDU $lo1,$lo0 + sltu $t0,$lo1,$lo0 + $ADDU $hi1,$t0 + $ST $lo1,($tp) + + $ADDU $lo1,$hi1,$hi0 + sltu $hi1,$lo1,$hi0 + $ADDU $lo1,$tj + sltu $at,$lo1,$tj + $ADDU $hi1,$at + $ST $lo1,$BNSZ($tp) + $ST $hi1,2*$BNSZ($tp) + + addu $i,$BNSZ + sltu $t0,$i,$num + bnez $t0,.Louter + + .set noreorder + $PTR_ADD $tj,$sp,$num # &tp[num] + move $tp,$sp + move $ap,$sp + li $hi0,0 # clear borrow bit + +.align 4 +.Lsub: $LD $lo0,($tp) + $LD $lo1,($np) + $PTR_ADD $tp,$BNSZ + $PTR_ADD $np,$BNSZ + $SUBU $lo1,$lo0,$lo1 # tp[i]-np[i] + sgtu $at,$lo1,$lo0 + $SUBU $lo0,$lo1,$hi0 + sgtu $hi0,$lo0,$lo1 + $ST $lo0,($rp) + or $hi0,$at + sltu $at,$tp,$tj + bnez $at,.Lsub + $PTR_ADD $rp,$BNSZ + + $SUBU $hi0,$hi1,$hi0 # handle upmost overflow bit + move $tp,$sp + $PTR_SUB $rp,$num # restore rp + not $hi1,$hi0 + + and $ap,$hi0,$sp + and $bp,$hi1,$rp + or $ap,$ap,$bp # ap=borrow?tp:rp + +.align 4 +.Lcopy: $LD $aj,($ap) + $PTR_ADD $ap,$BNSZ + $ST $zero,($tp) + $PTR_ADD $tp,$BNSZ + sltu $at,$tp,$tj + $ST $aj,($rp) + bnez $at,.Lcopy + $PTR_ADD $rp,$BNSZ + + li $a0,1 + li $t0,1 + + .set noreorder + move $sp,$fp + $REG_L $fp,($FRAMESIZE-1)*$SZREG($sp) + $REG_L $s11,($FRAMESIZE-2)*$SZREG($sp) + $REG_L $s10,($FRAMESIZE-3)*$SZREG($sp) + $REG_L $s9,($FRAMESIZE-4)*$SZREG($sp) + $REG_L $s8,($FRAMESIZE-5)*$SZREG($sp) + $REG_L $s7,($FRAMESIZE-6)*$SZREG($sp) + $REG_L $s6,($FRAMESIZE-7)*$SZREG($sp) + $REG_L $s5,($FRAMESIZE-8)*$SZREG($sp) + $REG_L $s4,($FRAMESIZE-9)*$SZREG($sp) +___ +$code.=<<___ if ($flavour =~ /nubi/i); + $REG_L $s3,($FRAMESIZE-10)*$SZREG($sp) + $REG_L $s2,($FRAMESIZE-11)*$SZREG($sp) + $REG_L $s1,($FRAMESIZE-12)*$SZREG($sp) + $REG_L $s0,($FRAMESIZE-13)*$SZREG($sp) +___ +$code.=<<___; + jr $ra + $PTR_ADD $sp,$FRAMESIZE*$SZREG +.end bn_mul_mont_internal +.rdata +.asciiz "Montgomery Multiplication for MIPS, CRYPTOGAMS by " +___ + +$code =~ s/\`([^\`]*)\`/eval $1/gem; + +print $code; +close STDOUT; diff --git a/src/lib/libcrypto/bn/asm/mips.pl b/src/lib/libcrypto/bn/asm/mips.pl new file mode 100644 index 00000000000..215c9a74832 --- /dev/null +++ b/src/lib/libcrypto/bn/asm/mips.pl @@ -0,0 +1,2234 @@ +#!/usr/bin/env perl +# +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. +# +# Rights for redistribution and usage in source and binary forms are +# granted according to the OpenSSL license. Warranty of any kind is +# disclaimed. +# ==================================================================== + + +# July 1999 +# +# This is drop-in MIPS III/IV ISA replacement for crypto/bn/bn_asm.c. +# +# The module is designed to work with either of the "new" MIPS ABI(5), +# namely N32 or N64, offered by IRIX 6.x. It's not ment to work under +# IRIX 5.x not only because it doesn't support new ABIs but also +# because 5.x kernels put R4x00 CPU into 32-bit mode and all those +# 64-bit instructions (daddu, dmultu, etc.) found below gonna only +# cause illegal instruction exception:-( +# +# In addition the code depends on preprocessor flags set up by MIPSpro +# compiler driver (either as or cc) and therefore (probably?) can't be +# compiled by the GNU assembler. GNU C driver manages fine though... +# I mean as long as -mmips-as is specified or is the default option, +# because then it simply invokes /usr/bin/as which in turn takes +# perfect care of the preprocessor definitions. Another neat feature +# offered by the MIPSpro assembler is an optimization pass. This gave +# me the opportunity to have the code looking more regular as all those +# architecture dependent instruction rescheduling details were left to +# the assembler. Cool, huh? +# +# Performance improvement is astonishing! 'apps/openssl speed rsa dsa' +# goes way over 3 times faster! +# +# + +# October 2010 +# +# Adapt the module even for 32-bit ABIs and other OSes. The former was +# achieved by mechanical replacement of 64-bit arithmetic instructions +# such as dmultu, daddu, etc. with their 32-bit counterparts and +# adjusting offsets denoting multiples of BN_ULONG. Above mentioned +# >3x performance improvement naturally does not apply to 32-bit code +# [because there is no instruction 32-bit compiler can't use], one +# has to content with 40-85% improvement depending on benchmark and +# key length, more for longer keys. + +$flavour = shift; +while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} +open STDOUT,">$output"; + +if ($flavour =~ /64|n32/i) { + $LD="ld"; + $ST="sd"; + $MULTU="dmultu"; + $DIVU="ddivu"; + $ADDU="daddu"; + $SUBU="dsubu"; + $SRL="dsrl"; + $SLL="dsll"; + $BNSZ=8; + $PTR_ADD="daddu"; + $PTR_SUB="dsubu"; + $SZREG=8; + $REG_S="sd"; + $REG_L="ld"; +} else { + $LD="lw"; + $ST="sw"; + $MULTU="multu"; + $DIVU="divu"; + $ADDU="addu"; + $SUBU="subu"; + $SRL="srl"; + $SLL="sll"; + $BNSZ=4; + $PTR_ADD="addu"; + $PTR_SUB="subu"; + $SZREG=4; + $REG_S="sw"; + $REG_L="lw"; + $code=".set mips2\n"; +} + +# Below is N32/64 register layout used in the original module. +# +($zero,$at,$v0,$v1)=map("\$$_",(0..3)); +($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$$_",(4..11)); +($t0,$t1,$t2,$t3,$t8,$t9)=map("\$$_",(12..15,24,25)); +($s0,$s1,$s2,$s3,$s4,$s5,$s6,$s7)=map("\$$_",(16..23)); +($gp,$sp,$fp,$ra)=map("\$$_",(28..31)); +($ta0,$ta1,$ta2,$ta3)=($a4,$a5,$a6,$a7); +# +# No special adaptation is required for O32. NUBI on the other hand +# is treated by saving/restoring ($v1,$t0..$t3). + +$gp=$v1 if ($flavour =~ /nubi/i); + +$minus4=$v1; + +$code.=<<___; +.rdata +.asciiz "mips3.s, Version 1.2" +.asciiz "MIPS II/III/IV ISA artwork by Andy Polyakov " + +.text +.set noat + +.align 5 +.globl bn_mul_add_words +.ent bn_mul_add_words +bn_mul_add_words: + .set noreorder + bgtz $a2,bn_mul_add_words_internal + move $v0,$zero + jr $ra + move $a0,$v0 +.end bn_mul_add_words + +.align 5 +.ent bn_mul_add_words_internal +bn_mul_add_words_internal: +___ +$code.=<<___ if ($flavour =~ /nubi/i); + .frame $sp,6*$SZREG,$ra + .mask 0x8000f008,-$SZREG + .set noreorder + $PTR_SUB $sp,6*$SZREG + $REG_S $ra,5*$SZREG($sp) + $REG_S $t3,4*$SZREG($sp) + $REG_S $t2,3*$SZREG($sp) + $REG_S $t1,2*$SZREG($sp) + $REG_S $t0,1*$SZREG($sp) + $REG_S $gp,0*$SZREG($sp) +___ +$code.=<<___; + .set reorder + li $minus4,-4 + and $ta0,$a2,$minus4 + beqz $ta0,.L_bn_mul_add_words_tail + +.L_bn_mul_add_words_loop: + $LD $t0,0($a1) + $MULTU $t0,$a3 + $LD $t1,0($a0) + $LD $t2,$BNSZ($a1) + $LD $t3,$BNSZ($a0) + $LD $ta0,2*$BNSZ($a1) + $LD $ta1,2*$BNSZ($a0) + $ADDU $t1,$v0 + sltu $v0,$t1,$v0 # All manuals say it "compares 32-bit + # values", but it seems to work fine + # even on 64-bit registers. + mflo $at + mfhi $t0 + $ADDU $t1,$at + $ADDU $v0,$t0 + $MULTU $t2,$a3 + sltu $at,$t1,$at + $ST $t1,0($a0) + $ADDU $v0,$at + + $LD $ta2,3*$BNSZ($a1) + $LD $ta3,3*$BNSZ($a0) + $ADDU $t3,$v0 + sltu $v0,$t3,$v0 + mflo $at + mfhi $t2 + $ADDU $t3,$at + $ADDU $v0,$t2 + $MULTU $ta0,$a3 + sltu $at,$t3,$at + $ST $t3,$BNSZ($a0) + $ADDU $v0,$at + + subu $a2,4 + $PTR_ADD $a0,4*$BNSZ + $PTR_ADD $a1,4*$BNSZ + $ADDU $ta1,$v0 + sltu $v0,$ta1,$v0 + mflo $at + mfhi $ta0 + $ADDU $ta1,$at + $ADDU $v0,$ta0 + $MULTU $ta2,$a3 + sltu $at,$ta1,$at + $ST $ta1,-2*$BNSZ($a0) + $ADDU $v0,$at + + + and $ta0,$a2,$minus4 + $ADDU $ta3,$v0 + sltu $v0,$ta3,$v0 + mflo $at + mfhi $ta2 + $ADDU $ta3,$at + $ADDU $v0,$ta2 + sltu $at,$ta3,$at + $ST $ta3,-$BNSZ($a0) + .set noreorder + bgtz $ta0,.L_bn_mul_add_words_loop + $ADDU $v0,$at + + beqz $a2,.L_bn_mul_add_words_return + nop + +.L_bn_mul_add_words_tail: + .set reorder + $LD $t0,0($a1) + $MULTU $t0,$a3 + $LD $t1,0($a0) + subu $a2,1 + $ADDU $t1,$v0 + sltu $v0,$t1,$v0 + mflo $at + mfhi $t0 + $ADDU $t1,$at + $ADDU $v0,$t0 + sltu $at,$t1,$at + $ST $t1,0($a0) + $ADDU $v0,$at + beqz $a2,.L_bn_mul_add_words_return + + $LD $t0,$BNSZ($a1) + $MULTU $t0,$a3 + $LD $t1,$BNSZ($a0) + subu $a2,1 + $ADDU $t1,$v0 + sltu $v0,$t1,$v0 + mflo $at + mfhi $t0 + $ADDU $t1,$at + $ADDU $v0,$t0 + sltu $at,$t1,$at + $ST $t1,$BNSZ($a0) + $ADDU $v0,$at + beqz $a2,.L_bn_mul_add_words_return + + $LD $t0,2*$BNSZ($a1) + $MULTU $t0,$a3 + $LD $t1,2*$BNSZ($a0) + $ADDU $t1,$v0 + sltu $v0,$t1,$v0 + mflo $at + mfhi $t0 + $ADDU $t1,$at + $ADDU $v0,$t0 + sltu $at,$t1,$at + $ST $t1,2*$BNSZ($a0) + $ADDU $v0,$at + +.L_bn_mul_add_words_return: + .set noreorder +___ +$code.=<<___ if ($flavour =~ /nubi/i); + $REG_L $t3,4*$SZREG($sp) + $REG_L $t2,3*$SZREG($sp) + $REG_L $t1,2*$SZREG($sp) + $REG_L $t0,1*$SZREG($sp) + $REG_L $gp,0*$SZREG($sp) + $PTR_ADD $sp,6*$SZREG +___ +$code.=<<___; + jr $ra + move $a0,$v0 +.end bn_mul_add_words_internal + +.align 5 +.globl bn_mul_words +.ent bn_mul_words +bn_mul_words: + .set noreorder + bgtz $a2,bn_mul_words_internal + move $v0,$zero + jr $ra + move $a0,$v0 +.end bn_mul_words + +.align 5 +.ent bn_mul_words_internal +bn_mul_words_internal: +___ +$code.=<<___ if ($flavour =~ /nubi/i); + .frame $sp,6*$SZREG,$ra + .mask 0x8000f008,-$SZREG + .set noreorder + $PTR_SUB $sp,6*$SZREG + $REG_S $ra,5*$SZREG($sp) + $REG_S $t3,4*$SZREG($sp) + $REG_S $t2,3*$SZREG($sp) + $REG_S $t1,2*$SZREG($sp) + $REG_S $t0,1*$SZREG($sp) + $REG_S $gp,0*$SZREG($sp) +___ +$code.=<<___; + .set reorder + li $minus4,-4 + and $ta0,$a2,$minus4 + beqz $ta0,.L_bn_mul_words_tail + +.L_bn_mul_words_loop: + $LD $t0,0($a1) + $MULTU $t0,$a3 + $LD $t2,$BNSZ($a1) + $LD $ta0,2*$BNSZ($a1) + $LD $ta2,3*$BNSZ($a1) + mflo $at + mfhi $t0 + $ADDU $v0,$at + sltu $t1,$v0,$at + $MULTU $t2,$a3 + $ST $v0,0($a0) + $ADDU $v0,$t1,$t0 + + subu $a2,4 + $PTR_ADD $a0,4*$BNSZ + $PTR_ADD $a1,4*$BNSZ + mflo $at + mfhi $t2 + $ADDU $v0,$at + sltu $t3,$v0,$at + $MULTU $ta0,$a3 + $ST $v0,-3*$BNSZ($a0) + $ADDU $v0,$t3,$t2 + + mflo $at + mfhi $ta0 + $ADDU $v0,$at + sltu $ta1,$v0,$at + $MULTU $ta2,$a3 + $ST $v0,-2*$BNSZ($a0) + $ADDU $v0,$ta1,$ta0 + + and $ta0,$a2,$minus4 + mflo $at + mfhi $ta2 + $ADDU $v0,$at + sltu $ta3,$v0,$at + $ST $v0,-$BNSZ($a0) + .set noreorder + bgtz $ta0,.L_bn_mul_words_loop + $ADDU $v0,$ta3,$ta2 + + beqz $a2,.L_bn_mul_words_return + nop + +.L_bn_mul_words_tail: + .set reorder + $LD $t0,0($a1) + $MULTU $t0,$a3 + subu $a2,1 + mflo $at + mfhi $t0 + $ADDU $v0,$at + sltu $t1,$v0,$at + $ST $v0,0($a0) + $ADDU $v0,$t1,$t0 + beqz $a2,.L_bn_mul_words_return + + $LD $t0,$BNSZ($a1) + $MULTU $t0,$a3 + subu $a2,1 + mflo $at + mfhi $t0 + $ADDU $v0,$at + sltu $t1,$v0,$at + $ST $v0,$BNSZ($a0) + $ADDU $v0,$t1,$t0 + beqz $a2,.L_bn_mul_words_return + + $LD $t0,2*$BNSZ($a1) + $MULTU $t0,$a3 + mflo $at + mfhi $t0 + $ADDU $v0,$at + sltu $t1,$v0,$at + $ST $v0,2*$BNSZ($a0) + $ADDU $v0,$t1,$t0 + +.L_bn_mul_words_return: + .set noreorder +___ +$code.=<<___ if ($flavour =~ /nubi/i); + $REG_L $t3,4*$SZREG($sp) + $REG_L $t2,3*$SZREG($sp) + $REG_L $t1,2*$SZREG($sp) + $REG_L $t0,1*$SZREG($sp) + $REG_L $gp,0*$SZREG($sp) + $PTR_ADD $sp,6*$SZREG +___ +$code.=<<___; + jr $ra + move $a0,$v0 +.end bn_mul_words_internal + +.align 5 +.globl bn_sqr_words +.ent bn_sqr_words +bn_sqr_words: + .set noreorder + bgtz $a2,bn_sqr_words_internal + move $v0,$zero + jr $ra + move $a0,$v0 +.end bn_sqr_words + +.align 5 +.ent bn_sqr_words_internal +bn_sqr_words_internal: +___ +$code.=<<___ if ($flavour =~ /nubi/i); + .frame $sp,6*$SZREG,$ra + .mask 0x8000f008,-$SZREG + .set noreorder + $PTR_SUB $sp,6*$SZREG + $REG_S $ra,5*$SZREG($sp) + $REG_S $t3,4*$SZREG($sp) + $REG_S $t2,3*$SZREG($sp) + $REG_S $t1,2*$SZREG($sp) + $REG_S $t0,1*$SZREG($sp) + $REG_S $gp,0*$SZREG($sp) +___ +$code.=<<___; + .set reorder + li $minus4,-4 + and $ta0,$a2,$minus4 + beqz $ta0,.L_bn_sqr_words_tail + +.L_bn_sqr_words_loop: + $LD $t0,0($a1) + $MULTU $t0,$t0 + $LD $t2,$BNSZ($a1) + $LD $ta0,2*$BNSZ($a1) + $LD $ta2,3*$BNSZ($a1) + mflo $t1 + mfhi $t0 + $ST $t1,0($a0) + $ST $t0,$BNSZ($a0) + + $MULTU $t2,$t2 + subu $a2,4 + $PTR_ADD $a0,8*$BNSZ + $PTR_ADD $a1,4*$BNSZ + mflo $t3 + mfhi $t2 + $ST $t3,-6*$BNSZ($a0) + $ST $t2,-5*$BNSZ($a0) + + $MULTU $ta0,$ta0 + mflo $ta1 + mfhi $ta0 + $ST $ta1,-4*$BNSZ($a0) + $ST $ta0,-3*$BNSZ($a0) + + + $MULTU $ta2,$ta2 + and $ta0,$a2,$minus4 + mflo $ta3 + mfhi $ta2 + $ST $ta3,-2*$BNSZ($a0) + + .set noreorder + bgtz $ta0,.L_bn_sqr_words_loop + $ST $ta2,-$BNSZ($a0) + + beqz $a2,.L_bn_sqr_words_return + nop + +.L_bn_sqr_words_tail: + .set reorder + $LD $t0,0($a1) + $MULTU $t0,$t0 + subu $a2,1 + mflo $t1 + mfhi $t0 + $ST $t1,0($a0) + $ST $t0,$BNSZ($a0) + beqz $a2,.L_bn_sqr_words_return + + $LD $t0,$BNSZ($a1) + $MULTU $t0,$t0 + subu $a2,1 + mflo $t1 + mfhi $t0 + $ST $t1,2*$BNSZ($a0) + $ST $t0,3*$BNSZ($a0) + beqz $a2,.L_bn_sqr_words_return + + $LD $t0,2*$BNSZ($a1) + $MULTU $t0,$t0 + mflo $t1 + mfhi $t0 + $ST $t1,4*$BNSZ($a0) + $ST $t0,5*$BNSZ($a0) + +.L_bn_sqr_words_return: + .set noreorder +___ +$code.=<<___ if ($flavour =~ /nubi/i); + $REG_L $t3,4*$SZREG($sp) + $REG_L $t2,3*$SZREG($sp) + $REG_L $t1,2*$SZREG($sp) + $REG_L $t0,1*$SZREG($sp) + $REG_L $gp,0*$SZREG($sp) + $PTR_ADD $sp,6*$SZREG +___ +$code.=<<___; + jr $ra + move $a0,$v0 + +.end bn_sqr_words_internal + +.align 5 +.globl bn_add_words +.ent bn_add_words +bn_add_words: + .set noreorder + bgtz $a3,bn_add_words_internal + move $v0,$zero + jr $ra + move $a0,$v0 +.end bn_add_words + +.align 5 +.ent bn_add_words_internal +bn_add_words_internal: +___ +$code.=<<___ if ($flavour =~ /nubi/i); + .frame $sp,6*$SZREG,$ra + .mask 0x8000f008,-$SZREG + .set noreorder + $PTR_SUB $sp,6*$SZREG + $REG_S $ra,5*$SZREG($sp) + $REG_S $t3,4*$SZREG($sp) + $REG_S $t2,3*$SZREG($sp) + $REG_S $t1,2*$SZREG($sp) + $REG_S $t0,1*$SZREG($sp) + $REG_S $gp,0*$SZREG($sp) +___ +$code.=<<___; + .set reorder + li $minus4,-4 + and $at,$a3,$minus4 + beqz $at,.L_bn_add_words_tail + +.L_bn_add_words_loop: + $LD $t0,0($a1) + $LD $ta0,0($a2) + subu $a3,4 + $LD $t1,$BNSZ($a1) + and $at,$a3,$minus4 + $LD $t2,2*$BNSZ($a1) + $PTR_ADD $a2,4*$BNSZ + $LD $t3,3*$BNSZ($a1) + $PTR_ADD $a0,4*$BNSZ + $LD $ta1,-3*$BNSZ($a2) + $PTR_ADD $a1,4*$BNSZ + $LD $ta2,-2*$BNSZ($a2) + $LD $ta3,-$BNSZ($a2) + $ADDU $ta0,$t0 + sltu $t8,$ta0,$t0 + $ADDU $t0,$ta0,$v0 + sltu $v0,$t0,$ta0 + $ST $t0,-4*$BNSZ($a0) + $ADDU $v0,$t8 + + $ADDU $ta1,$t1 + sltu $t9,$ta1,$t1 + $ADDU $t1,$ta1,$v0 + sltu $v0,$t1,$ta1 + $ST $t1,-3*$BNSZ($a0) + $ADDU $v0,$t9 + + $ADDU $ta2,$t2 + sltu $t8,$ta2,$t2 + $ADDU $t2,$ta2,$v0 + sltu $v0,$t2,$ta2 + $ST $t2,-2*$BNSZ($a0) + $ADDU $v0,$t8 + + $ADDU $ta3,$t3 + sltu $t9,$ta3,$t3 + $ADDU $t3,$ta3,$v0 + sltu $v0,$t3,$ta3 + $ST $t3,-$BNSZ($a0) + + .set noreorder + bgtz $at,.L_bn_add_words_loop + $ADDU $v0,$t9 + + beqz $a3,.L_bn_add_words_return + nop + +.L_bn_add_words_tail: + .set reorder + $LD $t0,0($a1) + $LD $ta0,0($a2) + $ADDU $ta0,$t0 + subu $a3,1 + sltu $t8,$ta0,$t0 + $ADDU $t0,$ta0,$v0 + sltu $v0,$t0,$ta0 + $ST $t0,0($a0) + $ADDU $v0,$t8 + beqz $a3,.L_bn_add_words_return + + $LD $t1,$BNSZ($a1) + $LD $ta1,$BNSZ($a2) + $ADDU $ta1,$t1 + subu $a3,1 + sltu $t9,$ta1,$t1 + $ADDU $t1,$ta1,$v0 + sltu $v0,$t1,$ta1 + $ST $t1,$BNSZ($a0) + $ADDU $v0,$t9 + beqz $a3,.L_bn_add_words_return + + $LD $t2,2*$BNSZ($a1) + $LD $ta2,2*$BNSZ($a2) + $ADDU $ta2,$t2 + sltu $t8,$ta2,$t2 + $ADDU $t2,$ta2,$v0 + sltu $v0,$t2,$ta2 + $ST $t2,2*$BNSZ($a0) + $ADDU $v0,$t8 + +.L_bn_add_words_return: + .set noreorder +___ +$code.=<<___ if ($flavour =~ /nubi/i); + $REG_L $t3,4*$SZREG($sp) + $REG_L $t2,3*$SZREG($sp) + $REG_L $t1,2*$SZREG($sp) + $REG_L $t0,1*$SZREG($sp) + $REG_L $gp,0*$SZREG($sp) + $PTR_ADD $sp,6*$SZREG +___ +$code.=<<___; + jr $ra + move $a0,$v0 + +.end bn_add_words_internal + +.align 5 +.globl bn_sub_words +.ent bn_sub_words +bn_sub_words: + .set noreorder + bgtz $a3,bn_sub_words_internal + move $v0,$zero + jr $ra + move $a0,$zero +.end bn_sub_words + +.align 5 +.ent bn_sub_words_internal +bn_sub_words_internal: +___ +$code.=<<___ if ($flavour =~ /nubi/i); + .frame $sp,6*$SZREG,$ra + .mask 0x8000f008,-$SZREG + .set noreorder + $PTR_SUB $sp,6*$SZREG + $REG_S $ra,5*$SZREG($sp) + $REG_S $t3,4*$SZREG($sp) + $REG_S $t2,3*$SZREG($sp) + $REG_S $t1,2*$SZREG($sp) + $REG_S $t0,1*$SZREG($sp) + $REG_S $gp,0*$SZREG($sp) +___ +$code.=<<___; + .set reorder + li $minus4,-4 + and $at,$a3,$minus4 + beqz $at,.L_bn_sub_words_tail + +.L_bn_sub_words_loop: + $LD $t0,0($a1) + $LD $ta0,0($a2) + subu $a3,4 + $LD $t1,$BNSZ($a1) + and $at,$a3,$minus4 + $LD $t2,2*$BNSZ($a1) + $PTR_ADD $a2,4*$BNSZ + $LD $t3,3*$BNSZ($a1) + $PTR_ADD $a0,4*$BNSZ + $LD $ta1,-3*$BNSZ($a2) + $PTR_ADD $a1,4*$BNSZ + $LD $ta2,-2*$BNSZ($a2) + $LD $ta3,-$BNSZ($a2) + sltu $t8,$t0,$ta0 + $SUBU $ta0,$t0,$ta0 + $SUBU $t0,$ta0,$v0 + sgtu $v0,$t0,$ta0 + $ST $t0,-4*$BNSZ($a0) + $ADDU $v0,$t8 + + sltu $t9,$t1,$ta1 + $SUBU $ta1,$t1,$ta1 + $SUBU $t1,$ta1,$v0 + sgtu $v0,$t1,$ta1 + $ST $t1,-3*$BNSZ($a0) + $ADDU $v0,$t9 + + + sltu $t8,$t2,$ta2 + $SUBU $ta2,$t2,$ta2 + $SUBU $t2,$ta2,$v0 + sgtu $v0,$t2,$ta2 + $ST $t2,-2*$BNSZ($a0) + $ADDU $v0,$t8 + + sltu $t9,$t3,$ta3 + $SUBU $ta3,$t3,$ta3 + $SUBU $t3,$ta3,$v0 + sgtu $v0,$t3,$ta3 + $ST $t3,-$BNSZ($a0) + + .set noreorder + bgtz $at,.L_bn_sub_words_loop + $ADDU $v0,$t9 + + beqz $a3,.L_bn_sub_words_return + nop + +.L_bn_sub_words_tail: + .set reorder + $LD $t0,0($a1) + $LD $ta0,0($a2) + subu $a3,1 + sltu $t8,$t0,$ta0 + $SUBU $ta0,$t0,$ta0 + $SUBU $t0,$ta0,$v0 + sgtu $v0,$t0,$ta0 + $ST $t0,0($a0) + $ADDU $v0,$t8 + beqz $a3,.L_bn_sub_words_return + + $LD $t1,$BNSZ($a1) + subu $a3,1 + $LD $ta1,$BNSZ($a2) + sltu $t9,$t1,$ta1 + $SUBU $ta1,$t1,$ta1 + $SUBU $t1,$ta1,$v0 + sgtu $v0,$t1,$ta1 + $ST $t1,$BNSZ($a0) + $ADDU $v0,$t9 + beqz $a3,.L_bn_sub_words_return + + $LD $t2,2*$BNSZ($a1) + $LD $ta2,2*$BNSZ($a2) + sltu $t8,$t2,$ta2 + $SUBU $ta2,$t2,$ta2 + $SUBU $t2,$ta2,$v0 + sgtu $v0,$t2,$ta2 + $ST $t2,2*$BNSZ($a0) + $ADDU $v0,$t8 + +.L_bn_sub_words_return: + .set noreorder +___ +$code.=<<___ if ($flavour =~ /nubi/i); + $REG_L $t3,4*$SZREG($sp) + $REG_L $t2,3*$SZREG($sp) + $REG_L $t1,2*$SZREG($sp) + $REG_L $t0,1*$SZREG($sp) + $REG_L $gp,0*$SZREG($sp) + $PTR_ADD $sp,6*$SZREG +___ +$code.=<<___; + jr $ra + move $a0,$v0 +.end bn_sub_words_internal + +.align 5 +.globl bn_div_3_words +.ent bn_div_3_words +bn_div_3_words: + .set noreorder + move $a3,$a0 # we know that bn_div_words does not + # touch $a3, $ta2, $ta3 and preserves $a2 + # so that we can save two arguments + # and return address in registers + # instead of stack:-) + + $LD $a0,($a3) + move $ta2,$a1 + bne $a0,$a2,bn_div_3_words_internal + $LD $a1,-$BNSZ($a3) + li $v0,-1 + jr $ra + move $a0,$v0 +.end bn_div_3_words + +.align 5 +.ent bn_div_3_words_internal +bn_div_3_words_internal: +___ +$code.=<<___ if ($flavour =~ /nubi/i); + .frame $sp,6*$SZREG,$ra + .mask 0x8000f008,-$SZREG + .set noreorder + $PTR_SUB $sp,6*$SZREG + $REG_S $ra,5*$SZREG($sp) + $REG_S $t3,4*$SZREG($sp) + $REG_S $t2,3*$SZREG($sp) + $REG_S $t1,2*$SZREG($sp) + $REG_S $t0,1*$SZREG($sp) + $REG_S $gp,0*$SZREG($sp) +___ +$code.=<<___; + .set reorder + move $ta3,$ra + bal bn_div_words_internal + move $ra,$ta3 + $MULTU $ta2,$v0 + $LD $t2,-2*$BNSZ($a3) + move $ta0,$zero + mfhi $t1 + mflo $t0 + sltu $t8,$t1,$a1 +.L_bn_div_3_words_inner_loop: + bnez $t8,.L_bn_div_3_words_inner_loop_done + sgeu $at,$t2,$t0 + seq $t9,$t1,$a1 + and $at,$t9 + sltu $t3,$t0,$ta2 + $ADDU $a1,$a2 + $SUBU $t1,$t3 + $SUBU $t0,$ta2 + sltu $t8,$t1,$a1 + sltu $ta0,$a1,$a2 + or $t8,$ta0 + .set noreorder + beqz $at,.L_bn_div_3_words_inner_loop + $SUBU $v0,1 + $ADDU $v0,1 + .set reorder +.L_bn_div_3_words_inner_loop_done: + .set noreorder +___ +$code.=<<___ if ($flavour =~ /nubi/i); + $REG_L $t3,4*$SZREG($sp) + $REG_L $t2,3*$SZREG($sp) + $REG_L $t1,2*$SZREG($sp) + $REG_L $t0,1*$SZREG($sp) + $REG_L $gp,0*$SZREG($sp) + $PTR_ADD $sp,6*$SZREG +___ +$code.=<<___; + jr $ra + move $a0,$v0 +.end bn_div_3_words_internal + +.align 5 +.globl bn_div_words +.ent bn_div_words +bn_div_words: + .set noreorder + bnez $a2,bn_div_words_internal + li $v0,-1 # I would rather signal div-by-zero + # which can be done with 'break 7' + jr $ra + move $a0,$v0 +.end bn_div_words + +.align 5 +.ent bn_div_words_internal +bn_div_words_internal: +___ +$code.=<<___ if ($flavour =~ /nubi/i); + .frame $sp,6*$SZREG,$ra + .mask 0x8000f008,-$SZREG + .set noreorder + $PTR_SUB $sp,6*$SZREG + $REG_S $ra,5*$SZREG($sp) + $REG_S $t3,4*$SZREG($sp) + $REG_S $t2,3*$SZREG($sp) + $REG_S $t1,2*$SZREG($sp) + $REG_S $t0,1*$SZREG($sp) + $REG_S $gp,0*$SZREG($sp) +___ +$code.=<<___; + move $v1,$zero + bltz $a2,.L_bn_div_words_body + move $t9,$v1 + $SLL $a2,1 + bgtz $a2,.-4 + addu $t9,1 + + .set reorder + negu $t1,$t9 + li $t2,-1 + $SLL $t2,$t1 + and $t2,$a0 + $SRL $at,$a1,$t1 + .set noreorder + beqz $t2,.+12 + nop + break 6 # signal overflow + .set reorder + $SLL $a0,$t9 + $SLL $a1,$t9 + or $a0,$at +___ +$QT=$ta0; +$HH=$ta1; +$DH=$v1; +$code.=<<___; +.L_bn_div_words_body: + $SRL $DH,$a2,4*$BNSZ # bits + sgeu $at,$a0,$a2 + .set noreorder + beqz $at,.+12 + nop + $SUBU $a0,$a2 + .set reorder + + li $QT,-1 + $SRL $HH,$a0,4*$BNSZ # bits + $SRL $QT,4*$BNSZ # q=0xffffffff + beq $DH,$HH,.L_bn_div_words_skip_div1 + $DIVU $zero,$a0,$DH + mflo $QT +.L_bn_div_words_skip_div1: + $MULTU $a2,$QT + $SLL $t3,$a0,4*$BNSZ # bits + $SRL $at,$a1,4*$BNSZ # bits + or $t3,$at + mflo $t0 + mfhi $t1 +.L_bn_div_words_inner_loop1: + sltu $t2,$t3,$t0 + seq $t8,$HH,$t1 + sltu $at,$HH,$t1 + and $t2,$t8 + sltu $v0,$t0,$a2 + or $at,$t2 + .set noreorder + beqz $at,.L_bn_div_words_inner_loop1_done + $SUBU $t1,$v0 + $SUBU $t0,$a2 + b .L_bn_div_words_inner_loop1 + $SUBU $QT,1 + .set reorder +.L_bn_div_words_inner_loop1_done: + + $SLL $a1,4*$BNSZ # bits + $SUBU $a0,$t3,$t0 + $SLL $v0,$QT,4*$BNSZ # bits + + li $QT,-1 + $SRL $HH,$a0,4*$BNSZ # bits + $SRL $QT,4*$BNSZ # q=0xffffffff + beq $DH,$HH,.L_bn_div_words_skip_div2 + $DIVU $zero,$a0,$DH + mflo $QT +.L_bn_div_words_skip_div2: + $MULTU $a2,$QT + $SLL $t3,$a0,4*$BNSZ # bits + $SRL $at,$a1,4*$BNSZ # bits + or $t3,$at + mflo $t0 + mfhi $t1 +.L_bn_div_words_inner_loop2: + sltu $t2,$t3,$t0 + seq $t8,$HH,$t1 + sltu $at,$HH,$t1 + and $t2,$t8 + sltu $v1,$t0,$a2 + or $at,$t2 + .set noreorder + beqz $at,.L_bn_div_words_inner_loop2_done + $SUBU $t1,$v1 + $SUBU $t0,$a2 + b .L_bn_div_words_inner_loop2 + $SUBU $QT,1 + .set reorder +.L_bn_div_words_inner_loop2_done: + + $SUBU $a0,$t3,$t0 + or $v0,$QT + $SRL $v1,$a0,$t9 # $v1 contains remainder if anybody wants it + $SRL $a2,$t9 # restore $a2 + + .set noreorder + move $a1,$v1 +___ +$code.=<<___ if ($flavour =~ /nubi/i); + $REG_L $t3,4*$SZREG($sp) + $REG_L $t2,3*$SZREG($sp) + $REG_L $t1,2*$SZREG($sp) + $REG_L $t0,1*$SZREG($sp) + $REG_L $gp,0*$SZREG($sp) + $PTR_ADD $sp,6*$SZREG +___ +$code.=<<___; + jr $ra + move $a0,$v0 +.end bn_div_words_internal +___ +undef $HH; undef $QT; undef $DH; + +($a_0,$a_1,$a_2,$a_3)=($t0,$t1,$t2,$t3); +($b_0,$b_1,$b_2,$b_3)=($ta0,$ta1,$ta2,$ta3); + +($a_4,$a_5,$a_6,$a_7)=($s0,$s2,$s4,$a1); # once we load a[7], no use for $a1 +($b_4,$b_5,$b_6,$b_7)=($s1,$s3,$s5,$a2); # once we load b[7], no use for $a2 + +($t_1,$t_2,$c_1,$c_2,$c_3)=($t8,$t9,$v0,$v1,$a3); + +$code.=<<___; + +.align 5 +.globl bn_mul_comba8 +.ent bn_mul_comba8 +bn_mul_comba8: + .set noreorder +___ +$code.=<<___ if ($flavour =~ /nubi/i); + .frame $sp,12*$SZREG,$ra + .mask 0x803ff008,-$SZREG + $PTR_SUB $sp,12*$SZREG + $REG_S $ra,11*$SZREG($sp) + $REG_S $s5,10*$SZREG($sp) + $REG_S $s4,9*$SZREG($sp) + $REG_S $s3,8*$SZREG($sp) + $REG_S $s2,7*$SZREG($sp) + $REG_S $s1,6*$SZREG($sp) + $REG_S $s0,5*$SZREG($sp) + $REG_S $t3,4*$SZREG($sp) + $REG_S $t2,3*$SZREG($sp) + $REG_S $t1,2*$SZREG($sp) + $REG_S $t0,1*$SZREG($sp) + $REG_S $gp,0*$SZREG($sp) +___ +$code.=<<___ if ($flavour !~ /nubi/i); + .frame $sp,6*$SZREG,$ra + .mask 0x003f0000,-$SZREG + $PTR_SUB $sp,6*$SZREG + $REG_S $s5,5*$SZREG($sp) + $REG_S $s4,4*$SZREG($sp) + $REG_S $s3,3*$SZREG($sp) + $REG_S $s2,2*$SZREG($sp) + $REG_S $s1,1*$SZREG($sp) + $REG_S $s0,0*$SZREG($sp) +___ +$code.=<<___; + + .set reorder + $LD $a_0,0($a1) # If compiled with -mips3 option on + # R5000 box assembler barks on this + # 1ine with "should not have mult/div + # as last instruction in bb (R10K + # bug)" warning. If anybody out there + # has a clue about how to circumvent + # this do send me a note. + # + + $LD $b_0,0($a2) + $LD $a_1,$BNSZ($a1) + $LD $a_2,2*$BNSZ($a1) + $MULTU $a_0,$b_0 # mul_add_c(a[0],b[0],c1,c2,c3); + $LD $a_3,3*$BNSZ($a1) + $LD $b_1,$BNSZ($a2) + $LD $b_2,2*$BNSZ($a2) + $LD $b_3,3*$BNSZ($a2) + mflo $c_1 + mfhi $c_2 + + $LD $a_4,4*$BNSZ($a1) + $LD $a_5,5*$BNSZ($a1) + $MULTU $a_0,$b_1 # mul_add_c(a[0],b[1],c2,c3,c1); + $LD $a_6,6*$BNSZ($a1) + $LD $a_7,7*$BNSZ($a1) + $LD $b_4,4*$BNSZ($a2) + $LD $b_5,5*$BNSZ($a2) + mflo $t_1 + mfhi $t_2 + $ADDU $c_2,$t_1 + sltu $at,$c_2,$t_1 + $MULTU $a_1,$b_0 # mul_add_c(a[1],b[0],c2,c3,c1); + $ADDU $c_3,$t_2,$at + $LD $b_6,6*$BNSZ($a2) + $LD $b_7,7*$BNSZ($a2) + $ST $c_1,0($a0) # r[0]=c1; + mflo $t_1 + mfhi $t_2 + $ADDU $c_2,$t_1 + sltu $at,$c_2,$t_1 + $MULTU $a_2,$b_0 # mul_add_c(a[2],b[0],c3,c1,c2); + $ADDU $t_2,$at + $ADDU $c_3,$t_2 + sltu $c_1,$c_3,$t_2 + $ST $c_2,$BNSZ($a0) # r[1]=c2; + + mflo $t_1 + mfhi $t_2 + $ADDU $c_3,$t_1 + sltu $at,$c_3,$t_1 + $MULTU $a_1,$b_1 # mul_add_c(a[1],b[1],c3,c1,c2); + $ADDU $t_2,$at + $ADDU $c_1,$t_2 + mflo $t_1 + mfhi $t_2 + $ADDU $c_3,$t_1 + sltu $at,$c_3,$t_1 + $MULTU $a_0,$b_2 # mul_add_c(a[0],b[2],c3,c1,c2); + $ADDU $t_2,$at + $ADDU $c_1,$t_2 + sltu $c_2,$c_1,$t_2 + mflo $t_1 + mfhi $t_2 + $ADDU $c_3,$t_1 + sltu $at,$c_3,$t_1 + $MULTU $a_0,$b_3 # mul_add_c(a[0],b[3],c1,c2,c3); + $ADDU $t_2,$at + $ADDU $c_1,$t_2 + sltu $at,$c_1,$t_2 + $ADDU $c_2,$at + $ST $c_3,2*$BNSZ($a0) # r[2]=c3; + + mflo $t_1 + mfhi $t_2 + $ADDU $c_1,$t_1 + sltu $at,$c_1,$t_1 + $MULTU $a_1,$b_2 # mul_add_c(a[1],b[2],c1,c2,c3); + $ADDU $t_2,$at + $ADDU $c_2,$t_2 + sltu $c_3,$c_2,$t_2 + mflo $t_1 + mfhi $t_2 + $ADDU $c_1,$t_1 + sltu $at,$c_1,$t_1 + $MULTU $a_2,$b_1 # mul_add_c(a[2],b[1],c1,c2,c3); + $ADDU $t_2,$at + $ADDU $c_2,$t_2 + sltu $at,$c_2,$t_2 + $ADDU $c_3,$at + mflo $t_1 + mfhi $t_2 + $ADDU $c_1,$t_1 + sltu $at,$c_1,$t_1 + $MULTU $a_3,$b_0 # mul_add_c(a[3],b[0],c1,c2,c3); + $ADDU $t_2,$at + $ADDU $c_2,$t_2 + sltu $at,$c_2,$t_2 + $ADDU $c_3,$at + mflo $t_1 + mfhi $t_2 + $ADDU $c_1,$t_1 + sltu $at,$c_1,$t_1 + $MULTU $a_4,$b_0 # mul_add_c(a[4],b[0],c2,c3,c1); + $ADDU $t_2,$at + $ADDU $c_2,$t_2 + sltu $at,$c_2,$t_2 + $ADDU $c_3,$at + $ST $c_1,3*$BNSZ($a0) # r[3]=c1; + + mflo $t_1 + mfhi $t_2 + $ADDU $c_2,$t_1 + sltu $at,$c_2,$t_1 + $MULTU $a_3,$b_1 # mul_add_c(a[3],b[1],c2,c3,c1); + $ADDU $t_2,$at + $ADDU $c_3,$t_2 + sltu $c_1,$c_3,$t_2 + mflo $t_1 + mfhi $t_2 + $ADDU $c_2,$t_1 + sltu $at,$c_2,$t_1 + $MULTU $a_2,$b_2 # mul_add_c(a[2],b[2],c2,c3,c1); + $ADDU $t_2,$at + $ADDU $c_3,$t_2 + sltu $at,$c_3,$t_2 + $ADDU $c_1,$at + mflo $t_1 + mfhi $t_2 + $ADDU $c_2,$t_1 + sltu $at,$c_2,$t_1 + $MULTU $a_1,$b_3 # mul_add_c(a[1],b[3],c2,c3,c1); + $ADDU $t_2,$at + $ADDU $c_3,$t_2 + sltu $at,$c_3,$t_2 + $ADDU $c_1,$at + mflo $t_1 + mfhi $t_2 + $ADDU $c_2,$t_1 + sltu $at,$c_2,$t_1 + $MULTU $a_0,$b_4 # mul_add_c(a[0],b[4],c2,c3,c1); + $ADDU $t_2,$at + $ADDU $c_3,$t_2 + sltu $at,$c_3,$t_2 + $ADDU $c_1,$at + mflo $t_1 + mfhi $t_2 + $ADDU $c_2,$t_1 + sltu $at,$c_2,$t_1 + $MULTU $a_0,$b_5 # mul_add_c(a[0],b[5],c3,c1,c2); + $ADDU $t_2,$at + $ADDU $c_3,$t_2 + sltu $at,$c_3,$t_2 + $ADDU $c_1,$at + $ST $c_2,4*$BNSZ($a0) # r[4]=c2; + + mflo $t_1 + mfhi $t_2 + $ADDU $c_3,$t_1 + sltu $at,$c_3,$t_1 + $MULTU $a_1,$b_4 # mul_add_c(a[1],b[4],c3,c1,c2); + $ADDU $t_2,$at + $ADDU $c_1,$t_2 + sltu $c_2,$c_1,$t_2 + mflo $t_1 + mfhi $t_2 + $ADDU $c_3,$t_1 + sltu $at,$c_3,$t_1 + $MULTU $a_2,$b_3 # mul_add_c(a[2],b[3],c3,c1,c2); + $ADDU $t_2,$at + $ADDU $c_1,$t_2 + sltu $at,$c_1,$t_2 + $ADDU $c_2,$at + mflo $t_1 + mfhi $t_2 + $ADDU $c_3,$t_1 + sltu $at,$c_3,$t_1 + $MULTU $a_3,$b_2 # mul_add_c(a[3],b[2],c3,c1,c2); + $ADDU $t_2,$at + $ADDU $c_1,$t_2 + sltu $at,$c_1,$t_2 + $ADDU $c_2,$at + mflo $t_1 + mfhi $t_2 + $ADDU $c_3,$t_1 + sltu $at,$c_3,$t_1 + $MULTU $a_4,$b_1 # mul_add_c(a[4],b[1],c3,c1,c2); + $ADDU $t_2,$at + $ADDU $c_1,$t_2 + sltu $at,$c_1,$t_2 + $ADDU $c_2,$at + mflo $t_1 + mfhi $t_2 + $ADDU $c_3,$t_1 + sltu $at,$c_3,$t_1 + $MULTU $a_5,$b_0 # mul_add_c(a[5],b[0],c3,c1,c2); + $ADDU $t_2,$at + $ADDU $c_1,$t_2 + sltu $at,$c_1,$t_2 + $ADDU $c_2,$at + mflo $t_1 + mfhi $t_2 + $ADDU $c_3,$t_1 + sltu $at,$c_3,$t_1 + $MULTU $a_6,$b_0 # mul_add_c(a[6],b[0],c1,c2,c3); + $ADDU $t_2,$at + $ADDU $c_1,$t_2 + sltu $at,$c_1,$t_2 + $ADDU $c_2,$at + $ST $c_3,5*$BNSZ($a0) # r[5]=c3; + + mflo $t_1 + mfhi $t_2 + $ADDU $c_1,$t_1 + sltu $at,$c_1,$t_1 + $MULTU $a_5,$b_1 # mul_add_c(a[5],b[1],c1,c2,c3); + $ADDU $t_2,$at + $ADDU $c_2,$t_2 + sltu $c_3,$c_2,$t_2 + mflo $t_1 + mfhi $t_2 + $ADDU $c_1,$t_1 + sltu $at,$c_1,$t_1 + $MULTU $a_4,$b_2 # mul_add_c(a[4],b[2],c1,c2,c3); + $ADDU $t_2,$at + $ADDU $c_2,$t_2 + sltu $at,$c_2,$t_2 + $ADDU $c_3,$at + mflo $t_1 + mfhi $t_2 + $ADDU $c_1,$t_1 + sltu $at,$c_1,$t_1 + $MULTU $a_3,$b_3 # mul_add_c(a[3],b[3],c1,c2,c3); + $ADDU $t_2,$at + $ADDU $c_2,$t_2 + sltu $at,$c_2,$t_2 + $ADDU $c_3,$at + mflo $t_1 + mfhi $t_2 + $ADDU $c_1,$t_1 + sltu $at,$c_1,$t_1 + $MULTU $a_2,$b_4 # mul_add_c(a[2],b[4],c1,c2,c3); + $ADDU $t_2,$at + $ADDU $c_2,$t_2 + sltu $at,$c_2,$t_2 + $ADDU $c_3,$at + mflo $t_1 + mfhi $t_2 + $ADDU $c_1,$t_1 + sltu $at,$c_1,$t_1 + $MULTU $a_1,$b_5 # mul_add_c(a[1],b[5],c1,c2,c3); + $ADDU $t_2,$at + $ADDU $c_2,$t_2 + sltu $at,$c_2,$t_2 + $ADDU $c_3,$at + mflo $t_1 + mfhi $t_2 + $ADDU $c_1,$t_1 + sltu $at,$c_1,$t_1 + $MULTU $a_0,$b_6 # mul_add_c(a[0],b[6],c1,c2,c3); + $ADDU $t_2,$at + $ADDU $c_2,$t_2 + sltu $at,$c_2,$t_2 + $ADDU $c_3,$at + mflo $t_1 + mfhi $t_2 + $ADDU $c_1,$t_1 + sltu $at,$c_1,$t_1 + $MULTU $a_0,$b_7 # mul_add_c(a[0],b[7],c2,c3,c1); + $ADDU $t_2,$at + $ADDU $c_2,$t_2 + sltu $at,$c_2,$t_2 + $ADDU $c_3,$at + $ST $c_1,6*$BNSZ($a0) # r[6]=c1; + + mflo $t_1 + mfhi $t_2 + $ADDU $c_2,$t_1 + sltu $at,$c_2,$t_1 + $MULTU $a_1,$b_6 # mul_add_c(a[1],b[6],c2,c3,c1); + $ADDU $t_2,$at + $ADDU $c_3,$t_2 + sltu $c_1,$c_3,$t_2 + mflo $t_1 + mfhi $t_2 + $ADDU $c_2,$t_1 + sltu $at,$c_2,$t_1 + $MULTU $a_2,$b_5 # mul_add_c(a[2],b[5],c2,c3,c1); + $ADDU $t_2,$at + $ADDU $c_3,$t_2 + sltu $at,$c_3,$t_2 + $ADDU $c_1,$at + mflo $t_1 + mfhi $t_2 + $ADDU $c_2,$t_1 + sltu $at,$c_2,$t_1 + $MULTU $a_3,$b_4 # mul_add_c(a[3],b[4],c2,c3,c1); + $ADDU $t_2,$at + $ADDU $c_3,$t_2 + sltu $at,$c_3,$t_2 + $ADDU $c_1,$at + mflo $t_1 + mfhi $t_2 + $ADDU $c_2,$t_1 + sltu $at,$c_2,$t_1 + $MULTU $a_4,$b_3 # mul_add_c(a[4],b[3],c2,c3,c1); + $ADDU $t_2,$at + $ADDU $c_3,$t_2 + sltu $at,$c_3,$t_2 + $ADDU $c_1,$at + mflo $t_1 + mfhi $t_2 + $ADDU $c_2,$t_1 + sltu $at,$c_2,$t_1 + $MULTU $a_5,$b_2 # mul_add_c(a[5],b[2],c2,c3,c1); + $ADDU $t_2,$at + $ADDU $c_3,$t_2 + sltu $at,$c_3,$t_2 + $ADDU $c_1,$at + mflo $t_1 + mfhi $t_2 + $ADDU $c_2,$t_1 + sltu $at,$c_2,$t_1 + $MULTU $a_6,$b_1 # mul_add_c(a[6],b[1],c2,c3,c1); + $ADDU $t_2,$at + $ADDU $c_3,$t_2 + sltu $at,$c_3,$t_2 + $ADDU $c_1,$at + mflo $t_1 + mfhi $t_2 + $ADDU $c_2,$t_1 + sltu $at,$c_2,$t_1 + $MULTU $a_7,$b_0 # mul_add_c(a[7],b[0],c2,c3,c1); + $ADDU $t_2,$at + $ADDU $c_3,$t_2 + sltu $at,$c_3,$t_2 + $ADDU $c_1,$at + mflo $t_1 + mfhi $t_2 + $ADDU $c_2,$t_1 + sltu $at,$c_2,$t_1 + $MULTU $a_7,$b_1 # mul_add_c(a[7],b[1],c3,c1,c2); + $ADDU $t_2,$at + $ADDU $c_3,$t_2 + sltu $at,$c_3,$t_2 + $ADDU $c_1,$at + $ST $c_2,7*$BNSZ($a0) # r[7]=c2; + + mflo $t_1 + mfhi $t_2 + $ADDU $c_3,$t_1 + sltu $at,$c_3,$t_1 + $MULTU $a_6,$b_2 # mul_add_c(a[6],b[2],c3,c1,c2); + $ADDU $t_2,$at + $ADDU $c_1,$t_2 + sltu $c_2,$c_1,$t_2 + mflo $t_1 + mfhi $t_2 + $ADDU $c_3,$t_1 + sltu $at,$c_3,$t_1 + $MULTU $a_5,$b_3 # mul_add_c(a[5],b[3],c3,c1,c2); + $ADDU $t_2,$at + $ADDU $c_1,$t_2 + sltu $at,$c_1,$t_2 + $ADDU $c_2,$at + mflo $t_1 + mfhi $t_2 + $ADDU $c_3,$t_1 + sltu $at,$c_3,$t_1 + $MULTU $a_4,$b_4 # mul_add_c(a[4],b[4],c3,c1,c2); + $ADDU $t_2,$at + $ADDU $c_1,$t_2 + sltu $at,$c_1,$t_2 + $ADDU $c_2,$at + mflo $t_1 + mfhi $t_2 + $ADDU $c_3,$t_1 + sltu $at,$c_3,$t_1 + $MULTU $a_3,$b_5 # mul_add_c(a[3],b[5],c3,c1,c2); + $ADDU $t_2,$at + $ADDU $c_1,$t_2 + sltu $at,$c_1,$t_2 + $ADDU $c_2,$at + mflo $t_1 + mfhi $t_2 + $ADDU $c_3,$t_1 + sltu $at,$c_3,$t_1 + $MULTU $a_2,$b_6 # mul_add_c(a[2],b[6],c3,c1,c2); + $ADDU $t_2,$at + $ADDU $c_1,$t_2 + sltu $at,$c_1,$t_2 + $ADDU $c_2,$at + mflo $t_1 + mfhi $t_2 + $ADDU $c_3,$t_1 + sltu $at,$c_3,$t_1 + $MULTU $a_1,$b_7 # mul_add_c(a[1],b[7],c3,c1,c2); + $ADDU $t_2,$at + $ADDU $c_1,$t_2 + sltu $at,$c_1,$t_2 + $ADDU $c_2,$at + mflo $t_1 + mfhi $t_2 + $ADDU $c_3,$t_1 + sltu $at,$c_3,$t_1 + $MULTU $a_2,$b_7 # mul_add_c(a[2],b[7],c1,c2,c3); + $ADDU $t_2,$at + $ADDU $c_1,$t_2 + sltu $at,$c_1,$t_2 + $ADDU $c_2,$at + $ST $c_3,8*$BNSZ($a0) # r[8]=c3; + + mflo $t_1 + mfhi $t_2 + $ADDU $c_1,$t_1 + sltu $at,$c_1,$t_1 + $MULTU $a_3,$b_6 # mul_add_c(a[3],b[6],c1,c2,c3); + $ADDU $t_2,$at + $ADDU $c_2,$t_2 + sltu $c_3,$c_2,$t_2 + mflo $t_1 + mfhi $t_2 + $ADDU $c_1,$t_1 + sltu $at,$c_1,$t_1 + $MULTU $a_4,$b_5 # mul_add_c(a[4],b[5],c1,c2,c3); + $ADDU $t_2,$at + $ADDU $c_2,$t_2 + sltu $at,$c_2,$t_2 + $ADDU $c_3,$at + mflo $t_1 + mfhi $t_2 + $ADDU $c_1,$t_1 + sltu $at,$c_1,$t_1 + $MULTU $a_5,$b_4 # mul_add_c(a[5],b[4],c1,c2,c3); + $ADDU $t_2,$at + $ADDU $c_2,$t_2 + sltu $at,$c_2,$t_2 + $ADDU $c_3,$at + mflo $t_1 + mfhi $t_2 + $ADDU $c_1,$t_1 + sltu $at,$c_1,$t_1 + $MULTU $a_6,$b_3 # mul_add_c(a[6],b[3],c1,c2,c3); + $ADDU $t_2,$at + $ADDU $c_2,$t_2 + sltu $at,$c_2,$t_2 + $ADDU $c_3,$at + mflo $t_1 + mfhi $t_2 + $ADDU $c_1,$t_1 + sltu $at,$c_1,$t_1 + $MULTU $a_7,$b_2 # mul_add_c(a[7],b[2],c1,c2,c3); + $ADDU $t_2,$at + $ADDU $c_2,$t_2 + sltu $at,$c_2,$t_2 + $ADDU $c_3,$at + mflo $t_1 + mfhi $t_2 + $ADDU $c_1,$t_1 + sltu $at,$c_1,$t_1 + $MULTU $a_7,$b_3 # mul_add_c(a[7],b[3],c2,c3,c1); + $ADDU $t_2,$at + $ADDU $c_2,$t_2 + sltu $at,$c_2,$t_2 + $ADDU $c_3,$at + $ST $c_1,9*$BNSZ($a0) # r[9]=c1; + + mflo $t_1 + mfhi $t_2 + $ADDU $c_2,$t_1 + sltu $at,$c_2,$t_1 + $MULTU $a_6,$b_4 # mul_add_c(a[6],b[4],c2,c3,c1); + $ADDU $t_2,$at + $ADDU $c_3,$t_2 + sltu $c_1,$c_3,$t_2 + mflo $t_1 + mfhi $t_2 + $ADDU $c_2,$t_1 + sltu $at,$c_2,$t_1 + $MULTU $a_5,$b_5 # mul_add_c(a[5],b[5],c2,c3,c1); + $ADDU $t_2,$at + $ADDU $c_3,$t_2 + sltu $at,$c_3,$t_2 + $ADDU $c_1,$at + mflo $t_1 + mfhi $t_2 + $ADDU $c_2,$t_1 + sltu $at,$c_2,$t_1 + $MULTU $a_4,$b_6 # mul_add_c(a[4],b[6],c2,c3,c1); + $ADDU $t_2,$at + $ADDU $c_3,$t_2 + sltu $at,$c_3,$t_2 + $ADDU $c_1,$at + mflo $t_1 + mfhi $t_2 + $ADDU $c_2,$t_1 + sltu $at,$c_2,$t_1 + $MULTU $a_3,$b_7 # mul_add_c(a[3],b[7],c2,c3,c1); + $ADDU $t_2,$at + $ADDU $c_3,$t_2 + sltu $at,$c_3,$t_2 + $ADDU $c_1,$at + mflo $t_1 + mfhi $t_2 + $ADDU $c_2,$t_1 + sltu $at,$c_2,$t_1 + $MULTU $a_4,$b_7 # mul_add_c(a[4],b[7],c3,c1,c2); + $ADDU $t_2,$at + $ADDU $c_3,$t_2 + sltu $at,$c_3,$t_2 + $ADDU $c_1,$at + $ST $c_2,10*$BNSZ($a0) # r[10]=c2; + + mflo $t_1 + mfhi $t_2 + $ADDU $c_3,$t_1 + sltu $at,$c_3,$t_1 + $MULTU $a_5,$b_6 # mul_add_c(a[5],b[6],c3,c1,c2); + $ADDU $t_2,$at + $ADDU $c_1,$t_2 + sltu $c_2,$c_1,$t_2 + mflo $t_1 + mfhi $t_2 + $ADDU $c_3,$t_1 + sltu $at,$c_3,$t_1 + $MULTU $a_6,$b_5 # mul_add_c(a[6],b[5],c3,c1,c2); + $ADDU $t_2,$at + $ADDU $c_1,$t_2 + sltu $at,$c_1,$t_2 + $ADDU $c_2,$at + mflo $t_1 + mfhi $t_2 + $ADDU $c_3,$t_1 + sltu $at,$c_3,$t_1 + $MULTU $a_7,$b_4 # mul_add_c(a[7],b[4],c3,c1,c2); + $ADDU $t_2,$at + $ADDU $c_1,$t_2 + sltu $at,$c_1,$t_2 + $ADDU $c_2,$at + mflo $t_1 + mfhi $t_2 + $ADDU $c_3,$t_1 + sltu $at,$c_3,$t_1 + $MULTU $a_7,$b_5 # mul_add_c(a[7],b[5],c1,c2,c3); + $ADDU $t_2,$at + $ADDU $c_1,$t_2 + sltu $at,$c_1,$t_2 + $ADDU $c_2,$at + $ST $c_3,11*$BNSZ($a0) # r[11]=c3; + + mflo $t_1 + mfhi $t_2 + $ADDU $c_1,$t_1 + sltu $at,$c_1,$t_1 + $MULTU $a_6,$b_6 # mul_add_c(a[6],b[6],c1,c2,c3); + $ADDU $t_2,$at + $ADDU $c_2,$t_2 + sltu $c_3,$c_2,$t_2 + mflo $t_1 + mfhi $t_2 + $ADDU $c_1,$t_1 + sltu $at,$c_1,$t_1 + $MULTU $a_5,$b_7 # mul_add_c(a[5],b[7],c1,c2,c3); + $ADDU $t_2,$at + $ADDU $c_2,$t_2 + sltu $at,$c_2,$t_2 + $ADDU $c_3,$at + mflo $t_1 + mfhi $t_2 + $ADDU $c_1,$t_1 + sltu $at,$c_1,$t_1 + $MULTU $a_6,$b_7 # mul_add_c(a[6],b[7],c2,c3,c1); + $ADDU $t_2,$at + $ADDU $c_2,$t_2 + sltu $at,$c_2,$t_2 + $ADDU $c_3,$at + $ST $c_1,12*$BNSZ($a0) # r[12]=c1; + + mflo $t_1 + mfhi $t_2 + $ADDU $c_2,$t_1 + sltu $at,$c_2,$t_1 + $MULTU $a_7,$b_6 # mul_add_c(a[7],b[6],c2,c3,c1); + $ADDU $t_2,$at + $ADDU $c_3,$t_2 + sltu $c_1,$c_3,$t_2 + mflo $t_1 + mfhi $t_2 + $ADDU $c_2,$t_1 + sltu $at,$c_2,$t_1 + $MULTU $a_7,$b_7 # mul_add_c(a[7],b[7],c3,c1,c2); + $ADDU $t_2,$at + $ADDU $c_3,$t_2 + sltu $at,$c_3,$t_2 + $ADDU $c_1,$at + $ST $c_2,13*$BNSZ($a0) # r[13]=c2; + + mflo $t_1 + mfhi $t_2 + $ADDU $c_3,$t_1 + sltu $at,$c_3,$t_1 + $ADDU $t_2,$at + $ADDU $c_1,$t_2 + $ST $c_3,14*$BNSZ($a0) # r[14]=c3; + $ST $c_1,15*$BNSZ($a0) # r[15]=c1; + + .set noreorder +___ +$code.=<<___ if ($flavour =~ /nubi/i); + $REG_L $s5,10*$SZREG($sp) + $REG_L $s4,9*$SZREG($sp) + $REG_L $s3,8*$SZREG($sp) + $REG_L $s2,7*$SZREG($sp) + $REG_L $s1,6*$SZREG($sp) + $REG_L $s0,5*$SZREG($sp) + $REG_L $t3,4*$SZREG($sp) + $REG_L $t2,3*$SZREG($sp) + $REG_L $t1,2*$SZREG($sp) + $REG_L $t0,1*$SZREG($sp) + $REG_L $gp,0*$SZREG($sp) + jr $ra + $PTR_ADD $sp,12*$SZREG +___ +$code.=<<___ if ($flavour !~ /nubi/i); + $REG_L $s5,5*$SZREG($sp) + $REG_L $s4,4*$SZREG($sp) + $REG_L $s3,3*$SZREG($sp) + $REG_L $s2,2*$SZREG($sp) + $REG_L $s1,1*$SZREG($sp) + $REG_L $s0,0*$SZREG($sp) + jr $ra + $PTR_ADD $sp,6*$SZREG +___ +$code.=<<___; +.end bn_mul_comba8 + +.align 5 +.globl bn_mul_comba4 +.ent bn_mul_comba4 +bn_mul_comba4: +___ +$code.=<<___ if ($flavour =~ /nubi/i); + .frame $sp,6*$SZREG,$ra + .mask 0x8000f008,-$SZREG + .set noreorder + $PTR_SUB $sp,6*$SZREG + $REG_S $ra,5*$SZREG($sp) + $REG_S $t3,4*$SZREG($sp) + $REG_S $t2,3*$SZREG($sp) + $REG_S $t1,2*$SZREG($sp) + $REG_S $t0,1*$SZREG($sp) + $REG_S $gp,0*$SZREG($sp) +___ +$code.=<<___; + .set reorder + $LD $a_0,0($a1) + $LD $b_0,0($a2) + $LD $a_1,$BNSZ($a1) + $LD $a_2,2*$BNSZ($a1) + $MULTU $a_0,$b_0 # mul_add_c(a[0],b[0],c1,c2,c3); + $LD $a_3,3*$BNSZ($a1) + $LD $b_1,$BNSZ($a2) + $LD $b_2,2*$BNSZ($a2) + $LD $b_3,3*$BNSZ($a2) + mflo $c_1 + mfhi $c_2 + $ST $c_1,0($a0) + + $MULTU $a_0,$b_1 # mul_add_c(a[0],b[1],c2,c3,c1); + mflo $t_1 + mfhi $t_2 + $ADDU $c_2,$t_1 + sltu $at,$c_2,$t_1 + $MULTU $a_1,$b_0 # mul_add_c(a[1],b[0],c2,c3,c1); + $ADDU $c_3,$t_2,$at + mflo $t_1 + mfhi $t_2 + $ADDU $c_2,$t_1 + sltu $at,$c_2,$t_1 + $MULTU $a_2,$b_0 # mul_add_c(a[2],b[0],c3,c1,c2); + $ADDU $t_2,$at + $ADDU $c_3,$t_2 + sltu $c_1,$c_3,$t_2 + $ST $c_2,$BNSZ($a0) + + mflo $t_1 + mfhi $t_2 + $ADDU $c_3,$t_1 + sltu $at,$c_3,$t_1 + $MULTU $a_1,$b_1 # mul_add_c(a[1],b[1],c3,c1,c2); + $ADDU $t_2,$at + $ADDU $c_1,$t_2 + mflo $t_1 + mfhi $t_2 + $ADDU $c_3,$t_1 + sltu $at,$c_3,$t_1 + $MULTU $a_0,$b_2 # mul_add_c(a[0],b[2],c3,c1,c2); + $ADDU $t_2,$at + $ADDU $c_1,$t_2 + sltu $c_2,$c_1,$t_2 + mflo $t_1 + mfhi $t_2 + $ADDU $c_3,$t_1 + sltu $at,$c_3,$t_1 + $MULTU $a_0,$b_3 # mul_add_c(a[0],b[3],c1,c2,c3); + $ADDU $t_2,$at + $ADDU $c_1,$t_2 + sltu $at,$c_1,$t_2 + $ADDU $c_2,$at + $ST $c_3,2*$BNSZ($a0) + + mflo $t_1 + mfhi $t_2 + $ADDU $c_1,$t_1 + sltu $at,$c_1,$t_1 + $MULTU $a_1,$b_2 # mul_add_c(a[1],b[2],c1,c2,c3); + $ADDU $t_2,$at + $ADDU $c_2,$t_2 + sltu $c_3,$c_2,$t_2 + mflo $t_1 + mfhi $t_2 + $ADDU $c_1,$t_1 + sltu $at,$c_1,$t_1 + $MULTU $a_2,$b_1 # mul_add_c(a[2],b[1],c1,c2,c3); + $ADDU $t_2,$at + $ADDU $c_2,$t_2 + sltu $at,$c_2,$t_2 + $ADDU $c_3,$at + mflo $t_1 + mfhi $t_2 + $ADDU $c_1,$t_1 + sltu $at,$c_1,$t_1 + $MULTU $a_3,$b_0 # mul_add_c(a[3],b[0],c1,c2,c3); + $ADDU $t_2,$at + $ADDU $c_2,$t_2 + sltu $at,$c_2,$t_2 + $ADDU $c_3,$at + mflo $t_1 + mfhi $t_2 + $ADDU $c_1,$t_1 + sltu $at,$c_1,$t_1 + $MULTU $a_3,$b_1 # mul_add_c(a[3],b[1],c2,c3,c1); + $ADDU $t_2,$at + $ADDU $c_2,$t_2 + sltu $at,$c_2,$t_2 + $ADDU $c_3,$at + $ST $c_1,3*$BNSZ($a0) + + mflo $t_1 + mfhi $t_2 + $ADDU $c_2,$t_1 + sltu $at,$c_2,$t_1 + $MULTU $a_2,$b_2 # mul_add_c(a[2],b[2],c2,c3,c1); + $ADDU $t_2,$at + $ADDU $c_3,$t_2 + sltu $c_1,$c_3,$t_2 + mflo $t_1 + mfhi $t_2 + $ADDU $c_2,$t_1 + sltu $at,$c_2,$t_1 + $MULTU $a_1,$b_3 # mul_add_c(a[1],b[3],c2,c3,c1); + $ADDU $t_2,$at + $ADDU $c_3,$t_2 + sltu $at,$c_3,$t_2 + $ADDU $c_1,$at + mflo $t_1 + mfhi $t_2 + $ADDU $c_2,$t_1 + sltu $at,$c_2,$t_1 + $MULTU $a_2,$b_3 # mul_add_c(a[2],b[3],c3,c1,c2); + $ADDU $t_2,$at + $ADDU $c_3,$t_2 + sltu $at,$c_3,$t_2 + $ADDU $c_1,$at + $ST $c_2,4*$BNSZ($a0) + + mflo $t_1 + mfhi $t_2 + $ADDU $c_3,$t_1 + sltu $at,$c_3,$t_1 + $MULTU $a_3,$b_2 # mul_add_c(a[3],b[2],c3,c1,c2); + $ADDU $t_2,$at + $ADDU $c_1,$t_2 + sltu $c_2,$c_1,$t_2 + mflo $t_1 + mfhi $t_2 + $ADDU $c_3,$t_1 + sltu $at,$c_3,$t_1 + $MULTU $a_3,$b_3 # mul_add_c(a[3],b[3],c1,c2,c3); + $ADDU $t_2,$at + $ADDU $c_1,$t_2 + sltu $at,$c_1,$t_2 + $ADDU $c_2,$at + $ST $c_3,5*$BNSZ($a0) + + mflo $t_1 + mfhi $t_2 + $ADDU $c_1,$t_1 + sltu $at,$c_1,$t_1 + $ADDU $t_2,$at + $ADDU $c_2,$t_2 + $ST $c_1,6*$BNSZ($a0) + $ST $c_2,7*$BNSZ($a0) + + .set noreorder +___ +$code.=<<___ if ($flavour =~ /nubi/i); + $REG_L $t3,4*$SZREG($sp) + $REG_L $t2,3*$SZREG($sp) + $REG_L $t1,2*$SZREG($sp) + $REG_L $t0,1*$SZREG($sp) + $REG_L $gp,0*$SZREG($sp) + $PTR_ADD $sp,6*$SZREG +___ +$code.=<<___; + jr $ra + nop +.end bn_mul_comba4 +___ + +($a_4,$a_5,$a_6,$a_7)=($b_0,$b_1,$b_2,$b_3); + +sub add_c2 () { +my ($hi,$lo,$c0,$c1,$c2, + $warm, # !$warm denotes first call with specific sequence of + # $c_[XYZ] when there is no Z-carry to accumulate yet; + $an,$bn # these two are arguments for multiplication which + # result is used in *next* step [which is why it's + # commented as "forward multiplication" below]; + )=@_; +$code.=<<___; + mflo $lo + mfhi $hi + $ADDU $c0,$lo + sltu $at,$c0,$lo + $MULTU $an,$bn # forward multiplication + $ADDU $c0,$lo + $ADDU $at,$hi + sltu $lo,$c0,$lo + $ADDU $c1,$at + $ADDU $hi,$lo +___ +$code.=<<___ if (!$warm); + sltu $c2,$c1,$at + $ADDU $c1,$hi + sltu $hi,$c1,$hi + $ADDU $c2,$hi +___ +$code.=<<___ if ($warm); + sltu $at,$c1,$at + $ADDU $c1,$hi + $ADDU $c2,$at + sltu $hi,$c1,$hi + $ADDU $c2,$hi +___ +} + +$code.=<<___; + +.align 5 +.globl bn_sqr_comba8 +.ent bn_sqr_comba8 +bn_sqr_comba8: +___ +$code.=<<___ if ($flavour =~ /nubi/i); + .frame $sp,6*$SZREG,$ra + .mask 0x8000f008,-$SZREG + .set noreorder + $PTR_SUB $sp,6*$SZREG + $REG_S $ra,5*$SZREG($sp) + $REG_S $t3,4*$SZREG($sp) + $REG_S $t2,3*$SZREG($sp) + $REG_S $t1,2*$SZREG($sp) + $REG_S $t0,1*$SZREG($sp) + $REG_S $gp,0*$SZREG($sp) +___ +$code.=<<___; + .set reorder + $LD $a_0,0($a1) + $LD $a_1,$BNSZ($a1) + $LD $a_2,2*$BNSZ($a1) + $LD $a_3,3*$BNSZ($a1) + + $MULTU $a_0,$a_0 # mul_add_c(a[0],b[0],c1,c2,c3); + $LD $a_4,4*$BNSZ($a1) + $LD $a_5,5*$BNSZ($a1) + $LD $a_6,6*$BNSZ($a1) + $LD $a_7,7*$BNSZ($a1) + mflo $c_1 + mfhi $c_2 + $ST $c_1,0($a0) + + $MULTU $a_0,$a_1 # mul_add_c2(a[0],b[1],c2,c3,c1); + mflo $t_1 + mfhi $t_2 + slt $c_1,$t_2,$zero + $SLL $t_2,1 + $MULTU $a_2,$a_0 # mul_add_c2(a[2],b[0],c3,c1,c2); + slt $a2,$t_1,$zero + $ADDU $t_2,$a2 + $SLL $t_1,1 + $ADDU $c_2,$t_1 + sltu $at,$c_2,$t_1 + $ADDU $c_3,$t_2,$at + $ST $c_2,$BNSZ($a0) +___ + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0, + $a_1,$a_1); # mul_add_c(a[1],b[1],c3,c1,c2); +$code.=<<___; + mflo $t_1 + mfhi $t_2 + $ADDU $c_3,$t_1 + sltu $at,$c_3,$t_1 + $MULTU $a_0,$a_3 # mul_add_c2(a[0],b[3],c1,c2,c3); + $ADDU $t_2,$at + $ADDU $c_1,$t_2 + sltu $at,$c_1,$t_2 + $ADDU $c_2,$at + $ST $c_3,2*$BNSZ($a0) +___ + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0, + $a_1,$a_2); # mul_add_c2(a[1],b[2],c1,c2,c3); + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1, + $a_4,$a_0); # mul_add_c2(a[4],b[0],c2,c3,c1); +$code.=<<___; + $ST $c_1,3*$BNSZ($a0) +___ + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0, + $a_3,$a_1); # mul_add_c2(a[3],b[1],c2,c3,c1); + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1, + $a_2,$a_2); # mul_add_c(a[2],b[2],c2,c3,c1); +$code.=<<___; + mflo $t_1 + mfhi $t_2 + $ADDU $c_2,$t_1 + sltu $at,$c_2,$t_1 + $MULTU $a_0,$a_5 # mul_add_c2(a[0],b[5],c3,c1,c2); + $ADDU $t_2,$at + $ADDU $c_3,$t_2 + sltu $at,$c_3,$t_2 + $ADDU $c_1,$at + $ST $c_2,4*$BNSZ($a0) +___ + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0, + $a_1,$a_4); # mul_add_c2(a[1],b[4],c3,c1,c2); + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1, + $a_2,$a_3); # mul_add_c2(a[2],b[3],c3,c1,c2); + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1, + $a_6,$a_0); # mul_add_c2(a[6],b[0],c1,c2,c3); +$code.=<<___; + $ST $c_3,5*$BNSZ($a0) +___ + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0, + $a_5,$a_1); # mul_add_c2(a[5],b[1],c1,c2,c3); + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1, + $a_4,$a_2); # mul_add_c2(a[4],b[2],c1,c2,c3); + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1, + $a_3,$a_3); # mul_add_c(a[3],b[3],c1,c2,c3); +$code.=<<___; + mflo $t_1 + mfhi $t_2 + $ADDU $c_1,$t_1 + sltu $at,$c_1,$t_1 + $MULTU $a_0,$a_7 # mul_add_c2(a[0],b[7],c2,c3,c1); + $ADDU $t_2,$at + $ADDU $c_2,$t_2 + sltu $at,$c_2,$t_2 + $ADDU $c_3,$at + $ST $c_1,6*$BNSZ($a0) +___ + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0, + $a_1,$a_6); # mul_add_c2(a[1],b[6],c2,c3,c1); + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1, + $a_2,$a_5); # mul_add_c2(a[2],b[5],c2,c3,c1); + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1, + $a_3,$a_4); # mul_add_c2(a[3],b[4],c2,c3,c1); + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1, + $a_7,$a_1); # mul_add_c2(a[7],b[1],c3,c1,c2); +$code.=<<___; + $ST $c_2,7*$BNSZ($a0) +___ + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0, + $a_6,$a_2); # mul_add_c2(a[6],b[2],c3,c1,c2); + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1, + $a_5,$a_3); # mul_add_c2(a[5],b[3],c3,c1,c2); + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1, + $a_4,$a_4); # mul_add_c(a[4],b[4],c3,c1,c2); +$code.=<<___; + mflo $t_1 + mfhi $t_2 + $ADDU $c_3,$t_1 + sltu $at,$c_3,$t_1 + $MULTU $a_2,$a_7 # mul_add_c2(a[2],b[7],c1,c2,c3); + $ADDU $t_2,$at + $ADDU $c_1,$t_2 + sltu $at,$c_1,$t_2 + $ADDU $c_2,$at + $ST $c_3,8*$BNSZ($a0) +___ + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0, + $a_3,$a_6); # mul_add_c2(a[3],b[6],c1,c2,c3); + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1, + $a_4,$a_5); # mul_add_c2(a[4],b[5],c1,c2,c3); + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1, + $a_7,$a_3); # mul_add_c2(a[7],b[3],c2,c3,c1); +$code.=<<___; + $ST $c_1,9*$BNSZ($a0) +___ + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0, + $a_6,$a_4); # mul_add_c2(a[6],b[4],c2,c3,c1); + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1, + $a_5,$a_5); # mul_add_c(a[5],b[5],c2,c3,c1); +$code.=<<___; + mflo $t_1 + mfhi $t_2 + $ADDU $c_2,$t_1 + sltu $at,$c_2,$t_1 + $MULTU $a_4,$a_7 # mul_add_c2(a[4],b[7],c3,c1,c2); + $ADDU $t_2,$at + $ADDU $c_3,$t_2 + sltu $at,$c_3,$t_2 + $ADDU $c_1,$at + $ST $c_2,10*$BNSZ($a0) +___ + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0, + $a_5,$a_6); # mul_add_c2(a[5],b[6],c3,c1,c2); + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1, + $a_7,$a_5); # mul_add_c2(a[7],b[5],c1,c2,c3); +$code.=<<___; + $ST $c_3,11*$BNSZ($a0) +___ + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0, + $a_6,$a_6); # mul_add_c(a[6],b[6],c1,c2,c3); +$code.=<<___; + mflo $t_1 + mfhi $t_2 + $ADDU $c_1,$t_1 + sltu $at,$c_1,$t_1 + $MULTU $a_6,$a_7 # mul_add_c2(a[6],b[7],c2,c3,c1); + $ADDU $t_2,$at + $ADDU $c_2,$t_2 + sltu $at,$c_2,$t_2 + $ADDU $c_3,$at + $ST $c_1,12*$BNSZ($a0) +___ + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0, + $a_7,$a_7); # mul_add_c(a[7],b[7],c3,c1,c2); +$code.=<<___; + $ST $c_2,13*$BNSZ($a0) + + mflo $t_1 + mfhi $t_2 + $ADDU $c_3,$t_1 + sltu $at,$c_3,$t_1 + $ADDU $t_2,$at + $ADDU $c_1,$t_2 + $ST $c_3,14*$BNSZ($a0) + $ST $c_1,15*$BNSZ($a0) + + .set noreorder +___ +$code.=<<___ if ($flavour =~ /nubi/i); + $REG_L $t3,4*$SZREG($sp) + $REG_L $t2,3*$SZREG($sp) + $REG_L $t1,2*$SZREG($sp) + $REG_L $t0,1*$SZREG($sp) + $REG_L $gp,0*$SZREG($sp) + $PTR_ADD $sp,6*$SZREG +___ +$code.=<<___; + jr $ra + nop +.end bn_sqr_comba8 + +.align 5 +.globl bn_sqr_comba4 +.ent bn_sqr_comba4 +bn_sqr_comba4: +___ +$code.=<<___ if ($flavour =~ /nubi/i); + .frame $sp,6*$SZREG,$ra + .mask 0x8000f008,-$SZREG + .set noreorder + $PTR_SUB $sp,6*$SZREG + $REG_S $ra,5*$SZREG($sp) + $REG_S $t3,4*$SZREG($sp) + $REG_S $t2,3*$SZREG($sp) + $REG_S $t1,2*$SZREG($sp) + $REG_S $t0,1*$SZREG($sp) + $REG_S $gp,0*$SZREG($sp) +___ +$code.=<<___; + .set reorder + $LD $a_0,0($a1) + $LD $a_1,$BNSZ($a1) + $MULTU $a_0,$a_0 # mul_add_c(a[0],b[0],c1,c2,c3); + $LD $a_2,2*$BNSZ($a1) + $LD $a_3,3*$BNSZ($a1) + mflo $c_1 + mfhi $c_2 + $ST $c_1,0($a0) + + $MULTU $a_0,$a_1 # mul_add_c2(a[0],b[1],c2,c3,c1); + mflo $t_1 + mfhi $t_2 + slt $c_1,$t_2,$zero + $SLL $t_2,1 + $MULTU $a_2,$a_0 # mul_add_c2(a[2],b[0],c3,c1,c2); + slt $a2,$t_1,$zero + $ADDU $t_2,$a2 + $SLL $t_1,1 + $ADDU $c_2,$t_1 + sltu $at,$c_2,$t_1 + $ADDU $c_3,$t_2,$at + $ST $c_2,$BNSZ($a0) +___ + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0, + $a_1,$a_1); # mul_add_c(a[1],b[1],c3,c1,c2); +$code.=<<___; + mflo $t_1 + mfhi $t_2 + $ADDU $c_3,$t_1 + sltu $at,$c_3,$t_1 + $MULTU $a_0,$a_3 # mul_add_c2(a[0],b[3],c1,c2,c3); + $ADDU $t_2,$at + $ADDU $c_1,$t_2 + sltu $at,$c_1,$t_2 + $ADDU $c_2,$at + $ST $c_3,2*$BNSZ($a0) +___ + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0, + $a_1,$a_2); # mul_add_c2(a2[1],b[2],c1,c2,c3); + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1, + $a_3,$a_1); # mul_add_c2(a[3],b[1],c2,c3,c1); +$code.=<<___; + $ST $c_1,3*$BNSZ($a0) +___ + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0, + $a_2,$a_2); # mul_add_c(a[2],b[2],c2,c3,c1); +$code.=<<___; + mflo $t_1 + mfhi $t_2 + $ADDU $c_2,$t_1 + sltu $at,$c_2,$t_1 + $MULTU $a_2,$a_3 # mul_add_c2(a[2],b[3],c3,c1,c2); + $ADDU $t_2,$at + $ADDU $c_3,$t_2 + sltu $at,$c_3,$t_2 + $ADDU $c_1,$at + $ST $c_2,4*$BNSZ($a0) +___ + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0, + $a_3,$a_3); # mul_add_c(a[3],b[3],c1,c2,c3); +$code.=<<___; + $ST $c_3,5*$BNSZ($a0) + + mflo $t_1 + mfhi $t_2 + $ADDU $c_1,$t_1 + sltu $at,$c_1,$t_1 + $ADDU $t_2,$at + $ADDU $c_2,$t_2 + $ST $c_1,6*$BNSZ($a0) + $ST $c_2,7*$BNSZ($a0) + + .set noreorder +___ +$code.=<<___ if ($flavour =~ /nubi/i); + $REG_L $t3,4*$SZREG($sp) + $REG_L $t2,3*$SZREG($sp) + $REG_L $t1,2*$SZREG($sp) + $REG_L $t0,1*$SZREG($sp) + $REG_L $gp,0*$SZREG($sp) + $PTR_ADD $sp,6*$SZREG +___ +$code.=<<___; + jr $ra + nop +.end bn_sqr_comba4 +___ +print $code; +close STDOUT; diff --git a/src/lib/libcrypto/bn/asm/mips1.s b/src/lib/libcrypto/bn/asm/mips1.s deleted file mode 100644 index 44fa1254c76..00000000000 --- a/src/lib/libcrypto/bn/asm/mips1.s +++ /dev/null @@ -1,539 +0,0 @@ -/* This assember is for R2000/R3000 machines, or higher ones that do - * no want to do any 64 bit arithmatic. - * Make sure that the SSLeay bignum library is compiled with - * THIRTY_TWO_BIT set. - * This must either be compiled with the system CC, or, if you use GNU gas, - * cc -E mips1.s|gas -o mips1.o - */ - .set reorder - .set noat - -#define R1 $1 -#define CC $2 -#define R2 $3 -#define R3 $8 -#define R4 $9 -#define L1 $10 -#define L2 $11 -#define L3 $12 -#define L4 $13 -#define H1 $14 -#define H2 $15 -#define H3 $24 -#define H4 $25 - -#define P1 $4 -#define P2 $5 -#define P3 $6 -#define P4 $7 - - .align 2 - .ent bn_mul_add_words - .globl bn_mul_add_words -.text -bn_mul_add_words: - .frame $sp,0,$31 - .mask 0x00000000,0 - .fmask 0x00000000,0 - - #blt P3,4,$lab34 - - subu R1,P3,4 - move CC,$0 - bltz R1,$lab34 -$lab2: - lw R1,0(P1) - lw L1,0(P2) - lw R2,4(P1) - lw L2,4(P2) - lw R3,8(P1) - lw L3,8(P2) - lw R4,12(P1) - lw L4,12(P2) - multu L1,P4 - addu R1,R1,CC - mflo L1 - sltu CC,R1,CC - addu R1,R1,L1 - mfhi H1 - sltu L1,R1,L1 - sw R1,0(P1) - addu CC,CC,L1 - multu L2,P4 - addu CC,H1,CC - mflo L2 - addu R2,R2,CC - sltu CC,R2,CC - mfhi H2 - addu R2,R2,L2 - addu P2,P2,16 - sltu L2,R2,L2 - sw R2,4(P1) - addu CC,CC,L2 - multu L3,P4 - addu CC,H2,CC - mflo L3 - addu R3,R3,CC - sltu CC,R3,CC - mfhi H3 - addu R3,R3,L3 - addu P1,P1,16 - sltu L3,R3,L3 - sw R3,-8(P1) - addu CC,CC,L3 - multu L4,P4 - addu CC,H3,CC - mflo L4 - addu R4,R4,CC - sltu CC,R4,CC - mfhi H4 - addu R4,R4,L4 - subu P3,P3,4 - sltu L4,R4,L4 - addu CC,CC,L4 - addu CC,H4,CC - - subu R1,P3,4 - sw R4,-4(P1) # delay slot - bgez R1,$lab2 - - bleu P3,0,$lab3 - .align 2 -$lab33: - lw L1,0(P2) - lw R1,0(P1) - multu L1,P4 - addu R1,R1,CC - sltu CC,R1,CC - addu P1,P1,4 - mflo L1 - mfhi H1 - addu R1,R1,L1 - addu P2,P2,4 - sltu L1,R1,L1 - subu P3,P3,1 - addu CC,CC,L1 - sw R1,-4(P1) - addu CC,H1,CC - bgtz P3,$lab33 - j $31 - .align 2 -$lab3: - j $31 - .align 2 -$lab34: - bgt P3,0,$lab33 - j $31 - .end bn_mul_add_words - - .align 2 - # Program Unit: bn_mul_words - .ent bn_mul_words - .globl bn_mul_words -.text -bn_mul_words: - .frame $sp,0,$31 - .mask 0x00000000,0 - .fmask 0x00000000,0 - - subu P3,P3,4 - move CC,$0 - bltz P3,$lab45 -$lab44: - lw L1,0(P2) - lw L2,4(P2) - lw L3,8(P2) - lw L4,12(P2) - multu L1,P4 - subu P3,P3,4 - mflo L1 - mfhi H1 - addu L1,L1,CC - multu L2,P4 - sltu CC,L1,CC - sw L1,0(P1) - addu CC,H1,CC - mflo L2 - mfhi H2 - addu L2,L2,CC - multu L3,P4 - sltu CC,L2,CC - sw L2,4(P1) - addu CC,H2,CC - mflo L3 - mfhi H3 - addu L3,L3,CC - multu L4,P4 - sltu CC,L3,CC - sw L3,8(P1) - addu CC,H3,CC - mflo L4 - mfhi H4 - addu L4,L4,CC - addu P1,P1,16 - sltu CC,L4,CC - addu P2,P2,16 - addu CC,H4,CC - sw L4,-4(P1) - - bgez P3,$lab44 - b $lab45 -$lab46: - lw L1,0(P2) - addu P1,P1,4 - multu L1,P4 - addu P2,P2,4 - mflo L1 - mfhi H1 - addu L1,L1,CC - subu P3,P3,1 - sltu CC,L1,CC - sw L1,-4(P1) - addu CC,H1,CC - bgtz P3,$lab46 - j $31 -$lab45: - addu P3,P3,4 - bgtz P3,$lab46 - j $31 - .align 2 - .end bn_mul_words - - # Program Unit: bn_sqr_words - .ent bn_sqr_words - .globl bn_sqr_words -.text -bn_sqr_words: - .frame $sp,0,$31 - .mask 0x00000000,0 - .fmask 0x00000000,0 - - subu P3,P3,4 - bltz P3,$lab55 -$lab54: - lw L1,0(P2) - lw L2,4(P2) - lw L3,8(P2) - lw L4,12(P2) - - multu L1,L1 - subu P3,P3,4 - mflo L1 - mfhi H1 - sw L1,0(P1) - sw H1,4(P1) - - multu L2,L2 - addu P1,P1,32 - mflo L2 - mfhi H2 - sw L2,-24(P1) - sw H2,-20(P1) - - multu L3,L3 - addu P2,P2,16 - mflo L3 - mfhi H3 - sw L3,-16(P1) - sw H3,-12(P1) - - multu L4,L4 - - mflo L4 - mfhi H4 - sw L4,-8(P1) - sw H4,-4(P1) - - bgtz P3,$lab54 - b $lab55 -$lab56: - lw L1,0(P2) - addu P1,P1,8 - multu L1,L1 - addu P2,P2,4 - subu P3,P3,1 - mflo L1 - mfhi H1 - sw L1,-8(P1) - sw H1,-4(P1) - - bgtz P3,$lab56 - j $31 -$lab55: - addu P3,P3,4 - bgtz P3,$lab56 - j $31 - .align 2 - .end bn_sqr_words - - # Program Unit: bn_add_words - .ent bn_add_words - .globl bn_add_words -.text -bn_add_words: # 0x590 - .frame $sp,0,$31 - .mask 0x00000000,0 - .fmask 0x00000000,0 - - subu P4,P4,4 - move CC,$0 - bltz P4,$lab65 -$lab64: - lw L1,0(P2) - lw R1,0(P3) - lw L2,4(P2) - lw R2,4(P3) - - addu L1,L1,CC - lw L3,8(P2) - sltu CC,L1,CC - addu L1,L1,R1 - sltu R1,L1,R1 - lw R3,8(P3) - addu CC,CC,R1 - lw L4,12(P2) - - addu L2,L2,CC - lw R4,12(P3) - sltu CC,L2,CC - addu L2,L2,R2 - sltu R2,L2,R2 - sw L1,0(P1) - addu CC,CC,R2 - addu P1,P1,16 - addu L3,L3,CC - sw L2,-12(P1) - - sltu CC,L3,CC - addu L3,L3,R3 - sltu R3,L3,R3 - addu P2,P2,16 - addu CC,CC,R3 - - addu L4,L4,CC - addu P3,P3,16 - sltu CC,L4,CC - addu L4,L4,R4 - subu P4,P4,4 - sltu R4,L4,R4 - sw L3,-8(P1) - addu CC,CC,R4 - sw L4,-4(P1) - - bgtz P4,$lab64 - b $lab65 -$lab66: - lw L1,0(P2) - lw R1,0(P3) - addu L1,L1,CC - addu P1,P1,4 - sltu CC,L1,CC - addu P2,P2,4 - addu P3,P3,4 - addu L1,L1,R1 - subu P4,P4,1 - sltu R1,L1,R1 - sw L1,-4(P1) - addu CC,CC,R1 - - bgtz P4,$lab66 - j $31 -$lab65: - addu P4,P4,4 - bgtz P4,$lab66 - j $31 - .end bn_add_words - - # Program Unit: bn_div64 - .set at - .set reorder - .text - .align 2 - .globl bn_div64 - # 321 { - .ent bn_div64 2 -bn_div64: - subu $sp, 64 - sw $31, 56($sp) - sw $16, 48($sp) - .mask 0x80010000, -56 - .frame $sp, 64, $31 - move $9, $4 - move $12, $5 - move $16, $6 - # 322 BN_ULONG dh,dl,q,ret=0,th,tl,t; - move $31, $0 - # 323 int i,count=2; - li $13, 2 - # 324 - # 325 if (d == 0) return(BN_MASK2); - bne $16, 0, $80 - li $2, -1 - b $93 -$80: - # 326 - # 327 i=BN_num_bits_word(d); - move $4, $16 - sw $31, 16($sp) - sw $9, 24($sp) - sw $12, 32($sp) - sw $13, 40($sp) - .livereg 0x800ff0e,0xfff - jal BN_num_bits_word - li $4, 32 - lw $31, 16($sp) - lw $9, 24($sp) - lw $12, 32($sp) - lw $13, 40($sp) - move $3, $2 - # 328 if ((i != BN_BITS2) && (h > (BN_ULONG)1<= d) h-=d; - bltu $9, $16, $82 - subu $9, $9, $16 -$82: - # 337 - # 338 if (i) - beq $3, 0, $83 - # 339 { - # 340 d<<=i; - sll $16, $16, $3 - # 341 h=(h<>(BN_BITS2-i)); - sll $24, $9, $3 - subu $25, $4, $3 - srl $14, $12, $25 - or $9, $24, $14 - # 342 l<<=i; - sll $12, $12, $3 - # 343 } -$83: - # 344 dh=(d&BN_MASK2h)>>BN_BITS4; - # 345 dl=(d&BN_MASK2l); - and $8, $16, -65536 - srl $8, $8, 16 - and $10, $16, 65535 - li $6, -65536 -$84: - # 346 for (;;) - # 347 { - # 348 if ((h>>BN_BITS4) == dh) - srl $15, $9, 16 - bne $8, $15, $85 - # 349 q=BN_MASK2l; - li $5, 65535 - b $86 -$85: - # 350 else - # 351 q=h/dh; - divu $5, $9, $8 -$86: - # 352 - # 353 for (;;) - # 354 { - # 355 t=(h-q*dh); - mul $4, $5, $8 - subu $2, $9, $4 - move $3, $2 - # 356 if ((t&BN_MASK2h) || - # 357 ((dl*q) <= ( - # 358 (t<>BN_BITS4)))) - and $25, $2, $6 - bne $25, $0, $87 - mul $24, $10, $5 - sll $14, $3, 16 - and $15, $12, $6 - srl $25, $15, 16 - addu $15, $14, $25 - bgtu $24, $15, $88 -$87: - # 360 break; - mul $3, $10, $5 - b $89 -$88: - # 361 q--; - addu $5, $5, -1 - # 362 } - b $86 -$89: - # 363 th=q*dh; - # 364 tl=q*dl; - # 365 t=(tl>>BN_BITS4); - # 366 tl=(tl<>BN_BITS4))&BN_MASK2; - sll $24, $9, 16 - srl $15, $12, 16 - or $9, $24, $15 - # 382 l=(l&BN_MASK2l)<" - -/* - * ==================================================================== - * Written by Andy Polyakov for the OpenSSL - * project. - * - * Rights for redistribution and usage in source and binary forms are - * granted according to the OpenSSL license. Warranty of any kind is - * disclaimed. - * ==================================================================== - */ - -/* - * This is my modest contributon to the OpenSSL project (see - * http://www.openssl.org/ for more information about it) and is - * a drop-in MIPS III/IV ISA replacement for crypto/bn/bn_asm.c - * module. For updates see http://fy.chalmers.se/~appro/hpe/. - * - * The module is designed to work with either of the "new" MIPS ABI(5), - * namely N32 or N64, offered by IRIX 6.x. It's not ment to work under - * IRIX 5.x not only because it doesn't support new ABIs but also - * because 5.x kernels put R4x00 CPU into 32-bit mode and all those - * 64-bit instructions (daddu, dmultu, etc.) found below gonna only - * cause illegal instruction exception:-( - * - * In addition the code depends on preprocessor flags set up by MIPSpro - * compiler driver (either as or cc) and therefore (probably?) can't be - * compiled by the GNU assembler. GNU C driver manages fine though... - * I mean as long as -mmips-as is specified or is the default option, - * because then it simply invokes /usr/bin/as which in turn takes - * perfect care of the preprocessor definitions. Another neat feature - * offered by the MIPSpro assembler is an optimization pass. This gave - * me the opportunity to have the code looking more regular as all those - * architecture dependent instruction rescheduling details were left to - * the assembler. Cool, huh? - * - * Performance improvement is astonishing! 'apps/openssl speed rsa dsa' - * goes way over 3 times faster! - * - * - */ -#include -#include - -#if _MIPS_ISA>=4 -#define MOVNZ(cond,dst,src) \ - movn dst,src,cond -#else -#define MOVNZ(cond,dst,src) \ - .set noreorder; \ - bnezl cond,.+8; \ - move dst,src; \ - .set reorder -#endif - -.text - -.set noat -.set reorder - -#define MINUS4 v1 - -.align 5 -LEAF(bn_mul_add_words) - .set noreorder - bgtzl a2,.L_bn_mul_add_words_proceed - ld t0,0(a1) - jr ra - move v0,zero - .set reorder - -.L_bn_mul_add_words_proceed: - li MINUS4,-4 - and ta0,a2,MINUS4 - move v0,zero - beqz ta0,.L_bn_mul_add_words_tail - -.L_bn_mul_add_words_loop: - dmultu t0,a3 - ld t1,0(a0) - ld t2,8(a1) - ld t3,8(a0) - ld ta0,16(a1) - ld ta1,16(a0) - daddu t1,v0 - sltu v0,t1,v0 /* All manuals say it "compares 32-bit - * values", but it seems to work fine - * even on 64-bit registers. */ - mflo AT - mfhi t0 - daddu t1,AT - daddu v0,t0 - sltu AT,t1,AT - sd t1,0(a0) - daddu v0,AT - - dmultu t2,a3 - ld ta2,24(a1) - ld ta3,24(a0) - daddu t3,v0 - sltu v0,t3,v0 - mflo AT - mfhi t2 - daddu t3,AT - daddu v0,t2 - sltu AT,t3,AT - sd t3,8(a0) - daddu v0,AT - - dmultu ta0,a3 - subu a2,4 - PTR_ADD a0,32 - PTR_ADD a1,32 - daddu ta1,v0 - sltu v0,ta1,v0 - mflo AT - mfhi ta0 - daddu ta1,AT - daddu v0,ta0 - sltu AT,ta1,AT - sd ta1,-16(a0) - daddu v0,AT - - - dmultu ta2,a3 - and ta0,a2,MINUS4 - daddu ta3,v0 - sltu v0,ta3,v0 - mflo AT - mfhi ta2 - daddu ta3,AT - daddu v0,ta2 - sltu AT,ta3,AT - sd ta3,-8(a0) - daddu v0,AT - .set noreorder - bgtzl ta0,.L_bn_mul_add_words_loop - ld t0,0(a1) - - bnezl a2,.L_bn_mul_add_words_tail - ld t0,0(a1) - .set reorder - -.L_bn_mul_add_words_return: - jr ra - -.L_bn_mul_add_words_tail: - dmultu t0,a3 - ld t1,0(a0) - subu a2,1 - daddu t1,v0 - sltu v0,t1,v0 - mflo AT - mfhi t0 - daddu t1,AT - daddu v0,t0 - sltu AT,t1,AT - sd t1,0(a0) - daddu v0,AT - beqz a2,.L_bn_mul_add_words_return - - ld t0,8(a1) - dmultu t0,a3 - ld t1,8(a0) - subu a2,1 - daddu t1,v0 - sltu v0,t1,v0 - mflo AT - mfhi t0 - daddu t1,AT - daddu v0,t0 - sltu AT,t1,AT - sd t1,8(a0) - daddu v0,AT - beqz a2,.L_bn_mul_add_words_return - - ld t0,16(a1) - dmultu t0,a3 - ld t1,16(a0) - daddu t1,v0 - sltu v0,t1,v0 - mflo AT - mfhi t0 - daddu t1,AT - daddu v0,t0 - sltu AT,t1,AT - sd t1,16(a0) - daddu v0,AT - jr ra -END(bn_mul_add_words) - -.align 5 -LEAF(bn_mul_words) - .set noreorder - bgtzl a2,.L_bn_mul_words_proceed - ld t0,0(a1) - jr ra - move v0,zero - .set reorder - -.L_bn_mul_words_proceed: - li MINUS4,-4 - and ta0,a2,MINUS4 - move v0,zero - beqz ta0,.L_bn_mul_words_tail - -.L_bn_mul_words_loop: - dmultu t0,a3 - ld t2,8(a1) - ld ta0,16(a1) - ld ta2,24(a1) - mflo AT - mfhi t0 - daddu v0,AT - sltu t1,v0,AT - sd v0,0(a0) - daddu v0,t1,t0 - - dmultu t2,a3 - subu a2,4 - PTR_ADD a0,32 - PTR_ADD a1,32 - mflo AT - mfhi t2 - daddu v0,AT - sltu t3,v0,AT - sd v0,-24(a0) - daddu v0,t3,t2 - - dmultu ta0,a3 - mflo AT - mfhi ta0 - daddu v0,AT - sltu ta1,v0,AT - sd v0,-16(a0) - daddu v0,ta1,ta0 - - - dmultu ta2,a3 - and ta0,a2,MINUS4 - mflo AT - mfhi ta2 - daddu v0,AT - sltu ta3,v0,AT - sd v0,-8(a0) - daddu v0,ta3,ta2 - .set noreorder - bgtzl ta0,.L_bn_mul_words_loop - ld t0,0(a1) - - bnezl a2,.L_bn_mul_words_tail - ld t0,0(a1) - .set reorder - -.L_bn_mul_words_return: - jr ra - -.L_bn_mul_words_tail: - dmultu t0,a3 - subu a2,1 - mflo AT - mfhi t0 - daddu v0,AT - sltu t1,v0,AT - sd v0,0(a0) - daddu v0,t1,t0 - beqz a2,.L_bn_mul_words_return - - ld t0,8(a1) - dmultu t0,a3 - subu a2,1 - mflo AT - mfhi t0 - daddu v0,AT - sltu t1,v0,AT - sd v0,8(a0) - daddu v0,t1,t0 - beqz a2,.L_bn_mul_words_return - - ld t0,16(a1) - dmultu t0,a3 - mflo AT - mfhi t0 - daddu v0,AT - sltu t1,v0,AT - sd v0,16(a0) - daddu v0,t1,t0 - jr ra -END(bn_mul_words) - -.align 5 -LEAF(bn_sqr_words) - .set noreorder - bgtzl a2,.L_bn_sqr_words_proceed - ld t0,0(a1) - jr ra - move v0,zero - .set reorder - -.L_bn_sqr_words_proceed: - li MINUS4,-4 - and ta0,a2,MINUS4 - move v0,zero - beqz ta0,.L_bn_sqr_words_tail - -.L_bn_sqr_words_loop: - dmultu t0,t0 - ld t2,8(a1) - ld ta0,16(a1) - ld ta2,24(a1) - mflo t1 - mfhi t0 - sd t1,0(a0) - sd t0,8(a0) - - dmultu t2,t2 - subu a2,4 - PTR_ADD a0,64 - PTR_ADD a1,32 - mflo t3 - mfhi t2 - sd t3,-48(a0) - sd t2,-40(a0) - - dmultu ta0,ta0 - mflo ta1 - mfhi ta0 - sd ta1,-32(a0) - sd ta0,-24(a0) - - - dmultu ta2,ta2 - and ta0,a2,MINUS4 - mflo ta3 - mfhi ta2 - sd ta3,-16(a0) - sd ta2,-8(a0) - - .set noreorder - bgtzl ta0,.L_bn_sqr_words_loop - ld t0,0(a1) - - bnezl a2,.L_bn_sqr_words_tail - ld t0,0(a1) - .set reorder - -.L_bn_sqr_words_return: - move v0,zero - jr ra - -.L_bn_sqr_words_tail: - dmultu t0,t0 - subu a2,1 - mflo t1 - mfhi t0 - sd t1,0(a0) - sd t0,8(a0) - beqz a2,.L_bn_sqr_words_return - - ld t0,8(a1) - dmultu t0,t0 - subu a2,1 - mflo t1 - mfhi t0 - sd t1,16(a0) - sd t0,24(a0) - beqz a2,.L_bn_sqr_words_return - - ld t0,16(a1) - dmultu t0,t0 - mflo t1 - mfhi t0 - sd t1,32(a0) - sd t0,40(a0) - jr ra -END(bn_sqr_words) - -.align 5 -LEAF(bn_add_words) - .set noreorder - bgtzl a3,.L_bn_add_words_proceed - ld t0,0(a1) - jr ra - move v0,zero - .set reorder - -.L_bn_add_words_proceed: - li MINUS4,-4 - and AT,a3,MINUS4 - move v0,zero - beqz AT,.L_bn_add_words_tail - -.L_bn_add_words_loop: - ld ta0,0(a2) - subu a3,4 - ld t1,8(a1) - and AT,a3,MINUS4 - ld t2,16(a1) - PTR_ADD a2,32 - ld t3,24(a1) - PTR_ADD a0,32 - ld ta1,-24(a2) - PTR_ADD a1,32 - ld ta2,-16(a2) - ld ta3,-8(a2) - daddu ta0,t0 - sltu t8,ta0,t0 - daddu t0,ta0,v0 - sltu v0,t0,ta0 - sd t0,-32(a0) - daddu v0,t8 - - daddu ta1,t1 - sltu t9,ta1,t1 - daddu t1,ta1,v0 - sltu v0,t1,ta1 - sd t1,-24(a0) - daddu v0,t9 - - daddu ta2,t2 - sltu t8,ta2,t2 - daddu t2,ta2,v0 - sltu v0,t2,ta2 - sd t2,-16(a0) - daddu v0,t8 - - daddu ta3,t3 - sltu t9,ta3,t3 - daddu t3,ta3,v0 - sltu v0,t3,ta3 - sd t3,-8(a0) - daddu v0,t9 - - .set noreorder - bgtzl AT,.L_bn_add_words_loop - ld t0,0(a1) - - bnezl a3,.L_bn_add_words_tail - ld t0,0(a1) - .set reorder - -.L_bn_add_words_return: - jr ra - -.L_bn_add_words_tail: - ld ta0,0(a2) - daddu ta0,t0 - subu a3,1 - sltu t8,ta0,t0 - daddu t0,ta0,v0 - sltu v0,t0,ta0 - sd t0,0(a0) - daddu v0,t8 - beqz a3,.L_bn_add_words_return - - ld t1,8(a1) - ld ta1,8(a2) - daddu ta1,t1 - subu a3,1 - sltu t9,ta1,t1 - daddu t1,ta1,v0 - sltu v0,t1,ta1 - sd t1,8(a0) - daddu v0,t9 - beqz a3,.L_bn_add_words_return - - ld t2,16(a1) - ld ta2,16(a2) - daddu ta2,t2 - sltu t8,ta2,t2 - daddu t2,ta2,v0 - sltu v0,t2,ta2 - sd t2,16(a0) - daddu v0,t8 - jr ra -END(bn_add_words) - -.align 5 -LEAF(bn_sub_words) - .set noreorder - bgtzl a3,.L_bn_sub_words_proceed - ld t0,0(a1) - jr ra - move v0,zero - .set reorder - -.L_bn_sub_words_proceed: - li MINUS4,-4 - and AT,a3,MINUS4 - move v0,zero - beqz AT,.L_bn_sub_words_tail - -.L_bn_sub_words_loop: - ld ta0,0(a2) - subu a3,4 - ld t1,8(a1) - and AT,a3,MINUS4 - ld t2,16(a1) - PTR_ADD a2,32 - ld t3,24(a1) - PTR_ADD a0,32 - ld ta1,-24(a2) - PTR_ADD a1,32 - ld ta2,-16(a2) - ld ta3,-8(a2) - sltu t8,t0,ta0 - dsubu t0,ta0 - dsubu ta0,t0,v0 - sd ta0,-32(a0) - MOVNZ (t0,v0,t8) - - sltu t9,t1,ta1 - dsubu t1,ta1 - dsubu ta1,t1,v0 - sd ta1,-24(a0) - MOVNZ (t1,v0,t9) - - - sltu t8,t2,ta2 - dsubu t2,ta2 - dsubu ta2,t2,v0 - sd ta2,-16(a0) - MOVNZ (t2,v0,t8) - - sltu t9,t3,ta3 - dsubu t3,ta3 - dsubu ta3,t3,v0 - sd ta3,-8(a0) - MOVNZ (t3,v0,t9) - - .set noreorder - bgtzl AT,.L_bn_sub_words_loop - ld t0,0(a1) - - bnezl a3,.L_bn_sub_words_tail - ld t0,0(a1) - .set reorder - -.L_bn_sub_words_return: - jr ra - -.L_bn_sub_words_tail: - ld ta0,0(a2) - subu a3,1 - sltu t8,t0,ta0 - dsubu t0,ta0 - dsubu ta0,t0,v0 - MOVNZ (t0,v0,t8) - sd ta0,0(a0) - beqz a3,.L_bn_sub_words_return - - ld t1,8(a1) - subu a3,1 - ld ta1,8(a2) - sltu t9,t1,ta1 - dsubu t1,ta1 - dsubu ta1,t1,v0 - MOVNZ (t1,v0,t9) - sd ta1,8(a0) - beqz a3,.L_bn_sub_words_return - - ld t2,16(a1) - ld ta2,16(a2) - sltu t8,t2,ta2 - dsubu t2,ta2 - dsubu ta2,t2,v0 - MOVNZ (t2,v0,t8) - sd ta2,16(a0) - jr ra -END(bn_sub_words) - -#undef MINUS4 - -.align 5 -LEAF(bn_div_3_words) - .set reorder - move a3,a0 /* we know that bn_div_words doesn't - * touch a3, ta2, ta3 and preserves a2 - * so that we can save two arguments - * and return address in registers - * instead of stack:-) - */ - ld a0,(a3) - move ta2,a1 - ld a1,-8(a3) - bne a0,a2,.L_bn_div_3_words_proceed - li v0,-1 - jr ra -.L_bn_div_3_words_proceed: - move ta3,ra - bal bn_div_words - move ra,ta3 - dmultu ta2,v0 - ld t2,-16(a3) - move ta0,zero - mfhi t1 - mflo t0 - sltu t8,t1,v1 -.L_bn_div_3_words_inner_loop: - bnez t8,.L_bn_div_3_words_inner_loop_done - sgeu AT,t2,t0 - seq t9,t1,v1 - and AT,t9 - sltu t3,t0,ta2 - daddu v1,a2 - dsubu t1,t3 - dsubu t0,ta2 - sltu t8,t1,v1 - sltu ta0,v1,a2 - or t8,ta0 - .set noreorder - beqzl AT,.L_bn_div_3_words_inner_loop - dsubu v0,1 - .set reorder -.L_bn_div_3_words_inner_loop_done: - jr ra -END(bn_div_3_words) - -.align 5 -LEAF(bn_div_words) - .set noreorder - bnezl a2,.L_bn_div_words_proceed - move v1,zero - jr ra - li v0,-1 /* I'd rather signal div-by-zero - * which can be done with 'break 7' */ - -.L_bn_div_words_proceed: - bltz a2,.L_bn_div_words_body - move t9,v1 - dsll a2,1 - bgtz a2,.-4 - addu t9,1 - - .set reorder - negu t1,t9 - li t2,-1 - dsll t2,t1 - and t2,a0 - dsrl AT,a1,t1 - .set noreorder - bnezl t2,.+8 - break 6 /* signal overflow */ - .set reorder - dsll a0,t9 - dsll a1,t9 - or a0,AT - -#define QT ta0 -#define HH ta1 -#define DH v1 -.L_bn_div_words_body: - dsrl DH,a2,32 - sgeu AT,a0,a2 - .set noreorder - bnezl AT,.+8 - dsubu a0,a2 - .set reorder - - li QT,-1 - dsrl HH,a0,32 - dsrl QT,32 /* q=0xffffffff */ - beq DH,HH,.L_bn_div_words_skip_div1 - ddivu zero,a0,DH - mflo QT -.L_bn_div_words_skip_div1: - dmultu a2,QT - dsll t3,a0,32 - dsrl AT,a1,32 - or t3,AT - mflo t0 - mfhi t1 -.L_bn_div_words_inner_loop1: - sltu t2,t3,t0 - seq t8,HH,t1 - sltu AT,HH,t1 - and t2,t8 - sltu v0,t0,a2 - or AT,t2 - .set noreorder - beqz AT,.L_bn_div_words_inner_loop1_done - dsubu t1,v0 - dsubu t0,a2 - b .L_bn_div_words_inner_loop1 - dsubu QT,1 - .set reorder -.L_bn_div_words_inner_loop1_done: - - dsll a1,32 - dsubu a0,t3,t0 - dsll v0,QT,32 - - li QT,-1 - dsrl HH,a0,32 - dsrl QT,32 /* q=0xffffffff */ - beq DH,HH,.L_bn_div_words_skip_div2 - ddivu zero,a0,DH - mflo QT -.L_bn_div_words_skip_div2: -#undef DH - dmultu a2,QT - dsll t3,a0,32 - dsrl AT,a1,32 - or t3,AT - mflo t0 - mfhi t1 -.L_bn_div_words_inner_loop2: - sltu t2,t3,t0 - seq t8,HH,t1 - sltu AT,HH,t1 - and t2,t8 - sltu v1,t0,a2 - or AT,t2 - .set noreorder - beqz AT,.L_bn_div_words_inner_loop2_done - dsubu t1,v1 - dsubu t0,a2 - b .L_bn_div_words_inner_loop2 - dsubu QT,1 - .set reorder -.L_bn_div_words_inner_loop2_done: -#undef HH - - dsubu a0,t3,t0 - or v0,QT - dsrl v1,a0,t9 /* v1 contains remainder if anybody wants it */ - dsrl a2,t9 /* restore a2 */ - jr ra -#undef QT -END(bn_div_words) - -#define a_0 t0 -#define a_1 t1 -#define a_2 t2 -#define a_3 t3 -#define b_0 ta0 -#define b_1 ta1 -#define b_2 ta2 -#define b_3 ta3 - -#define a_4 s0 -#define a_5 s2 -#define a_6 s4 -#define a_7 a1 /* once we load a[7] we don't need a anymore */ -#define b_4 s1 -#define b_5 s3 -#define b_6 s5 -#define b_7 a2 /* once we load b[7] we don't need b anymore */ - -#define t_1 t8 -#define t_2 t9 - -#define c_1 v0 -#define c_2 v1 -#define c_3 a3 - -#define FRAME_SIZE 48 - -.align 5 -LEAF(bn_mul_comba8) - .set noreorder - PTR_SUB sp,FRAME_SIZE - .frame sp,64,ra - .set reorder - ld a_0,0(a1) /* If compiled with -mips3 option on - * R5000 box assembler barks on this - * line with "shouldn't have mult/div - * as last instruction in bb (R10K - * bug)" warning. If anybody out there - * has a clue about how to circumvent - * this do send me a note. - * - */ - ld b_0,0(a2) - ld a_1,8(a1) - ld a_2,16(a1) - ld a_3,24(a1) - ld b_1,8(a2) - ld b_2,16(a2) - ld b_3,24(a2) - dmultu a_0,b_0 /* mul_add_c(a[0],b[0],c1,c2,c3); */ - sd s0,0(sp) - sd s1,8(sp) - sd s2,16(sp) - sd s3,24(sp) - sd s4,32(sp) - sd s5,40(sp) - mflo c_1 - mfhi c_2 - - dmultu a_0,b_1 /* mul_add_c(a[0],b[1],c2,c3,c1); */ - ld a_4,32(a1) - ld a_5,40(a1) - ld a_6,48(a1) - ld a_7,56(a1) - ld b_4,32(a2) - ld b_5,40(a2) - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu c_3,t_2,AT - dmultu a_1,b_0 /* mul_add_c(a[1],b[0],c2,c3,c1); */ - ld b_6,48(a2) - ld b_7,56(a2) - sd c_1,0(a0) /* r[0]=c1; */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu c_1,c_3,t_2 - sd c_2,8(a0) /* r[1]=c2; */ - - dmultu a_2,b_0 /* mul_add_c(a[2],b[0],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - dmultu a_1,b_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu c_2,c_1,t_2 - dmultu a_0,b_2 /* mul_add_c(a[0],b[2],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - sd c_3,16(a0) /* r[2]=c3; */ - - dmultu a_0,b_3 /* mul_add_c(a[0],b[3],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu c_3,c_2,t_2 - dmultu a_1,b_2 /* mul_add_c(a[1],b[2],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_2,b_1 /* mul_add_c(a[2],b[1],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_3,b_0 /* mul_add_c(a[3],b[0],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - sd c_1,24(a0) /* r[3]=c1; */ - - dmultu a_4,b_0 /* mul_add_c(a[4],b[0],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu c_1,c_3,t_2 - dmultu a_3,b_1 /* mul_add_c(a[3],b[1],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_2,b_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_1,b_3 /* mul_add_c(a[1],b[3],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_0,b_4 /* mul_add_c(a[0],b[4],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - sd c_2,32(a0) /* r[4]=c2; */ - - dmultu a_0,b_5 /* mul_add_c(a[0],b[5],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu c_2,c_1,t_2 - dmultu a_1,b_4 /* mul_add_c(a[1],b[4],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_2,b_3 /* mul_add_c(a[2],b[3],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_3,b_2 /* mul_add_c(a[3],b[2],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_4,b_1 /* mul_add_c(a[4],b[1],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_5,b_0 /* mul_add_c(a[5],b[0],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - sd c_3,40(a0) /* r[5]=c3; */ - - dmultu a_6,b_0 /* mul_add_c(a[6],b[0],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu c_3,c_2,t_2 - dmultu a_5,b_1 /* mul_add_c(a[5],b[1],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_4,b_2 /* mul_add_c(a[4],b[2],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_3,b_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_2,b_4 /* mul_add_c(a[2],b[4],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_1,b_5 /* mul_add_c(a[1],b[5],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_0,b_6 /* mul_add_c(a[0],b[6],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - sd c_1,48(a0) /* r[6]=c1; */ - - dmultu a_0,b_7 /* mul_add_c(a[0],b[7],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu c_1,c_3,t_2 - dmultu a_1,b_6 /* mul_add_c(a[1],b[6],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_2,b_5 /* mul_add_c(a[2],b[5],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_3,b_4 /* mul_add_c(a[3],b[4],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_4,b_3 /* mul_add_c(a[4],b[3],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_5,b_2 /* mul_add_c(a[5],b[2],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_6,b_1 /* mul_add_c(a[6],b[1],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_7,b_0 /* mul_add_c(a[7],b[0],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - sd c_2,56(a0) /* r[7]=c2; */ - - dmultu a_7,b_1 /* mul_add_c(a[7],b[1],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu c_2,c_1,t_2 - dmultu a_6,b_2 /* mul_add_c(a[6],b[2],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_5,b_3 /* mul_add_c(a[5],b[3],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_4,b_4 /* mul_add_c(a[4],b[4],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_3,b_5 /* mul_add_c(a[3],b[5],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_2,b_6 /* mul_add_c(a[2],b[6],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_1,b_7 /* mul_add_c(a[1],b[7],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - sd c_3,64(a0) /* r[8]=c3; */ - - dmultu a_2,b_7 /* mul_add_c(a[2],b[7],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu c_3,c_2,t_2 - dmultu a_3,b_6 /* mul_add_c(a[3],b[6],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_4,b_5 /* mul_add_c(a[4],b[5],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_5,b_4 /* mul_add_c(a[5],b[4],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_6,b_3 /* mul_add_c(a[6],b[3],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_7,b_2 /* mul_add_c(a[7],b[2],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - sd c_1,72(a0) /* r[9]=c1; */ - - dmultu a_7,b_3 /* mul_add_c(a[7],b[3],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu c_1,c_3,t_2 - dmultu a_6,b_4 /* mul_add_c(a[6],b[4],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_5,b_5 /* mul_add_c(a[5],b[5],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_4,b_6 /* mul_add_c(a[4],b[6],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_3,b_7 /* mul_add_c(a[3],b[7],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - sd c_2,80(a0) /* r[10]=c2; */ - - dmultu a_4,b_7 /* mul_add_c(a[4],b[7],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu c_2,c_1,t_2 - dmultu a_5,b_6 /* mul_add_c(a[5],b[6],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_6,b_5 /* mul_add_c(a[6],b[5],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_7,b_4 /* mul_add_c(a[7],b[4],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - sd c_3,88(a0) /* r[11]=c3; */ - - dmultu a_7,b_5 /* mul_add_c(a[7],b[5],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu c_3,c_2,t_2 - dmultu a_6,b_6 /* mul_add_c(a[6],b[6],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_5,b_7 /* mul_add_c(a[5],b[7],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - sd c_1,96(a0) /* r[12]=c1; */ - - dmultu a_6,b_7 /* mul_add_c(a[6],b[7],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu c_1,c_3,t_2 - dmultu a_7,b_6 /* mul_add_c(a[7],b[6],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - sd c_2,104(a0) /* r[13]=c2; */ - - dmultu a_7,b_7 /* mul_add_c(a[7],b[7],c3,c1,c2); */ - ld s0,0(sp) - ld s1,8(sp) - ld s2,16(sp) - ld s3,24(sp) - ld s4,32(sp) - ld s5,40(sp) - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sd c_3,112(a0) /* r[14]=c3; */ - sd c_1,120(a0) /* r[15]=c1; */ - - PTR_ADD sp,FRAME_SIZE - - jr ra -END(bn_mul_comba8) - -.align 5 -LEAF(bn_mul_comba4) - .set reorder - ld a_0,0(a1) - ld b_0,0(a2) - ld a_1,8(a1) - ld a_2,16(a1) - dmultu a_0,b_0 /* mul_add_c(a[0],b[0],c1,c2,c3); */ - ld a_3,24(a1) - ld b_1,8(a2) - ld b_2,16(a2) - ld b_3,24(a2) - mflo c_1 - mfhi c_2 - sd c_1,0(a0) - - dmultu a_0,b_1 /* mul_add_c(a[0],b[1],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu c_3,t_2,AT - dmultu a_1,b_0 /* mul_add_c(a[1],b[0],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu c_1,c_3,t_2 - sd c_2,8(a0) - - dmultu a_2,b_0 /* mul_add_c(a[2],b[0],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - dmultu a_1,b_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu c_2,c_1,t_2 - dmultu a_0,b_2 /* mul_add_c(a[0],b[2],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - sd c_3,16(a0) - - dmultu a_0,b_3 /* mul_add_c(a[0],b[3],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu c_3,c_2,t_2 - dmultu a_1,b_2 /* mul_add_c(a[1],b[2],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_2,b_1 /* mul_add_c(a[2],b[1],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_3,b_0 /* mul_add_c(a[3],b[0],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - sd c_1,24(a0) - - dmultu a_3,b_1 /* mul_add_c(a[3],b[1],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu c_1,c_3,t_2 - dmultu a_2,b_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_1,b_3 /* mul_add_c(a[1],b[3],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - sd c_2,32(a0) - - dmultu a_2,b_3 /* mul_add_c(a[2],b[3],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu c_2,c_1,t_2 - dmultu a_3,b_2 /* mul_add_c(a[3],b[2],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - sd c_3,40(a0) - - dmultu a_3,b_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sd c_1,48(a0) - sd c_2,56(a0) - - jr ra -END(bn_mul_comba4) - -#undef a_4 -#undef a_5 -#undef a_6 -#undef a_7 -#define a_4 b_0 -#define a_5 b_1 -#define a_6 b_2 -#define a_7 b_3 - -.align 5 -LEAF(bn_sqr_comba8) - .set reorder - ld a_0,0(a1) - ld a_1,8(a1) - ld a_2,16(a1) - ld a_3,24(a1) - - dmultu a_0,a_0 /* mul_add_c(a[0],b[0],c1,c2,c3); */ - ld a_4,32(a1) - ld a_5,40(a1) - ld a_6,48(a1) - ld a_7,56(a1) - mflo c_1 - mfhi c_2 - sd c_1,0(a0) - - dmultu a_0,a_1 /* mul_add_c2(a[0],b[1],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - slt c_1,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu c_3,t_2,AT - sd c_2,8(a0) - - dmultu a_2,a_0 /* mul_add_c2(a[2],b[0],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - slt c_2,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_1,a_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - sd c_3,16(a0) - - dmultu a_0,a_3 /* mul_add_c2(a[0],b[3],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - slt c_3,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_1,a_2 /* mul_add_c2(a[1],b[2],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_3,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - sd c_1,24(a0) - - dmultu a_4,a_0 /* mul_add_c2(a[4],b[0],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - slt c_1,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_3,a_1 /* mul_add_c2(a[3],b[1],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_1,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_2,a_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - sd c_2,32(a0) - - dmultu a_0,a_5 /* mul_add_c2(a[0],b[5],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - slt c_2,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_1,a_4 /* mul_add_c2(a[1],b[4],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_2,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_2,a_3 /* mul_add_c2(a[2],b[3],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_2,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - sd c_3,40(a0) - - dmultu a_6,a_0 /* mul_add_c2(a[6],b[0],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - slt c_3,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_5,a_1 /* mul_add_c2(a[5],b[1],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_3,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_4,a_2 /* mul_add_c2(a[4],b[2],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_3,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_3,a_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - sd c_1,48(a0) - - dmultu a_0,a_7 /* mul_add_c2(a[0],b[7],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - slt c_1,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_1,a_6 /* mul_add_c2(a[1],b[6],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_1,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_2,a_5 /* mul_add_c2(a[2],b[5],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_1,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_3,a_4 /* mul_add_c2(a[3],b[4],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_1,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - sd c_2,56(a0) - - dmultu a_7,a_1 /* mul_add_c2(a[7],b[1],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - slt c_2,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_6,a_2 /* mul_add_c2(a[6],b[2],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_2,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_5,a_3 /* mul_add_c2(a[5],b[3],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_2,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_4,a_4 /* mul_add_c(a[4],b[4],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - sd c_3,64(a0) - - dmultu a_2,a_7 /* mul_add_c2(a[2],b[7],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - slt c_3,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_3,a_6 /* mul_add_c2(a[3],b[6],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_3,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_4,a_5 /* mul_add_c2(a[4],b[5],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_3,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - sd c_1,72(a0) - - dmultu a_7,a_3 /* mul_add_c2(a[7],b[3],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - slt c_1,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_6,a_4 /* mul_add_c2(a[6],b[4],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_1,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_5,a_5 /* mul_add_c(a[5],b[5],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - sd c_2,80(a0) - - dmultu a_4,a_7 /* mul_add_c2(a[4],b[7],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - slt c_2,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_5,a_6 /* mul_add_c2(a[5],b[6],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_2,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - sd c_3,88(a0) - - dmultu a_7,a_5 /* mul_add_c2(a[7],b[5],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - slt c_3,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_6,a_6 /* mul_add_c(a[6],b[6],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - sd c_1,96(a0) - - dmultu a_6,a_7 /* mul_add_c2(a[6],b[7],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - slt c_1,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - sd c_2,104(a0) - - dmultu a_7,a_7 /* mul_add_c(a[7],b[7],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sd c_3,112(a0) - sd c_1,120(a0) - - jr ra -END(bn_sqr_comba8) - -.align 5 -LEAF(bn_sqr_comba4) - .set reorder - ld a_0,0(a1) - ld a_1,8(a1) - ld a_2,16(a1) - ld a_3,24(a1) - dmultu a_0,a_0 /* mul_add_c(a[0],b[0],c1,c2,c3); */ - mflo c_1 - mfhi c_2 - sd c_1,0(a0) - - dmultu a_0,a_1 /* mul_add_c2(a[0],b[1],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - slt c_1,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu c_3,t_2,AT - sd c_2,8(a0) - - dmultu a_2,a_0 /* mul_add_c2(a[2],b[0],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - slt c_2,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_1,a_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - sd c_3,16(a0) - - dmultu a_0,a_3 /* mul_add_c2(a[0],b[3],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - slt c_3,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_1,a_2 /* mul_add_c(a2[1],b[2],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_3,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - sd c_1,24(a0) - - dmultu a_3,a_1 /* mul_add_c2(a[3],b[1],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - slt c_1,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_2,a_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - sd c_2,32(a0) - - dmultu a_2,a_3 /* mul_add_c2(a[2],b[3],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - slt c_2,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - sd c_3,40(a0) - - dmultu a_3,a_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sd c_1,48(a0) - sd c_2,56(a0) - - jr ra -END(bn_sqr_comba4) diff --git a/src/lib/libcrypto/bn/asm/modexp512-x86_64.pl b/src/lib/libcrypto/bn/asm/modexp512-x86_64.pl new file mode 100644 index 00000000000..43172828353 --- /dev/null +++ b/src/lib/libcrypto/bn/asm/modexp512-x86_64.pl @@ -0,0 +1,1388 @@ +#!/usr/bin/env perl +# +# Copyright (c) 2010-2011 Intel Corp. +# Author: Vinodh.Gopal@intel.com +# Jim Guilford +# Erdinc.Ozturk@intel.com +# Maxim.Perminov@intel.com +# +# More information about algorithm used can be found at: +# http://www.cse.buffalo.edu/srds2009/escs2009_submission_Gopal.pdf +# +# ==================================================================== +# Copyright (c) 2011 The OpenSSL Project. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# 3. All advertising materials mentioning features or use of this +# software must display the following acknowledgment: +# "This product includes software developed by the OpenSSL Project +# for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +# +# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +# endorse or promote products derived from this software without +# prior written permission. For written permission, please contact +# licensing@OpenSSL.org. +# +# 5. Products derived from this software may not be called "OpenSSL" +# nor may "OpenSSL" appear in their names without prior written +# permission of the OpenSSL Project. +# +# 6. Redistributions of any form whatsoever must retain the following +# acknowledgment: +# "This product includes software developed by the OpenSSL Project +# for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +# +# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +# OF THE POSSIBILITY OF SUCH DAMAGE. +# ==================================================================== + +$flavour = shift; +$output = shift; +if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or +die "can't locate x86_64-xlate.pl"; + +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; + +use strict; +my $code=".text\n\n"; +my $m=0; + +# +# Define x512 macros +# + +#MULSTEP_512_ADD MACRO x7, x6, x5, x4, x3, x2, x1, x0, dst, src1, src2, add_src, tmp1, tmp2 +# +# uses rax, rdx, and args +sub MULSTEP_512_ADD +{ + my ($x, $DST, $SRC2, $ASRC, $OP, $TMP)=@_; + my @X=@$x; # make a copy +$code.=<<___; + mov (+8*0)($SRC2), %rax + mul $OP # rdx:rax = %OP * [0] + mov ($ASRC), $X[0] + add %rax, $X[0] + adc \$0, %rdx + mov $X[0], $DST +___ +for(my $i=1;$i<8;$i++) { +$code.=<<___; + mov %rdx, $TMP + + mov (+8*$i)($SRC2), %rax + mul $OP # rdx:rax = %OP * [$i] + mov (+8*$i)($ASRC), $X[$i] + add %rax, $X[$i] + adc \$0, %rdx + add $TMP, $X[$i] + adc \$0, %rdx +___ +} +$code.=<<___; + mov %rdx, $X[0] +___ +} + +#MULSTEP_512 MACRO x7, x6, x5, x4, x3, x2, x1, x0, dst, src2, src1_val, tmp +# +# uses rax, rdx, and args +sub MULSTEP_512 +{ + my ($x, $DST, $SRC2, $OP, $TMP)=@_; + my @X=@$x; # make a copy +$code.=<<___; + mov (+8*0)($SRC2), %rax + mul $OP # rdx:rax = %OP * [0] + add %rax, $X[0] + adc \$0, %rdx + mov $X[0], $DST +___ +for(my $i=1;$i<8;$i++) { +$code.=<<___; + mov %rdx, $TMP + + mov (+8*$i)($SRC2), %rax + mul $OP # rdx:rax = %OP * [$i] + add %rax, $X[$i] + adc \$0, %rdx + add $TMP, $X[$i] + adc \$0, %rdx +___ +} +$code.=<<___; + mov %rdx, $X[0] +___ +} + +# +# Swizzle Macros +# + +# macro to copy data from flat space to swizzled table +#MACRO swizzle pDst, pSrc, tmp1, tmp2 +# pDst and pSrc are modified +sub swizzle +{ + my ($pDst, $pSrc, $cnt, $d0)=@_; +$code.=<<___; + mov \$8, $cnt +loop_$m: + mov ($pSrc), $d0 + mov $d0#w, ($pDst) + shr \$16, $d0 + mov $d0#w, (+64*1)($pDst) + shr \$16, $d0 + mov $d0#w, (+64*2)($pDst) + shr \$16, $d0 + mov $d0#w, (+64*3)($pDst) + lea 8($pSrc), $pSrc + lea 64*4($pDst), $pDst + dec $cnt + jnz loop_$m +___ + + $m++; +} + +# macro to copy data from swizzled table to flat space +#MACRO unswizzle pDst, pSrc, tmp*3 +sub unswizzle +{ + my ($pDst, $pSrc, $cnt, $d0, $d1)=@_; +$code.=<<___; + mov \$4, $cnt +loop_$m: + movzxw (+64*3+256*0)($pSrc), $d0 + movzxw (+64*3+256*1)($pSrc), $d1 + shl \$16, $d0 + shl \$16, $d1 + mov (+64*2+256*0)($pSrc), $d0#w + mov (+64*2+256*1)($pSrc), $d1#w + shl \$16, $d0 + shl \$16, $d1 + mov (+64*1+256*0)($pSrc), $d0#w + mov (+64*1+256*1)($pSrc), $d1#w + shl \$16, $d0 + shl \$16, $d1 + mov (+64*0+256*0)($pSrc), $d0#w + mov (+64*0+256*1)($pSrc), $d1#w + mov $d0, (+8*0)($pDst) + mov $d1, (+8*1)($pDst) + lea 256*2($pSrc), $pSrc + lea 8*2($pDst), $pDst + sub \$1, $cnt + jnz loop_$m +___ + + $m++; +} + +# +# Data Structures +# + +# Reduce Data +# +# +# Offset Value +# 0C0 Carries +# 0B8 X2[10] +# 0B0 X2[9] +# 0A8 X2[8] +# 0A0 X2[7] +# 098 X2[6] +# 090 X2[5] +# 088 X2[4] +# 080 X2[3] +# 078 X2[2] +# 070 X2[1] +# 068 X2[0] +# 060 X1[12] P[10] +# 058 X1[11] P[9] Z[8] +# 050 X1[10] P[8] Z[7] +# 048 X1[9] P[7] Z[6] +# 040 X1[8] P[6] Z[5] +# 038 X1[7] P[5] Z[4] +# 030 X1[6] P[4] Z[3] +# 028 X1[5] P[3] Z[2] +# 020 X1[4] P[2] Z[1] +# 018 X1[3] P[1] Z[0] +# 010 X1[2] P[0] Y[2] +# 008 X1[1] Q[1] Y[1] +# 000 X1[0] Q[0] Y[0] + +my $X1_offset = 0; # 13 qwords +my $X2_offset = $X1_offset + 13*8; # 11 qwords +my $Carries_offset = $X2_offset + 11*8; # 1 qword +my $Q_offset = 0; # 2 qwords +my $P_offset = $Q_offset + 2*8; # 11 qwords +my $Y_offset = 0; # 3 qwords +my $Z_offset = $Y_offset + 3*8; # 9 qwords + +my $Red_Data_Size = $Carries_offset + 1*8; # (25 qwords) + +# +# Stack Frame +# +# +# offset value +# ... +# ... +# 280 Garray + +# 278 tmp16[15] +# ... ... +# 200 tmp16[0] + +# 1F8 tmp[7] +# ... ... +# 1C0 tmp[0] + +# 1B8 GT[7] +# ... ... +# 180 GT[0] + +# 178 Reduce Data +# ... ... +# 0B8 Reduce Data +# 0B0 reserved +# 0A8 reserved +# 0A0 reserved +# 098 reserved +# 090 reserved +# 088 reduce result addr +# 080 exp[8] + +# ... +# 048 exp[1] +# 040 exp[0] + +# 038 reserved +# 030 loop_idx +# 028 pg +# 020 i +# 018 pData ; arg 4 +# 010 pG ; arg 2 +# 008 pResult ; arg 1 +# 000 rsp ; stack pointer before subtract + +my $rsp_offset = 0; +my $pResult_offset = 8*1 + $rsp_offset; +my $pG_offset = 8*1 + $pResult_offset; +my $pData_offset = 8*1 + $pG_offset; +my $i_offset = 8*1 + $pData_offset; +my $pg_offset = 8*1 + $i_offset; +my $loop_idx_offset = 8*1 + $pg_offset; +my $reserved1_offset = 8*1 + $loop_idx_offset; +my $exp_offset = 8*1 + $reserved1_offset; +my $red_result_addr_offset= 8*9 + $exp_offset; +my $reserved2_offset = 8*1 + $red_result_addr_offset; +my $Reduce_Data_offset = 8*5 + $reserved2_offset; +my $GT_offset = $Red_Data_Size + $Reduce_Data_offset; +my $tmp_offset = 8*8 + $GT_offset; +my $tmp16_offset = 8*8 + $tmp_offset; +my $garray_offset = 8*16 + $tmp16_offset; +my $mem_size = 8*8*32 + $garray_offset; + +# +# Offsets within Reduce Data +# +# +# struct MODF_2FOLD_MONT_512_C1_DATA { +# UINT64 t[8][8]; +# UINT64 m[8]; +# UINT64 m1[8]; /* 2^768 % m */ +# UINT64 m2[8]; /* 2^640 % m */ +# UINT64 k1[2]; /* (- 1/m) % 2^128 */ +# }; + +my $T = 0; +my $M = 512; # = 8 * 8 * 8 +my $M1 = 576; # = 8 * 8 * 9 /* += 8 * 8 */ +my $M2 = 640; # = 8 * 8 * 10 /* += 8 * 8 */ +my $K1 = 704; # = 8 * 8 * 11 /* += 8 * 8 */ + +# +# FUNCTIONS +# + +{{{ +# +# MULADD_128x512 : Function to multiply 128-bits (2 qwords) by 512-bits (8 qwords) +# and add 512-bits (8 qwords) +# to get 640 bits (10 qwords) +# Input: 128-bit mul source: [rdi+8*1], rbp +# 512-bit mul source: [rsi+8*n] +# 512-bit add source: r15, r14, ..., r9, r8 +# Output: r9, r8, r15, r14, r13, r12, r11, r10, [rcx+8*1], [rcx+8*0] +# Clobbers all regs except: rcx, rsi, rdi +$code.=<<___; +.type MULADD_128x512,\@abi-omnipotent +.align 16 +MULADD_128x512: +___ + &MULSTEP_512([map("%r$_",(8..15))], "(+8*0)(%rcx)", "%rsi", "%rbp", "%rbx"); +$code.=<<___; + mov (+8*1)(%rdi), %rbp +___ + &MULSTEP_512([map("%r$_",(9..15,8))], "(+8*1)(%rcx)", "%rsi", "%rbp", "%rbx"); +$code.=<<___; + ret +.size MULADD_128x512,.-MULADD_128x512 +___ +}}} + +{{{ +#MULADD_256x512 MACRO pDst, pA, pB, OP, TMP, X7, X6, X5, X4, X3, X2, X1, X0 +# +# Inputs: pDst: Destination (768 bits, 12 qwords) +# pA: Multiplicand (1024 bits, 16 qwords) +# pB: Multiplicand (512 bits, 8 qwords) +# Dst = Ah * B + Al +# where Ah is (in qwords) A[15:12] (256 bits) and Al is A[7:0] (512 bits) +# Results in X3 X2 X1 X0 X7 X6 X5 X4 Dst[3:0] +# Uses registers: arguments, RAX, RDX +sub MULADD_256x512 +{ + my ($pDst, $pA, $pB, $OP, $TMP, $X)=@_; +$code.=<<___; + mov (+8*12)($pA), $OP +___ + &MULSTEP_512_ADD($X, "(+8*0)($pDst)", $pB, $pA, $OP, $TMP); + push(@$X,shift(@$X)); + +$code.=<<___; + mov (+8*13)($pA), $OP +___ + &MULSTEP_512($X, "(+8*1)($pDst)", $pB, $OP, $TMP); + push(@$X,shift(@$X)); + +$code.=<<___; + mov (+8*14)($pA), $OP +___ + &MULSTEP_512($X, "(+8*2)($pDst)", $pB, $OP, $TMP); + push(@$X,shift(@$X)); + +$code.=<<___; + mov (+8*15)($pA), $OP +___ + &MULSTEP_512($X, "(+8*3)($pDst)", $pB, $OP, $TMP); + push(@$X,shift(@$X)); +} + +# +# mont_reduce(UINT64 *x, /* 1024 bits, 16 qwords */ +# UINT64 *m, /* 512 bits, 8 qwords */ +# MODF_2FOLD_MONT_512_C1_DATA *data, +# UINT64 *r) /* 512 bits, 8 qwords */ +# Input: x (number to be reduced): tmp16 (Implicit) +# m (modulus): [pM] (Implicit) +# data (reduce data): [pData] (Implicit) +# Output: r (result): Address in [red_res_addr] +# result also in: r9, r8, r15, r14, r13, r12, r11, r10 + +my @X=map("%r$_",(8..15)); + +$code.=<<___; +.type mont_reduce,\@abi-omnipotent +.align 16 +mont_reduce: +___ + +my $STACK_DEPTH = 8; + # + # X1 = Xh * M1 + Xl +$code.=<<___; + lea (+$Reduce_Data_offset+$X1_offset+$STACK_DEPTH)(%rsp), %rdi # pX1 (Dst) 769 bits, 13 qwords + mov (+$pData_offset+$STACK_DEPTH)(%rsp), %rsi # pM1 (Bsrc) 512 bits, 8 qwords + add \$$M1, %rsi + lea (+$tmp16_offset+$STACK_DEPTH)(%rsp), %rcx # X (Asrc) 1024 bits, 16 qwords + +___ + + &MULADD_256x512("%rdi", "%rcx", "%rsi", "%rbp", "%rbx", \@X); # rotates @X 4 times + # results in r11, r10, r9, r8, r15, r14, r13, r12, X1[3:0] + +$code.=<<___; + xor %rax, %rax + # X1 += xl + add (+8*8)(%rcx), $X[4] + adc (+8*9)(%rcx), $X[5] + adc (+8*10)(%rcx), $X[6] + adc (+8*11)(%rcx), $X[7] + adc \$0, %rax + # X1 is now rax, r11-r8, r15-r12, tmp16[3:0] + + # + # check for carry ;; carry stored in rax + mov $X[4], (+8*8)(%rdi) # rdi points to X1 + mov $X[5], (+8*9)(%rdi) + mov $X[6], %rbp + mov $X[7], (+8*11)(%rdi) + + mov %rax, (+$Reduce_Data_offset+$Carries_offset+$STACK_DEPTH)(%rsp) + + mov (+8*0)(%rdi), $X[4] + mov (+8*1)(%rdi), $X[5] + mov (+8*2)(%rdi), $X[6] + mov (+8*3)(%rdi), $X[7] + + # X1 is now stored in: X1[11], rbp, X1[9:8], r15-r8 + # rdi -> X1 + # rsi -> M1 + + # + # X2 = Xh * M2 + Xl + # do first part (X2 = Xh * M2) + add \$8*10, %rdi # rdi -> pXh ; 128 bits, 2 qwords + # Xh is actually { [rdi+8*1], rbp } + add \$`$M2-$M1`, %rsi # rsi -> M2 + lea (+$Reduce_Data_offset+$X2_offset+$STACK_DEPTH)(%rsp), %rcx # rcx -> pX2 ; 641 bits, 11 qwords +___ + unshift(@X,pop(@X)); unshift(@X,pop(@X)); +$code.=<<___; + + call MULADD_128x512 # args in rcx, rdi / rbp, rsi, r15-r8 + # result in r9, r8, r15, r14, r13, r12, r11, r10, X2[1:0] + mov (+$Reduce_Data_offset+$Carries_offset+$STACK_DEPTH)(%rsp), %rax + + # X2 += Xl + add (+8*8-8*10)(%rdi), $X[6] # (-8*10) is to adjust rdi -> Xh to Xl + adc (+8*9-8*10)(%rdi), $X[7] + mov $X[6], (+8*8)(%rcx) + mov $X[7], (+8*9)(%rcx) + + adc %rax, %rax + mov %rax, (+$Reduce_Data_offset+$Carries_offset+$STACK_DEPTH)(%rsp) + + lea (+$Reduce_Data_offset+$Q_offset+$STACK_DEPTH)(%rsp), %rdi # rdi -> pQ ; 128 bits, 2 qwords + add \$`$K1-$M2`, %rsi # rsi -> pK1 ; 128 bits, 2 qwords + + # MUL_128x128t128 rdi, rcx, rsi ; Q = X2 * K1 (bottom half) + # B1:B0 = rsi[1:0] = K1[1:0] + # A1:A0 = rcx[1:0] = X2[1:0] + # Result = rdi[1],rbp = Q[1],rbp + mov (%rsi), %r8 # B0 + mov (+8*1)(%rsi), %rbx # B1 + + mov (%rcx), %rax # A0 + mul %r8 # B0 + mov %rax, %rbp + mov %rdx, %r9 + + mov (+8*1)(%rcx), %rax # A1 + mul %r8 # B0 + add %rax, %r9 + + mov (%rcx), %rax # A0 + mul %rbx # B1 + add %rax, %r9 + + mov %r9, (+8*1)(%rdi) + # end MUL_128x128t128 + + sub \$`$K1-$M`, %rsi + + mov (%rcx), $X[6] + mov (+8*1)(%rcx), $X[7] # r9:r8 = X2[1:0] + + call MULADD_128x512 # args in rcx, rdi / rbp, rsi, r15-r8 + # result in r9, r8, r15, r14, r13, r12, r11, r10, X2[1:0] + + # load first half of m to rdx, rdi, rbx, rax + # moved this here for efficiency + mov (+8*0)(%rsi), %rax + mov (+8*1)(%rsi), %rbx + mov (+8*2)(%rsi), %rdi + mov (+8*3)(%rsi), %rdx + + # continue with reduction + mov (+$Reduce_Data_offset+$Carries_offset+$STACK_DEPTH)(%rsp), %rbp + + add (+8*8)(%rcx), $X[6] + adc (+8*9)(%rcx), $X[7] + + #accumulate the final carry to rbp + adc %rbp, %rbp + + # Add in overflow corrections: R = (X2>>128) += T[overflow] + # R = {r9, r8, r15, r14, ..., r10} + shl \$3, %rbp + mov (+$pData_offset+$STACK_DEPTH)(%rsp), %rcx # rsi -> Data (and points to T) + add %rcx, %rbp # pT ; 512 bits, 8 qwords, spread out + + # rsi will be used to generate a mask after the addition + xor %rsi, %rsi + + add (+8*8*0)(%rbp), $X[0] + adc (+8*8*1)(%rbp), $X[1] + adc (+8*8*2)(%rbp), $X[2] + adc (+8*8*3)(%rbp), $X[3] + adc (+8*8*4)(%rbp), $X[4] + adc (+8*8*5)(%rbp), $X[5] + adc (+8*8*6)(%rbp), $X[6] + adc (+8*8*7)(%rbp), $X[7] + + # if there is a carry: rsi = 0xFFFFFFFFFFFFFFFF + # if carry is clear: rsi = 0x0000000000000000 + sbb \$0, %rsi + + # if carry is clear, subtract 0. Otherwise, subtract 256 bits of m + and %rsi, %rax + and %rsi, %rbx + and %rsi, %rdi + and %rsi, %rdx + + mov \$1, %rbp + sub %rax, $X[0] + sbb %rbx, $X[1] + sbb %rdi, $X[2] + sbb %rdx, $X[3] + + # if there is a borrow: rbp = 0 + # if there is no borrow: rbp = 1 + # this is used to save the borrows in between the first half and the 2nd half of the subtraction of m + sbb \$0, %rbp + + #load second half of m to rdx, rdi, rbx, rax + + add \$$M, %rcx + mov (+8*4)(%rcx), %rax + mov (+8*5)(%rcx), %rbx + mov (+8*6)(%rcx), %rdi + mov (+8*7)(%rcx), %rdx + + # use the rsi mask as before + # if carry is clear, subtract 0. Otherwise, subtract 256 bits of m + and %rsi, %rax + and %rsi, %rbx + and %rsi, %rdi + and %rsi, %rdx + + # if rbp = 0, there was a borrow before, it is moved to the carry flag + # if rbp = 1, there was not a borrow before, carry flag is cleared + sub \$1, %rbp + + sbb %rax, $X[4] + sbb %rbx, $X[5] + sbb %rdi, $X[6] + sbb %rdx, $X[7] + + # write R back to memory + + mov (+$red_result_addr_offset+$STACK_DEPTH)(%rsp), %rsi + mov $X[0], (+8*0)(%rsi) + mov $X[1], (+8*1)(%rsi) + mov $X[2], (+8*2)(%rsi) + mov $X[3], (+8*3)(%rsi) + mov $X[4], (+8*4)(%rsi) + mov $X[5], (+8*5)(%rsi) + mov $X[6], (+8*6)(%rsi) + mov $X[7], (+8*7)(%rsi) + + ret +.size mont_reduce,.-mont_reduce +___ +}}} + +{{{ +#MUL_512x512 MACRO pDst, pA, pB, x7, x6, x5, x4, x3, x2, x1, x0, tmp*2 +# +# Inputs: pDst: Destination (1024 bits, 16 qwords) +# pA: Multiplicand (512 bits, 8 qwords) +# pB: Multiplicand (512 bits, 8 qwords) +# Uses registers rax, rdx, args +# B operand in [pB] and also in x7...x0 +sub MUL_512x512 +{ + my ($pDst, $pA, $pB, $x, $OP, $TMP, $pDst_o)=@_; + my ($pDst, $pDst_o) = ($pDst =~ m/([^+]*)\+?(.*)?/); + my @X=@$x; # make a copy + +$code.=<<___; + mov (+8*0)($pA), $OP + + mov $X[0], %rax + mul $OP # rdx:rax = %OP * [0] + mov %rax, (+$pDst_o+8*0)($pDst) + mov %rdx, $X[0] +___ +for(my $i=1;$i<8;$i++) { +$code.=<<___; + mov $X[$i], %rax + mul $OP # rdx:rax = %OP * [$i] + add %rax, $X[$i-1] + adc \$0, %rdx + mov %rdx, $X[$i] +___ +} + +for(my $i=1;$i<8;$i++) { +$code.=<<___; + mov (+8*$i)($pA), $OP +___ + + &MULSTEP_512(\@X, "(+$pDst_o+8*$i)($pDst)", $pB, $OP, $TMP); + push(@X,shift(@X)); +} + +$code.=<<___; + mov $X[0], (+$pDst_o+8*8)($pDst) + mov $X[1], (+$pDst_o+8*9)($pDst) + mov $X[2], (+$pDst_o+8*10)($pDst) + mov $X[3], (+$pDst_o+8*11)($pDst) + mov $X[4], (+$pDst_o+8*12)($pDst) + mov $X[5], (+$pDst_o+8*13)($pDst) + mov $X[6], (+$pDst_o+8*14)($pDst) + mov $X[7], (+$pDst_o+8*15)($pDst) +___ +} + +# +# mont_mul_a3b : subroutine to compute (Src1 * Src2) % M (all 512-bits) +# Input: src1: Address of source 1: rdi +# src2: Address of source 2: rsi +# Output: dst: Address of destination: [red_res_addr] +# src2 and result also in: r9, r8, r15, r14, r13, r12, r11, r10 +# Temp: Clobbers [tmp16], all registers +$code.=<<___; +.type mont_mul_a3b,\@abi-omnipotent +.align 16 +mont_mul_a3b: + # + # multiply tmp = src1 * src2 + # For multiply: dst = rcx, src1 = rdi, src2 = rsi + # stack depth is extra 8 from call +___ + &MUL_512x512("%rsp+$tmp16_offset+8", "%rdi", "%rsi", [map("%r$_",(10..15,8..9))], "%rbp", "%rbx"); +$code.=<<___; + # + # Dst = tmp % m + # Call reduce(tmp, m, data, dst) + + # tail recursion optimization: jmp to mont_reduce and return from there + jmp mont_reduce + # call mont_reduce + # ret +.size mont_mul_a3b,.-mont_mul_a3b +___ +}}} + +{{{ +#SQR_512 MACRO pDest, pA, x7, x6, x5, x4, x3, x2, x1, x0, tmp*4 +# +# Input in memory [pA] and also in x7...x0 +# Uses all argument registers plus rax and rdx +# +# This version computes all of the off-diagonal terms into memory, +# and then it adds in the diagonal terms + +sub SQR_512 +{ + my ($pDst, $pA, $x, $A, $tmp, $x7, $x6, $pDst_o)=@_; + my ($pDst, $pDst_o) = ($pDst =~ m/([^+]*)\+?(.*)?/); + my @X=@$x; # make a copy +$code.=<<___; + # ------------------ + # first pass 01...07 + # ------------------ + mov $X[0], $A + + mov $X[1],%rax + mul $A + mov %rax, (+$pDst_o+8*1)($pDst) +___ +for(my $i=2;$i<8;$i++) { +$code.=<<___; + mov %rdx, $X[$i-2] + mov $X[$i],%rax + mul $A + add %rax, $X[$i-2] + adc \$0, %rdx +___ +} +$code.=<<___; + mov %rdx, $x7 + + mov $X[0], (+$pDst_o+8*2)($pDst) + + # ------------------ + # second pass 12...17 + # ------------------ + + mov (+8*1)($pA), $A + + mov (+8*2)($pA),%rax + mul $A + add %rax, $X[1] + adc \$0, %rdx + mov $X[1], (+$pDst_o+8*3)($pDst) + + mov %rdx, $X[0] + mov (+8*3)($pA),%rax + mul $A + add %rax, $X[2] + adc \$0, %rdx + add $X[0], $X[2] + adc \$0, %rdx + mov $X[2], (+$pDst_o+8*4)($pDst) + + mov %rdx, $X[0] + mov (+8*4)($pA),%rax + mul $A + add %rax, $X[3] + adc \$0, %rdx + add $X[0], $X[3] + adc \$0, %rdx + + mov %rdx, $X[0] + mov (+8*5)($pA),%rax + mul $A + add %rax, $X[4] + adc \$0, %rdx + add $X[0], $X[4] + adc \$0, %rdx + + mov %rdx, $X[0] + mov $X[6],%rax + mul $A + add %rax, $X[5] + adc \$0, %rdx + add $X[0], $X[5] + adc \$0, %rdx + + mov %rdx, $X[0] + mov $X[7],%rax + mul $A + add %rax, $x7 + adc \$0, %rdx + add $X[0], $x7 + adc \$0, %rdx + + mov %rdx, $X[1] + + # ------------------ + # third pass 23...27 + # ------------------ + mov (+8*2)($pA), $A + + mov (+8*3)($pA),%rax + mul $A + add %rax, $X[3] + adc \$0, %rdx + mov $X[3], (+$pDst_o+8*5)($pDst) + + mov %rdx, $X[0] + mov (+8*4)($pA),%rax + mul $A + add %rax, $X[4] + adc \$0, %rdx + add $X[0], $X[4] + adc \$0, %rdx + mov $X[4], (+$pDst_o+8*6)($pDst) + + mov %rdx, $X[0] + mov (+8*5)($pA),%rax + mul $A + add %rax, $X[5] + adc \$0, %rdx + add $X[0], $X[5] + adc \$0, %rdx + + mov %rdx, $X[0] + mov $X[6],%rax + mul $A + add %rax, $x7 + adc \$0, %rdx + add $X[0], $x7 + adc \$0, %rdx + + mov %rdx, $X[0] + mov $X[7],%rax + mul $A + add %rax, $X[1] + adc \$0, %rdx + add $X[0], $X[1] + adc \$0, %rdx + + mov %rdx, $X[2] + + # ------------------ + # fourth pass 34...37 + # ------------------ + + mov (+8*3)($pA), $A + + mov (+8*4)($pA),%rax + mul $A + add %rax, $X[5] + adc \$0, %rdx + mov $X[5], (+$pDst_o+8*7)($pDst) + + mov %rdx, $X[0] + mov (+8*5)($pA),%rax + mul $A + add %rax, $x7 + adc \$0, %rdx + add $X[0], $x7 + adc \$0, %rdx + mov $x7, (+$pDst_o+8*8)($pDst) + + mov %rdx, $X[0] + mov $X[6],%rax + mul $A + add %rax, $X[1] + adc \$0, %rdx + add $X[0], $X[1] + adc \$0, %rdx + + mov %rdx, $X[0] + mov $X[7],%rax + mul $A + add %rax, $X[2] + adc \$0, %rdx + add $X[0], $X[2] + adc \$0, %rdx + + mov %rdx, $X[5] + + # ------------------ + # fifth pass 45...47 + # ------------------ + mov (+8*4)($pA), $A + + mov (+8*5)($pA),%rax + mul $A + add %rax, $X[1] + adc \$0, %rdx + mov $X[1], (+$pDst_o+8*9)($pDst) + + mov %rdx, $X[0] + mov $X[6],%rax + mul $A + add %rax, $X[2] + adc \$0, %rdx + add $X[0], $X[2] + adc \$0, %rdx + mov $X[2], (+$pDst_o+8*10)($pDst) + + mov %rdx, $X[0] + mov $X[7],%rax + mul $A + add %rax, $X[5] + adc \$0, %rdx + add $X[0], $X[5] + adc \$0, %rdx + + mov %rdx, $X[1] + + # ------------------ + # sixth pass 56...57 + # ------------------ + mov (+8*5)($pA), $A + + mov $X[6],%rax + mul $A + add %rax, $X[5] + adc \$0, %rdx + mov $X[5], (+$pDst_o+8*11)($pDst) + + mov %rdx, $X[0] + mov $X[7],%rax + mul $A + add %rax, $X[1] + adc \$0, %rdx + add $X[0], $X[1] + adc \$0, %rdx + mov $X[1], (+$pDst_o+8*12)($pDst) + + mov %rdx, $X[2] + + # ------------------ + # seventh pass 67 + # ------------------ + mov $X[6], $A + + mov $X[7],%rax + mul $A + add %rax, $X[2] + adc \$0, %rdx + mov $X[2], (+$pDst_o+8*13)($pDst) + + mov %rdx, (+$pDst_o+8*14)($pDst) + + # start finalize (add in squares, and double off-terms) + mov (+$pDst_o+8*1)($pDst), $X[0] + mov (+$pDst_o+8*2)($pDst), $X[1] + mov (+$pDst_o+8*3)($pDst), $X[2] + mov (+$pDst_o+8*4)($pDst), $X[3] + mov (+$pDst_o+8*5)($pDst), $X[4] + mov (+$pDst_o+8*6)($pDst), $X[5] + + mov (+8*3)($pA), %rax + mul %rax + mov %rax, $x6 + mov %rdx, $X[6] + + add $X[0], $X[0] + adc $X[1], $X[1] + adc $X[2], $X[2] + adc $X[3], $X[3] + adc $X[4], $X[4] + adc $X[5], $X[5] + adc \$0, $X[6] + + mov (+8*0)($pA), %rax + mul %rax + mov %rax, (+$pDst_o+8*0)($pDst) + mov %rdx, $A + + mov (+8*1)($pA), %rax + mul %rax + + add $A, $X[0] + adc %rax, $X[1] + adc \$0, %rdx + + mov %rdx, $A + mov $X[0], (+$pDst_o+8*1)($pDst) + mov $X[1], (+$pDst_o+8*2)($pDst) + + mov (+8*2)($pA), %rax + mul %rax + + add $A, $X[2] + adc %rax, $X[3] + adc \$0, %rdx + + mov %rdx, $A + + mov $X[2], (+$pDst_o+8*3)($pDst) + mov $X[3], (+$pDst_o+8*4)($pDst) + + xor $tmp, $tmp + add $A, $X[4] + adc $x6, $X[5] + adc \$0, $tmp + + mov $X[4], (+$pDst_o+8*5)($pDst) + mov $X[5], (+$pDst_o+8*6)($pDst) + + # %%tmp has 0/1 in column 7 + # %%A6 has a full value in column 7 + + mov (+$pDst_o+8*7)($pDst), $X[0] + mov (+$pDst_o+8*8)($pDst), $X[1] + mov (+$pDst_o+8*9)($pDst), $X[2] + mov (+$pDst_o+8*10)($pDst), $X[3] + mov (+$pDst_o+8*11)($pDst), $X[4] + mov (+$pDst_o+8*12)($pDst), $X[5] + mov (+$pDst_o+8*13)($pDst), $x6 + mov (+$pDst_o+8*14)($pDst), $x7 + + mov $X[7], %rax + mul %rax + mov %rax, $X[7] + mov %rdx, $A + + add $X[0], $X[0] + adc $X[1], $X[1] + adc $X[2], $X[2] + adc $X[3], $X[3] + adc $X[4], $X[4] + adc $X[5], $X[5] + adc $x6, $x6 + adc $x7, $x7 + adc \$0, $A + + add $tmp, $X[0] + + mov (+8*4)($pA), %rax + mul %rax + + add $X[6], $X[0] + adc %rax, $X[1] + adc \$0, %rdx + + mov %rdx, $tmp + + mov $X[0], (+$pDst_o+8*7)($pDst) + mov $X[1], (+$pDst_o+8*8)($pDst) + + mov (+8*5)($pA), %rax + mul %rax + + add $tmp, $X[2] + adc %rax, $X[3] + adc \$0, %rdx + + mov %rdx, $tmp + + mov $X[2], (+$pDst_o+8*9)($pDst) + mov $X[3], (+$pDst_o+8*10)($pDst) + + mov (+8*6)($pA), %rax + mul %rax + + add $tmp, $X[4] + adc %rax, $X[5] + adc \$0, %rdx + + mov $X[4], (+$pDst_o+8*11)($pDst) + mov $X[5], (+$pDst_o+8*12)($pDst) + + add %rdx, $x6 + adc $X[7], $x7 + adc \$0, $A + + mov $x6, (+$pDst_o+8*13)($pDst) + mov $x7, (+$pDst_o+8*14)($pDst) + mov $A, (+$pDst_o+8*15)($pDst) +___ +} + +# +# sqr_reduce: subroutine to compute Result = reduce(Result * Result) +# +# input and result also in: r9, r8, r15, r14, r13, r12, r11, r10 +# +$code.=<<___; +.type sqr_reduce,\@abi-omnipotent +.align 16 +sqr_reduce: + mov (+$pResult_offset+8)(%rsp), %rcx +___ + &SQR_512("%rsp+$tmp16_offset+8", "%rcx", [map("%r$_",(10..15,8..9))], "%rbx", "%rbp", "%rsi", "%rdi"); +$code.=<<___; + # tail recursion optimization: jmp to mont_reduce and return from there + jmp mont_reduce + # call mont_reduce + # ret +.size sqr_reduce,.-sqr_reduce +___ +}}} + +# +# MAIN FUNCTION +# + +#mod_exp_512(UINT64 *result, /* 512 bits, 8 qwords */ +# UINT64 *g, /* 512 bits, 8 qwords */ +# UINT64 *exp, /* 512 bits, 8 qwords */ +# struct mod_ctx_512 *data) + +# window size = 5 +# table size = 2^5 = 32 +#table_entries equ 32 +#table_size equ table_entries * 8 +$code.=<<___; +.globl mod_exp_512 +.type mod_exp_512,\@function,4 +mod_exp_512: + push %rbp + push %rbx + push %r12 + push %r13 + push %r14 + push %r15 + + # adjust stack down and then align it with cache boundary + mov %rsp, %r8 + sub \$$mem_size, %rsp + and \$-64, %rsp + + # store previous stack pointer and arguments + mov %r8, (+$rsp_offset)(%rsp) + mov %rdi, (+$pResult_offset)(%rsp) + mov %rsi, (+$pG_offset)(%rsp) + mov %rcx, (+$pData_offset)(%rsp) +.Lbody: + # transform g into montgomery space + # GT = reduce(g * C2) = reduce(g * (2^256)) + # reduce expects to have the input in [tmp16] + pxor %xmm4, %xmm4 + movdqu (+16*0)(%rsi), %xmm0 + movdqu (+16*1)(%rsi), %xmm1 + movdqu (+16*2)(%rsi), %xmm2 + movdqu (+16*3)(%rsi), %xmm3 + movdqa %xmm4, (+$tmp16_offset+16*0)(%rsp) + movdqa %xmm4, (+$tmp16_offset+16*1)(%rsp) + movdqa %xmm4, (+$tmp16_offset+16*6)(%rsp) + movdqa %xmm4, (+$tmp16_offset+16*7)(%rsp) + movdqa %xmm0, (+$tmp16_offset+16*2)(%rsp) + movdqa %xmm1, (+$tmp16_offset+16*3)(%rsp) + movdqa %xmm2, (+$tmp16_offset+16*4)(%rsp) + movdqa %xmm3, (+$tmp16_offset+16*5)(%rsp) + + # load pExp before rdx gets blown away + movdqu (+16*0)(%rdx), %xmm0 + movdqu (+16*1)(%rdx), %xmm1 + movdqu (+16*2)(%rdx), %xmm2 + movdqu (+16*3)(%rdx), %xmm3 + + lea (+$GT_offset)(%rsp), %rbx + mov %rbx, (+$red_result_addr_offset)(%rsp) + call mont_reduce + + # Initialize tmp = C + lea (+$tmp_offset)(%rsp), %rcx + xor %rax, %rax + mov %rax, (+8*0)(%rcx) + mov %rax, (+8*1)(%rcx) + mov %rax, (+8*3)(%rcx) + mov %rax, (+8*4)(%rcx) + mov %rax, (+8*5)(%rcx) + mov %rax, (+8*6)(%rcx) + mov %rax, (+8*7)(%rcx) + mov %rax, (+$exp_offset+8*8)(%rsp) + movq \$1, (+8*2)(%rcx) + + lea (+$garray_offset)(%rsp), %rbp + mov %rcx, %rsi # pTmp + mov %rbp, %rdi # Garray[][0] +___ + + &swizzle("%rdi", "%rcx", "%rax", "%rbx"); + + # for (rax = 31; rax != 0; rax--) { + # tmp = reduce(tmp * G) + # swizzle(pg, tmp); + # pg += 2; } +$code.=<<___; + mov \$31, %rax + mov %rax, (+$i_offset)(%rsp) + mov %rbp, (+$pg_offset)(%rsp) + # rsi -> pTmp + mov %rsi, (+$red_result_addr_offset)(%rsp) + mov (+8*0)(%rsi), %r10 + mov (+8*1)(%rsi), %r11 + mov (+8*2)(%rsi), %r12 + mov (+8*3)(%rsi), %r13 + mov (+8*4)(%rsi), %r14 + mov (+8*5)(%rsi), %r15 + mov (+8*6)(%rsi), %r8 + mov (+8*7)(%rsi), %r9 +init_loop: + lea (+$GT_offset)(%rsp), %rdi + call mont_mul_a3b + lea (+$tmp_offset)(%rsp), %rsi + mov (+$pg_offset)(%rsp), %rbp + add \$2, %rbp + mov %rbp, (+$pg_offset)(%rsp) + mov %rsi, %rcx # rcx = rsi = addr of tmp +___ + + &swizzle("%rbp", "%rcx", "%rax", "%rbx"); +$code.=<<___; + mov (+$i_offset)(%rsp), %rax + sub \$1, %rax + mov %rax, (+$i_offset)(%rsp) + jne init_loop + + # + # Copy exponent onto stack + movdqa %xmm0, (+$exp_offset+16*0)(%rsp) + movdqa %xmm1, (+$exp_offset+16*1)(%rsp) + movdqa %xmm2, (+$exp_offset+16*2)(%rsp) + movdqa %xmm3, (+$exp_offset+16*3)(%rsp) + + + # + # Do exponentiation + # Initialize result to G[exp{511:507}] + mov (+$exp_offset+62)(%rsp), %eax + mov %rax, %rdx + shr \$11, %rax + and \$0x07FF, %edx + mov %edx, (+$exp_offset+62)(%rsp) + lea (+$garray_offset)(%rsp,%rax,2), %rsi + mov (+$pResult_offset)(%rsp), %rdx +___ + + &unswizzle("%rdx", "%rsi", "%rbp", "%rbx", "%rax"); + + # + # Loop variables + # rcx = [loop_idx] = index: 510-5 to 0 by 5 +$code.=<<___; + movq \$505, (+$loop_idx_offset)(%rsp) + + mov (+$pResult_offset)(%rsp), %rcx + mov %rcx, (+$red_result_addr_offset)(%rsp) + mov (+8*0)(%rcx), %r10 + mov (+8*1)(%rcx), %r11 + mov (+8*2)(%rcx), %r12 + mov (+8*3)(%rcx), %r13 + mov (+8*4)(%rcx), %r14 + mov (+8*5)(%rcx), %r15 + mov (+8*6)(%rcx), %r8 + mov (+8*7)(%rcx), %r9 + jmp sqr_2 + +main_loop_a3b: + call sqr_reduce + call sqr_reduce + call sqr_reduce +sqr_2: + call sqr_reduce + call sqr_reduce + + # + # Do multiply, first look up proper value in Garray + mov (+$loop_idx_offset)(%rsp), %rcx # bit index + mov %rcx, %rax + shr \$4, %rax # rax is word pointer + mov (+$exp_offset)(%rsp,%rax,2), %edx + and \$15, %rcx + shrq %cl, %rdx + and \$0x1F, %rdx + + lea (+$garray_offset)(%rsp,%rdx,2), %rsi + lea (+$tmp_offset)(%rsp), %rdx + mov %rdx, %rdi +___ + + &unswizzle("%rdx", "%rsi", "%rbp", "%rbx", "%rax"); + # rdi = tmp = pG + + # + # Call mod_mul_a1(pDst, pSrc1, pSrc2, pM, pData) + # result result pG M Data +$code.=<<___; + mov (+$pResult_offset)(%rsp), %rsi + call mont_mul_a3b + + # + # finish loop + mov (+$loop_idx_offset)(%rsp), %rcx + sub \$5, %rcx + mov %rcx, (+$loop_idx_offset)(%rsp) + jge main_loop_a3b + + # + +end_main_loop_a3b: + # transform result out of Montgomery space + # result = reduce(result) + mov (+$pResult_offset)(%rsp), %rdx + pxor %xmm4, %xmm4 + movdqu (+16*0)(%rdx), %xmm0 + movdqu (+16*1)(%rdx), %xmm1 + movdqu (+16*2)(%rdx), %xmm2 + movdqu (+16*3)(%rdx), %xmm3 + movdqa %xmm4, (+$tmp16_offset+16*4)(%rsp) + movdqa %xmm4, (+$tmp16_offset+16*5)(%rsp) + movdqa %xmm4, (+$tmp16_offset+16*6)(%rsp) + movdqa %xmm4, (+$tmp16_offset+16*7)(%rsp) + movdqa %xmm0, (+$tmp16_offset+16*0)(%rsp) + movdqa %xmm1, (+$tmp16_offset+16*1)(%rsp) + movdqa %xmm2, (+$tmp16_offset+16*2)(%rsp) + movdqa %xmm3, (+$tmp16_offset+16*3)(%rsp) + call mont_reduce + + # If result > m, subract m + # load result into r15:r8 + mov (+$pResult_offset)(%rsp), %rax + mov (+8*0)(%rax), %r8 + mov (+8*1)(%rax), %r9 + mov (+8*2)(%rax), %r10 + mov (+8*3)(%rax), %r11 + mov (+8*4)(%rax), %r12 + mov (+8*5)(%rax), %r13 + mov (+8*6)(%rax), %r14 + mov (+8*7)(%rax), %r15 + + # subtract m + mov (+$pData_offset)(%rsp), %rbx + add \$$M, %rbx + + sub (+8*0)(%rbx), %r8 + sbb (+8*1)(%rbx), %r9 + sbb (+8*2)(%rbx), %r10 + sbb (+8*3)(%rbx), %r11 + sbb (+8*4)(%rbx), %r12 + sbb (+8*5)(%rbx), %r13 + sbb (+8*6)(%rbx), %r14 + sbb (+8*7)(%rbx), %r15 + + # if Carry is clear, replace result with difference + mov (+8*0)(%rax), %rsi + mov (+8*1)(%rax), %rdi + mov (+8*2)(%rax), %rcx + mov (+8*3)(%rax), %rdx + cmovnc %r8, %rsi + cmovnc %r9, %rdi + cmovnc %r10, %rcx + cmovnc %r11, %rdx + mov %rsi, (+8*0)(%rax) + mov %rdi, (+8*1)(%rax) + mov %rcx, (+8*2)(%rax) + mov %rdx, (+8*3)(%rax) + + mov (+8*4)(%rax), %rsi + mov (+8*5)(%rax), %rdi + mov (+8*6)(%rax), %rcx + mov (+8*7)(%rax), %rdx + cmovnc %r12, %rsi + cmovnc %r13, %rdi + cmovnc %r14, %rcx + cmovnc %r15, %rdx + mov %rsi, (+8*4)(%rax) + mov %rdi, (+8*5)(%rax) + mov %rcx, (+8*6)(%rax) + mov %rdx, (+8*7)(%rax) + + mov (+$rsp_offset)(%rsp), %rsi + mov 0(%rsi),%r15 + mov 8(%rsi),%r14 + mov 16(%rsi),%r13 + mov 24(%rsi),%r12 + mov 32(%rsi),%rbx + mov 40(%rsi),%rbp + lea 48(%rsi),%rsp +.Lepilogue: + ret +.size mod_exp_512, . - mod_exp_512 +___ + +sub reg_part { +my ($reg,$conv)=@_; + if ($reg =~ /%r[0-9]+/) { $reg .= $conv; } + elsif ($conv eq "b") { $reg =~ s/%[er]([^x]+)x?/%$1l/; } + elsif ($conv eq "w") { $reg =~ s/%[er](.+)/%$1/; } + elsif ($conv eq "d") { $reg =~ s/%[er](.+)/%e$1/; } + return $reg; +} + +$code =~ s/(%[a-z0-9]+)#([bwd])/reg_part($1,$2)/gem; +$code =~ s/\`([^\`]*)\`/eval $1/gem; +$code =~ s/(\(\+[^)]+\))/eval $1/gem; +print $code; +close STDOUT; diff --git a/src/lib/libcrypto/bn/asm/pa-risc.s b/src/lib/libcrypto/bn/asm/pa-risc.s deleted file mode 100644 index 775130a1912..00000000000 --- a/src/lib/libcrypto/bn/asm/pa-risc.s +++ /dev/null @@ -1,710 +0,0 @@ - .SPACE $PRIVATE$ - .SUBSPA $DATA$,QUAD=1,ALIGN=8,ACCESS=31 - .SUBSPA $BSS$,QUAD=1,ALIGN=8,ACCESS=31,ZERO,SORT=82 - .SPACE $TEXT$ - .SUBSPA $LIT$,QUAD=0,ALIGN=8,ACCESS=44 - .SUBSPA $CODE$,QUAD=0,ALIGN=8,ACCESS=44,CODE_ONLY - .IMPORT $global$,DATA - .IMPORT $$dyncall,MILLICODE -; gcc_compiled.: - .SPACE $TEXT$ - .SUBSPA $CODE$ - - .align 4 - .EXPORT bn_mul_add_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,RTNVAL=GR -bn_mul_add_words - .PROC - .CALLINFO FRAME=0,CALLS,SAVE_RP - .ENTRY - stw %r2,-20(0,%r30) - ldi 0,%r28 - extru %r23,31,16,%r2 - stw %r2,-16(0,%r30) - extru %r23,15,16,%r23 - ldil L'65536,%r31 - fldws -16(0,%r30),%fr11R - stw %r23,-16(0,%r30) - ldo 12(%r25),%r29 - ldo 12(%r26),%r23 - fldws -16(0,%r30),%fr11L -L$0002 - ldw 0(0,%r25),%r19 - extru %r19,31,16,%r20 - stw %r20,-16(0,%r30) - extru %r19,15,16,%r19 - fldws -16(0,%r30),%fr22L - stw %r19,-16(0,%r30) - xmpyu %fr22L,%fr11R,%fr8 - fldws -16(0,%r30),%fr22L - fstws %fr8R,-16(0,%r30) - xmpyu %fr11R,%fr22L,%fr10 - ldw -16(0,%r30),%r2 - stw %r20,-16(0,%r30) - xmpyu %fr22L,%fr11L,%fr9 - fldws -16(0,%r30),%fr22L - fstws %fr10R,-16(0,%r30) - copy %r2,%r22 - ldw -16(0,%r30),%r2 - fstws %fr9R,-16(0,%r30) - xmpyu %fr11L,%fr22L,%fr8 - copy %r2,%r19 - ldw -16(0,%r30),%r2 - fstws %fr8R,-16(0,%r30) - copy %r2,%r20 - ldw -16(0,%r30),%r2 - addl %r2,%r19,%r21 - comclr,<<= %r19,%r21,0 - addl %r20,%r31,%r20 -L$0005 - extru %r21,15,16,%r19 - addl %r20,%r19,%r20 - zdep %r21,15,16,%r19 - addl %r22,%r19,%r22 - comclr,<<= %r19,%r22,0 - addi,tr 1,%r20,%r19 - copy %r20,%r19 - addl %r22,%r28,%r20 - comclr,<<= %r28,%r20,0 - addi 1,%r19,%r19 - ldw 0(0,%r26),%r28 - addl %r20,%r28,%r20 - comclr,<<= %r28,%r20,0 - addi,tr 1,%r19,%r28 - copy %r19,%r28 - addib,= -1,%r24,L$0003 - stw %r20,0(0,%r26) - ldw -8(0,%r29),%r19 - extru %r19,31,16,%r20 - stw %r20,-16(0,%r30) - extru %r19,15,16,%r19 - fldws -16(0,%r30),%fr22L - stw %r19,-16(0,%r30) - xmpyu %fr22L,%fr11R,%fr8 - fldws -16(0,%r30),%fr22L - fstws %fr8R,-16(0,%r30) - xmpyu %fr11R,%fr22L,%fr10 - ldw -16(0,%r30),%r2 - stw %r20,-16(0,%r30) - xmpyu %fr22L,%fr11L,%fr9 - fldws -16(0,%r30),%fr22L - fstws %fr10R,-16(0,%r30) - copy %r2,%r22 - ldw -16(0,%r30),%r2 - fstws %fr9R,-16(0,%r30) - xmpyu %fr11L,%fr22L,%fr8 - copy %r2,%r19 - ldw -16(0,%r30),%r2 - fstws %fr8R,-16(0,%r30) - copy %r2,%r20 - ldw -16(0,%r30),%r2 - addl %r2,%r19,%r21 - comclr,<<= %r19,%r21,0 - addl %r20,%r31,%r20 -L$0010 - extru %r21,15,16,%r19 - addl %r20,%r19,%r20 - zdep %r21,15,16,%r19 - addl %r22,%r19,%r22 - comclr,<<= %r19,%r22,0 - addi,tr 1,%r20,%r19 - copy %r20,%r19 - addl %r22,%r28,%r20 - comclr,<<= %r28,%r20,0 - addi 1,%r19,%r19 - ldw -8(0,%r23),%r28 - addl %r20,%r28,%r20 - comclr,<<= %r28,%r20,0 - addi,tr 1,%r19,%r28 - copy %r19,%r28 - addib,= -1,%r24,L$0003 - stw %r20,-8(0,%r23) - ldw -4(0,%r29),%r19 - extru %r19,31,16,%r20 - stw %r20,-16(0,%r30) - extru %r19,15,16,%r19 - fldws -16(0,%r30),%fr22L - stw %r19,-16(0,%r30) - xmpyu %fr22L,%fr11R,%fr8 - fldws -16(0,%r30),%fr22L - fstws %fr8R,-16(0,%r30) - xmpyu %fr11R,%fr22L,%fr10 - ldw -16(0,%r30),%r2 - stw %r20,-16(0,%r30) - xmpyu %fr22L,%fr11L,%fr9 - fldws -16(0,%r30),%fr22L - fstws %fr10R,-16(0,%r30) - copy %r2,%r22 - ldw -16(0,%r30),%r2 - fstws %fr9R,-16(0,%r30) - xmpyu %fr11L,%fr22L,%fr8 - copy %r2,%r19 - ldw -16(0,%r30),%r2 - fstws %fr8R,-16(0,%r30) - copy %r2,%r20 - ldw -16(0,%r30),%r2 - addl %r2,%r19,%r21 - comclr,<<= %r19,%r21,0 - addl %r20,%r31,%r20 -L$0015 - extru %r21,15,16,%r19 - addl %r20,%r19,%r20 - zdep %r21,15,16,%r19 - addl %r22,%r19,%r22 - comclr,<<= %r19,%r22,0 - addi,tr 1,%r20,%r19 - copy %r20,%r19 - addl %r22,%r28,%r20 - comclr,<<= %r28,%r20,0 - addi 1,%r19,%r19 - ldw -4(0,%r23),%r28 - addl %r20,%r28,%r20 - comclr,<<= %r28,%r20,0 - addi,tr 1,%r19,%r28 - copy %r19,%r28 - addib,= -1,%r24,L$0003 - stw %r20,-4(0,%r23) - ldw 0(0,%r29),%r19 - extru %r19,31,16,%r20 - stw %r20,-16(0,%r30) - extru %r19,15,16,%r19 - fldws -16(0,%r30),%fr22L - stw %r19,-16(0,%r30) - xmpyu %fr22L,%fr11R,%fr8 - fldws -16(0,%r30),%fr22L - fstws %fr8R,-16(0,%r30) - xmpyu %fr11R,%fr22L,%fr10 - ldw -16(0,%r30),%r2 - stw %r20,-16(0,%r30) - xmpyu %fr22L,%fr11L,%fr9 - fldws -16(0,%r30),%fr22L - fstws %fr10R,-16(0,%r30) - copy %r2,%r22 - ldw -16(0,%r30),%r2 - fstws %fr9R,-16(0,%r30) - xmpyu %fr11L,%fr22L,%fr8 - copy %r2,%r19 - ldw -16(0,%r30),%r2 - fstws %fr8R,-16(0,%r30) - copy %r2,%r20 - ldw -16(0,%r30),%r2 - addl %r2,%r19,%r21 - comclr,<<= %r19,%r21,0 - addl %r20,%r31,%r20 -L$0020 - extru %r21,15,16,%r19 - addl %r20,%r19,%r20 - zdep %r21,15,16,%r19 - addl %r22,%r19,%r22 - comclr,<<= %r19,%r22,0 - addi,tr 1,%r20,%r19 - copy %r20,%r19 - addl %r22,%r28,%r20 - comclr,<<= %r28,%r20,0 - addi 1,%r19,%r19 - ldw 0(0,%r23),%r28 - addl %r20,%r28,%r20 - comclr,<<= %r28,%r20,0 - addi,tr 1,%r19,%r28 - copy %r19,%r28 - addib,= -1,%r24,L$0003 - stw %r20,0(0,%r23) - ldo 16(%r29),%r29 - ldo 16(%r25),%r25 - ldo 16(%r23),%r23 - bl L$0002,0 - ldo 16(%r26),%r26 -L$0003 - ldw -20(0,%r30),%r2 - bv,n 0(%r2) - .EXIT - .PROCEND - .align 4 - .EXPORT bn_mul_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,RTNVAL=GR -bn_mul_words - .PROC - .CALLINFO FRAME=0,CALLS,SAVE_RP - .ENTRY - stw %r2,-20(0,%r30) - ldi 0,%r28 - extru %r23,31,16,%r2 - stw %r2,-16(0,%r30) - extru %r23,15,16,%r23 - ldil L'65536,%r31 - fldws -16(0,%r30),%fr11R - stw %r23,-16(0,%r30) - ldo 12(%r26),%r29 - ldo 12(%r25),%r23 - fldws -16(0,%r30),%fr11L -L$0026 - ldw 0(0,%r25),%r19 - extru %r19,31,16,%r20 - stw %r20,-16(0,%r30) - extru %r19,15,16,%r19 - fldws -16(0,%r30),%fr22L - stw %r19,-16(0,%r30) - xmpyu %fr22L,%fr11R,%fr8 - fldws -16(0,%r30),%fr22L - fstws %fr8R,-16(0,%r30) - xmpyu %fr11R,%fr22L,%fr10 - ldw -16(0,%r30),%r2 - stw %r20,-16(0,%r30) - xmpyu %fr22L,%fr11L,%fr9 - fldws -16(0,%r30),%fr22L - fstws %fr10R,-16(0,%r30) - copy %r2,%r22 - ldw -16(0,%r30),%r2 - fstws %fr9R,-16(0,%r30) - xmpyu %fr11L,%fr22L,%fr8 - copy %r2,%r19 - ldw -16(0,%r30),%r2 - fstws %fr8R,-16(0,%r30) - copy %r2,%r20 - ldw -16(0,%r30),%r2 - addl %r2,%r19,%r21 - comclr,<<= %r19,%r21,0 - addl %r20,%r31,%r20 -L$0029 - extru %r21,15,16,%r19 - addl %r20,%r19,%r20 - zdep %r21,15,16,%r19 - addl %r22,%r19,%r22 - comclr,<<= %r19,%r22,0 - addi,tr 1,%r20,%r19 - copy %r20,%r19 - addl %r22,%r28,%r20 - comclr,<<= %r28,%r20,0 - addi,tr 1,%r19,%r28 - copy %r19,%r28 - addib,= -1,%r24,L$0027 - stw %r20,0(0,%r26) - ldw -8(0,%r23),%r19 - extru %r19,31,16,%r20 - stw %r20,-16(0,%r30) - extru %r19,15,16,%r19 - fldws -16(0,%r30),%fr22L - stw %r19,-16(0,%r30) - xmpyu %fr22L,%fr11R,%fr8 - fldws -16(0,%r30),%fr22L - fstws %fr8R,-16(0,%r30) - xmpyu %fr11R,%fr22L,%fr10 - ldw -16(0,%r30),%r2 - stw %r20,-16(0,%r30) - xmpyu %fr22L,%fr11L,%fr9 - fldws -16(0,%r30),%fr22L - fstws %fr10R,-16(0,%r30) - copy %r2,%r22 - ldw -16(0,%r30),%r2 - fstws %fr9R,-16(0,%r30) - xmpyu %fr11L,%fr22L,%fr8 - copy %r2,%r19 - ldw -16(0,%r30),%r2 - fstws %fr8R,-16(0,%r30) - copy %r2,%r20 - ldw -16(0,%r30),%r2 - addl %r2,%r19,%r21 - comclr,<<= %r19,%r21,0 - addl %r20,%r31,%r20 -L$0033 - extru %r21,15,16,%r19 - addl %r20,%r19,%r20 - zdep %r21,15,16,%r19 - addl %r22,%r19,%r22 - comclr,<<= %r19,%r22,0 - addi,tr 1,%r20,%r19 - copy %r20,%r19 - addl %r22,%r28,%r20 - comclr,<<= %r28,%r20,0 - addi,tr 1,%r19,%r28 - copy %r19,%r28 - addib,= -1,%r24,L$0027 - stw %r20,-8(0,%r29) - ldw -4(0,%r23),%r19 - extru %r19,31,16,%r20 - stw %r20,-16(0,%r30) - extru %r19,15,16,%r19 - fldws -16(0,%r30),%fr22L - stw %r19,-16(0,%r30) - xmpyu %fr22L,%fr11R,%fr8 - fldws -16(0,%r30),%fr22L - fstws %fr8R,-16(0,%r30) - xmpyu %fr11R,%fr22L,%fr10 - ldw -16(0,%r30),%r2 - stw %r20,-16(0,%r30) - xmpyu %fr22L,%fr11L,%fr9 - fldws -16(0,%r30),%fr22L - fstws %fr10R,-16(0,%r30) - copy %r2,%r22 - ldw -16(0,%r30),%r2 - fstws %fr9R,-16(0,%r30) - xmpyu %fr11L,%fr22L,%fr8 - copy %r2,%r19 - ldw -16(0,%r30),%r2 - fstws %fr8R,-16(0,%r30) - copy %r2,%r20 - ldw -16(0,%r30),%r2 - addl %r2,%r19,%r21 - comclr,<<= %r19,%r21,0 - addl %r20,%r31,%r20 -L$0037 - extru %r21,15,16,%r19 - addl %r20,%r19,%r20 - zdep %r21,15,16,%r19 - addl %r22,%r19,%r22 - comclr,<<= %r19,%r22,0 - addi,tr 1,%r20,%r19 - copy %r20,%r19 - addl %r22,%r28,%r20 - comclr,<<= %r28,%r20,0 - addi,tr 1,%r19,%r28 - copy %r19,%r28 - addib,= -1,%r24,L$0027 - stw %r20,-4(0,%r29) - ldw 0(0,%r23),%r19 - extru %r19,31,16,%r20 - stw %r20,-16(0,%r30) - extru %r19,15,16,%r19 - fldws -16(0,%r30),%fr22L - stw %r19,-16(0,%r30) - xmpyu %fr22L,%fr11R,%fr8 - fldws -16(0,%r30),%fr22L - fstws %fr8R,-16(0,%r30) - xmpyu %fr11R,%fr22L,%fr10 - ldw -16(0,%r30),%r2 - stw %r20,-16(0,%r30) - xmpyu %fr22L,%fr11L,%fr9 - fldws -16(0,%r30),%fr22L - fstws %fr10R,-16(0,%r30) - copy %r2,%r22 - ldw -16(0,%r30),%r2 - fstws %fr9R,-16(0,%r30) - xmpyu %fr11L,%fr22L,%fr8 - copy %r2,%r19 - ldw -16(0,%r30),%r2 - fstws %fr8R,-16(0,%r30) - copy %r2,%r20 - ldw -16(0,%r30),%r2 - addl %r2,%r19,%r21 - comclr,<<= %r19,%r21,0 - addl %r20,%r31,%r20 -L$0041 - extru %r21,15,16,%r19 - addl %r20,%r19,%r20 - zdep %r21,15,16,%r19 - addl %r22,%r19,%r22 - comclr,<<= %r19,%r22,0 - addi,tr 1,%r20,%r19 - copy %r20,%r19 - addl %r22,%r28,%r20 - comclr,<<= %r28,%r20,0 - addi,tr 1,%r19,%r28 - copy %r19,%r28 - addib,= -1,%r24,L$0027 - stw %r20,0(0,%r29) - ldo 16(%r23),%r23 - ldo 16(%r25),%r25 - ldo 16(%r29),%r29 - bl L$0026,0 - ldo 16(%r26),%r26 -L$0027 - ldw -20(0,%r30),%r2 - bv,n 0(%r2) - .EXIT - .PROCEND - .align 4 - .EXPORT bn_sqr_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR -bn_sqr_words - .PROC - .CALLINFO FRAME=0,NO_CALLS - .ENTRY - ldo 28(%r26),%r23 - ldo 12(%r25),%r28 -L$0046 - ldw 0(0,%r25),%r21 - extru %r21,31,16,%r22 - stw %r22,-16(0,%r30) - extru %r21,15,16,%r21 - fldws -16(0,%r30),%fr10L - stw %r21,-16(0,%r30) - fldws -16(0,%r30),%fr10R - xmpyu %fr10L,%fr10R,%fr8 - fstws %fr8R,-16(0,%r30) - ldw -16(0,%r30),%r29 - stw %r22,-16(0,%r30) - fldws -16(0,%r30),%fr10R - stw %r21,-16(0,%r30) - copy %r29,%r19 - xmpyu %fr10L,%fr10R,%fr8 - fldws -16(0,%r30),%fr10L - stw %r21,-16(0,%r30) - fldws -16(0,%r30),%fr10R - fstws %fr8R,-16(0,%r30) - extru %r19,16,17,%r20 - zdep %r19,14,15,%r19 - ldw -16(0,%r30),%r29 - xmpyu %fr10L,%fr10R,%fr9 - addl %r29,%r19,%r22 - stw %r22,0(0,%r26) - fstws %fr9R,-16(0,%r30) - ldw -16(0,%r30),%r29 - addl %r29,%r20,%r21 - comclr,<<= %r19,%r22,0 - addi 1,%r21,%r21 - addib,= -1,%r24,L$0057 - stw %r21,-24(0,%r23) - ldw -8(0,%r28),%r21 - extru %r21,31,16,%r22 - stw %r22,-16(0,%r30) - extru %r21,15,16,%r21 - fldws -16(0,%r30),%fr10L - stw %r21,-16(0,%r30) - fldws -16(0,%r30),%fr10R - xmpyu %fr10L,%fr10R,%fr8 - fstws %fr8R,-16(0,%r30) - ldw -16(0,%r30),%r29 - stw %r22,-16(0,%r30) - fldws -16(0,%r30),%fr10R - stw %r21,-16(0,%r30) - copy %r29,%r19 - xmpyu %fr10L,%fr10R,%fr8 - fldws -16(0,%r30),%fr10L - stw %r21,-16(0,%r30) - fldws -16(0,%r30),%fr10R - fstws %fr8R,-16(0,%r30) - extru %r19,16,17,%r20 - zdep %r19,14,15,%r19 - ldw -16(0,%r30),%r29 - xmpyu %fr10L,%fr10R,%fr9 - addl %r29,%r19,%r22 - stw %r22,-20(0,%r23) - fstws %fr9R,-16(0,%r30) - ldw -16(0,%r30),%r29 - addl %r29,%r20,%r21 - comclr,<<= %r19,%r22,0 - addi 1,%r21,%r21 - addib,= -1,%r24,L$0057 - stw %r21,-16(0,%r23) - ldw -4(0,%r28),%r21 - extru %r21,31,16,%r22 - stw %r22,-16(0,%r30) - extru %r21,15,16,%r21 - fldws -16(0,%r30),%fr10L - stw %r21,-16(0,%r30) - fldws -16(0,%r30),%fr10R - xmpyu %fr10L,%fr10R,%fr8 - fstws %fr8R,-16(0,%r30) - ldw -16(0,%r30),%r29 - stw %r22,-16(0,%r30) - fldws -16(0,%r30),%fr10R - stw %r21,-16(0,%r30) - copy %r29,%r19 - xmpyu %fr10L,%fr10R,%fr8 - fldws -16(0,%r30),%fr10L - stw %r21,-16(0,%r30) - fldws -16(0,%r30),%fr10R - fstws %fr8R,-16(0,%r30) - extru %r19,16,17,%r20 - zdep %r19,14,15,%r19 - ldw -16(0,%r30),%r29 - xmpyu %fr10L,%fr10R,%fr9 - addl %r29,%r19,%r22 - stw %r22,-12(0,%r23) - fstws %fr9R,-16(0,%r30) - ldw -16(0,%r30),%r29 - addl %r29,%r20,%r21 - comclr,<<= %r19,%r22,0 - addi 1,%r21,%r21 - addib,= -1,%r24,L$0057 - stw %r21,-8(0,%r23) - ldw 0(0,%r28),%r21 - extru %r21,31,16,%r22 - stw %r22,-16(0,%r30) - extru %r21,15,16,%r21 - fldws -16(0,%r30),%fr10L - stw %r21,-16(0,%r30) - fldws -16(0,%r30),%fr10R - xmpyu %fr10L,%fr10R,%fr8 - fstws %fr8R,-16(0,%r30) - ldw -16(0,%r30),%r29 - stw %r22,-16(0,%r30) - fldws -16(0,%r30),%fr10R - stw %r21,-16(0,%r30) - copy %r29,%r19 - xmpyu %fr10L,%fr10R,%fr8 - fldws -16(0,%r30),%fr10L - stw %r21,-16(0,%r30) - fldws -16(0,%r30),%fr10R - fstws %fr8R,-16(0,%r30) - extru %r19,16,17,%r20 - zdep %r19,14,15,%r19 - ldw -16(0,%r30),%r29 - xmpyu %fr10L,%fr10R,%fr9 - addl %r29,%r19,%r22 - stw %r22,-4(0,%r23) - fstws %fr9R,-16(0,%r30) - ldw -16(0,%r30),%r29 - addl %r29,%r20,%r21 - comclr,<<= %r19,%r22,0 - addi 1,%r21,%r21 - addib,= -1,%r24,L$0057 - stw %r21,0(0,%r23) - ldo 16(%r28),%r28 - ldo 16(%r25),%r25 - ldo 32(%r23),%r23 - bl L$0046,0 - ldo 32(%r26),%r26 -L$0057 - bv,n 0(%r2) - .EXIT - .PROCEND - .IMPORT BN_num_bits_word,CODE - .IMPORT fprintf,CODE - .IMPORT __iob,DATA - .SPACE $TEXT$ - .SUBSPA $LIT$ - - .align 4 -L$C0000 - .STRING "Division would overflow\x0a\x00" - .IMPORT abort,CODE - .SPACE $TEXT$ - .SUBSPA $CODE$ - - .align 4 - .EXPORT bn_div64,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,RTNVAL=GR -bn_div64 - .PROC - .CALLINFO FRAME=128,CALLS,SAVE_RP,ENTRY_GR=8 - .ENTRY - stw %r2,-20(0,%r30) - stwm %r8,128(0,%r30) - stw %r7,-124(0,%r30) - stw %r4,-112(0,%r30) - stw %r3,-108(0,%r30) - copy %r26,%r3 - copy %r25,%r4 - stw %r6,-120(0,%r30) - ldi 0,%r7 - stw %r5,-116(0,%r30) - movb,<> %r24,%r5,L$0059 - ldi 2,%r6 - bl L$0076,0 - ldi -1,%r28 -L$0059 - .CALL ARGW0=GR - bl BN_num_bits_word,%r2 - copy %r5,%r26 - ldi 32,%r19 - comb,= %r19,%r28,L$0060 - subi 31,%r28,%r19 - mtsar %r19 - zvdepi 1,32,%r19 - comb,>>= %r19,%r3,L$0060 - addil LR'__iob-$global$+32,%r27 - ldo RR'__iob-$global$+32(%r1),%r26 - ldil LR'L$C0000,%r25 - .CALL ARGW0=GR,ARGW1=GR - bl fprintf,%r2 - ldo RR'L$C0000(%r25),%r25 - .CALL - bl abort,%r2 - nop -L$0060 - comb,>> %r5,%r3,L$0061 - subi 32,%r28,%r28 - sub %r3,%r5,%r3 -L$0061 - comib,= 0,%r28,L$0062 - subi 31,%r28,%r19 - mtsar %r19 - zvdep %r5,32,%r5 - zvdep %r3,32,%r21 - subi 32,%r28,%r20 - mtsar %r20 - vshd 0,%r4,%r20 - or %r21,%r20,%r3 - mtsar %r19 - zvdep %r4,32,%r4 -L$0062 - extru %r5,15,16,%r23 - extru %r5,31,16,%r28 -L$0063 - extru %r3,15,16,%r19 - comb,<> %r23,%r19,L$0066 - copy %r3,%r26 - bl L$0067,0 - zdepi -1,31,16,%r29 -L$0066 - .IMPORT $$divU,MILLICODE - bl $$divU,%r31 - copy %r23,%r25 -L$0067 - stw %r29,-16(0,%r30) - fldws -16(0,%r30),%fr10L - stw %r28,-16(0,%r30) - fldws -16(0,%r30),%fr10R - stw %r23,-16(0,%r30) - xmpyu %fr10L,%fr10R,%fr8 - fldws -16(0,%r30),%fr10R - fstws %fr8R,-16(0,%r30) - xmpyu %fr10L,%fr10R,%fr9 - ldw -16(0,%r30),%r8 - fstws %fr9R,-16(0,%r30) - copy %r8,%r22 - ldw -16(0,%r30),%r8 - extru %r4,15,16,%r24 - copy %r8,%r21 -L$0068 - sub %r3,%r21,%r20 - copy %r20,%r19 - depi 0,31,16,%r19 - comib,<> 0,%r19,L$0069 - zdep %r20,15,16,%r19 - addl %r19,%r24,%r19 - comb,>>= %r19,%r22,L$0069 - sub %r22,%r28,%r22 - sub %r21,%r23,%r21 - bl L$0068,0 - ldo -1(%r29),%r29 -L$0069 - stw %r29,-16(0,%r30) - fldws -16(0,%r30),%fr10L - stw %r28,-16(0,%r30) - fldws -16(0,%r30),%fr10R - xmpyu %fr10L,%fr10R,%fr8 - fstws %fr8R,-16(0,%r30) - ldw -16(0,%r30),%r8 - stw %r23,-16(0,%r30) - fldws -16(0,%r30),%fr10R - copy %r8,%r19 - xmpyu %fr10L,%fr10R,%fr8 - fstws %fr8R,-16(0,%r30) - extru %r19,15,16,%r20 - ldw -16(0,%r30),%r8 - zdep %r19,15,16,%r19 - addl %r8,%r20,%r20 - comclr,<<= %r19,%r4,0 - addi 1,%r20,%r20 - comb,<<= %r20,%r3,L$0074 - sub %r4,%r19,%r4 - addl %r3,%r5,%r3 - ldo -1(%r29),%r29 -L$0074 - addib,= -1,%r6,L$0064 - sub %r3,%r20,%r3 - zdep %r29,15,16,%r7 - shd %r3,%r4,16,%r3 - bl L$0063,0 - zdep %r4,15,16,%r4 -L$0064 - or %r7,%r29,%r28 -L$0076 - ldw -148(0,%r30),%r2 - ldw -124(0,%r30),%r7 - ldw -120(0,%r30),%r6 - ldw -116(0,%r30),%r5 - ldw -112(0,%r30),%r4 - ldw -108(0,%r30),%r3 - bv 0(%r2) - ldwm -128(0,%r30),%r8 - .EXIT - .PROCEND diff --git a/src/lib/libcrypto/bn/asm/pa-risc2.s b/src/lib/libcrypto/bn/asm/pa-risc2.s index af9730d0621..f3b16290eb0 100644 --- a/src/lib/libcrypto/bn/asm/pa-risc2.s +++ b/src/lib/libcrypto/bn/asm/pa-risc2.s @@ -747,8 +747,8 @@ bn_div_words .PROC .EXPORT bn_div_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,RTNVAL=GR,LONG_RETURN .IMPORT BN_num_bits_word,CODE - .IMPORT __iob,DATA - .IMPORT fprintf,CODE + ;--- not PIC .IMPORT __iob,DATA + ;--- not PIC .IMPORT fprintf,CODE .IMPORT abort,CODE .IMPORT $$div2U,MILLICODE .CALLINFO CALLER,FRAME=144,ENTRY_GR=%r9,SAVE_RP,ARGS_SAVED,ORDERING_AWARE @@ -844,12 +844,12 @@ $0006001A MOVIB,TR 2,%r8,$0006001C ;offset 0xa18 EXTRD,U %r3,63,32,%r7 ;offset 0xa1c $D2 - ADDIL LR'__iob-$global$,%r27,%r1 ;offset 0xa20 - LDIL LR'C$7,%r21 ;offset 0xa24 - LDO RR'__iob-$global$+32(%r1),%r26 ;offset 0xa28 - .CALL ARGW0=GR,ARGW1=GR,ARGW2=GR,RTNVAL=GR ;in=24,25,26;out=28; - B,L fprintf,%r2 ;offset 0xa2c - LDO RR'C$7(%r21),%r25 ;offset 0xa30 + ;--- not PIC ADDIL LR'__iob-$global$,%r27,%r1 ;offset 0xa20 + ;--- not PIC LDIL LR'C$7,%r21 ;offset 0xa24 + ;--- not PIC LDO RR'__iob-$global$+32(%r1),%r26 ;offset 0xa28 + ;--- not PIC .CALL ARGW0=GR,ARGW1=GR,ARGW2=GR,RTNVAL=GR ;in=24,25,26;out=28; + ;--- not PIC B,L fprintf,%r2 ;offset 0xa2c + ;--- not PIC LDO RR'C$7(%r21),%r25 ;offset 0xa30 .CALL ; B,L abort,%r2 ;offset 0xa34 NOP ;offset 0xa38 @@ -1605,14 +1605,14 @@ bn_mul_comba4 .PROCEND - .SPACE $TEXT$ - .SUBSPA $CODE$ - .SPACE $PRIVATE$,SORT=16 - .IMPORT $global$,DATA - .SPACE $TEXT$ - .SUBSPA $CODE$ - .SUBSPA $LIT$,ACCESS=0x2c -C$7 - .ALIGN 8 - .STRINGZ "Division would overflow (%d)\n" +;--- not PIC .SPACE $TEXT$ +;--- not PIC .SUBSPA $CODE$ +;--- not PIC .SPACE $PRIVATE$,SORT=16 +;--- not PIC .IMPORT $global$,DATA +;--- not PIC .SPACE $TEXT$ +;--- not PIC .SUBSPA $CODE$ +;--- not PIC .SUBSPA $LIT$,ACCESS=0x2c +;--- not PIC C$7 +;--- not PIC .ALIGN 8 +;--- not PIC .STRINGZ "Division would overflow (%d)\n" .END diff --git a/src/lib/libcrypto/bn/asm/parisc-mont.pl b/src/lib/libcrypto/bn/asm/parisc-mont.pl new file mode 100644 index 00000000000..fcfdee1f1f8 --- /dev/null +++ b/src/lib/libcrypto/bn/asm/parisc-mont.pl @@ -0,0 +1,993 @@ +#!/usr/bin/env perl + +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# On PA-7100LC this module performs ~90-50% better, less for longer +# keys, than code generated by gcc 3.2 for PA-RISC 1.1. Latter means +# that compiler utilized xmpyu instruction to perform 32x32=64-bit +# multiplication, which in turn means that "baseline" performance was +# optimal in respect to instruction set capabilities. Fair comparison +# with vendor compiler is problematic, because OpenSSL doesn't define +# BN_LLONG [presumably] for historical reasons, which drives compiler +# toward 4 times 16x16=32-bit multiplicatons [plus complementary +# shifts and additions] instead. This means that you should observe +# several times improvement over code generated by vendor compiler +# for PA-RISC 1.1, but the "baseline" is far from optimal. The actual +# improvement coefficient was never collected on PA-7100LC, or any +# other 1.1 CPU, because I don't have access to such machine with +# vendor compiler. But to give you a taste, PA-RISC 1.1 code path +# reportedly outperformed code generated by cc +DA1.1 +O3 by factor +# of ~5x on PA-8600. +# +# On PA-RISC 2.0 it has to compete with pa-risc2[W].s, which is +# reportedly ~2x faster than vendor compiler generated code [according +# to comment in pa-risc2[W].s]. Here comes a catch. Execution core of +# this implementation is actually 32-bit one, in the sense that it +# operates on 32-bit values. But pa-risc2[W].s operates on arrays of +# 64-bit BN_LONGs... How do they interoperate then? No problem. This +# module picks halves of 64-bit values in reverse order and pretends +# they were 32-bit BN_LONGs. But can 32-bit core compete with "pure" +# 64-bit code such as pa-risc2[W].s then? Well, the thing is that +# 32x32=64-bit multiplication is the best even PA-RISC 2.0 can do, +# i.e. there is no "wider" multiplication like on most other 64-bit +# platforms. This means that even being effectively 32-bit, this +# implementation performs "64-bit" computational task in same amount +# of arithmetic operations, most notably multiplications. It requires +# more memory references, most notably to tp[num], but this doesn't +# seem to exhaust memory port capacity. And indeed, dedicated PA-RISC +# 2.0 code path provides virtually same performance as pa-risc2[W].s: +# it's ~10% better for shortest key length and ~10% worse for longest +# one. +# +# In case it wasn't clear. The module has two distinct code paths: +# PA-RISC 1.1 and PA-RISC 2.0 ones. Latter features carry-free 64-bit +# additions and 64-bit integer loads, not to mention specific +# instruction scheduling. In 64-bit build naturally only 2.0 code path +# is assembled. In 32-bit application context both code paths are +# assembled, PA-RISC 2.0 CPU is detected at run-time and proper path +# is taken automatically. Also, in 32-bit build the module imposes +# couple of limitations: vector lengths has to be even and vector +# addresses has to be 64-bit aligned. Normally neither is a problem: +# most common key lengths are even and vectors are commonly malloc-ed, +# which ensures alignment. +# +# Special thanks to polarhome.com for providing HP-UX account on +# PA-RISC 1.1 machine, and to correspondent who chose to remain +# anonymous for testing the code on PA-RISC 2.0 machine. + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; + +$flavour = shift; +$output = shift; + +open STDOUT,">$output"; + +if ($flavour =~ /64/) { + $LEVEL ="2.0W"; + $SIZE_T =8; + $FRAME_MARKER =80; + $SAVED_RP =16; + $PUSH ="std"; + $PUSHMA ="std,ma"; + $POP ="ldd"; + $POPMB ="ldd,mb"; + $BN_SZ =$SIZE_T; +} else { + $LEVEL ="1.1"; #$LEVEL.="\n\t.ALLOW\t2.0"; + $SIZE_T =4; + $FRAME_MARKER =48; + $SAVED_RP =20; + $PUSH ="stw"; + $PUSHMA ="stwm"; + $POP ="ldw"; + $POPMB ="ldwm"; + $BN_SZ =$SIZE_T; +} + +$FRAME=8*$SIZE_T+$FRAME_MARKER; # 8 saved regs + frame marker + # [+ argument transfer] +$LOCALS=$FRAME-$FRAME_MARKER; +$FRAME+=32; # local variables + +$tp="%r31"; +$ti1="%r29"; +$ti0="%r28"; + +$rp="%r26"; +$ap="%r25"; +$bp="%r24"; +$np="%r23"; +$n0="%r22"; # passed through stack in 32-bit +$num="%r21"; # passed through stack in 32-bit +$idx="%r20"; +$arrsz="%r19"; + +$nm1="%r7"; +$nm0="%r6"; +$ab1="%r5"; +$ab0="%r4"; + +$fp="%r3"; +$hi1="%r2"; +$hi0="%r1"; + +$xfer=$n0; # accomodates [-16..15] offset in fld[dw]s + +$fm0="%fr4"; $fti=$fm0; +$fbi="%fr5L"; +$fn0="%fr5R"; +$fai="%fr6"; $fab0="%fr7"; $fab1="%fr8"; +$fni="%fr9"; $fnm0="%fr10"; $fnm1="%fr11"; + +$code=<<___; + .LEVEL $LEVEL +#if 0 + .SPACE \$TEXT\$ + .SUBSPA \$CODE\$,QUAD=0,ALIGN=8,ACCESS=0x2C,CODE_ONLY +#else + .text +#endif + + .EXPORT bn_mul_mont,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR + .ALIGN 64 +bn_mul_mont + .PROC + .CALLINFO FRAME=`$FRAME-8*$SIZE_T`,NO_CALLS,SAVE_RP,SAVE_SP,ENTRY_GR=6 + .ENTRY + $PUSH %r2,-$SAVED_RP(%sp) ; standard prologue + $PUSHMA %r3,$FRAME(%sp) + $PUSH %r4,`-$FRAME+1*$SIZE_T`(%sp) + $PUSH %r5,`-$FRAME+2*$SIZE_T`(%sp) + $PUSH %r6,`-$FRAME+3*$SIZE_T`(%sp) + $PUSH %r7,`-$FRAME+4*$SIZE_T`(%sp) + $PUSH %r8,`-$FRAME+5*$SIZE_T`(%sp) + $PUSH %r9,`-$FRAME+6*$SIZE_T`(%sp) + $PUSH %r10,`-$FRAME+7*$SIZE_T`(%sp) + ldo -$FRAME(%sp),$fp +___ +$code.=<<___ if ($SIZE_T==4); + ldw `-$FRAME_MARKER-4`($fp),$n0 + ldw `-$FRAME_MARKER-8`($fp),$num + nop + nop ; alignment +___ +$code.=<<___ if ($BN_SZ==4); + comiclr,<= 6,$num,%r0 ; are vectors long enough? + b L\$abort + ldi 0,%r28 ; signal "unhandled" + add,ev %r0,$num,$num ; is $num even? + b L\$abort + nop + or $ap,$np,$ti1 + extru,= $ti1,31,3,%r0 ; are ap and np 64-bit aligned? + b L\$abort + nop + nop ; alignment + nop + + fldws 0($n0),${fn0} + fldws,ma 4($bp),${fbi} ; bp[0] +___ +$code.=<<___ if ($BN_SZ==8); + comib,> 3,$num,L\$abort ; are vectors long enough? + ldi 0,%r28 ; signal "unhandled" + addl $num,$num,$num ; I operate on 32-bit values + + fldws 4($n0),${fn0} ; only low part of n0 + fldws 4($bp),${fbi} ; bp[0] in flipped word order +___ +$code.=<<___; + fldds 0($ap),${fai} ; ap[0,1] + fldds 0($np),${fni} ; np[0,1] + + sh2addl $num,%r0,$arrsz + ldi 31,$hi0 + ldo 36($arrsz),$hi1 ; space for tp[num+1] + andcm $hi1,$hi0,$hi1 ; align + addl $hi1,%sp,%sp + $PUSH $fp,-$SIZE_T(%sp) + + ldo `$LOCALS+16`($fp),$xfer + ldo `$LOCALS+32+4`($fp),$tp + + xmpyu ${fai}L,${fbi},${fab0} ; ap[0]*bp[0] + xmpyu ${fai}R,${fbi},${fab1} ; ap[1]*bp[0] + xmpyu ${fn0},${fab0}R,${fm0} + + addl $arrsz,$ap,$ap ; point at the end + addl $arrsz,$np,$np + subi 0,$arrsz,$idx ; j=0 + ldo 8($idx),$idx ; j++++ + + xmpyu ${fni}L,${fm0}R,${fnm0} ; np[0]*m + xmpyu ${fni}R,${fm0}R,${fnm1} ; np[1]*m + fstds ${fab0},-16($xfer) + fstds ${fnm0},-8($xfer) + fstds ${fab1},0($xfer) + fstds ${fnm1},8($xfer) + flddx $idx($ap),${fai} ; ap[2,3] + flddx $idx($np),${fni} ; np[2,3] +___ +$code.=<<___ if ($BN_SZ==4); +#ifndef __OpenBSD__ + mtctl $hi0,%cr11 ; $hi0 still holds 31 + extrd,u,*= $hi0,%sar,1,$hi0 ; executes on PA-RISC 1.0 + b L\$parisc11 + nop +___ +$code.=<<___; # PA-RISC 2.0 code-path + xmpyu ${fai}L,${fbi},${fab0} ; ap[j]*bp[0] + xmpyu ${fni}L,${fm0}R,${fnm0} ; np[j]*m + ldd -16($xfer),$ab0 + fstds ${fab0},-16($xfer) + + extrd,u $ab0,31,32,$hi0 + extrd,u $ab0,63,32,$ab0 + ldd -8($xfer),$nm0 + fstds ${fnm0},-8($xfer) + ldo 8($idx),$idx ; j++++ + addl $ab0,$nm0,$nm0 ; low part is discarded + extrd,u $nm0,31,32,$hi1 + +L\$1st + xmpyu ${fai}R,${fbi},${fab1} ; ap[j+1]*bp[0] + xmpyu ${fni}R,${fm0}R,${fnm1} ; np[j+1]*m + ldd 0($xfer),$ab1 + fstds ${fab1},0($xfer) + addl $hi0,$ab1,$ab1 + extrd,u $ab1,31,32,$hi0 + ldd 8($xfer),$nm1 + fstds ${fnm1},8($xfer) + extrd,u $ab1,63,32,$ab1 + addl $hi1,$nm1,$nm1 + flddx $idx($ap),${fai} ; ap[j,j+1] + flddx $idx($np),${fni} ; np[j,j+1] + addl $ab1,$nm1,$nm1 + extrd,u $nm1,31,32,$hi1 + + xmpyu ${fai}L,${fbi},${fab0} ; ap[j]*bp[0] + xmpyu ${fni}L,${fm0}R,${fnm0} ; np[j]*m + ldd -16($xfer),$ab0 + fstds ${fab0},-16($xfer) + addl $hi0,$ab0,$ab0 + extrd,u $ab0,31,32,$hi0 + ldd -8($xfer),$nm0 + fstds ${fnm0},-8($xfer) + extrd,u $ab0,63,32,$ab0 + addl $hi1,$nm0,$nm0 + stw $nm1,-4($tp) ; tp[j-1] + addl $ab0,$nm0,$nm0 + stw,ma $nm0,8($tp) ; tp[j-1] + addib,<> 8,$idx,L\$1st ; j++++ + extrd,u $nm0,31,32,$hi1 + + xmpyu ${fai}R,${fbi},${fab1} ; ap[j]*bp[0] + xmpyu ${fni}R,${fm0}R,${fnm1} ; np[j]*m + ldd 0($xfer),$ab1 + fstds ${fab1},0($xfer) + addl $hi0,$ab1,$ab1 + extrd,u $ab1,31,32,$hi0 + ldd 8($xfer),$nm1 + fstds ${fnm1},8($xfer) + extrd,u $ab1,63,32,$ab1 + addl $hi1,$nm1,$nm1 + ldd -16($xfer),$ab0 + addl $ab1,$nm1,$nm1 + ldd -8($xfer),$nm0 + extrd,u $nm1,31,32,$hi1 + + addl $hi0,$ab0,$ab0 + extrd,u $ab0,31,32,$hi0 + stw $nm1,-4($tp) ; tp[j-1] + extrd,u $ab0,63,32,$ab0 + addl $hi1,$nm0,$nm0 + ldd 0($xfer),$ab1 + addl $ab0,$nm0,$nm0 + ldd,mb 8($xfer),$nm1 + extrd,u $nm0,31,32,$hi1 + stw,ma $nm0,8($tp) ; tp[j-1] + + ldo -1($num),$num ; i-- + subi 0,$arrsz,$idx ; j=0 +___ +$code.=<<___ if ($BN_SZ==4); + fldws,ma 4($bp),${fbi} ; bp[1] +___ +$code.=<<___ if ($BN_SZ==8); + fldws 0($bp),${fbi} ; bp[1] in flipped word order +___ +$code.=<<___; + flddx $idx($ap),${fai} ; ap[0,1] + flddx $idx($np),${fni} ; np[0,1] + fldws 8($xfer),${fti}R ; tp[0] + addl $hi0,$ab1,$ab1 + extrd,u $ab1,31,32,$hi0 + extrd,u $ab1,63,32,$ab1 + ldo 8($idx),$idx ; j++++ + xmpyu ${fai}L,${fbi},${fab0} ; ap[0]*bp[1] + xmpyu ${fai}R,${fbi},${fab1} ; ap[1]*bp[1] + addl $hi1,$nm1,$nm1 + addl $ab1,$nm1,$nm1 + extrd,u $nm1,31,32,$hi1 + fstws,mb ${fab0}L,-8($xfer) ; save high part + stw $nm1,-4($tp) ; tp[j-1] + + fcpy,sgl %fr0,${fti}L ; zero high part + fcpy,sgl %fr0,${fab0}L + addl $hi1,$hi0,$hi0 + extrd,u $hi0,31,32,$hi1 + fcnvxf,dbl,dbl ${fti},${fti} ; 32-bit unsigned int -> double + fcnvxf,dbl,dbl ${fab0},${fab0} + stw $hi0,0($tp) + stw $hi1,4($tp) + + fadd,dbl ${fti},${fab0},${fab0} ; add tp[0] + fcnvfx,dbl,dbl ${fab0},${fab0} ; double -> 33-bit unsigned int + xmpyu ${fn0},${fab0}R,${fm0} + ldo `$LOCALS+32+4`($fp),$tp +L\$outer + xmpyu ${fni}L,${fm0}R,${fnm0} ; np[0]*m + xmpyu ${fni}R,${fm0}R,${fnm1} ; np[1]*m + fstds ${fab0},-16($xfer) ; 33-bit value + fstds ${fnm0},-8($xfer) + flddx $idx($ap),${fai} ; ap[2] + flddx $idx($np),${fni} ; np[2] + ldo 8($idx),$idx ; j++++ + ldd -16($xfer),$ab0 ; 33-bit value + ldd -8($xfer),$nm0 + ldw 0($xfer),$hi0 ; high part + + xmpyu ${fai}L,${fbi},${fab0} ; ap[j]*bp[i] + xmpyu ${fni}L,${fm0}R,${fnm0} ; np[j]*m + extrd,u $ab0,31,32,$ti0 ; carry bit + extrd,u $ab0,63,32,$ab0 + fstds ${fab1},0($xfer) + addl $ti0,$hi0,$hi0 ; account carry bit + fstds ${fnm1},8($xfer) + addl $ab0,$nm0,$nm0 ; low part is discarded + ldw 0($tp),$ti1 ; tp[1] + extrd,u $nm0,31,32,$hi1 + fstds ${fab0},-16($xfer) + fstds ${fnm0},-8($xfer) + +L\$inner + xmpyu ${fai}R,${fbi},${fab1} ; ap[j+1]*bp[i] + xmpyu ${fni}R,${fm0}R,${fnm1} ; np[j+1]*m + ldd 0($xfer),$ab1 + fstds ${fab1},0($xfer) + addl $hi0,$ti1,$ti1 + addl $ti1,$ab1,$ab1 + ldd 8($xfer),$nm1 + fstds ${fnm1},8($xfer) + extrd,u $ab1,31,32,$hi0 + extrd,u $ab1,63,32,$ab1 + flddx $idx($ap),${fai} ; ap[j,j+1] + flddx $idx($np),${fni} ; np[j,j+1] + addl $hi1,$nm1,$nm1 + addl $ab1,$nm1,$nm1 + ldw 4($tp),$ti0 ; tp[j] + stw $nm1,-4($tp) ; tp[j-1] + + xmpyu ${fai}L,${fbi},${fab0} ; ap[j]*bp[i] + xmpyu ${fni}L,${fm0}R,${fnm0} ; np[j]*m + ldd -16($xfer),$ab0 + fstds ${fab0},-16($xfer) + addl $hi0,$ti0,$ti0 + addl $ti0,$ab0,$ab0 + ldd -8($xfer),$nm0 + fstds ${fnm0},-8($xfer) + extrd,u $ab0,31,32,$hi0 + extrd,u $nm1,31,32,$hi1 + ldw 8($tp),$ti1 ; tp[j] + extrd,u $ab0,63,32,$ab0 + addl $hi1,$nm0,$nm0 + addl $ab0,$nm0,$nm0 + stw,ma $nm0,8($tp) ; tp[j-1] + addib,<> 8,$idx,L\$inner ; j++++ + extrd,u $nm0,31,32,$hi1 + + xmpyu ${fai}R,${fbi},${fab1} ; ap[j]*bp[i] + xmpyu ${fni}R,${fm0}R,${fnm1} ; np[j]*m + ldd 0($xfer),$ab1 + fstds ${fab1},0($xfer) + addl $hi0,$ti1,$ti1 + addl $ti1,$ab1,$ab1 + ldd 8($xfer),$nm1 + fstds ${fnm1},8($xfer) + extrd,u $ab1,31,32,$hi0 + extrd,u $ab1,63,32,$ab1 + ldw 4($tp),$ti0 ; tp[j] + addl $hi1,$nm1,$nm1 + addl $ab1,$nm1,$nm1 + ldd -16($xfer),$ab0 + ldd -8($xfer),$nm0 + extrd,u $nm1,31,32,$hi1 + + addl $hi0,$ab0,$ab0 + addl $ti0,$ab0,$ab0 + stw $nm1,-4($tp) ; tp[j-1] + extrd,u $ab0,31,32,$hi0 + ldw 8($tp),$ti1 ; tp[j] + extrd,u $ab0,63,32,$ab0 + addl $hi1,$nm0,$nm0 + ldd 0($xfer),$ab1 + addl $ab0,$nm0,$nm0 + ldd,mb 8($xfer),$nm1 + extrd,u $nm0,31,32,$hi1 + stw,ma $nm0,8($tp) ; tp[j-1] + + addib,= -1,$num,L\$outerdone ; i-- + subi 0,$arrsz,$idx ; j=0 +___ +$code.=<<___ if ($BN_SZ==4); + fldws,ma 4($bp),${fbi} ; bp[i] +___ +$code.=<<___ if ($BN_SZ==8); + ldi 12,$ti0 ; bp[i] in flipped word order + addl,ev %r0,$num,$num + ldi -4,$ti0 + addl $ti0,$bp,$bp + fldws 0($bp),${fbi} +___ +$code.=<<___; + flddx $idx($ap),${fai} ; ap[0] + addl $hi0,$ab1,$ab1 + flddx $idx($np),${fni} ; np[0] + fldws 8($xfer),${fti}R ; tp[0] + addl $ti1,$ab1,$ab1 + extrd,u $ab1,31,32,$hi0 + extrd,u $ab1,63,32,$ab1 + + ldo 8($idx),$idx ; j++++ + xmpyu ${fai}L,${fbi},${fab0} ; ap[0]*bp[i] + xmpyu ${fai}R,${fbi},${fab1} ; ap[1]*bp[i] + ldw 4($tp),$ti0 ; tp[j] + + addl $hi1,$nm1,$nm1 + fstws,mb ${fab0}L,-8($xfer) ; save high part + addl $ab1,$nm1,$nm1 + extrd,u $nm1,31,32,$hi1 + fcpy,sgl %fr0,${fti}L ; zero high part + fcpy,sgl %fr0,${fab0}L + stw $nm1,-4($tp) ; tp[j-1] + + fcnvxf,dbl,dbl ${fti},${fti} ; 32-bit unsigned int -> double + fcnvxf,dbl,dbl ${fab0},${fab0} + addl $hi1,$hi0,$hi0 + fadd,dbl ${fti},${fab0},${fab0} ; add tp[0] + addl $ti0,$hi0,$hi0 + extrd,u $hi0,31,32,$hi1 + fcnvfx,dbl,dbl ${fab0},${fab0} ; double -> 33-bit unsigned int + stw $hi0,0($tp) + stw $hi1,4($tp) + xmpyu ${fn0},${fab0}R,${fm0} + + b L\$outer + ldo `$LOCALS+32+4`($fp),$tp + +L\$outerdone + addl $hi0,$ab1,$ab1 + addl $ti1,$ab1,$ab1 + extrd,u $ab1,31,32,$hi0 + extrd,u $ab1,63,32,$ab1 + + ldw 4($tp),$ti0 ; tp[j] + + addl $hi1,$nm1,$nm1 + addl $ab1,$nm1,$nm1 + extrd,u $nm1,31,32,$hi1 + stw $nm1,-4($tp) ; tp[j-1] + + addl $hi1,$hi0,$hi0 + addl $ti0,$hi0,$hi0 + extrd,u $hi0,31,32,$hi1 + stw $hi0,0($tp) + stw $hi1,4($tp) + + ldo `$LOCALS+32`($fp),$tp + sub %r0,%r0,%r0 ; clear borrow +___ +$code.=<<___ if ($BN_SZ==4); + ldws,ma 4($tp),$ti0 + extru,= $rp,31,3,%r0 ; is rp 64-bit aligned? + b L\$sub_pa11 + addl $tp,$arrsz,$tp +L\$sub + ldwx $idx($np),$hi0 + subb $ti0,$hi0,$hi1 + ldwx $idx($tp),$ti0 + addib,<> 4,$idx,L\$sub + stws,ma $hi1,4($rp) + + subb $ti0,%r0,$hi1 + ldo -4($tp),$tp +___ +$code.=<<___ if ($BN_SZ==8); + ldd,ma 8($tp),$ti0 +L\$sub + ldd $idx($np),$hi0 + shrpd $ti0,$ti0,32,$ti0 ; flip word order + std $ti0,-8($tp) ; save flipped value + sub,db $ti0,$hi0,$hi1 + ldd,ma 8($tp),$ti0 + addib,<> 8,$idx,L\$sub + std,ma $hi1,8($rp) + + extrd,u $ti0,31,32,$ti0 ; carry in flipped word order + sub,db $ti0,%r0,$hi1 + ldo -8($tp),$tp +___ +$code.=<<___; + and $tp,$hi1,$ap + andcm $rp,$hi1,$bp + or $ap,$bp,$np + + sub $rp,$arrsz,$rp ; rewind rp + subi 0,$arrsz,$idx + ldo `$LOCALS+32`($fp),$tp +L\$copy + ldd $idx($np),$hi0 + std,ma %r0,8($tp) + addib,<> 8,$idx,.-8 ; L\$copy + std,ma $hi0,8($rp) +___ + +if ($BN_SZ==4) { # PA-RISC 1.1 code-path +$ablo=$ab0; +$abhi=$ab1; +$nmlo0=$nm0; +$nmhi0=$nm1; +$nmlo1="%r9"; +$nmhi1="%r8"; + +$code.=<<___; + b L\$done + nop + + .ALIGN 8 +L\$parisc11 +#endif + xmpyu ${fai}L,${fbi},${fab0} ; ap[j]*bp[0] + xmpyu ${fni}L,${fm0}R,${fnm0} ; np[j]*m + ldw -12($xfer),$ablo + ldw -16($xfer),$hi0 + ldw -4($xfer),$nmlo0 + ldw -8($xfer),$nmhi0 + fstds ${fab0},-16($xfer) + fstds ${fnm0},-8($xfer) + + ldo 8($idx),$idx ; j++++ + add $ablo,$nmlo0,$nmlo0 ; discarded + addc %r0,$nmhi0,$hi1 + ldw 4($xfer),$ablo + ldw 0($xfer),$abhi + nop + +L\$1st_pa11 + xmpyu ${fai}R,${fbi},${fab1} ; ap[j+1]*bp[0] + flddx $idx($ap),${fai} ; ap[j,j+1] + xmpyu ${fni}R,${fm0}R,${fnm1} ; np[j+1]*m + flddx $idx($np),${fni} ; np[j,j+1] + add $hi0,$ablo,$ablo + ldw 12($xfer),$nmlo1 + addc %r0,$abhi,$hi0 + ldw 8($xfer),$nmhi1 + add $ablo,$nmlo1,$nmlo1 + fstds ${fab1},0($xfer) + addc %r0,$nmhi1,$nmhi1 + fstds ${fnm1},8($xfer) + add $hi1,$nmlo1,$nmlo1 + ldw -12($xfer),$ablo + addc %r0,$nmhi1,$hi1 + ldw -16($xfer),$abhi + + xmpyu ${fai}L,${fbi},${fab0} ; ap[j]*bp[0] + ldw -4($xfer),$nmlo0 + xmpyu ${fni}L,${fm0}R,${fnm0} ; np[j]*m + ldw -8($xfer),$nmhi0 + add $hi0,$ablo,$ablo + stw $nmlo1,-4($tp) ; tp[j-1] + addc %r0,$abhi,$hi0 + fstds ${fab0},-16($xfer) + add $ablo,$nmlo0,$nmlo0 + fstds ${fnm0},-8($xfer) + addc %r0,$nmhi0,$nmhi0 + ldw 0($xfer),$abhi + add $hi1,$nmlo0,$nmlo0 + ldw 4($xfer),$ablo + stws,ma $nmlo0,8($tp) ; tp[j-1] + addib,<> 8,$idx,L\$1st_pa11 ; j++++ + addc %r0,$nmhi0,$hi1 + + ldw 8($xfer),$nmhi1 + ldw 12($xfer),$nmlo1 + xmpyu ${fai}R,${fbi},${fab1} ; ap[j]*bp[0] + xmpyu ${fni}R,${fm0}R,${fnm1} ; np[j]*m + add $hi0,$ablo,$ablo + fstds ${fab1},0($xfer) + addc %r0,$abhi,$hi0 + fstds ${fnm1},8($xfer) + add $ablo,$nmlo1,$nmlo1 + ldw -16($xfer),$abhi + addc %r0,$nmhi1,$nmhi1 + ldw -12($xfer),$ablo + add $hi1,$nmlo1,$nmlo1 + ldw -8($xfer),$nmhi0 + addc %r0,$nmhi1,$hi1 + ldw -4($xfer),$nmlo0 + + add $hi0,$ablo,$ablo + stw $nmlo1,-4($tp) ; tp[j-1] + addc %r0,$abhi,$hi0 + ldw 0($xfer),$abhi + add $ablo,$nmlo0,$nmlo0 + ldw 4($xfer),$ablo + addc %r0,$nmhi0,$nmhi0 + ldws,mb 8($xfer),$nmhi1 + add $hi1,$nmlo0,$nmlo0 + ldw 4($xfer),$nmlo1 + addc %r0,$nmhi0,$hi1 + stws,ma $nmlo0,8($tp) ; tp[j-1] + + ldo -1($num),$num ; i-- + subi 0,$arrsz,$idx ; j=0 + + fldws,ma 4($bp),${fbi} ; bp[1] + flddx $idx($ap),${fai} ; ap[0,1] + flddx $idx($np),${fni} ; np[0,1] + fldws 8($xfer),${fti}R ; tp[0] + add $hi0,$ablo,$ablo + addc %r0,$abhi,$hi0 + ldo 8($idx),$idx ; j++++ + xmpyu ${fai}L,${fbi},${fab0} ; ap[0]*bp[1] + xmpyu ${fai}R,${fbi},${fab1} ; ap[1]*bp[1] + add $hi1,$nmlo1,$nmlo1 + addc %r0,$nmhi1,$nmhi1 + add $ablo,$nmlo1,$nmlo1 + addc %r0,$nmhi1,$hi1 + fstws,mb ${fab0}L,-8($xfer) ; save high part + stw $nmlo1,-4($tp) ; tp[j-1] + + fcpy,sgl %fr0,${fti}L ; zero high part + fcpy,sgl %fr0,${fab0}L + add $hi1,$hi0,$hi0 + addc %r0,%r0,$hi1 + fcnvxf,dbl,dbl ${fti},${fti} ; 32-bit unsigned int -> double + fcnvxf,dbl,dbl ${fab0},${fab0} + stw $hi0,0($tp) + stw $hi1,4($tp) + + fadd,dbl ${fti},${fab0},${fab0} ; add tp[0] + fcnvfx,dbl,dbl ${fab0},${fab0} ; double -> 33-bit unsigned int + xmpyu ${fn0},${fab0}R,${fm0} + ldo `$LOCALS+32+4`($fp),$tp +L\$outer_pa11 + xmpyu ${fni}L,${fm0}R,${fnm0} ; np[0]*m + xmpyu ${fni}R,${fm0}R,${fnm1} ; np[1]*m + fstds ${fab0},-16($xfer) ; 33-bit value + fstds ${fnm0},-8($xfer) + flddx $idx($ap),${fai} ; ap[2,3] + flddx $idx($np),${fni} ; np[2,3] + ldw -16($xfer),$abhi ; carry bit actually + ldo 8($idx),$idx ; j++++ + ldw -12($xfer),$ablo + ldw -8($xfer),$nmhi0 + ldw -4($xfer),$nmlo0 + ldw 0($xfer),$hi0 ; high part + + xmpyu ${fai}L,${fbi},${fab0} ; ap[j]*bp[i] + xmpyu ${fni}L,${fm0}R,${fnm0} ; np[j]*m + fstds ${fab1},0($xfer) + addl $abhi,$hi0,$hi0 ; account carry bit + fstds ${fnm1},8($xfer) + add $ablo,$nmlo0,$nmlo0 ; discarded + ldw 0($tp),$ti1 ; tp[1] + addc %r0,$nmhi0,$hi1 + fstds ${fab0},-16($xfer) + fstds ${fnm0},-8($xfer) + ldw 4($xfer),$ablo + ldw 0($xfer),$abhi + +L\$inner_pa11 + xmpyu ${fai}R,${fbi},${fab1} ; ap[j+1]*bp[i] + flddx $idx($ap),${fai} ; ap[j,j+1] + xmpyu ${fni}R,${fm0}R,${fnm1} ; np[j+1]*m + flddx $idx($np),${fni} ; np[j,j+1] + add $hi0,$ablo,$ablo + ldw 4($tp),$ti0 ; tp[j] + addc %r0,$abhi,$abhi + ldw 12($xfer),$nmlo1 + add $ti1,$ablo,$ablo + ldw 8($xfer),$nmhi1 + addc %r0,$abhi,$hi0 + fstds ${fab1},0($xfer) + add $ablo,$nmlo1,$nmlo1 + fstds ${fnm1},8($xfer) + addc %r0,$nmhi1,$nmhi1 + ldw -12($xfer),$ablo + add $hi1,$nmlo1,$nmlo1 + ldw -16($xfer),$abhi + addc %r0,$nmhi1,$hi1 + + xmpyu ${fai}L,${fbi},${fab0} ; ap[j]*bp[i] + ldw 8($tp),$ti1 ; tp[j] + xmpyu ${fni}L,${fm0}R,${fnm0} ; np[j]*m + ldw -4($xfer),$nmlo0 + add $hi0,$ablo,$ablo + ldw -8($xfer),$nmhi0 + addc %r0,$abhi,$abhi + stw $nmlo1,-4($tp) ; tp[j-1] + add $ti0,$ablo,$ablo + fstds ${fab0},-16($xfer) + addc %r0,$abhi,$hi0 + fstds ${fnm0},-8($xfer) + add $ablo,$nmlo0,$nmlo0 + ldw 4($xfer),$ablo + addc %r0,$nmhi0,$nmhi0 + ldw 0($xfer),$abhi + add $hi1,$nmlo0,$nmlo0 + stws,ma $nmlo0,8($tp) ; tp[j-1] + addib,<> 8,$idx,L\$inner_pa11 ; j++++ + addc %r0,$nmhi0,$hi1 + + xmpyu ${fai}R,${fbi},${fab1} ; ap[j]*bp[i] + ldw 12($xfer),$nmlo1 + xmpyu ${fni}R,${fm0}R,${fnm1} ; np[j]*m + ldw 8($xfer),$nmhi1 + add $hi0,$ablo,$ablo + ldw 4($tp),$ti0 ; tp[j] + addc %r0,$abhi,$abhi + fstds ${fab1},0($xfer) + add $ti1,$ablo,$ablo + fstds ${fnm1},8($xfer) + addc %r0,$abhi,$hi0 + ldw -16($xfer),$abhi + add $ablo,$nmlo1,$nmlo1 + ldw -12($xfer),$ablo + addc %r0,$nmhi1,$nmhi1 + ldw -8($xfer),$nmhi0 + add $hi1,$nmlo1,$nmlo1 + ldw -4($xfer),$nmlo0 + addc %r0,$nmhi1,$hi1 + + add $hi0,$ablo,$ablo + stw $nmlo1,-4($tp) ; tp[j-1] + addc %r0,$abhi,$abhi + add $ti0,$ablo,$ablo + ldw 8($tp),$ti1 ; tp[j] + addc %r0,$abhi,$hi0 + ldw 0($xfer),$abhi + add $ablo,$nmlo0,$nmlo0 + ldw 4($xfer),$ablo + addc %r0,$nmhi0,$nmhi0 + ldws,mb 8($xfer),$nmhi1 + add $hi1,$nmlo0,$nmlo0 + ldw 4($xfer),$nmlo1 + addc %r0,$nmhi0,$hi1 + stws,ma $nmlo0,8($tp) ; tp[j-1] + + addib,= -1,$num,L\$outerdone_pa11; i-- + subi 0,$arrsz,$idx ; j=0 + + fldws,ma 4($bp),${fbi} ; bp[i] + flddx $idx($ap),${fai} ; ap[0] + add $hi0,$ablo,$ablo + addc %r0,$abhi,$abhi + flddx $idx($np),${fni} ; np[0] + fldws 8($xfer),${fti}R ; tp[0] + add $ti1,$ablo,$ablo + addc %r0,$abhi,$hi0 + + ldo 8($idx),$idx ; j++++ + xmpyu ${fai}L,${fbi},${fab0} ; ap[0]*bp[i] + xmpyu ${fai}R,${fbi},${fab1} ; ap[1]*bp[i] + ldw 4($tp),$ti0 ; tp[j] + + add $hi1,$nmlo1,$nmlo1 + addc %r0,$nmhi1,$nmhi1 + fstws,mb ${fab0}L,-8($xfer) ; save high part + add $ablo,$nmlo1,$nmlo1 + addc %r0,$nmhi1,$hi1 + fcpy,sgl %fr0,${fti}L ; zero high part + fcpy,sgl %fr0,${fab0}L + stw $nmlo1,-4($tp) ; tp[j-1] + + fcnvxf,dbl,dbl ${fti},${fti} ; 32-bit unsigned int -> double + fcnvxf,dbl,dbl ${fab0},${fab0} + add $hi1,$hi0,$hi0 + addc %r0,%r0,$hi1 + fadd,dbl ${fti},${fab0},${fab0} ; add tp[0] + add $ti0,$hi0,$hi0 + addc %r0,$hi1,$hi1 + fcnvfx,dbl,dbl ${fab0},${fab0} ; double -> 33-bit unsigned int + stw $hi0,0($tp) + stw $hi1,4($tp) + xmpyu ${fn0},${fab0}R,${fm0} + + b L\$outer_pa11 + ldo `$LOCALS+32+4`($fp),$tp + +L\$outerdone_pa11 + add $hi0,$ablo,$ablo + addc %r0,$abhi,$abhi + add $ti1,$ablo,$ablo + addc %r0,$abhi,$hi0 + + ldw 4($tp),$ti0 ; tp[j] + + add $hi1,$nmlo1,$nmlo1 + addc %r0,$nmhi1,$nmhi1 + add $ablo,$nmlo1,$nmlo1 + addc %r0,$nmhi1,$hi1 + stw $nmlo1,-4($tp) ; tp[j-1] + + add $hi1,$hi0,$hi0 + addc %r0,%r0,$hi1 + add $ti0,$hi0,$hi0 + addc %r0,$hi1,$hi1 + stw $hi0,0($tp) + stw $hi1,4($tp) + + ldo `$LOCALS+32+4`($fp),$tp + sub %r0,%r0,%r0 ; clear borrow + ldw -4($tp),$ti0 + addl $tp,$arrsz,$tp +L\$sub_pa11 + ldwx $idx($np),$hi0 + subb $ti0,$hi0,$hi1 + ldwx $idx($tp),$ti0 + addib,<> 4,$idx,L\$sub_pa11 + stws,ma $hi1,4($rp) + + subb $ti0,%r0,$hi1 + ldo -4($tp),$tp + and $tp,$hi1,$ap + andcm $rp,$hi1,$bp + or $ap,$bp,$np + + sub $rp,$arrsz,$rp ; rewind rp + subi 0,$arrsz,$idx + ldo `$LOCALS+32`($fp),$tp +L\$copy_pa11 + ldwx $idx($np),$hi0 + stws,ma %r0,4($tp) + addib,<> 4,$idx,L\$copy_pa11 + stws,ma $hi0,4($rp) + + nop ; alignment +L\$done +___ +} + +$code.=<<___; + ldi 1,%r28 ; signal "handled" + ldo $FRAME($fp),%sp ; destroy tp[num+1] + + $POP `-$FRAME-$SAVED_RP`(%sp),%r2 ; standard epilogue + $POP `-$FRAME+1*$SIZE_T`(%sp),%r4 + $POP `-$FRAME+2*$SIZE_T`(%sp),%r5 + $POP `-$FRAME+3*$SIZE_T`(%sp),%r6 + $POP `-$FRAME+4*$SIZE_T`(%sp),%r7 + $POP `-$FRAME+5*$SIZE_T`(%sp),%r8 + $POP `-$FRAME+6*$SIZE_T`(%sp),%r9 + $POP `-$FRAME+7*$SIZE_T`(%sp),%r10 +L\$abort + bv (%r2) + .EXIT + $POPMB -$FRAME(%sp),%r3 + .PROCEND + + .data + .STRINGZ "Montgomery Multiplication for PA-RISC, CRYPTOGAMS by " +___ + +# Explicitly encode PA-RISC 2.0 instructions used in this module, so +# that it can be compiled with .LEVEL 1.0. It should be noted that I +# wouldn't have to do this, if GNU assembler understood .ALLOW 2.0 +# directive... + +my $ldd = sub { + my ($mod,$args) = @_; + my $orig = "ldd$mod\t$args"; + + if ($args =~ /%r([0-9]+)\(%r([0-9]+)\),%r([0-9]+)/) # format 4 + { my $opcode=(0x03<<26)|($2<<21)|($1<<16)|(3<<6)|$3; + sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig; + } + elsif ($args =~ /(\-?[0-9]+)\(%r([0-9]+)\),%r([0-9]+)/) # format 5 + { my $opcode=(0x03<<26)|($2<<21)|(1<<12)|(3<<6)|$3; + $opcode|=(($1&0xF)<<17)|(($1&0x10)<<12); # encode offset + $opcode|=(1<<5) if ($mod =~ /^,m/); + $opcode|=(1<<13) if ($mod =~ /^,mb/); + sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig; + } + else { "\t".$orig; } +}; + +my $std = sub { + my ($mod,$args) = @_; + my $orig = "std$mod\t$args"; + + if ($args =~ /%r([0-9]+),(\-?[0-9]+)\(%r([0-9]+)\)/) # format 6 + { my $opcode=(0x03<<26)|($3<<21)|($1<<16)|(1<<12)|(0xB<<6); + $opcode|=(($2&0xF)<<1)|(($2&0x10)>>4); # encode offset + $opcode|=(1<<5) if ($mod =~ /^,m/); + $opcode|=(1<<13) if ($mod =~ /^,mb/); + sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig; + } + else { "\t".$orig; } +}; + +my $extrd = sub { + my ($mod,$args) = @_; + my $orig = "extrd$mod\t$args"; + + # I only have ",u" completer, it's implicitly encoded... + if ($args =~ /%r([0-9]+),([0-9]+),([0-9]+),%r([0-9]+)/) # format 15 + { my $opcode=(0x36<<26)|($1<<21)|($4<<16); + my $len=32-$3; + $opcode |= (($2&0x20)<<6)|(($2&0x1f)<<5); # encode pos + $opcode |= (($len&0x20)<<7)|($len&0x1f); # encode len + sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig; + } + elsif ($args =~ /%r([0-9]+),%sar,([0-9]+),%r([0-9]+)/) # format 12 + { my $opcode=(0x34<<26)|($1<<21)|($3<<16)|(2<<11)|(1<<9); + my $len=32-$2; + $opcode |= (($len&0x20)<<3)|($len&0x1f); # encode len + $opcode |= (1<<13) if ($mod =~ /,\**=/); + sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig; + } + else { "\t".$orig; } +}; + +my $shrpd = sub { + my ($mod,$args) = @_; + my $orig = "shrpd$mod\t$args"; + + if ($args =~ /%r([0-9]+),%r([0-9]+),([0-9]+),%r([0-9]+)/) # format 14 + { my $opcode=(0x34<<26)|($2<<21)|($1<<16)|(1<<10)|$4; + my $cpos=63-$3; + $opcode |= (($cpos&0x20)<<6)|(($cpos&0x1f)<<5); # encode sa + sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig; + } + else { "\t".$orig; } +}; + +my $sub = sub { + my ($mod,$args) = @_; + my $orig = "sub$mod\t$args"; + + if ($mod eq ",db" && $args =~ /%r([0-9]+),%r([0-9]+),%r([0-9]+)/) { + my $opcode=(0x02<<26)|($2<<21)|($1<<16)|$3; + $opcode|=(1<<10); # e1 + $opcode|=(1<<8); # e2 + $opcode|=(1<<5); # d + sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig + } + else { "\t".$orig; } +}; + +sub assemble { + my ($mnemonic,$mod,$args)=@_; + my $opcode = eval("\$$mnemonic"); + + ref($opcode) eq 'CODE' ? &$opcode($mod,$args) : "\t$mnemonic$mod\t$args"; +} + +foreach (split("\n",$code)) { + s/\`([^\`]*)\`/eval $1/ge; + # flip word order in 64-bit mode... + s/(xmpyu\s+)($fai|$fni)([LR])/$1.$2.($3 eq "L"?"R":"L")/e if ($BN_SZ==8); + # assemble 2.0 instructions in 32-bit mode... + s/^\s+([a-z]+)([\S]*)\s+([\S]*)/&assemble($1,$2,$3)/e if ($BN_SZ==4); + + s/\bbv\b/bve/gm if ($SIZE_T==8); + + print $_,"\n"; +} +close STDOUT; diff --git a/src/lib/libcrypto/bn/asm/ppc-mont.pl b/src/lib/libcrypto/bn/asm/ppc-mont.pl new file mode 100644 index 00000000000..f9b6992ccc8 --- /dev/null +++ b/src/lib/libcrypto/bn/asm/ppc-mont.pl @@ -0,0 +1,334 @@ +#!/usr/bin/env perl + +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# April 2006 + +# "Teaser" Montgomery multiplication module for PowerPC. It's possible +# to gain a bit more by modulo-scheduling outer loop, then dedicated +# squaring procedure should give further 20% and code can be adapted +# for 32-bit application running on 64-bit CPU. As for the latter. +# It won't be able to achieve "native" 64-bit performance, because in +# 32-bit application context every addc instruction will have to be +# expanded as addc, twice right shift by 32 and finally adde, etc. +# So far RSA *sign* performance improvement over pre-bn_mul_mont asm +# for 64-bit application running on PPC970/G5 is: +# +# 512-bit +65% +# 1024-bit +35% +# 2048-bit +18% +# 4096-bit +4% + +$flavour = shift; + +if ($flavour =~ /32/) { + $BITS= 32; + $BNSZ= $BITS/8; + $SIZE_T=4; + $RZONE= 224; + + $LD= "lwz"; # load + $LDU= "lwzu"; # load and update + $LDX= "lwzx"; # load indexed + $ST= "stw"; # store + $STU= "stwu"; # store and update + $STX= "stwx"; # store indexed + $STUX= "stwux"; # store indexed and update + $UMULL= "mullw"; # unsigned multiply low + $UMULH= "mulhwu"; # unsigned multiply high + $UCMP= "cmplw"; # unsigned compare + $SHRI= "srwi"; # unsigned shift right by immediate + $PUSH= $ST; + $POP= $LD; +} elsif ($flavour =~ /64/) { + $BITS= 64; + $BNSZ= $BITS/8; + $SIZE_T=8; + $RZONE= 288; + + # same as above, but 64-bit mnemonics... + $LD= "ld"; # load + $LDU= "ldu"; # load and update + $LDX= "ldx"; # load indexed + $ST= "std"; # store + $STU= "stdu"; # store and update + $STX= "stdx"; # store indexed + $STUX= "stdux"; # store indexed and update + $UMULL= "mulld"; # unsigned multiply low + $UMULH= "mulhdu"; # unsigned multiply high + $UCMP= "cmpld"; # unsigned compare + $SHRI= "srdi"; # unsigned shift right by immediate + $PUSH= $ST; + $POP= $LD; +} else { die "nonsense $flavour"; } + +$FRAME=8*$SIZE_T+$RZONE; +$LOCALS=8*$SIZE_T; + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or +die "can't locate ppc-xlate.pl"; + +open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!"; + +$sp="r1"; +$toc="r2"; +$rp="r3"; $ovf="r3"; +$ap="r4"; +$bp="r5"; +$np="r6"; +$n0="r7"; +$num="r8"; +$rp="r9"; # $rp is reassigned +$aj="r10"; +$nj="r11"; +$tj="r12"; +# non-volatile registers +$i="r20"; +$j="r21"; +$tp="r22"; +$m0="r23"; +$m1="r24"; +$lo0="r25"; +$hi0="r26"; +$lo1="r27"; +$hi1="r28"; +$alo="r29"; +$ahi="r30"; +$nlo="r31"; +# +$nhi="r0"; + +$code=<<___; +.machine "any" +.text + +.globl .bn_mul_mont_int +.align 4 +.bn_mul_mont_int: + cmpwi $num,4 + mr $rp,r3 ; $rp is reassigned + li r3,0 + bltlr +___ +$code.=<<___ if ($BNSZ==4); + cmpwi $num,32 ; longer key performance is not better + bgelr +___ +$code.=<<___; + slwi $num,$num,`log($BNSZ)/log(2)` + li $tj,-4096 + addi $ovf,$num,$FRAME + subf $ovf,$ovf,$sp ; $sp-$ovf + and $ovf,$ovf,$tj ; minimize TLB usage + subf $ovf,$sp,$ovf ; $ovf-$sp + mr $tj,$sp + srwi $num,$num,`log($BNSZ)/log(2)` + $STUX $sp,$sp,$ovf + + $PUSH r20,`-12*$SIZE_T`($tj) + $PUSH r21,`-11*$SIZE_T`($tj) + $PUSH r22,`-10*$SIZE_T`($tj) + $PUSH r23,`-9*$SIZE_T`($tj) + $PUSH r24,`-8*$SIZE_T`($tj) + $PUSH r25,`-7*$SIZE_T`($tj) + $PUSH r26,`-6*$SIZE_T`($tj) + $PUSH r27,`-5*$SIZE_T`($tj) + $PUSH r28,`-4*$SIZE_T`($tj) + $PUSH r29,`-3*$SIZE_T`($tj) + $PUSH r30,`-2*$SIZE_T`($tj) + $PUSH r31,`-1*$SIZE_T`($tj) + + $LD $n0,0($n0) ; pull n0[0] value + addi $num,$num,-2 ; adjust $num for counter register + + $LD $m0,0($bp) ; m0=bp[0] + $LD $aj,0($ap) ; ap[0] + addi $tp,$sp,$LOCALS + $UMULL $lo0,$aj,$m0 ; ap[0]*bp[0] + $UMULH $hi0,$aj,$m0 + + $LD $aj,$BNSZ($ap) ; ap[1] + $LD $nj,0($np) ; np[0] + + $UMULL $m1,$lo0,$n0 ; "tp[0]"*n0 + + $UMULL $alo,$aj,$m0 ; ap[1]*bp[0] + $UMULH $ahi,$aj,$m0 + + $UMULL $lo1,$nj,$m1 ; np[0]*m1 + $UMULH $hi1,$nj,$m1 + $LD $nj,$BNSZ($np) ; np[1] + addc $lo1,$lo1,$lo0 + addze $hi1,$hi1 + + $UMULL $nlo,$nj,$m1 ; np[1]*m1 + $UMULH $nhi,$nj,$m1 + + mtctr $num + li $j,`2*$BNSZ` +.align 4 +L1st: + $LDX $aj,$ap,$j ; ap[j] + addc $lo0,$alo,$hi0 + $LDX $nj,$np,$j ; np[j] + addze $hi0,$ahi + $UMULL $alo,$aj,$m0 ; ap[j]*bp[0] + addc $lo1,$nlo,$hi1 + $UMULH $ahi,$aj,$m0 + addze $hi1,$nhi + $UMULL $nlo,$nj,$m1 ; np[j]*m1 + addc $lo1,$lo1,$lo0 ; np[j]*m1+ap[j]*bp[0] + $UMULH $nhi,$nj,$m1 + addze $hi1,$hi1 + $ST $lo1,0($tp) ; tp[j-1] + + addi $j,$j,$BNSZ ; j++ + addi $tp,$tp,$BNSZ ; tp++ + bdnz- L1st +;L1st + addc $lo0,$alo,$hi0 + addze $hi0,$ahi + + addc $lo1,$nlo,$hi1 + addze $hi1,$nhi + addc $lo1,$lo1,$lo0 ; np[j]*m1+ap[j]*bp[0] + addze $hi1,$hi1 + $ST $lo1,0($tp) ; tp[j-1] + + li $ovf,0 + addc $hi1,$hi1,$hi0 + addze $ovf,$ovf ; upmost overflow bit + $ST $hi1,$BNSZ($tp) + + li $i,$BNSZ +.align 4 +Louter: + $LDX $m0,$bp,$i ; m0=bp[i] + $LD $aj,0($ap) ; ap[0] + addi $tp,$sp,$LOCALS + $LD $tj,$LOCALS($sp); tp[0] + $UMULL $lo0,$aj,$m0 ; ap[0]*bp[i] + $UMULH $hi0,$aj,$m0 + $LD $aj,$BNSZ($ap) ; ap[1] + $LD $nj,0($np) ; np[0] + addc $lo0,$lo0,$tj ; ap[0]*bp[i]+tp[0] + $UMULL $alo,$aj,$m0 ; ap[j]*bp[i] + addze $hi0,$hi0 + $UMULL $m1,$lo0,$n0 ; tp[0]*n0 + $UMULH $ahi,$aj,$m0 + $UMULL $lo1,$nj,$m1 ; np[0]*m1 + $UMULH $hi1,$nj,$m1 + $LD $nj,$BNSZ($np) ; np[1] + addc $lo1,$lo1,$lo0 + $UMULL $nlo,$nj,$m1 ; np[1]*m1 + addze $hi1,$hi1 + $UMULH $nhi,$nj,$m1 + + mtctr $num + li $j,`2*$BNSZ` +.align 4 +Linner: + $LDX $aj,$ap,$j ; ap[j] + addc $lo0,$alo,$hi0 + $LD $tj,$BNSZ($tp) ; tp[j] + addze $hi0,$ahi + $LDX $nj,$np,$j ; np[j] + addc $lo1,$nlo,$hi1 + $UMULL $alo,$aj,$m0 ; ap[j]*bp[i] + addze $hi1,$nhi + $UMULH $ahi,$aj,$m0 + addc $lo0,$lo0,$tj ; ap[j]*bp[i]+tp[j] + $UMULL $nlo,$nj,$m1 ; np[j]*m1 + addze $hi0,$hi0 + $UMULH $nhi,$nj,$m1 + addc $lo1,$lo1,$lo0 ; np[j]*m1+ap[j]*bp[i]+tp[j] + addi $j,$j,$BNSZ ; j++ + addze $hi1,$hi1 + $ST $lo1,0($tp) ; tp[j-1] + addi $tp,$tp,$BNSZ ; tp++ + bdnz- Linner +;Linner + $LD $tj,$BNSZ($tp) ; tp[j] + addc $lo0,$alo,$hi0 + addze $hi0,$ahi + addc $lo0,$lo0,$tj ; ap[j]*bp[i]+tp[j] + addze $hi0,$hi0 + + addc $lo1,$nlo,$hi1 + addze $hi1,$nhi + addc $lo1,$lo1,$lo0 ; np[j]*m1+ap[j]*bp[i]+tp[j] + addze $hi1,$hi1 + $ST $lo1,0($tp) ; tp[j-1] + + addic $ovf,$ovf,-1 ; move upmost overflow to XER[CA] + li $ovf,0 + adde $hi1,$hi1,$hi0 + addze $ovf,$ovf + $ST $hi1,$BNSZ($tp) +; + slwi $tj,$num,`log($BNSZ)/log(2)` + $UCMP $i,$tj + addi $i,$i,$BNSZ + ble- Louter + + addi $num,$num,2 ; restore $num + subfc $j,$j,$j ; j=0 and "clear" XER[CA] + addi $tp,$sp,$LOCALS + mtctr $num + +.align 4 +Lsub: $LDX $tj,$tp,$j + $LDX $nj,$np,$j + subfe $aj,$nj,$tj ; tp[j]-np[j] + $STX $aj,$rp,$j + addi $j,$j,$BNSZ + bdnz- Lsub + + li $j,0 + mtctr $num + subfe $ovf,$j,$ovf ; handle upmost overflow bit + and $ap,$tp,$ovf + andc $np,$rp,$ovf + or $ap,$ap,$np ; ap=borrow?tp:rp + +.align 4 +Lcopy: ; copy or in-place refresh + $LDX $tj,$ap,$j + $STX $tj,$rp,$j + $STX $j,$tp,$j ; zap at once + addi $j,$j,$BNSZ + bdnz- Lcopy + + $POP $tj,0($sp) + li r3,1 + $POP r20,`-12*$SIZE_T`($tj) + $POP r21,`-11*$SIZE_T`($tj) + $POP r22,`-10*$SIZE_T`($tj) + $POP r23,`-9*$SIZE_T`($tj) + $POP r24,`-8*$SIZE_T`($tj) + $POP r25,`-7*$SIZE_T`($tj) + $POP r26,`-6*$SIZE_T`($tj) + $POP r27,`-5*$SIZE_T`($tj) + $POP r28,`-4*$SIZE_T`($tj) + $POP r29,`-3*$SIZE_T`($tj) + $POP r30,`-2*$SIZE_T`($tj) + $POP r31,`-1*$SIZE_T`($tj) + mr $sp,$tj + blr + .long 0 + .byte 0,12,4,0,0x80,12,6,0 + .long 0 + +.asciz "Montgomery Multiplication for PPC, CRYPTOGAMS by " +___ + +$code =~ s/\`([^\`]*)\`/eval $1/gem; +print $code; +close STDOUT; diff --git a/src/lib/libcrypto/bn/asm/ppc.pl b/src/lib/libcrypto/bn/asm/ppc.pl new file mode 100644 index 00000000000..1249ce22998 --- /dev/null +++ b/src/lib/libcrypto/bn/asm/ppc.pl @@ -0,0 +1,1998 @@ +#!/usr/bin/env perl +# +# Implemented as a Perl wrapper as we want to support several different +# architectures with single file. We pick up the target based on the +# file name we are asked to generate. +# +# It should be noted though that this perl code is nothing like +# /crypto/perlasm/x86*. In this case perl is used pretty much +# as pre-processor to cover for platform differences in name decoration, +# linker tables, 32-/64-bit instruction sets... +# +# As you might know there're several PowerPC ABI in use. Most notably +# Linux and AIX use different 32-bit ABIs. Good news are that these ABIs +# are similar enough to implement leaf(!) functions, which would be ABI +# neutral. And that's what you find here: ABI neutral leaf functions. +# In case you wonder what that is... +# +# AIX performance +# +# MEASUREMENTS WITH cc ON a 200 MhZ PowerPC 604e. +# +# The following is the performance of 32-bit compiler +# generated code: +# +# OpenSSL 0.9.6c 21 dec 2001 +# built on: Tue Jun 11 11:06:51 EDT 2002 +# options:bn(64,32) ... +#compiler: cc -DTHREADS -DAIX -DB_ENDIAN -DBN_LLONG -O3 +# sign verify sign/s verify/s +#rsa 512 bits 0.0098s 0.0009s 102.0 1170.6 +#rsa 1024 bits 0.0507s 0.0026s 19.7 387.5 +#rsa 2048 bits 0.3036s 0.0085s 3.3 117.1 +#rsa 4096 bits 2.0040s 0.0299s 0.5 33.4 +#dsa 512 bits 0.0087s 0.0106s 114.3 94.5 +#dsa 1024 bits 0.0256s 0.0313s 39.0 32.0 +# +# Same bechmark with this assembler code: +# +#rsa 512 bits 0.0056s 0.0005s 178.6 2049.2 +#rsa 1024 bits 0.0283s 0.0015s 35.3 674.1 +#rsa 2048 bits 0.1744s 0.0050s 5.7 201.2 +#rsa 4096 bits 1.1644s 0.0179s 0.9 55.7 +#dsa 512 bits 0.0052s 0.0062s 191.6 162.0 +#dsa 1024 bits 0.0149s 0.0180s 67.0 55.5 +# +# Number of operations increases by at almost 75% +# +# Here are performance numbers for 64-bit compiler +# generated code: +# +# OpenSSL 0.9.6g [engine] 9 Aug 2002 +# built on: Fri Apr 18 16:59:20 EDT 2003 +# options:bn(64,64) ... +# compiler: cc -DTHREADS -D_REENTRANT -q64 -DB_ENDIAN -O3 +# sign verify sign/s verify/s +#rsa 512 bits 0.0028s 0.0003s 357.1 3844.4 +#rsa 1024 bits 0.0148s 0.0008s 67.5 1239.7 +#rsa 2048 bits 0.0963s 0.0028s 10.4 353.0 +#rsa 4096 bits 0.6538s 0.0102s 1.5 98.1 +#dsa 512 bits 0.0026s 0.0032s 382.5 313.7 +#dsa 1024 bits 0.0081s 0.0099s 122.8 100.6 +# +# Same benchmark with this assembler code: +# +#rsa 512 bits 0.0020s 0.0002s 510.4 6273.7 +#rsa 1024 bits 0.0088s 0.0005s 114.1 2128.3 +#rsa 2048 bits 0.0540s 0.0016s 18.5 622.5 +#rsa 4096 bits 0.3700s 0.0058s 2.7 171.0 +#dsa 512 bits 0.0016s 0.0020s 610.7 507.1 +#dsa 1024 bits 0.0047s 0.0058s 212.5 173.2 +# +# Again, performance increases by at about 75% +# +# Mac OS X, Apple G5 1.8GHz (Note this is 32 bit code) +# OpenSSL 0.9.7c 30 Sep 2003 +# +# Original code. +# +#rsa 512 bits 0.0011s 0.0001s 906.1 11012.5 +#rsa 1024 bits 0.0060s 0.0003s 166.6 3363.1 +#rsa 2048 bits 0.0370s 0.0010s 27.1 982.4 +#rsa 4096 bits 0.2426s 0.0036s 4.1 280.4 +#dsa 512 bits 0.0010s 0.0012s 1038.1 841.5 +#dsa 1024 bits 0.0030s 0.0037s 329.6 269.7 +#dsa 2048 bits 0.0101s 0.0127s 98.9 78.6 +# +# Same benchmark with this assembler code: +# +#rsa 512 bits 0.0007s 0.0001s 1416.2 16645.9 +#rsa 1024 bits 0.0036s 0.0002s 274.4 5380.6 +#rsa 2048 bits 0.0222s 0.0006s 45.1 1589.5 +#rsa 4096 bits 0.1469s 0.0022s 6.8 449.6 +#dsa 512 bits 0.0006s 0.0007s 1664.2 1376.2 +#dsa 1024 bits 0.0018s 0.0023s 545.0 442.2 +#dsa 2048 bits 0.0061s 0.0075s 163.5 132.8 +# +# Performance increase of ~60% +# +# If you have comments or suggestions to improve code send +# me a note at schari@us.ibm.com +# + +$flavour = shift; + +if ($flavour =~ /32/) { + $BITS= 32; + $BNSZ= $BITS/8; + $ISA= "\"ppc\""; + + $LD= "lwz"; # load + $LDU= "lwzu"; # load and update + $ST= "stw"; # store + $STU= "stwu"; # store and update + $UMULL= "mullw"; # unsigned multiply low + $UMULH= "mulhwu"; # unsigned multiply high + $UDIV= "divwu"; # unsigned divide + $UCMPI= "cmplwi"; # unsigned compare with immediate + $UCMP= "cmplw"; # unsigned compare + $CNTLZ= "cntlzw"; # count leading zeros + $SHL= "slw"; # shift left + $SHR= "srw"; # unsigned shift right + $SHRI= "srwi"; # unsigned shift right by immediate + $SHLI= "slwi"; # shift left by immediate + $CLRU= "clrlwi"; # clear upper bits + $INSR= "insrwi"; # insert right + $ROTL= "rotlwi"; # rotate left by immediate + $TR= "tw"; # conditional trap +} elsif ($flavour =~ /64/) { + $BITS= 64; + $BNSZ= $BITS/8; + $ISA= "\"ppc64\""; + + # same as above, but 64-bit mnemonics... + $LD= "ld"; # load + $LDU= "ldu"; # load and update + $ST= "std"; # store + $STU= "stdu"; # store and update + $UMULL= "mulld"; # unsigned multiply low + $UMULH= "mulhdu"; # unsigned multiply high + $UDIV= "divdu"; # unsigned divide + $UCMPI= "cmpldi"; # unsigned compare with immediate + $UCMP= "cmpld"; # unsigned compare + $CNTLZ= "cntlzd"; # count leading zeros + $SHL= "sld"; # shift left + $SHR= "srd"; # unsigned shift right + $SHRI= "srdi"; # unsigned shift right by immediate + $SHLI= "sldi"; # shift left by immediate + $CLRU= "clrldi"; # clear upper bits + $INSR= "insrdi"; # insert right + $ROTL= "rotldi"; # rotate left by immediate + $TR= "td"; # conditional trap +} else { die "nonsense $flavour"; } + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or +die "can't locate ppc-xlate.pl"; + +open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!"; + +$data=< 0 then result !=0 + # In either case carry bit is set. + beq Lppcasm_sub_adios + addi r4,r4,-$BNSZ + addi r3,r3,-$BNSZ + addi r5,r5,-$BNSZ + mtctr r6 +Lppcasm_sub_mainloop: + $LDU r7,$BNSZ(r4) + $LDU r8,$BNSZ(r5) + subfe r6,r8,r7 # r6 = r7+carry bit + onescomplement(r8) + # if carry = 1 this is r7-r8. Else it + # is r7-r8 -1 as we need. + $STU r6,$BNSZ(r3) + bdnz- Lppcasm_sub_mainloop +Lppcasm_sub_adios: + subfze r3,r0 # if carry bit is set then r3 = 0 else -1 + andi. r3,r3,1 # keep only last bit. + blr + .long 0 + .byte 0,12,0x14,0,0,0,4,0 + .long 0 + +# +# NOTE: The following label name should be changed to +# "bn_add_words" i.e. remove the first dot +# for the gcc compiler. This should be automatically +# done in the build +# + +.align 4 +.bn_add_words: +# +# Handcoded version of bn_add_words +# +#BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) +# +# r3 = r +# r4 = a +# r5 = b +# r6 = n +# +# Note: No loop unrolling done since this is not a performance +# critical loop. + + xor r0,r0,r0 +# +# check for r6 = 0. Is this needed? +# + addic. r6,r6,0 #test r6 and clear carry bit. + beq Lppcasm_add_adios + addi r4,r4,-$BNSZ + addi r3,r3,-$BNSZ + addi r5,r5,-$BNSZ + mtctr r6 +Lppcasm_add_mainloop: + $LDU r7,$BNSZ(r4) + $LDU r8,$BNSZ(r5) + adde r8,r7,r8 + $STU r8,$BNSZ(r3) + bdnz- Lppcasm_add_mainloop +Lppcasm_add_adios: + addze r3,r0 #return carry bit. + blr + .long 0 + .byte 0,12,0x14,0,0,0,4,0 + .long 0 + +# +# NOTE: The following label name should be changed to +# "bn_div_words" i.e. remove the first dot +# for the gcc compiler. This should be automatically +# done in the build +# + +.align 4 +.bn_div_words: +# +# This is a cleaned up version of code generated by +# the AIX compiler. The only optimization is to use +# the PPC instruction to count leading zeros instead +# of call to num_bits_word. Since this was compiled +# only at level -O2 we can possibly squeeze it more? +# +# r3 = h +# r4 = l +# r5 = d + + $UCMPI 0,r5,0 # compare r5 and 0 + bne Lppcasm_div1 # proceed if d!=0 + li r3,-1 # d=0 return -1 + blr +Lppcasm_div1: + xor r0,r0,r0 #r0=0 + li r8,$BITS + $CNTLZ. r7,r5 #r7 = num leading 0s in d. + beq Lppcasm_div2 #proceed if no leading zeros + subf r8,r7,r8 #r8 = BN_num_bits_word(d) + $SHR. r9,r3,r8 #are there any bits above r8'th? + $TR 16,r9,r0 #if there're, signal to dump core... +Lppcasm_div2: + $UCMP 0,r3,r5 #h>=d? + blt Lppcasm_div3 #goto Lppcasm_div3 if not + subf r3,r5,r3 #h-=d ; +Lppcasm_div3: #r7 = BN_BITS2-i. so r7=i + cmpi 0,0,r7,0 # is (i == 0)? + beq Lppcasm_div4 + $SHL r3,r3,r7 # h = (h<< i) + $SHR r8,r4,r8 # r8 = (l >> BN_BITS2 -i) + $SHL r5,r5,r7 # d<<=i + or r3,r3,r8 # h = (h<>(BN_BITS2-i)) + $SHL r4,r4,r7 # l <<=i +Lppcasm_div4: + $SHRI r9,r5,`$BITS/2` # r9 = dh + # dl will be computed when needed + # as it saves registers. + li r6,2 #r6=2 + mtctr r6 #counter will be in count. +Lppcasm_divouterloop: + $SHRI r8,r3,`$BITS/2` #r8 = (h>>BN_BITS4) + $SHRI r11,r4,`$BITS/2` #r11= (l&BN_MASK2h)>>BN_BITS4 + # compute here for innerloop. + $UCMP 0,r8,r9 # is (h>>BN_BITS4)==dh + bne Lppcasm_div5 # goto Lppcasm_div5 if not + + li r8,-1 + $CLRU r8,r8,`$BITS/2` #q = BN_MASK2l + b Lppcasm_div6 +Lppcasm_div5: + $UDIV r8,r3,r9 #q = h/dh +Lppcasm_div6: + $UMULL r12,r9,r8 #th = q*dh + $CLRU r10,r5,`$BITS/2` #r10=dl + $UMULL r6,r8,r10 #tl = q*dl + +Lppcasm_divinnerloop: + subf r10,r12,r3 #t = h -th + $SHRI r7,r10,`$BITS/2` #r7= (t &BN_MASK2H), sort of... + addic. r7,r7,0 #test if r7 == 0. used below. + # now want to compute + # r7 = (t<>BN_BITS4) + # the following 2 instructions do that + $SHLI r7,r10,`$BITS/2` # r7 = (t<>BN_BITS4) + $UCMP cr1,r6,r7 # compare (tl <= r7) + bne Lppcasm_divinnerexit + ble cr1,Lppcasm_divinnerexit + addi r8,r8,-1 #q-- + subf r12,r9,r12 #th -=dh + $CLRU r10,r5,`$BITS/2` #r10=dl. t is no longer needed in loop. + subf r6,r10,r6 #tl -=dl + b Lppcasm_divinnerloop +Lppcasm_divinnerexit: + $SHRI r10,r6,`$BITS/2` #t=(tl>>BN_BITS4) + $SHLI r11,r6,`$BITS/2` #tl=(tl<=tl) goto Lppcasm_div7 + addi r12,r12,1 # th++ +Lppcasm_div7: + subf r11,r11,r4 #r11=l-tl + $UCMP cr1,r3,r12 #compare h and th + bge cr1,Lppcasm_div8 #if (h>=th) goto Lppcasm_div8 + addi r8,r8,-1 # q-- + add r3,r5,r3 # h+=d +Lppcasm_div8: + subf r12,r12,r3 #r12 = h-th + $SHLI r4,r11,`$BITS/2` #l=(l&BN_MASK2l)<>BN_BITS4))&BN_MASK2 + # the following 2 instructions will do this. + $INSR r11,r12,`$BITS/2`,`$BITS/2` # r11 is the value we want rotated $BITS/2. + $ROTL r3,r11,`$BITS/2` # rotate by $BITS/2 and store in r3 + bdz Lppcasm_div9 #if (count==0) break ; + $SHLI r0,r8,`$BITS/2` #ret =q<> 2 + beq Lppcasm_mw_REM + mtctr r7 +Lppcasm_mw_LOOP: + #mul(rp[0],ap[0],w,c1); + $LD r8,`0*$BNSZ`(r4) + $UMULL r9,r6,r8 + $UMULH r10,r6,r8 + addc r9,r9,r12 + #addze r10,r10 #carry is NOT ignored. + #will be taken care of + #in second spin below + #using adde. + $ST r9,`0*$BNSZ`(r3) + #mul(rp[1],ap[1],w,c1); + $LD r8,`1*$BNSZ`(r4) + $UMULL r11,r6,r8 + $UMULH r12,r6,r8 + adde r11,r11,r10 + #addze r12,r12 + $ST r11,`1*$BNSZ`(r3) + #mul(rp[2],ap[2],w,c1); + $LD r8,`2*$BNSZ`(r4) + $UMULL r9,r6,r8 + $UMULH r10,r6,r8 + adde r9,r9,r12 + #addze r10,r10 + $ST r9,`2*$BNSZ`(r3) + #mul_add(rp[3],ap[3],w,c1); + $LD r8,`3*$BNSZ`(r4) + $UMULL r11,r6,r8 + $UMULH r12,r6,r8 + adde r11,r11,r10 + addze r12,r12 #this spin we collect carry into + #r12 + $ST r11,`3*$BNSZ`(r3) + + addi r3,r3,`4*$BNSZ` + addi r4,r4,`4*$BNSZ` + bdnz- Lppcasm_mw_LOOP + +Lppcasm_mw_REM: + andi. r5,r5,0x3 + beq Lppcasm_mw_OVER + #mul(rp[0],ap[0],w,c1); + $LD r8,`0*$BNSZ`(r4) + $UMULL r9,r6,r8 + $UMULH r10,r6,r8 + addc r9,r9,r12 + addze r10,r10 + $ST r9,`0*$BNSZ`(r3) + addi r12,r10,0 + + addi r5,r5,-1 + cmpli 0,0,r5,0 + beq Lppcasm_mw_OVER + + + #mul(rp[1],ap[1],w,c1); + $LD r8,`1*$BNSZ`(r4) + $UMULL r9,r6,r8 + $UMULH r10,r6,r8 + addc r9,r9,r12 + addze r10,r10 + $ST r9,`1*$BNSZ`(r3) + addi r12,r10,0 + + addi r5,r5,-1 + cmpli 0,0,r5,0 + beq Lppcasm_mw_OVER + + #mul_add(rp[2],ap[2],w,c1); + $LD r8,`2*$BNSZ`(r4) + $UMULL r9,r6,r8 + $UMULH r10,r6,r8 + addc r9,r9,r12 + addze r10,r10 + $ST r9,`2*$BNSZ`(r3) + addi r12,r10,0 + +Lppcasm_mw_OVER: + addi r3,r12,0 + blr + .long 0 + .byte 0,12,0x14,0,0,0,4,0 + .long 0 + +# +# NOTE: The following label name should be changed to +# "bn_mul_add_words" i.e. remove the first dot +# for the gcc compiler. This should be automatically +# done in the build +# + +.align 4 +.bn_mul_add_words: +# +# BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w) +# +# r3 = rp +# r4 = ap +# r5 = num +# r6 = w +# +# empirical evidence suggests that unrolled version performs best!! +# + xor r0,r0,r0 #r0 = 0 + xor r12,r12,r12 #r12 = 0 . used for carry + rlwinm. r7,r5,30,2,31 # num >> 2 + beq Lppcasm_maw_leftover # if (num < 4) go LPPCASM_maw_leftover + mtctr r7 +Lppcasm_maw_mainloop: + #mul_add(rp[0],ap[0],w,c1); + $LD r8,`0*$BNSZ`(r4) + $LD r11,`0*$BNSZ`(r3) + $UMULL r9,r6,r8 + $UMULH r10,r6,r8 + addc r9,r9,r12 #r12 is carry. + addze r10,r10 + addc r9,r9,r11 + #addze r10,r10 + #the above instruction addze + #is NOT needed. Carry will NOT + #be ignored. It's not affected + #by multiply and will be collected + #in the next spin + $ST r9,`0*$BNSZ`(r3) + + #mul_add(rp[1],ap[1],w,c1); + $LD r8,`1*$BNSZ`(r4) + $LD r9,`1*$BNSZ`(r3) + $UMULL r11,r6,r8 + $UMULH r12,r6,r8 + adde r11,r11,r10 #r10 is carry. + addze r12,r12 + addc r11,r11,r9 + #addze r12,r12 + $ST r11,`1*$BNSZ`(r3) + + #mul_add(rp[2],ap[2],w,c1); + $LD r8,`2*$BNSZ`(r4) + $UMULL r9,r6,r8 + $LD r11,`2*$BNSZ`(r3) + $UMULH r10,r6,r8 + adde r9,r9,r12 + addze r10,r10 + addc r9,r9,r11 + #addze r10,r10 + $ST r9,`2*$BNSZ`(r3) + + #mul_add(rp[3],ap[3],w,c1); + $LD r8,`3*$BNSZ`(r4) + $UMULL r11,r6,r8 + $LD r9,`3*$BNSZ`(r3) + $UMULH r12,r6,r8 + adde r11,r11,r10 + addze r12,r12 + addc r11,r11,r9 + addze r12,r12 + $ST r11,`3*$BNSZ`(r3) + addi r3,r3,`4*$BNSZ` + addi r4,r4,`4*$BNSZ` + bdnz- Lppcasm_maw_mainloop + +Lppcasm_maw_leftover: + andi. r5,r5,0x3 + beq Lppcasm_maw_adios + addi r3,r3,-$BNSZ + addi r4,r4,-$BNSZ + #mul_add(rp[0],ap[0],w,c1); + mtctr r5 + $LDU r8,$BNSZ(r4) + $UMULL r9,r6,r8 + $UMULH r10,r6,r8 + $LDU r11,$BNSZ(r3) + addc r9,r9,r11 + addze r10,r10 + addc r9,r9,r12 + addze r12,r10 + $ST r9,0(r3) + + bdz Lppcasm_maw_adios + #mul_add(rp[1],ap[1],w,c1); + $LDU r8,$BNSZ(r4) + $UMULL r9,r6,r8 + $UMULH r10,r6,r8 + $LDU r11,$BNSZ(r3) + addc r9,r9,r11 + addze r10,r10 + addc r9,r9,r12 + addze r12,r10 + $ST r9,0(r3) + + bdz Lppcasm_maw_adios + #mul_add(rp[2],ap[2],w,c1); + $LDU r8,$BNSZ(r4) + $UMULL r9,r6,r8 + $UMULH r10,r6,r8 + $LDU r11,$BNSZ(r3) + addc r9,r9,r11 + addze r10,r10 + addc r9,r9,r12 + addze r12,r10 + $ST r9,0(r3) + +Lppcasm_maw_adios: + addi r3,r12,0 + blr + .long 0 + .byte 0,12,0x14,0,0,0,4,0 + .long 0 + .align 4 +EOF +$data =~ s/\`([^\`]*)\`/eval $1/gem; +print $data; +close STDOUT; diff --git a/src/lib/libcrypto/bn/asm/ppc64-mont.pl b/src/lib/libcrypto/bn/asm/ppc64-mont.pl new file mode 100644 index 00000000000..a14e769ad05 --- /dev/null +++ b/src/lib/libcrypto/bn/asm/ppc64-mont.pl @@ -0,0 +1,1088 @@ +#!/usr/bin/env perl + +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# December 2007 + +# The reason for undertaken effort is basically following. Even though +# Power 6 CPU operates at incredible 4.7GHz clock frequency, its PKI +# performance was observed to be less than impressive, essentially as +# fast as 1.8GHz PPC970, or 2.6 times(!) slower than one would hope. +# Well, it's not surprising that IBM had to make some sacrifices to +# boost the clock frequency that much, but no overall improvement? +# Having observed how much difference did switching to FPU make on +# UltraSPARC, playing same stunt on Power 6 appeared appropriate... +# Unfortunately the resulting performance improvement is not as +# impressive, ~30%, and in absolute terms is still very far from what +# one would expect from 4.7GHz CPU. There is a chance that I'm doing +# something wrong, but in the lack of assembler level micro-profiling +# data or at least decent platform guide I can't tell... Or better +# results might be achieved with VMX... Anyway, this module provides +# *worse* performance on other PowerPC implementations, ~40-15% slower +# on PPC970 depending on key length and ~40% slower on Power 5 for all +# key lengths. As it's obviously inappropriate as "best all-round" +# alternative, it has to be complemented with run-time CPU family +# detection. Oh! It should also be noted that unlike other PowerPC +# implementation IALU ppc-mont.pl module performs *suboptimaly* on +# >=1024-bit key lengths on Power 6. It should also be noted that +# *everything* said so far applies to 64-bit builds! As far as 32-bit +# application executed on 64-bit CPU goes, this module is likely to +# become preferred choice, because it's easy to adapt it for such +# case and *is* faster than 32-bit ppc-mont.pl on *all* processors. + +# February 2008 + +# Micro-profiling assisted optimization results in ~15% improvement +# over original ppc64-mont.pl version, or overall ~50% improvement +# over ppc.pl module on Power 6. If compared to ppc-mont.pl on same +# Power 6 CPU, this module is 5-150% faster depending on key length, +# [hereafter] more for longer keys. But if compared to ppc-mont.pl +# on 1.8GHz PPC970, it's only 5-55% faster. Still far from impressive +# in absolute terms, but it's apparently the way Power 6 is... + +# December 2009 + +# Adapted for 32-bit build this module delivers 25-120%, yes, more +# than *twice* for longer keys, performance improvement over 32-bit +# ppc-mont.pl on 1.8GHz PPC970. However! This implementation utilizes +# even 64-bit integer operations and the trouble is that most PPC +# operating systems don't preserve upper halves of general purpose +# registers upon 32-bit signal delivery. They do preserve them upon +# context switch, but not signalling:-( This means that asynchronous +# signals have to be blocked upon entry to this subroutine. Signal +# masking (and of course complementary unmasking) has quite an impact +# on performance, naturally larger for shorter keys. It's so severe +# that 512-bit key performance can be as low as 1/3 of expected one. +# This is why this routine can be engaged for longer key operations +# only on these OSes, see crypto/ppccap.c for further details. MacOS X +# is an exception from this and doesn't require signal masking, and +# that's where above improvement coefficients were collected. For +# others alternative would be to break dependence on upper halves of +# GPRs by sticking to 32-bit integer operations... + +$flavour = shift; + +if ($flavour =~ /32/) { + $SIZE_T=4; + $RZONE= 224; + $fname= "bn_mul_mont_fpu64"; + + $STUX= "stwux"; # store indexed and update + $PUSH= "stw"; + $POP= "lwz"; +} elsif ($flavour =~ /64/) { + $SIZE_T=8; + $RZONE= 288; + $fname= "bn_mul_mont_fpu64"; + + # same as above, but 64-bit mnemonics... + $STUX= "stdux"; # store indexed and update + $PUSH= "std"; + $POP= "ld"; +} else { die "nonsense $flavour"; } + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or +die "can't locate ppc-xlate.pl"; + +open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!"; + +$FRAME=64; # padded frame header +$TRANSFER=16*8; + +$carry="r0"; +$sp="r1"; +$toc="r2"; +$rp="r3"; $ovf="r3"; +$ap="r4"; +$bp="r5"; +$np="r6"; +$n0="r7"; +$num="r8"; +$rp="r9"; # $rp is reassigned +$tp="r10"; +$j="r11"; +$i="r12"; +# non-volatile registers +$nap_d="r22"; # interleaved ap and np in double format +$a0="r23"; # ap[0] +$t0="r24"; # temporary registers +$t1="r25"; +$t2="r26"; +$t3="r27"; +$t4="r28"; +$t5="r29"; +$t6="r30"; +$t7="r31"; + +# PPC offers enough register bank capacity to unroll inner loops twice +# +# ..A3A2A1A0 +# dcba +# ----------- +# A0a +# A0b +# A0c +# A0d +# A1a +# A1b +# A1c +# A1d +# A2a +# A2b +# A2c +# A2d +# A3a +# A3b +# A3c +# A3d +# ..a +# ..b +# +$ba="f0"; $bb="f1"; $bc="f2"; $bd="f3"; +$na="f4"; $nb="f5"; $nc="f6"; $nd="f7"; +$dota="f8"; $dotb="f9"; +$A0="f10"; $A1="f11"; $A2="f12"; $A3="f13"; +$N0="f20"; $N1="f21"; $N2="f22"; $N3="f23"; +$T0a="f24"; $T0b="f25"; +$T1a="f26"; $T1b="f27"; +$T2a="f28"; $T2b="f29"; +$T3a="f30"; $T3b="f31"; + +# sp----------->+-------------------------------+ +# | saved sp | +# +-------------------------------+ +# . . +# +64 +-------------------------------+ +# | 16 gpr<->fpr transfer zone | +# . . +# . . +# +16*8 +-------------------------------+ +# | __int64 tmp[-1] | +# +-------------------------------+ +# | __int64 tmp[num] | +# . . +# . . +# . . +# +(num+1)*8 +-------------------------------+ +# | padding to 64 byte boundary | +# . . +# +X +-------------------------------+ +# | double nap_d[4*num] | +# . . +# . . +# . . +# +-------------------------------+ +# . . +# -12*size_t +-------------------------------+ +# | 10 saved gpr, r22-r31 | +# . . +# . . +# -12*8 +-------------------------------+ +# | 12 saved fpr, f20-f31 | +# . . +# . . +# +-------------------------------+ + +$code=<<___; +.machine "any" +.text + +.globl .$fname +.align 5 +.$fname: + cmpwi $num,`3*8/$SIZE_T` + mr $rp,r3 ; $rp is reassigned + li r3,0 ; possible "not handled" return code + bltlr- + andi. r0,$num,`16/$SIZE_T-1` ; $num has to be "even" + bnelr- + + slwi $num,$num,`log($SIZE_T)/log(2)` ; num*=sizeof(BN_LONG) + li $i,-4096 + slwi $tp,$num,2 ; place for {an}p_{lh}[num], i.e. 4*num + add $tp,$tp,$num ; place for tp[num+1] + addi $tp,$tp,`$FRAME+$TRANSFER+8+64+$RZONE` + subf $tp,$tp,$sp ; $sp-$tp + and $tp,$tp,$i ; minimize TLB usage + subf $tp,$sp,$tp ; $tp-$sp + mr $i,$sp + $STUX $sp,$sp,$tp ; alloca + + $PUSH r22,`-12*8-10*$SIZE_T`($i) + $PUSH r23,`-12*8-9*$SIZE_T`($i) + $PUSH r24,`-12*8-8*$SIZE_T`($i) + $PUSH r25,`-12*8-7*$SIZE_T`($i) + $PUSH r26,`-12*8-6*$SIZE_T`($i) + $PUSH r27,`-12*8-5*$SIZE_T`($i) + $PUSH r28,`-12*8-4*$SIZE_T`($i) + $PUSH r29,`-12*8-3*$SIZE_T`($i) + $PUSH r30,`-12*8-2*$SIZE_T`($i) + $PUSH r31,`-12*8-1*$SIZE_T`($i) + stfd f20,`-12*8`($i) + stfd f21,`-11*8`($i) + stfd f22,`-10*8`($i) + stfd f23,`-9*8`($i) + stfd f24,`-8*8`($i) + stfd f25,`-7*8`($i) + stfd f26,`-6*8`($i) + stfd f27,`-5*8`($i) + stfd f28,`-4*8`($i) + stfd f29,`-3*8`($i) + stfd f30,`-2*8`($i) + stfd f31,`-1*8`($i) +___ +$code.=<<___ if ($SIZE_T==8); + ld $a0,0($ap) ; pull ap[0] value + ld $n0,0($n0) ; pull n0[0] value + ld $t3,0($bp) ; bp[0] +___ +$code.=<<___ if ($SIZE_T==4); + mr $t1,$n0 + lwz $a0,0($ap) ; pull ap[0,1] value + lwz $t0,4($ap) + lwz $n0,0($t1) ; pull n0[0,1] value + lwz $t1,4($t1) + lwz $t3,0($bp) ; bp[0,1] + lwz $t2,4($bp) + insrdi $a0,$t0,32,0 + insrdi $n0,$t1,32,0 + insrdi $t3,$t2,32,0 +___ +$code.=<<___; + addi $tp,$sp,`$FRAME+$TRANSFER+8+64` + li $i,-64 + add $nap_d,$tp,$num + and $nap_d,$nap_d,$i ; align to 64 bytes + + mulld $t7,$a0,$t3 ; ap[0]*bp[0] + ; nap_d is off by 1, because it's used with stfdu/lfdu + addi $nap_d,$nap_d,-8 + srwi $j,$num,`3+1` ; counter register, num/2 + mulld $t7,$t7,$n0 ; tp[0]*n0 + addi $j,$j,-1 + addi $tp,$sp,`$FRAME+$TRANSFER-8` + li $carry,0 + mtctr $j + + ; transfer bp[0] to FPU as 4x16-bit values + extrdi $t0,$t3,16,48 + extrdi $t1,$t3,16,32 + extrdi $t2,$t3,16,16 + extrdi $t3,$t3,16,0 + std $t0,`$FRAME+0`($sp) + std $t1,`$FRAME+8`($sp) + std $t2,`$FRAME+16`($sp) + std $t3,`$FRAME+24`($sp) + ; transfer (ap[0]*bp[0])*n0 to FPU as 4x16-bit values + extrdi $t4,$t7,16,48 + extrdi $t5,$t7,16,32 + extrdi $t6,$t7,16,16 + extrdi $t7,$t7,16,0 + std $t4,`$FRAME+32`($sp) + std $t5,`$FRAME+40`($sp) + std $t6,`$FRAME+48`($sp) + std $t7,`$FRAME+56`($sp) +___ +$code.=<<___ if ($SIZE_T==8); + lwz $t0,4($ap) ; load a[j] as 32-bit word pair + lwz $t1,0($ap) + lwz $t2,12($ap) ; load a[j+1] as 32-bit word pair + lwz $t3,8($ap) + lwz $t4,4($np) ; load n[j] as 32-bit word pair + lwz $t5,0($np) + lwz $t6,12($np) ; load n[j+1] as 32-bit word pair + lwz $t7,8($np) +___ +$code.=<<___ if ($SIZE_T==4); + lwz $t0,0($ap) ; load a[j..j+3] as 32-bit word pairs + lwz $t1,4($ap) + lwz $t2,8($ap) + lwz $t3,12($ap) + lwz $t4,0($np) ; load n[j..j+3] as 32-bit word pairs + lwz $t5,4($np) + lwz $t6,8($np) + lwz $t7,12($np) +___ +$code.=<<___; + lfd $ba,`$FRAME+0`($sp) + lfd $bb,`$FRAME+8`($sp) + lfd $bc,`$FRAME+16`($sp) + lfd $bd,`$FRAME+24`($sp) + lfd $na,`$FRAME+32`($sp) + lfd $nb,`$FRAME+40`($sp) + lfd $nc,`$FRAME+48`($sp) + lfd $nd,`$FRAME+56`($sp) + std $t0,`$FRAME+64`($sp) + std $t1,`$FRAME+72`($sp) + std $t2,`$FRAME+80`($sp) + std $t3,`$FRAME+88`($sp) + std $t4,`$FRAME+96`($sp) + std $t5,`$FRAME+104`($sp) + std $t6,`$FRAME+112`($sp) + std $t7,`$FRAME+120`($sp) + fcfid $ba,$ba + fcfid $bb,$bb + fcfid $bc,$bc + fcfid $bd,$bd + fcfid $na,$na + fcfid $nb,$nb + fcfid $nc,$nc + fcfid $nd,$nd + + lfd $A0,`$FRAME+64`($sp) + lfd $A1,`$FRAME+72`($sp) + lfd $A2,`$FRAME+80`($sp) + lfd $A3,`$FRAME+88`($sp) + lfd $N0,`$FRAME+96`($sp) + lfd $N1,`$FRAME+104`($sp) + lfd $N2,`$FRAME+112`($sp) + lfd $N3,`$FRAME+120`($sp) + fcfid $A0,$A0 + fcfid $A1,$A1 + fcfid $A2,$A2 + fcfid $A3,$A3 + fcfid $N0,$N0 + fcfid $N1,$N1 + fcfid $N2,$N2 + fcfid $N3,$N3 + addi $ap,$ap,16 + addi $np,$np,16 + + fmul $T1a,$A1,$ba + fmul $T1b,$A1,$bb + stfd $A0,8($nap_d) ; save a[j] in double format + stfd $A1,16($nap_d) + fmul $T2a,$A2,$ba + fmul $T2b,$A2,$bb + stfd $A2,24($nap_d) ; save a[j+1] in double format + stfd $A3,32($nap_d) + fmul $T3a,$A3,$ba + fmul $T3b,$A3,$bb + stfd $N0,40($nap_d) ; save n[j] in double format + stfd $N1,48($nap_d) + fmul $T0a,$A0,$ba + fmul $T0b,$A0,$bb + stfd $N2,56($nap_d) ; save n[j+1] in double format + stfdu $N3,64($nap_d) + + fmadd $T1a,$A0,$bc,$T1a + fmadd $T1b,$A0,$bd,$T1b + fmadd $T2a,$A1,$bc,$T2a + fmadd $T2b,$A1,$bd,$T2b + fmadd $T3a,$A2,$bc,$T3a + fmadd $T3b,$A2,$bd,$T3b + fmul $dota,$A3,$bc + fmul $dotb,$A3,$bd + + fmadd $T1a,$N1,$na,$T1a + fmadd $T1b,$N1,$nb,$T1b + fmadd $T2a,$N2,$na,$T2a + fmadd $T2b,$N2,$nb,$T2b + fmadd $T3a,$N3,$na,$T3a + fmadd $T3b,$N3,$nb,$T3b + fmadd $T0a,$N0,$na,$T0a + fmadd $T0b,$N0,$nb,$T0b + + fmadd $T1a,$N0,$nc,$T1a + fmadd $T1b,$N0,$nd,$T1b + fmadd $T2a,$N1,$nc,$T2a + fmadd $T2b,$N1,$nd,$T2b + fmadd $T3a,$N2,$nc,$T3a + fmadd $T3b,$N2,$nd,$T3b + fmadd $dota,$N3,$nc,$dota + fmadd $dotb,$N3,$nd,$dotb + + fctid $T0a,$T0a + fctid $T0b,$T0b + fctid $T1a,$T1a + fctid $T1b,$T1b + fctid $T2a,$T2a + fctid $T2b,$T2b + fctid $T3a,$T3a + fctid $T3b,$T3b + + stfd $T0a,`$FRAME+0`($sp) + stfd $T0b,`$FRAME+8`($sp) + stfd $T1a,`$FRAME+16`($sp) + stfd $T1b,`$FRAME+24`($sp) + stfd $T2a,`$FRAME+32`($sp) + stfd $T2b,`$FRAME+40`($sp) + stfd $T3a,`$FRAME+48`($sp) + stfd $T3b,`$FRAME+56`($sp) + +.align 5 +L1st: +___ +$code.=<<___ if ($SIZE_T==8); + lwz $t0,4($ap) ; load a[j] as 32-bit word pair + lwz $t1,0($ap) + lwz $t2,12($ap) ; load a[j+1] as 32-bit word pair + lwz $t3,8($ap) + lwz $t4,4($np) ; load n[j] as 32-bit word pair + lwz $t5,0($np) + lwz $t6,12($np) ; load n[j+1] as 32-bit word pair + lwz $t7,8($np) +___ +$code.=<<___ if ($SIZE_T==4); + lwz $t0,0($ap) ; load a[j..j+3] as 32-bit word pairs + lwz $t1,4($ap) + lwz $t2,8($ap) + lwz $t3,12($ap) + lwz $t4,0($np) ; load n[j..j+3] as 32-bit word pairs + lwz $t5,4($np) + lwz $t6,8($np) + lwz $t7,12($np) +___ +$code.=<<___; + std $t0,`$FRAME+64`($sp) + std $t1,`$FRAME+72`($sp) + std $t2,`$FRAME+80`($sp) + std $t3,`$FRAME+88`($sp) + std $t4,`$FRAME+96`($sp) + std $t5,`$FRAME+104`($sp) + std $t6,`$FRAME+112`($sp) + std $t7,`$FRAME+120`($sp) + ld $t0,`$FRAME+0`($sp) + ld $t1,`$FRAME+8`($sp) + ld $t2,`$FRAME+16`($sp) + ld $t3,`$FRAME+24`($sp) + ld $t4,`$FRAME+32`($sp) + ld $t5,`$FRAME+40`($sp) + ld $t6,`$FRAME+48`($sp) + ld $t7,`$FRAME+56`($sp) + lfd $A0,`$FRAME+64`($sp) + lfd $A1,`$FRAME+72`($sp) + lfd $A2,`$FRAME+80`($sp) + lfd $A3,`$FRAME+88`($sp) + lfd $N0,`$FRAME+96`($sp) + lfd $N1,`$FRAME+104`($sp) + lfd $N2,`$FRAME+112`($sp) + lfd $N3,`$FRAME+120`($sp) + fcfid $A0,$A0 + fcfid $A1,$A1 + fcfid $A2,$A2 + fcfid $A3,$A3 + fcfid $N0,$N0 + fcfid $N1,$N1 + fcfid $N2,$N2 + fcfid $N3,$N3 + addi $ap,$ap,16 + addi $np,$np,16 + + fmul $T1a,$A1,$ba + fmul $T1b,$A1,$bb + fmul $T2a,$A2,$ba + fmul $T2b,$A2,$bb + stfd $A0,8($nap_d) ; save a[j] in double format + stfd $A1,16($nap_d) + fmul $T3a,$A3,$ba + fmul $T3b,$A3,$bb + fmadd $T0a,$A0,$ba,$dota + fmadd $T0b,$A0,$bb,$dotb + stfd $A2,24($nap_d) ; save a[j+1] in double format + stfd $A3,32($nap_d) + + fmadd $T1a,$A0,$bc,$T1a + fmadd $T1b,$A0,$bd,$T1b + fmadd $T2a,$A1,$bc,$T2a + fmadd $T2b,$A1,$bd,$T2b + stfd $N0,40($nap_d) ; save n[j] in double format + stfd $N1,48($nap_d) + fmadd $T3a,$A2,$bc,$T3a + fmadd $T3b,$A2,$bd,$T3b + add $t0,$t0,$carry ; can not overflow + fmul $dota,$A3,$bc + fmul $dotb,$A3,$bd + stfd $N2,56($nap_d) ; save n[j+1] in double format + stfdu $N3,64($nap_d) + srdi $carry,$t0,16 + add $t1,$t1,$carry + srdi $carry,$t1,16 + + fmadd $T1a,$N1,$na,$T1a + fmadd $T1b,$N1,$nb,$T1b + insrdi $t0,$t1,16,32 + fmadd $T2a,$N2,$na,$T2a + fmadd $T2b,$N2,$nb,$T2b + add $t2,$t2,$carry + fmadd $T3a,$N3,$na,$T3a + fmadd $T3b,$N3,$nb,$T3b + srdi $carry,$t2,16 + fmadd $T0a,$N0,$na,$T0a + fmadd $T0b,$N0,$nb,$T0b + insrdi $t0,$t2,16,16 + add $t3,$t3,$carry + srdi $carry,$t3,16 + + fmadd $T1a,$N0,$nc,$T1a + fmadd $T1b,$N0,$nd,$T1b + insrdi $t0,$t3,16,0 ; 0..63 bits + fmadd $T2a,$N1,$nc,$T2a + fmadd $T2b,$N1,$nd,$T2b + add $t4,$t4,$carry + fmadd $T3a,$N2,$nc,$T3a + fmadd $T3b,$N2,$nd,$T3b + srdi $carry,$t4,16 + fmadd $dota,$N3,$nc,$dota + fmadd $dotb,$N3,$nd,$dotb + add $t5,$t5,$carry + srdi $carry,$t5,16 + insrdi $t4,$t5,16,32 + + fctid $T0a,$T0a + fctid $T0b,$T0b + add $t6,$t6,$carry + fctid $T1a,$T1a + fctid $T1b,$T1b + srdi $carry,$t6,16 + fctid $T2a,$T2a + fctid $T2b,$T2b + insrdi $t4,$t6,16,16 + fctid $T3a,$T3a + fctid $T3b,$T3b + add $t7,$t7,$carry + insrdi $t4,$t7,16,0 ; 64..127 bits + srdi $carry,$t7,16 ; upper 33 bits + + stfd $T0a,`$FRAME+0`($sp) + stfd $T0b,`$FRAME+8`($sp) + stfd $T1a,`$FRAME+16`($sp) + stfd $T1b,`$FRAME+24`($sp) + stfd $T2a,`$FRAME+32`($sp) + stfd $T2b,`$FRAME+40`($sp) + stfd $T3a,`$FRAME+48`($sp) + stfd $T3b,`$FRAME+56`($sp) + std $t0,8($tp) ; tp[j-1] + stdu $t4,16($tp) ; tp[j] + bdnz- L1st + + fctid $dota,$dota + fctid $dotb,$dotb + + ld $t0,`$FRAME+0`($sp) + ld $t1,`$FRAME+8`($sp) + ld $t2,`$FRAME+16`($sp) + ld $t3,`$FRAME+24`($sp) + ld $t4,`$FRAME+32`($sp) + ld $t5,`$FRAME+40`($sp) + ld $t6,`$FRAME+48`($sp) + ld $t7,`$FRAME+56`($sp) + stfd $dota,`$FRAME+64`($sp) + stfd $dotb,`$FRAME+72`($sp) + + add $t0,$t0,$carry ; can not overflow + srdi $carry,$t0,16 + add $t1,$t1,$carry + srdi $carry,$t1,16 + insrdi $t0,$t1,16,32 + add $t2,$t2,$carry + srdi $carry,$t2,16 + insrdi $t0,$t2,16,16 + add $t3,$t3,$carry + srdi $carry,$t3,16 + insrdi $t0,$t3,16,0 ; 0..63 bits + add $t4,$t4,$carry + srdi $carry,$t4,16 + add $t5,$t5,$carry + srdi $carry,$t5,16 + insrdi $t4,$t5,16,32 + add $t6,$t6,$carry + srdi $carry,$t6,16 + insrdi $t4,$t6,16,16 + add $t7,$t7,$carry + insrdi $t4,$t7,16,0 ; 64..127 bits + srdi $carry,$t7,16 ; upper 33 bits + ld $t6,`$FRAME+64`($sp) + ld $t7,`$FRAME+72`($sp) + + std $t0,8($tp) ; tp[j-1] + stdu $t4,16($tp) ; tp[j] + + add $t6,$t6,$carry ; can not overflow + srdi $carry,$t6,16 + add $t7,$t7,$carry + insrdi $t6,$t7,48,0 + srdi $ovf,$t7,48 + std $t6,8($tp) ; tp[num-1] + + slwi $t7,$num,2 + subf $nap_d,$t7,$nap_d ; rewind pointer + + li $i,8 ; i=1 +.align 5 +Louter: +___ +$code.=<<___ if ($SIZE_T==8); + ldx $t3,$bp,$i ; bp[i] +___ +$code.=<<___ if ($SIZE_T==4); + add $t0,$bp,$i + lwz $t3,0($t0) ; bp[i,i+1] + lwz $t0,4($t0) + insrdi $t3,$t0,32,0 +___ +$code.=<<___; + ld $t6,`$FRAME+$TRANSFER+8`($sp) ; tp[0] + mulld $t7,$a0,$t3 ; ap[0]*bp[i] + + addi $tp,$sp,`$FRAME+$TRANSFER` + add $t7,$t7,$t6 ; ap[0]*bp[i]+tp[0] + li $carry,0 + mulld $t7,$t7,$n0 ; tp[0]*n0 + mtctr $j + + ; transfer bp[i] to FPU as 4x16-bit values + extrdi $t0,$t3,16,48 + extrdi $t1,$t3,16,32 + extrdi $t2,$t3,16,16 + extrdi $t3,$t3,16,0 + std $t0,`$FRAME+0`($sp) + std $t1,`$FRAME+8`($sp) + std $t2,`$FRAME+16`($sp) + std $t3,`$FRAME+24`($sp) + ; transfer (ap[0]*bp[i]+tp[0])*n0 to FPU as 4x16-bit values + extrdi $t4,$t7,16,48 + extrdi $t5,$t7,16,32 + extrdi $t6,$t7,16,16 + extrdi $t7,$t7,16,0 + std $t4,`$FRAME+32`($sp) + std $t5,`$FRAME+40`($sp) + std $t6,`$FRAME+48`($sp) + std $t7,`$FRAME+56`($sp) + + lfd $A0,8($nap_d) ; load a[j] in double format + lfd $A1,16($nap_d) + lfd $A2,24($nap_d) ; load a[j+1] in double format + lfd $A3,32($nap_d) + lfd $N0,40($nap_d) ; load n[j] in double format + lfd $N1,48($nap_d) + lfd $N2,56($nap_d) ; load n[j+1] in double format + lfdu $N3,64($nap_d) + + lfd $ba,`$FRAME+0`($sp) + lfd $bb,`$FRAME+8`($sp) + lfd $bc,`$FRAME+16`($sp) + lfd $bd,`$FRAME+24`($sp) + lfd $na,`$FRAME+32`($sp) + lfd $nb,`$FRAME+40`($sp) + lfd $nc,`$FRAME+48`($sp) + lfd $nd,`$FRAME+56`($sp) + + fcfid $ba,$ba + fcfid $bb,$bb + fcfid $bc,$bc + fcfid $bd,$bd + fcfid $na,$na + fcfid $nb,$nb + fcfid $nc,$nc + fcfid $nd,$nd + + fmul $T1a,$A1,$ba + fmul $T1b,$A1,$bb + fmul $T2a,$A2,$ba + fmul $T2b,$A2,$bb + fmul $T3a,$A3,$ba + fmul $T3b,$A3,$bb + fmul $T0a,$A0,$ba + fmul $T0b,$A0,$bb + + fmadd $T1a,$A0,$bc,$T1a + fmadd $T1b,$A0,$bd,$T1b + fmadd $T2a,$A1,$bc,$T2a + fmadd $T2b,$A1,$bd,$T2b + fmadd $T3a,$A2,$bc,$T3a + fmadd $T3b,$A2,$bd,$T3b + fmul $dota,$A3,$bc + fmul $dotb,$A3,$bd + + fmadd $T1a,$N1,$na,$T1a + fmadd $T1b,$N1,$nb,$T1b + lfd $A0,8($nap_d) ; load a[j] in double format + lfd $A1,16($nap_d) + fmadd $T2a,$N2,$na,$T2a + fmadd $T2b,$N2,$nb,$T2b + lfd $A2,24($nap_d) ; load a[j+1] in double format + lfd $A3,32($nap_d) + fmadd $T3a,$N3,$na,$T3a + fmadd $T3b,$N3,$nb,$T3b + fmadd $T0a,$N0,$na,$T0a + fmadd $T0b,$N0,$nb,$T0b + + fmadd $T1a,$N0,$nc,$T1a + fmadd $T1b,$N0,$nd,$T1b + fmadd $T2a,$N1,$nc,$T2a + fmadd $T2b,$N1,$nd,$T2b + fmadd $T3a,$N2,$nc,$T3a + fmadd $T3b,$N2,$nd,$T3b + fmadd $dota,$N3,$nc,$dota + fmadd $dotb,$N3,$nd,$dotb + + fctid $T0a,$T0a + fctid $T0b,$T0b + fctid $T1a,$T1a + fctid $T1b,$T1b + fctid $T2a,$T2a + fctid $T2b,$T2b + fctid $T3a,$T3a + fctid $T3b,$T3b + + stfd $T0a,`$FRAME+0`($sp) + stfd $T0b,`$FRAME+8`($sp) + stfd $T1a,`$FRAME+16`($sp) + stfd $T1b,`$FRAME+24`($sp) + stfd $T2a,`$FRAME+32`($sp) + stfd $T2b,`$FRAME+40`($sp) + stfd $T3a,`$FRAME+48`($sp) + stfd $T3b,`$FRAME+56`($sp) + +.align 5 +Linner: + fmul $T1a,$A1,$ba + fmul $T1b,$A1,$bb + fmul $T2a,$A2,$ba + fmul $T2b,$A2,$bb + lfd $N0,40($nap_d) ; load n[j] in double format + lfd $N1,48($nap_d) + fmul $T3a,$A3,$ba + fmul $T3b,$A3,$bb + fmadd $T0a,$A0,$ba,$dota + fmadd $T0b,$A0,$bb,$dotb + lfd $N2,56($nap_d) ; load n[j+1] in double format + lfdu $N3,64($nap_d) + + fmadd $T1a,$A0,$bc,$T1a + fmadd $T1b,$A0,$bd,$T1b + fmadd $T2a,$A1,$bc,$T2a + fmadd $T2b,$A1,$bd,$T2b + lfd $A0,8($nap_d) ; load a[j] in double format + lfd $A1,16($nap_d) + fmadd $T3a,$A2,$bc,$T3a + fmadd $T3b,$A2,$bd,$T3b + fmul $dota,$A3,$bc + fmul $dotb,$A3,$bd + lfd $A2,24($nap_d) ; load a[j+1] in double format + lfd $A3,32($nap_d) + + fmadd $T1a,$N1,$na,$T1a + fmadd $T1b,$N1,$nb,$T1b + ld $t0,`$FRAME+0`($sp) + ld $t1,`$FRAME+8`($sp) + fmadd $T2a,$N2,$na,$T2a + fmadd $T2b,$N2,$nb,$T2b + ld $t2,`$FRAME+16`($sp) + ld $t3,`$FRAME+24`($sp) + fmadd $T3a,$N3,$na,$T3a + fmadd $T3b,$N3,$nb,$T3b + add $t0,$t0,$carry ; can not overflow + ld $t4,`$FRAME+32`($sp) + ld $t5,`$FRAME+40`($sp) + fmadd $T0a,$N0,$na,$T0a + fmadd $T0b,$N0,$nb,$T0b + srdi $carry,$t0,16 + add $t1,$t1,$carry + srdi $carry,$t1,16 + ld $t6,`$FRAME+48`($sp) + ld $t7,`$FRAME+56`($sp) + + fmadd $T1a,$N0,$nc,$T1a + fmadd $T1b,$N0,$nd,$T1b + insrdi $t0,$t1,16,32 + ld $t1,8($tp) ; tp[j] + fmadd $T2a,$N1,$nc,$T2a + fmadd $T2b,$N1,$nd,$T2b + add $t2,$t2,$carry + fmadd $T3a,$N2,$nc,$T3a + fmadd $T3b,$N2,$nd,$T3b + srdi $carry,$t2,16 + insrdi $t0,$t2,16,16 + fmadd $dota,$N3,$nc,$dota + fmadd $dotb,$N3,$nd,$dotb + add $t3,$t3,$carry + ldu $t2,16($tp) ; tp[j+1] + srdi $carry,$t3,16 + insrdi $t0,$t3,16,0 ; 0..63 bits + add $t4,$t4,$carry + + fctid $T0a,$T0a + fctid $T0b,$T0b + srdi $carry,$t4,16 + fctid $T1a,$T1a + fctid $T1b,$T1b + add $t5,$t5,$carry + fctid $T2a,$T2a + fctid $T2b,$T2b + srdi $carry,$t5,16 + insrdi $t4,$t5,16,32 + fctid $T3a,$T3a + fctid $T3b,$T3b + add $t6,$t6,$carry + srdi $carry,$t6,16 + insrdi $t4,$t6,16,16 + + stfd $T0a,`$FRAME+0`($sp) + stfd $T0b,`$FRAME+8`($sp) + add $t7,$t7,$carry + addc $t3,$t0,$t1 +___ +$code.=<<___ if ($SIZE_T==4); # adjust XER[CA] + extrdi $t0,$t0,32,0 + extrdi $t1,$t1,32,0 + adde $t0,$t0,$t1 +___ +$code.=<<___; + stfd $T1a,`$FRAME+16`($sp) + stfd $T1b,`$FRAME+24`($sp) + insrdi $t4,$t7,16,0 ; 64..127 bits + srdi $carry,$t7,16 ; upper 33 bits + stfd $T2a,`$FRAME+32`($sp) + stfd $T2b,`$FRAME+40`($sp) + adde $t5,$t4,$t2 +___ +$code.=<<___ if ($SIZE_T==4); # adjust XER[CA] + extrdi $t4,$t4,32,0 + extrdi $t2,$t2,32,0 + adde $t4,$t4,$t2 +___ +$code.=<<___; + stfd $T3a,`$FRAME+48`($sp) + stfd $T3b,`$FRAME+56`($sp) + addze $carry,$carry + std $t3,-16($tp) ; tp[j-1] + std $t5,-8($tp) ; tp[j] + bdnz- Linner + + fctid $dota,$dota + fctid $dotb,$dotb + ld $t0,`$FRAME+0`($sp) + ld $t1,`$FRAME+8`($sp) + ld $t2,`$FRAME+16`($sp) + ld $t3,`$FRAME+24`($sp) + ld $t4,`$FRAME+32`($sp) + ld $t5,`$FRAME+40`($sp) + ld $t6,`$FRAME+48`($sp) + ld $t7,`$FRAME+56`($sp) + stfd $dota,`$FRAME+64`($sp) + stfd $dotb,`$FRAME+72`($sp) + + add $t0,$t0,$carry ; can not overflow + srdi $carry,$t0,16 + add $t1,$t1,$carry + srdi $carry,$t1,16 + insrdi $t0,$t1,16,32 + add $t2,$t2,$carry + ld $t1,8($tp) ; tp[j] + srdi $carry,$t2,16 + insrdi $t0,$t2,16,16 + add $t3,$t3,$carry + ldu $t2,16($tp) ; tp[j+1] + srdi $carry,$t3,16 + insrdi $t0,$t3,16,0 ; 0..63 bits + add $t4,$t4,$carry + srdi $carry,$t4,16 + add $t5,$t5,$carry + srdi $carry,$t5,16 + insrdi $t4,$t5,16,32 + add $t6,$t6,$carry + srdi $carry,$t6,16 + insrdi $t4,$t6,16,16 + add $t7,$t7,$carry + insrdi $t4,$t7,16,0 ; 64..127 bits + srdi $carry,$t7,16 ; upper 33 bits + ld $t6,`$FRAME+64`($sp) + ld $t7,`$FRAME+72`($sp) + + addc $t3,$t0,$t1 +___ +$code.=<<___ if ($SIZE_T==4); # adjust XER[CA] + extrdi $t0,$t0,32,0 + extrdi $t1,$t1,32,0 + adde $t0,$t0,$t1 +___ +$code.=<<___; + adde $t5,$t4,$t2 +___ +$code.=<<___ if ($SIZE_T==4); # adjust XER[CA] + extrdi $t4,$t4,32,0 + extrdi $t2,$t2,32,0 + adde $t4,$t4,$t2 +___ +$code.=<<___; + addze $carry,$carry + + std $t3,-16($tp) ; tp[j-1] + std $t5,-8($tp) ; tp[j] + + add $carry,$carry,$ovf ; comsume upmost overflow + add $t6,$t6,$carry ; can not overflow + srdi $carry,$t6,16 + add $t7,$t7,$carry + insrdi $t6,$t7,48,0 + srdi $ovf,$t7,48 + std $t6,0($tp) ; tp[num-1] + + slwi $t7,$num,2 + addi $i,$i,8 + subf $nap_d,$t7,$nap_d ; rewind pointer + cmpw $i,$num + blt- Louter +___ + +$code.=<<___ if ($SIZE_T==8); + subf $np,$num,$np ; rewind np + addi $j,$j,1 ; restore counter + subfc $i,$i,$i ; j=0 and "clear" XER[CA] + addi $tp,$sp,`$FRAME+$TRANSFER+8` + addi $t4,$sp,`$FRAME+$TRANSFER+16` + addi $t5,$np,8 + addi $t6,$rp,8 + mtctr $j + +.align 4 +Lsub: ldx $t0,$tp,$i + ldx $t1,$np,$i + ldx $t2,$t4,$i + ldx $t3,$t5,$i + subfe $t0,$t1,$t0 ; tp[j]-np[j] + subfe $t2,$t3,$t2 ; tp[j+1]-np[j+1] + stdx $t0,$rp,$i + stdx $t2,$t6,$i + addi $i,$i,16 + bdnz- Lsub + + li $i,0 + subfe $ovf,$i,$ovf ; handle upmost overflow bit + and $ap,$tp,$ovf + andc $np,$rp,$ovf + or $ap,$ap,$np ; ap=borrow?tp:rp + addi $t7,$ap,8 + mtctr $j + +.align 4 +Lcopy: ; copy or in-place refresh + ldx $t0,$ap,$i + ldx $t1,$t7,$i + std $i,8($nap_d) ; zap nap_d + std $i,16($nap_d) + std $i,24($nap_d) + std $i,32($nap_d) + std $i,40($nap_d) + std $i,48($nap_d) + std $i,56($nap_d) + stdu $i,64($nap_d) + stdx $t0,$rp,$i + stdx $t1,$t6,$i + stdx $i,$tp,$i ; zap tp at once + stdx $i,$t4,$i + addi $i,$i,16 + bdnz- Lcopy +___ +$code.=<<___ if ($SIZE_T==4); + subf $np,$num,$np ; rewind np + addi $j,$j,1 ; restore counter + subfc $i,$i,$i ; j=0 and "clear" XER[CA] + addi $tp,$sp,`$FRAME+$TRANSFER` + addi $np,$np,-4 + addi $rp,$rp,-4 + addi $ap,$sp,`$FRAME+$TRANSFER+4` + mtctr $j + +.align 4 +Lsub: ld $t0,8($tp) ; load tp[j..j+3] in 64-bit word order + ldu $t2,16($tp) + lwz $t4,4($np) ; load np[j..j+3] in 32-bit word order + lwz $t5,8($np) + lwz $t6,12($np) + lwzu $t7,16($np) + extrdi $t1,$t0,32,0 + extrdi $t3,$t2,32,0 + subfe $t4,$t4,$t0 ; tp[j]-np[j] + stw $t0,4($ap) ; save tp[j..j+3] in 32-bit word order + subfe $t5,$t5,$t1 ; tp[j+1]-np[j+1] + stw $t1,8($ap) + subfe $t6,$t6,$t2 ; tp[j+2]-np[j+2] + stw $t2,12($ap) + subfe $t7,$t7,$t3 ; tp[j+3]-np[j+3] + stwu $t3,16($ap) + stw $t4,4($rp) + stw $t5,8($rp) + stw $t6,12($rp) + stwu $t7,16($rp) + bdnz- Lsub + + li $i,0 + subfe $ovf,$i,$ovf ; handle upmost overflow bit + addi $tp,$sp,`$FRAME+$TRANSFER+4` + subf $rp,$num,$rp ; rewind rp + and $ap,$tp,$ovf + andc $np,$rp,$ovf + or $ap,$ap,$np ; ap=borrow?tp:rp + addi $tp,$sp,`$FRAME+$TRANSFER` + mtctr $j + +.align 4 +Lcopy: ; copy or in-place refresh + lwz $t0,4($ap) + lwz $t1,8($ap) + lwz $t2,12($ap) + lwzu $t3,16($ap) + std $i,8($nap_d) ; zap nap_d + std $i,16($nap_d) + std $i,24($nap_d) + std $i,32($nap_d) + std $i,40($nap_d) + std $i,48($nap_d) + std $i,56($nap_d) + stdu $i,64($nap_d) + stw $t0,4($rp) + stw $t1,8($rp) + stw $t2,12($rp) + stwu $t3,16($rp) + std $i,8($tp) ; zap tp at once + stdu $i,16($tp) + bdnz- Lcopy +___ + +$code.=<<___; + $POP $i,0($sp) + li r3,1 ; signal "handled" + $POP r22,`-12*8-10*$SIZE_T`($i) + $POP r23,`-12*8-9*$SIZE_T`($i) + $POP r24,`-12*8-8*$SIZE_T`($i) + $POP r25,`-12*8-7*$SIZE_T`($i) + $POP r26,`-12*8-6*$SIZE_T`($i) + $POP r27,`-12*8-5*$SIZE_T`($i) + $POP r28,`-12*8-4*$SIZE_T`($i) + $POP r29,`-12*8-3*$SIZE_T`($i) + $POP r30,`-12*8-2*$SIZE_T`($i) + $POP r31,`-12*8-1*$SIZE_T`($i) + lfd f20,`-12*8`($i) + lfd f21,`-11*8`($i) + lfd f22,`-10*8`($i) + lfd f23,`-9*8`($i) + lfd f24,`-8*8`($i) + lfd f25,`-7*8`($i) + lfd f26,`-6*8`($i) + lfd f27,`-5*8`($i) + lfd f28,`-4*8`($i) + lfd f29,`-3*8`($i) + lfd f30,`-2*8`($i) + lfd f31,`-1*8`($i) + mr $sp,$i + blr + .long 0 + .byte 0,12,4,0,0x8c,10,6,0 + .long 0 + +.asciz "Montgomery Multiplication for PPC64, CRYPTOGAMS by " +___ + +$code =~ s/\`([^\`]*)\`/eval $1/gem; +print $code; +close STDOUT; diff --git a/src/lib/libcrypto/bn/asm/r3000.s b/src/lib/libcrypto/bn/asm/r3000.s deleted file mode 100644 index e95269afa38..00000000000 --- a/src/lib/libcrypto/bn/asm/r3000.s +++ /dev/null @@ -1,646 +0,0 @@ - .file 1 "../bn_mulw.c" - .set nobopt - .option pic2 - - # GNU C 2.6.3 [AL 1.1, MM 40] SGI running IRIX 5.0 compiled by GNU C - - # Cc1 defaults: - # -mabicalls - - # Cc1 arguments (-G value = 0, Cpu = 3000, ISA = 1): - # -quiet -dumpbase -O2 -o - -gcc2_compiled.: -__gnu_compiled_c: - .rdata - - .byte 0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f - .byte 0x6e,0x3a,0x20,0x31,0x2e,0x34,0x39,0x20 - .byte 0x24,0x0 - - .byte 0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f - .byte 0x6e,0x3a,0x20,0x31,0x2e,0x33,0x34,0x20 - .byte 0x24,0x0 - - .byte 0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f - .byte 0x6e,0x3a,0x20,0x31,0x2e,0x35,0x20,0x24 - .byte 0x0 - - .byte 0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f - .byte 0x6e,0x3a,0x20,0x31,0x2e,0x38,0x20,0x24 - .byte 0x0 - - .byte 0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f - .byte 0x6e,0x3a,0x20,0x31,0x2e,0x32,0x33,0x20 - .byte 0x24,0x0 - - .byte 0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f - .byte 0x6e,0x3a,0x20,0x31,0x2e,0x37,0x38,0x20 - .byte 0x24,0x0 - - .byte 0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f - .byte 0x6e,0x3a,0x20,0x33,0x2e,0x37,0x30,0x20 - .byte 0x24,0x0 - - .byte 0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f - .byte 0x6e,0x3a,0x20,0x31,0x2e,0x32,0x20,0x24 - .byte 0x0 - - .byte 0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f - .byte 0x6e,0x3a,0x20,0x31,0x2e,0x34,0x20,0x24 - .byte 0x0 - - .byte 0x24,0x52,0x65,0x76,0x69,0x73,0x69,0x6f - .byte 0x6e,0x3a,0x20,0x31,0x2e,0x38,0x20,0x24 - .byte 0x0 - .text - .align 2 - .globl bn_mul_add_words - .ent bn_mul_add_words -bn_mul_add_words: - .frame $sp,0,$31 # vars= 0, regs= 0/0, args= 0, extra= 0 - .mask 0x00000000,0 - .fmask 0x00000000,0 - .set noreorder - .cpload $25 - .set reorder - move $12,$4 - move $14,$5 - move $9,$6 - move $13,$7 - move $8,$0 - addu $10,$12,12 - addu $11,$14,12 -$L2: - lw $6,0($14) - #nop - multu $13,$6 - mfhi $6 - mflo $7 - #nop - move $5,$8 - move $4,$0 - lw $3,0($12) - addu $9,$9,-1 - move $2,$0 - addu $7,$7,$3 - sltu $8,$7,$3 - addu $6,$6,$2 - addu $6,$6,$8 - addu $7,$7,$5 - sltu $2,$7,$5 - addu $6,$6,$4 - addu $6,$6,$2 - srl $3,$6,0 - move $2,$0 - move $8,$3 - .set noreorder - .set nomacro - beq $9,$0,$L3 - sw $7,0($12) - .set macro - .set reorder - - lw $6,-8($11) - #nop - multu $13,$6 - mfhi $6 - mflo $7 - #nop - move $5,$8 - move $4,$0 - lw $3,-8($10) - addu $9,$9,-1 - move $2,$0 - addu $7,$7,$3 - sltu $8,$7,$3 - addu $6,$6,$2 - addu $6,$6,$8 - addu $7,$7,$5 - sltu $2,$7,$5 - addu $6,$6,$4 - addu $6,$6,$2 - srl $3,$6,0 - move $2,$0 - move $8,$3 - .set noreorder - .set nomacro - beq $9,$0,$L3 - sw $7,-8($10) - .set macro - .set reorder - - lw $6,-4($11) - #nop - multu $13,$6 - mfhi $6 - mflo $7 - #nop - move $5,$8 - move $4,$0 - lw $3,-4($10) - addu $9,$9,-1 - move $2,$0 - addu $7,$7,$3 - sltu $8,$7,$3 - addu $6,$6,$2 - addu $6,$6,$8 - addu $7,$7,$5 - sltu $2,$7,$5 - addu $6,$6,$4 - addu $6,$6,$2 - srl $3,$6,0 - move $2,$0 - move $8,$3 - .set noreorder - .set nomacro - beq $9,$0,$L3 - sw $7,-4($10) - .set macro - .set reorder - - lw $6,0($11) - #nop - multu $13,$6 - mfhi $6 - mflo $7 - #nop - move $5,$8 - move $4,$0 - lw $3,0($10) - addu $9,$9,-1 - move $2,$0 - addu $7,$7,$3 - sltu $8,$7,$3 - addu $6,$6,$2 - addu $6,$6,$8 - addu $7,$7,$5 - sltu $2,$7,$5 - addu $6,$6,$4 - addu $6,$6,$2 - srl $3,$6,0 - move $2,$0 - move $8,$3 - .set noreorder - .set nomacro - beq $9,$0,$L3 - sw $7,0($10) - .set macro - .set reorder - - addu $11,$11,16 - addu $14,$14,16 - addu $10,$10,16 - .set noreorder - .set nomacro - j $L2 - addu $12,$12,16 - .set macro - .set reorder - -$L3: - .set noreorder - .set nomacro - j $31 - move $2,$8 - .set macro - .set reorder - - .end bn_mul_add_words - .align 2 - .globl bn_mul_words - .ent bn_mul_words -bn_mul_words: - .frame $sp,0,$31 # vars= 0, regs= 0/0, args= 0, extra= 0 - .mask 0x00000000,0 - .fmask 0x00000000,0 - .set noreorder - .cpload $25 - .set reorder - move $11,$4 - move $12,$5 - move $8,$6 - move $6,$0 - addu $10,$11,12 - addu $9,$12,12 -$L10: - lw $4,0($12) - #nop - multu $7,$4 - mfhi $4 - mflo $5 - #nop - move $3,$6 - move $2,$0 - addu $8,$8,-1 - addu $5,$5,$3 - sltu $6,$5,$3 - addu $4,$4,$2 - addu $4,$4,$6 - srl $3,$4,0 - move $2,$0 - move $6,$3 - .set noreorder - .set nomacro - beq $8,$0,$L11 - sw $5,0($11) - .set macro - .set reorder - - lw $4,-8($9) - #nop - multu $7,$4 - mfhi $4 - mflo $5 - #nop - move $3,$6 - move $2,$0 - addu $8,$8,-1 - addu $5,$5,$3 - sltu $6,$5,$3 - addu $4,$4,$2 - addu $4,$4,$6 - srl $3,$4,0 - move $2,$0 - move $6,$3 - .set noreorder - .set nomacro - beq $8,$0,$L11 - sw $5,-8($10) - .set macro - .set reorder - - lw $4,-4($9) - #nop - multu $7,$4 - mfhi $4 - mflo $5 - #nop - move $3,$6 - move $2,$0 - addu $8,$8,-1 - addu $5,$5,$3 - sltu $6,$5,$3 - addu $4,$4,$2 - addu $4,$4,$6 - srl $3,$4,0 - move $2,$0 - move $6,$3 - .set noreorder - .set nomacro - beq $8,$0,$L11 - sw $5,-4($10) - .set macro - .set reorder - - lw $4,0($9) - #nop - multu $7,$4 - mfhi $4 - mflo $5 - #nop - move $3,$6 - move $2,$0 - addu $8,$8,-1 - addu $5,$5,$3 - sltu $6,$5,$3 - addu $4,$4,$2 - addu $4,$4,$6 - srl $3,$4,0 - move $2,$0 - move $6,$3 - .set noreorder - .set nomacro - beq $8,$0,$L11 - sw $5,0($10) - .set macro - .set reorder - - addu $9,$9,16 - addu $12,$12,16 - addu $10,$10,16 - .set noreorder - .set nomacro - j $L10 - addu $11,$11,16 - .set macro - .set reorder - -$L11: - .set noreorder - .set nomacro - j $31 - move $2,$6 - .set macro - .set reorder - - .end bn_mul_words - .align 2 - .globl bn_sqr_words - .ent bn_sqr_words -bn_sqr_words: - .frame $sp,0,$31 # vars= 0, regs= 0/0, args= 0, extra= 0 - .mask 0x00000000,0 - .fmask 0x00000000,0 - .set noreorder - .cpload $25 - .set reorder - move $9,$4 - addu $7,$9,28 - addu $8,$5,12 -$L18: - lw $2,0($5) - #nop - multu $2,$2 - mfhi $2 - mflo $3 - #nop - addu $6,$6,-1 - sw $3,0($9) - srl $3,$2,0 - move $2,$0 - .set noreorder - .set nomacro - beq $6,$0,$L19 - sw $3,-24($7) - .set macro - .set reorder - - lw $2,-8($8) - #nop - multu $2,$2 - mfhi $2 - mflo $3 - #nop - addu $6,$6,-1 - sw $3,-20($7) - srl $3,$2,0 - move $2,$0 - .set noreorder - .set nomacro - beq $6,$0,$L19 - sw $3,-16($7) - .set macro - .set reorder - - lw $2,-4($8) - #nop - multu $2,$2 - mfhi $2 - mflo $3 - #nop - addu $6,$6,-1 - sw $3,-12($7) - srl $3,$2,0 - move $2,$0 - .set noreorder - .set nomacro - beq $6,$0,$L19 - sw $3,-8($7) - .set macro - .set reorder - - lw $2,0($8) - #nop - multu $2,$2 - mfhi $2 - mflo $3 - #nop - addu $6,$6,-1 - sw $3,-4($7) - srl $3,$2,0 - move $2,$0 - .set noreorder - .set nomacro - beq $6,$0,$L19 - sw $3,0($7) - .set macro - .set reorder - - addu $8,$8,16 - addu $5,$5,16 - addu $7,$7,32 - .set noreorder - .set nomacro - j $L18 - addu $9,$9,32 - .set macro - .set reorder - -$L19: - j $31 - .end bn_sqr_words - .rdata - .align 2 -$LC0: - - .byte 0x44,0x69,0x76,0x69,0x73,0x69,0x6f,0x6e - .byte 0x20,0x77,0x6f,0x75,0x6c,0x64,0x20,0x6f - .byte 0x76,0x65,0x72,0x66,0x6c,0x6f,0x77,0xa - .byte 0x0 - .text - .align 2 - .globl bn_div64 - .ent bn_div64 -bn_div64: - .frame $sp,56,$31 # vars= 0, regs= 7/0, args= 16, extra= 8 - .mask 0x901f0000,-8 - .fmask 0x00000000,0 - .set noreorder - .cpload $25 - .set reorder - subu $sp,$sp,56 - .cprestore 16 - sw $16,24($sp) - move $16,$4 - sw $17,28($sp) - move $17,$5 - sw $18,32($sp) - move $18,$6 - sw $20,40($sp) - move $20,$0 - sw $19,36($sp) - li $19,0x00000002 # 2 - sw $31,48($sp) - .set noreorder - .set nomacro - bne $18,$0,$L26 - sw $28,44($sp) - .set macro - .set reorder - - .set noreorder - .set nomacro - j $L43 - li $2,-1 # 0xffffffff - .set macro - .set reorder - -$L26: - move $4,$18 - jal BN_num_bits_word - move $4,$2 - li $2,0x00000020 # 32 - .set noreorder - .set nomacro - beq $4,$2,$L27 - li $2,0x00000001 # 1 - .set macro - .set reorder - - sll $2,$2,$4 - sltu $2,$2,$16 - .set noreorder - .set nomacro - beq $2,$0,$L44 - li $5,0x00000020 # 32 - .set macro - .set reorder - - la $4,__iob+32 - la $5,$LC0 - jal fprintf - jal abort -$L27: - li $5,0x00000020 # 32 -$L44: - sltu $2,$16,$18 - .set noreorder - .set nomacro - bne $2,$0,$L28 - subu $4,$5,$4 - .set macro - .set reorder - - subu $16,$16,$18 -$L28: - .set noreorder - .set nomacro - beq $4,$0,$L29 - li $10,-65536 # 0xffff0000 - .set macro - .set reorder - - sll $18,$18,$4 - sll $3,$16,$4 - subu $2,$5,$4 - srl $2,$17,$2 - or $16,$3,$2 - sll $17,$17,$4 -$L29: - srl $7,$18,16 - andi $9,$18,0xffff -$L30: - srl $2,$16,16 - .set noreorder - .set nomacro - beq $2,$7,$L34 - li $6,0x0000ffff # 65535 - .set macro - .set reorder - - divu $6,$16,$7 -$L34: - mult $6,$9 - mflo $5 - #nop - #nop - mult $6,$7 - and $2,$17,$10 - srl $8,$2,16 - mflo $4 -$L35: - subu $3,$16,$4 - and $2,$3,$10 - .set noreorder - .set nomacro - bne $2,$0,$L36 - sll $2,$3,16 - .set macro - .set reorder - - addu $2,$2,$8 - sltu $2,$2,$5 - .set noreorder - .set nomacro - beq $2,$0,$L36 - subu $5,$5,$9 - .set macro - .set reorder - - subu $4,$4,$7 - .set noreorder - .set nomacro - j $L35 - addu $6,$6,-1 - .set macro - .set reorder - -$L36: - mult $6,$7 - mflo $5 - #nop - #nop - mult $6,$9 - mflo $4 - #nop - #nop - srl $3,$4,16 - sll $2,$4,16 - and $4,$2,$10 - sltu $2,$17,$4 - .set noreorder - .set nomacro - beq $2,$0,$L40 - addu $5,$5,$3 - .set macro - .set reorder - - addu $5,$5,1 -$L40: - sltu $2,$16,$5 - .set noreorder - .set nomacro - beq $2,$0,$L41 - subu $17,$17,$4 - .set macro - .set reorder - - addu $16,$16,$18 - addu $6,$6,-1 -$L41: - addu $19,$19,-1 - .set noreorder - .set nomacro - beq $19,$0,$L31 - subu $16,$16,$5 - .set macro - .set reorder - - sll $20,$6,16 - sll $3,$16,16 - srl $2,$17,16 - or $16,$3,$2 - .set noreorder - .set nomacro - j $L30 - sll $17,$17,16 - .set macro - .set reorder - -$L31: - or $2,$20,$6 -$L43: - lw $31,48($sp) - lw $20,40($sp) - lw $19,36($sp) - lw $18,32($sp) - lw $17,28($sp) - lw $16,24($sp) - addu $sp,$sp,56 - j $31 - .end bn_div64 - - .globl abort .text - .globl fprintf .text - .globl BN_num_bits_word .text diff --git a/src/lib/libcrypto/bn/asm/sparcv8plus.S b/src/lib/libcrypto/bn/asm/sparcv8plus.S index 0074dfdb750..02ad6069c2c 100644 --- a/src/lib/libcrypto/bn/asm/sparcv8plus.S +++ b/src/lib/libcrypto/bn/asm/sparcv8plus.S @@ -13,7 +13,7 @@ */ /* - * This is my modest contributon to OpenSSL project (see + * This is my modest contribution to OpenSSL project (see * http://www.openssl.org/ for more information about it) and is * a drop-in UltraSPARC ISA replacement for crypto/bn/bn_asm.c * module. For updates see http://fy.chalmers.se/~appro/hpe/. @@ -52,7 +52,7 @@ * # cd ../.. * # make; make test * - * Q. V8plus achitecture? What kind of beast is that? + * Q. V8plus architecture? What kind of beast is that? * A. Well, it's rather a programming model than an architecture... * It's actually v9-compliant, i.e. *any* UltraSPARC, CPU under * special conditions, namely when kernel doesn't preserve upper @@ -71,7 +71,7 @@ * * Q. 64-bit registers under 32-bit kernels? Didn't you just say it * doesn't work? - * A. You can't adress *all* registers as 64-bit wide:-( The catch is + * A. You can't address *all* registers as 64-bit wide:-( The catch is * that you actually may rely upon %o0-%o5 and %g1-%g4 being fully * preserved if you're in a leaf function, i.e. such never calling * any other functions. All functions in this module are leaf and @@ -144,6 +144,19 @@ * } */ +#if defined(__SUNPRO_C) && defined(__sparcv9) + /* They've said -xarch=v9 at command line */ + .register %g2,#scratch + .register %g3,#scratch +# define FRAME_SIZE -192 +#elif defined(__GNUC__) && defined(__arch64__) + /* They've said -m64 at command line */ + .register %g2,#scratch + .register %g3,#scratch +# define FRAME_SIZE -192 +#else +# define FRAME_SIZE -96 +#endif /* * GNU assembler can't stand stuw:-( */ @@ -162,10 +175,14 @@ * BN_ULONG w; */ bn_mul_add_words: + sra %o2,%g0,%o2 ! signx %o2 brgz,a %o2,.L_bn_mul_add_words_proceed lduw [%o1],%g2 retl clr %o0 + nop + nop + nop .L_bn_mul_add_words_proceed: srl %o3,%g0,%o3 ! clruw %o3 @@ -260,10 +277,14 @@ bn_mul_add_words: * BN_ULONG w; */ bn_mul_words: + sra %o2,%g0,%o2 ! signx %o2 brgz,a %o2,.L_bn_mul_words_proceeed lduw [%o1],%g2 retl clr %o0 + nop + nop + nop .L_bn_mul_words_proceeed: srl %o3,%g0,%o3 ! clruw %o3 @@ -344,10 +365,14 @@ bn_mul_words: * int n; */ bn_sqr_words: + sra %o2,%g0,%o2 ! signx %o2 brgz,a %o2,.L_bn_sqr_words_proceeed lduw [%o1],%g2 retl clr %o0 + nop + nop + nop .L_bn_sqr_words_proceeed: andcc %o2,-4,%g0 @@ -445,6 +470,7 @@ bn_div_words: * int n; */ bn_add_words: + sra %o3,%g0,%o3 ! signx %o3 brgz,a %o3,.L_bn_add_words_proceed lduw [%o1],%o4 retl @@ -454,7 +480,6 @@ bn_add_words: andcc %o3,-4,%g0 bz,pn %icc,.L_bn_add_words_tail addcc %g0,0,%g0 ! clear carry flag - nop .L_bn_add_words_loop: ! wow! 32 aligned! dec 4,%o3 @@ -523,6 +548,7 @@ bn_add_words: * int n; */ bn_sub_words: + sra %o3,%g0,%o3 ! signx %o3 brgz,a %o3,.L_bn_sub_words_proceed lduw [%o1],%o4 retl @@ -532,7 +558,6 @@ bn_sub_words: andcc %o3,-4,%g0 bz,pn %icc,.L_bn_sub_words_tail addcc %g0,0,%g0 ! clear carry flag - nop .L_bn_sub_words_loop: ! wow! 32 aligned! dec 4,%o3 @@ -607,8 +632,6 @@ bn_sub_words: * Andy. */ -#define FRAME_SIZE -96 - /* * Here is register usage map for *all* routines below. */ diff --git a/src/lib/libcrypto/bn/asm/sparcv9-mont.pl b/src/lib/libcrypto/bn/asm/sparcv9-mont.pl new file mode 100644 index 00000000000..b8fb1e8a25d --- /dev/null +++ b/src/lib/libcrypto/bn/asm/sparcv9-mont.pl @@ -0,0 +1,606 @@ +#!/usr/bin/env perl + +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# December 2005 +# +# Pure SPARCv9/8+ and IALU-only bn_mul_mont implementation. The reasons +# for undertaken effort are multiple. First of all, UltraSPARC is not +# the whole SPARCv9 universe and other VIS-free implementations deserve +# optimized code as much. Secondly, newly introduced UltraSPARC T1, +# a.k.a. Niagara, has shared FPU and concurrent FPU-intensive pathes, +# such as sparcv9a-mont, will simply sink it. Yes, T1 is equipped with +# several integrated RSA/DSA accelerator circuits accessible through +# kernel driver [only(*)], but having decent user-land software +# implementation is important too. Finally, reasons like desire to +# experiment with dedicated squaring procedure. Yes, this module +# implements one, because it was easiest to draft it in SPARCv9 +# instructions... + +# (*) Engine accessing the driver in question is on my TODO list. +# For reference, acceleator is estimated to give 6 to 10 times +# improvement on single-threaded RSA sign. It should be noted +# that 6-10x improvement coefficient does not actually mean +# something extraordinary in terms of absolute [single-threaded] +# performance, as SPARCv9 instruction set is by all means least +# suitable for high performance crypto among other 64 bit +# platforms. 6-10x factor simply places T1 in same performance +# domain as say AMD64 and IA-64. Improvement of RSA verify don't +# appear impressive at all, but it's the sign operation which is +# far more critical/interesting. + +# You might notice that inner loops are modulo-scheduled:-) This has +# essentially negligible impact on UltraSPARC performance, it's +# Fujitsu SPARC64 V users who should notice and hopefully appreciate +# the advantage... Currently this module surpasses sparcv9a-mont.pl +# by ~20% on UltraSPARC-III and later cores, but recall that sparcv9a +# module still have hidden potential [see TODO list there], which is +# estimated to be larger than 20%... + +# int bn_mul_mont( +$rp="%i0"; # BN_ULONG *rp, +$ap="%i1"; # const BN_ULONG *ap, +$bp="%i2"; # const BN_ULONG *bp, +$np="%i3"; # const BN_ULONG *np, +$n0="%i4"; # const BN_ULONG *n0, +$num="%i5"; # int num); + +$bits=32; +for (@ARGV) { $bits=64 if (/\-m64/ || /\-xarch\=v9/); } +if ($bits==64) { $bias=2047; $frame=192; } +else { $bias=0; $frame=128; } + +$car0="%o0"; +$car1="%o1"; +$car2="%o2"; # 1 bit +$acc0="%o3"; +$acc1="%o4"; +$mask="%g1"; # 32 bits, what a waste... +$tmp0="%g4"; +$tmp1="%g5"; + +$i="%l0"; +$j="%l1"; +$mul0="%l2"; +$mul1="%l3"; +$tp="%l4"; +$apj="%l5"; +$npj="%l6"; +$tpj="%l7"; + +$fname="bn_mul_mont_int"; + +$code=<<___; +.section ".text",#alloc,#execinstr + +.global $fname +.align 32 +$fname: + cmp %o5,4 ! 128 bits minimum + bge,pt %icc,.Lenter + sethi %hi(0xffffffff),$mask + retl + clr %o0 +.align 32 +.Lenter: + save %sp,-$frame,%sp + sll $num,2,$num ! num*=4 + or $mask,%lo(0xffffffff),$mask + ld [$n0],$n0 + cmp $ap,$bp + and $num,$mask,$num + ld [$bp],$mul0 ! bp[0] + nop + + add %sp,$bias,%o7 ! real top of stack + ld [$ap],$car0 ! ap[0] ! redundant in squaring context + sub %o7,$num,%o7 + ld [$ap+4],$apj ! ap[1] + and %o7,-1024,%o7 + ld [$np],$car1 ! np[0] + sub %o7,$bias,%sp ! alloca + ld [$np+4],$npj ! np[1] + be,pt `$bits==32?"%icc":"%xcc"`,.Lbn_sqr_mont + mov 12,$j + + mulx $car0,$mul0,$car0 ! ap[0]*bp[0] + mulx $apj,$mul0,$tmp0 !prologue! ap[1]*bp[0] + and $car0,$mask,$acc0 + add %sp,$bias+$frame,$tp + ld [$ap+8],$apj !prologue! + + mulx $n0,$acc0,$mul1 ! "t[0]"*n0 + and $mul1,$mask,$mul1 + + mulx $car1,$mul1,$car1 ! np[0]*"t[0]"*n0 + mulx $npj,$mul1,$acc1 !prologue! np[1]*"t[0]"*n0 + srlx $car0,32,$car0 + add $acc0,$car1,$car1 + ld [$np+8],$npj !prologue! + srlx $car1,32,$car1 + mov $tmp0,$acc0 !prologue! + +.L1st: + mulx $apj,$mul0,$tmp0 + mulx $npj,$mul1,$tmp1 + add $acc0,$car0,$car0 + ld [$ap+$j],$apj ! ap[j] + and $car0,$mask,$acc0 + add $acc1,$car1,$car1 + ld [$np+$j],$npj ! np[j] + srlx $car0,32,$car0 + add $acc0,$car1,$car1 + add $j,4,$j ! j++ + mov $tmp0,$acc0 + st $car1,[$tp] + cmp $j,$num + mov $tmp1,$acc1 + srlx $car1,32,$car1 + bl %icc,.L1st + add $tp,4,$tp ! tp++ +!.L1st + + mulx $apj,$mul0,$tmp0 !epilogue! + mulx $npj,$mul1,$tmp1 + add $acc0,$car0,$car0 + and $car0,$mask,$acc0 + add $acc1,$car1,$car1 + srlx $car0,32,$car0 + add $acc0,$car1,$car1 + st $car1,[$tp] + srlx $car1,32,$car1 + + add $tmp0,$car0,$car0 + and $car0,$mask,$acc0 + add $tmp1,$car1,$car1 + srlx $car0,32,$car0 + add $acc0,$car1,$car1 + st $car1,[$tp+4] + srlx $car1,32,$car1 + + add $car0,$car1,$car1 + st $car1,[$tp+8] + srlx $car1,32,$car2 + + mov 4,$i ! i++ + ld [$bp+4],$mul0 ! bp[1] +.Louter: + add %sp,$bias+$frame,$tp + ld [$ap],$car0 ! ap[0] + ld [$ap+4],$apj ! ap[1] + ld [$np],$car1 ! np[0] + ld [$np+4],$npj ! np[1] + ld [$tp],$tmp1 ! tp[0] + ld [$tp+4],$tpj ! tp[1] + mov 12,$j + + mulx $car0,$mul0,$car0 + mulx $apj,$mul0,$tmp0 !prologue! + add $tmp1,$car0,$car0 + ld [$ap+8],$apj !prologue! + and $car0,$mask,$acc0 + + mulx $n0,$acc0,$mul1 + and $mul1,$mask,$mul1 + + mulx $car1,$mul1,$car1 + mulx $npj,$mul1,$acc1 !prologue! + srlx $car0,32,$car0 + add $acc0,$car1,$car1 + ld [$np+8],$npj !prologue! + srlx $car1,32,$car1 + mov $tmp0,$acc0 !prologue! + +.Linner: + mulx $apj,$mul0,$tmp0 + mulx $npj,$mul1,$tmp1 + add $tpj,$car0,$car0 + ld [$ap+$j],$apj ! ap[j] + add $acc0,$car0,$car0 + add $acc1,$car1,$car1 + ld [$np+$j],$npj ! np[j] + and $car0,$mask,$acc0 + ld [$tp+8],$tpj ! tp[j] + srlx $car0,32,$car0 + add $acc0,$car1,$car1 + add $j,4,$j ! j++ + mov $tmp0,$acc0 + st $car1,[$tp] ! tp[j-1] + srlx $car1,32,$car1 + mov $tmp1,$acc1 + cmp $j,$num + bl %icc,.Linner + add $tp,4,$tp ! tp++ +!.Linner + + mulx $apj,$mul0,$tmp0 !epilogue! + mulx $npj,$mul1,$tmp1 + add $tpj,$car0,$car0 + add $acc0,$car0,$car0 + ld [$tp+8],$tpj ! tp[j] + and $car0,$mask,$acc0 + add $acc1,$car1,$car1 + srlx $car0,32,$car0 + add $acc0,$car1,$car1 + st $car1,[$tp] ! tp[j-1] + srlx $car1,32,$car1 + + add $tpj,$car0,$car0 + add $tmp0,$car0,$car0 + and $car0,$mask,$acc0 + add $tmp1,$car1,$car1 + add $acc0,$car1,$car1 + st $car1,[$tp+4] ! tp[j-1] + srlx $car0,32,$car0 + add $i,4,$i ! i++ + srlx $car1,32,$car1 + + add $car0,$car1,$car1 + cmp $i,$num + add $car2,$car1,$car1 + st $car1,[$tp+8] + + srlx $car1,32,$car2 + bl,a %icc,.Louter + ld [$bp+$i],$mul0 ! bp[i] +!.Louter + + add $tp,12,$tp + +.Ltail: + add $np,$num,$np + add $rp,$num,$rp + mov $tp,$ap + sub %g0,$num,%o7 ! k=-num + ba .Lsub + subcc %g0,%g0,%g0 ! clear %icc.c +.align 16 +.Lsub: + ld [$tp+%o7],%o0 + ld [$np+%o7],%o1 + subccc %o0,%o1,%o1 ! tp[j]-np[j] + add $rp,%o7,$i + add %o7,4,%o7 + brnz %o7,.Lsub + st %o1,[$i] + subc $car2,0,$car2 ! handle upmost overflow bit + and $tp,$car2,$ap + andn $rp,$car2,$np + or $ap,$np,$ap + sub %g0,$num,%o7 + +.Lcopy: + ld [$ap+%o7],%o0 ! copy or in-place refresh + st %g0,[$tp+%o7] ! zap tp + st %o0,[$rp+%o7] + add %o7,4,%o7 + brnz %o7,.Lcopy + nop + mov 1,%i0 + ret + restore +___ + +######## +######## .Lbn_sqr_mont gives up to 20% *overall* improvement over +######## code without following dedicated squaring procedure. +######## +$sbit="%i2"; # re-use $bp! + +$code.=<<___; +.align 32 +.Lbn_sqr_mont: + mulx $mul0,$mul0,$car0 ! ap[0]*ap[0] + mulx $apj,$mul0,$tmp0 !prologue! + and $car0,$mask,$acc0 + add %sp,$bias+$frame,$tp + ld [$ap+8],$apj !prologue! + + mulx $n0,$acc0,$mul1 ! "t[0]"*n0 + srlx $car0,32,$car0 + and $mul1,$mask,$mul1 + + mulx $car1,$mul1,$car1 ! np[0]*"t[0]"*n0 + mulx $npj,$mul1,$acc1 !prologue! + and $car0,1,$sbit + ld [$np+8],$npj !prologue! + srlx $car0,1,$car0 + add $acc0,$car1,$car1 + srlx $car1,32,$car1 + mov $tmp0,$acc0 !prologue! + +.Lsqr_1st: + mulx $apj,$mul0,$tmp0 + mulx $npj,$mul1,$tmp1 + add $acc0,$car0,$car0 ! ap[j]*a0+c0 + add $acc1,$car1,$car1 + ld [$ap+$j],$apj ! ap[j] + and $car0,$mask,$acc0 + ld [$np+$j],$npj ! np[j] + srlx $car0,32,$car0 + add $acc0,$acc0,$acc0 + or $sbit,$acc0,$acc0 + mov $tmp1,$acc1 + srlx $acc0,32,$sbit + add $j,4,$j ! j++ + and $acc0,$mask,$acc0 + cmp $j,$num + add $acc0,$car1,$car1 + st $car1,[$tp] + mov $tmp0,$acc0 + srlx $car1,32,$car1 + bl %icc,.Lsqr_1st + add $tp,4,$tp ! tp++ +!.Lsqr_1st + + mulx $apj,$mul0,$tmp0 ! epilogue + mulx $npj,$mul1,$tmp1 + add $acc0,$car0,$car0 ! ap[j]*a0+c0 + add $acc1,$car1,$car1 + and $car0,$mask,$acc0 + srlx $car0,32,$car0 + add $acc0,$acc0,$acc0 + or $sbit,$acc0,$acc0 + srlx $acc0,32,$sbit + and $acc0,$mask,$acc0 + add $acc0,$car1,$car1 + st $car1,[$tp] + srlx $car1,32,$car1 + + add $tmp0,$car0,$car0 ! ap[j]*a0+c0 + add $tmp1,$car1,$car1 + and $car0,$mask,$acc0 + srlx $car0,32,$car0 + add $acc0,$acc0,$acc0 + or $sbit,$acc0,$acc0 + srlx $acc0,32,$sbit + and $acc0,$mask,$acc0 + add $acc0,$car1,$car1 + st $car1,[$tp+4] + srlx $car1,32,$car1 + + add $car0,$car0,$car0 + or $sbit,$car0,$car0 + add $car0,$car1,$car1 + st $car1,[$tp+8] + srlx $car1,32,$car2 + + ld [%sp+$bias+$frame],$tmp0 ! tp[0] + ld [%sp+$bias+$frame+4],$tmp1 ! tp[1] + ld [%sp+$bias+$frame+8],$tpj ! tp[2] + ld [$ap+4],$mul0 ! ap[1] + ld [$ap+8],$apj ! ap[2] + ld [$np],$car1 ! np[0] + ld [$np+4],$npj ! np[1] + mulx $n0,$tmp0,$mul1 + + mulx $mul0,$mul0,$car0 + and $mul1,$mask,$mul1 + + mulx $car1,$mul1,$car1 + mulx $npj,$mul1,$acc1 + add $tmp0,$car1,$car1 + and $car0,$mask,$acc0 + ld [$np+8],$npj ! np[2] + srlx $car1,32,$car1 + add $tmp1,$car1,$car1 + srlx $car0,32,$car0 + add $acc0,$car1,$car1 + and $car0,1,$sbit + add $acc1,$car1,$car1 + srlx $car0,1,$car0 + mov 12,$j + st $car1,[%sp+$bias+$frame] ! tp[0]= + srlx $car1,32,$car1 + add %sp,$bias+$frame+4,$tp + +.Lsqr_2nd: + mulx $apj,$mul0,$acc0 + mulx $npj,$mul1,$acc1 + add $acc0,$car0,$car0 + add $tpj,$car1,$car1 + ld [$ap+$j],$apj ! ap[j] + and $car0,$mask,$acc0 + ld [$np+$j],$npj ! np[j] + srlx $car0,32,$car0 + add $acc1,$car1,$car1 + ld [$tp+8],$tpj ! tp[j] + add $acc0,$acc0,$acc0 + add $j,4,$j ! j++ + or $sbit,$acc0,$acc0 + srlx $acc0,32,$sbit + and $acc0,$mask,$acc0 + cmp $j,$num + add $acc0,$car1,$car1 + st $car1,[$tp] ! tp[j-1] + srlx $car1,32,$car1 + bl %icc,.Lsqr_2nd + add $tp,4,$tp ! tp++ +!.Lsqr_2nd + + mulx $apj,$mul0,$acc0 + mulx $npj,$mul1,$acc1 + add $acc0,$car0,$car0 + add $tpj,$car1,$car1 + and $car0,$mask,$acc0 + srlx $car0,32,$car0 + add $acc1,$car1,$car1 + add $acc0,$acc0,$acc0 + or $sbit,$acc0,$acc0 + srlx $acc0,32,$sbit + and $acc0,$mask,$acc0 + add $acc0,$car1,$car1 + st $car1,[$tp] ! tp[j-1] + srlx $car1,32,$car1 + + add $car0,$car0,$car0 + or $sbit,$car0,$car0 + add $car0,$car1,$car1 + add $car2,$car1,$car1 + st $car1,[$tp+4] + srlx $car1,32,$car2 + + ld [%sp+$bias+$frame],$tmp1 ! tp[0] + ld [%sp+$bias+$frame+4],$tpj ! tp[1] + ld [$ap+8],$mul0 ! ap[2] + ld [$np],$car1 ! np[0] + ld [$np+4],$npj ! np[1] + mulx $n0,$tmp1,$mul1 + and $mul1,$mask,$mul1 + mov 8,$i + + mulx $mul0,$mul0,$car0 + mulx $car1,$mul1,$car1 + and $car0,$mask,$acc0 + add $tmp1,$car1,$car1 + srlx $car0,32,$car0 + add %sp,$bias+$frame,$tp + srlx $car1,32,$car1 + and $car0,1,$sbit + srlx $car0,1,$car0 + mov 4,$j + +.Lsqr_outer: +.Lsqr_inner1: + mulx $npj,$mul1,$acc1 + add $tpj,$car1,$car1 + add $j,4,$j + ld [$tp+8],$tpj + cmp $j,$i + add $acc1,$car1,$car1 + ld [$np+$j],$npj + st $car1,[$tp] + srlx $car1,32,$car1 + bl %icc,.Lsqr_inner1 + add $tp,4,$tp +!.Lsqr_inner1 + + add $j,4,$j + ld [$ap+$j],$apj ! ap[j] + mulx $npj,$mul1,$acc1 + add $tpj,$car1,$car1 + ld [$np+$j],$npj ! np[j] + add $acc0,$car1,$car1 + ld [$tp+8],$tpj ! tp[j] + add $acc1,$car1,$car1 + st $car1,[$tp] + srlx $car1,32,$car1 + + add $j,4,$j + cmp $j,$num + be,pn %icc,.Lsqr_no_inner2 + add $tp,4,$tp + +.Lsqr_inner2: + mulx $apj,$mul0,$acc0 + mulx $npj,$mul1,$acc1 + add $tpj,$car1,$car1 + add $acc0,$car0,$car0 + ld [$ap+$j],$apj ! ap[j] + and $car0,$mask,$acc0 + ld [$np+$j],$npj ! np[j] + srlx $car0,32,$car0 + add $acc0,$acc0,$acc0 + ld [$tp+8],$tpj ! tp[j] + or $sbit,$acc0,$acc0 + add $j,4,$j ! j++ + srlx $acc0,32,$sbit + and $acc0,$mask,$acc0 + cmp $j,$num + add $acc0,$car1,$car1 + add $acc1,$car1,$car1 + st $car1,[$tp] ! tp[j-1] + srlx $car1,32,$car1 + bl %icc,.Lsqr_inner2 + add $tp,4,$tp ! tp++ + +.Lsqr_no_inner2: + mulx $apj,$mul0,$acc0 + mulx $npj,$mul1,$acc1 + add $tpj,$car1,$car1 + add $acc0,$car0,$car0 + and $car0,$mask,$acc0 + srlx $car0,32,$car0 + add $acc0,$acc0,$acc0 + or $sbit,$acc0,$acc0 + srlx $acc0,32,$sbit + and $acc0,$mask,$acc0 + add $acc0,$car1,$car1 + add $acc1,$car1,$car1 + st $car1,[$tp] ! tp[j-1] + srlx $car1,32,$car1 + + add $car0,$car0,$car0 + or $sbit,$car0,$car0 + add $car0,$car1,$car1 + add $car2,$car1,$car1 + st $car1,[$tp+4] + srlx $car1,32,$car2 + + add $i,4,$i ! i++ + ld [%sp+$bias+$frame],$tmp1 ! tp[0] + ld [%sp+$bias+$frame+4],$tpj ! tp[1] + ld [$ap+$i],$mul0 ! ap[j] + ld [$np],$car1 ! np[0] + ld [$np+4],$npj ! np[1] + mulx $n0,$tmp1,$mul1 + and $mul1,$mask,$mul1 + add $i,4,$tmp0 + + mulx $mul0,$mul0,$car0 + mulx $car1,$mul1,$car1 + and $car0,$mask,$acc0 + add $tmp1,$car1,$car1 + srlx $car0,32,$car0 + add %sp,$bias+$frame,$tp + srlx $car1,32,$car1 + and $car0,1,$sbit + srlx $car0,1,$car0 + + cmp $tmp0,$num ! i" +.align 32 +___ +$code =~ s/\`([^\`]*)\`/eval($1)/gem; +print $code; +close STDOUT; diff --git a/src/lib/libcrypto/bn/asm/sparcv9a-mont.pl b/src/lib/libcrypto/bn/asm/sparcv9a-mont.pl new file mode 100755 index 00000000000..a14205f2f00 --- /dev/null +++ b/src/lib/libcrypto/bn/asm/sparcv9a-mont.pl @@ -0,0 +1,882 @@ +#!/usr/bin/env perl + +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# October 2005 +# +# "Teaser" Montgomery multiplication module for UltraSPARC. Why FPU? +# Because unlike integer multiplier, which simply stalls whole CPU, +# FPU is fully pipelined and can effectively emit 48 bit partial +# product every cycle. Why not blended SPARC v9? One can argue that +# making this module dependent on UltraSPARC VIS extension limits its +# binary compatibility. Well yes, it does exclude SPARC64 prior-V(!) +# implementations from compatibility matrix. But the rest, whole Sun +# UltraSPARC family and brand new Fujitsu's SPARC64 V, all support +# VIS extension instructions used in this module. This is considered +# good enough to not care about HAL SPARC64 users [if any] who have +# integer-only pure SPARCv9 module to "fall down" to. + +# USI&II cores currently exhibit uniform 2x improvement [over pre- +# bn_mul_mont codebase] for all key lengths and benchmarks. On USIII +# performance improves few percents for shorter keys and worsens few +# percents for longer keys. This is because USIII integer multiplier +# is >3x faster than USI&II one, which is harder to match [but see +# TODO list below]. It should also be noted that SPARC64 V features +# out-of-order execution, which *might* mean that integer multiplier +# is pipelined, which in turn *might* be impossible to match... On +# additional note, SPARC64 V implements FP Multiply-Add instruction, +# which is perfectly usable in this context... In other words, as far +# as Fujitsu SPARC64 V goes, talk to the author:-) + +# The implementation implies following "non-natural" limitations on +# input arguments: +# - num may not be less than 4; +# - num has to be even; +# Failure to meet either condition has no fatal effects, simply +# doesn't give any performance gain. + +# TODO: +# - modulo-schedule inner loop for better performance (on in-order +# execution core such as UltraSPARC this shall result in further +# noticeable(!) improvement); +# - dedicated squaring procedure[?]; + +###################################################################### +# November 2006 +# +# Modulo-scheduled inner loops allow to interleave floating point and +# integer instructions and minimize Read-After-Write penalties. This +# results in *further* 20-50% perfromance improvement [depending on +# key length, more for longer keys] on USI&II cores and 30-80% - on +# USIII&IV. + +$fname="bn_mul_mont_fpu"; +$bits=32; +for (@ARGV) { $bits=64 if (/\-m64/ || /\-xarch\=v9/); } + +if ($bits==64) { + $bias=2047; + $frame=192; +} else { + $bias=0; + $frame=128; # 96 rounded up to largest known cache-line +} +$locals=64; + +# In order to provide for 32-/64-bit ABI duality, I keep integers wider +# than 32 bit in %g1-%g4 and %o0-%o5. %l0-%l7 and %i0-%i5 are used +# exclusively for pointers, indexes and other small values... +# int bn_mul_mont( +$rp="%i0"; # BN_ULONG *rp, +$ap="%i1"; # const BN_ULONG *ap, +$bp="%i2"; # const BN_ULONG *bp, +$np="%i3"; # const BN_ULONG *np, +$n0="%i4"; # const BN_ULONG *n0, +$num="%i5"; # int num); + +$tp="%l0"; # t[num] +$ap_l="%l1"; # a[num],n[num] are smashed to 32-bit words and saved +$ap_h="%l2"; # to these four vectors as double-precision FP values. +$np_l="%l3"; # This way a bunch of fxtods are eliminated in second +$np_h="%l4"; # loop and L1-cache aliasing is minimized... +$i="%l5"; +$j="%l6"; +$mask="%l7"; # 16-bit mask, 0xffff + +$n0="%g4"; # reassigned(!) to "64-bit" register +$carry="%i4"; # %i4 reused(!) for a carry bit + +# FP register naming chart +# +# ..HILO +# dcba +# -------- +# LOa +# LOb +# LOc +# LOd +# HIa +# HIb +# HIc +# HId +# ..a +# ..b +$ba="%f0"; $bb="%f2"; $bc="%f4"; $bd="%f6"; +$na="%f8"; $nb="%f10"; $nc="%f12"; $nd="%f14"; +$alo="%f16"; $alo_="%f17"; $ahi="%f18"; $ahi_="%f19"; +$nlo="%f20"; $nlo_="%f21"; $nhi="%f22"; $nhi_="%f23"; + +$dota="%f24"; $dotb="%f26"; + +$aloa="%f32"; $alob="%f34"; $aloc="%f36"; $alod="%f38"; +$ahia="%f40"; $ahib="%f42"; $ahic="%f44"; $ahid="%f46"; +$nloa="%f48"; $nlob="%f50"; $nloc="%f52"; $nlod="%f54"; +$nhia="%f56"; $nhib="%f58"; $nhic="%f60"; $nhid="%f62"; + +$ASI_FL16_P=0xD2; # magic ASI value to engage 16-bit FP load + +$code=<<___; +.section ".text",#alloc,#execinstr + +.global $fname +.align 32 +$fname: + save %sp,-$frame-$locals,%sp + + cmp $num,4 + bl,a,pn %icc,.Lret + clr %i0 + andcc $num,1,%g0 ! $num has to be even... + bnz,a,pn %icc,.Lret + clr %i0 ! signal "unsupported input value" + + srl $num,1,$num + sethi %hi(0xffff),$mask + ld [%i4+0],$n0 ! $n0 reassigned, remember? + or $mask,%lo(0xffff),$mask + ld [%i4+4],%o0 + sllx %o0,32,%o0 + or %o0,$n0,$n0 ! $n0=n0[1].n0[0] + + sll $num,3,$num ! num*=8 + + add %sp,$bias,%o0 ! real top of stack + sll $num,2,%o1 + add %o1,$num,%o1 ! %o1=num*5 + sub %o0,%o1,%o0 + and %o0,-2048,%o0 ! optimize TLB utilization + sub %o0,$bias,%sp ! alloca(5*num*8) + + rd %asi,%o7 ! save %asi + add %sp,$bias+$frame+$locals,$tp + add $tp,$num,$ap_l + add $ap_l,$num,$ap_l ! [an]p_[lh] point at the vectors' ends ! + add $ap_l,$num,$ap_h + add $ap_h,$num,$np_l + add $np_l,$num,$np_h + + wr %g0,$ASI_FL16_P,%asi ! setup %asi for 16-bit FP loads + + add $rp,$num,$rp ! readjust input pointers to point + add $ap,$num,$ap ! at the ends too... + add $bp,$num,$bp + add $np,$num,$np + + stx %o7,[%sp+$bias+$frame+48] ! save %asi + + sub %g0,$num,$i ! i=-num + sub %g0,$num,$j ! j=-num + + add $ap,$j,%o3 + add $bp,$i,%o4 + + ld [%o3+4],%g1 ! bp[0] + ld [%o3+0],%o0 + ld [%o4+4],%g5 ! ap[0] + sllx %g1,32,%g1 + ld [%o4+0],%o1 + sllx %g5,32,%g5 + or %g1,%o0,%o0 + or %g5,%o1,%o1 + + add $np,$j,%o5 + + mulx %o1,%o0,%o0 ! ap[0]*bp[0] + mulx $n0,%o0,%o0 ! ap[0]*bp[0]*n0 + stx %o0,[%sp+$bias+$frame+0] + + ld [%o3+0],$alo_ ! load a[j] as pair of 32-bit words + fzeros $alo + ld [%o3+4],$ahi_ + fzeros $ahi + ld [%o5+0],$nlo_ ! load n[j] as pair of 32-bit words + fzeros $nlo + ld [%o5+4],$nhi_ + fzeros $nhi + + ! transfer b[i] to FPU as 4x16-bit values + ldda [%o4+2]%asi,$ba + fxtod $alo,$alo + ldda [%o4+0]%asi,$bb + fxtod $ahi,$ahi + ldda [%o4+6]%asi,$bc + fxtod $nlo,$nlo + ldda [%o4+4]%asi,$bd + fxtod $nhi,$nhi + + ! transfer ap[0]*b[0]*n0 to FPU as 4x16-bit values + ldda [%sp+$bias+$frame+6]%asi,$na + fxtod $ba,$ba + ldda [%sp+$bias+$frame+4]%asi,$nb + fxtod $bb,$bb + ldda [%sp+$bias+$frame+2]%asi,$nc + fxtod $bc,$bc + ldda [%sp+$bias+$frame+0]%asi,$nd + fxtod $bd,$bd + + std $alo,[$ap_l+$j] ! save smashed ap[j] in double format + fxtod $na,$na + std $ahi,[$ap_h+$j] + fxtod $nb,$nb + std $nlo,[$np_l+$j] ! save smashed np[j] in double format + fxtod $nc,$nc + std $nhi,[$np_h+$j] + fxtod $nd,$nd + + fmuld $alo,$ba,$aloa + fmuld $nlo,$na,$nloa + fmuld $alo,$bb,$alob + fmuld $nlo,$nb,$nlob + fmuld $alo,$bc,$aloc + faddd $aloa,$nloa,$nloa + fmuld $nlo,$nc,$nloc + fmuld $alo,$bd,$alod + faddd $alob,$nlob,$nlob + fmuld $nlo,$nd,$nlod + fmuld $ahi,$ba,$ahia + faddd $aloc,$nloc,$nloc + fmuld $nhi,$na,$nhia + fmuld $ahi,$bb,$ahib + faddd $alod,$nlod,$nlod + fmuld $nhi,$nb,$nhib + fmuld $ahi,$bc,$ahic + faddd $ahia,$nhia,$nhia + fmuld $nhi,$nc,$nhic + fmuld $ahi,$bd,$ahid + faddd $ahib,$nhib,$nhib + fmuld $nhi,$nd,$nhid + + faddd $ahic,$nhic,$dota ! $nhic + faddd $ahid,$nhid,$dotb ! $nhid + + faddd $nloc,$nhia,$nloc + faddd $nlod,$nhib,$nlod + + fdtox $nloa,$nloa + fdtox $nlob,$nlob + fdtox $nloc,$nloc + fdtox $nlod,$nlod + + std $nloa,[%sp+$bias+$frame+0] + add $j,8,$j + std $nlob,[%sp+$bias+$frame+8] + add $ap,$j,%o4 + std $nloc,[%sp+$bias+$frame+16] + add $np,$j,%o5 + std $nlod,[%sp+$bias+$frame+24] + + ld [%o4+0],$alo_ ! load a[j] as pair of 32-bit words + fzeros $alo + ld [%o4+4],$ahi_ + fzeros $ahi + ld [%o5+0],$nlo_ ! load n[j] as pair of 32-bit words + fzeros $nlo + ld [%o5+4],$nhi_ + fzeros $nhi + + fxtod $alo,$alo + fxtod $ahi,$ahi + fxtod $nlo,$nlo + fxtod $nhi,$nhi + + ldx [%sp+$bias+$frame+0],%o0 + fmuld $alo,$ba,$aloa + ldx [%sp+$bias+$frame+8],%o1 + fmuld $nlo,$na,$nloa + ldx [%sp+$bias+$frame+16],%o2 + fmuld $alo,$bb,$alob + ldx [%sp+$bias+$frame+24],%o3 + fmuld $nlo,$nb,$nlob + + srlx %o0,16,%o7 + std $alo,[$ap_l+$j] ! save smashed ap[j] in double format + fmuld $alo,$bc,$aloc + add %o7,%o1,%o1 + std $ahi,[$ap_h+$j] + faddd $aloa,$nloa,$nloa + fmuld $nlo,$nc,$nloc + srlx %o1,16,%o7 + std $nlo,[$np_l+$j] ! save smashed np[j] in double format + fmuld $alo,$bd,$alod + add %o7,%o2,%o2 + std $nhi,[$np_h+$j] + faddd $alob,$nlob,$nlob + fmuld $nlo,$nd,$nlod + srlx %o2,16,%o7 + fmuld $ahi,$ba,$ahia + add %o7,%o3,%o3 ! %o3.%o2[0..15].%o1[0..15].%o0[0..15] + faddd $aloc,$nloc,$nloc + fmuld $nhi,$na,$nhia + !and %o0,$mask,%o0 + !and %o1,$mask,%o1 + !and %o2,$mask,%o2 + !sllx %o1,16,%o1 + !sllx %o2,32,%o2 + !sllx %o3,48,%o7 + !or %o1,%o0,%o0 + !or %o2,%o0,%o0 + !or %o7,%o0,%o0 ! 64-bit result + srlx %o3,16,%g1 ! 34-bit carry + fmuld $ahi,$bb,$ahib + + faddd $alod,$nlod,$nlod + fmuld $nhi,$nb,$nhib + fmuld $ahi,$bc,$ahic + faddd $ahia,$nhia,$nhia + fmuld $nhi,$nc,$nhic + fmuld $ahi,$bd,$ahid + faddd $ahib,$nhib,$nhib + fmuld $nhi,$nd,$nhid + + faddd $dota,$nloa,$nloa + faddd $dotb,$nlob,$nlob + faddd $ahic,$nhic,$dota ! $nhic + faddd $ahid,$nhid,$dotb ! $nhid + + faddd $nloc,$nhia,$nloc + faddd $nlod,$nhib,$nlod + + fdtox $nloa,$nloa + fdtox $nlob,$nlob + fdtox $nloc,$nloc + fdtox $nlod,$nlod + + std $nloa,[%sp+$bias+$frame+0] + std $nlob,[%sp+$bias+$frame+8] + addcc $j,8,$j + std $nloc,[%sp+$bias+$frame+16] + bz,pn %icc,.L1stskip + std $nlod,[%sp+$bias+$frame+24] + +.align 32 ! incidentally already aligned ! +.L1st: + add $ap,$j,%o4 + add $np,$j,%o5 + ld [%o4+0],$alo_ ! load a[j] as pair of 32-bit words + fzeros $alo + ld [%o4+4],$ahi_ + fzeros $ahi + ld [%o5+0],$nlo_ ! load n[j] as pair of 32-bit words + fzeros $nlo + ld [%o5+4],$nhi_ + fzeros $nhi + + fxtod $alo,$alo + fxtod $ahi,$ahi + fxtod $nlo,$nlo + fxtod $nhi,$nhi + + ldx [%sp+$bias+$frame+0],%o0 + fmuld $alo,$ba,$aloa + ldx [%sp+$bias+$frame+8],%o1 + fmuld $nlo,$na,$nloa + ldx [%sp+$bias+$frame+16],%o2 + fmuld $alo,$bb,$alob + ldx [%sp+$bias+$frame+24],%o3 + fmuld $nlo,$nb,$nlob + + srlx %o0,16,%o7 + std $alo,[$ap_l+$j] ! save smashed ap[j] in double format + fmuld $alo,$bc,$aloc + add %o7,%o1,%o1 + std $ahi,[$ap_h+$j] + faddd $aloa,$nloa,$nloa + fmuld $nlo,$nc,$nloc + srlx %o1,16,%o7 + std $nlo,[$np_l+$j] ! save smashed np[j] in double format + fmuld $alo,$bd,$alod + add %o7,%o2,%o2 + std $nhi,[$np_h+$j] + faddd $alob,$nlob,$nlob + fmuld $nlo,$nd,$nlod + srlx %o2,16,%o7 + fmuld $ahi,$ba,$ahia + add %o7,%o3,%o3 ! %o3.%o2[0..15].%o1[0..15].%o0[0..15] + and %o0,$mask,%o0 + faddd $aloc,$nloc,$nloc + fmuld $nhi,$na,$nhia + and %o1,$mask,%o1 + and %o2,$mask,%o2 + fmuld $ahi,$bb,$ahib + sllx %o1,16,%o1 + faddd $alod,$nlod,$nlod + fmuld $nhi,$nb,$nhib + sllx %o2,32,%o2 + fmuld $ahi,$bc,$ahic + sllx %o3,48,%o7 + or %o1,%o0,%o0 + faddd $ahia,$nhia,$nhia + fmuld $nhi,$nc,$nhic + or %o2,%o0,%o0 + fmuld $ahi,$bd,$ahid + or %o7,%o0,%o0 ! 64-bit result + faddd $ahib,$nhib,$nhib + fmuld $nhi,$nd,$nhid + addcc %g1,%o0,%o0 + faddd $dota,$nloa,$nloa + srlx %o3,16,%g1 ! 34-bit carry + faddd $dotb,$nlob,$nlob + bcs,a %xcc,.+8 + add %g1,1,%g1 + + stx %o0,[$tp] ! tp[j-1]= + + faddd $ahic,$nhic,$dota ! $nhic + faddd $ahid,$nhid,$dotb ! $nhid + + faddd $nloc,$nhia,$nloc + faddd $nlod,$nhib,$nlod + + fdtox $nloa,$nloa + fdtox $nlob,$nlob + fdtox $nloc,$nloc + fdtox $nlod,$nlod + + std $nloa,[%sp+$bias+$frame+0] + std $nlob,[%sp+$bias+$frame+8] + std $nloc,[%sp+$bias+$frame+16] + std $nlod,[%sp+$bias+$frame+24] + + addcc $j,8,$j + bnz,pt %icc,.L1st + add $tp,8,$tp + +.L1stskip: + fdtox $dota,$dota + fdtox $dotb,$dotb + + ldx [%sp+$bias+$frame+0],%o0 + ldx [%sp+$bias+$frame+8],%o1 + ldx [%sp+$bias+$frame+16],%o2 + ldx [%sp+$bias+$frame+24],%o3 + + srlx %o0,16,%o7 + std $dota,[%sp+$bias+$frame+32] + add %o7,%o1,%o1 + std $dotb,[%sp+$bias+$frame+40] + srlx %o1,16,%o7 + add %o7,%o2,%o2 + srlx %o2,16,%o7 + add %o7,%o3,%o3 ! %o3.%o2[0..15].%o1[0..15].%o0[0..15] + and %o0,$mask,%o0 + and %o1,$mask,%o1 + and %o2,$mask,%o2 + sllx %o1,16,%o1 + sllx %o2,32,%o2 + sllx %o3,48,%o7 + or %o1,%o0,%o0 + or %o2,%o0,%o0 + or %o7,%o0,%o0 ! 64-bit result + ldx [%sp+$bias+$frame+32],%o4 + addcc %g1,%o0,%o0 + ldx [%sp+$bias+$frame+40],%o5 + srlx %o3,16,%g1 ! 34-bit carry + bcs,a %xcc,.+8 + add %g1,1,%g1 + + stx %o0,[$tp] ! tp[j-1]= + add $tp,8,$tp + + srlx %o4,16,%o7 + add %o7,%o5,%o5 + and %o4,$mask,%o4 + sllx %o5,16,%o7 + or %o7,%o4,%o4 + addcc %g1,%o4,%o4 + srlx %o5,48,%g1 + bcs,a %xcc,.+8 + add %g1,1,%g1 + + mov %g1,$carry + stx %o4,[$tp] ! tp[num-1]= + + ba .Louter + add $i,8,$i +.align 32 +.Louter: + sub %g0,$num,$j ! j=-num + add %sp,$bias+$frame+$locals,$tp + + add $ap,$j,%o3 + add $bp,$i,%o4 + + ld [%o3+4],%g1 ! bp[i] + ld [%o3+0],%o0 + ld [%o4+4],%g5 ! ap[0] + sllx %g1,32,%g1 + ld [%o4+0],%o1 + sllx %g5,32,%g5 + or %g1,%o0,%o0 + or %g5,%o1,%o1 + + ldx [$tp],%o2 ! tp[0] + mulx %o1,%o0,%o0 + addcc %o2,%o0,%o0 + mulx $n0,%o0,%o0 ! (ap[0]*bp[i]+t[0])*n0 + stx %o0,[%sp+$bias+$frame+0] + + ! transfer b[i] to FPU as 4x16-bit values + ldda [%o4+2]%asi,$ba + ldda [%o4+0]%asi,$bb + ldda [%o4+6]%asi,$bc + ldda [%o4+4]%asi,$bd + + ! transfer (ap[0]*b[i]+t[0])*n0 to FPU as 4x16-bit values + ldda [%sp+$bias+$frame+6]%asi,$na + fxtod $ba,$ba + ldda [%sp+$bias+$frame+4]%asi,$nb + fxtod $bb,$bb + ldda [%sp+$bias+$frame+2]%asi,$nc + fxtod $bc,$bc + ldda [%sp+$bias+$frame+0]%asi,$nd + fxtod $bd,$bd + ldd [$ap_l+$j],$alo ! load a[j] in double format + fxtod $na,$na + ldd [$ap_h+$j],$ahi + fxtod $nb,$nb + ldd [$np_l+$j],$nlo ! load n[j] in double format + fxtod $nc,$nc + ldd [$np_h+$j],$nhi + fxtod $nd,$nd + + fmuld $alo,$ba,$aloa + fmuld $nlo,$na,$nloa + fmuld $alo,$bb,$alob + fmuld $nlo,$nb,$nlob + fmuld $alo,$bc,$aloc + faddd $aloa,$nloa,$nloa + fmuld $nlo,$nc,$nloc + fmuld $alo,$bd,$alod + faddd $alob,$nlob,$nlob + fmuld $nlo,$nd,$nlod + fmuld $ahi,$ba,$ahia + faddd $aloc,$nloc,$nloc + fmuld $nhi,$na,$nhia + fmuld $ahi,$bb,$ahib + faddd $alod,$nlod,$nlod + fmuld $nhi,$nb,$nhib + fmuld $ahi,$bc,$ahic + faddd $ahia,$nhia,$nhia + fmuld $nhi,$nc,$nhic + fmuld $ahi,$bd,$ahid + faddd $ahib,$nhib,$nhib + fmuld $nhi,$nd,$nhid + + faddd $ahic,$nhic,$dota ! $nhic + faddd $ahid,$nhid,$dotb ! $nhid + + faddd $nloc,$nhia,$nloc + faddd $nlod,$nhib,$nlod + + fdtox $nloa,$nloa + fdtox $nlob,$nlob + fdtox $nloc,$nloc + fdtox $nlod,$nlod + + std $nloa,[%sp+$bias+$frame+0] + std $nlob,[%sp+$bias+$frame+8] + std $nloc,[%sp+$bias+$frame+16] + add $j,8,$j + std $nlod,[%sp+$bias+$frame+24] + + ldd [$ap_l+$j],$alo ! load a[j] in double format + ldd [$ap_h+$j],$ahi + ldd [$np_l+$j],$nlo ! load n[j] in double format + ldd [$np_h+$j],$nhi + + fmuld $alo,$ba,$aloa + fmuld $nlo,$na,$nloa + fmuld $alo,$bb,$alob + fmuld $nlo,$nb,$nlob + fmuld $alo,$bc,$aloc + ldx [%sp+$bias+$frame+0],%o0 + faddd $aloa,$nloa,$nloa + fmuld $nlo,$nc,$nloc + ldx [%sp+$bias+$frame+8],%o1 + fmuld $alo,$bd,$alod + ldx [%sp+$bias+$frame+16],%o2 + faddd $alob,$nlob,$nlob + fmuld $nlo,$nd,$nlod + ldx [%sp+$bias+$frame+24],%o3 + fmuld $ahi,$ba,$ahia + + srlx %o0,16,%o7 + faddd $aloc,$nloc,$nloc + fmuld $nhi,$na,$nhia + add %o7,%o1,%o1 + fmuld $ahi,$bb,$ahib + srlx %o1,16,%o7 + faddd $alod,$nlod,$nlod + fmuld $nhi,$nb,$nhib + add %o7,%o2,%o2 + fmuld $ahi,$bc,$ahic + srlx %o2,16,%o7 + faddd $ahia,$nhia,$nhia + fmuld $nhi,$nc,$nhic + add %o7,%o3,%o3 ! %o3.%o2[0..15].%o1[0..15].%o0[0..15] + ! why? + and %o0,$mask,%o0 + fmuld $ahi,$bd,$ahid + and %o1,$mask,%o1 + and %o2,$mask,%o2 + faddd $ahib,$nhib,$nhib + fmuld $nhi,$nd,$nhid + sllx %o1,16,%o1 + faddd $dota,$nloa,$nloa + sllx %o2,32,%o2 + faddd $dotb,$nlob,$nlob + sllx %o3,48,%o7 + or %o1,%o0,%o0 + faddd $ahic,$nhic,$dota ! $nhic + or %o2,%o0,%o0 + faddd $ahid,$nhid,$dotb ! $nhid + or %o7,%o0,%o0 ! 64-bit result + ldx [$tp],%o7 + faddd $nloc,$nhia,$nloc + addcc %o7,%o0,%o0 + ! end-of-why? + faddd $nlod,$nhib,$nlod + srlx %o3,16,%g1 ! 34-bit carry + fdtox $nloa,$nloa + bcs,a %xcc,.+8 + add %g1,1,%g1 + + fdtox $nlob,$nlob + fdtox $nloc,$nloc + fdtox $nlod,$nlod + + std $nloa,[%sp+$bias+$frame+0] + std $nlob,[%sp+$bias+$frame+8] + addcc $j,8,$j + std $nloc,[%sp+$bias+$frame+16] + bz,pn %icc,.Linnerskip + std $nlod,[%sp+$bias+$frame+24] + + ba .Linner + nop +.align 32 +.Linner: + ldd [$ap_l+$j],$alo ! load a[j] in double format + ldd [$ap_h+$j],$ahi + ldd [$np_l+$j],$nlo ! load n[j] in double format + ldd [$np_h+$j],$nhi + + fmuld $alo,$ba,$aloa + fmuld $nlo,$na,$nloa + fmuld $alo,$bb,$alob + fmuld $nlo,$nb,$nlob + fmuld $alo,$bc,$aloc + ldx [%sp+$bias+$frame+0],%o0 + faddd $aloa,$nloa,$nloa + fmuld $nlo,$nc,$nloc + ldx [%sp+$bias+$frame+8],%o1 + fmuld $alo,$bd,$alod + ldx [%sp+$bias+$frame+16],%o2 + faddd $alob,$nlob,$nlob + fmuld $nlo,$nd,$nlod + ldx [%sp+$bias+$frame+24],%o3 + fmuld $ahi,$ba,$ahia + + srlx %o0,16,%o7 + faddd $aloc,$nloc,$nloc + fmuld $nhi,$na,$nhia + add %o7,%o1,%o1 + fmuld $ahi,$bb,$ahib + srlx %o1,16,%o7 + faddd $alod,$nlod,$nlod + fmuld $nhi,$nb,$nhib + add %o7,%o2,%o2 + fmuld $ahi,$bc,$ahic + srlx %o2,16,%o7 + faddd $ahia,$nhia,$nhia + fmuld $nhi,$nc,$nhic + add %o7,%o3,%o3 ! %o3.%o2[0..15].%o1[0..15].%o0[0..15] + and %o0,$mask,%o0 + fmuld $ahi,$bd,$ahid + and %o1,$mask,%o1 + and %o2,$mask,%o2 + faddd $ahib,$nhib,$nhib + fmuld $nhi,$nd,$nhid + sllx %o1,16,%o1 + faddd $dota,$nloa,$nloa + sllx %o2,32,%o2 + faddd $dotb,$nlob,$nlob + sllx %o3,48,%o7 + or %o1,%o0,%o0 + faddd $ahic,$nhic,$dota ! $nhic + or %o2,%o0,%o0 + faddd $ahid,$nhid,$dotb ! $nhid + or %o7,%o0,%o0 ! 64-bit result + faddd $nloc,$nhia,$nloc + addcc %g1,%o0,%o0 + ldx [$tp+8],%o7 ! tp[j] + faddd $nlod,$nhib,$nlod + srlx %o3,16,%g1 ! 34-bit carry + fdtox $nloa,$nloa + bcs,a %xcc,.+8 + add %g1,1,%g1 + fdtox $nlob,$nlob + addcc %o7,%o0,%o0 + fdtox $nloc,$nloc + bcs,a %xcc,.+8 + add %g1,1,%g1 + + stx %o0,[$tp] ! tp[j-1] + fdtox $nlod,$nlod + + std $nloa,[%sp+$bias+$frame+0] + std $nlob,[%sp+$bias+$frame+8] + std $nloc,[%sp+$bias+$frame+16] + addcc $j,8,$j + std $nlod,[%sp+$bias+$frame+24] + bnz,pt %icc,.Linner + add $tp,8,$tp + +.Linnerskip: + fdtox $dota,$dota + fdtox $dotb,$dotb + + ldx [%sp+$bias+$frame+0],%o0 + ldx [%sp+$bias+$frame+8],%o1 + ldx [%sp+$bias+$frame+16],%o2 + ldx [%sp+$bias+$frame+24],%o3 + + srlx %o0,16,%o7 + std $dota,[%sp+$bias+$frame+32] + add %o7,%o1,%o1 + std $dotb,[%sp+$bias+$frame+40] + srlx %o1,16,%o7 + add %o7,%o2,%o2 + srlx %o2,16,%o7 + add %o7,%o3,%o3 ! %o3.%o2[0..15].%o1[0..15].%o0[0..15] + and %o0,$mask,%o0 + and %o1,$mask,%o1 + and %o2,$mask,%o2 + sllx %o1,16,%o1 + sllx %o2,32,%o2 + sllx %o3,48,%o7 + or %o1,%o0,%o0 + or %o2,%o0,%o0 + ldx [%sp+$bias+$frame+32],%o4 + or %o7,%o0,%o0 ! 64-bit result + ldx [%sp+$bias+$frame+40],%o5 + addcc %g1,%o0,%o0 + ldx [$tp+8],%o7 ! tp[j] + srlx %o3,16,%g1 ! 34-bit carry + bcs,a %xcc,.+8 + add %g1,1,%g1 + + addcc %o7,%o0,%o0 + bcs,a %xcc,.+8 + add %g1,1,%g1 + + stx %o0,[$tp] ! tp[j-1] + add $tp,8,$tp + + srlx %o4,16,%o7 + add %o7,%o5,%o5 + and %o4,$mask,%o4 + sllx %o5,16,%o7 + or %o7,%o4,%o4 + addcc %g1,%o4,%o4 + srlx %o5,48,%g1 + bcs,a %xcc,.+8 + add %g1,1,%g1 + + addcc $carry,%o4,%o4 + stx %o4,[$tp] ! tp[num-1] + mov %g1,$carry + bcs,a %xcc,.+8 + add $carry,1,$carry + + addcc $i,8,$i + bnz %icc,.Louter + nop + + add $tp,8,$tp ! adjust tp to point at the end + orn %g0,%g0,%g4 + sub %g0,$num,%o7 ! n=-num + ba .Lsub + subcc %g0,%g0,%g0 ! clear %icc.c + +.align 32 +.Lsub: + ldx [$tp+%o7],%o0 + add $np,%o7,%g1 + ld [%g1+0],%o2 + ld [%g1+4],%o3 + srlx %o0,32,%o1 + subccc %o0,%o2,%o2 + add $rp,%o7,%g1 + subccc %o1,%o3,%o3 + st %o2,[%g1+0] + add %o7,8,%o7 + brnz,pt %o7,.Lsub + st %o3,[%g1+4] + subc $carry,0,%g4 + sub %g0,$num,%o7 ! n=-num + ba .Lcopy + nop + +.align 32 +.Lcopy: + ldx [$tp+%o7],%o0 + add $rp,%o7,%g1 + ld [%g1+0],%o2 + ld [%g1+4],%o3 + stx %g0,[$tp+%o7] + and %o0,%g4,%o0 + srlx %o0,32,%o1 + andn %o2,%g4,%o2 + andn %o3,%g4,%o3 + or %o2,%o0,%o0 + or %o3,%o1,%o1 + st %o0,[%g1+0] + add %o7,8,%o7 + brnz,pt %o7,.Lcopy + st %o1,[%g1+4] + sub %g0,$num,%o7 ! n=-num + +.Lzap: + stx %g0,[$ap_l+%o7] + stx %g0,[$ap_h+%o7] + stx %g0,[$np_l+%o7] + stx %g0,[$np_h+%o7] + add %o7,8,%o7 + brnz,pt %o7,.Lzap + nop + + ldx [%sp+$bias+$frame+48],%o7 + wr %g0,%o7,%asi ! restore %asi + + mov 1,%i0 +.Lret: + ret + restore +.type $fname,#function +.size $fname,(.-$fname) +.asciz "Montgomery Multipltication for UltraSPARC, CRYPTOGAMS by " +.align 32 +___ + +$code =~ s/\`([^\`]*)\`/eval($1)/gem; + +# Below substitution makes it possible to compile without demanding +# VIS extentions on command line, e.g. -xarch=v9 vs. -xarch=v9a. I +# dare to do this, because VIS capability is detected at run-time now +# and this routine is not called on CPU not capable to execute it. Do +# note that fzeros is not the only VIS dependency! Another dependency +# is implicit and is just _a_ numerical value loaded to %asi register, +# which assembler can't recognize as VIS specific... +$code =~ s/fzeros\s+%f([0-9]+)/ + sprintf(".word\t0x%x\t! fzeros %%f%d",0x81b00c20|($1<<25),$1) + /gem; + +print $code; +# flush +close STDOUT; diff --git a/src/lib/libcrypto/bn/asm/via-mont.pl b/src/lib/libcrypto/bn/asm/via-mont.pl new file mode 100644 index 00000000000..c046a514c87 --- /dev/null +++ b/src/lib/libcrypto/bn/asm/via-mont.pl @@ -0,0 +1,242 @@ +#!/usr/bin/env perl +# +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== +# +# Wrapper around 'rep montmul', VIA-specific instruction accessing +# PadLock Montgomery Multiplier. The wrapper is designed as drop-in +# replacement for OpenSSL bn_mul_mont [first implemented in 0.9.9]. +# +# Below are interleaved outputs from 'openssl speed rsa dsa' for 4 +# different software configurations on 1.5GHz VIA Esther processor. +# Lines marked with "software integer" denote performance of hand- +# coded integer-only assembler found in OpenSSL 0.9.7. "Software SSE2" +# refers to hand-coded SSE2 Montgomery multiplication procedure found +# OpenSSL 0.9.9. "Hardware VIA SDK" refers to padlock_pmm routine from +# Padlock SDK 2.0.1 available for download from VIA, which naturally +# utilizes the magic 'repz montmul' instruction. And finally "hardware +# this" refers to *this* implementation which also uses 'repz montmul' +# +# sign verify sign/s verify/s +# rsa 512 bits 0.001720s 0.000140s 581.4 7149.7 software integer +# rsa 512 bits 0.000690s 0.000086s 1450.3 11606.0 software SSE2 +# rsa 512 bits 0.006136s 0.000201s 163.0 4974.5 hardware VIA SDK +# rsa 512 bits 0.000712s 0.000050s 1404.9 19858.5 hardware this +# +# rsa 1024 bits 0.008518s 0.000413s 117.4 2420.8 software integer +# rsa 1024 bits 0.004275s 0.000277s 233.9 3609.7 software SSE2 +# rsa 1024 bits 0.012136s 0.000260s 82.4 3844.5 hardware VIA SDK +# rsa 1024 bits 0.002522s 0.000116s 396.5 8650.9 hardware this +# +# rsa 2048 bits 0.050101s 0.001371s 20.0 729.6 software integer +# rsa 2048 bits 0.030273s 0.001008s 33.0 991.9 software SSE2 +# rsa 2048 bits 0.030833s 0.000976s 32.4 1025.1 hardware VIA SDK +# rsa 2048 bits 0.011879s 0.000342s 84.2 2921.7 hardware this +# +# rsa 4096 bits 0.327097s 0.004859s 3.1 205.8 software integer +# rsa 4096 bits 0.229318s 0.003859s 4.4 259.2 software SSE2 +# rsa 4096 bits 0.233953s 0.003274s 4.3 305.4 hardware VIA SDK +# rsa 4096 bits 0.070493s 0.001166s 14.2 857.6 hardware this +# +# dsa 512 bits 0.001342s 0.001651s 745.2 605.7 software integer +# dsa 512 bits 0.000844s 0.000987s 1185.3 1013.1 software SSE2 +# dsa 512 bits 0.001902s 0.002247s 525.6 444.9 hardware VIA SDK +# dsa 512 bits 0.000458s 0.000524s 2182.2 1909.1 hardware this +# +# dsa 1024 bits 0.003964s 0.004926s 252.3 203.0 software integer +# dsa 1024 bits 0.002686s 0.003166s 372.3 315.8 software SSE2 +# dsa 1024 bits 0.002397s 0.002823s 417.1 354.3 hardware VIA SDK +# dsa 1024 bits 0.000978s 0.001170s 1022.2 855.0 hardware this +# +# dsa 2048 bits 0.013280s 0.016518s 75.3 60.5 software integer +# dsa 2048 bits 0.009911s 0.011522s 100.9 86.8 software SSE2 +# dsa 2048 bits 0.009542s 0.011763s 104.8 85.0 hardware VIA SDK +# dsa 2048 bits 0.002884s 0.003352s 346.8 298.3 hardware this +# +# To give you some other reference point here is output for 2.4GHz P4 +# running hand-coded SSE2 bn_mul_mont found in 0.9.9, i.e. "software +# SSE2" in above terms. +# +# rsa 512 bits 0.000407s 0.000047s 2454.2 21137.0 +# rsa 1024 bits 0.002426s 0.000141s 412.1 7100.0 +# rsa 2048 bits 0.015046s 0.000491s 66.5 2034.9 +# rsa 4096 bits 0.109770s 0.002379s 9.1 420.3 +# dsa 512 bits 0.000438s 0.000525s 2281.1 1904.1 +# dsa 1024 bits 0.001346s 0.001595s 742.7 627.0 +# dsa 2048 bits 0.004745s 0.005582s 210.7 179.1 +# +# Conclusions: +# - VIA SDK leaves a *lot* of room for improvement (which this +# implementation successfully fills:-); +# - 'rep montmul' gives up to >3x performance improvement depending on +# key length; +# - in terms of absolute performance it delivers approximately as much +# as modern out-of-order 32-bit cores [again, for longer keys]. + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +push(@INC,"${dir}","${dir}../../perlasm"); +require "x86asm.pl"; + +&asm_init($ARGV[0],"via-mont.pl"); + +# int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num); +$func="bn_mul_mont_padlock"; + +$pad=16*1; # amount of reserved bytes on top of every vector + +# stack layout +$mZeroPrime=&DWP(0,"esp"); # these are specified by VIA +$A=&DWP(4,"esp"); +$B=&DWP(8,"esp"); +$T=&DWP(12,"esp"); +$M=&DWP(16,"esp"); +$scratch=&DWP(20,"esp"); +$rp=&DWP(24,"esp"); # these are mine +$sp=&DWP(28,"esp"); +# &DWP(32,"esp") # 32 byte scratch area +# &DWP(64+(4*$num+$pad)*0,"esp") # padded tp[num] +# &DWP(64+(4*$num+$pad)*1,"esp") # padded copy of ap[num] +# &DWP(64+(4*$num+$pad)*2,"esp") # padded copy of bp[num] +# &DWP(64+(4*$num+$pad)*3,"esp") # padded copy of np[num] +# Note that SDK suggests to unconditionally allocate 2K per vector. This +# has quite an impact on performance. It naturally depends on key length, +# but to give an example 1024 bit private RSA key operations suffer >30% +# penalty. I allocate only as much as actually required... + +&function_begin($func); + &xor ("eax","eax"); + &mov ("ecx",&wparam(5)); # num + # meet VIA's limitations for num [note that the specification + # expresses them in bits, while we work with amount of 32-bit words] + &test ("ecx",3); + &jnz (&label("leave")); # num % 4 != 0 + &cmp ("ecx",8); + &jb (&label("leave")); # num < 8 + &cmp ("ecx",1024); + &ja (&label("leave")); # num > 1024 + + &pushf (); + &cld (); + + &mov ("edi",&wparam(0)); # rp + &mov ("eax",&wparam(1)); # ap + &mov ("ebx",&wparam(2)); # bp + &mov ("edx",&wparam(3)); # np + &mov ("esi",&wparam(4)); # n0 + &mov ("esi",&DWP(0,"esi")); # *n0 + + &lea ("ecx",&DWP($pad,"","ecx",4)); # ecx becomes vector size in bytes + &lea ("ebp",&DWP(64,"","ecx",4)); # allocate 4 vectors + 64 bytes + &neg ("ebp"); + &add ("ebp","esp"); + &and ("ebp",-64); # align to cache-line + &xchg ("ebp","esp"); # alloca + + &mov ($rp,"edi"); # save rp + &mov ($sp,"ebp"); # save esp + + &mov ($mZeroPrime,"esi"); + &lea ("esi",&DWP(64,"esp")); # tp + &mov ($T,"esi"); + &lea ("edi",&DWP(32,"esp")); # scratch area + &mov ($scratch,"edi"); + &mov ("esi","eax"); + + &lea ("ebp",&DWP(-$pad,"ecx")); + &shr ("ebp",2); # restore original num value in ebp + + &xor ("eax","eax"); + + &mov ("ecx","ebp"); + &lea ("ecx",&DWP((32+$pad)/4,"ecx"));# padded tp + scratch + &data_byte(0xf3,0xab); # rep stosl, bzero + + &mov ("ecx","ebp"); + &lea ("edi",&DWP(64+$pad,"esp","ecx",4));# pointer to ap copy + &mov ($A,"edi"); + &data_byte(0xf3,0xa5); # rep movsl, memcpy + &mov ("ecx",$pad/4); + &data_byte(0xf3,0xab); # rep stosl, bzero pad + # edi points at the end of padded ap copy... + + &mov ("ecx","ebp"); + &mov ("esi","ebx"); + &mov ($B,"edi"); + &data_byte(0xf3,0xa5); # rep movsl, memcpy + &mov ("ecx",$pad/4); + &data_byte(0xf3,0xab); # rep stosl, bzero pad + # edi points at the end of padded bp copy... + + &mov ("ecx","ebp"); + &mov ("esi","edx"); + &mov ($M,"edi"); + &data_byte(0xf3,0xa5); # rep movsl, memcpy + &mov ("ecx",$pad/4); + &data_byte(0xf3,0xab); # rep stosl, bzero pad + # edi points at the end of padded np copy... + + # let magic happen... + &mov ("ecx","ebp"); + &mov ("esi","esp"); + &shl ("ecx",5); # convert word counter to bit counter + &align (4); + &data_byte(0xf3,0x0f,0xa6,0xc0);# rep montmul + + &mov ("ecx","ebp"); + &lea ("esi",&DWP(64,"esp")); # tp + # edi still points at the end of padded np copy... + &neg ("ebp"); + &lea ("ebp",&DWP(-$pad,"edi","ebp",4)); # so just "rewind" + &mov ("edi",$rp); # restore rp + &xor ("edx","edx"); # i=0 and clear CF + +&set_label("sub",8); + &mov ("eax",&DWP(0,"esi","edx",4)); + &sbb ("eax",&DWP(0,"ebp","edx",4)); + &mov (&DWP(0,"edi","edx",4),"eax"); # rp[i]=tp[i]-np[i] + &lea ("edx",&DWP(1,"edx")); # i++ + &loop (&label("sub")); # doesn't affect CF! + + &mov ("eax",&DWP(0,"esi","edx",4)); # upmost overflow bit + &sbb ("eax",0); + &and ("esi","eax"); + ¬ ("eax"); + &mov ("ebp","edi"); + &and ("ebp","eax"); + &or ("esi","ebp"); # tp=carry?tp:rp + + &mov ("ecx","edx"); # num + &xor ("edx","edx"); # i=0 + +&set_label("copy",8); + &mov ("eax",&DWP(0,"esi","edx",4)); + &mov (&DWP(64,"esp","edx",4),"ecx"); # zap tp + &mov (&DWP(0,"edi","edx",4),"eax"); + &lea ("edx",&DWP(1,"edx")); # i++ + &loop (&label("copy")); + + &mov ("ebp",$sp); + &xor ("eax","eax"); + + &mov ("ecx",64/4); + &mov ("edi","esp"); # zap frame including scratch area + &data_byte(0xf3,0xab); # rep stosl, bzero + + # zap copies of ap, bp and np + &lea ("edi",&DWP(64+$pad,"esp","edx",4));# pointer to ap + &lea ("ecx",&DWP(3*$pad/4,"edx","edx",2)); + &data_byte(0xf3,0xab); # rep stosl, bzero + + &mov ("esp","ebp"); + &inc ("eax"); # signal "done" + &popf (); +&set_label("leave"); +&function_end($func); + +&asciz("Padlock Montgomery Multiplication, CRYPTOGAMS by "); + +&asm_finish(); diff --git a/src/lib/libcrypto/bn/asm/vms.mar b/src/lib/libcrypto/bn/asm/vms.mar deleted file mode 100644 index 465f2774b62..00000000000 --- a/src/lib/libcrypto/bn/asm/vms.mar +++ /dev/null @@ -1,6412 +0,0 @@ - .title vax_bn_mul_add_word unsigned multiply & add, 32*32+32+32=>64 -; -; w.j.m. 15-jan-1999 -; -; it's magic ... -; -; ULONG bn_mul_add_words(ULONG r[],ULONG a[],int n,ULONG w) { -; ULONG c = 0; -; int i; -; for(i = 0; i < n; i++) := r[i] + c + a[i] * w ; -; return c; -; } - -r=4 ;(AP) -a=8 ;(AP) -n=12 ;(AP) n by value (input) -w=16 ;(AP) w by value (input) - - - .psect code,nowrt - -.entry bn_mul_add_words,^m - - moval @r(ap),r2 - moval @a(ap),r3 - movl n(ap),r4 ; assumed >0 by C code - movl w(ap),r5 - clrl r6 ; c - -0$: - emul r5,(r3),(r2),r0 ; w, a[], r[] considered signed - - ; fixup for "negative" r[] - tstl (r2) - bgeq 10$ - incl r1 -10$: - - ; add in c - addl2 r6,r0 - adwc #0,r1 - - ; combined fixup for "negative" w, a[] - tstl r5 - bgeq 20$ - addl2 (r3),r1 -20$: - tstl (r3) - bgeq 30$ - addl2 r5,r1 -30$: - - movl r0,(r2)+ ; store lo result in r[] & advance - addl #4,r3 ; advance a[] - movl r1,r6 ; store hi result => c - - sobgtr r4,0$ - - movl r6,r0 ; return c - ret - - .title vax_bn_mul_word unsigned multiply & add, 32*32+32=>64 -; -; w.j.m. 15-jan-1999 -; -; it's magic ... -; -; ULONG bn_mul_words(ULONG r[],ULONG a[],int n,ULONG w) { -; ULONG c = 0; -; int i; -; for(i = 0; i < num; i++) := a[i] * w + c ; -; return(c); -; } - -r=4 ;(AP) -a=8 ;(AP) -n=12 ;(AP) n by value (input) -w=16 ;(AP) w by value (input) - - - .psect code,nowrt - -.entry bn_mul_words,^m - - moval @r(ap),r2 ; r2 -> r[] - moval @a(ap),r3 ; r3 -> a[] - movl n(ap),r4 ; r4 = loop count (assumed >0 by C code) - movl w(ap),r5 ; r5 = w - clrl r6 ; r6 = c - -0$: - ; := w * a[] + c - emul r5,(r3),r6,r0 ; w, a[], c considered signed - - ; fixup for "negative" c - tstl r6 ; c - bgeq 10$ - incl r1 -10$: - - ; combined fixup for "negative" w, a[] - tstl r5 ; w - bgeq 20$ - addl2 (r3),r1 ; a[] -20$: - tstl (r3) ; a[] - bgeq 30$ - addl2 r5,r1 ; w -30$: - - movl r0,(r2)+ ; store lo result in r[] & advance - addl #4,r3 ; advance a[] - movl r1,r6 ; store hi result => c - - sobgtr r4,0$ - - movl r6,r0 ; return c - ret - - .title vax_bn_sqr_words unsigned square, 32*32=>64 -; -; w.j.m. 15-jan-1999 -; -; it's magic ... -; -; void bn_sqr_words(ULONG r[],ULONG a[],int n) { -; int i; -; for(i = 0; i < n; i++) := a[i] * a[i] ; -; } - -r=4 ;(AP) -a=8 ;(AP) -n=12 ;(AP) n by value (input) - - - .psect code,nowrt - -.entry bn_sqr_words,^m - - moval @r(ap),r2 ; r2 -> r[] - moval @a(ap),r3 ; r3 -> a[] - movl n(ap),r4 ; r4 = n (assumed >0 by C code) - -0$: - movl (r3)+,r5 ; r5 = a[] & advance - - ; := a[] * a[] - emul r5,r5,#0,r0 ; a[] considered signed - - ; fixup for "negative" a[] - tstl r5 ; a[] - bgeq 30$ - addl2 r5,r1 ; a[] - addl2 r5,r1 ; a[] -30$: - - movl r0,(r2)+ ; store lo result in r[] & advance - movl r1,(r2)+ ; store hi result in r[] & advance - - sobgtr r4,0$ - - movl #1,r0 ; return SS$_NORMAL - ret - - .title vax_bn_div_words unsigned divide -; -; Richard Levitte 20-Nov-2000 -; -; ULONG bn_div_words(ULONG h, ULONG l, ULONG d) -; { -; return ((ULONG)((((ULLONG)h)<<32)|l) / (ULLONG)d); -; } -; -; Using EDIV would be very easy, if it didn't do signed calculations. -; Therefore, som extra things have to happen around it. The way to -; handle that is to shift all operands right one step (basically dividing -; them by 2) and handle the different cases depending on what the lowest -; bit of each operand was. -; -; To start with, let's define the following: -; -; a' = l & 1 -; a2 = >> 1 # UNSIGNED shift! -; b' = d & 1 -; b2 = d >> 1 # UNSIGNED shift! -; -; Now, use EDIV to calculate a quotient and a remainder: -; -; q'' = a2/b2 -; r'' = a2 - q''*b2 -; -; If b' is 0, the quotient is already correct, we just need to adjust the -; remainder: -; -; if (b' == 0) -; { -; r = 2*r'' + a' -; q = q'' -; } -; -; If b' is 1, we need to do other adjustements. The first thought is the -; following (note that r' will not always have the right value, but an -; adjustement follows further down): -; -; if (b' == 1) -; { -; q' = q'' -; r' = a - q'*b -; -; However, one can note the folowing relationship: -; -; r'' = a2 - q''*b2 -; => 2*r'' = 2*a2 - 2*q''*b2 -; = { a = 2*a2 + a', b = 2*b2 + b' = 2*b2 + 1, -; q' = q'' } -; = a - a' - q'*(b - 1) -; = a - q'*b - a' + q' -; = r' - a' + q' -; => r' = 2*r'' - q' + a' -; -; This enables us to use r'' instead of discarding and calculating another -; modulo: -; -; if (b' == 1) -; { -; q' = q'' -; r' = (r'' << 1) - q' + a' -; -; Now, all we have to do is adjust r', because it might be < 0: -; -; while (r' < 0) -; { -; r' = r' + b -; q' = q' - 1 -; } -; } -; -; return q' - -h=4 ;(AP) h by value (input) -l=8 ;(AP) l by value (input) -d=12 ;(AP) d by value (input) - -;aprim=r5 -;a2=r6 -;a20=r6 -;a21=r7 -;bprim=r8 -;b2=r9 -;qprim=r10 ; initially used as q'' -;rprim=r11 ; initially used as r'' - - - .psect code,nowrt - -.entry bn_div_words,^m - movl l(ap),r2 - movl h(ap),r3 - movl d(ap),r4 - - movl #0,r5 - movl #0,r8 - movl #0,r0 -; movl #0,r1 - - rotl #-1,r2,r6 ; a20 = l >> 1 (almost) - rotl #-1,r3,r7 ; a21 = h >> 1 (almost) - rotl #-1,r4,r9 ; b2 = d >> 1 (almost) - - tstl r6 - bgeq 1$ - xorl2 #^X80000000,r6 ; fixup a20 so highest bit is 0 - incl r5 ; a' = 1 -1$: - tstl r7 - bgeq 2$ - xorl2 #^X80000000,r6 ; fixup a20 so highest bit is 1, - ; since that's what was lowest in a21 - xorl2 #^X80000000,r7 ; fixup a21 so highest bit is 1 -2$: - tstl r9 - beql 666$ ; Uh-oh, the divisor is 0... - bgtr 3$ - xorl2 #^X80000000,r9 ; fixup b2 so highest bit is 0 - incl r8 ; b' = 1 -3$: - tstl r9 - bneq 4$ ; if b2 is 0, we know that b' is 1 - tstl r3 - bneq 666$ ; if higher half isn't 0, we overflow - movl r2,r10 ; otherwise, we have our result - brb 42$ ; This is a success, really. -4$: - ediv r9,r6,r10,r11 - - tstl r8 - bneq 5$ ; If b' != 0, go to the other part -; addl3 r11,r11,r1 -; addl2 r5,r1 - brb 42$ -5$: - ashl #1,r11,r11 - subl2 r10,r11 - addl2 r5,r11 - bgeq 7$ -6$: - decl r10 - addl2 r4,r11 - blss 6$ -7$: -; movl r11,r1 -42$: - movl r10,r0 -666$: - ret - - .title vax_bn_add_words unsigned add of two arrays -; -; Richard Levitte 20-Nov-2000 -; -; ULONG bn_add_words(ULONG r[], ULONG a[], ULONG b[], int n) { -; ULONG c = 0; -; int i; -; for (i = 0; i < n; i++) = a[i] + b[i] + c; -; return(c); -; } - -r=4 ;(AP) r by reference (output) -a=8 ;(AP) a by reference (input) -b=12 ;(AP) b by reference (input) -n=16 ;(AP) n by value (input) - - - .psect code,nowrt - -.entry bn_add_words,^m - - moval @r(ap),r2 - moval @a(ap),r3 - moval @b(ap),r4 - movl n(ap),r5 ; assumed >0 by C code - clrl r0 ; c - - tstl r5 ; carry = 0 - bleq 666$ - -0$: - movl (r3)+,r6 ; carry untouched - adwc (r4)+,r6 ; carry used and touched - movl r6,(r2)+ ; carry untouched - sobgtr r5,0$ ; carry untouched - - adwc #0,r0 -666$: - ret - - .title vax_bn_sub_words unsigned add of two arrays -; -; Richard Levitte 20-Nov-2000 -; -; ULONG bn_sub_words(ULONG r[], ULONG a[], ULONG b[], int n) { -; ULONG c = 0; -; int i; -; for (i = 0; i < n; i++) = a[i] - b[i] - c; -; return(c); -; } - -r=4 ;(AP) r by reference (output) -a=8 ;(AP) a by reference (input) -b=12 ;(AP) b by reference (input) -n=16 ;(AP) n by value (input) - - - .psect code,nowrt - -.entry bn_sub_words,^m - - moval @r(ap),r2 - moval @a(ap),r3 - moval @b(ap),r4 - movl n(ap),r5 ; assumed >0 by C code - clrl r0 ; c - - tstl r5 ; carry = 0 - bleq 666$ - -0$: - movl (r3)+,r6 ; carry untouched - sbwc (r4)+,r6 ; carry used and touched - movl r6,(r2)+ ; carry untouched - sobgtr r5,0$ ; carry untouched - - adwc #0,r0 -666$: - ret - - -;r=4 ;(AP) -;a=8 ;(AP) -;b=12 ;(AP) -;n=16 ;(AP) n by value (input) - - .psect code,nowrt - -.entry BN_MUL_COMBA8,^m - movab -924(sp),sp - clrq r8 - - clrl r10 - - movl 8(ap),r6 - movzwl 2(r6),r3 - movl 12(ap),r7 - bicl3 #-65536,(r7),r2 - movzwl 2(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,(r6),-12(fp) - bicl3 #-65536,r3,-16(fp) - mull3 r0,-12(fp),-4(fp) - mull2 r2,-12(fp) - mull3 r2,-16(fp),-8(fp) - mull2 r0,-16(fp) - addl3 -4(fp),-8(fp),r0 - bicl3 #0,r0,-4(fp) - cmpl -4(fp),-8(fp) - bgequ noname.45 - addl2 #65536,-16(fp) -noname.45: - movzwl -2(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-16(fp) - bicl3 #-65536,-4(fp),r0 - ashl #16,r0,-8(fp) - addl3 -8(fp),-12(fp),r0 - bicl3 #0,r0,-12(fp) - cmpl -12(fp),-8(fp) - bgequ noname.46 - incl -16(fp) -noname.46: - movl -12(fp),r1 - movl -16(fp),r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.47 - incl r2 -noname.47: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.48 - incl r10 -noname.48: - - movl 4(ap),r11 - movl r9,(r11) - - clrl r9 - - movzwl 2(r6),r2 - bicl3 #-65536,4(r7),r3 - movzwl 6(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,(r6),-28(fp) - bicl3 #-65536,r2,-32(fp) - mull3 r0,-28(fp),-20(fp) - mull2 r3,-28(fp) - mull3 r3,-32(fp),-24(fp) - mull2 r0,-32(fp) - addl3 -20(fp),-24(fp),r0 - bicl3 #0,r0,-20(fp) - cmpl -20(fp),-24(fp) - bgequ noname.49 - addl2 #65536,-32(fp) -noname.49: - movzwl -18(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-32(fp) - bicl3 #-65536,-20(fp),r0 - ashl #16,r0,-24(fp) - addl3 -24(fp),-28(fp),r0 - bicl3 #0,r0,-28(fp) - cmpl -28(fp),-24(fp) - bgequ noname.50 - incl -32(fp) -noname.50: - movl -28(fp),r1 - movl -32(fp),r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.51 - incl r2 -noname.51: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.52 - incl r9 -noname.52: - - movzwl 6(r6),r2 - bicl3 #-65536,(r7),r3 - movzwl 2(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,4(r6),-44(fp) - bicl3 #-65536,r2,-48(fp) - mull3 r0,-44(fp),-36(fp) - mull2 r3,-44(fp) - mull3 r3,-48(fp),-40(fp) - mull2 r0,-48(fp) - addl3 -36(fp),-40(fp),r0 - bicl3 #0,r0,-36(fp) - cmpl -36(fp),-40(fp) - bgequ noname.53 - addl2 #65536,-48(fp) -noname.53: - movzwl -34(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-48(fp) - bicl3 #-65536,-36(fp),r0 - ashl #16,r0,-40(fp) - addl3 -40(fp),-44(fp),r0 - bicl3 #0,r0,-44(fp) - cmpl -44(fp),-40(fp) - bgequ noname.54 - incl -48(fp) -noname.54: - movl -44(fp),r1 - movl -48(fp),r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.55 - incl r2 -noname.55: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.56 - incl r9 -noname.56: - - movl r8,4(r11) - - clrl r8 - - movzwl 10(r6),r2 - bicl3 #-65536,(r7),r3 - movzwl 2(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,8(r6),-60(fp) - bicl3 #-65536,r2,-64(fp) - mull3 r0,-60(fp),-52(fp) - mull2 r3,-60(fp) - mull3 r3,-64(fp),-56(fp) - mull2 r0,-64(fp) - addl3 -52(fp),-56(fp),r0 - bicl3 #0,r0,-52(fp) - cmpl -52(fp),-56(fp) - bgequ noname.57 - addl2 #65536,-64(fp) -noname.57: - movzwl -50(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-64(fp) - bicl3 #-65536,-52(fp),r0 - ashl #16,r0,-56(fp) - addl3 -56(fp),-60(fp),r0 - bicl3 #0,r0,-60(fp) - cmpl -60(fp),-56(fp) - bgequ noname.58 - incl -64(fp) -noname.58: - movl -60(fp),r1 - movl -64(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.59 - incl r2 -noname.59: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.60 - incl r8 -noname.60: - - movzwl 6(r6),r2 - bicl3 #-65536,4(r7),r3 - movzwl 6(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,4(r6),-76(fp) - bicl3 #-65536,r2,-80(fp) - mull3 r0,-76(fp),-68(fp) - mull2 r3,-76(fp) - mull3 r3,-80(fp),-72(fp) - mull2 r0,-80(fp) - addl3 -68(fp),-72(fp),r0 - bicl3 #0,r0,-68(fp) - cmpl -68(fp),-72(fp) - bgequ noname.61 - addl2 #65536,-80(fp) -noname.61: - movzwl -66(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-80(fp) - bicl3 #-65536,-68(fp),r0 - ashl #16,r0,-72(fp) - addl3 -72(fp),-76(fp),r0 - bicl3 #0,r0,-76(fp) - cmpl -76(fp),-72(fp) - bgequ noname.62 - incl -80(fp) -noname.62: - movl -76(fp),r1 - movl -80(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.63 - incl r2 -noname.63: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.64 - incl r8 -noname.64: - - movzwl 2(r6),r2 - bicl3 #-65536,8(r7),r3 - movzwl 10(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,(r6),-92(fp) - bicl3 #-65536,r2,-96(fp) - mull3 r0,-92(fp),-84(fp) - mull2 r3,-92(fp) - mull3 r3,-96(fp),-88(fp) - mull2 r0,-96(fp) - addl3 -84(fp),-88(fp),r0 - bicl3 #0,r0,-84(fp) - cmpl -84(fp),-88(fp) - bgequ noname.65 - addl2 #65536,-96(fp) -noname.65: - movzwl -82(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-96(fp) - bicl3 #-65536,-84(fp),r0 - ashl #16,r0,-88(fp) - addl3 -88(fp),-92(fp),r0 - bicl3 #0,r0,-92(fp) - cmpl -92(fp),-88(fp) - bgequ noname.66 - incl -96(fp) -noname.66: - movl -92(fp),r1 - movl -96(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.67 - incl r2 -noname.67: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.68 - incl r8 -noname.68: - - movl r10,8(r11) - - clrl r10 - - movzwl 2(r6),r2 - bicl3 #-65536,12(r7),r3 - movzwl 14(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,(r6),-108(fp) - bicl3 #-65536,r2,-112(fp) - mull3 r0,-108(fp),-100(fp) - mull2 r3,-108(fp) - mull3 r3,-112(fp),-104(fp) - mull2 r0,-112(fp) - addl3 -100(fp),-104(fp),r0 - bicl3 #0,r0,-100(fp) - cmpl -100(fp),-104(fp) - bgequ noname.69 - addl2 #65536,-112(fp) -noname.69: - movzwl -98(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-112(fp) - bicl3 #-65536,-100(fp),r0 - ashl #16,r0,-104(fp) - addl3 -104(fp),-108(fp),r0 - bicl3 #0,r0,-108(fp) - cmpl -108(fp),-104(fp) - bgequ noname.70 - incl -112(fp) -noname.70: - movl -108(fp),r1 - movl -112(fp),r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.71 - incl r2 -noname.71: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.72 - incl r10 -noname.72: - - movzwl 6(r6),r2 - bicl3 #-65536,8(r7),r3 - movzwl 10(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,4(r6),-124(fp) - bicl3 #-65536,r2,-128(fp) - mull3 r0,-124(fp),-116(fp) - mull2 r3,-124(fp) - mull3 r3,-128(fp),-120(fp) - mull2 r0,-128(fp) - addl3 -116(fp),-120(fp),r0 - bicl3 #0,r0,-116(fp) - cmpl -116(fp),-120(fp) - bgequ noname.73 - addl2 #65536,-128(fp) -noname.73: - movzwl -114(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-128(fp) - bicl3 #-65536,-116(fp),r0 - ashl #16,r0,-120(fp) - addl3 -120(fp),-124(fp),r0 - bicl3 #0,r0,-124(fp) - cmpl -124(fp),-120(fp) - bgequ noname.74 - incl -128(fp) -noname.74: - movl -124(fp),r1 - movl -128(fp),r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.75 - incl r2 -noname.75: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.76 - incl r10 -noname.76: - - movzwl 10(r6),r2 - bicl3 #-65536,4(r7),r3 - movzwl 6(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,8(r6),-140(fp) - bicl3 #-65536,r2,-144(fp) - mull3 r0,-140(fp),-132(fp) - mull2 r3,-140(fp) - mull3 r3,-144(fp),-136(fp) - mull2 r0,-144(fp) - addl3 -132(fp),-136(fp),r0 - bicl3 #0,r0,-132(fp) - cmpl -132(fp),-136(fp) - bgequ noname.77 - addl2 #65536,-144(fp) -noname.77: - movzwl -130(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-144(fp) - bicl3 #-65536,-132(fp),r0 - ashl #16,r0,-136(fp) - addl3 -136(fp),-140(fp),r0 - bicl3 #0,r0,-140(fp) - cmpl -140(fp),-136(fp) - bgequ noname.78 - incl -144(fp) -noname.78: - movl -140(fp),r1 - movl -144(fp),r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.79 - incl r2 -noname.79: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.80 - incl r10 -noname.80: - - movzwl 14(r6),r2 - bicl3 #-65536,(r7),r3 - movzwl 2(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,12(r6),-156(fp) - bicl3 #-65536,r2,-160(fp) - mull3 r0,-156(fp),-148(fp) - mull2 r3,-156(fp) - mull3 r3,-160(fp),-152(fp) - mull2 r0,-160(fp) - addl3 -148(fp),-152(fp),r0 - bicl3 #0,r0,-148(fp) - cmpl -148(fp),-152(fp) - bgequ noname.81 - addl2 #65536,-160(fp) -noname.81: - movzwl -146(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-160(fp) - bicl3 #-65536,-148(fp),r0 - ashl #16,r0,-152(fp) - addl3 -152(fp),-156(fp),r0 - bicl3 #0,r0,-156(fp) - cmpl -156(fp),-152(fp) - bgequ noname.82 - incl -160(fp) -noname.82: - movl -156(fp),r1 - movl -160(fp),r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.83 - incl r2 -noname.83: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.84 - incl r10 -noname.84: - - movl r9,12(r11) - - clrl r9 - - movzwl 18(r6),r2 - bicl3 #-65536,(r7),r3 - movzwl 2(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,16(r6),-172(fp) - bicl3 #-65536,r2,-176(fp) - mull3 r0,-172(fp),-164(fp) - mull2 r3,-172(fp) - mull3 r3,-176(fp),-168(fp) - mull2 r0,-176(fp) - addl3 -164(fp),-168(fp),r0 - bicl3 #0,r0,-164(fp) - cmpl -164(fp),-168(fp) - bgequ noname.85 - addl2 #65536,-176(fp) -noname.85: - movzwl -162(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-176(fp) - bicl3 #-65536,-164(fp),r0 - ashl #16,r0,-168(fp) - addl3 -168(fp),-172(fp),r0 - bicl3 #0,r0,-172(fp) - cmpl -172(fp),-168(fp) - bgequ noname.86 - incl -176(fp) -noname.86: - movl -172(fp),r1 - movl -176(fp),r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.87 - incl r2 -noname.87: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.88 - incl r9 -noname.88: - - movzwl 14(r6),r2 - bicl3 #-65536,4(r7),r3 - movzwl 6(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,12(r6),-188(fp) - bicl3 #-65536,r2,-192(fp) - mull3 r0,-188(fp),-180(fp) - mull2 r3,-188(fp) - mull3 r3,-192(fp),-184(fp) - mull2 r0,-192(fp) - addl3 -180(fp),-184(fp),r0 - bicl3 #0,r0,-180(fp) - cmpl -180(fp),-184(fp) - bgequ noname.89 - addl2 #65536,-192(fp) -noname.89: - movzwl -178(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-192(fp) - bicl3 #-65536,-180(fp),r0 - ashl #16,r0,-184(fp) - addl3 -184(fp),-188(fp),r0 - bicl3 #0,r0,-188(fp) - cmpl -188(fp),-184(fp) - bgequ noname.90 - incl -192(fp) -noname.90: - movl -188(fp),r1 - movl -192(fp),r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.91 - incl r2 -noname.91: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.92 - incl r9 -noname.92: - - movzwl 10(r6),r2 - bicl3 #-65536,8(r7),r3 - movzwl 10(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,8(r6),-204(fp) - bicl3 #-65536,r2,-208(fp) - mull3 r0,-204(fp),-196(fp) - mull2 r3,-204(fp) - mull3 r3,-208(fp),-200(fp) - mull2 r0,-208(fp) - addl3 -196(fp),-200(fp),r0 - bicl3 #0,r0,-196(fp) - cmpl -196(fp),-200(fp) - bgequ noname.93 - addl2 #65536,-208(fp) -noname.93: - movzwl -194(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-208(fp) - bicl3 #-65536,-196(fp),r0 - ashl #16,r0,-200(fp) - addl3 -200(fp),-204(fp),r0 - bicl3 #0,r0,-204(fp) - cmpl -204(fp),-200(fp) - bgequ noname.94 - incl -208(fp) -noname.94: - movl -204(fp),r1 - movl -208(fp),r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.95 - incl r2 -noname.95: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.96 - incl r9 -noname.96: - - movzwl 6(r6),r2 - bicl3 #-65536,12(r7),r3 - movzwl 14(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,4(r6),-220(fp) - bicl3 #-65536,r2,-224(fp) - mull3 r0,-220(fp),-212(fp) - mull2 r3,-220(fp) - mull3 r3,-224(fp),-216(fp) - mull2 r0,-224(fp) - addl3 -212(fp),-216(fp),r0 - bicl3 #0,r0,-212(fp) - cmpl -212(fp),-216(fp) - bgequ noname.97 - addl2 #65536,-224(fp) -noname.97: - movzwl -210(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-224(fp) - bicl3 #-65536,-212(fp),r0 - ashl #16,r0,-216(fp) - addl3 -216(fp),-220(fp),r0 - bicl3 #0,r0,-220(fp) - cmpl -220(fp),-216(fp) - bgequ noname.98 - incl -224(fp) -noname.98: - movl -220(fp),r1 - movl -224(fp),r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.99 - incl r2 -noname.99: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.100 - incl r9 -noname.100: - - movzwl 2(r6),r2 - bicl3 #-65536,16(r7),r3 - movzwl 18(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,(r6),-236(fp) - bicl3 #-65536,r2,-240(fp) - mull3 r0,-236(fp),-228(fp) - mull2 r3,-236(fp) - mull3 r3,-240(fp),-232(fp) - mull2 r0,-240(fp) - addl3 -228(fp),-232(fp),r0 - bicl3 #0,r0,-228(fp) - cmpl -228(fp),-232(fp) - bgequ noname.101 - addl2 #65536,-240(fp) -noname.101: - movzwl -226(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-240(fp) - bicl3 #-65536,-228(fp),r0 - ashl #16,r0,-232(fp) - addl3 -232(fp),-236(fp),r0 - bicl3 #0,r0,-236(fp) - cmpl -236(fp),-232(fp) - bgequ noname.102 - incl -240(fp) -noname.102: - movl -236(fp),r1 - movl -240(fp),r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.103 - incl r2 -noname.103: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.104 - incl r9 -noname.104: - - movl r8,16(r11) - - clrl r8 - - movzwl 2(r6),r2 - bicl3 #-65536,20(r7),r3 - movzwl 22(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,(r6),-252(fp) - bicl3 #-65536,r2,-256(fp) - mull3 r0,-252(fp),-244(fp) - mull2 r3,-252(fp) - mull3 r3,-256(fp),-248(fp) - mull2 r0,-256(fp) - addl3 -244(fp),-248(fp),r0 - bicl3 #0,r0,-244(fp) - cmpl -244(fp),-248(fp) - bgequ noname.105 - addl2 #65536,-256(fp) -noname.105: - movzwl -242(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-256(fp) - bicl3 #-65536,-244(fp),r0 - ashl #16,r0,-248(fp) - addl3 -248(fp),-252(fp),r0 - bicl3 #0,r0,-252(fp) - cmpl -252(fp),-248(fp) - bgequ noname.106 - incl -256(fp) -noname.106: - movl -252(fp),r1 - movl -256(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.107 - incl r2 -noname.107: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.108 - incl r8 -noname.108: - - movzwl 6(r6),r2 - bicl3 #-65536,16(r7),r3 - movzwl 18(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,4(r6),-268(fp) - bicl3 #-65536,r2,-272(fp) - mull3 r0,-268(fp),-260(fp) - mull2 r3,-268(fp) - mull3 r3,-272(fp),-264(fp) - mull2 r0,-272(fp) - addl3 -260(fp),-264(fp),r0 - bicl3 #0,r0,-260(fp) - cmpl -260(fp),-264(fp) - bgequ noname.109 - addl2 #65536,-272(fp) -noname.109: - movzwl -258(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-272(fp) - bicl3 #-65536,-260(fp),r0 - ashl #16,r0,-264(fp) - addl3 -264(fp),-268(fp),r0 - bicl3 #0,r0,-268(fp) - cmpl -268(fp),-264(fp) - bgequ noname.110 - incl -272(fp) -noname.110: - movl -268(fp),r1 - movl -272(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.111 - incl r2 -noname.111: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.112 - incl r8 -noname.112: - - movzwl 10(r6),r2 - bicl3 #-65536,12(r7),r3 - movzwl 14(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,8(r6),-284(fp) - bicl3 #-65536,r2,-288(fp) - mull3 r0,-284(fp),-276(fp) - mull2 r3,-284(fp) - mull3 r3,-288(fp),-280(fp) - mull2 r0,-288(fp) - addl3 -276(fp),-280(fp),r0 - bicl3 #0,r0,-276(fp) - cmpl -276(fp),-280(fp) - bgequ noname.113 - addl2 #65536,-288(fp) -noname.113: - movzwl -274(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-288(fp) - bicl3 #-65536,-276(fp),r0 - ashl #16,r0,-280(fp) - addl3 -280(fp),-284(fp),r0 - bicl3 #0,r0,-284(fp) - cmpl -284(fp),-280(fp) - bgequ noname.114 - incl -288(fp) -noname.114: - movl -284(fp),r1 - movl -288(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.115 - incl r2 -noname.115: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.116 - incl r8 -noname.116: - - movzwl 14(r6),r2 - bicl3 #-65536,8(r7),r3 - movzwl 10(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,12(r6),-300(fp) - bicl3 #-65536,r2,-304(fp) - mull3 r0,-300(fp),-292(fp) - mull2 r3,-300(fp) - mull3 r3,-304(fp),-296(fp) - mull2 r0,-304(fp) - addl3 -292(fp),-296(fp),r0 - bicl3 #0,r0,-292(fp) - cmpl -292(fp),-296(fp) - bgequ noname.117 - addl2 #65536,-304(fp) -noname.117: - movzwl -290(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-304(fp) - bicl3 #-65536,-292(fp),r0 - ashl #16,r0,-296(fp) - addl3 -296(fp),-300(fp),r0 - bicl3 #0,r0,-300(fp) - cmpl -300(fp),-296(fp) - bgequ noname.118 - incl -304(fp) -noname.118: - movl -300(fp),r1 - movl -304(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.119 - incl r2 -noname.119: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.120 - incl r8 -noname.120: - - movzwl 18(r6),r2 - bicl3 #-65536,4(r7),r3 - movzwl 6(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,16(r6),-316(fp) - bicl3 #-65536,r2,-320(fp) - mull3 r0,-316(fp),-308(fp) - mull2 r3,-316(fp) - mull3 r3,-320(fp),-312(fp) - mull2 r0,-320(fp) - addl3 -308(fp),-312(fp),r0 - bicl3 #0,r0,-308(fp) - cmpl -308(fp),-312(fp) - bgequ noname.121 - addl2 #65536,-320(fp) -noname.121: - movzwl -306(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-320(fp) - bicl3 #-65536,-308(fp),r0 - ashl #16,r0,-312(fp) - addl3 -312(fp),-316(fp),r0 - bicl3 #0,r0,-316(fp) - cmpl -316(fp),-312(fp) - bgequ noname.122 - incl -320(fp) -noname.122: - movl -316(fp),r1 - movl -320(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.123 - incl r2 - -noname.123: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.124 - incl r8 -noname.124: - - movzwl 22(r6),r2 - bicl3 #-65536,(r7),r3 - movzwl 2(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,20(r6),-332(fp) - bicl3 #-65536,r2,-336(fp) - mull3 r0,-332(fp),-324(fp) - mull2 r3,-332(fp) - mull3 r3,-336(fp),-328(fp) - mull2 r0,-336(fp) - addl3 -324(fp),-328(fp),r0 - bicl3 #0,r0,-324(fp) - cmpl -324(fp),-328(fp) - bgequ noname.125 - addl2 #65536,-336(fp) -noname.125: - movzwl -322(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-336(fp) - bicl3 #-65536,-324(fp),r0 - ashl #16,r0,-328(fp) - addl3 -328(fp),-332(fp),r0 - bicl3 #0,r0,-332(fp) - cmpl -332(fp),-328(fp) - bgequ noname.126 - incl -336(fp) -noname.126: - movl -332(fp),r1 - movl -336(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.127 - incl r2 -noname.127: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.128 - incl r8 -noname.128: - - movl r10,20(r11) - - clrl r10 - - movzwl 26(r6),r2 - bicl3 #-65536,(r7),r3 - movzwl 2(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,24(r6),-348(fp) - bicl3 #-65536,r2,-352(fp) - mull3 r0,-348(fp),-340(fp) - mull2 r3,-348(fp) - mull3 r3,-352(fp),-344(fp) - mull2 r0,-352(fp) - addl3 -340(fp),-344(fp),r0 - bicl3 #0,r0,-340(fp) - cmpl -340(fp),-344(fp) - bgequ noname.129 - addl2 #65536,-352(fp) -noname.129: - movzwl -338(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-352(fp) - bicl3 #-65536,-340(fp),r0 - ashl #16,r0,-344(fp) - addl3 -344(fp),-348(fp),r0 - bicl3 #0,r0,-348(fp) - cmpl -348(fp),-344(fp) - bgequ noname.130 - incl -352(fp) -noname.130: - movl -348(fp),r1 - movl -352(fp),r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.131 - incl r2 -noname.131: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.132 - incl r10 -noname.132: - - movzwl 22(r6),r2 - bicl3 #-65536,4(r7),r3 - movzwl 6(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,20(r6),-364(fp) - bicl3 #-65536,r2,-368(fp) - mull3 r0,-364(fp),-356(fp) - mull2 r3,-364(fp) - mull3 r3,-368(fp),-360(fp) - mull2 r0,-368(fp) - addl3 -356(fp),-360(fp),r0 - bicl3 #0,r0,-356(fp) - cmpl -356(fp),-360(fp) - bgequ noname.133 - addl2 #65536,-368(fp) -noname.133: - movzwl -354(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-368(fp) - bicl3 #-65536,-356(fp),r0 - ashl #16,r0,-360(fp) - addl3 -360(fp),-364(fp),r0 - bicl3 #0,r0,-364(fp) - cmpl -364(fp),-360(fp) - bgequ noname.134 - incl -368(fp) -noname.134: - movl -364(fp),r1 - movl -368(fp),r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.135 - incl r2 -noname.135: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.136 - incl r10 -noname.136: - - movzwl 18(r6),r2 - bicl3 #-65536,8(r7),r3 - movzwl 10(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,16(r6),-380(fp) - bicl3 #-65536,r2,-384(fp) - mull3 r0,-380(fp),-372(fp) - mull2 r3,-380(fp) - mull3 r3,-384(fp),-376(fp) - mull2 r0,-384(fp) - addl3 -372(fp),-376(fp),r0 - bicl3 #0,r0,-372(fp) - cmpl -372(fp),-376(fp) - bgequ noname.137 - addl2 #65536,-384(fp) -noname.137: - movzwl -370(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-384(fp) - bicl3 #-65536,-372(fp),r0 - ashl #16,r0,-376(fp) - addl3 -376(fp),-380(fp),r0 - bicl3 #0,r0,-380(fp) - cmpl -380(fp),-376(fp) - bgequ noname.138 - incl -384(fp) -noname.138: - movl -380(fp),r1 - movl -384(fp),r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.139 - incl r2 -noname.139: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.140 - incl r10 -noname.140: - - movzwl 14(r6),r2 - bicl3 #-65536,12(r7),r3 - movzwl 14(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,12(r6),-396(fp) - bicl3 #-65536,r2,-400(fp) - mull3 r0,-396(fp),-388(fp) - mull2 r3,-396(fp) - mull3 r3,-400(fp),-392(fp) - mull2 r0,-400(fp) - addl3 -388(fp),-392(fp),r0 - bicl3 #0,r0,-388(fp) - cmpl -388(fp),-392(fp) - bgequ noname.141 - addl2 #65536,-400(fp) -noname.141: - movzwl -386(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-400(fp) - bicl3 #-65536,-388(fp),r0 - ashl #16,r0,-392(fp) - addl3 -392(fp),-396(fp),r0 - bicl3 #0,r0,-396(fp) - cmpl -396(fp),-392(fp) - bgequ noname.142 - incl -400(fp) -noname.142: - movl -396(fp),r1 - movl -400(fp),r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.143 - incl r2 -noname.143: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.144 - incl r10 -noname.144: - - movzwl 10(r6),r2 - bicl3 #-65536,16(r7),r3 - movzwl 18(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,8(r6),-412(fp) - bicl3 #-65536,r2,-416(fp) - mull3 r0,-412(fp),-404(fp) - mull2 r3,-412(fp) - mull3 r3,-416(fp),-408(fp) - mull2 r0,-416(fp) - addl3 -404(fp),-408(fp),r0 - bicl3 #0,r0,-404(fp) - cmpl -404(fp),-408(fp) - bgequ noname.145 - addl2 #65536,-416(fp) -noname.145: - movzwl -402(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-416(fp) - bicl3 #-65536,-404(fp),r0 - ashl #16,r0,-408(fp) - addl3 -408(fp),-412(fp),r0 - bicl3 #0,r0,-412(fp) - cmpl -412(fp),-408(fp) - bgequ noname.146 - incl -416(fp) -noname.146: - movl -412(fp),r1 - movl -416(fp),r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.147 - incl r2 -noname.147: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.148 - incl r10 -noname.148: - - movzwl 6(r6),r2 - bicl3 #-65536,20(r7),r3 - movzwl 22(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,4(r6),-428(fp) - bicl3 #-65536,r2,-432(fp) - mull3 r0,-428(fp),-420(fp) - mull2 r3,-428(fp) - mull3 r3,-432(fp),-424(fp) - mull2 r0,-432(fp) - addl3 -420(fp),-424(fp),r0 - bicl3 #0,r0,-420(fp) - cmpl -420(fp),-424(fp) - bgequ noname.149 - addl2 #65536,-432(fp) -noname.149: - movzwl -418(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-432(fp) - bicl3 #-65536,-420(fp),r0 - ashl #16,r0,-424(fp) - addl3 -424(fp),-428(fp),r0 - bicl3 #0,r0,-428(fp) - cmpl -428(fp),-424(fp) - bgequ noname.150 - incl -432(fp) -noname.150: - movl -428(fp),r1 - movl -432(fp),r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.151 - incl r2 -noname.151: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.152 - incl r10 -noname.152: - - movzwl 2(r6),r2 - bicl3 #-65536,24(r7),r3 - movzwl 26(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,(r6),-444(fp) - bicl3 #-65536,r2,-448(fp) - mull3 r0,-444(fp),-436(fp) - mull2 r3,-444(fp) - mull3 r3,-448(fp),-440(fp) - mull2 r0,-448(fp) - addl3 -436(fp),-440(fp),r0 - bicl3 #0,r0,-436(fp) - cmpl -436(fp),-440(fp) - bgequ noname.153 - addl2 #65536,-448(fp) -noname.153: - movzwl -434(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-448(fp) - bicl3 #-65536,-436(fp),r0 - ashl #16,r0,-440(fp) - addl3 -440(fp),-444(fp),r0 - bicl3 #0,r0,-444(fp) - cmpl -444(fp),-440(fp) - bgequ noname.154 - incl -448(fp) -noname.154: - movl -444(fp),r1 - movl -448(fp),r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.155 - incl r2 -noname.155: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.156 - incl r10 -noname.156: - - movl r9,24(r11) - - clrl r9 - - movzwl 2(r6),r2 - bicl3 #-65536,28(r7),r3 - movzwl 30(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,(r6),-460(fp) - bicl3 #-65536,r2,-464(fp) - mull3 r0,-460(fp),-452(fp) - mull2 r3,-460(fp) - mull3 r3,-464(fp),-456(fp) - mull2 r0,-464(fp) - addl3 -452(fp),-456(fp),r0 - bicl3 #0,r0,-452(fp) - cmpl -452(fp),-456(fp) - bgequ noname.157 - addl2 #65536,-464(fp) -noname.157: - movzwl -450(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-464(fp) - bicl3 #-65536,-452(fp),r0 - ashl #16,r0,-456(fp) - addl3 -456(fp),-460(fp),r0 - bicl3 #0,r0,-460(fp) - cmpl -460(fp),-456(fp) - bgequ noname.158 - incl -464(fp) -noname.158: - movl -460(fp),r1 - movl -464(fp),r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.159 - incl r2 -noname.159: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.160 - incl r9 -noname.160: - - movzwl 6(r6),r2 - bicl3 #-65536,24(r7),r3 - movzwl 26(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,4(r6),-476(fp) - bicl3 #-65536,r2,-480(fp) - mull3 r0,-476(fp),-468(fp) - mull2 r3,-476(fp) - mull3 r3,-480(fp),-472(fp) - mull2 r0,-480(fp) - addl3 -468(fp),-472(fp),r0 - bicl3 #0,r0,-468(fp) - cmpl -468(fp),-472(fp) - bgequ noname.161 - addl2 #65536,-480(fp) -noname.161: - movzwl -466(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-480(fp) - bicl3 #-65536,-468(fp),r0 - ashl #16,r0,-472(fp) - addl3 -472(fp),-476(fp),r0 - bicl3 #0,r0,-476(fp) - cmpl -476(fp),-472(fp) - bgequ noname.162 - incl -480(fp) -noname.162: - movl -476(fp),r1 - movl -480(fp),r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.163 - incl r2 -noname.163: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.164 - incl r9 -noname.164: - - movzwl 10(r6),r2 - bicl3 #-65536,20(r7),r3 - movzwl 22(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,8(r6),-492(fp) - bicl3 #-65536,r2,-496(fp) - mull3 r0,-492(fp),-484(fp) - mull2 r3,-492(fp) - mull3 r3,-496(fp),-488(fp) - mull2 r0,-496(fp) - addl3 -484(fp),-488(fp),r0 - bicl3 #0,r0,-484(fp) - cmpl -484(fp),-488(fp) - bgequ noname.165 - addl2 #65536,-496(fp) -noname.165: - movzwl -482(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-496(fp) - bicl3 #-65536,-484(fp),r0 - ashl #16,r0,-488(fp) - addl3 -488(fp),-492(fp),r0 - bicl3 #0,r0,-492(fp) - cmpl -492(fp),-488(fp) - bgequ noname.166 - incl -496(fp) -noname.166: - movl -492(fp),r1 - movl -496(fp),r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.167 - incl r2 -noname.167: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.168 - incl r9 -noname.168: - - movzwl 14(r6),r2 - bicl3 #-65536,16(r7),r3 - movzwl 18(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,12(r6),-508(fp) - bicl3 #-65536,r2,-512(fp) - mull3 r0,-508(fp),-500(fp) - mull2 r3,-508(fp) - mull3 r3,-512(fp),-504(fp) - mull2 r0,-512(fp) - addl3 -500(fp),-504(fp),r0 - bicl3 #0,r0,-500(fp) - cmpl -500(fp),-504(fp) - bgequ noname.169 - addl2 #65536,-512(fp) -noname.169: - movzwl -498(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-512(fp) - bicl3 #-65536,-500(fp),r0 - ashl #16,r0,-504(fp) - addl3 -504(fp),-508(fp),r0 - bicl3 #0,r0,-508(fp) - cmpl -508(fp),-504(fp) - bgequ noname.170 - incl -512(fp) -noname.170: - movl -508(fp),r1 - movl -512(fp),r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.171 - incl r2 -noname.171: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.172 - incl r9 -noname.172: - - movzwl 18(r6),r2 - bicl3 #-65536,12(r7),r3 - movzwl 14(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,16(r6),-524(fp) - bicl3 #-65536,r2,-528(fp) - mull3 r0,-524(fp),-516(fp) - mull2 r3,-524(fp) - mull3 r3,-528(fp),-520(fp) - mull2 r0,-528(fp) - addl3 -516(fp),-520(fp),r0 - bicl3 #0,r0,-516(fp) - cmpl -516(fp),-520(fp) - bgequ noname.173 - addl2 #65536,-528(fp) -noname.173: - movzwl -514(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-528(fp) - bicl3 #-65536,-516(fp),r0 - ashl #16,r0,-520(fp) - addl3 -520(fp),-524(fp),r0 - bicl3 #0,r0,-524(fp) - cmpl -524(fp),-520(fp) - bgequ noname.174 - incl -528(fp) -noname.174: - movl -524(fp),r1 - movl -528(fp),r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.175 - incl r2 -noname.175: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.176 - incl r9 -noname.176: - - movzwl 22(r6),r2 - bicl3 #-65536,8(r7),r3 - movzwl 10(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,20(r6),-540(fp) - bicl3 #-65536,r2,-544(fp) - mull3 r0,-540(fp),-532(fp) - mull2 r3,-540(fp) - mull3 r3,-544(fp),-536(fp) - mull2 r0,-544(fp) - addl3 -532(fp),-536(fp),r0 - bicl3 #0,r0,-532(fp) - cmpl -532(fp),-536(fp) - bgequ noname.177 - addl2 #65536,-544(fp) -noname.177: - movzwl -530(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-544(fp) - bicl3 #-65536,-532(fp),r0 - ashl #16,r0,-536(fp) - addl3 -536(fp),-540(fp),r0 - bicl3 #0,r0,-540(fp) - cmpl -540(fp),-536(fp) - bgequ noname.178 - incl -544(fp) -noname.178: - movl -540(fp),r1 - movl -544(fp),r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.179 - incl r2 -noname.179: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.180 - incl r9 -noname.180: - - movzwl 26(r6),r2 - bicl3 #-65536,4(r7),r3 - movzwl 6(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,24(r6),-556(fp) - bicl3 #-65536,r2,-560(fp) - mull3 r0,-556(fp),-548(fp) - mull2 r3,-556(fp) - mull3 r3,-560(fp),-552(fp) - mull2 r0,-560(fp) - addl3 -548(fp),-552(fp),r0 - bicl3 #0,r0,-548(fp) - cmpl -548(fp),-552(fp) - bgequ noname.181 - addl2 #65536,-560(fp) -noname.181: - movzwl -546(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-560(fp) - bicl3 #-65536,-548(fp),r0 - ashl #16,r0,-552(fp) - addl3 -552(fp),-556(fp),r0 - bicl3 #0,r0,-556(fp) - cmpl -556(fp),-552(fp) - bgequ noname.182 - incl -560(fp) -noname.182: - movl -556(fp),r1 - movl -560(fp),r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.183 - incl r2 -noname.183: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.184 - incl r9 -noname.184: - - movzwl 30(r6),r2 - bicl3 #-65536,(r7),r3 - movzwl 2(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,28(r6),-572(fp) - bicl3 #-65536,r2,-576(fp) - mull3 r0,-572(fp),-564(fp) - mull2 r3,-572(fp) - mull3 r3,-576(fp),-568(fp) - mull2 r0,-576(fp) - addl3 -564(fp),-568(fp),r0 - bicl3 #0,r0,-564(fp) - cmpl -564(fp),-568(fp) - bgequ noname.185 - addl2 #65536,-576(fp) -noname.185: - movzwl -562(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-576(fp) - bicl3 #-65536,-564(fp),r0 - ashl #16,r0,-568(fp) - addl3 -568(fp),-572(fp),r0 - bicl3 #0,r0,-572(fp) - cmpl -572(fp),-568(fp) - bgequ noname.186 - incl -576(fp) -noname.186: - movl -572(fp),r1 - movl -576(fp),r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.187 - incl r2 -noname.187: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.188 - incl r9 -noname.188: - - movl r8,28(r11) - - clrl r8 - - movzwl 30(r6),r2 - bicl3 #-65536,4(r7),r3 - movzwl 6(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,28(r6),-588(fp) - bicl3 #-65536,r2,-592(fp) - mull3 r0,-588(fp),-580(fp) - mull2 r3,-588(fp) - mull3 r3,-592(fp),-584(fp) - mull2 r0,-592(fp) - addl3 -580(fp),-584(fp),r0 - bicl3 #0,r0,-580(fp) - cmpl -580(fp),-584(fp) - bgequ noname.189 - addl2 #65536,-592(fp) -noname.189: - movzwl -578(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-592(fp) - bicl3 #-65536,-580(fp),r0 - ashl #16,r0,-584(fp) - addl3 -584(fp),-588(fp),r0 - bicl3 #0,r0,-588(fp) - cmpl -588(fp),-584(fp) - bgequ noname.190 - incl -592(fp) -noname.190: - movl -588(fp),r1 - movl -592(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.191 - incl r2 -noname.191: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.192 - incl r8 -noname.192: - - movzwl 26(r6),r2 - bicl3 #-65536,8(r7),r3 - movzwl 10(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,24(r6),-604(fp) - bicl3 #-65536,r2,-608(fp) - mull3 r0,-604(fp),-596(fp) - mull2 r3,-604(fp) - mull3 r3,-608(fp),-600(fp) - mull2 r0,-608(fp) - addl3 -596(fp),-600(fp),r0 - bicl3 #0,r0,-596(fp) - cmpl -596(fp),-600(fp) - bgequ noname.193 - addl2 #65536,-608(fp) -noname.193: - movzwl -594(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-608(fp) - bicl3 #-65536,-596(fp),r0 - ashl #16,r0,-600(fp) - addl3 -600(fp),-604(fp),r0 - bicl3 #0,r0,-604(fp) - cmpl -604(fp),-600(fp) - bgequ noname.194 - incl -608(fp) -noname.194: - movl -604(fp),r1 - movl -608(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.195 - incl r2 -noname.195: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.196 - incl r8 -noname.196: - - movzwl 22(r6),r2 - bicl3 #-65536,12(r7),r3 - movzwl 14(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,20(r6),-620(fp) - bicl3 #-65536,r2,-624(fp) - mull3 r0,-620(fp),-612(fp) - mull2 r3,-620(fp) - mull3 r3,-624(fp),-616(fp) - mull2 r0,-624(fp) - addl3 -612(fp),-616(fp),r0 - bicl3 #0,r0,-612(fp) - cmpl -612(fp),-616(fp) - bgequ noname.197 - addl2 #65536,-624(fp) -noname.197: - movzwl -610(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-624(fp) - bicl3 #-65536,-612(fp),r0 - ashl #16,r0,-616(fp) - addl3 -616(fp),-620(fp),r0 - bicl3 #0,r0,-620(fp) - cmpl -620(fp),-616(fp) - bgequ noname.198 - incl -624(fp) -noname.198: - movl -620(fp),r1 - movl -624(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.199 - incl r2 -noname.199: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.200 - incl r8 -noname.200: - - movzwl 18(r6),r2 - bicl3 #-65536,16(r7),r3 - movzwl 18(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,16(r6),-636(fp) - bicl3 #-65536,r2,-640(fp) - mull3 r0,-636(fp),-628(fp) - mull2 r3,-636(fp) - mull3 r3,-640(fp),-632(fp) - mull2 r0,-640(fp) - addl3 -628(fp),-632(fp),r0 - bicl3 #0,r0,-628(fp) - cmpl -628(fp),-632(fp) - bgequ noname.201 - addl2 #65536,-640(fp) -noname.201: - movzwl -626(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-640(fp) - bicl3 #-65536,-628(fp),r0 - ashl #16,r0,-632(fp) - addl3 -632(fp),-636(fp),r0 - bicl3 #0,r0,-636(fp) - cmpl -636(fp),-632(fp) - bgequ noname.202 - incl -640(fp) -noname.202: - movl -636(fp),r1 - movl -640(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.203 - incl r2 -noname.203: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.204 - incl r8 -noname.204: - - movzwl 14(r6),r2 - bicl3 #-65536,20(r7),r3 - movzwl 22(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,12(r6),-652(fp) - bicl3 #-65536,r2,-656(fp) - mull3 r0,-652(fp),-644(fp) - mull2 r3,-652(fp) - mull3 r3,-656(fp),-648(fp) - mull2 r0,-656(fp) - addl3 -644(fp),-648(fp),r0 - bicl3 #0,r0,-644(fp) - cmpl -644(fp),-648(fp) - bgequ noname.205 - addl2 #65536,-656(fp) -noname.205: - movzwl -642(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-656(fp) - bicl3 #-65536,-644(fp),r0 - ashl #16,r0,-648(fp) - addl3 -648(fp),-652(fp),r0 - bicl3 #0,r0,-652(fp) - cmpl -652(fp),-648(fp) - bgequ noname.206 - incl -656(fp) -noname.206: - movl -652(fp),r1 - movl -656(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.207 - incl r2 -noname.207: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.208 - incl r8 -noname.208: - - movzwl 10(r6),r2 - bicl3 #-65536,24(r7),r3 - movzwl 26(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,8(r6),-668(fp) - bicl3 #-65536,r2,-672(fp) - mull3 r0,-668(fp),-660(fp) - mull2 r3,-668(fp) - mull3 r3,-672(fp),-664(fp) - mull2 r0,-672(fp) - addl3 -660(fp),-664(fp),r0 - bicl3 #0,r0,-660(fp) - cmpl -660(fp),-664(fp) - bgequ noname.209 - addl2 #65536,-672(fp) -noname.209: - movzwl -658(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-672(fp) - bicl3 #-65536,-660(fp),r0 - ashl #16,r0,-664(fp) - addl3 -664(fp),-668(fp),r0 - bicl3 #0,r0,-668(fp) - cmpl -668(fp),-664(fp) - bgequ noname.210 - incl -672(fp) -noname.210: - movl -668(fp),r1 - movl -672(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.211 - incl r2 -noname.211: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.212 - incl r8 -noname.212: - - movzwl 6(r6),r2 - bicl3 #-65536,28(r7),r3 - movzwl 30(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,4(r6),-684(fp) - bicl3 #-65536,r2,-688(fp) - mull3 r0,-684(fp),-676(fp) - mull2 r3,-684(fp) - mull3 r3,-688(fp),-680(fp) - mull2 r0,-688(fp) - addl3 -676(fp),-680(fp),r0 - bicl3 #0,r0,-676(fp) - cmpl -676(fp),-680(fp) - bgequ noname.213 - addl2 #65536,-688(fp) -noname.213: - movzwl -674(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-688(fp) - bicl3 #-65536,-676(fp),r0 - ashl #16,r0,-680(fp) - addl3 -680(fp),-684(fp),r0 - bicl3 #0,r0,-684(fp) - cmpl -684(fp),-680(fp) - bgequ noname.214 - incl -688(fp) -noname.214: - movl -684(fp),r1 - movl -688(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.215 - incl r2 -noname.215: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.216 - incl r8 -noname.216: - - movl r10,32(r11) - - clrl r10 - - movzwl 10(r6),r2 - bicl3 #-65536,28(r7),r3 - movzwl 30(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,8(r6),-700(fp) - bicl3 #-65536,r2,-704(fp) - mull3 r0,-700(fp),-692(fp) - mull2 r3,-700(fp) - mull3 r3,-704(fp),-696(fp) - mull2 r0,-704(fp) - addl3 -692(fp),-696(fp),r0 - bicl3 #0,r0,-692(fp) - cmpl -692(fp),-696(fp) - bgequ noname.217 - addl2 #65536,-704(fp) -noname.217: - movzwl -690(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-704(fp) - bicl3 #-65536,-692(fp),r0 - ashl #16,r0,-696(fp) - addl3 -696(fp),-700(fp),r0 - bicl3 #0,r0,-700(fp) - cmpl -700(fp),-696(fp) - bgequ noname.218 - incl -704(fp) -noname.218: - movl -700(fp),r1 - movl -704(fp),r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.219 - incl r2 -noname.219: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.220 - incl r10 -noname.220: - - movzwl 14(r6),r2 - bicl3 #-65536,24(r7),r3 - movzwl 26(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,12(r6),-716(fp) - bicl3 #-65536,r2,-720(fp) - mull3 r0,-716(fp),-708(fp) - mull2 r3,-716(fp) - mull3 r3,-720(fp),-712(fp) - mull2 r0,-720(fp) - addl3 -708(fp),-712(fp),r0 - bicl3 #0,r0,-708(fp) - cmpl -708(fp),-712(fp) - bgequ noname.221 - addl2 #65536,-720(fp) -noname.221: - movzwl -706(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-720(fp) - bicl3 #-65536,-708(fp),r0 - ashl #16,r0,-712(fp) - addl3 -712(fp),-716(fp),r0 - bicl3 #0,r0,-716(fp) - cmpl -716(fp),-712(fp) - bgequ noname.222 - incl -720(fp) -noname.222: - movl -716(fp),r1 - movl -720(fp),r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.223 - incl r2 -noname.223: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.224 - incl r10 -noname.224: - - movzwl 18(r6),r2 - bicl3 #-65536,20(r7),r3 - movzwl 22(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,16(r6),-732(fp) - bicl3 #-65536,r2,-736(fp) - mull3 r0,-732(fp),-724(fp) - mull2 r3,-732(fp) - mull3 r3,-736(fp),-728(fp) - mull2 r0,-736(fp) - addl3 -724(fp),-728(fp),r0 - bicl3 #0,r0,-724(fp) - cmpl -724(fp),-728(fp) - bgequ noname.225 - addl2 #65536,-736(fp) -noname.225: - movzwl -722(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-736(fp) - bicl3 #-65536,-724(fp),r0 - ashl #16,r0,-728(fp) - addl3 -728(fp),-732(fp),r0 - bicl3 #0,r0,-732(fp) - cmpl -732(fp),-728(fp) - bgequ noname.226 - incl -736(fp) -noname.226: - movl -732(fp),r1 - movl -736(fp),r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.227 - incl r2 -noname.227: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.228 - incl r10 -noname.228: - - movzwl 22(r6),r2 - bicl3 #-65536,16(r7),r3 - movzwl 18(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,20(r6),-748(fp) - bicl3 #-65536,r2,-752(fp) - mull3 r0,-748(fp),-740(fp) - mull2 r3,-748(fp) - mull3 r3,-752(fp),-744(fp) - mull2 r0,-752(fp) - addl3 -740(fp),-744(fp),r0 - bicl3 #0,r0,-740(fp) - cmpl -740(fp),-744(fp) - bgequ noname.229 - addl2 #65536,-752(fp) -noname.229: - movzwl -738(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-752(fp) - bicl3 #-65536,-740(fp),r0 - ashl #16,r0,-744(fp) - addl3 -744(fp),-748(fp),r0 - bicl3 #0,r0,-748(fp) - cmpl -748(fp),-744(fp) - bgequ noname.230 - incl -752(fp) -noname.230: - movl -748(fp),r1 - movl -752(fp),r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.231 - incl r2 -noname.231: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.232 - incl r10 -noname.232: - - movzwl 26(r6),r2 - bicl3 #-65536,12(r7),r3 - movzwl 14(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,24(r6),-764(fp) - bicl3 #-65536,r2,-768(fp) - mull3 r0,-764(fp),-756(fp) - mull2 r3,-764(fp) - mull3 r3,-768(fp),-760(fp) - mull2 r0,-768(fp) - addl3 -756(fp),-760(fp),r0 - bicl3 #0,r0,-756(fp) - cmpl -756(fp),-760(fp) - bgequ noname.233 - addl2 #65536,-768(fp) -noname.233: - movzwl -754(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-768(fp) - bicl3 #-65536,-756(fp),r0 - ashl #16,r0,-760(fp) - addl3 -760(fp),-764(fp),r0 - bicl3 #0,r0,-764(fp) - cmpl -764(fp),-760(fp) - bgequ noname.234 - incl -768(fp) -noname.234: - movl -764(fp),r1 - movl -768(fp),r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.235 - incl r2 -noname.235: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.236 - incl r10 -noname.236: - - bicl3 #-65536,28(r6),r3 - movzwl 30(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,8(r7),r2 - movzwl 10(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-772(fp) - mull2 r2,r5 - mull3 r2,r4,-776(fp) - mull2 r0,r4 - addl3 -772(fp),-776(fp),r0 - bicl3 #0,r0,-772(fp) - cmpl -772(fp),-776(fp) - bgequ noname.237 - addl2 #65536,r4 -noname.237: - movzwl -770(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-772(fp),r0 - ashl #16,r0,-776(fp) - addl2 -776(fp),r5 - bicl2 #0,r5 - cmpl r5,-776(fp) - bgequ noname.238 - incl r4 -noname.238: - movl r5,r1 - movl r4,r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.239 - incl r2 -noname.239: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.240 - incl r10 -noname.240: - - movl r9,36(r11) - - clrl r9 - - bicl3 #-65536,28(r6),r3 - movzwl 30(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,12(r7),r2 - movzwl 14(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-780(fp) - mull2 r2,r5 - mull3 r2,r4,-784(fp) - mull2 r0,r4 - addl3 -780(fp),-784(fp),r0 - bicl3 #0,r0,-780(fp) - cmpl -780(fp),-784(fp) - bgequ noname.241 - addl2 #65536,r4 -noname.241: - movzwl -778(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-780(fp),r0 - ashl #16,r0,-784(fp) - addl2 -784(fp),r5 - bicl2 #0,r5 - cmpl r5,-784(fp) - bgequ noname.242 - incl r4 -noname.242: - movl r5,r1 - movl r4,r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.243 - incl r2 -noname.243: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.244 - incl r9 -noname.244: - - bicl3 #-65536,24(r6),r3 - movzwl 26(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,16(r7),r2 - movzwl 18(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-788(fp) - mull2 r2,r5 - mull3 r2,r4,-792(fp) - mull2 r0,r4 - addl3 -788(fp),-792(fp),r0 - bicl3 #0,r0,-788(fp) - cmpl -788(fp),-792(fp) - bgequ noname.245 - addl2 #65536,r4 -noname.245: - movzwl -786(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-788(fp),r0 - ashl #16,r0,-792(fp) - addl2 -792(fp),r5 - bicl2 #0,r5 - cmpl r5,-792(fp) - bgequ noname.246 - incl r4 -noname.246: - movl r5,r1 - movl r4,r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.247 - incl r2 -noname.247: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.248 - incl r9 -noname.248: - - bicl3 #-65536,20(r6),r3 - movzwl 22(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,20(r7),r2 - movzwl 22(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-796(fp) - mull2 r2,r5 - mull3 r2,r4,-800(fp) - mull2 r0,r4 - addl3 -796(fp),-800(fp),r0 - bicl3 #0,r0,-796(fp) - cmpl -796(fp),-800(fp) - bgequ noname.249 - addl2 #65536,r4 -noname.249: - movzwl -794(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-796(fp),r0 - ashl #16,r0,-800(fp) - addl2 -800(fp),r5 - bicl2 #0,r5 - cmpl r5,-800(fp) - bgequ noname.250 - incl r4 -noname.250: - movl r5,r1 - movl r4,r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.251 - incl r2 -noname.251: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.252 - incl r9 -noname.252: - - bicl3 #-65536,16(r6),r3 - movzwl 18(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,24(r7),r2 - movzwl 26(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-804(fp) - mull2 r2,r5 - mull3 r2,r4,-808(fp) - mull2 r0,r4 - addl3 -804(fp),-808(fp),r0 - bicl3 #0,r0,-804(fp) - cmpl -804(fp),-808(fp) - bgequ noname.253 - addl2 #65536,r4 -noname.253: - movzwl -802(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-804(fp),r0 - ashl #16,r0,-808(fp) - addl2 -808(fp),r5 - bicl2 #0,r5 - cmpl r5,-808(fp) - bgequ noname.254 - incl r4 -noname.254: - movl r5,r1 - movl r4,r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.255 - incl r2 -noname.255: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.256 - incl r9 -noname.256: - - bicl3 #-65536,12(r6),r3 - movzwl 14(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,28(r7),r2 - movzwl 30(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-812(fp) - mull2 r2,r5 - mull3 r2,r4,-816(fp) - mull2 r0,r4 - addl3 -812(fp),-816(fp),r0 - bicl3 #0,r0,-812(fp) - cmpl -812(fp),-816(fp) - bgequ noname.257 - addl2 #65536,r4 -noname.257: - movzwl -810(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-812(fp),r0 - ashl #16,r0,-816(fp) - addl2 -816(fp),r5 - bicl2 #0,r5 - cmpl r5,-816(fp) - bgequ noname.258 - incl r4 -noname.258: - movl r5,r1 - movl r4,r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.259 - incl r2 -noname.259: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.260 - incl r9 -noname.260: - - movl r8,40(r11) - - clrl r8 - - bicl3 #-65536,16(r6),r3 - movzwl 18(r6),r2 - bicl3 #-65536,28(r7),r1 - movzwl 30(r7),r0 - bicl2 #-65536,r0 - movl r3,r4 - bicl3 #-65536,r2,-828(fp) - mull3 r0,r4,-820(fp) - mull2 r1,r4 - mull3 r1,-828(fp),-824(fp) - mull2 r0,-828(fp) - addl3 -820(fp),-824(fp),r0 - bicl3 #0,r0,-820(fp) - cmpl -820(fp),-824(fp) - bgequ noname.261 - addl2 #65536,-828(fp) -noname.261: - movzwl -818(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-828(fp) - bicl3 #-65536,-820(fp),r0 - ashl #16,r0,-824(fp) - addl2 -824(fp),r4 - bicl2 #0,r4 - cmpl r4,-824(fp) - bgequ noname.262 - incl -828(fp) -noname.262: - movl r4,r1 - movl -828(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.263 - incl r2 -noname.263: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.264 - incl r8 -noname.264: - - movzwl 22(r6),r2 - bicl3 #-65536,24(r7),r3 - movzwl 26(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,20(r6),-840(fp) - bicl3 #-65536,r2,-844(fp) - mull3 r0,-840(fp),-832(fp) - mull2 r3,-840(fp) - mull3 r3,-844(fp),-836(fp) - mull2 r0,-844(fp) - addl3 -832(fp),-836(fp),r0 - bicl3 #0,r0,-832(fp) - cmpl -832(fp),-836(fp) - bgequ noname.265 - addl2 #65536,-844(fp) -noname.265: - movzwl -830(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-844(fp) - bicl3 #-65536,-832(fp),r0 - ashl #16,r0,-836(fp) - addl3 -836(fp),-840(fp),r0 - bicl3 #0,r0,-840(fp) - cmpl -840(fp),-836(fp) - bgequ noname.266 - incl -844(fp) -noname.266: - movl -840(fp),r1 - movl -844(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.267 - incl r2 -noname.267: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.268 - incl r8 -noname.268: - - bicl3 #-65536,24(r6),r3 - movzwl 26(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,20(r7),r2 - movzwl 22(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-848(fp) - mull2 r2,r5 - mull3 r2,r4,-852(fp) - mull2 r0,r4 - addl3 -848(fp),-852(fp),r0 - bicl3 #0,r0,-848(fp) - cmpl -848(fp),-852(fp) - bgequ noname.269 - addl2 #65536,r4 -noname.269: - movzwl -846(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-848(fp),r0 - ashl #16,r0,-852(fp) - addl2 -852(fp),r5 - bicl2 #0,r5 - cmpl r5,-852(fp) - bgequ noname.270 - incl r4 -noname.270: - movl r5,r1 - movl r4,r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.271 - incl r2 -noname.271: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.272 - incl r8 -noname.272: - - bicl3 #-65536,28(r6),r3 - movzwl 30(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,16(r7),r2 - movzwl 18(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-856(fp) - mull2 r2,r5 - mull3 r2,r4,-860(fp) - mull2 r0,r4 - addl3 -856(fp),-860(fp),r0 - bicl3 #0,r0,-856(fp) - cmpl -856(fp),-860(fp) - bgequ noname.273 - addl2 #65536,r4 -noname.273: - movzwl -854(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-856(fp),r0 - ashl #16,r0,-860(fp) - addl2 -860(fp),r5 - bicl2 #0,r5 - cmpl r5,-860(fp) - bgequ noname.274 - incl r4 -noname.274: - movl r5,r1 - movl r4,r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.275 - incl r2 -noname.275: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.276 - incl r8 -noname.276: - - movl r10,44(r11) - - clrl r10 - - bicl3 #-65536,28(r6),r3 - movzwl 30(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,20(r7),r2 - movzwl 22(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-864(fp) - mull2 r2,r5 - mull3 r2,r4,-868(fp) - mull2 r0,r4 - addl3 -864(fp),-868(fp),r0 - bicl3 #0,r0,-864(fp) - cmpl -864(fp),-868(fp) - bgequ noname.277 - addl2 #65536,r4 -noname.277: - movzwl -862(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-864(fp),r0 - ashl #16,r0,-868(fp) - addl2 -868(fp),r5 - bicl2 #0,r5 - cmpl r5,-868(fp) - bgequ noname.278 - incl r4 -noname.278: - movl r5,r1 - movl r4,r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.279 - incl r2 -noname.279: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.280 - incl r10 -noname.280: - - bicl3 #-65536,24(r6),r3 - movzwl 26(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,24(r7),r2 - movzwl 26(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-872(fp) - mull2 r2,r5 - mull3 r2,r4,-876(fp) - mull2 r0,r4 - addl3 -872(fp),-876(fp),r0 - bicl3 #0,r0,-872(fp) - cmpl -872(fp),-876(fp) - bgequ noname.281 - addl2 #65536,r4 -noname.281: - movzwl -870(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-872(fp),r0 - ashl #16,r0,-876(fp) - addl2 -876(fp),r5 - bicl2 #0,r5 - cmpl r5,-876(fp) - bgequ noname.282 - incl r4 -noname.282: - movl r5,r1 - movl r4,r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.283 - incl r2 -noname.283: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.284 - incl r10 -noname.284: - - bicl3 #-65536,20(r6),r3 - movzwl 22(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,28(r7),r2 - movzwl 30(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-880(fp) - mull2 r2,r5 - mull3 r2,r4,-884(fp) - mull2 r0,r4 - addl3 -880(fp),-884(fp),r0 - bicl3 #0,r0,-880(fp) - cmpl -880(fp),-884(fp) - bgequ noname.285 - addl2 #65536,r4 -noname.285: - movzwl -878(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-880(fp),r0 - ashl #16,r0,-884(fp) - addl2 -884(fp),r5 - bicl2 #0,r5 - cmpl r5,-884(fp) - bgequ noname.286 - incl r4 -noname.286: - movl r5,r1 - movl r4,r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.287 - incl r2 -noname.287: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.288 - incl r10 -noname.288: - - movl r9,48(r11) - - clrl r9 - - bicl3 #-65536,24(r6),r3 - movzwl 26(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,28(r7),r2 - movzwl 30(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-888(fp) - mull2 r2,r5 - mull3 r2,r4,-892(fp) - mull2 r0,r4 - addl3 -888(fp),-892(fp),r0 - bicl3 #0,r0,-888(fp) - cmpl -888(fp),-892(fp) - bgequ noname.289 - addl2 #65536,r4 -noname.289: - movzwl -886(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-888(fp),r0 - ashl #16,r0,-892(fp) - addl2 -892(fp),r5 - bicl2 #0,r5 - cmpl r5,-892(fp) - bgequ noname.290 - incl r4 -noname.290: - movl r5,r1 - movl r4,r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.291 - incl r2 -noname.291: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.292 - incl r9 -noname.292: - - movzwl 30(r6),r2 - bicl3 #-65536,24(r7),r3 - movzwl 26(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,28(r6),-904(fp) - bicl3 #-65536,r2,-908(fp) - mull3 r0,-904(fp),-896(fp) - mull2 r3,-904(fp) - mull3 r3,-908(fp),-900(fp) - mull2 r0,-908(fp) - addl3 -896(fp),-900(fp),r0 - bicl3 #0,r0,-896(fp) - cmpl -896(fp),-900(fp) - bgequ noname.293 - addl2 #65536,-908(fp) -noname.293: - movzwl -894(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-908(fp) - bicl3 #-65536,-896(fp),r0 - ashl #16,r0,-900(fp) - addl3 -900(fp),-904(fp),r0 - bicl3 #0,r0,-904(fp) - cmpl -904(fp),-900(fp) - bgequ noname.294 - incl -908(fp) -noname.294: - movl -904(fp),r1 - movl -908(fp),r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.295 - incl r2 -noname.295: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.296 - incl r9 -noname.296: - - movl r8,52(r11) - - clrl r8 - - movzwl 30(r6),r2 - bicl3 #-65536,28(r7),r3 - movzwl 30(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,28(r6),-920(fp) - bicl3 #-65536,r2,-924(fp) - mull3 r0,-920(fp),-912(fp) - mull2 r3,-920(fp) - mull3 r3,-924(fp),-916(fp) - mull2 r0,-924(fp) - addl3 -912(fp),-916(fp),r0 - bicl3 #0,r0,-912(fp) - cmpl -912(fp),-916(fp) - bgequ noname.297 - addl2 #65536,-924(fp) -noname.297: - movzwl -910(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-924(fp) - bicl3 #-65536,-912(fp),r0 - ashl #16,r0,-916(fp) - addl3 -916(fp),-920(fp),r0 - bicl3 #0,r0,-920(fp) - cmpl -920(fp),-916(fp) - bgequ noname.298 - incl -924(fp) -noname.298: - movl -920(fp),r1 - movl -924(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.299 - incl r2 -noname.299: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.300 - incl r8 -noname.300: - - movl r10,56(r11) - - movl r9,60(r11) - - ret - - - -;r=4 ;(AP) -;a=8 ;(AP) -;b=12 ;(AP) -;n=16 ;(AP) n by value (input) - - .psect code,nowrt - -.entry BN_MUL_COMBA4,^m - movab -156(sp),sp - - clrq r9 - - clrl r8 - - movl 8(ap),r6 - bicl3 #-65536,(r6),r3 - movzwl 2(r6),r2 - bicl2 #-65536,r2 - movl 12(ap),r7 - bicl3 #-65536,(r7),r1 - movzwl 2(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r2,r4 - mull3 r0,r5,-4(fp) - mull2 r1,r5 - mull3 r1,r4,-8(fp) - mull2 r0,r4 - addl3 -4(fp),-8(fp),r0 - bicl3 #0,r0,-4(fp) - cmpl -4(fp),-8(fp) - bgequ noname.303 - addl2 #65536,r4 -noname.303: - movzwl -2(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-4(fp),r0 - ashl #16,r0,-8(fp) - addl2 -8(fp),r5 - bicl2 #0,r5 - cmpl r5,-8(fp) - bgequ noname.304 - incl r4 -noname.304: - movl r5,r1 - movl r4,r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.305 - incl r2 -noname.305: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.306 - incl r8 -noname.306: - - movl 4(ap),r11 - movl r10,(r11) - - clrl r10 - - bicl3 #-65536,(r6),r3 - movzwl 2(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,4(r7),r2 - movzwl 6(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-12(fp) - mull2 r2,r5 - mull3 r2,r4,-16(fp) - mull2 r0,r4 - addl3 -12(fp),-16(fp),r0 - bicl3 #0,r0,-12(fp) - cmpl -12(fp),-16(fp) - bgequ noname.307 - addl2 #65536,r4 -noname.307: - movzwl -10(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-12(fp),r0 - ashl #16,r0,-16(fp) - addl2 -16(fp),r5 - bicl2 #0,r5 - cmpl r5,-16(fp) - bgequ noname.308 - incl r4 -noname.308: - movl r5,r1 - movl r4,r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.309 - incl r2 -noname.309: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.310 - incl r10 -noname.310: - - bicl3 #-65536,4(r6),r3 - movzwl 6(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,(r7),r2 - movzwl 2(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-20(fp) - mull2 r2,r5 - mull3 r2,r4,-24(fp) - mull2 r0,r4 - addl3 -20(fp),-24(fp),r0 - bicl3 #0,r0,-20(fp) - cmpl -20(fp),-24(fp) - bgequ noname.311 - addl2 #65536,r4 -noname.311: - movzwl -18(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-20(fp),r0 - ashl #16,r0,-24(fp) - addl2 -24(fp),r5 - bicl2 #0,r5 - cmpl r5,-24(fp) - bgequ noname.312 - incl r4 -noname.312: - movl r5,r1 - movl r4,r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.313 - incl r2 -noname.313: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.314 - incl r10 -noname.314: - - movl r9,4(r11) - - clrl r9 - - bicl3 #-65536,8(r6),r3 - movzwl 10(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,(r7),r2 - movzwl 2(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-28(fp) - mull2 r2,r5 - mull3 r2,r4,-32(fp) - mull2 r0,r4 - addl3 -28(fp),-32(fp),r0 - bicl3 #0,r0,-28(fp) - cmpl -28(fp),-32(fp) - bgequ noname.315 - addl2 #65536,r4 -noname.315: - movzwl -26(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-28(fp),r0 - ashl #16,r0,-32(fp) - addl2 -32(fp),r5 - bicl2 #0,r5 - cmpl r5,-32(fp) - bgequ noname.316 - incl r4 -noname.316: - movl r5,r1 - movl r4,r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.317 - incl r2 -noname.317: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.318 - incl r9 -noname.318: - - bicl3 #-65536,4(r6),r3 - movzwl 6(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,4(r7),r2 - movzwl 6(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-36(fp) - mull2 r2,r5 - mull3 r2,r4,-40(fp) - mull2 r0,r4 - addl3 -36(fp),-40(fp),r0 - bicl3 #0,r0,-36(fp) - cmpl -36(fp),-40(fp) - bgequ noname.319 - addl2 #65536,r4 -noname.319: - movzwl -34(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-36(fp),r0 - ashl #16,r0,-40(fp) - addl2 -40(fp),r5 - bicl2 #0,r5 - cmpl r5,-40(fp) - bgequ noname.320 - incl r4 -noname.320: - movl r5,r1 - movl r4,r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.321 - incl r2 -noname.321: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.322 - incl r9 -noname.322: - - bicl3 #-65536,(r6),r3 - movzwl 2(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,8(r7),r2 - movzwl 10(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-44(fp) - mull2 r2,r5 - mull3 r2,r4,-48(fp) - mull2 r0,r4 - addl3 -44(fp),-48(fp),r0 - bicl3 #0,r0,-44(fp) - cmpl -44(fp),-48(fp) - bgequ noname.323 - addl2 #65536,r4 -noname.323: - movzwl -42(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-44(fp),r0 - ashl #16,r0,-48(fp) - addl2 -48(fp),r5 - bicl2 #0,r5 - cmpl r5,-48(fp) - bgequ noname.324 - incl r4 -noname.324: - movl r5,r1 - movl r4,r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.325 - incl r2 -noname.325: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.326 - incl r9 -noname.326: - - movl r8,8(r11) - - clrl r8 - - bicl3 #-65536,(r6),r3 - movzwl 2(r6),r2 - bicl3 #-65536,12(r7),r1 - movzwl 14(r7),r0 - bicl2 #-65536,r0 - movl r3,r4 - bicl3 #-65536,r2,-60(fp) - mull3 r0,r4,-52(fp) - mull2 r1,r4 - mull3 r1,-60(fp),-56(fp) - mull2 r0,-60(fp) - addl3 -52(fp),-56(fp),r0 - bicl3 #0,r0,-52(fp) - cmpl -52(fp),-56(fp) - bgequ noname.327 - addl2 #65536,-60(fp) -noname.327: - movzwl -50(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-60(fp) - bicl3 #-65536,-52(fp),r0 - ashl #16,r0,-56(fp) - addl2 -56(fp),r4 - bicl2 #0,r4 - cmpl r4,-56(fp) - bgequ noname.328 - incl -60(fp) -noname.328: - movl r4,r1 - movl -60(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.329 - incl r2 -noname.329: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.330 - incl r8 -noname.330: - - movzwl 6(r6),r2 - bicl3 #-65536,8(r7),r3 - movzwl 10(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,4(r6),-72(fp) - bicl3 #-65536,r2,-76(fp) - mull3 r0,-72(fp),-64(fp) - mull2 r3,-72(fp) - mull3 r3,-76(fp),-68(fp) - mull2 r0,-76(fp) - addl3 -64(fp),-68(fp),r0 - bicl3 #0,r0,-64(fp) - cmpl -64(fp),-68(fp) - bgequ noname.331 - addl2 #65536,-76(fp) -noname.331: - movzwl -62(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-76(fp) - bicl3 #-65536,-64(fp),r0 - ashl #16,r0,-68(fp) - addl3 -68(fp),-72(fp),r0 - bicl3 #0,r0,-72(fp) - cmpl -72(fp),-68(fp) - bgequ noname.332 - incl -76(fp) -noname.332: - movl -72(fp),r1 - movl -76(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.333 - incl r2 -noname.333: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.334 - incl r8 -noname.334: - - bicl3 #-65536,8(r6),r3 - movzwl 10(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,4(r7),r2 - movzwl 6(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-80(fp) - mull2 r2,r5 - mull3 r2,r4,-84(fp) - mull2 r0,r4 - addl3 -80(fp),-84(fp),r0 - bicl3 #0,r0,-80(fp) - cmpl -80(fp),-84(fp) - bgequ noname.335 - addl2 #65536,r4 -noname.335: - movzwl -78(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-80(fp),r0 - ashl #16,r0,-84(fp) - addl2 -84(fp),r5 - bicl2 #0,r5 - cmpl r5,-84(fp) - bgequ noname.336 - incl r4 -noname.336: - movl r5,r1 - movl r4,r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.337 - incl r2 -noname.337: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.338 - incl r8 -noname.338: - - bicl3 #-65536,12(r6),r3 - movzwl 14(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,(r7),r2 - movzwl 2(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-88(fp) - mull2 r2,r5 - mull3 r2,r4,-92(fp) - mull2 r0,r4 - addl3 -88(fp),-92(fp),r0 - bicl3 #0,r0,-88(fp) - cmpl -88(fp),-92(fp) - bgequ noname.339 - addl2 #65536,r4 -noname.339: - movzwl -86(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-88(fp),r0 - ashl #16,r0,-92(fp) - addl2 -92(fp),r5 - bicl2 #0,r5 - cmpl r5,-92(fp) - bgequ noname.340 - incl r4 -noname.340: - movl r5,r1 - movl r4,r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.341 - incl r2 -noname.341: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.342 - incl r8 -noname.342: - - movl r10,12(r11) - - clrl r10 - - bicl3 #-65536,12(r6),r3 - movzwl 14(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,4(r7),r2 - movzwl 6(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-96(fp) - mull2 r2,r5 - mull3 r2,r4,-100(fp) - mull2 r0,r4 - addl3 -96(fp),-100(fp),r0 - bicl3 #0,r0,-96(fp) - cmpl -96(fp),-100(fp) - bgequ noname.343 - addl2 #65536,r4 -noname.343: - movzwl -94(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-96(fp),r0 - ashl #16,r0,-100(fp) - addl2 -100(fp),r5 - bicl2 #0,r5 - cmpl r5,-100(fp) - bgequ noname.344 - incl r4 -noname.344: - movl r5,r1 - movl r4,r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.345 - incl r2 -noname.345: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.346 - incl r10 -noname.346: - - bicl3 #-65536,8(r6),r3 - movzwl 10(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,8(r7),r2 - movzwl 10(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-104(fp) - mull2 r2,r5 - mull3 r2,r4,-108(fp) - mull2 r0,r4 - addl3 -104(fp),-108(fp),r0 - bicl3 #0,r0,-104(fp) - cmpl -104(fp),-108(fp) - bgequ noname.347 - addl2 #65536,r4 -noname.347: - movzwl -102(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-104(fp),r0 - ashl #16,r0,-108(fp) - addl2 -108(fp),r5 - bicl2 #0,r5 - cmpl r5,-108(fp) - bgequ noname.348 - incl r4 -noname.348: - movl r5,r1 - movl r4,r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.349 - incl r2 -noname.349: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.350 - incl r10 -noname.350: - - bicl3 #-65536,4(r6),r3 - movzwl 6(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,12(r7),r2 - movzwl 14(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-112(fp) - mull2 r2,r5 - mull3 r2,r4,-116(fp) - mull2 r0,r4 - addl3 -112(fp),-116(fp),r0 - bicl3 #0,r0,-112(fp) - cmpl -112(fp),-116(fp) - bgequ noname.351 - addl2 #65536,r4 -noname.351: - movzwl -110(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-112(fp),r0 - ashl #16,r0,-116(fp) - addl2 -116(fp),r5 - bicl2 #0,r5 - cmpl r5,-116(fp) - bgequ noname.352 - incl r4 -noname.352: - movl r5,r1 - movl r4,r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.353 - incl r2 -noname.353: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.354 - incl r10 -noname.354: - - movl r9,16(r11) - - clrl r9 - - bicl3 #-65536,8(r6),r3 - movzwl 10(r6),r1 - bicl2 #-65536,r1 - bicl3 #-65536,12(r7),r2 - movzwl 14(r7),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-120(fp) - mull2 r2,r5 - mull3 r2,r4,-124(fp) - mull2 r0,r4 - addl3 -120(fp),-124(fp),r0 - bicl3 #0,r0,-120(fp) - cmpl -120(fp),-124(fp) - bgequ noname.355 - addl2 #65536,r4 -noname.355: - movzwl -118(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-120(fp),r0 - ashl #16,r0,-124(fp) - addl2 -124(fp),r5 - bicl2 #0,r5 - cmpl r5,-124(fp) - bgequ noname.356 - incl r4 -noname.356: - movl r5,r1 - movl r4,r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.357 - incl r2 -noname.357: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.358 - incl r9 -noname.358: - - movzwl 14(r6),r2 - bicl3 #-65536,8(r7),r3 - movzwl 10(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,12(r6),-136(fp) - bicl3 #-65536,r2,-140(fp) - mull3 r0,-136(fp),-128(fp) - mull2 r3,-136(fp) - mull3 r3,-140(fp),-132(fp) - mull2 r0,-140(fp) - addl3 -128(fp),-132(fp),r0 - bicl3 #0,r0,-128(fp) - cmpl -128(fp),-132(fp) - bgequ noname.359 - addl2 #65536,-140(fp) -noname.359: - movzwl -126(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-140(fp) - bicl3 #-65536,-128(fp),r0 - ashl #16,r0,-132(fp) - addl3 -132(fp),-136(fp),r0 - bicl3 #0,r0,-136(fp) - cmpl -136(fp),-132(fp) - bgequ noname.360 - incl -140(fp) -noname.360: - movl -136(fp),r1 - movl -140(fp),r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.361 - incl r2 -noname.361: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.362 - incl r9 -noname.362: - - movl r8,20(r11) - - clrl r8 - - movzwl 14(r6),r2 - bicl3 #-65536,12(r7),r3 - movzwl 14(r7),r0 - bicl2 #-65536,r0 - bicl3 #-65536,12(r6),-152(fp) - bicl3 #-65536,r2,-156(fp) - mull3 r0,-152(fp),-144(fp) - mull2 r3,-152(fp) - mull3 r3,-156(fp),-148(fp) - mull2 r0,-156(fp) - addl3 -144(fp),-148(fp),r0 - bicl3 #0,r0,-144(fp) - cmpl -144(fp),-148(fp) - bgequ noname.363 - addl2 #65536,-156(fp) -noname.363: - movzwl -142(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-156(fp) - bicl3 #-65536,-144(fp),r0 - ashl #16,r0,-148(fp) - addl3 -148(fp),-152(fp),r0 - bicl3 #0,r0,-152(fp) - cmpl -152(fp),-148(fp) - bgequ noname.364 - incl -156(fp) -noname.364: - movl -152(fp),r1 - movl -156(fp),r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.365 - incl r2 -noname.365: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.366 - incl r8 -noname.366: - - movl r10,24(r11) - - movl r9,28(r11) - - ret - - - -;r=4 ;(AP) -;a=8 ;(AP) -;b=12 ;(AP) -;n=16 ;(AP) n by value (input) - - .psect code,nowrt - -.entry BN_SQR_COMBA8,^m - movab -444(sp),sp - - clrq r8 - - clrl r7 - - movl 8(ap),r4 - movl (r4),r3 - bicl3 #-65536,r3,-4(fp) - extzv #16,#16,r3,r0 - bicl3 #-65536,r0,r3 - movl -4(fp),r0 - mull3 r0,r3,-8(fp) - mull3 r0,r0,-4(fp) - mull2 r3,r3 - bicl3 #32767,-8(fp),r0 - extzv #15,#17,r0,r0 - addl2 r0,r3 - bicl3 #-65536,-8(fp),r0 - ashl #17,r0,-8(fp) - addl3 -4(fp),-8(fp),r0 - bicl3 #0,r0,-4(fp) - cmpl -4(fp),-8(fp) - bgequ noname.369 - incl r3 -noname.369: - movl -4(fp),r1 - movl r3,r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.370 - incl r2 -noname.370: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.371 - incl r7 -noname.371: - - movl r9,@4(ap) - - clrl r9 - - movzwl 6(r4),r2 - bicl3 #-65536,(r4),r3 - movzwl 2(r4),r0 - bicl2 #-65536,r0 - bicl3 #-65536,4(r4),-20(fp) - bicl3 #-65536,r2,-24(fp) - mull3 r0,-20(fp),-12(fp) - mull2 r3,-20(fp) - mull3 r3,-24(fp),-16(fp) - mull2 r0,-24(fp) - addl3 -12(fp),-16(fp),r0 - bicl3 #0,r0,-12(fp) - cmpl -12(fp),-16(fp) - bgequ noname.372 - addl2 #65536,-24(fp) -noname.372: - movzwl -10(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-24(fp) - bicl3 #-65536,-12(fp),r0 - ashl #16,r0,-16(fp) - addl3 -16(fp),-20(fp),r0 - bicl3 #0,r0,-20(fp) - cmpl -20(fp),-16(fp) - bgequ noname.373 - incl -24(fp) -noname.373: - movl -20(fp),r3 - movl -24(fp),r2 - bbc #31,r2,noname.374 - incl r9 -noname.374: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.375 - incl r2 -noname.375: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r8 - bicl2 #0,r8 - cmpl r8,r3 - bgequ noname.376 - incl r2 - bicl3 #0,r2,r0 - bneq noname.376 - incl r9 -noname.376: - addl2 r2,r7 - bicl2 #0,r7 - cmpl r7,r2 - bgequ noname.377 - incl r9 -noname.377: - - movl 4(ap),r0 - movl r8,4(r0) - - clrl r8 - - movl 8(ap),r4 - movl 4(r4),r3 - bicl3 #-65536,r3,-28(fp) - extzv #16,#16,r3,r0 - bicl3 #-65536,r0,r3 - movl -28(fp),r0 - mull3 r0,r3,-32(fp) - mull3 r0,r0,-28(fp) - mull2 r3,r3 - bicl3 #32767,-32(fp),r0 - extzv #15,#17,r0,r0 - addl2 r0,r3 - bicl3 #-65536,-32(fp),r0 - ashl #17,r0,-32(fp) - addl3 -28(fp),-32(fp),r0 - bicl3 #0,r0,-28(fp) - cmpl -28(fp),-32(fp) - bgequ noname.378 - incl r3 -noname.378: - movl -28(fp),r1 - movl r3,r2 - addl2 r1,r7 - bicl2 #0,r7 - cmpl r7,r1 - bgequ noname.379 - incl r2 -noname.379: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.380 - incl r8 -noname.380: - - movzwl 10(r4),r2 - bicl3 #-65536,(r4),r3 - movzwl 2(r4),r0 - bicl2 #-65536,r0 - bicl3 #-65536,8(r4),-44(fp) - bicl3 #-65536,r2,-48(fp) - mull3 r0,-44(fp),-36(fp) - mull2 r3,-44(fp) - mull3 r3,-48(fp),-40(fp) - mull2 r0,-48(fp) - addl3 -36(fp),-40(fp),r0 - bicl3 #0,r0,-36(fp) - cmpl -36(fp),-40(fp) - bgequ noname.381 - addl2 #65536,-48(fp) -noname.381: - movzwl -34(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-48(fp) - bicl3 #-65536,-36(fp),r0 - ashl #16,r0,-40(fp) - addl3 -40(fp),-44(fp),r0 - bicl3 #0,r0,-44(fp) - cmpl -44(fp),-40(fp) - bgequ noname.382 - incl -48(fp) -noname.382: - movl -44(fp),r3 - movl -48(fp),r2 - bbc #31,r2,noname.383 - incl r8 -noname.383: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.384 - incl r2 -noname.384: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r7 - bicl2 #0,r7 - cmpl r7,r3 - bgequ noname.385 - incl r2 - bicl3 #0,r2,r0 - bneq noname.385 - incl r8 -noname.385: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.386 - incl r8 -noname.386: - - movl 4(ap),r0 - movl r7,8(r0) - - clrl r7 - - movl 8(ap),r0 - movzwl 14(r0),r2 - bicl3 #-65536,(r0),r3 - movzwl 2(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,12(r0),-60(fp) - bicl3 #-65536,r2,-64(fp) - mull3 r1,-60(fp),-52(fp) - mull2 r3,-60(fp) - mull3 r3,-64(fp),-56(fp) - mull2 r1,-64(fp) - addl3 -52(fp),-56(fp),r0 - bicl3 #0,r0,-52(fp) - cmpl -52(fp),-56(fp) - bgequ noname.387 - addl2 #65536,-64(fp) -noname.387: - movzwl -50(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-64(fp) - bicl3 #-65536,-52(fp),r0 - ashl #16,r0,-56(fp) - addl3 -56(fp),-60(fp),r0 - bicl3 #0,r0,-60(fp) - cmpl -60(fp),-56(fp) - bgequ noname.388 - incl -64(fp) -noname.388: - movl -60(fp),r3 - movl -64(fp),r2 - bbc #31,r2,noname.389 - incl r7 -noname.389: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.390 - incl r2 -noname.390: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r9 - bicl2 #0,r9 - cmpl r9,r3 - bgequ noname.391 - incl r2 - bicl3 #0,r2,r0 - bneq noname.391 - incl r7 -noname.391: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.392 - incl r7 -noname.392: - - movl 8(ap),r0 - movzwl 10(r0),r2 - bicl3 #-65536,4(r0),r3 - movzwl 6(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,8(r0),-76(fp) - bicl3 #-65536,r2,-80(fp) - mull3 r1,-76(fp),-68(fp) - mull2 r3,-76(fp) - mull3 r3,-80(fp),-72(fp) - mull2 r1,-80(fp) - addl3 -68(fp),-72(fp),r0 - bicl3 #0,r0,-68(fp) - cmpl -68(fp),-72(fp) - bgequ noname.393 - addl2 #65536,-80(fp) -noname.393: - movzwl -66(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-80(fp) - bicl3 #-65536,-68(fp),r0 - ashl #16,r0,-72(fp) - addl3 -72(fp),-76(fp),r0 - bicl3 #0,r0,-76(fp) - cmpl -76(fp),-72(fp) - bgequ noname.394 - incl -80(fp) -noname.394: - movl -76(fp),r3 - movl -80(fp),r2 - bbc #31,r2,noname.395 - incl r7 -noname.395: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.396 - incl r2 -noname.396: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r9 - bicl2 #0,r9 - cmpl r9,r3 - bgequ noname.397 - incl r2 - bicl3 #0,r2,r0 - bneq noname.397 - incl r7 -noname.397: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.398 - incl r7 -noname.398: - - movl 4(ap),r0 - movl r9,12(r0) - - clrl r9 - - movl 8(ap),r2 - movl 8(r2),r4 - bicl3 #-65536,r4,-84(fp) - extzv #16,#16,r4,r0 - bicl3 #-65536,r0,r4 - movl -84(fp),r0 - mull3 r0,r4,-88(fp) - mull3 r0,r0,-84(fp) - mull2 r4,r4 - bicl3 #32767,-88(fp),r0 - extzv #15,#17,r0,r0 - addl2 r0,r4 - bicl3 #-65536,-88(fp),r0 - ashl #17,r0,-88(fp) - addl3 -84(fp),-88(fp),r0 - bicl3 #0,r0,-84(fp) - cmpl -84(fp),-88(fp) - bgequ noname.399 - incl r4 -noname.399: - movl -84(fp),r1 - movl r4,r3 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.400 - incl r3 -noname.400: - addl2 r3,r7 - bicl2 #0,r7 - cmpl r7,r3 - bgequ noname.401 - incl r9 -noname.401: - - movzwl 14(r2),r3 - bicl3 #-65536,4(r2),r1 - movzwl 6(r2),r0 - bicl2 #-65536,r0 - bicl3 #-65536,12(r2),-100(fp) - bicl3 #-65536,r3,-104(fp) - mull3 r0,-100(fp),-92(fp) - mull2 r1,-100(fp) - mull3 r1,-104(fp),-96(fp) - mull2 r0,-104(fp) - addl3 -92(fp),-96(fp),r0 - bicl3 #0,r0,-92(fp) - cmpl -92(fp),-96(fp) - bgequ noname.402 - addl2 #65536,-104(fp) -noname.402: - movzwl -90(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-104(fp) - bicl3 #-65536,-92(fp),r0 - ashl #16,r0,-96(fp) - addl3 -96(fp),-100(fp),r0 - bicl3 #0,r0,-100(fp) - cmpl -100(fp),-96(fp) - bgequ noname.403 - incl -104(fp) -noname.403: - movl -100(fp),r3 - movl -104(fp),r2 - bbc #31,r2,noname.404 - incl r9 -noname.404: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.405 - incl r2 -noname.405: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r8 - bicl2 #0,r8 - cmpl r8,r3 - bgequ noname.406 - incl r2 - bicl3 #0,r2,r0 - bneq noname.406 - incl r9 -noname.406: - addl2 r2,r7 - bicl2 #0,r7 - cmpl r7,r2 - bgequ noname.407 - incl r9 -noname.407: - - movl 8(ap),r0 - movzwl 18(r0),r2 - bicl3 #-65536,(r0),r3 - movzwl 2(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,16(r0),-116(fp) - bicl3 #-65536,r2,-120(fp) - mull3 r1,-116(fp),-108(fp) - mull2 r3,-116(fp) - mull3 r3,-120(fp),-112(fp) - mull2 r1,-120(fp) - addl3 -108(fp),-112(fp),r0 - bicl3 #0,r0,-108(fp) - cmpl -108(fp),-112(fp) - bgequ noname.408 - addl2 #65536,-120(fp) -noname.408: - movzwl -106(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-120(fp) - bicl3 #-65536,-108(fp),r0 - ashl #16,r0,-112(fp) - addl3 -112(fp),-116(fp),r0 - bicl3 #0,r0,-116(fp) - cmpl -116(fp),-112(fp) - bgequ noname.409 - incl -120(fp) -noname.409: - movl -116(fp),r3 - movl -120(fp),r2 - bbc #31,r2,noname.410 - incl r9 -noname.410: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.411 - incl r2 -noname.411: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r8 - bicl2 #0,r8 - cmpl r8,r3 - bgequ noname.412 - incl r2 - bicl3 #0,r2,r0 - bneq noname.412 - incl r9 -noname.412: - addl2 r2,r7 - bicl2 #0,r7 - cmpl r7,r2 - bgequ noname.413 - incl r9 -noname.413: - - movl 4(ap),r0 - movl r8,16(r0) - - clrl r8 - - movl 8(ap),r0 - movzwl 22(r0),r2 - bicl3 #-65536,(r0),r3 - movzwl 2(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,20(r0),-132(fp) - bicl3 #-65536,r2,-136(fp) - mull3 r1,-132(fp),-124(fp) - mull2 r3,-132(fp) - mull3 r3,-136(fp),-128(fp) - mull2 r1,-136(fp) - addl3 -124(fp),-128(fp),r0 - bicl3 #0,r0,-124(fp) - cmpl -124(fp),-128(fp) - bgequ noname.414 - addl2 #65536,-136(fp) -noname.414: - movzwl -122(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-136(fp) - bicl3 #-65536,-124(fp),r0 - ashl #16,r0,-128(fp) - addl3 -128(fp),-132(fp),r0 - bicl3 #0,r0,-132(fp) - cmpl -132(fp),-128(fp) - bgequ noname.415 - incl -136(fp) -noname.415: - movl -132(fp),r3 - movl -136(fp),r2 - bbc #31,r2,noname.416 - incl r8 -noname.416: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.417 - incl r2 -noname.417: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r7 - bicl2 #0,r7 - cmpl r7,r3 - bgequ noname.418 - incl r2 - bicl3 #0,r2,r0 - bneq noname.418 - incl r8 -noname.418: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.419 - incl r8 -noname.419: - - movl 8(ap),r0 - movzwl 18(r0),r2 - bicl3 #-65536,4(r0),r3 - movzwl 6(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,16(r0),-148(fp) - bicl3 #-65536,r2,-152(fp) - mull3 r1,-148(fp),-140(fp) - mull2 r3,-148(fp) - mull3 r3,-152(fp),-144(fp) - mull2 r1,-152(fp) - addl3 -140(fp),-144(fp),r0 - bicl3 #0,r0,-140(fp) - cmpl -140(fp),-144(fp) - bgequ noname.420 - addl2 #65536,-152(fp) -noname.420: - movzwl -138(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-152(fp) - bicl3 #-65536,-140(fp),r0 - ashl #16,r0,-144(fp) - addl3 -144(fp),-148(fp),r0 - bicl3 #0,r0,-148(fp) - cmpl -148(fp),-144(fp) - bgequ noname.421 - incl -152(fp) -noname.421: - movl -148(fp),r3 - movl -152(fp),r2 - bbc #31,r2,noname.422 - incl r8 -noname.422: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.423 - incl r2 -noname.423: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r7 - bicl2 #0,r7 - cmpl r7,r3 - bgequ noname.424 - incl r2 - bicl3 #0,r2,r0 - bneq noname.424 - incl r8 -noname.424: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.425 - incl r8 -noname.425: - - movl 8(ap),r0 - movzwl 14(r0),r2 - bicl3 #-65536,8(r0),r3 - movzwl 10(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,12(r0),-164(fp) - bicl3 #-65536,r2,-168(fp) - mull3 r1,-164(fp),-156(fp) - mull2 r3,-164(fp) - mull3 r3,-168(fp),-160(fp) - mull2 r1,-168(fp) - addl3 -156(fp),-160(fp),r0 - bicl3 #0,r0,-156(fp) - cmpl -156(fp),-160(fp) - bgequ noname.426 - addl2 #65536,-168(fp) -noname.426: - movzwl -154(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-168(fp) - bicl3 #-65536,-156(fp),r0 - ashl #16,r0,-160(fp) - addl3 -160(fp),-164(fp),r0 - bicl3 #0,r0,-164(fp) - cmpl -164(fp),-160(fp) - bgequ noname.427 - incl -168(fp) -noname.427: - movl -164(fp),r3 - movl -168(fp),r2 - bbc #31,r2,noname.428 - incl r8 -noname.428: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.429 - incl r2 -noname.429: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r7 - bicl2 #0,r7 - cmpl r7,r3 - bgequ noname.430 - incl r2 - bicl3 #0,r2,r0 - bneq noname.430 - incl r8 -noname.430: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.431 - incl r8 -noname.431: - - movl 4(ap),r0 - movl r7,20(r0) - - clrl r7 - - movl 8(ap),r2 - movl 12(r2),r4 - bicl3 #-65536,r4,-172(fp) - extzv #16,#16,r4,r0 - bicl3 #-65536,r0,r4 - movl -172(fp),r0 - mull3 r0,r4,-176(fp) - mull3 r0,r0,-172(fp) - mull2 r4,r4 - bicl3 #32767,-176(fp),r0 - extzv #15,#17,r0,r0 - addl2 r0,r4 - bicl3 #-65536,-176(fp),r0 - ashl #17,r0,-176(fp) - addl3 -172(fp),-176(fp),r0 - bicl3 #0,r0,-172(fp) - cmpl -172(fp),-176(fp) - bgequ noname.432 - incl r4 -noname.432: - movl -172(fp),r1 - movl r4,r3 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.433 - incl r3 -noname.433: - addl2 r3,r8 - bicl2 #0,r8 - cmpl r8,r3 - bgequ noname.434 - incl r7 -noname.434: - - movzwl 18(r2),r3 - bicl3 #-65536,8(r2),r1 - movzwl 10(r2),r0 - bicl2 #-65536,r0 - bicl3 #-65536,16(r2),-188(fp) - bicl3 #-65536,r3,-192(fp) - mull3 r0,-188(fp),-180(fp) - mull2 r1,-188(fp) - mull3 r1,-192(fp),-184(fp) - mull2 r0,-192(fp) - addl3 -180(fp),-184(fp),r0 - bicl3 #0,r0,-180(fp) - cmpl -180(fp),-184(fp) - bgequ noname.435 - addl2 #65536,-192(fp) -noname.435: - movzwl -178(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-192(fp) - bicl3 #-65536,-180(fp),r0 - ashl #16,r0,-184(fp) - addl3 -184(fp),-188(fp),r0 - bicl3 #0,r0,-188(fp) - cmpl -188(fp),-184(fp) - bgequ noname.436 - incl -192(fp) -noname.436: - movl -188(fp),r3 - movl -192(fp),r2 - bbc #31,r2,noname.437 - incl r7 -noname.437: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.438 - incl r2 -noname.438: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r9 - bicl2 #0,r9 - cmpl r9,r3 - bgequ noname.439 - incl r2 - bicl3 #0,r2,r0 - bneq noname.439 - incl r7 -noname.439: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.440 - incl r7 -noname.440: - - movl 8(ap),r0 - movzwl 22(r0),r2 - bicl3 #-65536,4(r0),r3 - movzwl 6(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,20(r0),-204(fp) - bicl3 #-65536,r2,-208(fp) - mull3 r1,-204(fp),-196(fp) - mull2 r3,-204(fp) - mull3 r3,-208(fp),-200(fp) - mull2 r1,-208(fp) - addl3 -196(fp),-200(fp),r0 - bicl3 #0,r0,-196(fp) - cmpl -196(fp),-200(fp) - bgequ noname.441 - addl2 #65536,-208(fp) -noname.441: - movzwl -194(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-208(fp) - bicl3 #-65536,-196(fp),r0 - ashl #16,r0,-200(fp) - addl3 -200(fp),-204(fp),r0 - bicl3 #0,r0,-204(fp) - cmpl -204(fp),-200(fp) - bgequ noname.442 - incl -208(fp) -noname.442: - movl -204(fp),r3 - movl -208(fp),r2 - bbc #31,r2,noname.443 - incl r7 -noname.443: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.444 - incl r2 -noname.444: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r9 - bicl2 #0,r9 - cmpl r9,r3 - bgequ noname.445 - incl r2 - bicl3 #0,r2,r0 - bneq noname.445 - incl r7 -noname.445: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.446 - incl r7 -noname.446: - - movl 8(ap),r0 - movzwl 26(r0),r2 - bicl3 #-65536,(r0),r3 - movzwl 2(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,24(r0),-220(fp) - bicl3 #-65536,r2,-224(fp) - mull3 r1,-220(fp),-212(fp) - mull2 r3,-220(fp) - mull3 r3,-224(fp),-216(fp) - mull2 r1,-224(fp) - addl3 -212(fp),-216(fp),r0 - bicl3 #0,r0,-212(fp) - cmpl -212(fp),-216(fp) - bgequ noname.447 - addl2 #65536,-224(fp) -noname.447: - movzwl -210(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-224(fp) - bicl3 #-65536,-212(fp),r0 - ashl #16,r0,-216(fp) - addl3 -216(fp),-220(fp),r0 - bicl3 #0,r0,-220(fp) - cmpl -220(fp),-216(fp) - bgequ noname.448 - incl -224(fp) -noname.448: - movl -220(fp),r3 - movl -224(fp),r2 - bbc #31,r2,noname.449 - incl r7 -noname.449: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.450 - incl r2 -noname.450: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r9 - bicl2 #0,r9 - cmpl r9,r3 - bgequ noname.451 - incl r2 - bicl3 #0,r2,r0 - bneq noname.451 - incl r7 -noname.451: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.452 - incl r7 -noname.452: - - movl 4(ap),r0 - movl r9,24(r0) - - clrl r9 - - movl 8(ap),r0 - movzwl 30(r0),r2 - bicl3 #-65536,(r0),r3 - movzwl 2(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,28(r0),-236(fp) - bicl3 #-65536,r2,-240(fp) - mull3 r1,-236(fp),-228(fp) - mull2 r3,-236(fp) - mull3 r3,-240(fp),-232(fp) - mull2 r1,-240(fp) - addl3 -228(fp),-232(fp),r0 - bicl3 #0,r0,-228(fp) - cmpl -228(fp),-232(fp) - bgequ noname.453 - addl2 #65536,-240(fp) -noname.453: - movzwl -226(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-240(fp) - bicl3 #-65536,-228(fp),r0 - ashl #16,r0,-232(fp) - addl3 -232(fp),-236(fp),r0 - bicl3 #0,r0,-236(fp) - cmpl -236(fp),-232(fp) - bgequ noname.454 - incl -240(fp) -noname.454: - movl -236(fp),r3 - movl -240(fp),r2 - bbc #31,r2,noname.455 - incl r9 -noname.455: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.456 - incl r2 -noname.456: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r8 - bicl2 #0,r8 - cmpl r8,r3 - bgequ noname.457 - incl r2 - bicl3 #0,r2,r0 - bneq noname.457 - incl r9 -noname.457: - addl2 r2,r7 - bicl2 #0,r7 - cmpl r7,r2 - bgequ noname.458 - incl r9 -noname.458: - - movl 8(ap),r0 - movzwl 26(r0),r2 - bicl3 #-65536,4(r0),r3 - movzwl 6(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,24(r0),-252(fp) - bicl3 #-65536,r2,-256(fp) - mull3 r1,-252(fp),-244(fp) - mull2 r3,-252(fp) - mull3 r3,-256(fp),-248(fp) - mull2 r1,-256(fp) - addl3 -244(fp),-248(fp),r0 - bicl3 #0,r0,-244(fp) - cmpl -244(fp),-248(fp) - bgequ noname.459 - addl2 #65536,-256(fp) -noname.459: - movzwl -242(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-256(fp) - bicl3 #-65536,-244(fp),r0 - ashl #16,r0,-248(fp) - addl3 -248(fp),-252(fp),r0 - bicl3 #0,r0,-252(fp) - cmpl -252(fp),-248(fp) - bgequ noname.460 - incl -256(fp) -noname.460: - movl -252(fp),r3 - movl -256(fp),r2 - bbc #31,r2,noname.461 - incl r9 -noname.461: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.462 - incl r2 -noname.462: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r8 - bicl2 #0,r8 - cmpl r8,r3 - bgequ noname.463 - incl r2 - bicl3 #0,r2,r0 - bneq noname.463 - incl r9 -noname.463: - addl2 r2,r7 - bicl2 #0,r7 - cmpl r7,r2 - bgequ noname.464 - incl r9 -noname.464: - - movl 8(ap),r0 - movzwl 22(r0),r2 - bicl3 #-65536,8(r0),r3 - movzwl 10(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,20(r0),-268(fp) - bicl3 #-65536,r2,-272(fp) - mull3 r1,-268(fp),-260(fp) - mull2 r3,-268(fp) - mull3 r3,-272(fp),-264(fp) - mull2 r1,-272(fp) - addl3 -260(fp),-264(fp),r0 - bicl3 #0,r0,-260(fp) - cmpl -260(fp),-264(fp) - bgequ noname.465 - addl2 #65536,-272(fp) -noname.465: - movzwl -258(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-272(fp) - bicl3 #-65536,-260(fp),r0 - ashl #16,r0,-264(fp) - addl3 -264(fp),-268(fp),r0 - bicl3 #0,r0,-268(fp) - cmpl -268(fp),-264(fp) - bgequ noname.466 - incl -272(fp) -noname.466: - movl -268(fp),r3 - movl -272(fp),r2 - bbc #31,r2,noname.467 - incl r9 -noname.467: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.468 - incl r2 -noname.468: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r8 - bicl2 #0,r8 - cmpl r8,r3 - bgequ noname.469 - incl r2 - bicl3 #0,r2,r0 - bneq noname.469 - incl r9 -noname.469: - addl2 r2,r7 - bicl2 #0,r7 - cmpl r7,r2 - bgequ noname.470 - incl r9 -noname.470: - - movl 8(ap),r0 - movzwl 18(r0),r2 - bicl3 #-65536,12(r0),r3 - movzwl 14(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,16(r0),-284(fp) - bicl3 #-65536,r2,-288(fp) - mull3 r1,-284(fp),-276(fp) - mull2 r3,-284(fp) - mull3 r3,-288(fp),-280(fp) - mull2 r1,-288(fp) - addl3 -276(fp),-280(fp),r0 - bicl3 #0,r0,-276(fp) - cmpl -276(fp),-280(fp) - bgequ noname.471 - addl2 #65536,-288(fp) -noname.471: - movzwl -274(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-288(fp) - bicl3 #-65536,-276(fp),r0 - ashl #16,r0,-280(fp) - addl3 -280(fp),-284(fp),r0 - bicl3 #0,r0,-284(fp) - cmpl -284(fp),-280(fp) - bgequ noname.472 - incl -288(fp) -noname.472: - movl -284(fp),r3 - movl -288(fp),r2 - bbc #31,r2,noname.473 - incl r9 -noname.473: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.474 - incl r2 -noname.474: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r8 - bicl2 #0,r8 - cmpl r8,r3 - bgequ noname.475 - incl r2 - bicl3 #0,r2,r0 - bneq noname.475 - incl r9 -noname.475: - addl2 r2,r7 - bicl2 #0,r7 - cmpl r7,r2 - bgequ noname.476 - incl r9 -noname.476: - - movl 4(ap),r0 - movl r8,28(r0) - - clrl r8 - - movl 8(ap),r3 - movl 16(r3),r4 - bicl3 #-65536,r4,r5 - extzv #16,#16,r4,r0 - bicl3 #-65536,r0,r4 - mull3 r5,r4,-292(fp) - mull2 r5,r5 - mull2 r4,r4 - bicl3 #32767,-292(fp),r0 - extzv #15,#17,r0,r0 - addl2 r0,r4 - bicl3 #-65536,-292(fp),r0 - ashl #17,r0,-292(fp) - addl2 -292(fp),r5 - bicl2 #0,r5 - cmpl r5,-292(fp) - bgequ noname.477 - incl r4 -noname.477: - movl r5,r1 - movl r4,r2 - addl2 r1,r7 - bicl2 #0,r7 - cmpl r7,r1 - bgequ noname.478 - incl r2 -noname.478: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.479 - incl r8 -noname.479: - - bicl3 #-65536,20(r3),r4 - movzwl 22(r3),r1 - bicl2 #-65536,r1 - bicl3 #-65536,12(r3),r2 - movzwl 14(r3),r0 - bicl2 #-65536,r0 - movl r4,r6 - movl r1,r5 - mull3 r0,r6,-296(fp) - mull2 r2,r6 - mull3 r2,r5,-300(fp) - mull2 r0,r5 - addl3 -296(fp),-300(fp),r0 - bicl3 #0,r0,-296(fp) - cmpl -296(fp),-300(fp) - bgequ noname.480 - addl2 #65536,r5 -noname.480: - movzwl -294(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r5 - bicl3 #-65536,-296(fp),r0 - ashl #16,r0,-300(fp) - addl2 -300(fp),r6 - bicl2 #0,r6 - cmpl r6,-300(fp) - bgequ noname.481 - incl r5 -noname.481: - movl r6,r3 - movl r5,r2 - bbc #31,r2,noname.482 - incl r8 -noname.482: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.483 - incl r2 -noname.483: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r7 - bicl2 #0,r7 - cmpl r7,r3 - bgequ noname.484 - incl r2 - bicl3 #0,r2,r0 - bneq noname.484 - incl r8 -noname.484: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.485 - incl r8 -noname.485: - - movl 8(ap),r0 - bicl3 #-65536,24(r0),r3 - movzwl 26(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,8(r0),r2 - movzwl 10(r0),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-304(fp) - mull2 r2,r5 - mull3 r2,r4,-308(fp) - mull2 r0,r4 - addl3 -304(fp),-308(fp),r0 - bicl3 #0,r0,-304(fp) - cmpl -304(fp),-308(fp) - bgequ noname.486 - addl2 #65536,r4 -noname.486: - movzwl -302(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-304(fp),r0 - ashl #16,r0,-308(fp) - addl2 -308(fp),r5 - bicl2 #0,r5 - cmpl r5,-308(fp) - bgequ noname.487 - incl r4 -noname.487: - movl r5,r3 - movl r4,r2 - bbc #31,r2,noname.488 - incl r8 -noname.488: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.489 - incl r2 -noname.489: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r7 - bicl2 #0,r7 - cmpl r7,r3 - bgequ noname.490 - incl r2 - bicl3 #0,r2,r0 - bneq noname.490 - incl r8 -noname.490: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.491 - incl r8 -noname.491: - - movl 8(ap),r0 - bicl3 #-65536,28(r0),r3 - movzwl 30(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,4(r0),r2 - movzwl 6(r0),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-312(fp) - mull2 r2,r5 - mull3 r2,r4,-316(fp) - mull2 r0,r4 - addl3 -312(fp),-316(fp),r0 - bicl3 #0,r0,-312(fp) - cmpl -312(fp),-316(fp) - bgequ noname.492 - addl2 #65536,r4 -noname.492: - movzwl -310(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-312(fp),r0 - ashl #16,r0,-316(fp) - addl2 -316(fp),r5 - bicl2 #0,r5 - cmpl r5,-316(fp) - bgequ noname.493 - incl r4 -noname.493: - movl r5,r3 - movl r4,r2 - bbc #31,r2,noname.494 - incl r8 -noname.494: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.495 - incl r2 -noname.495: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r7 - bicl2 #0,r7 - cmpl r7,r3 - bgequ noname.496 - incl r2 - bicl3 #0,r2,r0 - bneq noname.496 - incl r8 -noname.496: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.497 - incl r8 -noname.497: - - movl 4(ap),r0 - movl r7,32(r0) - - clrl r7 - - movl 8(ap),r0 - bicl3 #-65536,28(r0),r3 - movzwl 30(r0),r2 - bicl3 #-65536,8(r0),r1 - movzwl 10(r0),r0 - bicl2 #-65536,r0 - movl r3,r4 - bicl3 #-65536,r2,-328(fp) - mull3 r0,r4,-320(fp) - mull2 r1,r4 - mull3 r1,-328(fp),-324(fp) - mull2 r0,-328(fp) - addl3 -320(fp),-324(fp),r0 - bicl3 #0,r0,-320(fp) - cmpl -320(fp),-324(fp) - bgequ noname.498 - addl2 #65536,-328(fp) -noname.498: - movzwl -318(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-328(fp) - bicl3 #-65536,-320(fp),r0 - ashl #16,r0,-324(fp) - addl2 -324(fp),r4 - bicl2 #0,r4 - cmpl r4,-324(fp) - bgequ noname.499 - incl -328(fp) -noname.499: - movl r4,r3 - movl -328(fp),r2 - bbc #31,r2,noname.500 - incl r7 -noname.500: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.501 - incl r2 -noname.501: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r9 - bicl2 #0,r9 - cmpl r9,r3 - bgequ noname.502 - incl r2 - bicl3 #0,r2,r0 - bneq noname.502 - incl r7 -noname.502: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.503 - incl r7 -noname.503: - - movl 8(ap),r0 - movzwl 26(r0),r2 - bicl3 #-65536,12(r0),r3 - movzwl 14(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,24(r0),-340(fp) - bicl3 #-65536,r2,-344(fp) - mull3 r1,-340(fp),-332(fp) - mull2 r3,-340(fp) - mull3 r3,-344(fp),-336(fp) - mull2 r1,-344(fp) - addl3 -332(fp),-336(fp),r0 - bicl3 #0,r0,-332(fp) - cmpl -332(fp),-336(fp) - bgequ noname.504 - addl2 #65536,-344(fp) -noname.504: - movzwl -330(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-344(fp) - bicl3 #-65536,-332(fp),r0 - ashl #16,r0,-336(fp) - addl3 -336(fp),-340(fp),r0 - bicl3 #0,r0,-340(fp) - cmpl -340(fp),-336(fp) - bgequ noname.505 - incl -344(fp) -noname.505: - movl -340(fp),r3 - movl -344(fp),r2 - bbc #31,r2,noname.506 - incl r7 -noname.506: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.507 - incl r2 -noname.507: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r9 - bicl2 #0,r9 - cmpl r9,r3 - bgequ noname.508 - incl r2 - bicl3 #0,r2,r0 - bneq noname.508 - incl r7 -noname.508: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.509 - incl r7 -noname.509: - - movl 8(ap),r0 - movzwl 22(r0),r2 - bicl3 #-65536,16(r0),r3 - movzwl 18(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,20(r0),-356(fp) - bicl3 #-65536,r2,-360(fp) - mull3 r1,-356(fp),-348(fp) - mull2 r3,-356(fp) - mull3 r3,-360(fp),-352(fp) - mull2 r1,-360(fp) - addl3 -348(fp),-352(fp),r0 - bicl3 #0,r0,-348(fp) - cmpl -348(fp),-352(fp) - bgequ noname.510 - addl2 #65536,-360(fp) -noname.510: - movzwl -346(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-360(fp) - bicl3 #-65536,-348(fp),r0 - ashl #16,r0,-352(fp) - addl3 -352(fp),-356(fp),r0 - bicl3 #0,r0,-356(fp) - cmpl -356(fp),-352(fp) - bgequ noname.511 - incl -360(fp) -noname.511: - movl -356(fp),r3 - movl -360(fp),r2 - bbc #31,r2,noname.512 - incl r7 -noname.512: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.513 - incl r2 -noname.513: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r9 - bicl2 #0,r9 - cmpl r9,r3 - bgequ noname.514 - incl r2 - bicl3 #0,r2,r0 - bneq noname.514 - incl r7 -noname.514: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.515 - incl r7 -noname.515: - - movl 4(ap),r0 - movl r9,36(r0) - - clrl r9 - - movl 8(ap),r3 - movl 20(r3),r4 - bicl3 #-65536,r4,-364(fp) - extzv #16,#16,r4,r0 - bicl3 #-65536,r0,r4 - movl -364(fp),r0 - mull3 r0,r4,-368(fp) - mull3 r0,r0,-364(fp) - mull2 r4,r4 - bicl3 #32767,-368(fp),r0 - extzv #15,#17,r0,r0 - addl2 r0,r4 - bicl3 #-65536,-368(fp),r0 - ashl #17,r0,-368(fp) - addl3 -364(fp),-368(fp),r0 - bicl3 #0,r0,-364(fp) - cmpl -364(fp),-368(fp) - bgequ noname.516 - incl r4 -noname.516: - movl -364(fp),r1 - movl r4,r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.517 - incl r2 -noname.517: - addl2 r2,r7 - bicl2 #0,r7 - cmpl r7,r2 - bgequ noname.518 - incl r9 -noname.518: - - bicl3 #-65536,24(r3),r4 - movzwl 26(r3),r1 - bicl2 #-65536,r1 - bicl3 #-65536,16(r3),r2 - movzwl 18(r3),r0 - bicl2 #-65536,r0 - movl r4,r6 - movl r1,r5 - mull3 r0,r6,-372(fp) - mull2 r2,r6 - mull3 r2,r5,-376(fp) - mull2 r0,r5 - addl3 -372(fp),-376(fp),r0 - bicl3 #0,r0,-372(fp) - cmpl -372(fp),-376(fp) - bgequ noname.519 - addl2 #65536,r5 -noname.519: - movzwl -370(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r5 - bicl3 #-65536,-372(fp),r0 - ashl #16,r0,-376(fp) - addl2 -376(fp),r6 - bicl2 #0,r6 - cmpl r6,-376(fp) - bgequ noname.520 - incl r5 -noname.520: - movl r6,r3 - movl r5,r2 - bbc #31,r2,noname.521 - incl r9 -noname.521: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.522 - incl r2 -noname.522: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r8 - bicl2 #0,r8 - cmpl r8,r3 - bgequ noname.523 - incl r2 - bicl3 #0,r2,r0 - bneq noname.523 - incl r9 -noname.523: - addl2 r2,r7 - bicl2 #0,r7 - cmpl r7,r2 - bgequ noname.524 - incl r9 -noname.524: - - movl 8(ap),r0 - bicl3 #-65536,28(r0),r3 - movzwl 30(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,12(r0),r2 - movzwl 14(r0),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-380(fp) - mull2 r2,r5 - mull3 r2,r4,-384(fp) - mull2 r0,r4 - addl3 -380(fp),-384(fp),r0 - bicl3 #0,r0,-380(fp) - cmpl -380(fp),-384(fp) - bgequ noname.525 - addl2 #65536,r4 -noname.525: - movzwl -378(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-380(fp),r0 - ashl #16,r0,-384(fp) - addl2 -384(fp),r5 - bicl2 #0,r5 - cmpl r5,-384(fp) - bgequ noname.526 - incl r4 -noname.526: - movl r5,r3 - movl r4,r2 - bbc #31,r2,noname.527 - incl r9 -noname.527: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.528 - incl r2 -noname.528: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r8 - bicl2 #0,r8 - cmpl r8,r3 - bgequ noname.529 - incl r2 - bicl3 #0,r2,r0 - bneq noname.529 - incl r9 -noname.529: - addl2 r2,r7 - bicl2 #0,r7 - cmpl r7,r2 - bgequ noname.530 - incl r9 -noname.530: - movl 4(ap),r0 - movl r8,40(r0) - - clrl r8 - - movl 8(ap),r0 - bicl3 #-65536,28(r0),r3 - movzwl 30(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,16(r0),r2 - movzwl 18(r0),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-388(fp) - mull2 r2,r5 - mull3 r2,r4,-392(fp) - mull2 r0,r4 - addl3 -388(fp),-392(fp),r0 - bicl3 #0,r0,-388(fp) - cmpl -388(fp),-392(fp) - bgequ noname.531 - addl2 #65536,r4 -noname.531: - movzwl -386(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-388(fp),r0 - ashl #16,r0,-392(fp) - addl2 -392(fp),r5 - bicl2 #0,r5 - cmpl r5,-392(fp) - bgequ noname.532 - incl r4 -noname.532: - movl r5,r3 - movl r4,r2 - bbc #31,r2,noname.533 - incl r8 -noname.533: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.534 - incl r2 -noname.534: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r7 - bicl2 #0,r7 - cmpl r7,r3 - bgequ noname.535 - incl r2 - bicl3 #0,r2,r0 - bneq noname.535 - incl r8 -noname.535: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.536 - incl r8 -noname.536: - - movl 8(ap),r0 - bicl3 #-65536,24(r0),r3 - movzwl 26(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,20(r0),r2 - movzwl 22(r0),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-396(fp) - mull2 r2,r5 - mull3 r2,r4,-400(fp) - mull2 r0,r4 - addl3 -396(fp),-400(fp),r0 - bicl3 #0,r0,-396(fp) - cmpl -396(fp),-400(fp) - bgequ noname.537 - addl2 #65536,r4 -noname.537: - movzwl -394(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-396(fp),r0 - ashl #16,r0,-400(fp) - addl2 -400(fp),r5 - bicl2 #0,r5 - cmpl r5,-400(fp) - bgequ noname.538 - incl r4 -noname.538: - movl r5,r3 - movl r4,r2 - bbc #31,r2,noname.539 - incl r8 -noname.539: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.540 - incl r2 -noname.540: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r7 - bicl2 #0,r7 - cmpl r7,r3 - bgequ noname.541 - incl r2 - bicl3 #0,r2,r0 - bneq noname.541 - incl r8 -noname.541: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.542 - incl r8 -noname.542: - - movl 4(ap),r0 - movl r7,44(r0) - - clrl r7 - - movl 8(ap),r3 - movl 24(r3),r4 - bicl3 #-65536,r4,r5 - extzv #16,#16,r4,r0 - bicl3 #-65536,r0,r4 - mull3 r5,r4,-404(fp) - mull2 r5,r5 - mull2 r4,r4 - bicl3 #32767,-404(fp),r0 - extzv #15,#17,r0,r0 - addl2 r0,r4 - bicl3 #-65536,-404(fp),r0 - ashl #17,r0,-404(fp) - addl2 -404(fp),r5 - bicl2 #0,r5 - cmpl r5,-404(fp) - bgequ noname.543 - incl r4 -noname.543: - movl r5,r1 - movl r4,r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.544 - incl r2 -noname.544: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.545 - incl r7 -noname.545: - - movzwl 30(r3),r2 - bicl3 #-65536,20(r3),r1 - movzwl 22(r3),r0 - bicl2 #-65536,r0 - bicl3 #-65536,28(r3),-416(fp) - bicl3 #-65536,r2,-420(fp) - mull3 r0,-416(fp),-408(fp) - mull2 r1,-416(fp) - mull3 r1,-420(fp),-412(fp) - mull2 r0,-420(fp) - addl3 -408(fp),-412(fp),r0 - bicl3 #0,r0,-408(fp) - cmpl -408(fp),-412(fp) - bgequ noname.546 - addl2 #65536,-420(fp) -noname.546: - movzwl -406(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-420(fp) - bicl3 #-65536,-408(fp),r0 - ashl #16,r0,-412(fp) - addl3 -412(fp),-416(fp),r0 - bicl3 #0,r0,-416(fp) - cmpl -416(fp),-412(fp) - bgequ noname.547 - incl -420(fp) -noname.547: - movl -416(fp),r3 - movl -420(fp),r2 - bbc #31,r2,noname.548 - incl r7 -noname.548: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.549 - incl r2 -noname.549: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r9 - bicl2 #0,r9 - cmpl r9,r3 - bgequ noname.550 - incl r2 - bicl3 #0,r2,r0 - bneq noname.550 - incl r7 -noname.550: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.551 - incl r7 -noname.551: - - movl 4(ap),r0 - movl r9,48(r0) - - clrl r9 - - movl 8(ap),r0 - movzwl 30(r0),r2 - bicl3 #-65536,24(r0),r3 - movzwl 26(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,28(r0),-432(fp) - bicl3 #-65536,r2,-436(fp) - mull3 r1,-432(fp),-424(fp) - mull2 r3,-432(fp) - mull3 r3,-436(fp),-428(fp) - mull2 r1,-436(fp) - addl3 -424(fp),-428(fp),r0 - bicl3 #0,r0,-424(fp) - cmpl -424(fp),-428(fp) - bgequ noname.552 - addl2 #65536,-436(fp) -noname.552: - movzwl -422(fp),r0 - bicl2 #-65536,r0 - addl2 r0,-436(fp) - bicl3 #-65536,-424(fp),r0 - ashl #16,r0,-428(fp) - addl3 -428(fp),-432(fp),r0 - bicl3 #0,r0,-432(fp) - cmpl -432(fp),-428(fp) - bgequ noname.553 - incl -436(fp) -noname.553: - movl -432(fp),r3 - movl -436(fp),r2 - bbc #31,r2,noname.554 - incl r9 -noname.554: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.555 - incl r2 -noname.555: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r8 - bicl2 #0,r8 - cmpl r8,r3 - bgequ noname.556 - incl r2 - bicl3 #0,r2,r0 - bneq noname.556 - incl r9 -noname.556: - addl2 r2,r7 - bicl2 #0,r7 - cmpl r7,r2 - bgequ noname.557 - incl r9 -noname.557: - - movl 4(ap),r4 - movl r8,52(r4) - - clrl r8 - - movl 8(ap),r0 - movl 28(r0),r3 - bicl3 #-65536,r3,-440(fp) - extzv #16,#16,r3,r0 - bicl3 #-65536,r0,r3 - movl -440(fp),r0 - mull3 r0,r3,-444(fp) - mull3 r0,r0,-440(fp) - mull2 r3,r3 - bicl3 #32767,-444(fp),r0 - extzv #15,#17,r0,r0 - addl2 r0,r3 - bicl3 #-65536,-444(fp),r0 - ashl #17,r0,-444(fp) - addl3 -440(fp),-444(fp),r0 - bicl3 #0,r0,-440(fp) - cmpl -440(fp),-444(fp) - bgequ noname.558 - incl r3 -noname.558: - movl -440(fp),r1 - movl r3,r2 - addl2 r1,r7 - bicl2 #0,r7 - cmpl r7,r1 - bgequ noname.559 - incl r2 -noname.559: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.560 - incl r8 -noname.560: - - movl r7,56(r4) - - movl r9,60(r4) - - ret - - - -;r=4 ;(AP) -;a=8 ;(AP) -;b=12 ;(AP) -;n=16 ;(AP) n by value (input) - - .psect code,nowrt - -.entry BN_SQR_COMBA4,^m - subl2 #44,sp - - clrq r8 - - clrl r10 - - movl 8(ap),r5 - movl (r5),r3 - bicl3 #-65536,r3,r4 - extzv #16,#16,r3,r0 - bicl3 #-65536,r0,r3 - mull3 r4,r3,-4(fp) - mull2 r4,r4 - mull2 r3,r3 - bicl3 #32767,-4(fp),r0 - extzv #15,#17,r0,r0 - addl2 r0,r3 - bicl3 #-65536,-4(fp),r0 - ashl #17,r0,-4(fp) - addl2 -4(fp),r4 - bicl2 #0,r4 - cmpl r4,-4(fp) - bgequ noname.563 - incl r3 -noname.563: - movl r4,r1 - movl r3,r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.564 - incl r2 -noname.564: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.565 - incl r10 -noname.565: - - movl r9,@4(ap) - - clrl r9 - - bicl3 #-65536,4(r5),r3 - movzwl 6(r5),r1 - bicl2 #-65536,r1 - bicl3 #-65536,(r5),r2 - movzwl 2(r5),r0 - bicl2 #-65536,r0 - movl r3,r6 - movl r1,r4 - mull3 r0,r6,-8(fp) - mull2 r2,r6 - mull2 r4,r2 - mull2 r0,r4 - addl3 -8(fp),r2,r0 - bicl3 #0,r0,-8(fp) - cmpl -8(fp),r2 - bgequ noname.566 - addl2 #65536,r4 -noname.566: - movzwl -6(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-8(fp),r0 - ashl #16,r0,r1 - addl2 r1,r6 - bicl2 #0,r6 - cmpl r6,r1 - bgequ noname.567 - incl r4 -noname.567: - movl r6,r3 - movl r4,r2 - bbc #31,r2,noname.568 - incl r9 -noname.568: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.569 - incl r2 -noname.569: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r8 - bicl2 #0,r8 - cmpl r8,r3 - bgequ noname.570 - incl r2 - bicl3 #0,r2,r0 - bneq noname.570 - incl r9 -noname.570: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.571 - incl r9 -noname.571: - - movl 4(ap),r0 - movl r8,4(r0) - - clrl r8 - - movl 8(ap),r4 - movl 4(r4),r3 - bicl3 #-65536,r3,r5 - extzv #16,#16,r3,r0 - bicl3 #-65536,r0,r3 - mull3 r5,r3,r1 - mull2 r5,r5 - mull2 r3,r3 - bicl3 #32767,r1,r0 - extzv #15,#17,r0,r0 - addl2 r0,r3 - bicl2 #-65536,r1 - ashl #17,r1,r1 - addl2 r1,r5 - bicl2 #0,r5 - cmpl r5,r1 - bgequ noname.572 - incl r3 -noname.572: - movl r5,r1 - movl r3,r2 - addl2 r1,r10 - bicl2 #0,r10 - cmpl r10,r1 - bgequ noname.573 - incl r2 -noname.573: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.574 - incl r8 -noname.574: - - bicl3 #-65536,8(r4),r3 - movzwl 10(r4),r1 - bicl2 #-65536,r1 - bicl3 #-65536,(r4),r2 - movzwl 2(r4),r0 - bicl2 #-65536,r0 - movl r3,r6 - movl r1,r5 - mull3 r0,r6,r7 - mull2 r2,r6 - mull2 r5,r2 - mull2 r0,r5 - addl2 r2,r7 - bicl2 #0,r7 - cmpl r7,r2 - bgequ noname.575 - addl2 #65536,r5 -noname.575: - extzv #16,#16,r7,r0 - bicl2 #-65536,r0 - addl2 r0,r5 - bicl3 #-65536,r7,r0 - ashl #16,r0,r1 - addl2 r1,r6 - bicl2 #0,r6 - cmpl r6,r1 - bgequ noname.576 - incl r5 -noname.576: - movl r6,r3 - movl r5,r2 - bbc #31,r2,noname.577 - incl r8 -noname.577: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.578 - incl r2 -noname.578: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r10 - bicl2 #0,r10 - cmpl r10,r3 - bgequ noname.579 - incl r2 - bicl3 #0,r2,r0 - bneq noname.579 - incl r8 -noname.579: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.580 - incl r8 -noname.580: - - movl 4(ap),r0 - movl r10,8(r0) - - clrl r10 - - movl 8(ap),r0 - bicl3 #-65536,12(r0),r3 - movzwl 14(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,(r0),r2 - movzwl 2(r0),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,r6 - mull2 r2,r5 - mull3 r2,r4,-12(fp) - mull2 r0,r4 - addl2 -12(fp),r6 - bicl2 #0,r6 - cmpl r6,-12(fp) - bgequ noname.581 - addl2 #65536,r4 -noname.581: - extzv #16,#16,r6,r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,r6,r0 - ashl #16,r0,-12(fp) - addl2 -12(fp),r5 - bicl2 #0,r5 - cmpl r5,-12(fp) - bgequ noname.582 - incl r4 -noname.582: - movl r5,r3 - movl r4,r2 - bbc #31,r2,noname.583 - incl r10 -noname.583: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.584 - incl r2 -noname.584: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r9 - bicl2 #0,r9 - cmpl r9,r3 - bgequ noname.585 - incl r2 - bicl3 #0,r2,r0 - bneq noname.585 - incl r10 -noname.585: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.586 - incl r10 -noname.586: - - movl 8(ap),r0 - bicl3 #-65536,8(r0),r3 - movzwl 10(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,4(r0),r2 - movzwl 6(r0),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-16(fp) - mull2 r2,r5 - mull3 r2,r4,-20(fp) - mull2 r0,r4 - addl3 -16(fp),-20(fp),r0 - bicl3 #0,r0,-16(fp) - cmpl -16(fp),-20(fp) - bgequ noname.587 - addl2 #65536,r4 -noname.587: - movzwl -14(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-16(fp),r0 - ashl #16,r0,-20(fp) - addl2 -20(fp),r5 - bicl2 #0,r5 - cmpl r5,-20(fp) - bgequ noname.588 - incl r4 -noname.588: - movl r5,r3 - movl r4,r2 - bbc #31,r2,noname.589 - incl r10 -noname.589: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.590 - incl r2 -noname.590: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r9 - bicl2 #0,r9 - cmpl r9,r3 - bgequ noname.591 - incl r2 - bicl3 #0,r2,r0 - bneq noname.591 - incl r10 -noname.591: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.592 - incl r10 -noname.592: - movl 4(ap),r0 - movl r9,12(r0) - - clrl r9 - - movl 8(ap),r3 - movl 8(r3),r4 - bicl3 #-65536,r4,r5 - extzv #16,#16,r4,r0 - bicl3 #-65536,r0,r4 - mull3 r5,r4,-24(fp) - mull2 r5,r5 - mull2 r4,r4 - bicl3 #32767,-24(fp),r0 - extzv #15,#17,r0,r0 - addl2 r0,r4 - bicl3 #-65536,-24(fp),r0 - ashl #17,r0,-24(fp) - addl2 -24(fp),r5 - bicl2 #0,r5 - cmpl r5,-24(fp) - bgequ noname.593 - incl r4 -noname.593: - movl r5,r1 - movl r4,r2 - addl2 r1,r8 - bicl2 #0,r8 - cmpl r8,r1 - bgequ noname.594 - incl r2 -noname.594: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.595 - incl r9 -noname.595: - - bicl3 #-65536,12(r3),r4 - movzwl 14(r3),r1 - bicl2 #-65536,r1 - bicl3 #-65536,4(r3),r2 - movzwl 6(r3),r0 - bicl2 #-65536,r0 - movl r4,r6 - movl r1,r5 - mull3 r0,r6,-28(fp) - mull2 r2,r6 - mull3 r2,r5,-32(fp) - mull2 r0,r5 - addl3 -28(fp),-32(fp),r0 - bicl3 #0,r0,-28(fp) - cmpl -28(fp),-32(fp) - bgequ noname.596 - addl2 #65536,r5 -noname.596: - movzwl -26(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r5 - bicl3 #-65536,-28(fp),r0 - ashl #16,r0,-32(fp) - addl2 -32(fp),r6 - bicl2 #0,r6 - cmpl r6,-32(fp) - bgequ noname.597 - incl r5 -noname.597: - movl r6,r3 - movl r5,r2 - bbc #31,r2,noname.598 - incl r9 -noname.598: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.599 - incl r2 -noname.599: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r8 - bicl2 #0,r8 - cmpl r8,r3 - bgequ noname.600 - incl r2 - bicl3 #0,r2,r0 - bneq noname.600 - incl r9 -noname.600: - addl2 r2,r10 - bicl2 #0,r10 - cmpl r10,r2 - bgequ noname.601 - incl r9 -noname.601: - - movl 4(ap),r0 - movl r8,16(r0) - - clrl r8 - - movl 8(ap),r0 - bicl3 #-65536,12(r0),r3 - movzwl 14(r0),r1 - bicl2 #-65536,r1 - bicl3 #-65536,8(r0),r2 - movzwl 10(r0),r0 - bicl2 #-65536,r0 - movl r3,r5 - movl r1,r4 - mull3 r0,r5,-36(fp) - mull2 r2,r5 - mull3 r2,r4,-40(fp) - mull2 r0,r4 - addl3 -36(fp),-40(fp),r0 - bicl3 #0,r0,-36(fp) - cmpl -36(fp),-40(fp) - bgequ noname.602 - addl2 #65536,r4 -noname.602: - movzwl -34(fp),r0 - bicl2 #-65536,r0 - addl2 r0,r4 - bicl3 #-65536,-36(fp),r0 - ashl #16,r0,-40(fp) - addl2 -40(fp),r5 - bicl2 #0,r5 - cmpl r5,-40(fp) - bgequ noname.603 - incl r4 -noname.603: - movl r5,r3 - movl r4,r2 - bbc #31,r2,noname.604 - incl r8 -noname.604: - addl2 r2,r2 - bicl2 #0,r2 - bbc #31,r3,noname.605 - incl r2 -noname.605: - addl2 r3,r3 - bicl2 #0,r3 - addl2 r3,r10 - bicl2 #0,r10 - cmpl r10,r3 - bgequ noname.606 - incl r2 - bicl3 #0,r2,r0 - bneq noname.606 - incl r8 -noname.606: - addl2 r2,r9 - bicl2 #0,r9 - cmpl r9,r2 - bgequ noname.607 - incl r8 -noname.607: - - movl 4(ap),r4 - movl r10,20(r4) - - clrl r10 - - movl 8(ap),r0 - movl 12(r0),r3 - bicl3 #-65536,r3,r5 - extzv #16,#16,r3,r0 - bicl3 #-65536,r0,r3 - mull3 r5,r3,-44(fp) - mull2 r5,r5 - mull2 r3,r3 - bicl3 #32767,-44(fp),r0 - extzv #15,#17,r0,r0 - addl2 r0,r3 - bicl3 #-65536,-44(fp),r0 - ashl #17,r0,-44(fp) - addl2 -44(fp),r5 - bicl2 #0,r5 - cmpl r5,-44(fp) - bgequ noname.608 - incl r3 -noname.608: - movl r5,r1 - movl r3,r2 - addl2 r1,r9 - bicl2 #0,r9 - cmpl r9,r1 - bgequ noname.609 - incl r2 -noname.609: - addl2 r2,r8 - bicl2 #0,r8 - cmpl r8,r2 - bgequ noname.610 - incl r10 -noname.610: - - movl r9,24(r4) - - movl r8,28(r4) - - ret - -; For now, the code below doesn't work, so I end this prematurely. -.end diff --git a/src/lib/libcrypto/bn/asm/x86-gf2m.pl b/src/lib/libcrypto/bn/asm/x86-gf2m.pl new file mode 100644 index 00000000000..97d91362602 --- /dev/null +++ b/src/lib/libcrypto/bn/asm/x86-gf2m.pl @@ -0,0 +1,313 @@ +#!/usr/bin/env perl +# +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== +# +# May 2011 +# +# The module implements bn_GF2m_mul_2x2 polynomial multiplication used +# in bn_gf2m.c. It's kind of low-hanging mechanical port from C for +# the time being... Except that it has three code paths: pure integer +# code suitable for any x86 CPU, MMX code suitable for PIII and later +# and PCLMULQDQ suitable for Westmere and later. Improvement varies +# from one benchmark and µ-arch to another. Below are interval values +# for 163- and 571-bit ECDH benchmarks relative to compiler-generated +# code: +# +# PIII 16%-30% +# P4 12%-12% +# Opteron 18%-40% +# Core2 19%-44% +# Atom 38%-64% +# Westmere 53%-121%(PCLMULQDQ)/20%-32%(MMX) +# Sandy Bridge 72%-127%(PCLMULQDQ)/27%-23%(MMX) +# +# Note that above improvement coefficients are not coefficients for +# bn_GF2m_mul_2x2 itself. For example 120% ECDH improvement is result +# of bn_GF2m_mul_2x2 being >4x faster. As it gets faster, benchmark +# is more and more dominated by other subroutines, most notably by +# BN_GF2m_mod[_mul]_arr... + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +push(@INC,"${dir}","${dir}../../perlasm"); +require "x86asm.pl"; + +&asm_init($ARGV[0],$0,$x86only = $ARGV[$#ARGV] eq "386"); + +$sse2=0; +for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } + +&external_label("OPENSSL_ia32cap_P") if ($sse2); + +$a="eax"; +$b="ebx"; +($a1,$a2,$a4)=("ecx","edx","ebp"); + +$R="mm0"; +@T=("mm1","mm2"); +($A,$B,$B30,$B31)=("mm2","mm3","mm4","mm5"); +@i=("esi","edi"); + + if (!$x86only) { +&function_begin_B("_mul_1x1_mmx"); + &sub ("esp",32+4); + &mov ($a1,$a); + &lea ($a2,&DWP(0,$a,$a)); + &and ($a1,0x3fffffff); + &lea ($a4,&DWP(0,$a2,$a2)); + &mov (&DWP(0*4,"esp"),0); + &and ($a2,0x7fffffff); + &movd ($A,$a); + &movd ($B,$b); + &mov (&DWP(1*4,"esp"),$a1); # a1 + &xor ($a1,$a2); # a1^a2 + &pxor ($B31,$B31); + &pxor ($B30,$B30); + &mov (&DWP(2*4,"esp"),$a2); # a2 + &xor ($a2,$a4); # a2^a4 + &mov (&DWP(3*4,"esp"),$a1); # a1^a2 + &pcmpgtd($B31,$A); # broadcast 31st bit + &paddd ($A,$A); # $A<<=1 + &xor ($a1,$a2); # a1^a4=a1^a2^a2^a4 + &mov (&DWP(4*4,"esp"),$a4); # a4 + &xor ($a4,$a2); # a2=a4^a2^a4 + &pand ($B31,$B); + &pcmpgtd($B30,$A); # broadcast 30th bit + &mov (&DWP(5*4,"esp"),$a1); # a1^a4 + &xor ($a4,$a1); # a1^a2^a4 + &psllq ($B31,31); + &pand ($B30,$B); + &mov (&DWP(6*4,"esp"),$a2); # a2^a4 + &mov (@i[0],0x7); + &mov (&DWP(7*4,"esp"),$a4); # a1^a2^a4 + &mov ($a4,@i[0]); + &and (@i[0],$b); + &shr ($b,3); + &mov (@i[1],$a4); + &psllq ($B30,30); + &and (@i[1],$b); + &shr ($b,3); + &movd ($R,&DWP(0,"esp",@i[0],4)); + &mov (@i[0],$a4); + &and (@i[0],$b); + &shr ($b,3); + for($n=1;$n<9;$n++) { + &movd (@T[1],&DWP(0,"esp",@i[1],4)); + &mov (@i[1],$a4); + &psllq (@T[1],3*$n); + &and (@i[1],$b); + &shr ($b,3); + &pxor ($R,@T[1]); + + push(@i,shift(@i)); push(@T,shift(@T)); + } + &movd (@T[1],&DWP(0,"esp",@i[1],4)); + &pxor ($R,$B30); + &psllq (@T[1],3*$n++); + &pxor ($R,@T[1]); + + &movd (@T[0],&DWP(0,"esp",@i[0],4)); + &pxor ($R,$B31); + &psllq (@T[0],3*$n); + &add ("esp",32+4); + &pxor ($R,@T[0]); + &ret (); +&function_end_B("_mul_1x1_mmx"); + } + +($lo,$hi)=("eax","edx"); +@T=("ecx","ebp"); + +&function_begin_B("_mul_1x1_ialu"); + &sub ("esp",32+4); + &mov ($a1,$a); + &lea ($a2,&DWP(0,$a,$a)); + &lea ($a4,&DWP(0,"",$a,4)); + &and ($a1,0x3fffffff); + &lea (@i[1],&DWP(0,$lo,$lo)); + &sar ($lo,31); # broadcast 31st bit + &mov (&DWP(0*4,"esp"),0); + &and ($a2,0x7fffffff); + &mov (&DWP(1*4,"esp"),$a1); # a1 + &xor ($a1,$a2); # a1^a2 + &mov (&DWP(2*4,"esp"),$a2); # a2 + &xor ($a2,$a4); # a2^a4 + &mov (&DWP(3*4,"esp"),$a1); # a1^a2 + &xor ($a1,$a2); # a1^a4=a1^a2^a2^a4 + &mov (&DWP(4*4,"esp"),$a4); # a4 + &xor ($a4,$a2); # a2=a4^a2^a4 + &mov (&DWP(5*4,"esp"),$a1); # a1^a4 + &xor ($a4,$a1); # a1^a2^a4 + &sar (@i[1],31); # broardcast 30th bit + &and ($lo,$b); + &mov (&DWP(6*4,"esp"),$a2); # a2^a4 + &and (@i[1],$b); + &mov (&DWP(7*4,"esp"),$a4); # a1^a2^a4 + &mov ($hi,$lo); + &shl ($lo,31); + &mov (@T[0],@i[1]); + &shr ($hi,1); + + &mov (@i[0],0x7); + &shl (@i[1],30); + &and (@i[0],$b); + &shr (@T[0],2); + &xor ($lo,@i[1]); + + &shr ($b,3); + &mov (@i[1],0x7); # 5-byte instruction!? + &and (@i[1],$b); + &shr ($b,3); + &xor ($hi,@T[0]); + &xor ($lo,&DWP(0,"esp",@i[0],4)); + &mov (@i[0],0x7); + &and (@i[0],$b); + &shr ($b,3); + for($n=1;$n<9;$n++) { + &mov (@T[1],&DWP(0,"esp",@i[1],4)); + &mov (@i[1],0x7); + &mov (@T[0],@T[1]); + &shl (@T[1],3*$n); + &and (@i[1],$b); + &shr (@T[0],32-3*$n); + &xor ($lo,@T[1]); + &shr ($b,3); + &xor ($hi,@T[0]); + + push(@i,shift(@i)); push(@T,shift(@T)); + } + &mov (@T[1],&DWP(0,"esp",@i[1],4)); + &mov (@T[0],@T[1]); + &shl (@T[1],3*$n); + &mov (@i[1],&DWP(0,"esp",@i[0],4)); + &shr (@T[0],32-3*$n); $n++; + &mov (@i[0],@i[1]); + &xor ($lo,@T[1]); + &shl (@i[1],3*$n); + &xor ($hi,@T[0]); + &shr (@i[0],32-3*$n); + &xor ($lo,@i[1]); + &xor ($hi,@i[0]); + + &add ("esp",32+4); + &ret (); +&function_end_B("_mul_1x1_ialu"); + +# void bn_GF2m_mul_2x2(BN_ULONG *r, BN_ULONG a1, BN_ULONG a0, BN_ULONG b1, BN_ULONG b0); +&function_begin_B("bn_GF2m_mul_2x2"); +if (!$x86only) { + &picmeup("edx","OPENSSL_ia32cap_P"); + &mov ("eax",&DWP(0,"edx")); + &mov ("edx",&DWP(4,"edx")); + &test ("eax","\$IA32CAP_MASK0_MMX"); # check MMX bit + &jz (&label("ialu")); +if ($sse2) { + &test ("eax","\$IA32CAP_MASK0_FXSR"); # check FXSR bit + &jz (&label("mmx")); + &test ("edx","\$IA32CAP_MASK1_PCLMUL"); # check PCLMULQDQ bit + &jz (&label("mmx")); + + &movups ("xmm0",&QWP(8,"esp")); + &shufps ("xmm0","xmm0",0b10110001); + &pclmulqdq ("xmm0","xmm0",1); + &mov ("eax",&DWP(4,"esp")); + &movups (&QWP(0,"eax"),"xmm0"); + &ret (); + +&set_label("mmx",16); +} + &push ("ebp"); + &push ("ebx"); + &push ("esi"); + &push ("edi"); + &mov ($a,&wparam(1)); + &mov ($b,&wparam(3)); + &call ("_mul_1x1_mmx"); # a1·b1 + &movq ("mm7",$R); + + &mov ($a,&wparam(2)); + &mov ($b,&wparam(4)); + &call ("_mul_1x1_mmx"); # a0·b0 + &movq ("mm6",$R); + + &mov ($a,&wparam(1)); + &mov ($b,&wparam(3)); + &xor ($a,&wparam(2)); + &xor ($b,&wparam(4)); + &call ("_mul_1x1_mmx"); # (a0+a1)·(b0+b1) + &pxor ($R,"mm7"); + &mov ($a,&wparam(0)); + &pxor ($R,"mm6"); # (a0+a1)·(b0+b1)-a1·b1-a0·b0 + + &movq ($A,$R); + &psllq ($R,32); + &pop ("edi"); + &psrlq ($A,32); + &pop ("esi"); + &pxor ($R,"mm6"); + &pop ("ebx"); + &pxor ($A,"mm7"); + &movq (&QWP(0,$a),$R); + &pop ("ebp"); + &movq (&QWP(8,$a),$A); + &emms (); + &ret (); +&set_label("ialu",16); +} + &push ("ebp"); + &push ("ebx"); + &push ("esi"); + &push ("edi"); + &stack_push(4+1); + + &mov ($a,&wparam(1)); + &mov ($b,&wparam(3)); + &call ("_mul_1x1_ialu"); # a1·b1 + &mov (&DWP(8,"esp"),$lo); + &mov (&DWP(12,"esp"),$hi); + + &mov ($a,&wparam(2)); + &mov ($b,&wparam(4)); + &call ("_mul_1x1_ialu"); # a0·b0 + &mov (&DWP(0,"esp"),$lo); + &mov (&DWP(4,"esp"),$hi); + + &mov ($a,&wparam(1)); + &mov ($b,&wparam(3)); + &xor ($a,&wparam(2)); + &xor ($b,&wparam(4)); + &call ("_mul_1x1_ialu"); # (a0+a1)·(b0+b1) + + &mov ("ebp",&wparam(0)); + @r=("ebx","ecx","edi","esi"); + &mov (@r[0],&DWP(0,"esp")); + &mov (@r[1],&DWP(4,"esp")); + &mov (@r[2],&DWP(8,"esp")); + &mov (@r[3],&DWP(12,"esp")); + + &xor ($lo,$hi); + &xor ($hi,@r[1]); + &xor ($lo,@r[0]); + &mov (&DWP(0,"ebp"),@r[0]); + &xor ($hi,@r[2]); + &mov (&DWP(12,"ebp"),@r[3]); + &xor ($lo,@r[3]); + &stack_pop(4+1); + &xor ($hi,@r[3]); + &pop ("edi"); + &xor ($lo,$hi); + &pop ("esi"); + &mov (&DWP(8,"ebp"),$hi); + &pop ("ebx"); + &mov (&DWP(4,"ebp"),$lo); + &pop ("ebp"); + &ret (); +&function_end_B("bn_GF2m_mul_2x2"); + +&asciz ("GF(2^m) Multiplication for x86, CRYPTOGAMS by "); + +&asm_finish(); diff --git a/src/lib/libcrypto/bn/asm/x86-mont.pl b/src/lib/libcrypto/bn/asm/x86-mont.pl new file mode 100755 index 00000000000..a0bdd5787e5 --- /dev/null +++ b/src/lib/libcrypto/bn/asm/x86-mont.pl @@ -0,0 +1,593 @@ +#!/usr/bin/env perl + +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# October 2005 +# +# This is a "teaser" code, as it can be improved in several ways... +# First of all non-SSE2 path should be implemented (yes, for now it +# performs Montgomery multiplication/convolution only on SSE2-capable +# CPUs such as P4, others fall down to original code). Then inner loop +# can be unrolled and modulo-scheduled to improve ILP and possibly +# moved to 128-bit XMM register bank (though it would require input +# rearrangement and/or increase bus bandwidth utilization). Dedicated +# squaring procedure should give further performance improvement... +# Yet, for being draft, the code improves rsa512 *sign* benchmark by +# 110%(!), rsa1024 one - by 70% and rsa4096 - by 20%:-) + +# December 2006 +# +# Modulo-scheduling SSE2 loops results in further 15-20% improvement. +# Integer-only code [being equipped with dedicated squaring procedure] +# gives ~40% on rsa512 sign benchmark... + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +push(@INC,"${dir}","${dir}../../perlasm"); +require "x86asm.pl"; + +&asm_init($ARGV[0],$0); + +$sse2=0; +for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } + +&external_label("OPENSSL_ia32cap_P") if ($sse2); + +&function_begin("bn_mul_mont"); + +$i="edx"; +$j="ecx"; +$ap="esi"; $tp="esi"; # overlapping variables!!! +$rp="edi"; $bp="edi"; # overlapping variables!!! +$np="ebp"; +$num="ebx"; + +$_num=&DWP(4*0,"esp"); # stack top layout +$_rp=&DWP(4*1,"esp"); +$_ap=&DWP(4*2,"esp"); +$_bp=&DWP(4*3,"esp"); +$_np=&DWP(4*4,"esp"); +$_n0=&DWP(4*5,"esp"); $_n0q=&QWP(4*5,"esp"); +$_sp=&DWP(4*6,"esp"); +$_bpend=&DWP(4*7,"esp"); +$frame=32; # size of above frame rounded up to 16n + + &xor ("eax","eax"); + &mov ("edi",&wparam(5)); # int num + &cmp ("edi",4); + &jl (&label("just_leave")); + + &lea ("esi",&wparam(0)); # put aside pointer to argument block + &lea ("edx",&wparam(1)); # load ap + &mov ("ebp","esp"); # saved stack pointer! + &add ("edi",2); # extra two words on top of tp + &neg ("edi"); + &lea ("esp",&DWP(-$frame,"esp","edi",4)); # alloca($frame+4*(num+2)) + &neg ("edi"); + + # minimize cache contention by arraning 2K window between stack + # pointer and ap argument [np is also position sensitive vector, + # but it's assumed to be near ap, as it's allocated at ~same + # time]. + &mov ("eax","esp"); + &sub ("eax","edx"); + &and ("eax",2047); + &sub ("esp","eax"); # this aligns sp and ap modulo 2048 + + &xor ("edx","esp"); + &and ("edx",2048); + &xor ("edx",2048); + &sub ("esp","edx"); # this splits them apart modulo 4096 + + &and ("esp",-64); # align to cache line + + ################################# load argument block... + &mov ("eax",&DWP(0*4,"esi"));# BN_ULONG *rp + &mov ("ebx",&DWP(1*4,"esi"));# const BN_ULONG *ap + &mov ("ecx",&DWP(2*4,"esi"));# const BN_ULONG *bp + &mov ("edx",&DWP(3*4,"esi"));# const BN_ULONG *np + &mov ("esi",&DWP(4*4,"esi"));# const BN_ULONG *n0 + #&mov ("edi",&DWP(5*4,"esi"));# int num + + &mov ("esi",&DWP(0,"esi")); # pull n0[0] + &mov ($_rp,"eax"); # ... save a copy of argument block + &mov ($_ap,"ebx"); + &mov ($_bp,"ecx"); + &mov ($_np,"edx"); + &mov ($_n0,"esi"); + &lea ($num,&DWP(-3,"edi")); # num=num-1 to assist modulo-scheduling + #&mov ($_num,$num); # redundant as $num is not reused + &mov ($_sp,"ebp"); # saved stack pointer! + +if($sse2) { +$acc0="mm0"; # mmx register bank layout +$acc1="mm1"; +$car0="mm2"; +$car1="mm3"; +$mul0="mm4"; +$mul1="mm5"; +$temp="mm6"; +$mask="mm7"; + + &picmeup("eax","OPENSSL_ia32cap_P"); + &bt (&DWP(0,"eax"),"\$IA32CAP_BIT0_SSE2"); + &jnc (&label("non_sse2")); + + &mov ("eax",-1); + &movd ($mask,"eax"); # mask 32 lower bits + + &mov ($ap,$_ap); # load input pointers + &mov ($bp,$_bp); + &mov ($np,$_np); + + &xor ($i,$i); # i=0 + &xor ($j,$j); # j=0 + + &movd ($mul0,&DWP(0,$bp)); # bp[0] + &movd ($mul1,&DWP(0,$ap)); # ap[0] + &movd ($car1,&DWP(0,$np)); # np[0] + + &pmuludq($mul1,$mul0); # ap[0]*bp[0] + &movq ($car0,$mul1); + &movq ($acc0,$mul1); # I wish movd worked for + &pand ($acc0,$mask); # inter-register transfers + + &pmuludq($mul1,$_n0q); # *=n0 + + &pmuludq($car1,$mul1); # "t[0]"*np[0]*n0 + &paddq ($car1,$acc0); + + &movd ($acc1,&DWP(4,$np)); # np[1] + &movd ($acc0,&DWP(4,$ap)); # ap[1] + + &psrlq ($car0,32); + &psrlq ($car1,32); + + &inc ($j); # j++ +&set_label("1st",16); + &pmuludq($acc0,$mul0); # ap[j]*bp[0] + &pmuludq($acc1,$mul1); # np[j]*m1 + &paddq ($car0,$acc0); # +=c0 + &paddq ($car1,$acc1); # +=c1 + + &movq ($acc0,$car0); + &pand ($acc0,$mask); + &movd ($acc1,&DWP(4,$np,$j,4)); # np[j+1] + &paddq ($car1,$acc0); # +=ap[j]*bp[0]; + &movd ($acc0,&DWP(4,$ap,$j,4)); # ap[j+1] + &psrlq ($car0,32); + &movd (&DWP($frame-4,"esp",$j,4),$car1); # tp[j-1]= + &psrlq ($car1,32); + + &lea ($j,&DWP(1,$j)); + &cmp ($j,$num); + &jl (&label("1st")); + + &pmuludq($acc0,$mul0); # ap[num-1]*bp[0] + &pmuludq($acc1,$mul1); # np[num-1]*m1 + &paddq ($car0,$acc0); # +=c0 + &paddq ($car1,$acc1); # +=c1 + + &movq ($acc0,$car0); + &pand ($acc0,$mask); + &paddq ($car1,$acc0); # +=ap[num-1]*bp[0]; + &movd (&DWP($frame-4,"esp",$j,4),$car1); # tp[num-2]= + + &psrlq ($car0,32); + &psrlq ($car1,32); + + &paddq ($car1,$car0); + &movq (&QWP($frame,"esp",$num,4),$car1); # tp[num].tp[num-1] + + &inc ($i); # i++ +&set_label("outer"); + &xor ($j,$j); # j=0 + + &movd ($mul0,&DWP(0,$bp,$i,4)); # bp[i] + &movd ($mul1,&DWP(0,$ap)); # ap[0] + &movd ($temp,&DWP($frame,"esp")); # tp[0] + &movd ($car1,&DWP(0,$np)); # np[0] + &pmuludq($mul1,$mul0); # ap[0]*bp[i] + + &paddq ($mul1,$temp); # +=tp[0] + &movq ($acc0,$mul1); + &movq ($car0,$mul1); + &pand ($acc0,$mask); + + &pmuludq($mul1,$_n0q); # *=n0 + + &pmuludq($car1,$mul1); + &paddq ($car1,$acc0); + + &movd ($temp,&DWP($frame+4,"esp")); # tp[1] + &movd ($acc1,&DWP(4,$np)); # np[1] + &movd ($acc0,&DWP(4,$ap)); # ap[1] + + &psrlq ($car0,32); + &psrlq ($car1,32); + &paddq ($car0,$temp); # +=tp[1] + + &inc ($j); # j++ + &dec ($num); +&set_label("inner"); + &pmuludq($acc0,$mul0); # ap[j]*bp[i] + &pmuludq($acc1,$mul1); # np[j]*m1 + &paddq ($car0,$acc0); # +=c0 + &paddq ($car1,$acc1); # +=c1 + + &movq ($acc0,$car0); + &movd ($temp,&DWP($frame+4,"esp",$j,4));# tp[j+1] + &pand ($acc0,$mask); + &movd ($acc1,&DWP(4,$np,$j,4)); # np[j+1] + &paddq ($car1,$acc0); # +=ap[j]*bp[i]+tp[j] + &movd ($acc0,&DWP(4,$ap,$j,4)); # ap[j+1] + &psrlq ($car0,32); + &movd (&DWP($frame-4,"esp",$j,4),$car1);# tp[j-1]= + &psrlq ($car1,32); + &paddq ($car0,$temp); # +=tp[j+1] + + &dec ($num); + &lea ($j,&DWP(1,$j)); # j++ + &jnz (&label("inner")); + + &mov ($num,$j); + &pmuludq($acc0,$mul0); # ap[num-1]*bp[i] + &pmuludq($acc1,$mul1); # np[num-1]*m1 + &paddq ($car0,$acc0); # +=c0 + &paddq ($car1,$acc1); # +=c1 + + &movq ($acc0,$car0); + &pand ($acc0,$mask); + &paddq ($car1,$acc0); # +=ap[num-1]*bp[i]+tp[num-1] + &movd (&DWP($frame-4,"esp",$j,4),$car1); # tp[num-2]= + &psrlq ($car0,32); + &psrlq ($car1,32); + + &movd ($temp,&DWP($frame+4,"esp",$num,4)); # += tp[num] + &paddq ($car1,$car0); + &paddq ($car1,$temp); + &movq (&QWP($frame,"esp",$num,4),$car1); # tp[num].tp[num-1] + + &lea ($i,&DWP(1,$i)); # i++ + &cmp ($i,$num); + &jle (&label("outer")); + + &emms (); # done with mmx bank + &jmp (&label("common_tail")); + +&set_label("non_sse2",16); +} + +if (0) { + &mov ("esp",$_sp); + &xor ("eax","eax"); # signal "not fast enough [yet]" + &jmp (&label("just_leave")); + # While the below code provides competitive performance for + # all key lengthes on modern Intel cores, it's still more + # than 10% slower for 4096-bit key elsewhere:-( "Competitive" + # means compared to the original integer-only assembler. + # 512-bit RSA sign is better by ~40%, but that's about all + # one can say about all CPUs... +} else { +$inp="esi"; # integer path uses these registers differently +$word="edi"; +$carry="ebp"; + + &mov ($inp,$_ap); + &lea ($carry,&DWP(1,$num)); + &mov ($word,$_bp); + &xor ($j,$j); # j=0 + &mov ("edx",$inp); + &and ($carry,1); # see if num is even + &sub ("edx",$word); # see if ap==bp + &lea ("eax",&DWP(4,$word,$num,4)); # &bp[num] + &or ($carry,"edx"); + &mov ($word,&DWP(0,$word)); # bp[0] + &jz (&label("bn_sqr_mont")); + &mov ($_bpend,"eax"); + &mov ("eax",&DWP(0,$inp)); + &xor ("edx","edx"); + +&set_label("mull",16); + &mov ($carry,"edx"); + &mul ($word); # ap[j]*bp[0] + &add ($carry,"eax"); + &lea ($j,&DWP(1,$j)); + &adc ("edx",0); + &mov ("eax",&DWP(0,$inp,$j,4)); # ap[j+1] + &cmp ($j,$num); + &mov (&DWP($frame-4,"esp",$j,4),$carry); # tp[j]= + &jl (&label("mull")); + + &mov ($carry,"edx"); + &mul ($word); # ap[num-1]*bp[0] + &mov ($word,$_n0); + &add ("eax",$carry); + &mov ($inp,$_np); + &adc ("edx",0); + &imul ($word,&DWP($frame,"esp")); # n0*tp[0] + + &mov (&DWP($frame,"esp",$num,4),"eax"); # tp[num-1]= + &xor ($j,$j); + &mov (&DWP($frame+4,"esp",$num,4),"edx"); # tp[num]= + &mov (&DWP($frame+8,"esp",$num,4),$j); # tp[num+1]= + + &mov ("eax",&DWP(0,$inp)); # np[0] + &mul ($word); # np[0]*m + &add ("eax",&DWP($frame,"esp")); # +=tp[0] + &mov ("eax",&DWP(4,$inp)); # np[1] + &adc ("edx",0); + &inc ($j); + + &jmp (&label("2ndmadd")); + +&set_label("1stmadd",16); + &mov ($carry,"edx"); + &mul ($word); # ap[j]*bp[i] + &add ($carry,&DWP($frame,"esp",$j,4)); # +=tp[j] + &lea ($j,&DWP(1,$j)); + &adc ("edx",0); + &add ($carry,"eax"); + &mov ("eax",&DWP(0,$inp,$j,4)); # ap[j+1] + &adc ("edx",0); + &cmp ($j,$num); + &mov (&DWP($frame-4,"esp",$j,4),$carry); # tp[j]= + &jl (&label("1stmadd")); + + &mov ($carry,"edx"); + &mul ($word); # ap[num-1]*bp[i] + &add ("eax",&DWP($frame,"esp",$num,4)); # +=tp[num-1] + &mov ($word,$_n0); + &adc ("edx",0); + &mov ($inp,$_np); + &add ($carry,"eax"); + &adc ("edx",0); + &imul ($word,&DWP($frame,"esp")); # n0*tp[0] + + &xor ($j,$j); + &add ("edx",&DWP($frame+4,"esp",$num,4)); # carry+=tp[num] + &mov (&DWP($frame,"esp",$num,4),$carry); # tp[num-1]= + &adc ($j,0); + &mov ("eax",&DWP(0,$inp)); # np[0] + &mov (&DWP($frame+4,"esp",$num,4),"edx"); # tp[num]= + &mov (&DWP($frame+8,"esp",$num,4),$j); # tp[num+1]= + + &mul ($word); # np[0]*m + &add ("eax",&DWP($frame,"esp")); # +=tp[0] + &mov ("eax",&DWP(4,$inp)); # np[1] + &adc ("edx",0); + &mov ($j,1); + +&set_label("2ndmadd",16); + &mov ($carry,"edx"); + &mul ($word); # np[j]*m + &add ($carry,&DWP($frame,"esp",$j,4)); # +=tp[j] + &lea ($j,&DWP(1,$j)); + &adc ("edx",0); + &add ($carry,"eax"); + &mov ("eax",&DWP(0,$inp,$j,4)); # np[j+1] + &adc ("edx",0); + &cmp ($j,$num); + &mov (&DWP($frame-8,"esp",$j,4),$carry); # tp[j-1]= + &jl (&label("2ndmadd")); + + &mov ($carry,"edx"); + &mul ($word); # np[j]*m + &add ($carry,&DWP($frame,"esp",$num,4)); # +=tp[num-1] + &adc ("edx",0); + &add ($carry,"eax"); + &adc ("edx",0); + &mov (&DWP($frame-4,"esp",$num,4),$carry); # tp[num-2]= + + &xor ("eax","eax"); + &mov ($j,$_bp); # &bp[i] + &add ("edx",&DWP($frame+4,"esp",$num,4)); # carry+=tp[num] + &adc ("eax",&DWP($frame+8,"esp",$num,4)); # +=tp[num+1] + &lea ($j,&DWP(4,$j)); + &mov (&DWP($frame,"esp",$num,4),"edx"); # tp[num-1]= + &cmp ($j,$_bpend); + &mov (&DWP($frame+4,"esp",$num,4),"eax"); # tp[num]= + &je (&label("common_tail")); + + &mov ($word,&DWP(0,$j)); # bp[i+1] + &mov ($inp,$_ap); + &mov ($_bp,$j); # &bp[++i] + &xor ($j,$j); + &xor ("edx","edx"); + &mov ("eax",&DWP(0,$inp)); + &jmp (&label("1stmadd")); + +&set_label("bn_sqr_mont",16); +$sbit=$num; + &mov ($_num,$num); + &mov ($_bp,$j); # i=0 + + &mov ("eax",$word); # ap[0] + &mul ($word); # ap[0]*ap[0] + &mov (&DWP($frame,"esp"),"eax"); # tp[0]= + &mov ($sbit,"edx"); + &shr ("edx",1); + &and ($sbit,1); + &inc ($j); +&set_label("sqr",16); + &mov ("eax",&DWP(0,$inp,$j,4)); # ap[j] + &mov ($carry,"edx"); + &mul ($word); # ap[j]*ap[0] + &add ("eax",$carry); + &lea ($j,&DWP(1,$j)); + &adc ("edx",0); + &lea ($carry,&DWP(0,$sbit,"eax",2)); + &shr ("eax",31); + &cmp ($j,$_num); + &mov ($sbit,"eax"); + &mov (&DWP($frame-4,"esp",$j,4),$carry); # tp[j]= + &jl (&label("sqr")); + + &mov ("eax",&DWP(0,$inp,$j,4)); # ap[num-1] + &mov ($carry,"edx"); + &mul ($word); # ap[num-1]*ap[0] + &add ("eax",$carry); + &mov ($word,$_n0); + &adc ("edx",0); + &mov ($inp,$_np); + &lea ($carry,&DWP(0,$sbit,"eax",2)); + &imul ($word,&DWP($frame,"esp")); # n0*tp[0] + &shr ("eax",31); + &mov (&DWP($frame,"esp",$j,4),$carry); # tp[num-1]= + + &lea ($carry,&DWP(0,"eax","edx",2)); + &mov ("eax",&DWP(0,$inp)); # np[0] + &shr ("edx",31); + &mov (&DWP($frame+4,"esp",$j,4),$carry); # tp[num]= + &mov (&DWP($frame+8,"esp",$j,4),"edx"); # tp[num+1]= + + &mul ($word); # np[0]*m + &add ("eax",&DWP($frame,"esp")); # +=tp[0] + &mov ($num,$j); + &adc ("edx",0); + &mov ("eax",&DWP(4,$inp)); # np[1] + &mov ($j,1); + +&set_label("3rdmadd",16); + &mov ($carry,"edx"); + &mul ($word); # np[j]*m + &add ($carry,&DWP($frame,"esp",$j,4)); # +=tp[j] + &adc ("edx",0); + &add ($carry,"eax"); + &mov ("eax",&DWP(4,$inp,$j,4)); # np[j+1] + &adc ("edx",0); + &mov (&DWP($frame-4,"esp",$j,4),$carry); # tp[j-1]= + + &mov ($carry,"edx"); + &mul ($word); # np[j+1]*m + &add ($carry,&DWP($frame+4,"esp",$j,4)); # +=tp[j+1] + &lea ($j,&DWP(2,$j)); + &adc ("edx",0); + &add ($carry,"eax"); + &mov ("eax",&DWP(0,$inp,$j,4)); # np[j+2] + &adc ("edx",0); + &cmp ($j,$num); + &mov (&DWP($frame-8,"esp",$j,4),$carry); # tp[j]= + &jl (&label("3rdmadd")); + + &mov ($carry,"edx"); + &mul ($word); # np[j]*m + &add ($carry,&DWP($frame,"esp",$num,4)); # +=tp[num-1] + &adc ("edx",0); + &add ($carry,"eax"); + &adc ("edx",0); + &mov (&DWP($frame-4,"esp",$num,4),$carry); # tp[num-2]= + + &mov ($j,$_bp); # i + &xor ("eax","eax"); + &mov ($inp,$_ap); + &add ("edx",&DWP($frame+4,"esp",$num,4)); # carry+=tp[num] + &adc ("eax",&DWP($frame+8,"esp",$num,4)); # +=tp[num+1] + &mov (&DWP($frame,"esp",$num,4),"edx"); # tp[num-1]= + &cmp ($j,$num); + &mov (&DWP($frame+4,"esp",$num,4),"eax"); # tp[num]= + &je (&label("common_tail")); + + &mov ($word,&DWP(4,$inp,$j,4)); # ap[i] + &lea ($j,&DWP(1,$j)); + &mov ("eax",$word); + &mov ($_bp,$j); # ++i + &mul ($word); # ap[i]*ap[i] + &add ("eax",&DWP($frame,"esp",$j,4)); # +=tp[i] + &adc ("edx",0); + &mov (&DWP($frame,"esp",$j,4),"eax"); # tp[i]= + &xor ($carry,$carry); + &cmp ($j,$num); + &lea ($j,&DWP(1,$j)); + &je (&label("sqrlast")); + + &mov ($sbit,"edx"); # zaps $num + &shr ("edx",1); + &and ($sbit,1); +&set_label("sqradd",16); + &mov ("eax",&DWP(0,$inp,$j,4)); # ap[j] + &mov ($carry,"edx"); + &mul ($word); # ap[j]*ap[i] + &add ("eax",$carry); + &lea ($carry,&DWP(0,"eax","eax")); + &adc ("edx",0); + &shr ("eax",31); + &add ($carry,&DWP($frame,"esp",$j,4)); # +=tp[j] + &lea ($j,&DWP(1,$j)); + &adc ("eax",0); + &add ($carry,$sbit); + &adc ("eax",0); + &cmp ($j,$_num); + &mov (&DWP($frame-4,"esp",$j,4),$carry); # tp[j]= + &mov ($sbit,"eax"); + &jle (&label("sqradd")); + + &mov ($carry,"edx"); + &add ("edx","edx"); + &shr ($carry,31); + &add ("edx",$sbit); + &adc ($carry,0); +&set_label("sqrlast"); + &mov ($word,$_n0); + &mov ($inp,$_np); + &imul ($word,&DWP($frame,"esp")); # n0*tp[0] + + &add ("edx",&DWP($frame,"esp",$j,4)); # +=tp[num] + &mov ("eax",&DWP(0,$inp)); # np[0] + &adc ($carry,0); + &mov (&DWP($frame,"esp",$j,4),"edx"); # tp[num]= + &mov (&DWP($frame+4,"esp",$j,4),$carry); # tp[num+1]= + + &mul ($word); # np[0]*m + &add ("eax",&DWP($frame,"esp")); # +=tp[0] + &lea ($num,&DWP(-1,$j)); + &adc ("edx",0); + &mov ($j,1); + &mov ("eax",&DWP(4,$inp)); # np[1] + + &jmp (&label("3rdmadd")); +} + +&set_label("common_tail",16); + &mov ($np,$_np); # load modulus pointer + &mov ($rp,$_rp); # load result pointer + &lea ($tp,&DWP($frame,"esp")); # [$ap and $bp are zapped] + + &mov ("eax",&DWP(0,$tp)); # tp[0] + &mov ($j,$num); # j=num-1 + &xor ($i,$i); # i=0 and clear CF! + +&set_label("sub",16); + &sbb ("eax",&DWP(0,$np,$i,4)); + &mov (&DWP(0,$rp,$i,4),"eax"); # rp[i]=tp[i]-np[i] + &dec ($j); # doesn't affect CF! + &mov ("eax",&DWP(4,$tp,$i,4)); # tp[i+1] + &lea ($i,&DWP(1,$i)); # i++ + &jge (&label("sub")); + + &sbb ("eax",0); # handle upmost overflow bit + &and ($tp,"eax"); + ¬ ("eax"); + &mov ($np,$rp); + &and ($np,"eax"); + &or ($tp,$np); # tp=carry?tp:rp + +&set_label("copy",16); # copy or in-place refresh + &mov ("eax",&DWP(0,$tp,$num,4)); + &mov (&DWP(0,$rp,$num,4),"eax"); # rp[i]=tp[i] + &mov (&DWP($frame,"esp",$num,4),$j); # zap temporary vector + &dec ($num); + &jge (&label("copy")); + + &mov ("esp",$_sp); # pull saved stack pointer + &mov ("eax",1); +&set_label("just_leave"); +&function_end("bn_mul_mont"); + +&asciz("Montgomery Multiplication for x86, CRYPTOGAMS by "); + +&asm_finish(); diff --git a/src/lib/libcrypto/bn/asm/x86/add.pl b/src/lib/libcrypto/bn/asm/x86/add.pl index 0b5cf583e37..3bb00809220 100644 --- a/src/lib/libcrypto/bn/asm/x86/add.pl +++ b/src/lib/libcrypto/bn/asm/x86/add.pl @@ -1,5 +1,5 @@ #!/usr/local/bin/perl -# x86 assember +# x86 assembler sub bn_add_words { diff --git a/src/lib/libcrypto/bn/asm/x86/comba.pl b/src/lib/libcrypto/bn/asm/x86/comba.pl index 22912536293..dc4ec97ff57 100644 --- a/src/lib/libcrypto/bn/asm/x86/comba.pl +++ b/src/lib/libcrypto/bn/asm/x86/comba.pl @@ -1,5 +1,5 @@ #!/usr/local/bin/perl -# x86 assember +# x86 assembler sub mul_add_c { diff --git a/src/lib/libcrypto/bn/asm/x86/div.pl b/src/lib/libcrypto/bn/asm/x86/div.pl index 0e90152caa9..e771eda82fd 100644 --- a/src/lib/libcrypto/bn/asm/x86/div.pl +++ b/src/lib/libcrypto/bn/asm/x86/div.pl @@ -1,5 +1,5 @@ #!/usr/local/bin/perl -# x86 assember +# x86 assembler sub bn_div_words { diff --git a/src/lib/libcrypto/bn/asm/x86/f b/src/lib/libcrypto/bn/asm/x86/f deleted file mode 100644 index 22e41122243..00000000000 --- a/src/lib/libcrypto/bn/asm/x86/f +++ /dev/null @@ -1,3 +0,0 @@ -#!/usr/local/bin/perl -# x86 assember - diff --git a/src/lib/libcrypto/bn/asm/x86/mul.pl b/src/lib/libcrypto/bn/asm/x86/mul.pl index 674cb9b0551..92b5542dacb 100644 --- a/src/lib/libcrypto/bn/asm/x86/mul.pl +++ b/src/lib/libcrypto/bn/asm/x86/mul.pl @@ -1,5 +1,5 @@ #!/usr/local/bin/perl -# x86 assember +# x86 assembler sub bn_mul_words { diff --git a/src/lib/libcrypto/bn/asm/x86/mul_add.pl b/src/lib/libcrypto/bn/asm/x86/mul_add.pl index 61830d3a906..9803dbdad07 100644 --- a/src/lib/libcrypto/bn/asm/x86/mul_add.pl +++ b/src/lib/libcrypto/bn/asm/x86/mul_add.pl @@ -1,5 +1,5 @@ #!/usr/local/bin/perl -# x86 assember +# x86 assembler sub bn_mul_add_words { diff --git a/src/lib/libcrypto/bn/asm/x86/sqr.pl b/src/lib/libcrypto/bn/asm/x86/sqr.pl index 1f90993cf68..6cf75a76e25 100644 --- a/src/lib/libcrypto/bn/asm/x86/sqr.pl +++ b/src/lib/libcrypto/bn/asm/x86/sqr.pl @@ -1,5 +1,5 @@ #!/usr/local/bin/perl -# x86 assember +# x86 assembler sub bn_sqr_words { diff --git a/src/lib/libcrypto/bn/asm/x86/sub.pl b/src/lib/libcrypto/bn/asm/x86/sub.pl index 837b0e1b078..0c5364cce5b 100644 --- a/src/lib/libcrypto/bn/asm/x86/sub.pl +++ b/src/lib/libcrypto/bn/asm/x86/sub.pl @@ -1,5 +1,5 @@ #!/usr/local/bin/perl -# x86 assember +# x86 assembler sub bn_sub_words { diff --git a/src/lib/libcrypto/bn/asm/x86_64-gcc.c b/src/lib/libcrypto/bn/asm/x86_64-gcc.c new file mode 100644 index 00000000000..bd068cfb514 --- /dev/null +++ b/src/lib/libcrypto/bn/asm/x86_64-gcc.c @@ -0,0 +1,554 @@ +/* $OpenBSD: x86_64-gcc.c,v 1.6 2015/09/12 09:04:12 miod Exp $ */ +#include "../bn_lcl.h" +/* + * x86_64 BIGNUM accelerator version 0.1, December 2002. + * + * Implemented by Andy Polyakov for the OpenSSL + * project. + * + * Rights for redistribution and usage in source and binary forms are + * granted according to the OpenSSL license. Warranty of any kind is + * disclaimed. + * + * Q. Version 0.1? It doesn't sound like Andy, he used to assign real + * versions, like 1.0... + * A. Well, that's because this code is basically a quick-n-dirty + * proof-of-concept hack. As you can see it's implemented with + * inline assembler, which means that you're bound to GCC and that + * there might be enough room for further improvement. + * + * Q. Why inline assembler? + * A. x86_64 features own ABI which I'm not familiar with. This is + * why I decided to let the compiler take care of subroutine + * prologue/epilogue as well as register allocation. For reference. + * Win64 implements different ABI for AMD64, different from Linux. + * + * Q. How much faster does it get? + * A. 'apps/openssl speed rsa dsa' output with no-asm: + * + * sign verify sign/s verify/s + * rsa 512 bits 0.0006s 0.0001s 1683.8 18456.2 + * rsa 1024 bits 0.0028s 0.0002s 356.0 6407.0 + * rsa 2048 bits 0.0172s 0.0005s 58.0 1957.8 + * rsa 4096 bits 0.1155s 0.0018s 8.7 555.6 + * sign verify sign/s verify/s + * dsa 512 bits 0.0005s 0.0006s 2100.8 1768.3 + * dsa 1024 bits 0.0014s 0.0018s 692.3 559.2 + * dsa 2048 bits 0.0049s 0.0061s 204.7 165.0 + * + * 'apps/openssl speed rsa dsa' output with this module: + * + * sign verify sign/s verify/s + * rsa 512 bits 0.0004s 0.0000s 2767.1 33297.9 + * rsa 1024 bits 0.0012s 0.0001s 867.4 14674.7 + * rsa 2048 bits 0.0061s 0.0002s 164.0 5270.0 + * rsa 4096 bits 0.0384s 0.0006s 26.1 1650.8 + * sign verify sign/s verify/s + * dsa 512 bits 0.0002s 0.0003s 4442.2 3786.3 + * dsa 1024 bits 0.0005s 0.0007s 1835.1 1497.4 + * dsa 2048 bits 0.0016s 0.0020s 620.4 504.6 + * + * For the reference. IA-32 assembler implementation performs + * very much like 64-bit code compiled with no-asm on the same + * machine. + */ + +#define BN_ULONG unsigned long + +#undef mul +#undef mul_add +#undef sqr + +/* + * "m"(a), "+m"(r) is the way to favor DirectPath µ-code; + * "g"(0) let the compiler to decide where does it + * want to keep the value of zero; + */ +#define mul_add(r,a,word,carry) do { \ + BN_ULONG high,low; \ + asm ("mulq %3" \ + : "=a"(low),"=d"(high) \ + : "a"(word),"m"(a) \ + : "cc"); \ + asm ("addq %2,%0; adcq %3,%1" \ + : "+r"(carry),"+d"(high)\ + : "a"(low),"g"(0) \ + : "cc"); \ + asm ("addq %2,%0; adcq %3,%1" \ + : "+m"(r),"+d"(high) \ + : "r"(carry),"g"(0) \ + : "cc"); \ + carry=high; \ + } while (0) + +#define mul(r,a,word,carry) do { \ + BN_ULONG high,low; \ + asm ("mulq %3" \ + : "=a"(low),"=d"(high) \ + : "a"(word),"g"(a) \ + : "cc"); \ + asm ("addq %2,%0; adcq %3,%1" \ + : "+r"(carry),"+d"(high)\ + : "a"(low),"g"(0) \ + : "cc"); \ + (r)=carry, carry=high; \ + } while (0) + +#define sqr(r0,r1,a) \ + asm ("mulq %2" \ + : "=a"(r0),"=d"(r1) \ + : "a"(a) \ + : "cc"); + +BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) + { + BN_ULONG c1=0; + + if (num <= 0) return(c1); + + while (num&~3) + { + mul_add(rp[0],ap[0],w,c1); + mul_add(rp[1],ap[1],w,c1); + mul_add(rp[2],ap[2],w,c1); + mul_add(rp[3],ap[3],w,c1); + ap+=4; rp+=4; num-=4; + } + if (num) + { + mul_add(rp[0],ap[0],w,c1); if (--num==0) return c1; + mul_add(rp[1],ap[1],w,c1); if (--num==0) return c1; + mul_add(rp[2],ap[2],w,c1); return c1; + } + + return(c1); + } + +BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) + { + BN_ULONG c1=0; + + if (num <= 0) return(c1); + + while (num&~3) + { + mul(rp[0],ap[0],w,c1); + mul(rp[1],ap[1],w,c1); + mul(rp[2],ap[2],w,c1); + mul(rp[3],ap[3],w,c1); + ap+=4; rp+=4; num-=4; + } + if (num) + { + mul(rp[0],ap[0],w,c1); if (--num == 0) return c1; + mul(rp[1],ap[1],w,c1); if (--num == 0) return c1; + mul(rp[2],ap[2],w,c1); + } + return(c1); + } + +void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n) + { + if (n <= 0) return; + + while (n&~3) + { + sqr(r[0],r[1],a[0]); + sqr(r[2],r[3],a[1]); + sqr(r[4],r[5],a[2]); + sqr(r[6],r[7],a[3]); + a+=4; r+=8; n-=4; + } + if (n) + { + sqr(r[0],r[1],a[0]); if (--n == 0) return; + sqr(r[2],r[3],a[1]); if (--n == 0) return; + sqr(r[4],r[5],a[2]); + } + } + +BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d) +{ BN_ULONG ret,waste; + + asm ("divq %4" + : "=a"(ret),"=d"(waste) + : "a"(l),"d"(h),"g"(d) + : "cc"); + + return ret; +} + +BN_ULONG bn_add_words (BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int n) +{ BN_ULONG ret=0,i=0; + + if (n <= 0) return 0; + + asm ( + " subq %2,%2 \n" + ".p2align 4 \n" + "1: movq (%4,%2,8),%0 \n" + " adcq (%5,%2,8),%0 \n" + " movq %0,(%3,%2,8) \n" + " leaq 1(%2),%2 \n" + " loop 1b \n" + " sbbq %0,%0 \n" + : "=&a"(ret),"+c"(n),"=&r"(i) + : "r"(rp),"r"(ap),"r"(bp) + : "cc" + ); + + return ret&1; +} + +BN_ULONG bn_sub_words (BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int n) +{ BN_ULONG ret=0,i=0; + + if (n <= 0) return 0; + + asm ( + " subq %2,%2 \n" + ".p2align 4 \n" + "1: movq (%4,%2,8),%0 \n" + " sbbq (%5,%2,8),%0 \n" + " movq %0,(%3,%2,8) \n" + " leaq 1(%2),%2 \n" + " loop 1b \n" + " sbbq %0,%0 \n" + : "=&a"(ret),"+c"(n),"=&r"(i) + : "r"(rp),"r"(ap),"r"(bp) + : "cc" + ); + + return ret&1; +} + +/* mul_add_c(a,b,c0,c1,c2) -- c+=a*b for three word number c=(c2,c1,c0) */ +/* mul_add_c2(a,b,c0,c1,c2) -- c+=2*a*b for three word number c=(c2,c1,c0) */ +/* sqr_add_c(a,i,c0,c1,c2) -- c+=a[i]^2 for three word number c=(c2,c1,c0) */ +/* sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number c=(c2,c1,c0) */ + +/* + * Keep in mind that carrying into high part of multiplication result + * can not overflow, because it cannot be all-ones. + */ +#if 0 +/* original macros are kept for reference purposes */ +#define mul_add_c(a,b,c0,c1,c2) do { \ + BN_ULONG ta = (a), tb = (b); \ + BN_ULONG lo, hi; \ + BN_UMULT_LOHI(lo,hi,ta,tb); \ + c0 += lo; hi += (c0 for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== +# +# May 2011 +# +# The module implements bn_GF2m_mul_2x2 polynomial multiplication used +# in bn_gf2m.c. It's kind of low-hanging mechanical port from C for +# the time being... Except that it has two code paths: code suitable +# for any x86_64 CPU and PCLMULQDQ one suitable for Westmere and +# later. Improvement varies from one benchmark and µ-arch to another. +# Vanilla code path is at most 20% faster than compiler-generated code +# [not very impressive], while PCLMULQDQ - whole 85%-160% better on +# 163- and 571-bit ECDH benchmarks on Intel CPUs. Keep in mind that +# these coefficients are not ones for bn_GF2m_mul_2x2 itself, as not +# all CPU time is burnt in it... + +$flavour = shift; +$output = shift; +if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } + +$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or +die "can't locate x86_64-xlate.pl"; + +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; + +($lo,$hi)=("%rax","%rdx"); $a=$lo; +($i0,$i1)=("%rsi","%rdi"); +($t0,$t1)=("%rbx","%rcx"); +($b,$mask)=("%rbp","%r8"); +($a1,$a2,$a4,$a8,$a12,$a48)=map("%r$_",(9..15)); +($R,$Tx)=("%xmm0","%xmm1"); + +$code.=<<___; +.text + +.type _mul_1x1,\@abi-omnipotent +.align 16 +_mul_1x1: + sub \$128+8,%rsp + mov \$-1,$a1 + lea ($a,$a),$i0 + shr \$3,$a1 + lea (,$a,4),$i1 + and $a,$a1 # a1=a&0x1fffffffffffffff + lea (,$a,8),$a8 + sar \$63,$a # broadcast 63rd bit + lea ($a1,$a1),$a2 + sar \$63,$i0 # broadcast 62nd bit + lea (,$a1,4),$a4 + and $b,$a + sar \$63,$i1 # boardcast 61st bit + mov $a,$hi # $a is $lo + shl \$63,$lo + and $b,$i0 + shr \$1,$hi + mov $i0,$t1 + shl \$62,$i0 + and $b,$i1 + shr \$2,$t1 + xor $i0,$lo + mov $i1,$t0 + shl \$61,$i1 + xor $t1,$hi + shr \$3,$t0 + xor $i1,$lo + xor $t0,$hi + + mov $a1,$a12 + movq \$0,0(%rsp) # tab[0]=0 + xor $a2,$a12 # a1^a2 + mov $a1,8(%rsp) # tab[1]=a1 + mov $a4,$a48 + mov $a2,16(%rsp) # tab[2]=a2 + xor $a8,$a48 # a4^a8 + mov $a12,24(%rsp) # tab[3]=a1^a2 + + xor $a4,$a1 + mov $a4,32(%rsp) # tab[4]=a4 + xor $a4,$a2 + mov $a1,40(%rsp) # tab[5]=a1^a4 + xor $a4,$a12 + mov $a2,48(%rsp) # tab[6]=a2^a4 + xor $a48,$a1 # a1^a4^a4^a8=a1^a8 + mov $a12,56(%rsp) # tab[7]=a1^a2^a4 + xor $a48,$a2 # a2^a4^a4^a8=a1^a8 + + mov $a8,64(%rsp) # tab[8]=a8 + xor $a48,$a12 # a1^a2^a4^a4^a8=a1^a2^a8 + mov $a1,72(%rsp) # tab[9]=a1^a8 + xor $a4,$a1 # a1^a8^a4 + mov $a2,80(%rsp) # tab[10]=a2^a8 + xor $a4,$a2 # a2^a8^a4 + mov $a12,88(%rsp) # tab[11]=a1^a2^a8 + + xor $a4,$a12 # a1^a2^a8^a4 + mov $a48,96(%rsp) # tab[12]=a4^a8 + mov $mask,$i0 + mov $a1,104(%rsp) # tab[13]=a1^a4^a8 + and $b,$i0 + mov $a2,112(%rsp) # tab[14]=a2^a4^a8 + shr \$4,$b + mov $a12,120(%rsp) # tab[15]=a1^a2^a4^a8 + mov $mask,$i1 + and $b,$i1 + shr \$4,$b + + movq (%rsp,$i0,8),$R # half of calculations is done in SSE2 + mov $mask,$i0 + and $b,$i0 + shr \$4,$b +___ + for ($n=1;$n<8;$n++) { + $code.=<<___; + mov (%rsp,$i1,8),$t1 + mov $mask,$i1 + mov $t1,$t0 + shl \$`8*$n-4`,$t1 + and $b,$i1 + movq (%rsp,$i0,8),$Tx + shr \$`64-(8*$n-4)`,$t0 + xor $t1,$lo + pslldq \$$n,$Tx + mov $mask,$i0 + shr \$4,$b + xor $t0,$hi + and $b,$i0 + shr \$4,$b + pxor $Tx,$R +___ + } +$code.=<<___; + mov (%rsp,$i1,8),$t1 + mov $t1,$t0 + shl \$`8*$n-4`,$t1 + movd $R,$i0 + shr \$`64-(8*$n-4)`,$t0 + xor $t1,$lo + psrldq \$8,$R + xor $t0,$hi + movd $R,$i1 + xor $i0,$lo + xor $i1,$hi + + add \$128+8,%rsp + ret +.Lend_mul_1x1: +.size _mul_1x1,.-_mul_1x1 +___ + +($rp,$a1,$a0,$b1,$b0) = $win64? ("%rcx","%rdx","%r8", "%r9","%r10") : # Win64 order + ("%rdi","%rsi","%rdx","%rcx","%r8"); # Unix order + +$code.=<<___; +.extern OPENSSL_ia32cap_P +.hidden OPENSSL_ia32cap_P +.globl bn_GF2m_mul_2x2 +.type bn_GF2m_mul_2x2,\@abi-omnipotent +.align 16 +bn_GF2m_mul_2x2: + mov OPENSSL_ia32cap_P+4(%rip),%eax + bt \$IA32CAP_BIT1_PCLMUL,%eax + jnc .Lvanilla_mul_2x2 + + movd $a1,%xmm0 + movd $b1,%xmm1 + movd $a0,%xmm2 +___ +$code.=<<___ if ($win64); + movq 40(%rsp),%xmm3 +___ +$code.=<<___ if (!$win64); + movd $b0,%xmm3 +___ +$code.=<<___; + movdqa %xmm0,%xmm4 + movdqa %xmm1,%xmm5 + pclmulqdq \$0,%xmm1,%xmm0 # a1·b1 + pxor %xmm2,%xmm4 + pxor %xmm3,%xmm5 + pclmulqdq \$0,%xmm3,%xmm2 # a0·b0 + pclmulqdq \$0,%xmm5,%xmm4 # (a0+a1)·(b0+b1) + xorps %xmm0,%xmm4 + xorps %xmm2,%xmm4 # (a0+a1)·(b0+b1)-a0·b0-a1·b1 + movdqa %xmm4,%xmm5 + pslldq \$8,%xmm4 + psrldq \$8,%xmm5 + pxor %xmm4,%xmm2 + pxor %xmm5,%xmm0 + movdqu %xmm2,0($rp) + movdqu %xmm0,16($rp) + ret + +.align 16 +.Lvanilla_mul_2x2: + lea -8*17(%rsp),%rsp +___ +$code.=<<___ if ($win64); + mov `8*17+40`(%rsp),$b0 + mov %rdi,8*15(%rsp) + mov %rsi,8*16(%rsp) +___ +$code.=<<___; + mov %r14,8*10(%rsp) + mov %r13,8*11(%rsp) + mov %r12,8*12(%rsp) + mov %rbp,8*13(%rsp) + mov %rbx,8*14(%rsp) +.Lbody_mul_2x2: + mov $rp,32(%rsp) # save the arguments + mov $a1,40(%rsp) + mov $a0,48(%rsp) + mov $b1,56(%rsp) + mov $b0,64(%rsp) + + mov \$0xf,$mask + mov $a1,$a + mov $b1,$b + call _mul_1x1 # a1·b1 + mov $lo,16(%rsp) + mov $hi,24(%rsp) + + mov 48(%rsp),$a + mov 64(%rsp),$b + call _mul_1x1 # a0·b0 + mov $lo,0(%rsp) + mov $hi,8(%rsp) + + mov 40(%rsp),$a + mov 56(%rsp),$b + xor 48(%rsp),$a + xor 64(%rsp),$b + call _mul_1x1 # (a0+a1)·(b0+b1) +___ + @r=("%rbx","%rcx","%rdi","%rsi"); +$code.=<<___; + mov 0(%rsp),@r[0] + mov 8(%rsp),@r[1] + mov 16(%rsp),@r[2] + mov 24(%rsp),@r[3] + mov 32(%rsp),%rbp + + xor $hi,$lo + xor @r[1],$hi + xor @r[0],$lo + mov @r[0],0(%rbp) + xor @r[2],$hi + mov @r[3],24(%rbp) + xor @r[3],$lo + xor @r[3],$hi + xor $hi,$lo + mov $hi,16(%rbp) + mov $lo,8(%rbp) + + mov 8*10(%rsp),%r14 + mov 8*11(%rsp),%r13 + mov 8*12(%rsp),%r12 + mov 8*13(%rsp),%rbp + mov 8*14(%rsp),%rbx +___ +$code.=<<___ if ($win64); + mov 8*15(%rsp),%rdi + mov 8*16(%rsp),%rsi +___ +$code.=<<___; + lea 8*17(%rsp),%rsp + ret +.Lend_mul_2x2: +.size bn_GF2m_mul_2x2,.-bn_GF2m_mul_2x2 +.asciz "GF(2^m) Multiplication for x86_64, CRYPTOGAMS by " +.align 16 +___ + +# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, +# CONTEXT *context,DISPATCHER_CONTEXT *disp) +if ($win64) { +$rec="%rcx"; +$frame="%rdx"; +$context="%r8"; +$disp="%r9"; + +$code.=<<___; +.extern __imp_RtlVirtualUnwind + +.type se_handler,\@abi-omnipotent +.align 16 +se_handler: + push %rsi + push %rdi + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + pushfq + sub \$64,%rsp + + mov 152($context),%rax # pull context->Rsp + mov 248($context),%rbx # pull context->Rip + + lea .Lbody_mul_2x2(%rip),%r10 + cmp %r10,%rbx # context->Rip<"prologue" label + jb .Lin_prologue + + mov 8*10(%rax),%r14 # mimic epilogue + mov 8*11(%rax),%r13 + mov 8*12(%rax),%r12 + mov 8*13(%rax),%rbp + mov 8*14(%rax),%rbx + mov 8*15(%rax),%rdi + mov 8*16(%rax),%rsi + + mov %rbx,144($context) # restore context->Rbx + mov %rbp,160($context) # restore context->Rbp + mov %rsi,168($context) # restore context->Rsi + mov %rdi,176($context) # restore context->Rdi + mov %r12,216($context) # restore context->R12 + mov %r13,224($context) # restore context->R13 + mov %r14,232($context) # restore context->R14 + +.Lin_prologue: + lea 8*17(%rax),%rax + mov %rax,152($context) # restore context->Rsp + + mov 40($disp),%rdi # disp->ContextRecord + mov $context,%rsi # context + mov \$154,%ecx # sizeof(CONTEXT) + .long 0xa548f3fc # cld; rep movsq + + mov $disp,%rsi + xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER + mov 8(%rsi),%rdx # arg2, disp->ImageBase + mov 0(%rsi),%r8 # arg3, disp->ControlPc + mov 16(%rsi),%r9 # arg4, disp->FunctionEntry + mov 40(%rsi),%r10 # disp->ContextRecord + lea 56(%rsi),%r11 # &disp->HandlerData + lea 24(%rsi),%r12 # &disp->EstablisherFrame + mov %r10,32(%rsp) # arg5 + mov %r11,40(%rsp) # arg6 + mov %r12,48(%rsp) # arg7 + mov %rcx,56(%rsp) # arg8, (NULL) + call *__imp_RtlVirtualUnwind(%rip) + + mov \$1,%eax # ExceptionContinueSearch + add \$64,%rsp + popfq + pop %r15 + pop %r14 + pop %r13 + pop %r12 + pop %rbp + pop %rbx + pop %rdi + pop %rsi + ret +.size se_handler,.-se_handler + +.section .pdata +.align 4 + .rva _mul_1x1 + .rva .Lend_mul_1x1 + .rva .LSEH_info_1x1 + + .rva .Lvanilla_mul_2x2 + .rva .Lend_mul_2x2 + .rva .LSEH_info_2x2 +.section .xdata +.align 8 +.LSEH_info_1x1: + .byte 0x01,0x07,0x02,0x00 + .byte 0x07,0x01,0x11,0x00 # sub rsp,128+8 +.LSEH_info_2x2: + .byte 9,0,0,0 + .rva se_handler +___ +} + +$code =~ s/\`([^\`]*)\`/eval($1)/gem; +print $code; +close STDOUT; diff --git a/src/lib/libcrypto/bn/asm/x86_64-mont.pl b/src/lib/libcrypto/bn/asm/x86_64-mont.pl new file mode 100755 index 00000000000..c35493e80ad --- /dev/null +++ b/src/lib/libcrypto/bn/asm/x86_64-mont.pl @@ -0,0 +1,1504 @@ +#!/usr/bin/env perl + +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# October 2005. +# +# Montgomery multiplication routine for x86_64. While it gives modest +# 9% improvement of rsa4096 sign on Opteron, rsa512 sign runs more +# than twice, >2x, as fast. Most common rsa1024 sign is improved by +# respectful 50%. It remains to be seen if loop unrolling and +# dedicated squaring routine can provide further improvement... + +# July 2011. +# +# Add dedicated squaring procedure. Performance improvement varies +# from platform to platform, but in average it's ~5%/15%/25%/33% +# for 512-/1024-/2048-/4096-bit RSA *sign* benchmarks respectively. + +# August 2011. +# +# Unroll and modulo-schedule inner loops in such manner that they +# are "fallen through" for input lengths of 8, which is critical for +# 1024-bit RSA *sign*. Average performance improvement in comparison +# to *initial* version of this module from 2005 is ~0%/30%/40%/45% +# for 512-/1024-/2048-/4096-bit RSA *sign* benchmarks respectively. + +$flavour = shift; +$output = shift; +if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or +die "can't locate x86_64-xlate.pl"; + +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; + +# int bn_mul_mont( +$rp="%rdi"; # BN_ULONG *rp, +$ap="%rsi"; # const BN_ULONG *ap, +$bp="%rdx"; # const BN_ULONG *bp, +$np="%rcx"; # const BN_ULONG *np, +$n0="%r8"; # const BN_ULONG *n0, +$num="%r9"; # int num); +$lo0="%r10"; +$hi0="%r11"; +$hi1="%r13"; +$i="%r14"; +$j="%r15"; +$m0="%rbx"; +$m1="%rbp"; + +$code=<<___; +.text + +.globl bn_mul_mont +.type bn_mul_mont,\@function,6 +.align 16 +bn_mul_mont: + test \$3,${num}d + jnz .Lmul_enter + cmp \$8,${num}d + jb .Lmul_enter + cmp $ap,$bp + jne .Lmul4x_enter + jmp .Lsqr4x_enter + +.align 16 +.Lmul_enter: + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + + mov ${num}d,${num}d + lea 2($num),%r10 + mov %rsp,%r11 + neg %r10 + lea (%rsp,%r10,8),%rsp # tp=alloca(8*(num+2)) + and \$-1024,%rsp # minimize TLB usage + + mov %r11,8(%rsp,$num,8) # tp[num+1]=%rsp +.Lmul_body: + mov $bp,%r12 # reassign $bp +___ + $bp="%r12"; +$code.=<<___; + mov ($n0),$n0 # pull n0[0] value + mov ($bp),$m0 # m0=bp[0] + mov ($ap),%rax + + xor $i,$i # i=0 + xor $j,$j # j=0 + + mov $n0,$m1 + mulq $m0 # ap[0]*bp[0] + mov %rax,$lo0 + mov ($np),%rax + + imulq $lo0,$m1 # "tp[0]"*n0 + mov %rdx,$hi0 + + mulq $m1 # np[0]*m1 + add %rax,$lo0 # discarded + mov 8($ap),%rax + adc \$0,%rdx + mov %rdx,$hi1 + + lea 1($j),$j # j++ + jmp .L1st_enter + +.align 16 +.L1st: + add %rax,$hi1 + mov ($ap,$j,8),%rax + adc \$0,%rdx + add $hi0,$hi1 # np[j]*m1+ap[j]*bp[0] + mov $lo0,$hi0 + adc \$0,%rdx + mov $hi1,-16(%rsp,$j,8) # tp[j-1] + mov %rdx,$hi1 + +.L1st_enter: + mulq $m0 # ap[j]*bp[0] + add %rax,$hi0 + mov ($np,$j,8),%rax + adc \$0,%rdx + lea 1($j),$j # j++ + mov %rdx,$lo0 + + mulq $m1 # np[j]*m1 + cmp $num,$j + jl .L1st + + add %rax,$hi1 + mov ($ap),%rax # ap[0] + adc \$0,%rdx + add $hi0,$hi1 # np[j]*m1+ap[j]*bp[0] + adc \$0,%rdx + mov $hi1,-16(%rsp,$j,8) # tp[j-1] + mov %rdx,$hi1 + mov $lo0,$hi0 + + xor %rdx,%rdx + add $hi0,$hi1 + adc \$0,%rdx + mov $hi1,-8(%rsp,$num,8) + mov %rdx,(%rsp,$num,8) # store upmost overflow bit + + lea 1($i),$i # i++ + jmp .Louter +.align 16 +.Louter: + mov ($bp,$i,8),$m0 # m0=bp[i] + xor $j,$j # j=0 + mov $n0,$m1 + mov (%rsp),$lo0 + mulq $m0 # ap[0]*bp[i] + add %rax,$lo0 # ap[0]*bp[i]+tp[0] + mov ($np),%rax + adc \$0,%rdx + + imulq $lo0,$m1 # tp[0]*n0 + mov %rdx,$hi0 + + mulq $m1 # np[0]*m1 + add %rax,$lo0 # discarded + mov 8($ap),%rax + adc \$0,%rdx + mov 8(%rsp),$lo0 # tp[1] + mov %rdx,$hi1 + + lea 1($j),$j # j++ + jmp .Linner_enter + +.align 16 +.Linner: + add %rax,$hi1 + mov ($ap,$j,8),%rax + adc \$0,%rdx + add $lo0,$hi1 # np[j]*m1+ap[j]*bp[i]+tp[j] + mov (%rsp,$j,8),$lo0 + adc \$0,%rdx + mov $hi1,-16(%rsp,$j,8) # tp[j-1] + mov %rdx,$hi1 + +.Linner_enter: + mulq $m0 # ap[j]*bp[i] + add %rax,$hi0 + mov ($np,$j,8),%rax + adc \$0,%rdx + add $hi0,$lo0 # ap[j]*bp[i]+tp[j] + mov %rdx,$hi0 + adc \$0,$hi0 + lea 1($j),$j # j++ + + mulq $m1 # np[j]*m1 + cmp $num,$j + jl .Linner + + add %rax,$hi1 + mov ($ap),%rax # ap[0] + adc \$0,%rdx + add $lo0,$hi1 # np[j]*m1+ap[j]*bp[i]+tp[j] + mov (%rsp,$j,8),$lo0 + adc \$0,%rdx + mov $hi1,-16(%rsp,$j,8) # tp[j-1] + mov %rdx,$hi1 + + xor %rdx,%rdx + add $hi0,$hi1 + adc \$0,%rdx + add $lo0,$hi1 # pull upmost overflow bit + adc \$0,%rdx + mov $hi1,-8(%rsp,$num,8) + mov %rdx,(%rsp,$num,8) # store upmost overflow bit + + lea 1($i),$i # i++ + cmp $num,$i + jl .Louter + + xor $i,$i # i=0 and clear CF! + mov (%rsp),%rax # tp[0] + lea (%rsp),$ap # borrow ap for tp + mov $num,$j # j=num + jmp .Lsub +.align 16 +.Lsub: sbb ($np,$i,8),%rax + mov %rax,($rp,$i,8) # rp[i]=tp[i]-np[i] + mov 8($ap,$i,8),%rax # tp[i+1] + lea 1($i),$i # i++ + dec $j # doesnn't affect CF! + jnz .Lsub + + sbb \$0,%rax # handle upmost overflow bit + xor $i,$i + and %rax,$ap + not %rax + mov $rp,$np + and %rax,$np + mov $num,$j # j=num + or $np,$ap # ap=borrow?tp:rp +.align 16 +.Lcopy: # copy or in-place refresh + mov ($ap,$i,8),%rax + mov $i,(%rsp,$i,8) # zap temporary vector + mov %rax,($rp,$i,8) # rp[i]=tp[i] + lea 1($i),$i + sub \$1,$j + jnz .Lcopy + + mov 8(%rsp,$num,8),%rsi # restore %rsp + mov \$1,%rax + mov (%rsi),%r15 + mov 8(%rsi),%r14 + mov 16(%rsi),%r13 + mov 24(%rsi),%r12 + mov 32(%rsi),%rbp + mov 40(%rsi),%rbx + lea 48(%rsi),%rsp +.Lmul_epilogue: + ret +.size bn_mul_mont,.-bn_mul_mont +___ +{{{ +my @A=("%r10","%r11"); +my @N=("%r13","%rdi"); +$code.=<<___; +.type bn_mul4x_mont,\@function,6 +.align 16 +bn_mul4x_mont: +.Lmul4x_enter: + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + + mov ${num}d,${num}d + lea 4($num),%r10 + mov %rsp,%r11 + neg %r10 + lea (%rsp,%r10,8),%rsp # tp=alloca(8*(num+4)) + and \$-1024,%rsp # minimize TLB usage + + mov %r11,8(%rsp,$num,8) # tp[num+1]=%rsp +.Lmul4x_body: + mov $rp,16(%rsp,$num,8) # tp[num+2]=$rp + mov %rdx,%r12 # reassign $bp +___ + $bp="%r12"; +$code.=<<___; + mov ($n0),$n0 # pull n0[0] value + mov ($bp),$m0 # m0=bp[0] + mov ($ap),%rax + + xor $i,$i # i=0 + xor $j,$j # j=0 + + mov $n0,$m1 + mulq $m0 # ap[0]*bp[0] + mov %rax,$A[0] + mov ($np),%rax + + imulq $A[0],$m1 # "tp[0]"*n0 + mov %rdx,$A[1] + + mulq $m1 # np[0]*m1 + add %rax,$A[0] # discarded + mov 8($ap),%rax + adc \$0,%rdx + mov %rdx,$N[1] + + mulq $m0 + add %rax,$A[1] + mov 8($np),%rax + adc \$0,%rdx + mov %rdx,$A[0] + + mulq $m1 + add %rax,$N[1] + mov 16($ap),%rax + adc \$0,%rdx + add $A[1],$N[1] + lea 4($j),$j # j++ + adc \$0,%rdx + mov $N[1],(%rsp) + mov %rdx,$N[0] + jmp .L1st4x +.align 16 +.L1st4x: + mulq $m0 # ap[j]*bp[0] + add %rax,$A[0] + mov -16($np,$j,8),%rax + adc \$0,%rdx + mov %rdx,$A[1] + + mulq $m1 # np[j]*m1 + add %rax,$N[0] + mov -8($ap,$j,8),%rax + adc \$0,%rdx + add $A[0],$N[0] # np[j]*m1+ap[j]*bp[0] + adc \$0,%rdx + mov $N[0],-24(%rsp,$j,8) # tp[j-1] + mov %rdx,$N[1] + + mulq $m0 # ap[j]*bp[0] + add %rax,$A[1] + mov -8($np,$j,8),%rax + adc \$0,%rdx + mov %rdx,$A[0] + + mulq $m1 # np[j]*m1 + add %rax,$N[1] + mov ($ap,$j,8),%rax + adc \$0,%rdx + add $A[1],$N[1] # np[j]*m1+ap[j]*bp[0] + adc \$0,%rdx + mov $N[1],-16(%rsp,$j,8) # tp[j-1] + mov %rdx,$N[0] + + mulq $m0 # ap[j]*bp[0] + add %rax,$A[0] + mov ($np,$j,8),%rax + adc \$0,%rdx + mov %rdx,$A[1] + + mulq $m1 # np[j]*m1 + add %rax,$N[0] + mov 8($ap,$j,8),%rax + adc \$0,%rdx + add $A[0],$N[0] # np[j]*m1+ap[j]*bp[0] + adc \$0,%rdx + mov $N[0],-8(%rsp,$j,8) # tp[j-1] + mov %rdx,$N[1] + + mulq $m0 # ap[j]*bp[0] + add %rax,$A[1] + mov 8($np,$j,8),%rax + adc \$0,%rdx + lea 4($j),$j # j++ + mov %rdx,$A[0] + + mulq $m1 # np[j]*m1 + add %rax,$N[1] + mov -16($ap,$j,8),%rax + adc \$0,%rdx + add $A[1],$N[1] # np[j]*m1+ap[j]*bp[0] + adc \$0,%rdx + mov $N[1],-32(%rsp,$j,8) # tp[j-1] + mov %rdx,$N[0] + cmp $num,$j + jl .L1st4x + + mulq $m0 # ap[j]*bp[0] + add %rax,$A[0] + mov -16($np,$j,8),%rax + adc \$0,%rdx + mov %rdx,$A[1] + + mulq $m1 # np[j]*m1 + add %rax,$N[0] + mov -8($ap,$j,8),%rax + adc \$0,%rdx + add $A[0],$N[0] # np[j]*m1+ap[j]*bp[0] + adc \$0,%rdx + mov $N[0],-24(%rsp,$j,8) # tp[j-1] + mov %rdx,$N[1] + + mulq $m0 # ap[j]*bp[0] + add %rax,$A[1] + mov -8($np,$j,8),%rax + adc \$0,%rdx + mov %rdx,$A[0] + + mulq $m1 # np[j]*m1 + add %rax,$N[1] + mov ($ap),%rax # ap[0] + adc \$0,%rdx + add $A[1],$N[1] # np[j]*m1+ap[j]*bp[0] + adc \$0,%rdx + mov $N[1],-16(%rsp,$j,8) # tp[j-1] + mov %rdx,$N[0] + + xor $N[1],$N[1] + add $A[0],$N[0] + adc \$0,$N[1] + mov $N[0],-8(%rsp,$j,8) + mov $N[1],(%rsp,$j,8) # store upmost overflow bit + + lea 1($i),$i # i++ +.align 4 +.Louter4x: + mov ($bp,$i,8),$m0 # m0=bp[i] + xor $j,$j # j=0 + mov (%rsp),$A[0] + mov $n0,$m1 + mulq $m0 # ap[0]*bp[i] + add %rax,$A[0] # ap[0]*bp[i]+tp[0] + mov ($np),%rax + adc \$0,%rdx + + imulq $A[0],$m1 # tp[0]*n0 + mov %rdx,$A[1] + + mulq $m1 # np[0]*m1 + add %rax,$A[0] # "$N[0]", discarded + mov 8($ap),%rax + adc \$0,%rdx + mov %rdx,$N[1] + + mulq $m0 # ap[j]*bp[i] + add %rax,$A[1] + mov 8($np),%rax + adc \$0,%rdx + add 8(%rsp),$A[1] # +tp[1] + adc \$0,%rdx + mov %rdx,$A[0] + + mulq $m1 # np[j]*m1 + add %rax,$N[1] + mov 16($ap),%rax + adc \$0,%rdx + add $A[1],$N[1] # np[j]*m1+ap[j]*bp[i]+tp[j] + lea 4($j),$j # j+=2 + adc \$0,%rdx + mov $N[1],(%rsp) # tp[j-1] + mov %rdx,$N[0] + jmp .Linner4x +.align 16 +.Linner4x: + mulq $m0 # ap[j]*bp[i] + add %rax,$A[0] + mov -16($np,$j,8),%rax + adc \$0,%rdx + add -16(%rsp,$j,8),$A[0] # ap[j]*bp[i]+tp[j] + adc \$0,%rdx + mov %rdx,$A[1] + + mulq $m1 # np[j]*m1 + add %rax,$N[0] + mov -8($ap,$j,8),%rax + adc \$0,%rdx + add $A[0],$N[0] + adc \$0,%rdx + mov $N[0],-24(%rsp,$j,8) # tp[j-1] + mov %rdx,$N[1] + + mulq $m0 # ap[j]*bp[i] + add %rax,$A[1] + mov -8($np,$j,8),%rax + adc \$0,%rdx + add -8(%rsp,$j,8),$A[1] + adc \$0,%rdx + mov %rdx,$A[0] + + mulq $m1 # np[j]*m1 + add %rax,$N[1] + mov ($ap,$j,8),%rax + adc \$0,%rdx + add $A[1],$N[1] + adc \$0,%rdx + mov $N[1],-16(%rsp,$j,8) # tp[j-1] + mov %rdx,$N[0] + + mulq $m0 # ap[j]*bp[i] + add %rax,$A[0] + mov ($np,$j,8),%rax + adc \$0,%rdx + add (%rsp,$j,8),$A[0] # ap[j]*bp[i]+tp[j] + adc \$0,%rdx + mov %rdx,$A[1] + + mulq $m1 # np[j]*m1 + add %rax,$N[0] + mov 8($ap,$j,8),%rax + adc \$0,%rdx + add $A[0],$N[0] + adc \$0,%rdx + mov $N[0],-8(%rsp,$j,8) # tp[j-1] + mov %rdx,$N[1] + + mulq $m0 # ap[j]*bp[i] + add %rax,$A[1] + mov 8($np,$j,8),%rax + adc \$0,%rdx + add 8(%rsp,$j,8),$A[1] + adc \$0,%rdx + lea 4($j),$j # j++ + mov %rdx,$A[0] + + mulq $m1 # np[j]*m1 + add %rax,$N[1] + mov -16($ap,$j,8),%rax + adc \$0,%rdx + add $A[1],$N[1] + adc \$0,%rdx + mov $N[1],-32(%rsp,$j,8) # tp[j-1] + mov %rdx,$N[0] + cmp $num,$j + jl .Linner4x + + mulq $m0 # ap[j]*bp[i] + add %rax,$A[0] + mov -16($np,$j,8),%rax + adc \$0,%rdx + add -16(%rsp,$j,8),$A[0] # ap[j]*bp[i]+tp[j] + adc \$0,%rdx + mov %rdx,$A[1] + + mulq $m1 # np[j]*m1 + add %rax,$N[0] + mov -8($ap,$j,8),%rax + adc \$0,%rdx + add $A[0],$N[0] + adc \$0,%rdx + mov $N[0],-24(%rsp,$j,8) # tp[j-1] + mov %rdx,$N[1] + + mulq $m0 # ap[j]*bp[i] + add %rax,$A[1] + mov -8($np,$j,8),%rax + adc \$0,%rdx + add -8(%rsp,$j,8),$A[1] + adc \$0,%rdx + lea 1($i),$i # i++ + mov %rdx,$A[0] + + mulq $m1 # np[j]*m1 + add %rax,$N[1] + mov ($ap),%rax # ap[0] + adc \$0,%rdx + add $A[1],$N[1] + adc \$0,%rdx + mov $N[1],-16(%rsp,$j,8) # tp[j-1] + mov %rdx,$N[0] + + xor $N[1],$N[1] + add $A[0],$N[0] + adc \$0,$N[1] + add (%rsp,$num,8),$N[0] # pull upmost overflow bit + adc \$0,$N[1] + mov $N[0],-8(%rsp,$j,8) + mov $N[1],(%rsp,$j,8) # store upmost overflow bit + + cmp $num,$i + jl .Louter4x +___ +{ +my @ri=("%rax","%rdx",$m0,$m1); +$code.=<<___; + mov 16(%rsp,$num,8),$rp # restore $rp + mov 0(%rsp),@ri[0] # tp[0] + pxor %xmm0,%xmm0 + mov 8(%rsp),@ri[1] # tp[1] + shr \$2,$num # num/=4 + lea (%rsp),$ap # borrow ap for tp + xor $i,$i # i=0 and clear CF! + + sub 0($np),@ri[0] + mov 16($ap),@ri[2] # tp[2] + mov 24($ap),@ri[3] # tp[3] + sbb 8($np),@ri[1] + lea -1($num),$j # j=num/4-1 + jmp .Lsub4x +.align 16 +.Lsub4x: + mov @ri[0],0($rp,$i,8) # rp[i]=tp[i]-np[i] + mov @ri[1],8($rp,$i,8) # rp[i]=tp[i]-np[i] + sbb 16($np,$i,8),@ri[2] + mov 32($ap,$i,8),@ri[0] # tp[i+1] + mov 40($ap,$i,8),@ri[1] + sbb 24($np,$i,8),@ri[3] + mov @ri[2],16($rp,$i,8) # rp[i]=tp[i]-np[i] + mov @ri[3],24($rp,$i,8) # rp[i]=tp[i]-np[i] + sbb 32($np,$i,8),@ri[0] + mov 48($ap,$i,8),@ri[2] + mov 56($ap,$i,8),@ri[3] + sbb 40($np,$i,8),@ri[1] + lea 4($i),$i # i++ + dec $j # doesnn't affect CF! + jnz .Lsub4x + + mov @ri[0],0($rp,$i,8) # rp[i]=tp[i]-np[i] + mov 32($ap,$i,8),@ri[0] # load overflow bit + sbb 16($np,$i,8),@ri[2] + mov @ri[1],8($rp,$i,8) # rp[i]=tp[i]-np[i] + sbb 24($np,$i,8),@ri[3] + mov @ri[2],16($rp,$i,8) # rp[i]=tp[i]-np[i] + + sbb \$0,@ri[0] # handle upmost overflow bit + mov @ri[3],24($rp,$i,8) # rp[i]=tp[i]-np[i] + xor $i,$i # i=0 + and @ri[0],$ap + not @ri[0] + mov $rp,$np + and @ri[0],$np + lea -1($num),$j + or $np,$ap # ap=borrow?tp:rp + + movdqu ($ap),%xmm1 + movdqa %xmm0,(%rsp) + movdqu %xmm1,($rp) + jmp .Lcopy4x +.align 16 +.Lcopy4x: # copy or in-place refresh + movdqu 16($ap,$i),%xmm2 + movdqu 32($ap,$i),%xmm1 + movdqa %xmm0,16(%rsp,$i) + movdqu %xmm2,16($rp,$i) + movdqa %xmm0,32(%rsp,$i) + movdqu %xmm1,32($rp,$i) + lea 32($i),$i + dec $j + jnz .Lcopy4x + + shl \$2,$num + movdqu 16($ap,$i),%xmm2 + movdqa %xmm0,16(%rsp,$i) + movdqu %xmm2,16($rp,$i) +___ +} +$code.=<<___; + mov 8(%rsp,$num,8),%rsi # restore %rsp + mov \$1,%rax + mov (%rsi),%r15 + mov 8(%rsi),%r14 + mov 16(%rsi),%r13 + mov 24(%rsi),%r12 + mov 32(%rsi),%rbp + mov 40(%rsi),%rbx + lea 48(%rsi),%rsp +.Lmul4x_epilogue: + ret +.size bn_mul4x_mont,.-bn_mul4x_mont +___ +}}} + {{{ +###################################################################### +# void bn_sqr4x_mont( +my $rptr="%rdi"; # const BN_ULONG *rptr, +my $aptr="%rsi"; # const BN_ULONG *aptr, +my $bptr="%rdx"; # not used +my $nptr="%rcx"; # const BN_ULONG *nptr, +my $n0 ="%r8"; # const BN_ULONG *n0); +my $num ="%r9"; # int num, has to be divisible by 4 and + # not less than 8 + +my ($i,$j,$tptr)=("%rbp","%rcx",$rptr); +my @A0=("%r10","%r11"); +my @A1=("%r12","%r13"); +my ($a0,$a1,$ai)=("%r14","%r15","%rbx"); + +$code.=<<___; +.type bn_sqr4x_mont,\@function,6 +.align 16 +bn_sqr4x_mont: +.Lsqr4x_enter: + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + + shl \$3,${num}d # convert $num to bytes + xor %r10,%r10 + mov %rsp,%r11 # put aside %rsp + sub $num,%r10 # -$num + mov ($n0),$n0 # *n0 + lea -72(%rsp,%r10,2),%rsp # alloca(frame+2*$num) + and \$-1024,%rsp # minimize TLB usage + ############################################################## + # Stack layout + # + # +0 saved $num, used in reduction section + # +8 &t[2*$num], used in reduction section + # +32 saved $rptr + # +40 saved $nptr + # +48 saved *n0 + # +56 saved %rsp + # +64 t[2*$num] + # + mov $rptr,32(%rsp) # save $rptr + mov $nptr,40(%rsp) + mov $n0, 48(%rsp) + mov %r11, 56(%rsp) # save original %rsp +.Lsqr4x_body: + ############################################################## + # Squaring part: + # + # a) multiply-n-add everything but a[i]*a[i]; + # b) shift result of a) by 1 to the left and accumulate + # a[i]*a[i] products; + # + lea 32(%r10),$i # $i=-($num-32) + lea ($aptr,$num),$aptr # end of a[] buffer, ($aptr,$i)=&ap[2] + + mov $num,$j # $j=$num + + # comments apply to $num==8 case + mov -32($aptr,$i),$a0 # a[0] + lea 64(%rsp,$num,2),$tptr # end of tp[] buffer, &tp[2*$num] + mov -24($aptr,$i),%rax # a[1] + lea -32($tptr,$i),$tptr # end of tp[] window, &tp[2*$num-"$i"] + mov -16($aptr,$i),$ai # a[2] + mov %rax,$a1 + + mul $a0 # a[1]*a[0] + mov %rax,$A0[0] # a[1]*a[0] + mov $ai,%rax # a[2] + mov %rdx,$A0[1] + mov $A0[0],-24($tptr,$i) # t[1] + + xor $A0[0],$A0[0] + mul $a0 # a[2]*a[0] + add %rax,$A0[1] + mov $ai,%rax + adc %rdx,$A0[0] + mov $A0[1],-16($tptr,$i) # t[2] + + lea -16($i),$j # j=-16 + + + mov 8($aptr,$j),$ai # a[3] + mul $a1 # a[2]*a[1] + mov %rax,$A1[0] # a[2]*a[1]+t[3] + mov $ai,%rax + mov %rdx,$A1[1] + + xor $A0[1],$A0[1] + add $A1[0],$A0[0] + lea 16($j),$j + adc \$0,$A0[1] + mul $a0 # a[3]*a[0] + add %rax,$A0[0] # a[3]*a[0]+a[2]*a[1]+t[3] + mov $ai,%rax + adc %rdx,$A0[1] + mov $A0[0],-8($tptr,$j) # t[3] + jmp .Lsqr4x_1st + +.align 16 +.Lsqr4x_1st: + mov ($aptr,$j),$ai # a[4] + xor $A1[0],$A1[0] + mul $a1 # a[3]*a[1] + add %rax,$A1[1] # a[3]*a[1]+t[4] + mov $ai,%rax + adc %rdx,$A1[0] + + xor $A0[0],$A0[0] + add $A1[1],$A0[1] + adc \$0,$A0[0] + mul $a0 # a[4]*a[0] + add %rax,$A0[1] # a[4]*a[0]+a[3]*a[1]+t[4] + mov $ai,%rax # a[3] + adc %rdx,$A0[0] + mov $A0[1],($tptr,$j) # t[4] + + + mov 8($aptr,$j),$ai # a[5] + xor $A1[1],$A1[1] + mul $a1 # a[4]*a[3] + add %rax,$A1[0] # a[4]*a[3]+t[5] + mov $ai,%rax + adc %rdx,$A1[1] + + xor $A0[1],$A0[1] + add $A1[0],$A0[0] + adc \$0,$A0[1] + mul $a0 # a[5]*a[2] + add %rax,$A0[0] # a[5]*a[2]+a[4]*a[3]+t[5] + mov $ai,%rax + adc %rdx,$A0[1] + mov $A0[0],8($tptr,$j) # t[5] + + mov 16($aptr,$j),$ai # a[6] + xor $A1[0],$A1[0] + mul $a1 # a[5]*a[3] + add %rax,$A1[1] # a[5]*a[3]+t[6] + mov $ai,%rax + adc %rdx,$A1[0] + + xor $A0[0],$A0[0] + add $A1[1],$A0[1] + adc \$0,$A0[0] + mul $a0 # a[6]*a[2] + add %rax,$A0[1] # a[6]*a[2]+a[5]*a[3]+t[6] + mov $ai,%rax # a[3] + adc %rdx,$A0[0] + mov $A0[1],16($tptr,$j) # t[6] + + + mov 24($aptr,$j),$ai # a[7] + xor $A1[1],$A1[1] + mul $a1 # a[6]*a[5] + add %rax,$A1[0] # a[6]*a[5]+t[7] + mov $ai,%rax + adc %rdx,$A1[1] + + xor $A0[1],$A0[1] + add $A1[0],$A0[0] + lea 32($j),$j + adc \$0,$A0[1] + mul $a0 # a[7]*a[4] + add %rax,$A0[0] # a[7]*a[4]+a[6]*a[5]+t[6] + mov $ai,%rax + adc %rdx,$A0[1] + mov $A0[0],-8($tptr,$j) # t[7] + + cmp \$0,$j + jne .Lsqr4x_1st + + xor $A1[0],$A1[0] + add $A0[1],$A1[1] + adc \$0,$A1[0] + mul $a1 # a[7]*a[5] + add %rax,$A1[1] + adc %rdx,$A1[0] + + mov $A1[1],($tptr) # t[8] + lea 16($i),$i + mov $A1[0],8($tptr) # t[9] + jmp .Lsqr4x_outer + +.align 16 +.Lsqr4x_outer: # comments apply to $num==6 case + mov -32($aptr,$i),$a0 # a[0] + lea 64(%rsp,$num,2),$tptr # end of tp[] buffer, &tp[2*$num] + mov -24($aptr,$i),%rax # a[1] + lea -32($tptr,$i),$tptr # end of tp[] window, &tp[2*$num-"$i"] + mov -16($aptr,$i),$ai # a[2] + mov %rax,$a1 + + mov -24($tptr,$i),$A0[0] # t[1] + xor $A0[1],$A0[1] + mul $a0 # a[1]*a[0] + add %rax,$A0[0] # a[1]*a[0]+t[1] + mov $ai,%rax # a[2] + adc %rdx,$A0[1] + mov $A0[0],-24($tptr,$i) # t[1] + + xor $A0[0],$A0[0] + add -16($tptr,$i),$A0[1] # a[2]*a[0]+t[2] + adc \$0,$A0[0] + mul $a0 # a[2]*a[0] + add %rax,$A0[1] + mov $ai,%rax + adc %rdx,$A0[0] + mov $A0[1],-16($tptr,$i) # t[2] + + lea -16($i),$j # j=-16 + xor $A1[0],$A1[0] + + + mov 8($aptr,$j),$ai # a[3] + xor $A1[1],$A1[1] + add 8($tptr,$j),$A1[0] + adc \$0,$A1[1] + mul $a1 # a[2]*a[1] + add %rax,$A1[0] # a[2]*a[1]+t[3] + mov $ai,%rax + adc %rdx,$A1[1] + + xor $A0[1],$A0[1] + add $A1[0],$A0[0] + adc \$0,$A0[1] + mul $a0 # a[3]*a[0] + add %rax,$A0[0] # a[3]*a[0]+a[2]*a[1]+t[3] + mov $ai,%rax + adc %rdx,$A0[1] + mov $A0[0],8($tptr,$j) # t[3] + + lea 16($j),$j + jmp .Lsqr4x_inner + +.align 16 +.Lsqr4x_inner: + mov ($aptr,$j),$ai # a[4] + xor $A1[0],$A1[0] + add ($tptr,$j),$A1[1] + adc \$0,$A1[0] + mul $a1 # a[3]*a[1] + add %rax,$A1[1] # a[3]*a[1]+t[4] + mov $ai,%rax + adc %rdx,$A1[0] + + xor $A0[0],$A0[0] + add $A1[1],$A0[1] + adc \$0,$A0[0] + mul $a0 # a[4]*a[0] + add %rax,$A0[1] # a[4]*a[0]+a[3]*a[1]+t[4] + mov $ai,%rax # a[3] + adc %rdx,$A0[0] + mov $A0[1],($tptr,$j) # t[4] + + mov 8($aptr,$j),$ai # a[5] + xor $A1[1],$A1[1] + add 8($tptr,$j),$A1[0] + adc \$0,$A1[1] + mul $a1 # a[4]*a[3] + add %rax,$A1[0] # a[4]*a[3]+t[5] + mov $ai,%rax + adc %rdx,$A1[1] + + xor $A0[1],$A0[1] + add $A1[0],$A0[0] + lea 16($j),$j # j++ + adc \$0,$A0[1] + mul $a0 # a[5]*a[2] + add %rax,$A0[0] # a[5]*a[2]+a[4]*a[3]+t[5] + mov $ai,%rax + adc %rdx,$A0[1] + mov $A0[0],-8($tptr,$j) # t[5], "preloaded t[1]" below + + cmp \$0,$j + jne .Lsqr4x_inner + + xor $A1[0],$A1[0] + add $A0[1],$A1[1] + adc \$0,$A1[0] + mul $a1 # a[5]*a[3] + add %rax,$A1[1] + adc %rdx,$A1[0] + + mov $A1[1],($tptr) # t[6], "preloaded t[2]" below + mov $A1[0],8($tptr) # t[7], "preloaded t[3]" below + + add \$16,$i + jnz .Lsqr4x_outer + + # comments apply to $num==4 case + mov -32($aptr),$a0 # a[0] + lea 64(%rsp,$num,2),$tptr # end of tp[] buffer, &tp[2*$num] + mov -24($aptr),%rax # a[1] + lea -32($tptr,$i),$tptr # end of tp[] window, &tp[2*$num-"$i"] + mov -16($aptr),$ai # a[2] + mov %rax,$a1 + + xor $A0[1],$A0[1] + mul $a0 # a[1]*a[0] + add %rax,$A0[0] # a[1]*a[0]+t[1], preloaded t[1] + mov $ai,%rax # a[2] + adc %rdx,$A0[1] + mov $A0[0],-24($tptr) # t[1] + + xor $A0[0],$A0[0] + add $A1[1],$A0[1] # a[2]*a[0]+t[2], preloaded t[2] + adc \$0,$A0[0] + mul $a0 # a[2]*a[0] + add %rax,$A0[1] + mov $ai,%rax + adc %rdx,$A0[0] + mov $A0[1],-16($tptr) # t[2] + + mov -8($aptr),$ai # a[3] + mul $a1 # a[2]*a[1] + add %rax,$A1[0] # a[2]*a[1]+t[3], preloaded t[3] + mov $ai,%rax + adc \$0,%rdx + + xor $A0[1],$A0[1] + add $A1[0],$A0[0] + mov %rdx,$A1[1] + adc \$0,$A0[1] + mul $a0 # a[3]*a[0] + add %rax,$A0[0] # a[3]*a[0]+a[2]*a[1]+t[3] + mov $ai,%rax + adc %rdx,$A0[1] + mov $A0[0],-8($tptr) # t[3] + + xor $A1[0],$A1[0] + add $A0[1],$A1[1] + adc \$0,$A1[0] + mul $a1 # a[3]*a[1] + add %rax,$A1[1] + mov -16($aptr),%rax # a[2] + adc %rdx,$A1[0] + + mov $A1[1],($tptr) # t[4] + mov $A1[0],8($tptr) # t[5] + + mul $ai # a[2]*a[3] +___ +{ +my ($shift,$carry)=($a0,$a1); +my @S=(@A1,$ai,$n0); +$code.=<<___; + add \$16,$i + xor $shift,$shift + sub $num,$i # $i=16-$num + xor $carry,$carry + + add $A1[0],%rax # t[5] + adc \$0,%rdx + mov %rax,8($tptr) # t[5] + mov %rdx,16($tptr) # t[6] + mov $carry,24($tptr) # t[7] + + mov -16($aptr,$i),%rax # a[0] + lea 64(%rsp,$num,2),$tptr + xor $A0[0],$A0[0] # t[0] + mov -24($tptr,$i,2),$A0[1] # t[1] + + lea ($shift,$A0[0],2),$S[0] # t[2*i]<<1 | shift + shr \$63,$A0[0] + lea ($j,$A0[1],2),$S[1] # t[2*i+1]<<1 | + shr \$63,$A0[1] + or $A0[0],$S[1] # | t[2*i]>>63 + mov -16($tptr,$i,2),$A0[0] # t[2*i+2] # prefetch + mov $A0[1],$shift # shift=t[2*i+1]>>63 + mul %rax # a[i]*a[i] + neg $carry # mov $carry,cf + mov -8($tptr,$i,2),$A0[1] # t[2*i+2+1] # prefetch + adc %rax,$S[0] + mov -8($aptr,$i),%rax # a[i+1] # prefetch + mov $S[0],-32($tptr,$i,2) + adc %rdx,$S[1] + + lea ($shift,$A0[0],2),$S[2] # t[2*i]<<1 | shift + mov $S[1],-24($tptr,$i,2) + sbb $carry,$carry # mov cf,$carry + shr \$63,$A0[0] + lea ($j,$A0[1],2),$S[3] # t[2*i+1]<<1 | + shr \$63,$A0[1] + or $A0[0],$S[3] # | t[2*i]>>63 + mov 0($tptr,$i,2),$A0[0] # t[2*i+2] # prefetch + mov $A0[1],$shift # shift=t[2*i+1]>>63 + mul %rax # a[i]*a[i] + neg $carry # mov $carry,cf + mov 8($tptr,$i,2),$A0[1] # t[2*i+2+1] # prefetch + adc %rax,$S[2] + mov 0($aptr,$i),%rax # a[i+1] # prefetch + mov $S[2],-16($tptr,$i,2) + adc %rdx,$S[3] + lea 16($i),$i + mov $S[3],-40($tptr,$i,2) + sbb $carry,$carry # mov cf,$carry + jmp .Lsqr4x_shift_n_add + +.align 16 +.Lsqr4x_shift_n_add: + lea ($shift,$A0[0],2),$S[0] # t[2*i]<<1 | shift + shr \$63,$A0[0] + lea ($j,$A0[1],2),$S[1] # t[2*i+1]<<1 | + shr \$63,$A0[1] + or $A0[0],$S[1] # | t[2*i]>>63 + mov -16($tptr,$i,2),$A0[0] # t[2*i+2] # prefetch + mov $A0[1],$shift # shift=t[2*i+1]>>63 + mul %rax # a[i]*a[i] + neg $carry # mov $carry,cf + mov -8($tptr,$i,2),$A0[1] # t[2*i+2+1] # prefetch + adc %rax,$S[0] + mov -8($aptr,$i),%rax # a[i+1] # prefetch + mov $S[0],-32($tptr,$i,2) + adc %rdx,$S[1] + + lea ($shift,$A0[0],2),$S[2] # t[2*i]<<1 | shift + mov $S[1],-24($tptr,$i,2) + sbb $carry,$carry # mov cf,$carry + shr \$63,$A0[0] + lea ($j,$A0[1],2),$S[3] # t[2*i+1]<<1 | + shr \$63,$A0[1] + or $A0[0],$S[3] # | t[2*i]>>63 + mov 0($tptr,$i,2),$A0[0] # t[2*i+2] # prefetch + mov $A0[1],$shift # shift=t[2*i+1]>>63 + mul %rax # a[i]*a[i] + neg $carry # mov $carry,cf + mov 8($tptr,$i,2),$A0[1] # t[2*i+2+1] # prefetch + adc %rax,$S[2] + mov 0($aptr,$i),%rax # a[i+1] # prefetch + mov $S[2],-16($tptr,$i,2) + adc %rdx,$S[3] + + lea ($shift,$A0[0],2),$S[0] # t[2*i]<<1 | shift + mov $S[3],-8($tptr,$i,2) + sbb $carry,$carry # mov cf,$carry + shr \$63,$A0[0] + lea ($j,$A0[1],2),$S[1] # t[2*i+1]<<1 | + shr \$63,$A0[1] + or $A0[0],$S[1] # | t[2*i]>>63 + mov 16($tptr,$i,2),$A0[0] # t[2*i+2] # prefetch + mov $A0[1],$shift # shift=t[2*i+1]>>63 + mul %rax # a[i]*a[i] + neg $carry # mov $carry,cf + mov 24($tptr,$i,2),$A0[1] # t[2*i+2+1] # prefetch + adc %rax,$S[0] + mov 8($aptr,$i),%rax # a[i+1] # prefetch + mov $S[0],0($tptr,$i,2) + adc %rdx,$S[1] + + lea ($shift,$A0[0],2),$S[2] # t[2*i]<<1 | shift + mov $S[1],8($tptr,$i,2) + sbb $carry,$carry # mov cf,$carry + shr \$63,$A0[0] + lea ($j,$A0[1],2),$S[3] # t[2*i+1]<<1 | + shr \$63,$A0[1] + or $A0[0],$S[3] # | t[2*i]>>63 + mov 32($tptr,$i,2),$A0[0] # t[2*i+2] # prefetch + mov $A0[1],$shift # shift=t[2*i+1]>>63 + mul %rax # a[i]*a[i] + neg $carry # mov $carry,cf + mov 40($tptr,$i,2),$A0[1] # t[2*i+2+1] # prefetch + adc %rax,$S[2] + mov 16($aptr,$i),%rax # a[i+1] # prefetch + mov $S[2],16($tptr,$i,2) + adc %rdx,$S[3] + mov $S[3],24($tptr,$i,2) + sbb $carry,$carry # mov cf,$carry + add \$32,$i + jnz .Lsqr4x_shift_n_add + + lea ($shift,$A0[0],2),$S[0] # t[2*i]<<1 | shift + shr \$63,$A0[0] + lea ($j,$A0[1],2),$S[1] # t[2*i+1]<<1 | + shr \$63,$A0[1] + or $A0[0],$S[1] # | t[2*i]>>63 + mov -16($tptr),$A0[0] # t[2*i+2] # prefetch + mov $A0[1],$shift # shift=t[2*i+1]>>63 + mul %rax # a[i]*a[i] + neg $carry # mov $carry,cf + mov -8($tptr),$A0[1] # t[2*i+2+1] # prefetch + adc %rax,$S[0] + mov -8($aptr),%rax # a[i+1] # prefetch + mov $S[0],-32($tptr) + adc %rdx,$S[1] + + lea ($shift,$A0[0],2),$S[2] # t[2*i]<<1|shift + mov $S[1],-24($tptr) + sbb $carry,$carry # mov cf,$carry + shr \$63,$A0[0] + lea ($j,$A0[1],2),$S[3] # t[2*i+1]<<1 | + shr \$63,$A0[1] + or $A0[0],$S[3] # | t[2*i]>>63 + mul %rax # a[i]*a[i] + neg $carry # mov $carry,cf + adc %rax,$S[2] + adc %rdx,$S[3] + mov $S[2],-16($tptr) + mov $S[3],-8($tptr) +___ +} +############################################################## +# Montgomery reduction part, "word-by-word" algorithm. +# +{ +my ($topbit,$nptr)=("%rbp",$aptr); +my ($m0,$m1)=($a0,$a1); +my @Ni=("%rbx","%r9"); +$code.=<<___; + mov 40(%rsp),$nptr # restore $nptr + mov 48(%rsp),$n0 # restore *n0 + xor $j,$j + mov $num,0(%rsp) # save $num + sub $num,$j # $j=-$num + mov 64(%rsp),$A0[0] # t[0] # modsched # + mov $n0,$m0 # # modsched # + lea 64(%rsp,$num,2),%rax # end of t[] buffer + lea 64(%rsp,$num),$tptr # end of t[] window + mov %rax,8(%rsp) # save end of t[] buffer + lea ($nptr,$num),$nptr # end of n[] buffer + xor $topbit,$topbit # $topbit=0 + + mov 0($nptr,$j),%rax # n[0] # modsched # + mov 8($nptr,$j),$Ni[1] # n[1] # modsched # + imulq $A0[0],$m0 # m0=t[0]*n0 # modsched # + mov %rax,$Ni[0] # # modsched # + jmp .Lsqr4x_mont_outer + +.align 16 +.Lsqr4x_mont_outer: + xor $A0[1],$A0[1] + mul $m0 # n[0]*m0 + add %rax,$A0[0] # n[0]*m0+t[0] + mov $Ni[1],%rax + adc %rdx,$A0[1] + mov $n0,$m1 + + xor $A0[0],$A0[0] + add 8($tptr,$j),$A0[1] + adc \$0,$A0[0] + mul $m0 # n[1]*m0 + add %rax,$A0[1] # n[1]*m0+t[1] + mov $Ni[0],%rax + adc %rdx,$A0[0] + + imulq $A0[1],$m1 + + mov 16($nptr,$j),$Ni[0] # n[2] + xor $A1[1],$A1[1] + add $A0[1],$A1[0] + adc \$0,$A1[1] + mul $m1 # n[0]*m1 + add %rax,$A1[0] # n[0]*m1+"t[1]" + mov $Ni[0],%rax + adc %rdx,$A1[1] + mov $A1[0],8($tptr,$j) # "t[1]" + + xor $A0[1],$A0[1] + add 16($tptr,$j),$A0[0] + adc \$0,$A0[1] + mul $m0 # n[2]*m0 + add %rax,$A0[0] # n[2]*m0+t[2] + mov $Ni[1],%rax + adc %rdx,$A0[1] + + mov 24($nptr,$j),$Ni[1] # n[3] + xor $A1[0],$A1[0] + add $A0[0],$A1[1] + adc \$0,$A1[0] + mul $m1 # n[1]*m1 + add %rax,$A1[1] # n[1]*m1+"t[2]" + mov $Ni[1],%rax + adc %rdx,$A1[0] + mov $A1[1],16($tptr,$j) # "t[2]" + + xor $A0[0],$A0[0] + add 24($tptr,$j),$A0[1] + lea 32($j),$j + adc \$0,$A0[0] + mul $m0 # n[3]*m0 + add %rax,$A0[1] # n[3]*m0+t[3] + mov $Ni[0],%rax + adc %rdx,$A0[0] + jmp .Lsqr4x_mont_inner + +.align 16 +.Lsqr4x_mont_inner: + mov ($nptr,$j),$Ni[0] # n[4] + xor $A1[1],$A1[1] + add $A0[1],$A1[0] + adc \$0,$A1[1] + mul $m1 # n[2]*m1 + add %rax,$A1[0] # n[2]*m1+"t[3]" + mov $Ni[0],%rax + adc %rdx,$A1[1] + mov $A1[0],-8($tptr,$j) # "t[3]" + + xor $A0[1],$A0[1] + add ($tptr,$j),$A0[0] + adc \$0,$A0[1] + mul $m0 # n[4]*m0 + add %rax,$A0[0] # n[4]*m0+t[4] + mov $Ni[1],%rax + adc %rdx,$A0[1] + + mov 8($nptr,$j),$Ni[1] # n[5] + xor $A1[0],$A1[0] + add $A0[0],$A1[1] + adc \$0,$A1[0] + mul $m1 # n[3]*m1 + add %rax,$A1[1] # n[3]*m1+"t[4]" + mov $Ni[1],%rax + adc %rdx,$A1[0] + mov $A1[1],($tptr,$j) # "t[4]" + + xor $A0[0],$A0[0] + add 8($tptr,$j),$A0[1] + adc \$0,$A0[0] + mul $m0 # n[5]*m0 + add %rax,$A0[1] # n[5]*m0+t[5] + mov $Ni[0],%rax + adc %rdx,$A0[0] + + + mov 16($nptr,$j),$Ni[0] # n[6] + xor $A1[1],$A1[1] + add $A0[1],$A1[0] + adc \$0,$A1[1] + mul $m1 # n[4]*m1 + add %rax,$A1[0] # n[4]*m1+"t[5]" + mov $Ni[0],%rax + adc %rdx,$A1[1] + mov $A1[0],8($tptr,$j) # "t[5]" + + xor $A0[1],$A0[1] + add 16($tptr,$j),$A0[0] + adc \$0,$A0[1] + mul $m0 # n[6]*m0 + add %rax,$A0[0] # n[6]*m0+t[6] + mov $Ni[1],%rax + adc %rdx,$A0[1] + + mov 24($nptr,$j),$Ni[1] # n[7] + xor $A1[0],$A1[0] + add $A0[0],$A1[1] + adc \$0,$A1[0] + mul $m1 # n[5]*m1 + add %rax,$A1[1] # n[5]*m1+"t[6]" + mov $Ni[1],%rax + adc %rdx,$A1[0] + mov $A1[1],16($tptr,$j) # "t[6]" + + xor $A0[0],$A0[0] + add 24($tptr,$j),$A0[1] + lea 32($j),$j + adc \$0,$A0[0] + mul $m0 # n[7]*m0 + add %rax,$A0[1] # n[7]*m0+t[7] + mov $Ni[0],%rax + adc %rdx,$A0[0] + cmp \$0,$j + jne .Lsqr4x_mont_inner + + sub 0(%rsp),$j # $j=-$num # modsched # + mov $n0,$m0 # # modsched # + + xor $A1[1],$A1[1] + add $A0[1],$A1[0] + adc \$0,$A1[1] + mul $m1 # n[6]*m1 + add %rax,$A1[0] # n[6]*m1+"t[7]" + mov $Ni[1],%rax + adc %rdx,$A1[1] + mov $A1[0],-8($tptr) # "t[7]" + + xor $A0[1],$A0[1] + add ($tptr),$A0[0] # +t[8] + adc \$0,$A0[1] + mov 0($nptr,$j),$Ni[0] # n[0] # modsched # + add $topbit,$A0[0] + adc \$0,$A0[1] + + imulq 16($tptr,$j),$m0 # m0=t[0]*n0 # modsched # + xor $A1[0],$A1[0] + mov 8($nptr,$j),$Ni[1] # n[1] # modsched # + add $A0[0],$A1[1] + mov 16($tptr,$j),$A0[0] # t[0] # modsched # + adc \$0,$A1[0] + mul $m1 # n[7]*m1 + add %rax,$A1[1] # n[7]*m1+"t[8]" + mov $Ni[0],%rax # # modsched # + adc %rdx,$A1[0] + mov $A1[1],($tptr) # "t[8]" + + xor $topbit,$topbit + add 8($tptr),$A1[0] # +t[9] + adc $topbit,$topbit + add $A0[1],$A1[0] + lea 16($tptr),$tptr # "t[$num]>>128" + adc \$0,$topbit + mov $A1[0],-8($tptr) # "t[9]" + cmp 8(%rsp),$tptr # are we done? + jb .Lsqr4x_mont_outer + + mov 0(%rsp),$num # restore $num + mov $topbit,($tptr) # save $topbit +___ +} +############################################################## +# Post-condition, 4x unrolled copy from bn_mul_mont +# +{ +my ($tptr,$nptr)=("%rbx",$aptr); +my @ri=("%rax","%rdx","%r10","%r11"); +$code.=<<___; + mov 64(%rsp,$num),@ri[0] # tp[0] + lea 64(%rsp,$num),$tptr # upper half of t[2*$num] holds result + mov 40(%rsp),$nptr # restore $nptr + shr \$5,$num # num/4 + mov 8($tptr),@ri[1] # t[1] + xor $i,$i # i=0 and clear CF! + + mov 32(%rsp),$rptr # restore $rptr + sub 0($nptr),@ri[0] + mov 16($tptr),@ri[2] # t[2] + mov 24($tptr),@ri[3] # t[3] + sbb 8($nptr),@ri[1] + lea -1($num),$j # j=num/4-1 + jmp .Lsqr4x_sub +.align 16 +.Lsqr4x_sub: + mov @ri[0],0($rptr,$i,8) # rp[i]=tp[i]-np[i] + mov @ri[1],8($rptr,$i,8) # rp[i]=tp[i]-np[i] + sbb 16($nptr,$i,8),@ri[2] + mov 32($tptr,$i,8),@ri[0] # tp[i+1] + mov 40($tptr,$i,8),@ri[1] + sbb 24($nptr,$i,8),@ri[3] + mov @ri[2],16($rptr,$i,8) # rp[i]=tp[i]-np[i] + mov @ri[3],24($rptr,$i,8) # rp[i]=tp[i]-np[i] + sbb 32($nptr,$i,8),@ri[0] + mov 48($tptr,$i,8),@ri[2] + mov 56($tptr,$i,8),@ri[3] + sbb 40($nptr,$i,8),@ri[1] + lea 4($i),$i # i++ + dec $j # doesn't affect CF! + jnz .Lsqr4x_sub + + mov @ri[0],0($rptr,$i,8) # rp[i]=tp[i]-np[i] + mov 32($tptr,$i,8),@ri[0] # load overflow bit + sbb 16($nptr,$i,8),@ri[2] + mov @ri[1],8($rptr,$i,8) # rp[i]=tp[i]-np[i] + sbb 24($nptr,$i,8),@ri[3] + mov @ri[2],16($rptr,$i,8) # rp[i]=tp[i]-np[i] + + sbb \$0,@ri[0] # handle upmost overflow bit + mov @ri[3],24($rptr,$i,8) # rp[i]=tp[i]-np[i] + xor $i,$i # i=0 + and @ri[0],$tptr + not @ri[0] + mov $rptr,$nptr + and @ri[0],$nptr + lea -1($num),$j + or $nptr,$tptr # tp=borrow?tp:rp + + pxor %xmm0,%xmm0 + lea 64(%rsp,$num,8),$nptr + movdqu ($tptr),%xmm1 + lea ($nptr,$num,8),$nptr + movdqa %xmm0,64(%rsp) # zap lower half of temporary vector + movdqa %xmm0,($nptr) # zap upper half of temporary vector + movdqu %xmm1,($rptr) + jmp .Lsqr4x_copy +.align 16 +.Lsqr4x_copy: # copy or in-place refresh + movdqu 16($tptr,$i),%xmm2 + movdqu 32($tptr,$i),%xmm1 + movdqa %xmm0,80(%rsp,$i) # zap lower half of temporary vector + movdqa %xmm0,96(%rsp,$i) # zap lower half of temporary vector + movdqa %xmm0,16($nptr,$i) # zap upper half of temporary vector + movdqa %xmm0,32($nptr,$i) # zap upper half of temporary vector + movdqu %xmm2,16($rptr,$i) + movdqu %xmm1,32($rptr,$i) + lea 32($i),$i + dec $j + jnz .Lsqr4x_copy + + movdqu 16($tptr,$i),%xmm2 + movdqa %xmm0,80(%rsp,$i) # zap lower half of temporary vector + movdqa %xmm0,16($nptr,$i) # zap upper half of temporary vector + movdqu %xmm2,16($rptr,$i) +___ +} +$code.=<<___; + mov 56(%rsp),%rsi # restore %rsp + mov \$1,%rax + mov 0(%rsi),%r15 + mov 8(%rsi),%r14 + mov 16(%rsi),%r13 + mov 24(%rsi),%r12 + mov 32(%rsi),%rbp + mov 40(%rsi),%rbx + lea 48(%rsi),%rsp +.Lsqr4x_epilogue: + ret +.size bn_sqr4x_mont,.-bn_sqr4x_mont +___ +}}} +$code.=<<___; +.asciz "Montgomery Multiplication for x86_64, CRYPTOGAMS by " +.align 16 +___ + +print $code; +close STDOUT; diff --git a/src/lib/libcrypto/bn/asm/x86_64-mont5.pl b/src/lib/libcrypto/bn/asm/x86_64-mont5.pl new file mode 100755 index 00000000000..bb7ad4c4b78 --- /dev/null +++ b/src/lib/libcrypto/bn/asm/x86_64-mont5.pl @@ -0,0 +1,1186 @@ +#!/usr/bin/env perl + +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# August 2011. +# +# Companion to x86_64-mont.pl that optimizes cache-timing attack +# countermeasures. The subroutines are produced by replacing bp[i] +# references in their x86_64-mont.pl counterparts with cache-neutral +# references to powers table computed in BN_mod_exp_mont_consttime. +# In addition subroutine that scatters elements of the powers table +# is implemented, so that scatter-/gathering can be tuned without +# bn_exp.c modifications. + +$flavour = shift; +$output = shift; +if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } + +$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or +die "can't locate x86_64-xlate.pl"; + +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; + +# int bn_mul_mont_gather5( +$rp="%rdi"; # BN_ULONG *rp, +$ap="%rsi"; # const BN_ULONG *ap, +$bp="%rdx"; # const BN_ULONG *bp, +$np="%rcx"; # const BN_ULONG *np, +$n0="%r8"; # const BN_ULONG *n0, +$num="%r9"; # int num, + # int idx); # 0 to 2^5-1, "index" in $bp holding + # pre-computed powers of a', interlaced + # in such manner that b[0] is $bp[idx], + # b[1] is [2^5+idx], etc. +$lo0="%r10"; +$hi0="%r11"; +$hi1="%r13"; +$i="%r14"; +$j="%r15"; +$m0="%rbx"; +$m1="%rbp"; + +$code=<<___; +.text + +.globl bn_mul_mont_gather5 +.type bn_mul_mont_gather5,\@function,6 +.align 64 +bn_mul_mont_gather5: + test \$3,${num}d + jnz .Lmul_enter + cmp \$8,${num}d + jb .Lmul_enter + jmp .Lmul4x_enter + +.align 16 +.Lmul_enter: + mov ${num}d,${num}d + movd `($win64?56:8)`(%rsp),%xmm5 # load 7th argument + lea .Linc(%rip),%r10 + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + +.Lmul_alloca: + mov %rsp,%rax + lea 2($num),%r11 + neg %r11 + lea -264(%rsp,%r11,8),%rsp # tp=alloca(8*(num+2)+256+8) + and \$-1024,%rsp # minimize TLB usage + + mov %rax,8(%rsp,$num,8) # tp[num+1]=%rsp +.Lmul_body: + lea 128($bp),%r12 # reassign $bp (+size optimization) +___ + $bp="%r12"; + $STRIDE=2**5*8; # 5 is "window size" + $N=$STRIDE/4; # should match cache line size +$code.=<<___; + movdqa 0(%r10),%xmm0 # 00000001000000010000000000000000 + movdqa 16(%r10),%xmm1 # 00000002000000020000000200000002 + lea 24-112(%rsp,$num,8),%r10# place the mask after tp[num+3] (+ICache optimization) + and \$-16,%r10 + + pshufd \$0,%xmm5,%xmm5 # broadcast index + movdqa %xmm1,%xmm4 + movdqa %xmm1,%xmm2 +___ +######################################################################## +# calculate mask by comparing 0..31 to index and save result to stack +# +$code.=<<___; + paddd %xmm0,%xmm1 + pcmpeqd %xmm5,%xmm0 # compare to 1,0 + .byte 0x67 + movdqa %xmm4,%xmm3 +___ +for($k=0;$k<$STRIDE/16-4;$k+=4) { +$code.=<<___; + paddd %xmm1,%xmm2 + pcmpeqd %xmm5,%xmm1 # compare to 3,2 + movdqa %xmm0,`16*($k+0)+112`(%r10) + movdqa %xmm4,%xmm0 + + paddd %xmm2,%xmm3 + pcmpeqd %xmm5,%xmm2 # compare to 5,4 + movdqa %xmm1,`16*($k+1)+112`(%r10) + movdqa %xmm4,%xmm1 + + paddd %xmm3,%xmm0 + pcmpeqd %xmm5,%xmm3 # compare to 7,6 + movdqa %xmm2,`16*($k+2)+112`(%r10) + movdqa %xmm4,%xmm2 + + paddd %xmm0,%xmm1 + pcmpeqd %xmm5,%xmm0 + movdqa %xmm3,`16*($k+3)+112`(%r10) + movdqa %xmm4,%xmm3 +___ +} +$code.=<<___; # last iteration can be optimized + paddd %xmm1,%xmm2 + pcmpeqd %xmm5,%xmm1 + movdqa %xmm0,`16*($k+0)+112`(%r10) + + paddd %xmm2,%xmm3 + .byte 0x67 + pcmpeqd %xmm5,%xmm2 + movdqa %xmm1,`16*($k+1)+112`(%r10) + + pcmpeqd %xmm5,%xmm3 + movdqa %xmm2,`16*($k+2)+112`(%r10) + pand `16*($k+0)-128`($bp),%xmm0 # while it's still in register + + pand `16*($k+1)-128`($bp),%xmm1 + pand `16*($k+2)-128`($bp),%xmm2 + movdqa %xmm3,`16*($k+3)+112`(%r10) + pand `16*($k+3)-128`($bp),%xmm3 + por %xmm2,%xmm0 + por %xmm3,%xmm1 +___ +for($k=0;$k<$STRIDE/16-4;$k+=4) { +$code.=<<___; + movdqa `16*($k+0)-128`($bp),%xmm4 + movdqa `16*($k+1)-128`($bp),%xmm5 + movdqa `16*($k+2)-128`($bp),%xmm2 + pand `16*($k+0)+112`(%r10),%xmm4 + movdqa `16*($k+3)-128`($bp),%xmm3 + pand `16*($k+1)+112`(%r10),%xmm5 + por %xmm4,%xmm0 + pand `16*($k+2)+112`(%r10),%xmm2 + por %xmm5,%xmm1 + pand `16*($k+3)+112`(%r10),%xmm3 + por %xmm2,%xmm0 + por %xmm3,%xmm1 +___ +} +$code.=<<___; + por %xmm1,%xmm0 + pshufd \$0x4e,%xmm0,%xmm1 + por %xmm1,%xmm0 + lea $STRIDE($bp),$bp + movd %xmm0,$m0 # m0=bp[0] + + mov ($n0),$n0 # pull n0[0] value + mov ($ap),%rax + + xor $i,$i # i=0 + xor $j,$j # j=0 + + mov $n0,$m1 + mulq $m0 # ap[0]*bp[0] + mov %rax,$lo0 + mov ($np),%rax + + imulq $lo0,$m1 # "tp[0]"*n0 + mov %rdx,$hi0 + + mulq $m1 # np[0]*m1 + add %rax,$lo0 # discarded + mov 8($ap),%rax + adc \$0,%rdx + mov %rdx,$hi1 + + lea 1($j),$j # j++ + jmp .L1st_enter + +.align 16 +.L1st: + add %rax,$hi1 + mov ($ap,$j,8),%rax + adc \$0,%rdx + add $hi0,$hi1 # np[j]*m1+ap[j]*bp[0] + mov $lo0,$hi0 + adc \$0,%rdx + mov $hi1,-16(%rsp,$j,8) # tp[j-1] + mov %rdx,$hi1 + +.L1st_enter: + mulq $m0 # ap[j]*bp[0] + add %rax,$hi0 + mov ($np,$j,8),%rax + adc \$0,%rdx + lea 1($j),$j # j++ + mov %rdx,$lo0 + + mulq $m1 # np[j]*m1 + cmp $num,$j + jl .L1st + + add %rax,$hi1 + mov ($ap),%rax # ap[0] + adc \$0,%rdx + add $hi0,$hi1 # np[j]*m1+ap[j]*bp[0] + adc \$0,%rdx + mov $hi1,-16(%rsp,$j,8) # tp[j-1] + mov %rdx,$hi1 + mov $lo0,$hi0 + + xor %rdx,%rdx + add $hi0,$hi1 + adc \$0,%rdx + mov $hi1,-8(%rsp,$num,8) + mov %rdx,(%rsp,$num,8) # store upmost overflow bit + + lea 1($i),$i # i++ + jmp .Louter +.align 16 +.Louter: + lea 24+128(%rsp,$num,8),%rdx # where 256-byte mask is (+size optimization) + and \$-16,%rdx + pxor %xmm4,%xmm4 + pxor %xmm5,%xmm5 +___ +for($k=0;$k<$STRIDE/16;$k+=4) { +$code.=<<___; + movdqa `16*($k+0)-128`($bp),%xmm0 + movdqa `16*($k+1)-128`($bp),%xmm1 + movdqa `16*($k+2)-128`($bp),%xmm2 + movdqa `16*($k+3)-128`($bp),%xmm3 + pand `16*($k+0)-128`(%rdx),%xmm0 + pand `16*($k+1)-128`(%rdx),%xmm1 + por %xmm0,%xmm4 + pand `16*($k+2)-128`(%rdx),%xmm2 + por %xmm1,%xmm5 + pand `16*($k+3)-128`(%rdx),%xmm3 + por %xmm2,%xmm4 + por %xmm3,%xmm5 +___ +} +$code.=<<___; + por %xmm5,%xmm4 + pshufd \$0x4e,%xmm4,%xmm0 + por %xmm4,%xmm0 + lea $STRIDE($bp),$bp + movd %xmm0,$m0 # m0=bp[i] + + xor $j,$j # j=0 + mov $n0,$m1 + mov (%rsp),$lo0 + + mulq $m0 # ap[0]*bp[i] + add %rax,$lo0 # ap[0]*bp[i]+tp[0] + mov ($np),%rax + adc \$0,%rdx + + imulq $lo0,$m1 # tp[0]*n0 + mov %rdx,$hi0 + + mulq $m1 # np[0]*m1 + add %rax,$lo0 # discarded + mov 8($ap),%rax + adc \$0,%rdx + mov 8(%rsp),$lo0 # tp[1] + mov %rdx,$hi1 + + lea 1($j),$j # j++ + jmp .Linner_enter + +.align 16 +.Linner: + add %rax,$hi1 + mov ($ap,$j,8),%rax + adc \$0,%rdx + add $lo0,$hi1 # np[j]*m1+ap[j]*bp[i]+tp[j] + mov (%rsp,$j,8),$lo0 + adc \$0,%rdx + mov $hi1,-16(%rsp,$j,8) # tp[j-1] + mov %rdx,$hi1 + +.Linner_enter: + mulq $m0 # ap[j]*bp[i] + add %rax,$hi0 + mov ($np,$j,8),%rax + adc \$0,%rdx + add $hi0,$lo0 # ap[j]*bp[i]+tp[j] + mov %rdx,$hi0 + adc \$0,$hi0 + lea 1($j),$j # j++ + + mulq $m1 # np[j]*m1 + cmp $num,$j + jl .Linner + + add %rax,$hi1 + mov ($ap),%rax # ap[0] + adc \$0,%rdx + add $lo0,$hi1 # np[j]*m1+ap[j]*bp[i]+tp[j] + mov (%rsp,$j,8),$lo0 + adc \$0,%rdx + mov $hi1,-16(%rsp,$j,8) # tp[j-1] + mov %rdx,$hi1 + + xor %rdx,%rdx + add $hi0,$hi1 + adc \$0,%rdx + add $lo0,$hi1 # pull upmost overflow bit + adc \$0,%rdx + mov $hi1,-8(%rsp,$num,8) + mov %rdx,(%rsp,$num,8) # store upmost overflow bit + + lea 1($i),$i # i++ + cmp $num,$i + jl .Louter + + xor $i,$i # i=0 and clear CF! + mov (%rsp),%rax # tp[0] + lea (%rsp),$ap # borrow ap for tp + mov $num,$j # j=num + jmp .Lsub +.align 16 +.Lsub: sbb ($np,$i,8),%rax + mov %rax,($rp,$i,8) # rp[i]=tp[i]-np[i] + mov 8($ap,$i,8),%rax # tp[i+1] + lea 1($i),$i # i++ + dec $j # doesnn't affect CF! + jnz .Lsub + + sbb \$0,%rax # handle upmost overflow bit + xor $i,$i + and %rax,$ap + not %rax + mov $rp,$np + and %rax,$np + mov $num,$j # j=num + or $np,$ap # ap=borrow?tp:rp +.align 16 +.Lcopy: # copy or in-place refresh + mov ($ap,$i,8),%rax + mov $i,(%rsp,$i,8) # zap temporary vector + mov %rax,($rp,$i,8) # rp[i]=tp[i] + lea 1($i),$i + sub \$1,$j + jnz .Lcopy + + mov 8(%rsp,$num,8),%rsi # restore %rsp + mov \$1,%rax + + mov (%rsi),%r15 + mov 8(%rsi),%r14 + mov 16(%rsi),%r13 + mov 24(%rsi),%r12 + mov 32(%rsi),%rbp + mov 40(%rsi),%rbx + lea 48(%rsi),%rsp +.Lmul_epilogue: + ret +.size bn_mul_mont_gather5,.-bn_mul_mont_gather5 +___ +{{{ +my @A=("%r10","%r11"); +my @N=("%r13","%rdi"); +$code.=<<___; +.type bn_mul4x_mont_gather5,\@function,6 +.align 16 +bn_mul4x_mont_gather5: +.Lmul4x_enter: + mov ${num}d,${num}d + movd `($win64?56:8)`(%rsp),%xmm5 # load 7th argument + lea .Linc(%rip),%r10 + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + +.Lmul4x_alloca: + mov %rsp,%rax + lea 4($num),%r11 + neg %r11 + lea -256(%rsp,%r11,8),%rsp # tp=alloca(8*(num+4)+256) + and \$-1024,%rsp # minimize TLB usage + + mov %rax,8(%rsp,$num,8) # tp[num+1]=%rsp +.Lmul4x_body: + mov $rp,16(%rsp,$num,8) # tp[num+2]=$rp + lea 128(%rdx),%r12 # reassign $bp (+size optimization) +___ + $bp="%r12"; + $STRIDE=2**5*8; # 5 is "window size" + $N=$STRIDE/4; # should match cache line size +$code.=<<___; + movdqa 0(%r10),%xmm0 # 00000001000000010000000000000000 + movdqa 16(%r10),%xmm1 # 00000002000000020000000200000002 + lea 32-112(%rsp,$num,8),%r10# place the mask after tp[num+4] (+ICache optimization) + + pshufd \$0,%xmm5,%xmm5 # broadcast index + movdqa %xmm1,%xmm4 + .byte 0x67,0x67 + movdqa %xmm1,%xmm2 +___ +######################################################################## +# calculate mask by comparing 0..31 to index and save result to stack +# +$code.=<<___; + paddd %xmm0,%xmm1 + pcmpeqd %xmm5,%xmm0 # compare to 1,0 + .byte 0x67 + movdqa %xmm4,%xmm3 +___ +for($k=0;$k<$STRIDE/16-4;$k+=4) { +$code.=<<___; + paddd %xmm1,%xmm2 + pcmpeqd %xmm5,%xmm1 # compare to 3,2 + movdqa %xmm0,`16*($k+0)+112`(%r10) + movdqa %xmm4,%xmm0 + + paddd %xmm2,%xmm3 + pcmpeqd %xmm5,%xmm2 # compare to 5,4 + movdqa %xmm1,`16*($k+1)+112`(%r10) + movdqa %xmm4,%xmm1 + + paddd %xmm3,%xmm0 + pcmpeqd %xmm5,%xmm3 # compare to 7,6 + movdqa %xmm2,`16*($k+2)+112`(%r10) + movdqa %xmm4,%xmm2 + + paddd %xmm0,%xmm1 + pcmpeqd %xmm5,%xmm0 + movdqa %xmm3,`16*($k+3)+112`(%r10) + movdqa %xmm4,%xmm3 +___ +} +$code.=<<___; # last iteration can be optimized + paddd %xmm1,%xmm2 + pcmpeqd %xmm5,%xmm1 + movdqa %xmm0,`16*($k+0)+112`(%r10) + + paddd %xmm2,%xmm3 + .byte 0x67 + pcmpeqd %xmm5,%xmm2 + movdqa %xmm1,`16*($k+1)+112`(%r10) + + pcmpeqd %xmm5,%xmm3 + movdqa %xmm2,`16*($k+2)+112`(%r10) + pand `16*($k+0)-128`($bp),%xmm0 # while it's still in register + + pand `16*($k+1)-128`($bp),%xmm1 + pand `16*($k+2)-128`($bp),%xmm2 + movdqa %xmm3,`16*($k+3)+112`(%r10) + pand `16*($k+3)-128`($bp),%xmm3 + por %xmm2,%xmm0 + por %xmm3,%xmm1 +___ +for($k=0;$k<$STRIDE/16-4;$k+=4) { +$code.=<<___; + movdqa `16*($k+0)-128`($bp),%xmm4 + movdqa `16*($k+1)-128`($bp),%xmm5 + movdqa `16*($k+2)-128`($bp),%xmm2 + pand `16*($k+0)+112`(%r10),%xmm4 + movdqa `16*($k+3)-128`($bp),%xmm3 + pand `16*($k+1)+112`(%r10),%xmm5 + por %xmm4,%xmm0 + pand `16*($k+2)+112`(%r10),%xmm2 + por %xmm5,%xmm1 + pand `16*($k+3)+112`(%r10),%xmm3 + por %xmm2,%xmm0 + por %xmm3,%xmm1 +___ +} +$code.=<<___; + por %xmm1,%xmm0 + pshufd \$0x4e,%xmm0,%xmm1 + por %xmm1,%xmm0 + lea $STRIDE($bp),$bp + movd %xmm0,$m0 # m0=bp[0] + + mov ($n0),$n0 # pull n0[0] value + mov ($ap),%rax + + xor $i,$i # i=0 + xor $j,$j # j=0 + + mov $n0,$m1 + mulq $m0 # ap[0]*bp[0] + mov %rax,$A[0] + mov ($np),%rax + + imulq $A[0],$m1 # "tp[0]"*n0 + mov %rdx,$A[1] + + mulq $m1 # np[0]*m1 + add %rax,$A[0] # discarded + mov 8($ap),%rax + adc \$0,%rdx + mov %rdx,$N[1] + + mulq $m0 + add %rax,$A[1] + mov 8($np),%rax + adc \$0,%rdx + mov %rdx,$A[0] + + mulq $m1 + add %rax,$N[1] + mov 16($ap),%rax + adc \$0,%rdx + add $A[1],$N[1] + lea 4($j),$j # j++ + adc \$0,%rdx + mov $N[1],(%rsp) + mov %rdx,$N[0] + jmp .L1st4x +.align 16 +.L1st4x: + mulq $m0 # ap[j]*bp[0] + add %rax,$A[0] + mov -16($np,$j,8),%rax + adc \$0,%rdx + mov %rdx,$A[1] + + mulq $m1 # np[j]*m1 + add %rax,$N[0] + mov -8($ap,$j,8),%rax + adc \$0,%rdx + add $A[0],$N[0] # np[j]*m1+ap[j]*bp[0] + adc \$0,%rdx + mov $N[0],-24(%rsp,$j,8) # tp[j-1] + mov %rdx,$N[1] + + mulq $m0 # ap[j]*bp[0] + add %rax,$A[1] + mov -8($np,$j,8),%rax + adc \$0,%rdx + mov %rdx,$A[0] + + mulq $m1 # np[j]*m1 + add %rax,$N[1] + mov ($ap,$j,8),%rax + adc \$0,%rdx + add $A[1],$N[1] # np[j]*m1+ap[j]*bp[0] + adc \$0,%rdx + mov $N[1],-16(%rsp,$j,8) # tp[j-1] + mov %rdx,$N[0] + + mulq $m0 # ap[j]*bp[0] + add %rax,$A[0] + mov ($np,$j,8),%rax + adc \$0,%rdx + mov %rdx,$A[1] + + mulq $m1 # np[j]*m1 + add %rax,$N[0] + mov 8($ap,$j,8),%rax + adc \$0,%rdx + add $A[0],$N[0] # np[j]*m1+ap[j]*bp[0] + adc \$0,%rdx + mov $N[0],-8(%rsp,$j,8) # tp[j-1] + mov %rdx,$N[1] + + mulq $m0 # ap[j]*bp[0] + add %rax,$A[1] + mov 8($np,$j,8),%rax + adc \$0,%rdx + lea 4($j),$j # j++ + mov %rdx,$A[0] + + mulq $m1 # np[j]*m1 + add %rax,$N[1] + mov -16($ap,$j,8),%rax + adc \$0,%rdx + add $A[1],$N[1] # np[j]*m1+ap[j]*bp[0] + adc \$0,%rdx + mov $N[1],-32(%rsp,$j,8) # tp[j-1] + mov %rdx,$N[0] + cmp $num,$j + jl .L1st4x + + mulq $m0 # ap[j]*bp[0] + add %rax,$A[0] + mov -16($np,$j,8),%rax + adc \$0,%rdx + mov %rdx,$A[1] + + mulq $m1 # np[j]*m1 + add %rax,$N[0] + mov -8($ap,$j,8),%rax + adc \$0,%rdx + add $A[0],$N[0] # np[j]*m1+ap[j]*bp[0] + adc \$0,%rdx + mov $N[0],-24(%rsp,$j,8) # tp[j-1] + mov %rdx,$N[1] + + mulq $m0 # ap[j]*bp[0] + add %rax,$A[1] + mov -8($np,$j,8),%rax + adc \$0,%rdx + mov %rdx,$A[0] + + mulq $m1 # np[j]*m1 + add %rax,$N[1] + mov ($ap),%rax # ap[0] + adc \$0,%rdx + add $A[1],$N[1] # np[j]*m1+ap[j]*bp[0] + adc \$0,%rdx + mov $N[1],-16(%rsp,$j,8) # tp[j-1] + mov %rdx,$N[0] + + xor $N[1],$N[1] + add $A[0],$N[0] + adc \$0,$N[1] + mov $N[0],-8(%rsp,$j,8) + mov $N[1],(%rsp,$j,8) # store upmost overflow bit + + lea 1($i),$i # i++ +.align 4 +.Louter4x: + lea 32+128(%rsp,$num,8),%rdx # where 256-byte mask is (+size optimization) + pxor %xmm4,%xmm4 + pxor %xmm5,%xmm5 +___ +for($k=0;$k<$STRIDE/16;$k+=4) { +$code.=<<___; + movdqa `16*($k+0)-128`($bp),%xmm0 + movdqa `16*($k+1)-128`($bp),%xmm1 + movdqa `16*($k+2)-128`($bp),%xmm2 + movdqa `16*($k+3)-128`($bp),%xmm3 + pand `16*($k+0)-128`(%rdx),%xmm0 + pand `16*($k+1)-128`(%rdx),%xmm1 + por %xmm0,%xmm4 + pand `16*($k+2)-128`(%rdx),%xmm2 + por %xmm1,%xmm5 + pand `16*($k+3)-128`(%rdx),%xmm3 + por %xmm2,%xmm4 + por %xmm3,%xmm5 +___ +} +$code.=<<___; + por %xmm5,%xmm4 + pshufd \$0x4e,%xmm4,%xmm0 + por %xmm4,%xmm0 + lea $STRIDE($bp),$bp + movd %xmm0,$m0 # m0=bp[i] + + xor $j,$j # j=0 + + mov (%rsp),$A[0] + mov $n0,$m1 + mulq $m0 # ap[0]*bp[i] + add %rax,$A[0] # ap[0]*bp[i]+tp[0] + mov ($np),%rax + adc \$0,%rdx + + imulq $A[0],$m1 # tp[0]*n0 + mov %rdx,$A[1] + + mulq $m1 # np[0]*m1 + add %rax,$A[0] # "$N[0]", discarded + mov 8($ap),%rax + adc \$0,%rdx + mov %rdx,$N[1] + + mulq $m0 # ap[j]*bp[i] + add %rax,$A[1] + mov 8($np),%rax + adc \$0,%rdx + add 8(%rsp),$A[1] # +tp[1] + adc \$0,%rdx + mov %rdx,$A[0] + + mulq $m1 # np[j]*m1 + add %rax,$N[1] + mov 16($ap),%rax + adc \$0,%rdx + add $A[1],$N[1] # np[j]*m1+ap[j]*bp[i]+tp[j] + lea 4($j),$j # j+=2 + adc \$0,%rdx + mov %rdx,$N[0] + jmp .Linner4x +.align 16 +.Linner4x: + mulq $m0 # ap[j]*bp[i] + add %rax,$A[0] + mov -16($np,$j,8),%rax + adc \$0,%rdx + add -16(%rsp,$j,8),$A[0] # ap[j]*bp[i]+tp[j] + adc \$0,%rdx + mov %rdx,$A[1] + + mulq $m1 # np[j]*m1 + add %rax,$N[0] + mov -8($ap,$j,8),%rax + adc \$0,%rdx + add $A[0],$N[0] + adc \$0,%rdx + mov $N[1],-32(%rsp,$j,8) # tp[j-1] + mov %rdx,$N[1] + + mulq $m0 # ap[j]*bp[i] + add %rax,$A[1] + mov -8($np,$j,8),%rax + adc \$0,%rdx + add -8(%rsp,$j,8),$A[1] + adc \$0,%rdx + mov %rdx,$A[0] + + mulq $m1 # np[j]*m1 + add %rax,$N[1] + mov ($ap,$j,8),%rax + adc \$0,%rdx + add $A[1],$N[1] + adc \$0,%rdx + mov $N[0],-24(%rsp,$j,8) # tp[j-1] + mov %rdx,$N[0] + + mulq $m0 # ap[j]*bp[i] + add %rax,$A[0] + mov ($np,$j,8),%rax + adc \$0,%rdx + add (%rsp,$j,8),$A[0] # ap[j]*bp[i]+tp[j] + adc \$0,%rdx + mov %rdx,$A[1] + + mulq $m1 # np[j]*m1 + add %rax,$N[0] + mov 8($ap,$j,8),%rax + adc \$0,%rdx + add $A[0],$N[0] + adc \$0,%rdx + mov $N[1],-16(%rsp,$j,8) # tp[j-1] + mov %rdx,$N[1] + + mulq $m0 # ap[j]*bp[i] + add %rax,$A[1] + mov 8($np,$j,8),%rax + adc \$0,%rdx + add 8(%rsp,$j,8),$A[1] + adc \$0,%rdx + lea 4($j),$j # j++ + mov %rdx,$A[0] + + mulq $m1 # np[j]*m1 + add %rax,$N[1] + mov -16($ap,$j,8),%rax + adc \$0,%rdx + add $A[1],$N[1] + adc \$0,%rdx + mov $N[0],-40(%rsp,$j,8) # tp[j-1] + mov %rdx,$N[0] + cmp $num,$j + jl .Linner4x + + mulq $m0 # ap[j]*bp[i] + add %rax,$A[0] + mov -16($np,$j,8),%rax + adc \$0,%rdx + add -16(%rsp,$j,8),$A[0] # ap[j]*bp[i]+tp[j] + adc \$0,%rdx + mov %rdx,$A[1] + + mulq $m1 # np[j]*m1 + add %rax,$N[0] + mov -8($ap,$j,8),%rax + adc \$0,%rdx + add $A[0],$N[0] + adc \$0,%rdx + mov $N[1],-32(%rsp,$j,8) # tp[j-1] + mov %rdx,$N[1] + + mulq $m0 # ap[j]*bp[i] + add %rax,$A[1] + mov -8($np,$j,8),%rax + adc \$0,%rdx + add -8(%rsp,$j,8),$A[1] + adc \$0,%rdx + lea 1($i),$i # i++ + mov %rdx,$A[0] + + mulq $m1 # np[j]*m1 + add %rax,$N[1] + mov ($ap),%rax # ap[0] + adc \$0,%rdx + add $A[1],$N[1] + adc \$0,%rdx + mov $N[0],-24(%rsp,$j,8) # tp[j-1] + mov %rdx,$N[0] + + mov $N[1],-16(%rsp,$j,8) # tp[j-1] + + xor $N[1],$N[1] + add $A[0],$N[0] + adc \$0,$N[1] + add (%rsp,$num,8),$N[0] # pull upmost overflow bit + adc \$0,$N[1] + mov $N[0],-8(%rsp,$j,8) + mov $N[1],(%rsp,$j,8) # store upmost overflow bit + + cmp $num,$i + jl .Louter4x +___ +{ +my @ri=("%rax","%rdx",$m0,$m1); +$code.=<<___; + mov 16(%rsp,$num,8),$rp # restore $rp + mov 0(%rsp),@ri[0] # tp[0] + pxor %xmm0,%xmm0 + mov 8(%rsp),@ri[1] # tp[1] + shr \$2,$num # num/=4 + lea (%rsp),$ap # borrow ap for tp + xor $i,$i # i=0 and clear CF! + + sub 0($np),@ri[0] + mov 16($ap),@ri[2] # tp[2] + mov 24($ap),@ri[3] # tp[3] + sbb 8($np),@ri[1] + lea -1($num),$j # j=num/4-1 + jmp .Lsub4x +.align 16 +.Lsub4x: + mov @ri[0],0($rp,$i,8) # rp[i]=tp[i]-np[i] + mov @ri[1],8($rp,$i,8) # rp[i]=tp[i]-np[i] + sbb 16($np,$i,8),@ri[2] + mov 32($ap,$i,8),@ri[0] # tp[i+1] + mov 40($ap,$i,8),@ri[1] + sbb 24($np,$i,8),@ri[3] + mov @ri[2],16($rp,$i,8) # rp[i]=tp[i]-np[i] + mov @ri[3],24($rp,$i,8) # rp[i]=tp[i]-np[i] + sbb 32($np,$i,8),@ri[0] + mov 48($ap,$i,8),@ri[2] + mov 56($ap,$i,8),@ri[3] + sbb 40($np,$i,8),@ri[1] + lea 4($i),$i # i++ + dec $j # doesnn't affect CF! + jnz .Lsub4x + + mov @ri[0],0($rp,$i,8) # rp[i]=tp[i]-np[i] + mov 32($ap,$i,8),@ri[0] # load overflow bit + sbb 16($np,$i,8),@ri[2] + mov @ri[1],8($rp,$i,8) # rp[i]=tp[i]-np[i] + sbb 24($np,$i,8),@ri[3] + mov @ri[2],16($rp,$i,8) # rp[i]=tp[i]-np[i] + + sbb \$0,@ri[0] # handle upmost overflow bit + mov @ri[3],24($rp,$i,8) # rp[i]=tp[i]-np[i] + xor $i,$i # i=0 + and @ri[0],$ap + not @ri[0] + mov $rp,$np + and @ri[0],$np + lea -1($num),$j + or $np,$ap # ap=borrow?tp:rp + + movdqu ($ap),%xmm1 + movdqa %xmm0,(%rsp) + movdqu %xmm1,($rp) + jmp .Lcopy4x +.align 16 +.Lcopy4x: # copy or in-place refresh + movdqu 16($ap,$i),%xmm2 + movdqu 32($ap,$i),%xmm1 + movdqa %xmm0,16(%rsp,$i) + movdqu %xmm2,16($rp,$i) + movdqa %xmm0,32(%rsp,$i) + movdqu %xmm1,32($rp,$i) + lea 32($i),$i + dec $j + jnz .Lcopy4x + + shl \$2,$num + movdqu 16($ap,$i),%xmm2 + movdqa %xmm0,16(%rsp,$i) + movdqu %xmm2,16($rp,$i) +___ +} +$code.=<<___; + mov 8(%rsp,$num,8),%rsi # restore %rsp + mov \$1,%rax + + mov (%rsi),%r15 + mov 8(%rsi),%r14 + mov 16(%rsi),%r13 + mov 24(%rsi),%r12 + mov 32(%rsi),%rbp + mov 40(%rsi),%rbx + lea 48(%rsi),%rsp +.Lmul4x_epilogue: + ret +.size bn_mul4x_mont_gather5,.-bn_mul4x_mont_gather5 +___ +}}} + +{ +my ($inp,$num,$tbl,$idx)=$win64?("%rcx","%rdx","%r8", "%r9d") : # Win64 order + ("%rdi","%rsi","%rdx","%ecx"); # Unix order +my $out=$inp; +my $STRIDE=2**5*8; +my $N=$STRIDE/4; + +$code.=<<___; +.globl bn_scatter5 +.type bn_scatter5,\@abi-omnipotent +.align 16 +bn_scatter5: + cmp \$0, $num + jz .Lscatter_epilogue + lea ($tbl,$idx,8),$tbl +.Lscatter: + mov ($inp),%rax + lea 8($inp),$inp + mov %rax,($tbl) + lea 32*8($tbl),$tbl + sub \$1,$num + jnz .Lscatter +.Lscatter_epilogue: + ret +.size bn_scatter5,.-bn_scatter5 + +.globl bn_gather5 +.type bn_gather5,\@abi-omnipotent +.align 16 +bn_gather5: +.LSEH_begin_bn_gather5: # Win64 thing, but harmless in other cases + # I can't trust assembler to use specific encoding:-( + .byte 0x4c,0x8d,0x14,0x24 # lea (%rsp),%r10 + .byte 0x48,0x81,0xec,0x08,0x01,0x00,0x00 # sub $0x108,%rsp + lea .Linc(%rip),%rax + and \$-16,%rsp # shouldn't be formally required + + movd $idx,%xmm5 + movdqa 0(%rax),%xmm0 # 00000001000000010000000000000000 + movdqa 16(%rax),%xmm1 # 00000002000000020000000200000002 + lea 128($tbl),%r11 # size optimization + lea 128(%rsp),%rax # size optimization + + pshufd \$0,%xmm5,%xmm5 # broadcast $idx + movdqa %xmm1,%xmm4 + movdqa %xmm1,%xmm2 +___ +######################################################################## +# calculate mask by comparing 0..31 to $idx and save result to stack +# +for($i=0;$i<$STRIDE/16;$i+=4) { +$code.=<<___; + paddd %xmm0,%xmm1 + pcmpeqd %xmm5,%xmm0 # compare to 1,0 +___ +$code.=<<___ if ($i); + movdqa %xmm3,`16*($i-1)-128`(%rax) +___ +$code.=<<___; + movdqa %xmm4,%xmm3 + + paddd %xmm1,%xmm2 + pcmpeqd %xmm5,%xmm1 # compare to 3,2 + movdqa %xmm0,`16*($i+0)-128`(%rax) + movdqa %xmm4,%xmm0 + + paddd %xmm2,%xmm3 + pcmpeqd %xmm5,%xmm2 # compare to 5,4 + movdqa %xmm1,`16*($i+1)-128`(%rax) + movdqa %xmm4,%xmm1 + + paddd %xmm3,%xmm0 + pcmpeqd %xmm5,%xmm3 # compare to 7,6 + movdqa %xmm2,`16*($i+2)-128`(%rax) + movdqa %xmm4,%xmm2 +___ +} +$code.=<<___; + movdqa %xmm3,`16*($i-1)-128`(%rax) + jmp .Lgather + +.align 32 +.Lgather: + pxor %xmm4,%xmm4 + pxor %xmm5,%xmm5 +___ +for($i=0;$i<$STRIDE/16;$i+=4) { +$code.=<<___; + movdqa `16*($i+0)-128`(%r11),%xmm0 + movdqa `16*($i+1)-128`(%r11),%xmm1 + movdqa `16*($i+2)-128`(%r11),%xmm2 + pand `16*($i+0)-128`(%rax),%xmm0 + movdqa `16*($i+3)-128`(%r11),%xmm3 + pand `16*($i+1)-128`(%rax),%xmm1 + por %xmm0,%xmm4 + pand `16*($i+2)-128`(%rax),%xmm2 + por %xmm1,%xmm5 + pand `16*($i+3)-128`(%rax),%xmm3 + por %xmm2,%xmm4 + por %xmm3,%xmm5 +___ +} +$code.=<<___; + por %xmm5,%xmm4 + lea $STRIDE(%r11),%r11 + pshufd \$0x4e,%xmm4,%xmm0 + por %xmm4,%xmm0 + movq %xmm0,($out) # m0=bp[0] + lea 8($out),$out + sub \$1,$num + jnz .Lgather + + lea (%r10),%rsp + ret +.LSEH_end_bn_gather5: +.size bn_gather5,.-bn_gather5 +___ +} +$code.=<<___; +.align 64 +.Linc: + .long 0,0, 1,1 + .long 2,2, 2,2 +.asciz "Montgomery Multiplication with scatter/gather for x86_64, CRYPTOGAMS by " +___ + +# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, +# CONTEXT *context,DISPATCHER_CONTEXT *disp) +if ($win64) { +$rec="%rcx"; +$frame="%rdx"; +$context="%r8"; +$disp="%r9"; + +$code.=<<___; +.extern __imp_RtlVirtualUnwind +.type mul_handler,\@abi-omnipotent +.align 16 +mul_handler: + push %rsi + push %rdi + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + pushfq + sub \$64,%rsp + + mov 120($context),%rax # pull context->Rax + mov 248($context),%rbx # pull context->Rip + + mov 8($disp),%rsi # disp->ImageBase + mov 56($disp),%r11 # disp->HandlerData + + mov 0(%r11),%r10d # HandlerData[0] + lea (%rsi,%r10),%r10 # end of prologue label + cmp %r10,%rbx # context->RipRipRsp + + mov 8(%r11),%r10d # HandlerData[2] + lea (%rsi,%r10),%r10 # epilogue label + cmp %r10,%rbx # context->Rip>=epilogue label + jae .Lcommon_seh_tail + + mov 192($context),%r10 # pull $num + mov 8(%rax,%r10,8),%rax # pull saved stack pointer + + lea 48(%rax),%rax + + mov -8(%rax),%rbx + mov -16(%rax),%rbp + mov -24(%rax),%r12 + mov -32(%rax),%r13 + mov -40(%rax),%r14 + mov -48(%rax),%r15 + mov %rbx,144($context) # restore context->Rbx + mov %rbp,160($context) # restore context->Rbp + mov %r12,216($context) # restore context->R12 + mov %r13,224($context) # restore context->R13 + mov %r14,232($context) # restore context->R14 + mov %r15,240($context) # restore context->R15 + +.Lcommon_seh_tail: + mov 8(%rax),%rdi + mov 16(%rax),%rsi + mov %rax,152($context) # restore context->Rsp + mov %rsi,168($context) # restore context->Rsi + mov %rdi,176($context) # restore context->Rdi + + mov 40($disp),%rdi # disp->ContextRecord + mov $context,%rsi # context + mov \$154,%ecx # sizeof(CONTEXT) + .long 0xa548f3fc # cld; rep movsq + + mov $disp,%rsi + xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER + mov 8(%rsi),%rdx # arg2, disp->ImageBase + mov 0(%rsi),%r8 # arg3, disp->ControlPc + mov 16(%rsi),%r9 # arg4, disp->FunctionEntry + mov 40(%rsi),%r10 # disp->ContextRecord + lea 56(%rsi),%r11 # &disp->HandlerData + lea 24(%rsi),%r12 # &disp->EstablisherFrame + mov %r10,32(%rsp) # arg5 + mov %r11,40(%rsp) # arg6 + mov %r12,48(%rsp) # arg7 + mov %rcx,56(%rsp) # arg8, (NULL) + call *__imp_RtlVirtualUnwind(%rip) + + mov \$1,%eax # ExceptionContinueSearch + add \$64,%rsp + popfq + pop %r15 + pop %r14 + pop %r13 + pop %r12 + pop %rbp + pop %rbx + pop %rdi + pop %rsi + ret +.size mul_handler,.-mul_handler + +.section .pdata +.align 4 + .rva .LSEH_begin_bn_mul_mont_gather5 + .rva .LSEH_end_bn_mul_mont_gather5 + .rva .LSEH_info_bn_mul_mont_gather5 + + .rva .LSEH_begin_bn_mul4x_mont_gather5 + .rva .LSEH_end_bn_mul4x_mont_gather5 + .rva .LSEH_info_bn_mul4x_mont_gather5 + + .rva .LSEH_begin_bn_gather5 + .rva .LSEH_end_bn_gather5 + .rva .LSEH_info_bn_gather5 + +.section .xdata +.align 8 +.LSEH_info_bn_mul_mont_gather5: + .byte 9,0,0,0 + .rva mul_handler + .rva .Lmul_alloca,.Lmul_body,.Lmul_epilogue # HandlerData[] +.align 8 +.LSEH_info_bn_mul4x_mont_gather5: + .byte 9,0,0,0 + .rva mul_handler + .rva .Lmul4x_alloca,.Lmul4x_body,.Lmul4x_epilogue # HandlerData[] +.align 8 +.LSEH_info_bn_gather5: + .byte 0x01,0x0b,0x03,0x0a + .byte 0x0b,0x01,0x21,0x00 # sub rsp,0x108 + .byte 0x04,0xa3,0x00,0x00 # lea r10,(rsp), set_frame r10 +.align 8 +___ +} + +$code =~ s/\`([^\`]*)\`/eval($1)/gem; + +print $code; +close STDOUT; diff --git a/src/lib/libcrypto/bn/bn.h b/src/lib/libcrypto/bn/bn.h index 1eaf8795531..cd94e393459 100644 --- a/src/lib/libcrypto/bn/bn.h +++ b/src/lib/libcrypto/bn/bn.h @@ -1,25 +1,25 @@ -/* crypto/bn/bn.h */ +/* $OpenBSD: bn.h,v 1.38 2018/02/20 17:13:14 jsing Exp $ */ /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,32 +49,112 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * Portions of the attached software ("Contribution") are developed by + * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. + * + * The Contribution is licensed pursuant to the Eric Young open source + * license provided above. + * + * The binary polynomial arithmetic software is originally written by + * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. + * + */ #ifndef HEADER_BN_H #define HEADER_BN_H -#include -#ifndef OPENSSL_NO_FP_API -#include /* FILE */ -#endif +#include +#include + +#include + +#include +#include +#include #ifdef __cplusplus extern "C" { #endif -#ifdef OPENSSL_SYS_VMS -#undef BN_LLONG /* experimental, so far... */ -#endif +/* These preprocessor symbols control various aspects of the bignum headers and + * library code. They're not defined by any "normal" configuration, as they are + * intended for development and testing purposes. NB: defining all three can be + * useful for debugging application code as well as openssl itself. + * + * BN_DEBUG - turn on various debugging alterations to the bignum code + * BN_DEBUG_RAND - uses random poisoning of unused words to trip up + * mismanagement of bignum internals. You must also define BN_DEBUG. + */ +/* #define BN_DEBUG */ +/* #define BN_DEBUG_RAND */ +#ifndef OPENSSL_SMALL_FOOTPRINT #define BN_MUL_COMBA #define BN_SQR_COMBA #define BN_RECURSION +#endif /* This next option uses the C libraries (2 word)/(1 word) function. * If it is not defined, I use my C version (which is slower). @@ -87,25 +167,16 @@ extern "C" { * For machines with only one compiler (or shared libraries), this should * be on. Again this in only really a problem on machines * using "long long's", are 32bit, and are not using my assembler code. */ -#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || \ - defined(OPENSSL_SYS_WIN32) || defined(linux) -# ifndef BN_DIV2W -# define BN_DIV2W -# endif -#endif +/* #define BN_DIV2W */ -/* assuming long is 64bit - this is the DEC Alpha - * unsigned long long is only 64 bits :-(, don't define - * BN_LLONG for the DEC Alpha */ -#ifdef SIXTY_FOUR_BIT_LONG -#define BN_ULLONG unsigned long long +#ifdef _LP64 +#undef BN_LLONG #define BN_ULONG unsigned long #define BN_LONG long #define BN_BITS 128 #define BN_BYTES 8 #define BN_BITS2 64 #define BN_BITS4 32 -#define BN_MASK (0xffffffffffffffffffffffffffffffffLL) #define BN_MASK2 (0xffffffffffffffffL) #define BN_MASK2l (0xffffffffL) #define BN_MASK2h (0xffffffff00000000L) @@ -115,164 +186,124 @@ extern "C" { #define BN_DEC_FMT1 "%lu" #define BN_DEC_FMT2 "%019lu" #define BN_DEC_NUM 19 -#endif - -/* This is where the long long data type is 64 bits, but long is 32. - * For machines where there are 64bit registers, this is the mode to use. - * IRIX, on R4000 and above should use this mode, along with the relevant - * assembler code :-). Do NOT define BN_LLONG. - */ -#ifdef SIXTY_FOUR_BIT -#undef BN_LLONG -#undef BN_ULLONG -#define BN_ULONG unsigned long long -#define BN_LONG long long -#define BN_BITS 128 -#define BN_BYTES 8 -#define BN_BITS2 64 -#define BN_BITS4 32 -#define BN_MASK2 (0xffffffffffffffffLL) -#define BN_MASK2l (0xffffffffL) -#define BN_MASK2h (0xffffffff00000000LL) -#define BN_MASK2h1 (0xffffffff80000000LL) -#define BN_TBIT (0x8000000000000000LL) -#define BN_DEC_CONV (10000000000000000000ULL) -#define BN_DEC_FMT1 "%llu" -#define BN_DEC_FMT2 "%019llu" -#define BN_DEC_NUM 19 -#endif - -#ifdef THIRTY_TWO_BIT -#if defined(OPENSSL_SYS_WIN32) && !defined(__GNUC__) -#define BN_ULLONG unsigned _int64 +#define BN_HEX_FMT1 "%lX" +#define BN_HEX_FMT2 "%016lX" #else #define BN_ULLONG unsigned long long -#endif -#define BN_ULONG unsigned long -#define BN_LONG long +#define BN_LLONG +#define BN_ULONG unsigned int +#define BN_LONG int #define BN_BITS 64 #define BN_BYTES 4 #define BN_BITS2 32 #define BN_BITS4 16 -#ifdef OPENSSL_SYS_WIN32 -/* VC++ doesn't like the LL suffix */ -#define BN_MASK (0xffffffffffffffffL) -#else #define BN_MASK (0xffffffffffffffffLL) -#endif #define BN_MASK2 (0xffffffffL) #define BN_MASK2l (0xffff) #define BN_MASK2h1 (0xffff8000L) #define BN_MASK2h (0xffff0000L) #define BN_TBIT (0x80000000L) #define BN_DEC_CONV (1000000000L) -#define BN_DEC_FMT1 "%lu" -#define BN_DEC_FMT2 "%09lu" -#define BN_DEC_NUM 9 -#endif - -#ifdef SIXTEEN_BIT -#ifndef BN_DIV2W -#define BN_DIV2W -#endif -#define BN_ULLONG unsigned long -#define BN_ULONG unsigned short -#define BN_LONG short -#define BN_BITS 32 -#define BN_BYTES 2 -#define BN_BITS2 16 -#define BN_BITS4 8 -#define BN_MASK (0xffffffff) -#define BN_MASK2 (0xffff) -#define BN_MASK2l (0xff) -#define BN_MASK2h1 (0xff80) -#define BN_MASK2h (0xff00) -#define BN_TBIT (0x8000) -#define BN_DEC_CONV (100000) -#define BN_DEC_FMT1 "%u" -#define BN_DEC_FMT2 "%05u" -#define BN_DEC_NUM 5 -#endif - -#ifdef EIGHT_BIT -#ifndef BN_DIV2W -#define BN_DIV2W -#endif -#define BN_ULLONG unsigned short -#define BN_ULONG unsigned char -#define BN_LONG char -#define BN_BITS 16 -#define BN_BYTES 1 -#define BN_BITS2 8 -#define BN_BITS4 4 -#define BN_MASK (0xffff) -#define BN_MASK2 (0xff) -#define BN_MASK2l (0xf) -#define BN_MASK2h1 (0xf8) -#define BN_MASK2h (0xf0) -#define BN_TBIT (0x80) -#define BN_DEC_CONV (100) #define BN_DEC_FMT1 "%u" -#define BN_DEC_FMT2 "%02u" -#define BN_DEC_NUM 2 -#endif - -#define BN_DEFAULT_BITS 1280 - -#ifdef BIGNUM -#undef BIGNUM +#define BN_DEC_FMT2 "%09u" +#define BN_DEC_NUM 9 +#define BN_HEX_FMT1 "%X" +#define BN_HEX_FMT2 "%08X" #endif #define BN_FLG_MALLOCED 0x01 #define BN_FLG_STATIC_DATA 0x02 +#define BN_FLG_CONSTTIME 0x04 /* avoid leaking exponent information through timing, + * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime, + * BN_div() will call BN_div_no_branch, + * BN_mod_inverse() will call BN_mod_inverse_no_branch. + */ + +#ifndef OPENSSL_NO_DEPRECATED +#define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME /* deprecated name for the flag */ + /* avoid leaking exponent information through timings + * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime) */ +#endif + +#ifndef OPENSSL_NO_DEPRECATED #define BN_FLG_FREE 0x8000 /* used for debuging */ +#endif #define BN_set_flags(b,n) ((b)->flags|=(n)) #define BN_get_flags(b,n) ((b)->flags&(n)) -typedef struct bignum_st - { +/* get a clone of a BIGNUM with changed flags, for *temporary* use only + * (the two BIGNUMs cannot not be used in parallel!) */ +#define BN_with_flags(dest,b,n) ((dest)->d=(b)->d, \ + (dest)->top=(b)->top, \ + (dest)->dmax=(b)->dmax, \ + (dest)->neg=(b)->neg, \ + (dest)->flags=(((dest)->flags & BN_FLG_MALLOCED) \ + | ((b)->flags & ~BN_FLG_MALLOCED) \ + | BN_FLG_STATIC_DATA \ + | (n))) + +struct bignum_st { BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit chunks. */ int top; /* Index of last used d +1. */ /* The next are internal book keeping for bn_expand. */ int dmax; /* Size of the d array. */ int neg; /* one if the number is negative */ int flags; - } BIGNUM; - -/* Used for temp variables (declaration hidden in bn_lcl.h) */ -typedef struct bignum_ctx BN_CTX; - -typedef struct bn_blinding_st - { - int init; - BIGNUM *A; - BIGNUM *Ai; - BIGNUM *mod; /* just a reference */ - } BN_BLINDING; +}; /* Used for montgomery multiplication */ -typedef struct bn_mont_ctx_st - { +struct bn_mont_ctx_st { int ri; /* number of bits in R */ BIGNUM RR; /* used to convert to montgomery form */ BIGNUM N; /* The modulus */ BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 * (Ni is only stored for bignum algorithm) */ - BN_ULONG n0; /* least significant word of Ni */ + BN_ULONG n0[2];/* least significant word(s) of Ni; + (type changed with 0.9.9, was "BN_ULONG n0;" before) */ int flags; - } BN_MONT_CTX; +}; /* Used for reciprocal division/mod functions * It cannot be shared between threads */ -typedef struct bn_recp_ctx_st - { +struct bn_recp_ctx_st { BIGNUM N; /* the divisor */ BIGNUM Nr; /* the reciprocal */ int num_bits; int shift; int flags; - } BN_RECP_CTX; +}; + +/* Used for slow "generation" functions. */ +struct bn_gencb_st { + unsigned int ver; /* To handle binary (in)compatibility */ + void *arg; /* callback-specific data */ + union { + /* if(ver==1) - handles old style callbacks */ + void (*cb_1)(int, int, void *); + /* if(ver==2) - new callback style */ + int (*cb_2)(int, int, BN_GENCB *); + } cb; +}; + +BN_GENCB *BN_GENCB_new(void); +void BN_GENCB_free(BN_GENCB *cb); +void *BN_GENCB_get_arg(BN_GENCB *cb); + +/* Wrapper function to make using BN_GENCB easier, */ +int BN_GENCB_call(BN_GENCB *cb, int a, int b); +/* Macro to populate a BN_GENCB structure with an "old"-style callback */ +#define BN_GENCB_set_old(gencb, callback, cb_arg) { \ + BN_GENCB *tmp_gencb = (gencb); \ + tmp_gencb->ver = 1; \ + tmp_gencb->arg = (cb_arg); \ + tmp_gencb->cb.cb_1 = (callback); } +/* Macro to populate a BN_GENCB structure with a "new"-style callback */ +#define BN_GENCB_set(gencb, callback, cb_arg) { \ + BN_GENCB *tmp_gencb = (gencb); \ + tmp_gencb->ver = 2; \ + tmp_gencb->arg = (cb_arg); \ + tmp_gencb->cb.cb_2 = (callback); } #define BN_prime_checks 0 /* default: select number of iterations based on the size of the number */ @@ -297,32 +328,42 @@ typedef struct bn_recp_ctx_st #define BN_num_bytes(a) ((BN_num_bits(a)+7)/8) -/* Note that BN_abs_is_word does not work reliably for w == 0 */ -#define BN_abs_is_word(a,w) (((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w))) -#define BN_is_zero(a) (((a)->top == 0) || BN_abs_is_word(a,0)) +/* Note that BN_abs_is_word didn't work reliably for w == 0 until 0.9.8 */ +#define BN_abs_is_word(a,w) ((((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w))) || \ + (((w) == 0) && ((a)->top == 0))) +#define BN_is_zero(a) ((a)->top == 0) #define BN_is_one(a) (BN_abs_is_word((a),1) && !(a)->neg) -#define BN_is_word(a,w) ((w) ? BN_abs_is_word((a),(w)) && !(a)->neg : \ - BN_is_zero((a))) +#define BN_is_word(a,w) (BN_abs_is_word((a),(w)) && (!(w) || !(a)->neg)) #define BN_is_odd(a) (((a)->top > 0) && ((a)->d[0] & 1)) #define BN_one(a) (BN_set_word((a),1)) +#define BN_zero_ex(a) \ + do { \ + BIGNUM *_tmp_bn = (a); \ + _tmp_bn->top = 0; \ + _tmp_bn->neg = 0; \ + } while(0) + +#ifdef OPENSSL_NO_DEPRECATED +#define BN_zero(a) BN_zero_ex(a) +#else #define BN_zero(a) (BN_set_word((a),0)) - -/*#define BN_ascii2bn(a) BN_hex2bn(a) */ -/*#define BN_bn2ascii(a) BN_bn2hex(a) */ +#endif const BIGNUM *BN_value_one(void); char * BN_options(void); BN_CTX *BN_CTX_new(void); +#ifndef OPENSSL_NO_DEPRECATED void BN_CTX_init(BN_CTX *c); +#endif void BN_CTX_free(BN_CTX *c); void BN_CTX_start(BN_CTX *ctx); BIGNUM *BN_CTX_get(BN_CTX *ctx); void BN_CTX_end(BN_CTX *ctx); -int BN_rand(BIGNUM *rnd, int bits, int top,int bottom); -int BN_pseudo_rand(BIGNUM *rnd, int bits, int top,int bottom); -int BN_rand_range(BIGNUM *rnd, BIGNUM *range); -int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range); +int BN_rand(BIGNUM *rnd, int bits, int top, int bottom); +int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); +int BN_rand_range(BIGNUM *rnd, const BIGNUM *range); +int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range); int BN_num_bits(const BIGNUM *a); int BN_num_bits_word(BN_ULONG); BIGNUM *BN_new(void); @@ -330,27 +371,39 @@ void BN_init(BIGNUM *); void BN_clear_free(BIGNUM *a); BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b); void BN_swap(BIGNUM *a, BIGNUM *b); -BIGNUM *BN_bin2bn(const unsigned char *s,int len,BIGNUM *ret); +BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret); int BN_bn2bin(const BIGNUM *a, unsigned char *to); -BIGNUM *BN_mpi2bn(const unsigned char *s,int len,BIGNUM *ret); +BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret); int BN_bn2mpi(const BIGNUM *a, unsigned char *to); int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); -int BN_sqr(BIGNUM *r, const BIGNUM *a,BN_CTX *ctx); +int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx); +/** BN_set_negative sets sign of a BIGNUM + * \param b pointer to the BIGNUM object + * \param n 0 if the BIGNUM b should be positive and a value != 0 otherwise + */ +void BN_set_negative(BIGNUM *b, int n); +/** BN_is_negative returns 1 if the BIGNUM is negative + * \param a pointer to the BIGNUM object + * \return 1 if a < 0 and 0 otherwise + */ +#define BN_is_negative(a) ((a)->neg != 0) +#ifndef LIBRESSL_INTERNAL int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, - BN_CTX *ctx); + BN_CTX *ctx); #define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx)) +#endif int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx); int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx); int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m); int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx); int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m); int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - const BIGNUM *m, BN_CTX *ctx); + const BIGNUM *m, BN_CTX *ctx); int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m); @@ -370,29 +423,27 @@ void BN_free(BIGNUM *a); int BN_is_bit_set(const BIGNUM *a, int n); int BN_lshift(BIGNUM *r, const BIGNUM *a, int n); int BN_lshift1(BIGNUM *r, const BIGNUM *a); -int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,BN_CTX *ctx); +int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +#ifndef LIBRESSL_INTERNAL int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m,BN_CTX *ctx); + const BIGNUM *m, BN_CTX *ctx); int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +#endif +int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont); int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1, - const BIGNUM *a2, const BIGNUM *p2,const BIGNUM *m, - BN_CTX *ctx,BN_MONT_CTX *m_ctx); + const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m, + BN_CTX *ctx, BN_MONT_CTX *m_ctx); int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m,BN_CTX *ctx); + const BIGNUM *m, BN_CTX *ctx); -int BN_mask_bits(BIGNUM *a,int n); -#ifndef OPENSSL_NO_FP_API +int BN_mask_bits(BIGNUM *a, int n); int BN_print_fp(FILE *fp, const BIGNUM *a); -#endif -#ifdef HEADER_BIO_H int BN_print(BIO *fp, const BIGNUM *a); -#else -int BN_print(void *fp, const BIGNUM *a); -#endif int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx); int BN_rshift(BIGNUM *r, const BIGNUM *a, int n); int BN_rshift1(BIGNUM *r, const BIGNUM *a); @@ -405,90 +456,199 @@ char * BN_bn2hex(const BIGNUM *a); char * BN_bn2dec(const BIGNUM *a); int BN_hex2bn(BIGNUM **a, const char *str); int BN_dec2bn(BIGNUM **a, const char *str); -int BN_gcd(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx); +int BN_asc2bn(BIGNUM **a, const char *str); +#ifndef LIBRESSL_INTERNAL +int BN_gcd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); +#endif int BN_kronecker(const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx); /* returns -2 for error */ +#ifndef LIBRESSL_INTERNAL BIGNUM *BN_mod_inverse(BIGNUM *ret, - const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx); + const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx); +#endif BIGNUM *BN_mod_sqrt(BIGNUM *ret, - const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx); -BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe, - const BIGNUM *add, const BIGNUM *rem, - void (*callback)(int,int,void *),void *cb_arg); -int BN_is_prime(const BIGNUM *p,int nchecks, - void (*callback)(int,int,void *), - BN_CTX *ctx,void *cb_arg); -int BN_is_prime_fasttest(const BIGNUM *p,int nchecks, - void (*callback)(int,int,void *),BN_CTX *ctx,void *cb_arg, - int do_trial_division); + const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx); + +void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords); + +/* Deprecated versions */ +#ifndef OPENSSL_NO_DEPRECATED +BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, + const BIGNUM *add, const BIGNUM *rem, + void (*callback)(int, int, void *), void *cb_arg); +int BN_is_prime(const BIGNUM *p, int nchecks, + void (*callback)(int, int, void *), + BN_CTX *ctx, void *cb_arg); +int BN_is_prime_fasttest(const BIGNUM *p, int nchecks, + void (*callback)(int, int, void *), BN_CTX *ctx, void *cb_arg, + int do_trial_division); +#endif /* !defined(OPENSSL_NO_DEPRECATED) */ + +/* Newer versions */ +int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, + const BIGNUM *rem, BN_GENCB *cb); +int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb); +int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, + int do_trial_division, BN_GENCB *cb); + +int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx); + +int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, + const BIGNUM *Xp, const BIGNUM *Xp1, const BIGNUM *Xp2, + const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb); +int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, + BIGNUM *Xp1, BIGNUM *Xp2, + const BIGNUM *Xp, + const BIGNUM *e, BN_CTX *ctx, + BN_GENCB *cb); BN_MONT_CTX *BN_MONT_CTX_new(void ); void BN_MONT_CTX_init(BN_MONT_CTX *ctx); -int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b, - BN_MONT_CTX *mont, BN_CTX *ctx); +int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + BN_MONT_CTX *mont, BN_CTX *ctx); #define BN_to_montgomery(r,a,mont,ctx) BN_mod_mul_montgomery(\ (r),(a),&((mont)->RR),(mont),(ctx)) -int BN_from_montgomery(BIGNUM *r,const BIGNUM *a, - BN_MONT_CTX *mont, BN_CTX *ctx); +int BN_from_montgomery(BIGNUM *r, const BIGNUM *a, + BN_MONT_CTX *mont, BN_CTX *ctx); void BN_MONT_CTX_free(BN_MONT_CTX *mont); -int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *modulus,BN_CTX *ctx); -BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from); +int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx); +BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from); +BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, + const BIGNUM *mod, BN_CTX *ctx); + +/* BN_BLINDING flags */ +#define BN_BLINDING_NO_UPDATE 0x00000001 +#define BN_BLINDING_NO_RECREATE 0x00000002 -BN_BLINDING *BN_BLINDING_new(BIGNUM *A,BIGNUM *Ai,BIGNUM *mod); +BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod); void BN_BLINDING_free(BN_BLINDING *b); -int BN_BLINDING_update(BN_BLINDING *b,BN_CTX *ctx); -int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *r, BN_CTX *ctx); +int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx); +int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx); - -void BN_set_params(int mul,int high,int low,int mont); +int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *); +int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *); +#ifndef OPENSSL_NO_DEPRECATED +unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *); +void BN_BLINDING_set_thread_id(BN_BLINDING *, unsigned long); +#endif +CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *); +unsigned long BN_BLINDING_get_flags(const BN_BLINDING *); +void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long); +BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, + const BIGNUM *e, BIGNUM *m, BN_CTX *ctx, + int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx), + BN_MONT_CTX *m_ctx); + +#ifndef OPENSSL_NO_DEPRECATED +void BN_set_params(int mul, int high, int low, int mont); int BN_get_params(int which); /* 0, mul, 1 high, 2 low, 3 mont */ +#endif void BN_RECP_CTX_init(BN_RECP_CTX *recp); BN_RECP_CTX *BN_RECP_CTX_new(void); void BN_RECP_CTX_free(BN_RECP_CTX *recp); -int BN_RECP_CTX_set(BN_RECP_CTX *recp,const BIGNUM *rdiv,BN_CTX *ctx); +int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *rdiv, BN_CTX *ctx); int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y, - BN_RECP_CTX *recp,BN_CTX *ctx); + BN_RECP_CTX *recp, BN_CTX *ctx); int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx); + const BIGNUM *m, BN_CTX *ctx); int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, - BN_RECP_CTX *recp, BN_CTX *ctx); - -/* library internal functions */ - -#define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\ - (a):bn_expand2((a),(bits)/BN_BITS2+1)) -#define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words))) -BIGNUM *bn_expand2(BIGNUM *a, int words); -BIGNUM *bn_dup_expand(const BIGNUM *a, int words); - -#define bn_fix_top(a) \ - { \ - BN_ULONG *ftl; \ - if ((a)->top > 0) \ - { \ - for (ftl= &((a)->d[(a)->top-1]); (a)->top > 0; (a)->top--) \ - if (*(ftl--)) break; \ - } \ - } - -BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w); -BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w); -void bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num); -BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d); -BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num); -BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num); - -#ifdef BN_DEBUG -void bn_dump1(FILE *o, const char *a, const BN_ULONG *b,int n); -# define bn_print(a) {fprintf(stderr, #a "="); BN_print_fp(stderr,a); \ - fprintf(stderr,"\n");} -# define bn_dump(a,n) bn_dump1(stderr,#a,a,n); -#else -# define bn_print(a) -# define bn_dump(a,b) + BN_RECP_CTX *recp, BN_CTX *ctx); + +#ifndef OPENSSL_NO_EC2M + +/* Functions for arithmetic over binary polynomials represented by BIGNUMs. + * + * The BIGNUM::neg property of BIGNUMs representing binary polynomials is + * ignored. + * + * Note that input arguments are not const so that their bit arrays can + * be expanded to the appropriate size if needed. + */ + +int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); /*r = a + b*/ +#define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b) +int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p); /*r=a mod p*/ +int +BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *p, BN_CTX *ctx); /* r = (a * b) mod p */ +int +BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + BN_CTX *ctx); /* r = (a * a) mod p */ +int +BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *b, const BIGNUM *p, + BN_CTX *ctx); /* r = (1 / b) mod p */ +int +BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *p, BN_CTX *ctx); /* r = (a / b) mod p */ +int +BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *p, BN_CTX *ctx); /* r = (a ^ b) mod p */ +int +BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + BN_CTX *ctx); /* r = sqrt(a) mod p */ +int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + BN_CTX *ctx); /* r^2 + r = a mod p */ +#define BN_GF2m_cmp(a, b) BN_ucmp((a), (b)) +/* Some functions allow for representation of the irreducible polynomials + * as an unsigned int[], say p. The irreducible f(t) is then of the form: + * t^p[0] + t^p[1] + ... + t^p[k] + * where m = p[0] > p[1] > ... > p[k] = 0. + */ +int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[]); +/* r = a mod p */ +int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const int p[], BN_CTX *ctx); /* r = (a * b) mod p */ +int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[], + BN_CTX *ctx); /* r = (a * a) mod p */ +int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const int p[], + BN_CTX *ctx); /* r = (1 / b) mod p */ +int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const int p[], BN_CTX *ctx); /* r = (a / b) mod p */ +int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const int p[], BN_CTX *ctx); /* r = (a ^ b) mod p */ +int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, + const int p[], BN_CTX *ctx); /* r = sqrt(a) mod p */ +int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a, + const int p[], BN_CTX *ctx); /* r^2 + r = a mod p */ +int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max); +int BN_GF2m_arr2poly(const int p[], BIGNUM *a); + #endif -int BN_bntest_rand(BIGNUM *rnd, int bits, int top,int bottom); +/* faster mod functions for the 'NIST primes' + * 0 <= a < p^2 */ +int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); +int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); + +const BIGNUM *BN_get0_nist_prime_192(void); +const BIGNUM *BN_get0_nist_prime_224(void); +const BIGNUM *BN_get0_nist_prime_256(void); +const BIGNUM *BN_get0_nist_prime_384(void); +const BIGNUM *BN_get0_nist_prime_521(void); + +/* Primes from RFC 2409 */ +BIGNUM *get_rfc2409_prime_768(BIGNUM *bn); +BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn); +BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn); +BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn); + +/* Primes from RFC 3526 */ +BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn); +BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn); +BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn); +BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn); +BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn); +BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn); +BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *bn); +BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *bn); +BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *bn); +BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn); +BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn); +BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn); /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes @@ -499,21 +659,39 @@ void ERR_load_BN_strings(void); /* Error codes for the BN functions. */ /* Function codes. */ -#define BN_F_BN_BLINDING_CONVERT 100 -#define BN_F_BN_BLINDING_INVERT 101 +#define BN_F_BNRAND 127 +#define BN_F_BN_BLINDING_CONVERT_EX 100 +#define BN_F_BN_BLINDING_CREATE_PARAM 128 +#define BN_F_BN_BLINDING_INVERT_EX 101 #define BN_F_BN_BLINDING_NEW 102 #define BN_F_BN_BLINDING_UPDATE 103 #define BN_F_BN_BN2DEC 104 #define BN_F_BN_BN2HEX 105 #define BN_F_BN_CTX_GET 116 #define BN_F_BN_CTX_NEW 106 +#define BN_F_BN_CTX_START 129 #define BN_F_BN_DIV 107 +#define BN_F_BN_DIV_NO_BRANCH 138 +#define BN_F_BN_DIV_RECP 130 +#define BN_F_BN_EXP 123 #define BN_F_BN_EXPAND2 108 +#define BN_F_BN_GENERATE_PRIME_EX 140 #define BN_F_BN_EXPAND_INTERNAL 120 +#define BN_F_BN_GF2M_MOD 131 +#define BN_F_BN_GF2M_MOD_EXP 132 +#define BN_F_BN_GF2M_MOD_MUL 133 +#define BN_F_BN_GF2M_MOD_SOLVE_QUAD 134 +#define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 135 +#define BN_F_BN_GF2M_MOD_SQR 136 +#define BN_F_BN_GF2M_MOD_SQRT 137 #define BN_F_BN_MOD_EXP2_MONT 118 #define BN_F_BN_MOD_EXP_MONT 109 +#define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124 #define BN_F_BN_MOD_EXP_MONT_WORD 117 +#define BN_F_BN_MOD_EXP_RECP 125 +#define BN_F_BN_MOD_EXP_SIMPLE 126 #define BN_F_BN_MOD_INVERSE 110 +#define BN_F_BN_MOD_INVERSE_NO_BRANCH 139 #define BN_F_BN_MOD_LSHIFT_QUICK 119 #define BN_F_BN_MOD_MUL_RECIPROCAL 111 #define BN_F_BN_MOD_SQRT 121 @@ -527,6 +705,7 @@ void ERR_load_BN_strings(void); #define BN_R_ARG2_LT_ARG3 100 #define BN_R_BAD_RECIPROCAL 101 #define BN_R_BIGNUM_TOO_LONG 114 +#define BN_R_BITS_TOO_SMALL 117 #define BN_R_CALLED_WITH_EVEN_MODULUS 102 #define BN_R_DIV_BY_ZERO 103 #define BN_R_ENCODING_ERROR 104 @@ -537,6 +716,7 @@ void ERR_load_BN_strings(void); #define BN_R_NOT_A_SQUARE 111 #define BN_R_NOT_INITIALIZED 107 #define BN_R_NO_INVERSE 108 +#define BN_R_NO_SOLUTION 116 #define BN_R_P_IS_NOT_PRIME 112 #define BN_R_TOO_MANY_ITERATIONS 113 #define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109 diff --git a/src/lib/libcrypto/bn/bn.mul b/src/lib/libcrypto/bn/bn.mul deleted file mode 100644 index 9728870d38a..00000000000 --- a/src/lib/libcrypto/bn/bn.mul +++ /dev/null @@ -1,19 +0,0 @@ -We need - -* bn_mul_comba8 -* bn_mul_comba4 -* bn_mul_normal -* bn_mul_recursive - -* bn_sqr_comba8 -* bn_sqr_comba4 -bn_sqr_normal -> BN_sqr -* bn_sqr_recursive - -* bn_mul_low_recursive -* bn_mul_low_normal -* bn_mul_high - -* bn_mul_part_recursive # symetric but not power of 2 - -bn_mul_asymetric_recursive # uneven, but do the chop up. diff --git a/src/lib/libcrypto/bn/bn_add.c b/src/lib/libcrypto/bn/bn_add.c index 6cba07e9f67..048a136b95d 100644 --- a/src/lib/libcrypto/bn/bn_add.c +++ b/src/lib/libcrypto/bn/bn_add.c @@ -1,25 +1,25 @@ -/* crypto/bn/bn_add.c */ +/* $OpenBSD: bn_add.c,v 1.13 2018/07/23 18:07:21 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,253 +57,167 @@ */ #include -#include "cryptlib.h" + +#include + #include "bn_lcl.h" -/* r can == a or b */ -int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) - { - const BIGNUM *tmp; - int a_neg = a->neg; +int +BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) +{ + int ret, r_neg; bn_check_top(a); bn_check_top(b); - /* a + b a+b - * a + -b a-b - * -a + b b-a - * -a + -b -(a+b) - */ - if (a_neg ^ b->neg) - { - /* only one is negative */ - if (a_neg) - { tmp=a; a=b; b=tmp; } - - /* we are now a - b */ - - if (BN_ucmp(a,b) < 0) - { - if (!BN_usub(r,b,a)) return(0); - r->neg=1; - } - else - { - if (!BN_usub(r,a,b)) return(0); - r->neg=0; - } - return(1); + if (a->neg == b->neg) { + r_neg = a->neg; + ret = BN_uadd(r, a, b); + } else { + int cmp = BN_ucmp(a, b); + + if (cmp > 0) { + r_neg = a->neg; + ret = BN_usub(r, a, b); + } else if (cmp < 0) { + r_neg = b->neg; + ret = BN_usub(r, b, a); + } else { + r_neg = 0; + BN_zero(r); + ret = 1; } - - if (!BN_uadd(r,a,b)) return(0); - if (a_neg) /* both are neg */ - r->neg=1; - else - r->neg=0; - return(1); } -/* unsigned add of b to a, r must be large enough */ -int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) - { - register int i; - int max,min; - BN_ULONG *ap,*bp,*rp,carry,t1; - const BIGNUM *tmp; + r->neg = r_neg; + bn_check_top(r); + return ret; +} + +int +BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) +{ + int max, min, dif; + const BN_ULONG *ap, *bp; + BN_ULONG *rp, carry, t1, t2; bn_check_top(a); bn_check_top(b); - if (a->top < b->top) - { tmp=a; a=b; b=tmp; } - max=a->top; - min=b->top; - - if (bn_wexpand(r,max+1) == NULL) - return(0); - - r->top=max; - - - ap=a->d; - bp=b->d; - rp=r->d; - carry=0; - - carry=bn_add_words(rp,ap,bp,min); - rp+=min; - ap+=min; - bp+=min; - i=min; - - if (carry) - { - while (i < max) - { - i++; - t1= *(ap++); - if ((*(rp++)=(t1+1)&BN_MASK2) >= t1) - { - carry=0; - break; - } - } - if ((i >= max) && carry) - { - *(rp++)=1; - r->top++; - } - } - if (rp != ap) - { - for (; ineg = 0; - return(1); + if (a->top < b->top) { + const BIGNUM *tmp; + + tmp = a; + a = b; + b = tmp; } + max = a->top; + min = b->top; + dif = max - min; -/* unsigned subtraction of b from a, a must be larger than b. */ -int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) - { - int max,min; - register BN_ULONG t1,t2,*ap,*bp,*rp; - int i,carry; -#if defined(IRIX_CC_BUG) && !defined(LINT) - int dummy; -#endif + if (bn_wexpand(r, max + 1) == NULL) + return 0; - bn_check_top(a); - bn_check_top(b); + r->top = max; - if (a->top < b->top) /* hmm... should not be happening */ - { - BNerr(BN_F_BN_USUB,BN_R_ARG2_LT_ARG3); - return(0); - } + ap = a->d; + bp = b->d; + rp = r->d; - max=a->top; - min=b->top; - if (bn_wexpand(r,max) == NULL) return(0); - - ap=a->d; - bp=b->d; - rp=r->d; - -#if 1 - carry=0; - for (i=0; i t2) break; - } - } -#if 0 - memcpy(rp,ap,sizeof(*rp)*(max-i)); -#else - if (rp != ap) - { - for (;;) - { - if (i++ >= max) break; - rp[0]=ap[0]; - if (i++ >= max) break; - rp[1]=ap[1]; - if (i++ >= max) break; - rp[2]=ap[2]; - if (i++ >= max) break; - rp[3]=ap[3]; - rp+=4; - ap+=4; - } - } -#endif + carry = bn_add_words(rp, ap, bp, min); + rp += min; + ap += min; - r->top=max; - r->neg=0; - bn_fix_top(r); - return(1); + while (dif) { + dif--; + t1 = *(ap++); + t2 = (t1 + carry) & BN_MASK2; + *(rp++) = t2; + carry &= (t2 == 0); } + *rp = carry; + r->top += carry; -int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) - { - int max; - int add=0,neg=0; - const BIGNUM *tmp; + r->neg = 0; + bn_check_top(r); + return 1; +} + +int +BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) +{ + int max, min, dif; + const BN_ULONG *ap, *bp; + BN_ULONG t1, t2, borrow, *rp; bn_check_top(a); bn_check_top(b); - /* a - b a-b - * a - -b a+b - * -a - b -(a+b) - * -a - -b b-a - */ - if (a->neg) - { - if (b->neg) - { tmp=a; a=b; b=tmp; } - else - { add=1; neg=1; } - } - else - { - if (b->neg) { add=1; neg=0; } - } + max = a->top; + min = b->top; + dif = max - min; - if (add) - { - if (!BN_uadd(r,a,b)) return(0); - r->neg=neg; - return(1); - } + if (dif < 0) { + BNerror(BN_R_ARG2_LT_ARG3); + return 0; + } - /* We are actually doing a - b :-) */ + if (bn_wexpand(r, max) == NULL) + return 0; - max=(a->top > b->top)?a->top:b->top; - if (bn_wexpand(r,max) == NULL) return(0); - if (BN_ucmp(a,b) < 0) - { - if (!BN_usub(r,b,a)) return(0); - r->neg=1; - } - else - { - if (!BN_usub(r,a,b)) return(0); - r->neg=0; + ap = a->d; + bp = b->d; + rp = r->d; + + borrow = bn_sub_words(rp, ap, bp, min); + ap += min; + rp += min; + + while (dif) { + dif--; + t1 = *(ap++); + t2 = (t1 - borrow) & BN_MASK2; + *(rp++) = t2; + borrow &= (t1 == 0); + } + + while (max > 0 && *--rp == 0) + max--; + + r->top = max; + r->neg = 0; + bn_correct_top(r); + return 1; +} + +int +BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) +{ + int ret, r_neg; + + bn_check_top(a); + bn_check_top(b); + + if (a->neg != b->neg) { + r_neg = a->neg; + ret = BN_uadd(r, a, b); + } else { + int cmp = BN_ucmp(a, b); + + if (cmp > 0) { + r_neg = a->neg; + ret = BN_usub(r, a, b); + } else if (cmp < 0) { + r_neg = !b->neg; + ret = BN_usub(r, b, a); + } else { + r_neg = 0; + BN_zero(r); + ret = 1; } - return(1); } + r->neg = r_neg; + bn_check_top(r); + return ret; +} diff --git a/src/lib/libcrypto/bn/bn_asm.c b/src/lib/libcrypto/bn/bn_asm.c index be8aa3ffc5a..993fbb3dc57 100644 --- a/src/lib/libcrypto/bn/bn_asm.c +++ b/src/lib/libcrypto/bn/bn_asm.c @@ -1,25 +1,25 @@ -/* crypto/bn/bn_asm.c */ +/* $OpenBSD: bn_asm.c,v 1.15 2017/05/02 03:59:44 deraadt Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -61,365 +61,428 @@ # define NDEBUG #endif -#include #include -#include "cryptlib.h" +#include + +#include + #include "bn_lcl.h" #if defined(BN_LLONG) || defined(BN_UMULT_HIGH) -BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) - { - BN_ULONG c1=0; +BN_ULONG +bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) +{ + BN_ULONG c1 = 0; assert(num >= 0); - if (num <= 0) return(c1); - - while (num&~3) - { - mul_add(rp[0],ap[0],w,c1); - mul_add(rp[1],ap[1],w,c1); - mul_add(rp[2],ap[2],w,c1); - mul_add(rp[3],ap[3],w,c1); - ap+=4; rp+=4; num-=4; - } - if (num) - { - mul_add(rp[0],ap[0],w,c1); if (--num==0) return c1; - mul_add(rp[1],ap[1],w,c1); if (--num==0) return c1; - mul_add(rp[2],ap[2],w,c1); return c1; - } - - return(c1); - } + if (num <= 0) + return (c1); + +#ifndef OPENSSL_SMALL_FOOTPRINT + while (num & ~3) { + mul_add(rp[0], ap[0], w, c1); + mul_add(rp[1], ap[1], w, c1); + mul_add(rp[2], ap[2], w, c1); + mul_add(rp[3], ap[3], w, c1); + ap += 4; + rp += 4; + num -= 4; + } +#endif + while (num) { + mul_add(rp[0], ap[0], w, c1); + ap++; + rp++; + num--; + } + + return (c1); +} -BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) - { - BN_ULONG c1=0; +BN_ULONG +bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) +{ + BN_ULONG c1 = 0; assert(num >= 0); - if (num <= 0) return(c1); - - while (num&~3) - { - mul(rp[0],ap[0],w,c1); - mul(rp[1],ap[1],w,c1); - mul(rp[2],ap[2],w,c1); - mul(rp[3],ap[3],w,c1); - ap+=4; rp+=4; num-=4; - } - if (num) - { - mul(rp[0],ap[0],w,c1); if (--num == 0) return c1; - mul(rp[1],ap[1],w,c1); if (--num == 0) return c1; - mul(rp[2],ap[2],w,c1); - } - return(c1); - } + if (num <= 0) + return (c1); + +#ifndef OPENSSL_SMALL_FOOTPRINT + while (num & ~3) { + mul(rp[0], ap[0], w, c1); + mul(rp[1], ap[1], w, c1); + mul(rp[2], ap[2], w, c1); + mul(rp[3], ap[3], w, c1); + ap += 4; + rp += 4; + num -= 4; + } +#endif + while (num) { + mul(rp[0], ap[0], w, c1); + ap++; + rp++; + num--; + } + return (c1); +} -void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n) - { +void +bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n) +{ assert(n >= 0); - if (n <= 0) return; - while (n&~3) - { - sqr(r[0],r[1],a[0]); - sqr(r[2],r[3],a[1]); - sqr(r[4],r[5],a[2]); - sqr(r[6],r[7],a[3]); - a+=4; r+=8; n-=4; - } - if (n) - { - sqr(r[0],r[1],a[0]); if (--n == 0) return; - sqr(r[2],r[3],a[1]); if (--n == 0) return; - sqr(r[4],r[5],a[2]); - } + if (n <= 0) + return; + +#ifndef OPENSSL_SMALL_FOOTPRINT + while (n & ~3) { + sqr(r[0], r[1], a[0]); + sqr(r[2], r[3], a[1]); + sqr(r[4], r[5], a[2]); + sqr(r[6], r[7], a[3]); + a += 4; + r += 8; + n -= 4; + } +#endif + while (n) { + sqr(r[0], r[1], a[0]); + a++; + r += 2; + n--; } +} #else /* !(defined(BN_LLONG) || defined(BN_UMULT_HIGH)) */ -BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) - { - BN_ULONG c=0; - BN_ULONG bl,bh; +BN_ULONG +bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) +{ + BN_ULONG c = 0; + BN_ULONG bl, bh; assert(num >= 0); - if (num <= 0) return((BN_ULONG)0); - - bl=LBITS(w); - bh=HBITS(w); - - for (;;) - { - mul_add(rp[0],ap[0],bl,bh,c); - if (--num == 0) break; - mul_add(rp[1],ap[1],bl,bh,c); - if (--num == 0) break; - mul_add(rp[2],ap[2],bl,bh,c); - if (--num == 0) break; - mul_add(rp[3],ap[3],bl,bh,c); - if (--num == 0) break; - ap+=4; - rp+=4; - } - return(c); - } + if (num <= 0) + return ((BN_ULONG)0); + + bl = LBITS(w); + bh = HBITS(w); + +#ifndef OPENSSL_SMALL_FOOTPRINT + while (num & ~3) { + mul_add(rp[0], ap[0], bl, bh, c); + mul_add(rp[1], ap[1], bl, bh, c); + mul_add(rp[2], ap[2], bl, bh, c); + mul_add(rp[3], ap[3], bl, bh, c); + ap += 4; + rp += 4; + num -= 4; + } +#endif + while (num) { + mul_add(rp[0], ap[0], bl, bh, c); + ap++; + rp++; + num--; + } + return (c); +} -BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) - { - BN_ULONG carry=0; - BN_ULONG bl,bh; +BN_ULONG +bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) +{ + BN_ULONG carry = 0; + BN_ULONG bl, bh; assert(num >= 0); - if (num <= 0) return((BN_ULONG)0); - - bl=LBITS(w); - bh=HBITS(w); - - for (;;) - { - mul(rp[0],ap[0],bl,bh,carry); - if (--num == 0) break; - mul(rp[1],ap[1],bl,bh,carry); - if (--num == 0) break; - mul(rp[2],ap[2],bl,bh,carry); - if (--num == 0) break; - mul(rp[3],ap[3],bl,bh,carry); - if (--num == 0) break; - ap+=4; - rp+=4; - } - return(carry); - } + if (num <= 0) + return ((BN_ULONG)0); + + bl = LBITS(w); + bh = HBITS(w); + +#ifndef OPENSSL_SMALL_FOOTPRINT + while (num & ~3) { + mul(rp[0], ap[0], bl, bh, carry); + mul(rp[1], ap[1], bl, bh, carry); + mul(rp[2], ap[2], bl, bh, carry); + mul(rp[3], ap[3], bl, bh, carry); + ap += 4; + rp += 4; + num -= 4; + } +#endif + while (num) { + mul(rp[0], ap[0], bl, bh, carry); + ap++; + rp++; + num--; + } + return (carry); +} -void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n) - { +void +bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n) +{ assert(n >= 0); - if (n <= 0) return; - for (;;) - { - sqr64(r[0],r[1],a[0]); - if (--n == 0) break; - - sqr64(r[2],r[3],a[1]); - if (--n == 0) break; - - sqr64(r[4],r[5],a[2]); - if (--n == 0) break; - - sqr64(r[6],r[7],a[3]); - if (--n == 0) break; - - a+=4; - r+=8; - } + if (n <= 0) + return; + +#ifndef OPENSSL_SMALL_FOOTPRINT + while (n & ~3) { + sqr64(r[0], r[1], a[0]); + sqr64(r[2], r[3], a[1]); + sqr64(r[4], r[5], a[2]); + sqr64(r[6], r[7], a[3]); + a += 4; + r += 8; + n -= 4; + } +#endif + while (n) { + sqr64(r[0], r[1], a[0]); + a++; + r += 2; + n--; } +} #endif /* !(defined(BN_LLONG) || defined(BN_UMULT_HIGH)) */ #if defined(BN_LLONG) && defined(BN_DIV2W) -BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d) - { - return((BN_ULONG)(((((BN_ULLONG)h)< (BN_ULONG)1<= d) h-=d; - - if (i) - { - d<<=i; - h=(h<>(BN_BITS2-i)); - l<<=i; - } - dh=(d&BN_MASK2h)>>BN_BITS4; - dl=(d&BN_MASK2l); - for (;;) - { - if ((h>>BN_BITS4) == dh) - q=BN_MASK2l; +BN_ULONG +bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d) +{ + BN_ULONG dh, dl, q,ret = 0, th, tl, t; + int i, count = 2; + + if (d == 0) + return (BN_MASK2); + + i = BN_num_bits_word(d); + assert((i == BN_BITS2) || (h <= (BN_ULONG)1 << i)); + + i = BN_BITS2 - i; + if (h >= d) + h -= d; + + if (i) { + d <<= i; + h = (h << i) | (l >> (BN_BITS2 - i)); + l <<= i; + } + dh = (d & BN_MASK2h) >> BN_BITS4; + dl = (d & BN_MASK2l); + for (;;) { + if ((h >> BN_BITS4) == dh) + q = BN_MASK2l; else - q=h/dh; - - th=q*dh; - tl=dl*q; - for (;;) - { - t=h-th; - if ((t&BN_MASK2h) || - ((tl) <= ( - (t<>BN_BITS4)))) + q = h / dh; + + th = q * dh; + tl = dl * q; + for (;;) { + t = h - th; + if ((t & BN_MASK2h) || + ((tl) <= ( + (t << BN_BITS4) | + ((l & BN_MASK2h) >> BN_BITS4)))) break; q--; - th-=dh; - tl-=dl; - } - t=(tl>>BN_BITS4); - tl=(tl<> BN_BITS4); + tl = (tl << BN_BITS4) & BN_MASK2h; + th += t; + + if (l < tl) + th++; + l -= tl; + if (h < th) { + h += d; q--; - } - h-=th; + } + h -= th; - if (--count == 0) break; + if (--count == 0) + break; - ret=q<>BN_BITS4))&BN_MASK2; - l=(l&BN_MASK2l)<> BN_BITS4)) & BN_MASK2; + l = (l & BN_MASK2l) << BN_BITS4; } + ret |= q; + return (ret); +} #endif /* !defined(BN_LLONG) && defined(BN_DIV2W) */ #ifdef BN_LLONG -BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n) - { - BN_ULLONG ll=0; +BN_ULONG +bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n) +{ + BN_ULLONG ll = 0; assert(n >= 0); - if (n <= 0) return((BN_ULONG)0); - - for (;;) - { - ll+=(BN_ULLONG)a[0]+b[0]; - r[0]=(BN_ULONG)ll&BN_MASK2; - ll>>=BN_BITS2; - if (--n <= 0) break; - - ll+=(BN_ULLONG)a[1]+b[1]; - r[1]=(BN_ULONG)ll&BN_MASK2; - ll>>=BN_BITS2; - if (--n <= 0) break; - - ll+=(BN_ULLONG)a[2]+b[2]; - r[2]=(BN_ULONG)ll&BN_MASK2; - ll>>=BN_BITS2; - if (--n <= 0) break; - - ll+=(BN_ULLONG)a[3]+b[3]; - r[3]=(BN_ULONG)ll&BN_MASK2; - ll>>=BN_BITS2; - if (--n <= 0) break; - - a+=4; - b+=4; - r+=4; - } - return((BN_ULONG)ll); + if (n <= 0) + return ((BN_ULONG)0); + +#ifndef OPENSSL_SMALL_FOOTPRINT + while (n & ~3) { + ll += (BN_ULLONG)a[0] + b[0]; + r[0] = (BN_ULONG)ll & BN_MASK2; + ll >>= BN_BITS2; + ll += (BN_ULLONG)a[1] + b[1]; + r[1] = (BN_ULONG)ll & BN_MASK2; + ll >>= BN_BITS2; + ll += (BN_ULLONG)a[2] + b[2]; + r[2] = (BN_ULONG)ll & BN_MASK2; + ll >>= BN_BITS2; + ll += (BN_ULLONG)a[3] + b[3]; + r[3] = (BN_ULONG)ll & BN_MASK2; + ll >>= BN_BITS2; + a += 4; + b += 4; + r += 4; + n -= 4; + } +#endif + while (n) { + ll += (BN_ULLONG)a[0] + b[0]; + r[0] = (BN_ULONG)ll & BN_MASK2; + ll >>= BN_BITS2; + a++; + b++; + r++; + n--; } + return ((BN_ULONG)ll); +} #else /* !BN_LLONG */ -BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n) - { - BN_ULONG c,l,t; +BN_ULONG +bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n) +{ + BN_ULONG c, l, t; assert(n >= 0); - if (n <= 0) return((BN_ULONG)0); - - c=0; - for (;;) - { - t=a[0]; - t=(t+c)&BN_MASK2; - c=(t < c); - l=(t+b[0])&BN_MASK2; - c+=(l < t); - r[0]=l; - if (--n <= 0) break; - - t=a[1]; - t=(t+c)&BN_MASK2; - c=(t < c); - l=(t+b[1])&BN_MASK2; - c+=(l < t); - r[1]=l; - if (--n <= 0) break; - - t=a[2]; - t=(t+c)&BN_MASK2; - c=(t < c); - l=(t+b[2])&BN_MASK2; - c+=(l < t); - r[2]=l; - if (--n <= 0) break; - - t=a[3]; - t=(t+c)&BN_MASK2; - c=(t < c); - l=(t+b[3])&BN_MASK2; - c+=(l < t); - r[3]=l; - if (--n <= 0) break; - - a+=4; - b+=4; - r+=4; - } - return((BN_ULONG)c); + if (n <= 0) + return ((BN_ULONG)0); + + c = 0; +#ifndef OPENSSL_SMALL_FOOTPRINT + while (n & ~3) { + t = a[0]; + t = (t + c) & BN_MASK2; + c = (t < c); + l = (t + b[0]) & BN_MASK2; + c += (l < t); + r[0] = l; + t = a[1]; + t = (t + c) & BN_MASK2; + c = (t < c); + l = (t + b[1]) & BN_MASK2; + c += (l < t); + r[1] = l; + t = a[2]; + t = (t + c) & BN_MASK2; + c = (t < c); + l = (t + b[2]) & BN_MASK2; + c += (l < t); + r[2] = l; + t = a[3]; + t = (t + c) & BN_MASK2; + c = (t < c); + l = (t + b[3]) & BN_MASK2; + c += (l < t); + r[3] = l; + a += 4; + b += 4; + r += 4; + n -= 4; + } +#endif + while (n) { + t = a[0]; + t = (t + c) & BN_MASK2; + c = (t < c); + l = (t + b[0]) & BN_MASK2; + c += (l < t); + r[0] = l; + a++; + b++; + r++; + n--; } + return ((BN_ULONG)c); +} #endif /* !BN_LLONG */ -BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n) - { - BN_ULONG t1,t2; - int c=0; +BN_ULONG +bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n) +{ + BN_ULONG t1, t2; + int c = 0; assert(n >= 0); - if (n <= 0) return((BN_ULONG)0); - - for (;;) - { - t1=a[0]; t2=b[0]; - r[0]=(t1-t2-c)&BN_MASK2; - if (t1 != t2) c=(t1 < t2); - if (--n <= 0) break; - - t1=a[1]; t2=b[1]; - r[1]=(t1-t2-c)&BN_MASK2; - if (t1 != t2) c=(t1 < t2); - if (--n <= 0) break; - - t1=a[2]; t2=b[2]; - r[2]=(t1-t2-c)&BN_MASK2; - if (t1 != t2) c=(t1 < t2); - if (--n <= 0) break; - - t1=a[3]; t2=b[3]; - r[3]=(t1-t2-c)&BN_MASK2; - if (t1 != t2) c=(t1 < t2); - if (--n <= 0) break; - - a+=4; - b+=4; - r+=4; - } - return(c); + if (n <= 0) + return ((BN_ULONG)0); + +#ifndef OPENSSL_SMALL_FOOTPRINT + while (n&~3) { + t1 = a[0]; + t2 = b[0]; + r[0] = (t1 - t2 - c) & BN_MASK2; + if (t1 != t2) + c = (t1 < t2); + t1 = a[1]; + t2 = b[1]; + r[1] = (t1 - t2 - c) & BN_MASK2; + if (t1 != t2) + c = (t1 < t2); + t1 = a[2]; + t2 = b[2]; + r[2] = (t1 - t2 - c) & BN_MASK2; + if (t1 != t2) + c = (t1 < t2); + t1 = a[3]; + t2 = b[3]; + r[3] = (t1 - t2 - c) & BN_MASK2; + if (t1 != t2) + c = (t1 < t2); + a += 4; + b += 4; + r += 4; + n -= 4; + } +#endif + while (n) { + t1 = a[0]; + t2 = b[0]; + r[0] = (t1 - t2 - c) & BN_MASK2; + if (t1 != t2) + c = (t1 < t2); + a++; + b++; + r++; + n--; } + return (c); +} -#ifdef BN_MUL_COMBA +#if defined(BN_MUL_COMBA) && !defined(OPENSSL_SMALL_FOOTPRINT) #undef bn_mul_comba8 #undef bn_mul_comba4 @@ -432,401 +495,602 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n) /* sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number c=(c2,c1,c0) */ #ifdef BN_LLONG -#define mul_add_c(a,b,c0,c1,c2) \ - t=(BN_ULLONG)a*b; \ - t1=(BN_ULONG)Lw(t); \ - t2=(BN_ULONG)Hw(t); \ - c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \ - c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++; - -#define mul_add_c2(a,b,c0,c1,c2) \ - t=(BN_ULLONG)a*b; \ - tt=(t+t)&BN_MASK; \ - if (tt < t) c2++; \ - t1=(BN_ULONG)Lw(tt); \ - t2=(BN_ULONG)Hw(tt); \ - c0=(c0+t1)&BN_MASK2; \ - if ((c0 < t1) && (((++t2)&BN_MASK2) == 0)) c2++; \ - c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++; - -#define sqr_add_c(a,i,c0,c1,c2) \ - t=(BN_ULLONG)a[i]*a[i]; \ - t1=(BN_ULONG)Lw(t); \ - t2=(BN_ULONG)Hw(t); \ - c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \ - c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++; +/* + * Keep in mind that additions to multiplication result can not + * overflow, because its high half cannot be all-ones. + */ +#define mul_add_c(a,b,c0,c1,c2) do { \ + BN_ULONG hi; \ + BN_ULLONG t = (BN_ULLONG)(a)*(b); \ + t += c0; /* no carry */ \ + c0 = (BN_ULONG)Lw(t); \ + hi = (BN_ULONG)Hw(t); \ + c1 = (c1+hi)&BN_MASK2; if (c1= np[num - 1]) { + c0 = bn_sub_words(rp, tp, np, num); + if (tp[num] != 0 || c0 == 0) { + goto out; + } + } + memcpy(rp, tp, num * sizeof(BN_ULONG)); +out: + freezero(tp, (num + 2) * sizeof(BN_ULONG)); + return 1; +} #else - BN_ULONG bl,bh; +/* + * Return value of 0 indicates that multiplication/convolution was not + * performed to signal the caller to fall down to alternative/original + * code-path. + */ +int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np, const BN_ULONG *n0, int num) + { return 0; +} +#endif /* OPENSSL_BN_ASM_MONT */ #endif - BN_ULONG t1,t2; - BN_ULONG c1,c2,c3; - - c1=0; - c2=0; - c3=0; - sqr_add_c(a,0,c1,c2,c3); - r[0]=c1; - c1=0; - sqr_add_c2(a,1,0,c2,c3,c1); - r[1]=c2; - c2=0; - sqr_add_c(a,1,c3,c1,c2); - sqr_add_c2(a,2,0,c3,c1,c2); - r[2]=c3; - c3=0; - sqr_add_c2(a,3,0,c1,c2,c3); - sqr_add_c2(a,2,1,c1,c2,c3); - r[3]=c1; - c1=0; - sqr_add_c(a,2,c2,c3,c1); - sqr_add_c2(a,3,1,c2,c3,c1); - r[4]=c2; - c2=0; - sqr_add_c2(a,3,2,c3,c1,c2); - r[5]=c3; - c3=0; - sqr_add_c(a,3,c1,c2,c3); - r[6]=c1; - r[7]=c2; - } + #else /* !BN_MUL_COMBA */ /* hmm... is it faster just to do a multiply? */ #undef bn_sqr_comba4 -void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a) - { +void +bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a) +{ BN_ULONG t[8]; - bn_sqr_normal(r,a,4,t); - } + bn_sqr_normal(r, a, 4, t); +} #undef bn_sqr_comba8 -void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a) - { +void +bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a) +{ BN_ULONG t[16]; - bn_sqr_normal(r,a,8,t); + bn_sqr_normal(r, a, 8, t); +} + +void +bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) +{ + r[4] = bn_mul_words(&(r[0]), a, 4, b[0]); + r[5] = bn_mul_add_words(&(r[1]), a, 4, b[1]); + r[6] = bn_mul_add_words(&(r[2]), a, 4, b[2]); + r[7] = bn_mul_add_words(&(r[3]), a, 4, b[3]); +} + +void +bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) +{ + r[8] = bn_mul_words(&(r[0]), a, 8, b[0]); + r[9] = bn_mul_add_words(&(r[1]), a, 8, b[1]); + r[10] = bn_mul_add_words(&(r[2]), a, 8, b[2]); + r[11] = bn_mul_add_words(&(r[3]), a, 8, b[3]); + r[12] = bn_mul_add_words(&(r[4]), a, 8, b[4]); + r[13] = bn_mul_add_words(&(r[5]), a, 8, b[5]); + r[14] = bn_mul_add_words(&(r[6]), a, 8, b[6]); + r[15] = bn_mul_add_words(&(r[7]), a, 8, b[7]); +} + +#ifdef OPENSSL_NO_ASM +#ifdef OPENSSL_BN_ASM_MONT +int +bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, + const BN_ULONG *np, const BN_ULONG *n0p, int num) +{ + BN_ULONG c0, c1, *tp, n0 = *n0p; + int i = 0, j; + + tp = calloc(NULL, num + 2, sizeof(BN_ULONG)); + if (tp == NULL) + return 0; + + for (i = 0; i < num; i++) { + c0 = bn_mul_add_words(tp, ap, num, bp[i]); + c1 = (tp[num] + c0) & BN_MASK2; + tp[num] = c1; + tp[num + 1] = (c1 < c0 ? 1 : 0); + + c0 = bn_mul_add_words(tp, np, num, tp[0] * n0); + c1 = (tp[num] + c0) & BN_MASK2; + tp[num] = c1; + tp[num + 1] += (c1 < c0 ? 1 : 0); + for (j = 0; j <= num; j++) + tp[j] = tp[j + 1]; } -void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) - { - r[4]=bn_mul_words( &(r[0]),a,4,b[0]); - r[5]=bn_mul_add_words(&(r[1]),a,4,b[1]); - r[6]=bn_mul_add_words(&(r[2]),a,4,b[2]); - r[7]=bn_mul_add_words(&(r[3]),a,4,b[3]); - } - -void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) - { - r[ 8]=bn_mul_words( &(r[0]),a,8,b[0]); - r[ 9]=bn_mul_add_words(&(r[1]),a,8,b[1]); - r[10]=bn_mul_add_words(&(r[2]),a,8,b[2]); - r[11]=bn_mul_add_words(&(r[3]),a,8,b[3]); - r[12]=bn_mul_add_words(&(r[4]),a,8,b[4]); - r[13]=bn_mul_add_words(&(r[5]),a,8,b[5]); - r[14]=bn_mul_add_words(&(r[6]),a,8,b[6]); - r[15]=bn_mul_add_words(&(r[7]),a,8,b[7]); + if (tp[num] != 0 || tp[num - 1] >= np[num - 1]) { + c0 = bn_sub_words(rp, tp, np, num); + if (tp[num] != 0 || c0 == 0) { + goto out; + } } + memcpy(rp, tp, num * sizeof(BN_ULONG)); +out: + freezero(tp, (num + 2) * sizeof(BN_ULONG)); + return 1; +} +#else +int +bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, + const BN_ULONG *np, const BN_ULONG *n0, int num) +{ + return 0; +} +#endif /* OPENSSL_BN_ASM_MONT */ +#endif #endif /* !BN_MUL_COMBA */ diff --git a/src/lib/libcrypto/bn/bn_blind.c b/src/lib/libcrypto/bn/bn_blind.c index 2d287e6d1bb..ecd67182798 100644 --- a/src/lib/libcrypto/bn/bn_blind.c +++ b/src/lib/libcrypto/bn/bn_blind.c @@ -1,25 +1,78 @@ -/* crypto/bn/bn_blind.c */ +/* $OpenBSD: bn_blind.c,v 1.17 2017/01/29 17:49:22 beck Exp $ */ +/* ==================================================================== + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +87,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +102,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,88 +110,278 @@ */ #include -#include "cryptlib.h" + +#include + +#include + #include "bn_lcl.h" -BN_BLINDING *BN_BLINDING_new(BIGNUM *A, BIGNUM *Ai, BIGNUM *mod) - { - BN_BLINDING *ret=NULL; +#define BN_BLINDING_COUNTER 32 + +struct bn_blinding_st { + BIGNUM *A; + BIGNUM *Ai; + BIGNUM *e; + BIGNUM *mod; /* just a reference */ +#ifndef OPENSSL_NO_DEPRECATED + unsigned long thread_id; /* added in OpenSSL 0.9.6j and 0.9.7b; + * used only by crypto/rsa/rsa_eay.c, rsa_lib.c */ +#endif + CRYPTO_THREADID tid; + int counter; + unsigned long flags; + BN_MONT_CTX *m_ctx; + int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +}; + +BN_BLINDING * +BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod) +{ + BN_BLINDING *ret = NULL; - bn_check_top(Ai); bn_check_top(mod); - if ((ret=(BN_BLINDING *)OPENSSL_malloc(sizeof(BN_BLINDING))) == NULL) - { - BNerr(BN_F_BN_BLINDING_NEW,ERR_R_MALLOC_FAILURE); - return(NULL); - } - memset(ret,0,sizeof(BN_BLINDING)); - if ((ret->A=BN_new()) == NULL) goto err; - if ((ret->Ai=BN_new()) == NULL) goto err; - if (!BN_copy(ret->A,A)) goto err; - if (!BN_copy(ret->Ai,Ai)) goto err; - ret->mod=mod; - return(ret); -err: - if (ret != NULL) BN_BLINDING_free(ret); - return(NULL); + if ((ret = calloc(1, sizeof(BN_BLINDING))) == NULL) { + BNerror(ERR_R_MALLOC_FAILURE); + return (NULL); + } + if (A != NULL) { + if ((ret->A = BN_dup(A)) == NULL) + goto err; + } + if (Ai != NULL) { + if ((ret->Ai = BN_dup(Ai)) == NULL) + goto err; } -void BN_BLINDING_free(BN_BLINDING *r) - { - if(r == NULL) - return; + /* save a copy of mod in the BN_BLINDING structure */ + if ((ret->mod = BN_dup(mod)) == NULL) + goto err; + if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0) + BN_set_flags(ret->mod, BN_FLG_CONSTTIME); - if (r->A != NULL) BN_free(r->A ); - if (r->Ai != NULL) BN_free(r->Ai); - OPENSSL_free(r); - } + /* Set the counter to the special value -1 + * to indicate that this is never-used fresh blinding + * that does not need updating before first use. */ + ret->counter = -1; + CRYPTO_THREADID_current(&ret->tid); + return (ret); + +err: + if (ret != NULL) + BN_BLINDING_free(ret); + return (NULL); +} + +void +BN_BLINDING_free(BN_BLINDING *r) +{ + if (r == NULL) + return; -int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx) - { - int ret=0; + BN_clear_free(r->A); + BN_clear_free(r->Ai); + BN_clear_free(r->e); + BN_clear_free(r->mod); + free(r); +} - if ((b->A == NULL) || (b->Ai == NULL)) - { - BNerr(BN_F_BN_BLINDING_UPDATE,BN_R_NOT_INITIALIZED); +int +BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx) +{ + int ret = 0; + + if ((b->A == NULL) || (b->Ai == NULL)) { + BNerror(BN_R_NOT_INITIALIZED); goto err; - } - - if (!BN_mod_mul(b->A,b->A,b->A,b->mod,ctx)) goto err; - if (!BN_mod_mul(b->Ai,b->Ai,b->Ai,b->mod,ctx)) goto err; + } - ret=1; -err: - return(ret); + if (b->counter == -1) + b->counter = 0; + + if (++b->counter == BN_BLINDING_COUNTER && b->e != NULL && + !(b->flags & BN_BLINDING_NO_RECREATE)) { + /* re-create blinding parameters */ + if (!BN_BLINDING_create_param(b, NULL, NULL, ctx, NULL, NULL)) + goto err; + } else if (!(b->flags & BN_BLINDING_NO_UPDATE)) { + if (!BN_mod_mul(b->A, b->A, b->A, b->mod, ctx)) + goto err; + if (!BN_mod_mul(b->Ai, b->Ai, b->Ai, b->mod, ctx)) + goto err; } -int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx) - { + ret = 1; + +err: + if (b->counter == BN_BLINDING_COUNTER) + b->counter = 0; + return (ret); +} + +int +BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx) +{ + return BN_BLINDING_convert_ex(n, NULL, b, ctx); +} + +int +BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx) +{ + int ret = 1; + bn_check_top(n); - if ((b->A == NULL) || (b->Ai == NULL)) - { - BNerr(BN_F_BN_BLINDING_CONVERT,BN_R_NOT_INITIALIZED); - return(0); - } - return(BN_mod_mul(n,n,b->A,b->mod,ctx)); + if ((b->A == NULL) || (b->Ai == NULL)) { + BNerror(BN_R_NOT_INITIALIZED); + return (0); } -int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx) - { + if (b->counter == -1) + /* Fresh blinding, doesn't need updating. */ + b->counter = 0; + else if (!BN_BLINDING_update(b, ctx)) + return (0); + + if (r != NULL) { + if (!BN_copy(r, b->Ai)) + ret = 0; + } + + if (!BN_mod_mul(n, n,b->A, b->mod, ctx)) + ret = 0; + + return ret; +} + +int +BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx) +{ + return BN_BLINDING_invert_ex(n, NULL, b, ctx); +} + +int +BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx) +{ int ret; bn_check_top(n); - if ((b->A == NULL) || (b->Ai == NULL)) - { - BNerr(BN_F_BN_BLINDING_INVERT,BN_R_NOT_INITIALIZED); - return(0); - } - if ((ret=BN_mod_mul(n,n,b->Ai,b->mod,ctx)) >= 0) - { - if (!BN_BLINDING_update(b,ctx)) - return(0); + + if (r != NULL) + ret = BN_mod_mul(n, n, r, b->mod, ctx); + else { + if (b->Ai == NULL) { + BNerror(BN_R_NOT_INITIALIZED); + return (0); } - return(ret); + ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx); + } + + bn_check_top(n); + return (ret); +} + +#ifndef OPENSSL_NO_DEPRECATED +unsigned long +BN_BLINDING_get_thread_id(const BN_BLINDING *b) +{ + return b->thread_id; +} + +void +BN_BLINDING_set_thread_id(BN_BLINDING *b, unsigned long n) +{ + b->thread_id = n; +} +#endif + +CRYPTO_THREADID * +BN_BLINDING_thread_id(BN_BLINDING *b) +{ + return &b->tid; +} + +unsigned long +BN_BLINDING_get_flags(const BN_BLINDING *b) +{ + return b->flags; +} + +void +BN_BLINDING_set_flags(BN_BLINDING *b, unsigned long flags) +{ + b->flags = flags; +} + +BN_BLINDING * +BN_BLINDING_create_param(BN_BLINDING *b, const BIGNUM *e, BIGNUM *m, + BN_CTX *ctx, int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx), BN_MONT_CTX *m_ctx) +{ + int retry_counter = 32; + BN_BLINDING *ret = NULL; + + if (b == NULL) + ret = BN_BLINDING_new(NULL, NULL, m); + else + ret = b; + + if (ret == NULL) + goto err; + + if (ret->A == NULL && (ret->A = BN_new()) == NULL) + goto err; + if (ret->Ai == NULL && (ret->Ai = BN_new()) == NULL) + goto err; + + if (e != NULL) { + BN_free(ret->e); + ret->e = BN_dup(e); + } + if (ret->e == NULL) + goto err; + + if (bn_mod_exp != NULL) + ret->bn_mod_exp = bn_mod_exp; + if (m_ctx != NULL) + ret->m_ctx = m_ctx; + + do { + if (!BN_rand_range(ret->A, ret->mod)) + goto err; + if (BN_mod_inverse_ct(ret->Ai, ret->A, ret->mod, ctx) == NULL) { + /* this should almost never happen for good RSA keys */ + unsigned long error = ERR_peek_last_error(); + if (ERR_GET_REASON(error) == BN_R_NO_INVERSE) { + if (retry_counter-- == 0) { + BNerror(BN_R_TOO_MANY_ITERATIONS); + goto err; + } + ERR_clear_error(); + } else + goto err; + } else + break; + } while (1); + + if (ret->bn_mod_exp != NULL && ret->m_ctx != NULL) { + if (!ret->bn_mod_exp(ret->A, ret->A, ret->e, ret->mod, + ctx, ret->m_ctx)) + goto err; + } else { + if (!BN_mod_exp_ct(ret->A, ret->A, ret->e, ret->mod, ctx)) + goto err; + } + + return ret; + +err: + if (b == NULL && ret != NULL) { + BN_BLINDING_free(ret); + ret = NULL; } + return ret; +} diff --git a/src/lib/libcrypto/bn/bn_const.c b/src/lib/libcrypto/bn/bn_const.c new file mode 100644 index 00000000000..0ceff9160dd --- /dev/null +++ b/src/lib/libcrypto/bn/bn_const.c @@ -0,0 +1,457 @@ +/* $OpenBSD: bn_const.c,v 1.5 2018/02/20 17:02:30 jsing Exp $ */ +/* Insert boilerplate */ + +#include + +/* "First Oakley Default Group" from RFC2409, section 6.1. + * + * The prime is: 2^768 - 2 ^704 - 1 + 2^64 * { [2^638 pi] + 149686 } + * + * RFC2409 specifies a generator of 2. + * RFC2412 specifies a generator of of 22. + */ + +BIGNUM * +get_rfc2409_prime_768(BIGNUM *bn) +{ + static const unsigned char RFC2409_PRIME_768[] = { + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, + 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, + 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6, + 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, + 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, + 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, + 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, + 0xA6, 0x3A, 0x36, 0x20, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + }; + return BN_bin2bn(RFC2409_PRIME_768, sizeof(RFC2409_PRIME_768), bn); +} + +BIGNUM * +BN_get_rfc2409_prime_768(BIGNUM *bn) +{ + return get_rfc2409_prime_768(bn); +} + +/* "Second Oakley Default Group" from RFC2409, section 6.2. + * + * The prime is: 2^1024 - 2^960 - 1 + 2^64 * { [2^894 pi] + 129093 }. + * + * RFC2409 specifies a generator of 2. + * RFC2412 specifies a generator of 22. + */ + +BIGNUM * +get_rfc2409_prime_1024(BIGNUM *bn) +{ + static const unsigned char RFC2409_PRIME_1024[] = { + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, + 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, + 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6, + 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, + 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, + 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, + 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, + 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, + 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, + 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE6, 0x53, 0x81, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + }; + return BN_bin2bn(RFC2409_PRIME_1024, sizeof(RFC2409_PRIME_1024), bn); +} + +BIGNUM * +BN_get_rfc2409_prime_1024(BIGNUM *bn) +{ + return get_rfc2409_prime_1024(bn); +} + +/* "1536-bit MODP Group" from RFC3526, Section 2. + * + * The prime is: 2^1536 - 2^1472 - 1 + 2^64 * { [2^1406 pi] + 741804 } + * + * RFC3526 specifies a generator of 2. + * RFC2312 specifies a generator of 22. + */ + +BIGNUM * +get_rfc3526_prime_1536(BIGNUM *bn) +{ + static const unsigned char RFC3526_PRIME_1536[] = { + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, + 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, + 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6, + 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, + 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, + 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, + 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, + 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, + 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, + 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, + 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, + 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, + 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, + 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, + 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08, + 0xCA, 0x23, 0x73, 0x27, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + }; + return BN_bin2bn(RFC3526_PRIME_1536, sizeof(RFC3526_PRIME_1536), bn); +} + +BIGNUM * +BN_get_rfc3526_prime_1536(BIGNUM *bn) +{ + return get_rfc3526_prime_1536(bn); +} + +/* "2048-bit MODP Group" from RFC3526, Section 3. + * + * The prime is: 2^2048 - 2^1984 - 1 + 2^64 * { [2^1918 pi] + 124476 } + * + * RFC3526 specifies a generator of 2. + */ + +BIGNUM * +get_rfc3526_prime_2048(BIGNUM *bn) +{ + static const unsigned char RFC3526_PRIME_2048[] = { + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, + 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, + 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6, + 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, + 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, + 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, + 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, + 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, + 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, + 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, + 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, + 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, + 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, + 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, + 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08, + 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, + 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, + 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, + 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C, + 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, + 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, + }; + return BN_bin2bn(RFC3526_PRIME_2048, sizeof(RFC3526_PRIME_2048), bn); +} + +BIGNUM * +BN_get_rfc3526_prime_2048(BIGNUM *bn) +{ + return get_rfc3526_prime_2048(bn); +} + +/* "3072-bit MODP Group" from RFC3526, Section 4. + * + * The prime is: 2^3072 - 2^3008 - 1 + 2^64 * { [2^2942 pi] + 1690314 } + * + * RFC3526 specifies a generator of 2. + */ + +BIGNUM * +get_rfc3526_prime_3072(BIGNUM *bn) +{ + static const unsigned char RFC3526_PRIME_3072[] = { + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, + 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, + 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6, + 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, + 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, + 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, + 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, + 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, + 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, + 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, + 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, + 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, + 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, + 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, + 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08, + 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, + 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, + 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, + 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C, + 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, + 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D, + 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, + 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57, + 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, + 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0, + 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, + 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73, + 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, + 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0, + 0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, + 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20, + 0xA9, 0x3A, 0xD2, 0xCA, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + }; + return BN_bin2bn(RFC3526_PRIME_3072, sizeof(RFC3526_PRIME_3072), bn); +} + +BIGNUM * +BN_get_rfc3526_prime_3072(BIGNUM *bn) +{ + return get_rfc3526_prime_3072(bn); +} + +/* "4096-bit MODP Group" from RFC3526, Section 5. + * + * The prime is: 2^4096 - 2^4032 - 1 + 2^64 * { [2^3966 pi] + 240904 } + * + * RFC3526 specifies a generator of 2. + */ + +BIGNUM * +get_rfc3526_prime_4096(BIGNUM *bn) +{ + static const unsigned char RFC3526_PRIME_4096[] = { + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, + 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, + 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6, + 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, + 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, + 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, + 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, + 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, + 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, + 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, + 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, + 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, + 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, + 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, + 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08, + 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, + 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, + 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, + 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C, + 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, + 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D, + 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, + 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57, + 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, + 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0, + 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, + 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73, + 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, + 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0, + 0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, + 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20, + 0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7, + 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, 0x99, 0xC3, 0x27, 0x18, + 0x6A, 0xF4, 0xE2, 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA, + 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, 0xC2, 0xDB, + 0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6, + 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, 0xB2, 0x96, 0x4F, + 0xA0, 0x90, 0xC3, 0xA2, 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED, + 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, 0xB8, 0x1B, 0xDD, 0x76, + 0x21, 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9, + 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, 0xB7, 0xDC, + 0x90, 0xA6, 0xC0, 0x8F, 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31, 0x99, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + }; + return BN_bin2bn(RFC3526_PRIME_4096, sizeof(RFC3526_PRIME_4096), bn); +} + +BIGNUM * +BN_get_rfc3526_prime_4096(BIGNUM *bn) +{ + return get_rfc3526_prime_4096(bn); +} + +/* "6144-bit MODP Group" from RFC3526, Section 6. + * + * The prime is: 2^6144 - 2^6080 - 1 + 2^64 * { [2^6014 pi] + 929484 } + * + * RFC3526 specifies a generator of 2. + */ + +BIGNUM * +get_rfc3526_prime_6144(BIGNUM *bn) +{ + static const unsigned char RFC3526_PRIME_6144[] = { + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, + 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, + 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6, + 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, + 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, + 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, + 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, + 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, + 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, + 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, + 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, + 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, + 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, + 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, + 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08, + 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, + 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, + 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, + 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C, + 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, + 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D, + 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, + 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57, + 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, + 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0, + 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, + 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73, + 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, + 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0, + 0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, + 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20, + 0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7, + 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, 0x99, 0xC3, 0x27, 0x18, + 0x6A, 0xF4, 0xE2, 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA, + 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, 0xC2, 0xDB, + 0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6, + 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, 0xB2, 0x96, 0x4F, + 0xA0, 0x90, 0xC3, 0xA2, 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED, + 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, 0xB8, 0x1B, 0xDD, 0x76, + 0x21, 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9, + 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, 0xB7, 0xDC, + 0x90, 0xA6, 0xC0, 0x8F, 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92, + 0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, 0x26, 0xC1, 0xD4, 0xDC, 0xB2, + 0x60, 0x26, 0x46, 0xDE, 0xC9, 0x75, 0x1E, 0x76, 0x3D, 0xBA, 0x37, 0xBD, + 0xF8, 0xFF, 0x94, 0x06, 0xAD, 0x9E, 0x53, 0x0E, 0xE5, 0xDB, 0x38, 0x2F, + 0x41, 0x30, 0x01, 0xAE, 0xB0, 0x6A, 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31, + 0x17, 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18, 0xDA, 0x3E, 0xDB, 0xEB, + 0xCF, 0x9B, 0x14, 0xED, 0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, 0xBB, 0x1B, + 0xDB, 0x7F, 0x14, 0x47, 0xE6, 0xCC, 0x25, 0x4B, 0x33, 0x20, 0x51, 0x51, + 0x2B, 0xD7, 0xAF, 0x42, 0x6F, 0xB8, 0xF4, 0x01, 0x37, 0x8C, 0xD2, 0xBF, + 0x59, 0x83, 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC, 0xF0, 0x32, 0xEA, 0x15, + 0xD1, 0x72, 0x1D, 0x03, 0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, 0xF6, + 0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, 0x0C, 0x82, 0xB5, 0xA8, 0x40, 0x31, + 0x90, 0x0B, 0x1C, 0x9E, 0x59, 0xE7, 0xC9, 0x7F, 0xBE, 0xC7, 0xE8, 0xF3, + 0x23, 0xA9, 0x7A, 0x7E, 0x36, 0xCC, 0x88, 0xBE, 0x0F, 0x1D, 0x45, 0xB7, + 0xFF, 0x58, 0x5A, 0xC5, 0x4B, 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA, + 0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, 0xD8, 0x14, 0xCC, 0x5E, 0xD2, + 0x0F, 0x80, 0x37, 0xE0, 0xA7, 0x97, 0x15, 0xEE, 0xF2, 0x9B, 0xE3, 0x28, + 0x06, 0xA1, 0xD5, 0x8B, 0xB7, 0xC5, 0xDA, 0x76, 0xF5, 0x50, 0xAA, 0x3D, + 0x8A, 0x1F, 0xBF, 0xF0, 0xEB, 0x19, 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C, + 0xDA, 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32, 0x38, 0x7F, 0xE8, 0xD7, + 0x6E, 0x3C, 0x04, 0x68, 0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, 0x60, 0xEE, + 0x12, 0xBF, 0x2D, 0x5B, 0x0B, 0x74, 0x74, 0xD6, 0xE6, 0x94, 0xF9, 0x1E, + 0x6D, 0xCC, 0x40, 0x24, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + }; + return BN_bin2bn(RFC3526_PRIME_6144, sizeof(RFC3526_PRIME_6144), bn); +} + +BIGNUM * +BN_get_rfc3526_prime_6144(BIGNUM *bn) +{ + return get_rfc3526_prime_6144(bn); +} + +/* "8192-bit MODP Group" from RFC3526, Section 7. + * + * The prime is: 2^8192 - 2^8128 - 1 + 2^64 * { [2^8062 pi] + 4743158 } + * + * RFC3526 specifies a generator of 2. + */ + +BIGNUM * +get_rfc3526_prime_8192(BIGNUM *bn) +{ + static const unsigned char RFC3526_PRIME_8192[] = { + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, + 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, + 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6, + 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, + 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, + 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, + 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, + 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, + 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, + 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, + 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, + 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, + 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, + 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, + 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08, + 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, + 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, + 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, + 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C, + 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, + 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D, + 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, + 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57, + 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, + 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0, + 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, + 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73, + 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, + 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0, + 0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, + 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20, + 0xA9, 0x21, 0x08, 0x01, 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7, + 0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, 0x99, 0xC3, 0x27, 0x18, + 0x6A, 0xF4, 0xE2, 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA, + 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, 0xC2, 0xDB, + 0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6, + 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, 0x99, 0xB2, 0x96, 0x4F, + 0xA0, 0x90, 0xC3, 0xA2, 0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED, + 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF, 0xB8, 0x1B, 0xDD, 0x76, + 0x21, 0x70, 0x48, 0x1C, 0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9, + 0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, 0xB7, 0xDC, + 0x90, 0xA6, 0xC0, 0x8F, 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92, + 0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, 0x26, 0xC1, 0xD4, 0xDC, 0xB2, + 0x60, 0x26, 0x46, 0xDE, 0xC9, 0x75, 0x1E, 0x76, 0x3D, 0xBA, 0x37, 0xBD, + 0xF8, 0xFF, 0x94, 0x06, 0xAD, 0x9E, 0x53, 0x0E, 0xE5, 0xDB, 0x38, 0x2F, + 0x41, 0x30, 0x01, 0xAE, 0xB0, 0x6A, 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31, + 0x17, 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18, 0xDA, 0x3E, 0xDB, 0xEB, + 0xCF, 0x9B, 0x14, 0xED, 0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, 0xBB, 0x1B, + 0xDB, 0x7F, 0x14, 0x47, 0xE6, 0xCC, 0x25, 0x4B, 0x33, 0x20, 0x51, 0x51, + 0x2B, 0xD7, 0xAF, 0x42, 0x6F, 0xB8, 0xF4, 0x01, 0x37, 0x8C, 0xD2, 0xBF, + 0x59, 0x83, 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC, 0xF0, 0x32, 0xEA, 0x15, + 0xD1, 0x72, 0x1D, 0x03, 0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, 0xF6, + 0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, 0x0C, 0x82, 0xB5, 0xA8, 0x40, 0x31, + 0x90, 0x0B, 0x1C, 0x9E, 0x59, 0xE7, 0xC9, 0x7F, 0xBE, 0xC7, 0xE8, 0xF3, + 0x23, 0xA9, 0x7A, 0x7E, 0x36, 0xCC, 0x88, 0xBE, 0x0F, 0x1D, 0x45, 0xB7, + 0xFF, 0x58, 0x5A, 0xC5, 0x4B, 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA, + 0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, 0xD8, 0x14, 0xCC, 0x5E, 0xD2, + 0x0F, 0x80, 0x37, 0xE0, 0xA7, 0x97, 0x15, 0xEE, 0xF2, 0x9B, 0xE3, 0x28, + 0x06, 0xA1, 0xD5, 0x8B, 0xB7, 0xC5, 0xDA, 0x76, 0xF5, 0x50, 0xAA, 0x3D, + 0x8A, 0x1F, 0xBF, 0xF0, 0xEB, 0x19, 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C, + 0xDA, 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32, 0x38, 0x7F, 0xE8, 0xD7, + 0x6E, 0x3C, 0x04, 0x68, 0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, 0x60, 0xEE, + 0x12, 0xBF, 0x2D, 0x5B, 0x0B, 0x74, 0x74, 0xD6, 0xE6, 0x94, 0xF9, 0x1E, + 0x6D, 0xBE, 0x11, 0x59, 0x74, 0xA3, 0x92, 0x6F, 0x12, 0xFE, 0xE5, 0xE4, + 0x38, 0x77, 0x7C, 0xB6, 0xA9, 0x32, 0xDF, 0x8C, 0xD8, 0xBE, 0xC4, 0xD0, + 0x73, 0xB9, 0x31, 0xBA, 0x3B, 0xC8, 0x32, 0xB6, 0x8D, 0x9D, 0xD3, 0x00, + 0x74, 0x1F, 0xA7, 0xBF, 0x8A, 0xFC, 0x47, 0xED, 0x25, 0x76, 0xF6, 0x93, + 0x6B, 0xA4, 0x24, 0x66, 0x3A, 0xAB, 0x63, 0x9C, 0x5A, 0xE4, 0xF5, 0x68, + 0x34, 0x23, 0xB4, 0x74, 0x2B, 0xF1, 0xC9, 0x78, 0x23, 0x8F, 0x16, 0xCB, + 0xE3, 0x9D, 0x65, 0x2D, 0xE3, 0xFD, 0xB8, 0xBE, 0xFC, 0x84, 0x8A, 0xD9, + 0x22, 0x22, 0x2E, 0x04, 0xA4, 0x03, 0x7C, 0x07, 0x13, 0xEB, 0x57, 0xA8, + 0x1A, 0x23, 0xF0, 0xC7, 0x34, 0x73, 0xFC, 0x64, 0x6C, 0xEA, 0x30, 0x6B, + 0x4B, 0xCB, 0xC8, 0x86, 0x2F, 0x83, 0x85, 0xDD, 0xFA, 0x9D, 0x4B, 0x7F, + 0xA2, 0xC0, 0x87, 0xE8, 0x79, 0x68, 0x33, 0x03, 0xED, 0x5B, 0xDD, 0x3A, + 0x06, 0x2B, 0x3C, 0xF5, 0xB3, 0xA2, 0x78, 0xA6, 0x6D, 0x2A, 0x13, 0xF8, + 0x3F, 0x44, 0xF8, 0x2D, 0xDF, 0x31, 0x0E, 0xE0, 0x74, 0xAB, 0x6A, 0x36, + 0x45, 0x97, 0xE8, 0x99, 0xA0, 0x25, 0x5D, 0xC1, 0x64, 0xF3, 0x1C, 0xC5, + 0x08, 0x46, 0x85, 0x1D, 0xF9, 0xAB, 0x48, 0x19, 0x5D, 0xED, 0x7E, 0xA1, + 0xB1, 0xD5, 0x10, 0xBD, 0x7E, 0xE7, 0x4D, 0x73, 0xFA, 0xF3, 0x6B, 0xC3, + 0x1E, 0xCF, 0xA2, 0x68, 0x35, 0x90, 0x46, 0xF4, 0xEB, 0x87, 0x9F, 0x92, + 0x40, 0x09, 0x43, 0x8B, 0x48, 0x1C, 0x6C, 0xD7, 0x88, 0x9A, 0x00, 0x2E, + 0xD5, 0xEE, 0x38, 0x2B, 0xC9, 0x19, 0x0D, 0xA6, 0xFC, 0x02, 0x6E, 0x47, + 0x95, 0x58, 0xE4, 0x47, 0x56, 0x77, 0xE9, 0xAA, 0x9E, 0x30, 0x50, 0xE2, + 0x76, 0x56, 0x94, 0xDF, 0xC8, 0x1F, 0x56, 0xE8, 0x80, 0xB9, 0x6E, 0x71, + 0x60, 0xC9, 0x80, 0xDD, 0x98, 0xED, 0xD3, 0xDF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, + }; + return BN_bin2bn(RFC3526_PRIME_8192, sizeof(RFC3526_PRIME_8192), bn); +} + +BIGNUM * +BN_get_rfc3526_prime_8192(BIGNUM *bn) +{ + return get_rfc3526_prime_8192(bn); +} diff --git a/src/lib/libcrypto/bn/bn_ctx.c b/src/lib/libcrypto/bn/bn_ctx.c index 7daf19eb843..1237ac1365c 100644 --- a/src/lib/libcrypto/bn/bn_ctx.c +++ b/src/lib/libcrypto/bn/bn_ctx.c @@ -1,14 +1,14 @@ -/* crypto/bn/bn_ctx.c */ +/* $OpenBSD: bn_ctx.c,v 1.15 2017/01/29 17:49:22 beck Exp $ */ /* Written by Ulf Moeller for the OpenSSL project. */ /* ==================================================================== - * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -54,102 +54,425 @@ * */ -#ifndef BN_CTX_DEBUG -# undef NDEBUG /* avoid conflicting definitions */ -# define NDEBUG +#if !defined(BN_CTX_DEBUG) && !defined(BN_DEBUG) +#ifndef NDEBUG +#define NDEBUG +#endif #endif #include -#include +#include + +#include + +#include -#include "cryptlib.h" #include "bn_lcl.h" +/* TODO list + * + * 1. Check a bunch of "(words+1)" type hacks in various bignum functions and + * check they can be safely removed. + * - Check +1 and other ugliness in BN_from_montgomery() + * + * 2. Consider allowing a BN_new_ex() that, at least, lets you specify an + * appropriate 'block' size that will be honoured by bn_expand_internal() to + * prevent piddly little reallocations. OTOH, profiling bignum expansions in + * BN_CTX doesn't show this to be a big issue. + */ -BN_CTX *BN_CTX_new(void) - { - BN_CTX *ret; +/* How many bignums are in each "pool item"; */ +#define BN_CTX_POOL_SIZE 16 +/* The stack frame info is resizing, set a first-time expansion size; */ +#define BN_CTX_START_FRAMES 32 - ret=(BN_CTX *)OPENSSL_malloc(sizeof(BN_CTX)); - if (ret == NULL) - { - BNerr(BN_F_BN_CTX_NEW,ERR_R_MALLOC_FAILURE); - return(NULL); - } +/***********/ +/* BN_POOL */ +/***********/ + +/* A bundle of bignums that can be linked with other bundles */ +typedef struct bignum_pool_item { + /* The bignum values */ + BIGNUM vals[BN_CTX_POOL_SIZE]; + /* Linked-list admin */ + struct bignum_pool_item *prev, *next; +} BN_POOL_ITEM; + +/* A linked-list of bignums grouped in bundles */ +typedef struct bignum_pool { + /* Linked-list admin */ + BN_POOL_ITEM *head, *current, *tail; + /* Stack depth and allocation size */ + unsigned used, size; +} BN_POOL; + +static void BN_POOL_init(BN_POOL *); +static void BN_POOL_finish(BN_POOL *); +#ifndef OPENSSL_NO_DEPRECATED +static void BN_POOL_reset(BN_POOL *); +#endif +static BIGNUM * BN_POOL_get(BN_POOL *); +static void BN_POOL_release(BN_POOL *, unsigned int); + +/************/ +/* BN_STACK */ +/************/ + +/* A wrapper to manage the "stack frames" */ +typedef struct bignum_ctx_stack { + /* Array of indexes into the bignum stack */ + unsigned int *indexes; + /* Number of stack frames, and the size of the allocated array */ + unsigned int depth, size; +} BN_STACK; + +static void BN_STACK_init(BN_STACK *); +static void BN_STACK_finish(BN_STACK *); +#ifndef OPENSSL_NO_DEPRECATED +static void BN_STACK_reset(BN_STACK *); +#endif +static int BN_STACK_push(BN_STACK *, unsigned int); +static unsigned int BN_STACK_pop(BN_STACK *); + +/**********/ +/* BN_CTX */ +/**********/ + +/* The opaque BN_CTX type */ +struct bignum_ctx { + /* The bignum bundles */ + BN_POOL pool; + /* The "stack frames", if you will */ + BN_STACK stack; + /* The number of bignums currently assigned */ + unsigned int used; + /* Depth of stack overflow */ + int err_stack; + /* Block "gets" until an "end" (compatibility behaviour) */ + int too_many; +}; + +/* Enable this to find BN_CTX bugs */ +#ifdef BN_CTX_DEBUG +static const char *ctxdbg_cur = NULL; - BN_CTX_init(ret); - ret->flags=BN_FLG_MALLOCED; - return(ret); +static void +ctxdbg(BN_CTX *ctx) +{ + unsigned int bnidx = 0, fpidx = 0; + BN_POOL_ITEM *item = ctx->pool.head; + BN_STACK *stack = &ctx->stack; + + fprintf(stderr, "(%08x): ", (unsigned int)ctx); + while (bnidx < ctx->used) { + fprintf(stderr, "%03x ", + item->vals[bnidx++ % BN_CTX_POOL_SIZE].dmax); + if (!(bnidx % BN_CTX_POOL_SIZE)) + item = item->next; + } + fprintf(stderr, "\n"); + bnidx = 0; + fprintf(stderr, " : "); + while (fpidx < stack->depth) { + while (bnidx++ < stack->indexes[fpidx]) + fprintf(stderr, " "); + fprintf(stderr, "^^^ "); + bnidx++; + fpidx++; } + fprintf(stderr, "\n"); +} +#define CTXDBG_ENTRY(str, ctx) \ + do { \ + ctxdbg_cur = (str); \ + fprintf(stderr, "Starting %s\n", ctxdbg_cur); \ + ctxdbg(ctx); \ + } while(0) -void BN_CTX_init(BN_CTX *ctx) - { -#if 0 /* explicit version */ - int i; - ctx->tos = 0; - ctx->flags = 0; - ctx->depth = 0; - ctx->too_many = 0; - for (i = 0; i < BN_CTX_NUM; i++) - BN_init(&(ctx->bn[i])); +#define CTXDBG_EXIT(ctx) \ + do { \ + fprintf(stderr, "Ending %s\n", ctxdbg_cur); \ + ctxdbg(ctx); \ + } while(0) + +#define CTXDBG_RET(ctx,ret) #else - memset(ctx, 0, sizeof *ctx); +#define CTXDBG_ENTRY(str, ctx) +#define CTXDBG_EXIT(ctx) +#define CTXDBG_RET(ctx,ret) +#endif + +/* This function is an evil legacy and should not be used. This implementation + * is WYSIWYG, though I've done my best. */ +#ifndef OPENSSL_NO_DEPRECATED +void +BN_CTX_init(BN_CTX *ctx) +{ + /* Assume the caller obtained the context via BN_CTX_new() and so is + * trying to reset it for use. Nothing else makes sense, least of all + * binary compatibility from a time when they could declare a static + * variable. */ + BN_POOL_reset(&ctx->pool); + BN_STACK_reset(&ctx->stack); + ctx->used = 0; + ctx->err_stack = 0; + ctx->too_many = 0; +} #endif + +BN_CTX * +BN_CTX_new(void) +{ + BN_CTX *ret = malloc(sizeof(BN_CTX)); + if (!ret) { + BNerror(ERR_R_MALLOC_FAILURE); + return NULL; } -void BN_CTX_free(BN_CTX *ctx) + /* Initialise the structure */ + BN_POOL_init(&ret->pool); + BN_STACK_init(&ret->stack); + ret->used = 0; + ret->err_stack = 0; + ret->too_many = 0; + return ret; +} + +void +BN_CTX_free(BN_CTX *ctx) +{ + if (ctx == NULL) + return; +#ifdef BN_CTX_DEBUG { - int i; + BN_POOL_ITEM *pool = ctx->pool.head; + fprintf(stderr, "BN_CTX_free, stack-size=%d, pool-bignums=%d\n", + ctx->stack.size, ctx->pool.size); + fprintf(stderr, "dmaxs: "); + while (pool) { + unsigned loop = 0; + while (loop < BN_CTX_POOL_SIZE) + fprintf(stderr, "%02x ", + pool->vals[loop++].dmax); + pool = pool->next; + } + fprintf(stderr, "\n"); + } +#endif + BN_STACK_finish(&ctx->stack); + BN_POOL_finish(&ctx->pool); + free(ctx); +} - if (ctx == NULL) return; - assert(ctx->depth == 0); +void +BN_CTX_start(BN_CTX *ctx) +{ + CTXDBG_ENTRY("BN_CTX_start", ctx); - for (i=0; i < BN_CTX_NUM; i++) - BN_clear_free(&(ctx->bn[i])); - if (ctx->flags & BN_FLG_MALLOCED) - OPENSSL_free(ctx); + /* If we're already overflowing ... */ + if (ctx->err_stack || ctx->too_many) + ctx->err_stack++; + /* (Try to) get a new frame pointer */ + else if (!BN_STACK_push(&ctx->stack, ctx->used)) { + BNerror(BN_R_TOO_MANY_TEMPORARY_VARIABLES); + ctx->err_stack++; } + CTXDBG_EXIT(ctx); +} -void BN_CTX_start(BN_CTX *ctx) - { - if (ctx->depth < BN_CTX_NUM_POS) - ctx->pos[ctx->depth] = ctx->tos; - ctx->depth++; +void +BN_CTX_end(BN_CTX *ctx) +{ + CTXDBG_ENTRY("BN_CTX_end", ctx); + + if (ctx->err_stack) + ctx->err_stack--; + else { + unsigned int fp = BN_STACK_pop(&ctx->stack); + /* Does this stack frame have anything to release? */ + if (fp < ctx->used) + BN_POOL_release(&ctx->pool, ctx->used - fp); + ctx->used = fp; + /* Unjam "too_many" in case "get" had failed */ + ctx->too_many = 0; } + CTXDBG_EXIT(ctx); +} +BIGNUM * +BN_CTX_get(BN_CTX *ctx) +{ + BIGNUM *ret; -BIGNUM *BN_CTX_get(BN_CTX *ctx) - { - /* Note: If BN_CTX_get is ever changed to allocate BIGNUMs dynamically, - * make sure that if BN_CTX_get fails once it will return NULL again - * until BN_CTX_end is called. (This is so that callers have to check - * only the last return value.) - */ - if (ctx->depth > BN_CTX_NUM_POS || ctx->tos >= BN_CTX_NUM) - { - if (!ctx->too_many) - { - BNerr(BN_F_BN_CTX_GET,BN_R_TOO_MANY_TEMPORARY_VARIABLES); - /* disable error code until BN_CTX_end is called: */ - ctx->too_many = 1; - } + CTXDBG_ENTRY("BN_CTX_get", ctx); + + if (ctx->err_stack || ctx->too_many) + return NULL; + if ((ret = BN_POOL_get(&ctx->pool)) == NULL) { + /* Setting too_many prevents repeated "get" attempts from + * cluttering the error stack. */ + ctx->too_many = 1; + BNerror(BN_R_TOO_MANY_TEMPORARY_VARIABLES); return NULL; - } - return (&(ctx->bn[ctx->tos++])); } + /* OK, make sure the returned bignum is "zero" */ + BN_zero(ret); + ctx->used++; + CTXDBG_RET(ctx, ret); + return ret; +} + +/************/ +/* BN_STACK */ +/************/ + +static void +BN_STACK_init(BN_STACK *st) +{ + st->indexes = NULL; + st->depth = st->size = 0; +} + +static void +BN_STACK_finish(BN_STACK *st) +{ + if (st->size) + free(st->indexes); +} -void BN_CTX_end(BN_CTX *ctx) +#ifndef OPENSSL_NO_DEPRECATED +static void +BN_STACK_reset(BN_STACK *st) +{ + st->depth = 0; +} +#endif + +static int +BN_STACK_push(BN_STACK *st, unsigned int idx) +{ + if (st->depth == st->size) + /* Need to expand */ { - if (ctx == NULL) return; - assert(ctx->depth > 0); - if (ctx->depth == 0) - /* should never happen, but we can tolerate it if not in - * debug mode (could be a 'goto err' in the calling function - * before BN_CTX_start was reached) */ - BN_CTX_start(ctx); + unsigned int newsize = (st->size ? + (st->size * 3 / 2) : BN_CTX_START_FRAMES); + unsigned int *newitems = reallocarray(NULL, + newsize, sizeof(unsigned int)); + if (!newitems) + return 0; + if (st->depth) + memcpy(newitems, st->indexes, st->depth * + sizeof(unsigned int)); + if (st->size) + free(st->indexes); + st->indexes = newitems; + st->size = newsize; + } + st->indexes[(st->depth)++] = idx; + return 1; +} - ctx->too_many = 0; - ctx->depth--; - if (ctx->depth < BN_CTX_NUM_POS) - ctx->tos = ctx->pos[ctx->depth]; +static unsigned int +BN_STACK_pop(BN_STACK *st) +{ + return st->indexes[--(st->depth)]; +} + +/***********/ +/* BN_POOL */ +/***********/ + +static void +BN_POOL_init(BN_POOL *p) +{ + p->head = p->current = p->tail = NULL; + p->used = p->size = 0; +} + +static void +BN_POOL_finish(BN_POOL *p) +{ + while (p->head) { + unsigned int loop = 0; + BIGNUM *bn = p->head->vals; + while (loop++ < BN_CTX_POOL_SIZE) { + if (bn->d) + BN_clear_free(bn); + bn++; + } + p->current = p->head->next; + free(p->head); + p->head = p->current; + } +} + +#ifndef OPENSSL_NO_DEPRECATED +static void +BN_POOL_reset(BN_POOL *p) +{ + BN_POOL_ITEM *item = p->head; + while (item) { + unsigned int loop = 0; + BIGNUM *bn = item->vals; + while (loop++ < BN_CTX_POOL_SIZE) { + if (bn->d) + BN_clear(bn); + bn++; + } + item = item->next; + } + p->current = p->head; + p->used = 0; +} +#endif + +static BIGNUM * +BN_POOL_get(BN_POOL *p) +{ + if (p->used == p->size) { + BIGNUM *bn; + unsigned int loop = 0; + BN_POOL_ITEM *item = malloc(sizeof(BN_POOL_ITEM)); + if (!item) + return NULL; + /* Initialise the structure */ + bn = item->vals; + while (loop++ < BN_CTX_POOL_SIZE) + BN_init(bn++); + item->prev = p->tail; + item->next = NULL; + /* Link it in */ + if (!p->head) + p->head = p->current = p->tail = item; + else { + p->tail->next = item; + p->tail = item; + p->current = item; + } + p->size += BN_CTX_POOL_SIZE; + p->used++; + /* Return the first bignum from the new pool */ + return item->vals; + } + if (!p->used) + p->current = p->head; + else if ((p->used % BN_CTX_POOL_SIZE) == 0) + p->current = p->current->next; + return p->current->vals + ((p->used++) % BN_CTX_POOL_SIZE); +} + +static void +BN_POOL_release(BN_POOL *p, unsigned int num) +{ + unsigned int offset = (p->used - 1) % BN_CTX_POOL_SIZE; + + p->used -= num; + while (num--) { + bn_check_top(p->current->vals + offset); + if (!offset) { + offset = BN_CTX_POOL_SIZE - 1; + p->current = p->current->prev; + } else + offset--; } +} diff --git a/src/lib/libcrypto/bn/bn_depr.c b/src/lib/libcrypto/bn/bn_depr.c new file mode 100644 index 00000000000..dc5c2abee0c --- /dev/null +++ b/src/lib/libcrypto/bn/bn_depr.c @@ -0,0 +1,115 @@ +/* $OpenBSD: bn_depr.c,v 1.7 2014/10/18 17:20:40 jsing Exp $ */ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* Support for deprecated functions goes here - static linkage will only slurp + * this code if applications are using them directly. */ + +#include +#include + +#include + +#include "bn_lcl.h" + +#ifndef OPENSSL_NO_DEPRECATED +BIGNUM * +BN_generate_prime(BIGNUM *ret, int bits, int safe, const BIGNUM *add, + const BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg) +{ + BN_GENCB cb; + BIGNUM *rnd = NULL; + int found = 0; + + BN_GENCB_set_old(&cb, callback, cb_arg); + + if (ret == NULL) { + if ((rnd = BN_new()) == NULL) + goto err; + } else + rnd = ret; + if (!BN_generate_prime_ex(rnd, bits, safe, add, rem, &cb)) + goto err; + + /* we have a prime :-) */ + found = 1; + +err: + if (!found && (ret == NULL) && (rnd != NULL)) + BN_free(rnd); + return (found ? rnd : NULL); +} + +int +BN_is_prime(const BIGNUM *a, int checks, void (*callback)(int, int, void *), + BN_CTX *ctx_passed, void *cb_arg) +{ + BN_GENCB cb; + + BN_GENCB_set_old(&cb, callback, cb_arg); + return BN_is_prime_ex(a, checks, ctx_passed, &cb); +} + +int +BN_is_prime_fasttest(const BIGNUM *a, int checks, + void (*callback)(int, int, void *), BN_CTX *ctx_passed, void *cb_arg, + int do_trial_division) +{ + BN_GENCB cb; + + BN_GENCB_set_old(&cb, callback, cb_arg); + return BN_is_prime_fasttest_ex(a, checks, ctx_passed, + do_trial_division, &cb); +} +#endif diff --git a/src/lib/libcrypto/bn/bn_div.c b/src/lib/libcrypto/bn/bn_div.c index f9a095e3b3b..f3a97bcc8dc 100644 --- a/src/lib/libcrypto/bn/bn_div.c +++ b/src/lib/libcrypto/bn/bn_div.c @@ -1,25 +1,25 @@ -/* crypto/bn/bn_div.c */ +/* $OpenBSD: bn_div.c,v 1.25 2017/01/29 17:49:22 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,78 +57,16 @@ */ #include -#include -#include "cryptlib.h" -#include "bn_lcl.h" - -/* The old slow way */ -#if 0 -int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, - BN_CTX *ctx) - { - int i,nm,nd; - int ret = 0; - BIGNUM *D; +#include - bn_check_top(m); - bn_check_top(d); - if (BN_is_zero(d)) - { - BNerr(BN_F_BN_DIV,BN_R_DIV_BY_ZERO); - return(0); - } - - if (BN_ucmp(m,d) < 0) - { - if (rem != NULL) - { if (BN_copy(rem,m) == NULL) return(0); } - if (dv != NULL) BN_zero(dv); - return(1); - } - - BN_CTX_start(ctx); - D = BN_CTX_get(ctx); - if (dv == NULL) dv = BN_CTX_get(ctx); - if (rem == NULL) rem = BN_CTX_get(ctx); - if (D == NULL || dv == NULL || rem == NULL) - goto end; - - nd=BN_num_bits(d); - nm=BN_num_bits(m); - if (BN_copy(D,d) == NULL) goto end; - if (BN_copy(rem,m) == NULL) goto end; - - /* The next 2 are needed so we can do a dv->d[0]|=1 later - * since BN_lshift1 will only work once there is a value :-) */ - BN_zero(dv); - bn_wexpand(dv,1); - dv->top=1; - - if (!BN_lshift(D,D,nm-nd)) goto end; - for (i=nm-nd; i>=0; i--) - { - if (!BN_lshift1(dv,dv)) goto end; - if (BN_ucmp(rem,D) >= 0) - { - dv->d[0]|=1; - if (!BN_usub(rem,rem,D)) goto end; - } -/* CAN IMPROVE (and have now :=) */ - if (!BN_rshift1(D,D)) goto end; - } - rem->neg=BN_is_zero(rem)?0:m->neg; - dv->neg=m->neg^d->neg; - ret = 1; - end: - BN_CTX_end(ctx); - return(ret); - } +#include +#include -#else +#include "bn_lcl.h" #if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) \ - && !defined(PEDANTIC) && !defined(BN_DIV3W) + && !defined(BN_DIV3W) # if defined(__GNUC__) && __GNUC__>=2 # if defined(__i386) || defined (__i386__) /* @@ -141,6 +79,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, * * */ +#undef bn_div_words # define bn_div_words(n0,n1,d0) \ ({ asm volatile ( \ "divl %4" \ @@ -150,124 +89,192 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, q; \ }) # define REMAINDER_IS_ALREADY_CALCULATED +# elif defined(__x86_64) + /* + * Same story here, but it's 128-bit by 64-bit division. Wow! + * + */ +# undef bn_div_words +# define bn_div_words(n0,n1,d0) \ + ({ asm volatile ( \ + "divq %4" \ + : "=a"(q), "=d"(rem) \ + : "a"(n1), "d"(n0), "g"(d0) \ + : "cc"); \ + q; \ + }) +# define REMAINDER_IS_ALREADY_CALCULATED # endif /* __ */ # endif /* __GNUC__ */ #endif /* OPENSSL_NO_ASM */ -/* BN_div computes dv := num / divisor, rounding towards zero, and sets up - * rm such that dv*divisor + rm = num holds. +/* BN_div computes dv := num / divisor, rounding towards + * zero, and sets up rm such that dv*divisor + rm = num holds. * Thus: * dv->neg == num->neg ^ divisor->neg (unless the result is zero) * rm->neg == num->neg (unless the remainder is zero) * If 'dv' or 'rm' is NULL, the respective value is not returned. */ -int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, - BN_CTX *ctx) - { - int norm_shift,i,j,loop; - BIGNUM *tmp,wnum,*snum,*sdiv,*res; - BN_ULONG *resp,*wnump; - BN_ULONG d0,d1; - int num_n,div_n; +static int +BN_div_internal(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, + BN_CTX *ctx, int ct) +{ + int norm_shift, i, loop; + BIGNUM *tmp, wnum, *snum, *sdiv, *res; + BN_ULONG *resp, *wnump; + BN_ULONG d0, d1; + int num_n, div_n; + int no_branch = 0; + + /* Invalid zero-padding would have particularly bad consequences + * in the case of 'num', so don't just rely on bn_check_top() for this one + * (bn_check_top() works only for BN_DEBUG builds) */ + if (num->top > 0 && num->d[num->top - 1] == 0) { + BNerror(BN_R_NOT_INITIALIZED); + return 0; + } bn_check_top(num); + + if (ct) + no_branch = 1; + + bn_check_top(dv); + bn_check_top(rm); + /* bn_check_top(num); */ /* 'num' has been checked already */ bn_check_top(divisor); - if (BN_is_zero(divisor)) - { - BNerr(BN_F_BN_DIV,BN_R_DIV_BY_ZERO); - return(0); - } + if (BN_is_zero(divisor)) { + BNerror(BN_R_DIV_BY_ZERO); + return (0); + } - if (BN_ucmp(num,divisor) < 0) - { - if (rm != NULL) - { if (BN_copy(rm,num) == NULL) return(0); } - if (dv != NULL) BN_zero(dv); - return(1); + if (!no_branch && BN_ucmp(num, divisor) < 0) { + if (rm != NULL) { + if (BN_copy(rm, num) == NULL) + return (0); } + if (dv != NULL) + BN_zero(dv); + return (1); + } BN_CTX_start(ctx); - tmp=BN_CTX_get(ctx); - snum=BN_CTX_get(ctx); - sdiv=BN_CTX_get(ctx); + tmp = BN_CTX_get(ctx); + snum = BN_CTX_get(ctx); + sdiv = BN_CTX_get(ctx); if (dv == NULL) - res=BN_CTX_get(ctx); - else res=dv; - if (sdiv == NULL || res == NULL) goto err; - tmp->neg=0; + res = BN_CTX_get(ctx); + else + res = dv; + if (tmp == NULL || snum == NULL || sdiv == NULL || res == NULL) + goto err; /* First we normalise the numbers */ - norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2); - if (!(BN_lshift(sdiv,divisor,norm_shift))) goto err; - sdiv->neg=0; - norm_shift+=BN_BITS2; - if (!(BN_lshift(snum,num,norm_shift))) goto err; - snum->neg=0; - div_n=sdiv->top; - num_n=snum->top; - loop=num_n-div_n; + norm_shift = BN_BITS2 - ((BN_num_bits(divisor)) % BN_BITS2); + if (!(BN_lshift(sdiv, divisor, norm_shift))) + goto err; + sdiv->neg = 0; + norm_shift += BN_BITS2; + if (!(BN_lshift(snum, num, norm_shift))) + goto err; + snum->neg = 0; + + if (no_branch) { + /* Since we don't know whether snum is larger than sdiv, + * we pad snum with enough zeroes without changing its + * value. + */ + if (snum->top <= sdiv->top + 1) { + if (bn_wexpand(snum, sdiv->top + 2) == NULL) + goto err; + for (i = snum->top; i < sdiv->top + 2; i++) + snum->d[i] = 0; + snum->top = sdiv->top + 2; + } else { + if (bn_wexpand(snum, snum->top + 1) == NULL) + goto err; + snum->d[snum->top] = 0; + snum->top ++; + } + } + div_n = sdiv->top; + num_n = snum->top; + loop = num_n - div_n; /* Lets setup a 'window' into snum * This is the part that corresponds to the current * 'area' being divided */ - BN_init(&wnum); - wnum.d= &(snum->d[loop]); - wnum.top= div_n; - wnum.dmax= snum->dmax+1; /* a bit of a lie */ + wnum.neg = 0; + wnum.d = &(snum->d[loop]); + wnum.top = div_n; + /* only needed when BN_ucmp messes up the values between top and max */ + wnum.dmax = snum->dmax - loop; /* so we don't step out of bounds */ + wnum.flags = snum->flags | BN_FLG_STATIC_DATA; /* Get the top 2 words of sdiv */ - /* i=sdiv->top; */ - d0=sdiv->d[div_n-1]; - d1=(div_n == 1)?0:sdiv->d[div_n-2]; + /* div_n=sdiv->top; */ + d0 = sdiv->d[div_n - 1]; + d1 = (div_n == 1) ? 0 : sdiv->d[div_n - 2]; /* pointer to the 'top' of snum */ - wnump= &(snum->d[num_n-1]); + wnump = &(snum->d[num_n - 1]); /* Setup to 'res' */ - res->neg= (num->neg^divisor->neg); - if (!bn_wexpand(res,(loop+1))) goto err; - res->top=loop; - resp= &(res->d[loop-1]); + res->neg = (num->neg ^ divisor->neg); + if (!bn_wexpand(res, (loop + 1))) + goto err; + res->top = loop - no_branch; + resp = &(res->d[loop - 1]); /* space for temp */ - if (!bn_wexpand(tmp,(div_n+1))) goto err; + if (!bn_wexpand(tmp, (div_n + 1))) + goto err; + + if (!no_branch) { + if (BN_ucmp(&wnum, sdiv) >= 0) { + /* If BN_DEBUG_RAND is defined BN_ucmp changes (via + * bn_pollute) the const bignum arguments => + * clean the values between top and max again */ + bn_clear_top2max(&wnum); + bn_sub_words(wnum.d, wnum.d, sdiv->d, div_n); + *resp = 1; + } else + res->top--; + } - if (BN_ucmp(&wnum,sdiv) >= 0) - { - if (!BN_usub(&wnum,&wnum,sdiv)) goto err; - *resp=1; - res->d[res->top-1]=1; - } - else - res->top--; + /* if res->top == 0 then clear the neg value otherwise decrease + * the resp pointer */ if (res->top == 0) res->neg = 0; - resp--; + else + resp--; - for (i=0; id,sdiv->d,div_n,q); - wnum.d--; wnum.top++; - tmp->d[div_n]=l0; - for (j=div_n+1; j>0; j--) - if (tmp->d[j-1]) break; - tmp->top=j; - - j=wnum.top; - if (!BN_sub(&wnum,&wnum,tmp)) goto err; - - snum->top=snum->top+wnum.top-j; - - if (wnum.neg) - { + l0 = bn_mul_words(tmp->d, sdiv->d, div_n, q); + tmp->d[div_n] = l0; + wnum.d--; + /* ingore top values of the bignums just sub the two + * BN_ULONG arrays with bn_sub_words */ + if (bn_sub_words(wnum.d, wnum.d, tmp->d, div_n + 1)) { + /* Note: As we have considered only the leading + * two BN_ULONGs in the calculation of q, sdiv * q + * might be greater than wnum (but then (q-1) * sdiv + * is less or equal than wnum) + */ q--; - j=wnum.top; - if (!BN_add(&wnum,&wnum,sdiv)) goto err; - snum->top+=wnum.top-j; - } - *(resp--)=q; - wnump--; + if (bn_add_words(wnum.d, wnum.d, sdiv->d, div_n)) + /* we can't have an overflow here (assuming + * that q != 0, but if q == 0 then tmp is + * zero anyway) */ + (*wnump)++; } - if (rm != NULL) - { + /* store part of the result */ + *resp = q; + } + bn_correct_top(snum); + if (rm != NULL) { /* Keep a copy of the neg flag in num because if rm==num * BN_rshift() will overwrite it. */ int neg = num->neg; - BN_rshift(rm,snum,norm_shift); + BN_rshift(rm, snum, norm_shift); if (!BN_is_zero(rm)) rm->neg = neg; - } + bn_check_top(rm); + } + if (no_branch) + bn_correct_top(res); BN_CTX_end(ctx); - return(1); + return (1); + err: + bn_check_top(rm); BN_CTX_end(ctx); - return(0); - } - -#endif + return (0); +} + +int +BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, + BN_CTX *ctx) +{ + int ct = ((BN_get_flags(num, BN_FLG_CONSTTIME) != 0) || + (BN_get_flags(divisor, BN_FLG_CONSTTIME) != 0)); + + return BN_div_internal(dv, rm, num, divisor, ctx, ct); +} + +int +BN_div_nonct(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, + BN_CTX *ctx) +{ + return BN_div_internal(dv, rm, num, divisor, ctx, 0); +} + +int +BN_div_ct(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, + BN_CTX *ctx) +{ + return BN_div_internal(dv, rm, num, divisor, ctx, 1); +} diff --git a/src/lib/libcrypto/bn/bn_err.c b/src/lib/libcrypto/bn/bn_err.c index fb84ee96d8d..a693a8cbf85 100644 --- a/src/lib/libcrypto/bn/bn_err.c +++ b/src/lib/libcrypto/bn/bn_err.c @@ -1,13 +1,13 @@ -/* crypto/bn/bn_err.c */ +/* $OpenBSD: bn_err.c,v 1.14 2017/01/29 17:49:22 beck Exp $ */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -59,73 +59,54 @@ */ #include + +#include + #include #include /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -static ERR_STRING_DATA BN_str_functs[]= - { -{ERR_PACK(0,BN_F_BN_BLINDING_CONVERT,0), "BN_BLINDING_convert"}, -{ERR_PACK(0,BN_F_BN_BLINDING_INVERT,0), "BN_BLINDING_invert"}, -{ERR_PACK(0,BN_F_BN_BLINDING_NEW,0), "BN_BLINDING_new"}, -{ERR_PACK(0,BN_F_BN_BLINDING_UPDATE,0), "BN_BLINDING_update"}, -{ERR_PACK(0,BN_F_BN_BN2DEC,0), "BN_bn2dec"}, -{ERR_PACK(0,BN_F_BN_BN2HEX,0), "BN_bn2hex"}, -{ERR_PACK(0,BN_F_BN_CTX_GET,0), "BN_CTX_get"}, -{ERR_PACK(0,BN_F_BN_CTX_NEW,0), "BN_CTX_new"}, -{ERR_PACK(0,BN_F_BN_DIV,0), "BN_div"}, -{ERR_PACK(0,BN_F_BN_EXPAND2,0), "bn_expand2"}, -{ERR_PACK(0,BN_F_BN_EXPAND_INTERNAL,0), "BN_EXPAND_INTERNAL"}, -{ERR_PACK(0,BN_F_BN_MOD_EXP2_MONT,0), "BN_mod_exp2_mont"}, -{ERR_PACK(0,BN_F_BN_MOD_EXP_MONT,0), "BN_mod_exp_mont"}, -{ERR_PACK(0,BN_F_BN_MOD_EXP_MONT_WORD,0), "BN_mod_exp_mont_word"}, -{ERR_PACK(0,BN_F_BN_MOD_INVERSE,0), "BN_mod_inverse"}, -{ERR_PACK(0,BN_F_BN_MOD_LSHIFT_QUICK,0), "BN_mod_lshift_quick"}, -{ERR_PACK(0,BN_F_BN_MOD_MUL_RECIPROCAL,0), "BN_mod_mul_reciprocal"}, -{ERR_PACK(0,BN_F_BN_MOD_SQRT,0), "BN_mod_sqrt"}, -{ERR_PACK(0,BN_F_BN_MPI2BN,0), "BN_mpi2bn"}, -{ERR_PACK(0,BN_F_BN_NEW,0), "BN_new"}, -{ERR_PACK(0,BN_F_BN_RAND,0), "BN_rand"}, -{ERR_PACK(0,BN_F_BN_RAND_RANGE,0), "BN_rand_range"}, -{ERR_PACK(0,BN_F_BN_USUB,0), "BN_usub"}, -{0,NULL} - }; -static ERR_STRING_DATA BN_str_reasons[]= - { -{BN_R_ARG2_LT_ARG3 ,"arg2 lt arg3"}, -{BN_R_BAD_RECIPROCAL ,"bad reciprocal"}, -{BN_R_BIGNUM_TOO_LONG ,"bignum too long"}, -{BN_R_CALLED_WITH_EVEN_MODULUS ,"called with even modulus"}, -{BN_R_DIV_BY_ZERO ,"div by zero"}, -{BN_R_ENCODING_ERROR ,"encoding error"}, -{BN_R_EXPAND_ON_STATIC_BIGNUM_DATA ,"expand on static bignum data"}, -{BN_R_INPUT_NOT_REDUCED ,"input not reduced"}, -{BN_R_INVALID_LENGTH ,"invalid length"}, -{BN_R_INVALID_RANGE ,"invalid range"}, -{BN_R_NOT_A_SQUARE ,"not a square"}, -{BN_R_NOT_INITIALIZED ,"not initialized"}, -{BN_R_NO_INVERSE ,"no inverse"}, -{BN_R_P_IS_NOT_PRIME ,"p is not prime"}, -{BN_R_TOO_MANY_ITERATIONS ,"too many iterations"}, -{BN_R_TOO_MANY_TEMPORARY_VARIABLES ,"too many temporary variables"}, -{0,NULL} - }; +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_BN,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_BN,0,reason) -#endif +static ERR_STRING_DATA BN_str_functs[]= { + {ERR_FUNC(0xfff), "CRYPTO_internal"}, + {0, NULL} +}; -void ERR_load_BN_strings(void) - { - static int init=1; +static ERR_STRING_DATA BN_str_reasons[]= { + {ERR_REASON(BN_R_ARG2_LT_ARG3) , "arg2 lt arg3"}, + {ERR_REASON(BN_R_BAD_RECIPROCAL) , "bad reciprocal"}, + {ERR_REASON(BN_R_BIGNUM_TOO_LONG) , "bignum too long"}, + {ERR_REASON(BN_R_BITS_TOO_SMALL) , "bits too small"}, + {ERR_REASON(BN_R_CALLED_WITH_EVEN_MODULUS), "called with even modulus"}, + {ERR_REASON(BN_R_DIV_BY_ZERO) , "div by zero"}, + {ERR_REASON(BN_R_ENCODING_ERROR) , "encoding error"}, + {ERR_REASON(BN_R_EXPAND_ON_STATIC_BIGNUM_DATA), "expand on static bignum data"}, + {ERR_REASON(BN_R_INPUT_NOT_REDUCED) , "input not reduced"}, + {ERR_REASON(BN_R_INVALID_LENGTH) , "invalid length"}, + {ERR_REASON(BN_R_INVALID_RANGE) , "invalid range"}, + {ERR_REASON(BN_R_NOT_A_SQUARE) , "not a square"}, + {ERR_REASON(BN_R_NOT_INITIALIZED) , "not initialized"}, + {ERR_REASON(BN_R_NO_INVERSE) , "no inverse"}, + {ERR_REASON(BN_R_NO_SOLUTION) , "no solution"}, + {ERR_REASON(BN_R_P_IS_NOT_PRIME) , "p is not prime"}, + {ERR_REASON(BN_R_TOO_MANY_ITERATIONS) , "too many iterations"}, + {ERR_REASON(BN_R_TOO_MANY_TEMPORARY_VARIABLES), "too many temporary variables"}, + {0, NULL} +}; - if (init) - { - init=0; -#ifndef OPENSSL_NO_ERR - ERR_load_strings(ERR_LIB_BN,BN_str_functs); - ERR_load_strings(ERR_LIB_BN,BN_str_reasons); #endif - } +void +ERR_load_BN_strings(void) +{ +#ifndef OPENSSL_NO_ERR + if (ERR_func_error_string(BN_str_functs[0].error) == NULL) { + ERR_load_strings(0, BN_str_functs); + ERR_load_strings(0, BN_str_reasons); } +#endif +} diff --git a/src/lib/libcrypto/bn/bn_exp.c b/src/lib/libcrypto/bn/bn_exp.c index afdfd580fb4..b778d5d67c7 100644 --- a/src/lib/libcrypto/bn/bn_exp.c +++ b/src/lib/libcrypto/bn/bn_exp.c @@ -1,25 +1,25 @@ -/* crypto/bn/bn_exp.c */ +/* $OpenBSD: bn_exp.c,v 1.31 2017/05/02 03:59:44 deraadt Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,21 +49,21 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -109,51 +109,73 @@ * */ +#include +#include + +#include -#include "cryptlib.h" #include "bn_lcl.h" +#include "constant_time_locl.h" +/* maximum precomputation table size for *variable* sliding windows */ #define TABLE_SIZE 32 /* this one works - simple but works */ -int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) - { - int i,bits,ret=0; - BIGNUM *v,*rr; +int +BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) +{ + int i, bits, ret = 0; + BIGNUM *v, *rr; + + if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { + /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ + BNerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return -1; + } BN_CTX_start(ctx); if ((r == a) || (r == p)) rr = BN_CTX_get(ctx); else rr = r; - if ((v = BN_CTX_get(ctx)) == NULL) goto err; + v = BN_CTX_get(ctx); + if (rr == NULL || v == NULL) + goto err; - if (BN_copy(v,a) == NULL) goto err; - bits=BN_num_bits(p); + if (BN_copy(v, a) == NULL) + goto err; + bits = BN_num_bits(p); - if (BN_is_odd(p)) - { if (BN_copy(rr,a) == NULL) goto err; } - else { if (!BN_one(rr)) goto err; } + if (BN_is_odd(p)) { + if (BN_copy(rr, a) == NULL) + goto err; + } else { + if (!BN_one(rr)) + goto err; + } - for (i=1; i= m. eay 07-May-97 */ -/* if ((m->d[m->top-1]&BN_TBIT) && BN_is_odd(m)) */ - - if (BN_is_odd(m)) - { -# ifdef MONT_EXP_WORD - if (a->top == 1 && !a->neg) - { + if (BN_is_odd(m)) { + if (a->top == 1 && !a->neg && !ct) { BN_ULONG A = a->d[0]; - ret=BN_mod_exp_mont_word(r,A,p,m,ctx,NULL); - } - else -# endif - ret=BN_mod_exp_mont(r,a,p,m,ctx,NULL); - } - else -#endif -#ifdef RECP_MUL_MOD - { ret=BN_mod_exp_recp(r,a,p,m,ctx); } -#else - { ret=BN_mod_exp_simple(r,a,p,m,ctx); } -#endif - - return(ret); + ret = BN_mod_exp_mont_word(r, A,p, m,ctx, NULL); + } else + ret = BN_mod_exp_mont_ct(r, a,p, m,ctx, NULL); + } else { + ret = BN_mod_exp_recp(r, a,p, m, ctx); } - -int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx) - { - int i,j,bits,ret=0,wstart,wend,window,wvalue; - int start=1,ts=0; + bn_check_top(r); + return (ret); +} + +int +BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, + BN_CTX *ctx) +{ + return BN_mod_exp_internal(r, a, p, m, ctx, + (BN_get_flags(p, BN_FLG_CONSTTIME) != 0)); +} + +int +BN_mod_exp_ct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, + BN_CTX *ctx) +{ + return BN_mod_exp_internal(r, a, p, m, ctx, 1); +} + + +int +BN_mod_exp_nonct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, + BN_CTX *ctx) +{ + return BN_mod_exp_internal(r, a, p, m, ctx, 0); +} + + +int +BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, + BN_CTX *ctx) +{ + int i, j, bits, ret = 0, wstart, wend, window, wvalue; + int start = 1; BIGNUM *aa; - BIGNUM val[TABLE_SIZE]; + /* Table of variables obtained from 'ctx' */ + BIGNUM *val[TABLE_SIZE]; BN_RECP_CTX recp; - bits=BN_num_bits(p); + if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { + /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ + BNerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return -1; + } - if (bits == 0) - { - ret = BN_one(r); + bits = BN_num_bits(p); + if (bits == 0) { + /* x**0 mod 1 is still zero. */ + if (BN_is_one(m)) { + ret = 1; + BN_zero(r); + } else + ret = BN_one(r); return ret; - } + } BN_CTX_start(ctx); - if ((aa = BN_CTX_get(ctx)) == NULL) goto err; + if ((aa = BN_CTX_get(ctx)) == NULL) + goto err; + if ((val[0] = BN_CTX_get(ctx)) == NULL) + goto err; BN_RECP_CTX_init(&recp); - if (m->neg) - { + if (m->neg) { /* ignore sign of 'm' */ - if (!BN_copy(aa, m)) goto err; + if (!BN_copy(aa, m)) + goto err; aa->neg = 0; - if (BN_RECP_CTX_set(&recp,aa,ctx) <= 0) goto err; - } - else - { - if (BN_RECP_CTX_set(&recp,m,ctx) <= 0) goto err; - } - - BN_init(&(val[0])); - ts=1; + if (BN_RECP_CTX_set(&recp, aa, ctx) <= 0) + goto err; + } else { + if (BN_RECP_CTX_set(&recp, m, ctx) <= 0) + goto err; + } - if (!BN_nnmod(&(val[0]),a,m,ctx)) goto err; /* 1 */ - if (BN_is_zero(&(val[0]))) - { - ret = BN_zero(r); + if (!BN_nnmod(val[0], a, m, ctx)) + goto err; /* 1 */ + if (BN_is_zero(val[0])) { + BN_zero(r); + ret = 1; goto err; - } + } window = BN_window_bits_for_exponent_size(bits); - if (window > 1) - { - if (!BN_mod_mul_reciprocal(aa,&(val[0]),&(val[0]),&recp,ctx)) + if (window > 1) { + if (!BN_mod_mul_reciprocal(aa, val[0], val[0], &recp, ctx)) goto err; /* 2 */ - j=1<<(window-1); - for (i=1; i>1]),&recp,ctx)) + if (!BN_mod_mul_reciprocal(r, r,val[wvalue >> 1], &recp, ctx)) goto err; /* move the 'window' down further */ - wstart-=wend+1; - wvalue=0; - start=0; - if (wstart < 0) break; - } - ret=1; + wstart -= wend + 1; + wvalue = 0; + start = 0; + if (wstart < 0) + break; + } + ret = 1; + err: BN_CTX_end(ctx); - for (i=0; id[0] & 1)) - { - BNerr(BN_F_BN_MOD_EXP_MONT,BN_R_CALLED_WITH_EVEN_MODULUS); - return(0); - } - bits=BN_num_bits(p); - if (bits == 0) - { - ret = BN_one(rr); + if (!BN_is_odd(m)) { + BNerror(BN_R_CALLED_WITH_EVEN_MODULUS); + return (0); + } + + bits = BN_num_bits(p); + if (bits == 0) { + /* x**0 mod 1 is still zero. */ + if (BN_is_one(m)) { + ret = 1; + BN_zero(rr); + } else + ret = BN_one(rr); return ret; - } + } BN_CTX_start(ctx); - d = BN_CTX_get(ctx); - r = BN_CTX_get(ctx); - if (d == NULL || r == NULL) goto err; + if ((d = BN_CTX_get(ctx)) == NULL) + goto err; + if ((r = BN_CTX_get(ctx)) == NULL) + goto err; + if ((val[0] = BN_CTX_get(ctx)) == NULL) + goto err; /* If this is not done, things will break in the montgomery * part */ if (in_mont != NULL) - mont=in_mont; - else - { - if ((mont=BN_MONT_CTX_new()) == NULL) goto err; - if (!BN_MONT_CTX_set(mont,m,ctx)) goto err; - } + mont = in_mont; + else { + if ((mont = BN_MONT_CTX_new()) == NULL) + goto err; + if (!BN_MONT_CTX_set(mont, m, ctx)) + goto err; + } - BN_init(&val[0]); - ts=1; - if (a->neg || BN_ucmp(a,m) >= 0) - { - if (!BN_nnmod(&(val[0]),a,m,ctx)) + if (a->neg || BN_ucmp(a, m) >= 0) { + if (!BN_nnmod(val[0], a,m, ctx)) goto err; - aa= &(val[0]); - } - else - aa=a; - if (BN_is_zero(aa)) - { - ret = BN_zero(rr); + aa = val[0]; + } else + aa = a; + if (BN_is_zero(aa)) { + BN_zero(rr); + ret = 1; goto err; - } - if (!BN_to_montgomery(&(val[0]),aa,mont,ctx)) goto err; /* 1 */ + } + if (!BN_to_montgomery(val[0], aa, mont, ctx)) + goto err; /* 1 */ window = BN_window_bits_for_exponent_size(bits); - if (window > 1) - { - if (!BN_mod_mul_montgomery(d,&(val[0]),&(val[0]),mont,ctx)) goto err; /* 2 */ - j=1<<(window-1); - for (i=1; i 1) { + if (!BN_mod_mul_montgomery(d, val[0], val[0], mont, ctx)) + goto err; /* 2 */ + j = 1 << (window - 1); + for (i = 1; i < j; i++) { + if (((val[i] = BN_CTX_get(ctx)) == NULL) || + !BN_mod_mul_montgomery(val[i], val[i - 1], + d, mont, ctx)) goto err; - } - ts=i; } + } - start=1; /* This is used to avoid multiplication etc - * when there is only the value '1' in the - * buffer. */ - wvalue=0; /* The 'value' of the window */ - wstart=bits-1; /* The top bit of the window */ - wend=0; /* The bottom bit of the window */ + start = 1; /* This is used to avoid multiplication etc + * when there is only the value '1' in the + * buffer. */ + wvalue = 0; /* The 'value' of the window */ + wstart = bits - 1; /* The top bit of the window */ + wend = 0; /* The bottom bit of the window */ - if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err; - for (;;) - { - if (BN_is_bit_set(p,wstart) == 0) - { - if (!start) - { - if (!BN_mod_mul_montgomery(r,r,r,mont,ctx)) - goto err; - } - if (wstart == 0) break; + if (!BN_to_montgomery(r, BN_value_one(), mont, ctx)) + goto err; + for (;;) { + if (BN_is_bit_set(p, wstart) == 0) { + if (!start) { + if (!BN_mod_mul_montgomery(r, r, r, mont, ctx)) + goto err; + } + if (wstart == 0) + break; wstart--; continue; - } + } /* We now have wstart on a 'set' bit, we now need to work out * how bit a window to do. To do this we need to scan * forward until the last set bit before the end of the * window */ - j=wstart; - wvalue=1; - wend=0; - for (i=1; i>1]),mont,ctx)) + if (!BN_mod_mul_montgomery(r, r, val[wvalue >> 1], mont, ctx)) goto err; /* move the 'window' down further */ - wstart-=wend+1; - wvalue=0; - start=0; - if (wstart < 0) break; - } - if (!BN_from_montgomery(rr,r,mont,ctx)) goto err; - ret=1; + wstart -= wend + 1; + wvalue = 0; + start = 0; + if (wstart < 0) + break; + } + if (!BN_from_montgomery(rr, r,mont, ctx)) + goto err; + ret = 1; + err: - if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont); + if ((in_mont == NULL) && (mont != NULL)) + BN_MONT_CTX_free(mont); BN_CTX_end(ctx); - for (i=0; i b->top) + top = b->top; /* this works because 'buf' is explicitly zeroed */ + + for (i = 0, j = idx; i < top; i++, j += width) { + table[j] = b->d[i]; } -int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) + return 1; +} + +static int +MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top, unsigned char *buf, int idx, + int window) +{ + int i, j; + int width = 1 << window; + volatile BN_ULONG *table = (volatile BN_ULONG *)buf; + + if (bn_wexpand(b, top) == NULL) + return 0; + + if (window <= 3) { + for (i = 0; i < top; i++, table += width) { + BN_ULONG acc = 0; + + for (j = 0; j < width; j++) { + acc |= table[j] & + ((BN_ULONG)0 - (constant_time_eq_int(j,idx)&1)); + } + + b->d[i] = acc; + } + } else { + int xstride = 1 << (window - 2); + BN_ULONG y0, y1, y2, y3; + + i = idx >> (window - 2); /* equivalent of idx / xstride */ + idx &= xstride - 1; /* equivalent of idx % xstride */ + + y0 = (BN_ULONG)0 - (constant_time_eq_int(i,0)&1); + y1 = (BN_ULONG)0 - (constant_time_eq_int(i,1)&1); + y2 = (BN_ULONG)0 - (constant_time_eq_int(i,2)&1); + y3 = (BN_ULONG)0 - (constant_time_eq_int(i,3)&1); + + for (i = 0; i < top; i++, table += width) { + BN_ULONG acc = 0; + + for (j = 0; j < xstride; j++) { + acc |= ( (table[j + 0 * xstride] & y0) | + (table[j + 1 * xstride] & y1) | + (table[j + 2 * xstride] & y2) | + (table[j + 3 * xstride] & y3) ) + & ((BN_ULONG)0 - (constant_time_eq_int(j,idx)&1)); + } + + b->d[i] = acc; + } + } + b->top = top; + bn_correct_top(b); + return 1; +} + +/* Given a pointer value, compute the next address that is a cache line multiple. */ +#define MOD_EXP_CTIME_ALIGN(x_) \ + ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK)))) + +/* This variant of BN_mod_exp_mont() uses fixed windows and the special + * precomputation memory layout to limit data-dependency to a minimum + * to protect secret exponents (cf. the hyper-threading timing attacks + * pointed out by Colin Percival, + * http://www.daemonology.net/hyperthreading-considered-harmful/) + */ +int +BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) +{ + int i, bits, ret = 0, window, wvalue; + int top; + BN_MONT_CTX *mont = NULL; + int numPowers; + unsigned char *powerbufFree = NULL; + int powerbufLen = 0; + unsigned char *powerbuf = NULL; + BIGNUM tmp, am; + + bn_check_top(a); + bn_check_top(p); + bn_check_top(m); + + if (!BN_is_odd(m)) { + BNerror(BN_R_CALLED_WITH_EVEN_MODULUS); + return (0); + } + + top = m->top; + + bits = BN_num_bits(p); + if (bits == 0) { + /* x**0 mod 1 is still zero. */ + if (BN_is_one(m)) { + ret = 1; + BN_zero(rr); + } else + ret = BN_one(rr); + return ret; + } + + BN_CTX_start(ctx); + + /* Allocate a montgomery context if it was not supplied by the caller. + * If this is not done, things will break in the montgomery part. + */ + if (in_mont != NULL) + mont = in_mont; + else { + if ((mont = BN_MONT_CTX_new()) == NULL) + goto err; + if (!BN_MONT_CTX_set(mont, m, ctx)) + goto err; + } + + /* Get the window size to use with size of p. */ + window = BN_window_bits_for_ctime_exponent_size(bits); +#if defined(OPENSSL_BN_ASM_MONT5) + if (window == 6 && bits <= 1024) + window = 5; /* ~5% improvement of 2048-bit RSA sign */ +#endif + + /* Allocate a buffer large enough to hold all of the pre-computed + * powers of am, am itself and tmp. + */ + numPowers = 1 << window; + powerbufLen = sizeof(m->d[0]) * (top * numPowers + + ((2*top) > numPowers ? (2*top) : numPowers)); + if ((powerbufFree = calloc(powerbufLen + + MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH, 1)) == NULL) + goto err; + powerbuf = MOD_EXP_CTIME_ALIGN(powerbufFree); + + /* lay down tmp and am right after powers table */ + tmp.d = (BN_ULONG *)(powerbuf + sizeof(m->d[0]) * top * numPowers); + am.d = tmp.d + top; + tmp.top = am.top = 0; + tmp.dmax = am.dmax = top; + tmp.neg = am.neg = 0; + tmp.flags = am.flags = BN_FLG_STATIC_DATA; + + /* prepare a^0 in Montgomery domain */ +#if 1 + if (!BN_to_montgomery(&tmp, BN_value_one(), mont, ctx)) + goto err; +#else + tmp.d[0] = (0 - m - >d[0]) & BN_MASK2; /* 2^(top*BN_BITS2) - m */ + for (i = 1; i < top; i++) + tmp.d[i] = (~m->d[i]) & BN_MASK2; + tmp.top = top; +#endif + + /* prepare a^1 in Montgomery domain */ + if (a->neg || BN_ucmp(a, m) >= 0) { + if (!BN_mod_ct(&am, a,m, ctx)) + goto err; + if (!BN_to_montgomery(&am, &am, mont, ctx)) + goto err; + } else if (!BN_to_montgomery(&am, a,mont, ctx)) + goto err; + +#if defined(OPENSSL_BN_ASM_MONT5) + /* This optimization uses ideas from http://eprint.iacr.org/2011/239, + * specifically optimization of cache-timing attack countermeasures + * and pre-computation optimization. */ + + /* Dedicated window==4 case improves 512-bit RSA sign by ~15%, but as + * 512-bit RSA is hardly relevant, we omit it to spare size... */ + if (window == 5 && top > 1) { + void bn_mul_mont_gather5(BN_ULONG *rp, const BN_ULONG *ap, + const void *table, const BN_ULONG *np, + const BN_ULONG *n0, int num, int power); + void bn_scatter5(const BN_ULONG *inp, size_t num, + void *table, size_t power); + void bn_gather5(BN_ULONG *out, size_t num, + void *table, size_t power); + + BN_ULONG *np = mont->N.d, *n0 = mont->n0; + + /* BN_to_montgomery can contaminate words above .top + * [in BN_DEBUG[_DEBUG] build]... */ + for (i = am.top; i < top; i++) + am.d[i] = 0; + for (i = tmp.top; i < top; i++) + tmp.d[i] = 0; + + bn_scatter5(tmp.d, top, powerbuf, 0); + bn_scatter5(am.d, am.top, powerbuf, 1); + bn_mul_mont(tmp.d, am.d, am.d, np, n0, top); + bn_scatter5(tmp.d, top, powerbuf, 2); + +#if 0 + for (i = 3; i < 32; i++) { + /* Calculate a^i = a^(i-1) * a */ + bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, + n0, top, i - 1); + bn_scatter5(tmp.d, top, powerbuf, i); + } +#else + /* same as above, but uses squaring for 1/2 of operations */ + for (i = 4; i < 32; i*=2) { + bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top); + bn_scatter5(tmp.d, top, powerbuf, i); + } + for (i = 3; i < 8; i += 2) { + int j; + bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, + n0, top, i - 1); + bn_scatter5(tmp.d, top, powerbuf, i); + for (j = 2 * i; j < 32; j *= 2) { + bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top); + bn_scatter5(tmp.d, top, powerbuf, j); + } + } + for (; i < 16; i += 2) { + bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, + n0, top, i - 1); + bn_scatter5(tmp.d, top, powerbuf, i); + bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top); + bn_scatter5(tmp.d, top, powerbuf, 2*i); + } + for (; i < 32; i += 2) { + bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, + n0, top, i - 1); + bn_scatter5(tmp.d, top, powerbuf, i); + } +#endif + bits--; + for (wvalue = 0, i = bits % 5; i >= 0; i--, bits--) + wvalue = (wvalue << 1) + BN_is_bit_set(p, bits); + bn_gather5(tmp.d, top, powerbuf, wvalue); + + /* Scan the exponent one window at a time starting from the most + * significant bits. + */ + while (bits >= 0) { + for (wvalue = 0, i = 0; i < 5; i++, bits--) + wvalue = (wvalue << 1) + BN_is_bit_set(p, bits); + + bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top); + bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top); + bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top); + bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top); + bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top); + bn_mul_mont_gather5(tmp.d, tmp.d, powerbuf, np, n0, top, wvalue); + } + + tmp.top = top; + bn_correct_top(&tmp); + } else +#endif { + if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 0, + window)) + goto err; + if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&am, top, powerbuf, 1, + window)) + goto err; + + /* If the window size is greater than 1, then calculate + * val[i=2..2^winsize-1]. Powers are computed as a*a^(i-1) + * (even powers could instead be computed as (a^(i/2))^2 + * to use the slight performance advantage of sqr over mul). + */ + if (window > 1) { + if (!BN_mod_mul_montgomery(&tmp, &am, &am, mont, ctx)) + goto err; + if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, + 2, window)) + goto err; + for (i = 3; i < numPowers; i++) { + /* Calculate a^i = a^(i-1) * a */ + if (!BN_mod_mul_montgomery(&tmp, &am, &tmp, + mont, ctx)) + goto err; + if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, + powerbuf, i, window)) + goto err; + } + } + + bits--; + for (wvalue = 0, i = bits % window; i >= 0; i--, bits--) + wvalue = (wvalue << 1) + BN_is_bit_set(p, bits); + if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&tmp, top, powerbuf, + wvalue, window)) + goto err; + + /* Scan the exponent one window at a time starting from the most + * significant bits. + */ + while (bits >= 0) { + wvalue = 0; /* The 'value' of the window */ + + /* Scan the window, squaring the result as we go */ + for (i = 0; i < window; i++, bits--) { + if (!BN_mod_mul_montgomery(&tmp, &tmp, &tmp, + mont, ctx)) + goto err; + wvalue = (wvalue << 1) + BN_is_bit_set(p, bits); + } + + /* Fetch the appropriate pre-computed value from the pre-buf */ + if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&am, top, powerbuf, + wvalue, window)) + goto err; + + /* Multiply the result into the intermediate result */ + if (!BN_mod_mul_montgomery(&tmp, &tmp, &am, mont, ctx)) + goto err; + } + } + + /* Convert the final result from montgomery to standard format */ + if (!BN_from_montgomery(rr, &tmp, mont, ctx)) + goto err; + ret = 1; + +err: + if ((in_mont == NULL) && (mont != NULL)) + BN_MONT_CTX_free(mont); + freezero(powerbufFree, powerbufLen + MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH); + BN_CTX_end(ctx); + return (ret); +} + +int +BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, const BIGNUM *m, + BN_CTX *ctx, BN_MONT_CTX *in_mont) +{ BN_MONT_CTX *mont = NULL; - int b, bits, ret=0; + int b, bits, ret = 0; int r_is_one; BN_ULONG w, next_w; BIGNUM *d, *r, *t; BIGNUM *swap_tmp; + #define BN_MOD_MUL_WORD(r, w, m) \ (BN_mul_word(r, (w)) && \ (/* BN_ucmp(r, (m)) < 0 ? 1 :*/ \ - (BN_mod(t, r, m, ctx) && (swap_tmp = r, r = t, t = swap_tmp, 1)))) + (BN_mod_ct(t, r, m, ctx) && (swap_tmp = r, r = t, t = swap_tmp, 1)))) /* BN_MOD_MUL_WORD is only used with 'w' large, * so the BN_ucmp test is probably more overhead * than always using BN_mod (which uses BN_copy if @@ -517,42 +930,54 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, #define BN_TO_MONTGOMERY_WORD(r, w, mont) \ (BN_set_word(r, (w)) && BN_to_montgomery(r, r, (mont), ctx)) + if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { + /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ + BNerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return -1; + } + bn_check_top(p); bn_check_top(m); - if (m->top == 0 || !(m->d[0] & 1)) - { - BNerr(BN_F_BN_MOD_EXP_MONT_WORD,BN_R_CALLED_WITH_EVEN_MODULUS); - return(0); - } + if (!BN_is_odd(m)) { + BNerror(BN_R_CALLED_WITH_EVEN_MODULUS); + return (0); + } if (m->top == 1) a %= m->d[0]; /* make sure that 'a' is reduced */ bits = BN_num_bits(p); - if (bits == 0) - { - ret = BN_one(rr); + if (bits == 0) { + /* x**0 mod 1 is still zero. */ + if (BN_is_one(m)) { + ret = 1; + BN_zero(rr); + } else + ret = BN_one(rr); return ret; - } - if (a == 0) - { - ret = BN_zero(rr); + } + if (a == 0) { + BN_zero(rr); + ret = 1; return ret; - } + } BN_CTX_start(ctx); - d = BN_CTX_get(ctx); - r = BN_CTX_get(ctx); - t = BN_CTX_get(ctx); - if (d == NULL || r == NULL || t == NULL) goto err; + if ((d = BN_CTX_get(ctx)) == NULL) + goto err; + if ((r = BN_CTX_get(ctx)) == NULL) + goto err; + if ((t = BN_CTX_get(ctx)) == NULL) + goto err; if (in_mont != NULL) - mont=in_mont; - else - { - if ((mont = BN_MONT_CTX_new()) == NULL) goto err; - if (!BN_MONT_CTX_set(mont, m, ctx)) goto err; - } + mont = in_mont; + else { + if ((mont = BN_MONT_CTX_new()) == NULL) + goto err; + if (!BN_MONT_CTX_set(mont, m, ctx)) + goto err; + } r_is_one = 1; /* except for Montgomery factor */ @@ -560,188 +985,192 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, /* The result is accumulated in the product r*w. */ w = a; /* bit 'bits-1' of 'p' is always set */ - for (b = bits-2; b >= 0; b--) - { + for (b = bits - 2; b >= 0; b--) { /* First, square r*w. */ - next_w = w*w; - if ((next_w/w) != w) /* overflow */ - { - if (r_is_one) - { - if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err; + next_w = w * w; + if ((next_w / w) != w) /* overflow */ + { + if (r_is_one) { + if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) + goto err; r_is_one = 0; - } - else - { - if (!BN_MOD_MUL_WORD(r, w, m)) goto err; - } - next_w = 1; + } else { + if (!BN_MOD_MUL_WORD(r, w, m)) + goto err; } + next_w = 1; + } w = next_w; - if (!r_is_one) - { - if (!BN_mod_mul_montgomery(r, r, r, mont, ctx)) goto err; - } + if (!r_is_one) { + if (!BN_mod_mul_montgomery(r, r, r, mont, ctx)) + goto err; + } /* Second, multiply r*w by 'a' if exponent bit is set. */ - if (BN_is_bit_set(p, b)) + if (BN_is_bit_set(p, b)) { + next_w = w * a; + if ((next_w / a) != w) /* overflow */ { - next_w = w*a; - if ((next_w/a) != w) /* overflow */ - { - if (r_is_one) - { - if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err; + if (r_is_one) { + if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) + goto err; r_is_one = 0; - } - else - { - if (!BN_MOD_MUL_WORD(r, w, m)) goto err; - } - next_w = a; + } else { + if (!BN_MOD_MUL_WORD(r, w, m)) + goto err; } - w = next_w; + next_w = a; } + w = next_w; } + } /* Finally, set r:=r*w. */ - if (w != 1) - { - if (r_is_one) - { - if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err; + if (w != 1) { + if (r_is_one) { + if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) + goto err; r_is_one = 0; - } - else - { - if (!BN_MOD_MUL_WORD(r, w, m)) goto err; - } + } else { + if (!BN_MOD_MUL_WORD(r, w, m)) + goto err; } + } if (r_is_one) /* can happen only if a == 1*/ - { - if (!BN_one(rr)) goto err; - } - else - { - if (!BN_from_montgomery(rr, r, mont, ctx)) goto err; - } + { + if (!BN_one(rr)) + goto err; + } else { + if (!BN_from_montgomery(rr, r, mont, ctx)) + goto err; + } ret = 1; + err: - if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont); + if ((in_mont == NULL) && (mont != NULL)) + BN_MONT_CTX_free(mont); BN_CTX_end(ctx); - return(ret); - } + bn_check_top(rr); + return (ret); +} /* The old fallback, simple version :-) */ -int BN_mod_exp_simple(BIGNUM *r, - const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, - BN_CTX *ctx) - { - int i,j,bits,ret=0,wstart,wend,window,wvalue,ts=0; - int start=1; +int +BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, + BN_CTX *ctx) +{ + int i, j, bits, ret = 0, wstart, wend, window, wvalue; + int start = 1; BIGNUM *d; - BIGNUM val[TABLE_SIZE]; + /* Table of variables obtained from 'ctx' */ + BIGNUM *val[TABLE_SIZE]; - bits=BN_num_bits(p); + if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { + /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ + BNerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return -1; + } - if (bits == 0) - { - ret = BN_one(r); + bits = BN_num_bits(p); + if (bits == 0) { + /* x**0 mod 1 is still zero. */ + if (BN_is_one(m)) { + ret = 1; + BN_zero(r); + } else + ret = BN_one(r); return ret; - } + } BN_CTX_start(ctx); - if ((d = BN_CTX_get(ctx)) == NULL) goto err; + if ((d = BN_CTX_get(ctx)) == NULL) + goto err; + if ((val[0] = BN_CTX_get(ctx)) == NULL) + goto err; - BN_init(&(val[0])); - ts=1; - if (!BN_nnmod(&(val[0]),a,m,ctx)) goto err; /* 1 */ - if (BN_is_zero(&(val[0]))) - { - ret = BN_zero(r); + if (!BN_nnmod(val[0],a,m,ctx)) + goto err; /* 1 */ + if (BN_is_zero(val[0])) { + BN_zero(r); + ret = 1; goto err; - } + } window = BN_window_bits_for_exponent_size(bits); - if (window > 1) - { - if (!BN_mod_mul(d,&(val[0]),&(val[0]),m,ctx)) + if (window > 1) { + if (!BN_mod_mul(d, val[0], val[0], m, ctx)) goto err; /* 2 */ - j=1<<(window-1); - for (i=1; i>1]),m,ctx)) + if (!BN_mod_mul(r, r, val[wvalue >> 1], m, ctx)) goto err; /* move the 'window' down further */ - wstart-=wend+1; - wvalue=0; - start=0; - if (wstart < 0) break; - } - ret=1; -err: - BN_CTX_end(ctx); - for (i=0; i -#include "cryptlib.h" + +#include + #include "bn_lcl.h" #define TABLE_SIZE 32 -int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, - const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m, - BN_CTX *ctx, BN_MONT_CTX *in_mont) - { - int i,j,bits,b,bits1,bits2,ret=0,wpos1,wpos2,window1,window2,wvalue1,wvalue2; - int r_is_one=1,ts1=0,ts2=0; - BIGNUM *d,*r; +int +BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, + const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *in_mont) +{ + int i, j, bits, b, bits1, bits2, ret = 0, wpos1, wpos2, window1, window2, wvalue1, wvalue2; + int r_is_one = 1; + BIGNUM *d, *r; const BIGNUM *a_mod_m; - BIGNUM val1[TABLE_SIZE], val2[TABLE_SIZE]; - BN_MONT_CTX *mont=NULL; + /* Tables of variables obtained from 'ctx' */ + BIGNUM *val1[TABLE_SIZE], *val2[TABLE_SIZE]; + BN_MONT_CTX *mont = NULL; bn_check_top(a1); bn_check_top(p1); @@ -132,33 +136,37 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, bn_check_top(p2); bn_check_top(m); - if (!(m->d[0] & 1)) - { - BNerr(BN_F_BN_MOD_EXP2_MONT,BN_R_CALLED_WITH_EVEN_MODULUS); - return(0); - } - bits1=BN_num_bits(p1); - bits2=BN_num_bits(p2); - if ((bits1 == 0) && (bits2 == 0)) - { + if (!(m->d[0] & 1)) { + BNerror(BN_R_CALLED_WITH_EVEN_MODULUS); + return (0); + } + bits1 = BN_num_bits(p1); + bits2 = BN_num_bits(p2); + if ((bits1 == 0) && (bits2 == 0)) { ret = BN_one(rr); return ret; - } - - bits=(bits1 > bits2)?bits1:bits2; + } + + bits = (bits1 > bits2) ? bits1 : bits2; BN_CTX_start(ctx); - d = BN_CTX_get(ctx); - r = BN_CTX_get(ctx); - if (d == NULL || r == NULL) goto err; + if ((d = BN_CTX_get(ctx)) == NULL) + goto err; + if ((r = BN_CTX_get(ctx)) == NULL) + goto err; + if ((val1[0] = BN_CTX_get(ctx)) == NULL) + goto err; + if ((val2[0] = BN_CTX_get(ctx)) == NULL) + goto err; if (in_mont != NULL) - mont=in_mont; - else - { - if ((mont=BN_MONT_CTX_new()) == NULL) goto err; - if (!BN_MONT_CTX_set(mont,m,ctx)) goto err; - } + mont = in_mont; + else { + if ((mont = BN_MONT_CTX_new()) == NULL) + goto err; + if (!BN_MONT_CTX_set(mont, m, ctx)) + goto err; + } window1 = BN_window_bits_for_exponent_size(bits1); window2 = BN_window_bits_for_exponent_size(bits2); @@ -166,148 +174,135 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, /* * Build table for a1: val1[i] := a1^(2*i + 1) mod m for i = 0 .. 2^(window1-1) */ - BN_init(&val1[0]); - ts1=1; - if (a1->neg || BN_ucmp(a1,m) >= 0) - { - if (!BN_mod(&(val1[0]),a1,m,ctx)) + if (a1->neg || BN_ucmp(a1, m) >= 0) { + if (!BN_mod_ct(val1[0], a1, m, ctx)) goto err; - a_mod_m = &(val1[0]); - } - else + a_mod_m = val1[0]; + } else a_mod_m = a1; - if (BN_is_zero(a_mod_m)) - { - ret = BN_zero(rr); + if (BN_is_zero(a_mod_m)) { + BN_zero(rr); + ret = 1; goto err; - } + } - if (!BN_to_montgomery(&(val1[0]),a_mod_m,mont,ctx)) goto err; - if (window1 > 1) - { - if (!BN_mod_mul_montgomery(d,&(val1[0]),&(val1[0]),mont,ctx)) goto err; + if (!BN_to_montgomery(val1[0], a_mod_m, mont, ctx)) + goto err; + if (window1 > 1) { + if (!BN_mod_mul_montgomery(d, val1[0], val1[0], mont, ctx)) + goto err; - j=1<<(window1-1); - for (i=1; ineg || BN_ucmp(a2,m) >= 0) - { - if (!BN_mod(&(val2[0]),a2,m,ctx)) + if (a2->neg || BN_ucmp(a2, m) >= 0) { + if (!BN_mod_ct(val2[0], a2, m, ctx)) goto err; - a_mod_m = &(val2[0]); - } - else + a_mod_m = val2[0]; + } else a_mod_m = a2; - if (BN_is_zero(a_mod_m)) - { - ret = BN_zero(rr); + if (BN_is_zero(a_mod_m)) { + BN_zero(rr); + ret = 1; goto err; - } - if (!BN_to_montgomery(&(val2[0]),a_mod_m,mont,ctx)) goto err; - if (window2 > 1) - { - if (!BN_mod_mul_montgomery(d,&(val2[0]),&(val2[0]),mont,ctx)) goto err; + } + if (!BN_to_montgomery(val2[0], a_mod_m, mont, ctx)) + goto err; + if (window2 > 1) { + if (!BN_mod_mul_montgomery(d, val2[0], val2[0], mont, ctx)) + goto err; - j=1<<(window2-1); - for (i=1; i 0, the bottom bit of the first window */ - wpos2=0; /* If wvalue2 > 0, the bottom bit of the second window */ + r_is_one = 1; + wvalue1 = 0; /* The 'value' of the first window */ + wvalue2 = 0; /* The 'value' of the second window */ + wpos1 = 0; /* If wvalue1 > 0, the bottom bit of the first window */ + wpos2 = 0; /* If wvalue2 > 0, the bottom bit of the second window */ - if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err; - for (b=bits-1; b>=0; b--) - { - if (!r_is_one) - { - if (!BN_mod_mul_montgomery(r,r,r,mont,ctx)) + if (!BN_to_montgomery(r, BN_value_one(), mont, ctx)) + goto err; + for (b = bits - 1; b >= 0; b--) { + if (!r_is_one) { + if (!BN_mod_mul_montgomery(r, r,r, mont, ctx)) goto err; - } - + } + if (!wvalue1) - if (BN_is_bit_set(p1, b)) - { - /* consider bits b-window1+1 .. b for this window */ - i = b-window1+1; - while (!BN_is_bit_set(p1, i)) /* works for i<0 */ - i++; - wpos1 = i; - wvalue1 = 1; - for (i = b-1; i >= wpos1; i--) - { - wvalue1 <<= 1; - if (BN_is_bit_set(p1, i)) - wvalue1++; - } - } - + if (BN_is_bit_set(p1, b)) { + /* consider bits b-window1+1 .. b for this window */ + i = b - window1 + 1; + while (!BN_is_bit_set(p1, i)) /* works for i<0 */ + i++; + wpos1 = i; + wvalue1 = 1; + for (i = b - 1; i >= wpos1; i--) { + wvalue1 <<= 1; + if (BN_is_bit_set(p1, i)) + wvalue1++; + } + } + if (!wvalue2) - if (BN_is_bit_set(p2, b)) - { - /* consider bits b-window2+1 .. b for this window */ - i = b-window2+1; - while (!BN_is_bit_set(p2, i)) - i++; - wpos2 = i; - wvalue2 = 1; - for (i = b-1; i >= wpos2; i--) - { - wvalue2 <<= 1; - if (BN_is_bit_set(p2, i)) - wvalue2++; - } - } + if (BN_is_bit_set(p2, b)) { + /* consider bits b-window2+1 .. b for this window */ + i = b - window2 + 1; + while (!BN_is_bit_set(p2, i)) + i++; + wpos2 = i; + wvalue2 = 1; + for (i = b - 1; i >= wpos2; i--) { + wvalue2 <<= 1; + if (BN_is_bit_set(p2, i)) + wvalue2++; + } + } - if (wvalue1 && b == wpos1) - { + if (wvalue1 && b == wpos1) { /* wvalue1 is odd and < 2^window1 */ - if (!BN_mod_mul_montgomery(r,r,&(val1[wvalue1>>1]),mont,ctx)) + if (!BN_mod_mul_montgomery(r, r, val1[wvalue1 >> 1], + mont, ctx)) goto err; wvalue1 = 0; r_is_one = 0; - } - - if (wvalue2 && b == wpos2) - { + } + + if (wvalue2 && b == wpos2) { /* wvalue2 is odd and < 2^window2 */ - if (!BN_mod_mul_montgomery(r,r,&(val2[wvalue2>>1]),mont,ctx)) + if (!BN_mod_mul_montgomery(r, r, val2[wvalue2 >> 1], + mont, ctx)) goto err; wvalue2 = 0; r_is_one = 0; - } } - BN_from_montgomery(rr,r,mont,ctx); - ret=1; + } + if (!BN_from_montgomery(rr, r,mont, ctx)) + goto err; + ret = 1; + err: - if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont); + if ((in_mont == NULL) && (mont != NULL)) + BN_MONT_CTX_free(mont); BN_CTX_end(ctx); - for (i=0; i + #include "bn_lcl.h" static BIGNUM *euclid(BIGNUM *a, BIGNUM *b); +static BIGNUM *BN_gcd_no_branch(BIGNUM *in, const BIGNUM *a, const BIGNUM *n, + BN_CTX *ctx); -int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx) - { - BIGNUM *a,*b,*t; - int ret=0; +int +BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx) +{ + BIGNUM *a, *b, *t; + int ret = 0; bn_check_top(in_a); bn_check_top(in_b); BN_CTX_start(ctx); - a = BN_CTX_get(ctx); - b = BN_CTX_get(ctx); - if (a == NULL || b == NULL) goto err; + if ((a = BN_CTX_get(ctx)) == NULL) + goto err; + if ((b = BN_CTX_get(ctx)) == NULL) + goto err; - if (BN_copy(a,in_a) == NULL) goto err; - if (BN_copy(b,in_b) == NULL) goto err; + if (BN_copy(a, in_a) == NULL) + goto err; + if (BN_copy(b, in_b) == NULL) + goto err; a->neg = 0; b->neg = 0; - if (BN_cmp(a,b) < 0) { t=a; a=b; b=t; } - t=euclid(a,b); - if (t == NULL) goto err; + if (BN_cmp(a, b) < 0) { + t = a; + a = b; + b = t; + } + t = euclid(a, b); + if (t == NULL) + goto err; + + if (BN_copy(r, t) == NULL) + goto err; + ret = 1; - if (BN_copy(r,t) == NULL) goto err; - ret=1; err: BN_CTX_end(ctx); - return(ret); - } + bn_check_top(r); + return (ret); +} + +int +BN_gcd_ct(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx) +{ + if (BN_gcd_no_branch(r, in_a, in_b, ctx) == NULL) + return 0; + return 1; +} + +int +BN_gcd_nonct(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx) +{ + return BN_gcd(r, in_a, in_b, ctx); +} -static BIGNUM *euclid(BIGNUM *a, BIGNUM *b) - { + +static BIGNUM * +euclid(BIGNUM *a, BIGNUM *b) +{ BIGNUM *t; - int shifts=0; + int shifts = 0; bn_check_top(a); bn_check_top(b); /* 0 <= b <= a */ - while (!BN_is_zero(b)) - { + while (!BN_is_zero(b)) { /* 0 < b <= a */ - if (BN_is_odd(a)) - { - if (BN_is_odd(b)) - { - if (!BN_sub(a,a,b)) goto err; - if (!BN_rshift1(a,a)) goto err; - if (BN_cmp(a,b) < 0) - { t=a; a=b; b=t; } + if (BN_is_odd(a)) { + if (BN_is_odd(b)) { + if (!BN_sub(a, a, b)) + goto err; + if (!BN_rshift1(a, a)) + goto err; + if (BN_cmp(a, b) < 0) { + t = a; + a = b; + b = t; } + } else /* a odd - b even */ - { - if (!BN_rshift1(b,b)) goto err; - if (BN_cmp(a,b) < 0) - { t=a; a=b; b=t; } + { + if (!BN_rshift1(b, b)) + goto err; + if (BN_cmp(a, b) < 0) { + t = a; + a = b; + b = t; } } + } else /* a is even */ - { - if (BN_is_odd(b)) - { - if (!BN_rshift1(a,a)) goto err; - if (BN_cmp(a,b) < 0) - { t=a; a=b; b=t; } + { + if (BN_is_odd(b)) { + if (!BN_rshift1(a, a)) + goto err; + if (BN_cmp(a, b) < 0) { + t = a; + a = b; + b = t; } + } else /* a even - b even */ - { - if (!BN_rshift1(a,a)) goto err; - if (!BN_rshift1(b,b)) goto err; + { + if (!BN_rshift1(a, a)) + goto err; + if (!BN_rshift1(b, b)) + goto err; shifts++; - } } - /* 0 <= b <= a */ } + /* 0 <= b <= a */ + } - if (shifts) - { - if (!BN_lshift(a,a,shifts)) goto err; - } - return(a); -err: - return(NULL); + if (shifts) { + if (!BN_lshift(a, a, shifts)) + goto err; } + bn_check_top(a); + return (a); + +err: + return (NULL); +} /* solves ax == 1 (mod n) */ -BIGNUM *BN_mod_inverse(BIGNUM *in, - const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx) - { - BIGNUM *A,*B,*X,*Y,*M,*D,*T,*R=NULL; - BIGNUM *ret=NULL; +static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in, const BIGNUM *a, + const BIGNUM *n, BN_CTX *ctx); + +static BIGNUM * +BN_mod_inverse_internal(BIGNUM *in, const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx, + int ct) +{ + BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL; + BIGNUM *ret = NULL; int sign; + if (ct) + return BN_mod_inverse_no_branch(in, a, n, ctx); + bn_check_top(a); bn_check_top(n); BN_CTX_start(ctx); - A = BN_CTX_get(ctx); - B = BN_CTX_get(ctx); - X = BN_CTX_get(ctx); - D = BN_CTX_get(ctx); - M = BN_CTX_get(ctx); - Y = BN_CTX_get(ctx); - T = BN_CTX_get(ctx); - if (T == NULL) goto err; + if ((A = BN_CTX_get(ctx)) == NULL) + goto err; + if ((B = BN_CTX_get(ctx)) == NULL) + goto err; + if ((X = BN_CTX_get(ctx)) == NULL) + goto err; + if ((D = BN_CTX_get(ctx)) == NULL) + goto err; + if ((M = BN_CTX_get(ctx)) == NULL) + goto err; + if ((Y = BN_CTX_get(ctx)) == NULL) + goto err; + if ((T = BN_CTX_get(ctx)) == NULL) + goto err; if (in == NULL) - R=BN_new(); + R = BN_new(); else - R=in; - if (R == NULL) goto err; + R = in; + if (R == NULL) + goto err; BN_one(X); BN_zero(Y); - if (BN_copy(B,a) == NULL) goto err; - if (BN_copy(A,n) == NULL) goto err; + if (BN_copy(B, a) == NULL) + goto err; + if (BN_copy(A, n) == NULL) + goto err; A->neg = 0; - if (B->neg || (BN_ucmp(B, A) >= 0)) - { - if (!BN_nnmod(B, B, A, ctx)) goto err; - } + if (B->neg || (BN_ucmp(B, A) >= 0)) { + if (!BN_nnmod(B, B, A, ctx)) + goto err; + } sign = -1; /* From B = a mod |n|, A = |n| it follows that * @@ -244,16 +304,14 @@ BIGNUM *BN_mod_inverse(BIGNUM *in, * sign*Y*a == A (mod |n|). */ - if (BN_is_odd(n) && (BN_num_bits(n) <= (BN_BITS <= 32 ? 450 : 2048))) - { + if (BN_is_odd(n) && (BN_num_bits(n) <= (BN_BITS <= 32 ? 450 : 2048))) { /* Binary inversion algorithm; requires odd modulus. * This is faster than the general algorithm if the modulus * is sufficiently small (about 400 .. 500 bits on 32-bit * sytems, but much more on 64-bit systems) */ int shift; - - while (!BN_is_zero(B)) - { + + while (!BN_is_zero(B)) { /* * 0 < B < |n|, * 0 < A <= |n|, @@ -266,41 +324,43 @@ BIGNUM *BN_mod_inverse(BIGNUM *in, * When we're done, (1) still holds. */ shift = 0; while (!BN_is_bit_set(B, shift)) /* note that 0 < B */ - { + { shift++; - - if (BN_is_odd(X)) - { - if (!BN_uadd(X, X, n)) goto err; - } - /* now X is even, so we can easily divide it by two */ - if (!BN_rshift1(X, X)) goto err; - } - if (shift > 0) - { - if (!BN_rshift(B, B, shift)) goto err; + + if (BN_is_odd(X)) { + if (!BN_uadd(X, X, n)) + goto err; } + /* now X is even, so we can easily divide it by two */ + if (!BN_rshift1(X, X)) + goto err; + } + if (shift > 0) { + if (!BN_rshift(B, B, shift)) + goto err; + } /* Same for A and Y. Afterwards, (2) still holds. */ shift = 0; while (!BN_is_bit_set(A, shift)) /* note that 0 < A */ - { + { shift++; - - if (BN_is_odd(Y)) - { - if (!BN_uadd(Y, Y, n)) goto err; - } - /* now Y is even */ - if (!BN_rshift1(Y, Y)) goto err; - } - if (shift > 0) - { - if (!BN_rshift(A, A, shift)) goto err; + + if (BN_is_odd(Y)) { + if (!BN_uadd(Y, Y, n)) + goto err; } + /* now Y is even */ + if (!BN_rshift1(Y, Y)) + goto err; + } + if (shift > 0) { + if (!BN_rshift(A, A, shift)) + goto err; + } + - /* We still have (1) and (2). * Both A and B are odd. * The following computations ensure that @@ -312,91 +372,87 @@ BIGNUM *BN_mod_inverse(BIGNUM *in, * * and that either A or B is even in the next iteration. */ - if (BN_ucmp(B, A) >= 0) - { + if (BN_ucmp(B, A) >= 0) { /* -sign*(X + Y)*a == B - A (mod |n|) */ - if (!BN_uadd(X, X, Y)) goto err; + if (!BN_uadd(X, X, Y)) + goto err; /* NB: we could use BN_mod_add_quick(X, X, Y, n), but that * actually makes the algorithm slower */ - if (!BN_usub(B, B, A)) goto err; - } - else - { + if (!BN_usub(B, B, A)) + goto err; + } else { /* sign*(X + Y)*a == A - B (mod |n|) */ - if (!BN_uadd(Y, Y, X)) goto err; + if (!BN_uadd(Y, Y, X)) + goto err; /* as above, BN_mod_add_quick(Y, Y, X, n) would slow things down */ - if (!BN_usub(A, A, B)) goto err; - } + if (!BN_usub(A, A, B)) + goto err; } } - else - { + } else { /* general inversion algorithm */ - while (!BN_is_zero(B)) - { + while (!BN_is_zero(B)) { BIGNUM *tmp; - + /* * 0 < B < A, * (*) -sign*X*a == B (mod |n|), * sign*Y*a == A (mod |n|) */ - + /* (D, M) := (A/B, A%B) ... */ - if (BN_num_bits(A) == BN_num_bits(B)) - { - if (!BN_one(D)) goto err; - if (!BN_sub(M,A,B)) goto err; - } - else if (BN_num_bits(A) == BN_num_bits(B) + 1) - { + if (BN_num_bits(A) == BN_num_bits(B)) { + if (!BN_one(D)) + goto err; + if (!BN_sub(M, A, B)) + goto err; + } else if (BN_num_bits(A) == BN_num_bits(B) + 1) { /* A/B is 1, 2, or 3 */ - if (!BN_lshift1(T,B)) goto err; - if (BN_ucmp(A,T) < 0) - { + if (!BN_lshift1(T, B)) + goto err; + if (BN_ucmp(A, T) < 0) { /* A < 2*B, so D=1 */ - if (!BN_one(D)) goto err; - if (!BN_sub(M,A,B)) goto err; - } - else - { + if (!BN_one(D)) + goto err; + if (!BN_sub(M, A, B)) + goto err; + } else { /* A >= 2*B, so D=2 or D=3 */ - if (!BN_sub(M,A,T)) goto err; + if (!BN_sub(M, A, T)) + goto err; if (!BN_add(D,T,B)) goto err; /* use D (:= 3*B) as temp */ - if (BN_ucmp(A,D) < 0) - { + if (BN_ucmp(A, D) < 0) { /* A < 3*B, so D=2 */ - if (!BN_set_word(D,2)) goto err; + if (!BN_set_word(D, 2)) + goto err; /* M (= A - 2*B) already has the correct value */ - } - else - { + } else { /* only D=3 remains */ - if (!BN_set_word(D,3)) goto err; + if (!BN_set_word(D, 3)) + goto err; /* currently M = A - 2*B, but we need M = A - 3*B */ - if (!BN_sub(M,M,B)) goto err; - } + if (!BN_sub(M, M, B)) + goto err; } } - else - { - if (!BN_div(D,M,A,B,ctx)) goto err; - } - + } else { + if (!BN_div_nonct(D, M, A, B, ctx)) + goto err; + } + /* Now * A = D*B + M; * thus we have * (**) sign*Y*a == D*B + M (mod |n|). */ - - tmp=A; /* keep the BIGNUM object, the value does not matter */ - + tmp = A; /* keep the BIGNUM object, the value does not matter */ + /* (A, B) := (B, A mod B) ... */ - A=B; - B=M; + A = B; + B = M; /* ... so we have 0 <= B < A again */ - + /* Since the former M is now B and the former B is now A, * (**) translates into * sign*Y*a == D*A + B (mod |n|), @@ -415,41 +471,38 @@ BIGNUM *BN_mod_inverse(BIGNUM *in, * sign*Y*a == A (mod |n|). * Note that X and Y stay non-negative all the time. */ - + /* most of the time D is very small, so we can optimize tmp := D*X+Y */ - if (BN_is_one(D)) - { - if (!BN_add(tmp,X,Y)) goto err; - } - else - { - if (BN_is_word(D,2)) - { - if (!BN_lshift1(tmp,X)) goto err; - } - else if (BN_is_word(D,4)) - { - if (!BN_lshift(tmp,X,2)) goto err; - } - else if (D->top == 1) - { - if (!BN_copy(tmp,X)) goto err; - if (!BN_mul_word(tmp,D->d[0])) goto err; - } - else - { - if (!BN_mul(tmp,D,X,ctx)) goto err; - } - if (!BN_add(tmp,tmp,Y)) goto err; + if (BN_is_one(D)) { + if (!BN_add(tmp, X, Y)) + goto err; + } else { + if (BN_is_word(D, 2)) { + if (!BN_lshift1(tmp, X)) + goto err; + } else if (BN_is_word(D, 4)) { + if (!BN_lshift(tmp, X, 2)) + goto err; + } else if (D->top == 1) { + if (!BN_copy(tmp, X)) + goto err; + if (!BN_mul_word(tmp, D->d[0])) + goto err; + } else { + if (!BN_mul(tmp, D,X, ctx)) + goto err; } - - M=Y; /* keep the BIGNUM object, the value does not matter */ - Y=X; - X=tmp; - sign = -sign; + if (!BN_add(tmp, tmp, Y)) + goto err; } + + M = Y; /* keep the BIGNUM object, the value does not matter */ + Y = X; + X = tmp; + sign = -sign; } - + } + /* * The while loop (Euclid's algorithm) ends when * A == gcd(a,n); @@ -458,33 +511,352 @@ BIGNUM *BN_mod_inverse(BIGNUM *in, * where Y is non-negative. */ - if (sign < 0) - { - if (!BN_sub(Y,n,Y)) goto err; - } + if (sign < 0) { + if (!BN_sub(Y, n, Y)) + goto err; + } /* Now Y*a == A (mod |n|). */ - - if (BN_is_one(A)) - { + if (BN_is_one(A)) { /* Y*a == 1 (mod |n|) */ - if (!Y->neg && BN_ucmp(Y,n) < 0) - { - if (!BN_copy(R,Y)) goto err; - } - else - { - if (!BN_nnmod(R,Y,n,ctx)) goto err; - } + if (!Y->neg && BN_ucmp(Y, n) < 0) { + if (!BN_copy(R, Y)) + goto err; + } else { + if (!BN_nnmod(R, Y,n, ctx)) + goto err; } + } else { + BNerror(BN_R_NO_INVERSE); + goto err; + } + ret = R; + +err: + if ((ret == NULL) && (in == NULL)) + BN_free(R); + BN_CTX_end(ctx); + bn_check_top(ret); + return (ret); +} + +BIGNUM * +BN_mod_inverse(BIGNUM *in, const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx) +{ + int ct = ((BN_get_flags(a, BN_FLG_CONSTTIME) != 0) || + (BN_get_flags(n, BN_FLG_CONSTTIME) != 0)); + return BN_mod_inverse_internal(in, a, n, ctx, ct); +} + +BIGNUM * +BN_mod_inverse_nonct(BIGNUM *in, const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx) +{ + return BN_mod_inverse_internal(in, a, n, ctx, 0); +} + +BIGNUM * +BN_mod_inverse_ct(BIGNUM *in, const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx) +{ + return BN_mod_inverse_internal(in, a, n, ctx, 1); +} + +/* BN_mod_inverse_no_branch is a special version of BN_mod_inverse. + * It does not contain branches that may leak sensitive information. + */ +static BIGNUM * +BN_mod_inverse_no_branch(BIGNUM *in, const BIGNUM *a, const BIGNUM *n, + BN_CTX *ctx) +{ + BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL; + BIGNUM local_A, local_B; + BIGNUM *pA, *pB; + BIGNUM *ret = NULL; + int sign; + + bn_check_top(a); + bn_check_top(n); + + BN_CTX_start(ctx); + if ((A = BN_CTX_get(ctx)) == NULL) + goto err; + if ((B = BN_CTX_get(ctx)) == NULL) + goto err; + if ((X = BN_CTX_get(ctx)) == NULL) + goto err; + if ((D = BN_CTX_get(ctx)) == NULL) + goto err; + if ((M = BN_CTX_get(ctx)) == NULL) + goto err; + if ((Y = BN_CTX_get(ctx)) == NULL) + goto err; + if ((T = BN_CTX_get(ctx)) == NULL) + goto err; + + if (in == NULL) + R = BN_new(); else - { - BNerr(BN_F_BN_MOD_INVERSE,BN_R_NO_INVERSE); + R = in; + if (R == NULL) + goto err; + + BN_one(X); + BN_zero(Y); + if (BN_copy(B, a) == NULL) + goto err; + if (BN_copy(A, n) == NULL) goto err; + A->neg = 0; + + if (B->neg || (BN_ucmp(B, A) >= 0)) { + /* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, + * BN_div_no_branch will be called eventually. + */ + pB = &local_B; + BN_with_flags(pB, B, BN_FLG_CONSTTIME); + if (!BN_nnmod(B, pB, A, ctx)) + goto err; + } + sign = -1; + /* From B = a mod |n|, A = |n| it follows that + * + * 0 <= B < A, + * -sign*X*a == B (mod |n|), + * sign*Y*a == A (mod |n|). + */ + + while (!BN_is_zero(B)) { + BIGNUM *tmp; + + /* + * 0 < B < A, + * (*) -sign*X*a == B (mod |n|), + * sign*Y*a == A (mod |n|) + */ + + /* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, + * BN_div_no_branch will be called eventually. + */ + pA = &local_A; + BN_with_flags(pA, A, BN_FLG_CONSTTIME); + + /* (D, M) := (A/B, A%B) ... */ + if (!BN_div_ct(D, M, pA, B, ctx)) + goto err; + + /* Now + * A = D*B + M; + * thus we have + * (**) sign*Y*a == D*B + M (mod |n|). + */ + tmp = A; /* keep the BIGNUM object, the value does not matter */ + + /* (A, B) := (B, A mod B) ... */ + A = B; + B = M; + /* ... so we have 0 <= B < A again */ + + /* Since the former M is now B and the former B is now A, + * (**) translates into + * sign*Y*a == D*A + B (mod |n|), + * i.e. + * sign*Y*a - D*A == B (mod |n|). + * Similarly, (*) translates into + * -sign*X*a == A (mod |n|). + * + * Thus, + * sign*Y*a + D*sign*X*a == B (mod |n|), + * i.e. + * sign*(Y + D*X)*a == B (mod |n|). + * + * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at + * -sign*X*a == B (mod |n|), + * sign*Y*a == A (mod |n|). + * Note that X and Y stay non-negative all the time. + */ + + if (!BN_mul(tmp, D, X, ctx)) + goto err; + if (!BN_add(tmp, tmp, Y)) + goto err; + + M = Y; /* keep the BIGNUM object, the value does not matter */ + Y = X; + X = tmp; + sign = -sign; + } + + /* + * The while loop (Euclid's algorithm) ends when + * A == gcd(a,n); + * we have + * sign*Y*a == A (mod |n|), + * where Y is non-negative. + */ + + if (sign < 0) { + if (!BN_sub(Y, n, Y)) + goto err; + } + /* Now Y*a == A (mod |n|). */ + + if (BN_is_one(A)) { + /* Y*a == 1 (mod |n|) */ + if (!Y->neg && BN_ucmp(Y, n) < 0) { + if (!BN_copy(R, Y)) + goto err; + } else { + if (!BN_nnmod(R, Y, n, ctx)) + goto err; } - ret=R; + } else { + BNerror(BN_R_NO_INVERSE); + goto err; + } + ret = R; + err: - if ((ret == NULL) && (in == NULL)) BN_free(R); + if ((ret == NULL) && (in == NULL)) + BN_free(R); BN_CTX_end(ctx); - return(ret); + bn_check_top(ret); + return (ret); +} + +/* + * BN_gcd_no_branch is a special version of BN_mod_inverse_no_branch. + * that returns the GCD. + */ +static BIGNUM * +BN_gcd_no_branch(BIGNUM *in, const BIGNUM *a, const BIGNUM *n, + BN_CTX *ctx) +{ + BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL; + BIGNUM local_A, local_B; + BIGNUM *pA, *pB; + BIGNUM *ret = NULL; + int sign; + + if (in == NULL) + goto err; + R = in; + + bn_check_top(a); + bn_check_top(n); + + BN_CTX_start(ctx); + if ((A = BN_CTX_get(ctx)) == NULL) + goto err; + if ((B = BN_CTX_get(ctx)) == NULL) + goto err; + if ((X = BN_CTX_get(ctx)) == NULL) + goto err; + if ((D = BN_CTX_get(ctx)) == NULL) + goto err; + if ((M = BN_CTX_get(ctx)) == NULL) + goto err; + if ((Y = BN_CTX_get(ctx)) == NULL) + goto err; + if ((T = BN_CTX_get(ctx)) == NULL) + goto err; + + BN_one(X); + BN_zero(Y); + if (BN_copy(B, a) == NULL) + goto err; + if (BN_copy(A, n) == NULL) + goto err; + A->neg = 0; + + if (B->neg || (BN_ucmp(B, A) >= 0)) { + /* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, + * BN_div_no_branch will be called eventually. + */ + pB = &local_B; + BN_with_flags(pB, B, BN_FLG_CONSTTIME); + if (!BN_nnmod(B, pB, A, ctx)) + goto err; + } + sign = -1; + /* From B = a mod |n|, A = |n| it follows that + * + * 0 <= B < A, + * -sign*X*a == B (mod |n|), + * sign*Y*a == A (mod |n|). + */ + + while (!BN_is_zero(B)) { + BIGNUM *tmp; + + /* + * 0 < B < A, + * (*) -sign*X*a == B (mod |n|), + * sign*Y*a == A (mod |n|) + */ + + /* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, + * BN_div_no_branch will be called eventually. + */ + pA = &local_A; + BN_with_flags(pA, A, BN_FLG_CONSTTIME); + + /* (D, M) := (A/B, A%B) ... */ + if (!BN_div_ct(D, M, pA, B, ctx)) + goto err; + + /* Now + * A = D*B + M; + * thus we have + * (**) sign*Y*a == D*B + M (mod |n|). + */ + tmp = A; /* keep the BIGNUM object, the value does not matter */ + + /* (A, B) := (B, A mod B) ... */ + A = B; + B = M; + /* ... so we have 0 <= B < A again */ + + /* Since the former M is now B and the former B is now A, + * (**) translates into + * sign*Y*a == D*A + B (mod |n|), + * i.e. + * sign*Y*a - D*A == B (mod |n|). + * Similarly, (*) translates into + * -sign*X*a == A (mod |n|). + * + * Thus, + * sign*Y*a + D*sign*X*a == B (mod |n|), + * i.e. + * sign*(Y + D*X)*a == B (mod |n|). + * + * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at + * -sign*X*a == B (mod |n|), + * sign*Y*a == A (mod |n|). + * Note that X and Y stay non-negative all the time. + */ + + if (!BN_mul(tmp, D, X, ctx)) + goto err; + if (!BN_add(tmp, tmp, Y)) + goto err; + + M = Y; /* keep the BIGNUM object, the value does not matter */ + Y = X; + X = tmp; + sign = -sign; } + + /* + * The while loop (Euclid's algorithm) ends when + * A == gcd(a,n); + */ + + if (!BN_copy(R, A)) + goto err; + ret = R; +err: + if ((ret == NULL) && (in == NULL)) + BN_free(R); + BN_CTX_end(ctx); + bn_check_top(ret); + return (ret); +} diff --git a/src/lib/libcrypto/bn/bn_gf2m.c b/src/lib/libcrypto/bn/bn_gf2m.c new file mode 100644 index 00000000000..8562b3f87e2 --- /dev/null +++ b/src/lib/libcrypto/bn/bn_gf2m.c @@ -0,0 +1,1321 @@ +/* $OpenBSD: bn_gf2m.c,v 1.23 2017/01/29 17:49:22 beck Exp $ */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * The Elliptic Curve Public-Key Crypto Library (ECC Code) included + * herein is developed by SUN MICROSYSTEMS, INC., and is contributed + * to the OpenSSL project. + * + * The ECC Code is licensed pursuant to the OpenSSL open source + * license provided below. + * + * In addition, Sun covenants to all licensees who provide a reciprocal + * covenant with respect to their own patents if any, not to sue under + * current and future patent claims necessarily infringed by the making, + * using, practicing, selling, offering for sale and/or otherwise + * disposing of the ECC Code as delivered hereunder (or portions thereof), + * provided that such covenant shall not apply: + * 1) for code that a licensee deletes from the ECC Code; + * 2) separates from the ECC Code; or + * 3) for infringements caused by: + * i) the modification of the ECC Code or + * ii) the combination of the ECC Code with other software or + * devices where such combination causes the infringement. + * + * The software is originally written by Sheueling Chang Shantz and + * Douglas Stebila of Sun Microsystems Laboratories. + * + */ + +/* NOTE: This file is licensed pursuant to the OpenSSL license below + * and may be modified; but after modifications, the above covenant + * may no longer apply! In such cases, the corresponding paragraph + * ["In addition, Sun covenants ... causes the infringement."] and + * this note can be edited out; but please keep the Sun copyright + * notice and attribution. */ + +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include + +#include + +#include + +#include "bn_lcl.h" + +#ifndef OPENSSL_NO_EC2M + +/* Maximum number of iterations before BN_GF2m_mod_solve_quad_arr should fail. */ +#define MAX_ITERATIONS 50 + +static const BN_ULONG SQR_tb[16] = + { 0, 1, 4, 5, 16, 17, 20, 21, +64, 65, 68, 69, 80, 81, 84, 85 }; +/* Platform-specific macros to accelerate squaring. */ +#ifdef _LP64 +#define SQR1(w) \ + SQR_tb[(w) >> 60 & 0xF] << 56 | SQR_tb[(w) >> 56 & 0xF] << 48 | \ + SQR_tb[(w) >> 52 & 0xF] << 40 | SQR_tb[(w) >> 48 & 0xF] << 32 | \ + SQR_tb[(w) >> 44 & 0xF] << 24 | SQR_tb[(w) >> 40 & 0xF] << 16 | \ + SQR_tb[(w) >> 36 & 0xF] << 8 | SQR_tb[(w) >> 32 & 0xF] +#define SQR0(w) \ + SQR_tb[(w) >> 28 & 0xF] << 56 | SQR_tb[(w) >> 24 & 0xF] << 48 | \ + SQR_tb[(w) >> 20 & 0xF] << 40 | SQR_tb[(w) >> 16 & 0xF] << 32 | \ + SQR_tb[(w) >> 12 & 0xF] << 24 | SQR_tb[(w) >> 8 & 0xF] << 16 | \ + SQR_tb[(w) >> 4 & 0xF] << 8 | SQR_tb[(w) & 0xF] +#else +#define SQR1(w) \ + SQR_tb[(w) >> 28 & 0xF] << 24 | SQR_tb[(w) >> 24 & 0xF] << 16 | \ + SQR_tb[(w) >> 20 & 0xF] << 8 | SQR_tb[(w) >> 16 & 0xF] +#define SQR0(w) \ + SQR_tb[(w) >> 12 & 0xF] << 24 | SQR_tb[(w) >> 8 & 0xF] << 16 | \ + SQR_tb[(w) >> 4 & 0xF] << 8 | SQR_tb[(w) & 0xF] +#endif + +#if !defined(OPENSSL_BN_ASM_GF2m) +/* Product of two polynomials a, b each with degree < BN_BITS2 - 1, + * result is a polynomial r with degree < 2 * BN_BITS - 1 + * The caller MUST ensure that the variables have the right amount + * of space allocated. + */ +static void +bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, const BN_ULONG b) +{ +#ifndef _LP64 + BN_ULONG h, l, s; + BN_ULONG tab[8], top2b = a >> 30; + BN_ULONG a1, a2, a4; + + a1 = a & (0x3FFFFFFF); + a2 = a1 << 1; + a4 = a2 << 1; + + tab[0] = 0; + tab[1] = a1; + tab[2] = a2; + tab[3] = a1 ^ a2; + tab[4] = a4; + tab[5] = a1 ^ a4; + tab[6] = a2 ^ a4; + tab[7] = a1 ^ a2 ^ a4; + + s = tab[b & 0x7]; + l = s; + s = tab[b >> 3 & 0x7]; + l ^= s << 3; + h = s >> 29; + s = tab[b >> 6 & 0x7]; + l ^= s << 6; + h ^= s >> 26; + s = tab[b >> 9 & 0x7]; + l ^= s << 9; + h ^= s >> 23; + s = tab[b >> 12 & 0x7]; + l ^= s << 12; + h ^= s >> 20; + s = tab[b >> 15 & 0x7]; + l ^= s << 15; + h ^= s >> 17; + s = tab[b >> 18 & 0x7]; + l ^= s << 18; + h ^= s >> 14; + s = tab[b >> 21 & 0x7]; + l ^= s << 21; + h ^= s >> 11; + s = tab[b >> 24 & 0x7]; + l ^= s << 24; + h ^= s >> 8; + s = tab[b >> 27 & 0x7]; + l ^= s << 27; + h ^= s >> 5; + s = tab[b >> 30]; + l ^= s << 30; + h ^= s >> 2; + + /* compensate for the top two bits of a */ + if (top2b & 01) { + l ^= b << 30; + h ^= b >> 2; + } + if (top2b & 02) { + l ^= b << 31; + h ^= b >> 1; + } + + *r1 = h; + *r0 = l; +#else + BN_ULONG h, l, s; + BN_ULONG tab[16], top3b = a >> 61; + BN_ULONG a1, a2, a4, a8; + + a1 = a & (0x1FFFFFFFFFFFFFFFULL); + a2 = a1 << 1; + a4 = a2 << 1; + a8 = a4 << 1; + + tab[0] = 0; + tab[1] = a1; + tab[2] = a2; + tab[3] = a1 ^ a2; + tab[4] = a4; + tab[5] = a1 ^ a4; + tab[6] = a2 ^ a4; + tab[7] = a1 ^ a2 ^ a4; + tab[8] = a8; + tab[9] = a1 ^ a8; + tab[10] = a2 ^ a8; + tab[11] = a1 ^ a2 ^ a8; + tab[12] = a4 ^ a8; + tab[13] = a1 ^ a4 ^ a8; + tab[14] = a2 ^ a4 ^ a8; + tab[15] = a1 ^ a2 ^ a4 ^ a8; + + s = tab[b & 0xF]; + l = s; + s = tab[b >> 4 & 0xF]; + l ^= s << 4; + h = s >> 60; + s = tab[b >> 8 & 0xF]; + l ^= s << 8; + h ^= s >> 56; + s = tab[b >> 12 & 0xF]; + l ^= s << 12; + h ^= s >> 52; + s = tab[b >> 16 & 0xF]; + l ^= s << 16; + h ^= s >> 48; + s = tab[b >> 20 & 0xF]; + l ^= s << 20; + h ^= s >> 44; + s = tab[b >> 24 & 0xF]; + l ^= s << 24; + h ^= s >> 40; + s = tab[b >> 28 & 0xF]; + l ^= s << 28; + h ^= s >> 36; + s = tab[b >> 32 & 0xF]; + l ^= s << 32; + h ^= s >> 32; + s = tab[b >> 36 & 0xF]; + l ^= s << 36; + h ^= s >> 28; + s = tab[b >> 40 & 0xF]; + l ^= s << 40; + h ^= s >> 24; + s = tab[b >> 44 & 0xF]; + l ^= s << 44; + h ^= s >> 20; + s = tab[b >> 48 & 0xF]; + l ^= s << 48; + h ^= s >> 16; + s = tab[b >> 52 & 0xF]; + l ^= s << 52; + h ^= s >> 12; + s = tab[b >> 56 & 0xF]; + l ^= s << 56; + h ^= s >> 8; + s = tab[b >> 60]; + l ^= s << 60; + h ^= s >> 4; + + /* compensate for the top three bits of a */ + if (top3b & 01) { + l ^= b << 61; + h ^= b >> 3; + } + if (top3b & 02) { + l ^= b << 62; + h ^= b >> 2; + } + if (top3b & 04) { + l ^= b << 63; + h ^= b >> 1; + } + + *r1 = h; + *r0 = l; +#endif +} + +/* Product of two polynomials a, b each with degree < 2 * BN_BITS2 - 1, + * result is a polynomial r with degree < 4 * BN_BITS2 - 1 + * The caller MUST ensure that the variables have the right amount + * of space allocated. + */ +static void +bn_GF2m_mul_2x2(BN_ULONG *r, const BN_ULONG a1, const BN_ULONG a0, + const BN_ULONG b1, const BN_ULONG b0) +{ + BN_ULONG m1, m0; + + /* r[3] = h1, r[2] = h0; r[1] = l1; r[0] = l0 */ + bn_GF2m_mul_1x1(r + 3, r + 2, a1, b1); + bn_GF2m_mul_1x1(r + 1, r, a0, b0); + bn_GF2m_mul_1x1(&m1, &m0, a0 ^ a1, b0 ^ b1); + /* Correction on m1 ^= l1 ^ h1; m0 ^= l0 ^ h0; */ + r[2] ^= m1 ^ r[1] ^ r[3]; /* h0 ^= m1 ^ l1 ^ h1; */ + r[1] = r[3] ^ r[2] ^ r[0] ^ m1 ^ m0; /* l1 ^= l0 ^ h0 ^ m0; */ +} +#else +void bn_GF2m_mul_2x2(BN_ULONG *r, BN_ULONG a1, BN_ULONG a0, BN_ULONG b1, + BN_ULONG b0); +#endif + +/* Add polynomials a and b and store result in r; r could be a or b, a and b + * could be equal; r is the bitwise XOR of a and b. + */ +int +BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) +{ + int i; + const BIGNUM *at, *bt; + + bn_check_top(a); + bn_check_top(b); + + if (a->top < b->top) { + at = b; + bt = a; + } else { + at = a; + bt = b; + } + + if (bn_wexpand(r, at->top) == NULL) + return 0; + + for (i = 0; i < bt->top; i++) { + r->d[i] = at->d[i] ^ bt->d[i]; + } + for (; i < at->top; i++) { + r->d[i] = at->d[i]; + } + + r->top = at->top; + bn_correct_top(r); + + return 1; +} + + +/* Some functions allow for representation of the irreducible polynomials + * as an int[], say p. The irreducible f(t) is then of the form: + * t^p[0] + t^p[1] + ... + t^p[k] + * where m = p[0] > p[1] > ... > p[k] = 0. + */ + + +/* Performs modular reduction of a and store result in r. r could be a. */ +int +BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[]) +{ + int j, k; + int n, dN, d0, d1; + BN_ULONG zz, *z; + + bn_check_top(a); + + if (!p[0]) { + /* reduction mod 1 => return 0 */ + BN_zero(r); + return 1; + } + + /* Since the algorithm does reduction in the r value, if a != r, copy + * the contents of a into r so we can do reduction in r. + */ + if (a != r) { + if (!bn_wexpand(r, a->top)) + return 0; + for (j = 0; j < a->top; j++) { + r->d[j] = a->d[j]; + } + r->top = a->top; + } + z = r->d; + + /* start reduction */ + dN = p[0] / BN_BITS2; + for (j = r->top - 1; j > dN; ) { + zz = z[j]; + if (z[j] == 0) { + j--; + continue; + } + z[j] = 0; + + for (k = 1; p[k] != 0; k++) { + /* reducing component t^p[k] */ + n = p[0] - p[k]; + d0 = n % BN_BITS2; + d1 = BN_BITS2 - d0; + n /= BN_BITS2; + z[j - n] ^= (zz >> d0); + if (d0) + z[j - n - 1] ^= (zz << d1); + } + + /* reducing component t^0 */ + n = dN; + d0 = p[0] % BN_BITS2; + d1 = BN_BITS2 - d0; + z[j - n] ^= (zz >> d0); + if (d0) + z[j - n - 1] ^= (zz << d1); + } + + /* final round of reduction */ + while (j == dN) { + + d0 = p[0] % BN_BITS2; + zz = z[dN] >> d0; + if (zz == 0) + break; + d1 = BN_BITS2 - d0; + + /* clear up the top d1 bits */ + if (d0) + z[dN] = (z[dN] << d1) >> d1; + else + z[dN] = 0; + z[0] ^= zz; /* reduction t^0 component */ + + for (k = 1; p[k] != 0; k++) { + BN_ULONG tmp_ulong; + + /* reducing component t^p[k]*/ + n = p[k] / BN_BITS2; + d0 = p[k] % BN_BITS2; + d1 = BN_BITS2 - d0; + z[n] ^= (zz << d0); + if (d0 && (tmp_ulong = zz >> d1)) + z[n + 1] ^= tmp_ulong; + } + + + } + + bn_correct_top(r); + return 1; +} + +/* Performs modular reduction of a by p and store result in r. r could be a. + * + * This function calls down to the BN_GF2m_mod_arr implementation; this wrapper + * function is only provided for convenience; for best performance, use the + * BN_GF2m_mod_arr function. + */ +int +BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p) +{ + int ret = 0; + int arr[6]; + + bn_check_top(a); + bn_check_top(p); + ret = BN_GF2m_poly2arr(p, arr, sizeof(arr) / sizeof(arr[0])); + if (!ret || ret > (int)(sizeof(arr) / sizeof(arr[0]))) { + BNerror(BN_R_INVALID_LENGTH); + return 0; + } + ret = BN_GF2m_mod_arr(r, a, arr); + bn_check_top(r); + return ret; +} + + +/* Compute the product of two polynomials a and b, reduce modulo p, and store + * the result in r. r could be a or b; a could be b. + */ +int +BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const int p[], + BN_CTX *ctx) +{ + int zlen, i, j, k, ret = 0; + BIGNUM *s; + BN_ULONG x1, x0, y1, y0, zz[4]; + + bn_check_top(a); + bn_check_top(b); + + if (a == b) { + return BN_GF2m_mod_sqr_arr(r, a, p, ctx); + } + + BN_CTX_start(ctx); + if ((s = BN_CTX_get(ctx)) == NULL) + goto err; + + zlen = a->top + b->top + 4; + if (!bn_wexpand(s, zlen)) + goto err; + s->top = zlen; + + for (i = 0; i < zlen; i++) + s->d[i] = 0; + + for (j = 0; j < b->top; j += 2) { + y0 = b->d[j]; + y1 = ((j + 1) == b->top) ? 0 : b->d[j + 1]; + for (i = 0; i < a->top; i += 2) { + x0 = a->d[i]; + x1 = ((i + 1) == a->top) ? 0 : a->d[i + 1]; + bn_GF2m_mul_2x2(zz, x1, x0, y1, y0); + for (k = 0; k < 4; k++) + s->d[i + j + k] ^= zz[k]; + } + } + + bn_correct_top(s); + if (BN_GF2m_mod_arr(r, s, p)) + ret = 1; + bn_check_top(r); + +err: + BN_CTX_end(ctx); + return ret; +} + +/* Compute the product of two polynomials a and b, reduce modulo p, and store + * the result in r. r could be a or b; a could equal b. + * + * This function calls down to the BN_GF2m_mod_mul_arr implementation; this wrapper + * function is only provided for convenience; for best performance, use the + * BN_GF2m_mod_mul_arr function. + */ +int +BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p, + BN_CTX *ctx) +{ + int ret = 0; + const int max = BN_num_bits(p) + 1; + int *arr = NULL; + + bn_check_top(a); + bn_check_top(b); + bn_check_top(p); + if ((arr = reallocarray(NULL, max, sizeof(int))) == NULL) + goto err; + ret = BN_GF2m_poly2arr(p, arr, max); + if (!ret || ret > max) { + BNerror(BN_R_INVALID_LENGTH); + goto err; + } + ret = BN_GF2m_mod_mul_arr(r, a, b, arr, ctx); + bn_check_top(r); + +err: + free(arr); + return ret; +} + + +/* Square a, reduce the result mod p, and store it in a. r could be a. */ +int +BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[], BN_CTX *ctx) +{ + int i, ret = 0; + BIGNUM *s; + + bn_check_top(a); + BN_CTX_start(ctx); + if ((s = BN_CTX_get(ctx)) == NULL) + goto err; + if (!bn_wexpand(s, 2 * a->top)) + goto err; + + for (i = a->top - 1; i >= 0; i--) { + s->d[2 * i + 1] = SQR1(a->d[i]); + s->d[2 * i] = SQR0(a->d[i]); + } + + s->top = 2 * a->top; + bn_correct_top(s); + if (!BN_GF2m_mod_arr(r, s, p)) + goto err; + bn_check_top(r); + ret = 1; + +err: + BN_CTX_end(ctx); + return ret; +} + +/* Square a, reduce the result mod p, and store it in a. r could be a. + * + * This function calls down to the BN_GF2m_mod_sqr_arr implementation; this wrapper + * function is only provided for convenience; for best performance, use the + * BN_GF2m_mod_sqr_arr function. + */ +int +BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) +{ + int ret = 0; + const int max = BN_num_bits(p) + 1; + int *arr = NULL; + + bn_check_top(a); + bn_check_top(p); + if ((arr = reallocarray(NULL, max, sizeof(int))) == NULL) + goto err; + ret = BN_GF2m_poly2arr(p, arr, max); + if (!ret || ret > max) { + BNerror(BN_R_INVALID_LENGTH); + goto err; + } + ret = BN_GF2m_mod_sqr_arr(r, a, arr, ctx); + bn_check_top(r); + +err: + free(arr); + return ret; +} + + +/* Invert a, reduce modulo p, and store the result in r. r could be a. + * Uses Modified Almost Inverse Algorithm (Algorithm 10) from + * Hankerson, D., Hernandez, J.L., and Menezes, A. "Software Implementation + * of Elliptic Curve Cryptography Over Binary Fields". + */ +int +BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) +{ + BIGNUM *b, *c = NULL, *u = NULL, *v = NULL, *tmp; + int ret = 0; + + bn_check_top(a); + bn_check_top(p); + + BN_CTX_start(ctx); + + if ((b = BN_CTX_get(ctx)) == NULL) + goto err; + if ((c = BN_CTX_get(ctx)) == NULL) + goto err; + if ((u = BN_CTX_get(ctx)) == NULL) + goto err; + if ((v = BN_CTX_get(ctx)) == NULL) + goto err; + + if (!BN_GF2m_mod(u, a, p)) + goto err; + if (BN_is_zero(u)) + goto err; + + if (!BN_copy(v, p)) + goto err; +#if 0 + if (!BN_one(b)) + goto err; + + while (1) { + while (!BN_is_odd(u)) { + if (BN_is_zero(u)) + goto err; + if (!BN_rshift1(u, u)) + goto err; + if (BN_is_odd(b)) { + if (!BN_GF2m_add(b, b, p)) + goto err; + } + if (!BN_rshift1(b, b)) + goto err; + } + + if (BN_abs_is_word(u, 1)) + break; + + if (BN_num_bits(u) < BN_num_bits(v)) { + tmp = u; + u = v; + v = tmp; + tmp = b; + b = c; + c = tmp; + } + + if (!BN_GF2m_add(u, u, v)) + goto err; + if (!BN_GF2m_add(b, b, c)) + goto err; + } +#else + { + int i, ubits = BN_num_bits(u), + vbits = BN_num_bits(v), /* v is copy of p */ + top = p->top; + BN_ULONG *udp, *bdp, *vdp, *cdp; + + if (!bn_wexpand(u, top)) + goto err; + udp = u->d; + for (i = u->top; i < top; i++) + udp[i] = 0; + u->top = top; + if (!bn_wexpand(b, top)) + goto err; + bdp = b->d; + bdp[0] = 1; + for (i = 1; i < top; i++) + bdp[i] = 0; + b->top = top; + if (!bn_wexpand(c, top)) + goto err; + cdp = c->d; + for (i = 0; i < top; i++) + cdp[i] = 0; + c->top = top; + vdp = v->d; /* It pays off to "cache" *->d pointers, because + * it allows optimizer to be more aggressive. + * But we don't have to "cache" p->d, because *p + * is declared 'const'... */ + while (1) { + while (ubits && !(udp[0]&1)) { + BN_ULONG u0, u1, b0, b1, mask; + + u0 = udp[0]; + b0 = bdp[0]; + mask = (BN_ULONG)0 - (b0 & 1); + b0 ^= p->d[0] & mask; + for (i = 0; i < top - 1; i++) { + u1 = udp[i + 1]; + udp[i] = ((u0 >> 1) | + (u1 << (BN_BITS2 - 1))) & BN_MASK2; + u0 = u1; + b1 = bdp[i + 1] ^ (p->d[i + 1] & mask); + bdp[i] = ((b0 >> 1) | + (b1 << (BN_BITS2 - 1))) & BN_MASK2; + b0 = b1; + } + udp[i] = u0 >> 1; + bdp[i] = b0 >> 1; + ubits--; + } + + if (ubits <= BN_BITS2) { + /* See if poly was reducible. */ + if (udp[0] == 0) + goto err; + if (udp[0] == 1) + break; + } + + if (ubits < vbits) { + i = ubits; + ubits = vbits; + vbits = i; + tmp = u; + u = v; + v = tmp; + tmp = b; + b = c; + c = tmp; + udp = vdp; + vdp = v->d; + bdp = cdp; + cdp = c->d; + } + for (i = 0; i < top; i++) { + udp[i] ^= vdp[i]; + bdp[i] ^= cdp[i]; + } + if (ubits == vbits) { + BN_ULONG ul; + int utop = (ubits - 1) / BN_BITS2; + + while ((ul = udp[utop]) == 0 && utop) + utop--; + ubits = utop*BN_BITS2 + BN_num_bits_word(ul); + } + } + bn_correct_top(b); + } +#endif + + if (!BN_copy(r, b)) + goto err; + bn_check_top(r); + ret = 1; + +err: +#ifdef BN_DEBUG /* BN_CTX_end would complain about the expanded form */ + bn_correct_top(c); + bn_correct_top(u); + bn_correct_top(v); +#endif + BN_CTX_end(ctx); + return ret; +} + +/* Invert xx, reduce modulo p, and store the result in r. r could be xx. + * + * This function calls down to the BN_GF2m_mod_inv implementation; this wrapper + * function is only provided for convenience; for best performance, use the + * BN_GF2m_mod_inv function. + */ +int +BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *xx, const int p[], BN_CTX *ctx) +{ + BIGNUM *field; + int ret = 0; + + bn_check_top(xx); + BN_CTX_start(ctx); + if ((field = BN_CTX_get(ctx)) == NULL) + goto err; + if (!BN_GF2m_arr2poly(p, field)) + goto err; + + ret = BN_GF2m_mod_inv(r, xx, field, ctx); + bn_check_top(r); + +err: + BN_CTX_end(ctx); + return ret; +} + + +#ifndef OPENSSL_SUN_GF2M_DIV +/* Divide y by x, reduce modulo p, and store the result in r. r could be x + * or y, x could equal y. + */ +int +BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p, + BN_CTX *ctx) +{ + BIGNUM *xinv = NULL; + int ret = 0; + + bn_check_top(y); + bn_check_top(x); + bn_check_top(p); + + BN_CTX_start(ctx); + if ((xinv = BN_CTX_get(ctx)) == NULL) + goto err; + + if (!BN_GF2m_mod_inv(xinv, x, p, ctx)) + goto err; + if (!BN_GF2m_mod_mul(r, y, xinv, p, ctx)) + goto err; + bn_check_top(r); + ret = 1; + +err: + BN_CTX_end(ctx); + return ret; +} +#else +/* Divide y by x, reduce modulo p, and store the result in r. r could be x + * or y, x could equal y. + * Uses algorithm Modular_Division_GF(2^m) from + * Chang-Shantz, S. "From Euclid's GCD to Montgomery Multiplication to + * the Great Divide". + */ +int +BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p, + BN_CTX *ctx) +{ + BIGNUM *a, *b, *u, *v; + int ret = 0; + + bn_check_top(y); + bn_check_top(x); + bn_check_top(p); + + BN_CTX_start(ctx); + + if ((a = BN_CTX_get(ctx)) == NULL) + goto err; + if ((b = BN_CTX_get(ctx)) == NULL) + goto err; + if ((u = BN_CTX_get(ctx)) == NULL) + goto err; + if ((v = BN_CTX_get(ctx)) == NULL) + goto err; + + /* reduce x and y mod p */ + if (!BN_GF2m_mod(u, y, p)) + goto err; + if (!BN_GF2m_mod(a, x, p)) + goto err; + if (!BN_copy(b, p)) + goto err; + + while (!BN_is_odd(a)) { + if (!BN_rshift1(a, a)) + goto err; + if (BN_is_odd(u)) + if (!BN_GF2m_add(u, u, p)) + goto err; + if (!BN_rshift1(u, u)) + goto err; + } + + do { + if (BN_GF2m_cmp(b, a) > 0) { + if (!BN_GF2m_add(b, b, a)) + goto err; + if (!BN_GF2m_add(v, v, u)) + goto err; + do { + if (!BN_rshift1(b, b)) + goto err; + if (BN_is_odd(v)) + if (!BN_GF2m_add(v, v, p)) + goto err; + if (!BN_rshift1(v, v)) + goto err; + } while (!BN_is_odd(b)); + } else if (BN_abs_is_word(a, 1)) + break; + else { + if (!BN_GF2m_add(a, a, b)) + goto err; + if (!BN_GF2m_add(u, u, v)) + goto err; + do { + if (!BN_rshift1(a, a)) + goto err; + if (BN_is_odd(u)) + if (!BN_GF2m_add(u, u, p)) + goto err; + if (!BN_rshift1(u, u)) + goto err; + } while (!BN_is_odd(a)); + } + } while (1); + + if (!BN_copy(r, u)) + goto err; + bn_check_top(r); + ret = 1; + +err: + BN_CTX_end(ctx); + return ret; +} +#endif + +/* Divide yy by xx, reduce modulo p, and store the result in r. r could be xx + * or yy, xx could equal yy. + * + * This function calls down to the BN_GF2m_mod_div implementation; this wrapper + * function is only provided for convenience; for best performance, use the + * BN_GF2m_mod_div function. + */ +int +BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *yy, const BIGNUM *xx, + const int p[], BN_CTX *ctx) +{ + BIGNUM *field; + int ret = 0; + + bn_check_top(yy); + bn_check_top(xx); + + BN_CTX_start(ctx); + if ((field = BN_CTX_get(ctx)) == NULL) + goto err; + if (!BN_GF2m_arr2poly(p, field)) + goto err; + + ret = BN_GF2m_mod_div(r, yy, xx, field, ctx); + bn_check_top(r); + +err: + BN_CTX_end(ctx); + return ret; +} + + +/* Compute the bth power of a, reduce modulo p, and store + * the result in r. r could be a. + * Uses simple square-and-multiply algorithm A.5.1 from IEEE P1363. + */ +int +BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const int p[], + BN_CTX *ctx) +{ + int ret = 0, i, n; + BIGNUM *u; + + bn_check_top(a); + bn_check_top(b); + + if (BN_is_zero(b)) + return (BN_one(r)); + + if (BN_abs_is_word(b, 1)) + return (BN_copy(r, a) != NULL); + + BN_CTX_start(ctx); + if ((u = BN_CTX_get(ctx)) == NULL) + goto err; + + if (!BN_GF2m_mod_arr(u, a, p)) + goto err; + + n = BN_num_bits(b) - 1; + for (i = n - 1; i >= 0; i--) { + if (!BN_GF2m_mod_sqr_arr(u, u, p, ctx)) + goto err; + if (BN_is_bit_set(b, i)) { + if (!BN_GF2m_mod_mul_arr(u, u, a, p, ctx)) + goto err; + } + } + if (!BN_copy(r, u)) + goto err; + bn_check_top(r); + ret = 1; + +err: + BN_CTX_end(ctx); + return ret; +} + +/* Compute the bth power of a, reduce modulo p, and store + * the result in r. r could be a. + * + * This function calls down to the BN_GF2m_mod_exp_arr implementation; this wrapper + * function is only provided for convenience; for best performance, use the + * BN_GF2m_mod_exp_arr function. + */ +int +BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p, + BN_CTX *ctx) +{ + int ret = 0; + const int max = BN_num_bits(p) + 1; + int *arr = NULL; + + bn_check_top(a); + bn_check_top(b); + bn_check_top(p); + if ((arr = reallocarray(NULL, max, sizeof(int))) == NULL) + goto err; + ret = BN_GF2m_poly2arr(p, arr, max); + if (!ret || ret > max) { + BNerror(BN_R_INVALID_LENGTH); + goto err; + } + ret = BN_GF2m_mod_exp_arr(r, a, b, arr, ctx); + bn_check_top(r); + +err: + free(arr); + return ret; +} + +/* Compute the square root of a, reduce modulo p, and store + * the result in r. r could be a. + * Uses exponentiation as in algorithm A.4.1 from IEEE P1363. + */ +int +BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, const int p[], BN_CTX *ctx) +{ + int ret = 0; + BIGNUM *u; + + bn_check_top(a); + + if (!p[0]) { + /* reduction mod 1 => return 0 */ + BN_zero(r); + return 1; + } + + BN_CTX_start(ctx); + if ((u = BN_CTX_get(ctx)) == NULL) + goto err; + + if (!BN_set_bit(u, p[0] - 1)) + goto err; + ret = BN_GF2m_mod_exp_arr(r, a, u, p, ctx); + bn_check_top(r); + +err: + BN_CTX_end(ctx); + return ret; +} + +/* Compute the square root of a, reduce modulo p, and store + * the result in r. r could be a. + * + * This function calls down to the BN_GF2m_mod_sqrt_arr implementation; this wrapper + * function is only provided for convenience; for best performance, use the + * BN_GF2m_mod_sqrt_arr function. + */ +int +BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) +{ + int ret = 0; + const int max = BN_num_bits(p) + 1; + int *arr = NULL; + bn_check_top(a); + bn_check_top(p); + if ((arr = reallocarray(NULL, max, sizeof(int))) == NULL) + goto err; + ret = BN_GF2m_poly2arr(p, arr, max); + if (!ret || ret > max) { + BNerror(BN_R_INVALID_LENGTH); + goto err; + } + ret = BN_GF2m_mod_sqrt_arr(r, a, arr, ctx); + bn_check_top(r); + +err: + free(arr); + return ret; +} + +/* Find r such that r^2 + r = a mod p. r could be a. If no r exists returns 0. + * Uses algorithms A.4.7 and A.4.6 from IEEE P1363. + */ +int +BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const int p[], + BN_CTX *ctx) +{ + int ret = 0, count = 0, j; + BIGNUM *a, *z, *rho, *w, *w2, *tmp; + + bn_check_top(a_); + + if (!p[0]) { + /* reduction mod 1 => return 0 */ + BN_zero(r); + return 1; + } + + BN_CTX_start(ctx); + if ((a = BN_CTX_get(ctx)) == NULL) + goto err; + if ((z = BN_CTX_get(ctx)) == NULL) + goto err; + if ((w = BN_CTX_get(ctx)) == NULL) + goto err; + + if (!BN_GF2m_mod_arr(a, a_, p)) + goto err; + + if (BN_is_zero(a)) { + BN_zero(r); + ret = 1; + goto err; + } + + if (p[0] & 0x1) /* m is odd */ + { + /* compute half-trace of a */ + if (!BN_copy(z, a)) + goto err; + for (j = 1; j <= (p[0] - 1) / 2; j++) { + if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx)) + goto err; + if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx)) + goto err; + if (!BN_GF2m_add(z, z, a)) + goto err; + } + + } + else /* m is even */ + { + if ((rho = BN_CTX_get(ctx)) == NULL) + goto err; + if ((w2 = BN_CTX_get(ctx)) == NULL) + goto err; + if ((tmp = BN_CTX_get(ctx)) == NULL) + goto err; + do { + if (!BN_rand(rho, p[0], 0, 0)) + goto err; + if (!BN_GF2m_mod_arr(rho, rho, p)) + goto err; + BN_zero(z); + if (!BN_copy(w, rho)) + goto err; + for (j = 1; j <= p[0] - 1; j++) { + if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx)) + goto err; + if (!BN_GF2m_mod_sqr_arr(w2, w, p, ctx)) + goto err; + if (!BN_GF2m_mod_mul_arr(tmp, w2, a, p, ctx)) + goto err; + if (!BN_GF2m_add(z, z, tmp)) + goto err; + if (!BN_GF2m_add(w, w2, rho)) + goto err; + } + count++; + } while (BN_is_zero(w) && (count < MAX_ITERATIONS)); + if (BN_is_zero(w)) { + BNerror(BN_R_TOO_MANY_ITERATIONS); + goto err; + } + } + + if (!BN_GF2m_mod_sqr_arr(w, z, p, ctx)) + goto err; + if (!BN_GF2m_add(w, z, w)) + goto err; + if (BN_GF2m_cmp(w, a)) { + BNerror(BN_R_NO_SOLUTION); + goto err; + } + + if (!BN_copy(r, z)) + goto err; + bn_check_top(r); + + ret = 1; + +err: + BN_CTX_end(ctx); + return ret; +} + +/* Find r such that r^2 + r = a mod p. r could be a. If no r exists returns 0. + * + * This function calls down to the BN_GF2m_mod_solve_quad_arr implementation; this wrapper + * function is only provided for convenience; for best performance, use the + * BN_GF2m_mod_solve_quad_arr function. + */ +int +BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) +{ + int ret = 0; + const int max = BN_num_bits(p) + 1; + int *arr = NULL; + + bn_check_top(a); + bn_check_top(p); + if ((arr = reallocarray(NULL, max, sizeof(int))) == NULL) + goto err; + ret = BN_GF2m_poly2arr(p, arr, max); + if (!ret || ret > max) { + BNerror(BN_R_INVALID_LENGTH); + goto err; + } + ret = BN_GF2m_mod_solve_quad_arr(r, a, arr, ctx); + bn_check_top(r); + +err: + free(arr); + return ret; +} + +/* Convert the bit-string representation of a polynomial + * ( \sum_{i=0}^n a_i * x^i) into an array of integers corresponding + * to the bits with non-zero coefficient. Array is terminated with -1. + * Up to max elements of the array will be filled. Return value is total + * number of array elements that would be filled if array was large enough. + */ +int +BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max) +{ + int i, j, k = 0; + BN_ULONG mask; + + if (BN_is_zero(a)) + return 0; + + for (i = a->top - 1; i >= 0; i--) { + if (!a->d[i]) + /* skip word if a->d[i] == 0 */ + continue; + mask = BN_TBIT; + for (j = BN_BITS2 - 1; j >= 0; j--) { + if (a->d[i] & mask) { + if (k < max) + p[k] = BN_BITS2 * i + j; + k++; + } + mask >>= 1; + } + } + + if (k < max) { + p[k] = -1; + k++; + } + + return k; +} + +/* Convert the coefficient array representation of a polynomial to a + * bit-string. The array must be terminated by -1. + */ +int +BN_GF2m_arr2poly(const int p[], BIGNUM *a) +{ + int i; + + bn_check_top(a); + BN_zero(a); + for (i = 0; p[i] != -1; i++) { + if (BN_set_bit(a, p[i]) == 0) + return 0; + } + bn_check_top(a); + + return 1; +} + +#endif diff --git a/src/lib/libcrypto/bn/bn_kron.c b/src/lib/libcrypto/bn/bn_kron.c index 49f75594aed..274da5d1868 100644 --- a/src/lib/libcrypto/bn/bn_kron.c +++ b/src/lib/libcrypto/bn/bn_kron.c @@ -1,4 +1,4 @@ -/* crypto/bn/bn_kron.c */ +/* $OpenBSD: bn_kron.c,v 1.6 2015/02/09 15:49:22 jsing Exp $ */ /* ==================================================================== * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. * @@ -7,7 +7,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -55,17 +55,18 @@ #include "bn_lcl.h" - /* least significant word */ #define BN_lsw(n) (((n)->top == 0) ? (BN_ULONG) 0 : (n)->d[0]) /* Returns -2 for errors because both -1 and 0 are valid results. */ -int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) - { +int +BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) +{ int i; int ret = -2; /* avoid 'uninitialized' warning */ int err = 0; BIGNUM *A, *B, *tmp; + /* In 'tab', only odd-indexed entries are relevant: * For any odd BIGNUM n, * tab[BN_lsw(n) & 7] @@ -74,15 +75,21 @@ int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) */ static const int tab[8] = {0, 1, 0, -1, 0, -1, 0, 1}; + bn_check_top(a); + bn_check_top(b); + BN_CTX_start(ctx); - A = BN_CTX_get(ctx); - B = BN_CTX_get(ctx); - if (B == NULL) goto end; - + if ((A = BN_CTX_get(ctx)) == NULL) + goto end; + if ((B = BN_CTX_get(ctx)) == NULL) + goto end; + err = !BN_copy(A, a); - if (err) goto end; + if (err) + goto end; err = !BN_copy(B, b); - if (err) goto end; + if (err) + goto end; /* * Kronecker symbol, imlemented according to Henri Cohen, @@ -92,91 +99,87 @@ int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) /* Cohen's step 1: */ - if (BN_is_zero(B)) - { + if (BN_is_zero(B)) { ret = BN_abs_is_word(A, 1); goto end; - } - + } + /* Cohen's step 2: */ - if (!BN_is_odd(A) && !BN_is_odd(B)) - { + if (!BN_is_odd(A) && !BN_is_odd(B)) { ret = 0; goto end; - } + } /* now B is non-zero */ i = 0; while (!BN_is_bit_set(B, i)) i++; err = !BN_rshift(B, B, i); - if (err) goto end; - if (i & 1) - { + if (err) + goto end; + if (i & 1) { /* i is odd */ /* (thus B was even, thus A must be odd!) */ /* set 'ret' to $(-1)^{(A^2-1)/8}$ */ ret = tab[BN_lsw(A) & 7]; - } - else - { + } else { /* i is even */ ret = 1; - } - - if (B->neg) - { + } + + if (B->neg) { B->neg = 0; if (A->neg) ret = -ret; - } + } /* now B is positive and odd, so what remains to be done is * to compute the Jacobi symbol (A/B) and multiply it by 'ret' */ - while (1) - { + while (1) { /* Cohen's step 3: */ /* B is positive and odd */ - if (BN_is_zero(A)) - { + if (BN_is_zero(A)) { ret = BN_is_one(B) ? ret : 0; goto end; - } + } /* now A is non-zero */ i = 0; while (!BN_is_bit_set(A, i)) i++; err = !BN_rshift(A, A, i); - if (err) goto end; - if (i & 1) - { + if (err) + goto end; + if (i & 1) { /* i is odd */ /* multiply 'ret' by $(-1)^{(B^2-1)/8}$ */ ret = ret * tab[BN_lsw(B) & 7]; - } - + } + /* Cohen's step 4: */ /* multiply 'ret' by $(-1)^{(A-1)(B-1)/4}$ */ if ((A->neg ? ~BN_lsw(A) : BN_lsw(A)) & BN_lsw(B) & 2) ret = -ret; - + /* (A, B) := (B mod |A|, |A|) */ err = !BN_nnmod(B, B, A, ctx); - if (err) goto end; - tmp = A; A = B; B = tmp; + if (err) + goto end; + tmp = A; + A = B; + B = tmp; tmp->neg = 0; - } - - end: + } + +end: BN_CTX_end(ctx); if (err) return -2; else return ret; - } +} diff --git a/src/lib/libcrypto/bn/bn_lcl.h b/src/lib/libcrypto/bn/bn_lcl.h index 8a4dba375ab..d0f36822dc8 100644 --- a/src/lib/libcrypto/bn/bn_lcl.h +++ b/src/lib/libcrypto/bn/bn_lcl.h @@ -1,25 +1,25 @@ -/* crypto/bn/bn_lcl.h */ +/* $OpenBSD: bn_lcl.h,v 1.30 2018/11/05 23:52:47 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -63,7 +63,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -112,26 +112,11 @@ #ifndef HEADER_BN_LCL_H #define HEADER_BN_LCL_H -#include - -#ifdef __cplusplus -extern "C" { -#endif +#include +#include -/* Used for temp variables */ -#define BN_CTX_NUM 32 -#define BN_CTX_NUM_POS 12 -struct bignum_ctx - { - int tos; - BIGNUM bn[BN_CTX_NUM]; - int flags; - int depth; - int pos[BN_CTX_NUM_POS]; - int too_many; - } /* BN_CTX */; - +__BEGIN_HIDDEN_DECLS /* * BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions @@ -158,23 +143,50 @@ struct bignum_ctx * (with draws in between). Very small exponents are often selected * with low Hamming weight, so we use w = 1 for b <= 23. */ -#if 1 #define BN_window_bits_for_exponent_size(b) \ ((b) > 671 ? 6 : \ (b) > 239 ? 5 : \ (b) > 79 ? 4 : \ (b) > 23 ? 3 : 1) -#else -/* Old SSLeay/OpenSSL table. - * Maximum window size was 5, so this table differs for b==1024; - * but it coincides for other interesting values (b==160, b==512). + + +/* BN_mod_exp_mont_consttime is based on the assumption that the + * L1 data cache line width of the target processor is at least + * the following value. */ -#define BN_window_bits_for_exponent_size(b) \ - ((b) > 255 ? 5 : \ - (b) > 127 ? 4 : \ - (b) > 17 ? 3 : 1) -#endif +#define MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH ( 64 ) +#define MOD_EXP_CTIME_MIN_CACHE_LINE_MASK (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - 1) + +/* Window sizes optimized for fixed window size modular exponentiation + * algorithm (BN_mod_exp_mont_consttime). + * + * To achieve the security goals of BN_mode_exp_mont_consttime, the + * maximum size of the window must not exceed + * log_2(MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH). + * + * Window size thresholds are defined for cache line sizes of 32 and 64, + * cache line sizes where log_2(32)=5 and log_2(64)=6 respectively. A + * window size of 7 should only be used on processors that have a 128 + * byte or greater cache line size. + */ +#if MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH == 64 +# define BN_window_bits_for_ctime_exponent_size(b) \ + ((b) > 937 ? 6 : \ + (b) > 306 ? 5 : \ + (b) > 89 ? 4 : \ + (b) > 22 ? 3 : 1) +# define BN_MAX_WINDOW_BITS_FOR_CTIME_EXPONENT_SIZE (6) + +#elif MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH == 32 + +# define BN_window_bits_for_ctime_exponent_size(b) \ + ((b) > 306 ? 5 : \ + (b) > 89 ? 4 : \ + (b) > 22 ? 3 : 1) +# define BN_MAX_WINDOW_BITS_FOR_CTIME_EXPONENT_SIZE (5) + +#endif /* Pentium pro 16,16,16,32,64 */ @@ -185,7 +197,7 @@ struct bignum_ctx #define BN_MUL_LOW_RECURSIVE_SIZE_NORMAL (32) /* 32 */ #define BN_MONT_CTX_SET_SIZE_WORD (64) /* 32 */ -#if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC) +#if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) /* * BN_UMULT_HIGH section. * @@ -209,27 +221,59 @@ struct bignum_ctx * * */ -# if defined(__alpha) && (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT)) -# if defined(__DECC) -# include -# define BN_UMULT_HIGH(a,b) (BN_ULONG)asm("umulh %a0,%a1,%v0",(a),(b)) -# elif defined(__GNUC__) +# if defined(__alpha) +# if defined(__GNUC__) && __GNUC__>=2 # define BN_UMULT_HIGH(a,b) ({ \ - register BN_ULONG ret; \ + BN_ULONG ret; \ asm ("umulh %1,%2,%0" \ : "=r"(ret) \ : "r"(a), "r"(b)); \ ret; }) # endif /* compiler */ -# elif defined(_ARCH_PPC) && defined(__64BIT__) && defined(SIXTY_FOUR_BIT_LONG) -# if defined(__GNUC__) +# elif defined(_ARCH_PPC) && defined(_LP64) +# if defined(__GNUC__) && __GNUC__>=2 # define BN_UMULT_HIGH(a,b) ({ \ - register BN_ULONG ret; \ + BN_ULONG ret; \ asm ("mulhdu %0,%1,%2" \ : "=r"(ret) \ : "r"(a), "r"(b)); \ ret; }) # endif /* compiler */ +# elif defined(__x86_64) || defined(__x86_64__) +# if defined(__GNUC__) && __GNUC__>=2 +# define BN_UMULT_HIGH(a,b) ({ \ + BN_ULONG ret,discard; \ + asm ("mulq %3" \ + : "=a"(discard),"=d"(ret) \ + : "a"(a), "g"(b) \ + : "cc"); \ + ret; }) +# define BN_UMULT_LOHI(low,high,a,b) \ + asm ("mulq %3" \ + : "=a"(low),"=d"(high) \ + : "a"(a),"g"(b) \ + : "cc"); +# endif +# elif defined(__mips) && defined(_LP64) +# if defined(__GNUC__) && __GNUC__>=2 +# if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 4) /* "h" constraint is no more since 4.4 */ +# define BN_UMULT_HIGH(a,b) (((__uint128_t)(a)*(b))>>64) +# define BN_UMULT_LOHI(low,high,a,b) ({ \ + __uint128_t ret=(__uint128_t)(a)*(b); \ + (high)=ret>>64; (low)=ret; }) +# else +# define BN_UMULT_HIGH(a,b) ({ \ + BN_ULONG ret; \ + asm ("dmultu %1,%2" \ + : "=h"(ret) \ + : "r"(a), "r"(b) : "l"); \ + ret; }) +# define BN_UMULT_LOHI(low,high,a,b)\ + asm ("dmultu %2,%3" \ + : "=l"(low),"=h"(high) \ + : "r"(a), "r"(b)); +# endif +# endif # endif /* cpu */ #endif /* OPENSSL_NO_ASM */ @@ -239,44 +283,17 @@ struct bignum_ctx #define Lw(t) (((BN_ULONG)(t))&BN_MASK2) #define Hw(t) (((BN_ULONG)((t)>>BN_BITS2))&BN_MASK2) -/* This is used for internal error checking and is not normally used */ -#ifdef BN_DEBUG -# include -# define bn_check_top(a) assert ((a)->top >= 0 && (a)->top <= (a)->dmax); -#else -# define bn_check_top(a) -#endif - -/* This macro is to add extra stuff for development checking */ -#ifdef BN_DEBUG -#define bn_set_max(r) ((r)->max=(r)->top,BN_set_flags((r),BN_FLG_STATIC_DATA)) -#else -#define bn_set_max(r) -#endif - -/* These macros are used to 'take' a section of a bignum for read only use */ -#define bn_set_low(r,a,n) \ - { \ - (r)->top=((a)->top > (n))?(n):(a)->top; \ - (r)->d=(a)->d; \ - (r)->neg=(a)->neg; \ - (r)->flags|=BN_FLG_STATIC_DATA; \ - bn_set_max(r); \ - } - -#define bn_set_high(r,a,n) \ +#ifdef BN_DEBUG_RAND +#define bn_clear_top2max(a) \ { \ - if ((a)->top > (n)) \ - { \ - (r)->top=(a)->top-n; \ - (r)->d= &((a)->d[n]); \ - } \ - else \ - (r)->top=0; \ - (r)->neg=(a)->neg; \ - (r)->flags|=BN_FLG_STATIC_DATA; \ - bn_set_max(r); \ + int ind = (a)->dmax - (a)->top; \ + BN_ULONG *ftl = &(a)->d[(a)->top-1]; \ + for (; ind != 0; ind--) \ + *(++ftl) = 0x0; \ } +#else +#define bn_clear_top2max(a) +#endif #ifdef BN_LLONG #define mul_add(r,a,w,c) { \ @@ -300,6 +317,33 @@ struct bignum_ctx (r1)=Hw(t); \ } +#elif defined(BN_UMULT_LOHI) +#define mul_add(r,a,w,c) { \ + BN_ULONG high,low,ret,tmp=(a); \ + ret = (r); \ + BN_UMULT_LOHI(low,high,w,tmp); \ + ret += (c); \ + (c) = (ret<(c))?1:0; \ + (c) += high; \ + ret += low; \ + (c) += (ret>BN_BITS4)&BN_MASK2l) -#define L2HBITS(a) ((BN_ULONG)((a)&BN_MASK2l)<>BN_BITS2)&BN_MASKl) -#define LL2HBITS(a) ((BN_ULLONG)((a)&BN_MASKl)<dmax)?(a):bn_expand2((a),(words))) +BIGNUM *bn_expand2(BIGNUM *a, int words); +BIGNUM *bn_expand(BIGNUM *a, int bits); + +BIGNUM *bn_dup_expand(const BIGNUM *a, int words); /* unused */ + +/* Bignum consistency macros + * There is one "API" macro, bn_fix_top(), for stripping leading zeroes from + * bignum data after direct manipulations on the data. There is also an + * "internal" macro, bn_check_top(), for verifying that there are no leading + * zeroes. Unfortunately, some auditing is required due to the fact that + * bn_fix_top() has become an overabused duct-tape because bignum data is + * occasionally passed around in an inconsistent state. So the following + * changes have been made to sort this out; + * - bn_fix_top()s implementation has been moved to bn_correct_top() + * - if BN_DEBUG isn't defined, bn_fix_top() maps to bn_correct_top(), and + * bn_check_top() is as before. + * - if BN_DEBUG *is* defined; + * - bn_check_top() tries to pollute unused words even if the bignum 'top' is + * consistent. (ed: only if BN_DEBUG_RAND is defined) + * - bn_fix_top() maps to bn_check_top() rather than "fixing" anything. + * The idea is to have debug builds flag up inconsistent bignums when they + * occur. If that occurs in a bn_fix_top(), we examine the code in question; if + * the use of bn_fix_top() was appropriate (ie. it follows directly after code + * that manipulates the bignum) it is converted to bn_correct_top(), and if it + * was not appropriate, we convert it permanently to bn_check_top() and track + * down the cause of the bug. Eventually, no internal code should be using the + * bn_fix_top() macro. External applications and libraries should try this with + * their own code too, both in terms of building against the openssl headers + * with BN_DEBUG defined *and* linking with a version of OpenSSL built with it + * defined. This not only improves external code, it provides more test + * coverage for openssl's own code. + */ + +#ifdef BN_DEBUG + +/* We only need assert() when debugging */ +#include + +#ifdef BN_DEBUG_RAND +#define bn_pollute(a) \ + do { \ + const BIGNUM *_bnum1 = (a); \ + if(_bnum1->top < _bnum1->dmax) { \ + unsigned char _tmp_char; \ + /* We cast away const without the compiler knowing, any \ + * *genuinely* constant variables that aren't mutable \ + * wouldn't be constructed with top!=dmax. */ \ + BN_ULONG *_not_const; \ + memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \ + arc4random_buf(&_tmp_char, 1); \ + memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \ + (_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \ + } \ + } while(0) +#else +#define bn_pollute(a) +#endif + +#define bn_check_top(a) \ + do { \ + const BIGNUM *_bnum2 = (a); \ + if (_bnum2 != NULL) { \ + assert((_bnum2->top == 0) || \ + (_bnum2->d[_bnum2->top - 1] != 0)); \ + bn_pollute(_bnum2); \ + } \ + } while(0) + +#define bn_fix_top(a) bn_check_top(a) + +#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2) +#define bn_wcheck_size(bn, words) \ + do { \ + const BIGNUM *_bnum2 = (bn); \ + assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \ + } while(0) + +#else /* !BN_DEBUG */ + +#define bn_pollute(a) +#define bn_check_top(a) +#define bn_fix_top(a) bn_correct_top(a) +#define bn_check_size(bn, bits) +#define bn_wcheck_size(bn, words) -#ifdef __cplusplus -} #endif +#define bn_correct_top(a) \ + { \ + BN_ULONG *ftl; \ + int tmp_top = (a)->top; \ + if (tmp_top > 0) \ + { \ + for (ftl= &((a)->d[tmp_top-1]); tmp_top > 0; tmp_top--) \ + if (*(ftl--)) break; \ + (a)->top = tmp_top; \ + } \ + bn_pollute(a); \ + } + +BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w); +BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w); +void bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num); +BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d); +BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, int num); +BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, int num); + +int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom); +int bn_rand_interval(BIGNUM *rnd, const BIGNUM *lower_inc, const BIGNUM *upper_exc); + +/* Explicitly const time / non-const time versions for internal use */ +int BN_mod_exp_ct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx); +int BN_mod_exp_nonct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx); +int BN_mod_exp_mont_ct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +int BN_mod_exp_mont_nonct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +int BN_div_nonct(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, + BN_CTX *ctx); +int BN_div_ct(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, + BN_CTX *ctx); +#define BN_mod_ct(rem,m,d,ctx) BN_div_ct(NULL,(rem),(m),(d),(ctx)) +#define BN_mod_nonct(rem,m,d,ctx) BN_div_nonct(NULL,(rem),(m),(d),(ctx)) +BIGNUM *BN_mod_inverse_ct(BIGNUM *ret, const BIGNUM *a, const BIGNUM *n, + BN_CTX *ctx); +BIGNUM *BN_mod_inverse_nonct(BIGNUM *ret, const BIGNUM *a, const BIGNUM *n, + BN_CTX *ctx); +int BN_gcd_ct(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); +int BN_gcd_nonct(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); + +int BN_swap_ct(BN_ULONG swap, BIGNUM *a, BIGNUM *b, size_t nwords); + +__END_HIDDEN_DECLS #endif diff --git a/src/lib/libcrypto/bn/bn_lib.c b/src/lib/libcrypto/bn/bn_lib.c index a016cb7f537..0025cf52ef1 100644 --- a/src/lib/libcrypto/bn/bn_lib.c +++ b/src/lib/libcrypto/bn/bn_lib.c @@ -1,25 +1,25 @@ -/* crypto/bn/bn_lib.c */ +/* $OpenBSD: bn_lib.c,v 1.46 2019/03/23 18:48:15 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -64,11 +64,16 @@ #include #include #include -#include "cryptlib.h" -#include "bn_lcl.h" +#include + +#include -const char *BN_version="Big Number" OPENSSL_VERSION_PTEXT; +#include +#include "bn_lcl.h" + +/* This stuff appears to be completely unused, so is deprecated */ +#ifndef OPENSSL_NO_DEPRECATED /* For a 32 bit machine * 2 - 4 == 128 * 3 - 8 == 256 @@ -78,309 +83,247 @@ const char *BN_version="Big Number" OPENSSL_VERSION_PTEXT; * 7 - 128 == 4096 * 8 - 256 == 8192 */ -static int bn_limit_bits=0; -static int bn_limit_num=8; /* (1<= 0) - { - if (mult > (sizeof(int)*8)-1) - mult=sizeof(int)*8-1; - bn_limit_bits=mult; - bn_limit_num=1<= 0) - { - if (high > (sizeof(int)*8)-1) - high=sizeof(int)*8-1; - bn_limit_bits_high=high; - bn_limit_num_high=1<= 0) - { - if (low > (sizeof(int)*8)-1) - low=sizeof(int)*8-1; - bn_limit_bits_low=low; - bn_limit_num_low=1<= 0) - { - if (mont > (sizeof(int)*8)-1) - mont=sizeof(int)*8-1; - bn_limit_bits_mont=mont; - bn_limit_num_mont=1<= 0) { + if (mult > (int)(sizeof(int) * 8) - 1) + mult = sizeof(int) * 8 - 1; + bn_limit_bits = mult; + bn_limit_num = 1 << mult; } - -int BN_get_params(int which) - { - if (which == 0) return(bn_limit_bits); - else if (which == 1) return(bn_limit_bits_high); - else if (which == 2) return(bn_limit_bits_low); - else if (which == 3) return(bn_limit_bits_mont); - else return(0); + if (high >= 0) { + if (high > (int)(sizeof(int) * 8) - 1) + high = sizeof(int) * 8 - 1; + bn_limit_bits_high = high; + bn_limit_num_high = 1 << high; } - -const BIGNUM *BN_value_one(void) - { - static BN_ULONG data_one=1L; - static BIGNUM const_one={&data_one,1,1,0}; - - return(&const_one); + if (low >= 0) { + if (low > (int)(sizeof(int) * 8) - 1) + low = sizeof(int) * 8 - 1; + bn_limit_bits_low = low; + bn_limit_num_low = 1 << low; } - -char *BN_options(void) - { - static int init=0; - static char data[16]; - - if (!init) - { - init++; -#ifdef BN_LLONG - sprintf(data,"bn(%d,%d)",(int)sizeof(BN_ULLONG)*8, - (int)sizeof(BN_ULONG)*8); -#else - sprintf(data,"bn(%d,%d)",(int)sizeof(BN_ULONG)*8, - (int)sizeof(BN_ULONG)*8); -#endif - } - return(data); + if (mont >= 0) { + if (mont > (int)(sizeof(int) * 8) - 1) + mont = sizeof(int) * 8 - 1; + bn_limit_bits_mont = mont; + bn_limit_num_mont = 1 << mont; } - -int BN_num_bits_word(BN_ULONG l) - { - static const char bits[256]={ - 0,1,2,2,3,3,3,3,4,4,4,4,4,4,4,4, - 5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5, - 6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6, - 6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6, - 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7, - 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7, - 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7, - 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7, - 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, - 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, - 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, - 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, - 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, - 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, - 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, - 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, - }; - -#if defined(SIXTY_FOUR_BIT_LONG) - if (l & 0xffffffff00000000L) - { - if (l & 0xffff000000000000L) - { - if (l & 0xff00000000000000L) - { - return(bits[(int)(l>>56)]+56); - } - else return(bits[(int)(l>>48)]+48); - } - else - { - if (l & 0x0000ff0000000000L) - { - return(bits[(int)(l>>40)]+40); - } - else return(bits[(int)(l>>32)]+32); - } - } - else -#else -#ifdef SIXTY_FOUR_BIT - if (l & 0xffffffff00000000LL) - { - if (l & 0xffff000000000000LL) - { - if (l & 0xff00000000000000LL) - { - return(bits[(int)(l>>56)]+56); - } - else return(bits[(int)(l>>48)]+48); - } - else - { - if (l & 0x0000ff0000000000LL) - { - return(bits[(int)(l>>40)]+40); - } - else return(bits[(int)(l>>32)]+32); - } - } +} + +int +BN_get_params(int which) +{ + if (which == 0) + return (bn_limit_bits); + else if (which == 1) + return (bn_limit_bits_high); + else if (which == 2) + return (bn_limit_bits_low); + else if (which == 3) + return (bn_limit_bits_mont); else + return (0); +} #endif + +const BIGNUM * +BN_value_one(void) +{ + static const BN_ULONG data_one = 1L; + static const BIGNUM const_one = { + (BN_ULONG *)&data_one, 1, 1, 0, BN_FLG_STATIC_DATA + }; + + return (&const_one); +} + +int +BN_num_bits_word(BN_ULONG l) +{ + static const unsigned char bits[256] = { + 0, 1, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 4, 4, 4, 4, + 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, + 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, + 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, + 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, + 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, + 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, + 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, + 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, + 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, + 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, + 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, + 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, + 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, + 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, + 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, + }; + +#ifdef _LP64 + if (l & 0xffffffff00000000L) { + if (l & 0xffff000000000000L) { + if (l & 0xff00000000000000L) { + return (bits[(int)(l >> 56)] + 56); + } else + return (bits[(int)(l >> 48)] + 48); + } else { + if (l & 0x0000ff0000000000L) { + return (bits[(int)(l >> 40)] + 40); + } else + return (bits[(int)(l >> 32)] + 32); + } + } else #endif - { -#if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG) - if (l & 0xffff0000L) - { + { + if (l & 0xffff0000L) { if (l & 0xff000000L) - return(bits[(int)(l>>24L)]+24); - else return(bits[(int)(l>>16L)]+16); - } - else -#endif - { -#if defined(SIXTEEN_BIT) || defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG) + return (bits[(int)(l >> 24L)] + 24); + else + return (bits[(int)(l >> 16L)] + 16); + } else { if (l & 0xff00L) - return(bits[(int)(l>>8)]+8); - else -#endif - return(bits[(int)(l )] ); - } + return (bits[(int)(l >> 8)] + 8); + else + return (bits[(int)(l)]); } } +} -int BN_num_bits(const BIGNUM *a) - { - BN_ULONG l; - int i; +int +BN_num_bits(const BIGNUM *a) +{ + int i = a->top - 1; bn_check_top(a); - if (a->top == 0) return(0); - l=a->d[a->top-1]; - assert(l != 0); - i=(a->top-1)*BN_BITS2; - return(i+BN_num_bits_word(l)); - } + if (BN_is_zero(a)) + return 0; + return ((i * BN_BITS2) + BN_num_bits_word(a->d[i])); +} -void BN_clear_free(BIGNUM *a) - { +void +BN_clear_free(BIGNUM *a) +{ int i; - if (a == NULL) return; - if (a->d != NULL) - { - memset(a->d,0,a->dmax*sizeof(a->d[0])); - if (!(BN_get_flags(a,BN_FLG_STATIC_DATA))) - OPENSSL_free(a->d); - } - i=BN_get_flags(a,BN_FLG_MALLOCED); - memset(a,0,sizeof(BIGNUM)); + if (a == NULL) + return; + bn_check_top(a); + if (a->d != NULL && !(BN_get_flags(a, BN_FLG_STATIC_DATA))) + freezero(a->d, a->dmax * sizeof(a->d[0])); + i = BN_get_flags(a, BN_FLG_MALLOCED); + explicit_bzero(a, sizeof(BIGNUM)); if (i) - OPENSSL_free(a); - } - -void BN_free(BIGNUM *a) - { - if (a == NULL) return; - if ((a->d != NULL) && !(BN_get_flags(a,BN_FLG_STATIC_DATA))) - OPENSSL_free(a->d); - a->flags|=BN_FLG_FREE; /* REMOVE? */ - if (a->flags & BN_FLG_MALLOCED) - OPENSSL_free(a); - } - -void BN_init(BIGNUM *a) - { - memset(a,0,sizeof(BIGNUM)); - } + free(a); +} + +void +BN_free(BIGNUM *a) +{ + BN_clear_free(a); +} + +void +BN_init(BIGNUM *a) +{ + memset(a, 0, sizeof(BIGNUM)); + bn_check_top(a); +} -BIGNUM *BN_new(void) - { +BIGNUM * +BN_new(void) +{ BIGNUM *ret; - if ((ret=(BIGNUM *)OPENSSL_malloc(sizeof(BIGNUM))) == NULL) - { - BNerr(BN_F_BN_NEW,ERR_R_MALLOC_FAILURE); - return(NULL); - } - ret->flags=BN_FLG_MALLOCED; - ret->top=0; - ret->neg=0; - ret->dmax=0; - ret->d=NULL; - return(ret); + if ((ret = malloc(sizeof(BIGNUM))) == NULL) { + BNerror(ERR_R_MALLOC_FAILURE); + return (NULL); } + ret->flags = BN_FLG_MALLOCED; + ret->top = 0; + ret->neg = 0; + ret->dmax = 0; + ret->d = NULL; + bn_check_top(ret); + return (ret); +} /* This is used both by bn_expand2() and bn_dup_expand() */ /* The caller MUST check that words > b->dmax before calling this */ -static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) - { - BN_ULONG *A,*a = NULL; +static BN_ULONG * +bn_expand_internal(const BIGNUM *b, int words) +{ + BN_ULONG *A, *a = NULL; const BN_ULONG *B; int i; - if (words > (INT_MAX/(4*BN_BITS2))) - { - BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_BIGNUM_TOO_LONG); - return NULL; - } + bn_check_top(b); - bn_check_top(b); - if (BN_get_flags(b,BN_FLG_STATIC_DATA)) - { - BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_EXPAND_ON_STATIC_BIGNUM_DATA); - return(NULL); - } - a=A=(BN_ULONG *)OPENSSL_malloc(sizeof(BN_ULONG)*(words+1)); - if (A == NULL) - { - BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE); - return(NULL); - } + if (words > (INT_MAX/(4*BN_BITS2))) { + BNerror(BN_R_BIGNUM_TOO_LONG); + return NULL; + } + if (BN_get_flags(b, BN_FLG_STATIC_DATA)) { + BNerror(BN_R_EXPAND_ON_STATIC_BIGNUM_DATA); + return (NULL); + } + a = A = reallocarray(NULL, words, sizeof(BN_ULONG)); + if (A == NULL) { + BNerror(ERR_R_MALLOC_FAILURE); + return (NULL); + } #if 1 - B=b->d; + B = b->d; /* Check if the previous number needs to be copied */ - if (B != NULL) - { - for (i=b->top>>2; i>0; i--,A+=4,B+=4) - { + if (B != NULL) { + for (i = b->top >> 2; i > 0; i--, A += 4, B += 4) { /* * The fact that the loop is unrolled * 4-wise is a tribute to Intel. It's * the one that doesn't have enough - * registers to accomodate more data. + * registers to accommodate more data. * I'd unroll it 8-wise otherwise:-) * * */ - BN_ULONG a0,a1,a2,a3; - a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3]; - A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3; - } - switch (b->top&3) - { - case 3: A[2]=B[2]; - case 2: A[1]=B[1]; - case 1: A[0]=B[0]; - case 0: /* workaround for ultrix cc: without 'case 0', the optimizer does - * the switch table by doing a=top&3; a--; goto jump_table[a]; - * which fails for top== 0 */ - ; - } + BN_ULONG a0, a1, a2, a3; + a0 = B[0]; + a1 = B[1]; + a2 = B[2]; + a3 = B[3]; + A[0] = a0; + A[1] = a1; + A[2] = a2; + A[3] = a3; + } + switch (b->top & 3) { + case 3: + A[2] = B[2]; + case 2: + A[1] = B[1]; + case 1: + A[0] = B[0]; } + } - /* Now need to zero any data between b->top and b->max */ - /* XXX Why? */ - - A= &(a[b->top]); - for (i=(words - b->top)>>3; i>0; i--,A+=8) - { - A[0]=0; A[1]=0; A[2]=0; A[3]=0; - A[4]=0; A[5]=0; A[6]=0; A[7]=0; - } - for (i=(words - b->top)&7; i>0; i--,A++) - A[0]=0; #else - memset(A,0,sizeof(BN_ULONG)*(words+1)); - memcpy(A,b->d,sizeof(b->d[0])*b->top); + memset(A, 0, sizeof(BN_ULONG) * words); + memcpy(A, b->d, sizeof(b->d[0]) * b->top); #endif - - return(a); - } + + return (a); +} /* This is an internal function that can be used instead of bn_expand2() * when there is a need to copy BIGNUMs instead of only expanding the @@ -393,127 +336,168 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) * while bn_dup_expand() makes sure allocation is made only once. */ -BIGNUM *bn_dup_expand(const BIGNUM *b, int words) - { +#ifndef OPENSSL_NO_DEPRECATED +BIGNUM * +bn_dup_expand(const BIGNUM *b, int words) +{ BIGNUM *r = NULL; - if (words > b->dmax) - { + bn_check_top(b); + + /* This function does not work if + * words <= b->dmax && top < words + * because BN_dup() does not preserve 'dmax'! + * (But bn_dup_expand() is not used anywhere yet.) + */ + + if (words > b->dmax) { BN_ULONG *a = bn_expand_internal(b, words); - if (a) - { + if (a) { r = BN_new(); - if (r) - { + if (r) { r->top = b->top; r->dmax = words; r->neg = b->neg; r->d = a; - } - else - { + } else { /* r == NULL, BN_new failure */ - OPENSSL_free(a); - } + free(a); } + } /* If a == NULL, there was an error in allocation in bn_expand_internal(), and NULL should be returned */ - } - else - { + } else { r = BN_dup(b); - } + } + bn_check_top(r); return r; - } +} +#endif /* This is an internal function that should not be used in applications. - * It ensures that 'b' has enough room for a 'words' word number number. + * It ensures that 'b' has enough room for a 'words' word number + * and initialises any unused part of b->d with leading zeros. * It is mostly used by the various BIGNUM routines. If there is an error, * NULL is returned. If not, 'b' is returned. */ -BIGNUM *bn_expand2(BIGNUM *b, int words) - { - if (words > b->dmax) - { - BN_ULONG *a = bn_expand_internal(b, words); +BIGNUM * +bn_expand2(BIGNUM *b, int words) +{ + bn_check_top(b); - if (a) - { - if (b->d) - OPENSSL_free(b->d); - b->d=a; - b->dmax=words; - } - else - b = NULL; - } - return b; + if (words > b->dmax) { + BN_ULONG *a = bn_expand_internal(b, words); + if (!a) + return NULL; + if (b->d) + freezero(b->d, b->dmax * sizeof(b->d[0])); + b->d = a; + b->dmax = words; } -BIGNUM *BN_dup(const BIGNUM *a) - { - BIGNUM *r, *t; +/* None of this should be necessary because of what b->top means! */ +#if 0 + /* NB: bn_wexpand() calls this only if the BIGNUM really has to grow */ + if (b->top < b->dmax) { + int i; + BN_ULONG *A = &(b->d[b->top]); + for (i = (b->dmax - b->top) >> 3; i > 0; i--, A += 8) { + A[0] = 0; + A[1] = 0; + A[2] = 0; + A[3] = 0; + A[4] = 0; + A[5] = 0; + A[6] = 0; + A[7] = 0; + } + for (i = (b->dmax - b->top)&7; i > 0; i--, A++) + A[0] = 0; + assert(A == &(b->d[b->dmax])); + } +#endif + bn_check_top(b); + return b; +} - if (a == NULL) return NULL; +BIGNUM * +BN_dup(const BIGNUM *a) +{ + BIGNUM *t; + if (a == NULL) + return NULL; bn_check_top(a); t = BN_new(); - if (t == NULL) return(NULL); - r = BN_copy(t, a); - /* now r == t || r == NULL */ - if (r == NULL) + if (t == NULL) + return NULL; + if (!BN_copy(t, a)) { BN_free(t); - return r; + return NULL; } + bn_check_top(t); + return t; +} -BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b) - { +BIGNUM * +BN_copy(BIGNUM *a, const BIGNUM *b) +{ int i; BN_ULONG *A; const BN_ULONG *B; bn_check_top(b); - if (a == b) return(a); - if (bn_wexpand(a,b->top) == NULL) return(NULL); + if (a == b) + return (a); + if (bn_wexpand(a, b->top) == NULL) + return (NULL); #if 1 - A=a->d; - B=b->d; - for (i=b->top>>2; i>0; i--,A+=4,B+=4) - { - BN_ULONG a0,a1,a2,a3; - a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3]; - A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3; - } - switch (b->top&3) - { - case 3: A[2]=B[2]; - case 2: A[1]=B[1]; - case 1: A[0]=B[0]; - case 0: ; /* ultrix cc workaround, see comments in bn_expand_internal */ - } + A = a->d; + B = b->d; + for (i = b->top >> 2; i > 0; i--, A += 4, B += 4) { + BN_ULONG a0, a1, a2, a3; + a0 = B[0]; + a1 = B[1]; + a2 = B[2]; + a3 = B[3]; + A[0] = a0; + A[1] = a1; + A[2] = a2; + A[3] = a3; + } + switch (b->top & 3) { + case 3: + A[2] = B[2]; + case 2: + A[1] = B[1]; + case 1: + A[0] = B[0]; + } #else - memcpy(a->d,b->d,sizeof(b->d[0])*b->top); + memcpy(a->d, b->d, sizeof(b->d[0]) * b->top); #endif -/* memset(&(a->d[b->top]),0,sizeof(a->d[0])*(a->max-b->top));*/ - a->top=b->top; - if ((a->top == 0) && (a->d != NULL)) - a->d[0]=0; - a->neg=b->neg; - return(a); - } + a->top = b->top; + a->neg = b->neg; + bn_check_top(a); + return (a); +} -void BN_swap(BIGNUM *a, BIGNUM *b) - { +void +BN_swap(BIGNUM *a, BIGNUM *b) +{ int flags_old_a, flags_old_b; BN_ULONG *tmp_d; int tmp_top, tmp_dmax, tmp_neg; - + + bn_check_top(a); + bn_check_top(b); + flags_old_a = a->flags; flags_old_b = b->flags; @@ -521,269 +505,308 @@ void BN_swap(BIGNUM *a, BIGNUM *b) tmp_top = a->top; tmp_dmax = a->dmax; tmp_neg = a->neg; - + a->d = b->d; a->top = b->top; a->dmax = b->dmax; a->neg = b->neg; - + b->d = tmp_d; b->top = tmp_top; b->dmax = tmp_dmax; b->neg = tmp_neg; - - a->flags = (flags_old_a & BN_FLG_MALLOCED) | (flags_old_b & BN_FLG_STATIC_DATA); - b->flags = (flags_old_b & BN_FLG_MALLOCED) | (flags_old_a & BN_FLG_STATIC_DATA); - } + a->flags = (flags_old_a & BN_FLG_MALLOCED) | + (flags_old_b & BN_FLG_STATIC_DATA); + b->flags = (flags_old_b & BN_FLG_MALLOCED) | + (flags_old_a & BN_FLG_STATIC_DATA); + bn_check_top(a); + bn_check_top(b); +} -void BN_clear(BIGNUM *a) - { +void +BN_clear(BIGNUM *a) +{ + bn_check_top(a); if (a->d != NULL) - memset(a->d,0,a->dmax*sizeof(a->d[0])); - a->top=0; - a->neg=0; - } - -BN_ULONG BN_get_word(const BIGNUM *a) - { - int i,n; - BN_ULONG ret=0; - - n=BN_num_bytes(a); - if (n > sizeof(BN_ULONG)) - return(BN_MASK2); - for (i=a->top-1; i>=0; i--) - { -#ifndef SIXTY_FOUR_BIT /* the data item > unsigned long */ - ret<<=BN_BITS4; /* stops the compiler complaining */ - ret<<=BN_BITS4; -#else - ret=0; -#endif - ret|=a->d[i]; - } - return(ret); - } - -int BN_set_word(BIGNUM *a, BN_ULONG w) - { - int i,n; - if (bn_expand(a,sizeof(BN_ULONG)*8) == NULL) return(0); - - n=sizeof(BN_ULONG)/BN_BYTES; - a->neg=0; - a->top=0; - a->d[0]=(BN_ULONG)w&BN_MASK2; - if (a->d[0] != 0) a->top=1; - for (i=1; i>=BN_BITS2 so compilers don't complain - * on builds where sizeof(long) == BN_TYPES */ -#ifndef SIXTY_FOUR_BIT /* the data item > unsigned long */ - w>>=BN_BITS4; - w>>=BN_BITS4; -#else - w=0; -#endif - a->d[i]=(BN_ULONG)w&BN_MASK2; - if (a->d[i] != 0) a->top=i+1; - } - return(1); - } + explicit_bzero(a->d, a->dmax * sizeof(a->d[0])); + a->top = 0; + a->neg = 0; +} + +BN_ULONG +BN_get_word(const BIGNUM *a) +{ + if (a->top > 1) + return BN_MASK2; + else if (a->top == 1) + return a->d[0]; + /* a->top == 0 */ + return 0; +} + +BIGNUM * +bn_expand(BIGNUM *a, int bits) +{ + if (bits > (INT_MAX - BN_BITS2 + 1)) + return (NULL); + + if (((bits + BN_BITS2 - 1) / BN_BITS2) <= a->dmax) + return (a); + + return bn_expand2(a, (bits + BN_BITS2 - 1) / BN_BITS2); +} + +int +BN_set_word(BIGNUM *a, BN_ULONG w) +{ + bn_check_top(a); + if (bn_expand(a, (int)sizeof(BN_ULONG) * 8) == NULL) + return (0); + a->neg = 0; + a->d[0] = w; + a->top = (w ? 1 : 0); + bn_check_top(a); + return (1); +} -BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) - { - unsigned int i,m; +BIGNUM * +BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) +{ + unsigned int i, m; unsigned int n; BN_ULONG l; - - if (ret == NULL) ret=BN_new(); - if (ret == NULL) return(NULL); - l=0; - n=len; - if (n == 0) - { - ret->top=0; - return(ret); - } - if (bn_expand(ret,(int)(n+2)*8) == NULL) - return(NULL); - i=((n-1)/BN_BYTES)+1; - m=((n-1)%(BN_BYTES)); - ret->top=i; - ret->neg=0; - while (n-- > 0) - { - l=(l<<8L)| *(s++); - if (m-- == 0) - { - ret->d[--i]=l; - l=0; - m=BN_BYTES-1; - } + BIGNUM *bn = NULL; + + if (len < 0) + return (NULL); + if (ret == NULL) + ret = bn = BN_new(); + if (ret == NULL) + return (NULL); + bn_check_top(ret); + l = 0; + n = len; + if (n == 0) { + ret->top = 0; + return (ret); + } + i = ((n - 1) / BN_BYTES) + 1; + m = ((n - 1) % (BN_BYTES)); + if (bn_wexpand(ret, (int)i) == NULL) { + BN_free(bn); + return NULL; + } + ret->top = i; + ret->neg = 0; + while (n--) { + l = (l << 8L) | *(s++); + if (m-- == 0) { + ret->d[--i] = l; + l = 0; + m = BN_BYTES - 1; } + } /* need to call this due to clear byte at top if avoiding * having the top bit set (-ve number) */ - bn_fix_top(ret); - return(ret); - } + bn_correct_top(ret); + return (ret); +} /* ignore negative */ -int BN_bn2bin(const BIGNUM *a, unsigned char *to) - { - int n,i; +int +BN_bn2bin(const BIGNUM *a, unsigned char *to) +{ + int n, i; BN_ULONG l; - n=i=BN_num_bytes(a); - while (i-- > 0) - { - l=a->d[i/BN_BYTES]; - *(to++)=(unsigned char)(l>>(8*(i%BN_BYTES)))&0xff; - } - return(n); + bn_check_top(a); + n = i=BN_num_bytes(a); + while (i--) { + l = a->d[i / BN_BYTES]; + *(to++) = (unsigned char)(l >> (8 * (i % BN_BYTES))) & 0xff; } + return (n); +} -int BN_ucmp(const BIGNUM *a, const BIGNUM *b) - { +int +BN_ucmp(const BIGNUM *a, const BIGNUM *b) +{ int i; - BN_ULONG t1,t2,*ap,*bp; + BN_ULONG t1, t2, *ap, *bp; bn_check_top(a); bn_check_top(b); - i=a->top-b->top; - if (i != 0) return(i); - ap=a->d; - bp=b->d; - for (i=a->top-1; i>=0; i--) - { - t1= ap[i]; - t2= bp[i]; + i = a->top - b->top; + if (i != 0) + return (i); + ap = a->d; + bp = b->d; + for (i = a->top - 1; i >= 0; i--) { + t1 = ap[i]; + t2 = bp[i]; if (t1 != t2) - return(t1 > t2?1:-1); - } - return(0); + return ((t1 > t2) ? 1 : -1); } + return (0); +} -int BN_cmp(const BIGNUM *a, const BIGNUM *b) - { +int +BN_cmp(const BIGNUM *a, const BIGNUM *b) +{ int i; - int gt,lt; - BN_ULONG t1,t2; + int gt, lt; + BN_ULONG t1, t2; - if ((a == NULL) || (b == NULL)) - { + if ((a == NULL) || (b == NULL)) { if (a != NULL) - return(-1); + return (-1); else if (b != NULL) - return(1); + return (1); else - return(0); - } + return (0); + } bn_check_top(a); bn_check_top(b); - if (a->neg != b->neg) - { + if (a->neg != b->neg) { if (a->neg) - return(-1); - else return(1); - } - if (a->neg == 0) - { gt=1; lt= -1; } - else { gt= -1; lt=1; } - - if (a->top > b->top) return(gt); - if (a->top < b->top) return(lt); - for (i=a->top-1; i>=0; i--) - { - t1=a->d[i]; - t2=b->d[i]; - if (t1 > t2) return(gt); - if (t1 < t2) return(lt); - } - return(0); + return (-1); + else + return (1); + } + if (a->neg == 0) { + gt = 1; + lt = -1; + } else { + gt = -1; + lt = 1; } -int BN_set_bit(BIGNUM *a, int n) - { - int i,j,k; + if (a->top > b->top) + return (gt); + if (a->top < b->top) + return (lt); + for (i = a->top - 1; i >= 0; i--) { + t1 = a->d[i]; + t2 = b->d[i]; + if (t1 > t2) + return (gt); + if (t1 < t2) + return (lt); + } + return (0); +} + +int +BN_set_bit(BIGNUM *a, int n) +{ + int i, j, k; + + if (n < 0) + return 0; + + i = n / BN_BITS2; + j = n % BN_BITS2; + if (a->top <= i) { + if (bn_wexpand(a, i + 1) == NULL) + return (0); + for (k = a->top; k < i + 1; k++) + a->d[k] = 0; + a->top = i + 1; + } - i=n/BN_BITS2; - j=n%BN_BITS2; - if (a->top <= i) - { - if (bn_wexpand(a,i+1) == NULL) return(0); - for(k=a->top; kd[k]=0; - a->top=i+1; - } + a->d[i] |= (((BN_ULONG)1) << j); + bn_check_top(a); + return (1); +} - a->d[i]|=(((BN_ULONG)1)<top <= i) return(0); + i = n / BN_BITS2; + j = n % BN_BITS2; + if (a->top <= i) + return (0); - a->d[i]&=(~(((BN_ULONG)1)<d[i] &= (~(((BN_ULONG)1) << j)); + bn_correct_top(a); + return (1); +} -int BN_is_bit_set(const BIGNUM *a, int n) - { - int i,j; +int +BN_is_bit_set(const BIGNUM *a, int n) +{ + int i, j; - if (n < 0) return(0); - i=n/BN_BITS2; - j=n%BN_BITS2; - if (a->top <= i) return(0); - return((a->d[i]&(((BN_ULONG)1)<top <= i) + return 0; + return (int)(((a->d[i]) >> j) & ((BN_ULONG)1)); +} -int BN_mask_bits(BIGNUM *a, int n) - { - int b,w; +int +BN_mask_bits(BIGNUM *a, int n) +{ + int b, w; + + bn_check_top(a); + if (n < 0) + return 0; - w=n/BN_BITS2; - b=n%BN_BITS2; - if (w >= a->top) return(0); + w = n / BN_BITS2; + b = n % BN_BITS2; + if (w >= a->top) + return 0; if (b == 0) - a->top=w; - else - { - a->top=w+1; - a->d[w]&= ~(BN_MASK2<top = w; + else { + a->top = w + 1; + a->d[w] &= ~(BN_MASK2 << b); } + bn_correct_top(a); + return (1); +} + +void +BN_set_negative(BIGNUM *a, int b) +{ + if (b && !BN_is_zero(a)) + a->neg = 1; + else + a->neg = 0; +} -int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n) - { +int +bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n) +{ int i; - BN_ULONG aa,bb; - - aa=a[n-1]; - bb=b[n-1]; - if (aa != bb) return((aa > bb)?1:-1); - for (i=n-2; i>=0; i--) - { - aa=a[i]; - bb=b[i]; - if (aa != bb) return((aa > bb)?1:-1); - } - return(0); + BN_ULONG aa, bb; + + aa = a[n - 1]; + bb = b[n - 1]; + if (aa != bb) + return ((aa > bb) ? 1 : -1); + for (i = n - 2; i >= 0; i--) { + aa = a[i]; + bb = b[i]; + if (aa != bb) + return ((aa > bb) ? 1 : -1); } + return (0); +} /* Here follows a specialised variants of bn_cmp_words(). It has the property of performing the operation on arrays of different sizes. @@ -792,27 +815,156 @@ int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n) delta between the two lengths, calculated as len(a)-len(b). All lengths are the number of BN_ULONGs... */ -int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, - int cl, int dl) - { - int n,i; - n = cl-1; - - if (dl < 0) - { - for (i=dl; i<0; i++) - { - if (b[n-i] != 0) +int +bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, int cl, int dl) +{ + int n, i; + + n = cl - 1; + + if (dl < 0) { + for (i = dl; i < 0; i++) { + if (b[n - i] != 0) return -1; /* a < b */ - } } - if (dl > 0) - { - for (i=dl; i>0; i--) - { - if (a[n+i] != 0) + } + if (dl > 0) { + for (i = dl; i > 0; i--) { + if (a[n + i] != 0) return 1; /* a > b */ - } } - return bn_cmp_words(a,b,cl); } + return bn_cmp_words(a, b, cl); +} + +/* + * Constant-time conditional swap of a and b. + * a and b are swapped if condition is not 0. + * The code assumes that at most one bit of condition is set. + * nwords is the number of words to swap. + * The code assumes that at least nwords are allocated in both a and b, + * and that no more than nwords are used by either a or b. + * a and b cannot be the same number + */ +void +BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) +{ + BN_ULONG t; + int i; + + bn_wcheck_size(a, nwords); + bn_wcheck_size(b, nwords); + + assert(a != b); + assert((condition & (condition - 1)) == 0); + assert(sizeof(BN_ULONG) >= sizeof(int)); + + condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1; + + t = (a->top^b->top) & condition; + a->top ^= t; + b->top ^= t; + +#define BN_CONSTTIME_SWAP(ind) \ + do { \ + t = (a->d[ind] ^ b->d[ind]) & condition; \ + a->d[ind] ^= t; \ + b->d[ind] ^= t; \ + } while (0) + + + switch (nwords) { + default: + for (i = 10; i < nwords; i++) + BN_CONSTTIME_SWAP(i); + /* Fallthrough */ + case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */ + case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */ + case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */ + case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */ + case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */ + case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */ + case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */ + case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */ + case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */ + case 1: + BN_CONSTTIME_SWAP(0); + } +#undef BN_CONSTTIME_SWAP +} + +/* + * Constant-time conditional swap of a and b. + * a and b are swapped if condition is not 0. + * nwords is the number of words to swap. + */ +int +BN_swap_ct(BN_ULONG condition, BIGNUM *a, BIGNUM *b, size_t nwords) +{ + BN_ULONG t; + int i, words; + + if (a == b) + return 1; + if (nwords > INT_MAX) + return 0; + words = (int)nwords; + if (bn_wexpand(a, words) == NULL || bn_wexpand(b, words) == NULL) + return 0; + if (a->top > words || b->top > words) { + BNerror(BN_R_INVALID_LENGTH); + return 0; + } + + /* Set condition to 0 (if it was zero) or all 1s otherwise. */ + condition = ((~condition & (condition - 1)) >> (BN_BITS2 - 1)) - 1; + + /* swap top field */ + t = (a->top ^ b->top) & condition; + a->top ^= t; + b->top ^= t; + + /* swap neg field */ + t = (a->neg ^ b->neg) & condition; + a->neg ^= t; + b->neg ^= t; + + /* swap BN_FLG_CONSTTIME from flag field */ + t = ((a->flags ^ b->flags) & BN_FLG_CONSTTIME) & condition; + a->flags ^= t; + b->flags ^= t; + + /* swap the data */ + for (i = 0; i < words; i++) { + t = (a->d[i] ^ b->d[i]) & condition; + a->d[i] ^= t; + b->d[i] ^= t; + } + + return 1; +} + +BN_GENCB * +BN_GENCB_new(void) +{ + BN_GENCB *cb; + + if ((cb = calloc(1, sizeof(*cb))) == NULL) + return NULL; + + return cb; +} + +void +BN_GENCB_free(BN_GENCB *cb) +{ + if (cb == NULL) + return; + free(cb); +} + +void * +BN_GENCB_get_arg(BN_GENCB *cb) +{ + return cb->arg; +} diff --git a/src/lib/libcrypto/bn/bn_mod.c b/src/lib/libcrypto/bn/bn_mod.c index 5cf82480d7b..897ff434e92 100644 --- a/src/lib/libcrypto/bn/bn_mod.c +++ b/src/lib/libcrypto/bn/bn_mod.c @@ -1,4 +1,4 @@ -/* crypto/bn/bn_mod.c */ +/* $OpenBSD: bn_mod.c,v 1.12 2017/01/29 17:49:22 beck Exp $ */ /* Includes code written by Lenka Fibikova * for the OpenSSL project. */ /* ==================================================================== @@ -9,7 +9,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -60,21 +60,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -89,10 +89,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -104,193 +104,205 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ -#include "cryptlib.h" -#include "bn_lcl.h" - - -#if 0 /* now just a #define */ -int BN_mod(BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx) - { - return(BN_div(NULL,rem,m,d,ctx)); - /* note that rem->neg == m->neg (unless the remainder is zero) */ - } -#endif +#include +#include "bn_lcl.h" -int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx) - { +int +BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx) +{ /* like BN_mod, but returns non-negative remainder * (i.e., 0 <= r < |d| always holds) */ - if (!(BN_mod(r,m,d,ctx))) + if (!(BN_mod_ct(r, m,d, ctx))) return 0; if (!r->neg) return 1; - /* now -|d| < r < 0, so we have to set r := r + |d| */ - return (d->neg ? BN_sub : BN_add)(r, r, d); + /* now -|d| < r < 0, so we have to set r := r + |d| */ + if (d->neg) + return BN_sub(r, r, d); + else + return BN_add(r, r, d); } - -int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx) - { - if (!BN_add(r, a, b)) return 0; +int +BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, + BN_CTX *ctx) +{ + if (!BN_add(r, a, b)) + return 0; return BN_nnmod(r, r, m, ctx); - } - +} /* BN_mod_add variant that may be used if both a and b are non-negative * and less than m */ -int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m) - { - if (!BN_add(r, a, b)) return 0; +int +BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m) +{ + if (!BN_uadd(r, a, b)) + return 0; if (BN_ucmp(r, m) >= 0) return BN_usub(r, r, m); return 1; - } - +} -int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx) - { - if (!BN_sub(r, a, b)) return 0; +int +BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, + BN_CTX *ctx) +{ + if (!BN_sub(r, a, b)) + return 0; return BN_nnmod(r, r, m, ctx); - } - +} /* BN_mod_sub variant that may be used if both a and b are non-negative * and less than m */ -int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m) - { - if (!BN_sub(r, a, b)) return 0; +int +BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m) +{ + if (!BN_sub(r, a, b)) + return 0; if (r->neg) return BN_add(r, r, m); return 1; - } - +} /* slow but works */ -int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, - BN_CTX *ctx) - { +int +BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, + BN_CTX *ctx) +{ BIGNUM *t; - int ret=0; + int ret = 0; bn_check_top(a); bn_check_top(b); bn_check_top(m); BN_CTX_start(ctx); - if ((t = BN_CTX_get(ctx)) == NULL) goto err; - if (a == b) - { if (!BN_sqr(t,a,ctx)) goto err; } - else - { if (!BN_mul(t,a,b,ctx)) goto err; } - if (!BN_nnmod(r,t,m,ctx)) goto err; - ret=1; -err: - BN_CTX_end(ctx); - return(ret); + if ((t = BN_CTX_get(ctx)) == NULL) + goto err; + if (a == b) { + if (!BN_sqr(t, a, ctx)) + goto err; + } else { + if (!BN_mul(t, a,b, ctx)) + goto err; } + if (!BN_nnmod(r, t,m, ctx)) + goto err; + bn_check_top(r); + ret = 1; +err: + BN_CTX_end(ctx); + return (ret); +} -int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx) - { - if (!BN_sqr(r, a, ctx)) return 0; +int +BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx) +{ + if (!BN_sqr(r, a, ctx)) + return 0; /* r->neg == 0, thus we don't need BN_nnmod */ - return BN_mod(r, r, m, ctx); - } - + return BN_mod_ct(r, r, m, ctx); +} -int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx) - { - if (!BN_lshift1(r, a)) return 0; +int +BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx) +{ + if (!BN_lshift1(r, a)) + return 0; + bn_check_top(r); return BN_nnmod(r, r, m, ctx); - } - +} /* BN_mod_lshift1 variant that may be used if a is non-negative * and less than m */ -int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m) - { - if (!BN_lshift1(r, a)) return 0; +int +BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m) +{ + if (!BN_lshift1(r, a)) + return 0; + bn_check_top(r); if (BN_cmp(r, m) >= 0) return BN_sub(r, r, m); return 1; - } - +} -int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, BN_CTX *ctx) - { +int +BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, BN_CTX *ctx) +{ BIGNUM *abs_m = NULL; int ret; - if (!BN_nnmod(r, a, m, ctx)) return 0; + if (!BN_nnmod(r, a, m, ctx)) + return 0; - if (m->neg) - { + if (m->neg) { abs_m = BN_dup(m); - if (abs_m == NULL) return 0; + if (abs_m == NULL) + return 0; abs_m->neg = 0; - } - + } + ret = BN_mod_lshift_quick(r, r, n, (abs_m ? abs_m : m)); + bn_check_top(r); - if (abs_m) - BN_free(abs_m); + BN_free(abs_m); return ret; - } - +} /* BN_mod_lshift variant that may be used if a is non-negative * and less than m */ -int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m) - { - if (r != a) - { - if (BN_copy(r, a) == NULL) return 0; - } +int +BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m) +{ + if (r != a) { + if (BN_copy(r, a) == NULL) + return 0; + } - while (n > 0) - { + while (n > 0) { int max_shift; - + /* 0 < r < m */ max_shift = BN_num_bits(m) - BN_num_bits(r); /* max_shift >= 0 */ - if (max_shift < 0) - { - BNerr(BN_F_BN_MOD_LSHIFT_QUICK, BN_R_INPUT_NOT_REDUCED); + if (max_shift < 0) { + BNerror(BN_R_INPUT_NOT_REDUCED); return 0; - } + } if (max_shift > n) max_shift = n; - if (max_shift) - { - if (!BN_lshift(r, r, max_shift)) return 0; + if (max_shift) { + if (!BN_lshift(r, r, max_shift)) + return 0; n -= max_shift; - } - else - { - if (!BN_lshift1(r, r)) return 0; + } else { + if (!BN_lshift1(r, r)) + return 0; --n; - } + } /* BN_num_bits(r) <= BN_num_bits(m) */ - if (BN_cmp(r, m) >= 0) - { - if (!BN_sub(r, r, m)) return 0; - } + if (BN_cmp(r, m) >= 0) { + if (!BN_sub(r, r, m)) + return 0; } - - return 1; } + bn_check_top(r); + + return 1; +} diff --git a/src/lib/libcrypto/bn/bn_mont.c b/src/lib/libcrypto/bn/bn_mont.c index c9ebdbaabeb..eeac046826e 100644 --- a/src/lib/libcrypto/bn/bn_mont.c +++ b/src/lib/libcrypto/bn/bn_mont.c @@ -1,25 +1,25 @@ -/* crypto/bn/bn_mont.c */ +/* $OpenBSD: bn_mont.c,v 1.26 2017/01/21 11:00:46 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,12 +49,65 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ /* * Details about Montgomery multiplication algorithms can be found at @@ -64,286 +117,422 @@ */ #include -#include "cryptlib.h" +#include + #include "bn_lcl.h" #define MONT_WORD /* use the faster word-based algorithm */ -int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, - BN_MONT_CTX *mont, BN_CTX *ctx) - { +#ifdef MONT_WORD +static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont); +#endif + +int +BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + BN_MONT_CTX *mont, BN_CTX *ctx) +{ BIGNUM *tmp; - int ret=0; + int ret = 0; +#if defined(OPENSSL_BN_ASM_MONT) && defined(MONT_WORD) + int num = mont->N.top; + + if (num > 1 && a->top == num && b->top == num) { + if (bn_wexpand(r, num) == NULL) + return (0); + if (bn_mul_mont(r->d, a->d, b->d, mont->N.d, mont->n0, num)) { + r->neg = a->neg^b->neg; + r->top = num; + bn_correct_top(r); + return (1); + } + } +#endif BN_CTX_start(ctx); - tmp = BN_CTX_get(ctx); - if (tmp == NULL) goto err; + if ((tmp = BN_CTX_get(ctx)) == NULL) + goto err; bn_check_top(tmp); - if (a == b) - { - if (!BN_sqr(tmp,a,ctx)) goto err; - } - else - { - if (!BN_mul(tmp,a,b,ctx)) goto err; - } + if (a == b) { + if (!BN_sqr(tmp, a, ctx)) + goto err; + } else { + if (!BN_mul(tmp, a,b, ctx)) + goto err; + } /* reduce from aRR to aR */ - if (!BN_from_montgomery(r,tmp,mont,ctx)) goto err; - ret=1; +#ifdef MONT_WORD + if (!BN_from_montgomery_word(r, tmp, mont)) + goto err; +#else + if (!BN_from_montgomery(r, tmp, mont, ctx)) + goto err; +#endif + bn_check_top(r); + ret = 1; err: BN_CTX_end(ctx); - return(ret); - } - -int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, - BN_CTX *ctx) - { - int retn=0; + return (ret); +} #ifdef MONT_WORD - BIGNUM *n,*r; - BN_ULONG *ap,*np,*rp,n0,v,*nrp; - int al,nl,max,i,x,ri; - - BN_CTX_start(ctx); - if ((r = BN_CTX_get(ctx)) == NULL) goto err; - - if (!BN_copy(r,a)) goto err; - n= &(mont->N); - - ap=a->d; - /* mont->ri is the size of mont->N in bits (rounded up - to the word size) */ - al=ri=mont->ri/BN_BITS2; - - nl=n->top; - if ((al == 0) || (nl == 0)) { r->top=0; return(1); } +static int +BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) +{ + BIGNUM *n; + BN_ULONG *ap, *np, *rp, n0, v, carry; + int nl, max, i; + + n = &(mont->N); + nl = n->top; + if (nl == 0) { + ret->top = 0; + return (1); + } - max=(nl+al+1); /* allow for overflow (no?) XXX */ - if (bn_wexpand(r,max) == NULL) goto err; - if (bn_wexpand(ret,max) == NULL) goto err; + max = (2 * nl); /* carry is stored separately */ + if (bn_wexpand(r, max) == NULL) + return (0); - r->neg=a->neg^n->neg; - np=n->d; - rp=r->d; - nrp= &(r->d[nl]); + r->neg ^= n->neg; + np = n->d; + rp = r->d; /* clear the top words of T */ #if 1 for (i=r->top; id[i]=0; + rp[i] = 0; #else - memset(&(r->d[r->top]),0,(max-r->top)*sizeof(BN_ULONG)); + memset(&(rp[r->top]), 0, (max - r->top) * sizeof(BN_ULONG)); #endif - r->top=max; - n0=mont->n0; + r->top = max; + n0 = mont->n0[0]; #ifdef BN_COUNT - fprintf(stderr,"word BN_from_montgomery %d * %d\n",nl,nl); -#endif - for (i=0; i= v) - continue; - else - { - if (((++nrp[0])&BN_MASK2) != 0) continue; - if (((++nrp[1])&BN_MASK2) != 0) continue; - for (x=2; (((++nrp[x])&BN_MASK2) == 0); x++) ; - } - } - bn_fix_top(r); - - /* mont->ri will be a multiple of the word size */ -#if 0 - BN_rshift(ret,r,mont->ri); -#else + for (carry = 0, i = 0; i < nl; i++, rp++) { + v = bn_mul_add_words(rp, np, nl, (rp[0] * n0) & BN_MASK2); + v = (v + carry + rp[nl]) & BN_MASK2; + carry |= (v != rp[nl]); + carry &= (v <= rp[nl]); + rp[nl] = v; + } + + if (bn_wexpand(ret, nl) == NULL) + return (0); + ret->top = nl; ret->neg = r->neg; - x=ri; - rp=ret->d; - ap= &(r->d[x]); - if (r->top < x) - al=0; - else - al=r->top-x; - ret->top=al; - al-=4; - for (i=0; id; + ap = &(r->d[nl]); + +#define BRANCH_FREE 1 +#if BRANCH_FREE + { + BN_ULONG *nrp; + size_t m; + + v = bn_sub_words(rp, ap, np, nl) - carry; + /* if subtraction result is real, then + * trick unconditional memcpy below to perform in-place + * "refresh" instead of actual copy. */ + m = (0 - (size_t)v); + nrp = (BN_ULONG *)(((uintptr_t)rp & ~m)|((uintptr_t)ap & m)); + + for (i = 0, nl -= 4; i < nl; i += 4) { + BN_ULONG t1, t2, t3, t4; + + t1 = nrp[i + 0]; + t2 = nrp[i + 1]; + t3 = nrp[i + 2]; + ap[i + 0] = 0; + t4 = nrp[i + 3]; + ap[i + 1] = 0; + rp[i + 0] = t1; + ap[i + 2] = 0; + rp[i + 1] = t2; + ap[i + 3] = 0; + rp[i + 2] = t3; + rp[i + 3] = t4; } - al+=4; - for (; iri); - - if (!BN_mul(t2,t1,&mont->Ni,ctx)) goto err; - BN_mask_bits(t2,mont->ri); - - if (!BN_mul(t1,t2,&mont->N,ctx)) goto err; - if (!BN_add(t2,a,t1)) goto err; - if (!BN_rshift(ret,t2,mont->ri)) goto err; -#endif /* MONT_WORD */ - - if (BN_ucmp(ret, &(mont->N)) >= 0) - { - if (!BN_usub(ret,ret,&(mont->N))) goto err; - } - retn=1; - err: + if ((t = BN_CTX_get(ctx)) && BN_copy(t, a)) + retn = BN_from_montgomery_word(ret, t, mont); BN_CTX_end(ctx); - return(retn); +#else /* !MONT_WORD */ + BIGNUM *t1, *t2; + + BN_CTX_start(ctx); + if ((t1 = BN_CTX_get(ctx)) == NULL) + goto err; + if ((t2 = BN_CTX_get(ctx)) == NULL) + goto err; + + if (!BN_copy(t1, a)) + goto err; + BN_mask_bits(t1, mont->ri); + + if (!BN_mul(t2, t1, &mont->Ni, ctx)) + goto err; + BN_mask_bits(t2, mont->ri); + + if (!BN_mul(t1, t2, &mont->N, ctx)) + goto err; + if (!BN_add(t2, a, t1)) + goto err; + if (!BN_rshift(ret, t2, mont->ri)) + goto err; + + if (BN_ucmp(ret, &(mont->N)) >= 0) { + if (!BN_usub(ret, ret, &(mont->N))) + goto err; } + retn = 1; + bn_check_top(ret); -BN_MONT_CTX *BN_MONT_CTX_new(void) - { +err: + BN_CTX_end(ctx); +#endif /* MONT_WORD */ + return (retn); +} + +BN_MONT_CTX * +BN_MONT_CTX_new(void) +{ BN_MONT_CTX *ret; - if ((ret=(BN_MONT_CTX *)OPENSSL_malloc(sizeof(BN_MONT_CTX))) == NULL) - return(NULL); + if ((ret = malloc(sizeof(BN_MONT_CTX))) == NULL) + return (NULL); BN_MONT_CTX_init(ret); - ret->flags=BN_FLG_MALLOCED; - return(ret); - } - -void BN_MONT_CTX_init(BN_MONT_CTX *ctx) - { - ctx->ri=0; + ret->flags = BN_FLG_MALLOCED; + return (ret); +} + +void +BN_MONT_CTX_init(BN_MONT_CTX *ctx) +{ + ctx->ri = 0; BN_init(&(ctx->RR)); BN_init(&(ctx->N)); BN_init(&(ctx->Ni)); - ctx->flags=0; - } - -void BN_MONT_CTX_free(BN_MONT_CTX *mont) - { - if(mont == NULL) - return; - - BN_free(&(mont->RR)); - BN_free(&(mont->N)); - BN_free(&(mont->Ni)); + ctx->n0[0] = ctx->n0[1] = 0; + ctx->flags = 0; +} + +void +BN_MONT_CTX_free(BN_MONT_CTX *mont) +{ + if (mont == NULL) + return; + + BN_clear_free(&(mont->RR)); + BN_clear_free(&(mont->N)); + BN_clear_free(&(mont->Ni)); if (mont->flags & BN_FLG_MALLOCED) - OPENSSL_free(mont); - } + free(mont); +} -int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) - { - BIGNUM Ri,*R; +int +BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) +{ + int ret = 0; + BIGNUM *Ri, *R; - BN_init(&Ri); - R= &(mont->RR); /* grab RR as a temp */ - BN_copy(&(mont->N),mod); /* Set N */ + BN_CTX_start(ctx); + if ((Ri = BN_CTX_get(ctx)) == NULL) + goto err; + R = &(mont->RR); /* grab RR as a temp */ + if (!BN_copy(&(mont->N), mod)) + goto err; /* Set N */ mont->N.neg = 0; #ifdef MONT_WORD - { + { BIGNUM tmod; BN_ULONG buf[2]; - mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2; - if (!(BN_zero(R))) goto err; - if (!(BN_set_bit(R,BN_BITS2))) goto err; /* R */ - - buf[0]=mod->d[0]; /* tmod = N mod word size */ - buf[1]=0; - tmod.d=buf; - tmod.top=1; - tmod.dmax=2; - tmod.neg=0; - /* Ri = R^-1 mod N*/ - if ((BN_mod_inverse(&Ri,R,&tmod,ctx)) == NULL) + BN_init(&tmod); + tmod.d = buf; + tmod.dmax = 2; + tmod.neg = 0; + + mont->ri = (BN_num_bits(mod) + + (BN_BITS2 - 1)) / BN_BITS2 * BN_BITS2; + +#if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32) + /* Only certain BN_BITS2<=32 platforms actually make use of + * n0[1], and we could use the #else case (with a shorter R + * value) for the others. However, currently only the assembler + * files do know which is which. */ + + BN_zero(R); + if (!(BN_set_bit(R, 2 * BN_BITS2))) goto err; - if (!BN_lshift(&Ri,&Ri,BN_BITS2)) goto err; /* R*Ri */ - if (!BN_is_zero(&Ri)) - { - if (!BN_sub_word(&Ri,1)) goto err; - } + + tmod.top = 0; + if ((buf[0] = mod->d[0])) + tmod.top = 1; + if ((buf[1] = mod->top > 1 ? mod->d[1] : 0)) + tmod.top = 2; + + if ((BN_mod_inverse_ct(Ri, R, &tmod, ctx)) == NULL) + goto err; + if (!BN_lshift(Ri, Ri, 2 * BN_BITS2)) + goto err; /* R*Ri */ + if (!BN_is_zero(Ri)) { + if (!BN_sub_word(Ri, 1)) + goto err; + } else /* if N mod word size == 1 */ - { - if (!BN_set_word(&Ri,BN_MASK2)) goto err; /* Ri-- (mod word size) */ - } - if (!BN_div(&Ri,NULL,&Ri,&tmod,ctx)) goto err; + { + if (bn_expand(Ri, (int)sizeof(BN_ULONG) * 2) == NULL) + goto err; + /* Ri-- (mod double word size) */ + Ri->neg = 0; + Ri->d[0] = BN_MASK2; + Ri->d[1] = BN_MASK2; + Ri->top = 2; + } + if (!BN_div_ct(Ri, NULL, Ri, &tmod, ctx)) + goto err; /* Ni = (R*Ri-1)/N, - * keep only least significant word: */ - mont->n0 = (Ri.top > 0) ? Ri.d[0] : 0; - BN_free(&Ri); + * keep only couple of least significant words: */ + mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0; + mont->n0[1] = (Ri->top > 1) ? Ri->d[1] : 0; +#else + BN_zero(R); + if (!(BN_set_bit(R, BN_BITS2))) + goto err; /* R */ + + buf[0] = mod->d[0]; /* tmod = N mod word size */ + buf[1] = 0; + tmod.top = buf[0] != 0 ? 1 : 0; + /* Ri = R^-1 mod N*/ + if ((BN_mod_inverse_ct(Ri, R, &tmod, ctx)) == NULL) + goto err; + if (!BN_lshift(Ri, Ri, BN_BITS2)) + goto err; /* R*Ri */ + if (!BN_is_zero(Ri)) { + if (!BN_sub_word(Ri, 1)) + goto err; + } + else /* if N mod word size == 1 */ + { + if (!BN_set_word(Ri, BN_MASK2)) + goto err; /* Ri-- (mod word size) */ } + if (!BN_div_ct(Ri, NULL, Ri, &tmod, ctx)) + goto err; + /* Ni = (R*Ri-1)/N, + * keep only least significant word: */ + mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0; + mont->n0[1] = 0; +#endif + } #else /* !MONT_WORD */ - { /* bignum version */ - mont->ri=BN_num_bits(&mont->N); - if (!BN_zero(R)) goto err; - if (!BN_set_bit(R,mont->ri)) goto err; /* R = 2^ri */ - /* Ri = R^-1 mod N*/ - if ((BN_mod_inverse(&Ri,R,&mont->N,ctx)) == NULL) + { /* bignum version */ + mont->ri = BN_num_bits(&mont->N); + BN_zero(R); + if (!BN_set_bit(R, mont->ri)) + goto err; /* R = 2^ri */ + /* Ri = R^-1 mod N*/ + if ((BN_mod_inverse_ct(Ri, R, &mont->N, ctx)) == NULL) goto err; - if (!BN_lshift(&Ri,&Ri,mont->ri)) goto err; /* R*Ri */ - if (!BN_sub_word(&Ri,1)) goto err; - /* Ni = (R*Ri-1) / N */ - if (!BN_div(&(mont->Ni),NULL,&Ri,&mont->N,ctx)) goto err; - BN_free(&Ri); - } + if (!BN_lshift(Ri, Ri, mont->ri)) + goto err; /* R*Ri */ + if (!BN_sub_word(Ri, 1)) + goto err; + /* Ni = (R*Ri-1) / N */ + if (!BN_div_ct(&(mont->Ni), NULL, Ri, &mont->N, ctx)) + goto err; + } #endif /* setup RR for conversions */ - if (!BN_zero(&(mont->RR))) goto err; - if (!BN_set_bit(&(mont->RR),mont->ri*2)) goto err; - if (!BN_mod(&(mont->RR),&(mont->RR),&(mont->N),ctx)) goto err; + BN_zero(&(mont->RR)); + if (!BN_set_bit(&(mont->RR), mont->ri*2)) + goto err; + if (!BN_mod_ct(&(mont->RR), &(mont->RR), &(mont->N), ctx)) + goto err; + + ret = 1; - return(1); err: - return(0); - } + BN_CTX_end(ctx); + return ret; +} + +BN_MONT_CTX * +BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from) +{ + if (to == from) + return (to); + + if (!BN_copy(&(to->RR), &(from->RR))) + return NULL; + if (!BN_copy(&(to->N), &(from->N))) + return NULL; + if (!BN_copy(&(to->Ni), &(from->Ni))) + return NULL; + to->ri = from->ri; + to->n0[0] = from->n0[0]; + to->n0[1] = from->n0[1]; + return (to); +} + +BN_MONT_CTX * +BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, const BIGNUM *mod, + BN_CTX *ctx) +{ + int got_write_lock = 0; + BN_MONT_CTX *ret; -BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from) - { - if (to == from) return(to); - - if (!BN_copy(&(to->RR),&(from->RR))) return NULL; - if (!BN_copy(&(to->N),&(from->N))) return NULL; - if (!BN_copy(&(to->Ni),&(from->Ni))) return NULL; - to->ri=from->ri; - to->n0=from->n0; - return(to); + CRYPTO_r_lock(lock); + if (!*pmont) { + CRYPTO_r_unlock(lock); + CRYPTO_w_lock(lock); + got_write_lock = 1; + + if (!*pmont) { + ret = BN_MONT_CTX_new(); + if (ret && !BN_MONT_CTX_set(ret, mod, ctx)) + BN_MONT_CTX_free(ret); + else + *pmont = ret; + } } + ret = *pmont; + + if (got_write_lock) + CRYPTO_w_unlock(lock); + else + CRYPTO_r_unlock(lock); + + return ret; +} diff --git a/src/lib/libcrypto/bn/bn_mpi.c b/src/lib/libcrypto/bn/bn_mpi.c index 05fa9d1e9a5..4801192b50d 100644 --- a/src/lib/libcrypto/bn/bn_mpi.c +++ b/src/lib/libcrypto/bn/bn_mpi.c @@ -1,25 +1,25 @@ -/* crypto/bn/bn_mpi.c */ +/* $OpenBSD: bn_mpi.c,v 1.8 2017/01/29 17:49:22 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,73 +57,76 @@ */ #include -#include "cryptlib.h" + +#include + #include "bn_lcl.h" -int BN_bn2mpi(const BIGNUM *a, unsigned char *d) - { +int +BN_bn2mpi(const BIGNUM *a, unsigned char *d) +{ int bits; - int num=0; - int ext=0; + int num = 0; + int ext = 0; long l; - bits=BN_num_bits(a); - num=(bits+7)/8; - if (bits > 0) - { - ext=((bits & 0x07) == 0); - } + bits = BN_num_bits(a); + num = (bits + 7) / 8; + if (bits > 0) { + ext = ((bits & 0x07) == 0); + } if (d == NULL) - return(num+4+ext); + return (num + 4 + ext); - l=num+ext; - d[0]=(unsigned char)(l>>24)&0xff; - d[1]=(unsigned char)(l>>16)&0xff; - d[2]=(unsigned char)(l>> 8)&0xff; - d[3]=(unsigned char)(l )&0xff; - if (ext) d[4]=0; - num=BN_bn2bin(a,&(d[4+ext])); + l = num + ext; + d[0] = (unsigned char)(l >> 24) & 0xff; + d[1] = (unsigned char)(l >> 16) & 0xff; + d[2] = (unsigned char)(l >> 8) & 0xff; + d[3] = (unsigned char)(l) & 0xff; + if (ext) + d[4] = 0; + num = BN_bn2bin(a, &(d[4 + ext])); if (a->neg) - d[4]|=0x80; - return(num+4+ext); - } + d[4] |= 0x80; + return (num + 4 + ext); +} -BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *a) - { +BIGNUM * +BN_mpi2bn(const unsigned char *d, int n, BIGNUM *a) +{ long len; - int neg=0; + int neg = 0; - if (n < 4) - { - BNerr(BN_F_BN_MPI2BN,BN_R_INVALID_LENGTH); - return(NULL); - } - len=((long)d[0]<<24)|((long)d[1]<<16)|((int)d[2]<<8)|(int)d[3]; - if ((len+4) != n) - { - BNerr(BN_F_BN_MPI2BN,BN_R_ENCODING_ERROR); - return(NULL); - } + if (n < 4) { + BNerror(BN_R_INVALID_LENGTH); + return (NULL); + } + len = ((long)d[0] << 24) | ((long)d[1] << 16) | ((int)d[2] << 8) | + (int)d[3]; + if ((len + 4) != n) { + BNerror(BN_R_ENCODING_ERROR); + return (NULL); + } - if (a == NULL) a=BN_new(); - if (a == NULL) return(NULL); + if (a == NULL) + a = BN_new(); + if (a == NULL) + return (NULL); - if (len == 0) - { - a->neg=0; - a->top=0; - return(a); - } - d+=4; + if (len == 0) { + a->neg = 0; + a->top = 0; + return (a); + } + d += 4; if ((*d) & 0x80) - neg=1; - if (BN_bin2bn(d,(int)len,a) == NULL) - return(NULL); - a->neg=neg; - if (neg) - { - BN_clear_bit(a,BN_num_bits(a)-1); - } - return(a); + neg = 1; + if (BN_bin2bn(d, (int)len, a) == NULL) + return (NULL); + a->neg = neg; + if (neg) { + BN_clear_bit(a, BN_num_bits(a) - 1); } - + bn_check_top(a); + return (a); +} diff --git a/src/lib/libcrypto/bn/bn_mul.c b/src/lib/libcrypto/bn/bn_mul.c index fd598b8b3d6..7794d597077 100644 --- a/src/lib/libcrypto/bn/bn_mul.c +++ b/src/lib/libcrypto/bn/bn_mul.c @@ -1,25 +1,25 @@ -/* crypto/bn/bn_mul.c */ +/* $OpenBSD: bn_mul.c,v 1.20 2015/02/09 15:49:22 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -61,12 +61,15 @@ # define NDEBUG #endif -#include #include -#include "cryptlib.h" +#include +#include + +#include + #include "bn_lcl.h" -#if defined(OPENSSL_NO_ASM) || !(defined(__i386) || defined(__i386__))/* Assembler implementation exists only for x86 */ +#if defined(OPENSSL_NO_ASM) || !defined(OPENSSL_BN_ASM_PART_WORDS) /* Here follows specialised variants of bn_add_words() and bn_sub_words(). They have the property performing operations on arrays of different sizes. The sizes of those arrays is expressed through @@ -77,10 +80,10 @@ These functions should probably end up in bn_asm.c as soon as there are assembler counterparts for the systems that use assembler files. */ -BN_ULONG bn_sub_part_words(BN_ULONG *r, - const BN_ULONG *a, const BN_ULONG *b, - int cl, int dl) - { +BN_ULONG +bn_sub_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int cl, + int dl) +{ BN_ULONG c, t; assert(cl >= 0); @@ -93,121 +96,142 @@ BN_ULONG bn_sub_part_words(BN_ULONG *r, a += cl; b += cl; - if (dl < 0) - { + if (dl < 0) { #ifdef BN_COUNT - fprintf(stderr, " bn_sub_part_words %d + %d (dl < 0, c = %d)\n", cl, dl, c); + fprintf(stderr, + " bn_sub_part_words %d + %d (dl < 0, c = %d)\n", + cl, dl, c); #endif - for (;;) - { + for (;;) { t = b[0]; - r[0] = (0-t-c)&BN_MASK2; - if (t != 0) c=1; - if (++dl >= 0) break; + r[0] = (0 - t - c) & BN_MASK2; + if (t != 0) + c = 1; + if (++dl >= 0) + break; t = b[1]; - r[1] = (0-t-c)&BN_MASK2; - if (t != 0) c=1; - if (++dl >= 0) break; + r[1] = (0 - t - c) & BN_MASK2; + if (t != 0) + c = 1; + if (++dl >= 0) + break; t = b[2]; - r[2] = (0-t-c)&BN_MASK2; - if (t != 0) c=1; - if (++dl >= 0) break; + r[2] = (0 - t - c) & BN_MASK2; + if (t != 0) + c = 1; + if (++dl >= 0) + break; t = b[3]; - r[3] = (0-t-c)&BN_MASK2; - if (t != 0) c=1; - if (++dl >= 0) break; + r[3] = (0 - t - c) & BN_MASK2; + if (t != 0) + c = 1; + if (++dl >= 0) + break; b += 4; r += 4; - } } - else - { + } else { int save_dl = dl; #ifdef BN_COUNT - fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, c = %d)\n", cl, dl, c); + fprintf(stderr, + " bn_sub_part_words %d + %d (dl > 0, c = %d)\n", + cl, dl, c); #endif - while(c) - { + while (c) { t = a[0]; - r[0] = (t-c)&BN_MASK2; - if (t != 0) c=0; - if (--dl <= 0) break; + r[0] = (t - c) & BN_MASK2; + if (t != 0) + c = 0; + if (--dl <= 0) + break; t = a[1]; - r[1] = (t-c)&BN_MASK2; - if (t != 0) c=0; - if (--dl <= 0) break; + r[1] = (t - c) & BN_MASK2; + if (t != 0) + c = 0; + if (--dl <= 0) + break; t = a[2]; - r[2] = (t-c)&BN_MASK2; - if (t != 0) c=0; - if (--dl <= 0) break; + r[2] = (t - c) & BN_MASK2; + if (t != 0) + c = 0; + if (--dl <= 0) + break; t = a[3]; - r[3] = (t-c)&BN_MASK2; - if (t != 0) c=0; - if (--dl <= 0) break; + r[3] = (t - c) & BN_MASK2; + if (t != 0) + c = 0; + if (--dl <= 0) + break; save_dl = dl; a += 4; r += 4; - } - if (dl > 0) - { + } + if (dl > 0) { #ifdef BN_COUNT - fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, c == 0)\n", cl, dl); + fprintf(stderr, + " bn_sub_part_words %d + %d (dl > 0, c == 0)\n", + cl, dl); #endif - if (save_dl > dl) - { - switch (save_dl - dl) - { + if (save_dl > dl) { + switch (save_dl - dl) { case 1: r[1] = a[1]; - if (--dl <= 0) break; + if (--dl <= 0) + break; case 2: r[2] = a[2]; - if (--dl <= 0) break; + if (--dl <= 0) + break; case 3: r[3] = a[3]; - if (--dl <= 0) break; - } + if (--dl <= 0) + break; + } a += 4; r += 4; - } } - if (dl > 0) - { + } + if (dl > 0) { #ifdef BN_COUNT - fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, copy)\n", cl, dl); + fprintf(stderr, + " bn_sub_part_words %d + %d (dl > 0, copy)\n", + cl, dl); #endif - for(;;) - { + for (;;) { r[0] = a[0]; - if (--dl <= 0) break; + if (--dl <= 0) + break; r[1] = a[1]; - if (--dl <= 0) break; + if (--dl <= 0) + break; r[2] = a[2]; - if (--dl <= 0) break; + if (--dl <= 0) + break; r[3] = a[3]; - if (--dl <= 0) break; + if (--dl <= 0) + break; a += 4; r += 4; - } } } - return c; } + return c; +} #endif -BN_ULONG bn_add_part_words(BN_ULONG *r, - const BN_ULONG *a, const BN_ULONG *b, - int cl, int dl) - { +BN_ULONG +bn_add_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int cl, + int dl) +{ BN_ULONG c, l, t; assert(cl >= 0); @@ -220,160 +244,177 @@ BN_ULONG bn_add_part_words(BN_ULONG *r, a += cl; b += cl; - if (dl < 0) - { + if (dl < 0) { int save_dl = dl; #ifdef BN_COUNT - fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, c = %d)\n", cl, dl, c); + fprintf(stderr, + " bn_add_part_words %d + %d (dl < 0, c = %d)\n", + cl, dl, c); #endif - while (c) - { - l=(c+b[0])&BN_MASK2; - c=(l < c); - r[0]=l; - if (++dl >= 0) break; - - l=(c+b[1])&BN_MASK2; - c=(l < c); - r[1]=l; - if (++dl >= 0) break; - - l=(c+b[2])&BN_MASK2; - c=(l < c); - r[2]=l; - if (++dl >= 0) break; - - l=(c+b[3])&BN_MASK2; - c=(l < c); - r[3]=l; - if (++dl >= 0) break; + while (c) { + l = (c + b[0]) & BN_MASK2; + c = (l < c); + r[0] = l; + if (++dl >= 0) + break; + + l = (c + b[1]) & BN_MASK2; + c = (l < c); + r[1] = l; + if (++dl >= 0) + break; + + l = (c + b[2]) & BN_MASK2; + c = (l < c); + r[2] = l; + if (++dl >= 0) + break; + + l = (c + b[3]) & BN_MASK2; + c = (l < c); + r[3] = l; + if (++dl >= 0) + break; save_dl = dl; - b+=4; - r+=4; - } - if (dl < 0) - { + b += 4; + r += 4; + } + if (dl < 0) { #ifdef BN_COUNT - fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, c == 0)\n", cl, dl); + fprintf(stderr, + " bn_add_part_words %d + %d (dl < 0, c == 0)\n", + cl, dl); #endif - if (save_dl < dl) - { - switch (dl - save_dl) - { + if (save_dl < dl) { + switch (dl - save_dl) { case 1: r[1] = b[1]; - if (++dl >= 0) break; + if (++dl >= 0) + break; case 2: r[2] = b[2]; - if (++dl >= 0) break; + if (++dl >= 0) + break; case 3: r[3] = b[3]; - if (++dl >= 0) break; - } + if (++dl >= 0) + break; + } b += 4; r += 4; - } } - if (dl < 0) - { + } + if (dl < 0) { #ifdef BN_COUNT - fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, copy)\n", cl, dl); + fprintf(stderr, + " bn_add_part_words %d + %d (dl < 0, copy)\n", + cl, dl); #endif - for(;;) - { + for (;;) { r[0] = b[0]; - if (++dl >= 0) break; + if (++dl >= 0) + break; r[1] = b[1]; - if (++dl >= 0) break; + if (++dl >= 0) + break; r[2] = b[2]; - if (++dl >= 0) break; + if (++dl >= 0) + break; r[3] = b[3]; - if (++dl >= 0) break; + if (++dl >= 0) + break; b += 4; r += 4; - } } } - else - { + } else { int save_dl = dl; #ifdef BN_COUNT - fprintf(stderr, " bn_add_part_words %d + %d (dl > 0)\n", cl, dl); + fprintf(stderr, + " bn_add_part_words %d + %d (dl > 0)\n", cl, dl); #endif - while (c) - { - t=(a[0]+c)&BN_MASK2; - c=(t < c); - r[0]=t; - if (--dl <= 0) break; - - t=(a[1]+c)&BN_MASK2; - c=(t < c); - r[1]=t; - if (--dl <= 0) break; - - t=(a[2]+c)&BN_MASK2; - c=(t < c); - r[2]=t; - if (--dl <= 0) break; - - t=(a[3]+c)&BN_MASK2; - c=(t < c); - r[3]=t; - if (--dl <= 0) break; + while (c) { + t = (a[0] + c) & BN_MASK2; + c = (t < c); + r[0] = t; + if (--dl <= 0) + break; + + t = (a[1] + c) & BN_MASK2; + c = (t < c); + r[1] = t; + if (--dl <= 0) + break; + + t = (a[2] + c) & BN_MASK2; + c = (t < c); + r[2] = t; + if (--dl <= 0) + break; + + t = (a[3] + c) & BN_MASK2; + c = (t < c); + r[3] = t; + if (--dl <= 0) + break; save_dl = dl; - a+=4; - r+=4; - } + a += 4; + r += 4; + } #ifdef BN_COUNT - fprintf(stderr, " bn_add_part_words %d + %d (dl > 0, c == 0)\n", cl, dl); + fprintf(stderr, + " bn_add_part_words %d + %d (dl > 0, c == 0)\n", cl, dl); #endif - if (dl > 0) - { - if (save_dl > dl) - { - switch (save_dl - dl) - { + if (dl > 0) { + if (save_dl > dl) { + switch (save_dl - dl) { case 1: r[1] = a[1]; - if (--dl <= 0) break; + if (--dl <= 0) + break; case 2: r[2] = a[2]; - if (--dl <= 0) break; + if (--dl <= 0) + break; case 3: r[3] = a[3]; - if (--dl <= 0) break; - } + if (--dl <= 0) + break; + } a += 4; r += 4; - } } - if (dl > 0) - { + } + if (dl > 0) { #ifdef BN_COUNT - fprintf(stderr, " bn_add_part_words %d + %d (dl > 0, copy)\n", cl, dl); + fprintf(stderr, + " bn_add_part_words %d + %d (dl > 0, copy)\n", + cl, dl); #endif - for(;;) - { + for (;;) { r[0] = a[0]; - if (--dl <= 0) break; + if (--dl <= 0) + break; r[1] = a[1]; - if (--dl <= 0) break; + if (--dl <= 0) + break; r[2] = a[2]; - if (--dl <= 0) break; + if (--dl <= 0) + break; r[3] = a[3]; - if (--dl <= 0) break; + if (--dl <= 0) + break; a += 4; r += 4; - } } } - return c; } + return c; +} #ifdef BN_RECURSION /* Karatsuba recursive multiplication algorithm @@ -389,434 +430,407 @@ BN_ULONG bn_add_part_words(BN_ULONG *r, * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0]) * a[1]*b[1] */ -void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, - int dna, int dnb, BN_ULONG *t) - { - int n=n2/2,c1,c2; - int tna=n+dna, tnb=n+dnb; - unsigned int neg,zero; - BN_ULONG ln,lo,*p; +/* dnX may not be positive, but n2/2+dnX has to be */ +void +bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, int dna, + int dnb, BN_ULONG *t) +{ + int n = n2 / 2, c1, c2; + int tna = n + dna, tnb = n + dnb; + unsigned int neg, zero; + BN_ULONG ln, lo, *p; # ifdef BN_COUNT - fprintf(stderr," bn_mul_recursive %d * %d\n",n2,n2); + fprintf(stderr, " bn_mul_recursive %d%+d * %d%+d\n",n2,dna,n2,dnb); # endif # ifdef BN_MUL_COMBA # if 0 - if (n2 == 4) - { - bn_mul_comba4(r,a,b); + if (n2 == 4) { + bn_mul_comba4(r, a, b); return; - } + } # endif /* Only call bn_mul_comba 8 if n2 == 8 and the * two arrays are complete [steve] */ - if (n2 == 8 && dna == 0 && dnb == 0) - { - bn_mul_comba8(r,a,b); - return; - } + if (n2 == 8 && dna == 0 && dnb == 0) { + bn_mul_comba8(r, a, b); + return; + } # endif /* BN_MUL_COMBA */ /* Else do normal multiply */ - if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL) - { - bn_mul_normal(r,a,n2+dna,b,n2+dnb); + if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL) { + bn_mul_normal(r, a, n2 + dna, b, n2 + dnb); if ((dna + dnb) < 0) memset(&r[2*n2 + dna + dnb], 0, - sizeof(BN_ULONG) * -(dna + dnb)); + sizeof(BN_ULONG) * -(dna + dnb)); return; - } + } /* r=(a[0]-a[1])*(b[1]-b[0]) */ - c1=bn_cmp_part_words(a,&(a[n]),tna,n-tna); - c2=bn_cmp_part_words(&(b[n]),b,tnb,tnb-n); - zero=neg=0; - switch (c1*3+c2) - { + c1 = bn_cmp_part_words(a, &(a[n]), tna, n - tna); + c2 = bn_cmp_part_words(&(b[n]), b,tnb, tnb - n); + zero = neg = 0; + switch (c1 * 3 + c2) { case -4: - bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */ - bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */ + bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */ + bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */ break; case -3: - zero=1; + zero = 1; break; case -2: - bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */ - bn_sub_part_words(&(t[n]),&(b[n]),b, tnb,tnb-n); /* + */ - neg=1; + bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */ + bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n); /* + */ + neg = 1; break; case -1: case 0: case 1: - zero=1; + zero = 1; break; case 2: - bn_sub_part_words(t, a, &(a[n]),tna,n-tna); /* + */ - bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */ - neg=1; + bn_sub_part_words(t, a, &(a[n]), tna, n - tna); /* + */ + bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */ + neg = 1; break; case 3: - zero=1; + zero = 1; break; case 4: - bn_sub_part_words(t, a, &(a[n]),tna,n-tna); - bn_sub_part_words(&(t[n]),&(b[n]),b, tnb,tnb-n); + bn_sub_part_words(t, a, &(a[n]), tna, n - tna); + bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n); break; - } + } # ifdef BN_MUL_COMBA if (n == 4 && dna == 0 && dnb == 0) /* XXX: bn_mul_comba4 could take extra args to do this well */ - { + { if (!zero) - bn_mul_comba4(&(t[n2]),t,&(t[n])); + bn_mul_comba4(&(t[n2]), t, &(t[n])); else - memset(&(t[n2]),0,8*sizeof(BN_ULONG)); - - bn_mul_comba4(r,a,b); - bn_mul_comba4(&(r[n2]),&(a[n]),&(b[n])); - } - else if (n == 8 && dna == 0 && dnb == 0) /* XXX: bn_mul_comba8 could + memset(&(t[n2]), 0, 8 * sizeof(BN_ULONG)); + + bn_mul_comba4(r, a, b); + bn_mul_comba4(&(r[n2]), &(a[n]), &(b[n])); + } else if (n == 8 && dna == 0 && dnb == 0) /* XXX: bn_mul_comba8 could take extra args to do this well */ - { + { if (!zero) - bn_mul_comba8(&(t[n2]),t,&(t[n])); + bn_mul_comba8(&(t[n2]), t, &(t[n])); else - memset(&(t[n2]),0,16*sizeof(BN_ULONG)); - - bn_mul_comba8(r,a,b); - bn_mul_comba8(&(r[n2]),&(a[n]),&(b[n])); - } - else + memset(&(t[n2]), 0, 16 * sizeof(BN_ULONG)); + + bn_mul_comba8(r, a, b); + bn_mul_comba8(&(r[n2]), &(a[n]), &(b[n])); + } else # endif /* BN_MUL_COMBA */ - { - p= &(t[n2*2]); + { + p = &(t[n2 * 2]); if (!zero) - bn_mul_recursive(&(t[n2]),t,&(t[n]),n,0,0,p); + bn_mul_recursive(&(t[n2]), t, &(t[n]), n, 0, 0, p); else - memset(&(t[n2]),0,n2*sizeof(BN_ULONG)); - bn_mul_recursive(r,a,b,n,0,0,p); - bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),n,dna,dnb,p); - } + memset(&(t[n2]), 0, n2 * sizeof(BN_ULONG)); + bn_mul_recursive(r, a, b, n, 0, 0, p); + bn_mul_recursive(&(r[n2]), &(a[n]), &(b[n]), n, dna, dnb, p); + } /* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign * r[10] holds (a[0]*b[0]) * r[32] holds (b[1]*b[1]) */ - c1=(int)(bn_add_words(t,r,&(r[n2]),n2)); + c1 = (int)(bn_add_words(t, r, &(r[n2]), n2)); if (neg) /* if t[32] is negative */ - { - c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2)); - } - else - { + { + c1 -= (int)(bn_sub_words(&(t[n2]), t, &(t[n2]), n2)); + } else { /* Might have a carry */ - c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),t,n2)); - } + c1 += (int)(bn_add_words(&(t[n2]), &(t[n2]), t, n2)); + } /* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1]) * r[10] holds (a[0]*b[0]) * r[32] holds (b[1]*b[1]) * c1 holds the carry bits */ - c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2)); - if (c1) - { - p= &(r[n+n2]); + c1 += (int)(bn_add_words(&(r[n]), &(r[n]), &(t[n2]), n2)); + if (c1) { + p = &(r[n + n2]); lo= *p; - ln=(lo+c1)&BN_MASK2; - *p=ln; + ln = (lo + c1) & BN_MASK2; + *p = ln; /* The overflow will stop before we over write * words we should not overwrite */ - if (ln < (BN_ULONG)c1) - { - do { + if (ln < (BN_ULONG)c1) { + do { p++; lo= *p; - ln=(lo+1)&BN_MASK2; - *p=ln; - } while (ln == 0); - } + ln = (lo + 1) & BN_MASK2; + *p = ln; + } while (ln == 0); } } +} /* n+tn is the word length * t needs to be n*4 is size, as does r */ -void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, - int tna, int tnb, BN_ULONG *t) - { - int i,j,n2=n*2; - unsigned int c1,c2,neg,zero; - BN_ULONG ln,lo,*p; +/* tnX may not be negative but less than n */ +void +bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, int tna, + int tnb, BN_ULONG *t) +{ + int i, j, n2 = n * 2; + int c1, c2, neg; + BN_ULONG ln, lo, *p; # ifdef BN_COUNT - fprintf(stderr," bn_mul_part_recursive (%d+%d) * (%d+%d)\n", - tna, n, tnb, n); + fprintf(stderr, " bn_mul_part_recursive (%d%+d) * (%d%+d)\n", + n, tna, n, tnb); # endif - if (n < 8) - { - bn_mul_normal(r,a,n+tna,b,n+tnb); + if (n < 8) { + bn_mul_normal(r, a, n + tna, b, n + tnb); return; - } + } /* r=(a[0]-a[1])*(b[1]-b[0]) */ - c1=bn_cmp_part_words(a,&(a[n]),tna,n-tna); - c2=bn_cmp_part_words(&(b[n]),b,tnb,tnb-n); - zero=neg=0; - switch (c1*3+c2) - { + c1 = bn_cmp_part_words(a, &(a[n]), tna, n - tna); + c2 = bn_cmp_part_words(&(b[n]), b, tnb, tnb - n); + neg = 0; + switch (c1 * 3 + c2) { case -4: - bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */ - bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */ + bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */ + bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */ break; case -3: - zero=1; /* break; */ case -2: - bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */ - bn_sub_part_words(&(t[n]),&(b[n]),b, tnb,tnb-n); /* + */ - neg=1; + bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */ + bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n); /* + */ + neg = 1; break; case -1: case 0: case 1: - zero=1; /* break; */ case 2: - bn_sub_part_words(t, a, &(a[n]),tna,n-tna); /* + */ - bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */ - neg=1; + bn_sub_part_words(t, a, &(a[n]), tna, n - tna); /* + */ + bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */ + neg = 1; break; case 3: - zero=1; /* break; */ case 4: - bn_sub_part_words(t, a, &(a[n]),tna,n-tna); - bn_sub_part_words(&(t[n]),&(b[n]),b, tnb,tnb-n); + bn_sub_part_words(t, a, &(a[n]), tna, n - tna); + bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n); break; - } + } /* The zero case isn't yet implemented here. The speedup would probably be negligible. */ # if 0 - if (n == 4) - { - bn_mul_comba4(&(t[n2]),t,&(t[n])); - bn_mul_comba4(r,a,b); - bn_mul_normal(&(r[n2]),&(a[n]),tn,&(b[n]),tn); - memset(&(r[n2+tn*2]),0,sizeof(BN_ULONG)*(n2-tn*2)); - } - else + if (n == 4) { + bn_mul_comba4(&(t[n2]), t, &(t[n])); + bn_mul_comba4(r, a, b); + bn_mul_normal(&(r[n2]), &(a[n]), tn, &(b[n]), tn); + memset(&(r[n2 + tn * 2]), 0, sizeof(BN_ULONG) * (n2 - tn * 2)); + } else # endif - if (n == 8) - { - bn_mul_comba8(&(t[n2]),t,&(t[n])); - bn_mul_comba8(r,a,b); - bn_mul_normal(&(r[n2]),&(a[n]),tna,&(b[n]),tnb); - memset(&(r[n2+tna+tnb]),0,sizeof(BN_ULONG)*(n2-tna-tnb)); - } - else - { - p= &(t[n2*2]); - bn_mul_recursive(&(t[n2]),t,&(t[n]),n,0,0,p); - bn_mul_recursive(r,a,b,n,0,0,p); - i=n/2; + if (n == 8) { + bn_mul_comba8(&(t[n2]), t, &(t[n])); + bn_mul_comba8(r, a, b); + bn_mul_normal(&(r[n2]), &(a[n]), tna, &(b[n]), tnb); + memset(&(r[n2 + tna + tnb]), 0, + sizeof(BN_ULONG) * (n2 - tna - tnb)); + } else { + p = &(t[n2*2]); + bn_mul_recursive(&(t[n2]), t, &(t[n]), n, 0, 0, p); + bn_mul_recursive(r, a, b, n, 0, 0, p); + i = n / 2; /* If there is only a bottom half to the number, * just do it */ if (tna > tnb) j = tna - i; else j = tnb - i; - if (j == 0) - { - bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]), - i,tna-i,tnb-i,p); - memset(&(r[n2+i*2]),0,sizeof(BN_ULONG)*(n2-i*2)); - } + if (j == 0) { + bn_mul_recursive(&(r[n2]), &(a[n]), &(b[n]), + i, tna - i, tnb - i, p); + memset(&(r[n2 + i * 2]), 0, + sizeof(BN_ULONG) * (n2 - i * 2)); + } else if (j > 0) /* eg, n == 16, i == 8 and tn == 11 */ - { - bn_mul_part_recursive(&(r[n2]),&(a[n]),&(b[n]), - i,tna-i,tnb-i,p); - memset(&(r[n2+tna+tnb]),0, - sizeof(BN_ULONG)*(n2-tna-tnb)); - } + { + bn_mul_part_recursive(&(r[n2]), &(a[n]), &(b[n]), + i, tna - i, tnb - i, p); + memset(&(r[n2 + tna + tnb]), 0, + sizeof(BN_ULONG) * (n2 - tna - tnb)); + } else /* (j < 0) eg, n == 16, i == 8 and tn == 5 */ - { - memset(&(r[n2]),0,sizeof(BN_ULONG)*n2); - if (tna < BN_MUL_RECURSIVE_SIZE_NORMAL - && tnb < BN_MUL_RECURSIVE_SIZE_NORMAL) - { - bn_mul_normal(&(r[n2]),&(a[n]),tna,&(b[n]),tnb); - } - else - { - for (;;) - { - i/=2; - if (i < tna && i < tnb) - { + { + memset(&(r[n2]), 0, sizeof(BN_ULONG) * n2); + if (tna < BN_MUL_RECURSIVE_SIZE_NORMAL && + tnb < BN_MUL_RECURSIVE_SIZE_NORMAL) { + bn_mul_normal(&(r[n2]), &(a[n]), tna, + &(b[n]), tnb); + } else { + for (;;) { + i /= 2; + /* these simplified conditions work + * exclusively because difference + * between tna and tnb is 1 or 0 */ + if (i < tna || i < tnb) { bn_mul_part_recursive(&(r[n2]), - &(a[n]),&(b[n]), - i,tna-i,tnb-i,p); + &(a[n]), &(b[n]), i, + tna - i, tnb - i, p); break; - } - else if (i <= tna && i <= tnb) - { + } else if (i == tna || i == tnb) { bn_mul_recursive(&(r[n2]), - &(a[n]),&(b[n]), - i,tna-i,tnb-i,p); + &(a[n]), &(b[n]), i, + tna - i, tnb - i, p); break; - } } } } } + } /* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign * r[10] holds (a[0]*b[0]) * r[32] holds (b[1]*b[1]) */ - c1=(int)(bn_add_words(t,r,&(r[n2]),n2)); + c1 = (int)(bn_add_words(t, r,&(r[n2]), n2)); if (neg) /* if t[32] is negative */ - { - c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2)); - } - else - { + { + c1 -= (int)(bn_sub_words(&(t[n2]), t,&(t[n2]), n2)); + } else { /* Might have a carry */ - c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),t,n2)); - } + c1 += (int)(bn_add_words(&(t[n2]), &(t[n2]), t, n2)); + } /* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1]) * r[10] holds (a[0]*b[0]) * r[32] holds (b[1]*b[1]) * c1 holds the carry bits */ - c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2)); - if (c1) - { - p= &(r[n+n2]); + c1 += (int)(bn_add_words(&(r[n]), &(r[n]), &(t[n2]), n2)); + if (c1) { + p = &(r[n + n2]); lo= *p; - ln=(lo+c1)&BN_MASK2; - *p=ln; + ln = (lo + c1)&BN_MASK2; + *p = ln; /* The overflow will stop before we over write * words we should not overwrite */ - if (ln < c1) - { - do { + if (ln < (BN_ULONG)c1) { + do { p++; lo= *p; - ln=(lo+1)&BN_MASK2; - *p=ln; - } while (ln == 0); - } + ln = (lo + 1) & BN_MASK2; + *p = ln; + } while (ln == 0); } } +} /* a and b must be the same size, which is n2. * r needs to be n2 words and t needs to be n2*2 */ -void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, - BN_ULONG *t) - { - int n=n2/2; +void +bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, BN_ULONG *t) +{ + int n = n2 / 2; # ifdef BN_COUNT - fprintf(stderr," bn_mul_low_recursive %d * %d\n",n2,n2); + fprintf(stderr, " bn_mul_low_recursive %d * %d\n",n2,n2); # endif - bn_mul_recursive(r,a,b,n,0,0,&(t[0])); - if (n >= BN_MUL_LOW_RECURSIVE_SIZE_NORMAL) - { - bn_mul_low_recursive(&(t[0]),&(a[0]),&(b[n]),n,&(t[n2])); - bn_add_words(&(r[n]),&(r[n]),&(t[0]),n); - bn_mul_low_recursive(&(t[0]),&(a[n]),&(b[0]),n,&(t[n2])); - bn_add_words(&(r[n]),&(r[n]),&(t[0]),n); - } - else - { - bn_mul_low_normal(&(t[0]),&(a[0]),&(b[n]),n); - bn_mul_low_normal(&(t[n]),&(a[n]),&(b[0]),n); - bn_add_words(&(r[n]),&(r[n]),&(t[0]),n); - bn_add_words(&(r[n]),&(r[n]),&(t[n]),n); - } + bn_mul_recursive(r, a, b, n, 0, 0, &(t[0])); + if (n >= BN_MUL_LOW_RECURSIVE_SIZE_NORMAL) { + bn_mul_low_recursive(&(t[0]), &(a[0]), &(b[n]), n, &(t[n2])); + bn_add_words(&(r[n]), &(r[n]), &(t[0]), n); + bn_mul_low_recursive(&(t[0]), &(a[n]), &(b[0]), n, &(t[n2])); + bn_add_words(&(r[n]), &(r[n]), &(t[0]), n); + } else { + bn_mul_low_normal(&(t[0]), &(a[0]), &(b[n]), n); + bn_mul_low_normal(&(t[n]), &(a[n]), &(b[0]), n); + bn_add_words(&(r[n]), &(r[n]), &(t[0]), n); + bn_add_words(&(r[n]), &(r[n]), &(t[n]), n); } +} /* a and b must be the same size, which is n2. * r needs to be n2 words and t needs to be n2*2 * l is the low words of the output. * t needs to be n2*3 */ -void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2, - BN_ULONG *t) - { - int i,n; - int c1,c2; - int neg,oneg,zero; - BN_ULONG ll,lc,*lp,*mp; +void +bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2, + BN_ULONG *t) +{ + int i, n; + int c1, c2; + int neg, oneg, zero; + BN_ULONG ll, lc, *lp, *mp; # ifdef BN_COUNT - fprintf(stderr," bn_mul_high %d * %d\n",n2,n2); + fprintf(stderr, " bn_mul_high %d * %d\n",n2,n2); # endif - n=n2/2; + n = n2 / 2; /* Calculate (al-ah)*(bh-bl) */ - neg=zero=0; - c1=bn_cmp_words(&(a[0]),&(a[n]),n); - c2=bn_cmp_words(&(b[n]),&(b[0]),n); - switch (c1*3+c2) - { + neg = zero = 0; + c1 = bn_cmp_words(&(a[0]), &(a[n]), n); + c2 = bn_cmp_words(&(b[n]), &(b[0]), n); + switch (c1 * 3 + c2) { case -4: - bn_sub_words(&(r[0]),&(a[n]),&(a[0]),n); - bn_sub_words(&(r[n]),&(b[0]),&(b[n]),n); + bn_sub_words(&(r[0]), &(a[n]), &(a[0]), n); + bn_sub_words(&(r[n]), &(b[0]), &(b[n]), n); break; case -3: - zero=1; + zero = 1; break; case -2: - bn_sub_words(&(r[0]),&(a[n]),&(a[0]),n); - bn_sub_words(&(r[n]),&(b[n]),&(b[0]),n); - neg=1; + bn_sub_words(&(r[0]), &(a[n]), &(a[0]), n); + bn_sub_words(&(r[n]), &(b[n]), &(b[0]), n); + neg = 1; break; case -1: case 0: case 1: - zero=1; + zero = 1; break; case 2: - bn_sub_words(&(r[0]),&(a[0]),&(a[n]),n); - bn_sub_words(&(r[n]),&(b[0]),&(b[n]),n); - neg=1; + bn_sub_words(&(r[0]), &(a[0]), &(a[n]), n); + bn_sub_words(&(r[n]), &(b[0]), &(b[n]), n); + neg = 1; break; case 3: - zero=1; + zero = 1; break; case 4: - bn_sub_words(&(r[0]),&(a[0]),&(a[n]),n); - bn_sub_words(&(r[n]),&(b[n]),&(b[0]),n); + bn_sub_words(&(r[0]), &(a[0]), &(a[n]), n); + bn_sub_words(&(r[n]), &(b[n]), &(b[0]), n); break; - } - - oneg=neg; + } + + oneg = neg; /* t[10] = (a[0]-a[1])*(b[1]-b[0]) */ /* r[10] = (a[1]*b[1]) */ # ifdef BN_MUL_COMBA - if (n == 8) - { - bn_mul_comba8(&(t[0]),&(r[0]),&(r[n])); - bn_mul_comba8(r,&(a[n]),&(b[n])); - } - else + if (n == 8) { + bn_mul_comba8(&(t[0]), &(r[0]), &(r[n])); + bn_mul_comba8(r, &(a[n]), &(b[n])); + } else # endif - { - bn_mul_recursive(&(t[0]),&(r[0]),&(r[n]),n,0,0,&(t[n2])); - bn_mul_recursive(r,&(a[n]),&(b[n]),n,0,0,&(t[n2])); - } + { + bn_mul_recursive(&(t[0]), &(r[0]), &(r[n]), n, 0, 0, &(t[n2])); + bn_mul_recursive(r, &(a[n]), &(b[n]), n, 0, 0, &(t[n2])); + } /* s0 == low(al*bl) * s1 == low(ah*bh)+low((al-ah)*(bh-bl))+low(al*bl)+high(al*bl) @@ -824,36 +838,29 @@ void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2, * high(al*bl) == s1 - low(ah*bh+s0+(al-ah)*(bh-bl)) * high(al*bl) == s1 - (r[0]+l[0]+t[0]) */ - if (l != NULL) - { - lp= &(t[n2+n]); - c1=(int)(bn_add_words(lp,&(r[0]),&(l[0]),n)); - } - else - { - c1=0; - lp= &(r[0]); - } + if (l != NULL) { + lp = &(t[n2 + n]); + c1 = (int)(bn_add_words(lp, &(r[0]), &(l[0]), n)); + } else { + c1 = 0; + lp = &(r[0]); + } if (neg) - neg=(int)(bn_sub_words(&(t[n2]),lp,&(t[0]),n)); - else - { - bn_add_words(&(t[n2]),lp,&(t[0]),n); - neg=0; - } + neg = (int)(bn_sub_words(&(t[n2]), lp, &(t[0]), n)); + else { + bn_add_words(&(t[n2]), lp, &(t[0]), n); + neg = 0; + } - if (l != NULL) - { - bn_sub_words(&(t[n2+n]),&(l[n]),&(t[n2]),n); - } - else - { - lp= &(t[n2+n]); - mp= &(t[n2]); - for (i=0; i 0) - { - lc=c1; - do { - ll=(r[i]+lc)&BN_MASK2; - r[i++]=ll; - lc=(lc > ll); - } while (lc); - } - else - { - lc= -c1; - do { - ll=r[i]; - r[i++]=(ll-lc)&BN_MASK2; - lc=(lc > ll); - } while (lc); - } + { + i = 0; + if (c1 > 0) { + lc = c1; + do { + ll = (r[i] + lc) & BN_MASK2; + r[i++] = ll; + lc = (lc > ll); + } while (lc); + } else { + lc = -c1; + do { + ll = r[i]; + r[i++] = (ll - lc) & BN_MASK2; + lc = (lc > ll); + } while (lc); } + } if (c2 != 0) /* Add starting at r[1] */ - { - i=n; - if (c2 > 0) - { - lc=c2; - do { - ll=(r[i]+lc)&BN_MASK2; - r[i++]=ll; - lc=(lc > ll); - } while (lc); - } - else - { - lc= -c2; - do { - ll=r[i]; - r[i++]=(ll-lc)&BN_MASK2; - lc=(lc > ll); - } while (lc); - } + { + i = n; + if (c2 > 0) { + lc = c2; + do { + ll = (r[i] + lc) & BN_MASK2; + r[i++] = ll; + lc = (lc > ll); + } while (lc); + } else { + lc = -c2; + do { + ll = r[i]; + r[i++] = (ll - lc) & BN_MASK2; + lc = (lc > ll); + } while (lc); } } +} #endif /* BN_RECURSION */ -int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) - { - int ret=0; - int top,al,bl; +int +BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) +{ + int ret = 0; + int top, al, bl; BIGNUM *rr; #if defined(BN_MUL_COMBA) || defined(BN_RECURSION) int i; #endif #ifdef BN_RECURSION - BIGNUM *t=NULL; - int j=0,k; + BIGNUM *t = NULL; + int j = 0, k; #endif #ifdef BN_COUNT - fprintf(stderr,"BN_mul %d * %d\n",a->top,b->top); + fprintf(stderr, "BN_mul %d * %d\n",a->top,b->top); #endif bn_check_top(a); bn_check_top(b); bn_check_top(r); - al=a->top; - bl=b->top; + al = a->top; + bl = b->top; - if ((al == 0) || (bl == 0)) - { - if (!BN_zero(r)) goto err; - return(1); - } - top=al+bl; + if ((al == 0) || (bl == 0)) { + BN_zero(r); + return (1); + } + top = al + bl; BN_CTX_start(ctx); - if ((r == a) || (r == b)) - { - if ((rr = BN_CTX_get(ctx)) == NULL) goto err; - } - else + if ((r == a) || (r == b)) { + if ((rr = BN_CTX_get(ctx)) == NULL) + goto err; + } else rr = r; - rr->neg=a->neg^b->neg; + rr->neg = a->neg ^ b->neg; #if defined(BN_MUL_COMBA) || defined(BN_RECURSION) - i = al-bl; + i = al - bl; #endif #ifdef BN_MUL_COMBA - if (i == 0) - { + if (i == 0) { # if 0 - if (al == 4) - { - if (bn_wexpand(rr,8) == NULL) goto err; - rr->top=8; - bn_mul_comba4(rr->d,a->d,b->d); + if (al == 4) { + if (bn_wexpand(rr, 8) == NULL) + goto err; + rr->top = 8; + bn_mul_comba4(rr->d, a->d, b->d); goto end; - } + } # endif - if (al == 8) - { - if (bn_wexpand(rr,16) == NULL) goto err; - rr->top=16; - bn_mul_comba8(rr->d,a->d,b->d); + if (al == 8) { + if (bn_wexpand(rr, 16) == NULL) + goto err; + rr->top = 16; + bn_mul_comba8(rr->d, a->d, b->d); goto end; - } } + } #endif /* BN_MUL_COMBA */ #ifdef BN_RECURSION - if ((al >= BN_MULL_SIZE_NORMAL) && (bl >= BN_MULL_SIZE_NORMAL)) - { - if (i >= -1 && i <= 1) - { - int sav_j =0; + if ((al >= BN_MULL_SIZE_NORMAL) && (bl >= BN_MULL_SIZE_NORMAL)) { + if (i >= -1 && i <= 1) { /* Find out the power of two lower or equal to the longest of the two numbers */ - if (i >= 0) - { + if (i >= 0) { j = BN_num_bits_word((BN_ULONG)al); - } - if (i == -1) - { + } + if (i == -1) { j = BN_num_bits_word((BN_ULONG)bl); - } - sav_j = j; - j = 1<<(j-1); + } + j = 1 << (j - 1); assert(j <= al || j <= bl); - k = j+j; - t = BN_CTX_get(ctx); - if (al > j || bl > j) - { - bn_wexpand(t,k*4); - bn_wexpand(rr,k*4); - bn_mul_part_recursive(rr->d,a->d,b->d, - j,al-j,bl-j,t->d); - } + k = j + j; + if ((t = BN_CTX_get(ctx)) == NULL) + goto err; + if (al > j || bl > j) { + if (bn_wexpand(t, k * 4) == NULL) + goto err; + if (bn_wexpand(rr, k * 4) == NULL) + goto err; + bn_mul_part_recursive(rr->d, a->d, b->d, + j, al - j, bl - j, t->d); + } else /* al <= j || bl <= j */ - { - bn_wexpand(t,k*2); - bn_wexpand(rr,k*2); - bn_mul_recursive(rr->d,a->d,b->d, - j,al-j,bl-j,t->d); - } - rr->top=top; - goto end; + { + if (bn_wexpand(t, k * 2) == NULL) + goto err; + if (bn_wexpand(rr, k * 2) == NULL) + goto err; + bn_mul_recursive(rr->d, a->d, b->d, + j, al - j, bl - j, t->d); } + rr->top = top; + goto end; + } #if 0 - if (i == 1 && !BN_get_flags(b,BN_FLG_STATIC_DATA)) - { + if (i == 1 && !BN_get_flags(b, BN_FLG_STATIC_DATA)) { BIGNUM *tmp_bn = (BIGNUM *)b; - if (bn_wexpand(tmp_bn,al) == NULL) goto err; - tmp_bn->d[bl]=0; + if (bn_wexpand(tmp_bn, al) == NULL) + goto err; + tmp_bn->d[bl] = 0; bl++; i--; - } - else if (i == -1 && !BN_get_flags(a,BN_FLG_STATIC_DATA)) - { + } else if (i == -1 && !BN_get_flags(a, BN_FLG_STATIC_DATA)) { BIGNUM *tmp_bn = (BIGNUM *)a; - if (bn_wexpand(tmp_bn,bl) == NULL) goto err; - tmp_bn->d[al]=0; + if (bn_wexpand(tmp_bn, bl) == NULL) + goto err; + tmp_bn->d[al] = 0; al++; i++; - } - if (i == 0) - { + } + if (i == 0) { /* symmetric and > 4 */ /* 16 or larger */ - j=BN_num_bits_word((BN_ULONG)al); - j=1<<(j-1); - k=j+j; - t = BN_CTX_get(ctx); + j = BN_num_bits_word((BN_ULONG)al); + j = 1 << (j - 1); + k = j + j; + if ((t = BN_CTX_get(ctx)) == NULL) + goto err; if (al == j) /* exact multiple */ - { - if (bn_wexpand(t,k*2) == NULL) goto err; - if (bn_wexpand(rr,k*2) == NULL) goto err; - bn_mul_recursive(rr->d,a->d,b->d,al,t->d); - } - else - { - if (bn_wexpand(t,k*4) == NULL) goto err; - if (bn_wexpand(rr,k*4) == NULL) goto err; - bn_mul_part_recursive(rr->d,a->d,b->d,al-j,j,t->d); - } - rr->top=top; - goto end; + { + if (bn_wexpand(t, k * 2) == NULL) + goto err; + if (bn_wexpand(rr, k * 2) == NULL) + goto err; + bn_mul_recursive(rr->d, a->d, b->d, al, t->d); + } else { + if (bn_wexpand(t, k * 4) == NULL) + goto err; + if (bn_wexpand(rr, k * 4) == NULL) + goto err; + bn_mul_part_recursive(rr->d, a->d, b->d, + al - j, j, t->d); } -#endif + rr->top = top; + goto end; } +#endif + } #endif /* BN_RECURSION */ - if (bn_wexpand(rr,top) == NULL) goto err; - rr->top=top; - bn_mul_normal(rr->d,a->d,al,b->d,bl); + if (bn_wexpand(rr, top) == NULL) + goto err; + rr->top = top; + bn_mul_normal(rr->d, a->d, al, b->d, bl); #if defined(BN_MUL_COMBA) || defined(BN_RECURSION) end: #endif - bn_fix_top(rr); - if (r != rr) BN_copy(r,rr); - ret=1; + bn_correct_top(rr); + if (r != rr) + BN_copy(r, rr); + ret = 1; err: + bn_check_top(r); BN_CTX_end(ctx); - return(ret); - } + return (ret); +} -void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb) - { +void +bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb) +{ BN_ULONG *rr; #ifdef BN_COUNT - fprintf(stderr," bn_mul_normal %d * %d\n",na,nb); + fprintf(stderr, " bn_mul_normal %d * %d\n", na, nb); #endif - if (na < nb) - { + if (na < nb) { int itmp; BN_ULONG *ltmp; - itmp=na; na=nb; nb=itmp; - ltmp=a; a=b; b=ltmp; + itmp = na; + na = nb; + nb = itmp; + ltmp = a; + a = b; + b = ltmp; - } - rr= &(r[na]); - if (nb <= 0) - { - (void)bn_mul_words(r,a,na,0); + } + rr = &(r[na]); + if (nb <= 0) { + (void)bn_mul_words(r, a, na, 0); return; - } - else - rr[0]=bn_mul_words(r,a,na,b[0]); - - for (;;) - { - if (--nb <= 0) return; - rr[1]=bn_mul_add_words(&(r[1]),a,na,b[1]); - if (--nb <= 0) return; - rr[2]=bn_mul_add_words(&(r[2]),a,na,b[2]); - if (--nb <= 0) return; - rr[3]=bn_mul_add_words(&(r[3]),a,na,b[3]); - if (--nb <= 0) return; - rr[4]=bn_mul_add_words(&(r[4]),a,na,b[4]); - rr+=4; - r+=4; - b+=4; - } + } else + rr[0] = bn_mul_words(r, a, na, b[0]); + + for (;;) { + if (--nb <= 0) + return; + rr[1] = bn_mul_add_words(&(r[1]), a, na, b[1]); + if (--nb <= 0) + return; + rr[2] = bn_mul_add_words(&(r[2]), a, na, b[2]); + if (--nb <= 0) + return; + rr[3] = bn_mul_add_words(&(r[3]), a, na, b[3]); + if (--nb <= 0) + return; + rr[4] = bn_mul_add_words(&(r[4]), a, na, b[4]); + rr += 4; + r += 4; + b += 4; } +} -void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) - { +void +bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) +{ #ifdef BN_COUNT - fprintf(stderr," bn_mul_low_normal %d * %d\n",n,n); + fprintf(stderr, " bn_mul_low_normal %d * %d\n", n, n); #endif - bn_mul_words(r,a,n,b[0]); - - for (;;) - { - if (--n <= 0) return; - bn_mul_add_words(&(r[1]),a,n,b[1]); - if (--n <= 0) return; - bn_mul_add_words(&(r[2]),a,n,b[2]); - if (--n <= 0) return; - bn_mul_add_words(&(r[3]),a,n,b[3]); - if (--n <= 0) return; - bn_mul_add_words(&(r[4]),a,n,b[4]); - r+=4; - b+=4; - } + bn_mul_words(r, a, n, b[0]); + + for (;;) { + if (--n <= 0) + return; + bn_mul_add_words(&(r[1]), a, n, b[1]); + if (--n <= 0) + return; + bn_mul_add_words(&(r[2]), a, n, b[2]); + if (--n <= 0) + return; + bn_mul_add_words(&(r[3]), a, n, b[3]); + if (--n <= 0) + return; + bn_mul_add_words(&(r[4]), a, n, b[4]); + r += 4; + b += 4; } +} diff --git a/src/lib/libcrypto/bn/bn_nist.c b/src/lib/libcrypto/bn/bn_nist.c new file mode 100644 index 00000000000..b16584d6b97 --- /dev/null +++ b/src/lib/libcrypto/bn/bn_nist.c @@ -0,0 +1,1273 @@ +/* $OpenBSD: bn_nist.c,v 1.18 2016/07/18 01:04:52 bcook Exp $ */ +/* + * Written by Nils Larsch for the OpenSSL project + */ +/* ==================================================================== + * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include + +#include +#include + +#include "bn_lcl.h" + +#define BN_NIST_192_TOP (192+BN_BITS2-1)/BN_BITS2 +#define BN_NIST_224_TOP (224+BN_BITS2-1)/BN_BITS2 +#define BN_NIST_256_TOP (256+BN_BITS2-1)/BN_BITS2 +#define BN_NIST_384_TOP (384+BN_BITS2-1)/BN_BITS2 +#define BN_NIST_521_TOP (521+BN_BITS2-1)/BN_BITS2 + +/* pre-computed tables are "carry-less" values of modulus*(i+1) */ +#if BN_BITS2 == 64 +static const BN_ULONG _nist_p_192[][BN_NIST_192_TOP] = { + {0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFEULL, 0xFFFFFFFFFFFFFFFFULL}, + {0xFFFFFFFFFFFFFFFEULL, 0xFFFFFFFFFFFFFFFDULL, 0xFFFFFFFFFFFFFFFFULL}, + {0xFFFFFFFFFFFFFFFDULL, 0xFFFFFFFFFFFFFFFCULL, 0xFFFFFFFFFFFFFFFFULL} +}; +static const BN_ULONG _nist_p_192_sqr[] = { + 0x0000000000000001ULL, 0x0000000000000002ULL, 0x0000000000000001ULL, + 0xFFFFFFFFFFFFFFFEULL, 0xFFFFFFFFFFFFFFFDULL, 0xFFFFFFFFFFFFFFFFULL +}; +static const BN_ULONG _nist_p_224[][BN_NIST_224_TOP] = { + { + 0x0000000000000001ULL, 0xFFFFFFFF00000000ULL, + 0xFFFFFFFFFFFFFFFFULL, 0x00000000FFFFFFFFULL + }, + { + 0x0000000000000002ULL, 0xFFFFFFFE00000000ULL, + 0xFFFFFFFFFFFFFFFFULL, 0x00000001FFFFFFFFULL + } /* this one is "carry-full" */ +}; +static const BN_ULONG _nist_p_224_sqr[] = { + 0x0000000000000001ULL, 0xFFFFFFFE00000000ULL, + 0xFFFFFFFFFFFFFFFFULL, 0x0000000200000000ULL, + 0x0000000000000000ULL, 0xFFFFFFFFFFFFFFFEULL, + 0xFFFFFFFFFFFFFFFFULL +}; +static const BN_ULONG _nist_p_256[][BN_NIST_256_TOP] = { + { + 0xFFFFFFFFFFFFFFFFULL, 0x00000000FFFFFFFFULL, + 0x0000000000000000ULL, 0xFFFFFFFF00000001ULL + }, + { + 0xFFFFFFFFFFFFFFFEULL, 0x00000001FFFFFFFFULL, + 0x0000000000000000ULL, 0xFFFFFFFE00000002ULL + }, + { + 0xFFFFFFFFFFFFFFFDULL, 0x00000002FFFFFFFFULL, + 0x0000000000000000ULL, 0xFFFFFFFD00000003ULL + }, + { + 0xFFFFFFFFFFFFFFFCULL, 0x00000003FFFFFFFFULL, + 0x0000000000000000ULL, 0xFFFFFFFC00000004ULL + }, + { + 0xFFFFFFFFFFFFFFFBULL, 0x00000004FFFFFFFFULL, + 0x0000000000000000ULL, 0xFFFFFFFB00000005ULL + }, +}; +static const BN_ULONG _nist_p_256_sqr[] = { + 0x0000000000000001ULL, 0xFFFFFFFE00000000ULL, + 0xFFFFFFFFFFFFFFFFULL, 0x00000001FFFFFFFEULL, + 0x00000001FFFFFFFEULL, 0x00000001FFFFFFFEULL, + 0xFFFFFFFE00000001ULL, 0xFFFFFFFE00000002ULL +}; +static const BN_ULONG _nist_p_384[][BN_NIST_384_TOP] = { + { + 0x00000000FFFFFFFFULL, 0xFFFFFFFF00000000ULL, + 0xFFFFFFFFFFFFFFFEULL, 0xFFFFFFFFFFFFFFFFULL, + 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL + }, + { + 0x00000001FFFFFFFEULL, 0xFFFFFFFE00000000ULL, + 0xFFFFFFFFFFFFFFFDULL, 0xFFFFFFFFFFFFFFFFULL, + 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL + }, + { + 0x00000002FFFFFFFDULL, 0xFFFFFFFD00000000ULL, + 0xFFFFFFFFFFFFFFFCULL, 0xFFFFFFFFFFFFFFFFULL, + 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL + }, + { + 0x00000003FFFFFFFCULL, 0xFFFFFFFC00000000ULL, + 0xFFFFFFFFFFFFFFFBULL, 0xFFFFFFFFFFFFFFFFULL, + 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL + }, + { + 0x00000004FFFFFFFBULL, 0xFFFFFFFB00000000ULL, + 0xFFFFFFFFFFFFFFFAULL, 0xFFFFFFFFFFFFFFFFULL, + 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL + }, +}; +static const BN_ULONG _nist_p_384_sqr[] = { + 0xFFFFFFFE00000001ULL, 0x0000000200000000ULL, 0xFFFFFFFE00000000ULL, + 0x0000000200000000ULL, 0x0000000000000001ULL, 0x0000000000000000ULL, + 0x00000001FFFFFFFEULL, 0xFFFFFFFE00000000ULL, 0xFFFFFFFFFFFFFFFDULL, + 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL +}; +static const BN_ULONG _nist_p_521[] = { + 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, + 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, + 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0x00000000000001FFULL +}; +static const BN_ULONG _nist_p_521_sqr[] = { + 0x0000000000000001ULL, 0x0000000000000000ULL, 0x0000000000000000ULL, + 0x0000000000000000ULL, 0x0000000000000000ULL, 0x0000000000000000ULL, + 0x0000000000000000ULL, 0x0000000000000000ULL, 0xFFFFFFFFFFFFFC00ULL, + 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, + 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, + 0xFFFFFFFFFFFFFFFFULL, 0x000000000003FFFFULL +}; +#elif BN_BITS2 == 32 +static const BN_ULONG _nist_p_192[][BN_NIST_192_TOP] = { + { + 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFE, 0xFFFFFFFF, + 0xFFFFFFFF, 0xFFFFFFFF + }, + { + 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFD, 0xFFFFFFFF, + 0xFFFFFFFF, 0xFFFFFFFF + }, + { + 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFC, 0xFFFFFFFF, + 0xFFFFFFFF, 0xFFFFFFFF + } +}; +static const BN_ULONG _nist_p_192_sqr[] = { + 0x00000001, 0x00000000, 0x00000002, 0x00000000, 0x00000001, 0x00000000, + 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF +}; +static const BN_ULONG _nist_p_224[][BN_NIST_224_TOP] = { + { + 0x00000001, 0x00000000, 0x00000000, 0xFFFFFFFF, + 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF + }, + { + 0x00000002, 0x00000000, 0x00000000, 0xFFFFFFFE, + 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF + } +}; +static const BN_ULONG _nist_p_224_sqr[] = { + 0x00000001, 0x00000000, 0x00000000, 0xFFFFFFFE, + 0xFFFFFFFF, 0xFFFFFFFF, 0x00000000, 0x00000002, + 0x00000000, 0x00000000, 0xFFFFFFFE, 0xFFFFFFFF, + 0xFFFFFFFF, 0xFFFFFFFF +}; +static const BN_ULONG _nist_p_256[][BN_NIST_256_TOP] = { + { + 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000000, + 0x00000000, 0x00000000, 0x00000001, 0xFFFFFFFF + }, + { + 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000001, + 0x00000000, 0x00000000, 0x00000002, 0xFFFFFFFE + }, + { + 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000002, + 0x00000000, 0x00000000, 0x00000003, 0xFFFFFFFD + }, + { + 0xFFFFFFFC, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000003, + 0x00000000, 0x00000000, 0x00000004, 0xFFFFFFFC + }, + { + 0xFFFFFFFB, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000004, + 0x00000000, 0x00000000, 0x00000005, 0xFFFFFFFB + }, +}; +static const BN_ULONG _nist_p_256_sqr[] = { + 0x00000001, 0x00000000, 0x00000000, 0xFFFFFFFE, + 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFE, 0x00000001, + 0xFFFFFFFE, 0x00000001, 0xFFFFFFFE, 0x00000001, + 0x00000001, 0xFFFFFFFE, 0x00000002, 0xFFFFFFFE +}; +static const BN_ULONG _nist_p_384[][BN_NIST_384_TOP] = { + { + 0xFFFFFFFF, 0x00000000, 0x00000000, 0xFFFFFFFF, + 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, + 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF + }, + { + 0xFFFFFFFE, 0x00000001, 0x00000000, 0xFFFFFFFE, + 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, + 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF + }, + { + 0xFFFFFFFD, 0x00000002, 0x00000000, 0xFFFFFFFD, + 0xFFFFFFFC, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, + 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF + }, + { + 0xFFFFFFFC, 0x00000003, 0x00000000, 0xFFFFFFFC, + 0xFFFFFFFB, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, + 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF + }, + { + 0xFFFFFFFB, 0x00000004, 0x00000000, 0xFFFFFFFB, + 0xFFFFFFFA, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, + 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF + }, +}; +static const BN_ULONG _nist_p_384_sqr[] = { + 0x00000001, 0xFFFFFFFE, 0x00000000, 0x00000002, 0x00000000, 0xFFFFFFFE, + 0x00000000, 0x00000002, 0x00000001, 0x00000000, 0x00000000, 0x00000000, + 0xFFFFFFFE, 0x00000001, 0x00000000, 0xFFFFFFFE, 0xFFFFFFFD, 0xFFFFFFFF, + 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF +}; +static const BN_ULONG _nist_p_521[] = { + 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, + 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, + 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, + 0xFFFFFFFF, 0x000001FF +}; +static const BN_ULONG _nist_p_521_sqr[] = { + 0x00000001, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, + 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, + 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0xFFFFFC00, 0xFFFFFFFF, + 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, + 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, + 0xFFFFFFFF, 0xFFFFFFFF, 0x0003FFFF +}; +#else +#error "unsupported BN_BITS2" +#endif + +static const BIGNUM _bignum_nist_p_192 = { + (BN_ULONG *)_nist_p_192[0], + BN_NIST_192_TOP, + BN_NIST_192_TOP, + 0, + BN_FLG_STATIC_DATA +}; + +static const BIGNUM _bignum_nist_p_224 = { + (BN_ULONG *)_nist_p_224[0], + BN_NIST_224_TOP, + BN_NIST_224_TOP, + 0, + BN_FLG_STATIC_DATA +}; + +static const BIGNUM _bignum_nist_p_256 = { + (BN_ULONG *)_nist_p_256[0], + BN_NIST_256_TOP, + BN_NIST_256_TOP, + 0, + BN_FLG_STATIC_DATA +}; + +static const BIGNUM _bignum_nist_p_384 = { + (BN_ULONG *)_nist_p_384[0], + BN_NIST_384_TOP, + BN_NIST_384_TOP, + 0, + BN_FLG_STATIC_DATA +}; + +static const BIGNUM _bignum_nist_p_521 = { + (BN_ULONG *)_nist_p_521, + BN_NIST_521_TOP, + BN_NIST_521_TOP, + 0, + BN_FLG_STATIC_DATA +}; + + +const BIGNUM * +BN_get0_nist_prime_192(void) +{ + return &_bignum_nist_p_192; +} + +const BIGNUM * +BN_get0_nist_prime_224(void) +{ + return &_bignum_nist_p_224; +} + +const BIGNUM * +BN_get0_nist_prime_256(void) +{ + return &_bignum_nist_p_256; +} + +const BIGNUM * +BN_get0_nist_prime_384(void) +{ + return &_bignum_nist_p_384; +} + +const BIGNUM * +BN_get0_nist_prime_521(void) +{ + return &_bignum_nist_p_521; +} + +static void +nist_cp_bn_0(BN_ULONG *dst, const BN_ULONG *src, int top, int max) +{ + int i; + +#ifdef BN_DEBUG + OPENSSL_assert(top <= max); +#endif + for (i = 0; i < top; i++) + dst[i] = src[i]; + for (; i < max; i++) + dst[i] = 0; +} + +static void nist_cp_bn(BN_ULONG *dst, const BN_ULONG *src, int top) +{ + int i; + + for (i = 0; i < top; i++) + dst[i] = src[i]; +} + +#if BN_BITS2 == 64 +#define bn_cp_64(to, n, from, m) (to)[n] = (m>=0)?((from)[m]):0; +#define bn_64_set_0(to, n) (to)[n] = (BN_ULONG)0; +/* + * two following macros are implemented under assumption that they + * are called in a sequence with *ascending* n, i.e. as they are... + */ +#define bn_cp_32_naked(to, n, from, m) (((n)&1)?(to[(n)/2]|=((m)&1)?(from[(m)/2]&BN_MASK2h):(from[(m)/2]<<32))\ + :(to[(n)/2] =((m)&1)?(from[(m)/2]>>32):(from[(m)/2]&BN_MASK2l))) +#define bn_32_set_0(to, n) (((n)&1)?(to[(n)/2]&=BN_MASK2l):(to[(n)/2]=0)); +#define bn_cp_32(to,n,from,m) ((m)>=0)?bn_cp_32_naked(to,n,from,m):bn_32_set_0(to,n) +# if BYTE_ORDER == LITTLE_ENDIAN +# if defined(_LP64) +# define NIST_INT64 long +# else +# define NIST_INT64 long long +# endif +# endif +#else +#define bn_cp_64(to, n, from, m) \ + { \ + bn_cp_32(to, (n)*2, from, (m)*2); \ + bn_cp_32(to, (n)*2+1, from, (m)*2+1); \ + } +#define bn_64_set_0(to, n) \ + { \ + bn_32_set_0(to, (n)*2); \ + bn_32_set_0(to, (n)*2+1); \ + } +#define bn_cp_32(to, n, from, m) (to)[n] = (m>=0)?((from)[m]):0; +#define bn_32_set_0(to, n) (to)[n] = (BN_ULONG)0; +# if defined(BN_LLONG) +# define NIST_INT64 long long +# endif +#endif /* BN_BITS2 != 64 */ + +#define nist_set_192(to, from, a1, a2, a3) \ + { \ + bn_cp_64(to, 0, from, (a3) - 3) \ + bn_cp_64(to, 1, from, (a2) - 3) \ + bn_cp_64(to, 2, from, (a1) - 3) \ + } + +int +BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx) +{ + int top = a->top, i; + int carry; + BN_ULONG *r_d, *a_d = a->d; + union { + BN_ULONG bn[BN_NIST_192_TOP]; + unsigned int ui[BN_NIST_192_TOP * + sizeof(BN_ULONG) / sizeof(unsigned int)]; + } buf; + BN_ULONG c_d[BN_NIST_192_TOP], *res; + uintptr_t mask; + static const BIGNUM _bignum_nist_p_192_sqr = { + (BN_ULONG *)_nist_p_192_sqr, + sizeof(_nist_p_192_sqr) / sizeof(_nist_p_192_sqr[0]), + sizeof(_nist_p_192_sqr) / sizeof(_nist_p_192_sqr[0]), + 0, + BN_FLG_STATIC_DATA + }; + + field = &_bignum_nist_p_192; /* just to make sure */ + + if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_192_sqr) >= 0) + return BN_nnmod(r, a, field, ctx); + + i = BN_ucmp(field, a); + if (i == 0) { + BN_zero(r); + return 1; + } else if (i > 0) + return (r == a) ? 1 : (BN_copy(r , a) != NULL); + + if (r != a) { + if (!bn_wexpand(r, BN_NIST_192_TOP)) + return 0; + r_d = r->d; + nist_cp_bn(r_d, a_d, BN_NIST_192_TOP); + } else + r_d = a_d; + + nist_cp_bn_0(buf.bn, a_d + BN_NIST_192_TOP, top - BN_NIST_192_TOP, + BN_NIST_192_TOP); + +#if defined(NIST_INT64) + { + NIST_INT64 acc; /* accumulator */ + unsigned int *rp = (unsigned int *)r_d; + const unsigned int *bp = (const unsigned int *)buf.ui; + + acc = rp[0]; + acc += bp[3 * 2 - 6]; + acc += bp[5 * 2 - 6]; + rp[0] = (unsigned int)acc; + acc >>= 32; + + acc += rp[1]; + acc += bp[3 * 2 - 5]; + acc += bp[5 * 2 - 5]; + rp[1] = (unsigned int)acc; + acc >>= 32; + + acc += rp[2]; + acc += bp[3 * 2 - 6]; + acc += bp[4 * 2 - 6]; + acc += bp[5 * 2 - 6]; + rp[2] = (unsigned int)acc; + acc >>= 32; + + acc += rp[3]; + acc += bp[3 * 2 - 5]; + acc += bp[4 * 2 - 5]; + acc += bp[5 * 2 - 5]; + rp[3] = (unsigned int)acc; + acc >>= 32; + + acc += rp[4]; + acc += bp[4 * 2 - 6]; + acc += bp[5 * 2 - 6]; + rp[4] = (unsigned int)acc; + acc >>= 32; + + acc += rp[5]; + acc += bp[4 * 2 - 5]; + acc += bp[5 * 2 - 5]; + rp[5] = (unsigned int)acc; + + carry = (int)(acc >> 32); + } +#else + { + BN_ULONG t_d[BN_NIST_192_TOP] = {0}; + + nist_set_192(t_d, buf.bn, 0, 3, 3); + carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP); + nist_set_192(t_d, buf.bn, 4, 4, 0); + carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP); + nist_set_192(t_d, buf.bn, 5, 5, 5) + carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP); + } +#endif + if (carry > 0) + carry = (int)bn_sub_words(r_d, r_d, _nist_p_192[carry - 1], + BN_NIST_192_TOP); + else + carry = 1; + + /* + * we need 'if (carry==0 || result>=modulus) result-=modulus;' + * as comparison implies subtraction, we can write + * 'tmp=result-modulus; if (!carry || !borrow) result=tmp;' + * this is what happens below, but without explicit if:-) a. + */ + mask = 0 - (uintptr_t)bn_sub_words(c_d, r_d, _nist_p_192[0], + BN_NIST_192_TOP); + mask &= 0 - (uintptr_t)carry; + res = c_d; + res = (BN_ULONG *)(((uintptr_t)res & ~mask) | ((uintptr_t)r_d & mask)); + nist_cp_bn(r_d, res, BN_NIST_192_TOP); + r->top = BN_NIST_192_TOP; + bn_correct_top(r); + + return 1; +} + +typedef BN_ULONG (*bn_addsub_f)(BN_ULONG *, const BN_ULONG *, + const BN_ULONG *, int); + +#define nist_set_224(to, from, a1, a2, a3, a4, a5, a6, a7) \ + { \ + bn_cp_32(to, 0, from, (a7) - 7) \ + bn_cp_32(to, 1, from, (a6) - 7) \ + bn_cp_32(to, 2, from, (a5) - 7) \ + bn_cp_32(to, 3, from, (a4) - 7) \ + bn_cp_32(to, 4, from, (a3) - 7) \ + bn_cp_32(to, 5, from, (a2) - 7) \ + bn_cp_32(to, 6, from, (a1) - 7) \ + } + +int +BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx) +{ + int top = a->top, i; + int carry; + BN_ULONG *r_d, *a_d = a->d; + union { + BN_ULONG bn[BN_NIST_224_TOP]; + unsigned int ui[BN_NIST_224_TOP * + sizeof(BN_ULONG) / sizeof(unsigned int)]; + } buf; + BN_ULONG c_d[BN_NIST_224_TOP], *res; + uintptr_t mask; + union { + bn_addsub_f f; + uintptr_t p; + } u; + static const BIGNUM _bignum_nist_p_224_sqr = { + (BN_ULONG *)_nist_p_224_sqr, + sizeof(_nist_p_224_sqr) / sizeof(_nist_p_224_sqr[0]), + sizeof(_nist_p_224_sqr) / sizeof(_nist_p_224_sqr[0]), + 0, + BN_FLG_STATIC_DATA + }; + + field = &_bignum_nist_p_224; /* just to make sure */ + + if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_224_sqr) >= 0) + return BN_nnmod(r, a, field, ctx); + + i = BN_ucmp(field, a); + if (i == 0) { + BN_zero(r); + return 1; + } else if (i > 0) + return (r == a) ? 1 : (BN_copy(r, a) != NULL); + + if (r != a) { + if (!bn_wexpand(r, BN_NIST_224_TOP)) + return 0; + r_d = r->d; + nist_cp_bn(r_d, a_d, BN_NIST_224_TOP); + } else + r_d = a_d; + + memset(&buf, 0, sizeof(buf)); + +#if BN_BITS2==64 + /* copy upper 256 bits of 448 bit number ... */ + nist_cp_bn_0(c_d, a_d + (BN_NIST_224_TOP - 1), + top - (BN_NIST_224_TOP - 1), BN_NIST_224_TOP); + /* ... and right shift by 32 to obtain upper 224 bits */ + nist_set_224(buf.bn, c_d, 14, 13, 12, 11, 10, 9, 8); + /* truncate lower part to 224 bits too */ + r_d[BN_NIST_224_TOP - 1] &= BN_MASK2l; +#else + nist_cp_bn_0(buf.bn, a_d + BN_NIST_224_TOP, + top - BN_NIST_224_TOP, BN_NIST_224_TOP); +#endif + +#if defined(NIST_INT64) && BN_BITS2!=64 + { + NIST_INT64 acc; /* accumulator */ + unsigned int *rp = (unsigned int *)r_d; + const unsigned int *bp = (const unsigned int *)buf.ui; + + acc = rp[0]; + acc -= bp[7 - 7]; + acc -= bp[11 - 7]; + rp[0] = (unsigned int)acc; + acc >>= 32; + + acc += rp[1]; + acc -= bp[8 - 7]; + acc -= bp[12 - 7]; + rp[1] = (unsigned int)acc; + acc >>= 32; + + acc += rp[2]; + acc -= bp[9 - 7]; + acc -= bp[13 - 7]; + rp[2] = (unsigned int)acc; + acc >>= 32; + + acc += rp[3]; + acc += bp[7 - 7]; + acc += bp[11 - 7]; + acc -= bp[10 - 7]; + rp[3] = (unsigned int)acc; + acc >>= 32; + + acc += rp[4]; + acc += bp[8 - 7]; + acc += bp[12 - 7]; + acc -= bp[11 - 7]; + rp[4] = (unsigned int)acc; + acc >>= 32; + + acc += rp[5]; + acc += bp[9 - 7]; + acc += bp[13 - 7]; + acc -= bp[12 - 7]; + rp[5] = (unsigned int)acc; + acc >>= 32; + + acc += rp[6]; + acc += bp[10 - 7]; + acc -= bp[13 - 7]; + rp[6] = (unsigned int)acc; + + carry = (int)(acc >> 32); +# if BN_BITS2==64 + rp[7] = carry; +# endif + } +#else + { + BN_ULONG t_d[BN_NIST_224_TOP] = {0}; + + nist_set_224(t_d, buf.bn, 10, 9, 8, 7, 0, 0, 0); + carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP); + nist_set_224(t_d, buf.bn, 0, 13, 12, 11, 0, 0, 0); + carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP); + nist_set_224(t_d, buf.bn, 13, 12, 11, 10, 9, 8, 7); + carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP); + nist_set_224(t_d, buf.bn, 0, 0, 0, 0, 13, 12, 11); + carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP); + +#if BN_BITS2==64 + carry = (int)(r_d[BN_NIST_224_TOP - 1] >> 32); +#endif + } +#endif + u.f = bn_sub_words; + if (carry > 0) { + carry = (int)bn_sub_words(r_d, r_d, _nist_p_224[carry - 1], + BN_NIST_224_TOP); +#if BN_BITS2==64 + carry = (int)(~(r_d[BN_NIST_224_TOP - 1] >> 32)) & 1; +#endif + } else if (carry < 0) { + /* it's a bit more complicated logic in this case. + * if bn_add_words yields no carry, then result + * has to be adjusted by unconditionally *adding* + * the modulus. but if it does, then result has + * to be compared to the modulus and conditionally + * adjusted by *subtracting* the latter. */ + carry = (int)bn_add_words(r_d, r_d, _nist_p_224[-carry - 1], + BN_NIST_224_TOP); + mask = 0 - (uintptr_t)carry; + u.p = ((uintptr_t)bn_sub_words & mask) | + ((uintptr_t)bn_add_words & ~mask); + } else + carry = 1; + + /* otherwise it's effectively same as in BN_nist_mod_192... */ + mask = 0 - (uintptr_t)(*u.f)(c_d, r_d, _nist_p_224[0], BN_NIST_224_TOP); + mask &= 0 - (uintptr_t)carry; + res = c_d; + res = (BN_ULONG *)(((uintptr_t)res & ~mask) | ((uintptr_t)r_d & mask)); + nist_cp_bn(r_d, res, BN_NIST_224_TOP); + r->top = BN_NIST_224_TOP; + bn_correct_top(r); + + return 1; +} + +#define nist_set_256(to, from, a1, a2, a3, a4, a5, a6, a7, a8) \ + { \ + bn_cp_32(to, 0, from, (a8) - 8) \ + bn_cp_32(to, 1, from, (a7) - 8) \ + bn_cp_32(to, 2, from, (a6) - 8) \ + bn_cp_32(to, 3, from, (a5) - 8) \ + bn_cp_32(to, 4, from, (a4) - 8) \ + bn_cp_32(to, 5, from, (a3) - 8) \ + bn_cp_32(to, 6, from, (a2) - 8) \ + bn_cp_32(to, 7, from, (a1) - 8) \ + } + +int +BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx) +{ + int i, top = a->top; + int carry = 0; + BN_ULONG *a_d = a->d, *r_d; + union { + BN_ULONG bn[BN_NIST_256_TOP]; + unsigned int ui[BN_NIST_256_TOP * + sizeof(BN_ULONG) / sizeof(unsigned int)]; + } buf; + BN_ULONG c_d[BN_NIST_256_TOP] = {0}, *res; + uintptr_t mask; + union { + bn_addsub_f f; + uintptr_t p; + } u; + static const BIGNUM _bignum_nist_p_256_sqr = { + (BN_ULONG *)_nist_p_256_sqr, + sizeof(_nist_p_256_sqr) / sizeof(_nist_p_256_sqr[0]), + sizeof(_nist_p_256_sqr) / sizeof(_nist_p_256_sqr[0]), + 0, + BN_FLG_STATIC_DATA + }; + + field = &_bignum_nist_p_256; /* just to make sure */ + + if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_256_sqr) >= 0) + return BN_nnmod(r, a, field, ctx); + + i = BN_ucmp(field, a); + if (i == 0) { + BN_zero(r); + return 1; + } else if (i > 0) + return (r == a) ? 1 : (BN_copy(r, a) != NULL); + + if (r != a) { + if (!bn_wexpand(r, BN_NIST_256_TOP)) + return 0; + r_d = r->d; + nist_cp_bn(r_d, a_d, BN_NIST_256_TOP); + } else + r_d = a_d; + + nist_cp_bn_0(buf.bn, a_d + BN_NIST_256_TOP, + top - BN_NIST_256_TOP, BN_NIST_256_TOP); + +#if defined(NIST_INT64) + { + NIST_INT64 acc; /* accumulator */ + unsigned int *rp = (unsigned int *)r_d; + const unsigned int *bp = (const unsigned int *)buf.ui; + + acc = rp[0]; + acc += bp[8 - 8]; + acc += bp[9 - 8]; + acc -= bp[11 - 8]; + acc -= bp[12 - 8]; + acc -= bp[13 - 8]; + acc -= bp[14 - 8]; + rp[0] = (unsigned int)acc; + acc >>= 32; + + acc += rp[1]; + acc += bp[9 - 8]; + acc += bp[10 - 8]; + acc -= bp[12 - 8]; + acc -= bp[13 - 8]; + acc -= bp[14 - 8]; + acc -= bp[15 - 8]; + rp[1] = (unsigned int)acc; + acc >>= 32; + + acc += rp[2]; + acc += bp[10 - 8]; + acc += bp[11 - 8]; + acc -= bp[13 - 8]; + acc -= bp[14 - 8]; + acc -= bp[15 - 8]; + rp[2] = (unsigned int)acc; + acc >>= 32; + + acc += rp[3]; + acc += bp[11 - 8]; + acc += bp[11 - 8]; + acc += bp[12 - 8]; + acc += bp[12 - 8]; + acc += bp[13 - 8]; + acc -= bp[15 - 8]; + acc -= bp[8 - 8]; + acc -= bp[9 - 8]; + rp[3] = (unsigned int)acc; + acc >>= 32; + + acc += rp[4]; + acc += bp[12 - 8]; + acc += bp[12 - 8]; + acc += bp[13 - 8]; + acc += bp[13 - 8]; + acc += bp[14 - 8]; + acc -= bp[9 - 8]; + acc -= bp[10 - 8]; + rp[4] = (unsigned int)acc; + acc >>= 32; + + acc += rp[5]; + acc += bp[13 - 8]; + acc += bp[13 - 8]; + acc += bp[14 - 8]; + acc += bp[14 - 8]; + acc += bp[15 - 8]; + acc -= bp[10 - 8]; + acc -= bp[11 - 8]; + rp[5] = (unsigned int)acc; + acc >>= 32; + + acc += rp[6]; + acc += bp[14 - 8]; + acc += bp[14 - 8]; + acc += bp[15 - 8]; + acc += bp[15 - 8]; + acc += bp[14 - 8]; + acc += bp[13 - 8]; + acc -= bp[8 - 8]; + acc -= bp[9 - 8]; + rp[6] = (unsigned int)acc; + acc >>= 32; + + acc += rp[7]; + acc += bp[15 - 8]; + acc += bp[15 - 8]; + acc += bp[15 - 8]; + acc += bp[8 - 8]; + acc -= bp[10 - 8]; + acc -= bp[11 - 8]; + acc -= bp[12 - 8]; + acc -= bp[13 - 8]; + rp[7] = (unsigned int)acc; + + carry = (int)(acc >> 32); + } +#else + { + BN_ULONG t_d[BN_NIST_256_TOP] = {0}; + + /*S1*/ + nist_set_256(t_d, buf.bn, 15, 14, 13, 12, 11, 0, 0, 0); + /*S2*/ + nist_set_256(c_d, buf.bn, 0, 15, 14, 13, 12, 0, 0, 0); + carry = (int)bn_add_words(t_d, t_d, c_d, BN_NIST_256_TOP); + /* left shift */ + { + BN_ULONG *ap, t, c; + ap = t_d; + c = 0; + for (i = BN_NIST_256_TOP; i != 0; --i) { + t = *ap; + *(ap++) = ((t << 1) | c) & BN_MASK2; + c = (t & BN_TBIT) ? 1 : 0; + } + carry <<= 1; + carry |= c; + } + carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP); + /*S3*/ + nist_set_256(t_d, buf.bn, 15, 14, 0, 0, 0, 10, 9, 8); + carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP); + /*S4*/ + nist_set_256(t_d, buf.bn, 8, 13, 15, 14, 13, 11, 10, 9); + carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP); + /*D1*/ + nist_set_256(t_d, buf.bn, 10, 8, 0, 0, 0, 13, 12, 11); + carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); + /*D2*/ + nist_set_256(t_d, buf.bn, 11, 9, 0, 0, 15, 14, 13, 12); + carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); + /*D3*/ + nist_set_256(t_d, buf.bn, 12, 0, 10, 9, 8, 15, 14, 13); + carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); + /*D4*/ + nist_set_256(t_d, buf.bn, 13, 0, 11, 10, 9, 0, 15, 14); + carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP); + + } +#endif + /* see BN_nist_mod_224 for explanation */ + u.f = bn_sub_words; + if (carry > 0) + carry = (int)bn_sub_words(r_d, r_d, _nist_p_256[carry - 1], + BN_NIST_256_TOP); + else if (carry < 0) { + carry = (int)bn_add_words(r_d, r_d, _nist_p_256[-carry - 1], + BN_NIST_256_TOP); + mask = 0 - (uintptr_t)carry; + u.p = ((uintptr_t)bn_sub_words & mask) | + ((uintptr_t)bn_add_words & ~mask); + } else + carry = 1; + + mask = 0 - (uintptr_t)(*u.f)(c_d, r_d, _nist_p_256[0], BN_NIST_256_TOP); + mask &= 0 - (uintptr_t)carry; + res = c_d; + res = (BN_ULONG *)(((uintptr_t)res & ~mask) | ((uintptr_t)r_d & mask)); + nist_cp_bn(r_d, res, BN_NIST_256_TOP); + r->top = BN_NIST_256_TOP; + bn_correct_top(r); + + return 1; +} + +#define nist_set_384(to,from,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,a11,a12) \ + { \ + bn_cp_32(to, 0, from, (a12) - 12) \ + bn_cp_32(to, 1, from, (a11) - 12) \ + bn_cp_32(to, 2, from, (a10) - 12) \ + bn_cp_32(to, 3, from, (a9) - 12) \ + bn_cp_32(to, 4, from, (a8) - 12) \ + bn_cp_32(to, 5, from, (a7) - 12) \ + bn_cp_32(to, 6, from, (a6) - 12) \ + bn_cp_32(to, 7, from, (a5) - 12) \ + bn_cp_32(to, 8, from, (a4) - 12) \ + bn_cp_32(to, 9, from, (a3) - 12) \ + bn_cp_32(to, 10, from, (a2) - 12) \ + bn_cp_32(to, 11, from, (a1) - 12) \ + } + +int +BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx) +{ + int i, top = a->top; + int carry = 0; + BN_ULONG *r_d, *a_d = a->d; + union { + BN_ULONG bn[BN_NIST_384_TOP]; + unsigned int ui[BN_NIST_384_TOP * + sizeof(BN_ULONG) / sizeof(unsigned int)]; + } buf; + BN_ULONG c_d[BN_NIST_384_TOP], *res; + uintptr_t mask; + union { + bn_addsub_f f; + uintptr_t p; + } u; + static const BIGNUM _bignum_nist_p_384_sqr = { + (BN_ULONG *)_nist_p_384_sqr, + sizeof(_nist_p_384_sqr) / sizeof(_nist_p_384_sqr[0]), + sizeof(_nist_p_384_sqr) / sizeof(_nist_p_384_sqr[0]), + 0, + BN_FLG_STATIC_DATA + }; + + field = &_bignum_nist_p_384; /* just to make sure */ + + if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_384_sqr) >= 0) + return BN_nnmod(r, a, field, ctx); + + i = BN_ucmp(field, a); + if (i == 0) { + BN_zero(r); + return 1; + } else if (i > 0) + return (r == a) ? 1 : (BN_copy(r, a) != NULL); + + if (r != a) { + if (!bn_wexpand(r, BN_NIST_384_TOP)) + return 0; + r_d = r->d; + nist_cp_bn(r_d, a_d, BN_NIST_384_TOP); + } else + r_d = a_d; + + nist_cp_bn_0(buf.bn, a_d + BN_NIST_384_TOP, + top - BN_NIST_384_TOP, BN_NIST_384_TOP); + +#if defined(NIST_INT64) + { + NIST_INT64 acc; /* accumulator */ + unsigned int *rp = (unsigned int *)r_d; + const unsigned int *bp = (const unsigned int *)buf.ui; + + acc = rp[0]; + acc += bp[12 - 12]; + acc += bp[21 - 12]; + acc += bp[20 - 12]; + acc -= bp[23 - 12]; + rp[0] = (unsigned int)acc; + acc >>= 32; + + acc += rp[1]; + acc += bp[13 - 12]; + acc += bp[22 - 12]; + acc += bp[23 - 12]; + acc -= bp[12 - 12]; + acc -= bp[20 - 12]; + rp[1] = (unsigned int)acc; + acc >>= 32; + + acc += rp[2]; + acc += bp[14 - 12]; + acc += bp[23 - 12]; + acc -= bp[13 - 12]; + acc -= bp[21 - 12]; + rp[2] = (unsigned int)acc; + acc >>= 32; + + acc += rp[3]; + acc += bp[15 - 12]; + acc += bp[12 - 12]; + acc += bp[20 - 12]; + acc += bp[21 - 12]; + acc -= bp[14 - 12]; + acc -= bp[22 - 12]; + acc -= bp[23 - 12]; + rp[3] = (unsigned int)acc; + acc >>= 32; + + acc += rp[4]; + acc += bp[21 - 12]; + acc += bp[21 - 12]; + acc += bp[16 - 12]; + acc += bp[13 - 12]; + acc += bp[12 - 12]; + acc += bp[20 - 12]; + acc += bp[22 - 12]; + acc -= bp[15 - 12]; + acc -= bp[23 - 12]; + acc -= bp[23 - 12]; + rp[4] = (unsigned int)acc; + acc >>= 32; + + acc += rp[5]; + acc += bp[22 - 12]; + acc += bp[22 - 12]; + acc += bp[17 - 12]; + acc += bp[14 - 12]; + acc += bp[13 - 12]; + acc += bp[21 - 12]; + acc += bp[23 - 12]; + acc -= bp[16 - 12]; + rp[5] = (unsigned int)acc; + acc >>= 32; + + acc += rp[6]; + acc += bp[23 - 12]; + acc += bp[23 - 12]; + acc += bp[18 - 12]; + acc += bp[15 - 12]; + acc += bp[14 - 12]; + acc += bp[22 - 12]; + acc -= bp[17 - 12]; + rp[6] = (unsigned int)acc; + acc >>= 32; + + acc += rp[7]; + acc += bp[19 - 12]; + acc += bp[16 - 12]; + acc += bp[15 - 12]; + acc += bp[23 - 12]; + acc -= bp[18 - 12]; + rp[7] = (unsigned int)acc; + acc >>= 32; + + acc += rp[8]; + acc += bp[20 - 12]; + acc += bp[17 - 12]; + acc += bp[16 - 12]; + acc -= bp[19 - 12]; + rp[8] = (unsigned int)acc; + acc >>= 32; + + acc += rp[9]; + acc += bp[21 - 12]; + acc += bp[18 - 12]; + acc += bp[17 - 12]; + acc -= bp[20 - 12]; + rp[9] = (unsigned int)acc; + acc >>= 32; + + acc += rp[10]; + acc += bp[22 - 12]; + acc += bp[19 - 12]; + acc += bp[18 - 12]; + acc -= bp[21 - 12]; + rp[10] = (unsigned int)acc; + acc >>= 32; + + acc += rp[11]; + acc += bp[23 - 12]; + acc += bp[20 - 12]; + acc += bp[19 - 12]; + acc -= bp[22 - 12]; + rp[11] = (unsigned int)acc; + + carry = (int)(acc >> 32); + } +#else + { + BN_ULONG t_d[BN_NIST_384_TOP] = {0}; + + /*S1*/ + nist_set_256(t_d, buf.bn, 0, 0, 0, 0, 0, 23 - 4, 22 - 4, + 21 - 4); + /* left shift */ + { + BN_ULONG *ap, t, c; + ap = t_d; + c = 0; + for (i = 3; i != 0; --i) { + t= *ap; + *(ap++) = ((t << 1)|c) & BN_MASK2; + c = (t & BN_TBIT) ? 1 : 0; + } + *ap = c; + } + carry = (int)bn_add_words(r_d + (128 / BN_BITS2), + r_d + (128 / BN_BITS2), t_d, BN_NIST_256_TOP); + /*S2 */ + carry += (int)bn_add_words(r_d, r_d, buf.bn, BN_NIST_384_TOP); + /*S3*/ + nist_set_384(t_d, buf.bn, 20, 19, 18, 17, 16, 15, 14, 13, 12, + 23, 22, 21); + carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); + /*S4*/ + nist_set_384(t_d, buf.bn, 19, 18, 17, 16, 15, 14, 13, 12, 20, + 0, 23, 0); + carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); + /*S5*/ + nist_set_384(t_d, buf.bn, 0,0, 0,0, 23, 22, 21, 20, 0,0, 0, 0); + carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); + /*S6*/ + nist_set_384(t_d, buf.bn, 0,0, 0,0, 0,0, 23, 22, 21, 0,0, 20); + carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP); + /*D1*/ + nist_set_384(t_d, buf.bn, 22, 21, 20, 19, 18, 17, 16, 15, 14, + 13, 12, 23); + carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP); + /*D2*/ + nist_set_384(t_d, buf.bn, 0,0, 0,0, 0,0, 0,23, 22, 21, 20, 0); + carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP); + /*D3*/ + nist_set_384(t_d, buf.bn, 0,0, 0,0, 0,0, 0,23, 23, 0,0, 0); + carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP); + + } +#endif + /* see BN_nist_mod_224 for explanation */ + u.f = bn_sub_words; + if (carry > 0) + carry = (int)bn_sub_words(r_d, r_d, _nist_p_384[carry - 1], + BN_NIST_384_TOP); + else if (carry < 0) { + carry = (int)bn_add_words(r_d, r_d, _nist_p_384[-carry - 1], + BN_NIST_384_TOP); + mask = 0 - (uintptr_t)carry; + u.p = ((uintptr_t)bn_sub_words & mask) | + ((uintptr_t)bn_add_words & ~mask); + } else + carry = 1; + + mask = 0 - (uintptr_t)(*u.f)(c_d, r_d, _nist_p_384[0], BN_NIST_384_TOP); + mask &= 0 - (uintptr_t)carry; + res = c_d; + res = (BN_ULONG *)(((uintptr_t)res & ~mask) | ((uintptr_t)r_d & mask)); + nist_cp_bn(r_d, res, BN_NIST_384_TOP); + r->top = BN_NIST_384_TOP; + bn_correct_top(r); + + return 1; +} + +#define BN_NIST_521_RSHIFT (521%BN_BITS2) +#define BN_NIST_521_LSHIFT (BN_BITS2-BN_NIST_521_RSHIFT) +#define BN_NIST_521_TOP_MASK ((BN_ULONG)BN_MASK2>>BN_NIST_521_LSHIFT) + +int +BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, BN_CTX *ctx) +{ + int top = a->top, i; + BN_ULONG *r_d, *a_d = a->d, t_d[BN_NIST_521_TOP], val, tmp, *res; + uintptr_t mask; + static const BIGNUM _bignum_nist_p_521_sqr = { + (BN_ULONG *)_nist_p_521_sqr, + sizeof(_nist_p_521_sqr) / sizeof(_nist_p_521_sqr[0]), + sizeof(_nist_p_521_sqr) / sizeof(_nist_p_521_sqr[0]), + 0, + BN_FLG_STATIC_DATA + }; + + field = &_bignum_nist_p_521; /* just to make sure */ + + if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_521_sqr) >= 0) + return BN_nnmod(r, a, field, ctx); + + i = BN_ucmp(field, a); + if (i == 0) { + BN_zero(r); + return 1; + } else if (i > 0) + return (r == a) ? 1 : (BN_copy(r, a) != NULL); + + if (r != a) { + if (!bn_wexpand(r, BN_NIST_521_TOP)) + return 0; + r_d = r->d; + nist_cp_bn(r_d, a_d, BN_NIST_521_TOP); + } else + r_d = a_d; + + /* upper 521 bits, copy ... */ + nist_cp_bn_0(t_d, a_d + (BN_NIST_521_TOP - 1), + top - (BN_NIST_521_TOP - 1), BN_NIST_521_TOP); + /* ... and right shift */ + for (val = t_d[0], i = 0; i < BN_NIST_521_TOP - 1; i++) { + tmp = val >> BN_NIST_521_RSHIFT; + val = t_d[i + 1]; + t_d[i] = (tmp | val << BN_NIST_521_LSHIFT) & BN_MASK2; + } + t_d[i] = val >> BN_NIST_521_RSHIFT; + /* lower 521 bits */ + r_d[i] &= BN_NIST_521_TOP_MASK; + + bn_add_words(r_d, r_d, t_d, BN_NIST_521_TOP); + mask = 0 - (uintptr_t)bn_sub_words(t_d, r_d, _nist_p_521, + BN_NIST_521_TOP); + res = t_d; + res = (BN_ULONG *)(((uintptr_t)res & ~mask) | ((uintptr_t)r_d & mask)); + nist_cp_bn(r_d, res, BN_NIST_521_TOP); + r->top = BN_NIST_521_TOP; + bn_correct_top(r); + + return 1; +} diff --git a/src/lib/libcrypto/bn/bn_prime.c b/src/lib/libcrypto/bn/bn_prime.c index 918b9237c6e..e78c5686ab5 100644 --- a/src/lib/libcrypto/bn/bn_prime.c +++ b/src/lib/libcrypto/bn/bn_prime.c @@ -1,25 +1,25 @@ -/* crypto/bn/bn_prime.c */ +/* $OpenBSD: bn_prime.c,v 1.18 2017/01/29 17:49:22 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -63,7 +63,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -111,9 +111,15 @@ #include #include -#include "cryptlib.h" + +#include + #include "bn_lcl.h" -#include + +/* NB: these functions have been "upgraded", the deprecated versions (which are + * compatibility wrappers using these functions) are in bn_depr.c. + * - Geoff + */ /* The quick sieve algorithm approach to weeding out primes is * Philip Zimmermann's, as implemented in PGP. I have had a read of @@ -122,103 +128,137 @@ #include "bn_prime.h" static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1, - const BIGNUM *a1_odd, int k, BN_CTX *ctx, BN_MONT_CTX *mont); + const BIGNUM *a1_odd, int k, BN_CTX *ctx, BN_MONT_CTX *mont); static int probable_prime(BIGNUM *rnd, int bits); static int probable_prime_dh(BIGNUM *rnd, int bits, - const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx); + const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx); static int probable_prime_dh_safe(BIGNUM *rnd, int bits, - const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx); - -BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, - const BIGNUM *add, const BIGNUM *rem, - void (*callback)(int,int,void *), void *cb_arg) - { - BIGNUM *rnd=NULL; - BIGNUM t; - int found=0; - int i,j,c1=0; + const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx); + +int +BN_GENCB_call(BN_GENCB *cb, int a, int b) +{ + /* No callback means continue */ + if (!cb) + return 1; + switch (cb->ver) { + case 1: + /* Deprecated-style callbacks */ + if (!cb->cb.cb_1) + return 1; + cb->cb.cb_1(a, b, cb->arg); + return 1; + case 2: + /* New-style callbacks */ + return cb->cb.cb_2(a, b, cb); + default: + break; + } + /* Unrecognised callback type */ + return 0; +} + +int +BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add, + const BIGNUM *rem, BN_GENCB *cb) +{ + BIGNUM *t; + int found = 0; + int i, j, c1 = 0; BN_CTX *ctx; - int checks = BN_prime_checks_for_size(bits); + int checks; + + if (bits < 2 || (bits == 2 && safe)) { + /* + * There are no prime numbers smaller than 2, and the smallest + * safe prime (7) spans three bits. + */ + BNerror(BN_R_BITS_TOO_SMALL); + return 0; + } - ctx=BN_CTX_new(); - if (ctx == NULL) goto err; - if (ret == NULL) - { - if ((rnd=BN_new()) == NULL) goto err; - } - else - rnd=ret; - BN_init(&t); -loop: + ctx = BN_CTX_new(); + if (ctx == NULL) + goto err; + BN_CTX_start(ctx); + if ((t = BN_CTX_get(ctx)) == NULL) + goto err; + + checks = BN_prime_checks_for_size(bits); + +loop: /* make a random number and set the top and bottom bits */ - if (add == NULL) - { - if (!probable_prime(rnd,bits)) goto err; - } - else - { - if (safe) - { - if (!probable_prime_dh_safe(rnd,bits,add,rem,ctx)) - goto err; - } - else - { - if (!probable_prime_dh(rnd,bits,add,rem,ctx)) + if (add == NULL) { + if (!probable_prime(ret, bits)) + goto err; + } else { + if (safe) { + if (!probable_prime_dh_safe(ret, bits, add, rem, ctx)) + goto err; + } else { + if (!probable_prime_dh(ret, bits, add, rem, ctx)) goto err; - } - } - /* if (BN_mod_word(rnd,(BN_ULONG)3) == 1) goto loop; */ - if (callback != NULL) callback(0,c1++,cb_arg); - - if (!safe) - { - i=BN_is_prime_fasttest(rnd,checks,callback,ctx,cb_arg,0); - if (i == -1) goto err; - if (i == 0) goto loop; } - else - { + } + /* if (BN_mod_word(ret,(BN_ULONG)3) == 1) goto loop; */ + if (!BN_GENCB_call(cb, 0, c1++)) + /* aborted */ + goto err; + + if (!safe) { + i = BN_is_prime_fasttest_ex(ret, checks, ctx, 0, cb); + if (i == -1) + goto err; + if (i == 0) + goto loop; + } else { /* for "safe prime" generation, * check that (p-1)/2 is prime. * Since a prime is odd, We just * need to divide by 2 */ - if (!BN_rshift1(&t,rnd)) goto err; + if (!BN_rshift1(t, ret)) + goto err; - for (i=0; i a is prime if and only if a == 2 */ + return BN_is_word(a, 2); + if (do_trial_division) { + for (i = 1; i < NUMPRIMES; i++) { + BN_ULONG mod = BN_mod_word(a, primes[i]); + if (mod == (BN_ULONG)-1) + goto err; + if (mod == 0) return 0; - if (callback != NULL) callback(1, -1, cb_arg); } + if (!BN_GENCB_call(cb, 1, -1)) + goto err; + } if (ctx_passed != NULL) ctx = ctx_passed; - else - if ((ctx=BN_CTX_new()) == NULL) - goto err; + else if ((ctx = BN_CTX_new()) == NULL) + goto err; BN_CTX_start(ctx); /* A := abs(a) */ - if (a->neg) - { + if (a->neg) { BIGNUM *t; - if ((t = BN_CTX_get(ctx)) == NULL) goto err; + if ((t = BN_CTX_get(ctx)) == NULL) + goto err; BN_copy(t, a); t->neg = 0; A = t; - } - else + } else A = a; - A1 = BN_CTX_get(ctx); - A1_odd = BN_CTX_get(ctx); - check = BN_CTX_get(ctx); - if (check == NULL) goto err; + if ((A1 = BN_CTX_get(ctx)) == NULL) + goto err; + if ((A1_odd = BN_CTX_get(ctx)) == NULL) + goto err; + if ((check = BN_CTX_get(ctx)) == NULL) + goto err; /* compute A1 := A - 1 */ if (!BN_copy(A1, A)) goto err; if (!BN_sub_word(A1, 1)) goto err; - if (BN_is_zero(A1)) - { + if (BN_is_zero(A1)) { ret = 0; goto err; - } + } /* write A1 as A1_odd * 2^k */ k = 1; @@ -290,9 +334,8 @@ int BN_is_prime_fasttest(const BIGNUM *a, int checks, goto err; if (!BN_MONT_CTX_set(mont, A, ctx)) goto err; - - for (i = 0; i < checks; i++) - { + + for (i = 0; i < checks; i++) { if (!BN_pseudo_rand_range(check, A1)) goto err; if (!BN_add_word(check, 1)) @@ -300,39 +343,40 @@ int BN_is_prime_fasttest(const BIGNUM *a, int checks, /* now 1 <= check < A */ j = witness(check, A, A1, A1_odd, k, ctx, mont); - if (j == -1) goto err; - if (j) - { - ret=0; + if (j == -1) + goto err; + if (j) { + ret = 0; goto err; - } - if (callback != NULL) callback(1,i,cb_arg); } - ret=1; + if (!BN_GENCB_call(cb, 1, i)) + goto err; + } + ret = 1; + err: - if (ctx != NULL) - { + if (ctx != NULL) { BN_CTX_end(ctx); if (ctx_passed == NULL) BN_CTX_free(ctx); - } - if (mont != NULL) - BN_MONT_CTX_free(mont); - - return(ret); } + BN_MONT_CTX_free(mont); -static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1, - const BIGNUM *a1_odd, int k, BN_CTX *ctx, BN_MONT_CTX *mont) - { - if (!BN_mod_exp_mont(w, w, a1_odd, a, ctx, mont)) /* w := w^a1_odd mod a */ + return (ret); +} + +static int +witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1, const BIGNUM *a1_odd, + int k, BN_CTX *ctx, BN_MONT_CTX *mont) +{ + if (!BN_mod_exp_mont_ct(w, w, a1_odd, a, ctx, mont)) + /* w := w^a1_odd mod a */ return -1; if (BN_is_one(w)) return 0; /* probably prime */ if (BN_cmp(w, a1) == 0) return 0; /* w == -1 (mod a), 'a' is probably prime */ - while (--k) - { + while (--k) { if (!BN_mod_mul(w, w, w, a, ctx)) /* w := w^2 mod a */ return -1; if (BN_is_one(w)) @@ -340,127 +384,163 @@ static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1, * have been == -1 (mod 'a') */ if (BN_cmp(w, a1) == 0) return 0; /* w == -1 (mod a), 'a' is probably prime */ - } + } /* If we get here, 'w' is the (a-1)/2-th power of the original 'w', * and it is neither -1 nor +1 -- so 'a' cannot be prime */ + bn_check_top(w); return 1; - } +} -static int probable_prime(BIGNUM *rnd, int bits) - { +static int +probable_prime(BIGNUM *rnd, int bits) +{ int i; - BN_ULONG mods[NUMPRIMES]; - BN_ULONG delta,d; + prime_t mods[NUMPRIMES]; + BN_ULONG delta, maxdelta; again: - if (!BN_rand(rnd,bits,1,1)) return(0); + if (!BN_rand(rnd, bits, 1, 1)) + return (0); /* we now have a random number 'rand' to test. */ - for (i=1; i maxdelta) + goto again; goto loop; - } } - if (!BN_add_word(rnd,delta)) return(0); - return(1); } - -static int probable_prime_dh(BIGNUM *rnd, int bits, - const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx) - { - int i,ret=0; + if (!BN_add_word(rnd, delta)) + return (0); + bn_check_top(rnd); + return (1); +} + +static int +probable_prime_dh(BIGNUM *rnd, int bits, const BIGNUM *add, const BIGNUM *rem, + BN_CTX *ctx) +{ + int i, ret = 0; BIGNUM *t1; BN_CTX_start(ctx); - if ((t1 = BN_CTX_get(ctx)) == NULL) goto err; + if ((t1 = BN_CTX_get(ctx)) == NULL) + goto err; - if (!BN_rand(rnd,bits,0,1)) goto err; + if (!BN_rand(rnd, bits, 0, 1)) + goto err; /* we need ((rnd-rem) % add) == 0 */ - if (!BN_mod(t1,rnd,add,ctx)) goto err; - if (!BN_sub(rnd,rnd,t1)) goto err; - if (rem == NULL) - { if (!BN_add_word(rnd,1)) goto err; } - else - { if (!BN_add(rnd,rnd,rem)) goto err; } + if (!BN_mod_ct(t1, rnd, add, ctx)) + goto err; + if (!BN_sub(rnd, rnd, t1)) + goto err; + if (rem == NULL) { + if (!BN_add_word(rnd, 1)) + goto err; + } else { + if (!BN_add(rnd, rnd, rem)) + goto err; + } /* we now have a random number 'rand' to test. */ - loop: for (i=1; i 256) - { - $eight=$i; - last; - } - } - -printf "#ifndef EIGHT_BIT\n"; printf "#define NUMPRIMES %d\n",$num; -printf "#else\n"; -printf "#define NUMPRIMES %d\n",$eight; -printf "#endif\n"; -print "static const unsigned int primes[NUMPRIMES]=\n\t{\n\t"; -$init=0; +printf "typedef unsigned short prime_t;\n"; +print "static const prime_t primes[NUMPRIMES]=\n{\n\t"; for ($i=0; $i <= $#primes; $i++) { - printf "\n#ifndef EIGHT_BIT\n\t" if ($primes[$i] > 256) && !($init++); printf("\n\t") if (($i%8) == 0) && ($i != 0); printf("%4d,",$primes[$i]); } -print "\n#endif\n\t};\n"; +print "\n};\n"; diff --git a/src/lib/libcrypto/bn/bn_print.c b/src/lib/libcrypto/bn/bn_print.c index 5f46b1826c0..de67c03c148 100644 --- a/src/lib/libcrypto/bn/bn_print.c +++ b/src/lib/libcrypto/bn/bn_print.c @@ -1,25 +1,25 @@ -/* crypto/bn/bn_print.c */ +/* $OpenBSD: bn_print.c,v 1.31 2017/01/29 17:49:22 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,284 +49,363 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ -#include #include -#include "cryptlib.h" +#include +#include + +#include + +#include #include +#include + #include "bn_lcl.h" -static const char *Hex="0123456789ABCDEF"; +static const char Hex[]="0123456789ABCDEF"; -/* Must 'OPENSSL_free' the returned data */ -char *BN_bn2hex(const BIGNUM *a) - { - int i,j,v,z=0; +/* Must 'free' the returned data */ +char * +BN_bn2hex(const BIGNUM *a) +{ + int i, j, v, z = 0; char *buf; char *p; - buf=(char *)OPENSSL_malloc(a->top*BN_BYTES*2+2); - if (buf == NULL) - { - BNerr(BN_F_BN_BN2HEX,ERR_R_MALLOC_FAILURE); + buf = malloc(BN_is_negative(a) + a->top * BN_BYTES * 2 + 2); + if (buf == NULL) { + BNerror(ERR_R_MALLOC_FAILURE); goto err; - } - p=buf; - if (a->neg) *(p++)='-'; - if (a->top == 0) *(p++)='0'; - for (i=a->top-1; i >=0; i--) - { - for (j=BN_BITS2-8; j >= 0; j-=8) - { + } + p = buf; + if (BN_is_negative(a)) + *p++ = '-'; + if (BN_is_zero(a)) + *p++ = '0'; + for (i = a->top - 1; i >=0; i--) { + for (j = BN_BITS2 - 8; j >= 0; j -= 8) { /* strip leading zeros */ - v=((int)(a->d[i]>>(long)j))&0xff; - if (z || (v != 0)) - { - *(p++)=Hex[v>>4]; - *(p++)=Hex[v&0x0f]; - z=1; - } + v = ((int)(a->d[i] >> (long)j)) & 0xff; + if (z || (v != 0)) { + *p++ = Hex[v >> 4]; + *p++ = Hex[v & 0x0f]; + z = 1; } } - *p='\0'; -err: - return(buf); } + *p = '\0'; -/* Must 'OPENSSL_free' the returned data */ -char *BN_bn2dec(const BIGNUM *a) - { - int i=0,num; - char *buf=NULL; +err: + return (buf); +} + +/* Must 'free' the returned data */ +char * +BN_bn2dec(const BIGNUM *a) +{ + int i = 0, num, bn_data_num, ok = 0; + char *buf = NULL; char *p; - BIGNUM *t=NULL; - BN_ULONG *bn_data=NULL,*lp; - - i=BN_num_bits(a)*3; - num=(i/10+i/1000+3)+1; - bn_data=(BN_ULONG *)OPENSSL_malloc((num/BN_DEC_NUM+1)*sizeof(BN_ULONG)); - buf=(char *)OPENSSL_malloc(num+3); - if ((buf == NULL) || (bn_data == NULL)) - { - BNerr(BN_F_BN_BN2DEC,ERR_R_MALLOC_FAILURE); - goto err; - } - if ((t=BN_dup(a)) == NULL) goto err; - - p=buf; - lp=bn_data; - if (t->neg) *(p++)='-'; - if (t->top == 0) - { - *(p++)='0'; - *(p++)='\0'; + BIGNUM *t = NULL; + BN_ULONG *bn_data = NULL, *lp; + + if (BN_is_zero(a)) { + buf = malloc(BN_is_negative(a) + 2); + if (buf == NULL) { + BNerror(ERR_R_MALLOC_FAILURE); + goto err; } - else - { - i=0; - while (!BN_is_zero(t)) - { - *lp=BN_div_word(t,BN_DEC_CONV); - lp++; - } + p = buf; + if (BN_is_negative(a)) + *p++ = '-'; + *p++ = '0'; + *p++ = '\0'; + return (buf); + } + + /* get an upper bound for the length of the decimal integer + * num <= (BN_num_bits(a) + 1) * log(2) + * <= 3 * BN_num_bits(a) * 0.1001 + log(2) + 1 (rounding error) + * <= BN_num_bits(a)/10 + BN_num_bits/1000 + 1 + 1 + */ + i = BN_num_bits(a) * 3; + num = (i / 10 + i / 1000 + 1) + 1; + bn_data_num = num / BN_DEC_NUM + 1; + bn_data = reallocarray(NULL, bn_data_num, sizeof(BN_ULONG)); + buf = malloc(num + 3); + if ((buf == NULL) || (bn_data == NULL)) { + BNerror(ERR_R_MALLOC_FAILURE); + goto err; + } + if ((t = BN_dup(a)) == NULL) + goto err; + +#define BUF_REMAIN (num+3 - (size_t)(p - buf)) + p = buf; + lp = bn_data; + if (BN_is_negative(t)) + *p++ = '-'; + + while (!BN_is_zero(t)) { + if (lp - bn_data >= bn_data_num) + goto err; + *lp = BN_div_word(t, BN_DEC_CONV); + if (*lp == (BN_ULONG)-1) + goto err; + lp++; + } + lp--; + /* We now have a series of blocks, BN_DEC_NUM chars + * in length, where the last one needs truncation. + * The blocks need to be reversed in order. */ + snprintf(p, BUF_REMAIN, BN_DEC_FMT1, *lp); + while (*p) + p++; + while (lp != bn_data) { lp--; - /* We now have a series of blocks, BN_DEC_NUM chars - * in length, where the last one needs truncation. - * The blocks need to be reversed in order. */ - sprintf(p,BN_DEC_FMT1,*lp); - while (*p) p++; - while (lp != bn_data) - { - lp--; - sprintf(p,BN_DEC_FMT2,*lp); - while (*p) p++; - } - } + snprintf(p, BUF_REMAIN, BN_DEC_FMT2, *lp); + while (*p) + p++; + } + ok = 1; + err: - if (bn_data != NULL) OPENSSL_free(bn_data); - if (t != NULL) BN_free(t); - return(buf); + free(bn_data); + BN_free(t); + if (!ok && buf) { + free(buf); + buf = NULL; } -int BN_hex2bn(BIGNUM **bn, const char *a) - { - BIGNUM *ret=NULL; - BN_ULONG l=0; - int neg=0,h,m,i,j,k,c; + return (buf); +} + +int +BN_hex2bn(BIGNUM **bn, const char *a) +{ + BIGNUM *ret = NULL; + BN_ULONG l = 0; + int neg = 0, h, m, i,j, k, c; int num; - if ((a == NULL) || (*a == '\0')) return(0); + if ((a == NULL) || (*a == '\0')) + return (0); - if (*a == '-') { neg=1; a++; } + if (*a == '-') { + neg = 1; + a++; + } - for (i=0; isxdigit((unsigned char) a[i]); i++) + for (i = 0; i <= (INT_MAX / 4) && isxdigit((unsigned char)a[i]); i++) ; + if (i > INT_MAX / 4) + goto err; - num=i+neg; - if (bn == NULL) return(num); + num = i + neg; + if (bn == NULL) + return (num); /* a is the start of the hex digits, and it is 'i' long */ - if (*bn == NULL) - { - if ((ret=BN_new()) == NULL) return(0); - } - else - { + if (*bn == NULL) { + if ((ret = BN_new()) == NULL) + return (0); + } else { ret= *bn; BN_zero(ret); - } + } - /* i is the number of hex digests; */ - if (bn_expand(ret,i*4) == NULL) goto err; - - j=i; /* least significant 'hex' */ - m=0; - h=0; - while (j > 0) - { - m=((BN_BYTES*2) <= j)?(BN_BYTES*2):j; - l=0; - for (;;) - { - c=a[j-m]; - if ((c >= '0') && (c <= '9')) k=c-'0'; - else if ((c >= 'a') && (c <= 'f')) k=c-'a'+10; - else if ((c >= 'A') && (c <= 'F')) k=c-'A'+10; - else k=0; /* paranoia */ - l=(l<<4)|k; - - if (--m <= 0) - { - ret->d[h++]=l; + /* i is the number of hex digits */ + if (bn_expand(ret, i * 4) == NULL) + goto err; + + j = i; /* least significant 'hex' */ + m = 0; + h = 0; + while (j > 0) { + m = ((BN_BYTES*2) <= j) ? (BN_BYTES * 2) : j; + l = 0; + for (;;) { + c = a[j - m]; + if ((c >= '0') && (c <= '9')) + k = c - '0'; + else if ((c >= 'a') && (c <= 'f')) + k = c - 'a' + 10; + else if ((c >= 'A') && (c <= 'F')) + k = c - 'A' + 10; + else + k = 0; /* paranoia */ + l = (l << 4) | k; + + if (--m <= 0) { + ret->d[h++] = l; break; - } } - j-=(BN_BYTES*2); } - ret->top=h; - bn_fix_top(ret); - ret->neg=neg; + j -= (BN_BYTES * 2); + } + ret->top = h; + bn_correct_top(ret); + ret->neg = neg; + + *bn = ret; + bn_check_top(ret); + return (num); - *bn=ret; - return(num); err: - if (*bn == NULL) BN_free(ret); - return(0); - } + if (*bn == NULL) + BN_free(ret); + return (0); +} -int BN_dec2bn(BIGNUM **bn, const char *a) - { - BIGNUM *ret=NULL; - BN_ULONG l=0; - int neg=0,i,j; +int +BN_dec2bn(BIGNUM **bn, const char *a) +{ + BIGNUM *ret = NULL; + BN_ULONG l = 0; + int neg = 0, i, j; int num; - if ((a == NULL) || (*a == '\0')) return(0); - if (*a == '-') { neg=1; a++; } + if ((a == NULL) || (*a == '\0')) + return (0); + if (*a == '-') { + neg = 1; + a++; + } - for (i=0; isdigit((unsigned char) a[i]); i++) + for (i = 0; i <= (INT_MAX / 4) && isdigit((unsigned char)a[i]); i++) ; + if (i > INT_MAX / 4) + goto err; - num=i+neg; - if (bn == NULL) return(num); + num = i + neg; + if (bn == NULL) + return (num); /* a is the start of the digits, and it is 'i' long. * We chop it into BN_DEC_NUM digits at a time */ - if (*bn == NULL) - { - if ((ret=BN_new()) == NULL) return(0); - } - else - { - ret= *bn; + if (*bn == NULL) { + if ((ret = BN_new()) == NULL) + return (0); + } else { + ret = *bn; BN_zero(ret); - } + } - /* i is the number of digests, a bit of an over expand; */ - if (bn_expand(ret,i*4) == NULL) goto err; + /* i is the number of digits, a bit of an over expand */ + if (bn_expand(ret, i * 4) == NULL) + goto err; - j=BN_DEC_NUM-(i%BN_DEC_NUM); - if (j == BN_DEC_NUM) j=0; - l=0; - while (*a) - { - l*=10; - l+= *a-'0'; + j = BN_DEC_NUM - (i % BN_DEC_NUM); + if (j == BN_DEC_NUM) + j = 0; + l = 0; + while (*a) { + l *= 10; + l += *a - '0'; a++; - if (++j == BN_DEC_NUM) - { - BN_mul_word(ret,BN_DEC_CONV); - BN_add_word(ret,l); - l=0; - j=0; - } + if (++j == BN_DEC_NUM) { + BN_mul_word(ret, BN_DEC_CONV); + BN_add_word(ret, l); + l = 0; + j = 0; } - ret->neg=neg; + } + ret->neg = neg; + + bn_correct_top(ret); + *bn = ret; + bn_check_top(ret); + return (num); - bn_fix_top(ret); - *bn=ret; - return(num); err: - if (*bn == NULL) BN_free(ret); - return(0); + if (*bn == NULL) + BN_free(ret); + return (0); +} + +int +BN_asc2bn(BIGNUM **bn, const char *a) +{ + const char *p = a; + if (*p == '-') + p++; + + if (p[0] == '0' && (p[1] == 'X' || p[1] == 'x')) { + if (!BN_hex2bn(bn, p + 2)) + return 0; + } else { + if (!BN_dec2bn(bn, p)) + return 0; } + if (*a == '-') + (*bn)->neg = 1; + return 1; +} #ifndef OPENSSL_NO_BIO -#ifndef OPENSSL_NO_FP_API -int BN_print_fp(FILE *fp, const BIGNUM *a) - { +int +BN_print_fp(FILE *fp, const BIGNUM *a) +{ BIO *b; int ret; - if ((b=BIO_new(BIO_s_file())) == NULL) - return(0); - BIO_set_fp(b,fp,BIO_NOCLOSE); - ret=BN_print(b,a); + if ((b = BIO_new(BIO_s_file())) == NULL) + return (0); + BIO_set_fp(b, fp, BIO_NOCLOSE); + ret = BN_print(b, a); BIO_free(b); - return(ret); - } -#endif + return (ret); +} + +int +BN_print(BIO *bp, const BIGNUM *a) +{ + int i, j, v, z = 0; + int ret = 0; -int BN_print(BIO *bp, const BIGNUM *a) - { - int i,j,v,z=0; - int ret=0; - - if ((a->neg) && (BIO_write(bp,"-",1) != 1)) goto end; - if ((a->top == 0) && (BIO_write(bp,"0",1) != 1)) goto end; - for (i=a->top-1; i >=0; i--) - { - for (j=BN_BITS2-4; j >= 0; j-=4) - { + if ((a->neg) && (BIO_write(bp, "-", 1) != 1)) + goto end; + if (BN_is_zero(a) && (BIO_write(bp, "0", 1) != 1)) + goto end; + for (i = a->top - 1; i >= 0; i--) { + for (j = BN_BITS2 - 4; j >= 0; j -= 4) { /* strip leading zeros */ - v=((int)(a->d[i]>>(long)j))&0x0f; - if (z || (v != 0)) - { - if (BIO_write(bp,&(Hex[v]),1) != 1) + v = ((int)(a->d[i] >> (long)j)) & 0x0f; + if (z || (v != 0)) { + if (BIO_write(bp, &(Hex[v]), 1) != 1) goto end; - z=1; - } + z = 1; } } - ret=1; -end: - return(ret); } + ret = 1; + +end: + return (ret); +} #endif -#ifdef BN_DEBUG -void bn_dump1(FILE *o, const char *a, const BN_ULONG *b,int n) - { - int i; - fprintf(o, "%s=", a); - for (i=n-1;i>=0;i--) - fprintf(o, "%08lX", b[i]); /* assumes 32-bit BN_ULONG */ - fprintf(o, "\n"); - } +char * +BN_options(void) +{ + static int init = 0; + static char data[16]; + + if (!init) { + init++; +#ifdef BN_LLONG + snprintf(data,sizeof data, "bn(%d,%d)", + (int)sizeof(BN_ULLONG) * 8, (int)sizeof(BN_ULONG) * 8); +#else + snprintf(data,sizeof data, "bn(%d,%d)", + (int)sizeof(BN_ULONG) * 8, (int)sizeof(BN_ULONG) * 8); #endif + } + return (data); +} diff --git a/src/lib/libcrypto/bn/bn_rand.c b/src/lib/libcrypto/bn/bn_rand.c index 9e08ccd22e7..df798f41bc4 100644 --- a/src/lib/libcrypto/bn/bn_rand.c +++ b/src/lib/libcrypto/bn/bn_rand.c @@ -1,25 +1,25 @@ -/* crypto/bn/bn_rand.c */ +/* $OpenBSD: bn_rand.c,v 1.22 2018/11/06 06:49:45 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -63,7 +63,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -110,182 +110,204 @@ */ #include +#include +#include #include -#include "cryptlib.h" + +#include + #include "bn_lcl.h" -#include -static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) - { - unsigned char *buf=NULL; - int ret=0,bit,bytes,mask; - time_t tim; +static int +bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) +{ + unsigned char *buf = NULL; + int ret = 0, bit, bytes, mask; + + if (rnd == NULL) { + BNerror(ERR_R_PASSED_NULL_PARAMETER); + return (0); + } - if (bits == 0) - { + if (bits == 0) { BN_zero(rnd); - return 1; - } + return (1); + } - bytes=(bits+7)/8; - bit=(bits-1)%8; - mask=0xff<<(bit+1); + bytes = (bits + 7) / 8; + bit = (bits - 1) % 8; + mask = 0xff << (bit + 1); - buf=(unsigned char *)OPENSSL_malloc(bytes); - if (buf == NULL) - { - BNerr(BN_F_BN_RAND,ERR_R_MALLOC_FAILURE); + buf = malloc(bytes); + if (buf == NULL) { + BNerror(ERR_R_MALLOC_FAILURE); goto err; - } + } /* make a random number and set the top and bottom bits */ - time(&tim); - RAND_add(&tim,sizeof(tim),0); - - if (pseudorand) - { - if (RAND_pseudo_bytes(buf, bytes) == -1) - goto err; - } - else - { - if (RAND_bytes(buf, bytes) <= 0) - goto err; - } + arc4random_buf(buf, bytes); #if 1 - if (pseudorand == 2) - { + if (pseudorand == 2) { /* generate patterns that are more likely to trigger BN library bugs */ int i; unsigned char c; - for (i = 0; i < bytes; i++) - { - RAND_pseudo_bytes(&c, 1); + for (i = 0; i < bytes; i++) { + arc4random_buf(&c, 1); if (c >= 128 && i > 0) - buf[i] = buf[i-1]; + buf[i] = buf[i - 1]; else if (c < 42) buf[i] = 0; else if (c < 84) buf[i] = 255; - } } + } #endif - if (top != -1) - { - if (top) - { - if (bit == 0) - { - buf[0]=1; - buf[1]|=0x80; - } - else - { - buf[0]|=(3<<(bit-1)); - } - } - else - { - buf[0]|=(1<neg || BN_is_zero(range)) - { - BNerr(BN_F_BN_RAND_RANGE, BN_R_INVALID_RANGE); + if (range->neg || BN_is_zero(range)) { + BNerror(BN_R_INVALID_RANGE); return 0; - } + } n = BN_num_bits(range); /* n > 0 */ /* BN_is_bit_set(range, n - 1) always holds */ if (n == 1) - { - if (!BN_zero(r)) return 0; - } - else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3)) - { + BN_zero(r); + else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3)) { /* range = 100..._2, * so 3*range (= 11..._2) is exactly one bit longer than range */ - do - { - if (!bn_rand(r, n + 1, -1, 0)) return 0; + do { + if (!bn_rand(r, n + 1, -1, 0)) + return 0; /* If r < 3*range, use r := r MOD range * (which is either r, r - range, or r - 2*range). * Otherwise, iterate once more. * Since 3*range = 11..._2, each iteration succeeds with * probability >= .75. */ - if (BN_cmp(r ,range) >= 0) - { - if (!BN_sub(r, r, range)) return 0; + if (BN_cmp(r, range) >= 0) { + if (!BN_sub(r, r, range)) + return 0; if (BN_cmp(r, range) >= 0) - if (!BN_sub(r, r, range)) return 0; - } + if (!BN_sub(r, r, range)) + return 0; } - while (BN_cmp(r, range) >= 0); - } - else - { - do - { - /* range = 11..._2 or range = 101..._2 */ - if (!bn_rand(r, n, -1, 0)) return 0; + + if (!--count) { + BNerror(BN_R_TOO_MANY_ITERATIONS); + return 0; } - while (BN_cmp(r, range) >= 0); - } - return 1; + } while (BN_cmp(r, range) >= 0); + } else { + do { + /* range = 11..._2 or range = 101..._2 */ + if (!bn_rand(r, n, -1, 0)) + return 0; + + if (!--count) { + BNerror(BN_R_TOO_MANY_ITERATIONS); + return 0; + } + } while (BN_cmp(r, range) >= 0); } + bn_check_top(r); + return 1; +} -int BN_rand_range(BIGNUM *r, BIGNUM *range) - { +int +BN_rand_range(BIGNUM *r, const BIGNUM *range) +{ return bn_rand_range(0, r, range); - } +} -int BN_pseudo_rand_range(BIGNUM *r, BIGNUM *range) - { +int +bn_rand_interval(BIGNUM *rnd, const BIGNUM *lower_inc, const BIGNUM *upper_exc) +{ + BIGNUM *len = NULL; + int ret = 0; + + if (BN_cmp(lower_inc, upper_exc) >= 0) + goto err; + + if ((len = BN_new()) == NULL) + goto err; + + if (!BN_sub(len, upper_exc, lower_inc)) + goto err; + + if (!bn_rand_range(0, rnd, len)) + goto err; + + if (!BN_add(rnd, rnd, lower_inc)) + goto err; + + ret = 1; + err: + BN_free(len); + return ret; +} + +int +BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range) +{ return bn_rand_range(1, r, range); - } +} diff --git a/src/lib/libcrypto/bn/bn_recp.c b/src/lib/libcrypto/bn/bn_recp.c index ef5fdd47080..6588d330331 100644 --- a/src/lib/libcrypto/bn/bn_recp.c +++ b/src/lib/libcrypto/bn/bn_recp.c @@ -1,25 +1,25 @@ -/* crypto/bn/bn_recp.c */ +/* $OpenBSD: bn_recp.c,v 1.15 2017/01/29 17:49:22 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,101 +57,117 @@ */ #include -#include "cryptlib.h" + +#include + #include "bn_lcl.h" -void BN_RECP_CTX_init(BN_RECP_CTX *recp) - { +void +BN_RECP_CTX_init(BN_RECP_CTX *recp) +{ BN_init(&(recp->N)); BN_init(&(recp->Nr)); - recp->num_bits=0; - recp->flags=0; - } + recp->num_bits = 0; + recp->flags = 0; +} -BN_RECP_CTX *BN_RECP_CTX_new(void) - { +BN_RECP_CTX * +BN_RECP_CTX_new(void) +{ BN_RECP_CTX *ret; - if ((ret=(BN_RECP_CTX *)OPENSSL_malloc(sizeof(BN_RECP_CTX))) == NULL) - return(NULL); + if ((ret = malloc(sizeof(BN_RECP_CTX))) == NULL) + return (NULL); BN_RECP_CTX_init(ret); - ret->flags=BN_FLG_MALLOCED; - return(ret); - } + ret->flags = BN_FLG_MALLOCED; + return (ret); +} -void BN_RECP_CTX_free(BN_RECP_CTX *recp) - { - if(recp == NULL) - return; +void +BN_RECP_CTX_free(BN_RECP_CTX *recp) +{ + if (recp == NULL) + return; BN_free(&(recp->N)); BN_free(&(recp->Nr)); if (recp->flags & BN_FLG_MALLOCED) - OPENSSL_free(recp); - } + free(recp); +} -int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *d, BN_CTX *ctx) - { - if (!BN_copy(&(recp->N),d)) return 0; - if (!BN_zero(&(recp->Nr))) return 0; - recp->num_bits=BN_num_bits(d); - recp->shift=0; - return(1); - } +int +BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *d, BN_CTX *ctx) +{ + if (!BN_copy(&(recp->N), d)) + return 0; + BN_zero(&(recp->Nr)); + recp->num_bits = BN_num_bits(d); + recp->shift = 0; + return (1); +} -int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y, - BN_RECP_CTX *recp, BN_CTX *ctx) - { - int ret=0; +int +BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y, + BN_RECP_CTX *recp, BN_CTX *ctx) +{ + int ret = 0; BIGNUM *a; const BIGNUM *ca; BN_CTX_start(ctx); - if ((a = BN_CTX_get(ctx)) == NULL) goto err; - if (y != NULL) - { - if (x == y) - { if (!BN_sqr(a,x,ctx)) goto err; } - else - { if (!BN_mul(a,x,y,ctx)) goto err; } - ca = a; + if ((a = BN_CTX_get(ctx)) == NULL) + goto err; + if (y != NULL) { + if (x == y) { + if (!BN_sqr(a, x, ctx)) + goto err; + } else { + if (!BN_mul(a, x, y, ctx)) + goto err; } - else - ca=x; /* Just do the mod */ + ca = a; + } else + ca = x; /* Just do the mod */ + + ret = BN_div_recp(NULL, r, ca, recp, ctx); - ret = BN_div_recp(NULL,r,ca,recp,ctx); err: BN_CTX_end(ctx); - return(ret); - } + bn_check_top(r); + return (ret); +} -int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, - BN_RECP_CTX *recp, BN_CTX *ctx) - { - int i,j,ret=0; - BIGNUM *a,*b,*d,*r; +int +BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, BN_RECP_CTX *recp, + BN_CTX *ctx) +{ + int i, j, ret = 0; + BIGNUM *a, *b, *d, *r; BN_CTX_start(ctx); - a=BN_CTX_get(ctx); - b=BN_CTX_get(ctx); + a = BN_CTX_get(ctx); + b = BN_CTX_get(ctx); if (dv != NULL) - d=dv; + d = dv; else - d=BN_CTX_get(ctx); + d = BN_CTX_get(ctx); if (rem != NULL) - r=rem; + r = rem; else - r=BN_CTX_get(ctx); - if (a == NULL || b == NULL || d == NULL || r == NULL) goto err; + r = BN_CTX_get(ctx); + if (a == NULL || b == NULL || d == NULL || r == NULL) + goto err; - if (BN_ucmp(m,&(recp->N)) < 0) - { - if (!BN_zero(d)) return 0; - if (!BN_copy(r,m)) return 0; - BN_CTX_end(ctx); - return(1); + if (BN_ucmp(m, &(recp->N)) < 0) { + BN_zero(d); + if (!BN_copy(r, m)) { + BN_CTX_end(ctx); + return 0; } + BN_CTX_end(ctx); + return (1); + } /* We want the remainder * Given input of ABCDEF / ab @@ -160,71 +176,88 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, */ /* i := max(BN_num_bits(m), 2*BN_num_bits(N)) */ - i=BN_num_bits(m); - j=recp->num_bits<<1; - if (j>i) i=j; + i = BN_num_bits(m); + j = recp->num_bits << 1; + if (j > i) + i = j; /* Nr := round(2^i / N) */ if (i != recp->shift) - recp->shift=BN_reciprocal(&(recp->Nr),&(recp->N), - i,ctx); /* BN_reciprocal returns i, or -1 for an error */ - if (recp->shift == -1) goto err; + recp->shift = BN_reciprocal(&(recp->Nr), &(recp->N), i, ctx); + + /* BN_reciprocal returns i, or -1 for an error */ + if (recp->shift == -1) + goto err; /* d := |round(round(m / 2^BN_num_bits(N)) * recp->Nr / 2^(i - BN_num_bits(N)))| * = |round(round(m / 2^BN_num_bits(N)) * round(2^i / N) / 2^(i - BN_num_bits(N)))| * <= |(m / 2^BN_num_bits(N)) * (2^i / N) * (2^BN_num_bits(N) / 2^i)| * = |m/N| */ - if (!BN_rshift(a,m,recp->num_bits)) goto err; - if (!BN_mul(b,a,&(recp->Nr),ctx)) goto err; - if (!BN_rshift(d,b,i-recp->num_bits)) goto err; - d->neg=0; + if (!BN_rshift(a, m, recp->num_bits)) + goto err; + if (!BN_mul(b, a,&(recp->Nr), ctx)) + goto err; + if (!BN_rshift(d, b, i - recp->num_bits)) + goto err; + d->neg = 0; - if (!BN_mul(b,&(recp->N),d,ctx)) goto err; - if (!BN_usub(r,m,b)) goto err; - r->neg=0; + if (!BN_mul(b, &(recp->N), d, ctx)) + goto err; + if (!BN_usub(r, m, b)) + goto err; + r->neg = 0; #if 1 - j=0; - while (BN_ucmp(r,&(recp->N)) >= 0) - { - if (j++ > 2) - { - BNerr(BN_F_BN_MOD_MUL_RECIPROCAL,BN_R_BAD_RECIPROCAL); + j = 0; + while (BN_ucmp(r, &(recp->N)) >= 0) { + if (j++ > 2) { + BNerror(BN_R_BAD_RECIPROCAL); goto err; - } - if (!BN_usub(r,r,&(recp->N))) goto err; - if (!BN_add_word(d,1)) goto err; } + if (!BN_usub(r, r, &(recp->N))) + goto err; + if (!BN_add_word(d, 1)) + goto err; + } #endif - r->neg=BN_is_zero(r)?0:m->neg; - d->neg=m->neg^recp->N.neg; - ret=1; + r->neg = BN_is_zero(r) ? 0 : m->neg; + d->neg = m->neg^recp->N.neg; + ret = 1; + err: BN_CTX_end(ctx); - return(ret); - } + bn_check_top(dv); + bn_check_top(rem); + return (ret); +} /* len is the expected size of the result * We actually calculate with an extra word of precision, so * we can do faster division if the remainder is not required. */ /* r := 2^len / m */ -int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx) - { - int ret= -1; - BIGNUM t; +int +BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx) +{ + int ret = -1; + BIGNUM *t; - BN_init(&t); + BN_CTX_start(ctx); + if ((t = BN_CTX_get(ctx)) == NULL) + goto err; - if (!BN_zero(&t)) goto err; - if (!BN_set_bit(&t,len)) goto err; + if (!BN_set_bit(t, len)) + goto err; - if (!BN_div(r,NULL,&t,m,ctx)) goto err; + if (!BN_div_ct(r, NULL, t,m, ctx)) + goto err; + + ret = len; - ret=len; err: - BN_free(&t); - return(ret); - } + bn_check_top(r); + BN_CTX_end(ctx); + return (ret); +} diff --git a/src/lib/libcrypto/bn/bn_shift.c b/src/lib/libcrypto/bn/bn_shift.c index 70f785ea185..0e8211e3d60 100644 --- a/src/lib/libcrypto/bn/bn_shift.c +++ b/src/lib/libcrypto/bn/bn_shift.c @@ -1,25 +1,25 @@ -/* crypto/bn/bn_shift.c */ +/* $OpenBSD: bn_shift.c,v 1.13 2014/10/28 07:35:58 jsg Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,149 +57,162 @@ */ #include -#include "cryptlib.h" +#include + #include "bn_lcl.h" -int BN_lshift1(BIGNUM *r, const BIGNUM *a) - { - register BN_ULONG *ap,*rp,t,c; +int +BN_lshift1(BIGNUM *r, const BIGNUM *a) +{ + BN_ULONG *ap, *rp, t, c; int i; - if (r != a) - { - r->neg=a->neg; - if (bn_wexpand(r,a->top+1) == NULL) return(0); - r->top=a->top; - } - else - { - if (bn_wexpand(r,a->top+1) == NULL) return(0); - } - ap=a->d; - rp=r->d; - c=0; - for (i=0; itop; i++) - { + bn_check_top(r); + bn_check_top(a); + + if (r != a) { + r->neg = a->neg; + if (bn_wexpand(r, a->top + 1) == NULL) + return (0); + r->top = a->top; + } else { + if (bn_wexpand(r, a->top + 1) == NULL) + return (0); + } + ap = a->d; + rp = r->d; + c = 0; + for (i = 0; i < a->top; i++) { t= *(ap++); - *(rp++)=((t<<1)|c)&BN_MASK2; - c=(t & BN_TBIT)?1:0; - } - if (c) - { - *rp=1; + *(rp++) = ((t << 1) | c) & BN_MASK2; + c = (t & BN_TBIT) ? 1 : 0; + } + if (c) { + *rp = 1; r->top++; - } - return(1); } + bn_check_top(r); + return (1); +} -int BN_rshift1(BIGNUM *r, const BIGNUM *a) - { - BN_ULONG *ap,*rp,t,c; - int i; +int +BN_rshift1(BIGNUM *r, const BIGNUM *a) +{ + BN_ULONG *ap, *rp, t, c; + int i, j; - if (BN_is_zero(a)) - { + bn_check_top(r); + bn_check_top(a); + + if (BN_is_zero(a)) { BN_zero(r); - return(1); - } - if (a != r) - { - if (bn_wexpand(r,a->top) == NULL) return(0); - r->top=a->top; - r->neg=a->neg; - } - ap=a->d; - rp=r->d; - c=0; - for (i=a->top-1; i>=0; i--) - { - t=ap[i]; - rp[i]=((t>>1)&BN_MASK2)|c; - c=(t&1)?BN_TBIT:0; - } - bn_fix_top(r); - return(1); + return (1); + } + i = a->top; + ap = a->d; + j = i - (ap[i - 1]==1); + if (a != r) { + if (bn_wexpand(r, j) == NULL) + return (0); + r->neg = a->neg; } + rp = r->d; + t = ap[--i]; + c = (t & 1) ? BN_TBIT : 0; + if (t >>= 1) + rp[i] = t; + while (i > 0) { + t = ap[--i]; + rp[i] = ((t >> 1) & BN_MASK2) | c; + c = (t & 1) ? BN_TBIT : 0; + } + r->top = j; + bn_check_top(r); + return (1); +} -int BN_lshift(BIGNUM *r, const BIGNUM *a, int n) - { - int i,nw,lb,rb; - BN_ULONG *t,*f; +int +BN_lshift(BIGNUM *r, const BIGNUM *a, int n) +{ + int i, nw, lb, rb; + BN_ULONG *t, *f; BN_ULONG l; - r->neg=a->neg; - nw=n/BN_BITS2; - if (bn_wexpand(r,a->top+nw+1) == NULL) return(0); - lb=n%BN_BITS2; - rb=BN_BITS2-lb; - f=a->d; - t=r->d; - t[a->top+nw]=0; + bn_check_top(r); + bn_check_top(a); + + r->neg = a->neg; + nw = n / BN_BITS2; + if (bn_wexpand(r, a->top + nw + 1) == NULL) + return (0); + lb = n % BN_BITS2; + rb = BN_BITS2 - lb; + f = a->d; + t = r->d; + t[a->top + nw] = 0; if (lb == 0) - for (i=a->top-1; i>=0; i--) - t[nw+i]=f[i]; + for (i = a->top - 1; i >= 0; i--) + t[nw + i] = f[i]; else - for (i=a->top-1; i>=0; i--) - { - l=f[i]; - t[nw+i+1]|=(l>>rb)&BN_MASK2; - t[nw+i]=(l<top - 1; i >= 0; i--) { + l = f[i]; + t[nw + i + 1] |= (l >> rb) & BN_MASK2; + t[nw + i] = (l << lb) & BN_MASK2; + } + memset(t, 0, nw * sizeof(t[0])); /* for (i=0; itop=a->top+nw+1; - bn_fix_top(r); - return(1); - } + r->top = a->top + nw + 1; + bn_correct_top(r); + bn_check_top(r); + return (1); +} + +int +BN_rshift(BIGNUM *r, const BIGNUM *a, int n) +{ + int i, j, nw, lb, rb; + BN_ULONG *t, *f; + BN_ULONG l, tmp; + + bn_check_top(r); + bn_check_top(a); -int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) - { - int i,j,nw,lb,rb; - BN_ULONG *t,*f; - BN_ULONG l,tmp; - - nw=n/BN_BITS2; - rb=n%BN_BITS2; - lb=BN_BITS2-rb; - if (nw > a->top || a->top == 0) - { + nw = n / BN_BITS2; + rb = n % BN_BITS2; + lb = BN_BITS2 - rb; + if (nw >= a->top || a->top == 0) { BN_zero(r); - return(1); - } - if (r != a) - { - r->neg=a->neg; - if (bn_wexpand(r,a->top-nw+1) == NULL) return(0); - } - else - { + return (1); + } + i = (BN_num_bits(a) - n + (BN_BITS2 - 1)) / BN_BITS2; + if (r != a) { + r->neg = a->neg; + if (bn_wexpand(r, i) == NULL) + return (0); + } else { if (n == 0) return 1; /* or the copying loop will go berserk */ - } + } - f= &(a->d[nw]); - t=r->d; - j=a->top-nw; - r->top=j; + f = &(a->d[nw]); + t = r->d; + j = a->top - nw; + r->top = i; - if (rb == 0) - { - for (i=j+1; i > 0; i--) - *(t++)= *(f++); - } - else - { - l= *(f++); - for (i=1; i>rb)&BN_MASK2; - l= *(f++); - *(t++) =(tmp|(l<>rb)&BN_MASK2; + if (rb == 0) { + for (i = j; i != 0; i--) + *(t++) = *(f++); + } else { + l = *(f++); + for (i = j - 1; i != 0; i--) { + tmp = (l >> rb) & BN_MASK2; + l = *(f++); + *(t++) = (tmp|(l << lb)) & BN_MASK2; } - *t=0; - bn_fix_top(r); - return(1); + if ((l = (l >> rb) & BN_MASK2)) + *(t) = l; } + bn_check_top(r); + return (1); +} diff --git a/src/lib/libcrypto/bn/bn_sqr.c b/src/lib/libcrypto/bn/bn_sqr.c index c1d0cca438d..a0dce6ea817 100644 --- a/src/lib/libcrypto/bn/bn_sqr.c +++ b/src/lib/libcrypto/bn/bn_sqr.c @@ -1,25 +1,25 @@ -/* crypto/bn/bn_sqr.c */ +/* $OpenBSD: bn_sqr.c,v 1.12 2015/02/09 15:49:22 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,134 +57,137 @@ */ #include -#include "cryptlib.h" +#include + #include "bn_lcl.h" /* r must not be a */ /* I've just gone over this and it is now %20 faster on x86 - eay - 27 Jun 96 */ -int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) - { - int max,al; +int +BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) +{ + int max, al; int ret = 0; - BIGNUM *tmp,*rr; + BIGNUM *tmp, *rr; #ifdef BN_COUNT - fprintf(stderr,"BN_sqr %d * %d\n",a->top,a->top); + fprintf(stderr, "BN_sqr %d * %d\n", a->top, a->top); #endif bn_check_top(a); - al=a->top; - if (al <= 0) - { - r->top=0; - return(1); - } + al = a->top; + if (al <= 0) { + r->top = 0; + r->neg = 0; + return 1; + } BN_CTX_start(ctx); - rr=(a != r) ? r : BN_CTX_get(ctx); - tmp=BN_CTX_get(ctx); - if (tmp == NULL) goto err; + rr = (a != r) ? r : BN_CTX_get(ctx); + tmp = BN_CTX_get(ctx); + if (rr == NULL || tmp == NULL) + goto err; - max=(al+al); - if (bn_wexpand(rr,max+1) == NULL) goto err; + max = 2 * al; /* Non-zero (from above) */ + if (bn_wexpand(rr, max) == NULL) + goto err; - if (al == 4) - { + if (al == 4) { #ifndef BN_SQR_COMBA BN_ULONG t[8]; - bn_sqr_normal(rr->d,a->d,4,t); + bn_sqr_normal(rr->d, a->d, 4, t); #else - bn_sqr_comba4(rr->d,a->d); + bn_sqr_comba4(rr->d, a->d); #endif - } - else if (al == 8) - { + } else if (al == 8) { #ifndef BN_SQR_COMBA BN_ULONG t[16]; - bn_sqr_normal(rr->d,a->d,8,t); + bn_sqr_normal(rr->d, a->d, 8, t); #else - bn_sqr_comba8(rr->d,a->d); + bn_sqr_comba8(rr->d, a->d); #endif - } - else - { + } else { #if defined(BN_RECURSION) - if (al < BN_SQR_RECURSIVE_SIZE_NORMAL) - { + if (al < BN_SQR_RECURSIVE_SIZE_NORMAL) { BN_ULONG t[BN_SQR_RECURSIVE_SIZE_NORMAL*2]; - bn_sqr_normal(rr->d,a->d,al,t); - } - else - { - int j,k; + bn_sqr_normal(rr->d, a->d, al, t); + } else { + int j, k; - j=BN_num_bits_word((BN_ULONG)al); - j=1<<(j-1); - k=j+j; - if (al == j) - { - if (bn_wexpand(tmp,k*2) == NULL) goto err; - bn_sqr_recursive(rr->d,a->d,al,tmp->d); - } - else - { - if (bn_wexpand(tmp,max) == NULL) goto err; - bn_sqr_normal(rr->d,a->d,al,tmp->d); - } + j = BN_num_bits_word((BN_ULONG)al); + j = 1 << (j - 1); + k = j + j; + if (al == j) { + if (bn_wexpand(tmp, k * 2) == NULL) + goto err; + bn_sqr_recursive(rr->d, a->d, al, tmp->d); + } else { + if (bn_wexpand(tmp, max) == NULL) + goto err; + bn_sqr_normal(rr->d, a->d, al, tmp->d); } + } #else - if (bn_wexpand(tmp,max) == NULL) goto err; - bn_sqr_normal(rr->d,a->d,al,tmp->d); + if (bn_wexpand(tmp, max) == NULL) + goto err; + bn_sqr_normal(rr->d, a->d, al, tmp->d); #endif - } + } - rr->top=max; - rr->neg=0; - if ((max > 0) && (rr->d[max-1] == 0)) rr->top--; - if (rr != r) BN_copy(r,rr); + rr->neg = 0; + /* If the most-significant half of the top word of 'a' is zero, then + * the square of 'a' will max-1 words. */ + if (a->d[al - 1] == (a->d[al - 1] & BN_MASK2l)) + rr->top = max - 1; + else + rr->top = max; + if (rr != r) + BN_copy(r, rr); ret = 1; - err: + +err: + bn_check_top(rr); + bn_check_top(tmp); BN_CTX_end(ctx); - return(ret); - } + return (ret); +} /* tmp must have 2*n words */ -void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp) - { - int i,j,max; +void +bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp) +{ + int i, j, max; const BN_ULONG *ap; BN_ULONG *rp; - max=n*2; - ap=a; - rp=r; - rp[0]=rp[max-1]=0; + max = n * 2; + ap = a; + rp = r; + rp[0] = rp[max - 1] = 0; rp++; - j=n; + j = n; - if (--j > 0) - { + if (--j > 0) { ap++; - rp[j]=bn_mul_words(rp,ap,j,ap[-1]); - rp+=2; - } + rp[j] = bn_mul_words(rp, ap, j, ap[-1]); + rp += 2; + } - for (i=n-2; i>0; i--) - { + for (i = n - 2; i > 0; i--) { j--; ap++; - rp[j]=bn_mul_add_words(rp,ap,j,ap[-1]); - rp+=2; - } + rp[j] = bn_mul_add_words(rp, ap, j, ap[-1]); + rp += 2; + } - bn_add_words(r,r,r,max); + bn_add_words(r, r, r, max); /* There will not be a carry */ - bn_sqr_words(tmp,a,n); + bn_sqr_words(tmp, a, n); - bn_add_words(r,r,tmp,max); - } + bn_add_words(r, r, tmp, max); +} #ifdef BN_RECURSION /* r is 2*n words in size, @@ -197,92 +200,87 @@ void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp) * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0]) * a[1]*b[1] */ -void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t) - { - int n=n2/2; - int zero,c1; - BN_ULONG ln,lo,*p; +void +bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t) +{ + int n = n2 / 2; + int zero, c1; + BN_ULONG ln, lo, *p; #ifdef BN_COUNT - fprintf(stderr," bn_sqr_recursive %d * %d\n",n2,n2); + fprintf(stderr, " bn_sqr_recursive %d * %d\n", n2, n2); #endif - if (n2 == 4) - { + if (n2 == 4) { #ifndef BN_SQR_COMBA - bn_sqr_normal(r,a,4,t); + bn_sqr_normal(r, a, 4, t); #else - bn_sqr_comba4(r,a); + bn_sqr_comba4(r, a); #endif return; - } - else if (n2 == 8) - { + } else if (n2 == 8) { #ifndef BN_SQR_COMBA - bn_sqr_normal(r,a,8,t); + bn_sqr_normal(r, a, 8, t); #else - bn_sqr_comba8(r,a); + bn_sqr_comba8(r, a); #endif return; - } - if (n2 < BN_SQR_RECURSIVE_SIZE_NORMAL) - { - bn_sqr_normal(r,a,n2,t); + } + if (n2 < BN_SQR_RECURSIVE_SIZE_NORMAL) { + bn_sqr_normal(r, a, n2, t); return; - } + } /* r=(a[0]-a[1])*(a[1]-a[0]) */ - c1=bn_cmp_words(a,&(a[n]),n); - zero=0; + c1 = bn_cmp_words(a, &(a[n]), n); + zero = 0; if (c1 > 0) - bn_sub_words(t,a,&(a[n]),n); + bn_sub_words(t, a, &(a[n]), n); else if (c1 < 0) - bn_sub_words(t,&(a[n]),a,n); + bn_sub_words(t, &(a[n]), a, n); else - zero=1; + zero = 1; /* The result will always be negative unless it is zero */ - p= &(t[n2*2]); + p = &(t[n2*2]); if (!zero) - bn_sqr_recursive(&(t[n2]),t,n,p); + bn_sqr_recursive(&(t[n2]), t, n, p); else - memset(&(t[n2]),0,n2*sizeof(BN_ULONG)); - bn_sqr_recursive(r,a,n,p); - bn_sqr_recursive(&(r[n2]),&(a[n]),n,p); + memset(&(t[n2]), 0, n2 * sizeof(BN_ULONG)); + bn_sqr_recursive(r, a, n, p); + bn_sqr_recursive(&(r[n2]), &(a[n]), n, p); /* t[32] holds (a[0]-a[1])*(a[1]-a[0]), it is negative or zero * r[10] holds (a[0]*b[0]) * r[32] holds (b[1]*b[1]) */ - c1=(int)(bn_add_words(t,r,&(r[n2]),n2)); + c1 = (int)(bn_add_words(t, r, &(r[n2]), n2)); /* t[32] is negative */ - c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2)); + c1 -= (int)(bn_sub_words(&(t[n2]), t, &(t[n2]), n2)); /* t[32] holds (a[0]-a[1])*(a[1]-a[0])+(a[0]*a[0])+(a[1]*a[1]) * r[10] holds (a[0]*a[0]) * r[32] holds (a[1]*a[1]) * c1 holds the carry bits */ - c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2)); - if (c1) - { - p= &(r[n+n2]); + c1 += (int)(bn_add_words(&(r[n]), &(r[n]), &(t[n2]), n2)); + if (c1) { + p = &(r[n + n2]); lo= *p; - ln=(lo+c1)&BN_MASK2; - *p=ln; + ln = (lo + c1) & BN_MASK2; + *p = ln; /* The overflow will stop before we over write * words we should not overwrite */ - if (ln < (BN_ULONG)c1) - { - do { + if (ln < (BN_ULONG)c1) { + do { p++; lo= *p; - ln=(lo+1)&BN_MASK2; - *p=ln; - } while (ln == 0); - } + ln = (lo + 1) & BN_MASK2; + *p = ln; + } while (ln == 0); } } +} #endif diff --git a/src/lib/libcrypto/bn/bn_sqrt.c b/src/lib/libcrypto/bn/bn_sqrt.c index e2a1105dc83..8514f23a274 100644 --- a/src/lib/libcrypto/bn/bn_sqrt.c +++ b/src/lib/libcrypto/bn/bn_sqrt.c @@ -1,4 +1,4 @@ -/* crypto/bn/bn_mod.c */ +/* $OpenBSD: bn_sqrt.c,v 1.9 2017/01/29 17:49:22 beck Exp $ */ /* Written by Lenka Fibikova * and Bodo Moeller for the OpenSSL project. */ /* ==================================================================== @@ -9,7 +9,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -55,81 +55,80 @@ * */ -#include "cryptlib.h" -#include "bn_lcl.h" +#include +#include "bn_lcl.h" -BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) +BIGNUM * +BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) /* Returns 'ret' such that * ret^2 == a (mod p), * using the Tonelli/Shanks algorithm (cf. Henri Cohen, "A Course * in Algebraic Computational Number Theory", algorithm 1.5.1). * 'p' must be prime! - * If 'a' is not a square, this is not necessarily detected by - * the algorithms; a bogus result must be expected in this case. */ - { +{ BIGNUM *ret = in; int err = 1; int r; - BIGNUM *b, *q, *t, *x, *y; + BIGNUM *A, *b, *q, *t, *x, *y; int e, i, j; - - if (!BN_is_odd(p) || BN_abs_is_word(p, 1)) - { - if (BN_abs_is_word(p, 2)) - { + + if (!BN_is_odd(p) || BN_abs_is_word(p, 1)) { + if (BN_abs_is_word(p, 2)) { if (ret == NULL) ret = BN_new(); if (ret == NULL) goto end; - if (!BN_set_word(ret, BN_is_bit_set(a, 0))) - { - BN_free(ret); + if (!BN_set_word(ret, BN_is_bit_set(a, 0))) { + if (ret != in) + BN_free(ret); return NULL; - } - return ret; } - - BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME); - return(NULL); + bn_check_top(ret); + return ret; } - if (BN_is_zero(a) || BN_is_one(a)) - { + BNerror(BN_R_P_IS_NOT_PRIME); + return (NULL); + } + + if (BN_is_zero(a) || BN_is_one(a)) { if (ret == NULL) ret = BN_new(); if (ret == NULL) goto end; - if (!BN_set_word(ret, BN_is_one(a))) - { - BN_free(ret); + if (!BN_set_word(ret, BN_is_one(a))) { + if (ret != in) + BN_free(ret); return NULL; - } - return ret; } - -#if 0 /* if BN_mod_sqrt is used with correct input, this just wastes time */ - r = BN_kronecker(a, p, ctx); - if (r < -1) return NULL; - if (r == -1) - { - BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE); - return(NULL); - } -#endif + bn_check_top(ret); + return ret; + } BN_CTX_start(ctx); - b = BN_CTX_get(ctx); - q = BN_CTX_get(ctx); - t = BN_CTX_get(ctx); - x = BN_CTX_get(ctx); - y = BN_CTX_get(ctx); - if (y == NULL) goto end; - + if ((A = BN_CTX_get(ctx)) == NULL) + goto end; + if ((b = BN_CTX_get(ctx)) == NULL) + goto end; + if ((q = BN_CTX_get(ctx)) == NULL) + goto end; + if ((t = BN_CTX_get(ctx)) == NULL) + goto end; + if ((x = BN_CTX_get(ctx)) == NULL) + goto end; + if ((y = BN_CTX_get(ctx)) == NULL) + goto end; + if (ret == NULL) ret = BN_new(); - if (ret == NULL) goto end; + if (ret == NULL) + goto end; + + /* A = a mod p */ + if (!BN_nnmod(A, a, p, ctx)) + goto end; /* now write |p| - 1 as 2^e*q where q is odd */ e = 1; @@ -137,8 +136,7 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) e++; /* we'll set q later (if needed) */ - if (e == 1) - { + if (e == 1) { /* The easy case: (|p|-1)/2 is odd, so 2 has an inverse * modulo (|p|-1)/2, and square roots can be computed * directly by modular exponentiation. @@ -146,16 +144,18 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) * 2 * (|p|+1)/4 == 1 (mod (|p|-1)/2), * so we can use exponent (|p|+1)/4, i.e. (|p|-3)/4 + 1. */ - if (!BN_rshift(q, p, 2)) goto end; + if (!BN_rshift(q, p, 2)) + goto end; q->neg = 0; - if (!BN_add_word(q, 1)) goto end; - if (!BN_mod_exp(ret, a, q, p, ctx)) goto end; + if (!BN_add_word(q, 1)) + goto end; + if (!BN_mod_exp_ct(ret, A, q, p, ctx)) + goto end; err = 0; - goto end; - } - - if (e == 2) - { + goto vrfy; + } + + if (e == 2) { /* |p| == 5 (mod 8) * * In this case 2 is always a non-square since @@ -177,101 +177,107 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) * = a*(-i)*i * = a. * - * (This is due to A.O.L. Atkin, + * (This is due to A.O.L. Atkin, * , * November 1992.) */ - /* make sure that a is reduced modulo p */ - if (a->neg || BN_ucmp(a, p) >= 0) - { - if (!BN_nnmod(x, a, p, ctx)) goto end; - a = x; /* use x as temporary variable */ - } - /* t := 2*a */ - if (!BN_mod_lshift1_quick(t, a, p)) goto end; + if (!BN_mod_lshift1_quick(t, A, p)) + goto end; /* b := (2*a)^((|p|-5)/8) */ - if (!BN_rshift(q, p, 3)) goto end; + if (!BN_rshift(q, p, 3)) + goto end; q->neg = 0; - if (!BN_mod_exp(b, t, q, p, ctx)) goto end; + if (!BN_mod_exp_ct(b, t, q, p, ctx)) + goto end; /* y := b^2 */ - if (!BN_mod_sqr(y, b, p, ctx)) goto end; + if (!BN_mod_sqr(y, b, p, ctx)) + goto end; /* t := (2*a)*b^2 - 1*/ - if (!BN_mod_mul(t, t, y, p, ctx)) goto end; - if (!BN_sub_word(t, 1)) goto end; + if (!BN_mod_mul(t, t, y, p, ctx)) + goto end; + if (!BN_sub_word(t, 1)) + goto end; /* x = a*b*t */ - if (!BN_mod_mul(x, a, b, p, ctx)) goto end; - if (!BN_mod_mul(x, x, t, p, ctx)) goto end; + if (!BN_mod_mul(x, A, b, p, ctx)) + goto end; + if (!BN_mod_mul(x, x, t, p, ctx)) + goto end; - if (!BN_copy(ret, x)) goto end; + if (!BN_copy(ret, x)) + goto end; err = 0; - goto end; - } - + goto vrfy; + } + /* e > 2, so we really have to use the Tonelli/Shanks algorithm. * First, find some y that is not a square. */ if (!BN_copy(q, p)) goto end; /* use 'q' as temp */ - q->neg = 0; + q->neg = 0; i = 2; - do - { + do { /* For efficiency, try small numbers first; * if this fails, try random numbers. */ - if (i < 22) - { - if (!BN_set_word(y, i)) goto end; - } - else - { - if (!BN_pseudo_rand(y, BN_num_bits(p), 0, 0)) goto end; - if (BN_ucmp(y, p) >= 0) - { - if (!(p->neg ? BN_add : BN_sub)(y, y, p)) goto end; + if (i < 22) { + if (!BN_set_word(y, i)) + goto end; + } else { + if (!BN_pseudo_rand(y, BN_num_bits(p), 0, 0)) + goto end; + if (BN_ucmp(y, p) >= 0) { + if (p->neg) { + if (!BN_add(y, y, p)) + goto end; + } else { + if (!BN_sub(y, y, p)) + goto end; } + } /* now 0 <= y < |p| */ if (BN_is_zero(y)) - if (!BN_set_word(y, i)) goto end; - } - + if (!BN_set_word(y, i)) + goto end; + } + r = BN_kronecker(y, q, ctx); /* here 'q' is |p| */ - if (r < -1) goto end; - if (r == 0) - { + if (r < -1) + goto end; + if (r == 0) { /* m divides p */ - BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME); + BNerror(BN_R_P_IS_NOT_PRIME); goto end; - } } + } while (r == 1 && ++i < 82); - - if (r != -1) - { + + if (r != -1) { /* Many rounds and still no non-square -- this is more likely * a bug than just bad luck. * Even if p is not prime, we should have found some y * such that r == -1. */ - BNerr(BN_F_BN_MOD_SQRT, BN_R_TOO_MANY_ITERATIONS); + BNerror(BN_R_TOO_MANY_ITERATIONS); goto end; - } + } /* Here's our actual 'q': */ - if (!BN_rshift(q, q, e)) goto end; + if (!BN_rshift(q, q, e)) + goto end; /* Now that we have some non-square, we can find an element * of order 2^e by computing its q'th power. */ - if (!BN_mod_exp(y, y, q, p, ctx)) goto end; - if (BN_is_one(y)) - { - BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME); + if (!BN_mod_exp_ct(y, y, q, p, ctx)) goto end; - } + if (BN_is_one(y)) { + BNerror(BN_R_P_IS_NOT_PRIME); + goto end; + } /* Now we know that (if p is indeed prime) there is an integer * k, 0 <= k < 2^e, such that @@ -290,45 +296,45 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) * * so it is the square root that we are looking for. */ - + /* t := (q-1)/2 (note that q is odd) */ - if (!BN_rshift1(t, q)) goto end; - + if (!BN_rshift1(t, q)) + goto end; + /* x := a^((q-1)/2) */ if (BN_is_zero(t)) /* special case: p = 2^e + 1 */ - { - if (!BN_nnmod(t, a, p, ctx)) goto end; - if (BN_is_zero(t)) - { + { + if (!BN_nnmod(t, A, p, ctx)) + goto end; + if (BN_is_zero(t)) { /* special case: a == 0 (mod p) */ - if (!BN_zero(ret)) goto end; + BN_zero(ret); err = 0; goto end; - } - else - if (!BN_one(x)) goto end; - } - else - { - if (!BN_mod_exp(x, a, t, p, ctx)) goto end; - if (BN_is_zero(x)) - { + } else if (!BN_one(x)) + goto end; + } else { + if (!BN_mod_exp_ct(x, A, t, p, ctx)) + goto end; + if (BN_is_zero(x)) { /* special case: a == 0 (mod p) */ - if (!BN_zero(ret)) goto end; + BN_zero(ret); err = 0; goto end; - } } + } /* b := a*x^2 (= a^q) */ - if (!BN_mod_sqr(b, x, p, ctx)) goto end; - if (!BN_mod_mul(b, b, a, p, ctx)) goto end; - + if (!BN_mod_sqr(b, x, p, ctx)) + goto end; + if (!BN_mod_mul(b, b, A, p, ctx)) + goto end; + /* x := a*x (= a^((q+1)/2)) */ - if (!BN_mod_mul(x, x, a, p, ctx)) goto end; + if (!BN_mod_mul(x, x, A, p, ctx)) + goto end; - while (1) - { + while (1) { /* Now b is a^q * y^k for some even k (0 <= k < 2^E * where E refers to the original value of e, which we * don't keep in a variable), and x is a^((q+1)/2) * y^(k/2). @@ -338,50 +344,67 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) * b^2^(e-1) = 1. */ - if (BN_is_one(b)) - { - if (!BN_copy(ret, x)) goto end; + if (BN_is_one(b)) { + if (!BN_copy(ret, x)) + goto end; err = 0; - goto end; - } + goto vrfy; + } /* find smallest i such that b^(2^i) = 1 */ i = 1; - if (!BN_mod_sqr(t, b, p, ctx)) goto end; - while (!BN_is_one(t)) - { + if (!BN_mod_sqr(t, b, p, ctx)) + goto end; + while (!BN_is_one(t)) { i++; - if (i == e) - { - BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE); + if (i == e) { + BNerror(BN_R_NOT_A_SQUARE); goto end; - } - if (!BN_mod_mul(t, t, t, p, ctx)) goto end; } - + if (!BN_mod_mul(t, t, t, p, ctx)) + goto end; + } + /* t := y^2^(e - i - 1) */ - if (!BN_copy(t, y)) goto end; - for (j = e - i - 1; j > 0; j--) - { - if (!BN_mod_sqr(t, t, p, ctx)) goto end; - } - if (!BN_mod_mul(y, t, t, p, ctx)) goto end; - if (!BN_mod_mul(x, x, t, p, ctx)) goto end; - if (!BN_mod_mul(b, b, y, p, ctx)) goto end; + if (!BN_copy(t, y)) + goto end; + for (j = e - i - 1; j > 0; j--) { + if (!BN_mod_sqr(t, t, p, ctx)) + goto end; + } + if (!BN_mod_mul(y, t, t, p, ctx)) + goto end; + if (!BN_mod_mul(x, x, t, p, ctx)) + goto end; + if (!BN_mod_mul(b, b, y, p, ctx)) + goto end; e = i; + } + +vrfy: + if (!err) { + /* verify the result -- the input might have been not a square + * (test added in 0.9.8) */ + + if (!BN_mod_sqr(x, ret, p, ctx)) + err = 1; + + if (!err && 0 != BN_cmp(x, A)) { + BNerror(BN_R_NOT_A_SQUARE); + err = 1; } + } - end: - if (err) - { - if (ret != NULL && ret != in) - { +end: + if (err) { + if (ret != NULL && ret != in) { BN_clear_free(ret); - } - ret = NULL; } + ret = NULL; + } BN_CTX_end(ctx); + bn_check_top(ret); return ret; - } +} diff --git a/src/lib/libcrypto/bn/bn_word.c b/src/lib/libcrypto/bn/bn_word.c index cd59baa2c49..71654586a1b 100644 --- a/src/lib/libcrypto/bn/bn_word.c +++ b/src/lib/libcrypto/bn/bn_word.c @@ -1,25 +1,25 @@ -/* crypto/bn/bn_word.c */ +/* $OpenBSD: bn_word.c,v 1.13 2016/07/05 02:54:35 bcook Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,143 +57,191 @@ */ #include -#include "cryptlib.h" + #include "bn_lcl.h" -BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w) - { +BN_ULONG +BN_mod_word(const BIGNUM *a, BN_ULONG w) +{ #ifndef BN_LLONG - BN_ULONG ret=0; + BN_ULONG ret = 0; #else - BN_ULLONG ret=0; + BN_ULLONG ret = 0; #endif int i; - w&=BN_MASK2; - for (i=a->top-1; i>=0; i--) - { + if (w == 0) + return (BN_ULONG) - 1; + +#ifndef BN_ULLONG + /* If |w| is too long and we don't have |BN_ULLONG| then we need to fall back + * to using |BN_div_word|. */ + if (w > ((BN_ULONG)1 << BN_BITS4)) { + BIGNUM *tmp = BN_dup(a); + if (tmp == NULL) { + return (BN_ULONG)-1; + } + ret = BN_div_word(tmp, w); + BN_free(tmp); + return ret; + } +#endif + + bn_check_top(a); + w &= BN_MASK2; + for (i = a->top - 1; i >= 0; i--) { #ifndef BN_LLONG - ret=((ret<d[i]>>BN_BITS4)&BN_MASK2l))%w; - ret=((ret<d[i]&BN_MASK2l))%w; + ret = ((ret << BN_BITS4) | ((a->d[i] >> BN_BITS4) & + BN_MASK2l)) % w; + ret = ((ret << BN_BITS4) | (a->d[i] & BN_MASK2l)) % w; #else - ret=(BN_ULLONG)(((ret<<(BN_ULLONG)BN_BITS2)|a->d[i])% - (BN_ULLONG)w); + ret = (BN_ULLONG)(((ret << (BN_ULLONG)BN_BITS2) | + a->d[i]) % (BN_ULLONG)w); #endif - } - return((BN_ULONG)ret); } + return ((BN_ULONG)ret); +} -BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w) - { - BN_ULONG ret; - int i; +BN_ULONG +BN_div_word(BIGNUM *a, BN_ULONG w) +{ + BN_ULONG ret = 0; + int i, j; - if (a->top == 0) return(0); - ret=0; - w&=BN_MASK2; - for (i=a->top-1; i>=0; i--) - { - BN_ULONG l,d; - - l=a->d[i]; - d=bn_div_words(ret,l,w); - ret=(l-((d*w)&BN_MASK2))&BN_MASK2; - a->d[i]=d; - } - if ((a->top > 0) && (a->d[a->top-1] == 0)) - a->top--; - return(ret); + bn_check_top(a); + w &= BN_MASK2; + + if (!w) + /* actually this an error (division by zero) */ + return (BN_ULONG) - 1; + if (a->top == 0) + return 0; + + /* normalize input (so bn_div_words doesn't complain) */ + j = BN_BITS2 - BN_num_bits_word(w); + w <<= j; + if (!BN_lshift(a, a, j)) + return (BN_ULONG) - 1; + + for (i = a->top - 1; i >= 0; i--) { + BN_ULONG l, d; + + l = a->d[i]; + d = bn_div_words(ret, l, w); + ret = (l - ((d*w)&BN_MASK2))&BN_MASK2; + a->d[i] = d; } + if ((a->top > 0) && (a->d[a->top - 1] == 0)) + a->top--; + ret >>= j; + bn_check_top(a); + return (ret); +} -int BN_add_word(BIGNUM *a, BN_ULONG w) - { +int +BN_add_word(BIGNUM *a, BN_ULONG w) +{ BN_ULONG l; int i; - if (a->neg) - { - a->neg=0; - i=BN_sub_word(a,w); + bn_check_top(a); + w &= BN_MASK2; + + /* degenerate case: w is zero */ + if (!w) + return 1; + /* degenerate case: a is zero */ + if (BN_is_zero(a)) + return BN_set_word(a, w); + /* handle 'a' when negative */ + if (a->neg) { + a->neg = 0; + i = BN_sub_word(a, w); if (!BN_is_zero(a)) a->neg=!(a->neg); - return(i); - } - w&=BN_MASK2; - if (bn_wexpand(a,a->top+1) == NULL) return(0); - i=0; - for (;;) - { - l=(a->d[i]+(BN_ULONG)w)&BN_MASK2; - a->d[i]=l; - if (w > l) - w=1; - else - break; - i++; - } - if (i >= a->top) + return (i); + } + for (i = 0; w != 0 && i < a->top; i++) { + a->d[i] = l = (a->d[i] + w) & BN_MASK2; + w = (w > l) ? 1 : 0; + } + if (w && i == a->top) { + if (bn_wexpand(a, a->top + 1) == NULL) + return 0; a->top++; - return(1); + a->d[i] = w; } + bn_check_top(a); + return (1); +} -int BN_sub_word(BIGNUM *a, BN_ULONG w) - { +int +BN_sub_word(BIGNUM *a, BN_ULONG w) +{ int i; - if (BN_is_zero(a) || a->neg) - { - a->neg=0; - i=BN_add_word(a,w); - a->neg=1; - return(i); - } + bn_check_top(a); + w &= BN_MASK2; - w&=BN_MASK2; - if ((a->top == 1) && (a->d[0] < w)) - { - a->d[0]=w-a->d[0]; - a->neg=1; - return(1); - } - i=0; - for (;;) - { - if (a->d[i] >= w) - { - a->d[i]-=w; + /* degenerate case: w is zero */ + if (!w) + return 1; + /* degenerate case: a is zero */ + if (BN_is_zero(a)) { + i = BN_set_word(a, w); + if (i != 0) + BN_set_negative(a, 1); + return i; + } + /* handle 'a' when negative */ + if (a->neg) { + a->neg = 0; + i = BN_add_word(a, w); + a->neg = 1; + return (i); + } + + if ((a->top == 1) && (a->d[0] < w)) { + a->d[0] = w - a->d[0]; + a->neg = 1; + return (1); + } + i = 0; + for (;;) { + if (a->d[i] >= w) { + a->d[i] -= w; break; - } - else - { - a->d[i]=(a->d[i]-w)&BN_MASK2; + } else { + a->d[i] = (a->d[i] - w) & BN_MASK2; i++; - w=1; - } + w = 1; } - if ((a->d[i] == 0) && (i == (a->top-1))) - a->top--; - return(1); } + if ((a->d[i] == 0) && (i == (a->top - 1))) + a->top--; + bn_check_top(a); + return (1); +} -int BN_mul_word(BIGNUM *a, BN_ULONG w) - { +int +BN_mul_word(BIGNUM *a, BN_ULONG w) +{ BN_ULONG ll; - w&=BN_MASK2; - if (a->top) - { + bn_check_top(a); + w &= BN_MASK2; + if (a->top) { if (w == 0) BN_zero(a); - else - { - ll=bn_mul_words(a->d,a->d,a->top,w); - if (ll) - { - if (bn_wexpand(a,a->top+1) == NULL) return(0); - a->d[a->top++]=ll; - } + else { + ll = bn_mul_words(a->d, a->d, a->top, w); + if (ll) { + if (bn_wexpand(a, a->top + 1) == NULL) + return (0); + a->d[a->top++] = ll; } } - return(1); } - + bn_check_top(a); + return (1); +} diff --git a/src/lib/libcrypto/bn/bn_x931p.c b/src/lib/libcrypto/bn/bn_x931p.c new file mode 100644 index 00000000000..55ca21c08c3 --- /dev/null +++ b/src/lib/libcrypto/bn/bn_x931p.c @@ -0,0 +1,291 @@ +/* $OpenBSD: bn_x931p.c,v 1.11 2019/01/20 01:56:59 tb Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2005. + */ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include + +#include "bn_lcl.h" + +/* X9.31 routines for prime derivation */ + +/* X9.31 prime derivation. This is used to generate the primes pi + * (p1, p2, q1, q2) from a parameter Xpi by checking successive odd + * integers. + */ + +static int +bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx, BN_GENCB *cb) +{ + int i = 0, is_prime; + + if (!BN_copy(pi, Xpi)) + return 0; + if (!BN_is_odd(pi) && !BN_add_word(pi, 1)) + return 0; + for (;;) { + i++; + BN_GENCB_call(cb, 0, i); + /* NB 27 MR is specificed in X9.31 */ + is_prime = BN_is_prime_fasttest_ex(pi, 27, ctx, 1, cb); + if (is_prime < 0) + return 0; + if (is_prime == 1) + break; + if (!BN_add_word(pi, 2)) + return 0; + } + BN_GENCB_call(cb, 2, i); + return 1; +} + +/* This is the main X9.31 prime derivation function. From parameters + * Xp1, Xp2 and Xp derive the prime p. If the parameters p1 or p2 are + * not NULL they will be returned too: this is needed for testing. + */ + +int +BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, const BIGNUM *Xp, + const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *e, BN_CTX *ctx, + BN_GENCB *cb) +{ + int ret = 0; + + BIGNUM *t, *p1p2, *pm1; + + /* Only even e supported */ + if (!BN_is_odd(e)) + return 0; + + BN_CTX_start(ctx); + if (p1 == NULL) { + if ((p1 = BN_CTX_get(ctx)) == NULL) + goto err; + } + if (p2 == NULL) { + if ((p2 = BN_CTX_get(ctx)) == NULL) + goto err; + } + + if ((t = BN_CTX_get(ctx)) == NULL) + goto err; + if ((p1p2 = BN_CTX_get(ctx)) == NULL) + goto err; + if ((pm1 = BN_CTX_get(ctx)) == NULL) + goto err; + + if (!bn_x931_derive_pi(p1, Xp1, ctx, cb)) + goto err; + + if (!bn_x931_derive_pi(p2, Xp2, ctx, cb)) + goto err; + + if (!BN_mul(p1p2, p1, p2, ctx)) + goto err; + + /* First set p to value of Rp */ + + if (!BN_mod_inverse_ct(p, p2, p1, ctx)) + goto err; + + if (!BN_mul(p, p, p2, ctx)) + goto err; + + if (!BN_mod_inverse_ct(t, p1, p2, ctx)) + goto err; + + if (!BN_mul(t, t, p1, ctx)) + goto err; + + if (!BN_sub(p, p, t)) + goto err; + + if (p->neg && !BN_add(p, p, p1p2)) + goto err; + + /* p now equals Rp */ + + if (!BN_mod_sub(p, p, Xp, p1p2, ctx)) + goto err; + + if (!BN_add(p, p, Xp)) + goto err; + + /* p now equals Yp0 */ + + for (;;) { + int i = 1; + BN_GENCB_call(cb, 0, i++); + if (!BN_copy(pm1, p)) + goto err; + if (!BN_sub_word(pm1, 1)) + goto err; + if (!BN_gcd_ct(t, pm1, e, ctx)) + goto err; + if (BN_is_one(t)) { + int r; + + /* + * X9.31 specifies 8 MR and 1 Lucas test or any prime + * test offering similar or better guarantees 50 MR + * is considerably better. + */ + r = BN_is_prime_fasttest_ex(p, 50, ctx, 1, cb); + if (r < 0) + goto err; + if (r == 1) + break; + } + if (!BN_add(p, p, p1p2)) + goto err; + } + + BN_GENCB_call(cb, 3, 0); + + ret = 1; + +err: + + BN_CTX_end(ctx); + + return ret; +} + +/* Generate pair of paramters Xp, Xq for X9.31 prime generation. + * Note: nbits paramter is sum of number of bits in both. + */ + +int +BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx) +{ + BIGNUM *t; + int i; + int ret = 0; + + /* Number of bits for each prime is of the form + * 512+128s for s = 0, 1, ... + */ + if ((nbits < 1024) || (nbits & 0xff)) + return 0; + nbits >>= 1; + /* The random value Xp must be between sqrt(2) * 2^(nbits-1) and + * 2^nbits - 1. By setting the top two bits we ensure that the lower + * bound is exceeded. + */ + if (!BN_rand(Xp, nbits, 1, 0)) + return 0; + + BN_CTX_start(ctx); + if ((t = BN_CTX_get(ctx)) == NULL) + goto err; + + for (i = 0; i < 1000; i++) { + if (!BN_rand(Xq, nbits, 1, 0)) + goto err; + /* Check that |Xp - Xq| > 2^(nbits - 100) */ + BN_sub(t, Xp, Xq); + if (BN_num_bits(t) > (nbits - 100)) + break; + } + + if (i < 1000) + ret = 1; + +err: + BN_CTX_end(ctx); + + return ret; +} + +/* Generate primes using X9.31 algorithm. Of the values p, p1, p2, Xp1 + * and Xp2 only 'p' needs to be non-NULL. If any of the others are not NULL + * the relevant parameter will be stored in it. + * + * Due to the fact that |Xp - Xq| > 2^(nbits - 100) must be satisfied Xp and Xq + * are generated using the previous function and supplied as input. + */ + +int +BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, BIGNUM *Xp1, + BIGNUM *Xp2, const BIGNUM *Xp, const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb) +{ + int ret = 0; + + BN_CTX_start(ctx); + if (Xp1 == NULL) { + if ((Xp1 = BN_CTX_get(ctx)) == NULL) + goto error; + } + if (Xp2 == NULL) { + if ((Xp2 = BN_CTX_get(ctx)) == NULL) + goto error; + } + + if (!BN_rand(Xp1, 101, 0, 0)) + goto error; + if (!BN_rand(Xp2, 101, 0, 0)) + goto error; + if (!BN_X931_derive_prime_ex(p, p1, p2, Xp, Xp1, Xp2, e, ctx, cb)) + goto error; + + ret = 1; + +error: + BN_CTX_end(ctx); + + return ret; +} diff --git a/src/lib/libcrypto/bn/bnspeed.c b/src/lib/libcrypto/bn/bnspeed.c deleted file mode 100644 index b554ac8cf85..00000000000 --- a/src/lib/libcrypto/bn/bnspeed.c +++ /dev/null @@ -1,233 +0,0 @@ -/* unused */ - -/* crypto/bn/bnspeed.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -/* most of this code has been pilfered from my libdes speed.c program */ - -#define BASENUM 1000000 -#undef PROG -#define PROG bnspeed_main - -#include -#include -#include -#include -#include -#include - -#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX) -#define TIMES -#endif - -#ifndef _IRIX -#include -#endif -#ifdef TIMES -#include -#include -#endif - -/* Depending on the VMS version, the tms structure is perhaps defined. - The __TMS macro will show if it was. If it wasn't defined, we should - undefine TIMES, since that tells the rest of the program how things - should be handled. -- Richard Levitte */ -#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS) -#undef TIMES -#endif - -#ifndef TIMES -#include -#endif - -#if defined(sun) || defined(__ultrix) -#define _POSIX_SOURCE -#include -#include -#endif - -#include -#include - -/* The following if from times(3) man page. It may need to be changed */ -#ifndef HZ -# ifndef CLK_TCK -# ifndef _BSD_CLK_TCK_ /* FreeBSD hack */ -# define HZ 100.0 -# else /* _BSD_CLK_TCK_ */ -# define HZ ((double)_BSD_CLK_TCK_) -# endif -# else /* CLK_TCK */ -# define HZ ((double)CLK_TCK) -# endif -#endif - -#undef BUFSIZE -#define BUFSIZE ((long)1024*8) -int run=0; - -static double Time_F(int s); -#define START 0 -#define STOP 1 - -static double Time_F(int s) - { - double ret; -#ifdef TIMES - static struct tms tstart,tend; - - if (s == START) - { - times(&tstart); - return(0); - } - else - { - times(&tend); - ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ; - return((ret < 1e-3)?1e-3:ret); - } -#else /* !times() */ - static struct timeb tstart,tend; - long i; - - if (s == START) - { - ftime(&tstart); - return(0); - } - else - { - ftime(&tend); - i=(long)tend.millitm-(long)tstart.millitm; - ret=((double)(tend.time-tstart.time))+((double)i)/1000.0; - return((ret < 0.001)?0.001:ret); - } -#endif - } - -#define NUM_SIZES 5 -static int sizes[NUM_SIZES]={128,256,512,1024,2048}; -/*static int sizes[NUM_SIZES]={59,179,299,419,539}; */ - -void do_mul(BIGNUM *r,BIGNUM *a,BIGNUM *b,BN_CTX *ctx); - -int main(int argc, char **argv) - { - BN_CTX *ctx; - BIGNUM a,b,c; - - ctx=BN_CTX_new(); - BN_init(&a); - BN_init(&b); - BN_init(&c); - - do_mul(&a,&b,&c,ctx); - } - -void do_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx) - { - int i,j,k; - double tm; - long num; - - for (i=0; i %8.3fms\n",sizes[i],sizes[j],tm*1000.0/num); - } - } - - for (i=0; i %8.3fms\n",sizes[i],sizes[i],tm*1000.0/num); - } - - for (i=0; i %8.3fms\n",sizes[j],sizes[i]-1,tm*1000.0/num); - } - } - } - diff --git a/src/lib/libcrypto/bn/bntest.c b/src/lib/libcrypto/bn/bntest.c deleted file mode 100644 index 443cf420e5c..00000000000 --- a/src/lib/libcrypto/bn/bntest.c +++ /dev/null @@ -1,1243 +0,0 @@ -/* crypto/bn/bntest.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include - -#include "e_os.h" - -#include -#include -#include -#include -#include - -#ifdef OPENSSL_SYS_WINDOWS -#include "../bio/bss_file.c" -#endif - -const int num0 = 100; /* number of tests */ -const int num1 = 50; /* additional tests for some functions */ -const int num2 = 5; /* number of tests for slow functions */ - -int test_add(BIO *bp); -int test_sub(BIO *bp); -int test_lshift1(BIO *bp); -int test_lshift(BIO *bp,BN_CTX *ctx,BIGNUM *a_); -int test_rshift1(BIO *bp); -int test_rshift(BIO *bp,BN_CTX *ctx); -int test_div(BIO *bp,BN_CTX *ctx); -int test_div_recp(BIO *bp,BN_CTX *ctx); -int test_mul(BIO *bp); -int test_sqr(BIO *bp,BN_CTX *ctx); -int test_mont(BIO *bp,BN_CTX *ctx); -int test_mod(BIO *bp,BN_CTX *ctx); -int test_mod_mul(BIO *bp,BN_CTX *ctx); -int test_mod_exp(BIO *bp,BN_CTX *ctx); -int test_exp(BIO *bp,BN_CTX *ctx); -int test_kron(BIO *bp,BN_CTX *ctx); -int test_sqrt(BIO *bp,BN_CTX *ctx); -int rand_neg(void); -static int results=0; - -#ifdef OPENSSL_NO_STDIO -#define APPS_WIN16 -#include "bss_file.c" -#endif - -static unsigned char lst[]="\xC6\x4F\x43\x04\x2A\xEA\xCA\x6E\x58\x36\x80\x5B\xE8\xC9" -"\x9B\x04\x5D\x48\x36\xC2\xFD\x16\xC9\x64\xF0"; - -static const char rnd_seed[] = "string to make the random number generator think it has entropy"; - -static void message(BIO *out, char *m) - { - fprintf(stderr, "test %s\n", m); - BIO_puts(out, "print \"test "); - BIO_puts(out, m); - BIO_puts(out, "\\n\"\n"); - } - -int main(int argc, char *argv[]) - { - BN_CTX *ctx; - BIO *out; - char *outfile=NULL; - - results = 0; - - RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */ - - argc--; - argv++; - while (argc >= 1) - { - if (strcmp(*argv,"-results") == 0) - results=1; - else if (strcmp(*argv,"-out") == 0) - { - if (--argc < 1) break; - outfile= *(++argv); - } - argc--; - argv++; - } - - - ctx=BN_CTX_new(); - if (ctx == NULL) exit(1); - - out=BIO_new(BIO_s_file()); - if (out == NULL) exit(1); - if (outfile == NULL) - { - BIO_set_fp(out,stdout,BIO_NOCLOSE); - } - else - { - if (!BIO_write_filename(out,outfile)) - { - perror(outfile); - exit(1); - } - } - - if (!results) - BIO_puts(out,"obase=16\nibase=16\n"); - - message(out,"BN_add"); - if (!test_add(out)) goto err; - BIO_flush(out); - - message(out,"BN_sub"); - if (!test_sub(out)) goto err; - BIO_flush(out); - - message(out,"BN_lshift1"); - if (!test_lshift1(out)) goto err; - BIO_flush(out); - - message(out,"BN_lshift (fixed)"); - if (!test_lshift(out,ctx,BN_bin2bn(lst,sizeof(lst)-1,NULL))) - goto err; - BIO_flush(out); - - message(out,"BN_lshift"); - if (!test_lshift(out,ctx,NULL)) goto err; - BIO_flush(out); - - message(out,"BN_rshift1"); - if (!test_rshift1(out)) goto err; - BIO_flush(out); - - message(out,"BN_rshift"); - if (!test_rshift(out,ctx)) goto err; - BIO_flush(out); - - message(out,"BN_sqr"); - if (!test_sqr(out,ctx)) goto err; - BIO_flush(out); - - message(out,"BN_mul"); - if (!test_mul(out)) goto err; - BIO_flush(out); - - message(out,"BN_div"); - if (!test_div(out,ctx)) goto err; - BIO_flush(out); - - message(out,"BN_div_recp"); - if (!test_div_recp(out,ctx)) goto err; - BIO_flush(out); - - message(out,"BN_mod"); - if (!test_mod(out,ctx)) goto err; - BIO_flush(out); - - message(out,"BN_mod_mul"); - if (!test_mod_mul(out,ctx)) goto err; - BIO_flush(out); - - message(out,"BN_mont"); - if (!test_mont(out,ctx)) goto err; - BIO_flush(out); - - message(out,"BN_mod_exp"); - if (!test_mod_exp(out,ctx)) goto err; - BIO_flush(out); - - message(out,"BN_exp"); - if (!test_exp(out,ctx)) goto err; - BIO_flush(out); - - message(out,"BN_kronecker"); - if (!test_kron(out,ctx)) goto err; - BIO_flush(out); - - message(out,"BN_mod_sqrt"); - if (!test_sqrt(out,ctx)) goto err; - BIO_flush(out); - - BN_CTX_free(ctx); - BIO_free(out); - -/**/ - exit(0); -err: - BIO_puts(out,"1\n"); /* make sure the Perl script fed by bc notices - * the failure, see test_bn in test/Makefile.ssl*/ - BIO_flush(out); - ERR_load_crypto_strings(); - ERR_print_errors_fp(stderr); - exit(1); - return(1); - } - -int test_add(BIO *bp) - { - BIGNUM a,b,c; - int i; - - BN_init(&a); - BN_init(&b); - BN_init(&c); - - BN_bntest_rand(&a,512,0,0); - for (i=0; iN)); -#endif - BN_print(bp,&a); - BIO_puts(bp," * "); - BN_print(bp,&b); - BIO_puts(bp," % "); - BN_print(bp,&(mont->N)); - BIO_puts(bp," - "); - } - BN_print(bp,&A); - BIO_puts(bp,"\n"); - } - BN_mod_mul(&d,&a,&b,&n,ctx); - BN_sub(&d,&d,&A); - if(!BN_is_zero(&d)) - { - fprintf(stderr,"Montgomery multiplication test failed!\n"); - return 0; - } - } - BN_MONT_CTX_free(mont); - BN_free(&a); - BN_free(&b); - BN_free(&c); - BN_free(&d); - BN_free(&A); - BN_free(&B); - BN_free(&n); - return(1); - } - -int test_mod(BIO *bp, BN_CTX *ctx) - { - BIGNUM *a,*b,*c,*d,*e; - int i; - - a=BN_new(); - b=BN_new(); - c=BN_new(); - d=BN_new(); - e=BN_new(); - - BN_bntest_rand(a,1024,0,0); /**/ - for (i=0; ineg=rand_neg(); - b->neg=rand_neg(); - BN_mod(c,a,b,ctx);/**/ - if (bp != NULL) - { - if (!results) - { - BN_print(bp,a); - BIO_puts(bp," % "); - BN_print(bp,b); - BIO_puts(bp," - "); - } - BN_print(bp,c); - BIO_puts(bp,"\n"); - } - BN_div(d,e,a,b,ctx); - BN_sub(e,e,c); - if(!BN_is_zero(e)) - { - fprintf(stderr,"Modulo test failed!\n"); - return 0; - } - } - BN_free(a); - BN_free(b); - BN_free(c); - BN_free(d); - BN_free(e); - return(1); - } - -int test_mod_mul(BIO *bp, BN_CTX *ctx) - { - BIGNUM *a,*b,*c,*d,*e; - int i,j; - - a=BN_new(); - b=BN_new(); - c=BN_new(); - d=BN_new(); - e=BN_new(); - - for (j=0; j<3; j++) { - BN_bntest_rand(c,1024,0,0); /**/ - for (i=0; ineg=rand_neg(); - b->neg=rand_neg(); - if (!BN_mod_mul(e,a,b,c,ctx)) - { - unsigned long l; - - while ((l=ERR_get_error())) - fprintf(stderr,"ERROR:%s\n", - ERR_error_string(l,NULL)); - exit(1); - } - if (bp != NULL) - { - if (!results) - { - BN_print(bp,a); - BIO_puts(bp," * "); - BN_print(bp,b); - BIO_puts(bp," % "); - BN_print(bp,c); - if ((a->neg ^ b->neg) && !BN_is_zero(e)) - { - /* If (a*b) % c is negative, c must be added - * in order to obtain the normalized remainder - * (new with OpenSSL 0.9.7, previous versions of - * BN_mod_mul could generate negative results) - */ - BIO_puts(bp," + "); - BN_print(bp,c); - } - BIO_puts(bp," - "); - } - BN_print(bp,e); - BIO_puts(bp,"\n"); - } - BN_mul(d,a,b,ctx); - BN_sub(d,d,e); - BN_div(a,b,d,c,ctx); - if(!BN_is_zero(b)) - { - fprintf(stderr,"Modulo multiply test failed!\n"); - ERR_print_errors_fp(stderr); - return 0; - } - } - } - BN_free(a); - BN_free(b); - BN_free(c); - BN_free(d); - BN_free(e); - return(1); - } - -int test_mod_exp(BIO *bp, BN_CTX *ctx) - { - BIGNUM *a,*b,*c,*d,*e; - int i; - - a=BN_new(); - b=BN_new(); - c=BN_new(); - d=BN_new(); - e=BN_new(); - - BN_bntest_rand(c,30,0,1); /* must be odd for montgomery */ - for (i=0; ineg = rand_neg(); - putc('\n', stderr); - - for (i = 0; i < num0; i++) - { - if (!BN_bntest_rand(a, 512, 0, 0)) goto err; - a->neg = rand_neg(); - - /* t := (|b|-1)/2 (note that b is odd) */ - if (!BN_copy(t, b)) goto err; - t->neg = 0; - if (!BN_sub_word(t, 1)) goto err; - if (!BN_rshift1(t, t)) goto err; - /* r := a^t mod b */ - b->neg=0; - - if (!BN_mod_exp_recp(r, a, t, b, ctx)) goto err; /* XXX should be BN_mod_exp_recp, but ..._recp triggers a bug that must be fixed */ - b->neg=1; - - if (BN_is_word(r, 1)) - legendre = 1; - else if (BN_is_zero(r)) - legendre = 0; - else - { - if (!BN_add_word(r, 1)) goto err; - if (0 != BN_ucmp(r, b)) - { - fprintf(stderr, "Legendre symbol computation failed\n"); - goto err; - } - legendre = -1; - } - - kronecker = BN_kronecker(a, b, ctx); - if (kronecker < -1) goto err; - /* we actually need BN_kronecker(a, |b|) */ - if (a->neg && b->neg) - kronecker = -kronecker; - - if (legendre != kronecker) - { - fprintf(stderr, "legendre != kronecker; a = "); - BN_print_fp(stderr, a); - fprintf(stderr, ", b = "); - BN_print_fp(stderr, b); - fprintf(stderr, "\n"); - goto err; - } - - putc('.', stderr); - fflush(stderr); - } - - putc('\n', stderr); - fflush(stderr); - ret = 1; - err: - if (a != NULL) BN_free(a); - if (b != NULL) BN_free(b); - if (r != NULL) BN_free(r); - if (t != NULL) BN_free(t); - return ret; - } - -int test_sqrt(BIO *bp, BN_CTX *ctx) - { - BIGNUM *a,*p,*r; - int i, j; - int ret = 0; - - a = BN_new(); - p = BN_new(); - r = BN_new(); - if (a == NULL || p == NULL || r == NULL) goto err; - - for (i = 0; i < 16; i++) - { - if (i < 8) - { - unsigned primes[8] = { 2, 3, 5, 7, 11, 13, 17, 19 }; - - if (!BN_set_word(p, primes[i])) goto err; - } - else - { - if (!BN_set_word(a, 32)) goto err; - if (!BN_set_word(r, 2*i + 1)) goto err; - - if (!BN_generate_prime(p, 256, 0, a, r, genprime_cb, NULL)) goto err; - putc('\n', stderr); - } - p->neg = rand_neg(); - - for (j = 0; j < num2; j++) - { - /* construct 'a' such that it is a square modulo p, - * but in general not a proper square and not reduced modulo p */ - if (!BN_bntest_rand(r, 256, 0, 3)) goto err; - if (!BN_nnmod(r, r, p, ctx)) goto err; - if (!BN_mod_sqr(r, r, p, ctx)) goto err; - if (!BN_bntest_rand(a, 256, 0, 3)) goto err; - if (!BN_nnmod(a, a, p, ctx)) goto err; - if (!BN_mod_sqr(a, a, p, ctx)) goto err; - if (!BN_mul(a, a, r, ctx)) goto err; - if (rand_neg()) - if (!BN_sub(a, a, p)) goto err; - - if (!BN_mod_sqrt(r, a, p, ctx)) goto err; - if (!BN_mod_sqr(r, r, p, ctx)) goto err; - - if (!BN_nnmod(a, a, p, ctx)) goto err; - - if (BN_cmp(a, r) != 0) - { - fprintf(stderr, "BN_mod_sqrt failed: a = "); - BN_print_fp(stderr, a); - fprintf(stderr, ", r = "); - BN_print_fp(stderr, r); - fprintf(stderr, ", p = "); - BN_print_fp(stderr, p); - fprintf(stderr, "\n"); - goto err; - } - - putc('.', stderr); - fflush(stderr); - } - - putc('\n', stderr); - fflush(stderr); - } - ret = 1; - err: - if (a != NULL) BN_free(a); - if (p != NULL) BN_free(p); - if (r != NULL) BN_free(r); - return ret; - } - -int test_lshift(BIO *bp,BN_CTX *ctx,BIGNUM *a_) - { - BIGNUM *a,*b,*c,*d; - int i; - - b=BN_new(); - c=BN_new(); - d=BN_new(); - BN_one(c); - - if(a_) - a=a_; - else - { - a=BN_new(); - BN_bntest_rand(a,200,0,0); /**/ - a->neg=rand_neg(); - } - for (i=0; ineg=rand_neg(); - for (i=0; ineg=rand_neg(); - for (i=0; ineg=rand_neg(); - for (i=0; i -#include - -static int rand(n) -{ - unsigned char x[2]; - RAND_pseudo_bytes(x,2); - return (x[0] + 2*x[1]); -} - -static void bug(char *m, BIGNUM *a, BIGNUM *b) -{ - printf("%s!\na=",m); - BN_print_fp(stdout, a); - printf("\nb="); - BN_print_fp(stdout, b); - printf("\n"); - fflush(stdout); -} - -main() -{ - BIGNUM *a=BN_new(), *b=BN_new(), *c=BN_new(), *d=BN_new(), - *C=BN_new(), *D=BN_new(); - BN_RECP_CTX *recp=BN_RECP_CTX_new(); - BN_CTX *ctx=BN_CTX_new(); - - for(;;) { - BN_pseudo_rand(a,rand(),0,0); - BN_pseudo_rand(b,rand(),0,0); - if (BN_is_zero(b)) continue; - - BN_RECP_CTX_set(recp,b,ctx); - if (BN_div(C,D,a,b,ctx) != 1) - bug("BN_div failed",a,b); - if (BN_div_recp(c,d,a,recp,ctx) != 1) - bug("BN_div_recp failed",a,b); - else if (BN_cmp(c,C) != 0 || BN_cmp(c,C) != 0) - bug("mismatch",a,b); - } -} diff --git a/src/lib/libcrypto/bn/exp.c b/src/lib/libcrypto/bn/exp.c deleted file mode 100644 index 4865b0ef742..00000000000 --- a/src/lib/libcrypto/bn/exp.c +++ /dev/null @@ -1,62 +0,0 @@ -/* unused */ - -#include -#include -#include "bn_lcl.h" - -#define SIZE 256 -#define NUM (8*8*8) -#define MOD (8*8*8*8*8) - -main(argc,argv) -int argc; -char *argv[]; - { - BN_CTX ctx; - BIGNUM a,b,c,r,rr,t,l; - int j,i,size=SIZE,num=NUM,mod=MOD; - char *start,*end; - BN_MONT_CTX mont; - double d,md; - - BN_MONT_CTX_init(&mont); - BN_CTX_init(&ctx); - BN_init(&a); - BN_init(&b); - BN_init(&c); - BN_init(&r); - - start=ms_time_new(); - end=ms_time_new(); - while (size <= 1024*8) - { - BN_rand(&a,size,0,0); - BN_rand(&b,size,1,0); - BN_rand(&c,size,0,1); - - BN_mod(&a,&a,&c,&ctx); - - ms_time_get(start); - for (i=0; i<10; i++) - BN_MONT_CTX_set(&mont,&c,&ctx); - ms_time_get(end); - md=ms_time_diff(start,end); - - ms_time_get(start); - for (i=0; i -#include -#include -#include -#include -#include -#include - -#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX) -#define TIMES -#endif - -#ifndef _IRIX -#include -#endif -#ifdef TIMES -#include -#include -#endif - -/* Depending on the VMS version, the tms structure is perhaps defined. - The __TMS macro will show if it was. If it wasn't defined, we should - undefine TIMES, since that tells the rest of the program how things - should be handled. -- Richard Levitte */ -#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS) -#undef TIMES -#endif - -#ifndef TIMES -#include -#endif - -#if defined(sun) || defined(__ultrix) -#define _POSIX_SOURCE -#include -#include -#endif - -#include -#include - -/* The following if from times(3) man page. It may need to be changed */ -#ifndef HZ -# ifndef CLK_TCK -# ifndef _BSD_CLK_TCK_ /* FreeBSD hack */ -# define HZ 100.0 -# else /* _BSD_CLK_TCK_ */ -# define HZ ((double)_BSD_CLK_TCK_) -# endif -# else /* CLK_TCK */ -# define HZ ((double)CLK_TCK) -# endif -#endif - -#undef BUFSIZE -#define BUFSIZE ((long)1024*8) -int run=0; - -static double Time_F(int s); -#define START 0 -#define STOP 1 - -static double Time_F(int s) - { - double ret; -#ifdef TIMES - static struct tms tstart,tend; - - if (s == START) - { - times(&tstart); - return(0); - } - else - { - times(&tend); - ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ; - return((ret < 1e-3)?1e-3:ret); - } -#else /* !times() */ - static struct timeb tstart,tend; - long i; - - if (s == START) - { - ftime(&tstart); - return(0); - } - else - { - ftime(&tend); - i=(long)tend.millitm-(long)tstart.millitm; - ret=((double)(tend.time-tstart.time))+((double)i)/1000.0; - return((ret < 0.001)?0.001:ret); - } -#endif - } - -#define NUM_SIZES 7 -#if NUM_START > NUM_SIZES -# error "NUM_START > NUM_SIZES" -#endif -static int sizes[NUM_SIZES]={128,256,512,1024,2048,4096,8192}; -static int mul_c[NUM_SIZES]={8*8*8*8*8*8,8*8*8*8*8,8*8*8*8,8*8*8,8*8,8,1}; -/*static int sizes[NUM_SIZES]={59,179,299,419,539}; */ - -#define RAND_SEED(string) { const char str[] = string; RAND_seed(string, sizeof str); } - -void do_mul_exp(BIGNUM *r,BIGNUM *a,BIGNUM *b,BIGNUM *c,BN_CTX *ctx); - -int main(int argc, char **argv) - { - BN_CTX *ctx; - BIGNUM *a,*b,*c,*r; - -#if 1 - if (!CRYPTO_set_mem_debug_functions(0,0,0,0,0)) - abort(); -#endif - - ctx=BN_CTX_new(); - a=BN_new(); - b=BN_new(); - c=BN_new(); - r=BN_new(); - - while (!RAND_status()) - /* not enough bits */ - RAND_SEED("I demand a manual recount!"); - - do_mul_exp(r,a,b,c,ctx); - return 0; - } - -void do_mul_exp(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *c, BN_CTX *ctx) - { - int i,k; - double tm; - long num; - - num=BASENUM; - for (i=NUM_START; i %8.3fms %5.1f (%ld)\n", -#ifdef TEST_SQRT - P_MOD_64, -#endif - sizes[i],sizes[i],sizes[i],tm*1000.0/num,tm*mul_c[i]/num, num); - num/=7; - if (num <= 0) num=1; - } - return; - - err: - ERR_print_errors_fp(stderr); - } - - -#ifdef C_PRIME -static void genprime_cb(int p, int n, void *arg) - { - char c='*'; - - if (p == 0) c='.'; - if (p == 1) c='+'; - if (p == 2) c='*'; - if (p == 3) c='\n'; - putc(c, stderr); - fflush(stderr); - (void)n; - (void)arg; - } -#endif diff --git a/src/lib/libcrypto/bn/exptest.c b/src/lib/libcrypto/bn/exptest.c deleted file mode 100644 index 5ca570d1a8a..00000000000 --- a/src/lib/libcrypto/bn/exptest.c +++ /dev/null @@ -1,187 +0,0 @@ -/* crypto/bn/exptest.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include -#include -#include -#include -#include -#ifdef OPENSSL_SYS_WINDOWS -#include "../bio/bss_file.c" -#endif - -#define NUM_BITS (BN_BITS*2) - -static const char rnd_seed[] = "string to make the random number generator think it has entropy"; - -int main(int argc, char *argv[]) - { - BN_CTX *ctx; - BIO *out=NULL; - int i,ret; - unsigned char c; - BIGNUM *r_mont,*r_recp,*r_simple,*a,*b,*m; - - RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_rand may fail, and we don't - * even check its return value - * (which we should) */ - - ERR_load_BN_strings(); - - ctx=BN_CTX_new(); - if (ctx == NULL) exit(1); - r_mont=BN_new(); - r_recp=BN_new(); - r_simple=BN_new(); - a=BN_new(); - b=BN_new(); - m=BN_new(); - if ( (r_mont == NULL) || (r_recp == NULL) || - (a == NULL) || (b == NULL)) - goto err; - - out=BIO_new(BIO_s_file()); - - if (out == NULL) exit(1); - BIO_set_fp(out,stdout,BIO_NOCLOSE); - - for (i=0; i<200; i++) - { - RAND_bytes(&c,1); - c=(c%BN_BITS)-BN_BITS2; - BN_rand(a,NUM_BITS+c,0,0); - - RAND_bytes(&c,1); - c=(c%BN_BITS)-BN_BITS2; - BN_rand(b,NUM_BITS+c,0,0); - - RAND_bytes(&c,1); - c=(c%BN_BITS)-BN_BITS2; - BN_rand(m,NUM_BITS+c,0,1); - - BN_mod(a,a,m,ctx); - BN_mod(b,b,m,ctx); - - ret=BN_mod_exp_mont(r_mont,a,b,m,ctx,NULL); - if (ret <= 0) - { - printf("BN_mod_exp_mont() problems\n"); - ERR_print_errors(out); - exit(1); - } - - ret=BN_mod_exp_recp(r_recp,a,b,m,ctx); - if (ret <= 0) - { - printf("BN_mod_exp_recp() problems\n"); - ERR_print_errors(out); - exit(1); - } - - ret=BN_mod_exp_simple(r_simple,a,b,m,ctx); - if (ret <= 0) - { - printf("BN_mod_exp_simple() problems\n"); - ERR_print_errors(out); - exit(1); - } - - if (BN_cmp(r_simple, r_mont) == 0 - && BN_cmp(r_simple,r_recp) == 0) - { - printf("."); - fflush(stdout); - } - else - { - if (BN_cmp(r_simple,r_mont) != 0) - printf("\nsimple and mont results differ\n"); - if (BN_cmp(r_simple,r_recp) != 0) - printf("\nsimple and recp results differ\n"); - - printf("a (%3d) = ",BN_num_bits(a)); BN_print(out,a); - printf("\nb (%3d) = ",BN_num_bits(b)); BN_print(out,b); - printf("\nm (%3d) = ",BN_num_bits(m)); BN_print(out,m); - printf("\nsimple ="); BN_print(out,r_simple); - printf("\nrecp ="); BN_print(out,r_recp); - printf("\nmont ="); BN_print(out,r_mont); - printf("\n"); - exit(1); - } - } - BN_free(r_mont); - BN_free(r_recp); - BN_free(r_simple); - BN_free(a); - BN_free(b); - BN_free(m); - BN_CTX_free(ctx); - ERR_remove_state(0); - CRYPTO_mem_leaks(out); - BIO_free(out); - printf(" done\n"); - exit(0); -err: - ERR_load_crypto_strings(); - ERR_print_errors(out); - exit(1); - return(1); - } - diff --git a/src/lib/libcrypto/bn/todo b/src/lib/libcrypto/bn/todo deleted file mode 100644 index e47e381aea1..00000000000 --- a/src/lib/libcrypto/bn/todo +++ /dev/null @@ -1,3 +0,0 @@ -Cache RECP_CTX values -make the result argument independant of the inputs. -split up the _exp_ functions diff --git a/src/lib/libcrypto/bn/vms-helper.c b/src/lib/libcrypto/bn/vms-helper.c deleted file mode 100644 index 4b63149bf3e..00000000000 --- a/src/lib/libcrypto/bn/vms-helper.c +++ /dev/null @@ -1,68 +0,0 @@ -/* vms-helper.c */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include "cryptlib.h" -#include "bn_lcl.h" - -bn_div_words_abort(int i) -{ -#ifdef BN_DEBUG -#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) - fprintf(stderr,"Division would overflow (%d)\n",i); -#endif - abort(); -#endif -} diff --git a/src/lib/libcrypto/buffer/Makefile.ssl b/src/lib/libcrypto/buffer/Makefile.ssl deleted file mode 100644 index 8ee016322ae..00000000000 --- a/src/lib/libcrypto/buffer/Makefile.ssl +++ /dev/null @@ -1,94 +0,0 @@ -# -# SSLeay/crypto/buffer/Makefile -# - -DIR= buffer -TOP= ../.. -CC= cc -INCLUDES= -I.. -I$(TOP) -I../../include -CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKE= make -f Makefile.ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) -MAKEFILE= Makefile.ssl -AR= ar r - -CFLAGS= $(INCLUDES) $(CFLAG) - -GENERAL=Makefile -TEST= -APPS= - -LIB=$(TOP)/libcrypto.a -LIBSRC= buffer.c buf_err.c -LIBOBJ= buffer.o buf_err.o - -SRC= $(LIBSRC) - -EXHEADER= buffer.h -HEADER= $(EXHEADER) - -ALL= $(GENERAL) $(SRC) $(HEADER) - -top: - (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) - -all: lib - -lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) || echo Never mind. - @touch lib - -files: - $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO - -links: - @sh $(TOP)/util/point.sh Makefile.ssl Makefile - @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) - @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) - @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) - -install: - @for i in $(EXHEADER) ; \ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; - -tags: - ctags $(SRC) - -tests: - -lint: - lint -DLINT $(INCLUDES) $(SRC)>fluff - -depend: - $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) - -dclean: - $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new - mv -f Makefile.new $(MAKEFILE) - -clean: - rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff - -# DO NOT DELETE THIS LINE -- make depend depends on it. - -buf_err.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h -buf_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -buf_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -buf_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -buf_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -buf_err.o: ../../include/openssl/symhacks.h buf_err.c -buffer.o: ../../e_os.h ../../include/openssl/bio.h -buffer.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -buffer.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -buffer.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -buffer.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -buffer.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -buffer.o: ../cryptlib.h buffer.c diff --git a/src/lib/libcrypto/buffer/buf_err.c b/src/lib/libcrypto/buffer/buf_err.c index 5eee653e14d..dd5cc5e1734 100644 --- a/src/lib/libcrypto/buffer/buf_err.c +++ b/src/lib/libcrypto/buffer/buf_err.c @@ -1,13 +1,13 @@ -/* crypto/buffer/buf_err.c */ +/* $OpenBSD: buf_err.c,v 1.11 2017/01/29 17:49:22 beck Exp $ */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -59,37 +59,36 @@ */ #include + +#include + #include #include /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -static ERR_STRING_DATA BUF_str_functs[]= - { -{ERR_PACK(0,BUF_F_BUF_MEM_GROW,0), "BUF_MEM_grow"}, -{ERR_PACK(0,BUF_F_BUF_MEM_NEW,0), "BUF_MEM_new"}, -{ERR_PACK(0,BUF_F_BUF_STRDUP,0), "BUF_strdup"}, -{0,NULL} - }; -static ERR_STRING_DATA BUF_str_reasons[]= - { -{0,NULL} - }; +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_BUF,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_BUF,0,reason) -#endif +static ERR_STRING_DATA BUF_str_functs[] = { + {ERR_FUNC(0xfff), "CRYPTO_internal"}, + {0, NULL} +}; -void ERR_load_BUF_strings(void) - { - static int init=1; +static ERR_STRING_DATA BUF_str_reasons[] = { + {0, NULL} +}; - if (init) - { - init=0; -#ifndef OPENSSL_NO_ERR - ERR_load_strings(ERR_LIB_BUF,BUF_str_functs); - ERR_load_strings(ERR_LIB_BUF,BUF_str_reasons); #endif - } +void +ERR_load_BUF_strings(void) +{ +#ifndef OPENSSL_NO_ERR + if (ERR_func_error_string(BUF_str_functs[0].error) == NULL) { + ERR_load_strings(0, BUF_str_functs); + ERR_load_strings(0, BUF_str_reasons); } +#endif +} diff --git a/src/lib/libcrypto/buffer/buf_str.c b/src/lib/libcrypto/buffer/buf_str.c new file mode 100644 index 00000000000..4ebc4717c83 --- /dev/null +++ b/src/lib/libcrypto/buffer/buf_str.c @@ -0,0 +1,79 @@ +/* $OpenBSD: buf_str.c,v 1.11 2017/04/09 14:33:21 jsing Exp $ */ +/* + * Copyright (c) 2014 Bob Beck + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include +#include + +#include +#include + +/* + * XXX these functions accept a NULL arg and return NULL + * when the standard ones do not. we should at an appropriate + * time change these to find the bad callers + */ + +char * +BUF_strdup(const char *str) +{ + char *ret = NULL; + + if (str != NULL) { + if ((ret = strdup(str)) == NULL) + BUFerror(ERR_R_MALLOC_FAILURE); + } + return ret; +} + +char * +BUF_strndup(const char *str, size_t siz) +{ + char *ret = NULL; + + if (str != NULL) { + if ((ret = strndup(str, siz)) == NULL) + BUFerror(ERR_R_MALLOC_FAILURE); + } + return ret; +} + +void * +BUF_memdup(const void *data, size_t siz) +{ + void *ret = NULL; + + if (data != NULL) { + if ((ret = malloc(siz)) == NULL) + BUFerror(ERR_R_MALLOC_FAILURE); + else + (void) memcpy(ret, data, siz); + } + return ret; +} + +size_t +BUF_strlcpy(char *dst, const char *src, size_t size) +{ + return strlcpy(dst, src, size); +} + +size_t +BUF_strlcat(char *dst, const char *src, size_t size) +{ + return strlcat(dst, src, size); +} diff --git a/src/lib/libcrypto/buffer/buffer.c b/src/lib/libcrypto/buffer/buffer.c index 9299baba9e2..f4e84c44780 100644 --- a/src/lib/libcrypto/buffer/buffer.c +++ b/src/lib/libcrypto/buffer/buffer.c @@ -1,25 +1,25 @@ -/* crypto/buffer/buffer.c */ +/* $OpenBSD: buffer.c,v 1.27 2017/05/02 03:59:44 deraadt Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,89 +57,95 @@ */ #include -#include "cryptlib.h" +#include +#include + #include +#include -BUF_MEM *BUF_MEM_new(void) - { +/* + * LIMIT_BEFORE_EXPANSION is the maximum n such that (n + 3) / 3 * 4 < 2**31. + * That function is applied in several functions in this file and this limit + * ensures that the result fits in an int. + */ +#define LIMIT_BEFORE_EXPANSION 0x5ffffffc + +BUF_MEM * +BUF_MEM_new(void) +{ BUF_MEM *ret; - ret=OPENSSL_malloc(sizeof(BUF_MEM)); - if (ret == NULL) - { - BUFerr(BUF_F_BUF_MEM_NEW,ERR_R_MALLOC_FAILURE); - return(NULL); - } - ret->length=0; - ret->max=0; - ret->data=NULL; - return(ret); + if ((ret = calloc(1, sizeof(BUF_MEM))) == NULL) { + BUFerror(ERR_R_MALLOC_FAILURE); + return (NULL); } -void BUF_MEM_free(BUF_MEM *a) - { - if(a == NULL) - return; + return (ret); +} - if (a->data != NULL) - { - memset(a->data,0,(unsigned int)a->max); - OPENSSL_free(a->data); - } - OPENSSL_free(a); - } +void +BUF_MEM_free(BUF_MEM *a) +{ + if (a == NULL) + return; + + freezero(a->data, a->max); + free(a); +} -int BUF_MEM_grow(BUF_MEM *str, int len) - { +int +BUF_MEM_grow(BUF_MEM *str, size_t len) +{ + return BUF_MEM_grow_clean(str, len); +} + +int +BUF_MEM_grow_clean(BUF_MEM *str, size_t len) +{ char *ret; - unsigned int n; + size_t n; - if (str->length >= len) - { - str->length=len; - return(len); - } - if (str->max >= len) - { - memset(&str->data[str->length],0,len-str->length); - str->length=len; - return(len); - } - n=(len+3)/3*4; - if (str->data == NULL) - ret=OPENSSL_malloc(n); - else - ret=OPENSSL_realloc(str->data,n); - if (ret == NULL) - { - BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE); - len=0; - } - else - { - str->data=ret; - str->max=n; - memset(&str->data[str->length],0,len-str->length); - str->length=len; - } - return(len); + if (str->max >= len) { + if (str->length >= len) + memset(&str->data[len], 0, str->length - len); + str->length = len; + return (len); } -char *BUF_strdup(const char *str) - { - char *ret; - int n; + if (len > LIMIT_BEFORE_EXPANSION) { + BUFerror(ERR_R_MALLOC_FAILURE); + return 0; + } + + n = (len + 3) / 3 * 4; + if ((ret = recallocarray(str->data, str->max, n, 1)) == NULL) { + BUFerror(ERR_R_MALLOC_FAILURE); + return (0); + } + str->data = ret; + str->max = n; + str->length = len; - if (str == NULL) return(NULL); + return (len); +} - n=strlen(str); - ret=OPENSSL_malloc(n+1); - if (ret == NULL) - { - BUFerr(BUF_F_BUF_STRDUP,ERR_R_MALLOC_FAILURE); - return(NULL); +void +BUF_reverse(unsigned char *out, const unsigned char *in, size_t size) +{ + size_t i; + + if (in) { + out += size - 1; + for (i = 0; i < size; i++) + *out-- = *in++; + } else { + unsigned char *q; + char c; + q = out + size - 1; + for (i = 0; i < size / 2; i++) { + c = *q; + *q-- = *out; + *out++ = c; } - memcpy(ret,str,n+1); - return(ret); } - +} diff --git a/src/lib/libcrypto/buffer/buffer.h b/src/lib/libcrypto/buffer/buffer.h index 11e2d0359a1..ed6dac0e69f 100644 --- a/src/lib/libcrypto/buffer/buffer.h +++ b/src/lib/libcrypto/buffer/buffer.h @@ -1,25 +1,25 @@ -/* crypto/buffer/buffer.h */ +/* $OpenBSD: buffer.h,v 1.15 2015/06/24 10:05:14 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -58,22 +58,45 @@ #ifndef HEADER_BUFFER_H #define HEADER_BUFFER_H +#if !defined(HAVE_ATTRIBUTE__BOUNDED__) && !defined(__OpenBSD__) +#define __bounded__(x, y, z) +#endif + +#include #ifdef __cplusplus extern "C" { #endif -typedef struct buf_mem_st - { - int length; /* current number of bytes */ +#include +#include + +/* Already declared in ossl_typ.h */ +/* typedef struct buf_mem_st BUF_MEM; */ + +struct buf_mem_st { + size_t length; /* current number of bytes */ char *data; - int max; /* size of buffer */ - } BUF_MEM; + size_t max; /* size of buffer */ +}; BUF_MEM *BUF_MEM_new(void); void BUF_MEM_free(BUF_MEM *a); -int BUF_MEM_grow(BUF_MEM *str, int len); +int BUF_MEM_grow(BUF_MEM *str, size_t len); +int BUF_MEM_grow_clean(BUF_MEM *str, size_t len); + +#ifndef LIBRESSL_INTERNAL char * BUF_strdup(const char *str); +char * BUF_strndup(const char *str, size_t siz); +void * BUF_memdup(const void *data, size_t siz); +void BUF_reverse(unsigned char *out, const unsigned char *in, size_t siz); + +/* safe string functions */ +size_t BUF_strlcpy(char *dst, const char *src, size_t siz) + __attribute__ ((__bounded__(__string__,1,3))); +size_t BUF_strlcat(char *dst, const char *src, size_t siz) + __attribute__ ((__bounded__(__string__,1,3))); +#endif /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes @@ -84,9 +107,12 @@ void ERR_load_BUF_strings(void); /* Error codes for the BUF functions. */ /* Function codes. */ +#define BUF_F_BUF_MEMDUP 103 #define BUF_F_BUF_MEM_GROW 100 +#define BUF_F_BUF_MEM_GROW_CLEAN 105 #define BUF_F_BUF_MEM_NEW 101 #define BUF_F_BUF_STRDUP 102 +#define BUF_F_BUF_STRNDUP 104 /* Reason codes. */ diff --git a/src/lib/libcrypto/camellia/asm/cmll-x86.pl b/src/lib/libcrypto/camellia/asm/cmll-x86.pl new file mode 100644 index 00000000000..027302ac869 --- /dev/null +++ b/src/lib/libcrypto/camellia/asm/cmll-x86.pl @@ -0,0 +1,1138 @@ +#!/usr/bin/env perl + +# ==================================================================== +# Copyright (c) 2008 Andy Polyakov +# +# This module may be used under the terms of either the GNU General +# Public License version 2 or later, the GNU Lesser General Public +# License version 2.1 or later, the Mozilla Public License version +# 1.1 or the BSD License. The exact terms of either license are +# distributed along with this module. For further details see +# http://www.openssl.org/~appro/camellia/. +# ==================================================================== + +# Performance in cycles per processed byte (less is better) in +# 'openssl speed ...' benchmark: +# +# AMD K8 Core2 PIII P4 +# -evp camellia-128-ecb 21.5 22.8 27.0 28.9 +# + over gcc 3.4.6 +90/11% +70/10% +53/4% +160/64% +# + over icc 8.0 +48/19% +21/15% +21/17% +55/37% +# +# camellia-128-cbc 17.3 21.1 23.9 25.9 +# +# 128-bit key setup 196 280 256 240 cycles/key +# + over gcc 3.4.6 +30/0% +17/11% +11/0% +63/40% +# + over icc 8.0 +18/3% +10/0% +10/3% +21/10% +# +# Pairs of numbers in "+" rows represent performance improvement over +# compiler generated position-independent code, PIC, and non-PIC +# respectively. PIC results are of greater relevance, as this module +# is position-independent, i.e. suitable for a shared library or PIE. +# Position independence "costs" one register, which is why compilers +# are so close with non-PIC results, they have an extra register to +# spare. CBC results are better than ECB ones thanks to "zero-copy" +# private _x86_* interface, and are ~30-40% better than with compiler +# generated cmll_cbc.o, and reach ~80-90% of x86_64 performance on +# same CPU (where applicable). + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +push(@INC,"${dir}","${dir}../../perlasm"); +require "x86asm.pl"; + +$OPENSSL=1; + +&asm_init($ARGV[0],"cmll-586.pl",$ARGV[$#ARGV] eq "386"); + +@T=("eax","ebx","ecx","edx"); +$idx="esi"; +$key="edi"; +$Tbl="ebp"; + +# stack frame layout in _x86_Camellia_* routines, frame is allocated +# by caller +$__ra=&DWP(0,"esp"); # return address +$__s0=&DWP(4,"esp"); # s0 backing store +$__s1=&DWP(8,"esp"); # s1 backing store +$__s2=&DWP(12,"esp"); # s2 backing store +$__s3=&DWP(16,"esp"); # s3 backing store +$__end=&DWP(20,"esp"); # pointer to end/start of key schedule + +# stack frame layout in Camellia_[en|crypt] routines, which differs from +# above by 4 and overlaps by pointer to end/start of key schedule +$_end=&DWP(16,"esp"); +$_esp=&DWP(20,"esp"); + +# const unsigned int Camellia_SBOX[4][256]; +# Well, sort of... Camellia_SBOX[0][] is interleaved with [1][], +# and [2][] - with [3][]. This is done to optimize code size. +$SBOX1_1110=0; # Camellia_SBOX[0] +$SBOX4_4404=4; # Camellia_SBOX[1] +$SBOX2_0222=2048; # Camellia_SBOX[2] +$SBOX3_3033=2052; # Camellia_SBOX[3] +&static_label("Camellia_SIGMA"); +&static_label("Camellia_SBOX"); + +sub Camellia_Feistel { +my $i=@_[0]; +my $seed=defined(@_[1])?@_[1]:0; +my $scale=$seed<0?-8:8; +my $frame=defined(@_[2])?@_[2]:0; +my $j=($i&1)*2; +my $t0=@T[($j)%4],$t1=@T[($j+1)%4],$t2=@T[($j+2)%4],$t3=@T[($j+3)%4]; + + &xor ($t0,$idx); # t0^=key[0] + &xor ($t1,&DWP($seed+$i*$scale+4,$key)); # t1^=key[1] + &movz ($idx,&HB($t0)); # (t0>>8)&0xff + &mov ($t3,&DWP($SBOX3_3033,$Tbl,$idx,8)); # t3=SBOX3_3033[0] + &movz ($idx,&LB($t0)); # (t0>>0)&0xff + &xor ($t3,&DWP($SBOX4_4404,$Tbl,$idx,8)); # t3^=SBOX4_4404[0] + &shr ($t0,16); + &movz ($idx,&LB($t1)); # (t1>>0)&0xff + &mov ($t2,&DWP($SBOX1_1110,$Tbl,$idx,8)); # t2=SBOX1_1110[1] + &movz ($idx,&HB($t0)); # (t0>>24)&0xff + &xor ($t3,&DWP($SBOX1_1110,$Tbl,$idx,8)); # t3^=SBOX1_1110[0] + &movz ($idx,&HB($t1)); # (t1>>8)&0xff + &xor ($t2,&DWP($SBOX4_4404,$Tbl,$idx,8)); # t2^=SBOX4_4404[1] + &shr ($t1,16); + &movz ($t0,&LB($t0)); # (t0>>16)&0xff + &xor ($t3,&DWP($SBOX2_0222,$Tbl,$t0,8)); # t3^=SBOX2_0222[0] + &movz ($idx,&HB($t1)); # (t1>>24)&0xff + &mov ($t0,&DWP($frame+4*(($j+3)%4),"esp")); # prefetch "s3" + &xor ($t2,$t3); # t2^=t3 + &rotr ($t3,8); # t3=RightRotate(t3,8) + &xor ($t2,&DWP($SBOX2_0222,$Tbl,$idx,8)); # t2^=SBOX2_0222[1] + &movz ($idx,&LB($t1)); # (t1>>16)&0xff + &mov ($t1,&DWP($frame+4*(($j+2)%4),"esp")); # prefetch "s2" + &xor ($t3,$t0); # t3^=s3 + &xor ($t2,&DWP($SBOX3_3033,$Tbl,$idx,8)); # t2^=SBOX3_3033[1] + &mov ($idx,&DWP($seed+($i+1)*$scale,$key)); # prefetch key[i+1] + &xor ($t3,$t2); # t3^=t2 + &mov (&DWP($frame+4*(($j+3)%4),"esp"),$t3); # s3=t3 + &xor ($t2,$t1); # t2^=s2 + &mov (&DWP($frame+4*(($j+2)%4),"esp"),$t2); # s2=t2 +} + +# void Camellia_EncryptBlock_Rounds( +# int grandRounds, +# const Byte plaintext[], +# const KEY_TABLE_TYPE keyTable, +# Byte ciphertext[]) +&function_begin("Camellia_EncryptBlock_Rounds"); + &mov ("eax",&wparam(0)); # load grandRounds + &mov ($idx,&wparam(1)); # load plaintext pointer + &mov ($key,&wparam(2)); # load key schedule pointer + + &mov ("ebx","esp"); + &sub ("esp",7*4); # place for s[0-3],keyEnd,esp and ra + &and ("esp",-64); + + # place stack frame just "above mod 1024" the key schedule + # this ensures that cache associativity of 2 suffices + &lea ("ecx",&DWP(-64-63,$key)); + &sub ("ecx","esp"); + &neg ("ecx"); + &and ("ecx",0x3C0); # modulo 1024, but aligned to cache-line + &sub ("esp","ecx"); + &add ("esp",4); # 4 is reserved for callee's return address + + &shl ("eax",6); + &lea ("eax",&DWP(0,$key,"eax")); + &mov ($_esp,"ebx"); # save %esp + &mov ($_end,"eax"); # save keyEnd + + &call (&label("pic_point")); + &set_label("pic_point"); + &blindpop($Tbl); + &lea ($Tbl,&DWP(&label("Camellia_SBOX")."-".&label("pic_point"),$Tbl)); + + &mov (@T[0],&DWP(0,$idx)); # load plaintext + &mov (@T[1],&DWP(4,$idx)); + &mov (@T[2],&DWP(8,$idx)); + &bswap (@T[0]); + &mov (@T[3],&DWP(12,$idx)); + &bswap (@T[1]); + &bswap (@T[2]); + &bswap (@T[3]); + + &call ("_x86_Camellia_encrypt"); + + &mov ("esp",$_esp); + &bswap (@T[0]); + &mov ($idx,&wparam(3)); # load ciphertext pointer + &bswap (@T[1]); + &bswap (@T[2]); + &bswap (@T[3]); + &mov (&DWP(0,$idx),@T[0]); # write ciphertext + &mov (&DWP(4,$idx),@T[1]); + &mov (&DWP(8,$idx),@T[2]); + &mov (&DWP(12,$idx),@T[3]); +&function_end("Camellia_EncryptBlock_Rounds"); +# V1.x API +&function_begin_B("Camellia_EncryptBlock"); + &mov ("eax",128); + &sub ("eax",&wparam(0)); # load keyBitLength + &mov ("eax",3); + &adc ("eax",0); # keyBitLength==128?3:4 + &mov (&wparam(0),"eax"); + &jmp (&label("Camellia_EncryptBlock_Rounds")); +&function_end_B("Camellia_EncryptBlock"); + +if ($OPENSSL) { +# void Camellia_encrypt( +# const unsigned char *in, +# unsigned char *out, +# const CAMELLIA_KEY *key) +&function_begin("Camellia_encrypt"); + &mov ($idx,&wparam(0)); # load plaintext pointer + &mov ($key,&wparam(2)); # load key schedule pointer + + &mov ("ebx","esp"); + &sub ("esp",7*4); # place for s[0-3],keyEnd,esp and ra + &and ("esp",-64); + &mov ("eax",&DWP(272,$key)); # load grandRounds counter + + # place stack frame just "above mod 1024" the key schedule + # this ensures that cache associativity of 2 suffices + &lea ("ecx",&DWP(-64-63,$key)); + &sub ("ecx","esp"); + &neg ("ecx"); + &and ("ecx",0x3C0); # modulo 1024, but aligned to cache-line + &sub ("esp","ecx"); + &add ("esp",4); # 4 is reserved for callee's return address + + &shl ("eax",6); + &lea ("eax",&DWP(0,$key,"eax")); + &mov ($_esp,"ebx"); # save %esp + &mov ($_end,"eax"); # save keyEnd + + &call (&label("pic_point")); + &set_label("pic_point"); + &blindpop($Tbl); + &lea ($Tbl,&DWP(&label("Camellia_SBOX")."-".&label("pic_point"),$Tbl)); + + &mov (@T[0],&DWP(0,$idx)); # load plaintext + &mov (@T[1],&DWP(4,$idx)); + &mov (@T[2],&DWP(8,$idx)); + &bswap (@T[0]); + &mov (@T[3],&DWP(12,$idx)); + &bswap (@T[1]); + &bswap (@T[2]); + &bswap (@T[3]); + + &call ("_x86_Camellia_encrypt"); + + &mov ("esp",$_esp); + &bswap (@T[0]); + &mov ($idx,&wparam(1)); # load ciphertext pointer + &bswap (@T[1]); + &bswap (@T[2]); + &bswap (@T[3]); + &mov (&DWP(0,$idx),@T[0]); # write ciphertext + &mov (&DWP(4,$idx),@T[1]); + &mov (&DWP(8,$idx),@T[2]); + &mov (&DWP(12,$idx),@T[3]); +&function_end("Camellia_encrypt"); +} + +&function_begin_B("_x86_Camellia_encrypt"); + &xor (@T[0],&DWP(0,$key)); # ^=key[0-3] + &xor (@T[1],&DWP(4,$key)); + &xor (@T[2],&DWP(8,$key)); + &xor (@T[3],&DWP(12,$key)); + &mov ($idx,&DWP(16,$key)); # prefetch key[4] + + &mov ($__s0,@T[0]); # save s[0-3] + &mov ($__s1,@T[1]); + &mov ($__s2,@T[2]); + &mov ($__s3,@T[3]); + +&set_label("loop",16); + for ($i=0;$i<6;$i++) { Camellia_Feistel($i,16,4); } + + &add ($key,16*4); + &cmp ($key,$__end); + &je (&label("done")); + + # @T[0-1] are preloaded, $idx is preloaded with key[0] + &and ($idx,@T[0]); + &mov (@T[3],$__s3); + &rotl ($idx,1); + &mov (@T[2],@T[3]); + &xor (@T[1],$idx); + &or (@T[2],&DWP(12,$key)); + &mov ($__s1,@T[1]); # s1^=LeftRotate(s0&key[0],1); + &xor (@T[2],$__s2); + + &mov ($idx,&DWP(4,$key)); + &mov ($__s2,@T[2]); # s2^=s3|key[3]; + &or ($idx,@T[1]); + &and (@T[2],&DWP(8,$key)); + &xor (@T[0],$idx); + &rotl (@T[2],1); + &mov ($__s0,@T[0]); # s0^=s1|key[1]; + &xor (@T[3],@T[2]); + &mov ($idx,&DWP(16,$key)); # prefetch key[4] + &mov ($__s3,@T[3]); # s3^=LeftRotate(s2&key[2],1); + &jmp (&label("loop")); + +&set_label("done",8); + &mov (@T[2],@T[0]); # SwapHalf + &mov (@T[3],@T[1]); + &mov (@T[0],$__s2); + &mov (@T[1],$__s3); + &xor (@T[0],$idx); # $idx is preloaded with key[0] + &xor (@T[1],&DWP(4,$key)); + &xor (@T[2],&DWP(8,$key)); + &xor (@T[3],&DWP(12,$key)); + &ret (); +&function_end_B("_x86_Camellia_encrypt"); + +# void Camellia_DecryptBlock_Rounds( +# int grandRounds, +# const Byte ciphertext[], +# const KEY_TABLE_TYPE keyTable, +# Byte plaintext[]) +&function_begin("Camellia_DecryptBlock_Rounds"); + &mov ("eax",&wparam(0)); # load grandRounds + &mov ($idx,&wparam(1)); # load ciphertext pointer + &mov ($key,&wparam(2)); # load key schedule pointer + + &mov ("ebx","esp"); + &sub ("esp",7*4); # place for s[0-3],keyEnd,esp and ra + &and ("esp",-64); + + # place stack frame just "above mod 1024" the key schedule + # this ensures that cache associativity of 2 suffices + &lea ("ecx",&DWP(-64-63,$key)); + &sub ("ecx","esp"); + &neg ("ecx"); + &and ("ecx",0x3C0); # modulo 1024, but aligned to cache-line + &sub ("esp","ecx"); + &add ("esp",4); # 4 is reserved for callee's return address + + &shl ("eax",6); + &mov (&DWP(4*4,"esp"),$key); # save keyStart + &lea ($key,&DWP(0,$key,"eax")); + &mov (&DWP(5*4,"esp"),"ebx");# save %esp + + &call (&label("pic_point")); + &set_label("pic_point"); + &blindpop($Tbl); + &lea ($Tbl,&DWP(&label("Camellia_SBOX")."-".&label("pic_point"),$Tbl)); + + &mov (@T[0],&DWP(0,$idx)); # load ciphertext + &mov (@T[1],&DWP(4,$idx)); + &mov (@T[2],&DWP(8,$idx)); + &bswap (@T[0]); + &mov (@T[3],&DWP(12,$idx)); + &bswap (@T[1]); + &bswap (@T[2]); + &bswap (@T[3]); + + &call ("_x86_Camellia_decrypt"); + + &mov ("esp",&DWP(5*4,"esp")); + &bswap (@T[0]); + &mov ($idx,&wparam(3)); # load plaintext pointer + &bswap (@T[1]); + &bswap (@T[2]); + &bswap (@T[3]); + &mov (&DWP(0,$idx),@T[0]); # write plaintext + &mov (&DWP(4,$idx),@T[1]); + &mov (&DWP(8,$idx),@T[2]); + &mov (&DWP(12,$idx),@T[3]); +&function_end("Camellia_DecryptBlock_Rounds"); +# V1.x API +&function_begin_B("Camellia_DecryptBlock"); + &mov ("eax",128); + &sub ("eax",&wparam(0)); # load keyBitLength + &mov ("eax",3); + &adc ("eax",0); # keyBitLength==128?3:4 + &mov (&wparam(0),"eax"); + &jmp (&label("Camellia_DecryptBlock_Rounds")); +&function_end_B("Camellia_DecryptBlock"); + +if ($OPENSSL) { +# void Camellia_decrypt( +# const unsigned char *in, +# unsigned char *out, +# const CAMELLIA_KEY *key) +&function_begin("Camellia_decrypt"); + &mov ($idx,&wparam(0)); # load ciphertext pointer + &mov ($key,&wparam(2)); # load key schedule pointer + + &mov ("ebx","esp"); + &sub ("esp",7*4); # place for s[0-3],keyEnd,esp and ra + &and ("esp",-64); + &mov ("eax",&DWP(272,$key)); # load grandRounds counter + + # place stack frame just "above mod 1024" the key schedule + # this ensures that cache associativity of 2 suffices + &lea ("ecx",&DWP(-64-63,$key)); + &sub ("ecx","esp"); + &neg ("ecx"); + &and ("ecx",0x3C0); # modulo 1024, but aligned to cache-line + &sub ("esp","ecx"); + &add ("esp",4); # 4 is reserved for callee's return address + + &shl ("eax",6); + &mov (&DWP(4*4,"esp"),$key); # save keyStart + &lea ($key,&DWP(0,$key,"eax")); + &mov (&DWP(5*4,"esp"),"ebx");# save %esp + + &call (&label("pic_point")); + &set_label("pic_point"); + &blindpop($Tbl); + &lea ($Tbl,&DWP(&label("Camellia_SBOX")."-".&label("pic_point"),$Tbl)); + + &mov (@T[0],&DWP(0,$idx)); # load ciphertext + &mov (@T[1],&DWP(4,$idx)); + &mov (@T[2],&DWP(8,$idx)); + &bswap (@T[0]); + &mov (@T[3],&DWP(12,$idx)); + &bswap (@T[1]); + &bswap (@T[2]); + &bswap (@T[3]); + + &call ("_x86_Camellia_decrypt"); + + &mov ("esp",&DWP(5*4,"esp")); + &bswap (@T[0]); + &mov ($idx,&wparam(1)); # load plaintext pointer + &bswap (@T[1]); + &bswap (@T[2]); + &bswap (@T[3]); + &mov (&DWP(0,$idx),@T[0]); # write plaintext + &mov (&DWP(4,$idx),@T[1]); + &mov (&DWP(8,$idx),@T[2]); + &mov (&DWP(12,$idx),@T[3]); +&function_end("Camellia_decrypt"); +} + +&function_begin_B("_x86_Camellia_decrypt"); + &xor (@T[0],&DWP(0,$key)); # ^=key[0-3] + &xor (@T[1],&DWP(4,$key)); + &xor (@T[2],&DWP(8,$key)); + &xor (@T[3],&DWP(12,$key)); + &mov ($idx,&DWP(-8,$key)); # prefetch key[-2] + + &mov ($__s0,@T[0]); # save s[0-3] + &mov ($__s1,@T[1]); + &mov ($__s2,@T[2]); + &mov ($__s3,@T[3]); + +&set_label("loop",16); + for ($i=0;$i<6;$i++) { Camellia_Feistel($i,-8,4); } + + &sub ($key,16*4); + &cmp ($key,$__end); + &je (&label("done")); + + # @T[0-1] are preloaded, $idx is preloaded with key[2] + &and ($idx,@T[0]); + &mov (@T[3],$__s3); + &rotl ($idx,1); + &mov (@T[2],@T[3]); + &xor (@T[1],$idx); + &or (@T[2],&DWP(4,$key)); + &mov ($__s1,@T[1]); # s1^=LeftRotate(s0&key[0],1); + &xor (@T[2],$__s2); + + &mov ($idx,&DWP(12,$key)); + &mov ($__s2,@T[2]); # s2^=s3|key[3]; + &or ($idx,@T[1]); + &and (@T[2],&DWP(0,$key)); + &xor (@T[0],$idx); + &rotl (@T[2],1); + &mov ($__s0,@T[0]); # s0^=s1|key[1]; + &xor (@T[3],@T[2]); + &mov ($idx,&DWP(-8,$key)); # prefetch key[4] + &mov ($__s3,@T[3]); # s3^=LeftRotate(s2&key[2],1); + &jmp (&label("loop")); + +&set_label("done",8); + &mov (@T[2],@T[0]); # SwapHalf + &mov (@T[3],@T[1]); + &mov (@T[0],$__s2); + &mov (@T[1],$__s3); + &xor (@T[2],$idx); # $idx is preloaded with key[2] + &xor (@T[3],&DWP(12,$key)); + &xor (@T[0],&DWP(0,$key)); + &xor (@T[1],&DWP(4,$key)); + &ret (); +&function_end_B("_x86_Camellia_decrypt"); + +# shld is very slow on Intel P4 family. Even on AMD it limits +# instruction decode rate [because it's VectorPath] and consequently +# performance. PIII, PM and Core[2] seem to be the only ones which +# execute this code ~7% faster... +sub __rotl128 { + my ($i0,$i1,$i2,$i3,$rot,$rnd,@T)=@_; + + $rnd *= 2; + if ($rot) { + &mov ($idx,$i0); + &shld ($i0,$i1,$rot); + &shld ($i1,$i2,$rot); + &shld ($i2,$i3,$rot); + &shld ($i3,$idx,$rot); + } + &mov (&DWP(-128+4*$rnd++,$key),shift(@T)) if ($i0 eq @T[0]); + &mov (&DWP(-128+4*$rnd++,$key),shift(@T)) if ($i1 eq @T[0]); + &mov (&DWP(-128+4*$rnd++,$key),shift(@T)) if ($i2 eq @T[0]); + &mov (&DWP(-128+4*$rnd++,$key),shift(@T)) if ($i3 eq @T[0]); +} + +# ... Implementing 128-bit rotate without shld gives >3x performance +# improvement on P4, only ~7% degradation on other Intel CPUs and +# not worse performance on AMD. This is therefore preferred. +sub _rotl128 { + my ($i0,$i1,$i2,$i3,$rot,$rnd,@T)=@_; + + $rnd *= 2; + if ($rot) { + &mov ($Tbl,$i0); + &shl ($i0,$rot); + &mov ($idx,$i1); + &shr ($idx,32-$rot); + &shl ($i1,$rot); + &or ($i0,$idx); + &mov ($idx,$i2); + &shl ($i2,$rot); + &mov (&DWP(-128+4*$rnd++,$key),shift(@T)) if ($i0 eq @T[0]); + &shr ($idx,32-$rot); + &or ($i1,$idx); + &shr ($Tbl,32-$rot); + &mov ($idx,$i3); + &shr ($idx,32-$rot); + &mov (&DWP(-128+4*$rnd++,$key),shift(@T)) if ($i1 eq @T[0]); + &shl ($i3,$rot); + &or ($i2,$idx); + &or ($i3,$Tbl); + &mov (&DWP(-128+4*$rnd++,$key),shift(@T)) if ($i2 eq @T[0]); + &mov (&DWP(-128+4*$rnd++,$key),shift(@T)) if ($i3 eq @T[0]); + } else { + &mov (&DWP(-128+4*$rnd++,$key),shift(@T)) if ($i0 eq @T[0]); + &mov (&DWP(-128+4*$rnd++,$key),shift(@T)) if ($i1 eq @T[0]); + &mov (&DWP(-128+4*$rnd++,$key),shift(@T)) if ($i2 eq @T[0]); + &mov (&DWP(-128+4*$rnd++,$key),shift(@T)) if ($i3 eq @T[0]); + } +} + +sub _saveround { +my ($rnd,$key,@T)=@_; +my $bias=int(@T[0])?shift(@T):0; + + &mov (&DWP($bias+$rnd*8+0,$key),@T[0]); + &mov (&DWP($bias+$rnd*8+4,$key),@T[1]) if ($#T>=1); + &mov (&DWP($bias+$rnd*8+8,$key),@T[2]) if ($#T>=2); + &mov (&DWP($bias+$rnd*8+12,$key),@T[3]) if ($#T>=3); +} + +sub _loadround { +my ($rnd,$key,@T)=@_; +my $bias=int(@T[0])?shift(@T):0; + + &mov (@T[0],&DWP($bias+$rnd*8+0,$key)); + &mov (@T[1],&DWP($bias+$rnd*8+4,$key)) if ($#T>=1); + &mov (@T[2],&DWP($bias+$rnd*8+8,$key)) if ($#T>=2); + &mov (@T[3],&DWP($bias+$rnd*8+12,$key)) if ($#T>=3); +} + +# void Camellia_Ekeygen( +# const int keyBitLength, +# const Byte *rawKey, +# KEY_TABLE_TYPE keyTable) +&function_begin("Camellia_Ekeygen"); +{ my $step=0; + + &stack_push(4); # place for s[0-3] + + &mov ($Tbl,&wparam(0)); # load arguments + &mov ($idx,&wparam(1)); + &mov ($key,&wparam(2)); + + &mov (@T[0],&DWP(0,$idx)); # load 0-127 bits + &mov (@T[1],&DWP(4,$idx)); + &mov (@T[2],&DWP(8,$idx)); + &mov (@T[3],&DWP(12,$idx)); + + &bswap (@T[0]); + &bswap (@T[1]); + &bswap (@T[2]); + &bswap (@T[3]); + + &_saveround (0,$key,@T); # KL<<<0 + + &cmp ($Tbl,128); + &je (&label("1st128")); + + &mov (@T[0],&DWP(16,$idx)); # load 128-191 bits + &mov (@T[1],&DWP(20,$idx)); + &cmp ($Tbl,192); + &je (&label("1st192")); + &mov (@T[2],&DWP(24,$idx)); # load 192-255 bits + &mov (@T[3],&DWP(28,$idx)); + &jmp (&label("1st256")); +&set_label("1st192",4); + &mov (@T[2],@T[0]); + &mov (@T[3],@T[1]); + ¬ (@T[2]); + ¬ (@T[3]); +&set_label("1st256",4); + &bswap (@T[0]); + &bswap (@T[1]); + &bswap (@T[2]); + &bswap (@T[3]); + + &_saveround (4,$key,@T); # temporary storage for KR! + + &xor (@T[0],&DWP(0*8+0,$key)); # KR^KL + &xor (@T[1],&DWP(0*8+4,$key)); + &xor (@T[2],&DWP(1*8+0,$key)); + &xor (@T[3],&DWP(1*8+4,$key)); + +&set_label("1st128",4); + &call (&label("pic_point")); + &set_label("pic_point"); + &blindpop($Tbl); + &lea ($Tbl,&DWP(&label("Camellia_SBOX")."-".&label("pic_point"),$Tbl)); + &lea ($key,&DWP(&label("Camellia_SIGMA")."-".&label("Camellia_SBOX"),$Tbl)); + + &mov ($idx,&DWP($step*8,$key)); # prefetch SIGMA[0] + &mov (&swtmp(0),@T[0]); # save s[0-3] + &mov (&swtmp(1),@T[1]); + &mov (&swtmp(2),@T[2]); + &mov (&swtmp(3),@T[3]); + &Camellia_Feistel($step++); + &Camellia_Feistel($step++); + &mov (@T[2],&swtmp(2)); + &mov (@T[3],&swtmp(3)); + + &mov ($idx,&wparam(2)); + &xor (@T[0],&DWP(0*8+0,$idx)); # ^KL + &xor (@T[1],&DWP(0*8+4,$idx)); + &xor (@T[2],&DWP(1*8+0,$idx)); + &xor (@T[3],&DWP(1*8+4,$idx)); + + &mov ($idx,&DWP($step*8,$key)); # prefetch SIGMA[4] + &mov (&swtmp(0),@T[0]); # save s[0-3] + &mov (&swtmp(1),@T[1]); + &mov (&swtmp(2),@T[2]); + &mov (&swtmp(3),@T[3]); + &Camellia_Feistel($step++); + &Camellia_Feistel($step++); + &mov (@T[2],&swtmp(2)); + &mov (@T[3],&swtmp(3)); + + &mov ($idx,&wparam(0)); + &cmp ($idx,128); + &jne (&label("2nd256")); + + &mov ($key,&wparam(2)); + &lea ($key,&DWP(128,$key)); # size optimization + + ####### process KA + &_saveround (2,$key,-128,@T); # KA<<<0 + &_rotl128 (@T,15,6,@T); # KA<<<15 + &_rotl128 (@T,15,8,@T); # KA<<<(15+15=30) + &_rotl128 (@T,15,12,@T[0],@T[1]); # KA<<<(30+15=45) + &_rotl128 (@T,15,14,@T); # KA<<<(45+15=60) + push (@T,shift(@T)); # rotl128(@T,32); + &_rotl128 (@T,2,20,@T); # KA<<<(60+32+2=94) + &_rotl128 (@T,17,24,@T); # KA<<<(94+17=111) + + ####### process KL + &_loadround (0,$key,-128,@T); # load KL + &_rotl128 (@T,15,4,@T); # KL<<<15 + &_rotl128 (@T,30,10,@T); # KL<<<(15+30=45) + &_rotl128 (@T,15,13,@T[2],@T[3]); # KL<<<(45+15=60) + &_rotl128 (@T,17,16,@T); # KL<<<(60+17=77) + &_rotl128 (@T,17,18,@T); # KL<<<(77+17=94) + &_rotl128 (@T,17,22,@T); # KL<<<(94+17=111) + + while (@T[0] ne "eax") # restore order + { unshift (@T,pop(@T)); } + + &mov ("eax",3); # 3 grandRounds + &jmp (&label("done")); + +&set_label("2nd256",16); + &mov ($idx,&wparam(2)); + &_saveround (6,$idx,@T); # temporary storage for KA! + + &xor (@T[0],&DWP(4*8+0,$idx)); # KA^KR + &xor (@T[1],&DWP(4*8+4,$idx)); + &xor (@T[2],&DWP(5*8+0,$idx)); + &xor (@T[3],&DWP(5*8+4,$idx)); + + &mov ($idx,&DWP($step*8,$key)); # prefetch SIGMA[8] + &mov (&swtmp(0),@T[0]); # save s[0-3] + &mov (&swtmp(1),@T[1]); + &mov (&swtmp(2),@T[2]); + &mov (&swtmp(3),@T[3]); + &Camellia_Feistel($step++); + &Camellia_Feistel($step++); + &mov (@T[2],&swtmp(2)); + &mov (@T[3],&swtmp(3)); + + &mov ($key,&wparam(2)); + &lea ($key,&DWP(128,$key)); # size optimization + + ####### process KB + &_saveround (2,$key,-128,@T); # KB<<<0 + &_rotl128 (@T,30,10,@T); # KB<<<30 + &_rotl128 (@T,30,20,@T); # KB<<<(30+30=60) + push (@T,shift(@T)); # rotl128(@T,32); + &_rotl128 (@T,19,32,@T); # KB<<<(60+32+19=111) + + ####### process KR + &_loadround (4,$key,-128,@T); # load KR + &_rotl128 (@T,15,4,@T); # KR<<<15 + &_rotl128 (@T,15,8,@T); # KR<<<(15+15=30) + &_rotl128 (@T,30,18,@T); # KR<<<(30+30=60) + push (@T,shift(@T)); # rotl128(@T,32); + &_rotl128 (@T,2,26,@T); # KR<<<(60+32+2=94) + + ####### process KA + &_loadround (6,$key,-128,@T); # load KA + &_rotl128 (@T,15,6,@T); # KA<<<15 + &_rotl128 (@T,30,14,@T); # KA<<<(15+30=45) + push (@T,shift(@T)); # rotl128(@T,32); + &_rotl128 (@T,0,24,@T); # KA<<<(45+32+0=77) + &_rotl128 (@T,17,28,@T); # KA<<<(77+17=94) + + ####### process KL + &_loadround (0,$key,-128,@T); # load KL + push (@T,shift(@T)); # rotl128(@T,32); + &_rotl128 (@T,13,12,@T); # KL<<<(32+13=45) + &_rotl128 (@T,15,16,@T); # KL<<<(45+15=60) + &_rotl128 (@T,17,22,@T); # KL<<<(60+17=77) + push (@T,shift(@T)); # rotl128(@T,32); + &_rotl128 (@T,2,30,@T); # KL<<<(77+32+2=111) + + while (@T[0] ne "eax") # restore order + { unshift (@T,pop(@T)); } + + &mov ("eax",4); # 4 grandRounds +&set_label("done"); + &lea ("edx",&DWP(272-128,$key)); # end of key schedule + &stack_pop(4); +} +&function_end("Camellia_Ekeygen"); + +if ($OPENSSL) { +# int Camellia_set_key ( +# const unsigned char *userKey, +# int bits, +# CAMELLIA_KEY *key) +&function_begin_B("Camellia_set_key"); + &push ("ebx"); + &mov ("ecx",&wparam(0)); # pull arguments + &mov ("ebx",&wparam(1)); + &mov ("edx",&wparam(2)); + + &mov ("eax",-1); + &test ("ecx","ecx"); + &jz (&label("done")); # userKey==NULL? + &test ("edx","edx"); + &jz (&label("done")); # key==NULL? + + &mov ("eax",-2); + &cmp ("ebx",256); + &je (&label("arg_ok")); # bits==256? + &cmp ("ebx",192); + &je (&label("arg_ok")); # bits==192? + &cmp ("ebx",128); + &jne (&label("done")); # bits!=128? +&set_label("arg_ok",4); + + &push ("edx"); # push arguments + &push ("ecx"); + &push ("ebx"); + &call ("Camellia_Ekeygen"); + &stack_pop(3); + + # eax holds grandRounds and edx points at where to put it + &mov (&DWP(0,"edx"),"eax"); + &xor ("eax","eax"); +&set_label("done",4); + &pop ("ebx"); + &ret (); +&function_end_B("Camellia_set_key"); +} + +@SBOX=( +112,130, 44,236,179, 39,192,229,228,133, 87, 53,234, 12,174, 65, + 35,239,107,147, 69, 25,165, 33,237, 14, 79, 78, 29,101,146,189, +134,184,175,143,124,235, 31,206, 62, 48,220, 95, 94,197, 11, 26, +166,225, 57,202,213, 71, 93, 61,217, 1, 90,214, 81, 86,108, 77, +139, 13,154,102,251,204,176, 45,116, 18, 43, 32,240,177,132,153, +223, 76,203,194, 52,126,118, 5,109,183,169, 49,209, 23, 4,215, + 20, 88, 58, 97,222, 27, 17, 28, 50, 15,156, 22, 83, 24,242, 34, +254, 68,207,178,195,181,122,145, 36, 8,232,168, 96,252,105, 80, +170,208,160,125,161,137, 98,151, 84, 91, 30,149,224,255,100,210, + 16,196, 0, 72,163,247,117,219,138, 3,230,218, 9, 63,221,148, +135, 92,131, 2,205, 74,144, 51,115,103,246,243,157,127,191,226, + 82,155,216, 38,200, 55,198, 59,129,150,111, 75, 19,190, 99, 46, +233,121,167,140,159,110,188,142, 41,245,249,182, 47,253,180, 89, +120,152, 6,106,231, 70,113,186,212, 37,171, 66,136,162,141,250, +114, 7,185, 85,248,238,172, 10, 54, 73, 42,104, 60, 56,241,164, + 64, 40,211,123,187,201, 67,193, 21,227,173,244,119,199,128,158); + +sub S1110 { my $i=shift; $i=@SBOX[$i]; return $i<<24|$i<<16|$i<<8; } +sub S4404 { my $i=shift; $i=($i<<1|$i>>7)&0xff; $i=@SBOX[$i]; return $i<<24|$i<<16|$i; } +sub S0222 { my $i=shift; $i=@SBOX[$i]; $i=($i<<1|$i>>7)&0xff; return $i<<16|$i<<8|$i; } +sub S3033 { my $i=shift; $i=@SBOX[$i]; $i=($i>>1|$i<<7)&0xff; return $i<<24|$i<<8|$i; } + +&set_label("Camellia_SIGMA",64); +&data_word( + 0xa09e667f, 0x3bcc908b, 0xb67ae858, 0x4caa73b2, + 0xc6ef372f, 0xe94f82be, 0x54ff53a5, 0xf1d36f1c, + 0x10e527fa, 0xde682d1d, 0xb05688c2, 0xb3e6c1fd, + 0, 0, 0, 0); +&set_label("Camellia_SBOX",64); +# tables are interleaved, remember? +for ($i=0;$i<256;$i++) { &data_word(&S1110($i),&S4404($i)); } +for ($i=0;$i<256;$i++) { &data_word(&S0222($i),&S3033($i)); } + +# void Camellia_cbc_encrypt (const void char *inp, unsigned char *out, +# size_t length, const CAMELLIA_KEY *key, +# unsigned char *ivp,const int enc); +{ +# stack frame layout +# -4(%esp) # return address 0(%esp) +# 0(%esp) # s0 4(%esp) +# 4(%esp) # s1 8(%esp) +# 8(%esp) # s2 12(%esp) +# 12(%esp) # s3 16(%esp) +# 16(%esp) # end of key schedule 20(%esp) +# 20(%esp) # %esp backup +my $_inp=&DWP(24,"esp"); #copy of wparam(0) +my $_out=&DWP(28,"esp"); #copy of wparam(1) +my $_len=&DWP(32,"esp"); #copy of wparam(2) +my $_key=&DWP(36,"esp"); #copy of wparam(3) +my $_ivp=&DWP(40,"esp"); #copy of wparam(4) +my $ivec=&DWP(44,"esp"); #ivec[16] +my $_tmp=&DWP(44,"esp"); #volatile variable [yes, aliases with ivec] +my ($s0,$s1,$s2,$s3) = @T; + +&function_begin("Camellia_cbc_encrypt"); + &mov ($s2 eq "ecx"? $s2 : "",&wparam(2)); # load len + &cmp ($s2,0); + &je (&label("enc_out")); + + &pushf (); + &cld (); + + &mov ($s0,&wparam(0)); # load inp + &mov ($s1,&wparam(1)); # load out + #&mov ($s2,&wparam(2)); # load len + &mov ($s3,&wparam(3)); # load key + &mov ($Tbl,&wparam(4)); # load ivp + + # allocate aligned stack frame... + &lea ($idx,&DWP(-64,"esp")); + &and ($idx,-64); + + # place stack frame just "above mod 1024" the key schedule + # this ensures that cache associativity of 2 suffices + &lea ($key,&DWP(-64-63,$s3)); + &sub ($key,$idx); + &neg ($key); + &and ($key,0x3C0); # modulo 1024, but aligned to cache-line + &sub ($idx,$key); + + &mov ($key,&wparam(5)); # load enc + + &exch ("esp",$idx); + &add ("esp",4); # reserve for return address! + &mov ($_esp,$idx); # save %esp + + &mov ($_inp,$s0); # save copy of inp + &mov ($_out,$s1); # save copy of out + &mov ($_len,$s2); # save copy of len + &mov ($_key,$s3); # save copy of key + &mov ($_ivp,$Tbl); # save copy of ivp + + &call (&label("pic_point")); # make it PIC! + &set_label("pic_point"); + &blindpop($Tbl); + &lea ($Tbl,&DWP(&label("Camellia_SBOX")."-".&label("pic_point"),$Tbl)); + + &mov ($idx,32); + &set_label("prefetch_sbox",4); + &mov ($s0,&DWP(0,$Tbl)); + &mov ($s1,&DWP(32,$Tbl)); + &mov ($s2,&DWP(64,$Tbl)); + &mov ($s3,&DWP(96,$Tbl)); + &lea ($Tbl,&DWP(128,$Tbl)); + &dec ($idx); + &jnz (&label("prefetch_sbox")); + &mov ($s0,$_key); + &sub ($Tbl,4096); + &mov ($idx,$_inp); + &mov ($s3,&DWP(272,$s0)); # load grandRounds + + &cmp ($key,0); + &je (&label("DECRYPT")); + + &mov ($s2,$_len); + &mov ($key,$_ivp); + &shl ($s3,6); + &lea ($s3,&DWP(0,$s0,$s3)); + &mov ($_end,$s3); + + &test ($s2,0xFFFFFFF0); + &jz (&label("enc_tail")); # short input... + + &mov ($s0,&DWP(0,$key)); # load iv + &mov ($s1,&DWP(4,$key)); + + &set_label("enc_loop",4); + &mov ($s2,&DWP(8,$key)); + &mov ($s3,&DWP(12,$key)); + + &xor ($s0,&DWP(0,$idx)); # xor input data + &xor ($s1,&DWP(4,$idx)); + &xor ($s2,&DWP(8,$idx)); + &bswap ($s0); + &xor ($s3,&DWP(12,$idx)); + &bswap ($s1); + &mov ($key,$_key); # load key + &bswap ($s2); + &bswap ($s3); + + &call ("_x86_Camellia_encrypt"); + + &mov ($idx,$_inp); # load inp + &mov ($key,$_out); # load out + + &bswap ($s0); + &bswap ($s1); + &bswap ($s2); + &mov (&DWP(0,$key),$s0); # save output data + &bswap ($s3); + &mov (&DWP(4,$key),$s1); + &mov (&DWP(8,$key),$s2); + &mov (&DWP(12,$key),$s3); + + &mov ($s2,$_len); # load len + + &lea ($idx,&DWP(16,$idx)); + &mov ($_inp,$idx); # save inp + + &lea ($s3,&DWP(16,$key)); + &mov ($_out,$s3); # save out + + &sub ($s2,16); + &test ($s2,0xFFFFFFF0); + &mov ($_len,$s2); # save len + &jnz (&label("enc_loop")); + &test ($s2,15); + &jnz (&label("enc_tail")); + &mov ($idx,$_ivp); # load ivp + &mov ($s2,&DWP(8,$key)); # restore last dwords + &mov ($s3,&DWP(12,$key)); + &mov (&DWP(0,$idx),$s0); # save ivec + &mov (&DWP(4,$idx),$s1); + &mov (&DWP(8,$idx),$s2); + &mov (&DWP(12,$idx),$s3); + + &mov ("esp",$_esp); + &popf (); + &set_label("enc_out"); + &function_end_A(); + &pushf (); # kludge, never executed + + &set_label("enc_tail",4); + &mov ($s0,$key eq "edi" ? $key : ""); + &mov ($key,$_out); # load out + &push ($s0); # push ivp + &mov ($s1,16); + &sub ($s1,$s2); + &cmp ($key,$idx); # compare with inp + &je (&label("enc_in_place")); + &align (4); + &data_word(0xA4F3F689); # rep movsb # copy input + &jmp (&label("enc_skip_in_place")); + &set_label("enc_in_place"); + &lea ($key,&DWP(0,$key,$s2)); + &set_label("enc_skip_in_place"); + &mov ($s2,$s1); + &xor ($s0,$s0); + &align (4); + &data_word(0xAAF3F689); # rep stosb # zero tail + &pop ($key); # pop ivp + + &mov ($idx,$_out); # output as input + &mov ($s0,&DWP(0,$key)); + &mov ($s1,&DWP(4,$key)); + &mov ($_len,16); # len=16 + &jmp (&label("enc_loop")); # one more spin... + +#----------------------------- DECRYPT -----------------------------# +&set_label("DECRYPT",16); + &shl ($s3,6); + &lea ($s3,&DWP(0,$s0,$s3)); + &mov ($_end,$s0); + &mov ($_key,$s3); + + &cmp ($idx,$_out); + &je (&label("dec_in_place")); # in-place processing... + + &mov ($key,$_ivp); # load ivp + &mov ($_tmp,$key); + + &set_label("dec_loop",4); + &mov ($s0,&DWP(0,$idx)); # read input + &mov ($s1,&DWP(4,$idx)); + &mov ($s2,&DWP(8,$idx)); + &bswap ($s0); + &mov ($s3,&DWP(12,$idx)); + &bswap ($s1); + &mov ($key,$_key); # load key + &bswap ($s2); + &bswap ($s3); + + &call ("_x86_Camellia_decrypt"); + + &mov ($key,$_tmp); # load ivp + &mov ($idx,$_len); # load len + + &bswap ($s0); + &bswap ($s1); + &bswap ($s2); + &xor ($s0,&DWP(0,$key)); # xor iv + &bswap ($s3); + &xor ($s1,&DWP(4,$key)); + &xor ($s2,&DWP(8,$key)); + &xor ($s3,&DWP(12,$key)); + + &sub ($idx,16); + &jc (&label("dec_partial")); + &mov ($_len,$idx); # save len + &mov ($idx,$_inp); # load inp + &mov ($key,$_out); # load out + + &mov (&DWP(0,$key),$s0); # write output + &mov (&DWP(4,$key),$s1); + &mov (&DWP(8,$key),$s2); + &mov (&DWP(12,$key),$s3); + + &mov ($_tmp,$idx); # save ivp + &lea ($idx,&DWP(16,$idx)); + &mov ($_inp,$idx); # save inp + + &lea ($key,&DWP(16,$key)); + &mov ($_out,$key); # save out + + &jnz (&label("dec_loop")); + &mov ($key,$_tmp); # load temp ivp + &set_label("dec_end"); + &mov ($idx,$_ivp); # load user ivp + &mov ($s0,&DWP(0,$key)); # load iv + &mov ($s1,&DWP(4,$key)); + &mov ($s2,&DWP(8,$key)); + &mov ($s3,&DWP(12,$key)); + &mov (&DWP(0,$idx),$s0); # copy back to user + &mov (&DWP(4,$idx),$s1); + &mov (&DWP(8,$idx),$s2); + &mov (&DWP(12,$idx),$s3); + &jmp (&label("dec_out")); + + &set_label("dec_partial",4); + &lea ($key,$ivec); + &mov (&DWP(0,$key),$s0); # dump output to stack + &mov (&DWP(4,$key),$s1); + &mov (&DWP(8,$key),$s2); + &mov (&DWP(12,$key),$s3); + &lea ($s2 eq "ecx" ? $s2 : "",&DWP(16,$idx)); + &mov ($idx eq "esi" ? $idx : "",$key); + &mov ($key eq "edi" ? $key : "",$_out); # load out + &data_word(0xA4F3F689); # rep movsb # copy output + &mov ($key,$_inp); # use inp as temp ivp + &jmp (&label("dec_end")); + + &set_label("dec_in_place",4); + &set_label("dec_in_place_loop"); + &lea ($key,$ivec); + &mov ($s0,&DWP(0,$idx)); # read input + &mov ($s1,&DWP(4,$idx)); + &mov ($s2,&DWP(8,$idx)); + &mov ($s3,&DWP(12,$idx)); + + &mov (&DWP(0,$key),$s0); # copy to temp + &mov (&DWP(4,$key),$s1); + &mov (&DWP(8,$key),$s2); + &bswap ($s0); + &mov (&DWP(12,$key),$s3); + &bswap ($s1); + &mov ($key,$_key); # load key + &bswap ($s2); + &bswap ($s3); + + &call ("_x86_Camellia_decrypt"); + + &mov ($key,$_ivp); # load ivp + &mov ($idx,$_out); # load out + + &bswap ($s0); + &bswap ($s1); + &bswap ($s2); + &xor ($s0,&DWP(0,$key)); # xor iv + &bswap ($s3); + &xor ($s1,&DWP(4,$key)); + &xor ($s2,&DWP(8,$key)); + &xor ($s3,&DWP(12,$key)); + + &mov (&DWP(0,$idx),$s0); # write output + &mov (&DWP(4,$idx),$s1); + &mov (&DWP(8,$idx),$s2); + &mov (&DWP(12,$idx),$s3); + + &lea ($idx,&DWP(16,$idx)); + &mov ($_out,$idx); # save out + + &lea ($idx,$ivec); + &mov ($s0,&DWP(0,$idx)); # read temp + &mov ($s1,&DWP(4,$idx)); + &mov ($s2,&DWP(8,$idx)); + &mov ($s3,&DWP(12,$idx)); + + &mov (&DWP(0,$key),$s0); # copy iv + &mov (&DWP(4,$key),$s1); + &mov (&DWP(8,$key),$s2); + &mov (&DWP(12,$key),$s3); + + &mov ($idx,$_inp); # load inp + + &lea ($idx,&DWP(16,$idx)); + &mov ($_inp,$idx); # save inp + + &mov ($s2,$_len); # load len + &sub ($s2,16); + &jc (&label("dec_in_place_partial")); + &mov ($_len,$s2); # save len + &jnz (&label("dec_in_place_loop")); + &jmp (&label("dec_out")); + + &set_label("dec_in_place_partial",4); + # one can argue if this is actually required... + &mov ($key eq "edi" ? $key : "",$_out); + &lea ($idx eq "esi" ? $idx : "",$ivec); + &lea ($key,&DWP(0,$key,$s2)); + &lea ($idx,&DWP(16,$idx,$s2)); + &neg ($s2 eq "ecx" ? $s2 : ""); + &data_word(0xA4F3F689); # rep movsb # restore tail + + &set_label("dec_out",4); + &mov ("esp",$_esp); + &popf (); +&function_end("Camellia_cbc_encrypt"); +} + +&asciz("Camellia for x86 by "); + +&asm_finish(); diff --git a/src/lib/libcrypto/camellia/asm/cmll-x86_64.pl b/src/lib/libcrypto/camellia/asm/cmll-x86_64.pl new file mode 100644 index 00000000000..df6bf11a288 --- /dev/null +++ b/src/lib/libcrypto/camellia/asm/cmll-x86_64.pl @@ -0,0 +1,867 @@ +#!/usr/bin/env perl + +# ==================================================================== +# Copyright (c) 2008 Andy Polyakov +# +# This module may be used under the terms of either the GNU General +# Public License version 2 or later, the GNU Lesser General Public +# License version 2.1 or later, the Mozilla Public License version +# 1.1 or the BSD License. The exact terms of either license are +# distributed along with this module. For further details see +# http://www.openssl.org/~appro/camellia/. +# ==================================================================== + +# Performance in cycles per processed byte (less is better) in +# 'openssl speed ...' benchmark: +# +# AMD64 Core2 EM64T +# -evp camellia-128-ecb 16.7 21.0 22.7 +# + over gcc 3.4.6 +25% +5% 0% +# +# camellia-128-cbc 15.7 20.4 21.1 +# +# 128-bit key setup 128 216 205 cycles/key +# + over gcc 3.4.6 +54% +39% +15% +# +# Numbers in "+" rows represent performance improvement over compiler +# generated code. Key setup timings are impressive on AMD and Core2 +# thanks to 64-bit operations being covertly deployed. Improvement on +# EM64T, pre-Core2 Intel x86_64 CPU, is not as impressive, because it +# apparently emulates some of 64-bit operations in [32-bit] microcode. + +$flavour = shift; +$output = shift; +if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or +die "can't locate x86_64-xlate.pl"; + +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; + +sub hi() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1h/; $r; } +sub lo() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1l/; + $r =~ s/%[er]([sd]i)/%\1l/; + $r =~ s/%(r[0-9]+)[d]?/%\1b/; $r; } + +$t0="%eax";$t1="%ebx";$t2="%ecx";$t3="%edx"; +@S=("%r8d","%r9d","%r10d","%r11d"); +$i0="%esi"; +$i1="%edi"; +$Tbl="%rbp"; # size optimization +$inp="%r12"; +$out="%r13"; +$key="%r14"; +$keyend="%r15"; +$arg0d="%edi"; + +# const unsigned int Camellia_SBOX[4][256]; +# Well, sort of... Camellia_SBOX[0][] is interleaved with [1][], +# and [2][] - with [3][]. This is done to minimize code size. +$SBOX1_1110=0; # Camellia_SBOX[0] +$SBOX4_4404=4; # Camellia_SBOX[1] +$SBOX2_0222=2048; # Camellia_SBOX[2] +$SBOX3_3033=2052; # Camellia_SBOX[3] + +sub Camellia_Feistel { +my $i=@_[0]; +my $seed=defined(@_[1])?@_[1]:0; +my $scale=$seed<0?-8:8; +my $j=($i&1)*2; +my $s0=@S[($j)%4],$s1=@S[($j+1)%4],$s2=@S[($j+2)%4],$s3=@S[($j+3)%4]; + +$code.=<<___; + xor $s0,$t0 # t0^=key[0] + xor $s1,$t1 # t1^=key[1] + movz `&hi("$t0")`,$i0 # (t0>>8)&0xff + movz `&lo("$t1")`,$i1 # (t1>>0)&0xff + mov $SBOX3_3033($Tbl,$i0,8),$t3 # t3=SBOX3_3033[0] + mov $SBOX1_1110($Tbl,$i1,8),$t2 # t2=SBOX1_1110[1] + movz `&lo("$t0")`,$i0 # (t0>>0)&0xff + shr \$16,$t0 + movz `&hi("$t1")`,$i1 # (t1>>8)&0xff + xor $SBOX4_4404($Tbl,$i0,8),$t3 # t3^=SBOX4_4404[0] + shr \$16,$t1 + xor $SBOX4_4404($Tbl,$i1,8),$t2 # t2^=SBOX4_4404[1] + movz `&hi("$t0")`,$i0 # (t0>>24)&0xff + movz `&lo("$t1")`,$i1 # (t1>>16)&0xff + xor $SBOX1_1110($Tbl,$i0,8),$t3 # t3^=SBOX1_1110[0] + xor $SBOX3_3033($Tbl,$i1,8),$t2 # t2^=SBOX3_3033[1] + movz `&lo("$t0")`,$i0 # (t0>>16)&0xff + movz `&hi("$t1")`,$i1 # (t1>>24)&0xff + xor $SBOX2_0222($Tbl,$i0,8),$t3 # t3^=SBOX2_0222[0] + xor $SBOX2_0222($Tbl,$i1,8),$t2 # t2^=SBOX2_0222[1] + mov `$seed+($i+1)*$scale`($key),$t1 # prefetch key[i+1] + mov `$seed+($i+1)*$scale+4`($key),$t0 + xor $t3,$t2 # t2^=t3 + ror \$8,$t3 # t3=RightRotate(t3,8) + xor $t2,$s2 + xor $t2,$s3 + xor $t3,$s3 +___ +} + +# void Camellia_EncryptBlock_Rounds( +# int grandRounds, +# const Byte plaintext[], +# const KEY_TABLE_TYPE keyTable, +# Byte ciphertext[]) +$code=<<___; +.text + +# V1.x API +.globl Camellia_EncryptBlock +.type Camellia_EncryptBlock,\@abi-omnipotent +.align 16 +Camellia_EncryptBlock: + movl \$128,%eax + subl $arg0d,%eax + movl \$3,$arg0d + adcl \$0,$arg0d # keyBitLength==128?3:4 + jmp .Lenc_rounds +.size Camellia_EncryptBlock,.-Camellia_EncryptBlock +# V2 +.globl Camellia_EncryptBlock_Rounds +.type Camellia_EncryptBlock_Rounds,\@function,4 +.align 16 +.Lenc_rounds: +Camellia_EncryptBlock_Rounds: + push %rbx + push %rbp + push %r13 + push %r14 + push %r15 +.Lenc_prologue: + + #mov %rsi,$inp # put away arguments + mov %rcx,$out + mov %rdx,$key + + shl \$6,%edi # process grandRounds + lea .LCamellia_SBOX(%rip),$Tbl + lea ($key,%rdi),$keyend + + mov 0(%rsi),@S[0] # load plaintext + mov 4(%rsi),@S[1] + mov 8(%rsi),@S[2] + bswap @S[0] + mov 12(%rsi),@S[3] + bswap @S[1] + bswap @S[2] + bswap @S[3] + + call _x86_64_Camellia_encrypt + + bswap @S[0] + bswap @S[1] + bswap @S[2] + mov @S[0],0($out) + bswap @S[3] + mov @S[1],4($out) + mov @S[2],8($out) + mov @S[3],12($out) + + mov 0(%rsp),%r15 + mov 8(%rsp),%r14 + mov 16(%rsp),%r13 + mov 24(%rsp),%rbp + mov 32(%rsp),%rbx + lea 40(%rsp),%rsp +.Lenc_epilogue: + ret +.size Camellia_EncryptBlock_Rounds,.-Camellia_EncryptBlock_Rounds + +.type _x86_64_Camellia_encrypt,\@abi-omnipotent +.align 16 +_x86_64_Camellia_encrypt: + xor 0($key),@S[1] + xor 4($key),@S[0] # ^=key[0-3] + xor 8($key),@S[3] + xor 12($key),@S[2] +.align 16 +.Leloop: + mov 16($key),$t1 # prefetch key[4-5] + mov 20($key),$t0 + +___ + for ($i=0;$i<6;$i++) { Camellia_Feistel($i,16); } +$code.=<<___; + lea 16*4($key),$key + cmp $keyend,$key + mov 8($key),$t3 # prefetch key[2-3] + mov 12($key),$t2 + je .Ledone + + and @S[0],$t0 + or @S[3],$t3 + rol \$1,$t0 + xor $t3,@S[2] # s2^=s3|key[3]; + xor $t0,@S[1] # s1^=LeftRotate(s0&key[0],1); + and @S[2],$t2 + or @S[1],$t1 + rol \$1,$t2 + xor $t1,@S[0] # s0^=s1|key[1]; + xor $t2,@S[3] # s3^=LeftRotate(s2&key[2],1); + jmp .Leloop + +.align 16 +.Ledone: + xor @S[2],$t0 # SwapHalf + xor @S[3],$t1 + xor @S[0],$t2 + xor @S[1],$t3 + + mov $t0,@S[0] + mov $t1,@S[1] + mov $t2,@S[2] + mov $t3,@S[3] + + retq +.size _x86_64_Camellia_encrypt,.-_x86_64_Camellia_encrypt + +# V1.x API +.globl Camellia_DecryptBlock +.type Camellia_DecryptBlock,\@abi-omnipotent +.align 16 +Camellia_DecryptBlock: + movl \$128,%eax + subl $arg0d,%eax + movl \$3,$arg0d + adcl \$0,$arg0d # keyBitLength==128?3:4 + jmp .Ldec_rounds +.size Camellia_DecryptBlock,.-Camellia_DecryptBlock +# V2 +.globl Camellia_DecryptBlock_Rounds +.type Camellia_DecryptBlock_Rounds,\@function,4 +.align 16 +.Ldec_rounds: +Camellia_DecryptBlock_Rounds: + push %rbx + push %rbp + push %r13 + push %r14 + push %r15 +.Ldec_prologue: + + #mov %rsi,$inp # put away arguments + mov %rcx,$out + mov %rdx,$keyend + + shl \$6,%edi # process grandRounds + lea .LCamellia_SBOX(%rip),$Tbl + lea ($keyend,%rdi),$key + + mov 0(%rsi),@S[0] # load plaintext + mov 4(%rsi),@S[1] + mov 8(%rsi),@S[2] + bswap @S[0] + mov 12(%rsi),@S[3] + bswap @S[1] + bswap @S[2] + bswap @S[3] + + call _x86_64_Camellia_decrypt + + bswap @S[0] + bswap @S[1] + bswap @S[2] + mov @S[0],0($out) + bswap @S[3] + mov @S[1],4($out) + mov @S[2],8($out) + mov @S[3],12($out) + + mov 0(%rsp),%r15 + mov 8(%rsp),%r14 + mov 16(%rsp),%r13 + mov 24(%rsp),%rbp + mov 32(%rsp),%rbx + lea 40(%rsp),%rsp +.Ldec_epilogue: + ret +.size Camellia_DecryptBlock_Rounds,.-Camellia_DecryptBlock_Rounds + +.type _x86_64_Camellia_decrypt,\@abi-omnipotent +.align 16 +_x86_64_Camellia_decrypt: + xor 0($key),@S[1] + xor 4($key),@S[0] # ^=key[0-3] + xor 8($key),@S[3] + xor 12($key),@S[2] +.align 16 +.Ldloop: + mov -8($key),$t1 # prefetch key[4-5] + mov -4($key),$t0 + +___ + for ($i=0;$i<6;$i++) { Camellia_Feistel($i,-8); } +$code.=<<___; + lea -16*4($key),$key + cmp $keyend,$key + mov 0($key),$t3 # prefetch key[2-3] + mov 4($key),$t2 + je .Lddone + + and @S[0],$t0 + or @S[3],$t3 + rol \$1,$t0 + xor $t3,@S[2] # s2^=s3|key[3]; + xor $t0,@S[1] # s1^=LeftRotate(s0&key[0],1); + and @S[2],$t2 + or @S[1],$t1 + rol \$1,$t2 + xor $t1,@S[0] # s0^=s1|key[1]; + xor $t2,@S[3] # s3^=LeftRotate(s2&key[2],1); + + jmp .Ldloop + +.align 16 +.Lddone: + xor @S[2],$t2 + xor @S[3],$t3 + xor @S[0],$t0 + xor @S[1],$t1 + + mov $t2,@S[0] # SwapHalf + mov $t3,@S[1] + mov $t0,@S[2] + mov $t1,@S[3] + + retq +.size _x86_64_Camellia_decrypt,.-_x86_64_Camellia_decrypt +___ + +sub _saveround { +my ($rnd,$key,@T)=@_; +my $bias=int(@T[0])?shift(@T):0; + + if ($#T==3) { + $code.=<<___; + mov @T[1],`$bias+$rnd*8+0`($key) + mov @T[0],`$bias+$rnd*8+4`($key) + mov @T[3],`$bias+$rnd*8+8`($key) + mov @T[2],`$bias+$rnd*8+12`($key) +___ + } else { + $code.=" mov @T[0],`$bias+$rnd*8+0`($key)\n"; + $code.=" mov @T[1],`$bias+$rnd*8+8`($key)\n" if ($#T>=1); + } +} + +sub _loadround { +my ($rnd,$key,@T)=@_; +my $bias=int(@T[0])?shift(@T):0; + +$code.=" mov `$bias+$rnd*8+0`($key),@T[0]\n"; +$code.=" mov `$bias+$rnd*8+8`($key),@T[1]\n" if ($#T>=1); +} + +# shld is very slow on Intel EM64T family. Even on AMD it limits +# instruction decode rate [because it's VectorPath] and consequently +# performance... +sub __rotl128 { +my ($i0,$i1,$rot)=@_; + + if ($rot) { + $code.=<<___; + mov $i0,%r11 + shld \$$rot,$i1,$i0 + shld \$$rot,%r11,$i1 +___ + } +} + +# ... Implementing 128-bit rotate without shld gives 80% better +# performance EM64T, +15% on AMD64 and only ~7% degradation on +# Core2. This is therefore preferred. +sub _rotl128 { +my ($i0,$i1,$rot)=@_; + + if ($rot) { + $code.=<<___; + mov $i0,%r11 + shl \$$rot,$i0 + mov $i1,%r9 + shr \$`64-$rot`,%r9 + shr \$`64-$rot`,%r11 + or %r9,$i0 + shl \$$rot,$i1 + or %r11,$i1 +___ + } +} + +{ my $step=0; + +$code.=<<___; +.globl Camellia_Ekeygen +.type Camellia_Ekeygen,\@function,3 +.align 16 +Camellia_Ekeygen: + push %rbx + push %rbp + push %r13 + push %r14 + push %r15 +.Lkey_prologue: + + mov %rdi,$keyend # put away arguments, keyBitLength + mov %rdx,$out # keyTable + + mov 0(%rsi),@S[0] # load 0-127 bits + mov 4(%rsi),@S[1] + mov 8(%rsi),@S[2] + mov 12(%rsi),@S[3] + + bswap @S[0] + bswap @S[1] + bswap @S[2] + bswap @S[3] +___ + &_saveround (0,$out,@S); # KL<<<0 +$code.=<<___; + cmp \$128,$keyend # check keyBitLength + je .L1st128 + + mov 16(%rsi),@S[0] # load 128-191 bits + mov 20(%rsi),@S[1] + cmp \$192,$keyend + je .L1st192 + mov 24(%rsi),@S[2] # load 192-255 bits + mov 28(%rsi),@S[3] + jmp .L1st256 +.L1st192: + mov @S[0],@S[2] + mov @S[1],@S[3] + not @S[2] + not @S[3] +.L1st256: + bswap @S[0] + bswap @S[1] + bswap @S[2] + bswap @S[3] +___ + &_saveround (4,$out,@S); # temp storage for KR! +$code.=<<___; + xor 0($out),@S[1] # KR^KL + xor 4($out),@S[0] + xor 8($out),@S[3] + xor 12($out),@S[2] + +.L1st128: + lea .LCamellia_SIGMA(%rip),$key + lea .LCamellia_SBOX(%rip),$Tbl + + mov 0($key),$t1 + mov 4($key),$t0 +___ + &Camellia_Feistel($step++); + &Camellia_Feistel($step++); +$code.=<<___; + xor 0($out),@S[1] # ^KL + xor 4($out),@S[0] + xor 8($out),@S[3] + xor 12($out),@S[2] +___ + &Camellia_Feistel($step++); + &Camellia_Feistel($step++); +$code.=<<___; + cmp \$128,$keyend + jne .L2nd256 + + lea 128($out),$out # size optimization + shl \$32,%r8 # @S[0]|| + shl \$32,%r10 # @S[2]|| + or %r9,%r8 # ||@S[1] + or %r11,%r10 # ||@S[3] +___ + &_loadround (0,$out,-128,"%rax","%rbx"); # KL + &_saveround (2,$out,-128,"%r8","%r10"); # KA<<<0 + &_rotl128 ("%rax","%rbx",15); + &_saveround (4,$out,-128,"%rax","%rbx"); # KL<<<15 + &_rotl128 ("%r8","%r10",15); + &_saveround (6,$out,-128,"%r8","%r10"); # KA<<<15 + &_rotl128 ("%r8","%r10",15); # 15+15=30 + &_saveround (8,$out,-128,"%r8","%r10"); # KA<<<30 + &_rotl128 ("%rax","%rbx",30); # 15+30=45 + &_saveround (10,$out,-128,"%rax","%rbx"); # KL<<<45 + &_rotl128 ("%r8","%r10",15); # 30+15=45 + &_saveround (12,$out,-128,"%r8"); # KA<<<45 + &_rotl128 ("%rax","%rbx",15); # 45+15=60 + &_saveround (13,$out,-128,"%rbx"); # KL<<<60 + &_rotl128 ("%r8","%r10",15); # 45+15=60 + &_saveround (14,$out,-128,"%r8","%r10"); # KA<<<60 + &_rotl128 ("%rax","%rbx",17); # 60+17=77 + &_saveround (16,$out,-128,"%rax","%rbx"); # KL<<<77 + &_rotl128 ("%rax","%rbx",17); # 77+17=94 + &_saveround (18,$out,-128,"%rax","%rbx"); # KL<<<94 + &_rotl128 ("%r8","%r10",34); # 60+34=94 + &_saveround (20,$out,-128,"%r8","%r10"); # KA<<<94 + &_rotl128 ("%rax","%rbx",17); # 94+17=111 + &_saveround (22,$out,-128,"%rax","%rbx"); # KL<<<111 + &_rotl128 ("%r8","%r10",17); # 94+17=111 + &_saveround (24,$out,-128,"%r8","%r10"); # KA<<<111 +$code.=<<___; + mov \$3,%eax + jmp .Ldone +.align 16 +.L2nd256: +___ + &_saveround (6,$out,@S); # temp storage for KA! +$code.=<<___; + xor `4*8+0`($out),@S[1] # KA^KR + xor `4*8+4`($out),@S[0] + xor `5*8+0`($out),@S[3] + xor `5*8+4`($out),@S[2] +___ + &Camellia_Feistel($step++); + &Camellia_Feistel($step++); + + &_loadround (0,$out,"%rax","%rbx"); # KL + &_loadround (4,$out,"%rcx","%rdx"); # KR + &_loadround (6,$out,"%r14","%r15"); # KA +$code.=<<___; + lea 128($out),$out # size optimization + shl \$32,%r8 # @S[0]|| + shl \$32,%r10 # @S[2]|| + or %r9,%r8 # ||@S[1] + or %r11,%r10 # ||@S[3] +___ + &_saveround (2,$out,-128,"%r8","%r10"); # KB<<<0 + &_rotl128 ("%rcx","%rdx",15); + &_saveround (4,$out,-128,"%rcx","%rdx"); # KR<<<15 + &_rotl128 ("%r14","%r15",15); + &_saveround (6,$out,-128,"%r14","%r15"); # KA<<<15 + &_rotl128 ("%rcx","%rdx",15); # 15+15=30 + &_saveround (8,$out,-128,"%rcx","%rdx"); # KR<<<30 + &_rotl128 ("%r8","%r10",30); + &_saveround (10,$out,-128,"%r8","%r10"); # KB<<<30 + &_rotl128 ("%rax","%rbx",45); + &_saveround (12,$out,-128,"%rax","%rbx"); # KL<<<45 + &_rotl128 ("%r14","%r15",30); # 15+30=45 + &_saveround (14,$out,-128,"%r14","%r15"); # KA<<<45 + &_rotl128 ("%rax","%rbx",15); # 45+15=60 + &_saveround (16,$out,-128,"%rax","%rbx"); # KL<<<60 + &_rotl128 ("%rcx","%rdx",30); # 30+30=60 + &_saveround (18,$out,-128,"%rcx","%rdx"); # KR<<<60 + &_rotl128 ("%r8","%r10",30); # 30+30=60 + &_saveround (20,$out,-128,"%r8","%r10"); # KB<<<60 + &_rotl128 ("%rax","%rbx",17); # 60+17=77 + &_saveround (22,$out,-128,"%rax","%rbx"); # KL<<<77 + &_rotl128 ("%r14","%r15",32); # 45+32=77 + &_saveround (24,$out,-128,"%r14","%r15"); # KA<<<77 + &_rotl128 ("%rcx","%rdx",34); # 60+34=94 + &_saveround (26,$out,-128,"%rcx","%rdx"); # KR<<<94 + &_rotl128 ("%r14","%r15",17); # 77+17=94 + &_saveround (28,$out,-128,"%r14","%r15"); # KA<<<77 + &_rotl128 ("%rax","%rbx",34); # 77+34=111 + &_saveround (30,$out,-128,"%rax","%rbx"); # KL<<<111 + &_rotl128 ("%r8","%r10",51); # 60+51=111 + &_saveround (32,$out,-128,"%r8","%r10"); # KB<<<111 +$code.=<<___; + mov \$4,%eax +.Ldone: + mov 0(%rsp),%r15 + mov 8(%rsp),%r14 + mov 16(%rsp),%r13 + mov 24(%rsp),%rbp + mov 32(%rsp),%rbx + lea 40(%rsp),%rsp +.Lkey_epilogue: + ret +.size Camellia_Ekeygen,.-Camellia_Ekeygen +___ +} + +@SBOX=( +112,130, 44,236,179, 39,192,229,228,133, 87, 53,234, 12,174, 65, + 35,239,107,147, 69, 25,165, 33,237, 14, 79, 78, 29,101,146,189, +134,184,175,143,124,235, 31,206, 62, 48,220, 95, 94,197, 11, 26, +166,225, 57,202,213, 71, 93, 61,217, 1, 90,214, 81, 86,108, 77, +139, 13,154,102,251,204,176, 45,116, 18, 43, 32,240,177,132,153, +223, 76,203,194, 52,126,118, 5,109,183,169, 49,209, 23, 4,215, + 20, 88, 58, 97,222, 27, 17, 28, 50, 15,156, 22, 83, 24,242, 34, +254, 68,207,178,195,181,122,145, 36, 8,232,168, 96,252,105, 80, +170,208,160,125,161,137, 98,151, 84, 91, 30,149,224,255,100,210, + 16,196, 0, 72,163,247,117,219,138, 3,230,218, 9, 63,221,148, +135, 92,131, 2,205, 74,144, 51,115,103,246,243,157,127,191,226, + 82,155,216, 38,200, 55,198, 59,129,150,111, 75, 19,190, 99, 46, +233,121,167,140,159,110,188,142, 41,245,249,182, 47,253,180, 89, +120,152, 6,106,231, 70,113,186,212, 37,171, 66,136,162,141,250, +114, 7,185, 85,248,238,172, 10, 54, 73, 42,104, 60, 56,241,164, + 64, 40,211,123,187,201, 67,193, 21,227,173,244,119,199,128,158); + +sub S1110 { my $i=shift; $i=@SBOX[$i]; $i=$i<<24|$i<<16|$i<<8; sprintf("0x%08x",$i); } +sub S4404 { my $i=shift; $i=($i<<1|$i>>7)&0xff; $i=@SBOX[$i]; $i=$i<<24|$i<<16|$i; sprintf("0x%08x",$i); } +sub S0222 { my $i=shift; $i=@SBOX[$i]; $i=($i<<1|$i>>7)&0xff; $i=$i<<16|$i<<8|$i; sprintf("0x%08x",$i); } +sub S3033 { my $i=shift; $i=@SBOX[$i]; $i=($i>>1|$i<<7)&0xff; $i=$i<<24|$i<<8|$i; sprintf("0x%08x",$i); } + +$code.=<<___; +.align 64 +.LCamellia_SIGMA: +.long 0x3bcc908b, 0xa09e667f, 0x4caa73b2, 0xb67ae858 +.long 0xe94f82be, 0xc6ef372f, 0xf1d36f1c, 0x54ff53a5 +.long 0xde682d1d, 0x10e527fa, 0xb3e6c1fd, 0xb05688c2 +.long 0, 0, 0, 0 +.LCamellia_SBOX: +___ +# tables are interleaved, remember? +sub data_word { $code.=".long\t".join(',',@_)."\n"; } +for ($i=0;$i<256;$i++) { &data_word(&S1110($i),&S4404($i)); } +for ($i=0;$i<256;$i++) { &data_word(&S0222($i),&S3033($i)); } + +# void Camellia_cbc_encrypt (const void char *inp, unsigned char *out, +# size_t length, const CAMELLIA_KEY *key, +# unsigned char *ivp,const int enc); +{ +$_key="0(%rsp)"; +$_end="8(%rsp)"; # inp+len&~15 +$_res="16(%rsp)"; # len&15 +$ivec="24(%rsp)"; +$_ivp="40(%rsp)"; +$_rsp="48(%rsp)"; + +$code.=<<___; +.globl Camellia_cbc_encrypt +.type Camellia_cbc_encrypt,\@function,6 +.align 16 +Camellia_cbc_encrypt: + cmp \$0,%rdx + je .Lcbc_abort + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 +.Lcbc_prologue: + + mov %rsp,%rbp + sub \$64,%rsp + and \$-64,%rsp + + # place stack frame just "above mod 1024" the key schedule, + # this ensures that cache associativity suffices + lea -64-63(%rcx),%r10 + sub %rsp,%r10 + neg %r10 + and \$0x3C0,%r10 + sub %r10,%rsp + #add \$8,%rsp # 8 is reserved for callee's ra + + mov %rdi,$inp # inp argument + mov %rsi,$out # out argument + mov %r8,%rbx # ivp argument + mov %rcx,$key # key argument + mov 272(%rcx),${keyend}d # grandRounds + + mov %r8,$_ivp + mov %rbp,$_rsp + +.Lcbc_body: + lea .LCamellia_SBOX(%rip),$Tbl + + mov \$32,%ecx +.align 4 +.Lcbc_prefetch_sbox: + mov 0($Tbl),%rax + mov 32($Tbl),%rsi + mov 64($Tbl),%rdi + mov 96($Tbl),%r11 + lea 128($Tbl),$Tbl + loop .Lcbc_prefetch_sbox + sub \$4096,$Tbl + shl \$6,$keyend + mov %rdx,%rcx # len argument + lea ($key,$keyend),$keyend + + cmp \$0,%r9d # enc argument + je .LCBC_DECRYPT + + and \$-16,%rdx + and \$15,%rcx # length residue + lea ($inp,%rdx),%rdx + mov $key,$_key + mov %rdx,$_end + mov %rcx,$_res + + cmp $inp,%rdx + mov 0(%rbx),@S[0] # load IV + mov 4(%rbx),@S[1] + mov 8(%rbx),@S[2] + mov 12(%rbx),@S[3] + je .Lcbc_enc_tail + jmp .Lcbc_eloop + +.align 16 +.Lcbc_eloop: + xor 0($inp),@S[0] + xor 4($inp),@S[1] + xor 8($inp),@S[2] + bswap @S[0] + xor 12($inp),@S[3] + bswap @S[1] + bswap @S[2] + bswap @S[3] + + call _x86_64_Camellia_encrypt + + mov $_key,$key # "rewind" the key + bswap @S[0] + mov $_end,%rdx + bswap @S[1] + mov $_res,%rcx + bswap @S[2] + mov @S[0],0($out) + bswap @S[3] + mov @S[1],4($out) + mov @S[2],8($out) + lea 16($inp),$inp + mov @S[3],12($out) + cmp %rdx,$inp + lea 16($out),$out + jne .Lcbc_eloop + + cmp \$0,%rcx + jne .Lcbc_enc_tail + + mov $_ivp,$out + mov @S[0],0($out) # write out IV residue + mov @S[1],4($out) + mov @S[2],8($out) + mov @S[3],12($out) + jmp .Lcbc_done + +.align 16 +.Lcbc_enc_tail: + xor %rax,%rax + mov %rax,0+$ivec + mov %rax,8+$ivec + mov %rax,$_res + +.Lcbc_enc_pushf: + pushfq + cld + mov $inp,%rsi + lea 8+$ivec,%rdi + .long 0x9066A4F3 # rep movsb + popfq +.Lcbc_enc_popf: + + lea $ivec,$inp + lea 16+$ivec,%rax + mov %rax,$_end + jmp .Lcbc_eloop # one more time + +.align 16 +.LCBC_DECRYPT: + xchg $key,$keyend + add \$15,%rdx + and \$15,%rcx # length residue + and \$-16,%rdx + mov $key,$_key + lea ($inp,%rdx),%rdx + mov %rdx,$_end + mov %rcx,$_res + + mov (%rbx),%rax # load IV + mov 8(%rbx),%rbx + jmp .Lcbc_dloop +.align 16 +.Lcbc_dloop: + mov 0($inp),@S[0] + mov 4($inp),@S[1] + mov 8($inp),@S[2] + bswap @S[0] + mov 12($inp),@S[3] + bswap @S[1] + mov %rax,0+$ivec # save IV to temporary storage + bswap @S[2] + mov %rbx,8+$ivec + bswap @S[3] + + call _x86_64_Camellia_decrypt + + mov $_key,$key # "rewind" the key + mov $_end,%rdx + mov $_res,%rcx + + bswap @S[0] + mov ($inp),%rax # load IV for next iteration + bswap @S[1] + mov 8($inp),%rbx + bswap @S[2] + xor 0+$ivec,@S[0] + bswap @S[3] + xor 4+$ivec,@S[1] + xor 8+$ivec,@S[2] + lea 16($inp),$inp + xor 12+$ivec,@S[3] + cmp %rdx,$inp + je .Lcbc_ddone + + mov @S[0],0($out) + mov @S[1],4($out) + mov @S[2],8($out) + mov @S[3],12($out) + + lea 16($out),$out + jmp .Lcbc_dloop + +.align 16 +.Lcbc_ddone: + mov $_ivp,%rdx + cmp \$0,%rcx + jne .Lcbc_dec_tail + + mov @S[0],0($out) + mov @S[1],4($out) + mov @S[2],8($out) + mov @S[3],12($out) + + mov %rax,(%rdx) # write out IV residue + mov %rbx,8(%rdx) + jmp .Lcbc_done +.align 16 +.Lcbc_dec_tail: + mov @S[0],0+$ivec + mov @S[1],4+$ivec + mov @S[2],8+$ivec + mov @S[3],12+$ivec + +.Lcbc_dec_pushf: + pushfq + cld + lea 8+$ivec,%rsi + lea ($out),%rdi + .long 0x9066A4F3 # rep movsb + popfq +.Lcbc_dec_popf: + + mov %rax,(%rdx) # write out IV residue + mov %rbx,8(%rdx) + jmp .Lcbc_done + +.align 16 +.Lcbc_done: + mov $_rsp,%rcx + mov 0(%rcx),%r15 + mov 8(%rcx),%r14 + mov 16(%rcx),%r13 + mov 24(%rcx),%r12 + mov 32(%rcx),%rbp + mov 40(%rcx),%rbx + lea 48(%rcx),%rsp +.Lcbc_abort: + ret +.size Camellia_cbc_encrypt,.-Camellia_cbc_encrypt + +.asciz "Camellia for x86_64 by " +___ +} + +$code =~ s/\`([^\`]*)\`/eval $1/gem; +print $code; +close STDOUT; diff --git a/src/lib/libcrypto/camellia/camellia.c b/src/lib/libcrypto/camellia/camellia.c new file mode 100644 index 00000000000..5f754ff78b3 --- /dev/null +++ b/src/lib/libcrypto/camellia/camellia.c @@ -0,0 +1,566 @@ +/* $OpenBSD: camellia.c,v 1.11 2016/09/04 14:31:29 jsing Exp $ */ +/* ==================================================================== + * Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) . + * ALL RIGHTS RESERVED. + * + * Intellectual Property information for Camellia: + * http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html + * + * News Release for Announcement of Camellia open source: + * http://www.ntt.co.jp/news/news06e/0604/060413a.html + * + * The Camellia Code included herein is developed by + * NTT (Nippon Telegraph and Telephone Corporation), and is contributed + * to the OpenSSL project. + * + * The Camellia Code is licensed pursuant to the OpenSSL open source + * license provided below. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +/* + * Algorithm Specification + * http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html + */ + +/* + * This release balances code size and performance. In particular key + * schedule setup is fully unrolled, because doing so *significantly* + * reduces amount of instructions per setup round and code increase is + * justifiable. In block functions on the other hand only inner loops + * are unrolled, as full unroll gives only nominal performance boost, + * while code size grows 4 or 7 times. Also, unlike previous versions + * this one "encourages" compiler to keep intermediate variables in + * registers, which should give better "all round" results, in other + * words reasonable performance even with not so modern compilers. + */ + +#include +#include +#include +#include + +#include "cmll_locl.h" + +/* 32-bit rotations */ +#if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) +# if defined(__GNUC__) && __GNUC__>=2 +# if defined(__i386) || defined(__x86_64) +# define RightRotate(x,s) ({u32 ret; asm ("rorl %1,%0":"=r"(ret):"I"(s),"0"(x):"cc"); ret; }) +# define LeftRotate(x,s) ({u32 ret; asm ("roll %1,%0":"=r"(ret):"I"(s),"0"(x):"cc"); ret; }) +# define GETU32(p) ({u32 r=*(const u32 *)(p); asm("bswapl %0":"=r"(r):"0"(r)); r; }) +# define PUTU32(p,v) ({u32 r=(v); asm("bswapl %0":"=r"(r):"0"(r)); *(u32 *)(p)=r; }) +# elif defined(_ARCH_PPC) || defined(_ARCH_PPC64) || \ + defined(__powerpc) || defined(__ppc__) || defined(__powerpc64__) +# define LeftRotate(x,s) ({u32 ret; asm ("rlwinm %0,%1,%2,0,31":"=r"(ret):"r"(x),"I"(s)); ret; }) +# define RightRotate(x,s) LeftRotate(x,(32-s)) +# endif +# endif +#endif + +#if !defined(RightRotate) && !defined(LeftRotate) +# define RightRotate(x, s) ( ((x) >> (s)) + ((x) << (32 - s)) ) +# define LeftRotate(x, s) ( ((x) << (s)) + ((x) >> (32 - s)) ) +#endif + +#if !defined(GETU32) && !defined(PUTU32) +# define GETU32(p) (((u32)(p)[0] << 24) ^ ((u32)(p)[1] << 16) ^ ((u32)(p)[2] << 8) ^ ((u32)(p)[3])) +# define PUTU32(p,v) ((p)[0] = (u8)((v) >> 24), (p)[1] = (u8)((v) >> 16), (p)[2] = (u8)((v) >> 8), (p)[3] = (u8)(v)) +#endif + +/* S-box data */ +#define SBOX1_1110 Camellia_SBOX[0] +#define SBOX4_4404 Camellia_SBOX[1] +#define SBOX2_0222 Camellia_SBOX[2] +#define SBOX3_3033 Camellia_SBOX[3] +static const u32 Camellia_SBOX[][256] = { +{ 0x70707000, 0x82828200, 0x2c2c2c00, 0xececec00, 0xb3b3b300, 0x27272700, + 0xc0c0c000, 0xe5e5e500, 0xe4e4e400, 0x85858500, 0x57575700, 0x35353500, + 0xeaeaea00, 0x0c0c0c00, 0xaeaeae00, 0x41414100, 0x23232300, 0xefefef00, + 0x6b6b6b00, 0x93939300, 0x45454500, 0x19191900, 0xa5a5a500, 0x21212100, + 0xededed00, 0x0e0e0e00, 0x4f4f4f00, 0x4e4e4e00, 0x1d1d1d00, 0x65656500, + 0x92929200, 0xbdbdbd00, 0x86868600, 0xb8b8b800, 0xafafaf00, 0x8f8f8f00, + 0x7c7c7c00, 0xebebeb00, 0x1f1f1f00, 0xcecece00, 0x3e3e3e00, 0x30303000, + 0xdcdcdc00, 0x5f5f5f00, 0x5e5e5e00, 0xc5c5c500, 0x0b0b0b00, 0x1a1a1a00, + 0xa6a6a600, 0xe1e1e100, 0x39393900, 0xcacaca00, 0xd5d5d500, 0x47474700, + 0x5d5d5d00, 0x3d3d3d00, 0xd9d9d900, 0x01010100, 0x5a5a5a00, 0xd6d6d600, + 0x51515100, 0x56565600, 0x6c6c6c00, 0x4d4d4d00, 0x8b8b8b00, 0x0d0d0d00, + 0x9a9a9a00, 0x66666600, 0xfbfbfb00, 0xcccccc00, 0xb0b0b000, 0x2d2d2d00, + 0x74747400, 0x12121200, 0x2b2b2b00, 0x20202000, 0xf0f0f000, 0xb1b1b100, + 0x84848400, 0x99999900, 0xdfdfdf00, 0x4c4c4c00, 0xcbcbcb00, 0xc2c2c200, + 0x34343400, 0x7e7e7e00, 0x76767600, 0x05050500, 0x6d6d6d00, 0xb7b7b700, + 0xa9a9a900, 0x31313100, 0xd1d1d100, 0x17171700, 0x04040400, 0xd7d7d700, + 0x14141400, 0x58585800, 0x3a3a3a00, 0x61616100, 0xdedede00, 0x1b1b1b00, + 0x11111100, 0x1c1c1c00, 0x32323200, 0x0f0f0f00, 0x9c9c9c00, 0x16161600, + 0x53535300, 0x18181800, 0xf2f2f200, 0x22222200, 0xfefefe00, 0x44444400, + 0xcfcfcf00, 0xb2b2b200, 0xc3c3c300, 0xb5b5b500, 0x7a7a7a00, 0x91919100, + 0x24242400, 0x08080800, 0xe8e8e800, 0xa8a8a800, 0x60606000, 0xfcfcfc00, + 0x69696900, 0x50505000, 0xaaaaaa00, 0xd0d0d000, 0xa0a0a000, 0x7d7d7d00, + 0xa1a1a100, 0x89898900, 0x62626200, 0x97979700, 0x54545400, 0x5b5b5b00, + 0x1e1e1e00, 0x95959500, 0xe0e0e000, 0xffffff00, 0x64646400, 0xd2d2d200, + 0x10101000, 0xc4c4c400, 0x00000000, 0x48484800, 0xa3a3a300, 0xf7f7f700, + 0x75757500, 0xdbdbdb00, 0x8a8a8a00, 0x03030300, 0xe6e6e600, 0xdadada00, + 0x09090900, 0x3f3f3f00, 0xdddddd00, 0x94949400, 0x87878700, 0x5c5c5c00, + 0x83838300, 0x02020200, 0xcdcdcd00, 0x4a4a4a00, 0x90909000, 0x33333300, + 0x73737300, 0x67676700, 0xf6f6f600, 0xf3f3f300, 0x9d9d9d00, 0x7f7f7f00, + 0xbfbfbf00, 0xe2e2e200, 0x52525200, 0x9b9b9b00, 0xd8d8d800, 0x26262600, + 0xc8c8c800, 0x37373700, 0xc6c6c600, 0x3b3b3b00, 0x81818100, 0x96969600, + 0x6f6f6f00, 0x4b4b4b00, 0x13131300, 0xbebebe00, 0x63636300, 0x2e2e2e00, + 0xe9e9e900, 0x79797900, 0xa7a7a700, 0x8c8c8c00, 0x9f9f9f00, 0x6e6e6e00, + 0xbcbcbc00, 0x8e8e8e00, 0x29292900, 0xf5f5f500, 0xf9f9f900, 0xb6b6b600, + 0x2f2f2f00, 0xfdfdfd00, 0xb4b4b400, 0x59595900, 0x78787800, 0x98989800, + 0x06060600, 0x6a6a6a00, 0xe7e7e700, 0x46464600, 0x71717100, 0xbababa00, + 0xd4d4d400, 0x25252500, 0xababab00, 0x42424200, 0x88888800, 0xa2a2a200, + 0x8d8d8d00, 0xfafafa00, 0x72727200, 0x07070700, 0xb9b9b900, 0x55555500, + 0xf8f8f800, 0xeeeeee00, 0xacacac00, 0x0a0a0a00, 0x36363600, 0x49494900, + 0x2a2a2a00, 0x68686800, 0x3c3c3c00, 0x38383800, 0xf1f1f100, 0xa4a4a400, + 0x40404000, 0x28282800, 0xd3d3d300, 0x7b7b7b00, 0xbbbbbb00, 0xc9c9c900, + 0x43434300, 0xc1c1c100, 0x15151500, 0xe3e3e300, 0xadadad00, 0xf4f4f400, + 0x77777700, 0xc7c7c700, 0x80808000, 0x9e9e9e00 }, +{ 0x70700070, 0x2c2c002c, 0xb3b300b3, 0xc0c000c0, 0xe4e400e4, 0x57570057, + 0xeaea00ea, 0xaeae00ae, 0x23230023, 0x6b6b006b, 0x45450045, 0xa5a500a5, + 0xeded00ed, 0x4f4f004f, 0x1d1d001d, 0x92920092, 0x86860086, 0xafaf00af, + 0x7c7c007c, 0x1f1f001f, 0x3e3e003e, 0xdcdc00dc, 0x5e5e005e, 0x0b0b000b, + 0xa6a600a6, 0x39390039, 0xd5d500d5, 0x5d5d005d, 0xd9d900d9, 0x5a5a005a, + 0x51510051, 0x6c6c006c, 0x8b8b008b, 0x9a9a009a, 0xfbfb00fb, 0xb0b000b0, + 0x74740074, 0x2b2b002b, 0xf0f000f0, 0x84840084, 0xdfdf00df, 0xcbcb00cb, + 0x34340034, 0x76760076, 0x6d6d006d, 0xa9a900a9, 0xd1d100d1, 0x04040004, + 0x14140014, 0x3a3a003a, 0xdede00de, 0x11110011, 0x32320032, 0x9c9c009c, + 0x53530053, 0xf2f200f2, 0xfefe00fe, 0xcfcf00cf, 0xc3c300c3, 0x7a7a007a, + 0x24240024, 0xe8e800e8, 0x60600060, 0x69690069, 0xaaaa00aa, 0xa0a000a0, + 0xa1a100a1, 0x62620062, 0x54540054, 0x1e1e001e, 0xe0e000e0, 0x64640064, + 0x10100010, 0x00000000, 0xa3a300a3, 0x75750075, 0x8a8a008a, 0xe6e600e6, + 0x09090009, 0xdddd00dd, 0x87870087, 0x83830083, 0xcdcd00cd, 0x90900090, + 0x73730073, 0xf6f600f6, 0x9d9d009d, 0xbfbf00bf, 0x52520052, 0xd8d800d8, + 0xc8c800c8, 0xc6c600c6, 0x81810081, 0x6f6f006f, 0x13130013, 0x63630063, + 0xe9e900e9, 0xa7a700a7, 0x9f9f009f, 0xbcbc00bc, 0x29290029, 0xf9f900f9, + 0x2f2f002f, 0xb4b400b4, 0x78780078, 0x06060006, 0xe7e700e7, 0x71710071, + 0xd4d400d4, 0xabab00ab, 0x88880088, 0x8d8d008d, 0x72720072, 0xb9b900b9, + 0xf8f800f8, 0xacac00ac, 0x36360036, 0x2a2a002a, 0x3c3c003c, 0xf1f100f1, + 0x40400040, 0xd3d300d3, 0xbbbb00bb, 0x43430043, 0x15150015, 0xadad00ad, + 0x77770077, 0x80800080, 0x82820082, 0xecec00ec, 0x27270027, 0xe5e500e5, + 0x85850085, 0x35350035, 0x0c0c000c, 0x41410041, 0xefef00ef, 0x93930093, + 0x19190019, 0x21210021, 0x0e0e000e, 0x4e4e004e, 0x65650065, 0xbdbd00bd, + 0xb8b800b8, 0x8f8f008f, 0xebeb00eb, 0xcece00ce, 0x30300030, 0x5f5f005f, + 0xc5c500c5, 0x1a1a001a, 0xe1e100e1, 0xcaca00ca, 0x47470047, 0x3d3d003d, + 0x01010001, 0xd6d600d6, 0x56560056, 0x4d4d004d, 0x0d0d000d, 0x66660066, + 0xcccc00cc, 0x2d2d002d, 0x12120012, 0x20200020, 0xb1b100b1, 0x99990099, + 0x4c4c004c, 0xc2c200c2, 0x7e7e007e, 0x05050005, 0xb7b700b7, 0x31310031, + 0x17170017, 0xd7d700d7, 0x58580058, 0x61610061, 0x1b1b001b, 0x1c1c001c, + 0x0f0f000f, 0x16160016, 0x18180018, 0x22220022, 0x44440044, 0xb2b200b2, + 0xb5b500b5, 0x91910091, 0x08080008, 0xa8a800a8, 0xfcfc00fc, 0x50500050, + 0xd0d000d0, 0x7d7d007d, 0x89890089, 0x97970097, 0x5b5b005b, 0x95950095, + 0xffff00ff, 0xd2d200d2, 0xc4c400c4, 0x48480048, 0xf7f700f7, 0xdbdb00db, + 0x03030003, 0xdada00da, 0x3f3f003f, 0x94940094, 0x5c5c005c, 0x02020002, + 0x4a4a004a, 0x33330033, 0x67670067, 0xf3f300f3, 0x7f7f007f, 0xe2e200e2, + 0x9b9b009b, 0x26260026, 0x37370037, 0x3b3b003b, 0x96960096, 0x4b4b004b, + 0xbebe00be, 0x2e2e002e, 0x79790079, 0x8c8c008c, 0x6e6e006e, 0x8e8e008e, + 0xf5f500f5, 0xb6b600b6, 0xfdfd00fd, 0x59590059, 0x98980098, 0x6a6a006a, + 0x46460046, 0xbaba00ba, 0x25250025, 0x42420042, 0xa2a200a2, 0xfafa00fa, + 0x07070007, 0x55550055, 0xeeee00ee, 0x0a0a000a, 0x49490049, 0x68680068, + 0x38380038, 0xa4a400a4, 0x28280028, 0x7b7b007b, 0xc9c900c9, 0xc1c100c1, + 0xe3e300e3, 0xf4f400f4, 0xc7c700c7, 0x9e9e009e }, +{ 0x00e0e0e0, 0x00050505, 0x00585858, 0x00d9d9d9, 0x00676767, 0x004e4e4e, + 0x00818181, 0x00cbcbcb, 0x00c9c9c9, 0x000b0b0b, 0x00aeaeae, 0x006a6a6a, + 0x00d5d5d5, 0x00181818, 0x005d5d5d, 0x00828282, 0x00464646, 0x00dfdfdf, + 0x00d6d6d6, 0x00272727, 0x008a8a8a, 0x00323232, 0x004b4b4b, 0x00424242, + 0x00dbdbdb, 0x001c1c1c, 0x009e9e9e, 0x009c9c9c, 0x003a3a3a, 0x00cacaca, + 0x00252525, 0x007b7b7b, 0x000d0d0d, 0x00717171, 0x005f5f5f, 0x001f1f1f, + 0x00f8f8f8, 0x00d7d7d7, 0x003e3e3e, 0x009d9d9d, 0x007c7c7c, 0x00606060, + 0x00b9b9b9, 0x00bebebe, 0x00bcbcbc, 0x008b8b8b, 0x00161616, 0x00343434, + 0x004d4d4d, 0x00c3c3c3, 0x00727272, 0x00959595, 0x00ababab, 0x008e8e8e, + 0x00bababa, 0x007a7a7a, 0x00b3b3b3, 0x00020202, 0x00b4b4b4, 0x00adadad, + 0x00a2a2a2, 0x00acacac, 0x00d8d8d8, 0x009a9a9a, 0x00171717, 0x001a1a1a, + 0x00353535, 0x00cccccc, 0x00f7f7f7, 0x00999999, 0x00616161, 0x005a5a5a, + 0x00e8e8e8, 0x00242424, 0x00565656, 0x00404040, 0x00e1e1e1, 0x00636363, + 0x00090909, 0x00333333, 0x00bfbfbf, 0x00989898, 0x00979797, 0x00858585, + 0x00686868, 0x00fcfcfc, 0x00ececec, 0x000a0a0a, 0x00dadada, 0x006f6f6f, + 0x00535353, 0x00626262, 0x00a3a3a3, 0x002e2e2e, 0x00080808, 0x00afafaf, + 0x00282828, 0x00b0b0b0, 0x00747474, 0x00c2c2c2, 0x00bdbdbd, 0x00363636, + 0x00222222, 0x00383838, 0x00646464, 0x001e1e1e, 0x00393939, 0x002c2c2c, + 0x00a6a6a6, 0x00303030, 0x00e5e5e5, 0x00444444, 0x00fdfdfd, 0x00888888, + 0x009f9f9f, 0x00656565, 0x00878787, 0x006b6b6b, 0x00f4f4f4, 0x00232323, + 0x00484848, 0x00101010, 0x00d1d1d1, 0x00515151, 0x00c0c0c0, 0x00f9f9f9, + 0x00d2d2d2, 0x00a0a0a0, 0x00555555, 0x00a1a1a1, 0x00414141, 0x00fafafa, + 0x00434343, 0x00131313, 0x00c4c4c4, 0x002f2f2f, 0x00a8a8a8, 0x00b6b6b6, + 0x003c3c3c, 0x002b2b2b, 0x00c1c1c1, 0x00ffffff, 0x00c8c8c8, 0x00a5a5a5, + 0x00202020, 0x00898989, 0x00000000, 0x00909090, 0x00474747, 0x00efefef, + 0x00eaeaea, 0x00b7b7b7, 0x00151515, 0x00060606, 0x00cdcdcd, 0x00b5b5b5, + 0x00121212, 0x007e7e7e, 0x00bbbbbb, 0x00292929, 0x000f0f0f, 0x00b8b8b8, + 0x00070707, 0x00040404, 0x009b9b9b, 0x00949494, 0x00212121, 0x00666666, + 0x00e6e6e6, 0x00cecece, 0x00ededed, 0x00e7e7e7, 0x003b3b3b, 0x00fefefe, + 0x007f7f7f, 0x00c5c5c5, 0x00a4a4a4, 0x00373737, 0x00b1b1b1, 0x004c4c4c, + 0x00919191, 0x006e6e6e, 0x008d8d8d, 0x00767676, 0x00030303, 0x002d2d2d, + 0x00dedede, 0x00969696, 0x00262626, 0x007d7d7d, 0x00c6c6c6, 0x005c5c5c, + 0x00d3d3d3, 0x00f2f2f2, 0x004f4f4f, 0x00191919, 0x003f3f3f, 0x00dcdcdc, + 0x00797979, 0x001d1d1d, 0x00525252, 0x00ebebeb, 0x00f3f3f3, 0x006d6d6d, + 0x005e5e5e, 0x00fbfbfb, 0x00696969, 0x00b2b2b2, 0x00f0f0f0, 0x00313131, + 0x000c0c0c, 0x00d4d4d4, 0x00cfcfcf, 0x008c8c8c, 0x00e2e2e2, 0x00757575, + 0x00a9a9a9, 0x004a4a4a, 0x00575757, 0x00848484, 0x00111111, 0x00454545, + 0x001b1b1b, 0x00f5f5f5, 0x00e4e4e4, 0x000e0e0e, 0x00737373, 0x00aaaaaa, + 0x00f1f1f1, 0x00dddddd, 0x00595959, 0x00141414, 0x006c6c6c, 0x00929292, + 0x00545454, 0x00d0d0d0, 0x00787878, 0x00707070, 0x00e3e3e3, 0x00494949, + 0x00808080, 0x00505050, 0x00a7a7a7, 0x00f6f6f6, 0x00777777, 0x00939393, + 0x00868686, 0x00838383, 0x002a2a2a, 0x00c7c7c7, 0x005b5b5b, 0x00e9e9e9, + 0x00eeeeee, 0x008f8f8f, 0x00010101, 0x003d3d3d }, +{ 0x38003838, 0x41004141, 0x16001616, 0x76007676, 0xd900d9d9, 0x93009393, + 0x60006060, 0xf200f2f2, 0x72007272, 0xc200c2c2, 0xab00abab, 0x9a009a9a, + 0x75007575, 0x06000606, 0x57005757, 0xa000a0a0, 0x91009191, 0xf700f7f7, + 0xb500b5b5, 0xc900c9c9, 0xa200a2a2, 0x8c008c8c, 0xd200d2d2, 0x90009090, + 0xf600f6f6, 0x07000707, 0xa700a7a7, 0x27002727, 0x8e008e8e, 0xb200b2b2, + 0x49004949, 0xde00dede, 0x43004343, 0x5c005c5c, 0xd700d7d7, 0xc700c7c7, + 0x3e003e3e, 0xf500f5f5, 0x8f008f8f, 0x67006767, 0x1f001f1f, 0x18001818, + 0x6e006e6e, 0xaf00afaf, 0x2f002f2f, 0xe200e2e2, 0x85008585, 0x0d000d0d, + 0x53005353, 0xf000f0f0, 0x9c009c9c, 0x65006565, 0xea00eaea, 0xa300a3a3, + 0xae00aeae, 0x9e009e9e, 0xec00ecec, 0x80008080, 0x2d002d2d, 0x6b006b6b, + 0xa800a8a8, 0x2b002b2b, 0x36003636, 0xa600a6a6, 0xc500c5c5, 0x86008686, + 0x4d004d4d, 0x33003333, 0xfd00fdfd, 0x66006666, 0x58005858, 0x96009696, + 0x3a003a3a, 0x09000909, 0x95009595, 0x10001010, 0x78007878, 0xd800d8d8, + 0x42004242, 0xcc00cccc, 0xef00efef, 0x26002626, 0xe500e5e5, 0x61006161, + 0x1a001a1a, 0x3f003f3f, 0x3b003b3b, 0x82008282, 0xb600b6b6, 0xdb00dbdb, + 0xd400d4d4, 0x98009898, 0xe800e8e8, 0x8b008b8b, 0x02000202, 0xeb00ebeb, + 0x0a000a0a, 0x2c002c2c, 0x1d001d1d, 0xb000b0b0, 0x6f006f6f, 0x8d008d8d, + 0x88008888, 0x0e000e0e, 0x19001919, 0x87008787, 0x4e004e4e, 0x0b000b0b, + 0xa900a9a9, 0x0c000c0c, 0x79007979, 0x11001111, 0x7f007f7f, 0x22002222, + 0xe700e7e7, 0x59005959, 0xe100e1e1, 0xda00dada, 0x3d003d3d, 0xc800c8c8, + 0x12001212, 0x04000404, 0x74007474, 0x54005454, 0x30003030, 0x7e007e7e, + 0xb400b4b4, 0x28002828, 0x55005555, 0x68006868, 0x50005050, 0xbe00bebe, + 0xd000d0d0, 0xc400c4c4, 0x31003131, 0xcb00cbcb, 0x2a002a2a, 0xad00adad, + 0x0f000f0f, 0xca00caca, 0x70007070, 0xff00ffff, 0x32003232, 0x69006969, + 0x08000808, 0x62006262, 0x00000000, 0x24002424, 0xd100d1d1, 0xfb00fbfb, + 0xba00baba, 0xed00eded, 0x45004545, 0x81008181, 0x73007373, 0x6d006d6d, + 0x84008484, 0x9f009f9f, 0xee00eeee, 0x4a004a4a, 0xc300c3c3, 0x2e002e2e, + 0xc100c1c1, 0x01000101, 0xe600e6e6, 0x25002525, 0x48004848, 0x99009999, + 0xb900b9b9, 0xb300b3b3, 0x7b007b7b, 0xf900f9f9, 0xce00cece, 0xbf00bfbf, + 0xdf00dfdf, 0x71007171, 0x29002929, 0xcd00cdcd, 0x6c006c6c, 0x13001313, + 0x64006464, 0x9b009b9b, 0x63006363, 0x9d009d9d, 0xc000c0c0, 0x4b004b4b, + 0xb700b7b7, 0xa500a5a5, 0x89008989, 0x5f005f5f, 0xb100b1b1, 0x17001717, + 0xf400f4f4, 0xbc00bcbc, 0xd300d3d3, 0x46004646, 0xcf00cfcf, 0x37003737, + 0x5e005e5e, 0x47004747, 0x94009494, 0xfa00fafa, 0xfc00fcfc, 0x5b005b5b, + 0x97009797, 0xfe00fefe, 0x5a005a5a, 0xac00acac, 0x3c003c3c, 0x4c004c4c, + 0x03000303, 0x35003535, 0xf300f3f3, 0x23002323, 0xb800b8b8, 0x5d005d5d, + 0x6a006a6a, 0x92009292, 0xd500d5d5, 0x21002121, 0x44004444, 0x51005151, + 0xc600c6c6, 0x7d007d7d, 0x39003939, 0x83008383, 0xdc00dcdc, 0xaa00aaaa, + 0x7c007c7c, 0x77007777, 0x56005656, 0x05000505, 0x1b001b1b, 0xa400a4a4, + 0x15001515, 0x34003434, 0x1e001e1e, 0x1c001c1c, 0xf800f8f8, 0x52005252, + 0x20002020, 0x14001414, 0xe900e9e9, 0xbd00bdbd, 0xdd00dddd, 0xe400e4e4, + 0xa100a1a1, 0xe000e0e0, 0x8a008a8a, 0xf100f1f1, 0xd600d6d6, 0x7a007a7a, + 0xbb00bbbb, 0xe300e3e3, 0x40004040, 0x4f004f4f } +}; + +/* Key generation constants */ +static const u32 SIGMA[] = { + 0xa09e667f, 0x3bcc908b, 0xb67ae858, 0x4caa73b2, 0xc6ef372f, 0xe94f82be, + 0x54ff53a5, 0xf1d36f1c, 0x10e527fa, 0xde682d1d, 0xb05688c2, 0xb3e6c1fd +}; + +/* The phi algorithm given in C.2.7 of the Camellia spec document. */ +/* + * This version does not attempt to minimize amount of temporary + * variables, but instead explicitly exposes algorithm's parallelism. + * It is therefore most appropriate for platforms with not less than + * ~16 registers. For platforms with fewer registers [well, x86 to be + * specific] assembler version should be/is provided anyway... + */ +#define Camellia_Feistel(_s0,_s1,_s2,_s3,_key) \ +do { \ + u32 _t0, _t1, _t2, _t3; \ + _t0 = _s0 ^ (_key)[0]; \ + _t3 = SBOX4_4404[_t0 & 0xff]; \ + _t1 = _s1 ^ (_key)[1]; \ + _t3 ^= SBOX3_3033[(_t0 >> 8) & 0xff]; \ + _t2 = SBOX1_1110[_t1 & 0xff]; \ + _t3 ^= SBOX2_0222[(_t0 >> 16) & 0xff]; \ + _t2 ^= SBOX4_4404[(_t1 >> 8) & 0xff]; \ + _t3 ^= SBOX1_1110[(_t0 >> 24)]; \ + _t2 ^= _t3; \ + _t3 = RightRotate(_t3, 8); \ + _t2 ^= SBOX3_3033[(_t1 >> 16) & 0xff]; \ + _s3 ^= _t3; \ + _t2 ^= SBOX2_0222[(_t1 >> 24)]; \ + _s2 ^= _t2; \ + _s3 ^= _t2; \ +} while(0) + +/* + * Note that n has to be less than 32. Rotations for larger amount + * of bits are achieved by "rotating" order of s-elements and + * adjusting n accordingly, e.g. RotLeft128(s1, s2, s3, s0, n - 32). + */ +#define RotLeft128(_s0, _s1, _s2, _s3, _n) \ +do { \ + u32 _t0 = _s0 >> (32 - _n); \ + _s0 = (_s0 << _n) | (_s1 >> (32 - _n)); \ + _s1 = (_s1 << _n) | (_s2 >> (32 - _n)); \ + _s2 = (_s2 << _n) | (_s3 >> (32 - _n)); \ + _s3 = (_s3 << _n) | _t0; \ +} while (0) + +int +Camellia_Ekeygen(int keyBitLength, const u8 *rawKey, KEY_TABLE_TYPE k) +{ + u32 s0, s1, s2, s3; + + k[0] = s0 = GETU32(rawKey); + k[1] = s1 = GETU32(rawKey + 4); + k[2] = s2 = GETU32(rawKey + 8); + k[3] = s3 = GETU32(rawKey + 12); + + if (keyBitLength != 128) { + k[8] = s0 = GETU32(rawKey + 16); + k[9] = s1 = GETU32(rawKey + 20); + if (keyBitLength == 192) { + k[10] = s2 = ~s0; + k[11] = s3 = ~s1; + } else { + k[10] = s2 = GETU32(rawKey + 24); + k[11] = s3 = GETU32(rawKey + 28); + } + s0 ^= k[0], s1 ^= k[1], s2 ^= k[2], s3 ^= k[3]; + } + + /* Use the Feistel routine to scramble the key material */ + Camellia_Feistel(s0, s1, s2, s3, SIGMA + 0); + Camellia_Feistel(s2, s3, s0, s1, SIGMA + 2); + + s0 ^= k[0], s1 ^= k[1], s2 ^= k[2], s3 ^= k[3]; + Camellia_Feistel(s0, s1, s2, s3, SIGMA + 4); + Camellia_Feistel(s2, s3, s0, s1, SIGMA + 6); + + /* Fill the keyTable. Requires many block rotations. */ + if (keyBitLength == 128) { + k[ 4] = s0, k[ 5] = s1, k[ 6] = s2, k[ 7] = s3; + RotLeft128(s0, s1, s2, s3, 15); /* KA <<< 15 */ + k[12] = s0, k[13] = s1, k[14] = s2, k[15] = s3; + RotLeft128(s0, s1, s2, s3, 15); /* KA <<< 30 */ + k[16] = s0, k[17] = s1, k[18] = s2, k[19] = s3; + RotLeft128(s0, s1, s2, s3, 15); /* KA <<< 45 */ + k[24] = s0, k[25] = s1; + RotLeft128(s0, s1, s2, s3, 15); /* KA <<< 60 */ + k[28] = s0, k[29] = s1, k[30] = s2, k[31] = s3; + RotLeft128(s1, s2, s3, s0, 2); /* KA <<< 94 */ + k[40] = s1, k[41] = s2, k[42] = s3, k[43] = s0; + RotLeft128(s1, s2, s3, s0, 17); /* KA <<<111 */ + k[48] = s1, k[49] = s2, k[50] = s3, k[51] = s0; + + s0 = k[ 0], s1 = k[ 1], s2 = k[ 2], s3 = k[ 3]; + RotLeft128(s0, s1, s2, s3, 15); /* KL <<< 15 */ + k[ 8] = s0, k[ 9] = s1, k[10] = s2, k[11] = s3; + RotLeft128(s0, s1, s2, s3, 30); /* KL <<< 45 */ + k[20] = s0, k[21] = s1, k[22] = s2, k[23] = s3; + RotLeft128(s0, s1, s2, s3, 15); /* KL <<< 60 */ + k[26] = s2, k[27] = s3; + RotLeft128(s0, s1, s2, s3, 17); /* KL <<< 77 */ + k[32] = s0, k[33] = s1, k[34] = s2, k[35] = s3; + RotLeft128(s0, s1, s2, s3, 17); /* KL <<< 94 */ + k[36] = s0, k[37] = s1, k[38] = s2, k[39] = s3; + RotLeft128(s0, s1, s2, s3, 17); /* KL <<<111 */ + k[44] = s0, k[45] = s1, k[46] = s2, k[47] = s3; + + return 3; /* grand rounds */ + } else { + k[12] = s0, k[13] = s1, k[14] = s2, k[15] = s3; + s0 ^= k[8], s1 ^= k[9], s2 ^=k[10], s3 ^=k[11]; + Camellia_Feistel(s0, s1, s2, s3, (SIGMA + 8)); + Camellia_Feistel(s2, s3, s0, s1, (SIGMA + 10)); + + k[ 4] = s0, k[ 5] = s1, k[ 6] = s2, k[ 7] = s3; + RotLeft128(s0, s1, s2, s3, 30); /* KB <<< 30 */ + k[20] = s0, k[21] = s1, k[22] = s2, k[23] = s3; + RotLeft128(s0, s1, s2, s3, 30); /* KB <<< 60 */ + k[40] = s0, k[41] = s1, k[42] = s2, k[43] = s3; + RotLeft128(s1, s2, s3, s0, 19); /* KB <<<111 */ + k[64] = s1, k[65] = s2, k[66] = s3, k[67] = s0; + + s0 = k[ 8], s1 = k[ 9], s2 = k[10], s3 = k[11]; + RotLeft128(s0, s1, s2, s3, 15); /* KR <<< 15 */ + k[ 8] = s0, k[ 9] = s1, k[10] = s2, k[11] = s3; + RotLeft128(s0, s1, s2, s3, 15); /* KR <<< 30 */ + k[16] = s0, k[17] = s1, k[18] = s2, k[19] = s3; + RotLeft128(s0, s1, s2, s3, 30); /* KR <<< 60 */ + k[36] = s0, k[37] = s1, k[38] = s2, k[39] = s3; + RotLeft128(s1, s2, s3, s0, 2); /* KR <<< 94 */ + k[52] = s1, k[53] = s2, k[54] = s3, k[55] = s0; + + s0 = k[12], s1 = k[13], s2 = k[14], s3 = k[15]; + RotLeft128(s0, s1, s2, s3, 15); /* KA <<< 15 */ + k[12] = s0, k[13] = s1, k[14] = s2, k[15] = s3; + RotLeft128(s0, s1, s2, s3, 30); /* KA <<< 45 */ + k[28] = s0, k[29] = s1, k[30] = s2, k[31] = s3; + /* KA <<< 77 */ + k[48] = s1, k[49] = s2, k[50] = s3, k[51] = s0; + RotLeft128(s1, s2, s3, s0, 17); /* KA <<< 94 */ + k[56] = s1, k[57] = s2, k[58] = s3, k[59] = s0; + + s0 = k[ 0], s1 = k[ 1], s2 = k[ 2], s3 = k[ 3]; + RotLeft128(s1, s2, s3, s0, 13); /* KL <<< 45 */ + k[24] = s1, k[25] = s2, k[26] = s3, k[27] = s0; + RotLeft128(s1, s2, s3, s0, 15); /* KL <<< 60 */ + k[32] = s1, k[33] = s2, k[34] = s3, k[35] = s0; + RotLeft128(s1, s2, s3, s0, 17); /* KL <<< 77 */ + k[44] = s1, k[45] = s2, k[46] = s3, k[47] = s0; + RotLeft128(s2, s3, s0, s1, 2); /* KL <<<111 */ + k[60] = s2, k[61] = s3, k[62] = s0, k[63] = s1; + + return 4; /* grand rounds */ + } + /* + * It is possible to perform certain precalculations, which + * would spare few cycles in block procedure. It's not done, + * because it upsets the performance balance between key + * setup and block procedures, negatively affecting overall + * throughput in applications operating on short messages + * and volatile keys. + */ +} + +void +Camellia_EncryptBlock_Rounds(int grandRounds, const u8 plaintext[], + const KEY_TABLE_TYPE keyTable, u8 ciphertext[]) +{ + u32 s0, s1, s2, s3; + const u32 *k = keyTable, *kend = keyTable + grandRounds * 16; + + s0 = GETU32(plaintext) ^ k[0]; + s1 = GETU32(plaintext + 4) ^ k[1]; + s2 = GETU32(plaintext + 8) ^ k[2]; + s3 = GETU32(plaintext + 12) ^ k[3]; + k += 4; + + while (1) { + /* Camellia makes 6 Feistel rounds */ + Camellia_Feistel(s0, s1, s2, s3, k + 0); + Camellia_Feistel(s2, s3, s0, s1, k + 2); + Camellia_Feistel(s0, s1, s2, s3, k + 4); + Camellia_Feistel(s2, s3, s0, s1, k + 6); + Camellia_Feistel(s0, s1, s2, s3, k + 8); + Camellia_Feistel(s2, s3, s0, s1, k + 10); + k += 12; + + if (k == kend) + break; + + /* This is the same function as the diffusion function D + * of the accompanying documentation. See section 3.2 + * for properties of the FLlayer function. */ + s1 ^= LeftRotate(s0 & k[0], 1); + s2 ^= s3 | k[3]; + s0 ^= s1 | k[1]; + s3 ^= LeftRotate(s2 & k[2], 1); + k += 4; + } + + s2 ^= k[0], s3 ^= k[1], s0 ^= k[2], s1 ^= k[3]; + + PUTU32(ciphertext, s2); + PUTU32(ciphertext + 4, s3); + PUTU32(ciphertext + 8, s0); + PUTU32(ciphertext + 12, s1); +} + +void +Camellia_EncryptBlock(int keyBitLength, const u8 plaintext[], + const KEY_TABLE_TYPE keyTable, u8 ciphertext[]) +{ + Camellia_EncryptBlock_Rounds(keyBitLength == 128 ? 3 : 4, + plaintext, keyTable, ciphertext); +} + +void +Camellia_DecryptBlock_Rounds(int grandRounds, const u8 ciphertext[], + const KEY_TABLE_TYPE keyTable, u8 plaintext[]) +{ + u32 s0, s1, s2, s3; + const u32 *k = keyTable+grandRounds * 16, *kend = keyTable+4; + + s0 = GETU32(ciphertext) ^ k[0]; + s1 = GETU32(ciphertext+4) ^ k[1]; + s2 = GETU32(ciphertext+8) ^ k[2]; + s3 = GETU32(ciphertext+12) ^ k[3]; + + while (1) { + /* Camellia makes 6 Feistel rounds */ + k -= 12; + Camellia_Feistel(s0, s1, s2, s3, k+10); + Camellia_Feistel(s2, s3, s0, s1, k+8); + Camellia_Feistel(s0, s1, s2, s3, k+6); + Camellia_Feistel(s2, s3, s0, s1, k+4); + Camellia_Feistel(s0, s1, s2, s3, k+2); + Camellia_Feistel(s2, s3, s0, s1, k+0); + + if (k == kend) + break; + + /* This is the same function as the diffusion function D + * of the accompanying documentation. See section 3.2 + * for properties of the FLlayer function. */ + k -= 4; + s1 ^= LeftRotate(s0 & k[2], 1); + s2 ^= s3 | k[1]; + s0 ^= s1 | k[3]; + s3 ^= LeftRotate(s2 & k[0], 1); + } + + k -= 4; + s2 ^= k[0], s3 ^= k[1], s0 ^= k[2], s1 ^= k[3]; + + PUTU32(plaintext, s2); + PUTU32(plaintext+4, s3); + PUTU32(plaintext+8, s0); + PUTU32(plaintext+12, s1); +} + +void +Camellia_DecryptBlock(int keyBitLength, const u8 plaintext[], + const KEY_TABLE_TYPE keyTable, u8 ciphertext[]) +{ + Camellia_DecryptBlock_Rounds(keyBitLength == 128 ? 3 : 4, + plaintext, keyTable, ciphertext); +} diff --git a/src/lib/libcrypto/camellia/camellia.h b/src/lib/libcrypto/camellia/camellia.h new file mode 100644 index 00000000000..b9b5f792b1e --- /dev/null +++ b/src/lib/libcrypto/camellia/camellia.h @@ -0,0 +1,125 @@ +/* $OpenBSD: camellia.h,v 1.5 2014/11/13 20:01:58 miod Exp $ */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ + +#ifndef HEADER_CAMELLIA_H +#define HEADER_CAMELLIA_H + +#include + +#ifdef OPENSSL_NO_CAMELLIA +#error CAMELLIA is disabled. +#endif + +#include + +#define CAMELLIA_ENCRYPT 1 +#define CAMELLIA_DECRYPT 0 + +/* Because array size can't be a const in C, the following two are macros. + Both sizes are in bytes. */ + +#ifdef __cplusplus +extern "C" { +#endif + +/* This should be a hidden type, but EVP requires that the size be known */ + +#define CAMELLIA_BLOCK_SIZE 16 +#define CAMELLIA_TABLE_BYTE_LEN 272 +#define CAMELLIA_TABLE_WORD_LEN (CAMELLIA_TABLE_BYTE_LEN / 4) + +typedef unsigned int KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN]; /* to match with WORD */ + +struct camellia_key_st { + union { + double d; /* ensures 64-bit align */ + KEY_TABLE_TYPE rd_key; + } u; + int grand_rounds; +}; +typedef struct camellia_key_st CAMELLIA_KEY; + +int Camellia_set_key(const unsigned char *userKey, const int bits, + CAMELLIA_KEY *key); + +void Camellia_encrypt(const unsigned char *in, unsigned char *out, + const CAMELLIA_KEY *key); +void Camellia_decrypt(const unsigned char *in, unsigned char *out, + const CAMELLIA_KEY *key); + +void Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out, + const CAMELLIA_KEY *key, const int enc); +void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char *ivec, const int enc); +void Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char *ivec, int *num, const int enc); +void Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char *ivec, int *num, const int enc); +void Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char *ivec, int *num, const int enc); +void Camellia_ofb128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char *ivec, int *num); +void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char ivec[CAMELLIA_BLOCK_SIZE], + unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE], + unsigned int *num); + +#ifdef __cplusplus +} +#endif + +#endif /* !HEADER_Camellia_H */ diff --git a/src/lib/libcrypto/camellia/cmll_cbc.c b/src/lib/libcrypto/camellia/cmll_cbc.c new file mode 100644 index 00000000000..6567e5deb6c --- /dev/null +++ b/src/lib/libcrypto/camellia/cmll_cbc.c @@ -0,0 +1,65 @@ +/* $OpenBSD: cmll_cbc.c,v 1.4 2014/11/13 20:01:58 miod Exp $ */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ + +#include +#include + +void +Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out, size_t len, + const CAMELLIA_KEY *key, unsigned char *ivec, const int enc) +{ + if (enc) + CRYPTO_cbc128_encrypt(in, out, len, key, ivec, + (block128_f)Camellia_encrypt); + else + CRYPTO_cbc128_decrypt(in, out, len, key, ivec, + (block128_f)Camellia_decrypt); +} diff --git a/src/lib/libcrypto/camellia/cmll_cfb.c b/src/lib/libcrypto/camellia/cmll_cfb.c new file mode 100644 index 00000000000..755ab9f8bf2 --- /dev/null +++ b/src/lib/libcrypto/camellia/cmll_cfb.c @@ -0,0 +1,144 @@ +/* $OpenBSD: cmll_cfb.c,v 1.4 2014/11/13 20:01:58 miod Exp $ */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include + + +/* + * The input and output encrypted as though 128bit cfb mode is being + * used. The extra state information to record how much of the + * 128bit block we have used is contained in *num; + */ + +void +Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, unsigned char *ivec, int *num, + const int enc) +{ + CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc, + (block128_f)Camellia_encrypt); +} + +/* N.B. This expects the input to be packed, MS bit first */ +void +Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, unsigned char *ivec, int *num, + const int enc) +{ + CRYPTO_cfb128_1_encrypt(in, out, length, key, ivec, num, enc, + (block128_f)Camellia_encrypt); +} + +void +Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, unsigned char *ivec, int *num, + const int enc) +{ + CRYPTO_cfb128_8_encrypt(in, out, length, key, ivec, num, enc, + (block128_f)Camellia_encrypt); +} diff --git a/src/lib/libcrypto/camellia/cmll_ctr.c b/src/lib/libcrypto/camellia/cmll_ctr.c new file mode 100644 index 00000000000..59a351ee1b8 --- /dev/null +++ b/src/lib/libcrypto/camellia/cmll_ctr.c @@ -0,0 +1,63 @@ +/* $OpenBSD: cmll_ctr.c,v 1.4 2014/11/13 20:01:58 miod Exp $ */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ + +#include +#include + +void +Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, + unsigned char ivec[CAMELLIA_BLOCK_SIZE], + unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE], unsigned int *num) +{ + CRYPTO_ctr128_encrypt(in, out, length, key, ivec, ecount_buf, num, + (block128_f)Camellia_encrypt); +} diff --git a/src/lib/libcrypto/camellia/cmll_ecb.c b/src/lib/libcrypto/camellia/cmll_ecb.c new file mode 100644 index 00000000000..1a654452027 --- /dev/null +++ b/src/lib/libcrypto/camellia/cmll_ecb.c @@ -0,0 +1,63 @@ +/* $OpenBSD: cmll_ecb.c,v 1.4 2014/11/13 20:01:58 miod Exp $ */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ + +#include +#include "cmll_locl.h" + +void +Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out, + const CAMELLIA_KEY *key, const int enc) +{ + if (CAMELLIA_ENCRYPT == enc) + Camellia_encrypt(in, out, key); + else + Camellia_decrypt(in, out, key); +} diff --git a/src/lib/libcrypto/camellia/cmll_locl.h b/src/lib/libcrypto/camellia/cmll_locl.h new file mode 100644 index 00000000000..325b6e2d6fa --- /dev/null +++ b/src/lib/libcrypto/camellia/cmll_locl.h @@ -0,0 +1,89 @@ +/* $OpenBSD: cmll_locl.h,v 1.6 2016/12/21 15:49:29 jsing Exp $ */ +/* ==================================================================== + * Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) . + * ALL RIGHTS RESERVED. + * + * Intellectual Property information for Camellia: + * http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html + * + * News Release for Announcement of Camellia open source: + * http://www.ntt.co.jp/news/news06e/0604/060413a.html + * + * The Camellia Code included herein is developed by + * NTT (Nippon Telegraph and Telephone Corporation), and is contributed + * to the OpenSSL project. + * + * The Camellia Code is licensed pursuant to the OpenSSL open source + * license provided below. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#ifndef HEADER_CAMELLIA_LOCL_H +#define HEADER_CAMELLIA_LOCL_H + +__BEGIN_HIDDEN_DECLS + +typedef unsigned int u32; +typedef unsigned char u8; + +int Camellia_Ekeygen(int keyBitLength, const u8 *rawKey, + KEY_TABLE_TYPE keyTable); +void Camellia_EncryptBlock_Rounds(int grandRounds, const u8 plaintext[], + const KEY_TABLE_TYPE keyTable, u8 ciphertext[]); +void Camellia_DecryptBlock_Rounds(int grandRounds, const u8 ciphertext[], + const KEY_TABLE_TYPE keyTable, u8 plaintext[]); +void Camellia_EncryptBlock(int keyBitLength, const u8 plaintext[], + const KEY_TABLE_TYPE keyTable, u8 ciphertext[]); +void Camellia_DecryptBlock(int keyBitLength, const u8 ciphertext[], + const KEY_TABLE_TYPE keyTable, u8 plaintext[]); + +__END_HIDDEN_DECLS + +#endif /* #ifndef HEADER_CAMELLIA_LOCL_H */ diff --git a/src/lib/libcrypto/camellia/cmll_misc.c b/src/lib/libcrypto/camellia/cmll_misc.c new file mode 100644 index 00000000000..2fa61dc6378 --- /dev/null +++ b/src/lib/libcrypto/camellia/cmll_misc.c @@ -0,0 +1,81 @@ +/* $OpenBSD: cmll_misc.c,v 1.6 2014/11/13 20:01:58 miod Exp $ */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ + +#include +#include +#include +#include "cmll_locl.h" + +int +Camellia_set_key(const unsigned char *userKey, const int bits, + CAMELLIA_KEY *key) +{ + if (userKey == NULL || key == NULL) + return -1; + if (bits != 128 && bits != 192 && bits != 256) + return -2; + key->grand_rounds = Camellia_Ekeygen(bits, userKey, key->u.rd_key); + return 0; +} + +void +Camellia_encrypt(const unsigned char *in, unsigned char *out, + const CAMELLIA_KEY *key) +{ + Camellia_EncryptBlock_Rounds(key->grand_rounds, in, key->u.rd_key, out); +} + +void +Camellia_decrypt(const unsigned char *in, unsigned char *out, + const CAMELLIA_KEY *key) +{ + Camellia_DecryptBlock_Rounds(key->grand_rounds, in, key->u.rd_key, out); +} diff --git a/src/lib/libcrypto/camellia/cmll_ofb.c b/src/lib/libcrypto/camellia/cmll_ofb.c new file mode 100644 index 00000000000..cd3a65e2fad --- /dev/null +++ b/src/lib/libcrypto/camellia/cmll_ofb.c @@ -0,0 +1,122 @@ +/* $OpenBSD: cmll_ofb.c,v 1.4 2014/11/13 20:01:58 miod Exp $ */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include + +/* + * The input and output encrypted as though 128bit ofb mode is being + * used. The extra state information to record how much of the + * 128bit block we have used is contained in *num; + */ +void +Camellia_ofb128_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const CAMELLIA_KEY *key, unsigned char *ivec, int *num) +{ + CRYPTO_ofb128_encrypt(in, out, length, key, ivec, num, + (block128_f)Camellia_encrypt); +} diff --git a/src/lib/libcrypto/cast/Makefile.ssl b/src/lib/libcrypto/cast/Makefile.ssl deleted file mode 100644 index a52217a6f76..00000000000 --- a/src/lib/libcrypto/cast/Makefile.ssl +++ /dev/null @@ -1,125 +0,0 @@ -# -# SSLeay/crypto/cast/Makefile -# - -DIR= cast -TOP= ../.. -CC= cc -CPP= $(CC) -E -INCLUDES= -CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKE= make -f Makefile.ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) -MAKEFILE= Makefile.ssl -AR= ar r - -CAST_ENC=c_enc.o -# or use -#CAST_ENC=asm/cx86-elf.o -#CAST_ENC=asm/cx86-out.o -#CAST_ENC=asm/cx86-sol.o -#CAST_ENC=asm/cx86bdsi.o - -CFLAGS= $(INCLUDES) $(CFLAG) - -GENERAL=Makefile -TEST=casttest.c -APPS= - -LIB=$(TOP)/libcrypto.a -LIBSRC=c_skey.c c_ecb.c c_enc.c c_cfb64.c c_ofb64.c -LIBOBJ=c_skey.o c_ecb.o $(CAST_ENC) c_cfb64.o c_ofb64.o - -SRC= $(LIBSRC) - -EXHEADER= cast.h -HEADER= cast_s.h cast_lcl.h $(EXHEADER) - -ALL= $(GENERAL) $(SRC) $(HEADER) - -top: - (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) - -all: lib - -lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) || echo Never mind. - @touch lib - -# elf -asm/cx86-elf.o: asm/cx86unix.cpp - $(CPP) -DELF -x c asm/cx86unix.cpp | as -o asm/cx86-elf.o - -# solaris -asm/cx86-sol.o: asm/cx86unix.cpp - $(CC) -E -DSOL asm/cx86unix.cpp | sed 's/^#.*//' > asm/cx86-sol.s - as -o asm/cx86-sol.o asm/cx86-sol.s - rm -f asm/cx86-sol.s - -# a.out -asm/cx86-out.o: asm/cx86unix.cpp - $(CPP) -DOUT asm/cx86unix.cpp | as -o asm/cx86-out.o - -# bsdi -asm/cx86bsdi.o: asm/cx86unix.cpp - $(CPP) -DBSDI asm/cx86unix.cpp | sed 's/ :/:/' | as -o asm/cx86bsdi.o - -asm/cx86unix.cpp: asm/cast-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) cast-586.pl cpp $(PROCESSOR) >cx86unix.cpp) - -files: - $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO - -links: - @sh $(TOP)/util/point.sh Makefile.ssl Makefile - @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) - @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) - @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) - -install: - @for i in $(EXHEADER) ; \ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; - -tags: - ctags $(SRC) - -tests: - -lint: - lint -DLINT $(INCLUDES) $(SRC)>fluff - -depend: - $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) - -dclean: - $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new - mv -f Makefile.new $(MAKEFILE) - -clean: - rm -f asm/cx86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff - -# DO NOT DELETE THIS LINE -- make depend depends on it. - -c_cfb64.o: ../../e_os.h ../../include/openssl/cast.h -c_cfb64.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h -c_cfb64.o: c_cfb64.c cast_lcl.h -c_ecb.o: ../../e_os.h ../../include/openssl/cast.h -c_ecb.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h -c_ecb.o: ../../include/openssl/opensslv.h c_ecb.c cast_lcl.h -c_enc.o: ../../e_os.h ../../include/openssl/cast.h -c_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h -c_enc.o: c_enc.c cast_lcl.h -c_ofb64.o: ../../e_os.h ../../include/openssl/cast.h -c_ofb64.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h -c_ofb64.o: c_ofb64.c cast_lcl.h -c_skey.o: ../../e_os.h ../../include/openssl/cast.h -c_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h -c_skey.o: c_skey.c cast_lcl.h cast_s.h diff --git a/src/lib/libcrypto/cast/asm/cast-586.pl b/src/lib/libcrypto/cast/asm/cast-586.pl index 6be0bfe5724..7a0083ecb82 100644 --- a/src/lib/libcrypto/cast/asm/cast-586.pl +++ b/src/lib/libcrypto/cast/asm/cast-586.pl @@ -3,7 +3,8 @@ # define for pentium pro friendly version $ppro=1; -push(@INC,"perlasm","../../perlasm"); +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +push(@INC,"${dir}","${dir}../../perlasm"); require "x86asm.pl"; require "cbc.pl"; @@ -28,7 +29,7 @@ &CAST_encrypt("CAST_encrypt",1); &CAST_encrypt("CAST_decrypt",0); -&cbc("CAST_cbc_encrypt","CAST_encrypt","CAST_decrypt",1,4,5,3,-1,-1); +&cbc("CAST_cbc_encrypt","CAST_encrypt","CAST_decrypt",1,4,5,3,-1,-1) unless $main'openbsd; &asm_finish(); diff --git a/src/lib/libcrypto/cast/asm/readme b/src/lib/libcrypto/cast/asm/readme deleted file mode 100644 index fbcd76289e2..00000000000 --- a/src/lib/libcrypto/cast/asm/readme +++ /dev/null @@ -1,7 +0,0 @@ -There is a ppro flag in cast-586 which turns on/off -generation of pentium pro/II friendly code - -This flag makes the inner loop one cycle longer, but generates -code that runs %30 faster on the pentium pro/II, while only %7 slower -on the pentium. By default, this flag is on. - diff --git a/src/lib/libcrypto/cast/c_cfb64.c b/src/lib/libcrypto/cast/c_cfb64.c index 514c005c325..726d19e0053 100644 --- a/src/lib/libcrypto/cast/c_cfb64.c +++ b/src/lib/libcrypto/cast/c_cfb64.c @@ -1,4 +1,4 @@ -/* crypto/cast/c_cfb64.c */ +/* $OpenBSD: c_cfb64.c,v 1.5 2014/10/28 07:35:58 jsg Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -65,12 +65,12 @@ */ void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out, - long length, CAST_KEY *schedule, unsigned char *ivec, + long length, const CAST_KEY *schedule, unsigned char *ivec, int *num, int enc) { - register CAST_LONG v0,v1,t; - register int n= *num; - register long l=length; + CAST_LONG v0,v1,t; + int n= *num; + long l=length; CAST_LONG ti[2]; unsigned char *iv,c,cc; @@ -119,4 +119,3 @@ void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out, v0=v1=ti[0]=ti[1]=t=c=cc=0; *num=n; } - diff --git a/src/lib/libcrypto/cast/c_ecb.c b/src/lib/libcrypto/cast/c_ecb.c index 0b3da9ad871..c3a01b71ae1 100644 --- a/src/lib/libcrypto/cast/c_ecb.c +++ b/src/lib/libcrypto/cast/c_ecb.c @@ -1,4 +1,4 @@ -/* crypto/cast/c_ecb.c */ +/* $OpenBSD: c_ecb.c,v 1.7 2014/07/09 11:10:50 bcook Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -60,10 +60,8 @@ #include "cast_lcl.h" #include -const char *CAST_version="CAST" OPENSSL_VERSION_PTEXT; - void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, - CAST_KEY *ks, int enc) + const CAST_KEY *ks, int enc) { CAST_LONG l,d[2]; @@ -77,4 +75,3 @@ void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, l=d[1]; l2n(l,out); l=d[0]=d[1]=0; } - diff --git a/src/lib/libcrypto/cast/c_enc.c b/src/lib/libcrypto/cast/c_enc.c index 0fe2cffeccf..5999a590317 100644 --- a/src/lib/libcrypto/cast/c_enc.c +++ b/src/lib/libcrypto/cast/c_enc.c @@ -1,4 +1,4 @@ -/* crypto/cast/c_enc.c */ +/* $OpenBSD: c_enc.c,v 1.7 2014/10/28 07:35:58 jsg Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -59,9 +59,11 @@ #include #include "cast_lcl.h" -void CAST_encrypt(CAST_LONG *data, CAST_KEY *key) +#ifndef OPENBSD_CAST_ASM +void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key) { - register CAST_LONG l,r,*k,t; + CAST_LONG l,r,t; + const CAST_LONG *k; k= &(key->data[0]); l=data[0]; @@ -91,9 +93,10 @@ void CAST_encrypt(CAST_LONG *data, CAST_KEY *key) data[0]=r&0xffffffffL; } -void CAST_decrypt(CAST_LONG *data, CAST_KEY *key) +void CAST_decrypt(CAST_LONG *data, const CAST_KEY *key) { - register CAST_LONG l,r,*k,t; + CAST_LONG l,r,t; + const CAST_LONG *k; k= &(key->data[0]); l=data[0]; @@ -122,13 +125,14 @@ void CAST_decrypt(CAST_LONG *data, CAST_KEY *key) data[1]=l&0xffffffffL; data[0]=r&0xffffffffL; } +#endif void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, - CAST_KEY *ks, unsigned char *iv, int enc) + const CAST_KEY *ks, unsigned char *iv, int enc) { - register CAST_LONG tin0,tin1; - register CAST_LONG tout0,tout1,xor0,xor1; - register long l=length; + CAST_LONG tin0,tin1; + CAST_LONG tout0,tout1,xor0,xor1; + long l=length; CAST_LONG tin[2]; if (enc) @@ -204,4 +208,3 @@ void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, tin0=tin1=tout0=tout1=xor0=xor1=0; tin[0]=tin[1]=0; } - diff --git a/src/lib/libcrypto/cast/c_ofb64.c b/src/lib/libcrypto/cast/c_ofb64.c index fd0469a62fa..611425a6682 100644 --- a/src/lib/libcrypto/cast/c_ofb64.c +++ b/src/lib/libcrypto/cast/c_ofb64.c @@ -1,4 +1,4 @@ -/* crypto/cast/c_ofb64.c */ +/* $OpenBSD: c_ofb64.c,v 1.5 2014/10/28 07:35:58 jsg Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -64,14 +64,14 @@ * 64bit block we have used is contained in *num; */ void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out, - long length, CAST_KEY *schedule, unsigned char *ivec, + long length, const CAST_KEY *schedule, unsigned char *ivec, int *num) { - register CAST_LONG v0,v1,t; - register int n= *num; - register long l=length; + CAST_LONG v0,v1,t; + int n= *num; + long l=length; unsigned char d[8]; - register char *dp; + char *dp; CAST_LONG ti[2]; unsigned char *iv; int save=0; @@ -108,4 +108,3 @@ void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out, t=v0=v1=ti[0]=ti[1]=0; *num=n; } - diff --git a/src/lib/libcrypto/cast/c_skey.c b/src/lib/libcrypto/cast/c_skey.c index 76e40005c99..1cea8c8ab06 100644 --- a/src/lib/libcrypto/cast/c_skey.c +++ b/src/lib/libcrypto/cast/c_skey.c @@ -1,4 +1,4 @@ -/* crypto/cast/c_skey.c */ +/* $OpenBSD: c_skey.c,v 1.11 2014/06/12 15:49:28 deraadt Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -56,6 +56,7 @@ * [including the GNU Public Licence.] */ +#include #include #include "cast_lcl.h" #include "cast_s.h" @@ -71,7 +72,6 @@ #define S5 CAST_S_table5 #define S6 CAST_S_table6 #define S7 CAST_S_table7 - void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data) { CAST_LONG x[16]; diff --git a/src/lib/libcrypto/cast/cast.h b/src/lib/libcrypto/cast/cast.h index b28e4e4f3b3..1043c7f24f4 100644 --- a/src/lib/libcrypto/cast/cast.h +++ b/src/lib/libcrypto/cast/cast.h @@ -1,4 +1,4 @@ -/* crypto/cast/cast.h */ +/* $OpenBSD: cast.h,v 1.12 2014/07/10 22:45:56 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -59,6 +59,8 @@ #ifndef HEADER_CAST_H #define HEADER_CAST_H +#include + #ifdef __cplusplus extern "C" { #endif @@ -70,7 +72,7 @@ extern "C" { #define CAST_ENCRYPT 1 #define CAST_DECRYPT 0 -#define CAST_LONG unsigned long +#define CAST_LONG unsigned int #define CAST_BLOCK 8 #define CAST_KEY_LENGTH 16 @@ -81,19 +83,18 @@ typedef struct cast_key_st int short_key; /* Use reduced rounds for short key */ } CAST_KEY; - void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data); -void CAST_ecb_encrypt(const unsigned char *in,unsigned char *out,CAST_KEY *key, +void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, const CAST_KEY *key, int enc); -void CAST_encrypt(CAST_LONG *data,CAST_KEY *key); -void CAST_decrypt(CAST_LONG *data,CAST_KEY *key); +void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key); +void CAST_decrypt(CAST_LONG *data, const CAST_KEY *key); void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, - CAST_KEY *ks, unsigned char *iv, int enc); + const CAST_KEY *ks, unsigned char *iv, int enc); void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out, - long length, CAST_KEY *schedule, unsigned char *ivec, + long length, const CAST_KEY *schedule, unsigned char *ivec, int *num, int enc); void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out, - long length, CAST_KEY *schedule, unsigned char *ivec, + long length, const CAST_KEY *schedule, unsigned char *ivec, int *num); #ifdef __cplusplus diff --git a/src/lib/libcrypto/cast/cast_lcl.h b/src/lib/libcrypto/cast/cast_lcl.h index 37f41cc6a4d..ad4e2fede9f 100644 --- a/src/lib/libcrypto/cast/cast_lcl.h +++ b/src/lib/libcrypto/cast/cast_lcl.h @@ -1,4 +1,4 @@ -/* crypto/cast/cast_lcl.h */ +/* $OpenBSD: cast_lcl.h,v 1.11 2015/11/05 21:46:51 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -56,19 +56,6 @@ * [including the GNU Public Licence.] */ - -#include "e_os.h" - -#ifdef OPENSSL_SYS_WIN32 -#include -#endif - - -#ifdef OPENSSL_BUILD_SHLIBCRYPTO -# undef OPENSSL_EXTERN -# define OPENSSL_EXTERN OPENSSL_EXPORT -#endif - #undef c2l #define c2l(c,l) (l =((unsigned long)(*((c)++))) , \ l|=((unsigned long)(*((c)++)))<< 8L, \ @@ -157,11 +144,8 @@ *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ *((c)++)=(unsigned char)(((l) )&0xff)) -#if defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER) -#define ROTL(a,n) (_lrotl(a,n)) -#else +/* only invoked with 0 <= n <= 31 */ #define ROTL(a,n) ((((a)<<(n))&0xffffffffL)|((a)>>(32-(n)))) -#endif #define C_M 0x3fc #define C_0 22L @@ -222,11 +206,11 @@ } #endif -OPENSSL_EXTERN const CAST_LONG CAST_S_table0[256]; -OPENSSL_EXTERN const CAST_LONG CAST_S_table1[256]; -OPENSSL_EXTERN const CAST_LONG CAST_S_table2[256]; -OPENSSL_EXTERN const CAST_LONG CAST_S_table3[256]; -OPENSSL_EXTERN const CAST_LONG CAST_S_table4[256]; -OPENSSL_EXTERN const CAST_LONG CAST_S_table5[256]; -OPENSSL_EXTERN const CAST_LONG CAST_S_table6[256]; -OPENSSL_EXTERN const CAST_LONG CAST_S_table7[256]; +extern const CAST_LONG CAST_S_table0[256]; +extern const CAST_LONG CAST_S_table1[256]; +extern const CAST_LONG CAST_S_table2[256]; +extern const CAST_LONG CAST_S_table3[256]; +extern const CAST_LONG CAST_S_table4[256]; +extern const CAST_LONG CAST_S_table5[256]; +extern const CAST_LONG CAST_S_table6[256]; +extern const CAST_LONG CAST_S_table7[256]; diff --git a/src/lib/libcrypto/cast/cast_s.h b/src/lib/libcrypto/cast/cast_s.h index c483fd5e43e..472128bb402 100644 --- a/src/lib/libcrypto/cast/cast_s.h +++ b/src/lib/libcrypto/cast/cast_s.h @@ -1,4 +1,4 @@ -/* crypto/cast/cast_s.h */ +/* $OpenBSD: cast_s.h,v 1.6 2016/12/21 15:49:29 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -55,7 +55,10 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ -OPENSSL_GLOBAL const CAST_LONG CAST_S_table0[256]={ + +__BEGIN_HIDDEN_DECLS + +const CAST_LONG CAST_S_table0[256]={ 0x30fb40d4,0x9fa0ff0b,0x6beccd2f,0x3f258c7a, 0x1e213f2f,0x9c004dd3,0x6003e540,0xcf9fc949, 0xbfd4af27,0x88bbbdb5,0xe2034090,0x98d09675, @@ -121,7 +124,7 @@ OPENSSL_GLOBAL const CAST_LONG CAST_S_table0[256]={ 0x1a69e783,0x02cc4843,0xa2f7c579,0x429ef47d, 0x427b169c,0x5ac9f049,0xdd8f0f00,0x5c8165bf, }; -OPENSSL_GLOBAL const CAST_LONG CAST_S_table1[256]={ +const CAST_LONG CAST_S_table1[256]={ 0x1f201094,0xef0ba75b,0x69e3cf7e,0x393f4380, 0xfe61cf7a,0xeec5207a,0x55889c94,0x72fc0651, 0xada7ef79,0x4e1d7235,0xd55a63ce,0xde0436ba, @@ -187,7 +190,7 @@ OPENSSL_GLOBAL const CAST_LONG CAST_S_table1[256]={ 0x43d79572,0x7e6dd07c,0x06dfdf1e,0x6c6cc4ef, 0x7160a539,0x73bfbe70,0x83877605,0x4523ecf1, }; -OPENSSL_GLOBAL const CAST_LONG CAST_S_table2[256]={ +const CAST_LONG CAST_S_table2[256]={ 0x8defc240,0x25fa5d9f,0xeb903dbf,0xe810c907, 0x47607fff,0x369fe44b,0x8c1fc644,0xaececa90, 0xbeb1f9bf,0xeefbcaea,0xe8cf1950,0x51df07ae, @@ -253,7 +256,7 @@ OPENSSL_GLOBAL const CAST_LONG CAST_S_table2[256]={ 0xf7baefd5,0x4142ed9c,0xa4315c11,0x83323ec5, 0xdfef4636,0xa133c501,0xe9d3531c,0xee353783, }; -OPENSSL_GLOBAL const CAST_LONG CAST_S_table3[256]={ +const CAST_LONG CAST_S_table3[256]={ 0x9db30420,0x1fb6e9de,0xa7be7bef,0xd273a298, 0x4a4f7bdb,0x64ad8c57,0x85510443,0xfa020ed1, 0x7e287aff,0xe60fb663,0x095f35a1,0x79ebf120, @@ -319,7 +322,7 @@ OPENSSL_GLOBAL const CAST_LONG CAST_S_table3[256]={ 0x7ae5290c,0x3cb9536b,0x851e20fe,0x9833557e, 0x13ecf0b0,0xd3ffb372,0x3f85c5c1,0x0aef7ed2, }; -OPENSSL_GLOBAL const CAST_LONG CAST_S_table4[256]={ +const CAST_LONG CAST_S_table4[256]={ 0x7ec90c04,0x2c6e74b9,0x9b0e66df,0xa6337911, 0xb86a7fff,0x1dd358f5,0x44dd9d44,0x1731167f, 0x08fbf1fa,0xe7f511cc,0xd2051b00,0x735aba00, @@ -385,7 +388,7 @@ OPENSSL_GLOBAL const CAST_LONG CAST_S_table4[256]={ 0xe822fe15,0x88570983,0x750e6249,0xda627e55, 0x5e76ffa8,0xb1534546,0x6d47de08,0xefe9e7d4, }; -OPENSSL_GLOBAL const CAST_LONG CAST_S_table5[256]={ +const CAST_LONG CAST_S_table5[256]={ 0xf6fa8f9d,0x2cac6ce1,0x4ca34867,0xe2337f7c, 0x95db08e7,0x016843b4,0xeced5cbc,0x325553ac, 0xbf9f0960,0xdfa1e2ed,0x83f0579d,0x63ed86b9, @@ -451,7 +454,7 @@ OPENSSL_GLOBAL const CAST_LONG CAST_S_table5[256]={ 0xa2d762cf,0x49c92f54,0x38b5f331,0x7128a454, 0x48392905,0xa65b1db8,0x851c97bd,0xd675cf2f, }; -OPENSSL_GLOBAL const CAST_LONG CAST_S_table6[256]={ +const CAST_LONG CAST_S_table6[256]={ 0x85e04019,0x332bf567,0x662dbfff,0xcfc65693, 0x2a8d7f6f,0xab9bc912,0xde6008a1,0x2028da1f, 0x0227bce7,0x4d642916,0x18fac300,0x50f18b82, @@ -517,7 +520,7 @@ OPENSSL_GLOBAL const CAST_LONG CAST_S_table6[256]={ 0x518f36b2,0x84b1d370,0x0fedce83,0x878ddada, 0xf2a279c7,0x94e01be8,0x90716f4b,0x954b8aa3, }; -OPENSSL_GLOBAL const CAST_LONG CAST_S_table7[256]={ +const CAST_LONG CAST_S_table7[256]={ 0xe216300d,0xbbddfffc,0xa7ebdabd,0x35648095, 0x7789f8b7,0xe6c1121b,0x0e241600,0x052ce8b5, 0x11a9cfb0,0xe5952f11,0xece7990a,0x9386d174, @@ -583,3 +586,5 @@ OPENSSL_GLOBAL const CAST_LONG CAST_S_table7[256]={ 0x04f19130,0xba6e4ec0,0x99265164,0x1ee7230d, 0x50b2ad80,0xeaee6801,0x8db2a283,0xea8bf59e, }; + +__END_HIDDEN_DECLS diff --git a/src/lib/libcrypto/cast/cast_spd.c b/src/lib/libcrypto/cast/cast_spd.c deleted file mode 100644 index 76abf50d984..00000000000 --- a/src/lib/libcrypto/cast/cast_spd.c +++ /dev/null @@ -1,275 +0,0 @@ -/* crypto/cast/cast_spd.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -/* 11-Sep-92 Andrew Daviel Support for Silicon Graphics IRIX added */ -/* 06-Apr-92 Luke Brennan Support for VMS and add extra signal calls */ - -#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX) -#define TIMES -#endif - -#include - -#include -#include OPENSSL_UNISTD_IO -OPENSSL_DECLARE_EXIT - -#include -#ifndef _IRIX -#include -#endif -#ifdef TIMES -#include -#include -#endif - -/* Depending on the VMS version, the tms structure is perhaps defined. - The __TMS macro will show if it was. If it wasn't defined, we should - undefine TIMES, since that tells the rest of the program how things - should be handled. -- Richard Levitte */ -#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS) -#undef TIMES -#endif - -#ifndef TIMES -#include -#endif - -#if defined(sun) || defined(__ultrix) -#define _POSIX_SOURCE -#include -#include -#endif - -#include - -/* The following if from times(3) man page. It may need to be changed */ -#ifndef HZ -#ifndef CLK_TCK -#define HZ 100.0 -#else /* CLK_TCK */ -#define HZ ((double)CLK_TCK) -#endif -#endif - -#define BUFSIZE ((long)1024) -long run=0; - -double Time_F(int s); -#ifdef SIGALRM -#if defined(__STDC__) || defined(sgi) || defined(_AIX) -#define SIGRETTYPE void -#else -#define SIGRETTYPE int -#endif - -SIGRETTYPE sig_done(int sig); -SIGRETTYPE sig_done(int sig) - { - signal(SIGALRM,sig_done); - run=0; -#ifdef LINT - sig=sig; -#endif - } -#endif - -#define START 0 -#define STOP 1 - -double Time_F(int s) - { - double ret; -#ifdef TIMES - static struct tms tstart,tend; - - if (s == START) - { - times(&tstart); - return(0); - } - else - { - times(&tend); - ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ; - return((ret == 0.0)?1e-6:ret); - } -#else /* !times() */ - static struct timeb tstart,tend; - long i; - - if (s == START) - { - ftime(&tstart); - return(0); - } - else - { - ftime(&tend); - i=(long)tend.millitm-(long)tstart.millitm; - ret=((double)(tend.time-tstart.time))+((double)i)/1e3; - return((ret == 0.0)?1e-6:ret); - } -#endif - } - -int main(int argc, char **argv) - { - long count; - static unsigned char buf[BUFSIZE]; - static unsigned char key[] ={ - 0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0, - 0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10, - }; - CAST_KEY sch; - double a,b,c,d; -#ifndef SIGALRM - long ca,cb,cc; -#endif - -#ifndef TIMES - printf("To get the most accurate results, try to run this\n"); - printf("program when this computer is idle.\n"); -#endif - -#ifndef SIGALRM - printf("First we calculate the approximate speed ...\n"); - CAST_set_key(&sch,16,key); - count=10; - do { - long i; - CAST_LONG data[2]; - - count*=2; - Time_F(START); - for (i=count; i; i--) - CAST_encrypt(data,&sch); - d=Time_F(STOP); - } while (d < 3.0); - ca=count/512; - cb=count; - cc=count*8/BUFSIZE+1; - printf("Doing CAST_set_key %ld times\n",ca); -#define COND(d) (count != (d)) -#define COUNT(d) (d) -#else -#define COND(c) (run) -#define COUNT(d) (count) - signal(SIGALRM,sig_done); - printf("Doing CAST_set_key for 10 seconds\n"); - alarm(10); -#endif - - Time_F(START); - for (count=0,run=1; COND(ca); count+=4) - { - CAST_set_key(&sch,16,key); - CAST_set_key(&sch,16,key); - CAST_set_key(&sch,16,key); - CAST_set_key(&sch,16,key); - } - d=Time_F(STOP); - printf("%ld cast set_key's in %.2f seconds\n",count,d); - a=((double)COUNT(ca))/d; - -#ifdef SIGALRM - printf("Doing CAST_encrypt's for 10 seconds\n"); - alarm(10); -#else - printf("Doing CAST_encrypt %ld times\n",cb); -#endif - Time_F(START); - for (count=0,run=1; COND(cb); count+=4) - { - CAST_LONG data[2]; - - CAST_encrypt(data,&sch); - CAST_encrypt(data,&sch); - CAST_encrypt(data,&sch); - CAST_encrypt(data,&sch); - } - d=Time_F(STOP); - printf("%ld CAST_encrypt's in %.2f second\n",count,d); - b=((double)COUNT(cb)*8)/d; - -#ifdef SIGALRM - printf("Doing CAST_cbc_encrypt on %ld byte blocks for 10 seconds\n", - BUFSIZE); - alarm(10); -#else - printf("Doing CAST_cbc_encrypt %ld times on %ld byte blocks\n",cc, - BUFSIZE); -#endif - Time_F(START); - for (count=0,run=1; COND(cc); count++) - CAST_cbc_encrypt(buf,buf,BUFSIZE,&sch, - &(key[0]),CAST_ENCRYPT); - d=Time_F(STOP); - printf("%ld CAST_cbc_encrypt's of %ld byte blocks in %.2f second\n", - count,BUFSIZE,d); - c=((double)COUNT(cc)*BUFSIZE)/d; - - printf("CAST set_key per sec = %12.2f (%9.3fuS)\n",a,1.0e6/a); - printf("CAST raw ecb bytes per sec = %12.2f (%9.3fuS)\n",b,8.0e6/b); - printf("CAST cbc bytes per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c); - exit(0); -#if defined(LINT) || defined(OPENSSL_SYS_MSDOS) - return(0); -#endif - } - diff --git a/src/lib/libcrypto/cast/castopts.c b/src/lib/libcrypto/cast/castopts.c deleted file mode 100644 index 1b858d153bb..00000000000 --- a/src/lib/libcrypto/cast/castopts.c +++ /dev/null @@ -1,339 +0,0 @@ -/* crypto/cast/castopts.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -/* define PART1, PART2, PART3 or PART4 to build only with a few of the options. - * This is for machines with 64k code segment size restrictions. */ - -#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) -#define TIMES -#endif - -#include - -#include -#include OPENSSL_UNISTD_IO -OPENSSL_DECLARE_EXIT - -#include -#ifndef _IRIX -#include -#endif -#ifdef TIMES -#include -#include -#endif - -/* Depending on the VMS version, the tms structure is perhaps defined. - The __TMS macro will show if it was. If it wasn't defined, we should - undefine TIMES, since that tells the rest of the program how things - should be handled. -- Richard Levitte */ -#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS) -#undef TIMES -#endif - -#ifndef TIMES -#include -#endif - -#if defined(sun) || defined(__ultrix) -#define _POSIX_SOURCE -#include -#include -#endif - -#include - -#define CAST_DEFAULT_OPTIONS - -#undef E_CAST -#define CAST_encrypt CAST_encrypt_normal -#define CAST_decrypt CAST_decrypt_normal -#define CAST_cbc_encrypt CAST_cbc_encrypt_normal -#undef HEADER_CAST_LOCL_H -#include "c_enc.c" - -#define CAST_PTR -#undef CAST_PTR2 -#undef E_CAST -#undef CAST_encrypt -#undef CAST_decrypt -#undef CAST_cbc_encrypt -#define CAST_encrypt CAST_encrypt_ptr -#define CAST_decrypt CAST_decrypt_ptr -#define CAST_cbc_encrypt CAST_cbc_encrypt_ptr -#undef HEADER_CAST_LOCL_H -#include "c_enc.c" - -#undef CAST_PTR -#define CAST_PTR2 -#undef E_CAST -#undef CAST_encrypt -#undef CAST_decrypt -#undef CAST_cbc_encrypt -#define CAST_encrypt CAST_encrypt_ptr2 -#define CAST_decrypt CAST_decrypt_ptr2 -#define CAST_cbc_encrypt CAST_cbc_encrypt_ptr2 -#undef HEADER_CAST_LOCL_H -#include "c_enc.c" - -/* The following if from times(3) man page. It may need to be changed */ -#ifndef HZ -# ifndef CLK_TCK -# ifndef _BSD_CLK_TCK_ /* FreeBSD fix */ -# define HZ 100.0 -# else /* _BSD_CLK_TCK_ */ -# define HZ ((double)_BSD_CLK_TCK_) -# endif -# else /* CLK_TCK */ -# define HZ ((double)CLK_TCK) -# endif -#endif - -#define BUFSIZE ((long)1024) -long run=0; - -double Time_F(int s); -#ifdef SIGALRM -#if defined(__STDC__) || defined(sgi) -#define SIGRETTYPE void -#else -#define SIGRETTYPE int -#endif - -SIGRETTYPE sig_done(int sig); -SIGRETTYPE sig_done(int sig) - { - signal(SIGALRM,sig_done); - run=0; -#ifdef LINT - sig=sig; -#endif - } -#endif - -#define START 0 -#define STOP 1 - -double Time_F(int s) - { - double ret; -#ifdef TIMES - static struct tms tstart,tend; - - if (s == START) - { - times(&tstart); - return(0); - } - else - { - times(&tend); - ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ; - return((ret == 0.0)?1e-6:ret); - } -#else /* !times() */ - static struct timeb tstart,tend; - long i; - - if (s == START) - { - ftime(&tstart); - return(0); - } - else - { - ftime(&tend); - i=(long)tend.millitm-(long)tstart.millitm; - ret=((double)(tend.time-tstart.time))+((double)i)/1000.0; - return((ret == 0.0)?1e-6:ret); - } -#endif - } - -#ifdef SIGALRM -#define print_name(name) fprintf(stderr,"Doing %s's for 10 seconds\n",name); alarm(10); -#else -#define print_name(name) fprintf(stderr,"Doing %s %ld times\n",name,cb); -#endif - -#define time_it(func,name,index) \ - print_name(name); \ - Time_F(START); \ - for (count=0,run=1; COND(cb); count+=4) \ - { \ - unsigned long d[2]; \ - func(d,&sch); \ - func(d,&sch); \ - func(d,&sch); \ - func(d,&sch); \ - } \ - tm[index]=Time_F(STOP); \ - fprintf(stderr,"%ld %s's in %.2f second\n",count,name,tm[index]); \ - tm[index]=((double)COUNT(cb))/tm[index]; - -#define print_it(name,index) \ - fprintf(stderr,"%s bytes per sec = %12.2f (%5.1fuS)\n",name, \ - tm[index]*8,1.0e6/tm[index]); - -int main(int argc, char **argv) - { - long count; - static unsigned char buf[BUFSIZE]; - static char key[16]={ 0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0, - 0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0}; - CAST_KEY sch; - double d,tm[16],max=0; - int rank[16]; - char *str[16]; - int max_idx=0,i,num=0,j; -#ifndef SIGALARM - long ca,cb,cc,cd,ce; -#endif - - for (i=0; i<12; i++) - { - tm[i]=0.0; - rank[i]=0; - } - -#ifndef TIMES - fprintf(stderr,"To get the most accurate results, try to run this\n"); - fprintf(stderr,"program when this computer is idle.\n"); -#endif - - CAST_set_key(&sch,16,key); - -#ifndef SIGALRM - fprintf(stderr,"First we calculate the approximate speed ...\n"); - count=10; - do { - long i; - unsigned long data[2]; - - count*=2; - Time_F(START); - for (i=count; i; i--) - CAST_encrypt(data,&sch); - d=Time_F(STOP); - } while (d < 3.0); - ca=count; - cb=count*3; - cc=count*3*8/BUFSIZE+1; - cd=count*8/BUFSIZE+1; - - ce=count/20+1; -#define COND(d) (count != (d)) -#define COUNT(d) (d) -#else -#define COND(c) (run) -#define COUNT(d) (count) - signal(SIGALRM,sig_done); - alarm(10); -#endif - - time_it(CAST_encrypt_normal, "CAST_encrypt_normal ", 0); - time_it(CAST_encrypt_ptr, "CAST_encrypt_ptr ", 1); - time_it(CAST_encrypt_ptr2, "CAST_encrypt_ptr2 ", 2); - num+=3; - - str[0]=""; - print_it("CAST_encrypt_normal ",0); - max=tm[0]; - max_idx=0; - str[1]="ptr "; - print_it("CAST_encrypt_ptr ",1); - if (max < tm[1]) { max=tm[1]; max_idx=1; } - str[2]="ptr2 "; - print_it("CAST_encrypt_ptr2 ",2); - if (max < tm[2]) { max=tm[2]; max_idx=2; } - - printf("options CAST ecb/s\n"); - printf("%s %12.2f 100.0%%\n",str[max_idx],tm[max_idx]); - d=tm[max_idx]; - tm[max_idx]= -2.0; - max= -1.0; - for (;;) - { - for (i=0; i<3; i++) - { - if (max < tm[i]) { max=tm[i]; j=i; } - } - if (max < 0.0) break; - printf("%s %12.2f %4.1f%%\n",str[j],tm[j],tm[j]/d*100.0); - tm[j]= -2.0; - max= -1.0; - } - - switch (max_idx) - { - case 0: - printf("-DCAST_DEFAULT_OPTIONS\n"); - break; - case 1: - printf("-DCAST_PTR\n"); - break; - case 2: - printf("-DCAST_PTR2\n"); - break; - } - exit(0); -#if defined(LINT) || defined(OPENSSL_SYS_MSDOS) - return(0); -#endif - } - diff --git a/src/lib/libcrypto/cast/casts.cpp b/src/lib/libcrypto/cast/casts.cpp deleted file mode 100644 index 8d7bd468d22..00000000000 --- a/src/lib/libcrypto/cast/casts.cpp +++ /dev/null @@ -1,70 +0,0 @@ -// -// gettsc.inl -// -// gives access to the Pentium's (secret) cycle counter -// -// This software was written by Leonard Janke (janke@unixg.ubc.ca) -// in 1996-7 and is entered, by him, into the public domain. - -#if defined(__WATCOMC__) -void GetTSC(unsigned long&); -#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax]; -#elif defined(__GNUC__) -inline -void GetTSC(unsigned long& tsc) -{ - asm volatile(".byte 15, 49\n\t" - : "=eax" (tsc) - : - : "%edx", "%eax"); -} -#elif defined(_MSC_VER) -inline -void GetTSC(unsigned long& tsc) -{ - unsigned long a; - __asm _emit 0fh - __asm _emit 31h - __asm mov a, eax; - tsc=a; -} -#endif - -#include -#include -#include - -void main(int argc,char *argv[]) - { - CAST_KEY key; - unsigned long s1,s2,e1,e2; - unsigned long data[2]; - int i,j; - static unsigned char d[16]={0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF}; - - CAST_set_key(&key, 16,d); - - for (j=0; j<6; j++) - { - for (i=0; i<1000; i++) /**/ - { - CAST_encrypt(&data[0],&key); - GetTSC(s1); - CAST_encrypt(&data[0],&key); - CAST_encrypt(&data[0],&key); - CAST_encrypt(&data[0],&key); - GetTSC(e1); - GetTSC(s2); - CAST_encrypt(&data[0],&key); - CAST_encrypt(&data[0],&key); - CAST_encrypt(&data[0],&key); - CAST_encrypt(&data[0],&key); - GetTSC(e2); - CAST_encrypt(&data[0],&key); - } - - printf("cast %d %d (%d)\n", - e1-s1,e2-s2,((e2-s2)-(e1-s1))); - } - } - diff --git a/src/lib/libcrypto/cast/casttest.c b/src/lib/libcrypto/cast/casttest.c deleted file mode 100644 index 099e790886c..00000000000 --- a/src/lib/libcrypto/cast/casttest.c +++ /dev/null @@ -1,230 +0,0 @@ -/* crypto/cast/casttest.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include - -#ifdef OPENSSL_NO_CAST -int main(int argc, char *argv[]) -{ - printf("No CAST support\n"); - return(0); -} -#else -#include - -#define FULL_TEST - -static unsigned char k[16]={ - 0x01,0x23,0x45,0x67,0x12,0x34,0x56,0x78, - 0x23,0x45,0x67,0x89,0x34,0x56,0x78,0x9A - }; - -static unsigned char in[8]={ 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF}; - -static int k_len[3]={16,10,5}; -static unsigned char c[3][8]={ - {0x23,0x8B,0x4F,0xE5,0x84,0x7E,0x44,0xB2}, - {0xEB,0x6A,0x71,0x1A,0x2C,0x02,0x27,0x1B}, - {0x7A,0xC8,0x16,0xD1,0x6E,0x9B,0x30,0x2E}, - }; -static unsigned char out[80]; - -static unsigned char in_a[16]={ - 0x01,0x23,0x45,0x67,0x12,0x34,0x56,0x78, - 0x23,0x45,0x67,0x89,0x34,0x56,0x78,0x9A}; -static unsigned char in_b[16]={ - 0x01,0x23,0x45,0x67,0x12,0x34,0x56,0x78, - 0x23,0x45,0x67,0x89,0x34,0x56,0x78,0x9A}; - -static unsigned char c_a[16]={ - 0xEE,0xA9,0xD0,0xA2,0x49,0xFD,0x3B,0xA6, - 0xB3,0x43,0x6F,0xB8,0x9D,0x6D,0xCA,0x92}; -static unsigned char c_b[16]={ - 0xB2,0xC9,0x5E,0xB0,0x0C,0x31,0xAD,0x71, - 0x80,0xAC,0x05,0xB8,0xE8,0x3D,0x69,0x6E}; - -#if 0 -char *text="Hello to all people out there"; - -static unsigned char cfb_key[16]={ - 0xe1,0xf0,0xc3,0xd2,0xa5,0xb4,0x87,0x96, - 0x69,0x78,0x4b,0x5a,0x2d,0x3c,0x0f,0x1e, - }; -static unsigned char cfb_iv[80]={0x34,0x12,0x78,0x56,0xab,0x90,0xef,0xcd}; -static unsigned char cfb_buf1[40],cfb_buf2[40],cfb_tmp[8]; -#define CFB_TEST_SIZE 24 -static unsigned char plain[CFB_TEST_SIZE]= - { - 0x4e,0x6f,0x77,0x20,0x69,0x73, - 0x20,0x74,0x68,0x65,0x20,0x74, - 0x69,0x6d,0x65,0x20,0x66,0x6f, - 0x72,0x20,0x61,0x6c,0x6c,0x20 - }; -static unsigned char cfb_cipher64[CFB_TEST_SIZE]={ - 0x59,0xD8,0xE2,0x65,0x00,0x58,0x6C,0x3F, - 0x2C,0x17,0x25,0xD0,0x1A,0x38,0xB7,0x2A, - 0x39,0x61,0x37,0xDC,0x79,0xFB,0x9F,0x45 - -/* 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38, - 0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9, - 0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/ - }; -#endif - -int main(int argc, char *argv[]) - { -#ifdef FULL_TEST - long l; - CAST_KEY key_b; -#endif - int i,z,err=0; - CAST_KEY key; - - for (z=0; z<3; z++) - { - CAST_set_key(&key,k_len[z],k); - - CAST_ecb_encrypt(in,out,&key,CAST_ENCRYPT); - if (memcmp(out,&(c[z][0]),8) != 0) - { - printf("ecb cast error encrypting for keysize %d\n",k_len[z]*8); - printf("got :"); - for (i=0; i<8; i++) - printf("%02X ",out[i]); - printf("\n"); - printf("expected:"); - for (i=0; i<8; i++) - printf("%02X ",c[z][i]); - err=20; - printf("\n"); - } - - CAST_ecb_encrypt(out,out,&key,CAST_DECRYPT); - if (memcmp(out,in,8) != 0) - { - printf("ecb cast error decrypting for keysize %d\n",k_len[z]*8); - printf("got :"); - for (i=0; i<8; i++) - printf("%02X ",out[i]); - printf("\n"); - printf("expected:"); - for (i=0; i<8; i++) - printf("%02X ",in[i]); - printf("\n"); - err=3; - } - } - if (err == 0) - printf("ecb cast5 ok\n"); - -#ifdef FULL_TEST - { - unsigned char out_a[16],out_b[16]; - static char *hex="0123456789ABCDEF"; - - printf("This test will take some time...."); - fflush(stdout); - memcpy(out_a,in_a,sizeof(in_a)); - memcpy(out_b,in_b,sizeof(in_b)); - i=1; - - for (l=0; l<1000000L; l++) - { - CAST_set_key(&key_b,16,out_b); - CAST_ecb_encrypt(&(out_a[0]),&(out_a[0]),&key_b,CAST_ENCRYPT); - CAST_ecb_encrypt(&(out_a[8]),&(out_a[8]),&key_b,CAST_ENCRYPT); - CAST_set_key(&key,16,out_a); - CAST_ecb_encrypt(&(out_b[0]),&(out_b[0]),&key,CAST_ENCRYPT); - CAST_ecb_encrypt(&(out_b[8]),&(out_b[8]),&key,CAST_ENCRYPT); - if ((l & 0xffff) == 0xffff) - { - printf("%c",hex[i&0x0f]); - fflush(stdout); - i++; - } - } - - if ( (memcmp(out_a,c_a,sizeof(c_a)) != 0) || - (memcmp(out_b,c_b,sizeof(c_b)) != 0)) - { - printf("\n"); - printf("Error\n"); - - printf("A out ="); - for (i=0; i<16; i++) printf("%02X ",out_a[i]); - printf("\nactual="); - for (i=0; i<16; i++) printf("%02X ",c_a[i]); - printf("\n"); - - printf("B out ="); - for (i=0; i<16; i++) printf("%02X ",out_b[i]); - printf("\nactual="); - for (i=0; i<16; i++) printf("%02X ",c_b[i]); - printf("\n"); - } - else - printf(" ok\n"); - } -#endif - - exit(err); - return(err); - } -#endif diff --git a/src/lib/libcrypto/cert.pem b/src/lib/libcrypto/cert.pem new file mode 100644 index 00000000000..4390c0b6907 --- /dev/null +++ b/src/lib/libcrypto/cert.pem @@ -0,0 +1,6380 @@ +# $OpenBSD: cert.pem,v 1.18 2018/12/16 12:08:32 sthen Exp $ +### /C=ES/CN=Autoridad de Certificacion Firmaprofesional CIF A62634068 + +=== /C=ES/CN=Autoridad de Certificacion Firmaprofesional CIF A62634068 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 6047274297262753887 (0x53ec3beefbb2485f) + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: May 20 08:38:15 2009 GMT + Not After : Dec 31 08:38:15 2030 GMT + Subject: C=ES, CN=Autoridad de Certificacion Firmaprofesional CIF A62634068 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:1 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + 65:CD:EB:AB:35:1E:00:3E:7E:D5:74:C0:1C:B4:73:47:0E:1A:64:2F + X509v3 Certificate Policies: + Policy: X509v3 Any Policy + CPS: http://www.firmaprofesional.com/cps + User Notice: + Explicit Text: + +SHA1 Fingerprint=AE:C5:FB:3F:C8:E1:BF:C4:E5:4F:03:07:5A:9A:E8:00:B7:F7:B6:FA +SHA256 Fingerprint=04:04:80:28:BF:1F:28:64:D4:8F:9A:D4:D8:32:94:36:6A:82:88:56:55:3F:3B:14:30:3F:90:14:7F:5D:40:EF +-----BEGIN CERTIFICATE----- +MIIGFDCCA/ygAwIBAgIIU+w77vuySF8wDQYJKoZIhvcNAQEFBQAwUTELMAkGA1UE +BhMCRVMxQjBABgNVBAMMOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1h +cHJvZmVzaW9uYWwgQ0lGIEE2MjYzNDA2ODAeFw0wOTA1MjAwODM4MTVaFw0zMDEy +MzEwODM4MTVaMFExCzAJBgNVBAYTAkVTMUIwQAYDVQQDDDlBdXRvcmlkYWQgZGUg +Q2VydGlmaWNhY2lvbiBGaXJtYXByb2Zlc2lvbmFsIENJRiBBNjI2MzQwNjgwggIi +MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKlmuO6vj78aI14H9M2uDDUtd9 +thDIAl6zQyrET2qyyhxdKJp4ERppWVevtSBC5IsP5t9bpgOSL/UR5GLXMnE42QQM +cas9UX4PB99jBVzpv5RvwSmCwLTaUbDBPLutN0pcyvFLNg4kq7/DhHf9qFD0sefG +L9ItWY16Ck6WaVICqjaY7Pz6FIMMNx/Jkjd/14Et5cS54D40/mf0PmbR0/RAz15i +NA9wBj4gGFrO93IbJWyTdBSTo3OxDqqHECNZXyAFGUftaI6SEspd/NYrspI8IM/h +X68gvqB2f3bl7BqGYTM+53u0P6APjqK5am+5hyZvQWyIplD9amML9ZMWGxmPsu2b +m8mQ9QEM3xk9Dz44I8kvjwzRAv4bVdZO0I08r0+k8/6vKtMFnXkIoctXMbScyJCy +Z/QYFpM6/EfY0XiWMR+6KwxfXZmtY4laJCB22N/9q06mIqqdXuYnin1oKaPnirja +EbsXLZmdEyRG98Xi2J+Of8ePdG1asuhy9azuJBCtLxTa/y2aRnFHvkLfuwHb9H/T +KI8xWVvTyQKmtFLKbpf7Q8UIJm+K9Lv9nyiqDdVF8xM6HdjAeI9BZzwelGSuewvF +6NkBiDkal4ZkQdU7hwxu+g/GvUgUvzlN1J5Bto+WHWOWk9mVBngxaJ43BjuAiUVh +OSPHG0SjFeUc+JIwuwIDAQABo4HvMIHsMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYD +VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRlzeurNR4APn7VdMActHNHDhpkLzCBpgYD +VR0gBIGeMIGbMIGYBgRVHSAAMIGPMC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmZp +cm1hcHJvZmVzaW9uYWwuY29tL2NwczBcBggrBgEFBQcCAjBQHk4AUABhAHMAZQBv +ACAAZABlACAAbABhACAAQgBvAG4AYQBuAG8AdgBhACAANAA3ACAAQgBhAHIAYwBl +AGwAbwBuAGEAIAAwADgAMAAxADcwDQYJKoZIhvcNAQEFBQADggIBABd9oPm03cXF +661LJLWhAqvdpYhKsg9VSytXjDvlMd3+xDLx51tkljYyGOylMnfX40S2wBEqgLk9 +am58m9Ot/MPWo+ZkKXzR4Tgegiv/J2Wv+xYVxC5xhOW1//qkR71kMrv2JYSiJ0L1 +ILDCExARzRAVukKQKtJE4ZYm6zFIEv0q2skGz3QeqUvVhyj5eTSSPi5E6PaPT481 +PyWzOdxjKpBrIF/EUhJOlywqrJ2X3kjyo2bbwtKDlaZmp54lD+kLM5FlClrD2VQS +3a/DTg4fJl4N3LON7NWBcN7STyQF82xO9UxJZo3R/9ILJUFI/lGExkKvgATP0H5k +SeTy36LssUzAKh3ntLFlosS88Zj0qnAHY7S42jtM+kAiMFsRpvAFDsYCA0irhpuF +3dvd6qJ2gHN99ZwExEWN57kci57q13XRcrHedUTnQn3iV2t93Jm8PYMo6oCTjcVM +ZcFwgbg4/EMxsvYDNEeyrPsiBsse3RdHHF9mudMaotoRsaS8I8nkvof/uZS2+F0g +StRf571oe2XyFR7SOqkt6dhrJKyXWERHrVkY8SFlcN7ONGCoQPHzPKTDKCOM/icz +Q0CgFzzr6juwcqajuUpLXhZI9LK8yIySxZ2frHI2vDSANGupi5LAuBft7HZT9SQB +jLMi6Et8Vcad+qMUu2WFbm5PEn4KPJ2V +-----END CERTIFICATE----- + +### AC Camerfirma S.A. + +=== /C=EU/L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287/O=AC Camerfirma S.A./CN=Chambers of Commerce Root - 2008 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 11806822484801597146 (0xa3da427ea4b1aeda) + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Aug 1 12:29:50 2008 GMT + Not After : Jul 31 12:29:50 2038 GMT + Subject: C=EU, L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287, O=AC Camerfirma S.A., CN=Chambers of Commerce Root - 2008 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:12 + X509v3 Subject Key Identifier: + F9:24:AC:0F:B2:B5:F8:79:C0:FA:60:88:1B:C4:D9:4D:02:9E:17:19 + X509v3 Authority Key Identifier: + keyid:F9:24:AC:0F:B2:B5:F8:79:C0:FA:60:88:1B:C4:D9:4D:02:9E:17:19 + DirName:/C=EU/L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287/O=AC Camerfirma S.A./CN=Chambers of Commerce Root - 2008 + serial:A3:DA:42:7E:A4:B1:AE:DA + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Certificate Policies: + Policy: X509v3 Any Policy + CPS: http://policy.camerfirma.com + +SHA1 Fingerprint=78:6A:74:AC:76:AB:14:7F:9C:6A:30:50:BA:9E:A8:7E:FE:9A:CE:3C +SHA256 Fingerprint=06:3E:4A:FA:C4:91:DF:D3:32:F3:08:9B:85:42:E9:46:17:D8:93:D7:FE:94:4E:10:A7:93:7E:E2:9D:96:93:C0 +-----BEGIN CERTIFICATE----- +MIIHTzCCBTegAwIBAgIJAKPaQn6ksa7aMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYD +VQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0 +IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3 +MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xKTAnBgNVBAMTIENoYW1iZXJz +IG9mIENvbW1lcmNlIFJvb3QgLSAyMDA4MB4XDTA4MDgwMTEyMjk1MFoXDTM4MDcz +MTEyMjk1MFowga4xCzAJBgNVBAYTAkVVMUMwQQYDVQQHEzpNYWRyaWQgKHNlZSBj +dXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVyZmlybWEuY29tL2FkZHJlc3MpMRIw +EAYDVQQFEwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENhbWVyZmlybWEgUy5BLjEp +MCcGA1UEAxMgQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdCAtIDIwMDgwggIiMA0G +CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCvAMtwNyuAWko6bHiUfaN/Gh/2NdW9 +28sNRHI+JrKQUrpjOyhYb6WzbZSm891kDFX29ufyIiKAXuFixrYp4YFs8r/lfTJq +VKAyGVn+H4vXPWCGhSRv4xGzdz4gljUha7MI2XAuZPeEklPWDrCQiorjh40G072Q +DuKZoRuGDtqaCrsLYVAGUvGef3bsyw/QHg3PmTA9HMRFEFis1tPo1+XqxQEHd9ZR +5gN/ikilTWh1uem8nk4ZcfUyS5xtYBkL+8ydddy/Js2Pk3g5eXNeJQ7KXOt3EgfL +ZEFHcpOrUMPrCXZkNNI5t3YRCQ12RcSprj1qr7V9ZS+UWBDsXHyvfuK2GNnQm05a +Sd+pZgvMPMZ4fKecHePOjlO+Bd5gD2vlGts/4+EhySnB8esHnFIbAURRPHsl18Tl +UlRdJQfKFiC4reRB7noI/plvg6aRArBsNlVq5331lubKgdaX8ZSD6e2wsWsSaR6s ++12pxZjptFtYer49okQ6Y1nUCyXeG0+95QGezdIp1Z8XGQpvvwyQ0wlf2eOKNcx5 +Wk0ZN5K3xMGtr/R5JJqyAQuxr1yW84Ay+1w9mPGgP0revq+ULtlVmhduYJ1jbLhj +ya6BXBg14JC7vjxPNyK5fuvPnnchpj04gftI2jE9K+OJ9dC1vX7gUMQSibMjmhAx +hduub+84Mxh2EQIDAQABo4IBbDCCAWgwEgYDVR0TAQH/BAgwBgEB/wIBDDAdBgNV +HQ4EFgQU+SSsD7K1+HnA+mCIG8TZTQKeFxkwgeMGA1UdIwSB2zCB2IAU+SSsD7K1 ++HnA+mCIG8TZTQKeFxmhgbSkgbEwga4xCzAJBgNVBAYTAkVVMUMwQQYDVQQHEzpN +YWRyaWQgKHNlZSBjdXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVyZmlybWEuY29t +L2FkZHJlc3MpMRIwEAYDVQQFEwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENhbWVy +ZmlybWEgUy5BLjEpMCcGA1UEAxMgQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdCAt +IDIwMDiCCQCj2kJ+pLGu2jAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRV +HSAAMCowKAYIKwYBBQUHAgEWHGh0dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20w +DQYJKoZIhvcNAQEFBQADggIBAJASryI1wqM58C7e6bXpeHxIvj99RZJe6dqxGfwW +PJ+0W2aeaufDuV2I6A+tzyMP3iU6XsxPpcG1Lawk0lgH3qLPaYRgM+gQDROpI9CF +5Y57pp49chNyM/WqfcZjHwj0/gF/JM8rLFQJ3uIrbZLGOU8W6jx+ekbURWpGqOt1 +glanq6B8aBMz9p0w8G8nOSQjKpD9kCk18pPfNKXG9/jvjA9iSnyu0/VU+I22mlaH +FoI6M6taIgj3grrqLuBHmrS1RaMFO9ncLkVAO+rcf+g769HsJtg1pDDFOqxXnrN2 +pSB7+R5KBWIBpih1YJeSDW4+TTdDDZIVnBgizVGZoCkaPF+KMjNbMMeJL0eYD6MD +xvbxrN8y8NmBGuScvfaAFPDRLLmF9dijscilIeUcE5fuDr3fKanvNFNb0+RqE4QG +tjICxFKuItLcsiFCGtpA8CnJ7AoMXOLQusxI0zcKzBIKinmwPQN/aUv0NCB9szTq +jktk9T79syNnFQ0EuPAtwQlRPLJsFfClI9eDdOTlLsn+mCdCxqvGnrDQWzilm1De +fhiYtUU79nm06PcaewaD+9CL2rvHvRirCG88gGtAPxkZumWK5r7VXNM21+9AUiRg +OGcEMeyP84LG3rlV8zsxkVrctQgVrXYlCg17LofiDKYGvCYQbTed7N14jHyAxfDZ +d0jQ +-----END CERTIFICATE----- +=== /C=EU/L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287/O=AC Camerfirma S.A./CN=Global Chambersign Root - 2008 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 14541511773111788494 (0xc9cdd3e9d57d23ce) + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Aug 1 12:31:40 2008 GMT + Not After : Jul 31 12:31:40 2038 GMT + Subject: C=EU, L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287, O=AC Camerfirma S.A., CN=Global Chambersign Root - 2008 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:12 + X509v3 Subject Key Identifier: + B9:09:CA:9C:1E:DB:D3:6C:3A:6B:AE:ED:54:F1:5B:93:06:35:2E:5E + X509v3 Authority Key Identifier: + keyid:B9:09:CA:9C:1E:DB:D3:6C:3A:6B:AE:ED:54:F1:5B:93:06:35:2E:5E + DirName:/C=EU/L=Madrid (see current address at www.camerfirma.com/address)/serialNumber=A82743287/O=AC Camerfirma S.A./CN=Global Chambersign Root - 2008 + serial:C9:CD:D3:E9:D5:7D:23:CE + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Certificate Policies: + Policy: X509v3 Any Policy + CPS: http://policy.camerfirma.com + +SHA1 Fingerprint=4A:BD:EE:EC:95:0D:35:9C:89:AE:C7:52:A1:2C:5B:29:F6:D6:AA:0C +SHA256 Fingerprint=13:63:35:43:93:34:A7:69:80:16:A0:D3:24:DE:72:28:4E:07:9D:7B:52:20:BB:8F:BD:74:78:16:EE:BE:BA:CA +-----BEGIN CERTIFICATE----- +MIIHSTCCBTGgAwIBAgIJAMnN0+nVfSPOMA0GCSqGSIb3DQEBBQUAMIGsMQswCQYD +VQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0 +IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3 +MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xJzAlBgNVBAMTHkdsb2JhbCBD +aGFtYmVyc2lnbiBSb290IC0gMjAwODAeFw0wODA4MDExMjMxNDBaFw0zODA3MzEx +MjMxNDBaMIGsMQswCQYDVQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3Vy +cmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAG +A1UEBRMJQTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xJzAl +BgNVBAMTHkdsb2JhbCBDaGFtYmVyc2lnbiBSb290IC0gMjAwODCCAiIwDQYJKoZI +hvcNAQEBBQADggIPADCCAgoCggIBAMDfVtPkOpt2RbQT2//BthmLN0EYlVJH6xed +KYiONWwGMi5HYvNJBL99RDaxccy9Wglz1dmFRP+RVyXfXjaOcNFccUMd2drvXNL7 +G706tcuto8xEpw2uIRU/uXpbknXYpBI4iRmKt4DS4jJvVpyR1ogQC7N0ZJJ0YPP2 +zxhPYLIj0Mc7zmFLmY/CDNBAspjcDahOo7kKrmCgrUVSY7pmvWjg+b4aqIG7HkF4 +ddPB/gBVsIdU6CeQNR1MM62X/JcumIS/LMmjv9GYERTtY/jKmIhYF5ntRQOXfjyG +HoiMvvKRhI9lNNgATH23MRdaKXoKGCQwoze1eqkBfSbW+Q6OWfH9GzO1KTsXO0G2 +Id3UwD2ln58fQ1DJu7xsepeY7s2MH/ucUa6LcL0nn3HAa6x9kGbo1106DbDVwo3V +yJ2dwW3Q0L9R5OP4wzg2rtandeavhENdk5IMagfeOx2YItaswTXbo6Al/3K1dh3e +beksZixShNBFks4c5eUzHdwHU1SjqoI7mjcv3N2gZOnm3b2u/GSFHTynyQbehP9r +6GsaPMWis0L7iwk+XwhSx2LE1AVxv8Rk5Pihg+g+EpuoHtQ2TS9x9o0o9oOpE9Jh +wZG7SMA0j0GMS0zbaRL/UJScIINZc+18ofLx/d33SdNDWKBWY8o9PeU1VlnpDsog +zCtLkykPAgMBAAGjggFqMIIBZjASBgNVHRMBAf8ECDAGAQH/AgEMMB0GA1UdDgQW +BBS5CcqcHtvTbDprru1U8VuTBjUuXjCB4QYDVR0jBIHZMIHWgBS5CcqcHtvTbDpr +ru1U8VuTBjUuXqGBsqSBrzCBrDELMAkGA1UEBhMCRVUxQzBBBgNVBAcTOk1hZHJp +ZCAoc2VlIGN1cnJlbnQgYWRkcmVzcyBhdCB3d3cuY2FtZXJmaXJtYS5jb20vYWRk +cmVzcykxEjAQBgNVBAUTCUE4Mjc0MzI4NzEbMBkGA1UEChMSQUMgQ2FtZXJmaXJt +YSBTLkEuMScwJQYDVQQDEx5HbG9iYWwgQ2hhbWJlcnNpZ24gUm9vdCAtIDIwMDiC +CQDJzdPp1X0jzjAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRVHSAAMCow +KAYIKwYBBQUHAgEWHGh0dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20wDQYJKoZI +hvcNAQEFBQADggIBAICIf3DekijZBZRG/5BXqfEv3xoNa/p8DhxJJHkn2EaqbylZ +UohwEurdPfWbU1Rv4WCiqAm57OtZfMY18dwY6fFn5a+6ReAJ3spED8IXDneRRXoz +X1+WLGiLwUePmJs9wOzL9dWCkoQ10b42OFZyMVtHLaoXpGNR6woBrX/sdZ7LoR/x +fxKxueRkf2fWIyr0uDldmOghp+G9PUIadJpwr2hsUF1Jz//7Dl3mLEfXgTpZALVz +a2Mg9jFFCDkO9HB+QHBaP9BrQql0PSgvAm11cpUJjUhjxsYjV5KTXjXBjfkK9yyd +Yhz2rXzdpjEetrHHfoUm+qRqtdpjMNHvkzeyZi99Bffnt0uYlDXA2TopwZ2yUDMd +SqlapskD7+3056huirRXhOukP9DuqqqHW2Pok+JrqNS4cnhrG+055F3Lm6qH1U9O +AP7Zap88MQ8oAgF9mOinsKJknnn4SPIVqczmyETrP3iZ8ntxPjzxmKfFGBI/5rso +M0LpRQp8bfKGeS/Fghl9CYl8slR2iK7ewfPM4W7bMdaTrpmg7yVqc5iJWzouE4ge +v8CSlDQb4ye3ix5vQv/n6TebUB0tovkC7stYWDpxvGjjqsGvHCgfotwjZT+B6q6Z +09gwzxMNTxXJhLynSC34MCN32EZLeW32jO06f2ARePTpm67VVMB0gNELQp/B +-----END CERTIFICATE----- + +### ACCV + +=== /CN=ACCVRAIZ1/OU=PKIACCV/O=ACCV/C=ES +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 6828503384748696800 (0x5ec3b7a6437fa4e0) + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: May 5 09:37:37 2011 GMT + Not After : Dec 31 09:37:37 2030 GMT + Subject: CN=ACCVRAIZ1, OU=PKIACCV, O=ACCV, C=ES + X509v3 extensions: + Authority Information Access: + CA Issuers - URI:http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt + OCSP - URI:http://ocsp.accv.es + + X509v3 Subject Key Identifier: + D2:87:B4:E3:DF:37:27:93:55:F6:56:EA:81:E5:36:CC:8C:1E:3F:BD + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Authority Key Identifier: + keyid:D2:87:B4:E3:DF:37:27:93:55:F6:56:EA:81:E5:36:CC:8C:1E:3F:BD + + X509v3 Certificate Policies: + Policy: X509v3 Any Policy + User Notice: + Explicit Text: + CPS: http://www.accv.es/legislacion_c.htm + + X509v3 CRL Distribution Points: + + Full Name: + URI:http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Alternative Name: + email:accv@accv.es +SHA1 Fingerprint=93:05:7A:88:15:C6:4F:CE:88:2F:FA:91:16:52:28:78:BC:53:64:17 +SHA256 Fingerprint=9A:6E:C0:12:E1:A7:DA:9D:BE:34:19:4D:47:8A:D7:C0:DB:18:22:FB:07:1D:F1:29:81:49:6E:D1:04:38:41:13 +-----BEGIN CERTIFICATE----- +MIIH0zCCBbugAwIBAgIIXsO3pkN/pOAwDQYJKoZIhvcNAQEFBQAwQjESMBAGA1UE +AwwJQUNDVlJBSVoxMRAwDgYDVQQLDAdQS0lBQ0NWMQ0wCwYDVQQKDARBQ0NWMQsw +CQYDVQQGEwJFUzAeFw0xMTA1MDUwOTM3MzdaFw0zMDEyMzEwOTM3MzdaMEIxEjAQ +BgNVBAMMCUFDQ1ZSQUlaMTEQMA4GA1UECwwHUEtJQUNDVjENMAsGA1UECgwEQUND +VjELMAkGA1UEBhMCRVMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCb +qau/YUqXry+XZpp0X9DZlv3P4uRm7x8fRzPCRKPfmt4ftVTdFXxpNRFvu8gMjmoY +HtiP2Ra8EEg2XPBjs5BaXCQ316PWywlxufEBcoSwfdtNgM3802/J+Nq2DoLSRYWo +G2ioPej0RGy9ocLLA76MPhMAhN9KSMDjIgro6TenGEyxCQ0jVn8ETdkXhBilyNpA +lHPrzg5XPAOBOp0KoVdDaaxXbXmQeOW1tDvYvEyNKKGno6e6Ak4l0Squ7a4DIrhr +IA8wKFSVf+DuzgpmndFALW4ir50awQUZ0m/A8p/4e7MCQvtQqR0tkw8jq8bBD5L/ +0KIV9VMJcRz/RROE5iZe+OCIHAr8Fraocwa48GOEAqDGWuzndN9wrqODJerWx5eH +k6fGioozl2A3ED6XPm4pFdahD9GILBKfb6qkxkLrQaLjlUPTAYVtjrs78yM2x/47 +4KElB0iryYl0/wiPgL/AlmXz7uxLaL2diMMxs0Dx6M/2OLuc5NF/1OVYm3z61PMO +m3WR5LpSLhl+0fXNWhn8ugb2+1KoS5kE3fj5tItQo05iifCHJPqDQsGH+tUtKSpa +cXpkatcnYGMN285J9Y0fkIkyF/hzQ7jSWpOGYdbhdQrqeWZ2iE9x6wQl1gpaepPl +uUsXQA+xtrn13k/c4LOsOxFwYIRKQ26ZIMApcQrAZQIDAQABo4ICyzCCAscwfQYI +KwYBBQUHAQEEcTBvMEwGCCsGAQUFBzAChkBodHRwOi8vd3d3LmFjY3YuZXMvZmls +ZWFkbWluL0FyY2hpdm9zL2NlcnRpZmljYWRvcy9yYWl6YWNjdjEuY3J0MB8GCCsG +AQUFBzABhhNodHRwOi8vb2NzcC5hY2N2LmVzMB0GA1UdDgQWBBTSh7Tj3zcnk1X2 +VuqB5TbMjB4/vTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFNKHtOPfNyeT +VfZW6oHlNsyMHj+9MIIBcwYDVR0gBIIBajCCAWYwggFiBgRVHSAAMIIBWDCCASIG +CCsGAQUFBwICMIIBFB6CARAAQQB1AHQAbwByAGkAZABhAGQAIABkAGUAIABDAGUA +cgB0AGkAZgBpAGMAYQBjAGkA8wBuACAAUgBhAO0AegAgAGQAZQAgAGwAYQAgAEEA +QwBDAFYAIAAoAEEAZwBlAG4AYwBpAGEAIABkAGUAIABUAGUAYwBuAG8AbABvAGcA +7QBhACAAeQAgAEMAZQByAHQAaQBmAGkAYwBhAGMAaQDzAG4AIABFAGwAZQBjAHQA +cgDzAG4AaQBjAGEALAAgAEMASQBGACAAUQA0ADYAMAAxADEANQA2AEUAKQAuACAA +QwBQAFMAIABlAG4AIABoAHQAdABwADoALwAvAHcAdwB3AC4AYQBjAGMAdgAuAGUA +czAwBggrBgEFBQcCARYkaHR0cDovL3d3dy5hY2N2LmVzL2xlZ2lzbGFjaW9uX2Mu +aHRtMFUGA1UdHwROMEwwSqBIoEaGRGh0dHA6Ly93d3cuYWNjdi5lcy9maWxlYWRt +aW4vQXJjaGl2b3MvY2VydGlmaWNhZG9zL3JhaXphY2N2MV9kZXIuY3JsMA4GA1Ud +DwEB/wQEAwIBBjAXBgNVHREEEDAOgQxhY2N2QGFjY3YuZXMwDQYJKoZIhvcNAQEF +BQADggIBAJcxAp/n/UNnSEQU5CmH7UwoZtCPNdpNYbdKl02125DgBS4OxnnQ8pdp +D70ER9m+27Up2pvZrqmZ1dM8MJP1jaGo/AaNRPTKFpV8M9xii6g3+CfYCS0b78gU +JyCpZET/LtZ1qmxNYEAZSUNUY9rizLpm5U9EelvZaoErQNV/+QEnWCzI7UiRfD+m +AM/EKXMRNt6GGT6d7hmKG9Ww7Y49nCrADdg9ZuM8Db3VlFzi4qc1GwQA9j9ajepD +vV+JHanBsMyZ4k0ACtrJJ1vnE5Bc5PUzolVt3OAJTS+xJlsndQAJxGJ3KQhfnlms +tn6tn1QwIgPBHnFk/vk4CpYY3QIUrCPLBhwepH2NDd4nQeit2hW3sCPdK6jT2iWH +7ehVRE2I9DZ+hJp4rPcOVkkO1jMl1oRQQmwgEh0q1b688nCBpHBgvgW1m54ERL5h +I6zppSSMEYCUWqKiuUnSwdzRp+0xESyeGabu4VXhwOrPDYTkF7eifKXeVSUG7szA +h1xA2syVP1XgNce4hL60Xc16gwFy7ofmXx2utYXGJt/mwZrpHgJHnyqobalbz+xF +d3+YJ5oyXSrjhO7FmGYvliAd3djDJ9ew+f7Zfc3Qn48LFFhRny+Lwzgt3uiP1o2H +pPVWQxaZLPSkVrQ0uGE3ycJYgBugl6H8WY3pEfbRD0tVNEYqi4Y7 +-----END CERTIFICATE----- + +### Actalis S.p.A./03358520967 + +=== /C=IT/L=Milan/O=Actalis S.p.A./03358520967/CN=Actalis Authentication Root CA +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 6271844772424770508 (0x570a119742c4e3cc) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Sep 22 11:22:02 2011 GMT + Not After : Sep 22 11:22:02 2030 GMT + Subject: C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA + X509v3 extensions: + X509v3 Subject Key Identifier: + 52:D8:88:3A:C8:9F:78:66:ED:89:F3:7B:38:70:94:C9:02:02:36:D0 + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Authority Key Identifier: + keyid:52:D8:88:3A:C8:9F:78:66:ED:89:F3:7B:38:70:94:C9:02:02:36:D0 + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign +SHA1 Fingerprint=F3:73:B3:87:06:5A:28:84:8A:F2:F3:4A:CE:19:2B:DD:C7:8E:9C:AC +SHA256 Fingerprint=55:92:60:84:EC:96:3A:64:B9:6E:2A:BE:01:CE:0B:A8:6A:64:FB:FE:BC:C7:AA:B5:AF:C1:55:B3:7F:D7:60:66 +-----BEGIN CERTIFICATE----- +MIIFuzCCA6OgAwIBAgIIVwoRl0LE48wwDQYJKoZIhvcNAQELBQAwazELMAkGA1UE +BhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8w +MzM1ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290 +IENBMB4XDTExMDkyMjExMjIwMloXDTMwMDkyMjExMjIwMlowazELMAkGA1UEBhMC +SVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8wMzM1 +ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290IENB +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAp8bEpSmkLO/lGMWwUKNv +UTufClrJwkg4CsIcoBh/kbWHuUA/3R1oHwiD1S0eiKD4j1aPbZkCkpAW1V8IbInX +4ay8IMKx4INRimlNAJZaby/ARH6jDuSRzVju3PvHHkVH3Se5CAGfpiEd9UEtL0z9 +KK3giq0itFZljoZUj5NDKd45RnijMCO6zfB9E1fAXdKDa0hMxKufgFpbOr3JpyI/ +gCczWw63igxdBzcIy2zSekciRDXFzMwujt0q7bd9Zg1fYVEiVRvjRuPjPdA1Yprb +rxTIW6HMiRvhMCb8oJsfgadHHwTrozmSBp+Z07/T6k9QnBn+locePGX2oxgkg4YQ +51Q+qDp2JE+BIcXjDwL4k5RHILv+1A7TaLndxHqEguNTVHnd25zS8gebLra8Pu2F +be8lEfKXGkJh90qX6IuxEAf6ZYGyojnP9zz/GPvG8VqLWeICrHuS0E4UT1lF9gxe +KF+w6D9Fz8+vm2/7hNN3WpVvrJSEnu68wEqPSpP4RCHiMUVhUE4Q2OM1fEwZtN4F +v6MGn8i1zeQf1xcGDXqVdFUNaBr8EBtiZJ1t4JWgw5QHVw0U5r0F+7if5t+L4sbn +fpb2U8WANFAoWPASUHEXMLrmeGO89LKtmyuy/uE5jF66CyCU3nuDuP/jVo23Eek7 +jPKxwV2dpAtMK9myGPW1n0sCAwEAAaNjMGEwHQYDVR0OBBYEFFLYiDrIn3hm7Ynz +ezhwlMkCAjbQMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUUtiIOsifeGbt +ifN7OHCUyQICNtAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQAL +e3KHwGCmSUyIWOYdiPcUZEim2FgKDk8TNd81HdTtBjHIgT5q1d07GjLukD0R0i70 +jsNjLiNmsGe+b7bAEzlgqqI0JZN1Ut6nna0Oh4lScWoWPBkdg/iaKWW+9D+a2fDz +WochcYBNy+A4mz+7+uAwTc+G02UQGRjRlwKxK3JCaKygvU5a2hi/a5iB0P2avl4V +SM0RFbnAKVy06Ij3Pjaut2L9HmLecHgQHEhb2rykOLpn7VU+Xlff1ANATIGk0k9j +pwlCCRT8AKnCgHNPLsBA2RF7SOp6AsDT6ygBJlh0wcBzIm2Tlf05fbsq4/aC4yyX +X04fkZT6/iyj2HYauE2yOE+b+h1IYHkm4vP9qdCa6HCPSXrW5b0KDtst842/6+Ok +fcvHlXHo2qN8xcL4dJIEG4aspCJTQLas/kx2z/uUMsA1n3Y/buWQbqCmJqK4LL7R +K4X9p2jIugErsWx0Hbhzlefut8cl8ABMALJ+tguLHPPAUJ4lueAI3jZm/zel0btU +ZCzJJ7VLkn5l/9Mt4blOvH+kQSGQQXemOR/qnuOf0GZvBeyqdn6/axag67XH/JJU +LysRJyU3eExRarDzzFhdFPFqSBX/wge2sY0PjlxQRrM9vwGYT7JZVEc+NHt4bVaT +LnPqZih4zR0Uv6CPLy64Lo7yFIrM6bV8+2ydDKXhlg== +-----END CERTIFICATE----- + +### AddTrust AB + +=== /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: May 30 10:48:38 2000 GMT + Not After : May 30 10:48:38 2020 GMT + Subject: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root + X509v3 extensions: + X509v3 Subject Key Identifier: + AD:BD:98:7A:34:B4:26:F7:FA:C4:26:54:EF:03:BD:E0:24:CB:54:1A + X509v3 Key Usage: + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Authority Key Identifier: + keyid:AD:BD:98:7A:34:B4:26:F7:FA:C4:26:54:EF:03:BD:E0:24:CB:54:1A + DirName:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root + serial:01 + +SHA1 Fingerprint=02:FA:F3:E2:91:43:54:68:60:78:57:69:4D:F5:E4:5B:68:85:18:68 +SHA256 Fingerprint=68:7F:A4:51:38:22:78:FF:F0:C8:B1:1F:8D:43:D5:76:67:1C:6E:B2:BC:EA:B4:13:FB:83:D9:65:D0:6D:2F:F2 +-----BEGIN CERTIFICATE----- +MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU +MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs +IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290 +MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFowbzELMAkGA1UEBhMCU0Ux +FDASBgNVBAoTC0FkZFRydXN0IEFCMSYwJAYDVQQLEx1BZGRUcnVzdCBFeHRlcm5h +bCBUVFAgTmV0d29yazEiMCAGA1UEAxMZQWRkVHJ1c3QgRXh0ZXJuYWwgQ0EgUm9v +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALf3GjPm8gAELTngTlvt +H7xsD821+iO2zt6bETOXpClMfZOfvUq8k+0DGuOPz+VtUFrWlymUWoCwSXrbLpX9 +uMq/NzgtHj6RQa1wVsfwTz/oMp50ysiQVOnGXw94nZpAPA6sYapeFI+eh6FqUNzX +mk6vBbOmcZSccbNQYArHE504B4YCqOmoaSYYkKtMsE8jqzpPhNjfzp/haW+710LX +a0Tkx63ubUFfclpxCDezeWWkWaCUN/cALw3CknLa0Dhy2xSoRcRdKn23tNbE7qzN +E0S3ySvdQwAl+mG5aWpYIxG3pzOPVnVZ9c0p10a3CitlttNCbxWyuHv77+ldU9U0 +WicCAwEAAaOB3DCB2TAdBgNVHQ4EFgQUrb2YejS0Jvf6xCZU7wO94CTLVBowCwYD +VR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wgZkGA1UdIwSBkTCBjoAUrb2YejS0 +Jvf6xCZU7wO94CTLVBqhc6RxMG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRU +cnVzdCBBQjEmMCQGA1UECxMdQWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsx +IjAgBgNVBAMTGUFkZFRydXN0IEV4dGVybmFsIENBIFJvb3SCAQEwDQYJKoZIhvcN +AQEFBQADggEBALCb4IUlwtYj4g+WBpKdQZic2YR5gdkeWxQHIzZlj7DYd7usQWxH +YINRsPkyPef89iYTx4AWpb9a/IfPeHmJIZriTAcKhjW88t5RxNKWt9x+Tu5w/Rw5 +6wwCURQtjr0W4MHfRnXnJK3s9EK0hZNwEGe6nQY1ShjTK3rMUUKhemPR5ruhxSvC +Nr4TDea9Y355e6cJDUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEX +c4g/VhsxOBi0cQ+azcgOno4uG+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5a +mnkPIAou1Z5jJh5VkpTYghdae9C8x49OhgQ= +-----END CERTIFICATE----- + +### AffirmTrust + +=== /C=US/O=AffirmTrust/CN=AffirmTrust Commercial +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 8608355977964138876 (0x7777062726a9b17c) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Jan 29 14:06:06 2010 GMT + Not After : Dec 31 14:06:06 2030 GMT + Subject: C=US, O=AffirmTrust, CN=AffirmTrust Commercial + X509v3 extensions: + X509v3 Subject Key Identifier: + 9D:93:C6:53:8B:5E:CA:AF:3F:9F:1E:0F:E5:99:95:BC:24:F6:94:8F + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign +SHA1 Fingerprint=F9:B5:B6:32:45:5F:9C:BE:EC:57:5F:80:DC:E9:6E:2C:C7:B2:78:B7 +SHA256 Fingerprint=03:76:AB:1D:54:C5:F9:80:3C:E4:B2:E2:01:A0:EE:7E:EF:7B:57:B6:36:E8:A9:3C:9B:8D:48:60:C9:6F:5F:A7 +-----BEGIN CERTIFICATE----- +MIIDTDCCAjSgAwIBAgIId3cGJyapsXwwDQYJKoZIhvcNAQELBQAwRDELMAkGA1UE +BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz +dCBDb21tZXJjaWFsMB4XDTEwMDEyOTE0MDYwNloXDTMwMTIzMTE0MDYwNlowRDEL +MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZp +cm1UcnVzdCBDb21tZXJjaWFsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEA9htPZwcroRX1BiLLHwGy43NFBkRJLLtJJRTWzsO3qyxPxkEylFf6EqdbDuKP +Hx6GGaeqtS25Xw2Kwq+FNXkyLbscYjfysVtKPcrNcV/pQr6U6Mje+SJIZMblq8Yr +ba0F8PrVC8+a5fBQpIs7R6UjW3p6+DM/uO+Zl+MgwdYoic+U+7lF7eNAFxHUdPAL +MeIrJmqbTFeurCA+ukV6BfO9m2kVrn1OIGPENXY6BwLJN/3HR+7o8XYdcxXyl6S1 +yHp52UKqK39c/s4mT6NmgTWvRLpUHhwwMmWd5jyTXlBOeuM61G7MGvv50jeuJCqr +VwMiKA1JdX+3KNp1v47j3A55MQIDAQABo0IwQDAdBgNVHQ4EFgQUnZPGU4teyq8/ +nx4P5ZmVvCT2lI8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ +KoZIhvcNAQELBQADggEBAFis9AQOzcAN/wr91LoWXym9e2iZWEnStB03TX8nfUYG +XUPGhi4+c7ImfU+TqbbEKpqrIZcUsd6M06uJFdhrJNTxFq7YpFzUf1GO7RgBsZNj +vbz4YYCanrHOQnDiqX0GJX0nof5v7LMeJNrjS1UaADs1tDvZ110w/YETifLCBivt +Z8SOyUOyXGsViQK8YvxO8rUzqrJv0wqiUOP2O+guRMLbZjipM1ZI8W0bM40NjD9g +N53Tym1+NH4Nn3J2ixufcv1SNUFFApYvHLKac0khsUlHRUe072o0EclNmsxZt9YC +nlpOZbWUrhvfKbAW8b8Angc6F2S1BLUjIZkKlTuXfO8= +-----END CERTIFICATE----- +=== /C=US/O=AffirmTrust/CN=AffirmTrust Networking +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 8957382827206547757 (0x7c4f04391cd4992d) + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Jan 29 14:08:24 2010 GMT + Not After : Dec 31 14:08:24 2030 GMT + Subject: C=US, O=AffirmTrust, CN=AffirmTrust Networking + X509v3 extensions: + X509v3 Subject Key Identifier: + 07:1F:D2:E7:9C:DA:C2:6E:A2:40:B4:B0:7A:50:10:50:74:C4:C8:BD + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign +SHA1 Fingerprint=29:36:21:02:8B:20:ED:02:F5:66:C5:32:D1:D6:ED:90:9F:45:00:2F +SHA256 Fingerprint=0A:81:EC:5A:92:97:77:F1:45:90:4A:F3:8D:5D:50:9F:66:B5:E2:C5:8F:CD:B5:31:05:8B:0E:17:F3:F0:B4:1B +-----BEGIN CERTIFICATE----- +MIIDTDCCAjSgAwIBAgIIfE8EORzUmS0wDQYJKoZIhvcNAQEFBQAwRDELMAkGA1UE +BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz +dCBOZXR3b3JraW5nMB4XDTEwMDEyOTE0MDgyNFoXDTMwMTIzMTE0MDgyNFowRDEL +MAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZp +cm1UcnVzdCBOZXR3b3JraW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAtITMMxcua5Rsa2FSoOujz3mUTOWUgJnLVWREZY9nZOIG41w3SfYvm4SEHi3y +YJ0wTsyEheIszx6e/jarM3c1RNg1lho9Nuh6DtjVR6FqaYvZ/Ls6rnla1fTWcbua +kCNrmreIdIcMHl+5ni36q1Mr3Lt2PpNMCAiMHqIjHNRqrSK6mQEubWXLviRmVSRL +QESxG9fhwoXA3hA/Pe24/PHxI1Pcv2WXb9n5QHGNfb2V1M6+oF4nI979ptAmDgAp +6zxG8D1gvz9Q0twmQVGeFDdCBKNwV6gbh+0t+nvujArjqWaJGctB+d1ENmHP4ndG +yH329JKBNv3bNPFyfvMMFr20FQIDAQABo0IwQDAdBgNVHQ4EFgQUBx/S55zawm6i +QLSwelAQUHTEyL0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ +KoZIhvcNAQEFBQADggEBAIlXshZ6qML91tmbmzTCnLQyFE2npN/svqe++EPbkTfO +tDIuUFUaNU52Q3Eg75N3ThVwLofDwR1t3Mu1J9QsVtFSUzpE0nPIxBsFZVpikpzu +QY0x2+c06lkh1QF612S4ZDnNye2v7UsDSKegmQGA3GWjNq5lWUhPgkvIZfFXHeVZ +Lgo/bNjR9eUJtGxUAArgFU2HdW23WJZa3W3SAKD0m0i+wzekujbgfIeFlxoVot4u +olu9rxj5kFDNcFn4J2dHy8egBzp90SxdbBk6ZrV9/ZFvgrG+CJPbFEfxojfHRZ48 +x3evZKiT3/Zpg4Jg8klCNO1aAFSFHBY2kgxc+qatv9s= +-----END CERTIFICATE----- +=== /C=US/O=AffirmTrust/CN=AffirmTrust Premium +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 7893706540734352110 (0x6d8c1446b1a60aee) + Signature Algorithm: sha384WithRSAEncryption + Validity + Not Before: Jan 29 14:10:36 2010 GMT + Not After : Dec 31 14:10:36 2040 GMT + Subject: C=US, O=AffirmTrust, CN=AffirmTrust Premium + X509v3 extensions: + X509v3 Subject Key Identifier: + 9D:C0:67:A6:0C:22:D9:26:F5:45:AB:A6:65:52:11:27:D8:45:AC:63 + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign +SHA1 Fingerprint=D8:A6:33:2C:E0:03:6F:B1:85:F6:63:4F:7D:6A:06:65:26:32:28:27 +SHA256 Fingerprint=70:A7:3F:7F:37:6B:60:07:42:48:90:45:34:B1:14:82:D5:BF:0E:69:8E:CC:49:8D:F5:25:77:EB:F2:E9:3B:9A +-----BEGIN CERTIFICATE----- +MIIFRjCCAy6gAwIBAgIIbYwURrGmCu4wDQYJKoZIhvcNAQEMBQAwQTELMAkGA1UE +BhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVz +dCBQcmVtaXVtMB4XDTEwMDEyOTE0MTAzNloXDTQwMTIzMTE0MTAzNlowQTELMAkG +A1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1U +cnVzdCBQcmVtaXVtMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxBLf +qV/+Qd3d9Z+K4/as4Tx4mrzY8H96oDMq3I0gW64tb+eT2TZwamjPjlGjhVtnBKAQ +JG9dKILBl1fYSCkTtuG+kU3fhQxTGJoeJKJPj/CihQvL9Cl/0qRY7iZNyaqoe5rZ ++jjeRFcV5fiMyNlI4g0WJx0eyIOFJbe6qlVBzAMiSy2RjYvmia9mx+n/K+k8rNrS +s8PhaJyJ+HoAVt70VZVs+7pk3WKL3wt3MutizCaam7uqYoNMtAZ6MMgpv+0GTZe5 +HMQxK9VfvFMSF5yZVylmd2EhMQcuJUmdGPLu8ytxjLW6OQdJd/zvLpKQBY0tL3d7 +70O/Nbua2Plzpyzy0FfuKE4mX4+QaAkvuPjcBukumj5Rp9EixAqnOEhss/n/fauG +V+O61oV4d7pD6kh/9ti+I20ev9E2bFhc8e6kGVQa9QPSdubhjL08s9NIS+LI+H+S +qHZGnEJlPqQewQcDWkYtuJfzt9WyVSHvutxMAJf7FJUnM7/oQ0dG0giZFmA7mn7S +5u046uwBHjxIVkkJx0w3AJ6IDsBz4W9m6XJHMD4Q5QsDyZpCAGzFlH5hxIrff4Ia +C1nEWTJ3s7xgaVY5/bQGeyzWZDbZvUjthB9+pSKPKrhC9IK31FOQeE4tGv2Bb0TX +OwF0lkLgAOIua+rF7nKsu7/+6qqo+Nz2snmKtmcCAwEAAaNCMEAwHQYDVR0OBBYE +FJ3AZ6YMItkm9UWrpmVSESfYRaxjMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ +BAQDAgEGMA0GCSqGSIb3DQEBDAUAA4ICAQCzV00QYk465KzquByvMiPIs0laUZx2 +KI15qldGF9X1Uva3ROgIRL8YhNILgM3FEv0AVQVhh0HctSSePMTYyPtwni94loMg +Nt58D2kTiKV1NpgIpsbfrM7jWNa3Pt668+s0QNiigfV4Py/VpfzZotReBA4Xrf5B +8OWycvpEgjNC6C1Y91aMYj+6QrCcDFx+LmUmXFNPALJ4fqENmS2NuB2OosSw/WDQ +MKSOyARiqcTtNd56l+0OOF6SL5Nwpamcb6d9Ex1+xghIsV5n61EIJenmJWtSKZGc +0jlzCFfemQa0W50QBuHCAKi4HEoCChTQwUHK+4w1IX2COPKpVJEZNZOUbWo6xbLQ +u4mGk+ibyQ86p3q4ofB4Rvr8Ny/lioTz3/4E2aFooC8k4gmVBtWVyuEklut89pMF +u+1z6S3RdTnX5yTb2E5fQ4+e0BQ5v1VwSJlXMbSc7kqYA5YwH2AG7hsj/oFgIxpH +YoWlzBk0gG+zrBrjn/B7SK3VAdlntqlyk+otZrWyuOQ9PLLvTIzq6we/qzWaVYa8 +GKa1qF60g2xraUDTn9zxw2lrueFtCfTxqlB2Cnp9ehehVZZCmTEJ3WARjQUwfuaO +RtGdFNrHF+QFlozEJLUbzxQHskD4o55BhrwE0GuWyCqANP2/7waj3VjFhT0+j/6e +KeC2uAloGRwYQw== +-----END CERTIFICATE----- +=== /C=US/O=AffirmTrust/CN=AffirmTrust Premium ECC +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 8401224907861490260 (0x7497258ac73f7a54) + Signature Algorithm: ecdsa-with-SHA384 + Validity + Not Before: Jan 29 14:20:24 2010 GMT + Not After : Dec 31 14:20:24 2040 GMT + Subject: C=US, O=AffirmTrust, CN=AffirmTrust Premium ECC + X509v3 extensions: + X509v3 Subject Key Identifier: + 9A:AF:29:7A:C0:11:35:35:26:51:30:00:C3:6A:FE:40:D5:AE:D6:3C + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign +SHA1 Fingerprint=B8:23:6B:00:2F:1D:16:86:53:01:55:6C:11:A4:37:CA:EB:FF:C3:BB +SHA256 Fingerprint=BD:71:FD:F6:DA:97:E4:CF:62:D1:64:7A:DD:25:81:B0:7D:79:AD:F8:39:7E:B4:EC:BA:9C:5E:84:88:82:14:23 +-----BEGIN CERTIFICATE----- +MIIB/jCCAYWgAwIBAgIIdJclisc/elQwCgYIKoZIzj0EAwMwRTELMAkGA1UEBhMC +VVMxFDASBgNVBAoMC0FmZmlybVRydXN0MSAwHgYDVQQDDBdBZmZpcm1UcnVzdCBQ +cmVtaXVtIEVDQzAeFw0xMDAxMjkxNDIwMjRaFw00MDEyMzExNDIwMjRaMEUxCzAJ +BgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDEgMB4GA1UEAwwXQWZmaXJt +VHJ1c3QgUHJlbWl1bSBFQ0MwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQNMF4bFZ0D +0KF5Nbc6PJJ6yhUczWLznCZcBz3lVPqj1swS6vQUX+iOGasvLkjmrBhDeKzQN8O9 +ss0s5kfiGuZjuD0uL3jET9v0D6RoTFVya5UdThhClXjMNzyR4ptlKymjQjBAMB0G +A1UdDgQWBBSaryl6wBE1NSZRMADDav5A1a7WPDAPBgNVHRMBAf8EBTADAQH/MA4G +A1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNnADBkAjAXCfOHiFBar8jAQr9HX/Vs +aobgxCd05DhT1wV/GzTjxi+zygk8N53X57hG8f2h4nECMEJZh0PUUd+60wkyWs6I +flc9nF9Ca/UHLbXwgpP5WW+uZPpY5Yse42O+tYHNbwKMeQ== +-----END CERTIFICATE----- + +### Agencia Catalana de Certificacio (NIF Q-0801176-I) + +=== /C=ES/O=Agencia Catalana de Certificacio (NIF Q-0801176-I)/OU=Serveis Publics de Certificacio/OU=Vegeu https://www.catcert.net/verarrel (c)03/OU=Jerarquia Entitats de Certificacio Catalanes/CN=EC-ACC +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + (Negative)11:d4:c2:14:2b:de:21:eb:57:9d:53:fb:0c:22:3b:ff + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Jan 7 23:00:00 2003 GMT + Not After : Jan 7 22:59:59 2031 GMT + Subject: C=ES, O=Agencia Catalana de Certificacio (NIF Q-0801176-I), OU=Serveis Publics de Certificacio, OU=Vegeu https://www.catcert.net/verarrel (c)03, OU=Jerarquia Entitats de Certificacio Catalanes, CN=EC-ACC + X509v3 extensions: + X509v3 Subject Alternative Name: + email:ec_acc@catcert.net + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + A0:C3:8B:44:AA:37:A5:45:BF:97:80:5A:D1:F1:78:A2:9B:E9:5D:8D + X509v3 Certificate Policies: + Policy: 1.3.6.1.4.1.15096.1.3.1.10 + CPS: https://www.catcert.net/verarrel + User Notice: + Explicit Text: Vegeu https://www.catcert.net/verarrel + +SHA1 Fingerprint=28:90:3A:63:5B:52:80:FA:E6:77:4C:0B:6D:A7:D6:BA:A6:4A:F2:E8 +SHA256 Fingerprint=88:49:7F:01:60:2F:31:54:24:6A:E2:8C:4D:5A:EF:10:F1:D8:7E:BB:76:62:6F:4A:E0:B7:F9:5B:A7:96:87:99 +-----BEGIN CERTIFICATE----- +MIIFVjCCBD6gAwIBAgIQ7is969Qh3hSoYqwE893EATANBgkqhkiG9w0BAQUFADCB +8zELMAkGA1UEBhMCRVMxOzA5BgNVBAoTMkFnZW5jaWEgQ2F0YWxhbmEgZGUgQ2Vy +dGlmaWNhY2lvIChOSUYgUS0wODAxMTc2LUkpMSgwJgYDVQQLEx9TZXJ2ZWlzIFB1 +YmxpY3MgZGUgQ2VydGlmaWNhY2lvMTUwMwYDVQQLEyxWZWdldSBodHRwczovL3d3 +dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbCAoYykwMzE1MDMGA1UECxMsSmVyYXJxdWlh +IEVudGl0YXRzIGRlIENlcnRpZmljYWNpbyBDYXRhbGFuZXMxDzANBgNVBAMTBkVD +LUFDQzAeFw0wMzAxMDcyMzAwMDBaFw0zMTAxMDcyMjU5NTlaMIHzMQswCQYDVQQG +EwJFUzE7MDkGA1UEChMyQWdlbmNpYSBDYXRhbGFuYSBkZSBDZXJ0aWZpY2FjaW8g +KE5JRiBRLTA4MDExNzYtSSkxKDAmBgNVBAsTH1NlcnZlaXMgUHVibGljcyBkZSBD +ZXJ0aWZpY2FjaW8xNTAzBgNVBAsTLFZlZ2V1IGh0dHBzOi8vd3d3LmNhdGNlcnQu +bmV0L3ZlcmFycmVsIChjKTAzMTUwMwYDVQQLEyxKZXJhcnF1aWEgRW50aXRhdHMg +ZGUgQ2VydGlmaWNhY2lvIENhdGFsYW5lczEPMA0GA1UEAxMGRUMtQUNDMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyLHT+KXQpWIR4NA9h0X84NzJB5R +85iKw5K4/0CQBXCHYMkAqbWUZRkiFRfCQ2xmRJoNBD45b6VLeqpjt4pEndljkYRm +4CgPukLjbo73FCeTae6RDqNfDrHrZqJyTxIThmV6PttPB/SnCWDaOkKZx7J/sxaV +HMf5NLWUhdWZXqBIoH7nF2W4onW4HvPlQn2v7fOKSGRdghST2MDk/7NQcvJ29rNd +QlB50JQ+awwAvthrDk4q7D7SzIKiGGUzE3eeml0aE9jD2z3Il3rucO2n5nzbcc8t +lGLfbdb1OL4/pYUKGbio2Al1QnDE6u/LDsg0qBIimAy4E5S2S+zw0JDnJwIDAQAB +o4HjMIHgMB0GA1UdEQQWMBSBEmVjX2FjY0BjYXRjZXJ0Lm5ldDAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUoMOLRKo3pUW/l4Ba0fF4 +opvpXY0wfwYDVR0gBHgwdjB0BgsrBgEEAfV4AQMBCjBlMCwGCCsGAQUFBwIBFiBo +dHRwczovL3d3dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbDA1BggrBgEFBQcCAjApGidW +ZWdldSBodHRwczovL3d3dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbCAwDQYJKoZIhvcN +AQEFBQADggEBAKBIW4IB9k1IuDlVNZyAelOZ1Vr/sXE7zDkJlF7W2u++AVtd0x7Y +/X1PzaBB4DSTv8vihpw3kpBWHNzrKQXlxJ7HNd+KDM3FIUPpqojlNcAZQmNaAl6k +SBg6hW/cnbw/nZzBh7h6YQjpdwt/cKt63dmXLGQehb+8dJahw3oS7AwaboMMPOhy +Rp/7SNVel+axofjk70YllJyJ22k4vuxcDlbHZVHlUIiIv0LVKz3l+bqeLrPK9HOS +Agu+TGbrIP65y7WZf+a2E/rKS03Z7lNGBjvGTq2TWoF+bCpLagVFjPIhpDGQh2xl +nJ2lYJU6Un/10asIbvPuW/mIPX64b24D5EI= +-----END CERTIFICATE----- + +### Amazon + +=== /C=US/O=Amazon/CN=Amazon Root CA 1 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 06:6c:9f:cf:99:bf:8c:0a:39:e2:f0:78:8a:43:e6:96:36:5b:ca + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: May 26 00:00:00 2015 GMT + Not After : Jan 17 00:00:00 2038 GMT + Subject: C=US, O=Amazon, CN=Amazon Root CA 1 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + 84:18:CC:85:34:EC:BC:0C:94:94:2E:08:59:9C:C7:B2:10:4E:0A:08 +SHA1 Fingerprint=8D:A7:F9:65:EC:5E:FC:37:91:0F:1C:6E:59:FD:C1:CC:6A:6E:DE:16 +SHA256 Fingerprint=8E:CD:E6:88:4F:3D:87:B1:12:5B:A3:1A:C3:FC:B1:3D:70:16:DE:7F:57:CC:90:4F:E1:CB:97:C6:AE:98:19:6E +-----BEGIN CERTIFICATE----- +MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsF +ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6 +b24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTEL +MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv +b3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj +ca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM +9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw +IFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6 +VOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L +93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm +jgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3DQEBCwUA +A4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDI +U5PMCCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUs +N+gDS63pYaACbvXy8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vv +o/ufQJVtMVT8QtPHRh8jrdkPSHCa2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU +5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2xJNDd2ZhwLnoQdeXeGADbkpy +rqXRfboQnoZsG4q5WTP468SQvvG5 +-----END CERTIFICATE----- +=== /C=US/O=Amazon/CN=Amazon Root CA 2 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 06:6c:9f:d2:96:35:86:9f:0a:0f:e5:86:78:f8:5b:26:bb:8a:37 + Signature Algorithm: sha384WithRSAEncryption + Validity + Not Before: May 26 00:00:00 2015 GMT + Not After : May 26 00:00:00 2040 GMT + Subject: C=US, O=Amazon, CN=Amazon Root CA 2 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + B0:0C:F0:4C:30:F4:05:58:02:48:FD:33:E5:52:AF:4B:84:E3:66:52 +SHA1 Fingerprint=5A:8C:EF:45:D7:A6:98:59:76:7A:8C:8B:44:96:B5:78:CF:47:4B:1A +SHA256 Fingerprint=1B:A5:B2:AA:8C:65:40:1A:82:96:01:18:F8:0B:EC:4F:62:30:4D:83:CE:C4:71:3A:19:C3:9C:01:1E:A4:6D:B4 +-----BEGIN CERTIFICATE----- +MIIFQTCCAymgAwIBAgITBmyf0pY1hp8KD+WGePhbJruKNzANBgkqhkiG9w0BAQwF +ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6 +b24gUm9vdCBDQSAyMB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTEL +MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv +b3QgQ0EgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK2Wny2cSkxK +gXlRmeyKy2tgURO8TW0G/LAIjd0ZEGrHJgw12MBvIITplLGbhQPDW9tK6Mj4kHbZ +W0/jTOgGNk3Mmqw9DJArktQGGWCsN0R5hYGCrVo34A3MnaZMUnbqQ523BNFQ9lXg +1dKmSYXpN+nKfq5clU1Imj+uIFptiJXZNLhSGkOQsL9sBbm2eLfq0OQ6PBJTYv9K +8nu+NQWpEjTj82R0Yiw9AElaKP4yRLuH3WUnAnE72kr3H9rN9yFVkE8P7K6C4Z9r +2UXTu/Bfh+08LDmG2j/e7HJV63mjrdvdfLC6HM783k81ds8P+HgfajZRRidhW+me +z/CiVX18JYpvL7TFz4QuK/0NURBs+18bvBt+xa47mAExkv8LV/SasrlX6avvDXbR +8O70zoan4G7ptGmh32n2M8ZpLpcTnqWHsFcQgTfJU7O7f/aS0ZzQGPSSbtqDT6Zj +mUyl+17vIWR6IF9sZIUVyzfpYgwLKhbcAS4y2j5L9Z469hdAlO+ekQiG+r5jqFoz +7Mt0Q5X5bGlSNscpb/xVA1wf+5+9R+vnSUeVC06JIglJ4PVhHvG/LopyboBZ/1c6 ++XUyo05f7O0oYtlNc/LMgRdg7c3r3NunysV+Ar3yVAhU/bQtCSwXVEqY0VThUWcI +0u1ufm8/0i2BWSlmy5A5lREedCf+3euvAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMB +Af8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSwDPBMMPQFWAJI/TPlUq9LhONm +UjANBgkqhkiG9w0BAQwFAAOCAgEAqqiAjw54o+Ci1M3m9Zh6O+oAA7CXDpO8Wqj2 +LIxyh6mx/H9z/WNxeKWHWc8w4Q0QshNabYL1auaAn6AFC2jkR2vHat+2/XcycuUY ++gn0oJMsXdKMdYV2ZZAMA3m3MSNjrXiDCYZohMr/+c8mmpJ5581LxedhpxfL86kS +k5Nrp+gvU5LEYFiwzAJRGFuFjWJZY7attN6a+yb3ACfAXVU3dJnJUH/jWS5E4ywl +7uxMMne0nxrpS10gxdr9HIcWxkPo1LsmmkVwXqkLN1PiRnsn/eBG8om3zEK2yygm +btmlyTrIQRNg91CMFa6ybRoVGld45pIq2WWQgj9sAq+uEjonljYE1x2igGOpm/Hl +urR8FLBOybEfdF849lHqm/osohHUqS0nGkWxr7JOcQ3AWEbWaQbLU8uz/mtBzUF+ +fUwPfHJ5elnNXkoOrJupmHN5fLT0zLm4BwyydFy4x2+IoZCn9Kr5v2c69BoVYh63 +n749sSmvZ6ES8lgQGVMDMBu4Gon2nL2XA46jCfMdiyHxtN/kHNGfZQIG6lzWE7OE +76KlXIx3KadowGuuQNKotOrN8I1LOJwZmhsoVLiJkO/KdYE+HvJkJMcYr07/R54H +9jVlpNMKVv/1F2Rs76giJUmTtt8AF9pYfl3uxRuw0dFfIRDH+fO6AgonB8Xx1sfT +4PsJYGw= +-----END CERTIFICATE----- +=== /C=US/O=Amazon/CN=Amazon Root CA 3 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 06:6c:9f:d5:74:97:36:66:3f:3b:0b:9a:d9:e8:9e:76:03:f2:4a + Signature Algorithm: ecdsa-with-SHA256 + Validity + Not Before: May 26 00:00:00 2015 GMT + Not After : May 26 00:00:00 2040 GMT + Subject: C=US, O=Amazon, CN=Amazon Root CA 3 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + AB:B6:DB:D7:06:9E:37:AC:30:86:07:91:70:C7:9C:C4:19:B1:78:C0 +SHA1 Fingerprint=0D:44:DD:8C:3C:8C:1A:1A:58:75:64:81:E9:0F:2E:2A:FF:B3:D2:6E +SHA256 Fingerprint=18:CE:6C:FE:7B:F1:4E:60:B2:E3:47:B8:DF:E8:68:CB:31:D0:2E:BB:3A:DA:27:15:69:F5:03:43:B4:6D:B3:A4 +-----BEGIN CERTIFICATE----- +MIIBtjCCAVugAwIBAgITBmyf1XSXNmY/Owua2eiedgPySjAKBggqhkjOPQQDAjA5 +MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24g +Um9vdCBDQSAzMB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkG +A1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJvb3Qg +Q0EgMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCmXp8ZBf8ANm+gBG1bG8lKl +ui2yEujSLtf6ycXYqm0fc4E7O5hrOXwzpcVOho6AF2hiRVd9RFgdszflZwjrZt6j +QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSr +ttvXBp43rDCGB5Fwx5zEGbF4wDAKBggqhkjOPQQDAgNJADBGAiEA4IWSoxe3jfkr +BqWTrBqYaGFy+uGh0PsceGCmQ5nFuMQCIQCcAu/xlJyzlvnrxir4tiz+OpAUFteM +YyRIHN8wfdVoOw== +-----END CERTIFICATE----- +=== /C=US/O=Amazon/CN=Amazon Root CA 4 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 06:6c:9f:d7:c1:bb:10:4c:29:43:e5:71:7b:7b:2c:c8:1a:c1:0e + Signature Algorithm: ecdsa-with-SHA384 + Validity + Not Before: May 26 00:00:00 2015 GMT + Not After : May 26 00:00:00 2040 GMT + Subject: C=US, O=Amazon, CN=Amazon Root CA 4 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + D3:EC:C7:3A:65:6E:CC:E1:DA:76:9A:56:FB:9C:F3:86:6D:57:E5:81 +SHA1 Fingerprint=F6:10:84:07:D6:F8:BB:67:98:0C:C2:E2:44:C2:EB:AE:1C:EF:63:BE +SHA256 Fingerprint=E3:5D:28:41:9E:D0:20:25:CF:A6:90:38:CD:62:39:62:45:8D:A5:C6:95:FB:DE:A3:C2:2B:0B:FB:25:89:70:92 +-----BEGIN CERTIFICATE----- +MIIB8jCCAXigAwIBAgITBmyf18G7EEwpQ+Vxe3ssyBrBDjAKBggqhkjOPQQDAzA5 +MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24g +Um9vdCBDQSA0MB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkG +A1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJvb3Qg +Q0EgNDB2MBAGByqGSM49AgEGBSuBBAAiA2IABNKrijdPo1MN/sGKe0uoe0ZLY7Bi +9i0b2whxIdIA6GO9mif78DluXeo9pcmBqqNbIJhFXRbb/egQbeOc4OO9X4Ri83Bk +M6DLJC9wuoihKqB1+IGuYgbEgds5bimwHvouXKNCMEAwDwYDVR0TAQH/BAUwAwEB +/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFNPsxzplbszh2naaVvuc84ZtV+WB +MAoGCCqGSM49BAMDA2gAMGUCMDqLIfG9fhGt0O9Yli/W651+kI0rz2ZVwyzjKKlw +CkcO8DdZEv8tmZQoTipPNU0zWgIxAOp1AE47xDqUEpHJWEadIRNyp4iciuRMStuW +1KyLa2tJElMzrdfkviT8tQp21KW8EA== +-----END CERTIFICATE----- + +### AS Sertifitseerimiskeskus + + +### Atos + +=== /CN=Atos TrustedRoot 2011/O=Atos/C=DE +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 6643877497813316402 (0x5c33cb622c5fb332) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Jul 7 14:58:30 2011 GMT + Not After : Dec 31 23:59:59 2030 GMT + Subject: CN=Atos TrustedRoot 2011, O=Atos, C=DE + X509v3 extensions: + X509v3 Subject Key Identifier: + A7:A5:06:B1:2C:A6:09:60:EE:D1:97:E9:70:AE:BC:3B:19:6C:DB:21 + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Authority Key Identifier: + keyid:A7:A5:06:B1:2C:A6:09:60:EE:D1:97:E9:70:AE:BC:3B:19:6C:DB:21 + + X509v3 Certificate Policies: + Policy: 1.3.6.1.4.1.6189.3.4.1.1 + + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign +SHA1 Fingerprint=2B:B1:F5:3E:55:0C:1D:C5:F1:D4:E6:B7:6A:46:4B:55:06:02:AC:21 +SHA256 Fingerprint=F3:56:BE:A2:44:B7:A9:1E:B3:5D:53:CA:9A:D7:86:4A:CE:01:8E:2D:35:D5:F8:F9:6D:DF:68:A6:F4:1A:A4:74 +-----BEGIN CERTIFICATE----- +MIIDdzCCAl+gAwIBAgIIXDPLYixfszIwDQYJKoZIhvcNAQELBQAwPDEeMBwGA1UE +AwwVQXRvcyBUcnVzdGVkUm9vdCAyMDExMQ0wCwYDVQQKDARBdG9zMQswCQYDVQQG +EwJERTAeFw0xMTA3MDcxNDU4MzBaFw0zMDEyMzEyMzU5NTlaMDwxHjAcBgNVBAMM +FUF0b3MgVHJ1c3RlZFJvb3QgMjAxMTENMAsGA1UECgwEQXRvczELMAkGA1UEBhMC +REUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVhTuXbyo7LjvPpvMp +Nb7PGKw+qtn4TaA+Gke5vJrf8v7MPkfoepbCJI419KkM/IL9bcFyYie96mvr54rM +VD6QUM+A1JX76LWC1BTFtqlVJVfbsVD2sGBkWXppzwO3bw2+yj5vdHLqqjAqc2K+ +SZFhyBH+DgMq92og3AIVDV4VavzjgsG1xZ1kCWyjWZgHJ8cblithdHFsQ/H3NYkQ +4J7sVaE3IqKHBAUsR320HLliKWYoyrfhk/WklAOZuXCFteZI6o1Q/NnezG8HDt0L +cp2AMBYHlT8oDv3FdU9T1nSatCQujgKRz3bFmx5VdJx4IbHwLfELn8LVlhgf8FQi +eowHAgMBAAGjfTB7MB0GA1UdDgQWBBSnpQaxLKYJYO7Rl+lwrrw7GWzbITAPBgNV +HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKelBrEspglg7tGX6XCuvDsZbNshMBgG +A1UdIAQRMA8wDQYLKwYBBAGwLQMEAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3 +DQEBCwUAA4IBAQAmdzTblEiGKkGdLD4GkGDEjKwLVLgfuXvTBznk+j57sj1O7Z8j +vZfza1zv7v1Apt+hk6EKhqzvINB5Ab149xnYJDE0BAGmuhWawyfc2E8PzBhj/5kP +DpFrdRbhIfzYJsdHt6bPWHJxfrrhTZVHO8mvbaG0weyJ9rQPOLXiZNwlz6bb65pc +maHFCN795trV1lpFDMS3wrUU77QR/w4VtfX128a961qn8FYiqTxlVMYVqL2Gns2D +lmh6cYGJ4Qvh6hEbaAjMaZ7snkGeRDImeuKHCnE96+RapNLbxc3G3mB/ufNPRJLv +KrcYPqcZ2Qt9sTdBQrC6YB3y/gkRsPCHe6ed +-----END CERTIFICATE----- + +### Baltimore + +=== /C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 33554617 (0x20000b9) + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: May 12 18:46:00 2000 GMT + Not After : May 12 23:59:00 2025 GMT + Subject: C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root + X509v3 extensions: + X509v3 Subject Key Identifier: + E5:9D:59:30:82:47:58:CC:AC:FA:08:54:36:86:7B:3A:B5:04:4D:F0 + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:3 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign +SHA1 Fingerprint=D4:DE:20:D0:5E:66:FC:53:FE:1A:50:88:2C:78:DB:28:52:CA:E4:74 +SHA256 Fingerprint=16:AF:57:A9:F6:76:B0:AB:12:60:95:AA:5E:BA:DE:F2:2A:B3:11:19:D6:44:AC:95:CD:4B:93:DB:F3:F2:6A:EB +-----BEGIN CERTIFICATE----- +MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ +RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD +VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX +DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y +ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy +VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr +mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr +IZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK +mpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu +XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy +dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye +jl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1 +BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3 +DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92 +9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx +jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0 +Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz +ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS +R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp +-----END CERTIFICATE----- + +### Buypass AS-983163327 + +=== /C=NO/O=Buypass AS-983163327/CN=Buypass Class 2 Root CA +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Oct 26 08:38:03 2010 GMT + Not After : Oct 26 08:38:03 2040 GMT + Subject: C=NO, O=Buypass AS-983163327, CN=Buypass Class 2 Root CA + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + C9:80:77:E0:62:92:82:F5:46:9C:F3:BA:F7:4C:C3:DE:B8:A3:AD:39 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign +SHA1 Fingerprint=49:0A:75:74:DE:87:0A:47:FE:58:EE:F6:C7:6B:EB:C6:0B:12:40:99 +SHA256 Fingerprint=9A:11:40:25:19:7C:5B:B9:5D:94:E6:3D:55:CD:43:79:08:47:B6:46:B2:3C:DF:11:AD:A4:A0:0E:FF:15:FB:48 +-----BEGIN CERTIFICATE----- +MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEd +MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3Mg +Q2xhc3MgMiBSb290IENBMB4XDTEwMTAyNjA4MzgwM1oXDTQwMTAyNjA4MzgwM1ow +TjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MSAw +HgYDVQQDDBdCdXlwYXNzIENsYXNzIDIgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEB +BQADggIPADCCAgoCggIBANfHXvfBB9R3+0Mh9PT1aeTuMgHbo4Yf5FkNuud1g1Lr +6hxhFUi7HQfKjK6w3Jad6sNgkoaCKHOcVgb/S2TwDCo3SbXlzwx87vFKu3MwZfPV +L4O2fuPn9Z6rYPnT8Z2SdIrkHJasW4DptfQxh6NR/Md+oW+OU3fUl8FVM5I+GC91 +1K2GScuVr1QGbNgGE41b/+EmGVnAJLqBcXmQRFBoJJRfuLMR8SlBYaNByyM21cHx +MlAQTn/0hpPshNOOvEu/XAFOBz3cFIqUCqTqc/sLUegTBxj6DvEr0VQVfTzh97QZ +QmdiXnfgolXsttlpF9U6r0TtSsWe5HonfOV116rLJeffawrbD02TTqigzXsu8lkB +arcNuAeBfos4GzjmCleZPe4h6KP1DBbdi+w0jpwqHAAVF41og9JwnxgIzRFo1clr +Us3ERo/ctfPYV3Me6ZQ5BL/T3jjetFPsaRyifsSP5BtwrfKi+fv3FmRmaZ9JUaLi +FRhnBkp/1Wy1TbMz4GHrXb7pmA8y1x1LPC5aAVKRCfLf6o3YBkBjqhHk/sM3nhRS +P/TizPJhk9H9Z2vXUq6/aKtAQ6BXNVN48FP4YUIHZMbXb5tMOA1jrGKvNouicwoN +9SG9dKpN6nIDSdvHXx1iY8f93ZHsM+71bbRuMGjeyNYmsHVee7QHIJihdjK4TWxP +AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMmAd+BikoL1Rpzz +uvdMw964o605MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAU18h +9bqwOlI5LJKwbADJ784g7wbylp7ppHR/ehb8t/W2+xUbP6umwHJdELFx7rxP462s +A20ucS6vxOOto70MEae0/0qyexAQH6dXQbLArvQsWdZHEIjzIVEpMMpghq9Gqx3t +OluwlN5E40EIosHsHdb9T7bWR9AUC8rmyrV7d35BH16Dx7aMOZawP5aBQW9gkOLo ++fsicdl9sz1Gv7SEr5AcD48Saq/v7h56rgJKihcrdv6sVIkkLE8/trKnToyokZf7 +KcZ7XC25y2a2t6hbElGFtQl+Ynhw/qlqYLYdDnkM/crqJIByw5c/8nerQyIKx+u2 +DISCLIBrQYoIwOula9+ZEsuK1V6ADJHgJgg2SMX6OBE1/yWDLfJ6v9r9jv6ly0Us +H8SIU653DtmadsWOLB2jutXsMq7Aqqz30XpN69QH4kj3Io6wpJ9qzo6ysmD0oyLQ +I+uUWnpp3Q+/QFesa1lQ2aOZ4W7+jQF5JyMV3pKdewlNWudLSDBaGOYKbeaP4NK7 +5t98biGCwWg5TbSYWGZizEqQXsP6JwSxeRV0mcy+rSDeJmAc61ZRpqPq5KM/p/9h +3PFaTWwyI0PurKju7koSCTxdccK+efrCh2gdC/1cacwG0Jp9VJkqyTkaGa9LKkPz +Y11aWOIv4x3kqdbQCtCev9eBCfHJxyYNrJgWVqA= +-----END CERTIFICATE----- +=== /C=NO/O=Buypass AS-983163327/CN=Buypass Class 3 Root CA +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Oct 26 08:28:58 2010 GMT + Not After : Oct 26 08:28:58 2040 GMT + Subject: C=NO, O=Buypass AS-983163327, CN=Buypass Class 3 Root CA + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 47:B8:CD:FF:E5:6F:EE:F8:B2:EC:2F:4E:0E:F9:25:B0:8E:3C:6B:C3 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign +SHA1 Fingerprint=DA:FA:F7:FA:66:84:EC:06:8F:14:50:BD:C7:C2:81:A5:BC:A9:64:57 +SHA256 Fingerprint=ED:F7:EB:BC:A2:7A:2A:38:4D:38:7B:7D:40:10:C6:66:E2:ED:B4:84:3E:4C:29:B4:AE:1D:5B:93:32:E6:B2:4D +-----BEGIN CERTIFICATE----- +MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEd +MBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3Mg +Q2xhc3MgMyBSb290IENBMB4XDTEwMTAyNjA4Mjg1OFoXDTQwMTAyNjA4Mjg1OFow +TjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MSAw +HgYDVQQDDBdCdXlwYXNzIENsYXNzIDMgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEB +BQADggIPADCCAgoCggIBAKXaCpUWUOOV8l6ddjEGMnqb8RB2uACatVI2zSRHsJ8Y +ZLya9vrVediQYkwiL944PdbgqOkcLNt4EemOaFEVcsfzM4fkoF0LXOBXByow9c3E +N3coTRiR5r/VUv1xLXA+58bEiuPwKAv0dpihi4dVsjoT/Lc+JzeOIuOoTyrvYLs9 +tznDDgFHmV0ST9tD+leh7fmdvhFHJlsTmKtdFoqwNxxXnUX/iJY2v7vKB3tvh2PX +0DJq1l1sDPGzbjniazEuOQAnFN44wOwZZoYS6J1yFhNkUsepNxz9gjDthBgd9K5c +/3ATAOux9TN6S9ZV+AWNS2mw9bMoNlwUxFFzTWsL8TQH2xc519woe2v1n/MuwU8X +KhDzzMro6/1rqy6any2CbgTUUgGTLT2G/H783+9CHaZr77kgxve9oKeV/afmiSTY +zIw0bOIjL9kSGiG5VZFvC5F5GQytQIgLcOJ60g7YaEi7ghM5EFjp2CoHxhLbWNvS +O1UQRwUVZ2J+GGOmRj8JDlQyXr8NYnon74Do29lLBlo3WiXQCBJ31G8JUJc9yB3D +34xFMFbG02SrZvPAXpacw8Tvw3xrizp5f7NJzz3iiZ+gMEuFuZyUJHmPfWupRWgP +K9Dx2hzLabjKSWJtyNBjYt1gD1iqj6G8BaVmos8bdrKEZLFMOVLAMLrwjEsCsLa3 +AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFEe4zf/lb+74suwv +Tg75JbCOPGvDMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAACAj +QTUEkMJAYmDv4jVM1z+s4jSQuKFvdvoWFqRINyzpkMLyPPgKn9iB5btb2iUspKdV +cSQy9sgL8rxq+JOssgfCX5/bzMiKqr5qb+FJEMwx14C7u8jYog5kV+qi9cKpMRXS +IGrs/CIBKM+GuIAeqcwRpTzyFrNHnfzSgCHEy9BHcEGhyoMZCCxt8l13nIoUE9Q2 +HJLw5QY33KbmkJs4j1xrG0aGQ0JfPgEHU1RdZX33inOhmlRaHylDFCfChQ+1iHsa +O5S3HWCntZznKWlXWpuTekMwGwPXYshApqr8ZORK15FTAaggiG6cX0S5y2CBNOxv +033aSF/rtJC8LakcC6wc1aJoIIAE1vyxjy+7SjENSoYc6+I2KSb12tjE8nVhz36u +dmNKekBlk4f4HoCMhuWG1o8O/FMsYOgWYRqiPkN7zTlgVGr18okmAWiDSKIz6MkE +kbIRNBE+6tBDGR8Dk5AM/1E9V/RBbuHLoL7ryWPNbczk+DaqaJ3tvV2XcEQNtg41 +3OEMXbugUZTLfhbrES+jkkXITHHZvMmZUldGL1DPvTVp9D0VzgalLA8+9oG6lLvD +u79leNKGef9JOxqDDPDeeOzI8k1MGt6CKfjBWtrt7uYnXuhF0J0cUahoq0Tj0Itq +4/g7u9xN12TyUb7mqqta6THuBrxzvxNiCp/HuZc= +-----END CERTIFICATE----- + +### Certinomis + +=== /C=FR/O=Certinomis/OU=0002 433998903/CN=Certinomis - Root CA +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Oct 21 09:17:18 2013 GMT + Not After : Oct 21 09:17:18 2033 GMT + Subject: C=FR, O=Certinomis, OU=0002 433998903, CN=Certinomis - Root CA + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + EF:91:4C:F5:A5:C3:30:E8:2F:08:EA:D3:71:22:A4:92:68:78:74:D9 + X509v3 Authority Key Identifier: + keyid:EF:91:4C:F5:A5:C3:30:E8:2F:08:EA:D3:71:22:A4:92:68:78:74:D9 + +SHA1 Fingerprint=9D:70:BB:01:A5:A4:A0:18:11:2E:F7:1C:01:B9:32:C5:34:E7:88:A8 +SHA256 Fingerprint=2A:99:F5:BC:11:74:B7:3C:BB:1D:62:08:84:E0:1C:34:E5:1C:CB:39:78:DA:12:5F:0E:33:26:88:83:BF:41:58 +-----BEGIN CERTIFICATE----- +MIIFkjCCA3qgAwIBAgIBATANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJGUjET +MBEGA1UEChMKQ2VydGlub21pczEXMBUGA1UECxMOMDAwMiA0MzM5OTg5MDMxHTAb +BgNVBAMTFENlcnRpbm9taXMgLSBSb290IENBMB4XDTEzMTAyMTA5MTcxOFoXDTMz +MTAyMTA5MTcxOFowWjELMAkGA1UEBhMCRlIxEzARBgNVBAoTCkNlcnRpbm9taXMx +FzAVBgNVBAsTDjAwMDIgNDMzOTk4OTAzMR0wGwYDVQQDExRDZXJ0aW5vbWlzIC0g +Um9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANTMCQosP5L2 +fxSeC5yaah1AMGT9qt8OHgZbn1CF6s2Nq0Nn3rD6foCWnoR4kkjW4znuzuRZWJfl +LieY6pOod5tK8O90gC3rMB+12ceAnGInkYjwSond3IjmFPnVAy//ldu9n+ws+hQV +WZUKxkd8aRi5pwP5ynapz8dvtF4F/u7BUrJ1Mofs7SlmO/NKFoL21prbcpjp3vDF +TKWrteoB4owuZH9kb/2jJZOLyKIOSY008B/sWEUuNKqEUL3nskoTuLAPrjhdsKkb +5nPJWqHZZkCqqU2mNAKthH6yI8H7KsZn9DS2sJVqM09xRLWtwHkziOC/7aOgFLSc +CbAK42C++PhmiM1b8XcF4LVzbsF9Ri6OSyemzTUK/eVNfaoqoynHWmgE6OXWk6Ri +wsXm9E/G+Z8ajYJJGYrKWUM66A0ywfRMEwNvbqY/kXPLynNvEiCL7sCCeN5LLsJJ +wx3tFvYk9CcbXFcx3FXuqB5vbKziRcxXV4p1VxngtViZSTYxPDMBbRZKzbgqg4SG +m/lg0h9tkQPTYKbVPZrdd5A9NaSfD171UkRpucC63M9933zZxKyGIjK8e2uR73r4 +F2iw4lNVYC2vPsKD2NkJK/DAZNuHi5HMkesE/Xa0lZrmFAYb1TQdvtj/dBxThZng +WVJKYe2InmtJiUZ+IFrZ50rlau7SZRFDAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIB +BjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTvkUz1pcMw6C8I6tNxIqSSaHh0 +2TAfBgNVHSMEGDAWgBTvkUz1pcMw6C8I6tNxIqSSaHh02TANBgkqhkiG9w0BAQsF +AAOCAgEAfj1U2iJdGlg+O1QnurrMyOMaauo++RLrVl89UM7g6kgmJs95Vn6RHJk/ +0KGRHCwPT5iVWVO90CLYiF2cN/z7ZMF4jIuaYAnq1fohX9B0ZedQxb8uuQsLrbWw +F6YSjNRieOpWauwK0kDDPAUwPk2Ut59KA9N9J0u2/kTO+hkzGm2kQtHdzMjI1xZS +g081lLMSVX3l4kLr5JyTCcBMWwerx20RoFAXlCOotQqSD7J6wWAsOMwaplv/8gzj +qh8c3LigkyfeY+N/IZ865Z764BNqdeuWXGKRlI5nU7aJ+BIJy29SWwNyhlCVCNSN +h4YVH5Uk2KRvms6knZtt0rJ2BobGVgjF6wnaNsIbW0G+YSrjcOa4pvi2WsS9Iff/ +ql+hbHY5ZtbqTFXhADObE5hjyW/QASAJN1LnDE8+zbz1X5YnpyACleAu6AdBBR8V +btaw5BngDwKTACdyxYvRVB9dSsNAl35VpnzBMwQUAR1JIGkLGZOdblgi90AMRgwj +Y/M50n92Uaf0yKHxDHYiI0ZSKS3io0EHVmmY0gUJvGnHWmHNj4FgFU2A3ZDifcRQ +8ow7bkrHxuaAKzyBvBGAFhAn1/DNP3nMcyrDflOR1m749fPH0FFNjkulW+YZFzvW +gQncItzujrnEj1PhZ7szuIgVRs/taTX/dQ1G885x4cVrhkIGuUE= +-----END CERTIFICATE----- + +### Certplus + +=== /C=FR/O=Certplus/CN=Certplus Root CA G1 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 11:20:55:83:e4:2d:3e:54:56:85:2d:83:37:b7:2c:dc:46:11 + Signature Algorithm: sha512WithRSAEncryption + Validity + Not Before: May 26 00:00:00 2014 GMT + Not After : Jan 15 00:00:00 2038 GMT + Subject: C=FR, O=Certplus, CN=Certplus Root CA G1 + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + A8:C1:C0:9B:91:A8:43:15:7C:5D:06:27:B4:2A:51:D8:97:0B:81:B1 + X509v3 Authority Key Identifier: + keyid:A8:C1:C0:9B:91:A8:43:15:7C:5D:06:27:B4:2A:51:D8:97:0B:81:B1 + +SHA1 Fingerprint=22:FD:D0:B7:FD:A2:4E:0D:AC:49:2C:A0:AC:A6:7B:6A:1F:E3:F7:66 +SHA256 Fingerprint=15:2A:40:2B:FC:DF:2C:D5:48:05:4D:22:75:B3:9C:7F:CA:3E:C0:97:80:78:B0:F0:EA:76:E5:61:A6:C7:43:3E +-----BEGIN CERTIFICATE----- +MIIFazCCA1OgAwIBAgISESBVg+QtPlRWhS2DN7cs3EYRMA0GCSqGSIb3DQEBDQUA +MD4xCzAJBgNVBAYTAkZSMREwDwYDVQQKDAhDZXJ0cGx1czEcMBoGA1UEAwwTQ2Vy +dHBsdXMgUm9vdCBDQSBHMTAeFw0xNDA1MjYwMDAwMDBaFw0zODAxMTUwMDAwMDBa +MD4xCzAJBgNVBAYTAkZSMREwDwYDVQQKDAhDZXJ0cGx1czEcMBoGA1UEAwwTQ2Vy +dHBsdXMgUm9vdCBDQSBHMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB +ANpQh7bauKk+nWT6VjOaVj0W5QOVsjQcmm1iBdTYj+eJZJ+622SLZOZ5KmHNr49a +iZFluVj8tANfkT8tEBXgfs+8/H9DZ6itXjYj2JizTfNDnjl8KvzsiNWI7nC9hRYt +6kuJPKNxQv4c/dMcLRC4hlTqQ7jbxofaqK6AJc96Jh2qkbBIb6613p7Y1/oA/caP +0FG7Yn2ksYyy/yARujVjBYZHYEMzkPZHogNPlk2dT8Hq6pyi/jQu3rfKG3akt62f +6ajUeD94/vI4CTYd0hYCyOwqaK/1jpTvLRN6HkJKHRUxrgwEV/xhc/MxVoYxgKDE +EW4wduOU8F8ExKyHcomYxZ3MVwia9Az8fXoFOvpHgDm2z4QTd28n6v+WZxcIbekN +1iNQMLAVdBM+5S//Ds3EC0pd8NgAM0lm66EYfFkuPSi5YXHLtaW6uOrc4nBvCGrc +h2c0798wct3zyT8j/zXhviEpIDCB5BmlIOklynMxdCm+4kLV87ImZsdo/Rmz5yCT +mehd4F6H50boJZwKKSTUzViGUkAksnsPmBIgJPaQbEfIDbsYIC7Z/fyL8inqh3SV +4EJQeIQEQWGw9CEjjy3LKCHyamz0GqbFFLQ3ZU+V/YDI+HLlJWvEYLF7bY5KinPO +WftwenMGE9nTdDckQQoRb5fc5+R+ob0V8rqHDz1oihYHAgMBAAGjYzBhMA4GA1Ud +DwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSowcCbkahDFXxd +Bie0KlHYlwuBsTAfBgNVHSMEGDAWgBSowcCbkahDFXxdBie0KlHYlwuBsTANBgkq +hkiG9w0BAQ0FAAOCAgEAnFZvAX7RvUz1isbwJh/k4DgYzDLDKTudQSk0YcbX8ACh +66Ryj5QXvBMsdbRX7gp8CXrc1cqh0DQT+Hern+X+2B50ioUHj3/MeXrKls3N/U/7 +/SMNkPX0XtPGYX2eEeAC7gkE2Qfdpoq3DIMku4NQkv5gdRE+2J2winq14J2by5BS +S7CTKtQ+FjPlnsZlFT5kOwQ/2wyPX1wdaR+v8+khjPPvl/aatxm2hHSco1S1cE5j +2FddUyGbQJJD+tZ3VTNPZNX70Cxqjm0lpu+F6ALEUz65noe8zDUa3qHpimOHZR4R +Kttjd5cUvpoUmRGywO6wT/gUITJDT5+rosuoD6o7BlXGEilXCNQ314cnrUlZp5Gr +RHpejXDbl85IULFzk/bwg2D5zfHhMf1bfHEhYxQUqq/F3pN+aLHsIqKqkHWetUNy +6mSjhEv9DKgma3GX7lZjZuhCVPnHHd/Qj1vfyDBviP4NxDMcU6ij/UgQ8uQKTuEV +V/xuZDDCVRHc6qnNSlSsKWNEz0pAoNZoWRsz+e86i9sgktxChL8Bq4fA1SCC28a5 +g4VCXA9DO2pJNdWY9BW/+mGBDAkgGNLQFwzLSABQ6XaCjGTXOqAHVcweMcDvOrRl +++O/QmueD6i9a5jc2NvLi6Td11n0bt3+qsOR0C5CB8AMTVPNJLFMWx5R9N/pkvo= +-----END CERTIFICATE----- +=== /C=FR/O=Certplus/CN=Certplus Root CA G2 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 11:20:d9:91:ce:ae:a3:e8:c5:e7:ff:e9:02:af:cf:73:bc:55 + Signature Algorithm: ecdsa-with-SHA384 + Validity + Not Before: May 26 00:00:00 2014 GMT + Not After : Jan 15 00:00:00 2038 GMT + Subject: C=FR, O=Certplus, CN=Certplus Root CA G2 + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + DA:83:63:02:79:8E:DA:4C:C6:3C:23:14:D8:8F:C3:20:AB:28:60:59 + X509v3 Authority Key Identifier: + keyid:DA:83:63:02:79:8E:DA:4C:C6:3C:23:14:D8:8F:C3:20:AB:28:60:59 + +SHA1 Fingerprint=4F:65:8E:1F:E9:06:D8:28:02:E9:54:47:41:C9:54:25:5D:69:CC:1A +SHA256 Fingerprint=6C:C0:50:41:E6:44:5E:74:69:6C:4C:FB:C9:F8:0F:54:3B:7E:AB:BB:44:B4:CE:6F:78:7C:6A:99:71:C4:2F:17 +-----BEGIN CERTIFICATE----- +MIICHDCCAaKgAwIBAgISESDZkc6uo+jF5//pAq/Pc7xVMAoGCCqGSM49BAMDMD4x +CzAJBgNVBAYTAkZSMREwDwYDVQQKDAhDZXJ0cGx1czEcMBoGA1UEAwwTQ2VydHBs +dXMgUm9vdCBDQSBHMjAeFw0xNDA1MjYwMDAwMDBaFw0zODAxMTUwMDAwMDBaMD4x +CzAJBgNVBAYTAkZSMREwDwYDVQQKDAhDZXJ0cGx1czEcMBoGA1UEAwwTQ2VydHBs +dXMgUm9vdCBDQSBHMjB2MBAGByqGSM49AgEGBSuBBAAiA2IABM0PW1aC3/BFGtat +93nwHcmsltaeTpwftEIRyoa/bfuFo8XlGVzX7qY/aWfYeOKmycTbLXku54uNAm8x +Ik0G42ByRZ0OQneezs/lf4WbGOT8zC5y0xaTTsqZY1yhBSpsBqNjMGEwDgYDVR0P +AQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNqDYwJ5jtpMxjwj +FNiPwyCrKGBZMB8GA1UdIwQYMBaAFNqDYwJ5jtpMxjwjFNiPwyCrKGBZMAoGCCqG +SM49BAMDA2gAMGUCMHD+sAvZ94OX7PNVHdTcswYO/jOYnYs5kGuUIe22113WTNch +p+e/IQ8rzfcq3IUHnQIxAIYUFuXcsGXCwI4Un78kFmjlvPl5adytRSv3tjFzzAal +U5ORGpOucGpnutee5WEaXw== +-----END CERTIFICATE----- +=== /C=FR/O=Certplus/CN=Class 2 Primary CA +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 85:bd:4b:f3:d8:da:e3:69:f6:94:d7:5f:c3:a5:44:23 + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Jul 7 17:05:00 1999 GMT + Not After : Jul 6 23:59:59 2019 GMT + Subject: C=FR, O=Certplus, CN=Class 2 Primary CA + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE, pathlen:10 + X509v3 Key Usage: + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + E3:73:2D:DF:CB:0E:28:0C:DE:DD:B3:A4:CA:79:B8:8E:BB:E8:30:89 + Netscape Cert Type: + SSL CA, S/MIME CA + X509v3 CRL Distribution Points: + + Full Name: + URI:http://www.certplus.com/CRL/class2.crl + +SHA1 Fingerprint=74:20:74:41:72:9C:DD:92:EC:79:31:D8:23:10:8D:C2:81:92:E2:BB +SHA256 Fingerprint=0F:99:3C:8A:EF:97:BA:AF:56:87:14:0E:D5:9A:D1:82:1B:B4:AF:AC:F0:AA:9A:58:B5:D5:7A:33:8A:3A:FB:CB +-----BEGIN CERTIFICATE----- +MIIDkjCCAnqgAwIBAgIRAIW9S/PY2uNp9pTXX8OlRCMwDQYJKoZIhvcNAQEFBQAw +PTELMAkGA1UEBhMCRlIxETAPBgNVBAoTCENlcnRwbHVzMRswGQYDVQQDExJDbGFz +cyAyIFByaW1hcnkgQ0EwHhcNOTkwNzA3MTcwNTAwWhcNMTkwNzA2MjM1OTU5WjA9 +MQswCQYDVQQGEwJGUjERMA8GA1UEChMIQ2VydHBsdXMxGzAZBgNVBAMTEkNsYXNz +IDIgUHJpbWFyeSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANxQ +ltAS+DXSCHh6tlJw/W/uz7kRy1134ezpfgSN1sxvc0NXYKwzCkTsA18cgCSR5aiR +VhKC9+Ar9NuuYS6JEI1rbLqzAr3VNsVINyPi8Fo3UjMXEuLRYE2+L0ER4/YXJQyL +kcAbmXuZVg2v7tK8R1fjeUl7NIknJITesezpWE7+Tt9avkGtrAjFGA7v0lPubNCd +EgETjdyAYveVqUSISnFOYFWe2yMZeVYHDD9jC1yw4r5+FfyUM1hBOHTE4Y+L3yas +H7WLO7dDWWuwJKZtkIvEcupdM5i3y95ee++U8Rs+yskhwcWYAqqi9lt3m/V+llU0 +HGdpwPFC40es/CgcZlUCAwEAAaOBjDCBiTAPBgNVHRMECDAGAQH/AgEKMAsGA1Ud +DwQEAwIBBjAdBgNVHQ4EFgQU43Mt38sOKAze3bOkynm4jrvoMIkwEQYJYIZIAYb4 +QgEBBAQDAgEGMDcGA1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly93d3cuY2VydHBsdXMu +Y29tL0NSTC9jbGFzczIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCnVM+IRBnL39R/ +AN9WM2K191EBkOvDP9GIROkkXe/nFL0gt5o8AP5tn9uQ3Nf0YtaLcF3n5QRIqWh8 +yfFC82x/xXp8HVGIutIKPidd3i1RTtMTZGnkLuPT55sJmabglZvOGtd/vjzOUrMR +FcEPF80Du5wlFbqidon8BvEY0JNLDnyCt6X09l/+7UCmnYR0ObncHoUW2ikbhiMA +ybuJfm6AiB4vFLQDJKgybwOaRywwvlbGp0ICcBvqQNi6BQNwB6SW//1IMwrh3KWB +kJtN3X3n57LNXMhqlfil9o3EXXgIvnsG1knPGTZQIy4I5p4FTUcY1Rbpsda2ENW7 +l7+ijrRU +-----END CERTIFICATE----- + +### certSIGN + +=== /C=RO/O=certSIGN/OU=certSIGN ROOT CA +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 35210227249154 (0x200605167002) + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Jul 4 17:20:04 2006 GMT + Not After : Jul 4 17:20:04 2031 GMT + Subject: C=RO, O=certSIGN, OU=certSIGN ROOT CA + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Digital Signature, Non Repudiation, Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + E0:8C:9B:DB:25:49:B3:F1:7C:86:D6:B2:42:87:0B:D0:6B:A0:D9:E4 +SHA1 Fingerprint=FA:B7:EE:36:97:26:62:FB:2D:B0:2A:F6:BF:03:FD:E8:7C:4B:2F:9B +SHA256 Fingerprint=EA:A9:62:C4:FA:4A:6B:AF:EB:E4:15:19:6D:35:1C:CD:88:8D:4F:53:F3:FA:8A:E6:D7:C4:66:A9:4E:60:42:BB +-----BEGIN CERTIFICATE----- +MIIDODCCAiCgAwIBAgIGIAYFFnACMA0GCSqGSIb3DQEBBQUAMDsxCzAJBgNVBAYT +AlJPMREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBD +QTAeFw0wNjA3MDQxNzIwMDRaFw0zMTA3MDQxNzIwMDRaMDsxCzAJBgNVBAYTAlJP +MREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBDQTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALczuX7IJUqOtdu0KBuqV5Do +0SLTZLrTk+jUrIZhQGpgV2hUhE28alQCBf/fm5oqrl0Hj0rDKH/v+yv6efHHrfAQ +UySQi2bJqIirr1qjAOm+ukbuW3N7LBeCgV5iLKECZbO9xSsAfsT8AzNXDe3i+s5d +RdY4zTW2ssHQnIFKquSyAVwdj1+ZxLGt24gh65AIgoDzMKND5pCCrlUoSe1b16kQ +OA7+j0xbm0bqQfWwCHTD0IgztnzXdN/chNFDDnU5oSVAKOp4yw4sLjmdjItuFhwv +JoIQ4uNllAoEwF73XVv4EOLQunpL+943AAAaWyjj0pxzPjKHmKHJUS/X3qwzs08C +AwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAcYwHQYDVR0O +BBYEFOCMm9slSbPxfIbWskKHC9BroNnkMA0GCSqGSIb3DQEBBQUAA4IBAQA+0hyJ +LjX8+HXd5n9liPRyTMks1zJO890ZeUe9jjtbkw9QSSQTaxQGcu8J06Gh40CEyecY +MnQ8SG4Pn0vU9x7Tk4ZkVJdjclDVVc/6IJMCopvDI5NOFlV2oHB5bc0hH88vLbwZ +44gx+FkagQnIl6Z0x2DEW8xXjrJ1/RsCCdtZb3KTafcxQdaIOL+Hsr0Wefmq5L6I +Jd1hJyMctTEHBDa0GpC9oHRxUIltvBTjD4au8as+x6AJzKNI0eDbZOeStc+vckNw +i/nDhDwTqn6Sm1dTk/pwwpEOMfmbZ13pljheX7NzTogVZ96edhBiIL5VaZVDADlN +9u6wWk5JRFRYX0KD +-----END CERTIFICATE----- + +### China Financial Certification Authority + +=== /C=CN/O=China Financial Certification Authority/CN=CFCA EV ROOT +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 407555286 (0x184accd6) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Aug 8 03:07:01 2012 GMT + Not After : Dec 31 03:07:01 2029 GMT + Subject: C=CN, O=China Financial Certification Authority, CN=CFCA EV ROOT + X509v3 extensions: + X509v3 Authority Key Identifier: + keyid:E3:FE:2D:FD:28:D0:0B:B5:BA:B6:A2:C4:BF:06:AA:05:8C:93:FB:2F + + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + E3:FE:2D:FD:28:D0:0B:B5:BA:B6:A2:C4:BF:06:AA:05:8C:93:FB:2F +SHA1 Fingerprint=E2:B8:29:4B:55:84:AB:6B:58:C2:90:46:6C:AC:3F:B8:39:8F:84:83 +SHA256 Fingerprint=5C:C3:D7:8E:4E:1D:5E:45:54:7A:04:E6:87:3E:64:F9:0C:F9:53:6D:1C:CC:2E:F8:00:F3:55:C4:C5:FD:70:FD +-----BEGIN CERTIFICATE----- +MIIFjTCCA3WgAwIBAgIEGErM1jANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJD +TjEwMC4GA1UECgwnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9y +aXR5MRUwEwYDVQQDDAxDRkNBIEVWIFJPT1QwHhcNMTIwODA4MDMwNzAxWhcNMjkx +MjMxMDMwNzAxWjBWMQswCQYDVQQGEwJDTjEwMC4GA1UECgwnQ2hpbmEgRmluYW5j +aWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRUwEwYDVQQDDAxDRkNBIEVWIFJP +T1QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDXXWvNED8fBVnVBU03 +sQ7smCuOFR36k0sXgiFxEFLXUWRwFsJVaU2OFW2fvwwbwuCjZ9YMrM8irq93VCpL +TIpTUnrD7i7es3ElweldPe6hL6P3KjzJIx1qqx2hp/Hz7KDVRM8Vz3IvHWOX6Jn5 +/ZOkVIBMUtRSqy5J35DNuF++P96hyk0g1CXohClTt7GIH//62pCfCqktQT+x8Rgp +7hZZLDRJGqgG16iI0gNyejLi6mhNbiyWZXvKWfry4t3uMCz7zEasxGPrb382KzRz +EpR/38wmnvFyXVBlWY9ps4deMm/DGIq1lY+wejfeWkU7xzbh72fROdOXW3NiGUgt +hxwG+3SYIElz8AXSG7Ggo7cbcNOIabla1jj0Ytwli3i/+Oh+uFzJlU9fpy25IGvP +a931DfSCt/SyZi4QKPaXWnuWFo8BGS1sbn85WAZkgwGDg8NNkt0yxoekN+kWzqot +aK8KgWU6cMGbrU1tVMoqLUuFG7OA5nBFDWteNfB/O7ic5ARwiRIlk9oKmSJgamNg +TnYGmE69g60dWIolhdLHZR4tjsbftsbhf4oEIRUpdPA+nJCdDC7xij5aqgwJHsfV +PKPtl8MeNPo4+QgO48BdK4PRVmrJtqhUUy54Mmc9gn900PvhtgVguXDbjgv5E1hv +cWAQUhC5wUEJ73IfZzF4/5YFjQIDAQABo2MwYTAfBgNVHSMEGDAWgBTj/i39KNAL +tbq2osS/BqoFjJP7LzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAd +BgNVHQ4EFgQU4/4t/SjQC7W6tqLEvwaqBYyT+y8wDQYJKoZIhvcNAQELBQADggIB +ACXGumvrh8vegjmWPfBEp2uEcwPenStPuiB/vHiyz5ewG5zz13ku9Ui20vsXiObT +ej/tUxPQ4i9qecsAIyjmHjdXNYmEwnZPNDatZ8POQQaIxffu2Bq41gt/UP+TqhdL +jOztUmCypAbqTuv0axn96/Ua4CUqmtzHQTb3yHQFhDmVOdYLO6Qn+gjYXB74BGBS +ESgoA//vU2YApUo0FmZ8/Qmkrp5nGm9BC2sGE5uPhnEFtC+NiWYzKXZUmhH4J/qy +P5Hgzg0b8zAarb8iXRvTvyUFTeGSGn+ZnzxEk8rUQElsgIfXBDrDMlI1Dlb4pd19 +xIsNER9Tyx6yF7Zod1rg1MvIB671Oi6ON7fQAUtDKXeMOZePglr4UeWJoBjnaH9d +Ci77o0cOPaYjesYBx4/IXr9tgFa+iiS6M+qf4TIRnvHST4D2G0CvOJ4RUHlzEhLN +5mydLIhyPDCBBpEi6lmt2hkuIsKNuYyH4Ga8cyNfIWRjgEj1oDwYPZTISEEdQLpe +/v5WOaHIz16eGWRGENoXkbcFgKyLmZJ956LYBws2J+dIeWCKw9cTXPhyQN9Ky8+Z +AAoACxGV2lZFA4gKn2fQ1XmxqI1AbQ3CekD6819kR5LLU7m7Wc5P/dAVUwHY3+vZ +5nbv0CO7O6l5s9UCKc2Jo5YPSjXnTkLAdc0Hz+Ys63su +-----END CERTIFICATE----- + +### Chunghwa Telecom Co., Ltd. + +=== /C=TW/O=Chunghwa Telecom Co., Ltd./OU=ePKI Root Certification Authority +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 15:c8:bd:65:47:5c:af:b8:97:00:5e:e4:06:d2:bc:9d + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Dec 20 02:31:27 2004 GMT + Not After : Dec 20 02:31:27 2034 GMT + Subject: C=TW, O=Chunghwa Telecom Co., Ltd., OU=ePKI Root Certification Authority + X509v3 extensions: + X509v3 Subject Key Identifier: + 1E:0C:F7:B6:67:F2:E1:92:26:09:45:C0:55:39:2E:77:3F:42:4A:A2 + X509v3 Basic Constraints: + CA:TRUE + setCext-hashedRoot: + 0/0-...0...+......0...g*.....E... +V|.[x....S..... +SHA1 Fingerprint=67:65:0D:F1:7E:8E:7E:5B:82:40:A4:F4:56:4B:CF:E2:3D:69:C6:F0 +SHA256 Fingerprint=C0:A6:F4:DC:63:A2:4B:FD:CF:54:EF:2A:6A:08:2A:0A:72:DE:35:80:3E:2F:F5:FF:52:7A:E5:D8:72:06:DF:D5 +-----BEGIN CERTIFICATE----- +MIIFsDCCA5igAwIBAgIQFci9ZUdcr7iXAF7kBtK8nTANBgkqhkiG9w0BAQUFADBe +MQswCQYDVQQGEwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0 +ZC4xKjAoBgNVBAsMIWVQS0kgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe +Fw0wNDEyMjAwMjMxMjdaFw0zNDEyMjAwMjMxMjdaMF4xCzAJBgNVBAYTAlRXMSMw +IQYDVQQKDBpDaHVuZ2h3YSBUZWxlY29tIENvLiwgTHRkLjEqMCgGA1UECwwhZVBL +SSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEA4SUP7o3biDN1Z82tH306Tm2d0y8U82N0ywEhajfqhFAH +SyZbCUNsIZ5qyNUD9WBpj8zwIuQf5/dqIjG3LBXy4P4AakP/h2XGtRrBp0xtInAh +ijHyl3SJCRImHJ7K2RKilTza6We/CKBk49ZCt0Xvl/T29de1ShUCWH2YWEtgvM3X +DZoTM1PRYfl61dd4s5oz9wCGzh1NlDivqOx4UXCKXBCDUSH3ET00hl7lSM2XgYI1 +TBnsZfZrxQWh7kcT1rMhJ5QQCtkkO7q+RBNGMD+XPNjX12ruOzjjK9SXDrkb5wdJ +fzcq+Xd4z1TtW0ado4AOkUPB1ltfFLqfpo0kR0BZv3I4sjZsN/+Z0V0OWQqraffA +sgRFelQArr5T9rXn4fg8ozHSqf4hUmTFpmfwdQcGlBSBVcYn5AGPF8Fqcde+S/uU +WH1+ETOxQvdibBjWzwloPn9s9h6PYq2lY9sJpx8iQkEeb5mKPtf5P0B6ebClAZLS +nT0IFaUQAS2zMnaolQ2zepr7BxB4EW/hj8e6DyUadCrlHJhBmd8hh+iVBmoKs2pH +dmX2Os+PYhcZewoozRrSgx4hxyy/vv9haLdnG7t4TY3OZ+XkwY63I2binZB1NJip +NiuKmpS5nezMirH4JYlcWrYvjB9teSSnUmjDhDXiZo1jDiVN1Rmy5nk3pyKdVDEC +AwEAAaNqMGgwHQYDVR0OBBYEFB4M97Zn8uGSJglFwFU5Lnc/QkqiMAwGA1UdEwQF +MAMBAf8wOQYEZyoHAAQxMC8wLQIBADAJBgUrDgMCGgUAMAcGBWcqAwAABBRFsMLH +ClZ87lt4DJX5GFPBphzYEDANBgkqhkiG9w0BAQUFAAOCAgEACbODU1kBPpVJufGB +uvl2ICO1J2B01GqZNF5sAFPZn/KmsSQHRGoqxqWOeBLoR9lYGxMqXnmbnwoqZ6Yl +PwZpVnPDimZI+ymBV3QGypzqKOg4ZyYr8dW1P2WT+DZdjo2NQCCHGervJ8A9tDkP +JXtoUHRVnAxZfVo9QZQlUgjgRywVMRnVvwdVxrsStZf0X4OFunHB2WyBEXYKCrC/ +gpf36j36+uwtqSiUO1bd0lEursC9CBWMd1I0ltabrNMdjmEPNXubrjlpC2JgQCA2 +j6/7Nu4tCEoduL+bXPjqpRugc6bY+G7gMwRfaKonh+3ZwZCc7b3jajWvY9+rGNm6 +5ulK6lCKD2GTHuItGeIwlDWSXQ62B68ZgI9HkFFLLk3dheLSClIKF5r8GrBQAuUB +o2M3IUxExJtRmREOc5wGj1QupyheRDmHVi03vYVElOEMSyycw5KFNGHLD7ibSkNS +/jQ6fbjpKdx2qcgw+BRxgMYeNkh0IkFch4LoGHGLQYlE535YW6i4jRPpp2zDR+2z +Gp1iro2C6pSe3VkQw63d4k3jMdXH7OjysP6SHhYKGvzZ8/gntsm+HbRsZJB/9OTE +W9c3rkIO3aQab3yIVMUWbuF6aC74Or8NpDyJO3inTmODBCEIZ43ygknQW/2xzQ+D +hNQ+IIX3Sj0rnP0qCglN6oH4EZw= +-----END CERTIFICATE----- + +### COMODO CA Limited + +=== /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO Certification Authority +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 4e:81:2d:8a:82:65:e0:0b:02:ee:3e:35:02:46:e5:3d + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Dec 1 00:00:00 2006 GMT + Not After : Dec 31 23:59:59 2029 GMT + Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO Certification Authority + X509v3 extensions: + X509v3 Subject Key Identifier: + 0B:58:E5:8B:C6:4C:15:37:A4:40:A9:30:A9:21:BE:47:36:5A:56:FF + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 CRL Distribution Points: + + Full Name: + URI:http://crl.comodoca.com/COMODOCertificationAuthority.crl + +SHA1 Fingerprint=66:31:BF:9E:F7:4F:9E:B6:C9:D5:A6:0C:BA:6A:BE:D1:F7:BD:EF:7B +SHA256 Fingerprint=0C:2C:D6:3D:F7:80:6F:A3:99:ED:E8:09:11:6B:57:5B:F8:79:89:F0:65:18:F9:80:8C:86:05:03:17:8B:AF:66 +-----BEGIN CERTIFICATE----- +MIIEHTCCAwWgAwIBAgIQToEtioJl4AsC7j41AkblPTANBgkqhkiG9w0BAQUFADCB +gTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G +A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV +BAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEyMDEwMDAw +MDBaFw0yOTEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl +YXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P +RE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0 +aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3 +UcEbVASY06m/weaKXTuH+7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI +2GqGd0S7WWaXUF601CxwRM/aN5VCaTwwxHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8 +Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV4EajcNxo2f8ESIl33rXp ++2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA1KGzqSX+ +DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5O +nKVIrLsm9wIDAQABo4GOMIGLMB0GA1UdDgQWBBQLWOWLxkwVN6RAqTCpIb5HNlpW +/zAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBJBgNVHR8EQjBAMD6g +PKA6hjhodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9DZXJ0aWZpY2F0aW9u +QXV0aG9yaXR5LmNybDANBgkqhkiG9w0BAQUFAAOCAQEAPpiem/Yb6dc5t3iuHXIY +SdOH5EOC6z/JqvWote9VfCFSZfnVDeFs9D6Mk3ORLgLETgdxb8CPOGEIqB6BCsAv +IC9Bi5HcSEW88cbeunZrM8gALTFGTO3nnc+IlP8zwFboJIYmuNg4ON8qa90SzMc/ +RxdMosIGlgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4 +zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd +BA6+C4OmF4O5MBKgxTMVBbkN+8cFduPYSo38NBejxiEovjBFMR7HeL5YYTisO+IB +ZQ== +-----END CERTIFICATE----- +=== /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO ECC Certification Authority +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 1f:47:af:aa:62:00:70:50:54:4c:01:9e:9b:63:99:2a + Signature Algorithm: ecdsa-with-SHA384 + Validity + Not Before: Mar 6 00:00:00 2008 GMT + Not After : Jan 18 23:59:59 2038 GMT + Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Certification Authority + X509v3 extensions: + X509v3 Subject Key Identifier: + 75:71:A7:19:48:19:BC:9D:9D:EA:41:47:DF:94:C4:48:77:99:D3:79 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE +SHA1 Fingerprint=9F:74:4E:9F:2B:4D:BA:EC:0F:31:2C:50:B6:56:3B:8E:2D:93:C3:11 +SHA256 Fingerprint=17:93:92:7A:06:14:54:97:89:AD:CE:2F:8F:34:F7:F0:B6:6D:0F:3A:E3:A3:B8:4D:21:EC:15:DB:BA:4F:AD:C7 +-----BEGIN CERTIFICATE----- +MIICiTCCAg+gAwIBAgIQH0evqmIAcFBUTAGem2OZKjAKBggqhkjOPQQDAzCBhTEL +MAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE +BxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMT +IkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDgwMzA2MDAw +MDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdy +ZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09N +T0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlv +biBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQDR3svdcmCFYX7deSR +FtSrYpn1PlILBs5BAH+X4QokPB0BBO490o0JlwzgdeT6+3eKKvUDYEs2ixYjFq0J +cfRK9ChQtP6IHG4/bC8vCVlbpVsLM5niwz2J+Wos77LTBumjQjBAMB0GA1UdDgQW +BBR1cacZSBm8nZ3qQUfflMRId5nTeTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/ +BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjEA7wNbeqy3eApyt4jf/7VGFAkK+qDm +fQjGGoe9GKhzvSbKYAydzpmfz1wPMOG+FDHqAjAU9JM8SaczepBGR7NjfRObTrdv +GDeAU/7dIOA1mjbRxwG55tzd8/8dLDoWV9mSOdY= +-----END CERTIFICATE----- +=== /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d + Signature Algorithm: sha384WithRSAEncryption + Validity + Not Before: Jan 19 00:00:00 2010 GMT + Not After : Jan 18 23:59:59 2038 GMT + Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority + X509v3 extensions: + X509v3 Subject Key Identifier: + BB:AF:7E:02:3D:FA:A6:F1:3C:84:8E:AD:EE:38:98:EC:D9:32:32:D4 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE +SHA1 Fingerprint=AF:E5:D2:44:A8:D1:19:42:30:FF:47:9F:E2:F8:97:BB:CD:7A:8C:B4 +SHA256 Fingerprint=52:F0:E1:C4:E5:8E:C6:29:29:1B:60:31:7F:07:46:71:B8:5D:7E:A8:0D:5B:07:27:34:63:53:4B:32:B4:02:34 +-----BEGIN CERTIFICATE----- +MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCB +hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G +A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV +BAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAwMTE5 +MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgT +EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR +Q09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNh +dGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR +6FSS0gpWsawNJN3Fz0RndJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX/JSw8X +pz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZFGvnnLOFoIJ6dq9xkNfs/Q36nGz637CC +9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt+5eNu/Nio5JIk2kNrYrhV +/erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pGx8cgoLEf +Zd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z ++pUX2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7w +qP/0uK3pN/u6uPQLOvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZah +SL0896+1DSJMwBGB7FY79tOi4lu3sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVIC +u9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+CGCe01a60y1Dma/RMhnEw6abf +Fobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5WdYgGq/yapiq +crxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo0IwQDAdBgNVHQ4E +FgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB +/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAArx1UaEt65Ru2yyTUEUAJNMnMvl +wFTPoCWOAvn9sKIN9SCYPBMtrFaisNZ+EZLpLrqeLppysb0ZRGxhNaKatBYSaVqM +4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+nq6PK7o9mfjYcwlYRm6mnPTXJ9OV +2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn8OoSgtZx8jb8uk2Intzna +FxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3mFXLrrkguhxuhoqEwWsRqZ +CuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZGYZ4wUAc1oBmpjIXUDgIiK +boHGhfKppC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R97QNKyvDb6KkBPvVWmcke +jkk9u+UJueBPSZI9FoJAzMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yL +S0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHqZJx64SIDqZxubw5lT2yHh17zbqD5daWb +QOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk527RH89elWsn2/x20Kk4yl +0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7ILaZRfyHB +NVOFBkpdn627G190 +-----END CERTIFICATE----- + +### Comodo CA Limited + +=== /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Jan 1 00:00:00 2004 GMT + Not After : Dec 31 23:59:59 2028 GMT + Subject: C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services + X509v3 extensions: + X509v3 Subject Key Identifier: + A0:11:0A:23:3E:96:F1:07:EC:E2:AF:29:EF:82:A5:7F:D0:30:A4:B4 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 CRL Distribution Points: + + Full Name: + URI:http://crl.comodoca.com/AAACertificateServices.crl + + Full Name: + URI:http://crl.comodo.net/AAACertificateServices.crl + +SHA1 Fingerprint=D1:EB:23:A4:6D:17:D6:8F:D9:25:64:C2:F1:F1:60:17:64:D8:E3:49 +SHA256 Fingerprint=D7:A7:A0:FB:5D:7E:27:31:D7:71:E9:48:4E:BC:DE:F7:1D:5F:0C:3E:0A:29:48:78:2B:C8:3E:E0:EA:69:9E:F4 +-----BEGIN CERTIFICATE----- +MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb +MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow +GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj +YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezEL +MAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE +BwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMM +GEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQua +BtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe +3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4 +YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZR +rOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm +ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQU +oBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF +MAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v +QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29t +b2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUF +AAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1Q +GE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz +Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2 +G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi +l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3 +smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg== +-----END CERTIFICATE----- + +### Cybertrust, Inc + +=== /O=Cybertrust, Inc/CN=Cybertrust Global Root +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 04:00:00:00:00:01:0f:85:aa:2d:48 + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Dec 15 08:00:00 2006 GMT + Not After : Dec 15 08:00:00 2021 GMT + Subject: O=Cybertrust, Inc, CN=Cybertrust Global Root + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + B6:08:7B:0D:7A:CC:AC:20:4C:86:56:32:5E:CF:AB:6E:85:2D:70:57 + X509v3 CRL Distribution Points: + + Full Name: + URI:http://www2.public-trust.com/crl/ct/ctroot.crl + + X509v3 Authority Key Identifier: + keyid:B6:08:7B:0D:7A:CC:AC:20:4C:86:56:32:5E:CF:AB:6E:85:2D:70:57 + +SHA1 Fingerprint=5F:43:E5:B1:BF:F8:78:8C:AC:1C:C7:CA:4A:9A:C6:22:2B:CC:34:C6 +SHA256 Fingerprint=96:0A:DF:00:63:E9:63:56:75:0C:29:65:DD:0A:08:67:DA:0B:9C:BD:6E:77:71:4A:EA:FB:23:49:AB:39:3D:A3 +-----BEGIN CERTIFICATE----- +MIIDoTCCAomgAwIBAgILBAAAAAABD4WqLUgwDQYJKoZIhvcNAQEFBQAwOzEYMBYG +A1UEChMPQ3liZXJ0cnVzdCwgSW5jMR8wHQYDVQQDExZDeWJlcnRydXN0IEdsb2Jh +bCBSb290MB4XDTA2MTIxNTA4MDAwMFoXDTIxMTIxNTA4MDAwMFowOzEYMBYGA1UE +ChMPQ3liZXJ0cnVzdCwgSW5jMR8wHQYDVQQDExZDeWJlcnRydXN0IEdsb2JhbCBS +b290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+Mi8vRRQZhP/8NN5 +7CPytxrHjoXxEnOmGaoQ25yiZXRadz5RfVb23CO21O1fWLE3TdVJDm71aofW0ozS +J8bi/zafmGWgE07GKmSb1ZASzxQG9Dvj1Ci+6A74q05IlG2OlTEQXO2iLb3VOm2y +HLtgwEZLAfVJrn5GitB0jaEMAs7u/OePuGtm839EAL9mJRQr3RAwHQeWP032a7iP +t3sMpTjr3kfb1V05/Iin89cqdPHoWqI7n1C6poxFNcJQZZXcY4Lv3b93TZxiyWNz +FtApD0mpSPCzqrdsxacwOUBdrsTiXSZT8M4cIwhhqJQZugRiQOwfOHB3EgZxpzAY +XSUnpQIDAQABo4GlMIGiMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/ +MB0GA1UdDgQWBBS2CHsNesysIEyGVjJez6tuhS1wVzA/BgNVHR8EODA2MDSgMqAw +hi5odHRwOi8vd3d3Mi5wdWJsaWMtdHJ1c3QuY29tL2NybC9jdC9jdHJvb3QuY3Js +MB8GA1UdIwQYMBaAFLYIew16zKwgTIZWMl7Pq26FLXBXMA0GCSqGSIb3DQEBBQUA +A4IBAQBW7wojoFROlZfJ+InaRcHUowAl9B8Tq7ejhVhpwjCt2BWKLePJzYFa+HMj +Wqd8BfP9IjsO0QbE2zZMcwSO5bAi5MXzLqXZI+O4Tkogp24CJJ8iYGd7ix1yCcUx +XOl5n4BHPa2hCwcUPUf/A2kaDAtE52Mlp3+yybh2hO0j9n0Hq0V+09+zv+mKts2o +omcrUtW3ZfA5TGOgkXmTUg9U3YO7n9GPp1Nzw8v/MOx8BLjYRB+TX3EJIrduPuoc +A06dGiBh+4E37F78CkWr1+cXVdCg6mCbpvbjjFspwgZgFJ0tl0ypkxWdYcQBX0jW +WL1WMRJOEcgh4LMRkWXbtKaIOM5V +-----END CERTIFICATE----- + +### D-Trust GmbH + +=== /C=DE/O=D-Trust GmbH/CN=D-TRUST Root Class 3 CA 2 2009 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 623603 (0x983f3) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Nov 5 08:35:58 2009 GMT + Not After : Nov 5 08:35:58 2029 GMT + Subject: C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + FD:DA:14:C4:9F:30:DE:21:BD:1E:42:39:FC:AB:63:23:49:E0:F1:84 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 CRL Distribution Points: + + Full Name: + URI:ldap://directory.d-trust.net/CN=D-TRUST%20Root%20Class%203%20CA%202%202009,O=D-Trust%20GmbH,C=DE?certificaterevocationlist + + Full Name: + URI:http://www.d-trust.net/crl/d-trust_root_class_3_ca_2_2009.crl + +SHA1 Fingerprint=58:E8:AB:B0:36:15:33:FB:80:F7:9B:1B:6D:29:D3:FF:8D:5F:00:F0 +SHA256 Fingerprint=49:E7:A4:42:AC:F0:EA:62:87:05:00:54:B5:25:64:B6:50:E4:F4:9E:42:E3:48:D6:AA:38:E0:39:E9:57:B1:C1 +-----BEGIN CERTIFICATE----- +MIIEMzCCAxugAwIBAgIDCYPzMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAkRF +MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxJzAlBgNVBAMMHkQtVFJVU1QgUm9vdCBD +bGFzcyAzIENBIDIgMjAwOTAeFw0wOTExMDUwODM1NThaFw0yOTExMDUwODM1NTha +ME0xCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxELVRydXN0IEdtYkgxJzAlBgNVBAMM +HkQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgMjAwOTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBANOySs96R+91myP6Oi/WUEWJNTrGa9v+2wBoqOADER03 +UAifTUpolDWzU9GUY6cgVq/eUXjsKj3zSEhQPgrfRlWLJ23DEE0NkVJD2IfgXU42 +tSHKXzlABF9bfsyjxiupQB7ZNoTWSPOSHjRGICTBpFGOShrvUD9pXRl/RcPHAY9R +ySPocq60vFYJfxLLHLGvKZAKyVXMD9O0Gu1HNVpK7ZxzBCHQqr0ME7UAyiZsxGsM +lFqVlNpQmvH/pStmMaTJOKDfHR+4CS7zp+hnUquVH+BGPtikw8paxTGA6Eian5Rp +/hnd2HN8gcqW3o7tszIFZYQ05ub9VxC1X3a/L7AQDcUCAwEAAaOCARowggEWMA8G +A1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFP3aFMSfMN4hvR5COfyrYyNJ4PGEMA4G +A1UdDwEB/wQEAwIBBjCB0wYDVR0fBIHLMIHIMIGAoH6gfIZ6bGRhcDovL2RpcmVj +dG9yeS5kLXRydXN0Lm5ldC9DTj1ELVRSVVNUJTIwUm9vdCUyMENsYXNzJTIwMyUy +MENBJTIwMiUyMDIwMDksTz1ELVRydXN0JTIwR21iSCxDPURFP2NlcnRpZmljYXRl +cmV2b2NhdGlvbmxpc3QwQ6BBoD+GPWh0dHA6Ly93d3cuZC10cnVzdC5uZXQvY3Js +L2QtdHJ1c3Rfcm9vdF9jbGFzc18zX2NhXzJfMjAwOS5jcmwwDQYJKoZIhvcNAQEL +BQADggEBAH+X2zDI36ScfSF6gHDOFBJpiBSVYEQBrLLpME+bUMJm2H6NMLVwMeni +acfzcNsgFYbQDfC+rAF1hM5+n02/t2A7nPPKHeJeaNijnZflQGDSNiH+0LS4F9p0 +o3/U37CYAqxva2ssJSRyoWXuJVrl5jLn8t+rSfrzkGkj2wTZ51xY/GXUl77M/C4K +zCUqNQT4YJEVdT1B/yMfGchs64JTBKbkTCJNjYy6zltz7GRUUG3RnFX7acM2w4y8 +PIWmawomDeCTmGCufsYkl4phX5GOZpIJhzbNi5stPvZR1FDUWSi9g/LMKHtThm3Y +Johw1+qRzT65ysCQblrGXnRl11z+o+I= +-----END CERTIFICATE----- +=== /C=DE/O=D-Trust GmbH/CN=D-TRUST Root Class 3 CA 2 EV 2009 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 623604 (0x983f4) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Nov 5 08:50:46 2009 GMT + Not After : Nov 5 08:50:46 2029 GMT + Subject: C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 EV 2009 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + D3:94:8A:4C:62:13:2A:19:2E:CC:AF:72:8A:7D:36:D7:9A:1C:DC:67 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 CRL Distribution Points: + + Full Name: + URI:ldap://directory.d-trust.net/CN=D-TRUST%20Root%20Class%203%20CA%202%20EV%202009,O=D-Trust%20GmbH,C=DE?certificaterevocationlist + + Full Name: + URI:http://www.d-trust.net/crl/d-trust_root_class_3_ca_2_ev_2009.crl + +SHA1 Fingerprint=96:C9:1B:0B:95:B4:10:98:42:FA:D0:D8:22:79:FE:60:FA:B9:16:83 +SHA256 Fingerprint=EE:C5:49:6B:98:8C:E9:86:25:B9:34:09:2E:EC:29:08:BE:D0:B0:F3:16:C2:D4:73:0C:84:EA:F1:F3:D3:48:81 +-----BEGIN CERTIFICATE----- +MIIEQzCCAyugAwIBAgIDCYP0MA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNVBAYTAkRF +MRUwEwYDVQQKDAxELVRydXN0IEdtYkgxKjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBD +bGFzcyAzIENBIDIgRVYgMjAwOTAeFw0wOTExMDUwODUwNDZaFw0yOTExMDUwODUw +NDZaMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxELVRydXN0IEdtYkgxKjAoBgNV +BAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAwOTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAJnxhDRwui+3MKCOvXwEz75ivJn9gpfSegpn +ljgJ9hBOlSJzmY3aFS3nBfwZcyK3jpgAvDw9rKFs+9Z5JUut8Mxk2og+KbgPCdM0 +3TP1YtHhzRnp7hhPTFiu4h7WDFsVWtg6uMQYZB7jM7K1iXdODL/ZlGsTl28So/6Z +qQTMFexgaDbtCHu39b+T7WYxg4zGcTSHThfqr4uRjRxWQa4iN1438h3Z0S0NL2lR +p75mpoo6Kr3HGrHhFPC+Oh25z1uxav60sUYgovseO3Dvk5h9jHOW8sXvhXCtKSb8 +HgQ+HKDYD8tSg2J87otTlZCpV6LqYQXY+U3EJ/pure3511H3a6UCAwEAAaOCASQw +ggEgMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNOUikxiEyoZLsyvcop9Ntea +HNxnMA4GA1UdDwEB/wQEAwIBBjCB3QYDVR0fBIHVMIHSMIGHoIGEoIGBhn9sZGFw +Oi8vZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1QlMjBSb290JTIwQ2xh +c3MlMjAzJTIwQ0ElMjAyJTIwRVYlMjAyMDA5LE89RC1UcnVzdCUyMEdtYkgsQz1E +RT9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0MEagRKBChkBodHRwOi8vd3d3LmQt +dHJ1c3QubmV0L2NybC9kLXRydXN0X3Jvb3RfY2xhc3NfM19jYV8yX2V2XzIwMDku +Y3JsMA0GCSqGSIb3DQEBCwUAA4IBAQA07XtaPKSUiO8aEXUHL7P+PPoeUSbrh/Yp +3uDx1MYkCenBz1UbtDDZzhr+BlGmFaQt77JLvyAoJUnRpjZ3NOhk31KxEcdzes05 +nsKtjHEh8lprr988TlWvsoRlFIm5d8sqMb7Po23Pb0iUMkZv53GMoKaEGTcH8gNF +CSuGdXzfX2lXANtu2KZyIktQ1HWYVt+3GP9DQ1CuekR78HlR10M9p9OB0/DJT7na +xpeG0ILD5EJt/rDiZE4OJudANCa1CInXCGNjOCd1HjPqbqjdn5lPdE2BiYBL3ZqX +KVwvvoFBuYz/6n1gBp7N1z3TLqMVvKjmJuVvw9y4AyHqnxbxLFS1 +-----END CERTIFICATE----- + +### Deutsche Telekom AG + +=== /C=DE/O=Deutsche Telekom AG/OU=T-TeleSec Trust Center/CN=Deutsche Telekom Root CA 2 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 38 (0x26) + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Jul 9 12:11:00 1999 GMT + Not After : Jul 9 23:59:00 2019 GMT + Subject: C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2 + X509v3 extensions: + X509v3 Subject Key Identifier: + 31:C3:79:1B:BA:F5:53:D7:17:E0:89:7A:2D:17:6C:0A:B3:2B:9D:33 + X509v3 Basic Constraints: + CA:TRUE, pathlen:5 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign +SHA1 Fingerprint=85:A4:08:C0:9C:19:3E:5D:51:58:7D:CD:D6:13:30:FD:8C:DE:37:BF +SHA256 Fingerprint=B6:19:1A:50:D0:C3:97:7F:7D:A9:9B:CD:AA:C8:6A:22:7D:AE:B9:67:9E:C7:0B:A3:B0:C9:D9:22:71:C1:70:D3 +-----BEGIN CERTIFICATE----- +MIIDnzCCAoegAwIBAgIBJjANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJERTEc +MBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxlU2Vj +IFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBSb290IENB +IDIwHhcNOTkwNzA5MTIxMTAwWhcNMTkwNzA5MjM1OTAwWjBxMQswCQYDVQQGEwJE +RTEcMBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxl +U2VjIFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBSb290 +IENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrC6M14IspFLEU +ha88EOQ5bzVdSq7d6mGNlUn0b2SjGmBmpKlAIoTZ1KXleJMOaAGtuU1cOs7TuKhC +QN/Po7qCWWqSG6wcmtoIKyUn+WkjR/Hg6yx6m/UTAtB+NHzCnjwAWav12gz1Mjwr +rFDa1sPeg5TKqAyZMg4ISFZbavva4VhYAUlfckE8FQYBjl2tqriTtM2e66foai1S +NNs671x1Udrb8zH57nGYMsRUFUQM+ZtV7a3fGAigo4aKSe5TBY8ZTNXeWHmb0moc +QqvF1afPaA+W5OFhmHZhyJF81j4A4pFQh+GdCuatl9Idxjp9y7zaAzTVjlsB9WoH +txa2bkp/AgMBAAGjQjBAMB0GA1UdDgQWBBQxw3kbuvVT1xfgiXotF2wKsyudMzAP +BgNVHRMECDAGAQH/AgEFMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOC +AQEAlGRZrTlk5ynrE/5aw4sTV8gEJPB0d8Bg42f76Ymmg7+Wgnxu1MM9756Abrsp +tJh6sTtU6zkXR34ajgv8HzFZMQSyzhfzLMdiNlXiItiJVbSYSKpk+tYcNthEeFpa +IzpXl/V6ME+un2pMSyuOoAPjPuCp1NJ70rOo4nI8rZ7/gFnkm0W09juwzTkZmDLl +6iFhkOQxIY40sfcvNUqFENrnijchvllj4PKFiDFT1FQUhXB59C4Gdyd1Lx+4ivn+ +xbrYNuSD7Odlt79jWvNGr4GUN9RBjNYj1h7P9WgbRGOiWrqnNVmh5XAFmw4jV5mU +Cm26OWMohpLzGITY+9HPBVZkVw== +-----END CERTIFICATE----- + +### Dhimyotis + +=== /C=FR/O=Dhimyotis/CN=Certigna +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 18364802974209362175 (0xfedce3010fc948ff) + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Jun 29 15:13:05 2007 GMT + Not After : Jun 29 15:13:05 2027 GMT + Subject: C=FR, O=Dhimyotis, CN=Certigna + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 1A:ED:FE:41:39:90:B4:24:59:BE:01:F2:52:D5:45:F6:5A:39:DC:11 + X509v3 Authority Key Identifier: + keyid:1A:ED:FE:41:39:90:B4:24:59:BE:01:F2:52:D5:45:F6:5A:39:DC:11 + DirName:/C=FR/O=Dhimyotis/CN=Certigna + serial:FE:DC:E3:01:0F:C9:48:FF + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + Netscape Cert Type: + SSL CA, S/MIME CA, Object Signing CA +SHA1 Fingerprint=B1:2E:13:63:45:86:A4:6F:1A:B2:60:68:37:58:2D:C4:AC:FD:94:97 +SHA256 Fingerprint=E3:B6:A2:DB:2E:D7:CE:48:84:2F:7A:C5:32:41:C7:B7:1D:54:14:4B:FB:40:C1:1F:3F:1D:0B:42:F5:EE:A1:2D +-----BEGIN CERTIFICATE----- +MIIDqDCCApCgAwIBAgIJAP7c4wEPyUj/MA0GCSqGSIb3DQEBBQUAMDQxCzAJBgNV +BAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hMB4X +DTA3MDYyOTE1MTMwNVoXDTI3MDYyOTE1MTMwNVowNDELMAkGA1UEBhMCRlIxEjAQ +BgNVBAoMCURoaW15b3RpczERMA8GA1UEAwwIQ2VydGlnbmEwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQDIaPHJ1tazNHUmgh7stL7qXOEm7RFHYeGifBZ4 +QCHkYJ5ayGPhxLGWkv8YbWkj4Sti993iNi+RB7lIzw7sebYs5zRLcAglozyHGxny +gQcPOJAZ0xH+hrTy0V4eHpbNgGzOOzGTtvKg0KmVEn2lmsxryIRWijOp5yIVUxbw +zBfsV1/pogqYCd7jX5xv3EjjhQsVWqa6n6xI4wmy9/Qy3l40vhx4XUJbzg4ij02Q +130yGLMLLGq/jj8UEYkgDncUtT2UCIf3JR7VsmAA7G8qKCVuKj4YYxclPz5EIBb2 +JsglrgVKtOdjLPOMFlN+XPsRGgjBRmKfIrjxwo1p3Po6WAbfAgMBAAGjgbwwgbkw +DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUGu3+QTmQtCRZvgHyUtVF9lo53BEw +ZAYDVR0jBF0wW4AUGu3+QTmQtCRZvgHyUtVF9lo53BGhOKQ2MDQxCzAJBgNVBAYT +AkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hggkA/tzj +AQ/JSP8wDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG +9w0BAQUFAAOCAQEAhQMeknH2Qq/ho2Ge6/PAD/Kl1NqV5ta+aDY9fm4fTIrv0Q8h +bV6lUmPOEvjvKtpv6zf+EwLHyzs+ImvaYS5/1HI93TDhHkxAGYwP15zRgzB7mFnc +fca5DClMoTOi62c6ZYTTluLtdkVwj7Ur3vkj1kluPBS1xp81HlDQwY9qcEQCYsuu +HWhBp6pX6FOqB9IG9tUUBguRA3UsbHK1YZWaDYu5Def131TN3ubY1gkIl2PlwS6w +t0QmwCbAr1UwnjvVNioZBPRcHv/PLLf/0P2HQBHVESO7SMAhqaQoLf0V+LBOK/Qw +WyH8EZE0vkHve52Xdf+XlcCWWC/qu0bXu+TZLg== +-----END CERTIFICATE----- + +### DigiCert Inc + +=== /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Assured ID Root CA +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39 + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Nov 10 00:00:00 2006 GMT + Not After : Nov 10 00:00:00 2031 GMT + Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 45:EB:A2:AF:F4:92:CB:82:31:2D:51:8B:A7:A7:21:9D:F3:6D:C8:0F + X509v3 Authority Key Identifier: + keyid:45:EB:A2:AF:F4:92:CB:82:31:2D:51:8B:A7:A7:21:9D:F3:6D:C8:0F + +SHA1 Fingerprint=05:63:B8:63:0D:62:D7:5A:BB:C8:AB:1E:4B:DF:B5:A8:99:B2:4D:43 +SHA256 Fingerprint=3E:90:99:B5:01:5E:8F:48:6C:00:BC:EA:9D:11:1E:E7:21:FA:BA:35:5A:89:BC:F1:DF:69:56:1E:3D:C6:32:5C +-----BEGIN CERTIFICATE----- +MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBl +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv +b3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBlMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl +cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7c +JpSIqvTO9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYP +mDI2dsze3Tyoou9q+yHyUmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+ +wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4 +VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpyoeb6pNnVFzF1roV9Iq4/ +AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whfGHdPAgMB +AAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW +BBRF66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYun +pyGd823IDzANBgkqhkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRC +dWKuh+vy1dneVrOfzM4UKLkNl2BcEkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTf +fwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38FnSbNd67IJKusm7Xi+fT8r87cm +NW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i8b5QZ7dsvfPx +H2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe ++o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g== +-----END CERTIFICATE----- +=== /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Assured ID Root G2 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 0b:93:1c:3a:d6:39:67:ea:67:23:bf:c3:af:9a:f4:4b + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Aug 1 12:00:00 2013 GMT + Not After : Jan 15 12:00:00 2038 GMT + Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root G2 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + CE:C3:4A:B9:99:55:F2:B8:DB:60:BF:A9:7E:BD:56:B5:97:36:A7:D6 +SHA1 Fingerprint=A1:4B:48:D9:43:EE:0A:0E:40:90:4F:3C:E0:A4:C0:91:93:51:5D:3F +SHA256 Fingerprint=7D:05:EB:B6:82:33:9F:8C:94:51:EE:09:4E:EB:FE:FA:79:53:A1:14:ED:B2:F4:49:49:45:2F:AB:7D:2F:C1:85 +-----BEGIN CERTIFICATE----- +MIIDljCCAn6gAwIBAgIQC5McOtY5Z+pnI7/Dr5r0SzANBgkqhkiG9w0BAQsFADBl +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv +b3QgRzIwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBlMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl +cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzIwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ5ygvUj82ckmIkzTz+GoeMVSA +n61UQbVH35ao1K+ALbkKz3X9iaV9JPrjIgwrvJUXCzO/GU1BBpAAvQxNEP4Htecc +biJVMWWXvdMX0h5i89vqbFCMP4QMls+3ywPgym2hFEwbid3tALBSfK+RbLE4E9Hp +EgjAALAcKxHad3A2m67OeYfcgnDmCXRwVWmvo2ifv922ebPynXApVfSr/5Vh88lA +bx3RvpO704gqu52/clpWcTs/1PPRCv4o76Pu2ZmvA9OPYLfykqGxvYmJHzDNw6Yu +YjOuFgJ3RFrngQo8p0Quebg/BLxcoIfhG69Rjs3sLPr4/m3wOnyqi+RnlTGNAgMB +AAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQW +BBTOw0q5mVXyuNtgv6l+vVa1lzan1jANBgkqhkiG9w0BAQsFAAOCAQEAyqVVjOPI +QW5pJ6d1Ee88hjZv0p3GeDgdaZaikmkuOGybfQTUiaWxMTeKySHMq2zNixya1r9I +0jJmwYrA8y8678Dj1JGG0VDjA9tzd29KOVPt3ibHtX2vK0LRdWLjSisCx1BL4Gni +lmwORGYQRI+tBev4eaymG+g3NJ1TyWGqolKvSnAWhsI6yLETcDbYz+70CjTVW0z9 +B5yiutkBclzzTcHdDrEcDcRjvq30FPuJ7KJBDkzMyFdA0G4Dqs0MjomZmWzwPDCv +ON9vvKO+KSAnq3T/EyJ43pdSVR6DtVQgA+6uwE9W3jfMw3+qBCe703e4YtsXfJwo +IhNzbM8m9Yop5w== +-----END CERTIFICATE----- +=== /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Assured ID Root G3 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 0b:a1:5a:fa:1d:df:a0:b5:49:44:af:cd:24:a0:6c:ec + Signature Algorithm: ecdsa-with-SHA384 + Validity + Not Before: Aug 1 12:00:00 2013 GMT + Not After : Jan 15 12:00:00 2038 GMT + Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root G3 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + CB:D0:BD:A9:E1:98:05:51:A1:4D:37:A2:83:79:CE:8D:1D:2A:E4:84 +SHA1 Fingerprint=F5:17:A2:4F:9A:48:C6:C9:F8:A2:00:26:9F:DC:0F:48:2C:AB:30:89 +SHA256 Fingerprint=7E:37:CB:8B:4C:47:09:0C:AB:36:55:1B:A6:F4:5D:B8:40:68:0F:BA:16:6A:95:2D:B1:00:71:7F:43:05:3F:C2 +-----BEGIN CERTIFICATE----- +MIICRjCCAc2gAwIBAgIQC6Fa+h3foLVJRK/NJKBs7DAKBggqhkjOPQQDAzBlMQsw +CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu +ZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3Qg +RzMwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBlMQswCQYDVQQGEwJV +UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu +Y29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwdjAQBgcq +hkjOPQIBBgUrgQQAIgNiAAQZ57ysRGXtzbg/WPuNsVepRC0FFfLvC/8QdJ+1YlJf +Zn4f5dwbRXkLzMZTCp2NXQLZqVneAlr2lSoOjThKiknGvMYDOAdfVdp+CW7if17Q +RSAPWXYQ1qAk8C3eNvJsKTmjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ +BAQDAgGGMB0GA1UdDgQWBBTL0L2p4ZgFUaFNN6KDec6NHSrkhDAKBggqhkjOPQQD +AwNnADBkAjAlpIFFAmsSS3V0T8gj43DydXLefInwz5FyYZ5eEJJZVrmDxxDnOOlY +JjZ91eQ0hjkCMHw2U/Aw5WJjOpnitqM7mzT6HtoQknFekROn3aRukswy1vUhZscv +6pZjamVFkpUBtA== +-----END CERTIFICATE----- +=== /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 08:3b:e0:56:90:42:46:b1:a1:75:6a:c9:59:91:c7:4a + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Nov 10 00:00:00 2006 GMT + Not After : Nov 10 00:00:00 2031 GMT + Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 03:DE:50:35:56:D1:4C:BB:66:F0:A3:E2:1B:1B:C3:97:B2:3D:D1:55 + X509v3 Authority Key Identifier: + keyid:03:DE:50:35:56:D1:4C:BB:66:F0:A3:E2:1B:1B:C3:97:B2:3D:D1:55 + +SHA1 Fingerprint=A8:98:5D:3A:65:E5:E5:C4:B2:D7:D6:6D:40:C6:DD:2F:B1:9C:54:36 +SHA256 Fingerprint=43:48:A0:E9:44:4C:78:CB:26:5E:05:8D:5E:89:44:B4:D8:4F:96:62:BD:26:DB:25:7F:89:34:A4:43:C7:01:61 +-----BEGIN CERTIFICATE----- +MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD +QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT +MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j +b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB +CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97 +nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt +43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P +T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4 +gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO +BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR +TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw +DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr +hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg +06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF +PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls +YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk +CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4= +-----END CERTIFICATE----- +=== /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root G2 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 03:3a:f1:e6:a7:11:a9:a0:bb:28:64:b1:1d:09:fa:e5 + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Aug 1 12:00:00 2013 GMT + Not After : Jan 15 12:00:00 2038 GMT + Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + 4E:22:54:20:18:95:E6:E3:6E:E6:0F:FA:FA:B9:12:ED:06:17:8F:39 +SHA1 Fingerprint=DF:3C:24:F9:BF:D6:66:76:1B:26:80:73:FE:06:D1:CC:8D:4F:82:A4 +SHA256 Fingerprint=CB:3C:CB:B7:60:31:E5:E0:13:8F:8D:D3:9A:23:F9:DE:47:FF:C3:5E:43:C1:14:4C:EA:27:D4:6A:5A:B1:CB:5F +-----BEGIN CERTIFICATE----- +MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBh +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH +MjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVT +MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j +b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI +2/Ou8jqJkTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx +1x7e/dfgy5SDN67sH0NO3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQ +q2EGnI/yuum06ZIya7XzV+hdG82MHauVBJVJ8zUtluNJbd134/tJS7SsVQepj5Wz +tCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyMUNGPHgm+F6HmIcr9g+UQ +vIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQABo0IwQDAP +BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV +5uNu5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY +1Yl9PMWLSn/pvtsrF9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4 +NeF22d+mQrvHRAiGfzZ0JFrabA0UWTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NG +Fdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBHQRFXGU7Aj64GxJUTFy8bJZ91 +8rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/iyK5S9kJRaTe +pLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl +MrY= +-----END CERTIFICATE----- +=== /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root G3 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 05:55:56:bc:f2:5e:a4:35:35:c3:a4:0f:d5:ab:45:72 + Signature Algorithm: ecdsa-with-SHA384 + Validity + Not Before: Aug 1 12:00:00 2013 GMT + Not After : Jan 15 12:00:00 2038 GMT + Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + B3:DB:48:A4:F9:A1:C5:D8:AE:36:41:CC:11:63:69:62:29:BC:4B:C6 +SHA1 Fingerprint=7E:04:DE:89:6A:3E:66:6D:00:E6:87:D3:3F:FA:D9:3B:E8:3D:34:9E +SHA256 Fingerprint=31:AD:66:48:F8:10:41:38:C7:38:F3:9E:A4:32:01:33:39:3E:3A:18:CC:02:29:6E:F9:7C:2A:C9:EF:67:31:D0 +-----BEGIN CERTIFICATE----- +MIICPzCCAcWgAwIBAgIQBVVWvPJepDU1w6QP1atFcjAKBggqhkjOPQQDAzBhMQsw +CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu +ZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMzAe +Fw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVTMRUw +EwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20x +IDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEczMHYwEAYHKoZIzj0CAQYF +K4EEACIDYgAE3afZu4q4C/sLfyHS8L6+c/MzXRq8NOrexpu80JX28MzQC7phW1FG +fp4tn+6OYwwX7Adw9c+ELkCDnOg/QW07rdOkFFk2eJ0DQ+4QE2xy3q6Ip6FrtUPO +Z9wj/wMco+I+o0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAd +BgNVHQ4EFgQUs9tIpPmhxdiuNkHMEWNpYim8S8YwCgYIKoZIzj0EAwMDaAAwZQIx +AK288mw/EkrRLTnDCgmXc/SINoyIJ7vmiI1Qhadj+Z4y3maTD/HMsQmP3Wyr+mt/ +oAIwOWZbwmSNuJ5Q3KjVSaLtx9zRSX8XAbjIho9OjIgrqJqpisXRAL34VOKa5Vt8 +sycX +-----END CERTIFICATE----- +=== /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77 + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Nov 10 00:00:00 2006 GMT + Not After : Nov 10 00:00:00 2031 GMT + Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA + X509v3 extensions: + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + B1:3E:C3:69:03:F8:BF:47:01:D4:98:26:1A:08:02:EF:63:64:2B:C3 + X509v3 Authority Key Identifier: + keyid:B1:3E:C3:69:03:F8:BF:47:01:D4:98:26:1A:08:02:EF:63:64:2B:C3 + +SHA1 Fingerprint=5F:B7:EE:06:33:E2:59:DB:AD:0C:4C:9A:E6:D3:8F:1A:61:C7:DC:25 +SHA256 Fingerprint=74:31:E5:F4:C3:C1:CE:46:90:77:4F:0B:61:E0:54:40:88:3B:A9:A0:1E:D0:0B:A6:AB:D7:80:6E:D3:B1:18:CF +-----BEGIN CERTIFICATE----- +MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j +ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL +MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3 +LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug +RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm ++9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW +PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM +xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB +Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3 +hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg +EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF +MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA +FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec +nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z +eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF +hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2 +Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe +vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep ++OkuE6N36B9K +-----END CERTIFICATE----- +=== /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Trusted Root G4 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c + Signature Algorithm: sha384WithRSAEncryption + Validity + Not Before: Aug 1 12:00:00 2013 GMT + Not After : Jan 15 12:00:00 2038 GMT + Subject: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root G4 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + EC:D7:E3:82:D2:71:5D:64:4C:DF:2E:67:3F:E7:BA:98:AE:1C:0F:4F +SHA1 Fingerprint=DD:FB:16:CD:49:31:C9:73:A2:03:7D:3F:C8:3A:4D:7D:77:5D:05:E4 +SHA256 Fingerprint=55:2F:7B:DC:F1:A7:AF:9E:6C:E6:72:01:7F:4F:12:AB:F7:72:40:C7:8E:76:1A:C2:03:D1:D9:D2:0A:C8:99:88 +-----BEGIN CERTIFICATE----- +MIIFkDCCA3igAwIBAgIQBZsbV56OITLiOQe9p3d1XDANBgkqhkiG9w0BAQwFADBi +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3Qg +RzQwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBiMQswCQYDVQQGEwJV +UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu +Y29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQC/5pBzaN675F1KPDAiMGkz7MKnJS7JIT3y +ithZwuEppz1Yq3aaza57G4QNxDAf8xukOBbrVsaXbR2rsnnyyhHS5F/WBTxSD1If +xp4VpX6+n6lXFllVcq9ok3DCsrp1mWpzMpTREEQQLt+C8weE5nQ7bXHiLQwb7iDV +ySAdYyktzuxeTsiT+CFhmzTrBcZe7FsavOvJz82sNEBfsXpm7nfISKhmV1efVFiO +DCu3T6cw2Vbuyntd463JT17lNecxy9qTXtyOj4DatpGYQJB5w3jHtrHEtWoYOAMQ +jdjUN6QuBX2I9YI+EJFwq1WCQTLX2wRzKm6RAXwhTNS8rhsDdV14Ztk6MUSaM0C/ +CNdaSaTC5qmgZ92kJ7yhTzm1EVgX9yRcRo9k98FpiHaYdj1ZXUJ2h4mXaXpI8OCi +EhtmmnTK3kse5w5jrubU75KSOp493ADkRSWJtppEGSt+wJS00mFt6zPZxd9LBADM +fRyVw4/3IbKyEbe7f/LVjHAsQWCqsWMYRJUadmJ+9oCw++hkpjPRiQfhvbfmQ6QY +uKZ3AeEPlAwhHbJUKSWJbOUOUlFHdL4mrLZBdd56rF+NP8m800ERElvlEFDrMcXK +chYiCd98THU/Y+whX8QgUWtvsauGi0/C1kVfnSD8oR7FwI+isX4KJpn15GkvmB0t +9dmpsh3lGwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB +hjAdBgNVHQ4EFgQU7NfjgtJxXWRM3y5nP+e6mK4cD08wDQYJKoZIhvcNAQEMBQAD +ggIBALth2X2pbL4XxJEbw6GiAI3jZGgPVs93rnD5/ZpKmbnJeFwMDF/k5hQpVgs2 +SV1EY+CtnJYYZhsjDT156W1r1lT40jzBQ0CuHVD1UvyQO7uYmWlrx8GnqGikJ9yd ++SeuMIW59mdNOj6PWTkiU0TryF0Dyu1Qen1iIQqAyHNm0aAFYF/opbSnr6j3bTWc +fFqK1qI4mfN4i/RN0iAL3gTujJtHgXINwBQy7zBZLq7gcfJW5GqXb5JQbZaNaHqa +sjYUegbyJLkJEVDXCLG4iXqEI2FCKeWjzaIgQdfRnGTZ6iahixTXTBmyUEFxPT9N +cCOGDErcgdLMMpSEDQgJlxxPwO5rIHQw0uA5NBCFIRUBCOhVMt5xSdkoF1BN5r5N +0XWs0Mr7QbhDparTwwVETyw2m+L64kW4I1NsBm9nVX9GtUw/bihaeSbSpKhil9Ie +4u1Ki7wb/UdKDd9nZn6yW0HQO+T0O/QEY+nvwlQAUaCKKsnOeMzV6ocEGLPOr0mI +r/OSmbaz5mEP0oUA51Aa5BuVnRmhuZyxm7EAHu/QD09CbMkKvO5D+jpxpchNJqU1 +/YldvIViHTLSoCtU7ZpXwdv6EM8Zt4tKG48BtieVU+i2iW1bvGjUI+iLUaJW+fCm +gKDWHrO8Dw9TdSmq6hN35N6MgSGtBxBHEa2HPQfRdbzP82Z+ +-----END CERTIFICATE----- + +### Digital Signature Trust Co. + +=== /O=Digital Signature Trust Co./CN=DST Root CA X3 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 44:af:b0:80:d6:a3:27:ba:89:30:39:86:2e:f8:40:6b + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Sep 30 21:12:19 2000 GMT + Not After : Sep 30 14:01:15 2021 GMT + Subject: O=Digital Signature Trust Co., CN=DST Root CA X3 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + C4:A7:B1:A4:7B:2C:71:FA:DB:E1:4B:90:75:FF:C4:15:60:85:89:10 +SHA1 Fingerprint=DA:C9:02:4F:54:D8:F6:DF:94:93:5F:B1:73:26:38:CA:6A:D7:7C:13 +SHA256 Fingerprint=06:87:26:03:31:A7:24:03:D9:09:F1:05:E6:9B:CF:0D:32:E1:BD:24:93:FF:C6:D9:20:6D:11:BC:D6:77:07:39 +-----BEGIN CERTIFICATE----- +MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/ +MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT +DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow +PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD +Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O +rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq +OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b +xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw +7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD +aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV +HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG +SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69 +ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr +AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz +R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5 +JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo +Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ +-----END CERTIFICATE----- + +### Disig a.s. + +=== /C=SK/L=Bratislava/O=Disig a.s./CN=CA Disig Root R2 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 10572350602393338211 (0x92b888dbb08ac163) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Jul 19 09:15:30 2012 GMT + Not After : Jul 19 09:15:30 2042 GMT + Subject: C=SK, L=Bratislava, O=Disig a.s., CN=CA Disig Root R2 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + B5:99:F8:AF:B0:94:F5:E3:20:D6:0A:AD:CE:4E:56:A4:2E:6E:42:ED +SHA1 Fingerprint=B5:61:EB:EA:A4:DE:E4:25:4B:69:1A:98:A5:57:47:C2:34:C7:D9:71 +SHA256 Fingerprint=E2:3D:4A:03:6D:7B:70:E9:F5:95:B1:42:20:79:D2:B9:1E:DF:BB:1F:B6:51:A0:63:3E:AA:8A:9D:C5:F8:07:03 +-----BEGIN CERTIFICATE----- +MIIFaTCCA1GgAwIBAgIJAJK4iNuwisFjMA0GCSqGSIb3DQEBCwUAMFIxCzAJBgNV +BAYTAlNLMRMwEQYDVQQHEwpCcmF0aXNsYXZhMRMwEQYDVQQKEwpEaXNpZyBhLnMu +MRkwFwYDVQQDExBDQSBEaXNpZyBSb290IFIyMB4XDTEyMDcxOTA5MTUzMFoXDTQy +MDcxOTA5MTUzMFowUjELMAkGA1UEBhMCU0sxEzARBgNVBAcTCkJyYXRpc2xhdmEx +EzARBgNVBAoTCkRpc2lnIGEucy4xGTAXBgNVBAMTEENBIERpc2lnIFJvb3QgUjIw +ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCio8QACdaFXS1tFPbCw3Oe +NcJxVX6B+6tGUODBfEl45qt5WDza/3wcn9iXAng+a0EE6UG9vgMsRfYvZNSrXaNH +PWSb6WiaxswbP7q+sos0Ai6YVRn8jG+qX9pMzk0DIaPY0jSTVpbLTAwAFjxfGs3I +x2ymrdMxp7zo5eFm1tL7A7RBZckQrg4FY8aAamkw/dLukO8NJ9+flXP04SXabBbe +QTg06ov80egEFGEtQX6sx3dOy1FU+16SGBsEWmjGycT6txOgmLcRK7fWV8x8nhfR +yyX+hk4kLlYMeE2eARKmK6cBZW58Yh2EhN/qwGu1pSqVg8NTEQxzHQuyRpDRQjrO +QG6Vrf/GlK1ul4SOfW+eioANSW1z4nuSHsPzwfPrLgVv2RvPN3YEyLRa5Beny912 +H9AZdugsBbPWnDTYltxhh5EF5EQIM8HauQhl1K6yNg3ruji6DOWbnuuNZt2Zz9aJ +QfYEkoopKW1rOhzndX0CcQ7zwOe9yxndnWCywmZgtrEE7snmhrmaZkCo5xHtgUUD +i/ZnWejBBhG93c+AAk9lQHhcR1DIm+YfgXvkRKhbhZri3lrVx/k6RGZL5DJUfORs +nLMOPReisjQS1n6yqEm70XooQL6iFh/f5DcfEXP7kAplQ6INfPgGAVUzfbANuPT1 +rqVCV3w2EYx7XsQDnYx5nQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud +DwEB/wQEAwIBBjAdBgNVHQ4EFgQUtZn4r7CU9eMg1gqtzk5WpC5uQu0wDQYJKoZI +hvcNAQELBQADggIBACYGXnDnZTPIgm7ZnBc6G3pmsgH2eDtpXi/q/075KMOYKmFM +tCQSin1tERT3nLXK5ryeJ45MGcipvXrA1zYObYVybqjGom32+nNjf7xueQgcnYqf +GopTpti72TVVsRHFqQOzVju5hJMiXn7B9hJSi+osZ7z+Nkz1uM/Rs0mSO9MpDpkb +lvdhuDvEK7Z4bLQjb/D907JedR+Zlais9trhxTF7+9FGs9K8Z7RiVLoJ92Owk6Ka ++elSLotgEqv89WBW7xBci8QaQtyDW2QOy7W81k/BfDxujRNt+3vrMNDcTa/F1bal +TFtxyegxvug4BkihGuLq0t4SOVga/4AOgnXmt8kHbA7v/zjxmHHEt38OFdAlab0i +nSvtBfZGR6ztwPDUO+Ls7pZbkBNOHlY667DvlruWIxG68kOGdGSVyCh13x01utI3 +gzhTODY7z2zp+WsO0PsE6E9312UBeIYMej4hYvF/Y3EMyZ9E26gnonW+boE+18Dr +G5gPcFw0sorMwIUY6256s/daoQe/qUKS82Ail+QUoQebTnbAjn39pCXHR+3/H3Os +zMOl6W8KjptlwlCFtaOgUxLMVYdh84GuEEZhvUQhuMI9dM9+JDX6HAcOmz0iyu8x +L4ysEr3vQCj8KWefshNPZiTEUxnpHikV7+ZtsH8tZ/3zbBt1RqPlShfppNcL +-----END CERTIFICATE----- + +### E-Tu\U011Fra EBG Bili\U015Fim Teknolojileri ve Hizmetleri A.\U015E. + +=== /C=TR/L=Ankara/O=E-Tu\xC4\x9Fra EBG Bili\xC5\x9Fim Teknolojileri ve Hizmetleri A.\xC5\x9E./OU=E-Tugra Sertifikasyon Merkezi/CN=E-Tugra Certification Authority +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 7667447206703254355 (0x6a683e9c519bcb53) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Mar 5 12:09:48 2013 GMT + Not After : Mar 3 12:09:48 2023 GMT + Subject: C=TR, L=Ankara, O=E-Tu\xC4\x9Fra EBG Bili\xC5\x9Fim Teknolojileri ve Hizmetleri A.\xC5\x9E., OU=E-Tugra Sertifikasyon Merkezi, CN=E-Tugra Certification Authority + X509v3 extensions: + X509v3 Subject Key Identifier: + 2E:E3:DB:B2:49:D0:9C:54:79:5C:FA:27:2A:FE:CC:4E:D2:E8:4E:54 + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Authority Key Identifier: + keyid:2E:E3:DB:B2:49:D0:9C:54:79:5C:FA:27:2A:FE:CC:4E:D2:E8:4E:54 + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign +SHA1 Fingerprint=51:C6:E7:08:49:06:6E:F3:92:D4:5C:A0:0D:6D:A3:62:8F:C3:52:39 +SHA256 Fingerprint=B0:BF:D5:2B:B0:D7:D9:BD:92:BF:5D:4D:C1:3D:A2:55:C0:2C:54:2F:37:83:65:EA:89:39:11:F5:5E:55:F2:3C +-----BEGIN CERTIFICATE----- +MIIGSzCCBDOgAwIBAgIIamg+nFGby1MwDQYJKoZIhvcNAQELBQAwgbIxCzAJBgNV +BAYTAlRSMQ8wDQYDVQQHDAZBbmthcmExQDA+BgNVBAoMN0UtVHXEn3JhIEVCRyBC +aWxpxZ9pbSBUZWtub2xvamlsZXJpIHZlIEhpem1ldGxlcmkgQS7Fni4xJjAkBgNV +BAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBNZXJrZXppMSgwJgYDVQQDDB9FLVR1 +Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTEzMDMwNTEyMDk0OFoXDTIz +MDMwMzEyMDk0OFowgbIxCzAJBgNVBAYTAlRSMQ8wDQYDVQQHDAZBbmthcmExQDA+ +BgNVBAoMN0UtVHXEn3JhIEVCRyBCaWxpxZ9pbSBUZWtub2xvamlsZXJpIHZlIEhp +em1ldGxlcmkgQS7Fni4xJjAkBgNVBAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBN +ZXJrZXppMSgwJgYDVQQDDB9FLVR1Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4vU/kwVRHoViVF56C/UY +B4Oufq9899SKa6VjQzm5S/fDxmSJPZQuVIBSOTkHS0vdhQd2h8y/L5VMzH2nPbxH +D5hw+IyFHnSOkm0bQNGZDbt1bsipa5rAhDGvykPL6ys06I+XawGb1Q5KCKpbknSF +Q9OArqGIW66z6l7LFpp3RMih9lRozt6Plyu6W0ACDGQXwLWTzeHxE2bODHnv0ZEo +q1+gElIwcxmOj+GMB6LDu0rw6h8VqO4lzKRG+Bsi77MOQ7osJLjFLFzUHPhdZL3D +k14opz8n8Y4e0ypQBaNV2cvnOVPAmJ6MVGKLJrD3fY185MaeZkJVgkfnsliNZvcH +fC425lAcP9tDJMW/hkd5s3kc91r0E+xs+D/iWR+V7kI+ua2oMoVJl0b+SzGPWsut +dEcf6ZG33ygEIqDUD13ieU/qbIWGvaimzuT6w+Gzrt48Ue7LE3wBf4QOXVGUnhMM +ti6lTPk5cDZvlsouDERVxcr6XQKj39ZkjFqzAQqptQpHF//vkUAqjqFGOjGY5RH8 +zLtJVor8udBhmm9lbObDyz51Sf6Pp+KJxWfXnUYTTjF2OySznhFlhqt/7x3U+Lzn +rFpct1pHXFXOVbQicVtbC/DP3KBhZOqp12gKY6fgDT+gr9Oq0n7vUaDmUStVkhUX +U8u3Zg5mTPj5dUyQ5xJwx0UCAwEAAaNjMGEwHQYDVR0OBBYEFC7j27JJ0JxUeVz6 +Jyr+zE7S6E5UMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAULuPbsknQnFR5 +XPonKv7MTtLoTlQwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQAF +Nzr0TbdF4kV1JI+2d1LoHNgQk2Xz8lkGpD4eKexd0dCrfOAKkEh47U6YA5n+KGCR +HTAduGN8qOY1tfrTYXbm1gdLymmasoR6d5NFFxWfJNCYExL/u6Au/U5Mh/jOXKqY +GwXgAEZKgoClM4so3O0409/lPun++1ndYYRP0lSWE2ETPo+Aab6TR7U1Q9Jauz1c +77NCR807VRMGsAnb/WP2OogKmW9+4c4bU2pEZiNRCHu8W1Ki/QY3OEBhj0qWuJA3 ++GbHeJAAFS6LrVE1Uweoa2iu+U48BybNCAVwzDk/dr2l02cmAYamU9JgO3xDf1WK +vJUawSg5TB9D0pH0clmKuVb8P7Sd2nCcdlqMQ1DujjByTd//SffGqWfZbawCEeI6 +FiWnWAjLb1NBnEg4R2gz0dfHj9R0IdTDBZB6/86WiLEVKV0jq9BgoRJP3vQXzTLl +yb/IQ639Lo7xr+L0mPoSHyDYwKcMhcWQ9DstliaxLL5Mq+ux0orJ23gTDx4JnW2P +AJ8C2sH6H3p6CcRK5ogql5+Ji/03X186zjhZhkuvcQu02PJwT58yE+Owp1fl2tpD +y4Q08ijE6m30Ku/Ba3ba+367hTzSU8JNvnHhRdH9I2cNE3X7z2VnIp2usAnRCf8d +NL/+I5c30jn6PQ0GC7TbO6Orb1wdtn7os4I07QZcJA== +-----END CERTIFICATE----- + +### Entrust, Inc. + +=== /C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2009 Entrust, Inc. - for authorized use only/CN=Entrust Root Certification Authority - G2 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1246989352 (0x4a538c28) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Jul 7 17:25:54 2009 GMT + Not After : Dec 7 17:55:54 2030 GMT + Subject: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2 + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 6A:72:26:7A:D0:1E:EF:7D:E7:3B:69:51:D4:6C:8D:9F:90:12:66:AB +SHA1 Fingerprint=8C:F4:27:FD:79:0C:3A:D1:66:06:8D:E8:1E:57:EF:BB:93:22:72:D4 +SHA256 Fingerprint=43:DF:57:74:B0:3E:7F:EF:5F:E4:0D:93:1A:7B:ED:F1:BB:2E:6B:42:73:8C:4E:6D:38:41:10:3D:3A:A7:F3:39 +-----BEGIN CERTIFICATE----- +MIIEPjCCAyagAwIBAgIESlOMKDANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMC +VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50 +cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3Qs +IEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVz +dCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIwHhcNMDkwNzA3MTcy +NTU0WhcNMzAxMjA3MTc1NTU0WjCBvjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVu +dHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwt +dGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0 +aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmlj +YXRpb24gQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQC6hLZy254Ma+KZ6TABp3bqMriVQRrJ2mFOWHLP/vaCeb9zYQYKpSfYs1/T +RU4cctZOMvJyig/3gxnQaoCAAEUesMfnmr8SVycco2gvCoe9amsOXmXzHHfV1IWN +cCG0szLni6LVhjkCsbjSR87kyUnEO6fe+1R9V77w6G7CebI6C1XiUJgWMhNcL3hW +wcKUs/Ja5CeanyTXxuzQmyWC48zCxEXFjJd6BmsqEZ+pCm5IO2/b1BEZQvePB7/1 +U1+cPvQXLOZprE4yTGJ36rfo5bs0vBmLrpxR57d+tVOxMyLlbc9wPBr64ptntoP0 +jaWvYkxN4FisZDQSA/i2jZRjJKRxAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAP +BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqciZ60B7vfec7aVHUbI2fkBJmqzAN +BgkqhkiG9w0BAQsFAAOCAQEAeZ8dlsa2eT8ijYfThwMEYGprmi5ZiXMRrEPR9RP/ +jTkrwPK9T3CMqS/qF8QLVJ7UG5aYMzyorWKiAHarWWluBh1+xLlEjZivEtRh2woZ +Rkfz6/djwUAFQKXSt/S1mja/qYh2iARVBCuch38aNzx+LaUa2NSJXsq9rD1s2G2v +1fN2D807iDginWyTmsQ9v4IbZT+mD12q/OWyFcq1rca8PdCE6OoGcrBNOTJ4vz4R +nAuknZoh8/CbCzB428Hch0P+vGOaysXCHMnHjf87ElgI5rY97HosTvuDls4MPGmH +VHOkc8KT/1EQrBVUAdj8BbGJoX90g5pJ19xOe4pIb4tF9g== +-----END CERTIFICATE----- +=== /C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2012 Entrust, Inc. - for authorized use only/CN=Entrust Root Certification Authority - EC1 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + a6:8b:79:29:00:00:00:00:50:d0:91:f9 + Signature Algorithm: ecdsa-with-SHA384 + Validity + Not Before: Dec 18 15:25:36 2012 GMT + Not After : Dec 18 15:55:36 2037 GMT + Subject: C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2012 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - EC1 + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + B7:63:E7:1A:DD:8D:E9:08:A6:55:83:A4:E0:6A:50:41:65:11:42:49 +SHA1 Fingerprint=20:D8:06:40:DF:9B:25:F5:12:25:3A:11:EA:F7:59:8A:EB:14:B5:47 +SHA256 Fingerprint=02:ED:0E:B2:8C:14:DA:45:16:5C:56:67:91:70:0D:64:51:D7:FB:56:F0:B2:AB:1D:3B:8E:B0:70:E5:6E:DF:F5 +-----BEGIN CERTIFICATE----- +MIIC+TCCAoCgAwIBAgINAKaLeSkAAAAAUNCR+TAKBggqhkjOPQQDAzCBvzELMAkG +A1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3 +d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVu +dHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEzMDEGA1UEAxMq +RW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRUMxMB4XDTEy +MTIxODE1MjUzNloXDTM3MTIxODE1NTUzNlowgb8xCzAJBgNVBAYTAlVTMRYwFAYD +VQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0 +L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0g +Zm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMzAxBgNVBAMTKkVudHJ1c3QgUm9vdCBD +ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEVDMTB2MBAGByqGSM49AgEGBSuBBAAi +A2IABIQTydC6bUF74mzQ61VfZgIaJPRbiWlH47jCffHyAsWfoPZb1YsGGYZPUxBt +ByQnoaD41UcZYUx9ypMn6nQM72+WCf5j7HBdNq1nd67JnXxVRDqiY1Ef9eNi1KlH +Bz7MIKNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O +BBYEFLdj5xrdjekIplWDpOBqUEFlEUJJMAoGCCqGSM49BAMDA2cAMGQCMGF52OVC +R98crlOZF7ZvHH3hvxGU0QOIdeSNiaSKd0bebWHvAvX7td/M/k7//qnmpwIwW5nX +hTcGtXsI/esni0qU+eH6p44mCOh8kmhtc9hvJqwhAriZtyZBWyVgrtBIGu4G +-----END CERTIFICATE----- +=== /C=US/O=Entrust, Inc./OU=www.entrust.net/CPS is incorporated by reference/OU=(c) 2006 Entrust, Inc./CN=Entrust Root Certification Authority +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1164660820 (0x456b5054) + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Nov 27 20:23:42 2006 GMT + Not After : Nov 27 20:53:42 2026 GMT + Subject: C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Private Key Usage Period: + Not Before: Nov 27 20:23:42 2006 GMT, Not After: Nov 27 20:53:42 2026 GMT + X509v3 Authority Key Identifier: + keyid:68:90:E4:67:A4:A6:53:80:C7:86:66:A4:F1:F7:4B:43:FB:84:BD:6D + + X509v3 Subject Key Identifier: + 68:90:E4:67:A4:A6:53:80:C7:86:66:A4:F1:F7:4B:43:FB:84:BD:6D + 1.2.840.113533.7.65.0: + 0...V7.1:4.0.... +SHA1 Fingerprint=B3:1E:B1:B7:40:E3:6C:84:02:DA:DC:37:D4:4D:F5:D4:67:49:52:F9 +SHA256 Fingerprint=73:C1:76:43:4F:1B:C6:D5:AD:F4:5B:0E:76:E7:27:28:7C:8D:E5:76:16:C1:E6:E6:14:1A:2B:2C:BC:7D:8E:4C +-----BEGIN CERTIFICATE----- +MIIEkTCCA3mgAwIBAgIERWtQVDANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMC +VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0 +Lm5ldC9DUFMgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW +KGMpIDIwMDYgRW50cnVzdCwgSW5jLjEtMCsGA1UEAxMkRW50cnVzdCBSb290IENl +cnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MTEyNzIwMjM0MloXDTI2MTEyNzIw +NTM0MlowgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkw +NwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSBy +ZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNV +BAMTJEVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBALaVtkNC+sZtKm9I35RMOVcF7sN5EUFo +Nu3s/poBj6E4KPz3EEZmLk0eGrEaTsbRwJWIsMn/MYszA9u3g3s+IIRe7bJWKKf4 +4LlAcTfFy0cOlypowCKVYhXbR9n10Cv/gkvJrT7eTNuQgFA/CYqEAOwwCj0Yzfv9 +KlmaI5UXLEWeH25DeW0MXJj+SKfFI0dcXv1u5x609mhF0YaDW6KKjbHjKYD+JXGI +rb68j6xSlkuqUY3kEzEZ6E5Nn9uss2rVvDlUccp6en+Q3X0dgNmBu1kmwhH+5pPi +94DkZfs0Nw4pgHBNrziGLp5/V6+eF67rHMsoIV+2HNjnogQi+dPa2MsCAwEAAaOB +sDCBrTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zArBgNVHRAEJDAi +gA8yMDA2MTEyNzIwMjM0MlqBDzIwMjYxMTI3MjA1MzQyWjAfBgNVHSMEGDAWgBRo +kORnpKZTgMeGZqTx90tD+4S9bTAdBgNVHQ4EFgQUaJDkZ6SmU4DHhmak8fdLQ/uE +vW0wHQYJKoZIhvZ9B0EABBAwDhsIVjcuMTo0LjADAgSQMA0GCSqGSIb3DQEBBQUA +A4IBAQCT1DCw1wMgKtD5Y+iRDAUgqV8ZyntyTtSx29CW+1RaGSwMCPeyvIWonX9t +O1KzKtvn1ISMY/YPyyYBkVBs9F8U4pN0wBOeMDpQ47RgxRzwIkSNcUesyBrJ6Zua +AGAT/3B+XxFNSRuzFVJ7yVTav52Vr2ua2J7p8eRDjeIRRDq/r72DQnNSi6q7pynP +9WQcCk3RvKqsnyrQ/39/2n3qse0wJcGE2jTSW3iDVuycNsMm4hH2Z0kdkquM++v/ +eu6FSqdQgPCnXEqULl8FmTxSQeDNtGPPAUO6nIPcj2A781q0tHuu2guQOHXvgR1m +0vdXcDazv/wor3ElhVsT/h5/WrQ8 +-----END CERTIFICATE----- + +### Entrust.net + +=== /O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048) +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 946069240 (0x3863def8) + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Dec 24 17:50:51 1999 GMT + Not After : Jul 24 14:15:12 2029 GMT + Subject: O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048) + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 55:E4:81:D1:11:80:BE:D8:89:B9:08:A3:31:F9:A1:24:09:16:B9:70 +SHA1 Fingerprint=50:30:06:09:1D:97:D4:F5:AE:39:F7:CB:E7:92:7D:7D:65:2D:34:31 +SHA256 Fingerprint=6D:C4:71:72:E0:1C:BC:B0:BF:62:58:0D:89:5F:E2:B8:AC:9A:D4:F8:73:80:1E:0C:10:B9:C8:37:D2:1E:B1:77 +-----BEGIN CERTIFICATE----- +MIIEKjCCAxKgAwIBAgIEOGPe+DANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML +RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBp +bmNvcnAuIGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5 +IEVudHJ1c3QubmV0IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENlcnRp +ZmljYXRpb24gQXV0aG9yaXR5ICgyMDQ4KTAeFw05OTEyMjQxNzUwNTFaFw0yOTA3 +MjQxNDE1MTJaMIG0MRQwEgYDVQQKEwtFbnRydXN0Lm5ldDFAMD4GA1UECxQ3d3d3 +LmVudHJ1c3QubmV0L0NQU18yMDQ4IGluY29ycC4gYnkgcmVmLiAobGltaXRzIGxp +YWIuKTElMCMGA1UECxMcKGMpIDE5OTkgRW50cnVzdC5uZXQgTGltaXRlZDEzMDEG +A1UEAxMqRW50cnVzdC5uZXQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgKDIwNDgp +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArU1LqRKGsuqjIAcVFmQq +K0vRvwtKTY7tgHalZ7d4QMBzQshowNtTK91euHaYNZOLGp18EzoOH1u3Hs/lJBQe +sYGpjX24zGtLA/ECDNyrpUAkAH90lKGdCCmziAv1h3edVc3kw37XamSrhRSGlVuX +MlBvPci6Zgzj/L24ScF2iUkZ/cCovYmjZy/Gn7xxGWC4LeksyZB2ZnuU4q941mVT +XTzWnLLPKQP5L6RQstRIzgUyVYr9smRMDuSYB3Xbf9+5CFVghTAp+XtIpGmG4zU/ +HoZdenoVve8AjhUiVBcAkCaTvA5JaJG/+EfTnZVCwQ5N328mz8MYIWJmQ3DW1cAH +4QIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV +HQ4EFgQUVeSB0RGAvtiJuQijMfmhJAkWuXAwDQYJKoZIhvcNAQEFBQADggEBADub +j1abMOdTmXx6eadNl9cZlZD7Bh/KM3xGY4+WZiT6QBshJ8rmcnPyT/4xmf3IDExo +U8aAghOY+rat2l098c5u9hURlIIM7j+VrxGrD9cv3h8Dj1csHsm7mhpElesYT6Yf +zX1XEC+bBAlahLVu2B064dae0Wx5XnkcFMXj0EyTO2U87d89vqbllRrDtRnDvV5b +u/8j72gZyxKTJ1wDLW8w0B62GqzeWvfRqqgnpv55gcR5mTNXuhKwqeBCbJPKVt7+ +bYQLCIt+jerXmCHG8+c8eS9enNFMFY3h7CI3zJpDC5fcgJCNs2ebb0gIFVbPv/Er +fF6adulZkMV8gzURZVE= +-----END CERTIFICATE----- + +### FNMT-RCM + +=== /C=ES/O=FNMT-RCM/OU=AC RAIZ FNMT-RCM +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 5d:93:8d:30:67:36:c8:06:1d:1a:c7:54:84:69:07 + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Oct 29 15:59:56 2008 GMT + Not After : Jan 1 00:00:00 2030 GMT + Subject: C=ES, O=FNMT-RCM, OU=AC RAIZ FNMT-RCM + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + F7:7D:C5:FD:C4:E8:9A:1B:77:64:A7:F5:1D:A0:CC:BF:87:60:9A:6D + X509v3 Certificate Policies: + Policy: X509v3 Any Policy + CPS: http://www.cert.fnmt.es/dpcs/ + +SHA1 Fingerprint=EC:50:35:07:B2:15:C4:95:62:19:E2:A8:9A:5B:42:99:2C:4C:2C:20 +SHA256 Fingerprint=EB:C5:57:0C:29:01:8C:4D:67:B1:AA:12:7B:AF:12:F7:03:B4:61:1E:BC:17:B7:DA:B5:57:38:94:17:9B:93:FA +-----BEGIN CERTIFICATE----- +MIIFgzCCA2ugAwIBAgIPXZONMGc2yAYdGsdUhGkHMA0GCSqGSIb3DQEBCwUAMDsx +CzAJBgNVBAYTAkVTMREwDwYDVQQKDAhGTk1ULVJDTTEZMBcGA1UECwwQQUMgUkFJ +WiBGTk1ULVJDTTAeFw0wODEwMjkxNTU5NTZaFw0zMDAxMDEwMDAwMDBaMDsxCzAJ +BgNVBAYTAkVTMREwDwYDVQQKDAhGTk1ULVJDTTEZMBcGA1UECwwQQUMgUkFJWiBG +Tk1ULVJDTTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALpxgHpMhm5/ +yBNtwMZ9HACXjywMI7sQmkCpGreHiPibVmr75nuOi5KOpyVdWRHbNi63URcfqQgf +BBckWKo3Shjf5TnUV/3XwSyRAZHiItQDwFj8d0fsjz50Q7qsNI1NOHZnjrDIbzAz +WHFctPVrbtQBULgTfmxKo0nRIBnuvMApGGWn3v7v3QqQIecaZ5JCEJhfTzC8PhxF +tBDXaEAUwED653cXeuYLj2VbPNmaUtu1vZ5Gzz3rkQUCwJaydkxNEJY7kvqcfw+Z +374jNUUeAlz+taibmSXaXvMiwzn15Cou08YfxGyqxRxqAQVKL9LFwag0Jl1mpdIC +IfkYtwb1TplvqKtMUejPUBjFd8g5CSxJkjKZqLsXF3mwWsXmo8RZZUc1g16p6DUL +mbvkzSDGm0oGObVo/CK67lWMK07q87Hj/LaZmtVC+nFNCM+HHmpxffnTtOmlcYF7 +wk5HlqX2doWjKI/pgG6BU6VtX7hI+cL5NqYuSf+4lsKMB7ObiFj86xsc3i1w4peS +MKGJ47xVqCfWS+2QrYv6YyVZLag13cqXM7zlzced0ezvXg5KkAYmY6252TUtB7p2 +ZSysV4999AeU14ECll2jB0nVetBX+RvnU0Z1qrB5QstocQjpYL05ac70r8NWQMet +UqIJ5G+GR4of6ygnXYMgrwTJbFaai0b1AgMBAAGjgYMwgYAwDwYDVR0TAQH/BAUw +AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFPd9xf3E6Jobd2Sn9R2gzL+H +YJptMD4GA1UdIAQ3MDUwMwYEVR0gADArMCkGCCsGAQUFBwIBFh1odHRwOi8vd3d3 +LmNlcnQuZm5tdC5lcy9kcGNzLzANBgkqhkiG9w0BAQsFAAOCAgEAB5BK3/MjTvDD +nFFlm5wioooMhfNzKWtN/gHiqQxjAb8EZ6WdmF/9ARP67Jpi6Yb+tmLSbkyU+8B1 +RXxlDPiyN8+sD8+Nb/kZ94/sHvJwnvDKuO+3/3Y3dlv2bojzr2IyIpMNOmqOFGYM +LVN0V2Ue1bLdI4E7pWYjJ2cJj+F3qkPNZVEI7VFY/uY5+ctHhKQV8Xa7pO6kO8Rf +77IzlhEYt8llvhjho6Tc+hj507wTmzl6NLrTQfv6MooqtyuGC2mDOL7Nii4LcK2N +JpLuHvUBKwrZ1pebbuCoGRw6IYsMHkCtA+fdZn71uSANA+iW+YJF1DngoABd15jm +fZ5nc8OaKveri6E6FO80vFIOiZiaBECEHX5FaZNXzuvO+FB8TxxuBEOb+dY7Ixjp +6o7RTUaN8Tvkasq6+yO3m/qZASlaWFot4/nUbQ4mrcFuNLwy+AwF+mWj2zs3gyLp +1txyM/1d8iC9djwj2ij3+RvrWWTV3F9yfiD8zYm1kGdNYno/Tq0dwzn+evQoFt9B +9kiABdcPUXmsEKvU7ANm5mqwujGSQkBqvjrTcuFqN1W8rB2Vt2lh8kORdOag0wok +RqEIr9baRRmW1FMdW4R58MD3R++Lj8UGrp1MYp3/RgT408m2ECVAdf4WqslKYIYv +uu8wd+RU4riEmViAqhOLUTpPSPaLtrM= +-----END CERTIFICATE----- + +### GeoTrust Inc. + +=== /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 144470 (0x23456) + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: May 21 04:00:00 2002 GMT + Not After : May 21 04:00:00 2022 GMT + Subject: C=US, O=GeoTrust Inc., CN=GeoTrust Global CA + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E + X509v3 Authority Key Identifier: + keyid:C0:7A:98:68:8D:89:FB:AB:05:64:0C:11:7D:AA:7D:65:B8:CA:CC:4E + +SHA1 Fingerprint=DE:28:F4:A4:FF:E5:B9:2F:A3:C5:03:D1:A3:49:A7:F9:96:2A:82:12 +SHA256 Fingerprint=FF:85:6A:2D:25:1D:CD:88:D3:66:56:F4:50:12:67:98:CF:AB:AA:DE:40:79:9C:72:2D:E4:D2:B5:DB:36:A7:3A +-----BEGIN CERTIFICATE----- +MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT +MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i +YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG +EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg +R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9 +9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq +fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv +iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU +1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+ +bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW +MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA +ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l +uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn +Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS +tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF +PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un +hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV +5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw== +-----END CERTIFICATE----- +=== /C=US/O=GeoTrust Inc./CN=GeoTrust Primary Certification Authority +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 18:ac:b5:6a:fd:69:b6:15:3a:63:6c:af:da:fa:c4:a1 + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Nov 27 00:00:00 2006 GMT + Not After : Jul 16 23:59:59 2036 GMT + Subject: C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + 2C:D5:50:41:97:15:8B:F0:8F:36:61:5B:4A:FB:6B:D9:99:C9:33:92 +SHA1 Fingerprint=32:3C:11:8E:1B:F7:B8:B6:52:54:E2:E2:10:0D:D6:02:90:37:F0:96 +SHA256 Fingerprint=37:D5:10:06:C5:12:EA:AB:62:64:21:F1:EC:8C:92:01:3F:C5:F8:2A:E9:8E:E5:33:EB:46:19:B8:DE:B4:D0:6C +-----BEGIN CERTIFICATE----- +MIIDfDCCAmSgAwIBAgIQGKy1av1pthU6Y2yv2vrEoTANBgkqhkiG9w0BAQUFADBY +MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjExMC8GA1UEAxMo +R2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEx +MjcwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMFgxCzAJBgNVBAYTAlVTMRYwFAYDVQQK +Ew1HZW9UcnVzdCBJbmMuMTEwLwYDVQQDEyhHZW9UcnVzdCBQcmltYXJ5IENlcnRp +ZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEAvrgVe//UfH1nrYNke8hCUy3f9oQIIGHWAVlqnEQRr+92/ZV+zmEwu3qDXwK9 +AWbK7hWNb6EwnL2hhZ6UOvNWiAAxz9juapYC2e0DjPt1befquFUWBRaa9OBesYjA +ZIVcFU2Ix7e64HXprQU9nceJSOC7KMgD4TCTZF5SwFlwIjVXiIrxlQqD17wxcwE0 +7e9GceBrAqg1cmuXm2bgyxx5X9gaBGgeRwLmnWDiNpcB3841kt++Z8dtd1k7j53W +kBWUvEI0EME5+bEnPn7WinXFsq+W06Lem+SYvn3h6YGttm/81w7a4DSwDRp35+MI +mO9Y+pyEtzavwt+s0vQQBnBxNQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4G +A1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQULNVQQZcVi/CPNmFbSvtr2ZnJM5IwDQYJ +KoZIhvcNAQEFBQADggEBAFpwfyzdtzRP9YZRqSa+S7iq8XEN3GHHoOo0Hnp3DwQ1 +6CePbJC/kRYkRj5KTs4rFtULUh38H2eiAkUxT87z+gOneZ1TatnaYzr4gNfTmeGl +4b7UVXGYNTq+k+qurUKykG/g/CFNNWMziUnWm07Kx+dOCQD32sfvmWKZd7aVIl6K +oKv0uHiYyjgZmclynnjNS6yvGaBzEi38wkG6gZHaFloxt/m0cYASSJlyc1pZU8Fj +UjPtp8nSOQJw+uCxQmYpqptR7TBUIhRf2asdweSU8Pj1K/fqynhG1riR/aYNKxoU +AT6A8EKglQdebc3MS6RFjasS6LPeWuWgfOgPIh1a6Vk= +-----END CERTIFICATE----- +=== /C=US/O=GeoTrust Inc./CN=GeoTrust Universal CA +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Mar 4 05:00:00 2004 GMT + Not After : Mar 4 05:00:00 2029 GMT + Subject: C=US, O=GeoTrust Inc., CN=GeoTrust Universal CA + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + DA:BB:2E:AA:B0:0C:B8:88:26:51:74:5C:6D:03:D3:C0:D8:8F:7A:D6 + X509v3 Authority Key Identifier: + keyid:DA:BB:2E:AA:B0:0C:B8:88:26:51:74:5C:6D:03:D3:C0:D8:8F:7A:D6 + + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign +SHA1 Fingerprint=E6:21:F3:35:43:79:05:9A:4B:68:30:9D:8A:2F:74:22:15:87:EC:79 +SHA256 Fingerprint=A0:45:9B:9F:63:B2:25:59:F5:FA:5D:4C:6D:B3:F9:F7:2F:F1:93:42:03:35:78:F0:73:BF:1D:1B:46:CB:B9:12 +-----BEGIN CERTIFICATE----- +MIIFaDCCA1CgAwIBAgIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJVUzEW +MBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEeMBwGA1UEAxMVR2VvVHJ1c3QgVW5pdmVy +c2FsIENBMB4XDTA0MDMwNDA1MDAwMFoXDTI5MDMwNDA1MDAwMFowRTELMAkGA1UE +BhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xHjAcBgNVBAMTFUdlb1RydXN0 +IFVuaXZlcnNhbCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKYV +VaCjxuAfjJ0hUNfBvitbtaSeodlyWL0AG0y/YckUHUWCq8YdgNY96xCcOq9tJPi8 +cQGeBvV8Xx7BDlXKg5pZMK4ZyzBIle0iN430SppyZj6tlcDgFgDgEB8rMQ7XlFTT +QjOgNB0eRXbdT8oYN+yFFXoZCPzVx5zw8qkuEKmS5j1YPakWaDwvdSEYfyh3peFh +F7em6fgemdtzbvQKoiFs7tqqhZJmr/Z6a4LauiIINQ/PQvE1+mrufislzDoR5G2v +c7J2Ha3QsnhnGqQ5HFELZ1aD/ThdDc7d8Lsrlh/eezJS/R27tQahsiFepdaVaH/w +mZ7cRQg+59IJDTWU3YBOU5fXtQlEIGQWFwMCTFMNaN7VqnJNk22CDtucvc+081xd +VHppCZbW2xHBjXWotM85yM48vCR85mLK4b19p71XZQvk/iXttmkQ3CgaRr0BHdCX +teGYO8A3ZNY9lO4L4fUorgtWv3GLIylBjobFS1J72HGrH4oVpjuDWtdYAVHGTEHZ +f9hBZ3KiKN9gg6meyHv8U3NyWfWTehd2Ds735VzZC1U0oqpbtWpU5xPKV+yXbfRe +Bi9Fi1jUIxaS5BZuKGNZMN9QAZxjiRqf2xeUgnA3wySemkfWWspOqGmJch+RbNt+ +nhutxx9z3SxPGWX9f5NAEC7S8O08ni4oPmkmM8V7AgMBAAGjYzBhMA8GA1UdEwEB +/wQFMAMBAf8wHQYDVR0OBBYEFNq7LqqwDLiIJlF0XG0D08DYj3rWMB8GA1UdIwQY +MBaAFNq7LqqwDLiIJlF0XG0D08DYj3rWMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG +9w0BAQUFAAOCAgEAMXjmx7XfuJRAyXHEqDXsRh3ChfMoWIawC/yOsjmPRFWrZIRc +aanQmjg8+uUfNeVE44B5lGiku8SfPeE0zTBGi1QrlaXv9z+ZhP015s8xxtxqv6fX +IwjhmF7DWgh2qaavdy+3YL1ERmrvl/9zlcGO6JP7/TG37FcREUWbMPEaiDnBTzyn +ANXH/KttgCJwpQzgXQQpAvvLoJHRfNbDflDVnVi+QTjruXU8FdmbyUqDWcDaU/0z +uzYYm4UPFd3uLax2k7nZAY1IEKj79TiG8dsKxr2EoyNB3tZ3b4XUhRxQ4K5RirqN +Pnbiucon8l+f725ZDQbYKxek0nxru18UGkiPGkzns0ccjkxFKyDuSN/n3QmOGKja +QI2SJhFTYXNd673nxE0pN2HrrDktZy4W1vUAg4WhzH92xH3kt0tm7wNFYGm2DFKW +koRepqO1pD4r2czYG0eq8kTaT/kD6PAUyz/zg97QwVTjt+gKN02LIFkDMBmhLMi9 +ER/frslKxfMnZmaGrGiR/9nmUxwPi1xpZQomyB40w11Re9epnAahNt3ViZS82eQt +DF4JbAiXfKM9fJP/P6EUp8+1Xevb2xzEdt+Iub1FBZUbrvxGakyvSOPOrg/Sfuvm +bJxPgWp6ZKy7PtXny3YuxadIwVyQD8vIP/rmMuGNG2+k5o7Y+SlIis5z/iw= +-----END CERTIFICATE----- +=== /C=US/O=GeoTrust Inc./CN=GeoTrust Universal CA 2 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Mar 4 05:00:00 2004 GMT + Not After : Mar 4 05:00:00 2029 GMT + Subject: C=US, O=GeoTrust Inc., CN=GeoTrust Universal CA 2 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 76:F3:55:E1:FA:A4:36:FB:F0:9F:5C:62:71:ED:3C:F4:47:38:10:2B + X509v3 Authority Key Identifier: + keyid:76:F3:55:E1:FA:A4:36:FB:F0:9F:5C:62:71:ED:3C:F4:47:38:10:2B + + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign +SHA1 Fingerprint=37:9A:19:7B:41:85:45:35:0C:A6:03:69:F3:3C:2E:AF:47:4F:20:79 +SHA256 Fingerprint=A0:23:4F:3B:C8:52:7C:A5:62:8E:EC:81:AD:5D:69:89:5D:A5:68:0D:C9:1D:1C:B8:47:7F:33:F8:78:B9:5B:0B +-----BEGIN CERTIFICATE----- +MIIFbDCCA1SgAwIBAgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEW +MBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXR2VvVHJ1c3QgVW5pdmVy +c2FsIENBIDIwHhcNMDQwMzA0MDUwMDAwWhcNMjkwMzA0MDUwMDAwWjBHMQswCQYD +VQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXR2VvVHJ1 +c3QgVW5pdmVyc2FsIENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQCzVFLByT7y2dyxUxpZKeexw0Uo5dfR7cXFS6GqdHtXr0om/Nj1XqduGdt0DE81 +WzILAePb63p3NeqqWuDW6KFXlPCQo3RWlEQwAx5cTiuFJnSCegx2oG9NzkEtoBUG +FF+3Qs17j1hhNNwqCPkuwwGmIkQcTAeC5lvO0Ep8BNMZcyfwqph/Lq9O64ceJHdq +XbboW0W63MOhBW9Wjo8QJqVJwy7XQYci4E+GymC16qFjwAGXEHm9ADwSbSsVsaxL +se4YuU6W3Nx2/zu+z18DwPw76L5GG//aQMJS9/7jOvdqdzXQ2o3rXhhqMcceujwb +KNZrVMaqW9eiLBsZzKIC9ptZvTdrhrVtgrrY6slWvKk2WP0+GfPtDCapkzj4T8Fd +IgbQl+rhrcZV4IErKIM6+vR7IVEAvlI4zs1meaj0gVbi0IMJR1FbUGrP20gaXT73 +y/Zl92zxlfgCOzJWgjl6W70viRu/obTo/3+NjN8D8WBOWBFM66M/ECuDmgFz2ZRt +hAAnZqzwcEAJQpKtT5MNYQlRJNiS1QuUYbKHsu3/mjX/hVTK7URDrBs8FmtISgoc +QIgfksILAAX/8sgCSqSqqcyZlpwvWOB94b67B9xfBHJcMTTD7F8t4D1kkCLm0ey4 +Lt1ZrtmhN79UNdxzMk+MBB4zsslG8dhcyFVQyWi9qLo2CQIDAQABo2MwYTAPBgNV +HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR281Xh+qQ2+/CfXGJx7Tz0RzgQKzAfBgNV +HSMEGDAWgBR281Xh+qQ2+/CfXGJx7Tz0RzgQKzAOBgNVHQ8BAf8EBAMCAYYwDQYJ +KoZIhvcNAQEFBQADggIBAGbBxiPz2eAubl/oz66wsCVNK/g7WJtAJDday6sWSf+z +dXkzoS9tcBc0kf5nfo/sm+VegqlVHy/c1FEHEv6sFj4sNcZj/NwQ6w2jqtB8zNHQ +L1EuxBRa3ugZ4T7GzKQp5y6EqgYweHZUcyiYWTjgAA1i00J9IZ+uPTqM1fp3DRgr +Fg5fNuH8KrUwJM/gYwx7WBr+mbpCErGR9Hxo4sjoryzqyX6uuyo9DRXcNJW2GHSo +ag/HtPQTxORb7QrSpJdMKu0vbBKJPfEncKpqA1Ihn0CoZ1Dy81of398j9tx4TuaY +T1U6U+Pv8vSfx3zYWK8pIpe44L2RLrB27FcRz+8pRPPphXpgY+RdM4kX2TGq2tbz +GDVyz4crL2MjhF2EjD9XoIj8mZEoJmmZ1I+XRL6O1UixpCgp8RW04eWe3fiPpm8m +1wk8OhwRDqZsN/etRIcsKMfYdIKz0G9KV7s1KSegi+ghp4dkNl3M2Basx7InQJJV +OCiNUW7dFGdTbHFcJoRNdVq2fmBWqU2t+5sel/MN2dKXVHfaPRK34B7vCAas+YWH +6aLcr34YEoP9VhdBLtUpgn2Z9DH2canPLAEnpQW5qrJITirvn5NSUZU8UnOOVkwX +QMAJKOSLakhT2+zNVVXxxvjpoixMptEmX36vWkzaH6byHCx+rgIW0lbQL1dTR+iS +-----END CERTIFICATE----- +=== /C=US/O=GeoTrust Inc./OU=(c) 2007 GeoTrust Inc. - For authorized use only/CN=GeoTrust Primary Certification Authority - G2 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3c:b2:f4:48:0a:00:e2:fe:eb:24:3b:5e:60:3e:c3:6b + Signature Algorithm: ecdsa-with-SHA384 + Validity + Not Before: Nov 5 00:00:00 2007 GMT + Not After : Jan 18 23:59:59 2038 GMT + Subject: C=US, O=GeoTrust Inc., OU=(c) 2007 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G2 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + 15:5F:35:57:51:55:FB:25:B2:AD:03:69:FC:01:A3:FA:BE:11:55:D5 +SHA1 Fingerprint=8D:17:84:D5:37:F3:03:7D:EC:70:FE:57:8B:51:9A:99:E6:10:D7:B0 +SHA256 Fingerprint=5E:DB:7A:C4:3B:82:A0:6A:87:61:E8:D7:BE:49:79:EB:F2:61:1F:7D:D7:9B:F9:1C:1C:6B:56:6A:21:9E:D7:66 +-----BEGIN CERTIFICATE----- +MIICrjCCAjWgAwIBAgIQPLL0SAoA4v7rJDteYD7DazAKBggqhkjOPQQDAzCBmDEL +MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsTMChj +KSAyMDA3IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTE2 +MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 +eSAtIEcyMB4XDTA3MTEwNTAwMDAwMFoXDTM4MDExODIzNTk1OVowgZgxCzAJBgNV +BAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykgMjAw +NyBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNV +BAMTLUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBH +MjB2MBAGByqGSM49AgEGBSuBBAAiA2IABBWx6P0DFUPlrOuHNxFi79KDNlJ9RVcL +So17VDs6bl8VAsBQps8lL33KSLjHUGMcKiEIfJo22Av+0SbFWDEwKCXzXV2juLal +tJLtbCyf691DiaI8S0iRHVDsJt/WYC69IaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO +BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBVfNVdRVfslsq0DafwBo/q+EVXVMAoG +CCqGSM49BAMDA2cAMGQCMGSWWaboCd6LuvpaiIjwH5HTRqjySkwCY/tsXzjbLkGT +qQ7mndwxHLKgpxgceeHHNgIwOlavmnRs9vuD4DPTCF+hnMJbn0bWtsuRBmOiBucz +rD6ogRLQy7rQkgu2npaqBA+K +-----END CERTIFICATE----- +=== /C=US/O=GeoTrust Inc./OU=(c) 2008 GeoTrust Inc. - For authorized use only/CN=GeoTrust Primary Certification Authority - G3 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 15:ac:6e:94:19:b2:79:4b:41:f6:27:a9:c3:18:0f:1f + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Apr 2 00:00:00 2008 GMT + Not After : Dec 1 23:59:59 2037 GMT + Subject: C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + C4:79:CA:8E:A1:4E:03:1D:1C:DC:6B:DB:31:5B:94:3E:3F:30:7F:2D +SHA1 Fingerprint=03:9E:ED:B8:0B:E7:A0:3C:69:53:89:3B:20:D2:D9:32:3A:4C:2A:FD +SHA256 Fingerprint=B4:78:B8:12:25:0D:F8:78:63:5C:2A:A7:EC:7D:15:5E:AA:62:5E:E8:29:16:E2:CD:29:43:61:88:6C:D1:FB:D4 +-----BEGIN CERTIFICATE----- +MIID/jCCAuagAwIBAgIQFaxulBmyeUtB9iepwxgPHzANBgkqhkiG9w0BAQsFADCB +mDELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsT +MChjKSAyMDA4IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25s +eTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhv +cml0eSAtIEczMB4XDTA4MDQwMjAwMDAwMFoXDTM3MTIwMTIzNTk1OVowgZgxCzAJ +BgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykg +MjAwOCBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0 +BgNVBAMTLUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg +LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANziXmJYHTNXOTIz ++uvLh4yn1ErdBojqZI4xmKU4kB6Yzy5jK/BGvESyiaHAKAxJcCGVn2TAppMSAmUm +hsalifD614SgcK9PGpc/BkTVyetyEH3kMSj7HGHmKAdEc5IiaacDiGydY8hS2pgn +5whMcD60yRLBxWeDXTPzAxHsatBT4tG6NmCUgLthY2xbF37fQJQeqw3CIShwiP/W +JmxsYAQlTlV+fe+/lEjetx3dcI0FX4ilm/LC7urRQEFtYjgdVgbFA0dRIBn8exAL +DmKudlW/X3e+PkkBUz2YJQN2JFodtNuJ6nnltrM7P7pMKEF/BqxqjsHQ9gUdfeZC +huOl1UcCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw +HQYDVR0OBBYEFMR5yo6hTgMdHNxr2zFblD4/MH8tMA0GCSqGSIb3DQEBCwUAA4IB +AQAtxRPPVoB7eni9n64smefv2t+UXglpp+duaIy9cr5HqQ6XErhK8WTTOd8lNNTB +zU6B8A8ExCSzNJbGpqow32hhc9f5joWJ7w5elShKKiePEI4ufIbEAp7aDHdlDkQN +kv39sxY2+hENHYwOB4lqKVb3cvTdFZx3NWZXqxNT2I7BQMXXExZacse3aQHEerGD +AWh9jUGhlBjBJVz88P6DAod8DQ3PLghcSkANPuyBYeYk28rgDi0Hsj5W3I31QYUH +SJsMC8tJP33st/3LjWeJGqvtux6jAAgIFyqCXDFdRootD4abdNlF+9RAsXqqaC2G +spki4cErx5z481+oghLrGREt +-----END CERTIFICATE----- + +### GlobalSign + +=== /OU=GlobalSign ECC Root CA - R4/O=GlobalSign/CN=GlobalSign +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2a:38:a4:1c:96:0a:04:de:42:b2:28:a5:0b:e8:34:98:02 + Signature Algorithm: ecdsa-with-SHA256 + Validity + Not Before: Nov 13 00:00:00 2012 GMT + Not After : Jan 19 03:14:07 2038 GMT + Subject: OU=GlobalSign ECC Root CA - R4, O=GlobalSign, CN=GlobalSign + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 54:B0:7B:AD:45:B8:E2:40:7F:FB:0A:6E:FB:BE:33:C9:3C:A3:84:D5 +SHA1 Fingerprint=69:69:56:2E:40:80:F4:24:A1:E7:19:9F:14:BA:F3:EE:58:AB:6A:BB +SHA256 Fingerprint=BE:C9:49:11:C2:95:56:76:DB:6C:0A:55:09:86:D7:6E:3B:A0:05:66:7C:44:2C:97:62:B4:FB:B7:73:DE:22:8C +-----BEGIN CERTIFICATE----- +MIIB4TCCAYegAwIBAgIRKjikHJYKBN5CsiilC+g0mAIwCgYIKoZIzj0EAwIwUDEk +MCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI0MRMwEQYDVQQKEwpH +bG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoX +DTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBD +QSAtIFI0MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuMZ5049sJQ6fLjkZHAOkrprlOQcJ +FspjsbmG+IpXwVfOQvpzofdlQv8ewQCybnMO/8ch5RikqtlxP6jUuc6MHaNCMEAw +DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFFSwe61F +uOJAf/sKbvu+M8k8o4TVMAoGCCqGSM49BAMCA0gAMEUCIQDckqGgE6bPA7DmxCGX +kPoUVy0D7O48027KqGx2vKLeuwIgJ6iFJzWbVsaj8kfSt24bAgAXqmemFZHe+pTs +ewv4n4Q= +-----END CERTIFICATE----- +=== /OU=GlobalSign ECC Root CA - R5/O=GlobalSign/CN=GlobalSign +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 60:59:49:e0:26:2e:bb:55:f9:0a:77:8a:71:f9:4a:d8:6c + Signature Algorithm: ecdsa-with-SHA384 + Validity + Not Before: Nov 13 00:00:00 2012 GMT + Not After : Jan 19 03:14:07 2038 GMT + Subject: OU=GlobalSign ECC Root CA - R5, O=GlobalSign, CN=GlobalSign + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 3D:E6:29:48:9B:EA:07:CA:21:44:4A:26:DE:6E:DE:D2:83:D0:9F:59 +SHA1 Fingerprint=1F:24:C6:30:CD:A4:18:EF:20:69:FF:AD:4F:DD:5F:46:3A:1B:69:AA +SHA256 Fingerprint=17:9F:BC:14:8A:3D:D0:0F:D2:4E:A1:34:58:CC:43:BF:A7:F5:9C:81:82:D7:83:A5:13:F6:EB:EC:10:0C:89:24 +-----BEGIN CERTIFICATE----- +MIICHjCCAaSgAwIBAgIRYFlJ4CYuu1X5CneKcflK2GwwCgYIKoZIzj0EAwMwUDEk +MCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI1MRMwEQYDVQQKEwpH +bG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoX +DTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBD +QSAtIFI1MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu +MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAER0UOlvt9Xb/pOdEh+J8LttV7HpI6SFkc +8GIxLcB6KP4ap1yztsyX50XUWPrRd21DosCHZTQKH3rd6zwzocWdTaRvQZU4f8ke +hOvRnkmSh5SHDDqFSmafnVmTTZdhBoZKo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYD +VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUPeYpSJvqB8ohREom3m7e0oPQn1kwCgYI +KoZIzj0EAwMDaAAwZQIxAOVpEslu28YxuglB4Zf4+/2a4n0Sye18ZNPLBSWLVtmg +515dTguDnFt2KaAJJiFqYgIwcdK1j1zqO+F4CYWodZI7yFz9SO8NdCKoCOJuxUnO +xwy8p2Fp8fc74SrL+SvzZpA3 +-----END CERTIFICATE----- +=== /OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 04:00:00:00:00:01:0f:86:26:e6:0d + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Dec 15 08:00:00 2006 GMT + Not After : Dec 15 08:00:00 2021 GMT + Subject: OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 9B:E2:07:57:67:1C:1E:C0:6A:06:DE:59:B4:9A:2D:DF:DC:19:86:2E + X509v3 CRL Distribution Points: + + Full Name: + URI:http://crl.globalsign.net/root-r2.crl + + X509v3 Authority Key Identifier: + keyid:9B:E2:07:57:67:1C:1E:C0:6A:06:DE:59:B4:9A:2D:DF:DC:19:86:2E + +SHA1 Fingerprint=75:E0:AB:B6:13:85:12:27:1C:04:F8:5F:DD:DE:38:E4:B7:24:2E:FE +SHA256 Fingerprint=CA:42:DD:41:74:5F:D0:B8:1E:B9:02:36:2C:F9:D8:BF:71:9D:A1:BD:1B:1E:FC:94:6F:5B:4C:99:F4:2C:1B:9E +-----BEGIN CERTIFICATE----- +MIIDujCCAqKgAwIBAgILBAAAAAABD4Ym5g0wDQYJKoZIhvcNAQEFBQAwTDEgMB4G +A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjIxEzARBgNVBAoTCkdsb2JhbFNp +Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDYxMjE1MDgwMDAwWhcNMjExMjE1 +MDgwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG +A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAKbPJA6+Lm8omUVCxKs+IVSbC9N/hHD6ErPL +v4dfxn+G07IwXNb9rfF73OX4YJYJkhD10FPe+3t+c4isUoh7SqbKSaZeqKeMWhG8 +eoLrvozps6yWJQeXSpkqBy+0Hne/ig+1AnwblrjFuTosvNYSuetZfeLQBoZfXklq +tTleiDTsvHgMCJiEbKjNS7SgfQx5TfC4LcshytVsW33hoCmEofnTlEnLJGKRILzd +C9XZzPnqJworc5HGnRusyMvo4KD0L5CLTfuwNhv2GXqF4G3yYROIXJ/gkwpRl4pa +zq+r1feqCapgvdzZX99yqWATXgAByUr6P6TqBwMhAo6CygPCm48CAwEAAaOBnDCB +mTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUm+IH +V2ccHsBqBt5ZtJot39wZhi4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5n +bG9iYWxzaWduLm5ldC9yb290LXIyLmNybDAfBgNVHSMEGDAWgBSb4gdXZxwewGoG +3lm0mi3f3BmGLjANBgkqhkiG9w0BAQUFAAOCAQEAmYFThxxol4aR7OBKuEQLq4Gs +J0/WwbgcQ3izDJr86iw8bmEbTUsp9Z8FHSbBuOmDAGJFtqkIk7mpM0sYmsL4h4hO +291xNBrBVNpGP+DTKqttVCL1OmLNIG+6KYnX3ZHu01yiPqFbQfXf5WRDLenVOavS +ot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd +AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7 +TBj0/VLZjmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg== +-----END CERTIFICATE----- +=== /OU=GlobalSign Root CA - R3/O=GlobalSign/CN=GlobalSign +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 04:00:00:00:00:01:21:58:53:08:a2 + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Mar 18 10:00:00 2009 GMT + Not After : Mar 18 10:00:00 2029 GMT + Subject: OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 8F:F0:4B:7F:A8:2E:45:24:AE:4D:50:FA:63:9A:8B:DE:E2:DD:1B:BC +SHA1 Fingerprint=D6:9B:56:11:48:F0:1C:77:C5:45:78:C1:09:26:DF:5B:85:69:76:AD +SHA256 Fingerprint=CB:B5:22:D7:B7:F1:27:AD:6A:01:13:86:5B:DF:1C:D4:10:2E:7D:07:59:AF:63:5A:7C:F4:72:0D:C9:63:C5:3B +-----BEGIN CERTIFICATE----- +MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4G +A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNp +Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4 +MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEG +A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8 +RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsT +gHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmm +KPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zd +QQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZ +XriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAw +DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+o +LkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZU +RUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMp +jjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK +6fBdRoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQX +mcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecs +Mx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH +WD9f +-----END CERTIFICATE----- + +### GlobalSign nv-sa + +=== /C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 04:00:00:00:00:01:15:4b:5a:c3:94 + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Sep 1 12:00:00 1998 GMT + Not After : Jan 28 12:00:00 2028 GMT + Subject: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 60:7B:66:1A:45:0D:97:CA:89:50:2F:7D:04:CD:34:A8:FF:FC:FD:4B +SHA1 Fingerprint=B1:BC:96:8B:D4:F4:9D:62:2A:A8:9A:81:F2:15:01:52:A4:1D:82:9C +SHA256 Fingerprint=EB:D4:10:40:E4:BB:3E:C7:42:C9:E3:81:D3:1E:F2:A4:1A:48:B6:68:5C:96:E7:CE:F3:C1:DF:6C:D4:33:1C:99 +-----BEGIN CERTIFICATE----- +MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG +A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv +b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw +MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i +YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT +aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ +jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp +xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp +1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG +snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ +U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8 +9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E +BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B +AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz +yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE +38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP +AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad +DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME +HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A== +-----END CERTIFICATE----- + +### GoDaddy.com, Inc. + +=== /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 0 (0x0) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Sep 1 00:00:00 2009 GMT + Not After : Dec 31 23:59:59 2037 GMT + Subject: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + 3A:9A:85:07:10:67:28:B6:EF:F6:BD:05:41:6E:20:C1:94:DA:0F:DE +SHA1 Fingerprint=47:BE:AB:C9:22:EA:E8:0E:78:78:34:62:A7:9F:45:C2:54:FD:E6:8B +SHA256 Fingerprint=45:14:0B:32:47:EB:9C:C8:C5:B4:F0:D7:B5:30:91:F7:32:92:08:9E:6E:5A:63:E2:74:9D:D3:AC:A9:19:8E:DA +-----BEGIN CERTIFICATE----- +MIIDxTCCAq2gAwIBAgIBADANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx +EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoT +EUdvRGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRp +ZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIz +NTk1OVowgYMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQH +EwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjExMC8GA1UE +AxMoR28gRGFkZHkgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL9xYgjx+lk09xvJGKP3gElY6SKD +E6bFIEMBO4Tx5oVJnyfq9oQbTqC023CYxzIBsQU+B07u9PpPL1kwIuerGVZr4oAH +/PMWdYA5UXvl+TW2dE6pjYIT5LY/qQOD+qK+ihVqf94Lw7YZFAXK6sOoBJQ7Rnwy +DfMAZiLIjWltNowRGLfTshxgtDj6AozO091GB94KPutdfMh8+7ArU6SSYmlRJQVh +GkSBjCypQ5Yj36w6gZoOKcUcqeldHraenjAKOc7xiID7S13MMuyFYkMlNAJWJwGR +tDtwKj9useiciAF9n9T521NtYJ2/LOdYq7hfRvzOxBsDPAnrSTFcaUaz4EcCAwEA +AaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE +FDqahQcQZyi27/a9BUFuIMGU2g/eMA0GCSqGSIb3DQEBCwUAA4IBAQCZ21151fmX +WWcDYfF+OwYxdS2hII5PZYe096acvNjpL9DbWu7PdIxztDhC2gV7+AJ1uP2lsdeu +9tfeE8tTEH6KRtGX+rcuKxGrkLAngPnon1rpN5+r5N9ss4UXnT3ZJE95kTXWXwTr +gIOrmgIttRD02JDHBHNA7XIloKmf7J6raBKZV8aPEjoJpL1E/QYVN8Gb5DKj7Tjo +2GTzLH4U/ALqn83/B2gX2yKQOC16jdFU8WnjXzPKej17CuPKf1855eJ1usV2GDPO +LPAvTK33sefOT6jEm0pUBsV/fdUID+Ic/n4XuKxe9tQWskMJDE32p2u0mYRlynqI +4uJEvlz36hz1 +-----END CERTIFICATE----- + +### Government Root Certification Authority + +=== /C=TW/O=Government Root Certification Authority +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 1f:9d:59:5a:d7:2f:c2:06:44:a5:80:08:69:e3:5e:f6 + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Dec 5 13:23:33 2002 GMT + Not After : Dec 5 13:23:33 2032 GMT + Subject: C=TW, O=Government Root Certification Authority + X509v3 extensions: + X509v3 Subject Key Identifier: + CC:CC:EF:CC:29:60:A4:3B:B1:92:B6:3C:FA:32:62:8F:AC:25:15:3B + X509v3 Basic Constraints: + CA:TRUE + setCext-hashedRoot: + 0/0-...0...+......0...g*........"...(6....2.1:.Qe +SHA1 Fingerprint=F4:8B:11:BF:DE:AB:BE:94:54:20:71:E6:41:DE:6B:BE:88:2B:40:B9 +SHA256 Fingerprint=76:00:29:5E:EF:E8:5B:9E:1F:D6:24:DB:76:06:2A:AA:AE:59:81:8A:54:D2:77:4C:D4:C0:B2:C0:11:31:E1:B3 +-----BEGIN CERTIFICATE----- +MIIFcjCCA1qgAwIBAgIQH51ZWtcvwgZEpYAIaeNe9jANBgkqhkiG9w0BAQUFADA/ +MQswCQYDVQQGEwJUVzEwMC4GA1UECgwnR292ZXJubWVudCBSb290IENlcnRpZmlj +YXRpb24gQXV0aG9yaXR5MB4XDTAyMTIwNTEzMjMzM1oXDTMyMTIwNTEzMjMzM1ow +PzELMAkGA1UEBhMCVFcxMDAuBgNVBAoMJ0dvdmVybm1lbnQgUm9vdCBDZXJ0aWZp +Y2F0aW9uIEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB +AJoluOzMonWoe/fOW1mKydGGEghU7Jzy50b2iPN86aXfTEc2pBsBHH8eV4qNw8XR +IePaJD9IK/ufLqGU5ywck9G/GwGHU5nOp/UKIXZ3/6m3xnOUT0b3EEk3+qhZSV1q +gQdW8or5BtD3cCJNtLdBuTK4sfCxw5w/cP1T3YGq2GN49thTbqGsaoQkclSGxtKy +yhwOeYHWtXBiCAEuTk8O1RGvqa/lmr/czIdtJuTJV6L7lvnM4T9TjGxMfptTCAts +F/tnyMKtsc2AtJfcdgEWFelq16TheEfOhtX7MfP6Mb40qij7cEwdScevLJ1tZqa2 +jWR+tSBqnTuBto9AAGdLiYa4zGX+FVPpBMHWXx1E1wovJ5pGfaENda1UhhXcSTvx +ls4Pm6Dso3pdvtUqdULle96ltqqvKKyskKw4t9VoNSZ63Pc78/1Fm9G7Q3hub/FC +VGqY8A2tl+lSXunVanLeavcbYBT0peS2cWeqH+riTcFCQP5nRhc4L0c/cZyu5SHK +YS1tB6iEfC3uUSXxY5Ce/eFXiGvviiNtsea9P63RPZYLhY3Naye7twWb7LuRqQoH +EgKXTiCQ8P8NHuJBO9NAOueNXdpm5AKwB1KYXA6OM5zCppX7VRluTI6uSw+9wThN +Xo+EHWbNxWCWtFJaBYmOlXqYwZE8lSOyDvR5tMl8wUohAgMBAAGjajBoMB0GA1Ud +DgQWBBTMzO/MKWCkO7GStjz6MmKPrCUVOzAMBgNVHRMEBTADAQH/MDkGBGcqBwAE +MTAvMC0CAQAwCQYFKw4DAhoFADAHBgVnKgMAAAQUA5vwIhP/lSg209yewDL7MTqK +UWUwDQYJKoZIhvcNAQEFBQADggIBAECASvomyc5eMN1PhnR2WPWus4MzeKR6dBcZ +TulStbngCnRiqmjKeKBMmo4sIy7VahIkv9Ro04rQ2JyftB8M3jh+Vzj8jeJPXgyf +qzvS/3WXy6TjZwj/5cAWtUgBfen5Cv8b5Wppv3ghqMKnI6mGq3ZW6A4M9hPdKmaK +ZEk9GhiHkASfQlK3T8v+R0F2Ne//AHY2RTKbxkaFXeIksB7jSJaYV0eUVXoPQbFE +JPPB/hprv4j9wabak2BegUqZIJxIZhm1AHlUD7gsL0u8qV1bYH+Mh6XgUmMqvtg7 +hUAV/h62ZT/FS9p+tXo1KaMuephgIqP0fSdOLeq0dDzpD6QzDxARvBMB1uUO07+1 +EqLhRSPAzAhuYbeJq4PjJB7mXQfnHyA+z2fI56wwbSdLaG5LKlwCCDTb+HbkZ6Mm +nD+iMsJKxYEYMRBWqoTvLQr/uB930r+lWKBi5NdLkXWNiYCYfm3LU05er/ayl4WX +udpVBrkk7tfGOB5jGxI7leFYrPLfhNVfmS8NVVvmONsuP3LpSIXLuykTjx44Vbnz +ssQwmSNOXfJIoRIM3BKQCZBUkQM8R+XVyWXgt0t97EfTsws+rZ7QdAAO671RrcDe +LMDDav7v3Aun+kbfYNucpllQdSNpc5Oy+fwC00fmcc4QAu4njIT/rEUNE1yDMuAl +pYYsfPQS +-----END CERTIFICATE----- + +### GUANG DONG CERTIFICATE AUTHORITY CO.,LTD. + +=== /C=CN/O=GUANG DONG CERTIFICATE AUTHORITY CO.,LTD./CN=GDCA TrustAUTH R5 ROOT +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 9009899650740120186 (0x7d0997fef047ea7a) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Nov 26 05:13:15 2014 GMT + Not After : Dec 31 15:59:59 2040 GMT + Subject: C=CN, O=GUANG DONG CERTIFICATE AUTHORITY CO.,LTD., CN=GDCA TrustAUTH R5 ROOT + X509v3 extensions: + X509v3 Subject Key Identifier: + E2:C9:40:9F:4D:CE:E8:9A:A1:7C:CF:0E:3F:65:C5:29:88:6A:19:51 + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign +SHA1 Fingerprint=0F:36:38:5B:81:1A:25:C3:9B:31:4E:83:CA:E9:34:66:70:CC:74:B4 +SHA256 Fingerprint=BF:FF:8F:D0:44:33:48:7D:6A:8A:A6:0C:1A:29:76:7A:9F:C2:BB:B0:5E:42:0F:71:3A:13:B9:92:89:1D:38:93 +-----BEGIN CERTIFICATE----- +MIIFiDCCA3CgAwIBAgIIfQmX/vBH6nowDQYJKoZIhvcNAQELBQAwYjELMAkGA1UE +BhMCQ04xMjAwBgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZ +IENPLixMVEQuMR8wHQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMB4XDTE0 +MTEyNjA1MTMxNVoXDTQwMTIzMTE1NTk1OVowYjELMAkGA1UEBhMCQ04xMjAwBgNV +BAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZIENPLixMVEQuMR8w +HQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMIICIjANBgkqhkiG9w0BAQEF +AAOCAg8AMIICCgKCAgEA2aMW8Mh0dHeb7zMNOwZ+Vfy1YI92hhJCfVZmPoiC7XJj +Dp6L3TQsAlFRwxn9WVSEyfFrs0yw6ehGXTjGoqcuEVe6ghWinI9tsJlKCvLriXBj +TnnEt1u9ol2x8kECK62pOqPseQrsXzrj/e+APK00mxqriCZ7VqKChh/rNYmDf1+u +KU49tm7srsHwJ5uu4/Ts765/94Y9cnrrpftZTqfrlYwiOXnhLQiPzLyRuEH3FMEj +qcOtmkVEs7LXLM3GKeJQEK5cy4KOFxg2fZfmiJqwTTQJ9Cy5WmYqsBebnh52nUpm +MUHfP/vFBu8btn4aRjb3ZGM74zkYI+dndRTVdVeSN72+ahsmUPI2JgaQxXABZG12 +ZuGR224HwGGALrIuL4xwp9E7PLOR5G62xDtw8mySlwnNR30YwPO7ng/Wi64HtloP +zgsMR6flPri9fcebNaBhlzpBdRfMK5Z3KpIhHtmVdiBnaM8Nvd/WHwlqmuLMc3Gk +L30SgLdTMEZeS1SZD2fJpcjyIMGC7J0R38IC+xo70e0gmu9lZJIQDSri3nDxGGeC +jGHeuLzRL5z7D9Ar7Rt2ueQ5Vfj4oR24qoAATILnsn8JuLwwoC8N9VKejveSswoA +HQBUlwbgsQfZxw9cZX08bVlX5O2ljelAU58VS6Bx9hoh49pwBiFYFIeFd3mqgnkC +AwEAAaNCMEAwHQYDVR0OBBYEFOLJQJ9NzuiaoXzPDj9lxSmIahlRMA8GA1UdEwEB +/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQDRSVfg +p8xoWLoBDysZzY2wYUWsEe1jUGn4H3++Fo/9nesLqjJHdtJnJO29fDMylyrHBYZm +DRd9FBUb1Ov9H5r2XpdptxolpAqzkT9fNqyL7FeoPueBihhXOYV0GkLH6VsTX4/5 +COmSdI31R9KrO9b7eGZONn356ZLpBN79SWP8bfsUcZNnL0dKt7n/HipzcEYwv1ry +L3ml4Y0M2fmyYzeMN2WFcGpcWwlyua1jPLHd+PwyvzeG5LuOmCd+uh8W4XAR8gPf +JWIyJyYYMoSf/wA6E7qaTfRPuBRwIrHKK5DOKcFw9C+df/KQHtZa37dG/OaG+svg +IHZ6uqbL9XzeYqWxi+7egmaKTjowHz+Ay60nugxe19CxVsp3cbK1daFQqUBDF8Io +2c9Si1vIY9RCPqAzekYu9wogRlR+ak8x8YF+QnQ4ZXMn7sZ8uI7XpTrXmKGcjBBV +09tL7ECQ8s1uV9JiDnxXk7Gnbc2dg7sq5+W2O3FYrf3RRbxake5TFW/TRQl1brqQ +XR4EzzffHqhmsYzmIGrv/EhOdJhCrylvLmrH+33RZjEizIYAfmaDDEL0vTSSwxrq +T8p+ck0LcIymSLumoRT2+1hEmRSuqguTaaApJUqlyyvdimYHFngVV3Eb7PVHhPOe +MTd61X8kreS8/f3MboPoDKi3QWwH3b08hpcv0g== +-----END CERTIFICATE----- + +### Hellenic Academic and Research Institutions Cert. Authority + +=== /C=GR/L=Athens/O=Hellenic Academic and Research Institutions Cert. Authority/CN=Hellenic Academic and Research Institutions ECC RootCA 2015 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 0 (0x0) + Signature Algorithm: ecdsa-with-SHA256 + Validity + Not Before: Jul 7 10:37:12 2015 GMT + Not After : Jun 30 10:37:12 2040 GMT + Subject: C=GR, L=Athens, O=Hellenic Academic and Research Institutions Cert. Authority, CN=Hellenic Academic and Research Institutions ECC RootCA 2015 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + B4:22:0B:82:99:24:01:0E:9C:BB:E4:0E:FD:BF:FB:97:20:93:99:2A +SHA1 Fingerprint=9F:F1:71:8D:92:D5:9A:F3:7D:74:97:B4:BC:6F:84:68:0B:BA:B6:66 +SHA256 Fingerprint=44:B5:45:AA:8A:25:E6:5A:73:CA:15:DC:27:FC:36:D2:4C:1C:B9:95:3A:06:65:39:B1:15:82:DC:48:7B:48:33 +-----BEGIN CERTIFICATE----- +MIICwzCCAkqgAwIBAgIBADAKBggqhkjOPQQDAjCBqjELMAkGA1UEBhMCR1IxDzAN +BgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl +c2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxRDBCBgNVBAMTO0hl +bGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgRUNDIFJv +b3RDQSAyMDE1MB4XDTE1MDcwNzEwMzcxMloXDTQwMDYzMDEwMzcxMlowgaoxCzAJ +BgNVBAYTAkdSMQ8wDQYDVQQHEwZBdGhlbnMxRDBCBgNVBAoTO0hlbGxlbmljIEFj +YWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ2VydC4gQXV0aG9yaXR5 +MUQwQgYDVQQDEztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0 +dXRpb25zIEVDQyBSb290Q0EgMjAxNTB2MBAGByqGSM49AgEGBSuBBAAiA2IABJKg +QehLgoRc4vgxEZmGZE4JJS+dQS8KrjVPdJWyUWRrjWvmP3CV8AVER6ZyOFB2lQJa +jq4onvktTpnvLEhvTCUp6NFxW98dwXU3tNf6e3pCnGoKVlp8aQuqgAkkbH7BRqNC +MEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFLQi +C4KZJAEOnLvkDv2/+5cgk5kqMAoGCCqGSM49BAMCA2cAMGQCMGfOFmI4oqxiRaep +lSTAGiecMjvAwNW6qef4BENThe5SId6d9SWDPp5YSy/XZxMOIQIwBeF1Ad5o7Sof +TUwJCA3sS61kFyjndc5FZXIhF8siQQ6ME5g4mlRtm8rifOoCWCKR +-----END CERTIFICATE----- +=== /C=GR/L=Athens/O=Hellenic Academic and Research Institutions Cert. Authority/CN=Hellenic Academic and Research Institutions RootCA 2015 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 0 (0x0) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Jul 7 10:11:21 2015 GMT + Not After : Jun 30 10:11:21 2040 GMT + Subject: C=GR, L=Athens, O=Hellenic Academic and Research Institutions Cert. Authority, CN=Hellenic Academic and Research Institutions RootCA 2015 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + 71:15:67:C8:C8:C9:BD:75:5D:72:D0:38:18:6A:9D:F3:71:24:54:0B +SHA1 Fingerprint=01:0C:06:95:A6:98:19:14:FF:BF:5F:C6:B0:B6:95:EA:29:E9:12:A6 +SHA256 Fingerprint=A0:40:92:9A:02:CE:53:B4:AC:F4:F2:FF:C6:98:1C:E4:49:6F:75:5E:6D:45:FE:0B:2A:69:2B:CD:52:52:3F:36 +-----BEGIN CERTIFICATE----- +MIIGCzCCA/OgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCR1Ix +DzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5k +IFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxQDA+BgNVBAMT +N0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgUm9v +dENBIDIwMTUwHhcNMTUwNzA3MTAxMTIxWhcNNDAwNjMwMTAxMTIxWjCBpjELMAkG +A1UEBhMCR1IxDzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNh +ZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkx +QDA+BgNVBAMTN0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1 +dGlvbnMgUm9vdENBIDIwMTUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQDC+Kk/G4n8PDwEXT2QNrCROnk8ZlrvbTkBSRq0t89/TSNTt5AA4xMqKKYx8ZEA +4yjsriFBzh/a/X0SWwGDD7mwX5nh8hKDgE0GPt+sr+ehiGsxr/CL0BgzuNtFajT0 +AoAkKAoCFZVedioNmToUW/bLy1O8E00BiDeUJRtCvCLYjqOWXjrZMts+6PAQZe10 +4S+nfK8nNLspfZu2zwnI5dMK/IhlZXQK3HMcXM1AsRzUtoSMTFDPaI6oWa7CJ06C +ojXdFPQf/7J31Ycvqm59JCfnxssm5uX+Zwdj2EUN3TpZZTlYepKZcj2chF6IIbjV +9Cz82XBST3i4vTwri5WY9bPRaM8gFH5MXF/ni+X1NYEZN9cRCLdmvtNKzoNXADrD +gfgXy5I2XdGj2HUb4Ysn6npIQf1FGQatJ5lOwXBH3bWfgVMS5bGMSF0xQxfjjMZ6 +Y5ZLKTBOhE5iGV48zpeQpX8B653g+IuJ3SWYPZK2fu/Z8VFRfS0myGlZYeCsargq +NhEEelC9MoS+L9xy1dcdFkfkR2YgP/SWxa+OAXqlD3pk9Q0Yh9muiNX6hME6wGko +LfINaFGq46V3xqSQDqE3izEjR8EJCOtu93ib14L8hCCZSRm2Ekax+0VVFqmjZayc +Bw/qa9wfLgZy7IaIEuQt218FL+TwA9MmM+eAws1CoRc0CwIDAQABo0IwQDAPBgNV +HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUcRVnyMjJvXVd +ctA4GGqd83EkVAswDQYJKoZIhvcNAQELBQADggIBAHW7bVRLqhBYRjTyYtcWNl0I +XtVsyIe9tC5G8jH4fOpCtZMWVdyhDBKg2mF+D1hYc2Ryx+hFjtyp8iY/xnmMsVMI +M4GwVhO+5lFc2JsKT0ucVlMC6U/2DWDqTUJV6HwbISHTGzrMd/K4kPFox/la/vot +9L/J9UUbzjgQKjeKeaO04wlshYaT/4mWJ3iBj2fjRnRUjtkNaeJK9E10A/+yd+2V +Z5fkscWrv2oj6NSU4kQoYsRL4vDY4ilrGnB+JGGTe08DMiUNRSQrlrRGar9KC/ea +j8GsGsVn82800vpzY4zvFrCopEYq+OsS7HK07/grfoxSwIuEVPkvPuNVqNxmsdnh +X9izjFk0WaSrT2y7HxjbdavYy5LNlDhhDgcGH0tGEPEVvo2FXDtKK4F5D7Rpn0lQ +l033DlZdwJVqwjbDG2jJ9SrcR5q+ss7FJej6A7na+RZukYT1HCjI/CbM1xyQVqdf +bzoEvM14iQuODy+jqk+iGxI9FghAD/FGTNeqewjBCvVtJ94Cj8rDtSvK6evIIVM4 +pcw72Hc3MKJP2W/R8kCtQXoXxdZKNYm3QdV8hn9VTYNKpXMgwDqvkPGaJI7ZjnHK +e7iG2rKPmT4dEw0SEe7Uq/DpFXYC5ODfqiAeW2GFZECpkJcNrVPSWh2HagCXZWK0 +vm9qp/UsQu0yrbYhnr68 +-----END CERTIFICATE----- +=== /C=GR/O=Hellenic Academic and Research Institutions Cert. Authority/CN=Hellenic Academic and Research Institutions RootCA 2011 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 0 (0x0) + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Dec 6 13:49:52 2011 GMT + Not After : Dec 1 13:49:52 2031 GMT + Subject: C=GR, O=Hellenic Academic and Research Institutions Cert. Authority, CN=Hellenic Academic and Research Institutions RootCA 2011 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + A6:91:42:FD:13:61:4A:23:9E:08:A4:29:E5:D8:13:04:23:EE:41:25 + X509v3 Name Constraints: + Permitted: + DNS:.gr + DNS:.eu + DNS:.edu + DNS:.org + email:.gr + email:.eu + email:.edu + email:.org + +SHA1 Fingerprint=FE:45:65:9B:79:03:5B:98:A1:61:B5:51:2E:AC:DA:58:09:48:22:4D +SHA256 Fingerprint=BC:10:4F:15:A4:8B:E7:09:DC:A5:42:A7:E1:D4:B9:DF:6F:05:45:27:E8:02:EA:A9:2D:59:54:44:25:8A:FE:71 +-----BEGIN CERTIFICATE----- +MIIEMTCCAxmgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMCR1Ix +RDBCBgNVBAoTO0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1 +dGlvbnMgQ2VydC4gQXV0aG9yaXR5MUAwPgYDVQQDEzdIZWxsZW5pYyBBY2FkZW1p +YyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIFJvb3RDQSAyMDExMB4XDTExMTIw +NjEzNDk1MloXDTMxMTIwMTEzNDk1MlowgZUxCzAJBgNVBAYTAkdSMUQwQgYDVQQK +EztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIENl +cnQuIEF1dGhvcml0eTFAMD4GA1UEAxM3SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl +c2VhcmNoIEluc3RpdHV0aW9ucyBSb290Q0EgMjAxMTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBAKlTAOMupvaO+mDYLZU++CwqVE7NuYRhlFhPjz2L5EPz +dYmNUeTDN9KKiE15HrcS3UN4SoqS5tdI1Q+kOilENbgH9mgdVc04UfCMJDGFr4PJ +fel3r+0ae50X+bOdOFAPplp5kYCvN66m0zH7tSYJnTxa71HFK9+WXesyHgLacEns +bgzImjeN9/E2YEsmLIKe0HjzDQ9jpFEw4fkrJxIH2Oq9GGKYsFk3fb7u8yBRQlqD +75O6aRXxYp2fmTmCobd0LovUxQt7L/DICto9eQqakxylKHJzkUOap9FNhYS5qXSP +FEDH3N6sQWRstBmbAmNtJGSPRLIl6s5ddAxjMlyNh+UCAwEAAaOBiTCBhjAPBgNV +HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUppFC/RNhSiOeCKQp +5dgTBCPuQSUwRwYDVR0eBEAwPqA8MAWCAy5ncjAFggMuZXUwBoIELmVkdTAGggQu +b3JnMAWBAy5ncjAFgQMuZXUwBoEELmVkdTAGgQQub3JnMA0GCSqGSIb3DQEBBQUA +A4IBAQAf73lB4XtuP7KMhjdCSk4cNx6NZrokgclPEg8hwAOXhiVtXdMiKahsog2p +6z0GW5k6x8zDmjR/qw7IThzh+uTczQ2+vyT+bOdrwg3IBp5OjWEopmr95fZi6hg8 +TqBTnbI6nOulnJEWtk2C4AwFSKls9cz4y51JtPACpf1wA+2KIaWuE4ZJwzNzvoc7 +dIsXRSZMFpGD/md9zU1jZ/rzAxKWeAaNsWftjj++n08C9bMJL/NMh98qy5V8Acys +Nnq/onN694/BtZqhFLKPM58N7yLcZnuEvUUXBj08yrl3NI/K6s8/MT7jiOOASSXI +l7WdmplNsDz4SgCbZN2fOUvRJ9e4 +-----END CERTIFICATE----- + +### Hongkong Post + +=== /C=HK/O=Hongkong Post/CN=Hongkong Post Root CA 1 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1000 (0x3e8) + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: May 15 05:13:14 2003 GMT + Not After : May 15 04:52:29 2023 GMT + Subject: C=HK, O=Hongkong Post, CN=Hongkong Post Root CA 1 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:3 + X509v3 Key Usage: critical + Digital Signature, Non Repudiation, Certificate Sign, CRL Sign +SHA1 Fingerprint=D6:DA:A8:20:8D:09:D2:15:4D:24:B5:2F:CB:34:6E:B2:58:B2:8A:58 +SHA256 Fingerprint=F9:E6:7D:33:6C:51:00:2A:C0:54:C6:32:02:2D:66:DD:A2:E7:E3:FF:F1:0A:D0:61:ED:31:D8:BB:B4:10:CF:B2 +-----BEGIN CERTIFICATE----- +MIIDMDCCAhigAwIBAgICA+gwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCSEsx +FjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdrb25nIFBvc3Qg +Um9vdCBDQSAxMB4XDTAzMDUxNTA1MTMxNFoXDTIzMDUxNTA0NTIyOVowRzELMAkG +A1UEBhMCSEsxFjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdr +b25nIFBvc3QgUm9vdCBDQSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC +AQEArP84tulmAknjorThkPlAj3n54r15/gK97iSSHSL22oVyaf7XPwnU3ZG1ApzQ +jVrhVcNQhrkpJsLj2aDxaQMoIIBFIi1WpztUlVYiWR8o3x8gPW2iNr4joLFutbEn +PzlTCeqrauh0ssJlXI6/fMN4hM2eFvz1Lk8gKgifd/PFHsSaUmYeSF7jEAaPIpjh +ZY4bXSNmO7ilMlHIhqqhqZ5/dpTCpmy3QfDVyAY45tQM4vM7TG1QjMSDJ8EThFk9 +nnV0ttgCXjqQesBCNnLsak3c78QA3xMYV18meMjWCnl3v/evt3a5pQuEF10Q6m/h +q5URX208o1xNg1vysxmKgIsLhwIDAQABoyYwJDASBgNVHRMBAf8ECDAGAQH/AgED +MA4GA1UdDwEB/wQEAwIBxjANBgkqhkiG9w0BAQUFAAOCAQEADkbVPK7ih9legYsC +mEEIjEy82tvuJxuC52pF7BaLT4Wg87JwvVqWuspube5Gi27nKi6Wsxkz67SfqLI3 +7piol7Yutmcn1KZJ/RyTZXaeQi/cImyaT/JaFTmxcdcrUehtHJjA2Sr0oYJ71clB +oiMBdDhViw+5LmeiIAQ32pwL0xch4I+XeTRvhEgCIDMb5jREn5Fw9IBehEPCKdJs +EhTkYY2sEJCehFC78JZvRZ+K88psT/oROhUVRsPNH4NbLUES7VBnQRM9IauUiqpO +fMGx+6fWtScvl6tu4B3i0RwsH0Ti/L6RoZz71ilTc4afU9hDDl3WY4JxHYB0yvbi +AmvZWg== +-----END CERTIFICATE----- + +### IdenTrust + +=== /C=US/O=IdenTrust/CN=IdenTrust Commercial Root CA 1 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 0a:01:42:80:00:00:01:45:23:c8:44:b5:00:00:00:02 + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Jan 16 18:12:23 2014 GMT + Not After : Jan 16 18:12:23 2034 GMT + Subject: C=US, O=IdenTrust, CN=IdenTrust Commercial Root CA 1 + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + ED:44:19:C0:D3:F0:06:8B:EE:A4:7B:BE:42:E7:26:54:C8:8E:36:76 +SHA1 Fingerprint=DF:71:7E:AA:4A:D9:4E:C9:55:84:99:60:2D:48:DE:5F:BC:F0:3A:25 +SHA256 Fingerprint=5D:56:49:9B:E4:D2:E0:8B:CF:CA:D0:8A:3E:38:72:3D:50:50:3B:DE:70:69:48:E4:2F:55:60:30:19:E5:28:AE +-----BEGIN CERTIFICATE----- +MIIFYDCCA0igAwIBAgIQCgFCgAAAAUUjyES1AAAAAjANBgkqhkiG9w0BAQsFADBK +MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVu +VHJ1c3QgQ29tbWVyY2lhbCBSb290IENBIDEwHhcNMTQwMTE2MTgxMjIzWhcNMzQw +MTE2MTgxMjIzWjBKMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MScw +JQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBSb290IENBIDEwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQCnUBneP5k91DNG8W9RYYKyqU+PZ4ldhNlT +3Qwo2dfw/66VQ3KZ+bVdfIrBQuExUHTRgQ18zZshq0PirK1ehm7zCYofWjK9ouuU ++ehcCuz/mNKvcbO0U59Oh++SvL3sTzIwiEsXXlfEU8L2ApeN2WIrvyQfYo3fw7gp +S0l4PJNgiCL8mdo2yMKi1CxUAGc1bnO/AljwpN3lsKImesrgNqUZFvX9t++uP0D1 +bVoE/c40yiTcdCMbXTMTEl3EASX2MN0CXZ/g1Ue9tOsbobtJSdifWwLziuQkkORi +T0/Br4sOdBeo0XKIanoBScy0RnnGF7HamB4HWfp1IYVl3ZBWzvurpWCdxJ35UrCL +vYf5jysjCiN2O/cz4ckA82n5S6LgTrx+kzmEB/dEcH7+B1rlsazRGMzyNeVJSQjK +Vsk9+w8YfYs7wRPCTY/JTw436R+hDmrfYi7LNQZReSzIJTj0+kuniVyc0uMNOYZK +dHzVWYfCP04MXFL0PfdSgvHqo6z9STQaKPNBiDoT7uje/5kdX7rL6B7yuVBgwDHT +c+XvvqDtMwt0viAgxGds8AgDelWAf0ZOlqf0Hj7h9tgJ4TNkK2PXMl6f+cB7D3hv +l7yTmvmcEpB4eoCHFddydJxVdHixuuFucAS6T6C6aMN7/zHwcz09lCqxC0EOoP5N +iGVreTO01wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB +/zAdBgNVHQ4EFgQU7UQZwNPwBovupHu+QucmVMiONnYwDQYJKoZIhvcNAQELBQAD +ggIBAA2ukDL2pkt8RHYZYR4nKM1eVO8lvOMIkPkp165oCOGUAFjvLi5+U1KMtlwH +6oi6mYtQlNeCgN9hCQCTrQ0U5s7B8jeUeLBfnLOic7iPBZM4zY0+sLj7wM+x8uwt +LRvM7Kqas6pgghstO8OEPVeKlh6cdbjTMM1gCIOQ045U8U1mwF10A0Cj7oV+wh93 +nAbowacYXVKV7cndJZ5t+qntozo00Fl72u1Q8zW/7esUTTHHYPTa8Yec4kjixsU3 ++wYQ+nVZZjFHKdp2mhzpgq7vmrlR94gjmmmVYjzlVYA211QC//G5Xc7UI2/YRYRK +W2XviQzdFKcgyxilJbQN+QHwotL0AMh0jqEqSI5l2xPE4iUXfeu+h1sXIFRRk0pT +AwvsXcoz7WL9RccvW9xYoIA55vrX/hMUpu09lEpCdNTDd1lzzY9GvlU47/rokTLq +l1gEIt44w8y8bckzOmoKaT+gyOpyj4xjhiO9bTyWnpXgSUyqorkqG5w2gXjtw+hG +4iZZRHUe2XWJUc0QhJ1hYMtd+ZciTY6Y5uN/9lu7rs3KSoFrXgvzUeF0K+l+J6fZ +mUlO+KWA2yUPHGNiiskzZ2s8EIPGrd6ozRaOjfAHN3Gf8qv8QfXBi+wAN10J5U6A +7/qxXDgGpRtK4dw4LTzcqx+QGtVKnO7RcGzM7vRX+Bi6hG6H +-----END CERTIFICATE----- +=== /C=US/O=IdenTrust/CN=IdenTrust Public Sector Root CA 1 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 0a:01:42:80:00:00:01:45:23:cf:46:7c:00:00:00:02 + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Jan 16 17:53:32 2014 GMT + Not After : Jan 16 17:53:32 2034 GMT + Subject: C=US, O=IdenTrust, CN=IdenTrust Public Sector Root CA 1 + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + E3:71:E0:9E:D8:A7:42:D9:DB:71:91:6B:94:93:EB:C3:A3:D1:14:A3 +SHA1 Fingerprint=BA:29:41:60:77:98:3F:F4:F3:EF:F2:31:05:3B:2E:EA:6D:4D:45:FD +SHA256 Fingerprint=30:D0:89:5A:9A:44:8A:26:20:91:63:55:22:D1:F5:20:10:B5:86:7A:CA:E1:2C:78:EF:95:8F:D4:F4:38:9F:2F +-----BEGIN CERTIFICATE----- +MIIFZjCCA06gAwIBAgIQCgFCgAAAAUUjz0Z8AAAAAjANBgkqhkiG9w0BAQsFADBN +MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQDEyFJZGVu +VHJ1c3QgUHVibGljIFNlY3RvciBSb290IENBIDEwHhcNMTQwMTE2MTc1MzMyWhcN +MzQwMTE2MTc1MzMyWjBNMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0 +MSowKAYDVQQDEyFJZGVuVHJ1c3QgUHVibGljIFNlY3RvciBSb290IENBIDEwggIi +MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2IpT8pEiv6EdrCvsnduTyP4o7 +ekosMSqMjbCpwzFrqHd2hCa2rIFCDQjrVVi7evi8ZX3yoG2LqEfpYnYeEe4IFNGy +RBb06tD6Hi9e28tzQa68ALBKK0CyrOE7S8ItneShm+waOh7wCLPQ5CQ1B5+ctMlS +bdsHyo+1W/CD80/HLaXIrcuVIKQxKFdYWuSNG5qrng0M8gozOSI5Cpcu81N3uURF +/YTLNiCBWS2ab21ISGHKTN9T0a9SvESfqy9rg3LvdYDaBjMbXcjaY8ZNzaxmMc3R +3j6HEDbhuaR672BQssvKplbgN6+rNBM5Jeg5ZuSYeqoSmJxZZoY+rfGwyj4GD3vw +EUs3oERte8uojHH01bWRNszwFcYr3lEXsZdMUD2xlVl8BX0tIdUAvwFnol57plzy +9yLxkA2T26pEUWbMfXYD62qoKjgZl3YNa4ph+bz27nb9cCvdKTz4Ch5bQhyLVi9V +GxyhLrXHFub4qjySjmm2AcG1hp2JDws4lFTo6tyePSW8Uybt1as5qsVATFSrsrTZ +2fjXctscvG29ZV/viDUqZi/u9rNl8DONfJhBaUYPQxxp+pu10GFqzcpL2UyQRqsV +WaFHVCkugyhfHMKiq3IXAAaOReyL4jM9f9oZRORicsPfIsbyVtTdX5Vy7W1f90gD +W/3FKqD2cyOEEBsB5wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/ +BAUwAwEB/zAdBgNVHQ4EFgQU43HgntinQtnbcZFrlJPrw6PRFKMwDQYJKoZIhvcN +AQELBQADggIBAEf63QqwEZE4rU1d9+UOl1QZgkiHVIyqZJnYWv6IAcVYpZmxI1Qj +t2odIFflAWJBF9MJ23XLblSQdf4an4EKwt3X9wnQW3IV5B4Jaj0z8yGa5hV+rVHV +DRDtfULAj+7AmgjVQdZcDiFpboBhDhXAuM/FSRJSzL46zNQuOAXeNf0fb7iAaJg9 +TaDKQGXSc3z1i9kKlT/YPyNtGtEqJBnZhbMX73huqVjRI9PHE+1yJX9dsXNw0H8G +lwmEKYBhHfpe/3OsoOOJuBxxFcbeMX8S3OFtm6/n6J91eEyrRjuazr8FGF1NFTwW +mhlQBJqymm9li1JfPFgEKCXAZmExfrngdbkaqIHWchezxQMxNRF4eKLg6TCMf4Df +WN88uieW4oA0beOY02QnrEh+KHdcxiVhJfiFDGX6xDIvpZgF5PgLZxYWxoK4Mhn5 ++bl53B/N66+rDt0b20XkeucC4pVd/GnwU2lhlXV5C15V5jgclKlZM57IcXR5f1GJ +tshquDDIajjDbp7hNxbqBWJMWxJH7ae0s1hWx0nzfxJoCTFx8G34Tkf71oXuxVhA +GaQdp/lLQzfcaFpPz+vCZHTetBXZ9FRUGi8c15dxVJCO2SCdUyt/q4/i6jC8UDfv +8Ue1fXwsBOxonbRJRBD0ckscZOf85muQ3Wl9af0AVqW3rLatt8o+Ae+c +-----END CERTIFICATE----- + +### Internet Security Research Group + +=== /C=US/O=Internet Security Research Group/CN=ISRG Root X1 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 82:10:cf:b0:d2:40:e3:59:44:63:e0:bb:63:82:8b:00 + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Jun 4 11:04:38 2015 GMT + Not After : Jun 4 11:04:38 2035 GMT + Subject: C=US, O=Internet Security Research Group, CN=ISRG Root X1 + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 79:B4:59:E6:7B:B6:E5:E4:01:73:80:08:88:C8:1A:58:F6:E9:9B:6E +SHA1 Fingerprint=CA:BD:2A:79:A1:07:6A:31:F2:1D:25:36:35:CB:03:9D:43:29:A5:E8 +SHA256 Fingerprint=96:BC:EC:06:26:49:76:F3:74:60:77:9A:CF:28:C5:A7:CF:E8:A3:C0:AA:E1:1A:8F:FC:EE:05:C0:BD:DF:08:C6 +-----BEGIN CERTIFICATE----- +MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw +TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh +cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4 +WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu +ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY +MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc +h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+ +0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U +A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW +T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH +B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC +B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv +KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn +OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn +jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw +qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI +rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV +HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq +hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL +ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ +3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK +NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5 +ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur +TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC +jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc +oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq +4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA +mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d +emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc= +-----END CERTIFICATE----- + +### IZENPE S.A. + +=== /C=ES/O=IZENPE S.A./CN=Izenpe.com +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + b0:b7:5a:16:48:5f:bf:e1:cb:f5:8b:d7:19:e6:7d + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Dec 13 13:08:28 2007 GMT + Not After : Dec 13 08:27:25 2037 GMT + Subject: C=ES, O=IZENPE S.A., CN=Izenpe.com + X509v3 extensions: + X509v3 Subject Alternative Name: + email:info@izenpe.com, DirName:/O=IZENPE S.A. - CIF A01337260-RMerc.Vitoria-Gasteiz T1055 F62 S8/street=Avda del Mediterraneo Etorbidea 14 - 01010 Vitoria-Gasteiz + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + 1D:1C:65:0E:A8:F2:25:7B:B4:91:CF:E4:B1:B1:E6:BD:55:74:6C:05 +SHA1 Fingerprint=2F:78:3D:25:52:18:A7:4A:65:39:71:B5:2C:A2:9C:45:15:6F:E9:19 +SHA256 Fingerprint=25:30:CC:8E:98:32:15:02:BA:D9:6F:9B:1F:BA:1B:09:9E:2D:29:9E:0F:45:48:BB:91:4F:36:3B:C0:D4:53:1F +-----BEGIN CERTIFICATE----- +MIIF8TCCA9mgAwIBAgIQALC3WhZIX7/hy/WL1xnmfTANBgkqhkiG9w0BAQsFADA4 +MQswCQYDVQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6 +ZW5wZS5jb20wHhcNMDcxMjEzMTMwODI4WhcNMzcxMjEzMDgyNzI1WjA4MQswCQYD +VQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6ZW5wZS5j +b20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDJ03rKDx6sp4boFmVq +scIbRTJxldn+EFvMr+eleQGPicPK8lVx93e+d5TzcqQsRNiekpsUOqHnJJAKClaO +xdgmlOHZSOEtPtoKct2jmRXagaKH9HtuJneJWK3W6wyyQXpzbm3benhB6QiIEn6H +LmYRY2xU+zydcsC8Lv/Ct90NduM61/e0aL6i9eOBbsFGb12N4E3GVFWJGjMxCrFX +uaOKmMPsOzTFlUFpfnXCPCDFYbpRR6AgkJOhkEvzTnyFRVSa0QUmQbC1TR0zvsQD +yCV8wXDbO/QJLVQnSKwv4cSsPsjLkkxTOTcj7NMB+eAJRE1NZMDhDVqHIrytG6P+ +JrUV86f8hBnp7KGItERphIPzidF0BqnMC9bC3ieFUCbKF7jJeodWLBoBHmy+E60Q +rLUk9TiRodZL2vG70t5HtfG8gfZZa88ZU+mNFctKy6lvROUbQc/hhqfK0GqfvEyN +BjNaooXlkDWgYlwWTvDjovoDGrQscbNYLN57C9saD+veIR8GdwYDsMnvmfzAuU8L +hij+0rnq49qlw0dpEuDb8PYZi+17cNcC1u2HGCgsBCRMd+RIihrGO5rUD8r6ddIB +QFqNeb+Lz0vPqhbBleStTIo+F5HUsWLlguWABKQDfo2/2n+iD5dPDNMN+9fR5XJ+ +HMh3/1uaD7euBUbl8agW7EekFwIDAQABo4H2MIHzMIGwBgNVHREEgagwgaWBD2lu +Zm9AaXplbnBlLmNvbaSBkTCBjjFHMEUGA1UECgw+SVpFTlBFIFMuQS4gLSBDSUYg +QTAxMzM3MjYwLVJNZXJjLlZpdG9yaWEtR2FzdGVpeiBUMTA1NSBGNjIgUzgxQzBB +BgNVBAkMOkF2ZGEgZGVsIE1lZGl0ZXJyYW5lbyBFdG9yYmlkZWEgMTQgLSAwMTAx +MCBWaXRvcmlhLUdhc3RlaXowDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AQYwHQYDVR0OBBYEFB0cZQ6o8iV7tJHP5LGx5r1VdGwFMA0GCSqGSIb3DQEBCwUA +A4ICAQB4pgwWSp9MiDrAyw6lFn2fuUhfGI8NYjb2zRlrrKvV9pF9rnHzP7MOeIWb +laQnIUdCSnxIOvVFfLMMjlF4rJUT3sb9fbgakEyrkgPH7UIBzg/YsfqikuFgba56 +awmqxinuaElnMIAkejEWOVt+8Rwu3WwJrfIxwYJOubv5vr8qhT/AQKM6WfxZSzwo +JNu0FXWuDYi6LnPAvViH5ULy617uHjAimcs30cQhbIHsvm0m5hzkQiCeR7Csg1lw +LDXWrzY0tM07+DKo7+N4ifuNRSzanLh+QBxh5z6ikixL8s36mLYp//Pye6kfLqCT +VyvehQP5aTfLnnhqBbTFMXiJ7HqnheG5ezzevh55hM6fcA5ZwjUukCox2eRFekGk +LhObNA5me0mrZJfQRsN5nXJQY6aYWwa9SG3YOYNw6DXwBdGqvOPbyALqfP2C2sJb +UjWumDqtujWTI6cfSN01RpiyEGjkpTHCClguGYEQyVB1/OpaFs4R1+7vUIgtYf8/ +QnMFlEPVjjxOAToZpR9GTnfQXeWBIiGH/pR9hNiTrdZoQ0iy2+tzJOeRf1SktoA+ +naM8THLCV8Sg1Mw4J87VBp6iSNnpn86CcDaTmjvfliHjWbcM2pE38P1ZWrOZyGls +QyYBNWNgVYkDOnXYukrZVP/u3oDYLdE41V4tC5h9Pmzb/CaIxw== +-----END CERTIFICATE----- + +### Japan Certification Services, Inc. + +=== /C=JP/O=Japan Certification Services, Inc./CN=SecureSign RootCA11 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Apr 8 04:56:47 2009 GMT + Not After : Apr 8 04:56:47 2029 GMT + Subject: C=JP, O=Japan Certification Services, Inc., CN=SecureSign RootCA11 + X509v3 extensions: + X509v3 Subject Key Identifier: + 5B:F8:4D:4F:B2:A5:86:D4:3A:D2:F1:63:9A:A0:BE:09:F6:57:B7:DE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE +SHA1 Fingerprint=3B:C4:9F:48:F8:F3:73:A0:9C:1E:BD:F8:5B:B1:C3:65:C7:D8:11:B3 +SHA256 Fingerprint=BF:0F:EE:FB:9E:3A:58:1A:D5:F9:E9:DB:75:89:98:57:43:D2:61:08:5C:4D:31:4F:6F:5D:72:59:AA:42:16:12 +-----BEGIN CERTIFICATE----- +MIIDbTCCAlWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJKUDEr +MCkGA1UEChMiSmFwYW4gQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcywgSW5jLjEcMBoG +A1UEAxMTU2VjdXJlU2lnbiBSb290Q0ExMTAeFw0wOTA0MDgwNDU2NDdaFw0yOTA0 +MDgwNDU2NDdaMFgxCzAJBgNVBAYTAkpQMSswKQYDVQQKEyJKYXBhbiBDZXJ0aWZp +Y2F0aW9uIFNlcnZpY2VzLCBJbmMuMRwwGgYDVQQDExNTZWN1cmVTaWduIFJvb3RD +QTExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/XeqpRyQBTvLTJsz +i1oURaTnkBbR31fSIRCkF/3frNYfp+TbfPfs37gD2pRY/V1yfIw/XwFndBWW4wI8 +h9uuywGOwvNmxoVF9ALGOrVisq/6nL+k5tSAMJjzDbaTj6nU2DbysPyKyiyhFTOV +MdrAG/LuYpmGYz+/3ZMqg6h2uRMft85OQoWPIucuGvKVCbIFtUROd6EgvanyTgp9 +UK31BQ1FT0Zx/Sg+U/sE2C3XZR1KG/rPO7AxmjVuyIsG0wCR8pQIZUyxNAYAeoni +8McDWc/V1uinMrPmmECGxc0nEovMe863ETxiYAcjPitAbpSACW22s293bzUIUPsC +h8U+iQIDAQABo0IwQDAdBgNVHQ4EFgQUW/hNT7KlhtQ60vFjmqC+CfZXt94wDgYD +VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEB +AKChOBZmLqdWHyGcBvod7bkixTgm2E5P7KN/ed5GIaGHd48HCJqypMWvDzKYC3xm +KbabfSVSSUOrTC4rbnpwrxYO4wJs+0LmGJ1F2FXI6Dvd5+H0LgscNFxsWEr7jIhQ +X5Ucv+2rIrVls4W6ng+4reV6G4pQOh29Dbx7VFALuUKvVaAYga1lme++5Jy/xIWr +QbJUb9wlze144o4MjQlJ3WN7WmmWAiGovVJZ6X01y8hSyn+B/tlr0/cR7SXf+Of5 +pPpyl4RTDaXQMhhRdlkUbA/r7F+AjHVDg8OFmP9Mni0N5HeDk061lgeLKBObjBmN +QSdJQO7e5iNEOdyhIta6A/I= +-----END CERTIFICATE----- + +### Krajowa Izba Rozliczeniowa S.A. + +=== /C=PL/O=Krajowa Izba Rozliczeniowa S.A./CN=SZAFIR ROOT CA2 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3e:8a:5d:07:ec:55:d2:32:d5:b7:e3:b6:5f:01:eb:2d:dc:e4:d6:e4 + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Oct 19 07:43:30 2015 GMT + Not After : Oct 19 07:43:30 2035 GMT + Subject: C=PL, O=Krajowa Izba Rozliczeniowa S.A., CN=SZAFIR ROOT CA2 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + 2E:16:A9:4A:18:B5:CB:CC:F5:6F:50:F3:23:5F:F8:5D:E7:AC:F0:C8 +SHA1 Fingerprint=E2:52:FA:95:3F:ED:DB:24:60:BD:6E:28:F3:9C:CC:CF:5E:B3:3F:DE +SHA256 Fingerprint=A1:33:9D:33:28:1A:0B:56:E5:57:D3:D3:2B:1C:E7:F9:36:7E:B0:94:BD:5F:A7:2A:7E:50:04:C8:DE:D7:CA:FE +-----BEGIN CERTIFICATE----- +MIIDcjCCAlqgAwIBAgIUPopdB+xV0jLVt+O2XwHrLdzk1uQwDQYJKoZIhvcNAQEL +BQAwUTELMAkGA1UEBhMCUEwxKDAmBgNVBAoMH0tyYWpvd2EgSXpiYSBSb3psaWN6 +ZW5pb3dhIFMuQS4xGDAWBgNVBAMMD1NaQUZJUiBST09UIENBMjAeFw0xNTEwMTkw +NzQzMzBaFw0zNTEwMTkwNzQzMzBaMFExCzAJBgNVBAYTAlBMMSgwJgYDVQQKDB9L +cmFqb3dhIEl6YmEgUm96bGljemVuaW93YSBTLkEuMRgwFgYDVQQDDA9TWkFGSVIg +Uk9PVCBDQTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3vD5QqEvN +QLXOYeeWyrSh2gwisPq1e3YAd4wLz32ohswmUeQgPYUM1ljj5/QqGJ3a0a4m7utT +3PSQ1hNKDJA8w/Ta0o4NkjrcsbH/ON7Dui1fgLkCvUqdGw+0w8LBZwPd3BucPbOw +3gAeqDRHu5rr/gsUvTaE2g0gv/pby6kWIK05YO4vdbbnl5z5Pv1+TW9NL++IDWr6 +3fE9biCloBK0TXC5ztdyO4mTp4CEHCdJckm1/zuVnsHMyAHs6A6KCpbns6aH5db5 +BSsNl0BwPLqsdVqc1U2dAgrSS5tmS0YHF2Wtn2yIANwiieDhZNRnvDF5YTy7ykHN +XGoAyDw4jlivAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD +AgEGMB0GA1UdDgQWBBQuFqlKGLXLzPVvUPMjX/hd56zwyDANBgkqhkiG9w0BAQsF +AAOCAQEAtXP4A9xZWx126aMqe5Aosk3AM0+qmrHUuOQn/6mWmc5G4G18TKI4pAZw +8PRBEew/R40/cof5O/2kbytTAOD/OblqBw7rHRz2onKQy4I9EYKL0rufKq8h5mOG +nXkZ7/e7DDWQw4rtTw/1zBLZpD67oPwglV9PJi8RI4NOdQcPv5vRtB3pEAT+ymCP +oky4rc/hkA/NrgrHXXu3UNLUYfrVFdvXn4dRVOul4+vJhaAlIDf7js4MNIThPIGy +d05DpYhfhmehPea0XGG2Ptv+tyjFogeutcrKjSoS75ftwjCkySp6+/NNIxuZMzSg +LvWpCz/UXeHPhJ/iGcJfitYgHuNztw== +-----END CERTIFICATE----- + +### LuxTrust S.A. + +=== /C=LU/O=LuxTrust S.A./CN=LuxTrust Global Root 2 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 0a:7e:a6:df:4b:44:9e:da:6a:24:85:9e:e6:b8:15:d3:16:7f:bb:b1 + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Mar 5 13:21:57 2015 GMT + Not After : Mar 5 13:21:57 2035 GMT + Subject: C=LU, O=LuxTrust S.A., CN=LuxTrust Global Root 2 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Certificate Policies: + Policy: 1.3.171.1.1.1.10 + CPS: https://repository.luxtrust.lu + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Authority Key Identifier: + keyid:FF:18:28:76:F9:48:05:2C:A1:AE:F1:2B:1B:2B:B2:53:F8:4B:7C:B3 + + X509v3 Subject Key Identifier: + FF:18:28:76:F9:48:05:2C:A1:AE:F1:2B:1B:2B:B2:53:F8:4B:7C:B3 +SHA1 Fingerprint=1E:0E:56:19:0A:D1:8B:25:98:B2:04:44:FF:66:8A:04:17:99:5F:3F +SHA256 Fingerprint=54:45:5F:71:29:C2:0B:14:47:C4:18:F9:97:16:8F:24:C5:8F:C5:02:3B:F5:DA:5B:E2:EB:6E:1D:D8:90:2E:D5 +-----BEGIN CERTIFICATE----- +MIIFwzCCA6ugAwIBAgIUCn6m30tEntpqJIWe5rgV0xZ/u7EwDQYJKoZIhvcNAQEL +BQAwRjELMAkGA1UEBhMCTFUxFjAUBgNVBAoMDUx1eFRydXN0IFMuQS4xHzAdBgNV +BAMMFkx1eFRydXN0IEdsb2JhbCBSb290IDIwHhcNMTUwMzA1MTMyMTU3WhcNMzUw +MzA1MTMyMTU3WjBGMQswCQYDVQQGEwJMVTEWMBQGA1UECgwNTHV4VHJ1c3QgUy5B +LjEfMB0GA1UEAwwWTHV4VHJ1c3QgR2xvYmFsIFJvb3QgMjCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBANeFl78RmOnwYoNMPIf5U2o3C/IPPIfOb9wmKb3F +ibrJgz337spbxm1Jc7TJRqMbNBM/wYlFV/TZsfs2ZUv7COJIcRHIbjuend+JZTem +hfY7RBi2xjcwYkSSl2l9QjAk5A0MiWtj3sXh306pFGxT4GHO9hcvHTy95iJMHZP1 +EMShduxq3sVs35a0VkBCwGKSMKEtFZSg0iAGCW5qbeXrt77U8PEVfIvmTroTzEsn +Xpk8F12PgX8zPU/TPxvsXD/wPEx1bvKm1Z3aLQdjAsZy6ZS8TEmVT4hSyNvoaYL4 +zDRbIvCGp4m9SAptZoFtyMhk+wHh9OHe2Z7d21vUKpkmFRseTJIpgp7VkoGSQXAZ +96Tlk0u8d2cx3Rz9MXANF5kM+Qw5GSoXtTBxVdUPrljhPS80m8+f9niFwpN6cj5m +j5wWEWCPnolvZ77gR1o7DJpni89Gxq44o/KnvObWhWszJHAiS8sIm7vI+AIpHb4g +DEa/a4ebsypmQjVGbKq6rfmYe+lQVRQxv7HaLe2ArWgk+2mr2HETMOZns4dA/Yl+ +8kPREd8vZS9kzl8UubG/Mb2HeFpZZYiq/FkySIbWTLkpS5XTdvN3JW1CHDiDTf2j +X5t/Lax5Gw5CMZdjpPuKadUiDTSQMC6otOBttpSsvItO13D8xTiOZCXhTTmQzsmH +hFhxAgMBAAGjgagwgaUwDwYDVR0TAQH/BAUwAwEB/zBCBgNVHSAEOzA5MDcGByuB +KwEBAQowLDAqBggrBgEFBQcCARYeaHR0cHM6Ly9yZXBvc2l0b3J5Lmx1eHRydXN0 +Lmx1MA4GA1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAWgBT/GCh2+UgFLKGu8SsbK7JT ++Et8szAdBgNVHQ4EFgQU/xgodvlIBSyhrvErGyuyU/hLfLMwDQYJKoZIhvcNAQEL +BQADggIBAGoZFO1uecEsh9QNcH7X9njJCwROxLHOk3D+sFTAMs2ZMGQXvw/l4jP9 +BzZAcg4atmpZ1gDlaCDdLnINH2pkMSCEfUmmWjfrRcmF9dTHF5kH5ptV5AzoqbTO +jFu1EVzPig4N1qx3gf4ynCSecs5U89BvolbW7MM3LGVYvlcAGvI1+ut7MV3CwRI9 +loGIlonBWVx65n9wNOeD4rHh4bhY79SV5GCc8JaXcozrhAIuZY+kt9J/Z93I055c +qqmkoCUUBpvsT34tC38ddfEz2O3OuHVtPlu5mB0xDVbYQw8wkbIEa91WvpWAVWe+ +2M2D2RjuLg+GLZKecBPs3lHJQ3gCpU3I+V/EkVhGFndadKpAvAefMLmx9xIX3eP/ +JEAdemrRTxgKqpAd60Ae36EeRJIQmvKN4dFLRp7oRUKX6kWZ8+xm1QL68qZKJKre +zrnK+T+Tb/mjuuqlPpmt/f97mfVl7vBZKGfXkJWkE4SphMHozs51k2MavDzq1WQf +LSoSOcbDWjLtR5EWDrw4wVDej8oqkDQc7kGUnF4ZLvhFSZl0kbAEb+MEWrGrKqv+ +x9CWttrhSmQGbmBNvUJO/3jaJMobtNeWOWyu8Q6qp31IiyBMz2TWuJdGsE7RKlY6 +oJO9r4Ak4Ap+58rVyuiFVdw2KuGUaJPHZnJED4AhMmwlxyOAgwrr +-----END CERTIFICATE----- + +### Microsec Ltd. + +=== /C=HU/L=Budapest/O=Microsec Ltd./CN=Microsec e-Szigno Root CA 2009/emailAddress=info@e-szigno.hu +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 14014712776195784473 (0xc27e43044e473f19) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Jun 16 11:30:18 2009 GMT + Not After : Dec 30 11:30:18 2029 GMT + Subject: C=HU, L=Budapest, O=Microsec Ltd., CN=Microsec e-Szigno Root CA 2009/emailAddress=info@e-szigno.hu + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + CB:0F:C6:DF:42:43:CC:3D:CB:B5:48:23:A1:1A:7A:A6:2A:BB:34:68 + X509v3 Authority Key Identifier: + keyid:CB:0F:C6:DF:42:43:CC:3D:CB:B5:48:23:A1:1A:7A:A6:2A:BB:34:68 + + X509v3 Subject Alternative Name: + email:info@e-szigno.hu +SHA1 Fingerprint=89:DF:74:FE:5C:F4:0F:4A:80:F9:E3:37:7D:54:DA:91:E1:01:31:8E +SHA256 Fingerprint=3C:5F:81:FE:A5:FA:B8:2C:64:BF:A2:EA:EC:AF:CD:E8:E0:77:FC:86:20:A7:CA:E5:37:16:3D:F3:6E:DB:F3:78 +-----BEGIN CERTIFICATE----- +MIIECjCCAvKgAwIBAgIJAMJ+QwRORz8ZMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD +VQQGEwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0 +ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUtU3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0G +CSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5odTAeFw0wOTA2MTYxMTMwMThaFw0y +OTEyMzAxMTMwMThaMIGCMQswCQYDVQQGEwJIVTERMA8GA1UEBwwIQnVkYXBlc3Qx +FjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUtU3pp +Z25vIFJvb3QgQ0EgMjAwOTEfMB0GCSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5o +dTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOn4j/NjrdqG2KfgQvvP +kd6mJviZpWNwrZuuyjNAfW2WbqEORO7hE52UQlKavXWFdCyoDh2Tthi3jCyoz/tc +cbna7P7ofo/kLx2yqHWH2Leh5TvPmUpG0IMZfcChEhyVbUr02MelTTMuhTlAdX4U +fIASmFDHQWe4oIBhVKZsTh/gnQ4H6cm6M+f+wFUoLAKApxn1ntxVUwOXewdI/5n7 +N4okxFnMUBBjjqqpGrCEGob5X7uxUG6k0QrM1XF+H6cbfPVTbiJfyyvm1HxdrtbC +xkzlBQHZ7Vf8wSN5/PrIJIOV87VqUQHQd9bpEqH5GoP7ghu5sJf0dgYzQ0mg/wu1 ++rUCAwEAAaOBgDB+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G +A1UdDgQWBBTLD8bfQkPMPcu1SCOhGnqmKrs0aDAfBgNVHSMEGDAWgBTLD8bfQkPM +Pcu1SCOhGnqmKrs0aDAbBgNVHREEFDASgRBpbmZvQGUtc3ppZ25vLmh1MA0GCSqG +SIb3DQEBCwUAA4IBAQDJ0Q5eLtXMs3w+y/w9/w0olZMEyL/azXm4Q5DwpL7v8u8h +mLzU1F0G9u5C7DBsoKqpyvGvivo/C3NqPuouQH4frlRheesuCDfXI/OMn74dseGk +ddug4lQUsbocKaQY9hK6ohQU4zE1yED/t+AFdlfBHFny+L/k7SViXITwfn4fs775 +tyERzAMBVnCnEJIeGzSBHq2cGsMEPO0CYdYeBvNfOofyK/FFh+U9rNHHV4S9a67c +2Pm2G2JwCz02yULyMtd6YebS2z3PyKnJm9zbWETXbzivf3jTo60adbocwTZ8jx5t +HMN1Rq41Bab2XD0h7lbwyYIiLXpUq3DDfSJlgnCW +-----END CERTIFICATE----- + +### NetLock Kft. + +=== /C=HU/L=Budapest/O=NetLock Kft./OU=Tan\xC3\xBAs\xC3\xADtv\xC3\xA1nykiad\xC3\xB3k (Certification Services)/CN=NetLock Arany (Class Gold) F\xC5\x91tan\xC3\xBAs\xC3\xADtv\xC3\xA1ny +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 80544274841616 (0x49412ce40010) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Dec 11 15:08:21 2008 GMT + Not After : Dec 6 15:08:21 2028 GMT + Subject: C=HU, L=Budapest, O=NetLock Kft., OU=Tan\xC3\xBAs\xC3\xADtv\xC3\xA1nykiad\xC3\xB3k (Certification Services), CN=NetLock Arany (Class Gold) F\xC5\x91tan\xC3\xBAs\xC3\xADtv\xC3\xA1ny + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE, pathlen:4 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + CC:FA:67:93:F0:B6:B8:D0:A5:C0:1E:F3:53:FD:8C:53:DF:83:D7:96 +SHA1 Fingerprint=06:08:3F:59:3F:15:A1:04:A0:69:A4:6B:A9:03:D0:06:B7:97:09:91 +SHA256 Fingerprint=6C:61:DA:C3:A2:DE:F0:31:50:6B:E0:36:D2:A6:FE:40:19:94:FB:D1:3D:F9:C8:D4:66:59:92:74:C4:46:EC:98 +-----BEGIN CERTIFICATE----- +MIIEFTCCAv2gAwIBAgIGSUEs5AAQMA0GCSqGSIb3DQEBCwUAMIGnMQswCQYDVQQG +EwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFTATBgNVBAoMDE5ldExvY2sgS2Z0LjE3 +MDUGA1UECwwuVGFuw7pzw610dsOhbnlraWFkw7NrIChDZXJ0aWZpY2F0aW9uIFNl +cnZpY2VzKTE1MDMGA1UEAwwsTmV0TG9jayBBcmFueSAoQ2xhc3MgR29sZCkgRsWR +dGFuw7pzw610dsOhbnkwHhcNMDgxMjExMTUwODIxWhcNMjgxMjA2MTUwODIxWjCB +pzELMAkGA1UEBhMCSFUxETAPBgNVBAcMCEJ1ZGFwZXN0MRUwEwYDVQQKDAxOZXRM +b2NrIEtmdC4xNzA1BgNVBAsMLlRhbsO6c8OtdHbDoW55a2lhZMOzayAoQ2VydGlm +aWNhdGlvbiBTZXJ2aWNlcykxNTAzBgNVBAMMLE5ldExvY2sgQXJhbnkgKENsYXNz +IEdvbGQpIEbFkXRhbsO6c8OtdHbDoW55MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAxCRec75LbRTDofTjl5Bu0jBFHjzuZ9lk4BqKf8owyoPjIMHj9DrT +lF8afFttvzBPhCf2nx9JvMaZCpDyD/V/Q4Q3Y1GLeqVw/HpYzY6b7cNGbIRwXdrz +AZAj/E4wqX7hJ2Pn7WQ8oLjJM2P+FpD/sLj916jAwJRDC7bVWaaeVtAkH3B5r9s5 +VA1lddkVQZQBr17s9o3x/61k/iCa11zr/qYfCGSji3ZVrR47KGAuhyXoqq8fxmRG +ILdwfzzeSNuWU7c5d+Qa4scWhHaXWy+7GRWF+GmF9ZmnqfI0p6m2pgP8b4Y9VHx2 +BJtr+UBdADTHLpl1neWIA6pN+APSQnbAGwIDAKiLo0UwQzASBgNVHRMBAf8ECDAG +AQH/AgEEMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUzPpnk/C2uNClwB7zU/2M +U9+D15YwDQYJKoZIhvcNAQELBQADggEBAKt/7hwWqZw8UQCgwBEIBaeZ5m8BiFRh +bvG5GK1Krf6BQCOUL/t1fC8oS2IkgYIL9WHxHG64YTjrgfpioTtaYtOUZcTh5m2C ++C8lcLIhJsFyUR+MLMOEkMNaj7rP9KdlpeuY0fsFskZ1FSNqb4VjMIDw1Z4fKRzC +bLBQWV2QWzuoDTDPv31/zvGdg73JRm4gpvlhUbohL3u+pRVjodSVh/GeufOJ8z2F +uLjbvrW5KfnaNwUASZQDhETnv0Mxz3WLJdH0pmT1kvarBes96aULNmLazAZfNou2 +XjG4Kvte9nHfRCaexOYNkbQudZWAUWpLMKawYqGT8ZvYzsRjdT9ZR7E= +-----END CERTIFICATE----- + +### Network Solutions L.L.C. + +=== /C=US/O=Network Solutions L.L.C./CN=Network Solutions Certificate Authority +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 57:cb:33:6f:c2:5c:16:e6:47:16:17:e3:90:31:68:e0 + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Dec 1 00:00:00 2006 GMT + Not After : Dec 31 23:59:59 2029 GMT + Subject: C=US, O=Network Solutions L.L.C., CN=Network Solutions Certificate Authority + X509v3 extensions: + X509v3 Subject Key Identifier: + 21:30:C9:FB:00:D7:4E:98:DA:87:AA:2A:D0:A7:2E:B1:40:31:A7:4C + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 CRL Distribution Points: + + Full Name: + URI:http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl + +SHA1 Fingerprint=74:F8:A3:C3:EF:E7:B3:90:06:4B:83:90:3C:21:64:60:20:E5:DF:CE +SHA256 Fingerprint=15:F0:BA:00:A3:AC:7A:F3:AC:88:4C:07:2B:10:11:A0:77:BD:77:C0:97:F4:01:64:B2:F8:59:8A:BD:83:86:0C +-----BEGIN CERTIFICATE----- +MIID5jCCAs6gAwIBAgIQV8szb8JcFuZHFhfjkDFo4DANBgkqhkiG9w0BAQUFADBi +MQswCQYDVQQGEwJVUzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMu +MTAwLgYDVQQDEydOZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3Jp +dHkwHhcNMDYxMjAxMDAwMDAwWhcNMjkxMjMxMjM1OTU5WjBiMQswCQYDVQQGEwJV +UzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMuMTAwLgYDVQQDEydO +ZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkvH6SMG3G2I4rC7xGzuAnlt7e+foS0zwz +c7MEL7xxjOWftiJgPl9dzgn/ggwbmlFQGiaJ3dVhXRncEg8tCqJDXRfQNJIg6nPP +OCwGJgl6cvf6UDL4wpPTaaIjzkGxzOTVHzbRijr4jGPiFFlp7Q3Tf2vouAPlT2rl +mGNpSAW+Lv8ztumXWWn4Zxmuk2GWRBXTcrA/vGp97Eh/jcOrqnErU2lBUzS1sLnF +BgrEsEX1QV1uiUV7PTsmjHTC5dLRfbIR1PtYMiKagMnc/Qzpf14Dl847ABSHJ3A4 +qY5usyd2mFHgBeMhqxrVhSI8KbWaFsWAqPS7azCPL0YCorEMIuDTAgMBAAGjgZcw +gZQwHQYDVR0OBBYEFCEwyfsA106Y2oeqKtCnLrFAMadMMA4GA1UdDwEB/wQEAwIB +BjAPBgNVHRMBAf8EBTADAQH/MFIGA1UdHwRLMEkwR6BFoEOGQWh0dHA6Ly9jcmwu +bmV0c29sc3NsLmNvbS9OZXR3b3JrU29sdXRpb25zQ2VydGlmaWNhdGVBdXRob3Jp +dHkuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQC7rkvnt1frf6ott3NHhWrB5KUd5Oc8 +6fRZZXe1eltajSU24HqXLjjAV2CDmAaDn7l2em5Q4LqILPxFzBiwmZVRDuwduIj/ +h1AcgsLj4DKAv6ALR8jDMe+ZZzKATxcheQxpXN5eNK4CtSbqUN9/GGUsyfJj4akH +/nxxH2szJGoeBfcFaMBqEssuXmHLrijTfsK0ZpEmXzwuJF/LWA/rKOyvEZbz3Htv +wKeI8lN3s2Berq4o2jUsbzRF0ybh3uxbTydrFny9RAQYgrOJeRcQcT16ohZO9QHN +pGxlaKFJdlxDydi8NmdspZS11My5vWo1ViHe2MPr+8ukYEywVaCge1ey +-----END CERTIFICATE----- + +### OpenTrust + +=== /C=FR/O=OpenTrust/CN=OpenTrust Root CA G1 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 11:20:b3:90:55:39:7d:7f:36:6d:64:c2:a7:9f:6b:63:8e:67 + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: May 26 08:45:50 2014 GMT + Not After : Jan 15 00:00:00 2038 GMT + Subject: C=FR, O=OpenTrust, CN=OpenTrust Root CA G1 + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 97:46:21:57:21:35:DA:36:55:C7:F3:F1:37:70:E5:08:F6:93:29:B6 + X509v3 Authority Key Identifier: + keyid:97:46:21:57:21:35:DA:36:55:C7:F3:F1:37:70:E5:08:F6:93:29:B6 + +SHA1 Fingerprint=79:91:E8:34:F7:E2:EE:DD:08:95:01:52:E9:55:2D:14:E9:58:D5:7E +SHA256 Fingerprint=56:C7:71:28:D9:8C:18:D9:1B:4C:FD:FF:BC:25:EE:91:03:D4:75:8E:A2:AB:AD:82:6A:90:F3:45:7D:46:0E:B4 +-----BEGIN CERTIFICATE----- +MIIFbzCCA1egAwIBAgISESCzkFU5fX82bWTCp59rY45nMA0GCSqGSIb3DQEBCwUA +MEAxCzAJBgNVBAYTAkZSMRIwEAYDVQQKDAlPcGVuVHJ1c3QxHTAbBgNVBAMMFE9w +ZW5UcnVzdCBSb290IENBIEcxMB4XDTE0MDUyNjA4NDU1MFoXDTM4MDExNTAwMDAw +MFowQDELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCU9wZW5UcnVzdDEdMBsGA1UEAwwU +T3BlblRydXN0IFJvb3QgQ0EgRzEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK +AoICAQD4eUbalsUwXopxAy1wpLuwxQjczeY1wICkES3d5oeuXT2R0odsN7faYp6b +wiTXj/HbpqbfRm9RpnHLPhsxZ2L3EVs0J9V5ToybWL0iEA1cJwzdMOWo010hOHQX +/uMftk87ay3bfWAfjH1MBcLrARYVmBSO0ZB3Ij/swjm4eTrwSSTilZHcYTSSjFR0 +77F9jAHiOH3BX2pfJLKOYheteSCtqx234LSWSE9mQxAGFiQD4eCcjsZGT44ameGP +uY4zbGneWK2gDqdkVBFpRGZPTBKnjix9xNRbxQA0MMHZmf4yzgeEtE7NCv82TWLx +p2NX5Ntqp66/K7nJ5rInieV+mhxNaMbBGN4zK1FGSxyO9z0M+Yo0FMT7MzUj8czx +Kselu7Cizv5Ta01BG2Yospb6p64KTrk5M0ScdMGTHPjgniQlQ/GbI4Kq3ywgsNw2 +TgOzfALU5nsaqocTvz6hdLubDuHAk5/XpGbKuxs74zD0M1mKB3IDVedzagMxbm+W +G+Oin6+Sx+31QrclTDsTBM8clq8cIqPQqwWyTBIjUtz9GVsnnB47ev1CI9sjgBPw +vFEVVJSmdz7QdFG9URQIOTfLHzSpMJ1ShC5VkLG631UAC9hWLbFJSXKAqWLXwPYY +EQRVzXR7z2FwefR7LFxckvzluFqrTJOVoSfupb7PcSNCupt2LQIDAQABo2MwYTAO +BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUl0YhVyE1 +2jZVx/PxN3DlCPaTKbYwHwYDVR0jBBgwFoAUl0YhVyE12jZVx/PxN3DlCPaTKbYw +DQYJKoZIhvcNAQELBQADggIBAB3dAmB84DWn5ph76kTOZ0BP8pNuZtQ5iSas000E +PLuHIT839HEl2ku6q5aCgZG27dmxpGWX4m9kWaSW7mDKHyP7Rbr/jyTwyqkxf3kf +gLMtMrpkZ2CvuVnN35pJ06iCsfmYlIrM4LvgBBuZYLFGZdwIorJGnkSI6pN+VxbS +FXJfLkur1J1juONI5f6ELlgKn0Md/rcYkoZDSw6cMoYsYPXpSOqV7XAp8dUv/TW0 +V8/bhUiZucJvbI/NeJWsZCj9VrDDb8O+WVLhX4SPgPL0DTatdrOjteFkdjpY3H1P +XlZs5VVZV6Xf8YpmMIzUUmI4d7S+KNfKNsSbBfD4Fdvb8e80nR14SohWZ25g/4/I +i+GOvUKpMwpZQhISKvqxnUOOBZuZ2mKtVzazHbYNeS2WuOvyDEsMpZTGMKcmGS3t +TAZQMPH9WD25SxdfGbRqhFS0OE85og2WaMMolP3tLR9Ka0OWLpABEPs4poEL0L91 +09S5zvE/bw4cHjdx5RiHdRk/ULlepEU0rbDK5uUTdg8xFKmOLZTW1YVNcxVPS/Ky +Pu1svf0OnWZzsD2097+o4BGkxK51CUpjAEggpsadCwmKtODmzj7HPiY46SvepghJ +AwSQiumPv+i2tCqjI40cHLI5kqiPAlxAOXXUc0ECd97N4EOH1uS6SsNsEn/+KuYj +1oxx +-----END CERTIFICATE----- +=== /C=FR/O=OpenTrust/CN=OpenTrust Root CA G2 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 11:20:a1:69:1b:bf:bd:b9:bd:52:96:8f:23:e8:48:bf:26:11 + Signature Algorithm: sha512WithRSAEncryption + Validity + Not Before: May 26 00:00:00 2014 GMT + Not After : Jan 15 00:00:00 2038 GMT + Subject: C=FR, O=OpenTrust, CN=OpenTrust Root CA G2 + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 6A:39:FA:42:22:F7:E6:89:00:4D:5E:7D:33:83:CB:B8:6E:77:86:AF + X509v3 Authority Key Identifier: + keyid:6A:39:FA:42:22:F7:E6:89:00:4D:5E:7D:33:83:CB:B8:6E:77:86:AF + +SHA1 Fingerprint=79:5F:88:60:C5:AB:7C:3D:92:E6:CB:F4:8D:E1:45:CD:11:EF:60:0B +SHA256 Fingerprint=27:99:58:29:FE:6A:75:15:C1:BF:E8:48:F9:C4:76:1D:B1:6C:22:59:29:25:7B:F4:0D:08:94:F2:9E:A8:BA:F2 +-----BEGIN CERTIFICATE----- +MIIFbzCCA1egAwIBAgISESChaRu/vbm9UpaPI+hIvyYRMA0GCSqGSIb3DQEBDQUA +MEAxCzAJBgNVBAYTAkZSMRIwEAYDVQQKDAlPcGVuVHJ1c3QxHTAbBgNVBAMMFE9w +ZW5UcnVzdCBSb290IENBIEcyMB4XDTE0MDUyNjAwMDAwMFoXDTM4MDExNTAwMDAw +MFowQDELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCU9wZW5UcnVzdDEdMBsGA1UEAwwU +T3BlblRydXN0IFJvb3QgQ0EgRzIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK +AoICAQDMtlelM5QQgTJT32F+D3Y5z1zCU3UdSXqWON2ic2rxb95eolq5cSG+Ntmh +/LzubKh8NBpxGuga2F8ORAbtp+Dz0mEL4DKiltE48MLaARf85KxP6O6JHnSrT78e +CbY2albz4e6WiWYkBuTNQjpK3eCasMSCRbP+yatcfD7J6xcvDH1urqWPyKwlCm/6 +1UWY0jUJ9gNDlP7ZvyCVeYCYitmJNbtRG6Q3ffyZO6v/v6wNj0OxmXsWEH4db0fE +FY8ElggGQgT4hNYdvJGmQr5J1WqIP7wtUdGejeBSzFfdNTVY27SPJIjki9/ca1TS +gSuyzpJLHB9G+h3Ykst2Z7UJmQnlrBcUVXDGPKBWCgOz3GIZ38i1MH/1PCZ1Eb3X +G7OHngevZXHloM8apwkQHZOJZlvoPGIytbU6bumFAYueQ4xncyhZW+vj3CzMpSZy +YhK05pyDRPZRpOLAeiRXyg6lPzq1O4vldu5w5pLeFlwoW5cZJ5L+epJUzpM5ChaH +vGOz9bGTXOBut9Dq+WIyiET7vycotjCVXRIouZW+j1MY5aIYFuJWpLIsEPUdN6b4 +t/bQWVyJ98LVtZR00dX+G7bw5tYee9I8y6jj9RjzIR9u701oBnstXW5DiabA+aC/ +gh7PU3+06yzbXfZqfUAkBXKJOAGTy3HCOV0GEfZvePg3DTmEJwIDAQABo2MwYTAO +BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUajn6QiL3 +5okATV59M4PLuG53hq8wHwYDVR0jBBgwFoAUajn6QiL35okATV59M4PLuG53hq8w +DQYJKoZIhvcNAQENBQADggIBAJjLq0A85TMCl38th6aP1F5Kr7ge57tx+4BkJamz +Gj5oXScmp7oq4fBXgwpkTx4idBvpkF/wrM//T2h6OKQQbA2xx6R3gBi2oihEdqc0 +nXGEL8pZ0keImUEiyTCYYW49qKgFbdEfwFFEVn8nNQLdXpgKQuswv42hm1GqO+qT +RmTFAHneIWv2V6CG1wZy7HBGS4tz3aAhdT7cHcCP009zHIXZ/n9iyJVvttN7jLpT +wm+bREx50B1ws9efAvSyB7DH5fitIw6mVskpEndI2S9G/Tvw/HRwkqWOOAgfZDC2 +t0v7NqwQjqBSM2OdAzVWxWm9xiNaJ5T2pBL4LTM8oValX9YZ6e18CL13zSdkzJTa +TkZQh+D5wVOAHrut+0dSixv9ovneDiK3PTNZbNTe9ZUGMg1RGUFcPk8G97krgCf2 +o6p6fAbhQ8MTOWIaNr3gKC6UAuQpLmBVrkA9sHSSXvAgZJY/X0VdiLWK2gKgW0VU +3jg9CcCoSmVGFvyqv1ROTVu+OEO3KMqLM6oaJbolXCkvW0pujOotnCr2BXbgd5eA +iN1nE28daCSLT7d0geX0YJ96Vdc+N9oWaz53rK4YcJUIeSkDiv7BO7M/Gg+kO14f +WKGVyasvc0rQLW6aWQ9VGHgtPFGml4vmu7JwqkwR3v98KzfUetF3NI/n+UL3PIEM +S1IK +-----END CERTIFICATE----- +=== /C=FR/O=OpenTrust/CN=OpenTrust Root CA G3 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 11:20:e6:f8:4c:fc:24:b0:be:05:40:ac:da:83:1b:34:60:3f + Signature Algorithm: ecdsa-with-SHA384 + Validity + Not Before: May 26 00:00:00 2014 GMT + Not After : Jan 15 00:00:00 2038 GMT + Subject: C=FR, O=OpenTrust, CN=OpenTrust Root CA G3 + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 47:77:C3:14:8B:62:39:0C:C9:6F:E1:50:4D:D0:10:58:DC:95:88:6D + X509v3 Authority Key Identifier: + keyid:47:77:C3:14:8B:62:39:0C:C9:6F:E1:50:4D:D0:10:58:DC:95:88:6D + +SHA1 Fingerprint=6E:26:64:F3:56:BF:34:55:BF:D1:93:3F:7C:01:DE:D8:13:DA:8A:A6 +SHA256 Fingerprint=B7:C3:62:31:70:6E:81:07:8C:36:7C:B8:96:19:8F:1E:32:08:DD:92:69:49:DD:8F:57:09:A4:10:F7:5B:62:92 +-----BEGIN CERTIFICATE----- +MIICITCCAaagAwIBAgISESDm+Ez8JLC+BUCs2oMbNGA/MAoGCCqGSM49BAMDMEAx +CzAJBgNVBAYTAkZSMRIwEAYDVQQKDAlPcGVuVHJ1c3QxHTAbBgNVBAMMFE9wZW5U +cnVzdCBSb290IENBIEczMB4XDTE0MDUyNjAwMDAwMFoXDTM4MDExNTAwMDAwMFow +QDELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCU9wZW5UcnVzdDEdMBsGA1UEAwwUT3Bl +blRydXN0IFJvb3QgQ0EgRzMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARK7liuTcpm +3gY6oxH84Bjwbhy6LTAMidnW7ptzg6kjFYwvWYpa3RTqnVkrQ7cG7DK2uu5Bta1d +oYXM6h0UZqNnfkbilPPntlahFVmhTzeXuSIevRHr9LIfXsMUmuXZl5mjYzBhMA4G +A1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRHd8MUi2I5 +DMlv4VBN0BBY3JWIbTAfBgNVHSMEGDAWgBRHd8MUi2I5DMlv4VBN0BBY3JWIbTAK +BggqhkjOPQQDAwNpADBmAjEAj6jcnboMBBf6Fek9LykBl7+BFjNAk2z8+e2AcG+q +j9uEwov1NcoG3GRvaBbhj5G5AjEA2Euly8LQCGzpGPta3U1fJAuwACEl74+nBCZx +4nxp5V2a+EEfOzmTk51V6s2N8fvB +-----END CERTIFICATE----- + +### QuoVadis Limited + +=== /C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 1 G3 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 78:58:5f:2e:ad:2c:19:4b:e3:37:07:35:34:13:28:b5:96:d4:65:93 + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Jan 12 17:27:44 2012 GMT + Not After : Jan 12 17:27:44 2042 GMT + Subject: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 1 G3 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + A3:97:D6:F3:5E:A2:10:E1:AB:45:9F:3C:17:64:3C:EE:01:70:9C:CC +SHA1 Fingerprint=1B:8E:EA:57:96:29:1A:C9:39:EA:B8:0A:81:1A:73:73:C0:93:79:67 +SHA256 Fingerprint=8A:86:6F:D1:B2:76:B5:7E:57:8E:92:1C:65:82:8A:2B:ED:58:E9:F2:F2:88:05:41:34:B7:F1:F4:BF:C9:CC:74 +-----BEGIN CERTIFICATE----- +MIIFYDCCA0igAwIBAgIUeFhfLq0sGUvjNwc1NBMotZbUZZMwDQYJKoZIhvcNAQEL +BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc +BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMSBHMzAeFw0xMjAxMTIxNzI3NDRaFw00 +MjAxMTIxNzI3NDRaMEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM +aW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDEgRzMwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQCgvlAQjunybEC0BJyFuTHK3C3kEakEPBtV +wedYMB0ktMPvhd6MLOHBPd+C5k+tR4ds7FtJwUrVu4/sh6x/gpqG7D0DmVIB0jWe +rNrwU8lmPNSsAgHaJNM7qAJGr6Qc4/hzWHa39g6QDbXwz8z6+cZM5cOGMAqNF341 +68Xfuw6cwI2H44g4hWf6Pser4BOcBRiYz5P1sZK0/CPTz9XEJ0ngnjybCKOLXSoh +4Pw5qlPafX7PGglTvF0FBM+hSo+LdoINofjSxxR3W5A2B4GbPgb6Ul5jxaYA/qXp +UhtStZI5cgMJYr2wYBZupt0lwgNm3fME0UDiTouG9G/lg6AnhF4EwfWQvTA9xO+o +abw4m6SkltFi2mnAAZauy8RRNOoMqv8hjlmPSlzkYZqn0ukqeI1RPToV7qJZjqlc +3sX5kCLliEVx3ZGZbHqfPT2YfF72vhZooF6uCyP8Wg+qInYtyaEQHeTTRCOQiJ/G +KubX9ZqzWB4vMIkIG1SitZgj7Ah3HJVdYdHLiZxfokqRmu8hqkkWCKi9YSgxyXSt +hfbZxbGL0eUQMk1fiyA6PEkfM4VZDdvLCXVDaXP7a3F98N/ETH3Goy7IlXnLc6KO +Tk0k+17kBL5yG6YnLUlamXrXXAkgt3+UuU/xDRxeiEIbEbfnkduebPRq34wGmAOt +zCjvpUfzUwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB +BjAdBgNVHQ4EFgQUo5fW816iEOGrRZ88F2Q87gFwnMwwDQYJKoZIhvcNAQELBQAD +ggIBABj6W3X8PnrHX3fHyt/PX8MSxEBd1DKquGrX1RUVRpgjpeaQWxiZTOOtQqOC +MTaIzen7xASWSIsBx40Bz1szBpZGZnQdT+3Btrm0DWHMY37XLneMlhwqI2hrhVd2 +cDMT/uFPpiN3GPoajOi9ZcnPP/TJF9zrx7zABC4tRi9pZsMbj/7sPtPKlL92CiUN +qXsCHKnQO18LwIE6PWThv6ctTr1NxNgpxiIY0MWscgKCP6o6ojoilzHdCGPDdRS5 +YCgtW2jgFqlmgiNR9etT2DGbe+m3nUvriBbP+V04ikkwj+3x6xn0dxoxGE1nVGwv +b2X52z3sIexe9PSLymBlVNFxZPT5pqOBMzYzcfCkeF9OrYMh3jRJjehZrJ3ydlo2 +8hP0r+AJx2EqbPfgna67hkooby7utHnNkDPDs3b69fBsnQGQ+p6Q9pxyz0fawx/k +NSBT8lTR32GDpgLiJTjehTItXnOQUl1CxM49S+H5GYQd1aJQzEH7QRTDvdbJWqNj +ZgKAvQU6O0ec7AAmTPWIUb+oI38YB7AL7YsmoWTTYUrrXJ/es69nA7Mf3W1daWhp +q1467HxpvMc7hU6eFbm0FU/DlXpY18ls6Wy58yljXrQs8C097Vpl4KlbQMJImYFt +nh8GKjwStIsPm6Ik8KaN1nrgS7ZklmOVhMJKzRwuJIczYOXD +-----END CERTIFICATE----- +=== /C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 2 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1289 (0x509) + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Nov 24 18:27:00 2006 GMT + Not After : Nov 24 18:23:33 2031 GMT + Subject: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + 1A:84:62:BC:48:4C:33:25:04:D4:EE:D0:F6:03:C4:19:46:D1:94:6B + X509v3 Authority Key Identifier: + keyid:1A:84:62:BC:48:4C:33:25:04:D4:EE:D0:F6:03:C4:19:46:D1:94:6B + DirName:/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 2 + serial:05:09 + +SHA1 Fingerprint=CA:3A:FB:CF:12:40:36:4B:44:B2:16:20:88:80:48:39:19:93:7C:F7 +SHA256 Fingerprint=85:A0:DD:7D:D7:20:AD:B7:FF:05:F8:3D:54:2B:20:9D:C7:FF:45:28:F7:D6:77:B1:83:89:FE:A5:E5:C4:9E:86 +-----BEGIN CERTIFICATE----- +MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x +GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv +b3QgQ0EgMjAeFw0wNjExMjQxODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNV +BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W +YWRpcyBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCa +GMpLlA0ALa8DKYrwD4HIrkwZhR0In6spRIXzL4GtMh6QRr+jhiYaHv5+HBg6XJxg +Fyo6dIMzMH1hVBHL7avg5tKifvVrbxi3Cgst/ek+7wrGsxDp3MJGF/hd/aTa/55J +WpzmM+Yklvc/ulsrHHo1wtZn/qtmUIttKGAr79dgw8eTvI02kfN/+NsRE8Scd3bB +rrcCaoF6qUWD4gXmuVbBlDePSHFjIuwXZQeVikvfj8ZaCuWw419eaxGrDPmF60Tp ++ARz8un+XJiM9XOva7R+zdRcAitMOeGylZUtQofX1bOQQ7dsE/He3fbE+Ik/0XX1 +ksOR1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt66/3FsvbzSUr5R/7mp/i +Ucw6UwxI5g69ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1JdxnwQ5hYIiz +PtGo/KPaHbDRsSNU30R2be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og +/zOhD7osFRXql7PSorW+8oyWHhqPHWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UH +oycR7hYQe7xFSkyyBNKr79X9DFHOUGoIMfmR2gyPZFwDwzqLID9ujWc9Otb+fVuI +yV77zGHcizN300QyNQliBJIWENieJ0f7OyHj+OsdWwIDAQABo4GwMIGtMA8GA1Ud +EwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBQahGK8SEwzJQTU7tD2 +A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwzJQTU7tD2A8QZRtGUa6FJpEcwRTEL +MAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMT +ElF1b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQADggIBAD4KFk2f +BluornFdLwUvZ+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAXINzn +g/iN/Ae42l9NLmeyhP3ZRPx3UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2Bl +fF/nJrP3MpCYUNQ3cVX2kiF495V5+vgtJodmVjB3pjd4M1IQWK4/YY7yarHvGH5K +WWPKjaJW1acvvFYfzznB4vsKqBUsfU16Y8Zsl0Q80m/DShcK+JDSV6IZUaUtl0Ha +B0+pUNqQjZRG4T7wlP0QADj1O+hA4bRuVhogzG9Yje0uRY/W6ZM/57Es3zrWIozc +hLsib9D45MY56QSIPMO661V6bYCZJPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPR +TUIZ3Ph1WVaj+ahJefivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+XIWD +mbA4CD/pXvk1B+TJYm5Xf6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0Z +ohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y +4aOTHcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8VCLAAVBpQ570su9t+Oza +8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0u +-----END CERTIFICATE----- +=== /C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 2 G3 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 44:57:34:24:5b:81:89:9b:35:f2:ce:b8:2b:3b:5b:a7:26:f0:75:28 + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Jan 12 18:59:32 2012 GMT + Not After : Jan 12 18:59:32 2042 GMT + Subject: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + ED:E7:6F:76:5A:BF:60:EC:49:5B:C6:A5:77:BB:72:16:71:9B:C4:3D +SHA1 Fingerprint=09:3C:61:F3:8B:8B:DC:7D:55:DF:75:38:02:05:00:E1:25:F5:C8:36 +SHA256 Fingerprint=8F:E4:FB:0A:F9:3A:4D:0D:67:DB:0B:EB:B2:3E:37:C7:1B:F3:25:DC:BC:DD:24:0E:A0:4D:AF:58:B4:7E:18:40 +-----BEGIN CERTIFICATE----- +MIIFYDCCA0igAwIBAgIURFc0JFuBiZs18s64KztbpybwdSgwDQYJKoZIhvcNAQEL +BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc +BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMiBHMzAeFw0xMjAxMTIxODU5MzJaFw00 +MjAxMTIxODU5MzJaMEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM +aW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDIgRzMwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQChriWyARjcV4g/Ruv5r+LrI3HimtFhZiFf +qq8nUeVuGxbULX1QsFN3vXg6YOJkApt8hpvWGo6t/x8Vf9WVHhLL5hSEBMHfNrMW +n4rjyduYNM7YMxcoRvynyfDStNVNCXJJ+fKH46nafaF9a7I6JaltUkSs+L5u+9ym +c5GQYaYDFCDy54ejiK2toIz/pgslUiXnFgHVy7g1gQyjO/Dh4fxaXc6AcW34Sas+ +O7q414AB+6XrW7PFXmAqMaCvN+ggOp+oMiwMzAkd056OXbxMmO7FGmh77FOm6RQ1 +o9/NgJ8MSPsc9PG/Srj61YxxSscfrf5BmrODXfKEVu+lV0POKa2Mq1W/xPtbAd0j +IaFYAI7D0GoT7RPjEiuA3GfmlbLNHiJuKvhB1PLKFAeNilUSxmn1uIZoL1NesNKq +IcGY5jDjZ1XHm26sGahVpkUG0CM62+tlXSoREfA7T8pt9DTEceT/AFr2XK4jYIVz +8eQQsSWu1ZK7E8EM4DnatDlXtas1qnIhO4M15zHfeiFuuDIIfR0ykRVKYnLP43eh +vNURG3YBZwjgQQvD6xVu+KQZ2aKrr+InUlYrAoosFCT5v0ICvybIxo/gbjh9Uy3l +7ZizlWNof/k19N+IxWA1ksB8aRxhlRbQ694Lrz4EEEVlWFA4r0jyWbYW8jwNkALG +cC4BrTwV1wIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB +BjAdBgNVHQ4EFgQU7edvdlq/YOxJW8ald7tyFnGbxD0wDQYJKoZIhvcNAQELBQAD +ggIBAJHfgD9DCX5xwvfrs4iP4VGyvD11+ShdyLyZm3tdquXK4Qr36LLTn91nMX66 +AarHakE7kNQIXLJgapDwyM4DYvmL7ftuKtwGTTwpD4kWilhMSA/ohGHqPHKmd+RC +roijQ1h5fq7KpVMNqT1wvSAZYaRsOPxDMuHBR//47PERIjKWnML2W2mWeyAMQ0Ga +W/ZZGYjeVYg3UQt4XAoeo0L9x52ID8DyeAIkVJOviYeIyUqAHerQbj5hLja7NQ4n +lv1mNDthcnPxFlxHBlRJAHpYErAK74X9sbgzdWqTHBLmYF5vHX/JHyPLhGGfHoJE ++V+tYlUkmlKY7VHnoX6XOuYvHxHaU4AshZ6rNRDbIl9qxV6XU/IyAgkwo1jwDQHV +csaxfGl7w/U2Rcxhbl5MlMVerugOXou/983g7aEOGzPuVBj+D77vfoRrQ+NwmNtd +dbINWQeFFSM51vHfqSYP1kjHs6Yi9TM3WpVHn3u6GBVv/9YUZINJ0gpnIdsPNWNg +KCLjsZWDzYWm3S8P52dSbrsvhXz1SnPnxT7AvSESBT/8twNJAlvIJebiVDj1eYeM +HVOyToV7BjjHLPj4sHKNJeV3UvQDHEimUF+IIDBu8oJDqz2XhOdT+yHBTw8imoa4 +WSr2Rz0ZiC3oheGe7IUIarFsNMkd7EgrO3jtZsSOeWmD3n+M +-----END CERTIFICATE----- +=== /C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 3 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1478 (0x5c6) + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Nov 24 19:11:23 2006 GMT + Not After : Nov 24 19:06:44 2031 GMT + Subject: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 3 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Certificate Policies: + Policy: 1.3.6.1.4.1.8024.0.3 + User Notice: + Explicit Text: Any use of this Certificate constitutes acceptance of the QuoVadis Root CA 3 Certificate Policy / Certification Practice Statement. + CPS: http://www.quovadisglobal.com/cps + + X509v3 Key Usage: + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + F2:C0:13:E0:82:43:3E:FB:EE:2F:67:32:96:35:5C:DB:B8:CB:02:D0 + X509v3 Authority Key Identifier: + keyid:F2:C0:13:E0:82:43:3E:FB:EE:2F:67:32:96:35:5C:DB:B8:CB:02:D0 + DirName:/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 3 + serial:05:C6 + +SHA1 Fingerprint=1F:49:14:F7:D8:74:95:1D:DD:AE:02:C0:BE:FD:3A:2D:82:75:51:85 +SHA256 Fingerprint=18:F1:FC:7F:20:5D:F8:AD:DD:EB:7F:E0:07:DD:57:E3:AF:37:5A:9C:4D:8D:73:54:6B:F4:F1:FE:D1:E1:8D:35 +-----BEGIN CERTIFICATE----- +MIIGnTCCBIWgAwIBAgICBcYwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x +GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv +b3QgQ0EgMzAeFw0wNjExMjQxOTExMjNaFw0zMTExMjQxOTA2NDRaMEUxCzAJBgNV +BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W +YWRpcyBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDM +V0IWVJzmmNPTTe7+7cefQzlKZbPoFog02w1ZkXTPkrgEQK0CSzGrvI2RaNggDhoB +4hp7Thdd4oq3P5kazethq8Jlph+3t723j/z9cI8LoGe+AaJZz3HmDyl2/7FWeUUr +H556VOijKTVopAFPD6QuN+8bv+OPEKhyq1hX51SGyMnzW9os2l2ObjyjPtr7guXd +8lyyBTNvijbO0BNO/79KDDRMpsMhvVAEVeuxu537RR5kFd5VAYwCdrXLoT9Cabwv +vWhDFlaJKjdhkf2mrk7AyxRllDdLkgbvBNDInIjbC3uBr7E9KsRlOni27tyAsdLT +mZw67mtaa7ONt9XOnMK+pUsvFrGeaDsGb659n/je7Mwpp5ijJUMv7/FfJuGITfhe +btfZFG4ZM2mnO4SJk8RTVROhUXhA+LjJou57ulJCg54U7QVSWllWp5f8nT8KKdjc +T5EOE7zelaTfi5m+rJsziO+1ga8bxiJTyPbH7pcUsMV8eFLI8M5ud2CEpukqdiDt +WAEXMJPpGovgc2PZapKUSU60rUqFxKMiMPwJ7Wgic6aIDFUhWMXhOp8q3crhkODZ +c6tsgLjoC2SToJyMGf+z0gzskSaHirOi4XCPLArlzW1oUevaPwV/izLmE1xr/l9A +4iLItLRkT9a6fUg+qGkM17uGcclzuD87nSVL2v9A6wIDAQABo4IBlTCCAZEwDwYD +VR0TAQH/BAUwAwEB/zCB4QYDVR0gBIHZMIHWMIHTBgkrBgEEAb5YAAMwgcUwgZMG +CCsGAQUFBwICMIGGGoGDQW55IHVzZSBvZiB0aGlzIENlcnRpZmljYXRlIGNvbnN0 +aXR1dGVzIGFjY2VwdGFuY2Ugb2YgdGhlIFF1b1ZhZGlzIFJvb3QgQ0EgMyBDZXJ0 +aWZpY2F0ZSBQb2xpY3kgLyBDZXJ0aWZpY2F0aW9uIFByYWN0aWNlIFN0YXRlbWVu +dC4wLQYIKwYBBQUHAgEWIWh0dHA6Ly93d3cucXVvdmFkaXNnbG9iYWwuY29tL2Nw +czALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFPLAE+CCQz777i9nMpY1XNu4ywLQMG4G +A1UdIwRnMGWAFPLAE+CCQz777i9nMpY1XNu4ywLQoUmkRzBFMQswCQYDVQQGEwJC +TTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDEbMBkGA1UEAxMSUXVvVmFkaXMg +Um9vdCBDQSAzggIFxjANBgkqhkiG9w0BAQUFAAOCAgEAT62gLEz6wPJv92ZVqyM0 +7ucp2sNbtrCD2dDQ4iH782CnO11gUyeim/YIIirnv6By5ZwkajGxkHon24QRiSem +d1o417+shvzuXYO8BsbRd2sPbSQvS3pspweWyuOEn62Iix2rFo1bZhfZFvSLgNLd ++LJ2w/w4E6oM3kJpK27zPOuAJ9v1pkQNn1pVWQvVDVJIxa6f8i+AxeoyUDUSly7B +4f/xI4hROJ/yZlZ25w9Rl6VSDE1JUZU2Pb+iSwwQHYaZTKrzchGT5Or2m9qoXadN +t54CrnMAyNojA+j56hl0YgCUyyIgvpSnWbWCar6ZeXqp8kokUvd0/bpO5qgdAm6x +DYBEwa7TIzdfu4V8K5Iu6H6li92Z4b8nby1dqnuH/grdS/yO9SbkbnBCbjPsMZ57 +k8HkyWkaPcBrTiJt7qtYTcbQQcEr6k8Sh17rRdhs9ZgC06DYVYoGmRmioHfRMJ6s +zHXug/WwYjnPbFfiTNKRCw51KBuav/0aQ/HKd/s7j2G4aSgWQgRecCocIdiP4b0j +Wy10QJLZYxkNc91pvGJHvOB0K7Lrfb5BG7XARsWhIstfTsEokt4YutUqKLsRixeT +mJlglFwjz1onl14LBQaTNx47aTbrqZ5hHY8y2o4M1nQ+ewkk2gF3R8Q7zTSMmfXK +4SVhM7JZG+Ju1zdXtg2pEto= +-----END CERTIFICATE----- +=== /C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 3 G3 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2e:f5:9b:02:28:a7:db:7a:ff:d5:a3:a9:ee:bd:03:a0:cf:12:6a:1d + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Jan 12 20:26:32 2012 GMT + Not After : Jan 12 20:26:32 2042 GMT + Subject: C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 3 G3 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + C6:17:D0:BC:A8:EA:02:43:F2:1B:06:99:5D:2B:90:20:B9:D7:9C:E4 +SHA1 Fingerprint=48:12:BD:92:3C:A8:C4:39:06:E7:30:6D:27:96:E6:A4:CF:22:2E:7D +SHA256 Fingerprint=88:EF:81:DE:20:2E:B0:18:45:2E:43:F8:64:72:5C:EA:5F:BD:1F:C2:D9:D2:05:73:07:09:C5:D8:B8:69:0F:46 +-----BEGIN CERTIFICATE----- +MIIFYDCCA0igAwIBAgIULvWbAiin23r/1aOp7r0DoM8Sah0wDQYJKoZIhvcNAQEL +BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc +BgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMyBHMzAeFw0xMjAxMTIyMDI2MzJaFw00 +MjAxMTIyMDI2MzJaMEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM +aW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDMgRzMwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQCzyw4QZ47qFJenMioKVjZ/aEzHs286IxSR +/xl/pcqs7rN2nXrpixurazHb+gtTTK/FpRp5PIpM/6zfJd5O2YIyC0TeytuMrKNu +FoM7pmRLMon7FhY4futD4tN0SsJiCnMK3UmzV9KwCoWdcTzeo8vAMvMBOSBDGzXR +U7Ox7sWTaYI+FrUoRqHe6okJ7UO4BUaKhvVZR74bbwEhELn9qdIoyhA5CcoTNs+c +ra1AdHkrAj80//ogaX3T7mH1urPnMNA3I4ZyYUUpSFlob3emLoG+B01vr87ERROR +FHAGjx+f+IdpsQ7vw4kZ6+ocYfx6bIrc1gMLnia6Et3UVDmrJqMz6nWB2i3ND0/k +A9HvFZcba5DFApCTZgIhsUfei5pKgLlVj7WiL8DWM2fafsSntARE60f75li59wzw +eyuxwHApw0BiLTtIadwjPEjrewl5qW3aqDCYz4ByA4imW0aucnl8CAMhZa634Ryl +sSqiMd5mBPfAdOhx3v89WcyWJhKLhZVXGqtrdQtEPREoPHtht+KPZ0/l7DxMYIBp +VzgeAVuNVejH38DMdyM0SXV89pgR6y3e7UEuFAUCf+D+IOs15xGsIs5XPd7JMG0Q +A4XN8f+MFrXBsj6IbGB/kE+V9/YtrQE5BwT6dYB9v0lQ7e/JxHwc64B+27bQ3RP+ +ydOc17KXqQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB +BjAdBgNVHQ4EFgQUxhfQvKjqAkPyGwaZXSuQILnXnOQwDQYJKoZIhvcNAQELBQAD +ggIBADRh2Va1EodVTd2jNTFGu6QHcrxfYWLopfsLN7E8trP6KZ1/AvWkyaiTt3px +KGmPc+FSkNrVvjrlt3ZqVoAh313m6Tqe5T72omnHKgqwGEfcIHB9UqM+WXzBusnI +FUBhynLWcKzSt/Ac5IYp8M7vaGPQtSCKFWGafoaYtMnCdvvMujAWzKNhxnQT5Wvv +oxXqA/4Ti2Tk08HS6IT7SdEQTXlm66r99I0xHnAUrdzeZxNMgRVhvLfZkXdxGYFg +u/BYpbWcC/ePIlUnwEsBbTuZDdQdm2NnL9DuDcpmvJRPpq3t/O5jrFc/ZSXPsoaP +0Aj/uHYUbt7lJ+yreLVTubY/6CD50qi+YUbKh4yE8/nxoGibIh6BJpsQBJFxwAYf +3KDTuVan45gtf4Od34wrnDKOMpTwATwiKp9Dwi7DmDkHOHv8XgBCH/MyJnmDhPbl +8MFREsALHgQjDFSlTC9JxUrRtm5gDWv8a4uFJGS3iQ6rJUdbPM9+Sb3H6QrG2vd+ +DhcI00iX0HGS8A85PjRqHH3Y8iKuu2n0M7SmSFXRDw4m6Oy2Cy2nhTXN/VnIn9HN +PlopNLk9hM6xZdRZkZFWdSHBd575euFgndOtBBj0fOtek49TSiIp+EgrPk2GrFt/ +ywaZWWDYWGWVjUTR939+J399roD1B0y2PpxxVJkES/1Y+Zj0 +-----END CERTIFICATE----- +=== /C=BM/O=QuoVadis Limited/OU=Root Certification Authority/CN=QuoVadis Root Certification Authority +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 985026699 (0x3ab6508b) + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Mar 19 18:33:33 2001 GMT + Not After : Mar 17 18:33:33 2021 GMT + Subject: C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority + X509v3 extensions: + Authority Information Access: + OCSP - URI:https://ocsp.quovadisoffshore.com + + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Certificate Policies: + Policy: 1.3.6.1.4.1.8024.0.1 + User Notice: + Explicit Text: Reliance on the QuoVadis Root Certificate by any party assumes acceptance of the then applicable standard terms and conditions of use, certification practices, and the QuoVadis Certificate Policy. + CPS: http://www.quovadis.bm + + X509v3 Subject Key Identifier: + 8B:4B:6D:ED:D3:29:B9:06:19:EC:39:39:A9:F0:97:84:6A:CB:EF:DF + X509v3 Authority Key Identifier: + keyid:8B:4B:6D:ED:D3:29:B9:06:19:EC:39:39:A9:F0:97:84:6A:CB:EF:DF + DirName:/C=BM/O=QuoVadis Limited/OU=Root Certification Authority/CN=QuoVadis Root Certification Authority + serial:3A:B6:50:8B + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign +SHA1 Fingerprint=DE:3F:40:BD:50:93:D3:9B:6C:60:F6:DA:BC:07:62:01:00:89:76:C9 +SHA256 Fingerprint=A4:5E:DE:3B:BB:F0:9C:8A:E1:5C:72:EF:C0:72:68:D6:93:A2:1C:99:6F:D5:1E:67:CA:07:94:60:FD:6D:88:73 +-----BEGIN CERTIFICATE----- +MIIF0DCCBLigAwIBAgIEOrZQizANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJC +TTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDElMCMGA1UECxMcUm9vdCBDZXJ0 +aWZpY2F0aW9uIEF1dGhvcml0eTEuMCwGA1UEAxMlUXVvVmFkaXMgUm9vdCBDZXJ0 +aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMTAzMTkxODMzMzNaFw0yMTAzMTcxODMz +MzNaMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMSUw +IwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQDEyVR +dW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2G1lVO6V/z68mcLOhrfEYBklbTRvM16z/Yp +li4kVEAkOPcahdxYTMukJ0KX0J+DisPkBgNbAKVRHnAEdOLB1Dqr1607BxgFjv2D +rOpm2RgbaIr1VxqYuvXtdj182d6UajtLF8HVj71lODqV0D1VNk7feVcxKh7YWWVJ +WCCYfqtffp/p1k3sg3Spx2zY7ilKhSoGFPlU5tPaZQeLYzcS19Dsw3sgQUSj7cug +F+FxZc4dZjH3dgEZyH0DWLaVSR2mEiboxgx24ONmy+pdpibu5cxfvWenAScOospU +xbF6lR1xHkopigPcakXBpBlebzbNw6Kwt/5cOOJSvPhEQ+aQuwIDAQABo4ICUjCC +Ak4wPQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwczovL29jc3AucXVv +dmFkaXNvZmZzaG9yZS5jb20wDwYDVR0TAQH/BAUwAwEB/zCCARoGA1UdIASCAREw +ggENMIIBCQYJKwYBBAG+WAABMIH7MIHUBggrBgEFBQcCAjCBxxqBxFJlbGlhbmNl +IG9uIHRoZSBRdW9WYWRpcyBSb290IENlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBh +c3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFy +ZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRpb24gcHJh +Y3RpY2VzLCBhbmQgdGhlIFF1b1ZhZGlzIENlcnRpZmljYXRlIFBvbGljeS4wIgYI +KwYBBQUHAgEWFmh0dHA6Ly93d3cucXVvdmFkaXMuYm0wHQYDVR0OBBYEFItLbe3T +KbkGGew5Oanwl4Rqy+/fMIGuBgNVHSMEgaYwgaOAFItLbe3TKbkGGew5Oanwl4Rq +y+/foYGEpIGBMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1p +dGVkMSUwIwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYD +VQQDEyVRdW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggQ6tlCL +MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAitQUtf70mpKnGdSk +fnIYj9lofFIk3WdvOXrEql494liwTXCYhGHoG+NpGA7O+0dQoE7/8CQfvbLO9Sf8 +7C9TqnN7Az10buYWnuulLsS/VidQK2K6vkscPFVcQR0kvoIgR13VRH56FmjffU1R +cHhXHTMe/QKZnAzNCgVPx7uOpHX6Sm2xgI4JVrmcGmD+XcHXetwReNDWXcG31a0y +mQM6isxUJTkxgXsTIlG6Rmyhu576BGxJJnSP0nPrzDCi5upZIof4l/UO/erMkqQW +xFIY6iHOsfHmhIHluqmGKPJDWl0Snawe2ajlCmqnf6CHKc/yiU3U7MXi5nrQNiOK +SnQ2+Q== +-----END CERTIFICATE----- + +### SECOM Trust Systems CO.,LTD. + +=== /C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication RootCA2 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 0 (0x0) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: May 29 05:00:39 2009 GMT + Not After : May 29 05:00:39 2029 GMT + Subject: C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2 + X509v3 extensions: + X509v3 Subject Key Identifier: + 0A:85:A9:77:65:05:98:7C:40:81:F8:0F:97:2C:38:F1:0A:EC:3C:CF + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE +SHA1 Fingerprint=5F:3B:8C:F2:F8:10:B3:7D:78:B4:CE:EC:19:19:C3:73:34:B9:C7:74 +SHA256 Fingerprint=51:3B:2C:EC:B8:10:D4:CD:E5:DD:85:39:1A:DF:C6:C2:DD:60:D8:7B:B7:36:D2:B5:21:48:4A:A4:7A:0E:BE:F6 +-----BEGIN CERTIFICATE----- +MIIDdzCCAl+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJKUDEl +MCMGA1UEChMcU0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEnMCUGA1UECxMe +U2VjdXJpdHkgQ29tbXVuaWNhdGlvbiBSb290Q0EyMB4XDTA5MDUyOTA1MDAzOVoX +DTI5MDUyOTA1MDAzOVowXTELMAkGA1UEBhMCSlAxJTAjBgNVBAoTHFNFQ09NIFRy +dXN0IFN5c3RlbXMgQ08uLExURC4xJzAlBgNVBAsTHlNlY3VyaXR5IENvbW11bmlj +YXRpb24gUm9vdENBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANAV +OVKxUrO6xVmCxF1SrjpDZYBLx/KWvNs2l9amZIyoXvDjChz335c9S672XewhtUGr +zbl+dp+++T42NKA7wfYxEUV0kz1XgMX5iZnK5atq1LXaQZAQwdbWQonCv/Q4EpVM +VAX3NuRFg3sUZdbcDE3R3n4MqzvEFb46VqZab3ZpUql6ucjrappdUtAtCms1FgkQ +hNBqyjoGADdH5H5XTz+L62e4iKrFvlNVspHEfbmwhRkGeC7bYRr6hfVKkaHnFtWO +ojnflLhwHyg/i/xAXmODPIMqGplrz95Zajv8bxbXH/1KEOtOghY6rCcMU/Gt1SSw +awNQwS08Ft1ENCcadfsCAwEAAaNCMEAwHQYDVR0OBBYEFAqFqXdlBZh8QIH4D5cs +OPEK7DzPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3 +DQEBCwUAA4IBAQBMOqNErLlFsceTfsgLCkLfZOoc7llsCLqJX2rKSpWeeo8HxdpF +coJxDjrSzG+ntKEju/Ykn8sX/oymzsLS28yN/HH8AynBbF0zX2S2ZTuJbxh2ePXc +okgfGT+Ok+vx+hfuzU7jBBJV1uXk3fs+BXziHV7Gp7yXT2g69ekuCkO2r1dcYmh8 +t/2jioSgrGK+KwmHNPBqAbubKVY8/gA3zyNs8U6qtnRGEmyR7jTV7JqR50S+kDFy +1UkC9gLl9B/rfNmWVan/7Ir5mUf/NVoCqgTLiluHcSmRvaS0eg29mvVXIwAHIRc/ +SjnRBUkLp7Y3gaVdjKozXoEofKd9J+sAro03 +-----END CERTIFICATE----- + +### SECOM Trust.net + +=== /C=JP/O=SECOM Trust.net/OU=Security Communication RootCA1 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 0 (0x0) + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Sep 30 04:20:49 2003 GMT + Not After : Sep 30 04:20:49 2023 GMT + Subject: C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1 + X509v3 extensions: + X509v3 Subject Key Identifier: + A0:73:49:99:68:DC:85:5B:65:E3:9B:28:2F:57:9F:BD:33:BC:07:48 + X509v3 Key Usage: + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE +SHA1 Fingerprint=36:B1:2B:49:F9:81:9E:D7:4C:9E:BC:38:0F:C6:56:8F:5D:AC:B2:F7 +SHA256 Fingerprint=E7:5E:72:ED:9F:56:0E:EC:6E:B4:80:00:73:A4:3F:C3:AD:19:19:5A:39:22:82:01:78:95:97:4A:99:02:6B:6C +-----BEGIN CERTIFICATE----- +MIIDWjCCAkKgAwIBAgIBADANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJKUDEY +MBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21t +dW5pY2F0aW9uIFJvb3RDQTEwHhcNMDMwOTMwMDQyMDQ5WhcNMjMwOTMwMDQyMDQ5 +WjBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYD +VQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCzs/5/022x7xZ8V6UMbXaKL0u/ZPtM7orw8yl8 +9f/uKuDp6bpbZCKamm8sOiZpUQWZJtzVHGpxxpp9Hp3dfGzGjGdnSj74cbAZJ6kJ +DKaVv0uMDPpVmDvY6CKhS3E4eayXkmmziX7qIWgGmBSWh9JhNrxtJ1aeV+7AwFb9 +Ms+k2Y7CI9eNqPPYJayX5HA49LY6tJ07lyZDo6G8SVlyTCMwhwFY9k6+HGhWZq/N +QV3Is00qVUarH9oe4kA92819uZKAnDfdDJZkndwi92SL32HeFZRSFaB9UslLqCHJ +xrHty8OVYNEP8Ktw+N/LTX7s1vqr2b1/VPKl6Xn62dZ2JChzAgMBAAGjPzA9MB0G +A1UdDgQWBBSgc0mZaNyFW2XjmygvV5+9M7wHSDALBgNVHQ8EBAMCAQYwDwYDVR0T +AQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaECpqLvkT115swW1F7NgE+vG +kl3g0dNq/vu+m22/xwVtWSDEHPC32oRYAmP6SBbvT6UL90qY8j+eG61Ha2POCEfr +Uj94nK9NrvjVT8+amCoQQTlSxN3Zmw7vkwGusi7KaEIkQmywszo+zenaSMQVy+n5 +Bw+SUEmK3TGXX8npN6o7WWWXlDLJs58+OmJYxUmtYg5xpTKqL8aJdkNAExNnPaJU +JRDL8Try2frbSVa7pv6nQTXD4IhhyYjH3zYQIphZ6rBK+1YWc26sTfcioU+tHXot +RSflMMFe8toTyyVCUZVHA4xsIcx0Qu1T/zOLjw9XARYvz6buyXAiFL39vmwLAw== +-----END CERTIFICATE----- + +### SecureTrust Corporation + +=== /C=US/O=SecureTrust Corporation/CN=Secure Global CA +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 07:56:22:a4:e8:d4:8a:89:4d:f4:13:c8:f0:f8:ea:a5 + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Nov 7 19:42:28 2006 GMT + Not After : Dec 31 19:52:06 2029 GMT + Subject: C=US, O=SecureTrust Corporation, CN=Secure Global CA + X509v3 extensions: + 1.3.6.1.4.1.311.20.2: + ...C.A + X509v3 Key Usage: + Digital Signature, Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + AF:44:04:C2:41:7E:48:83:DB:4E:39:02:EC:EC:84:7A:E6:CE:C9:A4 + X509v3 CRL Distribution Points: + + Full Name: + URI:http://crl.securetrust.com/SGCA.crl + + 1.3.6.1.4.1.311.21.1: + ... +SHA1 Fingerprint=3A:44:73:5A:E5:81:90:1F:24:86:61:46:1E:3B:9C:C4:5F:F5:3A:1B +SHA256 Fingerprint=42:00:F5:04:3A:C8:59:0E:BB:52:7D:20:9E:D1:50:30:29:FB:CB:D4:1C:A1:B5:06:EC:27:F1:5A:DE:7D:AC:69 +-----BEGIN CERTIFICATE----- +MIIDvDCCAqSgAwIBAgIQB1YipOjUiolN9BPI8PjqpTANBgkqhkiG9w0BAQUFADBK +MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x +GTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwHhcNMDYxMTA3MTk0MjI4WhcNMjkx +MjMxMTk1MjA2WjBKMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3Qg +Q29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvNS7YrGxVaQZx5RNoJLNP2MwhR/jxYDiJ +iQPpvepeRlMJ3Fz1Wuj3RSoC6zFh1ykzTM7HfAo3fg+6MpjhHZevj8fcyTiW89sa +/FHtaMbQbqR8JNGuQsiWUGMu4P51/pinX0kuleM5M2SOHqRfkNJnPLLZ/kG5VacJ +jnIFHovdRIWCQtBJwB1g8NEXLJXr9qXBkqPFwqcIYA1gBBCWeZ4WNOaptvolRTnI +HmX5k/Wq8VLcmZg9pYYaDDUz+kulBAYVHDGA76oYa8J719rO+TMg1fW9ajMtgQT7 +sFzUnKPiXB3jqUJ1XnvUd+85VLrJChgbEplJL4hL/VBi0XPnj3pDAgMBAAGjgZ0w +gZowEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQF +MAMBAf8wHQYDVR0OBBYEFK9EBMJBfkiD2045AuzshHrmzsmkMDQGA1UdHwQtMCsw +KaAnoCWGI2h0dHA6Ly9jcmwuc2VjdXJldHJ1c3QuY29tL1NHQ0EuY3JsMBAGCSsG +AQQBgjcVAQQDAgEAMA0GCSqGSIb3DQEBBQUAA4IBAQBjGghAfaReUw132HquHw0L +URYD7xh8yOOvaliTFGCRsoTciE6+OYo68+aCiV0BN7OrJKQVDpI1WkpEXk5X+nXO +H0jOZvQ8QCaSmGwb7iRGDBezUqXbpZGRzzfTb+cnCDpOGR86p1hcF895P4vkp9Mm +I50mD1hp/Ed+stCNi5O/KU9DaXR2Z0vPB4zmAve14bRDtUstFJ/53CYNv6ZHdAbY +iNE6KTCEztI5gGIbqMdXSbxqVVFnFUq+NQfk1XWYN3kwFNspnWzFacxHVaIw98xc +f8LDmBxrThaA63p4ZUWiABqvDA1VZDRIuJK58bRQKfJPIx/abKwfROHdI3hRW8cW +-----END CERTIFICATE----- +=== /C=US/O=SecureTrust Corporation/CN=SecureTrust CA +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 0c:f0:8e:5c:08:16:a5:ad:42:7f:f0:eb:27:18:59:d0 + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Nov 7 19:31:18 2006 GMT + Not After : Dec 31 19:40:55 2029 GMT + Subject: C=US, O=SecureTrust Corporation, CN=SecureTrust CA + X509v3 extensions: + 1.3.6.1.4.1.311.20.2: + ...C.A + X509v3 Key Usage: + Digital Signature, Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 42:32:B6:16:FA:04:FD:FE:5D:4B:7A:C3:FD:F7:4C:40:1D:5A:43:AF + X509v3 CRL Distribution Points: + + Full Name: + URI:http://crl.securetrust.com/STCA.crl + + 1.3.6.1.4.1.311.21.1: + ... +SHA1 Fingerprint=87:82:C6:C3:04:35:3B:CF:D2:96:92:D2:59:3E:7D:44:D9:34:FF:11 +SHA256 Fingerprint=F1:C1:B5:0A:E5:A2:0D:D8:03:0E:C9:F6:BC:24:82:3D:D3:67:B5:25:57:59:B4:E7:1B:61:FC:E9:F7:37:5D:73 +-----BEGIN CERTIFICATE----- +MIIDuDCCAqCgAwIBAgIQDPCOXAgWpa1Cf/DrJxhZ0DANBgkqhkiG9w0BAQUFADBI +MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x +FzAVBgNVBAMTDlNlY3VyZVRydXN0IENBMB4XDTA2MTEwNzE5MzExOFoXDTI5MTIz +MTE5NDA1NVowSDELMAkGA1UEBhMCVVMxIDAeBgNVBAoTF1NlY3VyZVRydXN0IENv +cnBvcmF0aW9uMRcwFQYDVQQDEw5TZWN1cmVUcnVzdCBDQTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAKukgeWVzfX2FI7CT8rU4niVWJxB4Q2ZQCQXOZEz +Zum+4YOvYlyJ0fwkW2Gz4BERQRwdbvC4u/jep4G6pkjGnx29vo6pQT64lO0pGtSO +0gMdA+9tDWccV9cGrcrI9f4Or2YlSASWC12juhbDCE/RRvgUXPLIXgGZbf2IzIao +wW8xQmxSPmjL8xk037uHGFaAJsTQ3MBv396gwpEWoGQRS0S8Hvbn+mPeZqx2pHGj +7DaUaHp3pLHnDi+BeuK1cobvomuL8A/b01k/unK8RCSc43Oz969XL0Imnal0ugBS +8kvNU3xHCzaFDmapCJcWNFfBZveA4+1wVMeT4C4oFVmHursCAwEAAaOBnTCBmjAT +BgkrBgEEAYI3FAIEBh4EAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB +/zAdBgNVHQ4EFgQUQjK2FvoE/f5dS3rD/fdMQB1aQ68wNAYDVR0fBC0wKzApoCeg +JYYjaHR0cDovL2NybC5zZWN1cmV0cnVzdC5jb20vU1RDQS5jcmwwEAYJKwYBBAGC +NxUBBAMCAQAwDQYJKoZIhvcNAQEFBQADggEBADDtT0rhWDpSclu1pqNlGKa7UTt3 +6Z3q059c4EVlew3KW+JwULKUBRSuSceNQQcSc5R+DCMh/bwQf2AQWnL1mA6s7Ll/ +3XpvXdMc9P+IBWlCqQVxyLesJugutIxq/3HcuLHfmbx8IVQr5Fiiu1cprp6poxkm +D5kuCLDv/WnPmRoJjeOnnyvJNjR7JLN4TJUXpAYmHrZkUjZfYGfZnMUFdAvnZyPS +CPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZGBlSm8jIKYyYwa5vR +3ItHuuG51WLQoqD0ZwV4KWMabwTW+MZMo5qxN7SN5ShLHZ4swrhovO0C7jE= +-----END CERTIFICATE----- + +### Sonera + +=== /C=FI/O=Sonera/CN=Sonera Class2 CA +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 29 (0x1d) + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Apr 6 07:29:40 2001 GMT + Not After : Apr 6 07:29:40 2021 GMT + Subject: C=FI, O=Sonera, CN=Sonera Class2 CA + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 4A:A0:AA:58:84:D3:5E:3C + X509v3 Key Usage: + Certificate Sign, CRL Sign +SHA1 Fingerprint=37:F7:6D:E6:07:7C:90:C5:B1:3E:93:1A:B7:41:10:B4:F2:E4:9A:27 +SHA256 Fingerprint=79:08:B4:03:14:C1:38:10:0B:51:8D:07:35:80:7F:FB:FC:F8:51:8A:00:95:33:71:05:BA:38:6B:15:3D:D9:27 +-----BEGIN CERTIFICATE----- +MIIDIDCCAgigAwIBAgIBHTANBgkqhkiG9w0BAQUFADA5MQswCQYDVQQGEwJGSTEP +MA0GA1UEChMGU29uZXJhMRkwFwYDVQQDExBTb25lcmEgQ2xhc3MyIENBMB4XDTAx +MDQwNjA3Mjk0MFoXDTIxMDQwNjA3Mjk0MFowOTELMAkGA1UEBhMCRkkxDzANBgNV +BAoTBlNvbmVyYTEZMBcGA1UEAxMQU29uZXJhIENsYXNzMiBDQTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAJAXSjWdyvANlsdE+hY3/Ei9vX+ALTU74W+o +Z6m/AxxNjG8yR9VBaKQTBME1DJqEQ/xcHf+Js+gXGM2RX/uJ4+q/Tl18GybTdXnt +5oTjV+WtKcT0OijnpXuENmmz/V52vaMtmdOQTiMofRhj8VQ7Jp12W5dCsv+u8E7s +3TmVToMGf+dJQMjFAbJUWmYdPfz56TwKnoG4cPABi+QjVHzIrviQHgCWctRUz2Ej +vOr7nQKV0ba5cTppCD8PtOFCx4j1P5iop7oc4HFx71hXgVB6XGt0Rg6DA5jDjqhu +8nYybieDwnPz3BjotJPqdURrBGAgcVeHnfO+oJAjPYok4doh28MCAwEAAaMzMDEw +DwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQISqCqWITTXjwwCwYDVR0PBAQDAgEG +MA0GCSqGSIb3DQEBBQUAA4IBAQBazof5FnIVV0sd2ZvnoiYw7JNn39Yt0jSv9zil +zqsWuasvfDXLrNAPtEwr/IDva4yRXzZ299uzGxnq9LIR/WFxRL8oszodv7ND6J+/ +3DEIcbCdjdY0RzKQxmUk96BKfARzjzlvF4xytb1LyHr4e4PDKE6cCepnP7JnBBvD +FNr450kkkdAdavphOe9r5yF1BgfYErQhIHBCcYHaPJo2vqZbDWpsmh+Re/n570K6 +Tk6ezAyNlNzZRZxe7EJQY670XcSxEtzKO6gunRRaBXW37Ndj4ro1tgQIkejanZz2 +ZrUYrAqmVCY0M9IbwdR/GjqOC6oybtv8TyWf2TLHllpwrN9M +-----END CERTIFICATE----- + +### SSL Corporation + +=== /C=US/ST=Texas/L=Houston/O=SSL Corporation/CN=SSL.com EV Root Certification Authority ECC +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 3182246526754555285 (0x2c299c5b16ed0595) + Signature Algorithm: ecdsa-with-SHA256 + Validity + Not Before: Feb 12 18:15:23 2016 GMT + Not After : Feb 12 18:15:23 2041 GMT + Subject: C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com EV Root Certification Authority ECC + X509v3 extensions: + X509v3 Subject Key Identifier: + 5B:CA:5E:E5:DE:D2:81:AA:CD:A8:2D:64:51:B6:D9:72:9B:97:E6:4F + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Authority Key Identifier: + keyid:5B:CA:5E:E5:DE:D2:81:AA:CD:A8:2D:64:51:B6:D9:72:9B:97:E6:4F + + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign +SHA1 Fingerprint=4C:DD:51:A3:D1:F5:20:32:14:B0:C6:C5:32:23:03:91:C7:46:42:6D +SHA256 Fingerprint=22:A2:C1:F7:BD:ED:70:4C:C1:E7:01:B5:F4:08:C3:10:88:0F:E9:56:B5:DE:2A:4A:44:F9:9C:87:3A:25:A7:C8 +-----BEGIN CERTIFICATE----- +MIIClDCCAhqgAwIBAgIILCmcWxbtBZUwCgYIKoZIzj0EAwIwfzELMAkGA1UEBhMC +VVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9T +U0wgQ29ycG9yYXRpb24xNDAyBgNVBAMMK1NTTC5jb20gRVYgUm9vdCBDZXJ0aWZp +Y2F0aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYwMjEyMTgxNTIzWhcNNDEwMjEyMTgx +NTIzWjB/MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hv +dXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjE0MDIGA1UEAwwrU1NMLmNv +bSBFViBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49 +AgEGBSuBBAAiA2IABKoSR5CYG/vvw0AHgyBO8TCCogbR8pKGYfL2IWjKAMTH6kMA +VIbc/R/fALhBYlzccBYy3h+Z1MzFB8gIH2EWB1E9fVwHU+M1OIzfzZ/ZLg1Kthku +WnBaBu2+8KGwytAJKaNjMGEwHQYDVR0OBBYEFFvKXuXe0oGqzagtZFG22XKbl+ZP +MA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUW8pe5d7SgarNqC1kUbbZcpuX +5k8wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2gAMGUCMQCK5kCJN+vp1RPZ +ytRrJPOwPYdGWBrssd9v+1a6cGvHOMzosYxPD/fxZ3YOg9AeUY8CMD32IygmTMZg +h5Mmm7I1HrrW9zzRHM76JTymGoEVW/MSD2zuZYrJh6j5B+BimoxcSg== +-----END CERTIFICATE----- +=== /C=US/ST=Texas/L=Houston/O=SSL Corporation/CN=SSL.com EV Root Certification Authority RSA R2 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 6248227494352943350 (0x56b629cd34bc78f6) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: May 31 18:14:37 2017 GMT + Not After : May 30 18:14:37 2042 GMT + Subject: C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com EV Root Certification Authority RSA R2 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Authority Key Identifier: + keyid:F9:60:BB:D4:E3:D5:34:F6:B8:F5:06:80:25:A7:73:DB:46:69:A8:9E + + X509v3 Subject Key Identifier: + F9:60:BB:D4:E3:D5:34:F6:B8:F5:06:80:25:A7:73:DB:46:69:A8:9E + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign +SHA1 Fingerprint=74:3A:F0:52:9B:D0:32:A0:F4:4A:83:CD:D4:BA:A9:7B:7C:2E:C4:9A +SHA256 Fingerprint=2E:7B:F1:6C:C2:24:85:A7:BB:E2:AA:86:96:75:07:61:B0:AE:39:BE:3B:2F:E9:D0:CC:6D:4E:F7:34:91:42:5C +-----BEGIN CERTIFICATE----- +MIIF6zCCA9OgAwIBAgIIVrYpzTS8ePYwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNV +BAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEQMA4GA1UEBwwHSG91c3RvbjEYMBYGA1UE +CgwPU1NMIENvcnBvcmF0aW9uMTcwNQYDVQQDDC5TU0wuY29tIEVWIFJvb3QgQ2Vy +dGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIyMB4XDTE3MDUzMTE4MTQzN1oXDTQy +MDUzMDE4MTQzN1owgYIxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEQMA4G +A1UEBwwHSG91c3RvbjEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMTcwNQYDVQQD +DC5TU0wuY29tIEVWIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIy +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAjzZlQOHWTcDXtOlG2mvq +M0fNTPl9fb69LT3w23jhhqXZuglXaO1XPqDQCEGD5yhBJB/jchXQARr7XnAjssuf +OePPxU7Gkm0mxnu7s9onnQqG6YE3Bf7wcXHswxzpY6IXFJ3vG2fThVUCAtZJycxa +4bH3bzKfydQ7iEGonL3Lq9ttewkfokxykNorCPzPPFTOZw+oz12WGQvE43LrrdF9 +HSfvkusQv1vrO6/PgN3B0pYEW3p+pKk8OHakYo6gOV7qd89dAFmPZiw+B6KjBSYR +aZfqhbcPlgtLyEDhULouisv3D5oi53+aNxPN8k0TayHRwMwi8qFG9kRpnMphNQcA +b9ZhCBHqurj26bNg5U257J8UZslXWNvNh2n4ioYSA0e/ZhN2rHd9NCSFg83XqpyQ +Gp8hLH94t2S42Oim9HizVcuE0jLEeK6jj2HdzghTreyI/BXkmg3mnxp3zkyPuBQV +PWKchjgGAGYS5Fl2WlPAApiiECtoRHuOec4zSnaqW4EWG7WK2NAAe15itAnWhmMO +pgWVSbooi4iTsjQc2KRVbrcc0N6ZVTsj9CLg+SlmJuwgUHfbSguPvuUCYHBBXtSu +UDkiFCbLsjtzdFVHB3mBOagwE0TlBIqulhMlQg+5U8Sb/M3kHN48+qvWBkofZ6aY +MBzdLNvcGJVXZsb/XItW9XcCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNV +HSMEGDAWgBT5YLvU49U09rj1BoAlp3PbRmmonjAdBgNVHQ4EFgQU+WC71OPVNPa4 +9QaAJadz20ZpqJ4wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQBW +s47LCp1Jjr+kxJG7ZhcFUZh1++VQLHqe8RT6q9OKPv+RKY9ji9i0qVQBDb6Thi/5 +Sm3HXvVX+cpVHBK+Rw82xd9qt9t1wkclf7nxY/hoLVUE0fKNsKTPvDxeH3jnpaAg +cLAExbf3cqfeIg29MyVGjGSSJuM+LmOW2puMPfgYCdcDzH2GguDKBAdRUNf/ktUM +79qGn5nX67evaOI5JpS6aLe/g9Pqemc9YmeuJeVy6OLk7K4S9ksrPJ/psEDzOFSz +/bdoyNrGj1E8svuR3Bznm53htw1yj+KkxKl4+esUrMZDBcJlOSgYAsOCsp0FvmXt +ll9ldDz7CTUue5wT/RsPXcdtgTpWD8w74a8CLyKsRspGPKAcTNZEtF4uXBVmCeEm +Kf7GUmG6sXP/wwyc5WxqlD8UykAWlYTzWamsX0xhk23RO8yilQwipmdnRC652dKK +QbNmC1r7fSOl8hqw/96bg5Qu0T/fkreRrwU7ZcegbLHNYhLDkBvjJc40vG93drEQ +w/cFGsDWr3RiSBd3kmmQYRzelYB0VI8YHMPzA9C/pEN1hlMYegouCRw2n5H9gooi +S9EOUCXdywMMF8mDAAhONU2Ki+3wApRmLER/y5UnlhetCTCstnEXbosX9hwJ1C07 +mKVx01QT2WDz9UtmT/rx7iASjbSsV7FFY6GsdqnC+w== +-----END CERTIFICATE----- +=== /C=US/ST=Texas/L=Houston/O=SSL Corporation/CN=SSL.com Root Certification Authority ECC +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 8495723813297216424 (0x75e6dfcbc1685ba8) + Signature Algorithm: ecdsa-with-SHA256 + Validity + Not Before: Feb 12 18:14:03 2016 GMT + Not After : Feb 12 18:14:03 2041 GMT + Subject: C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com Root Certification Authority ECC + X509v3 extensions: + X509v3 Subject Key Identifier: + 82:D1:85:73:30:E7:35:04:D3:8E:02:92:FB:E5:A4:D1:C4:21:E8:CD + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Authority Key Identifier: + keyid:82:D1:85:73:30:E7:35:04:D3:8E:02:92:FB:E5:A4:D1:C4:21:E8:CD + + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign +SHA1 Fingerprint=C3:19:7C:39:24:E6:54:AF:1B:C4:AB:20:95:7A:E2:C3:0E:13:02:6A +SHA256 Fingerprint=34:17:BB:06:CC:60:07:DA:1B:96:1C:92:0B:8A:B4:CE:3F:AD:82:0E:4A:A3:0B:9A:CB:C4:A7:4E:BD:CE:BC:65 +-----BEGIN CERTIFICATE----- +MIICjTCCAhSgAwIBAgIIdebfy8FoW6gwCgYIKoZIzj0EAwIwfDELMAkGA1UEBhMC +VVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9T +U0wgQ29ycG9yYXRpb24xMTAvBgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZpY2F0 +aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYwMjEyMTgxNDAzWhcNNDEwMjEyMTgxNDAz +WjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hvdXN0 +b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NMLmNvbSBS +b290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49AgEGBSuB +BAAiA2IABEVuqVDEpiM2nl8ojRfLliJkP9x6jh3MCLOicSS6jkm5BBtHllirLZXI +7Z4INcgn64mMU1jrYor+8FsPazFSY0E7ic3s7LaNGdM0B9y7xgZ/wkWV7Mt/qCPg +CemB+vNH06NjMGEwHQYDVR0OBBYEFILRhXMw5zUE044CkvvlpNHEIejNMA8GA1Ud +EwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUgtGFczDnNQTTjgKS++Wk0cQh6M0wDgYD +VR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2cAMGQCMG/n61kRpGDPYbCWe+0F+S8T +kdzt5fxQaxFGRrMcIQBiu77D5+jNB5n5DQtdcj7EqgIwH7y6C+IwJPt8bYBVCpk+ +gA0z5Wajs6O7pdWLjwkspl1+4vAHCGht0nxpbl/f5Wpl +-----END CERTIFICATE----- +=== /C=US/ST=Texas/L=Houston/O=SSL Corporation/CN=SSL.com Root Certification Authority RSA +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 8875640296558310041 (0x7b2c9bd316803299) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Feb 12 17:39:39 2016 GMT + Not After : Feb 12 17:39:39 2041 GMT + Subject: C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com Root Certification Authority RSA + X509v3 extensions: + X509v3 Subject Key Identifier: + DD:04:09:07:A2:F5:7A:7D:52:53:12:92:95:EE:38:80:25:0D:A6:59 + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Authority Key Identifier: + keyid:DD:04:09:07:A2:F5:7A:7D:52:53:12:92:95:EE:38:80:25:0D:A6:59 + + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign +SHA1 Fingerprint=B7:AB:33:08:D1:EA:44:77:BA:14:80:12:5A:6F:BD:A9:36:49:0C:BB +SHA256 Fingerprint=85:66:6A:56:2E:E0:BE:5C:E9:25:C1:D8:89:0A:6F:76:A8:7E:C1:6D:4D:7D:5F:29:EA:74:19:CF:20:12:3B:69 +-----BEGIN CERTIFICATE----- +MIIF3TCCA8WgAwIBAgIIeyyb0xaAMpkwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UE +BhMCVVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQK +DA9TU0wgQ29ycG9yYXRpb24xMTAvBgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZp +Y2F0aW9uIEF1dGhvcml0eSBSU0EwHhcNMTYwMjEyMTczOTM5WhcNNDEwMjEyMTcz +OTM5WjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hv +dXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NMLmNv +bSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFJTQTCCAiIwDQYJKoZIhvcN +AQEBBQADggIPADCCAgoCggIBAPkP3aMrfcvQKv7sZ4Wm5y4bunfh4/WvpOz6Sl2R +xFdHaxh3a3by/ZPkPQ/CFp4LZsNWlJ4Xg4XOVu/yFv0AYvUiCVToZRdOQbngT0aX +qhvIuG5iXmmxX9sqAn78bMrzQdjt0Oj8P2FI7bADFB0QDksZ4LtO7IZl/zbzXmcC +C52GVWH9ejjt/uIZALdvoVBidXQ8oPrIJZK0bnoix/geoeOy3ZExqysdBP+lSgQ3 +6YWkMyv94tZVNHwZpEpox7Ko07fKoZOI68GXvIz5HdkihCR0xwQ9aqkpk8zruFvh +/l8lqjRYyMEjVJ0bmBHDOJx+PYZspQ9AhnwC9FwCTyjLrnGfDzrIM/4RJTXq/LrF +YD3ZfBjVsqnTdXgDciLKOsMf7yzlLqn6niy2UUb9rwPW6mBo6oUWNmuF6R7As93E +JNyAKoFBbZQ+yODJgUEAnl6/f8UImKIYLEJAs/lvOCdLToD0PYFH4Ih86hzOtXVc +US4cK38acijnALXRdMbX5J+tB5O2UzU1/Dfkw/ZdFr4hc96SCvigY2q8lpJqPvi8 +ZVWb3vUNiSYE/CUapiVpy8JtynziWV+XrOvvLsi81xtZPCvM8hnIk2snYxnP/Okm ++Mpxm3+T/jRnhE6Z6/yzeAkzcLpmpnbtG3PrGqUNxCITIJRWCk4sbE6x/c+cCbqi +M+2HAgMBAAGjYzBhMB0GA1UdDgQWBBTdBAkHovV6fVJTEpKV7jiAJQ2mWTAPBgNV +HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFN0ECQei9Xp9UlMSkpXuOIAlDaZZMA4G +A1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAIBgRlCn7Jp0cHh5wYfGV +cpNxJK1ok1iOMq8bs3AD/CUrdIWQPXhq9LmLpZc7tRiRux6n+UBbkflVma8eEdBc +Hadm47GUBwwyOabqG7B52B2ccETjit3E+ZUfijhDPwGFpUenPUayvOUiaPd7nNgs +PgohyC0zrL/FgZkxdMF1ccW+sfAjRfSda/wZY52jvATGGAslu1OJD7OAUN5F7kR/ +q5R4ZJjT9ijdh9hwZXT7DrkT66cPYakylszeu+1jTBi7qUD3oFRuIIhxdRjqerQ0 +cuAjJ3dctpDqhiVAq+8zD8ufgr6iIPv2tS0a5sKFsXQP+8hlAqRSAUfdSSLBv9jr +a6x+3uxjMxW3IwiPxg+NQVrdjsW5j+VFP3jbutIbQLH+cU0/4IGiul607BXgk90I +H37hVZkLId6Tngr75qNJvTYw/ud3sqB1l7UtgYgXZSD32pAAn8lSzDLKNXz1PQ/Y +K9f1JmzJBjSWFupwWRoyeXkLtoh/D1JIPb9s2KJELtFOt3JY04kTlf5Eq/jXixtu +nLwsoFvVagCvXzfh1foQC5ichucmj87w7G6KVwuA406ywKBjYZC6VWg3dGq2ktuf +oYYitmUnDuy2n0Jg5GfCtdpBC8TTi2EbvPofkSvXRAdeuims2cXp71NIWuuA8ShY +Ic2wBlX7Jz9TkHCpBB5XJ7k= +-----END CERTIFICATE----- + +### Staat der Nederlanden + +=== /C=NL/O=Staat der Nederlanden/CN=Staat der Nederlanden EV Root CA +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 10000013 (0x98968d) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Dec 8 11:19:29 2010 GMT + Not After : Dec 8 11:10:28 2022 GMT + Subject: C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden EV Root CA + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + FE:AB:00:90:98:9E:24:FC:A9:CC:1A:8A:FB:27:B8:BF:30:6E:A8:3B +SHA1 Fingerprint=76:E2:7E:C1:4F:DB:82:C1:C0:A6:75:B5:05:BE:3D:29:B4:ED:DB:BB +SHA256 Fingerprint=4D:24:91:41:4C:FE:95:67:46:EC:4C:EF:A6:CF:6F:72:E2:8A:13:29:43:2F:9D:8A:90:7A:C4:CB:5D:AD:C1:5A +-----BEGIN CERTIFICATE----- +MIIFcDCCA1igAwIBAgIEAJiWjTANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJO +TDEeMBwGA1UECgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSkwJwYDVQQDDCBTdGFh +dCBkZXIgTmVkZXJsYW5kZW4gRVYgUm9vdCBDQTAeFw0xMDEyMDgxMTE5MjlaFw0y +MjEyMDgxMTEwMjhaMFgxCzAJBgNVBAYTAk5MMR4wHAYDVQQKDBVTdGFhdCBkZXIg +TmVkZXJsYW5kZW4xKTAnBgNVBAMMIFN0YWF0IGRlciBOZWRlcmxhbmRlbiBFViBS +b290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA48d+ifkkSzrS +M4M1LGns3Amk41GoJSt5uAg94JG6hIXGhaTK5skuU6TJJB79VWZxXSzFYGgEt9nC +UiY4iKTWO0Cmws0/zZiTs1QUWJZV1VD+hq2kY39ch/aO5ieSZxeSAgMs3NZmdO3d +Z//BYY1jTw+bbRcwJu+r0h8QoPnFfxZpgQNH7R5ojXKhTbImxrpsX23Wr9GxE46p +rfNeaXUmGD5BKyF/7otdBwadQ8QpCiv8Kj6GyzyDOvnJDdrFmeK8eEEzduG/L13l +pJhQDBXd4Pqcfzho0LKmeqfRMb1+ilgnQ7O6M5HTp5gVXJrm0w912fxBmJc+qiXb +j5IusHsMX/FjqTf5m3VpTCgmJdrV8hJwRVXj33NeN/UhbJCONVrJ0yPr08C+eKxC +KFhmpUZtcALXEPlLVPxdhkqHz3/KRawRWrUgUY0viEeXOcDPusBCAUCZSCELa6fS +/ZbV0b5GnUngC6agIk440ME8MLxwjyx1zNDFjFE7PZQIZCZhfbnDZY8UnCHQqv0X +cgOPvZuM5l5Tnrmd74K74bzickFbIZTTRTeU0d8JOV3nI6qaHcptqAqGhYqCvkIH +1vI4gnPah1vlPNOePqc7nvQDs/nxfRN0Av+7oeX6AHkcpmZBiFxgV6YuCcS6/ZrP +px9Aw7vMWgpVSzs4dlG4Y4uElBbmVvMCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB +/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFP6rAJCYniT8qcwaivsnuL8wbqg7 +MA0GCSqGSIb3DQEBCwUAA4ICAQDPdyxuVr5Os7aEAJSrR8kN0nbHhp8dB9O2tLsI +eK9p0gtJ3jPFrK3CiAJ9Brc1AsFgyb/E6JTe1NOpEyVa/m6irn0F3H3zbPB+po3u +2dfOWBfoqSmuc0iH55vKbimhZF8ZE/euBhD/UcabTVUlT5OZEAFTdfETzsemQUHS +v4ilf0X8rLiltTMMgsT7B/Zq5SWEXwbKwYY5EdtYzXc7LMJMD16a4/CrPmEbUCTC +wPTxGfARKbalGAKb12NMcIxHowNDXLldRqANb/9Zjr7dn3LDWyvfjFvO5QxGbJKy +CqNMVEIYFRIYvdr8unRu/8G2oGTYqV9Vrp9canaW2HNnh/tNf1zuacpzEPuKqf2e +vTY4SUmH9A4U8OmHuD+nT3pajnnUk+S7aFKErGzp85hwVXIy+TSrK0m1zSBi5Dp6 +Z2Orltxtrpfs/J92VoguZs9btsmksNcFuuEnL5O7Jiqik7Ab846+HUCjuTaPPoIa +Gl6I6lD4WeKDRikL40Rc4ZW2aZCaFG+XroHPaO+Zmr615+F/+PoTRxZMzG0IQOeL +eG9QgkRQP2YGiqtDhFZKDyAthg710tvSeopLzaXoTvFeJiUBWSOgftL2fiFX1ye8 +FVdMpEbB4IMeDExNH08GGeL5qPQ6gqGyeUN51q1veieQA6TqJIc/2b3Z6fJfUEkc +7uzXLg== +-----END CERTIFICATE----- +=== /C=NL/O=Staat der Nederlanden/CN=Staat der Nederlanden Root CA - G2 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 10000012 (0x98968c) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Mar 26 11:18:17 2008 GMT + Not After : Mar 25 11:03:10 2020 GMT + Subject: C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden Root CA - G2 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Certificate Policies: + Policy: X509v3 Any Policy + CPS: http://www.pkioverheid.nl/policies/root-policy-G2 + + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + 91:68:32:87:15:1D:89:E2:B5:F1:AC:36:28:34:8D:0B:7C:62:88:EB +SHA1 Fingerprint=59:AF:82:79:91:86:C7:B4:75:07:CB:CF:03:57:46:EB:04:DD:B7:16 +SHA256 Fingerprint=66:8C:83:94:7D:A6:3B:72:4B:EC:E1:74:3C:31:A0:E6:AE:D0:DB:8E:C5:B3:1B:E3:77:BB:78:4F:91:B6:71:6F +-----BEGIN CERTIFICATE----- +MIIFyjCCA7KgAwIBAgIEAJiWjDANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJO +TDEeMBwGA1UECgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSswKQYDVQQDDCJTdGFh +dCBkZXIgTmVkZXJsYW5kZW4gUm9vdCBDQSAtIEcyMB4XDTA4MDMyNjExMTgxN1oX +DTIwMDMyNTExMDMxMFowWjELMAkGA1UEBhMCTkwxHjAcBgNVBAoMFVN0YWF0IGRl +ciBOZWRlcmxhbmRlbjErMCkGA1UEAwwiU3RhYXQgZGVyIE5lZGVybGFuZGVuIFJv +b3QgQ0EgLSBHMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMVZ5291 +qj5LnLW4rJ4L5PnZyqtdj7U5EILXr1HgO+EASGrP2uEGQxGZqhQlEq0i6ABtQ8Sp +uOUfiUtnvWFI7/3S4GCI5bkYYCjDdyutsDeqN95kWSpGV+RLufg3fNU254DBtvPU +Z5uW6M7XxgpT0GtJlvOjCwV3SPcl5XCsMBQgJeN/dVrlSPhOewMHBPqCYYdu8DvE +pMfQ9XQ+pV0aCPKbJdL2rAQmPlU6Yiile7Iwr/g3wtG61jj99O9JMDeZJiFIhQGp +5Rbn3JBV3w/oOM2ZNyFPXfUib2rFEhZgF1XyZWampzCROME4HYYEhLoaJXhena/M +UGDWE4dS7WMfbWV9whUYdMrhfmQpjHLYFhN9C0lK8SgbIHRrxT3dsKpICT0ugpTN +GmXZK4iambwYfp/ufWZ8Pr2UuIHOzZgweMFvZ9C+X+Bo7d7iscksWXiSqt8rYGPy +5V6548r6f1CGPqI0GAwJaCgRHOThuVw+R7oyPxjMW4T182t0xHJ04eOLoEq9jWYv +6q012iDTiIJh8BIitrzQ1aTsr1SIJSQ8p22xcik/Plemf1WvbibG/ufMQFxRRIEK +eN5KzlW/HdXZt1bv8Hb/C3m1r737qWmRRpdogBQ2HbN/uymYNqUg+oJgYjOk7Na6 +B6duxc8UpufWkjTYgfX8HV2qXB72o007uPc5AgMBAAGjgZcwgZQwDwYDVR0TAQH/ +BAUwAwEB/zBSBgNVHSAESzBJMEcGBFUdIAAwPzA9BggrBgEFBQcCARYxaHR0cDov +L3d3dy5wa2lvdmVyaGVpZC5ubC9wb2xpY2llcy9yb290LXBvbGljeS1HMjAOBgNV +HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJFoMocVHYnitfGsNig0jQt8YojrMA0GCSqG +SIb3DQEBCwUAA4ICAQCoQUpnKpKBglBu4dfYszk78wIVCVBR7y29JHuIhjv5tLyS +CZa59sCrI2AGeYwRTlHSeYAz+51IvuxBQ4EffkdAHOV6CMqqi3WtFMTC6GY8ggen +5ieCWxjmD27ZUD6KQhgpxrRW/FYQoAUXvQwjf/ST7ZwaUb7dRUG/kSS0H4zpX897 +IZmflZ85OkYcbPnNe5yQzSipx6lVu6xiNGI1E0sUOlWDuYaNkqbG9AclVMwWVxJK +gnjIFNkXgiYtXSAfea7+1HAWFpWD2DU5/1JddRwWxRNVz0fMdWVSSt7wsKfkCpYL ++63C4iWEst3kvX5ZbJvw8NjnyvLplzh+ib7M+zkXYT9y2zqR2GUBGR2tUKRXCnxL +vJxxcypFURmFzI79R6d0lR2o0a9OF7FpJsKqeFdbxU2n5Z4FF5TKsl+gSRiNNOkm +bEgeqmiSBeGCc1qb3AdbCG19ndeNIdn8FCCqwkXfP+cAslHkwvgFuXkajDTznlvk +N1trSt8sV4pAWja63XVECDdCcAz+3F4hoKOKwJCcaNpQ5kUQR3i2TtJlycM33+FC +Y7BXN0Ute4qcvwXqZVUz9zkQxSgqIXobisQk+T8VyJoVIPVVYpbtbZNQvOSqeK3Z +ywplh6ZmwcSBo3c6WB4L7oOLnR7SUqTMHW+wmG2UMbX4cQrcufx9MmDm66+KAQ== +-----END CERTIFICATE----- +=== /C=NL/O=Staat der Nederlanden/CN=Staat der Nederlanden Root CA - G3 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 10003001 (0x98a239) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Nov 14 11:28:42 2013 GMT + Not After : Nov 13 23:00:00 2028 GMT + Subject: C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden Root CA - G3 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + 54:AD:FA:C7:92:57:AE:CA:35:9C:2E:12:FB:E4:BA:5D:20:DC:94:57 +SHA1 Fingerprint=D8:EB:6B:41:51:92:59:E0:F3:E7:85:00:C0:3D:B6:88:97:C9:EE:FC +SHA256 Fingerprint=3C:4F:B0:B9:5A:B8:B3:00:32:F4:32:B8:6F:53:5F:E1:72:C1:85:D0:FD:39:86:58:37:CF:36:18:7F:A6:F4:28 +-----BEGIN CERTIFICATE----- +MIIFdDCCA1ygAwIBAgIEAJiiOTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJO +TDEeMBwGA1UECgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSswKQYDVQQDDCJTdGFh +dCBkZXIgTmVkZXJsYW5kZW4gUm9vdCBDQSAtIEczMB4XDTEzMTExNDExMjg0MloX +DTI4MTExMzIzMDAwMFowWjELMAkGA1UEBhMCTkwxHjAcBgNVBAoMFVN0YWF0IGRl +ciBOZWRlcmxhbmRlbjErMCkGA1UEAwwiU3RhYXQgZGVyIE5lZGVybGFuZGVuIFJv +b3QgQ0EgLSBHMzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL4yolQP +cPssXFnrbMSkUeiFKrPMSjTysF/zDsccPVMeiAho2G89rcKezIJnByeHaHE6n3WW +IkYFsO2tx1ueKt6c/DrGlaf1F2cY5y9JCAxcz+bMNO14+1Cx3Gsy8KL+tjzk7FqX +xz8ecAgwoNzFs21v0IJyEavSgWhZghe3eJJg+szeP4TrjTgzkApyI/o1zCZxMdFy +KJLZWyNtZrVtB0LrpjPOktvA9mxjeM3KTj215VKb8b475lRgsGYeCasH/lSJEULR +9yS6YHgamPfJEf0WwTUaVHXvQ9Plrk7O53vDxk5hUUurmkVLoR9BvUhTFXFkC4az +5S6+zqQbwSmEorXLCCN2QyIkHxcE1G6cxvx/K2Ya7Irl1s9N9WMJtxU51nus6+N8 +6U78dULI7ViVDAZCopz35HCz33JvWjdAidiFpNfxC95DGdRKWCyMijmev4SH8RY7 +Ngzp07TKbBlBUgmhHbBqv4LvcFEhMtwFdozL92TkA1CvjJFnq8Xy7ljY3r735zHP +bMk7ccHViLVlvMDoFxcHErVc0qsgk7TmgoNwNsXNo42ti+yjwUOH5kPiNL6VizXt +BznaqB16nzaeErAMZRKQFWDZJkBE41ZgpRDUajz9QdwOWke275dhdU/Z/seyHdTt +XUmzqWrLZoQT1Vyg3N9udwbRcXXIV2+vD3dbAgMBAAGjQjBAMA8GA1UdEwEB/wQF +MAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRUrfrHkleuyjWcLhL75Lpd +INyUVzANBgkqhkiG9w0BAQsFAAOCAgEAMJmdBTLIXg47mAE6iqTnB/d6+Oea31BD +U5cqPco8R5gu4RV78ZLzYdqQJRZlwJ9UXQ4DO1t3ApyEtg2YXzTdO2PCwyiBwpwp +LiniyMMB8jPqKqrMCQj3ZWfGzd/TtiunvczRDnBfuCPRy5FOCvTIeuXZYzbB1N/8 +Ipf3YF3qKS9Ysr1YvY2WTxB1v0h7PVGHoTx0IsL8B3+A3MSs/mrBcDCw6Y5p4ixp +gZQJut3+TcCDjJRYwEYgr5wfAvg1VUkvRtTA8KCWAg8zxXHzniN9lLf9OtMJgwYh +/WA9rjLA0u6NpvDntIJ8CsxwyXmA+P5M9zWEGYox+wrZ13+b8KKaa8MFSu1BYBQw +0aoRQm7TIwIEC8Zl3d1Sd9qBa7Ko+gE4uZbqKmxnl4mUnrzhVNXkanjvSr0rmj1A +fsbAddJu+2gw7OyLnflJNZoaLNmzlTnVHpL3prllL+U9bTpITAjc5CgSKL59NVzq +4BZ+Extq1z7XnvwtdbLBFNUjA9tbbws+eC8N3jONFrdI54OagQ97wUNNVQQXOEpR +1VmiiXTTn74eS9fGbbeIJG9gkaSChVtWQbzQRKtqE77RLFi3EjNYsjdj3BP1lB0/ +QFH1T/U67cjF68IeHRaVesd+QnGTbksVtzDfqu1XhUisHWrdOWnk4Xl4vs4Fv6EM +94B7IWcnMFk= +-----END CERTIFICATE----- + +### Starfield Technologies, Inc. + +=== /C=US/O=Starfield Technologies, Inc./OU=Starfield Class 2 Certification Authority +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 0 (0x0) + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Jun 29 17:39:16 2004 GMT + Not After : Jun 29 17:39:16 2034 GMT + Subject: C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority + X509v3 extensions: + X509v3 Subject Key Identifier: + BF:5F:B7:D1:CE:DD:1F:86:F4:5B:55:AC:DC:D7:10:C2:0E:A9:88:E7 + X509v3 Authority Key Identifier: + keyid:BF:5F:B7:D1:CE:DD:1F:86:F4:5B:55:AC:DC:D7:10:C2:0E:A9:88:E7 + DirName:/C=US/O=Starfield Technologies, Inc./OU=Starfield Class 2 Certification Authority + serial:00 + + X509v3 Basic Constraints: + CA:TRUE +SHA1 Fingerprint=AD:7E:1C:28:B0:64:EF:8F:60:03:40:20:14:C3:D0:E3:37:0E:B5:8A +SHA256 Fingerprint=14:65:FA:20:53:97:B8:76:FA:A6:F0:A9:95:8E:55:90:E4:0F:CC:7F:AA:4F:B7:C2:C8:67:75:21:FB:5F:B6:58 +-----BEGIN CERTIFICATE----- +MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl +MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp +U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw +NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE +ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp +ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3 +DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf +8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN ++lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0 +X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa +K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA +1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G +A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR +zt0fhvRbVazc1xDCDqmI56FspGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0 +YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD +bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w +DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3 +L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D +eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl +xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp +VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY +WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8fF5Q= +-----END CERTIFICATE----- +=== /C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./CN=Starfield Root Certificate Authority - G2 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 0 (0x0) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Sep 1 00:00:00 2009 GMT + Not After : Dec 31 23:59:59 2037 GMT + Subject: C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + 7C:0C:32:1F:A7:D9:30:7F:C4:7D:68:A3:62:A8:A1:CE:AB:07:5B:27 +SHA1 Fingerprint=B5:1C:06:7C:EE:2B:0C:3D:F8:55:AB:2D:92:F4:FE:39:D4:E7:0F:0E +SHA256 Fingerprint=2C:E1:CB:0B:F9:D2:F9:E1:02:99:3F:BE:21:51:52:C3:B2:DD:0C:AB:DE:1C:68:E5:31:9B:83:91:54:DB:B7:F5 +-----BEGIN CERTIFICATE----- +MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMx +EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT +HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAMTKVN0YXJmaWVs +ZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAw +MFoXDTM3MTIzMTIzNTk1OVowgY8xCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6 +b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQgVGVj +aG5vbG9naWVzLCBJbmMuMTIwMAYDVQQDEylTdGFyZmllbGQgUm9vdCBDZXJ0aWZp +Y2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBAL3twQP89o/8ArFvW59I2Z154qK3A2FWGMNHttfKPTUuiUP3oWmb3ooa/RMg +nLRJdzIpVv257IzdIvpy3Cdhl+72WoTsbhm5iSzchFvVdPtrX8WJpRBSiUZV9Lh1 +HOZ/5FSuS/hVclcCGfgXcVnrHigHdMWdSL5stPSksPNkN3mSwOxGXn/hbVNMYq/N +Hwtjuzqd+/x5AJhhdM8mgkBj87JyahkNmcrUDnXMN/uLicFZ8WJ/X7NfZTD4p7dN +dloedl40wOiWVpmKs/B/pM293DIxfJHP4F8R+GuqSVzRmZTRouNjWwl2tVZi4Ut0 +HZbUJtQIBFnQmA4O5t78w+wfkPECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO +BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFHwMMh+n2TB/xH1oo2Kooc6rB1snMA0G +CSqGSIb3DQEBCwUAA4IBAQARWfolTwNvlJk7mh+ChTnUdgWUXuEok21iXQnCoKjU +sHU48TRqneSfioYmUeYs0cYtbpUgSpIB7LiKZ3sx4mcujJUDJi5DnUox9g61DLu3 +4jd/IroAow57UvtruzvE03lRTs2Q9GcHGcg8RnoNAX3FWOdt5oUwF5okxBDgBPfg +8n/Uqgr/Qh037ZTlZFkSIHc40zI+OIF1lnP6aI+xy84fxez6nH7PfrHxBy22/L/K +pL/QlwVKvOoYKAKQvVR4CSFx09F9HdkWsKlhPdAKACL8x3vLCWRFCztAgfd9fDL1 +mMpYjn0q7pBZc2T5NnReJaH1ZgUufzkVqSr7UIuOhWn0 +-----END CERTIFICATE----- +=== /C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./CN=Starfield Services Root Certificate Authority - G2 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 0 (0x0) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Sep 1 00:00:00 2009 GMT + Not After : Dec 31 23:59:59 2037 GMT + Subject: C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + 9C:5F:00:DF:AA:01:D7:30:2B:38:88:A2:B8:6D:4A:9C:F2:11:91:83 +SHA1 Fingerprint=92:5A:8F:8D:2C:6D:04:E0:66:5F:59:6A:FF:22:D8:63:E8:25:6F:3F +SHA256 Fingerprint=56:8D:69:05:A2:C8:87:08:A4:B3:02:51:90:ED:CF:ED:B1:97:4A:60:6A:13:C6:E5:29:0F:CB:2A:E6:3E:DA:B5 +-----BEGIN CERTIFICATE----- +MIID7zCCAtegAwIBAgIBADANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMx +EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT +HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xOzA5BgNVBAMTMlN0YXJmaWVs +ZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5 +MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgZgxCzAJBgNVBAYTAlVTMRAwDgYD +VQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFy +ZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTswOQYDVQQDEzJTdGFyZmllbGQgU2Vy +dmljZXMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBANUMOsQq+U7i9b4Zl1+OiFOxHz/Lz58gE20p +OsgPfTz3a3Y4Y9k2YKibXlwAgLIvWX/2h/klQ4bnaRtSmpDhcePYLQ1Ob/bISdm2 +8xpWriu2dBTrz/sm4xq6HZYuajtYlIlHVv8loJNwU4PahHQUw2eeBGg6345AWh1K +Ts9DkTvnVtYAcMtS7nt9rjrnvDH5RfbCYM8TWQIrgMw0R9+53pBlbQLPLJGmpufe +hRhJfGZOozptqbXuNC66DQO4M99H67FrjSXZm86B0UVGMpZwh94CDklDhbZsc7tk +6mFBrMnUVN+HL8cisibMn1lUaJ/8viovxFUcdUBgF4UCVTmLfwUCAwEAAaNCMEAw +DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJxfAN+q +AdcwKziIorhtSpzyEZGDMA0GCSqGSIb3DQEBCwUAA4IBAQBLNqaEd2ndOxmfZyMI +bw5hyf2E3F/YNoHN2BtBLZ9g3ccaaNnRbobhiCPPE95Dz+I0swSdHynVv/heyNXB +ve6SbzJ08pGCL72CQnqtKrcgfU28elUSwhXqvfdqlS5sdJ/PHLTyxQGjhdByPq1z +qwubdQxtRbeOlKyWN7Wg0I8VRw7j6IPdj/3vQQF3zCepYoUz8jcI73HPdwbeyBkd +iEDPfUYd/x7H4c7/I9vG+o1VTqkC50cRRj70/b17KSa7qWFiNyi2LSr2EIZkyXCn +0q23KXB56jzaYyWf/Wi3MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCN +sSi6 +-----END CERTIFICATE----- + +### SwissSign AG + +=== /C=CH/O=SwissSign AG/CN=SwissSign Gold CA - G2 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 13492815561806991280 (0xbb401c43f55e4fb0) + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Oct 25 08:30:35 2006 GMT + Not After : Oct 25 08:30:35 2036 GMT + Subject: C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2 + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 5B:25:7B:96:A4:65:51:7E:B8:39:F3:C0:78:66:5E:E8:3A:E7:F0:EE + X509v3 Authority Key Identifier: + keyid:5B:25:7B:96:A4:65:51:7E:B8:39:F3:C0:78:66:5E:E8:3A:E7:F0:EE + + X509v3 Certificate Policies: + Policy: 2.16.756.1.89.1.2.1.1 + CPS: http://repository.swisssign.com/ + +SHA1 Fingerprint=D8:C5:38:8A:B7:30:1B:1B:6E:D4:7A:E6:45:25:3A:6F:9F:1A:27:61 +SHA256 Fingerprint=62:DD:0B:E9:B9:F5:0A:16:3E:A0:F8:E7:5C:05:3B:1E:CA:57:EA:55:C8:68:8F:64:7C:68:81:F2:C8:35:7B:95 +-----BEGIN CERTIFICATE----- +MIIFujCCA6KgAwIBAgIJALtAHEP1Xk+wMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV +BAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2ln +biBHb2xkIENBIC0gRzIwHhcNMDYxMDI1MDgzMDM1WhcNMzYxMDI1MDgzMDM1WjBF +MQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMR8wHQYDVQQDExZT +d2lzc1NpZ24gR29sZCBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC +CgKCAgEAr+TufoskDhJuqVAtFkQ7kpJcyrhdhJJCEyq8ZVeCQD5XJM1QiyUqt2/8 +76LQwB8CJEoTlo8jE+YoWACjR8cGp4QjK7u9lit/VcyLwVcfDmJlD909Vopz2q5+ +bbqBHH5CjCA12UNNhPqE21Is8w4ndwtrvxEvcnifLtg+5hg3Wipy+dpikJKVyh+c +6bM8K8vzARO/Ws/BtQpgvd21mWRTuKCWs2/iJneRjOBiEAKfNA+k1ZIzUd6+jbqE +emA8atufK+ze3gE/bk3lUIbLtK/tREDFylqM2tIrfKjuvqblCqoOpd8FUrdVxyJd +MmqXl2MT28nbeTZ7hTpKxVKJ+STnnXepgv9VHKVxaSvRAiTysybUa9oEVeXBCsdt +MDeQKuSeFDNeFhdVxVu1yzSJkvGdJo+hB9TGsnhQ2wwMC3wLjEHXuendjIj3o02y +MszYF9rNt85mndT9Xv+9lz4pded+p2JYryU0pUHHPbwNUMoDAw8IWh+Vc3hiv69y +FGkOpeUDDniOJihC8AcLYiAQZzlG+qkDzAQ4embvIIO1jEpWjpEA/I5cgt6IoMPi +aG59je883WX0XaxR7ySArqpWl2/5rX3aYT+YdzylkbYcjCbaZaIJbcHiVOO5ykxM +gI93e2CaHt+28kgeDrpOVG2Y4OGiGqJ3UM/EY5LsRxmd6+ZrzsECAwEAAaOBrDCB +qTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUWyV7 +lqRlUX64OfPAeGZe6Drn8O4wHwYDVR0jBBgwFoAUWyV7lqRlUX64OfPAeGZe6Drn +8O4wRgYDVR0gBD8wPTA7BglghXQBWQECAQEwLjAsBggrBgEFBQcCARYgaHR0cDov +L3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBACe6 +45R88a7A3hfm5djV9VSwg/S7zV4Fe0+fdWavPOhWfvxyeDgD2StiGwC5+OlgzczO +UYrHUDFu4Up+GC9pWbY9ZIEr44OE5iKHjn3g7gKZYbge9LgriBIWhMIxkziWMaa5 +O1M/wySTVltpkuzFwbs4AOPsF6m43Md8AYOfMke6UiI0HTJ6CVanfCU2qT1L2sCC +bwq7EsiHSycR+R4tx5M/nttfJmtS2S6K8RTGRI0Vqbe/vd6mGu6uLftIdxf+u+yv +GPUqUfA5hJeVbG4bwyvEdGB5JbAKJ9/fXtI5z0V9QkvfsywexcZdylU6oJxpmo/a +77KwPJ+HbBIrZXAVUjEaJM9vMSNQH4xPjyPDdEFjHFWoFN0+4FFQz/EbMFYOkrCC +hdiDyyJkvC24JdVUorgG6q2SpCSgwYa1ShNqR88uC1aVVMvOmttqtKay20EIhid3 +92qgQmwLOM7XdVAyksLfKzAiSNDVQTglXaTpXZ/GlHXQRf0wl0OPkKsKx4ZzYEpp +Ld6leNcG2mqeSz53OiATIgHQv2ieY2BrNU0LbbqhPcCT4H8js1WtciVORvnSFu+w +ZMEBnunKoGqYDs/YYPIvSbjkQuE4NRb0yG5P94FW6LqjviOvrv1vA+ACOzB2+htt +Qc8Bsem4yWb02ybzOqR08kkkW8mw0FfB+j564ZfJ +-----END CERTIFICATE----- +=== /C=CH/O=SwissSign AG/CN=SwissSign Silver CA - G2 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 5700383053117599563 (0x4f1bd42f54bb2f4b) + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Oct 25 08:32:46 2006 GMT + Not After : Oct 25 08:32:46 2036 GMT + Subject: C=CH, O=SwissSign AG, CN=SwissSign Silver CA - G2 + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 17:A0:CD:C1:E4:41:B6:3A:5B:3B:CB:45:9D:BD:1C:C2:98:FA:86:58 + X509v3 Authority Key Identifier: + keyid:17:A0:CD:C1:E4:41:B6:3A:5B:3B:CB:45:9D:BD:1C:C2:98:FA:86:58 + + X509v3 Certificate Policies: + Policy: 2.16.756.1.89.1.3.1.1 + CPS: http://repository.swisssign.com/ + +SHA1 Fingerprint=9B:AA:E5:9F:56:EE:21:CB:43:5A:BE:25:93:DF:A7:F0:40:D1:1D:CB +SHA256 Fingerprint=BE:6C:4D:A2:BB:B9:BA:59:B6:F3:93:97:68:37:42:46:C3:C0:05:99:3F:A9:8F:02:0D:1D:ED:BE:D4:8A:81:D5 +-----BEGIN CERTIFICATE----- +MIIFvTCCA6WgAwIBAgIITxvUL1S7L0swDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UE +BhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMYU3dpc3NTaWdu +IFNpbHZlciBDQSAtIEcyMB4XDTA2MTAyNTA4MzI0NloXDTM2MTAyNTA4MzI0Nlow +RzELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMY +U3dpc3NTaWduIFNpbHZlciBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A +MIICCgKCAgEAxPGHf9N4Mfc4yfjDmUO8x/e8N+dOcbpLj6VzHVxumK4DV644N0Mv +Fz0fyM5oEMF4rhkDKxD6LHmD9ui5aLlV8gREpzn5/ASLHvGiTSf5YXu6t+WiE7br +YT7QbNHm+/pe7R20nqA1W6GSy/BJkv6FCgU+5tkL4k+73JU3/JHpMjUi0R86TieF +nbAVlDLaYQ1HTWBCrpJH6INaUFjpiou5XaHc3ZlKHzZnu0jkg7Y360g6rw9njxcH +6ATK72oxh9TAtvmUcXtnZLi2kUpCe2UuMGoM9ZDulebyzYLs2aFK7PayS+VFheZt +eJMELpyCbTapxDFkH4aDCyr0NQp4yVXPQbBH6TCfmb5hqAaEuSh6XzjZG6k4sIN/ +c8HDO0gqgg8hm7jMqDXDhBuDsz6+pJVpATqJAHgE2cn0mRmrVn5bi4Y5FZGkECwJ +MoBgs5PAKrYYC51+jUnyEEp/+dVGLxmSo5mnJqy7jDzmDrxHB9xzUfFwZC8I+bRH +HTBsROopN4WSaGa8gzj+ezku01DwH/teYLappvonQfGbGHLy9YR0SslnxFSuSGTf +jNFusB3hB48IHpmccelM2KX3RxIfdNFRnobzwqIjQAtz20um53MGjMGg6cFZrEb6 +5i/4z3GcRm25xBWNOHkDRUjvxF3XCO6HOSKGsg0PWEP3calILv3q1h8CAwEAAaOB +rDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU +F6DNweRBtjpbO8tFnb0cwpj6hlgwHwYDVR0jBBgwFoAUF6DNweRBtjpbO8tFnb0c +wpj6hlgwRgYDVR0gBD8wPTA7BglghXQBWQEDAQEwLjAsBggrBgEFBQcCARYgaHR0 +cDovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIB +AHPGgeAn0i0P4JUw4ppBf1AsX19iYamGamkYDHRJ1l2E6kFSGG9YrVBWIGrGvShp +WJHckRE1qTodvBqlYJ7YH39FkWnZfrt4csEGDyrOj4VwYaygzQu4OSlWhDJOhrs9 +xCrZ1x9y7v5RoSJBsXECYxqCsGKrXlcSH9/L3XWgwF15kIwb4FDm3jH+mHtwX6WQ +2K34ArZv02DdQEsixT2tOnqfGhpHkXkzuoLcMmkDlm4fS/Bx/uNncqCxv1yL5PqZ +IseEuRuNI5c/7SXgz2W79WEE790eslpBIlqhn10s6FvJbakMDHiqYMZWjwFaDGi8 +aRl5xB9+lwW/xekkUV7U1UtT7dkjWjYDZaPBA61BMPNGG4WQr2W11bHkFlt4dR2X +em1ZqSqPe97Dh4kQmUlzeMg9vVE1dCrV8X5pGyq7O70luJpaPXJhkGaH7gzWTdQR +dAtq/gsD/KNVV4n+SsuuWxcFyPKNIzFTONItaj+CuY0IavdeQXRuwxF+B6wpYJE/ +OMpXEA29MC/HpeZBoNquBYeaoKRlbEwJDIm6uNO5wJOKMPqN5ZprFQFOZ6raYlY+ +hAhm0sQ2fac+EPyI4NSA5QC9qvNOBqN6avlicuMJT+ubDgEj8Z+7fNzcbBGXJbLy +tGMU0gYqZ4yD9c7qB9iaah7s5Aq7KkzrCWA5zspi2C5u +-----END CERTIFICATE----- + +### T-Systems Enterprise Services GmbH + +=== /C=DE/O=T-Systems Enterprise Services GmbH/OU=T-Systems Trust Center/CN=T-TeleSec GlobalRoot Class 2 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Oct 1 10:40:14 2008 GMT + Not After : Oct 1 23:59:59 2033 GMT + Subject: C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 2 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + BF:59:20:36:00:79:A0:A0:22:6B:8C:D5:F2:61:D2:B8:2C:CB:82:4A +SHA1 Fingerprint=59:0D:2D:7D:88:4F:40:2E:61:7E:A5:62:32:17:65:CF:17:D8:94:E9 +SHA256 Fingerprint=91:E2:F5:78:8D:58:10:EB:A7:BA:58:73:7D:E1:54:8A:8E:CA:CD:01:45:98:BC:0B:14:3E:04:1B:17:05:25:52 +-----BEGIN CERTIFICATE----- +MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx +KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd +BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl +YyBHbG9iYWxSb290IENsYXNzIDIwHhcNMDgxMDAxMTA0MDE0WhcNMzMxMDAxMjM1 +OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy +aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50 +ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqX9obX+hzkeXaXPSi5kfl82hVYAUd +AqSzm1nzHoqvNK38DcLZSBnuaY/JIPwhqgcZ7bBcrGXHX+0CfHt8LRvWurmAwhiC +FoT6ZrAIxlQjgeTNuUk/9k9uN0goOA/FvudocP05l03Sx5iRUKrERLMjfTlH6VJi +1hKTXrcxlkIF+3anHqP1wvzpesVsqXFP6st4vGCvx9702cu+fjOlbpSD8DT6Iavq +jnKgP6TeMFvvhk1qlVtDRKgQFRzlAVfFmPHmBiiRqiDFt1MmUUOyCxGVWOHAD3bZ +wI18gfNycJ5v/hqO2V81xrJvNHy+SE/iWjnX2J14np+GPgNeGYtEotXHAgMBAAGj +QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS/ +WSA2AHmgoCJrjNXyYdK4LMuCSjANBgkqhkiG9w0BAQsFAAOCAQEAMQOiYQsfdOhy +NsZt+U2e+iKo4YFWz827n+qrkRk4r6p8FU3ztqONpfSO9kSpp+ghla0+AGIWiPAC +uvxhI+YzmzB6azZie60EI4RYZeLbK4rnJVM3YlNfvNoBYimipidx5joifsFvHZVw +IEoHNN/q/xWA5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR3p1m0IvVVGb6 +g1XqfMIpiRvpb7PO4gWEyS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN +9noHV8cigwUtPJslJj0Ys6lDfMjIq2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlP +BSeOE6Fuwg== +-----END CERTIFICATE----- +=== /C=DE/O=T-Systems Enterprise Services GmbH/OU=T-Systems Trust Center/CN=T-TeleSec GlobalRoot Class 3 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Oct 1 10:29:56 2008 GMT + Not After : Oct 1 23:59:59 2033 GMT + Subject: C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 3 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + B5:03:F7:76:3B:61:82:6A:12:AA:18:53:EB:03:21:94:BF:FE:CE:CA +SHA1 Fingerprint=55:A6:72:3E:CB:F2:EC:CD:C3:23:74:70:19:9D:2A:BE:11:E3:81:D1 +SHA256 Fingerprint=FD:73:DA:D3:1C:64:4F:F1:B4:3B:EF:0C:CD:DA:96:71:0B:9C:D9:87:5E:CA:7E:31:70:7A:F3:E9:6D:52:2B:BD +-----BEGIN CERTIFICATE----- +MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx +KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd +BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl +YyBHbG9iYWxSb290IENsYXNzIDMwHhcNMDgxMDAxMTAyOTU2WhcNMzMxMDAxMjM1 +OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy +aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50 +ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwggEiMA0G +CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9dZPwYiJvJK7genasfb3ZJNW4t/zN +8ELg63iIVl6bmlQdTQyK9tPPcPRStdiTBONGhnFBSivwKixVA9ZIw+A5OO3yXDw/ +RLyTPWGrTs0NvvAgJ1gORH8EGoel15YUNpDQSXuhdfsaa3Ox+M6pCSzyU9XDFES4 +hqX2iys52qMzVNn6chr3IhUciJFrf2blw2qAsCTz34ZFiP0Zf3WHHx+xGwpzJFu5 +ZeAsVMhg02YXP+HMVDNzkQI6pn97djmiH5a2OK61yJN0HZ65tOVgnS9W0eDrXltM +EnAMbEQgqxHY9Bn20pxSN+f6tsIxO0rUFJmtxxr1XV/6B7h8DR/Wgx6zAgMBAAGj +QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS1 +A/d2O2GCahKqGFPrAyGUv/7OyjANBgkqhkiG9w0BAQsFAAOCAQEAVj3vlNW92nOy +WL6ukK2YJ5f+AbGwUgC4TeQbIXQbfsDuXmkqJa9c1h3a0nnJ85cp4IaH3gRZD/FZ +1GSFS5mvJQQeyUapl96Cshtwn5z2r3Ex3XsFpSzTucpH9sry9uetuUg/vBa3wW30 +6gmv7PO15wWeph6KU1HWk4HMdJP2udqmJQV0eVp+QD6CSyYRMG7hP0HHRwA11fXT +91Q+gT3aSWqas+8QPebrb9HIIkfLzM8BMZLZGOMivgkeGj5asuRrDFR6fUNOuIml +e9eiPZaGzPImNC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7PHi4b6HQDWSieB4p +TpPDpFQUWw== +-----END CERTIFICATE----- + +### TAIWAN-CA + +=== /C=TW/O=TAIWAN-CA/OU=Root CA/CN=TWCA Global Root CA +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 3262 (0xcbe) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Jun 27 06:28:33 2012 GMT + Not After : Dec 31 15:59:59 2030 GMT + Subject: C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Global Root CA + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE +SHA1 Fingerprint=9C:BB:48:53:F6:A4:F6:D3:52:A4:E8:32:52:55:60:13:F5:AD:AF:65 +SHA256 Fingerprint=59:76:90:07:F7:68:5D:0F:CD:50:87:2F:9F:95:D5:75:5A:5B:2B:45:7D:81:F3:69:2B:61:0A:98:67:2F:0E:1B +-----BEGIN CERTIFICATE----- +MIIFQTCCAymgAwIBAgICDL4wDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCVFcx +EjAQBgNVBAoTCVRBSVdBTi1DQTEQMA4GA1UECxMHUm9vdCBDQTEcMBoGA1UEAxMT +VFdDQSBHbG9iYWwgUm9vdCBDQTAeFw0xMjA2MjcwNjI4MzNaFw0zMDEyMzExNTU5 +NTlaMFExCzAJBgNVBAYTAlRXMRIwEAYDVQQKEwlUQUlXQU4tQ0ExEDAOBgNVBAsT +B1Jvb3QgQ0ExHDAaBgNVBAMTE1RXQ0EgR2xvYmFsIFJvb3QgQ0EwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQCwBdvI64zEbooh745NnHEKH1Jw7W2CnJfF +10xORUnLQEK1EjRsGcJ0pDFfhQKX7EMzClPSnIyOt7h52yvVavKOZsTuKwEHktSz +0ALfUPZVr2YOy+BHYC8rMjk1Ujoog/h7FsYYuGLWRyWRzvAZEk2tY/XTP3VfKfCh +MBwqoJimFb3u/Rk28OKRQ4/6ytYQJ0lM793B8YVwm8rqqFpD/G2Gb3PpN0Wp8DbH +zIh1HrtsBv+baz4X7GGqcXzGHaL3SekVtTzWoWH1EfcFbx39Eb7QMAfCKbAJTibc +46KokWofwpFFiFzlmLhxpRUZyXx1EcxwdE8tmx2RRP1WKKD+u4ZqyPpcC1jcxkt2 +yKsi2XMPpfRaAok/T54igu6idFMqPVMnaR1sjjIsZAAmY2E2TqNGtz99sy2sbZCi +laLOz9qC5wc0GZbpuCGqKX6mOL6OKUohZnkfs8O1CWfe1tQHRvMq2uYiN2DLgbYP +oA/pyJV/v1WRBXrPPRXAb94JlAGD1zQbzECl8LibZ9WYkTunhHiVJqRaCPgrdLQA +BDzfuBSO6N+pjWxnkjMdwLfS7JLIvgm/LCkFbwJrnu+8vyq8W8BQj0FwcYeyTbcE +qYSjMq+u7msXi7Kx/mzhkIyIqJdIzshNy/MGz19qCkKxHh53L46g5pIOBvwFItIm +4TFRfTLcDwIDAQABoyMwITAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB +/zANBgkqhkiG9w0BAQsFAAOCAgEAXzSBdu+WHdXltdkCY4QWwa6gcFGn90xHNcgL +1yg9iXHZqjNB6hQbbCEAwGxCGX6faVsgQt+i0trEfJdLjbDorMjupWkEmQqSpqsn +LhpNgb+E1HAerUf+/UqdM+DyucRFCCEK2mlpc3INvjT+lIutwx4116KD7+U4x6WF +H6vPNOw/KP4M8VeGTslV9xzU2KV9Bnpv1d8Q34FOIWWxtuEXeZVFBs5fzNxGiWNo +RI2T9GRwoD2dKAXDOXC4Ynsg/eTb6QihuJ49CcdP+yz4k3ZB3lLg4VfSnQO8d57+ +nile98FRYB/e2guyLXW3Q0iT5/Z5xoRdgFlglPx4mI88k1HtQJAH32RjJMtOcQWh +15QaiDLxInQirqWm2BJpTGCjAu4r7NRjkgtevi92a6O2JryPA9gK8kxkRr05YuWW +6zRjESjMlfGt7+/cgFhI6Uu46mWs6fyAtbXIRfmswZ/ZuepiiI7E8UuDEq3mi4TW +nsLrgxifarsbJGAzcMzs9zLzXNl5fe+epP7JI8Mk7hWSsT2RTyaGvWZzJBPqpK5j +wa19hAM8EHiGG3njxPPyBJUgriOCxLM6AGK/5jYk4Ve6xx6QddVfP5VhK8E7zeWz +aGHQRiapIVJpLesux+t3zqY6tQMzT3bR51xUAV3LePTJDL/PEo4XLSNolOer/qmy +KwbQBM0= +-----END CERTIFICATE----- +=== /C=TW/O=TAIWAN-CA/OU=Root CA/CN=TWCA Root Certification Authority +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Aug 28 07:24:33 2008 GMT + Not After : Dec 31 15:59:59 2030 GMT + Subject: C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority + X509v3 extensions: + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 6A:38:5B:26:8D:DE:8B:5A:F2:4F:7A:54:83:19:18:E3:08:35:A6:BA +SHA1 Fingerprint=CF:9E:87:6D:D3:EB:FC:42:26:97:A3:B5:A3:7A:A0:76:A9:06:23:48 +SHA256 Fingerprint=BF:D8:8F:E1:10:1C:41:AE:3E:80:1B:F8:BE:56:35:0E:E9:BA:D1:A6:B9:BD:51:5E:DC:5C:6D:5B:87:11:AC:44 +-----BEGIN CERTIFICATE----- +MIIDezCCAmOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJUVzES +MBAGA1UECgwJVEFJV0FOLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFU +V0NBIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDgwODI4MDcyNDMz +WhcNMzAxMjMxMTU1OTU5WjBfMQswCQYDVQQGEwJUVzESMBAGA1UECgwJVEFJV0FO +LUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFUV0NBIFJvb3QgQ2VydGlm +aWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB +AQCwfnK4pAOU5qfeCTiRShFAh6d8WWQUe7UREN3+v9XAu1bihSX0NXIP+FPQQeFE +AcK0HMMxQhZHhTMidrIKbw/lJVBPhYa+v5guEGcevhEFhgWQxFnQfHgQsIBct+HH +K3XLfJ+utdGdIzdjp9xCoi2SBBtQwXu4PhvJVgSLL1KbralW6cH/ralYhzC2gfeX +RfwZVzsrb+RH9JlF/h3x+JejiB03HFyP4HYlmlD4oFT/RJB2I9IyxsOrBr/8+7/z +rX2SYgJbKdM1o5OaQ2RgXbL6Mv87BK9NQGr5x+PvI/1ry+UPizgN7gr8/g+YnzAx +3WxSZfmLgb4i4RxYA7qRG4kHAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV +HRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqOFsmjd6LWvJPelSDGRjjCDWmujANBgkq +hkiG9w0BAQUFAAOCAQEAPNV3PdrfibqHDAhUaiBQkr6wQT25JmSDCi/oQMCXKCeC +MErJk/9q56YAf4lCmtYR5VPOL8zy2gXE/uJQxDqGfczafhAJO5I1KlOy/usrBdls +XebQ79NqZp4VKIV66IIArB6nCWlWQtNoURi+VJq/REG6Sb4gumlc7rh3zc5sH62D +lhh9DrUUOYTxKOkto557HnpyWoOzeW/vtPzQCqVYT0bf+215WfKEIlKuD8z7fDvn +aspHYcN6+NOSBB+4IIThNlQWx0DeO4pz3N/GCUzf7Nr/1FNCocnyYh0igzyXxfkZ +YiesZSLX0zzG5Y6yU8xJzrww/nsOM5D77dIUkR8Hrw== +-----END CERTIFICATE----- + +### TeliaSonera + +=== /O=TeliaSonera/CN=TeliaSonera Root CA v1 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 95:be:16:a0:f7:2e:46:f1:7b:39:82:72:fa:8b:cd:96 + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Oct 18 12:00:50 2007 GMT + Not After : Oct 18 12:00:50 2032 GMT + Subject: O=TeliaSonera, CN=TeliaSonera Root CA v1 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + F0:8F:59:38:00:B3:F5:8F:9A:96:0C:D5:EB:FA:7B:AA:17:E8:13:12 +SHA1 Fingerprint=43:13:BB:96:F1:D5:86:9B:C1:4E:6A:92:F6:CF:F6:34:69:87:82:37 +SHA256 Fingerprint=DD:69:36:FE:21:F8:F0:77:C1:23:A1:A5:21:C1:22:24:F7:22:55:B7:3E:03:A7:26:06:93:E8:A2:4B:0F:A3:89 +-----BEGIN CERTIFICATE----- +MIIFODCCAyCgAwIBAgIRAJW+FqD3LkbxezmCcvqLzZYwDQYJKoZIhvcNAQEFBQAw +NzEUMBIGA1UECgwLVGVsaWFTb25lcmExHzAdBgNVBAMMFlRlbGlhU29uZXJhIFJv +b3QgQ0EgdjEwHhcNMDcxMDE4MTIwMDUwWhcNMzIxMDE4MTIwMDUwWjA3MRQwEgYD +VQQKDAtUZWxpYVNvbmVyYTEfMB0GA1UEAwwWVGVsaWFTb25lcmEgUm9vdCBDQSB2 +MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMK+6yfwIaPzaSZVfp3F +VRaRXP3vIb9TgHot0pGMYzHw7CTww6XScnwQbfQ3t+XmfHnqjLWCi65ItqwA3GV1 +7CpNX8GH9SBlK4GoRz6JI5UwFpB/6FcHSOcZrr9FZ7E3GwYq/t75rH2D+1665I+X +Z75Ljo1kB1c4VWk0Nj0TSO9P4tNmHqTPGrdeNjPUtAa9GAH9d4RQAEX1jF3oI7x+ +/jXh7VB7qTCNGdMJjmhnXb88lxhTuylixcpecsHHltTbLaC0H2kD7OriUPEMPPCs +81Mt8Bz17Ww5OXOAFshSsCPN4D7c3TxHoLs1iuKYaIu+5b9y7tL6pe0S7fyYGKkm +dtwoSxAgHNN/Fnct7W+A90m7UwW7XWjH1Mh1Fj+JWov3F0fUTPHSiXk+TT2YqGHe +Oh7S+F4D4MHJHIzTjU3TlTazN19jY5szFPAtJmtTfImMMsJu7D0hADnJoWjiUIMu +sDor8zagrC/kb2HCUQk5PotTubtn2txTuXZZNp1D5SDgPTJghSJRt8czu90VL6R4 +pgd7gUY2BIbdeTXHlSw7sKMXNeVzH7RcWe/a6hBle3rQf5+ztCo3O3CLm1u5K7fs +slESl1MpWtTwEhDcTwK7EpIvYtQ/aUN8Ddb8WHUBiJ1YFkveupD/RwGJBmr2X7KQ +arMCpgKIv7NHfirZ1fpoeDVNAgMBAAGjPzA9MA8GA1UdEwEB/wQFMAMBAf8wCwYD +VR0PBAQDAgEGMB0GA1UdDgQWBBTwj1k4ALP1j5qWDNXr+nuqF+gTEjANBgkqhkiG +9w0BAQUFAAOCAgEAvuRcYk4k9AwI//DTDGjkk0kiP0Qnb7tt3oNmzqjMDfz1mgbl +dxSR651Be5kqhOX//CHBXfDkH1e3damhXwIm/9fH907eT/j3HEbAek9ALCI18Bmx +0GtnLLCo4MBANzX2hFxc469CeP6nyQ1Q6g2EdvZR74NTxnr/DlZJLo961gzmJ1Tj +TQpgcmLNkQfWpb/ImWvtxBnmq0wROMVvMeJuScg/doAmAyYp4Db29iBT4xdwNBed +Y2gea+zDTYa4EzAvXUYNR0PVG6pZDrlcjQZIrXSHX8f8MVRBE+LHIQ6e4B4N4cB7 +Q4WQxYpYxmUKeFfyxiMPAdkgS94P+5KFdSpcc41teyWRyu5FrgZLAMzTsVlQ2jqI +OylDRl6XK1TOU2+NSueW+r9xDkKLfP0ooNBIytrEgUy7onOTJsjrDNYmiLbAJM+7 +vVvrdX3pCI6GMyx5dwlppYn8s3CQh3aP0yK7Qs69cwsgJirQmz1wHiRszYd2qReW +t88NkvuOGKmYSdGe/mBEciG5Ge3C9THxOUiIkCR1VBatzvT4aRRkOfujuLpwQMcn +HL/EVlP6Y2XQ8xwOFvVrhlhNGNTkDY6lnVuR3HYkUD/GKvvZt5y11ubQ2egZixVx +SK236thZiNSQvxaz2emsWWFUyBy6ysHK4bkgTI86k4mloMy/0/Z1pHWWbVY= +-----END CERTIFICATE----- + +### thawte, Inc. + +=== /C=US/O=thawte, Inc./OU=(c) 2007 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA - G2 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 35:fc:26:5c:d9:84:4f:c9:3d:26:3d:57:9b:ae:d7:56 + Signature Algorithm: ecdsa-with-SHA384 + Validity + Not Before: Nov 5 00:00:00 2007 GMT + Not After : Jan 18 23:59:59 2038 GMT + Subject: C=US, O=thawte, Inc., OU=(c) 2007 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G2 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + 9A:D8:00:30:00:E7:6B:7F:85:18:EE:8B:B6:CE:8A:0C:F8:11:E1:BB +SHA1 Fingerprint=AA:DB:BC:22:23:8F:C4:01:A1:27:BB:38:DD:F4:1D:DB:08:9E:F0:12 +SHA256 Fingerprint=A4:31:0D:50:AF:18:A6:44:71:90:37:2A:86:AF:AF:8B:95:1F:FB:43:1D:83:7F:1E:56:88:B4:59:71:ED:15:57 +-----BEGIN CERTIFICATE----- +MIICiDCCAg2gAwIBAgIQNfwmXNmET8k9Jj1Xm67XVjAKBggqhkjOPQQDAzCBhDEL +MAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjE4MDYGA1UECxMvKGMp +IDIwMDcgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAi +BgNVBAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMjAeFw0wNzExMDUwMDAw +MDBaFw0zODAxMTgyMzU5NTlaMIGEMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhh +d3RlLCBJbmMuMTgwNgYDVQQLEy8oYykgMjAwNyB0aGF3dGUsIEluYy4gLSBGb3Ig +YXV0aG9yaXplZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9v +dCBDQSAtIEcyMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEotWcgnuVnfFSeIf+iha/ +BebfowJPDQfGAFG6DAJSLSKkQjnE/o/qycG+1E3/n3qe4rF8mq2nhglzh9HnmuN6 +papu+7qzcMBniKI11KOasf2twu8x+qi58/sIxpHR+ymVo0IwQDAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUmtgAMADna3+FGO6Lts6K +DPgR4bswCgYIKoZIzj0EAwMDaQAwZgIxAN344FdHW6fmCsO99YCKlzUNG4k8VIZ3 +KMqh9HneteY4sPBlcIx/AlTCv//YoT7ZzwIxAMSNlPzcU9LcnXgWHxUzI1NS41ox +XZ3Krr0TKUQNJ1uo52icEvdYPy5yAlejj6EULg== +-----END CERTIFICATE----- +=== /C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Nov 17 00:00:00 2006 GMT + Not After : Jul 16 23:59:59 2036 GMT + Subject: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + 7B:5B:45:CF:AF:CE:CB:7A:FD:31:92:1A:6A:B6:F3:46:EB:57:48:50 +SHA1 Fingerprint=91:C6:D6:EE:3E:8A:C8:63:84:E5:48:C2:99:29:5C:75:6C:81:7B:81 +SHA256 Fingerprint=8D:72:2F:81:A9:C1:13:C0:79:1D:F1:36:A2:96:6D:B2:6C:95:0A:97:1D:B4:6B:41:99:F4:EA:54:B7:8B:FB:9F +-----BEGIN CERTIFICATE----- +MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUFADCB +qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf +Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw +MDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNV +BAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYxMTE3MDAwMDAwWhcNMzYw +NzE2MjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5j +LjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYG +A1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl +IG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsoPD7gFnUnMekz52hWXMJEEUMDSxuaPFs +W0hoSVk3/AszGcJ3f8wQLZU0HObrTQmnHNK4yZc2AreJ1CRfBsDMRJSUjQJib+ta +3RGNKJpchJAQeg29dGYvajig4tVUROsdB58Hum/u6f1OCyn1PoSgAfGcq/gcfomk +6KHYcWUNo1F77rzSImANuVud37r8UVsLr5iy6S7pBOhih94ryNdOwUxkHt3Ph1i6 +Sk/KaAcdHJ1KxtUvkcx8cXIcxcBn6zL9yZJclNqFwJu/U30rCfSMnZEfl2pSy94J +NqR32HuHUETVPm4pafs5SSYeCaWAe0At6+gnhcn+Yf1+5nyXHdWdAgMBAAGjQjBA +MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7W0XP +r87Lev0xkhpqtvNG61dIUDANBgkqhkiG9w0BAQUFAAOCAQEAeRHAS7ORtvzw6WfU +DW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeEuzLlQRHAd9mz +YJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQaEfZYGDm/Ac9IiAX +xPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqdE8hhuvU5HIe6uL17In/2 +/qxAeeWsEG89jxt5dovEN7MhGITlNgDrYyCZuen+MwS7QcjBAvlEYyCegc5C09Y/ +LHbTY5xZ3Y+m4Q6gLkH3LpVHz7z9M/P2C2F+fpErgUfCJzDupxBdN49cOSvkBPB7 +jVaMaA== +-----END CERTIFICATE----- +=== /C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2008 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA - G3 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 60:01:97:b7:46:a7:ea:b4:b4:9a:d6:4b:2f:f7:90:fb + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Apr 2 00:00:00 2008 GMT + Not After : Dec 1 23:59:59 2037 GMT + Subject: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + AD:6C:AA:94:60:9C:ED:E4:FF:FA:3E:0A:74:2B:63:03:F7:B6:59:BF +SHA1 Fingerprint=F1:8B:53:8D:1B:E9:03:B6:A6:F0:56:43:5B:17:15:89:CA:F3:6B:F2 +SHA256 Fingerprint=4B:03:F4:58:07:AD:70:F2:1B:FC:2C:AE:71:C9:FD:E4:60:4C:06:4C:F5:FF:B6:86:BA:E5:DB:AA:D7:FD:D3:4C +-----BEGIN CERTIFICATE----- +MIIEKjCCAxKgAwIBAgIQYAGXt0an6rS0mtZLL/eQ+zANBgkqhkiG9w0BAQsFADCB +rjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf +Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw +MDggdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAiBgNV +BAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMzAeFw0wODA0MDIwMDAwMDBa +Fw0zNzEyMDEyMzU5NTlaMIGuMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3Rl +LCBJbmMuMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9u +MTgwNgYDVQQLEy8oYykgMjAwOCB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXpl +ZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAtIEcz +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsr8nLPvb2FvdeHsbnndm +gcs+vHyu86YnmjSjaDFxODNi5PNxZnmxqWWjpYvVj2AtP0LMqmsywCPLLEHd5N/8 +YZzic7IilRFDGF/Eth9XbAoFWCLINkw6fKXRz4aviKdEAhN0cXMKQlkC+BsUa0Lf +b1+6a4KinVvnSr0eAXLbS3ToO39/fR8EtCab4LRarEc9VbjXsCZSKAExQGbY2SS9 +9irY7CFJXJv2eul/VTV+lmuNk5Mny5K76qxAwJ/C+IDPXfRa3M50hqY+bAtTyr2S +zhkGcuYMXDhpxwTWvGzOW/b3aJzcJRVIiKHpqfiYnODz1TEoYRFsZ5aNOZnLwkUk +OQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNV +HQ4EFgQUrWyqlGCc7eT/+j4KdCtjA/e2Wb8wDQYJKoZIhvcNAQELBQADggEBABpA +2JVlrAmSicY59BDlqQ5mU1143vokkbvnRFHfxhY0Cu9qRFHqKweKA3rD6z8KLFIW +oCtDuSWQP3CpMyVtRRooOyfPqsMpQhvfO0zAMzRbQYi/aytlryjvsvXDqmbOe1bu +t8jLZ8HJnBoYuMTDSQPxYA5QzUbF83d597YV4Djbxy8ooAw/dyZ02SUS2jHaGh7c +KUGRIjxpp7sC8rZcJwOJ9Abqm+RyguOhCcHpABnTPtRwa7pxpqpYrvS76Wy274fM +m7v/OeZWYdMKp8RcTGB7BXcmer/YB1IsYvdwY9k5vG8cwnncdimvzsUsZAReiDZu +MdRAGmI0Nj81Aa6sY6A= +-----END CERTIFICATE----- + +### The Go Daddy Group, Inc. + +=== /C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 0 (0x0) + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Jun 29 17:06:20 2004 GMT + Not After : Jun 29 17:06:20 2034 GMT + Subject: C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority + X509v3 extensions: + X509v3 Subject Key Identifier: + D2:C4:B0:D2:91:D4:4C:11:71:B3:61:CB:3D:A1:FE:DD:A8:6A:D4:E3 + X509v3 Authority Key Identifier: + keyid:D2:C4:B0:D2:91:D4:4C:11:71:B3:61:CB:3D:A1:FE:DD:A8:6A:D4:E3 + DirName:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority + serial:00 + + X509v3 Basic Constraints: + CA:TRUE +SHA1 Fingerprint=27:96:BA:E6:3F:18:01:E2:77:26:1B:A0:D7:77:70:02:8F:20:EE:E4 +SHA256 Fingerprint=C3:84:6B:F2:4B:9E:93:CA:64:27:4C:0E:C6:7C:1E:CC:5E:02:4F:FC:AC:D2:D7:40:19:35:0E:81:FE:54:6A:E4 +-----BEGIN CERTIFICATE----- +MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEh +MB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBE +YWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3 +MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRo +ZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3Mg +MiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQADggEN +ADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCA +PVYYYwhv2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6w +wdhFJ2+qN1j3hybX2C32qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXi +EqITLdiOr18SPaAIBQi2XKVlOARFmR6jYGB0xUGlcmIbYsUfb18aQr4CUWWoriMY +avx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmYvLEHZ6IVDd2gWMZEewo+ +YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0OBBYEFNLE +sNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h +/t2oatTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5 +IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmlj +YXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD +ggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wimPQoZ+YeAEW5p5JYXMP80kWNy +OO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKtI3lpjbi2Tc7P +TMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQ +HmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mER +dEr/VxqHD3VILs9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5Cuf +ReYNnyicsbkqWletNw+vHX/bvZ8= +-----END CERTIFICATE----- + +### The USERTRUST Network + +=== /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust ECC Certification Authority +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 5c:8b:99:c5:5a:94:c5:d2:71:56:de:cd:89:80:cc:26 + Signature Algorithm: ecdsa-with-SHA384 + Validity + Not Before: Feb 1 00:00:00 2010 GMT + Not After : Jan 18 23:59:59 2038 GMT + Subject: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority + X509v3 extensions: + X509v3 Subject Key Identifier: + 3A:E1:09:86:D4:CF:19:C2:96:76:74:49:76:DC:E0:35:C6:63:63:9A + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE +SHA1 Fingerprint=D1:CB:CA:5D:B2:D5:2A:7F:69:3B:67:4D:E5:F0:5A:1D:0C:95:7D:F0 +SHA256 Fingerprint=4F:F4:60:D5:4B:9C:86:DA:BF:BC:FC:57:12:E0:40:0D:2B:ED:3F:BC:4D:4F:BD:AA:86:E0:6A:DC:D2:A9:AD:7A +-----BEGIN CERTIFICATE----- +MIICjzCCAhWgAwIBAgIQXIuZxVqUxdJxVt7NiYDMJjAKBggqhkjOPQQDAzCBiDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNl +eSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMT +JVVTRVJUcnVzdCBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAwMjAx +MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgT +Ck5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVUaGUg +VVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBFQ0MgQ2VydGlm +aWNhdGlvbiBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQarFRaqflo +I+d61SRvU8Za2EurxtW20eZzca7dnNYMYf3boIkDuAUU7FfO7l0/4iGzzvfUinng +o4N+LZfQYcTxmdwlkWOrfzCjtHDix6EznPO/LlxTsV+zfTJ/ijTjeXmjQjBAMB0G +A1UdDgQWBBQ64QmG1M8ZwpZ2dEl23OA1xmNjmjAOBgNVHQ8BAf8EBAMCAQYwDwYD +VR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjA2Z6EWCNzklwBBHU6+4WMB +zzuqQhFkoJ2UOQIReVx7Hfpkue4WQrO/isIJxOzksU0CMQDpKmFHjFJKS04YcPbW +RNZu9YO6bVi9JNlWSOrvxKJGgYhqOkbRqZtNyWHa0V1Xahg= +-----END CERTIFICATE----- +=== /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 01:fd:6d:30:fc:a3:ca:51:a8:1b:bc:64:0e:35:03:2d + Signature Algorithm: sha384WithRSAEncryption + Validity + Not Before: Feb 1 00:00:00 2010 GMT + Not After : Jan 18 23:59:59 2038 GMT + Subject: C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority + X509v3 extensions: + X509v3 Subject Key Identifier: + 53:79:BF:5A:AA:2B:4A:CF:54:80:E1:D8:9B:C0:9D:F2:B2:03:66:CB + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE +SHA1 Fingerprint=2B:8F:1B:57:33:0D:BB:A2:D0:7A:6C:51:F7:0E:E9:0D:DA:B9:AD:8E +SHA256 Fingerprint=E7:93:C9:B0:2F:D8:AA:13:E2:1C:31:22:8A:CC:B0:81:19:64:3B:74:9C:89:89:64:B1:74:6D:46:C3:D4:CB:D2 +-----BEGIN CERTIFICATE----- +MIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCB +iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl +cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV +BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAw +MjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNV +BAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU +aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2Vy +dGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK +AoICAQCAEmUXNg7D2wiz0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B +3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2jY0K2dvKpOyuR+OJv0OwWIJAJPuLodMkY +tJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFnRghRy4YUVD+8M/5+bJz/ +Fp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O+T23LLb2 +VN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT +79uq/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6 +c0Plfg6lZrEpfDKEY1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmT +Yo61Zs8liM2EuLE/pDkP2QKe6xJMlXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97l +c6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8yexDJtC/QV9AqURE9JnnV4ee +UB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+eLf8ZxXhyVeE +Hg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd +BgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8G +A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPF +Up/L+M+ZBn8b2kMVn54CVVeWFPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KO +VWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ7l8wXEskEVX/JJpuXior7gtNn3/3 +ATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQEg9zKC7F4iRO/Fjs +8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM8WcR +iQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYze +Sf7dNXGiFSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZ +XHlKYC6SQK5MNyosycdiyA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/ +qS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9cJ2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRB +VXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGwsAvgnEzDHNb842m1R0aB +L6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gxQ+6IHdfG +jjxDah2nGN59PRbxYvnKkKj9 +-----END CERTIFICATE----- + +### TrustCor Systems S. de R.L. + +=== /C=PA/ST=Panama/L=Panama City/O=TrustCor Systems S. de R.L./OU=TrustCor Certificate Authority/CN=TrustCor ECA-1 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 9548242946988625984 (0x84822c5f1c62d040) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Feb 4 12:32:33 2016 GMT + Not After : Dec 31 17:28:07 2029 GMT + Subject: C=PA, ST=Panama, L=Panama City, O=TrustCor Systems S. de R.L., OU=TrustCor Certificate Authority, CN=TrustCor ECA-1 + X509v3 extensions: + X509v3 Subject Key Identifier: + 44:9E:48:F5:CC:6D:48:D4:A0:4B:7F:FE:59:24:2F:83:97:99:9A:86 + X509v3 Authority Key Identifier: + keyid:44:9E:48:F5:CC:6D:48:D4:A0:4B:7F:FE:59:24:2F:83:97:99:9A:86 + + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign +SHA1 Fingerprint=58:D1:DF:95:95:67:6B:63:C0:F0:5B:1C:17:4D:8B:84:0B:C8:78:BD +SHA256 Fingerprint=5A:88:5D:B1:9C:01:D9:12:C5:75:93:88:93:8C:AF:BB:DF:03:1A:B2:D4:8E:91:EE:15:58:9B:42:97:1D:03:9C +-----BEGIN CERTIFICATE----- +MIIEIDCCAwigAwIBAgIJAISCLF8cYtBAMA0GCSqGSIb3DQEBCwUAMIGcMQswCQYD +VQQGEwJQQTEPMA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEgQ2l0eTEk +MCIGA1UECgwbVHJ1c3RDb3IgU3lzdGVtcyBTLiBkZSBSLkwuMScwJQYDVQQLDB5U +cnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxFzAVBgNVBAMMDlRydXN0Q29y +IEVDQS0xMB4XDTE2MDIwNDEyMzIzM1oXDTI5MTIzMTE3MjgwN1owgZwxCzAJBgNV +BAYTAlBBMQ8wDQYDVQQIDAZQYW5hbWExFDASBgNVBAcMC1BhbmFtYSBDaXR5MSQw +IgYDVQQKDBtUcnVzdENvciBTeXN0ZW1zIFMuIGRlIFIuTC4xJzAlBgNVBAsMHlRy +dXN0Q29yIENlcnRpZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOVHJ1c3RDb3Ig +RUNBLTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPj+ARtZ+odnbb +3w9U73NjKYKtR8aja+3+XzP4Q1HpGjORMRegdMTUpwHmspI+ap3tDvl0mEDTPwOA +BoJA6LHip1GnHYMma6ve+heRK9jGrB6xnhkB1Zem6g23xFUfJ3zSCNV2HykVh0A5 +3ThFEXXQmqc04L/NyFIduUd+Dbi7xgz2c1cWWn5DkR9VOsZtRASqnKmcp0yJF4Ou +owReUoCLHhIlERnXDH19MURB6tuvsBzvgdAsxZohmz3tQjtQJvLsznFhBmIhVE5/ +wZ0+fyCMgMsq2JdiyIMzkX2woloPV+g7zPIlstR8L+xNxqE6FXrntl019fZISjZF +ZtS6mFjBAgMBAAGjYzBhMB0GA1UdDgQWBBREnkj1zG1I1KBLf/5ZJC+Dl5mahjAf +BgNVHSMEGDAWgBREnkj1zG1I1KBLf/5ZJC+Dl5mahjAPBgNVHRMBAf8EBTADAQH/ +MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEABT41XBVwm8nHc2Fv +civUwo/yQ10CzsSUuZQRg2dd4mdsdXa/uwyqNsatR5Nj3B5+1t4u/ukZMjgDfxT2 +AHMsWbEhBuH7rBiVDKP/mZb3Kyeb1STMHd3BOuCYRLDE5D53sXOpZCz2HAF8P11F +hcCF5yWPldwX8zyfGm6wyuMdKulMY/okYWLW2n62HGz1Ah3UKt1VkOsqEUc8Ll50 +soIipX1TH0XsJ5F95yIW6MBoNtjG8U+ARDL54dHRHareqKucBK+tIA5kmE2la8BI +WJZpTdwHjFGTot+fDz2LYLSCjaoITmJF4PkL0uDgPFveXHEnJcLmA4GLEFPjx1Wi +tJ/X5g== +-----END CERTIFICATE----- +=== /C=PA/ST=Panama/L=Panama City/O=TrustCor Systems S. de R.L./OU=TrustCor Certificate Authority/CN=TrustCor RootCert CA-1 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 15752444095811006489 (0xda9bec71f303b019) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Feb 4 12:32:16 2016 GMT + Not After : Dec 31 17:23:16 2029 GMT + Subject: C=PA, ST=Panama, L=Panama City, O=TrustCor Systems S. de R.L., OU=TrustCor Certificate Authority, CN=TrustCor RootCert CA-1 + X509v3 extensions: + X509v3 Subject Key Identifier: + EE:6B:49:3C:7A:3F:0D:E3:B1:09:B7:8A:C8:AB:19:9F:73:33:50:E7 + X509v3 Authority Key Identifier: + keyid:EE:6B:49:3C:7A:3F:0D:E3:B1:09:B7:8A:C8:AB:19:9F:73:33:50:E7 + + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign +SHA1 Fingerprint=FF:BD:CD:E7:82:C8:43:5E:3C:6F:26:86:5C:CA:A8:3A:45:5B:C3:0A +SHA256 Fingerprint=D4:0E:9C:86:CD:8F:E4:68:C1:77:69:59:F4:9E:A7:74:FA:54:86:84:B6:C4:06:F3:90:92:61:F4:DC:E2:57:5C +-----BEGIN CERTIFICATE----- +MIIEMDCCAxigAwIBAgIJANqb7HHzA7AZMA0GCSqGSIb3DQEBCwUAMIGkMQswCQYD +VQQGEwJQQTEPMA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEgQ2l0eTEk +MCIGA1UECgwbVHJ1c3RDb3IgU3lzdGVtcyBTLiBkZSBSLkwuMScwJQYDVQQLDB5U +cnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxHzAdBgNVBAMMFlRydXN0Q29y +IFJvb3RDZXJ0IENBLTEwHhcNMTYwMjA0MTIzMjE2WhcNMjkxMjMxMTcyMzE2WjCB +pDELMAkGA1UEBhMCUEExDzANBgNVBAgMBlBhbmFtYTEUMBIGA1UEBwwLUGFuYW1h +IENpdHkxJDAiBgNVBAoMG1RydXN0Q29yIFN5c3RlbXMgUy4gZGUgUi5MLjEnMCUG +A1UECwweVHJ1c3RDb3IgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MR8wHQYDVQQDDBZU +cnVzdENvciBSb290Q2VydCBDQS0xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEAv463leLCJhJrMxnHQFgKq1mqjQCj/IDHUHuO1CAmujIS2CNUSSUQIpid +RtLByZ5OGy4sDjjzGiVoHKZaBeYei0i/mJZ0PmnK6bV4pQa81QBeCQryJ3pS/C3V +seq0iWEk8xoT26nPUu0MJLq5nux+AHT6k61sKZKuUbS701e/s/OojZz0JEsq1pme +9J7+wH5COucLlVPat2gOkEz7cD+PSiyU8ybdY2mplNgQTsVHCJCZGxdNuWxu72CV +EY4hgLW9oHPY0LJ3xEXqWib7ZnZ2+AYfYW0PVcWDtxBWcgYHpfOxGgMFZA6dWorW +hnAbJN7+KIor0Gqw/Hqi3LJ5DotlDwIDAQABo2MwYTAdBgNVHQ4EFgQU7mtJPHo/ +DeOxCbeKyKsZn3MzUOcwHwYDVR0jBBgwFoAU7mtJPHo/DeOxCbeKyKsZn3MzUOcw +DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQAD +ggEBACUY1JGPE+6PHh0RU9otRCkZoB5rMZ5NDp6tPVxBb5UrJKF5mDo4Nvu7Zp5I +/5CQ7z3UuJu0h3U/IJvOcs+hVcFNZKIZBqEHMwwLKeXx6quj7LUKdJDHfXLy11yf +ke+Ri7fc7Waiz45mO7yfOgLgJ90WmMCV1Aqk5IGadZQ1nJBfiDcGrVmVCrDRZ9MZ +yonnMlo2HD6CqFqTvsbQZJG2z9m2GM/bftJlo6bEjhcxwft+dtvTheNYsnd6djts +L1Ac59v2Z3kf9YKVmgenFK+P3CghZwnS1k1aHBkcjndcw5QkPTJrS37UeJSDvjdN +zl/HHk484IkzlQsPpTLWPFp5LBk= +-----END CERTIFICATE----- +=== /C=PA/ST=Panama/L=Panama City/O=TrustCor Systems S. de R.L./OU=TrustCor Certificate Authority/CN=TrustCor RootCert CA-2 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2711694510199101698 (0x25a1dfca33cb5902) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Feb 4 12:32:23 2016 GMT + Not After : Dec 31 17:26:39 2034 GMT + Subject: C=PA, ST=Panama, L=Panama City, O=TrustCor Systems S. de R.L., OU=TrustCor Certificate Authority, CN=TrustCor RootCert CA-2 + X509v3 extensions: + X509v3 Subject Key Identifier: + D9:FE:21:40:6E:94:9E:BC:9B:3D:9C:7D:98:20:19:E5:8C:30:62:B2 + X509v3 Authority Key Identifier: + keyid:D9:FE:21:40:6E:94:9E:BC:9B:3D:9C:7D:98:20:19:E5:8C:30:62:B2 + + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign +SHA1 Fingerprint=B8:BE:6D:CB:56:F1:55:B9:63:D4:12:CA:4E:06:34:C7:94:B2:1C:C0 +SHA256 Fingerprint=07:53:E9:40:37:8C:1B:D5:E3:83:6E:39:5D:AE:A5:CB:83:9E:50:46:F1:BD:0E:AE:19:51:CF:10:FE:C7:C9:65 +-----BEGIN CERTIFICATE----- +MIIGLzCCBBegAwIBAgIIJaHfyjPLWQIwDQYJKoZIhvcNAQELBQAwgaQxCzAJBgNV +BAYTAlBBMQ8wDQYDVQQIDAZQYW5hbWExFDASBgNVBAcMC1BhbmFtYSBDaXR5MSQw +IgYDVQQKDBtUcnVzdENvciBTeXN0ZW1zIFMuIGRlIFIuTC4xJzAlBgNVBAsMHlRy +dXN0Q29yIENlcnRpZmljYXRlIEF1dGhvcml0eTEfMB0GA1UEAwwWVHJ1c3RDb3Ig +Um9vdENlcnQgQ0EtMjAeFw0xNjAyMDQxMjMyMjNaFw0zNDEyMzExNzI2MzlaMIGk +MQswCQYDVQQGEwJQQTEPMA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEg +Q2l0eTEkMCIGA1UECgwbVHJ1c3RDb3IgU3lzdGVtcyBTLiBkZSBSLkwuMScwJQYD +VQQLDB5UcnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxHzAdBgNVBAMMFlRy +dXN0Q29yIFJvb3RDZXJ0IENBLTIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK +AoICAQCnIG7CKqJiJJWQdsg4foDSq8GbZQWU9MEKENUCrO2fk8eHyLAnK0IMPQo+ +QVqedd2NyuCb7GgypGmSaIwLgQ5WoD4a3SwlFIIvl9NkRvRUqdw6VC0xK5mC8tkq +1+9xALgxpL56JAfDQiDyitSSBBtlVkxs1Pu2YVpHI7TYabS3OtB0PAx1oYxOdqHp +2yqlO/rOsP9+aij9JxzIsekp8VduZLTQwRVtDr4uDkbIXvRR/u8OYzo7cbrPb1nK +DOObXUm4TOJXsZiKQlecdu/vvdFoqNL0Cbt3Nb4lggjEFixEIFapRBF37120Hape +az6LMvYHL1cEksr1/p3C6eizjkxLAjHZ5DxIgif3GIJ2SDpxsROhOdUuxTTCHWKF +3wP+TfSvPd9cW436cOGlfifHhi5qjxLGhF5DUVCcGZt45vz27Ud+ez1m7xMTiF88 +oWP7+ayHNZ/zgp6kPwqcMWmLmaSISo5uZk3vFsQPeSghYA2FFn3XVDjxklb9tTNM +g9zXEJ9L/cb4Qr26fHMC4P99zVvh1Kxhe1fVSntb1IVYJ12/+CtgrKAmrhQhJ8Z3 +mjOAPF5GP/fDsaOGM8boXg25NSyqRsGFAnWAoOsk+xWq5Gd/bnc/9ASKL3x74xdh +8N0JqSDIvgmk0H5Ew7IwSjiqqewYmgeCK9u4nBit2uBGF6zPXQIDAQABo2MwYTAd +BgNVHQ4EFgQU2f4hQG6UnrybPZx9mCAZ5YwwYrIwHwYDVR0jBBgwFoAU2f4hQG6U +nrybPZx9mCAZ5YwwYrIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYw +DQYJKoZIhvcNAQELBQADggIBAJ5Fngw7tu/hOsh80QA9z+LqBrWyOrsGS2h60COX +dKcs8AjYeVrXWoSK2BKaG9l9XE1wxaX5q+WjiYndAfrs3fnpkpfbsEZC89NiqpX+ +MWcUaViQCqoL7jcjx1BRtPV+nuN79+TMQjItSQzL/0kMmx40/W5ulop5A7Zv2wnL +/V9lFDfhOPXzYRZY5LVtDQsEGz9QLX+zx3oaFoBg+Iof6Rsqxvm6ARppv9JYx1RX +CI/hOWB3S6xZhBqI8d3LT3jX5+EzLfzuQfogsL7L9ziUwOHQhQ+77Sxzq+3+knYa +ZH9bDTMJBzN7Bj8RpFxwPIXAz+OQqIN3+tvmxYxoZxBnpVIt8MSZj3+/0WvitUfW +2dCFmU2Umw9Lje4AWkcdEQOsQRivh7dvDDqPys/cA8GiCcjl/YBeyGBCARsaU1q7 +N6a3vLqE6R5sGtRk2tRD/pOLS/IseRYQ1JMLiI+h2IYURpFHmygk71dSTlxCnKr3 +Sewn6EAes6aJInKc9Q0ztFijMDvd1GpUk74aTfOTlPf8hAs/hCBcNANExdqtvArB +As8e5ZTZ845b2EzwnexhF7sUMlQMAimTHpKG9n/v55IFDlndmQguLvqcAFLTxWYp +5KeXRKQOKIETNcX2b2TmQcTVL8w0RSXPQQCWPUouwpaYT05KnJe32x+SMsj/D1Fu +1uwJ +-----END CERTIFICATE----- + +### Trustis Limited + +=== /C=GB/O=Trustis Limited/OU=Trustis FPS Root CA +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 1b:1f:ad:b6:20:f9:24:d3:36:6b:f7:c7:f1:8c:a0:59 + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Dec 23 12:14:06 2003 GMT + Not After : Jan 21 11:36:54 2024 GMT + Subject: C=GB, O=Trustis Limited, OU=Trustis FPS Root CA + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Authority Key Identifier: + keyid:BA:FA:71:25:79:8B:57:41:25:21:86:0B:71:EB:B2:64:0E:8B:21:67 + + X509v3 Subject Key Identifier: + BA:FA:71:25:79:8B:57:41:25:21:86:0B:71:EB:B2:64:0E:8B:21:67 +SHA1 Fingerprint=3B:C0:38:0B:33:C3:F6:A6:0C:86:15:22:93:D9:DF:F5:4B:81:C0:04 +SHA256 Fingerprint=C1:B4:82:99:AB:A5:20:8F:E9:63:0A:CE:55:CA:68:A0:3E:DA:5A:51:9C:88:02:A0:D3:A6:73:BE:8F:8E:55:7D +-----BEGIN CERTIFICATE----- +MIIDZzCCAk+gAwIBAgIQGx+ttiD5JNM2a/fH8YygWTANBgkqhkiG9w0BAQUFADBF +MQswCQYDVQQGEwJHQjEYMBYGA1UEChMPVHJ1c3RpcyBMaW1pdGVkMRwwGgYDVQQL +ExNUcnVzdGlzIEZQUyBSb290IENBMB4XDTAzMTIyMzEyMTQwNloXDTI0MDEyMTEx +MzY1NFowRTELMAkGA1UEBhMCR0IxGDAWBgNVBAoTD1RydXN0aXMgTGltaXRlZDEc +MBoGA1UECxMTVHJ1c3RpcyBGUFMgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAMVQe547NdDfxIzNjpvto8A2mfRC6qc+gIMPpqdZh8mQRUN+ +AOqGeSoDvT03mYlmt+WKVoaTnGhLaASMk5MCPjDSNzoiYYkchU59j9WvezX2fihH +iTHcDnlkH5nSW7r+f2C/revnPDgpai/lkQtV/+xvWNUtyd5MZnGPDNcE2gfmHhjj +vSkCqPoc4Vu5g6hBSLwacY3nYuUtsuvffM/bq1rKMfFMIvMFE/eC+XN5DL7XSxzA +0RU8k0Fk0ea+IxciAIleH2ulrG6nS4zto3Lmr2NNL4XSFDWaLk6M6jKYKIahkQlB +OrTh4/L68MkKokHdqeMDx4gVOxzUGpTXn2RZEm0CAwEAAaNTMFEwDwYDVR0TAQH/ +BAUwAwEB/zAfBgNVHSMEGDAWgBS6+nEleYtXQSUhhgtx67JkDoshZzAdBgNVHQ4E +FgQUuvpxJXmLV0ElIYYLceuyZA6LIWcwDQYJKoZIhvcNAQEFBQADggEBAH5Y//01 +GX2cGE+esCu8jowU/yyg2kdbw++BLa8F6nRIW/M+TgfHbcWzk88iNVy2P3UnXwmW +zaD+vkAMXBJV+JOCyinpXj9WV4s4NvdFGkwozZ5BuO1WTISkQMi4sKUraXAEasP4 +1BIy+Q7DsdwyhEQsb8tGD+pmQQ9P8Vilpg0ND2HepZ5dfWWhPBfnqFVO76DH7cZE +f1T1o+CP8HxVIo8ptoGj4W1OLBuAZ+ytIJ8MYmHVl/9D7S3B2l0pKoU/rGXuhg8F +jZBf3+6f9L/uHfuY5H+QK4R4EA5sSVPvFVtlRkpdr7r7OnIdzfYliB6XzCGcKQEN +ZetX2fNXlrtIzYE= +-----END CERTIFICATE----- + +### Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - TUBITAK + +=== /C=TR/L=Gebze - Kocaeli/O=Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - TUBITAK/OU=Kamu Sertifikasyon Merkezi - Kamu SM/CN=TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Nov 25 08:25:55 2013 GMT + Not After : Oct 25 08:25:55 2043 GMT + Subject: C=TR, L=Gebze - Kocaeli, O=Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - TUBITAK, OU=Kamu Sertifikasyon Merkezi - Kamu SM, CN=TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1 + X509v3 extensions: + X509v3 Subject Key Identifier: + 65:3F:C7:8A:86:C6:3C:DD:3C:54:5C:35:F8:3A:ED:52:0C:47:57:C8 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE +SHA1 Fingerprint=31:43:64:9B:EC:CE:27:EC:ED:3A:3F:0B:8F:0D:E4:E8:91:DD:EE:CA +SHA256 Fingerprint=46:ED:C3:68:90:46:D5:3A:45:3F:B3:10:4A:B8:0D:CA:EC:65:8B:26:60:EA:16:29:DD:7E:86:79:90:64:87:16 +-----BEGIN CERTIFICATE----- +MIIEYzCCA0ugAwIBAgIBATANBgkqhkiG9w0BAQsFADCB0jELMAkGA1UEBhMCVFIx +GDAWBgNVBAcTD0dlYnplIC0gS29jYWVsaTFCMEAGA1UEChM5VHVya2l5ZSBCaWxp +bXNlbCB2ZSBUZWtub2xvamlrIEFyYXN0aXJtYSBLdXJ1bXUgLSBUVUJJVEFLMS0w +KwYDVQQLEyRLYW11IFNlcnRpZmlrYXN5b24gTWVya2V6aSAtIEthbXUgU00xNjA0 +BgNVBAMTLVRVQklUQUsgS2FtdSBTTSBTU0wgS29rIFNlcnRpZmlrYXNpIC0gU3Vy +dW0gMTAeFw0xMzExMjUwODI1NTVaFw00MzEwMjUwODI1NTVaMIHSMQswCQYDVQQG +EwJUUjEYMBYGA1UEBxMPR2ViemUgLSBLb2NhZWxpMUIwQAYDVQQKEzlUdXJraXll +IEJpbGltc2VsIHZlIFRla25vbG9qaWsgQXJhc3Rpcm1hIEt1cnVtdSAtIFRVQklU +QUsxLTArBgNVBAsTJEthbXUgU2VydGlmaWthc3lvbiBNZXJrZXppIC0gS2FtdSBT +TTE2MDQGA1UEAxMtVFVCSVRBSyBLYW11IFNNIFNTTCBLb2sgU2VydGlmaWthc2kg +LSBTdXJ1bSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3UwM6q7 +a9OZLBI3hNmNe5eA027n/5tQlT6QlVZC1xl8JoSNkvoBHToP4mQ4t4y86Ij5iySr +LqP1N+RAjhgleYN1Hzv/bKjFxlb4tO2KRKOrbEz8HdDc72i9z+SqzvBV96I01INr +N3wcwv61A+xXzry0tcXtAA9TNypN9E8Mg/uGz8v+jE69h/mniyFXnHrfA2eJLJ2X +YacQuFWQfw4tJzh03+f92k4S400VIgLI4OD8D62K18lUUMw7D8oWgITQUVbDjlZ/ +iSIzL+aFCr2lqBs23tPcLG07xxO9WSMs5uWk99gL7eqQQESolbuT1dCANLZGeA4f +AJNG4e7p+exPFwIDAQABo0IwQDAdBgNVHQ4EFgQUZT/HiobGPN08VFw1+DrtUgxH +V8gwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL +BQADggEBACo/4fEyjq7hmFxLXs9rHmoJ0iKpEsdeV31zVmSAhHqT5Am5EM2fKifh +AHe+SMg1qIGf5LgsyX8OsNJLN13qudULXjS99HMpw+0mFZx+CFOKWI3QSyjfwbPf +IPP54+M638yclNhOT8NrF7f3cuitZjO1JVOr4PhMqZ398g26rrnZqsZr+ZO7rqu4 +lzwDGrpDxpa5RXI4s6ehlj2Re37AIVNMh+3yC1SVUZPVIqUNivGTDj5UDrDYyU7c +8jEyVupk+eq1nRZmQnLzf9OxMUP8pI4X8W0jq5Rm+K37DwhuJi1/FwcJsoz7UMCf +lo3Ptv0AnVoUmr8CRPXBwp8iXqIPoeM= +-----END CERTIFICATE----- + +### Unizeto Technologies S.A. + +=== /C=PL/O=Unizeto Technologies S.A./OU=Certum Certification Authority/CN=Certum Trusted Network CA +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 279744 (0x444c0) + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Oct 22 12:07:37 2008 GMT + Not After : Dec 31 12:07:37 2029 GMT + Subject: C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 08:76:CD:CB:07:FF:24:F6:C5:CD:ED:BB:90:BC:E2:84:37:46:75:F7 + X509v3 Key Usage: critical + Certificate Sign, CRL Sign +SHA1 Fingerprint=07:E0:32:E0:20:B7:2C:3F:19:2F:06:28:A2:59:3A:19:A7:0F:06:9E +SHA256 Fingerprint=5C:58:46:8D:55:F5:8E:49:7E:74:39:82:D2:B5:00:10:B6:D1:65:37:4A:CF:83:A7:D4:A3:2D:B7:68:C4:40:8E +-----BEGIN CERTIFICATE----- +MIIDuzCCAqOgAwIBAgIDBETAMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAlBM +MSIwIAYDVQQKExlVbml6ZXRvIFRlY2hub2xvZ2llcyBTLkEuMScwJQYDVQQLEx5D +ZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxIjAgBgNVBAMTGUNlcnR1bSBU +cnVzdGVkIE5ldHdvcmsgQ0EwHhcNMDgxMDIyMTIwNzM3WhcNMjkxMjMxMTIwNzM3 +WjB+MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBUZWNobm9sb2dpZXMg +Uy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSIw +IAYDVQQDExlDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENBMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEA4/t9o3K6wvDJFIf1awFO4W5AB7ptJ11/91sts1rH +UV+rpDKmYYe2bg+G0jACl/jXaVehGDldamR5xgFZrDwxSjh80gTSSyjoIF87B6LM +TXPb865Px1bVWqeWifrzq2jUI4ZZJ88JJ7ysbnKDHDBy3+Ci6dLhdHUZvSqeexVU +BBvXQzmtVSjF4hq79MDkrjhJM8x2hZ85RdKknvISjFH4fOQtf/WsX+sWn7Et0brM +kUJ3TCXJkDhv2/DM+44el1k+1WBO5gUo7Ul5E0u6SNsv+XLTOcr+H9g0cvW0QM8x +AcPs3hEtF10fuFDRXhmnad4HMyjKUJX5p1TLVIZQRan5SQIDAQABo0IwQDAPBgNV +HRMBAf8EBTADAQH/MB0GA1UdDgQWBBQIds3LB/8k9sXN7buQvOKEN0Z19zAOBgNV +HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBAKaorSLOAT2mo/9i0Eidi15y +sHhE49wcrwn9I0j6vSrEuVUEtRCjjSfeC4Jj0O7eDDd5QVsisrCaQVymcODU0HfL +I9MA4GxWL+FpDQ3Zqr8hgVDZBqWo/5U30Kr+4rP1mS1FhIrlQgnXdAIv94nYmem8 +J9RHjboNRhx3zxSkHLmkMcScKHQDNP8zGSal6Q10tz6XxnboJ5ajZt3hrvJBW8qY +VoNzcOSGGtIxQbovvi0TWnZvTuhOgQ4/WwMioBK+ZlgRSssDxLQqKi2WF+A5VLxI +03YnnZotBqbJ7DnSq9ufmgsnAjUpsUCV5/nonFWIGUbWtzT1fs45mtk48VH3Tyw= +-----END CERTIFICATE----- + +### VeriSign, Inc. + +=== /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 1999 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G3 +Certificate: + Data: + Version: 1 (0x0) + Serial Number: + 9b:7e:06:49:a3:3e:62:b9:d5:ee:90:48:71:29:ef:57 + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Oct 1 00:00:00 1999 GMT + Not After : Jul 16 23:59:59 2036 GMT + Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3 +SHA1 Fingerprint=13:2D:0D:45:53:4B:69:97:CD:B2:D5:C3:39:E2:55:76:60:9B:5C:C6 +SHA256 Fingerprint=EB:04:CF:5E:B1:F3:9A:FA:76:2F:2B:B1:20:F2:96:CB:A5:20:C1:B9:7D:B1:58:95:65:B8:1C:B9:A1:7B:72:44 +-----BEGIN CERTIFICATE----- +MIIEGjCCAwICEQCbfgZJoz5iudXukEhxKe9XMA0GCSqGSIb3DQEBBQUAMIHKMQsw +CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZl +cmlTaWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWdu +LCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlT +aWduIENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3Jp +dHkgLSBHMzAeFw05OTEwMDEwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMIHKMQswCQYD +VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT +aWduIFRydXN0IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAxOTk5IFZlcmlTaWduLCBJ +bmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxRTBDBgNVBAMTPFZlcmlTaWdu +IENsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg +LSBHMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMu6nFL8eB8aHm8b +N3O9+MlrlBIwT/A2R/XQkQr1F8ilYcEWQE37imGQ5XYgwREGfassbqb1EUGO+i2t +KmFZpGcmTNDovFJbcCAEWNF6yaRpvIMXZK0Fi7zQWM6NjPXr8EJJC52XJ2cybuGu +kxUccLwgTS8Y3pKI6GyFVxEa6X7jJhFUokWWVYPKMIno3Nij7SqAP395ZVc+FSBm +CC+Vk7+qRy+oRpfwEuL+wgorUeZ25rdGt+INpsyow0xZVYnm6FNcHOqd8GIWC6fJ +Xwzw3sJ2zq/3avL6QaaiMxTJ5Xpj055iN9WFZZ4O5lMkdBteHRJTW8cs54NJOxWu +imi5V5cCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAERSWwauSCPc/L8my/uRan2Te +2yFPhpk0djZX3dAVL8WtfxUfN2JzPtTnX84XA9s1+ivbrmAJXx5fj267Cz3qWhMe +DGBvtcC1IyIuBwvLqXTLR7sdwdela8wv0kL9Sd2nic9TutoAWii/gt/4uhMdUIaC +/Y4wjylGsB49Ndo4YhYYSq3mtlFs3q9i6wHQHiT+eo8SGhJouPtmmRQURVyu565p +F4ErWjfJXir0xuKhXFSbplQAz/DxwceYMBo7Nhbbo27q/a2ywtrvAkcTisDxszGt +TxzhT5yvDwyd93gN2PQ1VoDat20Xj50egWTh/sVFuq1ruQp6Tk9LhO5L8X3dEQ== +-----END CERTIFICATE----- +=== /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Nov 8 00:00:00 2006 GMT + Not After : Jul 16 23:59:59 2036 GMT + Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + 1.3.6.1.5.5.7.1.12: + 0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif + X509v3 Subject Key Identifier: + 7F:D3:65:A7:C2:DD:EC:BB:F0:30:09:F3:43:39:FA:02:AF:33:31:33 +SHA1 Fingerprint=4E:B6:D5:78:49:9B:1C:CF:5F:58:1E:AD:56:BE:3D:9B:67:44:A5:E5 +SHA256 Fingerprint=9A:CF:AB:7E:43:C8:D8:80:D0:6B:26:2A:94:DE:EE:E4:B4:65:99:89:C3:D0:CA:F1:9B:AF:64:05:E4:1A:B7:DF +-----BEGIN CERTIFICATE----- +MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCB +yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL +ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp +U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW +ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0 +aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCByjEL +MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW +ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2ln +biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp +U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y +aXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1 +nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbex +t0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIz +SdhDY2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQG +BO+QueQA5N06tRn/Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+ +rCpSx4/VBEnkjWNHiDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/ +NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E +BAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAH +BgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVy +aXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/TZafC3ey78DAJ80M5+gKv +MzEzMA0GCSqGSIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzE +p6B4Eq1iDkVwZMXnl2YtmAl+X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y +5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKEKQsTb47bDN0lAtukixlE0kF6BWlK +WE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiCKm0oHw0LxOXnGiYZ +4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8N +hnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq +-----END CERTIFICATE----- +=== /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2007 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G4 +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 2f:80:fe:23:8c:0e:22:0f:48:67:12:28:91:87:ac:b3 + Signature Algorithm: ecdsa-with-SHA384 + Validity + Not Before: Nov 5 00:00:00 2007 GMT + Not After : Jan 18 23:59:59 2038 GMT + Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2007 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G4 + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + 1.3.6.1.5.5.7.1.12: + 0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif + X509v3 Subject Key Identifier: + B3:16:91:FD:EE:A6:6E:E4:B5:2E:49:8F:87:78:81:80:EC:E5:B1:B5 +SHA1 Fingerprint=22:D5:D8:DF:8F:02:31:D1:8D:F7:9D:B7:CF:8A:2D:64:C9:3F:6C:3A +SHA256 Fingerprint=69:DD:D7:EA:90:BB:57:C9:3E:13:5D:C8:5E:A6:FC:D5:48:0B:60:32:39:BD:C4:54:FC:75:8B:2A:26:CF:7F:79 +-----BEGIN CERTIFICATE----- +MIIDhDCCAwqgAwIBAgIQL4D+I4wOIg9IZxIokYesszAKBggqhkjOPQQDAzCByjEL +MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW +ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2ln +biwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJp +U2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y +aXR5IC0gRzQwHhcNMDcxMTA1MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCByjELMAkG +A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJp +U2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2lnbiwg +SW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2ln +biBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +IC0gRzQwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASnVnp8Utpkmw4tXNherJI9/gHm +GUo9FANL+mAnINmDiWn6VMaaGF5VKmTeBvaNSjutEDxlPZCIBIngMGGzrl0Bp3ve +fLK+ymVhAIau2o970ImtTR1ZmkGxvEeA3J5iw/mjgbIwga8wDwYDVR0TAQH/BAUw +AwEB/zAOBgNVHQ8BAf8EBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJ +aW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYj +aHR0cDovL2xvZ28udmVyaXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFLMW +kf3upm7ktS5Jj4d4gYDs5bG1MAoGCCqGSM49BAMDA2gAMGUCMGYhDBgmYFo4e1ZC +4Kf8NoRRkSAsdk1DPcQdhCPQrNZ8NQbOzWm9kA3bbEhCHQ6qQgIxAJw9SDkjOVga +FRJZap7v1VmyHVIsmXHNxynfGyphe3HR3vPA5Q06Sqotp9iGKt0uEA== +-----END CERTIFICATE----- +=== /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2008 VeriSign, Inc. - For authorized use only/CN=VeriSign Universal Root Certification Authority +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 40:1a:c4:64:21:b3:13:21:03:0e:bb:e4:12:1a:c5:1d + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Apr 2 00:00:00 2008 GMT + Not After : Dec 1 23:59:59 2037 GMT + Subject: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + 1.3.6.1.5.5.7.1.12: + 0_.].[0Y0W0U..image/gif0!0.0...+..............k...j.H.,{..0%.#http://logo.verisign.com/vslogo.gif + X509v3 Subject Key Identifier: + B6:77:FA:69:48:47:9F:53:12:D5:C2:EA:07:32:76:07:D1:97:07:19 +SHA1 Fingerprint=36:79:CA:35:66:87:72:30:4D:30:A5:FB:87:3B:0F:A7:7B:B7:0D:54 +SHA256 Fingerprint=23:99:56:11:27:A5:71:25:DE:8C:EF:EA:61:0D:DF:2F:A0:78:B5:C8:06:7F:4E:82:82:90:BF:B8:60:E8:4B:3C +-----BEGIN CERTIFICATE----- +MIIEuTCCA6GgAwIBAgIQQBrEZCGzEyEDDrvkEhrFHTANBgkqhkiG9w0BAQsFADCB +vTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL +ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwOCBWZXJp +U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MTgwNgYDVQQDEy9W +ZXJpU2lnbiBVbml2ZXJzYWwgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe +Fw0wODA0MDIwMDAwMDBaFw0zNzEyMDEyMzU5NTlaMIG9MQswCQYDVQQGEwJVUzEX +MBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0 +IE5ldHdvcmsxOjA4BgNVBAsTMShjKSAyMDA4IFZlcmlTaWduLCBJbmMuIC0gRm9y +IGF1dGhvcml6ZWQgdXNlIG9ubHkxODA2BgNVBAMTL1ZlcmlTaWduIFVuaXZlcnNh +bCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAx2E3XrEBNNti1xWb/1hajCMj1mCOkdeQmIN65lgZOIzF +9uVkhbSicfvtvbnazU0AtMgtc6XHaXGVHzk8skQHnOgO+k1KxCHfKWGPMiJhgsWH +H26MfF8WIFFE0XBPV+rjHOPMee5Y2A7Cs0WTwCznmhcrewA3ekEzeOEz4vMQGn+H +LL729fdC4uW/h2KJXwBL38Xd5HVEMkE6HnFuacsLdUYI0crSK5XQz/u5QGtkjFdN +/BMReYTtXlT2NJ8IAfMQJQYXStrxHXpma5hgZqTZ79IugvHw7wnqRMkVauIDbjPT +rJ9VAMf2CGqUuV/c4DPxhGD5WycRtPwW8rtWaoAljQIDAQABo4GyMIGvMA8GA1Ud +EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMG0GCCsGAQUFBwEMBGEwX6FdoFsw +WTBXMFUWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoEFI/l0xqGrI2Oa8PPgGrUSBgs +exkuMCUWI2h0dHA6Ly9sb2dvLnZlcmlzaWduLmNvbS92c2xvZ28uZ2lmMB0GA1Ud +DgQWBBS2d/ppSEefUxLVwuoHMnYH0ZcHGTANBgkqhkiG9w0BAQsFAAOCAQEASvj4 +sAPmLGd75JR3Y8xuTPl9Dg3cyLk1uXBPY/ok+myDjEedO2Pzmvl2MpWRsXe8rJq+ +seQxIcaBlVZaDrHC1LGmWazxY8u4TB1ZkErvkBYoH1quEPuBUDgMbMzxPcP1Y+Oz +4yHJJDnp/RVmRvQbEdBNc6N9Rvk97ahfYtTxP/jgdFcrGJ2BtMQo2pSXpXDrrB2+ +BxHw1dvd5Yzw1TKwg+ZX4o+/vqGqvz0dtdQ46tewXDpPaj+PwGZsY6rp2aQW9IHR +lRQOfc2VNNnSj3BzgXucfr2YYdhFh5iQxeuGMMY1v/D/w1WIg0vvBZIGcfK4mJO3 +7M2CYfE45k+XmCpajQ== +-----END CERTIFICATE----- + +### VISA + +=== /C=US/O=VISA/OU=Visa International Service Association/CN=Visa eCommerce Root +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 13:86:35:4d:1d:3f:06:f2:c1:f9:65:05:d5:90:1c:62 + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Jun 26 02:18:36 2002 GMT + Not After : Jun 24 00:16:12 2022 GMT + Subject: C=US, O=VISA, OU=Visa International Service Association, CN=Visa eCommerce Root + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Certificate Sign, CRL Sign + X509v3 Subject Key Identifier: + 15:38:83:0F:3F:2C:3F:70:33:1E:CD:46:FE:07:8C:20:E0:D7:C3:B7 +SHA1 Fingerprint=70:17:9B:86:8C:00:A4:FA:60:91:52:22:3F:9F:3E:32:BD:E0:05:62 +SHA256 Fingerprint=69:FA:C9:BD:55:FB:0A:C7:8D:53:BB:EE:5C:F1:D5:97:98:9F:D0:AA:AB:20:A2:51:51:BD:F1:73:3E:E7:D1:22 +-----BEGIN CERTIFICATE----- +MIIDojCCAoqgAwIBAgIQE4Y1TR0/BvLB+WUF1ZAcYjANBgkqhkiG9w0BAQUFADBr +MQswCQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMmVmlzYSBJbnRl +cm5hdGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNv +bW1lcmNlIFJvb3QwHhcNMDIwNjI2MDIxODM2WhcNMjIwNjI0MDAxNjEyWjBrMQsw +CQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMmVmlzYSBJbnRlcm5h +dGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNvbW1l +cmNlIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvV95WHm6h +2mCxlCfLF9sHP4CFT8icttD0b0/Pmdjh28JIXDqsOTPHH2qLJj0rNfVIsZHBAk4E +lpF7sDPwsRROEW+1QK8bRaVK7362rPKgH1g/EkZgPI2h4H3PVz4zHvtH8aoVlwdV +ZqW1LS7YgFmypw23RuwhY/81q6UCzyr0TP579ZRdhE2o8mCP2w4lPJ9zcc+U30rq +299yOIzzlr3xF7zSujtFWsan9sYXiwGd/BmoKoMWuDpI/k4+oKsGGelT84ATB+0t +vz8KPFUgOSwsAGl0lUq8ILKpeeUYiZGo3BxN77t+Nwtd/jmliFKMAGzsGHxBvfaL +dXe6YJ2E5/4tAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD +AgEGMB0GA1UdDgQWBBQVOIMPPyw/cDMezUb+B4wg4NfDtzANBgkqhkiG9w0BAQUF +AAOCAQEAX/FBfXxcCLkr4NWSR/pnXKUTwwMhmytMiUbPWU3J/qVAtmPN3XEolWcR +zCSs00Rsca4BIGsDoo8Ytyk6feUWYFN4PMCvFYP3j1IzJL1kk5fui/fbGKhtcbP3 +LBfQdCVp9/5rPJS+TUtBjE7ic9DjkCJzQ83z7+pzzkWKsKZJ/0x9nXGIxHYdkFsd +7v3M9+79YKWxehZx0RbQfBI8bGmX265fOZpwLwU8GUYEmSA20GBuYQa7FkKMcPcw +++DbZqMAAb3mLNqRX6BGi01qnD093QVG/na/oAo85ADmJ7f/hC3euiInlhBx6yLt +398znM/jra6O1I7mT1GvFpLgXPYHDw== +-----END CERTIFICATE----- + +### WISeKey + +=== /C=CH/O=WISeKey/OU=Copyright (c) 2005/OU=OISTE Foundation Endorsed/CN=OISTE WISeKey Global Root GA CA +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 41:3d:72:c7:f4:6b:1f:81:43:7d:f1:d2:28:54:df:9a + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Dec 11 16:03:44 2005 GMT + Not After : Dec 11 16:09:51 2037 GMT + Subject: C=CH, O=WISeKey, OU=Copyright (c) 2005, OU=OISTE Foundation Endorsed, CN=OISTE WISeKey Global Root GA CA + X509v3 extensions: + X509v3 Key Usage: + Digital Signature, Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + B3:03:7E:AE:36:BC:B0:79:D1:DC:94:26:B6:11:BE:21:B2:69:86:94 + 1.3.6.1.4.1.311.21.1: + ... +SHA1 Fingerprint=59:22:A1:E1:5A:EA:16:35:21:F8:98:39:6A:46:46:B0:44:1B:0F:A9 +SHA256 Fingerprint=41:C9:23:86:6A:B4:CA:D6:B7:AD:57:80:81:58:2E:02:07:97:A6:CB:DF:4F:FF:78:CE:83:96:B3:89:37:D7:F5 +-----BEGIN CERTIFICATE----- +MIID8TCCAtmgAwIBAgIQQT1yx/RrH4FDffHSKFTfmjANBgkqhkiG9w0BAQUFADCB +ijELMAkGA1UEBhMCQ0gxEDAOBgNVBAoTB1dJU2VLZXkxGzAZBgNVBAsTEkNvcHly +aWdodCAoYykgMjAwNTEiMCAGA1UECxMZT0lTVEUgRm91bmRhdGlvbiBFbmRvcnNl +ZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9iYWwgUm9vdCBHQSBDQTAeFw0w +NTEyMTExNjAzNDRaFw0zNzEyMTExNjA5NTFaMIGKMQswCQYDVQQGEwJDSDEQMA4G +A1UEChMHV0lTZUtleTEbMBkGA1UECxMSQ29weXJpZ2h0IChjKSAyMDA1MSIwIAYD +VQQLExlPSVNURSBGb3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBX +SVNlS2V5IEdsb2JhbCBSb290IEdBIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAy0+zAJs9Nt350UlqaxBJH+zYK7LG+DKBKUOVTJoZIyEVRd7jyBxR +VVuuk+g3/ytr6dTqvirdqFEr12bDYVxgAsj1znJ7O7jyTmUIms2kahnBAbtzptf2 +w93NvKSLtZlhuAGio9RN1AU9ka34tAhxZK9w8RxrfvbDd50kc3vkDIzh2TbhmYsF +mQvtRTEJysIA2/dyoJaqlYfQjse2YXMNdmaM3Bu0Y6Kff5MTMPGhJ9vZ/yxViJGg +4E8HsChWjBgbl0SOid3gF27nKu+POQoxhILYQBRJLnpB5Kf+42TMwVlxSywhp1t9 +4B3RLoGbw9ho972WG6xwsRYUC9tguSYBBQIDAQABo1EwTzALBgNVHQ8EBAMCAYYw +DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUswN+rja8sHnR3JQmthG+IbJphpQw +EAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZIhvcNAQEFBQADggEBAEuh/wuHbrP5wUOx +SPMowB0uyQlB+pQAHKSkq0lPjz0e701vvbyk9vImMMkQyh2I+3QZH4VFvbBsUfk2 +ftv1TDI6QU9bR8/oCy22xBmddMVHxjtqD6wU2zz0c5ypBd8A3HR4+vg1YFkCExh8 +vPtNsCBtQ7tgMHpnM1zFmdH4LTlSc/uMqpclXHLZCB6rTjzjgTGfA6b7wP4piFXa +hNVQA7bihKOmNqoROgHhGEvWRGizPflTdISzRpFGlgC3gCy24eMQ4tui5yiPAZZi +Fj4A4xylNoEYokxSdsARo27mHbrjWr42U8U+dY+GaSlYU7Wcu2+fXMUY7N0v4ZjJ +/L7fCg0= +-----END CERTIFICATE----- +=== /C=CH/O=WISeKey/OU=OISTE Foundation Endorsed/CN=OISTE WISeKey Global Root GB CA +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 76:b1:20:52:74:f0:85:87:46:b3:f8:23:1a:f6:c2:c0 + Signature Algorithm: sha256WithRSAEncryption + Validity + Not Before: Dec 1 15:00:32 2014 GMT + Not After : Dec 1 15:10:31 2039 GMT + Subject: C=CH, O=WISeKey, OU=OISTE Foundation Endorsed, CN=OISTE WISeKey Global Root GB CA + X509v3 extensions: + X509v3 Key Usage: + Digital Signature, Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + 35:0F:C8:36:63:5E:E2:A3:EC:F9:3B:66:15:CE:51:52:E3:91:9A:3D + 1.3.6.1.4.1.311.21.1: + ... +SHA1 Fingerprint=0F:F9:40:76:18:D3:D7:6A:4B:98:F0:A8:35:9E:0C:FD:27:AC:CC:ED +SHA256 Fingerprint=6B:9C:08:E8:6E:B0:F7:67:CF:AD:65:CD:98:B6:21:49:E5:49:4A:67:F5:84:5E:7B:D1:ED:01:9F:27:B8:6B:D6 +-----BEGIN CERTIFICATE----- +MIIDtTCCAp2gAwIBAgIQdrEgUnTwhYdGs/gjGvbCwDANBgkqhkiG9w0BAQsFADBt +MQswCQYDVQQGEwJDSDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUg +Rm91bmRhdGlvbiBFbmRvcnNlZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9i +YWwgUm9vdCBHQiBDQTAeFw0xNDEyMDExNTAwMzJaFw0zOTEyMDExNTEwMzFaMG0x +CzAJBgNVBAYTAkNIMRAwDgYDVQQKEwdXSVNlS2V5MSIwIAYDVQQLExlPSVNURSBG +b3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5IEdsb2Jh +bCBSb290IEdCIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Be3 +HEokKtaXscriHvt9OO+Y9bI5mE4nuBFde9IllIiCFSZqGzG7qFshISvYD06fWvGx +WuR51jIjK+FTzJlFXHtPrby/h0oLS5daqPZI7H17Dc0hBt+eFf1Biki3IPShehtX +1F1Q/7pn2COZH8g/497/b1t3sWtuuMlk9+HKQUYOKXHQuSP8yYFfTvdv37+ErXNk +u7dCjmn21HYdfp2nuFeKUWdy19SouJVUQHMD9ur06/4oQnc/nSMbsrY9gBQHTC5P +99UKFg29ZkM3fiNDecNAhvVMKdqOmq0NpQSHiB6F4+lT1ZvIiwNjeOvgGUpuuy9r +M2RYk61pv48b74JIxwIDAQABo1EwTzALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUw +AwEB/zAdBgNVHQ4EFgQUNQ/INmNe4qPs+TtmFc5RUuORmj0wEAYJKwYBBAGCNxUB +BAMCAQAwDQYJKoZIhvcNAQELBQADggEBAEBM+4eymYGQfp3FsLAmzYh7KzKNbrgh +cViXfa43FK8+5/ea4n32cZiZBKpDdHij40lhPnOMTZTg+XHEthYOU3gf1qKHLwI5 +gSk8rxWYITD+KJAAjNHhy/peyP34EEY7onhCkRd0VQreUGdNZtGn//3ZwLWoo4rO +ZvUPQ82nK1d7Y0Zqqi5S2PTt4W2tKZB4SLrhI6qjiey1q5bAtEuiHZeeevJuQHHf +aPFlTc58Bd9TZaml8LGXBHAVRgOY1NK/VLSgWH1Sb9pWJmLU2NuJMW8c8CLC02Ic +Nc1MaRVUGpCY3useX8p3x8uOPUNpnJpY0CQ73xtAln41rYHHTnG6iBM= +-----END CERTIFICATE----- + +### XRamp Security Services Inc + +=== /C=US/OU=www.xrampsecurity.com/O=XRamp Security Services Inc/CN=XRamp Global Certification Authority +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 50:94:6c:ec:18:ea:d5:9c:4d:d5:97:ef:75:8f:a0:ad + Signature Algorithm: sha1WithRSAEncryption + Validity + Not Before: Nov 1 17:14:04 2004 GMT + Not After : Jan 1 05:37:19 2035 GMT + Subject: C=US, OU=www.xrampsecurity.com, O=XRamp Security Services Inc, CN=XRamp Global Certification Authority + X509v3 extensions: + 1.3.6.1.4.1.311.20.2: + ...C.A + X509v3 Key Usage: + Digital Signature, Certificate Sign, CRL Sign + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Subject Key Identifier: + C6:4F:A2:3D:06:63:84:09:9C:CE:62:E4:04:AC:8D:5C:B5:E9:B6:1B + X509v3 CRL Distribution Points: + + Full Name: + URI:http://crl.xrampsecurity.com/XGCA.crl + + 1.3.6.1.4.1.311.21.1: + ... +SHA1 Fingerprint=B8:01:86:D1:EB:9C:86:A5:41:04:CF:30:54:F3:4C:52:B7:E5:58:C6 +SHA256 Fingerprint=CE:CD:DC:90:50:99:D8:DA:DF:C5:B1:D2:09:B7:37:CB:E2:C1:8C:FB:2C:10:C0:FF:0B:CF:0D:32:86:FC:1A:A2 +-----BEGIN CERTIFICATE----- +MIIEMDCCAxigAwIBAgIQUJRs7Bjq1ZxN1ZfvdY+grTANBgkqhkiG9w0BAQUFADCB +gjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEk +MCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRY +UmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQxMTAxMTcx +NDA0WhcNMzUwMTAxMDUzNzE5WjCBgjELMAkGA1UEBhMCVVMxHjAcBgNVBAsTFXd3 +dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2VjdXJpdHkgU2Vy +dmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBB +dXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYJB69FbS6 +38eMpSe2OAtp87ZOqCwuIR1cRN8hXX4jdP5efrRKt6atH67gBhbim1vZZ3RrXYCP +KZ2GG9mcDZhtdhAoWORlsH9KmHmf4MMxfoArtYzAQDsRhtDLooY2YKTVMIJt2W7Q +DxIEM5dfT2Fa8OT5kavnHTu86M/0ay00fOJIYRyO82FEzG+gSqmUsE3a56k0enI4 +qEHMPJQRfevIpoy3hsvKMzvZPTeL+3o+hiznc9cKV6xkmxnr9A8ECIqsAxcZZPRa +JSKNNCyy9mgdEm3Tih4U2sSPpuIjhdV6Db1q4Ons7Be7QhtnqiXtRYMh/MHJfNVi +PvryxS3T/dRlAgMBAAGjgZ8wgZwwEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0P +BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMZPoj0GY4QJnM5i5ASs +jVy16bYbMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwueHJhbXBzZWN1cml0 +eS5jb20vWEdDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQEwDQYJKoZIhvcNAQEFBQAD +ggEBAJEVOQMBG2f7Shz5CmBbodpNl2L5JFMn14JkTpAuw0kbK5rc/Kh4ZzXxHfAR +vbdI4xD2Dd8/0sm2qlWkSLoC295ZLhVbO50WfUfXN+pfTXYSNrsf16GBBEYgoyxt +qZ4Bfj8pzgCT3/3JknOJiWSe5yvkHJEs0rnOfc5vMZnT5r7SHpDwCRR5XCOrTdLa +IR9NmXmd4c8nnxCbHIgNsIpkQTG4DmyQJKSbXHGPurt+HBvbaoAPIbzp26a3QPSy +i6mx5O+aGtA9aZnuqCij4Tyz8LIRnM98QObd50N9otg6tamN8jSZxNQQ4Qb9CYQQ +O+7ETPTsJ3xCwnR8gooJybQDJbw= +-----END CERTIFICATE----- diff --git a/src/lib/libcrypto/chacha/chacha-merged.c b/src/lib/libcrypto/chacha/chacha-merged.c new file mode 100644 index 00000000000..67508f208de --- /dev/null +++ b/src/lib/libcrypto/chacha/chacha-merged.c @@ -0,0 +1,325 @@ +/* $OpenBSD: chacha-merged.c,v 1.9 2019/01/22 00:59:21 dlg Exp $ */ +/* +chacha-merged.c version 20080118 +D. J. Bernstein +Public domain. +*/ + +#include + +#include + +#define CHACHA_MINKEYLEN 16 +#define CHACHA_NONCELEN 8 +#define CHACHA_CTRLEN 8 +#define CHACHA_STATELEN (CHACHA_NONCELEN+CHACHA_CTRLEN) +#define CHACHA_BLOCKLEN 64 + +struct chacha_ctx { + u_int input[16]; + uint8_t ks[CHACHA_BLOCKLEN]; + uint8_t unused; +}; + +static inline void chacha_keysetup(struct chacha_ctx *x, const u_char *k, + u_int kbits) + __attribute__((__bounded__(__minbytes__, 2, CHACHA_MINKEYLEN))); +static inline void chacha_ivsetup(struct chacha_ctx *x, const u_char *iv, + const u_char *ctr) + __attribute__((__bounded__(__minbytes__, 2, CHACHA_NONCELEN))) + __attribute__((__bounded__(__minbytes__, 3, CHACHA_CTRLEN))); +static inline void chacha_encrypt_bytes(struct chacha_ctx *x, const u_char *m, + u_char *c, u_int bytes) + __attribute__((__bounded__(__buffer__, 2, 4))) + __attribute__((__bounded__(__buffer__, 3, 4))); + +typedef unsigned char u8; +typedef unsigned int u32; + +typedef struct chacha_ctx chacha_ctx; + +#define U8C(v) (v##U) +#define U32C(v) (v##U) + +#define U8V(v) ((u8)(v) & U8C(0xFF)) +#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF)) + +#define ROTL32(v, n) \ + (U32V((v) << (n)) | ((v) >> (32 - (n)))) + +#define U8TO32_LITTLE(p) \ + (((u32)((p)[0])) | \ + ((u32)((p)[1]) << 8) | \ + ((u32)((p)[2]) << 16) | \ + ((u32)((p)[3]) << 24)) + +#define U32TO8_LITTLE(p, v) \ + do { \ + (p)[0] = U8V((v)); \ + (p)[1] = U8V((v) >> 8); \ + (p)[2] = U8V((v) >> 16); \ + (p)[3] = U8V((v) >> 24); \ + } while (0) + +#define ROTATE(v,c) (ROTL32(v,c)) +#define XOR(v,w) ((v) ^ (w)) +#define PLUS(v,w) (U32V((v) + (w))) +#define PLUSONE(v) (PLUS((v),1)) + +#define QUARTERROUND(a,b,c,d) \ + a = PLUS(a,b); d = ROTATE(XOR(d,a),16); \ + c = PLUS(c,d); b = ROTATE(XOR(b,c),12); \ + a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); \ + c = PLUS(c,d); b = ROTATE(XOR(b,c), 7); + +/* Initialise with "expand 32-byte k". */ +static const char sigma[16] = { + 0x65, 0x78, 0x70, 0x61, 0x6e, 0x64, 0x20, 0x33, + 0x32, 0x2d, 0x62, 0x79, 0x74, 0x65, 0x20, 0x6b, +}; + +/* Initialise with "expand 16-byte k". */ +static const char tau[16] = { + 0x65, 0x78, 0x70, 0x61, 0x6e, 0x64, 0x20, 0x31, + 0x36, 0x2d, 0x62, 0x79, 0x74, 0x65, 0x20, 0x6b, +}; + +static inline void +chacha_keysetup(chacha_ctx *x, const u8 *k, u32 kbits) +{ + const char *constants; + + x->input[4] = U8TO32_LITTLE(k + 0); + x->input[5] = U8TO32_LITTLE(k + 4); + x->input[6] = U8TO32_LITTLE(k + 8); + x->input[7] = U8TO32_LITTLE(k + 12); + if (kbits == 256) { /* recommended */ + k += 16; + constants = sigma; + } else { /* kbits == 128 */ + constants = tau; + } + x->input[8] = U8TO32_LITTLE(k + 0); + x->input[9] = U8TO32_LITTLE(k + 4); + x->input[10] = U8TO32_LITTLE(k + 8); + x->input[11] = U8TO32_LITTLE(k + 12); + x->input[0] = U8TO32_LITTLE(constants + 0); + x->input[1] = U8TO32_LITTLE(constants + 4); + x->input[2] = U8TO32_LITTLE(constants + 8); + x->input[3] = U8TO32_LITTLE(constants + 12); +} + +static inline void +chacha_ivsetup(chacha_ctx *x, const u8 *iv, const u8 *counter) +{ + x->input[12] = counter == NULL ? 0 : U8TO32_LITTLE(counter + 0); + x->input[13] = counter == NULL ? 0 : U8TO32_LITTLE(counter + 4); + x->input[14] = U8TO32_LITTLE(iv + 0); + x->input[15] = U8TO32_LITTLE(iv + 4); +} + +static inline void +chacha_encrypt_bytes(chacha_ctx *x, const u8 *m, u8 *c, u32 bytes) +{ + u32 x0, x1, x2, x3, x4, x5, x6, x7; + u32 x8, x9, x10, x11, x12, x13, x14, x15; + u32 j0, j1, j2, j3, j4, j5, j6, j7; + u32 j8, j9, j10, j11, j12, j13, j14, j15; + u8 *ctarget = NULL; + u8 tmp[64]; + u_int i; + + if (!bytes) + return; + + j0 = x->input[0]; + j1 = x->input[1]; + j2 = x->input[2]; + j3 = x->input[3]; + j4 = x->input[4]; + j5 = x->input[5]; + j6 = x->input[6]; + j7 = x->input[7]; + j8 = x->input[8]; + j9 = x->input[9]; + j10 = x->input[10]; + j11 = x->input[11]; + j12 = x->input[12]; + j13 = x->input[13]; + j14 = x->input[14]; + j15 = x->input[15]; + + for (;;) { + if (bytes < 64) { + for (i = 0; i < bytes; ++i) + tmp[i] = m[i]; + m = tmp; + ctarget = c; + c = tmp; + } + x0 = j0; + x1 = j1; + x2 = j2; + x3 = j3; + x4 = j4; + x5 = j5; + x6 = j6; + x7 = j7; + x8 = j8; + x9 = j9; + x10 = j10; + x11 = j11; + x12 = j12; + x13 = j13; + x14 = j14; + x15 = j15; + for (i = 20; i > 0; i -= 2) { + QUARTERROUND(x0, x4, x8, x12) + QUARTERROUND(x1, x5, x9, x13) + QUARTERROUND(x2, x6, x10, x14) + QUARTERROUND(x3, x7, x11, x15) + QUARTERROUND(x0, x5, x10, x15) + QUARTERROUND(x1, x6, x11, x12) + QUARTERROUND(x2, x7, x8, x13) + QUARTERROUND(x3, x4, x9, x14) + } + x0 = PLUS(x0, j0); + x1 = PLUS(x1, j1); + x2 = PLUS(x2, j2); + x3 = PLUS(x3, j3); + x4 = PLUS(x4, j4); + x5 = PLUS(x5, j5); + x6 = PLUS(x6, j6); + x7 = PLUS(x7, j7); + x8 = PLUS(x8, j8); + x9 = PLUS(x9, j9); + x10 = PLUS(x10, j10); + x11 = PLUS(x11, j11); + x12 = PLUS(x12, j12); + x13 = PLUS(x13, j13); + x14 = PLUS(x14, j14); + x15 = PLUS(x15, j15); + + if (bytes < 64) { + U32TO8_LITTLE(x->ks + 0, x0); + U32TO8_LITTLE(x->ks + 4, x1); + U32TO8_LITTLE(x->ks + 8, x2); + U32TO8_LITTLE(x->ks + 12, x3); + U32TO8_LITTLE(x->ks + 16, x4); + U32TO8_LITTLE(x->ks + 20, x5); + U32TO8_LITTLE(x->ks + 24, x6); + U32TO8_LITTLE(x->ks + 28, x7); + U32TO8_LITTLE(x->ks + 32, x8); + U32TO8_LITTLE(x->ks + 36, x9); + U32TO8_LITTLE(x->ks + 40, x10); + U32TO8_LITTLE(x->ks + 44, x11); + U32TO8_LITTLE(x->ks + 48, x12); + U32TO8_LITTLE(x->ks + 52, x13); + U32TO8_LITTLE(x->ks + 56, x14); + U32TO8_LITTLE(x->ks + 60, x15); + } + + x0 = XOR(x0, U8TO32_LITTLE(m + 0)); + x1 = XOR(x1, U8TO32_LITTLE(m + 4)); + x2 = XOR(x2, U8TO32_LITTLE(m + 8)); + x3 = XOR(x3, U8TO32_LITTLE(m + 12)); + x4 = XOR(x4, U8TO32_LITTLE(m + 16)); + x5 = XOR(x5, U8TO32_LITTLE(m + 20)); + x6 = XOR(x6, U8TO32_LITTLE(m + 24)); + x7 = XOR(x7, U8TO32_LITTLE(m + 28)); + x8 = XOR(x8, U8TO32_LITTLE(m + 32)); + x9 = XOR(x9, U8TO32_LITTLE(m + 36)); + x10 = XOR(x10, U8TO32_LITTLE(m + 40)); + x11 = XOR(x11, U8TO32_LITTLE(m + 44)); + x12 = XOR(x12, U8TO32_LITTLE(m + 48)); + x13 = XOR(x13, U8TO32_LITTLE(m + 52)); + x14 = XOR(x14, U8TO32_LITTLE(m + 56)); + x15 = XOR(x15, U8TO32_LITTLE(m + 60)); + + j12 = PLUSONE(j12); + if (!j12) { + j13 = PLUSONE(j13); + /* + * Stopping at 2^70 bytes per nonce is the user's + * responsibility. + */ + } + + U32TO8_LITTLE(c + 0, x0); + U32TO8_LITTLE(c + 4, x1); + U32TO8_LITTLE(c + 8, x2); + U32TO8_LITTLE(c + 12, x3); + U32TO8_LITTLE(c + 16, x4); + U32TO8_LITTLE(c + 20, x5); + U32TO8_LITTLE(c + 24, x6); + U32TO8_LITTLE(c + 28, x7); + U32TO8_LITTLE(c + 32, x8); + U32TO8_LITTLE(c + 36, x9); + U32TO8_LITTLE(c + 40, x10); + U32TO8_LITTLE(c + 44, x11); + U32TO8_LITTLE(c + 48, x12); + U32TO8_LITTLE(c + 52, x13); + U32TO8_LITTLE(c + 56, x14); + U32TO8_LITTLE(c + 60, x15); + + if (bytes <= 64) { + if (bytes < 64) { + for (i = 0; i < bytes; ++i) + ctarget[i] = c[i]; + } + x->input[12] = j12; + x->input[13] = j13; + x->unused = 64 - bytes; + return; + } + bytes -= 64; + c += 64; + m += 64; + } +} + +void +CRYPTO_hchacha_20(unsigned char subkey[32], const unsigned char key[32], + const unsigned char nonce[16]) +{ + uint32_t x[16]; + int i; + + x[0] = U8TO32_LITTLE(sigma + 0); + x[1] = U8TO32_LITTLE(sigma + 4); + x[2] = U8TO32_LITTLE(sigma + 8); + x[3] = U8TO32_LITTLE(sigma + 12); + x[4] = U8TO32_LITTLE(key + 0); + x[5] = U8TO32_LITTLE(key + 4); + x[6] = U8TO32_LITTLE(key + 8); + x[7] = U8TO32_LITTLE(key + 12); + x[8] = U8TO32_LITTLE(key + 16); + x[9] = U8TO32_LITTLE(key + 20); + x[10] = U8TO32_LITTLE(key + 24); + x[11] = U8TO32_LITTLE(key + 28); + x[12] = U8TO32_LITTLE(nonce + 0); + x[13] = U8TO32_LITTLE(nonce + 4); + x[14] = U8TO32_LITTLE(nonce + 8); + x[15] = U8TO32_LITTLE(nonce + 12); + + for (i = 20; i > 0; i -= 2) { + QUARTERROUND(x[0], x[4], x[8], x[12]) + QUARTERROUND(x[1], x[5], x[9], x[13]) + QUARTERROUND(x[2], x[6], x[10], x[14]) + QUARTERROUND(x[3], x[7], x[11], x[15]) + QUARTERROUND(x[0], x[5], x[10], x[15]) + QUARTERROUND(x[1], x[6], x[11], x[12]) + QUARTERROUND(x[2], x[7], x[8], x[13]) + QUARTERROUND(x[3], x[4], x[9], x[14]) + } + + U32TO8_LITTLE(subkey + 0, x[0]); + U32TO8_LITTLE(subkey + 4, x[1]); + U32TO8_LITTLE(subkey + 8, x[2]); + U32TO8_LITTLE(subkey + 12, x[3]); + + U32TO8_LITTLE(subkey + 16, x[12]); + U32TO8_LITTLE(subkey + 20, x[13]); + U32TO8_LITTLE(subkey + 24, x[14]); + U32TO8_LITTLE(subkey + 28, x[15]); +} diff --git a/src/lib/libcrypto/chacha/chacha.c b/src/lib/libcrypto/chacha/chacha.c new file mode 100644 index 00000000000..6a2dddf0556 --- /dev/null +++ b/src/lib/libcrypto/chacha/chacha.c @@ -0,0 +1,87 @@ +/* $OpenBSD: chacha.c,v 1.8 2019/01/22 00:59:21 dlg Exp $ */ +/* + * Copyright (c) 2014 Joel Sing + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include + +#include "chacha-merged.c" + +void +ChaCha_set_key(ChaCha_ctx *ctx, const unsigned char *key, uint32_t keybits) +{ + chacha_keysetup((chacha_ctx *)ctx, key, keybits); + ctx->unused = 0; +} + +void +ChaCha_set_iv(ChaCha_ctx *ctx, const unsigned char *iv, + const unsigned char *counter) +{ + chacha_ivsetup((chacha_ctx *)ctx, iv, counter); + ctx->unused = 0; +} + +void +ChaCha(ChaCha_ctx *ctx, unsigned char *out, const unsigned char *in, size_t len) +{ + unsigned char *k; + int i, l; + + /* Consume remaining keystream, if any exists. */ + if (ctx->unused > 0) { + k = ctx->ks + 64 - ctx->unused; + l = (len > ctx->unused) ? ctx->unused : len; + for (i = 0; i < l; i++) + *(out++) = *(in++) ^ *(k++); + ctx->unused -= l; + len -= l; + } + + chacha_encrypt_bytes((chacha_ctx *)ctx, in, out, (uint32_t)len); +} + +void +CRYPTO_chacha_20(unsigned char *out, const unsigned char *in, size_t len, + const unsigned char key[32], const unsigned char iv[8], uint64_t counter) +{ + struct chacha_ctx ctx; + + /* + * chacha_ivsetup expects the counter to be in u8. Rather than + * converting size_t to u8 and then back again, pass a counter of + * NULL and manually assign it afterwards. + */ + chacha_keysetup(&ctx, key, 256); + chacha_ivsetup(&ctx, iv, NULL); + if (counter != 0) { + ctx.input[12] = (uint32_t)counter; + ctx.input[13] = (uint32_t)(counter >> 32); + } + + chacha_encrypt_bytes(&ctx, in, out, (uint32_t)len); +} + +void +CRYPTO_xchacha_20(unsigned char *out, const unsigned char *in, size_t len, + const unsigned char key[32], const unsigned char iv[24]) +{ + uint8_t subkey[32]; + + CRYPTO_hchacha_20(subkey, key, iv); + CRYPTO_chacha_20(out, in, len, subkey, iv + 16, 0); +} diff --git a/src/lib/libcrypto/chacha/chacha.h b/src/lib/libcrypto/chacha/chacha.h new file mode 100644 index 00000000000..e2345b21994 --- /dev/null +++ b/src/lib/libcrypto/chacha/chacha.h @@ -0,0 +1,58 @@ +/* $OpenBSD: chacha.h,v 1.8 2019/01/22 00:59:21 dlg Exp $ */ +/* + * Copyright (c) 2014 Joel Sing + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef HEADER_CHACHA_H +#define HEADER_CHACHA_H + +#include + +#if defined(OPENSSL_NO_CHACHA) +#error ChaCha is disabled. +#endif + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct { + unsigned int input[16]; + unsigned char ks[64]; + unsigned char unused; +} ChaCha_ctx; + +void ChaCha_set_key(ChaCha_ctx *ctx, const unsigned char *key, + unsigned int keybits); +void ChaCha_set_iv(ChaCha_ctx *ctx, const unsigned char *iv, + const unsigned char *counter); +void ChaCha(ChaCha_ctx *ctx, unsigned char *out, const unsigned char *in, + size_t len); + +void CRYPTO_chacha_20(unsigned char *out, const unsigned char *in, size_t len, + const unsigned char key[32], const unsigned char iv[8], uint64_t counter); +void CRYPTO_xchacha_20(unsigned char *out, const unsigned char *in, size_t len, + const unsigned char key[32], const unsigned char iv[24]); +void CRYPTO_hchacha_20(unsigned char out[32], + const unsigned char key[32], const unsigned char iv[16]); + +#ifdef __cplusplus +} +#endif + +#endif /* HEADER_CHACHA_H */ diff --git a/src/lib/libcrypto/cmac/cm_ameth.c b/src/lib/libcrypto/cmac/cm_ameth.c new file mode 100644 index 00000000000..e7e7fe0f804 --- /dev/null +++ b/src/lib/libcrypto/cmac/cm_ameth.c @@ -0,0 +1,89 @@ +/* $OpenBSD: cm_ameth.c,v 1.7 2014/07/12 16:03:37 miod Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2010. + */ +/* ==================================================================== + * Copyright (c) 2010 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include + +#include +#include + +#include "asn1_locl.h" + +/* CMAC "ASN1" method. This is just here to indicate the + * maximum CMAC output length and to free up a CMAC + * key. + */ + +static int +cmac_size(const EVP_PKEY *pkey) +{ + return EVP_MAX_BLOCK_LENGTH; +} + +static void +cmac_key_free(EVP_PKEY *pkey) +{ + CMAC_CTX *cmctx = (CMAC_CTX *)pkey->pkey.ptr; + + CMAC_CTX_free(cmctx); +} + +const EVP_PKEY_ASN1_METHOD cmac_asn1_meth = { + .pkey_id = EVP_PKEY_CMAC, + .pkey_base_id = EVP_PKEY_CMAC, + + .pem_str = "CMAC", + .info = "OpenSSL CMAC method", + + .pkey_size = cmac_size, + .pkey_free = cmac_key_free +}; diff --git a/src/lib/libcrypto/cmac/cm_pmeth.c b/src/lib/libcrypto/cmac/cm_pmeth.c new file mode 100644 index 00000000000..d9059ca4a88 --- /dev/null +++ b/src/lib/libcrypto/cmac/cm_pmeth.c @@ -0,0 +1,213 @@ +/* $OpenBSD: cm_pmeth.c,v 1.8 2014/07/11 08:44:48 jsing Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2010. + */ +/* ==================================================================== + * Copyright (c) 2010 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include +#include + +#include +#include +#include +#include + +#include "evp_locl.h" + +/* The context structure and "key" is simply a CMAC_CTX */ + +static int +pkey_cmac_init(EVP_PKEY_CTX *ctx) +{ + ctx->data = CMAC_CTX_new(); + if (!ctx->data) + return 0; + ctx->keygen_info_count = 0; + return 1; +} + +static int +pkey_cmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) +{ + if (!pkey_cmac_init(dst)) + return 0; + if (!CMAC_CTX_copy(dst->data, src->data)) + return 0; + return 1; +} + +static void +pkey_cmac_cleanup(EVP_PKEY_CTX *ctx) +{ + CMAC_CTX_free(ctx->data); +} + +static int +pkey_cmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) +{ + CMAC_CTX *cmkey = CMAC_CTX_new(); + CMAC_CTX *cmctx = ctx->data; + + if (!cmkey) + return 0; + if (!CMAC_CTX_copy(cmkey, cmctx)) { + CMAC_CTX_free(cmkey); + return 0; + } + EVP_PKEY_assign(pkey, EVP_PKEY_CMAC, cmkey); + + return 1; +} + +static int +int_update(EVP_MD_CTX *ctx, const void *data, size_t count) +{ + if (!CMAC_Update(ctx->pctx->data, data, count)) + return 0; + return 1; +} + +static int +cmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) +{ + EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT); + mctx->update = int_update; + return 1; +} + +static int +cmac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + EVP_MD_CTX *mctx) +{ + return CMAC_Final(ctx->data, sig, siglen); +} + +static int +pkey_cmac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) +{ + CMAC_CTX *cmctx = ctx->data; + + switch (type) { + case EVP_PKEY_CTRL_SET_MAC_KEY: + if (!p2 || p1 < 0) + return 0; + if (!CMAC_Init(cmctx, p2, p1, NULL, NULL)) + return 0; + break; + + case EVP_PKEY_CTRL_CIPHER: + if (!CMAC_Init(cmctx, NULL, 0, p2, ctx->engine)) + return 0; + break; + + case EVP_PKEY_CTRL_MD: + if (ctx->pkey && !CMAC_CTX_copy(ctx->data, + (CMAC_CTX *)ctx->pkey->pkey.ptr)) + return 0; + if (!CMAC_Init(cmctx, NULL, 0, NULL, NULL)) + return 0; + break; + + default: + return -2; + } + return 1; +} + +static int +pkey_cmac_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value) +{ + if (!value) + return 0; + if (!strcmp(type, "key")) { + void *p = (void *)value; + return pkey_cmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, + strlen(p), p); + } + if (!strcmp(type, "cipher")) { + const EVP_CIPHER *c; + + c = EVP_get_cipherbyname(value); + if (!c) + return 0; + return pkey_cmac_ctrl(ctx, EVP_PKEY_CTRL_CIPHER, -1, (void *)c); + } + if (!strcmp(type, "hexkey")) { + unsigned char *key; + int r; + long keylen; + + key = string_to_hex(value, &keylen); + if (!key) + return 0; + r = pkey_cmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, keylen, key); + free(key); + return r; + } + + return -2; +} + +const EVP_PKEY_METHOD cmac_pkey_meth = { + .pkey_id = EVP_PKEY_CMAC, + .flags = EVP_PKEY_FLAG_SIGCTX_CUSTOM, + + .init = pkey_cmac_init, + .copy = pkey_cmac_copy, + .cleanup = pkey_cmac_cleanup, + + .keygen = pkey_cmac_keygen, + + .signctx_init = cmac_signctx_init, + .signctx = cmac_signctx, + + .ctrl = pkey_cmac_ctrl, + .ctrl_str = pkey_cmac_ctrl_str +}; diff --git a/src/lib/libcrypto/cmac/cmac.c b/src/lib/libcrypto/cmac/cmac.c new file mode 100644 index 00000000000..d01ae0f3aee --- /dev/null +++ b/src/lib/libcrypto/cmac/cmac.c @@ -0,0 +1,281 @@ +/* $OpenBSD: cmac.c,v 1.10 2015/09/10 15:56:25 jsing Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2010 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include +#include +#include + +#include + +struct CMAC_CTX_st { + /* Cipher context to use */ + EVP_CIPHER_CTX cctx; + /* Keys k1 and k2 */ + unsigned char k1[EVP_MAX_BLOCK_LENGTH]; + unsigned char k2[EVP_MAX_BLOCK_LENGTH]; + /* Temporary block */ + unsigned char tbl[EVP_MAX_BLOCK_LENGTH]; + /* Last (possibly partial) block */ + unsigned char last_block[EVP_MAX_BLOCK_LENGTH]; + /* Number of bytes in last block: -1 means context not initialised */ + int nlast_block; +}; + + +/* Make temporary keys K1 and K2 */ + +static void +make_kn(unsigned char *k1, unsigned char *l, int bl) +{ + int i; + + /* Shift block to left, including carry */ + for (i = 0; i < bl; i++) { + k1[i] = l[i] << 1; + if (i < bl - 1 && l[i + 1] & 0x80) + k1[i] |= 1; + } + /* If MSB set fixup with R */ + if (l[0] & 0x80) + k1[bl - 1] ^= bl == 16 ? 0x87 : 0x1b; +} + +CMAC_CTX * +CMAC_CTX_new(void) +{ + CMAC_CTX *ctx; + + ctx = malloc(sizeof(CMAC_CTX)); + if (!ctx) + return NULL; + EVP_CIPHER_CTX_init(&ctx->cctx); + ctx->nlast_block = -1; + return ctx; +} + +void +CMAC_CTX_cleanup(CMAC_CTX *ctx) +{ + EVP_CIPHER_CTX_cleanup(&ctx->cctx); + explicit_bzero(ctx->tbl, EVP_MAX_BLOCK_LENGTH); + explicit_bzero(ctx->k1, EVP_MAX_BLOCK_LENGTH); + explicit_bzero(ctx->k2, EVP_MAX_BLOCK_LENGTH); + explicit_bzero(ctx->last_block, EVP_MAX_BLOCK_LENGTH); + ctx->nlast_block = -1; +} + +EVP_CIPHER_CTX * +CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx) +{ + return &ctx->cctx; +} + +void +CMAC_CTX_free(CMAC_CTX *ctx) +{ + if (ctx == NULL) + return; + + CMAC_CTX_cleanup(ctx); + free(ctx); +} + +int +CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in) +{ + int bl; + + if (in->nlast_block == -1) + return 0; + if (!EVP_CIPHER_CTX_copy(&out->cctx, &in->cctx)) + return 0; + bl = EVP_CIPHER_CTX_block_size(&in->cctx); + memcpy(out->k1, in->k1, bl); + memcpy(out->k2, in->k2, bl); + memcpy(out->tbl, in->tbl, bl); + memcpy(out->last_block, in->last_block, bl); + out->nlast_block = in->nlast_block; + return 1; +} + +int +CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, + const EVP_CIPHER *cipher, ENGINE *impl) +{ + static unsigned char zero_iv[EVP_MAX_BLOCK_LENGTH]; + + /* All zeros means restart */ + if (!key && !cipher && !impl && keylen == 0) { + /* Not initialised */ + if (ctx->nlast_block == -1) + return 0; + if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv)) + return 0; + memset(ctx->tbl, 0, EVP_CIPHER_CTX_block_size(&ctx->cctx)); + ctx->nlast_block = 0; + return 1; + } + /* Initialiase context */ + if (cipher && !EVP_EncryptInit_ex(&ctx->cctx, cipher, impl, NULL, NULL)) + return 0; + /* Non-NULL key means initialisation complete */ + if (key) { + int bl; + + if (!EVP_CIPHER_CTX_cipher(&ctx->cctx)) + return 0; + if (!EVP_CIPHER_CTX_set_key_length(&ctx->cctx, keylen)) + return 0; + if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, key, zero_iv)) + return 0; + bl = EVP_CIPHER_CTX_block_size(&ctx->cctx); + if (!EVP_Cipher(&ctx->cctx, ctx->tbl, zero_iv, bl)) + return 0; + make_kn(ctx->k1, ctx->tbl, bl); + make_kn(ctx->k2, ctx->k1, bl); + explicit_bzero(ctx->tbl, bl); + /* Reset context again ready for first data block */ + if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv)) + return 0; + /* Zero tbl so resume works */ + memset(ctx->tbl, 0, bl); + ctx->nlast_block = 0; + } + return 1; +} + +int +CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen) +{ + const unsigned char *data = in; + size_t bl; + + if (ctx->nlast_block == -1) + return 0; + if (dlen == 0) + return 1; + bl = EVP_CIPHER_CTX_block_size(&ctx->cctx); + /* Copy into partial block if we need to */ + if (ctx->nlast_block > 0) { + size_t nleft; + + nleft = bl - ctx->nlast_block; + if (dlen < nleft) + nleft = dlen; + memcpy(ctx->last_block + ctx->nlast_block, data, nleft); + dlen -= nleft; + ctx->nlast_block += nleft; + /* If no more to process return */ + if (dlen == 0) + return 1; + data += nleft; + /* Else not final block so encrypt it */ + if (!EVP_Cipher(&ctx->cctx, ctx->tbl, ctx->last_block, bl)) + return 0; + } + /* Encrypt all but one of the complete blocks left */ + while (dlen > bl) { + if (!EVP_Cipher(&ctx->cctx, ctx->tbl, data, bl)) + return 0; + dlen -= bl; + data += bl; + } + /* Copy any data left to last block buffer */ + memcpy(ctx->last_block, data, dlen); + ctx->nlast_block = dlen; + return 1; +} + +int +CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen) +{ + int i, bl, lb; + + if (ctx->nlast_block == -1) + return 0; + bl = EVP_CIPHER_CTX_block_size(&ctx->cctx); + *poutlen = (size_t)bl; + if (!out) + return 1; + lb = ctx->nlast_block; + /* Is last block complete? */ + if (lb == bl) { + for (i = 0; i < bl; i++) + out[i] = ctx->last_block[i] ^ ctx->k1[i]; + } else { + ctx->last_block[lb] = 0x80; + if (bl - lb > 1) + memset(ctx->last_block + lb + 1, 0, bl - lb - 1); + for (i = 0; i < bl; i++) + out[i] = ctx->last_block[i] ^ ctx->k2[i]; + } + if (!EVP_Cipher(&ctx->cctx, out, out, bl)) { + explicit_bzero(out, bl); + return 0; + } + return 1; +} + +int +CMAC_resume(CMAC_CTX *ctx) +{ + if (ctx->nlast_block == -1) + return 0; + /* The buffer "tbl" containes the last fully encrypted block + * which is the last IV (or all zeroes if no last encrypted block). + * The last block has not been modified since CMAC_final(). + * So reinitialising using the last decrypted block will allow + * CMAC to continue after calling CMAC_Final(). + */ + return EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, ctx->tbl); +} diff --git a/src/lib/libcrypto/cmac/cmac.h b/src/lib/libcrypto/cmac/cmac.h new file mode 100644 index 00000000000..cb6d64b02f4 --- /dev/null +++ b/src/lib/libcrypto/cmac/cmac.h @@ -0,0 +1,82 @@ +/* $OpenBSD: cmac.h,v 1.3 2014/06/21 13:42:14 jsing Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2010 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + + +#ifndef HEADER_CMAC_H +#define HEADER_CMAC_H + +#ifdef __cplusplus +extern "C" { +#endif + +#include + +/* Opaque */ +typedef struct CMAC_CTX_st CMAC_CTX; + +CMAC_CTX *CMAC_CTX_new(void); +void CMAC_CTX_cleanup(CMAC_CTX *ctx); +void CMAC_CTX_free(CMAC_CTX *ctx); +EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx); +int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in); + +int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen, + const EVP_CIPHER *cipher, ENGINE *impl); +int CMAC_Update(CMAC_CTX *ctx, const void *data, size_t dlen); +int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen); +int CMAC_resume(CMAC_CTX *ctx); + +#ifdef __cplusplus +} +#endif +#endif diff --git a/src/lib/libcrypto/comp/Makefile.ssl b/src/lib/libcrypto/comp/Makefile.ssl deleted file mode 100644 index 972cb9fbc39..00000000000 --- a/src/lib/libcrypto/comp/Makefile.ssl +++ /dev/null @@ -1,114 +0,0 @@ -# -# SSLeay/crypto/comp/Makefile -# - -DIR= comp -TOP= ../.. -CC= cc -INCLUDES= -I.. -I$(TOP) -I../../include -CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKE= make -f Makefile.ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) -MAKEFILE= Makefile.ssl -AR= ar r - -CFLAGS= $(INCLUDES) $(CFLAG) - -GENERAL=Makefile -TEST= -APPS= - -LIB=$(TOP)/libcrypto.a -LIBSRC= comp_lib.c comp_err.c \ - c_rle.c c_zlib.c - -LIBOBJ= comp_lib.o comp_err.o \ - c_rle.o c_zlib.o - -SRC= $(LIBSRC) - -EXHEADER= comp.h -HEADER= $(EXHEADER) - -ALL= $(GENERAL) $(SRC) $(HEADER) - -top: - (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) - -all: lib - -lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) || echo Never mind. - @touch lib - -files: - $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO - -links: - @sh $(TOP)/util/point.sh Makefile.ssl Makefile - @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) - @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) - @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) - -install: - @for i in $(EXHEADER) ; \ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; - -tags: - ctags $(SRC) - -tests: - -lint: - lint -DLINT $(INCLUDES) $(SRC)>fluff - -depend: - $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC) - -dclean: - $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new - mv -f Makefile.new $(MAKEFILE) - -clean: - rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff - -# DO NOT DELETE THIS LINE -- make depend depends on it. - -c_rle.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -c_rle.o: ../../include/openssl/bn.h ../../include/openssl/comp.h -c_rle.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -c_rle.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -c_rle.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -c_rle.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -c_rle.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h c_rle.c -c_zlib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -c_zlib.o: ../../include/openssl/bn.h ../../include/openssl/comp.h -c_zlib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -c_zlib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -c_zlib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -c_zlib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -c_zlib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -c_zlib.o: c_zlib.c -comp_err.o: ../../include/openssl/bio.h ../../include/openssl/comp.h -comp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -comp_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -comp_err.o: ../../include/openssl/opensslconf.h -comp_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -comp_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -comp_err.o: comp_err.c -comp_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -comp_lib.o: ../../include/openssl/bn.h ../../include/openssl/comp.h -comp_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -comp_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -comp_lib.o: ../../include/openssl/opensslconf.h -comp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -comp_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -comp_lib.o: ../../include/openssl/symhacks.h comp_lib.c diff --git a/src/lib/libcrypto/comp/c_rle.c b/src/lib/libcrypto/comp/c_rle.c index efd366fa223..7004c350299 100644 --- a/src/lib/libcrypto/comp/c_rle.c +++ b/src/lib/libcrypto/comp/c_rle.c @@ -1,3 +1,4 @@ +/* $OpenBSD: c_rle.c,v 1.8 2014/11/03 16:58:28 tedu Exp $ */ #include #include #include @@ -5,58 +6,50 @@ #include static int rle_compress_block(COMP_CTX *ctx, unsigned char *out, - unsigned int olen, unsigned char *in, unsigned int ilen); + unsigned int olen, unsigned char *in, unsigned int ilen); static int rle_expand_block(COMP_CTX *ctx, unsigned char *out, - unsigned int olen, unsigned char *in, unsigned int ilen); - -static COMP_METHOD rle_method={ - NID_rle_compression, - LN_rle_compression, - NULL, - NULL, - rle_compress_block, - rle_expand_block, - NULL, - NULL, - }; - -COMP_METHOD *COMP_rle(void) - { - return(&rle_method); + unsigned int olen, unsigned char *in, unsigned int ilen); + +static COMP_METHOD rle_method = { + .type = NID_rle_compression, + .name = LN_rle_compression, + .compress = rle_compress_block, + .expand = rle_expand_block +}; + +COMP_METHOD * +COMP_rle(void) +{ + return (&rle_method); +} + +static int +rle_compress_block(COMP_CTX *ctx, unsigned char *out, unsigned int olen, + unsigned char *in, unsigned int ilen) +{ + + if (ilen == 0 || olen < (ilen - 1)) { + return (-1); } -static int rle_compress_block(COMP_CTX *ctx, unsigned char *out, - unsigned int olen, unsigned char *in, unsigned int ilen) - { - /* int i; */ - - if (olen < (ilen+1)) - { - /* ZZZZZZZZZZZZZZZZZZZZZZ */ - return(-1); - } - - *(out++)=0; - memcpy(out,in,ilen); - return(ilen+1); - } + *(out++) = 0; + memcpy(out, in, ilen); + return (ilen + 1); +} -static int rle_expand_block(COMP_CTX *ctx, unsigned char *out, - unsigned int olen, unsigned char *in, unsigned int ilen) - { +static int +rle_expand_block(COMP_CTX *ctx, unsigned char *out, unsigned int olen, + unsigned char *in, unsigned int ilen) +{ int i; - if (olen < (ilen-1)) - { - /* ZZZZZZZZZZZZZZZZZZZZZZ */ - return(-1); - } + if (olen < (ilen - 1)) { + return (-1); + } i= *(in++); - if (i == 0) - { - memcpy(out,in,ilen-1); - } - return(ilen-1); + if (i == 0) { + memcpy(out, in, ilen - 1); } - + return (ilen - 1); +} diff --git a/src/lib/libcrypto/comp/c_zlib.c b/src/lib/libcrypto/comp/c_zlib.c index cd2f8a491b9..0cdbb205a44 100644 --- a/src/lib/libcrypto/comp/c_zlib.c +++ b/src/lib/libcrypto/comp/c_zlib.c @@ -1,260 +1,563 @@ +/* $OpenBSD: c_zlib.c,v 1.20 2018/03/17 16:20:01 beck Exp $ */ #include #include #include #include #include +#include COMP_METHOD *COMP_zlib(void ); -static COMP_METHOD zlib_method_nozlib={ - NID_undef, - "(undef)", - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - }; - -#ifndef ZLIB -#undef ZLIB_SHARED -#else +static COMP_METHOD zlib_method_nozlib = { + .type = NID_undef, + .name = "(undef)" +}; + +#ifdef ZLIB #include -static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out, - unsigned int olen, unsigned char *in, unsigned int ilen); -static int zlib_expand_block(COMP_CTX *ctx, unsigned char *out, - unsigned int olen, unsigned char *in, unsigned int ilen); - -static int zz_uncompress(Bytef *dest, uLongf *destLen, const Bytef *source, - uLong sourceLen); - -static COMP_METHOD zlib_method={ - NID_zlib_compression, - LN_zlib_compression, - NULL, - NULL, - zlib_compress_block, - zlib_expand_block, - NULL, - NULL, - }; - -/* - * When OpenSSL is built on Windows, we do not want to require that - * the ZLIB.DLL be available in order for the OpenSSL DLLs to - * work. Therefore, all ZLIB routines are loaded at run time - * and we do not link to a .LIB file. - */ -#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) -# include - -# define Z_CALLCONV _stdcall -# define ZLIB_SHARED -#else -# define Z_CALLCONV -#endif /* !(OPENSSL_SYS_WINDOWS || OPENSSL_SYS_WIN32) */ - -#ifdef ZLIB_SHARED -#include - -/* Prototypes for built in stubs */ -static int stub_compress(Bytef *dest,uLongf *destLen, - const Bytef *source, uLong sourceLen); -static int stub_inflateEnd(z_streamp strm); -static int stub_inflate(z_streamp strm, int flush); -static int stub_inflateInit_(z_streamp strm, const char * version, - int stream_size); - -/* Function pointers */ -typedef int (Z_CALLCONV *compress_ft)(Bytef *dest,uLongf *destLen, - const Bytef *source, uLong sourceLen); -typedef int (Z_CALLCONV *inflateEnd_ft)(z_streamp strm); -typedef int (Z_CALLCONV *inflate_ft)(z_streamp strm, int flush); -typedef int (Z_CALLCONV *inflateInit__ft)(z_streamp strm, - const char * version, int stream_size); -static compress_ft p_compress=NULL; -static inflateEnd_ft p_inflateEnd=NULL; -static inflate_ft p_inflate=NULL; -static inflateInit__ft p_inflateInit_=NULL; - -static int zlib_loaded = 0; /* only attempt to init func pts once */ -static DSO *zlib_dso = NULL; - -#define compress stub_compress -#define inflateEnd stub_inflateEnd -#define inflate stub_inflate -#define inflateInit_ stub_inflateInit_ -#endif /* ZLIB_SHARED */ - -static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out, - unsigned int olen, unsigned char *in, unsigned int ilen) - { - unsigned long l; - int i; - int clear=1; - - if (ilen > 128) - { - out[0]=1; - l=olen-1; - i=compress(&(out[1]),&l,in,(unsigned long)ilen); - if (i != Z_OK) - return(-1); - if (ilen > l) - { - clear=0; - l++; - } - } - if (clear) - { - out[0]=0; - memcpy(&(out[1]),in,ilen); - l=ilen+1; - } -#ifdef DEBUG_ZLIB - fprintf(stderr,"compress(%4d)->%4d %s\n", - ilen,(int)l,(clear)?"clear":"zlib"); -#endif - return((int)l); - } +static int zlib_stateful_init(COMP_CTX *ctx); +static void zlib_stateful_finish(COMP_CTX *ctx); +static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out, + unsigned int olen, unsigned char *in, unsigned int ilen); +static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out, + unsigned int olen, unsigned char *in, unsigned int ilen); + + +/* memory allocations functions for zlib intialization */ +static void* +zlib_zalloc(void* opaque, unsigned int no, unsigned int size) +{ + return calloc(no, size); +} + +static void +zlib_zfree(void* opaque, void* address) +{ + free(address); +} + +static COMP_METHOD zlib_stateful_method = { + .type = NID_zlib_compression, + .name = LN_zlib_compression, + .init = zlib_stateful_init, + .finish = zlib_stateful_finish, + .compress = zlib_stateful_compress_block, + .expand = zlib_stateful_expand_block +}; + +struct zlib_state { + z_stream istream; + z_stream ostream; +}; + +static int zlib_stateful_ex_idx = -1; + +static int +zlib_stateful_init(COMP_CTX *ctx) +{ + int err; + struct zlib_state *state = malloc(sizeof(struct zlib_state)); + + if (state == NULL) + goto err; + + state->istream.zalloc = zlib_zalloc; + state->istream.zfree = zlib_zfree; + state->istream.opaque = Z_NULL; + state->istream.next_in = Z_NULL; + state->istream.next_out = Z_NULL; + state->istream.avail_in = 0; + state->istream.avail_out = 0; + err = inflateInit_(&state->istream, ZLIB_VERSION, sizeof(z_stream)); + if (err != Z_OK) + goto err; + + state->ostream.zalloc = zlib_zalloc; + state->ostream.zfree = zlib_zfree; + state->ostream.opaque = Z_NULL; + state->ostream.next_in = Z_NULL; + state->ostream.next_out = Z_NULL; + state->ostream.avail_in = 0; + state->ostream.avail_out = 0; + err = deflateInit_(&state->ostream, Z_DEFAULT_COMPRESSION, + ZLIB_VERSION, sizeof(z_stream)); + if (err != Z_OK) + goto err; + + CRYPTO_new_ex_data(CRYPTO_EX_INDEX_COMP, ctx, &ctx->ex_data); + CRYPTO_set_ex_data(&ctx->ex_data, zlib_stateful_ex_idx, state); + return 1; + +err: + free(state); + return 0; +} + +static void +zlib_stateful_finish(COMP_CTX *ctx) +{ + struct zlib_state *state = + (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data, + zlib_stateful_ex_idx); + + inflateEnd(&state->istream); + deflateEnd(&state->ostream); + free(state); + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_COMP, ctx, &ctx->ex_data); +} + +static int +zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out, + unsigned int olen, unsigned char *in, unsigned int ilen) +{ + int err = Z_OK; + struct zlib_state *state = + (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data, + zlib_stateful_ex_idx); + + if (state == NULL) + return -1; + + state->ostream.next_in = in; + state->ostream.avail_in = ilen; + state->ostream.next_out = out; + state->ostream.avail_out = olen; + if (ilen > 0) + err = deflate(&state->ostream, Z_SYNC_FLUSH); + if (err != Z_OK) + return -1; -static int zlib_expand_block(COMP_CTX *ctx, unsigned char *out, - unsigned int olen, unsigned char *in, unsigned int ilen) - { - unsigned long l; - int i; - - if (in[0]) - { - l=olen; - i=zz_uncompress(out,&l,&(in[1]),(unsigned long)ilen-1); - if (i != Z_OK) - return(-1); - } - else - { - memcpy(out,&(in[1]),ilen-1); - l=ilen-1; - } #ifdef DEBUG_ZLIB - fprintf(stderr,"expand (%4d)->%4d %s\n", - ilen,(int)l,in[0]?"zlib":"clear"); + fprintf(stderr, "compress(%4d)->%4d %s\n", + ilen, olen - state->ostream.avail_out, + (ilen != olen - state->ostream.avail_out)?"zlib":"clear"); #endif - return((int)l); - } -static int zz_uncompress (Bytef *dest, uLongf *destLen, const Bytef *source, - uLong sourceLen) -{ - z_stream stream; - int err; + return olen - state->ostream.avail_out; +} - stream.next_in = (Bytef*)source; - stream.avail_in = (uInt)sourceLen; - /* Check for source > 64K on 16-bit machine: */ - if ((uLong)stream.avail_in != sourceLen) return Z_BUF_ERROR; +static int +zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out, + unsigned int olen, unsigned char *in, unsigned int ilen) +{ + int err = Z_OK; - stream.next_out = dest; - stream.avail_out = (uInt)*destLen; - if ((uLong)stream.avail_out != *destLen) return Z_BUF_ERROR; + struct zlib_state *state = + (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data, + zlib_stateful_ex_idx); - stream.zalloc = (alloc_func)0; - stream.zfree = (free_func)0; + if (state == NULL) + return 0; - err = inflateInit(&stream); - if (err != Z_OK) return err; + state->istream.next_in = in; + state->istream.avail_in = ilen; + state->istream.next_out = out; + state->istream.avail_out = olen; + if (ilen > 0) + err = inflate(&state->istream, Z_SYNC_FLUSH); + if (err != Z_OK) + return -1; - err = inflate(&stream, Z_FINISH); - if (err != Z_STREAM_END) { - inflateEnd(&stream); - return err; - } - *destLen = stream.total_out; +#ifdef DEBUG_ZLIB + fprintf(stderr, "expand(%4d)->%4d %s\n", + ilen, olen - state->istream.avail_out, + (ilen != olen - state->istream.avail_out)?"zlib":"clear"); +#endif - err = inflateEnd(&stream); - return err; + return olen - state->istream.avail_out; } #endif -COMP_METHOD *COMP_zlib(void) - { +COMP_METHOD * +COMP_zlib(void) +{ COMP_METHOD *meth = &zlib_method_nozlib; -#ifdef ZLIB_SHARED - if (!zlib_loaded) - { -#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) - zlib_dso = DSO_load(NULL, "ZLIB", NULL, 0); -#else - zlib_dso = DSO_load(NULL, "z", NULL, 0); -#endif - if (zlib_dso != NULL) - { - p_compress - = (compress_ft) DSO_bind_func(zlib_dso, - "compress"); - p_inflateEnd - = (inflateEnd_ft) DSO_bind_func(zlib_dso, - "inflateEnd"); - p_inflate - = (inflate_ft) DSO_bind_func(zlib_dso, - "inflate"); - p_inflateInit_ - = (inflateInit__ft) DSO_bind_func(zlib_dso, - "inflateInit_"); - zlib_loaded++; - meth = &zlib_method; - } +#ifdef ZLIB + { + /* init zlib_stateful_ex_idx here so that in a multi-process + * application it's enough to intialize openssl before forking + * (idx will be inherited in all the children) */ + if (zlib_stateful_ex_idx == -1) { + CRYPTO_w_lock(CRYPTO_LOCK_COMP); + if (zlib_stateful_ex_idx == -1) + zlib_stateful_ex_idx = + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_COMP, + 0, NULL, NULL, NULL, NULL); + CRYPTO_w_unlock(CRYPTO_LOCK_COMP); + if (zlib_stateful_ex_idx == -1) + goto err; } + if (!OPENSSL_init_crypto(0, NULL)) + goto err; -#elif defined(ZLIB) - meth = &zlib_method; + meth = &zlib_stateful_method; + } + +err: #endif - return(meth); + return (meth); +} + +void +COMP_zlib_cleanup(void) +{ +} + +#ifdef ZLIB + +/* Zlib based compression/decompression filter BIO */ + +typedef struct { + unsigned char *ibuf; /* Input buffer */ + int ibufsize; /* Buffer size */ + z_stream zin; /* Input decompress context */ + unsigned char *obuf; /* Output buffer */ + int obufsize; /* Output buffer size */ + unsigned char *optr; /* Position in output buffer */ + int ocount; /* Amount of data in output buffer */ + int odone; /* deflate EOF */ + int comp_level; /* Compression level to use */ + z_stream zout; /* Output compression context */ +} BIO_ZLIB_CTX; + +#define ZLIB_DEFAULT_BUFSIZE 1024 + +static int bio_zlib_new(BIO *bi); +static int bio_zlib_free(BIO *bi); +static int bio_zlib_read(BIO *b, char *out, int outl); +static int bio_zlib_write(BIO *b, const char *in, int inl); +static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr); +static long bio_zlib_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp); + +static BIO_METHOD bio_meth_zlib = { + .type = BIO_TYPE_COMP, + .name = "zlib", + .bwrite = bio_zlib_write, + .bread = bio_zlib_read, + .ctrl = bio_zlib_ctrl, + .create = bio_zlib_new, + .destroy = bio_zlib_free, + .callback_ctrl = bio_zlib_callback_ctrl +}; + +BIO_METHOD * +BIO_f_zlib(void) +{ + return &bio_meth_zlib; +} + + +static int +bio_zlib_new(BIO *bi) +{ + BIO_ZLIB_CTX *ctx; + + ctx = malloc(sizeof(BIO_ZLIB_CTX)); + if (!ctx) { + COMPerror(ERR_R_MALLOC_FAILURE); + return 0; } + ctx->ibuf = NULL; + ctx->obuf = NULL; + ctx->ibufsize = ZLIB_DEFAULT_BUFSIZE; + ctx->obufsize = ZLIB_DEFAULT_BUFSIZE; + ctx->zin.zalloc = Z_NULL; + ctx->zin.zfree = Z_NULL; + ctx->zin.next_in = NULL; + ctx->zin.avail_in = 0; + ctx->zin.next_out = NULL; + ctx->zin.avail_out = 0; + ctx->zout.zalloc = Z_NULL; + ctx->zout.zfree = Z_NULL; + ctx->zout.next_in = NULL; + ctx->zout.avail_in = 0; + ctx->zout.next_out = NULL; + ctx->zout.avail_out = 0; + ctx->odone = 0; + ctx->comp_level = Z_DEFAULT_COMPRESSION; + bi->init = 1; + bi->ptr = (char *)ctx; + bi->flags = 0; + return 1; +} -#ifdef ZLIB_SHARED -/* Stubs for each function to be dynamicly loaded */ -static int -stub_compress(Bytef *dest,uLongf *destLen,const Bytef *source, uLong sourceLen) - { - if (p_compress) - return(p_compress(dest,destLen,source,sourceLen)); - else - return(Z_MEM_ERROR); +static int +bio_zlib_free(BIO *bi) +{ + BIO_ZLIB_CTX *ctx; + + if (!bi) + return 0; + ctx = (BIO_ZLIB_CTX *)bi->ptr; + if (ctx->ibuf) { + /* Destroy decompress context */ + inflateEnd(&ctx->zin); + free(ctx->ibuf); + } + if (ctx->obuf) { + /* Destroy compress context */ + deflateEnd(&ctx->zout); + free(ctx->obuf); } + free(ctx); + bi->ptr = NULL; + bi->init = 0; + bi->flags = 0; + return 1; +} static int -stub_inflateEnd(z_streamp strm) - { - if ( p_inflateEnd ) - return(p_inflateEnd(strm)); - else - return(Z_MEM_ERROR); +bio_zlib_read(BIO *b, char *out, int outl) +{ + BIO_ZLIB_CTX *ctx; + int ret; + z_stream *zin; + + if (!out || !outl) + return 0; + ctx = (BIO_ZLIB_CTX *)b->ptr; + zin = &ctx->zin; + BIO_clear_retry_flags(b); + if (!ctx->ibuf) { + ctx->ibuf = malloc(ctx->ibufsize); + if (!ctx->ibuf) { + COMPerror(ERR_R_MALLOC_FAILURE); + return 0; + } + inflateInit(zin); + zin->next_in = ctx->ibuf; + zin->avail_in = 0; } + /* Copy output data directly to supplied buffer */ + zin->next_out = (unsigned char *)out; + zin->avail_out = (unsigned int)outl; + for (;;) { + /* Decompress while data available */ + while (zin->avail_in) { + ret = inflate(zin, 0); + if ((ret != Z_OK) && (ret != Z_STREAM_END)) { + COMPerror(COMP_R_ZLIB_INFLATE_ERROR); + ERR_asprintf_error_data("zlib error:%s", + zError(ret)); + return 0; + } + /* If EOF or we've read everything then return */ + if ((ret == Z_STREAM_END) || !zin->avail_out) + return outl - zin->avail_out; + } + + /* No data in input buffer try to read some in, + * if an error then return the total data read. + */ + ret = BIO_read(b->next_bio, ctx->ibuf, ctx->ibufsize); + if (ret <= 0) { + /* Total data read */ + int tot = outl - zin->avail_out; + BIO_copy_next_retry(b); + if (ret < 0) + return (tot > 0) ? tot : ret; + return tot; + } + zin->avail_in = ret; + zin->next_in = ctx->ibuf; + } +} + static int -stub_inflate(z_streamp strm, int flush) - { - if ( p_inflate ) - return(p_inflate(strm,flush)); - else - return(Z_MEM_ERROR); +bio_zlib_write(BIO *b, const char *in, int inl) +{ + BIO_ZLIB_CTX *ctx; + int ret; + z_stream *zout; + + if (!in || !inl) + return 0; + ctx = (BIO_ZLIB_CTX *)b->ptr; + if (ctx->odone) + return 0; + zout = &ctx->zout; + BIO_clear_retry_flags(b); + if (!ctx->obuf) { + ctx->obuf = malloc(ctx->obufsize); + /* Need error here */ + if (!ctx->obuf) { + COMPerror(ERR_R_MALLOC_FAILURE); + return 0; + } + ctx->optr = ctx->obuf; + ctx->ocount = 0; + deflateInit(zout, ctx->comp_level); + zout->next_out = ctx->obuf; + zout->avail_out = ctx->obufsize; } + /* Obtain input data directly from supplied buffer */ + zout->next_in = (void *)in; + zout->avail_in = inl; + for (;;) { + /* If data in output buffer write it first */ + while (ctx->ocount) { + ret = BIO_write(b->next_bio, ctx->optr, ctx->ocount); + if (ret <= 0) { + /* Total data written */ + int tot = inl - zout->avail_in; + BIO_copy_next_retry(b); + if (ret < 0) + return (tot > 0) ? tot : ret; + return tot; + } + ctx->optr += ret; + ctx->ocount -= ret; + } + + /* Have we consumed all supplied data? */ + if (!zout->avail_in) + return inl; + + /* Compress some more */ + + /* Reset buffer */ + ctx->optr = ctx->obuf; + zout->next_out = ctx->obuf; + zout->avail_out = ctx->obufsize; + /* Compress some more */ + ret = deflate(zout, 0); + if (ret != Z_OK) { + COMPerror(COMP_R_ZLIB_DEFLATE_ERROR); + ERR_asprintf_error_data("zlib error:%s", zError(ret)); + return 0; + } + ctx->ocount = ctx->obufsize - zout->avail_out; + } +} static int -stub_inflateInit_(z_streamp strm, const char * version, int stream_size) - { - if ( p_inflateInit_ ) - return(p_inflateInit_(strm,version,stream_size)); - else - return(Z_MEM_ERROR); +bio_zlib_flush(BIO *b) +{ + BIO_ZLIB_CTX *ctx; + int ret; + z_stream *zout; + + ctx = (BIO_ZLIB_CTX *)b->ptr; + /* If no data written or already flush show success */ + if (!ctx->obuf || (ctx->odone && !ctx->ocount)) + return 1; + zout = &ctx->zout; + BIO_clear_retry_flags(b); + /* No more input data */ + zout->next_in = NULL; + zout->avail_in = 0; + for (;;) { + /* If data in output buffer write it first */ + while (ctx->ocount) { + ret = BIO_write(b->next_bio, ctx->optr, ctx->ocount); + if (ret <= 0) { + BIO_copy_next_retry(b); + return ret; + } + ctx->optr += ret; + ctx->ocount -= ret; + } + if (ctx->odone) + return 1; + + /* Compress some more */ + + /* Reset buffer */ + ctx->optr = ctx->obuf; + zout->next_out = ctx->obuf; + zout->avail_out = ctx->obufsize; + /* Compress some more */ + ret = deflate(zout, Z_FINISH); + if (ret == Z_STREAM_END) + ctx->odone = 1; + else if (ret != Z_OK) { + COMPerror(COMP_R_ZLIB_DEFLATE_ERROR); + ERR_asprintf_error_data("zlib error:%s", zError(ret)); + return 0; + } + ctx->ocount = ctx->obufsize - zout->avail_out; + } +} + +static long +bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr) +{ + BIO_ZLIB_CTX *ctx; + int ret, *ip; + int ibs, obs; + if (!b->next_bio) + return 0; + ctx = (BIO_ZLIB_CTX *)b->ptr; + switch (cmd) { + + case BIO_CTRL_RESET: + ctx->ocount = 0; + ctx->odone = 0; + ret = 1; + break; + + case BIO_CTRL_FLUSH: + ret = bio_zlib_flush(b); + if (ret > 0) + ret = BIO_flush(b->next_bio); + break; + + case BIO_C_SET_BUFF_SIZE: + ibs = -1; + obs = -1; + if (ptr != NULL) { + ip = ptr; + if (*ip == 0) + ibs = (int) num; + else + obs = (int) num; + } else { + ibs = (int)num; + obs = ibs; + } + + if (ibs != -1) { + free(ctx->ibuf); + ctx->ibuf = NULL; + ctx->ibufsize = ibs; + } + + if (obs != -1) { + free(ctx->obuf); + ctx->obuf = NULL; + ctx->obufsize = obs; + } + ret = 1; + break; + + case BIO_C_DO_STATE_MACHINE: + BIO_clear_retry_flags(b); + ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + BIO_copy_next_retry(b); + break; + + default: + ret = BIO_ctrl(b->next_bio, cmd, num, ptr); + break; + } -#endif /* ZLIB_SHARED */ + return ret; +} + + +static long +bio_zlib_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) +{ + if (!b->next_bio) + return 0; + return BIO_callback_ctrl(b->next_bio, cmd, fp); +} + +#endif diff --git a/src/lib/libcrypto/comp/comp.h b/src/lib/libcrypto/comp/comp.h index ab48b78ae97..fe7397f8ea4 100644 --- a/src/lib/libcrypto/comp/comp.h +++ b/src/lib/libcrypto/comp/comp.h @@ -1,3 +1,4 @@ +/* $OpenBSD: comp.h,v 1.8 2014/11/03 16:58:28 tedu Exp $ */ #ifndef HEADER_COMP_H #define HEADER_COMP_H @@ -8,20 +9,23 @@ extern "C" { #endif -typedef struct comp_method_st - { +typedef struct comp_ctx_st COMP_CTX; + +typedef struct comp_method_st { int type; /* NID for compression library */ const char *name; /* A text string to identify the library */ - int (*init)(); - void (*finish)(); - int (*compress)(); - int (*expand)(); - long (*ctrl)(); - long (*callback_ctrl)(); - } COMP_METHOD; - -typedef struct comp_ctx_st - { + int (*init)(COMP_CTX *ctx); + void (*finish)(COMP_CTX *ctx); + int (*compress)(COMP_CTX *ctx, unsigned char *out, unsigned int olen, + unsigned char *in, unsigned int ilen); + int (*expand)(COMP_CTX *ctx, unsigned char *out, unsigned int olen, + unsigned char *in, unsigned int ilen); + /* The following two do NOTHING, but are kept for backward compatibility */ + long (*ctrl)(void); + long (*callback_ctrl)(void); +} COMP_METHOD; + +struct comp_ctx_st { COMP_METHOD *meth; unsigned long compress_in; unsigned long compress_out; @@ -29,29 +33,39 @@ typedef struct comp_ctx_st unsigned long expand_out; CRYPTO_EX_DATA ex_data; - } COMP_CTX; +}; COMP_CTX *COMP_CTX_new(COMP_METHOD *meth); void COMP_CTX_free(COMP_CTX *ctx); int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen, - unsigned char *in, int ilen); + unsigned char *in, int ilen); int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen, - unsigned char *in, int ilen); + unsigned char *in, int ilen); COMP_METHOD *COMP_rle(void ); COMP_METHOD *COMP_zlib(void ); +void COMP_zlib_cleanup(void); + +#ifdef HEADER_BIO_H +#ifdef ZLIB +BIO_METHOD *BIO_f_zlib(void); +#endif +#endif -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ void ERR_load_COMP_strings(void); /* Error codes for the COMP functions. */ /* Function codes. */ +#define COMP_F_BIO_ZLIB_FLUSH 99 +#define COMP_F_BIO_ZLIB_NEW 100 +#define COMP_F_BIO_ZLIB_READ 101 +#define COMP_F_BIO_ZLIB_WRITE 102 /* Reason codes. */ +#define COMP_R_ZLIB_DEFLATE_ERROR 99 +#define COMP_R_ZLIB_INFLATE_ERROR 100 +#define COMP_R_ZLIB_NOT_SUPPORTED 101 #ifdef __cplusplus } diff --git a/src/lib/libcrypto/comp/comp_err.c b/src/lib/libcrypto/comp/comp_err.c index 1652b8c2c4a..be8a8fc7083 100644 --- a/src/lib/libcrypto/comp/comp_err.c +++ b/src/lib/libcrypto/comp/comp_err.c @@ -1,13 +1,13 @@ -/* crypto/comp/comp_err.c */ +/* $OpenBSD: comp_err.c,v 1.10 2017/01/29 17:49:22 beck Exp $ */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -53,40 +53,40 @@ * */ -/* NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - #include -#include + +#include + #include +#include /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -static ERR_STRING_DATA COMP_str_functs[]= - { -{0,NULL} - }; -static ERR_STRING_DATA COMP_str_reasons[]= - { -{0,NULL} - }; +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_COMP,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_COMP,0,reason) -#endif +static ERR_STRING_DATA COMP_str_functs[] = { + {ERR_FUNC(0xfff), "CRYPTO_internal"}, + {0, NULL} +}; -void ERR_load_COMP_strings(void) - { - static int init=1; +static ERR_STRING_DATA COMP_str_reasons[] = { + {ERR_REASON(COMP_R_ZLIB_DEFLATE_ERROR) , "zlib deflate error"}, + {ERR_REASON(COMP_R_ZLIB_INFLATE_ERROR) , "zlib inflate error"}, + {ERR_REASON(COMP_R_ZLIB_NOT_SUPPORTED) , "zlib not supported"}, + {0, NULL} +}; - if (init) - { - init=0; -#ifndef OPENSSL_NO_ERR - ERR_load_strings(ERR_LIB_COMP,COMP_str_functs); - ERR_load_strings(ERR_LIB_COMP,COMP_str_reasons); #endif - } +void +ERR_load_COMP_strings(void) +{ +#ifndef OPENSSL_NO_ERR + if (ERR_func_error_string(COMP_str_functs[0].error) == NULL) { + ERR_load_strings(0, COMP_str_functs); + ERR_load_strings(0, COMP_str_reasons); } +#endif +} diff --git a/src/lib/libcrypto/comp/comp_lib.c b/src/lib/libcrypto/comp/comp_lib.c index beb98ce8ccc..dde238ef728 100644 --- a/src/lib/libcrypto/comp/comp_lib.c +++ b/src/lib/libcrypto/comp/comp_lib.c @@ -1,78 +1,68 @@ +/* $OpenBSD: comp_lib.c,v 1.8 2014/11/03 16:58:28 tedu Exp $ */ #include #include #include #include #include -COMP_CTX *COMP_CTX_new(COMP_METHOD *meth) - { +COMP_CTX * +COMP_CTX_new(COMP_METHOD *meth) +{ COMP_CTX *ret; - if ((ret=(COMP_CTX *)OPENSSL_malloc(sizeof(COMP_CTX))) == NULL) - { - /* ZZZZZZZZZZZZZZZZ */ - return(NULL); - } - memset(ret,0,sizeof(COMP_CTX)); - ret->meth=meth; - if ((ret->meth->init != NULL) && !ret->meth->init(ret)) - { - OPENSSL_free(ret); - ret=NULL; - } -#if 0 - else - CRYPTO_new_ex_data(rsa_meth,(char *)ret,&ret->ex_data); -#endif - return(ret); + if ((ret = calloc(1, sizeof(COMP_CTX))) == NULL) { + return (NULL); } + ret->meth = meth; + if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { + free(ret); + ret = NULL; + } + return (ret); +} -void COMP_CTX_free(COMP_CTX *ctx) - { - /* CRYPTO_free_ex_data(rsa_meth,(char *)ctx,&ctx->ex_data); */ - - if(ctx == NULL) - return; +void +COMP_CTX_free(COMP_CTX *ctx) +{ + if (ctx == NULL) + return; if (ctx->meth->finish != NULL) ctx->meth->finish(ctx); - OPENSSL_free(ctx); - } + free(ctx); +} -int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen, - unsigned char *in, int ilen) - { +int +COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen, + unsigned char *in, int ilen) +{ int ret; - if (ctx->meth->compress == NULL) - { - /* ZZZZZZZZZZZZZZZZZ */ - return(-1); - } - ret=ctx->meth->compress(ctx,out,olen,in,ilen); - if (ret > 0) - { - ctx->compress_in+=ilen; - ctx->compress_out+=ret; - } - return(ret); + + if (ctx->meth->compress == NULL) { + return (-1); + } + ret = ctx->meth->compress(ctx, out, olen, in, ilen); + if (ret > 0) { + ctx->compress_in += ilen; + ctx->compress_out += ret; } + return (ret); +} -int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen, - unsigned char *in, int ilen) - { +int +COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen, + unsigned char *in, int ilen) +{ int ret; - if (ctx->meth->expand == NULL) - { - /* ZZZZZZZZZZZZZZZZZ */ - return(-1); - } - ret=ctx->meth->expand(ctx,out,olen,in,ilen); - if (ret > 0) - { - ctx->expand_in+=ilen; - ctx->expand_out+=ret; - } - return(ret); + if (ctx->meth->expand == NULL) { + return (-1); + } + ret = ctx->meth->expand(ctx, out, olen, in, ilen); + if (ret > 0) { + ctx->expand_in += ilen; + ctx->expand_out += ret; } + return (ret); +} diff --git a/src/lib/libcrypto/conf/Makefile.ssl b/src/lib/libcrypto/conf/Makefile.ssl deleted file mode 100644 index d7489c87a22..00000000000 --- a/src/lib/libcrypto/conf/Makefile.ssl +++ /dev/null @@ -1,161 +0,0 @@ -# -# SSLeay/crypto/conf/Makefile -# - -DIR= conf -TOP= ../.. -CC= cc -INCLUDES= -I.. -I$(TOP) -I../../include -CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKE= make -f Makefile.ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) -MAKEFILE= Makefile.ssl -AR= ar r - -CFLAGS= $(INCLUDES) $(CFLAG) - -GENERAL=Makefile -TEST= -APPS= - -LIB=$(TOP)/libcrypto.a -LIBSRC= conf_err.c conf_lib.c conf_api.c conf_def.c conf_mod.c \ - conf_mall.c conf_sap.c - -LIBOBJ= conf_err.o conf_lib.o conf_api.o conf_def.o conf_mod.o \ - conf_mall.o conf_sap.o - -SRC= $(LIBSRC) - -EXHEADER= conf.h conf_api.h -HEADER= conf_def.h $(EXHEADER) - -ALL= $(GENERAL) $(SRC) $(HEADER) - -top: - (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) - -all: lib - -lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) || echo Never mind. - @touch lib - -files: - $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO - -links: - @sh $(TOP)/util/point.sh Makefile.ssl Makefile - @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) - @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) - @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) - -install: - @for i in $(EXHEADER) ; \ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; - -tags: - ctags $(SRC) - -tests: - -lint: - lint -DLINT $(INCLUDES) $(SRC)>fluff - -depend: - $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC) - -dclean: - $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new - mv -f Makefile.new $(MAKEFILE) - -clean: - rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff - -# DO NOT DELETE THIS LINE -- make depend depends on it. - -conf_api.o: ../../e_os.h ../../include/openssl/bio.h -conf_api.o: ../../include/openssl/conf.h ../../include/openssl/conf_api.h -conf_api.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -conf_api.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -conf_api.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -conf_api.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -conf_api.o: conf_api.c -conf_def.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h -conf_def.o: ../../include/openssl/conf.h ../../include/openssl/conf_api.h -conf_def.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -conf_def.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -conf_def.o: ../../include/openssl/opensslconf.h -conf_def.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -conf_def.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -conf_def.o: conf_def.c conf_def.h -conf_err.o: ../../include/openssl/bio.h ../../include/openssl/conf.h -conf_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -conf_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -conf_err.o: ../../include/openssl/opensslconf.h -conf_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -conf_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -conf_err.o: conf_err.c -conf_lib.o: ../../include/openssl/bio.h ../../include/openssl/conf.h -conf_lib.o: ../../include/openssl/conf_api.h ../../include/openssl/crypto.h -conf_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -conf_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -conf_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -conf_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -conf_lib.o: conf_lib.c -conf_mall.o: ../../e_os.h ../../include/openssl/asn1.h -conf_mall.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -conf_mall.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h -conf_mall.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -conf_mall.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h -conf_mall.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -conf_mall.o: ../../include/openssl/err.h ../../include/openssl/evp.h -conf_mall.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -conf_mall.o: ../../include/openssl/objects.h -conf_mall.o: ../../include/openssl/opensslconf.h -conf_mall.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -conf_mall.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -conf_mall.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -conf_mall.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -conf_mall.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -conf_mall.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -conf_mall.o: ../cryptlib.h conf_mall.c -conf_mod.o: ../../e_os.h ../../include/openssl/asn1.h -conf_mod.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -conf_mod.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h -conf_mod.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -conf_mod.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h -conf_mod.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -conf_mod.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -conf_mod.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -conf_mod.o: ../../include/openssl/opensslconf.h -conf_mod.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -conf_mod.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -conf_mod.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -conf_mod.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -conf_mod.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -conf_mod.o: ../cryptlib.h conf_mod.c -conf_sap.o: ../../e_os.h ../../include/openssl/asn1.h -conf_sap.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -conf_sap.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h -conf_sap.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -conf_sap.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h -conf_sap.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -conf_sap.o: ../../include/openssl/err.h ../../include/openssl/evp.h -conf_sap.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -conf_sap.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -conf_sap.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -conf_sap.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -conf_sap.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -conf_sap.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -conf_sap.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -conf_sap.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -conf_sap.o: ../cryptlib.h conf_sap.c diff --git a/src/lib/libcrypto/conf/README b/src/lib/libcrypto/conf/README index ca58d0240f5..96e53b34ed8 100644 --- a/src/lib/libcrypto/conf/README +++ b/src/lib/libcrypto/conf/README @@ -1,8 +1,3 @@ -WARNING WARNING WARNING!!! - -This stuff is experimental, may change radically or be deleted altogether -before OpenSSL 0.9.7 release. You have been warned! - Configuration modules. These are a set of modules which can perform various configuration functions. @@ -13,7 +8,7 @@ The routines read a configuration file set up like this: ----- #default section -openssl_init=init_section +openssl_conf=init_section [init_section] @@ -30,29 +25,27 @@ path=/some/path/to/some/dso.so other_stuff=other_value ---- -When this file is loaded a configuration module with the specified -string (module* in the above example) is looked up and its init -function called as: +When this file is loaded a configuration module with the specified string +(module* in the above example) is looked up and its init function called as: int conf_init_func(CONF_IMODULE *md, CONF *cnf); -The function can then take whatever action is appropriate, for example -further lookups based on the value. Multiple instances of the same -config module can be loaded. +The function can then take whatever action is appropriate, for example further +lookups based on the value. Multiple instances of the same config module can be +loaded. -When the application closes down the modules are cleaned up by calling -an optional finish function: +When the application closes down the modules are cleaned up by calling an +optional finish function: void conf_finish_func(CONF_IMODULE *md); The finish functions are called in reverse order: that is the last module loaded is the first one cleaned up. -If no module exists with a given name then an attempt is made to load -a DSO with the supplied name. This might mean that "module3" attempts -to load a DSO called libmodule3.so or module3.dll for example. An explicit -DSO name can be given by including a separate section as in the module4 example -above. +If no module exists with a given name then an attempt is made to load a DSO +with the supplied name. This might mean that "module3" attempts to load a DSO +called libmodule3.so or module3.dll for example. An explicit DSO name can be +given by including a separate section as in the module4 example above. The DSO is expected to at least contain an initialization function: @@ -64,15 +57,17 @@ void OPENSSL_finish(CONF_IMODULE *md); Static modules can also be added using, -int CONF_module_add(char *name, dso_mod_init_func *ifunc, dso_mod_finish_func *ffunc); +int CONF_module_add(char *name, dso_mod_init_func *ifunc, dso_mod_finish_func +*ffunc); -where "name" is the name in the configuration file this function corresponds to. +where "name" is the name in the configuration file this function corresponds +to. -A set of builtin modules (currently only an ASN1 non functional test module) can be -added by calling OPENSSL_load_builtin_modules(). +A set of builtin modules (currently only an ASN1 non functional test module) +can be added by calling OPENSSL_load_builtin_modules(). -The function OPENSSL_config() is intended as a simple configuration function that -any application can call to perform various default configuration tasks. It uses the -file openssl.cnf in the usual locations. +The function OPENSSL_config() is intended as a simple configuration function +that any application can call to perform various default configuration tasks. +It uses the file openssl.cnf in the usual locations. diff --git a/src/lib/libcrypto/conf/cnf_save.c b/src/lib/libcrypto/conf/cnf_save.c deleted file mode 100644 index 1439487526b..00000000000 --- a/src/lib/libcrypto/conf/cnf_save.c +++ /dev/null @@ -1,106 +0,0 @@ -/* crypto/conf/cnf_save.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include - -static void print_conf(CONF_VALUE *cv); -static IMPLEMENT_LHASH_DOALL_FN(print_conf, CONF_VALUE *); - -main() - { - LHASH *conf; - long l; - - conf=CONF_load(NULL,"../../apps/openssl.cnf",&l); - if (conf == NULL) - { - fprintf(stderr,"error loading config, line %ld\n",l); - exit(1); - } - - lh_doall(conf,LHASH_DOALL_FN(print_conf)); - } - - -static void print_conf(CONF_VALUE *cv) - { - int i; - CONF_VALUE *v; - char *section; - char *name; - char *value; - STACK *s; - - /* If it is a single entry, return */ - - if (cv->name != NULL) return; - - printf("[ %s ]\n",cv->section); - s=(STACK *)cv->value; - - for (i=0; isection == NULL)?"None":v->section; - name=(v->name == NULL)?"None":v->name; - value=(v->value == NULL)?"None":v->value; - printf("%s=%s\n",name,value); - } - printf("\n"); - } diff --git a/src/lib/libcrypto/conf/conf.h b/src/lib/libcrypto/conf/conf.h index 3c03fb19c02..095066d31bb 100644 --- a/src/lib/libcrypto/conf/conf.h +++ b/src/lib/libcrypto/conf/conf.h @@ -1,25 +1,25 @@ -/* crypto/conf/conf.h */ +/* $OpenBSD: conf.h,v 1.14 2015/02/07 13:19:15 doug Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -59,34 +59,33 @@ #ifndef HEADER_CONF_H #define HEADER_CONF_H +#include + #include #include #include #include -#include + +#include #ifdef __cplusplus extern "C" { #endif -typedef struct - { +typedef struct { char *section; char *name; char *value; - } CONF_VALUE; +} CONF_VALUE; DECLARE_STACK_OF(CONF_VALUE) -DECLARE_STACK_OF(CONF_MODULE) -DECLARE_STACK_OF(CONF_IMODULE) +DECLARE_LHASH_OF(CONF_VALUE); struct conf_st; -typedef struct conf_st CONF; struct conf_method_st; typedef struct conf_method_st CONF_METHOD; -struct conf_method_st - { +struct conf_method_st { const char *name; CONF *(*create)(CONF_METHOD *meth); int (*init)(CONF *conf); @@ -97,13 +96,16 @@ struct conf_method_st int (*is_number)(const CONF *conf, char c); int (*to_int)(const CONF *conf, char c); int (*load)(CONF *conf, const char *name, long *eline); - }; +}; /* Module definitions */ typedef struct conf_imodule_st CONF_IMODULE; typedef struct conf_module_st CONF_MODULE; +DECLARE_STACK_OF(CONF_MODULE) +DECLARE_STACK_OF(CONF_IMODULE) + /* DSO module function typedefs */ typedef int conf_init_func(CONF_IMODULE *md, const CONF *cnf); typedef void conf_finish_func(CONF_IMODULE *md); @@ -113,71 +115,66 @@ typedef void conf_finish_func(CONF_IMODULE *md); #define CONF_MFLAGS_SILENT 0x4 #define CONF_MFLAGS_NO_DSO 0x8 #define CONF_MFLAGS_IGNORE_MISSING_FILE 0x10 +#define CONF_MFLAGS_DEFAULT_SECTION 0x20 int CONF_set_default_method(CONF_METHOD *meth); -void CONF_set_nconf(CONF *conf,LHASH *hash); -LHASH *CONF_load(LHASH *conf,const char *file,long *eline); -#ifndef OPENSSL_NO_FP_API -LHASH *CONF_load_fp(LHASH *conf, FILE *fp,long *eline); -#endif -LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline); -STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,const char *section); -char *CONF_get_string(LHASH *conf,const char *group,const char *name); -long CONF_get_number(LHASH *conf,const char *group,const char *name); -void CONF_free(LHASH *conf); -int CONF_dump_fp(LHASH *conf, FILE *out); -int CONF_dump_bio(LHASH *conf, BIO *out); +void CONF_set_nconf(CONF *conf, LHASH_OF(CONF_VALUE) *hash); +LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file, + long *eline); +LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp, + long *eline); +LHASH_OF(CONF_VALUE) *CONF_load_bio(LHASH_OF(CONF_VALUE) *conf, BIO *bp, long *eline); +STACK_OF(CONF_VALUE) *CONF_get_section(LHASH_OF(CONF_VALUE) *conf, + const char *section); +char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf, const char *group, + const char *name); +long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group, + const char *name); +void CONF_free(LHASH_OF(CONF_VALUE) *conf); +int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out); +int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out); void OPENSSL_config(const char *config_name); +void OPENSSL_no_config(void); /* New conf code. The semantics are different from the functions above. If that wasn't the case, the above functions would have been replaced */ -struct conf_st - { +struct conf_st { CONF_METHOD *meth; void *meth_data; - LHASH *data; - }; + LHASH_OF(CONF_VALUE) *data; +}; CONF *NCONF_new(CONF_METHOD *meth); -CONF_METHOD *NCONF_default(); -CONF_METHOD *NCONF_WIN32(); -#if 0 /* Just to give you an idea of what I have in mind */ -CONF_METHOD *NCONF_XML(); -#endif +CONF_METHOD *NCONF_default(void); +CONF_METHOD *NCONF_WIN32(void); void NCONF_free(CONF *conf); void NCONF_free_data(CONF *conf); -int NCONF_load(CONF *conf,const char *file,long *eline); -#ifndef OPENSSL_NO_FP_API -int NCONF_load_fp(CONF *conf, FILE *fp,long *eline); -#endif -int NCONF_load_bio(CONF *conf, BIO *bp,long *eline); -STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf,const char *section); -char *NCONF_get_string(const CONF *conf,const char *group,const char *name); -int NCONF_get_number_e(const CONF *conf,const char *group,const char *name, - long *result); +int NCONF_load(CONF *conf, const char *file, long *eline); +int NCONF_load_fp(CONF *conf, FILE *fp, long *eline); +int NCONF_load_bio(CONF *conf, BIO *bp, long *eline); +STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf, const char *section); +char *NCONF_get_string(const CONF *conf, const char *group, const char *name); +int NCONF_get_number_e(const CONF *conf, const char *group, const char *name, + long *result); int NCONF_dump_fp(const CONF *conf, FILE *out); int NCONF_dump_bio(const CONF *conf, BIO *out); -#if 0 /* The following function has no error checking, - and should therefore be avoided */ -long NCONF_get_number(CONF *conf,char *group,char *name); -#else #define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r) -#endif - + /* Module functions */ int CONF_modules_load(const CONF *cnf, const char *appname, - unsigned long flags); + unsigned long flags); int CONF_modules_load_file(const char *filename, const char *appname, - unsigned long flags); + unsigned long flags); void CONF_modules_unload(int all); void CONF_modules_finish(void); +void CONF_modules_free(void); int CONF_module_add(const char *name, conf_init_func *ifunc, - conf_finish_func *ffunc); + conf_finish_func *ffunc); const char *CONF_imodule_get_name(const CONF_IMODULE *md); const char *CONF_imodule_get_value(const CONF_IMODULE *md); @@ -192,7 +189,7 @@ void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data); char *CONF_get1_default_config_file(void); int CONF_parse_list(const char *list, int sep, int nospc, - int (*list_cb)(const char *elem, int len, void *usr), void *arg); + int (*list_cb)(const char *elem, int len, void *usr), void *arg); void OPENSSL_load_builtin_modules(void); @@ -210,6 +207,9 @@ void ERR_load_CONF_strings(void); #define CONF_F_CONF_LOAD_BIO 102 #define CONF_F_CONF_LOAD_FP 103 #define CONF_F_CONF_MODULES_LOAD 116 +#define CONF_F_CONF_PARSE_LIST 119 +#define CONF_F_DEF_LOAD 120 +#define CONF_F_DEF_LOAD_BIO 121 #define CONF_F_MODULE_INIT 115 #define CONF_F_MODULE_LOAD_DSO 117 #define CONF_F_MODULE_RUN 118 @@ -227,6 +227,7 @@ void ERR_load_CONF_strings(void); /* Reason codes. */ #define CONF_R_ERROR_LOADING_DSO 110 +#define CONF_R_LIST_CANNOT_BE_NULL 115 #define CONF_R_MISSING_CLOSE_SQUARE_BRACKET 100 #define CONF_R_MISSING_EQUAL_SIGN 101 #define CONF_R_MISSING_FINISH_FUNCTION 111 diff --git a/src/lib/libcrypto/conf/conf_api.c b/src/lib/libcrypto/conf/conf_api.c index 0032baa7119..f296e6a9629 100644 --- a/src/lib/libcrypto/conf/conf_api.c +++ b/src/lib/libcrypto/conf/conf_api.c @@ -1,25 +1,25 @@ -/* conf_api.c */ +/* $OpenBSD: conf_api.c,v 1.15 2015/04/11 16:03:21 deraadt Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -63,246 +63,217 @@ # define NDEBUG #endif -#include +#include #include +#include #include #include -#include "e_os.h" - -static void value_free_hash(CONF_VALUE *a, LHASH *conf); -static void value_free_stack(CONF_VALUE *a,LHASH *conf); -static IMPLEMENT_LHASH_DOALL_ARG_FN(value_free_hash, CONF_VALUE *, LHASH *) -static IMPLEMENT_LHASH_DOALL_ARG_FN(value_free_stack, CONF_VALUE *, LHASH *) -/* We don't use function pointer casting or wrapper functions - but cast each - * callback parameter inside the callback functions. */ -/* static unsigned long hash(CONF_VALUE *v); */ -static unsigned long hash(const void *v_void); -/* static int cmp_conf(CONF_VALUE *a,CONF_VALUE *b); */ -static int cmp_conf(const void *a_void,const void *b_void); + +static void value_free_hash_doall_arg(CONF_VALUE *a, + LHASH_OF(CONF_VALUE) *conf); +static void value_free_stack_doall(CONF_VALUE *a); +static IMPLEMENT_LHASH_DOALL_ARG_FN(value_free_hash, CONF_VALUE, + LHASH_OF(CONF_VALUE)) +static IMPLEMENT_LHASH_DOALL_FN(value_free_stack, CONF_VALUE) /* Up until OpenSSL 0.9.5a, this was get_section */ -CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section) - { - CONF_VALUE *v,vv; - - if ((conf == NULL) || (section == NULL)) return(NULL); - vv.name=NULL; - vv.section=(char *)section; - v=(CONF_VALUE *)lh_retrieve(conf->data,&vv); - return(v); - } +CONF_VALUE * +_CONF_get_section(const CONF *conf, const char *section) +{ + CONF_VALUE *v, vv; + + if ((conf == NULL) || (section == NULL)) + return (NULL); + vv.name = NULL; + vv.section = (char *)section; + v = lh_CONF_VALUE_retrieve(conf->data, &vv); + return (v); +} /* Up until OpenSSL 0.9.5a, this was CONF_get_section */ -STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf, - const char *section) - { +STACK_OF(CONF_VALUE) * +_CONF_get_section_values(const CONF *conf, const char *section) +{ CONF_VALUE *v; - v=_CONF_get_section(conf,section); + v = _CONF_get_section(conf, section); if (v != NULL) - return((STACK_OF(CONF_VALUE) *)v->value); + return ((STACK_OF(CONF_VALUE) *)v->value); else - return(NULL); - } + return (NULL); +} -int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value) - { +int +_CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value) +{ CONF_VALUE *v = NULL; STACK_OF(CONF_VALUE) *ts; ts = (STACK_OF(CONF_VALUE) *)section->value; - value->section=section->section; - if (!sk_CONF_VALUE_push(ts,value)) - { + value->section = section->section; + if (!sk_CONF_VALUE_push(ts, value)) { return 0; - } - - v = (CONF_VALUE *)lh_insert(conf->data, value); - if (v != NULL) - { - sk_CONF_VALUE_delete_ptr(ts,v); - OPENSSL_free(v->name); - OPENSSL_free(v->value); - OPENSSL_free(v); - } - return 1; } -char *_CONF_get_string(const CONF *conf, const char *section, const char *name) - { - CONF_VALUE *v,vv; - char *p; - - if (name == NULL) return(NULL); - if (conf != NULL) - { - if (section != NULL) - { - vv.name=(char *)name; - vv.section=(char *)section; - v=(CONF_VALUE *)lh_retrieve(conf->data,&vv); - if (v != NULL) return(v->value); - if (strcmp(section,"ENV") == 0) - { - p=Getenv(name); - if (p != NULL) return(p); - } - } - vv.section="default"; - vv.name=(char *)name; - v=(CONF_VALUE *)lh_retrieve(conf->data,&vv); + v = lh_CONF_VALUE_insert(conf->data, value); + if (v != NULL) { + (void)sk_CONF_VALUE_delete_ptr(ts, v); + free(v->name); + free(v->value); + free(v); + } + return 1; +} + +char * +_CONF_get_string(const CONF *conf, const char *section, const char *name) +{ + CONF_VALUE *v, vv; + + if (name == NULL) + return (NULL); + if (conf != NULL) { + if (section != NULL) { + vv.name = (char *)name; + vv.section = (char *)section; + v = lh_CONF_VALUE_retrieve(conf->data, &vv); + if (v != NULL) + return (v->value); + } + vv.section = "default"; + vv.name = (char *)name; + v = lh_CONF_VALUE_retrieve(conf->data, &vv); if (v != NULL) - return(v->value); + return (v->value); else - return(NULL); - } - else - return(Getenv(name)); - } + return (NULL); + } else + return (NULL); +} + +static unsigned long +conf_value_hash(const CONF_VALUE *v) +{ + return (lh_strhash(v->section) << 2) ^ lh_strhash(v->name); +} + +static IMPLEMENT_LHASH_HASH_FN(conf_value, CONF_VALUE) + +static int +conf_value_cmp(const CONF_VALUE *a, const CONF_VALUE *b) +{ + int i; -#if 0 /* There's no way to provide error checking with this function, so - force implementors of the higher levels to get a string and read - the number themselves. */ -long _CONF_get_number(CONF *conf, char *section, char *name) - { - char *str; - long ret=0; - - str=_CONF_get_string(conf,section,name); - if (str == NULL) return(0); - for (;;) - { - if (conf->meth->is_number(conf, *str)) - ret=ret*10+conf->meth->to_int(conf, *str); - else - return(ret); - str++; - } + if (a->section != b->section) { + i = strcmp(a->section, b->section); + if (i) + return (i); } -#endif + if ((a->name != NULL) && (b->name != NULL)) { + i = strcmp(a->name, b->name); + return (i); + } else if (a->name == b->name) + return (0); + else + return ((a->name == NULL)?-1 : 1); +} + +static IMPLEMENT_LHASH_COMP_FN(conf_value, CONF_VALUE) -int _CONF_new_data(CONF *conf) - { - if (conf == NULL) - { +int +_CONF_new_data(CONF *conf) +{ + if (conf == NULL) { return 0; - } + } if (conf->data == NULL) - if ((conf->data = lh_new(hash, cmp_conf)) == NULL) - { + if ((conf->data = lh_CONF_VALUE_new()) == NULL) { return 0; - } + } return 1; - } +} -void _CONF_free_data(CONF *conf) - { - if (conf == NULL || conf->data == NULL) return; +void +_CONF_free_data(CONF *conf) +{ + if (conf == NULL || conf->data == NULL) + return; - conf->data->down_load=0; /* evil thing to make sure the 'OPENSSL_free()' - * works as expected */ - lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(value_free_hash), - conf->data); + lh_CONF_VALUE_down_load(conf->data) = 0; /* evil thing to make + * sure the 'free()' works as + * expected */ + lh_CONF_VALUE_doall_arg(conf->data, + LHASH_DOALL_ARG_FN(value_free_hash), + LHASH_OF(CONF_VALUE), conf->data); /* We now have only 'section' entries in the hash table. * Due to problems with */ - lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(value_free_stack), - conf->data); - lh_free(conf->data); - } + lh_CONF_VALUE_doall(conf->data, LHASH_DOALL_FN(value_free_stack)); + lh_CONF_VALUE_free(conf->data); +} -static void value_free_hash(CONF_VALUE *a, LHASH *conf) - { +static void +value_free_hash_doall_arg(CONF_VALUE *a, LHASH_OF(CONF_VALUE) *conf) +{ if (a->name != NULL) - { - a=(CONF_VALUE *)lh_delete(conf,a); - } - } + (void)lh_CONF_VALUE_delete(conf, a); +} -static void value_free_stack(CONF_VALUE *a, LHASH *conf) - { +static void +value_free_stack_doall(CONF_VALUE *a) +{ CONF_VALUE *vv; - STACK *sk; + STACK_OF(CONF_VALUE) *sk; int i; - if (a->name != NULL) return; - - sk=(STACK *)a->value; - for (i=sk_num(sk)-1; i>=0; i--) - { - vv=(CONF_VALUE *)sk_value(sk,i); - OPENSSL_free(vv->value); - OPENSSL_free(vv->name); - OPENSSL_free(vv); - } - if (sk != NULL) sk_free(sk); - OPENSSL_free(a->section); - OPENSSL_free(a); - } - -/* static unsigned long hash(CONF_VALUE *v) */ -static unsigned long hash(const void *v_void) - { - CONF_VALUE *v = (CONF_VALUE *)v_void; - return((lh_strhash(v->section)<<2)^lh_strhash(v->name)); - } - -/* static int cmp_conf(CONF_VALUE *a, CONF_VALUE *b) */ -static int cmp_conf(const void *a_void,const void *b_void) - { - int i; - CONF_VALUE *a = (CONF_VALUE *)a_void; - CONF_VALUE *b = (CONF_VALUE *)b_void; - - if (a->section != b->section) - { - i=strcmp(a->section,b->section); - if (i) return(i); - } - - if ((a->name != NULL) && (b->name != NULL)) - { - i=strcmp(a->name,b->name); - return(i); - } - else if (a->name == b->name) - return(0); - else - return((a->name == NULL)?-1:1); + if (a->name != NULL) + return; + + sk = (STACK_OF(CONF_VALUE) *)a->value; + for (i = sk_CONF_VALUE_num(sk) - 1; i >= 0; i--) { + vv = sk_CONF_VALUE_value(sk, i); + free(vv->value); + free(vv->name); + free(vv); } + if (sk != NULL) + sk_CONF_VALUE_free(sk); + free(a->section); + free(a); +} /* Up until OpenSSL 0.9.5a, this was new_section */ -CONF_VALUE *_CONF_new_section(CONF *conf, const char *section) - { - STACK *sk=NULL; - int ok=0,i; - CONF_VALUE *v=NULL,*vv; - - if ((sk=sk_new_null()) == NULL) +CONF_VALUE * +_CONF_new_section(CONF *conf, const char *section) +{ + STACK_OF(CONF_VALUE) *sk = NULL; + int ok = 0, i; + CONF_VALUE *v = NULL, *vv; + + if ((sk = sk_CONF_VALUE_new_null()) == NULL) goto err; - if ((v=(CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE))) == NULL) + if ((v = malloc(sizeof(CONF_VALUE))) == NULL) goto err; - i=strlen(section)+1; - if ((v->section=(char *)OPENSSL_malloc(i)) == NULL) + i = strlen(section) + 1; + if ((v->section = malloc(i)) == NULL) goto err; - memcpy(v->section,section,i); - v->name=NULL; - v->value=(char *)sk; - - vv=(CONF_VALUE *)lh_insert(conf->data,v); - assert(vv == NULL); - ok=1; + memcpy(v->section, section, i); + v->name = NULL; + v->value = (char *)sk; + + vv = lh_CONF_VALUE_insert(conf->data, v); + OPENSSL_assert(vv == NULL); + ok = 1; + err: - if (!ok) - { - if (sk != NULL) sk_free(sk); - if (v != NULL) OPENSSL_free(v); - v=NULL; - } - return(v); + if (!ok) { + if (sk != NULL) + sk_CONF_VALUE_free(sk); + free(v); + v = NULL; } - -IMPLEMENT_STACK_OF(CONF_VALUE) + return (v); +} diff --git a/src/lib/libcrypto/conf/conf_api.h b/src/lib/libcrypto/conf/conf_api.h index 87a954aff63..95f9386226a 100644 --- a/src/lib/libcrypto/conf/conf_api.h +++ b/src/lib/libcrypto/conf/conf_api.h @@ -1,25 +1,25 @@ -/* conf_api.h */ +/* $OpenBSD: conf_api.h,v 1.4 2014/06/12 15:49:28 deraadt Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -72,11 +72,11 @@ CONF_VALUE *_CONF_new_section(CONF *conf, const char *section); CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section); /* Up until OpenSSL 0.9.5a, this was CONF_get_section */ STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf, - const char *section); + const char *section); int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value); char *_CONF_get_string(const CONF *conf, const char *section, - const char *name); + const char *name); long _CONF_get_number(const CONF *conf, const char *section, const char *name); int _CONF_new_data(CONF *conf); @@ -86,4 +86,3 @@ void _CONF_free_data(CONF *conf); } #endif #endif - diff --git a/src/lib/libcrypto/conf/conf_def.c b/src/lib/libcrypto/conf/conf_def.c index 5e194de60e9..4099ffc66cb 100644 --- a/src/lib/libcrypto/conf/conf_def.c +++ b/src/lib/libcrypto/conf/conf_def.c @@ -1,25 +1,25 @@ -/* crypto/conf/conf.c */ +/* $OpenBSD: conf_def.c,v 1.32 2017/01/29 17:49:22 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -60,19 +60,20 @@ #include #include -#include -#include + +#include #include #include -#include "conf_def.h" -#include #include -#include "cryptlib.h" +#include +#include + +#include "conf_def.h" static char *eat_ws(CONF *conf, char *p); static char *eat_alpha_numeric(CONF *conf, char *p); static void clear_comments(CONF *conf, char *p); -static int str_copy(CONF *conf,char *section,char **to, char *from); +static int str_copy(CONF *conf, char *section, char **to, char *from); static char *scan_quote(CONF *conf, char *p); static char *scan_dquote(CONF *conf, char *p); #define scan_esc(conf,p) (((IS_EOF((conf),(p)[1]))?((p)+1):((p)+2))) @@ -88,20 +89,18 @@ static int def_dump(const CONF *conf, BIO *bp); static int def_is_number(const CONF *conf, char c); static int def_to_int(const CONF *conf, char c); -const char *CONF_def_version="CONF_def" OPENSSL_VERSION_PTEXT; - static CONF_METHOD default_method = { - "OpenSSL default", - def_create, - def_init_default, - def_destroy, - def_destroy_data, - def_load_bio, - def_dump, - def_is_number, - def_to_int, - def_load - }; + .name = "OpenSSL default", + .create = def_create, + .init = def_init_default, + .destroy = def_destroy, + .destroy_data = def_destroy_data, + .load_bio = def_load_bio, + .dump = def_dump, + .is_number = def_is_number, + .to_int = def_to_int, + .load = def_load +}; static CONF_METHOD WIN32_method = { "WIN32", @@ -114,45 +113,50 @@ static CONF_METHOD WIN32_method = { def_is_number, def_to_int, def_load - }; +}; -CONF_METHOD *NCONF_default() - { +CONF_METHOD * +NCONF_default(void) +{ return &default_method; - } -CONF_METHOD *NCONF_WIN32() - { +} + +CONF_METHOD * +NCONF_WIN32(void) +{ return &WIN32_method; - } +} -static CONF *def_create(CONF_METHOD *meth) - { +static CONF * +def_create(CONF_METHOD *meth) +{ CONF *ret; - ret = (CONF *)OPENSSL_malloc(sizeof(CONF) + sizeof(unsigned short *)); + ret = malloc(sizeof(CONF) + sizeof(unsigned short *)); if (ret) - if (meth->init(ret) == 0) - { - OPENSSL_free(ret); + if (meth->init(ret) == 0) { + free(ret); ret = NULL; - } + } return ret; - } - -static int def_init_default(CONF *conf) - { +} + +static int +def_init_default(CONF *conf) +{ if (conf == NULL) return 0; conf->meth = &default_method; - conf->meth_data = (void *)CONF_type_default; + conf->meth_data = CONF_type_default; conf->data = NULL; return 1; - } +} -static int def_init_WIN32(CONF *conf) - { +static int +def_init_WIN32(CONF *conf) +{ if (conf == NULL) return 0; @@ -161,578 +165,527 @@ static int def_init_WIN32(CONF *conf) conf->data = NULL; return 1; - } +} -static int def_destroy(CONF *conf) - { - if (def_destroy_data(conf)) - { - OPENSSL_free(conf); +static int +def_destroy(CONF *conf) +{ + if (def_destroy_data(conf)) { + free(conf); return 1; - } - return 0; } + return 0; +} -static int def_destroy_data(CONF *conf) - { +static int +def_destroy_data(CONF *conf) +{ if (conf == NULL) return 0; _CONF_free_data(conf); return 1; - } +} -static int def_load(CONF *conf, const char *name, long *line) - { +static int +def_load(CONF *conf, const char *name, long *line) +{ int ret; - BIO *in=NULL; - -#ifdef OPENSSL_SYS_VMS - in=BIO_new_file(name, "r"); -#else - in=BIO_new_file(name, "rb"); -#endif - if (in == NULL) - { + BIO *in = NULL; + + in = BIO_new_file(name, "rb"); + if (in == NULL) { if (ERR_GET_REASON(ERR_peek_last_error()) == BIO_R_NO_SUCH_FILE) - CONFerr(CONF_F_CONF_LOAD,CONF_R_NO_SUCH_FILE); + CONFerror(CONF_R_NO_SUCH_FILE); else - CONFerr(CONF_F_CONF_LOAD,ERR_R_SYS_LIB); + CONFerror(ERR_R_SYS_LIB); return 0; - } + } ret = def_load_bio(conf, in, line); BIO_free(in); return ret; - } - -static int def_load_bio(CONF *conf, BIO *in, long *line) - { -#define BUFSIZE 512 - int bufnum=0,i,ii; - BUF_MEM *buff=NULL; - char *s,*p,*end; - int again,n; - long eline=0; - char btmp[DECIMAL_SIZE(eline)+1]; - CONF_VALUE *v=NULL,*tv; - CONF_VALUE *sv=NULL; - char *section=NULL,*buf; - STACK_OF(CONF_VALUE) *section_sk=NULL,*ts; - char *start,*psection,*pname; +} + +static int +def_load_bio(CONF *conf, BIO *in, long *line) +{ +/* The macro BUFSIZE conflicts with a system macro in VxWorks */ +#define CONFBUFSIZE 512 + int bufnum = 0, i, ii; + BUF_MEM *buff = NULL; + char *s, *p, *end; + int again; + long eline = 0; + CONF_VALUE *v = NULL, *tv; + CONF_VALUE *sv = NULL; + char *section = NULL, *buf; + char *start, *psection, *pname; void *h = (void *)(conf->data); - if ((buff=BUF_MEM_new()) == NULL) - { - CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_BUF_LIB); + if ((buff = BUF_MEM_new()) == NULL) { + CONFerror(ERR_R_BUF_LIB); goto err; - } + } - section=(char *)OPENSSL_malloc(10); - if (section == NULL) - { - CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_MALLOC_FAILURE); + section = strdup("default"); + if (section == NULL) { + CONFerror(ERR_R_MALLOC_FAILURE); goto err; - } - strcpy(section,"default"); + } - if (_CONF_new_data(conf) == 0) - { - CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_MALLOC_FAILURE); + if (_CONF_new_data(conf) == 0) { + CONFerror(ERR_R_MALLOC_FAILURE); goto err; - } + } - sv=_CONF_new_section(conf,section); - if (sv == NULL) - { - CONFerr(CONF_F_CONF_LOAD_BIO, - CONF_R_UNABLE_TO_CREATE_NEW_SECTION); + sv = _CONF_new_section(conf, section); + if (sv == NULL) { + CONFerror(CONF_R_UNABLE_TO_CREATE_NEW_SECTION); goto err; - } - section_sk=(STACK_OF(CONF_VALUE) *)sv->value; - - bufnum=0; - for (;;) - { - again=0; - if (!BUF_MEM_grow(buff,bufnum+BUFSIZE)) - { - CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_BUF_LIB); + } + + bufnum = 0; + again = 0; + for (;;) { + if (!BUF_MEM_grow(buff, bufnum + CONFBUFSIZE)) { + CONFerror(ERR_R_BUF_LIB); goto err; - } - p= &(buff->data[bufnum]); - *p='\0'; - BIO_gets(in, p, BUFSIZE-1); - p[BUFSIZE-1]='\0'; - ii=i=strlen(p); - if (i == 0) break; - while (i > 0) - { - if ((p[i-1] != '\r') && (p[i-1] != '\n')) + } + p = &(buff->data[bufnum]); + *p = '\0'; + BIO_gets(in, p, CONFBUFSIZE - 1); + p[CONFBUFSIZE - 1] = '\0'; + ii = i = strlen(p); + if (i == 0 && !again) + break; + again = 0; + while (i > 0) { + if ((p[i - 1] != '\r') && (p[i - 1] != '\n')) break; else i--; - } + } /* we removed some trailing stuff so there is a new * line on the end. */ - if (i == ii) - again=1; /* long line */ - else - { - p[i]='\0'; + if (ii && i == ii) + again = 1; /* long line */ + else { + p[i] = '\0'; eline++; /* another input line */ - } + } /* we now have a line with trailing \r\n removed */ /* i is the number of bytes */ - bufnum+=i; + bufnum += i; - v=NULL; + v = NULL; /* check for line continuation */ - if (bufnum >= 1) - { + if (bufnum >= 1) { /* If we have bytes and the last char '\\' and * second last char is not '\\' */ - p= &(buff->data[bufnum-1]); - if (IS_ESC(conf,p[0]) && - ((bufnum <= 1) || !IS_ESC(conf,p[-1]))) - { + p = &(buff->data[bufnum - 1]); + if (IS_ESC(conf, p[0]) && + ((bufnum <= 1) || !IS_ESC(conf, p[-1]))) { bufnum--; - again=1; - } + again = 1; } - if (again) continue; - bufnum=0; - buf=buff->data; + } + if (again) + continue; + bufnum = 0; + buf = buff->data; clear_comments(conf, buf); - n=strlen(buf); - s=eat_ws(conf, buf); - if (IS_EOF(conf,*s)) continue; /* blank line */ - if (*s == '[') - { + s = eat_ws(conf, buf); + if (IS_EOF(conf, *s)) + continue; /* blank line */ + if (*s == '[') { char *ss; s++; - start=eat_ws(conf, s); - ss=start; + start = eat_ws(conf, s); + ss = start; again: - end=eat_alpha_numeric(conf, ss); - p=eat_ws(conf, end); - if (*p != ']') - { - if (*p != '\0') - { - ss=p; + end = eat_alpha_numeric(conf, ss); + p = eat_ws(conf, end); + if (*p != ']') { + if (*p != '\0' && ss != p) { + ss = p; goto again; - } - CONFerr(CONF_F_CONF_LOAD_BIO, - CONF_R_MISSING_CLOSE_SQUARE_BRACKET); - goto err; } - *end='\0'; - if (!str_copy(conf,NULL,§ion,start)) goto err; - if ((sv=_CONF_get_section(conf,section)) == NULL) - sv=_CONF_new_section(conf,section); - if (sv == NULL) - { - CONFerr(CONF_F_CONF_LOAD_BIO, - CONF_R_UNABLE_TO_CREATE_NEW_SECTION); + CONFerror(CONF_R_MISSING_CLOSE_SQUARE_BRACKET); goto err; - } - section_sk=(STACK_OF(CONF_VALUE) *)sv->value; + } + *end = '\0'; + if (!str_copy(conf, NULL, §ion, start)) + goto err; + if ((sv = _CONF_get_section(conf, section)) == NULL) + sv = _CONF_new_section(conf, section); + if (sv == NULL) { + CONFerror(CONF_R_UNABLE_TO_CREATE_NEW_SECTION); + goto err; + } continue; + } else { + pname = s; + psection = NULL; + end = eat_alpha_numeric(conf, s); + if ((end[0] == ':') && (end[1] == ':')) { + *end = '\0'; + end += 2; + psection = pname; + pname = end; + end = eat_alpha_numeric(conf, end); } - else - { - pname=s; - psection=NULL; - end=eat_alpha_numeric(conf, s); - if ((end[0] == ':') && (end[1] == ':')) - { - *end='\0'; - end+=2; - psection=pname; - pname=end; - end=eat_alpha_numeric(conf, end); - } - p=eat_ws(conf, end); - if (*p != '=') - { - CONFerr(CONF_F_CONF_LOAD_BIO, - CONF_R_MISSING_EQUAL_SIGN); + p = eat_ws(conf, end); + if (*p != '=') { + CONFerror(CONF_R_MISSING_EQUAL_SIGN); goto err; - } - *end='\0'; + } + *end = '\0'; p++; - start=eat_ws(conf, p); - while (!IS_EOF(conf,*p)) + start = eat_ws(conf, p); + while (!IS_EOF(conf, *p)) p++; p--; - while ((p != start) && (IS_WS(conf,*p))) + while ((p != start) && (IS_WS(conf, *p))) p--; p++; - *p='\0'; + *p = '\0'; - if (!(v=(CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE)))) - { - CONFerr(CONF_F_CONF_LOAD_BIO, - ERR_R_MALLOC_FAILURE); + if (!(v = malloc(sizeof(CONF_VALUE)))) { + CONFerror(ERR_R_MALLOC_FAILURE); goto err; - } - if (psection == NULL) psection=section; - v->name=(char *)OPENSSL_malloc(strlen(pname)+1); - v->value=NULL; - if (v->name == NULL) - { - CONFerr(CONF_F_CONF_LOAD_BIO, - ERR_R_MALLOC_FAILURE); + } + if (psection == NULL) + psection = section; + v->name = strdup(pname); + v->value = NULL; + if (v->name == NULL) { + CONFerror(ERR_R_MALLOC_FAILURE); + goto err; + } + if (!str_copy(conf, psection, &(v->value), start)) goto err; - } - strcpy(v->name,pname); - if (!str_copy(conf,psection,&(v->value),start)) goto err; - if (strcmp(psection,section) != 0) - { - if ((tv=_CONF_get_section(conf,psection)) + if (strcmp(psection, section) != 0) { + if ((tv = _CONF_get_section(conf, psection)) == NULL) - tv=_CONF_new_section(conf,psection); - if (tv == NULL) - { - CONFerr(CONF_F_CONF_LOAD_BIO, - CONF_R_UNABLE_TO_CREATE_NEW_SECTION); + tv = _CONF_new_section(conf, psection); + if (tv == NULL) { + CONFerror(CONF_R_UNABLE_TO_CREATE_NEW_SECTION); goto err; - } - ts=(STACK_OF(CONF_VALUE) *)tv->value; - } - else - { - tv=sv; - ts=section_sk; - } -#if 1 - if (_CONF_add_string(conf, tv, v) == 0) - { - CONFerr(CONF_F_CONF_LOAD_BIO, - ERR_R_MALLOC_FAILURE); - goto err; } -#else - v->section=tv->section; - if (!sk_CONF_VALUE_push(ts,v)) - { - CONFerr(CONF_F_CONF_LOAD_BIO, - ERR_R_MALLOC_FAILURE); + } else + tv = sv; + + if (_CONF_add_string(conf, tv, v) == 0) { + CONFerror(ERR_R_MALLOC_FAILURE); goto err; - } - vv=(CONF_VALUE *)lh_insert(conf->data,v); - if (vv != NULL) - { - sk_CONF_VALUE_delete_ptr(ts,vv); - OPENSSL_free(vv->name); - OPENSSL_free(vv->value); - OPENSSL_free(vv); - } -#endif - v=NULL; } + v = NULL; } - if (buff != NULL) BUF_MEM_free(buff); - if (section != NULL) OPENSSL_free(section); - return(1); + } + if (buff != NULL) + BUF_MEM_free(buff); + free(section); + return (1); + err: - if (buff != NULL) BUF_MEM_free(buff); - if (section != NULL) OPENSSL_free(section); - if (line != NULL) *line=eline; - sprintf(btmp,"%ld",eline); - ERR_add_error_data(2,"line ",btmp); - if ((h != conf->data) && (conf->data != NULL)) - { + if (buff != NULL) + BUF_MEM_free(buff); + free(section); + if (line != NULL) + *line = eline; + ERR_asprintf_error_data("line %ld", eline); + if ((h != conf->data) && (conf->data != NULL)) { CONF_free(conf->data); - conf->data=NULL; - } - if (v != NULL) - { - if (v->name != NULL) OPENSSL_free(v->name); - if (v->value != NULL) OPENSSL_free(v->value); - if (v != NULL) OPENSSL_free(v); - } - return(0); + conf->data = NULL; } - -static void clear_comments(CONF *conf, char *p) - { - char *to; - - to=p; - for (;;) - { - if (IS_FCOMMENT(conf,*p)) - { - *p='\0'; + if (v != NULL) { + free(v->name); + free(v->value); + free(v); + } + return (0); +} + +static void +clear_comments(CONF *conf, char *p) +{ + for (;;) { + if (IS_FCOMMENT(conf, *p)) { + *p = '\0'; return; - } - if (!IS_WS(conf,*p)) - { + } + if (!IS_WS(conf, *p)) { break; - } - p++; } + p++; + } - for (;;) - { - if (IS_COMMENT(conf,*p)) - { - *p='\0'; + for (;;) { + if (IS_COMMENT(conf, *p)) { + *p = '\0'; return; - } - if (IS_DQUOTE(conf,*p)) - { - p=scan_dquote(conf, p); + } + if (IS_DQUOTE(conf, *p)) { + p = scan_dquote(conf, p); continue; - } - if (IS_QUOTE(conf,*p)) - { - p=scan_quote(conf, p); + } + if (IS_QUOTE(conf, *p)) { + p = scan_quote(conf, p); continue; - } - if (IS_ESC(conf,*p)) - { - p=scan_esc(conf,p); + } + if (IS_ESC(conf, *p)) { + p = scan_esc(conf, p); continue; - } - if (IS_EOF(conf,*p)) + } + if (IS_EOF(conf, *p)) return; else p++; - } } +} -static int str_copy(CONF *conf, char *section, char **pto, char *from) - { - int q,r,rr=0,to=0,len=0; - char *s,*e,*rp,*p,*rrp,*np,*cp,v; +static int +str_copy(CONF *conf, char *section, char **pto, char *from) +{ + int q, r,rr = 0, to = 0, len = 0; + char *s, *e, *rp, *p, *rrp, *np, *cp, v; BUF_MEM *buf; - if ((buf=BUF_MEM_new()) == NULL) return(0); + if ((buf = BUF_MEM_new()) == NULL) + return (0); - len=strlen(from)+1; - if (!BUF_MEM_grow(buf,len)) goto err; + len = strlen(from) + 1; + if (!BUF_MEM_grow(buf, len)) + goto err; - for (;;) - { - if (IS_QUOTE(conf,*from)) - { - q= *from; + for (;;) { + if (IS_QUOTE(conf, *from)) { + q = *from; from++; - while (!IS_EOF(conf,*from) && (*from != q)) - { - if (IS_ESC(conf,*from)) - { + while (!IS_EOF(conf, *from) && (*from != q)) { + if (IS_ESC(conf, *from)) { from++; - if (IS_EOF(conf,*from)) break; - } - buf->data[to++]= *(from++); + if (IS_EOF(conf, *from)) + break; } - if (*from == q) from++; + buf->data[to++] = *(from++); } - else if (IS_DQUOTE(conf,*from)) - { - q= *from; + if (*from == q) + from++; + } else if (IS_DQUOTE(conf, *from)) { + q = *from; from++; - while (!IS_EOF(conf,*from)) - { - if (*from == q) - { - if (*(from+1) == q) - { + while (!IS_EOF(conf, *from)) { + if (*from == q) { + if (*(from + 1) == q) { from++; - } - else - { + } else { break; - } } - buf->data[to++]= *(from++); } - if (*from == q) from++; + buf->data[to++] = *(from++); } - else if (IS_ESC(conf,*from)) - { + if (*from == q) + from++; + } else if (IS_ESC(conf, *from)) { from++; - v= *(from++); - if (IS_EOF(conf,v)) break; - else if (v == 'r') v='\r'; - else if (v == 'n') v='\n'; - else if (v == 'b') v='\b'; - else if (v == 't') v='\t'; - buf->data[to++]= v; - } - else if (IS_EOF(conf,*from)) + v = *(from++); + if (IS_EOF(conf, v)) + break; + else if (v == 'r') + v = '\r'; + else if (v == 'n') + v = '\n'; + else if (v == 'b') + v = '\b'; + else if (v == 't') + v = '\t'; + buf->data[to++] = v; + } else if (IS_EOF(conf, *from)) break; - else if (*from == '$') - { + else if (*from == '$') { /* try to expand it */ - rrp=NULL; - s= &(from[1]); + rrp = NULL; + s = &(from[1]); if (*s == '{') - q='}'; + q = '}'; else if (*s == '(') - q=')'; - else q=0; + q = ')'; + else + q = 0; - if (q) s++; - cp=section; - e=np=s; - while (IS_ALPHA_NUMERIC(conf,*e)) + if (q) + s++; + cp = section; + e = np = s; + while (IS_ALPHA_NUMERIC(conf, *e)) e++; - if ((e[0] == ':') && (e[1] == ':')) - { - cp=np; - rrp=e; - rr= *e; - *rrp='\0'; - e+=2; - np=e; - while (IS_ALPHA_NUMERIC(conf,*e)) + if ((e[0] == ':') && (e[1] == ':')) { + cp = np; + rrp = e; + rr = *e; + *rrp = '\0'; + e += 2; + np = e; + while (IS_ALPHA_NUMERIC(conf, *e)) e++; - } - r= *e; - *e='\0'; - rp=e; - if (q) - { - if (r != q) - { - CONFerr(CONF_F_STR_COPY,CONF_R_NO_CLOSE_BRACE); + } + r = *e; + *e = '\0'; + rp = e; + if (q) { + if (r != q) { + CONFerror(CONF_R_NO_CLOSE_BRACE); goto err; - } - e++; } + e++; + } /* So at this point we have - * ns which is the start of the name string which is - * '\0' terminated. - * cs which is the start of the section string which is + * np which is the start of the name string which is + * '\0' terminated. + * cp which is the start of the section string which is * '\0' terminated. * e is the 'next point after'. - * r and s are the chars replaced by the '\0' - * rp and sp is where 'r' and 's' came from. + * r and rr are the chars replaced by the '\0' + * rp and rrp is where 'r' and 'rr' came from. */ - p=_CONF_get_string(conf,cp,np); - if (rrp != NULL) *rrp=rr; - *rp=r; - if (p == NULL) - { - CONFerr(CONF_F_STR_COPY,CONF_R_VARIABLE_HAS_NO_VALUE); + p = _CONF_get_string(conf, cp, np); + if (rrp != NULL) + *rrp = rr; + *rp = r; + if (p == NULL) { + CONFerror(CONF_R_VARIABLE_HAS_NO_VALUE); goto err; - } - BUF_MEM_grow(buf,(strlen(p)+len-(e-from))); - while (*p) - buf->data[to++]= *(p++); - from=e; } - else - buf->data[to++]= *(from++); - } - buf->data[to]='\0'; - if (*pto != NULL) OPENSSL_free(*pto); - *pto=buf->data; - OPENSSL_free(buf); - return(1); -err: - if (buf != NULL) BUF_MEM_free(buf); - return(0); + if (!BUF_MEM_grow_clean(buf, + (strlen(p) + buf->length - (e - from)))) { + CONFerror(CONF_R_MODULE_INITIALIZATION_ERROR); + goto err; + } + while (*p) + buf->data[to++] = *(p++); + + /* Since we change the pointer 'from', we also have + to change the perceived length of the string it + points at. /RL */ + len -= e - from; + from = e; + + /* In case there were no braces or parenthesis around + the variable reference, we have to put back the + character that was replaced with a '\0'. /RL */ + *rp = r; + } else + buf->data[to++] = *(from++); } + buf->data[to]='\0'; + free(*pto); + *pto = buf->data; + free(buf); + return (1); -static char *eat_ws(CONF *conf, char *p) - { - while (IS_WS(conf,*p) && (!IS_EOF(conf,*p))) +err: + if (buf != NULL) + BUF_MEM_free(buf); + return (0); +} + +static char * +eat_ws(CONF *conf, char *p) +{ + while (IS_WS(conf, *p) && (!IS_EOF(conf, *p))) p++; - return(p); - } - -static char *eat_alpha_numeric(CONF *conf, char *p) - { - for (;;) - { - if (IS_ESC(conf,*p)) - { - p=scan_esc(conf,p); + return (p); +} + +static char * +eat_alpha_numeric(CONF *conf, char *p) +{ + for (;;) { + if (IS_ESC(conf, *p)) { + p = scan_esc(conf, p); continue; - } - if (!IS_ALPHA_NUMERIC_PUNCT(conf,*p)) - return(p); - p++; } + if (!IS_ALPHA_NUMERIC_PUNCT(conf, *p)) + return (p); + p++; } +} -static char *scan_quote(CONF *conf, char *p) - { - int q= *p; +static char * +scan_quote(CONF *conf, char *p) +{ + int q = *p; p++; - while (!(IS_EOF(conf,*p)) && (*p != q)) - { - if (IS_ESC(conf,*p)) - { + while (!(IS_EOF(conf, *p)) && (*p != q)) { + if (IS_ESC(conf, *p)) { p++; - if (IS_EOF(conf,*p)) return(p); - } - p++; + if (IS_EOF(conf, *p)) + return (p); } - if (*p == q) p++; - return(p); + p++; } + if (*p == q) + p++; + return (p); +} -static char *scan_dquote(CONF *conf, char *p) - { - int q= *p; +static char * +scan_dquote(CONF *conf, char *p) +{ + int q = *p; p++; - while (!(IS_EOF(conf,*p))) - { - if (*p == q) - { - if (*(p+1) == q) - { + while (!(IS_EOF(conf, *p))) { + if (*p == q) { + if (*(p + 1) == q) { p++; - } - else - { + } else { break; - } } - p++; } - if (*p == q) p++; - return(p); + p++; } + if (*p == q) + p++; + return (p); +} -static void dump_value(CONF_VALUE *a, BIO *out) - { +static void +dump_value_doall_arg(CONF_VALUE *a, BIO *out) +{ if (a->name) BIO_printf(out, "[%s] %s=%s\n", a->section, a->name, a->value); else BIO_printf(out, "[[%s]]\n", a->section); - } +} -static IMPLEMENT_LHASH_DOALL_ARG_FN(dump_value, CONF_VALUE *, BIO *) +static IMPLEMENT_LHASH_DOALL_ARG_FN(dump_value, CONF_VALUE, BIO) -static int def_dump(const CONF *conf, BIO *out) - { - lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(dump_value), out); +static int +def_dump(const CONF *conf, BIO *out) +{ + lh_CONF_VALUE_doall_arg(conf->data, LHASH_DOALL_ARG_FN(dump_value), + BIO, out); return 1; - } +} -static int def_is_number(const CONF *conf, char c) - { - return IS_NUMBER(conf,c); - } +static int +def_is_number(const CONF *conf, char c) +{ + return IS_NUMBER(conf, c); +} -static int def_to_int(const CONF *conf, char c) - { +static int +def_to_int(const CONF *conf, char c) +{ return c - '0'; - } - +} diff --git a/src/lib/libcrypto/conf/conf_def.h b/src/lib/libcrypto/conf/conf_def.h index 92a7d8ad77c..956e44337dc 100644 --- a/src/lib/libcrypto/conf/conf_def.h +++ b/src/lib/libcrypto/conf/conf_def.h @@ -1,25 +1,25 @@ -/* crypto/conf/conf_def.h */ +/* $OpenBSD: conf_def.h,v 1.6 2016/12/21 15:49:29 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -59,6 +59,8 @@ /* THIS FILE WAS AUTOMAGICALLY GENERATED! Please modify and use keysets.pl to regenerate it. */ +__BEGIN_HIDDEN_DECLS + #define CONF_NUMBER 1 #define CONF_UPPER 2 #define CONF_LOWER 4 @@ -78,7 +80,6 @@ CONF_PUNCTUATION) #define KEYTYPES(c) ((unsigned short *)((c)->meth_data)) -#ifndef CHARSET_EBCDIC #define IS_COMMENT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_COMMENT) #define IS_FCOMMENT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_FCOMMENT) #define IS_EOF(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_EOF) @@ -92,89 +93,74 @@ #define IS_DQUOTE(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_DQUOTE) #define IS_HIGHBIT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_HIGHBIT) -#else /*CHARSET_EBCDIC*/ - -#define IS_COMMENT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_COMMENT) -#define IS_FCOMMENT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_FCOMMENT) -#define IS_EOF(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_EOF) -#define IS_ESC(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ESC) -#define IS_NUMBER(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_NUMBER) -#define IS_WS(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_WS) -#define IS_ALPHA_NUMERIC(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC) -#define IS_ALPHA_NUMERIC_PUNCT(c,a) \ - (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC_PUNCT) -#define IS_QUOTE(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_QUOTE) -#define IS_DQUOTE(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_DQUOTE) -#define IS_HIGHBIT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_HIGHBIT) -#endif /*CHARSET_EBCDIC*/ - -static unsigned short CONF_type_default[256]={ - 0x0008,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000, - 0x0000,0x0010,0x0010,0x0000,0x0000,0x0010,0x0000,0x0000, - 0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000, - 0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000, - 0x0010,0x0200,0x0040,0x0080,0x0000,0x0200,0x0200,0x0040, - 0x0000,0x0000,0x0200,0x0200,0x0200,0x0200,0x0200,0x0200, - 0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,0x0001, - 0x0001,0x0001,0x0000,0x0200,0x0000,0x0000,0x0000,0x0200, - 0x0200,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002, - 0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002, - 0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002, - 0x0002,0x0002,0x0002,0x0000,0x0020,0x0000,0x0200,0x0100, - 0x0040,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004, - 0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004, - 0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004, - 0x0004,0x0004,0x0004,0x0000,0x0200,0x0000,0x0200,0x0000, - 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, - 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, - 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, - 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, - 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, - 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, - 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, - 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, - 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, - 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, - 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, - 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, - 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, - 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, - 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, - 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, - }; +static unsigned short CONF_type_default[256] = { + 0x0008, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, + 0x0000, 0x0010, 0x0010, 0x0000, 0x0000, 0x0010, 0x0000, 0x0000, + 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, + 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, + 0x0010, 0x0200, 0x0040, 0x0080, 0x0000, 0x0200, 0x0200, 0x0040, + 0x0000, 0x0000, 0x0200, 0x0200, 0x0200, 0x0200, 0x0200, 0x0200, + 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, + 0x0001, 0x0001, 0x0000, 0x0200, 0x0000, 0x0000, 0x0000, 0x0200, + 0x0200, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, + 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, + 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, + 0x0002, 0x0002, 0x0002, 0x0000, 0x0020, 0x0000, 0x0200, 0x0100, + 0x0040, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, + 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, + 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, + 0x0004, 0x0004, 0x0004, 0x0000, 0x0200, 0x0000, 0x0200, 0x0000, + 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, + 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, + 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, + 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, + 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, + 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, + 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, + 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, + 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, + 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, + 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, + 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, + 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, + 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, + 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, + 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, +}; -static unsigned short CONF_type_win32[256]={ - 0x0008,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000, - 0x0000,0x0010,0x0010,0x0000,0x0000,0x0010,0x0000,0x0000, - 0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000, - 0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000, - 0x0010,0x0200,0x0400,0x0000,0x0000,0x0200,0x0200,0x0000, - 0x0000,0x0000,0x0200,0x0200,0x0200,0x0200,0x0200,0x0200, - 0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,0x0001, - 0x0001,0x0001,0x0000,0x0A00,0x0000,0x0000,0x0000,0x0200, - 0x0200,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002, - 0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002, - 0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002, - 0x0002,0x0002,0x0002,0x0000,0x0000,0x0000,0x0200,0x0100, - 0x0000,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004, - 0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004, - 0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004, - 0x0004,0x0004,0x0004,0x0000,0x0200,0x0000,0x0200,0x0000, - 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, - 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, - 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, - 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, - 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, - 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, - 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, - 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, - 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, - 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, - 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, - 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, - 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, - 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, - 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, - 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, - }; +static unsigned short CONF_type_win32[256] = { + 0x0008, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, + 0x0000, 0x0010, 0x0010, 0x0000, 0x0000, 0x0010, 0x0000, 0x0000, + 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, + 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, + 0x0010, 0x0200, 0x0400, 0x0000, 0x0000, 0x0200, 0x0200, 0x0000, + 0x0000, 0x0000, 0x0200, 0x0200, 0x0200, 0x0200, 0x0200, 0x0200, + 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, + 0x0001, 0x0001, 0x0000, 0x0A00, 0x0000, 0x0000, 0x0000, 0x0200, + 0x0200, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, + 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, + 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, + 0x0002, 0x0002, 0x0002, 0x0000, 0x0000, 0x0000, 0x0200, 0x0100, + 0x0000, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, + 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, + 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, + 0x0004, 0x0004, 0x0004, 0x0000, 0x0200, 0x0000, 0x0200, 0x0000, + 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, + 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, + 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, + 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, + 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, + 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, + 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, + 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, + 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, + 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, + 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, + 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, + 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, + 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, + 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, + 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, 0x1000, +}; +__END_HIDDEN_DECLS diff --git a/src/lib/libcrypto/conf/conf_err.c b/src/lib/libcrypto/conf/conf_err.c index ee07bfe9d93..dbb373ae851 100644 --- a/src/lib/libcrypto/conf/conf_err.c +++ b/src/lib/libcrypto/conf/conf_err.c @@ -1,13 +1,13 @@ -/* crypto/conf/conf_err.c */ +/* $OpenBSD: conf_err.c,v 1.13 2017/01/29 17:49:22 beck Exp $ */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -59,68 +59,52 @@ */ #include -#include + +#include + #include +#include /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -static ERR_STRING_DATA CONF_str_functs[]= - { -{ERR_PACK(0,CONF_F_CONF_DUMP_FP,0), "CONF_dump_fp"}, -{ERR_PACK(0,CONF_F_CONF_LOAD,0), "CONF_load"}, -{ERR_PACK(0,CONF_F_CONF_LOAD_BIO,0), "CONF_load_bio"}, -{ERR_PACK(0,CONF_F_CONF_LOAD_FP,0), "CONF_load_fp"}, -{ERR_PACK(0,CONF_F_CONF_MODULES_LOAD,0), "CONF_modules_load"}, -{ERR_PACK(0,CONF_F_MODULE_INIT,0), "MODULE_INIT"}, -{ERR_PACK(0,CONF_F_MODULE_LOAD_DSO,0), "MODULE_LOAD_DSO"}, -{ERR_PACK(0,CONF_F_MODULE_RUN,0), "MODULE_RUN"}, -{ERR_PACK(0,CONF_F_NCONF_DUMP_BIO,0), "NCONF_dump_bio"}, -{ERR_PACK(0,CONF_F_NCONF_DUMP_FP,0), "NCONF_dump_fp"}, -{ERR_PACK(0,CONF_F_NCONF_GET_NUMBER,0), "NCONF_get_number"}, -{ERR_PACK(0,CONF_F_NCONF_GET_NUMBER_E,0), "NCONF_get_number_e"}, -{ERR_PACK(0,CONF_F_NCONF_GET_SECTION,0), "NCONF_get_section"}, -{ERR_PACK(0,CONF_F_NCONF_GET_STRING,0), "NCONF_get_string"}, -{ERR_PACK(0,CONF_F_NCONF_LOAD,0), "NCONF_load"}, -{ERR_PACK(0,CONF_F_NCONF_LOAD_BIO,0), "NCONF_load_bio"}, -{ERR_PACK(0,CONF_F_NCONF_LOAD_FP,0), "NCONF_load_fp"}, -{ERR_PACK(0,CONF_F_NCONF_NEW,0), "NCONF_new"}, -{ERR_PACK(0,CONF_F_STR_COPY,0), "STR_COPY"}, -{0,NULL} - }; -static ERR_STRING_DATA CONF_str_reasons[]= - { -{CONF_R_ERROR_LOADING_DSO ,"error loading dso"}, -{CONF_R_MISSING_CLOSE_SQUARE_BRACKET ,"missing close square bracket"}, -{CONF_R_MISSING_EQUAL_SIGN ,"missing equal sign"}, -{CONF_R_MISSING_FINISH_FUNCTION ,"missing finish function"}, -{CONF_R_MISSING_INIT_FUNCTION ,"missing init function"}, -{CONF_R_MODULE_INITIALIZATION_ERROR ,"module initialization error"}, -{CONF_R_NO_CLOSE_BRACE ,"no close brace"}, -{CONF_R_NO_CONF ,"no conf"}, -{CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE ,"no conf or environment variable"}, -{CONF_R_NO_SECTION ,"no section"}, -{CONF_R_NO_SUCH_FILE ,"no such file"}, -{CONF_R_NO_VALUE ,"no value"}, -{CONF_R_UNABLE_TO_CREATE_NEW_SECTION ,"unable to create new section"}, -{CONF_R_UNKNOWN_MODULE_NAME ,"unknown module name"}, -{CONF_R_VARIABLE_HAS_NO_VALUE ,"variable has no value"}, -{0,NULL} - }; +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_CONF,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_CONF,0,reason) -#endif +static ERR_STRING_DATA CONF_str_functs[]= { + {ERR_FUNC(0xfff), "CRYPTO_internal"}, + {0, NULL} +}; -void ERR_load_CONF_strings(void) - { - static int init=1; +static ERR_STRING_DATA CONF_str_reasons[]= { + {ERR_REASON(CONF_R_ERROR_LOADING_DSO) , "error loading dso"}, + {ERR_REASON(CONF_R_LIST_CANNOT_BE_NULL) , "list cannot be null"}, + {ERR_REASON(CONF_R_MISSING_CLOSE_SQUARE_BRACKET), "missing close square bracket"}, + {ERR_REASON(CONF_R_MISSING_EQUAL_SIGN) , "missing equal sign"}, + {ERR_REASON(CONF_R_MISSING_FINISH_FUNCTION), "missing finish function"}, + {ERR_REASON(CONF_R_MISSING_INIT_FUNCTION), "missing init function"}, + {ERR_REASON(CONF_R_MODULE_INITIALIZATION_ERROR), "module initialization error"}, + {ERR_REASON(CONF_R_NO_CLOSE_BRACE) , "no close brace"}, + {ERR_REASON(CONF_R_NO_CONF) , "no conf"}, + {ERR_REASON(CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE), "no conf or environment variable"}, + {ERR_REASON(CONF_R_NO_SECTION) , "no section"}, + {ERR_REASON(CONF_R_NO_SUCH_FILE) , "no such file"}, + {ERR_REASON(CONF_R_NO_VALUE) , "no value"}, + {ERR_REASON(CONF_R_UNABLE_TO_CREATE_NEW_SECTION), "unable to create new section"}, + {ERR_REASON(CONF_R_UNKNOWN_MODULE_NAME) , "unknown module name"}, + {ERR_REASON(CONF_R_VARIABLE_HAS_NO_VALUE), "variable has no value"}, + {0, NULL} +}; - if (init) - { - init=0; -#ifndef OPENSSL_NO_ERR - ERR_load_strings(ERR_LIB_CONF,CONF_str_functs); - ERR_load_strings(ERR_LIB_CONF,CONF_str_reasons); #endif - } +void +ERR_load_CONF_strings(void) +{ +#ifndef OPENSSL_NO_ERR + if (ERR_func_error_string(CONF_str_functs[0].error) == NULL) { + ERR_load_strings(0, CONF_str_functs); + ERR_load_strings(0, CONF_str_reasons); } +#endif +} diff --git a/src/lib/libcrypto/conf/conf_lib.c b/src/lib/libcrypto/conf/conf_lib.c index 7998f34c7b6..995ba3ef67a 100644 --- a/src/lib/libcrypto/conf/conf_lib.c +++ b/src/lib/libcrypto/conf/conf_lib.c @@ -1,4 +1,4 @@ -/* conf_lib.c */ +/* $OpenBSD: conf_lib.c,v 1.15 2017/01/29 17:49:22 beck Exp $ */ /* Written by Richard Levitte (richard@levitte.org) for the OpenSSL * project 2000. */ @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -63,69 +63,65 @@ #include #include -const char *CONF_version="CONF" OPENSSL_VERSION_PTEXT; - -static CONF_METHOD *default_CONF_method=NULL; +static CONF_METHOD *default_CONF_method = NULL; /* Init a 'CONF' structure from an old LHASH */ -void CONF_set_nconf(CONF *conf, LHASH *hash) - { +void +CONF_set_nconf(CONF *conf, LHASH_OF(CONF_VALUE) *hash) +{ if (default_CONF_method == NULL) default_CONF_method = NCONF_default(); - default_CONF_method->init(conf); conf->data = hash; - } +} /* The following section contains the "CONF classic" functions, rewritten in terms of the new CONF interface. */ -int CONF_set_default_method(CONF_METHOD *meth) - { +int +CONF_set_default_method(CONF_METHOD *meth) +{ default_CONF_method = meth; return 1; - } +} -LHASH *CONF_load(LHASH *conf, const char *file, long *eline) - { - LHASH *ltmp; - BIO *in=NULL; - -#ifdef OPENSSL_SYS_VMS - in=BIO_new_file(file, "r"); -#else - in=BIO_new_file(file, "rb"); -#endif - if (in == NULL) - { - CONFerr(CONF_F_CONF_LOAD,ERR_R_SYS_LIB); +LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file, + long *eline) +{ + LHASH_OF(CONF_VALUE) *ltmp; + BIO *in = NULL; + + in = BIO_new_file(file, "rb"); + if (in == NULL) { + CONFerror(ERR_R_SYS_LIB); return NULL; - } + } ltmp = CONF_load_bio(conf, in, eline); BIO_free(in); return ltmp; - } +} -#ifndef OPENSSL_NO_FP_API -LHASH *CONF_load_fp(LHASH *conf, FILE *fp,long *eline) - { +LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp, + long *eline) +{ BIO *btmp; - LHASH *ltmp; - if(!(btmp = BIO_new_fp(fp, BIO_NOCLOSE))) { - CONFerr(CONF_F_CONF_LOAD_FP,ERR_R_BUF_LIB); + LHASH_OF(CONF_VALUE) *ltmp; + + if (!(btmp = BIO_new_fp(fp, BIO_NOCLOSE))) { + CONFerror(ERR_R_BUF_LIB); return NULL; } ltmp = CONF_load_bio(conf, btmp, eline); BIO_free(btmp); return ltmp; - } -#endif +} -LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline) - { +LHASH_OF(CONF_VALUE) *CONF_load_bio(LHASH_OF(CONF_VALUE) *conf, BIO *bp, + long *eline) +{ CONF ctmp; int ret; @@ -135,89 +131,87 @@ LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline) if (ret) return ctmp.data; return NULL; - } +} -STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,const char *section) - { - if (conf == NULL) - { +STACK_OF(CONF_VALUE) *CONF_get_section(LHASH_OF(CONF_VALUE) *conf, + const char *section) +{ + if (conf == NULL) { return NULL; - } - else - { + } else { CONF ctmp; CONF_set_nconf(&ctmp, conf); return NCONF_get_section(&ctmp, section); - } } +} -char *CONF_get_string(LHASH *conf,const char *group,const char *name) - { - if (conf == NULL) - { +char * +CONF_get_string(LHASH_OF(CONF_VALUE) *conf, const char *group, + const char *name) +{ + if (conf == NULL) { return NCONF_get_string(NULL, group, name); - } - else - { + } else { CONF ctmp; CONF_set_nconf(&ctmp, conf); return NCONF_get_string(&ctmp, group, name); - } } +} -long CONF_get_number(LHASH *conf,const char *group,const char *name) - { +long +CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group, + const char *name) +{ int status; long result = 0; - if (conf == NULL) - { + if (conf == NULL) { status = NCONF_get_number_e(NULL, group, name, &result); - } - else - { + } else { CONF ctmp; CONF_set_nconf(&ctmp, conf); status = NCONF_get_number_e(&ctmp, group, name, &result); - } + } - if (status == 0) - { + if (status == 0) { /* This function does not believe in errors... */ - ERR_get_error(); - } - return result; + ERR_clear_error(); } + return result; +} -void CONF_free(LHASH *conf) - { +void +CONF_free(LHASH_OF(CONF_VALUE) *conf) +{ CONF ctmp; + CONF_set_nconf(&ctmp, conf); NCONF_free_data(&ctmp); - } +} -#ifndef OPENSSL_NO_FP_API -int CONF_dump_fp(LHASH *conf, FILE *out) - { +int +CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out) +{ BIO *btmp; int ret; - if(!(btmp = BIO_new_fp(out, BIO_NOCLOSE))) { - CONFerr(CONF_F_CONF_DUMP_FP,ERR_R_BUF_LIB); + if (!(btmp = BIO_new_fp(out, BIO_NOCLOSE))) { + CONFerror(ERR_R_BUF_LIB); return 0; } ret = CONF_dump_bio(conf, btmp); BIO_free(btmp); return ret; - } -#endif +} -int CONF_dump_bio(LHASH *conf, BIO *out) - { +int +CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out) +{ CONF ctmp; + CONF_set_nconf(&ctmp, conf); return NCONF_dump_bio(&ctmp, out); - } +} /* The following section contains the "New CONF" functions. They are completely centralised around a new CONF structure that may contain @@ -225,176 +219,157 @@ int CONF_dump_bio(LHASH *conf, BIO *out) These functions are also written in terms of the bridge functions used by the "CONF classic" functions, for consistency. */ -CONF *NCONF_new(CONF_METHOD *meth) - { +CONF * +NCONF_new(CONF_METHOD *meth) +{ CONF *ret; if (meth == NULL) meth = NCONF_default(); ret = meth->create(meth); - if (ret == NULL) - { - CONFerr(CONF_F_NCONF_NEW,ERR_R_MALLOC_FAILURE); - return(NULL); - } + if (ret == NULL) { + CONFerror(ERR_R_MALLOC_FAILURE); + return (NULL); + } return ret; - } +} -void NCONF_free(CONF *conf) - { +void +NCONF_free(CONF *conf) +{ if (conf == NULL) return; conf->meth->destroy(conf); - } +} -void NCONF_free_data(CONF *conf) - { +void +NCONF_free_data(CONF *conf) +{ if (conf == NULL) return; conf->meth->destroy_data(conf); - } +} -int NCONF_load(CONF *conf, const char *file, long *eline) - { - if (conf == NULL) - { - CONFerr(CONF_F_NCONF_LOAD,CONF_R_NO_CONF); +int +NCONF_load(CONF *conf, const char *file, long *eline) +{ + if (conf == NULL) { + CONFerror(CONF_R_NO_CONF); return 0; - } + } return conf->meth->load(conf, file, eline); - } +} -#ifndef OPENSSL_NO_FP_API -int NCONF_load_fp(CONF *conf, FILE *fp,long *eline) - { +int +NCONF_load_fp(CONF *conf, FILE *fp, long *eline) +{ BIO *btmp; int ret; - if(!(btmp = BIO_new_fp(fp, BIO_NOCLOSE))) - { - CONFerr(CONF_F_NCONF_LOAD_FP,ERR_R_BUF_LIB); + + if (!(btmp = BIO_new_fp(fp, BIO_NOCLOSE))) { + CONFerror(ERR_R_BUF_LIB); return 0; - } + } ret = NCONF_load_bio(conf, btmp, eline); BIO_free(btmp); return ret; - } -#endif +} -int NCONF_load_bio(CONF *conf, BIO *bp,long *eline) - { - if (conf == NULL) - { - CONFerr(CONF_F_NCONF_LOAD_BIO,CONF_R_NO_CONF); +int +NCONF_load_bio(CONF *conf, BIO *bp, long *eline) +{ + if (conf == NULL) { + CONFerror(CONF_R_NO_CONF); return 0; - } + } return conf->meth->load_bio(conf, bp, eline); - } +} -STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf,const char *section) - { - if (conf == NULL) - { - CONFerr(CONF_F_NCONF_GET_SECTION,CONF_R_NO_CONF); +STACK_OF(CONF_VALUE) * +NCONF_get_section(const CONF *conf, const char *section) +{ + if (conf == NULL) { + CONFerror(CONF_R_NO_CONF); return NULL; - } + } - if (section == NULL) - { - CONFerr(CONF_F_NCONF_GET_SECTION,CONF_R_NO_SECTION); + if (section == NULL) { + CONFerror(CONF_R_NO_SECTION); return NULL; - } + } return _CONF_get_section_values(conf, section); - } +} -char *NCONF_get_string(const CONF *conf,const char *group,const char *name) - { +char * +NCONF_get_string(const CONF *conf, const char *group, const char *name) +{ char *s = _CONF_get_string(conf, group, name); /* Since we may get a value from an environment variable even if conf is NULL, let's check the value first */ - if (s) return s; + if (s) + return s; - if (conf == NULL) - { - CONFerr(CONF_F_NCONF_GET_STRING, - CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE); + if (conf == NULL) { + CONFerror(CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE); return NULL; - } - CONFerr(CONF_F_NCONF_GET_STRING, - CONF_R_NO_VALUE); - ERR_add_error_data(4,"group=",group," name=",name); - return NULL; } + CONFerror(CONF_R_NO_VALUE); + ERR_asprintf_error_data("group=%s name=%s", + group ? group : "", name); + return NULL; +} -int NCONF_get_number_e(const CONF *conf,const char *group,const char *name, - long *result) - { +int +NCONF_get_number_e(const CONF *conf, const char *group, const char *name, + long *result) +{ char *str; - if (result == NULL) - { - CONFerr(CONF_F_NCONF_GET_NUMBER_E,ERR_R_PASSED_NULL_PARAMETER); + if (result == NULL) { + CONFerror(ERR_R_PASSED_NULL_PARAMETER); return 0; - } + } - str = NCONF_get_string(conf,group,name); + str = NCONF_get_string(conf, group, name); if (str == NULL) return 0; - for (*result = 0;conf->meth->is_number(conf, *str);) - { - *result = (*result)*10 + conf->meth->to_int(conf, *str); + for (*result = 0; conf->meth->is_number(conf, *str); ) { + *result = (*result) * 10 + conf->meth->to_int(conf, *str); str++; - } + } return 1; - } +} -#ifndef OPENSSL_NO_FP_API -int NCONF_dump_fp(const CONF *conf, FILE *out) - { +int +NCONF_dump_fp(const CONF *conf, FILE *out) +{ BIO *btmp; int ret; - if(!(btmp = BIO_new_fp(out, BIO_NOCLOSE))) { - CONFerr(CONF_F_NCONF_DUMP_FP,ERR_R_BUF_LIB); + if (!(btmp = BIO_new_fp(out, BIO_NOCLOSE))) { + CONFerror(ERR_R_BUF_LIB); return 0; } ret = NCONF_dump_bio(conf, btmp); BIO_free(btmp); return ret; - } -#endif +} -int NCONF_dump_bio(const CONF *conf, BIO *out) - { - if (conf == NULL) - { - CONFerr(CONF_F_NCONF_DUMP_BIO,CONF_R_NO_CONF); +int +NCONF_dump_bio(const CONF *conf, BIO *out) +{ + if (conf == NULL) { + CONFerror(CONF_R_NO_CONF); return 0; - } - - return conf->meth->dump(conf, out); - } - -/* This function should be avoided */ -#undef NCONF_get_number -long NCONF_get_number(CONF *conf,char *group,char *name) - { - int status; - long ret=0; - - status = NCONF_get_number_e(conf, group, name, &ret); - if (status == 0) - { - /* This function does not believe in errors... */ - ERR_get_error(); - } - return ret; } + return conf->meth->dump(conf, out); +} diff --git a/src/lib/libcrypto/conf/conf_mall.c b/src/lib/libcrypto/conf/conf_mall.c index d702af689ba..18631b3ba81 100644 --- a/src/lib/libcrypto/conf/conf_mall.c +++ b/src/lib/libcrypto/conf/conf_mall.c @@ -1,5 +1,5 @@ -/* conf_mall.c */ -/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: conf_mall.c,v 1.9 2014/07/11 08:44:48 jsing Exp $ */ +/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL * project 2001. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,20 +57,26 @@ */ #include -#include -#include "cryptlib.h" + +#include + +#include #include -#include +#include #include -#include + +#ifndef OPENSSL_NO_ENGINE #include +#endif /* Load all OpenSSL builtin modules */ -void OPENSSL_load_builtin_modules(void) - { +void +OPENSSL_load_builtin_modules(void) +{ /* Add builtin modules here */ ASN1_add_oid_module(); +#ifndef OPENSSL_NO_ENGINE ENGINE_add_conf_module(); - } - +#endif +} diff --git a/src/lib/libcrypto/conf/conf_mod.c b/src/lib/libcrypto/conf/conf_mod.c index edcc08921c2..9f252385e8a 100644 --- a/src/lib/libcrypto/conf/conf_mod.c +++ b/src/lib/libcrypto/conf/conf_mod.c @@ -1,5 +1,5 @@ -/* conf_mod.c */ -/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: conf_mod.c,v 1.27 2017/01/29 17:49:22 beck Exp $ */ +/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL * project 2001. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -56,38 +56,38 @@ * */ -#include #include -#include -#include "cryptlib.h" +#include +#include +#include + #include +#include #include +#include #include - #define DSO_mod_init_name "OPENSSL_init" #define DSO_mod_finish_name "OPENSSL_finish" - /* This structure contains a data about supported modules. * entries in this table correspond to either dynamic or * static modules. */ -struct conf_module_st - { +struct conf_module_st { /* DSO of this module or NULL if static */ DSO *dso; /* Name of the module */ char *name; /* Init function */ - conf_init_func *init; + conf_init_func *init; /* Finish function */ conf_finish_func *finish; /* Number of successfully initialized modules */ int links; void *usr_data; - }; +}; /* This structure contains information about modules that have been @@ -95,14 +95,13 @@ struct conf_module_st * given module. */ -struct conf_imodule_st - { +struct conf_imodule_st { CONF_MODULE *pmod; char *name; char *value; unsigned long flags; void *usr_data; - }; +}; static STACK_OF(CONF_MODULE) *supported_modules = NULL; static STACK_OF(CONF_IMODULE) *initialized_modules = NULL; @@ -110,61 +109,60 @@ static STACK_OF(CONF_IMODULE) *initialized_modules = NULL; static void module_free(CONF_MODULE *md); static void module_finish(CONF_IMODULE *imod); static int module_run(const CONF *cnf, char *name, char *value, - unsigned long flags); + unsigned long flags); static CONF_MODULE *module_add(DSO *dso, const char *name, - conf_init_func *ifunc, conf_finish_func *ffunc); + conf_init_func *ifunc, conf_finish_func *ffunc); static CONF_MODULE *module_find(char *name); static int module_init(CONF_MODULE *pmod, char *name, char *value, - const CONF *cnf); + const CONF *cnf); static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value, - unsigned long flags); + unsigned long flags); /* Main function: load modules from a CONF structure */ -int CONF_modules_load(const CONF *cnf, const char *appname, - unsigned long flags) - { +int +CONF_modules_load(const CONF *cnf, const char *appname, unsigned long flags) +{ STACK_OF(CONF_VALUE) *values; CONF_VALUE *vl; - char *vsection; + char *vsection = NULL; int ret, i; if (!cnf) return 1; - if (appname == NULL) - appname = "openssl_conf"; + if (appname) + vsection = NCONF_get_string(cnf, NULL, appname); - vsection = NCONF_get_string(cnf, NULL, appname); + if (!appname || (!vsection && (flags & CONF_MFLAGS_DEFAULT_SECTION))) + vsection = NCONF_get_string(cnf, NULL, "openssl_conf"); - if (!vsection) - { + if (!vsection) { ERR_clear_error(); return 1; - } + } values = NCONF_get_section(cnf, vsection); if (!values) return 0; - for (i = 0; i < sk_CONF_VALUE_num(values); i++) - { + for (i = 0; i < sk_CONF_VALUE_num(values); i++) { vl = sk_CONF_VALUE_value(values, i); ret = module_run(cnf, vl->name, vl->value, flags); if (ret <= 0) - if(!(flags & CONF_MFLAGS_IGNORE_ERRORS)) + if (!(flags & CONF_MFLAGS_IGNORE_ERRORS)) return ret; - } + } return 1; +} - } - -int CONF_modules_load_file(const char *filename, const char *appname, - unsigned long flags) - { +int +CONF_modules_load_file(const char *filename, const char *appname, + unsigned long flags) +{ char *file = NULL; CONF *conf = NULL; int ret = 0; @@ -172,39 +170,36 @@ int CONF_modules_load_file(const char *filename, const char *appname, if (!conf) goto err; - if (filename == NULL) - { + if (filename == NULL) { file = CONF_get1_default_config_file(); if (!file) goto err; - } - else + } else file = (char *)filename; - if (NCONF_load(conf, file, NULL) <= 0) - { + if (NCONF_load(conf, file, NULL) <= 0) { if ((flags & CONF_MFLAGS_IGNORE_MISSING_FILE) && - (ERR_GET_REASON(ERR_peek_last_error()) == CONF_R_NO_SUCH_FILE)) - { + (ERR_GET_REASON(ERR_peek_last_error()) == + CONF_R_NO_SUCH_FILE)) { ERR_clear_error(); ret = 1; - } - goto err; } + goto err; + } ret = CONF_modules_load(conf, appname, flags); - err: +err: if (filename == NULL) - OPENSSL_free(file); + free(file); NCONF_free(conf); return ret; - } +} -static int module_run(const CONF *cnf, char *name, char *value, - unsigned long flags) - { +static int +module_run(const CONF *cnf, char *name, char *value, unsigned long flags) +{ CONF_MODULE *md; int ret; @@ -214,62 +209,56 @@ static int module_run(const CONF *cnf, char *name, char *value, if (!md && !(flags & CONF_MFLAGS_NO_DSO)) md = module_load_dso(cnf, name, value, flags); - if (!md) - { - if (!(flags & CONF_MFLAGS_SILENT)) - { - CONFerr(CONF_F_MODULE_RUN, CONF_R_UNKNOWN_MODULE_NAME); - ERR_add_error_data(2, "module=", name); - } - return -1; + if (!md) { + if (!(flags & CONF_MFLAGS_SILENT)) { + CONFerror(CONF_R_UNKNOWN_MODULE_NAME); + ERR_asprintf_error_data("module=%s", name); } + return -1; + } ret = module_init(md, name, value, cnf); - if (ret <= 0) - { - if (!(flags & CONF_MFLAGS_SILENT)) - { - char rcode[DECIMAL_SIZE(ret)+1]; - CONFerr(CONF_F_CONF_MODULES_LOAD, CONF_R_MODULE_INITIALIZATION_ERROR); - sprintf(rcode, "%-8d", ret); - ERR_add_error_data(6, "module=", name, ", value=", value, ", retcode=", rcode); - } + if (ret <= 0) { + if (!(flags & CONF_MFLAGS_SILENT)) { + CONFerror(CONF_R_MODULE_INITIALIZATION_ERROR); + ERR_asprintf_error_data + ("module=%s, value=%s, retcode=%-8d", + name, value, ret); } + } return ret; - } +} /* Load a module from a DSO */ -static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value, - unsigned long flags) - { +static CONF_MODULE * +module_load_dso(const CONF *cnf, char *name, char *value, unsigned long flags) +{ DSO *dso = NULL; conf_init_func *ifunc; conf_finish_func *ffunc; char *path = NULL; int errcode = 0; CONF_MODULE *md; + /* Look for alternative path in module section */ path = NCONF_get_string(cnf, value, "path"); - if (!path) - { - ERR_get_error(); + if (!path) { + ERR_clear_error(); path = name; - } + } dso = DSO_load(NULL, path, NULL, 0); - if (!dso) - { + if (!dso) { errcode = CONF_R_ERROR_LOADING_DSO; goto err; - } - ifunc = (conf_init_func *)DSO_bind_func(dso, DSO_mod_init_name); - if (!ifunc) - { + } + ifunc = (conf_init_func *)DSO_bind_func(dso, DSO_mod_init_name); + if (!ifunc) { errcode = CONF_R_MISSING_INIT_FUNCTION; goto err; - } - ffunc = (conf_finish_func *)DSO_bind_func(dso, DSO_mod_finish_name); + } + ffunc = (conf_finish_func *)DSO_bind_func(dso, DSO_mod_finish_name); /* All OK, add module */ md = module_add(dso, name, ifunc, ffunc); @@ -278,297 +267,289 @@ static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value, return md; - err: +err: if (dso) DSO_free(dso); - CONFerr(CONF_F_MODULE_LOAD_DSO, errcode); - ERR_add_error_data(4, "module=", name, ", path=", path); + CONFerror(errcode); + ERR_asprintf_error_data("module=%s, path=%s", name, path); return NULL; - } +} /* add module to list */ -static CONF_MODULE *module_add(DSO *dso, const char *name, - conf_init_func *ifunc, conf_finish_func *ffunc) - { +static CONF_MODULE * +module_add(DSO *dso, const char *name, conf_init_func *ifunc, + conf_finish_func *ffunc) +{ CONF_MODULE *tmod = NULL; + + if (name == NULL) + return NULL; if (supported_modules == NULL) supported_modules = sk_CONF_MODULE_new_null(); if (supported_modules == NULL) return NULL; - tmod = OPENSSL_malloc(sizeof(CONF_MODULE)); + tmod = malloc(sizeof(CONF_MODULE)); if (tmod == NULL) return NULL; tmod->dso = dso; - tmod->name = BUF_strdup(name); + tmod->name = strdup(name); tmod->init = ifunc; tmod->finish = ffunc; tmod->links = 0; - if (!sk_CONF_MODULE_push(supported_modules, tmod)) - { - OPENSSL_free(tmod); + if (!sk_CONF_MODULE_push(supported_modules, tmod)) { + free(tmod); return NULL; - } + } return tmod; - } +} /* Find a module from the list. We allow module names of the * form modname.XXXX to just search for modname to allow the * same module to be initialized more than once. */ -static CONF_MODULE *module_find(char *name) - { +static CONF_MODULE * +module_find(char *name) +{ CONF_MODULE *tmod; int i, nchar; char *p; + p = strrchr(name, '.'); if (p) nchar = p - name; - else + else nchar = strlen(name); - for (i = 0; i < sk_CONF_MODULE_num(supported_modules); i++) - { + for (i = 0; i < sk_CONF_MODULE_num(supported_modules); i++) { tmod = sk_CONF_MODULE_value(supported_modules, i); if (!strncmp(tmod->name, name, nchar)) return tmod; - } + } return NULL; - - } +} /* initialize a module */ -static int module_init(CONF_MODULE *pmod, char *name, char *value, - const CONF *cnf) - { +static int +module_init(CONF_MODULE *pmod, char *name, char *value, const CONF *cnf) +{ int ret = 1; int init_called = 0; CONF_IMODULE *imod = NULL; /* Otherwise add initialized module to list */ - imod = OPENSSL_malloc(sizeof(CONF_IMODULE)); + imod = malloc(sizeof(CONF_IMODULE)); if (!imod) goto err; imod->pmod = pmod; - imod->name = BUF_strdup(name); - imod->value = BUF_strdup(value); + imod->name = name ? strdup(name) : NULL; + imod->value = value ? strdup(value) : NULL; imod->usr_data = NULL; if (!imod->name || !imod->value) goto memerr; /* Try to initialize module */ - if(pmod->init) - { + if (pmod->init) { ret = pmod->init(imod, cnf); init_called = 1; /* Error occurred, exit */ if (ret <= 0) goto err; - } + } - if (initialized_modules == NULL) - { + if (initialized_modules == NULL) { initialized_modules = sk_CONF_IMODULE_new_null(); - if (!initialized_modules) - { - CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE); + if (!initialized_modules) { + CONFerror(ERR_R_MALLOC_FAILURE); goto err; - } } + } - if (!sk_CONF_IMODULE_push(initialized_modules, imod)) - { - CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE); + if (!sk_CONF_IMODULE_push(initialized_modules, imod)) { + CONFerror(ERR_R_MALLOC_FAILURE); goto err; - } + } pmod->links++; return ret; - err: - +err: /* We've started the module so we'd better finish it */ if (pmod->finish && init_called) pmod->finish(imod); - memerr: - if (imod) - { - if (imod->name) - OPENSSL_free(imod->name); - if (imod->value) - OPENSSL_free(imod->value); - OPENSSL_free(imod); - } +memerr: + if (imod) { + free(imod->name); + free(imod->value); + free(imod); + } return -1; - - } +} /* Unload any dynamic modules that have a link count of zero: * i.e. have no active initialized modules. If 'all' is set * then all modules are unloaded including static ones. */ -void CONF_modules_unload(int all) - { +void +CONF_modules_unload(int all) +{ int i; CONF_MODULE *md; + CONF_modules_finish(); + /* unload modules in reverse order */ - for (i = sk_CONF_MODULE_num(supported_modules) - 1; i >= 0; i--) - { + for (i = sk_CONF_MODULE_num(supported_modules) - 1; i >= 0; i--) { md = sk_CONF_MODULE_value(supported_modules, i); /* If static or in use and 'all' not set ignore it */ if (((md->links > 0) || !md->dso) && !all) continue; /* Since we're working in reverse this is OK */ - sk_CONF_MODULE_delete(supported_modules, i); + (void)sk_CONF_MODULE_delete(supported_modules, i); module_free(md); - } - if (sk_CONF_MODULE_num(supported_modules) == 0) - { + } + if (sk_CONF_MODULE_num(supported_modules) == 0) { sk_CONF_MODULE_free(supported_modules); supported_modules = NULL; - } } +} /* unload a single module */ -static void module_free(CONF_MODULE *md) - { +static void +module_free(CONF_MODULE *md) +{ if (md->dso) DSO_free(md->dso); - OPENSSL_free(md->name); - OPENSSL_free(md); - } + free(md->name); + free(md); +} /* finish and free up all modules instances */ -void CONF_modules_finish(void) - { +void +CONF_modules_finish(void) +{ CONF_IMODULE *imod; - while (sk_CONF_IMODULE_num(initialized_modules) > 0) - { + + while (sk_CONF_IMODULE_num(initialized_modules) > 0) { imod = sk_CONF_IMODULE_pop(initialized_modules); module_finish(imod); - } + } sk_CONF_IMODULE_free(initialized_modules); initialized_modules = NULL; - } +} /* finish a module instance */ -static void module_finish(CONF_IMODULE *imod) - { +static void +module_finish(CONF_IMODULE *imod) +{ if (imod->pmod->finish) imod->pmod->finish(imod); imod->pmod->links--; - OPENSSL_free(imod->name); - OPENSSL_free(imod->value); - OPENSSL_free(imod); - } + free(imod->name); + free(imod->value); + free(imod); +} /* Add a static module to OpenSSL */ -int CONF_module_add(const char *name, conf_init_func *ifunc, - conf_finish_func *ffunc) - { +int +CONF_module_add(const char *name, conf_init_func *ifunc, + conf_finish_func *ffunc) +{ if (module_add(NULL, name, ifunc, ffunc)) return 1; else return 0; - } +} -void CONF_modules_free(void) - { +void +CONF_modules_free(void) +{ CONF_modules_finish(); CONF_modules_unload(1); - } +} /* Utility functions */ -const char *CONF_imodule_get_name(const CONF_IMODULE *md) - { +const char * +CONF_imodule_get_name(const CONF_IMODULE *md) +{ return md->name; - } +} -const char *CONF_imodule_get_value(const CONF_IMODULE *md) - { +const char * +CONF_imodule_get_value(const CONF_IMODULE *md) +{ return md->value; - } +} -void *CONF_imodule_get_usr_data(const CONF_IMODULE *md) - { +void * +CONF_imodule_get_usr_data(const CONF_IMODULE *md) +{ return md->usr_data; - } +} -void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data) - { +void +CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data) +{ md->usr_data = usr_data; - } +} -CONF_MODULE *CONF_imodule_get_module(const CONF_IMODULE *md) - { +CONF_MODULE * +CONF_imodule_get_module(const CONF_IMODULE *md) +{ return md->pmod; - } +} -unsigned long CONF_imodule_get_flags(const CONF_IMODULE *md) - { +unsigned long +CONF_imodule_get_flags(const CONF_IMODULE *md) +{ return md->flags; - } +} -void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags) - { +void +CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags) +{ md->flags = flags; - } +} -void *CONF_module_get_usr_data(CONF_MODULE *pmod) - { +void * +CONF_module_get_usr_data(CONF_MODULE *pmod) +{ return pmod->usr_data; - } +} -void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data) - { +void +CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data) +{ pmod->usr_data = usr_data; - } +} /* Return default config file name */ -char *CONF_get1_default_config_file(void) - { - char *file; - int len; - - file = getenv("OPENSSL_CONF"); - if (file) - return BUF_strdup(file); - - len = strlen(X509_get_default_cert_area()); -#ifndef OPENSSL_SYS_VMS - len++; -#endif - len += strlen(OPENSSL_CONF); - - file = OPENSSL_malloc(len + 1); - - if (!file) - return NULL; - strcpy(file,X509_get_default_cert_area()); -#ifndef OPENSSL_SYS_VMS - strcat(file,"/"); -#endif - strcat(file,OPENSSL_CONF); +char * +CONF_get1_default_config_file(void) +{ + char *file = NULL; + if (asprintf(&file, "%s/openssl.cnf", + X509_get_default_cert_area()) == -1) + return (NULL); return file; - } +} /* This function takes a list separated by 'sep' and calls the * callback function giving the start and length of each member @@ -576,41 +557,42 @@ char *CONF_get1_default_config_file(void) * be used to parse comma separated lists for example. */ -int CONF_parse_list(const char *list, int sep, int nospc, - int (*list_cb)(const char *elem, int len, void *usr), void *arg) - { +int +CONF_parse_list(const char *list_, int sep, int nospc, + int (*list_cb)(const char *elem, int len, void *usr), void *arg) +{ int ret; const char *lstart, *tmpend, *p; - lstart = list; - for(;;) - { - if (nospc) - { - while(*lstart && isspace((unsigned char)*lstart)) + if (list_ == NULL) { + CONFerror(CONF_R_LIST_CANNOT_BE_NULL); + return 0; + } + + lstart = list_; + for (;;) { + if (nospc) { + while (*lstart && isspace((unsigned char)*lstart)) lstart++; - } + } p = strchr(lstart, sep); if (p == lstart || !*lstart) ret = list_cb(NULL, 0, arg); - else - { + else { if (p) tmpend = p - 1; - else + else tmpend = lstart + strlen(lstart) - 1; - if (nospc) - { - while(isspace((unsigned char)*tmpend)) + if (nospc) { + while (isspace((unsigned char)*tmpend)) tmpend--; - } - ret = list_cb(lstart, tmpend - lstart + 1, arg); } + ret = list_cb(lstart, tmpend - lstart + 1, arg); + } if (ret <= 0) return ret; if (p == NULL) return 1; lstart = p + 1; - } } - +} diff --git a/src/lib/libcrypto/conf/conf_sap.c b/src/lib/libcrypto/conf/conf_sap.c index 97fb1743038..827cf96e742 100644 --- a/src/lib/libcrypto/conf/conf_sap.c +++ b/src/lib/libcrypto/conf/conf_sap.c @@ -1,5 +1,5 @@ -/* conf_sap.c */ -/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: conf_sap.c,v 1.14 2018/03/19 03:56:08 beck Exp $ */ +/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL * project 2001. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -56,52 +56,99 @@ * */ +#include #include -#include -#include "cryptlib.h" + +#include + +#include #include -#include +#include +#include #include -#include + +#ifndef OPENSSL_NO_ENGINE #include +#endif /* This is the automatic configuration loader: it is called automatically by * OpenSSL when any of a number of standard initialisation functions are called, * unless this is overridden by calling OPENSSL_no_config() */ -static int openssl_configured = 0; +static pthread_once_t openssl_configured = PTHREAD_ONCE_INIT; -void OPENSSL_config(const char *config_name) - { - if (openssl_configured) - return; +static const char *openssl_config_name; +static void +OPENSSL_config_internal(void) +{ OPENSSL_load_builtin_modules(); +#ifndef OPENSSL_NO_ENGINE /* Need to load ENGINEs */ ENGINE_load_builtin_engines(); +#endif /* Add others here? */ - ERR_clear_error(); - if (CONF_modules_load_file(NULL, NULL, - CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) - { + if (CONF_modules_load_file(NULL, openssl_config_name, + CONF_MFLAGS_DEFAULT_SECTION|CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) { BIO *bio_err; ERR_load_crypto_strings(); - if ((bio_err=BIO_new_fp(stderr, BIO_NOCLOSE)) != NULL) - { - BIO_printf(bio_err,"Auto configuration failed\n"); + if ((bio_err = BIO_new_fp(stderr, BIO_NOCLOSE)) != NULL) { + BIO_printf(bio_err, "Auto configuration failed\n"); ERR_print_errors(bio_err); BIO_free(bio_err); - } - exit(1); } + exit(1); + } return; - } +} -void OPENSSL_no_config() - { - openssl_configured = 1; - } +int +OpenSSL_config(const char *config_name) +{ + /* Don't override if NULL */ + /* + * Note - multiple threads calling this with *different* config names + * is probably not advisable. One thread will win, but you don't know + * if it will be the same thread as wins the pthread_once. + */ + if (config_name != NULL) + openssl_config_name = config_name; + + if (OPENSSL_init_crypto(0, NULL) == 0) + return 0; + + if (pthread_once(&openssl_configured, OPENSSL_config_internal) != 0) + return 0; + + return 1; +} + +void +OPENSSL_config(const char *config_name) +{ + (void) OpenSSL_config(config_name); +} + +static void +OPENSSL_no_config_internal(void) +{ +} + +int +OpenSSL_no_config(void) +{ + if (pthread_once(&openssl_configured, OPENSSL_no_config_internal) != 0) + return 0; + + return 1; +} + +void +OPENSSL_no_config(void) +{ + (void) OpenSSL_no_config(); +} diff --git a/src/lib/libcrypto/conf/keysets.pl b/src/lib/libcrypto/conf/keysets.pl index 50ed67fa527..fe17be57fea 100644 --- a/src/lib/libcrypto/conf/keysets.pl +++ b/src/lib/libcrypto/conf/keysets.pl @@ -132,7 +132,6 @@ CONF_PUNCTUATION) #define KEYTYPES(c) ((unsigned short *)((c)->meth_data)) -#ifndef CHARSET_EBCDIC #define IS_COMMENT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_COMMENT) #define IS_FCOMMENT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_FCOMMENT) #define IS_EOF(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_EOF) @@ -146,21 +145,6 @@ #define IS_DQUOTE(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_DQUOTE) #define IS_HIGHBIT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_HIGHBIT) -#else /*CHARSET_EBCDIC*/ - -#define IS_COMMENT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_COMMENT) -#define IS_FCOMMENT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_FCOMMENT) -#define IS_EOF(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_EOF) -#define IS_ESC(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ESC) -#define IS_NUMBER(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_NUMBER) -#define IS_WS(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_WS) -#define IS_ALPHA_NUMERIC(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC) -#define IS_ALPHA_NUMERIC_PUNCT(c,a) \\ - (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC_PUNCT) -#define IS_QUOTE(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_QUOTE) -#define IS_DQUOTE(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_DQUOTE) -#define IS_HIGHBIT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_HIGHBIT) -#endif /*CHARSET_EBCDIC*/ EOF diff --git a/src/lib/libcrypto/conf/test.c b/src/lib/libcrypto/conf/test.c deleted file mode 100644 index 7fab85053e4..00000000000 --- a/src/lib/libcrypto/conf/test.c +++ /dev/null @@ -1,98 +0,0 @@ -/* crypto/conf/test.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include -#include - -main() - { - LHASH *conf; - long eline; - char *s,*s2; - -#ifdef USE_WIN32 - CONF_set_default_method(CONF_WIN32); -#endif - conf=CONF_load(NULL,"ssleay.cnf",&eline); - if (conf == NULL) - { - ERR_load_crypto_strings(); - printf("unable to load configuration, line %ld\n",eline); - ERR_print_errors_fp(stderr); - exit(1); - } - lh_stats(conf,stdout); - lh_node_stats(conf,stdout); - lh_node_usage_stats(conf,stdout); - - s=CONF_get_string(conf,NULL,"init2"); - printf("init2=%s\n",(s == NULL)?"NULL":s); - - s=CONF_get_string(conf,NULL,"cipher1"); - printf("cipher1=%s\n",(s == NULL)?"NULL":s); - - s=CONF_get_string(conf,"s_client","cipher1"); - printf("s_client:cipher1=%s\n",(s == NULL)?"NULL":s); - - printf("---------------------------- DUMP ------------------------\n"); - CONF_dump_fp(conf, stdout); - - exit(0); - } diff --git a/src/lib/libcrypto/constant_time_locl.h b/src/lib/libcrypto/constant_time_locl.h new file mode 100644 index 00000000000..2cabfb460e6 --- /dev/null +++ b/src/lib/libcrypto/constant_time_locl.h @@ -0,0 +1,205 @@ +/* crypto/constant_time_locl.h */ +/*- + * Utilities for constant-time cryptography. + * + * Author: Emilia Kasper (emilia@openssl.org) + * Based on previous work by Bodo Moeller, Emilia Kasper, Adam Langley + * (Google). + * ==================================================================== + * Copyright (c) 2014 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_CONSTANT_TIME_LOCL_H +# define HEADER_CONSTANT_TIME_LOCL_H + +__BEGIN_HIDDEN_DECLS + +/*- + * The boolean methods return a bitmask of all ones (0xff...f) for true + * and 0 for false. This is useful for choosing a value based on the result + * of a conditional in constant time. For example, + * + * if (a < b) { + * c = a; + * } else { + * c = b; + * } + * + * can be written as + * + * unsigned int lt = constant_time_lt(a, b); + * c = constant_time_select(lt, a, b); + */ + +/* + * Returns the given value with the MSB copied to all the other + * bits. Uses the fact that arithmetic shift shifts-in the sign bit. + * However, this is not ensured by the C standard so you may need to + * replace this with something else on odd CPUs. + */ +static inline unsigned int constant_time_msb(unsigned int a); + +/* + * Returns 0xff..f if a < b and 0 otherwise. + */ +static inline unsigned int constant_time_lt(unsigned int a, unsigned int b); +/* Convenience method for getting an 8-bit mask. */ +static inline unsigned char constant_time_lt_8(unsigned int a, + unsigned int b); + +/* + * Returns 0xff..f if a >= b and 0 otherwise. + */ +static inline unsigned int constant_time_ge(unsigned int a, unsigned int b); +/* Convenience method for getting an 8-bit mask. */ +static inline unsigned char constant_time_ge_8(unsigned int a, + unsigned int b); + +/* + * Returns 0xff..f if a == 0 and 0 otherwise. + */ +static inline unsigned int constant_time_is_zero(unsigned int a); +/* Convenience method for getting an 8-bit mask. */ +static inline unsigned char constant_time_is_zero_8(unsigned int a); + +/* + * Returns 0xff..f if a == b and 0 otherwise. + */ +static inline unsigned int constant_time_eq(unsigned int a, unsigned int b); +/* Convenience method for getting an 8-bit mask. */ +static inline unsigned char constant_time_eq_8(unsigned int a, + unsigned int b); +/* Signed integers. */ +static inline unsigned int constant_time_eq_int(int a, int b); +/* Convenience method for getting an 8-bit mask. */ +static inline unsigned char constant_time_eq_int_8(int a, int b); + +/*- + * Returns (mask & a) | (~mask & b). + * + * When |mask| is all 1s or all 0s (as returned by the methods above), + * the select methods return either |a| (if |mask| is nonzero) or |b| + * (if |mask| is zero). + */ +static inline unsigned int constant_time_select(unsigned int mask, + unsigned int a, + unsigned int b); +/* Convenience method for unsigned chars. */ +static inline unsigned char constant_time_select_8(unsigned char mask, + unsigned char a, + unsigned char b); +/* Convenience method for signed integers. */ +static inline int constant_time_select_int(unsigned int mask, int a, int b); + +static inline unsigned int constant_time_msb(unsigned int a) +{ + return 0 - (a >> (sizeof(a) * 8 - 1)); +} + +static inline unsigned int constant_time_lt(unsigned int a, unsigned int b) +{ + return constant_time_msb(a ^ ((a ^ b) | ((a - b) ^ b))); +} + +static inline unsigned char constant_time_lt_8(unsigned int a, unsigned int b) +{ + return (unsigned char)(constant_time_lt(a, b)); +} + +static inline unsigned int constant_time_ge(unsigned int a, unsigned int b) +{ + return ~constant_time_lt(a, b); +} + +static inline unsigned char constant_time_ge_8(unsigned int a, unsigned int b) +{ + return (unsigned char)(constant_time_ge(a, b)); +} + +static inline unsigned int constant_time_is_zero(unsigned int a) +{ + return constant_time_msb(~a & (a - 1)); +} + +static inline unsigned char constant_time_is_zero_8(unsigned int a) +{ + return (unsigned char)(constant_time_is_zero(a)); +} + +static inline unsigned int constant_time_eq(unsigned int a, unsigned int b) +{ + return constant_time_is_zero(a ^ b); +} + +static inline unsigned char constant_time_eq_8(unsigned int a, unsigned int b) +{ + return (unsigned char)(constant_time_eq(a, b)); +} + +static inline unsigned int constant_time_eq_int(int a, int b) +{ + return constant_time_eq((unsigned)(a), (unsigned)(b)); +} + +static inline unsigned char constant_time_eq_int_8(int a, int b) +{ + return constant_time_eq_8((unsigned)(a), (unsigned)(b)); +} + +static inline unsigned int constant_time_select(unsigned int mask, + unsigned int a, + unsigned int b) +{ + return (mask & a) | (~mask & b); +} + +static inline unsigned char constant_time_select_8(unsigned char mask, + unsigned char a, + unsigned char b) +{ + return (unsigned char)(constant_time_select(mask, a, b)); +} + +static inline int constant_time_select_int(unsigned int mask, int a, int b) +{ + return (int)(constant_time_select(mask, (unsigned)(a), (unsigned)(b))); +} + +__END_HIDDEN_DECLS + +#endif /* HEADER_CONSTANT_TIME_LOCL_H */ diff --git a/src/lib/libcrypto/cpt_err.c b/src/lib/libcrypto/cpt_err.c index 1b4a1cb4d40..4ac32a28ec8 100644 --- a/src/lib/libcrypto/cpt_err.c +++ b/src/lib/libcrypto/cpt_err.c @@ -1,13 +1,13 @@ -/* crypto/cpt_err.c */ +/* $OpenBSD: cpt_err.c,v 1.13 2014/07/10 22:45:56 jsing Exp $ */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -59,44 +59,47 @@ */ #include + +#include + #include #include /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -static ERR_STRING_DATA CRYPTO_str_functs[]= - { -{ERR_PACK(0,CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX,0), "CRYPTO_get_ex_new_index"}, -{ERR_PACK(0,CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,0), "CRYPTO_get_new_dynlockid"}, -{ERR_PACK(0,CRYPTO_F_CRYPTO_GET_NEW_LOCKID,0), "CRYPTO_get_new_lockid"}, -{ERR_PACK(0,CRYPTO_F_CRYPTO_SET_EX_DATA,0), "CRYPTO_set_ex_data"}, -{ERR_PACK(0,CRYPTO_F_DEF_ADD_INDEX,0), "DEF_ADD_INDEX"}, -{ERR_PACK(0,CRYPTO_F_DEF_GET_CLASS,0), "DEF_GET_CLASS"}, -{ERR_PACK(0,CRYPTO_F_INT_DUP_EX_DATA,0), "INT_DUP_EX_DATA"}, -{ERR_PACK(0,CRYPTO_F_INT_FREE_EX_DATA,0), "INT_FREE_EX_DATA"}, -{ERR_PACK(0,CRYPTO_F_INT_NEW_EX_DATA,0), "INT_NEW_EX_DATA"}, -{0,NULL} - }; -static ERR_STRING_DATA CRYPTO_str_reasons[]= - { -{CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK ,"no dynlock create callback"}, -{0,NULL} - }; +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_CRYPTO,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_CRYPTO,0,reason) -#endif +static ERR_STRING_DATA CRYPTO_str_functs[] = { + {ERR_FUNC(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX), "CRYPTO_get_ex_new_index"}, + {ERR_FUNC(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID), "CRYPTO_get_new_dynlockid"}, + {ERR_FUNC(CRYPTO_F_CRYPTO_GET_NEW_LOCKID), "CRYPTO_get_new_lockid"}, + {ERR_FUNC(CRYPTO_F_CRYPTO_SET_EX_DATA), "CRYPTO_set_ex_data"}, + {ERR_FUNC(CRYPTO_F_DEF_ADD_INDEX), "DEF_ADD_INDEX"}, + {ERR_FUNC(CRYPTO_F_DEF_GET_CLASS), "DEF_GET_CLASS"}, + {ERR_FUNC(CRYPTO_F_FIPS_MODE_SET), "FIPS_mode_set"}, + {ERR_FUNC(CRYPTO_F_INT_DUP_EX_DATA), "INT_DUP_EX_DATA"}, + {ERR_FUNC(CRYPTO_F_INT_FREE_EX_DATA), "INT_FREE_EX_DATA"}, + {ERR_FUNC(CRYPTO_F_INT_NEW_EX_DATA), "INT_NEW_EX_DATA"}, + {0, NULL} +}; -void ERR_load_CRYPTO_strings(void) - { - static int init=1; +static ERR_STRING_DATA CRYPTO_str_reasons[] = { + {ERR_REASON(CRYPTO_R_FIPS_MODE_NOT_SUPPORTED), "fips mode not supported"}, + {ERR_REASON(CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK), "no dynlock create callback"}, + {0, NULL} +}; - if (init) - { - init=0; -#ifndef OPENSSL_NO_ERR - ERR_load_strings(ERR_LIB_CRYPTO,CRYPTO_str_functs); - ERR_load_strings(ERR_LIB_CRYPTO,CRYPTO_str_reasons); #endif - } +void +ERR_load_CRYPTO_strings(void) +{ +#ifndef OPENSSL_NO_ERR + if (ERR_func_error_string(CRYPTO_str_functs[0].error) == NULL) { + ERR_load_strings(0, CRYPTO_str_functs); + ERR_load_strings(0, CRYPTO_str_reasons); } +#endif +} diff --git a/src/lib/libcrypto/cryptlib.c b/src/lib/libcrypto/cryptlib.c index 612b3b93b44..38d31e7ac25 100644 --- a/src/lib/libcrypto/cryptlib.c +++ b/src/lib/libcrypto/cryptlib.c @@ -1,25 +1,78 @@ -/* crypto/cryptlib.c */ +/* $OpenBSD: cryptlib.c,v 1.45 2019/01/26 11:30:32 deraadt Exp $ */ +/* ==================================================================== + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +87,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,446 +102,276 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECDH support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ +#include +#include #include #include -#include "cryptlib.h" -#include -#include +#include +#include -#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) -static double SSLeay_MSVC5_hack=0.0; /* and for VC1.5 */ -#endif +#include +#include -DECLARE_STACK_OF(CRYPTO_dynlock) -IMPLEMENT_STACK_OF(CRYPTO_dynlock) - -/* real #defines in crypto.h, keep these upto date */ -static const char* lock_names[CRYPTO_NUM_LOCKS] = - { - "<>", - "err", - "ex_data", - "x509", - "x509_info", - "x509_pkey", - "x509_crl", - "x509_req", - "dsa", - "rsa", - "evp_pkey", - "x509_store", - "ssl_ctx", - "ssl_cert", - "ssl_session", - "ssl_sess_cert", - "ssl", - "rand", - "rand2", - "debug_malloc", - "BIO", - "gethostbyname", - "getservbyname", - "readdir", - "RSA_blinding", - "dh", - "debug_malloc2", - "dso", - "dynlock", - "engine", - "ui", -#if CRYPTO_NUM_LOCKS != 31 -# error "Inconsistency between crypto.h and cryptlib.c" -#endif - }; - -/* This is for applications to allocate new type names in the non-dynamic - array of lock names. These are numbered with positive numbers. */ -static STACK *app_locks=NULL; - -/* For applications that want a more dynamic way of handling threads, the - following stack is used. These are externally numbered with negative - numbers. */ -static STACK_OF(CRYPTO_dynlock) *dyn_locks=NULL; - - -static void (MS_FAR *locking_callback)(int mode,int type, - const char *file,int line)=NULL; -static int (MS_FAR *add_lock_callback)(int *pointer,int amount, - int type,const char *file,int line)=NULL; -static unsigned long (MS_FAR *id_callback)(void)=NULL; -static struct CRYPTO_dynlock_value *(MS_FAR *dynlock_create_callback) - (const char *file,int line)=NULL; -static void (MS_FAR *dynlock_lock_callback)(int mode, - struct CRYPTO_dynlock_value *l, const char *file,int line)=NULL; -static void (MS_FAR *dynlock_destroy_callback)(struct CRYPTO_dynlock_value *l, - const char *file,int line)=NULL; +static void (*locking_callback)(int mode, int type, + const char *file, int line) = NULL; +static int (*add_lock_callback)(int *pointer, int amount, + int type, const char *file, int line) = NULL; -int CRYPTO_get_new_lockid(char *name) - { - char *str; - int i; - -#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) - /* A hack to make Visual C++ 5.0 work correctly when linking as - * a DLL using /MT. Without this, the application cannot use - * and floating point printf's. - * It also seems to be needed for Visual C 1.5 (win16) */ - SSLeay_MSVC5_hack=(double)name[0]*(double)name[1]; -#endif +int +CRYPTO_num_locks(void) +{ + return 1; +} - if ((app_locks == NULL) && ((app_locks=sk_new_null()) == NULL)) - { - CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID,ERR_R_MALLOC_FAILURE); - return(0); - } - if ((str=BUF_strdup(name)) == NULL) - { - CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID,ERR_R_MALLOC_FAILURE); - return(0); - } - i=sk_push(app_locks,str); - if (!i) - OPENSSL_free(str); - else - i+=CRYPTO_NUM_LOCKS; /* gap of one :-) */ - return(i); - } - -int CRYPTO_num_locks(void) - { - return CRYPTO_NUM_LOCKS; - } +unsigned long +(*CRYPTO_get_id_callback(void))(void) +{ + return NULL; +} + +void +CRYPTO_set_id_callback(unsigned long (*func)(void)) +{ + return; +} + +unsigned long +CRYPTO_thread_id(void) +{ + return (unsigned long)pthread_self(); +} + +void +CRYPTO_set_locking_callback(void (*func)(int mode, int lock_num, + const char *file, int line)) +{ + locking_callback = func; +} + +void +(*CRYPTO_get_locking_callback(void))(int mode, int lock_num, + const char *file, int line) +{ + return locking_callback; +} + +void +CRYPTO_set_add_lock_callback(int (*func)(int *num, int mount, int lock_num, + const char *file, int line)) +{ + add_lock_callback = func; +} + +int +(*CRYPTO_get_add_lock_callback(void))(int *num, int mount, int type, + const char *file, int line) +{ + return add_lock_callback; +} + +const char * +CRYPTO_get_lock_name(int lock_num) +{ + return ""; +} + +struct CRYPTO_dynlock_value * +CRYPTO_get_dynlock_value(int i) +{ + return NULL; +} int CRYPTO_get_new_dynlockid(void) - { - int i = 0; - CRYPTO_dynlock *pointer = NULL; - - if (dynlock_create_callback == NULL) - { - CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK); - return(0); - } - CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK); - if ((dyn_locks == NULL) - && ((dyn_locks=sk_CRYPTO_dynlock_new_null()) == NULL)) - { - CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); - CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE); - return(0); - } - CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); - - pointer = (CRYPTO_dynlock *)OPENSSL_malloc(sizeof(CRYPTO_dynlock)); - if (pointer == NULL) - { - CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE); - return(0); - } - pointer->references = 1; - pointer->data = dynlock_create_callback(__FILE__,__LINE__); - if (pointer->data == NULL) - { - OPENSSL_free(pointer); - CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE); - return(0); - } - - CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK); - /* First, try to find an existing empty slot */ - i=sk_CRYPTO_dynlock_find(dyn_locks,NULL); - /* If there was none, push, thereby creating a new one */ - if (i == -1) - i=sk_CRYPTO_dynlock_push(dyn_locks,pointer); - CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); - - if (!i) - { - dynlock_destroy_callback(pointer->data,__FILE__,__LINE__); - OPENSSL_free(pointer); - } - else - i += 1; /* to avoid 0 */ - return -i; - } - -void CRYPTO_destroy_dynlockid(int i) - { - CRYPTO_dynlock *pointer = NULL; - if (i) - i = -i-1; - if (dynlock_destroy_callback == NULL) - return; +{ + return 0; +} + +void +CRYPTO_destroy_dynlockid(int i) +{ + return; +} + +int CRYPTO_get_new_lockid(char *name) +{ + return 0; +} + +int +CRYPTO_THREADID_set_callback(void (*func)(CRYPTO_THREADID *)) +{ + return 1; +} + +void +(*CRYPTO_THREADID_get_callback(void))(CRYPTO_THREADID *) +{ + return NULL; +} + +void +CRYPTO_THREADID_set_numeric(CRYPTO_THREADID *id, unsigned long val) +{ + return; +} + +void +CRYPTO_THREADID_set_pointer(CRYPTO_THREADID *id, void *ptr) +{ + return; +} + +void +CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *( + *dyn_create_function)(const char *file, int line)) +{ + return; +} + +void +CRYPTO_set_dynlock_lock_callback(void (*dyn_lock_function)( + int mode, struct CRYPTO_dynlock_value *l, const char *file, int line)) +{ + return; +} + +void +CRYPTO_set_dynlock_destroy_callback(void (*dyn_destroy_function)( + struct CRYPTO_dynlock_value *l, const char *file, int line)) +{ + return; +} + +struct CRYPTO_dynlock_value * +(*CRYPTO_get_dynlock_create_callback(void))( + const char *file, int line) +{ + return NULL; +} - CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK); +void +(*CRYPTO_get_dynlock_lock_callback(void))(int mode, + struct CRYPTO_dynlock_value *l, const char *file, int line) +{ + return NULL; +} - if (dyn_locks == NULL || i >= sk_CRYPTO_dynlock_num(dyn_locks)) - { - CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); +void +(*CRYPTO_get_dynlock_destroy_callback(void))( + struct CRYPTO_dynlock_value *l, const char *file, int line) +{ + return NULL; +} + +void +CRYPTO_THREADID_current(CRYPTO_THREADID *id) +{ + memset(id, 0, sizeof(*id)); + id->val = (unsigned long)pthread_self(); +} + +int +CRYPTO_THREADID_cmp(const CRYPTO_THREADID *a, const CRYPTO_THREADID *b) +{ + return memcmp(a, b, sizeof(*a)); +} + +void +CRYPTO_THREADID_cpy(CRYPTO_THREADID *dest, const CRYPTO_THREADID *src) +{ + memcpy(dest, src, sizeof(*src)); +} + +unsigned long +CRYPTO_THREADID_hash(const CRYPTO_THREADID *id) +{ + return id->val; +} + +#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ + defined(__INTEL__) || \ + defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64) + +uint64_t OPENSSL_ia32cap_P; + +uint64_t +OPENSSL_cpu_caps(void) +{ + return OPENSSL_ia32cap_P; +} + +#if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) +#define OPENSSL_CPUID_SETUP +void +OPENSSL_cpuid_setup(void) +{ + static int trigger = 0; + uint64_t OPENSSL_ia32_cpuid(void); + + if (trigger) return; - } - pointer = sk_CRYPTO_dynlock_value(dyn_locks, i); - if (pointer != NULL) - { - --pointer->references; -#ifdef REF_CHECK - if (pointer->references < 0) - { - fprintf(stderr,"CRYPTO_destroy_dynlockid, bad reference count\n"); - abort(); - } - else + trigger = 1; + OPENSSL_ia32cap_P = OPENSSL_ia32_cpuid(); +} #endif - if (pointer->references <= 0) - { - sk_CRYPTO_dynlock_set(dyn_locks, i, NULL); - } - else - pointer = NULL; - } - CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); - - if (pointer) - { - dynlock_destroy_callback(pointer->data,__FILE__,__LINE__); - OPENSSL_free(pointer); - } - } - -struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i) - { - CRYPTO_dynlock *pointer = NULL; - if (i) - i = -i-1; - - CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK); - - if (dyn_locks != NULL && i < sk_CRYPTO_dynlock_num(dyn_locks)) - pointer = sk_CRYPTO_dynlock_value(dyn_locks, i); - if (pointer) - pointer->references++; - - CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); - - if (pointer) - return pointer->data; - return NULL; - } - -struct CRYPTO_dynlock_value *(*CRYPTO_get_dynlock_create_callback(void)) - (const char *file,int line) - { - return(dynlock_create_callback); - } - -void (*CRYPTO_get_dynlock_lock_callback(void))(int mode, - struct CRYPTO_dynlock_value *l, const char *file,int line) - { - return(dynlock_lock_callback); - } - -void (*CRYPTO_get_dynlock_destroy_callback(void)) - (struct CRYPTO_dynlock_value *l, const char *file,int line) - { - return(dynlock_destroy_callback); - } - -void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *(*func) - (const char *file, int line)) - { - dynlock_create_callback=func; - } - -void CRYPTO_set_dynlock_lock_callback(void (*func)(int mode, - struct CRYPTO_dynlock_value *l, const char *file, int line)) - { - dynlock_lock_callback=func; - } - -void CRYPTO_set_dynlock_destroy_callback(void (*func) - (struct CRYPTO_dynlock_value *l, const char *file, int line)) - { - dynlock_destroy_callback=func; - } - - -void (*CRYPTO_get_locking_callback(void))(int mode,int type,const char *file, - int line) - { - return(locking_callback); - } - -int (*CRYPTO_get_add_lock_callback(void))(int *num,int mount,int type, - const char *file,int line) - { - return(add_lock_callback); - } - -void CRYPTO_set_locking_callback(void (*func)(int mode,int type, - const char *file,int line)) - { - locking_callback=func; - } - -void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount,int type, - const char *file,int line)) - { - add_lock_callback=func; - } - -unsigned long (*CRYPTO_get_id_callback(void))(void) - { - return(id_callback); - } - -void CRYPTO_set_id_callback(unsigned long (*func)(void)) - { - id_callback=func; - } - -unsigned long CRYPTO_thread_id(void) - { - unsigned long ret=0; - - if (id_callback == NULL) - { -#ifdef OPENSSL_SYS_WIN16 - ret=(unsigned long)GetCurrentTask(); -#elif defined(OPENSSL_SYS_WIN32) - ret=(unsigned long)GetCurrentThreadId(); -#elif defined(GETPID_IS_MEANINGLESS) - ret=1L; + #else - ret=(unsigned long)getpid(); -#endif - } - else - ret=id_callback(); - return(ret); - } - -void CRYPTO_lock(int mode, int type, const char *file, int line) - { -#ifdef LOCK_DEBUG - { - char *rw_text,*operation_text; - - if (mode & CRYPTO_LOCK) - operation_text="lock "; - else if (mode & CRYPTO_UNLOCK) - operation_text="unlock"; - else - operation_text="ERROR "; - - if (mode & CRYPTO_READ) - rw_text="r"; - else if (mode & CRYPTO_WRITE) - rw_text="w"; - else - rw_text="ERROR"; - - fprintf(stderr,"lock:%08lx:(%s)%s %-18s %s:%d\n", - CRYPTO_thread_id(), rw_text, operation_text, - CRYPTO_get_lock_name(type), file, line); - } -#endif - if (type < 0) - { - struct CRYPTO_dynlock_value *pointer - = CRYPTO_get_dynlock_value(type); - - if (pointer && dynlock_lock_callback) - { - dynlock_lock_callback(mode, pointer, file, line); - } - - CRYPTO_destroy_dynlockid(type); - } - else - if (locking_callback != NULL) - locking_callback(mode,type,file,line); - } - -int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file, - int line) - { - int ret = 0; - - if (add_lock_callback != NULL) - { -#ifdef LOCK_DEBUG - int before= *pointer; +uint64_t +OPENSSL_cpu_caps(void) +{ + return 0; +} #endif - ret=add_lock_callback(pointer,amount,type,file,line); -#ifdef LOCK_DEBUG - fprintf(stderr,"ladd:%08lx:%2d+%2d->%2d %-18s %s:%d\n", - CRYPTO_thread_id(), - before,amount,ret, - CRYPTO_get_lock_name(type), - file,line); -#endif - } - else - { - CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,file,line); - - ret= *pointer+amount; -#ifdef LOCK_DEBUG - fprintf(stderr,"ladd:%08lx:%2d+%2d->%2d %-18s %s:%d\n", - CRYPTO_thread_id(), - *pointer,amount,ret, - CRYPTO_get_lock_name(type), - file,line); -#endif - *pointer=ret; - CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,file,line); - } - return(ret); - } - -const char *CRYPTO_get_lock_name(int type) - { - if (type < 0) - return("dynamic"); - else if (type < CRYPTO_NUM_LOCKS) - return(lock_names[type]); - else if (type-CRYPTO_NUM_LOCKS >= sk_num(app_locks)) - return("ERROR"); - else - return(sk_value(app_locks,type-CRYPTO_NUM_LOCKS)); - } - -#ifdef _DLL -#ifdef OPENSSL_SYS_WIN32 - -/* All we really need to do is remove the 'error' state when a thread - * detaches */ - -BOOL WINAPI DLLEntryPoint(HINSTANCE hinstDLL, DWORD fdwReason, - LPVOID lpvReserved) - { - switch(fdwReason) - { - case DLL_PROCESS_ATTACH: - break; - case DLL_THREAD_ATTACH: - break; - case DLL_THREAD_DETACH: - ERR_remove_state(0); - break; - case DLL_PROCESS_DETACH: - break; - } - return(TRUE); - } +#if !defined(OPENSSL_CPUID_SETUP) && !defined(OPENSSL_CPUID_OBJ) +void +OPENSSL_cpuid_setup(void) +{ +} #endif -#endif +static void +OPENSSL_showfatal(const char *fmta, ...) +{ + struct syslog_data sdata = SYSLOG_DATA_INIT; + va_list ap; + + va_start(ap, fmta); + vsyslog_r(LOG_INFO|LOG_LOCAL2, &sdata, fmta, ap); + va_end(ap); +} + +void +OpenSSLDie(const char *file, int line, const char *assertion) +{ + OPENSSL_showfatal( + "uid %u cmd %s %s(%d): OpenSSL internal error, assertion failed: %s\n", + getuid(), getprogname(), file, line, assertion); + _exit(1); +} + +int +CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len) +{ + size_t i; + const unsigned char *a = in_a; + const unsigned char *b = in_b; + unsigned char x = 0; + + for (i = 0; i < len; i++) + x |= a[i] ^ b[i]; + + return x; +} diff --git a/src/lib/libcrypto/cryptlib.h b/src/lib/libcrypto/cryptlib.h index 37ce7721fb0..d44738bf3c0 100644 --- a/src/lib/libcrypto/cryptlib.h +++ b/src/lib/libcrypto/cryptlib.h @@ -1,25 +1,25 @@ -/* crypto/cryptlib.h */ +/* $OpenBSD: cryptlib.h,v 1.25 2016/11/04 17:30:30 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -59,38 +59,20 @@ #ifndef HEADER_CRYPTLIB_H #define HEADER_CRYPTLIB_H -#include -#include - -#include "e_os.h" - -#include -#include -#include -#include #include #ifdef __cplusplus extern "C" { #endif -#ifndef OPENSSL_SYS_VMS #define X509_CERT_AREA OPENSSLDIR #define X509_CERT_DIR OPENSSLDIR "/certs" #define X509_CERT_FILE OPENSSLDIR "/cert.pem" #define X509_PRIVATE_DIR OPENSSLDIR "/private" -#else -#define X509_CERT_AREA "SSLROOT:[000000]" -#define X509_CERT_DIR "SSLCERTS:" -#define X509_CERT_FILE "SSLCERTS:cert.pem" -#define X509_PRIVATE_DIR "SSLPRIVATE:" -#endif - #define X509_CERT_DIR_EVP "SSL_CERT_DIR" #define X509_CERT_FILE_EVP "SSL_CERT_FILE" -/* size of string represenations */ -#define DECIMAL_SIZE(type) ((sizeof(type)*8+2)/3+1) +void OPENSSL_cpuid_setup(void); #ifdef __cplusplus } diff --git a/src/lib/libcrypto/crypto-lib.com b/src/lib/libcrypto/crypto-lib.com deleted file mode 100644 index 4847a69a716..00000000000 --- a/src/lib/libcrypto/crypto-lib.com +++ /dev/null @@ -1,1512 +0,0 @@ -$! -$! CRYPTO-LIB.COM -$! Written By: Robert Byer -$! Vice-President -$! A-Com Computing, Inc. -$! byer@mail.all-net.net -$! -$! Changes by Richard Levitte -$! -$! This command files compiles and creates the "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" -$! library for OpenSSL. The "xxx" denotes the machine architecture of AXP -$! or VAX. -$! -$! It was re-written so it would try to determine what "C" compiler to use -$! or you can specify which "C" compiler to use. -$! -$! Specify the following as P1 to build just that part or ALL to just -$! build everything. -$! -$! LIBRARY To just compile the [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library. -$! APPS To just compile the [.xxx.EXE.CRYPTO]*.EXE -$! ALL To do both LIBRARY and APPS -$! -$! Specify RSAREF as P2 to compile with the RSAREF library instead of -$! the regular one. If you specify NORSAREF it will compile with the -$! regular RSAREF routines. (Note: If you are in the United States -$! you MUST compile with RSAREF unless you have a license from RSA). -$! -$! Note: The RSAREF libraries are NOT INCLUDED and you have to -$! download it from "ftp://ftp.rsa.com/rsaref". You have to -$! get the ".tar-Z" file as the ".zip" file dosen't have the -$! directory structure stored. You have to extract the file -$! into the [.RSAREF] directory under the root directory as that -$! is where the scripts will look for the files. -$! -$! Specify DEBUG or NODEBUG as P3 to compile with or without debugger -$! information. -$! -$! Specify which compiler at P4 to try to compile under. -$! -$! VAXC For VAX C. -$! DECC For DEC C. -$! GNUC For GNU C. -$! -$! If you don't speficy a compiler, it will try to determine which -$! "C" compiler to use. -$! -$! P5, if defined, sets a TCP/IP library to use, through one of the following -$! keywords: -$! -$! UCX for UCX -$! TCPIP for TCPIP (post UCX) -$! SOCKETSHR for SOCKETSHR+NETLIB -$! -$! P6, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up) -$! -$! P7, if defined, sets a choice of crypto methods to compile. -$! WARNING: this should only be done to recompile some part of an already -$! fully compiled library. -$! -$! -$! Define A TCP/IP Library That We Will Need To Link To. -$! (That Is, If We Need To Link To One.) -$! -$ TCPIP_LIB = "" -$! -$! Check Which Architecture We Are Using. -$! -$ IF (F$GETSYI("CPU").GE.128) -$ THEN -$! -$! The Architecture Is AXP -$! -$ ARCH := AXP -$! -$! Else... -$! -$ ELSE -$! -$! The Architecture Is VAX. -$! -$ ARCH := VAX -$! -$! End The Architecture Check. -$! -$ ENDIF -$! -$! Define The Different Encryption Types. -$! -$ ENCRYPT_TYPES = "Basic,MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,"+ - - "DES,RC2,RC4,RC5,IDEA,BF,CAST,"+ - - "BN,EC,RSA,DSA,DH,DSO,ENGINE,AES,"+ - - "BUFFER,BIO,STACK,LHASH,RAND,ERR,OBJECTS,"+ - - "EVP,EVP_2,ASN1,ASN1_2,PEM,X509,X509V3,"+ - - "CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,UI,KRB5" -$ ENCRYPT_PROGRAMS = "DES,PKCS7" -$! -$! Check To Make Sure We Have Valid Command Line Parameters. -$! -$ GOSUB CHECK_OPTIONS -$! -$! Initialise logical names and such -$! -$ GOSUB INITIALISE -$! -$! Tell The User What Kind of Machine We Run On. -$! -$ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine." -$! -$! Define The OBJ Directory. -$! -$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.CRYPTO] -$! -$! Check To See If The Architecture Specific OBJ Directory Exists. -$! -$ IF (F$PARSE(OBJ_DIR).EQS."") -$ THEN -$! -$! It Dosen't Exist, So Create It. -$! -$ CREATE/DIR 'OBJ_DIR' -$! -$! End The Architecture Specific OBJ Directory Check. -$! -$ ENDIF -$! -$! Define The EXE Directory. -$! -$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.CRYPTO] -$! -$! Check To See If The Architecture Specific Directory Exists. -$! -$ IF (F$PARSE(EXE_DIR).EQS."") -$ THEN -$! -$! It Dosen't Exist, So Create It. -$! -$ CREATE/DIRECTORY 'EXE_DIR' -$! -$! End The Architecture Specific Directory Check. -$! -$ ENDIF -$! -$! Define The Library Name. -$! -$ LIB_NAME := 'EXE_DIR'LIBCRYPTO.OLB -$! -$! Define The CRYPTO-LIB We Are To Use. -$! -$ CRYPTO_LIB := 'EXE_DIR'LIBCRYPTO.OLB -$! -$! Define The RSAREF-LIB We Are To Use. -$! -$ RSAREF_LIB := SYS$DISK:[-.'ARCH'.EXE.RSAREF]LIBRSAGLUE.OLB -$! -$! Check To See If We Already Have A "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" Library... -$! -$ IF (F$SEARCH(LIB_NAME).EQS."") -$ THEN -$! -$! Guess Not, Create The Library. -$! -$ LIBRARY/CREATE/OBJECT 'LIB_NAME' -$! -$! End The Library Check. -$! -$ ENDIF -$! -$! Build our options file for the application -$! -$ GOSUB CHECK_OPT_FILE -$! -$! Define The Different Encryption "library" Strings. -$! -$ APPS_DES = "DES/DES,CBC3_ENC" -$ APPS_PKCS7 = "ENC/ENC;DEC/DEC;SIGN/SIGN;VERIFY/VERIFY,EXAMPLE" -$ -$ LIB_ = "cryptlib,mem,mem_dbg,cversion,ex_data,tmdiff,cpt_err,ebcdic,uid,o_time" -$ LIB_MD2 = "md2_dgst,md2_one" -$ LIB_MD4 = "md4_dgst,md4_one" -$ LIB_MD5 = "md5_dgst,md5_one" -$ LIB_SHA = "sha_dgst,sha1dgst,sha_one,sha1_one" -$ LIB_MDC2 = "mdc2dgst,mdc2_one" -$ LIB_HMAC = "hmac" -$ LIB_RIPEMD = "rmd_dgst,rmd_one" -$ LIB_DES = "set_key,ecb_enc,cbc_enc,"+ - - "ecb3_enc,cfb64enc,cfb64ede,cfb_enc,ofb64ede,"+ - - "enc_read,enc_writ,ofb64enc,"+ - - "ofb_enc,str2key,pcbc_enc,qud_cksm,rand_key,"+ - - "des_enc,fcrypt_b,"+ - - "fcrypt,xcbc_enc,rpc_enc,cbc_cksm,"+ - - "ede_cbcm_enc,des_old,des_old2,read2pwd" -$ LIB_RC2 = "rc2_ecb,rc2_skey,rc2_cbc,rc2cfb64,rc2ofb64" -$ LIB_RC4 = "rc4_skey,rc4_enc" -$ LIB_RC5 = "rc5_skey,rc5_ecb,rc5_enc,rc5cfb64,rc5ofb64" -$ LIB_IDEA = "i_cbc,i_cfb64,i_ofb64,i_ecb,i_skey" -$ LIB_BF = "bf_skey,bf_ecb,bf_enc,bf_cfb64,bf_ofb64" -$ LIB_CAST = "c_skey,c_ecb,c_enc,c_cfb64,c_ofb64" -$ LIB_BN_ASM = "[.asm]vms.mar,vms-helper" -$ IF F$TRNLNM("OPENSSL_NO_ASM").OR.ARCH.EQS."AXP" THEN LIB_BN_ASM = "bn_asm" -$ LIB_BN = "bn_add,bn_div,bn_exp,bn_lib,bn_ctx,bn_mul,bn_mod,"+ - - "bn_print,bn_rand,bn_shift,bn_word,bn_blind,"+ - - "bn_kron,bn_sqrt,bn_gcd,bn_prime,bn_err,bn_sqr,"+LIB_BN_ASM+","+ - - "bn_recp,bn_mont,bn_mpi,bn_exp2" -$ LIB_RSA = "rsa_eay,rsa_gen,rsa_lib,rsa_sign,rsa_saos,rsa_err,"+ - - "rsa_pk1,rsa_ssl,rsa_none,rsa_oaep,rsa_chk,rsa_null,"+ - - "rsa_asn1" -$ LIB_EC = "ec_lib,ecp_smpl,ecp_mont,ecp_recp,ecp_nist,ec_cvt,ec_mult,"+ - - "ec_err" -$ LIB_DSA = "dsa_gen,dsa_key,dsa_lib,dsa_asn1,dsa_vrf,dsa_sign,dsa_err,dsa_ossl" -$ LIB_DH = "dh_asn1,dh_gen,dh_key,dh_lib,dh_check,dh_err" -$ LIB_DSO = "dso_dl,dso_dlfcn,dso_err,dso_lib,dso_null,"+ - - "dso_openssl,dso_win32,dso_vms" -$ LIB_ENGINE = "eng_err,eng_lib,eng_list,eng_init,eng_ctrl,"+ - - "eng_table,eng_pkey,eng_fat,eng_all,"+ - - "tb_rsa,tb_dsa,tb_dh,tb_rand,tb_cipher,tb_digest,"+ - - "eng_openssl,eng_dyn,eng_cnf,"+ - - "hw_atalla,hw_cswift,hw_ncipher,hw_nuron,hw_ubsec,"+ - - "hw_openbsd_dev_crypto,hw_aep,hw_sureware,hw_4758_cca" -$ LIB_AES = "aes_core,aes_misc,aes_ecb,aes_cbc,aes_cfb,aes_ofb,aes_ctr" -$ LIB_BUFFER = "buffer,buf_err" -$ LIB_BIO = "bio_lib,bio_cb,bio_err,"+ - - "bss_mem,bss_null,bss_fd,"+ - - "bss_file,bss_sock,bss_conn,"+ - - "bf_null,bf_buff,b_print,b_dump,"+ - - "b_sock,bss_acpt,bf_nbio,bss_rtcp,bss_bio,bss_log,"+ - - "bf_lbuf" -$ LIB_STACK = "stack" -$ LIB_LHASH = "lhash,lh_stats" -$ LIB_RAND = "md_rand,randfile,rand_lib,rand_err,rand_egd,"+ - - "rand_vms" -$ LIB_ERR = "err,err_all,err_prn" -$ LIB_OBJECTS = "o_names,obj_dat,obj_lib,obj_err" -$ LIB_EVP = "encode,digest,evp_enc,evp_key,"+ - - "e_des,e_bf,e_idea,e_des3,"+ - - "e_rc4,e_aes,names,"+ - - "e_xcbc_d,e_rc2,e_cast,e_rc5" -$ LIB_EVP_2 = "m_null,m_md2,m_md4,m_md5,m_sha,m_sha1," + - - "m_dss,m_dss1,m_mdc2,m_ripemd,"+ - - "p_open,p_seal,p_sign,p_verify,p_lib,p_enc,p_dec,"+ - - "bio_md,bio_b64,bio_enc,evp_err,e_null,"+ - - "c_all,c_allc,c_alld,evp_lib,bio_ok,"+- - "evp_pkey,evp_pbe,p5_crpt,p5_crpt2" -$ LIB_ASN1 = "a_object,a_bitstr,a_utctm,a_gentm,a_time,a_int,a_octet,"+ - - "a_print,a_type,a_set,a_dup,a_d2i_fp,a_i2d_fp,"+ - - "a_enum,a_utf8,a_sign,a_digest,a_verify,a_mbstr,a_strex,"+ - - "x_algor,x_val,x_pubkey,x_sig,x_req,x_attrib,x_bignum,"+ - - "x_long,x_name,x_x509,x_x509a,x_crl,x_info,x_spki,nsseq,"+ - - "d2i_pu,d2i_pr,i2d_pu,i2d_pr" -$ LIB_ASN1_2 = "t_req,t_x509,t_x509a,t_crl,t_pkey,t_spki,t_bitst,"+ - - "tasn_new,tasn_fre,tasn_enc,tasn_dec,tasn_utl,tasn_typ,"+ - - "f_int,f_string,n_pkey,"+ - - "f_enum,a_hdr,x_pkey,a_bool,x_exten,"+ - - "asn1_par,asn1_lib,asn1_err,a_meth,a_bytes,a_strnid,"+ - - "evp_asn1,asn_pack,p5_pbe,p5_pbev2,p8_pkey,asn_moid" -$ LIB_PEM = "pem_sign,pem_seal,pem_info,pem_lib,pem_all,pem_err,"+ - - "pem_x509,pem_xaux,pem_oth,pem_pk8,pem_pkey" -$ LIB_X509 = "x509_def,x509_d2,x509_r2x,x509_cmp,"+ - - "x509_obj,x509_req,x509spki,x509_vfy,"+ - - "x509_set,x509cset,x509rset,x509_err,"+ - - "x509name,x509_v3,x509_ext,x509_att,"+ - - "x509type,x509_lu,x_all,x509_txt,"+ - - "x509_trs,by_file,by_dir" -$ LIB_X509V3 = "v3_bcons,v3_bitst,v3_conf,v3_extku,v3_ia5,v3_lib,"+ - - "v3_prn,v3_utl,v3err,v3_genn,v3_alt,v3_skey,v3_akey,v3_pku,"+ - - "v3_int,v3_enum,v3_sxnet,v3_cpols,v3_crld,v3_purp,v3_info,"+ - - "v3_ocsp,v3_akeya" -$ LIB_CONF = "conf_err,conf_lib,conf_api,conf_def,conf_mod,conf_mall" -$ LIB_TXT_DB = "txt_db" -$ LIB_PKCS7 = "pk7_asn1,pk7_lib,pkcs7err,pk7_doit,pk7_smime,pk7_attr,"+ - - "pk7_mime" -$ LIB_PKCS12 = "p12_add,p12_asn,p12_attr,p12_crpt,p12_crt,p12_decr,"+ - - "p12_init,p12_key,p12_kiss,p12_mutl,"+ - - "p12_utl,p12_npas,pk12err,p12_p8d,p12_p8e" -$ LIB_COMP = "comp_lib,"+ - - "c_rle,c_zlib" -$ LIB_OCSP = "ocsp_asn,ocsp_ext,ocsp_ht,ocsp_lib,ocsp_cl,"+ - - "ocsp_srv,ocsp_prn,ocsp_vfy,ocsp_err" -$ LIB_UI_COMPAT = ",ui_compat" -$ LIB_UI = "ui_err,ui_lib,ui_openssl,ui_util"+LIB_UI_COMPAT -$ LIB_KRB5 = "krb5_asn" -$! -$! Setup exceptional compilations -$! -$ COMPILEWITH_CC3 = ",bss_rtcp," -$ COMPILEWITH_CC4 = ",a_utctm,bss_log,o_time," -$ COMPILEWITH_CC5 = ",md2_dgst,md4_dgst,md5_dgst,mdc2dgst," + - - "sha_dgst,sha1dgst,rmd_dgst,bf_enc," -$! -$! Check To See If We Are Going To Use RSAREF. -$! -$ IF (RSAREF.EQS."TRUE" .AND. ENCRYPT_TYPES - "RSA".NES.ENCRYPT_TYPES - - .AND. (BUILDALL .EQS. "TRUE" .OR. BUILDALL .EQS. "LIBRARY")) -$ THEN -$! -$! Check To See If The File [-.RSAREF]RSAREF.C Is Actually There. -$! -$ IF (F$SEARCH("SYS$DISK:[-.RSAREF]RSAREF.C").EQS."") -$ THEN -$! -$! Tell The User That The File Doesn't Exist. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The File [-.RSAREF]RSAREF.C Doesn't Exist." -$ WRITE SYS$OUTPUT "" -$! -$! Exit The Build. -$! -$ GOTO EXIT -$! -$! End The [-.RSAREF]RSAREF.C Check. -$! -$ ENDIF -$! -$! Tell The User We Are Compiling The [-.RSAREF]RSAREF File. -$! -$ WRITE SYS$OUTPUT "Compiling The [-.RSAREF]RSAREF File." -$! -$! Compile [-.RSAREF]RSAREF.C -$! -$ CC/OBJECT='OBJ_DIR'RSAREF.OBJ SYS$DISK:[-.RSAREF]RSAREF.C -$! -$! Add It To The Library. -$! -$ LIBRARY/REPLACE 'LIB_NAME' 'OBJ_DIR'RSAREF.OBJ -$! -$! Delete The Object File. -$! -$ DELETE 'OBJ_DIR'RSAREF.OBJ;* -$! -$! Check To See If The File [-.RSAREF]RSAR_ERR.C Is Actually There. -$! -$ IF (F$SEARCH("SYS$DISK:[-.RSAREF]RSAR_ERR.C").EQS."") -$ THEN -$! -$! Tell The User That The File Doesn't Exist. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The File [-.RSAREF]RSAR_ERR.C Doesn't Exist." -$ WRITE SYS$OUTPUT "" -$! -$! Exit The Build. -$! -$ GOTO EXIT -$! -$! End The [-.RSAREF]RSAR_ERR.C File Check. -$! -$ ENDIF -$! -$! Tell The User We Are Compiling The [-.RSAREF]RSAR_ERR File. -$! -$ WRITE SYS$OUTPUT "Compiling The [-.RSAREF]RSAR_ERR File." -$! -$! Compile [-.RSAREF]RSAR_ERR.C -$! -$ CC/OBJECT='OBJ_DIR'RSAR_ERR.OBJ SYS$DISK:[-.RSAREF]RSAR_ERR.C -$! -$! Add It To The Library. -$! -$ LIBRARY/REPLACE 'LIB_NAME' 'OBJ_DIR'RSAR_ERR.OBJ -$! -$! Delete The Object File. -$! -$ DELETE 'OBJ_DIR'RSAR_ERR.OBJ;* -$! -$! End The RSAREF Check. -$! -$ ENDIF -$! -$! Figure Out What Other Modules We Are To Build. -$! -$ BUILD_SET: -$! -$! Define A Module Counter. -$! -$ MODULE_COUNTER = 0 -$! -$! Top Of The Loop. -$! -$ MODULE_NEXT: -$! -$! Extract The Module Name From The Encryption List. -$! -$ MODULE_NAME = F$ELEMENT(MODULE_COUNTER,",",ENCRYPT_TYPES) -$ IF MODULE_NAME.EQS."Basic" THEN MODULE_NAME = "" -$ MODULE_NAME1 = MODULE_NAME -$! -$! Check To See If We Are At The End Of The Module List. -$! -$ IF (MODULE_NAME.EQS.",") -$ THEN -$! -$! We Are At The End Of The Module List, Go To MODULE_DONE. -$! -$ GOTO MODULE_DONE -$! -$! End The Module List Check. -$! -$ ENDIF -$! -$! Increment The Moudle Counter. -$! -$ MODULE_COUNTER = MODULE_COUNTER + 1 -$! -$! Create The Library and Apps Module Names. -$! -$ LIB_MODULE = "LIB_" + MODULE_NAME -$ APPS_MODULE = "APPS_" + MODULE_NAME -$ IF (MODULE_NAME.EQS."ASN1_2") -$ THEN -$ MODULE_NAME = "ASN1" -$ ENDIF -$ IF (MODULE_NAME.EQS."EVP_2") -$ THEN -$ MODULE_NAME = "EVP" -$ ENDIF -$! -$! Set state (can be LIB and APPS) -$! -$ STATE = "LIB" -$ IF BUILDALL .EQS. "APPS" THEN STATE = "APPS" -$! -$! Check if the library module name actually is defined -$! -$ IF F$TYPE('LIB_MODULE') .EQS. "" -$ THEN -$ WRITE SYS$ERROR "" -$ WRITE SYS$ERROR "The module ",MODULE_NAME," does not exist. Continuing..." -$ WRITE SYS$ERROR "" -$ GOTO MODULE_NEXT -$ ENDIF -$! -$! Top Of The Module Loop. -$! -$ MODULE_AGAIN: -$! -$! Tell The User What Module We Are Building. -$! -$ IF (MODULE_NAME1.NES."") -$ THEN -$ IF STATE .EQS. "LIB" -$ THEN -$ WRITE SYS$OUTPUT "Compiling The ",MODULE_NAME1," Library Files. (",BUILDALL,",",STATE,")" -$ ELSE IF F$TYPE('APPS_MODULE') .NES. "" -$ THEN -$ WRITE SYS$OUTPUT "Compiling The ",MODULE_NAME1," Applications. (",BUILDALL,",",STATE,")" -$ ENDIF -$ ENDIF -$ ENDIF -$! -$! Define A File Counter And Set It To "0". -$! -$ FILE_COUNTER = 0 -$ APPLICATION = "" -$ APPLICATION_COUNTER = 0 -$! -$! Top Of The File Loop. -$! -$ NEXT_FILE: -$! -$! Look in the LIB_MODULE is we're in state LIB -$! -$ IF STATE .EQS. "LIB" -$ THEN -$! -$! O.K, Extract The File Name From The File List. -$! -$ FILE_NAME = F$ELEMENT(FILE_COUNTER,",",'LIB_MODULE') -$! -$! else -$! -$ ELSE -$ FILE_NAME = "," -$! -$ IF F$TYPE('APPS_MODULE') .NES. "" -$ THEN -$! -$! Extract The File Name From The File List. -$! This part is a bit more complicated. -$! -$ IF APPLICATION .EQS. "" -$ THEN -$ APPLICATION = F$ELEMENT(APPLICATION_COUNTER,";",'APPS_MODULE') -$ APPLICATION_COUNTER = APPLICATION_COUNTER + 1 -$ APPLICATION_OBJECTS = F$ELEMENT(1,"/",APPLICATION) -$ APPLICATION = F$ELEMENT(0,"/",APPLICATION) -$ FILE_COUNTER = 0 -$ ENDIF -$ -$! WRITE SYS$OUTPUT "DEBUG: SHOW SYMBOL APPLICATION*" -$! SHOW SYMBOL APPLICATION* -$! -$ IF APPLICATION .NES. ";" -$ THEN -$ FILE_NAME = F$ELEMENT(FILE_COUNTER,",",APPLICATION_OBJECTS) -$ IF FILE_NAME .EQS. "," -$ THEN -$ APPLICATION = "" -$ GOTO NEXT_FILE -$ ENDIF -$ ENDIF -$ ENDIF -$ ENDIF -$! -$! Check To See If We Are At The End Of The File List. -$! -$ IF (FILE_NAME.EQS.",") -$ THEN -$! -$! We Are At The End Of The File List, Change State Or Goto FILE_DONE. -$! -$ IF STATE .EQS. "LIB" .AND. BUILDALL .NES. "LIBRARY" -$ THEN -$ STATE = "APPS" -$ GOTO MODULE_AGAIN -$ ELSE -$ GOTO FILE_DONE -$ ENDIF -$! -$! End The File List Check. -$! -$ ENDIF -$! -$! Increment The Counter. -$! -$ FILE_COUNTER = FILE_COUNTER + 1 -$! -$! Create The Source File Name. -$! -$ TMP_FILE_NAME = F$ELEMENT(1,"]",FILE_NAME) -$ IF TMP_FILE_NAME .EQS. "]" THEN TMP_FILE_NAME = FILE_NAME -$ IF F$ELEMENT(0,".",TMP_FILE_NAME) .EQS. TMP_FILE_NAME THEN - - FILE_NAME = FILE_NAME + ".c" -$ IF (MODULE_NAME.NES."") -$ THEN -$ SOURCE_FILE = "SYS$DISK:[." + MODULE_NAME+ "]" + FILE_NAME -$ ELSE -$ SOURCE_FILE = "SYS$DISK:[]" + FILE_NAME -$ ENDIF -$ SOURCE_FILE = SOURCE_FILE - "][" -$! -$! Create The Object File Name. -$! -$ OBJECT_FILE = OBJ_DIR + F$PARSE(FILE_NAME,,,"NAME","SYNTAX_ONLY") + ".OBJ" -$ ON WARNING THEN GOTO NEXT_FILE -$! -$! Check To See If The File We Want To Compile Is Actually There. -$! -$ IF (F$SEARCH(SOURCE_FILE).EQS."") -$ THEN -$! -$! Tell The User That The File Doesn't Exist. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The File ",SOURCE_FILE," Doesn't Exist." -$ WRITE SYS$OUTPUT "" -$! -$! Exit The Build. -$! -$ GOTO EXIT -$! -$! End The File Exist Check. -$! -$ ENDIF -$! -$! Tell The User We Are Compiling The File. -$! -$ IF (MODULE_NAME.EQS."") -$ THEN -$ WRITE SYS$OUTPUT "Compiling The ",FILE_NAME," File. (",BUILDALL,",",STATE,")" -$ ENDIF -$ IF (MODULE_NAME.NES."") -$ THEN -$ WRITE SYS$OUTPUT " ",FILE_NAME,"" -$ ENDIF -$! -$! Compile The File. -$! -$ ON ERROR THEN GOTO NEXT_FILE -$ FILE_NAME0 = F$ELEMENT(0,".",FILE_NAME) -$ IF FILE_NAME - ".mar" .NES. FILE_NAME -$ THEN -$ MACRO/OBJECT='OBJECT_FILE' 'SOURCE_FILE' -$ ELSE -$ IF COMPILEWITH_CC3 - FILE_NAME0 .NES. COMPILEWITH_CC3 -$ THEN -$ CC3/OBJECT='OBJECT_FILE' 'SOURCE_FILE' -$ ELSE -$ IF COMPILEWITH_CC4 - FILE_NAME0 .NES. COMPILEWITH_CC4 -$ THEN -$ CC4/OBJECT='OBJECT_FILE' 'SOURCE_FILE' -$ ELSE -$ IF COMPILEWITH_CC5 - FILE_NAME0 .NES. COMPILEWITH_CC5 -$ THEN -$ CC5/OBJECT='OBJECT_FILE' 'SOURCE_FILE' -$ ELSE -$ CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE' -$ ENDIF -$ ENDIF -$ ENDIF -$ ENDIF -$ IF STATE .EQS. "LIB" -$ THEN -$! -$! Add It To The Library. -$! -$ LIBRARY/REPLACE 'LIB_NAME' 'OBJECT_FILE' -$! -$! Time To Clean Up The Object File. -$! -$ DELETE 'OBJECT_FILE';* -$ ENDIF -$! -$! Go Back And Do It Again. -$! -$ GOTO NEXT_FILE -$! -$! All Done With This Library Part. -$! -$ FILE_DONE: -$! -$! Time To Build Some Applications -$! -$ IF F$TYPE('APPS_MODULE') .NES. "" .AND. BUILDALL .NES. "LIBRARY" -$ THEN -$ APPLICATION_COUNTER = 0 -$ NEXT_APPLICATION: -$ APPLICATION = F$ELEMENT(APPLICATION_COUNTER,";",'APPS_MODULE') -$ IF APPLICATION .EQS. ";" THEN GOTO APPLICATION_DONE -$ -$ APPLICATION_COUNTER = APPLICATION_COUNTER + 1 -$ APPLICATION_OBJECTS = F$ELEMENT(1,"/",APPLICATION) -$ APPLICATION = F$ELEMENT(0,"/",APPLICATION) -$ -$! WRITE SYS$OUTPUT "DEBUG: SHOW SYMBOL APPLICATION*" -$! SHOW SYMBOL APPLICATION* -$! -$! Tell the user what happens -$! -$ WRITE SYS$OUTPUT " ",APPLICATION,".exe" -$! -$! Link The Program, Check To See If We Need To Link With RSAREF Or Not. -$! -$ ON ERROR THEN GOTO NEXT_APPLICATION -$ IF (RSAREF.EQS."TRUE") -$ THEN -$! -$! Check To See If We Are To Link With A Specific TCP/IP Library. -$! -$ IF (TCPIP_LIB.NES."") -$ THEN -$! -$! Link With The RSAREF Library And A Specific TCP/IP Library. -$! -$ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR''APPLICATION'.EXE - - 'OBJ_DIR''APPLICATION_OBJECTS', - - 'CRYPTO_LIB'/LIBRARY,'RSAREF_LIB'/LIBRARY, - - 'TCPIP_LIB','OPT_FILE'/OPTION -$! -$! Else... -$! -$ ELSE -$! -$! Link With The RSAREF Library And NO TCP/IP Library. -$! -$ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR''APPLICATION'.EXE - - 'OBJ_DIR''APPLICATION_OBJECTS', - - 'CRYPTO_LIB'/LIBRARY,'RSAREF_LIB'/LIBRARY, - - 'OPT_FILE'/OPTION -$! -$! End The TCP/IP Library Check. -$! -$ ENDIF -$! -$! Else... -$! -$ ELSE -$! -$! Don't Link With The RSAREF Routines. -$! -$! -$! Check To See If We Are To Link With A Specific TCP/IP Library. -$! -$ IF (TCPIP_LIB.NES."") -$ THEN -$! -$! Don't Link With The RSAREF Routines And TCP/IP Library. -$! -$ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR''APPLICATION'.EXE - - 'OBJ_DIR''APPLICATION_OBJECTS', - - 'CRYPTO_LIB'/LIBRARY, - - 'TCPIP_LIB','OPT_FILE'/OPTION -$! -$! Else... -$! -$ ELSE -$! -$! Don't Link With The RSAREF Routines And Link With A TCP/IP Library. -$! -$ LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR''APPLICATION'.EXE - - 'OBJ_DIR''APPLICATION_OBJECTS',- - 'CRYPTO_LIB'/LIBRARY, - - 'OPT_FILE'/OPTION -$! -$! End The TCP/IP Library Check. -$! -$ ENDIF -$! -$! End The RSAREF Link Check. -$! -$ ENDIF -$ GOTO NEXT_APPLICATION -$ APPLICATION_DONE: -$ ENDIF -$! -$! Go Back And Get The Next Module. -$! -$ GOTO MODULE_NEXT -$! -$! All Done With This Module. -$! -$ MODULE_DONE: -$! -$! Tell The User That We Are All Done. -$! -$ WRITE SYS$OUTPUT "All Done..." -$ EXIT: -$ GOSUB CLEANUP -$ EXIT -$! -$! Check For The Link Option FIle. -$! -$ CHECK_OPT_FILE: -$! -$! Check To See If We Need To Make A VAX C Option File. -$! -$ IF (COMPILER.EQS."VAXC") -$ THEN -$! -$! Check To See If We Already Have A VAX C Linker Option File. -$! -$ IF (F$SEARCH(OPT_FILE).EQS."") -$ THEN -$! -$! We Need A VAX C Linker Option File. -$! -$ CREATE 'OPT_FILE' -$DECK -! -! Default System Options File To Link Agianst -! The Sharable VAX C Runtime Library. -! -SYS$SHARE:VAXCRTL.EXE/SHARE -$EOD -$! -$! End The Option File Check. -$! -$ ENDIF -$! -$! End The VAXC Check. -$! -$ ENDIF -$! -$! Check To See If We Need A GNU C Option File. -$! -$ IF (COMPILER.EQS."GNUC") -$ THEN -$! -$! Check To See If We Already Have A GNU C Linker Option File. -$! -$ IF (F$SEARCH(OPT_FILE).EQS."") -$ THEN -$! -$! We Need A GNU C Linker Option File. -$! -$ CREATE 'OPT_FILE' -$DECK -! -! Default System Options File To Link Agianst -! The Sharable C Runtime Library. -! -GNU_CC:[000000]GCCLIB/LIBRARY -SYS$SHARE:VAXCRTL/SHARE -$EOD -$! -$! End The Option File Check. -$! -$ ENDIF -$! -$! End The GNU C Check. -$! -$ ENDIF -$! -$! Check To See If We Need A DEC C Option File. -$! -$ IF (COMPILER.EQS."DECC") -$ THEN -$! -$! Check To See If We Already Have A DEC C Linker Option File. -$! -$ IF (F$SEARCH(OPT_FILE).EQS."") -$ THEN -$! -$! Figure Out If We Need An AXP Or A VAX Linker Option File. -$! -$ IF ARCH .EQS. "VAX" -$ THEN -$! -$! We Need A DEC C Linker Option File For VAX. -$! -$ CREATE 'OPT_FILE' -$DECK -! -! Default System Options File To Link Agianst -! The Sharable DEC C Runtime Library. -! -SYS$SHARE:DECC$SHR.EXE/SHARE -$EOD -$! -$! Else... -$! -$ ELSE -$! -$! Create The AXP Linker Option File. -$! -$ CREATE 'OPT_FILE' -$DECK -! -! Default System Options File For AXP To Link Agianst -! The Sharable C Runtime Library. -! -SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE -SYS$SHARE:CMA$OPEN_RTL/SHARE -$EOD -$! -$! End The VAX/AXP DEC C Option File Check. -$! -$ ENDIF -$! -$! End The Option File Search. -$! -$ ENDIF -$! -$! End The DEC C Check. -$! -$ ENDIF -$! -$! Tell The User What Linker Option File We Are Using. -$! -$ WRITE SYS$OUTPUT "Using Linker Option File ",OPT_FILE,"." -$! -$! Time To RETURN. -$! -$ RETURN -$! -$! Check The User's Options. -$! -$ CHECK_OPTIONS: -$! -$! Check To See If P1 Is Blank. -$! -$ IF (P1.EQS."ALL") -$ THEN -$! -$! P1 Is Blank, So Build Everything. -$! -$ BUILDALL = "TRUE" -$! -$! Else... -$! -$ ELSE -$! -$! Else, Check To See If P1 Has A Valid Arguement. -$! -$ IF (P1.EQS."LIBRARY").OR.(P1.EQS."APPS") -$ THEN -$! -$! A Valid Arguement. -$! -$ BUILDALL = P1 -$! -$! Else... -$! -$ ELSE -$! -$! Tell The User We Don't Know What They Want. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The Option ",P1," Is Invalid. The Valid Options Are:" -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT " ALL : Just Build Everything." -$ WRITE SYS$OUTPUT " LIBRARY : To Compile Just The [.xxx.EXE.SSL]LIBCRYPTO.OLB Library." -$ WRITE SYS$OUTPUT " APPS : To Compile Just The [.xxx.EXE.SSL]*.EXE Programs." -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT " Where 'xxx' Stands For:" -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT " AXP : Alpha Architecture." -$ WRITE SYS$OUTPUT " VAX : VAX Architecture." -$ WRITE SYS$OUTPUT "" -$! -$! Time To EXIT. -$! -$ EXIT -$! -$! End The Valid Arguement Check. -$! -$ ENDIF -$! -$! End The P1 Check. -$! -$ ENDIF -$! -$! Check To See If P2 Is Blank. -$! -$ P2 = "NORSAREF" -$ IF (P2.EQS."NORSAREF") -$ THEN -$! -$! P2 Is NORSAREF, So Compile With The Regular RSA Libraries. -$! -$ RSAREF = "FALSE" -$ ELSE -$! -$! Check To See If We Are To Use The RSAREF Library. -$! -$ IF (P2.EQS."RSAREF") -$ THEN -$! -$! Check To Make Sure We Have The RSAREF Source Code Directory. -$! -$ IF (F$SEARCH("SYS$DISK:[-.RSAREF]SOURCE.DIR").EQS."") -$ THEN -$! -$! We Don't Have The RSAREF Souce Code Directory, So Tell The -$! User This. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "It appears that you don't have the RSAREF Souce Code." -$ WRITE SYS$OUTPUT "You need to go to 'ftp://ftp.rsa.com/rsaref'. You have to" -$ WRITE SYS$OUTPUT "get the '.tar-Z' file as the '.zip' file doesn't have the" -$ WRITE SYS$OUTPUT "directory structure stored. You have to extract the file" -$ WRITE SYS$OUTPUT "into the [.RSAREF] directory under the root directory" -$ WRITE SYS$OUTPUT "as that is where the scripts will look for the files." -$ WRITE SYS$OUTPUT "" -$! -$! Time To Exit. -$! -$ EXIT -$! -$! Else, Compile Using The RSAREF Library. -$! -$ ELSE -$ RSAREF = "TRUE" -$ ENDIF -$ ELSE -$! -$! They Entered An Invalid Option.. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The Option ",P2," Is Invalid. The Valid Options Are:" -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT " RSAREF : Compile With The RSAREF Library." -$ WRITE SYS$OUTPUT " NORSAREF : Compile With The Regular RSA Library." -$ WRITE SYS$OUTPUT "" -$! -$! Time To EXIT. -$! -$ EXIT -$! -$! End The Valid Arguement Check. -$! -$ ENDIF -$! -$! End The P2 Check. -$! -$ ENDIF -$! -$! Check To See If P3 Is Blank. -$! -$ IF (P3.EQS."NODEBUG") -$ THEN -$! -$! P3 Is NODEBUG, So Compile Without The Debugger Information. -$! -$ DEBUGGER = "NODEBUG" -$ TRACEBACK = "NOTRACEBACK" -$ GCC_OPTIMIZE = "OPTIMIZE" -$ CC_OPTIMIZE = "OPTIMIZE" -$ MACRO_OPTIMIZE = "OPTIMIZE" -$ WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile." -$ WRITE SYS$OUTPUT "Compiling With Compiler Optimization." -$ ELSE -$! -$! Check To See If We Are To Compile With Debugger Information. -$! -$ IF (P3.EQS."DEBUG") -$ THEN -$! -$! Compile With Debugger Information. -$! -$ DEBUGGER = "DEBUG" -$ TRACEBACK = "TRACEBACK" -$ GCC_OPTIMIZE = "NOOPTIMIZE" -$ CC_OPTIMIZE = "NOOPTIMIZE" -$ MACRO_OPTIMIZE = "NOOPTIMIZE" -$ WRITE SYS$OUTPUT "Debugger Information Will Be Produced During Compile." -$ WRITE SYS$OUTPUT "Compiling Without Compiler Optimization." -$ ELSE -$! -$! They Entered An Invalid Option.. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The Option ",P3," Is Invalid. The Valid Options Are:" -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT " DEBUG : Compile With The Debugger Information." -$ WRITE SYS$OUTPUT " NODEBUG : Compile Without The Debugger Information." -$ WRITE SYS$OUTPUT "" -$! -$! Time To EXIT. -$! -$ EXIT -$! -$! End The Valid Arguement Check. -$! -$ ENDIF -$! -$! End The P3 Check. -$! -$ ENDIF -$! -$! Special Threads For OpenVMS v7.1 Or Later -$! -$! Written By: Richard Levitte -$! richard@levitte.org -$! -$! -$! Check To See If We Have A Option For P6. -$! -$ IF (P6.EQS."") -$ THEN -$! -$! Get The Version Of VMS We Are Using. -$! -$ ISSEVEN := -$ TMP = F$ELEMENT(0,"-",F$EXTRACT(1,4,F$GETSYI("VERSION"))) -$ TMP = F$INTEGER(F$ELEMENT(0,".",TMP)+F$ELEMENT(1,".",TMP)) -$! -$! Check To See If The VMS Version Is v7.1 Or Later. -$! -$ IF (TMP.GE.71) -$ THEN -$! -$! We Have OpenVMS v7.1 Or Later, So Use The Special Threads. -$! -$ ISSEVEN := ,PTHREAD_USE_D4 -$! -$! End The VMS Version Check. -$! -$ ENDIF -$! -$! End The P6 Check. -$! -$ ENDIF -$! -$! Check To See If P4 Is Blank. -$! -$ IF (P4.EQS."") -$ THEN -$! -$! O.K., The User Didn't Specify A Compiler, Let's Try To -$! Find Out Which One To Use. -$! -$! Check To See If We Have GNU C. -$! -$ IF (F$TRNLNM("GNU_CC").NES."") -$ THEN -$! -$! Looks Like GNUC, Set To Use GNUC. -$! -$ P4 = "GNUC" -$! -$! Else... -$! -$ ELSE -$! -$! Check To See If We Have VAXC Or DECC. -$! -$ IF (ARCH.EQS."AXP").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."") -$ THEN -$! -$! Looks Like DECC, Set To Use DECC. -$! -$ P4 = "DECC" -$! -$! Else... -$! -$ ELSE -$! -$! Looks Like VAXC, Set To Use VAXC. -$! -$ P4 = "VAXC" -$! -$! End The VAXC Compiler Check. -$! -$ ENDIF -$! -$! End The DECC & VAXC Compiler Check. -$! -$ ENDIF -$! -$! End The Compiler Check. -$! -$ ENDIF -$! -$! Check To See If We Have A Option For P5. -$! -$ IF (P5.EQS."") -$ THEN -$! -$! Find out what socket library we have available -$! -$ IF F$PARSE("SOCKETSHR:") .NES. "" -$ THEN -$! -$! We have SOCKETSHR, and it is my opinion that it's the best to use. -$! -$ P5 = "SOCKETSHR" -$! -$! Tell the user -$! -$ WRITE SYS$OUTPUT "Using SOCKETSHR for TCP/IP" -$! -$! Else, let's look for something else -$! -$ ELSE -$! -$! Like UCX (the reason to do this before Multinet is that the UCX -$! emulation is easier to use...) -$! -$ IF F$TRNLNM("UCX$IPC_SHR") .NES. "" - - .OR. F$PARSE("SYS$SHARE:UCX$IPC_SHR.EXE") .NES. "" - - .OR. F$PARSE("SYS$LIBRARY:UCX$IPC.OLB") .NES. "" -$ THEN -$! -$! Last resort: a UCX or UCX-compatible library -$! -$ P5 = "UCX" -$! -$! Tell the user -$! -$ WRITE SYS$OUTPUT "Using UCX or an emulation thereof for TCP/IP" -$! -$! That was all... -$! -$ ENDIF -$ ENDIF -$ ENDIF -$! -$! Set Up Initial CC Definitions, Possibly With User Ones -$! -$ CCDEFS = "TCPIP_TYPE_''P5',DSO_VMS" -$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS -$ CCEXTRAFLAGS = "" -$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS -$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX" -$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN - - CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS -$! -$! Check To See If The User Entered A Valid Paramter. -$! -$ IF (P4.EQS."VAXC").OR.(P4.EQS."DECC").OR.(P4.EQS."GNUC") -$ THEN -$! -$! Check To See If The User Wanted DECC. -$! -$ IF (P4.EQS."DECC") -$ THEN -$! -$! Looks Like DECC, Set To Use DECC. -$! -$ COMPILER = "DECC" -$! -$! Tell The User We Are Using DECC. -$! -$ WRITE SYS$OUTPUT "Using DECC 'C' Compiler." -$! -$! Use DECC... -$! -$ CC = "CC" -$ IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" - - THEN CC = "CC/DECC" -$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + - - "/NOLIST/PREFIX=ALL" + - - "/INCLUDE=(SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP])" + - - CCEXTRAFLAGS -$! -$! Define The Linker Options File Name. -$! -$ OPT_FILE = "SYS$DISK:[]VAX_DECC_OPTIONS.OPT" -$! -$! End DECC Check. -$! -$ ENDIF -$! -$! Check To See If We Are To Use VAXC. -$! -$ IF (P4.EQS."VAXC") -$ THEN -$! -$! Looks Like VAXC, Set To Use VAXC. -$! -$ COMPILER = "VAXC" -$! -$! Tell The User We Are Using VAX C. -$! -$ WRITE SYS$OUTPUT "Using VAXC 'C' Compiler." -$! -$! Compile Using VAXC. -$! -$ CC = "CC" -$ IF ARCH.EQS."AXP" -$ THEN -$ WRITE SYS$OUTPUT "There is no VAX C on Alpha!" -$ EXIT -$ ENDIF -$ IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC" -$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + - - "/INCLUDE=(SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + - - CCEXTRAFLAGS -$ CCDEFS = """VAXC""," + CCDEFS -$! -$! Define As SYS$COMMON:[SYSLIB] -$! -$ DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB] -$! -$! Define The Linker Options File Name. -$! -$ OPT_FILE = "SYS$DISK:[]VAX_VAXC_OPTIONS.OPT" -$! -$! End VAXC Check -$! -$ ENDIF -$! -$! Check To See If We Are To Use GNU C. -$! -$ IF (P4.EQS."GNUC") -$ THEN -$! -$! Looks Like GNUC, Set To Use GNUC. -$! -$ COMPILER = "GNUC" -$! -$! Tell The User We Are Using GNUC. -$! -$ WRITE SYS$OUTPUT "Using GNU 'C' Compiler." -$! -$! Use GNU C... -$! -$ CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + - - "/INCLUDE=(SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + - - CCEXTRAFLAGS -$! -$! Define The Linker Options File Name. -$! -$ OPT_FILE = "SYS$DISK:[]VAX_GNUC_OPTIONS.OPT" -$! -$! End The GNU C Check. -$! -$ ENDIF -$! -$! Set up default defines -$! -$ CCDEFS = """FLAT_INC=1""," + CCDEFS -$! -$! Check To See If We Are To Compile With RSAREF Routines. -$! -$ IF (RSAREF.EQS."TRUE") -$ THEN -$! -$! Compile With RSAREF. -$! -$ CCDEFS = CCDEFS + ",""RSAref=1""" -$! -$! Tell The User This. -$! -$ WRITE SYS$OUTPUT "Compiling With RSAREF Routines." -$! -$! Else, We Don't Care. Compile Without The RSAREF Library. -$! -$ ELSE -$! -$! Tell The User We Are Compile Without The RSAREF Routines. -$! -$ WRITE SYS$OUTPUT "Compiling Without The RSAREF Routines. -$! -$! End The RSAREF Check. -$! -$ ENDIF -$! -$! Finish up the definition of CC. -$! -$ IF COMPILER .EQS. "DECC" -$ THEN -$ IF CCDISABLEWARNINGS .EQS. "" -$ THEN -$ CC4DISABLEWARNINGS = "DOLLARID" -$ ELSE -$ CC4DISABLEWARNINGS = CCDISABLEWARNINGS + ",DOLLARID" -$ CCDISABLEWARNINGS = "/WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))" -$ ENDIF -$ CC4DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))" -$ ELSE -$ CCDISABLEWARNINGS = "" -$ CC4DISABLEWARNINGS = "" -$ ENDIF -$ CC3 = CC + "/DEFINE=(" + CCDEFS + ISSEVEN + ")" + CCDISABLEWARNINGS -$ CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS -$ IF ARCH .EQS. "VAX" .AND. COMPILER .EQS. "DECC" .AND. P3 .NES. "DEBUG" -$ THEN -$ CC5 = CC + "/OPTIMIZE=NODISJOINT" -$ ELSE -$ CC5 = CC + "/NOOPTIMIZE" -$ ENDIF -$ CC4 = CC - CCDISABLEWARNINGS + CC4DISABLEWARNINGS -$! -$! Show user the result -$! -$ WRITE SYS$OUTPUT "Main C Compiling Command: ",CC -$! -$! Else The User Entered An Invalid Arguement. -$! -$ ELSE -$! -$! Tell The User We Don't Know What They Want. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The Option ",P4," Is Invalid. The Valid Options Are:" -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT " VAXC : To Compile With VAX C." -$ WRITE SYS$OUTPUT " DECC : To Compile With DEC C." -$ WRITE SYS$OUTPUT " GNUC : To Compile With GNU C." -$ WRITE SYS$OUTPUT "" -$! -$! Time To EXIT. -$! -$ EXIT -$! -$! End The Valid Arguement Check. -$! -$ ENDIF -$! -$! Build a MACRO command for the architecture at hand -$! -$ IF ARCH .EQS. "VAX" THEN MACRO = "MACRO/''DEBUGGER'" -$ IF ARCH .EQS. "AXP" THEN MACRO = "MACRO/MIGRATION/''DEBUGGER'/''MACRO_OPTIMIZE'" -$! -$! Show user the result -$! -$ WRITE SYS$OUTPUT "Main MACRO Compiling Command: ",MACRO -$! -$! Time to check the contents, and to make sure we get the correct library. -$! -$ IF P5.EQS."SOCKETSHR" .OR. P5.EQS."MULTINET" .OR. P5.EQS."UCX" - - .OR. P5.EQS."TCPIP" .OR. P5.EQS."NONE" -$ THEN -$! -$! Check to see if SOCKETSHR was chosen -$! -$ IF P5.EQS."SOCKETSHR" -$ THEN -$! -$! Set the library to use SOCKETSHR -$! -$ TCPIP_LIB = "SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT/OPT" -$! -$! Done with SOCKETSHR -$! -$ ENDIF -$! -$! Check to see if MULTINET was chosen -$! -$ IF P5.EQS."MULTINET" -$ THEN -$! -$! Set the library to use UCX emulation. -$! -$ P5 = "UCX" -$! -$! Done with MULTINET -$! -$ ENDIF -$! -$! Check to see if UCX was chosen -$! -$ IF P5.EQS."UCX" -$ THEN -$! -$! Set the library to use UCX. -$! -$ TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT/OPT" -$ IF F$TRNLNM("UCX$IPC_SHR") .NES. "" -$ THEN -$ TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT/OPT" -$ ELSE -$ IF COMPILER .NES. "DECC" .AND. ARCH .EQS. "VAX" THEN - - TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT/OPT" -$ ENDIF -$! -$! Done with UCX -$! -$ ENDIF -$! -$! Check to see if TCPIP was chosen -$! -$ IF P5.EQS."TCPIP" -$ THEN -$! -$! Set the library to use TCPIP (post UCX). -$! -$ TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT/OPT" -$! -$! Done with TCPIP -$! -$ ENDIF -$! -$! Check to see if NONE was chosen -$! -$ IF P5.EQS."NONE" -$ THEN -$! -$! Do not use a TCPIP library. -$! -$ TCPIP_LIB = "" -$! -$! Done with TCPIP -$! -$ ENDIF -$! -$! Print info -$! -$ WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB -$! -$! Else The User Entered An Invalid Arguement. -$! -$ ELSE -$! -$! Tell The User We Don't Know What They Want. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The Option ",P5," Is Invalid. The Valid Options Are:" -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT " SOCKETSHR : To link with SOCKETSHR TCP/IP library." -$ WRITE SYS$OUTPUT " UCX : To link with UCX TCP/IP library." -$ WRITE SYS$OUTPUT " TCPIP : To link with TCPIP (post UCX) TCP/IP library." -$ WRITE SYS$OUTPUT "" -$! -$! Time To EXIT. -$! -$ EXIT -$! -$! Done with TCP/IP libraries -$! -$ ENDIF -$! -$! Check if the user wanted to compile just a subset of all the encryption -$! methods. -$! -$ IF P7 .NES. "" -$ THEN -$ ENCRYPT_TYPES = P7 -$! NYI: ENCRYPT_PROGRAMS = P7 -$ ENDIF -$! -$! Time To RETURN... -$! -$ RETURN -$! -$ INITIALISE: -$! -$! Save old value of the logical name OPENSSL -$! -$ __SAVE_OPENSSL = F$TRNLNM("OPENSSL","LNM$PROCESS_TABLE") -$! -$! Save directory information -$! -$ __HERE = F$PARSE(F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"))-"A.;","[]A.;") - "A.;" -$ __HERE = F$EDIT(__HERE,"UPCASE") -$ __TOP = __HERE - "CRYPTO]" -$ __INCLUDE = __TOP + "INCLUDE.OPENSSL]" -$! -$! Set up the logical name OPENSSL to point at the include directory -$! -$ DEFINE OPENSSL/NOLOG '__INCLUDE' -$! -$! Done -$! -$ RETURN -$! -$ CLEANUP: -$! -$! Restore the logical name OPENSSL if it had a value -$! -$ IF __SAVE_OPENSSL .EQS. "" -$ THEN -$ DEASSIGN OPENSSL -$ ELSE -$ DEFINE/NOLOG OPENSSL '__SAVE_OPENSSL' -$ ENDIF -$! -$! Done -$! -$ RETURN diff --git a/src/lib/libcrypto/crypto.h b/src/lib/libcrypto/crypto.h index fc6ff860afc..7de8abb437e 100644 --- a/src/lib/libcrypto/crypto.h +++ b/src/lib/libcrypto/crypto.h @@ -1,25 +1,78 @@ -/* crypto/crypto.h */ +/* $OpenBSD: crypto.h,v 1.50 2019/01/19 01:07:00 tb Exp $ */ +/* ==================================================================== + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +87,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,33 +102,31 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECDH support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ + +#include +#include +#include #ifndef HEADER_CRYPTO_H #define HEADER_CRYPTO_H -#include - -#ifndef OPENSSL_NO_FP_API -#include -#endif +#include #include #include #include - -#ifdef CHARSET_EBCDIC -#include -#endif - -/* Resolve problems on some operating systems with symbol names that clash - one way or another */ -#include +#include #ifdef __cplusplus extern "C" { @@ -92,7 +143,16 @@ extern "C" { #define SSLEAY_PLATFORM 4 #define SSLEAY_DIR 5 -/* When changing the CRYPTO_LOCK_* list, be sure to maintin the text lock +/* A generic structure to pass assorted data in a expandable way */ +typedef struct openssl_item_st { + int code; + void *value; /* Not used for flag attributes */ + size_t value_size; /* Max size of value for output, length for input */ + size_t *value_length; /* Returned length of value for output */ +} OPENSSL_ITEM; + + +/* When changing the CRYPTO_LOCK_* list, be sure to maintain the text lock * names in cryptlib.c */ @@ -106,34 +166,43 @@ extern "C" { #define CRYPTO_LOCK_DSA 8 #define CRYPTO_LOCK_RSA 9 #define CRYPTO_LOCK_EVP_PKEY 10 -#define CRYPTO_LOCK_X509_STORE 11 -#define CRYPTO_LOCK_SSL_CTX 12 -#define CRYPTO_LOCK_SSL_CERT 13 -#define CRYPTO_LOCK_SSL_SESSION 14 -#define CRYPTO_LOCK_SSL_SESS_CERT 15 -#define CRYPTO_LOCK_SSL 16 -#define CRYPTO_LOCK_RAND 17 -#define CRYPTO_LOCK_RAND2 18 -#define CRYPTO_LOCK_MALLOC 19 -#define CRYPTO_LOCK_BIO 20 -#define CRYPTO_LOCK_GETHOSTBYNAME 21 -#define CRYPTO_LOCK_GETSERVBYNAME 22 -#define CRYPTO_LOCK_READDIR 23 -#define CRYPTO_LOCK_RSA_BLINDING 24 -#define CRYPTO_LOCK_DH 25 -#define CRYPTO_LOCK_MALLOC2 26 -#define CRYPTO_LOCK_DSO 27 -#define CRYPTO_LOCK_DYNLOCK 28 -#define CRYPTO_LOCK_ENGINE 29 -#define CRYPTO_LOCK_UI 30 -#define CRYPTO_NUM_LOCKS 31 +#define CRYPTO_LOCK_X509_STORE 11 +#define CRYPTO_LOCK_SSL_CTX 12 +#define CRYPTO_LOCK_SSL_CERT 13 +#define CRYPTO_LOCK_SSL_SESSION 14 +#define CRYPTO_LOCK_SSL_SESS_CERT 15 +#define CRYPTO_LOCK_SSL 16 +#define CRYPTO_LOCK_SSL_METHOD 17 +#define CRYPTO_LOCK_RAND 18 +#define CRYPTO_LOCK_RAND2 19 +#define CRYPTO_LOCK_MALLOC 20 +#define CRYPTO_LOCK_BIO 21 +#define CRYPTO_LOCK_GETHOSTBYNAME 22 +#define CRYPTO_LOCK_GETSERVBYNAME 23 +#define CRYPTO_LOCK_READDIR 24 +#define CRYPTO_LOCK_RSA_BLINDING 25 +#define CRYPTO_LOCK_DH 26 +#define CRYPTO_LOCK_MALLOC2 27 +#define CRYPTO_LOCK_DSO 28 +#define CRYPTO_LOCK_DYNLOCK 29 +#define CRYPTO_LOCK_ENGINE 30 +#define CRYPTO_LOCK_UI 31 +#define CRYPTO_LOCK_ECDSA 32 +#define CRYPTO_LOCK_EC 33 +#define CRYPTO_LOCK_ECDH 34 +#define CRYPTO_LOCK_BN 35 +#define CRYPTO_LOCK_EC_PRE_COMP 36 +#define CRYPTO_LOCK_STORE 37 +#define CRYPTO_LOCK_COMP 38 +#define CRYPTO_LOCK_FIPS 39 +#define CRYPTO_LOCK_FIPS2 40 +#define CRYPTO_NUM_LOCKS 41 #define CRYPTO_LOCK 1 #define CRYPTO_UNLOCK 2 #define CRYPTO_READ 4 #define CRYPTO_WRITE 8 -#ifndef OPENSSL_NO_LOCKING #ifndef CRYPTO_w_lock #define CRYPTO_w_lock(type) \ CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) @@ -146,23 +215,15 @@ extern "C" { #define CRYPTO_add(addr,amount,type) \ CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__) #endif -#else -#define CRYPTO_w_lock(a) -#define CRYPTO_w_unlock(a) -#define CRYPTO_r_lock(a) -#define CRYPTO_r_unlock(a) -#define CRYPTO_add(a,b,c) ((*(a))+=(b)) -#endif /* Some applications as well as some parts of OpenSSL need to allocate and deallocate locks in a dynamic fashion. The following typedef makes this possible in a type-safe manner. */ /* struct CRYPTO_dynlock_value has to be defined by the application. */ -typedef struct - { +typedef struct { int references; struct CRYPTO_dynlock_value *data; - } CRYPTO_dynlock; +} CRYPTO_dynlock; /* The following can be used to detect memory leaks in the SSLeay library. @@ -187,33 +248,21 @@ typedef struct /* predec of the BIO type */ typedef struct bio_st BIO_dummy; -typedef struct crypto_ex_data_st - { - STACK *sk; - int dummy; /* gcc is screwing up this data structure :-( */ - } CRYPTO_EX_DATA; - -/* Called when a new object is created */ -typedef int CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad, - int idx, long argl, void *argp); -/* Called when an object is free()ed */ -typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, - int idx, long argl, void *argp); -/* Called when we need to dup an object */ -typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, - int idx, long argl, void *argp); +struct crypto_ex_data_st { + STACK_OF(void) *sk; +}; +DECLARE_STACK_OF(void) /* This stuff is basically class callback functions * The current classes are SSL_CTX, SSL, SSL_SESSION, and a few more */ -typedef struct crypto_ex_data_func_st - { +typedef struct crypto_ex_data_func_st { long argl; /* Arbitary long */ void *argp; /* Arbitary void * */ CRYPTO_EX_new *new_func; CRYPTO_EX_free *free_func; CRYPTO_EX_dup *dup_func; - } CRYPTO_EX_DATA_FUNCS; +} CRYPTO_EX_DATA_FUNCS; DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS) @@ -233,18 +282,19 @@ DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS) #define CRYPTO_EX_INDEX_ENGINE 9 #define CRYPTO_EX_INDEX_X509 10 #define CRYPTO_EX_INDEX_UI 11 +#define CRYPTO_EX_INDEX_ECDSA 12 +#define CRYPTO_EX_INDEX_ECDH 13 +#define CRYPTO_EX_INDEX_COMP 14 +#define CRYPTO_EX_INDEX_STORE 15 +#define CRYPTO_EX_INDEX_EC_KEY 16 /* Dynamically assigned indexes start from this value (don't use directly, use * via CRYPTO_ex_data_new_class). */ #define CRYPTO_EX_INDEX_USER 100 - -/* This is the default callbacks, but we can have others as well: - * this is needed in Win32 where the application malloc and the - * library malloc may not be the same. - */ -#define CRYPTO_malloc_init() CRYPTO_set_mem_functions(\ - malloc, realloc, free) +#ifndef LIBRESSL_INTERNAL +#define CRYPTO_malloc_init() (0) +#define CRYPTO_malloc_debug_init() (0) #if defined CRYPTO_MDEBUG_ALL || defined CRYPTO_MDEBUG_TIME || defined CRYPTO_MDEBUG_THREAD # ifndef CRYPTO_MDEBUG /* avoid duplicate #define */ @@ -252,17 +302,6 @@ DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS) # endif #endif -/* Set standard debugging functions (not done by default - * unless CRYPTO_MDEBUG is defined) */ -#define CRYPTO_malloc_debug_init() do {\ - CRYPTO_set_mem_debug_functions(\ - CRYPTO_dbg_malloc,\ - CRYPTO_dbg_realloc,\ - CRYPTO_dbg_free,\ - CRYPTO_dbg_set_options,\ - CRYPTO_dbg_get_options);\ - } while(0) - int CRYPTO_mem_ctrl(int mode); int CRYPTO_is_mem_check_on(void); @@ -270,14 +309,12 @@ int CRYPTO_is_mem_check_on(void); #define MemCheck_start() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON) #define MemCheck_stop() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF) -/* for library-internal use */ -#define MemCheck_on() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE) -#define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE) -#define is_MemCheck_on() CRYPTO_is_mem_check_on() - #define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__) +#define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__) #define OPENSSL_realloc(addr,num) \ CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__) +#define OPENSSL_realloc_clean(addr,old_num,num) \ + CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__) #define OPENSSL_remalloc(addr,num) \ CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__) #define OPENSSL_freeFunc CRYPTO_free @@ -286,13 +323,20 @@ int CRYPTO_is_mem_check_on(void); #define OPENSSL_malloc_locked(num) \ CRYPTO_malloc_locked((int)num,__FILE__,__LINE__) #define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr) +#endif +const char *OpenSSL_version(int type); +#define OPENSSL_VERSION 0 +#define OPENSSL_CFLAGS 1 +#define OPENSSL_BUILT_ON 2 +#define OPENSSL_PLATFORM 3 +#define OPENSSL_DIR 4 +#define OPENSSL_ENGINES_DIR 5 +unsigned long OpenSSL_version_num(void); const char *SSLeay_version(int type); unsigned long SSLeay(void); -int OPENSSL_issetugid(void); - /* An opaque type representing an implementation of "ex_data" support */ typedef struct st_CRYPTO_EX_DATA_IMPL CRYPTO_EX_DATA_IMPL; /* Return an opaque pointer to the current "ex_data" implementation */ @@ -303,40 +347,59 @@ int CRYPTO_set_ex_data_implementation(const CRYPTO_EX_DATA_IMPL *i); int CRYPTO_ex_data_new_class(void); /* Within a given class, get/register a new index */ int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, - CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func); + CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, + CRYPTO_EX_free *free_func); /* Initialise/duplicate/free CRYPTO_EX_DATA variables corresponding to a given * class (invokes whatever per-class callbacks are applicable) */ int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, - CRYPTO_EX_DATA *from); + CRYPTO_EX_DATA *from); void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); /* Get/set data in a CRYPTO_EX_DATA variable corresponding to a particular index * (relative to the class type involved) */ int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val); -void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad,int idx); +void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx); /* This function cleans up all "ex_data" state. It mustn't be called under * potential race-conditions. */ void CRYPTO_cleanup_all_ex_data(void); -int CRYPTO_get_new_lockid(char *name); - -int CRYPTO_num_locks(void); /* return CRYPTO_NUM_LOCKS (shared libs!) */ -void CRYPTO_lock(int mode, int type,const char *file,int line); -void CRYPTO_set_locking_callback(void (*func)(int mode,int type, - const char *file,int line)); -void (*CRYPTO_get_locking_callback(void))(int mode,int type,const char *file, - int line); -void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount,int type, - const char *file, int line)); -int (*CRYPTO_get_add_lock_callback(void))(int *num,int mount,int type, - const char *file,int line); +void CRYPTO_lock(int mode, int type, const char *file, int line); +int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file, + int line); + +/* Don't use this structure directly. */ +typedef struct crypto_threadid_st { + void *ptr; + unsigned long val; +} CRYPTO_THREADID; +void CRYPTO_THREADID_current(CRYPTO_THREADID *id); +int CRYPTO_THREADID_cmp(const CRYPTO_THREADID *a, const CRYPTO_THREADID *b); +void CRYPTO_THREADID_cpy(CRYPTO_THREADID *dest, const CRYPTO_THREADID *src); +unsigned long CRYPTO_THREADID_hash(const CRYPTO_THREADID *id); + +#ifndef LIBRESSL_INTERNAL +/* These functions are deprecated no-op stubs */ void CRYPTO_set_id_callback(unsigned long (*func)(void)); unsigned long (*CRYPTO_get_id_callback(void))(void); unsigned long CRYPTO_thread_id(void); + +int CRYPTO_get_new_lockid(char *name); const char *CRYPTO_get_lock_name(int type); -int CRYPTO_add_lock(int *pointer,int amount,int type, const char *file, - int line); + +int CRYPTO_num_locks(void); +void CRYPTO_set_locking_callback(void (*func)(int mode, int type, + const char *file, int line)); +void (*CRYPTO_get_locking_callback(void))(int mode, int type, + const char *file, int line); +void CRYPTO_set_add_lock_callback(int (*func)(int *num, int mount, int type, + const char *file, int line)); +int (*CRYPTO_get_add_lock_callback(void))(int *num, int mount, int type, + const char *file, int line); + +void CRYPTO_THREADID_set_numeric(CRYPTO_THREADID *id, unsigned long val); +void CRYPTO_THREADID_set_pointer(CRYPTO_THREADID *id, void *ptr); +int CRYPTO_THREADID_set_callback(void (*threadid_func)(CRYPTO_THREADID *)); +void (*CRYPTO_THREADID_get_callback(void))(CRYPTO_THREADID *); int CRYPTO_get_new_dynlockid(void); void CRYPTO_destroy_dynlockid(int i); @@ -344,43 +407,51 @@ struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i); void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *(*dyn_create_function)(const char *file, int line)); void CRYPTO_set_dynlock_lock_callback(void (*dyn_lock_function)(int mode, struct CRYPTO_dynlock_value *l, const char *file, int line)); void CRYPTO_set_dynlock_destroy_callback(void (*dyn_destroy_function)(struct CRYPTO_dynlock_value *l, const char *file, int line)); -struct CRYPTO_dynlock_value *(*CRYPTO_get_dynlock_create_callback(void))(const char *file,int line); -void (*CRYPTO_get_dynlock_lock_callback(void))(int mode, struct CRYPTO_dynlock_value *l, const char *file,int line); -void (*CRYPTO_get_dynlock_destroy_callback(void))(struct CRYPTO_dynlock_value *l, const char *file,int line); +struct CRYPTO_dynlock_value *(*CRYPTO_get_dynlock_create_callback(void))(const char *file, int line); +void (*CRYPTO_get_dynlock_lock_callback(void))(int mode, struct CRYPTO_dynlock_value *l, const char *file, int line); +void (*CRYPTO_get_dynlock_destroy_callback(void))(struct CRYPTO_dynlock_value *l, const char *file, int line); +#endif /* CRYPTO_set_mem_functions includes CRYPTO_set_locked_mem_functions -- * call the latter last if you need different functions */ -int CRYPTO_set_mem_functions(void *(*m)(size_t),void *(*r)(void *,size_t), void (*f)(void *)); +int CRYPTO_set_mem_functions(void *(*m)(size_t), void *(*r)(void *, size_t), void (*f)(void *)); int CRYPTO_set_locked_mem_functions(void *(*m)(size_t), void (*free_func)(void *)); -int CRYPTO_set_mem_ex_functions(void *(*m)(size_t,const char *,int), - void *(*r)(void *,size_t,const char *,int), - void (*f)(void *)); -int CRYPTO_set_locked_mem_ex_functions(void *(*m)(size_t,const char *,int), - void (*free_func)(void *)); -int CRYPTO_set_mem_debug_functions(void (*m)(void *,int,const char *,int,int), - void (*r)(void *,void *,int,const char *,int,int), - void (*f)(void *,int), - void (*so)(long), - long (*go)(void)); -void CRYPTO_get_mem_functions(void *(**m)(size_t),void *(**r)(void *, size_t), void (**f)(void *)); +int CRYPTO_set_mem_ex_functions(void *(*m)(size_t, const char *, int), + void *(*r)(void *, size_t, const char *, int), void (*f)(void *)); +int CRYPTO_set_locked_mem_ex_functions(void *(*m)(size_t, const char *, int), + void (*free_func)(void *)); +int CRYPTO_set_mem_debug_functions( + void (*m)(void *, int, const char *, int, int), + void (*r)(void *, void *, int, const char *, int, int), + void (*f)(void *, int), void (*so)(long), long (*go)(void)); +void CRYPTO_get_mem_functions(void *(**m)(size_t), void *(**r)(void *, size_t), + void (**f)(void *)); void CRYPTO_get_locked_mem_functions(void *(**m)(size_t), void (**f)(void *)); -void CRYPTO_get_mem_ex_functions(void *(**m)(size_t,const char *,int), - void *(**r)(void *, size_t,const char *,int), - void (**f)(void *)); -void CRYPTO_get_locked_mem_ex_functions(void *(**m)(size_t,const char *,int), - void (**f)(void *)); -void CRYPTO_get_mem_debug_functions(void (**m)(void *,int,const char *,int,int), - void (**r)(void *,void *,int,const char *,int,int), - void (**f)(void *,int), - void (**so)(long), - long (**go)(void)); - +void CRYPTO_get_mem_ex_functions(void *(**m)(size_t, const char *, int), + void *(**r)(void *, size_t, const char *, int), void (**f)(void *)); +void CRYPTO_get_locked_mem_ex_functions(void *(**m)(size_t, const char *, int), + void (**f)(void *)); +void CRYPTO_get_mem_debug_functions( + void (**m)(void *, int, const char *, int, int), + void (**r)(void *, void *, int, const char *, int, int), + void (**f)(void *, int), void (**so)(long), long (**go)(void)); + +#ifndef LIBRESSL_INTERNAL void *CRYPTO_malloc_locked(int num, const char *file, int line); -void CRYPTO_free_locked(void *); +void CRYPTO_free_locked(void *ptr); void *CRYPTO_malloc(int num, const char *file, int line); -void CRYPTO_free(void *); -void *CRYPTO_realloc(void *addr,int num, const char *file, int line); -void *CRYPTO_remalloc(void *addr,int num, const char *file, int line); +char *CRYPTO_strdup(const char *str, const char *file, int line); +void CRYPTO_free(void *ptr); +void *CRYPTO_realloc(void *addr, int num, const char *file, int line); +#endif + +void *CRYPTO_realloc_clean(void *addr, int old_num, int num, + const char *file, int line); +void *CRYPTO_remalloc(void *addr, int num, const char *file, int line); + +#ifndef LIBRESSL_INTERNAL +void OPENSSL_cleanse(void *ptr, size_t len); +#endif void CRYPTO_set_mem_debug_options(long bits); long CRYPTO_get_mem_debug_options(void); @@ -399,9 +470,12 @@ int CRYPTO_remove_all_info(void); * 0: called before the actual memory allocation has taken place * 1: called after the actual memory allocation has taken place */ -void CRYPTO_dbg_malloc(void *addr,int num,const char *file,int line,int before_p); -void CRYPTO_dbg_realloc(void *addr1,void *addr2,int num,const char *file,int line,int before_p); -void CRYPTO_dbg_free(void *addr,int before_p); +void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line, int before_p) + __attribute__ ((deprecated)); +void CRYPTO_dbg_realloc(void *addr1, void *addr2, int num, const char *file, int line, int before_p) + __attribute__ ((deprecated)); +void CRYPTO_dbg_free(void *addr, int before_p) + __attribute__ ((deprecated)); /* Tell the debugging code about options. By default, the following values * apply: * @@ -410,18 +484,36 @@ void CRYPTO_dbg_free(void *addr,int before_p); * V_CRYPTO_MDEBUG_THREAD (2): Set the "Show Thread Number" option. * V_CRYPTO_MDEBUG_ALL (3): 1 + 2 */ -void CRYPTO_dbg_set_options(long bits); -long CRYPTO_dbg_get_options(void); +void CRYPTO_dbg_set_options(long bits) + __attribute__ ((deprecated)); +long CRYPTO_dbg_get_options(void) + __attribute__ ((deprecated)); -#ifndef OPENSSL_NO_FP_API -void CRYPTO_mem_leaks_fp(FILE *); -#endif -void CRYPTO_mem_leaks(struct bio_st *bio); +int CRYPTO_mem_leaks_fp(FILE *); +int CRYPTO_mem_leaks(struct bio_st *bio); /* unsigned long order, char *file, int line, int num_bytes, char *addr */ -typedef void *CRYPTO_MEM_LEAK_CB(unsigned long, const char *, int, int, void *); -void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb); +typedef int *CRYPTO_MEM_LEAK_CB(unsigned long, const char *, int, int, void *); +int CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb); + +/* die if we have to */ +void OpenSSLDie(const char *file, int line, const char *assertion); +#define OPENSSL_assert(e) (void)((e) ? 0 : (OpenSSLDie(__FILE__, __LINE__, #e),1)) + +uint64_t OPENSSL_cpu_caps(void); + +int OPENSSL_isservice(void); +#ifndef LIBRESSL_INTERNAL +void OPENSSL_init(void); + +/* CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. It + * takes an amount of time dependent on |len|, but independent of the contents + * of |a| and |b|. Unlike memcmp, it cannot be used to put elements into a + * defined order as the return value when a != b is undefined, other than to be + * non-zero. */ +int CRYPTO_memcmp(const void *a, const void *b, size_t len); +#endif /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes @@ -438,13 +530,49 @@ void ERR_load_CRYPTO_strings(void); #define CRYPTO_F_CRYPTO_SET_EX_DATA 102 #define CRYPTO_F_DEF_ADD_INDEX 104 #define CRYPTO_F_DEF_GET_CLASS 105 +#define CRYPTO_F_FIPS_MODE_SET 109 #define CRYPTO_F_INT_DUP_EX_DATA 106 #define CRYPTO_F_INT_FREE_EX_DATA 107 #define CRYPTO_F_INT_NEW_EX_DATA 108 /* Reason codes. */ +#define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED 101 #define CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK 100 +/* + * OpenSSL compatible OPENSSL_INIT options. + */ + +#define OPENSSL_INIT_NO_LOAD_CONFIG 0x00000001L +#define OPENSSL_INIT_LOAD_CONFIG 0x00000002L + +/* LibreSSL specific */ +#define _OPENSSL_INIT_FLAG_NOOP 0x80000000L + +/* + * These are provided for compatibiliy, but have no effect + * on how LibreSSL is initialized. + */ +#define OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS _OPENSSL_INIT_FLAG_NOOP +#define OPENSSL_INIT_LOAD_CRYPTO_STRINGS _OPENSSL_INIT_FLAG_NOOP +#define OPENSSL_INIT_ADD_ALL_CIPHERS _OPENSSL_INIT_FLAG_NOOP +#define OPENSSL_INIT_ADD_ALL_DIGESTS _OPENSSL_INIT_FLAG_NOOP +#define OPENSSL_INIT_NO_ADD_ALL_CIPHERS _OPENSSL_INIT_FLAG_NOOP +#define OPENSSL_INIT_NO_ADD_ALL_DIGESTS _OPENSSL_INIT_FLAG_NOOP +#define OPENSSL_INIT_ASYNC _OPENSSL_INIT_FLAG_NOOP +#define OPENSSL_INIT_ENGINE_RDRAND _OPENSSL_INIT_FLAG_NOOP +#define OPENSSL_INIT_ENGINE_DYNAMIC _OPENSSL_INIT_FLAG_NOOP +#define OPENSSL_INIT_ENGINE_OPENSSL _OPENSSL_INIT_FLAG_NOOP +#define OPENSSL_INIT_ENGINE_CRYPTODEV _OPENSSL_INIT_FLAG_NOOP +#define OPENSSL_INIT_ENGINE_CAPI _OPENSSL_INIT_FLAG_NOOP +#define OPENSSL_INIT_ENGINE_PADLOCK _OPENSSL_INIT_FLAG_NOOP +#define OPENSSL_INIT_ENGINE_AFALG _OPENSSL_INIT_FLAG_NOOP +#define OPENSSL_INIT_reserved_internal _OPENSSL_INIT_FLAG_NOOP +#define OPENSSL_INIT_ATFORK _OPENSSL_INIT_FLAG_NOOP +#define OPENSSL_INIT_ENGINE_ALL_BUILTIN _OPENSSL_INIT_FLAG_NOOP + +int OPENSSL_init_crypto(uint64_t opts, const void *settings); + #ifdef __cplusplus } #endif diff --git a/src/lib/libcrypto/crypto_init.c b/src/lib/libcrypto/crypto_init.c new file mode 100644 index 00000000000..67e79208904 --- /dev/null +++ b/src/lib/libcrypto/crypto_init.c @@ -0,0 +1,65 @@ +/* + * Copyright (c) 2018 Bob Beck + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* OpenSSL style init */ + +#include +#include + +#include +#include +#include +#include + +#include "cryptlib.h" + +int OpenSSL_config(const char *); +int OpenSSL_no_config(void); + +static pthread_t crypto_init_thread; + +static void +OPENSSL_init_crypto_internal(void) +{ + crypto_init_thread = pthread_self(); + + OPENSSL_cpuid_setup(); + ERR_load_crypto_strings(); + OpenSSL_add_all_ciphers(); + OpenSSL_add_all_digests(); +} + +int +OPENSSL_init_crypto(uint64_t opts, const void *settings) +{ + static pthread_once_t once = PTHREAD_ONCE_INIT; + + if (pthread_equal(pthread_self(), crypto_init_thread)) + return 1; /* don't recurse */ + + if (pthread_once(&once, OPENSSL_init_crypto_internal) != 0) + return 0; + + if ((opts & OPENSSL_INIT_NO_LOAD_CONFIG) && + (OpenSSL_no_config() == 0)) + return 0; + + if ((opts & OPENSSL_INIT_LOAD_CONFIG) && + (OpenSSL_config(NULL) == 0)) + return 0; + + return 1; +} diff --git a/src/lib/libcrypto/crypto_lock.c b/src/lib/libcrypto/crypto_lock.c new file mode 100644 index 00000000000..5d317a81c00 --- /dev/null +++ b/src/lib/libcrypto/crypto_lock.c @@ -0,0 +1,95 @@ +/* $OpenBSD: crypto_lock.c,v 1.2 2018/11/28 15:51:32 jsing Exp $ */ +/* + * Copyright (c) 2018 Brent Cook + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include + +static pthread_mutex_t locks[] = { + PTHREAD_MUTEX_INITIALIZER, + PTHREAD_MUTEX_INITIALIZER, + PTHREAD_MUTEX_INITIALIZER, + PTHREAD_MUTEX_INITIALIZER, + PTHREAD_MUTEX_INITIALIZER, + PTHREAD_MUTEX_INITIALIZER, + PTHREAD_MUTEX_INITIALIZER, + PTHREAD_MUTEX_INITIALIZER, + PTHREAD_MUTEX_INITIALIZER, + PTHREAD_MUTEX_INITIALIZER, + PTHREAD_MUTEX_INITIALIZER, + PTHREAD_MUTEX_INITIALIZER, + PTHREAD_MUTEX_INITIALIZER, + PTHREAD_MUTEX_INITIALIZER, + PTHREAD_MUTEX_INITIALIZER, + PTHREAD_MUTEX_INITIALIZER, + PTHREAD_MUTEX_INITIALIZER, + PTHREAD_MUTEX_INITIALIZER, + PTHREAD_MUTEX_INITIALIZER, + PTHREAD_MUTEX_INITIALIZER, + PTHREAD_MUTEX_INITIALIZER, + PTHREAD_MUTEX_INITIALIZER, + PTHREAD_MUTEX_INITIALIZER, + PTHREAD_MUTEX_INITIALIZER, + PTHREAD_MUTEX_INITIALIZER, + PTHREAD_MUTEX_INITIALIZER, + PTHREAD_MUTEX_INITIALIZER, + PTHREAD_MUTEX_INITIALIZER, + PTHREAD_MUTEX_INITIALIZER, + PTHREAD_MUTEX_INITIALIZER, + PTHREAD_MUTEX_INITIALIZER, + PTHREAD_MUTEX_INITIALIZER, + PTHREAD_MUTEX_INITIALIZER, + PTHREAD_MUTEX_INITIALIZER, + PTHREAD_MUTEX_INITIALIZER, + PTHREAD_MUTEX_INITIALIZER, + PTHREAD_MUTEX_INITIALIZER, + PTHREAD_MUTEX_INITIALIZER, + PTHREAD_MUTEX_INITIALIZER, + PTHREAD_MUTEX_INITIALIZER, + PTHREAD_MUTEX_INITIALIZER, +}; + +#define CTASSERT(x) extern char _ctassert[(x) ? 1 : -1 ] \ + __attribute__((__unused__)) + +CTASSERT((sizeof(locks) / sizeof(*locks)) == CRYPTO_NUM_LOCKS); + +void +CRYPTO_lock(int mode, int type, const char *file, int line) +{ + if (type < 0 || type >= CRYPTO_NUM_LOCKS) + return; + + if (mode & CRYPTO_LOCK) + (void) pthread_mutex_lock(&locks[type]); + else if (mode & CRYPTO_UNLOCK) + (void) pthread_mutex_unlock(&locks[type]); +} + +int +CRYPTO_add_lock(int *pointer, int amount, int type, const char *file, + int line) +{ + int ret; + + CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE, type, file, line); + ret = *pointer + amount; + *pointer = ret; + CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE, type, file, line); + + return (ret); +} diff --git a/src/lib/libcrypto/curve25519/curve25519-generic.c b/src/lib/libcrypto/curve25519/curve25519-generic.c new file mode 100644 index 00000000000..e7373d2bcb8 --- /dev/null +++ b/src/lib/libcrypto/curve25519/curve25519-generic.c @@ -0,0 +1,33 @@ +/* + * Copyright (c) 2015, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This code is mostly taken from the ref10 version of Ed25519 in SUPERCOP + * 20141124 (http://bench.cr.yp.to/supercop.html). That code is released as + * public domain but this file has the ISC license just to keep licencing + * simple. + * + * The field functions are shared by Ed25519 and X25519 where possible. + */ + +#include "curve25519_internal.h" + +void +x25519_scalar_mult(uint8_t out[32], const uint8_t scalar[32], + const uint8_t point[32]) +{ + x25519_scalar_mult_generic(out, scalar, point); +} diff --git a/src/lib/libcrypto/curve25519/curve25519.c b/src/lib/libcrypto/curve25519/curve25519.c new file mode 100644 index 00000000000..994b804af5c --- /dev/null +++ b/src/lib/libcrypto/curve25519/curve25519.c @@ -0,0 +1,4934 @@ +/* + * Copyright (c) 2015, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * This code is mostly taken from the ref10 version of Ed25519 in SUPERCOP + * 20141124 (http://bench.cr.yp.to/supercop.html). That code is released as + * public domain but this file has the ISC license just to keep licencing + * simple. + * + * The field functions are shared by Ed25519 and X25519 where possible. + */ + +#include +#include + +#include + +#ifdef ED25519 +#include +#endif + +#include "curve25519_internal.h" + +static const int64_t kBottom25Bits = 0x1ffffffLL; +static const int64_t kBottom26Bits = 0x3ffffffLL; +static const int64_t kTop39Bits = 0xfffffffffe000000LL; +static const int64_t kTop38Bits = 0xfffffffffc000000LL; + +static uint64_t load_3(const uint8_t *in) { + uint64_t result; + result = (uint64_t)in[0]; + result |= ((uint64_t)in[1]) << 8; + result |= ((uint64_t)in[2]) << 16; + return result; +} + +static uint64_t load_4(const uint8_t *in) { + uint64_t result; + result = (uint64_t)in[0]; + result |= ((uint64_t)in[1]) << 8; + result |= ((uint64_t)in[2]) << 16; + result |= ((uint64_t)in[3]) << 24; + return result; +} + +static void fe_frombytes(fe h, const uint8_t *s) { + /* Ignores top bit of h. */ + int64_t h0 = load_4(s); + int64_t h1 = load_3(s + 4) << 6; + int64_t h2 = load_3(s + 7) << 5; + int64_t h3 = load_3(s + 10) << 3; + int64_t h4 = load_3(s + 13) << 2; + int64_t h5 = load_4(s + 16); + int64_t h6 = load_3(s + 20) << 7; + int64_t h7 = load_3(s + 23) << 5; + int64_t h8 = load_3(s + 26) << 4; + int64_t h9 = (load_3(s + 29) & 8388607) << 2; + int64_t carry0; + int64_t carry1; + int64_t carry2; + int64_t carry3; + int64_t carry4; + int64_t carry5; + int64_t carry6; + int64_t carry7; + int64_t carry8; + int64_t carry9; + + carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits; + carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits; + carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits; + carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits; + carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits; + + carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits; + carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits; + carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits; + carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits; + carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits; + + h[0] = h0; + h[1] = h1; + h[2] = h2; + h[3] = h3; + h[4] = h4; + h[5] = h5; + h[6] = h6; + h[7] = h7; + h[8] = h8; + h[9] = h9; +} + +/* Preconditions: + * |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. + * + * Write p=2^255-19; q=floor(h/p). + * Basic claim: q = floor(2^(-255)(h + 19 2^(-25)h9 + 2^(-1))). + * + * Proof: + * Have |h|<=p so |q|<=1 so |19^2 2^(-255) q|<1/4. + * Also have |h-2^230 h9|<2^231 so |19 2^(-255)(h-2^230 h9)|<1/4. + * + * Write y=2^(-1)-19^2 2^(-255)q-19 2^(-255)(h-2^230 h9). + * Then 0> 25; + q = (h0 + q) >> 26; + q = (h1 + q) >> 25; + q = (h2 + q) >> 26; + q = (h3 + q) >> 25; + q = (h4 + q) >> 26; + q = (h5 + q) >> 25; + q = (h6 + q) >> 26; + q = (h7 + q) >> 25; + q = (h8 + q) >> 26; + q = (h9 + q) >> 25; + + /* Goal: Output h-(2^255-19)q, which is between 0 and 2^255-20. */ + h0 += 19 * q; + /* Goal: Output h-2^255 q, which is between 0 and 2^255-20. */ + + h1 += h0 >> 26; h0 &= kBottom26Bits; + h2 += h1 >> 25; h1 &= kBottom25Bits; + h3 += h2 >> 26; h2 &= kBottom26Bits; + h4 += h3 >> 25; h3 &= kBottom25Bits; + h5 += h4 >> 26; h4 &= kBottom26Bits; + h6 += h5 >> 25; h5 &= kBottom25Bits; + h7 += h6 >> 26; h6 &= kBottom26Bits; + h8 += h7 >> 25; h7 &= kBottom25Bits; + h9 += h8 >> 26; h8 &= kBottom26Bits; + h9 &= kBottom25Bits; + /* h10 = carry9 */ + + /* Goal: Output h0+...+2^255 h10-2^255 q, which is between 0 and 2^255-20. + * Have h0+...+2^230 h9 between 0 and 2^255-1; + * evidently 2^255 h10-2^255 q = 0. + * Goal: Output h0+...+2^230 h9. */ + + s[0] = h0 >> 0; + s[1] = h0 >> 8; + s[2] = h0 >> 16; + s[3] = (h0 >> 24) | ((uint32_t)(h1) << 2); + s[4] = h1 >> 6; + s[5] = h1 >> 14; + s[6] = (h1 >> 22) | ((uint32_t)(h2) << 3); + s[7] = h2 >> 5; + s[8] = h2 >> 13; + s[9] = (h2 >> 21) | ((uint32_t)(h3) << 5); + s[10] = h3 >> 3; + s[11] = h3 >> 11; + s[12] = (h3 >> 19) | ((uint32_t)(h4) << 6); + s[13] = h4 >> 2; + s[14] = h4 >> 10; + s[15] = h4 >> 18; + s[16] = h5 >> 0; + s[17] = h5 >> 8; + s[18] = h5 >> 16; + s[19] = (h5 >> 24) | ((uint32_t)(h6) << 1); + s[20] = h6 >> 7; + s[21] = h6 >> 15; + s[22] = (h6 >> 23) | ((uint32_t)(h7) << 3); + s[23] = h7 >> 5; + s[24] = h7 >> 13; + s[25] = (h7 >> 21) | ((uint32_t)(h8) << 4); + s[26] = h8 >> 4; + s[27] = h8 >> 12; + s[28] = (h8 >> 20) | ((uint32_t)(h9) << 6); + s[29] = h9 >> 2; + s[30] = h9 >> 10; + s[31] = h9 >> 18; +} + +/* h = f */ +static void fe_copy(fe h, const fe f) { + memmove(h, f, sizeof(int32_t) * 10); +} + +/* h = 0 */ +static void fe_0(fe h) { memset(h, 0, sizeof(int32_t) * 10); } + +/* h = 1 */ +static void fe_1(fe h) { + memset(h, 0, sizeof(int32_t) * 10); + h[0] = 1; +} + +/* h = f + g + * Can overlap h with f or g. + * + * Preconditions: + * |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. + * |g| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. + * + * Postconditions: + * |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. */ +static void fe_add(fe h, const fe f, const fe g) { + unsigned i; + for (i = 0; i < 10; i++) { + h[i] = f[i] + g[i]; + } +} + +/* h = f - g + * Can overlap h with f or g. + * + * Preconditions: + * |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. + * |g| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. + * + * Postconditions: + * |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. */ +static void fe_sub(fe h, const fe f, const fe g) { + unsigned i; + for (i = 0; i < 10; i++) { + h[i] = f[i] - g[i]; + } +} + +/* h = f * g + * Can overlap h with f or g. + * + * Preconditions: + * |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc. + * |g| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc. + * + * Postconditions: + * |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc. + * + * Notes on implementation strategy: + * + * Using schoolbook multiplication. + * Karatsuba would save a little in some cost models. + * + * Most multiplications by 2 and 19 are 32-bit precomputations; + * cheaper than 64-bit postcomputations. + * + * There is one remaining multiplication by 19 in the carry chain; + * one *19 precomputation can be merged into this, + * but the resulting data flow is considerably less clean. + * + * There are 12 carries below. + * 10 of them are 2-way parallelizable and vectorizable. + * Can get away with 11 carries, but then data flow is much deeper. + * + * With tighter constraints on inputs can squeeze carries into int32. */ +static void fe_mul(fe h, const fe f, const fe g) { + int32_t f0 = f[0]; + int32_t f1 = f[1]; + int32_t f2 = f[2]; + int32_t f3 = f[3]; + int32_t f4 = f[4]; + int32_t f5 = f[5]; + int32_t f6 = f[6]; + int32_t f7 = f[7]; + int32_t f8 = f[8]; + int32_t f9 = f[9]; + int32_t g0 = g[0]; + int32_t g1 = g[1]; + int32_t g2 = g[2]; + int32_t g3 = g[3]; + int32_t g4 = g[4]; + int32_t g5 = g[5]; + int32_t g6 = g[6]; + int32_t g7 = g[7]; + int32_t g8 = g[8]; + int32_t g9 = g[9]; + int32_t g1_19 = 19 * g1; /* 1.959375*2^29 */ + int32_t g2_19 = 19 * g2; /* 1.959375*2^30; still ok */ + int32_t g3_19 = 19 * g3; + int32_t g4_19 = 19 * g4; + int32_t g5_19 = 19 * g5; + int32_t g6_19 = 19 * g6; + int32_t g7_19 = 19 * g7; + int32_t g8_19 = 19 * g8; + int32_t g9_19 = 19 * g9; + int32_t f1_2 = 2 * f1; + int32_t f3_2 = 2 * f3; + int32_t f5_2 = 2 * f5; + int32_t f7_2 = 2 * f7; + int32_t f9_2 = 2 * f9; + int64_t f0g0 = f0 * (int64_t) g0; + int64_t f0g1 = f0 * (int64_t) g1; + int64_t f0g2 = f0 * (int64_t) g2; + int64_t f0g3 = f0 * (int64_t) g3; + int64_t f0g4 = f0 * (int64_t) g4; + int64_t f0g5 = f0 * (int64_t) g5; + int64_t f0g6 = f0 * (int64_t) g6; + int64_t f0g7 = f0 * (int64_t) g7; + int64_t f0g8 = f0 * (int64_t) g8; + int64_t f0g9 = f0 * (int64_t) g9; + int64_t f1g0 = f1 * (int64_t) g0; + int64_t f1g1_2 = f1_2 * (int64_t) g1; + int64_t f1g2 = f1 * (int64_t) g2; + int64_t f1g3_2 = f1_2 * (int64_t) g3; + int64_t f1g4 = f1 * (int64_t) g4; + int64_t f1g5_2 = f1_2 * (int64_t) g5; + int64_t f1g6 = f1 * (int64_t) g6; + int64_t f1g7_2 = f1_2 * (int64_t) g7; + int64_t f1g8 = f1 * (int64_t) g8; + int64_t f1g9_38 = f1_2 * (int64_t) g9_19; + int64_t f2g0 = f2 * (int64_t) g0; + int64_t f2g1 = f2 * (int64_t) g1; + int64_t f2g2 = f2 * (int64_t) g2; + int64_t f2g3 = f2 * (int64_t) g3; + int64_t f2g4 = f2 * (int64_t) g4; + int64_t f2g5 = f2 * (int64_t) g5; + int64_t f2g6 = f2 * (int64_t) g6; + int64_t f2g7 = f2 * (int64_t) g7; + int64_t f2g8_19 = f2 * (int64_t) g8_19; + int64_t f2g9_19 = f2 * (int64_t) g9_19; + int64_t f3g0 = f3 * (int64_t) g0; + int64_t f3g1_2 = f3_2 * (int64_t) g1; + int64_t f3g2 = f3 * (int64_t) g2; + int64_t f3g3_2 = f3_2 * (int64_t) g3; + int64_t f3g4 = f3 * (int64_t) g4; + int64_t f3g5_2 = f3_2 * (int64_t) g5; + int64_t f3g6 = f3 * (int64_t) g6; + int64_t f3g7_38 = f3_2 * (int64_t) g7_19; + int64_t f3g8_19 = f3 * (int64_t) g8_19; + int64_t f3g9_38 = f3_2 * (int64_t) g9_19; + int64_t f4g0 = f4 * (int64_t) g0; + int64_t f4g1 = f4 * (int64_t) g1; + int64_t f4g2 = f4 * (int64_t) g2; + int64_t f4g3 = f4 * (int64_t) g3; + int64_t f4g4 = f4 * (int64_t) g4; + int64_t f4g5 = f4 * (int64_t) g5; + int64_t f4g6_19 = f4 * (int64_t) g6_19; + int64_t f4g7_19 = f4 * (int64_t) g7_19; + int64_t f4g8_19 = f4 * (int64_t) g8_19; + int64_t f4g9_19 = f4 * (int64_t) g9_19; + int64_t f5g0 = f5 * (int64_t) g0; + int64_t f5g1_2 = f5_2 * (int64_t) g1; + int64_t f5g2 = f5 * (int64_t) g2; + int64_t f5g3_2 = f5_2 * (int64_t) g3; + int64_t f5g4 = f5 * (int64_t) g4; + int64_t f5g5_38 = f5_2 * (int64_t) g5_19; + int64_t f5g6_19 = f5 * (int64_t) g6_19; + int64_t f5g7_38 = f5_2 * (int64_t) g7_19; + int64_t f5g8_19 = f5 * (int64_t) g8_19; + int64_t f5g9_38 = f5_2 * (int64_t) g9_19; + int64_t f6g0 = f6 * (int64_t) g0; + int64_t f6g1 = f6 * (int64_t) g1; + int64_t f6g2 = f6 * (int64_t) g2; + int64_t f6g3 = f6 * (int64_t) g3; + int64_t f6g4_19 = f6 * (int64_t) g4_19; + int64_t f6g5_19 = f6 * (int64_t) g5_19; + int64_t f6g6_19 = f6 * (int64_t) g6_19; + int64_t f6g7_19 = f6 * (int64_t) g7_19; + int64_t f6g8_19 = f6 * (int64_t) g8_19; + int64_t f6g9_19 = f6 * (int64_t) g9_19; + int64_t f7g0 = f7 * (int64_t) g0; + int64_t f7g1_2 = f7_2 * (int64_t) g1; + int64_t f7g2 = f7 * (int64_t) g2; + int64_t f7g3_38 = f7_2 * (int64_t) g3_19; + int64_t f7g4_19 = f7 * (int64_t) g4_19; + int64_t f7g5_38 = f7_2 * (int64_t) g5_19; + int64_t f7g6_19 = f7 * (int64_t) g6_19; + int64_t f7g7_38 = f7_2 * (int64_t) g7_19; + int64_t f7g8_19 = f7 * (int64_t) g8_19; + int64_t f7g9_38 = f7_2 * (int64_t) g9_19; + int64_t f8g0 = f8 * (int64_t) g0; + int64_t f8g1 = f8 * (int64_t) g1; + int64_t f8g2_19 = f8 * (int64_t) g2_19; + int64_t f8g3_19 = f8 * (int64_t) g3_19; + int64_t f8g4_19 = f8 * (int64_t) g4_19; + int64_t f8g5_19 = f8 * (int64_t) g5_19; + int64_t f8g6_19 = f8 * (int64_t) g6_19; + int64_t f8g7_19 = f8 * (int64_t) g7_19; + int64_t f8g8_19 = f8 * (int64_t) g8_19; + int64_t f8g9_19 = f8 * (int64_t) g9_19; + int64_t f9g0 = f9 * (int64_t) g0; + int64_t f9g1_38 = f9_2 * (int64_t) g1_19; + int64_t f9g2_19 = f9 * (int64_t) g2_19; + int64_t f9g3_38 = f9_2 * (int64_t) g3_19; + int64_t f9g4_19 = f9 * (int64_t) g4_19; + int64_t f9g5_38 = f9_2 * (int64_t) g5_19; + int64_t f9g6_19 = f9 * (int64_t) g6_19; + int64_t f9g7_38 = f9_2 * (int64_t) g7_19; + int64_t f9g8_19 = f9 * (int64_t) g8_19; + int64_t f9g9_38 = f9_2 * (int64_t) g9_19; + int64_t h0 = f0g0+f1g9_38+f2g8_19+f3g7_38+f4g6_19+f5g5_38+f6g4_19+f7g3_38+f8g2_19+f9g1_38; + int64_t h1 = f0g1+f1g0 +f2g9_19+f3g8_19+f4g7_19+f5g6_19+f6g5_19+f7g4_19+f8g3_19+f9g2_19; + int64_t h2 = f0g2+f1g1_2 +f2g0 +f3g9_38+f4g8_19+f5g7_38+f6g6_19+f7g5_38+f8g4_19+f9g3_38; + int64_t h3 = f0g3+f1g2 +f2g1 +f3g0 +f4g9_19+f5g8_19+f6g7_19+f7g6_19+f8g5_19+f9g4_19; + int64_t h4 = f0g4+f1g3_2 +f2g2 +f3g1_2 +f4g0 +f5g9_38+f6g8_19+f7g7_38+f8g6_19+f9g5_38; + int64_t h5 = f0g5+f1g4 +f2g3 +f3g2 +f4g1 +f5g0 +f6g9_19+f7g8_19+f8g7_19+f9g6_19; + int64_t h6 = f0g6+f1g5_2 +f2g4 +f3g3_2 +f4g2 +f5g1_2 +f6g0 +f7g9_38+f8g8_19+f9g7_38; + int64_t h7 = f0g7+f1g6 +f2g5 +f3g4 +f4g3 +f5g2 +f6g1 +f7g0 +f8g9_19+f9g8_19; + int64_t h8 = f0g8+f1g7_2 +f2g6 +f3g5_2 +f4g4 +f5g3_2 +f6g2 +f7g1_2 +f8g0 +f9g9_38; + int64_t h9 = f0g9+f1g8 +f2g7 +f3g6 +f4g5 +f5g4 +f6g3 +f7g2 +f8g1 +f9g0 ; + int64_t carry0; + int64_t carry1; + int64_t carry2; + int64_t carry3; + int64_t carry4; + int64_t carry5; + int64_t carry6; + int64_t carry7; + int64_t carry8; + int64_t carry9; + + /* |h0| <= (1.65*1.65*2^52*(1+19+19+19+19)+1.65*1.65*2^50*(38+38+38+38+38)) + * i.e. |h0| <= 1.4*2^60; narrower ranges for h2, h4, h6, h8 + * |h1| <= (1.65*1.65*2^51*(1+1+19+19+19+19+19+19+19+19)) + * i.e. |h1| <= 1.7*2^59; narrower ranges for h3, h5, h7, h9 */ + + carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits; + carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits; + /* |h0| <= 2^25 */ + /* |h4| <= 2^25 */ + /* |h1| <= 1.71*2^59 */ + /* |h5| <= 1.71*2^59 */ + + carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits; + carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits; + /* |h1| <= 2^24; from now on fits into int32 */ + /* |h5| <= 2^24; from now on fits into int32 */ + /* |h2| <= 1.41*2^60 */ + /* |h6| <= 1.41*2^60 */ + + carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits; + carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits; + /* |h2| <= 2^25; from now on fits into int32 unchanged */ + /* |h6| <= 2^25; from now on fits into int32 unchanged */ + /* |h3| <= 1.71*2^59 */ + /* |h7| <= 1.71*2^59 */ + + carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits; + carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits; + /* |h3| <= 2^24; from now on fits into int32 unchanged */ + /* |h7| <= 2^24; from now on fits into int32 unchanged */ + /* |h4| <= 1.72*2^34 */ + /* |h8| <= 1.41*2^60 */ + + carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits; + carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits; + /* |h4| <= 2^25; from now on fits into int32 unchanged */ + /* |h8| <= 2^25; from now on fits into int32 unchanged */ + /* |h5| <= 1.01*2^24 */ + /* |h9| <= 1.71*2^59 */ + + carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits; + /* |h9| <= 2^24; from now on fits into int32 unchanged */ + /* |h0| <= 1.1*2^39 */ + + carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits; + /* |h0| <= 2^25; from now on fits into int32 unchanged */ + /* |h1| <= 1.01*2^24 */ + + h[0] = h0; + h[1] = h1; + h[2] = h2; + h[3] = h3; + h[4] = h4; + h[5] = h5; + h[6] = h6; + h[7] = h7; + h[8] = h8; + h[9] = h9; +} + +/* h = f * f + * Can overlap h with f. + * + * Preconditions: + * |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc. + * + * Postconditions: + * |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc. + * + * See fe_mul.c for discussion of implementation strategy. */ +static void fe_sq(fe h, const fe f) { + int32_t f0 = f[0]; + int32_t f1 = f[1]; + int32_t f2 = f[2]; + int32_t f3 = f[3]; + int32_t f4 = f[4]; + int32_t f5 = f[5]; + int32_t f6 = f[6]; + int32_t f7 = f[7]; + int32_t f8 = f[8]; + int32_t f9 = f[9]; + int32_t f0_2 = 2 * f0; + int32_t f1_2 = 2 * f1; + int32_t f2_2 = 2 * f2; + int32_t f3_2 = 2 * f3; + int32_t f4_2 = 2 * f4; + int32_t f5_2 = 2 * f5; + int32_t f6_2 = 2 * f6; + int32_t f7_2 = 2 * f7; + int32_t f5_38 = 38 * f5; /* 1.959375*2^30 */ + int32_t f6_19 = 19 * f6; /* 1.959375*2^30 */ + int32_t f7_38 = 38 * f7; /* 1.959375*2^30 */ + int32_t f8_19 = 19 * f8; /* 1.959375*2^30 */ + int32_t f9_38 = 38 * f9; /* 1.959375*2^30 */ + int64_t f0f0 = f0 * (int64_t) f0; + int64_t f0f1_2 = f0_2 * (int64_t) f1; + int64_t f0f2_2 = f0_2 * (int64_t) f2; + int64_t f0f3_2 = f0_2 * (int64_t) f3; + int64_t f0f4_2 = f0_2 * (int64_t) f4; + int64_t f0f5_2 = f0_2 * (int64_t) f5; + int64_t f0f6_2 = f0_2 * (int64_t) f6; + int64_t f0f7_2 = f0_2 * (int64_t) f7; + int64_t f0f8_2 = f0_2 * (int64_t) f8; + int64_t f0f9_2 = f0_2 * (int64_t) f9; + int64_t f1f1_2 = f1_2 * (int64_t) f1; + int64_t f1f2_2 = f1_2 * (int64_t) f2; + int64_t f1f3_4 = f1_2 * (int64_t) f3_2; + int64_t f1f4_2 = f1_2 * (int64_t) f4; + int64_t f1f5_4 = f1_2 * (int64_t) f5_2; + int64_t f1f6_2 = f1_2 * (int64_t) f6; + int64_t f1f7_4 = f1_2 * (int64_t) f7_2; + int64_t f1f8_2 = f1_2 * (int64_t) f8; + int64_t f1f9_76 = f1_2 * (int64_t) f9_38; + int64_t f2f2 = f2 * (int64_t) f2; + int64_t f2f3_2 = f2_2 * (int64_t) f3; + int64_t f2f4_2 = f2_2 * (int64_t) f4; + int64_t f2f5_2 = f2_2 * (int64_t) f5; + int64_t f2f6_2 = f2_2 * (int64_t) f6; + int64_t f2f7_2 = f2_2 * (int64_t) f7; + int64_t f2f8_38 = f2_2 * (int64_t) f8_19; + int64_t f2f9_38 = f2 * (int64_t) f9_38; + int64_t f3f3_2 = f3_2 * (int64_t) f3; + int64_t f3f4_2 = f3_2 * (int64_t) f4; + int64_t f3f5_4 = f3_2 * (int64_t) f5_2; + int64_t f3f6_2 = f3_2 * (int64_t) f6; + int64_t f3f7_76 = f3_2 * (int64_t) f7_38; + int64_t f3f8_38 = f3_2 * (int64_t) f8_19; + int64_t f3f9_76 = f3_2 * (int64_t) f9_38; + int64_t f4f4 = f4 * (int64_t) f4; + int64_t f4f5_2 = f4_2 * (int64_t) f5; + int64_t f4f6_38 = f4_2 * (int64_t) f6_19; + int64_t f4f7_38 = f4 * (int64_t) f7_38; + int64_t f4f8_38 = f4_2 * (int64_t) f8_19; + int64_t f4f9_38 = f4 * (int64_t) f9_38; + int64_t f5f5_38 = f5 * (int64_t) f5_38; + int64_t f5f6_38 = f5_2 * (int64_t) f6_19; + int64_t f5f7_76 = f5_2 * (int64_t) f7_38; + int64_t f5f8_38 = f5_2 * (int64_t) f8_19; + int64_t f5f9_76 = f5_2 * (int64_t) f9_38; + int64_t f6f6_19 = f6 * (int64_t) f6_19; + int64_t f6f7_38 = f6 * (int64_t) f7_38; + int64_t f6f8_38 = f6_2 * (int64_t) f8_19; + int64_t f6f9_38 = f6 * (int64_t) f9_38; + int64_t f7f7_38 = f7 * (int64_t) f7_38; + int64_t f7f8_38 = f7_2 * (int64_t) f8_19; + int64_t f7f9_76 = f7_2 * (int64_t) f9_38; + int64_t f8f8_19 = f8 * (int64_t) f8_19; + int64_t f8f9_38 = f8 * (int64_t) f9_38; + int64_t f9f9_38 = f9 * (int64_t) f9_38; + int64_t h0 = f0f0 +f1f9_76+f2f8_38+f3f7_76+f4f6_38+f5f5_38; + int64_t h1 = f0f1_2+f2f9_38+f3f8_38+f4f7_38+f5f6_38; + int64_t h2 = f0f2_2+f1f1_2 +f3f9_76+f4f8_38+f5f7_76+f6f6_19; + int64_t h3 = f0f3_2+f1f2_2 +f4f9_38+f5f8_38+f6f7_38; + int64_t h4 = f0f4_2+f1f3_4 +f2f2 +f5f9_76+f6f8_38+f7f7_38; + int64_t h5 = f0f5_2+f1f4_2 +f2f3_2 +f6f9_38+f7f8_38; + int64_t h6 = f0f6_2+f1f5_4 +f2f4_2 +f3f3_2 +f7f9_76+f8f8_19; + int64_t h7 = f0f7_2+f1f6_2 +f2f5_2 +f3f4_2 +f8f9_38; + int64_t h8 = f0f8_2+f1f7_4 +f2f6_2 +f3f5_4 +f4f4 +f9f9_38; + int64_t h9 = f0f9_2+f1f8_2 +f2f7_2 +f3f6_2 +f4f5_2; + int64_t carry0; + int64_t carry1; + int64_t carry2; + int64_t carry3; + int64_t carry4; + int64_t carry5; + int64_t carry6; + int64_t carry7; + int64_t carry8; + int64_t carry9; + + carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits; + carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits; + + carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits; + carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits; + + carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits; + carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits; + + carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits; + carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits; + + carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits; + carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits; + + carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits; + + carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits; + + h[0] = h0; + h[1] = h1; + h[2] = h2; + h[3] = h3; + h[4] = h4; + h[5] = h5; + h[6] = h6; + h[7] = h7; + h[8] = h8; + h[9] = h9; +} + +static void fe_invert(fe out, const fe z) { + fe t0; + fe t1; + fe t2; + fe t3; + int i; + + fe_sq(t0, z); + for (i = 1; i < 1; ++i) { + fe_sq(t0, t0); + } + fe_sq(t1, t0); + for (i = 1; i < 2; ++i) { + fe_sq(t1, t1); + } + fe_mul(t1, z, t1); + fe_mul(t0, t0, t1); + fe_sq(t2, t0); + for (i = 1; i < 1; ++i) { + fe_sq(t2, t2); + } + fe_mul(t1, t1, t2); + fe_sq(t2, t1); + for (i = 1; i < 5; ++i) { + fe_sq(t2, t2); + } + fe_mul(t1, t2, t1); + fe_sq(t2, t1); + for (i = 1; i < 10; ++i) { + fe_sq(t2, t2); + } + fe_mul(t2, t2, t1); + fe_sq(t3, t2); + for (i = 1; i < 20; ++i) { + fe_sq(t3, t3); + } + fe_mul(t2, t3, t2); + fe_sq(t2, t2); + for (i = 1; i < 10; ++i) { + fe_sq(t2, t2); + } + fe_mul(t1, t2, t1); + fe_sq(t2, t1); + for (i = 1; i < 50; ++i) { + fe_sq(t2, t2); + } + fe_mul(t2, t2, t1); + fe_sq(t3, t2); + for (i = 1; i < 100; ++i) { + fe_sq(t3, t3); + } + fe_mul(t2, t3, t2); + fe_sq(t2, t2); + for (i = 1; i < 50; ++i) { + fe_sq(t2, t2); + } + fe_mul(t1, t2, t1); + fe_sq(t1, t1); + for (i = 1; i < 5; ++i) { + fe_sq(t1, t1); + } + fe_mul(out, t1, t0); +} + +/* h = -f + * + * Preconditions: + * |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. + * + * Postconditions: + * |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. */ +static void fe_neg(fe h, const fe f) { + unsigned i; + for (i = 0; i < 10; i++) { + h[i] = -f[i]; + } +} + +/* Replace (f,g) with (g,g) if b == 1; + * replace (f,g) with (f,g) if b == 0. + * + * Preconditions: b in {0,1}. */ +static void fe_cmov(fe f, const fe g, unsigned b) { + b = 0-b; + unsigned i; + for (i = 0; i < 10; i++) { + int32_t x = f[i] ^ g[i]; + x &= b; + f[i] ^= x; + } +} + +/* return 0 if f == 0 + * return 1 if f != 0 + * + * Preconditions: + * |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. */ +static int fe_isnonzero(const fe f) { + uint8_t s[32]; + fe_tobytes(s, f); + + static const uint8_t zero[32] = {0}; + return timingsafe_memcmp(s, zero, sizeof(zero)) != 0; +} + +/* return 1 if f is in {1,3,5,...,q-2} + * return 0 if f is in {0,2,4,...,q-1} + * + * Preconditions: + * |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. */ +static int fe_isnegative(const fe f) { + uint8_t s[32]; + fe_tobytes(s, f); + return s[0] & 1; +} + +/* h = 2 * f * f + * Can overlap h with f. + * + * Preconditions: + * |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc. + * + * Postconditions: + * |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc. + * + * See fe_mul.c for discussion of implementation strategy. */ +static void fe_sq2(fe h, const fe f) { + int32_t f0 = f[0]; + int32_t f1 = f[1]; + int32_t f2 = f[2]; + int32_t f3 = f[3]; + int32_t f4 = f[4]; + int32_t f5 = f[5]; + int32_t f6 = f[6]; + int32_t f7 = f[7]; + int32_t f8 = f[8]; + int32_t f9 = f[9]; + int32_t f0_2 = 2 * f0; + int32_t f1_2 = 2 * f1; + int32_t f2_2 = 2 * f2; + int32_t f3_2 = 2 * f3; + int32_t f4_2 = 2 * f4; + int32_t f5_2 = 2 * f5; + int32_t f6_2 = 2 * f6; + int32_t f7_2 = 2 * f7; + int32_t f5_38 = 38 * f5; /* 1.959375*2^30 */ + int32_t f6_19 = 19 * f6; /* 1.959375*2^30 */ + int32_t f7_38 = 38 * f7; /* 1.959375*2^30 */ + int32_t f8_19 = 19 * f8; /* 1.959375*2^30 */ + int32_t f9_38 = 38 * f9; /* 1.959375*2^30 */ + int64_t f0f0 = f0 * (int64_t) f0; + int64_t f0f1_2 = f0_2 * (int64_t) f1; + int64_t f0f2_2 = f0_2 * (int64_t) f2; + int64_t f0f3_2 = f0_2 * (int64_t) f3; + int64_t f0f4_2 = f0_2 * (int64_t) f4; + int64_t f0f5_2 = f0_2 * (int64_t) f5; + int64_t f0f6_2 = f0_2 * (int64_t) f6; + int64_t f0f7_2 = f0_2 * (int64_t) f7; + int64_t f0f8_2 = f0_2 * (int64_t) f8; + int64_t f0f9_2 = f0_2 * (int64_t) f9; + int64_t f1f1_2 = f1_2 * (int64_t) f1; + int64_t f1f2_2 = f1_2 * (int64_t) f2; + int64_t f1f3_4 = f1_2 * (int64_t) f3_2; + int64_t f1f4_2 = f1_2 * (int64_t) f4; + int64_t f1f5_4 = f1_2 * (int64_t) f5_2; + int64_t f1f6_2 = f1_2 * (int64_t) f6; + int64_t f1f7_4 = f1_2 * (int64_t) f7_2; + int64_t f1f8_2 = f1_2 * (int64_t) f8; + int64_t f1f9_76 = f1_2 * (int64_t) f9_38; + int64_t f2f2 = f2 * (int64_t) f2; + int64_t f2f3_2 = f2_2 * (int64_t) f3; + int64_t f2f4_2 = f2_2 * (int64_t) f4; + int64_t f2f5_2 = f2_2 * (int64_t) f5; + int64_t f2f6_2 = f2_2 * (int64_t) f6; + int64_t f2f7_2 = f2_2 * (int64_t) f7; + int64_t f2f8_38 = f2_2 * (int64_t) f8_19; + int64_t f2f9_38 = f2 * (int64_t) f9_38; + int64_t f3f3_2 = f3_2 * (int64_t) f3; + int64_t f3f4_2 = f3_2 * (int64_t) f4; + int64_t f3f5_4 = f3_2 * (int64_t) f5_2; + int64_t f3f6_2 = f3_2 * (int64_t) f6; + int64_t f3f7_76 = f3_2 * (int64_t) f7_38; + int64_t f3f8_38 = f3_2 * (int64_t) f8_19; + int64_t f3f9_76 = f3_2 * (int64_t) f9_38; + int64_t f4f4 = f4 * (int64_t) f4; + int64_t f4f5_2 = f4_2 * (int64_t) f5; + int64_t f4f6_38 = f4_2 * (int64_t) f6_19; + int64_t f4f7_38 = f4 * (int64_t) f7_38; + int64_t f4f8_38 = f4_2 * (int64_t) f8_19; + int64_t f4f9_38 = f4 * (int64_t) f9_38; + int64_t f5f5_38 = f5 * (int64_t) f5_38; + int64_t f5f6_38 = f5_2 * (int64_t) f6_19; + int64_t f5f7_76 = f5_2 * (int64_t) f7_38; + int64_t f5f8_38 = f5_2 * (int64_t) f8_19; + int64_t f5f9_76 = f5_2 * (int64_t) f9_38; + int64_t f6f6_19 = f6 * (int64_t) f6_19; + int64_t f6f7_38 = f6 * (int64_t) f7_38; + int64_t f6f8_38 = f6_2 * (int64_t) f8_19; + int64_t f6f9_38 = f6 * (int64_t) f9_38; + int64_t f7f7_38 = f7 * (int64_t) f7_38; + int64_t f7f8_38 = f7_2 * (int64_t) f8_19; + int64_t f7f9_76 = f7_2 * (int64_t) f9_38; + int64_t f8f8_19 = f8 * (int64_t) f8_19; + int64_t f8f9_38 = f8 * (int64_t) f9_38; + int64_t f9f9_38 = f9 * (int64_t) f9_38; + int64_t h0 = f0f0 +f1f9_76+f2f8_38+f3f7_76+f4f6_38+f5f5_38; + int64_t h1 = f0f1_2+f2f9_38+f3f8_38+f4f7_38+f5f6_38; + int64_t h2 = f0f2_2+f1f1_2 +f3f9_76+f4f8_38+f5f7_76+f6f6_19; + int64_t h3 = f0f3_2+f1f2_2 +f4f9_38+f5f8_38+f6f7_38; + int64_t h4 = f0f4_2+f1f3_4 +f2f2 +f5f9_76+f6f8_38+f7f7_38; + int64_t h5 = f0f5_2+f1f4_2 +f2f3_2 +f6f9_38+f7f8_38; + int64_t h6 = f0f6_2+f1f5_4 +f2f4_2 +f3f3_2 +f7f9_76+f8f8_19; + int64_t h7 = f0f7_2+f1f6_2 +f2f5_2 +f3f4_2 +f8f9_38; + int64_t h8 = f0f8_2+f1f7_4 +f2f6_2 +f3f5_4 +f4f4 +f9f9_38; + int64_t h9 = f0f9_2+f1f8_2 +f2f7_2 +f3f6_2 +f4f5_2; + int64_t carry0; + int64_t carry1; + int64_t carry2; + int64_t carry3; + int64_t carry4; + int64_t carry5; + int64_t carry6; + int64_t carry7; + int64_t carry8; + int64_t carry9; + + h0 += h0; + h1 += h1; + h2 += h2; + h3 += h3; + h4 += h4; + h5 += h5; + h6 += h6; + h7 += h7; + h8 += h8; + h9 += h9; + + carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits; + carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits; + + carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits; + carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits; + + carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits; + carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits; + + carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits; + carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits; + + carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits; + carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits; + + carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits; + + carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits; + + h[0] = h0; + h[1] = h1; + h[2] = h2; + h[3] = h3; + h[4] = h4; + h[5] = h5; + h[6] = h6; + h[7] = h7; + h[8] = h8; + h[9] = h9; +} + +static void fe_pow22523(fe out, const fe z) { + fe t0; + fe t1; + fe t2; + int i; + + fe_sq(t0, z); + for (i = 1; i < 1; ++i) { + fe_sq(t0, t0); + } + fe_sq(t1, t0); + for (i = 1; i < 2; ++i) { + fe_sq(t1, t1); + } + fe_mul(t1, z, t1); + fe_mul(t0, t0, t1); + fe_sq(t0, t0); + for (i = 1; i < 1; ++i) { + fe_sq(t0, t0); + } + fe_mul(t0, t1, t0); + fe_sq(t1, t0); + for (i = 1; i < 5; ++i) { + fe_sq(t1, t1); + } + fe_mul(t0, t1, t0); + fe_sq(t1, t0); + for (i = 1; i < 10; ++i) { + fe_sq(t1, t1); + } + fe_mul(t1, t1, t0); + fe_sq(t2, t1); + for (i = 1; i < 20; ++i) { + fe_sq(t2, t2); + } + fe_mul(t1, t2, t1); + fe_sq(t1, t1); + for (i = 1; i < 10; ++i) { + fe_sq(t1, t1); + } + fe_mul(t0, t1, t0); + fe_sq(t1, t0); + for (i = 1; i < 50; ++i) { + fe_sq(t1, t1); + } + fe_mul(t1, t1, t0); + fe_sq(t2, t1); + for (i = 1; i < 100; ++i) { + fe_sq(t2, t2); + } + fe_mul(t1, t2, t1); + fe_sq(t1, t1); + for (i = 1; i < 50; ++i) { + fe_sq(t1, t1); + } + fe_mul(t0, t1, t0); + fe_sq(t0, t0); + for (i = 1; i < 2; ++i) { + fe_sq(t0, t0); + } + fe_mul(out, t0, z); +} + +void x25519_ge_tobytes(uint8_t *s, const ge_p2 *h) { + fe recip; + fe x; + fe y; + + fe_invert(recip, h->Z); + fe_mul(x, h->X, recip); + fe_mul(y, h->Y, recip); + fe_tobytes(s, y); + s[31] ^= fe_isnegative(x) << 7; +} + +#ifdef ED25519 +static void ge_p3_tobytes(uint8_t *s, const ge_p3 *h) { + fe recip; + fe x; + fe y; + + fe_invert(recip, h->Z); + fe_mul(x, h->X, recip); + fe_mul(y, h->Y, recip); + fe_tobytes(s, y); + s[31] ^= fe_isnegative(x) << 7; +} +#endif + +static const fe d = {-10913610, 13857413, -15372611, 6949391, 114729, + -8787816, -6275908, -3247719, -18696448, -12055116}; + +static const fe sqrtm1 = {-32595792, -7943725, 9377950, 3500415, 12389472, + -272473, -25146209, -2005654, 326686, 11406482}; + +int x25519_ge_frombytes_vartime(ge_p3 *h, const uint8_t *s) { + fe u; + fe v; + fe v3; + fe vxx; + fe check; + + fe_frombytes(h->Y, s); + fe_1(h->Z); + fe_sq(u, h->Y); + fe_mul(v, u, d); + fe_sub(u, u, h->Z); /* u = y^2-1 */ + fe_add(v, v, h->Z); /* v = dy^2+1 */ + + fe_sq(v3, v); + fe_mul(v3, v3, v); /* v3 = v^3 */ + fe_sq(h->X, v3); + fe_mul(h->X, h->X, v); + fe_mul(h->X, h->X, u); /* x = uv^7 */ + + fe_pow22523(h->X, h->X); /* x = (uv^7)^((q-5)/8) */ + fe_mul(h->X, h->X, v3); + fe_mul(h->X, h->X, u); /* x = uv^3(uv^7)^((q-5)/8) */ + + fe_sq(vxx, h->X); + fe_mul(vxx, vxx, v); + fe_sub(check, vxx, u); /* vx^2-u */ + if (fe_isnonzero(check)) { + fe_add(check, vxx, u); /* vx^2+u */ + if (fe_isnonzero(check)) { + return -1; + } + fe_mul(h->X, h->X, sqrtm1); + } + + if (fe_isnegative(h->X) != (s[31] >> 7)) { + fe_neg(h->X, h->X); + } + + fe_mul(h->T, h->X, h->Y); + return 0; +} + +static void ge_p2_0(ge_p2 *h) { + fe_0(h->X); + fe_1(h->Y); + fe_1(h->Z); +} + +static void ge_p3_0(ge_p3 *h) { + fe_0(h->X); + fe_1(h->Y); + fe_1(h->Z); + fe_0(h->T); +} + +static void ge_cached_0(ge_cached *h) { + fe_1(h->YplusX); + fe_1(h->YminusX); + fe_1(h->Z); + fe_0(h->T2d); +} + +static void ge_precomp_0(ge_precomp *h) { + fe_1(h->yplusx); + fe_1(h->yminusx); + fe_0(h->xy2d); +} + +/* r = p */ +static void ge_p3_to_p2(ge_p2 *r, const ge_p3 *p) { + fe_copy(r->X, p->X); + fe_copy(r->Y, p->Y); + fe_copy(r->Z, p->Z); +} + +static const fe d2 = {-21827239, -5839606, -30745221, 13898782, 229458, + 15978800, -12551817, -6495438, 29715968, 9444199}; + +/* r = p */ +void x25519_ge_p3_to_cached(ge_cached *r, const ge_p3 *p) { + fe_add(r->YplusX, p->Y, p->X); + fe_sub(r->YminusX, p->Y, p->X); + fe_copy(r->Z, p->Z); + fe_mul(r->T2d, p->T, d2); +} + +/* r = p */ +void x25519_ge_p1p1_to_p2(ge_p2 *r, const ge_p1p1 *p) { + fe_mul(r->X, p->X, p->T); + fe_mul(r->Y, p->Y, p->Z); + fe_mul(r->Z, p->Z, p->T); +} + +/* r = p */ +void x25519_ge_p1p1_to_p3(ge_p3 *r, const ge_p1p1 *p) { + fe_mul(r->X, p->X, p->T); + fe_mul(r->Y, p->Y, p->Z); + fe_mul(r->Z, p->Z, p->T); + fe_mul(r->T, p->X, p->Y); +} + +/* r = p */ +static void ge_p1p1_to_cached(ge_cached *r, const ge_p1p1 *p) { + ge_p3 t; + x25519_ge_p1p1_to_p3(&t, p); + x25519_ge_p3_to_cached(r, &t); +} + +/* r = 2 * p */ +static void ge_p2_dbl(ge_p1p1 *r, const ge_p2 *p) { + fe t0; + + fe_sq(r->X, p->X); + fe_sq(r->Z, p->Y); + fe_sq2(r->T, p->Z); + fe_add(r->Y, p->X, p->Y); + fe_sq(t0, r->Y); + fe_add(r->Y, r->Z, r->X); + fe_sub(r->Z, r->Z, r->X); + fe_sub(r->X, t0, r->Y); + fe_sub(r->T, r->T, r->Z); +} + +/* r = 2 * p */ +static void ge_p3_dbl(ge_p1p1 *r, const ge_p3 *p) { + ge_p2 q; + ge_p3_to_p2(&q, p); + ge_p2_dbl(r, &q); +} + +/* r = p + q */ +static void ge_madd(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q) { + fe t0; + + fe_add(r->X, p->Y, p->X); + fe_sub(r->Y, p->Y, p->X); + fe_mul(r->Z, r->X, q->yplusx); + fe_mul(r->Y, r->Y, q->yminusx); + fe_mul(r->T, q->xy2d, p->T); + fe_add(t0, p->Z, p->Z); + fe_sub(r->X, r->Z, r->Y); + fe_add(r->Y, r->Z, r->Y); + fe_add(r->Z, t0, r->T); + fe_sub(r->T, t0, r->T); +} + +#ifdef ED25519 +/* r = p - q */ +static void ge_msub(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q) { + fe t0; + + fe_add(r->X, p->Y, p->X); + fe_sub(r->Y, p->Y, p->X); + fe_mul(r->Z, r->X, q->yminusx); + fe_mul(r->Y, r->Y, q->yplusx); + fe_mul(r->T, q->xy2d, p->T); + fe_add(t0, p->Z, p->Z); + fe_sub(r->X, r->Z, r->Y); + fe_add(r->Y, r->Z, r->Y); + fe_sub(r->Z, t0, r->T); + fe_add(r->T, t0, r->T); +} +#endif + +/* r = p + q */ +void x25519_ge_add(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q) { + fe t0; + + fe_add(r->X, p->Y, p->X); + fe_sub(r->Y, p->Y, p->X); + fe_mul(r->Z, r->X, q->YplusX); + fe_mul(r->Y, r->Y, q->YminusX); + fe_mul(r->T, q->T2d, p->T); + fe_mul(r->X, p->Z, q->Z); + fe_add(t0, r->X, r->X); + fe_sub(r->X, r->Z, r->Y); + fe_add(r->Y, r->Z, r->Y); + fe_add(r->Z, t0, r->T); + fe_sub(r->T, t0, r->T); +} + +/* r = p - q */ +void x25519_ge_sub(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q) { + fe t0; + + fe_add(r->X, p->Y, p->X); + fe_sub(r->Y, p->Y, p->X); + fe_mul(r->Z, r->X, q->YminusX); + fe_mul(r->Y, r->Y, q->YplusX); + fe_mul(r->T, q->T2d, p->T); + fe_mul(r->X, p->Z, q->Z); + fe_add(t0, r->X, r->X); + fe_sub(r->X, r->Z, r->Y); + fe_add(r->Y, r->Z, r->Y); + fe_sub(r->Z, t0, r->T); + fe_add(r->T, t0, r->T); +} + +static uint8_t equal(signed char b, signed char c) { + uint8_t ub = b; + uint8_t uc = c; + uint8_t x = ub ^ uc; /* 0: yes; 1..255: no */ + uint32_t y = x; /* 0: yes; 1..255: no */ + y -= 1; /* 4294967295: yes; 0..254: no */ + y >>= 31; /* 1: yes; 0: no */ + return y; +} + +static void cmov(ge_precomp *t, const ge_precomp *u, uint8_t b) { + fe_cmov(t->yplusx, u->yplusx, b); + fe_cmov(t->yminusx, u->yminusx, b); + fe_cmov(t->xy2d, u->xy2d, b); +} + +void x25519_ge_scalarmult_small_precomp( + ge_p3 *h, const uint8_t a[32], const uint8_t precomp_table[15 * 2 * 32]) { + /* precomp_table is first expanded into matching |ge_precomp| + * elements. */ + ge_precomp multiples[15]; + + unsigned i; + for (i = 0; i < 15; i++) { + const uint8_t *bytes = &precomp_table[i*(2 * 32)]; + fe x, y; + fe_frombytes(x, bytes); + fe_frombytes(y, bytes + 32); + + ge_precomp *out = &multiples[i]; + fe_add(out->yplusx, y, x); + fe_sub(out->yminusx, y, x); + fe_mul(out->xy2d, x, y); + fe_mul(out->xy2d, out->xy2d, d2); + } + + /* See the comment above |k25519SmallPrecomp| about the structure of the + * precomputed elements. This loop does 64 additions and 64 doublings to + * calculate the result. */ + ge_p3_0(h); + + for (i = 63; i < 64; i--) { + unsigned j; + signed char index = 0; + + for (j = 0; j < 4; j++) { + const uint8_t bit = 1 & (a[(8 * j) + (i / 8)] >> (i & 7)); + index |= (bit << j); + } + + ge_precomp e; + ge_precomp_0(&e); + + for (j = 1; j < 16; j++) { + cmov(&e, &multiples[j-1], equal(index, j)); + } + + ge_cached cached; + ge_p1p1 r; + x25519_ge_p3_to_cached(&cached, h); + x25519_ge_add(&r, h, &cached); + x25519_ge_p1p1_to_p3(h, &r); + + ge_madd(&r, h, &e); + x25519_ge_p1p1_to_p3(h, &r); + } +} + +#if defined(OPENSSL_SMALL) + +/* This block of code replaces the standard base-point table with a much smaller + * one. The standard table is 30,720 bytes while this one is just 960. + * + * This table contains 15 pairs of group elements, (x, y), where each field + * element is serialised with |fe_tobytes|. If |i| is the index of the group + * element then consider i+1 as a four-bit number: (iâ‚€, iâ‚, iâ‚‚, i₃) (where iâ‚€ + * is the most significant bit). The value of the group element is then: + * (i₀×2^192 + iâ‚×2^128 + i₂×2^64 + i₃)G, where G is the generator. */ +static const uint8_t k25519SmallPrecomp[15 * 2 * 32] = { + 0x1a, 0xd5, 0x25, 0x8f, 0x60, 0x2d, 0x56, 0xc9, 0xb2, 0xa7, 0x25, 0x95, + 0x60, 0xc7, 0x2c, 0x69, 0x5c, 0xdc, 0xd6, 0xfd, 0x31, 0xe2, 0xa4, 0xc0, + 0xfe, 0x53, 0x6e, 0xcd, 0xd3, 0x36, 0x69, 0x21, 0x58, 0x66, 0x66, 0x66, + 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, + 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, + 0x66, 0x66, 0x66, 0x66, 0x02, 0xa2, 0xed, 0xf4, 0x8f, 0x6b, 0x0b, 0x3e, + 0xeb, 0x35, 0x1a, 0xd5, 0x7e, 0xdb, 0x78, 0x00, 0x96, 0x8a, 0xa0, 0xb4, + 0xcf, 0x60, 0x4b, 0xd4, 0xd5, 0xf9, 0x2d, 0xbf, 0x88, 0xbd, 0x22, 0x62, + 0x13, 0x53, 0xe4, 0x82, 0x57, 0xfa, 0x1e, 0x8f, 0x06, 0x2b, 0x90, 0xba, + 0x08, 0xb6, 0x10, 0x54, 0x4f, 0x7c, 0x1b, 0x26, 0xed, 0xda, 0x6b, 0xdd, + 0x25, 0xd0, 0x4e, 0xea, 0x42, 0xbb, 0x25, 0x03, 0xa2, 0xfb, 0xcc, 0x61, + 0x67, 0x06, 0x70, 0x1a, 0xc4, 0x78, 0x3a, 0xff, 0x32, 0x62, 0xdd, 0x2c, + 0xab, 0x50, 0x19, 0x3b, 0xf2, 0x9b, 0x7d, 0xb8, 0xfd, 0x4f, 0x29, 0x9c, + 0xa7, 0x91, 0xba, 0x0e, 0x46, 0x5e, 0x51, 0xfe, 0x1d, 0xbf, 0xe5, 0xe5, + 0x9b, 0x95, 0x0d, 0x67, 0xf8, 0xd1, 0xb5, 0x5a, 0xa1, 0x93, 0x2c, 0xc3, + 0xde, 0x0e, 0x97, 0x85, 0x2d, 0x7f, 0xea, 0xab, 0x3e, 0x47, 0x30, 0x18, + 0x24, 0xe8, 0xb7, 0x60, 0xae, 0x47, 0x80, 0xfc, 0xe5, 0x23, 0xe7, 0xc2, + 0xc9, 0x85, 0xe6, 0x98, 0xa0, 0x29, 0x4e, 0xe1, 0x84, 0x39, 0x2d, 0x95, + 0x2c, 0xf3, 0x45, 0x3c, 0xff, 0xaf, 0x27, 0x4c, 0x6b, 0xa6, 0xf5, 0x4b, + 0x11, 0xbd, 0xba, 0x5b, 0x9e, 0xc4, 0xa4, 0x51, 0x1e, 0xbe, 0xd0, 0x90, + 0x3a, 0x9c, 0xc2, 0x26, 0xb6, 0x1e, 0xf1, 0x95, 0x7d, 0xc8, 0x6d, 0x52, + 0xe6, 0x99, 0x2c, 0x5f, 0x9a, 0x96, 0x0c, 0x68, 0x29, 0xfd, 0xe2, 0xfb, + 0xe6, 0xbc, 0xec, 0x31, 0x08, 0xec, 0xe6, 0xb0, 0x53, 0x60, 0xc3, 0x8c, + 0xbe, 0xc1, 0xb3, 0x8a, 0x8f, 0xe4, 0x88, 0x2b, 0x55, 0xe5, 0x64, 0x6e, + 0x9b, 0xd0, 0xaf, 0x7b, 0x64, 0x2a, 0x35, 0x25, 0x10, 0x52, 0xc5, 0x9e, + 0x58, 0x11, 0x39, 0x36, 0x45, 0x51, 0xb8, 0x39, 0x93, 0xfc, 0x9d, 0x6a, + 0xbe, 0x58, 0xcb, 0xa4, 0x0f, 0x51, 0x3c, 0x38, 0x05, 0xca, 0xab, 0x43, + 0x63, 0x0e, 0xf3, 0x8b, 0x41, 0xa6, 0xf8, 0x9b, 0x53, 0x70, 0x80, 0x53, + 0x86, 0x5e, 0x8f, 0xe3, 0xc3, 0x0d, 0x18, 0xc8, 0x4b, 0x34, 0x1f, 0xd8, + 0x1d, 0xbc, 0xf2, 0x6d, 0x34, 0x3a, 0xbe, 0xdf, 0xd9, 0xf6, 0xf3, 0x89, + 0xa1, 0xe1, 0x94, 0x9f, 0x5d, 0x4c, 0x5d, 0xe9, 0xa1, 0x49, 0x92, 0xef, + 0x0e, 0x53, 0x81, 0x89, 0x58, 0x87, 0xa6, 0x37, 0xf1, 0xdd, 0x62, 0x60, + 0x63, 0x5a, 0x9d, 0x1b, 0x8c, 0xc6, 0x7d, 0x52, 0xea, 0x70, 0x09, 0x6a, + 0xe1, 0x32, 0xf3, 0x73, 0x21, 0x1f, 0x07, 0x7b, 0x7c, 0x9b, 0x49, 0xd8, + 0xc0, 0xf3, 0x25, 0x72, 0x6f, 0x9d, 0xed, 0x31, 0x67, 0x36, 0x36, 0x54, + 0x40, 0x92, 0x71, 0xe6, 0x11, 0x28, 0x11, 0xad, 0x93, 0x32, 0x85, 0x7b, + 0x3e, 0xb7, 0x3b, 0x49, 0x13, 0x1c, 0x07, 0xb0, 0x2e, 0x93, 0xaa, 0xfd, + 0xfd, 0x28, 0x47, 0x3d, 0x8d, 0xd2, 0xda, 0xc7, 0x44, 0xd6, 0x7a, 0xdb, + 0x26, 0x7d, 0x1d, 0xb8, 0xe1, 0xde, 0x9d, 0x7a, 0x7d, 0x17, 0x7e, 0x1c, + 0x37, 0x04, 0x8d, 0x2d, 0x7c, 0x5e, 0x18, 0x38, 0x1e, 0xaf, 0xc7, 0x1b, + 0x33, 0x48, 0x31, 0x00, 0x59, 0xf6, 0xf2, 0xca, 0x0f, 0x27, 0x1b, 0x63, + 0x12, 0x7e, 0x02, 0x1d, 0x49, 0xc0, 0x5d, 0x79, 0x87, 0xef, 0x5e, 0x7a, + 0x2f, 0x1f, 0x66, 0x55, 0xd8, 0x09, 0xd9, 0x61, 0x38, 0x68, 0xb0, 0x07, + 0xa3, 0xfc, 0xcc, 0x85, 0x10, 0x7f, 0x4c, 0x65, 0x65, 0xb3, 0xfa, 0xfa, + 0xa5, 0x53, 0x6f, 0xdb, 0x74, 0x4c, 0x56, 0x46, 0x03, 0xe2, 0xd5, 0x7a, + 0x29, 0x1c, 0xc6, 0x02, 0xbc, 0x59, 0xf2, 0x04, 0x75, 0x63, 0xc0, 0x84, + 0x2f, 0x60, 0x1c, 0x67, 0x76, 0xfd, 0x63, 0x86, 0xf3, 0xfa, 0xbf, 0xdc, + 0xd2, 0x2d, 0x90, 0x91, 0xbd, 0x33, 0xa9, 0xe5, 0x66, 0x0c, 0xda, 0x42, + 0x27, 0xca, 0xf4, 0x66, 0xc2, 0xec, 0x92, 0x14, 0x57, 0x06, 0x63, 0xd0, + 0x4d, 0x15, 0x06, 0xeb, 0x69, 0x58, 0x4f, 0x77, 0xc5, 0x8b, 0xc7, 0xf0, + 0x8e, 0xed, 0x64, 0xa0, 0xb3, 0x3c, 0x66, 0x71, 0xc6, 0x2d, 0xda, 0x0a, + 0x0d, 0xfe, 0x70, 0x27, 0x64, 0xf8, 0x27, 0xfa, 0xf6, 0x5f, 0x30, 0xa5, + 0x0d, 0x6c, 0xda, 0xf2, 0x62, 0x5e, 0x78, 0x47, 0xd3, 0x66, 0x00, 0x1c, + 0xfd, 0x56, 0x1f, 0x5d, 0x3f, 0x6f, 0xf4, 0x4c, 0xd8, 0xfd, 0x0e, 0x27, + 0xc9, 0x5c, 0x2b, 0xbc, 0xc0, 0xa4, 0xe7, 0x23, 0x29, 0x02, 0x9f, 0x31, + 0xd6, 0xe9, 0xd7, 0x96, 0xf4, 0xe0, 0x5e, 0x0b, 0x0e, 0x13, 0xee, 0x3c, + 0x09, 0xed, 0xf2, 0x3d, 0x76, 0x91, 0xc3, 0xa4, 0x97, 0xae, 0xd4, 0x87, + 0xd0, 0x5d, 0xf6, 0x18, 0x47, 0x1f, 0x1d, 0x67, 0xf2, 0xcf, 0x63, 0xa0, + 0x91, 0x27, 0xf8, 0x93, 0x45, 0x75, 0x23, 0x3f, 0xd1, 0xf1, 0xad, 0x23, + 0xdd, 0x64, 0x93, 0x96, 0x41, 0x70, 0x7f, 0xf7, 0xf5, 0xa9, 0x89, 0xa2, + 0x34, 0xb0, 0x8d, 0x1b, 0xae, 0x19, 0x15, 0x49, 0x58, 0x23, 0x6d, 0x87, + 0x15, 0x4f, 0x81, 0x76, 0xfb, 0x23, 0xb5, 0xea, 0xcf, 0xac, 0x54, 0x8d, + 0x4e, 0x42, 0x2f, 0xeb, 0x0f, 0x63, 0xdb, 0x68, 0x37, 0xa8, 0xcf, 0x8b, + 0xab, 0xf5, 0xa4, 0x6e, 0x96, 0x2a, 0xb2, 0xd6, 0xbe, 0x9e, 0xbd, 0x0d, + 0xb4, 0x42, 0xa9, 0xcf, 0x01, 0x83, 0x8a, 0x17, 0x47, 0x76, 0xc4, 0xc6, + 0x83, 0x04, 0x95, 0x0b, 0xfc, 0x11, 0xc9, 0x62, 0xb8, 0x0c, 0x76, 0x84, + 0xd9, 0xb9, 0x37, 0xfa, 0xfc, 0x7c, 0xc2, 0x6d, 0x58, 0x3e, 0xb3, 0x04, + 0xbb, 0x8c, 0x8f, 0x48, 0xbc, 0x91, 0x27, 0xcc, 0xf9, 0xb7, 0x22, 0x19, + 0x83, 0x2e, 0x09, 0xb5, 0x72, 0xd9, 0x54, 0x1c, 0x4d, 0xa1, 0xea, 0x0b, + 0xf1, 0xc6, 0x08, 0x72, 0x46, 0x87, 0x7a, 0x6e, 0x80, 0x56, 0x0a, 0x8a, + 0xc0, 0xdd, 0x11, 0x6b, 0xd6, 0xdd, 0x47, 0xdf, 0x10, 0xd9, 0xd8, 0xea, + 0x7c, 0xb0, 0x8f, 0x03, 0x00, 0x2e, 0xc1, 0x8f, 0x44, 0xa8, 0xd3, 0x30, + 0x06, 0x89, 0xa2, 0xf9, 0x34, 0xad, 0xdc, 0x03, 0x85, 0xed, 0x51, 0xa7, + 0x82, 0x9c, 0xe7, 0x5d, 0x52, 0x93, 0x0c, 0x32, 0x9a, 0x5b, 0xe1, 0xaa, + 0xca, 0xb8, 0x02, 0x6d, 0x3a, 0xd4, 0xb1, 0x3a, 0xf0, 0x5f, 0xbe, 0xb5, + 0x0d, 0x10, 0x6b, 0x38, 0x32, 0xac, 0x76, 0x80, 0xbd, 0xca, 0x94, 0x71, + 0x7a, 0xf2, 0xc9, 0x35, 0x2a, 0xde, 0x9f, 0x42, 0x49, 0x18, 0x01, 0xab, + 0xbc, 0xef, 0x7c, 0x64, 0x3f, 0x58, 0x3d, 0x92, 0x59, 0xdb, 0x13, 0xdb, + 0x58, 0x6e, 0x0a, 0xe0, 0xb7, 0x91, 0x4a, 0x08, 0x20, 0xd6, 0x2e, 0x3c, + 0x45, 0xc9, 0x8b, 0x17, 0x79, 0xe7, 0xc7, 0x90, 0x99, 0x3a, 0x18, 0x25, +}; + +void x25519_ge_scalarmult_base(ge_p3 *h, const uint8_t a[32]) { + x25519_ge_scalarmult_small_precomp(h, a, k25519SmallPrecomp); +} + +#else + +/* k25519Precomp[i][j] = (j+1)*256^i*B */ +static const ge_precomp k25519Precomp[32][8] = { + { + { + {25967493, -14356035, 29566456, 3660896, -12694345, 4014787, + 27544626, -11754271, -6079156, 2047605}, + {-12545711, 934262, -2722910, 3049990, -727428, 9406986, 12720692, + 5043384, 19500929, -15469378}, + {-8738181, 4489570, 9688441, -14785194, 10184609, -12363380, + 29287919, 11864899, -24514362, -4438546}, + }, + { + {-12815894, -12976347, -21581243, 11784320, -25355658, -2750717, + -11717903, -3814571, -358445, -10211303}, + {-21703237, 6903825, 27185491, 6451973, -29577724, -9554005, + -15616551, 11189268, -26829678, -5319081}, + {26966642, 11152617, 32442495, 15396054, 14353839, -12752335, + -3128826, -9541118, -15472047, -4166697}, + }, + { + {15636291, -9688557, 24204773, -7912398, 616977, -16685262, + 27787600, -14772189, 28944400, -1550024}, + {16568933, 4717097, -11556148, -1102322, 15682896, -11807043, + 16354577, -11775962, 7689662, 11199574}, + {30464156, -5976125, -11779434, -15670865, 23220365, 15915852, + 7512774, 10017326, -17749093, -9920357}, + }, + { + {-17036878, 13921892, 10945806, -6033431, 27105052, -16084379, + -28926210, 15006023, 3284568, -6276540}, + {23599295, -8306047, -11193664, -7687416, 13236774, 10506355, + 7464579, 9656445, 13059162, 10374397}, + {7798556, 16710257, 3033922, 2874086, 28997861, 2835604, 32406664, + -3839045, -641708, -101325}, + }, + { + {10861363, 11473154, 27284546, 1981175, -30064349, 12577861, + 32867885, 14515107, -15438304, 10819380}, + {4708026, 6336745, 20377586, 9066809, -11272109, 6594696, -25653668, + 12483688, -12668491, 5581306}, + {19563160, 16186464, -29386857, 4097519, 10237984, -4348115, + 28542350, 13850243, -23678021, -15815942}, + }, + { + {-15371964, -12862754, 32573250, 4720197, -26436522, 5875511, + -19188627, -15224819, -9818940, -12085777}, + {-8549212, 109983, 15149363, 2178705, 22900618, 4543417, 3044240, + -15689887, 1762328, 14866737}, + {-18199695, -15951423, -10473290, 1707278, -17185920, 3916101, + -28236412, 3959421, 27914454, 4383652}, + }, + { + {5153746, 9909285, 1723747, -2777874, 30523605, 5516873, 19480852, + 5230134, -23952439, -15175766}, + {-30269007, -3463509, 7665486, 10083793, 28475525, 1649722, + 20654025, 16520125, 30598449, 7715701}, + {28881845, 14381568, 9657904, 3680757, -20181635, 7843316, + -31400660, 1370708, 29794553, -1409300}, + }, + { + {14499471, -2729599, -33191113, -4254652, 28494862, 14271267, + 30290735, 10876454, -33154098, 2381726}, + {-7195431, -2655363, -14730155, 462251, -27724326, 3941372, + -6236617, 3696005, -32300832, 15351955}, + {27431194, 8222322, 16448760, -3907995, -18707002, 11938355, + -32961401, -2970515, 29551813, 10109425}, + }, + }, + { + { + {-13657040, -13155431, -31283750, 11777098, 21447386, 6519384, + -2378284, -1627556, 10092783, -4764171}, + {27939166, 14210322, 4677035, 16277044, -22964462, -12398139, + -32508754, 12005538, -17810127, 12803510}, + {17228999, -15661624, -1233527, 300140, -1224870, -11714777, + 30364213, -9038194, 18016357, 4397660}, + }, + { + {-10958843, -7690207, 4776341, -14954238, 27850028, -15602212, + -26619106, 14544525, -17477504, 982639}, + {29253598, 15796703, -2863982, -9908884, 10057023, 3163536, 7332899, + -4120128, -21047696, 9934963}, + {5793303, 16271923, -24131614, -10116404, 29188560, 1206517, + -14747930, 4559895, -30123922, -10897950}, + }, + { + {-27643952, -11493006, 16282657, -11036493, 28414021, -15012264, + 24191034, 4541697, -13338309, 5500568}, + {12650548, -1497113, 9052871, 11355358, -17680037, -8400164, + -17430592, 12264343, 10874051, 13524335}, + {25556948, -3045990, 714651, 2510400, 23394682, -10415330, 33119038, + 5080568, -22528059, 5376628}, + }, + { + {-26088264, -4011052, -17013699, -3537628, -6726793, 1920897, + -22321305, -9447443, 4535768, 1569007}, + {-2255422, 14606630, -21692440, -8039818, 28430649, 8775819, + -30494562, 3044290, 31848280, 12543772}, + {-22028579, 2943893, -31857513, 6777306, 13784462, -4292203, + -27377195, -2062731, 7718482, 14474653}, + }, + { + {2385315, 2454213, -22631320, 46603, -4437935, -15680415, 656965, + -7236665, 24316168, -5253567}, + {13741529, 10911568, -33233417, -8603737, -20177830, -1033297, + 33040651, -13424532, -20729456, 8321686}, + {21060490, -2212744, 15712757, -4336099, 1639040, 10656336, + 23845965, -11874838, -9984458, 608372}, + }, + { + {-13672732, -15087586, -10889693, -7557059, -6036909, 11305547, + 1123968, -6780577, 27229399, 23887}, + {-23244140, -294205, -11744728, 14712571, -29465699, -2029617, + 12797024, -6440308, -1633405, 16678954}, + {-29500620, 4770662, -16054387, 14001338, 7830047, 9564805, + -1508144, -4795045, -17169265, 4904953}, + }, + { + {24059557, 14617003, 19037157, -15039908, 19766093, -14906429, + 5169211, 16191880, 2128236, -4326833}, + {-16981152, 4124966, -8540610, -10653797, 30336522, -14105247, + -29806336, 916033, -6882542, -2986532}, + {-22630907, 12419372, -7134229, -7473371, -16478904, 16739175, + 285431, 2763829, 15736322, 4143876}, + }, + { + {2379352, 11839345, -4110402, -5988665, 11274298, 794957, 212801, + -14594663, 23527084, -16458268}, + {33431127, -11130478, -17838966, -15626900, 8909499, 8376530, + -32625340, 4087881, -15188911, -14416214}, + {1767683, 7197987, -13205226, -2022635, -13091350, 448826, 5799055, + 4357868, -4774191, -16323038}, + }, + }, + { + { + {6721966, 13833823, -23523388, -1551314, 26354293, -11863321, + 23365147, -3949732, 7390890, 2759800}, + {4409041, 2052381, 23373853, 10530217, 7676779, -12885954, 21302353, + -4264057, 1244380, -12919645}, + {-4421239, 7169619, 4982368, -2957590, 30256825, -2777540, 14086413, + 9208236, 15886429, 16489664}, + }, + { + {1996075, 10375649, 14346367, 13311202, -6874135, -16438411, + -13693198, 398369, -30606455, -712933}, + {-25307465, 9795880, -2777414, 14878809, -33531835, 14780363, + 13348553, 12076947, -30836462, 5113182}, + {-17770784, 11797796, 31950843, 13929123, -25888302, 12288344, + -30341101, -7336386, 13847711, 5387222}, + }, + { + {-18582163, -3416217, 17824843, -2340966, 22744343, -10442611, + 8763061, 3617786, -19600662, 10370991}, + {20246567, -14369378, 22358229, -543712, 18507283, -10413996, + 14554437, -8746092, 32232924, 16763880}, + {9648505, 10094563, 26416693, 14745928, -30374318, -6472621, + 11094161, 15689506, 3140038, -16510092}, + }, + { + {-16160072, 5472695, 31895588, 4744994, 8823515, 10365685, + -27224800, 9448613, -28774454, 366295}, + {19153450, 11523972, -11096490, -6503142, -24647631, 5420647, + 28344573, 8041113, 719605, 11671788}, + {8678025, 2694440, -6808014, 2517372, 4964326, 11152271, -15432916, + -15266516, 27000813, -10195553}, + }, + { + {-15157904, 7134312, 8639287, -2814877, -7235688, 10421742, 564065, + 5336097, 6750977, -14521026}, + {11836410, -3979488, 26297894, 16080799, 23455045, 15735944, + 1695823, -8819122, 8169720, 16220347}, + {-18115838, 8653647, 17578566, -6092619, -8025777, -16012763, + -11144307, -2627664, -5990708, -14166033}, + }, + { + {-23308498, -10968312, 15213228, -10081214, -30853605, -11050004, + 27884329, 2847284, 2655861, 1738395}, + {-27537433, -14253021, -25336301, -8002780, -9370762, 8129821, + 21651608, -3239336, -19087449, -11005278}, + {1533110, 3437855, 23735889, 459276, 29970501, 11335377, 26030092, + 5821408, 10478196, 8544890}, + }, + { + {32173121, -16129311, 24896207, 3921497, 22579056, -3410854, + 19270449, 12217473, 17789017, -3395995}, + {-30552961, -2228401, -15578829, -10147201, 13243889, 517024, + 15479401, -3853233, 30460520, 1052596}, + {-11614875, 13323618, 32618793, 8175907, -15230173, 12596687, + 27491595, -4612359, 3179268, -9478891}, + }, + { + {31947069, -14366651, -4640583, -15339921, -15125977, -6039709, + -14756777, -16411740, 19072640, -9511060}, + {11685058, 11822410, 3158003, -13952594, 33402194, -4165066, + 5977896, -5215017, 473099, 5040608}, + {-20290863, 8198642, -27410132, 11602123, 1290375, -2799760, + 28326862, 1721092, -19558642, -3131606}, + }, + }, + { + { + {7881532, 10687937, 7578723, 7738378, -18951012, -2553952, 21820786, + 8076149, -27868496, 11538389}, + {-19935666, 3899861, 18283497, -6801568, -15728660, -11249211, + 8754525, 7446702, -5676054, 5797016}, + {-11295600, -3793569, -15782110, -7964573, 12708869, -8456199, + 2014099, -9050574, -2369172, -5877341}, + }, + { + {-22472376, -11568741, -27682020, 1146375, 18956691, 16640559, + 1192730, -3714199, 15123619, 10811505}, + {14352098, -3419715, -18942044, 10822655, 32750596, 4699007, -70363, + 15776356, -28886779, -11974553}, + {-28241164, -8072475, -4978962, -5315317, 29416931, 1847569, + -20654173, -16484855, 4714547, -9600655}, + }, + { + {15200332, 8368572, 19679101, 15970074, -31872674, 1959451, + 24611599, -4543832, -11745876, 12340220}, + {12876937, -10480056, 33134381, 6590940, -6307776, 14872440, + 9613953, 8241152, 15370987, 9608631}, + {-4143277, -12014408, 8446281, -391603, 4407738, 13629032, -7724868, + 15866074, -28210621, -8814099}, + }, + { + {26660628, -15677655, 8393734, 358047, -7401291, 992988, -23904233, + 858697, 20571223, 8420556}, + {14620715, 13067227, -15447274, 8264467, 14106269, 15080814, + 33531827, 12516406, -21574435, -12476749}, + {236881, 10476226, 57258, -14677024, 6472998, 2466984, 17258519, + 7256740, 8791136, 15069930}, + }, + { + {1276410, -9371918, 22949635, -16322807, -23493039, -5702186, + 14711875, 4874229, -30663140, -2331391}, + {5855666, 4990204, -13711848, 7294284, -7804282, 1924647, -1423175, + -7912378, -33069337, 9234253}, + {20590503, -9018988, 31529744, -7352666, -2706834, 10650548, + 31559055, -11609587, 18979186, 13396066}, + }, + { + {24474287, 4968103, 22267082, 4407354, 24063882, -8325180, + -18816887, 13594782, 33514650, 7021958}, + {-11566906, -6565505, -21365085, 15928892, -26158305, 4315421, + -25948728, -3916677, -21480480, 12868082}, + {-28635013, 13504661, 19988037, -2132761, 21078225, 6443208, + -21446107, 2244500, -12455797, -8089383}, + }, + { + {-30595528, 13793479, -5852820, 319136, -25723172, -6263899, + 33086546, 8957937, -15233648, 5540521}, + {-11630176, -11503902, -8119500, -7643073, 2620056, 1022908, + -23710744, -1568984, -16128528, -14962807}, + {23152971, 775386, 27395463, 14006635, -9701118, 4649512, 1689819, + 892185, -11513277, -15205948}, + }, + { + {9770129, 9586738, 26496094, 4324120, 1556511, -3550024, 27453819, + 4763127, -19179614, 5867134}, + {-32765025, 1927590, 31726409, -4753295, 23962434, -16019500, + 27846559, 5931263, -29749703, -16108455}, + {27461885, -2977536, 22380810, 1815854, -23033753, -3031938, + 7283490, -15148073, -19526700, 7734629}, + }, + }, + { + { + {-8010264, -9590817, -11120403, 6196038, 29344158, -13430885, + 7585295, -3176626, 18549497, 15302069}, + {-32658337, -6171222, -7672793, -11051681, 6258878, 13504381, + 10458790, -6418461, -8872242, 8424746}, + {24687205, 8613276, -30667046, -3233545, 1863892, -1830544, + 19206234, 7134917, -11284482, -828919}, + }, + { + {11334899, -9218022, 8025293, 12707519, 17523892, -10476071, + 10243738, -14685461, -5066034, 16498837}, + {8911542, 6887158, -9584260, -6958590, 11145641, -9543680, 17303925, + -14124238, 6536641, 10543906}, + {-28946384, 15479763, -17466835, 568876, -1497683, 11223454, + -2669190, -16625574, -27235709, 8876771}, + }, + { + {-25742899, -12566864, -15649966, -846607, -33026686, -796288, + -33481822, 15824474, -604426, -9039817}, + {10330056, 70051, 7957388, -9002667, 9764902, 15609756, 27698697, + -4890037, 1657394, 3084098}, + {10477963, -7470260, 12119566, -13250805, 29016247, -5365589, + 31280319, 14396151, -30233575, 15272409}, + }, + { + {-12288309, 3169463, 28813183, 16658753, 25116432, -5630466, + -25173957, -12636138, -25014757, 1950504}, + {-26180358, 9489187, 11053416, -14746161, -31053720, 5825630, + -8384306, -8767532, 15341279, 8373727}, + {28685821, 7759505, -14378516, -12002860, -31971820, 4079242, + 298136, -10232602, -2878207, 15190420}, + }, + { + {-32932876, 13806336, -14337485, -15794431, -24004620, 10940928, + 8669718, 2742393, -26033313, -6875003}, + {-1580388, -11729417, -25979658, -11445023, -17411874, -10912854, + 9291594, -16247779, -12154742, 6048605}, + {-30305315, 14843444, 1539301, 11864366, 20201677, 1900163, + 13934231, 5128323, 11213262, 9168384}, + }, + { + {-26280513, 11007847, 19408960, -940758, -18592965, -4328580, + -5088060, -11105150, 20470157, -16398701}, + {-23136053, 9282192, 14855179, -15390078, -7362815, -14408560, + -22783952, 14461608, 14042978, 5230683}, + {29969567, -2741594, -16711867, -8552442, 9175486, -2468974, + 21556951, 3506042, -5933891, -12449708}, + }, + { + {-3144746, 8744661, 19704003, 4581278, -20430686, 6830683, + -21284170, 8971513, -28539189, 15326563}, + {-19464629, 10110288, -17262528, -3503892, -23500387, 1355669, + -15523050, 15300988, -20514118, 9168260}, + {-5353335, 4488613, -23803248, 16314347, 7780487, -15638939, + -28948358, 9601605, 33087103, -9011387}, + }, + { + {-19443170, -15512900, -20797467, -12445323, -29824447, 10229461, + -27444329, -15000531, -5996870, 15664672}, + {23294591, -16632613, -22650781, -8470978, 27844204, 11461195, + 13099750, -2460356, 18151676, 13417686}, + {-24722913, -4176517, -31150679, 5988919, -26858785, 6685065, + 1661597, -12551441, 15271676, -15452665}, + }, + }, + { + { + {11433042, -13228665, 8239631, -5279517, -1985436, -725718, + -18698764, 2167544, -6921301, -13440182}, + {-31436171, 15575146, 30436815, 12192228, -22463353, 9395379, + -9917708, -8638997, 12215110, 12028277}, + {14098400, 6555944, 23007258, 5757252, -15427832, -12950502, + 30123440, 4617780, -16900089, -655628}, + }, + { + {-4026201, -15240835, 11893168, 13718664, -14809462, 1847385, + -15819999, 10154009, 23973261, -12684474}, + {-26531820, -3695990, -1908898, 2534301, -31870557, -16550355, + 18341390, -11419951, 32013174, -10103539}, + {-25479301, 10876443, -11771086, -14625140, -12369567, 1838104, + 21911214, 6354752, 4425632, -837822}, + }, + { + {-10433389, -14612966, 22229858, -3091047, -13191166, 776729, + -17415375, -12020462, 4725005, 14044970}, + {19268650, -7304421, 1555349, 8692754, -21474059, -9910664, 6347390, + -1411784, -19522291, -16109756}, + {-24864089, 12986008, -10898878, -5558584, -11312371, -148526, + 19541418, 8180106, 9282262, 10282508}, + }, + { + {-26205082, 4428547, -8661196, -13194263, 4098402, -14165257, + 15522535, 8372215, 5542595, -10702683}, + {-10562541, 14895633, 26814552, -16673850, -17480754, -2489360, + -2781891, 6993761, -18093885, 10114655}, + {-20107055, -929418, 31422704, 10427861, -7110749, 6150669, + -29091755, -11529146, 25953725, -106158}, + }, + { + {-4234397, -8039292, -9119125, 3046000, 2101609, -12607294, + 19390020, 6094296, -3315279, 12831125}, + {-15998678, 7578152, 5310217, 14408357, -33548620, -224739, + 31575954, 6326196, 7381791, -2421839}, + {-20902779, 3296811, 24736065, -16328389, 18374254, 7318640, + 6295303, 8082724, -15362489, 12339664}, + }, + { + {27724736, 2291157, 6088201, -14184798, 1792727, 5857634, 13848414, + 15768922, 25091167, 14856294}, + {-18866652, 8331043, 24373479, 8541013, -701998, -9269457, 12927300, + -12695493, -22182473, -9012899}, + {-11423429, -5421590, 11632845, 3405020, 30536730, -11674039, + -27260765, 13866390, 30146206, 9142070}, + }, + { + {3924129, -15307516, -13817122, -10054960, 12291820, -668366, + -27702774, 9326384, -8237858, 4171294}, + {-15921940, 16037937, 6713787, 16606682, -21612135, 2790944, + 26396185, 3731949, 345228, -5462949}, + {-21327538, 13448259, 25284571, 1143661, 20614966, -8849387, + 2031539, -12391231, -16253183, -13582083}, + }, + { + {31016211, -16722429, 26371392, -14451233, -5027349, 14854137, + 17477601, 3842657, 28012650, -16405420}, + {-5075835, 9368966, -8562079, -4600902, -15249953, 6970560, + -9189873, 16292057, -8867157, 3507940}, + {29439664, 3537914, 23333589, 6997794, -17555561, -11018068, + -15209202, -15051267, -9164929, 6580396}, + }, + }, + { + { + {-12185861, -7679788, 16438269, 10826160, -8696817, -6235611, + 17860444, -9273846, -2095802, 9304567}, + {20714564, -4336911, 29088195, 7406487, 11426967, -5095705, + 14792667, -14608617, 5289421, -477127}, + {-16665533, -10650790, -6160345, -13305760, 9192020, -1802462, + 17271490, 12349094, 26939669, -3752294}, + }, + { + {-12889898, 9373458, 31595848, 16374215, 21471720, 13221525, + -27283495, -12348559, -3698806, 117887}, + {22263325, -6560050, 3984570, -11174646, -15114008, -566785, + 28311253, 5358056, -23319780, 541964}, + {16259219, 3261970, 2309254, -15534474, -16885711, -4581916, + 24134070, -16705829, -13337066, -13552195}, + }, + { + {9378160, -13140186, -22845982, -12745264, 28198281, -7244098, + -2399684, -717351, 690426, 14876244}, + {24977353, -314384, -8223969, -13465086, 28432343, -1176353, + -13068804, -12297348, -22380984, 6618999}, + {-1538174, 11685646, 12944378, 13682314, -24389511, -14413193, + 8044829, -13817328, 32239829, -5652762}, + }, + { + {-18603066, 4762990, -926250, 8885304, -28412480, -3187315, 9781647, + -10350059, 32779359, 5095274}, + {-33008130, -5214506, -32264887, -3685216, 9460461, -9327423, + -24601656, 14506724, 21639561, -2630236}, + {-16400943, -13112215, 25239338, 15531969, 3987758, -4499318, + -1289502, -6863535, 17874574, 558605}, + }, + { + {-13600129, 10240081, 9171883, 16131053, -20869254, 9599700, + 33499487, 5080151, 2085892, 5119761}, + {-22205145, -2519528, -16381601, 414691, -25019550, 2170430, + 30634760, -8363614, -31999993, -5759884}, + {-6845704, 15791202, 8550074, -1312654, 29928809, -12092256, + 27534430, -7192145, -22351378, 12961482}, + }, + { + {-24492060, -9570771, 10368194, 11582341, -23397293, -2245287, + 16533930, 8206996, -30194652, -5159638}, + {-11121496, -3382234, 2307366, 6362031, -135455, 8868177, -16835630, + 7031275, 7589640, 8945490}, + {-32152748, 8917967, 6661220, -11677616, -1192060, -15793393, + 7251489, -11182180, 24099109, -14456170}, + }, + { + {5019558, -7907470, 4244127, -14714356, -26933272, 6453165, + -19118182, -13289025, -6231896, -10280736}, + {10853594, 10721687, 26480089, 5861829, -22995819, 1972175, + -1866647, -10557898, -3363451, -6441124}, + {-17002408, 5906790, 221599, -6563147, 7828208, -13248918, 24362661, + -2008168, -13866408, 7421392}, + }, + { + {8139927, -6546497, 32257646, -5890546, 30375719, 1886181, + -21175108, 15441252, 28826358, -4123029}, + {6267086, 9695052, 7709135, -16603597, -32869068, -1886135, + 14795160, -7840124, 13746021, -1742048}, + {28584902, 7787108, -6732942, -15050729, 22846041, -7571236, + -3181936, -363524, 4771362, -8419958}, + }, + }, + { + { + {24949256, 6376279, -27466481, -8174608, -18646154, -9930606, + 33543569, -12141695, 3569627, 11342593}, + {26514989, 4740088, 27912651, 3697550, 19331575, -11472339, 6809886, + 4608608, 7325975, -14801071}, + {-11618399, -14554430, -24321212, 7655128, -1369274, 5214312, + -27400540, 10258390, -17646694, -8186692}, + }, + { + {11431204, 15823007, 26570245, 14329124, 18029990, 4796082, + -31446179, 15580664, 9280358, -3973687}, + {-160783, -10326257, -22855316, -4304997, -20861367, -13621002, + -32810901, -11181622, -15545091, 4387441}, + {-20799378, 12194512, 3937617, -5805892, -27154820, 9340370, + -24513992, 8548137, 20617071, -7482001}, + }, + { + {-938825, -3930586, -8714311, 16124718, 24603125, -6225393, + -13775352, -11875822, 24345683, 10325460}, + {-19855277, -1568885, -22202708, 8714034, 14007766, 6928528, + 16318175, -1010689, 4766743, 3552007}, + {-21751364, -16730916, 1351763, -803421, -4009670, 3950935, 3217514, + 14481909, 10988822, -3994762}, + }, + { + {15564307, -14311570, 3101243, 5684148, 30446780, -8051356, + 12677127, -6505343, -8295852, 13296005}, + {-9442290, 6624296, -30298964, -11913677, -4670981, -2057379, + 31521204, 9614054, -30000824, 12074674}, + {4771191, -135239, 14290749, -13089852, 27992298, 14998318, + -1413936, -1556716, 29832613, -16391035}, + }, + { + {7064884, -7541174, -19161962, -5067537, -18891269, -2912736, + 25825242, 5293297, -27122660, 13101590}, + {-2298563, 2439670, -7466610, 1719965, -27267541, -16328445, + 32512469, -5317593, -30356070, -4190957}, + {-30006540, 10162316, -33180176, 3981723, -16482138, -13070044, + 14413974, 9515896, 19568978, 9628812}, + }, + { + {33053803, 199357, 15894591, 1583059, 27380243, -4580435, -17838894, + -6106839, -6291786, 3437740}, + {-18978877, 3884493, 19469877, 12726490, 15913552, 13614290, + -22961733, 70104, 7463304, 4176122}, + {-27124001, 10659917, 11482427, -16070381, 12771467, -6635117, + -32719404, -5322751, 24216882, 5944158}, + }, + { + {8894125, 7450974, -2664149, -9765752, -28080517, -12389115, + 19345746, 14680796, 11632993, 5847885}, + {26942781, -2315317, 9129564, -4906607, 26024105, 11769399, + -11518837, 6367194, -9727230, 4782140}, + {19916461, -4828410, -22910704, -11414391, 25606324, -5972441, + 33253853, 8220911, 6358847, -1873857}, + }, + { + {801428, -2081702, 16569428, 11065167, 29875704, 96627, 7908388, + -4480480, -13538503, 1387155}, + {19646058, 5720633, -11416706, 12814209, 11607948, 12749789, + 14147075, 15156355, -21866831, 11835260}, + {19299512, 1155910, 28703737, 14890794, 2925026, 7269399, 26121523, + 15467869, -26560550, 5052483}, + }, + }, + { + { + {-3017432, 10058206, 1980837, 3964243, 22160966, 12322533, -6431123, + -12618185, 12228557, -7003677}, + {32944382, 14922211, -22844894, 5188528, 21913450, -8719943, + 4001465, 13238564, -6114803, 8653815}, + {22865569, -4652735, 27603668, -12545395, 14348958, 8234005, + 24808405, 5719875, 28483275, 2841751}, + }, + { + {-16420968, -1113305, -327719, -12107856, 21886282, -15552774, + -1887966, -315658, 19932058, -12739203}, + {-11656086, 10087521, -8864888, -5536143, -19278573, -3055912, + 3999228, 13239134, -4777469, -13910208}, + {1382174, -11694719, 17266790, 9194690, -13324356, 9720081, + 20403944, 11284705, -14013818, 3093230}, + }, + { + {16650921, -11037932, -1064178, 1570629, -8329746, 7352753, -302424, + 16271225, -24049421, -6691850}, + {-21911077, -5927941, -4611316, -5560156, -31744103, -10785293, + 24123614, 15193618, -21652117, -16739389}, + {-9935934, -4289447, -25279823, 4372842, 2087473, 10399484, + 31870908, 14690798, 17361620, 11864968}, + }, + { + {-11307610, 6210372, 13206574, 5806320, -29017692, -13967200, + -12331205, -7486601, -25578460, -16240689}, + {14668462, -12270235, 26039039, 15305210, 25515617, 4542480, + 10453892, 6577524, 9145645, -6443880}, + {5974874, 3053895, -9433049, -10385191, -31865124, 3225009, + -7972642, 3936128, -5652273, -3050304}, + }, + { + {30625386, -4729400, -25555961, -12792866, -20484575, 7695099, + 17097188, -16303496, -27999779, 1803632}, + {-3553091, 9865099, -5228566, 4272701, -5673832, -16689700, + 14911344, 12196514, -21405489, 7047412}, + {20093277, 9920966, -11138194, -5343857, 13161587, 12044805, + -32856851, 4124601, -32343828, -10257566}, + }, + { + {-20788824, 14084654, -13531713, 7842147, 19119038, -13822605, + 4752377, -8714640, -21679658, 2288038}, + {-26819236, -3283715, 29965059, 3039786, -14473765, 2540457, + 29457502, 14625692, -24819617, 12570232}, + {-1063558, -11551823, 16920318, 12494842, 1278292, -5869109, + -21159943, -3498680, -11974704, 4724943}, + }, + { + {17960970, -11775534, -4140968, -9702530, -8876562, -1410617, + -12907383, -8659932, -29576300, 1903856}, + {23134274, -14279132, -10681997, -1611936, 20684485, 15770816, + -12989750, 3190296, 26955097, 14109738}, + {15308788, 5320727, -30113809, -14318877, 22902008, 7767164, + 29425325, -11277562, 31960942, 11934971}, + }, + { + {-27395711, 8435796, 4109644, 12222639, -24627868, 14818669, + 20638173, 4875028, 10491392, 1379718}, + {-13159415, 9197841, 3875503, -8936108, -1383712, -5879801, + 33518459, 16176658, 21432314, 12180697}, + {-11787308, 11500838, 13787581, -13832590, -22430679, 10140205, + 1465425, 12689540, -10301319, -13872883}, + }, + }, + { + { + {5414091, -15386041, -21007664, 9643570, 12834970, 1186149, + -2622916, -1342231, 26128231, 6032912}, + {-26337395, -13766162, 32496025, -13653919, 17847801, -12669156, + 3604025, 8316894, -25875034, -10437358}, + {3296484, 6223048, 24680646, -12246460, -23052020, 5903205, + -8862297, -4639164, 12376617, 3188849}, + }, + { + {29190488, -14659046, 27549113, -1183516, 3520066, -10697301, + 32049515, -7309113, -16109234, -9852307}, + {-14744486, -9309156, 735818, -598978, -20407687, -5057904, + 25246078, -15795669, 18640741, -960977}, + {-6928835, -16430795, 10361374, 5642961, 4910474, 12345252, + -31638386, -494430, 10530747, 1053335}, + }, + { + {-29265967, -14186805, -13538216, -12117373, -19457059, -10655384, + -31462369, -2948985, 24018831, 15026644}, + {-22592535, -3145277, -2289276, 5953843, -13440189, 9425631, + 25310643, 13003497, -2314791, -15145616}, + {-27419985, -603321, -8043984, -1669117, -26092265, 13987819, + -27297622, 187899, -23166419, -2531735}, + }, + { + {-21744398, -13810475, 1844840, 5021428, -10434399, -15911473, + 9716667, 16266922, -5070217, 726099}, + {29370922, -6053998, 7334071, -15342259, 9385287, 2247707, + -13661962, -4839461, 30007388, -15823341}, + {-936379, 16086691, 23751945, -543318, -1167538, -5189036, 9137109, + 730663, 9835848, 4555336}, + }, + { + {-23376435, 1410446, -22253753, -12899614, 30867635, 15826977, + 17693930, 544696, -11985298, 12422646}, + {31117226, -12215734, -13502838, 6561947, -9876867, -12757670, + -5118685, -4096706, 29120153, 13924425}, + {-17400879, -14233209, 19675799, -2734756, -11006962, -5858820, + -9383939, -11317700, 7240931, -237388}, + }, + { + {-31361739, -11346780, -15007447, -5856218, -22453340, -12152771, + 1222336, 4389483, 3293637, -15551743}, + {-16684801, -14444245, 11038544, 11054958, -13801175, -3338533, + -24319580, 7733547, 12796905, -6335822}, + {-8759414, -10817836, -25418864, 10783769, -30615557, -9746811, + -28253339, 3647836, 3222231, -11160462}, + }, + { + {18606113, 1693100, -25448386, -15170272, 4112353, 10045021, + 23603893, -2048234, -7550776, 2484985}, + {9255317, -3131197, -12156162, -1004256, 13098013, -9214866, + 16377220, -2102812, -19802075, -3034702}, + {-22729289, 7496160, -5742199, 11329249, 19991973, -3347502, + -31718148, 9936966, -30097688, -10618797}, + }, + { + {21878590, -5001297, 4338336, 13643897, -3036865, 13160960, + 19708896, 5415497, -7360503, -4109293}, + {27736861, 10103576, 12500508, 8502413, -3413016, -9633558, + 10436918, -1550276, -23659143, -8132100}, + {19492550, -12104365, -29681976, -852630, -3208171, 12403437, + 30066266, 8367329, 13243957, 8709688}, + }, + }, + { + { + {12015105, 2801261, 28198131, 10151021, 24818120, -4743133, + -11194191, -5645734, 5150968, 7274186}, + {2831366, -12492146, 1478975, 6122054, 23825128, -12733586, + 31097299, 6083058, 31021603, -9793610}, + {-2529932, -2229646, 445613, 10720828, -13849527, -11505937, + -23507731, 16354465, 15067285, -14147707}, + }, + { + {7840942, 14037873, -33364863, 15934016, -728213, -3642706, + 21403988, 1057586, -19379462, -12403220}, + {915865, -16469274, 15608285, -8789130, -24357026, 6060030, + -17371319, 8410997, -7220461, 16527025}, + {32922597, -556987, 20336074, -16184568, 10903705, -5384487, + 16957574, 52992, 23834301, 6588044}, + }, + { + {32752030, 11232950, 3381995, -8714866, 22652988, -10744103, + 17159699, 16689107, -20314580, -1305992}, + {-4689649, 9166776, -25710296, -10847306, 11576752, 12733943, + 7924251, -2752281, 1976123, -7249027}, + {21251222, 16309901, -2983015, -6783122, 30810597, 12967303, 156041, + -3371252, 12331345, -8237197}, + }, + { + {8651614, -4477032, -16085636, -4996994, 13002507, 2950805, + 29054427, -5106970, 10008136, -4667901}, + {31486080, 15114593, -14261250, 12951354, 14369431, -7387845, + 16347321, -13662089, 8684155, -10532952}, + {19443825, 11385320, 24468943, -9659068, -23919258, 2187569, + -26263207, -6086921, 31316348, 14219878}, + }, + { + {-28594490, 1193785, 32245219, 11392485, 31092169, 15722801, + 27146014, 6992409, 29126555, 9207390}, + {32382935, 1110093, 18477781, 11028262, -27411763, -7548111, + -4980517, 10843782, -7957600, -14435730}, + {2814918, 7836403, 27519878, -7868156, -20894015, -11553689, + -21494559, 8550130, 28346258, 1994730}, + }, + { + {-19578299, 8085545, -14000519, -3948622, 2785838, -16231307, + -19516951, 7174894, 22628102, 8115180}, + {-30405132, 955511, -11133838, -15078069, -32447087, -13278079, + -25651578, 3317160, -9943017, 930272}, + {-15303681, -6833769, 28856490, 1357446, 23421993, 1057177, + 24091212, -1388970, -22765376, -10650715}, + }, + { + {-22751231, -5303997, -12907607, -12768866, -15811511, -7797053, + -14839018, -16554220, -1867018, 8398970}, + {-31969310, 2106403, -4736360, 1362501, 12813763, 16200670, + 22981545, -6291273, 18009408, -15772772}, + {-17220923, -9545221, -27784654, 14166835, 29815394, 7444469, + 29551787, -3727419, 19288549, 1325865}, + }, + { + {15100157, -15835752, -23923978, -1005098, -26450192, 15509408, + 12376730, -3479146, 33166107, -8042750}, + {20909231, 13023121, -9209752, 16251778, -5778415, -8094914, + 12412151, 10018715, 2213263, -13878373}, + {32529814, -11074689, 30361439, -16689753, -9135940, 1513226, + 22922121, 6382134, -5766928, 8371348}, + }, + }, + { + { + {9923462, 11271500, 12616794, 3544722, -29998368, -1721626, + 12891687, -8193132, -26442943, 10486144}, + {-22597207, -7012665, 8587003, -8257861, 4084309, -12970062, 361726, + 2610596, -23921530, -11455195}, + {5408411, -1136691, -4969122, 10561668, 24145918, 14240566, + 31319731, -4235541, 19985175, -3436086}, + }, + { + {-13994457, 16616821, 14549246, 3341099, 32155958, 13648976, + -17577068, 8849297, 65030, 8370684}, + {-8320926, -12049626, 31204563, 5839400, -20627288, -1057277, + -19442942, 6922164, 12743482, -9800518}, + {-2361371, 12678785, 28815050, 4759974, -23893047, 4884717, + 23783145, 11038569, 18800704, 255233}, + }, + { + {-5269658, -1773886, 13957886, 7990715, 23132995, 728773, 13393847, + 9066957, 19258688, -14753793}, + {-2936654, -10827535, -10432089, 14516793, -3640786, 4372541, + -31934921, 2209390, -1524053, 2055794}, + {580882, 16705327, 5468415, -2683018, -30926419, -14696000, + -7203346, -8994389, -30021019, 7394435}, + }, + { + {23838809, 1822728, -15738443, 15242727, 8318092, -3733104, + -21672180, -3492205, -4821741, 14799921}, + {13345610, 9759151, 3371034, -16137791, 16353039, 8577942, 31129804, + 13496856, -9056018, 7402518}, + {2286874, -4435931, -20042458, -2008336, -13696227, 5038122, + 11006906, -15760352, 8205061, 1607563}, + }, + { + {14414086, -8002132, 3331830, -3208217, 22249151, -5594188, + 18364661, -2906958, 30019587, -9029278}, + {-27688051, 1585953, -10775053, 931069, -29120221, -11002319, + -14410829, 12029093, 9944378, 8024}, + {4368715, -3709630, 29874200, -15022983, -20230386, -11410704, + -16114594, -999085, -8142388, 5640030}, + }, + { + {10299610, 13746483, 11661824, 16234854, 7630238, 5998374, 9809887, + -16694564, 15219798, -14327783}, + {27425505, -5719081, 3055006, 10660664, 23458024, 595578, -15398605, + -1173195, -18342183, 9742717}, + {6744077, 2427284, 26042789, 2720740, -847906, 1118974, 32324614, + 7406442, 12420155, 1994844}, + }, + { + {14012521, -5024720, -18384453, -9578469, -26485342, -3936439, + -13033478, -10909803, 24319929, -6446333}, + {16412690, -4507367, 10772641, 15929391, -17068788, -4658621, + 10555945, -10484049, -30102368, -4739048}, + {22397382, -7767684, -9293161, -12792868, 17166287, -9755136, + -27333065, 6199366, 21880021, -12250760}, + }, + { + {-4283307, 5368523, -31117018, 8163389, -30323063, 3209128, + 16557151, 8890729, 8840445, 4957760}, + {-15447727, 709327, -6919446, -10870178, -29777922, 6522332, + -21720181, 12130072, -14796503, 5005757}, + {-2114751, -14308128, 23019042, 15765735, -25269683, 6002752, + 10183197, -13239326, -16395286, -2176112}, + }, + }, + { + { + {-19025756, 1632005, 13466291, -7995100, -23640451, 16573537, + -32013908, -3057104, 22208662, 2000468}, + {3065073, -1412761, -25598674, -361432, -17683065, -5703415, + -8164212, 11248527, -3691214, -7414184}, + {10379208, -6045554, 8877319, 1473647, -29291284, -12507580, + 16690915, 2553332, -3132688, 16400289}, + }, + { + {15716668, 1254266, -18472690, 7446274, -8448918, 6344164, + -22097271, -7285580, 26894937, 9132066}, + {24158887, 12938817, 11085297, -8177598, -28063478, -4457083, + -30576463, 64452, -6817084, -2692882}, + {13488534, 7794716, 22236231, 5989356, 25426474, -12578208, 2350710, + -3418511, -4688006, 2364226}, + }, + { + {16335052, 9132434, 25640582, 6678888, 1725628, 8517937, -11807024, + -11697457, 15445875, -7798101}, + {29004207, -7867081, 28661402, -640412, -12794003, -7943086, + 31863255, -4135540, -278050, -15759279}, + {-6122061, -14866665, -28614905, 14569919, -10857999, -3591829, + 10343412, -6976290, -29828287, -10815811}, + }, + { + {27081650, 3463984, 14099042, -4517604, 1616303, -6205604, 29542636, + 15372179, 17293797, 960709}, + {20263915, 11434237, -5765435, 11236810, 13505955, -10857102, + -16111345, 6493122, -19384511, 7639714}, + {-2830798, -14839232, 25403038, -8215196, -8317012, -16173699, + 18006287, -16043750, 29994677, -15808121}, + }, + { + {9769828, 5202651, -24157398, -13631392, -28051003, -11561624, + -24613141, -13860782, -31184575, 709464}, + {12286395, 13076066, -21775189, -1176622, -25003198, 4057652, + -32018128, -8890874, 16102007, 13205847}, + {13733362, 5599946, 10557076, 3195751, -5557991, 8536970, -25540170, + 8525972, 10151379, 10394400}, + }, + { + {4024660, -16137551, 22436262, 12276534, -9099015, -2686099, + 19698229, 11743039, -33302334, 8934414}, + {-15879800, -4525240, -8580747, -2934061, 14634845, -698278, + -9449077, 3137094, -11536886, 11721158}, + {17555939, -5013938, 8268606, 2331751, -22738815, 9761013, 9319229, + 8835153, -9205489, -1280045}, + }, + { + {-461409, -7830014, 20614118, 16688288, -7514766, -4807119, + 22300304, 505429, 6108462, -6183415}, + {-5070281, 12367917, -30663534, 3234473, 32617080, -8422642, + 29880583, -13483331, -26898490, -7867459}, + {-31975283, 5726539, 26934134, 10237677, -3173717, -605053, + 24199304, 3795095, 7592688, -14992079}, + }, + { + {21594432, -14964228, 17466408, -4077222, 32537084, 2739898, + 6407723, 12018833, -28256052, 4298412}, + {-20650503, -11961496, -27236275, 570498, 3767144, -1717540, + 13891942, -1569194, 13717174, 10805743}, + {-14676630, -15644296, 15287174, 11927123, 24177847, -8175568, + -796431, 14860609, -26938930, -5863836}, + }, + }, + { + { + {12962541, 5311799, -10060768, 11658280, 18855286, -7954201, + 13286263, -12808704, -4381056, 9882022}, + {18512079, 11319350, -20123124, 15090309, 18818594, 5271736, + -22727904, 3666879, -23967430, -3299429}, + {-6789020, -3146043, 16192429, 13241070, 15898607, -14206114, + -10084880, -6661110, -2403099, 5276065}, + }, + { + {30169808, -5317648, 26306206, -11750859, 27814964, 7069267, + 7152851, 3684982, 1449224, 13082861}, + {10342826, 3098505, 2119311, 193222, 25702612, 12233820, 23697382, + 15056736, -21016438, -8202000}, + {-33150110, 3261608, 22745853, 7948688, 19370557, -15177665, + -26171976, 6482814, -10300080, -11060101}, + }, + { + {32869458, -5408545, 25609743, 15678670, -10687769, -15471071, + 26112421, 2521008, -22664288, 6904815}, + {29506923, 4457497, 3377935, -9796444, -30510046, 12935080, 1561737, + 3841096, -29003639, -6657642}, + {10340844, -6630377, -18656632, -2278430, 12621151, -13339055, + 30878497, -11824370, -25584551, 5181966}, + }, + { + {25940115, -12658025, 17324188, -10307374, -8671468, 15029094, + 24396252, -16450922, -2322852, -12388574}, + {-21765684, 9916823, -1300409, 4079498, -1028346, 11909559, 1782390, + 12641087, 20603771, -6561742}, + {-18882287, -11673380, 24849422, 11501709, 13161720, -4768874, + 1925523, 11914390, 4662781, 7820689}, + }, + { + {12241050, -425982, 8132691, 9393934, 32846760, -1599620, 29749456, + 12172924, 16136752, 15264020}, + {-10349955, -14680563, -8211979, 2330220, -17662549, -14545780, + 10658213, 6671822, 19012087, 3772772}, + {3753511, -3421066, 10617074, 2028709, 14841030, -6721664, 28718732, + -15762884, 20527771, 12988982}, + }, + { + {-14822485, -5797269, -3707987, 12689773, -898983, -10914866, + -24183046, -10564943, 3299665, -12424953}, + {-16777703, -15253301, -9642417, 4978983, 3308785, 8755439, 6943197, + 6461331, -25583147, 8991218}, + {-17226263, 1816362, -1673288, -6086439, 31783888, -8175991, + -32948145, 7417950, -30242287, 1507265}, + }, + { + {29692663, 6829891, -10498800, 4334896, 20945975, -11906496, + -28887608, 8209391, 14606362, -10647073}, + {-3481570, 8707081, 32188102, 5672294, 22096700, 1711240, -33020695, + 9761487, 4170404, -2085325}, + {-11587470, 14855945, -4127778, -1531857, -26649089, 15084046, + 22186522, 16002000, -14276837, -8400798}, + }, + { + {-4811456, 13761029, -31703877, -2483919, -3312471, 7869047, + -7113572, -9620092, 13240845, 10965870}, + {-7742563, -8256762, -14768334, -13656260, -23232383, 12387166, + 4498947, 14147411, 29514390, 4302863}, + {-13413405, -12407859, 20757302, -13801832, 14785143, 8976368, + -5061276, -2144373, 17846988, -13971927}, + }, + }, + { + { + {-2244452, -754728, -4597030, -1066309, -6247172, 1455299, + -21647728, -9214789, -5222701, 12650267}, + {-9906797, -16070310, 21134160, 12198166, -27064575, 708126, 387813, + 13770293, -19134326, 10958663}, + {22470984, 12369526, 23446014, -5441109, -21520802, -9698723, + -11772496, -11574455, -25083830, 4271862}, + }, + { + {-25169565, -10053642, -19909332, 15361595, -5984358, 2159192, + 75375, -4278529, -32526221, 8469673}, + {15854970, 4148314, -8893890, 7259002, 11666551, 13824734, + -30531198, 2697372, 24154791, -9460943}, + {15446137, -15806644, 29759747, 14019369, 30811221, -9610191, + -31582008, 12840104, 24913809, 9815020}, + }, + { + {-4709286, -5614269, -31841498, -12288893, -14443537, 10799414, + -9103676, 13438769, 18735128, 9466238}, + {11933045, 9281483, 5081055, -5183824, -2628162, -4905629, -7727821, + -10896103, -22728655, 16199064}, + {14576810, 379472, -26786533, -8317236, -29426508, -10812974, + -102766, 1876699, 30801119, 2164795}, + }, + { + {15995086, 3199873, 13672555, 13712240, -19378835, -4647646, + -13081610, -15496269, -13492807, 1268052}, + {-10290614, -3659039, -3286592, 10948818, 23037027, 3794475, + -3470338, -12600221, -17055369, 3565904}, + {29210088, -9419337, -5919792, -4952785, 10834811, -13327726, + -16512102, -10820713, -27162222, -14030531}, + }, + { + {-13161890, 15508588, 16663704, -8156150, -28349942, 9019123, + -29183421, -3769423, 2244111, -14001979}, + {-5152875, -3800936, -9306475, -6071583, 16243069, 14684434, + -25673088, -16180800, 13491506, 4641841}, + {10813417, 643330, -19188515, -728916, 30292062, -16600078, + 27548447, -7721242, 14476989, -12767431}, + }, + { + {10292079, 9984945, 6481436, 8279905, -7251514, 7032743, 27282937, + -1644259, -27912810, 12651324}, + {-31185513, -813383, 22271204, 11835308, 10201545, 15351028, + 17099662, 3988035, 21721536, -3148940}, + {10202177, -6545839, -31373232, -9574638, -32150642, -8119683, + -12906320, 3852694, 13216206, 14842320}, + }, + { + {-15815640, -10601066, -6538952, -7258995, -6984659, -6581778, + -31500847, 13765824, -27434397, 9900184}, + {14465505, -13833331, -32133984, -14738873, -27443187, 12990492, + 33046193, 15796406, -7051866, -8040114}, + {30924417, -8279620, 6359016, -12816335, 16508377, 9071735, + -25488601, 15413635, 9524356, -7018878}, + }, + { + {12274201, -13175547, 32627641, -1785326, 6736625, 13267305, + 5237659, -5109483, 15663516, 4035784}, + {-2951309, 8903985, 17349946, 601635, -16432815, -4612556, + -13732739, -15889334, -22258478, 4659091}, + {-16916263, -4952973, -30393711, -15158821, 20774812, 15897498, + 5736189, 15026997, -2178256, -13455585}, + }, + }, + { + { + {-8858980, -2219056, 28571666, -10155518, -474467, -10105698, + -3801496, 278095, 23440562, -290208}, + {10226241, -5928702, 15139956, 120818, -14867693, 5218603, 32937275, + 11551483, -16571960, -7442864}, + {17932739, -12437276, -24039557, 10749060, 11316803, 7535897, + 22503767, 5561594, -3646624, 3898661}, + }, + { + {7749907, -969567, -16339731, -16464, -25018111, 15122143, -1573531, + 7152530, 21831162, 1245233}, + {26958459, -14658026, 4314586, 8346991, -5677764, 11960072, + -32589295, -620035, -30402091, -16716212}, + {-12165896, 9166947, 33491384, 13673479, 29787085, 13096535, + 6280834, 14587357, -22338025, 13987525}, + }, + { + {-24349909, 7778775, 21116000, 15572597, -4833266, -5357778, + -4300898, -5124639, -7469781, -2858068}, + {9681908, -6737123, -31951644, 13591838, -6883821, 386950, 31622781, + 6439245, -14581012, 4091397}, + {-8426427, 1470727, -28109679, -1596990, 3978627, -5123623, + -19622683, 12092163, 29077877, -14741988}, + }, + { + {5269168, -6859726, -13230211, -8020715, 25932563, 1763552, + -5606110, -5505881, -20017847, 2357889}, + {32264008, -15407652, -5387735, -1160093, -2091322, -3946900, + 23104804, -12869908, 5727338, 189038}, + {14609123, -8954470, -6000566, -16622781, -14577387, -7743898, + -26745169, 10942115, -25888931, -14884697}, + }, + { + {20513500, 5557931, -15604613, 7829531, 26413943, -2019404, + -21378968, 7471781, 13913677, -5137875}, + {-25574376, 11967826, 29233242, 12948236, -6754465, 4713227, + -8940970, 14059180, 12878652, 8511905}, + {-25656801, 3393631, -2955415, -7075526, -2250709, 9366908, + -30223418, 6812974, 5568676, -3127656}, + }, + { + {11630004, 12144454, 2116339, 13606037, 27378885, 15676917, + -17408753, -13504373, -14395196, 8070818}, + {27117696, -10007378, -31282771, -5570088, 1127282, 12772488, + -29845906, 10483306, -11552749, -1028714}, + {10637467, -5688064, 5674781, 1072708, -26343588, -6982302, + -1683975, 9177853, -27493162, 15431203}, + }, + { + {20525145, 10892566, -12742472, 12779443, -29493034, 16150075, + -28240519, 14943142, -15056790, -7935931}, + {-30024462, 5626926, -551567, -9981087, 753598, 11981191, 25244767, + -3239766, -3356550, 9594024}, + {-23752644, 2636870, -5163910, -10103818, 585134, 7877383, 11345683, + -6492290, 13352335, -10977084}, + }, + { + {-1931799, -5407458, 3304649, -12884869, 17015806, -4877091, + -29783850, -7752482, -13215537, -319204}, + {20239939, 6607058, 6203985, 3483793, -18386976, -779229, -20723742, + 15077870, -22750759, 14523817}, + {27406042, -6041657, 27423596, -4497394, 4996214, 10002360, + -28842031, -4545494, -30172742, -4805667}, + }, + }, + { + { + {11374242, 12660715, 17861383, -12540833, 10935568, 1099227, + -13886076, -9091740, -27727044, 11358504}, + {-12730809, 10311867, 1510375, 10778093, -2119455, -9145702, + 32676003, 11149336, -26123651, 4985768}, + {-19096303, 341147, -6197485, -239033, 15756973, -8796662, -983043, + 13794114, -19414307, -15621255}, + }, + { + {6490081, 11940286, 25495923, -7726360, 8668373, -8751316, 3367603, + 6970005, -1691065, -9004790}, + {1656497, 13457317, 15370807, 6364910, 13605745, 8362338, -19174622, + -5475723, -16796596, -5031438}, + {-22273315, -13524424, -64685, -4334223, -18605636, -10921968, + -20571065, -7007978, -99853, -10237333}, + }, + { + {17747465, 10039260, 19368299, -4050591, -20630635, -16041286, + 31992683, -15857976, -29260363, -5511971}, + {31932027, -4986141, -19612382, 16366580, 22023614, 88450, 11371999, + -3744247, 4882242, -10626905}, + {29796507, 37186, 19818052, 10115756, -11829032, 3352736, 18551198, + 3272828, -5190932, -4162409}, + }, + { + {12501286, 4044383, -8612957, -13392385, -32430052, 5136599, + -19230378, -3529697, 330070, -3659409}, + {6384877, 2899513, 17807477, 7663917, -2358888, 12363165, 25366522, + -8573892, -271295, 12071499}, + {-8365515, -4042521, 25133448, -4517355, -6211027, 2265927, + -32769618, 1936675, -5159697, 3829363}, + }, + { + {28425966, -5835433, -577090, -4697198, -14217555, 6870930, 7921550, + -6567787, 26333140, 14267664}, + {-11067219, 11871231, 27385719, -10559544, -4585914, -11189312, + 10004786, -8709488, -21761224, 8930324}, + {-21197785, -16396035, 25654216, -1725397, 12282012, 11008919, + 1541940, 4757911, -26491501, -16408940}, + }, + { + {13537262, -7759490, -20604840, 10961927, -5922820, -13218065, + -13156584, 6217254, -15943699, 13814990}, + {-17422573, 15157790, 18705543, 29619, 24409717, -260476, 27361681, + 9257833, -1956526, -1776914}, + {-25045300, -10191966, 15366585, 15166509, -13105086, 8423556, + -29171540, 12361135, -18685978, 4578290}, + }, + { + {24579768, 3711570, 1342322, -11180126, -27005135, 14124956, + -22544529, 14074919, 21964432, 8235257}, + {-6528613, -2411497, 9442966, -5925588, 12025640, -1487420, + -2981514, -1669206, 13006806, 2355433}, + {-16304899, -13605259, -6632427, -5142349, 16974359, -10911083, + 27202044, 1719366, 1141648, -12796236}, + }, + { + {-12863944, -13219986, -8318266, -11018091, -6810145, -4843894, + 13475066, -3133972, 32674895, 13715045}, + {11423335, -5468059, 32344216, 8962751, 24989809, 9241752, + -13265253, 16086212, -28740881, -15642093}, + {-1409668, 12530728, -6368726, 10847387, 19531186, -14132160, + -11709148, 7791794, -27245943, 4383347}, + }, + }, + { + { + {-28970898, 5271447, -1266009, -9736989, -12455236, 16732599, + -4862407, -4906449, 27193557, 6245191}, + {-15193956, 5362278, -1783893, 2695834, 4960227, 12840725, 23061898, + 3260492, 22510453, 8577507}, + {-12632451, 11257346, -32692994, 13548177, -721004, 10879011, + 31168030, 13952092, -29571492, -3635906}, + }, + { + {3877321, -9572739, 32416692, 5405324, -11004407, -13656635, + 3759769, 11935320, 5611860, 8164018}, + {-16275802, 14667797, 15906460, 12155291, -22111149, -9039718, + 32003002, -8832289, 5773085, -8422109}, + {-23788118, -8254300, 1950875, 8937633, 18686727, 16459170, -905725, + 12376320, 31632953, 190926}, + }, + { + {-24593607, -16138885, -8423991, 13378746, 14162407, 6901328, + -8288749, 4508564, -25341555, -3627528}, + {8884438, -5884009, 6023974, 10104341, -6881569, -4941533, 18722941, + -14786005, -1672488, 827625}, + {-32720583, -16289296, -32503547, 7101210, 13354605, 2659080, + -1800575, -14108036, -24878478, 1541286}, + }, + { + {2901347, -1117687, 3880376, -10059388, -17620940, -3612781, + -21802117, -3567481, 20456845, -1885033}, + {27019610, 12299467, -13658288, -1603234, -12861660, -4861471, + -19540150, -5016058, 29439641, 15138866}, + {21536104, -6626420, -32447818, -10690208, -22408077, 5175814, + -5420040, -16361163, 7779328, 109896}, + }, + { + {30279744, 14648750, -8044871, 6425558, 13639621, -743509, 28698390, + 12180118, 23177719, -554075}, + {26572847, 3405927, -31701700, 12890905, -19265668, 5335866, + -6493768, 2378492, 4439158, -13279347}, + {-22716706, 3489070, -9225266, -332753, 18875722, -1140095, + 14819434, -12731527, -17717757, -5461437}, + }, + { + {-5056483, 16566551, 15953661, 3767752, -10436499, 15627060, + -820954, 2177225, 8550082, -15114165}, + {-18473302, 16596775, -381660, 15663611, 22860960, 15585581, + -27844109, -3582739, -23260460, -8428588}, + {-32480551, 15707275, -8205912, -5652081, 29464558, 2713815, + -22725137, 15860482, -21902570, 1494193}, + }, + { + {-19562091, -14087393, -25583872, -9299552, 13127842, 759709, + 21923482, 16529112, 8742704, 12967017}, + {-28464899, 1553205, 32536856, -10473729, -24691605, -406174, + -8914625, -2933896, -29903758, 15553883}, + {21877909, 3230008, 9881174, 10539357, -4797115, 2841332, 11543572, + 14513274, 19375923, -12647961}, + }, + { + {8832269, -14495485, 13253511, 5137575, 5037871, 4078777, 24880818, + -6222716, 2862653, 9455043}, + {29306751, 5123106, 20245049, -14149889, 9592566, 8447059, -2077124, + -2990080, 15511449, 4789663}, + {-20679756, 7004547, 8824831, -9434977, -4045704, -3750736, + -5754762, 108893, 23513200, 16652362}, + }, + }, + { + { + {-33256173, 4144782, -4476029, -6579123, 10770039, -7155542, + -6650416, -12936300, -18319198, 10212860}, + {2756081, 8598110, 7383731, -6859892, 22312759, -1105012, 21179801, + 2600940, -9988298, -12506466}, + {-24645692, 13317462, -30449259, -15653928, 21365574, -10869657, + 11344424, 864440, -2499677, -16710063}, + }, + { + {-26432803, 6148329, -17184412, -14474154, 18782929, -275997, + -22561534, 211300, 2719757, 4940997}, + {-1323882, 3911313, -6948744, 14759765, -30027150, 7851207, + 21690126, 8518463, 26699843, 5276295}, + {-13149873, -6429067, 9396249, 365013, 24703301, -10488939, 1321586, + 149635, -15452774, 7159369}, + }, + { + {9987780, -3404759, 17507962, 9505530, 9731535, -2165514, 22356009, + 8312176, 22477218, -8403385}, + {18155857, -16504990, 19744716, 9006923, 15154154, -10538976, + 24256460, -4864995, -22548173, 9334109}, + {2986088, -4911893, 10776628, -3473844, 10620590, -7083203, + -21413845, 14253545, -22587149, 536906}, + }, + { + {4377756, 8115836, 24567078, 15495314, 11625074, 13064599, 7390551, + 10589625, 10838060, -15420424}, + {-19342404, 867880, 9277171, -3218459, -14431572, -1986443, + 19295826, -15796950, 6378260, 699185}, + {7895026, 4057113, -7081772, -13077756, -17886831, -323126, -716039, + 15693155, -5045064, -13373962}, + }, + { + {-7737563, -5869402, -14566319, -7406919, 11385654, 13201616, + 31730678, -10962840, -3918636, -9669325}, + {10188286, -15770834, -7336361, 13427543, 22223443, 14896287, + 30743455, 7116568, -21786507, 5427593}, + {696102, 13206899, 27047647, -10632082, 15285305, -9853179, + 10798490, -4578720, 19236243, 12477404}, + }, + { + {-11229439, 11243796, -17054270, -8040865, -788228, -8167967, + -3897669, 11180504, -23169516, 7733644}, + {17800790, -14036179, -27000429, -11766671, 23887827, 3149671, + 23466177, -10538171, 10322027, 15313801}, + {26246234, 11968874, 32263343, -5468728, 6830755, -13323031, + -15794704, -101982, -24449242, 10890804}, + }, + { + {-31365647, 10271363, -12660625, -6267268, 16690207, -13062544, + -14982212, 16484931, 25180797, -5334884}, + {-586574, 10376444, -32586414, -11286356, 19801893, 10997610, + 2276632, 9482883, 316878, 13820577}, + {-9882808, -4510367, -2115506, 16457136, -11100081, 11674996, + 30756178, -7515054, 30696930, -3712849}, + }, + { + {32988917, -9603412, 12499366, 7910787, -10617257, -11931514, + -7342816, -9985397, -32349517, 7392473}, + {-8855661, 15927861, 9866406, -3649411, -2396914, -16655781, + -30409476, -9134995, 25112947, -2926644}, + {-2504044, -436966, 25621774, -5678772, 15085042, -5479877, + -24884878, -13526194, 5537438, -13914319}, + }, + }, + { + { + {-11225584, 2320285, -9584280, 10149187, -33444663, 5808648, + -14876251, -1729667, 31234590, 6090599}, + {-9633316, 116426, 26083934, 2897444, -6364437, -2688086, 609721, + 15878753, -6970405, -9034768}, + {-27757857, 247744, -15194774, -9002551, 23288161, -10011936, + -23869595, 6503646, 20650474, 1804084}, + }, + { + {-27589786, 15456424, 8972517, 8469608, 15640622, 4439847, 3121995, + -10329713, 27842616, -202328}, + {-15306973, 2839644, 22530074, 10026331, 4602058, 5048462, 28248656, + 5031932, -11375082, 12714369}, + {20807691, -7270825, 29286141, 11421711, -27876523, -13868230, + -21227475, 1035546, -19733229, 12796920}, + }, + { + {12076899, -14301286, -8785001, -11848922, -25012791, 16400684, + -17591495, -12899438, 3480665, -15182815}, + {-32361549, 5457597, 28548107, 7833186, 7303070, -11953545, + -24363064, -15921875, -33374054, 2771025}, + {-21389266, 421932, 26597266, 6860826, 22486084, -6737172, + -17137485, -4210226, -24552282, 15673397}, + }, + { + {-20184622, 2338216, 19788685, -9620956, -4001265, -8740893, + -20271184, 4733254, 3727144, -12934448}, + {6120119, 814863, -11794402, -622716, 6812205, -15747771, 2019594, + 7975683, 31123697, -10958981}, + {30069250, -11435332, 30434654, 2958439, 18399564, -976289, + 12296869, 9204260, -16432438, 9648165}, + }, + { + {32705432, -1550977, 30705658, 7451065, -11805606, 9631813, 3305266, + 5248604, -26008332, -11377501}, + {17219865, 2375039, -31570947, -5575615, -19459679, 9219903, 294711, + 15298639, 2662509, -16297073}, + {-1172927, -7558695, -4366770, -4287744, -21346413, -8434326, + 32087529, -1222777, 32247248, -14389861}, + }, + { + {14312628, 1221556, 17395390, -8700143, -4945741, -8684635, + -28197744, -9637817, -16027623, -13378845}, + {-1428825, -9678990, -9235681, 6549687, -7383069, -468664, 23046502, + 9803137, 17597934, 2346211}, + {18510800, 15337574, 26171504, 981392, -22241552, 7827556, + -23491134, -11323352, 3059833, -11782870}, + }, + { + {10141598, 6082907, 17829293, -1947643, 9830092, 13613136, + -25556636, -5544586, -33502212, 3592096}, + {33114168, -15889352, -26525686, -13343397, 33076705, 8716171, + 1151462, 1521897, -982665, -6837803}, + {-32939165, -4255815, 23947181, -324178, -33072974, -12305637, + -16637686, 3891704, 26353178, 693168}, + }, + { + {30374239, 1595580, -16884039, 13186931, 4600344, 406904, 9585294, + -400668, 31375464, 14369965}, + {-14370654, -7772529, 1510301, 6434173, -18784789, -6262728, + 32732230, -13108839, 17901441, 16011505}, + {18171223, -11934626, -12500402, 15197122, -11038147, -15230035, + -19172240, -16046376, 8764035, 12309598}, + }, + }, + { + { + {5975908, -5243188, -19459362, -9681747, -11541277, 14015782, + -23665757, 1228319, 17544096, -10593782}, + {5811932, -1715293, 3442887, -2269310, -18367348, -8359541, + -18044043, -15410127, -5565381, 12348900}, + {-31399660, 11407555, 25755363, 6891399, -3256938, 14872274, + -24849353, 8141295, -10632534, -585479}, + }, + { + {-12675304, 694026, -5076145, 13300344, 14015258, -14451394, + -9698672, -11329050, 30944593, 1130208}, + {8247766, -6710942, -26562381, -7709309, -14401939, -14648910, + 4652152, 2488540, 23550156, -271232}, + {17294316, -3788438, 7026748, 15626851, 22990044, 113481, 2267737, + -5908146, -408818, -137719}, + }, + { + {16091085, -16253926, 18599252, 7340678, 2137637, -1221657, + -3364161, 14550936, 3260525, -7166271}, + {-4910104, -13332887, 18550887, 10864893, -16459325, -7291596, + -23028869, -13204905, -12748722, 2701326}, + {-8574695, 16099415, 4629974, -16340524, -20786213, -6005432, + -10018363, 9276971, 11329923, 1862132}, + }, + { + {14763076, -15903608, -30918270, 3689867, 3511892, 10313526, + -21951088, 12219231, -9037963, -940300}, + {8894987, -3446094, 6150753, 3013931, 301220, 15693451, -31981216, + -2909717, -15438168, 11595570}, + {15214962, 3537601, -26238722, -14058872, 4418657, -15230761, + 13947276, 10730794, -13489462, -4363670}, + }, + { + {-2538306, 7682793, 32759013, 263109, -29984731, -7955452, + -22332124, -10188635, 977108, 699994}, + {-12466472, 4195084, -9211532, 550904, -15565337, 12917920, + 19118110, -439841, -30534533, -14337913}, + {31788461, -14507657, 4799989, 7372237, 8808585, -14747943, 9408237, + -10051775, 12493932, -5409317}, + }, + { + {-25680606, 5260744, -19235809, -6284470, -3695942, 16566087, + 27218280, 2607121, 29375955, 6024730}, + {842132, -2794693, -4763381, -8722815, 26332018, -12405641, + 11831880, 6985184, -9940361, 2854096}, + {-4847262, -7969331, 2516242, -5847713, 9695691, -7221186, 16512645, + 960770, 12121869, 16648078}, + }, + { + {-15218652, 14667096, -13336229, 2013717, 30598287, -464137, + -31504922, -7882064, 20237806, 2838411}, + {-19288047, 4453152, 15298546, -16178388, 22115043, -15972604, + 12544294, -13470457, 1068881, -12499905}, + {-9558883, -16518835, 33238498, 13506958, 30505848, -1114596, + -8486907, -2630053, 12521378, 4845654}, + }, + { + {-28198521, 10744108, -2958380, 10199664, 7759311, -13088600, + 3409348, -873400, -6482306, -12885870}, + {-23561822, 6230156, -20382013, 10655314, -24040585, -11621172, + 10477734, -1240216, -3113227, 13974498}, + {12966261, 15550616, -32038948, -1615346, 21025980, -629444, + 5642325, 7188737, 18895762, 12629579}, + }, + }, + { + { + {14741879, -14946887, 22177208, -11721237, 1279741, 8058600, + 11758140, 789443, 32195181, 3895677}, + {10758205, 15755439, -4509950, 9243698, -4879422, 6879879, -2204575, + -3566119, -8982069, 4429647}, + {-2453894, 15725973, -20436342, -10410672, -5803908, -11040220, + -7135870, -11642895, 18047436, -15281743}, + }, + { + {-25173001, -11307165, 29759956, 11776784, -22262383, -15820455, + 10993114, -12850837, -17620701, -9408468}, + {21987233, 700364, -24505048, 14972008, -7774265, -5718395, + 32155026, 2581431, -29958985, 8773375}, + {-25568350, 454463, -13211935, 16126715, 25240068, 8594567, + 20656846, 12017935, -7874389, -13920155}, + }, + { + {6028182, 6263078, -31011806, -11301710, -818919, 2461772, + -31841174, -5468042, -1721788, -2776725}, + {-12278994, 16624277, 987579, -5922598, 32908203, 1248608, 7719845, + -4166698, 28408820, 6816612}, + {-10358094, -8237829, 19549651, -12169222, 22082623, 16147817, + 20613181, 13982702, -10339570, 5067943}, + }, + { + {-30505967, -3821767, 12074681, 13582412, -19877972, 2443951, + -19719286, 12746132, 5331210, -10105944}, + {30528811, 3601899, -1957090, 4619785, -27361822, -15436388, + 24180793, -12570394, 27679908, -1648928}, + {9402404, -13957065, 32834043, 10838634, -26580150, -13237195, + 26653274, -8685565, 22611444, -12715406}, + }, + { + {22190590, 1118029, 22736441, 15130463, -30460692, -5991321, + 19189625, -4648942, 4854859, 6622139}, + {-8310738, -2953450, -8262579, -3388049, -10401731, -271929, + 13424426, -3567227, 26404409, 13001963}, + {-31241838, -15415700, -2994250, 8939346, 11562230, -12840670, + -26064365, -11621720, -15405155, 11020693}, + }, + { + {1866042, -7949489, -7898649, -10301010, 12483315, 13477547, + 3175636, -12424163, 28761762, 1406734}, + {-448555, -1777666, 13018551, 3194501, -9580420, -11161737, + 24760585, -4347088, 25577411, -13378680}, + {-24290378, 4759345, -690653, -1852816, 2066747, 10693769, + -29595790, 9884936, -9368926, 4745410}, + }, + { + {-9141284, 6049714, -19531061, -4341411, -31260798, 9944276, + -15462008, -11311852, 10931924, -11931931}, + {-16561513, 14112680, -8012645, 4817318, -8040464, -11414606, + -22853429, 10856641, -20470770, 13434654}, + {22759489, -10073434, -16766264, -1871422, 13637442, -10168091, + 1765144, -12654326, 28445307, -5364710}, + }, + { + {29875063, 12493613, 2795536, -3786330, 1710620, 15181182, + -10195717, -8788675, 9074234, 1167180}, + {-26205683, 11014233, -9842651, -2635485, -26908120, 7532294, + -18716888, -9535498, 3843903, 9367684}, + {-10969595, -6403711, 9591134, 9582310, 11349256, 108879, 16235123, + 8601684, -139197, 4242895}, + }, + }, + { + { + {22092954, -13191123, -2042793, -11968512, 32186753, -11517388, + -6574341, 2470660, -27417366, 16625501}, + {-11057722, 3042016, 13770083, -9257922, 584236, -544855, -7770857, + 2602725, -27351616, 14247413}, + {6314175, -10264892, -32772502, 15957557, -10157730, 168750, + -8618807, 14290061, 27108877, -1180880}, + }, + { + {-8586597, -7170966, 13241782, 10960156, -32991015, -13794596, + 33547976, -11058889, -27148451, 981874}, + {22833440, 9293594, -32649448, -13618667, -9136966, 14756819, + -22928859, -13970780, -10479804, -16197962}, + {-7768587, 3326786, -28111797, 10783824, 19178761, 14905060, + 22680049, 13906969, -15933690, 3797899}, + }, + { + {21721356, -4212746, -12206123, 9310182, -3882239, -13653110, + 23740224, -2709232, 20491983, -8042152}, + {9209270, -15135055, -13256557, -6167798, -731016, 15289673, + 25947805, 15286587, 30997318, -6703063}, + {7392032, 16618386, 23946583, -8039892, -13265164, -1533858, + -14197445, -2321576, 17649998, -250080}, + }, + { + {-9301088, -14193827, 30609526, -3049543, -25175069, -1283752, + -15241566, -9525724, -2233253, 7662146}, + {-17558673, 1763594, -33114336, 15908610, -30040870, -12174295, + 7335080, -8472199, -3174674, 3440183}, + {-19889700, -5977008, -24111293, -9688870, 10799743, -16571957, + 40450, -4431835, 4862400, 1133}, + }, + { + {-32856209, -7873957, -5422389, 14860950, -16319031, 7956142, + 7258061, 311861, -30594991, -7379421}, + {-3773428, -1565936, 28985340, 7499440, 24445838, 9325937, 29727763, + 16527196, 18278453, 15405622}, + {-4381906, 8508652, -19898366, -3674424, -5984453, 15149970, + -13313598, 843523, -21875062, 13626197}, + }, + { + {2281448, -13487055, -10915418, -2609910, 1879358, 16164207, + -10783882, 3953792, 13340839, 15928663}, + {31727126, -7179855, -18437503, -8283652, 2875793, -16390330, + -25269894, -7014826, -23452306, 5964753}, + {4100420, -5959452, -17179337, 6017714, -18705837, 12227141, + -26684835, 11344144, 2538215, -7570755}, + }, + { + {-9433605, 6123113, 11159803, -2156608, 30016280, 14966241, + -20474983, 1485421, -629256, -15958862}, + {-26804558, 4260919, 11851389, 9658551, -32017107, 16367492, + -20205425, -13191288, 11659922, -11115118}, + {26180396, 10015009, -30844224, -8581293, 5418197, 9480663, 2231568, + -10170080, 33100372, -1306171}, + }, + { + {15121113, -5201871, -10389905, 15427821, -27509937, -15992507, + 21670947, 4486675, -5931810, -14466380}, + {16166486, -9483733, -11104130, 6023908, -31926798, -1364923, + 2340060, -16254968, -10735770, -10039824}, + {28042865, -3557089, -12126526, 12259706, -3717498, -6945899, + 6766453, -8689599, 18036436, 5803270}, + }, + }, + { + { + {-817581, 6763912, 11803561, 1585585, 10958447, -2671165, 23855391, + 4598332, -6159431, -14117438}, + {-31031306, -14256194, 17332029, -2383520, 31312682, -5967183, + 696309, 50292, -20095739, 11763584}, + {-594563, -2514283, -32234153, 12643980, 12650761, 14811489, 665117, + -12613632, -19773211, -10713562}, + }, + { + {30464590, -11262872, -4127476, -12734478, 19835327, -7105613, + -24396175, 2075773, -17020157, 992471}, + {18357185, -6994433, 7766382, 16342475, -29324918, 411174, 14578841, + 8080033, -11574335, -10601610}, + {19598397, 10334610, 12555054, 2555664, 18821899, -10339780, + 21873263, 16014234, 26224780, 16452269}, + }, + { + {-30223925, 5145196, 5944548, 16385966, 3976735, 2009897, -11377804, + -7618186, -20533829, 3698650}, + {14187449, 3448569, -10636236, -10810935, -22663880, -3433596, + 7268410, -10890444, 27394301, 12015369}, + {19695761, 16087646, 28032085, 12999827, 6817792, 11427614, + 20244189, -1312777, -13259127, -3402461}, + }, + { + {30860103, 12735208, -1888245, -4699734, -16974906, 2256940, + -8166013, 12298312, -8550524, -10393462}, + {-5719826, -11245325, -1910649, 15569035, 26642876, -7587760, + -5789354, -15118654, -4976164, 12651793}, + {-2848395, 9953421, 11531313, -5282879, 26895123, -12697089, + -13118820, -16517902, 9768698, -2533218}, + }, + { + {-24719459, 1894651, -287698, -4704085, 15348719, -8156530, + 32767513, 12765450, 4940095, 10678226}, + {18860224, 15980149, -18987240, -1562570, -26233012, -11071856, + -7843882, 13944024, -24372348, 16582019}, + {-15504260, 4970268, -29893044, 4175593, -20993212, -2199756, + -11704054, 15444560, -11003761, 7989037}, + }, + { + {31490452, 5568061, -2412803, 2182383, -32336847, 4531686, + -32078269, 6200206, -19686113, -14800171}, + {-17308668, -15879940, -31522777, -2831, -32887382, 16375549, + 8680158, -16371713, 28550068, -6857132}, + {-28126887, -5688091, 16837845, -1820458, -6850681, 12700016, + -30039981, 4364038, 1155602, 5988841}, + }, + { + {21890435, -13272907, -12624011, 12154349, -7831873, 15300496, + 23148983, -4470481, 24618407, 8283181}, + {-33136107, -10512751, 9975416, 6841041, -31559793, 16356536, + 3070187, -7025928, 1466169, 10740210}, + {-1509399, -15488185, -13503385, -10655916, 32799044, 909394, + -13938903, -5779719, -32164649, -15327040}, + }, + { + {3960823, -14267803, -28026090, -15918051, -19404858, 13146868, + 15567327, 951507, -3260321, -573935}, + {24740841, 5052253, -30094131, 8961361, 25877428, 6165135, + -24368180, 14397372, -7380369, -6144105}, + {-28888365, 3510803, -28103278, -1158478, -11238128, -10631454, + -15441463, -14453128, -1625486, -6494814}, + }, + }, + { + { + {793299, -9230478, 8836302, -6235707, -27360908, -2369593, 33152843, + -4885251, -9906200, -621852}, + {5666233, 525582, 20782575, -8038419, -24538499, 14657740, 16099374, + 1468826, -6171428, -15186581}, + {-4859255, -3779343, -2917758, -6748019, 7778750, 11688288, + -30404353, -9871238, -1558923, -9863646}, + }, + { + {10896332, -7719704, 824275, 472601, -19460308, 3009587, 25248958, + 14783338, -30581476, -15757844}, + {10566929, 12612572, -31944212, 11118703, -12633376, 12362879, + 21752402, 8822496, 24003793, 14264025}, + {27713862, -7355973, -11008240, 9227530, 27050101, 2504721, + 23886875, -13117525, 13958495, -5732453}, + }, + { + {-23481610, 4867226, -27247128, 3900521, 29838369, -8212291, + -31889399, -10041781, 7340521, -15410068}, + {4646514, -8011124, -22766023, -11532654, 23184553, 8566613, + 31366726, -1381061, -15066784, -10375192}, + {-17270517, 12723032, -16993061, 14878794, 21619651, -6197576, + 27584817, 3093888, -8843694, 3849921}, + }, + { + {-9064912, 2103172, 25561640, -15125738, -5239824, 9582958, + 32477045, -9017955, 5002294, -15550259}, + {-12057553, -11177906, 21115585, -13365155, 8808712, -12030708, + 16489530, 13378448, -25845716, 12741426}, + {-5946367, 10645103, -30911586, 15390284, -3286982, -7118677, + 24306472, 15852464, 28834118, -7646072}, + }, + { + {-17335748, -9107057, -24531279, 9434953, -8472084, -583362, + -13090771, 455841, 20461858, 5491305}, + {13669248, -16095482, -12481974, -10203039, -14569770, -11893198, + -24995986, 11293807, -28588204, -9421832}, + {28497928, 6272777, -33022994, 14470570, 8906179, -1225630, + 18504674, -14165166, 29867745, -8795943}, + }, + { + {-16207023, 13517196, -27799630, -13697798, 24009064, -6373891, + -6367600, -13175392, 22853429, -4012011}, + {24191378, 16712145, -13931797, 15217831, 14542237, 1646131, + 18603514, -11037887, 12876623, -2112447}, + {17902668, 4518229, -411702, -2829247, 26878217, 5258055, -12860753, + 608397, 16031844, 3723494}, + }, + { + {-28632773, 12763728, -20446446, 7577504, 33001348, -13017745, + 17558842, -7872890, 23896954, -4314245}, + {-20005381, -12011952, 31520464, 605201, 2543521, 5991821, -2945064, + 7229064, -9919646, -8826859}, + {28816045, 298879, -28165016, -15920938, 19000928, -1665890, + -12680833, -2949325, -18051778, -2082915}, + }, + { + {16000882, -344896, 3493092, -11447198, -29504595, -13159789, + 12577740, 16041268, -19715240, 7847707}, + {10151868, 10572098, 27312476, 7922682, 14825339, 4723128, + -32855931, -6519018, -10020567, 3852848}, + {-11430470, 15697596, -21121557, -4420647, 5386314, 15063598, + 16514493, -15932110, 29330899, -15076224}, + }, + }, + { + { + {-25499735, -4378794, -15222908, -6901211, 16615731, 2051784, + 3303702, 15490, -27548796, 12314391}, + {15683520, -6003043, 18109120, -9980648, 15337968, -5997823, + -16717435, 15921866, 16103996, -3731215}, + {-23169824, -10781249, 13588192, -1628807, -3798557, -1074929, + -19273607, 5402699, -29815713, -9841101}, + }, + { + {23190676, 2384583, -32714340, 3462154, -29903655, -1529132, + -11266856, 8911517, -25205859, 2739713}, + {21374101, -3554250, -33524649, 9874411, 15377179, 11831242, + -33529904, 6134907, 4931255, 11987849}, + {-7732, -2978858, -16223486, 7277597, 105524, -322051, -31480539, + 13861388, -30076310, 10117930}, + }, + { + {-29501170, -10744872, -26163768, 13051539, -25625564, 5089643, + -6325503, 6704079, 12890019, 15728940}, + {-21972360, -11771379, -951059, -4418840, 14704840, 2695116, 903376, + -10428139, 12885167, 8311031}, + {-17516482, 5352194, 10384213, -13811658, 7506451, 13453191, + 26423267, 4384730, 1888765, -5435404}, + }, + { + {-25817338, -3107312, -13494599, -3182506, 30896459, -13921729, + -32251644, -12707869, -19464434, -3340243}, + {-23607977, -2665774, -526091, 4651136, 5765089, 4618330, 6092245, + 14845197, 17151279, -9854116}, + {-24830458, -12733720, -15165978, 10367250, -29530908, -265356, + 22825805, -7087279, -16866484, 16176525}, + }, + { + {-23583256, 6564961, 20063689, 3798228, -4740178, 7359225, 2006182, + -10363426, -28746253, -10197509}, + {-10626600, -4486402, -13320562, -5125317, 3432136, -6393229, + 23632037, -1940610, 32808310, 1099883}, + {15030977, 5768825, -27451236, -2887299, -6427378, -15361371, + -15277896, -6809350, 2051441, -15225865}, + }, + { + {-3362323, -7239372, 7517890, 9824992, 23555850, 295369, 5148398, + -14154188, -22686354, 16633660}, + {4577086, -16752288, 13249841, -15304328, 19958763, -14537274, + 18559670, -10759549, 8402478, -9864273}, + {-28406330, -1051581, -26790155, -907698, -17212414, -11030789, + 9453451, -14980072, 17983010, 9967138}, + }, + { + {-25762494, 6524722, 26585488, 9969270, 24709298, 1220360, -1677990, + 7806337, 17507396, 3651560}, + {-10420457, -4118111, 14584639, 15971087, -15768321, 8861010, + 26556809, -5574557, -18553322, -11357135}, + {2839101, 14284142, 4029895, 3472686, 14402957, 12689363, -26642121, + 8459447, -5605463, -7621941}, + }, + { + {-4839289, -3535444, 9744961, 2871048, 25113978, 3187018, -25110813, + -849066, 17258084, -7977739}, + {18164541, -10595176, -17154882, -1542417, 19237078, -9745295, + 23357533, -15217008, 26908270, 12150756}, + {-30264870, -7647865, 5112249, -7036672, -1499807, -6974257, 43168, + -5537701, -32302074, 16215819}, + }, + }, + { + { + {-6898905, 9824394, -12304779, -4401089, -31397141, -6276835, + 32574489, 12532905, -7503072, -8675347}, + {-27343522, -16515468, -27151524, -10722951, 946346, 16291093, + 254968, 7168080, 21676107, -1943028}, + {21260961, -8424752, -16831886, -11920822, -23677961, 3968121, + -3651949, -6215466, -3556191, -7913075}, + }, + { + {16544754, 13250366, -16804428, 15546242, -4583003, 12757258, + -2462308, -8680336, -18907032, -9662799}, + {-2415239, -15577728, 18312303, 4964443, -15272530, -12653564, + 26820651, 16690659, 25459437, -4564609}, + {-25144690, 11425020, 28423002, -11020557, -6144921, -15826224, + 9142795, -2391602, -6432418, -1644817}, + }, + { + {-23104652, 6253476, 16964147, -3768872, -25113972, -12296437, + -27457225, -16344658, 6335692, 7249989}, + {-30333227, 13979675, 7503222, -12368314, -11956721, -4621693, + -30272269, 2682242, 25993170, -12478523}, + {4364628, 5930691, 32304656, -10044554, -8054781, 15091131, + 22857016, -10598955, 31820368, 15075278}, + }, + { + {31879134, -8918693, 17258761, 90626, -8041836, -4917709, 24162788, + -9650886, -17970238, 12833045}, + {19073683, 14851414, -24403169, -11860168, 7625278, 11091125, + -19619190, 2074449, -9413939, 14905377}, + {24483667, -11935567, -2518866, -11547418, -1553130, 15355506, + -25282080, 9253129, 27628530, -7555480}, + }, + { + {17597607, 8340603, 19355617, 552187, 26198470, -3176583, 4593324, + -9157582, -14110875, 15297016}, + {510886, 14337390, -31785257, 16638632, 6328095, 2713355, -20217417, + -11864220, 8683221, 2921426}, + {18606791, 11874196, 27155355, -5281482, -24031742, 6265446, + -25178240, -1278924, 4674690, 13890525}, + }, + { + {13609624, 13069022, -27372361, -13055908, 24360586, 9592974, + 14977157, 9835105, 4389687, 288396}, + {9922506, -519394, 13613107, 5883594, -18758345, -434263, -12304062, + 8317628, 23388070, 16052080}, + {12720016, 11937594, -31970060, -5028689, 26900120, 8561328, + -20155687, -11632979, -14754271, -10812892}, + }, + { + {15961858, 14150409, 26716931, -665832, -22794328, 13603569, + 11829573, 7467844, -28822128, 929275}, + {11038231, -11582396, -27310482, -7316562, -10498527, -16307831, + -23479533, -9371869, -21393143, 2465074}, + {20017163, -4323226, 27915242, 1529148, 12396362, 15675764, + 13817261, -9658066, 2463391, -4622140}, + }, + { + {-16358878, -12663911, -12065183, 4996454, -1256422, 1073572, + 9583558, 12851107, 4003896, 12673717}, + {-1731589, -15155870, -3262930, 16143082, 19294135, 13385325, + 14741514, -9103726, 7903886, 2348101}, + {24536016, -16515207, 12715592, -3862155, 1511293, 10047386, + -3842346, -7129159, -28377538, 10048127}, + }, + }, + { + { + {-12622226, -6204820, 30718825, 2591312, -10617028, 12192840, + 18873298, -7297090, -32297756, 15221632}, + {-26478122, -11103864, 11546244, -1852483, 9180880, 7656409, + -21343950, 2095755, 29769758, 6593415}, + {-31994208, -2907461, 4176912, 3264766, 12538965, -868111, 26312345, + -6118678, 30958054, 8292160}, + }, + { + {31429822, -13959116, 29173532, 15632448, 12174511, -2760094, + 32808831, 3977186, 26143136, -3148876}, + {22648901, 1402143, -22799984, 13746059, 7936347, 365344, -8668633, + -1674433, -3758243, -2304625}, + {-15491917, 8012313, -2514730, -12702462, -23965846, -10254029, + -1612713, -1535569, -16664475, 8194478}, + }, + { + {27338066, -7507420, -7414224, 10140405, -19026427, -6589889, + 27277191, 8855376, 28572286, 3005164}, + {26287124, 4821776, 25476601, -4145903, -3764513, -15788984, + -18008582, 1182479, -26094821, -13079595}, + {-7171154, 3178080, 23970071, 6201893, -17195577, -4489192, + -21876275, -13982627, 32208683, -1198248}, + }, + { + {-16657702, 2817643, -10286362, 14811298, 6024667, 13349505, + -27315504, -10497842, -27672585, -11539858}, + {15941029, -9405932, -21367050, 8062055, 31876073, -238629, + -15278393, -1444429, 15397331, -4130193}, + {8934485, -13485467, -23286397, -13423241, -32446090, 14047986, + 31170398, -1441021, -27505566, 15087184}, + }, + { + {-18357243, -2156491, 24524913, -16677868, 15520427, -6360776, + -15502406, 11461896, 16788528, -5868942}, + {-1947386, 16013773, 21750665, 3714552, -17401782, -16055433, + -3770287, -10323320, 31322514, -11615635}, + {21426655, -5650218, -13648287, -5347537, -28812189, -4920970, + -18275391, -14621414, 13040862, -12112948}, + }, + { + {11293895, 12478086, -27136401, 15083750, -29307421, 14748872, + 14555558, -13417103, 1613711, 4896935}, + {-25894883, 15323294, -8489791, -8057900, 25967126, -13425460, + 2825960, -4897045, -23971776, -11267415}, + {-15924766, -5229880, -17443532, 6410664, 3622847, 10243618, + 20615400, 12405433, -23753030, -8436416}, + }, + { + {-7091295, 12556208, -20191352, 9025187, -17072479, 4333801, + 4378436, 2432030, 23097949, -566018}, + {4565804, -16025654, 20084412, -7842817, 1724999, 189254, 24767264, + 10103221, -18512313, 2424778}, + {366633, -11976806, 8173090, -6890119, 30788634, 5745705, -7168678, + 1344109, -3642553, 12412659}, + }, + { + {-24001791, 7690286, 14929416, -168257, -32210835, -13412986, + 24162697, -15326504, -3141501, 11179385}, + {18289522, -14724954, 8056945, 16430056, -21729724, 7842514, + -6001441, -1486897, -18684645, -11443503}, + {476239, 6601091, -6152790, -9723375, 17503545, -4863900, 27672959, + 13403813, 11052904, 5219329}, + }, + }, + { + { + {20678546, -8375738, -32671898, 8849123, -5009758, 14574752, + 31186971, -3973730, 9014762, -8579056}, + {-13644050, -10350239, -15962508, 5075808, -1514661, -11534600, + -33102500, 9160280, 8473550, -3256838}, + {24900749, 14435722, 17209120, -15292541, -22592275, 9878983, + -7689309, -16335821, -24568481, 11788948}, + }, + { + {-3118155, -11395194, -13802089, 14797441, 9652448, -6845904, + -20037437, 10410733, -24568470, -1458691}, + {-15659161, 16736706, -22467150, 10215878, -9097177, 7563911, + 11871841, -12505194, -18513325, 8464118}, + {-23400612, 8348507, -14585951, -861714, -3950205, -6373419, + 14325289, 8628612, 33313881, -8370517}, + }, + { + {-20186973, -4967935, 22367356, 5271547, -1097117, -4788838, + -24805667, -10236854, -8940735, -5818269}, + {-6948785, -1795212, -32625683, -16021179, 32635414, -7374245, + 15989197, -12838188, 28358192, -4253904}, + {-23561781, -2799059, -32351682, -1661963, -9147719, 10429267, + -16637684, 4072016, -5351664, 5596589}, + }, + { + {-28236598, -3390048, 12312896, 6213178, 3117142, 16078565, + 29266239, 2557221, 1768301, 15373193}, + {-7243358, -3246960, -4593467, -7553353, -127927, -912245, -1090902, + -4504991, -24660491, 3442910}, + {-30210571, 5124043, 14181784, 8197961, 18964734, -11939093, + 22597931, 7176455, -18585478, 13365930}, + }, + { + {-7877390, -1499958, 8324673, 4690079, 6261860, 890446, 24538107, + -8570186, -9689599, -3031667}, + {25008904, -10771599, -4305031, -9638010, 16265036, 15721635, + 683793, -11823784, 15723479, -15163481}, + {-9660625, 12374379, -27006999, -7026148, -7724114, -12314514, + 11879682, 5400171, 519526, -1235876}, + }, + { + {22258397, -16332233, -7869817, 14613016, -22520255, -2950923, + -20353881, 7315967, 16648397, 7605640}, + {-8081308, -8464597, -8223311, 9719710, 19259459, -15348212, + 23994942, -5281555, -9468848, 4763278}, + {-21699244, 9220969, -15730624, 1084137, -25476107, -2852390, + 31088447, -7764523, -11356529, 728112}, + }, + { + {26047220, -11751471, -6900323, -16521798, 24092068, 9158119, + -4273545, -12555558, -29365436, -5498272}, + {17510331, -322857, 5854289, 8403524, 17133918, -3112612, -28111007, + 12327945, 10750447, 10014012}, + {-10312768, 3936952, 9156313, -8897683, 16498692, -994647, + -27481051, -666732, 3424691, 7540221}, + }, + { + {30322361, -6964110, 11361005, -4143317, 7433304, 4989748, -7071422, + -16317219, -9244265, 15258046}, + {13054562, -2779497, 19155474, 469045, -12482797, 4566042, 5631406, + 2711395, 1062915, -5136345}, + {-19240248, -11254599, -29509029, -7499965, -5835763, 13005411, + -6066489, 12194497, 32960380, 1459310}, + }, + }, + { + { + {19852034, 7027924, 23669353, 10020366, 8586503, -6657907, 394197, + -6101885, 18638003, -11174937}, + {31395534, 15098109, 26581030, 8030562, -16527914, -5007134, + 9012486, -7584354, -6643087, -5442636}, + {-9192165, -2347377, -1997099, 4529534, 25766844, 607986, -13222, + 9677543, -32294889, -6456008}, + }, + { + {-2444496, -149937, 29348902, 8186665, 1873760, 12489863, -30934579, + -7839692, -7852844, -8138429}, + {-15236356, -15433509, 7766470, 746860, 26346930, -10221762, + -27333451, 10754588, -9431476, 5203576}, + {31834314, 14135496, -770007, 5159118, 20917671, -16768096, + -7467973, -7337524, 31809243, 7347066}, + }, + { + {-9606723, -11874240, 20414459, 13033986, 13716524, -11691881, + 19797970, -12211255, 15192876, -2087490}, + {-12663563, -2181719, 1168162, -3804809, 26747877, -14138091, + 10609330, 12694420, 33473243, -13382104}, + {33184999, 11180355, 15832085, -11385430, -1633671, 225884, + 15089336, -11023903, -6135662, 14480053}, + }, + { + {31308717, -5619998, 31030840, -1897099, 15674547, -6582883, + 5496208, 13685227, 27595050, 8737275}, + {-20318852, -15150239, 10933843, -16178022, 8335352, -7546022, + -31008351, -12610604, 26498114, 66511}, + {22644454, -8761729, -16671776, 4884562, -3105614, -13559366, + 30540766, -4286747, -13327787, -7515095}, + }, + { + {-28017847, 9834845, 18617207, -2681312, -3401956, -13307506, + 8205540, 13585437, -17127465, 15115439}, + {23711543, -672915, 31206561, -8362711, 6164647, -9709987, + -33535882, -1426096, 8236921, 16492939}, + {-23910559, -13515526, -26299483, -4503841, 25005590, -7687270, + 19574902, 10071562, 6708380, -6222424}, + }, + { + {2101391, -4930054, 19702731, 2367575, -15427167, 1047675, 5301017, + 9328700, 29955601, -11678310}, + {3096359, 9271816, -21620864, -15521844, -14847996, -7592937, + -25892142, -12635595, -9917575, 6216608}, + {-32615849, 338663, -25195611, 2510422, -29213566, -13820213, + 24822830, -6146567, -26767480, 7525079}, + }, + { + {-23066649, -13985623, 16133487, -7896178, -3389565, 778788, + -910336, -2782495, -19386633, 11994101}, + {21691500, -13624626, -641331, -14367021, 3285881, -3483596, + -25064666, 9718258, -7477437, 13381418}, + {18445390, -4202236, 14979846, 11622458, -1727110, -3582980, + 23111648, -6375247, 28535282, 15779576}, + }, + { + {30098053, 3089662, -9234387, 16662135, -21306940, 11308411, + -14068454, 12021730, 9955285, -16303356}, + {9734894, -14576830, -7473633, -9138735, 2060392, 11313496, + -18426029, 9924399, 20194861, 13380996}, + {-26378102, -7965207, -22167821, 15789297, -18055342, -6168792, + -1984914, 15707771, 26342023, 10146099}, + }, + }, + { + { + {-26016874, -219943, 21339191, -41388, 19745256, -2878700, + -29637280, 2227040, 21612326, -545728}, + {-13077387, 1184228, 23562814, -5970442, -20351244, -6348714, + 25764461, 12243797, -20856566, 11649658}, + {-10031494, 11262626, 27384172, 2271902, 26947504, -15997771, 39944, + 6114064, 33514190, 2333242}, + }, + { + {-21433588, -12421821, 8119782, 7219913, -21830522, -9016134, + -6679750, -12670638, 24350578, -13450001}, + {-4116307, -11271533, -23886186, 4843615, -30088339, 690623, + -31536088, -10406836, 8317860, 12352766}, + {18200138, -14475911, -33087759, -2696619, -23702521, -9102511, + -23552096, -2287550, 20712163, 6719373}, + }, + { + {26656208, 6075253, -7858556, 1886072, -28344043, 4262326, 11117530, + -3763210, 26224235, -3297458}, + {-17168938, -14854097, -3395676, -16369877, -19954045, 14050420, + 21728352, 9493610, 18620611, -16428628}, + {-13323321, 13325349, 11432106, 5964811, 18609221, 6062965, + -5269471, -9725556, -30701573, -16479657}, + }, + { + {-23860538, -11233159, 26961357, 1640861, -32413112, -16737940, + 12248509, -5240639, 13735342, 1934062}, + {25089769, 6742589, 17081145, -13406266, 21909293, -16067981, + -15136294, -3765346, -21277997, 5473616}, + {31883677, -7961101, 1083432, -11572403, 22828471, 13290673, + -7125085, 12469656, 29111212, -5451014}, + }, + { + {24244947, -15050407, -26262976, 2791540, -14997599, 16666678, + 24367466, 6388839, -10295587, 452383}, + {-25640782, -3417841, 5217916, 16224624, 19987036, -4082269, + -24236251, -5915248, 15766062, 8407814}, + {-20406999, 13990231, 15495425, 16395525, 5377168, 15166495, + -8917023, -4388953, -8067909, 2276718}, + }, + { + {30157918, 12924066, -17712050, 9245753, 19895028, 3368142, + -23827587, 5096219, 22740376, -7303417}, + {2041139, -14256350, 7783687, 13876377, -25946985, -13352459, + 24051124, 13742383, -15637599, 13295222}, + {33338237, -8505733, 12532113, 7977527, 9106186, -1715251, + -17720195, -4612972, -4451357, -14669444}, + }, + { + {-20045281, 5454097, -14346548, 6447146, 28862071, 1883651, + -2469266, -4141880, 7770569, 9620597}, + {23208068, 7979712, 33071466, 8149229, 1758231, -10834995, 30945528, + -1694323, -33502340, -14767970}, + {1439958, -16270480, -1079989, -793782, 4625402, 10647766, -5043801, + 1220118, 30494170, -11440799}, + }, + { + {-5037580, -13028295, -2970559, -3061767, 15640974, -6701666, + -26739026, 926050, -1684339, -13333647}, + {13908495, -3549272, 30919928, -6273825, -21521863, 7989039, + 9021034, 9078865, 3353509, 4033511}, + {-29663431, -15113610, 32259991, -344482, 24295849, -12912123, + 23161163, 8839127, 27485041, 7356032}, + }, + }, + { + { + {9661027, 705443, 11980065, -5370154, -1628543, 14661173, -6346142, + 2625015, 28431036, -16771834}, + {-23839233, -8311415, -25945511, 7480958, -17681669, -8354183, + -22545972, 14150565, 15970762, 4099461}, + {29262576, 16756590, 26350592, -8793563, 8529671, -11208050, + 13617293, -9937143, 11465739, 8317062}, + }, + { + {-25493081, -6962928, 32500200, -9419051, -23038724, -2302222, + 14898637, 3848455, 20969334, -5157516}, + {-20384450, -14347713, -18336405, 13884722, -33039454, 2842114, + -21610826, -3649888, 11177095, 14989547}, + {-24496721, -11716016, 16959896, 2278463, 12066309, 10137771, + 13515641, 2581286, -28487508, 9930240}, + }, + { + {-17751622, -2097826, 16544300, -13009300, -15914807, -14949081, + 18345767, -13403753, 16291481, -5314038}, + {-33229194, 2553288, 32678213, 9875984, 8534129, 6889387, -9676774, + 6957617, 4368891, 9788741}, + {16660756, 7281060, -10830758, 12911820, 20108584, -8101676, + -21722536, -8613148, 16250552, -11111103}, + }, + { + {-19765507, 2390526, -16551031, 14161980, 1905286, 6414907, 4689584, + 10604807, -30190403, 4782747}, + {-1354539, 14736941, -7367442, -13292886, 7710542, -14155590, + -9981571, 4383045, 22546403, 437323}, + {31665577, -12180464, -16186830, 1491339, -18368625, 3294682, + 27343084, 2786261, -30633590, -14097016}, + }, + { + {-14467279, -683715, -33374107, 7448552, 19294360, 14334329, + -19690631, 2355319, -19284671, -6114373}, + {15121312, -15796162, 6377020, -6031361, -10798111, -12957845, + 18952177, 15496498, -29380133, 11754228}, + {-2637277, -13483075, 8488727, -14303896, 12728761, -1622493, + 7141596, 11724556, 22761615, -10134141}, + }, + { + {16918416, 11729663, -18083579, 3022987, -31015732, -13339659, + -28741185, -12227393, 32851222, 11717399}, + {11166634, 7338049, -6722523, 4531520, -29468672, -7302055, + 31474879, 3483633, -1193175, -4030831}, + {-185635, 9921305, 31456609, -13536438, -12013818, 13348923, + 33142652, 6546660, -19985279, -3948376}, + }, + { + {-32460596, 11266712, -11197107, -7899103, 31703694, 3855903, + -8537131, -12833048, -30772034, -15486313}, + {-18006477, 12709068, 3991746, -6479188, -21491523, -10550425, + -31135347, -16049879, 10928917, 3011958}, + {-6957757, -15594337, 31696059, 334240, 29576716, 14796075, + -30831056, -12805180, 18008031, 10258577}, + }, + { + {-22448644, 15655569, 7018479, -4410003, -30314266, -1201591, + -1853465, 1367120, 25127874, 6671743}, + {29701166, -14373934, -10878120, 9279288, -17568, 13127210, + 21382910, 11042292, 25838796, 4642684}, + {-20430234, 14955537, -24126347, 8124619, -5369288, -5990470, + 30468147, -13900640, 18423289, 4177476}, + }, + }, +}; + +static uint8_t negative(signed char b) { + uint32_t x = b; + x >>= 31; /* 1: yes; 0: no */ + return x; +} + +static void table_select(ge_precomp *t, int pos, signed char b) { + ge_precomp minust; + uint8_t bnegative = negative(b); + uint8_t babs = b - ((uint8_t)((-bnegative) & b) << 1); + + ge_precomp_0(t); + cmov(t, &k25519Precomp[pos][0], equal(babs, 1)); + cmov(t, &k25519Precomp[pos][1], equal(babs, 2)); + cmov(t, &k25519Precomp[pos][2], equal(babs, 3)); + cmov(t, &k25519Precomp[pos][3], equal(babs, 4)); + cmov(t, &k25519Precomp[pos][4], equal(babs, 5)); + cmov(t, &k25519Precomp[pos][5], equal(babs, 6)); + cmov(t, &k25519Precomp[pos][6], equal(babs, 7)); + cmov(t, &k25519Precomp[pos][7], equal(babs, 8)); + fe_copy(minust.yplusx, t->yminusx); + fe_copy(minust.yminusx, t->yplusx); + fe_neg(minust.xy2d, t->xy2d); + cmov(t, &minust, bnegative); +} + +/* h = a * B + * where a = a[0]+256*a[1]+...+256^31 a[31] + * B is the Ed25519 base point (x,4/5) with x positive. + * + * Preconditions: + * a[31] <= 127 */ +void x25519_ge_scalarmult_base(ge_p3 *h, const uint8_t *a) { + signed char e[64]; + signed char carry; + ge_p1p1 r; + ge_p2 s; + ge_precomp t; + int i; + + for (i = 0; i < 32; ++i) { + e[2 * i + 0] = (a[i] >> 0) & 15; + e[2 * i + 1] = (a[i] >> 4) & 15; + } + /* each e[i] is between 0 and 15 */ + /* e[63] is between 0 and 7 */ + + carry = 0; + for (i = 0; i < 63; ++i) { + e[i] += carry; + carry = e[i] + 8; + carry >>= 4; + e[i] -= carry << 4; + } + e[63] += carry; + /* each e[i] is between -8 and 8 */ + + ge_p3_0(h); + for (i = 1; i < 64; i += 2) { + table_select(&t, i / 2, e[i]); + ge_madd(&r, h, &t); + x25519_ge_p1p1_to_p3(h, &r); + } + + ge_p3_dbl(&r, h); + x25519_ge_p1p1_to_p2(&s, &r); + ge_p2_dbl(&r, &s); + x25519_ge_p1p1_to_p2(&s, &r); + ge_p2_dbl(&r, &s); + x25519_ge_p1p1_to_p2(&s, &r); + ge_p2_dbl(&r, &s); + x25519_ge_p1p1_to_p3(h, &r); + + for (i = 0; i < 64; i += 2) { + table_select(&t, i / 2, e[i]); + ge_madd(&r, h, &t); + x25519_ge_p1p1_to_p3(h, &r); + } +} + +#endif + +static void cmov_cached(ge_cached *t, ge_cached *u, uint8_t b) { + fe_cmov(t->YplusX, u->YplusX, b); + fe_cmov(t->YminusX, u->YminusX, b); + fe_cmov(t->Z, u->Z, b); + fe_cmov(t->T2d, u->T2d, b); +} + +/* r = scalar * A. + * where a = a[0]+256*a[1]+...+256^31 a[31]. */ +void x25519_ge_scalarmult(ge_p2 *r, const uint8_t *scalar, const ge_p3 *A) { + ge_p2 Ai_p2[8]; + ge_cached Ai[16]; + ge_p1p1 t; + + ge_cached_0(&Ai[0]); + x25519_ge_p3_to_cached(&Ai[1], A); + ge_p3_to_p2(&Ai_p2[1], A); + + unsigned i; + for (i = 2; i < 16; i += 2) { + ge_p2_dbl(&t, &Ai_p2[i / 2]); + ge_p1p1_to_cached(&Ai[i], &t); + if (i < 8) { + x25519_ge_p1p1_to_p2(&Ai_p2[i], &t); + } + x25519_ge_add(&t, A, &Ai[i]); + ge_p1p1_to_cached(&Ai[i + 1], &t); + if (i < 7) { + x25519_ge_p1p1_to_p2(&Ai_p2[i + 1], &t); + } + } + + ge_p2_0(r); + ge_p3 u; + + for (i = 0; i < 256; i += 4) { + ge_p2_dbl(&t, r); + x25519_ge_p1p1_to_p2(r, &t); + ge_p2_dbl(&t, r); + x25519_ge_p1p1_to_p2(r, &t); + ge_p2_dbl(&t, r); + x25519_ge_p1p1_to_p2(r, &t); + ge_p2_dbl(&t, r); + x25519_ge_p1p1_to_p3(&u, &t); + + uint8_t index = scalar[31 - i/8]; + index >>= 4 - (i & 4); + index &= 0xf; + + unsigned j; + ge_cached selected; + ge_cached_0(&selected); + for (j = 0; j < 16; j++) { + cmov_cached(&selected, &Ai[j], equal(j, index)); + } + + x25519_ge_add(&t, &u, &selected); + x25519_ge_p1p1_to_p2(r, &t); + } +} + +#ifdef ED25519 +static void slide(signed char *r, const uint8_t *a) { + int i; + int b; + int k; + + for (i = 0; i < 256; ++i) { + r[i] = 1 & (a[i >> 3] >> (i & 7)); + } + + for (i = 0; i < 256; ++i) { + if (r[i]) { + for (b = 1; b <= 6 && i + b < 256; ++b) { + if (r[i + b]) { + if (r[i] + (r[i + b] << b) <= 15) { + r[i] += r[i + b] << b; + r[i + b] = 0; + } else if (r[i] - (r[i + b] << b) >= -15) { + r[i] -= r[i + b] << b; + for (k = i + b; k < 256; ++k) { + if (!r[k]) { + r[k] = 1; + break; + } + r[k] = 0; + } + } else { + break; + } + } + } + } + } +} + +static const ge_precomp Bi[8] = { + { + {25967493, -14356035, 29566456, 3660896, -12694345, 4014787, 27544626, + -11754271, -6079156, 2047605}, + {-12545711, 934262, -2722910, 3049990, -727428, 9406986, 12720692, + 5043384, 19500929, -15469378}, + {-8738181, 4489570, 9688441, -14785194, 10184609, -12363380, 29287919, + 11864899, -24514362, -4438546}, + }, + { + {15636291, -9688557, 24204773, -7912398, 616977, -16685262, 27787600, + -14772189, 28944400, -1550024}, + {16568933, 4717097, -11556148, -1102322, 15682896, -11807043, 16354577, + -11775962, 7689662, 11199574}, + {30464156, -5976125, -11779434, -15670865, 23220365, 15915852, 7512774, + 10017326, -17749093, -9920357}, + }, + { + {10861363, 11473154, 27284546, 1981175, -30064349, 12577861, 32867885, + 14515107, -15438304, 10819380}, + {4708026, 6336745, 20377586, 9066809, -11272109, 6594696, -25653668, + 12483688, -12668491, 5581306}, + {19563160, 16186464, -29386857, 4097519, 10237984, -4348115, 28542350, + 13850243, -23678021, -15815942}, + }, + { + {5153746, 9909285, 1723747, -2777874, 30523605, 5516873, 19480852, + 5230134, -23952439, -15175766}, + {-30269007, -3463509, 7665486, 10083793, 28475525, 1649722, 20654025, + 16520125, 30598449, 7715701}, + {28881845, 14381568, 9657904, 3680757, -20181635, 7843316, -31400660, + 1370708, 29794553, -1409300}, + }, + { + {-22518993, -6692182, 14201702, -8745502, -23510406, 8844726, 18474211, + -1361450, -13062696, 13821877}, + {-6455177, -7839871, 3374702, -4740862, -27098617, -10571707, 31655028, + -7212327, 18853322, -14220951}, + {4566830, -12963868, -28974889, -12240689, -7602672, -2830569, -8514358, + -10431137, 2207753, -3209784}, + }, + { + {-25154831, -4185821, 29681144, 7868801, -6854661, -9423865, -12437364, + -663000, -31111463, -16132436}, + {25576264, -2703214, 7349804, -11814844, 16472782, 9300885, 3844789, + 15725684, 171356, 6466918}, + {23103977, 13316479, 9739013, -16149481, 817875, -15038942, 8965339, + -14088058, -30714912, 16193877}, + }, + { + {-33521811, 3180713, -2394130, 14003687, -16903474, -16270840, 17238398, + 4729455, -18074513, 9256800}, + {-25182317, -4174131, 32336398, 5036987, -21236817, 11360617, 22616405, + 9761698, -19827198, 630305}, + {-13720693, 2639453, -24237460, -7406481, 9494427, -5774029, -6554551, + -15960994, -2449256, -14291300}, + }, + { + {-3151181, -5046075, 9282714, 6866145, -31907062, -863023, -18940575, + 15033784, 25105118, -7894876}, + {-24326370, 15950226, -31801215, -14592823, -11662737, -5090925, + 1573892, -2625887, 2198790, -15804619}, + {-3099351, 10324967, -2241613, 7453183, -5446979, -2735503, -13812022, + -16236442, -32461234, -12290683}, + }, +}; + +/* r = a * A + b * B + * where a = a[0]+256*a[1]+...+256^31 a[31]. + * and b = b[0]+256*b[1]+...+256^31 b[31]. + * B is the Ed25519 base point (x,4/5) with x positive. */ +static void +ge_double_scalarmult_vartime(ge_p2 *r, const uint8_t *a, + const ge_p3 *A, const uint8_t *b) { + signed char aslide[256]; + signed char bslide[256]; + ge_cached Ai[8]; /* A,3A,5A,7A,9A,11A,13A,15A */ + ge_p1p1 t; + ge_p3 u; + ge_p3 A2; + int i; + + slide(aslide, a); + slide(bslide, b); + + x25519_ge_p3_to_cached(&Ai[0], A); + ge_p3_dbl(&t, A); + x25519_ge_p1p1_to_p3(&A2, &t); + x25519_ge_add(&t, &A2, &Ai[0]); + x25519_ge_p1p1_to_p3(&u, &t); + x25519_ge_p3_to_cached(&Ai[1], &u); + x25519_ge_add(&t, &A2, &Ai[1]); + x25519_ge_p1p1_to_p3(&u, &t); + x25519_ge_p3_to_cached(&Ai[2], &u); + x25519_ge_add(&t, &A2, &Ai[2]); + x25519_ge_p1p1_to_p3(&u, &t); + x25519_ge_p3_to_cached(&Ai[3], &u); + x25519_ge_add(&t, &A2, &Ai[3]); + x25519_ge_p1p1_to_p3(&u, &t); + x25519_ge_p3_to_cached(&Ai[4], &u); + x25519_ge_add(&t, &A2, &Ai[4]); + x25519_ge_p1p1_to_p3(&u, &t); + x25519_ge_p3_to_cached(&Ai[5], &u); + x25519_ge_add(&t, &A2, &Ai[5]); + x25519_ge_p1p1_to_p3(&u, &t); + x25519_ge_p3_to_cached(&Ai[6], &u); + x25519_ge_add(&t, &A2, &Ai[6]); + x25519_ge_p1p1_to_p3(&u, &t); + x25519_ge_p3_to_cached(&Ai[7], &u); + + ge_p2_0(r); + + for (i = 255; i >= 0; --i) { + if (aslide[i] || bslide[i]) { + break; + } + } + + for (; i >= 0; --i) { + ge_p2_dbl(&t, r); + + if (aslide[i] > 0) { + x25519_ge_p1p1_to_p3(&u, &t); + x25519_ge_add(&t, &u, &Ai[aslide[i] / 2]); + } else if (aslide[i] < 0) { + x25519_ge_p1p1_to_p3(&u, &t); + x25519_ge_sub(&t, &u, &Ai[(-aslide[i]) / 2]); + } + + if (bslide[i] > 0) { + x25519_ge_p1p1_to_p3(&u, &t); + ge_madd(&t, &u, &Bi[bslide[i] / 2]); + } else if (bslide[i] < 0) { + x25519_ge_p1p1_to_p3(&u, &t); + ge_msub(&t, &u, &Bi[(-bslide[i]) / 2]); + } + + x25519_ge_p1p1_to_p2(r, &t); + } +} +#endif + +/* The set of scalars is \Z/l + * where l = 2^252 + 27742317777372353535851937790883648493. */ + +/* Input: + * s[0]+256*s[1]+...+256^63*s[63] = s + * + * Output: + * s[0]+256*s[1]+...+256^31*s[31] = s mod l + * where l = 2^252 + 27742317777372353535851937790883648493. + * Overwrites s in place. */ +void +x25519_sc_reduce(uint8_t *s) { + int64_t s0 = 2097151 & load_3(s); + int64_t s1 = 2097151 & (load_4(s + 2) >> 5); + int64_t s2 = 2097151 & (load_3(s + 5) >> 2); + int64_t s3 = 2097151 & (load_4(s + 7) >> 7); + int64_t s4 = 2097151 & (load_4(s + 10) >> 4); + int64_t s5 = 2097151 & (load_3(s + 13) >> 1); + int64_t s6 = 2097151 & (load_4(s + 15) >> 6); + int64_t s7 = 2097151 & (load_3(s + 18) >> 3); + int64_t s8 = 2097151 & load_3(s + 21); + int64_t s9 = 2097151 & (load_4(s + 23) >> 5); + int64_t s10 = 2097151 & (load_3(s + 26) >> 2); + int64_t s11 = 2097151 & (load_4(s + 28) >> 7); + int64_t s12 = 2097151 & (load_4(s + 31) >> 4); + int64_t s13 = 2097151 & (load_3(s + 34) >> 1); + int64_t s14 = 2097151 & (load_4(s + 36) >> 6); + int64_t s15 = 2097151 & (load_3(s + 39) >> 3); + int64_t s16 = 2097151 & load_3(s + 42); + int64_t s17 = 2097151 & (load_4(s + 44) >> 5); + int64_t s18 = 2097151 & (load_3(s + 47) >> 2); + int64_t s19 = 2097151 & (load_4(s + 49) >> 7); + int64_t s20 = 2097151 & (load_4(s + 52) >> 4); + int64_t s21 = 2097151 & (load_3(s + 55) >> 1); + int64_t s22 = 2097151 & (load_4(s + 57) >> 6); + int64_t s23 = (load_4(s + 60) >> 3); + int64_t carry0; + int64_t carry1; + int64_t carry2; + int64_t carry3; + int64_t carry4; + int64_t carry5; + int64_t carry6; + int64_t carry7; + int64_t carry8; + int64_t carry9; + int64_t carry10; + int64_t carry11; + int64_t carry12; + int64_t carry13; + int64_t carry14; + int64_t carry15; + int64_t carry16; + + s11 += s23 * 666643; + s12 += s23 * 470296; + s13 += s23 * 654183; + s14 -= s23 * 997805; + s15 += s23 * 136657; + s16 -= s23 * 683901; + s23 = 0; + + s10 += s22 * 666643; + s11 += s22 * 470296; + s12 += s22 * 654183; + s13 -= s22 * 997805; + s14 += s22 * 136657; + s15 -= s22 * 683901; + s22 = 0; + + s9 += s21 * 666643; + s10 += s21 * 470296; + s11 += s21 * 654183; + s12 -= s21 * 997805; + s13 += s21 * 136657; + s14 -= s21 * 683901; + s21 = 0; + + s8 += s20 * 666643; + s9 += s20 * 470296; + s10 += s20 * 654183; + s11 -= s20 * 997805; + s12 += s20 * 136657; + s13 -= s20 * 683901; + s20 = 0; + + s7 += s19 * 666643; + s8 += s19 * 470296; + s9 += s19 * 654183; + s10 -= s19 * 997805; + s11 += s19 * 136657; + s12 -= s19 * 683901; + s19 = 0; + + s6 += s18 * 666643; + s7 += s18 * 470296; + s8 += s18 * 654183; + s9 -= s18 * 997805; + s10 += s18 * 136657; + s11 -= s18 * 683901; + s18 = 0; + + carry6 = (s6 + (1 << 20)) >> 21; + s7 += carry6; + s6 -= carry6 << 21; + carry8 = (s8 + (1 << 20)) >> 21; + s9 += carry8; + s8 -= carry8 << 21; + carry10 = (s10 + (1 << 20)) >> 21; + s11 += carry10; + s10 -= carry10 << 21; + carry12 = (s12 + (1 << 20)) >> 21; + s13 += carry12; + s12 -= carry12 << 21; + carry14 = (s14 + (1 << 20)) >> 21; + s15 += carry14; + s14 -= carry14 << 21; + carry16 = (s16 + (1 << 20)) >> 21; + s17 += carry16; + s16 -= carry16 << 21; + + carry7 = (s7 + (1 << 20)) >> 21; + s8 += carry7; + s7 -= carry7 << 21; + carry9 = (s9 + (1 << 20)) >> 21; + s10 += carry9; + s9 -= carry9 << 21; + carry11 = (s11 + (1 << 20)) >> 21; + s12 += carry11; + s11 -= carry11 << 21; + carry13 = (s13 + (1 << 20)) >> 21; + s14 += carry13; + s13 -= carry13 << 21; + carry15 = (s15 + (1 << 20)) >> 21; + s16 += carry15; + s15 -= carry15 << 21; + + s5 += s17 * 666643; + s6 += s17 * 470296; + s7 += s17 * 654183; + s8 -= s17 * 997805; + s9 += s17 * 136657; + s10 -= s17 * 683901; + s17 = 0; + + s4 += s16 * 666643; + s5 += s16 * 470296; + s6 += s16 * 654183; + s7 -= s16 * 997805; + s8 += s16 * 136657; + s9 -= s16 * 683901; + s16 = 0; + + s3 += s15 * 666643; + s4 += s15 * 470296; + s5 += s15 * 654183; + s6 -= s15 * 997805; + s7 += s15 * 136657; + s8 -= s15 * 683901; + s15 = 0; + + s2 += s14 * 666643; + s3 += s14 * 470296; + s4 += s14 * 654183; + s5 -= s14 * 997805; + s6 += s14 * 136657; + s7 -= s14 * 683901; + s14 = 0; + + s1 += s13 * 666643; + s2 += s13 * 470296; + s3 += s13 * 654183; + s4 -= s13 * 997805; + s5 += s13 * 136657; + s6 -= s13 * 683901; + s13 = 0; + + s0 += s12 * 666643; + s1 += s12 * 470296; + s2 += s12 * 654183; + s3 -= s12 * 997805; + s4 += s12 * 136657; + s5 -= s12 * 683901; + s12 = 0; + + carry0 = (s0 + (1 << 20)) >> 21; + s1 += carry0; + s0 -= carry0 << 21; + carry2 = (s2 + (1 << 20)) >> 21; + s3 += carry2; + s2 -= carry2 << 21; + carry4 = (s4 + (1 << 20)) >> 21; + s5 += carry4; + s4 -= carry4 << 21; + carry6 = (s6 + (1 << 20)) >> 21; + s7 += carry6; + s6 -= carry6 << 21; + carry8 = (s8 + (1 << 20)) >> 21; + s9 += carry8; + s8 -= carry8 << 21; + carry10 = (s10 + (1 << 20)) >> 21; + s11 += carry10; + s10 -= carry10 << 21; + + carry1 = (s1 + (1 << 20)) >> 21; + s2 += carry1; + s1 -= carry1 << 21; + carry3 = (s3 + (1 << 20)) >> 21; + s4 += carry3; + s3 -= carry3 << 21; + carry5 = (s5 + (1 << 20)) >> 21; + s6 += carry5; + s5 -= carry5 << 21; + carry7 = (s7 + (1 << 20)) >> 21; + s8 += carry7; + s7 -= carry7 << 21; + carry9 = (s9 + (1 << 20)) >> 21; + s10 += carry9; + s9 -= carry9 << 21; + carry11 = (s11 + (1 << 20)) >> 21; + s12 += carry11; + s11 -= carry11 << 21; + + s0 += s12 * 666643; + s1 += s12 * 470296; + s2 += s12 * 654183; + s3 -= s12 * 997805; + s4 += s12 * 136657; + s5 -= s12 * 683901; + s12 = 0; + + carry0 = s0 >> 21; + s1 += carry0; + s0 -= carry0 << 21; + carry1 = s1 >> 21; + s2 += carry1; + s1 -= carry1 << 21; + carry2 = s2 >> 21; + s3 += carry2; + s2 -= carry2 << 21; + carry3 = s3 >> 21; + s4 += carry3; + s3 -= carry3 << 21; + carry4 = s4 >> 21; + s5 += carry4; + s4 -= carry4 << 21; + carry5 = s5 >> 21; + s6 += carry5; + s5 -= carry5 << 21; + carry6 = s6 >> 21; + s7 += carry6; + s6 -= carry6 << 21; + carry7 = s7 >> 21; + s8 += carry7; + s7 -= carry7 << 21; + carry8 = s8 >> 21; + s9 += carry8; + s8 -= carry8 << 21; + carry9 = s9 >> 21; + s10 += carry9; + s9 -= carry9 << 21; + carry10 = s10 >> 21; + s11 += carry10; + s10 -= carry10 << 21; + carry11 = s11 >> 21; + s12 += carry11; + s11 -= carry11 << 21; + + s0 += s12 * 666643; + s1 += s12 * 470296; + s2 += s12 * 654183; + s3 -= s12 * 997805; + s4 += s12 * 136657; + s5 -= s12 * 683901; + s12 = 0; + + carry0 = s0 >> 21; + s1 += carry0; + s0 -= carry0 << 21; + carry1 = s1 >> 21; + s2 += carry1; + s1 -= carry1 << 21; + carry2 = s2 >> 21; + s3 += carry2; + s2 -= carry2 << 21; + carry3 = s3 >> 21; + s4 += carry3; + s3 -= carry3 << 21; + carry4 = s4 >> 21; + s5 += carry4; + s4 -= carry4 << 21; + carry5 = s5 >> 21; + s6 += carry5; + s5 -= carry5 << 21; + carry6 = s6 >> 21; + s7 += carry6; + s6 -= carry6 << 21; + carry7 = s7 >> 21; + s8 += carry7; + s7 -= carry7 << 21; + carry8 = s8 >> 21; + s9 += carry8; + s8 -= carry8 << 21; + carry9 = s9 >> 21; + s10 += carry9; + s9 -= carry9 << 21; + carry10 = s10 >> 21; + s11 += carry10; + s10 -= carry10 << 21; + + s[0] = s0 >> 0; + s[1] = s0 >> 8; + s[2] = (s0 >> 16) | (s1 << 5); + s[3] = s1 >> 3; + s[4] = s1 >> 11; + s[5] = (s1 >> 19) | (s2 << 2); + s[6] = s2 >> 6; + s[7] = (s2 >> 14) | (s3 << 7); + s[8] = s3 >> 1; + s[9] = s3 >> 9; + s[10] = (s3 >> 17) | (s4 << 4); + s[11] = s4 >> 4; + s[12] = s4 >> 12; + s[13] = (s4 >> 20) | (s5 << 1); + s[14] = s5 >> 7; + s[15] = (s5 >> 15) | (s6 << 6); + s[16] = s6 >> 2; + s[17] = s6 >> 10; + s[18] = (s6 >> 18) | (s7 << 3); + s[19] = s7 >> 5; + s[20] = s7 >> 13; + s[21] = s8 >> 0; + s[22] = s8 >> 8; + s[23] = (s8 >> 16) | (s9 << 5); + s[24] = s9 >> 3; + s[25] = s9 >> 11; + s[26] = (s9 >> 19) | (s10 << 2); + s[27] = s10 >> 6; + s[28] = (s10 >> 14) | (s11 << 7); + s[29] = s11 >> 1; + s[30] = s11 >> 9; + s[31] = s11 >> 17; +} + +#ifdef ED25519 +/* Input: + * a[0]+256*a[1]+...+256^31*a[31] = a + * b[0]+256*b[1]+...+256^31*b[31] = b + * c[0]+256*c[1]+...+256^31*c[31] = c + * + * Output: + * s[0]+256*s[1]+...+256^31*s[31] = (ab+c) mod l + * where l = 2^252 + 27742317777372353535851937790883648493. */ +static void +sc_muladd(uint8_t *s, const uint8_t *a, const uint8_t *b, + const uint8_t *c) +{ + int64_t a0 = 2097151 & load_3(a); + int64_t a1 = 2097151 & (load_4(a + 2) >> 5); + int64_t a2 = 2097151 & (load_3(a + 5) >> 2); + int64_t a3 = 2097151 & (load_4(a + 7) >> 7); + int64_t a4 = 2097151 & (load_4(a + 10) >> 4); + int64_t a5 = 2097151 & (load_3(a + 13) >> 1); + int64_t a6 = 2097151 & (load_4(a + 15) >> 6); + int64_t a7 = 2097151 & (load_3(a + 18) >> 3); + int64_t a8 = 2097151 & load_3(a + 21); + int64_t a9 = 2097151 & (load_4(a + 23) >> 5); + int64_t a10 = 2097151 & (load_3(a + 26) >> 2); + int64_t a11 = (load_4(a + 28) >> 7); + int64_t b0 = 2097151 & load_3(b); + int64_t b1 = 2097151 & (load_4(b + 2) >> 5); + int64_t b2 = 2097151 & (load_3(b + 5) >> 2); + int64_t b3 = 2097151 & (load_4(b + 7) >> 7); + int64_t b4 = 2097151 & (load_4(b + 10) >> 4); + int64_t b5 = 2097151 & (load_3(b + 13) >> 1); + int64_t b6 = 2097151 & (load_4(b + 15) >> 6); + int64_t b7 = 2097151 & (load_3(b + 18) >> 3); + int64_t b8 = 2097151 & load_3(b + 21); + int64_t b9 = 2097151 & (load_4(b + 23) >> 5); + int64_t b10 = 2097151 & (load_3(b + 26) >> 2); + int64_t b11 = (load_4(b + 28) >> 7); + int64_t c0 = 2097151 & load_3(c); + int64_t c1 = 2097151 & (load_4(c + 2) >> 5); + int64_t c2 = 2097151 & (load_3(c + 5) >> 2); + int64_t c3 = 2097151 & (load_4(c + 7) >> 7); + int64_t c4 = 2097151 & (load_4(c + 10) >> 4); + int64_t c5 = 2097151 & (load_3(c + 13) >> 1); + int64_t c6 = 2097151 & (load_4(c + 15) >> 6); + int64_t c7 = 2097151 & (load_3(c + 18) >> 3); + int64_t c8 = 2097151 & load_3(c + 21); + int64_t c9 = 2097151 & (load_4(c + 23) >> 5); + int64_t c10 = 2097151 & (load_3(c + 26) >> 2); + int64_t c11 = (load_4(c + 28) >> 7); + int64_t s0; + int64_t s1; + int64_t s2; + int64_t s3; + int64_t s4; + int64_t s5; + int64_t s6; + int64_t s7; + int64_t s8; + int64_t s9; + int64_t s10; + int64_t s11; + int64_t s12; + int64_t s13; + int64_t s14; + int64_t s15; + int64_t s16; + int64_t s17; + int64_t s18; + int64_t s19; + int64_t s20; + int64_t s21; + int64_t s22; + int64_t s23; + int64_t carry0; + int64_t carry1; + int64_t carry2; + int64_t carry3; + int64_t carry4; + int64_t carry5; + int64_t carry6; + int64_t carry7; + int64_t carry8; + int64_t carry9; + int64_t carry10; + int64_t carry11; + int64_t carry12; + int64_t carry13; + int64_t carry14; + int64_t carry15; + int64_t carry16; + int64_t carry17; + int64_t carry18; + int64_t carry19; + int64_t carry20; + int64_t carry21; + int64_t carry22; + + s0 = c0 + a0 * b0; + s1 = c1 + a0 * b1 + a1 * b0; + s2 = c2 + a0 * b2 + a1 * b1 + a2 * b0; + s3 = c3 + a0 * b3 + a1 * b2 + a2 * b1 + a3 * b0; + s4 = c4 + a0 * b4 + a1 * b3 + a2 * b2 + a3 * b1 + a4 * b0; + s5 = c5 + a0 * b5 + a1 * b4 + a2 * b3 + a3 * b2 + a4 * b1 + a5 * b0; + s6 = c6 + a0 * b6 + a1 * b5 + a2 * b4 + a3 * b3 + a4 * b2 + a5 * b1 + a6 * b0; + s7 = c7 + a0 * b7 + a1 * b6 + a2 * b5 + a3 * b4 + a4 * b3 + a5 * b2 + + a6 * b1 + a7 * b0; + s8 = c8 + a0 * b8 + a1 * b7 + a2 * b6 + a3 * b5 + a4 * b4 + a5 * b3 + + a6 * b2 + a7 * b1 + a8 * b0; + s9 = c9 + a0 * b9 + a1 * b8 + a2 * b7 + a3 * b6 + a4 * b5 + a5 * b4 + + a6 * b3 + a7 * b2 + a8 * b1 + a9 * b0; + s10 = c10 + a0 * b10 + a1 * b9 + a2 * b8 + a3 * b7 + a4 * b6 + a5 * b5 + + a6 * b4 + a7 * b3 + a8 * b2 + a9 * b1 + a10 * b0; + s11 = c11 + a0 * b11 + a1 * b10 + a2 * b9 + a3 * b8 + a4 * b7 + a5 * b6 + + a6 * b5 + a7 * b4 + a8 * b3 + a9 * b2 + a10 * b1 + a11 * b0; + s12 = a1 * b11 + a2 * b10 + a3 * b9 + a4 * b8 + a5 * b7 + a6 * b6 + a7 * b5 + + a8 * b4 + a9 * b3 + a10 * b2 + a11 * b1; + s13 = a2 * b11 + a3 * b10 + a4 * b9 + a5 * b8 + a6 * b7 + a7 * b6 + a8 * b5 + + a9 * b4 + a10 * b3 + a11 * b2; + s14 = a3 * b11 + a4 * b10 + a5 * b9 + a6 * b8 + a7 * b7 + a8 * b6 + a9 * b5 + + a10 * b4 + a11 * b3; + s15 = a4 * b11 + a5 * b10 + a6 * b9 + a7 * b8 + a8 * b7 + a9 * b6 + a10 * b5 + + a11 * b4; + s16 = a5 * b11 + a6 * b10 + a7 * b9 + a8 * b8 + a9 * b7 + a10 * b6 + a11 * b5; + s17 = a6 * b11 + a7 * b10 + a8 * b9 + a9 * b8 + a10 * b7 + a11 * b6; + s18 = a7 * b11 + a8 * b10 + a9 * b9 + a10 * b8 + a11 * b7; + s19 = a8 * b11 + a9 * b10 + a10 * b9 + a11 * b8; + s20 = a9 * b11 + a10 * b10 + a11 * b9; + s21 = a10 * b11 + a11 * b10; + s22 = a11 * b11; + s23 = 0; + + carry0 = (s0 + (1 << 20)) >> 21; + s1 += carry0; + s0 -= carry0 << 21; + carry2 = (s2 + (1 << 20)) >> 21; + s3 += carry2; + s2 -= carry2 << 21; + carry4 = (s4 + (1 << 20)) >> 21; + s5 += carry4; + s4 -= carry4 << 21; + carry6 = (s6 + (1 << 20)) >> 21; + s7 += carry6; + s6 -= carry6 << 21; + carry8 = (s8 + (1 << 20)) >> 21; + s9 += carry8; + s8 -= carry8 << 21; + carry10 = (s10 + (1 << 20)) >> 21; + s11 += carry10; + s10 -= carry10 << 21; + carry12 = (s12 + (1 << 20)) >> 21; + s13 += carry12; + s12 -= carry12 << 21; + carry14 = (s14 + (1 << 20)) >> 21; + s15 += carry14; + s14 -= carry14 << 21; + carry16 = (s16 + (1 << 20)) >> 21; + s17 += carry16; + s16 -= carry16 << 21; + carry18 = (s18 + (1 << 20)) >> 21; + s19 += carry18; + s18 -= carry18 << 21; + carry20 = (s20 + (1 << 20)) >> 21; + s21 += carry20; + s20 -= carry20 << 21; + carry22 = (s22 + (1 << 20)) >> 21; + s23 += carry22; + s22 -= carry22 << 21; + + carry1 = (s1 + (1 << 20)) >> 21; + s2 += carry1; + s1 -= carry1 << 21; + carry3 = (s3 + (1 << 20)) >> 21; + s4 += carry3; + s3 -= carry3 << 21; + carry5 = (s5 + (1 << 20)) >> 21; + s6 += carry5; + s5 -= carry5 << 21; + carry7 = (s7 + (1 << 20)) >> 21; + s8 += carry7; + s7 -= carry7 << 21; + carry9 = (s9 + (1 << 20)) >> 21; + s10 += carry9; + s9 -= carry9 << 21; + carry11 = (s11 + (1 << 20)) >> 21; + s12 += carry11; + s11 -= carry11 << 21; + carry13 = (s13 + (1 << 20)) >> 21; + s14 += carry13; + s13 -= carry13 << 21; + carry15 = (s15 + (1 << 20)) >> 21; + s16 += carry15; + s15 -= carry15 << 21; + carry17 = (s17 + (1 << 20)) >> 21; + s18 += carry17; + s17 -= carry17 << 21; + carry19 = (s19 + (1 << 20)) >> 21; + s20 += carry19; + s19 -= carry19 << 21; + carry21 = (s21 + (1 << 20)) >> 21; + s22 += carry21; + s21 -= carry21 << 21; + + s11 += s23 * 666643; + s12 += s23 * 470296; + s13 += s23 * 654183; + s14 -= s23 * 997805; + s15 += s23 * 136657; + s16 -= s23 * 683901; + s23 = 0; + + s10 += s22 * 666643; + s11 += s22 * 470296; + s12 += s22 * 654183; + s13 -= s22 * 997805; + s14 += s22 * 136657; + s15 -= s22 * 683901; + s22 = 0; + + s9 += s21 * 666643; + s10 += s21 * 470296; + s11 += s21 * 654183; + s12 -= s21 * 997805; + s13 += s21 * 136657; + s14 -= s21 * 683901; + s21 = 0; + + s8 += s20 * 666643; + s9 += s20 * 470296; + s10 += s20 * 654183; + s11 -= s20 * 997805; + s12 += s20 * 136657; + s13 -= s20 * 683901; + s20 = 0; + + s7 += s19 * 666643; + s8 += s19 * 470296; + s9 += s19 * 654183; + s10 -= s19 * 997805; + s11 += s19 * 136657; + s12 -= s19 * 683901; + s19 = 0; + + s6 += s18 * 666643; + s7 += s18 * 470296; + s8 += s18 * 654183; + s9 -= s18 * 997805; + s10 += s18 * 136657; + s11 -= s18 * 683901; + s18 = 0; + + carry6 = (s6 + (1 << 20)) >> 21; + s7 += carry6; + s6 -= carry6 << 21; + carry8 = (s8 + (1 << 20)) >> 21; + s9 += carry8; + s8 -= carry8 << 21; + carry10 = (s10 + (1 << 20)) >> 21; + s11 += carry10; + s10 -= carry10 << 21; + carry12 = (s12 + (1 << 20)) >> 21; + s13 += carry12; + s12 -= carry12 << 21; + carry14 = (s14 + (1 << 20)) >> 21; + s15 += carry14; + s14 -= carry14 << 21; + carry16 = (s16 + (1 << 20)) >> 21; + s17 += carry16; + s16 -= carry16 << 21; + + carry7 = (s7 + (1 << 20)) >> 21; + s8 += carry7; + s7 -= carry7 << 21; + carry9 = (s9 + (1 << 20)) >> 21; + s10 += carry9; + s9 -= carry9 << 21; + carry11 = (s11 + (1 << 20)) >> 21; + s12 += carry11; + s11 -= carry11 << 21; + carry13 = (s13 + (1 << 20)) >> 21; + s14 += carry13; + s13 -= carry13 << 21; + carry15 = (s15 + (1 << 20)) >> 21; + s16 += carry15; + s15 -= carry15 << 21; + + s5 += s17 * 666643; + s6 += s17 * 470296; + s7 += s17 * 654183; + s8 -= s17 * 997805; + s9 += s17 * 136657; + s10 -= s17 * 683901; + s17 = 0; + + s4 += s16 * 666643; + s5 += s16 * 470296; + s6 += s16 * 654183; + s7 -= s16 * 997805; + s8 += s16 * 136657; + s9 -= s16 * 683901; + s16 = 0; + + s3 += s15 * 666643; + s4 += s15 * 470296; + s5 += s15 * 654183; + s6 -= s15 * 997805; + s7 += s15 * 136657; + s8 -= s15 * 683901; + s15 = 0; + + s2 += s14 * 666643; + s3 += s14 * 470296; + s4 += s14 * 654183; + s5 -= s14 * 997805; + s6 += s14 * 136657; + s7 -= s14 * 683901; + s14 = 0; + + s1 += s13 * 666643; + s2 += s13 * 470296; + s3 += s13 * 654183; + s4 -= s13 * 997805; + s5 += s13 * 136657; + s6 -= s13 * 683901; + s13 = 0; + + s0 += s12 * 666643; + s1 += s12 * 470296; + s2 += s12 * 654183; + s3 -= s12 * 997805; + s4 += s12 * 136657; + s5 -= s12 * 683901; + s12 = 0; + + carry0 = (s0 + (1 << 20)) >> 21; + s1 += carry0; + s0 -= carry0 << 21; + carry2 = (s2 + (1 << 20)) >> 21; + s3 += carry2; + s2 -= carry2 << 21; + carry4 = (s4 + (1 << 20)) >> 21; + s5 += carry4; + s4 -= carry4 << 21; + carry6 = (s6 + (1 << 20)) >> 21; + s7 += carry6; + s6 -= carry6 << 21; + carry8 = (s8 + (1 << 20)) >> 21; + s9 += carry8; + s8 -= carry8 << 21; + carry10 = (s10 + (1 << 20)) >> 21; + s11 += carry10; + s10 -= carry10 << 21; + + carry1 = (s1 + (1 << 20)) >> 21; + s2 += carry1; + s1 -= carry1 << 21; + carry3 = (s3 + (1 << 20)) >> 21; + s4 += carry3; + s3 -= carry3 << 21; + carry5 = (s5 + (1 << 20)) >> 21; + s6 += carry5; + s5 -= carry5 << 21; + carry7 = (s7 + (1 << 20)) >> 21; + s8 += carry7; + s7 -= carry7 << 21; + carry9 = (s9 + (1 << 20)) >> 21; + s10 += carry9; + s9 -= carry9 << 21; + carry11 = (s11 + (1 << 20)) >> 21; + s12 += carry11; + s11 -= carry11 << 21; + + s0 += s12 * 666643; + s1 += s12 * 470296; + s2 += s12 * 654183; + s3 -= s12 * 997805; + s4 += s12 * 136657; + s5 -= s12 * 683901; + s12 = 0; + + carry0 = s0 >> 21; + s1 += carry0; + s0 -= carry0 << 21; + carry1 = s1 >> 21; + s2 += carry1; + s1 -= carry1 << 21; + carry2 = s2 >> 21; + s3 += carry2; + s2 -= carry2 << 21; + carry3 = s3 >> 21; + s4 += carry3; + s3 -= carry3 << 21; + carry4 = s4 >> 21; + s5 += carry4; + s4 -= carry4 << 21; + carry5 = s5 >> 21; + s6 += carry5; + s5 -= carry5 << 21; + carry6 = s6 >> 21; + s7 += carry6; + s6 -= carry6 << 21; + carry7 = s7 >> 21; + s8 += carry7; + s7 -= carry7 << 21; + carry8 = s8 >> 21; + s9 += carry8; + s8 -= carry8 << 21; + carry9 = s9 >> 21; + s10 += carry9; + s9 -= carry9 << 21; + carry10 = s10 >> 21; + s11 += carry10; + s10 -= carry10 << 21; + carry11 = s11 >> 21; + s12 += carry11; + s11 -= carry11 << 21; + + s0 += s12 * 666643; + s1 += s12 * 470296; + s2 += s12 * 654183; + s3 -= s12 * 997805; + s4 += s12 * 136657; + s5 -= s12 * 683901; + s12 = 0; + + carry0 = s0 >> 21; + s1 += carry0; + s0 -= carry0 << 21; + carry1 = s1 >> 21; + s2 += carry1; + s1 -= carry1 << 21; + carry2 = s2 >> 21; + s3 += carry2; + s2 -= carry2 << 21; + carry3 = s3 >> 21; + s4 += carry3; + s3 -= carry3 << 21; + carry4 = s4 >> 21; + s5 += carry4; + s4 -= carry4 << 21; + carry5 = s5 >> 21; + s6 += carry5; + s5 -= carry5 << 21; + carry6 = s6 >> 21; + s7 += carry6; + s6 -= carry6 << 21; + carry7 = s7 >> 21; + s8 += carry7; + s7 -= carry7 << 21; + carry8 = s8 >> 21; + s9 += carry8; + s8 -= carry8 << 21; + carry9 = s9 >> 21; + s10 += carry9; + s9 -= carry9 << 21; + carry10 = s10 >> 21; + s11 += carry10; + s10 -= carry10 << 21; + + s[0] = s0 >> 0; + s[1] = s0 >> 8; + s[2] = (s0 >> 16) | (s1 << 5); + s[3] = s1 >> 3; + s[4] = s1 >> 11; + s[5] = (s1 >> 19) | (s2 << 2); + s[6] = s2 >> 6; + s[7] = (s2 >> 14) | (s3 << 7); + s[8] = s3 >> 1; + s[9] = s3 >> 9; + s[10] = (s3 >> 17) | (s4 << 4); + s[11] = s4 >> 4; + s[12] = s4 >> 12; + s[13] = (s4 >> 20) | (s5 << 1); + s[14] = s5 >> 7; + s[15] = (s5 >> 15) | (s6 << 6); + s[16] = s6 >> 2; + s[17] = s6 >> 10; + s[18] = (s6 >> 18) | (s7 << 3); + s[19] = s7 >> 5; + s[20] = s7 >> 13; + s[21] = s8 >> 0; + s[22] = s8 >> 8; + s[23] = (s8 >> 16) | (s9 << 5); + s[24] = s9 >> 3; + s[25] = s9 >> 11; + s[26] = (s9 >> 19) | (s10 << 2); + s[27] = s10 >> 6; + s[28] = (s10 >> 14) | (s11 << 7); + s[29] = s11 >> 1; + s[30] = s11 >> 9; + s[31] = s11 >> 17; +} +#endif + +#ifdef ED25519 +void ED25519_keypair(uint8_t out_public_key[32], uint8_t out_private_key[64]) { + uint8_t seed[32]; + arc4random_buf(seed, 32); + + uint8_t az[SHA512_DIGEST_LENGTH]; + SHA512(seed, 32, az); + + az[0] &= 248; + az[31] &= 63; + az[31] |= 64; + + ge_p3 A; + x25519_ge_scalarmult_base(&A, az); + ge_p3_tobytes(out_public_key, &A); + + memcpy(out_private_key, seed, 32); + memmove(out_private_key + 32, out_public_key, 32); +} + +int ED25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len, + const uint8_t private_key[64]) { + uint8_t az[SHA512_DIGEST_LENGTH]; + SHA512(private_key, 32, az); + + az[0] &= 248; + az[31] &= 63; + az[31] |= 64; + + SHA512_CTX hash_ctx; + SHA512_Init(&hash_ctx); + SHA512_Update(&hash_ctx, az + 32, 32); + SHA512_Update(&hash_ctx, message, message_len); + uint8_t nonce[SHA512_DIGEST_LENGTH]; + SHA512_Final(nonce, &hash_ctx); + + x25519_sc_reduce(nonce); + ge_p3 R; + x25519_ge_scalarmult_base(&R, nonce); + ge_p3_tobytes(out_sig, &R); + + SHA512_Init(&hash_ctx); + SHA512_Update(&hash_ctx, out_sig, 32); + SHA512_Update(&hash_ctx, private_key + 32, 32); + SHA512_Update(&hash_ctx, message, message_len); + uint8_t hram[SHA512_DIGEST_LENGTH]; + SHA512_Final(hram, &hash_ctx); + + x25519_sc_reduce(hram); + sc_muladd(out_sig + 32, hram, az, nonce); + + return 1; +} + +int ED25519_verify(const uint8_t *message, size_t message_len, + const uint8_t signature[64], const uint8_t public_key[32]) { + ge_p3 A; + if ((signature[63] & 224) != 0 || + x25519_ge_frombytes_vartime(&A, public_key) != 0) { + return 0; + } + + fe_neg(A.X, A.X); + fe_neg(A.T, A.T); + + uint8_t pkcopy[32]; + memcpy(pkcopy, public_key, 32); + uint8_t rcopy[32]; + memcpy(rcopy, signature, 32); + uint8_t scopy[32]; + memcpy(scopy, signature + 32, 32); + + SHA512_CTX hash_ctx; + SHA512_Init(&hash_ctx); + SHA512_Update(&hash_ctx, signature, 32); + SHA512_Update(&hash_ctx, public_key, 32); + SHA512_Update(&hash_ctx, message, message_len); + uint8_t h[SHA512_DIGEST_LENGTH]; + SHA512_Final(h, &hash_ctx); + + x25519_sc_reduce(h); + + ge_p2 R; + ge_double_scalarmult_vartime(&R, h, &A, scopy); + + uint8_t rcheck[32]; + x25519_ge_tobytes(rcheck, &R); + + return timingsafe_memcmp(rcheck, rcopy, sizeof(rcheck)) == 0; +} +#endif + +/* Replace (f,g) with (g,f) if b == 1; + * replace (f,g) with (f,g) if b == 0. + * + * Preconditions: b in {0,1}. */ +static void fe_cswap(fe f, fe g, unsigned int b) { + b = 0-b; + unsigned i; + for (i = 0; i < 10; i++) { + int32_t x = f[i] ^ g[i]; + x &= b; + f[i] ^= x; + g[i] ^= x; + } +} + +/* h = f * 121666 + * Can overlap h with f. + * + * Preconditions: + * |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc. + * + * Postconditions: + * |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc. */ +static void fe_mul121666(fe h, fe f) { + int32_t f0 = f[0]; + int32_t f1 = f[1]; + int32_t f2 = f[2]; + int32_t f3 = f[3]; + int32_t f4 = f[4]; + int32_t f5 = f[5]; + int32_t f6 = f[6]; + int32_t f7 = f[7]; + int32_t f8 = f[8]; + int32_t f9 = f[9]; + int64_t h0 = f0 * (int64_t) 121666; + int64_t h1 = f1 * (int64_t) 121666; + int64_t h2 = f2 * (int64_t) 121666; + int64_t h3 = f3 * (int64_t) 121666; + int64_t h4 = f4 * (int64_t) 121666; + int64_t h5 = f5 * (int64_t) 121666; + int64_t h6 = f6 * (int64_t) 121666; + int64_t h7 = f7 * (int64_t) 121666; + int64_t h8 = f8 * (int64_t) 121666; + int64_t h9 = f9 * (int64_t) 121666; + int64_t carry0; + int64_t carry1; + int64_t carry2; + int64_t carry3; + int64_t carry4; + int64_t carry5; + int64_t carry6; + int64_t carry7; + int64_t carry8; + int64_t carry9; + + carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits; + carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits; + carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits; + carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits; + carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits; + + carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits; + carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits; + carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits; + carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits; + carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits; + + h[0] = h0; + h[1] = h1; + h[2] = h2; + h[3] = h3; + h[4] = h4; + h[5] = h5; + h[6] = h6; + h[7] = h7; + h[8] = h8; + h[9] = h9; +} + +void +x25519_scalar_mult_generic(uint8_t out[32], const uint8_t scalar[32], + const uint8_t point[32]) { + fe x1, x2, z2, x3, z3, tmp0, tmp1; + + uint8_t e[32]; + memcpy(e, scalar, 32); + e[0] &= 248; + e[31] &= 127; + e[31] |= 64; + fe_frombytes(x1, point); + fe_1(x2); + fe_0(z2); + fe_copy(x3, x1); + fe_1(z3); + + unsigned swap = 0; + int pos; + for (pos = 254; pos >= 0; --pos) { + unsigned b = 1 & (e[pos / 8] >> (pos & 7)); + swap ^= b; + fe_cswap(x2, x3, swap); + fe_cswap(z2, z3, swap); + swap = b; + fe_sub(tmp0, x3, z3); + fe_sub(tmp1, x2, z2); + fe_add(x2, x2, z2); + fe_add(z2, x3, z3); + fe_mul(z3, tmp0, x2); + fe_mul(z2, z2, tmp1); + fe_sq(tmp0, tmp1); + fe_sq(tmp1, x2); + fe_add(x3, z3, z2); + fe_sub(z2, z3, z2); + fe_mul(x2, tmp1, tmp0); + fe_sub(tmp1, tmp1, tmp0); + fe_sq(z2, z2); + fe_mul121666(z3, tmp1); + fe_sq(x3, x3); + fe_add(tmp0, tmp0, z3); + fe_mul(z3, x1, z2); + fe_mul(z2, tmp1, tmp0); + } + fe_cswap(x2, x3, swap); + fe_cswap(z2, z3, swap); + + fe_invert(z2, z2); + fe_mul(x2, x2, z2); + fe_tobytes(out, x2); +} + +#ifdef unused +void +x25519_public_from_private_generic(uint8_t out_public_value[32], + const uint8_t private_key[32]) +{ + uint8_t e[32]; + + memcpy(e, private_key, 32); + e[0] &= 248; + e[31] &= 127; + e[31] |= 64; + + ge_p3 A; + x25519_ge_scalarmult_base(&A, e); + + /* We only need the u-coordinate of the curve25519 point. The map is + * u=(y+1)/(1-y). Since y=Y/Z, this gives u=(Z+Y)/(Z-Y). */ + fe zplusy, zminusy, zminusy_inv; + fe_add(zplusy, A.Z, A.Y); + fe_sub(zminusy, A.Z, A.Y); + fe_invert(zminusy_inv, zminusy); + fe_mul(zplusy, zplusy, zminusy_inv); + fe_tobytes(out_public_value, zplusy); +} +#endif + +void +x25519_public_from_private(uint8_t out_public_value[32], + const uint8_t private_key[32]) +{ + static const uint8_t kMongomeryBasePoint[32] = {9}; + + x25519_scalar_mult(out_public_value, private_key, kMongomeryBasePoint); +} + +void +X25519_keypair(uint8_t out_public_value[X25519_KEY_LENGTH], + uint8_t out_private_key[X25519_KEY_LENGTH]) +{ + /* All X25519 implementations should decode scalars correctly (see + * https://tools.ietf.org/html/rfc7748#section-5). However, if an + * implementation doesn't then it might interoperate with random keys a + * fraction of the time because they'll, randomly, happen to be correctly + * formed. + * + * Thus we do the opposite of the masking here to make sure that our private + * keys are never correctly masked and so, hopefully, any incorrect + * implementations are deterministically broken. + * + * This does not affect security because, although we're throwing away + * entropy, a valid implementation of scalarmult should throw away the exact + * same bits anyway. */ + arc4random_buf(out_private_key, 32); + + out_private_key[0] |= 7; + out_private_key[31] &= 63; + out_private_key[31] |= 128; + + x25519_public_from_private(out_public_value, out_private_key); +} + +int +X25519(uint8_t out_shared_key[X25519_KEY_LENGTH], + const uint8_t private_key[X25519_KEY_LENGTH], + const uint8_t peer_public_value[X25519_KEY_LENGTH]) +{ + static const uint8_t kZeros[32] = {0}; + + x25519_scalar_mult(out_shared_key, private_key, peer_public_value); + + /* The all-zero output results when the input is a point of small order. */ + return timingsafe_memcmp(kZeros, out_shared_key, 32) != 0; +} diff --git a/src/lib/libcrypto/curve25519/curve25519.h b/src/lib/libcrypto/curve25519/curve25519.h new file mode 100644 index 00000000000..5aaa8c08692 --- /dev/null +++ b/src/lib/libcrypto/curve25519/curve25519.h @@ -0,0 +1,67 @@ +/* + * Copyright (c) 2015, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef HEADER_CURVE25519_H +#define HEADER_CURVE25519_H + +#include + +#include + +#if defined(__cplusplus) +extern "C" { +#endif + +/* + * Curve25519. + * + * Curve25519 is an elliptic curve. See https://tools.ietf.org/html/rfc7748. + */ + +/* + * X25519. + * + * X25519 is the Diffie-Hellman primitive built from curve25519. It is + * sometimes referred to as curve25519, but X25519 is a more precise name. + * See http://cr.yp.to/ecdh.html and https://tools.ietf.org/html/rfc7748. + */ + +#define X25519_KEY_LENGTH 32 + +/* + * X25519_keypair sets |out_public_value| and |out_private_key| to a freshly + * generated, public/private key pair. + */ +void X25519_keypair(uint8_t out_public_value[X25519_KEY_LENGTH], + uint8_t out_private_key[X25519_KEY_LENGTH]); + +/* + * X25519 writes a shared key to |out_shared_key| that is calculated from the + * given private key and the peer's public value. It returns one on success and + * zero on error. + * + * Don't use the shared key directly, rather use a KDF and also include the two + * public values as inputs. + */ +int X25519(uint8_t out_shared_key[X25519_KEY_LENGTH], + const uint8_t private_key[X25519_KEY_LENGTH], + const uint8_t peers_public_value[X25519_KEY_LENGTH]); + +#if defined(__cplusplus) +} /* extern C */ +#endif + +#endif /* HEADER_CURVE25519_H */ diff --git a/src/lib/libcrypto/curve25519/curve25519_internal.h b/src/lib/libcrypto/curve25519/curve25519_internal.h new file mode 100644 index 00000000000..f80424a6b7e --- /dev/null +++ b/src/lib/libcrypto/curve25519/curve25519_internal.h @@ -0,0 +1,98 @@ +/* + * Copyright (c) 2015, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef HEADER_CURVE25519_INTERNAL_H +#define HEADER_CURVE25519_INTERNAL_H + +#include + +__BEGIN_HIDDEN_DECLS + +/* fe means field element. Here the field is \Z/(2^255-19). An element t, + * entries t[0]...t[9], represents the integer t[0]+2^26 t[1]+2^51 t[2]+2^77 + * t[3]+2^102 t[4]+...+2^230 t[9]. Bounds on each t[i] vary depending on + * context. */ +typedef int32_t fe[10]; + +/* ge means group element. + + * Here the group is the set of pairs (x,y) of field elements (see fe.h) + * satisfying -x^2 + y^2 = 1 + d x^2y^2 + * where d = -121665/121666. + * + * Representations: + * ge_p2 (projective): (X:Y:Z) satisfying x=X/Z, y=Y/Z + * ge_p3 (extended): (X:Y:Z:T) satisfying x=X/Z, y=Y/Z, XY=ZT + * ge_p1p1 (completed): ((X:Z),(Y:T)) satisfying x=X/Z, y=Y/T + * ge_precomp (Duif): (y+x,y-x,2dxy) */ + +typedef struct { + fe X; + fe Y; + fe Z; +} ge_p2; + +typedef struct { + fe X; + fe Y; + fe Z; + fe T; +} ge_p3; + +typedef struct { + fe X; + fe Y; + fe Z; + fe T; +} ge_p1p1; + +typedef struct { + fe yplusx; + fe yminusx; + fe xy2d; +} ge_precomp; + +typedef struct { + fe YplusX; + fe YminusX; + fe Z; + fe T2d; +} ge_cached; + +void x25519_ge_tobytes(uint8_t *s, const ge_p2 *h); +int x25519_ge_frombytes_vartime(ge_p3 *h, const uint8_t *s); +void x25519_ge_p3_to_cached(ge_cached *r, const ge_p3 *p); +void x25519_ge_p1p1_to_p2(ge_p2 *r, const ge_p1p1 *p); +void x25519_ge_p1p1_to_p3(ge_p3 *r, const ge_p1p1 *p); +void x25519_ge_add(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q); +void x25519_ge_sub(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q); +void x25519_ge_scalarmult_small_precomp(ge_p3 *h, const uint8_t a[32], + const uint8_t precomp_table[15 * 2 * 32]); +void x25519_ge_scalarmult_base(ge_p3 *h, const uint8_t a[32]); +void x25519_ge_scalarmult(ge_p2 *r, const uint8_t *scalar, const ge_p3 *A); +void x25519_sc_reduce(uint8_t *s); + +void x25519_public_from_private(uint8_t out_public_value[32], + const uint8_t private_key[32]); + +void x25519_scalar_mult(uint8_t out[32], const uint8_t scalar[32], + const uint8_t point[32]); +void x25519_scalar_mult_generic(uint8_t out[32], const uint8_t scalar[32], + const uint8_t point[32]); + +__END_HIDDEN_DECLS + +#endif /* HEADER_CURVE25519_INTERNAL_H */ diff --git a/src/lib/libcrypto/cversion.c b/src/lib/libcrypto/cversion.c index f7a1b7a4f04..2d4460d10d8 100644 --- a/src/lib/libcrypto/cversion.c +++ b/src/lib/libcrypto/cversion.c @@ -1,25 +1,25 @@ -/* crypto/cversion.c */ +/* $OpenBSD: cversion.c,v 1.17 2018/02/17 06:56:12 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,72 +49,64 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ -#include -#include -#include "cryptlib.h" #include +#include -#ifndef NO_WINDOWS_BRAINDEATH -#include "buildinf.h" -#endif +#include "cryptlib.h" -const char *SSLeay_version(int t) - { - if (t == SSLEAY_VERSION) +const char * +SSLeay_version(int t) +{ + switch (t) { + case SSLEAY_VERSION: return OPENSSL_VERSION_TEXT; - if (t == SSLEAY_BUILT_ON) - { -#ifdef DATE - static char buf[sizeof(DATE)+11]; - - sprintf(buf,"built on: %s",DATE); - return(buf); -#else + case SSLEAY_BUILT_ON: return("built on: date not available"); -#endif - } - if (t == SSLEAY_CFLAGS) - { -#ifdef CFLAGS - static char buf[sizeof(CFLAGS)+11]; - - sprintf(buf,"compiler: %s",CFLAGS); - return(buf); -#else + case SSLEAY_CFLAGS: return("compiler: information not available"); -#endif - } - if (t == SSLEAY_PLATFORM) - { -#ifdef PLATFORM - static char buf[sizeof(PLATFORM)+11]; - - sprintf(buf,"platform: %s", PLATFORM); - return(buf); -#else + case SSLEAY_PLATFORM: return("platform: information not available"); -#endif - } - if (t == SSLEAY_DIR) - { -#ifdef OPENSSLDIR + case SSLEAY_DIR: return "OPENSSLDIR: \"" OPENSSLDIR "\""; -#else - return "OPENSSLDIR: N/A"; -#endif - } - return("not available"); } + return("not available"); +} + +unsigned long +SSLeay(void) +{ + return (SSLEAY_VERSION_NUMBER); +} -unsigned long SSLeay(void) - { - return(SSLEAY_VERSION_NUMBER); +const char * +OpenSSL_version(int t) +{ + switch (t) { + case OPENSSL_VERSION: + return OPENSSL_VERSION_TEXT; + case OPENSSL_BUILT_ON: + return("built on: date not available"); + case OPENSSL_CFLAGS: + return("compiler: information not available"); + case OPENSSL_PLATFORM: + return("platform: information not available"); + case OPENSSL_DIR: + return "OPENSSLDIR: \"" OPENSSLDIR "\""; + case OPENSSL_ENGINES_DIR: + return "ENGINESDIR: N/A"; } + return("not available"); +} +unsigned long +OpenSSL_version_num(void) +{ + return SSLeay(); +} diff --git a/src/lib/libcrypto/des/DES.pm b/src/lib/libcrypto/des/DES.pm deleted file mode 100644 index 6a175b6ca4b..00000000000 --- a/src/lib/libcrypto/des/DES.pm +++ /dev/null @@ -1,19 +0,0 @@ -package DES; - -require Exporter; -require DynaLoader; -@ISA = qw(Exporter DynaLoader); -# Items to export into callers namespace by default -# (move infrequently used names to @EXPORT_OK below) -@EXPORT = qw( -); -# Other items we are prepared to export if requested -@EXPORT_OK = qw( -crypt -); - -# Preloaded methods go here. Autoload methods go after __END__, and are -# processed by the autosplit program. -bootstrap DES; -1; -__END__ diff --git a/src/lib/libcrypto/des/DES.xs b/src/lib/libcrypto/des/DES.xs deleted file mode 100644 index b8050b9edf8..00000000000 --- a/src/lib/libcrypto/des/DES.xs +++ /dev/null @@ -1,268 +0,0 @@ -#include "EXTERN.h" -#include "perl.h" -#include "XSUB.h" -#include "des.h" - -#define deschar char -static STRLEN len; - -static int -not_here(s) -char *s; -{ - croak("%s not implemented on this architecture", s); - return -1; -} - -MODULE = DES PACKAGE = DES PREFIX = des_ - -char * -des_crypt(buf,salt) - char * buf - char * salt - -void -des_set_odd_parity(key) - des_cblock * key -PPCODE: - { - SV *s; - - s=sv_newmortal(); - sv_setpvn(s,(char *)key,8); - des_set_odd_parity((des_cblock *)SvPV(s,na)); - PUSHs(s); - } - -int -des_is_weak_key(key) - des_cblock * key - -des_key_schedule -des_set_key(key) - des_cblock * key -CODE: - des_set_key(key,RETVAL); -OUTPUT: -RETVAL - -des_cblock -des_ecb_encrypt(input,ks,encrypt) - des_cblock * input - des_key_schedule * ks - int encrypt -CODE: - des_ecb_encrypt(input,&RETVAL,*ks,encrypt); -OUTPUT: -RETVAL - -void -des_cbc_encrypt(input,ks,ivec,encrypt) - char * input - des_key_schedule * ks - des_cblock * ivec - int encrypt -PPCODE: - { - SV *s; - STRLEN len,l; - char *c; - - l=SvCUR(ST(0)); - len=((((unsigned long)l)+7)/8)*8; - s=sv_newmortal(); - sv_setpvn(s,"",0); - SvGROW(s,len); - SvCUR_set(s,len); - c=(char *)SvPV(s,na); - des_cbc_encrypt((des_cblock *)input,(des_cblock *)c, - l,*ks,ivec,encrypt); - sv_setpvn(ST(2),(char *)c[len-8],8); - PUSHs(s); - } - -void -des_cbc3_encrypt(input,ks1,ks2,ivec1,ivec2,encrypt) - char * input - des_key_schedule * ks1 - des_key_schedule * ks2 - des_cblock * ivec1 - des_cblock * ivec2 - int encrypt -PPCODE: - { - SV *s; - STRLEN len,l; - - l=SvCUR(ST(0)); - len=((((unsigned long)l)+7)/8)*8; - s=sv_newmortal(); - sv_setpvn(s,"",0); - SvGROW(s,len); - SvCUR_set(s,len); - des_3cbc_encrypt((des_cblock *)input,(des_cblock *)SvPV(s,na), - l,*ks1,*ks2,ivec1,ivec2,encrypt); - sv_setpvn(ST(3),(char *)ivec1,8); - sv_setpvn(ST(4),(char *)ivec2,8); - PUSHs(s); - } - -void -des_cbc_cksum(input,ks,ivec) - char * input - des_key_schedule * ks - des_cblock * ivec -PPCODE: - { - SV *s1,*s2; - STRLEN len,l; - des_cblock c; - unsigned long i1,i2; - - s1=sv_newmortal(); - s2=sv_newmortal(); - l=SvCUR(ST(0)); - des_cbc_cksum((des_cblock *)input,(des_cblock *)c, - l,*ks,ivec); - i1=c[4]|(c[5]<<8)|(c[6]<<16)|(c[7]<<24); - i2=c[0]|(c[1]<<8)|(c[2]<<16)|(c[3]<<24); - sv_setiv(s1,i1); - sv_setiv(s2,i2); - sv_setpvn(ST(2),(char *)c,8); - PUSHs(s1); - PUSHs(s2); - } - -void -des_cfb_encrypt(input,numbits,ks,ivec,encrypt) - char * input - int numbits - des_key_schedule * ks - des_cblock * ivec - int encrypt -PPCODE: - { - SV *s; - STRLEN len; - char *c; - - len=SvCUR(ST(0)); - s=sv_newmortal(); - sv_setpvn(s,"",0); - SvGROW(s,len); - SvCUR_set(s,len); - c=(char *)SvPV(s,na); - des_cfb_encrypt((unsigned char *)input,(unsigned char *)c, - (int)numbits,(long)len,*ks,ivec,encrypt); - sv_setpvn(ST(3),(char *)ivec,8); - PUSHs(s); - } - -des_cblock * -des_ecb3_encrypt(input,ks1,ks2,encrypt) - des_cblock * input - des_key_schedule * ks1 - des_key_schedule * ks2 - int encrypt -CODE: - { - des_cblock c; - - des_ecb3_encrypt((des_cblock *)input,(des_cblock *)&c, - *ks1,*ks2,encrypt); - RETVAL= &c; - } -OUTPUT: -RETVAL - -void -des_ofb_encrypt(input,numbits,ks,ivec) - unsigned char * input - int numbits - des_key_schedule * ks - des_cblock * ivec -PPCODE: - { - SV *s; - STRLEN len,l; - unsigned char *c; - - len=SvCUR(ST(0)); - s=sv_newmortal(); - sv_setpvn(s,"",0); - SvGROW(s,len); - SvCUR_set(s,len); - c=(unsigned char *)SvPV(s,na); - des_ofb_encrypt((unsigned char *)input,(unsigned char *)c, - numbits,len,*ks,ivec); - sv_setpvn(ST(3),(char *)ivec,8); - PUSHs(s); - } - -void -des_pcbc_encrypt(input,ks,ivec,encrypt) - char * input - des_key_schedule * ks - des_cblock * ivec - int encrypt -PPCODE: - { - SV *s; - STRLEN len,l; - char *c; - - l=SvCUR(ST(0)); - len=((((unsigned long)l)+7)/8)*8; - s=sv_newmortal(); - sv_setpvn(s,"",0); - SvGROW(s,len); - SvCUR_set(s,len); - c=(char *)SvPV(s,na); - des_pcbc_encrypt((des_cblock *)input,(des_cblock *)c, - l,*ks,ivec,encrypt); - sv_setpvn(ST(2),(char *)c[len-8],8); - PUSHs(s); - } - -des_cblock * -des_random_key() -CODE: - { - des_cblock c; - - des_random_key(c); - RETVAL=&c; - } -OUTPUT: -RETVAL - -des_cblock * -des_string_to_key(str) -char * str -CODE: - { - des_cblock c; - - des_string_to_key(str,&c); - RETVAL=&c; - } -OUTPUT: -RETVAL - -void -des_string_to_2keys(str) -char * str -PPCODE: - { - des_cblock c1,c2; - SV *s1,*s2; - - des_string_to_2keys(str,&c1,&c2); - EXTEND(sp,2); - s1=sv_newmortal(); - sv_setpvn(s1,(char *)c1,8); - s2=sv_newmortal(); - sv_setpvn(s2,(char *)c2,8); - PUSHs(s1); - PUSHs(s2); - } diff --git a/src/lib/libcrypto/des/FILES b/src/lib/libcrypto/des/FILES deleted file mode 100644 index 4c7ea2de7a0..00000000000 --- a/src/lib/libcrypto/des/FILES +++ /dev/null @@ -1,96 +0,0 @@ -/* General stuff */ -COPYRIGHT - Copyright info. -MODES.DES - A description of the features of the different modes of DES. -FILES - This file. -INSTALL - How to make things compile. -Imakefile - For use with kerberos. -README - What this package is. -VERSION - Which version this is and what was changed. -KERBEROS - Kerberos version 4 notes. -Makefile.PL - An old makefile to build with perl5, not current. -Makefile.ssl - The SSLeay makefile -Makefile.uni - The normal unix makefile. -GNUmakefile - The makefile for use with glibc. -makefile.bc - A Borland C makefile -times - Some outputs from 'speed' on some machines. -vms.com - For use when compiling under VMS - -/* My SunOS des(1) replacement */ -des.c - des(1) source code. -des.man - des(1) manual. - -/* Testing and timing programs. */ -destest.c - Source for libdes.a test program. -speed.c - Source for libdes.a timing program. -rpw.c - Source for libdes.a testing password reading routines. - -/* libdes.a source code */ -des_crypt.man - libdes.a manual page. -des.h - Public libdes.a header file. -ecb_enc.c - des_ecb_encrypt() source, this contains the basic DES code. -ecb3_enc.c - des_ecb3_encrypt() source. -cbc_ckm.c - des_cbc_cksum() source. -cbc_enc.c - des_cbc_encrypt() source. -ncbc_enc.c - des_cbc_encrypt() that is 'normal' in that it copies - the new iv values back in the passed iv vector. -ede_enc.c - des_ede3_cbc_encrypt() cbc mode des using triple DES. -cbc3_enc.c - des_3cbc_encrypt() source, don't use this function. -cfb_enc.c - des_cfb_encrypt() source. -cfb64enc.c - des_cfb64_encrypt() cfb in 64 bit mode but setup to be - used as a stream cipher. -cfb64ede.c - des_ede3_cfb64_encrypt() cfb in 64 bit mode but setup to be - used as a stream cipher and using triple DES. -ofb_enc.c - des_cfb_encrypt() source. -ofb64_enc.c - des_ofb_encrypt() ofb in 64 bit mode but setup to be - used as a stream cipher. -ofb64ede.c - des_ede3_ofb64_encrypt() ofb in 64 bit mode but setup to be - used as a stream cipher and using triple DES. -enc_read.c - des_enc_read() source. -enc_writ.c - des_enc_write() source. -pcbc_enc.c - des_pcbc_encrypt() source. -qud_cksm.c - quad_cksum() source. -rand_key.c - des_random_key() source. -read_pwd.c - Source for des_read_password() plus related functions. -set_key.c - Source for des_set_key(). -str2key.c - Covert a string of any length into a key. -fcrypt.c - A small, fast version of crypt(3). -des_locl.h - Internal libdes.a header file. -podd.h - Odd parity tables - used in des_set_key(). -sk.h - Lookup tables used in des_set_key(). -spr.h - What is left of the S tables - used in ecb_encrypt(). -des_ver.h - header file for the external definition of the - version string. -des.doc - SSLeay documentation for the library. - -/* The perl scripts - you can ignore these files they are only - * included for the curious */ -des.pl - des in perl anyone? des_set_key and des_ecb_encrypt - both done in a perl library. -testdes.pl - Testing program for des.pl -doIP - Perl script used to develop IP xor/shift code. -doPC1 - Perl script used to develop PC1 xor/shift code. -doPC2 - Generates sk.h. -PC1 - Output of doPC1 should be the same as output from PC1. -PC2 - used in development of doPC2. -shifts.pl - Perl library used by my perl scripts. - -/* I started making a perl5 dynamic library for libdes - * but did not fully finish, these files are part of that effort. */ -DES.pm -DES.pod -DES.xs -t -typemap - -/* The following are for use with sun RPC implementaions. */ -rpc_des.h -rpc_enc.c - -/* The following are contibuted by Mark Murray . They - * are not normally built into libdes due to machine specific routines - * contained in them. They are for use in the most recent incarnation of - * export kerberos v 4 (eBones). */ -supp.c -new_rkey.c - - diff --git a/src/lib/libcrypto/des/INSTALL b/src/lib/libcrypto/des/INSTALL deleted file mode 100644 index 32457d775ca..00000000000 --- a/src/lib/libcrypto/des/INSTALL +++ /dev/null @@ -1,69 +0,0 @@ -Check the CC and CFLAGS lines in the makefile - -If your C library does not support the times(3) function, change the -#define TIMES to -#undef TIMES in speed.c -If it does, check the HZ value for the times(3) function. -If your system does not define CLK_TCK it will be assumed to -be 100.0. - -If possible use gcc v 2.7.? -Turn on the maximum optimising (normally '-O3 -fomit-frame-pointer' for gcc) -In recent times, some system compilers give better performace. - -type 'make' - -run './destest' to check things are ok. -run './rpw' to check the tty code for reading passwords works. -run './speed' to see how fast those optimisations make the library run :-) -run './des_opts' to determin the best compile time options. - -The output from des_opts should be put in the makefile options and des_enc.c -should be rebuilt. For 64 bit computers, do not use the DES_PTR option. -For the DEC Alpha, edit des.h and change DES_LONG to 'unsigned int' -and then you can use the 'DES_PTR' option. - -The file options.txt has the options listed for best speed on quite a -few systems. Look and the options (UNROLL, PTR, RISC2 etc) and then -turn on the relevent option in the Makefile - -There are some special Makefile targets that make life easier. -make cc - standard cc build -make gcc - standard gcc build -make x86-elf - x86 assembler (elf), linux-elf. -make x86-out - x86 assembler (a.out), FreeBSD -make x86-solaris- x86 assembler -make x86-bsdi - x86 assembler (a.out with primative assembler). - -If at all possible use the assembler (for Windows NT/95, use -asm/win32.obj to link with). The x86 assembler is very very fast. - -A make install will by default install -libdes.a in /usr/local/lib/libdes.a -des in /usr/local/bin/des -des_crypt.man in /usr/local/man/man3/des_crypt.3 -des.man in /usr/local/man/man1/des.1 -des.h in /usr/include/des.h - -des(1) should be compatible with sunOS's but I have been unable to -test it. - -These routines should compile on MSDOS, most 32bit and 64bit version -of Unix (BSD and SYSV) and VMS, without modification. -The only problems should be #include files that are in the wrong places. - -These routines can be compiled under MSDOS. -I have successfully encrypted files using des(1) under MSDOS and then -decrypted the files on a SparcStation. -I have been able to compile and test the routines with -Microsoft C v 5.1 and Turbo C v 2.0. -The code in this library is in no way optimised for the 16bit -operation of MSDOS. - -When building for glibc, ignore all of the above and just unpack into -glibc-1.??/des and then gmake as per normal. - -As a final note on performace. Certain CPUs like sparcs and Alpha often give -a %10 speed difference depending on the link order. It is rather anoying -when one program reports 'x' DES encrypts a second and another reports -'x*0.9' the speed. diff --git a/src/lib/libcrypto/des/Imakefile b/src/lib/libcrypto/des/Imakefile deleted file mode 100644 index 1b9b5629e15..00000000000 --- a/src/lib/libcrypto/des/Imakefile +++ /dev/null @@ -1,35 +0,0 @@ -# This Imakefile has not been tested for a while but it should still -# work when placed in the correct directory in the kerberos v 4 distribution - -SRCS= cbc_cksm.c cbc_enc.c ecb_enc.c pcbc_enc.c \ - qud_cksm.c rand_key.c read_pwd.c set_key.c str2key.c \ - enc_read.c enc_writ.c fcrypt.c cfb_enc.c \ - ecb3_enc.c ofb_enc.c ofb64enc.c - -OBJS= cbc_cksm.o cbc_enc.o ecb_enc.o pcbc_enc.o \ - qud_cksm.o rand_key.o read_pwd.o set_key.o str2key.o \ - enc_read.o enc_writ.o fcrypt.o cfb_enc.o \ - ecb3_enc.o ofb_enc.o ofb64enc.o - -GENERAL=COPYRIGHT FILES INSTALL Imakefile README VERSION makefile times \ - vms.com KERBEROS -DES= des.c des.man -TESTING=destest.c speed.c rpw.c -LIBDES= des_crypt.man des.h des_locl.h podd.h sk.h spr.h - -PERL= des.pl testdes.pl doIP doPC1 doPC2 PC1 PC2 shifts.pl - -CODE= $(GENERAL) $(DES) $(TESTING) $(SRCS) $(LIBDES) $(PERL) - -SRCDIR=$(SRCTOP)/lib/des - -DBG= -O -INCLUDE= -I$(SRCDIR) -CC= cc - -library_obj_rule() - -install_library_target(des,$(OBJS),$(SRCS),) - -test(destest,libdes.a,) -test(rpw,libdes.a,) diff --git a/src/lib/libcrypto/des/KERBEROS b/src/lib/libcrypto/des/KERBEROS deleted file mode 100644 index f401b10014f..00000000000 --- a/src/lib/libcrypto/des/KERBEROS +++ /dev/null @@ -1,41 +0,0 @@ - [ This is an old file, I don't know if it is true anymore - but I will leave the file here - eay 21/11/95 ] - -To use this library with Bones (kerberos without DES): -1) Get my modified Bones - eBones. It can be found on - gondwana.ecr.mu.oz.au (128.250.1.63) /pub/athena/eBones-p9.tar.Z - and - nic.funet.fi (128.214.6.100) /pub/unix/security/Kerberos/eBones-p9.tar.Z - -2) Unpack this library in src/lib/des, makeing sure it is version - 3.00 or greater (libdes.tar.93-10-07.Z). This versions differences - from the version in comp.sources.misc volume 29 patchlevel2. - The primarily difference is that it should compile under kerberos :-). - It can be found at. - ftp.psy.uq.oz.au (130.102.32.1) /pub/DES/libdes.tar.93-10-07.Z - -Now do a normal kerberos build and things should work. - -One problem I found when I was build on my local sun. ---- -For sunOS 4.1.1 apply the following patch to src/util/ss/make_commands.c - -*** make_commands.c.orig Fri Jul 3 04:18:35 1987 ---- make_commands.c Wed May 20 08:47:42 1992 -*************** -*** 98,104 **** - if (!rename(o_file, z_file)) { - if (!vfork()) { - chdir("/tmp"); -! execl("/bin/ld", "ld", "-o", o_file+5, "-s", "-r", "-n", - z_file+5, 0); - perror("/bin/ld"); - _exit(1); ---- 98,104 ---- - if (!rename(o_file, z_file)) { - if (!vfork()) { - chdir("/tmp"); -! execl("/bin/ld", "ld", "-o", o_file+5, "-s", "-r", - z_file+5, 0); - perror("/bin/ld"); - _exit(1); diff --git a/src/lib/libcrypto/des/Makefile.ssl b/src/lib/libcrypto/des/Makefile.ssl deleted file mode 100644 index 473810bec14..00000000000 --- a/src/lib/libcrypto/des/Makefile.ssl +++ /dev/null @@ -1,325 +0,0 @@ -# -# SSLeay/crypto/des/Makefile -# - -DIR= des -TOP= ../.. -CC= cc -CPP= $(CC) -E -INCLUDES=-I$(TOP) -I../../include -CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKE= make -f Makefile.ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) -MAKEFILE= Makefile.ssl -AR= ar r -RANLIB= ranlib -DES_ENC= des_enc.o fcrypt_b.o -# or use -#DES_ENC= dx86-elf.o yx86-elf.o - -CFLAGS= $(INCLUDES) $(CFLAG) - -GENERAL=Makefile -TEST=destest.c -APPS= - -LIB=$(TOP)/libcrypto.a -LIBSRC= cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c \ - ecb3_enc.c ecb_enc.c enc_read.c enc_writ.c \ - fcrypt.c ofb64enc.c ofb_enc.c pcbc_enc.c \ - qud_cksm.c rand_key.c rpc_enc.c set_key.c \ - des_enc.c fcrypt_b.c \ - xcbc_enc.c \ - str2key.c cfb64ede.c ofb64ede.c ede_cbcm_enc.c des_old.c des_old2.c \ - read2pwd.c - -LIBOBJ= set_key.o ecb_enc.o cbc_enc.o \ - ecb3_enc.o cfb64enc.o cfb64ede.o cfb_enc.o ofb64ede.o \ - enc_read.o enc_writ.o ofb64enc.o \ - ofb_enc.o str2key.o pcbc_enc.o qud_cksm.o rand_key.o \ - ${DES_ENC} \ - fcrypt.o xcbc_enc.o rpc_enc.o cbc_cksm.o \ - ede_cbcm_enc.o des_old.o des_old2.o read2pwd.o - -SRC= $(LIBSRC) - -EXHEADER= des.h des_old.h -HEADER= des_locl.h rpc_des.h spr.h des_ver.h $(EXHEADER) - -ALL= $(GENERAL) $(SRC) $(HEADER) - -top: - (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) - -all: lib - -lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) || echo Never mind. - @touch lib - -des: des.o cbc3_enc.o lib - $(CC) $(CFLAGS) -o des des.o cbc3_enc.o $(LIB) - -# elf -asm/dx86-elf.o: asm/dx86unix.cpp - $(CPP) -DELF -x c asm/dx86unix.cpp | as -o asm/dx86-elf.o - -asm/yx86-elf.o: asm/yx86unix.cpp - $(CPP) -DELF -x c asm/yx86unix.cpp | as -o asm/yx86-elf.o - -# solaris -asm/dx86-sol.o: asm/dx86unix.cpp - $(CC) -E -DSOL asm/dx86unix.cpp | sed 's/^#.*//' > asm/dx86-sol.s - as -o asm/dx86-sol.o asm/dx86-sol.s - rm -f asm/dx86-sol.s - -asm/yx86-sol.o: asm/yx86unix.cpp - $(CC) -E -DSOL asm/yx86unix.cpp | sed 's/^#.*//' > asm/yx86-sol.s - as -o asm/yx86-sol.o asm/yx86-sol.s - rm -f asm/yx86-sol.s - -# a.out -asm/dx86-out.o: asm/dx86unix.cpp - $(CPP) -DOUT asm/dx86unix.cpp | as -o asm/dx86-out.o - -asm/yx86-out.o: asm/yx86unix.cpp - $(CPP) -DOUT asm/yx86unix.cpp | as -o asm/yx86-out.o - -# bsdi -asm/dx86bsdi.o: asm/dx86unix.cpp - $(CPP) -DBSDI asm/dx86unix.cpp | sed 's/ :/:/' | as -o asm/dx86bsdi.o - -asm/yx86bsdi.o: asm/yx86unix.cpp - $(CPP) -DBSDI asm/yx86unix.cpp | sed 's/ :/:/' | as -o asm/yx86bsdi.o - -asm/dx86unix.cpp: asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) des-586.pl cpp >dx86unix.cpp) - -asm/yx86unix.cpp: asm/crypt586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) crypt586.pl cpp >yx86unix.cpp) - -files: - $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO - -links: - @sh $(TOP)/util/point.sh Makefile.ssl Makefile - @sh $(TOP)/util/point.sh ../../perlasm asm/perlasm - @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) - @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) - @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) - -install: installs - -installs: - @for i in $(EXHEADER) ; \ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; - -tags: - ctags $(SRC) - -tests: - -lint: - lint -DLINT $(INCLUDES) $(SRC)>fluff - -depend: - $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) - -dclean: - $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new - mv -f Makefile.new $(MAKEFILE) - -clean: - rm -f asm/dx86unix.cpp asm/yx86unix.cpp *.o asm/*.o *.obj des lib tags core .pure .nfs* *.old *.bak fluff - -# DO NOT DELETE THIS LINE -- make depend depends on it. - -cbc_cksm.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -cbc_cksm.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h -cbc_cksm.o: ../../include/openssl/opensslconf.h -cbc_cksm.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -cbc_cksm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -cbc_cksm.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -cbc_cksm.o: cbc_cksm.c des_locl.h -cbc_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -cbc_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h -cbc_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -cbc_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -cbc_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -cbc_enc.o: ../../include/openssl/ui_compat.h cbc_enc.c des_locl.h ncbc_enc.c -cfb64ede.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -cfb64ede.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h -cfb64ede.o: ../../include/openssl/opensslconf.h -cfb64ede.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -cfb64ede.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -cfb64ede.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -cfb64ede.o: cfb64ede.c des_locl.h -cfb64enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -cfb64enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h -cfb64enc.o: ../../include/openssl/opensslconf.h -cfb64enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -cfb64enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -cfb64enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -cfb64enc.o: cfb64enc.c des_locl.h -cfb_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -cfb_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h -cfb_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -cfb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -cfb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -cfb_enc.o: ../../include/openssl/ui_compat.h cfb_enc.c des_locl.h -des_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -des_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h -des_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -des_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -des_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -des_enc.o: ../../include/openssl/ui_compat.h des_enc.c des_locl.h ncbc_enc.c -des_old.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -des_old.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h -des_old.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -des_old.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -des_old.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -des_old.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -des_old.o: ../../include/openssl/ui_compat.h des_old.c -des_old2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -des_old2.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h -des_old2.o: ../../include/openssl/opensslconf.h -des_old2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -des_old2.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -des_old2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -des_old2.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -des_old2.o: des_old2.c -ecb3_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -ecb3_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h -ecb3_enc.o: ../../include/openssl/opensslconf.h -ecb3_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -ecb3_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -ecb3_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -ecb3_enc.o: des_locl.h ecb3_enc.c -ecb_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -ecb_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h -ecb_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -ecb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -ecb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -ecb_enc.o: ../../include/openssl/ui_compat.h des_locl.h ecb_enc.c spr.h -ede_cbcm_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -ede_cbcm_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h -ede_cbcm_enc.o: ../../include/openssl/opensslconf.h -ede_cbcm_enc.o: ../../include/openssl/opensslv.h -ede_cbcm_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -ede_cbcm_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -ede_cbcm_enc.o: ../../include/openssl/ui_compat.h des_locl.h ede_cbcm_enc.c -enc_read.o: ../../e_os.h ../../include/openssl/bio.h -enc_read.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -enc_read.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -enc_read.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -enc_read.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -enc_read.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -enc_read.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -enc_read.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -enc_read.o: ../cryptlib.h des_locl.h enc_read.c -enc_writ.o: ../../e_os.h ../../include/openssl/bio.h -enc_writ.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -enc_writ.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -enc_writ.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -enc_writ.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -enc_writ.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -enc_writ.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -enc_writ.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -enc_writ.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -enc_writ.o: ../cryptlib.h des_locl.h enc_writ.c -fcrypt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -fcrypt.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h -fcrypt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -fcrypt.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -fcrypt.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -fcrypt.o: ../../include/openssl/ui_compat.h des_locl.h fcrypt.c -fcrypt_b.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -fcrypt_b.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h -fcrypt_b.o: ../../include/openssl/opensslconf.h -fcrypt_b.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -fcrypt_b.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -fcrypt_b.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -fcrypt_b.o: des_locl.h fcrypt_b.c -ofb64ede.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -ofb64ede.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h -ofb64ede.o: ../../include/openssl/opensslconf.h -ofb64ede.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -ofb64ede.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -ofb64ede.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -ofb64ede.o: des_locl.h ofb64ede.c -ofb64enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -ofb64enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h -ofb64enc.o: ../../include/openssl/opensslconf.h -ofb64enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -ofb64enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -ofb64enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -ofb64enc.o: des_locl.h ofb64enc.c -ofb_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -ofb_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h -ofb_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -ofb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -ofb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -ofb_enc.o: ../../include/openssl/ui_compat.h des_locl.h ofb_enc.c -pcbc_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -pcbc_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h -pcbc_enc.o: ../../include/openssl/opensslconf.h -pcbc_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -pcbc_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -pcbc_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -pcbc_enc.o: des_locl.h pcbc_enc.c -qud_cksm.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -qud_cksm.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h -qud_cksm.o: ../../include/openssl/opensslconf.h -qud_cksm.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -qud_cksm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -qud_cksm.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -qud_cksm.o: des_locl.h qud_cksm.c -rand_key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -rand_key.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h -rand_key.o: ../../include/openssl/opensslconf.h -rand_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rand_key.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -rand_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -rand_key.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -rand_key.o: rand_key.c -read2pwd.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -read2pwd.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h -read2pwd.o: ../../include/openssl/opensslconf.h -read2pwd.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -read2pwd.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -read2pwd.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -read2pwd.o: read2pwd.c -rpc_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -rpc_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h -rpc_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -rpc_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -rpc_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -rpc_enc.o: ../../include/openssl/ui_compat.h des_locl.h des_ver.h rpc_des.h -rpc_enc.o: rpc_enc.c -set_key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -set_key.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h -set_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -set_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -set_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -set_key.o: ../../include/openssl/ui_compat.h des_locl.h set_key.c -str2key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -str2key.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h -str2key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -str2key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -str2key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -str2key.o: ../../include/openssl/ui_compat.h des_locl.h str2key.c -xcbc_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -xcbc_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h -xcbc_enc.o: ../../include/openssl/opensslconf.h -xcbc_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -xcbc_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -xcbc_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -xcbc_enc.o: des_locl.h xcbc_enc.c diff --git a/src/lib/libcrypto/des/README b/src/lib/libcrypto/des/README deleted file mode 100644 index 621a5ab4676..00000000000 --- a/src/lib/libcrypto/des/README +++ /dev/null @@ -1,54 +0,0 @@ - - libdes, Version 4.01 10-Jan-97 - - Copyright (c) 1997, Eric Young - All rights reserved. - - This program is free software; you can redistribute it and/or modify - it under the terms specified in COPYRIGHT. - --- -The primary ftp site for this library is -ftp://ftp.psy.uq.oz.au/pub/Crypto/DES/libdes-x.xx.tar.gz -libdes is now also shipped with SSLeay. Primary ftp site of -ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/SSLeay-x.x.x.tar.gz - -The best way to build this library is to build it as part of SSLeay. - -This kit builds a DES encryption library and a DES encryption program. -It supports ecb, cbc, ofb, cfb, triple ecb, triple cbc, triple ofb, -triple cfb, desx, and MIT's pcbc encryption modes and also has a fast -implementation of crypt(3). -It contains support routines to read keys from a terminal, -generate a random key, generate a key from an arbitrary length string, -read/write encrypted data from/to a file descriptor. - -The implementation was written so as to conform with the manual entry -for the des_crypt(3) library routines from MIT's project Athena. - -destest should be run after compilation to test the des routines. -rpw should be run after compilation to test the read password routines. -The des program is a replacement for the sun des command. I believe it -conforms to the sun version. - -The Imakefile is setup for use in the kerberos distribution. - -These routines are best compiled with gcc or any other good -optimising compiler. -Just turn you optimiser up to the highest settings and run destest -after the build to make sure everything works. - -I believe these routines are close to the fastest and most portable DES -routines that use small lookup tables (4.5k) that are publicly available. -The fcrypt routine is faster than ufc's fcrypt (when compiling with -gcc2 -O2) on the sparc 2 (1410 vs 1270) but is not so good on other machines -(on a sun3/260 168 vs 336). It is a function of CPU on chip cache size. -[ 10-Jan-97 and a function of an incorrect speed testing program in - ufc which gave much better test figures that reality ]. - -It is worth noting that on sparc and Alpha CPUs, performance of the DES -library can vary by upto %10 due to the positioning of files after application -linkage. - -Eric Young (eay@cryptsoft.com) - diff --git a/src/lib/libcrypto/des/VERSION b/src/lib/libcrypto/des/VERSION deleted file mode 100644 index c7d01542bc7..00000000000 --- a/src/lib/libcrypto/des/VERSION +++ /dev/null @@ -1,412 +0,0 @@ - Fixed the weak key values which were wrong :-( - Defining SIGACTION causes sigaction() to be used instead of signal(). - SIGUSR1/SIGUSR2 are no longer mapped in the read tty stuff because it - can cause problems. This should hopefully not affect normal - applications. - -Version 4.04 - Fixed a few tests in destest. Also added x86 assember for - des_ncbc_encrypt() which is the standard cbc mode function. - This makes a very very large performace difference. - Ariel Glenn ariel@columbia.edu reports that the terminal - 'turn echo off' can return (errno == EINVAL) under solaris - when redirection is used. So I now catch that as well as ENOTTY. - - -Version 4.03 - Left a static out of enc_write.c, which caused to buffer to be - continiously malloc()ed. Does anyone use these functions? I keep - on feeling like removing them since I only had these in there - for a version of kerberised login. Anyway, this was pointed out - by Theo de Raadt - The 'n' bit ofb code was wrong, it was not shifting the shift - register. It worked correctly for n == 64. Thanks to - Gigi Ankeny for pointing this one out. - -Version 4.02 - I was doing 'if (memcmp(weak_keys[i],key,sizeof(key)) == 0)' - when checking for weak keys which is wrong :-(, pointed out by - Markus F.X.J. Oberhumer . - -Version 4.01 - Even faster inner loop in the DES assembler for x86 and a modification - for IP/FP which is faster on x86. Both of these changes are - from Svend Olaf Mikkelsen . His - changes make the assembler run %40 faster on a pentium. This is just - a case of getting the instruction sequence 'just right'. - All credit to 'Svend' :-) - Quite a few special x86 'make' targets. - A libdes-l (lite) distribution. - -Version 4.00 - After a bit of a pause, I'll up the major version number since this - is mostly a performace release. I've added x86 assembler and - added more options for performance. A %28 speedup for gcc - on a pentium and the assembler is a %50 speedup. - MIPS CPU's, sparc and Alpha are the main CPU's with speedups. - Run des_opts to work out which options should be used. - DES_RISC1/DES_RISC2 use alternative inner loops which use - more registers but should give speedups on any CPU that does - dual issue (pentium). DES_UNROLL unrolls the inner loop, - which costs in code size. - -Version 3.26 - I've finally removed one of the shifts in D_ENCRYPT. This - meant I've changed the des_SPtrans table (spr.h), the set_key() - function and some things in des_enc.c. This has definitly - made things faster :-). I've known about this one for some - time but I've been too lazy to follow it up :-). - Noticed that in the D_ENCRYPT() macro, we can just do L^=(..)^(..)^.. - instead of L^=((..)|(..)|(..).. This should save a register at - least. - Assember for x86. The file to replace is des_enc.c, which is replaced - by one of the assembler files found in asm. Look at des/asm/readme - for more info. - - /* Modification to fcrypt so it can be compiled to support - HPUX 10.x's long password format, define -DLONGCRYPT to use this. - Thanks to Jens Kupferschmidt . */ - - SIGWINCH case put in des_read_passwd() so the function does not - 'exit' if this function is recieved. - -Version 3.25 17/07/96 - Modified read_pwd.c so that stdin can be read if not a tty. - Thanks to Jeff Barber for the patches. - des_init_random_number_generator() shortened due to VMS linker - limits. - Added RSA's DESX cbc mode. It is a form of cbc encryption, with 2 - 8 byte quantites xored before and after encryption. - des_xcbc_encryption() - the name is funny to preserve the des_ - prefix on all functions. - -Version 3.24 20/04/96 - The DES_PTR macro option checked and used by SSLeay configuration - -Version 3.23 11/04/96 - Added DES_LONG. If defined to 'unsigned int' on the DEC Alpha, - it gives a %20 speedup :-) - Fixed the problem with des.pl under perl5. The patches were - sent by Ed Kubaitis (ejk@uiuc.edu). - if fcrypt.c, changed values to handle illegal salt values the way - normal crypt() implementations do. Some programs apparently use - them :-(. The patch was sent by Bjorn Gronvall - -Version 3.22 29/11/95 - Bug in des(1), an error with the uuencoding stuff when the - 'data' is small, thanks to Geoff Keating - for the patch. - -Version 3.21 22/11/95 - After some emailing back and forth with - Colin Plumb , I've tweaked a few things - and in a future version I will probably put in some of the - optimisation he suggested for use with the DES_USE_PTR option. - Extra routines from Mark Murray for use in - freeBSD. They mostly involve random number generation for use - with kerberos. They involve evil machine specific system calls - etc so I would normally suggest pushing this stuff into the - application and/or using RAND_seed()/RAND_bytes() if you are - using this DES library as part of SSLeay. - Redone the read_pw() function so that it is cleaner and - supports termios, thanks to Sameer Parekh - for the initial patches for this. - Renamed 3ecb_encrypt() to ecb3_encrypt(). This has been - done just to make things more consistent. - I have also now added triple DES versions of cfb and ofb. - -Version 3.20 - Damn, Damn, Damn, as pointed out by Mike_Spreitzer.PARC@xerox.com, - my des_random_seed() function was only copying 4 bytes of the - passed seed into the init structure. It is now fixed to copy 8. - My own suggestion is to used something like MD5 :-) - -Version 3.19 - While looking at my code one day, I though, why do I keep on - calling des_encrypt(in,out,ks,enc) when every function that - calls it has in and out the same. So I dropped the 'out' - parameter, people should not be using this function. - -Version 3.18 30/08/95 - Fixed a few bit with the distribution and the filenames. - 3.17 had been munged via a move to DOS and back again. - NO CODE CHANGES - -Version 3.17 14/07/95 - Fixed ede3 cbc which I had broken in 3.16. I have also - removed some unneeded variables in 7-8 of the routines. - -Version 3.16 26/06/95 - Added des_encrypt2() which does not use IP/FP, used by triple - des routines. Tweaked things a bit elsewhere. %13 speedup on - sparc and %6 on a R4400 for ede3 cbc mode. - -Version 3.15 06/06/95 - Added des_ncbc_encrypt(), it is des_cbc mode except that it is - 'normal' and copies the new iv value back over the top of the - passed parameter. - CHANGED des_ede3_cbc_encrypt() so that it too now overwrites - the iv. THIS WILL BREAK EXISTING CODE, but since this function - only new, I feel I can change it, not so with des_cbc_encrypt :-(. - I need to update the documentation. - -Version 3.14 31/05/95 - New release upon the world, as part of my SSL implementation. - New copyright and usage stuff. Basically free for all to use - as long as you say it came from me :-) - -Version 3.13 31/05/95 - A fix in speed.c, if HZ is not defined, I set it to 100.0 - which is reasonable for most unixes except SunOS 4.x. - I now have a #ifdef sun but timing for SunOS 4.x looked very - good :-(. At my last job where I used SunOS 4.x, it was - defined to be 60.0 (look at the old INSTALL documentation), at - the last release had it changed to 100.0 since I now work with - Solaris2 and SVR4 boxes. - Thanks to Rory Chisholm for pointing this - one out. - -Version 3.12 08/05/95 - As pointed out by The Crypt Keeper , - my D_ENCRYPT macro in crypt() had an un-necessary variable. - It has been removed. - -Version 3.11 03/05/95 - Added des_ede3_cbc_encrypt() which is cbc mode des with 3 keys - and one iv. It is a standard and I needed it for my SSL code. - It makes more sense to use this for triple DES than - 3cbc_encrypt(). I have also added (or should I say tested :-) - cfb64_encrypt() which is cfb64 but it will encrypt a partial - number of bytes - 3 bytes in 3 bytes out. Again this is for - my SSL library, as a form of encryption to use with SSL - telnet. - -Version 3.10 22/03/95 - Fixed a bug in 3cbc_encrypt() :-(. When making repeated calls - to cbc3_encrypt, the 2 iv values that were being returned to - be used in the next call were reversed :-(. - Many thanks to Bill Wade for pointing out - this error. - -Version 3.09 01/02/95 - Fixed des_random_key to far more random, it was rather feeble - with regards to picking the initial seed. The problem was - pointed out by Olaf Kirch . - -Version 3.08 14/12/94 - Added Makefile.PL so libdes can be built into perl5. - Changed des_locl.h so RAND is always defined. - -Version 3.07 05/12/94 - Added GNUmake and stuff so the library can be build with - glibc. - -Version 3.06 30/08/94 - Added rpc_enc.c which contains _des_crypt. This is for use in - secure_rpc v 4.0 - Finally fixed the cfb_enc problems. - Fixed a few parameter parsing bugs in des (-3 and -b), thanks - to Rob McMillan - -Version 3.05 21/04/94 - for unsigned long l; gcc does not produce ((l>>34) == 0) - This causes bugs in cfb_enc. - Thanks to Hadmut Danisch - -Version 3.04 20/04/94 - Added a version number to des.c and libdes.a - -Version 3.03 12/01/94 - Fixed a bug in non zero iv in 3cbc_enc. - -Version 3.02 29/10/93 - I now work in a place where there are 6+ architectures and 14+ - OS versions :-). - Fixed TERMIO definition so the most sys V boxes will work :-) - -Release upon comp.sources.misc -Version 3.01 08/10/93 - Added des_3cbc_encrypt() - -Version 3.00 07/10/93 - Fixed up documentation. - quad_cksum definitely compatible with MIT's now. - -Version 2.30 24/08/93 - Triple DES now defaults to triple cbc but can do triple ecb - with the -b flag. - Fixed some MSDOS uuen/uudecoding problems, thanks to - Added prototypes. - -Version 2.22 29/06/93 - Fixed a bug in des_is_weak_key() which stopped it working :-( - thanks to engineering@MorningStar.Com. - -Version 2.21 03/06/93 - des(1) with no arguments gives quite a bit of help. - Added -c (generate ckecksum) flag to des(1). - Added -3 (triple DES) flag to des(1). - Added cfb and ofb routines to the library. - -Version 2.20 11/03/93 - Added -u (uuencode) flag to des(1). - I have been playing with byte order in quad_cksum to make it - compatible with MIT's version. All I can say is avid this - function if possible since MIT's output is endian dependent. - -Version 2.12 14/10/92 - Added MSDOS specific macro in ecb_encrypt which gives a %70 - speed up when the code is compiled with turbo C. - -Version 2.11 12/10/92 - Speedup in set_key (recoding of PC-1) - I now do it in 47 simple operations, down from 60. - Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov) - for motivating me to look for a faster system :-) - The speedup is probably less that 1% but it is still 13 - instructions less :-). - -Version 2.10 06/10/92 - The code now works on the 64bit ETA10 and CRAY without modifications or - #defines. I believe the code should work on any machine that - defines long, int or short to be 8 bytes long. - Thanks to Shabbir J. Safdar (shabby@mentor.cc.purdue.edu) - for helping me fix the code to run on 64bit machines (he had - access to an ETA10). - Thanks also to John Fletcher - for testing the routines on a CRAY. - read_password.c has been renamed to read_passwd.c - string_to_key.c has been renamed to string2key.c - -Version 2.00 14/09/92 - Made mods so that the library should work on 64bit CPU's. - Removed all my uchar and ulong defs. To many different - versions of unix define them in their header files in too many - different combinations :-) - IRIX - Sillicon Graphics mods (mostly in read_password.c). - Thanks to Andrew Daviel (advax@erich.triumf.ca) - -Version 1.99 26/08/92 - Fixed a bug or 2 in enc_read.c - Fixed a bug in enc_write.c - Fixed a pseudo bug in fcrypt.c (very obscure). - -Version 1.98 31/07/92 - Support for the ETA10. This is a strange machine that defines - longs and ints as 8 bytes and shorts as 4 bytes. - Since I do evil things with long * that assume that they are 4 - bytes. Look in the Makefile for the option to compile for - this machine. quad_cksum appears to have problems but I - will don't have the time to fix it right now, and this is not - a function that uses DES and so will not effect the main uses - of the library. - -Version 1.97 20/05/92 eay - Fixed the Imakefile and made some changes to des.h to fix some - problems when building this package with Kerberos v 4. - -Version 1.96 18/05/92 eay - Fixed a small bug in string_to_key() where problems could - occur if des_check_key was set to true and the string - generated a weak key. - -Patch2 posted to comp.sources.misc -Version 1.95 13/05/92 eay - Added an alternative version of the D_ENCRYPT macro in - ecb_encrypt and fcrypt. Depending on the compiler, one version or the - other will be faster. This was inspired by - Dana How , and her pointers about doing the - *(ulong *)((uchar *)ptr+(value&0xfc)) - vs - ptr[value&0x3f] - to stop the C compiler doing a <<2 to convert the long array index. - -Version 1.94 05/05/92 eay - Fixed an incompatibility between my string_to_key and the MIT - version. When the key is longer than 8 chars, I was wrapping - with a different method. To use the old version, define - OLD_STR_TO_KEY in the makefile. Thanks to - viktor@newsu.shearson.com (Viktor Dukhovni). - -Version 1.93 28/04/92 eay - Fixed the VMS mods so that echo is now turned off in - read_password. Thanks again to brennan@coco.cchs.su.oz.AU. - MSDOS support added. The routines can be compiled with - Turbo C (v2.0) and MSC (v5.1). Make sure MSDOS is defined. - -Patch1 posted to comp.sources.misc -Version 1.92 13/04/92 eay - Changed D_ENCRYPT so that the rotation of R occurs outside of - the loop. This required rotating all the longs in sp.h (now - called spr.h). Thanks to Richard Outerbridge <71755.204@CompuServe.COM> - speed.c has been changed so it will work without SIGALRM. If - times(3) is not present it will try to use ftime() instead. - -Version 1.91 08/04/92 eay - Added -E/-D options to des(1) so it can use string_to_key. - Added SVR4 mods suggested by witr@rwwa.COM - Added VMS mods suggested by brennan@coco.cchs.su.oz.AU. If - anyone knows how to turn of tty echo in VMS please tell me or - implement it yourself :-). - Changed FILE *IN/*OUT to *DES_IN/*DES_OUT since it appears VMS - does not like IN/OUT being used. - -Libdes posted to comp.sources.misc -Version 1.9 24/03/92 eay - Now contains a fast small crypt replacement. - Added des(1) command. - Added des_rw_mode so people can use cbc encryption with - enc_read and enc_write. - -Version 1.8 15/10/91 eay - Bug in cbc_cksum. - Many thanks to Keith Reynolds (keithr@sco.COM) for pointing this - one out. - -Version 1.7 24/09/91 eay - Fixed set_key :-) - set_key is 4 times faster and takes less space. - There are a few minor changes that could be made. - -Version 1.6 19/09/1991 eay - Finally go IP and FP finished. - Now I need to fix set_key. - This version is quite a bit faster that 1.51 - -Version 1.52 15/06/1991 eay - 20% speedup in ecb_encrypt by changing the E bit selection - to use 2 32bit words. This also required modification of the - sp table. There is still a way to speedup the IP and IP-1 - (hints from outer@sq.com) still working on this one :-(. - -Version 1.51 07/06/1991 eay - Faster des_encrypt by loop unrolling - Fixed bug in quad_cksum.c (thanks to hughes@logos.ucs.indiana.edu) - -Version 1.50 28/05/1991 eay - Optimised the code a bit more for the sparc. I have improved the - speed of the inner des_encrypt by speeding up the initial and - final permutations. - -Version 1.40 23/10/1990 eay - Fixed des_random_key, it did not produce a random key :-( - -Version 1.30 2/10/1990 eay - Have made des_quad_cksum the same as MIT's, the full package - should be compatible with MIT's - Have tested on a DECstation 3100 - Still need to fix des_set_key (make it faster). - Does des_cbc_encrypts at 70.5k/sec on a 3100. - -Version 1.20 18/09/1990 eay - Fixed byte order dependencies. - Fixed (I hope) all the word alignment problems. - Speedup in des_ecb_encrypt. - -Version 1.10 11/09/1990 eay - Added des_enc_read and des_enc_write. - Still need to fix des_quad_cksum. - Still need to document des_enc_read and des_enc_write. - -Version 1.00 27/08/1990 eay - diff --git a/src/lib/libcrypto/des/asm/crypt586.pl b/src/lib/libcrypto/des/asm/crypt586.pl index 3d41d82f69d..e36f7d44bd7 100644 --- a/src/lib/libcrypto/des/asm/crypt586.pl +++ b/src/lib/libcrypto/des/asm/crypt586.pl @@ -6,7 +6,8 @@ # things perfect. # -push(@INC,"perlasm","../../perlasm"); +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +push(@INC,"${dir}","${dir}../../perlasm"); require "x86asm.pl"; &asm_init($ARGV[0],"crypt586.pl"); @@ -22,15 +23,22 @@ sub fcrypt_body { local($name,$do_ip)=@_; - &function_begin($name,"EXTRN _DES_SPtrans:DWORD"); + &function_begin($name); &comment(""); &comment("Load the 2 words"); - $ks="ebp"; + $trans="ebp"; &xor( $L, $L); &xor( $R, $R); - &mov($ks,&wparam(1)); + + # PIC-ification:-) + &picmeup("edx","DES_SPtrans"); + #if ($cpp) { &picmeup("edx","DES_SPtrans"); } + #else { &lea("edx",&DWP("DES_SPtrans")); } + &push("edx"); # becomes &swtmp(1) + # + &mov($trans,&wparam(1)); # reloaded with DES_SPtrans in D_ENCRYPT &push(&DWC(25)); # add a variable @@ -39,11 +47,11 @@ sub fcrypt_body { &comment(""); &comment("Round $i"); - &D_ENCRYPT($i,$L,$R,$i*2,$ks,"DES_SPtrans","eax","ebx","ecx","edx"); + &D_ENCRYPT($i,$L,$R,$i*2,$trans,"eax","ebx","ecx","edx"); &comment(""); &comment("Round ".sprintf("%d",$i+1)); - &D_ENCRYPT($i+1,$R,$L,($i+1)*2,$ks,"DES_SPtrans","eax","ebx","ecx","edx"); + &D_ENCRYPT($i+1,$R,$L,($i+1)*2,$trans,"eax","ebx","ecx","edx"); } &mov("ebx", &swtmp(0)); &mov("eax", $L); @@ -61,14 +69,14 @@ sub fcrypt_body &mov(&DWP(0,"edx","",0),"eax"); &mov(&DWP(4,"edx","",0),$L); - &pop("ecx"); # remove variable + &add("esp",8); # remove variables &function_end($name); } sub D_ENCRYPT { - local($r,$L,$R,$S,$ks,$desSP,$u,$tmp1,$tmp2,$t)=@_; + local($r,$L,$R,$S,$trans,$u,$tmp1,$tmp2,$t)=@_; &mov( $u, &wparam(2)); # 2 &mov( $t, $R); @@ -85,9 +93,9 @@ sub D_ENCRYPT &shl( $tmp2, 16); # 1 &xor( $u, $tmp1); # 2 &xor( $t, $tmp2); # 2 - &mov( $tmp1, &DWP(&n2a($S*4),$ks,"",0)); # 2 + &mov( $tmp1, &DWP(&n2a($S*4),$trans,"",0)); # 2 &xor( $u, $tmp1); - &mov( $tmp2, &DWP(&n2a(($S+1)*4),$ks,"",0)); # 2 + &mov( $tmp2, &DWP(&n2a(($S+1)*4),$trans,"",0)); # 2 &xor( $u, $R); &xor( $t, $R); &xor( $t, $tmp2); @@ -99,31 +107,28 @@ sub D_ENCRYPT &movb( &LB($tmp1), &LB($u) ); &movb( &LB($tmp2), &HB($u) ); &rotr( $t, 4 ); - &mov( $ks, &DWP(" $desSP",$tmp1,"",0)); + &mov( $trans, &swtmp(1)); + &xor( $L, &DWP(" ",$trans,$tmp1,0)); &movb( &LB($tmp1), &LB($t) ); - &xor( $L, $ks); - &mov( $ks, &DWP("0x200+$desSP",$tmp2,"",0)); - &xor( $L, $ks); + &xor( $L, &DWP("0x200",$trans,$tmp2,0)); &movb( &LB($tmp2), &HB($t) ); &shr( $u, 16); - &mov( $ks, &DWP("0x100+$desSP",$tmp1,"",0)); - &xor( $L, $ks); + &xor( $L, &DWP("0x100",$trans,$tmp1,0)); &movb( &LB($tmp1), &HB($u) ); &shr( $t, 16); - &mov( $ks, &DWP("0x300+$desSP",$tmp2,"",0)); - &xor( $L, $ks); - &mov( $ks, &wparam(1)); + &xor( $L, &DWP("0x300",$trans,$tmp2,0)); &movb( &LB($tmp2), &HB($t) ); &and( $u, "0xff" ); &and( $t, "0xff" ); - &mov( $tmp1, &DWP("0x600+$desSP",$tmp1,"",0)); + &mov( $tmp1, &DWP("0x600",$trans,$tmp1,0)); &xor( $L, $tmp1); - &mov( $tmp1, &DWP("0x700+$desSP",$tmp2,"",0)); + &mov( $tmp1, &DWP("0x700",$trans,$tmp2,0)); &xor( $L, $tmp1); - &mov( $tmp1, &DWP("0x400+$desSP",$u,"",0)); + &mov( $tmp1, &DWP("0x400",$trans,$u,0)); &xor( $L, $tmp1); - &mov( $tmp1, &DWP("0x500+$desSP",$t,"",0)); + &mov( $tmp1, &DWP("0x500",$trans,$t,0)); &xor( $L, $tmp1); + &mov( $trans, &wparam(1)); } sub n2a diff --git a/src/lib/libcrypto/des/asm/des-586.pl b/src/lib/libcrypto/des/asm/des-586.pl index 0d08e8a3a9e..5b5f39cebd1 100644 --- a/src/lib/libcrypto/des/asm/des-586.pl +++ b/src/lib/libcrypto/des/asm/des-586.pl @@ -4,7 +4,8 @@ # Svend Olaf Mikkelsen # -push(@INC,"perlasm","../../perlasm"); +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +push(@INC,"${dir}","${dir}../../perlasm"); require "x86asm.pl"; require "cbc.pl"; require "desboth.pl"; @@ -18,29 +19,110 @@ $L="edi"; $R="esi"; +$trans="ebp"; +$small_footprint=1 if (grep(/\-DOPENSSL_SMALL_FOOTPRINT/,@ARGV)); +# one can discuss setting this variable to 1 unconditionally, as +# the folded loop is only 3% slower than unrolled, but >7 times smaller -&external_label("DES_SPtrans"); +&public_label("DES_SPtrans"); + +&DES_encrypt_internal(); +&DES_decrypt_internal(); &DES_encrypt("DES_encrypt1",1); &DES_encrypt("DES_encrypt2",0); &DES_encrypt3("DES_encrypt3",1); &DES_encrypt3("DES_decrypt3",0); &cbc("DES_ncbc_encrypt","DES_encrypt1","DES_encrypt1",0,4,5,3,5,-1); &cbc("DES_ede3_cbc_encrypt","DES_encrypt3","DES_decrypt3",0,6,7,3,4,5); +&DES_SPtrans(); &asm_finish(); +sub DES_encrypt_internal() + { + &function_begin_B("_x86_DES_encrypt"); + + if ($small_footprint) + { + &lea("edx",&DWP(128,"ecx")); + &push("edx"); + &push("ecx"); + &set_label("eloop"); + &D_ENCRYPT(0,$L,$R,0,$trans,"eax","ebx","ecx","edx",&swtmp(0)); + &comment(""); + &D_ENCRYPT(1,$R,$L,2,$trans,"eax","ebx","ecx","edx",&swtmp(0)); + &comment(""); + &add("ecx",16); + &cmp("ecx",&swtmp(1)); + &mov(&swtmp(0),"ecx"); + &jb(&label("eloop")); + &add("esp",8); + } + else + { + &push("ecx"); + for ($i=0; $i<16; $i+=2) + { + &comment("Round $i"); + &D_ENCRYPT($i,$L,$R,$i*2,$trans,"eax","ebx","ecx","edx",&swtmp(0)); + &comment("Round ".sprintf("%d",$i+1)); + &D_ENCRYPT($i+1,$R,$L,($i+1)*2,$trans,"eax","ebx","ecx","edx",&swtmp(0)); + } + &add("esp",4); + } + &ret(); + + &function_end_B("_x86_DES_encrypt"); + } + +sub DES_decrypt_internal() + { + &function_begin_B("_x86_DES_decrypt"); + + if ($small_footprint) + { + &push("ecx"); + &lea("ecx",&DWP(128,"ecx")); + &push("ecx"); + &set_label("dloop"); + &D_ENCRYPT(0,$L,$R,-2,$trans,"eax","ebx","ecx","edx",&swtmp(0)); + &comment(""); + &D_ENCRYPT(1,$R,$L,-4,$trans,"eax","ebx","ecx","edx",&swtmp(0)); + &comment(""); + &sub("ecx",16); + &cmp("ecx",&swtmp(1)); + &mov(&swtmp(0),"ecx"); + &ja(&label("dloop")); + &add("esp",8); + } + else + { + &push("ecx"); + for ($i=15; $i>0; $i-=2) + { + &comment("Round $i"); + &D_ENCRYPT(15-$i,$L,$R,$i*2,$trans,"eax","ebx","ecx","edx",&swtmp(0)); + &comment("Round ".sprintf("%d",$i-1)); + &D_ENCRYPT(15-$i+1,$R,$L,($i-1)*2,$trans,"eax","ebx","ecx","edx",&swtmp(0)); + } + &add("esp",4); + } + &ret(); + + &function_end_B("_x86_DES_decrypt"); + } + sub DES_encrypt { local($name,$do_ip)=@_; - &function_begin_B($name,"EXTRN _DES_SPtrans:DWORD"); + &function_begin_B($name); &push("esi"); &push("edi"); &comment(""); &comment("Load the 2 words"); - $ks="ebp"; if ($do_ip) { @@ -72,35 +154,21 @@ sub DES_encrypt &rotl($L,3); } - &mov( $ks, &wparam(1) ); - &cmp("ebx","0"); - &je(&label("start_decrypt")); - - for ($i=0; $i<16; $i+=2) - { - &comment(""); - &comment("Round $i"); - &D_ENCRYPT($i,$L,$R,$i*2,$ks,"DES_SPtrans","eax","ebx","ecx","edx"); - - &comment(""); - &comment("Round ".sprintf("%d",$i+1)); - &D_ENCRYPT($i+1,$R,$L,($i+1)*2,$ks,"DES_SPtrans","eax","ebx","ecx","edx"); - } - &jmp(&label("end")); - - &set_label("start_decrypt"); + # PIC-ification:-) + &call (&label("pic_point")); + &set_label("pic_point"); + &blindpop($trans); + &lea ($trans,&DWP(&label("DES_SPtrans")."-".&label("pic_point"),$trans)); - for ($i=15; $i>0; $i-=2) - { - &comment(""); - &comment("Round $i"); - &D_ENCRYPT(15-$i,$L,$R,$i*2,$ks,"DES_SPtrans","eax","ebx","ecx","edx"); - &comment(""); - &comment("Round ".sprintf("%d",$i-1)); - &D_ENCRYPT(15-$i+1,$R,$L,($i-1)*2,$ks,"DES_SPtrans","eax","ebx","ecx","edx"); - } + &mov( "ecx", &wparam(1) ); - &set_label("end"); + &cmp("ebx","0"); + &je(&label("decrypt")); + &call("_x86_DES_encrypt"); + &jmp(&label("done")); + &set_label("decrypt"); + &call("_x86_DES_decrypt"); + &set_label("done"); if ($do_ip) { @@ -134,43 +202,36 @@ sub DES_encrypt sub D_ENCRYPT { - local($r,$L,$R,$S,$ks,$desSP,$u,$tmp1,$tmp2,$t)=@_; + local($r,$L,$R,$S,$trans,$u,$tmp1,$tmp2,$t,$wp1)=@_; - &mov( $u, &DWP(&n2a($S*4),$ks,"",0)); + &mov( $u, &DWP(&n2a($S*4),$tmp2,"",0)); &xor( $tmp1, $tmp1); - &mov( $t, &DWP(&n2a(($S+1)*4),$ks,"",0)); + &mov( $t, &DWP(&n2a(($S+1)*4),$tmp2,"",0)); &xor( $u, $R); + &xor( $tmp2, $tmp2); &xor( $t, $R); &and( $u, "0xfcfcfcfc" ); &and( $t, "0xcfcfcfcf" ); &movb( &LB($tmp1), &LB($u) ); &movb( &LB($tmp2), &HB($u) ); &rotr( $t, 4 ); - &mov( $ks, &DWP(" $desSP",$tmp1,"",0)); + &xor( $L, &DWP(" ",$trans,$tmp1,0)); &movb( &LB($tmp1), &LB($t) ); - &xor( $L, $ks); - &mov( $ks, &DWP("0x200+$desSP",$tmp2,"",0)); - &xor( $L, $ks); ###### + &xor( $L, &DWP("0x200",$trans,$tmp2,0)); &movb( &LB($tmp2), &HB($t) ); &shr( $u, 16); - &mov( $ks, &DWP("0x100+$desSP",$tmp1,"",0)); - &xor( $L, $ks); ###### + &xor( $L, &DWP("0x100",$trans,$tmp1,0)); &movb( &LB($tmp1), &HB($u) ); &shr( $t, 16); - &mov( $ks, &DWP("0x300+$desSP",$tmp2,"",0)); - &xor( $L, $ks); - &mov( $ks, &wparam(1) ); + &xor( $L, &DWP("0x300",$trans,$tmp2,0)); &movb( &LB($tmp2), &HB($t) ); &and( $u, "0xff" ); &and( $t, "0xff" ); - &mov( $tmp1, &DWP("0x600+$desSP",$tmp1,"",0)); - &xor( $L, $tmp1); - &mov( $tmp1, &DWP("0x700+$desSP",$tmp2,"",0)); - &xor( $L, $tmp1); - &mov( $tmp1, &DWP("0x400+$desSP",$u,"",0)); - &xor( $L, $tmp1); - &mov( $tmp1, &DWP("0x500+$desSP",$t,"",0)); - &xor( $L, $tmp1); + &xor( $L, &DWP("0x600",$trans,$tmp1,0)); + &xor( $L, &DWP("0x700",$trans,$tmp2,0)); + &mov( $tmp2, $wp1 ); + &xor( $L, &DWP("0x400",$trans,$u,0)); + &xor( $L, &DWP("0x500",$trans,$t,0)); } sub n2a @@ -251,3 +312,142 @@ sub FP_new &rotr($tt , 4); } +sub DES_SPtrans + { + &set_label("DES_SPtrans",64); + &data_word(0x02080800, 0x00080000, 0x02000002, 0x02080802); + &data_word(0x02000000, 0x00080802, 0x00080002, 0x02000002); + &data_word(0x00080802, 0x02080800, 0x02080000, 0x00000802); + &data_word(0x02000802, 0x02000000, 0x00000000, 0x00080002); + &data_word(0x00080000, 0x00000002, 0x02000800, 0x00080800); + &data_word(0x02080802, 0x02080000, 0x00000802, 0x02000800); + &data_word(0x00000002, 0x00000800, 0x00080800, 0x02080002); + &data_word(0x00000800, 0x02000802, 0x02080002, 0x00000000); + &data_word(0x00000000, 0x02080802, 0x02000800, 0x00080002); + &data_word(0x02080800, 0x00080000, 0x00000802, 0x02000800); + &data_word(0x02080002, 0x00000800, 0x00080800, 0x02000002); + &data_word(0x00080802, 0x00000002, 0x02000002, 0x02080000); + &data_word(0x02080802, 0x00080800, 0x02080000, 0x02000802); + &data_word(0x02000000, 0x00000802, 0x00080002, 0x00000000); + &data_word(0x00080000, 0x02000000, 0x02000802, 0x02080800); + &data_word(0x00000002, 0x02080002, 0x00000800, 0x00080802); + # nibble 1 + &data_word(0x40108010, 0x00000000, 0x00108000, 0x40100000); + &data_word(0x40000010, 0x00008010, 0x40008000, 0x00108000); + &data_word(0x00008000, 0x40100010, 0x00000010, 0x40008000); + &data_word(0x00100010, 0x40108000, 0x40100000, 0x00000010); + &data_word(0x00100000, 0x40008010, 0x40100010, 0x00008000); + &data_word(0x00108010, 0x40000000, 0x00000000, 0x00100010); + &data_word(0x40008010, 0x00108010, 0x40108000, 0x40000010); + &data_word(0x40000000, 0x00100000, 0x00008010, 0x40108010); + &data_word(0x00100010, 0x40108000, 0x40008000, 0x00108010); + &data_word(0x40108010, 0x00100010, 0x40000010, 0x00000000); + &data_word(0x40000000, 0x00008010, 0x00100000, 0x40100010); + &data_word(0x00008000, 0x40000000, 0x00108010, 0x40008010); + &data_word(0x40108000, 0x00008000, 0x00000000, 0x40000010); + &data_word(0x00000010, 0x40108010, 0x00108000, 0x40100000); + &data_word(0x40100010, 0x00100000, 0x00008010, 0x40008000); + &data_word(0x40008010, 0x00000010, 0x40100000, 0x00108000); + # nibble 2 + &data_word(0x04000001, 0x04040100, 0x00000100, 0x04000101); + &data_word(0x00040001, 0x04000000, 0x04000101, 0x00040100); + &data_word(0x04000100, 0x00040000, 0x04040000, 0x00000001); + &data_word(0x04040101, 0x00000101, 0x00000001, 0x04040001); + &data_word(0x00000000, 0x00040001, 0x04040100, 0x00000100); + &data_word(0x00000101, 0x04040101, 0x00040000, 0x04000001); + &data_word(0x04040001, 0x04000100, 0x00040101, 0x04040000); + &data_word(0x00040100, 0x00000000, 0x04000000, 0x00040101); + &data_word(0x04040100, 0x00000100, 0x00000001, 0x00040000); + &data_word(0x00000101, 0x00040001, 0x04040000, 0x04000101); + &data_word(0x00000000, 0x04040100, 0x00040100, 0x04040001); + &data_word(0x00040001, 0x04000000, 0x04040101, 0x00000001); + &data_word(0x00040101, 0x04000001, 0x04000000, 0x04040101); + &data_word(0x00040000, 0x04000100, 0x04000101, 0x00040100); + &data_word(0x04000100, 0x00000000, 0x04040001, 0x00000101); + &data_word(0x04000001, 0x00040101, 0x00000100, 0x04040000); + # nibble 3 + &data_word(0x00401008, 0x10001000, 0x00000008, 0x10401008); + &data_word(0x00000000, 0x10400000, 0x10001008, 0x00400008); + &data_word(0x10401000, 0x10000008, 0x10000000, 0x00001008); + &data_word(0x10000008, 0x00401008, 0x00400000, 0x10000000); + &data_word(0x10400008, 0x00401000, 0x00001000, 0x00000008); + &data_word(0x00401000, 0x10001008, 0x10400000, 0x00001000); + &data_word(0x00001008, 0x00000000, 0x00400008, 0x10401000); + &data_word(0x10001000, 0x10400008, 0x10401008, 0x00400000); + &data_word(0x10400008, 0x00001008, 0x00400000, 0x10000008); + &data_word(0x00401000, 0x10001000, 0x00000008, 0x10400000); + &data_word(0x10001008, 0x00000000, 0x00001000, 0x00400008); + &data_word(0x00000000, 0x10400008, 0x10401000, 0x00001000); + &data_word(0x10000000, 0x10401008, 0x00401008, 0x00400000); + &data_word(0x10401008, 0x00000008, 0x10001000, 0x00401008); + &data_word(0x00400008, 0x00401000, 0x10400000, 0x10001008); + &data_word(0x00001008, 0x10000000, 0x10000008, 0x10401000); + # nibble 4 + &data_word(0x08000000, 0x00010000, 0x00000400, 0x08010420); + &data_word(0x08010020, 0x08000400, 0x00010420, 0x08010000); + &data_word(0x00010000, 0x00000020, 0x08000020, 0x00010400); + &data_word(0x08000420, 0x08010020, 0x08010400, 0x00000000); + &data_word(0x00010400, 0x08000000, 0x00010020, 0x00000420); + &data_word(0x08000400, 0x00010420, 0x00000000, 0x08000020); + &data_word(0x00000020, 0x08000420, 0x08010420, 0x00010020); + &data_word(0x08010000, 0x00000400, 0x00000420, 0x08010400); + &data_word(0x08010400, 0x08000420, 0x00010020, 0x08010000); + &data_word(0x00010000, 0x00000020, 0x08000020, 0x08000400); + &data_word(0x08000000, 0x00010400, 0x08010420, 0x00000000); + &data_word(0x00010420, 0x08000000, 0x00000400, 0x00010020); + &data_word(0x08000420, 0x00000400, 0x00000000, 0x08010420); + &data_word(0x08010020, 0x08010400, 0x00000420, 0x00010000); + &data_word(0x00010400, 0x08010020, 0x08000400, 0x00000420); + &data_word(0x00000020, 0x00010420, 0x08010000, 0x08000020); + # nibble 5 + &data_word(0x80000040, 0x00200040, 0x00000000, 0x80202000); + &data_word(0x00200040, 0x00002000, 0x80002040, 0x00200000); + &data_word(0x00002040, 0x80202040, 0x00202000, 0x80000000); + &data_word(0x80002000, 0x80000040, 0x80200000, 0x00202040); + &data_word(0x00200000, 0x80002040, 0x80200040, 0x00000000); + &data_word(0x00002000, 0x00000040, 0x80202000, 0x80200040); + &data_word(0x80202040, 0x80200000, 0x80000000, 0x00002040); + &data_word(0x00000040, 0x00202000, 0x00202040, 0x80002000); + &data_word(0x00002040, 0x80000000, 0x80002000, 0x00202040); + &data_word(0x80202000, 0x00200040, 0x00000000, 0x80002000); + &data_word(0x80000000, 0x00002000, 0x80200040, 0x00200000); + &data_word(0x00200040, 0x80202040, 0x00202000, 0x00000040); + &data_word(0x80202040, 0x00202000, 0x00200000, 0x80002040); + &data_word(0x80000040, 0x80200000, 0x00202040, 0x00000000); + &data_word(0x00002000, 0x80000040, 0x80002040, 0x80202000); + &data_word(0x80200000, 0x00002040, 0x00000040, 0x80200040); + # nibble 6 + &data_word(0x00004000, 0x00000200, 0x01000200, 0x01000004); + &data_word(0x01004204, 0x00004004, 0x00004200, 0x00000000); + &data_word(0x01000000, 0x01000204, 0x00000204, 0x01004000); + &data_word(0x00000004, 0x01004200, 0x01004000, 0x00000204); + &data_word(0x01000204, 0x00004000, 0x00004004, 0x01004204); + &data_word(0x00000000, 0x01000200, 0x01000004, 0x00004200); + &data_word(0x01004004, 0x00004204, 0x01004200, 0x00000004); + &data_word(0x00004204, 0x01004004, 0x00000200, 0x01000000); + &data_word(0x00004204, 0x01004000, 0x01004004, 0x00000204); + &data_word(0x00004000, 0x00000200, 0x01000000, 0x01004004); + &data_word(0x01000204, 0x00004204, 0x00004200, 0x00000000); + &data_word(0x00000200, 0x01000004, 0x00000004, 0x01000200); + &data_word(0x00000000, 0x01000204, 0x01000200, 0x00004200); + &data_word(0x00000204, 0x00004000, 0x01004204, 0x01000000); + &data_word(0x01004200, 0x00000004, 0x00004004, 0x01004204); + &data_word(0x01000004, 0x01004200, 0x01004000, 0x00004004); + # nibble 7 + &data_word(0x20800080, 0x20820000, 0x00020080, 0x00000000); + &data_word(0x20020000, 0x00800080, 0x20800000, 0x20820080); + &data_word(0x00000080, 0x20000000, 0x00820000, 0x00020080); + &data_word(0x00820080, 0x20020080, 0x20000080, 0x20800000); + &data_word(0x00020000, 0x00820080, 0x00800080, 0x20020000); + &data_word(0x20820080, 0x20000080, 0x00000000, 0x00820000); + &data_word(0x20000000, 0x00800000, 0x20020080, 0x20800080); + &data_word(0x00800000, 0x00020000, 0x20820000, 0x00000080); + &data_word(0x00800000, 0x00020000, 0x20000080, 0x20820080); + &data_word(0x00020080, 0x20000000, 0x00000000, 0x00820000); + &data_word(0x20800080, 0x20020080, 0x20020000, 0x00800080); + &data_word(0x20820000, 0x00000080, 0x00800080, 0x20020000); + &data_word(0x20820080, 0x00800000, 0x20800000, 0x20000080); + &data_word(0x00820000, 0x00020080, 0x20020080, 0x20800000); + &data_word(0x00000080, 0x20820000, 0x00820080, 0x00000000); + &data_word(0x20000000, 0x20800080, 0x00020000, 0x00820080); + } diff --git a/src/lib/libcrypto/des/asm/des686.pl b/src/lib/libcrypto/des/asm/des686.pl deleted file mode 100644 index d3ad5d5edd5..00000000000 --- a/src/lib/libcrypto/des/asm/des686.pl +++ /dev/null @@ -1,230 +0,0 @@ -#!/usr/local/bin/perl - -$prog="des686.pl"; - -# base code is in microsft -# op dest, source -# format. -# - -# WILL NOT WORK ANYMORE WITH desboth.pl -require "desboth.pl"; - -if ( ($ARGV[0] eq "elf")) - { require "x86unix.pl"; } -elsif ( ($ARGV[0] eq "a.out")) - { $aout=1; require "x86unix.pl"; } -elsif ( ($ARGV[0] eq "sol")) - { $sol=1; require "x86unix.pl"; } -elsif ( ($ARGV[0] eq "cpp")) - { $cpp=1; require "x86unix.pl"; } -elsif ( ($ARGV[0] eq "win32")) - { require "x86ms.pl"; } -else - { - print STDERR <<"EOF"; -Pick one target type from - elf - linux, FreeBSD etc - a.out - old linux - sol - x86 solaris - cpp - format so x86unix.cpp can be used - win32 - Windows 95/Windows NT -EOF - exit(1); - } - -&comment("Don't even think of reading this code"); -&comment("It was automatically generated by $prog"); -&comment("Which is a perl program used to generate the x86 assember for"); -&comment("any of elf, a.out, Win32, or Solaris"); -&comment("It can be found in SSLeay 0.6.5+ or in libdes 3.26+"); -&comment("eric "); -&comment(""); - -&file("dx86xxxx"); - -$L="edi"; -$R="esi"; - -&DES_encrypt("DES_encrypt1",1); -&DES_encrypt("DES_encrypt2",0); - -&DES_encrypt3("DES_encrypt3",1); -&DES_encrypt3("DES_decrypt3",0); - -&file_end(); - -sub DES_encrypt - { - local($name,$do_ip)=@_; - - &function_begin($name,"EXTRN _DES_SPtrans:DWORD"); - - &comment(""); - &comment("Load the 2 words"); - &mov("eax",&wparam(0)); - &mov($L,&DWP(0,"eax","",0)); - &mov($R,&DWP(4,"eax","",0)); - - $ksp=&wparam(1); - - if ($do_ip) - { - &comment(""); - &comment("IP"); - &IP_new($L,$R,"eax"); - } - - &comment(""); - &comment("fixup rotate"); - &rotl($R,3); - &rotl($L,3); - &exch($L,$R); - - &comment(""); - &comment("load counter, key_schedule and enc flag"); - &mov("eax",&wparam(2)); # get encrypt flag - &mov("ebp",&wparam(1)); # get ks - &cmp("eax","0"); - &je(&label("start_decrypt")); - - # encrypting part - - for ($i=0; $i<16; $i+=2) - { - &comment(""); - &comment("Round $i"); - &D_ENCRYPT($L,$R,$i*2,"ebp","DES_SPtrans","ecx","edx","eax","ebx"); - - &comment(""); - &comment("Round ".sprintf("%d",$i+1)); - &D_ENCRYPT($R,$L,($i+1)*2,"ebp","DES_SPtrans","ecx","edx","eax","ebx"); - } - &jmp(&label("end")); - - &set_label("start_decrypt"); - - for ($i=15; $i>0; $i-=2) - { - &comment(""); - &comment("Round $i"); - &D_ENCRYPT($L,$R,$i*2,"ebp","DES_SPtrans","ecx","edx","eax","ebx"); - &comment(""); - &comment("Round ".sprintf("%d",$i-1)); - &D_ENCRYPT($R,$L,($i-1)*2,"ebp","DES_SPtrans","ecx","edx","eax","ebx"); - } - - &set_label("end"); - - &comment(""); - &comment("Fixup"); - &rotr($L,3); # r - &rotr($R,3); # l - - if ($do_ip) - { - &comment(""); - &comment("FP"); - &FP_new($R,$L,"eax"); - } - - &mov("eax",&wparam(0)); - &mov(&DWP(0,"eax","",0),$L); - &mov(&DWP(4,"eax","",0),$R); - - &function_end($name); - } - - -# The logic is to load R into 2 registers and operate on both at the same time. -# We also load the 2 R's into 2 more registers so we can do the 'move word down a byte' -# while also masking the other copy and doing a lookup. We then also accumulate the -# L value in 2 registers then combine them at the end. -sub D_ENCRYPT - { - local($L,$R,$S,$ks,$desSP,$u,$t,$tmp1,$tmp2,$tmp3)=@_; - - &mov( $u, &DWP(&n2a($S*4),$ks,"",0)); - &mov( $t, &DWP(&n2a(($S+1)*4),$ks,"",0)); - &xor( $u, $R ); - &xor( $t, $R ); - &rotr( $t, 4 ); - - # the numbers at the end of the line are origional instruction order - &mov( $tmp2, $u ); # 1 2 - &mov( $tmp1, $t ); # 1 1 - &and( $tmp2, "0xfc" ); # 1 4 - &and( $tmp1, "0xfc" ); # 1 3 - &shr( $t, 8 ); # 1 5 - &xor( $L, &DWP("0x100+$desSP",$tmp1,"",0)); # 1 7 - &shr( $u, 8 ); # 1 6 - &mov( $tmp1, &DWP(" $desSP",$tmp2,"",0)); # 1 8 - - &mov( $tmp2, $u ); # 2 2 - &xor( $L, $tmp1 ); # 1 9 - &and( $tmp2, "0xfc" ); # 2 4 - &mov( $tmp1, $t ); # 2 1 - &and( $tmp1, "0xfc" ); # 2 3 - &shr( $t, 8 ); # 2 5 - &xor( $L, &DWP("0x300+$desSP",$tmp1,"",0)); # 2 7 - &shr( $u, 8 ); # 2 6 - &mov( $tmp1, &DWP("0x200+$desSP",$tmp2,"",0)); # 2 8 - &mov( $tmp2, $u ); # 3 2 - - &xor( $L, $tmp1 ); # 2 9 - &and( $tmp2, "0xfc" ); # 3 4 - - &mov( $tmp1, $t ); # 3 1 - &shr( $u, 8 ); # 3 6 - &and( $tmp1, "0xfc" ); # 3 3 - &shr( $t, 8 ); # 3 5 - &xor( $L, &DWP("0x500+$desSP",$tmp1,"",0)); # 3 7 - &mov( $tmp1, &DWP("0x400+$desSP",$tmp2,"",0)); # 3 8 - - &and( $t, "0xfc" ); # 4 1 - &xor( $L, $tmp1 ); # 3 9 - - &and( $u, "0xfc" ); # 4 2 - &xor( $L, &DWP("0x700+$desSP",$t,"",0)); # 4 3 - &xor( $L, &DWP("0x600+$desSP",$u,"",0)); # 4 4 - } - -sub PERM_OP - { - local($a,$b,$tt,$shift,$mask)=@_; - - &mov( $tt, $a ); - &shr( $tt, $shift ); - &xor( $tt, $b ); - &and( $tt, $mask ); - &xor( $b, $tt ); - &shl( $tt, $shift ); - &xor( $a, $tt ); - } - -sub IP_new - { - local($l,$r,$tt)=@_; - - &PERM_OP($r,$l,$tt, 4,"0x0f0f0f0f"); - &PERM_OP($l,$r,$tt,16,"0x0000ffff"); - &PERM_OP($r,$l,$tt, 2,"0x33333333"); - &PERM_OP($l,$r,$tt, 8,"0x00ff00ff"); - &PERM_OP($r,$l,$tt, 1,"0x55555555"); - } - -sub FP_new - { - local($l,$r,$tt)=@_; - - &PERM_OP($l,$r,$tt, 1,"0x55555555"); - &PERM_OP($r,$l,$tt, 8,"0x00ff00ff"); - &PERM_OP($l,$r,$tt, 2,"0x33333333"); - &PERM_OP($r,$l,$tt,16,"0x0000ffff"); - &PERM_OP($l,$r,$tt, 4,"0x0f0f0f0f"); - } - -sub n2a - { - sprintf("%d",$_[0]); - } diff --git a/src/lib/libcrypto/des/asm/des_enc.m4 b/src/lib/libcrypto/des/asm/des_enc.m4 new file mode 100644 index 00000000000..7303d40052a --- /dev/null +++ b/src/lib/libcrypto/des/asm/des_enc.m4 @@ -0,0 +1,2099 @@ +! des_enc.m4 +! des_enc.S (generated from des_enc.m4) +! +! UltraSPARC assembler version of the LibDES/SSLeay/OpenSSL des_enc.c file. +! +! Version 1.0. 32-bit version. +! +! June 8, 2000. +! +! Version 2.0. 32/64-bit, PIC-ification, blended CPU adaptation +! by Andy Polyakov. +! +! January 1, 2003. +! +! Assembler version: Copyright Svend Olaf Mikkelsen. +! +! Original C code: Copyright Eric A. Young. +! +! This code can be freely used by LibDES/SSLeay/OpenSSL users. +! +! The LibDES/SSLeay/OpenSSL copyright notices must be respected. +! +! This version can be redistributed. +! +! To expand the m4 macros: m4 -B 8192 des_enc.m4 > des_enc.S +! +! Global registers 1 to 5 are used. This is the same as done by the +! cc compiler. The UltraSPARC load/store little endian feature is used. +! +! Instruction grouping often refers to one CPU cycle. +! +! Assemble through gcc: gcc -c -mcpu=ultrasparc -o des_enc.o des_enc.S +! +! Assemble through cc: cc -c -xarch=v8plusa -o des_enc.o des_enc.S +! +! Performance improvement according to './apps/openssl speed des' +! +! 32-bit build: +! 23% faster than cc-5.2 -xarch=v8plus -xO5 +! 115% faster than gcc-3.2.1 -m32 -mcpu=ultrasparc -O5 +! 64-bit build: +! 50% faster than cc-5.2 -xarch=v9 -xO5 +! 100% faster than gcc-3.2.1 -m64 -mcpu=ultrasparc -O5 +! + +.ident "des_enc.m4 2.1" +.file "des_enc-sparc.S" + +#if defined(__SUNPRO_C) && defined(__sparcv9) +# define ABI64 /* They've said -xarch=v9 at command line */ +#elif defined(__GNUC__) && defined(__arch64__) +# define ABI64 /* They've said -m64 at command line */ +#endif + +#ifdef ABI64 + .register %g2,#scratch + .register %g3,#scratch +# define FRAME -192 +# define BIAS 2047 +# define LDPTR ldx +# define STPTR stx +# define ARG0 128 +# define ARGSZ 8 +# ifndef OPENSSL_SYSNAME_ULTRASPARC +# define OPENSSL_SYSNAME_ULTRASPARC +# endif +#else +# define FRAME -96 +# define BIAS 0 +# define LDPTR ld +# define STPTR st +# define ARG0 68 +# define ARGSZ 4 +#endif + +#define LOOPS 7 + +#define global0 %g0 +#define global1 %g1 +#define global2 %g2 +#define global3 %g3 +#define global4 %g4 +#define global5 %g5 + +#define local0 %l0 +#define local1 %l1 +#define local2 %l2 +#define local3 %l3 +#define local4 %l4 +#define local5 %l5 +#define local7 %l6 +#define local6 %l7 + +#define in0 %i0 +#define in1 %i1 +#define in2 %i2 +#define in3 %i3 +#define in4 %i4 +#define in5 %i5 +#define in6 %i6 +#define in7 %i7 + +#define out0 %o0 +#define out1 %o1 +#define out2 %o2 +#define out3 %o3 +#define out4 %o4 +#define out5 %o5 +#define out6 %o6 +#define out7 %o7 + +#define stub stb + +changequote({,}) + + +! Macro definitions: + + +! {ip_macro} +! +! The logic used in initial and final permutations is the same as in +! the C code. The permutations are done with a clever shift, xor, and +! technique. +! +! The macro also loads address sbox 1 to 5 to global 1 to 5, address +! sbox 6 to local6, and addres sbox 8 to out3. +! +! Rotates the halfs 3 left to bring the sbox bits in convenient positions. +! +! Loads key first round from address in parameter 5 to out0, out1. +! +! After the original LibDES initial permutation, the resulting left +! is in the variable initially used for right and vice versa. The macro +! implements the possibility to keep the halfs in the original registers. +! +! parameter 1 left +! parameter 2 right +! parameter 3 result left (modify in first round) +! parameter 4 result right (use in first round) +! parameter 5 key address +! parameter 6 1/2 for include encryption/decryption +! parameter 7 1 for move in1 to in3 +! parameter 8 1 for move in3 to in4, 2 for move in4 to in3 +! parameter 9 1 for load ks3 and ks2 to in4 and in3 + +define(ip_macro, { + +! {ip_macro} +! $1 $2 $4 $3 $5 $6 $7 $8 $9 + + ld [out2+256], local1 + srl $2, 4, local4 + + xor local4, $1, local4 + ifelse($7,1,{mov in1, in3},{nop}) + + ld [out2+260], local2 + and local4, local1, local4 + ifelse($8,1,{mov in3, in4},{}) + ifelse($8,2,{mov in4, in3},{}) + + ld [out2+280], out4 ! loop counter + sll local4, 4, local1 + xor $1, local4, $1 + + ld [out2+264], local3 + srl $1, 16, local4 + xor $2, local1, $2 + + ifelse($9,1,{LDPTR KS3, in4},{}) + xor local4, $2, local4 + nop !sethi %hi(DES_SPtrans), global1 ! sbox addr + + ifelse($9,1,{LDPTR KS2, in3},{}) + and local4, local2, local4 + nop !or global1, %lo(DES_SPtrans), global1 ! sbox addr + + sll local4, 16, local1 + xor $2, local4, $2 + + srl $2, 2, local4 + xor $1, local1, $1 + + sethi %hi(16711680), local5 + xor local4, $1, local4 + + and local4, local3, local4 + or local5, 255, local5 + + sll local4, 2, local2 + xor $1, local4, $1 + + srl $1, 8, local4 + xor $2, local2, $2 + + xor local4, $2, local4 + add global1, 768, global4 + + and local4, local5, local4 + add global1, 1024, global5 + + ld [out2+272], local7 + sll local4, 8, local1 + xor $2, local4, $2 + + srl $2, 1, local4 + xor $1, local1, $1 + + ld [$5], out0 ! key 7531 + xor local4, $1, local4 + add global1, 256, global2 + + ld [$5+4], out1 ! key 8642 + and local4, local7, local4 + add global1, 512, global3 + + sll local4, 1, local1 + xor $1, local4, $1 + + sll $1, 3, local3 + xor $2, local1, $2 + + sll $2, 3, local2 + add global1, 1280, local6 ! address sbox 8 + + srl $1, 29, local4 + add global1, 1792, out3 ! address sbox 8 + + srl $2, 29, local1 + or local4, local3, $4 + + or local2, local1, $3 + + ifelse($6, 1, { + + ld [out2+284], local5 ! 0x0000FC00 used in the rounds + or local2, local1, $3 + xor $4, out0, local1 + + call .des_enc.1 + and local1, 252, local1 + + },{}) + + ifelse($6, 2, { + + ld [out2+284], local5 ! 0x0000FC00 used in the rounds + or local2, local1, $3 + xor $4, out0, local1 + + call .des_dec.1 + and local1, 252, local1 + + },{}) +}) + + +! {rounds_macro} +! +! The logic used in the DES rounds is the same as in the C code, +! except that calculations for sbox 1 and sbox 5 begin before +! the previous round is finished. +! +! In each round one half (work) is modified based on key and the +! other half (use). +! +! In this version we do two rounds in a loop repeated 7 times +! and two rounds seperately. +! +! One half has the bits for the sboxes in the following positions: +! +! 777777xx555555xx333333xx111111xx +! +! 88xx666666xx444444xx222222xx8888 +! +! The bits for each sbox are xor-ed with the key bits for that box. +! The above xx bits are cleared, and the result used for lookup in +! the sbox table. Each sbox entry contains the 4 output bits permuted +! into 32 bits according to the P permutation. +! +! In the description of DES, left and right are switched after +! each round, except after last round. In this code the original +! left and right are kept in the same register in all rounds, meaning +! that after the 16 rounds the result for right is in the register +! originally used for left. +! +! parameter 1 first work (left in first round) +! parameter 2 first use (right in first round) +! parameter 3 enc/dec 1/-1 +! parameter 4 loop label +! parameter 5 key address register +! parameter 6 optional address for key next encryption/decryption +! parameter 7 not empty for include retl +! +! also compares in2 to 8 + +define(rounds_macro, { + +! {rounds_macro} +! $1 $2 $3 $4 $5 $6 $7 $8 $9 + + xor $2, out0, local1 + + ld [out2+284], local5 ! 0x0000FC00 + ba $4 + and local1, 252, local1 + + .align 32 + +$4: + ! local6 is address sbox 6 + ! out3 is address sbox 8 + ! out4 is loop counter + + ld [global1+local1], local1 + xor $2, out1, out1 ! 8642 + xor $2, out0, out0 ! 7531 + ! fmovs %f0, %f0 ! fxor used for alignment + + srl out1, 4, local0 ! rotate 4 right + and out0, local5, local3 ! 3 + ! fmovs %f0, %f0 + + ld [$5+$3*8], local7 ! key 7531 next round + srl local3, 8, local3 ! 3 + and local0, 252, local2 ! 2 + ! fmovs %f0, %f0 + + ld [global3+local3],local3 ! 3 + sll out1, 28, out1 ! rotate + xor $1, local1, $1 ! 1 finished, local1 now sbox 7 + + ld [global2+local2], local2 ! 2 + srl out0, 24, local1 ! 7 + or out1, local0, out1 ! rotate + + ldub [out2+local1], local1 ! 7 (and 0xFC) + srl out1, 24, local0 ! 8 + and out1, local5, local4 ! 4 + + ldub [out2+local0], local0 ! 8 (and 0xFC) + srl local4, 8, local4 ! 4 + xor $1, local2, $1 ! 2 finished local2 now sbox 6 + + ld [global4+local4],local4 ! 4 + srl out1, 16, local2 ! 6 + xor $1, local3, $1 ! 3 finished local3 now sbox 5 + + ld [out3+local0],local0 ! 8 + and local2, 252, local2 ! 6 + add global1, 1536, local5 ! address sbox 7 + + ld [local6+local2], local2 ! 6 + srl out0, 16, local3 ! 5 + xor $1, local4, $1 ! 4 finished + + ld [local5+local1],local1 ! 7 + and local3, 252, local3 ! 5 + xor $1, local0, $1 ! 8 finished + + ld [global5+local3],local3 ! 5 + xor $1, local2, $1 ! 6 finished + subcc out4, 1, out4 + + ld [$5+$3*8+4], out0 ! key 8642 next round + xor $1, local7, local2 ! sbox 5 next round + xor $1, local1, $1 ! 7 finished + + srl local2, 16, local2 ! sbox 5 next round + xor $1, local3, $1 ! 5 finished + + ld [$5+$3*16+4], out1 ! key 8642 next round again + and local2, 252, local2 ! sbox5 next round +! next round + xor $1, local7, local7 ! 7531 + + ld [global5+local2], local2 ! 5 + srl local7, 24, local3 ! 7 + xor $1, out0, out0 ! 8642 + + ldub [out2+local3], local3 ! 7 (and 0xFC) + srl out0, 4, local0 ! rotate 4 right + and local7, 252, local1 ! 1 + + sll out0, 28, out0 ! rotate + xor $2, local2, $2 ! 5 finished local2 used + + srl local0, 8, local4 ! 4 + and local0, 252, local2 ! 2 + ld [local5+local3], local3 ! 7 + + srl local0, 16, local5 ! 6 + or out0, local0, out0 ! rotate + ld [global2+local2], local2 ! 2 + + srl out0, 24, local0 + ld [$5+$3*16], out0 ! key 7531 next round + and local4, 252, local4 ! 4 + + and local5, 252, local5 ! 6 + ld [global4+local4], local4 ! 4 + xor $2, local3, $2 ! 7 finished local3 used + + and local0, 252, local0 ! 8 + ld [local6+local5], local5 ! 6 + xor $2, local2, $2 ! 2 finished local2 now sbox 3 + + srl local7, 8, local2 ! 3 start + ld [out3+local0], local0 ! 8 + xor $2, local4, $2 ! 4 finished + + and local2, 252, local2 ! 3 + ld [global1+local1], local1 ! 1 + xor $2, local5, $2 ! 6 finished local5 used + + ld [global3+local2], local2 ! 3 + xor $2, local0, $2 ! 8 finished + add $5, $3*16, $5 ! enc add 8, dec add -8 to key pointer + + ld [out2+284], local5 ! 0x0000FC00 + xor $2, out0, local4 ! sbox 1 next round + xor $2, local1, $2 ! 1 finished + + xor $2, local2, $2 ! 3 finished +#ifdef OPENSSL_SYSNAME_ULTRASPARC + bne,pt %icc, $4 +#else + bne $4 +#endif + and local4, 252, local1 ! sbox 1 next round + +! two rounds more: + + ld [global1+local1], local1 + xor $2, out1, out1 + xor $2, out0, out0 + + srl out1, 4, local0 ! rotate + and out0, local5, local3 + + ld [$5+$3*8], local7 ! key 7531 + srl local3, 8, local3 + and local0, 252, local2 + + ld [global3+local3],local3 + sll out1, 28, out1 ! rotate + xor $1, local1, $1 ! 1 finished, local1 now sbox 7 + + ld [global2+local2], local2 + srl out0, 24, local1 + or out1, local0, out1 ! rotate + + ldub [out2+local1], local1 + srl out1, 24, local0 + and out1, local5, local4 + + ldub [out2+local0], local0 + srl local4, 8, local4 + xor $1, local2, $1 ! 2 finished local2 now sbox 6 + + ld [global4+local4],local4 + srl out1, 16, local2 + xor $1, local3, $1 ! 3 finished local3 now sbox 5 + + ld [out3+local0],local0 + and local2, 252, local2 + add global1, 1536, local5 ! address sbox 7 + + ld [local6+local2], local2 + srl out0, 16, local3 + xor $1, local4, $1 ! 4 finished + + ld [local5+local1],local1 + and local3, 252, local3 + xor $1, local0, $1 + + ld [global5+local3],local3 + xor $1, local2, $1 ! 6 finished + cmp in2, 8 + + ifelse($6,{}, {}, {ld [out2+280], out4}) ! loop counter + xor $1, local7, local2 ! sbox 5 next round + xor $1, local1, $1 ! 7 finished + + ld [$5+$3*8+4], out0 + srl local2, 16, local2 ! sbox 5 next round + xor $1, local3, $1 ! 5 finished + + and local2, 252, local2 +! next round (two rounds more) + xor $1, local7, local7 ! 7531 + + ld [global5+local2], local2 + srl local7, 24, local3 + xor $1, out0, out0 ! 8642 + + ldub [out2+local3], local3 + srl out0, 4, local0 ! rotate + and local7, 252, local1 + + sll out0, 28, out0 ! rotate + xor $2, local2, $2 ! 5 finished local2 used + + srl local0, 8, local4 + and local0, 252, local2 + ld [local5+local3], local3 + + srl local0, 16, local5 + or out0, local0, out0 ! rotate + ld [global2+local2], local2 + + srl out0, 24, local0 + ifelse($6,{}, {}, {ld [$6], out0}) ! key next encryption/decryption + and local4, 252, local4 + + and local5, 252, local5 + ld [global4+local4], local4 + xor $2, local3, $2 ! 7 finished local3 used + + and local0, 252, local0 + ld [local6+local5], local5 + xor $2, local2, $2 ! 2 finished local2 now sbox 3 + + srl local7, 8, local2 ! 3 start + ld [out3+local0], local0 + xor $2, local4, $2 + + and local2, 252, local2 + ld [global1+local1], local1 + xor $2, local5, $2 ! 6 finished local5 used + + ld [global3+local2], local2 + srl $1, 3, local3 + xor $2, local0, $2 + + ifelse($6,{}, {}, {ld [$6+4], out1}) ! key next encryption/decryption + sll $1, 29, local4 + xor $2, local1, $2 + + ifelse($7,{}, {}, {retl}) + xor $2, local2, $2 +}) + + +! {fp_macro} +! +! parameter 1 right (original left) +! parameter 2 left (original right) +! parameter 3 1 for optional store to [in0] +! parameter 4 1 for load input/output address to local5/7 +! +! The final permutation logic switches the halfes, meaning that +! left and right ends up the the registers originally used. + +define(fp_macro, { + +! {fp_macro} +! $1 $2 $3 $4 $5 $6 $7 $8 $9 + + ! initially undo the rotate 3 left done after initial permutation + ! original left is received shifted 3 right and 29 left in local3/4 + + sll $2, 29, local1 + or local3, local4, $1 + + srl $2, 3, $2 + sethi %hi(0x55555555), local2 + + or $2, local1, $2 + or local2, %lo(0x55555555), local2 + + srl $2, 1, local3 + sethi %hi(0x00ff00ff), local1 + xor local3, $1, local3 + or local1, %lo(0x00ff00ff), local1 + and local3, local2, local3 + sethi %hi(0x33333333), local4 + sll local3, 1, local2 + + xor $1, local3, $1 + + srl $1, 8, local3 + xor $2, local2, $2 + xor local3, $2, local3 + or local4, %lo(0x33333333), local4 + and local3, local1, local3 + sethi %hi(0x0000ffff), local1 + sll local3, 8, local2 + + xor $2, local3, $2 + + srl $2, 2, local3 + xor $1, local2, $1 + xor local3, $1, local3 + or local1, %lo(0x0000ffff), local1 + and local3, local4, local3 + sethi %hi(0x0f0f0f0f), local4 + sll local3, 2, local2 + + ifelse($4,1, {LDPTR INPUT, local5}) + xor $1, local3, $1 + + ifelse($4,1, {LDPTR OUTPUT, local7}) + srl $1, 16, local3 + xor $2, local2, $2 + xor local3, $2, local3 + or local4, %lo(0x0f0f0f0f), local4 + and local3, local1, local3 + sll local3, 16, local2 + + xor $2, local3, local1 + + srl local1, 4, local3 + xor $1, local2, $1 + xor local3, $1, local3 + and local3, local4, local3 + sll local3, 4, local2 + + xor $1, local3, $1 + + ! optional store: + + ifelse($3,1, {st $1, [in0]}) + + xor local1, local2, $2 + + ifelse($3,1, {st $2, [in0+4]}) + +}) + + +! {fp_ip_macro} +! +! Does initial permutation for next block mixed with +! final permutation for current block. +! +! parameter 1 original left +! parameter 2 original right +! parameter 3 left ip +! parameter 4 right ip +! parameter 5 1: load ks1/ks2 to in3/in4, add 120 to in4 +! 2: mov in4 to in3 +! +! also adds -8 to length in2 and loads loop counter to out4 + +define(fp_ip_macro, { + +! {fp_ip_macro} +! $1 $2 $3 $4 $5 $6 $7 $8 $9 + + define({temp1},{out4}) + define({temp2},{local3}) + + define({ip1},{local1}) + define({ip2},{local2}) + define({ip4},{local4}) + define({ip5},{local5}) + + ! $1 in local3, local4 + + ld [out2+256], ip1 + sll out5, 29, temp1 + or local3, local4, $1 + + srl out5, 3, $2 + ifelse($5,2,{mov in4, in3}) + + ld [out2+272], ip5 + srl $4, 4, local0 + or $2, temp1, $2 + + srl $2, 1, temp1 + xor temp1, $1, temp1 + + and temp1, ip5, temp1 + xor local0, $3, local0 + + sll temp1, 1, temp2 + xor $1, temp1, $1 + + and local0, ip1, local0 + add in2, -8, in2 + + sll local0, 4, local7 + xor $3, local0, $3 + + ld [out2+268], ip4 + srl $1, 8, temp1 + xor $2, temp2, $2 + ld [out2+260], ip2 + srl $3, 16, local0 + xor $4, local7, $4 + xor temp1, $2, temp1 + xor local0, $4, local0 + and temp1, ip4, temp1 + and local0, ip2, local0 + sll temp1, 8, temp2 + xor $2, temp1, $2 + sll local0, 16, local7 + xor $4, local0, $4 + + srl $2, 2, temp1 + xor $1, temp2, $1 + + ld [out2+264], temp2 ! ip3 + srl $4, 2, local0 + xor $3, local7, $3 + xor temp1, $1, temp1 + xor local0, $3, local0 + and temp1, temp2, temp1 + and local0, temp2, local0 + sll temp1, 2, temp2 + xor $1, temp1, $1 + sll local0, 2, local7 + xor $3, local0, $3 + + srl $1, 16, temp1 + xor $2, temp2, $2 + srl $3, 8, local0 + xor $4, local7, $4 + xor temp1, $2, temp1 + xor local0, $4, local0 + and temp1, ip2, temp1 + and local0, ip4, local0 + sll temp1, 16, temp2 + xor $2, temp1, local4 + sll local0, 8, local7 + xor $4, local0, $4 + + srl $4, 1, local0 + xor $3, local7, $3 + + srl local4, 4, temp1 + xor local0, $3, local0 + + xor $1, temp2, $1 + and local0, ip5, local0 + + sll local0, 1, local7 + xor temp1, $1, temp1 + + xor $3, local0, $3 + xor $4, local7, $4 + + sll $3, 3, local5 + and temp1, ip1, temp1 + + sll temp1, 4, temp2 + xor $1, temp1, $1 + + ifelse($5,1,{LDPTR KS2, in4}) + sll $4, 3, local2 + xor local4, temp2, $2 + + ! reload since used as temporar: + + ld [out2+280], out4 ! loop counter + + srl $3, 29, local0 + ifelse($5,1,{add in4, 120, in4}) + + ifelse($5,1,{LDPTR KS1, in3}) + srl $4, 29, local7 + + or local0, local5, $4 + or local2, local7, $3 + +}) + + + +! {load_little_endian} +! +! parameter 1 address +! parameter 2 destination left +! parameter 3 destination right +! parameter 4 temporar +! parameter 5 label + +define(load_little_endian, { + +! {load_little_endian} +! $1 $2 $3 $4 $5 $6 $7 $8 $9 + + ! first in memory to rightmost in register + +#ifdef OPENSSL_SYSNAME_ULTRASPARC + andcc $1, 3, global0 + bne,pn %icc, $5 + nop + + lda [$1] 0x88, $2 + add $1, 4, $4 + + ba,pt %icc, $5a + lda [$4] 0x88, $3 +#endif + +$5: + ldub [$1+3], $2 + + ldub [$1+2], $4 + sll $2, 8, $2 + or $2, $4, $2 + + ldub [$1+1], $4 + sll $2, 8, $2 + or $2, $4, $2 + + ldub [$1+0], $4 + sll $2, 8, $2 + or $2, $4, $2 + + + ldub [$1+3+4], $3 + + ldub [$1+2+4], $4 + sll $3, 8, $3 + or $3, $4, $3 + + ldub [$1+1+4], $4 + sll $3, 8, $3 + or $3, $4, $3 + + ldub [$1+0+4], $4 + sll $3, 8, $3 + or $3, $4, $3 +$5a: + +}) + + +! {load_little_endian_inc} +! +! parameter 1 address +! parameter 2 destination left +! parameter 3 destination right +! parameter 4 temporar +! parameter 4 label +! +! adds 8 to address + +define(load_little_endian_inc, { + +! {load_little_endian_inc} +! $1 $2 $3 $4 $5 $6 $7 $8 $9 + + ! first in memory to rightmost in register + +#ifdef OPENSSL_SYSNAME_ULTRASPARC + andcc $1, 3, global0 + bne,pn %icc, $5 + nop + + lda [$1] 0x88, $2 + add $1, 4, $1 + + lda [$1] 0x88, $3 + ba,pt %icc, $5a + add $1, 4, $1 +#endif + +$5: + ldub [$1+3], $2 + + ldub [$1+2], $4 + sll $2, 8, $2 + or $2, $4, $2 + + ldub [$1+1], $4 + sll $2, 8, $2 + or $2, $4, $2 + + ldub [$1+0], $4 + sll $2, 8, $2 + or $2, $4, $2 + + ldub [$1+3+4], $3 + add $1, 8, $1 + + ldub [$1+2+4-8], $4 + sll $3, 8, $3 + or $3, $4, $3 + + ldub [$1+1+4-8], $4 + sll $3, 8, $3 + or $3, $4, $3 + + ldub [$1+0+4-8], $4 + sll $3, 8, $3 + or $3, $4, $3 +$5a: + +}) + + +! {load_n_bytes} +! +! Loads 1 to 7 bytes little endian +! Remaining bytes are zeroed. +! +! parameter 1 address +! parameter 2 length +! parameter 3 destination register left +! parameter 4 destination register right +! parameter 5 temp +! parameter 6 temp2 +! parameter 7 label +! parameter 8 return label + +define(load_n_bytes, { + +! {load_n_bytes} +! $1 $2 $5 $6 $7 $8 $7 $8 $9 + +$7.0: call .+8 + sll $2, 2, $6 + + add %o7,$7.jmp.table-$7.0,$5 + + add $5, $6, $5 + mov 0, $4 + + ld [$5], $5 + + jmp %o7+$5 + mov 0, $3 + +$7.7: + ldub [$1+6], $5 + sll $5, 16, $5 + or $3, $5, $3 +$7.6: + ldub [$1+5], $5 + sll $5, 8, $5 + or $3, $5, $3 +$7.5: + ldub [$1+4], $5 + or $3, $5, $3 +$7.4: + ldub [$1+3], $5 + sll $5, 24, $5 + or $4, $5, $4 +$7.3: + ldub [$1+2], $5 + sll $5, 16, $5 + or $4, $5, $4 +$7.2: + ldub [$1+1], $5 + sll $5, 8, $5 + or $4, $5, $4 +$7.1: + ldub [$1+0], $5 + ba $8 + or $4, $5, $4 + + .align 4 + +$7.jmp.table: + .word 0 + .word $7.1-$7.0 + .word $7.2-$7.0 + .word $7.3-$7.0 + .word $7.4-$7.0 + .word $7.5-$7.0 + .word $7.6-$7.0 + .word $7.7-$7.0 +}) + + +! {store_little_endian} +! +! parameter 1 address +! parameter 2 source left +! parameter 3 source right +! parameter 4 temporar + +define(store_little_endian, { + +! {store_little_endian} +! $1 $2 $3 $4 $5 $6 $7 $8 $9 + + ! rightmost in register to first in memory + +#ifdef OPENSSL_SYSNAME_ULTRASPARC + andcc $1, 3, global0 + bne,pn %icc, $5 + nop + + sta $2, [$1] 0x88 + add $1, 4, $4 + + ba,pt %icc, $5a + sta $3, [$4] 0x88 +#endif + +$5: + and $2, 255, $4 + stub $4, [$1+0] + + srl $2, 8, $4 + and $4, 255, $4 + stub $4, [$1+1] + + srl $2, 16, $4 + and $4, 255, $4 + stub $4, [$1+2] + + srl $2, 24, $4 + stub $4, [$1+3] + + + and $3, 255, $4 + stub $4, [$1+0+4] + + srl $3, 8, $4 + and $4, 255, $4 + stub $4, [$1+1+4] + + srl $3, 16, $4 + and $4, 255, $4 + stub $4, [$1+2+4] + + srl $3, 24, $4 + stub $4, [$1+3+4] + +$5a: + +}) + + +! {store_n_bytes} +! +! Stores 1 to 7 bytes little endian +! +! parameter 1 address +! parameter 2 length +! parameter 3 source register left +! parameter 4 source register right +! parameter 5 temp +! parameter 6 temp2 +! parameter 7 label +! parameter 8 return label + +define(store_n_bytes, { + +! {store_n_bytes} +! $1 $2 $5 $6 $7 $8 $7 $8 $9 + +$7.0: call .+8 + sll $2, 2, $6 + + add %o7,$7.jmp.table-$7.0,$5 + + add $5, $6, $5 + + ld [$5], $5 + + jmp %o7+$5 + nop + +$7.7: + srl $3, 16, $5 + and $5, 0xff, $5 + stub $5, [$1+6] +$7.6: + srl $3, 8, $5 + and $5, 0xff, $5 + stub $5, [$1+5] +$7.5: + and $3, 0xff, $5 + stub $5, [$1+4] +$7.4: + srl $4, 24, $5 + stub $5, [$1+3] +$7.3: + srl $4, 16, $5 + and $5, 0xff, $5 + stub $5, [$1+2] +$7.2: + srl $4, 8, $5 + and $5, 0xff, $5 + stub $5, [$1+1] +$7.1: + and $4, 0xff, $5 + + + ba $8 + stub $5, [$1] + + .align 4 + +$7.jmp.table: + + .word 0 + .word $7.1-$7.0 + .word $7.2-$7.0 + .word $7.3-$7.0 + .word $7.4-$7.0 + .word $7.5-$7.0 + .word $7.6-$7.0 + .word $7.7-$7.0 +}) + + +define(testvalue,{1}) + +define(register_init, { + +! For test purposes: + + sethi %hi(testvalue), local0 + or local0, %lo(testvalue), local0 + + ifelse($1,{},{}, {mov local0, $1}) + ifelse($2,{},{}, {mov local0, $2}) + ifelse($3,{},{}, {mov local0, $3}) + ifelse($4,{},{}, {mov local0, $4}) + ifelse($5,{},{}, {mov local0, $5}) + ifelse($6,{},{}, {mov local0, $6}) + ifelse($7,{},{}, {mov local0, $7}) + ifelse($8,{},{}, {mov local0, $8}) + + mov local0, local1 + mov local0, local2 + mov local0, local3 + mov local0, local4 + mov local0, local5 + mov local0, local7 + mov local0, local6 + mov local0, out0 + mov local0, out1 + mov local0, out2 + mov local0, out3 + mov local0, out4 + mov local0, out5 + mov local0, global1 + mov local0, global2 + mov local0, global3 + mov local0, global4 + mov local0, global5 + +}) + +.section ".text" + + .align 32 + +.des_enc: + + ! key address in3 + ! loads key next encryption/decryption first round from [in4] + + rounds_macro(in5, out5, 1, .des_enc.1, in3, in4, retl) + + + .align 32 + +.des_dec: + + ! implemented with out5 as first parameter to avoid + ! register exchange in ede modes + + ! key address in4 + ! loads key next encryption/decryption first round from [in3] + + rounds_macro(out5, in5, -1, .des_dec.1, in4, in3, retl) + + + +! void DES_encrypt1(data, ks, enc) +! ******************************* + + .align 32 + .global DES_encrypt1 + .type DES_encrypt1,#function + +DES_encrypt1: + + save %sp, FRAME, %sp + + sethi %hi(.PIC.DES_SPtrans-1f),global1 + or global1,%lo(.PIC.DES_SPtrans-1f),global1 +1: call .+8 + add %o7,global1,global1 + sub global1,.PIC.DES_SPtrans-.des_and,out2 + + ld [in0], in5 ! left + cmp in2, 0 ! enc + +#ifdef OPENSSL_SYSNAME_ULTRASPARC + be,pn %icc, .encrypt.dec ! enc/dec +#else + be .encrypt.dec +#endif + ld [in0+4], out5 ! right + + ! parameter 6 1/2 for include encryption/decryption + ! parameter 7 1 for move in1 to in3 + ! parameter 8 1 for move in3 to in4, 2 for move in4 to in3 + + ip_macro(in5, out5, in5, out5, in3, 0, 1, 1) + + rounds_macro(in5, out5, 1, .des_encrypt1.1, in3, in4) ! in4 not used + + fp_macro(in5, out5, 1) ! 1 for store to [in0] + + ret + restore + +.encrypt.dec: + + add in1, 120, in3 ! use last subkey for first round + + ! parameter 6 1/2 for include encryption/decryption + ! parameter 7 1 for move in1 to in3 + ! parameter 8 1 for move in3 to in4, 2 for move in4 to in3 + + ip_macro(in5, out5, out5, in5, in4, 2, 0, 1) ! include dec, ks in4 + + fp_macro(out5, in5, 1) ! 1 for store to [in0] + + ret + restore + +.DES_encrypt1.end: + .size DES_encrypt1,.DES_encrypt1.end-DES_encrypt1 + + +! void DES_encrypt2(data, ks, enc) +!********************************* + + ! encrypts/decrypts without initial/final permutation + + .align 32 + .global DES_encrypt2 + .type DES_encrypt2,#function + +DES_encrypt2: + + save %sp, FRAME, %sp + + sethi %hi(.PIC.DES_SPtrans-1f),global1 + or global1,%lo(.PIC.DES_SPtrans-1f),global1 +1: call .+8 + add %o7,global1,global1 + sub global1,.PIC.DES_SPtrans-.des_and,out2 + + ! Set sbox address 1 to 6 and rotate halfs 3 left + ! Errors caught by destest? Yes. Still? *NO* + + !sethi %hi(DES_SPtrans), global1 ! address sbox 1 + + !or global1, %lo(DES_SPtrans), global1 ! sbox 1 + + add global1, 256, global2 ! sbox 2 + add global1, 512, global3 ! sbox 3 + + ld [in0], out5 ! right + add global1, 768, global4 ! sbox 4 + add global1, 1024, global5 ! sbox 5 + + ld [in0+4], in5 ! left + add global1, 1280, local6 ! sbox 6 + add global1, 1792, out3 ! sbox 8 + + ! rotate + + sll in5, 3, local5 + mov in1, in3 ! key address to in3 + + sll out5, 3, local7 + srl in5, 29, in5 + + srl out5, 29, out5 + add in5, local5, in5 + + add out5, local7, out5 + cmp in2, 0 + + ! we use our own stackframe + +#ifdef OPENSSL_SYSNAME_ULTRASPARC + be,pn %icc, .encrypt2.dec ! decryption +#else + be .encrypt2.dec +#endif + STPTR in0, [%sp+BIAS+ARG0+0*ARGSZ] + + ld [in3], out0 ! key 7531 first round + mov LOOPS, out4 ! loop counter + + ld [in3+4], out1 ! key 8642 first round + sethi %hi(0x0000FC00), local5 + + call .des_enc + mov in3, in4 + + ! rotate + sll in5, 29, in0 + srl in5, 3, in5 + sll out5, 29, in1 + add in5, in0, in5 + srl out5, 3, out5 + LDPTR [%sp+BIAS+ARG0+0*ARGSZ], in0 + add out5, in1, out5 + st in5, [in0] + st out5, [in0+4] + + ret + restore + + +.encrypt2.dec: + + add in3, 120, in4 + + ld [in4], out0 ! key 7531 first round + mov LOOPS, out4 ! loop counter + + ld [in4+4], out1 ! key 8642 first round + sethi %hi(0x0000FC00), local5 + + mov in5, local1 ! left expected in out5 + mov out5, in5 + + call .des_dec + mov local1, out5 + +.encrypt2.finish: + + ! rotate + sll in5, 29, in0 + srl in5, 3, in5 + sll out5, 29, in1 + add in5, in0, in5 + srl out5, 3, out5 + LDPTR [%sp+BIAS+ARG0+0*ARGSZ], in0 + add out5, in1, out5 + st out5, [in0] + st in5, [in0+4] + + ret + restore + +.DES_encrypt2.end: + .size DES_encrypt2, .DES_encrypt2.end-DES_encrypt2 + + +! void DES_encrypt3(data, ks1, ks2, ks3) +! ************************************** + + .align 32 + .global DES_encrypt3 + .type DES_encrypt3,#function + +DES_encrypt3: + + save %sp, FRAME, %sp + + sethi %hi(.PIC.DES_SPtrans-1f),global1 + or global1,%lo(.PIC.DES_SPtrans-1f),global1 +1: call .+8 + add %o7,global1,global1 + sub global1,.PIC.DES_SPtrans-.des_and,out2 + + ld [in0], in5 ! left + add in2, 120, in4 ! ks2 + + ld [in0+4], out5 ! right + mov in3, in2 ! save ks3 + + ! parameter 6 1/2 for include encryption/decryption + ! parameter 7 1 for mov in1 to in3 + ! parameter 8 1 for mov in3 to in4 + ! parameter 9 1 for load ks3 and ks2 to in4 and in3 + + ip_macro(in5, out5, in5, out5, in3, 1, 1, 0, 0) + + call .des_dec + mov in2, in3 ! preload ks3 + + call .des_enc + nop + + fp_macro(in5, out5, 1) + + ret + restore + +.DES_encrypt3.end: + .size DES_encrypt3,.DES_encrypt3.end-DES_encrypt3 + + +! void DES_decrypt3(data, ks1, ks2, ks3) +! ************************************** + + .align 32 + .global DES_decrypt3 + .type DES_decrypt3,#function + +DES_decrypt3: + + save %sp, FRAME, %sp + + sethi %hi(.PIC.DES_SPtrans-1f),global1 + or global1,%lo(.PIC.DES_SPtrans-1f),global1 +1: call .+8 + add %o7,global1,global1 + sub global1,.PIC.DES_SPtrans-.des_and,out2 + + ld [in0], in5 ! left + add in3, 120, in4 ! ks3 + + ld [in0+4], out5 ! right + mov in2, in3 ! ks2 + + ! parameter 6 1/2 for include encryption/decryption + ! parameter 7 1 for mov in1 to in3 + ! parameter 8 1 for mov in3 to in4 + ! parameter 9 1 for load ks3 and ks2 to in4 and in3 + + ip_macro(in5, out5, out5, in5, in4, 2, 0, 0, 0) + + call .des_enc + add in1, 120, in4 ! preload ks1 + + call .des_dec + nop + + fp_macro(out5, in5, 1) + + ret + restore + +.DES_decrypt3.end: + .size DES_decrypt3,.DES_decrypt3.end-DES_decrypt3 + +! void DES_ncbc_encrypt(input, output, length, schedule, ivec, enc) +! ***************************************************************** + + + .align 32 + .global DES_ncbc_encrypt + .type DES_ncbc_encrypt,#function + +DES_ncbc_encrypt: + + save %sp, FRAME, %sp + + define({INPUT}, { [%sp+BIAS+ARG0+0*ARGSZ] }) + define({OUTPUT}, { [%sp+BIAS+ARG0+1*ARGSZ] }) + define({IVEC}, { [%sp+BIAS+ARG0+4*ARGSZ] }) + + sethi %hi(.PIC.DES_SPtrans-1f),global1 + or global1,%lo(.PIC.DES_SPtrans-1f),global1 +1: call .+8 + add %o7,global1,global1 + sub global1,.PIC.DES_SPtrans-.des_and,out2 + + cmp in5, 0 ! enc + +#ifdef OPENSSL_SYSNAME_ULTRASPARC + be,pn %icc, .ncbc.dec +#else + be .ncbc.dec +#endif + STPTR in4, IVEC + + ! addr left right temp label + load_little_endian(in4, in5, out5, local3, .LLE1) ! iv + + addcc in2, -8, in2 ! bytes missing when first block done + +#ifdef OPENSSL_SYSNAME_ULTRASPARC + bl,pn %icc, .ncbc.enc.seven.or.less +#else + bl .ncbc.enc.seven.or.less +#endif + mov in3, in4 ! schedule + +.ncbc.enc.next.block: + + load_little_endian(in0, out4, global4, local3, .LLE2) ! block + +.ncbc.enc.next.block_1: + + xor in5, out4, in5 ! iv xor + xor out5, global4, out5 ! iv xor + + ! parameter 8 1 for move in3 to in4, 2 for move in4 to in3 + ip_macro(in5, out5, in5, out5, in3, 0, 0, 2) + +.ncbc.enc.next.block_2: + +!// call .des_enc ! compares in2 to 8 +! rounds inlined for alignment purposes + + add global1, 768, global4 ! address sbox 4 since register used below + + rounds_macro(in5, out5, 1, .ncbc.enc.1, in3, in4) ! include encryption ks in3 + +#ifdef OPENSSL_SYSNAME_ULTRASPARC + bl,pn %icc, .ncbc.enc.next.block_fp +#else + bl .ncbc.enc.next.block_fp +#endif + add in0, 8, in0 ! input address + + ! If 8 or more bytes are to be encrypted after this block, + ! we combine final permutation for this block with initial + ! permutation for next block. Load next block: + + load_little_endian(in0, global3, global4, local5, .LLE12) + + ! parameter 1 original left + ! parameter 2 original right + ! parameter 3 left ip + ! parameter 4 right ip + ! parameter 5 1: load ks1/ks2 to in3/in4, add 120 to in4 + ! 2: mov in4 to in3 + ! + ! also adds -8 to length in2 and loads loop counter to out4 + + fp_ip_macro(out0, out1, global3, global4, 2) + + store_little_endian(in1, out0, out1, local3, .SLE10) ! block + + ld [in3], out0 ! key 7531 first round next block + mov in5, local1 + xor global3, out5, in5 ! iv xor next block + + ld [in3+4], out1 ! key 8642 + add global1, 512, global3 ! address sbox 3 since register used + xor global4, local1, out5 ! iv xor next block + + ba .ncbc.enc.next.block_2 + add in1, 8, in1 ! output address + +.ncbc.enc.next.block_fp: + + fp_macro(in5, out5) + + store_little_endian(in1, in5, out5, local3, .SLE1) ! block + + addcc in2, -8, in2 ! bytes missing when next block done + +#ifdef OPENSSL_SYSNAME_ULTRASPARC + bpos,pt %icc, .ncbc.enc.next.block ! also jumps if 0 +#else + bpos .ncbc.enc.next.block +#endif + add in1, 8, in1 + +.ncbc.enc.seven.or.less: + + cmp in2, -8 + +#ifdef OPENSSL_SYSNAME_ULTRASPARC + ble,pt %icc, .ncbc.enc.finish +#else + ble .ncbc.enc.finish +#endif + nop + + add in2, 8, local1 ! bytes to load + + ! addr, length, dest left, dest right, temp, temp2, label, ret label + load_n_bytes(in0, local1, global4, out4, local2, local3, .LNB1, .ncbc.enc.next.block_1) + + ! Loads 1 to 7 bytes little endian to global4, out4 + + +.ncbc.enc.finish: + + LDPTR IVEC, local4 + store_little_endian(local4, in5, out5, local5, .SLE2) ! ivec + + ret + restore + + +.ncbc.dec: + + STPTR in0, INPUT + cmp in2, 0 ! length + add in3, 120, in3 + + LDPTR IVEC, local7 ! ivec +#ifdef OPENSSL_SYSNAME_ULTRASPARC + ble,pn %icc, .ncbc.dec.finish +#else + ble .ncbc.dec.finish +#endif + mov in3, in4 ! schedule + + STPTR in1, OUTPUT + mov in0, local5 ! input + + load_little_endian(local7, in0, in1, local3, .LLE3) ! ivec + +.ncbc.dec.next.block: + + load_little_endian(local5, in5, out5, local3, .LLE4) ! block + + ! parameter 6 1/2 for include encryption/decryption + ! parameter 7 1 for mov in1 to in3 + ! parameter 8 1 for mov in3 to in4 + + ip_macro(in5, out5, out5, in5, in4, 2, 0, 1) ! include decryprion ks in4 + + fp_macro(out5, in5, 0, 1) ! 1 for input and output address to local5/7 + + ! in2 is bytes left to be stored + ! in2 is compared to 8 in the rounds + + xor out5, in0, out4 ! iv xor +#ifdef OPENSSL_SYSNAME_ULTRASPARC + bl,pn %icc, .ncbc.dec.seven.or.less +#else + bl .ncbc.dec.seven.or.less +#endif + xor in5, in1, global4 ! iv xor + + ! Load ivec next block now, since input and output address might be the same. + + load_little_endian_inc(local5, in0, in1, local3, .LLE5) ! iv + + store_little_endian(local7, out4, global4, local3, .SLE3) + + STPTR local5, INPUT + add local7, 8, local7 + addcc in2, -8, in2 + +#ifdef OPENSSL_SYSNAME_ULTRASPARC + bg,pt %icc, .ncbc.dec.next.block +#else + bg .ncbc.dec.next.block +#endif + STPTR local7, OUTPUT + + +.ncbc.dec.store.iv: + + LDPTR IVEC, local4 ! ivec + store_little_endian(local4, in0, in1, local5, .SLE4) + +.ncbc.dec.finish: + + ret + restore + +.ncbc.dec.seven.or.less: + + load_little_endian_inc(local5, in0, in1, local3, .LLE13) ! ivec + + store_n_bytes(local7, in2, global4, out4, local3, local4, .SNB1, .ncbc.dec.store.iv) + + +.DES_ncbc_encrypt.end: + .size DES_ncbc_encrypt, .DES_ncbc_encrypt.end-DES_ncbc_encrypt + + +! void DES_ede3_cbc_encrypt(input, output, length, ks1, ks2, ks3, ivec, enc) +! ************************************************************************** + + + .align 32 + .global DES_ede3_cbc_encrypt + .type DES_ede3_cbc_encrypt,#function + +DES_ede3_cbc_encrypt: + + save %sp, FRAME, %sp + + define({KS1}, { [%sp+BIAS+ARG0+3*ARGSZ] }) + define({KS2}, { [%sp+BIAS+ARG0+4*ARGSZ] }) + define({KS3}, { [%sp+BIAS+ARG0+5*ARGSZ] }) + + sethi %hi(.PIC.DES_SPtrans-1f),global1 + or global1,%lo(.PIC.DES_SPtrans-1f),global1 +1: call .+8 + add %o7,global1,global1 + sub global1,.PIC.DES_SPtrans-.des_and,out2 + + LDPTR [%fp+BIAS+ARG0+7*ARGSZ], local3 ! enc + LDPTR [%fp+BIAS+ARG0+6*ARGSZ], local4 ! ivec + cmp local3, 0 ! enc + +#ifdef OPENSSL_SYSNAME_ULTRASPARC + be,pn %icc, .ede3.dec +#else + be .ede3.dec +#endif + STPTR in4, KS2 + + STPTR in5, KS3 + + load_little_endian(local4, in5, out5, local3, .LLE6) ! ivec + + addcc in2, -8, in2 ! bytes missing after next block + +#ifdef OPENSSL_SYSNAME_ULTRASPARC + bl,pn %icc, .ede3.enc.seven.or.less +#else + bl .ede3.enc.seven.or.less +#endif + STPTR in3, KS1 + +.ede3.enc.next.block: + + load_little_endian(in0, out4, global4, local3, .LLE7) + +.ede3.enc.next.block_1: + + LDPTR KS2, in4 + xor in5, out4, in5 ! iv xor + xor out5, global4, out5 ! iv xor + + LDPTR KS1, in3 + add in4, 120, in4 ! for decryption we use last subkey first + nop + + ip_macro(in5, out5, in5, out5, in3) + +.ede3.enc.next.block_2: + + call .des_enc ! ks1 in3 + nop + + call .des_dec ! ks2 in4 + LDPTR KS3, in3 + + call .des_enc ! ks3 in3 compares in2 to 8 + nop + +#ifdef OPENSSL_SYSNAME_ULTRASPARC + bl,pn %icc, .ede3.enc.next.block_fp +#else + bl .ede3.enc.next.block_fp +#endif + add in0, 8, in0 + + ! If 8 or more bytes are to be encrypted after this block, + ! we combine final permutation for this block with initial + ! permutation for next block. Load next block: + + load_little_endian(in0, global3, global4, local5, .LLE11) + + ! parameter 1 original left + ! parameter 2 original right + ! parameter 3 left ip + ! parameter 4 right ip + ! parameter 5 1: load ks1/ks2 to in3/in4, add 120 to in4 + ! 2: mov in4 to in3 + ! + ! also adds -8 to length in2 and loads loop counter to out4 + + fp_ip_macro(out0, out1, global3, global4, 1) + + store_little_endian(in1, out0, out1, local3, .SLE9) ! block + + mov in5, local1 + xor global3, out5, in5 ! iv xor next block + + ld [in3], out0 ! key 7531 + add global1, 512, global3 ! address sbox 3 + xor global4, local1, out5 ! iv xor next block + + ld [in3+4], out1 ! key 8642 + add global1, 768, global4 ! address sbox 4 + ba .ede3.enc.next.block_2 + add in1, 8, in1 + +.ede3.enc.next.block_fp: + + fp_macro(in5, out5) + + store_little_endian(in1, in5, out5, local3, .SLE5) ! block + + addcc in2, -8, in2 ! bytes missing when next block done + +#ifdef OPENSSL_SYSNAME_ULTRASPARC + bpos,pt %icc, .ede3.enc.next.block +#else + bpos .ede3.enc.next.block +#endif + add in1, 8, in1 + +.ede3.enc.seven.or.less: + + cmp in2, -8 + +#ifdef OPENSSL_SYSNAME_ULTRASPARC + ble,pt %icc, .ede3.enc.finish +#else + ble .ede3.enc.finish +#endif + nop + + add in2, 8, local1 ! bytes to load + + ! addr, length, dest left, dest right, temp, temp2, label, ret label + load_n_bytes(in0, local1, global4, out4, local2, local3, .LNB2, .ede3.enc.next.block_1) + +.ede3.enc.finish: + + LDPTR [%fp+BIAS+ARG0+6*ARGSZ], local4 ! ivec + store_little_endian(local4, in5, out5, local5, .SLE6) ! ivec + + ret + restore + +.ede3.dec: + + STPTR in0, INPUT + add in5, 120, in5 + + STPTR in1, OUTPUT + mov in0, local5 + add in3, 120, in3 + + STPTR in3, KS1 + cmp in2, 0 + +#ifdef OPENSSL_SYSNAME_ULTRASPARC + ble %icc, .ede3.dec.finish +#else + ble .ede3.dec.finish +#endif + STPTR in5, KS3 + + LDPTR [%fp+BIAS+ARG0+6*ARGSZ], local7 ! iv + load_little_endian(local7, in0, in1, local3, .LLE8) + +.ede3.dec.next.block: + + load_little_endian(local5, in5, out5, local3, .LLE9) + + ! parameter 6 1/2 for include encryption/decryption + ! parameter 7 1 for mov in1 to in3 + ! parameter 8 1 for mov in3 to in4 + ! parameter 9 1 for load ks3 and ks2 to in4 and in3 + + ip_macro(in5, out5, out5, in5, in4, 2, 0, 0, 1) ! inc .des_dec ks3 in4 + + call .des_enc ! ks2 in3 + LDPTR KS1, in4 + + call .des_dec ! ks1 in4 + nop + + fp_macro(out5, in5, 0, 1) ! 1 for input and output address local5/7 + + ! in2 is bytes left to be stored + ! in2 is compared to 8 in the rounds + + xor out5, in0, out4 +#ifdef OPENSSL_SYSNAME_ULTRASPARC + bl,pn %icc, .ede3.dec.seven.or.less +#else + bl .ede3.dec.seven.or.less +#endif + xor in5, in1, global4 + + load_little_endian_inc(local5, in0, in1, local3, .LLE10) ! iv next block + + store_little_endian(local7, out4, global4, local3, .SLE7) ! block + + STPTR local5, INPUT + addcc in2, -8, in2 + add local7, 8, local7 + +#ifdef OPENSSL_SYSNAME_ULTRASPARC + bg,pt %icc, .ede3.dec.next.block +#else + bg .ede3.dec.next.block +#endif + STPTR local7, OUTPUT + +.ede3.dec.store.iv: + + LDPTR [%fp+BIAS+ARG0+6*ARGSZ], local4 ! ivec + store_little_endian(local4, in0, in1, local5, .SLE8) ! ivec + +.ede3.dec.finish: + + ret + restore + +.ede3.dec.seven.or.less: + + load_little_endian_inc(local5, in0, in1, local3, .LLE14) ! iv + + store_n_bytes(local7, in2, global4, out4, local3, local4, .SNB2, .ede3.dec.store.iv) + + +.DES_ede3_cbc_encrypt.end: + .size DES_ede3_cbc_encrypt,.DES_ede3_cbc_encrypt.end-DES_ede3_cbc_encrypt + + .align 256 + .type .des_and,#object + .size .des_and,284 + +.des_and: + +! This table is used for AND 0xFC when it is known that register +! bits 8-31 are zero. Makes it possible to do three arithmetic +! operations in one cycle. + + .byte 0, 0, 0, 0, 4, 4, 4, 4 + .byte 8, 8, 8, 8, 12, 12, 12, 12 + .byte 16, 16, 16, 16, 20, 20, 20, 20 + .byte 24, 24, 24, 24, 28, 28, 28, 28 + .byte 32, 32, 32, 32, 36, 36, 36, 36 + .byte 40, 40, 40, 40, 44, 44, 44, 44 + .byte 48, 48, 48, 48, 52, 52, 52, 52 + .byte 56, 56, 56, 56, 60, 60, 60, 60 + .byte 64, 64, 64, 64, 68, 68, 68, 68 + .byte 72, 72, 72, 72, 76, 76, 76, 76 + .byte 80, 80, 80, 80, 84, 84, 84, 84 + .byte 88, 88, 88, 88, 92, 92, 92, 92 + .byte 96, 96, 96, 96, 100, 100, 100, 100 + .byte 104, 104, 104, 104, 108, 108, 108, 108 + .byte 112, 112, 112, 112, 116, 116, 116, 116 + .byte 120, 120, 120, 120, 124, 124, 124, 124 + .byte 128, 128, 128, 128, 132, 132, 132, 132 + .byte 136, 136, 136, 136, 140, 140, 140, 140 + .byte 144, 144, 144, 144, 148, 148, 148, 148 + .byte 152, 152, 152, 152, 156, 156, 156, 156 + .byte 160, 160, 160, 160, 164, 164, 164, 164 + .byte 168, 168, 168, 168, 172, 172, 172, 172 + .byte 176, 176, 176, 176, 180, 180, 180, 180 + .byte 184, 184, 184, 184, 188, 188, 188, 188 + .byte 192, 192, 192, 192, 196, 196, 196, 196 + .byte 200, 200, 200, 200, 204, 204, 204, 204 + .byte 208, 208, 208, 208, 212, 212, 212, 212 + .byte 216, 216, 216, 216, 220, 220, 220, 220 + .byte 224, 224, 224, 224, 228, 228, 228, 228 + .byte 232, 232, 232, 232, 236, 236, 236, 236 + .byte 240, 240, 240, 240, 244, 244, 244, 244 + .byte 248, 248, 248, 248, 252, 252, 252, 252 + + ! 5 numbers for initil/final permutation + + .word 0x0f0f0f0f ! offset 256 + .word 0x0000ffff ! 260 + .word 0x33333333 ! 264 + .word 0x00ff00ff ! 268 + .word 0x55555555 ! 272 + + .word 0 ! 276 + .word LOOPS ! 280 + .word 0x0000FC00 ! 284 + + .global DES_SPtrans + .type DES_SPtrans,#object + .size DES_SPtrans,2048 +.align 64 +DES_SPtrans: +.PIC.DES_SPtrans: + ! nibble 0 + .word 0x02080800, 0x00080000, 0x02000002, 0x02080802 + .word 0x02000000, 0x00080802, 0x00080002, 0x02000002 + .word 0x00080802, 0x02080800, 0x02080000, 0x00000802 + .word 0x02000802, 0x02000000, 0x00000000, 0x00080002 + .word 0x00080000, 0x00000002, 0x02000800, 0x00080800 + .word 0x02080802, 0x02080000, 0x00000802, 0x02000800 + .word 0x00000002, 0x00000800, 0x00080800, 0x02080002 + .word 0x00000800, 0x02000802, 0x02080002, 0x00000000 + .word 0x00000000, 0x02080802, 0x02000800, 0x00080002 + .word 0x02080800, 0x00080000, 0x00000802, 0x02000800 + .word 0x02080002, 0x00000800, 0x00080800, 0x02000002 + .word 0x00080802, 0x00000002, 0x02000002, 0x02080000 + .word 0x02080802, 0x00080800, 0x02080000, 0x02000802 + .word 0x02000000, 0x00000802, 0x00080002, 0x00000000 + .word 0x00080000, 0x02000000, 0x02000802, 0x02080800 + .word 0x00000002, 0x02080002, 0x00000800, 0x00080802 + ! nibble 1 + .word 0x40108010, 0x00000000, 0x00108000, 0x40100000 + .word 0x40000010, 0x00008010, 0x40008000, 0x00108000 + .word 0x00008000, 0x40100010, 0x00000010, 0x40008000 + .word 0x00100010, 0x40108000, 0x40100000, 0x00000010 + .word 0x00100000, 0x40008010, 0x40100010, 0x00008000 + .word 0x00108010, 0x40000000, 0x00000000, 0x00100010 + .word 0x40008010, 0x00108010, 0x40108000, 0x40000010 + .word 0x40000000, 0x00100000, 0x00008010, 0x40108010 + .word 0x00100010, 0x40108000, 0x40008000, 0x00108010 + .word 0x40108010, 0x00100010, 0x40000010, 0x00000000 + .word 0x40000000, 0x00008010, 0x00100000, 0x40100010 + .word 0x00008000, 0x40000000, 0x00108010, 0x40008010 + .word 0x40108000, 0x00008000, 0x00000000, 0x40000010 + .word 0x00000010, 0x40108010, 0x00108000, 0x40100000 + .word 0x40100010, 0x00100000, 0x00008010, 0x40008000 + .word 0x40008010, 0x00000010, 0x40100000, 0x00108000 + ! nibble 2 + .word 0x04000001, 0x04040100, 0x00000100, 0x04000101 + .word 0x00040001, 0x04000000, 0x04000101, 0x00040100 + .word 0x04000100, 0x00040000, 0x04040000, 0x00000001 + .word 0x04040101, 0x00000101, 0x00000001, 0x04040001 + .word 0x00000000, 0x00040001, 0x04040100, 0x00000100 + .word 0x00000101, 0x04040101, 0x00040000, 0x04000001 + .word 0x04040001, 0x04000100, 0x00040101, 0x04040000 + .word 0x00040100, 0x00000000, 0x04000000, 0x00040101 + .word 0x04040100, 0x00000100, 0x00000001, 0x00040000 + .word 0x00000101, 0x00040001, 0x04040000, 0x04000101 + .word 0x00000000, 0x04040100, 0x00040100, 0x04040001 + .word 0x00040001, 0x04000000, 0x04040101, 0x00000001 + .word 0x00040101, 0x04000001, 0x04000000, 0x04040101 + .word 0x00040000, 0x04000100, 0x04000101, 0x00040100 + .word 0x04000100, 0x00000000, 0x04040001, 0x00000101 + .word 0x04000001, 0x00040101, 0x00000100, 0x04040000 + ! nibble 3 + .word 0x00401008, 0x10001000, 0x00000008, 0x10401008 + .word 0x00000000, 0x10400000, 0x10001008, 0x00400008 + .word 0x10401000, 0x10000008, 0x10000000, 0x00001008 + .word 0x10000008, 0x00401008, 0x00400000, 0x10000000 + .word 0x10400008, 0x00401000, 0x00001000, 0x00000008 + .word 0x00401000, 0x10001008, 0x10400000, 0x00001000 + .word 0x00001008, 0x00000000, 0x00400008, 0x10401000 + .word 0x10001000, 0x10400008, 0x10401008, 0x00400000 + .word 0x10400008, 0x00001008, 0x00400000, 0x10000008 + .word 0x00401000, 0x10001000, 0x00000008, 0x10400000 + .word 0x10001008, 0x00000000, 0x00001000, 0x00400008 + .word 0x00000000, 0x10400008, 0x10401000, 0x00001000 + .word 0x10000000, 0x10401008, 0x00401008, 0x00400000 + .word 0x10401008, 0x00000008, 0x10001000, 0x00401008 + .word 0x00400008, 0x00401000, 0x10400000, 0x10001008 + .word 0x00001008, 0x10000000, 0x10000008, 0x10401000 + ! nibble 4 + .word 0x08000000, 0x00010000, 0x00000400, 0x08010420 + .word 0x08010020, 0x08000400, 0x00010420, 0x08010000 + .word 0x00010000, 0x00000020, 0x08000020, 0x00010400 + .word 0x08000420, 0x08010020, 0x08010400, 0x00000000 + .word 0x00010400, 0x08000000, 0x00010020, 0x00000420 + .word 0x08000400, 0x00010420, 0x00000000, 0x08000020 + .word 0x00000020, 0x08000420, 0x08010420, 0x00010020 + .word 0x08010000, 0x00000400, 0x00000420, 0x08010400 + .word 0x08010400, 0x08000420, 0x00010020, 0x08010000 + .word 0x00010000, 0x00000020, 0x08000020, 0x08000400 + .word 0x08000000, 0x00010400, 0x08010420, 0x00000000 + .word 0x00010420, 0x08000000, 0x00000400, 0x00010020 + .word 0x08000420, 0x00000400, 0x00000000, 0x08010420 + .word 0x08010020, 0x08010400, 0x00000420, 0x00010000 + .word 0x00010400, 0x08010020, 0x08000400, 0x00000420 + .word 0x00000020, 0x00010420, 0x08010000, 0x08000020 + ! nibble 5 + .word 0x80000040, 0x00200040, 0x00000000, 0x80202000 + .word 0x00200040, 0x00002000, 0x80002040, 0x00200000 + .word 0x00002040, 0x80202040, 0x00202000, 0x80000000 + .word 0x80002000, 0x80000040, 0x80200000, 0x00202040 + .word 0x00200000, 0x80002040, 0x80200040, 0x00000000 + .word 0x00002000, 0x00000040, 0x80202000, 0x80200040 + .word 0x80202040, 0x80200000, 0x80000000, 0x00002040 + .word 0x00000040, 0x00202000, 0x00202040, 0x80002000 + .word 0x00002040, 0x80000000, 0x80002000, 0x00202040 + .word 0x80202000, 0x00200040, 0x00000000, 0x80002000 + .word 0x80000000, 0x00002000, 0x80200040, 0x00200000 + .word 0x00200040, 0x80202040, 0x00202000, 0x00000040 + .word 0x80202040, 0x00202000, 0x00200000, 0x80002040 + .word 0x80000040, 0x80200000, 0x00202040, 0x00000000 + .word 0x00002000, 0x80000040, 0x80002040, 0x80202000 + .word 0x80200000, 0x00002040, 0x00000040, 0x80200040 + ! nibble 6 + .word 0x00004000, 0x00000200, 0x01000200, 0x01000004 + .word 0x01004204, 0x00004004, 0x00004200, 0x00000000 + .word 0x01000000, 0x01000204, 0x00000204, 0x01004000 + .word 0x00000004, 0x01004200, 0x01004000, 0x00000204 + .word 0x01000204, 0x00004000, 0x00004004, 0x01004204 + .word 0x00000000, 0x01000200, 0x01000004, 0x00004200 + .word 0x01004004, 0x00004204, 0x01004200, 0x00000004 + .word 0x00004204, 0x01004004, 0x00000200, 0x01000000 + .word 0x00004204, 0x01004000, 0x01004004, 0x00000204 + .word 0x00004000, 0x00000200, 0x01000000, 0x01004004 + .word 0x01000204, 0x00004204, 0x00004200, 0x00000000 + .word 0x00000200, 0x01000004, 0x00000004, 0x01000200 + .word 0x00000000, 0x01000204, 0x01000200, 0x00004200 + .word 0x00000204, 0x00004000, 0x01004204, 0x01000000 + .word 0x01004200, 0x00000004, 0x00004004, 0x01004204 + .word 0x01000004, 0x01004200, 0x01004000, 0x00004004 + ! nibble 7 + .word 0x20800080, 0x20820000, 0x00020080, 0x00000000 + .word 0x20020000, 0x00800080, 0x20800000, 0x20820080 + .word 0x00000080, 0x20000000, 0x00820000, 0x00020080 + .word 0x00820080, 0x20020080, 0x20000080, 0x20800000 + .word 0x00020000, 0x00820080, 0x00800080, 0x20020000 + .word 0x20820080, 0x20000080, 0x00000000, 0x00820000 + .word 0x20000000, 0x00800000, 0x20020080, 0x20800080 + .word 0x00800000, 0x00020000, 0x20820000, 0x00000080 + .word 0x00800000, 0x00020000, 0x20000080, 0x20820080 + .word 0x00020080, 0x20000000, 0x00000000, 0x00820000 + .word 0x20800080, 0x20020080, 0x20020000, 0x00800080 + .word 0x20820000, 0x00000080, 0x00800080, 0x20020000 + .word 0x20820080, 0x00800000, 0x20800000, 0x20000080 + .word 0x00820000, 0x00020080, 0x20020080, 0x20800000 + .word 0x00000080, 0x20820000, 0x00820080, 0x00000000 + .word 0x20000000, 0x20800080, 0x00020000, 0x00820080 + diff --git a/src/lib/libcrypto/des/asm/readme b/src/lib/libcrypto/des/asm/readme deleted file mode 100644 index 1beafe253b1..00000000000 --- a/src/lib/libcrypto/des/asm/readme +++ /dev/null @@ -1,131 +0,0 @@ -First up, let me say I don't like writing in assembler. It is not portable, -dependant on the particular CPU architecture release and is generally a pig -to debug and get right. Having said that, the x86 architecture is probably -the most important for speed due to number of boxes and since -it appears to be the worst architecture to to get -good C compilers for. So due to this, I have lowered myself to do -assembler for the inner DES routines in libdes :-). - -The file to implement in assembler is des_enc.c. Replace the following -4 functions -des_encrypt1(DES_LONG data[2],des_key_schedule ks, int encrypt); -des_encrypt2(DES_LONG data[2],des_key_schedule ks, int encrypt); -des_encrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3); -des_decrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3); - -They encrypt/decrypt the 64 bits held in 'data' using -the 'ks' key schedules. The only difference between the 4 functions is that -des_encrypt2() does not perform IP() or FP() on the data (this is an -optimization for when doing triple DES and des_encrypt3() and des_decrypt3() -perform triple des. The triple DES routines are in here because it does -make a big difference to have them located near the des_encrypt2 function -at link time.. - -Now as we all know, there are lots of different operating systems running on -x86 boxes, and unfortunately they normally try to make sure their assembler -formating is not the same as the other peoples. -The 4 main formats I know of are -Microsoft Windows 95/Windows NT -Elf Includes Linux and FreeBSD(?). -a.out The older Linux. -Solaris Same as Elf but different comments :-(. - -Now I was not overly keen to write 4 different copies of the same code, -so I wrote a few perl routines to output the correct assembler, given -a target assembler type. This code is ugly and is just a hack. -The libraries are x86unix.pl and x86ms.pl. -des586.pl, des686.pl and des-som[23].pl are the programs to actually -generate the assembler. - -So to generate elf assembler -perl des-som3.pl elf >dx86-elf.s -For Windows 95/NT -perl des-som2.pl win32 >win32.asm - -[ update 4 Jan 1996 ] -I have added another way to do things. -perl des-som3.pl cpp >dx86-cpp.s -generates a file that will be included by dx86unix.cpp when it is compiled. -To build for elf, a.out, solaris, bsdi etc, -cc -E -DELF asm/dx86unix.cpp | as -o asm/dx86-elf.o -cc -E -DSOL asm/dx86unix.cpp | as -o asm/dx86-sol.o -cc -E -DOUT asm/dx86unix.cpp | as -o asm/dx86-out.o -cc -E -DBSDI asm/dx86unix.cpp | as -o asm/dx86bsdi.o -This was done to cut down the number of files in the distribution. - -Now the ugly part. I acquired my copy of Intels -"Optimization's For Intel's 32-Bit Processors" and found a few interesting -things. First, the aim of the exersize is to 'extract' one byte at a time -from a word and do an array lookup. This involves getting the byte from -the 4 locations in the word and moving it to a new word and doing the lookup. -The most obvious way to do this is -xor eax, eax # clear word -movb al, cl # get low byte -xor edi DWORD PTR 0x100+des_SP[eax] # xor in word -movb al, ch # get next byte -xor edi DWORD PTR 0x300+des_SP[eax] # xor in word -shr ecx 16 -which seems ok. For the pentium, this system appears to be the best. -One has to do instruction interleaving to keep both functional units -operating, but it is basically very efficient. - -Now the crunch. When a full register is used after a partial write, eg. -mov al, cl -xor edi, DWORD PTR 0x100+des_SP[eax] -386 - 1 cycle stall -486 - 1 cycle stall -586 - 0 cycle stall -686 - at least 7 cycle stall (page 22 of the above mentioned document). - -So the technique that produces the best results on a pentium, according to -the documentation, will produce hideous results on a pentium pro. - -To get around this, des686.pl will generate code that is not as fast on -a pentium, should be very good on a pentium pro. -mov eax, ecx # copy word -shr ecx, 8 # line up next byte -and eax, 0fch # mask byte -xor edi DWORD PTR 0x100+des_SP[eax] # xor in array lookup -mov eax, ecx # get word -shr ecx 8 # line up next byte -and eax, 0fch # mask byte -xor edi DWORD PTR 0x300+des_SP[eax] # xor in array lookup - -Due to the execution units in the pentium, this actually works quite well. -For a pentium pro it should be very good. This is the type of output -Visual C++ generates. - -There is a third option. instead of using -mov al, ch -which is bad on the pentium pro, one may be able to use -movzx eax, ch -which may not incur the partial write penalty. On the pentium, -this instruction takes 4 cycles so is not worth using but on the -pentium pro it appears it may be worth while. I need access to one to -experiment :-). - -eric (20 Oct 1996) - -22 Nov 1996 - I have asked people to run the 2 different version on pentium -pros and it appears that the intel documentation is wrong. The -mov al,bh is still faster on a pentium pro, so just use the des586.pl -install des686.pl - -3 Dec 1996 - I added des_encrypt3/des_decrypt3 because I have moved these -functions into des_enc.c because it does make a massive performance -difference on some boxes to have the functions code located close to -the des_encrypt2() function. - -9 Jan 1997 - des-som2.pl is now the correct perl script to use for -pentiums. It contains an inner loop from -Svend Olaf Mikkelsen which does raw ecb DES calls at -273,000 per second. He had a previous version at 250,000 and the best -I was able to get was 203,000. The content has not changed, this is all -due to instruction sequencing (and actual instructions choice) which is able -to keep both functional units of the pentium going. -We may have lost the ugly register usage restrictions when x86 went 32 bit -but for the pentium it has been replaced by evil instruction ordering tricks. - -13 Jan 1997 - des-som3.pl, more optimizations from Svend Olaf. -raw DES at 281,000 per second on a pentium 100. - diff --git a/src/lib/libcrypto/des/cbc3_enc.c b/src/lib/libcrypto/des/cbc3_enc.c deleted file mode 100644 index b5db4e14f73..00000000000 --- a/src/lib/libcrypto/des/cbc3_enc.c +++ /dev/null @@ -1,99 +0,0 @@ -/* crypto/des/cbc3_enc.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include "des_locl.h" - -/* HAS BUGS! DON'T USE - this is only present for use in des.c */ -void DES_3cbc_encrypt(DES_cblock *input, DES_cblock *output, long length, - DES_key_schedule ks1, DES_key_schedule ks2, DES_cblock *iv1, - DES_cblock *iv2, int enc) - { - int off=((int)length-1)/8; - long l8=((length+7)/8)*8; - DES_cblock niv1,niv2; - - if (enc == DES_ENCRYPT) - { - DES_cbc_encrypt((unsigned char*)input, - (unsigned char*)output,length,&ks1,iv1,enc); - if (length >= sizeof(DES_cblock)) - memcpy(niv1,output[off],sizeof(DES_cblock)); - DES_cbc_encrypt((unsigned char*)output, - (unsigned char*)output,l8,&ks2,iv1,!enc); - DES_cbc_encrypt((unsigned char*)output, - (unsigned char*)output,l8,&ks1,iv2,enc); - if (length >= sizeof(DES_cblock)) - memcpy(niv2,output[off],sizeof(DES_cblock)); - } - else - { - if (length >= sizeof(DES_cblock)) - memcpy(niv2,input[off],sizeof(DES_cblock)); - DES_cbc_encrypt((unsigned char*)input, - (unsigned char*)output,l8,&ks1,iv2,enc); - DES_cbc_encrypt((unsigned char*)output, - (unsigned char*)output,l8,&ks2,iv1,!enc); - if (length >= sizeof(DES_cblock)) - memcpy(niv1,output[off],sizeof(DES_cblock)); - DES_cbc_encrypt((unsigned char*)output, - (unsigned char*)output,length,&ks1,iv1,enc); - } - memcpy(*iv1,niv1,sizeof(DES_cblock)); - memcpy(*iv2,niv2,sizeof(DES_cblock)); - } - diff --git a/src/lib/libcrypto/des/cbc_cksm.c b/src/lib/libcrypto/des/cbc_cksm.c index 6c5305b99d9..20553ef09f2 100644 --- a/src/lib/libcrypto/des/cbc_cksm.c +++ b/src/lib/libcrypto/des/cbc_cksm.c @@ -1,4 +1,4 @@ -/* crypto/des/cbc_cksm.c */ +/* $OpenBSD: cbc_cksm.c,v 1.7 2014/10/28 07:35:58 jsg Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -62,8 +62,8 @@ DES_LONG DES_cbc_cksum(const unsigned char *in, DES_cblock *output, long length, DES_key_schedule *schedule, const_DES_cblock *ivec) { - register DES_LONG tout0,tout1,tin0,tin1; - register long l=length; + DES_LONG tout0,tout1,tin0,tin1; + long l=length; DES_LONG tin[2]; unsigned char *out = &(*output)[0]; const unsigned char *iv = &(*ivec)[0]; @@ -93,5 +93,14 @@ DES_LONG DES_cbc_cksum(const unsigned char *in, DES_cblock *output, l2c(tout1,out); } tout0=tin0=tin1=tin[0]=tin[1]=0; + /* + Transform the data in tout1 so that it will + match the return value that the MIT Kerberos + mit_des_cbc_cksum API returns. + */ + tout1 = ((tout1 >> 24L) & 0x000000FF) + | ((tout1 >> 8L) & 0x0000FF00) + | ((tout1 << 8L) & 0x00FF0000) + | ((tout1 << 24L) & 0xFF000000); return(tout1); } diff --git a/src/lib/libcrypto/des/cbc_enc.c b/src/lib/libcrypto/des/cbc_enc.c index 677903ae4e3..5db52809c08 100644 --- a/src/lib/libcrypto/des/cbc_enc.c +++ b/src/lib/libcrypto/des/cbc_enc.c @@ -1,4 +1,4 @@ -/* crypto/des/cbc_enc.c */ +/* $OpenBSD: cbc_enc.c,v 1.3 2014/06/12 15:49:28 deraadt Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * diff --git a/src/lib/libcrypto/des/cfb64ede.c b/src/lib/libcrypto/des/cfb64ede.c index 60c1aa08db4..6d4d2877751 100644 --- a/src/lib/libcrypto/des/cfb64ede.c +++ b/src/lib/libcrypto/des/cfb64ede.c @@ -1,4 +1,4 @@ -/* crypto/des/cfb64ede.c */ +/* $OpenBSD: cfb64ede.c,v 1.9 2015/02/07 13:19:15 doug Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -68,9 +68,9 @@ void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out, DES_key_schedule *ks2, DES_key_schedule *ks3, DES_cblock *ivec, int *num, int enc) { - register DES_LONG v0,v1; - register long l=length; - register int n= *num; + DES_LONG v0,v1; + long l=length; + int n= *num; DES_LONG ti[2]; unsigned char *iv,c,cc; @@ -132,11 +132,113 @@ void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out, *num=n; } -#ifdef undef /* MACRO */ -void DES_ede2_cfb64_encrypt(unsigned char *in, unsigned char *out, long length, - DES_key_schedule ks1, DES_key_schedule ks2, DES_cblock (*ivec), - int *num, int enc) +/* This is compatible with the single key CFB-r for DES, even thought that's + * not what EVP needs. + */ + +void DES_ede3_cfb_encrypt(const unsigned char *in,unsigned char *out, + int numbits,long length,DES_key_schedule *ks1, + DES_key_schedule *ks2,DES_key_schedule *ks3, + DES_cblock *ivec,int enc) { - DES_ede3_cfb64_encrypt(in,out,length,ks1,ks2,ks1,ivec,num,enc); + DES_LONG d0,d1,v0,v1; + unsigned long l=length,n=((unsigned int)numbits+7)/8; + int num=numbits,i; + DES_LONG ti[2]; + unsigned char *iv; + unsigned char ovec[16]; + + if (num > 64) return; + iv = &(*ivec)[0]; + c2l(iv,v0); + c2l(iv,v1); + if (enc) + { + while (l >= n) + { + l-=n; + ti[0]=v0; + ti[1]=v1; + DES_encrypt3(ti,ks1,ks2,ks3); + c2ln(in,d0,d1,n); + in+=n; + d0^=ti[0]; + d1^=ti[1]; + l2cn(d0,d1,out,n); + out+=n; + /* 30-08-94 - eay - changed because l>>32 and + * l<<32 are bad under gcc :-( */ + if (num == 32) + { v0=v1; v1=d0; } + else if (num == 64) + { v0=d0; v1=d1; } + else + { + iv=&ovec[0]; + l2c(v0,iv); + l2c(v1,iv); + l2c(d0,iv); + l2c(d1,iv); + /* shift ovec left most of the bits... */ + memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0)); + /* now the remaining bits */ + if(num%8 != 0) + for(i=0 ; i < 8 ; ++i) + { + ovec[i]<<=num%8; + ovec[i]|=ovec[i+1]>>(8-num%8); + } + iv=&ovec[0]; + c2l(iv,v0); + c2l(iv,v1); + } + } + } + else + { + while (l >= n) + { + l-=n; + ti[0]=v0; + ti[1]=v1; + DES_encrypt3(ti,ks1,ks2,ks3); + c2ln(in,d0,d1,n); + in+=n; + /* 30-08-94 - eay - changed because l>>32 and + * l<<32 are bad under gcc :-( */ + if (num == 32) + { v0=v1; v1=d0; } + else if (num == 64) + { v0=d0; v1=d1; } + else + { + iv=&ovec[0]; + l2c(v0,iv); + l2c(v1,iv); + l2c(d0,iv); + l2c(d1,iv); + /* shift ovec left most of the bits... */ + memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0)); + /* now the remaining bits */ + if(num%8 != 0) + for(i=0 ; i < 8 ; ++i) + { + ovec[i]<<=num%8; + ovec[i]|=ovec[i+1]>>(8-num%8); + } + iv=&ovec[0]; + c2l(iv,v0); + c2l(iv,v1); + } + d0^=ti[0]; + d1^=ti[1]; + l2cn(d0,d1,out,n); + out+=n; + } + } + iv = &(*ivec)[0]; + l2c(v0,iv); + l2c(v1,iv); + v0=v1=d0=d1=ti[0]=ti[1]=0; } -#endif + diff --git a/src/lib/libcrypto/des/cfb64enc.c b/src/lib/libcrypto/des/cfb64enc.c index 5ec8683e402..6c8f99e841f 100644 --- a/src/lib/libcrypto/des/cfb64enc.c +++ b/src/lib/libcrypto/des/cfb64enc.c @@ -1,4 +1,4 @@ -/* crypto/des/cfb64enc.c */ +/* $OpenBSD: cfb64enc.c,v 1.6 2014/10/28 07:35:58 jsg Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -67,9 +67,9 @@ void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out, long length, DES_key_schedule *schedule, DES_cblock *ivec, int *num, int enc) { - register DES_LONG v0,v1; - register long l=length; - register int n= *num; + DES_LONG v0,v1; + long l=length; + int n= *num; DES_LONG ti[2]; unsigned char *iv,c,cc; diff --git a/src/lib/libcrypto/des/cfb_enc.c b/src/lib/libcrypto/des/cfb_enc.c index 17bf77ca9e3..59a3e718622 100644 --- a/src/lib/libcrypto/des/cfb_enc.c +++ b/src/lib/libcrypto/des/cfb_enc.c @@ -1,4 +1,4 @@ -/* crypto/des/cfb_enc.c */ +/* $OpenBSD: cfb_enc.c,v 1.13 2015/02/10 09:46:30 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -57,6 +57,7 @@ */ #include "des_locl.h" +#include /* The input and output are loaded in multiples of 8 bits. * What this means is that if you hame numbits=12 and length=2 @@ -64,38 +65,31 @@ * the second. The second 12 bits will come from the 3rd and half the 4th * byte. */ +/* Until Aug 1 2003 this function did not correctly implement CFB-r, so it + * will not be compatible with any encryption prior to that date. Ben. */ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits, - long length, DES_key_schedule *schedule, DES_cblock *ivec, int enc) + long length, DES_key_schedule *schedule, DES_cblock *ivec, + int enc) { - register DES_LONG d0,d1,v0,v1,n=(numbits+7)/8; - register DES_LONG mask0,mask1; - register unsigned long l=length; - register int num=numbits; + DES_LONG d0,d1,v0,v1; + unsigned long l=length; + int num=numbits/8,n=(numbits+7)/8,i,rem=numbits%8; DES_LONG ti[2]; unsigned char *iv; +#if BYTE_ORDER != LITTLE_ENDIAN + unsigned char ovec[16]; +#else + unsigned int sh[4]; + unsigned char *ovec=(unsigned char *)sh; +#endif - if (num > 64) return; - if (num > 32) - { - mask0=0xffffffffL; - if (num == 64) - mask1=mask0; - else mask1=(1L<<(num-32))-1; - } - else - { - if (num == 32) - mask0=0xffffffffL; - else mask0=(1L< 64) return; iv = &(*ivec)[0]; c2l(iv,v0); c2l(iv,v1); if (enc) { - while (l >= n) + while (l >= (unsigned long)n) { l-=n; ti[0]=v0; @@ -103,31 +97,46 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits, DES_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT); c2ln(in,d0,d1,n); in+=n; - d0=(d0^ti[0])&mask0; - d1=(d1^ti[1])&mask1; + d0^=ti[0]; + d1^=ti[1]; l2cn(d0,d1,out,n); out+=n; /* 30-08-94 - eay - changed because l>>32 and * l<<32 are bad under gcc :-( */ - if (num == 32) + if (numbits == 32) { v0=v1; v1=d0; } - else if (num == 64) + else if (numbits == 64) { v0=d0; v1=d1; } - else if (num > 32) /* && num != 64 */ - { - v0=((v1>>(num-32))|(d0<<(64-num)))&0xffffffffL; - v1=((d0>>(num-32))|(d1<<(64-num)))&0xffffffffL; - } - else /* num < 32 */ + else { - v0=((v0>>num)|(v1<<(32-num)))&0xffffffffL; - v1=((v1>>num)|(d0<<(32-num)))&0xffffffffL; +#if BYTE_ORDER != LITTLE_ENDIAN + iv=&ovec[0]; + l2c(v0,iv); + l2c(v1,iv); + l2c(d0,iv); + l2c(d1,iv); +#else + sh[0]=v0, sh[1]=v1, sh[2]=d0, sh[3]=d1; +#endif + if (rem==0) + memmove(ovec,ovec+num,8); + else + for(i=0 ; i < 8 ; ++i) + ovec[i]=ovec[i+num]<>(8-rem); +#if BYTE_ORDER == LITTLE_ENDIAN + v0=sh[0], v1=sh[1]; +#else + iv=&ovec[0]; + c2l(iv,v0); + c2l(iv,v1); +#endif } } } else { - while (l >= n) + while (l >= (unsigned long)n) { l-=n; ti[0]=v0; @@ -137,22 +146,37 @@ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits, in+=n; /* 30-08-94 - eay - changed because l>>32 and * l<<32 are bad under gcc :-( */ - if (num == 32) + if (numbits == 32) { v0=v1; v1=d0; } - else if (num == 64) + else if (numbits == 64) { v0=d0; v1=d1; } - else if (num > 32) /* && num != 64 */ - { - v0=((v1>>(num-32))|(d0<<(64-num)))&0xffffffffL; - v1=((d0>>(num-32))|(d1<<(64-num)))&0xffffffffL; - } - else /* num < 32 */ + else { - v0=((v0>>num)|(v1<<(32-num)))&0xffffffffL; - v1=((v1>>num)|(d0<<(32-num)))&0xffffffffL; +#if BYTE_ORDER != LITTLE_ENDIAN + iv=&ovec[0]; + l2c(v0,iv); + l2c(v1,iv); + l2c(d0,iv); + l2c(d1,iv); +#else + sh[0]=v0, sh[1]=v1, sh[2]=d0, sh[3]=d1; +#endif + if (rem==0) + memmove(ovec,ovec+num,8); + else + for(i=0 ; i < 8 ; ++i) + ovec[i]=ovec[i+num]<>(8-rem); +#if BYTE_ORDER == LITTLE_ENDIAN + v0=sh[0], v1=sh[1]; +#else + iv=&ovec[0]; + c2l(iv,v0); + c2l(iv,v1); +#endif } - d0=(d0^ti[0])&mask0; - d1=(d1^ti[1])&mask1; + d0^=ti[0]; + d1^=ti[1]; l2cn(d0,d1,out,n); out+=n; } diff --git a/src/lib/libcrypto/des/des-lib.com b/src/lib/libcrypto/des/des-lib.com deleted file mode 100644 index fc2c35a1ce8..00000000000 --- a/src/lib/libcrypto/des/des-lib.com +++ /dev/null @@ -1,1003 +0,0 @@ -$! -$! DES-LIB.COM -$! Written By: Robert Byer -$! Vice-President -$! A-Com Computing, Inc. -$! byer@mail.all-net.net -$! -$! Changes by Richard Levitte -$! -$! This command files compiles and creates the -$! "[.xxx.EXE.CRYPTO.DES]LIBDES.OLB" library. The "xxx" denotes the machine -$! architecture of AXP or VAX. -$! -$! It was re-written to try to determine which "C" compiler to try to use -$! or the user can specify a compiler in P3. -$! -$! Specify one of the following to build just that part, specify "ALL" to -$! just build everything. -$! -$! ALL To Just Build "Everything". -$! LIBRARY To Just Build The [.xxx.EXE.CRYPTO.DES]LIBDES.OLB Library. -$! DESTEST To Just Build The [.xxx.EXE.CRYPTO.DES]DESTEST.EXE Program. -$! SPEED To Just Build The [.xxx.EXE.CRYPTO.DES]SPEED.EXE Program. -$! RPW To Just Build The [.xxx.EXE.CRYPTO.DES]RPW.EXE Program. -$! DES To Just Build The [.xxx.EXE.CRYPTO.DES]DES.EXE Program. -$! DES_OPTS To Just Build The [.xxx.EXE.CRYPTO.DES]DES_OPTS.EXE Program. -$! -$! Specify either DEBUG or NODEBUG as P2 to compile with or without -$! debugging information. -$! -$! Specify which compiler at P3 to try to compile under. -$! -$! VAXC For VAX C. -$! DECC For DEC C. -$! GNUC For GNU C. -$! -$! If you don't speficy a compiler, it will try to determine which -$! "C" compiler to try to use. -$! -$! P4, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up) -$! -$! -$! Make sure we know what architecture we run on. -$! -$! -$! Check Which Architecture We Are Using. -$! -$ IF (F$GETSYI("CPU").GE.128) -$ THEN -$! -$! The Architecture Is AXP. -$! -$ ARCH := AXP -$! -$! Else... -$! -$ ELSE -$! -$! The Architecture Is VAX. -$! -$ ARCH := VAX -$! -$! End The Architecture Check. -$! -$ ENDIF -$! -$! Check To Make Sure We Have Valid Command Line Parameters. -$! -$ GOSUB CHECK_OPTIONS -$! -$! Tell The User What Kind of Machine We Run On. -$! -$ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine." -$! -$! Define The OBJ Directory Name. -$! -$ OBJ_DIR := SYS$DISK:[--.'ARCH'.OBJ.CRYPTO.DES] -$! -$! Check To See If The Architecture Specific OBJ Directory Exists. -$! -$ IF (F$PARSE(OBJ_DIR).EQS."") -$ THEN -$! -$! It Dosen't Exist, So Create It. -$! -$ CREATE/DIR 'OBJ_DIR' -$! -$! End The Architecture Specific OBJ Directory Check. -$! -$ ENDIF -$! -$! Define The EXE Directory Name. -$! -$ EXE_DIR :== SYS$DISK:[--.'ARCH'.EXE.CRYPTO.DES] -$! -$! Check To See If The Architecture Specific Directory Exists. -$! -$ IF (F$PARSE(EXE_DIR).EQS."") -$ THEN -$! -$! It Dosen't Exist, So Create It. -$! -$ CREATE/DIR 'EXE_DIR' -$! -$! End The Architecture Specific Directory Check. -$! -$ ENDIF -$! -$! Define The Library Name. -$! -$ LIB_NAME := 'EXE_DIR'LIBDES.OLB -$! -$! Check To See What We Are To Do. -$! -$ IF (BUILDALL.EQS."TRUE") -$ THEN -$! -$! Since Nothing Special Was Specified, Do Everything. -$! -$ GOSUB LIBRARY -$ GOSUB DESTEST -$ GOSUB SPEED -$ GOSUB RPW -$ GOSUB DES -$ GOSUB DES_OPTS -$! -$! Else... -$! -$ ELSE -$! -$! Build Just What The User Wants Us To Build. -$! -$ GOSUB 'BUILDALL' -$! -$! End The BUILDALL Check. -$! -$ ENDIF -$! -$! Time To EXIT. -$! -$ EXIT -$ LIBRARY: -$! -$! Tell The User That We Are Compiling. -$! -$ WRITE SYS$OUTPUT "Compiling The ",LIB_NAME," Files." -$! -$! Check To See If We Already Have A "[.xxx.EXE.CRYPTO.DES]LIBDES.OLB" Library... -$! -$ IF (F$SEARCH(LIB_NAME).EQS."") -$ THEN -$! -$! Guess Not, Create The Library. -$! -$ LIBRARY/CREATE/OBJECT 'LIB_NAME' -$! -$! End The Library Exist Check. -$! -$ ENDIF -$! -$! Define The DES Library Files. -$! -$ LIB_DES = "set_key,ecb_enc,cbc_enc,"+ - - "ecb3_enc,cfb64enc,cfb64ede,cfb_enc,ofb64ede,"+ - - "enc_read,enc_writ,ofb64enc,"+ - - "ofb_enc,str2key,pcbc_enc,qud_cksm,rand_key,"+ - - "des_enc,fcrypt_b,read2pwd,"+ - - "fcrypt,xcbc_enc,read_pwd,rpc_enc,cbc_cksm,supp" -$! -$! Define A File Counter And Set It To "0". -$! -$ FILE_COUNTER = 0 -$! -$! Top Of The File Loop. -$! -$ NEXT_FILE: -$! -$! O.K, Extract The File Name From The File List. -$! -$ FILE_NAME = F$ELEMENT(FILE_COUNTER,",",LIB_DES) -$! -$! Check To See If We Are At The End Of The File List. -$! -$ IF (FILE_NAME.EQS.",") THEN GOTO FILE_DONE -$! -$! Increment The Counter. -$! -$ FILE_COUNTER = FILE_COUNTER + 1 -$! -$! Create The Source File Name. -$! -$ SOURCE_FILE = "SYS$DISK:[]" + FILE_NAME + ".C" -$! -$! Tell The User We Are Compiling The Source File. -$! -$ WRITE SYS$OUTPUT " ",FILE_NAME,".C" -$! -$! Create The Object File Name. -$! -$ OBJECT_FILE = OBJ_DIR + FILE_NAME + "." + ARCH + "OBJ" -$ ON WARNING THEN GOTO NEXT_FILE -$! -$! Check To See If The File We Want To Compile Actually Exists. -$! -$ IF (F$SEARCH(SOURCE_FILE).EQS."") -$ THEN -$! -$! Tell The User That The File Dosen't Exist. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The File ",SOURCE_FILE," Dosen't Exist." -$ WRITE SYS$OUTPUT "" -$! -$! Exit The Build. -$! -$ EXIT -$! -$! End The File Exists Check. -$! -$ ENDIF -$! -$! Compile The File. -$! -$ ON ERROR THEN GOTO NEXT_FILE -$ CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE' -$! -$! Add It To The Library. -$! -$ LIBRARY/REPLACE/OBJECT 'LIB_NAME' 'OBJECT_FILE' -$! -$! Time To Clean Up The Object File. -$! -$ DELETE 'OBJECT_FILE';* -$! -$! Go Back And Do It Again. -$! -$ GOTO NEXT_FILE -$! -$! All Done With This Library Part. -$! -$ FILE_DONE: -$! -$! Tell The User That We Are All Done. -$! -$ WRITE SYS$OUTPUT "Library ",LIB_NAME," Built." -$! -$! All Done, Time To Return. -$! -$ RETURN -$! -$! Compile The DESTEST Program. -$! -$ DESTEST: -$! -$! Check To See If We Have The Proper Libraries. -$! -$ GOSUB LIB_CHECK -$! -$! Check To See If We Have A Linker Option File. -$! -$ GOSUB CHECK_OPT_FILE -$! -$! Check To See If The File We Want To Compile Actually Exists. -$! -$ IF (F$SEARCH("SYS$DISK:[]DESTEST.C").EQS."") -$ THEN -$! -$! Tell The User That The File Dosen't Exist. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The File DESTEST.C Dosen't Exist." -$ WRITE SYS$OUTPUT "" -$! -$! Exit The Build. -$! -$ EXIT -$! -$! End The DESTEST.C File Check. -$! -$ ENDIF -$! -$! Tell The User What We Are Building. -$! -$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"DESTEST.EXE" -$! -$! Compile The DESTEST Program. -$! -$ CC/OBJECT='OBJ_DIR'DESTEST.OBJ SYS$DISK:[]DESTEST.C -$! -$! Link The DESTEST Program. -$! -$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'DESTEST.EXE - - 'OBJ_DIR'DESTEST.OBJ,'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION -$! -$! All Done, Time To Return. -$! -$ RETURN -$! -$! Compile The SPEED Program. -$! -$ SPEED: -$! -$! Check To See If We Have The Proper Libraries. -$! -$ GOSUB LIB_CHECK -$! -$! Check To See If We Have A Linker Option File. -$! -$ GOSUB CHECK_OPT_FILE -$! -$! Check To See If The File We Want To Compile Actually Exists. -$! -$ IF (F$SEARCH("SYS$DISK:[]SPEED.C").EQS."") -$ THEN -$! -$! Tell The User That The File Dosen't Exist. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The File SPEED.C Dosen't Exist." -$ WRITE SYS$OUTPUT "" -$! -$! Exit The Build. -$! -$ EXIT -$! -$! End The SPEED.C File Check. -$! -$ ENDIF -$! -$! Tell The User What We Are Building. -$! -$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"SPEED.EXE" -$! -$! Compile The SPEED Program. -$! -$ CC/OBJECT='OBJ_DIR'SPEED.OBJ SYS$DISK:[]SPEED.C -$! -$! Link The SPEED Program. -$! -$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'SPEED.EXE - - 'OBJ_DIR'SPEED.OBJ,'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION -$! -$! All Done, Time To Return. -$! -$ RETURN -$! -$! Compile The RPW Program. -$! -$ RPW: -$! -$! Check To See If We Have The Proper Libraries. -$! -$ GOSUB LIB_CHECK -$! -$! Check To See If We Have A Linker Option File. -$! -$ GOSUB CHECK_OPT_FILE -$! -$! Check To See If The File We Want To Compile Actually Exists. -$! -$ IF (F$SEARCH("SYS$DISK:[]RPW.C").EQS."") -$ THEN -$! -$! Tell The User That The File Dosen't Exist. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The File RPW.C Dosen't Exist." -$ WRITE SYS$OUTPUT "" -$! -$! Exit The Build. -$! -$ EXIT -$! -$! End The RPW.C File Check. -$! -$ ENDIF -$! -$! Tell The User What We Are Building. -$! -$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"RPW.EXE" -$! -$! Compile The RPW Program. -$! -$ CC/OBJECT='OBJ_DIR'RPW.OBJ SYS$DISK:[]RPW.C -$! -$! Link The RPW Program. -$! -$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'RPW.EXE - - 'OBJ_DIR'RPW.OBJ,'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION -$! -$! All Done, Time To Return. -$! -$ RETURN -$! -$! Compile The DES Program. -$! -$ DES: -$! -$! Check To See If We Have The Proper Libraries. -$! -$ GOSUB LIB_CHECK -$! -$! Check To See If We Have A Linker Option File. -$! -$ GOSUB CHECK_OPT_FILE -$! -$! Check To See If The File We Want To Compile Actually Exists. -$! -$ IF (F$SEARCH("SYS$DISK:[]DES.C").EQS."") -$ THEN -$! -$! Tell The User That The File Dosen't Exist. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The File DES.C Dosen't Exist." -$ WRITE SYS$OUTPUT "" -$! -$! Exit The Build. -$! -$ EXIT -$! -$! End The DES.C File Check. -$! -$ ENDIF -$! -$! Tell The User What We Are Building. -$! -$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"DES.EXE" -$! -$! Compile The DES Program. -$! -$ CC/OBJECT='OBJ_DIR'DES.OBJ SYS$DISK:[]DES.C -$ CC/OBJECT='OBJ_DIR'DES.OBJ SYS$DISK:[]CBC3_ENC.C -$! -$! Link The DES Program. -$! -$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'DES.EXE - - 'OBJ_DIR'DES.OBJ,'OBJ_DIR'CBC3_ENC.OBJ,- - 'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION -$! -$! All Done, Time To Return. -$! -$ RETURN -$! -$! Compile The DES_OPTS Program. -$! -$ DES_OPTS: -$! -$! Check To See If We Have The Proper Libraries. -$! -$ GOSUB LIB_CHECK -$! -$! Check To See If We Have A Linker Option File. -$! -$ GOSUB CHECK_OPT_FILE -$! -$! Check To See If The File We Want To Compile Actually Exists. -$! -$ IF (F$SEARCH("SYS$DISK:[]DES_OPTS.C").EQS."") -$ THEN -$! -$! Tell The User That The File Dosen't Exist. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The File DES_OPTS.C Dosen't Exist." -$ WRITE SYS$OUTPUT "" -$! -$! Exit The Build. -$! -$ EXIT -$! -$! End The DES_OPTS.C File Check. -$! -$ ENDIF -$! -$! Tell The User What We Are Building. -$! -$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"DES_OPTS.EXE" -$! -$! Compile The DES_OPTS Program. -$! -$ CC/OBJECT='OBJ_DIR'DES_OPTS.OBJ SYS$DISK:[]DES_OPTS.C -$! -$! Link The DES_OPTS Program. -$! -$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'DES_OPTS.EXE - - 'OBJ_DIR'DES_OPTS.OBJ,'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION -$! -$! All Done, Time To Return. -$! -$ RETURN -$ EXIT -$! -$! Check For The Link Option FIle. -$! -$ CHECK_OPT_FILE: -$! -$! Check To See If We Need To Make A VAX C Option File. -$! -$ IF (COMPILER.EQS."VAXC") -$ THEN -$! -$! Check To See If We Already Have A VAX C Linker Option File. -$! -$ IF (F$SEARCH(OPT_FILE).EQS."") -$ THEN -$! -$! We Need A VAX C Linker Option File. -$! -$ CREATE 'OPT_FILE' -$DECK -! -! Default System Options File To Link Agianst -! The Sharable VAX C Runtime Library. -! -SYS$SHARE:VAXCRTL.EXE/SHARE -$EOD -$! -$! End The Option File Check. -$! -$ ENDIF -$! -$! End The VAXC Check. -$! -$ ENDIF -$! -$! Check To See If We Need A GNU C Option File. -$! -$ IF (COMPILER.EQS."GNUC") -$ THEN -$! -$! Check To See If We Already Have A GNU C Linker Option File. -$! -$ IF (F$SEARCH(OPT_FILE).EQS."") -$ THEN -$! -$! We Need A GNU C Linker Option File. -$! -$ CREATE 'OPT_FILE' -$DECK -! -! Default System Options File To Link Agianst -! The Sharable C Runtime Library. -! -GNU_CC:[000000]GCCLIB/LIBRARY -SYS$SHARE:VAXCRTL/SHARE -$EOD -$! -$! End The Option File Check. -$! -$ ENDIF -$! -$! End The GNU C Check. -$! -$ ENDIF -$! -$! Check To See If We Need A DEC C Option File. -$! -$ IF (COMPILER.EQS."DECC") -$ THEN -$! -$! Check To See If We Already Have A DEC C Linker Option File. -$! -$ IF (F$SEARCH(OPT_FILE).EQS."") -$ THEN -$! -$! Figure Out If We Need An AXP Or A VAX Linker Option File. -$! -$ IF (F$GETSYI("CPU").LT.128) -$ THEN -$! -$! We Need A DEC C Linker Option File For VAX. -$! -$ CREATE 'OPT_FILE' -$DECK -! -! Default System Options File To Link Agianst -! The Sharable DEC C Runtime Library. -! -SYS$SHARE:DECC$SHR.EXE/SHARE -$EOD -$! -$! Else... -$! -$ ELSE -$! -$! Create The AXP Linker Option File. -$! -$ CREATE 'OPT_FILE' -$DECK -! -! Default System Options File For AXP To Link Agianst -! The Sharable C Runtime Library. -! -SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE -SYS$SHARE:CMA$OPEN_RTL/SHARE -$EOD -$! -$! End The VAX/AXP DEC C Option File Check. -$! -$ ENDIF -$! -$! End The Option File Search. -$! -$ ENDIF -$! -$! End The DEC C Check. -$! -$ ENDIF -$! -$! Tell The User What Linker Option File We Are Using. -$! -$ WRITE SYS$OUTPUT "Using Linker Option File ",OPT_FILE,"." -$! -$! Time To RETURN. -$! -$ RETURN -$! -$! Library Check. -$! -$ LIB_CHECK: -$! -$! Look For The Library LIBDES.OLB. -$! -$ IF (F$SEARCH(LIB_NAME).EQS."") -$ THEN -$! -$! Tell The User We Can't Find The [.xxx.CRYPTO.DES]LIBDES.OLB Library. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "Can't Find The Library ",LIB_NAME,"." -$ WRITE SYS$OUTPUT "We Can't Link Without It." -$ WRITE SYS$OUTPUT "" -$! -$! Since We Can't Link Without It, Exit. -$! -$ EXIT -$ ENDIF -$! -$! Time To Return. -$! -$ RETURN -$! -$! Check The User's Options. -$! -$ CHECK_OPTIONS: -$! -$! Check To See If We Are To "Just Build Everything". -$! -$ IF (P1.EQS."ALL") -$ THEN -$! -$! P1 Is "ALL", So Build Everything. -$! -$ BUILDALL = "TRUE" -$! -$! Else... -$! -$ ELSE -$! -$! Else, Check To See If P1 Has A Valid Arguement. -$! -$ IF (P1.EQS."LIBRARY").OR.(P1.EQS."DESTEST").OR.(P1.EQS."SPEED") - - .OR.(P1.EQS."RPW").OR.(P1.EQS."DES").OR.(P1.EQS."DES_OPTS") -$ THEN -$! -$! A Valid Arguement. -$! -$ BUILDALL = P1 -$! -$! Else... -$! -$ ELSE -$! -$! Tell The User We Don't Know What They Want. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The Option ",P1," Is Invalid. The Valid Options Are:" -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT " ALL : Just Build Everything. -$ WRITE SYS$OUTPUT " LIBRARY : To Compile Just The [.xxx.EXE.CRYPTO.DES]LIBDES.OLB Library." -$ WRITE SYS$OUTPUT " DESTEST : To Compile Just The [.xxx.EXE.CRYPTO.DES]DESTEST.EXE Program." -$ WRITE SYS$OUTPUT " SPEED : To Compile Just The [.xxx.EXE.CRYPTO.DES]SPEED.EXE Program." -$ WRITE SYS$OUTPUT " RPW : To Compile Just The [.xxx.EXE.CRYPTO.DES]RPW.EXE Program." -$ WRITE SYS$OUTPUT " DES : To Compile Just The [.xxx.EXE.CRYPTO.DES]DES.EXE Program." -$ WRITE SYS$OUTPUT " DES_OPTS : To Compile Just The [.xxx.EXE.CRYTPO.DES]DES_OPTS.EXE Program." -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT " Where 'xxx' Stands For: " -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT " AXP : Alpha Architecture." -$ WRITE SYS$OUTPUT " VAX : VAX Architecture." -$ WRITE SYS$OUTPUT "" -$! -$! Time To EXIT. -$! -$ EXIT -$! -$! End The Valid Arguement Check. -$! -$ ENDIF -$! -$! End The P1 Check. -$! -$ ENDIF -$! -$! Check To See If We Are To Compile Without Debugger Information. -$! -$ IF (P2.EQS."NODEBUG") -$ THEN -$! -$! P2 Is Blank, So Compile Without Debugger Information. -$! -$ DEBUGGER = "NODEBUG" -$ TRACEBACK = "NOTRACEBACK" -$ GCC_OPTIMIZE = "OPTIMIZE" -$ CC_OPTIMIZE = "OPTIMIZE" -$ WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile." -$ WRITE SYS$OUTPUT "Compiling With Compiler Optimization." -$! -$! Else... -$! -$ ELSE -$! -$! Check To See If We Are To Compile With Debugger Information. -$! -$ IF (P2.EQS."DEBUG") -$ THEN -$! -$! Compile With Debugger Information. -$! -$ DEBUGGER = "DEBUG" -$ TRACEBACK = "TRACEBACK" -$ GCC_OPTIMIZE = "NOOPTIMIZE" -$ CC_OPTIMIZE = "NOOPTIMIZE" -$ WRITE SYS$OUTPUT "Debugger Information Will Be Produced During Compile." -$ WRITE SYS$OUTPUT "Compiling Without Compiler Optimization." -$! -$! Else... -$! -$ ELSE -$! -$! Tell The User Entered An Invalid Option.. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The Option ",P2," Is Invalid. The Valid Options Are:" -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT " DEBUG : Compile With The Debugger Information." -$ WRITE SYS$OUTPUT " NODEBUG : Compile Without The Debugger Information." -$ WRITE SYS$OUTPUT "" -$! -$! Time To EXIT. -$! -$ EXIT -$! -$! End The Valid Arguement Check. -$! -$ ENDIF -$! -$! End The P2 Check. -$! -$ ENDIF -$! -$! Special Threads For OpenVMS v7.1 Or Later. -$! -$! Written By: Richard Levitte -$! richard@levitte.org -$! -$! -$! Check To See If We Have A Option For P4. -$! -$ IF (P4.EQS."") -$ THEN -$! -$! Get The Version Of VMS We Are Using. -$! -$ ISSEVEN := "" -$ TMP = F$ELEMENT(0,"-",F$EXTRACT(1,4,F$GETSYI("VERSION"))) -$ TMP = F$INTEGER(F$ELEMENT(0,".",TMP)+F$ELEMENT(1,".",TMP)) -$! -$! Check To See If The VMS Version Is v7.1 Or Later. -$! -$ IF (TMP.GE.71) -$ THEN -$! -$! We Have OpenVMS v7.1 Or Later, So Use The Special Threads. -$! -$ ISSEVEN := ,PTHREAD_USE_D4 -$! -$! End The VMS Version Check. -$! -$ ENDIF -$! -$! End The P4 Check. -$! -$ ENDIF -$! -$! Check To See If P3 Is Blank. -$! -$ IF (P3.EQS."") -$ THEN -$! -$! O.K., The User Didn't Specify A Compiler, Let's Try To -$! Find Out Which One To Use. -$! -$! Check To See If We Have GNU C. -$! -$ IF (F$TRNLNM("GNU_CC").NES."") -$ THEN -$! -$! Looks Like GNUC, Set To Use GNUC. -$! -$ P3 = "GNUC" -$! -$! Else... -$! -$ ELSE -$! -$! Check To See If We Have VAXC Or DECC. -$! -$ IF (ARCH.EQS."AXP").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."") -$ THEN -$! -$! Looks Like DECC, Set To Use DECC. -$! -$ P3 = "DECC" -$! -$! Else... -$! -$ ELSE -$! -$! Looks Like VAXC, Set To Use VAXC. -$! -$ P3 = "VAXC" -$! -$! End The VAXC Compiler Check. -$! -$ ENDIF -$! -$! End The DECC & VAXC Compiler Check. -$! -$ ENDIF -$! -$! End The Compiler Check. -$! -$ ENDIF -$! -$! Set Up Initial CC Definitions, Possibly With User Ones -$! -$ CCDEFS = "" -$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = USER_CCDEFS -$ CCEXTRAFLAGS = "" -$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS -$ CCDISABLEWARNINGS = "" -$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN - - CCDISABLEWARNINGS = USER_CCDISABLEWARNINGS -$! -$! Check To See If The User Entered A Valid Paramter. -$! -$ IF (P3.EQS."VAXC").OR.(P3.EQS."DECC").OR.(P3.EQS."GNUC") -$ THEN -$! -$! Check To See If The User Wanted DECC. -$! -$ IF (P3.EQS."DECC") -$ THEN -$! -$! Looks Like DECC, Set To Use DECC. -$! -$ COMPILER = "DECC" -$! -$! Tell The User We Are Using DECC. -$! -$ WRITE SYS$OUTPUT "Using DECC 'C' Compiler." -$! -$! Use DECC... -$! -$ CC = "CC" -$ IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" - - THEN CC = "CC/DECC" -$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + - - "/NOLIST/PREFIX=ALL" + CCEXTRAFLAGS -$! -$! Define The Linker Options File Name. -$! -$ OPT_FILE = "SYS$DISK:[]VAX_DECC_OPTIONS.OPT" -$! -$! End DECC Check. -$! -$ ENDIF -$! -$! Check To See If We Are To Use VAXC. -$! -$ IF (P3.EQS."VAXC") -$ THEN -$! -$! Looks Like VAXC, Set To Use VAXC. -$! -$ COMPILER = "VAXC" -$! -$! Tell The User We Are Using VAX C. -$! -$ WRITE SYS$OUTPUT "Using VAXC 'C' Compiler." -$! -$! Compile Using VAXC. -$! -$ CC = "CC" -$ IF ARCH.EQS."AXP" -$ THEN -$ WRITE SYS$OUTPUT "There is no VAX C on Alpha!" -$ EXIT -$ ENDIF -$ IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC" -$ CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + CCEXTRAFLAGS -$ CCDEFS = """VAXC""," + CCDEFS -$! -$! Define As SYS$COMMON:[SYSLIB] -$! -$ DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB] -$! -$! Define The Linker Options File Name. -$! -$ OPT_FILE = "SYS$DISK:[]VAX_VAXC_OPTIONS.OPT" -$! -$! End VAXC Check -$! -$ ENDIF -$! -$! Check To See If We Are To Use GNU C. -$! -$ IF (P3.EQS."GNUC") -$ THEN -$! -$! Looks Like GNUC, Set To Use GNUC. -$! -$ COMPILER = "GNUC" -$! -$! Tell The User We Are Using GNUC. -$! -$ WRITE SYS$OUTPUT "Using GNU 'C' Compiler." -$! -$! Use GNU C... -$! -$ CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + CCEXTRAFLAGS -$! -$! Define The Linker Options File Name. -$! -$ OPT_FILE = "SYS$DISK:[]VAX_GNUC_OPTIONS.OPT" -$! -$! End The GNU C Check. -$! -$ ENDIF -$! -$! Set up default defines -$! -$ CCDEFS = """FLAT_INC=1""," + CCDEFS -$! -$! Finish up the definition of CC. -$! -$ IF COMPILER .EQS. "DECC" -$ THEN -$ IF CCDISABLEWARNINGS .EQS. "" -$ THEN -$ CC4DISABLEWARNINGS = "DOLLARID" -$ ELSE -$ CC4DISABLEWARNINGS = CCDISABLEWARNINGS + ",DOLLARID" -$ CCDISABLEWARNINGS = "/WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))" -$ ENDIF -$ CC4DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))" -$ ELSE -$ CCDISABLEWARNINGS = "" -$ CC4DISABLEWARNINGS = "" -$ ENDIF -$ CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS -$! -$! Show user the result -$! -$ WRITE SYS$OUTPUT "Main Compiling Command: ",CC -$! -$! Else The User Entered An Invalid Arguement. -$! -$ ELSE -$! -$! Tell The User We Don't Know What They Want. -$! -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT "The Option ",P3," Is Invalid. The Valid Options Are:" -$ WRITE SYS$OUTPUT "" -$ WRITE SYS$OUTPUT " VAXC : To Compile With VAX C." -$ WRITE SYS$OUTPUT " DECC : To Compile With DEC C." -$ WRITE SYS$OUTPUT " GNUC : To Compile With GNU C." -$ WRITE SYS$OUTPUT "" -$! -$! Time To EXIT. -$! -$ EXIT -$! -$! End The P3 Check. -$! -$ ENDIF -$! -$! Time To RETURN... -$! -$ RETURN diff --git a/src/lib/libcrypto/des/des.c b/src/lib/libcrypto/des/des.c deleted file mode 100644 index d8c846b23db..00000000000 --- a/src/lib/libcrypto/des/des.c +++ /dev/null @@ -1,932 +0,0 @@ -/* crypto/des/des.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include -#include -#ifndef OPENSSL_SYS_MSDOS -#ifndef OPENSSL_SYS_VMS -#include OPENSSL_UNISTD -#else /* OPENSSL_SYS_VMS */ -#ifdef __DECC -#include -#else /* not __DECC */ -#include -#endif /* __DECC */ -#endif /* OPENSSL_SYS_VMS */ -#else /* OPENSSL_SYS_MSDOS */ -#include -#endif - -#include -#include "des_ver.h" - -#ifdef OPENSSL_SYS_VMS -#include -#include -#else -#ifndef _IRIX -#include -#endif -#include -#endif -#include -#include -#include - -void usage(void); -void doencryption(void); -int uufwrite(unsigned char *data, int size, unsigned int num, FILE *fp); -void uufwriteEnd(FILE *fp); -int uufread(unsigned char *out,int size,unsigned int num,FILE *fp); -int uuencode(unsigned char *in,int num,unsigned char *out); -int uudecode(unsigned char *in,int num,unsigned char *out); -void DES_3cbc_encrypt(DES_cblock *input,DES_cblock *output,long length, - DES_key_schedule sk1,DES_key_schedule sk2, - DES_cblock *ivec1,DES_cblock *ivec2,int enc); -#ifdef OPENSSL_SYS_VMS -#define EXIT(a) exit(a&0x10000000L) -#else -#define EXIT(a) exit(a) -#endif - -#define BUFSIZE (8*1024) -#define VERIFY 1 -#define KEYSIZ 8 -#define KEYSIZB 1024 /* should hit tty line limit first :-) */ -char key[KEYSIZB+1]; -int do_encrypt,longk=0; -FILE *DES_IN,*DES_OUT,*CKSUM_OUT; -char uuname[200]; -unsigned char uubuf[50]; -int uubufnum=0; -#define INUUBUFN (45*100) -#define OUTUUBUF (65*100) -unsigned char b[OUTUUBUF]; -unsigned char bb[300]; -DES_cblock cksum={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; -char cksumname[200]=""; - -int vflag,cflag,eflag,dflag,kflag,bflag,fflag,sflag,uflag,flag3,hflag,error; - -int main(int argc, char **argv) - { - int i; - struct stat ins,outs; - char *p; - char *in=NULL,*out=NULL; - - vflag=cflag=eflag=dflag=kflag=hflag=bflag=fflag=sflag=uflag=flag3=0; - error=0; - memset(key,0,sizeof(key)); - - for (i=1; i=0; j--) - argv[i][j]='\0'; - } - break; - default: - fprintf(stderr,"'%c' unknown flag\n",p[-1]); - error=1; - break; - } - } - } - else - { - if (in == NULL) - in=argv[i]; - else if (out == NULL) - out=argv[i]; - else - error=1; - } - } - if (error) usage(); - /* We either - * do checksum or - * do encrypt or - * do decrypt or - * do decrypt then ckecksum or - * do checksum then encrypt - */ - if (((eflag+dflag) == 1) || cflag) - { - if (eflag) do_encrypt=DES_ENCRYPT; - if (dflag) do_encrypt=DES_DECRYPT; - } - else - { - if (vflag) - { -#ifndef _Windows - fprintf(stderr,"des(1) built with %s\n",libdes_version); -#endif - EXIT(1); - } - else usage(); - } - -#ifndef _Windows - if (vflag) fprintf(stderr,"des(1) built with %s\n",libdes_version); -#endif - if ( (in != NULL) && - (out != NULL) && -#ifndef OPENSSL_SYS_MSDOS - (stat(in,&ins) != -1) && - (stat(out,&outs) != -1) && - (ins.st_dev == outs.st_dev) && - (ins.st_ino == outs.st_ino)) -#else /* OPENSSL_SYS_MSDOS */ - (strcmp(in,out) == 0)) -#endif - { - fputs("input and output file are the same\n",stderr); - EXIT(3); - } - - if (!kflag) - if (des_read_pw_string(key,KEYSIZB+1,"Enter key:",eflag?VERIFY:0)) - { - fputs("password error\n",stderr); - EXIT(2); - } - - if (in == NULL) - DES_IN=stdin; - else if ((DES_IN=fopen(in,"r")) == NULL) - { - perror("opening input file"); - EXIT(4); - } - - CKSUM_OUT=stdout; - if (out == NULL) - { - DES_OUT=stdout; - CKSUM_OUT=stderr; - } - else if ((DES_OUT=fopen(out,"w")) == NULL) - { - perror("opening output file"); - EXIT(5); - } - -#ifdef OPENSSL_SYS_MSDOS - /* This should set the file to binary mode. */ - { -#include - if (!(uflag && dflag)) - setmode(fileno(DES_IN),O_BINARY); - if (!(uflag && eflag)) - setmode(fileno(DES_OUT),O_BINARY); - } -#endif - - doencryption(); - fclose(DES_IN); - fclose(DES_OUT); - EXIT(0); - } - -void usage(void) - { - char **u; - static const char *Usage[]={ -"des [input-file [output-file]]", -"options:", -"-v : des(1) version number", -"-e : encrypt using SunOS compatible user key to DES key conversion.", -"-E : encrypt ", -"-d : decrypt using SunOS compatible user key to DES key conversion.", -"-D : decrypt ", -"-c[ckname] : generate a cbc_cksum using SunOS compatible user key to", -" DES key conversion and output to ckname (stdout default,", -" stderr if data being output on stdout). The checksum is", -" generated before encryption and after decryption if used", -" in conjunction with -[eEdD].", -"-C[ckname] : generate a cbc_cksum as for -c but compatible with -[ED].", -"-k key : use key 'key'", -"-h : the key that is entered will be a hexadecimal number", -" that is used directly as the des key", -"-u[uuname] : input file is uudecoded if -[dD] or output uuencoded data if -[eE]", -" (uuname is the filename to put in the uuencode header).", -"-b : encrypt using DES in ecb encryption mode, the default is cbc mode.", -"-3 : encrypt using triple DES encryption. This uses 2 keys", -" generated from the input key. If the input key is less", -" than 8 characters long, this is equivalent to normal", -" encryption. Default is triple cbc, -b makes it triple ecb.", -NULL -}; - for (u=(char **)Usage; *u; u++) - { - fputs(*u,stderr); - fputc('\n',stderr); - } - - EXIT(1); - } - -void doencryption(void) - { -#ifdef _LIBC - extern unsigned long time(); -#endif - - register int i; - DES_key_schedule ks,ks2; - DES_cblock iv,iv2; - char *p; - int num=0,j,k,l,rem,ll,len,last,ex=0; - DES_cblock kk,k2; - FILE *O; - int Exit=0; -#ifndef OPENSSL_SYS_MSDOS - static unsigned char buf[BUFSIZE+8],obuf[BUFSIZE+8]; -#else - static unsigned char *buf=NULL,*obuf=NULL; - - if (buf == NULL) - { - if ( (( buf=OPENSSL_malloc(BUFSIZE+8)) == NULL) || - ((obuf=OPENSSL_malloc(BUFSIZE+8)) == NULL)) - { - fputs("Not enough memory\n",stderr); - Exit=10; - goto problems; - } - } -#endif - - if (hflag) - { - j=(flag3?16:8); - p=key; - for (i=0; i= '0')) - k=(*p-'0')<<4; - else if ((*p <= 'f') && (*p >= 'a')) - k=(*p-'a'+10)<<4; - else if ((*p <= 'F') && (*p >= 'A')) - k=(*p-'A'+10)<<4; - else - { - fputs("Bad hex key\n",stderr); - Exit=9; - goto problems; - } - p++; - if ((*p <= '9') && (*p >= '0')) - k|=(*p-'0'); - else if ((*p <= 'f') && (*p >= 'a')) - k|=(*p-'a'+10); - else if ((*p <= 'F') && (*p >= 'A')) - k|=(*p-'A'+10); - else - { - fputs("Bad hex key\n",stderr); - Exit=9; - goto problems; - } - p++; - if (i < 8) - kk[i]=k; - else - k2[i-8]=k; - } - DES_set_key_unchecked(&k2,&ks2); - memset(k2,0,sizeof(k2)); - } - else if (longk || flag3) - { - if (flag3) - { - DES_string_to_2keys(key,&kk,&k2); - DES_set_key_unchecked(&k2,&ks2); - memset(k2,0,sizeof(k2)); - } - else - DES_string_to_key(key,&kk); - } - else - for (i=0; i>=1; - } - if (l & 1) - kk[i]=key[i]&0x7f; - else - kk[i]=key[i]|0x80; - } - - DES_set_key_unchecked(&kk,&ks); - memset(key,0,sizeof(key)); - memset(kk,0,sizeof(kk)); - /* woops - A bug that does not showup under unix :-( */ - memset(iv,0,sizeof(iv)); - memset(iv2,0,sizeof(iv2)); - - l=1; - rem=0; - /* first read */ - if (eflag || (!dflag && cflag)) - { - for (;;) - { - num=l=fread(&(buf[rem]),1,BUFSIZE,DES_IN); - l+=rem; - num+=rem; - if (l < 0) - { - perror("read error"); - Exit=6; - goto problems; - } - - rem=l%8; - len=l-rem; - if (feof(DES_IN)) - { - for (i=7-rem; i>0; i--) - RAND_pseudo_bytes(buf + l++, 1); - buf[l++]=rem; - ex=1; - len+=rem; - } - else - l-=rem; - - if (cflag) - { - DES_cbc_cksum(buf,&cksum, - (long)len,&ks,&cksum); - if (!eflag) - { - if (feof(DES_IN)) break; - else continue; - } - } - - if (bflag && !flag3) - for (i=0; i= 8) memcpy(iv,&(obuf[l-8]),8); - } - if (rem) memcpy(buf,&(buf[l]),(unsigned int)rem); - - i=0; - while (i < l) - { - if (uflag) - j=uufwrite(obuf,1,(unsigned int)l-i, - DES_OUT); - else - j=fwrite(obuf,1,(unsigned int)l-i, - DES_OUT); - if (j == -1) - { - perror("Write error"); - Exit=7; - goto problems; - } - i+=j; - } - if (feof(DES_IN)) - { - if (uflag) uufwriteEnd(DES_OUT); - break; - } - } - } - else /* decrypt */ - { - ex=1; - for (;;) - { - if (ex) { - if (uflag) - l=uufread(buf,1,BUFSIZE,DES_IN); - else - l=fread(buf,1,BUFSIZE,DES_IN); - ex=0; - rem=l%8; - l-=rem; - } - if (l < 0) - { - perror("read error"); - Exit=6; - goto problems; - } - - if (bflag && !flag3) - for (i=0; i= 8) memcpy(iv,&(buf[l-8]),8); - } - - if (uflag) - ll=uufread(&(buf[rem]),1,BUFSIZE,DES_IN); - else - ll=fread(&(buf[rem]),1,BUFSIZE,DES_IN); - ll+=rem; - rem=ll%8; - ll-=rem; - if (feof(DES_IN) && (ll == 0)) - { - last=obuf[l-1]; - - if ((last > 7) || (last < 0)) - { - fputs("The file was not decrypted correctly.\n", - stderr); - Exit=8; - last=0; - } - l=l-8+last; - } - i=0; - if (cflag) DES_cbc_cksum(obuf, - (DES_cblock *)cksum,(long)l/8*8,&ks, - (DES_cblock *)cksum); - while (i != l) - { - j=fwrite(obuf,1,(unsigned int)l-i,DES_OUT); - if (j == -1) - { - perror("Write error"); - Exit=7; - goto problems; - } - i+=j; - } - l=ll; - if ((l == 0) && feof(DES_IN)) break; - } - } - if (cflag) - { - l=0; - if (cksumname[0] != '\0') - { - if ((O=fopen(cksumname,"w")) != NULL) - { - CKSUM_OUT=O; - l=1; - } - } - for (i=0; i<8; i++) - fprintf(CKSUM_OUT,"%02X",cksum[i]); - fprintf(CKSUM_OUT,"\n"); - if (l) fclose(CKSUM_OUT); - } -problems: - memset(buf,0,sizeof(buf)); - memset(obuf,0,sizeof(obuf)); - memset(&ks,0,sizeof(ks)); - memset(&ks2,0,sizeof(ks2)); - memset(iv,0,sizeof(iv)); - memset(iv2,0,sizeof(iv2)); - memset(kk,0,sizeof(kk)); - memset(k2,0,sizeof(k2)); - memset(uubuf,0,sizeof(uubuf)); - memset(b,0,sizeof(b)); - memset(bb,0,sizeof(bb)); - memset(cksum,0,sizeof(cksum)); - if (Exit) EXIT(Exit); - } - -/* We ignore this parameter but it should be > ~50 I believe */ -int uufwrite(unsigned char *data, int size, unsigned int num, FILE *fp) - { - int i,j,left,rem,ret=num; - static int start=1; - - if (start) - { - fprintf(fp,"begin 600 %s\n", - (uuname[0] == '\0')?"text.d":uuname); - start=0; - } - - if (uubufnum) - { - if (uubufnum+num < 45) - { - memcpy(&(uubuf[uubufnum]),data,(unsigned int)num); - uubufnum+=num; - return(num); - } - else - { - i=45-uubufnum; - memcpy(&(uubuf[uubufnum]),data,(unsigned int)i); - j=uuencode((unsigned char *)uubuf,45,b); - fwrite(b,1,(unsigned int)j,fp); - uubufnum=0; - data+=i; - num-=i; - } - } - - for (i=0; i<(((int)num)-INUUBUFN); i+=INUUBUFN) - { - j=uuencode(&(data[i]),INUUBUFN,b); - fwrite(b,1,(unsigned int)j,fp); - } - rem=(num-i)%45; - left=(num-i-rem); - if (left) - { - j=uuencode(&(data[i]),left,b); - fwrite(b,1,(unsigned int)j,fp); - i+=left; - } - if (i != num) - { - memcpy(uubuf,&(data[i]),(unsigned int)rem); - uubufnum=rem; - } - return(ret); - } - -void uufwriteEnd(FILE *fp) - { - int j; - static const char *end=" \nend\n"; - - if (uubufnum != 0) - { - uubuf[uubufnum]='\0'; - uubuf[uubufnum+1]='\0'; - uubuf[uubufnum+2]='\0'; - j=uuencode(uubuf,uubufnum,b); - fwrite(b,1,(unsigned int)j,fp); - } - fwrite(end,1,strlen(end),fp); - } - -/* int size: should always be > ~ 60; I actually ignore this parameter :-) */ -int uufread(unsigned char *out, int size, unsigned int num, FILE *fp) - { - int i,j,tot; - static int done=0; - static int valid=0; - static int start=1; - - if (start) - { - for (;;) - { - b[0]='\0'; - fgets((char *)b,300,fp); - if (b[0] == '\0') - { - fprintf(stderr,"no 'begin' found in uuencoded input\n"); - return(-1); - } - if (strncmp((char *)b,"begin ",6) == 0) break; - } - start=0; - } - if (done) return(0); - tot=0; - if (valid) - { - memcpy(out,bb,(unsigned int)valid); - tot=valid; - valid=0; - } - for (;;) - { - b[0]='\0'; - fgets((char *)b,300,fp); - if (b[0] == '\0') break; - i=strlen((char *)b); - if ((b[0] == 'e') && (b[1] == 'n') && (b[2] == 'd')) - { - done=1; - while (!feof(fp)) - { - fgets((char *)b,300,fp); - } - break; - } - i=uudecode(b,i,bb); - if (i < 0) break; - if ((i+tot+8) > num) - { - /* num to copy to make it a multiple of 8 */ - j=(num/8*8)-tot-8; - memcpy(&(out[tot]),bb,(unsigned int)j); - tot+=j; - memcpy(bb,&(bb[j]),(unsigned int)i-j); - valid=i-j; - break; - } - memcpy(&(out[tot]),bb,(unsigned int)i); - tot+=i; - } - return(tot); - } - -#define ccc2l(c,l) (l =((DES_LONG)(*((c)++)))<<16, \ - l|=((DES_LONG)(*((c)++)))<< 8, \ - l|=((DES_LONG)(*((c)++)))) - -#define l2ccc(l,c) (*((c)++)=(unsigned char)(((l)>>16)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff)) - - -int uuencode(unsigned char *in, int num, unsigned char *out) - { - int j,i,n,tot=0; - DES_LONG l; - register unsigned char *p; - p=out; - - for (j=0; j num) - i=(num-j); - else i=45; - *(p++)=i+' '; - for (n=0; n>18)&0x3f)+' '; - *(p++)=((l>>12)&0x3f)+' '; - *(p++)=((l>> 6)&0x3f)+' '; - *(p++)=((l )&0x3f)+' '; - tot+=4; - } - *(p++)='\n'; - tot+=2; - } - *p='\0'; - l=0; - return(tot); - } - -int uudecode(unsigned char *in, int num, unsigned char *out) - { - int j,i,k; - unsigned int n=0,space=0; - DES_LONG l; - DES_LONG w,x,y,z; - unsigned int blank=(unsigned int)'\n'-' '; - - for (j=0; j 60) - { - fprintf(stderr,"uuencoded line length too long\n"); - return(-1); - } - j++; - - for (i=0; i 63) || (x > 63) || (y > 63) || (z > 63)) - { - k=0; - if (w == blank) k=1; - if (x == blank) k=2; - if (y == blank) k=3; - if (z == blank) k=4; - space=1; - switch (k) { - case 1: w=0; in--; - case 2: x=0; in--; - case 3: y=0; in--; - case 4: z=0; in--; - break; - case 0: - space=0; - fprintf(stderr,"bad uuencoded data values\n"); - w=x=y=z=0; - return(-1); - break; - } - } - l=(w<<18)|(x<<12)|(y<< 6)|(z ); - l2ccc(l,out); - } - if (*(in++) != '\n') - { - fprintf(stderr,"missing nl in uuencoded line\n"); - w=x=y=z=0; - return(-1); - } - j++; - } - *out='\0'; - w=x=y=z=0; - return(n); - } diff --git a/src/lib/libcrypto/des/des.h b/src/lib/libcrypto/des/des.h index dfe5ff64e44..e1331d3fa2c 100644 --- a/src/lib/libcrypto/des/des.h +++ b/src/lib/libcrypto/des/des.h @@ -1,4 +1,4 @@ -/* crypto/des/des.h */ +/* $OpenBSD: des.h,v 1.19 2015/02/07 13:19:15 doug Exp $ */ /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -56,22 +56,15 @@ * [including the GNU Public Licence.] */ -#ifndef HEADER_DES_H -#define HEADER_DES_H +#ifndef HEADER_NEW_DES_H +#define HEADER_NEW_DES_H + +#include #ifdef OPENSSL_NO_DES #error DES is disabled. #endif -#include /* DES_LONG */ -#include /* OPENSSL_EXTERN */ - -#ifdef OPENSSL_BUILD_SHLIBCRYPTO -# undef OPENSSL_EXTERN -# define OPENSSL_EXTERN OPENSSL_EXPORT -#endif - -#define des_SPtrans DES_SPtrans #ifdef __cplusplus extern "C" { @@ -93,16 +86,6 @@ typedef struct DES_ks } ks[16]; } DES_key_schedule; -#ifndef OPENSSL_DISABLE_OLD_DES_SUPPORT -# ifndef OPENSSL_ENABLE_OLD_DES_SUPPORT -# define OPENSSL_ENABLE_OLD_DES_SUPPORT -# endif -#endif - -#ifdef OPENSSL_ENABLE_OLD_DES_SUPPORT -# include -#endif - #define DES_KEY_SZ (sizeof(DES_cblock)) #define DES_SCHEDULE_SZ (sizeof(DES_key_schedule)) @@ -124,10 +107,8 @@ typedef struct DES_ks #define DES_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \ DES_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n)) -OPENSSL_DECLARE_GLOBAL(int,DES_check_key); /* defaults to false */ -#define DES_check_key OPENSSL_GLOBAL_REF(DES_check_key) -OPENSSL_DECLARE_GLOBAL(int,DES_rw_mode); /* defaults to DES_PCBC_MODE */ -#define DES_rw_mode OPENSSL_GLOBAL_REF(DES_rw_mode) +extern int DES_check_key; /* defaults to false */ +extern int DES_rw_mode; /* defaults to DES_PCBC_MODE */ const char *DES_options(void); void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output, @@ -189,14 +170,14 @@ void DES_ede3_cfb64_encrypt(const unsigned char *in,unsigned char *out, long length,DES_key_schedule *ks1, DES_key_schedule *ks2,DES_key_schedule *ks3, DES_cblock *ivec,int *num,int enc); +void DES_ede3_cfb_encrypt(const unsigned char *in,unsigned char *out, + int numbits,long length,DES_key_schedule *ks1, + DES_key_schedule *ks2,DES_key_schedule *ks3, + DES_cblock *ivec,int enc); void DES_ede3_ofb64_encrypt(const unsigned char *in,unsigned char *out, long length,DES_key_schedule *ks1, DES_key_schedule *ks2,DES_key_schedule *ks3, DES_cblock *ivec,int *num); - -void DES_xwhite_in2out(const_DES_cblock *DES_key,const_DES_cblock *in_white, - DES_cblock *out_white); - int DES_enc_read(int fd,void *buf,int len,DES_key_schedule *sched, DES_cblock *iv); int DES_enc_write(int fd,const void *buf,int len,DES_key_schedule *sched, @@ -229,10 +210,6 @@ void DES_cfb64_encrypt(const unsigned char *in,unsigned char *out,long length, void DES_ofb64_encrypt(const unsigned char *in,unsigned char *out,long length, DES_key_schedule *schedule,DES_cblock *ivec,int *num); -int DES_read_password(DES_cblock *key, const char *prompt, int verify); -int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2, const char *prompt, - int verify); - #define DES_fixup_key_parity DES_set_odd_parity #ifdef __cplusplus diff --git a/src/lib/libcrypto/des/des.pod b/src/lib/libcrypto/des/des.pod deleted file mode 100644 index bf479e83d26..00000000000 --- a/src/lib/libcrypto/des/des.pod +++ /dev/null @@ -1,217 +0,0 @@ -=pod - -=head1 NAME - -des - encrypt or decrypt data using Data Encryption Standard - -=head1 SYNOPSIS - -B -( -B<-e> -| -B<-E> -) | ( -B<-d> -| -B<-D> -) | ( -B<->[B][B] -) | -[ -B<-b3hfs> -] [ -B<-k> -I -] -] [ -B<-u>[I] -[ -I -[ -I -] ] - -=head1 NOTE - -This page describes the B stand-alone program, not the B -command. - -=head1 DESCRIPTION - -B -encrypts and decrypts data using the -Data Encryption Standard algorithm. -One of -B<-e>, B<-E> -(for encrypt) or -B<-d>, B<-D> -(for decrypt) must be specified. -It is also possible to use -B<-c> -or -B<-C> -in conjunction or instead of the a encrypt/decrypt option to generate -a 16 character hexadecimal checksum, generated via the -I. - -Two standard encryption modes are supported by the -B -program, Cipher Block Chaining (the default) and Electronic Code Book -(specified with -B<-b>). - -The key used for the DES -algorithm is obtained by prompting the user unless the -B<-k> -I -option is given. -If the key is an argument to the -B -command, it is potentially visible to users executing -ps(1) -or a derivative. To minimise this possibility, -B -takes care to destroy the key argument immediately upon entry. -If your shell keeps a history file be careful to make sure it is not -world readable. - -Since this program attempts to maintain compatibility with sunOS's -des(1) command, there are 2 different methods used to convert the user -supplied key to a des key. -Whenever and one or more of -B<-E>, B<-D>, B<-C> -or -B<-3> -options are used, the key conversion procedure will not be compatible -with the sunOS des(1) version but will use all the user supplied -character to generate the des key. -B -command reads from standard input unless -I -is specified and writes to standard output unless -I -is given. - -=head1 OPTIONS - -=over 4 - -=item B<-b> - -Select ECB -(eight bytes at a time) encryption mode. - -=item B<-3> - -Encrypt using triple encryption. -By default triple cbc encryption is used but if the -B<-b> -option is used then triple ECB encryption is performed. -If the key is less than 8 characters long, the flag has no effect. - -=item B<-e> - -Encrypt data using an 8 byte key in a manner compatible with sunOS -des(1). - -=item B<-E> - -Encrypt data using a key of nearly unlimited length (1024 bytes). -This will product a more secure encryption. - -=item B<-d> - -Decrypt data that was encrypted with the B<-e> option. - -=item B<-D> - -Decrypt data that was encrypted with the B<-E> option. - -=item B<-c> - -Generate a 16 character hexadecimal cbc checksum and output this to -stderr. -If a filename was specified after the -B<-c> -option, the checksum is output to that file. -The checksum is generated using a key generated in a sunOS compatible -manner. - -=item B<-C> - -A cbc checksum is generated in the same manner as described for the -B<-c> -option but the DES key is generated in the same manner as used for the -B<-E> -and -B<-D> -options - -=item B<-f> - -Does nothing - allowed for compatibility with sunOS des(1) command. - -=item B<-s> - -Does nothing - allowed for compatibility with sunOS des(1) command. - -=item B<-k> I - -Use the encryption -I -specified. - -=item B<-h> - -The -I -is assumed to be a 16 character hexadecimal number. -If the -B<-3> -option is used the key is assumed to be a 32 character hexadecimal -number. - -=item B<-u> - -This flag is used to read and write uuencoded files. If decrypting, -the input file is assumed to contain uuencoded, DES encrypted data. -If encrypting, the characters following the B<-u> are used as the name of -the uuencoded file to embed in the begin line of the uuencoded -output. If there is no name specified after the B<-u>, the name text.des -will be embedded in the header. - -=head1 SEE ALSO - -ps(1), -L - -=head1 BUGS - -The problem with using the -B<-e> -option is the short key length. -It would be better to use a real 56-bit key rather than an -ASCII-based 56-bit pattern. Knowing that the key was derived from ASCII -radically reduces the time necessary for a brute-force cryptographic attack. -My attempt to remove this problem is to add an alternative text-key to -DES-key function. This alternative function (accessed via -B<-E>, B<-D>, B<-S> -and -B<-3>) -uses DES to help generate the key. - -Be carefully when using the B<-u> option. Doing B I will -not decrypt filename (the B<-u> option will gobble the B<-d> option). - -The VMS operating system operates in a world where files are always a -multiple of 512 bytes. This causes problems when encrypted data is -send from Unix to VMS since a 88 byte file will suddenly be padded -with 424 null bytes. To get around this problem, use the B<-u> option -to uuencode the data before it is send to the VMS system. - -=head1 AUTHOR - -Eric Young (eay@cryptsoft.com) - -=cut diff --git a/src/lib/libcrypto/des/des3s.cpp b/src/lib/libcrypto/des/des3s.cpp deleted file mode 100644 index 02d527c057c..00000000000 --- a/src/lib/libcrypto/des/des3s.cpp +++ /dev/null @@ -1,67 +0,0 @@ -// -// gettsc.inl -// -// gives access to the Pentium's (secret) cycle counter -// -// This software was written by Leonard Janke (janke@unixg.ubc.ca) -// in 1996-7 and is entered, by him, into the public domain. - -#if defined(__WATCOMC__) -void GetTSC(unsigned long&); -#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax]; -#elif defined(__GNUC__) -inline -void GetTSC(unsigned long& tsc) -{ - asm volatile(".byte 15, 49\n\t" - : "=eax" (tsc) - : - : "%edx", "%eax"); -} -#elif defined(_MSC_VER) -inline -void GetTSC(unsigned long& tsc) -{ - unsigned long a; - __asm _emit 0fh - __asm _emit 31h - __asm mov a, eax; - tsc=a; -} -#endif - -#include -#include -#include - -void main(int argc,char *argv[]) - { - des_key_schedule key1,key2,key3; - unsigned long s1,s2,e1,e2; - unsigned long data[2]; - int i,j; - - for (j=0; j<6; j++) - { - for (i=0; i<1000; i++) /**/ - { - des_encrypt3(&data[0],key1,key2,key3); - GetTSC(s1); - des_encrypt3(&data[0],key1,key2,key3); - des_encrypt3(&data[0],key1,key2,key3); - des_encrypt3(&data[0],key1,key2,key3); - GetTSC(e1); - GetTSC(s2); - des_encrypt3(&data[0],key1,key2,key3); - des_encrypt3(&data[0],key1,key2,key3); - des_encrypt3(&data[0],key1,key2,key3); - des_encrypt3(&data[0],key1,key2,key3); - GetTSC(e2); - des_encrypt3(&data[0],key1,key2,key3); - } - - printf("des %d %d (%d)\n", - e1-s1,e2-s2,((e2-s2)-(e1-s1))); - } - } - diff --git a/src/lib/libcrypto/des/des_enc.c b/src/lib/libcrypto/des/des_enc.c index 1c37ab96d3d..1de35e1e341 100644 --- a/src/lib/libcrypto/des/des_enc.c +++ b/src/lib/libcrypto/des/des_enc.c @@ -1,4 +1,4 @@ -/* crypto/des/des_enc.c */ +/* $OpenBSD: des_enc.c,v 1.12 2014/10/28 07:35:58 jsg Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -57,17 +57,20 @@ */ #include "des_locl.h" +#include "spr.h" + +#ifndef OPENBSD_DES_ASM void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc) { - register DES_LONG l,r,t,u; + DES_LONG l,r,t,u; #ifdef DES_PTR - register const unsigned char *des_SP=(const unsigned char *)DES_SPtrans; + const unsigned char *des_SP=(const unsigned char *)DES_SPtrans; #endif #ifndef DES_UNROLL - register int i; + int i; #endif - register DES_LONG *s; + DES_LONG *s; r=data[0]; l=data[1]; @@ -107,12 +110,10 @@ void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc) D_ENCRYPT(l,r,28); /* 15 */ D_ENCRYPT(r,l,30); /* 16 */ #else - for (i=0; i<32; i+=8) + for (i=0; i<32; i+=4) { D_ENCRYPT(l,r,i+0); /* 1 */ D_ENCRYPT(r,l,i+2); /* 2 */ - D_ENCRYPT(l,r,i+4); /* 3 */ - D_ENCRYPT(r,l,i+6); /* 4 */ } #endif } @@ -136,12 +137,10 @@ void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc) D_ENCRYPT(l,r, 2); /* 2 */ D_ENCRYPT(r,l, 0); /* 1 */ #else - for (i=30; i>0; i-=8) + for (i=30; i>0; i-=4) { D_ENCRYPT(l,r,i-0); /* 16 */ D_ENCRYPT(r,l,i-2); /* 15 */ - D_ENCRYPT(l,r,i-4); /* 14 */ - D_ENCRYPT(r,l,i-6); /* 13 */ } #endif } @@ -158,14 +157,14 @@ void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc) void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc) { - register DES_LONG l,r,t,u; + DES_LONG l,r,t,u; #ifdef DES_PTR - register const unsigned char *des_SP=(const unsigned char *)DES_SPtrans; + const unsigned char *des_SP=(const unsigned char *)DES_SPtrans; #endif #ifndef DES_UNROLL - register int i; + int i; #endif - register DES_LONG *s; + DES_LONG *s; r=data[0]; l=data[1]; @@ -203,12 +202,10 @@ void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc) D_ENCRYPT(l,r,28); /* 15 */ D_ENCRYPT(r,l,30); /* 16 */ #else - for (i=0; i<32; i+=8) + for (i=0; i<32; i+=4) { D_ENCRYPT(l,r,i+0); /* 1 */ D_ENCRYPT(r,l,i+2); /* 2 */ - D_ENCRYPT(l,r,i+4); /* 3 */ - D_ENCRYPT(r,l,i+6); /* 4 */ } #endif } @@ -232,12 +229,10 @@ void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc) D_ENCRYPT(l,r, 2); /* 2 */ D_ENCRYPT(r,l, 0); /* 1 */ #else - for (i=30; i>0; i-=8) + for (i=30; i>0; i-=4) { D_ENCRYPT(l,r,i-0); /* 16 */ D_ENCRYPT(r,l,i-2); /* 15 */ - D_ENCRYPT(l,r,i-4); /* 14 */ - D_ENCRYPT(r,l,i-6); /* 13 */ } #endif } @@ -247,10 +242,12 @@ void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc) l=r=t=u=0; } +#endif /* OPENBSD_DES_ASM */ + void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1, DES_key_schedule *ks2, DES_key_schedule *ks3) { - register DES_LONG l,r; + DES_LONG l,r; l=data[0]; r=data[1]; @@ -270,7 +267,7 @@ void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1, void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1, DES_key_schedule *ks2, DES_key_schedule *ks3) { - register DES_LONG l,r; + DES_LONG l,r; l=data[0]; r=data[1]; @@ -297,11 +294,11 @@ void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output, DES_key_schedule *ks2, DES_key_schedule *ks3, DES_cblock *ivec, int enc) { - register DES_LONG tin0,tin1; - register DES_LONG tout0,tout1,xor0,xor1; - register const unsigned char *in; + DES_LONG tin0,tin1; + DES_LONG tout0,tout1,xor0,xor1; + const unsigned char *in; unsigned char *out; - register long l=length; + long l=length; DES_LONG tin[2]; unsigned char *iv; @@ -350,7 +347,7 @@ void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output, } else { - register DES_LONG t0,t1; + DES_LONG t0,t1; c2l(iv,xor0); c2l(iv,xor1); diff --git a/src/lib/libcrypto/des/des_locl.h b/src/lib/libcrypto/des/des_locl.h index 70e833be3f6..34a7609873c 100644 --- a/src/lib/libcrypto/des/des_locl.h +++ b/src/lib/libcrypto/des/des_locl.h @@ -1,4 +1,4 @@ -/* crypto/des/des_locl.h */ +/* $OpenBSD: des_locl.h,v 1.19 2016/12/21 15:49:29 jsing Exp $ */ /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -59,44 +59,18 @@ #ifndef HEADER_DES_LOCL_H #define HEADER_DES_LOCL_H -#include - -#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) -#ifndef OPENSSL_SYS_MSDOS -#define OPENSSL_SYS_MSDOS -#endif -#endif - +#include +#include #include #include +#include +#include -#ifndef OPENSSL_SYS_MSDOS -#if !defined(OPENSSL_SYS_VMS) || defined(__DECC) -#ifdef OPENSSL_UNISTD -# include OPENSSL_UNISTD -#else -# include -#endif -#include -#endif -#endif -#include +#include -#ifdef OPENSSL_SYS_MSDOS /* Visual C++ 2.1 (Windows NT/95) */ -#include -#include -#include -#include -#endif - -#if defined(__STDC__) || defined(OPENSSL_SYS_VMS) || defined(M_XENIX) || defined(OPENSSL_SYS_MSDOS) -#include -#endif +#include -#ifdef OPENSSL_BUILD_SHLIBCRYPTO -# undef OPENSSL_EXTERN -# define OPENSSL_EXTERN OPENSSL_EXPORT -#endif +__BEGIN_HIDDEN_DECLS #define ITERATIONS 16 #define HALF_ITERATIONS 8 @@ -160,11 +134,10 @@ } \ } -#if defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER) -#define ROTATE(a,n) (_lrotr(a,n)) -#else -#define ROTATE(a,n) (((a)>>(n))+((a)<<(32-(n)))) -#endif +static inline uint32_t ROTATE(uint32_t a, uint32_t n) +{ + return (a>>n)+(a<<(32-n)); +} /* Don't worry about the LOAD_DATA() stuff, that is used by * fcrypt() to add it's little bit to the front */ @@ -392,7 +365,7 @@ #define IP(l,r) \ { \ - register DES_LONG tt; \ + DES_LONG tt; \ PERM_OP(r,l,tt, 4,0x0f0f0f0fL); \ PERM_OP(l,r,tt,16,0x0000ffffL); \ PERM_OP(r,l,tt, 2,0x33333333L); \ @@ -402,7 +375,7 @@ #define FP(l,r) \ { \ - register DES_LONG tt; \ + DES_LONG tt; \ PERM_OP(l,r,tt, 1,0x55555555L); \ PERM_OP(r,l,tt, 8,0x00ff00ffL); \ PERM_OP(l,r,tt, 2,0x33333333L); \ @@ -410,8 +383,15 @@ PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \ } -OPENSSL_EXTERN const DES_LONG DES_SPtrans[8][64]; +extern const DES_LONG DES_SPtrans[8][64]; void fcrypt_body(DES_LONG *out,DES_key_schedule *ks, DES_LONG Eswap0, DES_LONG Eswap1); + +#ifdef OPENSSL_SMALL_FOOTPRINT +#undef DES_UNROLL +#endif + +__END_HIDDEN_DECLS + #endif diff --git a/src/lib/libcrypto/des/des_old.c b/src/lib/libcrypto/des/des_old.c deleted file mode 100644 index 7e4cd7180d1..00000000000 --- a/src/lib/libcrypto/des/des_old.c +++ /dev/null @@ -1,271 +0,0 @@ -/* crypto/des/des_old.c -*- mode:C; c-file-style: "eay" -*- */ - -/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING - * - * The function names in here are deprecated and are only present to - * provide an interface compatible with libdes. OpenSSL now provides - * functions where "des_" has been replaced with "DES_" in the names, - * to make it possible to make incompatible changes that are needed - * for C type security and other stuff. - * - * Please consider starting to use the DES_ functions rather than the - * des_ ones. The des_ functions will dissapear completely before - * OpenSSL 1.0! - * - * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING - */ - -/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL - * project 2001. - */ -/* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#define OPENSSL_DES_LIBDES_COMPATIBILITY -#include -#include - -const char *_ossl_old_des_options(void) - { - return DES_options(); - } -void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output, - des_key_schedule ks1,des_key_schedule ks2, - des_key_schedule ks3, int enc) - { - DES_ecb3_encrypt((const_DES_cblock *)input, output, - (DES_key_schedule *)ks1, (DES_key_schedule *)ks2, - (DES_key_schedule *)ks3, enc); - } -DES_LONG _ossl_old_des_cbc_cksum(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output, - long length,des_key_schedule schedule,_ossl_old_des_cblock *ivec) - { - return DES_cbc_cksum((unsigned char *)input, output, length, - (DES_key_schedule *)schedule, ivec); - } -void _ossl_old_des_cbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length, - des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc) - { - DES_cbc_encrypt((unsigned char *)input, (unsigned char *)output, - length, (DES_key_schedule *)schedule, ivec, enc); - } -void _ossl_old_des_ncbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length, - des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc) - { - DES_ncbc_encrypt((unsigned char *)input, (unsigned char *)output, - length, (DES_key_schedule *)schedule, ivec, enc); - } -void _ossl_old_des_xcbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length, - des_key_schedule schedule,_ossl_old_des_cblock *ivec, - _ossl_old_des_cblock *inw,_ossl_old_des_cblock *outw,int enc) - { - DES_xcbc_encrypt((unsigned char *)input, (unsigned char *)output, - length, (DES_key_schedule *)schedule, ivec, inw, outw, enc); - } -void _ossl_old_des_cfb_encrypt(unsigned char *in,unsigned char *out,int numbits, - long length,des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc) - { - DES_cfb_encrypt(in, out, numbits, length, - (DES_key_schedule *)schedule, ivec, enc); - } -void _ossl_old_des_ecb_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output, - des_key_schedule ks,int enc) - { - DES_ecb_encrypt(input, output, (DES_key_schedule *)ks, enc); - } -void _ossl_old_des_encrypt(DES_LONG *data,des_key_schedule ks, int enc) - { - DES_encrypt1(data, (DES_key_schedule *)ks, enc); - } -void _ossl_old_des_encrypt2(DES_LONG *data,des_key_schedule ks, int enc) - { - DES_encrypt2(data, (DES_key_schedule *)ks, enc); - } -void _ossl_old_des_encrypt3(DES_LONG *data, des_key_schedule ks1, - des_key_schedule ks2, des_key_schedule ks3) - { - DES_encrypt3(data, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2, - (DES_key_schedule *)ks3); - } -void _ossl_old_des_decrypt3(DES_LONG *data, des_key_schedule ks1, - des_key_schedule ks2, des_key_schedule ks3) - { - DES_decrypt3(data, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2, - (DES_key_schedule *)ks3); - } -void _ossl_old_des_ede3_cbc_encrypt(_ossl_old_des_cblock *input, _ossl_old_des_cblock *output, - long length, des_key_schedule ks1, des_key_schedule ks2, - des_key_schedule ks3, _ossl_old_des_cblock *ivec, int enc) - { - DES_ede3_cbc_encrypt((unsigned char *)input, (unsigned char *)output, - length, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2, - (DES_key_schedule *)ks3, ivec, enc); - } -void _ossl_old_des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out, - long length, des_key_schedule ks1, des_key_schedule ks2, - des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num, int enc) - { - DES_ede3_cfb64_encrypt(in, out, length, - (DES_key_schedule *)ks1, (DES_key_schedule *)ks2, - (DES_key_schedule *)ks3, ivec, num, enc); - } -void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out, - long length, des_key_schedule ks1, des_key_schedule ks2, - des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num) - { - DES_ede3_ofb64_encrypt(in, out, length, - (DES_key_schedule *)ks1, (DES_key_schedule *)ks2, - (DES_key_schedule *)ks3, ivec, num); - } - -void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key), _ossl_old_des_cblock (*in_white), - _ossl_old_des_cblock (*out_white)) - { - DES_xwhite_in2out(des_key, in_white, out_white); - } - -int _ossl_old_des_enc_read(int fd,char *buf,int len,des_key_schedule sched, - _ossl_old_des_cblock *iv) - { - return DES_enc_read(fd, buf, len, (DES_key_schedule *)sched, iv); - } -int _ossl_old_des_enc_write(int fd,char *buf,int len,des_key_schedule sched, - _ossl_old_des_cblock *iv) - { - return DES_enc_write(fd, buf, len, (DES_key_schedule *)sched, iv); - } -char *_ossl_old_des_fcrypt(const char *buf,const char *salt, char *ret) - { - return DES_fcrypt(buf, salt, ret); - } -char *_ossl_old_des_crypt(const char *buf,const char *salt) - { - return DES_crypt(buf, salt); - } -char *_ossl_old_crypt(const char *buf,const char *salt) - { - return DES_crypt(buf, salt); - } -void _ossl_old_des_ofb_encrypt(unsigned char *in,unsigned char *out, - int numbits,long length,des_key_schedule schedule,_ossl_old_des_cblock *ivec) - { - DES_ofb_encrypt(in, out, numbits, length, (DES_key_schedule *)schedule, - ivec); - } -void _ossl_old_des_pcbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length, - des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc) - { - DES_pcbc_encrypt((unsigned char *)input, (unsigned char *)output, - length, (DES_key_schedule *)schedule, ivec, enc); - } -DES_LONG _ossl_old_des_quad_cksum(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output, - long length,int out_count,_ossl_old_des_cblock *seed) - { - return DES_quad_cksum((unsigned char *)input, output, length, - out_count, seed); - } -void _ossl_old_des_random_seed(_ossl_old_des_cblock key) - { - RAND_seed(key, sizeof(_ossl_old_des_cblock)); - } -void _ossl_old_des_random_key(_ossl_old_des_cblock ret) - { - DES_random_key((DES_cblock *)ret); - } -int _ossl_old_des_read_password(_ossl_old_des_cblock *key, const char *prompt, - int verify) - { - return DES_read_password(key, prompt, verify); - } -int _ossl_old_des_read_2passwords(_ossl_old_des_cblock *key1, _ossl_old_des_cblock *key2, - const char *prompt, int verify) - { - return DES_read_2passwords(key1, key2, prompt, verify); - } -void _ossl_old_des_set_odd_parity(_ossl_old_des_cblock *key) - { - DES_set_odd_parity(key); - } -int _ossl_old_des_is_weak_key(_ossl_old_des_cblock *key) - { - return DES_is_weak_key(key); - } -int _ossl_old_des_set_key(_ossl_old_des_cblock *key,des_key_schedule schedule) - { - return DES_set_key(key, (DES_key_schedule *)schedule); - } -int _ossl_old_des_key_sched(_ossl_old_des_cblock *key,des_key_schedule schedule) - { - return DES_key_sched(key, (DES_key_schedule *)schedule); - } -void _ossl_old_des_string_to_key(char *str,_ossl_old_des_cblock *key) - { - DES_string_to_key(str, key); - } -void _ossl_old_des_string_to_2keys(char *str,_ossl_old_des_cblock *key1,_ossl_old_des_cblock *key2) - { - DES_string_to_2keys(str, key1, key2); - } -void _ossl_old_des_cfb64_encrypt(unsigned char *in, unsigned char *out, long length, - des_key_schedule schedule, _ossl_old_des_cblock *ivec, int *num, int enc) - { - DES_cfb64_encrypt(in, out, length, (DES_key_schedule *)schedule, - ivec, num, enc); - } -void _ossl_old_des_ofb64_encrypt(unsigned char *in, unsigned char *out, long length, - des_key_schedule schedule, _ossl_old_des_cblock *ivec, int *num) - { - DES_ofb64_encrypt(in, out, length, (DES_key_schedule *)schedule, - ivec, num); - } diff --git a/src/lib/libcrypto/des/des_old.h b/src/lib/libcrypto/des/des_old.h deleted file mode 100644 index 2bb5fa9d1be..00000000000 --- a/src/lib/libcrypto/des/des_old.h +++ /dev/null @@ -1,433 +0,0 @@ -/* crypto/des/des_old.h -*- mode:C; c-file-style: "eay" -*- */ - -/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING - * - * The function names in here are deprecated and are only present to - * provide an interface compatible with openssl 0.9.6 and older as - * well as libdes. OpenSSL now provides functions where "des_" has - * been replaced with "DES_" in the names, to make it possible to - * make incompatible changes that are needed for C type security and - * other stuff. - * - * This include files has two compatibility modes: - * - * - If OPENSSL_DES_LIBDES_COMPATIBILITY is defined, you get an API - * that is compatible with libdes and SSLeay. - * - If OPENSSL_DES_LIBDES_COMPATIBILITY isn't defined, you get an - * API that is compatible with OpenSSL 0.9.5x to 0.9.6x. - * - * Note that these modes break earlier snapshots of OpenSSL, where - * libdes compatibility was the only available mode or (later on) the - * prefered compatibility mode. However, after much consideration - * (and more or less violent discussions with external parties), it - * was concluded that OpenSSL should be compatible with earlier versions - * of itself before anything else. Also, in all honesty, libdes is - * an old beast that shouldn't really be used any more. - * - * Please consider starting to use the DES_ functions rather than the - * des_ ones. The des_ functions will disappear completely before - * OpenSSL 1.0! - * - * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING - */ - -/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL - * project 2001. - */ -/* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#ifndef HEADER_DES_OLD_H -#define HEADER_DES_OLD_H - -#ifdef OPENSSL_NO_DES -#error DES is disabled. -#endif - -#ifndef HEADER_DES_H -#error You must include des.h, not des_old.h directly. -#endif - -#ifdef _KERBEROS_DES_H -#error replaces . -#endif - -#include /* DES_LONG */ -#include /* OPENSSL_EXTERN */ -#include - -#ifdef OPENSSL_BUILD_SHLIBCRYPTO -# undef OPENSSL_EXTERN -# define OPENSSL_EXTERN OPENSSL_EXPORT -#endif - -#ifdef __cplusplus -extern "C" { -#endif - -typedef unsigned char _ossl_old_des_cblock[8]; -typedef struct _ossl_old_des_ks_struct - { - union { - _ossl_old_des_cblock _; - /* make sure things are correct size on machines with - * 8 byte longs */ - DES_LONG pad[2]; - } ks; - } _ossl_old_des_key_schedule[16]; - -#ifndef OPENSSL_DES_LIBDES_COMPATIBILITY -#define des_cblock DES_cblock -#define const_des_cblock const_DES_cblock -#define des_key_schedule DES_key_schedule -#define des_ecb3_encrypt(i,o,k1,k2,k3,e)\ - DES_ecb3_encrypt((i),(o),&(k1),&(k2),&(k3),(e)) -#define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\ - DES_ede3_cbc_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(e)) -#define des_ede3_cbcm_encrypt(i,o,l,k1,k2,k3,iv1,iv2,e)\ - DES_ede3_cbcm_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv1),(iv2),(e)) -#define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\ - DES_ede3_cfb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n),(e)) -#define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\ - DES_ede3_ofb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n)) -#define des_options()\ - DES_options() -#define des_cbc_cksum(i,o,l,k,iv)\ - DES_cbc_cksum((i),(o),(l),&(k),(iv)) -#define des_cbc_encrypt(i,o,l,k,iv,e)\ - DES_cbc_encrypt((i),(o),(l),&(k),(iv),(e)) -#define des_ncbc_encrypt(i,o,l,k,iv,e)\ - DES_ncbc_encrypt((i),(o),(l),&(k),(iv),(e)) -#define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\ - DES_xcbc_encrypt((i),(o),(l),&(k),(iv),(inw),(outw),(e)) -#define des_cfb_encrypt(i,o,n,l,k,iv,e)\ - DES_cfb_encrypt((i),(o),(n),(l),&(k),(iv),(e)) -#define des_ecb_encrypt(i,o,k,e)\ - DES_ecb_encrypt((i),(o),&(k),(e)) -#define des_encrypt1(d,k,e)\ - DES_encrypt1((d),&(k),(e)) -#define des_encrypt2(d,k,e)\ - DES_encrypt2((d),&(k),(e)) -#define des_encrypt3(d,k1,k2,k3)\ - DES_encrypt3((d),&(k1),&(k2),&(k3)) -#define des_decrypt3(d,k1,k2,k3)\ - DES_decrypt3((d),&(k1),&(k2),&(k3)) -#define des_xwhite_in2out(k,i,o)\ - DES_xwhite_in2out((k),(i),(o)) -#define des_enc_read(f,b,l,k,iv)\ - DES_enc_read((f),(b),(l),&(k),(iv)) -#define des_enc_write(f,b,l,k,iv)\ - DES_enc_write((f),(b),(l),&(k),(iv)) -#define des_fcrypt(b,s,r)\ - DES_fcrypt((b),(s),(r)) -#define des_crypt(b,s)\ - DES_crypt((b),(s)) -#define des_ofb_encrypt(i,o,n,l,k,iv)\ - DES_ofb_encrypt((i),(o),(n),(l),&(k),(iv)) -#define des_pcbc_encrypt(i,o,l,k,iv,e)\ - DES_pcbc_encrypt((i),(o),(l),&(k),(iv),(e)) -#define des_quad_cksum(i,o,l,c,s)\ - DES_quad_cksum((i),(o),(l),(c),(s)) -#define des_random_seed(k)\ - _ossl_096_des_random_seed((k)) -#define des_random_key(r)\ - DES_random_key((r)) -#define des_read_password(k,p,v) \ - DES_read_password((k),(p),(v)) -#define des_read_2passwords(k1,k2,p,v) \ - DES_read_2passwords((k1),(k2),(p),(v)) -#define des_set_odd_parity(k)\ - DES_set_odd_parity((k)) -#define des_check_key_parity(k)\ - DES_check_key_parity((k)) -#define des_is_weak_key(k)\ - DES_is_weak_key((k)) -#define des_set_key(k,ks)\ - DES_set_key((k),&(ks)) -#define des_key_sched(k,ks)\ - DES_key_sched((k),&(ks)) -#define des_set_key_checked(k,ks)\ - DES_set_key_checked((k),&(ks)) -#define des_set_key_unchecked(k,ks)\ - DES_set_key_unchecked((k),&(ks)) -#define des_string_to_key(s,k)\ - DES_string_to_key((s),(k)) -#define des_string_to_2keys(s,k1,k2)\ - DES_string_to_2keys((s),(k1),(k2)) -#define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\ - DES_cfb64_encrypt((i),(o),(l),&(ks),(iv),(n),(e)) -#define des_ofb64_encrypt(i,o,l,ks,iv,n)\ - DES_ofb64_encrypt((i),(o),(l),&(ks),(iv),(n)) - - -#define des_ecb2_encrypt(i,o,k1,k2,e) \ - des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e)) - -#define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \ - des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e)) - -#define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \ - des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e)) - -#define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \ - des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n)) - -#define des_check_key DES_check_key -#define des_rw_mode DES_rw_mode -#else /* libdes compatibility */ -/* Map all symbol names to _ossl_old_des_* form, so we avoid all - clashes with libdes */ -#define des_cblock _ossl_old_des_cblock -#define des_key_schedule _ossl_old_des_key_schedule -#define des_ecb3_encrypt(i,o,k1,k2,k3,e)\ - _ossl_old_des_ecb3_encrypt((i),(o),(k1),(k2),(k3),(e)) -#define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\ - _ossl_old_des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(e)) -#define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\ - _ossl_old_des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n),(e)) -#define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\ - _ossl_old_des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n)) -#define des_options()\ - _ossl_old_des_options() -#define des_cbc_cksum(i,o,l,k,iv)\ - _ossl_old_des_cbc_cksum((i),(o),(l),(k),(iv)) -#define des_cbc_encrypt(i,o,l,k,iv,e)\ - _ossl_old_des_cbc_encrypt((i),(o),(l),(k),(iv),(e)) -#define des_ncbc_encrypt(i,o,l,k,iv,e)\ - _ossl_old_des_ncbc_encrypt((i),(o),(l),(k),(iv),(e)) -#define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\ - _ossl_old_des_xcbc_encrypt((i),(o),(l),(k),(iv),(inw),(outw),(e)) -#define des_cfb_encrypt(i,o,n,l,k,iv,e)\ - _ossl_old_des_cfb_encrypt((i),(o),(n),(l),(k),(iv),(e)) -#define des_ecb_encrypt(i,o,k,e)\ - _ossl_old_des_ecb_encrypt((i),(o),(k),(e)) -#define des_encrypt(d,k,e)\ - _ossl_old_des_encrypt((d),(k),(e)) -#define des_encrypt2(d,k,e)\ - _ossl_old_des_encrypt2((d),(k),(e)) -#define des_encrypt3(d,k1,k2,k3)\ - _ossl_old_des_encrypt3((d),(k1),(k2),(k3)) -#define des_decrypt3(d,k1,k2,k3)\ - _ossl_old_des_decrypt3((d),(k1),(k2),(k3)) -#define des_xwhite_in2out(k,i,o)\ - _ossl_old_des_xwhite_in2out((k),(i),(o)) -#define des_enc_read(f,b,l,k,iv)\ - _ossl_old_des_enc_read((f),(b),(l),(k),(iv)) -#define des_enc_write(f,b,l,k,iv)\ - _ossl_old_des_enc_write((f),(b),(l),(k),(iv)) -#define des_fcrypt(b,s,r)\ - _ossl_old_des_fcrypt((b),(s),(r)) -#define des_crypt(b,s)\ - _ossl_old_des_crypt((b),(s)) -#define crypt(b,s)\ - _ossl_old_crypt((b),(s)) -#define des_ofb_encrypt(i,o,n,l,k,iv)\ - _ossl_old_des_ofb_encrypt((i),(o),(n),(l),(k),(iv)) -#define des_pcbc_encrypt(i,o,l,k,iv,e)\ - _ossl_old_des_pcbc_encrypt((i),(o),(l),(k),(iv),(e)) -#define des_quad_cksum(i,o,l,c,s)\ - _ossl_old_des_quad_cksum((i),(o),(l),(c),(s)) -#define des_random_seed(k)\ - _ossl_old_des_random_seed((k)) -#define des_random_key(r)\ - _ossl_old_des_random_key((r)) -#define des_read_password(k,p,v) \ - _ossl_old_des_read_password((k),(p),(v)) -#define des_read_2passwords(k1,k2,p,v) \ - _ossl_old_des_read_2passwords((k1),(k2),(p),(v)) -#define des_set_odd_parity(k)\ - _ossl_old_des_set_odd_parity((k)) -#define des_is_weak_key(k)\ - _ossl_old_des_is_weak_key((k)) -#define des_set_key(k,ks)\ - _ossl_old_des_set_key((k),(ks)) -#define des_key_sched(k,ks)\ - _ossl_old_des_key_sched((k),(ks)) -#define des_string_to_key(s,k)\ - _ossl_old_des_string_to_key((s),(k)) -#define des_string_to_2keys(s,k1,k2)\ - _ossl_old_des_string_to_2keys((s),(k1),(k2)) -#define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\ - _ossl_old_des_cfb64_encrypt((i),(o),(l),(ks),(iv),(n),(e)) -#define des_ofb64_encrypt(i,o,l,ks,iv,n)\ - _ossl_old_des_ofb64_encrypt((i),(o),(l),(ks),(iv),(n)) - - -#define des_ecb2_encrypt(i,o,k1,k2,e) \ - des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e)) - -#define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \ - des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e)) - -#define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \ - des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e)) - -#define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \ - des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n)) - -#define des_check_key DES_check_key -#define des_rw_mode DES_rw_mode -#endif - -const char *_ossl_old_des_options(void); -void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output, - _ossl_old_des_key_schedule ks1,_ossl_old_des_key_schedule ks2, - _ossl_old_des_key_schedule ks3, int enc); -DES_LONG _ossl_old_des_cbc_cksum(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output, - long length,_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec); -void _ossl_old_des_cbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length, - _ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc); -void _ossl_old_des_ncbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length, - _ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc); -void _ossl_old_des_xcbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length, - _ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec, - _ossl_old_des_cblock *inw,_ossl_old_des_cblock *outw,int enc); -void _ossl_old_des_cfb_encrypt(unsigned char *in,unsigned char *out,int numbits, - long length,_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc); -void _ossl_old_des_ecb_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output, - _ossl_old_des_key_schedule ks,int enc); -void _ossl_old_des_encrypt(DES_LONG *data,_ossl_old_des_key_schedule ks, int enc); -void _ossl_old_des_encrypt2(DES_LONG *data,_ossl_old_des_key_schedule ks, int enc); -void _ossl_old_des_encrypt3(DES_LONG *data, _ossl_old_des_key_schedule ks1, - _ossl_old_des_key_schedule ks2, _ossl_old_des_key_schedule ks3); -void _ossl_old_des_decrypt3(DES_LONG *data, _ossl_old_des_key_schedule ks1, - _ossl_old_des_key_schedule ks2, _ossl_old_des_key_schedule ks3); -void _ossl_old_des_ede3_cbc_encrypt(_ossl_old_des_cblock *input, _ossl_old_des_cblock *output, - long length, _ossl_old_des_key_schedule ks1, _ossl_old_des_key_schedule ks2, - _ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int enc); -void _ossl_old_des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out, - long length, _ossl_old_des_key_schedule ks1, _ossl_old_des_key_schedule ks2, - _ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num, int enc); -void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out, - long length, _ossl_old_des_key_schedule ks1, _ossl_old_des_key_schedule ks2, - _ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num); - -void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key), _ossl_old_des_cblock (*in_white), - _ossl_old_des_cblock (*out_white)); - -int _ossl_old_des_enc_read(int fd,char *buf,int len,_ossl_old_des_key_schedule sched, - _ossl_old_des_cblock *iv); -int _ossl_old_des_enc_write(int fd,char *buf,int len,_ossl_old_des_key_schedule sched, - _ossl_old_des_cblock *iv); -char *_ossl_old_des_fcrypt(const char *buf,const char *salt, char *ret); -char *_ossl_old_des_crypt(const char *buf,const char *salt); -#if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) -char *_ossl_old_crypt(const char *buf,const char *salt); -#endif -void _ossl_old_des_ofb_encrypt(unsigned char *in,unsigned char *out, - int numbits,long length,_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec); -void _ossl_old_des_pcbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length, - _ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc); -DES_LONG _ossl_old_des_quad_cksum(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output, - long length,int out_count,_ossl_old_des_cblock *seed); -void _ossl_old_des_random_seed(_ossl_old_des_cblock key); -void _ossl_old_des_random_key(_ossl_old_des_cblock ret); -int _ossl_old_des_read_password(_ossl_old_des_cblock *key,const char *prompt,int verify); -int _ossl_old_des_read_2passwords(_ossl_old_des_cblock *key1,_ossl_old_des_cblock *key2, - const char *prompt,int verify); -void _ossl_old_des_set_odd_parity(_ossl_old_des_cblock *key); -int _ossl_old_des_is_weak_key(_ossl_old_des_cblock *key); -int _ossl_old_des_set_key(_ossl_old_des_cblock *key,_ossl_old_des_key_schedule schedule); -int _ossl_old_des_key_sched(_ossl_old_des_cblock *key,_ossl_old_des_key_schedule schedule); -void _ossl_old_des_string_to_key(char *str,_ossl_old_des_cblock *key); -void _ossl_old_des_string_to_2keys(char *str,_ossl_old_des_cblock *key1,_ossl_old_des_cblock *key2); -void _ossl_old_des_cfb64_encrypt(unsigned char *in, unsigned char *out, long length, - _ossl_old_des_key_schedule schedule, _ossl_old_des_cblock *ivec, int *num, int enc); -void _ossl_old_des_ofb64_encrypt(unsigned char *in, unsigned char *out, long length, - _ossl_old_des_key_schedule schedule, _ossl_old_des_cblock *ivec, int *num); - -void _ossl_096_des_random_seed(des_cblock *key); - -/* The following definitions provide compatibility with the MIT Kerberos - * library. The _ossl_old_des_key_schedule structure is not binary compatible. */ - -#define _KERBEROS_DES_H - -#define KRBDES_ENCRYPT DES_ENCRYPT -#define KRBDES_DECRYPT DES_DECRYPT - -#ifdef KERBEROS -# define ENCRYPT DES_ENCRYPT -# define DECRYPT DES_DECRYPT -#endif - -#ifndef NCOMPAT -# define C_Block des_cblock -# define Key_schedule des_key_schedule -# define KEY_SZ DES_KEY_SZ -# define string_to_key des_string_to_key -# define read_pw_string des_read_pw_string -# define random_key des_random_key -# define pcbc_encrypt des_pcbc_encrypt -# define set_key des_set_key -# define key_sched des_key_sched -# define ecb_encrypt des_ecb_encrypt -# define cbc_encrypt des_cbc_encrypt -# define ncbc_encrypt des_ncbc_encrypt -# define xcbc_encrypt des_xcbc_encrypt -# define cbc_cksum des_cbc_cksum -# define quad_cksum des_quad_cksum -# define check_parity des_check_key_parity -#endif - -#define des_fixup_key_parity DES_fixup_key_parity - -#ifdef __cplusplus -} -#endif - -/* for DES_read_pw_string et al */ -#include - -#endif diff --git a/src/lib/libcrypto/des/des_old2.c b/src/lib/libcrypto/des/des_old2.c deleted file mode 100644 index c8fa3ee1352..00000000000 --- a/src/lib/libcrypto/des/des_old2.c +++ /dev/null @@ -1,82 +0,0 @@ -/* crypto/des/des_old.c -*- mode:C; c-file-style: "eay" -*- */ - -/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING - * - * The function names in here are deprecated and are only present to - * provide an interface compatible with OpenSSL 0.9.6c. OpenSSL now - * provides functions where "des_" has been replaced with "DES_" in - * the names, to make it possible to make incompatible changes that - * are needed for C type security and other stuff. - * - * Please consider starting to use the DES_ functions rather than the - * des_ ones. The des_ functions will dissapear completely before - * OpenSSL 1.0! - * - * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING - */ - -/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL - * project 2001. - */ -/* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#undef OPENSSL_DES_LIBDES_COMPATIBILITY -#include -#include - -void _ossl_096_des_random_seed(DES_cblock *key) - { - RAND_seed(key, sizeof(DES_cblock)); - } diff --git a/src/lib/libcrypto/des/des_opts.c b/src/lib/libcrypto/des/des_opts.c deleted file mode 100644 index 79278b920eb..00000000000 --- a/src/lib/libcrypto/des/des_opts.c +++ /dev/null @@ -1,604 +0,0 @@ -/* crypto/des/des_opts.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -/* define PART1, PART2, PART3 or PART4 to build only with a few of the options. - * This is for machines with 64k code segment size restrictions. */ - -#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX) -#define TIMES -#endif - -#include -#ifndef OPENSSL_SYS_MSDOS -#include -#include OPENSSL_UNISTD -#else -#include -extern void exit(); -#endif -#include -#ifndef _IRIX -#include -#endif -#ifdef TIMES -#include -#include -#endif - -/* Depending on the VMS version, the tms structure is perhaps defined. - The __TMS macro will show if it was. If it wasn't defined, we should - undefine TIMES, since that tells the rest of the program how things - should be handled. -- Richard Levitte */ -#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS) -#undef TIMES -#endif - -#ifndef TIMES -#include -#endif - - -#if defined(sun) || defined(__ultrix) -#define _POSIX_SOURCE -#include -#include -#endif - -#include -#include "spr.h" - -#define DES_DEFAULT_OPTIONS - -#if !defined(PART1) && !defined(PART2) && !defined(PART3) && !defined(PART4) -#define PART1 -#define PART2 -#define PART3 -#define PART4 -#endif - -#ifdef PART1 - -#undef DES_UNROLL -#undef DES_RISC1 -#undef DES_RISC2 -#undef DES_PTR -#undef D_ENCRYPT -#define DES_encrypt1 des_encrypt_u4_cisc_idx -#define DES_encrypt2 des_encrypt2_u4_cisc_idx -#define DES_encrypt3 des_encrypt3_u4_cisc_idx -#define DES_decrypt3 des_decrypt3_u4_cisc_idx -#undef HEADER_DES_LOCL_H -#include "des_enc.c" - -#define DES_UNROLL -#undef DES_RISC1 -#undef DES_RISC2 -#undef DES_PTR -#undef D_ENCRYPT -#undef DES_encrypt1 -#undef DES_encrypt2 -#undef DES_encrypt3 -#undef DES_decrypt3 -#define DES_encrypt1 des_encrypt_u16_cisc_idx -#define DES_encrypt2 des_encrypt2_u16_cisc_idx -#define DES_encrypt3 des_encrypt3_u16_cisc_idx -#define DES_decrypt3 des_decrypt3_u16_cisc_idx -#undef HEADER_DES_LOCL_H -#include "des_enc.c" - -#undef DES_UNROLL -#define DES_RISC1 -#undef DES_RISC2 -#undef DES_PTR -#undef D_ENCRYPT -#undef DES_encrypt1 -#undef DES_encrypt2 -#undef DES_encrypt3 -#undef DES_decrypt3 -#define DES_encrypt1 des_encrypt_u4_risc1_idx -#define DES_encrypt2 des_encrypt2_u4_risc1_idx -#define DES_encrypt3 des_encrypt3_u4_risc1_idx -#define DES_decrypt3 des_decrypt3_u4_risc1_idx -#undef HEADER_DES_LOCL_H -#include "des_enc.c" - -#endif - -#ifdef PART2 - -#undef DES_UNROLL -#undef DES_RISC1 -#define DES_RISC2 -#undef DES_PTR -#undef D_ENCRYPT -#undef DES_encrypt1 -#undef DES_encrypt2 -#undef DES_encrypt3 -#undef DES_decrypt3 -#define DES_encrypt1 des_encrypt_u4_risc2_idx -#define DES_encrypt2 des_encrypt2_u4_risc2_idx -#define DES_encrypt3 des_encrypt3_u4_risc2_idx -#define DES_decrypt3 des_decrypt3_u4_risc2_idx -#undef HEADER_DES_LOCL_H -#include "des_enc.c" - -#define DES_UNROLL -#define DES_RISC1 -#undef DES_RISC2 -#undef DES_PTR -#undef D_ENCRYPT -#undef DES_encrypt1 -#undef DES_encrypt2 -#undef DES_encrypt3 -#undef DES_decrypt3 -#define DES_encrypt1 des_encrypt_u16_risc1_idx -#define DES_encrypt2 des_encrypt2_u16_risc1_idx -#define DES_encrypt3 des_encrypt3_u16_risc1_idx -#define DES_decrypt3 des_decrypt3_u16_risc1_idx -#undef HEADER_DES_LOCL_H -#include "des_enc.c" - -#define DES_UNROLL -#undef DES_RISC1 -#define DES_RISC2 -#undef DES_PTR -#undef D_ENCRYPT -#undef DES_encrypt1 -#undef DES_encrypt2 -#undef DES_encrypt3 -#undef DES_decrypt3 -#define DES_encrypt1 des_encrypt_u16_risc2_idx -#define DES_encrypt2 des_encrypt2_u16_risc2_idx -#define DES_encrypt3 des_encrypt3_u16_risc2_idx -#define DES_decrypt3 des_decrypt3_u16_risc2_idx -#undef HEADER_DES_LOCL_H -#include "des_enc.c" - -#endif - -#ifdef PART3 - -#undef DES_UNROLL -#undef DES_RISC1 -#undef DES_RISC2 -#define DES_PTR -#undef D_ENCRYPT -#undef DES_encrypt1 -#undef DES_encrypt2 -#undef DES_encrypt3 -#undef DES_decrypt3 -#define DES_encrypt1 des_encrypt_u4_cisc_ptr -#define DES_encrypt2 des_encrypt2_u4_cisc_ptr -#define DES_encrypt3 des_encrypt3_u4_cisc_ptr -#define DES_decrypt3 des_decrypt3_u4_cisc_ptr -#undef HEADER_DES_LOCL_H -#include "des_enc.c" - -#define DES_UNROLL -#undef DES_RISC1 -#undef DES_RISC2 -#define DES_PTR -#undef D_ENCRYPT -#undef DES_encrypt1 -#undef DES_encrypt2 -#undef DES_encrypt3 -#undef DES_decrypt3 -#define DES_encrypt1 des_encrypt_u16_cisc_ptr -#define DES_encrypt2 des_encrypt2_u16_cisc_ptr -#define DES_encrypt3 des_encrypt3_u16_cisc_ptr -#define DES_decrypt3 des_decrypt3_u16_cisc_ptr -#undef HEADER_DES_LOCL_H -#include "des_enc.c" - -#undef DES_UNROLL -#define DES_RISC1 -#undef DES_RISC2 -#define DES_PTR -#undef D_ENCRYPT -#undef DES_encrypt1 -#undef DES_encrypt2 -#undef DES_encrypt3 -#undef DES_decrypt3 -#define DES_encrypt1 des_encrypt_u4_risc1_ptr -#define DES_encrypt2 des_encrypt2_u4_risc1_ptr -#define DES_encrypt3 des_encrypt3_u4_risc1_ptr -#define DES_decrypt3 des_decrypt3_u4_risc1_ptr -#undef HEADER_DES_LOCL_H -#include "des_enc.c" - -#endif - -#ifdef PART4 - -#undef DES_UNROLL -#undef DES_RISC1 -#define DES_RISC2 -#define DES_PTR -#undef D_ENCRYPT -#undef DES_encrypt1 -#undef DES_encrypt2 -#undef DES_encrypt3 -#undef DES_decrypt3 -#define DES_encrypt1 des_encrypt_u4_risc2_ptr -#define DES_encrypt2 des_encrypt2_u4_risc2_ptr -#define DES_encrypt3 des_encrypt3_u4_risc2_ptr -#define DES_decrypt3 des_decrypt3_u4_risc2_ptr -#undef HEADER_DES_LOCL_H -#include "des_enc.c" - -#define DES_UNROLL -#define DES_RISC1 -#undef DES_RISC2 -#define DES_PTR -#undef D_ENCRYPT -#undef DES_encrypt1 -#undef DES_encrypt2 -#undef DES_encrypt3 -#undef DES_decrypt3 -#define DES_encrypt1 des_encrypt_u16_risc1_ptr -#define DES_encrypt2 des_encrypt2_u16_risc1_ptr -#define DES_encrypt3 des_encrypt3_u16_risc1_ptr -#define DES_decrypt3 des_decrypt3_u16_risc1_ptr -#undef HEADER_DES_LOCL_H -#include "des_enc.c" - -#define DES_UNROLL -#undef DES_RISC1 -#define DES_RISC2 -#define DES_PTR -#undef D_ENCRYPT -#undef DES_encrypt1 -#undef DES_encrypt2 -#undef DES_encrypt3 -#undef DES_decrypt3 -#define DES_encrypt1 des_encrypt_u16_risc2_ptr -#define DES_encrypt2 des_encrypt2_u16_risc2_ptr -#define DES_encrypt3 des_encrypt3_u16_risc2_ptr -#define DES_decrypt3 des_decrypt3_u16_risc2_ptr -#undef HEADER_DES_LOCL_H -#include "des_enc.c" - -#endif - -/* The following if from times(3) man page. It may need to be changed */ -#ifndef HZ -# ifndef CLK_TCK -# ifndef _BSD_CLK_TCK_ /* FreeBSD fix */ -# define HZ 100.0 -# else /* _BSD_CLK_TCK_ */ -# define HZ ((double)_BSD_CLK_TCK_) -# endif -# else /* CLK_TCK */ -# define HZ ((double)CLK_TCK) -# endif -#endif - -#define BUFSIZE ((long)1024) -long run=0; - -double Time_F(int s); -#ifdef SIGALRM -#if defined(__STDC__) || defined(sgi) -#define SIGRETTYPE void -#else -#define SIGRETTYPE int -#endif - -SIGRETTYPE sig_done(int sig); -SIGRETTYPE sig_done(int sig) - { - signal(SIGALRM,sig_done); - run=0; -#ifdef LINT - sig=sig; -#endif - } -#endif - -#define START 0 -#define STOP 1 - -double Time_F(int s) - { - double ret; -#ifdef TIMES - static struct tms tstart,tend; - - if (s == START) - { - times(&tstart); - return(0); - } - else - { - times(&tend); - ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ; - return((ret == 0.0)?1e-6:ret); - } -#else /* !times() */ - static struct timeb tstart,tend; - long i; - - if (s == START) - { - ftime(&tstart); - return(0); - } - else - { - ftime(&tend); - i=(long)tend.millitm-(long)tstart.millitm; - ret=((double)(tend.time-tstart.time))+((double)i)/1000.0; - return((ret == 0.0)?1e-6:ret); - } -#endif - } - -#ifdef SIGALRM -#define print_name(name) fprintf(stderr,"Doing %s's for 10 seconds\n",name); alarm(10); -#else -#define print_name(name) fprintf(stderr,"Doing %s %ld times\n",name,cb); -#endif - -#define time_it(func,name,index) \ - print_name(name); \ - Time_F(START); \ - for (count=0,run=1; COND(cb); count++) \ - { \ - unsigned long d[2]; \ - func(d,&sch,DES_ENCRYPT); \ - } \ - tm[index]=Time_F(STOP); \ - fprintf(stderr,"%ld %s's in %.2f second\n",count,name,tm[index]); \ - tm[index]=((double)COUNT(cb))/tm[index]; - -#define print_it(name,index) \ - fprintf(stderr,"%s bytes per sec = %12.2f (%5.1fuS)\n",name, \ - tm[index]*8,1.0e6/tm[index]); - -int main(int argc, char **argv) - { - long count; - static unsigned char buf[BUFSIZE]; - static DES_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0}; - static DES_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12}; - static DES_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34}; - DES_key_schedule sch,sch2,sch3; - double d,tm[16],max=0; - int rank[16]; - char *str[16]; - int max_idx=0,i,num=0,j; -#ifndef SIGALARM - long ca,cb,cc,cd,ce; -#endif - - for (i=0; i<12; i++) - { - tm[i]=0.0; - rank[i]=0; - } - -#ifndef TIMES - fprintf(stderr,"To get the most accurate results, try to run this\n"); - fprintf(stderr,"program when this computer is idle.\n"); -#endif - - DES_set_key_unchecked(&key,&sch); - DES_set_key_unchecked(&key2,&sch2); - DES_set_key_unchecked(&key3,&sch3); - -#ifndef SIGALRM - fprintf(stderr,"First we calculate the approximate speed ...\n"); - DES_set_key_unchecked(&key,sch); - count=10; - do { - long i; - unsigned long data[2]; - - count*=2; - Time_F(START); - for (i=count; i; i--) - DES_encrypt1(data,&(sch[0]),DES_ENCRYPT); - d=Time_F(STOP); - } while (d < 3.0); - ca=count; - cb=count*3; - cc=count*3*8/BUFSIZE+1; - cd=count*8/BUFSIZE+1; - - ce=count/20+1; -#define COND(d) (count != (d)) -#define COUNT(d) (d) -#else -#define COND(c) (run) -#define COUNT(d) (count) - signal(SIGALRM,sig_done); - alarm(10); -#endif - -#ifdef PART1 - time_it(des_encrypt_u4_cisc_idx, "des_encrypt_u4_cisc_idx ", 0); - time_it(des_encrypt_u16_cisc_idx, "des_encrypt_u16_cisc_idx ", 1); - time_it(des_encrypt_u4_risc1_idx, "des_encrypt_u4_risc1_idx ", 2); - num+=3; -#endif -#ifdef PART2 - time_it(des_encrypt_u16_risc1_idx,"des_encrypt_u16_risc1_idx", 3); - time_it(des_encrypt_u4_risc2_idx, "des_encrypt_u4_risc2_idx ", 4); - time_it(des_encrypt_u16_risc2_idx,"des_encrypt_u16_risc2_idx", 5); - num+=3; -#endif -#ifdef PART3 - time_it(des_encrypt_u4_cisc_ptr, "des_encrypt_u4_cisc_ptr ", 6); - time_it(des_encrypt_u16_cisc_ptr, "des_encrypt_u16_cisc_ptr ", 7); - time_it(des_encrypt_u4_risc1_ptr, "des_encrypt_u4_risc1_ptr ", 8); - num+=3; -#endif -#ifdef PART4 - time_it(des_encrypt_u16_risc1_ptr,"des_encrypt_u16_risc1_ptr", 9); - time_it(des_encrypt_u4_risc2_ptr, "des_encrypt_u4_risc2_ptr ",10); - time_it(des_encrypt_u16_risc2_ptr,"des_encrypt_u16_risc2_ptr",11); - num+=3; -#endif - -#ifdef PART1 - str[0]=" 4 c i"; - print_it("des_encrypt_u4_cisc_idx ",0); - max=tm[0]; - max_idx=0; - str[1]="16 c i"; - print_it("des_encrypt_u16_cisc_idx ",1); - if (max < tm[1]) { max=tm[1]; max_idx=1; } - str[2]=" 4 r1 i"; - print_it("des_encrypt_u4_risc1_idx ",2); - if (max < tm[2]) { max=tm[2]; max_idx=2; } -#endif -#ifdef PART2 - str[3]="16 r1 i"; - print_it("des_encrypt_u16_risc1_idx",3); - if (max < tm[3]) { max=tm[3]; max_idx=3; } - str[4]=" 4 r2 i"; - print_it("des_encrypt_u4_risc2_idx ",4); - if (max < tm[4]) { max=tm[4]; max_idx=4; } - str[5]="16 r2 i"; - print_it("des_encrypt_u16_risc2_idx",5); - if (max < tm[5]) { max=tm[5]; max_idx=5; } -#endif -#ifdef PART3 - str[6]=" 4 c p"; - print_it("des_encrypt_u4_cisc_ptr ",6); - if (max < tm[6]) { max=tm[6]; max_idx=6; } - str[7]="16 c p"; - print_it("des_encrypt_u16_cisc_ptr ",7); - if (max < tm[7]) { max=tm[7]; max_idx=7; } - str[8]=" 4 r1 p"; - print_it("des_encrypt_u4_risc1_ptr ",8); - if (max < tm[8]) { max=tm[8]; max_idx=8; } -#endif -#ifdef PART4 - str[9]="16 r1 p"; - print_it("des_encrypt_u16_risc1_ptr",9); - if (max < tm[9]) { max=tm[9]; max_idx=9; } - str[10]=" 4 r2 p"; - print_it("des_encrypt_u4_risc2_ptr ",10); - if (max < tm[10]) { max=tm[10]; max_idx=10; } - str[11]="16 r2 p"; - print_it("des_encrypt_u16_risc2_ptr",11); - if (max < tm[11]) { max=tm[11]; max_idx=11; } -#endif - printf("options des ecb/s\n"); - printf("%s %12.2f 100.0%%\n",str[max_idx],tm[max_idx]); - d=tm[max_idx]; - tm[max_idx]= -2.0; - max= -1.0; - for (;;) - { - for (i=0; i<12; i++) - { - if (max < tm[i]) { max=tm[i]; j=i; } - } - if (max < 0.0) break; - printf("%s %12.2f %4.1f%%\n",str[j],tm[j],tm[j]/d*100.0); - tm[j]= -2.0; - max= -1.0; - } - - switch (max_idx) - { - case 0: - printf("-DDES_DEFAULT_OPTIONS\n"); - break; - case 1: - printf("-DDES_UNROLL\n"); - break; - case 2: - printf("-DDES_RISC1\n"); - break; - case 3: - printf("-DDES_UNROLL -DDES_RISC1\n"); - break; - case 4: - printf("-DDES_RISC2\n"); - break; - case 5: - printf("-DDES_UNROLL -DDES_RISC2\n"); - break; - case 6: - printf("-DDES_PTR\n"); - break; - case 7: - printf("-DDES_UNROLL -DDES_PTR\n"); - break; - case 8: - printf("-DDES_RISC1 -DDES_PTR\n"); - break; - case 9: - printf("-DDES_UNROLL -DDES_RISC1 -DDES_PTR\n"); - break; - case 10: - printf("-DDES_RISC2 -DDES_PTR\n"); - break; - case 11: - printf("-DDES_UNROLL -DDES_RISC2 -DDES_PTR\n"); - break; - } - exit(0); -#if defined(LINT) || defined(OPENSSL_SYS_MSDOS) - return(0); -#endif - } diff --git a/src/lib/libcrypto/des/des_ver.h b/src/lib/libcrypto/des/des_ver.h deleted file mode 100644 index 0fa94d53682..00000000000 --- a/src/lib/libcrypto/des/des_ver.h +++ /dev/null @@ -1,67 +0,0 @@ -/* crypto/des/des_ver.h */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include - -#ifdef OPENSSL_BUILD_SHLIBCRYPTO -# undef OPENSSL_EXTERN -# define OPENSSL_EXTERN OPENSSL_EXPORT -#endif - -OPENSSL_EXTERN char *DES_version; /* SSLeay version string */ -OPENSSL_EXTERN char *libdes_version; /* old libdes version string */ diff --git a/src/lib/libcrypto/des/dess.cpp b/src/lib/libcrypto/des/dess.cpp deleted file mode 100644 index 5549bab90af..00000000000 --- a/src/lib/libcrypto/des/dess.cpp +++ /dev/null @@ -1,67 +0,0 @@ -// -// gettsc.inl -// -// gives access to the Pentium's (secret) cycle counter -// -// This software was written by Leonard Janke (janke@unixg.ubc.ca) -// in 1996-7 and is entered, by him, into the public domain. - -#if defined(__WATCOMC__) -void GetTSC(unsigned long&); -#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax]; -#elif defined(__GNUC__) -inline -void GetTSC(unsigned long& tsc) -{ - asm volatile(".byte 15, 49\n\t" - : "=eax" (tsc) - : - : "%edx", "%eax"); -} -#elif defined(_MSC_VER) -inline -void GetTSC(unsigned long& tsc) -{ - unsigned long a; - __asm _emit 0fh - __asm _emit 31h - __asm mov a, eax; - tsc=a; -} -#endif - -#include -#include -#include - -void main(int argc,char *argv[]) - { - des_key_schedule key; - unsigned long s1,s2,e1,e2; - unsigned long data[2]; - int i,j; - - for (j=0; j<6; j++) - { - for (i=0; i<1000; i++) /**/ - { - des_encrypt1(&data[0],key,1); - GetTSC(s1); - des_encrypt1(&data[0],key,1); - des_encrypt1(&data[0],key,1); - des_encrypt1(&data[0],key,1); - GetTSC(e1); - GetTSC(s2); - des_encrypt1(&data[0],key,1); - des_encrypt1(&data[0],key,1); - des_encrypt1(&data[0],key,1); - des_encrypt1(&data[0],key,1); - GetTSC(e2); - des_encrypt1(&data[0],key,1); - } - - printf("des %d %d (%d)\n", - e1-s1,e2-s2,((e2-s2)-(e1-s1))); - } - } - diff --git a/src/lib/libcrypto/des/destest.c b/src/lib/libcrypto/des/destest.c deleted file mode 100644 index 58e8c35dcb5..00000000000 --- a/src/lib/libcrypto/des/destest.c +++ /dev/null @@ -1,946 +0,0 @@ -/* crypto/des/destest.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include - -#include -#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_WINDOWS) -#ifndef OPENSSL_SYS_MSDOS -#define OPENSSL_SYS_MSDOS -#endif -#endif - -#ifndef OPENSSL_SYS_MSDOS -#if !defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_VMS_DECC) -#include OPENSSL_UNISTD -#endif -#else -#include -#endif -#include - -#ifdef OPENSSL_NO_DES -int main(int argc, char *argv[]) -{ - printf("No DES support\n"); - return(0); -} -#else -#include - -#if defined(PERL5) || defined(__FreeBSD__) || defined(NeXT) -#define crypt(c,s) (des_crypt((c),(s))) -#endif - -/* tisk tisk - the test keys don't all have odd parity :-( */ -/* test data */ -#define NUM_TESTS 34 -static unsigned char key_data[NUM_TESTS][8]={ - {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, - {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}, - {0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, - {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11}, - {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF}, - {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11}, - {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, - {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10}, - {0x7C,0xA1,0x10,0x45,0x4A,0x1A,0x6E,0x57}, - {0x01,0x31,0xD9,0x61,0x9D,0xC1,0x37,0x6E}, - {0x07,0xA1,0x13,0x3E,0x4A,0x0B,0x26,0x86}, - {0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E}, - {0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6}, - {0x01,0x13,0xB9,0x70,0xFD,0x34,0xF2,0xCE}, - {0x01,0x70,0xF1,0x75,0x46,0x8F,0xB5,0xE6}, - {0x43,0x29,0x7F,0xAD,0x38,0xE3,0x73,0xFE}, - {0x07,0xA7,0x13,0x70,0x45,0xDA,0x2A,0x16}, - {0x04,0x68,0x91,0x04,0xC2,0xFD,0x3B,0x2F}, - {0x37,0xD0,0x6B,0xB5,0x16,0xCB,0x75,0x46}, - {0x1F,0x08,0x26,0x0D,0x1A,0xC2,0x46,0x5E}, - {0x58,0x40,0x23,0x64,0x1A,0xBA,0x61,0x76}, - {0x02,0x58,0x16,0x16,0x46,0x29,0xB0,0x07}, - {0x49,0x79,0x3E,0xBC,0x79,0xB3,0x25,0x8F}, - {0x4F,0xB0,0x5E,0x15,0x15,0xAB,0x73,0xA7}, - {0x49,0xE9,0x5D,0x6D,0x4C,0xA2,0x29,0xBF}, - {0x01,0x83,0x10,0xDC,0x40,0x9B,0x26,0xD6}, - {0x1C,0x58,0x7F,0x1C,0x13,0x92,0x4F,0xEF}, - {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01}, - {0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E}, - {0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE}, - {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, - {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}, - {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF}, - {0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10}}; - -static unsigned char plain_data[NUM_TESTS][8]={ - {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, - {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}, - {0x10,0x00,0x00,0x00,0x00,0x00,0x00,0x01}, - {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11}, - {0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11}, - {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF}, - {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, - {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF}, - {0x01,0xA1,0xD6,0xD0,0x39,0x77,0x67,0x42}, - {0x5C,0xD5,0x4C,0xA8,0x3D,0xEF,0x57,0xDA}, - {0x02,0x48,0xD4,0x38,0x06,0xF6,0x71,0x72}, - {0x51,0x45,0x4B,0x58,0x2D,0xDF,0x44,0x0A}, - {0x42,0xFD,0x44,0x30,0x59,0x57,0x7F,0xA2}, - {0x05,0x9B,0x5E,0x08,0x51,0xCF,0x14,0x3A}, - {0x07,0x56,0xD8,0xE0,0x77,0x47,0x61,0xD2}, - {0x76,0x25,0x14,0xB8,0x29,0xBF,0x48,0x6A}, - {0x3B,0xDD,0x11,0x90,0x49,0x37,0x28,0x02}, - {0x26,0x95,0x5F,0x68,0x35,0xAF,0x60,0x9A}, - {0x16,0x4D,0x5E,0x40,0x4F,0x27,0x52,0x32}, - {0x6B,0x05,0x6E,0x18,0x75,0x9F,0x5C,0xCA}, - {0x00,0x4B,0xD6,0xEF,0x09,0x17,0x60,0x62}, - {0x48,0x0D,0x39,0x00,0x6E,0xE7,0x62,0xF2}, - {0x43,0x75,0x40,0xC8,0x69,0x8F,0x3C,0xFA}, - {0x07,0x2D,0x43,0xA0,0x77,0x07,0x52,0x92}, - {0x02,0xFE,0x55,0x77,0x81,0x17,0xF1,0x2A}, - {0x1D,0x9D,0x5C,0x50,0x18,0xF7,0x28,0xC2}, - {0x30,0x55,0x32,0x28,0x6D,0x6F,0x29,0x5A}, - {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF}, - {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF}, - {0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF}, - {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}, - {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, - {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, - {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}}; - -static unsigned char cipher_data[NUM_TESTS][8]={ - {0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7}, - {0x73,0x59,0xB2,0x16,0x3E,0x4E,0xDC,0x58}, - {0x95,0x8E,0x6E,0x62,0x7A,0x05,0x55,0x7B}, - {0xF4,0x03,0x79,0xAB,0x9E,0x0E,0xC5,0x33}, - {0x17,0x66,0x8D,0xFC,0x72,0x92,0x53,0x2D}, - {0x8A,0x5A,0xE1,0xF8,0x1A,0xB8,0xF2,0xDD}, - {0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7}, - {0xED,0x39,0xD9,0x50,0xFA,0x74,0xBC,0xC4}, - {0x69,0x0F,0x5B,0x0D,0x9A,0x26,0x93,0x9B}, - {0x7A,0x38,0x9D,0x10,0x35,0x4B,0xD2,0x71}, - {0x86,0x8E,0xBB,0x51,0xCA,0xB4,0x59,0x9A}, - {0x71,0x78,0x87,0x6E,0x01,0xF1,0x9B,0x2A}, - {0xAF,0x37,0xFB,0x42,0x1F,0x8C,0x40,0x95}, - {0x86,0xA5,0x60,0xF1,0x0E,0xC6,0xD8,0x5B}, - {0x0C,0xD3,0xDA,0x02,0x00,0x21,0xDC,0x09}, - {0xEA,0x67,0x6B,0x2C,0xB7,0xDB,0x2B,0x7A}, - {0xDF,0xD6,0x4A,0x81,0x5C,0xAF,0x1A,0x0F}, - {0x5C,0x51,0x3C,0x9C,0x48,0x86,0xC0,0x88}, - {0x0A,0x2A,0xEE,0xAE,0x3F,0xF4,0xAB,0x77}, - {0xEF,0x1B,0xF0,0x3E,0x5D,0xFA,0x57,0x5A}, - {0x88,0xBF,0x0D,0xB6,0xD7,0x0D,0xEE,0x56}, - {0xA1,0xF9,0x91,0x55,0x41,0x02,0x0B,0x56}, - {0x6F,0xBF,0x1C,0xAF,0xCF,0xFD,0x05,0x56}, - {0x2F,0x22,0xE4,0x9B,0xAB,0x7C,0xA1,0xAC}, - {0x5A,0x6B,0x61,0x2C,0xC2,0x6C,0xCE,0x4A}, - {0x5F,0x4C,0x03,0x8E,0xD1,0x2B,0x2E,0x41}, - {0x63,0xFA,0xC0,0xD0,0x34,0xD9,0xF7,0x93}, - {0x61,0x7B,0x3A,0x0C,0xE8,0xF0,0x71,0x00}, - {0xDB,0x95,0x86,0x05,0xF8,0xC8,0xC6,0x06}, - {0xED,0xBF,0xD1,0xC6,0x6C,0x29,0xCC,0xC7}, - {0x35,0x55,0x50,0xB2,0x15,0x0E,0x24,0x51}, - {0xCA,0xAA,0xAF,0x4D,0xEA,0xF1,0xDB,0xAE}, - {0xD5,0xD4,0x4F,0xF7,0x20,0x68,0x3D,0x0D}, - {0x2A,0x2B,0xB0,0x08,0xDF,0x97,0xC2,0xF2}}; - -static unsigned char cipher_ecb2[NUM_TESTS-1][8]={ - {0x92,0x95,0xB5,0x9B,0xB3,0x84,0x73,0x6E}, - {0x19,0x9E,0x9D,0x6D,0xF3,0x9A,0xA8,0x16}, - {0x2A,0x4B,0x4D,0x24,0x52,0x43,0x84,0x27}, - {0x35,0x84,0x3C,0x01,0x9D,0x18,0xC5,0xB6}, - {0x4A,0x5B,0x2F,0x42,0xAA,0x77,0x19,0x25}, - {0xA0,0x6B,0xA9,0xB8,0xCA,0x5B,0x17,0x8A}, - {0xAB,0x9D,0xB7,0xFB,0xED,0x95,0xF2,0x74}, - {0x3D,0x25,0x6C,0x23,0xA7,0x25,0x2F,0xD6}, - {0xB7,0x6F,0xAB,0x4F,0xBD,0xBD,0xB7,0x67}, - {0x8F,0x68,0x27,0xD6,0x9C,0xF4,0x1A,0x10}, - {0x82,0x57,0xA1,0xD6,0x50,0x5E,0x81,0x85}, - {0xA2,0x0F,0x0A,0xCD,0x80,0x89,0x7D,0xFA}, - {0xCD,0x2A,0x53,0x3A,0xDB,0x0D,0x7E,0xF3}, - {0xD2,0xC2,0xBE,0x27,0xE8,0x1B,0x68,0xE3}, - {0xE9,0x24,0xCF,0x4F,0x89,0x3C,0x5B,0x0A}, - {0xA7,0x18,0xC3,0x9F,0xFA,0x9F,0xD7,0x69}, - {0x77,0x2C,0x79,0xB1,0xD2,0x31,0x7E,0xB1}, - {0x49,0xAB,0x92,0x7F,0xD0,0x22,0x00,0xB7}, - {0xCE,0x1C,0x6C,0x7D,0x85,0xE3,0x4A,0x6F}, - {0xBE,0x91,0xD6,0xE1,0x27,0xB2,0xE9,0x87}, - {0x70,0x28,0xAE,0x8F,0xD1,0xF5,0x74,0x1A}, - {0xAA,0x37,0x80,0xBB,0xF3,0x22,0x1D,0xDE}, - {0xA6,0xC4,0xD2,0x5E,0x28,0x93,0xAC,0xB3}, - {0x22,0x07,0x81,0x5A,0xE4,0xB7,0x1A,0xAD}, - {0xDC,0xCE,0x05,0xE7,0x07,0xBD,0xF5,0x84}, - {0x26,0x1D,0x39,0x2C,0xB3,0xBA,0xA5,0x85}, - {0xB4,0xF7,0x0F,0x72,0xFB,0x04,0xF0,0xDC}, - {0x95,0xBA,0xA9,0x4E,0x87,0x36,0xF2,0x89}, - {0xD4,0x07,0x3A,0xF1,0x5A,0x17,0x82,0x0E}, - {0xEF,0x6F,0xAF,0xA7,0x66,0x1A,0x7E,0x89}, - {0xC1,0x97,0xF5,0x58,0x74,0x8A,0x20,0xE7}, - {0x43,0x34,0xCF,0xDA,0x22,0xC4,0x86,0xC8}, - {0x08,0xD7,0xB4,0xFB,0x62,0x9D,0x08,0x85}}; - -static unsigned char cbc_key [8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef}; -static unsigned char cbc2_key[8]={0xf1,0xe0,0xd3,0xc2,0xb5,0xa4,0x97,0x86}; -static unsigned char cbc3_key[8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10}; -static unsigned char cbc_iv [8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10}; -/* Changed the following text constant to binary so it will work on ebcdic - * machines :-) */ -/* static char cbc_data[40]="7654321 Now is the time for \0001"; */ -static unsigned char cbc_data[40]={ - 0x37,0x36,0x35,0x34,0x33,0x32,0x31,0x20, - 0x4E,0x6F,0x77,0x20,0x69,0x73,0x20,0x74, - 0x68,0x65,0x20,0x74,0x69,0x6D,0x65,0x20, - 0x66,0x6F,0x72,0x20,0x00,0x31,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - }; - -static unsigned char cbc_ok[32]={ - 0xcc,0xd1,0x73,0xff,0xab,0x20,0x39,0xf4, - 0xac,0xd8,0xae,0xfd,0xdf,0xd8,0xa1,0xeb, - 0x46,0x8e,0x91,0x15,0x78,0x88,0xba,0x68, - 0x1d,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4}; - -#ifdef SCREW_THE_PARITY -#error "SCREW_THE_PARITY is not ment to be defined." -#error "Original vectors are preserved for reference only." -static unsigned char cbc2_key[8]={0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87}; -static unsigned char xcbc_ok[32]={ - 0x86,0x74,0x81,0x0D,0x61,0xA4,0xA5,0x48, - 0xB9,0x93,0x03,0xE1,0xB8,0xBB,0xBD,0xBD, - 0x64,0x30,0x0B,0xB9,0x06,0x65,0x81,0x76, - 0x04,0x1D,0x77,0x62,0x17,0xCA,0x2B,0xD2, - }; -#else -static unsigned char xcbc_ok[32]={ - 0x84,0x6B,0x29,0x14,0x85,0x1E,0x9A,0x29, - 0x54,0x73,0x2F,0x8A,0xA0,0xA6,0x11,0xC1, - 0x15,0xCD,0xC2,0xD7,0x95,0x1B,0x10,0x53, - 0xA6,0x3C,0x5E,0x03,0xB2,0x1A,0xA3,0xC4, - }; -#endif - -static unsigned char cbc3_ok[32]={ - 0x3F,0xE3,0x01,0xC9,0x62,0xAC,0x01,0xD0, - 0x22,0x13,0x76,0x3C,0x1C,0xBD,0x4C,0xDC, - 0x79,0x96,0x57,0xC0,0x64,0xEC,0xF5,0xD4, - 0x1C,0x67,0x38,0x12,0xCF,0xDE,0x96,0x75}; - -static unsigned char pcbc_ok[32]={ - 0xcc,0xd1,0x73,0xff,0xab,0x20,0x39,0xf4, - 0x6d,0xec,0xb4,0x70,0xa0,0xe5,0x6b,0x15, - 0xae,0xa6,0xbf,0x61,0xed,0x7d,0x9c,0x9f, - 0xf7,0x17,0x46,0x3b,0x8a,0xb3,0xcc,0x88}; - -static unsigned char cfb_key[8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef}; -static unsigned char cfb_iv[8]={0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef}; -static unsigned char cfb_buf1[40],cfb_buf2[40],cfb_tmp[8]; -static unsigned char plain[24]= - { - 0x4e,0x6f,0x77,0x20,0x69,0x73, - 0x20,0x74,0x68,0x65,0x20,0x74, - 0x69,0x6d,0x65,0x20,0x66,0x6f, - 0x72,0x20,0x61,0x6c,0x6c,0x20 - }; -static unsigned char cfb_cipher8[24]= { - 0xf3,0x1f,0xda,0x07,0x01,0x14, 0x62,0xee,0x18,0x7f,0x43,0xd8, - 0x0a,0x7c,0xd9,0xb5,0xb0,0xd2, 0x90,0xda,0x6e,0x5b,0x9a,0x87 }; -static unsigned char cfb_cipher16[24]={ - 0xF3,0x09,0x87,0x87,0x7F,0x57, 0xF7,0x3C,0x36,0xB6,0xDB,0x70, - 0xD8,0xD5,0x34,0x19,0xD3,0x86, 0xB2,0x23,0xB7,0xB2,0xAD,0x1B }; -static unsigned char cfb_cipher32[24]={ - 0xF3,0x09,0x62,0x49,0xA4,0xDF, 0xA4,0x9F,0x33,0xDC,0x7B,0xAD, - 0x4C,0xC8,0x9F,0x64,0xE4,0x53, 0xE5,0xEC,0x67,0x20,0xDA,0xB6 }; -static unsigned char cfb_cipher48[24]={ - 0xF3,0x09,0x62,0x49,0xC7,0xF4, 0x30,0xB5,0x15,0xEC,0xBB,0x85, - 0x97,0x5A,0x13,0x8C,0x68,0x60, 0xE2,0x38,0x34,0x3C,0xDC,0x1F }; -static unsigned char cfb_cipher64[24]={ - 0xF3,0x09,0x62,0x49,0xC7,0xF4, 0x6E,0x51,0xA6,0x9E,0x83,0x9B, - 0x1A,0x92,0xF7,0x84,0x03,0x46, 0x71,0x33,0x89,0x8E,0xA6,0x22 }; - -static unsigned char ofb_key[8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef}; -static unsigned char ofb_iv[8]={0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef}; -static unsigned char ofb_buf1[24],ofb_buf2[24],ofb_tmp[8]; -static unsigned char ofb_cipher[24]= - { - 0xf3,0x09,0x62,0x49,0xc7,0xf4,0x6e,0x51, - 0x35,0xf2,0x4a,0x24,0x2e,0xeb,0x3d,0x3f, - 0x3d,0x6d,0x5b,0xe3,0x25,0x5a,0xf8,0xc3 - }; - -static DES_LONG cbc_cksum_ret=0xB462FEF7L; -static unsigned char cbc_cksum_data[8]={0x1D,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4}; - -static char *pt(unsigned char *p); -static int cfb_test(int bits, unsigned char *cfb_cipher); -static int cfb64_test(unsigned char *cfb_cipher); -static int ede_cfb64_test(unsigned char *cfb_cipher); -int main(int argc, char *argv[]) - { - int i,j,err=0; - des_cblock in,out,outin,iv3,iv2; - des_key_schedule ks,ks2,ks3; - unsigned char cbc_in[40]; - unsigned char cbc_out[40]; - DES_LONG cs; - unsigned char cret[8]; -#ifdef _CRAY - struct { - int a:32; - int b:32; - } lqret[2]; -#else - DES_LONG lqret[4]; -#endif - int num; - char *str; - -#ifndef OPENSSL_NO_DESCBCM - printf("Doing cbcm\n"); - if ((j=DES_set_key_checked(&cbc_key,&ks)) != 0) - { - printf("Key error %d\n",j); - err=1; - } - if ((j=DES_set_key_checked(&cbc2_key,&ks2)) != 0) - { - printf("Key error %d\n",j); - err=1; - } - if ((j=DES_set_key_checked(&cbc3_key,&ks3)) != 0) - { - printf("Key error %d\n",j); - err=1; - } - memset(cbc_out,0,40); - memset(cbc_in,0,40); - i=strlen((char *)cbc_data)+1; - /* i=((i+7)/8)*8; */ - memcpy(iv3,cbc_iv,sizeof(cbc_iv)); - memset(iv2,'\0',sizeof iv2); - - DES_ede3_cbcm_encrypt(cbc_data,cbc_out,16L,&ks,&ks2,&ks3,&iv3,&iv2, - DES_ENCRYPT); - DES_ede3_cbcm_encrypt(&cbc_data[16],&cbc_out[16],i-16,&ks,&ks2,&ks3, - &iv3,&iv2,DES_ENCRYPT); - /* if (memcmp(cbc_out,cbc3_ok, - (unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0) - { - printf("des_ede3_cbc_encrypt encrypt error\n"); - err=1; - } - */ - memcpy(iv3,cbc_iv,sizeof(cbc_iv)); - memset(iv2,'\0',sizeof iv2); - DES_ede3_cbcm_encrypt(cbc_out,cbc_in,i,&ks,&ks2,&ks3,&iv3,&iv2,DES_DECRYPT); - if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0) - { - int n; - - printf("des_ede3_cbcm_encrypt decrypt error\n"); - for(n=0 ; n < i ; ++n) - printf(" %02x",cbc_data[n]); - printf("\n"); - for(n=0 ; n < i ; ++n) - printf(" %02x",cbc_in[n]); - printf("\n"); - err=1; - } -#endif - - printf("Doing ecb\n"); - for (i=0; i>4)&0xf]; - ret[i*2+1]=f[p[i]&0xf]; - } - ret[16]='\0'; - return(ret); - } - -#ifndef LIBDES_LIT - -static int cfb_test(int bits, unsigned char *cfb_cipher) - { - des_key_schedule ks; - int i,err=0; - - DES_set_key_checked(&cfb_key,&ks); - memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv)); - des_cfb_encrypt(plain,cfb_buf1,bits,sizeof(plain),ks,&cfb_tmp, - DES_ENCRYPT); - if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0) - { - err=1; - printf("cfb_encrypt encrypt error\n"); - for (i=0; i<24; i+=8) - printf("%s\n",pt(&(cfb_buf1[i]))); - } - memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv)); - des_cfb_encrypt(cfb_buf1,cfb_buf2,bits,sizeof(plain),ks,&cfb_tmp, - DES_DECRYPT); - if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0) - { - err=1; - printf("cfb_encrypt decrypt error\n"); - for (i=0; i<24; i+=8) - printf("%s\n",pt(&(cfb_buf1[i]))); - } - return(err); - } - -static int cfb64_test(unsigned char *cfb_cipher) - { - des_key_schedule ks; - int err=0,i,n; - - DES_set_key_checked(&cfb_key,&ks); - memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv)); - n=0; - des_cfb64_encrypt(plain,cfb_buf1,12,ks,&cfb_tmp,&n,DES_ENCRYPT); - des_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),sizeof(plain)-12,ks, - &cfb_tmp,&n,DES_ENCRYPT); - if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0) - { - err=1; - printf("cfb_encrypt encrypt error\n"); - for (i=0; i<24; i+=8) - printf("%s\n",pt(&(cfb_buf1[i]))); - } - memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv)); - n=0; - des_cfb64_encrypt(cfb_buf1,cfb_buf2,17,ks,&cfb_tmp,&n,DES_DECRYPT); - des_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]), - sizeof(plain)-17,ks,&cfb_tmp,&n,DES_DECRYPT); - if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0) - { - err=1; - printf("cfb_encrypt decrypt error\n"); - for (i=0; i<24; i+=8) - printf("%s\n",pt(&(cfb_buf2[i]))); - } - return(err); - } - -static int ede_cfb64_test(unsigned char *cfb_cipher) - { - des_key_schedule ks; - int err=0,i,n; - - DES_set_key_checked(&cfb_key,&ks); - memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv)); - n=0; - des_ede3_cfb64_encrypt(plain,cfb_buf1,12,ks,ks,ks,&cfb_tmp,&n, - DES_ENCRYPT); - des_ede3_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]), - sizeof(plain)-12,ks,ks,ks, - &cfb_tmp,&n,DES_ENCRYPT); - if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0) - { - err=1; - printf("ede_cfb_encrypt encrypt error\n"); - for (i=0; i<24; i+=8) - printf("%s\n",pt(&(cfb_buf1[i]))); - } - memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv)); - n=0; - des_ede3_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,ks,ks,ks, - &cfb_tmp,&n,DES_DECRYPT); - des_ede3_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]), - sizeof(plain)-17,ks,ks,ks, - &cfb_tmp,&n,DES_DECRYPT); - if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0) - { - err=1; - printf("ede_cfb_encrypt decrypt error\n"); - for (i=0; i<24; i+=8) - printf("%s\n",pt(&(cfb_buf2[i]))); - } - return(err); - } - -#endif -#endif diff --git a/src/lib/libcrypto/des/ecb3_enc.c b/src/lib/libcrypto/des/ecb3_enc.c index c3437bc6062..97de804cfb0 100644 --- a/src/lib/libcrypto/des/ecb3_enc.c +++ b/src/lib/libcrypto/des/ecb3_enc.c @@ -1,4 +1,4 @@ -/* crypto/des/ecb3_enc.c */ +/* $OpenBSD: ecb3_enc.c,v 1.7 2014/10/28 07:35:58 jsg Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -63,7 +63,7 @@ void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output, DES_key_schedule *ks3, int enc) { - register DES_LONG l0,l1; + DES_LONG l0,l1; DES_LONG ll[2]; const unsigned char *in = &(*input)[0]; unsigned char *out = &(*output)[0]; diff --git a/src/lib/libcrypto/des/ecb_enc.c b/src/lib/libcrypto/des/ecb_enc.c index 4650f2fa0f5..dac37de882a 100644 --- a/src/lib/libcrypto/des/ecb_enc.c +++ b/src/lib/libcrypto/des/ecb_enc.c @@ -1,4 +1,4 @@ -/* crypto/des/ecb_enc.c */ +/* $OpenBSD: ecb_enc.c,v 1.16 2014/10/28 07:35:58 jsg Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -57,11 +57,8 @@ */ #include "des_locl.h" -#include "spr.h" #include - -OPENSSL_GLOBAL const char *libdes_version="libdes" OPENSSL_VERSION_PTEXT; -OPENSSL_GLOBAL const char *DES_version="DES" OPENSSL_VERSION_PTEXT; +#include const char *DES_options(void) { @@ -90,13 +87,14 @@ const char *DES_options(void) #ifdef DES_UNROLL unroll="16"; #else - unroll="4"; + unroll="2"; #endif if (sizeof(DES_LONG) != sizeof(long)) size="int"; else size="long"; - sprintf(buf,"des(%s,%s,%s,%s)",ptr,risc,unroll,size); + snprintf(buf,sizeof buf,"des(%s,%s,%s,%s)",ptr,risc,unroll, + size); init=0; } return(buf); @@ -106,7 +104,7 @@ const char *DES_options(void) void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output, DES_key_schedule *ks, int enc) { - register DES_LONG l; + DES_LONG l; DES_LONG ll[2]; const unsigned char *in = &(*input)[0]; unsigned char *out = &(*output)[0]; diff --git a/src/lib/libcrypto/des/ede_cbcm_enc.c b/src/lib/libcrypto/des/ede_cbcm_enc.c index fa45aa272ba..9a9f51e3118 100644 --- a/src/lib/libcrypto/des/ede_cbcm_enc.c +++ b/src/lib/libcrypto/des/ede_cbcm_enc.c @@ -1,4 +1,4 @@ -/* ede_cbcm_enc.c */ +/* $OpenBSD: ede_cbcm_enc.c,v 1.6 2014/10/28 07:35:58 jsg Exp $ */ /* Written by Ben Laurie for the OpenSSL * project 13 Feb 1999. */ @@ -68,6 +68,8 @@ a lot of work: */ +#include /* To see if OPENSSL_NO_DESCBCM is defined */ + #ifndef OPENSSL_NO_DESCBCM #include "des_locl.h" @@ -76,9 +78,9 @@ void DES_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out, DES_key_schedule *ks3, DES_cblock *ivec1, DES_cblock *ivec2, int enc) { - register DES_LONG tin0,tin1; - register DES_LONG tout0,tout1,xor0,xor1,m0,m1; - register long l=length; + DES_LONG tin0,tin1; + DES_LONG tout0,tout1,xor0,xor1,m0,m1; + long l=length; DES_LONG tin[2]; unsigned char *iv1,*iv2; @@ -136,7 +138,7 @@ void DES_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out, } else { - register DES_LONG t0,t1; + DES_LONG t0,t1; c2l(iv1,m0); c2l(iv1,m1); diff --git a/src/lib/libcrypto/des/enc_read.c b/src/lib/libcrypto/des/enc_read.c index c70fb686b8b..f5659150d3c 100644 --- a/src/lib/libcrypto/des/enc_read.c +++ b/src/lib/libcrypto/des/enc_read.c @@ -1,4 +1,4 @@ -/* crypto/des/enc_read.c */ +/* $OpenBSD: enc_read.c,v 1.15 2015/02/12 03:54:07 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -56,15 +56,16 @@ * [including the GNU Public Licence.] */ -#include #include -#include "cryptlib.h" +#include + +#include + #include "des_locl.h" /* This has some uglies in it but it works - even over sockets. */ /*extern int errno;*/ -OPENSSL_IMPLEMENT_GLOBAL(int,DES_rw_mode)=DES_PCBC_MODE; - +int DES_rw_mode = DES_PCBC_MODE; /* * WARNINGS: @@ -103,17 +104,17 @@ int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched, if (tmpbuf == NULL) { - tmpbuf=OPENSSL_malloc(BSIZE); + tmpbuf=malloc(BSIZE); if (tmpbuf == NULL) return(-1); } if (net == NULL) { - net=OPENSSL_malloc(BSIZE); + net=malloc(BSIZE); if (net == NULL) return(-1); } if (unnet == NULL) { - unnet=OPENSSL_malloc(BSIZE); + unnet=malloc(BSIZE); if (unnet == NULL) return(-1); } /* left over data from last decrypt */ diff --git a/src/lib/libcrypto/des/enc_writ.c b/src/lib/libcrypto/des/enc_writ.c index af5b8c2349b..59f3878de92 100644 --- a/src/lib/libcrypto/des/enc_writ.c +++ b/src/lib/libcrypto/des/enc_writ.c @@ -1,4 +1,4 @@ -/* crypto/des/enc_writ.c */ +/* $OpenBSD: enc_writ.c,v 1.14 2015/02/12 03:54:07 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -57,11 +57,13 @@ */ #include -#include #include -#include "cryptlib.h" +#include +#include + +#include + #include "des_locl.h" -#include /* * WARNINGS: @@ -95,7 +97,7 @@ int DES_enc_write(int fd, const void *_buf, int len, if (outbuf == NULL) { - outbuf=OPENSSL_malloc(BSIZE+HDRSIZE); + outbuf=malloc(BSIZE+HDRSIZE); if (outbuf == NULL) return(-1); } /* If we are sending less than 8 bytes, the same char will look @@ -130,7 +132,7 @@ int DES_enc_write(int fd, const void *_buf, int len, { cp=shortbuf; memcpy(shortbuf,buf,len); - RAND_pseudo_bytes(shortbuf+len, 8-len); + arc4random_buf(shortbuf+len, 8-len); rnum=8; } else diff --git a/src/lib/libcrypto/des/fcrypt.c b/src/lib/libcrypto/des/fcrypt.c index 387d97f28d1..f8c9935a468 100644 --- a/src/lib/libcrypto/des/fcrypt.c +++ b/src/lib/libcrypto/des/fcrypt.c @@ -1,4 +1,5 @@ -/* NOCW */ +/* $OpenBSD: fcrypt.c,v 1.12 2016/12/26 21:30:10 jca Exp $ */ + #include /* This version of crypt has been developed from my MIT compatible @@ -9,7 +10,7 @@ /* Modification by Jens Kupferschmidt (Cu) * I have included directive PARA for shared memory computers. * I have included a directive LONGCRYPT to using this routine to cipher - * passwords with more then 8 bytes like HP-UX 10.x it used. The MAXPLEN + * passwords with more than 8 bytes like HP-UX 10.x it used. The MAXPLEN * definition is the maximum of length of password and can changed. I have * defined 24. */ @@ -50,44 +51,11 @@ static unsigned const char cov_2char[64]={ 0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7A }; -void fcrypt_body(DES_LONG *out,DES_key_schedule *ks, - DES_LONG Eswap0, DES_LONG Eswap1); - char *DES_crypt(const char *buf, const char *salt) { static char buff[14]; -#ifndef CHARSET_EBCDIC return(DES_fcrypt(buf,salt,buff)); -#else - char e_salt[2+1]; - char e_buf[32+1]; /* replace 32 by 8 ? */ - char *ret; - - /* Copy at most 2 chars of salt */ - if ((e_salt[0] = salt[0]) != '\0') - e_salt[1] = salt[1]; - - /* Copy at most 32 chars of password */ - strncpy (e_buf, buf, sizeof(e_buf)); - - /* Make sure we have a delimiter */ - e_salt[sizeof(e_salt)-1] = e_buf[sizeof(e_buf)-1] = '\0'; - - /* Convert the e_salt to ASCII, as that's what DES_fcrypt works on */ - ebcdic2ascii(e_salt, e_salt, sizeof e_salt); - - /* Convert the cleartext password to ASCII */ - ebcdic2ascii(e_buf, e_buf, sizeof e_buf); - - /* Encrypt it (from/to ASCII) */ - ret = DES_fcrypt(e_buf,e_salt,buff); - - /* Convert the result back to EBCDIC */ - ascii2ebcdic(ret, ret, strlen(ret)); - - return ret; -#endif } @@ -105,23 +73,15 @@ char *DES_fcrypt(const char *buf, const char *salt, char *ret) /* eay 25/08/92 * If you call crypt("pwd","*") as often happens when you * have * as the pwd field in /etc/passwd, the function - * returns *\0XXXXXXXXX + * returns *\0xxxxxxxxx * The \0 makes the string look like * so the pwd "*" would * crypt to "*". This was found when replacing the crypt in * our shared libraries. People found that the disabled * accounts effectively had no passwd :-(. */ -#ifndef CHARSET_EBCDIC x=ret[0]=((salt[0] == '\0')?'A':salt[0]); Eswap0=con_salt[x]<<2; x=ret[1]=((salt[1] == '\0')?'A':salt[1]); Eswap1=con_salt[x]<<6; -#else - x=ret[0]=((salt[0] == '\0')?os_toascii['A']:salt[0]); - Eswap0=con_salt[x]<<2; - x=ret[1]=((salt[1] == '\0')?os_toascii['A']:salt[1]); - Eswap1=con_salt[x]<<6; -#endif - /* EAY r=strlen(buf); r=(r+7)/8; diff --git a/src/lib/libcrypto/des/fcrypt_b.c b/src/lib/libcrypto/des/fcrypt_b.c index 1390138787f..ad11a47d881 100644 --- a/src/lib/libcrypto/des/fcrypt_b.c +++ b/src/lib/libcrypto/des/fcrypt_b.c @@ -1,4 +1,4 @@ -/* crypto/des/fcrypt_b.c */ +/* $OpenBSD: fcrypt_b.c,v 1.9 2014/10/28 07:35:58 jsg Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -68,6 +68,8 @@ #include "des_locl.h" #undef DES_FCRYPT +#ifndef OPENBSD_DES_ASM + #undef PERM_OP #define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\ (b)^=(t),\ @@ -80,13 +82,13 @@ void fcrypt_body(DES_LONG *out, DES_key_schedule *ks, DES_LONG Eswap0, DES_LONG Eswap1) { - register DES_LONG l,r,t,u; + DES_LONG l,r,t,u; #ifdef DES_PTR - register const unsigned char *des_SP=(const unsigned char *)DES_SPtrans; + const unsigned char *des_SP=(const unsigned char *)DES_SPtrans; #endif - register DES_LONG *s; - register int j; - register DES_LONG E0,E1; + DES_LONG *s; + int j; + DES_LONG E0,E1; l=0; r=0; @@ -98,14 +100,12 @@ void fcrypt_body(DES_LONG *out, DES_key_schedule *ks, DES_LONG Eswap0, for (j=0; j<25; j++) { #ifndef DES_UNROLL - register int i; + int i; - for (i=0; i<32; i+=8) + for (i=0; i<32; i+=4) { D_ENCRYPT(l,r,i+0); /* 1 */ D_ENCRYPT(r,l,i+2); /* 2 */ - D_ENCRYPT(l,r,i+4); /* 1 */ - D_ENCRYPT(r,l,i+6); /* 2 */ } #else D_ENCRYPT(l,r, 0); /* 1 */ @@ -143,3 +143,4 @@ void fcrypt_body(DES_LONG *out, DES_key_schedule *ks, DES_LONG Eswap0, out[1]=l; } +#endif /* OPENBSD_DES_ASM */ diff --git a/src/lib/libcrypto/des/makefile.bc b/src/lib/libcrypto/des/makefile.bc deleted file mode 100644 index 1fe6d4915a9..00000000000 --- a/src/lib/libcrypto/des/makefile.bc +++ /dev/null @@ -1,50 +0,0 @@ -# -# Origional BC Makefile from Teun -# -# -CC = bcc -TLIB = tlib /0 /C -# note: the -3 flag produces code for 386, 486, Pentium etc; omit it for 286s -OPTIMIZE= -3 -O2 -#WINDOWS= -W -CFLAGS = -c -ml -d $(OPTIMIZE) $(WINDOWS) -DMSDOS -LFLAGS = -ml $(WINDOWS) - -.c.obj: - $(CC) $(CFLAGS) $*.c - -.obj.exe: - $(CC) $(LFLAGS) -e$*.exe $*.obj libdes.lib - -all: $(LIB) destest.exe rpw.exe des.exe speed.exe - -# "make clean": use a directory containing only libdes .exe and .obj files... -clean: - del *.exe - del *.obj - del libdes.lib - del libdes.rsp - -OBJS= cbc_cksm.obj cbc_enc.obj ecb_enc.obj pcbc_enc.obj \ - qud_cksm.obj rand_key.obj set_key.obj str2key.obj \ - enc_read.obj enc_writ.obj fcrypt.obj cfb_enc.obj \ - ecb3_enc.obj ofb_enc.obj cbc3_enc.obj read_pwd.obj\ - cfb64enc.obj ofb64enc.obj ede_enc.obj cfb64ede.obj\ - ofb64ede.obj supp.obj - -LIB= libdes.lib - -$(LIB): $(OBJS) - del $(LIB) - makersp "+%s &\n" &&| - $(OBJS) -| >libdes.rsp - $(TLIB) libdes.lib @libdes.rsp,nul - del libdes.rsp - -destest.exe: destest.obj libdes.lib -rpw.exe: rpw.obj libdes.lib -speed.exe: speed.obj libdes.lib -des.exe: des.obj libdes.lib - - diff --git a/src/lib/libcrypto/des/ncbc_enc.c b/src/lib/libcrypto/des/ncbc_enc.c index fda23d522f3..212796237d5 100644 --- a/src/lib/libcrypto/des/ncbc_enc.c +++ b/src/lib/libcrypto/des/ncbc_enc.c @@ -1,4 +1,4 @@ -/* crypto/des/ncbc_enc.c */ +/* $OpenBSD: ncbc_enc.c,v 1.7 2014/10/28 07:35:58 jsg Exp $ */ /* * #included by: * cbc_enc.c (DES_cbc_encrypt) @@ -71,9 +71,9 @@ void DES_ncbc_encrypt(const unsigned char *in, unsigned char *out, long length, DES_key_schedule *_schedule, DES_cblock *ivec, int enc) #endif { - register DES_LONG tin0,tin1; - register DES_LONG tout0,tout1,xor0,xor1; - register long l=length; + DES_LONG tin0,tin1; + DES_LONG tout0,tout1,xor0,xor1; + long l=length; DES_LONG tin[2]; unsigned char *iv; diff --git a/src/lib/libcrypto/des/ofb64ede.c b/src/lib/libcrypto/des/ofb64ede.c index 26bbf9a6a73..474d38caaf7 100644 --- a/src/lib/libcrypto/des/ofb64ede.c +++ b/src/lib/libcrypto/des/ofb64ede.c @@ -1,4 +1,4 @@ -/* crypto/des/ofb64ede.c */ +/* $OpenBSD: ofb64ede.c,v 1.6 2015/02/07 13:19:15 doug Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -62,17 +62,17 @@ * used. The extra state information to record how much of the * 64bit block we have used is contained in *num; */ -void DES_ede3_ofb64_encrypt(register const unsigned char *in, - register unsigned char *out, long length, +void DES_ede3_ofb64_encrypt(const unsigned char *in, + unsigned char *out, long length, DES_key_schedule *k1, DES_key_schedule *k2, DES_key_schedule *k3, DES_cblock *ivec, int *num) { - register DES_LONG v0,v1; - register int n= *num; - register long l=length; + DES_LONG v0,v1; + int n= *num; + long l=length; DES_cblock d; - register char *dp; + char *dp; DES_LONG ti[2]; unsigned char *iv; int save=0; @@ -105,8 +105,6 @@ void DES_ede3_ofb64_encrypt(register const unsigned char *in, } if (save) { -/* v0=ti[0]; - v1=ti[1];*/ iv = &(*ivec)[0]; l2c(v0,iv); l2c(v1,iv); @@ -114,12 +112,3 @@ void DES_ede3_ofb64_encrypt(register const unsigned char *in, v0=v1=ti[0]=ti[1]=0; *num=n; } - -#ifdef undef /* MACRO */ -void DES_ede2_ofb64_encrypt(register unsigned char *in, - register unsigned char *out, long length, DES_key_schedule k1, - DES_key_schedule k2, DES_cblock (*ivec), int *num) - { - DES_ede3_ofb64_encrypt(in, out, length, k1,k2,k1, ivec, num); - } -#endif diff --git a/src/lib/libcrypto/des/ofb64enc.c b/src/lib/libcrypto/des/ofb64enc.c index 8ca3d49dea1..de1a26b99f7 100644 --- a/src/lib/libcrypto/des/ofb64enc.c +++ b/src/lib/libcrypto/des/ofb64enc.c @@ -1,4 +1,4 @@ -/* crypto/des/ofb64enc.c */ +/* $OpenBSD: ofb64enc.c,v 1.6 2014/10/28 07:35:58 jsg Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -62,15 +62,15 @@ * used. The extra state information to record how much of the * 64bit block we have used is contained in *num; */ -void DES_ofb64_encrypt(register const unsigned char *in, - register unsigned char *out, long length, +void DES_ofb64_encrypt(const unsigned char *in, + unsigned char *out, long length, DES_key_schedule *schedule, DES_cblock *ivec, int *num) { - register DES_LONG v0,v1,t; - register int n= *num; - register long l=length; + DES_LONG v0,v1,t; + int n= *num; + long l=length; DES_cblock d; - register unsigned char *dp; + unsigned char *dp; DES_LONG ti[2]; unsigned char *iv; int save=0; diff --git a/src/lib/libcrypto/des/ofb_enc.c b/src/lib/libcrypto/des/ofb_enc.c index e887a3c6f4b..8cc5bbcb1ea 100644 --- a/src/lib/libcrypto/des/ofb_enc.c +++ b/src/lib/libcrypto/des/ofb_enc.c @@ -1,4 +1,4 @@ -/* crypto/des/ofb_enc.c */ +/* $OpenBSD: ofb_enc.c,v 1.6 2014/10/28 07:35:58 jsg Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -68,10 +68,10 @@ void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits, long length, DES_key_schedule *schedule, DES_cblock *ivec) { - register DES_LONG d0,d1,vv0,vv1,v0,v1,n=(numbits+7)/8; - register DES_LONG mask0,mask1; - register long l=length; - register int num=numbits; + DES_LONG d0,d1,vv0,vv1,v0,v1,n=(numbits+7)/8; + DES_LONG mask0,mask1; + long l=length; + int num=numbits; DES_LONG ti[2]; unsigned char *iv; diff --git a/src/lib/libcrypto/des/options.txt b/src/lib/libcrypto/des/options.txt deleted file mode 100644 index 6e2b50f765e..00000000000 --- a/src/lib/libcrypto/des/options.txt +++ /dev/null @@ -1,39 +0,0 @@ -Note that the UNROLL option makes the 'inner' des loop unroll all 16 rounds -instead of the default 4. -RISC1 and RISC2 are 2 alternatives for the inner loop and -PTR means to use pointers arithmatic instead of arrays. - -FreeBSD - Pentium Pro 200mhz - gcc 2.7.2.2 - assembler 577,000 4620k/s -IRIX 6.2 - R10000 195mhz - cc (-O3 -n32) - UNROLL RISC2 PTR 496,000 3968k/s -solaris 2.5.1 usparc 167mhz?? - SC4.0 - UNROLL RISC1 PTR [1] 459,400 3672k/s -FreeBSD - Pentium Pro 200mhz - gcc 2.7.2.2 - UNROLL RISC1 433,000 3468k/s -solaris 2.5.1 usparc 167mhz?? - gcc 2.7.2 - UNROLL 380,000 3041k/s -linux - pentium 100mhz - gcc 2.7.0 - assembler 281,000 2250k/s -NT 4.0 - pentium 100mhz - VC 4.2 - assembler 281,000 2250k/s -AIX 4.1? - PPC604 100mhz - cc - UNROLL 275,000 2200k/s -IRIX 5.3 - R4400 200mhz - gcc 2.6.3 - UNROLL RISC2 PTR 235,300 1882k/s -IRIX 5.3 - R4400 200mhz - cc - UNROLL RISC2 PTR 233,700 1869k/s -NT 4.0 - pentium 100mhz - VC 4.2 - UNROLL RISC1 PTR 191,000 1528k/s -DEC Alpha 165mhz?? - cc - RISC2 PTR [2] 181,000 1448k/s -linux - pentium 100mhz - gcc 2.7.0 - UNROLL RISC1 PTR 158,500 1268k/s -HPUX 10 - 9000/887 - cc - UNROLL [3] 148,000 1190k/s -solaris 2.5.1 - sparc 10 50mhz - gcc 2.7.2 - UNROLL 123,600 989k/s -IRIX 5.3 - R4000 100mhz - cc - UNROLL RISC2 PTR 101,000 808k/s -DGUX - 88100 50mhz(?) - gcc 2.6.3 - UNROLL 81,000 648k/s -solaris 2.4 486 50mhz - gcc 2.6.3 - assembler 65,000 522k/s -HPUX 10 - 9000/887 - k&r cc (default compiler) - UNROLL PTR 76,000 608k/s -solaris 2.4 486 50mhz - gcc 2.6.3 - UNROLL RISC2 43,500 344k/s -AIX - old slow one :-) - cc - 39,000 312k/s - -Notes. -[1] For the ultra sparc, SunC 4.0 - cc -xtarget=ultra -xarch=v8plus -Xa -xO5, running 'des_opts' - gives a speed of 344,000 des/s while 'speed' gives 459,000 des/s. - I'll record the higher since it is coming from the library but it - is all rather weird. -[2] Similar to the ultra sparc ([1]), 181,000 for 'des_opts' vs 175,000. -[3] I was unable to get access to this machine when it was not heavily loaded. - As such, my timing program was never able to get more that %30 of the CPU. - This would cause the program to give much lower speed numbers because - it would be 'fighting' to stay in the cache with the other CPU burning - processes. diff --git a/src/lib/libcrypto/des/pcbc_enc.c b/src/lib/libcrypto/des/pcbc_enc.c index 17a40f9520f..fda18ba83d8 100644 --- a/src/lib/libcrypto/des/pcbc_enc.c +++ b/src/lib/libcrypto/des/pcbc_enc.c @@ -1,4 +1,4 @@ -/* crypto/des/pcbc_enc.c */ +/* $OpenBSD: pcbc_enc.c,v 1.6 2014/10/28 07:35:58 jsg Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -62,7 +62,7 @@ void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output, long length, DES_key_schedule *schedule, DES_cblock *ivec, int enc) { - register DES_LONG sin0,sin1,xor0,xor1,tout0,tout1; + DES_LONG sin0,sin1,xor0,xor1,tout0,tout1; DES_LONG tin[2]; const unsigned char *in; unsigned char *out,*iv; diff --git a/src/lib/libcrypto/des/qud_cksm.c b/src/lib/libcrypto/des/qud_cksm.c index dac201227e0..e2409d8ba49 100644 --- a/src/lib/libcrypto/des/qud_cksm.c +++ b/src/lib/libcrypto/des/qud_cksm.c @@ -1,4 +1,4 @@ -/* crypto/des/qud_cksm.c */ +/* $OpenBSD: qud_cksm.c,v 1.7 2014/06/12 15:49:28 deraadt Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -80,18 +80,10 @@ DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[], int i; long l; const unsigned char *cp; -#ifdef _CRAY - struct lp_st { int a:32; int b:32; } *lp; -#else DES_LONG *lp; -#endif if (out_count < 1) out_count=1; -#ifdef _CRAY - lp = (struct lp_st *) &(output[0])[0]; -#else lp = (DES_LONG *) &(output[0])[0]; -#endif z0=Q_B0((*seed)[0])|Q_B1((*seed)[1])|Q_B2((*seed)[2])|Q_B3((*seed)[3]); z1=Q_B0((*seed)[4])|Q_B1((*seed)[5])|Q_B2((*seed)[6])|Q_B3((*seed)[7]); @@ -124,14 +116,8 @@ DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[], { /* The MIT library assumes that the checksum is * composed of 2*out_count 32 bit ints */ -#ifdef _CRAY - (*lp).a = z0; - (*lp).b = z1; - lp++; -#else *lp++ = z0; *lp++ = z1; -#endif } } return(z0); diff --git a/src/lib/libcrypto/des/rand_key.c b/src/lib/libcrypto/des/rand_key.c index 23981655685..7abb811df4e 100644 --- a/src/lib/libcrypto/des/rand_key.c +++ b/src/lib/libcrypto/des/rand_key.c @@ -1,4 +1,4 @@ -/* crypto/des/rand_key.c */ +/* $OpenBSD: rand_key.c,v 1.8 2014/10/22 13:02:04 jsing Exp $ */ /* ==================================================================== * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. * @@ -53,16 +53,16 @@ * */ +#include + #include -#include -int DES_random_key(DES_cblock *ret) - { - do - { - if (RAND_bytes((unsigned char *)ret, sizeof(DES_cblock)) != 1) - return (0); - } while (DES_is_weak_key(ret)); - DES_set_odd_parity(ret); +int +DES_random_key(DES_cblock *ret) +{ + do { + arc4random_buf(ret, sizeof(DES_cblock)); + DES_set_odd_parity(ret); + } while (DES_is_weak_key(ret)); return (1); - } +} diff --git a/src/lib/libcrypto/des/read2pwd.c b/src/lib/libcrypto/des/read2pwd.c deleted file mode 100644 index b4720c3a981..00000000000 --- a/src/lib/libcrypto/des/read2pwd.c +++ /dev/null @@ -1,139 +0,0 @@ -/* crypto/des/read2pwd.c */ -/* ==================================================================== - * Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include - -int DES_read_password(DES_cblock *key, const char *prompt, int verify) - { - int ok; - char buf[BUFSIZ],buff[BUFSIZ]; - - if ((ok=UI_UTIL_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0) - DES_string_to_key(buf,key); - memset(buf,0,BUFSIZ); - memset(buff,0,BUFSIZ); - return(ok); - } - -int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2, const char *prompt, - int verify) - { - int ok; - char buf[BUFSIZ],buff[BUFSIZ]; - - if ((ok=UI_UTIL_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0) - DES_string_to_2keys(buf,key1,key2); - memset(buf,0,BUFSIZ); - memset(buff,0,BUFSIZ); - return(ok); - } diff --git a/src/lib/libcrypto/des/read_pwd.c b/src/lib/libcrypto/des/read_pwd.c deleted file mode 100644 index 54e0e2e6b6c..00000000000 --- a/src/lib/libcrypto/des/read_pwd.c +++ /dev/null @@ -1,511 +0,0 @@ -/* crypto/des/read_pwd.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WIN32) -#ifdef OPENSSL_UNISTD -# include OPENSSL_UNISTD -#else -# include -#endif -/* If unistd.h defines _POSIX_VERSION, we conclude that we - * are on a POSIX system and have sigaction and termios. */ -#if defined(_POSIX_VERSION) - -# define SIGACTION -# if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY) -# define TERMIOS -# endif - -#endif -#endif - -/* #define SIGACTION */ /* Define this if you have sigaction() */ - -#ifdef WIN16TTY -#undef OPENSSL_SYS_WIN16 -#undef _WINDOWS -#include -#endif - -/* 06-Apr-92 Luke Brennan Support for VMS */ -#include "des_locl.h" -#include "cryptlib.h" -#include -#include -#include -#include -#include - -#ifdef OPENSSL_SYS_VMS /* prototypes for sys$whatever */ -#include -#ifdef __DECC -#pragma message disable DOLLARID -#endif -#endif - -#ifdef WIN_CONSOLE_BUG -#include -#include -#endif - - -/* There are 5 types of terminal interface supported, - * TERMIO, TERMIOS, VMS, MSDOS and SGTTY - */ - -#if defined(__sgi) && !defined(TERMIOS) -#define TERMIOS -#undef TERMIO -#undef SGTTY -#endif - -#if defined(linux) && !defined(TERMIO) -#undef TERMIOS -#define TERMIO -#undef SGTTY -#endif - -#ifdef _LIBC -#undef TERMIOS -#define TERMIO -#undef SGTTY -#endif - -#if !defined(TERMIO) && !defined(TERMIOS) && !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_MSDOS) && !defined(MAC_OS_pre_X) && !defined(MAC_OS_GUSI_SOURCE) -#undef TERMIOS -#undef TERMIO -#define SGTTY -#endif - -#if defined(OPENSSL_SYS_VSWORKS) -#undef TERMIOS -#undef TERMIO -#undef SGTTY -#endif - -#ifdef TERMIOS -#include -#define TTY_STRUCT struct termios -#define TTY_FLAGS c_lflag -#define TTY_get(tty,data) tcgetattr(tty,data) -#define TTY_set(tty,data) tcsetattr(tty,TCSANOW,data) -#endif - -#ifdef TERMIO -#include -#define TTY_STRUCT struct termio -#define TTY_FLAGS c_lflag -#define TTY_get(tty,data) ioctl(tty,TCGETA,data) -#define TTY_set(tty,data) ioctl(tty,TCSETA,data) -#endif - -#ifdef SGTTY -#include -#define TTY_STRUCT struct sgttyb -#define TTY_FLAGS sg_flags -#define TTY_get(tty,data) ioctl(tty,TIOCGETP,data) -#define TTY_set(tty,data) ioctl(tty,TIOCSETP,data) -#endif - -#if !defined(_LIBC) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) && !defined(MAC_OS_pre_X) -#include -#endif - -#if defined(OPENSSL_SYS_MSDOS) && !defined(__CYGWIN32__) -#include -#define fgets(a,b,c) noecho_fgets(a,b,c) -#endif - -#ifdef OPENSSL_SYS_VMS -#include -#include -#include -#include -struct IOSB { - short iosb$w_value; - short iosb$w_count; - long iosb$l_info; - }; -#endif - -#if defined(MAC_OS_pre_X) || defined(MAC_OS_GUSI_SOURCE) -/* - * This one needs work. As a matter of fact the code is unoperational - * and this is only a trick to get it compiled. - * - */ -#define TTY_STRUCT int -#endif - -#ifndef NX509_SIG -#define NX509_SIG 32 -#endif - -static void read_till_nl(FILE *); -static void recsig(int); -static void pushsig(void); -static void popsig(void); -#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN16) -static int noecho_fgets(char *buf, int size, FILE *tty); -#endif -#ifdef SIGACTION - static struct sigaction savsig[NX509_SIG]; -#else - static void (*savsig[NX509_SIG])(int ); -#endif -static jmp_buf save; - -int _ossl_old_des_read_pw_string(char *buf, int length, const char *prompt, - int verify) - { - char buff[BUFSIZ]; - int ret; - - ret=des_read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify); - memset(buff,0,BUFSIZ); - return(ret); - } - -#ifndef OPENSSL_SYS_WIN16 - -static void read_till_nl(FILE *in) - { -#define SIZE 4 - char buf[SIZE+1]; - - do { - fgets(buf,SIZE,in); - } while (strchr(buf,'\n') == NULL); - } - - -/* return 0 if ok, 1 (or -1) otherwise */ -int des_read_pw(char *buf, char *buff, int size, const char *prompt, - int verify) - { -#ifdef OPENSSL_SYS_VMS - struct IOSB iosb; - $DESCRIPTOR(terminal,"TT"); - long tty_orig[3], tty_new[3]; - long status; - unsigned short channel = 0; -#else -#ifndef OPENSSL_SYS_MSDOS - TTY_STRUCT tty_orig,tty_new; -#endif -#endif - int number; - int ok; - /* statics are simply to avoid warnings about longjmp clobbering - things */ - static int ps; - int is_a_tty; - static FILE *tty; - char *p; - - if (setjmp(save)) - { - ok=0; - goto error; - } - - number=5; - ok=0; - ps=0; - is_a_tty=1; - tty=NULL; - -#ifdef OPENSSL_SYS_MSDOS - if ((tty=fopen("con","r")) == NULL) - tty=stdin; -#elif defined(MAC_OS_pre_X) || defined(OPENSSL_SYS_VSWORKS) - tty=stdin; -#else -#ifndef OPENSSL_SYS_MPE - if ((tty=fopen("/dev/tty","r")) == NULL) -#endif - tty=stdin; -#endif - -#if defined(TTY_get) && !defined(OPENSSL_SYS_VMS) - if (TTY_get(fileno(tty),&tty_orig) == -1) - { -#ifdef ENOTTY - if (errno == ENOTTY) - is_a_tty=0; - else -#endif -#ifdef EINVAL - /* Ariel Glenn ariel@columbia.edu reports that solaris - * can return EINVAL instead. This should be ok */ - if (errno == EINVAL) - is_a_tty=0; - else -#endif - return(-1); - } - memcpy(&(tty_new),&(tty_orig),sizeof(tty_orig)); -#endif -#ifdef OPENSSL_SYS_VMS - status = sys$assign(&terminal,&channel,0,0); - if (status != SS$_NORMAL) - return(-1); - status=sys$qiow(0,channel,IO$_SENSEMODE,&iosb,0,0,tty_orig,12,0,0,0,0); - if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL)) - return(-1); -#endif - - pushsig(); - ps=1; - -#ifdef TTY_FLAGS - tty_new.TTY_FLAGS &= ~ECHO; -#endif - -#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS) - if (is_a_tty && (TTY_set(fileno(tty),&tty_new) == -1)) -#ifdef OPENSSL_SYS_MPE - ; /* MPE lies -- echo really has been disabled */ -#else - return(-1); -#endif -#endif -#ifdef OPENSSL_SYS_VMS - tty_new[0] = tty_orig[0]; - tty_new[1] = tty_orig[1] | TT$M_NOECHO; - tty_new[2] = tty_orig[2]; - status = sys$qiow(0,channel,IO$_SETMODE,&iosb,0,0,tty_new,12,0,0,0,0); - if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL)) - return(-1); -#endif - ps=2; - - while ((!ok) && (number--)) - { - fputs(prompt,stderr); - fflush(stderr); - - buf[0]='\0'; - fgets(buf,size,tty); - if (feof(tty)) goto error; - if (ferror(tty)) goto error; - if ((p=(char *)strchr(buf,'\n')) != NULL) - *p='\0'; - else read_till_nl(tty); - if (verify) - { - fprintf(stderr,"\nVerifying password - %s",prompt); - fflush(stderr); - buff[0]='\0'; - fgets(buff,size,tty); - if (feof(tty)) goto error; - if ((p=(char *)strchr(buff,'\n')) != NULL) - *p='\0'; - else read_till_nl(tty); - - if (strcmp(buf,buff) != 0) - { - fprintf(stderr,"\nVerify failure"); - fflush(stderr); - break; - /* continue; */ - } - } - ok=1; - } - -error: - fprintf(stderr,"\n"); -#if 0 - perror("fgets(tty)"); -#endif - /* What can we do if there is an error? */ -#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS) - if (ps >= 2) TTY_set(fileno(tty),&tty_orig); -#endif -#ifdef OPENSSL_SYS_VMS - if (ps >= 2) - status = sys$qiow(0,channel,IO$_SETMODE,&iosb,0,0 - ,tty_orig,12,0,0,0,0); -#endif - - if (ps >= 1) popsig(); - if (stdin != tty) fclose(tty); -#ifdef OPENSSL_SYS_VMS - status = sys$dassgn(channel); -#endif - return(!ok); - } - -#else /* OPENSSL_SYS_WIN16 */ - -int des_read_pw(char *buf, char *buff, int size, char *prompt, int verify) - { - memset(buf,0,size); - memset(buff,0,size); - return(0); - } - -#endif - -static void pushsig(void) - { - int i; -#ifdef SIGACTION - struct sigaction sa; - - memset(&sa,0,sizeof sa); - sa.sa_handler=recsig; -#endif - - for (i=1; ides_key,&ks); - enc=(desp->des_dir == ENCRYPT)?DES_ENCRYPT:DES_DECRYPT; - - if (desp->des_mode == CBC) - DES_ecb_encrypt((const_DES_cblock *)desp->UDES.UDES_buf, - (DES_cblock *)desp->UDES.UDES_buf,&ks, - enc); - else - { - DES_ncbc_encrypt(desp->UDES.UDES_buf,desp->UDES.UDES_buf, - len,&ks,&desp->des_ivec,enc); -#ifdef undef - /* len will always be %8 if called from common_crypt - * in secure_rpc. - * Libdes's cbc encrypt does not copy back the iv, - * so we have to do it here. */ - /* It does now :-) eay 20/09/95 */ - - a=(char *)&(desp->UDES.UDES_buf[len-8]); - b=(char *)&(desp->des_ivec[0]); - - *(a++)= *(b++); *(a++)= *(b++); - *(a++)= *(b++); *(a++)= *(b++); - *(a++)= *(b++); *(a++)= *(b++); - *(a++)= *(b++); *(a++)= *(b++); -#endif - } - return(1); - } - diff --git a/src/lib/libcrypto/des/rpw.c b/src/lib/libcrypto/des/rpw.c deleted file mode 100644 index 8a9473c4f90..00000000000 --- a/src/lib/libcrypto/des/rpw.c +++ /dev/null @@ -1,99 +0,0 @@ -/* crypto/des/rpw.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include - -int main(int argc, char *argv[]) - { - DES_cblock k,k1; - int i; - - printf("read passwd\n"); - if ((i=des_read_password(&k,"Enter password:",0)) == 0) - { - printf("password = "); - for (i=0; i<8; i++) - printf("%02x ",k[i]); - } - else - printf("error %d\n",i); - printf("\n"); - printf("read 2passwds and verify\n"); - if ((i=des_read_2passwords(&k,&k1, - "Enter verified password:",1)) == 0) - { - printf("password1 = "); - for (i=0; i<8; i++) - printf("%02x ",k[i]); - printf("\n"); - printf("password2 = "); - for (i=0; i<8; i++) - printf("%02x ",k1[i]); - printf("\n"); - exit(1); - } - else - { - printf("error %d\n",i); - exit(0); - } -#ifdef LINT - return(0); -#endif - } diff --git a/src/lib/libcrypto/des/set_key.c b/src/lib/libcrypto/des/set_key.c index 683916e71b0..7d2c6b43907 100644 --- a/src/lib/libcrypto/des/set_key.c +++ b/src/lib/libcrypto/des/set_key.c @@ -1,4 +1,4 @@ -/* crypto/des/set_key.c */ +/* $OpenBSD: set_key.c,v 1.20 2017/02/09 03:43:05 dtucker Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -63,9 +63,10 @@ * 1.1 added norm_expand_bits * 1.0 First working version */ +#include #include "des_locl.h" -OPENSSL_IMPLEMENT_GLOBAL(int,DES_check_key); /* defaults to false */ +int DES_check_key = 0; /* defaults to false */ static const unsigned char odd_parity[256]={ 1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14, @@ -87,7 +88,7 @@ static const unsigned char odd_parity[256]={ void DES_set_odd_parity(DES_cblock *key) { - int i; + unsigned int i; for (i=0; ikey,key,sizeof schedule->key); - schedule->session=NULL; -#endif k = &schedule->ks->deslong[0]; in = &(*key)[0]; diff --git a/src/lib/libcrypto/des/speed.c b/src/lib/libcrypto/des/speed.c deleted file mode 100644 index 48fc1d49fc2..00000000000 --- a/src/lib/libcrypto/des/speed.c +++ /dev/null @@ -1,310 +0,0 @@ -/* crypto/des/speed.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -/* 11-Sep-92 Andrew Daviel Support for Silicon Graphics IRIX added */ -/* 06-Apr-92 Luke Brennan Support for VMS and add extra signal calls */ - -#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX) -#define TIMES -#endif - -#include - -#include -#include OPENSSL_UNISTD_IO -OPENSSL_DECLARE_EXIT - -#include -#ifndef _IRIX -#include -#endif -#ifdef TIMES -#include -#include -#endif - -/* Depending on the VMS version, the tms structure is perhaps defined. - The __TMS macro will show if it was. If it wasn't defined, we should - undefine TIMES, since that tells the rest of the program how things - should be handled. -- Richard Levitte */ -#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS) -#undef TIMES -#endif - -#ifndef TIMES -#include -#endif - -#if defined(sun) || defined(__ultrix) -#define _POSIX_SOURCE -#include -#include -#endif - -#include - -/* The following if from times(3) man page. It may need to be changed */ -#ifndef HZ -# ifndef CLK_TCK -# ifndef _BSD_CLK_TCK_ /* FreeBSD fix */ -# define HZ 100.0 -# else /* _BSD_CLK_TCK_ */ -# define HZ ((double)_BSD_CLK_TCK_) -# endif -# else /* CLK_TCK */ -# define HZ ((double)CLK_TCK) -# endif -#endif - -#define BUFSIZE ((long)1024) -long run=0; - -double Time_F(int s); -#ifdef SIGALRM -#if defined(__STDC__) || defined(sgi) || defined(_AIX) -#define SIGRETTYPE void -#else -#define SIGRETTYPE int -#endif - -SIGRETTYPE sig_done(int sig); -SIGRETTYPE sig_done(int sig) - { - signal(SIGALRM,sig_done); - run=0; -#ifdef LINT - sig=sig; -#endif - } -#endif - -#define START 0 -#define STOP 1 - -double Time_F(int s) - { - double ret; -#ifdef TIMES - static struct tms tstart,tend; - - if (s == START) - { - times(&tstart); - return(0); - } - else - { - times(&tend); - ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ; - return((ret == 0.0)?1e-6:ret); - } -#else /* !times() */ - static struct timeb tstart,tend; - long i; - - if (s == START) - { - ftime(&tstart); - return(0); - } - else - { - ftime(&tend); - i=(long)tend.millitm-(long)tstart.millitm; - ret=((double)(tend.time-tstart.time))+((double)i)/1e3; - return((ret == 0.0)?1e-6:ret); - } -#endif - } - -int main(int argc, char **argv) - { - long count; - static unsigned char buf[BUFSIZE]; - static DES_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0}; - static DES_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12}; - static DES_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34}; - DES_key_schedule sch,sch2,sch3; - double a,b,c,d,e; -#ifndef SIGALRM - long ca,cb,cc,cd,ce; -#endif - -#ifndef TIMES - printf("To get the most accurate results, try to run this\n"); - printf("program when this computer is idle.\n"); -#endif - - DES_set_key_unchecked(&key2,&sch2); - DES_set_key_unchecked(&key3,&sch3); - -#ifndef SIGALRM - printf("First we calculate the approximate speed ...\n"); - DES_set_key_unchecked(&key,&sch); - count=10; - do { - long i; - DES_LONG data[2]; - - count*=2; - Time_F(START); - for (i=count; i; i--) - DES_encrypt1(data,&sch,DES_ENCRYPT); - d=Time_F(STOP); - } while (d < 3.0); - ca=count; - cb=count*3; - cc=count*3*8/BUFSIZE+1; - cd=count*8/BUFSIZE+1; - ce=count/20+1; - printf("Doing set_key %ld times\n",ca); -#define COND(d) (count != (d)) -#define COUNT(d) (d) -#else -#define COND(c) (run) -#define COUNT(d) (count) - signal(SIGALRM,sig_done); - printf("Doing set_key for 10 seconds\n"); - alarm(10); -#endif - - Time_F(START); - for (count=0,run=1; COND(ca); count++) - DES_set_key_unchecked(&key,&sch); - d=Time_F(STOP); - printf("%ld set_key's in %.2f seconds\n",count,d); - a=((double)COUNT(ca))/d; - -#ifdef SIGALRM - printf("Doing DES_encrypt's for 10 seconds\n"); - alarm(10); -#else - printf("Doing DES_encrypt %ld times\n",cb); -#endif - Time_F(START); - for (count=0,run=1; COND(cb); count++) - { - DES_LONG data[2]; - - DES_encrypt1(data,&sch,DES_ENCRYPT); - } - d=Time_F(STOP); - printf("%ld DES_encrypt's in %.2f second\n",count,d); - b=((double)COUNT(cb)*8)/d; - -#ifdef SIGALRM - printf("Doing DES_cbc_encrypt on %ld byte blocks for 10 seconds\n", - BUFSIZE); - alarm(10); -#else - printf("Doing DES_cbc_encrypt %ld times on %ld byte blocks\n",cc, - BUFSIZE); -#endif - Time_F(START); - for (count=0,run=1; COND(cc); count++) - DES_ncbc_encrypt(buf,buf,BUFSIZE,&sch, - &key,DES_ENCRYPT); - d=Time_F(STOP); - printf("%ld DES_cbc_encrypt's of %ld byte blocks in %.2f second\n", - count,BUFSIZE,d); - c=((double)COUNT(cc)*BUFSIZE)/d; - -#ifdef SIGALRM - printf("Doing DES_ede_cbc_encrypt on %ld byte blocks for 10 seconds\n", - BUFSIZE); - alarm(10); -#else - printf("Doing DES_ede_cbc_encrypt %ld times on %ld byte blocks\n",cd, - BUFSIZE); -#endif - Time_F(START); - for (count=0,run=1; COND(cd); count++) - DES_ede3_cbc_encrypt(buf,buf,BUFSIZE, - &sch, - &sch2, - &sch3, - &key, - DES_ENCRYPT); - d=Time_F(STOP); - printf("%ld DES_ede_cbc_encrypt's of %ld byte blocks in %.2f second\n", - count,BUFSIZE,d); - d=((double)COUNT(cd)*BUFSIZE)/d; - -#ifdef SIGALRM - printf("Doing crypt for 10 seconds\n"); - alarm(10); -#else - printf("Doing crypt %ld times\n",ce); -#endif - Time_F(START); - for (count=0,run=1; COND(ce); count++) - crypt("testing1","ef"); - e=Time_F(STOP); - printf("%ld crypts in %.2f second\n",count,e); - e=((double)COUNT(ce))/e; - - printf("set_key per sec = %12.2f (%9.3fuS)\n",a,1.0e6/a); - printf("DES raw ecb bytes per sec = %12.2f (%9.3fuS)\n",b,8.0e6/b); - printf("DES cbc bytes per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c); - printf("DES ede cbc bytes per sec = %12.2f (%9.3fuS)\n",d,8.0e6/d); - printf("crypt per sec = %12.2f (%9.3fuS)\n",e,1.0e6/e); - exit(0); -#if defined(LINT) || defined(OPENSSL_SYS_MSDOS) - return(0); -#endif - } diff --git a/src/lib/libcrypto/des/spr.h b/src/lib/libcrypto/des/spr.h index b91936a5a53..5e717065fb0 100644 --- a/src/lib/libcrypto/des/spr.h +++ b/src/lib/libcrypto/des/spr.h @@ -1,4 +1,4 @@ -/* crypto/des/spr.h */ +/* $OpenBSD: spr.h,v 1.6 2016/12/21 15:49:29 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -56,7 +56,9 @@ * [including the GNU Public Licence.] */ -OPENSSL_GLOBAL const DES_LONG DES_SPtrans[8][64]={ +__BEGIN_HIDDEN_DECLS + +const DES_LONG DES_SPtrans[8][64]={ { /* nibble 0 */ 0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L, @@ -202,3 +204,5 @@ OPENSSL_GLOBAL const DES_LONG DES_SPtrans[8][64]={ 0x00000080L, 0x20820000L, 0x00820080L, 0x00000000L, 0x20000000L, 0x20800080L, 0x00020000L, 0x00820080L, }}; + +__END_HIDDEN_DECLS diff --git a/src/lib/libcrypto/des/str2key.c b/src/lib/libcrypto/des/str2key.c index 36c3f81d993..ce17e2659b3 100644 --- a/src/lib/libcrypto/des/str2key.c +++ b/src/lib/libcrypto/des/str2key.c @@ -1,4 +1,4 @@ -/* crypto/des/str2key.c */ +/* $OpenBSD: str2key.c,v 1.10 2015/09/10 15:56:25 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -56,13 +56,14 @@ * [including the GNU Public Licence.] */ +#include #include "des_locl.h" void DES_string_to_key(const char *str, DES_cblock *key) { DES_key_schedule ks; int i,length; - register unsigned char j; + unsigned char j; memset(key,0,8); length=strlen(str); @@ -94,7 +95,7 @@ void DES_string_to_key(const char *str, DES_cblock *key) DES_set_key_unchecked(key,&ks); #endif DES_cbc_cksum((const unsigned char*)str,key,length,&ks,key); - memset(&ks,0,sizeof(ks)); + explicit_bzero(&ks,sizeof(ks)); DES_set_odd_parity(key); } @@ -102,7 +103,7 @@ void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2) { DES_key_schedule ks; int i,length; - register unsigned char j; + unsigned char j; memset(key1,0,8); memset(key2,0,8); @@ -167,7 +168,7 @@ void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2) DES_set_key_unchecked(key2,&ks); #endif DES_cbc_cksum((const unsigned char*)str,key2,length,&ks,key2); - memset(&ks,0,sizeof(ks)); + explicit_bzero(&ks,sizeof(ks)); DES_set_odd_parity(key1); DES_set_odd_parity(key2); } diff --git a/src/lib/libcrypto/des/t/test b/src/lib/libcrypto/des/t/test deleted file mode 100644 index 97acd0552e4..00000000000 --- a/src/lib/libcrypto/des/t/test +++ /dev/null @@ -1,27 +0,0 @@ -#!./perl - -BEGIN { push(@INC, qw(../../../lib ../../lib ../lib lib)); } - -use DES; - -$key='00000000'; -$ks=DES::set_key($key); -@a=split(//,$ks); -foreach (@a) { printf "%02x-",ord($_); } -print "\n"; - - -$key=DES::random_key(); -print "($_)\n"; -@a=split(//,$key); -foreach (@a) { printf "%02x-",ord($_); } -print "\n"; -$str="this is and again into the breach"; -($k1,$k2)=DES::string_to_2keys($str); -@a=split(//,$k1); -foreach (@a) { printf "%02x-",ord($_); } -print "\n"; -@a=split(//,$k2); -foreach (@a) { printf "%02x-",ord($_); } -print "\n"; - diff --git a/src/lib/libcrypto/des/times/486-50.sol b/src/lib/libcrypto/des/times/486-50.sol deleted file mode 100644 index 0de62d6db31..00000000000 --- a/src/lib/libcrypto/des/times/486-50.sol +++ /dev/null @@ -1,16 +0,0 @@ -Solaris 2.4, 486 50mhz, gcc 2.6.3 -options des ecb/s -16 r2 i 43552.51 100.0% -16 r1 i 43487.45 99.9% -16 c p 43003.23 98.7% -16 r2 p 42339.00 97.2% -16 c i 41900.91 96.2% -16 r1 p 41360.64 95.0% - 4 c i 38728.48 88.9% - 4 c p 38225.63 87.8% - 4 r1 i 38085.79 87.4% - 4 r2 i 37825.64 86.9% - 4 r2 p 34611.00 79.5% - 4 r1 p 31802.00 73.0% --DDES_UNROLL -DDES_RISC2 - diff --git a/src/lib/libcrypto/des/times/586-100.lnx b/src/lib/libcrypto/des/times/586-100.lnx deleted file mode 100644 index 4323914a11b..00000000000 --- a/src/lib/libcrypto/des/times/586-100.lnx +++ /dev/null @@ -1,20 +0,0 @@ -Pentium 100 -Linux 2 kernel -gcc 2.7.0 -O3 -fomit-frame-pointer -No X server running, just a console, it makes the top speed jump from 151,000 -to 158,000 :-). -options des ecb/s -assember 281000.00 177.1% -16 r1 p 158667.40 100.0% -16 r1 i 148471.70 93.6% -16 r2 p 143961.80 90.7% -16 r2 i 141689.20 89.3% - 4 r1 i 140100.00 88.3% - 4 r2 i 134049.40 84.5% -16 c i 124145.20 78.2% -16 c p 121584.20 76.6% - 4 c i 118116.00 74.4% - 4 r2 p 117977.90 74.4% - 4 c p 114971.40 72.5% - 4 r1 p 114578.40 72.2% --DDES_UNROLL -DDES_RISC1 -DDES_PTR diff --git a/src/lib/libcrypto/des/times/686-200.fre b/src/lib/libcrypto/des/times/686-200.fre deleted file mode 100644 index 7d83f6adee1..00000000000 --- a/src/lib/libcrypto/des/times/686-200.fre +++ /dev/null @@ -1,18 +0,0 @@ -Pentium 100 -Free BSD 2.1.5 kernel -gcc 2.7.2.2 -O3 -fomit-frame-pointer -options des ecb/s -assember 578000.00 133.1% -16 r2 i 434454.80 100.0% -16 r1 i 433621.43 99.8% -16 r2 p 431375.69 99.3% - 4 r1 i 423722.30 97.5% - 4 r2 i 422399.40 97.2% -16 r1 p 421739.40 97.1% -16 c i 399027.94 91.8% -16 c p 372251.70 85.7% - 4 c i 365118.35 84.0% - 4 c p 352880.51 81.2% - 4 r2 p 255104.90 58.7% - 4 r1 p 251289.18 57.8% --DDES_UNROLL -DDES_RISC2 diff --git a/src/lib/libcrypto/des/times/aix.cc b/src/lib/libcrypto/des/times/aix.cc deleted file mode 100644 index d96b74e2ced..00000000000 --- a/src/lib/libcrypto/des/times/aix.cc +++ /dev/null @@ -1,26 +0,0 @@ -From: Paco Garcia - -This machine is a Bull Estrella Minitower Model MT604-100 -Processor : PPC604 -P.Speed : 100Mhz -Data/Instr Cache : 16 K -L2 Cache : 256 K -PCI BUS Speed : 33 Mhz -TransfRate PCI : 132 MB/s -Memory : 96 MB - -options des ecb/s - 4 c p 275118.61 100.0% - 4 c i 273545.07 99.4% - 4 r2 p 270441.02 98.3% - 4 r1 p 253052.15 92.0% - 4 r2 i 240842.97 87.5% - 4 r1 i 240556.66 87.4% -16 c i 224603.99 81.6% -16 c p 224483.98 81.6% -16 r2 p 215691.19 78.4% -16 r1 p 208332.83 75.7% -16 r1 i 199206.50 72.4% -16 r2 i 198963.70 72.3% --DDES_PTR - diff --git a/src/lib/libcrypto/des/times/alpha.cc b/src/lib/libcrypto/des/times/alpha.cc deleted file mode 100644 index 95c17efae7e..00000000000 --- a/src/lib/libcrypto/des/times/alpha.cc +++ /dev/null @@ -1,18 +0,0 @@ -cc -O2 -DES_LONG is 'unsigned int' - -options des ecb/s - 4 r2 p 181146.14 100.0% -16 r2 p 172102.94 95.0% - 4 r2 i 165424.11 91.3% -16 c p 160468.64 88.6% - 4 c p 156653.59 86.5% - 4 c i 155245.18 85.7% - 4 r1 p 154729.68 85.4% -16 r2 i 154137.69 85.1% -16 r1 p 152357.96 84.1% -16 c i 148743.91 82.1% - 4 r1 i 146695.59 81.0% -16 r1 i 144961.00 80.0% --DDES_RISC2 -DDES_PTR - diff --git a/src/lib/libcrypto/des/times/hpux.cc b/src/lib/libcrypto/des/times/hpux.cc deleted file mode 100644 index 3de856ddac5..00000000000 --- a/src/lib/libcrypto/des/times/hpux.cc +++ /dev/null @@ -1,17 +0,0 @@ -HPUX 10 - 9000/887 - cc -D_HPUX_SOURCE -Aa +ESlit +O2 -Wl,-a,archive - -options des ecb/s -16 c i 149448.90 100.0% - 4 c i 145861.79 97.6% -16 r2 i 141710.96 94.8% -16 r1 i 139455.33 93.3% - 4 r2 i 138800.00 92.9% - 4 r1 i 136692.65 91.5% -16 r2 p 110228.17 73.8% -16 r1 p 109397.07 73.2% -16 c p 109209.89 73.1% - 4 c p 108014.71 72.3% - 4 r2 p 107873.88 72.2% - 4 r1 p 107685.83 72.1% --DDES_UNROLL - diff --git a/src/lib/libcrypto/des/times/sparc.gcc b/src/lib/libcrypto/des/times/sparc.gcc deleted file mode 100644 index 8eaa0421040..00000000000 --- a/src/lib/libcrypto/des/times/sparc.gcc +++ /dev/null @@ -1,17 +0,0 @@ -solaris 2.5.1 - sparc 10 50mhz - gcc 2.7.2 - -options des ecb/s -16 c i 124382.70 100.0% - 4 c i 118884.68 95.6% -16 c p 112261.20 90.3% -16 r2 i 111777.10 89.9% -16 r2 p 108896.30 87.5% -16 r1 p 108791.59 87.5% - 4 c p 107290.10 86.3% - 4 r1 p 104583.80 84.1% -16 r1 i 104206.20 83.8% - 4 r2 p 103709.80 83.4% - 4 r2 i 98306.43 79.0% - 4 r1 i 91525.80 73.6% --DDES_UNROLL - diff --git a/src/lib/libcrypto/des/times/usparc.cc b/src/lib/libcrypto/des/times/usparc.cc deleted file mode 100644 index f6ec8e8831d..00000000000 --- a/src/lib/libcrypto/des/times/usparc.cc +++ /dev/null @@ -1,31 +0,0 @@ -solaris 2.5.1 usparc 167mhz?? - SC4.0 cc -fast -Xa -xO5 - -For the ultra sparc, SunC 4.0 cc -fast -Xa -xO5, running 'des_opts' -gives a speed of 475,000 des/s while 'speed' gives 417,000 des/s. -I belive the difference is tied up in optimisation that the compiler -is able to perform when the code is 'inlined'. For 'speed', the DES -routines are being linked from a library. I'll record the higher -speed since if performance is everything, you can always inline -'des_enc.c'. - -[ 16-Jan-06 - I've been playing with the - '-xtarget=ultra -xarch=v8plus -Xa -xO5 -Xa' - and while it makes the des_opts numbers much slower, it makes the - actual 'speed' numbers look better which is a realistic version of - using the libraries. ] - -options des ecb/s -16 r1 p 475516.90 100.0% -16 r2 p 439388.10 92.4% -16 c i 427001.40 89.8% -16 c p 419516.50 88.2% - 4 r2 p 409491.70 86.1% - 4 r1 p 404266.90 85.0% - 4 c p 398121.00 83.7% - 4 c i 370588.40 77.9% - 4 r1 i 362742.20 76.3% -16 r2 i 331275.50 69.7% -16 r1 i 324730.60 68.3% - 4 r2 i 63535.10 13.4% <-- very very weird, must be cache problems. --DDES_UNROLL -DDES_RISC1 -DDES_PTR - diff --git a/src/lib/libcrypto/des/typemap b/src/lib/libcrypto/des/typemap deleted file mode 100644 index a524f53634e..00000000000 --- a/src/lib/libcrypto/des/typemap +++ /dev/null @@ -1,34 +0,0 @@ -# -# DES SECTION -# -deschar * T_DESCHARP -des_cblock * T_CBLOCK -des_cblock T_CBLOCK -des_key_schedule T_SCHEDULE -des_key_schedule * T_SCHEDULE - -INPUT -T_CBLOCK - $var=(des_cblock *)SvPV($arg,len); - if (len < DES_KEY_SZ) - { - croak(\"$var needs to be at least %u bytes long\",DES_KEY_SZ); - } - -T_SCHEDULE - $var=(des_key_schedule *)SvPV($arg,len); - if (len < DES_SCHEDULE_SZ) - { - croak(\"$var needs to be at least %u bytes long\", - DES_SCHEDULE_SZ); - } - -OUTPUT -T_CBLOCK - sv_setpvn($arg,(char *)$var,DES_KEY_SZ); - -T_SCHEDULE - sv_setpvn($arg,(char *)$var,DES_SCHEDULE_SZ); - -T_DESCHARP - sv_setpvn($arg,(char *)$var,len); diff --git a/src/lib/libcrypto/des/xcbc_enc.c b/src/lib/libcrypto/des/xcbc_enc.c index 47246eb4664..4f7a0701039 100644 --- a/src/lib/libcrypto/des/xcbc_enc.c +++ b/src/lib/libcrypto/des/xcbc_enc.c @@ -1,4 +1,4 @@ -/* crypto/des/xcbc_enc.c */ +/* $OpenBSD: xcbc_enc.c,v 1.9 2015/02/07 13:19:15 doug Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -60,63 +60,16 @@ /* RSA's DESX */ -static unsigned char desx_white_in2out[256]={ -0xBD,0x56,0xEA,0xF2,0xA2,0xF1,0xAC,0x2A,0xB0,0x93,0xD1,0x9C,0x1B,0x33,0xFD,0xD0, -0x30,0x04,0xB6,0xDC,0x7D,0xDF,0x32,0x4B,0xF7,0xCB,0x45,0x9B,0x31,0xBB,0x21,0x5A, -0x41,0x9F,0xE1,0xD9,0x4A,0x4D,0x9E,0xDA,0xA0,0x68,0x2C,0xC3,0x27,0x5F,0x80,0x36, -0x3E,0xEE,0xFB,0x95,0x1A,0xFE,0xCE,0xA8,0x34,0xA9,0x13,0xF0,0xA6,0x3F,0xD8,0x0C, -0x78,0x24,0xAF,0x23,0x52,0xC1,0x67,0x17,0xF5,0x66,0x90,0xE7,0xE8,0x07,0xB8,0x60, -0x48,0xE6,0x1E,0x53,0xF3,0x92,0xA4,0x72,0x8C,0x08,0x15,0x6E,0x86,0x00,0x84,0xFA, -0xF4,0x7F,0x8A,0x42,0x19,0xF6,0xDB,0xCD,0x14,0x8D,0x50,0x12,0xBA,0x3C,0x06,0x4E, -0xEC,0xB3,0x35,0x11,0xA1,0x88,0x8E,0x2B,0x94,0x99,0xB7,0x71,0x74,0xD3,0xE4,0xBF, -0x3A,0xDE,0x96,0x0E,0xBC,0x0A,0xED,0x77,0xFC,0x37,0x6B,0x03,0x79,0x89,0x62,0xC6, -0xD7,0xC0,0xD2,0x7C,0x6A,0x8B,0x22,0xA3,0x5B,0x05,0x5D,0x02,0x75,0xD5,0x61,0xE3, -0x18,0x8F,0x55,0x51,0xAD,0x1F,0x0B,0x5E,0x85,0xE5,0xC2,0x57,0x63,0xCA,0x3D,0x6C, -0xB4,0xC5,0xCC,0x70,0xB2,0x91,0x59,0x0D,0x47,0x20,0xC8,0x4F,0x58,0xE0,0x01,0xE2, -0x16,0x38,0xC4,0x6F,0x3B,0x0F,0x65,0x46,0xBE,0x7E,0x2D,0x7B,0x82,0xF9,0x40,0xB5, -0x1D,0x73,0xF8,0xEB,0x26,0xC7,0x87,0x97,0x25,0x54,0xB1,0x28,0xAA,0x98,0x9D,0xA5, -0x64,0x6D,0x7A,0xD4,0x10,0x81,0x44,0xEF,0x49,0xD6,0xAE,0x2E,0xDD,0x76,0x5C,0x2F, -0xA7,0x1C,0xC9,0x09,0x69,0x9A,0x83,0xCF,0x29,0x39,0xB9,0xE9,0x4C,0xFF,0x43,0xAB, - }; - -void DES_xwhite_in2out(const_DES_cblock *des_key, const_DES_cblock *in_white, - DES_cblock *out_white) - { - int out0,out1; - int i; - const unsigned char *key = &(*des_key)[0]; - const unsigned char *in = &(*in_white)[0]; - unsigned char *out = &(*out_white)[0]; - - out[0]=out[1]=out[2]=out[3]=out[4]=out[5]=out[6]=out[7]=0; - out0=out1=0; - for (i=0; i<8; i++) - { - out[i]=key[i]^desx_white_in2out[out0^out1]; - out0=out1; - out1=(int)out[i&0x07]; - } - - out0=out[0]; - out1=out[i]; - for (i=0; i<8; i++) - { - out[i]=in[i]^desx_white_in2out[out0^out1]; - out0=out1; - out1=(int)out[i&0x07]; - } - } - void DES_xcbc_encrypt(const unsigned char *in, unsigned char *out, long length, DES_key_schedule *schedule, DES_cblock *ivec, const_DES_cblock *inw, const_DES_cblock *outw, int enc) { - register DES_LONG tin0,tin1; - register DES_LONG tout0,tout1,xor0,xor1; - register DES_LONG inW0,inW1,outW0,outW1; - register const unsigned char *in2; - register long l=length; + DES_LONG tin0,tin1; + DES_LONG tout0,tout1,xor0,xor1; + DES_LONG inW0,inW1,outW0,outW1; + const unsigned char *in2; + long l=length; DES_LONG tin[2]; unsigned char *iv; diff --git a/src/lib/libcrypto/dh/Makefile.ssl b/src/lib/libcrypto/dh/Makefile.ssl deleted file mode 100644 index a38a3e85c48..00000000000 --- a/src/lib/libcrypto/dh/Makefile.ssl +++ /dev/null @@ -1,136 +0,0 @@ -# -# SSLeay/crypto/dh/Makefile -# - -DIR= dh -TOP= ../.. -CC= cc -INCLUDES= -I.. -I$(TOP) -I../../include -CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKE= make -f Makefile.ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) -MAKEFILE= Makefile.ssl -AR= ar r - -CFLAGS= $(INCLUDES) $(CFLAG) - -GENERAL=Makefile -TEST= dhtest.c -APPS= - -LIB=$(TOP)/libcrypto.a -LIBSRC= dh_asn1.c dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c -LIBOBJ= dh_asn1.o dh_gen.o dh_key.o dh_lib.o dh_check.o dh_err.o - -SRC= $(LIBSRC) - -EXHEADER= dh.h -HEADER= $(EXHEADER) - -ALL= $(GENERAL) $(SRC) $(HEADER) - -top: - (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) - -all: lib - -lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) || echo Never mind. - @touch lib - -files: - $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO - -links: - @sh $(TOP)/util/point.sh Makefile.ssl Makefile - @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) - @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) - @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) - -install: - @for i in $(EXHEADER) ; \ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; - -tags: - ctags $(SRC) - -tests: - -lint: - lint -DLINT $(INCLUDES) $(SRC)>fluff - -depend: - $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) - -dclean: - $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new - mv -f Makefile.new $(MAKEFILE) - -clean: - rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff - -# DO NOT DELETE THIS LINE -- make depend depends on it. - -dh_asn1.o: ../../e_os.h ../../include/openssl/asn1.h -dh_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -dh_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -dh_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -dh_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -dh_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -dh_asn1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -dh_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -dh_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -dh_asn1.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_asn1.c -dh_check.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h -dh_check.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -dh_check.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h -dh_check.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -dh_check.o: ../../include/openssl/opensslconf.h -dh_check.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -dh_check.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -dh_check.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_check.c -dh_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -dh_err.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -dh_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -dh_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -dh_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -dh_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -dh_err.o: ../../include/openssl/symhacks.h dh_err.c -dh_gen.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h -dh_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -dh_gen.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h -dh_gen.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -dh_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -dh_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -dh_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -dh_gen.o: ../cryptlib.h dh_gen.c -dh_key.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -dh_key.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -dh_key.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -dh_key.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -dh_key.o: ../../include/openssl/engine.h ../../include/openssl/err.h -dh_key.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -dh_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -dh_key.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -dh_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -dh_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -dh_key.o: ../cryptlib.h dh_key.c -dh_lib.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -dh_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -dh_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -dh_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -dh_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h -dh_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -dh_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -dh_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -dh_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -dh_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -dh_lib.o: ../cryptlib.h dh_lib.c diff --git a/src/lib/libcrypto/dh/dh.h b/src/lib/libcrypto/dh/dh.h index d51dc130f44..082b50254d6 100644 --- a/src/lib/libcrypto/dh/dh.h +++ b/src/lib/libcrypto/dh/dh.h @@ -1,4 +1,4 @@ -/* crypto/dh/dh.h */ +/* $OpenBSD: dh.h,v 1.25 2018/02/22 16:41:04 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -59,6 +59,8 @@ #ifndef HEADER_DH_H #define HEADER_DH_H +#include + #ifdef OPENSSL_NO_DH #error DH is disabled. #endif @@ -66,19 +68,42 @@ #ifndef OPENSSL_NO_BIO #include #endif -#include -#include #include +#ifndef OPENSSL_NO_DEPRECATED +#include +#endif -#define DH_FLAG_CACHE_MONT_P 0x01 +#ifndef OPENSSL_DH_MAX_MODULUS_BITS +# define OPENSSL_DH_MAX_MODULUS_BITS 10000 +#endif + +#define DH_FLAG_CACHE_MONT_P 0x01 + +/* If this flag is set the DH method is FIPS compliant and can be used + * in FIPS mode. This is set in the validated module method. If an + * application sets this flag in its own methods it is its reposibility + * to ensure the result is compliant. + */ + +#define DH_FLAG_FIPS_METHOD 0x0400 + +/* If this flag is set the operations normally disabled in FIPS mode are + * permitted it is then the applications responsibility to ensure that the + * usage is compliant. + */ + +#define DH_FLAG_NON_FIPS_ALLOW 0x0400 #ifdef __cplusplus extern "C" { #endif -typedef struct dh_st DH; +/* Already defined in ossl_typ.h */ +/* typedef struct dh_st DH; */ +/* typedef struct dh_method DH_METHOD; */ -typedef struct dh_method { +struct dh_method + { const char *name; /* Methods here */ int (*generate_key)(DH *dh); @@ -91,7 +116,9 @@ typedef struct dh_method { int (*finish)(DH *dh); int flags; char *app_data; -} DH_METHOD; + /* If this is non-NULL, it will be used to generate parameters */ + int (*generate_params)(DH *dh, int prime_len, int generator, BN_GENCB *cb); + }; struct dh_st { @@ -101,12 +128,12 @@ struct dh_st int version; BIGNUM *p; BIGNUM *g; - int length; /* optional */ + long length; /* optional */ BIGNUM *pub_key; /* g^x */ BIGNUM *priv_key; /* x */ int flags; - char *method_mont_p; + BN_MONT_CTX *method_mont_p; /* Place holders if we want to do X9.42 DH */ BIGNUM *q; BIGNUM *j; @@ -130,25 +157,20 @@ struct dh_st #define DH_UNABLE_TO_CHECK_GENERATOR 0x04 #define DH_NOT_SUITABLE_GENERATOR 0x08 +/* DH_check_pub_key error codes */ +#define DH_CHECK_PUBKEY_TOO_SMALL 0x01 +#define DH_CHECK_PUBKEY_TOO_LARGE 0x02 + /* primes p where (p-1)/2 is prime too are called "safe"; we define this for backward compatibility: */ #define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME -#define DHparams_dup(x) (DH *)ASN1_dup((int (*)())i2d_DHparams, \ - (char *(*)())d2i_DHparams,(char *)(x)) -#define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \ - (char *(*)())d2i_DHparams,(fp),(unsigned char **)(x)) -#define i2d_DHparams_fp(fp,x) ASN1_i2d_fp(i2d_DHparams,(fp), \ - (unsigned char *)(x)) -#define d2i_DHparams_bio(bp,x) (DH *)ASN1_d2i_bio((char *(*)())DH_new, \ - (char *(*)())d2i_DHparams,(bp),(unsigned char **)(x)) -#ifdef __cplusplus -#define i2d_DHparams_bio(bp,x) ASN1_i2d_bio((int (*)())i2d_DHparams,(bp), \ - (unsigned char *)(x)) -#else -#define i2d_DHparams_bio(bp,x) ASN1_i2d_bio(i2d_DHparams,(bp), \ - (unsigned char *)(x)) -#endif +DH *d2i_DHparams_bio(BIO *bp, DH **a); +int i2d_DHparams_bio(BIO *bp, DH *a); +DH *d2i_DHparams_fp(FILE *fp, DH **a); +int i2d_DHparams_fp(FILE *fp, DH *a); + +DH *DHparams_dup(DH *); const DH_METHOD *DH_OpenSSL(void); @@ -161,26 +183,57 @@ DH * DH_new(void); void DH_free(DH *dh); int DH_up_ref(DH *dh); int DH_size(const DH *dh); +int DH_bits(const DH *dh); int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); int DH_set_ex_data(DH *d, int idx, void *arg); void *DH_get_ex_data(DH *d, int idx); + +ENGINE *DH_get0_engine(DH *d); +void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, + const BIGNUM **g); +int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); +void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key); +int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key); +void DH_clear_flags(DH *dh, int flags); +int DH_test_flags(const DH *dh, int flags); +void DH_set_flags(DH *dh, int flags); +int DH_set_length(DH *dh, long length); + +/* Deprecated version */ +#ifndef OPENSSL_NO_DEPRECATED DH * DH_generate_parameters(int prime_len,int generator, void (*callback)(int,int,void *),void *cb_arg); +#endif /* !defined(OPENSSL_NO_DEPRECATED) */ + +/* New version */ +int DH_generate_parameters_ex(DH *dh, int prime_len,int generator, BN_GENCB *cb); + int DH_check(const DH *dh,int *codes); +int DH_check_pub_key(const DH *dh,const BIGNUM *pub_key, int *codes); int DH_generate_key(DH *dh); int DH_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh); DH * d2i_DHparams(DH **a,const unsigned char **pp, long length); int i2d_DHparams(const DH *a,unsigned char **pp); -#ifndef OPENSSL_NO_FP_API int DHparams_print_fp(FILE *fp, const DH *x); -#endif #ifndef OPENSSL_NO_BIO int DHparams_print(BIO *bp, const DH *x); #else int DHparams_print(char *bp, const DH *x); #endif +#define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, len, NULL) + +#define EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, gen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, gen, NULL) + +#define EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN (EVP_PKEY_ALG_CTRL + 1) +#define EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR (EVP_PKEY_ALG_CTRL + 2) + + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. @@ -190,16 +243,37 @@ void ERR_load_DH_strings(void); /* Error codes for the DH functions. */ /* Function codes. */ -#define DH_F_DHPARAMS_PRINT 100 +#define DH_F_COMPUTE_KEY 102 #define DH_F_DHPARAMS_PRINT_FP 101 -#define DH_F_DH_COMPUTE_KEY 102 -#define DH_F_DH_GENERATE_KEY 103 -#define DH_F_DH_GENERATE_PARAMETERS 104 +#define DH_F_DH_BUILTIN_GENPARAMS 106 +#define DH_F_DH_COMPUTE_KEY 114 +#define DH_F_DH_GENERATE_KEY 115 +#define DH_F_DH_GENERATE_PARAMETERS_EX 116 #define DH_F_DH_NEW_METHOD 105 +#define DH_F_DH_PARAM_DECODE 107 +#define DH_F_DH_PRIV_DECODE 110 +#define DH_F_DH_PRIV_ENCODE 111 +#define DH_F_DH_PUB_DECODE 108 +#define DH_F_DH_PUB_ENCODE 109 +#define DH_F_DO_DH_PRINT 100 +#define DH_F_GENERATE_KEY 103 +#define DH_F_GENERATE_PARAMETERS 104 +#define DH_F_PKEY_DH_DERIVE 112 +#define DH_F_PKEY_DH_KEYGEN 113 /* Reason codes. */ #define DH_R_BAD_GENERATOR 101 +#define DH_R_BN_DECODE_ERROR 109 +#define DH_R_BN_ERROR 106 +#define DH_R_DECODE_ERROR 104 +#define DH_R_INVALID_PUBKEY 102 +#define DH_R_KEYS_NOT_SET 108 +#define DH_R_KEY_SIZE_TOO_SMALL 110 +#define DH_R_MODULUS_TOO_LARGE 103 +#define DH_R_NON_FIPS_METHOD 111 +#define DH_R_NO_PARAMETERS_SET 107 #define DH_R_NO_PRIVATE_VALUE 100 +#define DH_R_PARAMETER_ENCODING_ERROR 105 #ifdef __cplusplus } diff --git a/src/lib/libcrypto/dh/dh1024.pem b/src/lib/libcrypto/dh/dh1024.pem deleted file mode 100644 index 81d43f6a3ea..00000000000 --- a/src/lib/libcrypto/dh/dh1024.pem +++ /dev/null @@ -1,5 +0,0 @@ ------BEGIN DH PARAMETERS----- -MIGHAoGBAJf2QmHKtQXdKCjhPx1ottPb0PMTBH9A6FbaWMsTuKG/K3g6TG1Z1fkq -/Gz/PWk/eLI9TzFgqVAuPvr3q14a1aZeVUMTgo2oO5/y2UHe6VaJ+trqCTat3xlx -/mNbIK9HA2RgPC3gWfVLZQrY+gz3ASHHR5nXWHEyvpuZm7m3h+irAgEC ------END DH PARAMETERS----- diff --git a/src/lib/libcrypto/dh/dh192.pem b/src/lib/libcrypto/dh/dh192.pem deleted file mode 100644 index 521c07271d0..00000000000 --- a/src/lib/libcrypto/dh/dh192.pem +++ /dev/null @@ -1,3 +0,0 @@ ------BEGIN DH PARAMETERS----- -MB4CGQDUoLoCULb9LsYm5+/WN992xxbiLQlEuIsCAQM= ------END DH PARAMETERS----- diff --git a/src/lib/libcrypto/dh/dh2048.pem b/src/lib/libcrypto/dh/dh2048.pem deleted file mode 100644 index 295460f5081..00000000000 --- a/src/lib/libcrypto/dh/dh2048.pem +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN DH PARAMETERS----- -MIIBCAKCAQEA7ZKJNYJFVcs7+6J2WmkEYb8h86tT0s0h2v94GRFS8Q7B4lW9aG9o -AFO5Imov5Jo0H2XMWTKKvbHbSe3fpxJmw/0hBHAY8H/W91hRGXKCeyKpNBgdL8sh -z22SrkO2qCnHJ6PLAMXy5fsKpFmFor2tRfCzrfnggTXu2YOzzK7q62bmqVdmufEo -pT8igNcLpvZxk5uBDvhakObMym9mX3rAEBoe8PwttggMYiiw7NuJKO4MqD1llGkW -aVM8U2ATsCun1IKHrRxynkE1/MJ86VHeYYX8GZt2YA8z+GuzylIOKcMH6JAWzMwA -Gbatw6QwizOhr9iMjZ0B26TE3X8LvW84wwIBAg== ------END DH PARAMETERS----- ------BEGIN DH PARAMETERS----- -MIIBCAKCAQEArtA3w73zP6Lu3EOQtwogiXt3AXXpuS6yD4BhzNS1pZFyPHk0/an5 -8ydEkPhQZHKDW+BZJxxPLANaTudWo2YT8TgtvUdN6KSgMiEi6McwqDw+SADuvW+F -SKUYFxG6VFIxyEP6xBdf+vhJxEDbRG2EYsHDRRtJ76gp9cSKTHusf2R+4AAVGqnt -gRAbNqtcOar/7FSj+Pl8G3v0Bty0LcCSpbqgYlnv6z+rErQmmC6PPvSz97TDMCok -yKpCE9hFA1zkqK3TH4FmFvGeIaXJUIBZf4mArWuBTjWFW3nmhESRUn1VK3K3x42N -a5k6c2+EhrMFiLjxuH6JZoqL0/E93FF9SwIBAg== ------END DH PARAMETERS----- diff --git a/src/lib/libcrypto/dh/dh4096.pem b/src/lib/libcrypto/dh/dh4096.pem deleted file mode 100644 index 390943a21dc..00000000000 --- a/src/lib/libcrypto/dh/dh4096.pem +++ /dev/null @@ -1,14 +0,0 @@ ------BEGIN DH PARAMETERS----- -MIICCAKCAgEA/urRnb6vkPYc/KEGXWnbCIOaKitq7ySIq9dTH7s+Ri59zs77zty7 -vfVlSe6VFTBWgYjD2XKUFmtqq6CqXMhVX5ElUDoYDpAyTH85xqNFLzFC7nKrff/H -TFKNttp22cZE9V0IPpzedPfnQkE7aUdmF9JnDyv21Z/818O93u1B4r0szdnmEvEF -bKuIxEHX+bp0ZR7RqE1AeifXGJX3d6tsd2PMAObxwwsv55RGkn50vHO4QxtTARr1 -rRUV5j3B3oPMgC7Offxx+98Xn45B1/G0Prp11anDsR1PGwtaCYipqsvMwQUSJtyE -EOQWk+yFkeMe4vWv367eEi0Sd/wnC+TSXBE3pYvpYerJ8n1MceI5GQTdarJ77OW9 -bGTHmxRsLSCM1jpLdPja5jjb4siAa6EHc4qN9c/iFKS3PQPJEnX7pXKBRs5f7AF3 -W3RIGt+G9IVNZfXaS7Z/iCpgzgvKCs0VeqN38QsJGtC1aIkwOeyjPNy2G6jJ4yqH -ovXYt/0mc00vCWeSNS1wren0pR2EiLxX0ypjjgsU1mk/Z3b/+zVf7fZSIB+nDLjb -NPtUlJCVGnAeBK1J1nG3TQicqowOXoM6ISkdaXj5GPJdXHab2+S7cqhKGv5qC7rR -jT6sx7RUr0CNTxzLI7muV2/a4tGmj0PSdXQdsZ7tw7gbXlaWT1+MM2MCAQI= ------END DH PARAMETERS----- - diff --git a/src/lib/libcrypto/dh/dh512.pem b/src/lib/libcrypto/dh/dh512.pem deleted file mode 100644 index 0a4d863ebe2..00000000000 --- a/src/lib/libcrypto/dh/dh512.pem +++ /dev/null @@ -1,4 +0,0 @@ ------BEGIN DH PARAMETERS----- -MEYCQQDaWDwW2YUiidDkr3VvTMqS3UvlM7gE+w/tlO+cikQD7VdGUNNpmdsp13Yn -a6LT1BLiGPTdHghM9tgAPnxHdOgzAgEC ------END DH PARAMETERS----- diff --git a/src/lib/libcrypto/dh/dh_ameth.c b/src/lib/libcrypto/dh/dh_ameth.c new file mode 100644 index 00000000000..5054d17a3f4 --- /dev/null +++ b/src/lib/libcrypto/dh/dh_ameth.c @@ -0,0 +1,493 @@ +/* $OpenBSD: dh_ameth.c,v 1.17 2018/08/24 20:22:15 tb Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2006. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include + +#include +#include +#include +#include +#include + +#include "asn1_locl.h" + +static void +int_dh_free(EVP_PKEY *pkey) +{ + DH_free(pkey->pkey.dh); +} + +static int +dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) +{ + const unsigned char *p, *pm; + int pklen, pmlen; + int ptype; + const void *pval; + const ASN1_STRING *pstr; + X509_ALGOR *palg; + ASN1_INTEGER *public_key = NULL; + DH *dh = NULL; + + if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey)) + return 0; + X509_ALGOR_get0(NULL, &ptype, &pval, palg); + + if (ptype != V_ASN1_SEQUENCE) { + DHerror(DH_R_PARAMETER_ENCODING_ERROR); + goto err; + } + + pstr = pval; + pm = pstr->data; + pmlen = pstr->length; + + if (!(dh = d2i_DHparams(NULL, &pm, pmlen))) { + DHerror(DH_R_DECODE_ERROR); + goto err; + } + + if (!(public_key=d2i_ASN1_INTEGER(NULL, &p, pklen))) { + DHerror(DH_R_DECODE_ERROR); + goto err; + } + + /* We have parameters now set public key */ + if (!(dh->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) { + DHerror(DH_R_BN_DECODE_ERROR); + goto err; + } + + ASN1_INTEGER_free(public_key); + EVP_PKEY_assign_DH(pkey, dh); + return 1; + +err: + if (public_key) + ASN1_INTEGER_free(public_key); + DH_free(dh); + return 0; +} + +static int +dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) +{ + DH *dh; + int ptype; + unsigned char *penc = NULL; + int penclen; + ASN1_STRING *str; + ASN1_INTEGER *pub_key = NULL; + + dh=pkey->pkey.dh; + + str = ASN1_STRING_new(); + if (str == NULL) { + DHerror(ERR_R_MALLOC_FAILURE); + goto err; + } + + str->length = i2d_DHparams(dh, &str->data); + if (str->length <= 0) { + DHerror(ERR_R_MALLOC_FAILURE); + goto err; + } + ptype = V_ASN1_SEQUENCE; + + pub_key = BN_to_ASN1_INTEGER(dh->pub_key, NULL); + if (!pub_key) + goto err; + + penclen = i2d_ASN1_INTEGER(pub_key, &penc); + + ASN1_INTEGER_free(pub_key); + + if (penclen <= 0) { + DHerror(ERR_R_MALLOC_FAILURE); + goto err; + } + + if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DH), ptype, + (void *)str, penc, penclen)) + return 1; + +err: + free(penc); + ASN1_STRING_free(str); + + return 0; +} + +/* + * PKCS#8 DH is defined in PKCS#11 of all places. It is similar to DH in + * that the AlgorithmIdentifier contains the paramaters, the private key + * is explcitly included and the pubkey must be recalculated. + */ + +static int +dh_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8) +{ + const unsigned char *p, *pm; + int pklen, pmlen; + int ptype; + const void *pval; + const ASN1_STRING *pstr; + const X509_ALGOR *palg; + ASN1_INTEGER *privkey = NULL; + DH *dh = NULL; + + if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8)) + return 0; + + X509_ALGOR_get0(NULL, &ptype, &pval, palg); + + if (ptype != V_ASN1_SEQUENCE) + goto decerr; + + if (!(privkey=d2i_ASN1_INTEGER(NULL, &p, pklen))) + goto decerr; + + pstr = pval; + pm = pstr->data; + pmlen = pstr->length; + if (!(dh = d2i_DHparams(NULL, &pm, pmlen))) + goto decerr; + /* We have parameters now set private key */ + if (!(dh->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) { + DHerror(DH_R_BN_ERROR); + goto dherr; + } + /* Calculate public key */ + if (!DH_generate_key(dh)) + goto dherr; + + EVP_PKEY_assign_DH(pkey, dh); + + ASN1_INTEGER_free(privkey); + + return 1; + +decerr: + DHerror(EVP_R_DECODE_ERROR); +dherr: + DH_free(dh); + return 0; +} + +static int +dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) +{ + ASN1_STRING *params = NULL; + ASN1_INTEGER *prkey = NULL; + unsigned char *dp = NULL; + int dplen; + + params = ASN1_STRING_new(); + + if (!params) { + DHerror(ERR_R_MALLOC_FAILURE); + goto err; + } + + params->length = i2d_DHparams(pkey->pkey.dh, ¶ms->data); + if (params->length <= 0) { + DHerror(ERR_R_MALLOC_FAILURE); + goto err; + } + params->type = V_ASN1_SEQUENCE; + + /* Get private key into integer */ + prkey = BN_to_ASN1_INTEGER(pkey->pkey.dh->priv_key, NULL); + + if (!prkey) { + DHerror(DH_R_BN_ERROR); + goto err; + } + + dplen = i2d_ASN1_INTEGER(prkey, &dp); + + ASN1_INTEGER_free(prkey); + prkey = NULL; + + if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dhKeyAgreement), 0, + V_ASN1_SEQUENCE, params, dp, dplen)) + goto err; + + return 1; + +err: + free(dp); + ASN1_STRING_free(params); + ASN1_INTEGER_free(prkey); + return 0; +} + +static void +update_buflen(const BIGNUM *b, size_t *pbuflen) +{ + size_t i; + + if (!b) + return; + if (*pbuflen < (i = (size_t)BN_num_bytes(b))) + *pbuflen = i; +} + +static int +dh_param_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen) +{ + DH *dh; + + if (!(dh = d2i_DHparams(NULL, pder, derlen))) { + DHerror(ERR_R_DH_LIB); + return 0; + } + EVP_PKEY_assign_DH(pkey, dh); + return 1; +} + +static int +dh_param_encode(const EVP_PKEY *pkey, unsigned char **pder) +{ + return i2d_DHparams(pkey->pkey.dh, pder); +} + +static int +do_dh_print(BIO *bp, const DH *x, int indent, ASN1_PCTX *ctx, int ptype) +{ + unsigned char *m = NULL; + int reason = ERR_R_BUF_LIB, ret = 0; + size_t buf_len = 0; + const char *ktype = NULL; + BIGNUM *priv_key, *pub_key; + + if (ptype == 2) + priv_key = x->priv_key; + else + priv_key = NULL; + + if (ptype > 0) + pub_key = x->pub_key; + else + pub_key = NULL; + + update_buflen(x->p, &buf_len); + + if (buf_len == 0) { + reason = ERR_R_PASSED_NULL_PARAMETER; + goto err; + } + + update_buflen(x->g, &buf_len); + update_buflen(pub_key, &buf_len); + update_buflen(priv_key, &buf_len); + + if (ptype == 2) + ktype = "PKCS#3 DH Private-Key"; + else if (ptype == 1) + ktype = "PKCS#3 DH Public-Key"; + else + ktype = "PKCS#3 DH Parameters"; + + m= malloc(buf_len + 10); + if (m == NULL) { + reason = ERR_R_MALLOC_FAILURE; + goto err; + } + + BIO_indent(bp, indent, 128); + if (BIO_printf(bp, "%s: (%d bit)\n", ktype, BN_num_bits(x->p)) <= 0) + goto err; + indent += 4; + + if (!ASN1_bn_print(bp, "private-key:", priv_key, m, indent)) + goto err; + if (!ASN1_bn_print(bp, "public-key:", pub_key, m, indent)) + goto err; + + if (!ASN1_bn_print(bp, "prime:", x->p, m, indent)) + goto err; + if (!ASN1_bn_print(bp, "generator:", x->g, m, indent)) + goto err; + if (x->length != 0) { + BIO_indent(bp, indent, 128); + if (BIO_printf(bp, "recommended-private-length: %d bits\n", + (int)x->length) <= 0) + goto err; + } + + ret = 1; + if (0) { +err: + DHerror(reason); + } + free(m); + return(ret); +} + +static int +int_dh_size(const EVP_PKEY *pkey) +{ + return DH_size(pkey->pkey.dh); +} + +static int +dh_bits(const EVP_PKEY *pkey) +{ + return BN_num_bits(pkey->pkey.dh->p); +} + +static int +dh_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) +{ + if (BN_cmp(a->pkey.dh->p, b->pkey.dh->p) || + BN_cmp(a->pkey.dh->g, b->pkey.dh->g)) + return 0; + else + return 1; +} + +static int +dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) +{ + BIGNUM *a; + + if ((a = BN_dup(from->pkey.dh->p)) == NULL) + return 0; + BN_free(to->pkey.dh->p); + to->pkey.dh->p = a; + + if ((a = BN_dup(from->pkey.dh->g)) == NULL) + return 0; + BN_free(to->pkey.dh->g); + to->pkey.dh->g = a; + + return 1; +} + +static int +dh_missing_parameters(const EVP_PKEY *a) +{ + if (!a->pkey.dh->p || !a->pkey.dh->g) + return 1; + return 0; +} + +static int +dh_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) +{ + if (dh_cmp_parameters(a, b) == 0) + return 0; + if (BN_cmp(b->pkey.dh->pub_key, a->pkey.dh->pub_key) != 0) + return 0; + else + return 1; +} + +static int +dh_param_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx) +{ + return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 0); +} + +static int +dh_public_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx) +{ + return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 1); +} + +static int +dh_private_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx) +{ + return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 2); +} + +int +DHparams_print(BIO *bp, const DH *x) +{ + return do_dh_print(bp, x, 4, NULL, 0); +} + +const EVP_PKEY_ASN1_METHOD dh_asn1_meth = { + .pkey_id = EVP_PKEY_DH, + .pkey_base_id = EVP_PKEY_DH, + + .pem_str = "DH", + .info = "OpenSSL PKCS#3 DH method", + + .pub_decode = dh_pub_decode, + .pub_encode = dh_pub_encode, + .pub_cmp = dh_pub_cmp, + .pub_print = dh_public_print, + + .priv_decode = dh_priv_decode, + .priv_encode = dh_priv_encode, + .priv_print = dh_private_print, + + .pkey_size = int_dh_size, + .pkey_bits = dh_bits, + + .param_decode = dh_param_decode, + .param_encode = dh_param_encode, + .param_missing = dh_missing_parameters, + .param_copy = dh_copy_parameters, + .param_cmp = dh_cmp_parameters, + .param_print = dh_param_print, + + .pkey_free = int_dh_free, +}; diff --git a/src/lib/libcrypto/dh/dh_asn1.c b/src/lib/libcrypto/dh/dh_asn1.c index 769b5b68c53..f4850293131 100644 --- a/src/lib/libcrypto/dh/dh_asn1.c +++ b/src/lib/libcrypto/dh/dh_asn1.c @@ -1,9 +1,9 @@ -/* dh_asn1.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: dh_asn1.c,v 1.10 2016/12/30 15:26:49 jsing Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -57,20 +57,22 @@ */ #include -#include "cryptlib.h" + +#include #include #include #include -#include /* Override the default free and new methods */ -static int dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) +static int +dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) { - if(operation == ASN1_OP_NEW_PRE) { + if (operation == ASN1_OP_NEW_PRE) { *pval = (ASN1_VALUE *)DH_new(); - if(*pval) return 2; + if (*pval) + return 2; return 0; - } else if(operation == ASN1_OP_FREE_PRE) { + } else if (operation == ASN1_OP_FREE_PRE) { DH_free((DH *)*pval); *pval = NULL; return 2; @@ -78,10 +80,88 @@ static int dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) return 1; } -ASN1_SEQUENCE_cb(DHparams, dh_cb) = { - ASN1_SIMPLE(DH, p, BIGNUM), - ASN1_SIMPLE(DH, g, BIGNUM), - ASN1_OPT(DH, length, ZLONG), -} ASN1_SEQUENCE_END_cb(DH, DHparams) +static const ASN1_AUX DHparams_aux = { + .app_data = NULL, + .flags = 0, + .ref_offset = 0, + .ref_lock = 0, + .asn1_cb = dh_cb, + .enc_offset = 0, +}; +static const ASN1_TEMPLATE DHparams_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(DH, p), + .field_name = "p", + .item = &BIGNUM_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(DH, g), + .field_name = "g", + .item = &BIGNUM_it, + }, + { + .flags = ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(DH, length), + .field_name = "length", + .item = &ZLONG_it, + }, +}; + +const ASN1_ITEM DHparams_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = DHparams_seq_tt, + .tcount = sizeof(DHparams_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = &DHparams_aux, + .size = sizeof(DH), + .sname = "DH", +}; -IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DH, DHparams, DHparams) + +DH * +d2i_DHparams(DH **a, const unsigned char **in, long len) +{ + return (DH *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &DHparams_it); +} + +int +i2d_DHparams(const DH *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &DHparams_it); +} + +DH * +d2i_DHparams_bio(BIO *bp, DH **a) +{ + return ASN1_item_d2i_bio(&DHparams_it, bp, a); +} + +int +i2d_DHparams_bio(BIO *bp, DH *a) +{ + return ASN1_item_i2d_bio(&DHparams_it, bp, a); +} + +DH * +d2i_DHparams_fp(FILE *fp, DH **a) +{ + return ASN1_item_d2i_fp(&DHparams_it, fp, a); +} + +int +i2d_DHparams_fp(FILE *fp, DH *a) +{ + return ASN1_item_i2d_fp(&DHparams_it, fp, a); +} + +DH * +DHparams_dup(DH *dh) +{ + return ASN1_item_dup(&DHparams_it, dh); +} diff --git a/src/lib/libcrypto/dh/dh_check.c b/src/lib/libcrypto/dh/dh_check.c index f0373f7d687..a8227d31ca6 100644 --- a/src/lib/libcrypto/dh/dh_check.c +++ b/src/lib/libcrypto/dh/dh_check.c @@ -1,4 +1,4 @@ -/* crypto/dh/dh_check.c */ +/* $OpenBSD: dh_check.c,v 1.17 2019/01/20 01:56:59 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -57,12 +57,13 @@ */ #include -#include "cryptlib.h" + #include #include -/* Check that p is a safe prime and - * if g is 2, 3 or 5, check that is is a suitable generator +/* + * Check that p is a safe prime and + * if g is 2, 3 or 5, check that it is a suitable generator * where * for 2, p mod 24 == 11 * for 3, p mod 12 == 5 @@ -70,51 +71,76 @@ * should hold. */ -int DH_check(const DH *dh, int *ret) - { - int ok=0; - BN_CTX *ctx=NULL; +int +DH_check(const DH *dh, int *ret) +{ + int is_prime, ok = 0; + BN_CTX *ctx = NULL; BN_ULONG l; - BIGNUM *q=NULL; + BIGNUM *q = NULL; - *ret=0; - ctx=BN_CTX_new(); - if (ctx == NULL) goto err; - q=BN_new(); - if (q == NULL) goto err; + *ret = 0; + ctx = BN_CTX_new(); + if (ctx == NULL) + goto err; + q = BN_new(); + if (q == NULL) + goto err; - if (BN_is_word(dh->g,DH_GENERATOR_2)) - { - l=BN_mod_word(dh->p,24); - if (l != 11) *ret|=DH_NOT_SUITABLE_GENERATOR; - } -#if 0 - else if (BN_is_word(dh->g,DH_GENERATOR_3)) - { - l=BN_mod_word(dh->p,12); - if (l != 5) *ret|=DH_NOT_SUITABLE_GENERATOR; - } -#endif - else if (BN_is_word(dh->g,DH_GENERATOR_5)) - { - l=BN_mod_word(dh->p,10); - if ((l != 3) && (l != 7)) - *ret|=DH_NOT_SUITABLE_GENERATOR; - } - else - *ret|=DH_UNABLE_TO_CHECK_GENERATOR; + if (BN_is_word(dh->g, DH_GENERATOR_2)) { + l = BN_mod_word(dh->p, 24); + if (l == (BN_ULONG)-1) + goto err; + if (l != 11) + *ret |= DH_NOT_SUITABLE_GENERATOR; + } else if (BN_is_word(dh->g, DH_GENERATOR_5)) { + l = BN_mod_word(dh->p, 10); + if (l == (BN_ULONG)-1) + goto err; + if (l != 3 && l != 7) + *ret |= DH_NOT_SUITABLE_GENERATOR; + } else + *ret |= DH_UNABLE_TO_CHECK_GENERATOR; - if (!BN_is_prime(dh->p,BN_prime_checks,NULL,ctx,NULL)) - *ret|=DH_CHECK_P_NOT_PRIME; - else - { - if (!BN_rshift1(q,dh->p)) goto err; - if (!BN_is_prime(q,BN_prime_checks,NULL,ctx,NULL)) - *ret|=DH_CHECK_P_NOT_SAFE_PRIME; - } - ok=1; -err: - if (ctx != NULL) BN_CTX_free(ctx); - if (q != NULL) BN_free(q); - return(ok); + is_prime = BN_is_prime_ex(dh->p, BN_prime_checks, ctx, NULL); + if (is_prime < 0) + goto err; + if (is_prime == 0) + *ret |= DH_CHECK_P_NOT_PRIME; + else { + if (!BN_rshift1(q, dh->p)) + goto err; + is_prime = BN_is_prime_ex(q, BN_prime_checks, ctx, NULL); + if (is_prime < 0) + goto err; + if (is_prime == 0) + *ret |= DH_CHECK_P_NOT_SAFE_PRIME; } + ok = 1; + + err: + BN_CTX_free(ctx); + BN_free(q); + return ok; +} + +int +DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret) +{ + BIGNUM *q = NULL; + + *ret = 0; + q = BN_new(); + if (q == NULL) + return 0; + BN_set_word(q, 1); + if (BN_cmp(pub_key, q) <= 0) + *ret |= DH_CHECK_PUBKEY_TOO_SMALL; + BN_copy(q, dh->p); + BN_sub_word(q, 1); + if (BN_cmp(pub_key, q) >= 0) + *ret |= DH_CHECK_PUBKEY_TOO_LARGE; + + BN_free(q); + return 1; +} diff --git a/src/lib/libcrypto/dh/dh_depr.c b/src/lib/libcrypto/dh/dh_depr.c new file mode 100644 index 00000000000..0b75b0be5e1 --- /dev/null +++ b/src/lib/libcrypto/dh/dh_depr.c @@ -0,0 +1,83 @@ +/* $OpenBSD: dh_depr.c,v 1.6 2014/07/11 08:44:48 jsing Exp $ */ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* This file contains deprecated functions as wrappers to the new ones */ + +#include + +#include + +#include +#include + +#ifndef OPENSSL_NO_DEPRECATED +DH * +DH_generate_parameters(int prime_len, int generator, + void (*callback)(int, int, void *), void *cb_arg) +{ + BN_GENCB cb; + DH *ret = NULL; + + if ((ret = DH_new()) == NULL) + return NULL; + + BN_GENCB_set_old(&cb, callback, cb_arg); + + if (DH_generate_parameters_ex(ret, prime_len, generator, &cb)) + return ret; + DH_free(ret); + return NULL; +} +#endif diff --git a/src/lib/libcrypto/dh/dh_err.c b/src/lib/libcrypto/dh/dh_err.c index d837950aecb..497f88436e6 100644 --- a/src/lib/libcrypto/dh/dh_err.c +++ b/src/lib/libcrypto/dh/dh_err.c @@ -1,6 +1,6 @@ -/* crypto/dh/dh_err.c */ +/* $OpenBSD: dh_err.c,v 1.16 2017/01/29 17:49:22 beck Exp $ */ /* ==================================================================== - * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -59,26 +59,37 @@ */ #include + +#include + #include #include /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -static ERR_STRING_DATA DH_str_functs[]= - { -{ERR_PACK(0,DH_F_DHPARAMS_PRINT,0), "DHparams_print"}, -{ERR_PACK(0,DH_F_DHPARAMS_PRINT_FP,0), "DHparams_print_fp"}, -{ERR_PACK(0,DH_F_DH_COMPUTE_KEY,0), "DH_compute_key"}, -{ERR_PACK(0,DH_F_DH_GENERATE_KEY,0), "DH_generate_key"}, -{ERR_PACK(0,DH_F_DH_GENERATE_PARAMETERS,0), "DH_generate_parameters"}, -{ERR_PACK(0,DH_F_DH_NEW_METHOD,0), "DH_new_method"}, -{0,NULL} - }; + +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DH,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DH,0,reason) + +static ERR_STRING_DATA DH_str_functs[]= { + {ERR_FUNC(0xfff), "CRYPTO_internal"}, + {0, NULL} +}; static ERR_STRING_DATA DH_str_reasons[]= { -{DH_R_BAD_GENERATOR ,"bad generator"}, -{DH_R_NO_PRIVATE_VALUE ,"no private value"}, +{ERR_REASON(DH_R_BAD_GENERATOR) ,"bad generator"}, +{ERR_REASON(DH_R_BN_DECODE_ERROR) ,"bn decode error"}, +{ERR_REASON(DH_R_BN_ERROR) ,"bn error"}, +{ERR_REASON(DH_R_DECODE_ERROR) ,"decode error"}, +{ERR_REASON(DH_R_INVALID_PUBKEY) ,"invalid public key"}, +{ERR_REASON(DH_R_KEYS_NOT_SET) ,"keys not set"}, +{ERR_REASON(DH_R_KEY_SIZE_TOO_SMALL) ,"key size too small"}, +{ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"}, +{ERR_REASON(DH_R_NON_FIPS_METHOD) ,"non fips method"}, +{ERR_REASON(DH_R_NO_PARAMETERS_SET) ,"no parameters set"}, +{ERR_REASON(DH_R_NO_PRIVATE_VALUE) ,"no private value"}, +{ERR_REASON(DH_R_PARAMETER_ENCODING_ERROR),"parameter encoding error"}, {0,NULL} }; @@ -86,15 +97,12 @@ static ERR_STRING_DATA DH_str_reasons[]= void ERR_load_DH_strings(void) { - static int init=1; - - if (init) - { - init=0; #ifndef OPENSSL_NO_ERR - ERR_load_strings(ERR_LIB_DH,DH_str_functs); - ERR_load_strings(ERR_LIB_DH,DH_str_reasons); -#endif + if (ERR_func_error_string(DH_str_functs[0].error) == NULL) + { + ERR_load_strings(0,DH_str_functs); + ERR_load_strings(0,DH_str_reasons); } +#endif } diff --git a/src/lib/libcrypto/dh/dh_gen.c b/src/lib/libcrypto/dh/dh_gen.c index 06f78b35ab7..99394113eef 100644 --- a/src/lib/libcrypto/dh/dh_gen.c +++ b/src/lib/libcrypto/dh/dh_gen.c @@ -1,4 +1,4 @@ -/* crypto/dh/dh_gen.c */ +/* $OpenBSD: dh_gen.c,v 1.16 2017/01/29 17:49:22 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -56,12 +56,30 @@ * [including the GNU Public Licence.] */ +/* NB: These functions have been upgraded - the previous prototypes are in + * dh_depr.c as wrappers to these ones. + * - Geoff + */ + #include -#include "cryptlib.h" + #include #include +#include + +static int dh_builtin_genparams(DH *ret, int prime_len, int generator, + BN_GENCB *cb); + +int +DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb) +{ + if (ret->meth->generate_params) + return ret->meth->generate_params(ret, prime_len, generator, cb); + return dh_builtin_genparams(ret, prime_len, generator, cb); +} -/* We generate DH parameters as follows +/* + * We generate DH parameters as follows: * find a prime q which is prime_len/2 bits long. * p=(2*q)+1 or (p-1)/2 = q * For this case, g is a generator if @@ -86,84 +104,76 @@ * It's just as OK (and in some sense better) to use a generator of the * order-q subgroup. */ -DH *DH_generate_parameters(int prime_len, int generator, - void (*callback)(int,int,void *), void *cb_arg) - { - BIGNUM *p=NULL,*t1,*t2; - DH *ret=NULL; - int g,ok= -1; - BN_CTX *ctx=NULL; +static int +dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb) +{ + BIGNUM *t1, *t2; + int g, ok = -1; + BN_CTX *ctx = NULL; - ret=DH_new(); - if (ret == NULL) goto err; - ctx=BN_CTX_new(); - if (ctx == NULL) goto err; + ctx = BN_CTX_new(); + if (ctx == NULL) + goto err; BN_CTX_start(ctx); - t1 = BN_CTX_get(ctx); - t2 = BN_CTX_get(ctx); - if (t1 == NULL || t2 == NULL) goto err; + if ((t1 = BN_CTX_get(ctx)) == NULL) + goto err; + if ((t2 = BN_CTX_get(ctx)) == NULL) + goto err; + + /* Make sure 'ret' has the necessary elements */ + if (!ret->p && ((ret->p = BN_new()) == NULL)) + goto err; + if (!ret->g && ((ret->g = BN_new()) == NULL)) + goto err; - if (generator <= 1) - { - DHerr(DH_F_DH_GENERATE_PARAMETERS, DH_R_BAD_GENERATOR); + if (generator <= 1) { + DHerror(DH_R_BAD_GENERATOR); goto err; - } - if (generator == DH_GENERATOR_2) - { - if (!BN_set_word(t1,24)) goto err; - if (!BN_set_word(t2,11)) goto err; - g=2; - } -#if 0 /* does not work for safe primes */ - else if (generator == DH_GENERATOR_3) - { - if (!BN_set_word(t1,12)) goto err; - if (!BN_set_word(t2,5)) goto err; - g=3; - } -#endif - else if (generator == DH_GENERATOR_5) - { - if (!BN_set_word(t1,10)) goto err; - if (!BN_set_word(t2,3)) goto err; + } + if (generator == DH_GENERATOR_2) { + if (!BN_set_word(t1, 24)) + goto err; + if (!BN_set_word(t2, 11)) + goto err; + g = 2; + } else if (generator == DH_GENERATOR_5) { + if (!BN_set_word(t1, 10)) + goto err; + if (!BN_set_word(t2, 3)) + goto err; /* BN_set_word(t3,7); just have to miss * out on these ones :-( */ - g=5; - } - else - { - /* in the general case, don't worry if 'generator' is a + g = 5; + } else { + /* + * in the general case, don't worry if 'generator' is a * generator or not: since we are using safe primes, * it will generate either an order-q or an order-2q group, - * which both is OK */ - if (!BN_set_word(t1,2)) goto err; - if (!BN_set_word(t2,1)) goto err; - g=generator; - } + * which both is OK + */ + if (!BN_set_word(t1, 2)) + goto err; + if (!BN_set_word(t2, 1)) + goto err; + g = generator; + } - p=BN_generate_prime(NULL,prime_len,1,t1,t2,callback,cb_arg); - if (p == NULL) goto err; - if (callback != NULL) callback(3,0,cb_arg); - ret->p=p; - ret->g=BN_new(); - if (!BN_set_word(ret->g,g)) goto err; - ok=1; + if (!BN_generate_prime_ex(ret->p, prime_len, 1, t1, t2, cb)) + goto err; + if (!BN_GENCB_call(cb, 3, 0)) + goto err; + if (!BN_set_word(ret->g, g)) + goto err; + ok = 1; err: - if (ok == -1) - { - DHerr(DH_F_DH_GENERATE_PARAMETERS,ERR_R_BN_LIB); - ok=0; - } + if (ok == -1) { + DHerror(ERR_R_BN_LIB); + ok = 0; + } - if (ctx != NULL) - { + if (ctx != NULL) { BN_CTX_end(ctx); BN_CTX_free(ctx); - } - if (!ok && (ret != NULL)) - { - DH_free(ret); - ret=NULL; - } - return(ret); } + return ok; +} diff --git a/src/lib/libcrypto/dh/dh_key.c b/src/lib/libcrypto/dh/dh_key.c index 1a0efca2c4c..a77e7956dd7 100644 --- a/src/lib/libcrypto/dh/dh_key.c +++ b/src/lib/libcrypto/dh/dh_key.c @@ -1,4 +1,4 @@ -/* crypto/dh/dh_key.c */ +/* $OpenBSD: dh_key.c,v 1.36 2018/11/12 17:39:17 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -57,167 +57,191 @@ */ #include -#include "cryptlib.h" + #include -#include #include -#include +#include + +#include "bn_lcl.h" static int generate_key(DH *dh); static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); -static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, - const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx); +static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, const BIGNUM *a, + const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); static int dh_init(DH *dh); static int dh_finish(DH *dh); -int DH_generate_key(DH *dh) - { +int +DH_generate_key(DH *dh) +{ return dh->meth->generate_key(dh); - } +} -int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) - { +int +DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) +{ return dh->meth->compute_key(key, pub_key, dh); - } +} static DH_METHOD dh_ossl = { -"OpenSSL DH Method", -generate_key, -compute_key, -dh_bn_mod_exp, -dh_init, -dh_finish, -0, -NULL + .name = "OpenSSL DH Method", + .generate_key = generate_key, + .compute_key = compute_key, + .bn_mod_exp = dh_bn_mod_exp, + .init = dh_init, + .finish = dh_finish, }; -const DH_METHOD *DH_OpenSSL(void) +const DH_METHOD * +DH_OpenSSL(void) { return &dh_ossl; } -static int generate_key(DH *dh) - { - int ok=0; - int generate_new_key=0; +static int +generate_key(DH *dh) +{ + int ok = 0; unsigned l; BN_CTX *ctx; - BN_MONT_CTX *mont; - BIGNUM *pub_key=NULL,*priv_key=NULL; + BN_MONT_CTX *mont = NULL; + BIGNUM *pub_key = NULL, *priv_key = NULL, *two = NULL; + + if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) { + DHerror(DH_R_MODULUS_TOO_LARGE); + return 0; + } ctx = BN_CTX_new(); - if (ctx == NULL) goto err; + if (ctx == NULL) + goto err; - if (dh->priv_key == NULL) - { - priv_key=BN_new(); - if (priv_key == NULL) goto err; - generate_new_key=1; - } - else - priv_key=dh->priv_key; + if ((priv_key = dh->priv_key) == NULL) { + if ((priv_key = BN_new()) == NULL) + goto err; + } - if (dh->pub_key == NULL) - { - pub_key=BN_new(); - if (pub_key == NULL) goto err; - } - else - pub_key=dh->pub_key; - - if ((dh->method_mont_p == NULL) && (dh->flags & DH_FLAG_CACHE_MONT_P)) - { - if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL) - if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p, - dh->p,ctx)) goto err; - } - mont=(BN_MONT_CTX *)dh->method_mont_p; + if ((pub_key = dh->pub_key) == NULL) { + if ((pub_key = BN_new()) == NULL) + goto err; + } - if (generate_new_key) - { - l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */ - if (!BN_rand(priv_key, l, 0, 0)) goto err; + if (dh->flags & DH_FLAG_CACHE_MONT_P) { + mont = BN_MONT_CTX_set_locked(&dh->method_mont_p, + CRYPTO_LOCK_DH, dh->p, ctx); + if (!mont) + goto err; + } + + if (dh->priv_key == NULL) { + if (dh->q) { + if ((two = BN_new()) == NULL) + goto err; + if (!BN_add(two, BN_value_one(), BN_value_one())) + goto err; + if (!bn_rand_interval(priv_key, two, dh->q)) + goto err; + } else { + /* secret exponent length */ + l = dh->length ? dh->length : BN_num_bits(dh->p) - 1; + if (!BN_rand(priv_key, l, 0, 0)) + goto err; } - if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, priv_key,dh->p,ctx,mont)) + } + + if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, priv_key, dh->p, ctx, + mont)) goto err; - - dh->pub_key=pub_key; - dh->priv_key=priv_key; - ok=1; -err: + + dh->pub_key = pub_key; + dh->priv_key = priv_key; + ok = 1; + err: if (ok != 1) - DHerr(DH_F_DH_GENERATE_KEY,ERR_R_BN_LIB); + DHerror(ERR_R_BN_LIB); - if ((pub_key != NULL) && (dh->pub_key == NULL)) BN_free(pub_key); - if ((priv_key != NULL) && (dh->priv_key == NULL)) BN_free(priv_key); + if (dh->pub_key == NULL) + BN_free(pub_key); + if (dh->priv_key == NULL) + BN_free(priv_key); BN_CTX_free(ctx); - return(ok); - } + BN_free(two); + return ok; +} -static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) - { - BN_CTX *ctx; - BN_MONT_CTX *mont; +static int +compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) +{ + BN_CTX *ctx = NULL; + BN_MONT_CTX *mont = NULL; BIGNUM *tmp; - int ret= -1; + int ret = -1; + int check_result; + + if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) { + DHerror(DH_R_MODULUS_TOO_LARGE); + goto err; + } ctx = BN_CTX_new(); - if (ctx == NULL) goto err; + if (ctx == NULL) + goto err; BN_CTX_start(ctx); - tmp = BN_CTX_get(ctx); - - if (dh->priv_key == NULL) - { - DHerr(DH_F_DH_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE); + if ((tmp = BN_CTX_get(ctx)) == NULL) goto err; - } - if ((dh->method_mont_p == NULL) && (dh->flags & DH_FLAG_CACHE_MONT_P)) - { - if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL) - if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p, - dh->p,ctx)) goto err; - } - mont=(BN_MONT_CTX *)dh->method_mont_p; - if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont)) - { - DHerr(DH_F_DH_COMPUTE_KEY,ERR_R_BN_LIB); + if (dh->priv_key == NULL) { + DHerror(DH_R_NO_PRIVATE_VALUE); goto err; - } - - ret=BN_bn2bin(tmp,key); -err: - BN_CTX_end(ctx); - BN_CTX_free(ctx); - return(ret); } -static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, - const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx) - { - if (a->top == 1) - { - BN_ULONG A = a->d[0]; - return BN_mod_exp_mont_word(r,A,p,m,ctx,m_ctx); - } - else - return BN_mod_exp_mont(r,a,p,m,ctx,m_ctx); + if (dh->flags & DH_FLAG_CACHE_MONT_P) { + mont = BN_MONT_CTX_set_locked(&dh->method_mont_p, + CRYPTO_LOCK_DH, dh->p, ctx); + + BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME); + + if (!mont) + goto err; } + if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result) { + DHerror(DH_R_INVALID_PUBKEY); + goto err; + } -static int dh_init(DH *dh) - { - dh->flags |= DH_FLAG_CACHE_MONT_P; - return(1); + if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key, dh->p, ctx, + mont)) { + DHerror(ERR_R_BN_LIB); + goto err; } -static int dh_finish(DH *dh) - { - if(dh->method_mont_p) - BN_MONT_CTX_free((BN_MONT_CTX *)dh->method_mont_p); - return(1); + ret = BN_bn2bin(tmp, key); + err: + if (ctx != NULL) { + BN_CTX_end(ctx); + BN_CTX_free(ctx); } + return ret; +} + +static int +dh_bn_mod_exp(const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) +{ + return BN_mod_exp_mont_ct(r, a, p, m, ctx, m_ctx); +} + +static int +dh_init(DH *dh) +{ + dh->flags |= DH_FLAG_CACHE_MONT_P; + return 1; +} + +static int +dh_finish(DH *dh) +{ + BN_MONT_CTX_free(dh->method_mont_p); + return 1; +} diff --git a/src/lib/libcrypto/dh/dh_lib.c b/src/lib/libcrypto/dh/dh_lib.c index ba5fd410579..446bc65aa28 100644 --- a/src/lib/libcrypto/dh/dh_lib.c +++ b/src/lib/libcrypto/dh/dh_lib.c @@ -1,4 +1,4 @@ -/* crypto/dh/dh_lib.c */ +/* $OpenBSD: dh_lib.c,v 1.32 2018/05/02 15:48:38 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -56,182 +56,280 @@ * [including the GNU Public Licence.] */ +#include #include -#include "cryptlib.h" + +#include + #include #include -#include +#include -const char *DH_version="Diffie-Hellman" OPENSSL_VERSION_PTEXT; +#ifndef OPENSSL_NO_ENGINE +#include +#endif static const DH_METHOD *default_DH_method = NULL; -void DH_set_default_method(const DH_METHOD *meth) - { +void +DH_set_default_method(const DH_METHOD *meth) +{ default_DH_method = meth; - } +} -const DH_METHOD *DH_get_default_method(void) - { - if(!default_DH_method) +const DH_METHOD * +DH_get_default_method(void) +{ + if (!default_DH_method) default_DH_method = DH_OpenSSL(); return default_DH_method; - } +} -int DH_set_method(DH *dh, const DH_METHOD *meth) - { - /* NB: The caller is specifically setting a method, so it's not up to us - * to deal with which ENGINE it comes from. */ +int +DH_set_method(DH *dh, const DH_METHOD *meth) +{ + /* + * NB: The caller is specifically setting a method, so it's not up to us + * to deal with which ENGINE it comes from. + */ const DH_METHOD *mtmp; + mtmp = dh->meth; - if (mtmp->finish) mtmp->finish(dh); - if (dh->engine) - { - ENGINE_finish(dh->engine); - dh->engine = NULL; - } + if (mtmp->finish) + mtmp->finish(dh); +#ifndef OPENSSL_NO_ENGINE + ENGINE_finish(dh->engine); + dh->engine = NULL; +#endif dh->meth = meth; - if (meth->init) meth->init(dh); + if (meth->init) + meth->init(dh); return 1; - } +} -DH *DH_new(void) - { +DH * +DH_new(void) +{ return DH_new_method(NULL); - } +} -DH *DH_new_method(ENGINE *engine) - { +DH * +DH_new_method(ENGINE *engine) +{ DH *ret; - ret=(DH *)OPENSSL_malloc(sizeof(DH)); - if (ret == NULL) - { - DHerr(DH_F_DH_NEW_METHOD,ERR_R_MALLOC_FAILURE); - return(NULL); - } + ret = malloc(sizeof(DH)); + if (ret == NULL) { + DHerror(ERR_R_MALLOC_FAILURE); + return NULL; + } ret->meth = DH_get_default_method(); - if (engine) - { - if (!ENGINE_init(engine)) - { - DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB); - OPENSSL_free(ret); +#ifndef OPENSSL_NO_ENGINE + if (engine) { + if (!ENGINE_init(engine)) { + DHerror(ERR_R_ENGINE_LIB); + free(ret); return NULL; - } - ret->engine = engine; } - else + ret->engine = engine; + } else ret->engine = ENGINE_get_default_DH(); - if(ret->engine) - { + if(ret->engine) { ret->meth = ENGINE_get_DH(ret->engine); - if(!ret->meth) - { - DHerr(DH_F_DH_NEW_METHOD,ERR_R_ENGINE_LIB); + if (ret->meth == NULL) { + DHerror(ERR_R_ENGINE_LIB); ENGINE_finish(ret->engine); - OPENSSL_free(ret); + free(ret); return NULL; - } } + } +#endif - ret->pad=0; - ret->version=0; - ret->p=NULL; - ret->g=NULL; - ret->length=0; - ret->pub_key=NULL; - ret->priv_key=NULL; - ret->q=NULL; - ret->j=NULL; + ret->pad = 0; + ret->version = 0; + ret->p = NULL; + ret->g = NULL; + ret->length = 0; + ret->pub_key = NULL; + ret->priv_key = NULL; + ret->q = NULL; + ret->j = NULL; ret->seed = NULL; ret->seedlen = 0; ret->counter = NULL; ret->method_mont_p=NULL; ret->references = 1; - ret->flags=ret->meth->flags; + ret->flags = ret->meth->flags & ~DH_FLAG_NON_FIPS_ALLOW; CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data); - if ((ret->meth->init != NULL) && !ret->meth->init(ret)) - { - if (ret->engine) - ENGINE_finish(ret->engine); + if (ret->meth->init != NULL && !ret->meth->init(ret)) { +#ifndef OPENSSL_NO_ENGINE + ENGINE_finish(ret->engine); +#endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data); - OPENSSL_free(ret); - ret=NULL; - } - return(ret); + free(ret); + ret = NULL; } + return ret; +} -void DH_free(DH *r) - { +void +DH_free(DH *r) +{ int i; - if(r == NULL) return; + + if (r == NULL) + return; i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH); -#ifdef REF_PRINT - REF_PRINT("DH",r); -#endif - if (i > 0) return; -#ifdef REF_CHECK - if (i < 0) - { - fprintf(stderr,"DH_free, bad reference count\n"); - abort(); - } -#endif + if (i > 0) + return; if (r->meth->finish) r->meth->finish(r); - if (r->engine) - ENGINE_finish(r->engine); +#ifndef OPENSSL_NO_ENGINE + ENGINE_finish(r->engine); +#endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data); - if (r->p != NULL) BN_clear_free(r->p); - if (r->g != NULL) BN_clear_free(r->g); - if (r->q != NULL) BN_clear_free(r->q); - if (r->j != NULL) BN_clear_free(r->j); - if (r->seed) OPENSSL_free(r->seed); - if (r->counter != NULL) BN_clear_free(r->counter); - if (r->pub_key != NULL) BN_clear_free(r->pub_key); - if (r->priv_key != NULL) BN_clear_free(r->priv_key); - OPENSSL_free(r); - } + BN_clear_free(r->p); + BN_clear_free(r->g); + BN_clear_free(r->q); + BN_clear_free(r->j); + free(r->seed); + BN_clear_free(r->counter); + BN_clear_free(r->pub_key); + BN_clear_free(r->priv_key); + free(r); +} -int DH_up_ref(DH *r) - { +int +DH_up_ref(DH *r) +{ int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DH); -#ifdef REF_PRINT - REF_PRINT("DH",r); -#endif -#ifdef REF_CHECK - if (i < 2) - { - fprintf(stderr, "DH_up, bad reference count\n"); - abort(); - } -#endif - return ((i > 1) ? 1 : 0); - } -int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) - { - return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, argl, argp, - new_func, dup_func, free_func); - } + return i > 1 ? 1 : 0; +} -int DH_set_ex_data(DH *d, int idx, void *arg) - { - return(CRYPTO_set_ex_data(&d->ex_data,idx,arg)); - } +int +DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) +{ + return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, argl, argp, new_func, + dup_func, free_func); +} + +int +DH_set_ex_data(DH *d, int idx, void *arg) +{ + return CRYPTO_set_ex_data(&d->ex_data, idx, arg); +} + +void * +DH_get_ex_data(DH *d, int idx) +{ + return CRYPTO_get_ex_data(&d->ex_data, idx); +} + +int +DH_size(const DH *dh) +{ + return BN_num_bytes(dh->p); +} + +int +DH_bits(const DH *dh) +{ + return BN_num_bits(dh->p); +} + +ENGINE * +DH_get0_engine(DH *dh) +{ + return dh->engine; +} + +void +DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) +{ + if (p != NULL) + *p = dh->p; + if (q != NULL) + *q = dh->q; + if (g != NULL) + *g = dh->g; +} -void *DH_get_ex_data(DH *d, int idx) - { - return(CRYPTO_get_ex_data(&d->ex_data,idx)); +int +DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) +{ + if ((dh->p == NULL && p == NULL) || (dh->g == NULL && g == NULL)) + return 0; + + if (p != NULL) { + BN_free(dh->p); + dh->p = p; + } + if (q != NULL) { + BN_free(dh->q); + dh->q = q; + } + if (g != NULL) { + BN_free(dh->g); + dh->g = g; } -int DH_size(const DH *dh) - { - return(BN_num_bytes(dh->p)); + return 1; +} + +void +DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key) +{ + if (pub_key != NULL) + *pub_key = dh->pub_key; + if (priv_key != NULL) + *priv_key = dh->priv_key; +} + +int +DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) +{ + if (pub_key != NULL) { + BN_free(dh->pub_key); + dh->pub_key = pub_key; + } + if (priv_key != NULL) { + BN_free(dh->priv_key); + dh->priv_key = priv_key; } + + return 1; +} + +void +DH_clear_flags(DH *dh, int flags) +{ + dh->flags &= ~flags; +} + +int +DH_test_flags(const DH *dh, int flags) +{ + return dh->flags & flags; +} + +void +DH_set_flags(DH *dh, int flags) +{ + dh->flags |= flags; +} + +int +DH_set_length(DH *dh, long length) +{ + if (length < 0 || length > INT_MAX) + return 0; + + dh->length = length; + return 1; +} diff --git a/src/lib/libcrypto/dh/dh_pmeth.c b/src/lib/libcrypto/dh/dh_pmeth.c new file mode 100644 index 00000000000..24d16ff5d3c --- /dev/null +++ b/src/lib/libcrypto/dh/dh_pmeth.c @@ -0,0 +1,264 @@ +/* $OpenBSD: dh_pmeth.c,v 1.10 2017/01/29 17:49:22 beck Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2006. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include +#include + +#include +#include +#include +#include +#include +#include + +#include "evp_locl.h" + +/* DH pkey context structure */ + +typedef struct { + /* Parameter gen parameters */ + int prime_len; + int generator; + int use_dsa; + /* Keygen callback info */ + int gentmp[2]; + /* message digest */ +} DH_PKEY_CTX; + +static int +pkey_dh_init(EVP_PKEY_CTX *ctx) +{ + DH_PKEY_CTX *dctx; + + dctx = malloc(sizeof(DH_PKEY_CTX)); + if (!dctx) + return 0; + dctx->prime_len = 1024; + dctx->generator = 2; + dctx->use_dsa = 0; + + ctx->data = dctx; + ctx->keygen_info = dctx->gentmp; + ctx->keygen_info_count = 2; + + return 1; +} + +static int +pkey_dh_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) +{ + DH_PKEY_CTX *dctx, *sctx; + + if (!pkey_dh_init(dst)) + return 0; + sctx = src->data; + dctx = dst->data; + dctx->prime_len = sctx->prime_len; + dctx->generator = sctx->generator; + dctx->use_dsa = sctx->use_dsa; + return 1; +} + +static void +pkey_dh_cleanup(EVP_PKEY_CTX *ctx) +{ + DH_PKEY_CTX *dctx = ctx->data; + + free(dctx); +} + +static int +pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) +{ + DH_PKEY_CTX *dctx = ctx->data; + + switch (type) { + case EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN: + if (p1 < 256) + return -2; + dctx->prime_len = p1; + return 1; + + case EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR: + dctx->generator = p1; + return 1; + + case EVP_PKEY_CTRL_PEER_KEY: + /* Default behaviour is OK */ + return 1; + + default: + return -2; + } +} + +static int +pkey_dh_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value) +{ + long lval; + char *ep; + int len; + + if (!strcmp(type, "dh_paramgen_prime_len")) { + errno = 0; + lval = strtol(value, &ep, 10); + if (value[0] == '\0' || *ep != '\0') + goto not_a_number; + if ((errno == ERANGE && + (lval == LONG_MAX || lval == LONG_MIN)) || + (lval > INT_MAX || lval < INT_MIN)) + goto out_of_range; + len = lval; + return EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len); + } else if (!strcmp(type, "dh_paramgen_generator")) { + errno = 0; + lval = strtol(value, &ep, 10); + if (value[0] == '\0' || *ep != '\0') + goto not_a_number; + if ((errno == ERANGE && + (lval == LONG_MAX || lval == LONG_MIN)) || + (lval > INT_MAX || lval < INT_MIN)) + goto out_of_range; + len = lval; + return EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, len); + } + +not_a_number: +out_of_range: + return -2; +} + +static int +pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) +{ + DH *dh = NULL; + DH_PKEY_CTX *dctx = ctx->data; + BN_GENCB *pcb, cb; + int ret; + + if (ctx->pkey_gencb) { + pcb = &cb; + evp_pkey_set_cb_translate(pcb, ctx); + } else + pcb = NULL; + dh = DH_new(); + if (!dh) + return 0; + ret = DH_generate_parameters_ex(dh, dctx->prime_len, dctx->generator, + pcb); + if (ret) + EVP_PKEY_assign_DH(pkey, dh); + else + DH_free(dh); + return ret; +} + +static int +pkey_dh_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) +{ + DH *dh = NULL; + + if (ctx->pkey == NULL) { + DHerror(DH_R_NO_PARAMETERS_SET); + return 0; + } + dh = DH_new(); + if (!dh) + return 0; + EVP_PKEY_assign_DH(pkey, dh); + /* Note: if error return, pkey is freed by parent routine */ + if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey)) + return 0; + return DH_generate_key(pkey->pkey.dh); +} + +static int +pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen) +{ + int ret; + + if (!ctx->pkey || !ctx->peerkey) { + DHerror(DH_R_KEYS_NOT_SET); + return 0; + } + ret = DH_compute_key(key, ctx->peerkey->pkey.dh->pub_key, + ctx->pkey->pkey.dh); + if (ret < 0) + return ret; + *keylen = ret; + return 1; +} + +const EVP_PKEY_METHOD dh_pkey_meth = { + .pkey_id = EVP_PKEY_DH, + .flags = EVP_PKEY_FLAG_AUTOARGLEN, + + .init = pkey_dh_init, + .copy = pkey_dh_copy, + .cleanup = pkey_dh_cleanup, + + .paramgen = pkey_dh_paramgen, + + .keygen = pkey_dh_keygen, + + .derive = pkey_dh_derive, + + .ctrl = pkey_dh_ctrl, + .ctrl_str = pkey_dh_ctrl_str +}; diff --git a/src/lib/libcrypto/dh/dh_prn.c b/src/lib/libcrypto/dh/dh_prn.c new file mode 100644 index 00000000000..56a96f86314 --- /dev/null +++ b/src/lib/libcrypto/dh/dh_prn.c @@ -0,0 +1,79 @@ +/* $OpenBSD: dh_prn.c,v 1.6 2017/01/29 17:49:22 beck Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include + +#include +#include +#include + +int +DHparams_print_fp(FILE *fp, const DH *x) +{ + BIO *b; + int ret; + + if ((b = BIO_new(BIO_s_file())) == NULL) { + DHerror(ERR_R_BUF_LIB); + return 0; + } + BIO_set_fp(b,fp,BIO_NOCLOSE); + ret = DHparams_print(b, x); + BIO_free(b); + return ret; +} diff --git a/src/lib/libcrypto/dh/dhtest.c b/src/lib/libcrypto/dh/dhtest.c deleted file mode 100644 index 34894ced735..00000000000 --- a/src/lib/libcrypto/dh/dhtest.c +++ /dev/null @@ -1,216 +0,0 @@ -/* crypto/dh/dhtest.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include -#ifdef OPENSSL_SYS_WINDOWS -#include "../bio/bss_file.c" -#endif -#include -#include -#include -#include -#include - -#ifdef OPENSSL_NO_DH -int main(int argc, char *argv[]) -{ - printf("No DH support\n"); - return(0); -} -#else -#include - -#ifdef OPENSSL_SYS_WIN16 -#define MS_CALLBACK _far _loadds -#else -#define MS_CALLBACK -#endif - -static void MS_CALLBACK cb(int p, int n, void *arg); -#ifdef OPENSSL_NO_STDIO -#define APPS_WIN16 -#include "bss_file.c" -#endif - -static const char rnd_seed[] = "string to make the random number generator think it has entropy"; - -int main(int argc, char *argv[]) - { - DH *a; - DH *b=NULL; - char buf[12]; - unsigned char *abuf=NULL,*bbuf=NULL; - int i,alen,blen,aout,bout,ret=1; - BIO *out; - - CRYPTO_malloc_debug_init(); - CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - -#ifdef OPENSSL_SYS_WIN32 - CRYPTO_malloc_init(); -#endif - - RAND_seed(rnd_seed, sizeof rnd_seed); - - out=BIO_new(BIO_s_file()); - if (out == NULL) exit(1); - BIO_set_fp(out,stdout,BIO_NOCLOSE); - - a=DH_generate_parameters(64,DH_GENERATOR_5,cb,out); - if (a == NULL) goto err; - - if (!DH_check(a, &i)) goto err; - if (i & DH_CHECK_P_NOT_PRIME) - BIO_puts(out, "p value is not prime\n"); - if (i & DH_CHECK_P_NOT_SAFE_PRIME) - BIO_puts(out, "p value is not a safe prime\n"); - if (i & DH_UNABLE_TO_CHECK_GENERATOR) - BIO_puts(out, "unable to check the generator value\n"); - if (i & DH_NOT_SUITABLE_GENERATOR) - BIO_puts(out, "the g value is not a generator\n"); - - BIO_puts(out,"\np ="); - BN_print(out,a->p); - BIO_puts(out,"\ng ="); - BN_print(out,a->g); - BIO_puts(out,"\n"); - - b=DH_new(); - if (b == NULL) goto err; - - b->p=BN_dup(a->p); - b->g=BN_dup(a->g); - if ((b->p == NULL) || (b->g == NULL)) goto err; - - if (!DH_generate_key(a)) goto err; - BIO_puts(out,"pri 1="); - BN_print(out,a->priv_key); - BIO_puts(out,"\npub 1="); - BN_print(out,a->pub_key); - BIO_puts(out,"\n"); - - if (!DH_generate_key(b)) goto err; - BIO_puts(out,"pri 2="); - BN_print(out,b->priv_key); - BIO_puts(out,"\npub 2="); - BN_print(out,b->pub_key); - BIO_puts(out,"\n"); - - alen=DH_size(a); - abuf=(unsigned char *)OPENSSL_malloc(alen); - aout=DH_compute_key(abuf,b->pub_key,a); - - BIO_puts(out,"key1 ="); - for (i=0; ipub_key,b); - - BIO_puts(out,"key2 ="); - for (i=0; i; Mon, 25 Sep 1995 17:52:47 -0700 -Received: (karn@localhost) by servo.qualcomm.com (8.6.12/QC-BSD-2.5.1) - id RAA14732; Mon, 25 Sep 1995 17:50:51 -0700 -Date: Mon, 25 Sep 1995 17:50:51 -0700 -From: Phil Karn -Message-Id: <199509260050.RAA14732@servo.qualcomm.com> -To: cypherpunks@toad.com, ipsec-dev@eit.com -Subject: Primality verification needed -Sender: owner-cypherpunks@toad.com -Precedence: bulk -Status: RO -X-Status: - -Hi. I've generated a 2047-bit "strong" prime number that I would like to -use with Diffie-Hellman key exchange. I assert that not only is this number -'p' prime, but so is (p-1)/2. - -I've used the mpz_probab_prime() function in the Gnu Math Package (GMP) version -1.3.2 to test this number. This function uses the Miller-Rabin primality test. -However, to increase my confidence that this number really is a strong prime, -I'd like to ask others to confirm it with other tests. Here's the number in hex: - -72a925f760b2f954ed287f1b0953f3e6aef92e456172f9fe86fdd8822241b9c9788fbc289982743e -fbcd2ccf062b242d7a567ba8bbb40d79bca7b8e0b6c05f835a5b938d985816bc648985adcff5402a -a76756b36c845a840a1d059ce02707e19cf47af0b5a882f32315c19d1b86a56c5389c5e9bee16b65 -fde7b1a8d74a7675de9b707d4c5a4633c0290c95ff30a605aeb7ae864ff48370f13cf01d49adb9f2 -3d19a439f753ee7703cf342d87f431105c843c78ca4df639931f3458fae8a94d1687e99a76ed99d0 -ba87189f42fd31ad8262c54a8cf5914ae6c28c540d714a5f6087a171fb74f4814c6f968d72386ef3 -56a05180c3bec7ddd5ef6fe76b1f717b - -The generator, g, for this prime is 2. - -Thanks! - -Phil Karn - - diff --git a/src/lib/libcrypto/dh/generate b/src/lib/libcrypto/dh/generate deleted file mode 100644 index 5d407231df5..00000000000 --- a/src/lib/libcrypto/dh/generate +++ /dev/null @@ -1,65 +0,0 @@ -From: stewarts@ix.netcom.com (Bill Stewart) -Newsgroups: sci.crypt -Subject: Re: Diffie-Hellman key exchange -Date: Wed, 11 Oct 1995 23:08:28 GMT -Organization: Freelance Information Architect -Lines: 32 -Message-ID: <45hir2$7l8@ixnews7.ix.netcom.com> -References: <458rhn$76m$1@mhadf.production.compuserve.com> -NNTP-Posting-Host: ix-pl4-16.ix.netcom.com -X-NETCOM-Date: Wed Oct 11 4:09:22 PM PDT 1995 -X-Newsreader: Forte Free Agent 1.0.82 - -Kent Briggs <72124.3234@CompuServe.COM> wrote: - ->I have a copy of the 1976 IEEE article describing the ->Diffie-Hellman public key exchange algorithm: y=a^x mod q. I'm ->looking for sources that give examples of secure a,q pairs and ->possible some source code that I could examine. - -q should be prime, and ideally should be a "strong prime", -which means it's of the form 2n+1 where n is also prime. -q also needs to be long enough to prevent the attacks LaMacchia and -Odlyzko described (some variant on a factoring attack which generates -a large pile of simultaneous equations and then solves them); -long enough is about the same size as factoring, so 512 bits may not -be secure enough for most applications. (The 192 bits used by -"secure NFS" was certainly not long enough.) - -a should be a generator for q, which means it needs to be -relatively prime to q-1. Usually a small prime like 2, 3 or 5 will -work. - -.... - -Date: Tue, 26 Sep 1995 13:52:36 MST -From: "Richard Schroeppel" -To: karn -Cc: ho@cs.arizona.edu -Subject: random large primes - -Since your prime is really random, proving it is hard. -My personal limit on rigorously proved primes is ~350 digits. -If you really want a proof, we should talk to Francois Morain, -or the Australian group. - -If you want 2 to be a generator (mod P), then you need it -to be a non-square. If (P-1)/2 is also prime, then -non-square == primitive-root for bases << P. - -In the case at hand, this means 2 is a generator iff P = 11 (mod 24). -If you want this, you should restrict your sieve accordingly. - -3 is a generator iff P = 5 (mod 12). - -5 is a generator iff P = 3 or 7 (mod 10). - -2 is perfectly usable as a base even if it's a non-generator, since -it still covers half the space of possible residues. And an -eavesdropper can always determine the low-bit of your exponent for -a generator anyway. - -Rich rcs@cs.arizona.edu - - - diff --git a/src/lib/libcrypto/dh/p1024.c b/src/lib/libcrypto/dh/p1024.c deleted file mode 100644 index 368ceca4eb0..00000000000 --- a/src/lib/libcrypto/dh/p1024.c +++ /dev/null @@ -1,92 +0,0 @@ -/* crypto/dh/p1024.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include -#include -#include - -unsigned char data[]={0x97,0xF6,0x42,0x61,0xCA,0xB5,0x05,0xDD, - 0x28,0x28,0xE1,0x3F,0x1D,0x68,0xB6,0xD3, - 0xDB,0xD0,0xF3,0x13,0x04,0x7F,0x40,0xE8, - 0x56,0xDA,0x58,0xCB,0x13,0xB8,0xA1,0xBF, - 0x2B,0x78,0x3A,0x4C,0x6D,0x59,0xD5,0xF9, - 0x2A,0xFC,0x6C,0xFF,0x3D,0x69,0x3F,0x78, - 0xB2,0x3D,0x4F,0x31,0x60,0xA9,0x50,0x2E, - 0x3E,0xFA,0xF7,0xAB,0x5E,0x1A,0xD5,0xA6, - 0x5E,0x55,0x43,0x13,0x82,0x8D,0xA8,0x3B, - 0x9F,0xF2,0xD9,0x41,0xDE,0xE9,0x56,0x89, - 0xFA,0xDA,0xEA,0x09,0x36,0xAD,0xDF,0x19, - 0x71,0xFE,0x63,0x5B,0x20,0xAF,0x47,0x03, - 0x64,0x60,0x3C,0x2D,0xE0,0x59,0xF5,0x4B, - 0x65,0x0A,0xD8,0xFA,0x0C,0xF7,0x01,0x21, - 0xC7,0x47,0x99,0xD7,0x58,0x71,0x32,0xBE, - 0x9B,0x99,0x9B,0xB9,0xB7,0x87,0xE8,0xAB, - }; - -main() - { - DH *dh; - - dh=DH_new(); - dh->p=BN_bin2bn(data,sizeof(data),NULL); - dh->g=BN_new(); - BN_set_word(dh->g,2); - PEM_write_DHparams(stdout,dh); - } diff --git a/src/lib/libcrypto/dh/p192.c b/src/lib/libcrypto/dh/p192.c deleted file mode 100644 index 7bdf40410eb..00000000000 --- a/src/lib/libcrypto/dh/p192.c +++ /dev/null @@ -1,80 +0,0 @@ -/* crypto/dh/p192.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include -#include -#include - -unsigned char data[]={ -0xD4,0xA0,0xBA,0x02,0x50,0xB6,0xFD,0x2E, -0xC6,0x26,0xE7,0xEF,0xD6,0x37,0xDF,0x76, -0xC7,0x16,0xE2,0x2D,0x09,0x44,0xB8,0x8B, - }; - -main() - { - DH *dh; - - dh=DH_new(); - dh->p=BN_bin2bn(data,sizeof(data),NULL); - dh->g=BN_new(); - BN_set_word(dh->g,3); - PEM_write_DHparams(stdout,dh); - } diff --git a/src/lib/libcrypto/dh/p512.c b/src/lib/libcrypto/dh/p512.c deleted file mode 100644 index a9b6aa83f03..00000000000 --- a/src/lib/libcrypto/dh/p512.c +++ /dev/null @@ -1,85 +0,0 @@ -/* crypto/dh/p512.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include -#include -#include - -unsigned char data[]={ -0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89, -0xD0,0xE4,0xAF,0x75,0x6F,0x4C,0xCA,0x92, -0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F, -0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED, -0x57,0x46,0x50,0xD3,0x69,0x99,0xDB,0x29, -0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12, -0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6, -0xD8,0x00,0x3E,0x7C,0x47,0x74,0xE8,0x33, - }; - -main() - { - DH *dh; - - dh=DH_new(); - dh->p=BN_bin2bn(data,sizeof(data),NULL); - dh->g=BN_new(); - BN_set_word(dh->g,2); - PEM_write_DHparams(stdout,dh); - } diff --git a/src/lib/libcrypto/doc/DH_generate_key.pod b/src/lib/libcrypto/doc/DH_generate_key.pod deleted file mode 100644 index 81f09fdf45e..00000000000 --- a/src/lib/libcrypto/doc/DH_generate_key.pod +++ /dev/null @@ -1,50 +0,0 @@ -=pod - -=head1 NAME - -DH_generate_key, DH_compute_key - perform Diffie-Hellman key exchange - -=head1 SYNOPSIS - - #include - - int DH_generate_key(DH *dh); - - int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh); - -=head1 DESCRIPTION - -DH_generate_key() performs the first step of a Diffie-Hellman key -exchange by generating private and public DH values. By calling -DH_compute_key(), these are combined with the other party's public -value to compute the shared key. - -DH_generate_key() expects B to contain the shared parameters -Bp> and Bg>. It generates a random private DH value -unless Bpriv_key> is already set, and computes the -corresponding public value Bpub_key>, which can then be -published. - -DH_compute_key() computes the shared secret from the private DH value -in B and the other party's public value in B and stores -it in B. B must point to B bytes of memory. - -=head1 RETURN VALUES - -DH_generate_key() returns 1 on success, 0 otherwise. - -DH_compute_key() returns the size of the shared secret on success, -1 -on error. - -The error codes can be obtained by L. - -=head1 SEE ALSO - -L, L, L, L - -=head1 HISTORY - -DH_generate_key() and DH_compute_key() are available in all versions -of SSLeay and OpenSSL. - -=cut diff --git a/src/lib/libcrypto/doc/DH_generate_parameters.pod b/src/lib/libcrypto/doc/DH_generate_parameters.pod deleted file mode 100644 index 4a2d6537581..00000000000 --- a/src/lib/libcrypto/doc/DH_generate_parameters.pod +++ /dev/null @@ -1,72 +0,0 @@ -=pod - -=head1 NAME - -DH_generate_parameters, DH_check - generate and check Diffie-Hellman parameters - -=head1 SYNOPSIS - - #include - - DH *DH_generate_parameters(int prime_len, int generator, - void (*callback)(int, int, void *), void *cb_arg); - - int DH_check(DH *dh, int *codes); - -=head1 DESCRIPTION - -DH_generate_parameters() generates Diffie-Hellman parameters that can -be shared among a group of users, and returns them in a newly -allocated B structure. The pseudo-random number generator must be -seeded prior to calling DH_generate_parameters(). - -B is the length in bits of the safe prime to be generated. -B is a small number E 1, typically 2 or 5. - -A callback function may be used to provide feedback about the progress -of the key generation. If B is not B, it will be -called as described in L while a random prime -number is generated, and when a prime has been found, B is called. - -DH_check() validates Diffie-Hellman parameters. It checks that B

is -a safe prime, and that B is a suitable generator. In the case of an -error, the bit flags DH_CHECK_P_NOT_SAFE_PRIME or -DH_NOT_SUITABLE_GENERATOR are set in B<*codes>. -DH_UNABLE_TO_CHECK_GENERATOR is set if the generator cannot be -checked, i.e. it does not equal 2 or 5. - -=head1 RETURN VALUES - -DH_generate_parameters() returns a pointer to the DH structure, or -NULL if the parameter generation fails. The error codes can be -obtained by L. - -DH_check() returns 1 if the check could be performed, 0 otherwise. - -=head1 NOTES - -DH_generate_parameters() may run for several hours before finding a -suitable prime. - -The parameters generated by DH_generate_parameters() are not to be -used in signature schemes. - -=head1 BUGS - -If B is not 2 or 5, Bg>=B is not -a usable generator. - -=head1 SEE ALSO - -L, L, L, L - -=head1 HISTORY - -DH_check() is available in all versions of SSLeay and OpenSSL. -The B argument to DH_generate_parameters() was added in SSLeay 0.9.0. - -In versions before OpenSSL 0.9.5, DH_CHECK_P_NOT_STRONG_PRIME is used -instead of DH_CHECK_P_NOT_SAFE_PRIME. - -=cut diff --git a/src/lib/libcrypto/doc/DH_get_ex_new_index.pod b/src/lib/libcrypto/doc/DH_get_ex_new_index.pod deleted file mode 100644 index 82e2548bcdf..00000000000 --- a/src/lib/libcrypto/doc/DH_get_ex_new_index.pod +++ /dev/null @@ -1,36 +0,0 @@ -=pod - -=head1 NAME - -DH_get_ex_new_index, DH_set_ex_data, DH_get_ex_data - add application specific data to DH structures - -=head1 SYNOPSIS - - #include - - int DH_get_ex_new_index(long argl, void *argp, - CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func); - - int DH_set_ex_data(DH *d, int idx, void *arg); - - char *DH_get_ex_data(DH *d, int idx); - -=head1 DESCRIPTION - -These functions handle application specific data in DH -structures. Their usage is identical to that of -RSA_get_ex_new_index(), RSA_set_ex_data() and RSA_get_ex_data() -as described in L. - -=head1 SEE ALSO - -L, L - -=head1 HISTORY - -DH_get_ex_new_index(), DH_set_ex_data() and DH_get_ex_data() are -available since OpenSSL 0.9.5. - -=cut diff --git a/src/lib/libcrypto/doc/DH_new.pod b/src/lib/libcrypto/doc/DH_new.pod deleted file mode 100644 index 60c930093e0..00000000000 --- a/src/lib/libcrypto/doc/DH_new.pod +++ /dev/null @@ -1,40 +0,0 @@ -=pod - -=head1 NAME - -DH_new, DH_free - allocate and free DH objects - -=head1 SYNOPSIS - - #include - - DH* DH_new(void); - - void DH_free(DH *dh); - -=head1 DESCRIPTION - -DH_new() allocates and initializes a B structure. - -DH_free() frees the B structure and its components. The values are -erased before the memory is returned to the system. - -=head1 RETURN VALUES - -If the allocation fails, DH_new() returns B and sets an error -code that can be obtained by L. Otherwise it returns -a pointer to the newly allocated structure. - -DH_free() returns no value. - -=head1 SEE ALSO - -L, L, -L, -L - -=head1 HISTORY - -DH_new() and DH_free() are available in all versions of SSLeay and OpenSSL. - -=cut diff --git a/src/lib/libcrypto/doc/DH_set_method.pod b/src/lib/libcrypto/doc/DH_set_method.pod deleted file mode 100644 index d990bf87860..00000000000 --- a/src/lib/libcrypto/doc/DH_set_method.pod +++ /dev/null @@ -1,111 +0,0 @@ -=pod - -=head1 NAME - -DH_set_default_openssl_method, DH_get_default_openssl_method, -DH_set_method, DH_new_method, DH_OpenSSL - select DH method - -=head1 SYNOPSIS - - #include - #include - - void DH_set_default_openssl_method(DH_METHOD *meth); - - DH_METHOD *DH_get_default_openssl_method(void); - - int DH_set_method(DH *dh, ENGINE *engine); - - DH *DH_new_method(ENGINE *engine); - - DH_METHOD *DH_OpenSSL(void); - -=head1 DESCRIPTION - -A B specifies the functions that OpenSSL uses for Diffie-Hellman -operations. By modifying the method, alternative implementations -such as hardware accelerators may be used. - -Initially, the default is to use the OpenSSL internal implementation. -DH_OpenSSL() returns a pointer to that method. - -DH_set_default_openssl_method() makes B the default method for all DH -structures created later. B This is true only whilst the default engine -for Diffie-Hellman operations remains as "openssl". ENGINEs provide an -encapsulation for implementations of one or more algorithms, and all the DH -functions mentioned here operate within the scope of the default -"openssl" engine. - -DH_get_default_openssl_method() returns a pointer to the current default -method for the "openssl" engine. - -DH_set_method() selects B as the engine that will be responsible for -all operations using the structure B. If this function completes successfully, -then the B structure will have its own functional reference of B, so -the caller should remember to free their own reference to B when they are -finished with it. NB: An ENGINE's DH_METHOD can be retrieved (or set) by -ENGINE_get_DH() or ENGINE_set_DH(). - -DH_new_method() allocates and initializes a DH structure so that -B will be used for the DH operations. If B is NULL, -the default engine for Diffie-Hellman opertaions is used. - -=head1 THE DH_METHOD STRUCTURE - - typedef struct dh_meth_st - { - /* name of the implementation */ - const char *name; - - /* generate private and public DH values for key agreement */ - int (*generate_key)(DH *dh); - - /* compute shared secret */ - int (*compute_key)(unsigned char *key, BIGNUM *pub_key, DH *dh); - - /* compute r = a ^ p mod m (May be NULL for some implementations) */ - int (*bn_mod_exp)(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx); - - /* called at DH_new */ - int (*init)(DH *dh); - - /* called at DH_free */ - int (*finish)(DH *dh); - - int flags; - - char *app_data; /* ?? */ - - } DH_METHOD; - -=head1 RETURN VALUES - -DH_OpenSSL() and DH_get_default_openssl_method() return pointers to the -respective Bs. - -DH_set_default_openssl_method() returns no value. - -DH_set_method() returns non-zero if the ENGINE associated with B -was successfully changed to B. - -DH_new_method() returns NULL and sets an error code that can be -obtained by L if the allocation fails. -Otherwise it returns a pointer to the newly allocated structure. - -=head1 SEE ALSO - -L, L - -=head1 HISTORY - -DH_set_default_method(), DH_get_default_method(), DH_set_method(), -DH_new_method() and DH_OpenSSL() were added in OpenSSL 0.9.4. - -DH_set_default_openssl_method() and DH_get_default_openssl_method() -replaced DH_set_default_method() and DH_get_default_method() respectively, -and DH_set_method() and DH_new_method() were altered to use Bs -rather than Bs during development of OpenSSL 0.9.6. - -=cut diff --git a/src/lib/libcrypto/doc/DH_size.pod b/src/lib/libcrypto/doc/DH_size.pod deleted file mode 100644 index 97f26fda785..00000000000 --- a/src/lib/libcrypto/doc/DH_size.pod +++ /dev/null @@ -1,33 +0,0 @@ -=pod - -=head1 NAME - -DH_size - get Diffie-Hellman prime size - -=head1 SYNOPSIS - - #include - - int DH_size(DH *dh); - -=head1 DESCRIPTION - -This function returns the Diffie-Hellman size in bytes. It can be used -to determine how much memory must be allocated for the shared secret -computed by DH_compute_key(). - -Bp> must not be B. - -=head1 RETURN VALUE - -The size in bytes. - -=head1 SEE ALSO - -L, L - -=head1 HISTORY - -DH_size() is available in all versions of SSLeay and OpenSSL. - -=cut diff --git a/src/lib/libcrypto/doc/DSA_SIG_new.pod b/src/lib/libcrypto/doc/DSA_SIG_new.pod deleted file mode 100644 index 45df4c0661f..00000000000 --- a/src/lib/libcrypto/doc/DSA_SIG_new.pod +++ /dev/null @@ -1,39 +0,0 @@ -=pod - -=head1 NAME - -DSA_SIG_new, DSA_SIG_free - allocate and free DSA signature objects - -=head1 SYNOPSIS - - #include - - DSA_SIG *DSA_SIG_new(void); - - void DSA_SIG_free(DSA_SIG *a); - -=head1 DESCRIPTION - -DSA_SIG_new() allocates and initializes a B structure. - -DSA_SIG_free() frees the B structure and its components. The -values are erased before the memory is returned to the system. - -=head1 RETURN VALUES - -If the allocation fails, DSA_SIG_new() returns B and sets an -error code that can be obtained by -L. Otherwise it returns a pointer -to the newly allocated structure. - -DSA_SIG_free() returns no value. - -=head1 SEE ALSO - -L, L, L - -=head1 HISTORY - -DSA_SIG_new() and DSA_SIG_free() were added in OpenSSL 0.9.3. - -=cut diff --git a/src/lib/libcrypto/doc/DSA_do_sign.pod b/src/lib/libcrypto/doc/DSA_do_sign.pod deleted file mode 100644 index 5dfc733b20e..00000000000 --- a/src/lib/libcrypto/doc/DSA_do_sign.pod +++ /dev/null @@ -1,47 +0,0 @@ -=pod - -=head1 NAME - -DSA_do_sign, DSA_do_verify - raw DSA signature operations - -=head1 SYNOPSIS - - #include - - DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); - - int DSA_do_verify(const unsigned char *dgst, int dgst_len, - DSA_SIG *sig, DSA *dsa); - -=head1 DESCRIPTION - -DSA_do_sign() computes a digital signature on the B byte message -digest B using the private key B and returns it in a -newly allocated B structure. - -L may be used to precompute part -of the signing operation in case signature generation is -time-critical. - -DSA_do_verify() verifies that the signature B matches a given -message digest B of size B. B is the signer's public -key. - -=head1 RETURN VALUES - -DSA_do_sign() returns the signature, NULL on error. DSA_do_verify() -returns 1 for a valid signature, 0 for an incorrect signature and -1 -on error. The error codes can be obtained by -L. - -=head1 SEE ALSO - -L, L, L, -L, -L - -=head1 HISTORY - -DSA_do_sign() and DSA_do_verify() were added in OpenSSL 0.9.3. - -=cut diff --git a/src/lib/libcrypto/doc/DSA_dup_DH.pod b/src/lib/libcrypto/doc/DSA_dup_DH.pod deleted file mode 100644 index 695f99a13b1..00000000000 --- a/src/lib/libcrypto/doc/DSA_dup_DH.pod +++ /dev/null @@ -1,36 +0,0 @@ -=pod - -=head1 NAME - -DSA_dup_DH - create a DH structure out of DSA structure - -=head1 SYNOPSIS - - #include - - DH * DSA_dup_DH(DSA *r); - -=head1 DESCRIPTION - -DSA_dup_DH() duplicates DSA parameters/keys as DH parameters/keys. q -is lost during that conversion, but the resulting DH parameters -contain its length. - -=head1 RETURN VALUE - -DSA_dup_DH() returns the new B structure, and NULL on error. The -error codes can be obtained by L. - -=head1 NOTE - -Be careful to avoid small subgroup attacks when using this. - -=head1 SEE ALSO - -L, L, L - -=head1 HISTORY - -DSA_dup_DH() was added in OpenSSL 0.9.4. - -=cut diff --git a/src/lib/libcrypto/doc/DSA_generate_key.pod b/src/lib/libcrypto/doc/DSA_generate_key.pod deleted file mode 100644 index 9906a2d7e07..00000000000 --- a/src/lib/libcrypto/doc/DSA_generate_key.pod +++ /dev/null @@ -1,33 +0,0 @@ -=pod - -=head1 NAME - -DSA_generate_key - generate DSA key pair - -=head1 SYNOPSIS - - #include - - int DSA_generate_key(DSA *a); - -=head1 DESCRIPTION - -DSA_generate_key() expects B to contain DSA parameters. It generates -a new key pair and stores it in Bpub_key> and Bpriv_key>. - -The PRNG must be seeded prior to calling DSA_generate_key(). - -=head1 RETURN VALUE - -DSA_generate_key() returns 1 on success, 0 otherwise. -The error codes can be obtained by L. - -=head1 SEE ALSO - -L, L, L, L - -=head1 HISTORY - -DSA_generate_key() is available since SSLeay 0.8. - -=cut diff --git a/src/lib/libcrypto/doc/DSA_generate_parameters.pod b/src/lib/libcrypto/doc/DSA_generate_parameters.pod deleted file mode 100644 index be7c924ff8f..00000000000 --- a/src/lib/libcrypto/doc/DSA_generate_parameters.pod +++ /dev/null @@ -1,105 +0,0 @@ -=pod - -=head1 NAME - -DSA_generate_parameters - generate DSA parameters - -=head1 SYNOPSIS - - #include - - DSA *DSA_generate_parameters(int bits, unsigned char *seed, - int seed_len, int *counter_ret, unsigned long *h_ret, - void (*callback)(int, int, void *), void *cb_arg); - -=head1 DESCRIPTION - -DSA_generate_parameters() generates primes p and q and a generator g -for use in the DSA. - -B is the length of the prime to be generated; the DSS allows a -maximum of 1024 bits. - -If B is B or B E 20, the primes will be -generated at random. Otherwise, the seed is used to generate -them. If the given seed does not yield a prime q, a new random -seed is chosen and placed at B. - -DSA_generate_parameters() places the iteration count in -*B and a counter used for finding a generator in -*B, unless these are B. - -A callback function may be used to provide feedback about the progress -of the key generation. If B is not B, it will be -called as follows: - -=over 4 - -=item * - -When a candidate for q is generated, B is called -(m is 0 for the first candidate). - -=item * - -When a candidate for q has passed a test by trial division, -B is called. -While a candidate for q is tested by Miller-Rabin primality tests, -B is called in the outer loop -(once for each witness that confirms that the candidate may be prime); -i is the loop counter (starting at 0). - -=item * - -When a prime q has been found, B and -B are called. - -=item * - -Before a candidate for p (other than the first) is generated and tested, -B is called. - -=item * - -When a candidate for p has passed the test by trial division, -B is called. -While it is tested by the Miller-Rabin primality test, -B is called in the outer loop -(once for each witness that confirms that the candidate may be prime). -i is the loop counter (starting at 0). - -=item * - -When p has been found, B is called. - -=item * - -When the generator has been found, B is called. - -=back - -=head1 RETURN VALUE - -DSA_generate_parameters() returns a pointer to the DSA structure, or -B if the parameter generation fails. The error codes can be -obtained by L. - -=head1 BUGS - -Seed lengths E 20 are not supported. - -=head1 SEE ALSO - -L, L, L, -L - -=head1 HISTORY - -DSA_generate_parameters() appeared in SSLeay 0.8. The B -argument was added in SSLeay 0.9.0. -In versions up to OpenSSL 0.9.4, B was called -in the inner loop of the Miller-Rabin test whenever it reached the -squaring step (the parameters to B did not reveal how many -witnesses had been tested); since OpenSSL 0.9.5, B -is called as in BN_is_prime(3), i.e. once for each witness. -=cut diff --git a/src/lib/libcrypto/doc/DSA_get_ex_new_index.pod b/src/lib/libcrypto/doc/DSA_get_ex_new_index.pod deleted file mode 100644 index 4612e708ecc..00000000000 --- a/src/lib/libcrypto/doc/DSA_get_ex_new_index.pod +++ /dev/null @@ -1,36 +0,0 @@ -=pod - -=head1 NAME - -DSA_get_ex_new_index, DSA_set_ex_data, DSA_get_ex_data - add application specific data to DSA structures - -=head1 SYNOPSIS - - #include - - int DSA_get_ex_new_index(long argl, void *argp, - CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func); - - int DSA_set_ex_data(DSA *d, int idx, void *arg); - - char *DSA_get_ex_data(DSA *d, int idx); - -=head1 DESCRIPTION - -These functions handle application specific data in DSA -structures. Their usage is identical to that of -RSA_get_ex_new_index(), RSA_set_ex_data() and RSA_get_ex_data() -as described in L. - -=head1 SEE ALSO - -L, L - -=head1 HISTORY - -DSA_get_ex_new_index(), DSA_set_ex_data() and DSA_get_ex_data() are -available since OpenSSL 0.9.5. - -=cut diff --git a/src/lib/libcrypto/doc/DSA_new.pod b/src/lib/libcrypto/doc/DSA_new.pod deleted file mode 100644 index 301af912dd5..00000000000 --- a/src/lib/libcrypto/doc/DSA_new.pod +++ /dev/null @@ -1,41 +0,0 @@ -=pod - -=head1 NAME - -DSA_new, DSA_free - allocate and free DSA objects - -=head1 SYNOPSIS - - #include - - DSA* DSA_new(void); - - void DSA_free(DSA *dsa); - -=head1 DESCRIPTION - -DSA_new() allocates and initializes a B structure. - -DSA_free() frees the B structure and its components. The values are -erased before the memory is returned to the system. - -=head1 RETURN VALUES - -If the allocation fails, DSA_new() returns B and sets an error -code that can be obtained by -L. Otherwise it returns a pointer -to the newly allocated structure. - -DSA_free() returns no value. - -=head1 SEE ALSO - -L, L, -L, -L - -=head1 HISTORY - -DSA_new() and DSA_free() are available in all versions of SSLeay and OpenSSL. - -=cut diff --git a/src/lib/libcrypto/doc/DSA_set_method.pod b/src/lib/libcrypto/doc/DSA_set_method.pod deleted file mode 100644 index 36a1052d276..00000000000 --- a/src/lib/libcrypto/doc/DSA_set_method.pod +++ /dev/null @@ -1,118 +0,0 @@ -=pod - -=head1 NAME - -DSA_set_default_openssl_method, DSA_get_default_openssl_method, -DSA_set_method, DSA_new_method, DSA_OpenSSL - select DSA method - -=head1 SYNOPSIS - - #include - #include - - void DSA_set_default_openssl_method(DSA_METHOD *meth); - - DSA_METHOD *DSA_get_default_openssl_method(void); - - int DSA_set_method(DSA *dsa, ENGINE *engine); - - DSA *DSA_new_method(ENGINE *engine); - - DSA_METHOD *DSA_OpenSSL(void); - -=head1 DESCRIPTION - -A B specifies the functions that OpenSSL uses for DSA -operations. By modifying the method, alternative implementations -such as hardware accelerators may be used. - -Initially, the default is to use the OpenSSL internal implementation. -DSA_OpenSSL() returns a pointer to that method. - -DSA_set_default_openssl_method() makes B the default method for -all DSA structures created later. B This is true only whilst the -default engine for DSA operations remains as "openssl". ENGINEs -provide an encapsulation for implementations of one or more algorithms at a -time, and all the DSA functions mentioned here operate within the scope -of the default "openssl" engine. - -DSA_get_default_openssl_method() returns a pointer to the current default -method for the "openssl" engine. - -DSA_set_method() selects B for all operations using the structure B. - -DSA_new_method() allocates and initializes a DSA structure so that -B will be used for the DSA operations. If B is NULL, -the default engine for DSA operations is used. - -=head1 THE DSA_METHOD STRUCTURE - -struct - { - /* name of the implementation */ - const char *name; - - /* sign */ - DSA_SIG *(*dsa_do_sign)(const unsigned char *dgst, int dlen, - DSA *dsa); - - /* pre-compute k^-1 and r */ - int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, - BIGNUM **rp); - - /* verify */ - int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len, - DSA_SIG *sig, DSA *dsa); - - /* compute rr = a1^p1 * a2^p2 mod m (May be NULL for some - implementations) */ - int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, - BIGNUM *a2, BIGNUM *p2, BIGNUM *m, - BN_CTX *ctx, BN_MONT_CTX *in_mont); - - /* compute r = a ^ p mod m (May be NULL for some implementations) */ - int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a, - const BIGNUM *p, const BIGNUM *m, - BN_CTX *ctx, BN_MONT_CTX *m_ctx); - - /* called at DSA_new */ - int (*init)(DSA *DSA); - - /* called at DSA_free */ - int (*finish)(DSA *DSA); - - int flags; - - char *app_data; /* ?? */ - - } DSA_METHOD; - -=head1 RETURN VALUES - -DSA_OpenSSL() and DSA_get_default_openssl_method() return pointers to the -respective Bs. - -DSA_set_default_openssl_method() returns no value. - -DSA_set_method() returns non-zero if the ENGINE associated with B -was successfully changed to B. - -DSA_new_method() returns NULL and sets an error code that can be -obtained by L if the allocation -fails. Otherwise it returns a pointer to the newly allocated structure. - -=head1 SEE ALSO - -L, L - -=head1 HISTORY - -DSA_set_default_method(), DSA_get_default_method(), DSA_set_method(), -DSA_new_method() and DSA_OpenSSL() were added in OpenSSL 0.9.4. - -DSA_set_default_openssl_method() and DSA_get_default_openssl_method() -replaced DSA_set_default_method() and DSA_get_default_method() respectively, -and DSA_set_method() and DSA_new_method() were altered to use Bs -rather than Bs during development of OpenSSL 0.9.6. - -=cut diff --git a/src/lib/libcrypto/doc/DSA_sign.pod b/src/lib/libcrypto/doc/DSA_sign.pod deleted file mode 100644 index 97389e8ec88..00000000000 --- a/src/lib/libcrypto/doc/DSA_sign.pod +++ /dev/null @@ -1,66 +0,0 @@ -=pod - -=head1 NAME - -DSA_sign, DSA_sign_setup, DSA_verify - DSA signatures - -=head1 SYNOPSIS - - #include - - int DSA_sign(int type, const unsigned char *dgst, int len, - unsigned char *sigret, unsigned int *siglen, DSA *dsa); - - int DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp, - BIGNUM **rp); - - int DSA_verify(int type, const unsigned char *dgst, int len, - unsigned char *sigbuf, int siglen, DSA *dsa); - -=head1 DESCRIPTION - -DSA_sign() computes a digital signature on the B byte message -digest B using the private key B and places its ASN.1 DER -encoding at B. The length of the signature is places in -*B. B must point to DSA_size(B) bytes of memory. - -DSA_sign_setup() may be used to precompute part of the signing -operation in case signature generation is time-critical. It expects -B to contain DSA parameters. It places the precomputed values -in newly allocated Bs at *B and *B, after freeing -the old ones unless *B and *B are NULL. These values may -be passed to DSA_sign() in Bkinv> and Br>. -B is a pre-allocated B or NULL. - -DSA_verify() verifies that the signature B of size B -matches a given message digest B of size B. -B is the signer's public key. - -The B parameter is ignored. - -The PRNG must be seeded before DSA_sign() (or DSA_sign_setup()) -is called. - -=head1 RETURN VALUES - -DSA_sign() and DSA_sign_setup() return 1 on success, 0 on error. -DSA_verify() returns 1 for a valid signature, 0 for an incorrect -signature and -1 on error. The error codes can be obtained by -L. - -=head1 CONFORMING TO - -US Federal Information Processing Standard FIPS 186 (Digital Signature -Standard, DSS), ANSI X9.30 - -=head1 SEE ALSO - -L, L, L, -L - -=head1 HISTORY - -DSA_sign() and DSA_verify() are available in all versions of SSLeay. -DSA_sign_setup() was added in SSLeay 0.8. - -=cut diff --git a/src/lib/libcrypto/doc/DSA_size.pod b/src/lib/libcrypto/doc/DSA_size.pod deleted file mode 100644 index 23b6320a4d4..00000000000 --- a/src/lib/libcrypto/doc/DSA_size.pod +++ /dev/null @@ -1,33 +0,0 @@ -=pod - -=head1 NAME - -DSA_size - get DSA signature size - -=head1 SYNOPSIS - - #include - - int DSA_size(DSA *dsa); - -=head1 DESCRIPTION - -This function returns the size of an ASN.1 encoded DSA signature in -bytes. It can be used to determine how much memory must be allocated -for a DSA signature. - -Bq> must not be B. - -=head1 RETURN VALUE - -The size in bytes. - -=head1 SEE ALSO - -L, L - -=head1 HISTORY - -DSA_size() is available in all versions of SSLeay and OpenSSL. - -=cut diff --git a/src/lib/libcrypto/doc/ERR_GET_LIB.pod b/src/lib/libcrypto/doc/ERR_GET_LIB.pod deleted file mode 100644 index 2a129da036c..00000000000 --- a/src/lib/libcrypto/doc/ERR_GET_LIB.pod +++ /dev/null @@ -1,51 +0,0 @@ -=pod - -=head1 NAME - -ERR_GET_LIB, ERR_GET_FUNC, ERR_GET_REASON - get library, function and -reason code - -=head1 SYNOPSIS - - #include - - int ERR_GET_LIB(unsigned long e); - - int ERR_GET_FUNC(unsigned long e); - - int ERR_GET_REASON(unsigned long e); - -=head1 DESCRIPTION - -The error code returned by ERR_get_error() consists of a library -number, function code and reason code. ERR_GET_LIB(), ERR_GET_FUNC() -and ERR_GET_REASON() can be used to extract these. - -The library number and function code describe where the error -occurred, the reason code is the information about what went wrong. - -Each sub-library of OpenSSL has a unique library number; function and -reason codes are unique within each sub-library. Note that different -libraries may use the same value to signal different functions and -reasons. - -B reason codes such as B are globally -unique. However, when checking for sub-library specific reason codes, -be sure to also compare the library number. - -ERR_GET_LIB(), ERR_GET_FUNC() and ERR_GET_REASON() are macros. - -=head1 RETURN VALUES - -The library number, function code and reason code respectively. - -=head1 SEE ALSO - -L, L - -=head1 HISTORY - -ERR_GET_LIB(), ERR_GET_FUNC() and ERR_GET_REASON() are available in -all versions of SSLeay and OpenSSL. - -=cut diff --git a/src/lib/libcrypto/doc/ERR_clear_error.pod b/src/lib/libcrypto/doc/ERR_clear_error.pod deleted file mode 100644 index 566e1f4e317..00000000000 --- a/src/lib/libcrypto/doc/ERR_clear_error.pod +++ /dev/null @@ -1,29 +0,0 @@ -=pod - -=head1 NAME - -ERR_clear_error - clear the error queue - -=head1 SYNOPSIS - - #include - - void ERR_clear_error(void); - -=head1 DESCRIPTION - -ERR_clear_error() empties the current thread's error queue. - -=head1 RETURN VALUES - -ERR_clear_error() has no return value. - -=head1 SEE ALSO - -L, L - -=head1 HISTORY - -ERR_clear_error() is available in all versions of SSLeay and OpenSSL. - -=cut diff --git a/src/lib/libcrypto/doc/ERR_error_string.pod b/src/lib/libcrypto/doc/ERR_error_string.pod deleted file mode 100644 index e01beb817a3..00000000000 --- a/src/lib/libcrypto/doc/ERR_error_string.pod +++ /dev/null @@ -1,73 +0,0 @@ -=pod - -=head1 NAME - -ERR_error_string, ERR_error_string_n, ERR_lib_error_string, -ERR_func_error_string, ERR_reason_error_string - obtain human-readable -error message - -=head1 SYNOPSIS - - #include - - char *ERR_error_string(unsigned long e, char *buf); - char *ERR_error_string_n(unsigned long e, char *buf, size_t len); - - const char *ERR_lib_error_string(unsigned long e); - const char *ERR_func_error_string(unsigned long e); - const char *ERR_reason_error_string(unsigned long e); - -=head1 DESCRIPTION - -ERR_error_string() generates a human-readable string representing the -error code I, and places it at I. I must be at least 120 -bytes long. If I is B, the error string is placed in a -static buffer. -ERR_error_string_n() is a variant of ERR_error_string() that writes -at most I characters (including the terminating 0) -and truncates the string if necessary. -For ERR_error_string_n(), I may not be B. - -The string will have the following format: - - error:[error code]:[library name]:[function name]:[reason string] - -I is an 8 digit hexadecimal number, I, -I and I are ASCII text. - -ERR_lib_error_string(), ERR_func_error_string() and -ERR_reason_error_string() return the library name, function -name and reason string respectively. - -The OpenSSL error strings should be loaded by calling -L or, for SSL -applications, L -first. -If there is no text string registered for the given error code, -the error string will contain the numeric code. - -L can be used to print -all error codes currently in the queue. - -=head1 RETURN VALUES - -ERR_error_string() returns a pointer to a static buffer containing the -string if I B<== NULL>, I otherwise. - -ERR_lib_error_string(), ERR_func_error_string() and -ERR_reason_error_string() return the strings, and B if -none is registered for the error code. - -=head1 SEE ALSO - -L, L, -L, -L -L - -=head1 HISTORY - -ERR_error_string() is available in all versions of SSLeay and OpenSSL. -ERR_error_string_n() was added in OpenSSL 0.9.6. - -=cut diff --git a/src/lib/libcrypto/doc/ERR_get_error.pod b/src/lib/libcrypto/doc/ERR_get_error.pod deleted file mode 100644 index 9fdedbcb917..00000000000 --- a/src/lib/libcrypto/doc/ERR_get_error.pod +++ /dev/null @@ -1,76 +0,0 @@ -=pod - -=head1 NAME - -ERR_get_error, ERR_peek_error, ERR_peek_last_error, -ERR_get_error_line, ERR_peek_error_line, ERR_peek_last_error_line, -ERR_get_error_line_data, ERR_peek_error_line_data, -ERR_peek_error_line_data - obtain error code and data - -=head1 SYNOPSIS - - #include - - unsigned long ERR_get_error(void); - unsigned long ERR_peek_error(void); - unsigned long ERR_peek_last_error(void); - - unsigned long ERR_get_error_line(const char **file, int *line); - unsigned long ERR_peek_error_line(const char **file, int *line); - unsigned long ERR_peek_last_error_line(const char **file, int *line); - - unsigned long ERR_get_error_line_data(const char **file, int *line, - const char **data, int *flags); - unsigned long ERR_peek_error_line_data(const char **file, int *line, - const char **data, int *flags); - unsigned long ERR_peek_last_error_line_data(const char **file, int *line, - const char **data, int *flags); - -=head1 DESCRIPTION - -ERR_get_error() returns the earliest error code from the thread's error -queue and removes the entry. This function can be called repeatedly -until there are no more error codes to return. - -ERR_peek_error() returns the earliest error code from the thread's -error queue without modifying it. - -ERR_peek_last_error() returns the latest error code from the thread's -error queue without modifying it. - -See L for obtaining information about -location and reason of the error, and -L for human-readable error -messages. - -ERR_get_error_line(), ERR_peek_error_line() and -ERR_peek_last_error_line() are the same as the above, but they -additionally store the file name and line number where -the error occurred in *B and *B, unless these are B. - -ERR_get_error_line_data(), ERR_peek_error_line_data() and -ERR_get_last_error_line_data() store additional data and flags -associated with the error code in *B -and *B, unless these are B. *B contains a string -if *B&B. If it has been allocated by OPENSSL_malloc(), -*B&B is true. - -=head1 RETURN VALUES - -The error code, or 0 if there is no error in the queue. - -=head1 SEE ALSO - -L, L, -L - -=head1 HISTORY - -ERR_get_error(), ERR_peek_error(), ERR_get_error_line() and -ERR_peek_error_line() are available in all versions of SSLeay and -OpenSSL. ERR_get_error_line_data() and ERR_peek_error_line_data() -were added in SSLeay 0.9.0. -ERR_peek_last_error(), ERR_peek_last_error_line() and -ERR_peek_last_error_line_data() were added in OpenSSL 0.9.7. - -=cut diff --git a/src/lib/libcrypto/doc/ERR_load_crypto_strings.pod b/src/lib/libcrypto/doc/ERR_load_crypto_strings.pod deleted file mode 100644 index 9bdec75a463..00000000000 --- a/src/lib/libcrypto/doc/ERR_load_crypto_strings.pod +++ /dev/null @@ -1,46 +0,0 @@ -=pod - -=head1 NAME - -ERR_load_crypto_strings, SSL_load_error_strings, ERR_free_strings - -load and free error strings - -=head1 SYNOPSIS - - #include - - void ERR_load_crypto_strings(void); - void ERR_free_strings(void); - - #include - - void SSL_load_error_strings(void); - -=head1 DESCRIPTION - -ERR_load_crypto_strings() registers the error strings for all -B functions. SSL_load_error_strings() does the same, -but also registers the B error strings. - -One of these functions should be called before generating -textual error messages. However, this is not required when memory -usage is an issue. - -ERR_free_strings() frees all previously loaded error strings. - -=head1 RETURN VALUES - -ERR_load_crypto_strings(), SSL_load_error_strings() and -ERR_free_strings() return no values. - -=head1 SEE ALSO - -L, L - -=head1 HISTORY - -ERR_load_error_strings(), SSL_load_error_strings() and -ERR_free_strings() are available in all versions of SSLeay and -OpenSSL. - -=cut diff --git a/src/lib/libcrypto/doc/ERR_load_strings.pod b/src/lib/libcrypto/doc/ERR_load_strings.pod deleted file mode 100644 index 5acdd0edbc5..00000000000 --- a/src/lib/libcrypto/doc/ERR_load_strings.pod +++ /dev/null @@ -1,54 +0,0 @@ -=pod - -=head1 NAME - -ERR_load_strings, ERR_PACK, ERR_get_next_error_library - load -arbitrary error strings - -=head1 SYNOPSIS - - #include - - void ERR_load_strings(int lib, ERR_STRING_DATA str[]); - - int ERR_get_next_error_library(void); - - unsigned long ERR_PACK(int lib, int func, int reason); - -=head1 DESCRIPTION - -ERR_load_strings() registers error strings for library number B. - -B is an array of error string data: - - typedef struct ERR_string_data_st - { - unsigned long error; - char *string; - } ERR_STRING_DATA; - -The error code is generated from the library number and a function and -reason code: B = ERR_PACK(B, B, B). -ERR_PACK() is a macro. - -The last entry in the array is {0,0}. - -ERR_get_next_error_library() can be used to assign library numbers -to user libraries at runtime. - -=head1 RETURN VALUE - -ERR_load_strings() returns no value. ERR_PACK() return the error code. -ERR_get_next_error_library() returns a new library number. - -=head1 SEE ALSO - -L, L - -=head1 HISTORY - -ERR_load_error_strings() and ERR_PACK() are available in all versions -of SSLeay and OpenSSL. ERR_get_next_error_library() was added in -SSLeay 0.9.0. - -=cut diff --git a/src/lib/libcrypto/doc/ERR_print_errors.pod b/src/lib/libcrypto/doc/ERR_print_errors.pod deleted file mode 100644 index b100a5fa2b3..00000000000 --- a/src/lib/libcrypto/doc/ERR_print_errors.pod +++ /dev/null @@ -1,51 +0,0 @@ -=pod - -=head1 NAME - -ERR_print_errors, ERR_print_errors_fp - print error messages - -=head1 SYNOPSIS - - #include - - void ERR_print_errors(BIO *bp); - void ERR_print_errors_fp(FILE *fp); - -=head1 DESCRIPTION - -ERR_print_errors() is a convenience function that prints the error -strings for all errors that OpenSSL has recorded to B, thus -emptying the error queue. - -ERR_print_errors_fp() is the same, except that the output goes to a -B. - - -The error strings will have the following format: - - [pid]:error:[error code]:[library name]:[function name]:[reason string]:[file name]:[line]:[optional text message] - -I is an 8 digit hexadecimal number. I, -I and I are ASCII text, as is I if one was set for the respective error code. - -If there is no text string registered for the given error code, -the error string will contain the numeric code. - -=head1 RETURN VALUES - -ERR_print_errors() and ERR_print_errors_fp() return no values. - -=head1 SEE ALSO - -L, L, -L, -L, -L - -=head1 HISTORY - -ERR_print_errors() and ERR_print_errors_fp() -are available in all versions of SSLeay and OpenSSL. - -=cut diff --git a/src/lib/libcrypto/doc/ERR_put_error.pod b/src/lib/libcrypto/doc/ERR_put_error.pod deleted file mode 100644 index acd241fbe47..00000000000 --- a/src/lib/libcrypto/doc/ERR_put_error.pod +++ /dev/null @@ -1,44 +0,0 @@ -=pod - -=head1 NAME - -ERR_put_error, ERR_add_error_data - record an error - -=head1 SYNOPSIS - - #include - - void ERR_put_error(int lib, int func, int reason, const char *file, - int line); - - void ERR_add_error_data(int num, ...); - -=head1 DESCRIPTION - -ERR_put_error() adds an error code to the thread's error queue. It -signals that the error of reason code B occurred in function -B of library B, in line number B of B. -This function is usually called by a macro. - -ERR_add_error_data() associates the concatenation of its B string -arguments with the error code added last. - -L can be used to register -error strings so that the application can a generate human-readable -error messages for the error code. - -=head1 RETURN VALUES - -ERR_put_error() and ERR_add_error_data() return -no values. - -=head1 SEE ALSO - -L, L - -=head1 HISTORY - -ERR_put_error() is available in all versions of SSLeay and OpenSSL. -ERR_add_error_data() was added in SSLeay 0.9.0. - -=cut diff --git a/src/lib/libcrypto/doc/ERR_remove_state.pod b/src/lib/libcrypto/doc/ERR_remove_state.pod deleted file mode 100644 index 72925fb9f47..00000000000 --- a/src/lib/libcrypto/doc/ERR_remove_state.pod +++ /dev/null @@ -1,34 +0,0 @@ -=pod - -=head1 NAME - -ERR_remove_state - free a thread's error queue - -=head1 SYNOPSIS - - #include - - void ERR_remove_state(unsigned long pid); - -=head1 DESCRIPTION - -ERR_remove_state() frees the error queue associated with thread B. -If B == 0, the current thread will have its error queue removed. - -Since error queue data structures are allocated automatically for new -threads, they must be freed when threads are terminated in order to -avoid memory leaks. - -=head1 RETURN VALUE - -ERR_remove_state() returns no value. - -=head1 SEE ALSO - -L - -=head1 HISTORY - -ERR_remove_state() is available in all versions of SSLeay and OpenSSL. - -=cut diff --git a/src/lib/libcrypto/doc/EVP_BytesToKey.pod b/src/lib/libcrypto/doc/EVP_BytesToKey.pod deleted file mode 100644 index 5ce4add0821..00000000000 --- a/src/lib/libcrypto/doc/EVP_BytesToKey.pod +++ /dev/null @@ -1,67 +0,0 @@ -=pod - -=head1 NAME - - EVP_BytesToKey - password based encryption routine - -=head1 SYNOPSIS - - #include - - int EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md, - const unsigned char *salt, - const unsigned char *data, int datal, int count, - unsigned char *key,unsigned char *iv); - -=head1 DESCRIPTION - -EVP_BytesToKey() derives a key and IV from various parameters. B is -the cipher to derive the key and IV for. B is the message digest to use. -The B paramter is used as a salt in the derivation: it should point to -an 8 byte buffer or NULL if no salt is used. B is a buffer containing -B bytes which is used to derive the keying data. B is the -iteration count to use. The derived key and IV will be written to B -and B respectively. - -=head1 NOTES - -A typical application of this function is to derive keying material for an -encryption algorithm from a password in the B parameter. - -Increasing the B parameter slows down the algorithm which makes it -harder for an attacker to peform a brute force attack using a large number -of candidate passwords. - -If the total key and IV length is less than the digest length and -B is used then the derivation algorithm is compatible with PKCS#5 v1.5 -otherwise a non standard extension is used to derive the extra data. - -Newer applications should use more standard algorithms such as PKCS#5 -v2.0 for key derivation. - -=head1 KEY DERIVATION ALGORITHM - -The key and IV is derived by concatenating D_1, D_2, etc until -enough data is available for the key and IV. D_i is defined as: - - D_i = HASH^count(D_(i-1) || data || salt) - -where || denotes concatentaion, D_0 is empty, HASH is the digest -algorithm in use, HASH^1(data) is simply HASH(data), HASH^2(data) -is HASH(HASH(data)) and so on. - -The initial bytes are used for the key and the subsequent bytes for -the IV. - -=head1 RETURN VALUES - -EVP_BytesToKey() returns the size of the derived key in bytes. - -=head1 SEE ALSO - -L, L, -L, - -=head1 HISTORY - -=cut diff --git a/src/lib/libcrypto/doc/EVP_DigestInit.pod b/src/lib/libcrypto/doc/EVP_DigestInit.pod deleted file mode 100644 index acd4d0167a5..00000000000 --- a/src/lib/libcrypto/doc/EVP_DigestInit.pod +++ /dev/null @@ -1,251 +0,0 @@ -=pod - -=head1 NAME - -EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate, -EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE, -EVP_MD_CTX_copy_ex EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, -EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type, -EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1, EVP_mdc2, -EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj - -EVP digest routines - -=head1 SYNOPSIS - - #include - - void EVP_MD_CTX_init(EVP_MD_CTX *ctx); - EVP_MD_CTX *EVP_MD_CTX_create(void); - - int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); - int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); - int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, - unsigned int *s); - - int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx); - void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx); - - int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in); - - int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); - int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, - unsigned int *s); - - int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in); - - #define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */ - - - #define EVP_MD_type(e) ((e)->type) - #define EVP_MD_pkey_type(e) ((e)->pkey_type) - #define EVP_MD_size(e) ((e)->md_size) - #define EVP_MD_block_size(e) ((e)->block_size) - - #define EVP_MD_CTX_md(e) (e)->digest) - #define EVP_MD_CTX_size(e) EVP_MD_size((e)->digest) - #define EVP_MD_CTX_block_size(e) EVP_MD_block_size((e)->digest) - #define EVP_MD_CTX_type(e) EVP_MD_type((e)->digest) - - const EVP_MD *EVP_md_null(void); - const EVP_MD *EVP_md2(void); - const EVP_MD *EVP_md5(void); - const EVP_MD *EVP_sha(void); - const EVP_MD *EVP_sha1(void); - const EVP_MD *EVP_dss(void); - const EVP_MD *EVP_dss1(void); - const EVP_MD *EVP_mdc2(void); - const EVP_MD *EVP_ripemd160(void); - - const EVP_MD *EVP_get_digestbyname(const char *name); - #define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a)) - #define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a)) - -=head1 DESCRIPTION - -The EVP digest routines are a high level interface to message digests. - -EVP_MD_CTX_init() initializes digest contet B. - -EVP_MD_CTX_create() allocates, initializes and returns a digest contet. - -EVP_DigestInit_ex() sets up digest context B to use a digest -B from ENGINE B. B must be initialized before calling this -function. B will typically be supplied by a functionsuch as EVP_sha1(). -If B is NULL then the default implementation of digest B is used. - -EVP_DigestUpdate() hashes B bytes of data at B into the -digest context B. This function can be called several times on the -same B to hash additional data. - -EVP_DigestFinal_ex() retrieves the digest value from B and places -it in B. If the B parameter is not NULL then the number of -bytes of data written (i.e. the length of the digest) will be written -to the integer at B, at most B bytes will be written. -After calling EVP_DigestFinal_ex() no additional calls to EVP_DigestUpdate() -can be made, but EVP_DigestInit_ex() can be called to initialize a new -digest operation. - -EVP_MD_CTX_cleanup() cleans up digest context B, it should be called -after a digest context is no longer needed. - -EVP_MD_CTX_destroy() cleans up digest context B and frees up the -space allocated to it, it should be called only on a context created -using EVP_MD_CTX_create(). - -EVP_MD_CTX_copy_ex() can be used to copy the message digest state from -B to B. This is useful if large amounts of data are to be -hashed which only differ in the last few bytes. B must be initialized -before calling this function. - -EVP_DigestInit() behaves in the same way as EVP_DigestInit_ex() except -the passed context B does not have to be initialized, and it always -uses the default digest implementation. - -EVP_DigestFinal() is similar to EVP_DigestFinal_ex() except the digest -contet B is automatically cleaned up. - -EVP_MD_CTX_copy() is similar to EVP_MD_CTX_copy_ex() except the destination -B does not have to be initialized. - -EVP_MD_size() and EVP_MD_CTX_size() return the size of the message digest -when passed an B or an B structure, i.e. the size of the -hash. - -EVP_MD_block_size() and EVP_MD_CTX_block_size() return the block size of the -message digest when passed an B or an B structure. - -EVP_MD_type() and EVP_MD_CTX_type() return the NID of the OBJECT IDENTIFIER -representing the given message digest when passed an B structure. -For example EVP_MD_type(EVP_sha1()) returns B. This function is -normally used when setting ASN1 OIDs. - -EVP_MD_CTX_md() returns the B structure corresponding to the passed -B. - -EVP_MD_pkey_type() returns the NID of the public key signing algorithm associated -with this digest. For example EVP_sha1() is associated with RSA so this will -return B. This "link" between digests and signature -algorithms may not be retained in future versions of OpenSSL. - -EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_mdc2() and EVP_ripemd160() -return B structures for the MD2, MD5, SHA, SHA1, MDC2 and RIPEMD160 digest -algorithms respectively. The associated signature algorithm is RSA in each case. - -EVP_dss() and EVP_dss1() return B structures for SHA and SHA1 digest -algorithms but using DSS (DSA) for the signature algorithm. - -EVP_md_null() is a "null" message digest that does nothing: i.e. the hash it -returns is of zero length. - -EVP_get_digestbyname(), EVP_get_digestbynid() and EVP_get_digestbyobj() -return an B structure when passed a digest name, a digest NID or -an ASN1_OBJECT structure respectively. The digest table must be initialized -using, for example, OpenSSL_add_all_digests() for these functions to work. - -=head1 RETURN VALUES - -EVP_DigestInit_ex(), EVP_DigestUpdate() and EVP_DigestFinal_ex() return 1 for -success and 0 for failure. - -EVP_MD_CTX_copy_ex() returns 1 if successful or 0 for failure. - -EVP_MD_type(), EVP_MD_pkey_type() and EVP_MD_type() return the NID of the -corresponding OBJECT IDENTIFIER or NID_undef if none exists. - -EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size(e), EVP_MD_size(), -EVP_MD_CTX_block_size() and EVP_MD_block_size() return the digest or block -size in bytes. - -EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_dss(), -EVP_dss1(), EVP_mdc2() and EVP_ripemd160() return pointers to the -corresponding EVP_MD structures. - -EVP_get_digestbyname(), EVP_get_digestbynid() and EVP_get_digestbyobj() -return either an B structure or NULL if an error occurs. - -=head1 NOTES - -The B interface to message digests should almost always be used in -preference to the low level interfaces. This is because the code then becomes -transparent to the digest used and much more flexible. - -SHA1 is the digest of choice for new applications. The other digest algorithms -are still in common use. - -For most applications the B parameter to EVP_DigestInit_ex() will be -set to NULL to use the default digest implementation. - -The functions EVP_DigestInit(), EVP_DigestFinal() and EVP_MD_CTX_copy() are -obsolete but are retained to maintain compatibility with existing code. New -applications should use EVP_DigestInit_ex(), EVP_DigestFinal_ex() and -EVP_MD_CTX_copy_ex() because they can efficiently reuse a digest context -instead of initializing and cleaning it up on each call and allow non default -implementations of digests to be specified. - -In OpenSSL 0.9.7 and later if digest contexts are not cleaned up after use -memory leaks will occur. - -=head1 EXAMPLE - -This example digests the data "Test Message\n" and "Hello World\n", using the -digest name passed on the command line. - - #include - #include - - main(int argc, char *argv[]) - { - EVP_MD_CTX mdctx; - const EVP_MD *md; - char mess1[] = "Test Message\n"; - char mess2[] = "Hello World\n"; - unsigned char md_value[EVP_MAX_MD_SIZE]; - int md_len, i; - - OpenSSL_add_all_digests(); - - if(!argv[1]) { - printf("Usage: mdtest digestname\n"); - exit(1); - } - - md = EVP_get_digestbyname(argv[1]); - - if(!md) { - printf("Unknown message digest %s\n", argv[1]); - exit(1); - } - - EVP_MD_CTX_init(&mdctx); - EVP_DigestInit_ex(&mdctx, md, NULL); - EVP_DigestUpdate(&mdctx, mess1, strlen(mess1)); - EVP_DigestUpdate(&mdctx, mess2, strlen(mess2)); - EVP_DigestFinal_ex(&mdctx, md_value, &md_len); - EVP_MD_CTX_cleanup(&mdctx); - - printf("Digest is: "); - for(i = 0; i < md_len; i++) printf("%02x", md_value[i]); - printf("\n"); - } - -=head1 BUGS - -The link between digests and signing algorithms results in a situation where -EVP_sha1() must be used with RSA and EVP_dss1() must be used with DSS -even though they are identical digests. - -=head1 SEE ALSO - -L, L, L, -L, L, L, -L - -=head1 HISTORY - -EVP_DigestInit(), EVP_DigestUpdate() and EVP_DigestFinal() are -available in all versions of SSLeay and OpenSSL. - -EVP_DigestInit_ex(), EVP_DigestFinal_ex() and EVP_MD_CTX_copy_ex() -were added in OpenSSL 0.9.7. - -=cut diff --git a/src/lib/libcrypto/doc/EVP_EncryptInit.pod b/src/lib/libcrypto/doc/EVP_EncryptInit.pod deleted file mode 100644 index 371b6a2287e..00000000000 --- a/src/lib/libcrypto/doc/EVP_EncryptInit.pod +++ /dev/null @@ -1,504 +0,0 @@ -=pod - -=head1 NAME - -EVP_CIPHER_CTX_init, EVP_EncryptInit_ex, EVP_EncryptUpdate, -EVP_EncryptFinal_ex, EVP_DecryptInit_ex, EVP_DecryptUpdate, -EVP_DecryptFinal_ex, EVP_CipherInit_ex, EVP_CipherUpdate, -EVP_CipherFinal_ex, EVP_CIPHER_CTX_set_key_length, -EVP_CIPHER_CTX_ctrl, EVP_CIPHER_CTX_cleanup, EVP_EncryptInit, -EVP_EncryptFinal, EVP_DecryptInit, EVP_DecryptFinal, -EVP_CipherInit, EVP_CipherFinal, EVP_get_cipherbyname, -EVP_get_cipherbynid, EVP_get_cipherbyobj, EVP_CIPHER_nid, -EVP_CIPHER_block_size, EVP_CIPHER_key_length, EVP_CIPHER_iv_length, -EVP_CIPHER_flags, EVP_CIPHER_mode, EVP_CIPHER_type, EVP_CIPHER_CTX_cipher, -EVP_CIPHER_CTX_nid, EVP_CIPHER_CTX_block_size, EVP_CIPHER_CTX_key_length, -EVP_CIPHER_CTX_iv_length, EVP_CIPHER_CTX_get_app_data, -EVP_CIPHER_CTX_set_app_data, EVP_CIPHER_CTX_type, EVP_CIPHER_CTX_flags, -EVP_CIPHER_CTX_mode, EVP_CIPHER_param_to_asn1, EVP_CIPHER_asn1_to_param, -EVP_CIPHER_CTX_set_padding - EVP cipher routines - -=head1 SYNOPSIS - - #include - - int EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a); - - int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - ENGINE *impl, unsigned char *key, unsigned char *iv); - int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, - int *outl, unsigned char *in, int inl); - int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, - int *outl); - - int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - ENGINE *impl, unsigned char *key, unsigned char *iv); - int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, - int *outl, unsigned char *in, int inl); - int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, - int *outl); - - int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - ENGINE *impl, unsigned char *key, unsigned char *iv, int enc); - int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, - int *outl, unsigned char *in, int inl); - int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, - int *outl); - - int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - unsigned char *key, unsigned char *iv); - int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, - int *outl); - - int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - unsigned char *key, unsigned char *iv); - int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, - int *outl); - - int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, - unsigned char *key, unsigned char *iv, int enc); - int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, - int *outl); - - int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *x, int padding); - int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); - int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); - int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a); - - const EVP_CIPHER *EVP_get_cipherbyname(const char *name); - #define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a)) - #define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a)) - - #define EVP_CIPHER_nid(e) ((e)->nid) - #define EVP_CIPHER_block_size(e) ((e)->block_size) - #define EVP_CIPHER_key_length(e) ((e)->key_len) - #define EVP_CIPHER_iv_length(e) ((e)->iv_len) - #define EVP_CIPHER_flags(e) ((e)->flags) - #define EVP_CIPHER_mode(e) ((e)->flags) & EVP_CIPH_MODE) - int EVP_CIPHER_type(const EVP_CIPHER *ctx); - - #define EVP_CIPHER_CTX_cipher(e) ((e)->cipher) - #define EVP_CIPHER_CTX_nid(e) ((e)->cipher->nid) - #define EVP_CIPHER_CTX_block_size(e) ((e)->cipher->block_size) - #define EVP_CIPHER_CTX_key_length(e) ((e)->key_len) - #define EVP_CIPHER_CTX_iv_length(e) ((e)->cipher->iv_len) - #define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data) - #define EVP_CIPHER_CTX_set_app_data(e,d) ((e)->app_data=(char *)(d)) - #define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) - #define EVP_CIPHER_CTX_flags(e) ((e)->cipher->flags) - #define EVP_CIPHER_CTX_mode(e) ((e)->cipher->flags & EVP_CIPH_MODE) - - int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type); - int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type); - -=head1 DESCRIPTION - -The EVP cipher routines are a high level interface to certain -symmetric ciphers. - -EVP_CIPHER_CTX_init() initializes cipher contex B. - -EVP_EncryptInit_ex() sets up cipher context B for encryption -with cipher B from ENGINE B. B must be initialized -before calling this function. B is normally supplied -by a function such as EVP_des_cbc(). If B is NULL then the -default implementation is used. B is the symmetric key to use -and B is the IV to use (if necessary), the actual number of bytes -used for the key and IV depends on the cipher. It is possible to set -all parameters to NULL except B in an initial call and supply -the remaining parameters in subsequent calls, all of which have B -set to NULL. This is done when the default cipher parameters are not -appropriate. - -EVP_EncryptUpdate() encrypts B bytes from the buffer B and -writes the encrypted version to B. This function can be called -multiple times to encrypt successive blocks of data. The amount -of data written depends on the block alignment of the encrypted data: -as a result the amount of data written may be anything from zero bytes -to (inl + cipher_block_size - 1) so B should contain sufficient -room. The actual number of bytes written is placed in B. - -If padding is enabled (the default) then EVP_EncryptFinal_ex() encrypts -the "final" data, that is any data that remains in a partial block. -It uses L (aka PKCS padding). The encrypted -final data is written to B which should have sufficient space for -one cipher block. The number of bytes written is placed in B. After -this function is called the encryption operation is finished and no further -calls to EVP_EncryptUpdate() should be made. - -If padding is disabled then EVP_EncryptFinal_ex() will not encrypt any more -data and it will return an error if any data remains in a partial block: -that is if the total data length is not a multiple of the block size. - -EVP_DecryptInit_ex(), EVP_DecryptUpdate() and EVP_DecryptFinal_ex() are the -corresponding decryption operations. EVP_DecryptFinal() will return an -error code if padding is enabled and the final block is not correctly -formatted. The parameters and restrictions are identical to the encryption -operations except that if padding is enabled the decrypted data buffer B -passed to EVP_DecryptUpdate() should have sufficient room for -(B + cipher_block_size) bytes unless the cipher block size is 1 in -which case B bytes is sufficient. - -EVP_CipherInit_ex(), EVP_CipherUpdate() and EVP_CipherFinal_ex() are -functions that can be used for decryption or encryption. The operation -performed depends on the value of the B parameter. It should be set -to 1 for encryption, 0 for decryption and -1 to leave the value unchanged -(the actual value of 'enc' being supplied in a previous call). - -EVP_CIPHER_CTX_cleanup() clears all information from a cipher context -and free up any allocated memory associate with it. It should be called -after all operations using a cipher are complete so sensitive information -does not remain in memory. - -EVP_EncryptInit(), EVP_DecryptInit() and EVP_CipherInit() behave in a -similar way to EVP_EncryptInit_ex(), EVP_DecryptInit_ex and -EVP_CipherInit_ex() except the B paramter does not need to be -initialized and they always use the default cipher implementation. - -EVP_EncryptFinal(), EVP_DecryptFinal() and EVP_CipherFinal() behave in a -similar way to EVP_EncryptFinal_ex(), EVP_DecryptFinal_ex() and -EVP_CipherFinal_ex() except B is automatically cleaned up -after the call. - -EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj() -return an EVP_CIPHER structure when passed a cipher name, a NID or an -ASN1_OBJECT structure. - -EVP_CIPHER_nid() and EVP_CIPHER_CTX_nid() return the NID of a cipher when -passed an B or B structure. The actual NID -value is an internal value which may not have a corresponding OBJECT -IDENTIFIER. - -EVP_CIPHER_CTX_set_padding() enables or disables padding. By default -encryption operations are padded using standard block padding and the -padding is checked and removed when decrypting. If the B parameter -is zero then no padding is performed, the total amount of data encrypted -or decrypted must then be a multiple of the block size or an error will -occur. - -EVP_CIPHER_key_length() and EVP_CIPHER_CTX_key_length() return the key -length of a cipher when passed an B or B -structure. The constant B is the maximum key length -for all ciphers. Note: although EVP_CIPHER_key_length() is fixed for a -given cipher, the value of EVP_CIPHER_CTX_key_length() may be different -for variable key length ciphers. - -EVP_CIPHER_CTX_set_key_length() sets the key length of the cipher ctx. -If the cipher is a fixed length cipher then attempting to set the key -length to any value other than the fixed value is an error. - -EVP_CIPHER_iv_length() and EVP_CIPHER_CTX_iv_length() return the IV -length of a cipher when passed an B or B. -It will return zero if the cipher does not use an IV. The constant -B is the maximum IV length for all ciphers. - -EVP_CIPHER_block_size() and EVP_CIPHER_CTX_block_size() return the block -size of a cipher when passed an B or B -structure. The constant B is also the maximum block -length for all ciphers. - -EVP_CIPHER_type() and EVP_CIPHER_CTX_type() return the type of the passed -cipher or context. This "type" is the actual NID of the cipher OBJECT -IDENTIFIER as such it ignores the cipher parameters and 40 bit RC2 and -128 bit RC2 have the same NID. If the cipher does not have an object -identifier or does not have ASN1 support this function will return -B. - -EVP_CIPHER_CTX_cipher() returns the B structure when passed -an B structure. - -EVP_CIPHER_mode() and EVP_CIPHER_CTX_mode() return the block cipher mode: -EVP_CIPH_ECB_MODE, EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE or -EVP_CIPH_OFB_MODE. If the cipher is a stream cipher then -EVP_CIPH_STREAM_CIPHER is returned. - -EVP_CIPHER_param_to_asn1() sets the AlgorithmIdentifier "parameter" based -on the passed cipher. This will typically include any parameters and an -IV. The cipher IV (if any) must be set when this call is made. This call -should be made before the cipher is actually "used" (before any -EVP_EncryptUpdate(), EVP_DecryptUpdate() calls for example). This function -may fail if the cipher does not have any ASN1 support. - -EVP_CIPHER_asn1_to_param() sets the cipher parameters based on an ASN1 -AlgorithmIdentifier "parameter". The precise effect depends on the cipher -In the case of RC2, for example, it will set the IV and effective key length. -This function should be called after the base cipher type is set but before -the key is set. For example EVP_CipherInit() will be called with the IV and -key set to NULL, EVP_CIPHER_asn1_to_param() will be called and finally -EVP_CipherInit() again with all parameters except the key set to NULL. It is -possible for this function to fail if the cipher does not have any ASN1 support -or the parameters cannot be set (for example the RC2 effective key length -is not supported. - -EVP_CIPHER_CTX_ctrl() allows various cipher specific parameters to be determined -and set. Currently only the RC2 effective key length and the number of rounds of -RC5 can be set. - -=head1 RETURN VALUES - -EVP_CIPHER_CTX_init, EVP_EncryptInit_ex(), EVP_EncryptUpdate() and -EVP_EncryptFinal_ex() return 1 for success and 0 for failure. - -EVP_DecryptInit_ex() and EVP_DecryptUpdate() return 1 for success and 0 for failure. -EVP_DecryptFinal_ex() returns 0 if the decrypt failed or 1 for success. - -EVP_CipherInit_ex() and EVP_CipherUpdate() return 1 for success and 0 for failure. -EVP_CipherFinal_ex() returns 0 for a decryption failure or 1 for success. - -EVP_CIPHER_CTX_cleanup() returns 1 for success and 0 for failure. - -EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj() -return an B structure or NULL on error. - -EVP_CIPHER_nid() and EVP_CIPHER_CTX_nid() return a NID. - -EVP_CIPHER_block_size() and EVP_CIPHER_CTX_block_size() return the block -size. - -EVP_CIPHER_key_length() and EVP_CIPHER_CTX_key_length() return the key -length. - -EVP_CIPHER_CTX_set_padding() always returns 1. - -EVP_CIPHER_iv_length() and EVP_CIPHER_CTX_iv_length() return the IV -length or zero if the cipher does not use an IV. - -EVP_CIPHER_type() and EVP_CIPHER_CTX_type() return the NID of the cipher's -OBJECT IDENTIFIER or NID_undef if it has no defined OBJECT IDENTIFIER. - -EVP_CIPHER_CTX_cipher() returns an B structure. - -EVP_CIPHER_param_to_asn1() and EVP_CIPHER_asn1_to_param() return 1 for -success or zero for failure. - -=head1 CIPHER LISTING - -All algorithms have a fixed key length unless otherwise stated. - -=over 4 - -=item EVP_enc_null() - -Null cipher: does nothing. - -=item EVP_des_cbc(void), EVP_des_ecb(void), EVP_des_cfb(void), EVP_des_ofb(void) - -DES in CBC, ECB, CFB and OFB modes respectively. - -=item EVP_des_ede_cbc(void), EVP_des_ede(), EVP_des_ede_ofb(void), EVP_des_ede_cfb(void) - -Two key triple DES in CBC, ECB, CFB and OFB modes respectively. - -=item EVP_des_ede3_cbc(void), EVP_des_ede3(), EVP_des_ede3_ofb(void), EVP_des_ede3_cfb(void) - -Three key triple DES in CBC, ECB, CFB and OFB modes respectively. - -=item EVP_desx_cbc(void) - -DESX algorithm in CBC mode. - -=item EVP_rc4(void) - -RC4 stream cipher. This is a variable key length cipher with default key length 128 bits. - -=item EVP_rc4_40(void) - -RC4 stream cipher with 40 bit key length. This is obsolete and new code should use EVP_rc4() -and the EVP_CIPHER_CTX_set_key_length() function. - -=item EVP_idea_cbc() EVP_idea_ecb(void), EVP_idea_cfb(void), EVP_idea_ofb(void), EVP_idea_cbc(void) - -IDEA encryption algorithm in CBC, ECB, CFB and OFB modes respectively. - -=item EVP_rc2_cbc(void), EVP_rc2_ecb(void), EVP_rc2_cfb(void), EVP_rc2_ofb(void) - -RC2 encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a variable key -length cipher with an additional parameter called "effective key bits" or "effective key length". -By default both are set to 128 bits. - -=item EVP_rc2_40_cbc(void), EVP_rc2_64_cbc(void) - -RC2 algorithm in CBC mode with a default key length and effective key length of 40 and 64 bits. -These are obsolete and new code should use EVP_rc2_cbc(), EVP_CIPHER_CTX_set_key_length() and -EVP_CIPHER_CTX_ctrl() to set the key length and effective key length. - -=item EVP_bf_cbc(void), EVP_bf_ecb(void), EVP_bf_cfb(void), EVP_bf_ofb(void); - -Blowfish encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a variable key -length cipher. - -=item EVP_cast5_cbc(void), EVP_cast5_ecb(void), EVP_cast5_cfb(void), EVP_cast5_ofb(void) - -CAST encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a variable key -length cipher. - -=item EVP_rc5_32_12_16_cbc(void), EVP_rc5_32_12_16_ecb(void), EVP_rc5_32_12_16_cfb(void), EVP_rc5_32_12_16_ofb(void) - -RC5 encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a variable key length -cipher with an additional "number of rounds" parameter. By default the key length is set to 128 -bits and 12 rounds. - -=back - -=head1 NOTES - -Where possible the B interface to symmetric ciphers should be used in -preference to the low level interfaces. This is because the code then becomes -transparent to the cipher used and much more flexible. - -PKCS padding works by adding B padding bytes of value B to make the total -length of the encrypted data a multiple of the block size. Padding is always -added so if the data is already a multiple of the block size B will equal -the block size. For example if the block size is 8 and 11 bytes are to be -encrypted then 5 padding bytes of value 5 will be added. - -When decrypting the final block is checked to see if it has the correct form. - -Although the decryption operation can produce an error if padding is enabled, -it is not a strong test that the input data or key is correct. A random block -has better than 1 in 256 chance of being of the correct format and problems with -the input data earlier on will not produce a final decrypt error. - -If padding is disabled then the decryption operation will always succeed if -the total amount of data decrypted is a multiple of the block size. - -The functions EVP_EncryptInit(), EVP_EncryptFinal(), EVP_DecryptInit(), -EVP_CipherInit() and EVP_CipherFinal() are obsolete but are retained for -compatibility with existing code. New code should use EVP_EncryptInit_ex(), -EVP_EncryptFinal_ex(), EVP_DecryptInit_ex(), EVP_DecryptFinal_ex(), -EVP_CipherInit_ex() and EVP_CipherFinal_ex() because they can reuse an -existing context without allocating and freeing it up on each call. - -=head1 BUGS - -For RC5 the number of rounds can currently only be set to 8, 12 or 16. This is -a limitation of the current RC5 code rather than the EVP interface. - -EVP_MAX_KEY_LENGTH and EVP_MAX_IV_LENGTH only refer to the internal ciphers with -default key lengths. If custom ciphers exceed these values the results are -unpredictable. This is because it has become standard practice to define a -generic key as a fixed unsigned char array containing EVP_MAX_KEY_LENGTH bytes. - -The ASN1 code is incomplete (and sometimes inaccurate) it has only been tested -for certain common S/MIME ciphers (RC2, DES, triple DES) in CBC mode. - -=head1 EXAMPLES - -Get the number of rounds used in RC5: - - int nrounds; - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC5_ROUNDS, 0, &nrounds); - -Get the RC2 effective key length: - - int key_bits; - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC2_KEY_BITS, 0, &key_bits); - -Set the number of rounds used in RC5: - - int nrounds; - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC5_ROUNDS, nrounds, NULL); - -Set the effective key length used in RC2: - - int key_bits; - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL); - -Encrypt a string using blowfish: - - int do_crypt(char *outfile) - { - unsigned char outbuf[1024]; - int outlen, tmplen; - /* Bogus key and IV: we'd normally set these from - * another source. - */ - unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15}; - unsigned char iv[] = {1,2,3,4,5,6,7,8}; - char intext[] = "Some Crypto Text"; - EVP_CIPHER_CTX ctx; - FILE *out; - EVP_CIPHER_CTX_init(&ctx); - EVP_EncryptInit_ex(&ctx, NULL, EVP_bf_cbc(), key, iv); - - if(!EVP_EncryptUpdate(&ctx, outbuf, &outlen, intext, strlen(intext))) - { - /* Error */ - return 0; - } - /* Buffer passed to EVP_EncryptFinal() must be after data just - * encrypted to avoid overwriting it. - */ - if(!EVP_EncryptFinal_ex(&ctx, outbuf + outlen, &tmplen)) - { - /* Error */ - return 0; - } - outlen += tmplen; - EVP_CIPHER_CTX_cleanup(&ctx); - /* Need binary mode for fopen because encrypted data is - * binary data. Also cannot use strlen() on it because - * it wont be null terminated and may contain embedded - * nulls. - */ - out = fopen(outfile, "wb"); - fwrite(outbuf, 1, outlen, out); - fclose(out); - return 1; - } - -The ciphertext from the above example can be decrypted using the B -utility with the command line: - - S - -General encryption, decryption function example using FILE I/O and RC2 with an -80 bit key: - - int do_crypt(FILE *in, FILE *out, int do_encrypt) - { - /* Allow enough space in output buffer for additional block */ - inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH]; - int inlen, outlen; - /* Bogus key and IV: we'd normally set these from - * another source. - */ - unsigned char key[] = "0123456789"; - unsigned char iv[] = "12345678"; - /* Don't set key or IV because we will modify the parameters */ - EVP_CIPHER_CTX_init(&ctx); - EVP_CipherInit_ex(&ctx, EVP_rc2(), NULL, NULL, NULL, do_encrypt); - EVP_CIPHER_CTX_set_key_length(&ctx, 10); - /* We finished modifying parameters so now we can set key and IV */ - EVP_CipherInit_ex(&ctx, NULL, NULL, key, iv, do_encrypt); - - for(;;) - { - inlen = fread(inbuf, 1, 1024, in); - if(inlen <= 0) break; - if(!EVP_CipherUpdate(&ctx, outbuf, &outlen, inbuf, inlen)) - { - /* Error */ - return 0; - } - fwrite(outbuf, 1, outlen, out); - } - if(!EVP_CipherFinal_ex(&ctx, outbuf, &outlen)) - { - /* Error */ - return 0; - } - fwrite(outbuf, 1, outlen, out); - - EVP_CIPHER_CTX_cleanup(&ctx); - return 1; - } - - -=head1 SEE ALSO - -L - -=head1 HISTORY - -=cut diff --git a/src/lib/libcrypto/doc/EVP_OpenInit.pod b/src/lib/libcrypto/doc/EVP_OpenInit.pod deleted file mode 100644 index 2e710da945b..00000000000 --- a/src/lib/libcrypto/doc/EVP_OpenInit.pod +++ /dev/null @@ -1,63 +0,0 @@ -=pod - -=head1 NAME - -EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFinal - EVP envelope decryption - -=head1 SYNOPSIS - - #include - - int EVP_OpenInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type,unsigned char *ek, - int ekl,unsigned char *iv,EVP_PKEY *priv); - int EVP_OpenUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, - int *outl, unsigned char *in, int inl); - int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, - int *outl); - -=head1 DESCRIPTION - -The EVP envelope routines are a high level interface to envelope -decryption. They decrypt a public key encrypted symmetric key and -then decrypt data using it. - -EVP_OpenInit() initializes a cipher context B for decryption -with cipher B. It decrypts the encrypted symmetric key of length -B bytes passed in the B parameter using the private key B. -The IV is supplied in the B parameter. - -EVP_OpenUpdate() and EVP_OpenFinal() have exactly the same properties -as the EVP_DecryptUpdate() and EVP_DecryptFinal() routines, as -documented on the L manual -page. - -=head1 NOTES - -It is possible to call EVP_OpenInit() twice in the same way as -EVP_DecryptInit(). The first call should have B set to NULL -and (after setting any cipher parameters) it should be called again -with B set to NULL. - -If the cipher passed in the B parameter is a variable length -cipher then the key length will be set to the value of the recovered -key length. If the cipher is a fixed length cipher then the recovered -key length must match the fixed cipher length. - -=head1 RETURN VALUES - -EVP_OpenInit() returns 0 on error or a non zero integer (actually the -recovered secret key size) if successful. - -EVP_OpenUpdate() returns 1 for success or 0 for failure. - -EVP_OpenFinal() returns 0 if the decrypt failed or 1 for success. - -=head1 SEE ALSO - -L, L, -L, -L - -=head1 HISTORY - -=cut diff --git a/src/lib/libcrypto/doc/EVP_SealInit.pod b/src/lib/libcrypto/doc/EVP_SealInit.pod deleted file mode 100644 index 0451eb648a3..00000000000 --- a/src/lib/libcrypto/doc/EVP_SealInit.pod +++ /dev/null @@ -1,76 +0,0 @@ -=pod - -=head1 NAME - -EVP_SealInit, EVP_SealUpdate, EVP_SealFinal - EVP envelope encryption - -=head1 SYNOPSIS - - #include - - int EVP_SealInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char **ek, - int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk); - int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, - int *outl, unsigned char *in, int inl); - int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, - int *outl); - -=head1 DESCRIPTION - -The EVP envelope routines are a high level interface to envelope -encryption. They generate a random key and then "envelope" it by -using public key encryption. Data can then be encrypted using this -key. - -EVP_SealInit() initializes a cipher context B for encryption -with cipher B using a random secret key and IV supplied in -the B parameter. B is normally supplied by a function such -as EVP_des_cbc(). The secret key is encrypted using one or more public -keys, this allows the same encrypted data to be decrypted using any -of the corresponding private keys. B is an array of buffers where -the public key encrypted secret key will be written, each buffer must -contain enough room for the corresponding encrypted key: that is -B must have room for B bytes. The actual -size of each encrypted secret key is written to the array B. B is -an array of B public keys. - -EVP_SealUpdate() and EVP_SealFinal() have exactly the same properties -as the EVP_EncryptUpdate() and EVP_EncryptFinal() routines, as -documented on the L manual -page. - -=head1 RETURN VALUES - -EVP_SealInit() returns 0 on error or B if successful. - -EVP_SealUpdate() and EVP_SealFinal() return 1 for success and 0 for -failure. - -=head1 NOTES - -Because a random secret key is generated the random number generator -must be seeded before calling EVP_SealInit(). - -The public key must be RSA because it is the only OpenSSL public key -algorithm that supports key transport. - -Envelope encryption is the usual method of using public key encryption -on large amounts of data, this is because public key encryption is slow -but symmetric encryption is fast. So symmetric encryption is used for -bulk encryption and the small random symmetric key used is transferred -using public key encryption. - -It is possible to call EVP_SealInit() twice in the same way as -EVP_EncryptInit(). The first call should have B set to 0 -and (after setting any cipher parameters) it should be called again -with B set to NULL. - -=head1 SEE ALSO - -L, L, -L, -L - -=head1 HISTORY - -=cut diff --git a/src/lib/libcrypto/doc/EVP_SignInit.pod b/src/lib/libcrypto/doc/EVP_SignInit.pod deleted file mode 100644 index b1ac1294305..00000000000 --- a/src/lib/libcrypto/doc/EVP_SignInit.pod +++ /dev/null @@ -1,96 +0,0 @@ -=pod - -=head1 NAME - -EVP_SignInit, EVP_SignUpdate, EVP_SignFinal - EVP signing functions - -=head1 SYNOPSIS - - #include - - int EVP_SignInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); - int EVP_SignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); - int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *sig,unsigned int *s, EVP_PKEY *pkey); - - void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type); - - int EVP_PKEY_size(EVP_PKEY *pkey); - -=head1 DESCRIPTION - -The EVP signature routines are a high level interface to digital -signatures. - -EVP_SignInit_ex() sets up signing context B to use digest -B from ENGINE B. B must be initialized with -EVP_MD_CTX_init() before calling this function. - -EVP_SignUpdate() hashes B bytes of data at B into the -signature context B. This function can be called several times on the -same B to include additional data. - -EVP_SignFinal() signs the data in B using the private key B -and places the signature in B. If the B parameter is not NULL -then the number of bytes of data written (i.e. the length of the signature) -will be written to the integer at B, at most EVP_PKEY_size(pkey) bytes -will be written. - -EVP_SignInit() initializes a signing context B to use the default -implementation of digest B. - -EVP_PKEY_size() returns the maximum size of a signature in bytes. The actual -signature returned by EVP_SignFinal() may be smaller. - -=head1 RETURN VALUES - -EVP_SignInit_ex(), EVP_SignUpdate() and EVP_SignFinal() return 1 -for success and 0 for failure. - -EVP_PKEY_size() returns the maximum size of a signature in bytes. - -The error codes can be obtained by L. - -=head1 NOTES - -The B interface to digital signatures should almost always be used in -preference to the low level interfaces. This is because the code then becomes -transparent to the algorithm used and much more flexible. - -Due to the link between message digests and public key algorithms the correct -digest algorithm must be used with the correct public key type. A list of -algorithms and associated public key algorithms appears in -L. - -When signing with DSA private keys the random number generator must be seeded -or the operation will fail. The random number generator does not need to be -seeded for RSA signatures. - -The call to EVP_SignFinal() internally finalizes a copy of the digest context. -This means that calls to EVP_SignUpdate() and EVP_SignFinal() can be called -later to digest and sign additional data. - -Since only a copy of the digest context is ever finalized the context must -be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak -will occur. - -=head1 BUGS - -Older versions of this documentation wrongly stated that calls to -EVP_SignUpdate() could not be made after calling EVP_SignFinal(). - -=head1 SEE ALSO - -L, -L, L, -L, L, L, -L, L, L, -L, L - -=head1 HISTORY - -EVP_SignInit(), EVP_SignUpdate() and EVP_SignFinal() are -available in all versions of SSLeay and OpenSSL. - -EVP_SignInit_ex() was added in OpenSSL 0.9.7 - -=cut diff --git a/src/lib/libcrypto/doc/EVP_VerifyInit.pod b/src/lib/libcrypto/doc/EVP_VerifyInit.pod deleted file mode 100644 index 80c656fde8d..00000000000 --- a/src/lib/libcrypto/doc/EVP_VerifyInit.pod +++ /dev/null @@ -1,86 +0,0 @@ -=pod - -=head1 NAME - -EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal - EVP signature verification functions - -=head1 SYNOPSIS - - #include - - int EVP_VerifyInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); - int EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); - int EVP_VerifyFinal(EVP_MD_CTX *ctx,unsigned char *sigbuf, unsigned int siglen,EVP_PKEY *pkey); - - int EVP_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *type); - -=head1 DESCRIPTION - -The EVP signature verification routines are a high level interface to digital -signatures. - -EVP_VerifyInit_ex() sets up verification context B to use digest -B from ENGINE B. B must be initialized by calling -EVP_MD_CTX_init() before calling this function. - -EVP_VerifyUpdate() hashes B bytes of data at B into the -verification context B. This function can be called several times on the -same B to include additional data. - -EVP_VerifyFinal() verifies the data in B using the public key B -and against the B bytes at B. - -EVP_VerifyInit() initializes verification context B to use the default -implementation of digest B. - -=head1 RETURN VALUES - -EVP_VerifyInit_ex() and EVP_VerifyUpdate() return 1 for success and 0 for -failure. - -EVP_VerifyFinal() returns 1 for a correct signature, 0 for failure and -1 if some -other error occurred. - -The error codes can be obtained by L. - -=head1 NOTES - -The B interface to digital signatures should almost always be used in -preference to the low level interfaces. This is because the code then becomes -transparent to the algorithm used and much more flexible. - -Due to the link between message digests and public key algorithms the correct -digest algorithm must be used with the correct public key type. A list of -algorithms and associated public key algorithms appears in -L. - -The call to EVP_VerifyFinal() internally finalizes a copy of the digest context. -This means that calls to EVP_VerifyUpdate() and EVP_VerifyFinal() can be called -later to digest and verify additional data. - -Since only a copy of the digest context is ever finalized the context must -be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak -will occur. - -=head1 BUGS - -Older versions of this documentation wrongly stated that calls to -EVP_VerifyUpdate() could not be made after calling EVP_VerifyFinal(). - -=head1 SEE ALSO - -L, -L, -L, L, -L, L, L, -L, L, L, -L, L - -=head1 HISTORY - -EVP_VerifyInit(), EVP_VerifyUpdate() and EVP_VerifyFinal() are -available in all versions of SSLeay and OpenSSL. - -EVP_VerifyInit_ex() was added in OpenSSL 0.9.7 - -=cut diff --git a/src/lib/libcrypto/doc/OPENSSL_VERSION_NUMBER.pod b/src/lib/libcrypto/doc/OPENSSL_VERSION_NUMBER.pod deleted file mode 100644 index c39ac35e78a..00000000000 --- a/src/lib/libcrypto/doc/OPENSSL_VERSION_NUMBER.pod +++ /dev/null @@ -1,101 +0,0 @@ -=pod - -=head1 NAME - -OPENSSL_VERSION_NUMBER, SSLeay, SSLeay_version - get OpenSSL version number - -=head1 SYNOPSIS - - #include - #define OPENSSL_VERSION_NUMBER 0xnnnnnnnnnL - - #include - long SSLeay(void); - const char *SSLeay_version(int t); - -=head1 DESCRIPTION - -OPENSSL_VERSION_NUMBER is a numeric release version identifier: - - MMNNFFPPS: major minor fix patch status - -The status nibble has one of the values 0 for development, 1 to e for betas -1 to 14, and f for release. - -for example - - 0x000906000 == 0.9.6 dev - 0x000906023 == 0.9.6b beta 3 - 0x00090605f == 0.9.6e release - -Versions prior to 0.9.3 have identifiers E 0x0930. -Versions between 0.9.3 and 0.9.5 had a version identifier with this -interpretation: - - MMNNFFRBB major minor fix final beta/patch - -for example - - 0x000904100 == 0.9.4 release - 0x000905000 == 0.9.5 dev - -Version 0.9.5a had an interim interpretation that is like the current one, -except the patch level got the highest bit set, to keep continuity. The -number was therefore 0x0090581f. - - -For backward compatibility, SSLEAY_VERSION_NUMBER is also defined. - -SSLeay() returns this number. The return value can be compared to the -macro to make sure that the correct version of the library has been -loaded, especially when using DLLs on Windows systems. - -SSLeay_version() returns different strings depending on B: - -=over 4 - -=item SSLEAY_VERSION - -The text variant of the version number and the release date. For example, -"OpenSSL 0.9.5a 1 Apr 2000". - -=item SSLEAY_CFLAGS - -The compiler flags set for the compilation process in the form -"compiler: ..." if available or "compiler: information not available" -otherwise. - -=item SSLEAY_BUILT_ON - -The date of the build process in the form "built on: ..." if available -or "built on: date not available" otherwise. - -=item SSLEAY_PLATFORM - -The "Configure" target of the library build in the form "platform: ..." -if available or "platform: information not available" otherwise. - -=item SSLEAY_DIR - -The "OPENSSLDIR" setting of the library build in the form "OPENSSLDIR: "..."" -if available or "OPENSSLDIR: N/A" otherwise. - -=back - -For an unknown B, the text "not available" is returned. - -=head1 RETURN VALUE - -The version number. - -=head1 SEE ALSO - -L - -=head1 HISTORY - -SSLeay() and SSLEAY_VERSION_NUMBER are available in all versions of SSLeay and OpenSSL. -OPENSSL_VERSION_NUMBER is available in all versions of OpenSSL. -B was added in OpenSSL 0.9.7. - -=cut diff --git a/src/lib/libcrypto/doc/OpenSSL_add_all_algorithms.pod b/src/lib/libcrypto/doc/OpenSSL_add_all_algorithms.pod deleted file mode 100644 index e63411b5bba..00000000000 --- a/src/lib/libcrypto/doc/OpenSSL_add_all_algorithms.pod +++ /dev/null @@ -1,66 +0,0 @@ -=pod - -=head1 NAME - -OpenSSL_add_all_algorithms, OpenSSL_add_all_ciphers, OpenSSL_add_all_digests - -add algorithms to internal table - -=head1 SYNOPSIS - - #include - - void OpenSSL_add_all_algorithms(void); - void OpenSSL_add_all_ciphers(void); - void OpenSSL_add_all_digests(void); - - void EVP_cleanup(void); - -=head1 DESCRIPTION - -OpenSSL keeps an internal table of digest algorithms and ciphers. It uses -this table to lookup ciphers via functions such as EVP_get_cipher_byname(). - -OpenSSL_add_all_digests() adds all digest algorithms to the table. - -OpenSSL_add_all_algorithms() adds all algorithms to the table (digests and -ciphers). - -OpenSSL_add_all_ciphers() adds all encryption algorithms to the table including -password based encryption algorithms. - -EVP_cleanup() removes all ciphers and digests from the table. - -=head1 RETURN VALUES - -None of the functions return a value. - -=head1 NOTES - -A typical application will call OpenSSL_add_all_algorithms() initially and -EVP_cleanup() before exiting. - -An application does not need to add algorithms to use them explicitly, for example -by EVP_sha1(). It just needs to add them if it (or any of the functions it calls) -needs to lookup algorithms. - -The cipher and digest lookup functions are used in many parts of the library. If -the table is not initialized several functions will misbehave and complain they -cannot find algorithms. This includes the PEM, PKCS#12, SSL and S/MIME libraries. -This is a common query in the OpenSSL mailing lists. - -Calling OpenSSL_add_all_algorithms() links in all algorithms: as a result a -statically linked executable can be quite large. If this is important it is possible -to just add the required ciphers and digests. - -=head1 BUGS - -Although the functions do not return error codes it is possible for them to fail. -This will only happen as a result of a memory allocation failure so this is not -too much of a problem in practice. - -=head1 SEE ALSO - -L, L, -L - -=cut diff --git a/src/lib/libcrypto/doc/RAND_add.pod b/src/lib/libcrypto/doc/RAND_add.pod deleted file mode 100644 index 67c66f3e0c9..00000000000 --- a/src/lib/libcrypto/doc/RAND_add.pod +++ /dev/null @@ -1,77 +0,0 @@ -=pod - -=head1 NAME - -RAND_add, RAND_seed, RAND_status, RAND_event, RAND_screen - add -entropy to the PRNG - -=head1 SYNOPSIS - - #include - - void RAND_seed(const void *buf, int num); - - void RAND_add(const void *buf, int num, double entropy); - - int RAND_status(void); - - int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam); - void RAND_screen(void); - -=head1 DESCRIPTION - -RAND_add() mixes the B bytes at B into the PRNG state. Thus, -if the data at B are unpredictable to an adversary, this -increases the uncertainty about the state and makes the PRNG output -less predictable. Suitable input comes from user interaction (random -key presses, mouse movements) and certain hardware events. The -B argument is (the lower bound of) an estimate of how much -randomness is contained in B, measured in bytes. Details about -sources of randomness and how to estimate their entropy can be found -in the literature, e.g. RFC 1750. - -RAND_add() may be called with sensitive data such as user entered -passwords. The seed values cannot be recovered from the PRNG output. - -OpenSSL makes sure that the PRNG state is unique for each thread. On -systems that provide C, the randomness device is used -to seed the PRNG transparently. However, on all other systems, the -application is responsible for seeding the PRNG by calling RAND_add(), -L -or L. - -RAND_seed() is equivalent to RAND_add() when B. - -RAND_event() collects the entropy from Windows events such as mouse -movements and other user interaction. It should be called with the -B, B and B arguments of I messages sent to -the window procedure. It will estimate the entropy contained in the -event message (if any), and add it to the PRNG. The program can then -process the messages as usual. - -The RAND_screen() function is available for the convenience of Windows -programmers. It adds the current contents of the screen to the PRNG. -For applications that can catch Windows events, seeding the PRNG by -calling RAND_event() is a significantly better source of -randomness. It should be noted that both methods cannot be used on -servers that run without user interaction. - -=head1 RETURN VALUES - -RAND_status() and RAND_event() return 1 if the PRNG has been seeded -with enough data, 0 otherwise. - -The other functions do not return values. - -=head1 SEE ALSO - -L, L, -L, L - -=head1 HISTORY - -RAND_seed() and RAND_screen() are available in all versions of SSLeay -and OpenSSL. RAND_add() and RAND_status() have been added in OpenSSL -0.9.5, RAND_event() in OpenSSL 0.9.5a. - -=cut diff --git a/src/lib/libcrypto/doc/RAND_bytes.pod b/src/lib/libcrypto/doc/RAND_bytes.pod deleted file mode 100644 index b03748b9180..00000000000 --- a/src/lib/libcrypto/doc/RAND_bytes.pod +++ /dev/null @@ -1,46 +0,0 @@ -=pod - -=head1 NAME - -RAND_bytes, RAND_pseudo_bytes - generate random data - -=head1 SYNOPSIS - - #include - - int RAND_bytes(unsigned char *buf, int num); - - int RAND_pseudo_bytes(unsigned char *buf, int num); - -=head1 DESCRIPTION - -RAND_bytes() puts B cryptographically strong pseudo-random bytes -into B. An error occurs if the PRNG has not been seeded with -enough randomness to ensure an unpredictable byte sequence. - -RAND_pseudo_bytes() puts B pseudo-random bytes into B. -Pseudo-random byte sequences generated by RAND_pseudo_bytes() will be -unique if they are of sufficient length, but are not necessarily -unpredictable. They can be used for non-cryptographic purposes and for -certain purposes in cryptographic protocols, but usually not for key -generation etc. - -=head1 RETURN VALUES - -RAND_bytes() returns 1 on success, 0 otherwise. The error code can be -obtained by L. RAND_pseudo_bytes() returns 1 if the -bytes generated are cryptographically strong, 0 otherwise. Both -functions return -1 if they are not supported by the current RAND -method. - -=head1 SEE ALSO - -L, L, L - -=head1 HISTORY - -RAND_bytes() is available in all versions of SSLeay and OpenSSL. It -has a return value since OpenSSL 0.9.5. RAND_pseudo_bytes() was added -in OpenSSL 0.9.5. - -=cut diff --git a/src/lib/libcrypto/doc/RAND_cleanup.pod b/src/lib/libcrypto/doc/RAND_cleanup.pod deleted file mode 100644 index 3a8f0749a8d..00000000000 --- a/src/lib/libcrypto/doc/RAND_cleanup.pod +++ /dev/null @@ -1,29 +0,0 @@ -=pod - -=head1 NAME - -RAND_cleanup - erase the PRNG state - -=head1 SYNOPSIS - - #include - - void RAND_cleanup(void); - -=head1 DESCRIPTION - -RAND_cleanup() erases the memory used by the PRNG. - -=head1 RETURN VALUE - -RAND_cleanup() returns no value. - -=head1 SEE ALSO - -L - -=head1 HISTORY - -RAND_cleanup() is available in all versions of SSLeay and OpenSSL. - -=cut diff --git a/src/lib/libcrypto/doc/RAND_load_file.pod b/src/lib/libcrypto/doc/RAND_load_file.pod deleted file mode 100644 index d8c134e621d..00000000000 --- a/src/lib/libcrypto/doc/RAND_load_file.pod +++ /dev/null @@ -1,53 +0,0 @@ -=pod - -=head1 NAME - -RAND_load_file, RAND_write_file, RAND_file_name - PRNG seed file - -=head1 SYNOPSIS - - #include - - const char *RAND_file_name(char *buf, size_t num); - - int RAND_load_file(const char *filename, long max_bytes); - - int RAND_write_file(const char *filename); - -=head1 DESCRIPTION - -RAND_file_name() generates a default path for the random seed -file. B points to a buffer of size B in which to store the -filename. The seed file is $RANDFILE if that environment variable is -set, $HOME/.rnd otherwise. If $HOME is not set either, or B is -too small for the path name, an error occurs. - -RAND_load_file() reads a number of bytes from file B and -adds them to the PRNG. If B is non-negative, -up to to B are read; starting with OpenSSL 0.9.5, -if B is -1, the complete file is read. - -RAND_write_file() writes a number of random bytes (currently 1024) to -file B which can be used to initialize the PRNG by calling -RAND_load_file() in a later session. - -=head1 RETURN VALUES - -RAND_load_file() returns the number of bytes read. - -RAND_write_file() returns the number of bytes written, and -1 if the -bytes written were generated without appropriate seed. - -RAND_file_name() returns a pointer to B on success, and NULL on -error. - -=head1 SEE ALSO - -L, L, L - -=head1 HISTORY - -RAND_load_file(), RAND_write_file() and RAND_file_name() are available in -all versions of SSLeay and OpenSSL. - -=cut diff --git a/src/lib/libcrypto/doc/RAND_set_rand_method.pod b/src/lib/libcrypto/doc/RAND_set_rand_method.pod deleted file mode 100644 index 464eba416d4..00000000000 --- a/src/lib/libcrypto/doc/RAND_set_rand_method.pod +++ /dev/null @@ -1,59 +0,0 @@ -=pod - -=head1 NAME - -RAND_set_rand_method, RAND_get_rand_method, RAND_SSLeay - select RAND method - -=head1 SYNOPSIS - - #include - - void RAND_set_rand_method(RAND_METHOD *meth); - - RAND_METHOD *RAND_get_rand_method(void); - - RAND_METHOD *RAND_SSLeay(void); - -=head1 DESCRIPTION - -A B specifies the functions that OpenSSL uses for random -number generation. By modifying the method, alternative -implementations such as hardware RNGs may be used. Initially, the -default is to use the OpenSSL internal implementation. RAND_SSLeay() -returns a pointer to that method. - -RAND_set_rand_method() sets the RAND method to B. -RAND_get_rand_method() returns a pointer to the current method. - -=head1 THE RAND_METHOD STRUCTURE - - typedef struct rand_meth_st - { - void (*seed)(const void *buf, int num); - int (*bytes)(unsigned char *buf, int num); - void (*cleanup)(void); - void (*add)(const void *buf, int num, int entropy); - int (*pseudorand)(unsigned char *buf, int num); - int (*status)(void); - } RAND_METHOD; - -The components point to the implementation of RAND_seed(), -RAND_bytes(), RAND_cleanup(), RAND_add(), RAND_pseudo_rand() -and RAND_status(). -Each component may be NULL if the function is not implemented. - -=head1 RETURN VALUES - -RAND_set_rand_method() returns no value. RAND_get_rand_method() and -RAND_SSLeay() return pointers to the respective methods. - -=head1 SEE ALSO - -L - -=head1 HISTORY - -RAND_set_rand_method(), RAND_get_rand_method() and RAND_SSLeay() are -available in all versions of OpenSSL. - -=cut diff --git a/src/lib/libcrypto/doc/RSA_blinding_on.pod b/src/lib/libcrypto/doc/RSA_blinding_on.pod deleted file mode 100644 index fd2c69abd86..00000000000 --- a/src/lib/libcrypto/doc/RSA_blinding_on.pod +++ /dev/null @@ -1,43 +0,0 @@ -=pod - -=head1 NAME - -RSA_blinding_on, RSA_blinding_off - protect the RSA operation from timing attacks - -=head1 SYNOPSIS - - #include - - int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); - - void RSA_blinding_off(RSA *rsa); - -=head1 DESCRIPTION - -RSA is vulnerable to timing attacks. In a setup where attackers can -measure the time of RSA decryption or signature operations, blinding -must be used to protect the RSA operation from that attack. - -RSA_blinding_on() turns blinding on for key B and generates a -random blinding factor. B is B or a pre-allocated and -initialized B. The random number generator must be seeded -prior to calling RSA_blinding_on(). - -RSA_blinding_off() turns blinding off and frees the memory used for -the blinding factor. - -=head1 RETURN VALUES - -RSA_blinding_on() returns 1 on success, and 0 if an error occurred. - -RSA_blinding_off() returns no value. - -=head1 SEE ALSO - -L, L - -=head1 HISTORY - -RSA_blinding_on() and RSA_blinding_off() appeared in SSLeay 0.9.0. - -=cut diff --git a/src/lib/libcrypto/doc/RSA_check_key.pod b/src/lib/libcrypto/doc/RSA_check_key.pod deleted file mode 100644 index 1db6d736abc..00000000000 --- a/src/lib/libcrypto/doc/RSA_check_key.pod +++ /dev/null @@ -1,39 +0,0 @@ -=pod - -=head1 NAME - -RSA_check_key - validate private RSA keys - -=head1 SYNOPSIS - - #include - - int RSA_check_key(RSA *rsa); - -=head1 DESCRIPTION - -This function validates RSA keys. It checks that B

and B are -in fact prime, and that B. - -It also checks that B, -and that B, B and B are set correctly or are B. - -The key's public components may not be B. - -=head1 RETURN VALUE - -RSA_check_key() returns 1 if B is a valid RSA key, and 0 otherwise. --1 is returned if an error occurs while checking the key. - -If the key is invalid or an error occurred, the reason code can be -obtained using L. - -=head1 SEE ALSO - -L, L - -=head1 HISTORY - -RSA_check() appeared in OpenSSL 0.9.4. - -=cut diff --git a/src/lib/libcrypto/doc/RSA_generate_key.pod b/src/lib/libcrypto/doc/RSA_generate_key.pod deleted file mode 100644 index 11bc0b34599..00000000000 --- a/src/lib/libcrypto/doc/RSA_generate_key.pod +++ /dev/null @@ -1,68 +0,0 @@ -=pod - -=head1 NAME - -RSA_generate_key - generate RSA key pair - -=head1 SYNOPSIS - - #include - - RSA *RSA_generate_key(int num, unsigned long e, - void (*callback)(int,int,void *), void *cb_arg); - -=head1 DESCRIPTION - -RSA_generate_key() generates a key pair and returns it in a newly -allocated B structure. The pseudo-random number generator must -be seeded prior to calling RSA_generate_key(). - -The modulus size will be B bits, and the public exponent will be -B. Key sizes with B E 1024 should be considered insecure. -The exponent is an odd number, typically 3, 17 or 65537. - -A callback function may be used to provide feedback about the -progress of the key generation. If B is not B, it -will be called as follows: - -=over 4 - -=item * - -While a random prime number is generated, it is called as -described in L. - -=item * - -When the n-th randomly generated prime is rejected as not -suitable for the key, B is called. - -=item * - -When a random p has been found with p-1 relatively prime to B, -it is called as B. - -=back - -The process is then repeated for prime q with B. - -=head1 RETURN VALUE - -If key generation fails, RSA_generate_key() returns B; the -error codes can be obtained by L. - -=head1 BUGS - -B is used with two different meanings. - -RSA_generate_key() goes into an infinite loop for illegal input values. - -=head1 SEE ALSO - -L, L, L, L - -=head1 HISTORY - -The B argument was added in SSLeay 0.9.0. - -=cut diff --git a/src/lib/libcrypto/doc/RSA_get_ex_new_index.pod b/src/lib/libcrypto/doc/RSA_get_ex_new_index.pod deleted file mode 100644 index 46cc8f53597..00000000000 --- a/src/lib/libcrypto/doc/RSA_get_ex_new_index.pod +++ /dev/null @@ -1,120 +0,0 @@ -=pod - -=head1 NAME - -RSA_get_ex_new_index, RSA_set_ex_data, RSA_get_ex_data - add application specific data to RSA structures - -=head1 SYNOPSIS - - #include - - int RSA_get_ex_new_index(long argl, void *argp, - CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func); - - int RSA_set_ex_data(RSA *r, int idx, void *arg); - - void *RSA_get_ex_data(RSA *r, int idx); - - typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, - int idx, long argl, void *argp); - typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, - int idx, long argl, void *argp); - typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, - int idx, long argl, void *argp); - -=head1 DESCRIPTION - -Several OpenSSL structures can have application specific data attached to them. -This has several potential uses, it can be used to cache data associated with -a structure (for example the hash of some part of the structure) or some -additional data (for example a handle to the data in an external library). - -Since the application data can be anything at all it is passed and retrieved -as a B type. - -The B function is initially called to "register" some -new application specific data. It takes three optional function pointers which -are called when the parent structure (in this case an RSA structure) is -initially created, when it is copied and when it is freed up. If any or all of -these function pointer arguments are not used they should be set to NULL. The -precise manner in which these function pointers are called is described in more -detail below. B also takes additional long and pointer -parameters which will be passed to the supplied functions but which otherwise -have no special meaning. It returns an B which should be stored -(typically in a static variable) and passed used in the B parameter in -the remaining functions. Each successful call to B -will return an index greater than any previously returned, this is important -because the optional functions are called in order of increasing index value. - -B is used to set application specific data, the data is -supplied in the B parameter and its precise meaning is up to the -application. - -B is used to retrieve application specific data. The data -is returned to the application, this will be the same value as supplied to -a previous B call. - -B is called when a structure is initially allocated (for example -with B. The parent structure members will not have any meaningful -values at this point. This function will typically be used to allocate any -application specific structure. - -B is called when a structure is being freed up. The dynamic parent -structure members should not be accessed because they will be freed up when -this function is called. - -B and B take the same parameters. B is a -pointer to the parent RSA structure. B is a the application specific data -(this wont be of much use in B. B is a pointer to the -B structure from the parent RSA structure: the functions -B and B can be called to manipulate -it. The B parameter is the index: this will be the same value returned by -B when the functions were initially registered. Finally -the B and B parameters are the values originally passed to the same -corresponding parameters when B was called. - -B is called when a structure is being copied. Pointers to the -destination and source B structures are passed in the B and -B parameters respectively. The B parameter is passed a pointer to -the source application data when the function is called, when the function returns -the value is copied to the destination: the application can thus modify the data -pointed to by B and have different values in the source and destination. -The B, B and B parameters are the same as those in B -and B. - -=head1 RETURN VALUES - -B returns a new index or -1 on failure (note 0 is a valid -index value). - -B returns 1 on success or 0 on failure. - -B returns the application data or 0 on failure. 0 may also -be valid application data but currently it can only fail if given an invalid B -parameter. - -B and B should return 0 for failure and 1 for success. - -On failure an error code can be obtained from L. - -=head1 BUGS - -B is currently never called. - -The return value of B is ignored. - -The B function isn't very useful because no meaningful values are -present in the parent RSA structure when it is called. - -=head1 SEE ALSO - -L, L - -=head1 HISTORY - -RSA_get_ex_new_index(), RSA_set_ex_data() and RSA_get_ex_data() are -available since SSLeay 0.9.0. - -=cut diff --git a/src/lib/libcrypto/doc/RSA_new.pod b/src/lib/libcrypto/doc/RSA_new.pod deleted file mode 100644 index 299047f31fa..00000000000 --- a/src/lib/libcrypto/doc/RSA_new.pod +++ /dev/null @@ -1,39 +0,0 @@ -=pod - -=head1 NAME - -RSA_new, RSA_free - allocate and free RSA objects - -=head1 SYNOPSIS - - #include - - RSA * RSA_new(void); - - void RSA_free(RSA *rsa); - -=head1 DESCRIPTION - -RSA_new() allocates and initializes an B structure. - -RSA_free() frees the B structure and its components. The key is -erased before the memory is returned to the system. - -=head1 RETURN VALUES - -If the allocation fails, RSA_new() returns B and sets an error -code that can be obtained by L. Otherwise it returns -a pointer to the newly allocated structure. - -RSA_free() returns no value. - -=head1 SEE ALSO - -L, L, -L - -=head1 HISTORY - -RSA_new() and RSA_free() are available in all versions of SSLeay and OpenSSL. - -=cut diff --git a/src/lib/libcrypto/doc/RSA_padding_add_PKCS1_type_1.pod b/src/lib/libcrypto/doc/RSA_padding_add_PKCS1_type_1.pod deleted file mode 100644 index b8f678fe729..00000000000 --- a/src/lib/libcrypto/doc/RSA_padding_add_PKCS1_type_1.pod +++ /dev/null @@ -1,124 +0,0 @@ -=pod - -=head1 NAME - -RSA_padding_add_PKCS1_type_1, RSA_padding_check_PKCS1_type_1, -RSA_padding_add_PKCS1_type_2, RSA_padding_check_PKCS1_type_2, -RSA_padding_add_PKCS1_OAEP, RSA_padding_check_PKCS1_OAEP, -RSA_padding_add_SSLv23, RSA_padding_check_SSLv23, -RSA_padding_add_none, RSA_padding_check_none - asymmetric encryption -padding - -=head1 SYNOPSIS - - #include - - int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen, - unsigned char *f, int fl); - - int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen, - unsigned char *f, int fl, int rsa_len); - - int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen, - unsigned char *f, int fl); - - int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, - unsigned char *f, int fl, int rsa_len); - - int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, - unsigned char *f, int fl, unsigned char *p, int pl); - - int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, - unsigned char *f, int fl, int rsa_len, unsigned char *p, int pl); - - int RSA_padding_add_SSLv23(unsigned char *to, int tlen, - unsigned char *f, int fl); - - int RSA_padding_check_SSLv23(unsigned char *to, int tlen, - unsigned char *f, int fl, int rsa_len); - - int RSA_padding_add_none(unsigned char *to, int tlen, - unsigned char *f, int fl); - - int RSA_padding_check_none(unsigned char *to, int tlen, - unsigned char *f, int fl, int rsa_len); - -=head1 DESCRIPTION - -The RSA_padding_xxx_xxx() functions are called from the RSA encrypt, -decrypt, sign and verify functions. Normally they should not be called -from application programs. - -However, they can also be called directly to implement padding for other -asymmetric ciphers. RSA_padding_add_PKCS1_OAEP() and -RSA_padding_check_PKCS1_OAEP() may be used in an application combined -with B in order to implement OAEP with an encoding -parameter. - -RSA_padding_add_xxx() encodes B bytes from B so as to fit into -B bytes and stores the result at B. An error occurs if B -does not meet the size requirements of the encoding method. - -The following encoding methods are implemented: - -=over 4 - -=item PKCS1_type_1 - -PKCS #1 v2.0 EMSA-PKCS1-v1_5 (PKCS #1 v1.5 block type 1); used for signatures - -=item PKCS1_type_2 - -PKCS #1 v2.0 EME-PKCS1-v1_5 (PKCS #1 v1.5 block type 2) - -=item PKCS1_OAEP - -PKCS #1 v2.0 EME-OAEP - -=item SSLv23 - -PKCS #1 EME-PKCS1-v1_5 with SSL-specific modification - -=item none - -simply copy the data - -=back - -The random number generator must be seeded prior to calling -RSA_padding_add_xxx(). - -RSA_padding_check_xxx() verifies that the B bytes at B contain -a valid encoding for a B byte RSA key in the respective -encoding method and stores the recovered data of at most B bytes -(for B: of size B) -at B. - -For RSA_padding_xxx_OAEP(), B

points to the encoding parameter -of length B. B

may be B if B is 0. - -=head1 RETURN VALUES - -The RSA_padding_add_xxx() functions return 1 on success, 0 on error. -The RSA_padding_check_xxx() functions return the length of the -recovered data, -1 on error. Error codes can be obtained by calling -L. - -=head1 SEE ALSO - -L, -L, -L, L - -=head1 HISTORY - -RSA_padding_add_PKCS1_type_1(), RSA_padding_check_PKCS1_type_1(), -RSA_padding_add_PKCS1_type_2(), RSA_padding_check_PKCS1_type_2(), -RSA_padding_add_SSLv23(), RSA_padding_check_SSLv23(), -RSA_padding_add_none() and RSA_padding_check_none() appeared in -SSLeay 0.9.0. - -RSA_padding_add_PKCS1_OAEP() and RSA_padding_check_PKCS1_OAEP() were -added in OpenSSL 0.9.2b. - -=cut diff --git a/src/lib/libcrypto/doc/RSA_print.pod b/src/lib/libcrypto/doc/RSA_print.pod deleted file mode 100644 index 67876facc5d..00000000000 --- a/src/lib/libcrypto/doc/RSA_print.pod +++ /dev/null @@ -1,49 +0,0 @@ -=pod - -=head1 NAME - -RSA_print, RSA_print_fp, DHparams_print, DHparams_print_fp, DSA_print, -DSA_print_fp, DHparams_print, DHparams_print_fp - print cryptographic -parameters - -=head1 SYNOPSIS - - #include - - int RSA_print(BIO *bp, RSA *x, int offset); - int RSA_print_fp(FILE *fp, RSA *x, int offset); - - #include - - int DSAparams_print(BIO *bp, DSA *x); - int DSAparams_print_fp(FILE *fp, DSA *x); - int DSA_print(BIO *bp, DSA *x, int offset); - int DSA_print_fp(FILE *fp, DSA *x, int offset); - - #include - - int DHparams_print(BIO *bp, DH *x); - int DHparams_print_fp(FILE *fp, DH *x); - -=head1 DESCRIPTION - -A human-readable hexadecimal output of the components of the RSA -key, DSA parameters or key or DH parameters is printed to B or B. - -The output lines are indented by B spaces. - -=head1 RETURN VALUES - -These functions return 1 on success, 0 on error. - -=head1 SEE ALSO - -L, L, L, L - -=head1 HISTORY - -RSA_print(), RSA_print_fp(), DSA_print(), DSA_print_fp(), DH_print(), -DH_print_fp() are available in all versions of SSLeay and OpenSSL. -DSAparams_print() and DSAparams_print_pf() were added in SSLeay 0.8. - -=cut diff --git a/src/lib/libcrypto/doc/RSA_private_encrypt.pod b/src/lib/libcrypto/doc/RSA_private_encrypt.pod deleted file mode 100644 index 0d1b2bd5416..00000000000 --- a/src/lib/libcrypto/doc/RSA_private_encrypt.pod +++ /dev/null @@ -1,70 +0,0 @@ -=pod - -=head1 NAME - -RSA_private_encrypt, RSA_public_decrypt - low level signature operations - -=head1 SYNOPSIS - - #include - - int RSA_private_encrypt(int flen, unsigned char *from, - unsigned char *to, RSA *rsa, int padding); - - int RSA_public_decrypt(int flen, unsigned char *from, - unsigned char *to, RSA *rsa, int padding); - -=head1 DESCRIPTION - -These functions handle RSA signatures at a low level. - -RSA_private_encrypt() signs the B bytes at B (usually a -message digest with an algorithm identifier) using the private key -B and stores the signature in B. B must point to -B bytes of memory. - -B denotes one of the following modes: - -=over 4 - -=item RSA_PKCS1_PADDING - -PKCS #1 v1.5 padding. This function does not handle the -B specified in PKCS #1. When generating or -verifying PKCS #1 signatures, L and L should be -used. - -=item RSA_NO_PADDING - -Raw RSA signature. This mode should I be used to implement -cryptographically sound padding modes in the application code. -Signing user data directly with RSA is insecure. - -=back - -RSA_public_decrypt() recovers the message digest from the B -bytes long signature at B using the signer's public key -B. B must point to a memory section large enough to hold the -message digest (which is smaller than B). B is the padding mode that was used to sign the data. - -=head1 RETURN VALUES - -RSA_private_encrypt() returns the size of the signature (i.e., -RSA_size(rsa)). RSA_public_decrypt() returns the size of the -recovered message digest. - -On error, -1 is returned; the error codes can be -obtained by L. - -=head1 SEE ALSO - -L, L, L, -L - -=head1 HISTORY - -The B argument was added in SSLeay 0.8. RSA_NO_PADDING is -available since SSLeay 0.9.0. - -=cut diff --git a/src/lib/libcrypto/doc/RSA_public_encrypt.pod b/src/lib/libcrypto/doc/RSA_public_encrypt.pod deleted file mode 100644 index 8022a23f99b..00000000000 --- a/src/lib/libcrypto/doc/RSA_public_encrypt.pod +++ /dev/null @@ -1,82 +0,0 @@ -=pod - -=head1 NAME - -RSA_public_encrypt, RSA_private_decrypt - RSA public key cryptography - -=head1 SYNOPSIS - - #include - - int RSA_public_encrypt(int flen, unsigned char *from, - unsigned char *to, RSA *rsa, int padding); - - int RSA_private_decrypt(int flen, unsigned char *from, - unsigned char *to, RSA *rsa, int padding); - -=head1 DESCRIPTION - -RSA_public_encrypt() encrypts the B bytes at B (usually a -session key) using the public key B and stores the ciphertext in -B. B must point to RSA_size(B) bytes of memory. - -B denotes one of the following modes: - -=over 4 - -=item RSA_PKCS1_PADDING - -PKCS #1 v1.5 padding. This currently is the most widely used mode. - -=item RSA_PKCS1_OAEP_PADDING - -EME-OAEP as defined in PKCS #1 v2.0 with SHA-1, MGF1 and an empty -encoding parameter. This mode is recommended for all new applications. - -=item RSA_SSLV23_PADDING - -PKCS #1 v1.5 padding with an SSL-specific modification that denotes -that the server is SSL3 capable. - -=item RSA_NO_PADDING - -Raw RSA encryption. This mode should I be used to implement -cryptographically sound padding modes in the application code. -Encrypting user data directly with RSA is insecure. - -=back - -B must be less than RSA_size(B) - 11 for the PKCS #1 v1.5 -based padding modes, and less than RSA_size(B) - 41 for -RSA_PKCS1_OAEP_PADDING. The random number generator must be seeded -prior to calling RSA_public_encrypt(). - -RSA_private_decrypt() decrypts the B bytes at B using the -private key B and stores the plaintext in B. B must point -to a memory section large enough to hold the decrypted data (which is -smaller than RSA_size(B)). B is the padding mode that -was used to encrypt the data. - -=head1 RETURN VALUES - -RSA_public_encrypt() returns the size of the encrypted data (i.e., -RSA_size(B)). RSA_private_decrypt() returns the size of the -recovered plaintext. - -On error, -1 is returned; the error codes can be -obtained by L. - -=head1 CONFORMING TO - -SSL, PKCS #1 v2.0 - -=head1 SEE ALSO - -L, L, L, L - -=head1 HISTORY - -The B argument was added in SSLeay 0.8. RSA_NO_PADDING is -available since SSLeay 0.9.0, OAEP was added in OpenSSL 0.9.2b. - -=cut diff --git a/src/lib/libcrypto/doc/RSA_set_method.pod b/src/lib/libcrypto/doc/RSA_set_method.pod deleted file mode 100644 index 14917dd35f9..00000000000 --- a/src/lib/libcrypto/doc/RSA_set_method.pod +++ /dev/null @@ -1,156 +0,0 @@ -=pod - -=head1 NAME - -RSA_set_default_method, RSA_get_default_method, RSA_set_method, -RSA_get_method, RSA_PKCS1_SSLeay, -RSA_null_method, RSA_flags, RSA_new_method - select RSA method - -=head1 SYNOPSIS - - #include - #include - - void RSA_set_default_openssl_method(RSA_METHOD *meth); - - RSA_METHOD *RSA_get_default_openssl_method(void); - - int RSA_set_method(RSA *rsa, ENGINE *engine); - - RSA_METHOD *RSA_get_method(RSA *rsa); - - RSA_METHOD *RSA_PKCS1_SSLeay(void); - - RSA_METHOD *RSA_null_method(void); - - int RSA_flags(RSA *rsa); - - RSA *RSA_new_method(ENGINE *engine); - -=head1 DESCRIPTION - -An B specifies the functions that OpenSSL uses for RSA -operations. By modifying the method, alternative implementations -such as hardware accelerators may be used. - -Initially, the default is to use the OpenSSL internal implementation. -RSA_PKCS1_SSLeay() returns a pointer to that method. - -RSA_set_default_openssl_method() makes B the default method for all B -structures created later. B This is true only whilst the default engine -for RSA operations remains as "openssl". ENGINEs provide an -encapsulation for implementations of one or more algorithms at a time, and all -the RSA functions mentioned here operate within the scope of the default -"openssl" engine. - -RSA_get_default_openssl_method() returns a pointer to the current default -method for the "openssl" engine. - -RSA_set_method() selects B for all operations using the key -B. - -RSA_get_method() returns a pointer to the RSA_METHOD from the currently -selected ENGINE for B. - -RSA_flags() returns the B that are set for B's current method. - -RSA_new_method() allocates and initializes an RSA structure so that -B will be used for the RSA operations. If B is NULL, -the default engine for RSA operations is used. - -=head1 THE RSA_METHOD STRUCTURE - - typedef struct rsa_meth_st - { - /* name of the implementation */ - const char *name; - - /* encrypt */ - int (*rsa_pub_enc)(int flen, unsigned char *from, - unsigned char *to, RSA *rsa, int padding); - - /* verify arbitrary data */ - int (*rsa_pub_dec)(int flen, unsigned char *from, - unsigned char *to, RSA *rsa, int padding); - - /* sign arbitrary data */ - int (*rsa_priv_enc)(int flen, unsigned char *from, - unsigned char *to, RSA *rsa, int padding); - - /* decrypt */ - int (*rsa_priv_dec)(int flen, unsigned char *from, - unsigned char *to, RSA *rsa, int padding); - - /* compute r0 = r0 ^ I mod rsa->n (May be NULL for some - implementations) */ - int (*rsa_mod_exp)(BIGNUM *r0, BIGNUM *I, RSA *rsa); - - /* compute r = a ^ p mod m (May be NULL for some implementations) */ - int (*bn_mod_exp)(BIGNUM *r, BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); - - /* called at RSA_new */ - int (*init)(RSA *rsa); - - /* called at RSA_free */ - int (*finish)(RSA *rsa); - - /* RSA_FLAG_EXT_PKEY - rsa_mod_exp is called for private key - * operations, even if p,q,dmp1,dmq1,iqmp - * are NULL - * RSA_FLAG_SIGN_VER - enable rsa_sign and rsa_verify - * RSA_METHOD_FLAG_NO_CHECK - don't check pub/private match - */ - int flags; - - char *app_data; /* ?? */ - - /* sign. For backward compatibility, this is used only - * if (flags & RSA_FLAG_SIGN_VER) - */ - int (*rsa_sign)(int type, unsigned char *m, unsigned int m_len, - unsigned char *sigret, unsigned int *siglen, RSA *rsa); - - /* verify. For backward compatibility, this is used only - * if (flags & RSA_FLAG_SIGN_VER) - */ - int (*rsa_verify)(int type, unsigned char *m, unsigned int m_len, - unsigned char *sigbuf, unsigned int siglen, RSA *rsa); - - } RSA_METHOD; - -=head1 RETURN VALUES - -RSA_PKCS1_SSLeay(), RSA_PKCS1_null_method(), RSA_get_default_openssl_method() -and RSA_get_method() return pointers to the respective RSA_METHODs. - -RSA_set_default_openssl_method() returns no value. - -RSA_set_method() selects B as the engine that will be responsible for -all operations using the structure B. If this function completes successfully, -then the B structure will have its own functional reference of B, so -the caller should remember to free their own reference to B when they are -finished with it. NB: An ENGINE's RSA_METHOD can be retrieved (or set) by -ENGINE_get_RSA() or ENGINE_set_RSA(). - -RSA_new_method() returns NULL and sets an error code that can be -obtained by L if the allocation fails. Otherwise -it returns a pointer to the newly allocated structure. - -=head1 SEE ALSO - -L, L - -=head1 HISTORY - -RSA_new_method() and RSA_set_default_method() appeared in SSLeay 0.8. -RSA_get_default_method(), RSA_set_method() and RSA_get_method() as -well as the rsa_sign and rsa_verify components of RSA_METHOD were -added in OpenSSL 0.9.4. - -RSA_set_default_openssl_method() and RSA_get_default_openssl_method() -replaced RSA_set_default_method() and RSA_get_default_method() respectively, -and RSA_set_method() and RSA_new_method() were altered to use Bs -rather than Bs during development of OpenSSL 0.9.6. - -=cut diff --git a/src/lib/libcrypto/doc/RSA_sign.pod b/src/lib/libcrypto/doc/RSA_sign.pod deleted file mode 100644 index 71688a665e1..00000000000 --- a/src/lib/libcrypto/doc/RSA_sign.pod +++ /dev/null @@ -1,62 +0,0 @@ -=pod - -=head1 NAME - -RSA_sign, RSA_verify - RSA signatures - -=head1 SYNOPSIS - - #include - - int RSA_sign(int type, unsigned char *m, unsigned int m_len, - unsigned char *sigret, unsigned int *siglen, RSA *rsa); - - int RSA_verify(int type, unsigned char *m, unsigned int m_len, - unsigned char *sigbuf, unsigned int siglen, RSA *rsa); - -=head1 DESCRIPTION - -RSA_sign() signs the message digest B of size B using the -private key B as specified in PKCS #1 v2.0. It stores the -signature in B and the signature size in B. B -must point to RSA_size(B) bytes of memory. - -B denotes the message digest algorithm that was used to generate -B. It usually is one of B, B and B; -see L for details. If B is B, -an SSL signature (MD5 and SHA1 message digests with PKCS #1 padding -and no algorithm identifier) is created. - -RSA_verify() verifies that the signature B of size B -matches a given message digest B of size B. B denotes -the message digest algorithm that was used to generate the signature. -B is the signer's public key. - -=head1 RETURN VALUES - -RSA_sign() returns 1 on success, 0 otherwise. RSA_verify() returns 1 -on successful verification, 0 otherwise. - -The error codes can be obtained by L. - -=head1 BUGS - -Certain signatures with an improper algorithm identifier are accepted -for compatibility with SSLeay 0.4.5 :-) - -=head1 CONFORMING TO - -SSL, PKCS #1 v2.0 - -=head1 SEE ALSO - -L, L, -L, L, -L - -=head1 HISTORY - -RSA_sign() and RSA_verify() are available in all versions of SSLeay -and OpenSSL. - -=cut diff --git a/src/lib/libcrypto/doc/RSA_sign_ASN1_OCTET_STRING.pod b/src/lib/libcrypto/doc/RSA_sign_ASN1_OCTET_STRING.pod deleted file mode 100644 index b8c7bbb7e30..00000000000 --- a/src/lib/libcrypto/doc/RSA_sign_ASN1_OCTET_STRING.pod +++ /dev/null @@ -1,59 +0,0 @@ -=pod - -=head1 NAME - -RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING - RSA signatures - -=head1 SYNOPSIS - - #include - - int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m, - unsigned int m_len, unsigned char *sigret, unsigned int *siglen, - RSA *rsa); - - int RSA_verify_ASN1_OCTET_STRING(int dummy, unsigned char *m, - unsigned int m_len, unsigned char *sigbuf, unsigned int siglen, - RSA *rsa); - -=head1 DESCRIPTION - -RSA_sign_ASN1_OCTET_STRING() signs the octet string B of size -B using the private key B represented in DER using PKCS #1 -padding. It stores the signature in B and the signature size -in B. B must point to B bytes of -memory. - -B is ignored. - -The random number generator must be seeded prior to calling RSA_sign_ASN1_OCTET_STRING(). - -RSA_verify_ASN1_OCTET_STRING() verifies that the signature B -of size B is the DER representation of a given octet string -B of size B. B is ignored. B is the signer's -public key. - -=head1 RETURN VALUES - -RSA_sign_ASN1_OCTET_STRING() returns 1 on success, 0 otherwise. -RSA_verify_ASN1_OCTET_STRING() returns 1 on successful verification, 0 -otherwise. - -The error codes can be obtained by L. - -=head1 BUGS - -These functions serve no recognizable purpose. - -=head1 SEE ALSO - -L, L, L, -L, L, -L - -=head1 HISTORY - -RSA_sign_ASN1_OCTET_STRING() and RSA_verify_ASN1_OCTET_STRING() were -added in SSLeay 0.8. - -=cut diff --git a/src/lib/libcrypto/doc/RSA_size.pod b/src/lib/libcrypto/doc/RSA_size.pod deleted file mode 100644 index b36b4d58d54..00000000000 --- a/src/lib/libcrypto/doc/RSA_size.pod +++ /dev/null @@ -1,33 +0,0 @@ -=pod - -=head1 NAME - -RSA_size - get RSA modulus size - -=head1 SYNOPSIS - - #include - - int RSA_size(RSA *rsa); - -=head1 DESCRIPTION - -This function returns the RSA modulus size in bytes. It can be used to -determine how much memory must be allocated for an RSA encrypted -value. - -Bn> must not be B. - -=head1 RETURN VALUE - -The size in bytes. - -=head1 SEE ALSO - -L - -=head1 HISTORY - -RSA_size() is available in all versions of SSLeay and OpenSSL. - -=cut diff --git a/src/lib/libcrypto/doc/bn.pod b/src/lib/libcrypto/doc/bn.pod deleted file mode 100644 index 210dfeac08c..00000000000 --- a/src/lib/libcrypto/doc/bn.pod +++ /dev/null @@ -1,158 +0,0 @@ -=pod - -=head1 NAME - -bn - multiprecision integer arithmetics - -=head1 SYNOPSIS - - #include - - BIGNUM *BN_new(void); - void BN_free(BIGNUM *a); - void BN_init(BIGNUM *); - void BN_clear(BIGNUM *a); - void BN_clear_free(BIGNUM *a); - - BN_CTX *BN_CTX_new(void); - void BN_CTX_init(BN_CTX *c); - void BN_CTX_free(BN_CTX *c); - - BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b); - BIGNUM *BN_dup(const BIGNUM *a); - - BIGNUM *BN_swap(BIGNUM *a, BIGNUM *b); - - int BN_num_bytes(const BIGNUM *a); - int BN_num_bits(const BIGNUM *a); - int BN_num_bits_word(BN_ULONG w); - - int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); - int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); - int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); - int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx); - int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d, - BN_CTX *ctx); - int BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); - int BN_nnmod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); - int BN_mod_add(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, - BN_CTX *ctx); - int BN_mod_sub(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, - BN_CTX *ctx); - int BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, - BN_CTX *ctx); - int BN_mod_sqr(BIGNUM *ret, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); - int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx); - int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx); - int BN_gcd(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); - - int BN_add_word(BIGNUM *a, BN_ULONG w); - int BN_sub_word(BIGNUM *a, BN_ULONG w); - int BN_mul_word(BIGNUM *a, BN_ULONG w); - BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w); - BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w); - - int BN_cmp(BIGNUM *a, BIGNUM *b); - int BN_ucmp(BIGNUM *a, BIGNUM *b); - int BN_is_zero(BIGNUM *a); - int BN_is_one(BIGNUM *a); - int BN_is_word(BIGNUM *a, BN_ULONG w); - int BN_is_odd(BIGNUM *a); - - int BN_zero(BIGNUM *a); - int BN_one(BIGNUM *a); - const BIGNUM *BN_value_one(void); - int BN_set_word(BIGNUM *a, unsigned long w); - unsigned long BN_get_word(BIGNUM *a); - - int BN_rand(BIGNUM *rnd, int bits, int top, int bottom); - int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); - int BN_rand_range(BIGNUM *rnd, BIGNUM *range); - int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range); - - BIGNUM *BN_generate_prime(BIGNUM *ret, int bits,int safe, BIGNUM *add, - BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg); - int BN_is_prime(const BIGNUM *p, int nchecks, - void (*callback)(int, int, void *), BN_CTX *ctx, void *cb_arg); - - int BN_set_bit(BIGNUM *a, int n); - int BN_clear_bit(BIGNUM *a, int n); - int BN_is_bit_set(const BIGNUM *a, int n); - int BN_mask_bits(BIGNUM *a, int n); - int BN_lshift(BIGNUM *r, const BIGNUM *a, int n); - int BN_lshift1(BIGNUM *r, BIGNUM *a); - int BN_rshift(BIGNUM *r, BIGNUM *a, int n); - int BN_rshift1(BIGNUM *r, BIGNUM *a); - - int BN_bn2bin(const BIGNUM *a, unsigned char *to); - BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret); - char *BN_bn2hex(const BIGNUM *a); - char *BN_bn2dec(const BIGNUM *a); - int BN_hex2bn(BIGNUM **a, const char *str); - int BN_dec2bn(BIGNUM **a, const char *str); - int BN_print(BIO *fp, const BIGNUM *a); - int BN_print_fp(FILE *fp, const BIGNUM *a); - int BN_bn2mpi(const BIGNUM *a, unsigned char *to); - BIGNUM *BN_mpi2bn(unsigned char *s, int len, BIGNUM *ret); - - BIGNUM *BN_mod_inverse(BIGNUM *r, BIGNUM *a, const BIGNUM *n, - BN_CTX *ctx); - - BN_RECP_CTX *BN_RECP_CTX_new(void); - void BN_RECP_CTX_init(BN_RECP_CTX *recp); - void BN_RECP_CTX_free(BN_RECP_CTX *recp); - int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *m, BN_CTX *ctx); - int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *a, BIGNUM *b, - BN_RECP_CTX *recp, BN_CTX *ctx); - - BN_MONT_CTX *BN_MONT_CTX_new(void); - void BN_MONT_CTX_init(BN_MONT_CTX *ctx); - void BN_MONT_CTX_free(BN_MONT_CTX *mont); - int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *m, BN_CTX *ctx); - BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from); - int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b, - BN_MONT_CTX *mont, BN_CTX *ctx); - int BN_from_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont, - BN_CTX *ctx); - int BN_to_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont, - BN_CTX *ctx); - - -=head1 DESCRIPTION - -This library performs arithmetic operations on integers of arbitrary -size. It was written for use in public key cryptography, such as RSA -and Diffie-Hellman. - -It uses dynamic memory allocation for storing its data structures. -That means that there is no limit on the size of the numbers -manipulated by these functions, but return values must always be -checked in case a memory allocation error has occurred. - -The basic object in this library is a B. It is used to hold a -single large integer. This type should be considered opaque and fields -should not be modified or accessed directly. - -The creation of B objects is described in L; -L describes most of the arithmetic operations. -Comparison is described in L; L -describes certain assignments, L the generation of -random numbers, L deals with prime -numbers and L with bit operations. The conversion -of Bs to external formats is described in L. - -=head1 SEE ALSO - -L, -L, L, L, L, -L, L, -L, L, L, -L, L, -L, L, L, -L, L, -L, L, -L, -L - -=cut diff --git a/src/lib/libcrypto/doc/d2i_DHparams.pod b/src/lib/libcrypto/doc/d2i_DHparams.pod deleted file mode 100644 index a6d1743d39a..00000000000 --- a/src/lib/libcrypto/doc/d2i_DHparams.pod +++ /dev/null @@ -1,30 +0,0 @@ -=pod - -=head1 NAME - -d2i_DHparams, i2d_DHparams - ... - -=head1 SYNOPSIS - - #include - - DH *d2i_DHparams(DH **a, unsigned char **pp, long length); - int i2d_DHparams(DH *a, unsigned char **pp); - -=head1 DESCRIPTION - -... - -=head1 RETURN VALUES - -... - -=head1 SEE ALSO - -... - -=head1 HISTORY - -... - -=cut diff --git a/src/lib/libcrypto/doc/d2i_RSAPublicKey.pod b/src/lib/libcrypto/doc/d2i_RSAPublicKey.pod deleted file mode 100644 index ff4d0d57dbf..00000000000 --- a/src/lib/libcrypto/doc/d2i_RSAPublicKey.pod +++ /dev/null @@ -1,39 +0,0 @@ -=pod - -=head1 NAME - -d2i_RSAPublicKey, i2d_RSAPublicKey, d2i_RSAPrivateKey, i2d_RSAPrivateKey, i2d_Netscape_RSA, d2i_Netscape_RSA - ... - -=head1 SYNOPSIS - - #include - - RSA * d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length); - - int i2d_RSAPublicKey(RSA *a, unsigned char **pp); - - RSA * d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length); - - int i2d_RSAPrivateKey(RSA *a, unsigned char **pp); - - int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)()); - - RSA * d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)()); - -=head1 DESCRIPTION - -... - -=head1 RETURN VALUES - -... - -=head1 SEE ALSO - -... - -=head1 HISTORY - -... - -=cut diff --git a/src/lib/libcrypto/doc/dh.pod b/src/lib/libcrypto/doc/dh.pod deleted file mode 100644 index b4be4be4058..00000000000 --- a/src/lib/libcrypto/doc/dh.pod +++ /dev/null @@ -1,69 +0,0 @@ -=pod - -=head1 NAME - -dh - Diffie-Hellman key agreement - -=head1 SYNOPSIS - - #include - #include - - DH * DH_new(void); - void DH_free(DH *dh); - - int DH_size(DH *dh); - - DH * DH_generate_parameters(int prime_len, int generator, - void (*callback)(int, int, void *), void *cb_arg); - int DH_check(DH *dh, int *codes); - - int DH_generate_key(DH *dh); - int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh); - - void DH_set_default_openssl_method(DH_METHOD *meth); - DH_METHOD *DH_get_default_openssl_method(void); - int DH_set_method(DH *dh, ENGINE *engine); - DH *DH_new_method(ENGINE *engine); - DH_METHOD *DH_OpenSSL(void); - - int DH_get_ex_new_index(long argl, char *argp, int (*new_func)(), - int (*dup_func)(), void (*free_func)()); - int DH_set_ex_data(DH *d, int idx, char *arg); - char *DH_get_ex_data(DH *d, int idx); - - DH * d2i_DHparams(DH **a, unsigned char **pp, long length); - int i2d_DHparams(DH *a, unsigned char **pp); - - int DHparams_print_fp(FILE *fp, DH *x); - int DHparams_print(BIO *bp, DH *x); - -=head1 DESCRIPTION - -These functions implement the Diffie-Hellman key agreement protocol. -The generation of shared DH parameters is described in -L; L describes how -to perform a key agreement. - -The B structure consists of several BIGNUM components. - - struct - { - BIGNUM *p; // prime number (shared) - BIGNUM *g; // generator of Z_p (shared) - BIGNUM *priv_key; // private DH value x - BIGNUM *pub_key; // public DH value g^x - // ... - }; - DH - -=head1 SEE ALSO - -L, L, L, L, -L, L, L, -L, L, -L, -L, L, -L - -=cut diff --git a/src/lib/libcrypto/doc/dsa.pod b/src/lib/libcrypto/doc/dsa.pod deleted file mode 100644 index 573500204bb..00000000000 --- a/src/lib/libcrypto/doc/dsa.pod +++ /dev/null @@ -1,105 +0,0 @@ -=pod - -=head1 NAME - -dsa - Digital Signature Algorithm - -=head1 SYNOPSIS - - #include - #include - - DSA * DSA_new(void); - void DSA_free(DSA *dsa); - - int DSA_size(DSA *dsa); - - DSA * DSA_generate_parameters(int bits, unsigned char *seed, - int seed_len, int *counter_ret, unsigned long *h_ret, - void (*callback)(int, int, void *), void *cb_arg); - - DH * DSA_dup_DH(DSA *r); - - int DSA_generate_key(DSA *dsa); - - int DSA_sign(int dummy, const unsigned char *dgst, int len, - unsigned char *sigret, unsigned int *siglen, DSA *dsa); - int DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp, - BIGNUM **rp); - int DSA_verify(int dummy, const unsigned char *dgst, int len, - unsigned char *sigbuf, int siglen, DSA *dsa); - - void DSA_set_default_openssl_method(DSA_METHOD *meth); - DSA_METHOD *DSA_get_default_openssl_method(void); - int DSA_set_method(DSA *dsa, ENGINE *engine); - DSA *DSA_new_method(ENGINE *engine); - DSA_METHOD *DSA_OpenSSL(void); - - int DSA_get_ex_new_index(long argl, char *argp, int (*new_func)(), - int (*dup_func)(), void (*free_func)()); - int DSA_set_ex_data(DSA *d, int idx, char *arg); - char *DSA_get_ex_data(DSA *d, int idx); - - DSA_SIG *DSA_SIG_new(void); - void DSA_SIG_free(DSA_SIG *a); - int i2d_DSA_SIG(DSA_SIG *a, unsigned char **pp); - DSA_SIG *d2i_DSA_SIG(DSA_SIG **v, unsigned char **pp, long length); - - DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); - int DSA_do_verify(const unsigned char *dgst, int dgst_len, - DSA_SIG *sig, DSA *dsa); - - DSA * d2i_DSAPublicKey(DSA **a, unsigned char **pp, long length); - DSA * d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length); - DSA * d2i_DSAparams(DSA **a, unsigned char **pp, long length); - int i2d_DSAPublicKey(DSA *a, unsigned char **pp); - int i2d_DSAPrivateKey(DSA *a, unsigned char **pp); - int i2d_DSAparams(DSA *a,unsigned char **pp); - - int DSAparams_print(BIO *bp, DSA *x); - int DSAparams_print_fp(FILE *fp, DSA *x); - int DSA_print(BIO *bp, DSA *x, int off); - int DSA_print_fp(FILE *bp, DSA *x, int off); - -=head1 DESCRIPTION - -These functions implement the Digital Signature Algorithm (DSA). The -generation of shared DSA parameters is described in -L; -L describes how to -generate a signature key. Signature generation and verification are -described in L. - -The B structure consists of several BIGNUM components. - - struct - { - BIGNUM *p; // prime number (public) - BIGNUM *q; // 160-bit subprime, q | p-1 (public) - BIGNUM *g; // generator of subgroup (public) - BIGNUM *priv_key; // private key x - BIGNUM *pub_key; // public key y = g^x - // ... - } - DSA; - -In public keys, B is NULL. - -=head1 CONFORMING TO - -US Federal Information Processing Standard FIPS 186 (Digital Signature -Standard, DSS), ANSI X9.30 - -=head1 SEE ALSO - -L, L, L, L, -L, L, L, -L, -L, -L, -L, -L, L, -L, -L - -=cut diff --git a/src/lib/libcrypto/doc/evp.pod b/src/lib/libcrypto/doc/evp.pod deleted file mode 100644 index edf47dbde66..00000000000 --- a/src/lib/libcrypto/doc/evp.pod +++ /dev/null @@ -1,37 +0,0 @@ -=pod - -=head1 NAME - -evp - high-level cryptographic functions - -=head1 SYNOPSIS - - #include - -=head1 DESCRIPTION - -The EVP library provides a high-level interface to cryptographic -functions. - -BI<...> and BI<...> provide public key encryption -and decryption to implement digital "envelopes". - -The BI<...> and BI<...> functions implement -digital signatures. - -Symmetric encryption is available with the BI<...> -functions. The BI<...> functions provide message digests. - -Algorithms are loaded with OpenSSL_add_all_algorithms(3). - -=head1 SEE ALSO - -L, -L, -L, -L, -L, -L, -L - -=cut diff --git a/src/lib/libcrypto/doc/lh_stats.pod b/src/lib/libcrypto/doc/lh_stats.pod deleted file mode 100644 index 3eeaa72e525..00000000000 --- a/src/lib/libcrypto/doc/lh_stats.pod +++ /dev/null @@ -1,60 +0,0 @@ -=pod - -=head1 NAME - -lh_stats, lh_node_stats, lh_node_usage_stats, lh_stats_bio, -lh_node_stats_bio, lh_node_usage_stats_bio - LHASH statistics - -=head1 SYNOPSIS - - #include - - void lh_stats(LHASH *table, FILE *out); - void lh_node_stats(LHASH *table, FILE *out); - void lh_node_usage_stats(LHASH *table, FILE *out); - - void lh_stats_bio(LHASH *table, BIO *out); - void lh_node_stats_bio(LHASH *table, BIO *out); - void lh_node_usage_stats_bio(LHASH *table, BIO *out); - -=head1 DESCRIPTION - -The B structure records statistics about most aspects of -accessing the hash table. This is mostly a legacy of Eric Young -writing this library for the reasons of implementing what looked like -a nice algorithm rather than for a particular software product. - -lh_stats() prints out statistics on the size of the hash table, how -many entries are in it, and the number and result of calls to the -routines in this library. - -lh_node_stats() prints the number of entries for each 'bucket' in the -hash table. - -lh_node_usage_stats() prints out a short summary of the state of the -hash table. It prints the 'load' and the 'actual load'. The load is -the average number of data items per 'bucket' in the hash table. The -'actual load' is the average number of items per 'bucket', but only -for buckets which contain entries. So the 'actual load' is the -average number of searches that will need to find an item in the hash -table, while the 'load' is the average number that will be done to -record a miss. - -lh_stats_bio(), lh_node_stats_bio() and lh_node_usage_stats_bio() -are the same as the above, except that the output goes to a B. - -=head1 RETURN VALUES - -These functions do not return values. - -=head1 SEE ALSO - -L, L - -=head1 HISTORY - -These functions are available in all versions of SSLeay and OpenSSL. - -This manpage is derived from the SSLeay documentation. - -=cut diff --git a/src/lib/libcrypto/doc/rsa.pod b/src/lib/libcrypto/doc/rsa.pod deleted file mode 100644 index 09ad30cab15..00000000000 --- a/src/lib/libcrypto/doc/rsa.pod +++ /dev/null @@ -1,116 +0,0 @@ -=pod - -=head1 NAME - -rsa - RSA public key cryptosystem - -=head1 SYNOPSIS - - #include - #include - - RSA * RSA_new(void); - void RSA_free(RSA *rsa); - - int RSA_public_encrypt(int flen, unsigned char *from, - unsigned char *to, RSA *rsa, int padding); - int RSA_private_decrypt(int flen, unsigned char *from, - unsigned char *to, RSA *rsa, int padding); - - int RSA_sign(int type, unsigned char *m, unsigned int m_len, - unsigned char *sigret, unsigned int *siglen, RSA *rsa); - int RSA_verify(int type, unsigned char *m, unsigned int m_len, - unsigned char *sigbuf, unsigned int siglen, RSA *rsa); - - int RSA_size(RSA *rsa); - - RSA *RSA_generate_key(int num, unsigned long e, - void (*callback)(int,int,void *), void *cb_arg); - - int RSA_check_key(RSA *rsa); - - int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); - void RSA_blinding_off(RSA *rsa); - - void RSA_set_default_openssl_method(RSA_METHOD *meth); - RSA_METHOD *RSA_get_default_openssl_method(void); - int RSA_set_method(RSA *rsa, ENGINE *engine); - RSA_METHOD *RSA_get_method(RSA *rsa); - RSA_METHOD *RSA_PKCS1_SSLeay(void); - RSA_METHOD *RSA_null_method(void); - int RSA_flags(RSA *rsa); - RSA *RSA_new_method(ENGINE *engine); - - int RSA_print(BIO *bp, RSA *x, int offset); - int RSA_print_fp(FILE *fp, RSA *x, int offset); - - int RSA_get_ex_new_index(long argl, char *argp, int (*new_func)(), - int (*dup_func)(), void (*free_func)()); - int RSA_set_ex_data(RSA *r,int idx,char *arg); - char *RSA_get_ex_data(RSA *r, int idx); - - int RSA_private_encrypt(int flen, unsigned char *from, - unsigned char *to, RSA *rsa,int padding); - int RSA_public_decrypt(int flen, unsigned char *from, - unsigned char *to, RSA *rsa,int padding); - - int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m, - unsigned int m_len, unsigned char *sigret, unsigned int *siglen, - RSA *rsa); - int RSA_verify_ASN1_OCTET_STRING(int dummy, unsigned char *m, - unsigned int m_len, unsigned char *sigbuf, unsigned int siglen, - RSA *rsa); - -=head1 DESCRIPTION - -These functions implement RSA public key encryption and signatures -as defined in PKCS #1 v2.0 [RFC 2437]. - -The B structure consists of several BIGNUM components. It can -contain public as well as private RSA keys: - - struct - { - BIGNUM *n; // public modulus - BIGNUM *e; // public exponent - BIGNUM *d; // private exponent - BIGNUM *p; // secret prime factor - BIGNUM *q; // secret prime factor - BIGNUM *dmp1; // d mod (p-1) - BIGNUM *dmq1; // d mod (q-1) - BIGNUM *iqmp; // q^-1 mod p - // ... - }; - RSA - -In public keys, the private exponent and the related secret values are -B. - -B

, B, B, B and B may be B in private -keys, but the RSA operations are much faster when these values are -available. - -=head1 CONFORMING TO - -SSL, PKCS #1 v2.0 - -=head1 PATENTS - -RSA was covered by a US patent which expired in September 2000. - -=head1 SEE ALSO - -L, L, L, L, -L, L, -L, -L, L, -L, -L, -L, -L, L, -L, -L, -L, -L - -=cut diff --git a/src/lib/libcrypto/dsa/Makefile.ssl b/src/lib/libcrypto/dsa/Makefile.ssl deleted file mode 100644 index c1859abe083..00000000000 --- a/src/lib/libcrypto/dsa/Makefile.ssl +++ /dev/null @@ -1,169 +0,0 @@ -# -# SSLeay/crypto/dsa/Makefile -# - -DIR= dsa -TOP= ../.. -CC= cc -INCLUDES= -I.. -I$(TOP) -I../../include -CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKE= make -f Makefile.ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) -MAKEFILE= Makefile.ssl -AR= ar r - -CFLAGS= $(INCLUDES) $(CFLAG) - -GENERAL=Makefile -TEST=dsatest.c -APPS= - -LIB=$(TOP)/libcrypto.a -LIBSRC= dsa_gen.c dsa_key.c dsa_lib.c dsa_asn1.c dsa_vrf.c dsa_sign.c \ - dsa_err.c dsa_ossl.c -LIBOBJ= dsa_gen.o dsa_key.o dsa_lib.o dsa_asn1.o dsa_vrf.o dsa_sign.o \ - dsa_err.o dsa_ossl.o - -SRC= $(LIBSRC) - -EXHEADER= dsa.h -HEADER= $(EXHEADER) - -ALL= $(GENERAL) $(SRC) $(HEADER) - -top: - (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) - -all: lib - -lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) || echo Never mind. - @touch lib - -files: - $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO - -links: - @sh $(TOP)/util/point.sh Makefile.ssl Makefile - @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) - @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) - @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) - -install: - @for i in $(EXHEADER) ; \ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; - -tags: - ctags $(SRC) - -tests: - -lint: - lint -DLINT $(INCLUDES) $(SRC)>fluff - -depend: - $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) - -dclean: - $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new - mv -f Makefile.new $(MAKEFILE) - -clean: - rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff - -# DO NOT DELETE THIS LINE -- make depend depends on it. - -dsa_asn1.o: ../../e_os.h ../../include/openssl/asn1.h -dsa_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -dsa_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -dsa_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -dsa_asn1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -dsa_asn1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -dsa_asn1.o: ../../include/openssl/opensslconf.h -dsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -dsa_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -dsa_asn1.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_asn1.c -dsa_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -dsa_err.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -dsa_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -dsa_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -dsa_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -dsa_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -dsa_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -dsa_err.o: dsa_err.c -dsa_gen.o: ../../e_os.h ../../include/openssl/asn1.h -dsa_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -dsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -dsa_gen.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -dsa_gen.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -dsa_gen.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -dsa_gen.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -dsa_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -dsa_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -dsa_gen.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -dsa_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -dsa_gen.o: ../cryptlib.h dsa_gen.c -dsa_key.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h -dsa_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -dsa_key.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -dsa_key.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -dsa_key.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -dsa_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -dsa_key.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -dsa_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -dsa_key.o: ../cryptlib.h dsa_key.c -dsa_lib.o: ../../e_os.h ../../include/openssl/asn1.h -dsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -dsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -dsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -dsa_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -dsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -dsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -dsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -dsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -dsa_lib.o: ../../include/openssl/ui.h ../cryptlib.h dsa_lib.c -dsa_ossl.o: ../../e_os.h ../../include/openssl/asn1.h -dsa_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -dsa_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -dsa_ossl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -dsa_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -dsa_ossl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -dsa_ossl.o: ../../include/openssl/opensslconf.h -dsa_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -dsa_ossl.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -dsa_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -dsa_ossl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -dsa_ossl.o: ../cryptlib.h dsa_ossl.c -dsa_sign.o: ../../e_os.h ../../include/openssl/asn1.h -dsa_sign.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -dsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -dsa_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -dsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -dsa_sign.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -dsa_sign.o: ../../include/openssl/opensslconf.h -dsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -dsa_sign.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -dsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -dsa_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -dsa_sign.o: ../cryptlib.h dsa_sign.c -dsa_vrf.o: ../../e_os.h ../../include/openssl/asn1.h -dsa_vrf.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h -dsa_vrf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -dsa_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -dsa_vrf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -dsa_vrf.o: ../../include/openssl/engine.h ../../include/openssl/err.h -dsa_vrf.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -dsa_vrf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -dsa_vrf.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -dsa_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -dsa_vrf.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -dsa_vrf.o: ../cryptlib.h dsa_vrf.c diff --git a/src/lib/libcrypto/dsa/README b/src/lib/libcrypto/dsa/README deleted file mode 100644 index 6a7e9c170ad..00000000000 --- a/src/lib/libcrypto/dsa/README +++ /dev/null @@ -1,4 +0,0 @@ -The stuff in here is based on patches supplied to me by -Steven Schoch to do DSS. -I have since modified a them a little but a debt of gratitude -is due for doing the initial work. diff --git a/src/lib/libcrypto/dsa/dsa.h b/src/lib/libcrypto/dsa/dsa.h index 9b3baadf2c4..61bfc2b4668 100644 --- a/src/lib/libcrypto/dsa/dsa.h +++ b/src/lib/libcrypto/dsa/dsa.h @@ -1,4 +1,4 @@ -/* crypto/dsa/dsa.h */ +/* $OpenBSD: dsa.h,v 1.30 2018/03/17 15:19:12 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -65,6 +65,8 @@ #ifndef HEADER_DSA_H #define HEADER_DSA_H +#include + #ifdef OPENSSL_NO_DSA #error DSA is disabled. #endif @@ -72,20 +74,44 @@ #ifndef OPENSSL_NO_BIO #include #endif -#include #include #include + +#ifndef OPENSSL_NO_DEPRECATED +#include #ifndef OPENSSL_NO_DH # include #endif +#endif + +#ifndef OPENSSL_DSA_MAX_MODULUS_BITS +# define OPENSSL_DSA_MAX_MODULUS_BITS 10000 +#endif #define DSA_FLAG_CACHE_MONT_P 0x01 +/* If this flag is set the DSA method is FIPS compliant and can be used + * in FIPS mode. This is set in the validated module method. If an + * application sets this flag in its own methods it is its reposibility + * to ensure the result is compliant. + */ + +#define DSA_FLAG_FIPS_METHOD 0x0400 + +/* If this flag is set the operations normally disabled in FIPS mode are + * permitted it is then the applications responsibility to ensure that the + * usage is compliant. + */ + +#define DSA_FLAG_NON_FIPS_ALLOW 0x0400 + #ifdef __cplusplus extern "C" { #endif -typedef struct dsa_st DSA; +/* Already defined in ossl_typ.h */ +/* typedef struct dsa_st DSA; */ +/* typedef struct dsa_method DSA_METHOD; */ typedef struct DSA_SIG_st { @@ -93,13 +119,14 @@ typedef struct DSA_SIG_st BIGNUM *s; } DSA_SIG; -typedef struct dsa_method { +struct dsa_method + { const char *name; DSA_SIG * (*dsa_do_sign)(const unsigned char *dgst, int dlen, DSA *dsa); int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len, - DSA_SIG *sig, DSA *dsa); + DSA_SIG *sig, DSA *dsa); int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont); @@ -110,7 +137,14 @@ typedef struct dsa_method { int (*finish)(DSA *dsa); int flags; char *app_data; -} DSA_METHOD; + /* If this is non-NULL, it is used to generate DSA parameters */ + int (*dsa_paramgen)(DSA *dsa, int bits, + const unsigned char *seed, int seed_len, + int *counter_ret, unsigned long *h_ret, + BN_GENCB *cb); + /* If this is non-NULL, it is used to generate DSA keys */ + int (*dsa_keygen)(DSA *dsa); + }; struct dsa_st { @@ -131,7 +165,7 @@ struct dsa_st int flags; /* Normally used to cache montgomery values */ - char *method_mont_p; + BN_MONT_CTX *method_mont_p; int references; CRYPTO_EX_DATA ex_data; const DSA_METHOD *meth; @@ -139,22 +173,18 @@ struct dsa_st ENGINE *engine; }; -#define DSAparams_dup(x) (DSA *)ASN1_dup((int (*)())i2d_DSAparams, \ - (char *(*)())d2i_DSAparams,(char *)(x)) -#define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \ - (char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x)) -#define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \ - (unsigned char *)(x)) -#define d2i_DSAparams_bio(bp,x) (DSA *)ASN1_d2i_bio((char *(*)())DSA_new, \ - (char *(*)())d2i_DSAparams,(bp),(unsigned char **)(x)) -#define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio(i2d_DSAparams,(bp), \ - (unsigned char *)(x)) - +DSA *d2i_DSAparams_bio(BIO *bp, DSA **a); +int i2d_DSAparams_bio(BIO *bp, DSA *a); +DSA *d2i_DSAparams_fp(FILE *fp, DSA **a); +int i2d_DSAparams_fp(FILE *fp, DSA *a); +DSA *DSAparams_dup(DSA *x); DSA_SIG * DSA_SIG_new(void); void DSA_SIG_free(DSA_SIG *a); int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp); DSA_SIG * d2i_DSA_SIG(DSA_SIG **v, const unsigned char **pp, long length); +void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); +int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s); DSA_SIG * DSA_do_sign(const unsigned char *dgst,int dlen,DSA *dsa); int DSA_do_verify(const unsigned char *dgst,int dgst_len, @@ -168,7 +198,7 @@ int DSA_set_method(DSA *dsa, const DSA_METHOD *); DSA * DSA_new(void); DSA * DSA_new_method(ENGINE *engine); -void DSA_free (DSA *r); +void DSA_free(DSA *r); /* "up" the DSA object's reference count */ int DSA_up_ref(DSA *r); int DSA_size(const DSA *); @@ -183,26 +213,39 @@ int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, int DSA_set_ex_data(DSA *d, int idx, void *arg); void *DSA_get_ex_data(DSA *d, int idx); -DSA * d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length); -DSA * d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length); -DSA * d2i_DSAparams(DSA **a, const unsigned char **pp, long length); +DSA *d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length); +int i2d_DSAPublicKey(const DSA *a, unsigned char **pp); +extern const ASN1_ITEM DSAPublicKey_it; + +DSA *d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length); +int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp); +extern const ASN1_ITEM DSAPrivateKey_it; + +DSA *d2i_DSAparams(DSA **a, const unsigned char **pp, long length); +int i2d_DSAparams(const DSA *a,unsigned char **pp); +extern const ASN1_ITEM DSAparams_it; + +/* Deprecated version */ +#ifndef OPENSSL_NO_DEPRECATED DSA * DSA_generate_parameters(int bits, unsigned char *seed,int seed_len, int *counter_ret, unsigned long *h_ret,void (*callback)(int, int, void *),void *cb_arg); +#endif /* !defined(OPENSSL_NO_DEPRECATED) */ + +/* New version */ +int DSA_generate_parameters_ex(DSA *dsa, int bits, + const unsigned char *seed,int seed_len, + int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); + int DSA_generate_key(DSA *a); -int i2d_DSAPublicKey(const DSA *a, unsigned char **pp); -int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp); -int i2d_DSAparams(const DSA *a,unsigned char **pp); #ifndef OPENSSL_NO_BIO int DSAparams_print(BIO *bp, const DSA *x); int DSA_print(BIO *bp, const DSA *x, int off); #endif -#ifndef OPENSSL_NO_FP_API int DSAparams_print_fp(FILE *fp, const DSA *x); int DSA_print_fp(FILE *bp, const DSA *x, int off); -#endif #define DSS_prime_checks 50 /* Primality test according to FIPS PUB 186[-1], Appendix 2.1: @@ -216,6 +259,31 @@ int DSA_print_fp(FILE *bp, const DSA *x, int off); DH *DSA_dup_DH(const DSA *r); #endif +void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, + const BIGNUM **g); +int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g); +void DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key); +int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key); +void DSA_clear_flags(DSA *d, int flags); +int DSA_test_flags(const DSA *d, int flags); +void DSA_set_flags(DSA *d, int flags); +ENGINE *DSA_get0_engine(DSA *d); + +DSA_METHOD *DSA_meth_new(const char *name, int flags); +void DSA_meth_free(DSA_METHOD *meth); +DSA_METHOD *DSA_meth_dup(const DSA_METHOD *meth); +int DSA_meth_set_sign(DSA_METHOD *meth, + DSA_SIG *(*sign)(const unsigned char *, int, DSA *)); +int DSA_meth_set_finish(DSA_METHOD *meth, int (*finish)(DSA *)); + +#define EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL) + +#define EVP_PKEY_CTRL_DSA_PARAMGEN_BITS (EVP_PKEY_ALG_CTRL + 1) +#define EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS (EVP_PKEY_ALG_CTRL + 2) +#define EVP_PKEY_CTRL_DSA_PARAMGEN_MD (EVP_PKEY_ALG_CTRL + 3) + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. @@ -226,23 +294,44 @@ void ERR_load_DSA_strings(void); /* Function codes. */ #define DSA_F_D2I_DSA_SIG 110 +#define DSA_F_DO_DSA_PRINT 104 #define DSA_F_DSAPARAMS_PRINT 100 #define DSA_F_DSAPARAMS_PRINT_FP 101 #define DSA_F_DSA_DO_SIGN 112 #define DSA_F_DSA_DO_VERIFY 113 +#define DSA_F_DSA_GENERATE_KEY 124 +#define DSA_F_DSA_GENERATE_PARAMETERS_EX 123 #define DSA_F_DSA_NEW_METHOD 103 -#define DSA_F_DSA_PRINT 104 +#define DSA_F_DSA_PARAM_DECODE 119 #define DSA_F_DSA_PRINT_FP 105 +#define DSA_F_DSA_PRIV_DECODE 115 +#define DSA_F_DSA_PRIV_ENCODE 116 +#define DSA_F_DSA_PUB_DECODE 117 +#define DSA_F_DSA_PUB_ENCODE 118 #define DSA_F_DSA_SIGN 106 #define DSA_F_DSA_SIGN_SETUP 107 #define DSA_F_DSA_SIG_NEW 109 +#define DSA_F_DSA_SIG_PRINT 125 #define DSA_F_DSA_VERIFY 108 #define DSA_F_I2D_DSA_SIG 111 +#define DSA_F_OLD_DSA_PRIV_DECODE 122 +#define DSA_F_PKEY_DSA_CTRL 120 +#define DSA_F_PKEY_DSA_KEYGEN 121 #define DSA_F_SIG_CB 114 /* Reason codes. */ +#define DSA_R_BAD_Q_VALUE 102 +#define DSA_R_BN_DECODE_ERROR 108 +#define DSA_R_BN_ERROR 109 #define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100 +#define DSA_R_DECODE_ERROR 104 +#define DSA_R_INVALID_DIGEST_TYPE 106 #define DSA_R_MISSING_PARAMETERS 101 +#define DSA_R_MODULUS_TOO_LARGE 103 +#define DSA_R_NEED_NEW_SETUP_VALUES 110 +#define DSA_R_NON_FIPS_DSA_METHOD 111 +#define DSA_R_NO_PARAMETERS_SET 107 +#define DSA_R_PARAMETER_ENCODING_ERROR 105 #ifdef __cplusplus } diff --git a/src/lib/libcrypto/dsa/dsa_ameth.c b/src/lib/libcrypto/dsa/dsa_ameth.c new file mode 100644 index 00000000000..85ef234bb9f --- /dev/null +++ b/src/lib/libcrypto/dsa/dsa_ameth.c @@ -0,0 +1,675 @@ +/* $OpenBSD: dsa_ameth.c,v 1.27 2019/01/20 01:56:59 tb Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2006. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include + +#include + +#include +#include +#include +#include +#include + +#include "asn1_locl.h" +#include "bn_lcl.h" + +static int +dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) +{ + const unsigned char *p, *pm; + int pklen, pmlen; + int ptype; + const void *pval; + const ASN1_STRING *pstr; + X509_ALGOR *palg; + ASN1_INTEGER *public_key = NULL; + + DSA *dsa = NULL; + + if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey)) + return 0; + X509_ALGOR_get0(NULL, &ptype, &pval, palg); + + if (ptype == V_ASN1_SEQUENCE) { + pstr = pval; + pm = pstr->data; + pmlen = pstr->length; + + if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen))) { + DSAerror(DSA_R_DECODE_ERROR); + goto err; + } + } else if (ptype == V_ASN1_NULL || ptype == V_ASN1_UNDEF) { + if (!(dsa = DSA_new())) { + DSAerror(ERR_R_MALLOC_FAILURE); + goto err; + } + } else { + DSAerror(DSA_R_PARAMETER_ENCODING_ERROR); + goto err; + } + + if (!(public_key=d2i_ASN1_INTEGER(NULL, &p, pklen))) { + DSAerror(DSA_R_DECODE_ERROR); + goto err; + } + + if (!(dsa->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) { + DSAerror(DSA_R_BN_DECODE_ERROR); + goto err; + } + + ASN1_INTEGER_free(public_key); + EVP_PKEY_assign_DSA(pkey, dsa); + return 1; + +err: + if (public_key) + ASN1_INTEGER_free(public_key); + DSA_free(dsa); + return 0; +} + +static int +dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) +{ + DSA *dsa; + void *pval = NULL; + int ptype; + unsigned char *penc = NULL; + int penclen; + + dsa = pkey->pkey.dsa; + if (pkey->save_parameters && dsa->p && dsa->q && dsa->g) { + ASN1_STRING *str; + + str = ASN1_STRING_new(); + if (str == NULL) { + DSAerror(ERR_R_MALLOC_FAILURE); + goto err; + } + str->length = i2d_DSAparams(dsa, &str->data); + if (str->length <= 0) { + DSAerror(ERR_R_MALLOC_FAILURE); + ASN1_STRING_free(str); + goto err; + } + pval = str; + ptype = V_ASN1_SEQUENCE; + } else + ptype = V_ASN1_UNDEF; + + dsa->write_params = 0; + + penclen = i2d_DSAPublicKey(dsa, &penc); + + if (penclen <= 0) { + DSAerror(ERR_R_MALLOC_FAILURE); + goto err; + } + + if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DSA), ptype, pval, + penc, penclen)) + return 1; + +err: + free(penc); + ASN1_STRING_free(pval); + + return 0; +} + +/* In PKCS#8 DSA: you just get a private key integer and parameters in the + * AlgorithmIdentifier the pubkey must be recalculated. + */ +static int +dsa_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8) +{ + const unsigned char *p, *pm; + int pklen, pmlen; + int ptype; + const void *pval; + const ASN1_STRING *pstr; + const X509_ALGOR *palg; + ASN1_INTEGER *privkey = NULL; + BN_CTX *ctx = NULL; + DSA *dsa = NULL; + + int ret = 0; + + if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8)) + return 0; + X509_ALGOR_get0(NULL, &ptype, &pval, palg); + if (ptype != V_ASN1_SEQUENCE) + goto decerr; + + if ((privkey = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL) + goto decerr; + if (privkey->type == V_ASN1_NEG_INTEGER) + goto decerr; + + pstr = pval; + pm = pstr->data; + pmlen = pstr->length; + if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen))) + goto decerr; + /* We have parameters now set private key */ + if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) { + DSAerror(DSA_R_BN_ERROR); + goto dsaerr; + } + /* Calculate public key */ + if (!(dsa->pub_key = BN_new())) { + DSAerror(ERR_R_MALLOC_FAILURE); + goto dsaerr; + } + if (!(ctx = BN_CTX_new())) { + DSAerror(ERR_R_MALLOC_FAILURE); + goto dsaerr; + } + + if (!BN_mod_exp_ct(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) { + DSAerror(DSA_R_BN_ERROR); + goto dsaerr; + } + + if (!EVP_PKEY_assign_DSA(pkey, dsa)) + goto decerr; + + ret = 1; + goto done; + +decerr: + DSAerror(DSA_R_DECODE_ERROR); +dsaerr: + DSA_free(dsa); +done: + BN_CTX_free(ctx); + ASN1_INTEGER_free(privkey); + return ret; +} + +static int +dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) +{ + ASN1_STRING *params = NULL; + ASN1_INTEGER *prkey = NULL; + unsigned char *dp = NULL; + int dplen; + + params = ASN1_STRING_new(); + if (!params) { + DSAerror(ERR_R_MALLOC_FAILURE); + goto err; + } + + params->length = i2d_DSAparams(pkey->pkey.dsa, ¶ms->data); + if (params->length <= 0) { + DSAerror(ERR_R_MALLOC_FAILURE); + goto err; + } + params->type = V_ASN1_SEQUENCE; + + /* Get private key into integer */ + prkey = BN_to_ASN1_INTEGER(pkey->pkey.dsa->priv_key, NULL); + if (!prkey) { + DSAerror(DSA_R_BN_ERROR); + goto err; + } + + dplen = i2d_ASN1_INTEGER(prkey, &dp); + + ASN1_INTEGER_free(prkey); + prkey = NULL; + + if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0, V_ASN1_SEQUENCE, + params, dp, dplen)) + goto err; + + return 1; + +err: + free(dp); + ASN1_STRING_free(params); + ASN1_INTEGER_free(prkey); + return 0; +} + +static int +int_dsa_size(const EVP_PKEY *pkey) +{ + return DSA_size(pkey->pkey.dsa); +} + +static int +dsa_bits(const EVP_PKEY *pkey) +{ + return BN_num_bits(pkey->pkey.dsa->p); +} + +static int +dsa_missing_parameters(const EVP_PKEY *pkey) +{ + DSA *dsa; + + dsa = pkey->pkey.dsa; + if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL) + return 1; + return 0; +} + +static int +dsa_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) +{ + BIGNUM *a; + + if ((a = BN_dup(from->pkey.dsa->p)) == NULL) + return 0; + BN_free(to->pkey.dsa->p); + to->pkey.dsa->p = a; + + if ((a = BN_dup(from->pkey.dsa->q)) == NULL) + return 0; + BN_free(to->pkey.dsa->q); + to->pkey.dsa->q = a; + + if ((a = BN_dup(from->pkey.dsa->g)) == NULL) + return 0; + BN_free(to->pkey.dsa->g); + to->pkey.dsa->g = a; + return 1; +} + +static int +dsa_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) +{ + if (BN_cmp(a->pkey.dsa->p, b->pkey.dsa->p) || + BN_cmp(a->pkey.dsa->q, b->pkey.dsa->q) || + BN_cmp(a->pkey.dsa->g, b->pkey.dsa->g)) + return 0; + else + return 1; +} + +static int +dsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) +{ + if (BN_cmp(b->pkey.dsa->pub_key, a->pkey.dsa->pub_key) != 0) + return 0; + else + return 1; +} + +static void +int_dsa_free(EVP_PKEY *pkey) +{ + DSA_free(pkey->pkey.dsa); +} + +static void +update_buflen(const BIGNUM *b, size_t *pbuflen) +{ + size_t i; + + if (!b) + return; + if (*pbuflen < (i = (size_t)BN_num_bytes(b))) + *pbuflen = i; +} + +static int +do_dsa_print(BIO *bp, const DSA *x, int off, int ptype) +{ + unsigned char *m = NULL; + int ret = 0; + size_t buf_len = 0; + const char *ktype = NULL; + const BIGNUM *priv_key, *pub_key; + + if (ptype == 2) + priv_key = x->priv_key; + else + priv_key = NULL; + + if (ptype > 0) + pub_key = x->pub_key; + else + pub_key = NULL; + + if (ptype == 2) + ktype = "Private-Key"; + else if (ptype == 1) + ktype = "Public-Key"; + else + ktype = "DSA-Parameters"; + + update_buflen(x->p, &buf_len); + update_buflen(x->q, &buf_len); + update_buflen(x->g, &buf_len); + update_buflen(priv_key, &buf_len); + update_buflen(pub_key, &buf_len); + + m = malloc(buf_len + 10); + if (m == NULL) { + DSAerror(ERR_R_MALLOC_FAILURE); + goto err; + } + + if (priv_key) { + if (!BIO_indent(bp, off, 128)) + goto err; + if (BIO_printf(bp, "%s: (%d bit)\n", ktype, + BN_num_bits(x->p)) <= 0) + goto err; + } + + if (!ASN1_bn_print(bp, "priv:", priv_key, m, off)) + goto err; + if (!ASN1_bn_print(bp, "pub: ", pub_key, m, off)) + goto err; + if (!ASN1_bn_print(bp, "P: ", x->p, m, off)) + goto err; + if (!ASN1_bn_print(bp, "Q: ", x->q, m, off)) + goto err; + if (!ASN1_bn_print(bp, "G: ", x->g, m, off)) + goto err; + ret = 1; +err: + free(m); + return(ret); +} + +static int +dsa_param_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen) +{ + DSA *dsa; + + if (!(dsa = d2i_DSAparams(NULL, pder, derlen))) { + DSAerror(ERR_R_DSA_LIB); + return 0; + } + EVP_PKEY_assign_DSA(pkey, dsa); + return 1; +} + +static int +dsa_param_encode(const EVP_PKEY *pkey, unsigned char **pder) +{ + return i2d_DSAparams(pkey->pkey.dsa, pder); +} + +static int +dsa_param_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx) +{ + return do_dsa_print(bp, pkey->pkey.dsa, indent, 0); +} + +static int +dsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx) +{ + return do_dsa_print(bp, pkey->pkey.dsa, indent, 1); +} + +static int +dsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx) +{ + return do_dsa_print(bp, pkey->pkey.dsa, indent, 2); +} + +static int +old_dsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen) +{ + DSA *dsa; + BN_CTX *ctx = NULL; + BIGNUM *j, *p1, *newp1; + + if (!(dsa = d2i_DSAPrivateKey(NULL, pder, derlen))) { + DSAerror(ERR_R_DSA_LIB); + return 0; + } + + ctx = BN_CTX_new(); + if (ctx == NULL) + goto err; + + /* + * Check that p and q are consistent with each other. + */ + + j = BN_CTX_get(ctx); + p1 = BN_CTX_get(ctx); + newp1 = BN_CTX_get(ctx); + if (j == NULL || p1 == NULL || newp1 == NULL) + goto err; + /* p1 = p - 1 */ + if (BN_sub(p1, dsa->p, BN_value_one()) == 0) + goto err; + /* j = (p - 1) / q */ + if (BN_div_ct(j, NULL, p1, dsa->q, ctx) == 0) + goto err; + /* q * j should == p - 1 */ + if (BN_mul(newp1, dsa->q, j, ctx) == 0) + goto err; + if (BN_cmp(newp1, p1) != 0) { + DSAerror(DSA_R_BAD_Q_VALUE); + goto err; + } + + /* + * Check that q is not a composite number. + */ + + if (BN_is_prime_ex(dsa->q, BN_prime_checks, ctx, NULL) <= 0) { + DSAerror(DSA_R_BAD_Q_VALUE); + goto err; + } + + BN_CTX_free(ctx); + + EVP_PKEY_assign_DSA(pkey, dsa); + return 1; + + err: + BN_CTX_free(ctx); + DSA_free(dsa); + return 0; +} + +static int +old_dsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder) +{ + return i2d_DSAPrivateKey(pkey->pkey.dsa, pder); +} + +static int +dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, const ASN1_STRING *sig, + int indent, ASN1_PCTX *pctx) +{ + DSA_SIG *dsa_sig; + const unsigned char *p; + + if (!sig) { + if (BIO_puts(bp, "\n") <= 0) + return 0; + else + return 1; + } + p = sig->data; + dsa_sig = d2i_DSA_SIG(NULL, &p, sig->length); + if (dsa_sig) { + int rv = 0; + size_t buf_len = 0; + unsigned char *m = NULL; + + update_buflen(dsa_sig->r, &buf_len); + update_buflen(dsa_sig->s, &buf_len); + m = malloc(buf_len + 10); + if (m == NULL) { + DSAerror(ERR_R_MALLOC_FAILURE); + goto err; + } + + if (BIO_write(bp, "\n", 1) != 1) + goto err; + + if (!ASN1_bn_print(bp, "r: ", dsa_sig->r, m, indent)) + goto err; + if (!ASN1_bn_print(bp, "s: ", dsa_sig->s, m, indent)) + goto err; + rv = 1; +err: + free(m); + DSA_SIG_free(dsa_sig); + return rv; + } + return X509_signature_dump(bp, sig, indent); +} + +static int +dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) +{ + switch (op) { + case ASN1_PKEY_CTRL_PKCS7_SIGN: + if (arg1 == 0) { + int snid, hnid; + X509_ALGOR *alg1, *alg2; + + PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2); + if (alg1 == NULL || alg1->algorithm == NULL) + return -1; + hnid = OBJ_obj2nid(alg1->algorithm); + if (hnid == NID_undef) + return -1; + if (!OBJ_find_sigid_by_algs(&snid, hnid, + EVP_PKEY_id(pkey))) + return -1; + X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, + 0); + } + return 1; + + case ASN1_PKEY_CTRL_DEFAULT_MD_NID: + *(int *)arg2 = NID_sha1; + return 2; + + default: + return -2; + } +} + +/* NB these are sorted in pkey_id order, lowest first */ + +const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[] = { + { + .pkey_id = EVP_PKEY_DSA2, + .pkey_base_id = EVP_PKEY_DSA, + .pkey_flags = ASN1_PKEY_ALIAS + }, + + { + .pkey_id = EVP_PKEY_DSA1, + .pkey_base_id = EVP_PKEY_DSA, + .pkey_flags = ASN1_PKEY_ALIAS + }, + + { + .pkey_id = EVP_PKEY_DSA4, + .pkey_base_id = EVP_PKEY_DSA, + .pkey_flags = ASN1_PKEY_ALIAS + }, + + { + .pkey_id = EVP_PKEY_DSA3, + .pkey_base_id = EVP_PKEY_DSA, + .pkey_flags = ASN1_PKEY_ALIAS + }, + + { + .pkey_id = EVP_PKEY_DSA, + .pkey_base_id = EVP_PKEY_DSA, + + .pem_str = "DSA", + .info = "OpenSSL DSA method", + + .pub_decode = dsa_pub_decode, + .pub_encode = dsa_pub_encode, + .pub_cmp = dsa_pub_cmp, + .pub_print = dsa_pub_print, + + .priv_decode = dsa_priv_decode, + .priv_encode = dsa_priv_encode, + .priv_print = dsa_priv_print, + + .pkey_size = int_dsa_size, + .pkey_bits = dsa_bits, + + .param_decode = dsa_param_decode, + .param_encode = dsa_param_encode, + .param_missing = dsa_missing_parameters, + .param_copy = dsa_copy_parameters, + .param_cmp = dsa_cmp_parameters, + .param_print = dsa_param_print, + .sig_print = dsa_sig_print, + + .pkey_free = int_dsa_free, + .pkey_ctrl = dsa_pkey_ctrl, + .old_priv_decode = old_dsa_priv_decode, + .old_priv_encode = old_dsa_priv_encode + } +}; diff --git a/src/lib/libcrypto/dsa/dsa_asn1.c b/src/lib/libcrypto/dsa/dsa_asn1.c index 23fce555aa4..23f08bb1f98 100644 --- a/src/lib/libcrypto/dsa/dsa_asn1.c +++ b/src/lib/libcrypto/dsa/dsa_asn1.c @@ -1,9 +1,9 @@ -/* dsa_asn1.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: dsa_asn1.c,v 1.22 2018/06/14 17:03:19 jsing Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -57,42 +57,112 @@ */ #include -#include "cryptlib.h" -#include +#include + #include #include +#include +#include /* Override the default new methods */ -static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) +static int +sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) { - if(operation == ASN1_OP_NEW_PRE) { + if (operation == ASN1_OP_NEW_PRE) { DSA_SIG *sig; - sig = OPENSSL_malloc(sizeof(DSA_SIG)); - sig->r = NULL; - sig->s = NULL; + + if ((sig = DSA_SIG_new()) == NULL) { + DSAerror(ERR_R_MALLOC_FAILURE); + return 0; + } *pval = (ASN1_VALUE *)sig; - if(sig) return 2; - DSAerr(DSA_F_SIG_CB, ERR_R_MALLOC_FAILURE); - return 0; + return 2; } return 1; } -ASN1_SEQUENCE_cb(DSA_SIG, sig_cb) = { - ASN1_SIMPLE(DSA_SIG, r, CBIGNUM), - ASN1_SIMPLE(DSA_SIG, s, CBIGNUM) -} ASN1_SEQUENCE_END_cb(DSA_SIG, DSA_SIG) +static const ASN1_AUX DSA_SIG_aux = { + .app_data = NULL, + .flags = 0, + .ref_offset = 0, + .ref_lock = 0, + .asn1_cb = sig_cb, + .enc_offset = 0, +}; +static const ASN1_TEMPLATE DSA_SIG_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(DSA_SIG, r), + .field_name = "r", + .item = &CBIGNUM_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(DSA_SIG, s), + .field_name = "s", + .item = &CBIGNUM_it, + }, +}; + +const ASN1_ITEM DSA_SIG_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = DSA_SIG_seq_tt, + .tcount = sizeof(DSA_SIG_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = &DSA_SIG_aux, + .size = sizeof(DSA_SIG), + .sname = "DSA_SIG", +}; + + +DSA_SIG * +d2i_DSA_SIG(DSA_SIG **a, const unsigned char **in, long len) +{ + return (DSA_SIG *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &DSA_SIG_it); +} + +int +i2d_DSA_SIG(const DSA_SIG *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &DSA_SIG_it); +} + +void +DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) +{ + if (pr != NULL) + *pr = sig->r; + if (ps != NULL) + *ps = sig->s; +} + +int +DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s) +{ + if (r == NULL || s == NULL) + return 0; + + BN_clear_free(sig->r); + sig->r = r; + BN_clear_free(sig->s); + sig->s = s; -IMPLEMENT_ASN1_FUNCTIONS_const(DSA_SIG) + return 1; +} /* Override the default free and new methods */ -static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) +static int +dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) { - if(operation == ASN1_OP_NEW_PRE) { + if (operation == ASN1_OP_NEW_PRE) { *pval = (ASN1_VALUE *)DSA_new(); - if(*pval) return 2; + if (*pval) + return 2; return 0; - } else if(operation == ASN1_OP_FREE_PRE) { + } else if (operation == ASN1_OP_FREE_PRE) { DSA_free((DSA *)*pval); *pval = NULL; return 2; @@ -100,41 +170,311 @@ static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) return 1; } -ASN1_SEQUENCE_cb(DSAPrivateKey, dsa_cb) = { - ASN1_SIMPLE(DSA, version, LONG), - ASN1_SIMPLE(DSA, p, BIGNUM), - ASN1_SIMPLE(DSA, q, BIGNUM), - ASN1_SIMPLE(DSA, g, BIGNUM), - ASN1_SIMPLE(DSA, pub_key, BIGNUM), - ASN1_SIMPLE(DSA, priv_key, BIGNUM) -} ASN1_SEQUENCE_END_cb(DSA, DSAPrivateKey) +static const ASN1_AUX DSAPrivateKey_aux = { + .app_data = NULL, + .flags = 0, + .ref_offset = 0, + .ref_lock = 0, + .asn1_cb = dsa_cb, + .enc_offset = 0, +}; +static const ASN1_TEMPLATE DSAPrivateKey_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(DSA, version), + .field_name = "version", + .item = &LONG_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(DSA, p), + .field_name = "p", + .item = &BIGNUM_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(DSA, q), + .field_name = "q", + .item = &BIGNUM_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(DSA, g), + .field_name = "g", + .item = &BIGNUM_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(DSA, pub_key), + .field_name = "pub_key", + .item = &BIGNUM_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(DSA, priv_key), + .field_name = "priv_key", + .item = &BIGNUM_it, + }, +}; + +const ASN1_ITEM DSAPrivateKey_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = DSAPrivateKey_seq_tt, + .tcount = sizeof(DSAPrivateKey_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = &DSAPrivateKey_aux, + .size = sizeof(DSA), + .sname = "DSA", +}; + + +DSA * +d2i_DSAPrivateKey(DSA **a, const unsigned char **in, long len) +{ + return (DSA *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &DSAPrivateKey_it); +} + +int +i2d_DSAPrivateKey(const DSA *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &DSAPrivateKey_it); +} + +static const ASN1_AUX DSAparams_aux = { + .app_data = NULL, + .flags = 0, + .ref_offset = 0, + .ref_lock = 0, + .asn1_cb = dsa_cb, + .enc_offset = 0, +}; +static const ASN1_TEMPLATE DSAparams_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(DSA, p), + .field_name = "p", + .item = &BIGNUM_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(DSA, q), + .field_name = "q", + .item = &BIGNUM_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(DSA, g), + .field_name = "g", + .item = &BIGNUM_it, + }, +}; + +const ASN1_ITEM DSAparams_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = DSAparams_seq_tt, + .tcount = sizeof(DSAparams_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = &DSAparams_aux, + .size = sizeof(DSA), + .sname = "DSA", +}; + + +DSA * +d2i_DSAparams(DSA **a, const unsigned char **in, long len) +{ + return (DSA *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &DSAparams_it); +} + +int +i2d_DSAparams(const DSA *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &DSAparams_it); +} -IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPrivateKey, DSAPrivateKey) +DSA * +d2i_DSAparams_bio(BIO *bp, DSA **a) +{ + return ASN1_item_d2i_bio(&DSAparams_it, bp, a); +} + +int +i2d_DSAparams_bio(BIO *bp, DSA *a) +{ + return ASN1_item_i2d_bio(&DSAparams_it, bp, a); +} -ASN1_SEQUENCE_cb(DSAparams, dsa_cb) = { - ASN1_SIMPLE(DSA, p, BIGNUM), - ASN1_SIMPLE(DSA, q, BIGNUM), - ASN1_SIMPLE(DSA, g, BIGNUM), -} ASN1_SEQUENCE_END_cb(DSA, DSAparams) +DSA * +d2i_DSAparams_fp(FILE *fp, DSA **a) +{ + return ASN1_item_d2i_fp(&DSAparams_it, fp, a); +} -IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAparams, DSAparams) +int +i2d_DSAparams_fp(FILE *fp, DSA *a) +{ + return ASN1_item_i2d_fp(&DSAparams_it, fp, a); +} -/* DSA public key is a bit trickier... its effectively a CHOICE type +/* + * DSA public key is a bit trickier... its effectively a CHOICE type * decided by a field called write_params which can either write out * just the public key as an INTEGER or the parameters and public key * in a SEQUENCE */ -ASN1_SEQUENCE(dsa_pub_internal) = { - ASN1_SIMPLE(DSA, pub_key, BIGNUM), - ASN1_SIMPLE(DSA, p, BIGNUM), - ASN1_SIMPLE(DSA, q, BIGNUM), - ASN1_SIMPLE(DSA, g, BIGNUM) -} ASN1_SEQUENCE_END_name(DSA, dsa_pub_internal) +static const ASN1_TEMPLATE dsa_pub_internal_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(DSA, pub_key), + .field_name = "pub_key", + .item = &BIGNUM_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(DSA, p), + .field_name = "p", + .item = &BIGNUM_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(DSA, q), + .field_name = "q", + .item = &BIGNUM_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(DSA, g), + .field_name = "g", + .item = &BIGNUM_it, + }, +}; + +const ASN1_ITEM dsa_pub_internal_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = dsa_pub_internal_seq_tt, + .tcount = sizeof(dsa_pub_internal_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(DSA), + .sname = "DSA", +}; + +static const ASN1_AUX DSAPublicKey_aux = { + .app_data = NULL, + .flags = 0, + .ref_offset = 0, + .ref_lock = 0, + .asn1_cb = dsa_cb, + .enc_offset = 0, +}; +static const ASN1_TEMPLATE DSAPublicKey_ch_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(DSA, pub_key), + .field_name = "pub_key", + .item = &BIGNUM_it, + }, + { + .flags = 0 | ASN1_TFLG_COMBINE, + .tag = 0, + .offset = 0, + .field_name = NULL, + .item = &dsa_pub_internal_it, + }, +}; + +const ASN1_ITEM DSAPublicKey_it = { + .itype = ASN1_ITYPE_CHOICE, + .utype = offsetof(DSA, write_params), + .templates = DSAPublicKey_ch_tt, + .tcount = sizeof(DSAPublicKey_ch_tt) / sizeof(ASN1_TEMPLATE), + .funcs = &DSAPublicKey_aux, + .size = sizeof(DSA), + .sname = "DSA", +}; + + +DSA * +d2i_DSAPublicKey(DSA **a, const unsigned char **in, long len) +{ + return (DSA *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &DSAPublicKey_it); +} + +int +i2d_DSAPublicKey(const DSA *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &DSAPublicKey_it); +} + +DSA * +DSAparams_dup(DSA *dsa) +{ + return ASN1_item_dup(&DSAparams_it, dsa); +} + +int +DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, + unsigned int *siglen, DSA *dsa) +{ + DSA_SIG *s; -ASN1_CHOICE_cb(DSAPublicKey, dsa_cb) = { - ASN1_SIMPLE(DSA, pub_key, BIGNUM), - ASN1_EX_COMBINE(0, 0, dsa_pub_internal) -} ASN1_CHOICE_END_cb(DSA, DSAPublicKey, write_params) + s = DSA_do_sign(dgst, dlen, dsa); + if (s == NULL) { + *siglen = 0; + return 0; + } + *siglen = i2d_DSA_SIG(s,&sig); + DSA_SIG_free(s); + return 1; +} -IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey) +/* + * data has already been hashed (probably with SHA or SHA-1). + * returns + * 1: correct signature + * 0: incorrect signature + * -1: error + */ +int +DSA_verify(int type, const unsigned char *dgst, int dgst_len, + const unsigned char *sigbuf, int siglen, DSA *dsa) +{ + DSA_SIG *s; + unsigned char *der = NULL; + const unsigned char *p = sigbuf; + int derlen = -1; + int ret = -1; + + s = DSA_SIG_new(); + if (s == NULL) + return ret; + if (d2i_DSA_SIG(&s, &p, siglen) == NULL) + goto err; + /* Ensure signature uses DER and doesn't have trailing garbage */ + derlen = i2d_DSA_SIG(s, &der); + if (derlen != siglen || memcmp(sigbuf, der, derlen)) + goto err; + ret = DSA_do_verify(dgst, dgst_len, s, dsa); +err: + freezero(der, derlen); + DSA_SIG_free(s); + return ret; +} diff --git a/src/lib/libcrypto/dsa/dsa_depr.c b/src/lib/libcrypto/dsa/dsa_depr.c new file mode 100644 index 00000000000..269cd634507 --- /dev/null +++ b/src/lib/libcrypto/dsa/dsa_depr.c @@ -0,0 +1,92 @@ +/* $OpenBSD: dsa_depr.c,v 1.7 2014/10/18 17:20:40 jsing Exp $ */ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* This file contains deprecated function(s) that are now wrappers to the new + * version(s). */ + +#include +#include + +#include + +#ifndef OPENSSL_NO_SHA + +#include +#include +#include +#include + +#ifndef OPENSSL_NO_DEPRECATED +DSA * +DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len, + int *counter_ret, unsigned long *h_ret, void (*callback)(int, int, void *), + void *cb_arg) +{ + BN_GENCB cb; + DSA *ret; + + if ((ret = DSA_new()) == NULL) + return NULL; + + BN_GENCB_set_old(&cb, callback, cb_arg); + + if (DSA_generate_parameters_ex(ret, bits, seed_in, seed_len, + counter_ret, h_ret, &cb)) + return ret; + DSA_free(ret); + return NULL; +} +#endif +#endif diff --git a/src/lib/libcrypto/dsa/dsa_err.c b/src/lib/libcrypto/dsa/dsa_err.c index 79aa4ff526c..2dcddcbf77c 100644 --- a/src/lib/libcrypto/dsa/dsa_err.c +++ b/src/lib/libcrypto/dsa/dsa_err.c @@ -1,6 +1,6 @@ -/* crypto/dsa/dsa_err.c */ +/* $OpenBSD: dsa_err.c,v 1.15 2017/01/29 17:49:22 beck Exp $ */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -59,34 +59,37 @@ */ #include + +#include + #include #include /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -static ERR_STRING_DATA DSA_str_functs[]= - { -{ERR_PACK(0,DSA_F_D2I_DSA_SIG,0), "d2i_DSA_SIG"}, -{ERR_PACK(0,DSA_F_DSAPARAMS_PRINT,0), "DSAparams_print"}, -{ERR_PACK(0,DSA_F_DSAPARAMS_PRINT_FP,0), "DSAparams_print_fp"}, -{ERR_PACK(0,DSA_F_DSA_DO_SIGN,0), "DSA_do_sign"}, -{ERR_PACK(0,DSA_F_DSA_DO_VERIFY,0), "DSA_do_verify"}, -{ERR_PACK(0,DSA_F_DSA_NEW_METHOD,0), "DSA_new_method"}, -{ERR_PACK(0,DSA_F_DSA_PRINT,0), "DSA_print"}, -{ERR_PACK(0,DSA_F_DSA_PRINT_FP,0), "DSA_print_fp"}, -{ERR_PACK(0,DSA_F_DSA_SIGN,0), "DSA_sign"}, -{ERR_PACK(0,DSA_F_DSA_SIGN_SETUP,0), "DSA_sign_setup"}, -{ERR_PACK(0,DSA_F_DSA_SIG_NEW,0), "DSA_SIG_new"}, -{ERR_PACK(0,DSA_F_DSA_VERIFY,0), "DSA_verify"}, -{ERR_PACK(0,DSA_F_I2D_DSA_SIG,0), "i2d_DSA_SIG"}, -{ERR_PACK(0,DSA_F_SIG_CB,0), "SIG_CB"}, -{0,NULL} - }; + +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DSA,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSA,0,reason) + +static ERR_STRING_DATA DSA_str_functs[]= { + {ERR_FUNC(0xfff), "CRYPTO_internal"}, + {0, NULL} +}; static ERR_STRING_DATA DSA_str_reasons[]= { -{DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"}, -{DSA_R_MISSING_PARAMETERS ,"missing parameters"}, +{ERR_REASON(DSA_R_BAD_Q_VALUE) ,"bad q value"}, +{ERR_REASON(DSA_R_BN_DECODE_ERROR) ,"bn decode error"}, +{ERR_REASON(DSA_R_BN_ERROR) ,"bn error"}, +{ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"}, +{ERR_REASON(DSA_R_DECODE_ERROR) ,"decode error"}, +{ERR_REASON(DSA_R_INVALID_DIGEST_TYPE) ,"invalid digest type"}, +{ERR_REASON(DSA_R_MISSING_PARAMETERS) ,"missing parameters"}, +{ERR_REASON(DSA_R_MODULUS_TOO_LARGE) ,"modulus too large"}, +{ERR_REASON(DSA_R_NEED_NEW_SETUP_VALUES) ,"need new setup values"}, +{ERR_REASON(DSA_R_NON_FIPS_DSA_METHOD) ,"non fips dsa method"}, +{ERR_REASON(DSA_R_NO_PARAMETERS_SET) ,"no parameters set"}, +{ERR_REASON(DSA_R_PARAMETER_ENCODING_ERROR),"parameter encoding error"}, {0,NULL} }; @@ -94,15 +97,12 @@ static ERR_STRING_DATA DSA_str_reasons[]= void ERR_load_DSA_strings(void) { - static int init=1; - - if (init) - { - init=0; #ifndef OPENSSL_NO_ERR - ERR_load_strings(ERR_LIB_DSA,DSA_str_functs); - ERR_load_strings(ERR_LIB_DSA,DSA_str_reasons); -#endif + if (ERR_func_error_string(DSA_str_functs[0].error) == NULL) + { + ERR_load_strings(0,DSA_str_functs); + ERR_load_strings(0,DSA_str_reasons); } +#endif } diff --git a/src/lib/libcrypto/dsa/dsa_gen.c b/src/lib/libcrypto/dsa/dsa_gen.c index dc9c2493103..b6bbb8ab08f 100644 --- a/src/lib/libcrypto/dsa/dsa_gen.c +++ b/src/lib/libcrypto/dsa/dsa_gen.c @@ -1,4 +1,4 @@ -/* crypto/dsa/dsa_gen.c */ +/* $OpenBSD: dsa_gen.c,v 1.24 2017/01/21 10:38:29 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -56,121 +56,162 @@ * [including the GNU Public Licence.] */ -#undef GENUINE_DSA - -#ifdef GENUINE_DSA -/* Parameter generation follows the original release of FIPS PUB 186, - * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */ -#define HASH EVP_sha() -#else -/* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186, - * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in - * FIPS PUB 180-1) */ -#define HASH EVP_sha1() -#endif +#include /* To see if OPENSSL_NO_SHA is defined */ #ifndef OPENSSL_NO_SHA #include -#include -#include "cryptlib.h" -#include +#include +#include + #include -#include -#include +#include #include -DSA *DSA_generate_parameters(int bits, - unsigned char *seed_in, int seed_len, - int *counter_ret, unsigned long *h_ret, - void (*callback)(int, int, void *), - void *cb_arg) - { - int ok=0; - unsigned char seed[SHA_DIGEST_LENGTH]; - unsigned char md[SHA_DIGEST_LENGTH]; - unsigned char buf[SHA_DIGEST_LENGTH],buf2[SHA_DIGEST_LENGTH]; - BIGNUM *r0,*W,*X,*c,*test; - BIGNUM *g=NULL,*q=NULL,*p=NULL; - BN_MONT_CTX *mont=NULL; - int k,n=0,i,b,m=0; - int counter=0; - int r=0; - BN_CTX *ctx=NULL,*ctx2=NULL,*ctx3=NULL; - unsigned int h=2; - DSA *ret=NULL; - - if (bits < 512) bits=512; - bits=(bits+63)/64*64; - - if (seed_len < 20) - seed_in = NULL; /* seed buffer too small -- ignore */ - if (seed_len > 20) - seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows larger SEED, - * but our internal buffers are restricted to 160 bits*/ - if ((seed_in != NULL) && (seed_len == 20)) - memcpy(seed,seed_in,seed_len); - - if ((ctx=BN_CTX_new()) == NULL) goto err; - if ((ctx2=BN_CTX_new()) == NULL) goto err; - if ((ctx3=BN_CTX_new()) == NULL) goto err; - if ((ret=DSA_new()) == NULL) goto err; - - if ((mont=BN_MONT_CTX_new()) == NULL) goto err; - - BN_CTX_start(ctx2); - r0 = BN_CTX_get(ctx2); - g = BN_CTX_get(ctx2); - W = BN_CTX_get(ctx2); - q = BN_CTX_get(ctx2); - X = BN_CTX_get(ctx2); - c = BN_CTX_get(ctx2); - p = BN_CTX_get(ctx2); - test = BN_CTX_get(ctx2); - - BN_lshift(test,BN_value_one(),bits-1); - - for (;;) - { - for (;;) /* find q */ - { +#include "bn_lcl.h" +#include "dsa_locl.h" + +int +DSA_generate_parameters_ex(DSA *ret, int bits, const unsigned char *seed_in, + int seed_len, int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) +{ + if (ret->meth->dsa_paramgen) + return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len, + counter_ret, h_ret, cb); + else { + const EVP_MD *evpmd; + size_t qbits; + + if (bits >= 2048) { + qbits = 256; + evpmd = EVP_sha256(); + } else { + qbits = 160; + evpmd = EVP_sha1(); + } + + return dsa_builtin_paramgen(ret, bits, qbits, evpmd, seed_in, + seed_len, NULL, counter_ret, h_ret, cb); + } +} + +int +dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, const EVP_MD *evpmd, + const unsigned char *seed_in, size_t seed_len, unsigned char *seed_out, + int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) +{ + int ok = 0; + unsigned char seed[SHA256_DIGEST_LENGTH]; + unsigned char md[SHA256_DIGEST_LENGTH]; + unsigned char buf[SHA256_DIGEST_LENGTH], buf2[SHA256_DIGEST_LENGTH]; + BIGNUM *r0, *W, *X, *c, *test; + BIGNUM *g = NULL, *q = NULL, *p = NULL; + BN_MONT_CTX *mont = NULL; + int i, k, n = 0, m = 0, qsize = qbits >> 3; + int counter = 0; + int r = 0; + BN_CTX *ctx = NULL; + unsigned int h = 2; + + if (qsize != SHA_DIGEST_LENGTH && qsize != SHA224_DIGEST_LENGTH && + qsize != SHA256_DIGEST_LENGTH) + /* invalid q size */ + return 0; + + if (evpmd == NULL) + /* use SHA1 as default */ + evpmd = EVP_sha1(); + + if (bits < 512) + bits = 512; + + bits = (bits + 63) / 64 * 64; + + if (seed_len < (size_t)qsize) { + seed_in = NULL; /* seed buffer too small -- ignore */ + seed_len = 0; + } + /* + * App. 2.2 of FIPS PUB 186 allows larger SEED, + * but our internal buffers are restricted to 160 bits + */ + if (seed_len > (size_t)qsize) + seed_len = qsize; + if (seed_in != NULL) + memcpy(seed, seed_in, seed_len); + else if (seed_len != 0) + goto err; + + if ((mont=BN_MONT_CTX_new()) == NULL) + goto err; + + if ((ctx=BN_CTX_new()) == NULL) + goto err; + BN_CTX_start(ctx); + + if ((r0 = BN_CTX_get(ctx)) == NULL) + goto err; + if ((g = BN_CTX_get(ctx)) == NULL) + goto err; + if ((W = BN_CTX_get(ctx)) == NULL) + goto err; + if ((q = BN_CTX_get(ctx)) == NULL) + goto err; + if ((X = BN_CTX_get(ctx)) == NULL) + goto err; + if ((c = BN_CTX_get(ctx)) == NULL) + goto err; + if ((p = BN_CTX_get(ctx)) == NULL) + goto err; + if ((test = BN_CTX_get(ctx)) == NULL) + goto err; + + if (!BN_lshift(test, BN_value_one(), bits - 1)) + goto err; + + for (;;) { + for (;;) { /* find q */ int seed_is_random; /* step 1 */ - if (callback != NULL) callback(0,m++,cb_arg); + if (!BN_GENCB_call(cb, 0, m++)) + goto err; - if (!seed_len) - { - RAND_pseudo_bytes(seed,SHA_DIGEST_LENGTH); + if (seed_len == 0) { + arc4random_buf(seed, qsize); seed_is_random = 1; - } - else - { + } else { seed_is_random = 0; - seed_len=0; /* use random seed if 'seed_in' turns out to be bad*/ - } - memcpy(buf,seed,SHA_DIGEST_LENGTH); - memcpy(buf2,seed,SHA_DIGEST_LENGTH); + /* use random seed if 'seed_in' turns out + to be bad */ + seed_len = 0; + } + memcpy(buf, seed, qsize); + memcpy(buf2, seed, qsize); /* precompute "SEED + 1" for step 7: */ - for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--) - { + for (i = qsize - 1; i >= 0; i--) { buf[i]++; - if (buf[i] != 0) break; - } + if (buf[i] != 0) + break; + } /* step 2 */ - EVP_Digest(seed,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL); - EVP_Digest(buf,SHA_DIGEST_LENGTH,buf2,NULL,HASH, NULL); - for (i=0; i 0) break; if (r != 0) @@ -178,119 +219,140 @@ DSA *DSA_generate_parameters(int bits, /* do a callback call */ /* step 5 */ - } + } - if (callback != NULL) callback(2,0,cb_arg); - if (callback != NULL) callback(3,0,cb_arg); + if (!BN_GENCB_call(cb, 2, 0)) + goto err; + if (!BN_GENCB_call(cb, 3, 0)) + goto err; /* step 6 */ - counter=0; + counter = 0; /* "offset = 2" */ - n=(bits-1)/160; - b=(bits-1)-n*160; + n = (bits - 1) / 160; - for (;;) - { - if (callback != NULL && counter != 0) - callback(0,counter,cb_arg); + for (;;) { + if (counter != 0 && !BN_GENCB_call(cb, 0, counter)) + goto err; /* step 7 */ BN_zero(W); /* now 'buf' contains "SEED + offset - 1" */ - for (k=0; k<=n; k++) - { + for (k = 0; k <= n; k++) { /* obtain "SEED + offset + k" by incrementing: */ - for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--) - { + for (i = qsize - 1; i >= 0; i--) { buf[i]++; - if (buf[i] != 0) break; - } + if (buf[i] != 0) + break; + } - EVP_Digest(buf,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL); + if (!EVP_Digest(buf, qsize, md ,NULL, evpmd, + NULL)) + goto err; /* step 8 */ - if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0)) + if (!BN_bin2bn(md, qsize, r0)) goto err; - BN_lshift(r0,r0,160*k); - BN_add(W,W,r0); - } + if (!BN_lshift(r0, r0, (qsize << 3) * k)) + goto err; + if (!BN_add(W, W, r0)) + goto err; + } /* more of step 8 */ - BN_mask_bits(W,bits-1); - BN_copy(X,W); /* this should be ok */ - BN_add(X,X,test); /* this should be ok */ + if (!BN_mask_bits(W, bits - 1)) + goto err; + if (!BN_copy(X, W)) + goto err; + if (!BN_add(X, X, test)) + goto err; /* step 9 */ - BN_lshift1(r0,q); - BN_mod(c,X,r0,ctx); - BN_sub(r0,c,BN_value_one()); - BN_sub(p,X,r0); + if (!BN_lshift1(r0, q)) + goto err; + if (!BN_mod_ct(c, X, r0, ctx)) + goto err; + if (!BN_sub(r0, c, BN_value_one())) + goto err; + if (!BN_sub(p, X, r0)) + goto err; /* step 10 */ - if (BN_cmp(p,test) >= 0) - { + if (BN_cmp(p, test) >= 0) { /* step 11 */ - r = BN_is_prime_fasttest(p, DSS_prime_checks, callback, ctx3, cb_arg, 1); + r = BN_is_prime_fasttest_ex(p, DSS_prime_checks, + ctx, 1, cb); if (r > 0) - goto end; /* found it */ + goto end; /* found it */ if (r != 0) goto err; - } + } /* step 13 */ counter++; /* "offset = offset + n + 1" */ /* step 14 */ - if (counter >= 4096) break; - } + if (counter >= 4096) + break; } + } end: - if (callback != NULL) callback(2,1,cb_arg); + if (!BN_GENCB_call(cb, 2, 1)) + goto err; /* We now need to generate g */ /* Set r0=(p-1)/q */ - BN_sub(test,p,BN_value_one()); - BN_div(r0,NULL,test,q,ctx); + if (!BN_sub(test, p, BN_value_one())) + goto err; + if (!BN_div_ct(r0, NULL, test, q, ctx)) + goto err; - BN_set_word(test,h); - BN_MONT_CTX_set(mont,p,ctx); + if (!BN_set_word(test, h)) + goto err; + if (!BN_MONT_CTX_set(mont, p, ctx)) + goto err; - for (;;) - { + for (;;) { /* g=test^r0%p */ - BN_mod_exp_mont(g,test,r0,p,ctx,mont); - if (!BN_is_one(g)) break; - BN_add(test,test,BN_value_one()); + if (!BN_mod_exp_mont_ct(g, test, r0, p, ctx, mont)) + goto err; + if (!BN_is_one(g)) + break; + if (!BN_add(test, test, BN_value_one())) + goto err; h++; - } + } - if (callback != NULL) callback(3,1,cb_arg); + if (!BN_GENCB_call(cb, 3, 1)) + goto err; - ok=1; + ok = 1; err: - if (!ok) - { - if (ret != NULL) DSA_free(ret); - } - else - { - ret->p=BN_dup(p); - ret->q=BN_dup(q); - ret->g=BN_dup(g); - if ((m > 1) && (seed_in != NULL)) memcpy(seed_in,seed,20); - if (counter_ret != NULL) *counter_ret=counter; - if (h_ret != NULL) *h_ret=h; + if (ok) { + BN_free(ret->p); + BN_free(ret->q); + BN_free(ret->g); + ret->p = BN_dup(p); + ret->q = BN_dup(q); + ret->g = BN_dup(g); + if (ret->p == NULL || ret->q == NULL || ret->g == NULL) { + ok = 0; + goto err; } - if (ctx != NULL) BN_CTX_free(ctx); - if (ctx2 != NULL) - { - BN_CTX_end(ctx2); - BN_CTX_free(ctx2); - } - if (ctx3 != NULL) BN_CTX_free(ctx3); - if (mont != NULL) BN_MONT_CTX_free(mont); - return(ok?ret:NULL); + if (counter_ret != NULL) + *counter_ret = counter; + if (h_ret != NULL) + *h_ret = h; + if (seed_out != NULL) + memcpy(seed_out, seed, qsize); + } + if (ctx) { + BN_CTX_end(ctx); + BN_CTX_free(ctx); } + BN_MONT_CTX_free(mont); + return ok; +} #endif diff --git a/src/lib/libcrypto/dsa/dsa_key.c b/src/lib/libcrypto/dsa/dsa_key.c index bf718c1c6d2..a0487e98b8c 100644 --- a/src/lib/libcrypto/dsa/dsa_key.c +++ b/src/lib/libcrypto/dsa/dsa_key.c @@ -1,4 +1,4 @@ -/* crypto/dsa/dsa_key.c */ +/* $OpenBSD: dsa_key.c,v 1.29 2018/11/09 23:45:19 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -56,52 +56,63 @@ * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_SHA #include #include -#include "cryptlib.h" + +#include + +#ifndef OPENSSL_NO_SHA + #include #include -#include +#include "bn_lcl.h" -extern int __BN_rand_range(BIGNUM *r, BIGNUM *range); +static int dsa_builtin_keygen(DSA *dsa); -int DSA_generate_key(DSA *dsa) - { - int ok=0; - BN_CTX *ctx=NULL; - BIGNUM *pub_key=NULL,*priv_key=NULL; +int +DSA_generate_key(DSA *dsa) +{ + if (dsa->meth->dsa_keygen) + return dsa->meth->dsa_keygen(dsa); + return dsa_builtin_keygen(dsa); +} - if ((ctx=BN_CTX_new()) == NULL) goto err; +static int +dsa_builtin_keygen(DSA *dsa) +{ + int ok = 0; + BN_CTX *ctx = NULL; + BIGNUM *pub_key = NULL, *priv_key = NULL; - if (dsa->priv_key == NULL) - { - if ((priv_key=BN_new()) == NULL) goto err; - } - else - priv_key=dsa->priv_key; + if ((ctx = BN_CTX_new()) == NULL) + goto err; - do - if (!__BN_rand_range(priv_key,dsa->q)) goto err; - while (BN_is_zero(priv_key)); + if ((priv_key = dsa->priv_key) == NULL) { + if ((priv_key = BN_new()) == NULL) + goto err; + } - if (dsa->pub_key == NULL) - { - if ((pub_key=BN_new()) == NULL) goto err; - } - else - pub_key=dsa->pub_key; + if (!bn_rand_interval(priv_key, BN_value_one(), dsa->q)) + goto err; - if (!BN_mod_exp(pub_key,dsa->g,priv_key,dsa->p,ctx)) goto err; + if ((pub_key = dsa->pub_key) == NULL) { + if ((pub_key = BN_new()) == NULL) + goto err; + } + + if (!BN_mod_exp_ct(pub_key, dsa->g, priv_key, dsa->p, ctx)) + goto err; - dsa->priv_key=priv_key; - dsa->pub_key=pub_key; - ok=1; + dsa->priv_key = priv_key; + dsa->pub_key = pub_key; + ok = 1; -err: - if ((pub_key != NULL) && (dsa->pub_key == NULL)) BN_free(pub_key); - if ((priv_key != NULL) && (dsa->priv_key == NULL)) BN_free(priv_key); - if (ctx != NULL) BN_CTX_free(ctx); - return(ok); - } + err: + if (dsa->pub_key == NULL) + BN_free(pub_key); + if (dsa->priv_key == NULL) + BN_free(priv_key); + BN_CTX_free(ctx); + return ok; +} #endif diff --git a/src/lib/libcrypto/dsa/dsa_lib.c b/src/lib/libcrypto/dsa/dsa_lib.c index da2cdfa3d64..d5fdd6e78e4 100644 --- a/src/lib/libcrypto/dsa/dsa_lib.c +++ b/src/lib/libcrypto/dsa/dsa_lib.c @@ -1,4 +1,4 @@ -/* crypto/dsa/dsa_lib.c */ +/* $OpenBSD: dsa_lib.c,v 1.29 2018/04/14 07:09:21 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -59,210 +59,214 @@ /* Original version from Steven Schoch */ #include -#include "cryptlib.h" + +#include + +#include #include #include -#include -#include +#include -const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT; +#ifndef OPENSSL_NO_DH +#include +#endif +#ifndef OPENSSL_NO_ENGINE +#include +#endif static const DSA_METHOD *default_DSA_method = NULL; -void DSA_set_default_method(const DSA_METHOD *meth) - { +void +DSA_set_default_method(const DSA_METHOD *meth) +{ default_DSA_method = meth; - } +} -const DSA_METHOD *DSA_get_default_method(void) - { - if(!default_DSA_method) +const DSA_METHOD * +DSA_get_default_method(void) +{ + if (!default_DSA_method) default_DSA_method = DSA_OpenSSL(); return default_DSA_method; - } +} -DSA *DSA_new(void) - { +DSA * +DSA_new(void) +{ return DSA_new_method(NULL); - } - -int DSA_set_method(DSA *dsa, const DSA_METHOD *meth) - { - /* NB: The caller is specifically setting a method, so it's not up to us - * to deal with which ENGINE it comes from. */ +} + +int +DSA_set_method(DSA *dsa, const DSA_METHOD *meth) +{ + /* + * NB: The caller is specifically setting a method, so it's not up to us + * to deal with which ENGINE it comes from. + */ const DSA_METHOD *mtmp; mtmp = dsa->meth; - if (mtmp->finish) mtmp->finish(dsa); - if (dsa->engine) - { - ENGINE_finish(dsa->engine); - dsa->engine = NULL; - } + if (mtmp->finish) + mtmp->finish(dsa); +#ifndef OPENSSL_NO_ENGINE + ENGINE_finish(dsa->engine); + dsa->engine = NULL; +#endif dsa->meth = meth; - if (meth->init) meth->init(dsa); + if (meth->init) + meth->init(dsa); return 1; - } +} -DSA *DSA_new_method(ENGINE *engine) - { +DSA * +DSA_new_method(ENGINE *engine) +{ DSA *ret; - ret=(DSA *)OPENSSL_malloc(sizeof(DSA)); - if (ret == NULL) - { - DSAerr(DSA_F_DSA_NEW_METHOD,ERR_R_MALLOC_FAILURE); - return(NULL); - } + ret = malloc(sizeof(DSA)); + if (ret == NULL) { + DSAerror(ERR_R_MALLOC_FAILURE); + return NULL; + } ret->meth = DSA_get_default_method(); - if (engine) - { - if (!ENGINE_init(engine)) - { - DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB); - OPENSSL_free(ret); +#ifndef OPENSSL_NO_ENGINE + if (engine) { + if (!ENGINE_init(engine)) { + DSAerror(ERR_R_ENGINE_LIB); + free(ret); return NULL; - } - ret->engine = engine; } - else + ret->engine = engine; + } else ret->engine = ENGINE_get_default_DSA(); - if(ret->engine) - { + if (ret->engine) { ret->meth = ENGINE_get_DSA(ret->engine); - if(!ret->meth) - { - DSAerr(DSA_F_DSA_NEW_METHOD, - ERR_R_ENGINE_LIB); + if (ret->meth == NULL) { + DSAerror(ERR_R_ENGINE_LIB); ENGINE_finish(ret->engine); - OPENSSL_free(ret); + free(ret); return NULL; - } } + } +#endif - ret->pad=0; - ret->version=0; - ret->write_params=1; - ret->p=NULL; - ret->q=NULL; - ret->g=NULL; + ret->pad = 0; + ret->version = 0; + ret->write_params = 1; + ret->p = NULL; + ret->q = NULL; + ret->g = NULL; - ret->pub_key=NULL; - ret->priv_key=NULL; + ret->pub_key = NULL; + ret->priv_key = NULL; - ret->kinv=NULL; - ret->r=NULL; - ret->method_mont_p=NULL; + ret->kinv = NULL; + ret->r = NULL; + ret->method_mont_p = NULL; - ret->references=1; - ret->flags=ret->meth->flags; + ret->references = 1; + ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW; CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data); - if ((ret->meth->init != NULL) && !ret->meth->init(ret)) - { - if (ret->engine) - ENGINE_finish(ret->engine); + if (ret->meth->init != NULL && !ret->meth->init(ret)) { +#ifndef OPENSSL_NO_ENGINE + ENGINE_finish(ret->engine); +#endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data); - OPENSSL_free(ret); - ret=NULL; - } - - return(ret); + free(ret); + ret = NULL; } + + return ret; +} -void DSA_free(DSA *r) - { +void +DSA_free(DSA *r) +{ int i; - if (r == NULL) return; + if (r == NULL) + return; - i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_DSA); -#ifdef REF_PRINT - REF_PRINT("DSA",r); -#endif - if (i > 0) return; -#ifdef REF_CHECK - if (i < 0) - { - fprintf(stderr,"DSA_free, bad reference count\n"); - abort(); - } -#endif + i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DSA); + if (i > 0) + return; - if(r->meth->finish) + if (r->meth->finish) r->meth->finish(r); - if(r->engine) - ENGINE_finish(r->engine); +#ifndef OPENSSL_NO_ENGINE + ENGINE_finish(r->engine); +#endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data); - if (r->p != NULL) BN_clear_free(r->p); - if (r->q != NULL) BN_clear_free(r->q); - if (r->g != NULL) BN_clear_free(r->g); - if (r->pub_key != NULL) BN_clear_free(r->pub_key); - if (r->priv_key != NULL) BN_clear_free(r->priv_key); - if (r->kinv != NULL) BN_clear_free(r->kinv); - if (r->r != NULL) BN_clear_free(r->r); - OPENSSL_free(r); - } - -int DSA_up_ref(DSA *r) - { + BN_clear_free(r->p); + BN_clear_free(r->q); + BN_clear_free(r->g); + BN_clear_free(r->pub_key); + BN_clear_free(r->priv_key); + BN_clear_free(r->kinv); + BN_clear_free(r->r); + free(r); +} + +int +DSA_up_ref(DSA *r) +{ int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DSA); -#ifdef REF_PRINT - REF_PRINT("DSA",r); -#endif -#ifdef REF_CHECK - if (i < 2) - { - fprintf(stderr, "DSA_up_ref, bad reference count\n"); - abort(); - } -#endif - return ((i > 1) ? 1 : 0); - } + return i > 1 ? 1 : 0; +} -int DSA_size(const DSA *r) - { - int ret,i; +int +DSA_size(const DSA *r) +{ + int ret, i; ASN1_INTEGER bs; - unsigned char buf[4]; - - i=BN_num_bits(r->q); - bs.length=(i+7)/8; - bs.data=buf; - bs.type=V_ASN1_INTEGER; + unsigned char buf[4]; /* 4 bytes looks really small. + However, i2d_ASN1_INTEGER() will not look + beyond the first byte, as long as the second + parameter is NULL. */ + + i = BN_num_bits(r->q); + bs.length = (i + 7) / 8; + bs.data = buf; + bs.type = V_ASN1_INTEGER; /* If the top bit is set the asn1 encoding is 1 larger. */ - buf[0]=0xff; + buf[0] = 0xff; - i=i2d_ASN1_INTEGER(&bs,NULL); - i+=i; /* r and s */ - ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE); - return(ret); - } + i = i2d_ASN1_INTEGER(&bs, NULL); + i += i; /* r and s */ + ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE); + return ret; +} -int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) - { +int +DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) +{ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, argl, argp, - new_func, dup_func, free_func); - } + new_func, dup_func, free_func); +} -int DSA_set_ex_data(DSA *d, int idx, void *arg) - { - return(CRYPTO_set_ex_data(&d->ex_data,idx,arg)); - } +int +DSA_set_ex_data(DSA *d, int idx, void *arg) +{ + return CRYPTO_set_ex_data(&d->ex_data, idx, arg); +} -void *DSA_get_ex_data(DSA *d, int idx) - { - return(CRYPTO_get_ex_data(&d->ex_data,idx)); - } +void * +DSA_get_ex_data(DSA *d, int idx) +{ + return CRYPTO_get_ex_data(&d->ex_data, idx); +} #ifndef OPENSSL_NO_DH -DH *DSA_dup_DH(const DSA *r) - { - /* DSA has p, q, g, optional pub_key, optional priv_key. - * DH has p, optional length, g, optional pub_key, optional priv_key. +DH * +DSA_dup_DH(const DSA *r) +{ + /* + * DSA has p, q, g, optional pub_key, optional priv_key. + * DH has p, optional length, g, optional pub_key, optional priv_key, + * optional q. */ - DH *ret = NULL; if (r == NULL) @@ -273,8 +277,11 @@ DH *DSA_dup_DH(const DSA *r) if (r->p != NULL) if ((ret->p = BN_dup(r->p)) == NULL) goto err; - if (r->q != NULL) + if (r->q != NULL) { ret->length = BN_num_bits(r->q); + if ((ret->q = BN_dup(r->q)) == NULL) + goto err; + } if (r->g != NULL) if ((ret->g = BN_dup(r->g)) == NULL) goto err; @@ -287,9 +294,93 @@ DH *DSA_dup_DH(const DSA *r) return ret; - err: - if (ret != NULL) - DH_free(ret); +err: + DH_free(ret); return NULL; - } +} #endif + +void +DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) +{ + if (p != NULL) + *p = d->p; + if (q != NULL) + *q = d->q; + if (g != NULL) + *g = d->g; +} + +int +DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g) +{ + if ((d->p == NULL && p == NULL) || (d->q == NULL && q == NULL) || + (d->g == NULL && g == NULL)) + return 0; + + if (p != NULL) { + BN_free(d->p); + d->p = p; + } + if (q != NULL) { + BN_free(d->q); + d->q = q; + } + if (g != NULL) { + BN_free(d->g); + d->g = g; + } + + return 1; +} + +void +DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key) +{ + if (pub_key != NULL) + *pub_key = d->pub_key; + if (priv_key != NULL) + *priv_key = d->priv_key; +} + +int +DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key) +{ + if (d->pub_key == NULL && pub_key == NULL) + return 0; + + if (pub_key != NULL) { + BN_free(d->pub_key); + d->pub_key = pub_key; + } + if (priv_key != NULL) { + BN_free(d->priv_key); + d->priv_key = priv_key; + } + + return 1; +} + +void +DSA_clear_flags(DSA *d, int flags) +{ + d->flags &= ~flags; +} + +int +DSA_test_flags(const DSA *d, int flags) +{ + return d->flags & flags; +} + +void +DSA_set_flags(DSA *d, int flags) +{ + d->flags |= flags; +} + +ENGINE * +DSA_get0_engine(DSA *d) +{ + return d->engine; +} diff --git a/src/lib/libcrypto/dsa/dsa_locl.h b/src/lib/libcrypto/dsa/dsa_locl.h new file mode 100644 index 00000000000..cdb38e036b7 --- /dev/null +++ b/src/lib/libcrypto/dsa/dsa_locl.h @@ -0,0 +1,65 @@ +/* $OpenBSD: dsa_locl.h,v 1.3 2016/12/21 15:49:29 jsing Exp $ */ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include + +__BEGIN_HIDDEN_DECLS + +int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, + const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len, + unsigned char *seed_out, + int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); + +__END_HIDDEN_DECLS diff --git a/src/lib/libcrypto/dsa/dsa_meth.c b/src/lib/libcrypto/dsa/dsa_meth.c new file mode 100644 index 00000000000..e6f043f8301 --- /dev/null +++ b/src/lib/libcrypto/dsa/dsa_meth.c @@ -0,0 +1,78 @@ +/* $OpenBSD: dsa_meth.c,v 1.1 2018/03/17 15:19:12 tb Exp $ */ +/* + * Copyright (c) 2018 Theo Buehler + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include + +#include +#include + +DSA_METHOD * +DSA_meth_new(const char *name, int flags) +{ + DSA_METHOD *meth; + + if ((meth = calloc(1, sizeof(*meth))) == NULL) + return NULL; + if ((meth->name = strdup(name)) == NULL) { + free(meth); + return NULL; + } + meth->flags = flags; + + return meth; +} + +void +DSA_meth_free(DSA_METHOD *meth) +{ + if (meth != NULL) { + free((char *)meth->name); + free(meth); + } +} + +DSA_METHOD * +DSA_meth_dup(const DSA_METHOD *meth) +{ + DSA_METHOD *copy; + + if ((copy = calloc(1, sizeof(*copy))) == NULL) + return NULL; + memcpy(copy, meth, sizeof(*copy)); + if ((copy->name = strdup(meth->name)) == NULL) { + free(copy); + return NULL; + } + + return copy; +} + +int +DSA_meth_set_sign(DSA_METHOD *meth, + DSA_SIG *(*sign)(const unsigned char *, int, DSA *)) +{ + meth->dsa_do_sign = sign; + return 1; +} + +int +DSA_meth_set_finish(DSA_METHOD *meth, int (*finish)(DSA *)) +{ + meth->finish = finish; + return 1; +} diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c index 07addc94d9e..fd56e8feeea 100644 --- a/src/lib/libcrypto/dsa/dsa_ossl.c +++ b/src/lib/libcrypto/dsa/dsa_ossl.c @@ -1,4 +1,4 @@ -/* crypto/dsa/dsa_ossl.c */ +/* $OpenBSD: dsa_ossl.c,v 1.40 2018/11/06 07:02:33 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -59,340 +59,367 @@ /* Original version from Steven Schoch */ #include -#include "cryptlib.h" + +#include #include #include -#include -#include -#include +#include +#include -int __BN_rand_range(BIGNUM *r, BIGNUM *range); +#include "bn_lcl.h" static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); -static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); +static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, + BIGNUM **rp); static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, - DSA *dsa); + DSA *dsa); static int dsa_init(DSA *dsa); static int dsa_finish(DSA *dsa); -static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, - BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *in_mont); -static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx); static DSA_METHOD openssl_dsa_meth = { -"OpenSSL DSA method", -dsa_do_sign, -dsa_sign_setup, -dsa_do_verify, -dsa_mod_exp, -dsa_bn_mod_exp, -dsa_init, -dsa_finish, -0, -NULL + .name = "OpenSSL DSA method", + .dsa_do_sign = dsa_do_sign, + .dsa_sign_setup = dsa_sign_setup, + .dsa_do_verify = dsa_do_verify, + .init = dsa_init, + .finish = dsa_finish, }; -const DSA_METHOD *DSA_OpenSSL(void) +const DSA_METHOD * +DSA_OpenSSL(void) { return &openssl_dsa_meth; } -static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) - { - BIGNUM *kinv=NULL,*r=NULL,*s=NULL; - BIGNUM m; - BIGNUM xr; - BN_CTX *ctx=NULL; - int i,reason=ERR_R_BN_LIB; - DSA_SIG *ret=NULL; - - if (!dsa->p || !dsa->q || !dsa->g) - { - reason=DSA_R_MISSING_PARAMETERS; - goto err; - } +static DSA_SIG * +dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) +{ + BIGNUM b, bm, bxr, binv, m, *kinv = NULL, *r = NULL, *s = NULL; + BN_CTX *ctx = NULL; + int reason = ERR_R_BN_LIB; + DSA_SIG *ret = NULL; + int noredo = 0; + + BN_init(&b); + BN_init(&binv); + BN_init(&bm); + BN_init(&bxr); BN_init(&m); - BN_init(&xr); - s=BN_new(); - if (s == NULL) goto err; - - i=BN_num_bytes(dsa->q); /* should be 20 */ - if ((dlen > i) || (dlen > 50)) - { - reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE; + + if (!dsa->p || !dsa->q || !dsa->g) { + reason = DSA_R_MISSING_PARAMETERS; goto err; - } + } - ctx=BN_CTX_new(); - if (ctx == NULL) goto err; + s = BN_new(); + if (s == NULL) + goto err; + ctx = BN_CTX_new(); + if (ctx == NULL) + goto err; - if ((dsa->kinv == NULL) || (dsa->r == NULL)) - { - if (!DSA_sign_setup(dsa,ctx,&kinv,&r)) goto err; - } - else - { - kinv=dsa->kinv; - dsa->kinv=NULL; - r=dsa->r; - dsa->r=NULL; - } + /* + * If the digest length is greater than N (the bit length of q), the + * leftmost N bits of the digest shall be used, see FIPS 186-3, 4.2. + * In this case the digest length is given in bytes. + */ + if (dlen > BN_num_bytes(dsa->q)) + dlen = BN_num_bytes(dsa->q); + if (BN_bin2bn(dgst, dlen, &m) == NULL) + goto err; + + redo: + if (dsa->kinv == NULL || dsa->r == NULL) { + if (!DSA_sign_setup(dsa, ctx, &kinv, &r)) + goto err; + } else { + kinv = dsa->kinv; + dsa->kinv = NULL; + r = dsa->r; + dsa->r = NULL; + noredo = 1; + } - if (BN_bin2bn(dgst,dlen,&m) == NULL) goto err; + /* + * Compute: + * + * s = inv(k)(m + xr) mod q + * + * In order to reduce the possibility of a side-channel attack, the + * following is calculated using a blinding value: + * + * s = inv(k)inv(b)(bm + bxr) mod q + * + * Where b is a random value in the range [1, q). + */ + if (!bn_rand_interval(&b, BN_value_one(), dsa->q)) + goto err; + if (BN_mod_inverse_ct(&binv, &b, dsa->q, ctx) == NULL) + goto err; - /* Compute s = inv(k) (m + xr) mod q */ - if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */ - if (!BN_add(s, &xr, &m)) goto err; /* s = m + xr */ - if (BN_cmp(s,dsa->q) > 0) - BN_sub(s,s,dsa->q); - if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err; + if (!BN_mod_mul(&bxr, &b, dsa->priv_key, dsa->q, ctx)) /* bx */ + goto err; + if (!BN_mod_mul(&bxr, &bxr, r, dsa->q, ctx)) /* bxr */ + goto err; + if (!BN_mod_mul(&bm, &b, &m, dsa->q, ctx)) /* bm */ + goto err; + if (!BN_mod_add(s, &bxr, &bm, dsa->q, ctx)) /* s = bm + bxr */ + goto err; + if (!BN_mod_mul(s, s, &binv, dsa->q, ctx)) /* s = m + xr */ + goto err; + if (!BN_mod_mul(s, s, kinv, dsa->q, ctx)) + goto err; + + /* + * Redo if r or s is zero as required by FIPS 186-3: this is very + * unlikely. + */ + if (BN_is_zero(r) || BN_is_zero(s)) { + if (noredo) { + reason = DSA_R_NEED_NEW_SETUP_VALUES; + goto err; + } + goto redo; + } - ret=DSA_SIG_new(); - if (ret == NULL) goto err; + if ((ret = DSA_SIG_new()) == NULL) { + reason = ERR_R_MALLOC_FAILURE; + goto err; + } ret->r = r; ret->s = s; -err: - if (!ret) - { - DSAerr(DSA_F_DSA_DO_SIGN,reason); + err: + if (!ret) { + DSAerror(reason); BN_free(r); BN_free(s); - } - if (ctx != NULL) BN_CTX_free(ctx); - BN_clear_free(&m); - BN_clear_free(&xr); - if (kinv != NULL) /* dsa->kinv is NULL now if we used it */ - BN_clear_free(kinv); - return(ret); } + BN_CTX_free(ctx); + BN_clear_free(&b); + BN_clear_free(&bm); + BN_clear_free(&bxr); + BN_clear_free(&binv); + BN_clear_free(&m); + BN_clear_free(kinv); + + return ret; +} -static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) - { +static int +dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) +{ BN_CTX *ctx; - BIGNUM k,*kinv=NULL,*r=NULL; - int ret=0; + BIGNUM k, l, m, *kinv = NULL, *r = NULL; + int q_bits, ret = 0; - if (!dsa->p || !dsa->q || !dsa->g) - { - DSAerr(DSA_F_DSA_SIGN_SETUP,DSA_R_MISSING_PARAMETERS); + if (!dsa->p || !dsa->q || !dsa->g) { + DSAerror(DSA_R_MISSING_PARAMETERS); return 0; - } - if (ctx_in == NULL) - { - if ((ctx=BN_CTX_new()) == NULL) goto err; - } - else - ctx=ctx_in; + } BN_init(&k); - if ((r=BN_new()) == NULL) goto err; - kinv=NULL; - - /* Get random k */ - do - if (!__BN_rand_range(&k, dsa->q)) goto err; - while (BN_is_zero(&k)); - - if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P)) - { - if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL) - if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p, - dsa->p,ctx)) goto err; - } + BN_init(&l); + BN_init(&m); + + if (ctx_in == NULL) { + if ((ctx = BN_CTX_new()) == NULL) + goto err; + } else + ctx = ctx_in; + + if ((r = BN_new()) == NULL) + goto err; + + /* Preallocate space */ + q_bits = BN_num_bits(dsa->q); + if (!BN_set_bit(&k, q_bits) || + !BN_set_bit(&l, q_bits) || + !BN_set_bit(&m, q_bits)) + goto err; + + if (!bn_rand_interval(&k, BN_value_one(), dsa->q)) + goto err; + + BN_set_flags(&k, BN_FLG_CONSTTIME); + + if (dsa->flags & DSA_FLAG_CACHE_MONT_P) { + if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p, + CRYPTO_LOCK_DSA, dsa->p, ctx)) + goto err; + } /* Compute r = (g^k mod p) mod q */ - if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx, - (BN_MONT_CTX *)dsa->method_mont_p)) goto err; - if (!BN_mod(r,r,dsa->q,ctx)) goto err; + + /* + * We do not want timing information to leak the length of k, + * so we compute G^k using an equivalent exponent of fixed + * bit-length. + * + * We unconditionally perform both of these additions to prevent a + * small timing information leakage. We then choose the sum that is + * one bit longer than the modulus. + * + * TODO: revisit the BN_copy aiming for a memory access agnostic + * conditional copy. + */ + + if (!BN_add(&l, &k, dsa->q) || + !BN_add(&m, &l, dsa->q) || + !BN_copy(&k, BN_num_bits(&l) > q_bits ? &l : &m)) + goto err; + + if (dsa->meth->bn_mod_exp != NULL) { + if (!dsa->meth->bn_mod_exp(dsa, r, dsa->g, &k, dsa->p, ctx, + dsa->method_mont_p)) + goto err; + } else { + if (!BN_mod_exp_mont_ct(r, dsa->g, &k, dsa->p, ctx, + dsa->method_mont_p)) + goto err; + } + + if (!BN_mod_ct(r, r, dsa->q, ctx)) + goto err; /* Compute part of 's = inv(k) (m + xr) mod q' */ - if ((kinv=BN_mod_inverse(NULL,&k,dsa->q,ctx)) == NULL) goto err; - - if (*kinvp != NULL) BN_clear_free(*kinvp); - *kinvp=kinv; - kinv=NULL; - if (*rp != NULL) BN_clear_free(*rp); - *rp=r; - ret=1; -err: - if (!ret) - { - DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB); - if (kinv != NULL) BN_clear_free(kinv); - if (r != NULL) BN_clear_free(r); - } - if (ctx_in == NULL) BN_CTX_free(ctx); - if (kinv != NULL) BN_clear_free(kinv); - BN_clear_free(&k); - return(ret); + if ((kinv = BN_mod_inverse_ct(NULL, &k, dsa->q, ctx)) == NULL) + goto err; + + BN_clear_free(*kinvp); + *kinvp = kinv; + kinv = NULL; + BN_clear_free(*rp); + *rp = r; + + ret = 1; + + err: + if (!ret) { + DSAerror(ERR_R_BN_LIB); + BN_clear_free(r); } + if (ctx_in == NULL) + BN_CTX_free(ctx); + BN_clear_free(&k); + BN_clear_free(&l); + BN_clear_free(&m); -static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, - DSA *dsa) - { + return ret; +} + +static int +dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa) +{ BN_CTX *ctx; - BIGNUM u1,u2,t1; - BN_MONT_CTX *mont=NULL; - int ret = -1; - if (!dsa->p || !dsa->q || !dsa->g) - { - DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MISSING_PARAMETERS); + BIGNUM u1, u2, t1; + BN_MONT_CTX *mont = NULL; + int ret = -1, i; + + if (!dsa->p || !dsa->q || !dsa->g) { + DSAerror(DSA_R_MISSING_PARAMETERS); return -1; - } + } - if ((ctx=BN_CTX_new()) == NULL) goto err; + i = BN_num_bits(dsa->q); + /* FIPS 186-3 allows only three different sizes for q. */ + if (i != 160 && i != 224 && i != 256) { + DSAerror(DSA_R_BAD_Q_VALUE); + return -1; + } + + if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) { + DSAerror(DSA_R_MODULUS_TOO_LARGE); + return -1; + } BN_init(&u1); BN_init(&u2); BN_init(&t1); - if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0) - { + if ((ctx = BN_CTX_new()) == NULL) + goto err; + + if (BN_is_zero(sig->r) || BN_is_negative(sig->r) || + BN_ucmp(sig->r, dsa->q) >= 0) { ret = 0; goto err; - } - if (BN_is_zero(sig->s) || sig->s->neg || BN_ucmp(sig->s, dsa->q) >= 0) - { + } + if (BN_is_zero(sig->s) || BN_is_negative(sig->s) || + BN_ucmp(sig->s, dsa->q) >= 0) { ret = 0; goto err; - } + } - /* Calculate W = inv(S) mod Q - * save W in u2 */ - if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err; + /* Calculate w = inv(s) mod q, saving w in u2. */ + if ((BN_mod_inverse_ct(&u2, sig->s, dsa->q, ctx)) == NULL) + goto err; - /* save M in u1 */ - if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err; + /* + * If the digest length is greater than the size of q use the + * BN_num_bits(dsa->q) leftmost bits of the digest, see FIPS 186-3, 4.2. + */ + if (dgst_len > (i >> 3)) + dgst_len = (i >> 3); - /* u1 = M * w mod q */ - if (!BN_mod_mul(&u1,&u1,&u2,dsa->q,ctx)) goto err; + /* Save m in u1. */ + if (BN_bin2bn(dgst, dgst_len, &u1) == NULL) + goto err; + + /* u1 = m * w mod q */ + if (!BN_mod_mul(&u1, &u1, &u2, dsa->q, ctx)) + goto err; /* u2 = r * w mod q */ - if (!BN_mod_mul(&u2,sig->r,&u2,dsa->q,ctx)) goto err; + if (!BN_mod_mul(&u2, sig->r, &u2, dsa->q, ctx)) + goto err; - if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P)) - { - if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL) - if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p, - dsa->p,ctx)) goto err; - } - mont=(BN_MONT_CTX *)dsa->method_mont_p; - -#if 0 - { - BIGNUM t2; - - BN_init(&t2); - /* v = ( g^u1 * y^u2 mod p ) mod q */ - /* let t1 = g ^ u1 mod p */ - if (!BN_mod_exp_mont(&t1,dsa->g,&u1,dsa->p,ctx,mont)) goto err; - /* let t2 = y ^ u2 mod p */ - if (!BN_mod_exp_mont(&t2,dsa->pub_key,&u2,dsa->p,ctx,mont)) goto err; - /* let u1 = t1 * t2 mod p */ - if (!BN_mod_mul(&u1,&t1,&t2,dsa->p,ctx)) goto err_bn; - BN_free(&t2); + if (dsa->flags & DSA_FLAG_CACHE_MONT_P) { + mont = BN_MONT_CTX_set_locked(&dsa->method_mont_p, + CRYPTO_LOCK_DSA, dsa->p, ctx); + if (!mont) + goto err; } - /* let u1 = u1 mod q */ - if (!BN_mod(&u1,&u1,dsa->q,ctx)) goto err; -#else - { - if (!dsa->meth->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2, - dsa->p,ctx,mont)) goto err; + + if (dsa->meth->dsa_mod_exp != NULL) { + if (!dsa->meth->dsa_mod_exp(dsa, &t1, dsa->g, &u1, dsa->pub_key, + &u2, dsa->p, ctx, mont)) + goto err; + } else { + if (!BN_mod_exp2_mont(&t1, dsa->g, &u1, dsa->pub_key, &u2, + dsa->p, ctx, mont)) + goto err; + } + /* BN_copy(&u1,&t1); */ /* let u1 = u1 mod q */ - if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err; - } -#endif - /* V is now in u1. If the signature is correct, it will be - * equal to R. */ - ret=(BN_ucmp(&u1, sig->r) == 0); - - err: - if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB); - if (ctx != NULL) BN_CTX_free(ctx); + if (!BN_mod_ct(&u1, &t1, dsa->q, ctx)) + goto err; + + /* v is in u1 - if the signature is correct, it will be equal to r. */ + ret = BN_ucmp(&u1, sig->r) == 0; + + err: + if (ret < 0) + DSAerror(ERR_R_BN_LIB); + BN_CTX_free(ctx); BN_free(&u1); BN_free(&u2); BN_free(&t1); - return(ret); - } -static int dsa_init(DSA *dsa) -{ - dsa->flags|=DSA_FLAG_CACHE_MONT_P; - return(1); + return ret; } -static int dsa_finish(DSA *dsa) +static int +dsa_init(DSA *dsa) { - if(dsa->method_mont_p) - BN_MONT_CTX_free((BN_MONT_CTX *)dsa->method_mont_p); - return(1); + dsa->flags |= DSA_FLAG_CACHE_MONT_P; + return 1; } -static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, - BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *in_mont) +static int +dsa_finish(DSA *dsa) { - return BN_mod_exp2_mont(rr, a1, p1, a2, p2, m, ctx, in_mont); -} - -static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx) -{ - return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx); + BN_MONT_CTX_free(dsa->method_mont_p); + return 1; } - -/* random number r: 0 <= r < range */ -int __BN_rand_range(BIGNUM *r, BIGNUM *range) - { - int n; - - if (range->neg || BN_is_zero(range)) - { - /* BNerr(BN_F_BN_RAND_RANGE, BN_R_INVALID_RANGE); */ - return 0; - } - - n = BN_num_bits(range); /* n > 0 */ - - if (n == 1) - { - if (!BN_zero(r)) return 0; - } - else if (BN_is_bit_set(range, n - 2)) - { - do - { - /* range = 11..._2, so each iteration succeeds with probability >= .75 */ - if (!BN_rand(r, n, -1, 0)) return 0; - } - while (BN_cmp(r, range) >= 0); - } - else - { - /* range = 10..._2, - * so 3*range (= 11..._2) is exactly one bit longer than range */ - do - { - if (!BN_rand(r, n + 1, -1, 0)) return 0; - /* If r < 3*range, use r := r MOD range - * (which is either r, r - range, or r - 2*range). - * Otherwise, iterate once more. - * Since 3*range = 11..._2, each iteration succeeds with - * probability >= .75. */ - if (BN_cmp(r ,range) >= 0) - { - if (!BN_sub(r, r, range)) return 0; - if (BN_cmp(r, range) >= 0) - if (!BN_sub(r, r, range)) return 0; - } - } - while (BN_cmp(r, range) >= 0); - } - - return 1; - } diff --git a/src/lib/libcrypto/dsa/dsa_pmeth.c b/src/lib/libcrypto/dsa/dsa_pmeth.c new file mode 100644 index 00000000000..780b070a72e --- /dev/null +++ b/src/lib/libcrypto/dsa/dsa_pmeth.c @@ -0,0 +1,336 @@ +/* $OpenBSD: dsa_pmeth.c,v 1.11 2017/01/29 17:49:22 beck Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2006. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include +#include + +#include +#include +#include +#include +#include + +#include "dsa_locl.h" +#include "evp_locl.h" + +/* DSA pkey context structure */ + +typedef struct { + /* Parameter gen parameters */ + int nbits; /* size of p in bits (default: 1024) */ + int qbits; /* size of q in bits (default: 160) */ + const EVP_MD *pmd; /* MD for parameter generation */ + /* Keygen callback info */ + int gentmp[2]; + /* message digest */ + const EVP_MD *md; /* MD for the signature */ +} DSA_PKEY_CTX; + +static int +pkey_dsa_init(EVP_PKEY_CTX *ctx) +{ + DSA_PKEY_CTX *dctx; + + dctx = malloc(sizeof(DSA_PKEY_CTX)); + if (!dctx) + return 0; + dctx->nbits = 1024; + dctx->qbits = 160; + dctx->pmd = NULL; + dctx->md = NULL; + + ctx->data = dctx; + ctx->keygen_info = dctx->gentmp; + ctx->keygen_info_count = 2; + + return 1; +} + +static int +pkey_dsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) +{ + DSA_PKEY_CTX *dctx, *sctx; + + if (!pkey_dsa_init(dst)) + return 0; + sctx = src->data; + dctx = dst->data; + dctx->nbits = sctx->nbits; + dctx->qbits = sctx->qbits; + dctx->pmd = sctx->pmd; + dctx->md = sctx->md; + return 1; +} + +static void +pkey_dsa_cleanup(EVP_PKEY_CTX *ctx) +{ + DSA_PKEY_CTX *dctx = ctx->data; + + free(dctx); +} + +static int +pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen) +{ + int ret, type; + unsigned int sltmp; + DSA_PKEY_CTX *dctx = ctx->data; + DSA *dsa = ctx->pkey->pkey.dsa; + + if (dctx->md) + type = EVP_MD_type(dctx->md); + else + type = NID_sha1; + + ret = DSA_sign(type, tbs, tbslen, sig, &sltmp, dsa); + + if (ret <= 0) + return ret; + *siglen = sltmp; + return 1; +} + +static int +pkey_dsa_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen) +{ + int ret, type; + DSA_PKEY_CTX *dctx = ctx->data; + DSA *dsa = ctx->pkey->pkey.dsa; + + if (dctx->md) + type = EVP_MD_type(dctx->md); + else + type = NID_sha1; + + ret = DSA_verify(type, tbs, tbslen, sig, siglen, dsa); + + return ret; +} + +static int +pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) +{ + DSA_PKEY_CTX *dctx = ctx->data; + + switch (type) { + case EVP_PKEY_CTRL_DSA_PARAMGEN_BITS: + if (p1 < 256) + return -2; + dctx->nbits = p1; + return 1; + + case EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS: + if (p1 != 160 && p1 != 224 && p1 && p1 != 256) + return -2; + dctx->qbits = p1; + return 1; + + case EVP_PKEY_CTRL_DSA_PARAMGEN_MD: + switch (EVP_MD_type((const EVP_MD *)p2)) { + case NID_sha1: + case NID_sha224: + case NID_sha256: + break; + default: + DSAerror(DSA_R_INVALID_DIGEST_TYPE); + return 0; + } + dctx->md = p2; + return 1; + + case EVP_PKEY_CTRL_MD: + switch (EVP_MD_type((const EVP_MD *)p2)) { + case NID_sha1: + case NID_dsa: + case NID_dsaWithSHA: + case NID_sha224: + case NID_sha256: + case NID_sha384: + case NID_sha512: + break; + default: + DSAerror(DSA_R_INVALID_DIGEST_TYPE); + return 0; + } + dctx->md = p2; + return 1; + + case EVP_PKEY_CTRL_DIGESTINIT: + case EVP_PKEY_CTRL_PKCS7_SIGN: + case EVP_PKEY_CTRL_CMS_SIGN: + return 1; + + case EVP_PKEY_CTRL_PEER_KEY: + DSAerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + default: + return -2; + } +} + +static int +pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value) +{ + long lval; + char *ep; + + if (!strcmp(type, "dsa_paramgen_bits")) { + int nbits; + + errno = 0; + lval = strtol(value, &ep, 10); + if (value[0] == '\0' || *ep != '\0') + goto not_a_number; + if ((errno == ERANGE && + (lval == LONG_MAX || lval == LONG_MIN)) || + (lval > INT_MAX || lval < INT_MIN)) + goto out_of_range; + nbits = lval; + return EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits); + } else if (!strcmp(type, "dsa_paramgen_q_bits")) { + int qbits; + + errno = 0; + lval = strtol(value, &ep, 10); + if (value[0] == '\0' || *ep != '\0') + goto not_a_number; + if ((errno == ERANGE && + (lval == LONG_MAX || lval == LONG_MIN)) || + (lval > INT_MAX || lval < INT_MIN)) + goto out_of_range; + qbits = lval; + return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, + EVP_PKEY_OP_PARAMGEN, EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, + qbits, NULL); + } else if (!strcmp(type, "dsa_paramgen_md")) { + return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, + EVP_PKEY_OP_PARAMGEN, EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, + (void *)EVP_get_digestbyname(value)); + } +not_a_number: +out_of_range: + return -2; +} + +static int +pkey_dsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) +{ + DSA *dsa = NULL; + DSA_PKEY_CTX *dctx = ctx->data; + BN_GENCB *pcb, cb; + int ret; + + if (ctx->pkey_gencb) { + pcb = &cb; + evp_pkey_set_cb_translate(pcb, ctx); + } else + pcb = NULL; + dsa = DSA_new(); + if (!dsa) + return 0; + ret = dsa_builtin_paramgen(dsa, dctx->nbits, dctx->qbits, dctx->pmd, + NULL, 0, NULL, NULL, NULL, pcb); + if (ret) + EVP_PKEY_assign_DSA(pkey, dsa); + else + DSA_free(dsa); + return ret; +} + +static int +pkey_dsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) +{ + DSA *dsa = NULL; + + if (ctx->pkey == NULL) { + DSAerror(DSA_R_NO_PARAMETERS_SET); + return 0; + } + dsa = DSA_new(); + if (!dsa) + return 0; + EVP_PKEY_assign_DSA(pkey, dsa); + /* Note: if error return, pkey is freed by parent routine */ + if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey)) + return 0; + return DSA_generate_key(pkey->pkey.dsa); +} + +const EVP_PKEY_METHOD dsa_pkey_meth = { + .pkey_id = EVP_PKEY_DSA, + .flags = EVP_PKEY_FLAG_AUTOARGLEN, + + .init = pkey_dsa_init, + .copy = pkey_dsa_copy, + .cleanup = pkey_dsa_cleanup, + + .paramgen = pkey_dsa_paramgen, + + .keygen = pkey_dsa_keygen, + + .sign = pkey_dsa_sign, + + .verify = pkey_dsa_verify, + + .ctrl = pkey_dsa_ctrl, + .ctrl_str = pkey_dsa_ctrl_str +}; diff --git a/src/lib/libcrypto/dsa/dsa_prn.c b/src/lib/libcrypto/dsa/dsa_prn.c new file mode 100644 index 00000000000..fb5e35f9090 --- /dev/null +++ b/src/lib/libcrypto/dsa/dsa_prn.c @@ -0,0 +1,123 @@ +/* $OpenBSD: dsa_prn.c,v 1.6 2017/01/29 17:49:22 beck Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2006. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include + +#include +#include +#include + +int +DSA_print_fp(FILE *fp, const DSA *x, int off) +{ + BIO *b; + int ret; + + if ((b = BIO_new(BIO_s_file())) == NULL) { + DSAerror(ERR_R_BUF_LIB); + return 0; + } + BIO_set_fp(b, fp, BIO_NOCLOSE); + ret = DSA_print(b, x, off); + BIO_free(b); + return ret; +} + +int +DSAparams_print_fp(FILE *fp, const DSA *x) +{ + BIO *b; + int ret; + + if ((b = BIO_new(BIO_s_file())) == NULL) { + DSAerror(ERR_R_BUF_LIB); + return 0; + } + BIO_set_fp(b, fp, BIO_NOCLOSE); + ret = DSAparams_print(b, x); + BIO_free(b); + return ret; +} + +int +DSA_print(BIO *bp, const DSA *x, int off) +{ + EVP_PKEY *pk; + int ret; + + pk = EVP_PKEY_new(); + if (!pk || !EVP_PKEY_set1_DSA(pk, (DSA *)x)) + return 0; + ret = EVP_PKEY_print_private(bp, pk, off, NULL); + EVP_PKEY_free(pk); + return ret; +} + +int +DSAparams_print(BIO *bp, const DSA *x) +{ + EVP_PKEY *pk; + int ret; + + pk = EVP_PKEY_new(); + if (!pk || !EVP_PKEY_set1_DSA(pk, (DSA *)x)) + return 0; + ret = EVP_PKEY_print_params(bp, pk, 4, NULL); + EVP_PKEY_free(pk); + return ret; +} diff --git a/src/lib/libcrypto/dsa/dsa_sign.c b/src/lib/libcrypto/dsa/dsa_sign.c index e9469ca62fd..0f55ea1868c 100644 --- a/src/lib/libcrypto/dsa/dsa_sign.c +++ b/src/lib/libcrypto/dsa/dsa_sign.c @@ -1,4 +1,4 @@ -/* crypto/dsa/dsa_sign.c */ +/* $OpenBSD: dsa_sign.c,v 1.20 2018/06/14 17:01:49 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -58,36 +58,33 @@ /* Original version from Steven Schoch */ -#include -#include "cryptlib.h" #include #include -#include -#include -#include -DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) - { +DSA_SIG * +DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) +{ return dsa->meth->dsa_do_sign(dgst, dlen, dsa); - } - -int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, - unsigned int *siglen, DSA *dsa) - { - DSA_SIG *s; - s=DSA_do_sign(dgst,dlen,dsa); - if (s == NULL) - { - *siglen=0; - return(0); - } - *siglen=i2d_DSA_SIG(s,&sig); - DSA_SIG_free(s); - return(1); - } +} -int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) - { +int +DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) +{ return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp); - } +} + +DSA_SIG * +DSA_SIG_new(void) +{ + return calloc(1, sizeof(DSA_SIG)); +} +void +DSA_SIG_free(DSA_SIG *sig) +{ + if (sig != NULL) { + BN_free(sig->r); + BN_free(sig->s); + free(sig); + } +} diff --git a/src/lib/libcrypto/dsa/dsa_vrf.c b/src/lib/libcrypto/dsa/dsa_vrf.c index 066c6b5b284..1965338f1fa 100644 --- a/src/lib/libcrypto/dsa/dsa_vrf.c +++ b/src/lib/libcrypto/dsa/dsa_vrf.c @@ -1,4 +1,4 @@ -/* crypto/dsa/dsa_vrf.c */ +/* $OpenBSD: dsa_vrf.c,v 1.16 2014/07/11 08:44:48 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -58,38 +58,10 @@ /* Original version from Steven Schoch */ -#include -#include "cryptlib.h" -#include #include -#include -#include -#include -#include -int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, - DSA *dsa) - { +int +DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa) +{ return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa); - } - -/* data has already been hashed (probably with SHA or SHA-1). */ -/* returns - * 1: correct signature - * 0: incorrect signature - * -1: error - */ -int DSA_verify(int type, const unsigned char *dgst, int dgst_len, - const unsigned char *sigbuf, int siglen, DSA *dsa) - { - DSA_SIG *s; - int ret=-1; - - s = DSA_SIG_new(); - if (s == NULL) return(ret); - if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err; - ret=DSA_do_verify(dgst,dgst_len,s,dsa); -err: - DSA_SIG_free(s); - return(ret); - } +} diff --git a/src/lib/libcrypto/dsa/dsagen.c b/src/lib/libcrypto/dsa/dsagen.c deleted file mode 100644 index a0b09766408..00000000000 --- a/src/lib/libcrypto/dsa/dsagen.c +++ /dev/null @@ -1,111 +0,0 @@ -/* crypto/dsa/dsagen.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include - -#define TEST -#define GENUINE_DSA - -#ifdef GENUINE_DSA -#define LAST_VALUE 0xbd -#else -#define LAST_VALUE 0xd3 -#endif - -#ifdef TEST -unsigned char seed[20]={ - 0xd5,0x01,0x4e,0x4b, - 0x60,0xef,0x2b,0xa8, - 0xb6,0x21,0x1b,0x40, - 0x62,0xba,0x32,0x24, - 0xe0,0x42,0x7d,LAST_VALUE}; -#endif - -int cb(int p, int n) - { - char c='*'; - - if (p == 0) c='.'; - if (p == 1) c='+'; - if (p == 2) c='*'; - if (p == 3) c='\n'; - printf("%c",c); - fflush(stdout); - } - -main() - { - int i; - BIGNUM *n; - BN_CTX *ctx; - unsigned char seed_buf[20]; - DSA *dsa; - int counter,h; - BIO *bio_err=NULL; - - if (bio_err == NULL) - bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); - - memcpy(seed_buf,seed,20); - dsa=DSA_generate_parameters(1024,seed,20,&counter,&h,cb); - - if (dsa == NULL) - DSA_print(bio_err,dsa,0); - } - diff --git a/src/lib/libcrypto/dsa/dsatest.c b/src/lib/libcrypto/dsa/dsatest.c deleted file mode 100644 index 12da64f9f49..00000000000 --- a/src/lib/libcrypto/dsa/dsatest.c +++ /dev/null @@ -1,237 +0,0 @@ -/* crypto/dsa/dsatest.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#ifdef OPENSSL_SYS_WINDOWS -#include "../bio/bss_file.c" -#endif - -#ifdef OPENSSL_NO_DSA -int main(int argc, char *argv[]) -{ - printf("No DSA support\n"); - return(0); -} -#else -#include - -#ifdef OPENSSL_SYS_WIN16 -#define MS_CALLBACK _far _loadds -#else -#define MS_CALLBACK -#endif - -static void MS_CALLBACK dsa_cb(int p, int n, void *arg); - -/* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to - * FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */ -static unsigned char seed[20]={ - 0xd5,0x01,0x4e,0x4b,0x60,0xef,0x2b,0xa8,0xb6,0x21,0x1b,0x40, - 0x62,0xba,0x32,0x24,0xe0,0x42,0x7d,0xd3, - }; - -static unsigned char out_p[]={ - 0x8d,0xf2,0xa4,0x94,0x49,0x22,0x76,0xaa, - 0x3d,0x25,0x75,0x9b,0xb0,0x68,0x69,0xcb, - 0xea,0xc0,0xd8,0x3a,0xfb,0x8d,0x0c,0xf7, - 0xcb,0xb8,0x32,0x4f,0x0d,0x78,0x82,0xe5, - 0xd0,0x76,0x2f,0xc5,0xb7,0x21,0x0e,0xaf, - 0xc2,0xe9,0xad,0xac,0x32,0xab,0x7a,0xac, - 0x49,0x69,0x3d,0xfb,0xf8,0x37,0x24,0xc2, - 0xec,0x07,0x36,0xee,0x31,0xc8,0x02,0x91, - }; - -static unsigned char out_q[]={ - 0xc7,0x73,0x21,0x8c,0x73,0x7e,0xc8,0xee, - 0x99,0x3b,0x4f,0x2d,0xed,0x30,0xf4,0x8e, - 0xda,0xce,0x91,0x5f, - }; - -static unsigned char out_g[]={ - 0x62,0x6d,0x02,0x78,0x39,0xea,0x0a,0x13, - 0x41,0x31,0x63,0xa5,0x5b,0x4c,0xb5,0x00, - 0x29,0x9d,0x55,0x22,0x95,0x6c,0xef,0xcb, - 0x3b,0xff,0x10,0xf3,0x99,0xce,0x2c,0x2e, - 0x71,0xcb,0x9d,0xe5,0xfa,0x24,0xba,0xbf, - 0x58,0xe5,0xb7,0x95,0x21,0x92,0x5c,0x9c, - 0xc4,0x2e,0x9f,0x6f,0x46,0x4b,0x08,0x8c, - 0xc5,0x72,0xaf,0x53,0xe6,0xd7,0x88,0x02, - }; - -static const unsigned char str1[]="12345678901234567890"; - -static const char rnd_seed[] = "string to make the random number generator think it has entropy"; - -static BIO *bio_err=NULL; - -int main(int argc, char **argv) - { - DSA *dsa=NULL; - int counter,ret=0,i,j; - unsigned char buf[256]; - unsigned long h; - unsigned char sig[256]; - unsigned int siglen; - - if (bio_err == NULL) - bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); - - CRYPTO_malloc_debug_init(); - CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - - ERR_load_crypto_strings(); - RAND_seed(rnd_seed, sizeof rnd_seed); - - BIO_printf(bio_err,"test generation of DSA parameters\n"); - - dsa=DSA_generate_parameters(512,seed,20,&counter,&h,dsa_cb,bio_err); - - BIO_printf(bio_err,"seed\n"); - for (i=0; i<20; i+=4) - { - BIO_printf(bio_err,"%02X%02X%02X%02X ", - seed[i],seed[i+1],seed[i+2],seed[i+3]); - } - BIO_printf(bio_err,"\ncounter=%d h=%d\n",counter,h); - - if (dsa == NULL) goto end; - DSA_print(bio_err,dsa,0); - if (counter != 105) - { - BIO_printf(bio_err,"counter should be 105\n"); - goto end; - } - if (h != 2) - { - BIO_printf(bio_err,"h should be 2\n"); - goto end; - } - - i=BN_bn2bin(dsa->q,buf); - j=sizeof(out_q); - if ((i != j) || (memcmp(buf,out_q,i) != 0)) - { - BIO_printf(bio_err,"q value is wrong\n"); - goto end; - } - - i=BN_bn2bin(dsa->p,buf); - j=sizeof(out_p); - if ((i != j) || (memcmp(buf,out_p,i) != 0)) - { - BIO_printf(bio_err,"p value is wrong\n"); - goto end; - } - - i=BN_bn2bin(dsa->g,buf); - j=sizeof(out_g); - if ((i != j) || (memcmp(buf,out_g,i) != 0)) - { - BIO_printf(bio_err,"g value is wrong\n"); - goto end; - } - DSA_generate_key(dsa); - DSA_sign(0, str1, 20, sig, &siglen, dsa); - if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1) - ret=1; -end: - if (!ret) - ERR_print_errors(bio_err); - if (dsa != NULL) DSA_free(dsa); - CRYPTO_cleanup_all_ex_data(); - ERR_remove_state(0); - ERR_free_strings(); - CRYPTO_mem_leaks(bio_err); - if (bio_err != NULL) - { - BIO_free(bio_err); - bio_err = NULL; - } - exit(!ret); - return(0); - } - -static void MS_CALLBACK dsa_cb(int p, int n, void *arg) - { - char c='*'; - static int ok=0,num=0; - - if (p == 0) { c='.'; num++; }; - if (p == 1) c='+'; - if (p == 2) { c='*'; ok++; } - if (p == 3) c='\n'; - BIO_write(arg,&c,1); - (void)BIO_flush(arg); - - if (!ok && (p == 0) && (num > 1)) - { - BIO_printf((BIO *)arg,"error in dsatest\n"); - exit(1); - } - } -#endif diff --git a/src/lib/libcrypto/dsa/fips186a.txt b/src/lib/libcrypto/dsa/fips186a.txt deleted file mode 100644 index 3a2e0a0d51a..00000000000 --- a/src/lib/libcrypto/dsa/fips186a.txt +++ /dev/null @@ -1,122 +0,0 @@ -The origional FIPE 180 used SHA-0 (FIPS 180) for its appendix 5 -examples. This is an updated version that uses SHA-1 (FIPS 180-1) -supplied to me by Wei Dai --- - APPENDIX 5. EXAMPLE OF THE DSA - - -This appendix is for informational purposes only and is not required to meet -the standard. - -Let L = 512 (size of p). The values in this example are expressed in -hexadecimal notation. The p and q given here were generated by the prime -generation standard described in appendix 2 using the 160-bit SEED: - - d5014e4b 60ef2ba8 b6211b40 62ba3224 e0427dd3 - -With this SEED, the algorithm found p and q when the counter was at 105. - -x was generated by the algorithm described in appendix 3, section 3.1, using -the SHA to construct G (as in appendix 3, section 3.3) and a 160-bit XSEED: - -XSEED = - - bd029bbe 7f51960b cf9edb2b 61f06f0f eb5a38b6 - -t = - 67452301 EFCDAB89 98BADCFE 10325476 C3D2E1F0 - -x = G(t,XSEED) mod q - -k was generated by the algorithm described in appendix 3, section 3.2, using -the SHA to construct G (as in appendix 3, section 3.3) and a 160-bit KSEED: - -KSEED = - - 687a66d9 0648f993 867e121f 4ddf9ddb 01205584 - -t = - EFCDAB89 98BADCFE 10325476 C3D2E1F0 67452301 - -k = G(t,KSEED) mod q - -Finally: - -h = 2 - -p = - 8df2a494 492276aa 3d25759b b06869cb eac0d83a fb8d0cf7 - cbb8324f 0d7882e5 d0762fc5 b7210eaf c2e9adac 32ab7aac - 49693dfb f83724c2 ec0736ee 31c80291 - - -q = - c773218c 737ec8ee 993b4f2d ed30f48e dace915f - - -g = - 626d0278 39ea0a13 413163a5 5b4cb500 299d5522 956cefcb - 3bff10f3 99ce2c2e 71cb9de5 fa24babf 58e5b795 21925c9c - c42e9f6f 464b088c c572af53 e6d78802 - - -x = - 2070b322 3dba372f de1c0ffc 7b2e3b49 8b260614 - - -k = - 358dad57 1462710f 50e254cf 1a376b2b deaadfbf - - -kinv = - - 0d516729 8202e49b 4116ac10 4fc3f415 ae52f917 - -M = ASCII form of "abc" (See FIPS PUB 180-1, Appendix A) - -SHA(M) = - - a9993e36 4706816a ba3e2571 7850c26c 9cd0d89d - - -y = - - 19131871 d75b1612 a819f29d 78d1b0d7 346f7aa7 7bb62a85 - 9bfd6c56 75da9d21 2d3a36ef 1672ef66 0b8c7c25 5cc0ec74 - 858fba33 f44c0669 9630a76b 030ee333 - - -r = - 8bac1ab6 6410435c b7181f95 b16ab97c 92b341c0 - -s = - 41e2345f 1f56df24 58f426d1 55b4ba2d b6dcd8c8 - - -w = - 9df4ece5 826be95f ed406d41 b43edc0b 1c18841b - - -u1 = - bf655bd0 46f0b35e c791b004 804afcbb 8ef7d69d - - -u2 = - 821a9263 12e97ade abcc8d08 2b527897 8a2df4b0 - - -gu1 mod p = - - 51b1bf86 7888e5f3 af6fb476 9dd016bc fe667a65 aafc2753 - 9063bd3d 2b138b4c e02cc0c0 2ec62bb6 7306c63e 4db95bbf - 6f96662a 1987a21b e4ec1071 010b6069 - - -yu2 mod p = - - 8b510071 2957e950 50d6b8fd 376a668e 4b0d633c 1e46e665 - 5c611a72 e2b28483 be52c74d 4b30de61 a668966e dc307a67 - c19441f4 22bf3c34 08aeba1f 0a4dbec7 - -v = - 8bac1ab6 6410435c b7181f95 b16ab97c 92b341c0 diff --git a/src/lib/libcrypto/dso/Makefile.ssl b/src/lib/libcrypto/dso/Makefile.ssl deleted file mode 100644 index 1f48fdb8a7e..00000000000 --- a/src/lib/libcrypto/dso/Makefile.ssl +++ /dev/null @@ -1,142 +0,0 @@ -# -# SSLeay/crypto/dso/Makefile -# - -DIR= dso -TOP= ../.. -CC= cc -INCLUDES= -I.. -I$(TOP) -I../../include -CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKE= make -f Makefile.ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) -MAKEFILE= Makefile.ssl -AR= ar r - -CFLAGS= $(INCLUDES) $(CFLAG) - -GENERAL=Makefile -TEST= -APPS= - -LIB=$(TOP)/libcrypto.a -LIBSRC= dso_dl.c dso_dlfcn.c dso_err.c dso_lib.c dso_null.c \ - dso_openssl.c dso_win32.c dso_vms.c -LIBOBJ= dso_dl.o dso_dlfcn.o dso_err.o dso_lib.o dso_null.o \ - dso_openssl.o dso_win32.o dso_vms.o - -SRC= $(LIBSRC) - -EXHEADER= dso.h -HEADER= $(EXHEADER) - -ALL= $(GENERAL) $(SRC) $(HEADER) - -top: - (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) - -all: lib - -lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) || echo Never mind. - @touch lib - -files: - $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO - -links: - @sh $(TOP)/util/point.sh Makefile.ssl Makefile - @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) - @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) - @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) - -install: - @for i in $(EXHEADER) ; \ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; - -tags: - ctags $(SRC) - -tests: - -lint: - lint -DLINT $(INCLUDES) $(SRC)>fluff - -depend: - $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) - -dclean: - $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new - mv -f Makefile.new $(MAKEFILE) - -clean: - rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff - -# DO NOT DELETE THIS LINE -- make depend depends on it. - -dso_dl.o: ../../e_os.h ../../include/openssl/bio.h -dso_dl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -dso_dl.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h -dso_dl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -dso_dl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -dso_dl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -dso_dl.o: ../../include/openssl/symhacks.h ../cryptlib.h dso_dl.c -dso_dlfcn.o: ../../e_os.h ../../include/openssl/bio.h -dso_dlfcn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -dso_dlfcn.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h -dso_dlfcn.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -dso_dlfcn.o: ../../include/openssl/opensslconf.h -dso_dlfcn.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -dso_dlfcn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -dso_dlfcn.o: ../cryptlib.h dso_dlfcn.c -dso_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h -dso_err.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h -dso_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -dso_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -dso_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -dso_err.o: ../../include/openssl/symhacks.h dso_err.c -dso_lib.o: ../../e_os.h ../../include/openssl/bio.h -dso_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -dso_lib.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h -dso_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -dso_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -dso_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -dso_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h dso_lib.c -dso_null.o: ../../e_os.h ../../include/openssl/bio.h -dso_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -dso_null.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h -dso_null.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -dso_null.o: ../../include/openssl/opensslconf.h -dso_null.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -dso_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -dso_null.o: ../cryptlib.h dso_null.c -dso_openssl.o: ../../e_os.h ../../include/openssl/bio.h -dso_openssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -dso_openssl.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h -dso_openssl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -dso_openssl.o: ../../include/openssl/opensslconf.h -dso_openssl.o: ../../include/openssl/opensslv.h -dso_openssl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -dso_openssl.o: ../../include/openssl/symhacks.h ../cryptlib.h dso_openssl.c -dso_vms.o: ../../e_os.h ../../include/openssl/bio.h -dso_vms.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -dso_vms.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h -dso_vms.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -dso_vms.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -dso_vms.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -dso_vms.o: ../../include/openssl/symhacks.h ../cryptlib.h dso_vms.c -dso_win32.o: ../../e_os.h ../../include/openssl/bio.h -dso_win32.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -dso_win32.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h -dso_win32.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -dso_win32.o: ../../include/openssl/opensslconf.h -dso_win32.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -dso_win32.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -dso_win32.o: ../cryptlib.h dso_win32.c diff --git a/src/lib/libcrypto/dso/README b/src/lib/libcrypto/dso/README deleted file mode 100644 index d0bc9a89fbd..00000000000 --- a/src/lib/libcrypto/dso/README +++ /dev/null @@ -1,22 +0,0 @@ -NOTES ------ - -I've checked out HPUX (well, version 11 at least) and shl_t is -a pointer type so it's safe to use in the way it has been in -dso_dl.c. On the other hand, HPUX11 support dlfcn too and -according to their man page, prefer developers to move to that. -I'll leave Richard's changes there as I guess dso_dl is needed -for HPUX10.20. - -There is now a callback scheme in place where filename conversion can -(a) be turned off altogether through the use of the - DSO_FLAG_NO_NAME_TRANSLATION flag, -(b) be handled by default using the default DSO_METHOD's converter -(c) overriden per-DSO by setting the override callback -(d) a mix of (b) and (c) - eg. implement an override callback that; - (i) checks if we're win32 (if(strstr(dso->meth->name, "win32")....) - and if so, convert "blah" into "blah32.dll" (the default is - otherwise to make it "blah.dll"). - (ii) default to the normal behaviour - we're not on win32, eg. - finish with (return dso->meth->dso_name_converter(dso,NULL)). - diff --git a/src/lib/libcrypto/dso/dso.h b/src/lib/libcrypto/dso/dso.h index aa721f7febb..6c982c9f97e 100644 --- a/src/lib/libcrypto/dso/dso.h +++ b/src/lib/libcrypto/dso/dso.h @@ -1,4 +1,4 @@ -/* dso.h */ +/* $OpenBSD: dso.h,v 1.12 2016/03/15 20:50:22 krw Exp $ */ /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL * project 2000. */ @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -74,7 +74,7 @@ extern "C" { * typical for the platform (more specifically the DSO_METHOD) using the * dso_name_converter function of the method. Eg. win32 will transform "blah" * into "blah.dll", and dlfcn will transform it into "libblah.so". The - * behaviour can be overriden by setting the name_converter callback in the DSO + * behaviour can be overridden by setting the name_converter callback in the DSO * object (using DSO_set_name_converter()). This callback could even utilise * the DSO_METHOD's converter too if it only wants to override behaviour for * one or two possible DSO methods. However, the following flag can be set in a @@ -95,6 +95,13 @@ extern "C" { */ #define DSO_FLAG_UPCASE_SYMBOL 0x10 +/* This flag loads the library with public symbols. + * Meaning: The exported symbols of this library are public + * to all libraries loaded after this library. + * At the moment only implemented in unix. + */ +#define DSO_FLAG_GLOBAL_SYMBOLS 0x20 + typedef void (*DSO_FUNC_TYPE)(void); @@ -105,15 +112,30 @@ typedef struct dso_st DSO; * (or NULL if they are to be used independantly of a DSO object) and a * filename to transform. They should either return NULL (if there is an error * condition) or a newly allocated string containing the transformed form that - * the caller will need to free with OPENSSL_free() when done. */ + * the caller will need to free with free() when done. */ typedef char* (*DSO_NAME_CONVERTER_FUNC)(DSO *, const char *); - -typedef struct dso_meth_st - { +/* The function prototype used for method functions (or caller-provided + * callbacks) that merge two file specifications. They are passed a + * DSO structure pointer (or NULL if they are to be used independantly of + * a DSO object) and two file specifications to merge. They should + * either return NULL (if there is an error condition) or a newly allocated + * string containing the result of merging that the caller will need + * to free with free() when done. + * Here, merging means that bits and pieces are taken from each of the + * file specifications and added together in whatever fashion that is + * sensible for the DSO method in question. The only rule that really + * applies is that if the two specification contain pieces of the same + * type, the copy from the first string takes priority. One could see + * it as the first specification is the one given by the user and the + * second being a bunch of defaults to add on if they're missing in the + * first. */ +typedef char* (*DSO_MERGER_FUNC)(DSO *, const char *, const char *); + +typedef struct dso_meth_st { const char *name; /* Loads a shared library, NB: new DSO_METHODs must ensure that a * successful load populates the loaded_filename field, and likewise a - * successful unload OPENSSL_frees and NULLs it out. */ + * successful unload frees and NULLs it out. */ int (*dso_load)(DSO *dso); /* Unloads a shared library */ int (*dso_unload)(DSO *dso); @@ -127,46 +149,50 @@ typedef struct dso_meth_st * alone a DSO_METHOD implemented for them. */ DSO_FUNC_TYPE (*dso_bind_func)(DSO *dso, const char *symname); -/* I don't think this would actually be used in any circumstances. */ -#if 0 - /* Unbinds a variable */ - int (*dso_unbind_var)(DSO *dso, char *symname, void *symptr); - /* Unbinds a function */ - int (*dso_unbind_func)(DSO *dso, char *symname, DSO_FUNC_TYPE symptr); -#endif /* The generic (yuck) "ctrl()" function. NB: Negative return * values (rather than zero) indicate errors. */ long (*dso_ctrl)(DSO *dso, int cmd, long larg, void *parg); /* The default DSO_METHOD-specific function for converting filenames to * a canonical native form. */ DSO_NAME_CONVERTER_FUNC dso_name_converter; + /* The default DSO_METHOD-specific function for converting filenames to + * a canonical native form. */ + DSO_MERGER_FUNC dso_merger; /* [De]Initialisation handlers. */ int (*init)(DSO *dso); int (*finish)(DSO *dso); - } DSO_METHOD; + + /* Return pathname of the module containing location */ + int (*pathbyaddr)(void *addr, char *path, int sz); + /* Perform global symbol lookup, i.e. among *all* modules */ + void *(*globallookup)(const char *symname); +} DSO_METHOD; /**********************************************************************/ /* The low-level handle type used to refer to a loaded shared library */ -struct dso_st - { +struct dso_st { DSO_METHOD *meth; /* Standard dlopen uses a (void *). Win32 uses a HANDLE. VMS * doesn't use anything but will need to cache the filename * for use in the dso_bind handler. All in all, let each * method control its own destiny. "Handles" and such go in * a STACK. */ - STACK *meth_data; + STACK_OF(void) *meth_data; int references; int flags; /* For use by applications etc ... use this for your bits'n'pieces, * don't touch meth_data! */ CRYPTO_EX_DATA ex_data; /* If this callback function pointer is set to non-NULL, then it will - * be used on DSO_load() in place of meth->dso_name_converter. NB: This + * be used in DSO_load() in place of meth->dso_name_converter. NB: This * should normally set using DSO_set_name_converter(). */ DSO_NAME_CONVERTER_FUNC name_converter; + /* If this callback function pointer is set to non-NULL, then it will + * be used in DSO_load() in place of meth->dso_merger. NB: This + * should normally set using DSO_set_merger(). */ + DSO_MERGER_FUNC merger; /* This is populated with (a copy of) the platform-independant * filename used for this DSO. */ char *filename; @@ -180,7 +206,7 @@ struct dso_st * corresponds to a loaded library or not, and (b) the filename with * which it was actually loaded. */ char *loaded_filename; - }; +}; DSO * DSO_new(void); @@ -195,7 +221,7 @@ long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg); * oldcb is non-NULL then it is set to the function pointer value being * replaced. Return value is non-zero for success. */ int DSO_set_name_converter(DSO *dso, DSO_NAME_CONVERTER_FUNC cb, - DSO_NAME_CONVERTER_FUNC *oldcb); + DSO_NAME_CONVERTER_FUNC *oldcb); /* These functions can be used to get/set the platform-independant filename * used for a DSO. NB: set will fail if the DSO is already loaded. */ const char *DSO_get_filename(DSO *dso); @@ -207,8 +233,13 @@ int DSO_set_filename(DSO *dso, const char *filename); * simply duplicated. NB: This function is usually called from within a * DSO_METHOD during the processing of a DSO_load() call, and is exposed so that * caller-created DSO_METHODs can do the same thing. A non-NULL return value - * will need to be OPENSSL_free()'d. */ + * will need to be free()'d. */ char *DSO_convert_filename(DSO *dso, const char *filename); +/* This function will invoke the DSO's merger callback to merge two file + * specifications, or if the callback isn't set it will instead use the + * DSO_METHOD's merger. A non-NULL return value will need to be + * free()'d. */ +char *DSO_merge(DSO *dso, const char *filespec1, const char *filespec2); /* If the DSO is currently loaded, this returns the filename that it was loaded * under, otherwise it returns NULL. So it is also useful as a test as to * whether the DSO is currently loaded. NB: This will not necessarily return @@ -250,16 +281,26 @@ DSO_METHOD *DSO_METHOD_null(void); * this method. If not, this method will return NULL. */ DSO_METHOD *DSO_METHOD_dlfcn(void); -/* If DSO_DL is defined, the standard dl.h-style functions (shl_load, - * shl_unload, shl_findsym, etc) will be used and incorporated into - * this method. If not, this method will return NULL. */ -DSO_METHOD *DSO_METHOD_dl(void); - -/* If WIN32 is defined, use DLLs. If not, return NULL. */ -DSO_METHOD *DSO_METHOD_win32(void); - -/* If VMS is defined, use shared images. If not, return NULL. */ -DSO_METHOD *DSO_METHOD_vms(void); +/* This function writes null-terminated pathname of DSO module + * containing 'addr' into 'sz' large caller-provided 'path' and + * returns the number of characters [including trailing zero] + * written to it. If 'sz' is 0 or negative, 'path' is ignored and + * required amount of charachers [including trailing zero] to + * accommodate pathname is returned. If 'addr' is NULL, then + * pathname of cryptolib itself is returned. Negative or zero + * return value denotes error. + */ +int DSO_pathbyaddr(void *addr, char *path, int sz); + +/* This function should be used with caution! It looks up symbols in + * *all* loaded modules and if module gets unloaded by somebody else + * attempt to dereference the pointer is doomed to have fatal + * consequences. Primary usage for this function is to probe *core* + * system functionality, e.g. check if getnameinfo(3) is available + * at run-time without bothering about OS-specific details such as + * libc.so.versioning or where does it actually reside: in libc + * itself or libsocket. */ +void *DSO_global_lookup(const char *name); /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes @@ -270,14 +311,21 @@ void ERR_load_DSO_strings(void); /* Error codes for the DSO functions. */ /* Function codes. */ +#define DSO_F_BEOS_BIND_FUNC 144 +#define DSO_F_BEOS_BIND_VAR 145 +#define DSO_F_BEOS_LOAD 146 +#define DSO_F_BEOS_NAME_CONVERTER 147 +#define DSO_F_BEOS_UNLOAD 148 #define DSO_F_DLFCN_BIND_FUNC 100 #define DSO_F_DLFCN_BIND_VAR 101 #define DSO_F_DLFCN_LOAD 102 +#define DSO_F_DLFCN_MERGER 130 #define DSO_F_DLFCN_NAME_CONVERTER 123 #define DSO_F_DLFCN_UNLOAD 103 #define DSO_F_DL_BIND_FUNC 104 #define DSO_F_DL_BIND_VAR 105 #define DSO_F_DL_LOAD 106 +#define DSO_F_DL_MERGER 131 #define DSO_F_DL_NAME_CONVERTER 124 #define DSO_F_DL_UNLOAD 107 #define DSO_F_DSO_BIND_FUNC 108 @@ -287,28 +335,44 @@ void ERR_load_DSO_strings(void); #define DSO_F_DSO_FREE 111 #define DSO_F_DSO_GET_FILENAME 127 #define DSO_F_DSO_GET_LOADED_FILENAME 128 +#define DSO_F_DSO_GLOBAL_LOOKUP 139 #define DSO_F_DSO_LOAD 112 +#define DSO_F_DSO_MERGE 132 #define DSO_F_DSO_NEW_METHOD 113 +#define DSO_F_DSO_PATHBYADDR 140 #define DSO_F_DSO_SET_FILENAME 129 #define DSO_F_DSO_SET_NAME_CONVERTER 122 #define DSO_F_DSO_UP_REF 114 -#define DSO_F_VMS_BIND_VAR 115 +#define DSO_F_GLOBAL_LOOKUP_FUNC 138 +#define DSO_F_PATHBYADDR 137 +#define DSO_F_VMS_BIND_SYM 115 #define DSO_F_VMS_LOAD 116 +#define DSO_F_VMS_MERGER 133 #define DSO_F_VMS_UNLOAD 117 #define DSO_F_WIN32_BIND_FUNC 118 #define DSO_F_WIN32_BIND_VAR 119 +#define DSO_F_WIN32_GLOBALLOOKUP 142 +#define DSO_F_WIN32_GLOBALLOOKUP_FUNC 143 +#define DSO_F_WIN32_JOINER 135 #define DSO_F_WIN32_LOAD 120 +#define DSO_F_WIN32_MERGER 134 #define DSO_F_WIN32_NAME_CONVERTER 125 +#define DSO_F_WIN32_PATHBYADDR 141 +#define DSO_F_WIN32_SPLITTER 136 #define DSO_F_WIN32_UNLOAD 121 /* Reason codes. */ #define DSO_R_CTRL_FAILED 100 #define DSO_R_DSO_ALREADY_LOADED 110 +#define DSO_R_EMPTY_FILE_STRUCTURE 113 +#define DSO_R_FAILURE 114 #define DSO_R_FILENAME_TOO_BIG 101 #define DSO_R_FINISH_FAILED 102 +#define DSO_R_INCORRECT_FILE_SYNTAX 115 #define DSO_R_LOAD_FAILED 103 #define DSO_R_NAME_TRANSLATION_FAILED 109 #define DSO_R_NO_FILENAME 111 +#define DSO_R_NO_FILE_SPECIFICATION 116 #define DSO_R_NULL_HANDLE 104 #define DSO_R_SET_FILENAME_FAILED 112 #define DSO_R_STACK_ERROR 105 diff --git a/src/lib/libcrypto/dso/dso_dl.c b/src/lib/libcrypto/dso/dso_dl.c deleted file mode 100644 index 195717e9935..00000000000 --- a/src/lib/libcrypto/dso/dso_dl.c +++ /dev/null @@ -1,284 +0,0 @@ -/* dso_dl.c */ -/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL - * project 2000. - */ -/* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include "cryptlib.h" -#include - -#ifndef DSO_DL -DSO_METHOD *DSO_METHOD_dl(void) - { - return NULL; - } -#else - -#include - -/* Part of the hack in "dl_load" ... */ -#define DSO_MAX_TRANSLATED_SIZE 256 - -static int dl_load(DSO *dso); -static int dl_unload(DSO *dso); -static void *dl_bind_var(DSO *dso, const char *symname); -static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname); -#if 0 -static int dl_unbind_var(DSO *dso, char *symname, void *symptr); -static int dl_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr); -static int dl_init(DSO *dso); -static int dl_finish(DSO *dso); -static int dl_ctrl(DSO *dso, int cmd, long larg, void *parg); -#endif -static char *dl_name_converter(DSO *dso, const char *filename); - -static DSO_METHOD dso_meth_dl = { - "OpenSSL 'dl' shared library method", - dl_load, - dl_unload, - dl_bind_var, - dl_bind_func, -/* For now, "unbind" doesn't exist */ -#if 0 - NULL, /* unbind_var */ - NULL, /* unbind_func */ -#endif - NULL, /* ctrl */ - dl_name_converter, - NULL, /* init */ - NULL /* finish */ - }; - -DSO_METHOD *DSO_METHOD_dl(void) - { - return(&dso_meth_dl); - } - -/* For this DSO_METHOD, our meth_data STACK will contain; - * (i) the handle (shl_t) returned from shl_load(). - * NB: I checked on HPUX11 and shl_t is itself a pointer - * type so the cast is safe. - */ - -static int dl_load(DSO *dso) - { - shl_t ptr = NULL; - /* We don't do any fancy retries or anything, just take the method's - * (or DSO's if it has the callback set) best translation of the - * platform-independant filename and try once with that. */ - char *filename= DSO_convert_filename(dso, NULL); - - if(filename == NULL) - { - DSOerr(DSO_F_DL_LOAD,DSO_R_NO_FILENAME); - goto err; - } - ptr = shl_load(filename, BIND_IMMEDIATE|DYNAMIC_PATH, NULL); - if(ptr == NULL) - { - DSOerr(DSO_F_DL_LOAD,DSO_R_LOAD_FAILED); - ERR_add_error_data(4, "filename(", filename, "): ", - strerror(errno)); - goto err; - } - if(!sk_push(dso->meth_data, (char *)ptr)) - { - DSOerr(DSO_F_DL_LOAD,DSO_R_STACK_ERROR); - goto err; - } - /* Success, stick the converted filename we've loaded under into the DSO - * (it also serves as the indicator that we are currently loaded). */ - dso->loaded_filename = filename; - return(1); -err: - /* Cleanup! */ - if(filename != NULL) - OPENSSL_free(filename); - if(ptr != NULL) - shl_unload(ptr); - return(0); - } - -static int dl_unload(DSO *dso) - { - shl_t ptr; - if(dso == NULL) - { - DSOerr(DSO_F_DL_UNLOAD,ERR_R_PASSED_NULL_PARAMETER); - return(0); - } - if(sk_num(dso->meth_data) < 1) - return(1); - /* Is this statement legal? */ - ptr = (shl_t)sk_pop(dso->meth_data); - if(ptr == NULL) - { - DSOerr(DSO_F_DL_UNLOAD,DSO_R_NULL_HANDLE); - /* Should push the value back onto the stack in - * case of a retry. */ - sk_push(dso->meth_data, (char *)ptr); - return(0); - } - shl_unload(ptr); - return(1); - } - -static void *dl_bind_var(DSO *dso, const char *symname) - { - shl_t ptr; - void *sym; - - if((dso == NULL) || (symname == NULL)) - { - DSOerr(DSO_F_DL_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER); - return(NULL); - } - if(sk_num(dso->meth_data) < 1) - { - DSOerr(DSO_F_DL_BIND_VAR,DSO_R_STACK_ERROR); - return(NULL); - } - ptr = (shl_t)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1); - if(ptr == NULL) - { - DSOerr(DSO_F_DL_BIND_VAR,DSO_R_NULL_HANDLE); - return(NULL); - } - if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0) - { - DSOerr(DSO_F_DL_BIND_VAR,DSO_R_SYM_FAILURE); - ERR_add_error_data(4, "symname(", symname, "): ", - strerror(errno)); - return(NULL); - } - return(sym); - } - -static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname) - { - shl_t ptr; - void *sym; - - if((dso == NULL) || (symname == NULL)) - { - DSOerr(DSO_F_DL_BIND_FUNC,ERR_R_PASSED_NULL_PARAMETER); - return(NULL); - } - if(sk_num(dso->meth_data) < 1) - { - DSOerr(DSO_F_DL_BIND_FUNC,DSO_R_STACK_ERROR); - return(NULL); - } - ptr = (shl_t)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1); - if(ptr == NULL) - { - DSOerr(DSO_F_DL_BIND_FUNC,DSO_R_NULL_HANDLE); - return(NULL); - } - if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0) - { - DSOerr(DSO_F_DL_BIND_FUNC,DSO_R_SYM_FAILURE); - ERR_add_error_data(4, "symname(", symname, "): ", - strerror(errno)); - return(NULL); - } - return((DSO_FUNC_TYPE)sym); - } - -/* This function is identical to the one in dso_dlfcn.c, but as it is highly - * unlikely that both the "dl" *and* "dlfcn" variants are being compiled at the - * same time, there's no great duplicating the code. Figuring out an elegant - * way to share one copy of the code would be more difficult and would not - * leave the implementations independant. */ -#if defined(__hpux) -static const char extension[] = ".sl"; -#else -static const char extension[] = ".so"; -#endif -static char *dl_name_converter(DSO *dso, const char *filename) - { - char *translated; - int len, rsize, transform; - - len = strlen(filename); - rsize = len + 1; - transform = (strstr(filename, "/") == NULL); - { - /* We will convert this to "%s.s?" or "lib%s.s?" */ - rsize += strlen(extension);/* The length of ".s?" */ - if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) - rsize += 3; /* The length of "lib" */ - } - translated = OPENSSL_malloc(rsize); - if(translated == NULL) - { - DSOerr(DSO_F_DL_NAME_CONVERTER, - DSO_R_NAME_TRANSLATION_FAILED); - return(NULL); - } - if(transform) - { - if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) - sprintf(translated, "lib%s%s", filename, extension); - else - sprintf(translated, "%s%s", filename, extension); - } - else - sprintf(translated, "%s", filename); - return(translated); - } - -#endif /* DSO_DL */ diff --git a/src/lib/libcrypto/dso/dso_dlfcn.c b/src/lib/libcrypto/dso/dso_dlfcn.c index 906b4703de7..95afd26b82c 100644 --- a/src/lib/libcrypto/dso/dso_dlfcn.c +++ b/src/lib/libcrypto/dso/dso_dlfcn.c @@ -1,4 +1,4 @@ -/* dso_dlfcn.c */ +/* $OpenBSD: dso_dlfcn.c,v 1.29 2017/01/29 17:49:23 beck Exp $ */ /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL * project 2000. */ @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,18 +57,22 @@ */ #include -#include "cryptlib.h" +#include + #include +#include #ifndef DSO_DLFCN -DSO_METHOD *DSO_METHOD_dlfcn(void) - { +DSO_METHOD * +DSO_METHOD_dlfcn(void) +{ return NULL; - } +} #else #ifdef HAVE_DLFCN_H -#include +# include +# define HAVE_DLINFO 1 #endif /* Part of the hack in "dlfcn_load" ... */ @@ -78,212 +82,272 @@ static int dlfcn_load(DSO *dso); static int dlfcn_unload(DSO *dso); static void *dlfcn_bind_var(DSO *dso, const char *symname); static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname); -#if 0 -static int dlfcn_unbind(DSO *dso, char *symname, void *symptr); -static int dlfcn_init(DSO *dso); -static int dlfcn_finish(DSO *dso); -static long dlfcn_ctrl(DSO *dso, int cmd, long larg, void *parg); -#endif static char *dlfcn_name_converter(DSO *dso, const char *filename); +static char *dlfcn_merger(DSO *dso, const char *filespec1, + const char *filespec2); +static int dlfcn_pathbyaddr(void *addr, char *path, int sz); +static void *dlfcn_globallookup(const char *name); static DSO_METHOD dso_meth_dlfcn = { - "OpenSSL 'dlfcn' shared library method", - dlfcn_load, - dlfcn_unload, - dlfcn_bind_var, - dlfcn_bind_func, -/* For now, "unbind" doesn't exist */ -#if 0 - NULL, /* unbind_var */ - NULL, /* unbind_func */ -#endif - NULL, /* ctrl */ - dlfcn_name_converter, - NULL, /* init */ - NULL /* finish */ - }; - -DSO_METHOD *DSO_METHOD_dlfcn(void) - { - return(&dso_meth_dlfcn); - } + .name = "OpenSSL 'dlfcn' shared library method", + .dso_load = dlfcn_load, + .dso_unload = dlfcn_unload, + .dso_bind_var = dlfcn_bind_var, + .dso_bind_func = dlfcn_bind_func, + .dso_name_converter = dlfcn_name_converter, + .dso_merger = dlfcn_merger, + .pathbyaddr = dlfcn_pathbyaddr, + .globallookup = dlfcn_globallookup +}; -/* Prior to using the dlopen() function, we should decide on the flag - * we send. There's a few different ways of doing this and it's a - * messy venn-diagram to match up which platforms support what. So - * as we don't have autoconf yet, I'm implementing a hack that could - * be hacked further relatively easily to deal with cases as we find - * them. Initially this is to cope with OpenBSD. */ -#if defined(__OpenBSD__) || defined(__NetBSD__) -# ifdef DL_LAZY -# define DLOPEN_FLAG DL_LAZY -# else -# ifdef RTLD_NOW -# define DLOPEN_FLAG RTLD_NOW -# else -# define DLOPEN_FLAG 0 -# endif -# endif -#else -# define DLOPEN_FLAG RTLD_NOW /* Hope this works everywhere else */ -#endif +DSO_METHOD * +DSO_METHOD_dlfcn(void) +{ + return (&dso_meth_dlfcn); +} /* For this DSO_METHOD, our meth_data STACK will contain; * (i) the handle (void*) returned from dlopen(). */ -static int dlfcn_load(DSO *dso) - { +static int +dlfcn_load(DSO *dso) +{ void *ptr = NULL; /* See applicable comments in dso_dl.c */ char *filename = DSO_convert_filename(dso, NULL); + int flags = RTLD_LAZY; - if(filename == NULL) - { - DSOerr(DSO_F_DLFCN_LOAD,DSO_R_NO_FILENAME); + if (filename == NULL) { + DSOerror(DSO_R_NO_FILENAME); goto err; - } - ptr = dlopen(filename, DLOPEN_FLAG); - if(ptr == NULL) - { - DSOerr(DSO_F_DLFCN_LOAD,DSO_R_LOAD_FAILED); - ERR_add_error_data(4, "filename(", filename, "): ", dlerror()); + } + + if (dso->flags & DSO_FLAG_GLOBAL_SYMBOLS) + flags |= RTLD_GLOBAL; + ptr = dlopen(filename, flags); + if (ptr == NULL) { + DSOerror(DSO_R_LOAD_FAILED); + ERR_asprintf_error_data("filename(%s): %s", filename, + dlerror()); goto err; - } - if(!sk_push(dso->meth_data, (char *)ptr)) - { - DSOerr(DSO_F_DLFCN_LOAD,DSO_R_STACK_ERROR); + } + if (!sk_void_push(dso->meth_data, (char *)ptr)) { + DSOerror(DSO_R_STACK_ERROR); goto err; - } + } /* Success */ dso->loaded_filename = filename; - return(1); + return (1); + err: /* Cleanup! */ - if(filename != NULL) - OPENSSL_free(filename); - if(ptr != NULL) + free(filename); + if (ptr != NULL) dlclose(ptr); - return(0); + return (0); } -static int dlfcn_unload(DSO *dso) - { +static int +dlfcn_unload(DSO *dso) +{ void *ptr; - if(dso == NULL) - { - DSOerr(DSO_F_DLFCN_UNLOAD,ERR_R_PASSED_NULL_PARAMETER); - return(0); - } - if(sk_num(dso->meth_data) < 1) - return(1); - ptr = (void *)sk_pop(dso->meth_data); - if(ptr == NULL) - { - DSOerr(DSO_F_DLFCN_UNLOAD,DSO_R_NULL_HANDLE); + if (dso == NULL) { + DSOerror(ERR_R_PASSED_NULL_PARAMETER); + return (0); + } + if (sk_void_num(dso->meth_data) < 1) + return (1); + ptr = sk_void_pop(dso->meth_data); + if (ptr == NULL) { + DSOerror(DSO_R_NULL_HANDLE); /* Should push the value back onto the stack in * case of a retry. */ - sk_push(dso->meth_data, (char *)ptr); - return(0); - } + sk_void_push(dso->meth_data, ptr); + return (0); + } /* For now I'm not aware of any errors associated with dlclose() */ dlclose(ptr); - return(1); - } + return (1); +} -static void *dlfcn_bind_var(DSO *dso, const char *symname) - { +static void * +dlfcn_bind_var(DSO *dso, const char *symname) +{ void *ptr, *sym; - if((dso == NULL) || (symname == NULL)) - { - DSOerr(DSO_F_DLFCN_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER); - return(NULL); - } - if(sk_num(dso->meth_data) < 1) - { - DSOerr(DSO_F_DLFCN_BIND_VAR,DSO_R_STACK_ERROR); - return(NULL); - } - ptr = (void *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1); - if(ptr == NULL) - { - DSOerr(DSO_F_DLFCN_BIND_VAR,DSO_R_NULL_HANDLE); - return(NULL); - } + if ((dso == NULL) || (symname == NULL)) { + DSOerror(ERR_R_PASSED_NULL_PARAMETER); + return (NULL); + } + if (sk_void_num(dso->meth_data) < 1) { + DSOerror(DSO_R_STACK_ERROR); + return (NULL); + } + ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1); + if (ptr == NULL) { + DSOerror(DSO_R_NULL_HANDLE); + return (NULL); + } sym = dlsym(ptr, symname); - if(sym == NULL) - { - DSOerr(DSO_F_DLFCN_BIND_VAR,DSO_R_SYM_FAILURE); - ERR_add_error_data(4, "symname(", symname, "): ", dlerror()); - return(NULL); - } - return(sym); + if (sym == NULL) { + DSOerror(DSO_R_SYM_FAILURE); + ERR_asprintf_error_data("symname(%s): %s", symname, dlerror()); + return (NULL); } + return (sym); +} -static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname) - { +static DSO_FUNC_TYPE +dlfcn_bind_func(DSO *dso, const char *symname) +{ void *ptr; - DSO_FUNC_TYPE sym; + union { + DSO_FUNC_TYPE sym; + void *dlret; + } u; + + if ((dso == NULL) || (symname == NULL)) { + DSOerror(ERR_R_PASSED_NULL_PARAMETER); + return (NULL); + } + if (sk_void_num(dso->meth_data) < 1) { + DSOerror(DSO_R_STACK_ERROR); + return (NULL); + } + ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1); + if (ptr == NULL) { + DSOerror(DSO_R_NULL_HANDLE); + return (NULL); + } + u.dlret = dlsym(ptr, symname); + if (u.dlret == NULL) { + DSOerror(DSO_R_SYM_FAILURE); + ERR_asprintf_error_data("symname(%s): %s", symname, dlerror()); + return (NULL); + } + return u.sym; +} + +static char * +dlfcn_merger(DSO *dso, const char *filespec1, const char *filespec2) +{ + char *merged; - if((dso == NULL) || (symname == NULL)) - { - DSOerr(DSO_F_DLFCN_BIND_FUNC,ERR_R_PASSED_NULL_PARAMETER); - return(NULL); + if (!filespec1 && !filespec2) { + DSOerror(ERR_R_PASSED_NULL_PARAMETER); + return (NULL); + } + /* If the first file specification is a rooted path, it rules. + same goes if the second file specification is missing. */ + if (!filespec2 || (filespec1 != NULL && filespec1[0] == '/')) { + merged = strdup(filespec1); + if (!merged) { + DSOerror(ERR_R_MALLOC_FAILURE); + return (NULL); } - if(sk_num(dso->meth_data) < 1) - { - DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_STACK_ERROR); - return(NULL); + } + /* If the first file specification is missing, the second one rules. */ + else if (!filespec1) { + merged = strdup(filespec2); + if (!merged) { + DSOerror(ERR_R_MALLOC_FAILURE); + return (NULL); } - ptr = (void *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1); - if(ptr == NULL) - { - DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_NULL_HANDLE); - return(NULL); + } else + /* This part isn't as trivial as it looks. It assumes that + the second file specification really is a directory, and + makes no checks whatsoever. Therefore, the result becomes + the concatenation of filespec2 followed by a slash followed + by filespec1. */ + { + size_t spec2len, len; + + spec2len = strlen(filespec2); + len = spec2len + (filespec1 ? strlen(filespec1) : 0); + + if (filespec2 && filespec2[spec2len - 1] == '/') { + spec2len--; + len--; } - sym = (DSO_FUNC_TYPE)dlsym(ptr, symname); - if(sym == NULL) - { - DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_SYM_FAILURE); - ERR_add_error_data(4, "symname(", symname, "): ", dlerror()); - return(NULL); + merged = malloc(len + 2); + if (!merged) { + DSOerror(ERR_R_MALLOC_FAILURE); + return (NULL); } - return(sym); + strlcpy(merged, filespec2, len + 2); + merged[spec2len] = '/'; + strlcpy(&merged[spec2len + 1], filespec1, len + 1 - spec2len); } + return (merged); +} -static char *dlfcn_name_converter(DSO *dso, const char *filename) - { +#define DSO_ext ".so" +#define DSO_extlen 3 + +static char * +dlfcn_name_converter(DSO *dso, const char *filename) +{ char *translated; - int len, rsize, transform; - - len = strlen(filename); - rsize = len + 1; - transform = (strstr(filename, "/") == NULL); - if(transform) - { - /* We will convert this to "%s.so" or "lib%s.so" */ - rsize += 3; /* The length of ".so" */ - if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) - rsize += 3; /* The length of "lib" */ - } - translated = OPENSSL_malloc(rsize); - if(translated == NULL) - { - DSOerr(DSO_F_DLFCN_NAME_CONVERTER, - DSO_R_NAME_TRANSLATION_FAILED); - return(NULL); - } - if(transform) - { + int ret; + + if (strchr(filename, '/') == NULL) { + /* Bare name, so convert to "%s.so" or "lib%s.so" */ if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) - sprintf(translated, "lib%s.so", filename); + ret = asprintf(&translated, "lib%s" DSO_ext, filename); else - sprintf(translated, "%s.so", filename); - } - else - sprintf(translated, "%s", filename); - return(translated); + ret = asprintf(&translated, "%s" DSO_ext, filename); + if (ret == -1) + translated = NULL; + } else { + /* Full path, so just duplicate it */ + translated = strdup(filename); + } + + if (translated == NULL) + DSOerror(DSO_R_NAME_TRANSLATION_FAILED); + return (translated); +} + +static int +dlfcn_pathbyaddr(void *addr, char *path, int sz) +{ + Dl_info dli; + int len; + + if (addr == NULL) { + union{ + int(*f)(void*, char*, int); + void *p; + } t = { dlfcn_pathbyaddr }; + addr = t.p; } + if (dladdr(addr, &dli)) { + len = (int)strlen(dli.dli_fname); + if (sz <= 0) + return len + 1; + if (len >= sz) + len = sz - 1; + memcpy(path, dli.dli_fname, len); + path[len++] = 0; + return len; + } + + ERR_asprintf_error_data("dlfcn_pathbyaddr(): %s", dlerror()); + return -1; +} + +static void * +dlfcn_globallookup(const char *name) +{ + void *ret = NULL, *handle = dlopen(NULL, RTLD_LAZY); + + if (handle) { + ret = dlsym(handle, name); + dlclose(handle); + } + + return ret; +} #endif /* DSO_DLFCN */ diff --git a/src/lib/libcrypto/dso/dso_err.c b/src/lib/libcrypto/dso/dso_err.c index cf452de1aa0..be6375a3a72 100644 --- a/src/lib/libcrypto/dso/dso_err.c +++ b/src/lib/libcrypto/dso/dso_err.c @@ -1,13 +1,13 @@ -/* crypto/dso/dso_err.c */ +/* $OpenBSD: dso_err.c,v 1.9 2017/01/29 17:49:23 beck Exp $ */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -59,77 +59,53 @@ */ #include + +#include + #include #include /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -static ERR_STRING_DATA DSO_str_functs[]= - { -{ERR_PACK(0,DSO_F_DLFCN_BIND_FUNC,0), "DLFCN_BIND_FUNC"}, -{ERR_PACK(0,DSO_F_DLFCN_BIND_VAR,0), "DLFCN_BIND_VAR"}, -{ERR_PACK(0,DSO_F_DLFCN_LOAD,0), "DLFCN_LOAD"}, -{ERR_PACK(0,DSO_F_DLFCN_NAME_CONVERTER,0), "DLFCN_NAME_CONVERTER"}, -{ERR_PACK(0,DSO_F_DLFCN_UNLOAD,0), "DLFCN_UNLOAD"}, -{ERR_PACK(0,DSO_F_DL_BIND_FUNC,0), "DL_BIND_FUNC"}, -{ERR_PACK(0,DSO_F_DL_BIND_VAR,0), "DL_BIND_VAR"}, -{ERR_PACK(0,DSO_F_DL_LOAD,0), "DL_LOAD"}, -{ERR_PACK(0,DSO_F_DL_NAME_CONVERTER,0), "DL_NAME_CONVERTER"}, -{ERR_PACK(0,DSO_F_DL_UNLOAD,0), "DL_UNLOAD"}, -{ERR_PACK(0,DSO_F_DSO_BIND_FUNC,0), "DSO_bind_func"}, -{ERR_PACK(0,DSO_F_DSO_BIND_VAR,0), "DSO_bind_var"}, -{ERR_PACK(0,DSO_F_DSO_CONVERT_FILENAME,0), "DSO_convert_filename"}, -{ERR_PACK(0,DSO_F_DSO_CTRL,0), "DSO_ctrl"}, -{ERR_PACK(0,DSO_F_DSO_FREE,0), "DSO_free"}, -{ERR_PACK(0,DSO_F_DSO_GET_FILENAME,0), "DSO_get_filename"}, -{ERR_PACK(0,DSO_F_DSO_GET_LOADED_FILENAME,0), "DSO_get_loaded_filename"}, -{ERR_PACK(0,DSO_F_DSO_LOAD,0), "DSO_load"}, -{ERR_PACK(0,DSO_F_DSO_NEW_METHOD,0), "DSO_new_method"}, -{ERR_PACK(0,DSO_F_DSO_SET_FILENAME,0), "DSO_set_filename"}, -{ERR_PACK(0,DSO_F_DSO_SET_NAME_CONVERTER,0), "DSO_set_name_converter"}, -{ERR_PACK(0,DSO_F_DSO_UP_REF,0), "DSO_up_ref"}, -{ERR_PACK(0,DSO_F_VMS_BIND_VAR,0), "VMS_BIND_VAR"}, -{ERR_PACK(0,DSO_F_VMS_LOAD,0), "VMS_LOAD"}, -{ERR_PACK(0,DSO_F_VMS_UNLOAD,0), "VMS_UNLOAD"}, -{ERR_PACK(0,DSO_F_WIN32_BIND_FUNC,0), "WIN32_BIND_FUNC"}, -{ERR_PACK(0,DSO_F_WIN32_BIND_VAR,0), "WIN32_BIND_VAR"}, -{ERR_PACK(0,DSO_F_WIN32_LOAD,0), "WIN32_LOAD"}, -{ERR_PACK(0,DSO_F_WIN32_NAME_CONVERTER,0), "WIN32_NAME_CONVERTER"}, -{ERR_PACK(0,DSO_F_WIN32_UNLOAD,0), "WIN32_UNLOAD"}, -{0,NULL} - }; -static ERR_STRING_DATA DSO_str_reasons[]= - { -{DSO_R_CTRL_FAILED ,"control command failed"}, -{DSO_R_DSO_ALREADY_LOADED ,"dso already loaded"}, -{DSO_R_FILENAME_TOO_BIG ,"filename too big"}, -{DSO_R_FINISH_FAILED ,"cleanup method function failed"}, -{DSO_R_LOAD_FAILED ,"could not load the shared library"}, -{DSO_R_NAME_TRANSLATION_FAILED ,"name translation failed"}, -{DSO_R_NO_FILENAME ,"no filename"}, -{DSO_R_NULL_HANDLE ,"a null shared library handle was used"}, -{DSO_R_SET_FILENAME_FAILED ,"set filename failed"}, -{DSO_R_STACK_ERROR ,"the meth_data stack is corrupt"}, -{DSO_R_SYM_FAILURE ,"could not bind to the requested symbol name"}, -{DSO_R_UNLOAD_FAILED ,"could not unload the shared library"}, -{DSO_R_UNSUPPORTED ,"functionality not supported"}, -{0,NULL} - }; +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DSO,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSO,0,reason) -#endif +static ERR_STRING_DATA DSO_str_functs[]= { + {ERR_FUNC(0xfff), "CRYPTO_internal"}, + {0, NULL} +}; -void ERR_load_DSO_strings(void) - { - static int init=1; +static ERR_STRING_DATA DSO_str_reasons[]= { + {ERR_REASON(DSO_R_CTRL_FAILED) , "control command failed"}, + {ERR_REASON(DSO_R_DSO_ALREADY_LOADED) , "dso already loaded"}, + {ERR_REASON(DSO_R_EMPTY_FILE_STRUCTURE) , "empty file structure"}, + {ERR_REASON(DSO_R_FAILURE) , "failure"}, + {ERR_REASON(DSO_R_FILENAME_TOO_BIG) , "filename too big"}, + {ERR_REASON(DSO_R_FINISH_FAILED) , "cleanup method function failed"}, + {ERR_REASON(DSO_R_INCORRECT_FILE_SYNTAX) , "incorrect file syntax"}, + {ERR_REASON(DSO_R_LOAD_FAILED) , "could not load the shared library"}, + {ERR_REASON(DSO_R_NAME_TRANSLATION_FAILED), "name translation failed"}, + {ERR_REASON(DSO_R_NO_FILENAME) , "no filename"}, + {ERR_REASON(DSO_R_NO_FILE_SPECIFICATION) , "no file specification"}, + {ERR_REASON(DSO_R_NULL_HANDLE) , "a null shared library handle was used"}, + {ERR_REASON(DSO_R_SET_FILENAME_FAILED) , "set filename failed"}, + {ERR_REASON(DSO_R_STACK_ERROR) , "the meth_data stack is corrupt"}, + {ERR_REASON(DSO_R_SYM_FAILURE) , "could not bind to the requested symbol name"}, + {ERR_REASON(DSO_R_UNLOAD_FAILED) , "could not unload the shared library"}, + {ERR_REASON(DSO_R_UNSUPPORTED) , "functionality not supported"}, + {0, NULL} +}; - if (init) - { - init=0; -#ifndef OPENSSL_NO_ERR - ERR_load_strings(ERR_LIB_DSO,DSO_str_functs); - ERR_load_strings(ERR_LIB_DSO,DSO_str_reasons); #endif - } +void +ERR_load_DSO_strings(void) +{ +#ifndef OPENSSL_NO_ERR + if (ERR_func_error_string(DSO_str_functs[0].error) == NULL) { + ERR_load_strings(0, DSO_str_functs); + ERR_load_strings(0, DSO_str_reasons); } +#endif +} diff --git a/src/lib/libcrypto/dso/dso_lib.c b/src/lib/libcrypto/dso/dso_lib.c index 556069b9b82..6dc98803ece 100644 --- a/src/lib/libcrypto/dso/dso_lib.c +++ b/src/lib/libcrypto/dso/dso_lib.c @@ -1,4 +1,4 @@ -/* dso_lib.c */ +/* $OpenBSD: dso_lib.c,v 1.20 2018/08/24 19:27:01 tb Exp $ */ /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL * project 2000. */ @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,246 +57,229 @@ */ #include +#include + #include -#include "cryptlib.h" #include +#include static DSO_METHOD *default_DSO_meth = NULL; -DSO *DSO_new(void) - { - return(DSO_new_method(NULL)); - } +DSO * +DSO_new(void) +{ + return (DSO_new_method(NULL)); +} -void DSO_set_default_method(DSO_METHOD *meth) - { +void +DSO_set_default_method(DSO_METHOD *meth) +{ default_DSO_meth = meth; - } +} -DSO_METHOD *DSO_get_default_method(void) - { - return(default_DSO_meth); - } +DSO_METHOD * +DSO_get_default_method(void) +{ + return (default_DSO_meth); +} -DSO_METHOD *DSO_get_method(DSO *dso) - { - return(dso->meth); - } +DSO_METHOD * +DSO_get_method(DSO *dso) +{ + return (dso->meth); +} -DSO_METHOD *DSO_set_method(DSO *dso, DSO_METHOD *meth) - { +DSO_METHOD * +DSO_set_method(DSO *dso, DSO_METHOD *meth) +{ DSO_METHOD *mtmp; + mtmp = dso->meth; dso->meth = meth; - return(mtmp); - } + return (mtmp); +} -DSO *DSO_new_method(DSO_METHOD *meth) - { +DSO * +DSO_new_method(DSO_METHOD *meth) +{ DSO *ret; - if(default_DSO_meth == NULL) + if (default_DSO_meth == NULL) /* We default to DSO_METH_openssl() which in turn defaults * to stealing the "best available" method. Will fallback * to DSO_METH_null() in the worst case. */ default_DSO_meth = DSO_METHOD_openssl(); - ret = (DSO *)OPENSSL_malloc(sizeof(DSO)); - if(ret == NULL) - { - DSOerr(DSO_F_DSO_NEW_METHOD,ERR_R_MALLOC_FAILURE); - return(NULL); - } - memset(ret, 0, sizeof(DSO)); - ret->meth_data = sk_new_null(); - if(ret->meth_data == NULL) - { + ret = calloc(1, sizeof(DSO)); + if (ret == NULL) { + DSOerror(ERR_R_MALLOC_FAILURE); + return (NULL); + } + ret->meth_data = sk_void_new_null(); + if (ret->meth_data == NULL) { /* sk_new doesn't generate any errors so we do */ - DSOerr(DSO_F_DSO_NEW_METHOD,ERR_R_MALLOC_FAILURE); - OPENSSL_free(ret); - return(NULL); - } - if(meth == NULL) + DSOerror(ERR_R_MALLOC_FAILURE); + free(ret); + return (NULL); + } + if (meth == NULL) ret->meth = default_DSO_meth; else ret->meth = meth; ret->references = 1; - if((ret->meth->init != NULL) && !ret->meth->init(ret)) - { - OPENSSL_free(ret); - ret=NULL; - } - return(ret); + if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { + free(ret); + ret = NULL; } + return (ret); +} -int DSO_free(DSO *dso) - { - int i; - - if(dso == NULL) - { - DSOerr(DSO_F_DSO_FREE,ERR_R_PASSED_NULL_PARAMETER); - return(0); - } - - i=CRYPTO_add(&dso->references,-1,CRYPTO_LOCK_DSO); -#ifdef REF_PRINT - REF_PRINT("DSO",dso); -#endif - if(i > 0) return(1); -#ifdef REF_CHECK - if(i < 0) - { - fprintf(stderr,"DSO_free, bad reference count\n"); - abort(); - } -#endif +int +DSO_free(DSO *dso) +{ + int i; - if((dso->meth->dso_unload != NULL) && !dso->meth->dso_unload(dso)) - { - DSOerr(DSO_F_DSO_FREE,DSO_R_UNLOAD_FAILED); - return(0); - } - - if((dso->meth->finish != NULL) && !dso->meth->finish(dso)) - { - DSOerr(DSO_F_DSO_FREE,DSO_R_FINISH_FAILED); - return(0); - } - - sk_free(dso->meth_data); - if(dso->filename != NULL) - OPENSSL_free(dso->filename); - if(dso->loaded_filename != NULL) - OPENSSL_free(dso->loaded_filename); - - OPENSSL_free(dso); - return(1); + if (dso == NULL) { + DSOerror(ERR_R_PASSED_NULL_PARAMETER); + return (0); } -int DSO_flags(DSO *dso) - { - return((dso == NULL) ? 0 : dso->flags); + i = CRYPTO_add(&dso->references, -1, CRYPTO_LOCK_DSO); + if (i > 0) + return (1); + + if ((dso->meth->dso_unload != NULL) && !dso->meth->dso_unload(dso)) { + DSOerror(DSO_R_UNLOAD_FAILED); + return (0); } + if ((dso->meth->finish != NULL) && !dso->meth->finish(dso)) { + DSOerror(DSO_R_FINISH_FAILED); + return (0); + } + + sk_void_free(dso->meth_data); + free(dso->filename); + free(dso->loaded_filename); + free(dso); + return (1); +} + +int +DSO_flags(DSO *dso) +{ + return ((dso == NULL) ? 0 : dso->flags); +} -int DSO_up_ref(DSO *dso) - { - if (dso == NULL) - { - DSOerr(DSO_F_DSO_UP_REF,ERR_R_PASSED_NULL_PARAMETER); - return(0); - } - CRYPTO_add(&dso->references,1,CRYPTO_LOCK_DSO); - return(1); +int +DSO_up_ref(DSO *dso) +{ + int refs; + + if (dso == NULL) { + DSOerror(ERR_R_PASSED_NULL_PARAMETER); + return (0); } -DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags) - { + refs = CRYPTO_add(&dso->references, 1, CRYPTO_LOCK_DSO); + return ((refs > 1) ? 1 : 0); +} + +DSO * +DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags) +{ DSO *ret; int allocated = 0; - if(dso == NULL) - { + if (dso == NULL) { ret = DSO_new_method(meth); - if(ret == NULL) - { - DSOerr(DSO_F_DSO_LOAD,ERR_R_MALLOC_FAILURE); + if (ret == NULL) { + DSOerror(ERR_R_MALLOC_FAILURE); goto err; - } + } allocated = 1; /* Pass the provided flags to the new DSO object */ - if(DSO_ctrl(ret, DSO_CTRL_SET_FLAGS, flags, NULL) < 0) - { - DSOerr(DSO_F_DSO_LOAD,DSO_R_CTRL_FAILED); + if (DSO_ctrl(ret, DSO_CTRL_SET_FLAGS, flags, NULL) < 0) { + DSOerror(DSO_R_CTRL_FAILED); goto err; - } } - else + } else ret = dso; /* Don't load if we're currently already loaded */ - if(ret->filename != NULL) - { - DSOerr(DSO_F_DSO_LOAD,DSO_R_DSO_ALREADY_LOADED); + if (ret->filename != NULL) { + DSOerror(DSO_R_DSO_ALREADY_LOADED); goto err; - } + } /* filename can only be NULL if we were passed a dso that already has * one set. */ - if(filename != NULL) - if(!DSO_set_filename(ret, filename)) - { - DSOerr(DSO_F_DSO_LOAD,DSO_R_SET_FILENAME_FAILED); - goto err; - } + if (filename != NULL) + if (!DSO_set_filename(ret, filename)) { + DSOerror(DSO_R_SET_FILENAME_FAILED); + goto err; + } filename = ret->filename; - if(filename == NULL) - { - DSOerr(DSO_F_DSO_LOAD,DSO_R_NO_FILENAME); + if (filename == NULL) { + DSOerror(DSO_R_NO_FILENAME); goto err; - } - if(ret->meth->dso_load == NULL) - { - DSOerr(DSO_F_DSO_LOAD,DSO_R_UNSUPPORTED); + } + if (ret->meth->dso_load == NULL) { + DSOerror(DSO_R_UNSUPPORTED); goto err; - } - if(!ret->meth->dso_load(ret)) - { - DSOerr(DSO_F_DSO_LOAD,DSO_R_LOAD_FAILED); + } + if (!ret->meth->dso_load(ret)) { + DSOerror(DSO_R_LOAD_FAILED); goto err; - } + } /* Load succeeded */ - return(ret); + return (ret); + err: - if(allocated) + if (allocated) DSO_free(ret); - return(NULL); - } + return (NULL); +} -void *DSO_bind_var(DSO *dso, const char *symname) - { +void * +DSO_bind_var(DSO *dso, const char *symname) +{ void *ret = NULL; - if((dso == NULL) || (symname == NULL)) - { - DSOerr(DSO_F_DSO_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER); - return(NULL); - } - if(dso->meth->dso_bind_var == NULL) - { - DSOerr(DSO_F_DSO_BIND_VAR,DSO_R_UNSUPPORTED); - return(NULL); - } - if((ret = dso->meth->dso_bind_var(dso, symname)) == NULL) - { - DSOerr(DSO_F_DSO_BIND_VAR,DSO_R_SYM_FAILURE); - return(NULL); - } - /* Success */ - return(ret); + if ((dso == NULL) || (symname == NULL)) { + DSOerror(ERR_R_PASSED_NULL_PARAMETER); + return (NULL); + } + if (dso->meth->dso_bind_var == NULL) { + DSOerror(DSO_R_UNSUPPORTED); + return (NULL); + } + if ((ret = dso->meth->dso_bind_var(dso, symname)) == NULL) { + DSOerror(DSO_R_SYM_FAILURE); + return (NULL); } + /* Success */ + return (ret); +} -DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname) - { +DSO_FUNC_TYPE +DSO_bind_func(DSO *dso, const char *symname) +{ DSO_FUNC_TYPE ret = NULL; - if((dso == NULL) || (symname == NULL)) - { - DSOerr(DSO_F_DSO_BIND_FUNC,ERR_R_PASSED_NULL_PARAMETER); - return(NULL); - } - if(dso->meth->dso_bind_func == NULL) - { - DSOerr(DSO_F_DSO_BIND_FUNC,DSO_R_UNSUPPORTED); - return(NULL); - } - if((ret = dso->meth->dso_bind_func(dso, symname)) == NULL) - { - DSOerr(DSO_F_DSO_BIND_FUNC,DSO_R_SYM_FAILURE); - return(NULL); - } - /* Success */ - return(ret); + if ((dso == NULL) || (symname == NULL)) { + DSOerror(ERR_R_PASSED_NULL_PARAMETER); + return (NULL); + } + if (dso->meth->dso_bind_func == NULL) { + DSOerror(DSO_R_UNSUPPORTED); + return (NULL); } + if ((ret = dso->meth->dso_bind_func(dso, symname)) == NULL) { + DSOerror(DSO_R_SYM_FAILURE); + return (NULL); + } + /* Success */ + return (ret); +} /* I don't really like these *_ctrl functions very much to be perfectly * honest. For one thing, I think I have to return a negative value for @@ -306,134 +289,165 @@ DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname) * odd times. I'd prefer "output" values to be passed by reference and * the return value as success/failure like usual ... but we conform * when we must... :-) */ -long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg) - { - if(dso == NULL) - { - DSOerr(DSO_F_DSO_CTRL,ERR_R_PASSED_NULL_PARAMETER); - return(-1); - } +long +DSO_ctrl(DSO *dso, int cmd, long larg, void *parg) +{ + if (dso == NULL) { + DSOerror(ERR_R_PASSED_NULL_PARAMETER); + return (-1); + } /* We should intercept certain generic commands and only pass control * to the method-specific ctrl() function if it's something we don't * handle. */ - switch(cmd) - { + switch (cmd) { case DSO_CTRL_GET_FLAGS: return dso->flags; case DSO_CTRL_SET_FLAGS: dso->flags = (int)larg; - return(0); + return (0); case DSO_CTRL_OR_FLAGS: dso->flags |= (int)larg; - return(0); + return (0); default: break; - } - if((dso->meth == NULL) || (dso->meth->dso_ctrl == NULL)) - { - DSOerr(DSO_F_DSO_CTRL,DSO_R_UNSUPPORTED); - return(-1); - } - return(dso->meth->dso_ctrl(dso,cmd,larg,parg)); } + if ((dso->meth == NULL) || (dso->meth->dso_ctrl == NULL)) { + DSOerror(DSO_R_UNSUPPORTED); + return (-1); + } + return (dso->meth->dso_ctrl(dso, cmd, larg, parg)); +} -int DSO_set_name_converter(DSO *dso, DSO_NAME_CONVERTER_FUNC cb, - DSO_NAME_CONVERTER_FUNC *oldcb) - { - if(dso == NULL) - { - DSOerr(DSO_F_DSO_SET_NAME_CONVERTER, - ERR_R_PASSED_NULL_PARAMETER); - return(0); - } - if(oldcb) +int +DSO_set_name_converter(DSO *dso, DSO_NAME_CONVERTER_FUNC cb, + DSO_NAME_CONVERTER_FUNC *oldcb) +{ + if (dso == NULL) { + DSOerror(ERR_R_PASSED_NULL_PARAMETER); + return (0); + } + if (oldcb) *oldcb = dso->name_converter; dso->name_converter = cb; - return(1); - } + return (1); +} -const char *DSO_get_filename(DSO *dso) - { - if(dso == NULL) - { - DSOerr(DSO_F_DSO_GET_FILENAME,ERR_R_PASSED_NULL_PARAMETER); - return(NULL); - } - return(dso->filename); +const char * +DSO_get_filename(DSO *dso) +{ + if (dso == NULL) { + DSOerror(ERR_R_PASSED_NULL_PARAMETER); + return (NULL); } + return (dso->filename); +} -int DSO_set_filename(DSO *dso, const char *filename) - { +int +DSO_set_filename(DSO *dso, const char *filename) +{ char *copied; - if((dso == NULL) || (filename == NULL)) - { - DSOerr(DSO_F_DSO_SET_FILENAME,ERR_R_PASSED_NULL_PARAMETER); - return(0); - } - if(dso->loaded_filename) - { - DSOerr(DSO_F_DSO_SET_FILENAME,DSO_R_DSO_ALREADY_LOADED); - return(0); - } + if ((dso == NULL) || (filename == NULL)) { + DSOerror(ERR_R_PASSED_NULL_PARAMETER); + return (0); + } + if (dso->loaded_filename) { + DSOerror(DSO_R_DSO_ALREADY_LOADED); + return (0); + } /* We'll duplicate filename */ - copied = OPENSSL_malloc(strlen(filename) + 1); - if(copied == NULL) - { - DSOerr(DSO_F_DSO_SET_FILENAME,ERR_R_MALLOC_FAILURE); - return(0); - } - strcpy(copied, filename); - if(dso->filename) - OPENSSL_free(dso->filename); + copied = strdup(filename); + if (copied == NULL) { + DSOerror(ERR_R_MALLOC_FAILURE); + return (0); + } + free(dso->filename); dso->filename = copied; - return(1); + return (1); +} + +char * +DSO_merge(DSO *dso, const char *filespec1, const char *filespec2) +{ + char *result = NULL; + + if (dso == NULL || filespec1 == NULL) { + DSOerror(ERR_R_PASSED_NULL_PARAMETER); + return (NULL); } + if ((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) { + if (dso->merger != NULL) + result = dso->merger(dso, filespec1, filespec2); + else if (dso->meth->dso_merger != NULL) + result = dso->meth->dso_merger(dso, + filespec1, filespec2); + } + return (result); +} -char *DSO_convert_filename(DSO *dso, const char *filename) - { +char * +DSO_convert_filename(DSO *dso, const char *filename) +{ char *result = NULL; - if(dso == NULL) - { - DSOerr(DSO_F_DSO_CONVERT_FILENAME,ERR_R_PASSED_NULL_PARAMETER); - return(NULL); - } - if(filename == NULL) + if (dso == NULL) { + DSOerror(ERR_R_PASSED_NULL_PARAMETER); + return (NULL); + } + if (filename == NULL) filename = dso->filename; - if(filename == NULL) - { - DSOerr(DSO_F_DSO_CONVERT_FILENAME,DSO_R_NO_FILENAME); - return(NULL); - } - if((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) - { - if(dso->name_converter != NULL) + if (filename == NULL) { + DSOerror(DSO_R_NO_FILENAME); + return (NULL); + } + if ((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) { + if (dso->name_converter != NULL) result = dso->name_converter(dso, filename); - else if(dso->meth->dso_name_converter != NULL) + else if (dso->meth->dso_name_converter != NULL) result = dso->meth->dso_name_converter(dso, filename); + } + if (result == NULL) { + result = strdup(filename); + if (result == NULL) { + DSOerror(ERR_R_MALLOC_FAILURE); + return (NULL); } - if(result == NULL) - { - result = OPENSSL_malloc(strlen(filename) + 1); - if(result == NULL) - { - DSOerr(DSO_F_DSO_CONVERT_FILENAME, - ERR_R_MALLOC_FAILURE); - return(NULL); - } - strcpy(result, filename); - } - return(result); } + return (result); +} -const char *DSO_get_loaded_filename(DSO *dso) - { - if(dso == NULL) - { - DSOerr(DSO_F_DSO_GET_LOADED_FILENAME, - ERR_R_PASSED_NULL_PARAMETER); - return(NULL); - } - return(dso->loaded_filename); +const char * +DSO_get_loaded_filename(DSO *dso) +{ + if (dso == NULL) { + DSOerror(ERR_R_PASSED_NULL_PARAMETER); + return (NULL); + } + return (dso->loaded_filename); +} + +int +DSO_pathbyaddr(void *addr, char *path, int sz) +{ + DSO_METHOD *meth = default_DSO_meth; + if (meth == NULL) + meth = DSO_METHOD_openssl(); + if (meth->pathbyaddr == NULL) { + DSOerror(DSO_R_UNSUPPORTED); + return -1; + } + return (*meth->pathbyaddr)(addr, path, sz); +} + +void * +DSO_global_lookup(const char *name) +{ + DSO_METHOD *meth = default_DSO_meth; + if (meth == NULL) + meth = DSO_METHOD_openssl(); + if (meth->globallookup == NULL) { + DSOerror(DSO_R_UNSUPPORTED); + return NULL; } + return (*meth->globallookup)(name); +} diff --git a/src/lib/libcrypto/dso/dso_null.c b/src/lib/libcrypto/dso/dso_null.c index fa13a7cb0f1..a3dc0ec1ff4 100644 --- a/src/lib/libcrypto/dso/dso_null.c +++ b/src/lib/libcrypto/dso/dso_null.c @@ -1,4 +1,4 @@ -/* dso_null.c */ +/* $OpenBSD: dso_null.c,v 1.7 2014/07/11 08:44:48 jsing Exp $ */ /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL * project 2000. */ @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -60,27 +60,15 @@ * no appropriate support for "shared-libraries". */ #include -#include "cryptlib.h" + #include static DSO_METHOD dso_meth_null = { - "NULL shared library method", - NULL, /* load */ - NULL, /* unload */ - NULL, /* bind_var */ - NULL, /* bind_func */ -/* For now, "unbind" doesn't exist */ -#if 0 - NULL, /* unbind_var */ - NULL, /* unbind_func */ -#endif - NULL, /* ctrl */ - NULL, /* init */ - NULL /* finish */ - }; - -DSO_METHOD *DSO_METHOD_null(void) - { - return(&dso_meth_null); - } + .name = "NULL shared library method" +}; +DSO_METHOD * +DSO_METHOD_null(void) +{ + return (&dso_meth_null); +} diff --git a/src/lib/libcrypto/dso/dso_openssl.c b/src/lib/libcrypto/dso/dso_openssl.c index a4395ebffec..37d8d5805f9 100644 --- a/src/lib/libcrypto/dso/dso_openssl.c +++ b/src/lib/libcrypto/dso/dso_openssl.c @@ -1,4 +1,4 @@ -/* dso_openssl.c */ +/* $OpenBSD: dso_openssl.c,v 1.6 2014/07/11 08:44:48 jsing Exp $ */ /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL * project 2000. */ @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,25 +57,19 @@ */ #include -#include "cryptlib.h" + #include /* We just pinch the method from an appropriate "default" method. */ -DSO_METHOD *DSO_METHOD_openssl(void) - { +DSO_METHOD * +DSO_METHOD_openssl(void) +{ #ifdef DEF_DSO_METHOD - return(DEF_DSO_METHOD()); + return (DEF_DSO_METHOD()); #elif defined(DSO_DLFCN) - return(DSO_METHOD_dlfcn()); -#elif defined(DSO_DL) - return(DSO_METHOD_dl()); -#elif defined(DSO_WIN32) - return(DSO_METHOD_win32()); -#elif defined(DSO_VMS) - return(DSO_METHOD_vms()); + return (DSO_METHOD_dlfcn()); #else - return(DSO_METHOD_null()); + return (DSO_METHOD_null()); #endif - } - +} diff --git a/src/lib/libcrypto/dso/dso_vms.c b/src/lib/libcrypto/dso/dso_vms.c deleted file mode 100644 index 1674619d17b..00000000000 --- a/src/lib/libcrypto/dso/dso_vms.c +++ /dev/null @@ -1,379 +0,0 @@ -/* dso_vms.c */ -/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL - * project 2000. - */ -/* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include -#include -#include "cryptlib.h" -#include -#ifdef OPENSSL_SYS_VMS -#pragma message disable DOLLARID -#include -#include -#include -#include -#endif - -#ifndef OPENSSL_SYS_VMS -DSO_METHOD *DSO_METHOD_vms(void) - { - return NULL; - } -#else -#pragma message disable DOLLARID - -static int vms_load(DSO *dso); -static int vms_unload(DSO *dso); -static void *vms_bind_var(DSO *dso, const char *symname); -static DSO_FUNC_TYPE vms_bind_func(DSO *dso, const char *symname); -#if 0 -static int vms_unbind_var(DSO *dso, char *symname, void *symptr); -static int vms_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr); -static int vms_init(DSO *dso); -static int vms_finish(DSO *dso); -static long vms_ctrl(DSO *dso, int cmd, long larg, void *parg); -#endif -static char *vms_name_converter(DSO *dso, const char *filename); - -static DSO_METHOD dso_meth_vms = { - "OpenSSL 'VMS' shared library method", - vms_load, - NULL, /* unload */ - vms_bind_var, - vms_bind_func, -/* For now, "unbind" doesn't exist */ -#if 0 - NULL, /* unbind_var */ - NULL, /* unbind_func */ -#endif - NULL, /* ctrl */ - vms_name_converter, - NULL, /* init */ - NULL /* finish */ - }; - -/* On VMS, the only "handle" is the file name. LIB$FIND_IMAGE_SYMBOL depends - * on the reference to the file name being the same for all calls regarding - * one shared image, so we'll just store it in an instance of the following - * structure and put a pointer to that instance in the meth_data stack. - */ -typedef struct dso_internal_st - { - /* This should contain the name only, no directory, - * no extension, nothing but a name. */ - struct dsc$descriptor_s filename_dsc; - char filename[FILENAME_MAX+1]; - /* This contains whatever is not in filename, if needed. - * Normally not defined. */ - struct dsc$descriptor_s imagename_dsc; - char imagename[FILENAME_MAX+1]; - } DSO_VMS_INTERNAL; - - -DSO_METHOD *DSO_METHOD_vms(void) - { - return(&dso_meth_vms); - } - -static int vms_load(DSO *dso) - { - void *ptr = NULL; - /* See applicable comments in dso_dl.c */ - char *filename = DSO_convert_filename(dso, NULL); - DSO_VMS_INTERNAL *p; - const char *sp1, *sp2; /* Search result */ - - if(filename == NULL) - { - DSOerr(DSO_F_DLFCN_LOAD,DSO_R_NO_FILENAME); - goto err; - } - - /* A file specification may look like this: - * - * node::dev:[dir-spec]name.type;ver - * - * or (for compatibility with TOPS-20): - * - * node::dev:name.type;ver - * - * and the dir-spec uses '.' as separator. Also, a dir-spec - * may consist of several parts, with mixed use of [] and <>: - * - * [dir1.] - * - * We need to split the file specification into the name and - * the rest (both before and after the name itself). - */ - /* Start with trying to find the end of a dir-spec, and save the - position of the byte after in sp1 */ - sp1 = strrchr(filename, ']'); - sp2 = strrchr(filename, '>'); - if (sp1 == NULL) sp1 = sp2; - if (sp2 != NULL && sp2 > sp1) sp1 = sp2; - if (sp1 == NULL) sp1 = strrchr(filename, ':'); - if (sp1 == NULL) - sp1 = filename; - else - sp1++; /* The byte after the found character */ - /* Now, let's see if there's a type, and save the position in sp2 */ - sp2 = strchr(sp1, '.'); - /* If we found it, that's where we'll cut. Otherwise, look for a - version number and save the position in sp2 */ - if (sp2 == NULL) sp2 = strchr(sp1, ';'); - /* If there was still nothing to find, set sp2 to point at the end of - the string */ - if (sp2 == NULL) sp2 = sp1 + strlen(sp1); - - /* Check that we won't get buffer overflows */ - if (sp2 - sp1 > FILENAME_MAX - || (sp1 - filename) + strlen(sp2) > FILENAME_MAX) - { - DSOerr(DSO_F_VMS_LOAD,DSO_R_FILENAME_TOO_BIG); - goto err; - } - - p = (DSO_VMS_INTERNAL *)OPENSSL_malloc(sizeof(DSO_VMS_INTERNAL)); - if(p == NULL) - { - DSOerr(DSO_F_VMS_LOAD,ERR_R_MALLOC_FAILURE); - goto err; - } - - strncpy(p->filename, sp1, sp2-sp1); - p->filename[sp2-sp1] = '\0'; - - strncpy(p->imagename, filename, sp1-filename); - p->imagename[sp1-filename] = '\0'; - strcat(p->imagename, sp2); - - p->filename_dsc.dsc$w_length = strlen(p->filename); - p->filename_dsc.dsc$b_dtype = DSC$K_DTYPE_T; - p->filename_dsc.dsc$b_class = DSC$K_CLASS_S; - p->filename_dsc.dsc$a_pointer = p->filename; - p->imagename_dsc.dsc$w_length = strlen(p->imagename); - p->imagename_dsc.dsc$b_dtype = DSC$K_DTYPE_T; - p->imagename_dsc.dsc$b_class = DSC$K_CLASS_S; - p->imagename_dsc.dsc$a_pointer = p->imagename; - - if(!sk_push(dso->meth_data, (char *)p)) - { - DSOerr(DSO_F_VMS_LOAD,DSO_R_STACK_ERROR); - goto err; - } - - /* Success (for now, we lie. We actually do not know...) */ - dso->loaded_filename = filename; - return(1); -err: - /* Cleanup! */ - if(p != NULL) - OPENSSL_free(p); - if(filename != NULL) - OPENSSL_free(filename); - return(0); - } - -/* Note that this doesn't actually unload the shared image, as there is no - * such thing in VMS. Next time it get loaded again, a new copy will - * actually be loaded. - */ -static int vms_unload(DSO *dso) - { - DSO_VMS_INTERNAL *p; - if(dso == NULL) - { - DSOerr(DSO_F_VMS_UNLOAD,ERR_R_PASSED_NULL_PARAMETER); - return(0); - } - if(sk_num(dso->meth_data) < 1) - return(1); - p = (DSO_VMS_INTERNAL *)sk_pop(dso->meth_data); - if(p == NULL) - { - DSOerr(DSO_F_VMS_UNLOAD,DSO_R_NULL_HANDLE); - return(0); - } - /* Cleanup */ - OPENSSL_free(p); - return(1); - } - -/* We must do this in a separate function because of the way the exception - handler works (it makes this function return */ -static int do_find_symbol(DSO_VMS_INTERNAL *ptr, - struct dsc$descriptor_s *symname_dsc, void **sym, - unsigned long flags) - { - /* Make sure that signals are caught and returned instead of - aborting the program. The exception handler gets unestablished - automatically on return from this function. */ - lib$establish(lib$sig_to_ret); - - if(ptr->imagename_dsc.dsc$w_length) - return lib$find_image_symbol(&ptr->filename_dsc, - symname_dsc, sym, - &ptr->imagename_dsc, flags); - else - return lib$find_image_symbol(&ptr->filename_dsc, - symname_dsc, sym, - 0, flags); - } - -void vms_bind_sym(DSO *dso, const char *symname, void **sym) - { - DSO_VMS_INTERNAL *ptr; - int status; -#if 0 - int flags = (1<<4); /* LIB$M_FIS_MIXEDCASE, but this symbol isn't - defined in VMS older than 7.0 or so */ -#else - int flags = 0; -#endif - struct dsc$descriptor_s symname_dsc; - *sym = NULL; - - symname_dsc.dsc$w_length = strlen(symname); - symname_dsc.dsc$b_dtype = DSC$K_DTYPE_T; - symname_dsc.dsc$b_class = DSC$K_CLASS_S; - symname_dsc.dsc$a_pointer = (char *)symname; /* The cast is needed */ - - if((dso == NULL) || (symname == NULL)) - { - DSOerr(DSO_F_VMS_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER); - return; - } - if(sk_num(dso->meth_data) < 1) - { - DSOerr(DSO_F_VMS_BIND_VAR,DSO_R_STACK_ERROR); - return; - } - ptr = (DSO_VMS_INTERNAL *)sk_value(dso->meth_data, - sk_num(dso->meth_data) - 1); - if(ptr == NULL) - { - DSOerr(DSO_F_VMS_BIND_VAR,DSO_R_NULL_HANDLE); - return; - } - - if(dso->flags & DSO_FLAG_UPCASE_SYMBOL) flags = 0; - - status = do_find_symbol(ptr, &symname_dsc, sym, flags); - - if(!$VMS_STATUS_SUCCESS(status)) - { - unsigned short length; - char errstring[257]; - struct dsc$descriptor_s errstring_dsc; - - errstring_dsc.dsc$w_length = sizeof(errstring); - errstring_dsc.dsc$b_dtype = DSC$K_DTYPE_T; - errstring_dsc.dsc$b_class = DSC$K_CLASS_S; - errstring_dsc.dsc$a_pointer = errstring; - - *sym = NULL; - - status = sys$getmsg(status, &length, &errstring_dsc, 1, 0); - - if (!$VMS_STATUS_SUCCESS(status)) - lib$signal(status); /* This is really bad. Abort! */ - else - { - errstring[length] = '\0'; - - DSOerr(DSO_F_VMS_BIND_VAR,DSO_R_SYM_FAILURE); - if (ptr->imagename_dsc.dsc$w_length) - ERR_add_error_data(9, - "Symbol ", symname, - " in ", ptr->filename, - " (", ptr->imagename, ")", - ": ", errstring); - else - ERR_add_error_data(6, - "Symbol ", symname, - " in ", ptr->filename, - ": ", errstring); - } - return; - } - return; - } - -static void *vms_bind_var(DSO *dso, const char *symname) - { - void *sym = 0; - vms_bind_sym(dso, symname, &sym); - return sym; - } - -static DSO_FUNC_TYPE vms_bind_func(DSO *dso, const char *symname) - { - DSO_FUNC_TYPE sym = 0; - vms_bind_sym(dso, symname, (void **)&sym); - return sym; - } - -static char *vms_name_converter(DSO *dso, const char *filename) - { - int len = strlen(filename); - char *not_translated = OPENSSL_malloc(len+1); - strcpy(not_translated,filename); - return(not_translated); - } - -#endif /* OPENSSL_SYS_VMS */ diff --git a/src/lib/libcrypto/dso/dso_win32.c b/src/lib/libcrypto/dso/dso_win32.c deleted file mode 100644 index af8586d7542..00000000000 --- a/src/lib/libcrypto/dso/dso_win32.c +++ /dev/null @@ -1,279 +0,0 @@ -/* dso_win32.c */ -/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL - * project 2000. - */ -/* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include -#include "cryptlib.h" -#include - -#ifndef OPENSSL_SYS_WIN32 -DSO_METHOD *DSO_METHOD_win32(void) - { - return NULL; - } -#else - -/* Part of the hack in "win32_load" ... */ -#define DSO_MAX_TRANSLATED_SIZE 256 - -static int win32_load(DSO *dso); -static int win32_unload(DSO *dso); -static void *win32_bind_var(DSO *dso, const char *symname); -static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname); -#if 0 -static int win32_unbind_var(DSO *dso, char *symname, void *symptr); -static int win32_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr); -static int win32_init(DSO *dso); -static int win32_finish(DSO *dso); -static long win32_ctrl(DSO *dso, int cmd, long larg, void *parg); -#endif -static char *win32_name_converter(DSO *dso, const char *filename); - -static DSO_METHOD dso_meth_win32 = { - "OpenSSL 'win32' shared library method", - win32_load, - win32_unload, - win32_bind_var, - win32_bind_func, -/* For now, "unbind" doesn't exist */ -#if 0 - NULL, /* unbind_var */ - NULL, /* unbind_func */ -#endif - NULL, /* ctrl */ - win32_name_converter, - NULL, /* init */ - NULL /* finish */ - }; - -DSO_METHOD *DSO_METHOD_win32(void) - { - return(&dso_meth_win32); - } - -/* For this DSO_METHOD, our meth_data STACK will contain; - * (i) a pointer to the handle (HINSTANCE) returned from - * LoadLibrary(), and copied. - */ - -static int win32_load(DSO *dso) - { - HINSTANCE h = NULL, *p = NULL; - /* See applicable comments from dso_dl.c */ - char *filename = DSO_convert_filename(dso, NULL); - - if(filename == NULL) - { - DSOerr(DSO_F_WIN32_LOAD,DSO_R_NO_FILENAME); - goto err; - } - h = LoadLibrary(filename); - if(h == NULL) - { - DSOerr(DSO_F_WIN32_LOAD,DSO_R_LOAD_FAILED); - ERR_add_error_data(3, "filename(", filename, ")"); - goto err; - } - p = (HINSTANCE *)OPENSSL_malloc(sizeof(HINSTANCE)); - if(p == NULL) - { - DSOerr(DSO_F_WIN32_LOAD,ERR_R_MALLOC_FAILURE); - goto err; - } - *p = h; - if(!sk_push(dso->meth_data, (char *)p)) - { - DSOerr(DSO_F_WIN32_LOAD,DSO_R_STACK_ERROR); - goto err; - } - /* Success */ - dso->loaded_filename = filename; - return(1); -err: - /* Cleanup !*/ - if(filename != NULL) - OPENSSL_free(filename); - if(p != NULL) - OPENSSL_free(p); - if(h != NULL) - FreeLibrary(h); - return(0); - } - -static int win32_unload(DSO *dso) - { - HINSTANCE *p; - if(dso == NULL) - { - DSOerr(DSO_F_WIN32_UNLOAD,ERR_R_PASSED_NULL_PARAMETER); - return(0); - } - if(sk_num(dso->meth_data) < 1) - return(1); - p = (HINSTANCE *)sk_pop(dso->meth_data); - if(p == NULL) - { - DSOerr(DSO_F_WIN32_UNLOAD,DSO_R_NULL_HANDLE); - return(0); - } - if(!FreeLibrary(*p)) - { - DSOerr(DSO_F_WIN32_UNLOAD,DSO_R_UNLOAD_FAILED); - /* We should push the value back onto the stack in - * case of a retry. */ - sk_push(dso->meth_data, (char *)p); - return(0); - } - /* Cleanup */ - OPENSSL_free(p); - return(1); - } - -/* Using GetProcAddress for variables? TODO: Check this out in - * the Win32 API docs, there's probably a variant for variables. */ -static void *win32_bind_var(DSO *dso, const char *symname) - { - HINSTANCE *ptr; - void *sym; - - if((dso == NULL) || (symname == NULL)) - { - DSOerr(DSO_F_WIN32_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER); - return(NULL); - } - if(sk_num(dso->meth_data) < 1) - { - DSOerr(DSO_F_WIN32_BIND_VAR,DSO_R_STACK_ERROR); - return(NULL); - } - ptr = (HINSTANCE *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1); - if(ptr == NULL) - { - DSOerr(DSO_F_WIN32_BIND_VAR,DSO_R_NULL_HANDLE); - return(NULL); - } - sym = GetProcAddress(*ptr, symname); - if(sym == NULL) - { - DSOerr(DSO_F_WIN32_BIND_VAR,DSO_R_SYM_FAILURE); - ERR_add_error_data(3, "symname(", symname, ")"); - return(NULL); - } - return(sym); - } - -static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname) - { - HINSTANCE *ptr; - void *sym; - - if((dso == NULL) || (symname == NULL)) - { - DSOerr(DSO_F_WIN32_BIND_FUNC,ERR_R_PASSED_NULL_PARAMETER); - return(NULL); - } - if(sk_num(dso->meth_data) < 1) - { - DSOerr(DSO_F_WIN32_BIND_FUNC,DSO_R_STACK_ERROR); - return(NULL); - } - ptr = (HINSTANCE *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1); - if(ptr == NULL) - { - DSOerr(DSO_F_WIN32_BIND_FUNC,DSO_R_NULL_HANDLE); - return(NULL); - } - sym = GetProcAddress(*ptr, symname); - if(sym == NULL) - { - DSOerr(DSO_F_WIN32_BIND_FUNC,DSO_R_SYM_FAILURE); - ERR_add_error_data(3, "symname(", symname, ")"); - return(NULL); - } - return((DSO_FUNC_TYPE)sym); - } - -static char *win32_name_converter(DSO *dso, const char *filename) - { - char *translated; - int len, transform; - - len = strlen(filename); - transform = ((strstr(filename, "/") == NULL) && - (strstr(filename, "\\") == NULL) && - (strstr(filename, ":") == NULL)); - if(transform) - /* We will convert this to "%s.dll" */ - translated = OPENSSL_malloc(len + 5); - else - /* We will simply duplicate filename */ - translated = OPENSSL_malloc(len + 1); - if(translated == NULL) - { - DSOerr(DSO_F_WIN32_NAME_CONVERTER, - DSO_R_NAME_TRANSLATION_FAILED); - return(NULL); - } - if(transform) - sprintf(translated, "%s.dll", filename); - else - sprintf(translated, "%s", filename); - return(translated); - } - -#endif /* OPENSSL_SYS_WIN32 */ diff --git a/src/lib/libcrypto/ebcdic.c b/src/lib/libcrypto/ebcdic.c deleted file mode 100644 index bc968ea807f..00000000000 --- a/src/lib/libcrypto/ebcdic.c +++ /dev/null @@ -1,218 +0,0 @@ -/* crypto/ebcdic.c */ - -#ifdef CHARSET_EBCDIC -#include "ebcdic.h" -/* Initial Port for Apache-1.3 by - * Adapted for OpenSSL-0.9.4 by - */ - -#ifdef _OSD_POSIX -/* - "BS2000 OSD" is a POSIX subsystem on a main frame. - It is made by Siemens AG, Germany, for their BS2000 mainframe machines. - Within the POSIX subsystem, the same character set was chosen as in - "native BS2000", namely EBCDIC. (EDF04) - - The name "ASCII" in these routines is misleading: actually, conversion - is not between EBCDIC and ASCII, but EBCDIC(EDF04) and ISO-8859.1; - that means that (western european) national characters are preserved. - - This table is identical to the one used by rsh/rcp/ftp and other POSIX tools. -*/ - -/* Here's the bijective ebcdic-to-ascii table: */ -const unsigned char os_toascii[256] = { -/*00*/ 0x00, 0x01, 0x02, 0x03, 0x85, 0x09, 0x86, 0x7f, - 0x87, 0x8d, 0x8e, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /*................*/ -/*10*/ 0x10, 0x11, 0x12, 0x13, 0x8f, 0x0a, 0x08, 0x97, - 0x18, 0x19, 0x9c, 0x9d, 0x1c, 0x1d, 0x1e, 0x1f, /*................*/ -/*20*/ 0x80, 0x81, 0x82, 0x83, 0x84, 0x92, 0x17, 0x1b, - 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x05, 0x06, 0x07, /*................*/ -/*30*/ 0x90, 0x91, 0x16, 0x93, 0x94, 0x95, 0x96, 0x04, - 0x98, 0x99, 0x9a, 0x9b, 0x14, 0x15, 0x9e, 0x1a, /*................*/ -/*40*/ 0x20, 0xa0, 0xe2, 0xe4, 0xe0, 0xe1, 0xe3, 0xe5, - 0xe7, 0xf1, 0x60, 0x2e, 0x3c, 0x28, 0x2b, 0x7c, /* .........`.<(+|*/ -/*50*/ 0x26, 0xe9, 0xea, 0xeb, 0xe8, 0xed, 0xee, 0xef, - 0xec, 0xdf, 0x21, 0x24, 0x2a, 0x29, 0x3b, 0x9f, /*&.........!$*);.*/ -/*60*/ 0x2d, 0x2f, 0xc2, 0xc4, 0xc0, 0xc1, 0xc3, 0xc5, - 0xc7, 0xd1, 0x5e, 0x2c, 0x25, 0x5f, 0x3e, 0x3f, /*-/........^,%_>?*/ -/*70*/ 0xf8, 0xc9, 0xca, 0xcb, 0xc8, 0xcd, 0xce, 0xcf, - 0xcc, 0xa8, 0x3a, 0x23, 0x40, 0x27, 0x3d, 0x22, /*..........:#@'="*/ -/*80*/ 0xd8, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, - 0x68, 0x69, 0xab, 0xbb, 0xf0, 0xfd, 0xfe, 0xb1, /*.abcdefghi......*/ -/*90*/ 0xb0, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, - 0x71, 0x72, 0xaa, 0xba, 0xe6, 0xb8, 0xc6, 0xa4, /*.jklmnopqr......*/ -/*a0*/ 0xb5, 0xaf, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, - 0x79, 0x7a, 0xa1, 0xbf, 0xd0, 0xdd, 0xde, 0xae, /*..stuvwxyz......*/ -/*b0*/ 0xa2, 0xa3, 0xa5, 0xb7, 0xa9, 0xa7, 0xb6, 0xbc, - 0xbd, 0xbe, 0xac, 0x5b, 0x5c, 0x5d, 0xb4, 0xd7, /*...........[\]..*/ -/*c0*/ 0xf9, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, - 0x48, 0x49, 0xad, 0xf4, 0xf6, 0xf2, 0xf3, 0xf5, /*.ABCDEFGHI......*/ -/*d0*/ 0xa6, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, - 0x51, 0x52, 0xb9, 0xfb, 0xfc, 0xdb, 0xfa, 0xff, /*.JKLMNOPQR......*/ -/*e0*/ 0xd9, 0xf7, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, - 0x59, 0x5a, 0xb2, 0xd4, 0xd6, 0xd2, 0xd3, 0xd5, /*..STUVWXYZ......*/ -/*f0*/ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, - 0x38, 0x39, 0xb3, 0x7b, 0xdc, 0x7d, 0xda, 0x7e /*0123456789.{.}.~*/ -}; - - -/* The ascii-to-ebcdic table: */ -const unsigned char os_toebcdic[256] = { -/*00*/ 0x00, 0x01, 0x02, 0x03, 0x37, 0x2d, 0x2e, 0x2f, - 0x16, 0x05, 0x15, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /*................*/ -/*10*/ 0x10, 0x11, 0x12, 0x13, 0x3c, 0x3d, 0x32, 0x26, - 0x18, 0x19, 0x3f, 0x27, 0x1c, 0x1d, 0x1e, 0x1f, /*................*/ -/*20*/ 0x40, 0x5a, 0x7f, 0x7b, 0x5b, 0x6c, 0x50, 0x7d, - 0x4d, 0x5d, 0x5c, 0x4e, 0x6b, 0x60, 0x4b, 0x61, /* !"#$%&'()*+,-./ */ -/*30*/ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, - 0xf8, 0xf9, 0x7a, 0x5e, 0x4c, 0x7e, 0x6e, 0x6f, /*0123456789:;<=>?*/ -/*40*/ 0x7c, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, - 0xc8, 0xc9, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, /*@ABCDEFGHIJKLMNO*/ -/*50*/ 0xd7, 0xd8, 0xd9, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, - 0xe7, 0xe8, 0xe9, 0xbb, 0xbc, 0xbd, 0x6a, 0x6d, /*PQRSTUVWXYZ[\]^_*/ -/*60*/ 0x4a, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, - 0x88, 0x89, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, /*`abcdefghijklmno*/ -/*70*/ 0x97, 0x98, 0x99, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, - 0xa7, 0xa8, 0xa9, 0xfb, 0x4f, 0xfd, 0xff, 0x07, /*pqrstuvwxyz{|}~.*/ -/*80*/ 0x20, 0x21, 0x22, 0x23, 0x24, 0x04, 0x06, 0x08, - 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x09, 0x0a, 0x14, /*................*/ -/*90*/ 0x30, 0x31, 0x25, 0x33, 0x34, 0x35, 0x36, 0x17, - 0x38, 0x39, 0x3a, 0x3b, 0x1a, 0x1b, 0x3e, 0x5f, /*................*/ -/*a0*/ 0x41, 0xaa, 0xb0, 0xb1, 0x9f, 0xb2, 0xd0, 0xb5, - 0x79, 0xb4, 0x9a, 0x8a, 0xba, 0xca, 0xaf, 0xa1, /*................*/ -/*b0*/ 0x90, 0x8f, 0xea, 0xfa, 0xbe, 0xa0, 0xb6, 0xb3, - 0x9d, 0xda, 0x9b, 0x8b, 0xb7, 0xb8, 0xb9, 0xab, /*................*/ -/*c0*/ 0x64, 0x65, 0x62, 0x66, 0x63, 0x67, 0x9e, 0x68, - 0x74, 0x71, 0x72, 0x73, 0x78, 0x75, 0x76, 0x77, /*................*/ -/*d0*/ 0xac, 0x69, 0xed, 0xee, 0xeb, 0xef, 0xec, 0xbf, - 0x80, 0xe0, 0xfe, 0xdd, 0xfc, 0xad, 0xae, 0x59, /*................*/ -/*e0*/ 0x44, 0x45, 0x42, 0x46, 0x43, 0x47, 0x9c, 0x48, - 0x54, 0x51, 0x52, 0x53, 0x58, 0x55, 0x56, 0x57, /*................*/ -/*f0*/ 0x8c, 0x49, 0xcd, 0xce, 0xcb, 0xcf, 0xcc, 0xe1, - 0x70, 0xc0, 0xde, 0xdb, 0xdc, 0x8d, 0x8e, 0xdf /*................*/ -}; - -#else /*_OSD_POSIX*/ - -/* -This code does basic character mapping for IBM's TPF and OS/390 operating systems. -It is a modified version of the BS2000 table. - -Bijective EBCDIC (character set IBM-1047) to US-ASCII table: -This table is bijective - there are no ambigous or duplicate characters. -*/ -const unsigned char os_toascii[256] = { - 0x00, 0x01, 0x02, 0x03, 0x85, 0x09, 0x86, 0x7f, /* 00-0f: */ - 0x87, 0x8d, 0x8e, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* ................ */ - 0x10, 0x11, 0x12, 0x13, 0x8f, 0x0a, 0x08, 0x97, /* 10-1f: */ - 0x18, 0x19, 0x9c, 0x9d, 0x1c, 0x1d, 0x1e, 0x1f, /* ................ */ - 0x80, 0x81, 0x82, 0x83, 0x84, 0x92, 0x17, 0x1b, /* 20-2f: */ - 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x05, 0x06, 0x07, /* ................ */ - 0x90, 0x91, 0x16, 0x93, 0x94, 0x95, 0x96, 0x04, /* 30-3f: */ - 0x98, 0x99, 0x9a, 0x9b, 0x14, 0x15, 0x9e, 0x1a, /* ................ */ - 0x20, 0xa0, 0xe2, 0xe4, 0xe0, 0xe1, 0xe3, 0xe5, /* 40-4f: */ - 0xe7, 0xf1, 0xa2, 0x2e, 0x3c, 0x28, 0x2b, 0x7c, /* ...........<(+| */ - 0x26, 0xe9, 0xea, 0xeb, 0xe8, 0xed, 0xee, 0xef, /* 50-5f: */ - 0xec, 0xdf, 0x21, 0x24, 0x2a, 0x29, 0x3b, 0x5e, /* &.........!$*);^ */ - 0x2d, 0x2f, 0xc2, 0xc4, 0xc0, 0xc1, 0xc3, 0xc5, /* 60-6f: */ - 0xc7, 0xd1, 0xa6, 0x2c, 0x25, 0x5f, 0x3e, 0x3f, /* -/.........,%_>? */ - 0xf8, 0xc9, 0xca, 0xcb, 0xc8, 0xcd, 0xce, 0xcf, /* 70-7f: */ - 0xcc, 0x60, 0x3a, 0x23, 0x40, 0x27, 0x3d, 0x22, /* .........`:#@'=" */ - 0xd8, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, /* 80-8f: */ - 0x68, 0x69, 0xab, 0xbb, 0xf0, 0xfd, 0xfe, 0xb1, /* .abcdefghi...... */ - 0xb0, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, /* 90-9f: */ - 0x71, 0x72, 0xaa, 0xba, 0xe6, 0xb8, 0xc6, 0xa4, /* .jklmnopqr...... */ - 0xb5, 0x7e, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, /* a0-af: */ - 0x79, 0x7a, 0xa1, 0xbf, 0xd0, 0x5b, 0xde, 0xae, /* .~stuvwxyz...[.. */ - 0xac, 0xa3, 0xa5, 0xb7, 0xa9, 0xa7, 0xb6, 0xbc, /* b0-bf: */ - 0xbd, 0xbe, 0xdd, 0xa8, 0xaf, 0x5d, 0xb4, 0xd7, /* .............].. */ - 0x7b, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, /* c0-cf: */ - 0x48, 0x49, 0xad, 0xf4, 0xf6, 0xf2, 0xf3, 0xf5, /* {ABCDEFGHI...... */ - 0x7d, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, /* d0-df: */ - 0x51, 0x52, 0xb9, 0xfb, 0xfc, 0xf9, 0xfa, 0xff, /* }JKLMNOPQR...... */ - 0x5c, 0xf7, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, /* e0-ef: */ - 0x59, 0x5a, 0xb2, 0xd4, 0xd6, 0xd2, 0xd3, 0xd5, /* \.STUVWXYZ...... */ - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* f0-ff: */ - 0x38, 0x39, 0xb3, 0xdb, 0xdc, 0xd9, 0xda, 0x9f /* 0123456789...... */ -}; - - -/* -The US-ASCII to EBCDIC (character set IBM-1047) table: -This table is bijective (no ambiguous or duplicate characters) -*/ -const unsigned char os_toebcdic[256] = { - 0x00, 0x01, 0x02, 0x03, 0x37, 0x2d, 0x2e, 0x2f, /* 00-0f: */ - 0x16, 0x05, 0x15, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* ................ */ - 0x10, 0x11, 0x12, 0x13, 0x3c, 0x3d, 0x32, 0x26, /* 10-1f: */ - 0x18, 0x19, 0x3f, 0x27, 0x1c, 0x1d, 0x1e, 0x1f, /* ................ */ - 0x40, 0x5a, 0x7f, 0x7b, 0x5b, 0x6c, 0x50, 0x7d, /* 20-2f: */ - 0x4d, 0x5d, 0x5c, 0x4e, 0x6b, 0x60, 0x4b, 0x61, /* !"#$%&'()*+,-./ */ - 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, /* 30-3f: */ - 0xf8, 0xf9, 0x7a, 0x5e, 0x4c, 0x7e, 0x6e, 0x6f, /* 0123456789:;<=>? */ - 0x7c, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, /* 40-4f: */ - 0xc8, 0xc9, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, /* @ABCDEFGHIJKLMNO */ - 0xd7, 0xd8, 0xd9, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, /* 50-5f: */ - 0xe7, 0xe8, 0xe9, 0xad, 0xe0, 0xbd, 0x5f, 0x6d, /* PQRSTUVWXYZ[\]^_ */ - 0x79, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, /* 60-6f: */ - 0x88, 0x89, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, /* `abcdefghijklmno */ - 0x97, 0x98, 0x99, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, /* 70-7f: */ - 0xa7, 0xa8, 0xa9, 0xc0, 0x4f, 0xd0, 0xa1, 0x07, /* pqrstuvwxyz{|}~. */ - 0x20, 0x21, 0x22, 0x23, 0x24, 0x04, 0x06, 0x08, /* 80-8f: */ - 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x09, 0x0a, 0x14, /* ................ */ - 0x30, 0x31, 0x25, 0x33, 0x34, 0x35, 0x36, 0x17, /* 90-9f: */ - 0x38, 0x39, 0x3a, 0x3b, 0x1a, 0x1b, 0x3e, 0xff, /* ................ */ - 0x41, 0xaa, 0x4a, 0xb1, 0x9f, 0xb2, 0x6a, 0xb5, /* a0-af: */ - 0xbb, 0xb4, 0x9a, 0x8a, 0xb0, 0xca, 0xaf, 0xbc, /* ................ */ - 0x90, 0x8f, 0xea, 0xfa, 0xbe, 0xa0, 0xb6, 0xb3, /* b0-bf: */ - 0x9d, 0xda, 0x9b, 0x8b, 0xb7, 0xb8, 0xb9, 0xab, /* ................ */ - 0x64, 0x65, 0x62, 0x66, 0x63, 0x67, 0x9e, 0x68, /* c0-cf: */ - 0x74, 0x71, 0x72, 0x73, 0x78, 0x75, 0x76, 0x77, /* ................ */ - 0xac, 0x69, 0xed, 0xee, 0xeb, 0xef, 0xec, 0xbf, /* d0-df: */ - 0x80, 0xfd, 0xfe, 0xfb, 0xfc, 0xba, 0xae, 0x59, /* ................ */ - 0x44, 0x45, 0x42, 0x46, 0x43, 0x47, 0x9c, 0x48, /* e0-ef: */ - 0x54, 0x51, 0x52, 0x53, 0x58, 0x55, 0x56, 0x57, /* ................ */ - 0x8c, 0x49, 0xcd, 0xce, 0xcb, 0xcf, 0xcc, 0xe1, /* f0-ff: */ - 0x70, 0xdd, 0xde, 0xdb, 0xdc, 0x8d, 0x8e, 0xdf /* ................ */ -}; -#endif /*_OSD_POSIX*/ - -/* Translate a memory block from EBCDIC (host charset) to ASCII (net charset) - * dest and srce may be identical, or separate memory blocks, but - * should not overlap. These functions intentionally have an interface - * compatible to memcpy(3). - */ - -void * -ebcdic2ascii(void *dest, const void *srce, size_t count) -{ - unsigned char *udest = dest; - const unsigned char *usrce = srce; - - while (count-- != 0) { - *udest++ = os_toascii[*usrce++]; - } - - return dest; -} - -void * -ascii2ebcdic(void *dest, const void *srce, size_t count) -{ - unsigned char *udest = dest; - const unsigned char *usrce = srce; - - while (count-- != 0) { - *udest++ = os_toebcdic[*usrce++]; - } - - return dest; -} - -#else /*CHARSET_EBCDIC*/ -#include -#if defined(PEDANTIC) || defined(__DECC) -static void *dummy=&dummy; -#endif -#endif diff --git a/src/lib/libcrypto/ebcdic.h b/src/lib/libcrypto/ebcdic.h deleted file mode 100644 index 6d65afcf9e7..00000000000 --- a/src/lib/libcrypto/ebcdic.h +++ /dev/null @@ -1,19 +0,0 @@ -/* crypto/ebcdic.h */ - -#ifndef HEADER_EBCDIC_H -#define HEADER_EBCDIC_H - -#include - -/* Avoid name clashes with other applications */ -#define os_toascii _openssl_os_toascii -#define os_toebcdic _openssl_os_toebcdic -#define ebcdic2ascii _openssl_ebcdic2ascii -#define ascii2ebcdic _openssl_ascii2ebcdic - -extern const unsigned char os_toascii[256]; -extern const unsigned char os_toebcdic[256]; -void *ebcdic2ascii(void *dest, const void *srce, size_t count); -void *ascii2ebcdic(void *dest, const void *srce, size_t count); - -#endif diff --git a/src/lib/libcrypto/ec/Makefile.ssl b/src/lib/libcrypto/ec/Makefile.ssl deleted file mode 100644 index fb6f22130f3..00000000000 --- a/src/lib/libcrypto/ec/Makefile.ssl +++ /dev/null @@ -1,128 +0,0 @@ -# -# crypto/ec/Makefile -# - -DIR= ec -TOP= ../.. -CC= cc -INCLUDES= -I.. -I$(TOP) -I../../include -CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKE= make -f Makefile.ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) -MAKEFILE= Makefile.ssl -AR= ar r - -CFLAGS= $(INCLUDES) $(CFLAG) - -GENERAL=Makefile -TEST=ectest.c -APPS= - -LIB=$(TOP)/libcrypto.a -LIBSRC= ec_lib.c ecp_smpl.c ecp_mont.c ecp_recp.c ecp_nist.c ec_cvt.c ec_mult.c \ - ec_err.c - -LIBOBJ= ec_lib.o ecp_smpl.o ecp_mont.o ecp_recp.o ecp_nist.o ec_cvt.o ec_mult.o \ - ec_err.o - -SRC= $(LIBSRC) - -EXHEADER= ec.h -HEADER= ec_lcl.h $(EXHEADER) - -ALL= $(GENERAL) $(SRC) $(HEADER) - -top: - (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) - -all: lib - -lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) || echo Never mind. - @touch lib - -files: - $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO - -links: - @sh $(TOP)/util/point.sh Makefile.ssl Makefile - @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) - @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) - @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) - -install: - @for i in $(EXHEADER) ; \ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; - -tags: - ctags $(SRC) - -tests: - -lint: - lint -DLINT $(INCLUDES) $(SRC)>fluff - -depend: - $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) - -dclean: - $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new - mv -f Makefile.new $(MAKEFILE) - -clean: - rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff - -# DO NOT DELETE THIS LINE -- make depend depends on it. - -ec_cvt.o: ../../include/openssl/bn.h ../../include/openssl/e_os2.h -ec_cvt.o: ../../include/openssl/ec.h ../../include/openssl/opensslconf.h -ec_cvt.o: ../../include/openssl/symhacks.h ec_cvt.c ec_lcl.h -ec_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -ec_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -ec_err.o: ../../include/openssl/ec.h ../../include/openssl/err.h -ec_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -ec_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -ec_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -ec_err.o: ec_err.c -ec_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -ec_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -ec_lib.o: ../../include/openssl/ec.h ../../include/openssl/err.h -ec_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -ec_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -ec_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -ec_lib.o: ec_lcl.h ec_lib.c -ec_mult.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -ec_mult.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -ec_mult.o: ../../include/openssl/ec.h ../../include/openssl/err.h -ec_mult.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -ec_mult.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -ec_mult.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -ec_mult.o: ec_lcl.h ec_mult.c -ecp_mont.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -ecp_mont.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -ecp_mont.o: ../../include/openssl/ec.h ../../include/openssl/err.h -ecp_mont.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -ecp_mont.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -ecp_mont.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -ecp_mont.o: ec_lcl.h ecp_mont.c -ecp_nist.o: ../../include/openssl/bn.h ../../include/openssl/e_os2.h -ecp_nist.o: ../../include/openssl/ec.h ../../include/openssl/opensslconf.h -ecp_nist.o: ../../include/openssl/symhacks.h ec_lcl.h ecp_nist.c -ecp_recp.o: ../../include/openssl/bn.h ../../include/openssl/e_os2.h -ecp_recp.o: ../../include/openssl/ec.h ../../include/openssl/opensslconf.h -ecp_recp.o: ../../include/openssl/symhacks.h ec_lcl.h ecp_recp.c -ecp_smpl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -ecp_smpl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -ecp_smpl.o: ../../include/openssl/ec.h ../../include/openssl/err.h -ecp_smpl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -ecp_smpl.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -ecp_smpl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -ecp_smpl.o: ec_lcl.h ecp_smpl.c diff --git a/src/lib/libcrypto/ec/asm/ecp_nistz256-armv4.pl b/src/lib/libcrypto/ec/asm/ecp_nistz256-armv4.pl new file mode 100644 index 00000000000..f3205d673a7 --- /dev/null +++ b/src/lib/libcrypto/ec/asm/ecp_nistz256-armv4.pl @@ -0,0 +1,1733 @@ +#! /usr/bin/env perl +# $OpenBSD: ecp_nistz256-armv4.pl,v 1.1 2016/11/04 17:33:19 miod Exp $ +# +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== +# +# ECP_NISTZ256 module for ARMv4. +# +# October 2014. +# +# Original ECP_NISTZ256 submission targeting x86_64 is detailed in +# http://eprint.iacr.org/2013/816. In the process of adaptation +# original .c module was made 32-bit savvy in order to make this +# implementation possible. +# +# with/without -DECP_NISTZ256_ASM +# Cortex-A8 +53-170% +# Cortex-A9 +76-205% +# Cortex-A15 +100-316% +# Snapdragon S4 +66-187% +# +# Ranges denote minimum and maximum improvement coefficients depending +# on benchmark. Lower coefficients are for ECDSA sign, server-side +# operation. Keep in mind that +200% means 3x improvement. + +$flavour = shift; +if ($flavour=~/\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; } +else { while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {} } + +if ($flavour && $flavour ne "void") { + $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; + ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or + ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or + die "can't locate arm-xlate.pl"; + + open STDOUT,"| \"$^X\" $xlate $flavour $output"; +} else { + open STDOUT,">$output"; +} + +$code.=<<___; +#include "arm_arch.h" + +.text +#if defined(__thumb2__) +.syntax unified +.thumb +#else +.code 32 +#endif +___ + +$code.=<<___; +.Lone: +.long 1,0,0,0,0,0,0,0 +.align 6 +___ + +######################################################################## +# common register layout, note that $t2 is link register, so that if +# internal subroutine uses $t2, then it has to offload lr... + +($r_ptr,$a_ptr,$b_ptr,$ff,$a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7,$t1,$t2)= + map("r$_",(0..12,14)); +($t0,$t3)=($ff,$a_ptr); + +$code.=<<___; +@ void ecp_nistz256_from_mont(BN_ULONG r0[8],const BN_ULONG r1[8]); +.globl ecp_nistz256_from_mont +.type ecp_nistz256_from_mont,%function +ecp_nistz256_from_mont: + adr $b_ptr,.Lone + b .Lecp_nistz256_mul_mont +.size ecp_nistz256_from_mont,.-ecp_nistz256_from_mont + +@ void ecp_nistz256_mul_by_2(BN_ULONG r0[8],const BN_ULONG r1[8]); +.globl ecp_nistz256_mul_by_2 +.type ecp_nistz256_mul_by_2,%function +.align 4 +ecp_nistz256_mul_by_2: + stmdb sp!,{r4-r12,lr} + bl __ecp_nistz256_mul_by_2 +#if __ARM_ARCH__>=5 || !defined(__thumb__) + ldmia sp!,{r4-r12,pc} +#else + ldmia sp!,{r4-r12,lr} + bx lr @ interoperable with Thumb ISA:-) +#endif +.size ecp_nistz256_mul_by_2,.-ecp_nistz256_mul_by_2 + +.type __ecp_nistz256_mul_by_2,%function +.align 4 +__ecp_nistz256_mul_by_2: + ldr $a0,[$a_ptr,#0] + ldr $a1,[$a_ptr,#4] + ldr $a2,[$a_ptr,#8] + adds $a0,$a0,$a0 @ a[0:7]+=a[0:7], i.e. add with itself + ldr $a3,[$a_ptr,#12] + adcs $a1,$a1,$a1 + ldr $a4,[$a_ptr,#16] + adcs $a2,$a2,$a2 + ldr $a5,[$a_ptr,#20] + adcs $a3,$a3,$a3 + ldr $a6,[$a_ptr,#24] + adcs $a4,$a4,$a4 + ldr $a7,[$a_ptr,#28] + adcs $a5,$a5,$a5 + adcs $a6,$a6,$a6 + mov $ff,#0 + adcs $a7,$a7,$a7 + adc $ff,$ff,#0 + + b .Lreduce_by_sub +.size __ecp_nistz256_mul_by_2,.-__ecp_nistz256_mul_by_2 + +@ void ecp_nistz256_add(BN_ULONG r0[8],const BN_ULONG r1[8], +@ const BN_ULONG r2[8]); +.globl ecp_nistz256_add +.type ecp_nistz256_add,%function +.align 4 +ecp_nistz256_add: + stmdb sp!,{r4-r12,lr} + bl __ecp_nistz256_add +#if __ARM_ARCH__>=5 || !defined(__thumb__) + ldmia sp!,{r4-r12,pc} +#else + ldmia sp!,{r4-r12,lr} + bx lr @ interoperable with Thumb ISA:-) +#endif +.size ecp_nistz256_add,.-ecp_nistz256_add + +.type __ecp_nistz256_add,%function +.align 4 +__ecp_nistz256_add: + str lr,[sp,#-4]! @ push lr + + ldr $a0,[$a_ptr,#0] + ldr $a1,[$a_ptr,#4] + ldr $a2,[$a_ptr,#8] + ldr $a3,[$a_ptr,#12] + ldr $a4,[$a_ptr,#16] + ldr $t0,[$b_ptr,#0] + ldr $a5,[$a_ptr,#20] + ldr $t1,[$b_ptr,#4] + ldr $a6,[$a_ptr,#24] + ldr $t2,[$b_ptr,#8] + ldr $a7,[$a_ptr,#28] + ldr $t3,[$b_ptr,#12] + adds $a0,$a0,$t0 + ldr $t0,[$b_ptr,#16] + adcs $a1,$a1,$t1 + ldr $t1,[$b_ptr,#20] + adcs $a2,$a2,$t2 + ldr $t2,[$b_ptr,#24] + adcs $a3,$a3,$t3 + ldr $t3,[$b_ptr,#28] + adcs $a4,$a4,$t0 + adcs $a5,$a5,$t1 + adcs $a6,$a6,$t2 + mov $ff,#0 + adcs $a7,$a7,$t3 + adc $ff,$ff,#0 + ldr lr,[sp],#4 @ pop lr + +.Lreduce_by_sub: + + @ if a+b >= modulus, subtract modulus. + @ + @ But since comparison implies subtraction, we subtract + @ modulus and then add it back if subraction borrowed. + + subs $a0,$a0,#-1 + sbcs $a1,$a1,#-1 + sbcs $a2,$a2,#-1 + sbcs $a3,$a3,#0 + sbcs $a4,$a4,#0 + sbcs $a5,$a5,#0 + sbcs $a6,$a6,#1 + sbcs $a7,$a7,#-1 + sbc $ff,$ff,#0 + + @ Note that because mod has special form, i.e. consists of + @ 0xffffffff, 1 and 0s, we can conditionally synthesize it by + @ using value of borrow as a whole or extracting single bit. + @ Follow $ff register... + + adds $a0,$a0,$ff @ add synthesized modulus + adcs $a1,$a1,$ff + str $a0,[$r_ptr,#0] + adcs $a2,$a2,$ff + str $a1,[$r_ptr,#4] + adcs $a3,$a3,#0 + str $a2,[$r_ptr,#8] + adcs $a4,$a4,#0 + str $a3,[$r_ptr,#12] + adcs $a5,$a5,#0 + str $a4,[$r_ptr,#16] + adcs $a6,$a6,$ff,lsr#31 + str $a5,[$r_ptr,#20] + adcs $a7,$a7,$ff + str $a6,[$r_ptr,#24] + str $a7,[$r_ptr,#28] + + mov pc,lr +.size __ecp_nistz256_add,.-__ecp_nistz256_add + +@ void ecp_nistz256_mul_by_3(BN_ULONG r0[8],const BN_ULONG r1[8]); +.globl ecp_nistz256_mul_by_3 +.type ecp_nistz256_mul_by_3,%function +.align 4 +ecp_nistz256_mul_by_3: + stmdb sp!,{r4-r12,lr} + bl __ecp_nistz256_mul_by_3 +#if __ARM_ARCH__>=5 || !defined(__thumb__) + ldmia sp!,{r4-r12,pc} +#else + ldmia sp!,{r4-r12,lr} + bx lr @ interoperable with Thumb ISA:-) +#endif +.size ecp_nistz256_mul_by_3,.-ecp_nistz256_mul_by_3 + +.type __ecp_nistz256_mul_by_3,%function +.align 4 +__ecp_nistz256_mul_by_3: + str lr,[sp,#-4]! @ push lr + + @ As multiplication by 3 is performed as 2*n+n, below are inline + @ copies of __ecp_nistz256_mul_by_2 and __ecp_nistz256_add, see + @ corresponding subroutines for details. + + ldr $a0,[$a_ptr,#0] + ldr $a1,[$a_ptr,#4] + ldr $a2,[$a_ptr,#8] + adds $a0,$a0,$a0 @ a[0:7]+=a[0:7] + ldr $a3,[$a_ptr,#12] + adcs $a1,$a1,$a1 + ldr $a4,[$a_ptr,#16] + adcs $a2,$a2,$a2 + ldr $a5,[$a_ptr,#20] + adcs $a3,$a3,$a3 + ldr $a6,[$a_ptr,#24] + adcs $a4,$a4,$a4 + ldr $a7,[$a_ptr,#28] + adcs $a5,$a5,$a5 + adcs $a6,$a6,$a6 + mov $ff,#0 + adcs $a7,$a7,$a7 + adc $ff,$ff,#0 + + subs $a0,$a0,#-1 @ .Lreduce_by_sub but without stores + sbcs $a1,$a1,#-1 + sbcs $a2,$a2,#-1 + sbcs $a3,$a3,#0 + sbcs $a4,$a4,#0 + sbcs $a5,$a5,#0 + sbcs $a6,$a6,#1 + sbcs $a7,$a7,#-1 + sbc $ff,$ff,#0 + + adds $a0,$a0,$ff @ add synthesized modulus + adcs $a1,$a1,$ff + adcs $a2,$a2,$ff + adcs $a3,$a3,#0 + adcs $a4,$a4,#0 + ldr $b_ptr,[$a_ptr,#0] + adcs $a5,$a5,#0 + ldr $t1,[$a_ptr,#4] + adcs $a6,$a6,$ff,lsr#31 + ldr $t2,[$a_ptr,#8] + adc $a7,$a7,$ff + + ldr $t0,[$a_ptr,#12] + adds $a0,$a0,$b_ptr @ 2*a[0:7]+=a[0:7] + ldr $b_ptr,[$a_ptr,#16] + adcs $a1,$a1,$t1 + ldr $t1,[$a_ptr,#20] + adcs $a2,$a2,$t2 + ldr $t2,[$a_ptr,#24] + adcs $a3,$a3,$t0 + ldr $t3,[$a_ptr,#28] + adcs $a4,$a4,$b_ptr + adcs $a5,$a5,$t1 + adcs $a6,$a6,$t2 + mov $ff,#0 + adcs $a7,$a7,$t3 + adc $ff,$ff,#0 + ldr lr,[sp],#4 @ pop lr + + b .Lreduce_by_sub +.size ecp_nistz256_mul_by_3,.-ecp_nistz256_mul_by_3 + +@ void ecp_nistz256_div_by_2(BN_ULONG r0[8],const BN_ULONG r1[8]); +.globl ecp_nistz256_div_by_2 +.type ecp_nistz256_div_by_2,%function +.align 4 +ecp_nistz256_div_by_2: + stmdb sp!,{r4-r12,lr} + bl __ecp_nistz256_div_by_2 +#if __ARM_ARCH__>=5 || !defined(__thumb__) + ldmia sp!,{r4-r12,pc} +#else + ldmia sp!,{r4-r12,lr} + bx lr @ interoperable with Thumb ISA:-) +#endif +.size ecp_nistz256_div_by_2,.-ecp_nistz256_div_by_2 + +.type __ecp_nistz256_div_by_2,%function +.align 4 +__ecp_nistz256_div_by_2: + @ ret = (a is odd ? a+mod : a) >> 1 + + ldr $a0,[$a_ptr,#0] + ldr $a1,[$a_ptr,#4] + ldr $a2,[$a_ptr,#8] + mov $ff,$a0,lsl#31 @ place least significant bit to most + @ significant position, now arithmetic + @ right shift by 31 will produce -1 or + @ 0, while logical right shift 1 or 0, + @ this is how modulus is conditionally + @ synthesized in this case... + ldr $a3,[$a_ptr,#12] + adds $a0,$a0,$ff,asr#31 + ldr $a4,[$a_ptr,#16] + adcs $a1,$a1,$ff,asr#31 + ldr $a5,[$a_ptr,#20] + adcs $a2,$a2,$ff,asr#31 + ldr $a6,[$a_ptr,#24] + adcs $a3,$a3,#0 + ldr $a7,[$a_ptr,#28] + adcs $a4,$a4,#0 + mov $a0,$a0,lsr#1 @ a[0:7]>>=1, we can start early + @ because it doesn't affect flags + adcs $a5,$a5,#0 + orr $a0,$a0,$a1,lsl#31 + adcs $a6,$a6,$ff,lsr#31 + mov $b_ptr,#0 + adcs $a7,$a7,$ff,asr#31 + mov $a1,$a1,lsr#1 + adc $b_ptr,$b_ptr,#0 @ top-most carry bit from addition + + orr $a1,$a1,$a2,lsl#31 + mov $a2,$a2,lsr#1 + str $a0,[$r_ptr,#0] + orr $a2,$a2,$a3,lsl#31 + mov $a3,$a3,lsr#1 + str $a1,[$r_ptr,#4] + orr $a3,$a3,$a4,lsl#31 + mov $a4,$a4,lsr#1 + str $a2,[$r_ptr,#8] + orr $a4,$a4,$a5,lsl#31 + mov $a5,$a5,lsr#1 + str $a3,[$r_ptr,#12] + orr $a5,$a5,$a6,lsl#31 + mov $a6,$a6,lsr#1 + str $a4,[$r_ptr,#16] + orr $a6,$a6,$a7,lsl#31 + mov $a7,$a7,lsr#1 + str $a5,[$r_ptr,#20] + orr $a7,$a7,$b_ptr,lsl#31 @ don't forget the top-most carry bit + str $a6,[$r_ptr,#24] + str $a7,[$r_ptr,#28] + + mov pc,lr +.size __ecp_nistz256_div_by_2,.-__ecp_nistz256_div_by_2 + +@ void ecp_nistz256_sub(BN_ULONG r0[8],const BN_ULONG r1[8], +@ const BN_ULONG r2[8]); +.globl ecp_nistz256_sub +.type ecp_nistz256_sub,%function +.align 4 +ecp_nistz256_sub: + stmdb sp!,{r4-r12,lr} + bl __ecp_nistz256_sub +#if __ARM_ARCH__>=5 || !defined(__thumb__) + ldmia sp!,{r4-r12,pc} +#else + ldmia sp!,{r4-r12,lr} + bx lr @ interoperable with Thumb ISA:-) +#endif +.size ecp_nistz256_sub,.-ecp_nistz256_sub + +.type __ecp_nistz256_sub,%function +.align 4 +__ecp_nistz256_sub: + str lr,[sp,#-4]! @ push lr + + ldr $a0,[$a_ptr,#0] + ldr $a1,[$a_ptr,#4] + ldr $a2,[$a_ptr,#8] + ldr $a3,[$a_ptr,#12] + ldr $a4,[$a_ptr,#16] + ldr $t0,[$b_ptr,#0] + ldr $a5,[$a_ptr,#20] + ldr $t1,[$b_ptr,#4] + ldr $a6,[$a_ptr,#24] + ldr $t2,[$b_ptr,#8] + ldr $a7,[$a_ptr,#28] + ldr $t3,[$b_ptr,#12] + subs $a0,$a0,$t0 + ldr $t0,[$b_ptr,#16] + sbcs $a1,$a1,$t1 + ldr $t1,[$b_ptr,#20] + sbcs $a2,$a2,$t2 + ldr $t2,[$b_ptr,#24] + sbcs $a3,$a3,$t3 + ldr $t3,[$b_ptr,#28] + sbcs $a4,$a4,$t0 + sbcs $a5,$a5,$t1 + sbcs $a6,$a6,$t2 + sbcs $a7,$a7,$t3 + sbc $ff,$ff,$ff @ broadcast borrow bit + ldr lr,[sp],#4 @ pop lr + +.Lreduce_by_add: + + @ if a-b borrows, add modulus. + @ + @ Note that because mod has special form, i.e. consists of + @ 0xffffffff, 1 and 0s, we can conditionally synthesize it by + @ broadcasting borrow bit to a register, $ff, and using it as + @ a whole or extracting single bit. + + adds $a0,$a0,$ff @ add synthesized modulus + adcs $a1,$a1,$ff + str $a0,[$r_ptr,#0] + adcs $a2,$a2,$ff + str $a1,[$r_ptr,#4] + adcs $a3,$a3,#0 + str $a2,[$r_ptr,#8] + adcs $a4,$a4,#0 + str $a3,[$r_ptr,#12] + adcs $a5,$a5,#0 + str $a4,[$r_ptr,#16] + adcs $a6,$a6,$ff,lsr#31 + str $a5,[$r_ptr,#20] + adcs $a7,$a7,$ff + str $a6,[$r_ptr,#24] + str $a7,[$r_ptr,#28] + + mov pc,lr +.size __ecp_nistz256_sub,.-__ecp_nistz256_sub + +@ void ecp_nistz256_neg(BN_ULONG r0[8],const BN_ULONG r1[8]); +.globl ecp_nistz256_neg +.type ecp_nistz256_neg,%function +.align 4 +ecp_nistz256_neg: + stmdb sp!,{r4-r12,lr} + bl __ecp_nistz256_neg +#if __ARM_ARCH__>=5 || !defined(__thumb__) + ldmia sp!,{r4-r12,pc} +#else + ldmia sp!,{r4-r12,lr} + bx lr @ interoperable with Thumb ISA:-) +#endif +.size ecp_nistz256_neg,.-ecp_nistz256_neg + +.type __ecp_nistz256_neg,%function +.align 4 +__ecp_nistz256_neg: + ldr $a0,[$a_ptr,#0] + eor $ff,$ff,$ff + ldr $a1,[$a_ptr,#4] + ldr $a2,[$a_ptr,#8] + subs $a0,$ff,$a0 + ldr $a3,[$a_ptr,#12] + sbcs $a1,$ff,$a1 + ldr $a4,[$a_ptr,#16] + sbcs $a2,$ff,$a2 + ldr $a5,[$a_ptr,#20] + sbcs $a3,$ff,$a3 + ldr $a6,[$a_ptr,#24] + sbcs $a4,$ff,$a4 + ldr $a7,[$a_ptr,#28] + sbcs $a5,$ff,$a5 + sbcs $a6,$ff,$a6 + sbcs $a7,$ff,$a7 + sbc $ff,$ff,$ff + + b .Lreduce_by_add +.size __ecp_nistz256_neg,.-__ecp_nistz256_neg +___ +{ +my @acc=map("r$_",(3..11)); +my ($t0,$t1,$bj,$t2,$t3)=map("r$_",(0,1,2,12,14)); + +$code.=<<___; +@ void ecp_nistz256_sqr_mont(BN_ULONG r0[8],const BN_ULONG r1[8]); +.globl ecp_nistz256_sqr_mont +.type ecp_nistz256_sqr_mont,%function +.align 4 +ecp_nistz256_sqr_mont: + mov $b_ptr,$a_ptr + b .Lecp_nistz256_mul_mont +.size ecp_nistz256_sqr_mont,.-ecp_nistz256_sqr_mont + +@ void ecp_nistz256_mul_mont(BN_ULONG r0[8],const BN_ULONG r1[8], +@ const BN_ULONG r2[8]); +.globl ecp_nistz256_mul_mont +.type ecp_nistz256_mul_mont,%function +.align 4 +ecp_nistz256_mul_mont: +.Lecp_nistz256_mul_mont: + stmdb sp!,{r4-r12,lr} + bl __ecp_nistz256_mul_mont +#if __ARM_ARCH__>=5 || !defined(__thumb__) + ldmia sp!,{r4-r12,pc} +#else + ldmia sp!,{r4-r12,lr} + bx lr @ interoperable with Thumb ISA:-) +#endif +.size ecp_nistz256_mul_mont,.-ecp_nistz256_mul_mont + +.type __ecp_nistz256_mul_mont,%function +.align 4 +__ecp_nistz256_mul_mont: + stmdb sp!,{r0-r2,lr} @ make a copy of arguments too + + ldr $bj,[$b_ptr,#0] @ b[0] + ldmia $a_ptr,{@acc[1]-@acc[8]} + + umull @acc[0],$t3,@acc[1],$bj @ r[0]=a[0]*b[0] + stmdb sp!,{$acc[1]-@acc[8]} @ copy a[0-7] to stack, so + @ that it can be addressed + @ without spending register + @ on address + umull @acc[1],$t0,@acc[2],$bj @ r[1]=a[1]*b[0] + umull @acc[2],$t1,@acc[3],$bj + adds @acc[1],@acc[1],$t3 @ accumulate high part of mult + umull @acc[3],$t2,@acc[4],$bj + adcs @acc[2],@acc[2],$t0 + umull @acc[4],$t3,@acc[5],$bj + adcs @acc[3],@acc[3],$t1 + umull @acc[5],$t0,@acc[6],$bj + adcs @acc[4],@acc[4],$t2 + umull @acc[6],$t1,@acc[7],$bj + adcs @acc[5],@acc[5],$t3 + umull @acc[7],$t2,@acc[8],$bj + adcs @acc[6],@acc[6],$t0 + adcs @acc[7],@acc[7],$t1 + eor $t3,$t3,$t3 @ first overflow bit is zero + adc @acc[8],$t2,#0 +___ +for(my $i=1;$i<8;$i++) { +my $t4=@acc[0]; + + # Reduction iteration is normally performed by accumulating + # result of multiplication of modulus by "magic" digit [and + # omitting least significant word, which is guaranteed to + # be 0], but thanks to special form of modulus and "magic" + # digit being equal to least significant word, it can be + # performed with additions and subtractions alone. Indeed: + # + # ffff.0001.0000.0000.0000.ffff.ffff.ffff + # * abcd + # + xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.abcd + # + # Now observing that ff..ff*x = (2^n-1)*x = 2^n*x-x, we + # rewrite above as: + # + # xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.abcd + # + abcd.0000.abcd.0000.0000.abcd.0000.0000.0000 + # - abcd.0000.0000.0000.0000.0000.0000.abcd + # + # or marking redundant operations: + # + # xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.---- + # + abcd.0000.abcd.0000.0000.abcd.----.----.---- + # - abcd.----.----.----.----.----.----.---- + +$code.=<<___; + @ multiplication-less reduction $i + adds @acc[3],@acc[3],@acc[0] @ r[3]+=r[0] + ldr $bj,[sp,#40] @ restore b_ptr + adcs @acc[4],@acc[4],#0 @ r[4]+=0 + adcs @acc[5],@acc[5],#0 @ r[5]+=0 + adcs @acc[6],@acc[6],@acc[0] @ r[6]+=r[0] + ldr $t1,[sp,#0] @ load a[0] + adcs @acc[7],@acc[7],#0 @ r[7]+=0 + ldr $bj,[$bj,#4*$i] @ load b[i] + adcs @acc[8],@acc[8],@acc[0] @ r[8]+=r[0] + eor $t0,$t0,$t0 + adc $t3,$t3,#0 @ overflow bit + subs @acc[7],@acc[7],@acc[0] @ r[7]-=r[0] + ldr $t2,[sp,#4] @ a[1] + sbcs @acc[8],@acc[8],#0 @ r[8]-=0 + umlal @acc[1],$t0,$t1,$bj @ "r[0]"+=a[0]*b[i] + eor $t1,$t1,$t1 + sbc @acc[0],$t3,#0 @ overflow bit, keep in mind + @ that netto result is + @ addition of a value which + @ makes underflow impossible + + ldr $t3,[sp,#8] @ a[2] + umlal @acc[2],$t1,$t2,$bj @ "r[1]"+=a[1]*b[i] + str @acc[0],[sp,#36] @ temporarily offload overflow + eor $t2,$t2,$t2 + ldr $t4,[sp,#12] @ a[3], $t4 is alias @acc[0] + umlal @acc[3],$t2,$t3,$bj @ "r[2]"+=a[2]*b[i] + eor $t3,$t3,$t3 + adds @acc[2],@acc[2],$t0 @ accumulate high part of mult + ldr $t0,[sp,#16] @ a[4] + umlal @acc[4],$t3,$t4,$bj @ "r[3]"+=a[3]*b[i] + eor $t4,$t4,$t4 + adcs @acc[3],@acc[3],$t1 + ldr $t1,[sp,#20] @ a[5] + umlal @acc[5],$t4,$t0,$bj @ "r[4]"+=a[4]*b[i] + eor $t0,$t0,$t0 + adcs @acc[4],@acc[4],$t2 + ldr $t2,[sp,#24] @ a[6] + umlal @acc[6],$t0,$t1,$bj @ "r[5]"+=a[5]*b[i] + eor $t1,$t1,$t1 + adcs @acc[5],@acc[5],$t3 + ldr $t3,[sp,#28] @ a[7] + umlal @acc[7],$t1,$t2,$bj @ "r[6]"+=a[6]*b[i] + eor $t2,$t2,$t2 + adcs @acc[6],@acc[6],$t4 + ldr @acc[0],[sp,#36] @ restore overflow bit + umlal @acc[8],$t2,$t3,$bj @ "r[7]"+=a[7]*b[i] + eor $t3,$t3,$t3 + adcs @acc[7],@acc[7],$t0 + adcs @acc[8],@acc[8],$t1 + adcs @acc[0],$acc[0],$t2 + adc $t3,$t3,#0 @ new overflow bit +___ + push(@acc,shift(@acc)); # rotate registers, so that + # "r[i]" becomes r[i] +} +$code.=<<___; + @ last multiplication-less reduction + adds @acc[3],@acc[3],@acc[0] + ldr $r_ptr,[sp,#32] @ restore r_ptr + adcs @acc[4],@acc[4],#0 + adcs @acc[5],@acc[5],#0 + adcs @acc[6],@acc[6],@acc[0] + adcs @acc[7],@acc[7],#0 + adcs @acc[8],@acc[8],@acc[0] + adc $t3,$t3,#0 + subs @acc[7],@acc[7],@acc[0] + sbcs @acc[8],@acc[8],#0 + sbc @acc[0],$t3,#0 @ overflow bit + + @ Final step is "if result > mod, subtract mod", but we do it + @ "other way around", namely subtract modulus from result + @ and if it borrowed, add modulus back. + + adds @acc[1],@acc[1],#1 @ subs @acc[1],@acc[1],#-1 + adcs @acc[2],@acc[2],#0 @ sbcs @acc[2],@acc[2],#-1 + adcs @acc[3],@acc[3],#0 @ sbcs @acc[3],@acc[3],#-1 + sbcs @acc[4],@acc[4],#0 + sbcs @acc[5],@acc[5],#0 + sbcs @acc[6],@acc[6],#0 + sbcs @acc[7],@acc[7],#1 + adcs @acc[8],@acc[8],#0 @ sbcs @acc[8],@acc[8],#-1 + ldr lr,[sp,#44] @ restore lr + sbc @acc[0],@acc[0],#0 @ broadcast borrow bit + add sp,sp,#48 + + @ Note that because mod has special form, i.e. consists of + @ 0xffffffff, 1 and 0s, we can conditionally synthesize it by + @ broadcasting borrow bit to a register, @acc[0], and using it as + @ a whole or extracting single bit. + + adds @acc[1],@acc[1],@acc[0] @ add modulus or zero + adcs @acc[2],@acc[2],@acc[0] + str @acc[1],[$r_ptr,#0] + adcs @acc[3],@acc[3],@acc[0] + str @acc[2],[$r_ptr,#4] + adcs @acc[4],@acc[4],#0 + str @acc[3],[$r_ptr,#8] + adcs @acc[5],@acc[5],#0 + str @acc[4],[$r_ptr,#12] + adcs @acc[6],@acc[6],#0 + str @acc[5],[$r_ptr,#16] + adcs @acc[7],@acc[7],@acc[0],lsr#31 + str @acc[6],[$r_ptr,#20] + adc @acc[8],@acc[8],@acc[0] + str @acc[7],[$r_ptr,#24] + str @acc[8],[$r_ptr,#28] + + mov pc,lr +.size __ecp_nistz256_mul_mont,.-__ecp_nistz256_mul_mont +___ +} + +{ +my ($out,$inp,$index,$mask)=map("r$_",(0..3)); +$code.=<<___; +@ void ecp_nistz256_select_w5(P256_POINT *r0,const void *r1, +@ int r2); +.globl ecp_nistz256_select_w5 +.type ecp_nistz256_select_w5,%function +.align 5 +ecp_nistz256_select_w5: + stmdb sp!,{r4-r11} + + cmp $index,#0 + mov $mask,#0 +#ifdef __thumb2__ + itt ne +#endif + subne $index,$index,#1 + movne $mask,#-1 + add $inp,$inp,$index,lsl#2 + + ldr r4,[$inp,#64*0] + ldr r5,[$inp,#64*1] + ldr r6,[$inp,#64*2] + and r4,r4,$mask + ldr r7,[$inp,#64*3] + and r5,r5,$mask + ldr r8,[$inp,#64*4] + and r6,r6,$mask + ldr r9,[$inp,#64*5] + and r7,r7,$mask + ldr r10,[$inp,#64*6] + and r8,r8,$mask + ldr r11,[$inp,#64*7] + add $inp,$inp,#64*8 + and r9,r9,$mask + and r10,r10,$mask + and r11,r11,$mask + stmia $out!,{r4-r11} @ X + + ldr r4,[$inp,#64*0] + ldr r5,[$inp,#64*1] + ldr r6,[$inp,#64*2] + and r4,r4,$mask + ldr r7,[$inp,#64*3] + and r5,r5,$mask + ldr r8,[$inp,#64*4] + and r6,r6,$mask + ldr r9,[$inp,#64*5] + and r7,r7,$mask + ldr r10,[$inp,#64*6] + and r8,r8,$mask + ldr r11,[$inp,#64*7] + add $inp,$inp,#64*8 + and r9,r9,$mask + and r10,r10,$mask + and r11,r11,$mask + stmia $out!,{r4-r11} @ Y + + ldr r4,[$inp,#64*0] + ldr r5,[$inp,#64*1] + ldr r6,[$inp,#64*2] + and r4,r4,$mask + ldr r7,[$inp,#64*3] + and r5,r5,$mask + ldr r8,[$inp,#64*4] + and r6,r6,$mask + ldr r9,[$inp,#64*5] + and r7,r7,$mask + ldr r10,[$inp,#64*6] + and r8,r8,$mask + ldr r11,[$inp,#64*7] + and r9,r9,$mask + and r10,r10,$mask + and r11,r11,$mask + stmia $out,{r4-r11} @ Z + + ldmia sp!,{r4-r11} +#if __ARM_ARCH__>=5 || defined(__thumb__) + bx lr +#else + mov pc,lr +#endif +.size ecp_nistz256_select_w5,.-ecp_nistz256_select_w5 + +@ void ecp_nistz256_select_w7(P256_POINT_AFFINE *r0,const void *r1, +@ int r2); +.globl ecp_nistz256_select_w7 +.type ecp_nistz256_select_w7,%function +.align 5 +ecp_nistz256_select_w7: + stmdb sp!,{r4-r7} + + cmp $index,#0 + mov $mask,#0 +#ifdef __thumb2__ + itt ne +#endif + subne $index,$index,#1 + movne $mask,#-1 + add $inp,$inp,$index + mov $index,#64/4 + nop +.Loop_select_w7: + ldrb r4,[$inp,#64*0] + subs $index,$index,#1 + ldrb r5,[$inp,#64*1] + ldrb r6,[$inp,#64*2] + ldrb r7,[$inp,#64*3] + add $inp,$inp,#64*4 + orr r4,r4,r5,lsl#8 + orr r4,r4,r6,lsl#16 + orr r4,r4,r7,lsl#24 + and r4,r4,$mask + str r4,[$out],#4 + bne .Loop_select_w7 + + ldmia sp!,{r4-r7} +#if __ARM_ARCH__>=5 || defined(__thumb__) + bx lr +#else + mov pc,lr +#endif +.size ecp_nistz256_select_w7,.-ecp_nistz256_select_w7 +___ +} +if (0) { +# In comparison to integer-only equivalent of below subroutine: +# +# Cortex-A8 +10% +# Cortex-A9 -10% +# Snapdragon S4 +5% +# +# As not all time is spent in multiplication, overall impact is deemed +# too low to care about. + +my ($A0,$A1,$A2,$A3,$Bi,$zero,$temp)=map("d$_",(0..7)); +my $mask="q4"; +my $mult="q5"; +my @AxB=map("q$_",(8..15)); + +my ($rptr,$aptr,$bptr,$toutptr)=map("r$_",(0..3)); + +$code.=<<___; +#if __ARM_ARCH__>=7 +.fpu neon + +.globl ecp_nistz256_mul_mont_neon +.type ecp_nistz256_mul_mont_neon,%function +.align 5 +ecp_nistz256_mul_mont_neon: + mov ip,sp + stmdb sp!,{r4-r9} + vstmdb sp!,{q4-q5} @ ABI specification says so + + sub $toutptr,sp,#40 + vld1.32 {${Bi}[0]},[$bptr,:32]! + veor $zero,$zero,$zero + vld1.32 {$A0-$A3}, [$aptr] @ can't specify :32 :-( + vzip.16 $Bi,$zero + mov sp,$toutptr @ alloca + vmov.i64 $mask,#0xffff + + vmull.u32 @AxB[0],$Bi,${A0}[0] + vmull.u32 @AxB[1],$Bi,${A0}[1] + vmull.u32 @AxB[2],$Bi,${A1}[0] + vmull.u32 @AxB[3],$Bi,${A1}[1] + vshr.u64 $temp,@AxB[0]#lo,#16 + vmull.u32 @AxB[4],$Bi,${A2}[0] + vadd.u64 @AxB[0]#hi,@AxB[0]#hi,$temp + vmull.u32 @AxB[5],$Bi,${A2}[1] + vshr.u64 $temp,@AxB[0]#hi,#16 @ upper 32 bits of a[0]*b[0] + vmull.u32 @AxB[6],$Bi,${A3}[0] + vand.u64 @AxB[0],@AxB[0],$mask @ lower 32 bits of a[0]*b[0] + vmull.u32 @AxB[7],$Bi,${A3}[1] +___ +for($i=1;$i<8;$i++) { +$code.=<<___; + vld1.32 {${Bi}[0]},[$bptr,:32]! + veor $zero,$zero,$zero + vadd.u64 @AxB[1]#lo,@AxB[1]#lo,$temp @ reduction + vshl.u64 $mult,@AxB[0],#32 + vadd.u64 @AxB[3],@AxB[3],@AxB[0] + vsub.u64 $mult,$mult,@AxB[0] + vzip.16 $Bi,$zero + vadd.u64 @AxB[6],@AxB[6],@AxB[0] + vadd.u64 @AxB[7],@AxB[7],$mult +___ + push(@AxB,shift(@AxB)); +$code.=<<___; + vmlal.u32 @AxB[0],$Bi,${A0}[0] + vmlal.u32 @AxB[1],$Bi,${A0}[1] + vmlal.u32 @AxB[2],$Bi,${A1}[0] + vmlal.u32 @AxB[3],$Bi,${A1}[1] + vshr.u64 $temp,@AxB[0]#lo,#16 + vmlal.u32 @AxB[4],$Bi,${A2}[0] + vadd.u64 @AxB[0]#hi,@AxB[0]#hi,$temp + vmlal.u32 @AxB[5],$Bi,${A2}[1] + vshr.u64 $temp,@AxB[0]#hi,#16 @ upper 33 bits of a[0]*b[i]+t[0] + vmlal.u32 @AxB[6],$Bi,${A3}[0] + vand.u64 @AxB[0],@AxB[0],$mask @ lower 32 bits of a[0]*b[0] + vmull.u32 @AxB[7],$Bi,${A3}[1] +___ +} +$code.=<<___; + vadd.u64 @AxB[1]#lo,@AxB[1]#lo,$temp @ last reduction + vshl.u64 $mult,@AxB[0],#32 + vadd.u64 @AxB[3],@AxB[3],@AxB[0] + vsub.u64 $mult,$mult,@AxB[0] + vadd.u64 @AxB[6],@AxB[6],@AxB[0] + vadd.u64 @AxB[7],@AxB[7],$mult + + vshr.u64 $temp,@AxB[1]#lo,#16 @ convert + vadd.u64 @AxB[1]#hi,@AxB[1]#hi,$temp + vshr.u64 $temp,@AxB[1]#hi,#16 + vzip.16 @AxB[1]#lo,@AxB[1]#hi +___ +foreach (2..7) { +$code.=<<___; + vadd.u64 @AxB[$_]#lo,@AxB[$_]#lo,$temp + vst1.32 {@AxB[$_-1]#lo[0]},[$toutptr,:32]! + vshr.u64 $temp,@AxB[$_]#lo,#16 + vadd.u64 @AxB[$_]#hi,@AxB[$_]#hi,$temp + vshr.u64 $temp,@AxB[$_]#hi,#16 + vzip.16 @AxB[$_]#lo,@AxB[$_]#hi +___ +} +$code.=<<___; + vst1.32 {@AxB[7]#lo[0]},[$toutptr,:32]! + vst1.32 {$temp},[$toutptr] @ upper 33 bits + + ldr r1,[sp,#0] + ldr r2,[sp,#4] + ldr r3,[sp,#8] + subs r1,r1,#-1 + ldr r4,[sp,#12] + sbcs r2,r2,#-1 + ldr r5,[sp,#16] + sbcs r3,r3,#-1 + ldr r6,[sp,#20] + sbcs r4,r4,#0 + ldr r7,[sp,#24] + sbcs r5,r5,#0 + ldr r8,[sp,#28] + sbcs r6,r6,#0 + ldr r9,[sp,#32] @ top-most bit + sbcs r7,r7,#1 + sub sp,ip,#40+16 + sbcs r8,r8,#-1 + sbc r9,r9,#0 + vldmia sp!,{q4-q5} + + adds r1,r1,r9 + adcs r2,r2,r9 + str r1,[$rptr,#0] + adcs r3,r3,r9 + str r2,[$rptr,#4] + adcs r4,r4,#0 + str r3,[$rptr,#8] + adcs r5,r5,#0 + str r4,[$rptr,#12] + adcs r6,r6,#0 + str r5,[$rptr,#16] + adcs r7,r7,r9,lsr#31 + str r6,[$rptr,#20] + adcs r8,r8,r9 + str r7,[$rptr,#24] + str r8,[$rptr,#28] + + ldmia sp!,{r4-r9} + bx lr +.size ecp_nistz256_mul_mont_neon,.-ecp_nistz256_mul_mont_neon +#endif +___ +} + +{{{ +######################################################################## +# Below $aN assignment matches order in which 256-bit result appears in +# register bank at return from __ecp_nistz256_mul_mont, so that we can +# skip over reloading it from memory. This means that below functions +# use custom calling sequence accepting 256-bit input in registers, +# output pointer in r0, $r_ptr, and optional pointer in r2, $b_ptr. +# +# See their "normal" counterparts for insights on calculations. + +my ($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7, + $t0,$t1,$t2,$t3)=map("r$_",(11,3..10,12,14,1)); +my $ff=$b_ptr; + +$code.=<<___; +.type __ecp_nistz256_sub_from,%function +.align 5 +__ecp_nistz256_sub_from: + str lr,[sp,#-4]! @ push lr + + ldr $t0,[$b_ptr,#0] + ldr $t1,[$b_ptr,#4] + ldr $t2,[$b_ptr,#8] + ldr $t3,[$b_ptr,#12] + subs $a0,$a0,$t0 + ldr $t0,[$b_ptr,#16] + sbcs $a1,$a1,$t1 + ldr $t1,[$b_ptr,#20] + sbcs $a2,$a2,$t2 + ldr $t2,[$b_ptr,#24] + sbcs $a3,$a3,$t3 + ldr $t3,[$b_ptr,#28] + sbcs $a4,$a4,$t0 + sbcs $a5,$a5,$t1 + sbcs $a6,$a6,$t2 + sbcs $a7,$a7,$t3 + sbc $ff,$ff,$ff @ broadcast borrow bit + ldr lr,[sp],#4 @ pop lr + + adds $a0,$a0,$ff @ add synthesized modulus + adcs $a1,$a1,$ff + str $a0,[$r_ptr,#0] + adcs $a2,$a2,$ff + str $a1,[$r_ptr,#4] + adcs $a3,$a3,#0 + str $a2,[$r_ptr,#8] + adcs $a4,$a4,#0 + str $a3,[$r_ptr,#12] + adcs $a5,$a5,#0 + str $a4,[$r_ptr,#16] + adcs $a6,$a6,$ff,lsr#31 + str $a5,[$r_ptr,#20] + adcs $a7,$a7,$ff + str $a6,[$r_ptr,#24] + str $a7,[$r_ptr,#28] + + mov pc,lr +.size __ecp_nistz256_sub_from,.-__ecp_nistz256_sub_from + +.type __ecp_nistz256_sub_morf,%function +.align 5 +__ecp_nistz256_sub_morf: + str lr,[sp,#-4]! @ push lr + + ldr $t0,[$b_ptr,#0] + ldr $t1,[$b_ptr,#4] + ldr $t2,[$b_ptr,#8] + ldr $t3,[$b_ptr,#12] + subs $a0,$t0,$a0 + ldr $t0,[$b_ptr,#16] + sbcs $a1,$t1,$a1 + ldr $t1,[$b_ptr,#20] + sbcs $a2,$t2,$a2 + ldr $t2,[$b_ptr,#24] + sbcs $a3,$t3,$a3 + ldr $t3,[$b_ptr,#28] + sbcs $a4,$t0,$a4 + sbcs $a5,$t1,$a5 + sbcs $a6,$t2,$a6 + sbcs $a7,$t3,$a7 + sbc $ff,$ff,$ff @ broadcast borrow bit + ldr lr,[sp],#4 @ pop lr + + adds $a0,$a0,$ff @ add synthesized modulus + adcs $a1,$a1,$ff + str $a0,[$r_ptr,#0] + adcs $a2,$a2,$ff + str $a1,[$r_ptr,#4] + adcs $a3,$a3,#0 + str $a2,[$r_ptr,#8] + adcs $a4,$a4,#0 + str $a3,[$r_ptr,#12] + adcs $a5,$a5,#0 + str $a4,[$r_ptr,#16] + adcs $a6,$a6,$ff,lsr#31 + str $a5,[$r_ptr,#20] + adcs $a7,$a7,$ff + str $a6,[$r_ptr,#24] + str $a7,[$r_ptr,#28] + + mov pc,lr +.size __ecp_nistz256_sub_morf,.-__ecp_nistz256_sub_morf + +.type __ecp_nistz256_add_self,%function +.align 4 +__ecp_nistz256_add_self: + adds $a0,$a0,$a0 @ a[0:7]+=a[0:7] + adcs $a1,$a1,$a1 + adcs $a2,$a2,$a2 + adcs $a3,$a3,$a3 + adcs $a4,$a4,$a4 + adcs $a5,$a5,$a5 + adcs $a6,$a6,$a6 + mov $ff,#0 + adcs $a7,$a7,$a7 + adc $ff,$ff,#0 + + @ if a+b >= modulus, subtract modulus. + @ + @ But since comparison implies subtraction, we subtract + @ modulus and then add it back if subraction borrowed. + + subs $a0,$a0,#-1 + sbcs $a1,$a1,#-1 + sbcs $a2,$a2,#-1 + sbcs $a3,$a3,#0 + sbcs $a4,$a4,#0 + sbcs $a5,$a5,#0 + sbcs $a6,$a6,#1 + sbcs $a7,$a7,#-1 + sbc $ff,$ff,#0 + + @ Note that because mod has special form, i.e. consists of + @ 0xffffffff, 1 and 0s, we can conditionally synthesize it by + @ using value of borrow as a whole or extracting single bit. + @ Follow $ff register... + + adds $a0,$a0,$ff @ add synthesized modulus + adcs $a1,$a1,$ff + str $a0,[$r_ptr,#0] + adcs $a2,$a2,$ff + str $a1,[$r_ptr,#4] + adcs $a3,$a3,#0 + str $a2,[$r_ptr,#8] + adcs $a4,$a4,#0 + str $a3,[$r_ptr,#12] + adcs $a5,$a5,#0 + str $a4,[$r_ptr,#16] + adcs $a6,$a6,$ff,lsr#31 + str $a5,[$r_ptr,#20] + adcs $a7,$a7,$ff + str $a6,[$r_ptr,#24] + str $a7,[$r_ptr,#28] + + mov pc,lr +.size __ecp_nistz256_add_self,.-__ecp_nistz256_add_self + +___ + +######################################################################## +# following subroutines are "literal" implementation of those found in +# ecp_nistz256.c +# +######################################################################## +# void ecp_nistz256_point_double(P256_POINT *out,const P256_POINT *inp); +# +{ +my ($S,$M,$Zsqr,$in_x,$tmp0)=map(32*$_,(0..4)); +# above map() describes stack layout with 5 temporary +# 256-bit vectors on top. Then note that we push +# starting from r0, which means that we have copy of +# input arguments just below these temporary vectors. + +$code.=<<___; +.globl ecp_nistz256_point_double +.type ecp_nistz256_point_double,%function +.align 5 +ecp_nistz256_point_double: + stmdb sp!,{r0-r12,lr} @ push from r0, unusual, but intentional + sub sp,sp,#32*5 + +.Lpoint_double_shortcut: + add r3,sp,#$in_x + ldmia $a_ptr!,{r4-r11} @ copy in_x + stmia r3,{r4-r11} + + add $r_ptr,sp,#$S + bl __ecp_nistz256_mul_by_2 @ p256_mul_by_2(S, in_y); + + add $b_ptr,$a_ptr,#32 + add $a_ptr,$a_ptr,#32 + add $r_ptr,sp,#$Zsqr + bl __ecp_nistz256_mul_mont @ p256_sqr_mont(Zsqr, in_z); + + add $a_ptr,sp,#$S + add $b_ptr,sp,#$S + add $r_ptr,sp,#$S + bl __ecp_nistz256_mul_mont @ p256_sqr_mont(S, S); + + ldr $b_ptr,[sp,#32*5+4] + add $a_ptr,$b_ptr,#32 + add $b_ptr,$b_ptr,#64 + add $r_ptr,sp,#$tmp0 + bl __ecp_nistz256_mul_mont @ p256_mul_mont(tmp0, in_z, in_y); + + ldr $r_ptr,[sp,#32*5] + add $r_ptr,$r_ptr,#64 + bl __ecp_nistz256_add_self @ p256_mul_by_2(res_z, tmp0); + + add $a_ptr,sp,#$in_x + add $b_ptr,sp,#$Zsqr + add $r_ptr,sp,#$M + bl __ecp_nistz256_add @ p256_add(M, in_x, Zsqr); + + add $a_ptr,sp,#$in_x + add $b_ptr,sp,#$Zsqr + add $r_ptr,sp,#$Zsqr + bl __ecp_nistz256_sub @ p256_sub(Zsqr, in_x, Zsqr); + + add $a_ptr,sp,#$S + add $b_ptr,sp,#$S + add $r_ptr,sp,#$tmp0 + bl __ecp_nistz256_mul_mont @ p256_sqr_mont(tmp0, S); + + add $a_ptr,sp,#$Zsqr + add $b_ptr,sp,#$M + add $r_ptr,sp,#$M + bl __ecp_nistz256_mul_mont @ p256_mul_mont(M, M, Zsqr); + + ldr $r_ptr,[sp,#32*5] + add $a_ptr,sp,#$tmp0 + add $r_ptr,$r_ptr,#32 + bl __ecp_nistz256_div_by_2 @ p256_div_by_2(res_y, tmp0); + + add $a_ptr,sp,#$M + add $r_ptr,sp,#$M + bl __ecp_nistz256_mul_by_3 @ p256_mul_by_3(M, M); + + add $a_ptr,sp,#$in_x + add $b_ptr,sp,#$S + add $r_ptr,sp,#$S + bl __ecp_nistz256_mul_mont @ p256_mul_mont(S, S, in_x); + + add $r_ptr,sp,#$tmp0 + bl __ecp_nistz256_add_self @ p256_mul_by_2(tmp0, S); + + ldr $r_ptr,[sp,#32*5] + add $a_ptr,sp,#$M + add $b_ptr,sp,#$M + bl __ecp_nistz256_mul_mont @ p256_sqr_mont(res_x, M); + + add $b_ptr,sp,#$tmp0 + bl __ecp_nistz256_sub_from @ p256_sub(res_x, res_x, tmp0); + + add $b_ptr,sp,#$S + add $r_ptr,sp,#$S + bl __ecp_nistz256_sub_morf @ p256_sub(S, S, res_x); + + add $a_ptr,sp,#$M + add $b_ptr,sp,#$S + bl __ecp_nistz256_mul_mont @ p256_mul_mont(S, S, M); + + ldr $r_ptr,[sp,#32*5] + add $b_ptr,$r_ptr,#32 + add $r_ptr,$r_ptr,#32 + bl __ecp_nistz256_sub_from @ p256_sub(res_y, S, res_y); + + add sp,sp,#32*5+16 @ +16 means "skip even over saved r0-r3" +#if __ARM_ARCH__>=5 || !defined(__thumb__) + ldmia sp!,{r4-r12,pc} +#else + ldmia sp!,{r4-r12,lr} + bx lr @ interoperable with Thumb ISA:-) +#endif +.size ecp_nistz256_point_double,.-ecp_nistz256_point_double +___ +} + +######################################################################## +# void ecp_nistz256_point_add(P256_POINT *out,const P256_POINT *in1, +# const P256_POINT *in2); +{ +my ($res_x,$res_y,$res_z, + $in1_x,$in1_y,$in1_z, + $in2_x,$in2_y,$in2_z, + $H,$Hsqr,$R,$Rsqr,$Hcub, + $U1,$U2,$S1,$S2)=map(32*$_,(0..17)); +my ($Z1sqr, $Z2sqr) = ($Hsqr, $Rsqr); +# above map() describes stack layout with 18 temporary +# 256-bit vectors on top. Then note that we push +# starting from r0, which means that we have copy of +# input arguments just below these temporary vectors. +# We use three of them for !in1infty, !in2intfy and +# result of check for zero. + +$code.=<<___; +.globl ecp_nistz256_point_add +.type ecp_nistz256_point_add,%function +.align 5 +ecp_nistz256_point_add: + stmdb sp!,{r0-r12,lr} @ push from r0, unusual, but intentional + sub sp,sp,#32*18+16 + + ldmia $b_ptr!,{r4-r11} @ copy in2_x + add r3,sp,#$in2_x + stmia r3!,{r4-r11} + ldmia $b_ptr!,{r4-r11} @ copy in2_y + stmia r3!,{r4-r11} + ldmia $b_ptr,{r4-r11} @ copy in2_z + orr r12,r4,r5 + orr r12,r12,r6 + orr r12,r12,r7 + orr r12,r12,r8 + orr r12,r12,r9 + orr r12,r12,r10 + orr r12,r12,r11 + cmp r12,#0 +#ifdef __thumb2__ + it ne +#endif + movne r12,#-1 + stmia r3,{r4-r11} + str r12,[sp,#32*18+8] @ !in2infty + + ldmia $a_ptr!,{r4-r11} @ copy in1_x + add r3,sp,#$in1_x + stmia r3!,{r4-r11} + ldmia $a_ptr!,{r4-r11} @ copy in1_y + stmia r3!,{r4-r11} + ldmia $a_ptr,{r4-r11} @ copy in1_z + orr r12,r4,r5 + orr r12,r12,r6 + orr r12,r12,r7 + orr r12,r12,r8 + orr r12,r12,r9 + orr r12,r12,r10 + orr r12,r12,r11 + cmp r12,#0 +#ifdef __thumb2__ + it ne +#endif + movne r12,#-1 + stmia r3,{r4-r11} + str r12,[sp,#32*18+4] @ !in1infty + + add $a_ptr,sp,#$in2_z + add $b_ptr,sp,#$in2_z + add $r_ptr,sp,#$Z2sqr + bl __ecp_nistz256_mul_mont @ p256_sqr_mont(Z2sqr, in2_z); + + add $a_ptr,sp,#$in1_z + add $b_ptr,sp,#$in1_z + add $r_ptr,sp,#$Z1sqr + bl __ecp_nistz256_mul_mont @ p256_sqr_mont(Z1sqr, in1_z); + + add $a_ptr,sp,#$in2_z + add $b_ptr,sp,#$Z2sqr + add $r_ptr,sp,#$S1 + bl __ecp_nistz256_mul_mont @ p256_mul_mont(S1, Z2sqr, in2_z); + + add $a_ptr,sp,#$in1_z + add $b_ptr,sp,#$Z1sqr + add $r_ptr,sp,#$S2 + bl __ecp_nistz256_mul_mont @ p256_mul_mont(S2, Z1sqr, in1_z); + + add $a_ptr,sp,#$in1_y + add $b_ptr,sp,#$S1 + add $r_ptr,sp,#$S1 + bl __ecp_nistz256_mul_mont @ p256_mul_mont(S1, S1, in1_y); + + add $a_ptr,sp,#$in2_y + add $b_ptr,sp,#$S2 + add $r_ptr,sp,#$S2 + bl __ecp_nistz256_mul_mont @ p256_mul_mont(S2, S2, in2_y); + + add $b_ptr,sp,#$S1 + add $r_ptr,sp,#$R + bl __ecp_nistz256_sub_from @ p256_sub(R, S2, S1); + + orr $a0,$a0,$a1 @ see if result is zero + orr $a2,$a2,$a3 + orr $a4,$a4,$a5 + orr $a0,$a0,$a2 + orr $a4,$a4,$a6 + orr $a0,$a0,$a7 + add $a_ptr,sp,#$in1_x + orr $a0,$a0,$a4 + add $b_ptr,sp,#$Z2sqr + str $a0,[sp,#32*18+12] + + add $r_ptr,sp,#$U1 + bl __ecp_nistz256_mul_mont @ p256_mul_mont(U1, in1_x, Z2sqr); + + add $a_ptr,sp,#$in2_x + add $b_ptr,sp,#$Z1sqr + add $r_ptr,sp,#$U2 + bl __ecp_nistz256_mul_mont @ p256_mul_mont(U2, in2_x, Z1sqr); + + add $b_ptr,sp,#$U1 + add $r_ptr,sp,#$H + bl __ecp_nistz256_sub_from @ p256_sub(H, U2, U1); + + orr $a0,$a0,$a1 @ see if result is zero + orr $a2,$a2,$a3 + orr $a4,$a4,$a5 + orr $a0,$a0,$a2 + orr $a4,$a4,$a6 + orr $a0,$a0,$a7 + orrs $a0,$a0,$a4 + + bne .Ladd_proceed @ is_equal(U1,U2)? + + ldr $t0,[sp,#32*18+4] + ldr $t1,[sp,#32*18+8] + ldr $t2,[sp,#32*18+12] + tst $t0,$t1 + beq .Ladd_proceed @ (in1infty || in2infty)? + tst $t2,$t2 + beq .Ladd_double @ is_equal(S1,S2)? + + ldr $r_ptr,[sp,#32*18+16] + eor r4,r4,r4 + eor r5,r5,r5 + eor r6,r6,r6 + eor r7,r7,r7 + eor r8,r8,r8 + eor r9,r9,r9 + eor r10,r10,r10 + eor r11,r11,r11 + stmia $r_ptr!,{r4-r11} + stmia $r_ptr!,{r4-r11} + stmia $r_ptr!,{r4-r11} + b .Ladd_done + +.align 4 +.Ladd_double: + ldr $a_ptr,[sp,#32*18+20] + add sp,sp,#32*(18-5)+16 @ difference in frame sizes + b .Lpoint_double_shortcut + +.align 4 +.Ladd_proceed: + add $a_ptr,sp,#$R + add $b_ptr,sp,#$R + add $r_ptr,sp,#$Rsqr + bl __ecp_nistz256_mul_mont @ p256_sqr_mont(Rsqr, R); + + add $a_ptr,sp,#$H + add $b_ptr,sp,#$in1_z + add $r_ptr,sp,#$res_z + bl __ecp_nistz256_mul_mont @ p256_mul_mont(res_z, H, in1_z); + + add $a_ptr,sp,#$H + add $b_ptr,sp,#$H + add $r_ptr,sp,#$Hsqr + bl __ecp_nistz256_mul_mont @ p256_sqr_mont(Hsqr, H); + + add $a_ptr,sp,#$in2_z + add $b_ptr,sp,#$res_z + add $r_ptr,sp,#$res_z + bl __ecp_nistz256_mul_mont @ p256_mul_mont(res_z, res_z, in2_z); + + add $a_ptr,sp,#$H + add $b_ptr,sp,#$Hsqr + add $r_ptr,sp,#$Hcub + bl __ecp_nistz256_mul_mont @ p256_mul_mont(Hcub, Hsqr, H); + + add $a_ptr,sp,#$Hsqr + add $b_ptr,sp,#$U1 + add $r_ptr,sp,#$U2 + bl __ecp_nistz256_mul_mont @ p256_mul_mont(U2, U1, Hsqr); + + add $r_ptr,sp,#$Hsqr + bl __ecp_nistz256_add_self @ p256_mul_by_2(Hsqr, U2); + + add $b_ptr,sp,#$Rsqr + add $r_ptr,sp,#$res_x + bl __ecp_nistz256_sub_morf @ p256_sub(res_x, Rsqr, Hsqr); + + add $b_ptr,sp,#$Hcub + bl __ecp_nistz256_sub_from @ p256_sub(res_x, res_x, Hcub); + + add $b_ptr,sp,#$U2 + add $r_ptr,sp,#$res_y + bl __ecp_nistz256_sub_morf @ p256_sub(res_y, U2, res_x); + + add $a_ptr,sp,#$Hcub + add $b_ptr,sp,#$S1 + add $r_ptr,sp,#$S2 + bl __ecp_nistz256_mul_mont @ p256_mul_mont(S2, S1, Hcub); + + add $a_ptr,sp,#$R + add $b_ptr,sp,#$res_y + add $r_ptr,sp,#$res_y + bl __ecp_nistz256_mul_mont @ p256_mul_mont(res_y, res_y, R); + + add $b_ptr,sp,#$S2 + bl __ecp_nistz256_sub_from @ p256_sub(res_y, res_y, S2); + + ldr r11,[sp,#32*18+4] @ !in1intfy + ldr r12,[sp,#32*18+8] @ !in2intfy + add r1,sp,#$res_x + add r2,sp,#$in2_x + and r10,r11,r12 + mvn r11,r11 + add r3,sp,#$in1_x + and r11,r11,r12 + mvn r12,r12 + ldr $r_ptr,[sp,#32*18+16] +___ +for($i=0;$i<96;$i+=8) { # conditional moves +$code.=<<___; + ldmia r1!,{r4-r5} @ res_x + ldmia r2!,{r6-r7} @ in2_x + ldmia r3!,{r8-r9} @ in1_x + and r4,r4,r10 + and r5,r5,r10 + and r6,r6,r11 + and r7,r7,r11 + and r8,r8,r12 + and r9,r9,r12 + orr r4,r4,r6 + orr r5,r5,r7 + orr r4,r4,r8 + orr r5,r5,r9 + stmia $r_ptr!,{r4-r5} +___ +} +$code.=<<___; +.Ladd_done: + add sp,sp,#32*18+16+16 @ +16 means "skip even over saved r0-r3" +#if __ARM_ARCH__>=5 || defined(__thumb__) + ldmia sp!,{r4-r12,pc} +#else + ldmia sp!,{r4-r12,lr} + bx lr @ interoperable with Thumb ISA:-) +#endif +.size ecp_nistz256_point_add,.-ecp_nistz256_point_add +___ +} + +######################################################################## +# void ecp_nistz256_point_add_affine(P256_POINT *out,const P256_POINT *in1, +# const P256_POINT_AFFINE *in2); +{ +my ($res_x,$res_y,$res_z, + $in1_x,$in1_y,$in1_z, + $in2_x,$in2_y, + $U2,$S2,$H,$R,$Hsqr,$Hcub,$Rsqr)=map(32*$_,(0..14)); +my $Z1sqr = $S2; +# above map() describes stack layout with 18 temporary +# 256-bit vectors on top. Then note that we push +# starting from r0, which means that we have copy of +# input arguments just below these temporary vectors. +# We use two of them for !in1infty, !in2intfy. + +my @ONE_mont=(1,0,0,-1,-1,-1,-2,0); + +$code.=<<___; +.globl ecp_nistz256_point_add_affine +.type ecp_nistz256_point_add_affine,%function +.align 5 +ecp_nistz256_point_add_affine: + stmdb sp!,{r0-r12,lr} @ push from r0, unusual, but intentional + sub sp,sp,#32*15 + + ldmia $a_ptr!,{r4-r11} @ copy in1_x + add r3,sp,#$in1_x + stmia r3!,{r4-r11} + ldmia $a_ptr!,{r4-r11} @ copy in1_y + stmia r3!,{r4-r11} + ldmia $a_ptr,{r4-r11} @ copy in1_z + orr r12,r4,r5 + orr r12,r12,r6 + orr r12,r12,r7 + orr r12,r12,r8 + orr r12,r12,r9 + orr r12,r12,r10 + orr r12,r12,r11 + cmp r12,#0 +#ifdef __thumb2__ + it ne +#endif + movne r12,#-1 + stmia r3,{r4-r11} + str r12,[sp,#32*15+4] @ !in1infty + + ldmia $b_ptr!,{r4-r11} @ copy in2_x + add r3,sp,#$in2_x + orr r12,r4,r5 + orr r12,r12,r6 + orr r12,r12,r7 + orr r12,r12,r8 + orr r12,r12,r9 + orr r12,r12,r10 + orr r12,r12,r11 + stmia r3!,{r4-r11} + ldmia $b_ptr!,{r4-r11} @ copy in2_y + orr r12,r12,r4 + orr r12,r12,r5 + orr r12,r12,r6 + orr r12,r12,r7 + orr r12,r12,r8 + orr r12,r12,r9 + orr r12,r12,r10 + orr r12,r12,r11 + stmia r3!,{r4-r11} + cmp r12,#0 +#ifdef __thumb2__ + it ne +#endif + movne r12,#-1 + str r12,[sp,#32*15+8] @ !in2infty + + add $a_ptr,sp,#$in1_z + add $b_ptr,sp,#$in1_z + add $r_ptr,sp,#$Z1sqr + bl __ecp_nistz256_mul_mont @ p256_sqr_mont(Z1sqr, in1_z); + + add $a_ptr,sp,#$Z1sqr + add $b_ptr,sp,#$in2_x + add $r_ptr,sp,#$U2 + bl __ecp_nistz256_mul_mont @ p256_mul_mont(U2, Z1sqr, in2_x); + + add $b_ptr,sp,#$in1_x + add $r_ptr,sp,#$H + bl __ecp_nistz256_sub_from @ p256_sub(H, U2, in1_x); + + add $a_ptr,sp,#$Z1sqr + add $b_ptr,sp,#$in1_z + add $r_ptr,sp,#$S2 + bl __ecp_nistz256_mul_mont @ p256_mul_mont(S2, Z1sqr, in1_z); + + add $a_ptr,sp,#$H + add $b_ptr,sp,#$in1_z + add $r_ptr,sp,#$res_z + bl __ecp_nistz256_mul_mont @ p256_mul_mont(res_z, H, in1_z); + + add $a_ptr,sp,#$in2_y + add $b_ptr,sp,#$S2 + add $r_ptr,sp,#$S2 + bl __ecp_nistz256_mul_mont @ p256_mul_mont(S2, S2, in2_y); + + add $b_ptr,sp,#$in1_y + add $r_ptr,sp,#$R + bl __ecp_nistz256_sub_from @ p256_sub(R, S2, in1_y); + + add $a_ptr,sp,#$H + add $b_ptr,sp,#$H + add $r_ptr,sp,#$Hsqr + bl __ecp_nistz256_mul_mont @ p256_sqr_mont(Hsqr, H); + + add $a_ptr,sp,#$R + add $b_ptr,sp,#$R + add $r_ptr,sp,#$Rsqr + bl __ecp_nistz256_mul_mont @ p256_sqr_mont(Rsqr, R); + + add $a_ptr,sp,#$H + add $b_ptr,sp,#$Hsqr + add $r_ptr,sp,#$Hcub + bl __ecp_nistz256_mul_mont @ p256_mul_mont(Hcub, Hsqr, H); + + add $a_ptr,sp,#$Hsqr + add $b_ptr,sp,#$in1_x + add $r_ptr,sp,#$U2 + bl __ecp_nistz256_mul_mont @ p256_mul_mont(U2, in1_x, Hsqr); + + add $r_ptr,sp,#$Hsqr + bl __ecp_nistz256_add_self @ p256_mul_by_2(Hsqr, U2); + + add $b_ptr,sp,#$Rsqr + add $r_ptr,sp,#$res_x + bl __ecp_nistz256_sub_morf @ p256_sub(res_x, Rsqr, Hsqr); + + add $b_ptr,sp,#$Hcub + bl __ecp_nistz256_sub_from @ p256_sub(res_x, res_x, Hcub); + + add $b_ptr,sp,#$U2 + add $r_ptr,sp,#$res_y + bl __ecp_nistz256_sub_morf @ p256_sub(res_y, U2, res_x); + + add $a_ptr,sp,#$Hcub + add $b_ptr,sp,#$in1_y + add $r_ptr,sp,#$S2 + bl __ecp_nistz256_mul_mont @ p256_mul_mont(S2, in1_y, Hcub); + + add $a_ptr,sp,#$R + add $b_ptr,sp,#$res_y + add $r_ptr,sp,#$res_y + bl __ecp_nistz256_mul_mont @ p256_mul_mont(res_y, res_y, R); + + add $b_ptr,sp,#$S2 + bl __ecp_nistz256_sub_from @ p256_sub(res_y, res_y, S2); + + ldr r11,[sp,#32*15+4] @ !in1intfy + ldr r12,[sp,#32*15+8] @ !in2intfy + add r1,sp,#$res_x + add r2,sp,#$in2_x + and r10,r11,r12 + mvn r11,r11 + add r3,sp,#$in1_x + and r11,r11,r12 + mvn r12,r12 + ldr $r_ptr,[sp,#32*15] +___ +for($i=0;$i<64;$i+=8) { # conditional moves +$code.=<<___; + ldmia r1!,{r4-r5} @ res_x + ldmia r2!,{r6-r7} @ in2_x + ldmia r3!,{r8-r9} @ in1_x + and r4,r4,r10 + and r5,r5,r10 + and r6,r6,r11 + and r7,r7,r11 + and r8,r8,r12 + and r9,r9,r12 + orr r4,r4,r6 + orr r5,r5,r7 + orr r4,r4,r8 + orr r5,r5,r9 + stmia $r_ptr!,{r4-r5} +___ +} +for(;$i<96;$i+=8) { +my $j=($i-64)/4; +$code.=<<___; + ldmia r1!,{r4-r5} @ res_z + ldmia r3!,{r8-r9} @ in1_z + and r4,r4,r10 + and r5,r5,r10 + and r6,r11,#@ONE_mont[$j] + and r7,r11,#@ONE_mont[$j+1] + and r8,r8,r12 + and r9,r9,r12 + orr r4,r4,r6 + orr r5,r5,r7 + orr r4,r4,r8 + orr r5,r5,r9 + stmia $r_ptr!,{r4-r5} +___ +} +$code.=<<___; + add sp,sp,#32*15+16 @ +16 means "skip even over saved r0-r3" +#if __ARM_ARCH__>=5 || !defined(__thumb__) + ldmia sp!,{r4-r12,pc} +#else + ldmia sp!,{r4-r12,lr} + bx lr @ interoperable with Thumb ISA:-) +#endif +.size ecp_nistz256_point_add_affine,.-ecp_nistz256_point_add_affine +___ +} }}} + +foreach (split("\n",$code)) { + s/\`([^\`]*)\`/eval $1/geo; + + s/\bq([0-9]+)#(lo|hi)/sprintf "d%d",2*$1+($2 eq "hi")/geo; + + print $_,"\n"; +} +close STDOUT; # enforce flush diff --git a/src/lib/libcrypto/ec/asm/ecp_nistz256-sparcv9.pl b/src/lib/libcrypto/ec/asm/ecp_nistz256-sparcv9.pl new file mode 100644 index 00000000000..044eb457b6a --- /dev/null +++ b/src/lib/libcrypto/ec/asm/ecp_nistz256-sparcv9.pl @@ -0,0 +1,2890 @@ +#! /usr/bin/env perl +# $OpenBSD: ecp_nistz256-sparcv9.pl,v 1.1 2016/11/04 17:33:20 miod Exp $ +# +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== +# +# ECP_NISTZ256 module for SPARCv9. +# +# February 2015. +# +# Original ECP_NISTZ256 submission targeting x86_64 is detailed in +# http://eprint.iacr.org/2013/816. In the process of adaptation +# original .c module was made 32-bit savvy in order to make this +# implementation possible. +# +# with/without -DECP_NISTZ256_ASM +# UltraSPARC III +12-18% +# SPARC T4 +99-550% (+66-150% on 32-bit Solaris) +# +# Ranges denote minimum and maximum improvement coefficients depending +# on benchmark. Lower coefficients are for ECDSA sign, server-side +# operation. Keep in mind that +200% means 3x improvement. + +# Uncomment when all sparcv9 assembly generators are updated to take the output +# file as last argument... +# $output = pop; +# open STDOUT,">$output"; + +$code.=<<___; +#define STACK_FRAME 192 +#define STACK_BIAS 2047 + +#define LOCALS (STACK_BIAS+STACK_FRAME) +.register %g2,#scratch +.register %g3,#scratch +# define STACK64_FRAME STACK_FRAME +# define LOCALS64 LOCALS + +.section ".text",#alloc,#execinstr +___ + +{{{ +my ($rp,$ap,$bp)=map("%i$_",(0..2)); +my @acc=map("%l$_",(0..7)); +my ($t0,$t1,$t2,$t3,$t4,$t5,$t6,$t7)=(map("%o$_",(0..5)),"%g4","%g5"); +my ($bi,$a0,$mask,$carry)=(map("%i$_",(3..5)),"%g1"); +my ($rp_real,$ap_real)=("%g2","%g3"); + +$code.=<<___; +.align 64 +.Lone: +.long 1,0,0,0,0,0,0,0 + +! void ecp_nistz256_from_mont(BN_ULONG %i0[8],const BN_ULONG %i1[8]); +.globl ecp_nistz256_from_mont +.align 32 +ecp_nistz256_from_mont: + save %sp,-STACK_FRAME,%sp + nop +1: call .+8 + add %o7,.Lone-1b,$bp + call __ecp_nistz256_mul_mont + nop + ret + restore +.type ecp_nistz256_from_mont,#function +.size ecp_nistz256_from_mont,.-ecp_nistz256_from_mont + +! void ecp_nistz256_mul_mont(BN_ULONG %i0[8],const BN_ULONG %i1[8], +! const BN_ULONG %i2[8]); +.globl ecp_nistz256_mul_mont +.align 32 +ecp_nistz256_mul_mont: + save %sp,-STACK_FRAME,%sp + nop + call __ecp_nistz256_mul_mont + nop + ret + restore +.type ecp_nistz256_mul_mont,#function +.size ecp_nistz256_mul_mont,.-ecp_nistz256_mul_mont + +! void ecp_nistz256_sqr_mont(BN_ULONG %i0[8],const BN_ULONG %i2[8]); +.globl ecp_nistz256_sqr_mont +.align 32 +ecp_nistz256_sqr_mont: + save %sp,-STACK_FRAME,%sp + mov $ap,$bp + call __ecp_nistz256_mul_mont + nop + ret + restore +.type ecp_nistz256_sqr_mont,#function +.size ecp_nistz256_sqr_mont,.-ecp_nistz256_sqr_mont +___ + +######################################################################## +# Special thing to keep in mind is that $t0-$t7 hold 64-bit values, +# while all others are meant to keep 32. "Meant to" means that additions +# to @acc[0-7] do "contaminate" upper bits, but they are cleared before +# they can affect outcome (follow 'and' with $mask). Also keep in mind +# that addition with carry is addition with 32-bit carry, even though +# CPU is 64-bit. [Addition with 64-bit carry was introduced in T3, see +# below for VIS3 code paths.] + +$code.=<<___; +.align 32 +__ecp_nistz256_mul_mont: + ld [$bp+0],$bi ! b[0] + mov -1,$mask + ld [$ap+0],$a0 + srl $mask,0,$mask ! 0xffffffff + ld [$ap+4],$t1 + ld [$ap+8],$t2 + ld [$ap+12],$t3 + ld [$ap+16],$t4 + ld [$ap+20],$t5 + ld [$ap+24],$t6 + ld [$ap+28],$t7 + mulx $a0,$bi,$t0 ! a[0-7]*b[0], 64-bit results + mulx $t1,$bi,$t1 + mulx $t2,$bi,$t2 + mulx $t3,$bi,$t3 + mulx $t4,$bi,$t4 + mulx $t5,$bi,$t5 + mulx $t6,$bi,$t6 + mulx $t7,$bi,$t7 + srlx $t0,32,@acc[1] ! extract high parts + srlx $t1,32,@acc[2] + srlx $t2,32,@acc[3] + srlx $t3,32,@acc[4] + srlx $t4,32,@acc[5] + srlx $t5,32,@acc[6] + srlx $t6,32,@acc[7] + srlx $t7,32,@acc[0] ! "@acc[8]" + mov 0,$carry +___ +for($i=1;$i<8;$i++) { +$code.=<<___; + addcc @acc[1],$t1,@acc[1] ! accumulate high parts + ld [$bp+4*$i],$bi ! b[$i] + ld [$ap+4],$t1 ! re-load a[1-7] + addccc @acc[2],$t2,@acc[2] + addccc @acc[3],$t3,@acc[3] + ld [$ap+8],$t2 + ld [$ap+12],$t3 + addccc @acc[4],$t4,@acc[4] + addccc @acc[5],$t5,@acc[5] + ld [$ap+16],$t4 + ld [$ap+20],$t5 + addccc @acc[6],$t6,@acc[6] + addccc @acc[7],$t7,@acc[7] + ld [$ap+24],$t6 + ld [$ap+28],$t7 + addccc @acc[0],$carry,@acc[0] ! "@acc[8]" + addc %g0,%g0,$carry +___ + # Reduction iteration is normally performed by accumulating + # result of multiplication of modulus by "magic" digit [and + # omitting least significant word, which is guaranteed to + # be 0], but thanks to special form of modulus and "magic" + # digit being equal to least significant word, it can be + # performed with additions and subtractions alone. Indeed: + # + # ffff.0001.0000.0000.0000.ffff.ffff.ffff + # * abcd + # + xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.abcd + # + # Now observing that ff..ff*x = (2^n-1)*x = 2^n*x-x, we + # rewrite above as: + # + # xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.abcd + # + abcd.0000.abcd.0000.0000.abcd.0000.0000.0000 + # - abcd.0000.0000.0000.0000.0000.0000.abcd + # + # or marking redundant operations: + # + # xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.---- + # + abcd.0000.abcd.0000.0000.abcd.----.----.---- + # - abcd.----.----.----.----.----.----.---- + +$code.=<<___; + ! multiplication-less reduction + addcc @acc[3],$t0,@acc[3] ! r[3]+=r[0] + addccc @acc[4],%g0,@acc[4] ! r[4]+=0 + and @acc[1],$mask,@acc[1] + and @acc[2],$mask,@acc[2] + addccc @acc[5],%g0,@acc[5] ! r[5]+=0 + addccc @acc[6],$t0,@acc[6] ! r[6]+=r[0] + and @acc[3],$mask,@acc[3] + and @acc[4],$mask,@acc[4] + addccc @acc[7],%g0,@acc[7] ! r[7]+=0 + addccc @acc[0],$t0,@acc[0] ! r[8]+=r[0] "@acc[8]" + and @acc[5],$mask,@acc[5] + and @acc[6],$mask,@acc[6] + addc $carry,%g0,$carry ! top-most carry + subcc @acc[7],$t0,@acc[7] ! r[7]-=r[0] + subccc @acc[0],%g0,@acc[0] ! r[8]-=0 "@acc[8]" + subc $carry,%g0,$carry ! top-most carry + and @acc[7],$mask,@acc[7] + and @acc[0],$mask,@acc[0] ! "@acc[8]" +___ + push(@acc,shift(@acc)); # rotate registers to "omit" acc[0] +$code.=<<___; + mulx $a0,$bi,$t0 ! a[0-7]*b[$i], 64-bit results + mulx $t1,$bi,$t1 + mulx $t2,$bi,$t2 + mulx $t3,$bi,$t3 + mulx $t4,$bi,$t4 + mulx $t5,$bi,$t5 + mulx $t6,$bi,$t6 + mulx $t7,$bi,$t7 + add @acc[0],$t0,$t0 ! accumulate low parts, can't overflow + add @acc[1],$t1,$t1 + srlx $t0,32,@acc[1] ! extract high parts + add @acc[2],$t2,$t2 + srlx $t1,32,@acc[2] + add @acc[3],$t3,$t3 + srlx $t2,32,@acc[3] + add @acc[4],$t4,$t4 + srlx $t3,32,@acc[4] + add @acc[5],$t5,$t5 + srlx $t4,32,@acc[5] + add @acc[6],$t6,$t6 + srlx $t5,32,@acc[6] + add @acc[7],$t7,$t7 + srlx $t6,32,@acc[7] + srlx $t7,32,@acc[0] ! "@acc[8]" +___ +} +$code.=<<___; + addcc @acc[1],$t1,@acc[1] ! accumulate high parts + addccc @acc[2],$t2,@acc[2] + addccc @acc[3],$t3,@acc[3] + addccc @acc[4],$t4,@acc[4] + addccc @acc[5],$t5,@acc[5] + addccc @acc[6],$t6,@acc[6] + addccc @acc[7],$t7,@acc[7] + addccc @acc[0],$carry,@acc[0] ! "@acc[8]" + addc %g0,%g0,$carry + + addcc @acc[3],$t0,@acc[3] ! multiplication-less reduction + addccc @acc[4],%g0,@acc[4] + addccc @acc[5],%g0,@acc[5] + addccc @acc[6],$t0,@acc[6] + addccc @acc[7],%g0,@acc[7] + addccc @acc[0],$t0,@acc[0] ! "@acc[8]" + addc $carry,%g0,$carry + subcc @acc[7],$t0,@acc[7] + subccc @acc[0],%g0,@acc[0] ! "@acc[8]" + subc $carry,%g0,$carry ! top-most carry +___ + push(@acc,shift(@acc)); # rotate registers to omit acc[0] +$code.=<<___; + ! Final step is "if result > mod, subtract mod", but we do it + ! "other way around", namely subtract modulus from result + ! and if it borrowed, add modulus back. + + subcc @acc[0],-1,@acc[0] ! subtract modulus + subccc @acc[1],-1,@acc[1] + subccc @acc[2],-1,@acc[2] + subccc @acc[3],0,@acc[3] + subccc @acc[4],0,@acc[4] + subccc @acc[5],0,@acc[5] + subccc @acc[6],1,@acc[6] + subccc @acc[7],-1,@acc[7] + subc $carry,0,$carry ! broadcast borrow bit + + ! Note that because mod has special form, i.e. consists of + ! 0xffffffff, 1 and 0s, we can conditionally synthesize it by + ! using value of broadcasted borrow and the borrow bit itself. + ! To minimize dependency chain we first broadcast and then + ! extract the bit by negating (follow $bi). + + addcc @acc[0],$carry,@acc[0] ! add modulus or zero + addccc @acc[1],$carry,@acc[1] + neg $carry,$bi + st @acc[0],[$rp] + addccc @acc[2],$carry,@acc[2] + st @acc[1],[$rp+4] + addccc @acc[3],0,@acc[3] + st @acc[2],[$rp+8] + addccc @acc[4],0,@acc[4] + st @acc[3],[$rp+12] + addccc @acc[5],0,@acc[5] + st @acc[4],[$rp+16] + addccc @acc[6],$bi,@acc[6] + st @acc[5],[$rp+20] + addc @acc[7],$carry,@acc[7] + st @acc[6],[$rp+24] + retl + st @acc[7],[$rp+28] +.type __ecp_nistz256_mul_mont,#function +.size __ecp_nistz256_mul_mont,.-__ecp_nistz256_mul_mont + +! void ecp_nistz256_add(BN_ULONG %i0[8],const BN_ULONG %i1[8], +! const BN_ULONG %i2[8]); +.globl ecp_nistz256_add +.align 32 +ecp_nistz256_add: + save %sp,-STACK_FRAME,%sp + ld [$ap],@acc[0] + ld [$ap+4],@acc[1] + ld [$ap+8],@acc[2] + ld [$ap+12],@acc[3] + ld [$ap+16],@acc[4] + ld [$ap+20],@acc[5] + ld [$ap+24],@acc[6] + call __ecp_nistz256_add + ld [$ap+28],@acc[7] + ret + restore +.type ecp_nistz256_add,#function +.size ecp_nistz256_add,.-ecp_nistz256_add + +.align 32 +__ecp_nistz256_add: + ld [$bp+0],$t0 ! b[0] + ld [$bp+4],$t1 + ld [$bp+8],$t2 + ld [$bp+12],$t3 + addcc @acc[0],$t0,@acc[0] + ld [$bp+16],$t4 + ld [$bp+20],$t5 + addccc @acc[1],$t1,@acc[1] + ld [$bp+24],$t6 + ld [$bp+28],$t7 + addccc @acc[2],$t2,@acc[2] + addccc @acc[3],$t3,@acc[3] + addccc @acc[4],$t4,@acc[4] + addccc @acc[5],$t5,@acc[5] + addccc @acc[6],$t6,@acc[6] + addccc @acc[7],$t7,@acc[7] + addc %g0,%g0,$carry + +.Lreduce_by_sub: + + ! if a+b >= modulus, subtract modulus. + ! + ! But since comparison implies subtraction, we subtract + ! modulus and then add it back if subraction borrowed. + + subcc @acc[0],-1,@acc[0] + subccc @acc[1],-1,@acc[1] + subccc @acc[2],-1,@acc[2] + subccc @acc[3], 0,@acc[3] + subccc @acc[4], 0,@acc[4] + subccc @acc[5], 0,@acc[5] + subccc @acc[6], 1,@acc[6] + subccc @acc[7],-1,@acc[7] + subc $carry,0,$carry + + ! Note that because mod has special form, i.e. consists of + ! 0xffffffff, 1 and 0s, we can conditionally synthesize it by + ! using value of borrow and its negative. + + addcc @acc[0],$carry,@acc[0] ! add synthesized modulus + addccc @acc[1],$carry,@acc[1] + neg $carry,$bi + st @acc[0],[$rp] + addccc @acc[2],$carry,@acc[2] + st @acc[1],[$rp+4] + addccc @acc[3],0,@acc[3] + st @acc[2],[$rp+8] + addccc @acc[4],0,@acc[4] + st @acc[3],[$rp+12] + addccc @acc[5],0,@acc[5] + st @acc[4],[$rp+16] + addccc @acc[6],$bi,@acc[6] + st @acc[5],[$rp+20] + addc @acc[7],$carry,@acc[7] + st @acc[6],[$rp+24] + retl + st @acc[7],[$rp+28] +.type __ecp_nistz256_add,#function +.size __ecp_nistz256_add,.-__ecp_nistz256_add + +! void ecp_nistz256_mul_by_2(BN_ULONG %i0[8],const BN_ULONG %i1[8]); +.globl ecp_nistz256_mul_by_2 +.align 32 +ecp_nistz256_mul_by_2: + save %sp,-STACK_FRAME,%sp + ld [$ap],@acc[0] + ld [$ap+4],@acc[1] + ld [$ap+8],@acc[2] + ld [$ap+12],@acc[3] + ld [$ap+16],@acc[4] + ld [$ap+20],@acc[5] + ld [$ap+24],@acc[6] + call __ecp_nistz256_mul_by_2 + ld [$ap+28],@acc[7] + ret + restore +.type ecp_nistz256_mul_by_2,#function +.size ecp_nistz256_mul_by_2,.-ecp_nistz256_mul_by_2 + +.align 32 +__ecp_nistz256_mul_by_2: + addcc @acc[0],@acc[0],@acc[0] ! a+a=2*a + addccc @acc[1],@acc[1],@acc[1] + addccc @acc[2],@acc[2],@acc[2] + addccc @acc[3],@acc[3],@acc[3] + addccc @acc[4],@acc[4],@acc[4] + addccc @acc[5],@acc[5],@acc[5] + addccc @acc[6],@acc[6],@acc[6] + addccc @acc[7],@acc[7],@acc[7] + b .Lreduce_by_sub + addc %g0,%g0,$carry +.type __ecp_nistz256_mul_by_2,#function +.size __ecp_nistz256_mul_by_2,.-__ecp_nistz256_mul_by_2 + +! void ecp_nistz256_mul_by_3(BN_ULONG %i0[8],const BN_ULONG %i1[8]); +.globl ecp_nistz256_mul_by_3 +.align 32 +ecp_nistz256_mul_by_3: + save %sp,-STACK_FRAME,%sp + ld [$ap],@acc[0] + ld [$ap+4],@acc[1] + ld [$ap+8],@acc[2] + ld [$ap+12],@acc[3] + ld [$ap+16],@acc[4] + ld [$ap+20],@acc[5] + ld [$ap+24],@acc[6] + call __ecp_nistz256_mul_by_3 + ld [$ap+28],@acc[7] + ret + restore +.type ecp_nistz256_mul_by_3,#function +.size ecp_nistz256_mul_by_3,.-ecp_nistz256_mul_by_3 + +.align 32 +__ecp_nistz256_mul_by_3: + addcc @acc[0],@acc[0],$t0 ! a+a=2*a + addccc @acc[1],@acc[1],$t1 + addccc @acc[2],@acc[2],$t2 + addccc @acc[3],@acc[3],$t3 + addccc @acc[4],@acc[4],$t4 + addccc @acc[5],@acc[5],$t5 + addccc @acc[6],@acc[6],$t6 + addccc @acc[7],@acc[7],$t7 + addc %g0,%g0,$carry + + subcc $t0,-1,$t0 ! .Lreduce_by_sub but without stores + subccc $t1,-1,$t1 + subccc $t2,-1,$t2 + subccc $t3, 0,$t3 + subccc $t4, 0,$t4 + subccc $t5, 0,$t5 + subccc $t6, 1,$t6 + subccc $t7,-1,$t7 + subc $carry,0,$carry + + addcc $t0,$carry,$t0 ! add synthesized modulus + addccc $t1,$carry,$t1 + neg $carry,$bi + addccc $t2,$carry,$t2 + addccc $t3,0,$t3 + addccc $t4,0,$t4 + addccc $t5,0,$t5 + addccc $t6,$bi,$t6 + addc $t7,$carry,$t7 + + addcc $t0,@acc[0],@acc[0] ! 2*a+a=3*a + addccc $t1,@acc[1],@acc[1] + addccc $t2,@acc[2],@acc[2] + addccc $t3,@acc[3],@acc[3] + addccc $t4,@acc[4],@acc[4] + addccc $t5,@acc[5],@acc[5] + addccc $t6,@acc[6],@acc[6] + addccc $t7,@acc[7],@acc[7] + b .Lreduce_by_sub + addc %g0,%g0,$carry +.type __ecp_nistz256_mul_by_3,#function +.size __ecp_nistz256_mul_by_3,.-__ecp_nistz256_mul_by_3 + +! void ecp_nistz256_neg(BN_ULONG %i0[8],const BN_ULONG %i1[8]); +.globl ecp_nistz256_neg +.align 32 +ecp_nistz256_neg: + save %sp,-STACK_FRAME,%sp + mov $ap,$bp + mov 0,@acc[0] + mov 0,@acc[1] + mov 0,@acc[2] + mov 0,@acc[3] + mov 0,@acc[4] + mov 0,@acc[5] + mov 0,@acc[6] + call __ecp_nistz256_sub_from + mov 0,@acc[7] + ret + restore +.type ecp_nistz256_neg,#function +.size ecp_nistz256_neg,.-ecp_nistz256_neg + +.align 32 +__ecp_nistz256_sub_from: + ld [$bp+0],$t0 ! b[0] + ld [$bp+4],$t1 + ld [$bp+8],$t2 + ld [$bp+12],$t3 + subcc @acc[0],$t0,@acc[0] + ld [$bp+16],$t4 + ld [$bp+20],$t5 + subccc @acc[1],$t1,@acc[1] + subccc @acc[2],$t2,@acc[2] + ld [$bp+24],$t6 + ld [$bp+28],$t7 + subccc @acc[3],$t3,@acc[3] + subccc @acc[4],$t4,@acc[4] + subccc @acc[5],$t5,@acc[5] + subccc @acc[6],$t6,@acc[6] + subccc @acc[7],$t7,@acc[7] + subc %g0,%g0,$carry ! broadcast borrow bit + +.Lreduce_by_add: + + ! if a-b borrows, add modulus. + ! + ! Note that because mod has special form, i.e. consists of + ! 0xffffffff, 1 and 0s, we can conditionally synthesize it by + ! using value of broadcasted borrow and the borrow bit itself. + ! To minimize dependency chain we first broadcast and then + ! extract the bit by negating (follow $bi). + + addcc @acc[0],$carry,@acc[0] ! add synthesized modulus + addccc @acc[1],$carry,@acc[1] + neg $carry,$bi + st @acc[0],[$rp] + addccc @acc[2],$carry,@acc[2] + st @acc[1],[$rp+4] + addccc @acc[3],0,@acc[3] + st @acc[2],[$rp+8] + addccc @acc[4],0,@acc[4] + st @acc[3],[$rp+12] + addccc @acc[5],0,@acc[5] + st @acc[4],[$rp+16] + addccc @acc[6],$bi,@acc[6] + st @acc[5],[$rp+20] + addc @acc[7],$carry,@acc[7] + st @acc[6],[$rp+24] + retl + st @acc[7],[$rp+28] +.type __ecp_nistz256_sub_from,#function +.size __ecp_nistz256_sub_from,.-__ecp_nistz256_sub_from + +.align 32 +__ecp_nistz256_sub_morf: + ld [$bp+0],$t0 ! b[0] + ld [$bp+4],$t1 + ld [$bp+8],$t2 + ld [$bp+12],$t3 + subcc $t0,@acc[0],@acc[0] + ld [$bp+16],$t4 + ld [$bp+20],$t5 + subccc $t1,@acc[1],@acc[1] + subccc $t2,@acc[2],@acc[2] + ld [$bp+24],$t6 + ld [$bp+28],$t7 + subccc $t3,@acc[3],@acc[3] + subccc $t4,@acc[4],@acc[4] + subccc $t5,@acc[5],@acc[5] + subccc $t6,@acc[6],@acc[6] + subccc $t7,@acc[7],@acc[7] + b .Lreduce_by_add + subc %g0,%g0,$carry ! broadcast borrow bit +.type __ecp_nistz256_sub_morf,#function +.size __ecp_nistz256_sub_morf,.-__ecp_nistz256_sub_morf + +! void ecp_nistz256_div_by_2(BN_ULONG %i0[8],const BN_ULONG %i1[8]); +.globl ecp_nistz256_div_by_2 +.align 32 +ecp_nistz256_div_by_2: + save %sp,-STACK_FRAME,%sp + ld [$ap],@acc[0] + ld [$ap+4],@acc[1] + ld [$ap+8],@acc[2] + ld [$ap+12],@acc[3] + ld [$ap+16],@acc[4] + ld [$ap+20],@acc[5] + ld [$ap+24],@acc[6] + call __ecp_nistz256_div_by_2 + ld [$ap+28],@acc[7] + ret + restore +.type ecp_nistz256_div_by_2,#function +.size ecp_nistz256_div_by_2,.-ecp_nistz256_div_by_2 + +.align 32 +__ecp_nistz256_div_by_2: + ! ret = (a is odd ? a+mod : a) >> 1 + + and @acc[0],1,$bi + neg $bi,$carry + addcc @acc[0],$carry,@acc[0] + addccc @acc[1],$carry,@acc[1] + addccc @acc[2],$carry,@acc[2] + addccc @acc[3],0,@acc[3] + addccc @acc[4],0,@acc[4] + addccc @acc[5],0,@acc[5] + addccc @acc[6],$bi,@acc[6] + addccc @acc[7],$carry,@acc[7] + addc %g0,%g0,$carry + + ! ret >>= 1 + + srl @acc[0],1,@acc[0] + sll @acc[1],31,$t0 + srl @acc[1],1,@acc[1] + or @acc[0],$t0,@acc[0] + sll @acc[2],31,$t1 + srl @acc[2],1,@acc[2] + or @acc[1],$t1,@acc[1] + sll @acc[3],31,$t2 + st @acc[0],[$rp] + srl @acc[3],1,@acc[3] + or @acc[2],$t2,@acc[2] + sll @acc[4],31,$t3 + st @acc[1],[$rp+4] + srl @acc[4],1,@acc[4] + or @acc[3],$t3,@acc[3] + sll @acc[5],31,$t4 + st @acc[2],[$rp+8] + srl @acc[5],1,@acc[5] + or @acc[4],$t4,@acc[4] + sll @acc[6],31,$t5 + st @acc[3],[$rp+12] + srl @acc[6],1,@acc[6] + or @acc[5],$t5,@acc[5] + sll @acc[7],31,$t6 + st @acc[4],[$rp+16] + srl @acc[7],1,@acc[7] + or @acc[6],$t6,@acc[6] + sll $carry,31,$t7 + st @acc[5],[$rp+20] + or @acc[7],$t7,@acc[7] + st @acc[6],[$rp+24] + retl + st @acc[7],[$rp+28] +.type __ecp_nistz256_div_by_2,#function +.size __ecp_nistz256_div_by_2,.-__ecp_nistz256_div_by_2 +___ + +######################################################################## +# following subroutines are "literal" implementation of those found in +# ecp_nistz256.c +# +######################################################################## +# void ecp_nistz256_point_double(P256_POINT *out,const P256_POINT *inp); +# +{ +my ($S,$M,$Zsqr,$tmp0)=map(32*$_,(0..3)); +# above map() describes stack layout with 4 temporary +# 256-bit vectors on top. + +$code.=<<___; +#if 0 +#ifdef __PIC__ +SPARC_PIC_THUNK(%g1) +#endif +#endif + +.globl ecp_nistz256_point_double +.align 32 +ecp_nistz256_point_double: +#if 0 + SPARC_LOAD_ADDRESS_LEAF(OPENSSL_sparcv9cap_P,%g1,%g5) + ld [%g1],%g1 ! OPENSSL_sparcv9cap_P[0] + and %g1,(SPARCV9_VIS3|SPARCV9_64BIT_STACK),%g1 + cmp %g1,(SPARCV9_VIS3|SPARCV9_64BIT_STACK) + be ecp_nistz256_point_double_vis3 + nop +#endif + + save %sp,-STACK_FRAME-32*4,%sp + + mov $rp,$rp_real + mov $ap,$ap_real + +.Lpoint_double_shortcut: + ld [$ap+32],@acc[0] + ld [$ap+32+4],@acc[1] + ld [$ap+32+8],@acc[2] + ld [$ap+32+12],@acc[3] + ld [$ap+32+16],@acc[4] + ld [$ap+32+20],@acc[5] + ld [$ap+32+24],@acc[6] + ld [$ap+32+28],@acc[7] + call __ecp_nistz256_mul_by_2 ! p256_mul_by_2(S, in_y); + add %sp,LOCALS+$S,$rp + + add $ap_real,64,$bp + add $ap_real,64,$ap + call __ecp_nistz256_mul_mont ! p256_sqr_mont(Zsqr, in_z); + add %sp,LOCALS+$Zsqr,$rp + + add $ap_real,0,$bp + call __ecp_nistz256_add ! p256_add(M, Zsqr, in_x); + add %sp,LOCALS+$M,$rp + + add %sp,LOCALS+$S,$bp + add %sp,LOCALS+$S,$ap + call __ecp_nistz256_mul_mont ! p256_sqr_mont(S, S); + add %sp,LOCALS+$S,$rp + + ld [$ap_real],@acc[0] + add %sp,LOCALS+$Zsqr,$bp + ld [$ap_real+4],@acc[1] + ld [$ap_real+8],@acc[2] + ld [$ap_real+12],@acc[3] + ld [$ap_real+16],@acc[4] + ld [$ap_real+20],@acc[5] + ld [$ap_real+24],@acc[6] + ld [$ap_real+28],@acc[7] + call __ecp_nistz256_sub_from ! p256_sub(Zsqr, in_x, Zsqr); + add %sp,LOCALS+$Zsqr,$rp + + add $ap_real,32,$bp + add $ap_real,64,$ap + call __ecp_nistz256_mul_mont ! p256_mul_mont(tmp0, in_z, in_y); + add %sp,LOCALS+$tmp0,$rp + + call __ecp_nistz256_mul_by_2 ! p256_mul_by_2(res_z, tmp0); + add $rp_real,64,$rp + + add %sp,LOCALS+$Zsqr,$bp + add %sp,LOCALS+$M,$ap + call __ecp_nistz256_mul_mont ! p256_mul_mont(M, M, Zsqr); + add %sp,LOCALS+$M,$rp + + call __ecp_nistz256_mul_by_3 ! p256_mul_by_3(M, M); + add %sp,LOCALS+$M,$rp + + add %sp,LOCALS+$S,$bp + add %sp,LOCALS+$S,$ap + call __ecp_nistz256_mul_mont ! p256_sqr_mont(tmp0, S); + add %sp,LOCALS+$tmp0,$rp + + call __ecp_nistz256_div_by_2 ! p256_div_by_2(res_y, tmp0); + add $rp_real,32,$rp + + add $ap_real,0,$bp + add %sp,LOCALS+$S,$ap + call __ecp_nistz256_mul_mont ! p256_mul_mont(S, S, in_x); + add %sp,LOCALS+$S,$rp + + call __ecp_nistz256_mul_by_2 ! p256_mul_by_2(tmp0, S); + add %sp,LOCALS+$tmp0,$rp + + add %sp,LOCALS+$M,$bp + add %sp,LOCALS+$M,$ap + call __ecp_nistz256_mul_mont ! p256_sqr_mont(res_x, M); + add $rp_real,0,$rp + + add %sp,LOCALS+$tmp0,$bp + call __ecp_nistz256_sub_from ! p256_sub(res_x, res_x, tmp0); + add $rp_real,0,$rp + + add %sp,LOCALS+$S,$bp + call __ecp_nistz256_sub_morf ! p256_sub(S, S, res_x); + add %sp,LOCALS+$S,$rp + + add %sp,LOCALS+$M,$bp + add %sp,LOCALS+$S,$ap + call __ecp_nistz256_mul_mont ! p256_mul_mont(S, S, M); + add %sp,LOCALS+$S,$rp + + add $rp_real,32,$bp + call __ecp_nistz256_sub_from ! p256_sub(res_y, S, res_y); + add $rp_real,32,$rp + + ret + restore +.type ecp_nistz256_point_double,#function +.size ecp_nistz256_point_double,.-ecp_nistz256_point_double +___ +} + +######################################################################## +# void ecp_nistz256_point_add(P256_POINT *out,const P256_POINT *in1, +# const P256_POINT *in2); +{ +my ($res_x,$res_y,$res_z, + $H,$Hsqr,$R,$Rsqr,$Hcub, + $U1,$U2,$S1,$S2)=map(32*$_,(0..11)); +my ($Z1sqr, $Z2sqr) = ($Hsqr, $Rsqr); + +# above map() describes stack layout with 12 temporary +# 256-bit vectors on top. Then we reserve some space for +# !in1infty, !in2infty, result of check for zero and return pointer. + +my $bp_real=$rp_real; + +$code.=<<___; +.globl ecp_nistz256_point_add +.align 32 +ecp_nistz256_point_add: +#if 0 + SPARC_LOAD_ADDRESS_LEAF(OPENSSL_sparcv9cap_P,%g1,%g5) + ld [%g1],%g1 ! OPENSSL_sparcv9cap_P[0] + and %g1,(SPARCV9_VIS3|SPARCV9_64BIT_STACK),%g1 + cmp %g1,(SPARCV9_VIS3|SPARCV9_64BIT_STACK) + be ecp_nistz256_point_add_vis3 + nop +#endif + + save %sp,-STACK_FRAME-32*12-32,%sp + + stx $rp,[%fp+STACK_BIAS-8] ! off-load $rp + mov $ap,$ap_real + mov $bp,$bp_real + + ld [$bp+64],$t0 ! in2_z + ld [$bp+64+4],$t1 + ld [$bp+64+8],$t2 + ld [$bp+64+12],$t3 + ld [$bp+64+16],$t4 + ld [$bp+64+20],$t5 + ld [$bp+64+24],$t6 + ld [$bp+64+28],$t7 + or $t1,$t0,$t0 + or $t3,$t2,$t2 + or $t5,$t4,$t4 + or $t7,$t6,$t6 + or $t2,$t0,$t0 + or $t6,$t4,$t4 + or $t4,$t0,$t0 ! !in2infty + movrnz $t0,-1,$t0 + st $t0,[%fp+STACK_BIAS-12] + + ld [$ap+64],$t0 ! in1_z + ld [$ap+64+4],$t1 + ld [$ap+64+8],$t2 + ld [$ap+64+12],$t3 + ld [$ap+64+16],$t4 + ld [$ap+64+20],$t5 + ld [$ap+64+24],$t6 + ld [$ap+64+28],$t7 + or $t1,$t0,$t0 + or $t3,$t2,$t2 + or $t5,$t4,$t4 + or $t7,$t6,$t6 + or $t2,$t0,$t0 + or $t6,$t4,$t4 + or $t4,$t0,$t0 ! !in1infty + movrnz $t0,-1,$t0 + st $t0,[%fp+STACK_BIAS-16] + + add $bp_real,64,$bp + add $bp_real,64,$ap + call __ecp_nistz256_mul_mont ! p256_sqr_mont(Z2sqr, in2_z); + add %sp,LOCALS+$Z2sqr,$rp + + add $ap_real,64,$bp + add $ap_real,64,$ap + call __ecp_nistz256_mul_mont ! p256_sqr_mont(Z1sqr, in1_z); + add %sp,LOCALS+$Z1sqr,$rp + + add $bp_real,64,$bp + add %sp,LOCALS+$Z2sqr,$ap + call __ecp_nistz256_mul_mont ! p256_mul_mont(S1, Z2sqr, in2_z); + add %sp,LOCALS+$S1,$rp + + add $ap_real,64,$bp + add %sp,LOCALS+$Z1sqr,$ap + call __ecp_nistz256_mul_mont ! p256_mul_mont(S2, Z1sqr, in1_z); + add %sp,LOCALS+$S2,$rp + + add $ap_real,32,$bp + add %sp,LOCALS+$S1,$ap + call __ecp_nistz256_mul_mont ! p256_mul_mont(S1, S1, in1_y); + add %sp,LOCALS+$S1,$rp + + add $bp_real,32,$bp + add %sp,LOCALS+$S2,$ap + call __ecp_nistz256_mul_mont ! p256_mul_mont(S2, S2, in2_y); + add %sp,LOCALS+$S2,$rp + + add %sp,LOCALS+$S1,$bp + call __ecp_nistz256_sub_from ! p256_sub(R, S2, S1); + add %sp,LOCALS+$R,$rp + + or @acc[1],@acc[0],@acc[0] ! see if result is zero + or @acc[3],@acc[2],@acc[2] + or @acc[5],@acc[4],@acc[4] + or @acc[7],@acc[6],@acc[6] + or @acc[2],@acc[0],@acc[0] + or @acc[6],@acc[4],@acc[4] + or @acc[4],@acc[0],@acc[0] + st @acc[0],[%fp+STACK_BIAS-20] + + add $ap_real,0,$bp + add %sp,LOCALS+$Z2sqr,$ap + call __ecp_nistz256_mul_mont ! p256_mul_mont(U1, in1_x, Z2sqr); + add %sp,LOCALS+$U1,$rp + + add $bp_real,0,$bp + add %sp,LOCALS+$Z1sqr,$ap + call __ecp_nistz256_mul_mont ! p256_mul_mont(U2, in2_x, Z1sqr); + add %sp,LOCALS+$U2,$rp + + add %sp,LOCALS+$U1,$bp + call __ecp_nistz256_sub_from ! p256_sub(H, U2, U1); + add %sp,LOCALS+$H,$rp + + or @acc[1],@acc[0],@acc[0] ! see if result is zero + or @acc[3],@acc[2],@acc[2] + or @acc[5],@acc[4],@acc[4] + or @acc[7],@acc[6],@acc[6] + or @acc[2],@acc[0],@acc[0] + or @acc[6],@acc[4],@acc[4] + orcc @acc[4],@acc[0],@acc[0] + + bne,pt %icc,.Ladd_proceed ! is_equal(U1,U2)? + nop + + ld [%fp+STACK_BIAS-12],$t0 + ld [%fp+STACK_BIAS-16],$t1 + ld [%fp+STACK_BIAS-20],$t2 + andcc $t0,$t1,%g0 + be,pt %icc,.Ladd_proceed ! (in1infty || in2infty)? + nop + andcc $t2,$t2,%g0 + be,pt %icc,.Ladd_double ! is_equal(S1,S2)? + nop + + ldx [%fp+STACK_BIAS-8],$rp + st %g0,[$rp] + st %g0,[$rp+4] + st %g0,[$rp+8] + st %g0,[$rp+12] + st %g0,[$rp+16] + st %g0,[$rp+20] + st %g0,[$rp+24] + st %g0,[$rp+28] + st %g0,[$rp+32] + st %g0,[$rp+32+4] + st %g0,[$rp+32+8] + st %g0,[$rp+32+12] + st %g0,[$rp+32+16] + st %g0,[$rp+32+20] + st %g0,[$rp+32+24] + st %g0,[$rp+32+28] + st %g0,[$rp+64] + st %g0,[$rp+64+4] + st %g0,[$rp+64+8] + st %g0,[$rp+64+12] + st %g0,[$rp+64+16] + st %g0,[$rp+64+20] + st %g0,[$rp+64+24] + st %g0,[$rp+64+28] + b .Ladd_done + nop + +.align 16 +.Ladd_double: + ldx [%fp+STACK_BIAS-8],$rp_real + mov $ap_real,$ap + b .Lpoint_double_shortcut + add %sp,32*(12-4)+32,%sp ! difference in frame sizes + +.align 16 +.Ladd_proceed: + add %sp,LOCALS+$R,$bp + add %sp,LOCALS+$R,$ap + call __ecp_nistz256_mul_mont ! p256_sqr_mont(Rsqr, R); + add %sp,LOCALS+$Rsqr,$rp + + add $ap_real,64,$bp + add %sp,LOCALS+$H,$ap + call __ecp_nistz256_mul_mont ! p256_mul_mont(res_z, H, in1_z); + add %sp,LOCALS+$res_z,$rp + + add %sp,LOCALS+$H,$bp + add %sp,LOCALS+$H,$ap + call __ecp_nistz256_mul_mont ! p256_sqr_mont(Hsqr, H); + add %sp,LOCALS+$Hsqr,$rp + + add $bp_real,64,$bp + add %sp,LOCALS+$res_z,$ap + call __ecp_nistz256_mul_mont ! p256_mul_mont(res_z, res_z, in2_z); + add %sp,LOCALS+$res_z,$rp + + add %sp,LOCALS+$H,$bp + add %sp,LOCALS+$Hsqr,$ap + call __ecp_nistz256_mul_mont ! p256_mul_mont(Hcub, Hsqr, H); + add %sp,LOCALS+$Hcub,$rp + + add %sp,LOCALS+$U1,$bp + add %sp,LOCALS+$Hsqr,$ap + call __ecp_nistz256_mul_mont ! p256_mul_mont(U2, U1, Hsqr); + add %sp,LOCALS+$U2,$rp + + call __ecp_nistz256_mul_by_2 ! p256_mul_by_2(Hsqr, U2); + add %sp,LOCALS+$Hsqr,$rp + + add %sp,LOCALS+$Rsqr,$bp + call __ecp_nistz256_sub_morf ! p256_sub(res_x, Rsqr, Hsqr); + add %sp,LOCALS+$res_x,$rp + + add %sp,LOCALS+$Hcub,$bp + call __ecp_nistz256_sub_from ! p256_sub(res_x, res_x, Hcub); + add %sp,LOCALS+$res_x,$rp + + add %sp,LOCALS+$U2,$bp + call __ecp_nistz256_sub_morf ! p256_sub(res_y, U2, res_x); + add %sp,LOCALS+$res_y,$rp + + add %sp,LOCALS+$Hcub,$bp + add %sp,LOCALS+$S1,$ap + call __ecp_nistz256_mul_mont ! p256_mul_mont(S2, S1, Hcub); + add %sp,LOCALS+$S2,$rp + + add %sp,LOCALS+$R,$bp + add %sp,LOCALS+$res_y,$ap + call __ecp_nistz256_mul_mont ! p256_mul_mont(res_y, res_y, R); + add %sp,LOCALS+$res_y,$rp + + add %sp,LOCALS+$S2,$bp + call __ecp_nistz256_sub_from ! p256_sub(res_y, res_y, S2); + add %sp,LOCALS+$res_y,$rp + + ld [%fp+STACK_BIAS-16],$t1 ! !in1infty + ld [%fp+STACK_BIAS-12],$t2 ! !in2infty + ldx [%fp+STACK_BIAS-8],$rp +___ +for($i=0;$i<96;$i+=8) { # conditional moves +$code.=<<___; + ld [%sp+LOCALS+$i],@acc[0] ! res + ld [%sp+LOCALS+$i+4],@acc[1] + ld [$bp_real+$i],@acc[2] ! in2 + ld [$bp_real+$i+4],@acc[3] + ld [$ap_real+$i],@acc[4] ! in1 + ld [$ap_real+$i+4],@acc[5] + movrz $t1,@acc[2],@acc[0] + movrz $t1,@acc[3],@acc[1] + movrz $t2,@acc[4],@acc[0] + movrz $t2,@acc[5],@acc[1] + st @acc[0],[$rp+$i] + st @acc[1],[$rp+$i+4] +___ +} +$code.=<<___; +.Ladd_done: + ret + restore +.type ecp_nistz256_point_add,#function +.size ecp_nistz256_point_add,.-ecp_nistz256_point_add +___ +} + +######################################################################## +# void ecp_nistz256_point_add_affine(P256_POINT *out,const P256_POINT *in1, +# const P256_POINT_AFFINE *in2); +{ +my ($res_x,$res_y,$res_z, + $U2,$S2,$H,$R,$Hsqr,$Hcub,$Rsqr)=map(32*$_,(0..9)); +my $Z1sqr = $S2; +# above map() describes stack layout with 10 temporary +# 256-bit vectors on top. Then we reserve some space for +# !in1infty, !in2infty, result of check for zero and return pointer. + +my @ONE_mont=(1,0,0,-1,-1,-1,-2,0); +my $bp_real=$rp_real; + +$code.=<<___; +.globl ecp_nistz256_point_add_affine +.align 32 +ecp_nistz256_point_add_affine: +#if 0 + SPARC_LOAD_ADDRESS_LEAF(OPENSSL_sparcv9cap_P,%g1,%g5) + ld [%g1],%g1 ! OPENSSL_sparcv9cap_P[0] + and %g1,(SPARCV9_VIS3|SPARCV9_64BIT_STACK),%g1 + cmp %g1,(SPARCV9_VIS3|SPARCV9_64BIT_STACK) + be ecp_nistz256_point_add_affine_vis3 + nop +#endif + + save %sp,-STACK_FRAME-32*10-32,%sp + + stx $rp,[%fp+STACK_BIAS-8] ! off-load $rp + mov $ap,$ap_real + mov $bp,$bp_real + + ld [$ap+64],$t0 ! in1_z + ld [$ap+64+4],$t1 + ld [$ap+64+8],$t2 + ld [$ap+64+12],$t3 + ld [$ap+64+16],$t4 + ld [$ap+64+20],$t5 + ld [$ap+64+24],$t6 + ld [$ap+64+28],$t7 + or $t1,$t0,$t0 + or $t3,$t2,$t2 + or $t5,$t4,$t4 + or $t7,$t6,$t6 + or $t2,$t0,$t0 + or $t6,$t4,$t4 + or $t4,$t0,$t0 ! !in1infty + movrnz $t0,-1,$t0 + st $t0,[%fp+STACK_BIAS-16] + + ld [$bp],@acc[0] ! in2_x + ld [$bp+4],@acc[1] + ld [$bp+8],@acc[2] + ld [$bp+12],@acc[3] + ld [$bp+16],@acc[4] + ld [$bp+20],@acc[5] + ld [$bp+24],@acc[6] + ld [$bp+28],@acc[7] + ld [$bp+32],$t0 ! in2_y + ld [$bp+32+4],$t1 + ld [$bp+32+8],$t2 + ld [$bp+32+12],$t3 + ld [$bp+32+16],$t4 + ld [$bp+32+20],$t5 + ld [$bp+32+24],$t6 + ld [$bp+32+28],$t7 + or @acc[1],@acc[0],@acc[0] + or @acc[3],@acc[2],@acc[2] + or @acc[5],@acc[4],@acc[4] + or @acc[7],@acc[6],@acc[6] + or @acc[2],@acc[0],@acc[0] + or @acc[6],@acc[4],@acc[4] + or @acc[4],@acc[0],@acc[0] + or $t1,$t0,$t0 + or $t3,$t2,$t2 + or $t5,$t4,$t4 + or $t7,$t6,$t6 + or $t2,$t0,$t0 + or $t6,$t4,$t4 + or $t4,$t0,$t0 + or @acc[0],$t0,$t0 ! !in2infty + movrnz $t0,-1,$t0 + st $t0,[%fp+STACK_BIAS-12] + + add $ap_real,64,$bp + add $ap_real,64,$ap + call __ecp_nistz256_mul_mont ! p256_sqr_mont(Z1sqr, in1_z); + add %sp,LOCALS+$Z1sqr,$rp + + add $bp_real,0,$bp + add %sp,LOCALS+$Z1sqr,$ap + call __ecp_nistz256_mul_mont ! p256_mul_mont(U2, Z1sqr, in2_x); + add %sp,LOCALS+$U2,$rp + + add $ap_real,0,$bp + call __ecp_nistz256_sub_from ! p256_sub(H, U2, in1_x); + add %sp,LOCALS+$H,$rp + + add $ap_real,64,$bp + add %sp,LOCALS+$Z1sqr,$ap + call __ecp_nistz256_mul_mont ! p256_mul_mont(S2, Z1sqr, in1_z); + add %sp,LOCALS+$S2,$rp + + add $ap_real,64,$bp + add %sp,LOCALS+$H,$ap + call __ecp_nistz256_mul_mont ! p256_mul_mont(res_z, H, in1_z); + add %sp,LOCALS+$res_z,$rp + + add $bp_real,32,$bp + add %sp,LOCALS+$S2,$ap + call __ecp_nistz256_mul_mont ! p256_mul_mont(S2, S2, in2_y); + add %sp,LOCALS+$S2,$rp + + add $ap_real,32,$bp + call __ecp_nistz256_sub_from ! p256_sub(R, S2, in1_y); + add %sp,LOCALS+$R,$rp + + add %sp,LOCALS+$H,$bp + add %sp,LOCALS+$H,$ap + call __ecp_nistz256_mul_mont ! p256_sqr_mont(Hsqr, H); + add %sp,LOCALS+$Hsqr,$rp + + add %sp,LOCALS+$R,$bp + add %sp,LOCALS+$R,$ap + call __ecp_nistz256_mul_mont ! p256_sqr_mont(Rsqr, R); + add %sp,LOCALS+$Rsqr,$rp + + add %sp,LOCALS+$H,$bp + add %sp,LOCALS+$Hsqr,$ap + call __ecp_nistz256_mul_mont ! p256_mul_mont(Hcub, Hsqr, H); + add %sp,LOCALS+$Hcub,$rp + + add $ap_real,0,$bp + add %sp,LOCALS+$Hsqr,$ap + call __ecp_nistz256_mul_mont ! p256_mul_mont(U2, in1_x, Hsqr); + add %sp,LOCALS+$U2,$rp + + call __ecp_nistz256_mul_by_2 ! p256_mul_by_2(Hsqr, U2); + add %sp,LOCALS+$Hsqr,$rp + + add %sp,LOCALS+$Rsqr,$bp + call __ecp_nistz256_sub_morf ! p256_sub(res_x, Rsqr, Hsqr); + add %sp,LOCALS+$res_x,$rp + + add %sp,LOCALS+$Hcub,$bp + call __ecp_nistz256_sub_from ! p256_sub(res_x, res_x, Hcub); + add %sp,LOCALS+$res_x,$rp + + add %sp,LOCALS+$U2,$bp + call __ecp_nistz256_sub_morf ! p256_sub(res_y, U2, res_x); + add %sp,LOCALS+$res_y,$rp + + add $ap_real,32,$bp + add %sp,LOCALS+$Hcub,$ap + call __ecp_nistz256_mul_mont ! p256_mul_mont(S2, in1_y, Hcub); + add %sp,LOCALS+$S2,$rp + + add %sp,LOCALS+$R,$bp + add %sp,LOCALS+$res_y,$ap + call __ecp_nistz256_mul_mont ! p256_mul_mont(res_y, res_y, R); + add %sp,LOCALS+$res_y,$rp + + add %sp,LOCALS+$S2,$bp + call __ecp_nistz256_sub_from ! p256_sub(res_y, res_y, S2); + add %sp,LOCALS+$res_y,$rp + + ld [%fp+STACK_BIAS-16],$t1 ! !in1infty + ld [%fp+STACK_BIAS-12],$t2 ! !in2infty + ldx [%fp+STACK_BIAS-8],$rp +___ +for($i=0;$i<64;$i+=8) { # conditional moves +$code.=<<___; + ld [%sp+LOCALS+$i],@acc[0] ! res + ld [%sp+LOCALS+$i+4],@acc[1] + ld [$bp_real+$i],@acc[2] ! in2 + ld [$bp_real+$i+4],@acc[3] + ld [$ap_real+$i],@acc[4] ! in1 + ld [$ap_real+$i+4],@acc[5] + movrz $t1,@acc[2],@acc[0] + movrz $t1,@acc[3],@acc[1] + movrz $t2,@acc[4],@acc[0] + movrz $t2,@acc[5],@acc[1] + st @acc[0],[$rp+$i] + st @acc[1],[$rp+$i+4] +___ +} +for(;$i<96;$i+=8) { +my $j=($i-64)/4; +$code.=<<___; + ld [%sp+LOCALS+$i],@acc[0] ! res + ld [%sp+LOCALS+$i+4],@acc[1] + ld [$ap_real+$i],@acc[4] ! in1 + ld [$ap_real+$i+4],@acc[5] + movrz $t1,@ONE_mont[$j],@acc[0] + movrz $t1,@ONE_mont[$j+1],@acc[1] + movrz $t2,@acc[4],@acc[0] + movrz $t2,@acc[5],@acc[1] + st @acc[0],[$rp+$i] + st @acc[1],[$rp+$i+4] +___ +} +$code.=<<___; + ret + restore +.type ecp_nistz256_point_add_affine,#function +.size ecp_nistz256_point_add_affine,.-ecp_nistz256_point_add_affine +___ +} }}} +{{{ +my ($out,$inp,$index)=map("%i$_",(0..2)); +my $mask="%o0"; + +$code.=<<___; +! void ecp_nistz256_select_w5(P256_POINT *%i0,const void *%i1, +! int %i2); +.globl ecp_nistz256_select_w5 +.align 32 +ecp_nistz256_select_w5: + save %sp,-STACK_FRAME,%sp + + neg $index,$mask + srax $mask,63,$mask + + add $index,$mask,$index + sll $index,2,$index + add $inp,$index,$inp + + ld [$inp+64*0],%l0 + ld [$inp+64*1],%l1 + ld [$inp+64*2],%l2 + ld [$inp+64*3],%l3 + ld [$inp+64*4],%l4 + ld [$inp+64*5],%l5 + ld [$inp+64*6],%l6 + ld [$inp+64*7],%l7 + add $inp,64*8,$inp + and %l0,$mask,%l0 + and %l1,$mask,%l1 + st %l0,[$out] ! X + and %l2,$mask,%l2 + st %l1,[$out+4] + and %l3,$mask,%l3 + st %l2,[$out+8] + and %l4,$mask,%l4 + st %l3,[$out+12] + and %l5,$mask,%l5 + st %l4,[$out+16] + and %l6,$mask,%l6 + st %l5,[$out+20] + and %l7,$mask,%l7 + st %l6,[$out+24] + st %l7,[$out+28] + add $out,32,$out + + ld [$inp+64*0],%l0 + ld [$inp+64*1],%l1 + ld [$inp+64*2],%l2 + ld [$inp+64*3],%l3 + ld [$inp+64*4],%l4 + ld [$inp+64*5],%l5 + ld [$inp+64*6],%l6 + ld [$inp+64*7],%l7 + add $inp,64*8,$inp + and %l0,$mask,%l0 + and %l1,$mask,%l1 + st %l0,[$out] ! Y + and %l2,$mask,%l2 + st %l1,[$out+4] + and %l3,$mask,%l3 + st %l2,[$out+8] + and %l4,$mask,%l4 + st %l3,[$out+12] + and %l5,$mask,%l5 + st %l4,[$out+16] + and %l6,$mask,%l6 + st %l5,[$out+20] + and %l7,$mask,%l7 + st %l6,[$out+24] + st %l7,[$out+28] + add $out,32,$out + + ld [$inp+64*0],%l0 + ld [$inp+64*1],%l1 + ld [$inp+64*2],%l2 + ld [$inp+64*3],%l3 + ld [$inp+64*4],%l4 + ld [$inp+64*5],%l5 + ld [$inp+64*6],%l6 + ld [$inp+64*7],%l7 + and %l0,$mask,%l0 + and %l1,$mask,%l1 + st %l0,[$out] ! Z + and %l2,$mask,%l2 + st %l1,[$out+4] + and %l3,$mask,%l3 + st %l2,[$out+8] + and %l4,$mask,%l4 + st %l3,[$out+12] + and %l5,$mask,%l5 + st %l4,[$out+16] + and %l6,$mask,%l6 + st %l5,[$out+20] + and %l7,$mask,%l7 + st %l6,[$out+24] + st %l7,[$out+28] + + ret + restore +.type ecp_nistz256_select_w5,#function +.size ecp_nistz256_select_w5,.-ecp_nistz256_select_w5 + +! void ecp_nistz256_select_w7(P256_POINT_AFFINE *%i0,const void *%i1, +! int %i2); +.globl ecp_nistz256_select_w7 +.align 32 +ecp_nistz256_select_w7: + save %sp,-STACK_FRAME,%sp + + neg $index,$mask + srax $mask,63,$mask + + add $index,$mask,$index + add $inp,$index,$inp + mov 64/4,$index + +.Loop_select_w7: + ldub [$inp+64*0],%l0 + prefetch [$inp+3840+64*0],1 + subcc $index,1,$index + ldub [$inp+64*1],%l1 + prefetch [$inp+3840+64*1],1 + ldub [$inp+64*2],%l2 + prefetch [$inp+3840+64*2],1 + ldub [$inp+64*3],%l3 + prefetch [$inp+3840+64*3],1 + add $inp,64*4,$inp + sll %l1,8,%l1 + sll %l2,16,%l2 + or %l0,%l1,%l0 + sll %l3,24,%l3 + or %l0,%l2,%l0 + or %l0,%l3,%l0 + and %l0,$mask,%l0 + st %l0,[$out] + bne .Loop_select_w7 + add $out,4,$out + + ret + restore +.type ecp_nistz256_select_w7,#function +.size ecp_nistz256_select_w7,.-ecp_nistz256_select_w7 +___ +}}} +{{{ +######################################################################## +# Following subroutines are VIS3 counterparts of those above that +# implement ones found in ecp_nistz256.c. Key difference is that they +# use 128-bit muliplication and addition with 64-bit carry, and in order +# to do that they perform conversion from uin32_t[8] to uint64_t[4] upon +# entry and vice versa on return. +# +my ($rp,$ap,$bp)=map("%i$_",(0..2)); +my ($t0,$t1,$t2,$t3,$a0,$a1,$a2,$a3)=map("%l$_",(0..7)); +my ($acc0,$acc1,$acc2,$acc3,$acc4,$acc5)=map("%o$_",(0..5)); +my ($bi,$poly1,$poly3,$minus1)=(map("%i$_",(3..5)),"%g1"); +my ($rp_real,$ap_real)=("%g2","%g3"); +my ($acc6,$acc7)=($bp,$bi); # used in squaring + +$code.=<<___; +#if 0 +.align 32 +__ecp_nistz256_mul_by_2_vis3: + addcc $acc0,$acc0,$acc0 + addxccc $acc1,$acc1,$acc1 + addxccc $acc2,$acc2,$acc2 + addxccc $acc3,$acc3,$acc3 + b .Lreduce_by_sub_vis3 + addxc %g0,%g0,$acc4 ! did it carry? +.type __ecp_nistz256_mul_by_2_vis3,#function +.size __ecp_nistz256_mul_by_2_vis3,.-__ecp_nistz256_mul_by_2_vis3 + +.align 32 +__ecp_nistz256_add_vis3: + ldx [$bp+0],$t0 + ldx [$bp+8],$t1 + ldx [$bp+16],$t2 + ldx [$bp+24],$t3 + +__ecp_nistz256_add_noload_vis3: + + addcc $t0,$acc0,$acc0 + addxccc $t1,$acc1,$acc1 + addxccc $t2,$acc2,$acc2 + addxccc $t3,$acc3,$acc3 + addxc %g0,%g0,$acc4 ! did it carry? + +.Lreduce_by_sub_vis3: + + addcc $acc0,1,$t0 ! add -modulus, i.e. subtract + addxccc $acc1,$poly1,$t1 + addxccc $acc2,$minus1,$t2 + addxccc $acc3,$poly3,$t3 + addxc $acc4,$minus1,$acc4 + + movrz $acc4,$t0,$acc0 ! ret = borrow ? ret : ret-modulus + movrz $acc4,$t1,$acc1 + stx $acc0,[$rp] + movrz $acc4,$t2,$acc2 + stx $acc1,[$rp+8] + movrz $acc4,$t3,$acc3 + stx $acc2,[$rp+16] + retl + stx $acc3,[$rp+24] +.type __ecp_nistz256_add_vis3,#function +.size __ecp_nistz256_add_vis3,.-__ecp_nistz256_add_vis3 + +! Trouble with subtraction is that there is no subtraction with 64-bit +! borrow, only with 32-bit one. For this reason we "decompose" 64-bit +! $acc0-$acc3 to 32-bit values and pick b[4] in 32-bit pieces. But +! recall that SPARC is big-endian, which is why you'll observe that +! b[4] is accessed as 4-0-12-8-20-16-28-24. And prior reduction we +! "collect" result back to 64-bit $acc0-$acc3. +.align 32 +__ecp_nistz256_sub_from_vis3: + ld [$bp+4],$t0 + ld [$bp+0],$t1 + ld [$bp+12],$t2 + ld [$bp+8],$t3 + + srlx $acc0,32,$acc4 + not $poly1,$poly1 + srlx $acc1,32,$acc5 + subcc $acc0,$t0,$acc0 + ld [$bp+20],$t0 + subccc $acc4,$t1,$acc4 + ld [$bp+16],$t1 + subccc $acc1,$t2,$acc1 + ld [$bp+28],$t2 + and $acc0,$poly1,$acc0 + subccc $acc5,$t3,$acc5 + ld [$bp+24],$t3 + sllx $acc4,32,$acc4 + and $acc1,$poly1,$acc1 + sllx $acc5,32,$acc5 + or $acc0,$acc4,$acc0 + srlx $acc2,32,$acc4 + or $acc1,$acc5,$acc1 + srlx $acc3,32,$acc5 + subccc $acc2,$t0,$acc2 + subccc $acc4,$t1,$acc4 + subccc $acc3,$t2,$acc3 + and $acc2,$poly1,$acc2 + subccc $acc5,$t3,$acc5 + sllx $acc4,32,$acc4 + and $acc3,$poly1,$acc3 + sllx $acc5,32,$acc5 + or $acc2,$acc4,$acc2 + subc %g0,%g0,$acc4 ! did it borrow? + b .Lreduce_by_add_vis3 + or $acc3,$acc5,$acc3 +.type __ecp_nistz256_sub_from_vis3,#function +.size __ecp_nistz256_sub_from_vis3,.-__ecp_nistz256_sub_from_vis3 + +.align 32 +__ecp_nistz256_sub_morf_vis3: + ld [$bp+4],$t0 + ld [$bp+0],$t1 + ld [$bp+12],$t2 + ld [$bp+8],$t3 + + srlx $acc0,32,$acc4 + not $poly1,$poly1 + srlx $acc1,32,$acc5 + subcc $t0,$acc0,$acc0 + ld [$bp+20],$t0 + subccc $t1,$acc4,$acc4 + ld [$bp+16],$t1 + subccc $t2,$acc1,$acc1 + ld [$bp+28],$t2 + and $acc0,$poly1,$acc0 + subccc $t3,$acc5,$acc5 + ld [$bp+24],$t3 + sllx $acc4,32,$acc4 + and $acc1,$poly1,$acc1 + sllx $acc5,32,$acc5 + or $acc0,$acc4,$acc0 + srlx $acc2,32,$acc4 + or $acc1,$acc5,$acc1 + srlx $acc3,32,$acc5 + subccc $t0,$acc2,$acc2 + subccc $t1,$acc4,$acc4 + subccc $t2,$acc3,$acc3 + and $acc2,$poly1,$acc2 + subccc $t3,$acc5,$acc5 + sllx $acc4,32,$acc4 + and $acc3,$poly1,$acc3 + sllx $acc5,32,$acc5 + or $acc2,$acc4,$acc2 + subc %g0,%g0,$acc4 ! did it borrow? + or $acc3,$acc5,$acc3 + +.Lreduce_by_add_vis3: + + addcc $acc0,-1,$t0 ! add modulus + not $poly3,$t3 + addxccc $acc1,$poly1,$t1 + not $poly1,$poly1 ! restore $poly1 + addxccc $acc2,%g0,$t2 + addxc $acc3,$t3,$t3 + + movrnz $acc4,$t0,$acc0 ! if a-b borrowed, ret = ret+mod + movrnz $acc4,$t1,$acc1 + stx $acc0,[$rp] + movrnz $acc4,$t2,$acc2 + stx $acc1,[$rp+8] + movrnz $acc4,$t3,$acc3 + stx $acc2,[$rp+16] + retl + stx $acc3,[$rp+24] +.type __ecp_nistz256_sub_morf_vis3,#function +.size __ecp_nistz256_sub_morf_vis3,.-__ecp_nistz256_sub_morf_vis3 + +.align 32 +__ecp_nistz256_div_by_2_vis3: + ! ret = (a is odd ? a+mod : a) >> 1 + + not $poly1,$t1 + not $poly3,$t3 + and $acc0,1,$acc5 + addcc $acc0,-1,$t0 ! add modulus + addxccc $acc1,$t1,$t1 + addxccc $acc2,%g0,$t2 + addxccc $acc3,$t3,$t3 + addxc %g0,%g0,$acc4 ! carry bit + + movrnz $acc5,$t0,$acc0 + movrnz $acc5,$t1,$acc1 + movrnz $acc5,$t2,$acc2 + movrnz $acc5,$t3,$acc3 + movrz $acc5,%g0,$acc4 + + ! ret >>= 1 + + srlx $acc0,1,$acc0 + sllx $acc1,63,$t0 + srlx $acc1,1,$acc1 + or $acc0,$t0,$acc0 + sllx $acc2,63,$t1 + srlx $acc2,1,$acc2 + or $acc1,$t1,$acc1 + sllx $acc3,63,$t2 + stx $acc0,[$rp] + srlx $acc3,1,$acc3 + or $acc2,$t2,$acc2 + sllx $acc4,63,$t3 ! don't forget carry bit + stx $acc1,[$rp+8] + or $acc3,$t3,$acc3 + stx $acc2,[$rp+16] + retl + stx $acc3,[$rp+24] +.type __ecp_nistz256_div_by_2_vis3,#function +.size __ecp_nistz256_div_by_2_vis3,.-__ecp_nistz256_div_by_2_vis3 + +! compared to __ecp_nistz256_mul_mont it's almost 4x smaller and +! 4x faster [on T4]... +.align 32 +__ecp_nistz256_mul_mont_vis3: + mulx $a0,$bi,$acc0 + not $poly3,$poly3 ! 0xFFFFFFFF00000001 + umulxhi $a0,$bi,$t0 + mulx $a1,$bi,$acc1 + umulxhi $a1,$bi,$t1 + mulx $a2,$bi,$acc2 + umulxhi $a2,$bi,$t2 + mulx $a3,$bi,$acc3 + umulxhi $a3,$bi,$t3 + ldx [$bp+8],$bi ! b[1] + + addcc $acc1,$t0,$acc1 ! accumulate high parts of multiplication + sllx $acc0,32,$t0 + addxccc $acc2,$t1,$acc2 + srlx $acc0,32,$t1 + addxccc $acc3,$t2,$acc3 + addxc %g0,$t3,$acc4 + mov 0,$acc5 +___ +for($i=1;$i<4;$i++) { + # Reduction iteration is normally performed by accumulating + # result of multiplication of modulus by "magic" digit [and + # omitting least significant word, which is guaranteed to + # be 0], but thanks to special form of modulus and "magic" + # digit being equal to least significant word, it can be + # performed with additions and subtractions alone. Indeed: + # + # ffff0001.00000000.0000ffff.ffffffff + # * abcdefgh + # + xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx.abcdefgh + # + # Now observing that ff..ff*x = (2^n-1)*x = 2^n*x-x, we + # rewrite above as: + # + # xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx.abcdefgh + # + abcdefgh.abcdefgh.0000abcd.efgh0000.00000000 + # - 0000abcd.efgh0000.00000000.00000000.abcdefgh + # + # or marking redundant operations: + # + # xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx.-------- + # + abcdefgh.abcdefgh.0000abcd.efgh0000.-------- + # - 0000abcd.efgh0000.--------.--------.-------- + # ^^^^^^^^ but this word is calculated with umulxhi, because + # there is no subtract with 64-bit borrow:-( + +$code.=<<___; + sub $acc0,$t0,$t2 ! acc0*0xFFFFFFFF00000001, low part + umulxhi $acc0,$poly3,$t3 ! acc0*0xFFFFFFFF00000001, high part + addcc $acc1,$t0,$acc0 ! +=acc[0]<<96 and omit acc[0] + mulx $a0,$bi,$t0 + addxccc $acc2,$t1,$acc1 + mulx $a1,$bi,$t1 + addxccc $acc3,$t2,$acc2 ! +=acc[0]*0xFFFFFFFF00000001 + mulx $a2,$bi,$t2 + addxccc $acc4,$t3,$acc3 + mulx $a3,$bi,$t3 + addxc $acc5,%g0,$acc4 + + addcc $acc0,$t0,$acc0 ! accumulate low parts of multiplication + umulxhi $a0,$bi,$t0 + addxccc $acc1,$t1,$acc1 + umulxhi $a1,$bi,$t1 + addxccc $acc2,$t2,$acc2 + umulxhi $a2,$bi,$t2 + addxccc $acc3,$t3,$acc3 + umulxhi $a3,$bi,$t3 + addxc $acc4,%g0,$acc4 +___ +$code.=<<___ if ($i<3); + ldx [$bp+8*($i+1)],$bi ! bp[$i+1] +___ +$code.=<<___; + addcc $acc1,$t0,$acc1 ! accumulate high parts of multiplication + sllx $acc0,32,$t0 + addxccc $acc2,$t1,$acc2 + srlx $acc0,32,$t1 + addxccc $acc3,$t2,$acc3 + addxccc $acc4,$t3,$acc4 + addxc %g0,%g0,$acc5 +___ +} +$code.=<<___; + sub $acc0,$t0,$t2 ! acc0*0xFFFFFFFF00000001, low part + umulxhi $acc0,$poly3,$t3 ! acc0*0xFFFFFFFF00000001, high part + addcc $acc1,$t0,$acc0 ! +=acc[0]<<96 and omit acc[0] + addxccc $acc2,$t1,$acc1 + addxccc $acc3,$t2,$acc2 ! +=acc[0]*0xFFFFFFFF00000001 + addxccc $acc4,$t3,$acc3 + b .Lmul_final_vis3 ! see below + addxc $acc5,%g0,$acc4 +.type __ecp_nistz256_mul_mont_vis3,#function +.size __ecp_nistz256_mul_mont_vis3,.-__ecp_nistz256_mul_mont_vis3 + +! compared to above __ecp_nistz256_mul_mont_vis3 it's 21% less +! instructions, but only 14% faster [on T4]... +.align 32 +__ecp_nistz256_sqr_mont_vis3: + ! | | | | | |a1*a0| | + ! | | | | |a2*a0| | | + ! | |a3*a2|a3*a0| | | | + ! | | | |a2*a1| | | | + ! | | |a3*a1| | | | | + ! *| | | | | | | | 2| + ! +|a3*a3|a2*a2|a1*a1|a0*a0| + ! |--+--+--+--+--+--+--+--| + ! |A7|A6|A5|A4|A3|A2|A1|A0|, where Ax is $accx, i.e. follow $accx + ! + ! "can't overflow" below mark carrying into high part of + ! multiplication result, which can't overflow, because it + ! can never be all ones. + + mulx $a1,$a0,$acc1 ! a[1]*a[0] + umulxhi $a1,$a0,$t1 + mulx $a2,$a0,$acc2 ! a[2]*a[0] + umulxhi $a2,$a0,$t2 + mulx $a3,$a0,$acc3 ! a[3]*a[0] + umulxhi $a3,$a0,$acc4 + + addcc $acc2,$t1,$acc2 ! accumulate high parts of multiplication + mulx $a2,$a1,$t0 ! a[2]*a[1] + umulxhi $a2,$a1,$t1 + addxccc $acc3,$t2,$acc3 + mulx $a3,$a1,$t2 ! a[3]*a[1] + umulxhi $a3,$a1,$t3 + addxc $acc4,%g0,$acc4 ! can't overflow + + mulx $a3,$a2,$acc5 ! a[3]*a[2] + not $poly3,$poly3 ! 0xFFFFFFFF00000001 + umulxhi $a3,$a2,$acc6 + + addcc $t2,$t1,$t1 ! accumulate high parts of multiplication + mulx $a0,$a0,$acc0 ! a[0]*a[0] + addxc $t3,%g0,$t2 ! can't overflow + + addcc $acc3,$t0,$acc3 ! accumulate low parts of multiplication + umulxhi $a0,$a0,$a0 + addxccc $acc4,$t1,$acc4 + mulx $a1,$a1,$t1 ! a[1]*a[1] + addxccc $acc5,$t2,$acc5 + umulxhi $a1,$a1,$a1 + addxc $acc6,%g0,$acc6 ! can't overflow + + addcc $acc1,$acc1,$acc1 ! acc[1-6]*=2 + mulx $a2,$a2,$t2 ! a[2]*a[2] + addxccc $acc2,$acc2,$acc2 + umulxhi $a2,$a2,$a2 + addxccc $acc3,$acc3,$acc3 + mulx $a3,$a3,$t3 ! a[3]*a[3] + addxccc $acc4,$acc4,$acc4 + umulxhi $a3,$a3,$a3 + addxccc $acc5,$acc5,$acc5 + addxccc $acc6,$acc6,$acc6 + addxc %g0,%g0,$acc7 + + addcc $acc1,$a0,$acc1 ! +a[i]*a[i] + addxccc $acc2,$t1,$acc2 + addxccc $acc3,$a1,$acc3 + addxccc $acc4,$t2,$acc4 + sllx $acc0,32,$t0 + addxccc $acc5,$a2,$acc5 + srlx $acc0,32,$t1 + addxccc $acc6,$t3,$acc6 + sub $acc0,$t0,$t2 ! acc0*0xFFFFFFFF00000001, low part + addxc $acc7,$a3,$acc7 +___ +for($i=0;$i<3;$i++) { # reductions, see commentary + # in multiplication for details +$code.=<<___; + umulxhi $acc0,$poly3,$t3 ! acc0*0xFFFFFFFF00000001, high part + addcc $acc1,$t0,$acc0 ! +=acc[0]<<96 and omit acc[0] + sllx $acc0,32,$t0 + addxccc $acc2,$t1,$acc1 + srlx $acc0,32,$t1 + addxccc $acc3,$t2,$acc2 ! +=acc[0]*0xFFFFFFFF00000001 + sub $acc0,$t0,$t2 ! acc0*0xFFFFFFFF00000001, low part + addxc %g0,$t3,$acc3 ! cant't overflow +___ +} +$code.=<<___; + umulxhi $acc0,$poly3,$t3 ! acc0*0xFFFFFFFF00000001, high part + addcc $acc1,$t0,$acc0 ! +=acc[0]<<96 and omit acc[0] + addxccc $acc2,$t1,$acc1 + addxccc $acc3,$t2,$acc2 ! +=acc[0]*0xFFFFFFFF00000001 + addxc %g0,$t3,$acc3 ! can't overflow + + addcc $acc0,$acc4,$acc0 ! accumulate upper half + addxccc $acc1,$acc5,$acc1 + addxccc $acc2,$acc6,$acc2 + addxccc $acc3,$acc7,$acc3 + addxc %g0,%g0,$acc4 + +.Lmul_final_vis3: + + ! Final step is "if result > mod, subtract mod", but as comparison + ! means subtraction, we do the subtraction and then copy outcome + ! if it didn't borrow. But note that as we [have to] replace + ! subtraction with addition with negative, carry/borrow logic is + ! inverse. + + addcc $acc0,1,$t0 ! add -modulus, i.e. subtract + not $poly3,$poly3 ! restore 0x00000000FFFFFFFE + addxccc $acc1,$poly1,$t1 + addxccc $acc2,$minus1,$t2 + addxccc $acc3,$poly3,$t3 + addxccc $acc4,$minus1,%g0 ! did it carry? + + movcs %xcc,$t0,$acc0 + movcs %xcc,$t1,$acc1 + stx $acc0,[$rp] + movcs %xcc,$t2,$acc2 + stx $acc1,[$rp+8] + movcs %xcc,$t3,$acc3 + stx $acc2,[$rp+16] + retl + stx $acc3,[$rp+24] +.type __ecp_nistz256_sqr_mont_vis3,#function +.size __ecp_nistz256_sqr_mont_vis3,.-__ecp_nistz256_sqr_mont_vis3 +___ + +######################################################################## +# void ecp_nistz256_point_double(P256_POINT *out,const P256_POINT *inp); +# +{ +my ($res_x,$res_y,$res_z, + $in_x,$in_y,$in_z, + $S,$M,$Zsqr,$tmp0)=map(32*$_,(0..9)); +# above map() describes stack layout with 10 temporary +# 256-bit vectors on top. + +$code.=<<___; +.align 32 +ecp_nistz256_point_double_vis3: + save %sp,-STACK64_FRAME-32*10,%sp + + mov $rp,$rp_real +.Ldouble_shortcut_vis3: + mov -1,$minus1 + mov -2,$poly3 + sllx $minus1,32,$poly1 ! 0xFFFFFFFF00000000 + srl $poly3,0,$poly3 ! 0x00000000FFFFFFFE + + ! convert input to uint64_t[4] + ld [$ap],$a0 ! in_x + ld [$ap+4],$t0 + ld [$ap+8],$a1 + ld [$ap+12],$t1 + ld [$ap+16],$a2 + ld [$ap+20],$t2 + ld [$ap+24],$a3 + ld [$ap+28],$t3 + sllx $t0,32,$t0 + sllx $t1,32,$t1 + ld [$ap+32],$acc0 ! in_y + or $a0,$t0,$a0 + ld [$ap+32+4],$t0 + sllx $t2,32,$t2 + ld [$ap+32+8],$acc1 + or $a1,$t1,$a1 + ld [$ap+32+12],$t1 + sllx $t3,32,$t3 + ld [$ap+32+16],$acc2 + or $a2,$t2,$a2 + ld [$ap+32+20],$t2 + or $a3,$t3,$a3 + ld [$ap+32+24],$acc3 + sllx $t0,32,$t0 + ld [$ap+32+28],$t3 + sllx $t1,32,$t1 + stx $a0,[%sp+LOCALS64+$in_x] + sllx $t2,32,$t2 + stx $a1,[%sp+LOCALS64+$in_x+8] + sllx $t3,32,$t3 + stx $a2,[%sp+LOCALS64+$in_x+16] + or $acc0,$t0,$acc0 + stx $a3,[%sp+LOCALS64+$in_x+24] + or $acc1,$t1,$acc1 + stx $acc0,[%sp+LOCALS64+$in_y] + or $acc2,$t2,$acc2 + stx $acc1,[%sp+LOCALS64+$in_y+8] + or $acc3,$t3,$acc3 + stx $acc2,[%sp+LOCALS64+$in_y+16] + stx $acc3,[%sp+LOCALS64+$in_y+24] + + ld [$ap+64],$a0 ! in_z + ld [$ap+64+4],$t0 + ld [$ap+64+8],$a1 + ld [$ap+64+12],$t1 + ld [$ap+64+16],$a2 + ld [$ap+64+20],$t2 + ld [$ap+64+24],$a3 + ld [$ap+64+28],$t3 + sllx $t0,32,$t0 + sllx $t1,32,$t1 + or $a0,$t0,$a0 + sllx $t2,32,$t2 + or $a1,$t1,$a1 + sllx $t3,32,$t3 + or $a2,$t2,$a2 + or $a3,$t3,$a3 + sllx $t0,32,$t0 + sllx $t1,32,$t1 + stx $a0,[%sp+LOCALS64+$in_z] + sllx $t2,32,$t2 + stx $a1,[%sp+LOCALS64+$in_z+8] + sllx $t3,32,$t3 + stx $a2,[%sp+LOCALS64+$in_z+16] + stx $a3,[%sp+LOCALS64+$in_z+24] + + ! in_y is still in $acc0-$acc3 + call __ecp_nistz256_mul_by_2_vis3 ! p256_mul_by_2(S, in_y); + add %sp,LOCALS64+$S,$rp + + ! in_z is still in $a0-$a3 + call __ecp_nistz256_sqr_mont_vis3 ! p256_sqr_mont(Zsqr, in_z); + add %sp,LOCALS64+$Zsqr,$rp + + mov $acc0,$a0 ! put Zsqr aside + mov $acc1,$a1 + mov $acc2,$a2 + mov $acc3,$a3 + + add %sp,LOCALS64+$in_x,$bp + call __ecp_nistz256_add_vis3 ! p256_add(M, Zsqr, in_x); + add %sp,LOCALS64+$M,$rp + + mov $a0,$acc0 ! restore Zsqr + ldx [%sp+LOCALS64+$S],$a0 ! forward load + mov $a1,$acc1 + ldx [%sp+LOCALS64+$S+8],$a1 + mov $a2,$acc2 + ldx [%sp+LOCALS64+$S+16],$a2 + mov $a3,$acc3 + ldx [%sp+LOCALS64+$S+24],$a3 + + add %sp,LOCALS64+$in_x,$bp + call __ecp_nistz256_sub_morf_vis3 ! p256_sub(Zsqr, in_x, Zsqr); + add %sp,LOCALS64+$Zsqr,$rp + + call __ecp_nistz256_sqr_mont_vis3 ! p256_sqr_mont(S, S); + add %sp,LOCALS64+$S,$rp + + ldx [%sp+LOCALS64+$in_z],$bi + ldx [%sp+LOCALS64+$in_y],$a0 + ldx [%sp+LOCALS64+$in_y+8],$a1 + ldx [%sp+LOCALS64+$in_y+16],$a2 + ldx [%sp+LOCALS64+$in_y+24],$a3 + add %sp,LOCALS64+$in_z,$bp + call __ecp_nistz256_mul_mont_vis3 ! p256_mul_mont(tmp0, in_z, in_y); + add %sp,LOCALS64+$tmp0,$rp + + ldx [%sp+LOCALS64+$M],$bi ! forward load + ldx [%sp+LOCALS64+$Zsqr],$a0 + ldx [%sp+LOCALS64+$Zsqr+8],$a1 + ldx [%sp+LOCALS64+$Zsqr+16],$a2 + ldx [%sp+LOCALS64+$Zsqr+24],$a3 + + call __ecp_nistz256_mul_by_2_vis3 ! p256_mul_by_2(res_z, tmp0); + add %sp,LOCALS64+$res_z,$rp + + add %sp,LOCALS64+$M,$bp + call __ecp_nistz256_mul_mont_vis3 ! p256_mul_mont(M, M, Zsqr); + add %sp,LOCALS64+$M,$rp + + mov $acc0,$a0 ! put aside M + mov $acc1,$a1 + mov $acc2,$a2 + mov $acc3,$a3 + call __ecp_nistz256_mul_by_2_vis3 + add %sp,LOCALS64+$M,$rp + mov $a0,$t0 ! copy M + ldx [%sp+LOCALS64+$S],$a0 ! forward load + mov $a1,$t1 + ldx [%sp+LOCALS64+$S+8],$a1 + mov $a2,$t2 + ldx [%sp+LOCALS64+$S+16],$a2 + mov $a3,$t3 + ldx [%sp+LOCALS64+$S+24],$a3 + call __ecp_nistz256_add_noload_vis3 ! p256_mul_by_3(M, M); + add %sp,LOCALS64+$M,$rp + + call __ecp_nistz256_sqr_mont_vis3 ! p256_sqr_mont(tmp0, S); + add %sp,LOCALS64+$tmp0,$rp + + ldx [%sp+LOCALS64+$S],$bi ! forward load + ldx [%sp+LOCALS64+$in_x],$a0 + ldx [%sp+LOCALS64+$in_x+8],$a1 + ldx [%sp+LOCALS64+$in_x+16],$a2 + ldx [%sp+LOCALS64+$in_x+24],$a3 + + call __ecp_nistz256_div_by_2_vis3 ! p256_div_by_2(res_y, tmp0); + add %sp,LOCALS64+$res_y,$rp + + add %sp,LOCALS64+$S,$bp + call __ecp_nistz256_mul_mont_vis3 ! p256_mul_mont(S, S, in_x); + add %sp,LOCALS64+$S,$rp + + ldx [%sp+LOCALS64+$M],$a0 ! forward load + ldx [%sp+LOCALS64+$M+8],$a1 + ldx [%sp+LOCALS64+$M+16],$a2 + ldx [%sp+LOCALS64+$M+24],$a3 + + call __ecp_nistz256_mul_by_2_vis3 ! p256_mul_by_2(tmp0, S); + add %sp,LOCALS64+$tmp0,$rp + + call __ecp_nistz256_sqr_mont_vis3 ! p256_sqr_mont(res_x, M); + add %sp,LOCALS64+$res_x,$rp + + add %sp,LOCALS64+$tmp0,$bp + call __ecp_nistz256_sub_from_vis3 ! p256_sub(res_x, res_x, tmp0); + add %sp,LOCALS64+$res_x,$rp + + ldx [%sp+LOCALS64+$M],$a0 ! forward load + ldx [%sp+LOCALS64+$M+8],$a1 + ldx [%sp+LOCALS64+$M+16],$a2 + ldx [%sp+LOCALS64+$M+24],$a3 + + add %sp,LOCALS64+$S,$bp + call __ecp_nistz256_sub_morf_vis3 ! p256_sub(S, S, res_x); + add %sp,LOCALS64+$S,$rp + + mov $acc0,$bi + call __ecp_nistz256_mul_mont_vis3 ! p256_mul_mont(S, S, M); + add %sp,LOCALS64+$S,$rp + + ldx [%sp+LOCALS64+$res_x],$a0 ! forward load + ldx [%sp+LOCALS64+$res_x+8],$a1 + ldx [%sp+LOCALS64+$res_x+16],$a2 + ldx [%sp+LOCALS64+$res_x+24],$a3 + + add %sp,LOCALS64+$res_y,$bp + call __ecp_nistz256_sub_from_vis3 ! p256_sub(res_y, S, res_y); + add %sp,LOCALS64+$res_y,$bp + + ! convert output to uint_32[8] + srlx $a0,32,$t0 + srlx $a1,32,$t1 + st $a0,[$rp_real] ! res_x + srlx $a2,32,$t2 + st $t0,[$rp_real+4] + srlx $a3,32,$t3 + st $a1,[$rp_real+8] + st $t1,[$rp_real+12] + st $a2,[$rp_real+16] + st $t2,[$rp_real+20] + st $a3,[$rp_real+24] + st $t3,[$rp_real+28] + + ldx [%sp+LOCALS64+$res_z],$a0 ! forward load + srlx $acc0,32,$t0 + ldx [%sp+LOCALS64+$res_z+8],$a1 + srlx $acc1,32,$t1 + ldx [%sp+LOCALS64+$res_z+16],$a2 + srlx $acc2,32,$t2 + ldx [%sp+LOCALS64+$res_z+24],$a3 + srlx $acc3,32,$t3 + st $acc0,[$rp_real+32] ! res_y + st $t0, [$rp_real+32+4] + st $acc1,[$rp_real+32+8] + st $t1, [$rp_real+32+12] + st $acc2,[$rp_real+32+16] + st $t2, [$rp_real+32+20] + st $acc3,[$rp_real+32+24] + st $t3, [$rp_real+32+28] + + srlx $a0,32,$t0 + srlx $a1,32,$t1 + st $a0,[$rp_real+64] ! res_z + srlx $a2,32,$t2 + st $t0,[$rp_real+64+4] + srlx $a3,32,$t3 + st $a1,[$rp_real+64+8] + st $t1,[$rp_real+64+12] + st $a2,[$rp_real+64+16] + st $t2,[$rp_real+64+20] + st $a3,[$rp_real+64+24] + st $t3,[$rp_real+64+28] + + ret + restore +.type ecp_nistz256_point_double_vis3,#function +.size ecp_nistz256_point_double_vis3,.-ecp_nistz256_point_double_vis3 +___ +} +######################################################################## +# void ecp_nistz256_point_add(P256_POINT *out,const P256_POINT *in1, +# const P256_POINT *in2); +{ +my ($res_x,$res_y,$res_z, + $in1_x,$in1_y,$in1_z, + $in2_x,$in2_y,$in2_z, + $H,$Hsqr,$R,$Rsqr,$Hcub, + $U1,$U2,$S1,$S2)=map(32*$_,(0..17)); +my ($Z1sqr, $Z2sqr) = ($Hsqr, $Rsqr); + +# above map() describes stack layout with 18 temporary +# 256-bit vectors on top. Then we reserve some space for +# !in1infty, !in2infty and result of check for zero. + +$code.=<<___; +.globl ecp_nistz256_point_add_vis3 +.align 32 +ecp_nistz256_point_add_vis3: + save %sp,-STACK64_FRAME-32*18-32,%sp + + mov $rp,$rp_real + mov -1,$minus1 + mov -2,$poly3 + sllx $minus1,32,$poly1 ! 0xFFFFFFFF00000000 + srl $poly3,0,$poly3 ! 0x00000000FFFFFFFE + + ! convert input to uint64_t[4] + ld [$bp],$a0 ! in2_x + ld [$bp+4],$t0 + ld [$bp+8],$a1 + ld [$bp+12],$t1 + ld [$bp+16],$a2 + ld [$bp+20],$t2 + ld [$bp+24],$a3 + ld [$bp+28],$t3 + sllx $t0,32,$t0 + sllx $t1,32,$t1 + ld [$bp+32],$acc0 ! in2_y + or $a0,$t0,$a0 + ld [$bp+32+4],$t0 + sllx $t2,32,$t2 + ld [$bp+32+8],$acc1 + or $a1,$t1,$a1 + ld [$bp+32+12],$t1 + sllx $t3,32,$t3 + ld [$bp+32+16],$acc2 + or $a2,$t2,$a2 + ld [$bp+32+20],$t2 + or $a3,$t3,$a3 + ld [$bp+32+24],$acc3 + sllx $t0,32,$t0 + ld [$bp+32+28],$t3 + sllx $t1,32,$t1 + stx $a0,[%sp+LOCALS64+$in2_x] + sllx $t2,32,$t2 + stx $a1,[%sp+LOCALS64+$in2_x+8] + sllx $t3,32,$t3 + stx $a2,[%sp+LOCALS64+$in2_x+16] + or $acc0,$t0,$acc0 + stx $a3,[%sp+LOCALS64+$in2_x+24] + or $acc1,$t1,$acc1 + stx $acc0,[%sp+LOCALS64+$in2_y] + or $acc2,$t2,$acc2 + stx $acc1,[%sp+LOCALS64+$in2_y+8] + or $acc3,$t3,$acc3 + stx $acc2,[%sp+LOCALS64+$in2_y+16] + stx $acc3,[%sp+LOCALS64+$in2_y+24] + + ld [$bp+64],$acc0 ! in2_z + ld [$bp+64+4],$t0 + ld [$bp+64+8],$acc1 + ld [$bp+64+12],$t1 + ld [$bp+64+16],$acc2 + ld [$bp+64+20],$t2 + ld [$bp+64+24],$acc3 + ld [$bp+64+28],$t3 + sllx $t0,32,$t0 + sllx $t1,32,$t1 + ld [$ap],$a0 ! in1_x + or $acc0,$t0,$acc0 + ld [$ap+4],$t0 + sllx $t2,32,$t2 + ld [$ap+8],$a1 + or $acc1,$t1,$acc1 + ld [$ap+12],$t1 + sllx $t3,32,$t3 + ld [$ap+16],$a2 + or $acc2,$t2,$acc2 + ld [$ap+20],$t2 + or $acc3,$t3,$acc3 + ld [$ap+24],$a3 + sllx $t0,32,$t0 + ld [$ap+28],$t3 + sllx $t1,32,$t1 + stx $acc0,[%sp+LOCALS64+$in2_z] + sllx $t2,32,$t2 + stx $acc1,[%sp+LOCALS64+$in2_z+8] + sllx $t3,32,$t3 + stx $acc2,[%sp+LOCALS64+$in2_z+16] + stx $acc3,[%sp+LOCALS64+$in2_z+24] + + or $acc1,$acc0,$acc0 + or $acc3,$acc2,$acc2 + or $acc2,$acc0,$acc0 + movrnz $acc0,-1,$acc0 ! !in2infty + stx $acc0,[%fp+STACK_BIAS-8] + + or $a0,$t0,$a0 + ld [$ap+32],$acc0 ! in1_y + or $a1,$t1,$a1 + ld [$ap+32+4],$t0 + or $a2,$t2,$a2 + ld [$ap+32+8],$acc1 + or $a3,$t3,$a3 + ld [$ap+32+12],$t1 + ld [$ap+32+16],$acc2 + ld [$ap+32+20],$t2 + ld [$ap+32+24],$acc3 + sllx $t0,32,$t0 + ld [$ap+32+28],$t3 + sllx $t1,32,$t1 + stx $a0,[%sp+LOCALS64+$in1_x] + sllx $t2,32,$t2 + stx $a1,[%sp+LOCALS64+$in1_x+8] + sllx $t3,32,$t3 + stx $a2,[%sp+LOCALS64+$in1_x+16] + or $acc0,$t0,$acc0 + stx $a3,[%sp+LOCALS64+$in1_x+24] + or $acc1,$t1,$acc1 + stx $acc0,[%sp+LOCALS64+$in1_y] + or $acc2,$t2,$acc2 + stx $acc1,[%sp+LOCALS64+$in1_y+8] + or $acc3,$t3,$acc3 + stx $acc2,[%sp+LOCALS64+$in1_y+16] + stx $acc3,[%sp+LOCALS64+$in1_y+24] + + ldx [%sp+LOCALS64+$in2_z],$a0 ! forward load + ldx [%sp+LOCALS64+$in2_z+8],$a1 + ldx [%sp+LOCALS64+$in2_z+16],$a2 + ldx [%sp+LOCALS64+$in2_z+24],$a3 + + ld [$ap+64],$acc0 ! in1_z + ld [$ap+64+4],$t0 + ld [$ap+64+8],$acc1 + ld [$ap+64+12],$t1 + ld [$ap+64+16],$acc2 + ld [$ap+64+20],$t2 + ld [$ap+64+24],$acc3 + ld [$ap+64+28],$t3 + sllx $t0,32,$t0 + sllx $t1,32,$t1 + or $acc0,$t0,$acc0 + sllx $t2,32,$t2 + or $acc1,$t1,$acc1 + sllx $t3,32,$t3 + stx $acc0,[%sp+LOCALS64+$in1_z] + or $acc2,$t2,$acc2 + stx $acc1,[%sp+LOCALS64+$in1_z+8] + or $acc3,$t3,$acc3 + stx $acc2,[%sp+LOCALS64+$in1_z+16] + stx $acc3,[%sp+LOCALS64+$in1_z+24] + + or $acc1,$acc0,$acc0 + or $acc3,$acc2,$acc2 + or $acc2,$acc0,$acc0 + movrnz $acc0,-1,$acc0 ! !in1infty + stx $acc0,[%fp+STACK_BIAS-16] + + call __ecp_nistz256_sqr_mont_vis3 ! p256_sqr_mont(Z2sqr, in2_z); + add %sp,LOCALS64+$Z2sqr,$rp + + ldx [%sp+LOCALS64+$in1_z],$a0 + ldx [%sp+LOCALS64+$in1_z+8],$a1 + ldx [%sp+LOCALS64+$in1_z+16],$a2 + ldx [%sp+LOCALS64+$in1_z+24],$a3 + call __ecp_nistz256_sqr_mont_vis3 ! p256_sqr_mont(Z1sqr, in1_z); + add %sp,LOCALS64+$Z1sqr,$rp + + ldx [%sp+LOCALS64+$Z2sqr],$bi + ldx [%sp+LOCALS64+$in2_z],$a0 + ldx [%sp+LOCALS64+$in2_z+8],$a1 + ldx [%sp+LOCALS64+$in2_z+16],$a2 + ldx [%sp+LOCALS64+$in2_z+24],$a3 + add %sp,LOCALS64+$Z2sqr,$bp + call __ecp_nistz256_mul_mont_vis3 ! p256_mul_mont(S1, Z2sqr, in2_z); + add %sp,LOCALS64+$S1,$rp + + ldx [%sp+LOCALS64+$Z1sqr],$bi + ldx [%sp+LOCALS64+$in1_z],$a0 + ldx [%sp+LOCALS64+$in1_z+8],$a1 + ldx [%sp+LOCALS64+$in1_z+16],$a2 + ldx [%sp+LOCALS64+$in1_z+24],$a3 + add %sp,LOCALS64+$Z1sqr,$bp + call __ecp_nistz256_mul_mont_vis3 ! p256_mul_mont(S2, Z1sqr, in1_z); + add %sp,LOCALS64+$S2,$rp + + ldx [%sp+LOCALS64+$S1],$bi + ldx [%sp+LOCALS64+$in1_y],$a0 + ldx [%sp+LOCALS64+$in1_y+8],$a1 + ldx [%sp+LOCALS64+$in1_y+16],$a2 + ldx [%sp+LOCALS64+$in1_y+24],$a3 + add %sp,LOCALS64+$S1,$bp + call __ecp_nistz256_mul_mont_vis3 ! p256_mul_mont(S1, S1, in1_y); + add %sp,LOCALS64+$S1,$rp + + ldx [%sp+LOCALS64+$S2],$bi + ldx [%sp+LOCALS64+$in2_y],$a0 + ldx [%sp+LOCALS64+$in2_y+8],$a1 + ldx [%sp+LOCALS64+$in2_y+16],$a2 + ldx [%sp+LOCALS64+$in2_y+24],$a3 + add %sp,LOCALS64+$S2,$bp + call __ecp_nistz256_mul_mont_vis3 ! p256_mul_mont(S2, S2, in2_y); + add %sp,LOCALS64+$S2,$rp + + ldx [%sp+LOCALS64+$Z2sqr],$bi ! forward load + ldx [%sp+LOCALS64+$in1_x],$a0 + ldx [%sp+LOCALS64+$in1_x+8],$a1 + ldx [%sp+LOCALS64+$in1_x+16],$a2 + ldx [%sp+LOCALS64+$in1_x+24],$a3 + + add %sp,LOCALS64+$S1,$bp + call __ecp_nistz256_sub_from_vis3 ! p256_sub(R, S2, S1); + add %sp,LOCALS64+$R,$rp + + or $acc1,$acc0,$acc0 ! see if result is zero + or $acc3,$acc2,$acc2 + or $acc2,$acc0,$acc0 + stx $acc0,[%fp+STACK_BIAS-24] + + add %sp,LOCALS64+$Z2sqr,$bp + call __ecp_nistz256_mul_mont_vis3 ! p256_mul_mont(U1, in1_x, Z2sqr); + add %sp,LOCALS64+$U1,$rp + + ldx [%sp+LOCALS64+$Z1sqr],$bi + ldx [%sp+LOCALS64+$in2_x],$a0 + ldx [%sp+LOCALS64+$in2_x+8],$a1 + ldx [%sp+LOCALS64+$in2_x+16],$a2 + ldx [%sp+LOCALS64+$in2_x+24],$a3 + add %sp,LOCALS64+$Z1sqr,$bp + call __ecp_nistz256_mul_mont_vis3 ! p256_mul_mont(U2, in2_x, Z1sqr); + add %sp,LOCALS64+$U2,$rp + + ldx [%sp+LOCALS64+$R],$a0 ! forward load + ldx [%sp+LOCALS64+$R+8],$a1 + ldx [%sp+LOCALS64+$R+16],$a2 + ldx [%sp+LOCALS64+$R+24],$a3 + + add %sp,LOCALS64+$U1,$bp + call __ecp_nistz256_sub_from_vis3 ! p256_sub(H, U2, U1); + add %sp,LOCALS64+$H,$rp + + or $acc1,$acc0,$acc0 ! see if result is zero + or $acc3,$acc2,$acc2 + orcc $acc2,$acc0,$acc0 + + bne,pt %xcc,.Ladd_proceed_vis3 ! is_equal(U1,U2)? + nop + + ldx [%fp+STACK_BIAS-8],$t0 + ldx [%fp+STACK_BIAS-16],$t1 + ldx [%fp+STACK_BIAS-24],$t2 + andcc $t0,$t1,%g0 + be,pt %xcc,.Ladd_proceed_vis3 ! (in1infty || in2infty)? + nop + andcc $t2,$t2,%g0 + be,a,pt %xcc,.Ldouble_shortcut_vis3 ! is_equal(S1,S2)? + add %sp,32*(12-10)+32,%sp ! difference in frame sizes + + st %g0,[$rp_real] + st %g0,[$rp_real+4] + st %g0,[$rp_real+8] + st %g0,[$rp_real+12] + st %g0,[$rp_real+16] + st %g0,[$rp_real+20] + st %g0,[$rp_real+24] + st %g0,[$rp_real+28] + st %g0,[$rp_real+32] + st %g0,[$rp_real+32+4] + st %g0,[$rp_real+32+8] + st %g0,[$rp_real+32+12] + st %g0,[$rp_real+32+16] + st %g0,[$rp_real+32+20] + st %g0,[$rp_real+32+24] + st %g0,[$rp_real+32+28] + st %g0,[$rp_real+64] + st %g0,[$rp_real+64+4] + st %g0,[$rp_real+64+8] + st %g0,[$rp_real+64+12] + st %g0,[$rp_real+64+16] + st %g0,[$rp_real+64+20] + st %g0,[$rp_real+64+24] + st %g0,[$rp_real+64+28] + b .Ladd_done_vis3 + nop + +.align 16 +.Ladd_proceed_vis3: + call __ecp_nistz256_sqr_mont_vis3 ! p256_sqr_mont(Rsqr, R); + add %sp,LOCALS64+$Rsqr,$rp + + ldx [%sp+LOCALS64+$H],$bi + ldx [%sp+LOCALS64+$in1_z],$a0 + ldx [%sp+LOCALS64+$in1_z+8],$a1 + ldx [%sp+LOCALS64+$in1_z+16],$a2 + ldx [%sp+LOCALS64+$in1_z+24],$a3 + add %sp,LOCALS64+$H,$bp + call __ecp_nistz256_mul_mont_vis3 ! p256_mul_mont(res_z, H, in1_z); + add %sp,LOCALS64+$res_z,$rp + + ldx [%sp+LOCALS64+$H],$a0 + ldx [%sp+LOCALS64+$H+8],$a1 + ldx [%sp+LOCALS64+$H+16],$a2 + ldx [%sp+LOCALS64+$H+24],$a3 + call __ecp_nistz256_sqr_mont_vis3 ! p256_sqr_mont(Hsqr, H); + add %sp,LOCALS64+$Hsqr,$rp + + ldx [%sp+LOCALS64+$res_z],$bi + ldx [%sp+LOCALS64+$in2_z],$a0 + ldx [%sp+LOCALS64+$in2_z+8],$a1 + ldx [%sp+LOCALS64+$in2_z+16],$a2 + ldx [%sp+LOCALS64+$in2_z+24],$a3 + add %sp,LOCALS64+$res_z,$bp + call __ecp_nistz256_mul_mont_vis3 ! p256_mul_mont(res_z, res_z, in2_z); + add %sp,LOCALS64+$res_z,$rp + + ldx [%sp+LOCALS64+$H],$bi + ldx [%sp+LOCALS64+$Hsqr],$a0 + ldx [%sp+LOCALS64+$Hsqr+8],$a1 + ldx [%sp+LOCALS64+$Hsqr+16],$a2 + ldx [%sp+LOCALS64+$Hsqr+24],$a3 + add %sp,LOCALS64+$H,$bp + call __ecp_nistz256_mul_mont_vis3 ! p256_mul_mont(Hcub, Hsqr, H); + add %sp,LOCALS64+$Hcub,$rp + + ldx [%sp+LOCALS64+$U1],$bi + ldx [%sp+LOCALS64+$Hsqr],$a0 + ldx [%sp+LOCALS64+$Hsqr+8],$a1 + ldx [%sp+LOCALS64+$Hsqr+16],$a2 + ldx [%sp+LOCALS64+$Hsqr+24],$a3 + add %sp,LOCALS64+$U1,$bp + call __ecp_nistz256_mul_mont_vis3 ! p256_mul_mont(U2, U1, Hsqr); + add %sp,LOCALS64+$U2,$rp + + call __ecp_nistz256_mul_by_2_vis3 ! p256_mul_by_2(Hsqr, U2); + add %sp,LOCALS64+$Hsqr,$rp + + add %sp,LOCALS64+$Rsqr,$bp + call __ecp_nistz256_sub_morf_vis3 ! p256_sub(res_x, Rsqr, Hsqr); + add %sp,LOCALS64+$res_x,$rp + + add %sp,LOCALS64+$Hcub,$bp + call __ecp_nistz256_sub_from_vis3 ! p256_sub(res_x, res_x, Hcub); + add %sp,LOCALS64+$res_x,$rp + + ldx [%sp+LOCALS64+$S1],$bi ! forward load + ldx [%sp+LOCALS64+$Hcub],$a0 + ldx [%sp+LOCALS64+$Hcub+8],$a1 + ldx [%sp+LOCALS64+$Hcub+16],$a2 + ldx [%sp+LOCALS64+$Hcub+24],$a3 + + add %sp,LOCALS64+$U2,$bp + call __ecp_nistz256_sub_morf_vis3 ! p256_sub(res_y, U2, res_x); + add %sp,LOCALS64+$res_y,$rp + + add %sp,LOCALS64+$S1,$bp + call __ecp_nistz256_mul_mont_vis3 ! p256_mul_mont(S2, S1, Hcub); + add %sp,LOCALS64+$S2,$rp + + ldx [%sp+LOCALS64+$R],$bi + ldx [%sp+LOCALS64+$res_y],$a0 + ldx [%sp+LOCALS64+$res_y+8],$a1 + ldx [%sp+LOCALS64+$res_y+16],$a2 + ldx [%sp+LOCALS64+$res_y+24],$a3 + add %sp,LOCALS64+$R,$bp + call __ecp_nistz256_mul_mont_vis3 ! p256_mul_mont(res_y, res_y, R); + add %sp,LOCALS64+$res_y,$rp + + add %sp,LOCALS64+$S2,$bp + call __ecp_nistz256_sub_from_vis3 ! p256_sub(res_y, res_y, S2); + add %sp,LOCALS64+$res_y,$rp + + ldx [%fp+STACK_BIAS-16],$t1 ! !in1infty + ldx [%fp+STACK_BIAS-8],$t2 ! !in2infty +___ +for($i=0;$i<96;$i+=16) { # conditional moves +$code.=<<___; + ldx [%sp+LOCALS64+$res_x+$i],$acc0 ! res + ldx [%sp+LOCALS64+$res_x+$i+8],$acc1 + ldx [%sp+LOCALS64+$in2_x+$i],$acc2 ! in2 + ldx [%sp+LOCALS64+$in2_x+$i+8],$acc3 + ldx [%sp+LOCALS64+$in1_x+$i],$acc4 ! in1 + ldx [%sp+LOCALS64+$in1_x+$i+8],$acc5 + movrz $t1,$acc2,$acc0 + movrz $t1,$acc3,$acc1 + movrz $t2,$acc4,$acc0 + movrz $t2,$acc5,$acc1 + srlx $acc0,32,$acc2 + srlx $acc1,32,$acc3 + st $acc0,[$rp_real+$i] + st $acc2,[$rp_real+$i+4] + st $acc1,[$rp_real+$i+8] + st $acc3,[$rp_real+$i+12] +___ +} +$code.=<<___; +.Ladd_done_vis3: + ret + restore +.type ecp_nistz256_point_add_vis3,#function +.size ecp_nistz256_point_add_vis3,.-ecp_nistz256_point_add_vis3 +___ +} +######################################################################## +# void ecp_nistz256_point_add_affine(P256_POINT *out,const P256_POINT *in1, +# const P256_POINT_AFFINE *in2); +{ +my ($res_x,$res_y,$res_z, + $in1_x,$in1_y,$in1_z, + $in2_x,$in2_y, + $U2,$S2,$H,$R,$Hsqr,$Hcub,$Rsqr)=map(32*$_,(0..14)); +my $Z1sqr = $S2; +# above map() describes stack layout with 15 temporary +# 256-bit vectors on top. Then we reserve some space for +# !in1infty and !in2infty. + +$code.=<<___; +.align 32 +ecp_nistz256_point_add_affine_vis3: + save %sp,-STACK64_FRAME-32*15-32,%sp + + mov $rp,$rp_real + mov -1,$minus1 + mov -2,$poly3 + sllx $minus1,32,$poly1 ! 0xFFFFFFFF00000000 + srl $poly3,0,$poly3 ! 0x00000000FFFFFFFE + + ! convert input to uint64_t[4] + ld [$bp],$a0 ! in2_x + ld [$bp+4],$t0 + ld [$bp+8],$a1 + ld [$bp+12],$t1 + ld [$bp+16],$a2 + ld [$bp+20],$t2 + ld [$bp+24],$a3 + ld [$bp+28],$t3 + sllx $t0,32,$t0 + sllx $t1,32,$t1 + ld [$bp+32],$acc0 ! in2_y + or $a0,$t0,$a0 + ld [$bp+32+4],$t0 + sllx $t2,32,$t2 + ld [$bp+32+8],$acc1 + or $a1,$t1,$a1 + ld [$bp+32+12],$t1 + sllx $t3,32,$t3 + ld [$bp+32+16],$acc2 + or $a2,$t2,$a2 + ld [$bp+32+20],$t2 + or $a3,$t3,$a3 + ld [$bp+32+24],$acc3 + sllx $t0,32,$t0 + ld [$bp+32+28],$t3 + sllx $t1,32,$t1 + stx $a0,[%sp+LOCALS64+$in2_x] + sllx $t2,32,$t2 + stx $a1,[%sp+LOCALS64+$in2_x+8] + sllx $t3,32,$t3 + stx $a2,[%sp+LOCALS64+$in2_x+16] + or $acc0,$t0,$acc0 + stx $a3,[%sp+LOCALS64+$in2_x+24] + or $acc1,$t1,$acc1 + stx $acc0,[%sp+LOCALS64+$in2_y] + or $acc2,$t2,$acc2 + stx $acc1,[%sp+LOCALS64+$in2_y+8] + or $acc3,$t3,$acc3 + stx $acc2,[%sp+LOCALS64+$in2_y+16] + stx $acc3,[%sp+LOCALS64+$in2_y+24] + + or $a1,$a0,$a0 + or $a3,$a2,$a2 + or $acc1,$acc0,$acc0 + or $acc3,$acc2,$acc2 + or $a2,$a0,$a0 + or $acc2,$acc0,$acc0 + or $acc0,$a0,$a0 + movrnz $a0,-1,$a0 ! !in2infty + stx $a0,[%fp+STACK_BIAS-8] + + ld [$ap],$a0 ! in1_x + ld [$ap+4],$t0 + ld [$ap+8],$a1 + ld [$ap+12],$t1 + ld [$ap+16],$a2 + ld [$ap+20],$t2 + ld [$ap+24],$a3 + ld [$ap+28],$t3 + sllx $t0,32,$t0 + sllx $t1,32,$t1 + ld [$ap+32],$acc0 ! in1_y + or $a0,$t0,$a0 + ld [$ap+32+4],$t0 + sllx $t2,32,$t2 + ld [$ap+32+8],$acc1 + or $a1,$t1,$a1 + ld [$ap+32+12],$t1 + sllx $t3,32,$t3 + ld [$ap+32+16],$acc2 + or $a2,$t2,$a2 + ld [$ap+32+20],$t2 + or $a3,$t3,$a3 + ld [$ap+32+24],$acc3 + sllx $t0,32,$t0 + ld [$ap+32+28],$t3 + sllx $t1,32,$t1 + stx $a0,[%sp+LOCALS64+$in1_x] + sllx $t2,32,$t2 + stx $a1,[%sp+LOCALS64+$in1_x+8] + sllx $t3,32,$t3 + stx $a2,[%sp+LOCALS64+$in1_x+16] + or $acc0,$t0,$acc0 + stx $a3,[%sp+LOCALS64+$in1_x+24] + or $acc1,$t1,$acc1 + stx $acc0,[%sp+LOCALS64+$in1_y] + or $acc2,$t2,$acc2 + stx $acc1,[%sp+LOCALS64+$in1_y+8] + or $acc3,$t3,$acc3 + stx $acc2,[%sp+LOCALS64+$in1_y+16] + stx $acc3,[%sp+LOCALS64+$in1_y+24] + + ld [$ap+64],$a0 ! in1_z + ld [$ap+64+4],$t0 + ld [$ap+64+8],$a1 + ld [$ap+64+12],$t1 + ld [$ap+64+16],$a2 + ld [$ap+64+20],$t2 + ld [$ap+64+24],$a3 + ld [$ap+64+28],$t3 + sllx $t0,32,$t0 + sllx $t1,32,$t1 + or $a0,$t0,$a0 + sllx $t2,32,$t2 + or $a1,$t1,$a1 + sllx $t3,32,$t3 + stx $a0,[%sp+LOCALS64+$in1_z] + or $a2,$t2,$a2 + stx $a1,[%sp+LOCALS64+$in1_z+8] + or $a3,$t3,$a3 + stx $a2,[%sp+LOCALS64+$in1_z+16] + stx $a3,[%sp+LOCALS64+$in1_z+24] + + or $a1,$a0,$t0 + or $a3,$a2,$t2 + or $t2,$t0,$t0 + movrnz $t0,-1,$t0 ! !in1infty + stx $t0,[%fp+STACK_BIAS-16] + + call __ecp_nistz256_sqr_mont_vis3 ! p256_sqr_mont(Z1sqr, in1_z); + add %sp,LOCALS64+$Z1sqr,$rp + + ldx [%sp+LOCALS64+$in2_x],$bi + mov $acc0,$a0 + mov $acc1,$a1 + mov $acc2,$a2 + mov $acc3,$a3 + add %sp,LOCALS64+$in2_x,$bp + call __ecp_nistz256_mul_mont_vis3 ! p256_mul_mont(U2, Z1sqr, in2_x); + add %sp,LOCALS64+$U2,$rp + + ldx [%sp+LOCALS64+$Z1sqr],$bi ! forward load + ldx [%sp+LOCALS64+$in1_z],$a0 + ldx [%sp+LOCALS64+$in1_z+8],$a1 + ldx [%sp+LOCALS64+$in1_z+16],$a2 + ldx [%sp+LOCALS64+$in1_z+24],$a3 + + add %sp,LOCALS64+$in1_x,$bp + call __ecp_nistz256_sub_from_vis3 ! p256_sub(H, U2, in1_x); + add %sp,LOCALS64+$H,$rp + + add %sp,LOCALS64+$Z1sqr,$bp + call __ecp_nistz256_mul_mont_vis3 ! p256_mul_mont(S2, Z1sqr, in1_z); + add %sp,LOCALS64+$S2,$rp + + ldx [%sp+LOCALS64+$H],$bi + ldx [%sp+LOCALS64+$in1_z],$a0 + ldx [%sp+LOCALS64+$in1_z+8],$a1 + ldx [%sp+LOCALS64+$in1_z+16],$a2 + ldx [%sp+LOCALS64+$in1_z+24],$a3 + add %sp,LOCALS64+$H,$bp + call __ecp_nistz256_mul_mont_vis3 ! p256_mul_mont(res_z, H, in1_z); + add %sp,LOCALS64+$res_z,$rp + + ldx [%sp+LOCALS64+$S2],$bi + ldx [%sp+LOCALS64+$in2_y],$a0 + ldx [%sp+LOCALS64+$in2_y+8],$a1 + ldx [%sp+LOCALS64+$in2_y+16],$a2 + ldx [%sp+LOCALS64+$in2_y+24],$a3 + add %sp,LOCALS64+$S2,$bp + call __ecp_nistz256_mul_mont_vis3 ! p256_mul_mont(S2, S2, in2_y); + add %sp,LOCALS64+$S2,$rp + + ldx [%sp+LOCALS64+$H],$a0 ! forward load + ldx [%sp+LOCALS64+$H+8],$a1 + ldx [%sp+LOCALS64+$H+16],$a2 + ldx [%sp+LOCALS64+$H+24],$a3 + + add %sp,LOCALS64+$in1_y,$bp + call __ecp_nistz256_sub_from_vis3 ! p256_sub(R, S2, in1_y); + add %sp,LOCALS64+$R,$rp + + call __ecp_nistz256_sqr_mont_vis3 ! p256_sqr_mont(Hsqr, H); + add %sp,LOCALS64+$Hsqr,$rp + + ldx [%sp+LOCALS64+$R],$a0 + ldx [%sp+LOCALS64+$R+8],$a1 + ldx [%sp+LOCALS64+$R+16],$a2 + ldx [%sp+LOCALS64+$R+24],$a3 + call __ecp_nistz256_sqr_mont_vis3 ! p256_sqr_mont(Rsqr, R); + add %sp,LOCALS64+$Rsqr,$rp + + ldx [%sp+LOCALS64+$H],$bi + ldx [%sp+LOCALS64+$Hsqr],$a0 + ldx [%sp+LOCALS64+$Hsqr+8],$a1 + ldx [%sp+LOCALS64+$Hsqr+16],$a2 + ldx [%sp+LOCALS64+$Hsqr+24],$a3 + add %sp,LOCALS64+$H,$bp + call __ecp_nistz256_mul_mont_vis3 ! p256_mul_mont(Hcub, Hsqr, H); + add %sp,LOCALS64+$Hcub,$rp + + ldx [%sp+LOCALS64+$Hsqr],$bi + ldx [%sp+LOCALS64+$in1_x],$a0 + ldx [%sp+LOCALS64+$in1_x+8],$a1 + ldx [%sp+LOCALS64+$in1_x+16],$a2 + ldx [%sp+LOCALS64+$in1_x+24],$a3 + add %sp,LOCALS64+$Hsqr,$bp + call __ecp_nistz256_mul_mont_vis3 ! p256_mul_mont(U2, in1_x, Hsqr); + add %sp,LOCALS64+$U2,$rp + + call __ecp_nistz256_mul_by_2_vis3 ! p256_mul_by_2(Hsqr, U2); + add %sp,LOCALS64+$Hsqr,$rp + + add %sp,LOCALS64+$Rsqr,$bp + call __ecp_nistz256_sub_morf_vis3 ! p256_sub(res_x, Rsqr, Hsqr); + add %sp,LOCALS64+$res_x,$rp + + add %sp,LOCALS64+$Hcub,$bp + call __ecp_nistz256_sub_from_vis3 ! p256_sub(res_x, res_x, Hcub); + add %sp,LOCALS64+$res_x,$rp + + ldx [%sp+LOCALS64+$Hcub],$bi ! forward load + ldx [%sp+LOCALS64+$in1_y],$a0 + ldx [%sp+LOCALS64+$in1_y+8],$a1 + ldx [%sp+LOCALS64+$in1_y+16],$a2 + ldx [%sp+LOCALS64+$in1_y+24],$a3 + + add %sp,LOCALS64+$U2,$bp + call __ecp_nistz256_sub_morf_vis3 ! p256_sub(res_y, U2, res_x); + add %sp,LOCALS64+$res_y,$rp + + add %sp,LOCALS64+$Hcub,$bp + call __ecp_nistz256_mul_mont_vis3 ! p256_mul_mont(S2, in1_y, Hcub); + add %sp,LOCALS64+$S2,$rp + + ldx [%sp+LOCALS64+$R],$bi + ldx [%sp+LOCALS64+$res_y],$a0 + ldx [%sp+LOCALS64+$res_y+8],$a1 + ldx [%sp+LOCALS64+$res_y+16],$a2 + ldx [%sp+LOCALS64+$res_y+24],$a3 + add %sp,LOCALS64+$R,$bp + call __ecp_nistz256_mul_mont_vis3 ! p256_mul_mont(res_y, res_y, R); + add %sp,LOCALS64+$res_y,$rp + + add %sp,LOCALS64+$S2,$bp + call __ecp_nistz256_sub_from_vis3 ! p256_sub(res_y, res_y, S2); + add %sp,LOCALS64+$res_y,$rp + + ldx [%fp+STACK_BIAS-16],$t1 ! !in1infty + ldx [%fp+STACK_BIAS-8],$t2 ! !in2infty +1: call .+8 + add %o7,.Lone_mont_vis3-1b,$bp +___ +for($i=0;$i<64;$i+=16) { # conditional moves +$code.=<<___; + ldx [%sp+LOCALS64+$res_x+$i],$acc0 ! res + ldx [%sp+LOCALS64+$res_x+$i+8],$acc1 + ldx [%sp+LOCALS64+$in2_x+$i],$acc2 ! in2 + ldx [%sp+LOCALS64+$in2_x+$i+8],$acc3 + ldx [%sp+LOCALS64+$in1_x+$i],$acc4 ! in1 + ldx [%sp+LOCALS64+$in1_x+$i+8],$acc5 + movrz $t1,$acc2,$acc0 + movrz $t1,$acc3,$acc1 + movrz $t2,$acc4,$acc0 + movrz $t2,$acc5,$acc1 + srlx $acc0,32,$acc2 + srlx $acc1,32,$acc3 + st $acc0,[$rp_real+$i] + st $acc2,[$rp_real+$i+4] + st $acc1,[$rp_real+$i+8] + st $acc3,[$rp_real+$i+12] +___ +} +for(;$i<96;$i+=16) { +$code.=<<___; + ldx [%sp+LOCALS64+$res_x+$i],$acc0 ! res + ldx [%sp+LOCALS64+$res_x+$i+8],$acc1 + ldx [$bp+$i-64],$acc2 ! "in2" + ldx [$bp+$i-64+8],$acc3 + ldx [%sp+LOCALS64+$in1_x+$i],$acc4 ! in1 + ldx [%sp+LOCALS64+$in1_x+$i+8],$acc5 + movrz $t1,$acc2,$acc0 + movrz $t1,$acc3,$acc1 + movrz $t2,$acc4,$acc0 + movrz $t2,$acc5,$acc1 + srlx $acc0,32,$acc2 + srlx $acc1,32,$acc3 + st $acc0,[$rp_real+$i] + st $acc2,[$rp_real+$i+4] + st $acc1,[$rp_real+$i+8] + st $acc3,[$rp_real+$i+12] +___ +} +$code.=<<___; + ret + restore +.type ecp_nistz256_point_add_affine_vis3,#function +.size ecp_nistz256_point_add_affine_vis3,.-ecp_nistz256_point_add_affine_vis3 +.align 64 +.Lone_mont_vis3: +.long 0x00000000,0x00000001, 0xffffffff,0x00000000 +.long 0xffffffff,0xffffffff, 0x00000000,0xfffffffe +.align 64 +#endif +___ +} }}} + +# Purpose of these subroutines is to explicitly encode VIS instructions, +# so that one can compile the module without having to specify VIS +# extensions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a. +# Idea is to reserve for option to produce "universal" binary and let +# programmer detect if current CPU is VIS capable at run-time. +sub unvis3 { +my ($mnemonic,$rs1,$rs2,$rd)=@_; +my %bias = ( "g" => 0, "o" => 8, "l" => 16, "i" => 24 ); +my ($ref,$opf); +my %visopf = ( "addxc" => 0x011, + "addxccc" => 0x013, + "umulxhi" => 0x016 ); + + $ref = "$mnemonic\t$rs1,$rs2,$rd"; + + if ($opf=$visopf{$mnemonic}) { + foreach ($rs1,$rs2,$rd) { + return $ref if (!/%([goli])([0-9])/); + $_=$bias{$1}+$2; + } + + return sprintf ".word\t0x%08x !%s", + 0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2, + $ref; + } else { + return $ref; + } +} + +foreach (split("\n",$code)) { + s/\`([^\`]*)\`/eval $1/ge; + + s/\b(umulxhi|addxc[c]{0,2})\s+(%[goli][0-7]),\s*(%[goli][0-7]),\s*(%[goli][0-7])/ + &unvis3($1,$2,$3,$4) + /ge; + + print $_,"\n"; +} + +close STDOUT; diff --git a/src/lib/libcrypto/ec/asm/ecp_nistz256-x86.pl b/src/lib/libcrypto/ec/asm/ecp_nistz256-x86.pl new file mode 100644 index 00000000000..085d637e5db --- /dev/null +++ b/src/lib/libcrypto/ec/asm/ecp_nistz256-x86.pl @@ -0,0 +1,1740 @@ +#! /usr/bin/env perl +# $OpenBSD: ecp_nistz256-x86.pl,v 1.1 2016/11/04 17:33:20 miod Exp $ +# +# Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== +# +# ECP_NISTZ256 module for x86/SSE2. +# +# October 2014. +# +# Original ECP_NISTZ256 submission targeting x86_64 is detailed in +# http://eprint.iacr.org/2013/816. In the process of adaptation +# original .c module was made 32-bit savvy in order to make this +# implementation possible. +# +# with/without -DECP_NISTZ256_ASM +# Pentium +66-163% +# PIII +72-172% +# P4 +65-132% +# Core2 +90-215% +# Sandy Bridge +105-265% (contemporary i[57]-* are all close to this) +# Atom +65-155% +# Opteron +54-110% +# Bulldozer +99-240% +# VIA Nano +93-290% +# +# Ranges denote minimum and maximum improvement coefficients depending +# on benchmark. Lower coefficients are for ECDSA sign, server-side +# operation. Keep in mind that +200% means 3x improvement. + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +push(@INC,"${dir}","${dir}../../perlasm"); +require "x86asm.pl"; + +# Uncomment when all i386 assembly generators are updated to take the output +# file as last argument... +# $output=pop; +# open STDOUT,">$output"; + +&asm_init($ARGV[0],"ecp_nistz256-x86.pl",$ARGV[$#ARGV] eq "386"); + +$sse2=0; +for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } + +&external_label("OPENSSL_ia32cap_P") if ($sse2); + + +######################################################################## +# Keep in mind that constants are stored least to most significant word +&static_label("ONE"); +&set_label("ONE",64); +&data_word(1,0,0,0,0,0,0,0); +&align(64); + +######################################################################## +# void ecp_nistz256_mul_by_2(BN_ULONG edi[8],const BN_ULONG esi[8]); +&function_begin("ecp_nistz256_mul_by_2"); + &mov ("esi",&wparam(1)); + &mov ("edi",&wparam(0)); + &mov ("ebp","esi"); +######################################################################## +# common pattern for internal functions is that %edi is result pointer, +# %esi and %ebp are input ones, %ebp being optional. %edi is preserved. + &call ("_ecp_nistz256_add"); +&function_end("ecp_nistz256_mul_by_2"); + +######################################################################## +# void ecp_nistz256_div_by_2(BN_ULONG edi[8],const BN_ULONG esi[8]); +&function_begin("ecp_nistz256_div_by_2"); + &mov ("esi",&wparam(1)); + &mov ("edi",&wparam(0)); + &call ("_ecp_nistz256_div_by_2"); +&function_end("ecp_nistz256_div_by_2"); + +&function_begin_B("_ecp_nistz256_div_by_2"); + # tmp = a is odd ? a+mod : a + # + # note that because mod has special form, i.e. consists of + # 0xffffffff, 1 and 0s, we can conditionally synthesize it by + # assigning least significant bit of input to one register, + # %ebp, and its negative to another, %edx. + + &mov ("ebp",&DWP(0,"esi")); + &xor ("edx","edx"); + &mov ("ebx",&DWP(4,"esi")); + &mov ("eax","ebp"); + &and ("ebp",1); + &mov ("ecx",&DWP(8,"esi")); + &sub ("edx","ebp"); + + &add ("eax","edx"); + &adc ("ebx","edx"); + &mov (&DWP(0,"edi"),"eax"); + &adc ("ecx","edx"); + &mov (&DWP(4,"edi"),"ebx"); + &mov (&DWP(8,"edi"),"ecx"); + + &mov ("eax",&DWP(12,"esi")); + &mov ("ebx",&DWP(16,"esi")); + &adc ("eax",0); + &mov ("ecx",&DWP(20,"esi")); + &adc ("ebx",0); + &mov (&DWP(12,"edi"),"eax"); + &adc ("ecx",0); + &mov (&DWP(16,"edi"),"ebx"); + &mov (&DWP(20,"edi"),"ecx"); + + &mov ("eax",&DWP(24,"esi")); + &mov ("ebx",&DWP(28,"esi")); + &adc ("eax","ebp"); + &adc ("ebx","edx"); + &mov (&DWP(24,"edi"),"eax"); + &sbb ("esi","esi"); # broadcast carry bit + &mov (&DWP(28,"edi"),"ebx"); + + # ret = tmp >> 1 + + &mov ("eax",&DWP(0,"edi")); + &mov ("ebx",&DWP(4,"edi")); + &mov ("ecx",&DWP(8,"edi")); + &mov ("edx",&DWP(12,"edi")); + + &shr ("eax",1); + &mov ("ebp","ebx"); + &shl ("ebx",31); + &or ("eax","ebx"); + + &shr ("ebp",1); + &mov ("ebx","ecx"); + &shl ("ecx",31); + &mov (&DWP(0,"edi"),"eax"); + &or ("ebp","ecx"); + &mov ("eax",&DWP(16,"edi")); + + &shr ("ebx",1); + &mov ("ecx","edx"); + &shl ("edx",31); + &mov (&DWP(4,"edi"),"ebp"); + &or ("ebx","edx"); + &mov ("ebp",&DWP(20,"edi")); + + &shr ("ecx",1); + &mov ("edx","eax"); + &shl ("eax",31); + &mov (&DWP(8,"edi"),"ebx"); + &or ("ecx","eax"); + &mov ("ebx",&DWP(24,"edi")); + + &shr ("edx",1); + &mov ("eax","ebp"); + &shl ("ebp",31); + &mov (&DWP(12,"edi"),"ecx"); + &or ("edx","ebp"); + &mov ("ecx",&DWP(28,"edi")); + + &shr ("eax",1); + &mov ("ebp","ebx"); + &shl ("ebx",31); + &mov (&DWP(16,"edi"),"edx"); + &or ("eax","ebx"); + + &shr ("ebp",1); + &mov ("ebx","ecx"); + &shl ("ecx",31); + &mov (&DWP(20,"edi"),"eax"); + &or ("ebp","ecx"); + + &shr ("ebx",1); + &shl ("esi",31); + &mov (&DWP(24,"edi"),"ebp"); + &or ("ebx","esi"); # handle top-most carry bit + &mov (&DWP(28,"edi"),"ebx"); + + &ret (); +&function_end_B("_ecp_nistz256_div_by_2"); + +######################################################################## +# void ecp_nistz256_add(BN_ULONG edi[8],const BN_ULONG esi[8], +# const BN_ULONG ebp[8]); +&function_begin("ecp_nistz256_add"); + &mov ("esi",&wparam(1)); + &mov ("ebp",&wparam(2)); + &mov ("edi",&wparam(0)); + &call ("_ecp_nistz256_add"); +&function_end("ecp_nistz256_add"); + +&function_begin_B("_ecp_nistz256_add"); + &mov ("eax",&DWP(0,"esi")); + &mov ("ebx",&DWP(4,"esi")); + &mov ("ecx",&DWP(8,"esi")); + &add ("eax",&DWP(0,"ebp")); + &mov ("edx",&DWP(12,"esi")); + &adc ("ebx",&DWP(4,"ebp")); + &mov (&DWP(0,"edi"),"eax"); + &adc ("ecx",&DWP(8,"ebp")); + &mov (&DWP(4,"edi"),"ebx"); + &adc ("edx",&DWP(12,"ebp")); + &mov (&DWP(8,"edi"),"ecx"); + &mov (&DWP(12,"edi"),"edx"); + + &mov ("eax",&DWP(16,"esi")); + &mov ("ebx",&DWP(20,"esi")); + &mov ("ecx",&DWP(24,"esi")); + &adc ("eax",&DWP(16,"ebp")); + &mov ("edx",&DWP(28,"esi")); + &adc ("ebx",&DWP(20,"ebp")); + &mov (&DWP(16,"edi"),"eax"); + &adc ("ecx",&DWP(24,"ebp")); + &mov (&DWP(20,"edi"),"ebx"); + &mov ("esi",0); + &adc ("edx",&DWP(28,"ebp")); + &mov (&DWP(24,"edi"),"ecx"); + &adc ("esi",0); + &mov (&DWP(28,"edi"),"edx"); + + # if a+b >= modulus, subtract modulus. + # + # But since comparison implies subtraction, we subtract modulus + # to see if it borrows, and then subtract it for real if + # subtraction didn't borrow. + + &mov ("eax",&DWP(0,"edi")); + &mov ("ebx",&DWP(4,"edi")); + &mov ("ecx",&DWP(8,"edi")); + &sub ("eax",-1); + &mov ("edx",&DWP(12,"edi")); + &sbb ("ebx",-1); + &mov ("eax",&DWP(16,"edi")); + &sbb ("ecx",-1); + &mov ("ebx",&DWP(20,"edi")); + &sbb ("edx",0); + &mov ("ecx",&DWP(24,"edi")); + &sbb ("eax",0); + &mov ("edx",&DWP(28,"edi")); + &sbb ("ebx",0); + &sbb ("ecx",1); + &sbb ("edx",-1); + &sbb ("esi",0); + + # Note that because mod has special form, i.e. consists of + # 0xffffffff, 1 and 0s, we can conditionally synthesize it by + # by using borrow. + + ¬ ("esi"); + &mov ("eax",&DWP(0,"edi")); + &mov ("ebp","esi"); + &mov ("ebx",&DWP(4,"edi")); + &shr ("ebp",31); + &mov ("ecx",&DWP(8,"edi")); + &sub ("eax","esi"); + &mov ("edx",&DWP(12,"edi")); + &sbb ("ebx","esi"); + &mov (&DWP(0,"edi"),"eax"); + &sbb ("ecx","esi"); + &mov (&DWP(4,"edi"),"ebx"); + &sbb ("edx",0); + &mov (&DWP(8,"edi"),"ecx"); + &mov (&DWP(12,"edi"),"edx"); + + &mov ("eax",&DWP(16,"edi")); + &mov ("ebx",&DWP(20,"edi")); + &mov ("ecx",&DWP(24,"edi")); + &sbb ("eax",0); + &mov ("edx",&DWP(28,"edi")); + &sbb ("ebx",0); + &mov (&DWP(16,"edi"),"eax"); + &sbb ("ecx","ebp"); + &mov (&DWP(20,"edi"),"ebx"); + &sbb ("edx","esi"); + &mov (&DWP(24,"edi"),"ecx"); + &mov (&DWP(28,"edi"),"edx"); + + &ret (); +&function_end_B("_ecp_nistz256_add"); + +######################################################################## +# void ecp_nistz256_sub(BN_ULONG edi[8],const BN_ULONG esi[8], +# const BN_ULONG ebp[8]); +&function_begin("ecp_nistz256_sub"); + &mov ("esi",&wparam(1)); + &mov ("ebp",&wparam(2)); + &mov ("edi",&wparam(0)); + &call ("_ecp_nistz256_sub"); +&function_end("ecp_nistz256_sub"); + +&function_begin_B("_ecp_nistz256_sub"); + &mov ("eax",&DWP(0,"esi")); + &mov ("ebx",&DWP(4,"esi")); + &mov ("ecx",&DWP(8,"esi")); + &sub ("eax",&DWP(0,"ebp")); + &mov ("edx",&DWP(12,"esi")); + &sbb ("ebx",&DWP(4,"ebp")); + &mov (&DWP(0,"edi"),"eax"); + &sbb ("ecx",&DWP(8,"ebp")); + &mov (&DWP(4,"edi"),"ebx"); + &sbb ("edx",&DWP(12,"ebp")); + &mov (&DWP(8,"edi"),"ecx"); + &mov (&DWP(12,"edi"),"edx"); + + &mov ("eax",&DWP(16,"esi")); + &mov ("ebx",&DWP(20,"esi")); + &mov ("ecx",&DWP(24,"esi")); + &sbb ("eax",&DWP(16,"ebp")); + &mov ("edx",&DWP(28,"esi")); + &sbb ("ebx",&DWP(20,"ebp")); + &sbb ("ecx",&DWP(24,"ebp")); + &mov (&DWP(16,"edi"),"eax"); + &sbb ("edx",&DWP(28,"ebp")); + &mov (&DWP(20,"edi"),"ebx"); + &sbb ("esi","esi"); # broadcast borrow bit + &mov (&DWP(24,"edi"),"ecx"); + &mov (&DWP(28,"edi"),"edx"); + + # if a-b borrows, add modulus. + # + # Note that because mod has special form, i.e. consists of + # 0xffffffff, 1 and 0s, we can conditionally synthesize it by + # assigning borrow bit to one register, %ebp, and its negative + # to another, %esi. But we started by calculating %esi... + + &mov ("eax",&DWP(0,"edi")); + &mov ("ebp","esi"); + &mov ("ebx",&DWP(4,"edi")); + &shr ("ebp",31); + &mov ("ecx",&DWP(8,"edi")); + &add ("eax","esi"); + &mov ("edx",&DWP(12,"edi")); + &adc ("ebx","esi"); + &mov (&DWP(0,"edi"),"eax"); + &adc ("ecx","esi"); + &mov (&DWP(4,"edi"),"ebx"); + &adc ("edx",0); + &mov (&DWP(8,"edi"),"ecx"); + &mov (&DWP(12,"edi"),"edx"); + + &mov ("eax",&DWP(16,"edi")); + &mov ("ebx",&DWP(20,"edi")); + &mov ("ecx",&DWP(24,"edi")); + &adc ("eax",0); + &mov ("edx",&DWP(28,"edi")); + &adc ("ebx",0); + &mov (&DWP(16,"edi"),"eax"); + &adc ("ecx","ebp"); + &mov (&DWP(20,"edi"),"ebx"); + &adc ("edx","esi"); + &mov (&DWP(24,"edi"),"ecx"); + &mov (&DWP(28,"edi"),"edx"); + + &ret (); +&function_end_B("_ecp_nistz256_sub"); + +######################################################################## +# void ecp_nistz256_neg(BN_ULONG edi[8],const BN_ULONG esi[8]); +&function_begin("ecp_nistz256_neg"); + &mov ("ebp",&wparam(1)); + &mov ("edi",&wparam(0)); + + &xor ("eax","eax"); + &stack_push(8); + &mov (&DWP(0,"esp"),"eax"); + &mov ("esi","esp"); + &mov (&DWP(4,"esp"),"eax"); + &mov (&DWP(8,"esp"),"eax"); + &mov (&DWP(12,"esp"),"eax"); + &mov (&DWP(16,"esp"),"eax"); + &mov (&DWP(20,"esp"),"eax"); + &mov (&DWP(24,"esp"),"eax"); + &mov (&DWP(28,"esp"),"eax"); + + &call ("_ecp_nistz256_sub"); + + &stack_pop(8); +&function_end("ecp_nistz256_neg"); + +&function_begin_B("_picup_eax"); + &mov ("eax",&DWP(0,"esp")); + &ret (); +&function_end_B("_picup_eax"); + +######################################################################## +# void ecp_nistz256_from_mont(BN_ULONG edi[8],const BN_ULONG esi[8]); +&function_begin("ecp_nistz256_from_mont"); + &mov ("esi",&wparam(1)); + &call ("_picup_eax"); + &set_label("pic"); + &lea ("ebp",&DWP(&label("ONE")."-".&label("pic"),"eax")); + if ($sse2) { + &picmeup("eax","OPENSSL_ia32cap_P","eax",&label("pic")); + &mov ("eax",&DWP(0,"eax")); } + &mov ("edi",&wparam(0)); + &call ("_ecp_nistz256_mul_mont"); +&function_end("ecp_nistz256_from_mont"); + +######################################################################## +# void ecp_nistz256_mul_mont(BN_ULONG edi[8],const BN_ULONG esi[8], +# const BN_ULONG ebp[8]); +&function_begin("ecp_nistz256_mul_mont"); + &mov ("esi",&wparam(1)); + &mov ("ebp",&wparam(2)); + if ($sse2) { + &call ("_picup_eax"); + &set_label("pic"); + &picmeup("eax","OPENSSL_ia32cap_P","eax",&label("pic")); + &mov ("eax",&DWP(0,"eax")); } + &mov ("edi",&wparam(0)); + &call ("_ecp_nistz256_mul_mont"); +&function_end("ecp_nistz256_mul_mont"); + +######################################################################## +# void ecp_nistz256_sqr_mont(BN_ULONG edi[8],const BN_ULONG esi[8]); +&function_begin("ecp_nistz256_sqr_mont"); + &mov ("esi",&wparam(1)); + if ($sse2) { + &call ("_picup_eax"); + &set_label("pic"); + &picmeup("eax","OPENSSL_ia32cap_P","eax",&label("pic")); + &mov ("eax",&DWP(0,"eax")); } + &mov ("edi",&wparam(0)); + &mov ("ebp","esi"); + &call ("_ecp_nistz256_mul_mont"); +&function_end("ecp_nistz256_sqr_mont"); + +&function_begin_B("_ecp_nistz256_mul_mont"); + if ($sse2) { + # see if XMM+SSE2 is on + &and ("eax","\$(IA32CAP_MASK0_FXSR | IA32CAP_MASK0_SSE2)"); + &cmp ("eax","\$(IA32CAP_MASK0_FXSR | IA32CAP_MASK0_SSE2)"); + &jne (&label("mul_mont_ialu")); + + ######################################## + # SSE2 code path featuring 32x16-bit + # multiplications is ~2x faster than + # IALU counterpart (except on Atom)... + ######################################## + # stack layout: + # +------------------------------------+< %esp + # | 7 16-byte temporary XMM words, | + # | "sliding" toward lower address | + # . . + # +------------------------------------+ + # | unused XMM word | + # +------------------------------------+< +128,%ebx + # | 8 16-byte XMM words holding copies | + # | of a[i]<<64|a[i] | + # . . + # . . + # +------------------------------------+< +256 + &mov ("edx","esp"); + &sub ("esp",0x100); + + &movd ("xmm7",&DWP(0,"ebp")); # b[0] -> 0000.00xy + &lea ("ebp",&DWP(4,"ebp")); + &pcmpeqd("xmm6","xmm6"); + &psrlq ("xmm6",48); # compose 0xffff<<64|0xffff + + &pshuflw("xmm7","xmm7",0b11011100); # 0000.00xy -> 0000.0x0y + &and ("esp",-64); + &pshufd ("xmm7","xmm7",0b11011100); # 0000.0x0y -> 000x.000y + &lea ("ebx",&DWP(0x80,"esp")); + + &movd ("xmm0",&DWP(4*0,"esi")); # a[0] -> 0000.00xy + &pshufd ("xmm0","xmm0",0b11001100); # 0000.00xy -> 00xy.00xy + &movd ("xmm1",&DWP(4*1,"esi")); # a[1] -> ... + &movdqa (&QWP(0x00,"ebx"),"xmm0"); # offload converted a[0] + &pmuludq("xmm0","xmm7"); # a[0]*b[0] + + &movd ("xmm2",&DWP(4*2,"esi")); + &pshufd ("xmm1","xmm1",0b11001100); + &movdqa (&QWP(0x10,"ebx"),"xmm1"); + &pmuludq("xmm1","xmm7"); # a[1]*b[0] + + &movq ("xmm4","xmm0"); # clear upper 64 bits + &pslldq("xmm4",6); + &paddq ("xmm4","xmm0"); + &movdqa("xmm5","xmm4"); + &psrldq("xmm4",10); # upper 32 bits of a[0]*b[0] + &pand ("xmm5","xmm6"); # lower 32 bits of a[0]*b[0] + + # Upper half of a[0]*b[i] is carried into next multiplication + # iteration, while lower one "participates" in actual reduction. + # Normally latter is done by accumulating result of multiplication + # of modulus by "magic" digit, but thanks to special form of modulus + # and "magic" digit it can be performed only with additions and + # subtractions (see note in IALU section below). Note that we are + # not bothered with carry bits, they are accumulated in "flatten" + # phase after all multiplications and reductions. + + &movd ("xmm3",&DWP(4*3,"esi")); + &pshufd ("xmm2","xmm2",0b11001100); + &movdqa (&QWP(0x20,"ebx"),"xmm2"); + &pmuludq("xmm2","xmm7"); # a[2]*b[0] + &paddq ("xmm1","xmm4"); # a[1]*b[0]+hw(a[0]*b[0]), carry + &movdqa (&QWP(0x00,"esp"),"xmm1"); # t[0] + + &movd ("xmm0",&DWP(4*4,"esi")); + &pshufd ("xmm3","xmm3",0b11001100); + &movdqa (&QWP(0x30,"ebx"),"xmm3"); + &pmuludq("xmm3","xmm7"); # a[3]*b[0] + &movdqa (&QWP(0x10,"esp"),"xmm2"); + + &movd ("xmm1",&DWP(4*5,"esi")); + &pshufd ("xmm0","xmm0",0b11001100); + &movdqa (&QWP(0x40,"ebx"),"xmm0"); + &pmuludq("xmm0","xmm7"); # a[4]*b[0] + &paddq ("xmm3","xmm5"); # a[3]*b[0]+lw(a[0]*b[0]), reduction step + &movdqa (&QWP(0x20,"esp"),"xmm3"); + + &movd ("xmm2",&DWP(4*6,"esi")); + &pshufd ("xmm1","xmm1",0b11001100); + &movdqa (&QWP(0x50,"ebx"),"xmm1"); + &pmuludq("xmm1","xmm7"); # a[5]*b[0] + &movdqa (&QWP(0x30,"esp"),"xmm0"); + &pshufd("xmm4","xmm5",0b10110001); # xmm4 = xmm5<<32, reduction step + + &movd ("xmm3",&DWP(4*7,"esi")); + &pshufd ("xmm2","xmm2",0b11001100); + &movdqa (&QWP(0x60,"ebx"),"xmm2"); + &pmuludq("xmm2","xmm7"); # a[6]*b[0] + &movdqa (&QWP(0x40,"esp"),"xmm1"); + &psubq ("xmm4","xmm5"); # xmm4 = xmm5*0xffffffff, reduction step + + &movd ("xmm0",&DWP(0,"ebp")); # b[1] -> 0000.00xy + &pshufd ("xmm3","xmm3",0b11001100); + &movdqa (&QWP(0x70,"ebx"),"xmm3"); + &pmuludq("xmm3","xmm7"); # a[7]*b[0] + + &pshuflw("xmm7","xmm0",0b11011100); # 0000.00xy -> 0000.0x0y + &movdqa ("xmm0",&QWP(0x00,"ebx")); # pre-load converted a[0] + &pshufd ("xmm7","xmm7",0b11011100); # 0000.0x0y -> 000x.000y + + &mov ("ecx",6); + &lea ("ebp",&DWP(4,"ebp")); + &jmp (&label("madd_sse2")); + +&set_label("madd_sse2",16); + &paddq ("xmm2","xmm5"); # a[6]*b[i-1]+lw(a[0]*b[i-1]), reduction step [modulo-scheduled] + &paddq ("xmm3","xmm4"); # a[7]*b[i-1]+lw(a[0]*b[i-1])*0xffffffff, reduction step [modulo-scheduled] + &movdqa ("xmm1",&QWP(0x10,"ebx")); + &pmuludq("xmm0","xmm7"); # a[0]*b[i] + &movdqa(&QWP(0x50,"esp"),"xmm2"); + + &movdqa ("xmm2",&QWP(0x20,"ebx")); + &pmuludq("xmm1","xmm7"); # a[1]*b[i] + &movdqa(&QWP(0x60,"esp"),"xmm3"); + &paddq ("xmm0",&QWP(0x00,"esp")); + + &movdqa ("xmm3",&QWP(0x30,"ebx")); + &pmuludq("xmm2","xmm7"); # a[2]*b[i] + &movq ("xmm4","xmm0"); # clear upper 64 bits + &pslldq("xmm4",6); + &paddq ("xmm1",&QWP(0x10,"esp")); + &paddq ("xmm4","xmm0"); + &movdqa("xmm5","xmm4"); + &psrldq("xmm4",10); # upper 33 bits of a[0]*b[i]+t[0] + + &movdqa ("xmm0",&QWP(0x40,"ebx")); + &pmuludq("xmm3","xmm7"); # a[3]*b[i] + &paddq ("xmm1","xmm4"); # a[1]*b[i]+hw(a[0]*b[i]), carry + &paddq ("xmm2",&QWP(0x20,"esp")); + &movdqa (&QWP(0x00,"esp"),"xmm1"); + + &movdqa ("xmm1",&QWP(0x50,"ebx")); + &pmuludq("xmm0","xmm7"); # a[4]*b[i] + &paddq ("xmm3",&QWP(0x30,"esp")); + &movdqa (&QWP(0x10,"esp"),"xmm2"); + &pand ("xmm5","xmm6"); # lower 32 bits of a[0]*b[i] + + &movdqa ("xmm2",&QWP(0x60,"ebx")); + &pmuludq("xmm1","xmm7"); # a[5]*b[i] + &paddq ("xmm3","xmm5"); # a[3]*b[i]+lw(a[0]*b[i]), reduction step + &paddq ("xmm0",&QWP(0x40,"esp")); + &movdqa (&QWP(0x20,"esp"),"xmm3"); + &pshufd("xmm4","xmm5",0b10110001); # xmm4 = xmm5<<32, reduction step + + &movdqa ("xmm3","xmm7"); + &pmuludq("xmm2","xmm7"); # a[6]*b[i] + &movd ("xmm7",&DWP(0,"ebp")); # b[i++] -> 0000.00xy + &lea ("ebp",&DWP(4,"ebp")); + &paddq ("xmm1",&QWP(0x50,"esp")); + &psubq ("xmm4","xmm5"); # xmm4 = xmm5*0xffffffff, reduction step + &movdqa (&QWP(0x30,"esp"),"xmm0"); + &pshuflw("xmm7","xmm7",0b11011100); # 0000.00xy -> 0000.0x0y + + &pmuludq("xmm3",&QWP(0x70,"ebx")); # a[7]*b[i] + &pshufd("xmm7","xmm7",0b11011100); # 0000.0x0y -> 000x.000y + &movdqa("xmm0",&QWP(0x00,"ebx")); # pre-load converted a[0] + &movdqa (&QWP(0x40,"esp"),"xmm1"); + &paddq ("xmm2",&QWP(0x60,"esp")); + + &dec ("ecx"); + &jnz (&label("madd_sse2")); + + &paddq ("xmm2","xmm5"); # a[6]*b[6]+lw(a[0]*b[6]), reduction step [modulo-scheduled] + &paddq ("xmm3","xmm4"); # a[7]*b[6]+lw(a[0]*b[6])*0xffffffff, reduction step [modulo-scheduled] + &movdqa ("xmm1",&QWP(0x10,"ebx")); + &pmuludq("xmm0","xmm7"); # a[0]*b[7] + &movdqa(&QWP(0x50,"esp"),"xmm2"); + + &movdqa ("xmm2",&QWP(0x20,"ebx")); + &pmuludq("xmm1","xmm7"); # a[1]*b[7] + &movdqa(&QWP(0x60,"esp"),"xmm3"); + &paddq ("xmm0",&QWP(0x00,"esp")); + + &movdqa ("xmm3",&QWP(0x30,"ebx")); + &pmuludq("xmm2","xmm7"); # a[2]*b[7] + &movq ("xmm4","xmm0"); # clear upper 64 bits + &pslldq("xmm4",6); + &paddq ("xmm1",&QWP(0x10,"esp")); + &paddq ("xmm4","xmm0"); + &movdqa("xmm5","xmm4"); + &psrldq("xmm4",10); # upper 33 bits of a[0]*b[i]+t[0] + + &movdqa ("xmm0",&QWP(0x40,"ebx")); + &pmuludq("xmm3","xmm7"); # a[3]*b[7] + &paddq ("xmm1","xmm4"); # a[1]*b[7]+hw(a[0]*b[7]), carry + &paddq ("xmm2",&QWP(0x20,"esp")); + &movdqa (&QWP(0x00,"esp"),"xmm1"); + + &movdqa ("xmm1",&QWP(0x50,"ebx")); + &pmuludq("xmm0","xmm7"); # a[4]*b[7] + &paddq ("xmm3",&QWP(0x30,"esp")); + &movdqa (&QWP(0x10,"esp"),"xmm2"); + &pand ("xmm5","xmm6"); # lower 32 bits of a[0]*b[i] + + &movdqa ("xmm2",&QWP(0x60,"ebx")); + &pmuludq("xmm1","xmm7"); # a[5]*b[7] + &paddq ("xmm3","xmm5"); # reduction step + &paddq ("xmm0",&QWP(0x40,"esp")); + &movdqa (&QWP(0x20,"esp"),"xmm3"); + &pshufd("xmm4","xmm5",0b10110001); # xmm4 = xmm5<<32, reduction step + + &movdqa ("xmm3",&QWP(0x70,"ebx")); + &pmuludq("xmm2","xmm7"); # a[6]*b[7] + &paddq ("xmm1",&QWP(0x50,"esp")); + &psubq ("xmm4","xmm5"); # xmm4 = xmm5*0xffffffff, reduction step + &movdqa (&QWP(0x30,"esp"),"xmm0"); + + &pmuludq("xmm3","xmm7"); # a[7]*b[7] + &pcmpeqd("xmm7","xmm7"); + &movdqa ("xmm0",&QWP(0x00,"esp")); + &pslldq ("xmm7",8); + &movdqa (&QWP(0x40,"esp"),"xmm1"); + &paddq ("xmm2",&QWP(0x60,"esp")); + + &paddq ("xmm2","xmm5"); # a[6]*b[7]+lw(a[0]*b[7]), reduction step + &paddq ("xmm3","xmm4"); # a[6]*b[7]+lw(a[0]*b[7])*0xffffffff, reduction step + &movdqa(&QWP(0x50,"esp"),"xmm2"); + &movdqa(&QWP(0x60,"esp"),"xmm3"); + + &movdqa ("xmm1",&QWP(0x10,"esp")); + &movdqa ("xmm2",&QWP(0x20,"esp")); + &movdqa ("xmm3",&QWP(0x30,"esp")); + + &movq ("xmm4","xmm0"); # "flatten" + &pand ("xmm0","xmm7"); + &xor ("ebp","ebp"); + &pslldq ("xmm4",6); + &movq ("xmm5","xmm1"); + &paddq ("xmm0","xmm4"); + &pand ("xmm1","xmm7"); + &psrldq ("xmm0",6); + &movd ("eax","xmm0"); + &psrldq ("xmm0",4); + + &paddq ("xmm5","xmm0"); + &movdqa ("xmm0",&QWP(0x40,"esp")); + &sub ("eax",-1); # start subtracting modulus, + # this is used to determine + # if result is larger/smaller + # than modulus (see below) + &pslldq ("xmm5",6); + &movq ("xmm4","xmm2"); + &paddq ("xmm1","xmm5"); + &pand ("xmm2","xmm7"); + &psrldq ("xmm1",6); + &mov (&DWP(4*0,"edi"),"eax"); + &movd ("eax","xmm1"); + &psrldq ("xmm1",4); + + &paddq ("xmm4","xmm1"); + &movdqa ("xmm1",&QWP(0x50,"esp")); + &sbb ("eax",-1); + &pslldq ("xmm4",6); + &movq ("xmm5","xmm3"); + &paddq ("xmm2","xmm4"); + &pand ("xmm3","xmm7"); + &psrldq ("xmm2",6); + &mov (&DWP(4*1,"edi"),"eax"); + &movd ("eax","xmm2"); + &psrldq ("xmm2",4); + + &paddq ("xmm5","xmm2"); + &movdqa ("xmm2",&QWP(0x60,"esp")); + &sbb ("eax",-1); + &pslldq ("xmm5",6); + &movq ("xmm4","xmm0"); + &paddq ("xmm3","xmm5"); + &pand ("xmm0","xmm7"); + &psrldq ("xmm3",6); + &mov (&DWP(4*2,"edi"),"eax"); + &movd ("eax","xmm3"); + &psrldq ("xmm3",4); + + &paddq ("xmm4","xmm3"); + &sbb ("eax",0); + &pslldq ("xmm4",6); + &movq ("xmm5","xmm1"); + &paddq ("xmm0","xmm4"); + &pand ("xmm1","xmm7"); + &psrldq ("xmm0",6); + &mov (&DWP(4*3,"edi"),"eax"); + &movd ("eax","xmm0"); + &psrldq ("xmm0",4); + + &paddq ("xmm5","xmm0"); + &sbb ("eax",0); + &pslldq ("xmm5",6); + &movq ("xmm4","xmm2"); + &paddq ("xmm1","xmm5"); + &pand ("xmm2","xmm7"); + &psrldq ("xmm1",6); + &movd ("ebx","xmm1"); + &psrldq ("xmm1",4); + &mov ("esp","edx"); + + &paddq ("xmm4","xmm1"); + &pslldq ("xmm4",6); + &paddq ("xmm2","xmm4"); + &psrldq ("xmm2",6); + &movd ("ecx","xmm2"); + &psrldq ("xmm2",4); + &sbb ("ebx",0); + &movd ("edx","xmm2"); + &pextrw ("esi","xmm2",2); # top-most overflow bit + &sbb ("ecx",1); + &sbb ("edx",-1); + &sbb ("esi",0); # borrow from subtraction + + # Final step is "if result > mod, subtract mod", and at this point + # we have result - mod written to output buffer, as well as borrow + # bit from this subtraction, and if borrow bit is set, we add + # modulus back. + # + # Note that because mod has special form, i.e. consists of + # 0xffffffff, 1 and 0s, we can conditionally synthesize it by + # assigning borrow bit to one register, %ebp, and its negative + # to another, %esi. But we started by calculating %esi... + + &sub ("ebp","esi"); + &add (&DWP(4*0,"edi"),"esi"); # add modulus or zero + &adc (&DWP(4*1,"edi"),"esi"); + &adc (&DWP(4*2,"edi"),"esi"); + &adc (&DWP(4*3,"edi"),0); + &adc ("eax",0); + &adc ("ebx",0); + &mov (&DWP(4*4,"edi"),"eax"); + &adc ("ecx","ebp"); + &mov (&DWP(4*5,"edi"),"ebx"); + &adc ("edx","esi"); + &mov (&DWP(4*6,"edi"),"ecx"); + &mov (&DWP(4*7,"edi"),"edx"); + + &ret (); + +&set_label("mul_mont_ialu",16); } + + ######################################## + # IALU code path suitable for all CPUs. + ######################################## + # stack layout: + # +------------------------------------+< %esp + # | 8 32-bit temporary words, accessed | + # | as circular buffer | + # . . + # . . + # +------------------------------------+< +32 + # | offloaded destination pointer | + # +------------------------------------+ + # | unused | + # +------------------------------------+< +40 + &sub ("esp",10*4); + + &mov ("eax",&DWP(0*4,"esi")); # a[0] + &mov ("ebx",&DWP(0*4,"ebp")); # b[0] + &mov (&DWP(8*4,"esp"),"edi"); # off-load dst ptr + + &mul ("ebx"); # a[0]*b[0] + &mov (&DWP(0*4,"esp"),"eax"); # t[0] + &mov ("eax",&DWP(1*4,"esi")); + &mov ("ecx","edx") + + &mul ("ebx"); # a[1]*b[0] + &add ("ecx","eax"); + &mov ("eax",&DWP(2*4,"esi")); + &adc ("edx",0); + &mov (&DWP(1*4,"esp"),"ecx"); # t[1] + &mov ("ecx","edx"); + + &mul ("ebx"); # a[2]*b[0] + &add ("ecx","eax"); + &mov ("eax",&DWP(3*4,"esi")); + &adc ("edx",0); + &mov (&DWP(2*4,"esp"),"ecx"); # t[2] + &mov ("ecx","edx"); + + &mul ("ebx"); # a[3]*b[0] + &add ("ecx","eax"); + &mov ("eax",&DWP(4*4,"esi")); + &adc ("edx",0); + &mov (&DWP(3*4,"esp"),"ecx"); # t[3] + &mov ("ecx","edx"); + + &mul ("ebx"); # a[4]*b[0] + &add ("ecx","eax"); + &mov ("eax",&DWP(5*4,"esi")); + &adc ("edx",0); + &mov (&DWP(4*4,"esp"),"ecx"); # t[4] + &mov ("ecx","edx"); + + &mul ("ebx"); # a[5]*b[0] + &add ("ecx","eax"); + &mov ("eax",&DWP(6*4,"esi")); + &adc ("edx",0); + &mov (&DWP(5*4,"esp"),"ecx"); # t[5] + &mov ("ecx","edx"); + + &mul ("ebx"); # a[6]*b[0] + &add ("ecx","eax"); + &mov ("eax",&DWP(7*4,"esi")); + &adc ("edx",0); + &mov (&DWP(6*4,"esp"),"ecx"); # t[6] + &mov ("ecx","edx"); + + &xor ("edi","edi"); # initial top-most carry + &mul ("ebx"); # a[7]*b[0] + &add ("ecx","eax"); # t[7] + &mov ("eax",&DWP(0*4,"esp")); # t[0] + &adc ("edx",0); # t[8] + +for ($i=0;$i<7;$i++) { + my $j=$i+1; + + # Reduction iteration is normally performed by accumulating + # result of multiplication of modulus by "magic" digit [and + # omitting least significant word, which is guaranteed to + # be 0], but thanks to special form of modulus and "magic" + # digit being equal to least significant word, it can be + # performed with additions and subtractions alone. Indeed: + # + # ffff.0001.0000.0000.0000.ffff.ffff.ffff + # * abcd + # + xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.abcd + # + # Now observing that ff..ff*x = (2^n-1)*x = 2^n*x-x, we + # rewrite above as: + # + # xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.abcd + # + abcd.0000.abcd.0000.0000.abcd.0000.0000.0000 + # - abcd.0000.0000.0000.0000.0000.0000.abcd + # + # or marking redundant operations: + # + # xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.xxxx.---- + # + abcd.0000.abcd.0000.0000.abcd.----.----.---- + # - abcd.----.----.----.----.----.----.---- + + &add (&DWP((($i+3)%8)*4,"esp"),"eax"); # t[3]+=t[0] + &adc (&DWP((($i+4)%8)*4,"esp"),0); # t[4]+=0 + &adc (&DWP((($i+5)%8)*4,"esp"),0); # t[5]+=0 + &adc (&DWP((($i+6)%8)*4,"esp"),"eax"); # t[6]+=t[0] + &adc ("ecx",0); # t[7]+=0 + &adc ("edx","eax"); # t[8]+=t[0] + &adc ("edi",0); # top-most carry + &mov ("ebx",&DWP($j*4,"ebp")); # b[i] + &sub ("ecx","eax"); # t[7]-=t[0] + &mov ("eax",&DWP(0*4,"esi")); # a[0] + &sbb ("edx",0); # t[8]-=0 + &mov (&DWP((($i+7)%8)*4,"esp"),"ecx"); + &sbb ("edi",0); # top-most carry, + # keep in mind that + # netto result is + # *addition* of value + # with (abcd<<32)-abcd + # on top, so that + # underflow is + # impossible, because + # (abcd<<32)-abcd + # doesn't underflow + &mov (&DWP((($i+8)%8)*4,"esp"),"edx"); + + &mul ("ebx"); # a[0]*b[i] + &add ("eax",&DWP((($j+0)%8)*4,"esp")); + &adc ("edx",0); + &mov (&DWP((($j+0)%8)*4,"esp"),"eax"); + &mov ("eax",&DWP(1*4,"esi")); + &mov ("ecx","edx") + + &mul ("ebx"); # a[1]*b[i] + &add ("ecx",&DWP((($j+1)%8)*4,"esp")); + &adc ("edx",0); + &add ("ecx","eax"); + &adc ("edx",0); + &mov ("eax",&DWP(2*4,"esi")); + &mov (&DWP((($j+1)%8)*4,"esp"),"ecx"); + &mov ("ecx","edx"); + + &mul ("ebx"); # a[2]*b[i] + &add ("ecx",&DWP((($j+2)%8)*4,"esp")); + &adc ("edx",0); + &add ("ecx","eax"); + &adc ("edx",0); + &mov ("eax",&DWP(3*4,"esi")); + &mov (&DWP((($j+2)%8)*4,"esp"),"ecx"); + &mov ("ecx","edx"); + + &mul ("ebx"); # a[3]*b[i] + &add ("ecx",&DWP((($j+3)%8)*4,"esp")); + &adc ("edx",0); + &add ("ecx","eax"); + &adc ("edx",0); + &mov ("eax",&DWP(4*4,"esi")); + &mov (&DWP((($j+3)%8)*4,"esp"),"ecx"); + &mov ("ecx","edx"); + + &mul ("ebx"); # a[4]*b[i] + &add ("ecx",&DWP((($j+4)%8)*4,"esp")); + &adc ("edx",0); + &add ("ecx","eax"); + &adc ("edx",0); + &mov ("eax",&DWP(5*4,"esi")); + &mov (&DWP((($j+4)%8)*4,"esp"),"ecx"); + &mov ("ecx","edx"); + + &mul ("ebx"); # a[5]*b[i] + &add ("ecx",&DWP((($j+5)%8)*4,"esp")); + &adc ("edx",0); + &add ("ecx","eax"); + &adc ("edx",0); + &mov ("eax",&DWP(6*4,"esi")); + &mov (&DWP((($j+5)%8)*4,"esp"),"ecx"); + &mov ("ecx","edx"); + + &mul ("ebx"); # a[6]*b[i] + &add ("ecx",&DWP((($j+6)%8)*4,"esp")); + &adc ("edx",0); + &add ("ecx","eax"); + &adc ("edx",0); + &mov ("eax",&DWP(7*4,"esi")); + &mov (&DWP((($j+6)%8)*4,"esp"),"ecx"); + &mov ("ecx","edx"); + + &mul ("ebx"); # a[7]*b[i] + &add ("ecx",&DWP((($j+7)%8)*4,"esp")); + &adc ("edx",0); + &add ("ecx","eax"); # t[7] + &mov ("eax",&DWP((($j+0)%8)*4,"esp")); # t[0] + &adc ("edx","edi"); # t[8] + &mov ("edi",0); + &adc ("edi",0); # top-most carry +} + &mov ("ebp",&DWP(8*4,"esp")); # restore dst ptr + &xor ("esi","esi"); + my $j=$i+1; + + # last multiplication-less reduction + &add (&DWP((($i+3)%8)*4,"esp"),"eax"); # t[3]+=t[0] + &adc (&DWP((($i+4)%8)*4,"esp"),0); # t[4]+=0 + &adc (&DWP((($i+5)%8)*4,"esp"),0); # t[5]+=0 + &adc (&DWP((($i+6)%8)*4,"esp"),"eax"); # t[6]+=t[0] + &adc ("ecx",0); # t[7]+=0 + &adc ("edx","eax"); # t[8]+=t[0] + &adc ("edi",0); # top-most carry + &mov ("ebx",&DWP((($j+1)%8)*4,"esp")); + &sub ("ecx","eax"); # t[7]-=t[0] + &mov ("eax",&DWP((($j+0)%8)*4,"esp")); + &sbb ("edx",0); # t[8]-=0 + &mov (&DWP((($i+7)%8)*4,"esp"),"ecx"); + &sbb ("edi",0); # top-most carry + &mov (&DWP((($i+8)%8)*4,"esp"),"edx"); + + # Final step is "if result > mod, subtract mod", but we do it + # "other way around", namely write result - mod to output buffer + # and if subtraction borrowed, add modulus back. + + &mov ("ecx",&DWP((($j+2)%8)*4,"esp")); + &sub ("eax",-1); + &mov ("edx",&DWP((($j+3)%8)*4,"esp")); + &sbb ("ebx",-1); + &mov (&DWP(0*4,"ebp"),"eax"); + &sbb ("ecx",-1); + &mov (&DWP(1*4,"ebp"),"ebx"); + &sbb ("edx",0); + &mov (&DWP(2*4,"ebp"),"ecx"); + &mov (&DWP(3*4,"ebp"),"edx"); + + &mov ("eax",&DWP((($j+4)%8)*4,"esp")); + &mov ("ebx",&DWP((($j+5)%8)*4,"esp")); + &mov ("ecx",&DWP((($j+6)%8)*4,"esp")); + &sbb ("eax",0); + &mov ("edx",&DWP((($j+7)%8)*4,"esp")); + &sbb ("ebx",0); + &sbb ("ecx",1); + &sbb ("edx",-1); + &sbb ("edi",0); + + # Note that because mod has special form, i.e. consists of + # 0xffffffff, 1 and 0s, we can conditionally synthesize it by + # assigning borrow bit to one register, %ebp, and its negative + # to another, %esi. But we started by calculating %esi... + + &sub ("esi","edi"); + &add (&DWP(0*4,"ebp"),"edi"); # add modulus or zero + &adc (&DWP(1*4,"ebp"),"edi"); + &adc (&DWP(2*4,"ebp"),"edi"); + &adc (&DWP(3*4,"ebp"),0); + &adc ("eax",0); + &adc ("ebx",0); + &mov (&DWP(4*4,"ebp"),"eax"); + &adc ("ecx","esi"); + &mov (&DWP(5*4,"ebp"),"ebx"); + &adc ("edx","edi"); + &mov (&DWP(6*4,"ebp"),"ecx"); + &mov ("edi","ebp"); # fulfill contract + &mov (&DWP(7*4,"ebp"),"edx"); + + &add ("esp",10*4); + &ret (); +&function_end_B("_ecp_nistz256_mul_mont"); + +######################################################################## +# void ecp_nistz256_select_w5(P256_POINT *edi,const void *esi, +# int ebp); +&function_begin("ecp_nistz256_select_w5"); + &mov ("esi",&wparam(1)); + &mov ("ebp",&wparam(2)); + + &lea ("esi",&DWP(0,"esi","ebp",4)); + &neg ("ebp"); + &sar ("ebp",31); + &mov ("edi",&wparam(0)); + &lea ("esi",&DWP(0,"esi","ebp",4)); + + for($i=0;$i<24;$i+=4) { + &mov ("eax",&DWP(64*($i+0),"esi")); + &mov ("ebx",&DWP(64*($i+1),"esi")); + &mov ("ecx",&DWP(64*($i+2),"esi")); + &mov ("edx",&DWP(64*($i+3),"esi")); + &and ("eax","ebp"); + &and ("ebx","ebp"); + &and ("ecx","ebp"); + &and ("edx","ebp"); + &mov (&DWP(4*($i+0),"edi"),"eax"); + &mov (&DWP(4*($i+1),"edi"),"ebx"); + &mov (&DWP(4*($i+2),"edi"),"ecx"); + &mov (&DWP(4*($i+3),"edi"),"edx"); + } +&function_end("ecp_nistz256_select_w5"); + +######################################################################## +# void ecp_nistz256_select_w7(P256_POINT_AFFINE *edi,const void *esi, +# int ebp); +&function_begin("ecp_nistz256_select_w7"); + &mov ("esi",&wparam(1)); + &mov ("ebp",&wparam(2)); + + &add ("esi","ebp"); + &neg ("ebp"), + &sar ("ebp",31); + &mov ("edi",&wparam(0)); + &lea ("esi",&DWP(0,"esi","ebp")); + + for($i=0;$i<64;$i+=4) { + &movz ("eax",&BP(64*($i+0),"esi")); + &movz ("ebx",&BP(64*($i+1),"esi")); + &movz ("ecx",&BP(64*($i+2),"esi")); + &and ("eax","ebp"); + &movz ("edx",&BP(64*($i+3),"esi")); + &and ("ebx","ebp"); + &mov (&BP($i+0,"edi"),"al"); + &and ("ecx","ebp"); + &mov (&BP($i+1,"edi"),"bl"); + &and ("edx","ebp"); + &mov (&BP($i+2,"edi"),"cl"); + &mov (&BP($i+3,"edi"),"dl"); + } +&function_end("ecp_nistz256_select_w7"); + +######################################################################## +# following subroutines are "literal" implementation of those found in +# ecp_nistz256.c +# +######################################################################## +# void ecp_nistz256_point_double(P256_POINT *out,const P256_POINT *inp); +# +&static_label("point_double_shortcut"); +&function_begin("ecp_nistz256_point_double"); +{ my ($S,$M,$Zsqr,$in_x,$tmp0)=map(32*$_,(0..4)); + + &mov ("esi",&wparam(1)); + + # above map() describes stack layout with 5 temporary + # 256-bit vectors on top, then we take extra word for + # OPENSSL_ia32cap_P copy. + &stack_push(8*5+1); + if ($sse2) { + &call ("_picup_eax"); + &set_label("pic"); + &picmeup("edx","OPENSSL_ia32cap_P","eax",&label("pic")); + &mov ("ebp",&DWP(0,"edx")); } + +&set_label("point_double_shortcut"); + &mov ("eax",&DWP(0,"esi")); # copy in_x + &mov ("ebx",&DWP(4,"esi")); + &mov ("ecx",&DWP(8,"esi")); + &mov ("edx",&DWP(12,"esi")); + &mov (&DWP($in_x+0,"esp"),"eax"); + &mov (&DWP($in_x+4,"esp"),"ebx"); + &mov (&DWP($in_x+8,"esp"),"ecx"); + &mov (&DWP($in_x+12,"esp"),"edx"); + &mov ("eax",&DWP(16,"esi")); + &mov ("ebx",&DWP(20,"esi")); + &mov ("ecx",&DWP(24,"esi")); + &mov ("edx",&DWP(28,"esi")); + &mov (&DWP($in_x+16,"esp"),"eax"); + &mov (&DWP($in_x+20,"esp"),"ebx"); + &mov (&DWP($in_x+24,"esp"),"ecx"); + &mov (&DWP($in_x+28,"esp"),"edx"); + &mov (&DWP(32*5,"esp"),"ebp"); # OPENSSL_ia32cap_P copy + + &lea ("ebp",&DWP(32,"esi")); + &lea ("esi",&DWP(32,"esi")); + &lea ("edi",&DWP($S,"esp")); + &call ("_ecp_nistz256_add"); # p256_mul_by_2(S, in_y); + + &mov ("eax",&DWP(32*5,"esp")); # OPENSSL_ia32cap_P copy + &mov ("esi",64); + &add ("esi",&wparam(1)); + &lea ("edi",&DWP($Zsqr,"esp")); + &mov ("ebp","esi"); + &call ("_ecp_nistz256_mul_mont"); # p256_sqr_mont(Zsqr, in_z); + + &mov ("eax",&DWP(32*5,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($S,"esp")); + &lea ("ebp",&DWP($S,"esp")); + &lea ("edi",&DWP($S,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_sqr_mont(S, S); + + &mov ("eax",&DWP(32*5,"esp")); # OPENSSL_ia32cap_P copy + &mov ("ebp",&wparam(1)); + &lea ("esi",&DWP(32,"ebp")); + &lea ("ebp",&DWP(64,"ebp")); + &lea ("edi",&DWP($tmp0,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(tmp0, in_z, in_y); + + &lea ("esi",&DWP($in_x,"esp")); + &lea ("ebp",&DWP($Zsqr,"esp")); + &lea ("edi",&DWP($M,"esp")); + &call ("_ecp_nistz256_add"); # p256_add(M, in_x, Zsqr); + + &mov ("edi",64); + &lea ("esi",&DWP($tmp0,"esp")); + &lea ("ebp",&DWP($tmp0,"esp")); + &add ("edi",&wparam(0)); + &call ("_ecp_nistz256_add"); # p256_mul_by_2(res_z, tmp0); + + &lea ("esi",&DWP($in_x,"esp")); + &lea ("ebp",&DWP($Zsqr,"esp")); + &lea ("edi",&DWP($Zsqr,"esp")); + &call ("_ecp_nistz256_sub"); # p256_sub(Zsqr, in_x, Zsqr); + + &mov ("eax",&DWP(32*5,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($S,"esp")); + &lea ("ebp",&DWP($S,"esp")); + &lea ("edi",&DWP($tmp0,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_sqr_mont(tmp0, S); + + &mov ("eax",&DWP(32*5,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($M,"esp")); + &lea ("ebp",&DWP($Zsqr,"esp")); + &lea ("edi",&DWP($M,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(M, M, Zsqr); + + &mov ("edi",32); + &lea ("esi",&DWP($tmp0,"esp")); + &add ("edi",&wparam(0)); + &call ("_ecp_nistz256_div_by_2"); # p256_div_by_2(res_y, tmp0); + + &lea ("esi",&DWP($M,"esp")); + &lea ("ebp",&DWP($M,"esp")); + &lea ("edi",&DWP($tmp0,"esp")); + &call ("_ecp_nistz256_add"); # 1/2 p256_mul_by_3(M, M); + + &mov ("eax",&DWP(32*5,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($in_x,"esp")); + &lea ("ebp",&DWP($S,"esp")); + &lea ("edi",&DWP($S,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(S, S, in_x); + + &lea ("esi",&DWP($tmp0,"esp")); + &lea ("ebp",&DWP($M,"esp")); + &lea ("edi",&DWP($M,"esp")); + &call ("_ecp_nistz256_add"); # 2/2 p256_mul_by_3(M, M); + + &lea ("esi",&DWP($S,"esp")); + &lea ("ebp",&DWP($S,"esp")); + &lea ("edi",&DWP($tmp0,"esp")); + &call ("_ecp_nistz256_add"); # p256_mul_by_2(tmp0, S); + + &mov ("eax",&DWP(32*5,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($M,"esp")); + &lea ("ebp",&DWP($M,"esp")); + &mov ("edi",&wparam(0)); + &call ("_ecp_nistz256_mul_mont"); # p256_sqr_mont(res_x, M); + + &mov ("esi","edi"); # %edi is still res_x here + &lea ("ebp",&DWP($tmp0,"esp")); + &call ("_ecp_nistz256_sub"); # p256_sub(res_x, res_x, tmp0); + + &lea ("esi",&DWP($S,"esp")); + &mov ("ebp","edi"); # %edi is still res_x + &lea ("edi",&DWP($S,"esp")); + &call ("_ecp_nistz256_sub"); # p256_sub(S, S, res_x); + + &mov ("eax",&DWP(32*5,"esp")); # OPENSSL_ia32cap_P copy + &mov ("esi","edi"); # %edi is still &S + &lea ("ebp",&DWP($M,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(S, S, M); + + &mov ("ebp",32); + &lea ("esi",&DWP($S,"esp")); + &add ("ebp",&wparam(0)); + &mov ("edi","ebp"); + &call ("_ecp_nistz256_sub"); # p256_sub(res_y, S, res_y); + + &stack_pop(8*5+1); +} &function_end("ecp_nistz256_point_double"); + +######################################################################## +# void ecp_nistz256_point_add(P256_POINT *out,const P256_POINT *in1, +# const P256_POINT *in2); +&function_begin("ecp_nistz256_point_add"); +{ my ($res_x,$res_y,$res_z, + $in1_x,$in1_y,$in1_z, + $in2_x,$in2_y,$in2_z, + $H,$Hsqr,$R,$Rsqr,$Hcub, + $U1,$U2,$S1,$S2)=map(32*$_,(0..17)); + my ($Z1sqr, $Z2sqr) = ($Hsqr, $Rsqr); + + &mov ("esi",&wparam(2)); + + # above map() describes stack layout with 18 temporary + # 256-bit vectors on top, then we take extra words for + # !in1infty, !in2infty, result of check for zero and + # OPENSSL_ia32cap_P copy. [one unused word for padding] + &stack_push(8*18+5); + if ($sse2) { + &call ("_picup_eax"); + &set_label("pic"); + &picmeup("edx","OPENSSL_ia32cap_P","eax",&label("pic")); + &mov ("ebp",&DWP(0,"edx")); } + + &lea ("edi",&DWP($in2_x,"esp")); + for($i=0;$i<96;$i+=16) { + &mov ("eax",&DWP($i+0,"esi")); # copy in2 + &mov ("ebx",&DWP($i+4,"esi")); + &mov ("ecx",&DWP($i+8,"esi")); + &mov ("edx",&DWP($i+12,"esi")); + &mov (&DWP($i+0,"edi"),"eax"); + &mov (&DWP(32*18+12,"esp"),"ebp") if ($i==0); + &mov ("ebp","eax") if ($i==64); + &or ("ebp","eax") if ($i>64); + &mov (&DWP($i+4,"edi"),"ebx"); + &or ("ebp","ebx") if ($i>=64); + &mov (&DWP($i+8,"edi"),"ecx"); + &or ("ebp","ecx") if ($i>=64); + &mov (&DWP($i+12,"edi"),"edx"); + &or ("ebp","edx") if ($i>=64); + } + &xor ("eax","eax"); + &mov ("esi",&wparam(1)); + &sub ("eax","ebp"); + &or ("ebp","eax"); + &sar ("ebp",31); + &mov (&DWP(32*18+4,"esp"),"ebp"); # !in2infty + + &lea ("edi",&DWP($in1_x,"esp")); + for($i=0;$i<96;$i+=16) { + &mov ("eax",&DWP($i+0,"esi")); # copy in1 + &mov ("ebx",&DWP($i+4,"esi")); + &mov ("ecx",&DWP($i+8,"esi")); + &mov ("edx",&DWP($i+12,"esi")); + &mov (&DWP($i+0,"edi"),"eax"); + &mov ("ebp","eax") if ($i==64); + &or ("ebp","eax") if ($i>64); + &mov (&DWP($i+4,"edi"),"ebx"); + &or ("ebp","ebx") if ($i>=64); + &mov (&DWP($i+8,"edi"),"ecx"); + &or ("ebp","ecx") if ($i>=64); + &mov (&DWP($i+12,"edi"),"edx"); + &or ("ebp","edx") if ($i>=64); + } + &xor ("eax","eax"); + &sub ("eax","ebp"); + &or ("ebp","eax"); + &sar ("ebp",31); + &mov (&DWP(32*18+0,"esp"),"ebp"); # !in1infty + + &mov ("eax",&DWP(32*18+12,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($in2_z,"esp")); + &lea ("ebp",&DWP($in2_z,"esp")); + &lea ("edi",&DWP($Z2sqr,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_sqr_mont(Z2sqr, in2_z); + + &mov ("eax",&DWP(32*18+12,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($in1_z,"esp")); + &lea ("ebp",&DWP($in1_z,"esp")); + &lea ("edi",&DWP($Z1sqr,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_sqr_mont(Z1sqr, in1_z); + + &mov ("eax",&DWP(32*18+12,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($Z2sqr,"esp")); + &lea ("ebp",&DWP($in2_z,"esp")); + &lea ("edi",&DWP($S1,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(S1, Z2sqr, in2_z); + + &mov ("eax",&DWP(32*18+12,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($Z1sqr,"esp")); + &lea ("ebp",&DWP($in1_z,"esp")); + &lea ("edi",&DWP($S2,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(S2, Z1sqr, in1_z); + + &mov ("eax",&DWP(32*18+12,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($in1_y,"esp")); + &lea ("ebp",&DWP($S1,"esp")); + &lea ("edi",&DWP($S1,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(S1, S1, in1_y); + + &mov ("eax",&DWP(32*18+12,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($in2_y,"esp")); + &lea ("ebp",&DWP($S2,"esp")); + &lea ("edi",&DWP($S2,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(S2, S2, in2_y); + + &lea ("esi",&DWP($S2,"esp")); + &lea ("ebp",&DWP($S1,"esp")); + &lea ("edi",&DWP($R,"esp")); + &call ("_ecp_nistz256_sub"); # p256_sub(R, S2, S1); + + &or ("ebx","eax"); # see if result is zero + &mov ("eax",&DWP(32*18+12,"esp")); # OPENSSL_ia32cap_P copy + &or ("ebx","ecx"); + &or ("ebx","edx"); + &or ("ebx",&DWP(0,"edi")); + &or ("ebx",&DWP(4,"edi")); + &lea ("esi",&DWP($in1_x,"esp")); + &or ("ebx",&DWP(8,"edi")); + &lea ("ebp",&DWP($Z2sqr,"esp")); + &or ("ebx",&DWP(12,"edi")); + &lea ("edi",&DWP($U1,"esp")); + &mov (&DWP(32*18+8,"esp"),"ebx"); + + &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(U1, in1_x, Z2sqr); + + &mov ("eax",&DWP(32*18+12,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($in2_x,"esp")); + &lea ("ebp",&DWP($Z1sqr,"esp")); + &lea ("edi",&DWP($U2,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(U2, in2_x, Z1sqr); + + &lea ("esi",&DWP($U2,"esp")); + &lea ("ebp",&DWP($U1,"esp")); + &lea ("edi",&DWP($H,"esp")); + &call ("_ecp_nistz256_sub"); # p256_sub(H, U2, U1); + + &or ("eax","ebx"); # see if result is zero + &or ("eax","ecx"); + &or ("eax","edx"); + &or ("eax",&DWP(0,"edi")); + &or ("eax",&DWP(4,"edi")); + &or ("eax",&DWP(8,"edi")); + &or ("eax",&DWP(12,"edi")); + + &data_byte(0x3e); # predict taken + &jnz (&label("add_proceed")); # is_equal(U1,U2)? + + &mov ("eax",&DWP(32*18+0,"esp")); + &and ("eax",&DWP(32*18+4,"esp")); + &mov ("ebx",&DWP(32*18+8,"esp")); + &jz (&label("add_proceed")); # (in1infty || in2infty)? + &test ("ebx","ebx"); + &jz (&label("add_double")); # is_equal(S1,S2)? + + &mov ("edi",&wparam(0)); + &xor ("eax","eax"); + &mov ("ecx",96/4); + &data_byte(0xfc,0xf3,0xab); # cld; stosd + &jmp (&label("add_done")); + +&set_label("add_double",16); + &mov ("esi",&wparam(1)); + &mov ("ebp",&DWP(32*18+12,"esp")); # OPENSSL_ia32cap_P copy + &add ("esp",4*((8*18+5)-(8*5+1))); # difference in frame sizes + &jmp (&label("point_double_shortcut")); + +&set_label("add_proceed",16); + &mov ("eax",&DWP(32*18+12,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($R,"esp")); + &lea ("ebp",&DWP($R,"esp")); + &lea ("edi",&DWP($Rsqr,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_sqr_mont(Rsqr, R); + + &mov ("eax",&DWP(32*18+12,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($H,"esp")); + &lea ("ebp",&DWP($in1_z,"esp")); + &lea ("edi",&DWP($res_z,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(res_z, H, in1_z); + + &mov ("eax",&DWP(32*18+12,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($H,"esp")); + &lea ("ebp",&DWP($H,"esp")); + &lea ("edi",&DWP($Hsqr,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_sqr_mont(Hsqr, H); + + &mov ("eax",&DWP(32*18+12,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($in2_z,"esp")); + &lea ("ebp",&DWP($res_z,"esp")); + &lea ("edi",&DWP($res_z,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(res_z, res_z, in2_z); + + &mov ("eax",&DWP(32*18+12,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($Hsqr,"esp")); + &lea ("ebp",&DWP($U1,"esp")); + &lea ("edi",&DWP($U2,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(U2, U1, Hsqr); + + &mov ("eax",&DWP(32*18+12,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($H,"esp")); + &lea ("ebp",&DWP($Hsqr,"esp")); + &lea ("edi",&DWP($Hcub,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(Hcub, Hsqr, H); + + &lea ("esi",&DWP($U2,"esp")); + &lea ("ebp",&DWP($U2,"esp")); + &lea ("edi",&DWP($Hsqr,"esp")); + &call ("_ecp_nistz256_add"); # p256_mul_by_2(Hsqr, U2); + + &lea ("esi",&DWP($Rsqr,"esp")); + &lea ("ebp",&DWP($Hsqr,"esp")); + &lea ("edi",&DWP($res_x,"esp")); + &call ("_ecp_nistz256_sub"); # p256_sub(res_x, Rsqr, Hsqr); + + &lea ("esi",&DWP($res_x,"esp")); + &lea ("ebp",&DWP($Hcub,"esp")); + &lea ("edi",&DWP($res_x,"esp")); + &call ("_ecp_nistz256_sub"); # p256_sub(res_x, res_x, Hcub); + + &lea ("esi",&DWP($U2,"esp")); + &lea ("ebp",&DWP($res_x,"esp")); + &lea ("edi",&DWP($res_y,"esp")); + &call ("_ecp_nistz256_sub"); # p256_sub(res_y, U2, res_x); + + &mov ("eax",&DWP(32*18+12,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($Hcub,"esp")); + &lea ("ebp",&DWP($S1,"esp")); + &lea ("edi",&DWP($S2,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(S2, S1, Hcub); + + &mov ("eax",&DWP(32*18+12,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($R,"esp")); + &lea ("ebp",&DWP($res_y,"esp")); + &lea ("edi",&DWP($res_y,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(res_y, R, res_y); + + &lea ("esi",&DWP($res_y,"esp")); + &lea ("ebp",&DWP($S2,"esp")); + &lea ("edi",&DWP($res_y,"esp")); + &call ("_ecp_nistz256_sub"); # p256_sub(res_y, res_y, S2); + + &mov ("ebp",&DWP(32*18+0,"esp")); # !in1infty + &mov ("esi",&DWP(32*18+4,"esp")); # !in2infty + &mov ("edi",&wparam(0)); + &mov ("edx","ebp"); + ¬ ("ebp"); + &and ("edx","esi"); + &and ("ebp","esi"); + ¬ ("esi"); + + ######################################## + # conditional moves + for($i=64;$i<96;$i+=4) { + &mov ("eax","edx"); + &and ("eax",&DWP($res_x+$i,"esp")); + &mov ("ebx","ebp"); + &and ("ebx",&DWP($in2_x+$i,"esp")); + &mov ("ecx","esi"); + &and ("ecx",&DWP($in1_x+$i,"esp")); + &or ("eax","ebx"); + &or ("eax","ecx"); + &mov (&DWP($i,"edi"),"eax"); + } + for($i=0;$i<64;$i+=4) { + &mov ("eax","edx"); + &and ("eax",&DWP($res_x+$i,"esp")); + &mov ("ebx","ebp"); + &and ("ebx",&DWP($in2_x+$i,"esp")); + &mov ("ecx","esi"); + &and ("ecx",&DWP($in1_x+$i,"esp")); + &or ("eax","ebx"); + &or ("eax","ecx"); + &mov (&DWP($i,"edi"),"eax"); + } + &set_label("add_done"); + &stack_pop(8*18+5); +} &function_end("ecp_nistz256_point_add"); + +######################################################################## +# void ecp_nistz256_point_add_affine(P256_POINT *out, +# const P256_POINT *in1, +# const P256_POINT_AFFINE *in2); +&function_begin("ecp_nistz256_point_add_affine"); +{ + my ($res_x,$res_y,$res_z, + $in1_x,$in1_y,$in1_z, + $in2_x,$in2_y, + $U2,$S2,$H,$R,$Hsqr,$Hcub,$Rsqr)=map(32*$_,(0..14)); + my $Z1sqr = $S2; + my @ONE_mont=(1,0,0,-1,-1,-1,-2,0); + + &mov ("esi",&wparam(1)); + + # above map() describes stack layout with 15 temporary + # 256-bit vectors on top, then we take extra words for + # !in1infty, !in2infty, and OPENSSL_ia32cap_P copy. + &stack_push(8*15+3); + if ($sse2) { + &call ("_picup_eax"); + &set_label("pic"); + &picmeup("edx","OPENSSL_ia32cap_P","eax",&label("pic")); + &mov ("ebp",&DWP(0,"edx")); } + + &lea ("edi",&DWP($in1_x,"esp")); + for($i=0;$i<96;$i+=16) { + &mov ("eax",&DWP($i+0,"esi")); # copy in1 + &mov ("ebx",&DWP($i+4,"esi")); + &mov ("ecx",&DWP($i+8,"esi")); + &mov ("edx",&DWP($i+12,"esi")); + &mov (&DWP($i+0,"edi"),"eax"); + &mov (&DWP(32*15+8,"esp"),"ebp") if ($i==0); + &mov ("ebp","eax") if ($i==64); + &or ("ebp","eax") if ($i>64); + &mov (&DWP($i+4,"edi"),"ebx"); + &or ("ebp","ebx") if ($i>=64); + &mov (&DWP($i+8,"edi"),"ecx"); + &or ("ebp","ecx") if ($i>=64); + &mov (&DWP($i+12,"edi"),"edx"); + &or ("ebp","edx") if ($i>=64); + } + &xor ("eax","eax"); + &mov ("esi",&wparam(2)); + &sub ("eax","ebp"); + &or ("ebp","eax"); + &sar ("ebp",31); + &mov (&DWP(32*15+0,"esp"),"ebp"); # !in1infty + + &lea ("edi",&DWP($in2_x,"esp")); + for($i=0;$i<64;$i+=16) { + &mov ("eax",&DWP($i+0,"esi")); # copy in2 + &mov ("ebx",&DWP($i+4,"esi")); + &mov ("ecx",&DWP($i+8,"esi")); + &mov ("edx",&DWP($i+12,"esi")); + &mov (&DWP($i+0,"edi"),"eax"); + &mov ("ebp","eax") if ($i==0); + &or ("ebp","eax") if ($i!=0); + &mov (&DWP($i+4,"edi"),"ebx"); + &or ("ebp","ebx"); + &mov (&DWP($i+8,"edi"),"ecx"); + &or ("ebp","ecx"); + &mov (&DWP($i+12,"edi"),"edx"); + &or ("ebp","edx"); + } + &xor ("ebx","ebx"); + &mov ("eax",&DWP(32*15+8,"esp")); # OPENSSL_ia32cap_P copy + &sub ("ebx","ebp"); + &lea ("esi",&DWP($in1_z,"esp")); + &or ("ebx","ebp"); + &lea ("ebp",&DWP($in1_z,"esp")); + &sar ("ebx",31); + &lea ("edi",&DWP($Z1sqr,"esp")); + &mov (&DWP(32*15+4,"esp"),"ebx"); # !in2infty + + &call ("_ecp_nistz256_mul_mont"); # p256_sqr_mont(Z1sqr, in1_z); + + &mov ("eax",&DWP(32*15+8,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($in2_x,"esp")); + &mov ("ebp","edi"); # %esi is stull &Z1sqr + &lea ("edi",&DWP($U2,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(U2, Z1sqr, in2_x); + + &mov ("eax",&DWP(32*15+8,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($in1_z,"esp")); + &lea ("ebp",&DWP($Z1sqr,"esp")); + &lea ("edi",&DWP($S2,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(S2, Z1sqr, in1_z); + + &lea ("esi",&DWP($U2,"esp")); + &lea ("ebp",&DWP($in1_x,"esp")); + &lea ("edi",&DWP($H,"esp")); + &call ("_ecp_nistz256_sub"); # p256_sub(H, U2, in1_x); + + &mov ("eax",&DWP(32*15+8,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($in2_y,"esp")); + &lea ("ebp",&DWP($S2,"esp")); + &lea ("edi",&DWP($S2,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(S2, S2, in2_y); + + &mov ("eax",&DWP(32*15+8,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($in1_z,"esp")); + &lea ("ebp",&DWP($H,"esp")); + &lea ("edi",&DWP($res_z,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(res_z, H, in1_z); + + &lea ("esi",&DWP($S2,"esp")); + &lea ("ebp",&DWP($in1_y,"esp")); + &lea ("edi",&DWP($R,"esp")); + &call ("_ecp_nistz256_sub"); # p256_sub(R, S2, in1_y); + + &mov ("eax",&DWP(32*15+8,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($H,"esp")); + &lea ("ebp",&DWP($H,"esp")); + &lea ("edi",&DWP($Hsqr,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_sqr_mont(Hsqr, H); + + &mov ("eax",&DWP(32*15+8,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($R,"esp")); + &lea ("ebp",&DWP($R,"esp")); + &lea ("edi",&DWP($Rsqr,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_sqr_mont(Rsqr, R); + + &mov ("eax",&DWP(32*15+8,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($in1_x,"esp")); + &lea ("ebp",&DWP($Hsqr,"esp")); + &lea ("edi",&DWP($U2,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(U2, in1_x, Hsqr); + + &mov ("eax",&DWP(32*15+8,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($H,"esp")); + &lea ("ebp",&DWP($Hsqr,"esp")); + &lea ("edi",&DWP($Hcub,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(Hcub, Hsqr, H); + + &lea ("esi",&DWP($U2,"esp")); + &lea ("ebp",&DWP($U2,"esp")); + &lea ("edi",&DWP($Hsqr,"esp")); + &call ("_ecp_nistz256_add"); # p256_mul_by_2(Hsqr, U2); + + &lea ("esi",&DWP($Rsqr,"esp")); + &lea ("ebp",&DWP($Hsqr,"esp")); + &lea ("edi",&DWP($res_x,"esp")); + &call ("_ecp_nistz256_sub"); # p256_sub(res_x, Rsqr, Hsqr); + + &lea ("esi",&DWP($res_x,"esp")); + &lea ("ebp",&DWP($Hcub,"esp")); + &lea ("edi",&DWP($res_x,"esp")); + &call ("_ecp_nistz256_sub"); # p256_sub(res_x, res_x, Hcub); + + &lea ("esi",&DWP($U2,"esp")); + &lea ("ebp",&DWP($res_x,"esp")); + &lea ("edi",&DWP($res_y,"esp")); + &call ("_ecp_nistz256_sub"); # p256_sub(res_y, U2, res_x); + + &mov ("eax",&DWP(32*15+8,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($Hcub,"esp")); + &lea ("ebp",&DWP($in1_y,"esp")); + &lea ("edi",&DWP($S2,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(S2, Hcub, in1_y); + + &mov ("eax",&DWP(32*15+8,"esp")); # OPENSSL_ia32cap_P copy + &lea ("esi",&DWP($R,"esp")); + &lea ("ebp",&DWP($res_y,"esp")); + &lea ("edi",&DWP($res_y,"esp")); + &call ("_ecp_nistz256_mul_mont"); # p256_mul_mont(res_y, res_y, R); + + &lea ("esi",&DWP($res_y,"esp")); + &lea ("ebp",&DWP($S2,"esp")); + &lea ("edi",&DWP($res_y,"esp")); + &call ("_ecp_nistz256_sub"); # p256_sub(res_y, res_y, S2); + + &mov ("ebp",&DWP(32*15+0,"esp")); # !in1infty + &mov ("esi",&DWP(32*15+4,"esp")); # !in2infty + &mov ("edi",&wparam(0)); + &mov ("edx","ebp"); + ¬ ("ebp"); + &and ("edx","esi"); + &and ("ebp","esi"); + ¬ ("esi"); + + ######################################## + # conditional moves + for($i=64;$i<96;$i+=4) { + my $one=@ONE_mont[($i-64)/4]; + + &mov ("eax","edx"); + &and ("eax",&DWP($res_x+$i,"esp")); + &mov ("ebx","ebp") if ($one && $one!=-1); + &and ("ebx",$one) if ($one && $one!=-1); + &mov ("ecx","esi"); + &and ("ecx",&DWP($in1_x+$i,"esp")); + &or ("eax",$one==-1?"ebp":"ebx") if ($one); + &or ("eax","ecx"); + &mov (&DWP($i,"edi"),"eax"); + } + for($i=0;$i<64;$i+=4) { + &mov ("eax","edx"); + &and ("eax",&DWP($res_x+$i,"esp")); + &mov ("ebx","ebp"); + &and ("ebx",&DWP($in2_x+$i,"esp")); + &mov ("ecx","esi"); + &and ("ecx",&DWP($in1_x+$i,"esp")); + &or ("eax","ebx"); + &or ("eax","ecx"); + &mov (&DWP($i,"edi"),"eax"); + } + &stack_pop(8*15+3); +} &function_end("ecp_nistz256_point_add_affine"); + +&asm_finish(); + +close STDOUT; diff --git a/src/lib/libcrypto/ec/asm/ecp_nistz256-x86_64.pl b/src/lib/libcrypto/ec/asm/ecp_nistz256-x86_64.pl new file mode 100644 index 00000000000..b772aae7425 --- /dev/null +++ b/src/lib/libcrypto/ec/asm/ecp_nistz256-x86_64.pl @@ -0,0 +1,1971 @@ +#!/usr/bin/env perl +# $OpenBSD: ecp_nistz256-x86_64.pl,v 1.1 2016/11/04 17:33:20 miod Exp $ +# +# Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +# Copyright (c) 2014, Intel Corporation. +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +# SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION +# OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN +# CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +# Developers and authors: +# Shay Gueron (1, 2), and Vlad Krasnov (1) +# (1) Intel Corporation, Israel Development Center +# (2) University of Haifa + +# Reference: +# S.Gueron and V.Krasnov, "Fast Prime Field Elliptic Curve Cryptography with +# 256 Bit Primes" + +# Further optimization by : +# +# this/original with/without -DECP_NISTZ256_ASM(*) +# Opteron +12-49% +110-150% +# Bulldozer +14-45% +175-210% +# P4 +18-46% n/a :-( +# Westmere +12-34% +80-87% +# Sandy Bridge +9-35% +110-120% +# Ivy Bridge +9-35% +110-125% +# Haswell +8-37% +140-160% +# Broadwell +18-58% +145-210% +# Atom +15-50% +130-180% +# VIA Nano +43-160% +300-480% +# +# (*) "without -DECP_NISTZ256_ASM" refers to build with +# "enable-ec_nistp_64_gcc_128"; +# +# Ranges denote minimum and maximum improvement coefficients depending +# on benchmark. Lower coefficients are for ECDSA sign, relatively fastest +# server-side operation. Keep in mind that +100% means 2x improvement. + +$flavour = shift; +$output = shift; +if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } + +$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or +die "can't locate x86_64-xlate.pl"; + +open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\""; +*STDOUT=*OUT; + +$code.=<<___; +.text + +# The polynomial +.align 64 +.Lpoly: +.quad 0xffffffffffffffff, 0x00000000ffffffff, 0x0000000000000000, 0xffffffff00000001 + +.LOne: +.long 1,1,1,1,1,1,1,1 +.LTwo: +.long 2,2,2,2,2,2,2,2 +.LThree: +.long 3,3,3,3,3,3,3,3 +.LONE_mont: +.quad 0x0000000000000001, 0xffffffff00000000, 0xffffffffffffffff, 0x00000000fffffffe +___ + +{ +################################################################################ +# void ecp_nistz256_mul_by_2(uint64_t res[4], uint64_t a[4]); + +my ($a0,$a1,$a2,$a3)=map("%r$_",(8..11)); +my ($t0,$t1,$t2,$t3,$t4)=("%rax","%rdx","%rcx","%r12","%r13"); +my ($r_ptr,$a_ptr,$b_ptr)=("%rdi","%rsi","%rdx"); + +$code.=<<___; + +.globl ecp_nistz256_mul_by_2 +.type ecp_nistz256_mul_by_2,\@function,2 +.align 64 +ecp_nistz256_mul_by_2: + push %r12 + push %r13 + + mov 8*0($a_ptr), $a0 + mov 8*1($a_ptr), $a1 + add $a0, $a0 # a0:a3+a0:a3 + mov 8*2($a_ptr), $a2 + adc $a1, $a1 + mov 8*3($a_ptr), $a3 + lea .Lpoly(%rip), $a_ptr + mov $a0, $t0 + adc $a2, $a2 + adc $a3, $a3 + mov $a1, $t1 + sbb $t4, $t4 + + sub 8*0($a_ptr), $a0 + mov $a2, $t2 + sbb 8*1($a_ptr), $a1 + sbb 8*2($a_ptr), $a2 + mov $a3, $t3 + sbb 8*3($a_ptr), $a3 + test $t4, $t4 + + cmovz $t0, $a0 + cmovz $t1, $a1 + mov $a0, 8*0($r_ptr) + cmovz $t2, $a2 + mov $a1, 8*1($r_ptr) + cmovz $t3, $a3 + mov $a2, 8*2($r_ptr) + mov $a3, 8*3($r_ptr) + + pop %r13 + pop %r12 + ret +.size ecp_nistz256_mul_by_2,.-ecp_nistz256_mul_by_2 + +################################################################################ +# void ecp_nistz256_neg(uint64_t res[4], uint64_t a[4]); +.globl ecp_nistz256_neg +.type ecp_nistz256_neg,\@function,2 +.align 32 +ecp_nistz256_neg: + push %r12 + push %r13 + + xor $a0, $a0 + xor $a1, $a1 + xor $a2, $a2 + xor $a3, $a3 + xor $t4, $t4 + + sub 8*0($a_ptr), $a0 + sbb 8*1($a_ptr), $a1 + sbb 8*2($a_ptr), $a2 + mov $a0, $t0 + sbb 8*3($a_ptr), $a3 + lea .Lpoly(%rip), $a_ptr + mov $a1, $t1 + sbb \$0, $t4 + + add 8*0($a_ptr), $a0 + mov $a2, $t2 + adc 8*1($a_ptr), $a1 + adc 8*2($a_ptr), $a2 + mov $a3, $t3 + adc 8*3($a_ptr), $a3 + test $t4, $t4 + + cmovz $t0, $a0 + cmovz $t1, $a1 + mov $a0, 8*0($r_ptr) + cmovz $t2, $a2 + mov $a1, 8*1($r_ptr) + cmovz $t3, $a3 + mov $a2, 8*2($r_ptr) + mov $a3, 8*3($r_ptr) + + pop %r13 + pop %r12 + ret +.size ecp_nistz256_neg,.-ecp_nistz256_neg +___ +} +{ +my ($r_ptr,$a_ptr,$b_org,$b_ptr)=("%rdi","%rsi","%rdx","%rbx"); +my ($acc0,$acc1,$acc2,$acc3,$acc4,$acc5,$acc6,$acc7)=map("%r$_",(8..15)); +my ($t0,$t1,$t2,$t3,$t4)=("%rcx","%rbp","%rbx","%rdx","%rax"); +my ($poly1,$poly3)=($acc6,$acc7); + +$code.=<<___; +################################################################################ +# void ecp_nistz256_mul_mont( +# uint64_t res[4], +# uint64_t a[4], +# uint64_t b[4]); + +.globl ecp_nistz256_mul_mont +.type ecp_nistz256_mul_mont,\@function,3 +.align 32 +ecp_nistz256_mul_mont: +.Lmul_mont: + push %rbp + push %rbx + push %r12 + push %r13 + push %r14 + push %r15 + + mov $b_org, $b_ptr + mov 8*0($b_org), %rax + mov 8*0($a_ptr), $acc1 + mov 8*1($a_ptr), $acc2 + mov 8*2($a_ptr), $acc3 + mov 8*3($a_ptr), $acc4 + + call __ecp_nistz256_mul_montq + + pop %r15 + pop %r14 + pop %r13 + pop %r12 + pop %rbx + pop %rbp + ret +.size ecp_nistz256_mul_mont,.-ecp_nistz256_mul_mont + +.type __ecp_nistz256_mul_montq,\@abi-omnipotent +.align 32 +__ecp_nistz256_mul_montq: + ######################################################################## + # Multiply a by b[0] + mov %rax, $t1 + mulq $acc1 + mov .Lpoly+8*1(%rip),$poly1 + mov %rax, $acc0 + mov $t1, %rax + mov %rdx, $acc1 + + mulq $acc2 + mov .Lpoly+8*3(%rip),$poly3 + add %rax, $acc1 + mov $t1, %rax + adc \$0, %rdx + mov %rdx, $acc2 + + mulq $acc3 + add %rax, $acc2 + mov $t1, %rax + adc \$0, %rdx + mov %rdx, $acc3 + + mulq $acc4 + add %rax, $acc3 + mov $acc0, %rax + adc \$0, %rdx + xor $acc5, $acc5 + mov %rdx, $acc4 + + ######################################################################## + # First reduction step + # Basically now we want to multiply acc[0] by p256, + # and add the result to the acc. + # Due to the special form of p256 we do some optimizations + # + # acc[0] x p256[0..1] = acc[0] x 2^96 - acc[0] + # then we add acc[0] and get acc[0] x 2^96 + + mov $acc0, $t1 + shl \$32, $acc0 + mulq $poly3 + shr \$32, $t1 + add $acc0, $acc1 # +=acc[0]<<96 + adc $t1, $acc2 + adc %rax, $acc3 + mov 8*1($b_ptr), %rax + adc %rdx, $acc4 + adc \$0, $acc5 + xor $acc0, $acc0 + + ######################################################################## + # Multiply by b[1] + mov %rax, $t1 + mulq 8*0($a_ptr) + add %rax, $acc1 + mov $t1, %rax + adc \$0, %rdx + mov %rdx, $t0 + + mulq 8*1($a_ptr) + add $t0, $acc2 + adc \$0, %rdx + add %rax, $acc2 + mov $t1, %rax + adc \$0, %rdx + mov %rdx, $t0 + + mulq 8*2($a_ptr) + add $t0, $acc3 + adc \$0, %rdx + add %rax, $acc3 + mov $t1, %rax + adc \$0, %rdx + mov %rdx, $t0 + + mulq 8*3($a_ptr) + add $t0, $acc4 + adc \$0, %rdx + add %rax, $acc4 + mov $acc1, %rax + adc %rdx, $acc5 + adc \$0, $acc0 + + ######################################################################## + # Second reduction step + mov $acc1, $t1 + shl \$32, $acc1 + mulq $poly3 + shr \$32, $t1 + add $acc1, $acc2 + adc $t1, $acc3 + adc %rax, $acc4 + mov 8*2($b_ptr), %rax + adc %rdx, $acc5 + adc \$0, $acc0 + xor $acc1, $acc1 + + ######################################################################## + # Multiply by b[2] + mov %rax, $t1 + mulq 8*0($a_ptr) + add %rax, $acc2 + mov $t1, %rax + adc \$0, %rdx + mov %rdx, $t0 + + mulq 8*1($a_ptr) + add $t0, $acc3 + adc \$0, %rdx + add %rax, $acc3 + mov $t1, %rax + adc \$0, %rdx + mov %rdx, $t0 + + mulq 8*2($a_ptr) + add $t0, $acc4 + adc \$0, %rdx + add %rax, $acc4 + mov $t1, %rax + adc \$0, %rdx + mov %rdx, $t0 + + mulq 8*3($a_ptr) + add $t0, $acc5 + adc \$0, %rdx + add %rax, $acc5 + mov $acc2, %rax + adc %rdx, $acc0 + adc \$0, $acc1 + + ######################################################################## + # Third reduction step + mov $acc2, $t1 + shl \$32, $acc2 + mulq $poly3 + shr \$32, $t1 + add $acc2, $acc3 + adc $t1, $acc4 + adc %rax, $acc5 + mov 8*3($b_ptr), %rax + adc %rdx, $acc0 + adc \$0, $acc1 + xor $acc2, $acc2 + + ######################################################################## + # Multiply by b[3] + mov %rax, $t1 + mulq 8*0($a_ptr) + add %rax, $acc3 + mov $t1, %rax + adc \$0, %rdx + mov %rdx, $t0 + + mulq 8*1($a_ptr) + add $t0, $acc4 + adc \$0, %rdx + add %rax, $acc4 + mov $t1, %rax + adc \$0, %rdx + mov %rdx, $t0 + + mulq 8*2($a_ptr) + add $t0, $acc5 + adc \$0, %rdx + add %rax, $acc5 + mov $t1, %rax + adc \$0, %rdx + mov %rdx, $t0 + + mulq 8*3($a_ptr) + add $t0, $acc0 + adc \$0, %rdx + add %rax, $acc0 + mov $acc3, %rax + adc %rdx, $acc1 + adc \$0, $acc2 + + ######################################################################## + # Final reduction step + mov $acc3, $t1 + shl \$32, $acc3 + mulq $poly3 + shr \$32, $t1 + add $acc3, $acc4 + adc $t1, $acc5 + mov $acc4, $t0 + adc %rax, $acc0 + adc %rdx, $acc1 + mov $acc5, $t1 + adc \$0, $acc2 + + ######################################################################## + # Branch-less conditional subtraction of P + sub \$-1, $acc4 # .Lpoly[0] + mov $acc0, $t2 + sbb $poly1, $acc5 # .Lpoly[1] + sbb \$0, $acc0 # .Lpoly[2] + mov $acc1, $t3 + sbb $poly3, $acc1 # .Lpoly[3] + sbb \$0, $acc2 + + cmovc $t0, $acc4 + cmovc $t1, $acc5 + mov $acc4, 8*0($r_ptr) + cmovc $t2, $acc0 + mov $acc5, 8*1($r_ptr) + cmovc $t3, $acc1 + mov $acc0, 8*2($r_ptr) + mov $acc1, 8*3($r_ptr) + + ret +.size __ecp_nistz256_mul_montq,.-__ecp_nistz256_mul_montq + +################################################################################ +# void ecp_nistz256_sqr_mont( +# uint64_t res[4], +# uint64_t a[4]); + +# we optimize the square according to S.Gueron and V.Krasnov, +# "Speeding up Big-Number Squaring" +.globl ecp_nistz256_sqr_mont +.type ecp_nistz256_sqr_mont,\@function,2 +.align 32 +ecp_nistz256_sqr_mont: + push %rbp + push %rbx + push %r12 + push %r13 + push %r14 + push %r15 + + mov 8*0($a_ptr), %rax + mov 8*1($a_ptr), $acc6 + mov 8*2($a_ptr), $acc7 + mov 8*3($a_ptr), $acc0 + + call __ecp_nistz256_sqr_montq + + pop %r15 + pop %r14 + pop %r13 + pop %r12 + pop %rbx + pop %rbp + ret +.size ecp_nistz256_sqr_mont,.-ecp_nistz256_sqr_mont + +.type __ecp_nistz256_sqr_montq,\@abi-omnipotent +.align 32 +__ecp_nistz256_sqr_montq: + mov %rax, $acc5 + mulq $acc6 # a[1]*a[0] + mov %rax, $acc1 + mov $acc7, %rax + mov %rdx, $acc2 + + mulq $acc5 # a[0]*a[2] + add %rax, $acc2 + mov $acc0, %rax + adc \$0, %rdx + mov %rdx, $acc3 + + mulq $acc5 # a[0]*a[3] + add %rax, $acc3 + mov $acc7, %rax + adc \$0, %rdx + mov %rdx, $acc4 + + ################################# + mulq $acc6 # a[1]*a[2] + add %rax, $acc3 + mov $acc0, %rax + adc \$0, %rdx + mov %rdx, $t1 + + mulq $acc6 # a[1]*a[3] + add %rax, $acc4 + mov $acc0, %rax + adc \$0, %rdx + add $t1, $acc4 + mov %rdx, $acc5 + adc \$0, $acc5 + + ################################# + mulq $acc7 # a[2]*a[3] + xor $acc7, $acc7 + add %rax, $acc5 + mov 8*0($a_ptr), %rax + mov %rdx, $acc6 + adc \$0, $acc6 + + add $acc1, $acc1 # acc1:6<<1 + adc $acc2, $acc2 + adc $acc3, $acc3 + adc $acc4, $acc4 + adc $acc5, $acc5 + adc $acc6, $acc6 + adc \$0, $acc7 + + mulq %rax + mov %rax, $acc0 + mov 8*1($a_ptr), %rax + mov %rdx, $t0 + + mulq %rax + add $t0, $acc1 + adc %rax, $acc2 + mov 8*2($a_ptr), %rax + adc \$0, %rdx + mov %rdx, $t0 + + mulq %rax + add $t0, $acc3 + adc %rax, $acc4 + mov 8*3($a_ptr), %rax + adc \$0, %rdx + mov %rdx, $t0 + + mulq %rax + add $t0, $acc5 + adc %rax, $acc6 + mov $acc0, %rax + adc %rdx, $acc7 + + mov .Lpoly+8*1(%rip), $a_ptr + mov .Lpoly+8*3(%rip), $t1 + + ########################################## + # Now the reduction + # First iteration + mov $acc0, $t0 + shl \$32, $acc0 + mulq $t1 + shr \$32, $t0 + add $acc0, $acc1 # +=acc[0]<<96 + adc $t0, $acc2 + adc %rax, $acc3 + mov $acc1, %rax + adc \$0, %rdx + + ########################################## + # Second iteration + mov $acc1, $t0 + shl \$32, $acc1 + mov %rdx, $acc0 + mulq $t1 + shr \$32, $t0 + add $acc1, $acc2 + adc $t0, $acc3 + adc %rax, $acc0 + mov $acc2, %rax + adc \$0, %rdx + + ########################################## + # Third iteration + mov $acc2, $t0 + shl \$32, $acc2 + mov %rdx, $acc1 + mulq $t1 + shr \$32, $t0 + add $acc2, $acc3 + adc $t0, $acc0 + adc %rax, $acc1 + mov $acc3, %rax + adc \$0, %rdx + + ########################################### + # Last iteration + mov $acc3, $t0 + shl \$32, $acc3 + mov %rdx, $acc2 + mulq $t1 + shr \$32, $t0 + add $acc3, $acc0 + adc $t0, $acc1 + adc %rax, $acc2 + adc \$0, %rdx + xor $acc3, $acc3 + + ############################################ + # Add the rest of the acc + add $acc0, $acc4 + adc $acc1, $acc5 + mov $acc4, $acc0 + adc $acc2, $acc6 + adc %rdx, $acc7 + mov $acc5, $acc1 + adc \$0, $acc3 + + sub \$-1, $acc4 # .Lpoly[0] + mov $acc6, $acc2 + sbb $a_ptr, $acc5 # .Lpoly[1] + sbb \$0, $acc6 # .Lpoly[2] + mov $acc7, $t0 + sbb $t1, $acc7 # .Lpoly[3] + sbb \$0, $acc3 + + cmovc $acc0, $acc4 + cmovc $acc1, $acc5 + mov $acc4, 8*0($r_ptr) + cmovc $acc2, $acc6 + mov $acc5, 8*1($r_ptr) + cmovc $t0, $acc7 + mov $acc6, 8*2($r_ptr) + mov $acc7, 8*3($r_ptr) + + ret +.size __ecp_nistz256_sqr_montq,.-__ecp_nistz256_sqr_montq +___ + +} +{ +my ($r_ptr,$in_ptr)=("%rdi","%rsi"); +my ($acc0,$acc1,$acc2,$acc3)=map("%r$_",(8..11)); +my ($t0,$t1,$t2)=("%rcx","%r12","%r13"); + +$code.=<<___; +################################################################################ +# void ecp_nistz256_from_mont( +# uint64_t res[4], +# uint64_t in[4]); +# This one performs Montgomery multiplication by 1, so we only need the reduction + +.globl ecp_nistz256_from_mont +.type ecp_nistz256_from_mont,\@function,2 +.align 32 +ecp_nistz256_from_mont: + push %r12 + push %r13 + + mov 8*0($in_ptr), %rax + mov .Lpoly+8*3(%rip), $t2 + mov 8*1($in_ptr), $acc1 + mov 8*2($in_ptr), $acc2 + mov 8*3($in_ptr), $acc3 + mov %rax, $acc0 + mov .Lpoly+8*1(%rip), $t1 + + ######################################### + # First iteration + mov %rax, $t0 + shl \$32, $acc0 + mulq $t2 + shr \$32, $t0 + add $acc0, $acc1 + adc $t0, $acc2 + adc %rax, $acc3 + mov $acc1, %rax + adc \$0, %rdx + + ######################################### + # Second iteration + mov $acc1, $t0 + shl \$32, $acc1 + mov %rdx, $acc0 + mulq $t2 + shr \$32, $t0 + add $acc1, $acc2 + adc $t0, $acc3 + adc %rax, $acc0 + mov $acc2, %rax + adc \$0, %rdx + + ########################################## + # Third iteration + mov $acc2, $t0 + shl \$32, $acc2 + mov %rdx, $acc1 + mulq $t2 + shr \$32, $t0 + add $acc2, $acc3 + adc $t0, $acc0 + adc %rax, $acc1 + mov $acc3, %rax + adc \$0, %rdx + + ########################################### + # Last iteration + mov $acc3, $t0 + shl \$32, $acc3 + mov %rdx, $acc2 + mulq $t2 + shr \$32, $t0 + add $acc3, $acc0 + adc $t0, $acc1 + mov $acc0, $t0 + adc %rax, $acc2 + mov $acc1, $in_ptr + adc \$0, %rdx + + ########################################### + # Branch-less conditional subtraction + sub \$-1, $acc0 + mov $acc2, %rax + sbb $t1, $acc1 + sbb \$0, $acc2 + mov %rdx, $acc3 + sbb $t2, %rdx + sbb $t2, $t2 + + cmovnz $t0, $acc0 + cmovnz $in_ptr, $acc1 + mov $acc0, 8*0($r_ptr) + cmovnz %rax, $acc2 + mov $acc1, 8*1($r_ptr) + cmovz %rdx, $acc3 + mov $acc2, 8*2($r_ptr) + mov $acc3, 8*3($r_ptr) + + pop %r13 + pop %r12 + ret +.size ecp_nistz256_from_mont,.-ecp_nistz256_from_mont +___ +} +{ +my ($val,$in_t,$index)=$win64?("%rcx","%rdx","%r8d"):("%rdi","%rsi","%edx"); +my ($ONE,$INDEX,$Ra,$Rb,$Rc,$Rd,$Re,$Rf)=map("%xmm$_",(0..7)); +my ($M0,$T0a,$T0b,$T0c,$T0d,$T0e,$T0f,$TMP0)=map("%xmm$_",(8..15)); +my ($M1,$T2a,$T2b,$TMP2,$M2,$T2a,$T2b,$TMP2)=map("%xmm$_",(8..15)); + +$code.=<<___; +################################################################################ +# void ecp_nistz256_select_w5(uint64_t *val, uint64_t *in_t, int index); +.globl ecp_nistz256_select_w5 +.type ecp_nistz256_select_w5,\@abi-omnipotent +.align 32 +ecp_nistz256_select_w5: +___ +$code.=<<___ if ($win64); + lea -0x88(%rsp), %rax +.LSEH_begin_ecp_nistz256_select_w5: + .byte 0x48,0x8d,0x60,0xe0 #lea -0x20(%rax), %rsp + .byte 0x0f,0x29,0x70,0xe0 #movaps %xmm6, -0x20(%rax) + .byte 0x0f,0x29,0x78,0xf0 #movaps %xmm7, -0x10(%rax) + .byte 0x44,0x0f,0x29,0x00 #movaps %xmm8, 0(%rax) + .byte 0x44,0x0f,0x29,0x48,0x10 #movaps %xmm9, 0x10(%rax) + .byte 0x44,0x0f,0x29,0x50,0x20 #movaps %xmm10, 0x20(%rax) + .byte 0x44,0x0f,0x29,0x58,0x30 #movaps %xmm11, 0x30(%rax) + .byte 0x44,0x0f,0x29,0x60,0x40 #movaps %xmm12, 0x40(%rax) + .byte 0x44,0x0f,0x29,0x68,0x50 #movaps %xmm13, 0x50(%rax) + .byte 0x44,0x0f,0x29,0x70,0x60 #movaps %xmm14, 0x60(%rax) + .byte 0x44,0x0f,0x29,0x78,0x70 #movaps %xmm15, 0x70(%rax) +___ +$code.=<<___; + movdqa .LOne(%rip), $ONE + movd $index, $INDEX + + pxor $Ra, $Ra + pxor $Rb, $Rb + pxor $Rc, $Rc + pxor $Rd, $Rd + pxor $Re, $Re + pxor $Rf, $Rf + + movdqa $ONE, $M0 + pshufd \$0, $INDEX, $INDEX + + mov \$16, %rax +.Lselect_loop_sse_w5: + + movdqa $M0, $TMP0 + paddd $ONE, $M0 + pcmpeqd $INDEX, $TMP0 + + movdqa 16*0($in_t), $T0a + movdqa 16*1($in_t), $T0b + movdqa 16*2($in_t), $T0c + movdqa 16*3($in_t), $T0d + movdqa 16*4($in_t), $T0e + movdqa 16*5($in_t), $T0f + lea 16*6($in_t), $in_t + + pand $TMP0, $T0a + pand $TMP0, $T0b + por $T0a, $Ra + pand $TMP0, $T0c + por $T0b, $Rb + pand $TMP0, $T0d + por $T0c, $Rc + pand $TMP0, $T0e + por $T0d, $Rd + pand $TMP0, $T0f + por $T0e, $Re + por $T0f, $Rf + + dec %rax + jnz .Lselect_loop_sse_w5 + + movdqu $Ra, 16*0($val) + movdqu $Rb, 16*1($val) + movdqu $Rc, 16*2($val) + movdqu $Rd, 16*3($val) + movdqu $Re, 16*4($val) + movdqu $Rf, 16*5($val) +___ +$code.=<<___ if ($win64); + movaps (%rsp), %xmm6 + movaps 0x10(%rsp), %xmm7 + movaps 0x20(%rsp), %xmm8 + movaps 0x30(%rsp), %xmm9 + movaps 0x40(%rsp), %xmm10 + movaps 0x50(%rsp), %xmm11 + movaps 0x60(%rsp), %xmm12 + movaps 0x70(%rsp), %xmm13 + movaps 0x80(%rsp), %xmm14 + movaps 0x90(%rsp), %xmm15 + lea 0xa8(%rsp), %rsp +.LSEH_end_ecp_nistz256_select_w5: +___ +$code.=<<___; + ret +.size ecp_nistz256_select_w5,.-ecp_nistz256_select_w5 + +################################################################################ +# void ecp_nistz256_select_w7(uint64_t *val, uint64_t *in_t, int index); +.globl ecp_nistz256_select_w7 +.type ecp_nistz256_select_w7,\@abi-omnipotent +.align 32 +ecp_nistz256_select_w7: +___ +$code.=<<___ if ($win64); + lea -0x88(%rsp), %rax +.LSEH_begin_ecp_nistz256_select_w7: + .byte 0x48,0x8d,0x60,0xe0 #lea -0x20(%rax), %rsp + .byte 0x0f,0x29,0x70,0xe0 #movaps %xmm6, -0x20(%rax) + .byte 0x0f,0x29,0x78,0xf0 #movaps %xmm7, -0x10(%rax) + .byte 0x44,0x0f,0x29,0x00 #movaps %xmm8, 0(%rax) + .byte 0x44,0x0f,0x29,0x48,0x10 #movaps %xmm9, 0x10(%rax) + .byte 0x44,0x0f,0x29,0x50,0x20 #movaps %xmm10, 0x20(%rax) + .byte 0x44,0x0f,0x29,0x58,0x30 #movaps %xmm11, 0x30(%rax) + .byte 0x44,0x0f,0x29,0x60,0x40 #movaps %xmm12, 0x40(%rax) + .byte 0x44,0x0f,0x29,0x68,0x50 #movaps %xmm13, 0x50(%rax) + .byte 0x44,0x0f,0x29,0x70,0x60 #movaps %xmm14, 0x60(%rax) + .byte 0x44,0x0f,0x29,0x78,0x70 #movaps %xmm15, 0x70(%rax) +___ +$code.=<<___; + movdqa .LOne(%rip), $M0 + movd $index, $INDEX + + pxor $Ra, $Ra + pxor $Rb, $Rb + pxor $Rc, $Rc + pxor $Rd, $Rd + + movdqa $M0, $ONE + pshufd \$0, $INDEX, $INDEX + mov \$64, %rax + +.Lselect_loop_sse_w7: + movdqa $M0, $TMP0 + paddd $ONE, $M0 + movdqa 16*0($in_t), $T0a + movdqa 16*1($in_t), $T0b + pcmpeqd $INDEX, $TMP0 + movdqa 16*2($in_t), $T0c + movdqa 16*3($in_t), $T0d + lea 16*4($in_t), $in_t + + pand $TMP0, $T0a + pand $TMP0, $T0b + por $T0a, $Ra + pand $TMP0, $T0c + por $T0b, $Rb + pand $TMP0, $T0d + por $T0c, $Rc + prefetcht0 255($in_t) + por $T0d, $Rd + + dec %rax + jnz .Lselect_loop_sse_w7 + + movdqu $Ra, 16*0($val) + movdqu $Rb, 16*1($val) + movdqu $Rc, 16*2($val) + movdqu $Rd, 16*3($val) +___ +$code.=<<___ if ($win64); + movaps (%rsp), %xmm6 + movaps 0x10(%rsp), %xmm7 + movaps 0x20(%rsp), %xmm8 + movaps 0x30(%rsp), %xmm9 + movaps 0x40(%rsp), %xmm10 + movaps 0x50(%rsp), %xmm11 + movaps 0x60(%rsp), %xmm12 + movaps 0x70(%rsp), %xmm13 + movaps 0x80(%rsp), %xmm14 + movaps 0x90(%rsp), %xmm15 + lea 0xa8(%rsp), %rsp +.LSEH_end_ecp_nistz256_select_w7: +___ +$code.=<<___; + ret +.size ecp_nistz256_select_w7,.-ecp_nistz256_select_w7 +___ +} +{{{ +######################################################################## +# This block implements higher level point_double, point_add and +# point_add_affine. The key to performance in this case is to allow +# out-of-order execution logic to overlap computations from next step +# with tail processing from current step. By using tailored calling +# sequence we minimize inter-step overhead to give processor better +# shot at overlapping operations... +# +# You will notice that input data is copied to stack. Trouble is that +# there are no registers to spare for holding original pointers and +# reloading them, pointers, would create undesired dependencies on +# effective addresses calculation paths. In other words it's too done +# to favour out-of-order execution logic. +# + +my ($r_ptr,$a_ptr,$b_org,$b_ptr)=("%rdi","%rsi","%rdx","%rbx"); +my ($acc0,$acc1,$acc2,$acc3,$acc4,$acc5,$acc6,$acc7)=map("%r$_",(8..15)); +my ($t0,$t1,$t2,$t3,$t4)=("%rax","%rbp","%rcx",$acc4,$acc4); +my ($poly1,$poly3)=($acc6,$acc7); + +sub load_for_mul () { +my ($a,$b,$src0) = @_; +my $bias = $src0 eq "%rax" ? 0 : -128; + +" mov $b, $src0 + lea $b, $b_ptr + mov 8*0+$a, $acc1 + mov 8*1+$a, $acc2 + lea $bias+$a, $a_ptr + mov 8*2+$a, $acc3 + mov 8*3+$a, $acc4" +} + +sub load_for_sqr () { +my ($a,$src0) = @_; +my $bias = $src0 eq "%rax" ? 0 : -128; + +" mov 8*0+$a, $src0 + mov 8*1+$a, $acc6 + lea $bias+$a, $a_ptr + mov 8*2+$a, $acc7 + mov 8*3+$a, $acc0" +} + + { +######################################################################## +# operate in 4-5-0-1 "name space" that matches multiplication output +# +my ($a0,$a1,$a2,$a3,$t3,$t4)=($acc4,$acc5,$acc0,$acc1,$acc2,$acc3); + +$code.=<<___; +.type __ecp_nistz256_add_toq,\@abi-omnipotent +.align 32 +__ecp_nistz256_add_toq: + add 8*0($b_ptr), $a0 + adc 8*1($b_ptr), $a1 + mov $a0, $t0 + adc 8*2($b_ptr), $a2 + adc 8*3($b_ptr), $a3 + mov $a1, $t1 + sbb $t4, $t4 + + sub \$-1, $a0 + mov $a2, $t2 + sbb $poly1, $a1 + sbb \$0, $a2 + mov $a3, $t3 + sbb $poly3, $a3 + test $t4, $t4 + + cmovz $t0, $a0 + cmovz $t1, $a1 + mov $a0, 8*0($r_ptr) + cmovz $t2, $a2 + mov $a1, 8*1($r_ptr) + cmovz $t3, $a3 + mov $a2, 8*2($r_ptr) + mov $a3, 8*3($r_ptr) + + ret +.size __ecp_nistz256_add_toq,.-__ecp_nistz256_add_toq + +.type __ecp_nistz256_sub_fromq,\@abi-omnipotent +.align 32 +__ecp_nistz256_sub_fromq: + sub 8*0($b_ptr), $a0 + sbb 8*1($b_ptr), $a1 + mov $a0, $t0 + sbb 8*2($b_ptr), $a2 + sbb 8*3($b_ptr), $a3 + mov $a1, $t1 + sbb $t4, $t4 + + add \$-1, $a0 + mov $a2, $t2 + adc $poly1, $a1 + adc \$0, $a2 + mov $a3, $t3 + adc $poly3, $a3 + test $t4, $t4 + + cmovz $t0, $a0 + cmovz $t1, $a1 + mov $a0, 8*0($r_ptr) + cmovz $t2, $a2 + mov $a1, 8*1($r_ptr) + cmovz $t3, $a3 + mov $a2, 8*2($r_ptr) + mov $a3, 8*3($r_ptr) + + ret +.size __ecp_nistz256_sub_fromq,.-__ecp_nistz256_sub_fromq + +.type __ecp_nistz256_subq,\@abi-omnipotent +.align 32 +__ecp_nistz256_subq: + sub $a0, $t0 + sbb $a1, $t1 + mov $t0, $a0 + sbb $a2, $t2 + sbb $a3, $t3 + mov $t1, $a1 + sbb $t4, $t4 + + add \$-1, $t0 + mov $t2, $a2 + adc $poly1, $t1 + adc \$0, $t2 + mov $t3, $a3 + adc $poly3, $t3 + test $t4, $t4 + + cmovnz $t0, $a0 + cmovnz $t1, $a1 + cmovnz $t2, $a2 + cmovnz $t3, $a3 + + ret +.size __ecp_nistz256_subq,.-__ecp_nistz256_subq + +.type __ecp_nistz256_mul_by_2q,\@abi-omnipotent +.align 32 +__ecp_nistz256_mul_by_2q: + add $a0, $a0 # a0:a3+a0:a3 + adc $a1, $a1 + mov $a0, $t0 + adc $a2, $a2 + adc $a3, $a3 + mov $a1, $t1 + sbb $t4, $t4 + + sub \$-1, $a0 + mov $a2, $t2 + sbb $poly1, $a1 + sbb \$0, $a2 + mov $a3, $t3 + sbb $poly3, $a3 + test $t4, $t4 + + cmovz $t0, $a0 + cmovz $t1, $a1 + mov $a0, 8*0($r_ptr) + cmovz $t2, $a2 + mov $a1, 8*1($r_ptr) + cmovz $t3, $a3 + mov $a2, 8*2($r_ptr) + mov $a3, 8*3($r_ptr) + + ret +.size __ecp_nistz256_mul_by_2q,.-__ecp_nistz256_mul_by_2q +___ + } +sub gen_double () { + my $x = shift; + my ($src0,$sfx,$bias); + my ($S,$M,$Zsqr,$in_x,$tmp0)=map(32*$_,(0..4)); + + if ($x ne "x") { + $src0 = "%rax"; + $sfx = ""; + $bias = 0; + +$code.=<<___; +.globl ecp_nistz256_point_double +.type ecp_nistz256_point_double,\@function,2 +.align 32 +ecp_nistz256_point_double: +___ + } else { + $src0 = "%rdx"; + $sfx = "x"; + $bias = 128; + +$code.=<<___; +.type ecp_nistz256_point_doublex,\@function,2 +.align 32 +ecp_nistz256_point_doublex: +.Lpoint_doublex: +___ + } +$code.=<<___; + push %rbp + push %rbx + push %r12 + push %r13 + push %r14 + push %r15 + sub \$32*5+8, %rsp + +.Lpoint_double_shortcut$x: + movdqu 0x00($a_ptr), %xmm0 # copy *(P256_POINT *)$a_ptr.x + mov $a_ptr, $b_ptr # backup copy + movdqu 0x10($a_ptr), %xmm1 + mov 0x20+8*0($a_ptr), $acc4 # load in_y in "5-4-0-1" order + mov 0x20+8*1($a_ptr), $acc5 + mov 0x20+8*2($a_ptr), $acc0 + mov 0x20+8*3($a_ptr), $acc1 + mov .Lpoly+8*1(%rip), $poly1 + mov .Lpoly+8*3(%rip), $poly3 + movdqa %xmm0, $in_x(%rsp) + movdqa %xmm1, $in_x+0x10(%rsp) + lea 0x20($r_ptr), $acc2 + lea 0x40($r_ptr), $acc3 + movq $r_ptr, %xmm0 + movq $acc2, %xmm1 + movq $acc3, %xmm2 + + lea $S(%rsp), $r_ptr + call __ecp_nistz256_mul_by_2$x # p256_mul_by_2(S, in_y); + + mov 0x40+8*0($a_ptr), $src0 + mov 0x40+8*1($a_ptr), $acc6 + mov 0x40+8*2($a_ptr), $acc7 + mov 0x40+8*3($a_ptr), $acc0 + lea 0x40-$bias($a_ptr), $a_ptr + lea $Zsqr(%rsp), $r_ptr + call __ecp_nistz256_sqr_mont$x # p256_sqr_mont(Zsqr, in_z); + + `&load_for_sqr("$S(%rsp)", "$src0")` + lea $S(%rsp), $r_ptr + call __ecp_nistz256_sqr_mont$x # p256_sqr_mont(S, S); + + mov 0x20($b_ptr), $src0 # $b_ptr is still valid + mov 0x40+8*0($b_ptr), $acc1 + mov 0x40+8*1($b_ptr), $acc2 + mov 0x40+8*2($b_ptr), $acc3 + mov 0x40+8*3($b_ptr), $acc4 + lea 0x40-$bias($b_ptr), $a_ptr + lea 0x20($b_ptr), $b_ptr + movq %xmm2, $r_ptr + call __ecp_nistz256_mul_mont$x # p256_mul_mont(res_z, in_z, in_y); + call __ecp_nistz256_mul_by_2$x # p256_mul_by_2(res_z, res_z); + + mov $in_x+8*0(%rsp), $acc4 # "5-4-0-1" order + mov $in_x+8*1(%rsp), $acc5 + lea $Zsqr(%rsp), $b_ptr + mov $in_x+8*2(%rsp), $acc0 + mov $in_x+8*3(%rsp), $acc1 + lea $M(%rsp), $r_ptr + call __ecp_nistz256_add_to$x # p256_add(M, in_x, Zsqr); + + mov $in_x+8*0(%rsp), $acc4 # "5-4-0-1" order + mov $in_x+8*1(%rsp), $acc5 + lea $Zsqr(%rsp), $b_ptr + mov $in_x+8*2(%rsp), $acc0 + mov $in_x+8*3(%rsp), $acc1 + lea $Zsqr(%rsp), $r_ptr + call __ecp_nistz256_sub_from$x # p256_sub(Zsqr, in_x, Zsqr); + + `&load_for_sqr("$S(%rsp)", "$src0")` + movq %xmm1, $r_ptr + call __ecp_nistz256_sqr_mont$x # p256_sqr_mont(res_y, S); +___ +{ +######## ecp_nistz256_div_by_2(res_y, res_y); ########################## +# operate in 4-5-6-7 "name space" that matches squaring output +# +my ($poly1,$poly3)=($a_ptr,$t1); +my ($a0,$a1,$a2,$a3,$t3,$t4,$t1)=($acc4,$acc5,$acc6,$acc7,$acc0,$acc1,$acc2); + +$code.=<<___; + xor $t4, $t4 + mov $a0, $t0 + add \$-1, $a0 + mov $a1, $t1 + adc $poly1, $a1 + mov $a2, $t2 + adc \$0, $a2 + mov $a3, $t3 + adc $poly3, $a3 + adc \$0, $t4 + xor $a_ptr, $a_ptr # borrow $a_ptr + test \$1, $t0 + + cmovz $t0, $a0 + cmovz $t1, $a1 + cmovz $t2, $a2 + cmovz $t3, $a3 + cmovz $a_ptr, $t4 + + mov $a1, $t0 # a0:a3>>1 + shr \$1, $a0 + shl \$63, $t0 + mov $a2, $t1 + shr \$1, $a1 + or $t0, $a0 + shl \$63, $t1 + mov $a3, $t2 + shr \$1, $a2 + or $t1, $a1 + shl \$63, $t2 + mov $a0, 8*0($r_ptr) + shr \$1, $a3 + mov $a1, 8*1($r_ptr) + shl \$63, $t4 + or $t2, $a2 + or $t4, $a3 + mov $a2, 8*2($r_ptr) + mov $a3, 8*3($r_ptr) +___ +} +$code.=<<___; + `&load_for_mul("$M(%rsp)", "$Zsqr(%rsp)", "$src0")` + lea $M(%rsp), $r_ptr + call __ecp_nistz256_mul_mont$x # p256_mul_mont(M, M, Zsqr); + + lea $tmp0(%rsp), $r_ptr + call __ecp_nistz256_mul_by_2$x + + lea $M(%rsp), $b_ptr + lea $M(%rsp), $r_ptr + call __ecp_nistz256_add_to$x # p256_mul_by_3(M, M); + + `&load_for_mul("$S(%rsp)", "$in_x(%rsp)", "$src0")` + lea $S(%rsp), $r_ptr + call __ecp_nistz256_mul_mont$x # p256_mul_mont(S, S, in_x); + + lea $tmp0(%rsp), $r_ptr + call __ecp_nistz256_mul_by_2$x # p256_mul_by_2(tmp0, S); + + `&load_for_sqr("$M(%rsp)", "$src0")` + movq %xmm0, $r_ptr + call __ecp_nistz256_sqr_mont$x # p256_sqr_mont(res_x, M); + + lea $tmp0(%rsp), $b_ptr + mov $acc6, $acc0 # harmonize sqr output and sub input + mov $acc7, $acc1 + mov $a_ptr, $poly1 + mov $t1, $poly3 + call __ecp_nistz256_sub_from$x # p256_sub(res_x, res_x, tmp0); + + mov $S+8*0(%rsp), $t0 + mov $S+8*1(%rsp), $t1 + mov $S+8*2(%rsp), $t2 + mov $S+8*3(%rsp), $acc2 # "4-5-0-1" order + lea $S(%rsp), $r_ptr + call __ecp_nistz256_sub$x # p256_sub(S, S, res_x); + + mov $M(%rsp), $src0 + lea $M(%rsp), $b_ptr + mov $acc4, $acc6 # harmonize sub output and mul input + xor %ecx, %ecx + mov $acc4, $S+8*0(%rsp) # have to save:-( + mov $acc5, $acc2 + mov $acc5, $S+8*1(%rsp) + cmovz $acc0, $acc3 + mov $acc0, $S+8*2(%rsp) + lea $S-$bias(%rsp), $a_ptr + cmovz $acc1, $acc4 + mov $acc1, $S+8*3(%rsp) + mov $acc6, $acc1 + lea $S(%rsp), $r_ptr + call __ecp_nistz256_mul_mont$x # p256_mul_mont(S, S, M); + + movq %xmm1, $b_ptr + movq %xmm1, $r_ptr + call __ecp_nistz256_sub_from$x # p256_sub(res_y, S, res_y); + + add \$32*5+8, %rsp + pop %r15 + pop %r14 + pop %r13 + pop %r12 + pop %rbx + pop %rbp + ret +.size ecp_nistz256_point_double$sfx,.-ecp_nistz256_point_double$sfx +___ +} +&gen_double("q"); + +sub gen_add () { + my $x = shift; + my ($src0,$sfx,$bias); + my ($H,$Hsqr,$R,$Rsqr,$Hcub, + $U1,$U2,$S1,$S2, + $res_x,$res_y,$res_z, + $in1_x,$in1_y,$in1_z, + $in2_x,$in2_y,$in2_z)=map(32*$_,(0..17)); + my ($Z1sqr, $Z2sqr) = ($Hsqr, $Rsqr); + + if ($x ne "x") { + $src0 = "%rax"; + $sfx = ""; + $bias = 0; + +$code.=<<___; +.globl ecp_nistz256_point_add +.type ecp_nistz256_point_add,\@function,3 +.align 32 +ecp_nistz256_point_add: +___ + } else { + $src0 = "%rdx"; + $sfx = "x"; + $bias = 128; + } +$code.=<<___; + push %rbp + push %rbx + push %r12 + push %r13 + push %r14 + push %r15 + sub \$32*18+8, %rsp + + movdqu 0x00($a_ptr), %xmm0 # copy *(P256_POINT *)$a_ptr + movdqu 0x10($a_ptr), %xmm1 + movdqu 0x20($a_ptr), %xmm2 + movdqu 0x30($a_ptr), %xmm3 + movdqu 0x40($a_ptr), %xmm4 + movdqu 0x50($a_ptr), %xmm5 + mov $a_ptr, $b_ptr # reassign + mov $b_org, $a_ptr # reassign + movdqa %xmm0, $in1_x(%rsp) + movdqa %xmm1, $in1_x+0x10(%rsp) + por %xmm0, %xmm1 + movdqa %xmm2, $in1_y(%rsp) + movdqa %xmm3, $in1_y+0x10(%rsp) + por %xmm2, %xmm3 + movdqa %xmm4, $in1_z(%rsp) + movdqa %xmm5, $in1_z+0x10(%rsp) + por %xmm1, %xmm3 + + movdqu 0x00($a_ptr), %xmm0 # copy *(P256_POINT *)$b_ptr + pshufd \$0xb1, %xmm3, %xmm5 + movdqu 0x10($a_ptr), %xmm1 + movdqu 0x20($a_ptr), %xmm2 + por %xmm3, %xmm5 + movdqu 0x30($a_ptr), %xmm3 + mov 0x40+8*0($a_ptr), $src0 # load original in2_z + mov 0x40+8*1($a_ptr), $acc6 + mov 0x40+8*2($a_ptr), $acc7 + mov 0x40+8*3($a_ptr), $acc0 + movdqa %xmm0, $in2_x(%rsp) + pshufd \$0x1e, %xmm5, %xmm4 + movdqa %xmm1, $in2_x+0x10(%rsp) + por %xmm0, %xmm1 + movq $r_ptr, %xmm0 # save $r_ptr + movdqa %xmm2, $in2_y(%rsp) + movdqa %xmm3, $in2_y+0x10(%rsp) + por %xmm2, %xmm3 + por %xmm4, %xmm5 + pxor %xmm4, %xmm4 + por %xmm1, %xmm3 + + lea 0x40-$bias($a_ptr), $a_ptr # $a_ptr is still valid + mov $src0, $in2_z+8*0(%rsp) # make in2_z copy + mov $acc6, $in2_z+8*1(%rsp) + mov $acc7, $in2_z+8*2(%rsp) + mov $acc0, $in2_z+8*3(%rsp) + lea $Z2sqr(%rsp), $r_ptr # Z2^2 + call __ecp_nistz256_sqr_mont$x # p256_sqr_mont(Z2sqr, in2_z); + + pcmpeqd %xmm4, %xmm5 + pshufd \$0xb1, %xmm3, %xmm4 + por %xmm3, %xmm4 + pshufd \$0, %xmm5, %xmm5 # in1infty + pshufd \$0x1e, %xmm4, %xmm3 + por %xmm3, %xmm4 + pxor %xmm3, %xmm3 + pcmpeqd %xmm3, %xmm4 + pshufd \$0, %xmm4, %xmm4 # in2infty + mov 0x40+8*0($b_ptr), $src0 # load original in1_z + mov 0x40+8*1($b_ptr), $acc6 + mov 0x40+8*2($b_ptr), $acc7 + mov 0x40+8*3($b_ptr), $acc0 + movq $b_ptr, %xmm1 + + lea 0x40-$bias($b_ptr), $a_ptr + lea $Z1sqr(%rsp), $r_ptr # Z1^2 + call __ecp_nistz256_sqr_mont$x # p256_sqr_mont(Z1sqr, in1_z); + + `&load_for_mul("$Z2sqr(%rsp)", "$in2_z(%rsp)", "$src0")` + lea $S1(%rsp), $r_ptr # S1 = Z2^3 + call __ecp_nistz256_mul_mont$x # p256_mul_mont(S1, Z2sqr, in2_z); + + `&load_for_mul("$Z1sqr(%rsp)", "$in1_z(%rsp)", "$src0")` + lea $S2(%rsp), $r_ptr # S2 = Z1^3 + call __ecp_nistz256_mul_mont$x # p256_mul_mont(S2, Z1sqr, in1_z); + + `&load_for_mul("$S1(%rsp)", "$in1_y(%rsp)", "$src0")` + lea $S1(%rsp), $r_ptr # S1 = Y1*Z2^3 + call __ecp_nistz256_mul_mont$x # p256_mul_mont(S1, S1, in1_y); + + `&load_for_mul("$S2(%rsp)", "$in2_y(%rsp)", "$src0")` + lea $S2(%rsp), $r_ptr # S2 = Y2*Z1^3 + call __ecp_nistz256_mul_mont$x # p256_mul_mont(S2, S2, in2_y); + + lea $S1(%rsp), $b_ptr + lea $R(%rsp), $r_ptr # R = S2 - S1 + call __ecp_nistz256_sub_from$x # p256_sub(R, S2, S1); + + or $acc5, $acc4 # see if result is zero + movdqa %xmm4, %xmm2 + or $acc0, $acc4 + or $acc1, $acc4 + por %xmm5, %xmm2 # in1infty || in2infty + movq $acc4, %xmm3 + + `&load_for_mul("$Z2sqr(%rsp)", "$in1_x(%rsp)", "$src0")` + lea $U1(%rsp), $r_ptr # U1 = X1*Z2^2 + call __ecp_nistz256_mul_mont$x # p256_mul_mont(U1, in1_x, Z2sqr); + + `&load_for_mul("$Z1sqr(%rsp)", "$in2_x(%rsp)", "$src0")` + lea $U2(%rsp), $r_ptr # U2 = X2*Z1^2 + call __ecp_nistz256_mul_mont$x # p256_mul_mont(U2, in2_x, Z1sqr); + + lea $U1(%rsp), $b_ptr + lea $H(%rsp), $r_ptr # H = U2 - U1 + call __ecp_nistz256_sub_from$x # p256_sub(H, U2, U1); + + or $acc5, $acc4 # see if result is zero + or $acc0, $acc4 + or $acc1, $acc4 + + .byte 0x3e # predict taken + jnz .Ladd_proceed$x # is_equal(U1,U2)? + movq %xmm2, $acc0 + movq %xmm3, $acc1 + test $acc0, $acc0 + jnz .Ladd_proceed$x # (in1infty || in2infty)? + test $acc1, $acc1 + jz .Ladd_double$x # is_equal(S1,S2)? + + movq %xmm0, $r_ptr # restore $r_ptr + pxor %xmm0, %xmm0 + movdqu %xmm0, 0x00($r_ptr) + movdqu %xmm0, 0x10($r_ptr) + movdqu %xmm0, 0x20($r_ptr) + movdqu %xmm0, 0x30($r_ptr) + movdqu %xmm0, 0x40($r_ptr) + movdqu %xmm0, 0x50($r_ptr) + jmp .Ladd_done$x + +.align 32 +.Ladd_double$x: + movq %xmm1, $a_ptr # restore $a_ptr + movq %xmm0, $r_ptr # restore $r_ptr + add \$`32*(18-5)`, %rsp # difference in frame sizes + jmp .Lpoint_double_shortcut$x + +.align 32 +.Ladd_proceed$x: + `&load_for_sqr("$R(%rsp)", "$src0")` + lea $Rsqr(%rsp), $r_ptr # R^2 + call __ecp_nistz256_sqr_mont$x # p256_sqr_mont(Rsqr, R); + + `&load_for_mul("$H(%rsp)", "$in1_z(%rsp)", "$src0")` + lea $res_z(%rsp), $r_ptr # Z3 = H*Z1*Z2 + call __ecp_nistz256_mul_mont$x # p256_mul_mont(res_z, H, in1_z); + + `&load_for_sqr("$H(%rsp)", "$src0")` + lea $Hsqr(%rsp), $r_ptr # H^2 + call __ecp_nistz256_sqr_mont$x # p256_sqr_mont(Hsqr, H); + + `&load_for_mul("$res_z(%rsp)", "$in2_z(%rsp)", "$src0")` + lea $res_z(%rsp), $r_ptr # Z3 = H*Z1*Z2 + call __ecp_nistz256_mul_mont$x # p256_mul_mont(res_z, res_z, in2_z); + + `&load_for_mul("$Hsqr(%rsp)", "$H(%rsp)", "$src0")` + lea $Hcub(%rsp), $r_ptr # H^3 + call __ecp_nistz256_mul_mont$x # p256_mul_mont(Hcub, Hsqr, H); + + `&load_for_mul("$Hsqr(%rsp)", "$U1(%rsp)", "$src0")` + lea $U2(%rsp), $r_ptr # U1*H^2 + call __ecp_nistz256_mul_mont$x # p256_mul_mont(U2, U1, Hsqr); +___ +{ +####################################################################### +# operate in 4-5-0-1 "name space" that matches multiplication output +# +my ($acc0,$acc1,$acc2,$acc3,$t3,$t4)=($acc4,$acc5,$acc0,$acc1,$acc2,$acc3); +my ($poly1, $poly3)=($acc6,$acc7); + +$code.=<<___; + #lea $U2(%rsp), $a_ptr + #lea $Hsqr(%rsp), $r_ptr # 2*U1*H^2 + #call __ecp_nistz256_mul_by_2 # ecp_nistz256_mul_by_2(Hsqr, U2); + + add $acc0, $acc0 # a0:a3+a0:a3 + lea $Rsqr(%rsp), $a_ptr + adc $acc1, $acc1 + mov $acc0, $t0 + adc $acc2, $acc2 + adc $acc3, $acc3 + mov $acc1, $t1 + sbb $t4, $t4 + + sub \$-1, $acc0 + mov $acc2, $t2 + sbb $poly1, $acc1 + sbb \$0, $acc2 + mov $acc3, $t3 + sbb $poly3, $acc3 + test $t4, $t4 + + cmovz $t0, $acc0 + mov 8*0($a_ptr), $t0 + cmovz $t1, $acc1 + mov 8*1($a_ptr), $t1 + cmovz $t2, $acc2 + mov 8*2($a_ptr), $t2 + cmovz $t3, $acc3 + mov 8*3($a_ptr), $t3 + + call __ecp_nistz256_sub$x # p256_sub(res_x, Rsqr, Hsqr); + + lea $Hcub(%rsp), $b_ptr + lea $res_x(%rsp), $r_ptr + call __ecp_nistz256_sub_from$x # p256_sub(res_x, res_x, Hcub); + + mov $U2+8*0(%rsp), $t0 + mov $U2+8*1(%rsp), $t1 + mov $U2+8*2(%rsp), $t2 + mov $U2+8*3(%rsp), $t3 + lea $res_y(%rsp), $r_ptr + + call __ecp_nistz256_sub$x # p256_sub(res_y, U2, res_x); + + mov $acc0, 8*0($r_ptr) # save the result, as + mov $acc1, 8*1($r_ptr) # __ecp_nistz256_sub doesn't + mov $acc2, 8*2($r_ptr) + mov $acc3, 8*3($r_ptr) +___ +} +$code.=<<___; + `&load_for_mul("$S1(%rsp)", "$Hcub(%rsp)", "$src0")` + lea $S2(%rsp), $r_ptr + call __ecp_nistz256_mul_mont$x # p256_mul_mont(S2, S1, Hcub); + + `&load_for_mul("$R(%rsp)", "$res_y(%rsp)", "$src0")` + lea $res_y(%rsp), $r_ptr + call __ecp_nistz256_mul_mont$x # p256_mul_mont(res_y, R, res_y); + + lea $S2(%rsp), $b_ptr + lea $res_y(%rsp), $r_ptr + call __ecp_nistz256_sub_from$x # p256_sub(res_y, res_y, S2); + + movq %xmm0, $r_ptr # restore $r_ptr + + movdqa %xmm5, %xmm0 # copy_conditional(res_z, in2_z, in1infty); + movdqa %xmm5, %xmm1 + pandn $res_z(%rsp), %xmm0 + movdqa %xmm5, %xmm2 + pandn $res_z+0x10(%rsp), %xmm1 + movdqa %xmm5, %xmm3 + pand $in2_z(%rsp), %xmm2 + pand $in2_z+0x10(%rsp), %xmm3 + por %xmm0, %xmm2 + por %xmm1, %xmm3 + + movdqa %xmm4, %xmm0 # copy_conditional(res_z, in1_z, in2infty); + movdqa %xmm4, %xmm1 + pandn %xmm2, %xmm0 + movdqa %xmm4, %xmm2 + pandn %xmm3, %xmm1 + movdqa %xmm4, %xmm3 + pand $in1_z(%rsp), %xmm2 + pand $in1_z+0x10(%rsp), %xmm3 + por %xmm0, %xmm2 + por %xmm1, %xmm3 + movdqu %xmm2, 0x40($r_ptr) + movdqu %xmm3, 0x50($r_ptr) + + movdqa %xmm5, %xmm0 # copy_conditional(res_x, in2_x, in1infty); + movdqa %xmm5, %xmm1 + pandn $res_x(%rsp), %xmm0 + movdqa %xmm5, %xmm2 + pandn $res_x+0x10(%rsp), %xmm1 + movdqa %xmm5, %xmm3 + pand $in2_x(%rsp), %xmm2 + pand $in2_x+0x10(%rsp), %xmm3 + por %xmm0, %xmm2 + por %xmm1, %xmm3 + + movdqa %xmm4, %xmm0 # copy_conditional(res_x, in1_x, in2infty); + movdqa %xmm4, %xmm1 + pandn %xmm2, %xmm0 + movdqa %xmm4, %xmm2 + pandn %xmm3, %xmm1 + movdqa %xmm4, %xmm3 + pand $in1_x(%rsp), %xmm2 + pand $in1_x+0x10(%rsp), %xmm3 + por %xmm0, %xmm2 + por %xmm1, %xmm3 + movdqu %xmm2, 0x00($r_ptr) + movdqu %xmm3, 0x10($r_ptr) + + movdqa %xmm5, %xmm0 # copy_conditional(res_y, in2_y, in1infty); + movdqa %xmm5, %xmm1 + pandn $res_y(%rsp), %xmm0 + movdqa %xmm5, %xmm2 + pandn $res_y+0x10(%rsp), %xmm1 + movdqa %xmm5, %xmm3 + pand $in2_y(%rsp), %xmm2 + pand $in2_y+0x10(%rsp), %xmm3 + por %xmm0, %xmm2 + por %xmm1, %xmm3 + + movdqa %xmm4, %xmm0 # copy_conditional(res_y, in1_y, in2infty); + movdqa %xmm4, %xmm1 + pandn %xmm2, %xmm0 + movdqa %xmm4, %xmm2 + pandn %xmm3, %xmm1 + movdqa %xmm4, %xmm3 + pand $in1_y(%rsp), %xmm2 + pand $in1_y+0x10(%rsp), %xmm3 + por %xmm0, %xmm2 + por %xmm1, %xmm3 + movdqu %xmm2, 0x20($r_ptr) + movdqu %xmm3, 0x30($r_ptr) + +.Ladd_done$x: + add \$32*18+8, %rsp + pop %r15 + pop %r14 + pop %r13 + pop %r12 + pop %rbx + pop %rbp + ret +.size ecp_nistz256_point_add$sfx,.-ecp_nistz256_point_add$sfx +___ +} +&gen_add("q"); + +sub gen_add_affine () { + my $x = shift; + my ($src0,$sfx,$bias); + my ($U2,$S2,$H,$R,$Hsqr,$Hcub,$Rsqr, + $res_x,$res_y,$res_z, + $in1_x,$in1_y,$in1_z, + $in2_x,$in2_y)=map(32*$_,(0..14)); + my $Z1sqr = $S2; + + if ($x ne "x") { + $src0 = "%rax"; + $sfx = ""; + $bias = 0; + +$code.=<<___; +.globl ecp_nistz256_point_add_affine +.type ecp_nistz256_point_add_affine,\@function,3 +.align 32 +ecp_nistz256_point_add_affine: +___ + } else { + $src0 = "%rdx"; + $sfx = "x"; + $bias = 128; + } +$code.=<<___; + push %rbp + push %rbx + push %r12 + push %r13 + push %r14 + push %r15 + sub \$32*15+8, %rsp + + movdqu 0x00($a_ptr), %xmm0 # copy *(P256_POINT *)$a_ptr + mov $b_org, $b_ptr # reassign + movdqu 0x10($a_ptr), %xmm1 + movdqu 0x20($a_ptr), %xmm2 + movdqu 0x30($a_ptr), %xmm3 + movdqu 0x40($a_ptr), %xmm4 + movdqu 0x50($a_ptr), %xmm5 + mov 0x40+8*0($a_ptr), $src0 # load original in1_z + mov 0x40+8*1($a_ptr), $acc6 + mov 0x40+8*2($a_ptr), $acc7 + mov 0x40+8*3($a_ptr), $acc0 + movdqa %xmm0, $in1_x(%rsp) + movdqa %xmm1, $in1_x+0x10(%rsp) + por %xmm0, %xmm1 + movdqa %xmm2, $in1_y(%rsp) + movdqa %xmm3, $in1_y+0x10(%rsp) + por %xmm2, %xmm3 + movdqa %xmm4, $in1_z(%rsp) + movdqa %xmm5, $in1_z+0x10(%rsp) + por %xmm1, %xmm3 + + movdqu 0x00($b_ptr), %xmm0 # copy *(P256_POINT_AFFINE *)$b_ptr + pshufd \$0xb1, %xmm3, %xmm5 + movdqu 0x10($b_ptr), %xmm1 + movdqu 0x20($b_ptr), %xmm2 + por %xmm3, %xmm5 + movdqu 0x30($b_ptr), %xmm3 + movdqa %xmm0, $in2_x(%rsp) + pshufd \$0x1e, %xmm5, %xmm4 + movdqa %xmm1, $in2_x+0x10(%rsp) + por %xmm0, %xmm1 + movq $r_ptr, %xmm0 # save $r_ptr + movdqa %xmm2, $in2_y(%rsp) + movdqa %xmm3, $in2_y+0x10(%rsp) + por %xmm2, %xmm3 + por %xmm4, %xmm5 + pxor %xmm4, %xmm4 + por %xmm1, %xmm3 + + lea 0x40-$bias($a_ptr), $a_ptr # $a_ptr is still valid + lea $Z1sqr(%rsp), $r_ptr # Z1^2 + call __ecp_nistz256_sqr_mont$x # p256_sqr_mont(Z1sqr, in1_z); + + pcmpeqd %xmm4, %xmm5 + pshufd \$0xb1, %xmm3, %xmm4 + mov 0x00($b_ptr), $src0 # $b_ptr is still valid + #lea 0x00($b_ptr), $b_ptr + mov $acc4, $acc1 # harmonize sqr output and mul input + por %xmm3, %xmm4 + pshufd \$0, %xmm5, %xmm5 # in1infty + pshufd \$0x1e, %xmm4, %xmm3 + mov $acc5, $acc2 + por %xmm3, %xmm4 + pxor %xmm3, %xmm3 + mov $acc6, $acc3 + pcmpeqd %xmm3, %xmm4 + pshufd \$0, %xmm4, %xmm4 # in2infty + + lea $Z1sqr-$bias(%rsp), $a_ptr + mov $acc7, $acc4 + lea $U2(%rsp), $r_ptr # U2 = X2*Z1^2 + call __ecp_nistz256_mul_mont$x # p256_mul_mont(U2, Z1sqr, in2_x); + + lea $in1_x(%rsp), $b_ptr + lea $H(%rsp), $r_ptr # H = U2 - U1 + call __ecp_nistz256_sub_from$x # p256_sub(H, U2, in1_x); + + `&load_for_mul("$Z1sqr(%rsp)", "$in1_z(%rsp)", "$src0")` + lea $S2(%rsp), $r_ptr # S2 = Z1^3 + call __ecp_nistz256_mul_mont$x # p256_mul_mont(S2, Z1sqr, in1_z); + + `&load_for_mul("$H(%rsp)", "$in1_z(%rsp)", "$src0")` + lea $res_z(%rsp), $r_ptr # Z3 = H*Z1*Z2 + call __ecp_nistz256_mul_mont$x # p256_mul_mont(res_z, H, in1_z); + + `&load_for_mul("$S2(%rsp)", "$in2_y(%rsp)", "$src0")` + lea $S2(%rsp), $r_ptr # S2 = Y2*Z1^3 + call __ecp_nistz256_mul_mont$x # p256_mul_mont(S2, S2, in2_y); + + lea $in1_y(%rsp), $b_ptr + lea $R(%rsp), $r_ptr # R = S2 - S1 + call __ecp_nistz256_sub_from$x # p256_sub(R, S2, in1_y); + + `&load_for_sqr("$H(%rsp)", "$src0")` + lea $Hsqr(%rsp), $r_ptr # H^2 + call __ecp_nistz256_sqr_mont$x # p256_sqr_mont(Hsqr, H); + + `&load_for_sqr("$R(%rsp)", "$src0")` + lea $Rsqr(%rsp), $r_ptr # R^2 + call __ecp_nistz256_sqr_mont$x # p256_sqr_mont(Rsqr, R); + + `&load_for_mul("$H(%rsp)", "$Hsqr(%rsp)", "$src0")` + lea $Hcub(%rsp), $r_ptr # H^3 + call __ecp_nistz256_mul_mont$x # p256_mul_mont(Hcub, Hsqr, H); + + `&load_for_mul("$Hsqr(%rsp)", "$in1_x(%rsp)", "$src0")` + lea $U2(%rsp), $r_ptr # U1*H^2 + call __ecp_nistz256_mul_mont$x # p256_mul_mont(U2, in1_x, Hsqr); +___ +{ +####################################################################### +# operate in 4-5-0-1 "name space" that matches multiplication output +# +my ($acc0,$acc1,$acc2,$acc3,$t3,$t4)=($acc4,$acc5,$acc0,$acc1,$acc2,$acc3); +my ($poly1, $poly3)=($acc6,$acc7); + +$code.=<<___; + #lea $U2(%rsp), $a_ptr + #lea $Hsqr(%rsp), $r_ptr # 2*U1*H^2 + #call __ecp_nistz256_mul_by_2 # ecp_nistz256_mul_by_2(Hsqr, U2); + + add $acc0, $acc0 # a0:a3+a0:a3 + lea $Rsqr(%rsp), $a_ptr + adc $acc1, $acc1 + mov $acc0, $t0 + adc $acc2, $acc2 + adc $acc3, $acc3 + mov $acc1, $t1 + sbb $t4, $t4 + + sub \$-1, $acc0 + mov $acc2, $t2 + sbb $poly1, $acc1 + sbb \$0, $acc2 + mov $acc3, $t3 + sbb $poly3, $acc3 + test $t4, $t4 + + cmovz $t0, $acc0 + mov 8*0($a_ptr), $t0 + cmovz $t1, $acc1 + mov 8*1($a_ptr), $t1 + cmovz $t2, $acc2 + mov 8*2($a_ptr), $t2 + cmovz $t3, $acc3 + mov 8*3($a_ptr), $t3 + + call __ecp_nistz256_sub$x # p256_sub(res_x, Rsqr, Hsqr); + + lea $Hcub(%rsp), $b_ptr + lea $res_x(%rsp), $r_ptr + call __ecp_nistz256_sub_from$x # p256_sub(res_x, res_x, Hcub); + + mov $U2+8*0(%rsp), $t0 + mov $U2+8*1(%rsp), $t1 + mov $U2+8*2(%rsp), $t2 + mov $U2+8*3(%rsp), $t3 + lea $H(%rsp), $r_ptr + + call __ecp_nistz256_sub$x # p256_sub(H, U2, res_x); + + mov $acc0, 8*0($r_ptr) # save the result, as + mov $acc1, 8*1($r_ptr) # __ecp_nistz256_sub doesn't + mov $acc2, 8*2($r_ptr) + mov $acc3, 8*3($r_ptr) +___ +} +$code.=<<___; + `&load_for_mul("$Hcub(%rsp)", "$in1_y(%rsp)", "$src0")` + lea $S2(%rsp), $r_ptr + call __ecp_nistz256_mul_mont$x # p256_mul_mont(S2, Hcub, in1_y); + + `&load_for_mul("$H(%rsp)", "$R(%rsp)", "$src0")` + lea $H(%rsp), $r_ptr + call __ecp_nistz256_mul_mont$x # p256_mul_mont(H, H, R); + + lea $S2(%rsp), $b_ptr + lea $res_y(%rsp), $r_ptr + call __ecp_nistz256_sub_from$x # p256_sub(res_y, H, S2); + + movq %xmm0, $r_ptr # restore $r_ptr + + movdqa %xmm5, %xmm0 # copy_conditional(res_z, ONE, in1infty); + movdqa %xmm5, %xmm1 + pandn $res_z(%rsp), %xmm0 + movdqa %xmm5, %xmm2 + pandn $res_z+0x10(%rsp), %xmm1 + movdqa %xmm5, %xmm3 + pand .LONE_mont(%rip), %xmm2 + pand .LONE_mont+0x10(%rip), %xmm3 + por %xmm0, %xmm2 + por %xmm1, %xmm3 + + movdqa %xmm4, %xmm0 # copy_conditional(res_z, in1_z, in2infty); + movdqa %xmm4, %xmm1 + pandn %xmm2, %xmm0 + movdqa %xmm4, %xmm2 + pandn %xmm3, %xmm1 + movdqa %xmm4, %xmm3 + pand $in1_z(%rsp), %xmm2 + pand $in1_z+0x10(%rsp), %xmm3 + por %xmm0, %xmm2 + por %xmm1, %xmm3 + movdqu %xmm2, 0x40($r_ptr) + movdqu %xmm3, 0x50($r_ptr) + + movdqa %xmm5, %xmm0 # copy_conditional(res_x, in2_x, in1infty); + movdqa %xmm5, %xmm1 + pandn $res_x(%rsp), %xmm0 + movdqa %xmm5, %xmm2 + pandn $res_x+0x10(%rsp), %xmm1 + movdqa %xmm5, %xmm3 + pand $in2_x(%rsp), %xmm2 + pand $in2_x+0x10(%rsp), %xmm3 + por %xmm0, %xmm2 + por %xmm1, %xmm3 + + movdqa %xmm4, %xmm0 # copy_conditional(res_x, in1_x, in2infty); + movdqa %xmm4, %xmm1 + pandn %xmm2, %xmm0 + movdqa %xmm4, %xmm2 + pandn %xmm3, %xmm1 + movdqa %xmm4, %xmm3 + pand $in1_x(%rsp), %xmm2 + pand $in1_x+0x10(%rsp), %xmm3 + por %xmm0, %xmm2 + por %xmm1, %xmm3 + movdqu %xmm2, 0x00($r_ptr) + movdqu %xmm3, 0x10($r_ptr) + + movdqa %xmm5, %xmm0 # copy_conditional(res_y, in2_y, in1infty); + movdqa %xmm5, %xmm1 + pandn $res_y(%rsp), %xmm0 + movdqa %xmm5, %xmm2 + pandn $res_y+0x10(%rsp), %xmm1 + movdqa %xmm5, %xmm3 + pand $in2_y(%rsp), %xmm2 + pand $in2_y+0x10(%rsp), %xmm3 + por %xmm0, %xmm2 + por %xmm1, %xmm3 + + movdqa %xmm4, %xmm0 # copy_conditional(res_y, in1_y, in2infty); + movdqa %xmm4, %xmm1 + pandn %xmm2, %xmm0 + movdqa %xmm4, %xmm2 + pandn %xmm3, %xmm1 + movdqa %xmm4, %xmm3 + pand $in1_y(%rsp), %xmm2 + pand $in1_y+0x10(%rsp), %xmm3 + por %xmm0, %xmm2 + por %xmm1, %xmm3 + movdqu %xmm2, 0x20($r_ptr) + movdqu %xmm3, 0x30($r_ptr) + + add \$32*15+8, %rsp + pop %r15 + pop %r14 + pop %r13 + pop %r12 + pop %rbx + pop %rbp + ret +.size ecp_nistz256_point_add_affine$sfx,.-ecp_nistz256_point_add_affine$sfx +___ +} +&gen_add_affine("q"); + +}}} + +$code =~ s/\`([^\`]*)\`/eval $1/gem; +print $code; +close STDOUT; diff --git a/src/lib/libcrypto/ec/ec.h b/src/lib/libcrypto/ec/ec.h index a52d4edf141..792db09a9af 100644 --- a/src/lib/libcrypto/ec/ec.h +++ b/src/lib/libcrypto/ec/ec.h @@ -1,6 +1,13 @@ -/* crypto/ec/ec.h */ +/* $OpenBSD: ec.h,v 1.16 2019/01/19 01:17:41 tb Exp $ */ +/* + * Originally written by Bodo Moeller for the OpenSSL project. + */ +/** + * \file crypto/ec/ec.h Include file for the OpenSSL EC functions + * \author Originally written by Bodo Moeller for the OpenSSL project + */ /* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -52,26 +59,57 @@ * Hudson (tjh@cryptsoft.com). * */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * Portions of the attached software ("Contribution") are developed by + * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. + * + * The Contribution is licensed pursuant to the OpenSSL open source + * license provided above. + * + * The elliptic curve binary polynomial software is originally written by + * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. + * + */ #ifndef HEADER_EC_H #define HEADER_EC_H +#include + #ifdef OPENSSL_NO_EC #error EC is disabled. #endif +#include +#ifndef OPENSSL_NO_DEPRECATED #include -#include +#endif #ifdef __cplusplus extern "C" { +#elif defined(__SUNPRO_C) +# if __SUNPRO_C >= 0x520 +# pragma error_messages (off,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE) +# endif #endif + +#ifndef OPENSSL_ECC_MAX_FIELD_BITS +# define OPENSSL_ECC_MAX_FIELD_BITS 661 +#endif +/** Enum for the point conversion form as defined in X9.62 (ECDSA) + * for the encoding of a elliptic curve point (x,y) */ typedef enum { - /* values as defined in X9.62 (ECDSA) and elsewhere */ + /** the point is encoded as z||x, where the octet z specifies + * which solution of the quadratic equation y is */ POINT_CONVERSION_COMPRESSED = 2, + /** the point is encoded as z||x||y, where z is the octet 0x02 */ POINT_CONVERSION_UNCOMPRESSED = 4, + /** the point is encoded as z||x||y, where the octet z specifies + * which solution of the quadratic equation y is */ POINT_CONVERSION_HYBRID = 6 } point_conversion_form_t; @@ -84,89 +122,903 @@ typedef struct ec_group_st -- field definition -- curve coefficients -- optional generator with associated information (order, cofactor) - -- optional extra data (TODO: precomputed table for fast computation of multiples of generator) + -- optional extra data (precomputed table for fast computation of multiples of generator) + -- ASN1 stuff */ EC_GROUP; typedef struct ec_point_st EC_POINT; -/* EC_METHODs for curves over GF(p). - * EC_GFp_simple_method provides the basis for the optimized methods. +/********************************************************************/ +/* EC_METHODs for curves over GF(p) */ +/********************************************************************/ + +/** Returns the basic GFp ec methods which provides the basis for the + * optimized methods. + * \return EC_METHOD object */ const EC_METHOD *EC_GFp_simple_method(void); + +/** Returns GFp methods using montgomery multiplication. + * \return EC_METHOD object + */ const EC_METHOD *EC_GFp_mont_method(void); -#if 0 -const EC_METHOD *EC_GFp_recp_method(void); /* TODO */ -const EC_METHOD *EC_GFp_nist_method(void); /* TODO */ + +/** Returns GFp methods using optimized methods for NIST recommended curves + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_nist_method(void); + +#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 +/** Returns 64-bit optimized methods for nistp224 + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_nistp224_method(void); + +/** Returns 64-bit optimized methods for nistp256 + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_nistp256_method(void); + +/** Returns 64-bit optimized methods for nistp521 + * \return EC_METHOD object + */ +const EC_METHOD *EC_GFp_nistp521_method(void); +#endif + +#ifndef OPENSSL_NO_EC2M +/********************************************************************/ +/* EC_METHOD for curves over GF(2^m) */ +/********************************************************************/ + +/** Returns the basic GF2m ec method + * \return EC_METHOD object + */ +const EC_METHOD *EC_GF2m_simple_method(void); + #endif -EC_GROUP *EC_GROUP_new(const EC_METHOD *); -void EC_GROUP_free(EC_GROUP *); -void EC_GROUP_clear_free(EC_GROUP *); -int EC_GROUP_copy(EC_GROUP *, const EC_GROUP *); +/********************************************************************/ +/* EC_GROUP functions */ +/********************************************************************/ + +/** Creates a new EC_GROUP object + * \param meth EC_METHOD to use + * \return newly created EC_GROUP object or NULL in case of an error. + */ +EC_GROUP *EC_GROUP_new(const EC_METHOD *meth); + +/** Frees a EC_GROUP object + * \param group EC_GROUP object to be freed. + */ +void EC_GROUP_free(EC_GROUP *group); + +/** Clears and frees a EC_GROUP object + * \param group EC_GROUP object to be cleared and freed. + */ +void EC_GROUP_clear_free(EC_GROUP *group); + +/** Copies EC_GROUP objects. Note: both EC_GROUPs must use the same EC_METHOD. + * \param dst destination EC_GROUP object + * \param src source EC_GROUP object + * \return 1 on success and 0 if an error occurred. + */ +int EC_GROUP_copy(EC_GROUP *dst, const EC_GROUP *src); + +/** Creates a new EC_GROUP object and copies the copies the content + * form src to the newly created EC_KEY object + * \param src source EC_GROUP object + * \return newly created EC_GROUP object or NULL in case of an error. + */ +EC_GROUP *EC_GROUP_dup(const EC_GROUP *src); + +/** Returns the EC_METHOD of the EC_GROUP object. + * \param group EC_GROUP object + * \return EC_METHOD used in this EC_GROUP object. + */ +const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group); + +/** Returns the field type of the EC_METHOD. + * \param meth EC_METHOD object + * \return NID of the underlying field type OID. + */ +int EC_METHOD_get_field_type(const EC_METHOD *meth); + +/** Sets the generator and it's order/cofactor of a EC_GROUP object. + * \param group EC_GROUP object + * \param generator EC_POINT object with the generator. + * \param order the order of the group generated by the generator. + * \param cofactor the index of the sub-group generated by the generator + * in the group of all points on the elliptic curve. + * \return 1 on success and 0 if an error occured + */ +int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor); + +/** Returns the generator of a EC_GROUP object. + * \param group EC_GROUP object + * \return the currently used generator (possibly NULL). + */ +const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group); + +/** Gets the order of a EC_GROUP + * \param group EC_GROUP object + * \param order BIGNUM to which the order is copied + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx); + +/** Gets the cofactor of a EC_GROUP + * \param group EC_GROUP object + * \param cofactor BIGNUM to which the cofactor is copied + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx); + +/** Sets the name of a EC_GROUP object + * \param group EC_GROUP object + * \param nid NID of the curve name OID + */ +void EC_GROUP_set_curve_name(EC_GROUP *group, int nid); + +/** Returns the curve name of a EC_GROUP object + * \param group EC_GROUP object + * \return NID of the curve name OID or 0 if not set. + */ +int EC_GROUP_get_curve_name(const EC_GROUP *group); + +void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag); +int EC_GROUP_get_asn1_flag(const EC_GROUP *group); + +void EC_GROUP_set_point_conversion_form(EC_GROUP *group, point_conversion_form_t form); +point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *); + +unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x); +size_t EC_GROUP_get_seed_len(const EC_GROUP *); +size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len); + +/** Sets the parameter of a ec over GFp defined by y^2 = x^3 + a*x + b + * \param group EC_GROUP object + * \param p BIGNUM with the prime number + * \param a BIGNUM with parameter a of the equation + * \param b BIGNUM with parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); + +/** Gets the parameter of the ec over GFp defined by y^2 = x^3 + a*x + b + * \param group EC_GROUP object + * \param p BIGNUM for the prime number + * \param a BIGNUM for parameter a of the equation + * \param b BIGNUM for parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); + +#ifndef OPENSSL_NO_EC2M +/** Sets the parameter of a ec over GF2m defined by y^2 + x*y = x^3 + a*x^2 + b + * \param group EC_GROUP object + * \param p BIGNUM with the polynomial defining the underlying field + * \param a BIGNUM with parameter a of the equation + * \param b BIGNUM with parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); + +/** Gets the parameter of the ec over GF2m defined by y^2 + x*y = x^3 + a*x^2 + b + * \param group EC_GROUP object + * \param p BIGNUM for the polynomial defining the underlying field + * \param a BIGNUM for parameter a of the equation + * \param b BIGNUM for parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); +#endif +/** Returns the number of bits needed to represent a field element + * \param group EC_GROUP object + * \return number of bits needed to represent a field element + */ +int EC_GROUP_get_degree(const EC_GROUP *group); -const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *); - +/** Checks whether the parameter in the EC_GROUP define a valid ec group + * \param group EC_GROUP object + * \param ctx BN_CTX object (optional) + * \return 1 if group is a valid ec group and 0 otherwise + */ +int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx); -/* We don't have types for field specifications and field elements in general. - * Otherwise we could declare - * int EC_GROUP_set_curve(EC_GROUP *, .....); +/** Checks whether the discriminant of the elliptic curve is zero or not + * \param group EC_GROUP object + * \param ctx BN_CTX object (optional) + * \return 1 if the discriminant is not zero and 0 otherwise */ -int EC_GROUP_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); -int EC_GROUP_get_curve_GFp(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *); +int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx); -/* EC_GROUP_new_GFp() calls EC_GROUP_new() and EC_GROUP_set_GFp() +/** Compares two EC_GROUP objects + * \param a first EC_GROUP object + * \param b second EC_GROUP object + * \param ctx BN_CTX object (optional) + * \return 0 if both groups are equal and 1 otherwise + */ +int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx); + +/* EC_GROUP_new_GF*() calls EC_GROUP_new() and EC_GROUP_set_GF*() * after choosing an appropriate EC_METHOD */ -EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); -int EC_GROUP_set_generator(EC_GROUP *, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor); -EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *); -int EC_GROUP_get_order(const EC_GROUP *, BIGNUM *order, BN_CTX *); -int EC_GROUP_get_cofactor(const EC_GROUP *, BIGNUM *cofactor, BN_CTX *); +/** Creates a new EC_GROUP object with the specified parameters defined + * over GFp (defined by the equation y^2 = x^3 + a*x + b) + * \param p BIGNUM with the prime number + * \param a BIGNUM with the parameter a of the equation + * \param b BIGNUM with the parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return newly created EC_GROUP object with the specified parameters + */ +EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); +#ifndef OPENSSL_NO_EC2M +/** Creates a new EC_GROUP object with the specified parameters defined + * over GF2m (defined by the equation y^2 + x*y = x^3 + a*x^2 + b) + * \param p BIGNUM with the polynomial defining the underlying field + * \param a BIGNUM with the parameter a of the equation + * \param b BIGNUM with the parameter b of the equation + * \param ctx BN_CTX object (optional) + * \return newly created EC_GROUP object with the specified parameters + */ +EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); +#endif +/** Creates a EC_GROUP object with a curve specified by a NID + * \param nid NID of the OID of the curve name + * \return newly created EC_GROUP object with specified curve or NULL + * if an error occurred + */ +EC_GROUP *EC_GROUP_new_by_curve_name(int nid); + + +/********************************************************************/ +/* handling of internal curves */ +/********************************************************************/ + +typedef struct { + int nid; + const char *comment; + } EC_builtin_curve; + +/* EC_builtin_curves(EC_builtin_curve *r, size_t size) returns number + * of all available curves or zero if a error occurred. + * In case r ist not zero nitems EC_builtin_curve structures + * are filled with the data of the first nitems internal groups */ +size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems); + +const char *EC_curve_nid2nist(int nid); +int EC_curve_nist2nid(const char *name); + +/********************************************************************/ +/* EC_POINT functions */ +/********************************************************************/ + +/** Creates a new EC_POINT object for the specified EC_GROUP + * \param group EC_GROUP the underlying EC_GROUP object + * \return newly created EC_POINT object or NULL if an error occurred + */ +EC_POINT *EC_POINT_new(const EC_GROUP *group); + +/** Frees a EC_POINT object + * \param point EC_POINT object to be freed + */ +void EC_POINT_free(EC_POINT *point); + +/** Clears and frees a EC_POINT object + * \param point EC_POINT object to be cleared and freed + */ +void EC_POINT_clear_free(EC_POINT *point); -EC_POINT *EC_POINT_new(const EC_GROUP *); -void EC_POINT_free(EC_POINT *); -void EC_POINT_clear_free(EC_POINT *); -int EC_POINT_copy(EC_POINT *, const EC_POINT *); +/** Copies EC_POINT object + * \param dst destination EC_POINT object + * \param src source EC_POINT object + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src); + +/** Creates a new EC_POINT object and copies the content of the supplied + * EC_POINT + * \param src source EC_POINT object + * \param group underlying the EC_GROUP object + * \return newly created EC_POINT object or NULL if an error occurred + */ +EC_POINT *EC_POINT_dup(const EC_POINT *src, const EC_GROUP *group); -const EC_METHOD *EC_POINT_method_of(const EC_POINT *); +/** Returns the EC_METHOD used in EC_POINT object + * \param point EC_POINT object + * \return the EC_METHOD used + */ +const EC_METHOD *EC_POINT_method_of(const EC_POINT *point); + +/** Sets a point to infinity (neutral element) + * \param group underlying EC_GROUP object + * \param point EC_POINT to set to infinity + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point); -int EC_POINT_set_to_infinity(const EC_GROUP *, EC_POINT *); -int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *, EC_POINT *, - const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *); -int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *, const EC_POINT *, - BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *); -int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *, EC_POINT *, - const BIGNUM *x, const BIGNUM *y, BN_CTX *); -int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *, const EC_POINT *, - BIGNUM *x, BIGNUM *y, BN_CTX *); -int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *, EC_POINT *, - const BIGNUM *x, int y_bit, BN_CTX *); +/** Sets the jacobian projective coordinates of a EC_POINT over GFp + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with the x-coordinate + * \param y BIGNUM with the y-coordinate + * \param z BIGNUM with the z-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx); -size_t EC_POINT_point2oct(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form, - unsigned char *buf, size_t len, BN_CTX *); -int EC_POINT_oct2point(const EC_GROUP *, EC_POINT *, - const unsigned char *buf, size_t len, BN_CTX *); +/** Gets the jacobian projective coordinates of a EC_POINT over GFp + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM for the x-coordinate + * \param y BIGNUM for the y-coordinate + * \param z BIGNUM for the z-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, + const EC_POINT *p, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx); + +/** Sets the affine coordinates of a EC_POINT over GFp + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with the x-coordinate + * \param y BIGNUM with the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx); + +/** Gets the affine coordinates of a EC_POINT over GFp + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM for the x-coordinate + * \param y BIGNUM for the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, + const EC_POINT *p, BIGNUM *x, BIGNUM *y, BN_CTX *ctx); + +/** Sets the x9.62 compressed coordinates of a EC_POINT over GFp + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with x-coordinate + * \param y_bit integer with the y-Bit (either 0 or 1) + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, int y_bit, BN_CTX *ctx); +#ifndef OPENSSL_NO_EC2M +/** Sets the affine coordinates of a EC_POINT over GF2m + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with the x-coordinate + * \param y BIGNUM with the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx); + +/** Gets the affine coordinates of a EC_POINT over GF2m + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM for the x-coordinate + * \param y BIGNUM for the y-coordinate + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, + const EC_POINT *p, BIGNUM *x, BIGNUM *y, BN_CTX *ctx); + +/** Sets the x9.62 compressed coordinates of a EC_POINT over GF2m + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param x BIGNUM with x-coordinate + * \param y_bit integer with the y-Bit (either 0 or 1) + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p, + const BIGNUM *x, int y_bit, BN_CTX *ctx); +#endif +/** Encodes a EC_POINT object to a octet string + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param form point conversion form + * \param buf memory buffer for the result. If NULL the function returns + * required buffer size. + * \param len length of the memory buffer + * \param ctx BN_CTX object (optional) + * \return the length of the encoded octet string or 0 if an error occurred + */ +size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p, + point_conversion_form_t form, + unsigned char *buf, size_t len, BN_CTX *ctx); + +/** Decodes a EC_POINT from a octet string + * \param group underlying EC_GROUP object + * \param p EC_POINT object + * \param buf memory buffer with the encoded ec point + * \param len length of the encoded ec point + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p, + const unsigned char *buf, size_t len, BN_CTX *ctx); -int EC_POINT_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *); -int EC_POINT_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *); -int EC_POINT_invert(const EC_GROUP *, EC_POINT *, BN_CTX *); +/* other interfaces to point2oct/oct2point: */ +BIGNUM *EC_POINT_point2bn(const EC_GROUP *, const EC_POINT *, + point_conversion_form_t form, BIGNUM *, BN_CTX *); +EC_POINT *EC_POINT_bn2point(const EC_GROUP *, const BIGNUM *, + EC_POINT *, BN_CTX *); +char *EC_POINT_point2hex(const EC_GROUP *, const EC_POINT *, + point_conversion_form_t form, BN_CTX *); +EC_POINT *EC_POINT_hex2point(const EC_GROUP *, const char *, + EC_POINT *, BN_CTX *); + + +/********************************************************************/ +/* functions for doing EC_POINT arithmetic */ +/********************************************************************/ + +/** Computes the sum of two EC_POINT + * \param group underlying EC_GROUP object + * \param r EC_POINT object for the result (r = a + b) + * \param a EC_POINT object with the first summand + * \param b EC_POINT object with the second summand + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx); + +/** Computes the double of a EC_POINT + * \param group underlying EC_GROUP object + * \param r EC_POINT object for the result (r = 2 * a) + * \param a EC_POINT object + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx); + +/** Computes the inverse of a EC_POINT + * \param group underlying EC_GROUP object + * \param a EC_POINT object to be inverted (it's used for the result as well) + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx); + +/** Checks whether the point is the neutral element of the group + * \param group the underlying EC_GROUP object + * \param p EC_POINT object + * \return 1 if the point is the neutral element and 0 otherwise + */ +int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *p); + +/** Checks whether the point is on the curve + * \param group underlying EC_GROUP object + * \param point EC_POINT object to check + * \param ctx BN_CTX object (optional) + * \return 1 if point if on the curve and 0 otherwise + */ +int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx); + +/** Compares two EC_POINTs + * \param group underlying EC_GROUP object + * \param a first EC_POINT object + * \param b second EC_POINT object + * \param ctx BN_CTX object (optional) + * \return 0 if both points are equal and a value != 0 otherwise + */ +int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx); + +int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx); +int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx); + +/** Computes r = generator * n sum_{i=0}^num p[i] * m[i] + * \param group underlying EC_GROUP object + * \param r EC_POINT object for the result + * \param n BIGNUM with the multiplier for the group generator (optional) + * \param num number futher summands + * \param p array of size num of EC_POINT objects + * \param m array of size num of BIGNUM objects + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, size_t num, const EC_POINT *p[], const BIGNUM *m[], BN_CTX *ctx); + +/** Computes r = generator * n + q * m + * \param group underlying EC_GROUP object + * \param r EC_POINT object for the result + * \param n BIGNUM with the multiplier for the group generator (optional) + * \param q EC_POINT object with the first factor of the second summand + * \param m BIGNUM with the second factor of the second summand + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx); + +/** Stores multiples of generator for faster point multiplication + * \param group EC_GROUP object + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occured + */ +int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx); + +/** Reports whether a precomputation has been done + * \param group EC_GROUP object + * \return 1 if a pre-computation has been done and 0 otherwise + */ +int EC_GROUP_have_precompute_mult(const EC_GROUP *group); + + +/********************************************************************/ +/* ASN1 stuff */ +/********************************************************************/ + +/* EC_GROUP_get_basis_type() returns the NID of the basis type + * used to represent the field elements */ +int EC_GROUP_get_basis_type(const EC_GROUP *); +#ifndef OPENSSL_NO_EC2M +int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k); +int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1, + unsigned int *k2, unsigned int *k3); +#endif + +#define OPENSSL_EC_NAMED_CURVE 0x001 + +typedef struct ecpk_parameters_st ECPKPARAMETERS; + +EC_GROUP *d2i_ECPKParameters(EC_GROUP **, const unsigned char **in, long len); +int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out); + +#define d2i_ECPKParameters_bio(bp,x) ASN1_d2i_bio_of(EC_GROUP,NULL,d2i_ECPKParameters,bp,x) +#define i2d_ECPKParameters_bio(bp,x) ASN1_i2d_bio_of_const(EC_GROUP,i2d_ECPKParameters,bp,x) +#define d2i_ECPKParameters_fp(fp,x) (EC_GROUP *)ASN1_d2i_fp(NULL, \ + (char *(*)())d2i_ECPKParameters,(fp),(unsigned char **)(x)) +#define i2d_ECPKParameters_fp(fp,x) ASN1_i2d_fp(i2d_ECPKParameters,(fp), \ + (unsigned char *)(x)) + +#ifndef OPENSSL_NO_BIO +int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off); +#endif +int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off); + + +/********************************************************************/ +/* EC_KEY functions */ +/********************************************************************/ + +typedef struct ec_key_st EC_KEY; +typedef struct ec_key_method_st EC_KEY_METHOD; + +/* some values for the encoding_flag */ +#define EC_PKEY_NO_PARAMETERS 0x001 +#define EC_PKEY_NO_PUBKEY 0x002 + +/* some values for the flags field */ +#define EC_FLAG_NON_FIPS_ALLOW 0x1 +#define EC_FLAG_FIPS_CHECKED 0x2 + +/** Creates a new EC_KEY object. + * \return EC_KEY object or NULL if an error occurred. + */ +EC_KEY *EC_KEY_new(void); + +int EC_KEY_get_flags(const EC_KEY *key); + +void EC_KEY_set_flags(EC_KEY *key, int flags); + +void EC_KEY_clear_flags(EC_KEY *key, int flags); + +/** Creates a new EC_KEY object using a named curve as underlying + * EC_GROUP object. + * \param nid NID of the named curve. + * \return EC_KEY object or NULL if an error occurred. + */ +EC_KEY *EC_KEY_new_by_curve_name(int nid); + +/** Frees a EC_KEY object. + * \param key EC_KEY object to be freed. + */ +void EC_KEY_free(EC_KEY *key); + +/** Copies a EC_KEY object. + * \param dst destination EC_KEY object + * \param src src EC_KEY object + * \return dst or NULL if an error occurred. + */ +EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src); + +/** Creates a new EC_KEY object and copies the content from src to it. + * \param src the source EC_KEY object + * \return newly created EC_KEY object or NULL if an error occurred. + */ +EC_KEY *EC_KEY_dup(const EC_KEY *src); + +/** Increases the internal reference count of a EC_KEY object. + * \param key EC_KEY object + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_up_ref(EC_KEY *key); + +/** Returns the EC_GROUP object of a EC_KEY object + * \param key EC_KEY object + * \return the EC_GROUP object (possibly NULL). + */ +const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key); + +/** Sets the EC_GROUP of a EC_KEY object. + * \param key EC_KEY object + * \param group EC_GROUP to use in the EC_KEY object (note: the EC_KEY + * object will use an own copy of the EC_GROUP). + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group); + +/** Returns the private key of a EC_KEY object. + * \param key EC_KEY object + * \return a BIGNUM with the private key (possibly NULL). + */ +const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key); + +/** Sets the private key of a EC_KEY object. + * \param key EC_KEY object + * \param prv BIGNUM with the private key (note: the EC_KEY object + * will use an own copy of the BIGNUM). + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv); + +/** Returns the public key of a EC_KEY object. + * \param key the EC_KEY object + * \return a EC_POINT object with the public key (possibly NULL) + */ +const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key); + +/** Sets the public key of a EC_KEY object. + * \param key EC_KEY object + * \param pub EC_POINT object with the public key (note: the EC_KEY object + * will use an own copy of the EC_POINT object). + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub); + +unsigned EC_KEY_get_enc_flags(const EC_KEY *key); +void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags); +point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key); +void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform); +/* functions to set/get method specific data */ +void *EC_KEY_get_key_method_data(EC_KEY *key, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); +/** Sets the key method data of an EC_KEY object, if none has yet been set. + * \param key EC_KEY object + * \param data opaque data to install. + * \param dup_func a function that duplicates |data|. + * \param free_func a function that frees |data|. + * \param clear_free_func a function that wipes and frees |data|. + * \return the previously set data pointer, or NULL if |data| was inserted. + */ +void *EC_KEY_insert_key_method_data(EC_KEY *key, void *data, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); +/* wrapper functions for the underlying EC_GROUP object */ +void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag); + +/** Creates a table of pre-computed multiples of the generator to + * accelerate further EC_KEY operations. + * \param key EC_KEY object + * \param ctx BN_CTX object (optional) + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx); + +/** Creates a new ec private (and optional a new public) key. + * \param key EC_KEY object + * \return 1 on success and 0 if an error occurred. + */ +int EC_KEY_generate_key(EC_KEY *key); + +/** Verifies that a private and/or public key is valid. + * \param key the EC_KEY object + * \return 1 on success and 0 otherwise. + */ +int EC_KEY_check_key(const EC_KEY *key); + +/** Sets a public key from affine coordindates performing + * neccessary NIST PKV tests. + * \param key the EC_KEY object + * \param x public key x coordinate + * \param y public key y coordinate + * \return 1 on success and 0 otherwise. + */ +int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, BIGNUM *y); + + +/********************************************************************/ +/* de- and encoding functions for SEC1 ECPrivateKey */ +/********************************************************************/ + +/** Decodes a private key from a memory buffer. + * \param key a pointer to a EC_KEY object which should be used (or NULL) + * \param in pointer to memory with the DER encoded private key + * \param len length of the DER encoded private key + * \return the decoded private key or NULL if an error occurred. + */ +EC_KEY *d2i_ECPrivateKey(EC_KEY **key, const unsigned char **in, long len); + +/** Encodes a private key object and stores the result in a buffer. + * \param key the EC_KEY object to encode + * \param out the buffer for the result (if NULL the function returns number + * of bytes needed). + * \return 1 on success and 0 if an error occurred. + */ +int i2d_ECPrivateKey(EC_KEY *key, unsigned char **out); + + +/********************************************************************/ +/* de- and encoding functions for EC parameters */ +/********************************************************************/ + +/** Decodes ec parameter from a memory buffer. + * \param key a pointer to a EC_KEY object which should be used (or NULL) + * \param in pointer to memory with the DER encoded ec parameters + * \param len length of the DER encoded ec parameters + * \return a EC_KEY object with the decoded parameters or NULL if an error + * occurred. + */ +EC_KEY *d2i_ECParameters(EC_KEY **key, const unsigned char **in, long len); + +/** Encodes ec parameter and stores the result in a buffer. + * \param key the EC_KEY object with ec paramters to encode + * \param out the buffer for the result (if NULL the function returns number + * of bytes needed). + * \return 1 on success and 0 if an error occurred. + */ +int i2d_ECParameters(EC_KEY *key, unsigned char **out); + + +/********************************************************************/ +/* de- and encoding functions for EC public key */ +/* (octet string, not DER -- hence 'o2i' and 'i2o') */ +/********************************************************************/ + +/** Decodes a ec public key from a octet string. + * \param key a pointer to a EC_KEY object which should be used + * \param in memory buffer with the encoded public key + * \param len length of the encoded public key + * \return EC_KEY object with decoded public key or NULL if an error + * occurred. + */ +EC_KEY *o2i_ECPublicKey(EC_KEY **key, const unsigned char **in, long len); + +/** Encodes a ec public key in an octet string. + * \param key the EC_KEY object with the public key + * \param out the buffer for the result (if NULL the function returns number + * of bytes needed). + * \return 1 on success and 0 if an error occurred + */ +int i2o_ECPublicKey(const EC_KEY *key, unsigned char **out); + +#ifndef OPENSSL_NO_BIO +/** Prints out the ec parameters on human readable form. + * \param bp BIO object to which the information is printed + * \param key EC_KEY object + * \return 1 on success and 0 if an error occurred + */ +int ECParameters_print(BIO *bp, const EC_KEY *key); + +/** Prints out the contents of a EC_KEY object + * \param bp BIO object to which the information is printed + * \param key EC_KEY object + * \param off line offset + * \return 1 on success and 0 if an error occurred + */ +int EC_KEY_print(BIO *bp, const EC_KEY *key, int off); + +#endif +/** Prints out the ec parameters on human readable form. + * \param fp file descriptor to which the information is printed + * \param key EC_KEY object + * \return 1 on success and 0 if an error occurred + */ +int ECParameters_print_fp(FILE *fp, const EC_KEY *key); + +/** Prints out the contents of a EC_KEY object + * \param fp file descriptor to which the information is printed + * \param key EC_KEY object + * \param off line offset + * \return 1 on success and 0 if an error occurred + */ +int EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off); + +#define EC_KEY_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_EC_KEY, l, p, newf, dupf, freef) +int EC_KEY_set_ex_data(EC_KEY *key, int idx, void *arg); +void *EC_KEY_get_ex_data(const EC_KEY *key, int idx); + +const EC_KEY_METHOD *EC_KEY_OpenSSL(void); +const EC_KEY_METHOD *EC_KEY_get_default_method(void); +void EC_KEY_set_default_method(const EC_KEY_METHOD *meth); +const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key); +int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth); +EC_KEY *EC_KEY_new_method(ENGINE *engine); +EC_KEY_METHOD *EC_KEY_METHOD_new(const EC_KEY_METHOD *meth); +void EC_KEY_METHOD_free(EC_KEY_METHOD *meth); +void EC_KEY_METHOD_set_init(EC_KEY_METHOD *meth, + int (*init)(EC_KEY *key), + void (*finish)(EC_KEY *key), + int (*copy)(EC_KEY *dest, const EC_KEY *src), + int (*set_group)(EC_KEY *key, const EC_GROUP *grp), + int (*set_private)(EC_KEY *key, const BIGNUM *priv_key), + int (*set_public)(EC_KEY *key, const EC_POINT *pub_key)); +void EC_KEY_METHOD_set_keygen(EC_KEY_METHOD *meth, + int (*keygen)(EC_KEY *key)); +void EC_KEY_METHOD_set_compute_key(EC_KEY_METHOD *meth, + int (*ckey)(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh, + void *(*KDF) (const void *in, size_t inlen, void *out, size_t *outlen))); +void EC_KEY_METHOD_get_init(const EC_KEY_METHOD *meth, + int (**pinit)(EC_KEY *key), + void (**pfinish)(EC_KEY *key), + int (**pcopy)(EC_KEY *dest, const EC_KEY *src), + int (**pset_group)(EC_KEY *key, const EC_GROUP *grp), + int (**pset_private)(EC_KEY *key, const BIGNUM *priv_key), + int (**pset_public)(EC_KEY *key, const EC_POINT *pub_key)); +void EC_KEY_METHOD_get_keygen(const EC_KEY_METHOD *meth, + int (**pkeygen)(EC_KEY *key)); +void EC_KEY_METHOD_get_compute_key(const EC_KEY_METHOD *meth, + int (**pck)(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh, + void *(*KDF) (const void *in, size_t inlen, void *out, size_t *outlen))); + +EC_KEY *ECParameters_dup(EC_KEY *key); + +#ifndef __cplusplus +#if defined(__SUNPRO_C) +# if __SUNPRO_C >= 0x520 +# pragma error_messages (default,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE) +# endif +# endif +#endif -int EC_POINT_is_at_infinity(const EC_GROUP *, const EC_POINT *); -int EC_POINT_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *); -int EC_POINT_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, BN_CTX *); +#define EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, EVP_PKEY_OP_PARAMGEN, \ + EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, nid, NULL) -int EC_POINT_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *); -int EC_POINTs_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *); +# define EVP_PKEY_CTX_set_sm2_uid(ctx, uid, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_SM2, EVP_PKEY_OP_TYPE_SIG, \ + EVP_PKEY_CTRL_SM2_SET_UID, len, (void*)(uid)) +# define EVP_PKEY_CTX_get_sm2_uid_len(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_SM2, EVP_PKEY_OP_TYPE_SIG, \ + EVP_PKEY_CTRL_SM2_GET_UID_LEN, 0, (void*)(len)) -int EC_POINTs_mul(const EC_GROUP *, EC_POINT *r, const BIGNUM *, size_t num, const EC_POINT *[], const BIGNUM *[], BN_CTX *); -int EC_POINT_mul(const EC_GROUP *, EC_POINT *r, const BIGNUM *, const EC_POINT *, const BIGNUM *, BN_CTX *); -int EC_GROUP_precompute_mult(EC_GROUP *, BN_CTX *); +# define EVP_PKEY_CTX_get_sm2_uid(ctx, uid) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_SM2, EVP_PKEY_OP_TYPE_SIG, \ + EVP_PKEY_CTRL_SM2_GET_UID, 0, (void*)(uid)) +# define EVP_PKEY_CTX_hash_sm2_uid(ctx) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_SM2, EVP_PKEY_OP_TYPE_SIG, \ + EVP_PKEY_CTRL_SM2_HASH_UID, 0, NULL) +#define EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID (EVP_PKEY_ALG_CTRL + 1) +#define EVP_PKEY_CTRL_SM2_SET_UID (EVP_PKEY_ALG_CTRL + 2) +#define EVP_PKEY_CTRL_SM2_GET_UID_LEN (EVP_PKEY_ALG_CTRL + 3) +#define EVP_PKEY_CTRL_SM2_GET_UID (EVP_PKEY_ALG_CTRL + 4) +#define EVP_PKEY_CTRL_SM2_HASH_UID (EVP_PKEY_ALG_CTRL + 5) /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes @@ -177,67 +1029,197 @@ void ERR_load_EC_strings(void); /* Error codes for the EC functions. */ /* Function codes. */ +#define EC_F_BN_TO_FELEM 224 #define EC_F_COMPUTE_WNAF 143 +#define EC_F_D2I_ECPARAMETERS 144 +#define EC_F_D2I_ECPKPARAMETERS 145 +#define EC_F_D2I_ECPRIVATEKEY 146 +#define EC_F_DO_EC_KEY_PRINT 221 +#define EC_F_ECKEY_PARAM2TYPE 223 +#define EC_F_ECKEY_PARAM_DECODE 212 +#define EC_F_ECKEY_PRIV_DECODE 213 +#define EC_F_ECKEY_PRIV_ENCODE 214 +#define EC_F_ECKEY_PUB_DECODE 215 +#define EC_F_ECKEY_PUB_ENCODE 216 +#define EC_F_ECKEY_TYPE2PARAM 220 +#define EC_F_ECPARAMETERS_PRINT 147 +#define EC_F_ECPARAMETERS_PRINT_FP 148 +#define EC_F_ECPKPARAMETERS_PRINT 149 +#define EC_F_ECPKPARAMETERS_PRINT_FP 150 +#define EC_F_ECP_NIST_MOD_192 203 +#define EC_F_ECP_NIST_MOD_224 204 +#define EC_F_ECP_NIST_MOD_256 205 +#define EC_F_ECP_NIST_MOD_521 206 +#define EC_F_ECP_NISTZ256_GET_AFFINE 240 +#define EC_F_ECP_NISTZ256_MULT_PRECOMPUTE 243 +#define EC_F_ECP_NISTZ256_POINTS_MUL 241 +#define EC_F_ECP_NISTZ256_PRE_COMP_NEW 244 +#define EC_F_ECP_NISTZ256_SET_WORDS 245 +#define EC_F_ECP_NISTZ256_WINDOWED_MUL 242 +#define EC_F_EC_ASN1_GROUP2CURVE 153 +#define EC_F_EC_ASN1_GROUP2FIELDID 154 +#define EC_F_EC_ASN1_GROUP2PARAMETERS 155 +#define EC_F_EC_ASN1_GROUP2PKPARAMETERS 156 +#define EC_F_EC_ASN1_PARAMETERS2GROUP 157 +#define EC_F_EC_ASN1_PKPARAMETERS2GROUP 158 +#define EC_F_EC_EX_DATA_SET_DATA 211 +#define EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY 208 +#define EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT 159 +#define EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE 195 +#define EC_F_EC_GF2M_SIMPLE_OCT2POINT 160 +#define EC_F_EC_GF2M_SIMPLE_POINT2OCT 161 +#define EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES 162 +#define EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES 163 +#define EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES 164 #define EC_F_EC_GFP_MONT_FIELD_DECODE 133 #define EC_F_EC_GFP_MONT_FIELD_ENCODE 134 #define EC_F_EC_GFP_MONT_FIELD_MUL 131 +#define EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE 209 #define EC_F_EC_GFP_MONT_FIELD_SQR 132 +#define EC_F_EC_GFP_MONT_GROUP_SET_CURVE 189 +#define EC_F_EC_GFP_MONT_GROUP_SET_CURVE_GFP 135 +#define EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE 225 +#define EC_F_EC_GFP_NISTP224_POINTS_MUL 228 +#define EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES 226 +#define EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE 230 +#define EC_F_EC_GFP_NISTP256_POINTS_MUL 231 +#define EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES 232 +#define EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE 233 +#define EC_F_EC_GFP_NISTP521_POINTS_MUL 234 +#define EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES 235 +#define EC_F_EC_GFP_NIST_FIELD_MUL 200 +#define EC_F_EC_GFP_NIST_FIELD_SQR 201 +#define EC_F_EC_GFP_NIST_GROUP_SET_CURVE 202 +#define EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT 165 +#define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE 166 #define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP 100 #define EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR 101 #define EC_F_EC_GFP_SIMPLE_MAKE_AFFINE 102 #define EC_F_EC_GFP_SIMPLE_OCT2POINT 103 #define EC_F_EC_GFP_SIMPLE_POINT2OCT 104 #define EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE 137 +#define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES 167 #define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP 105 +#define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES 168 #define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP 128 +#define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES 169 #define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP 129 +#define EC_F_EC_GROUP_CHECK 170 +#define EC_F_EC_GROUP_CHECK_DISCRIMINANT 171 #define EC_F_EC_GROUP_COPY 106 #define EC_F_EC_GROUP_GET0_GENERATOR 139 #define EC_F_EC_GROUP_GET_COFACTOR 140 +#define EC_F_EC_GROUP_GET_CURVE_GF2M 172 #define EC_F_EC_GROUP_GET_CURVE_GFP 130 -#define EC_F_EC_GROUP_GET_EXTRA_DATA 107 +#define EC_F_EC_GROUP_GET_DEGREE 173 #define EC_F_EC_GROUP_GET_ORDER 141 +#define EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS 193 +#define EC_F_EC_GROUP_GET_TRINOMIAL_BASIS 194 #define EC_F_EC_GROUP_NEW 108 +#define EC_F_EC_GROUP_NEW_BY_CURVE_NAME 174 +#define EC_F_EC_GROUP_NEW_FROM_DATA 175 #define EC_F_EC_GROUP_PRECOMPUTE_MULT 142 +#define EC_F_EC_GROUP_SET_CURVE_GF2M 176 #define EC_F_EC_GROUP_SET_CURVE_GFP 109 #define EC_F_EC_GROUP_SET_EXTRA_DATA 110 #define EC_F_EC_GROUP_SET_GENERATOR 111 +#define EC_F_EC_KEY_CHECK_KEY 177 +#define EC_F_EC_KEY_COPY 178 +#define EC_F_EC_KEY_GENERATE_KEY 179 +#define EC_F_EC_KEY_NEW 182 +#define EC_F_EC_KEY_PRINT 180 +#define EC_F_EC_KEY_PRINT_FP 181 +#define EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES 229 #define EC_F_EC_POINTS_MAKE_AFFINE 136 -#define EC_F_EC_POINTS_MUL 138 #define EC_F_EC_POINT_ADD 112 #define EC_F_EC_POINT_CMP 113 #define EC_F_EC_POINT_COPY 114 #define EC_F_EC_POINT_DBL 115 +#define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M 183 #define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP 116 #define EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP 117 +#define EC_F_EC_POINT_INVERT 210 #define EC_F_EC_POINT_IS_AT_INFINITY 118 #define EC_F_EC_POINT_IS_ON_CURVE 119 #define EC_F_EC_POINT_MAKE_AFFINE 120 +#define EC_F_EC_POINT_MUL 184 #define EC_F_EC_POINT_NEW 121 #define EC_F_EC_POINT_OCT2POINT 122 #define EC_F_EC_POINT_POINT2OCT 123 +#define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M 185 #define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP 124 +#define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M 186 #define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP 125 #define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP 126 #define EC_F_EC_POINT_SET_TO_INFINITY 127 -#define EC_F_GFP_MONT_GROUP_SET_CURVE_GFP 135 +#define EC_F_EC_PRE_COMP_DUP 207 +#define EC_F_EC_PRE_COMP_NEW 196 +#define EC_F_EC_WNAF_MUL 187 +#define EC_F_EC_WNAF_PRECOMPUTE_MULT 188 +#define EC_F_I2D_ECPARAMETERS 190 +#define EC_F_I2D_ECPKPARAMETERS 191 +#define EC_F_I2D_ECPRIVATEKEY 192 +#define EC_F_I2O_ECPUBLICKEY 151 +#define EC_F_NISTP224_PRE_COMP_NEW 227 +#define EC_F_NISTP256_PRE_COMP_NEW 236 +#define EC_F_NISTP521_PRE_COMP_NEW 237 +#define EC_F_O2I_ECPUBLICKEY 152 +#define EC_F_OLD_EC_PRIV_DECODE 222 +#define EC_F_PKEY_EC_CTRL 197 +#define EC_F_PKEY_EC_CTRL_STR 198 +#define EC_F_PKEY_EC_DERIVE 217 +#define EC_F_PKEY_EC_KEYGEN 199 +#define EC_F_PKEY_EC_PARAMGEN 219 +#define EC_F_PKEY_EC_SIGN 218 /* Reason codes. */ +#define EC_R_ASN1_ERROR 115 +#define EC_R_ASN1_UNKNOWN_FIELD 116 +#define EC_R_BIGNUM_OUT_OF_RANGE 144 #define EC_R_BUFFER_TOO_SMALL 100 +#define EC_R_COORDINATES_OUT_OF_RANGE 146 +#define EC_R_D2I_ECPKPARAMETERS_FAILURE 117 +#define EC_R_DECODE_ERROR 142 +#define EC_R_DISCRIMINANT_IS_ZERO 118 +#define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE 119 +#define EC_R_FIELD_TOO_LARGE 143 +#define EC_R_GF2M_NOT_SUPPORTED 147 +#define EC_R_GROUP2PKPARAMETERS_FAILURE 120 +#define EC_R_I2D_ECPKPARAMETERS_FAILURE 121 #define EC_R_INCOMPATIBLE_OBJECTS 101 #define EC_R_INVALID_ARGUMENT 112 #define EC_R_INVALID_COMPRESSED_POINT 110 #define EC_R_INVALID_COMPRESSION_BIT 109 +#define EC_R_INVALID_CURVE 141 +#define EC_R_INVALID_DIGEST_TYPE 138 #define EC_R_INVALID_ENCODING 102 #define EC_R_INVALID_FIELD 103 #define EC_R_INVALID_FORM 104 +#define EC_R_INVALID_GROUP_ORDER 122 +#define EC_R_INVALID_PENTANOMIAL_BASIS 132 +#define EC_R_INVALID_PRIVATE_KEY 123 +#define EC_R_INVALID_TRINOMIAL_BASIS 137 +#define EC_R_KEYS_NOT_SET 140 +#define EC_R_MISSING_PARAMETERS 124 +#define EC_R_MISSING_PRIVATE_KEY 125 +#define EC_R_NOT_A_NIST_PRIME 135 +#define EC_R_NOT_A_SUPPORTED_NIST_PRIME 136 +#define EC_R_NOT_IMPLEMENTED 126 #define EC_R_NOT_INITIALIZED 111 -#define EC_R_NO_SUCH_EXTRA_DATA 105 +#define EC_R_NO_FIELD_MOD 133 +#define EC_R_NO_PARAMETERS_SET 139 +#define EC_R_PASSED_NULL_PARAMETER 134 +#define EC_R_PKPARAMETERS2GROUP_FAILURE 127 #define EC_R_POINT_AT_INFINITY 106 #define EC_R_POINT_IS_NOT_ON_CURVE 107 #define EC_R_SLOT_FULL 108 #define EC_R_UNDEFINED_GENERATOR 113 +#define EC_R_UNDEFINED_ORDER 128 +#define EC_R_UNKNOWN_GROUP 129 #define EC_R_UNKNOWN_ORDER 114 +#define EC_R_UNSUPPORTED_FIELD 131 +#define EC_R_WRONG_CURVE_PARAMETERS 145 +#define EC_R_WRONG_ORDER 130 #ifdef __cplusplus } diff --git a/src/lib/libcrypto/ec/ec2_mult.c b/src/lib/libcrypto/ec/ec2_mult.c new file mode 100644 index 00000000000..3e5d1dca853 --- /dev/null +++ b/src/lib/libcrypto/ec/ec2_mult.c @@ -0,0 +1,455 @@ +/* $OpenBSD: ec2_mult.c,v 1.13 2018/07/23 18:24:22 tb Exp $ */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * The Elliptic Curve Public-Key Crypto Library (ECC Code) included + * herein is developed by SUN MICROSYSTEMS, INC., and is contributed + * to the OpenSSL project. + * + * The ECC Code is licensed pursuant to the OpenSSL open source + * license provided below. + * + * The software is originally written by Sheueling Chang Shantz and + * Douglas Stebila of Sun Microsystems Laboratories. + * + */ +/* ==================================================================== + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include + +#include + +#include "bn_lcl.h" +#include "ec_lcl.h" + +#ifndef OPENSSL_NO_EC2M + + +/* Compute the x-coordinate x/z for the point 2*(x/z) in Montgomery projective + * coordinates. + * Uses algorithm Mdouble in appendix of + * Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over + * GF(2^m) without precomputation" (CHES '99, LNCS 1717). + * modified to not require precomputation of c=b^{2^{m-1}}. + */ +static int +gf2m_Mdouble(const EC_GROUP *group, BIGNUM *x, BIGNUM *z, BN_CTX *ctx) +{ + BIGNUM *t1; + int ret = 0; + + /* Since Mdouble is static we can guarantee that ctx != NULL. */ + BN_CTX_start(ctx); + if ((t1 = BN_CTX_get(ctx)) == NULL) + goto err; + + if (!group->meth->field_sqr(group, x, x, ctx)) + goto err; + if (!group->meth->field_sqr(group, t1, z, ctx)) + goto err; + if (!group->meth->field_mul(group, z, x, t1, ctx)) + goto err; + if (!group->meth->field_sqr(group, x, x, ctx)) + goto err; + if (!group->meth->field_sqr(group, t1, t1, ctx)) + goto err; + if (!group->meth->field_mul(group, t1, &group->b, t1, ctx)) + goto err; + if (!BN_GF2m_add(x, x, t1)) + goto err; + + ret = 1; + + err: + BN_CTX_end(ctx); + return ret; +} + +/* Compute the x-coordinate x1/z1 for the point (x1/z1)+(x2/x2) in Montgomery + * projective coordinates. + * Uses algorithm Madd in appendix of + * Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over + * GF(2^m) without precomputation" (CHES '99, LNCS 1717). + */ +static int +gf2m_Madd(const EC_GROUP *group, const BIGNUM *x, BIGNUM *x1, BIGNUM *z1, + const BIGNUM *x2, const BIGNUM *z2, BN_CTX *ctx) +{ + BIGNUM *t1, *t2; + int ret = 0; + + /* Since Madd is static we can guarantee that ctx != NULL. */ + BN_CTX_start(ctx); + if ((t1 = BN_CTX_get(ctx)) == NULL) + goto err; + if ((t2 = BN_CTX_get(ctx)) == NULL) + goto err; + + if (!BN_copy(t1, x)) + goto err; + if (!group->meth->field_mul(group, x1, x1, z2, ctx)) + goto err; + if (!group->meth->field_mul(group, z1, z1, x2, ctx)) + goto err; + if (!group->meth->field_mul(group, t2, x1, z1, ctx)) + goto err; + if (!BN_GF2m_add(z1, z1, x1)) + goto err; + if (!group->meth->field_sqr(group, z1, z1, ctx)) + goto err; + if (!group->meth->field_mul(group, x1, z1, t1, ctx)) + goto err; + if (!BN_GF2m_add(x1, x1, t2)) + goto err; + + ret = 1; + + err: + BN_CTX_end(ctx); + return ret; +} + +/* Compute the x, y affine coordinates from the point (x1, z1) (x2, z2) + * using Montgomery point multiplication algorithm Mxy() in appendix of + * Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over + * GF(2^m) without precomputation" (CHES '99, LNCS 1717). + * Returns: + * 0 on error + * 1 if return value should be the point at infinity + * 2 otherwise + */ +static int +gf2m_Mxy(const EC_GROUP *group, const BIGNUM *x, const BIGNUM *y, BIGNUM *x1, + BIGNUM *z1, BIGNUM *x2, BIGNUM *z2, BN_CTX *ctx) +{ + BIGNUM *t3, *t4, *t5; + int ret = 0; + + if (BN_is_zero(z1)) { + BN_zero(x2); + BN_zero(z2); + return 1; + } + if (BN_is_zero(z2)) { + if (!BN_copy(x2, x)) + return 0; + if (!BN_GF2m_add(z2, x, y)) + return 0; + return 2; + } + /* Since Mxy is static we can guarantee that ctx != NULL. */ + BN_CTX_start(ctx); + if ((t3 = BN_CTX_get(ctx)) == NULL) + goto err; + if ((t4 = BN_CTX_get(ctx)) == NULL) + goto err; + if ((t5 = BN_CTX_get(ctx)) == NULL) + goto err; + + if (!BN_one(t5)) + goto err; + + if (!group->meth->field_mul(group, t3, z1, z2, ctx)) + goto err; + + if (!group->meth->field_mul(group, z1, z1, x, ctx)) + goto err; + if (!BN_GF2m_add(z1, z1, x1)) + goto err; + if (!group->meth->field_mul(group, z2, z2, x, ctx)) + goto err; + if (!group->meth->field_mul(group, x1, z2, x1, ctx)) + goto err; + if (!BN_GF2m_add(z2, z2, x2)) + goto err; + + if (!group->meth->field_mul(group, z2, z2, z1, ctx)) + goto err; + if (!group->meth->field_sqr(group, t4, x, ctx)) + goto err; + if (!BN_GF2m_add(t4, t4, y)) + goto err; + if (!group->meth->field_mul(group, t4, t4, t3, ctx)) + goto err; + if (!BN_GF2m_add(t4, t4, z2)) + goto err; + + if (!group->meth->field_mul(group, t3, t3, x, ctx)) + goto err; + if (!group->meth->field_div(group, t3, t5, t3, ctx)) + goto err; + if (!group->meth->field_mul(group, t4, t3, t4, ctx)) + goto err; + if (!group->meth->field_mul(group, x2, x1, t3, ctx)) + goto err; + if (!BN_GF2m_add(z2, x2, x)) + goto err; + + if (!group->meth->field_mul(group, z2, z2, t4, ctx)) + goto err; + if (!BN_GF2m_add(z2, z2, y)) + goto err; + + ret = 2; + + err: + BN_CTX_end(ctx); + return ret; +} + + +/* Computes scalar*point and stores the result in r. + * point can not equal r. + * Uses a modified algorithm 2P of + * Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over + * GF(2^m) without precomputation" (CHES '99, LNCS 1717). + * + * To protect against side-channel attack the function uses constant time swap, + * avoiding conditional branches. + */ +static int +ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, + const BIGNUM *scalar, const EC_POINT *point, BN_CTX *ctx) +{ + BIGNUM *x1, *x2, *z1, *z2; + int ret = 0, i; + BN_ULONG mask, word; + + if (r == point) { + ECerror(EC_R_INVALID_ARGUMENT); + return 0; + } + /* if result should be point at infinity */ + if ((scalar == NULL) || BN_is_zero(scalar) || (point == NULL) || + EC_POINT_is_at_infinity(group, point) > 0) { + return EC_POINT_set_to_infinity(group, r); + } + /* only support affine coordinates */ + if (!point->Z_is_one) + return 0; + + /* Since point_multiply is static we can guarantee that ctx != NULL. */ + BN_CTX_start(ctx); + if ((x1 = BN_CTX_get(ctx)) == NULL) + goto err; + if ((z1 = BN_CTX_get(ctx)) == NULL) + goto err; + + x2 = &r->X; + z2 = &r->Y; + + if (!bn_wexpand(x1, group->field.top)) + goto err; + if (!bn_wexpand(z1, group->field.top)) + goto err; + if (!bn_wexpand(x2, group->field.top)) + goto err; + if (!bn_wexpand(z2, group->field.top)) + goto err; + + if (!BN_GF2m_mod_arr(x1, &point->X, group->poly)) + goto err; /* x1 = x */ + if (!BN_one(z1)) + goto err; /* z1 = 1 */ + if (!group->meth->field_sqr(group, z2, x1, ctx)) + goto err; /* z2 = x1^2 = x^2 */ + if (!group->meth->field_sqr(group, x2, z2, ctx)) + goto err; + if (!BN_GF2m_add(x2, x2, &group->b)) + goto err; /* x2 = x^4 + b */ + + /* find top most bit and go one past it */ + i = scalar->top - 1; + mask = BN_TBIT; + word = scalar->d[i]; + while (!(word & mask)) + mask >>= 1; + mask >>= 1; + /* if top most bit was at word break, go to next word */ + if (!mask) { + i--; + mask = BN_TBIT; + } + for (; i >= 0; i--) { + word = scalar->d[i]; + while (mask) { + if (!BN_swap_ct(word & mask, x1, x2, group->field.top)) + goto err; + if (!BN_swap_ct(word & mask, z1, z2, group->field.top)) + goto err; + if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) + goto err; + if (!gf2m_Mdouble(group, x1, z1, ctx)) + goto err; + if (!BN_swap_ct(word & mask, x1, x2, group->field.top)) + goto err; + if (!BN_swap_ct(word & mask, z1, z2, group->field.top)) + goto err; + mask >>= 1; + } + mask = BN_TBIT; + } + + /* convert out of "projective" coordinates */ + i = gf2m_Mxy(group, &point->X, &point->Y, x1, z1, x2, z2, ctx); + if (i == 0) + goto err; + else if (i == 1) { + if (!EC_POINT_set_to_infinity(group, r)) + goto err; + } else { + if (!BN_one(&r->Z)) + goto err; + r->Z_is_one = 1; + } + + /* GF(2^m) field elements should always have BIGNUM::neg = 0 */ + BN_set_negative(&r->X, 0); + BN_set_negative(&r->Y, 0); + + ret = 1; + + err: + BN_CTX_end(ctx); + return ret; +} + + +/* Computes the sum + * scalar*group->generator + scalars[0]*points[0] + ... + scalars[num-1]*points[num-1] + * gracefully ignoring NULL scalar values. + */ +int +ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, + size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx) +{ + BN_CTX *new_ctx = NULL; + int ret = 0; + size_t i; + EC_POINT *p = NULL; + EC_POINT *acc = NULL; + + if (ctx == NULL) { + ctx = new_ctx = BN_CTX_new(); + if (ctx == NULL) + return 0; + } + /* + * This implementation is more efficient than the wNAF implementation + * for 2 or fewer points. Use the ec_wNAF_mul implementation for 3 + * or more points, or if we can perform a fast multiplication based + * on precomputation. + */ + if ((scalar && (num > 1)) || (num > 2) || + (num == 0 && EC_GROUP_have_precompute_mult(group))) { + ret = ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx); + goto err; + } + if ((p = EC_POINT_new(group)) == NULL) + goto err; + if ((acc = EC_POINT_new(group)) == NULL) + goto err; + + if (!EC_POINT_set_to_infinity(group, acc)) + goto err; + + if (scalar) { + if (!ec_GF2m_montgomery_point_multiply(group, p, scalar, group->generator, ctx)) + goto err; + if (BN_is_negative(scalar)) + if (!group->meth->invert(group, p, ctx)) + goto err; + if (!group->meth->add(group, acc, acc, p, ctx)) + goto err; + } + for (i = 0; i < num; i++) { + if (!ec_GF2m_montgomery_point_multiply(group, p, scalars[i], points[i], ctx)) + goto err; + if (BN_is_negative(scalars[i])) + if (!group->meth->invert(group, p, ctx)) + goto err; + if (!group->meth->add(group, acc, acc, p, ctx)) + goto err; + } + + if (!EC_POINT_copy(r, acc)) + goto err; + + ret = 1; + + err: + EC_POINT_free(p); + EC_POINT_free(acc); + BN_CTX_free(new_ctx); + return ret; +} + + +/* Precomputation for point multiplication: fall back to wNAF methods + * because ec_GF2m_simple_mul() uses ec_wNAF_mul() if appropriate */ + +int +ec_GF2m_precompute_mult(EC_GROUP * group, BN_CTX * ctx) +{ + return ec_wNAF_precompute_mult(group, ctx); +} + +int +ec_GF2m_have_precompute_mult(const EC_GROUP * group) +{ + return ec_wNAF_have_precompute_mult(group); +} + +#endif diff --git a/src/lib/libcrypto/ec/ec2_oct.c b/src/lib/libcrypto/ec/ec2_oct.c new file mode 100644 index 00000000000..268eccf4717 --- /dev/null +++ b/src/lib/libcrypto/ec/ec2_oct.c @@ -0,0 +1,382 @@ +/* $OpenBSD: ec2_oct.c,v 1.11 2018/07/15 16:27:39 tb Exp $ */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * The Elliptic Curve Public-Key Crypto Library (ECC Code) included + * herein is developed by SUN MICROSYSTEMS, INC., and is contributed + * to the OpenSSL project. + * + * The ECC Code is licensed pursuant to the OpenSSL open source + * license provided below. + * + * The software is originally written by Sheueling Chang Shantz and + * Douglas Stebila of Sun Microsystems Laboratories. + * + */ +/* ==================================================================== + * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include + +#include + +#include "ec_lcl.h" + +#ifndef OPENSSL_NO_EC2M + +/* Calculates and sets the affine coordinates of an EC_POINT from the given + * compressed coordinates. Uses algorithm 2.3.4 of SEC 1. + * Note that the simple implementation only uses affine coordinates. + * + * The method is from the following publication: + * + * Harper, Menezes, Vanstone: + * "Public-Key Cryptosystems with Very Small Key Lengths", + * EUROCRYPT '92, Springer-Verlag LNCS 658, + * published February 1993 + * + * US Patents 6,141,420 and 6,618,483 (Vanstone, Mullin, Agnew) describe + * the same method, but claim no priority date earlier than July 29, 1994 + * (and additionally fail to cite the EUROCRYPT '92 publication as prior art). + */ +int +ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point, + const BIGNUM *x_, int y_bit, BN_CTX *ctx) +{ + BN_CTX *new_ctx = NULL; + BIGNUM *tmp, *x, *y, *z; + int ret = 0, z0; + + /* clear error queue */ + ERR_clear_error(); + + if (ctx == NULL) { + ctx = new_ctx = BN_CTX_new(); + if (ctx == NULL) + return 0; + } + y_bit = (y_bit != 0) ? 1 : 0; + + BN_CTX_start(ctx); + if ((tmp = BN_CTX_get(ctx)) == NULL) + goto err; + if ((x = BN_CTX_get(ctx)) == NULL) + goto err; + if ((y = BN_CTX_get(ctx)) == NULL) + goto err; + if ((z = BN_CTX_get(ctx)) == NULL) + goto err; + + if (!BN_GF2m_mod_arr(x, x_, group->poly)) + goto err; + if (BN_is_zero(x)) { + if (!BN_GF2m_mod_sqrt_arr(y, &group->b, group->poly, ctx)) + goto err; + } else { + if (!group->meth->field_sqr(group, tmp, x, ctx)) + goto err; + if (!group->meth->field_div(group, tmp, &group->b, tmp, ctx)) + goto err; + if (!BN_GF2m_add(tmp, &group->a, tmp)) + goto err; + if (!BN_GF2m_add(tmp, x, tmp)) + goto err; + if (!BN_GF2m_mod_solve_quad_arr(z, tmp, group->poly, ctx)) { + unsigned long err = ERR_peek_last_error(); + + if (ERR_GET_LIB(err) == ERR_LIB_BN && + ERR_GET_REASON(err) == BN_R_NO_SOLUTION) { + ERR_clear_error(); + ECerror(EC_R_INVALID_COMPRESSED_POINT); + } else + ECerror(ERR_R_BN_LIB); + goto err; + } + z0 = (BN_is_odd(z)) ? 1 : 0; + if (!group->meth->field_mul(group, y, x, z, ctx)) + goto err; + if (z0 != y_bit) { + if (!BN_GF2m_add(y, y, x)) + goto err; + } + } + + if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx)) + goto err; + + ret = 1; + + err: + BN_CTX_end(ctx); + BN_CTX_free(new_ctx); + return ret; +} + + +/* Converts an EC_POINT to an octet string. + * If buf is NULL, the encoded length will be returned. + * If the length len of buf is smaller than required an error will be returned. + */ +size_t +ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point, + point_conversion_form_t form, + unsigned char *buf, size_t len, BN_CTX * ctx) +{ + size_t ret; + BN_CTX *new_ctx = NULL; + int used_ctx = 0; + BIGNUM *x, *y, *yxi; + size_t field_len, i, skip; + + if ((form != POINT_CONVERSION_COMPRESSED) + && (form != POINT_CONVERSION_UNCOMPRESSED) + && (form != POINT_CONVERSION_HYBRID)) { + ECerror(EC_R_INVALID_FORM); + goto err; + } + if (EC_POINT_is_at_infinity(group, point) > 0) { + /* encodes to a single 0 octet */ + if (buf != NULL) { + if (len < 1) { + ECerror(EC_R_BUFFER_TOO_SMALL); + return 0; + } + buf[0] = 0; + } + return 1; + } + /* ret := required output buffer length */ + field_len = (EC_GROUP_get_degree(group) + 7) / 8; + ret = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : + 1 + 2 * field_len; + + /* if 'buf' is NULL, just return required length */ + if (buf != NULL) { + if (len < ret) { + ECerror(EC_R_BUFFER_TOO_SMALL); + goto err; + } + if (ctx == NULL) { + ctx = new_ctx = BN_CTX_new(); + if (ctx == NULL) + return 0; + } + BN_CTX_start(ctx); + used_ctx = 1; + if ((x = BN_CTX_get(ctx)) == NULL) + goto err; + if ((y = BN_CTX_get(ctx)) == NULL) + goto err; + if ((yxi = BN_CTX_get(ctx)) == NULL) + goto err; + + if (!EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx)) + goto err; + + buf[0] = form; + if ((form != POINT_CONVERSION_UNCOMPRESSED) && !BN_is_zero(x)) { + if (!group->meth->field_div(group, yxi, y, x, ctx)) + goto err; + if (BN_is_odd(yxi)) + buf[0]++; + } + i = 1; + + skip = field_len - BN_num_bytes(x); + if (skip > field_len) { + ECerror(ERR_R_INTERNAL_ERROR); + goto err; + } + while (skip > 0) { + buf[i++] = 0; + skip--; + } + skip = BN_bn2bin(x, buf + i); + i += skip; + if (i != 1 + field_len) { + ECerror(ERR_R_INTERNAL_ERROR); + goto err; + } + if (form == POINT_CONVERSION_UNCOMPRESSED || + form == POINT_CONVERSION_HYBRID) { + skip = field_len - BN_num_bytes(y); + if (skip > field_len) { + ECerror(ERR_R_INTERNAL_ERROR); + goto err; + } + while (skip > 0) { + buf[i++] = 0; + skip--; + } + skip = BN_bn2bin(y, buf + i); + i += skip; + } + if (i != ret) { + ECerror(ERR_R_INTERNAL_ERROR); + goto err; + } + } + if (used_ctx) + BN_CTX_end(ctx); + BN_CTX_free(new_ctx); + return ret; + + err: + if (used_ctx) + BN_CTX_end(ctx); + BN_CTX_free(new_ctx); + return 0; +} + + +/* Converts an octet string representation to an EC_POINT. + * Note that the simple implementation only uses affine coordinates. + */ +int +ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point, + const unsigned char *buf, size_t len, BN_CTX *ctx) +{ + point_conversion_form_t form; + int y_bit; + BN_CTX *new_ctx = NULL; + BIGNUM *x, *y, *yxi; + size_t field_len, enc_len; + int ret = 0; + + if (len == 0) { + ECerror(EC_R_BUFFER_TOO_SMALL); + return 0; + } + form = buf[0]; + y_bit = form & 1; + form = form & ~1U; + if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED) && + (form != POINT_CONVERSION_UNCOMPRESSED) && + (form != POINT_CONVERSION_HYBRID)) { + ECerror(EC_R_INVALID_ENCODING); + return 0; + } + if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit) { + ECerror(EC_R_INVALID_ENCODING); + return 0; + } + if (form == 0) { + if (len != 1) { + ECerror(EC_R_INVALID_ENCODING); + return 0; + } + return EC_POINT_set_to_infinity(group, point); + } + field_len = (EC_GROUP_get_degree(group) + 7) / 8; + enc_len = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : + 1 + 2 * field_len; + + if (len != enc_len) { + ECerror(EC_R_INVALID_ENCODING); + return 0; + } + if (ctx == NULL) { + ctx = new_ctx = BN_CTX_new(); + if (ctx == NULL) + return 0; + } + BN_CTX_start(ctx); + if ((x = BN_CTX_get(ctx)) == NULL) + goto err; + if ((y = BN_CTX_get(ctx)) == NULL) + goto err; + if ((yxi = BN_CTX_get(ctx)) == NULL) + goto err; + + if (!BN_bin2bn(buf + 1, field_len, x)) + goto err; + if (BN_ucmp(x, &group->field) >= 0) { + ECerror(EC_R_INVALID_ENCODING); + goto err; + } + if (form == POINT_CONVERSION_COMPRESSED) { + if (!EC_POINT_set_compressed_coordinates_GF2m(group, point, x, y_bit, ctx)) + goto err; + } else { + if (!BN_bin2bn(buf + 1 + field_len, field_len, y)) + goto err; + if (BN_ucmp(y, &group->field) >= 0) { + ECerror(EC_R_INVALID_ENCODING); + goto err; + } + if (form == POINT_CONVERSION_HYBRID) { + if (!group->meth->field_div(group, yxi, y, x, ctx)) + goto err; + if (y_bit != BN_is_odd(yxi)) { + ECerror(EC_R_INVALID_ENCODING); + goto err; + } + } + if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx)) + goto err; + } + + /* test required by X9.62 */ + if (EC_POINT_is_on_curve(group, point, ctx) <= 0) { + ECerror(EC_R_POINT_IS_NOT_ON_CURVE); + goto err; + } + ret = 1; + + err: + BN_CTX_end(ctx); + BN_CTX_free(new_ctx); + return ret; +} +#endif diff --git a/src/lib/libcrypto/ec/ec2_smpl.c b/src/lib/libcrypto/ec/ec2_smpl.c new file mode 100644 index 00000000000..936cee48980 --- /dev/null +++ b/src/lib/libcrypto/ec/ec2_smpl.c @@ -0,0 +1,784 @@ +/* $OpenBSD: ec2_smpl.c,v 1.21 2018/11/05 20:18:21 tb Exp $ */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * The Elliptic Curve Public-Key Crypto Library (ECC Code) included + * herein is developed by SUN MICROSYSTEMS, INC., and is contributed + * to the OpenSSL project. + * + * The ECC Code is licensed pursuant to the OpenSSL open source + * license provided below. + * + * The software is originally written by Sheueling Chang Shantz and + * Douglas Stebila of Sun Microsystems Laboratories. + * + */ +/* ==================================================================== + * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include + +#include + +#include "ec_lcl.h" + +#ifndef OPENSSL_NO_EC2M + +const EC_METHOD * +EC_GF2m_simple_method(void) +{ + static const EC_METHOD ret = { + .flags = EC_FLAGS_DEFAULT_OCT, + .field_type = NID_X9_62_characteristic_two_field, + .group_init = ec_GF2m_simple_group_init, + .group_finish = ec_GF2m_simple_group_finish, + .group_clear_finish = ec_GF2m_simple_group_clear_finish, + .group_copy = ec_GF2m_simple_group_copy, + .group_set_curve = ec_GF2m_simple_group_set_curve, + .group_get_curve = ec_GF2m_simple_group_get_curve, + .group_get_degree = ec_GF2m_simple_group_get_degree, + .group_check_discriminant = + ec_GF2m_simple_group_check_discriminant, + .point_init = ec_GF2m_simple_point_init, + .point_finish = ec_GF2m_simple_point_finish, + .point_clear_finish = ec_GF2m_simple_point_clear_finish, + .point_copy = ec_GF2m_simple_point_copy, + .point_set_to_infinity = ec_GF2m_simple_point_set_to_infinity, + .point_set_affine_coordinates = + ec_GF2m_simple_point_set_affine_coordinates, + .point_get_affine_coordinates = + ec_GF2m_simple_point_get_affine_coordinates, + .add = ec_GF2m_simple_add, + .dbl = ec_GF2m_simple_dbl, + .invert = ec_GF2m_simple_invert, + .is_at_infinity = ec_GF2m_simple_is_at_infinity, + .is_on_curve = ec_GF2m_simple_is_on_curve, + .point_cmp = ec_GF2m_simple_cmp, + .make_affine = ec_GF2m_simple_make_affine, + .points_make_affine = ec_GF2m_simple_points_make_affine, + .mul_generator_ct = ec_GFp_simple_mul_generator_ct, + .mul_single_ct = ec_GFp_simple_mul_single_ct, + .mul_double_nonct = ec_GFp_simple_mul_double_nonct, + .precompute_mult = ec_GF2m_precompute_mult, + .have_precompute_mult = ec_GF2m_have_precompute_mult, + .field_mul = ec_GF2m_simple_field_mul, + .field_sqr = ec_GF2m_simple_field_sqr, + .field_div = ec_GF2m_simple_field_div, + .blind_coordinates = NULL, + }; + + return &ret; +} + + +/* Initialize a GF(2^m)-based EC_GROUP structure. + * Note that all other members are handled by EC_GROUP_new. + */ +int +ec_GF2m_simple_group_init(EC_GROUP * group) +{ + BN_init(&group->field); + BN_init(&group->a); + BN_init(&group->b); + return 1; +} + + +/* Free a GF(2^m)-based EC_GROUP structure. + * Note that all other members are handled by EC_GROUP_free. + */ +void +ec_GF2m_simple_group_finish(EC_GROUP * group) +{ + BN_free(&group->field); + BN_free(&group->a); + BN_free(&group->b); +} + + +/* Clear and free a GF(2^m)-based EC_GROUP structure. + * Note that all other members are handled by EC_GROUP_clear_free. + */ +void +ec_GF2m_simple_group_clear_finish(EC_GROUP * group) +{ + BN_clear_free(&group->field); + BN_clear_free(&group->a); + BN_clear_free(&group->b); + group->poly[0] = 0; + group->poly[1] = 0; + group->poly[2] = 0; + group->poly[3] = 0; + group->poly[4] = 0; + group->poly[5] = -1; +} + + +/* Copy a GF(2^m)-based EC_GROUP structure. + * Note that all other members are handled by EC_GROUP_copy. + */ +int +ec_GF2m_simple_group_copy(EC_GROUP * dest, const EC_GROUP * src) +{ + int i; + + if (!BN_copy(&dest->field, &src->field)) + return 0; + if (!BN_copy(&dest->a, &src->a)) + return 0; + if (!BN_copy(&dest->b, &src->b)) + return 0; + dest->poly[0] = src->poly[0]; + dest->poly[1] = src->poly[1]; + dest->poly[2] = src->poly[2]; + dest->poly[3] = src->poly[3]; + dest->poly[4] = src->poly[4]; + dest->poly[5] = src->poly[5]; + if (bn_wexpand(&dest->a, (int) (dest->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL) + return 0; + if (bn_wexpand(&dest->b, (int) (dest->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL) + return 0; + for (i = dest->a.top; i < dest->a.dmax; i++) + dest->a.d[i] = 0; + for (i = dest->b.top; i < dest->b.dmax; i++) + dest->b.d[i] = 0; + return 1; +} + + +/* Set the curve parameters of an EC_GROUP structure. */ +int +ec_GF2m_simple_group_set_curve(EC_GROUP * group, + const BIGNUM * p, const BIGNUM * a, const BIGNUM * b, BN_CTX * ctx) +{ + int ret = 0, i; + + /* group->field */ + if (!BN_copy(&group->field, p)) + goto err; + i = BN_GF2m_poly2arr(&group->field, group->poly, 6) - 1; + if ((i != 5) && (i != 3)) { + ECerror(EC_R_UNSUPPORTED_FIELD); + goto err; + } + /* group->a */ + if (!BN_GF2m_mod_arr(&group->a, a, group->poly)) + goto err; + if (bn_wexpand(&group->a, (int) (group->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL) + goto err; + for (i = group->a.top; i < group->a.dmax; i++) + group->a.d[i] = 0; + + /* group->b */ + if (!BN_GF2m_mod_arr(&group->b, b, group->poly)) + goto err; + if (bn_wexpand(&group->b, (int) (group->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL) + goto err; + for (i = group->b.top; i < group->b.dmax; i++) + group->b.d[i] = 0; + + ret = 1; + err: + return ret; +} + + +/* Get the curve parameters of an EC_GROUP structure. + * If p, a, or b are NULL then there values will not be set but the method will return with success. + */ +int +ec_GF2m_simple_group_get_curve(const EC_GROUP *group, + BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx) +{ + int ret = 0; + + if (p != NULL) { + if (!BN_copy(p, &group->field)) + return 0; + } + if (a != NULL) { + if (!BN_copy(a, &group->a)) + goto err; + } + if (b != NULL) { + if (!BN_copy(b, &group->b)) + goto err; + } + ret = 1; + + err: + return ret; +} + + +/* Gets the degree of the field. For a curve over GF(2^m) this is the value m. */ +int +ec_GF2m_simple_group_get_degree(const EC_GROUP * group) +{ + return BN_num_bits(&group->field) - 1; +} + + +/* Checks the discriminant of the curve. + * y^2 + x*y = x^3 + a*x^2 + b is an elliptic curve <=> b != 0 (mod p) + */ +int +ec_GF2m_simple_group_check_discriminant(const EC_GROUP * group, BN_CTX * ctx) +{ + int ret = 0; + BIGNUM *b; + BN_CTX *new_ctx = NULL; + + if (ctx == NULL) { + ctx = new_ctx = BN_CTX_new(); + if (ctx == NULL) { + ECerror(ERR_R_MALLOC_FAILURE); + goto err; + } + } + BN_CTX_start(ctx); + if ((b = BN_CTX_get(ctx)) == NULL) + goto err; + + if (!BN_GF2m_mod_arr(b, &group->b, group->poly)) + goto err; + + /* + * check the discriminant: y^2 + x*y = x^3 + a*x^2 + b is an elliptic + * curve <=> b != 0 (mod p) + */ + if (BN_is_zero(b)) + goto err; + + ret = 1; + + err: + if (ctx != NULL) + BN_CTX_end(ctx); + BN_CTX_free(new_ctx); + return ret; +} + + +/* Initializes an EC_POINT. */ +int +ec_GF2m_simple_point_init(EC_POINT * point) +{ + BN_init(&point->X); + BN_init(&point->Y); + BN_init(&point->Z); + return 1; +} + + +/* Frees an EC_POINT. */ +void +ec_GF2m_simple_point_finish(EC_POINT * point) +{ + BN_free(&point->X); + BN_free(&point->Y); + BN_free(&point->Z); +} + + +/* Clears and frees an EC_POINT. */ +void +ec_GF2m_simple_point_clear_finish(EC_POINT * point) +{ + BN_clear_free(&point->X); + BN_clear_free(&point->Y); + BN_clear_free(&point->Z); + point->Z_is_one = 0; +} + + +/* Copy the contents of one EC_POINT into another. Assumes dest is initialized. */ +int +ec_GF2m_simple_point_copy(EC_POINT * dest, const EC_POINT * src) +{ + if (!BN_copy(&dest->X, &src->X)) + return 0; + if (!BN_copy(&dest->Y, &src->Y)) + return 0; + if (!BN_copy(&dest->Z, &src->Z)) + return 0; + dest->Z_is_one = src->Z_is_one; + + return 1; +} + + +/* Set an EC_POINT to the point at infinity. + * A point at infinity is represented by having Z=0. + */ +int +ec_GF2m_simple_point_set_to_infinity(const EC_GROUP * group, EC_POINT * point) +{ + point->Z_is_one = 0; + BN_zero(&point->Z); + return 1; +} + + +/* Set the coordinates of an EC_POINT using affine coordinates. + * Note that the simple implementation only uses affine coordinates. + */ +int +ec_GF2m_simple_point_set_affine_coordinates(const EC_GROUP * group, EC_POINT * point, + const BIGNUM * x, const BIGNUM * y, BN_CTX * ctx) +{ + int ret = 0; + if (x == NULL || y == NULL) { + ECerror(ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (!BN_copy(&point->X, x)) + goto err; + BN_set_negative(&point->X, 0); + if (!BN_copy(&point->Y, y)) + goto err; + BN_set_negative(&point->Y, 0); + if (!BN_copy(&point->Z, BN_value_one())) + goto err; + BN_set_negative(&point->Z, 0); + point->Z_is_one = 1; + ret = 1; + + err: + return ret; +} + + +/* Gets the affine coordinates of an EC_POINT. + * Note that the simple implementation only uses affine coordinates. + */ +int +ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *group, + const EC_POINT *point, BIGNUM *x, BIGNUM *y, BN_CTX *ctx) +{ + int ret = 0; + + if (EC_POINT_is_at_infinity(group, point) > 0) { + ECerror(EC_R_POINT_AT_INFINITY); + return 0; + } + if (BN_cmp(&point->Z, BN_value_one())) { + ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } + if (x != NULL) { + if (!BN_copy(x, &point->X)) + goto err; + BN_set_negative(x, 0); + } + if (y != NULL) { + if (!BN_copy(y, &point->Y)) + goto err; + BN_set_negative(y, 0); + } + ret = 1; + + err: + return ret; +} + +/* Computes a + b and stores the result in r. r could be a or b, a could be b. + * Uses algorithm A.10.2 of IEEE P1363. + */ +int +ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, + const EC_POINT *b, BN_CTX *ctx) +{ + BN_CTX *new_ctx = NULL; + BIGNUM *x0, *y0, *x1, *y1, *x2, *y2, *s, *t; + int ret = 0; + + if (EC_POINT_is_at_infinity(group, a) > 0) { + if (!EC_POINT_copy(r, b)) + return 0; + return 1; + } + if (EC_POINT_is_at_infinity(group, b) > 0) { + if (!EC_POINT_copy(r, a)) + return 0; + return 1; + } + if (ctx == NULL) { + ctx = new_ctx = BN_CTX_new(); + if (ctx == NULL) + return 0; + } + BN_CTX_start(ctx); + if ((x0 = BN_CTX_get(ctx)) == NULL) + goto err; + if ((y0 = BN_CTX_get(ctx)) == NULL) + goto err; + if ((x1 = BN_CTX_get(ctx)) == NULL) + goto err; + if ((y1 = BN_CTX_get(ctx)) == NULL) + goto err; + if ((x2 = BN_CTX_get(ctx)) == NULL) + goto err; + if ((y2 = BN_CTX_get(ctx)) == NULL) + goto err; + if ((s = BN_CTX_get(ctx)) == NULL) + goto err; + if ((t = BN_CTX_get(ctx)) == NULL) + goto err; + + if (a->Z_is_one) { + if (!BN_copy(x0, &a->X)) + goto err; + if (!BN_copy(y0, &a->Y)) + goto err; + } else { + if (!EC_POINT_get_affine_coordinates_GF2m(group, a, x0, y0, ctx)) + goto err; + } + if (b->Z_is_one) { + if (!BN_copy(x1, &b->X)) + goto err; + if (!BN_copy(y1, &b->Y)) + goto err; + } else { + if (!EC_POINT_get_affine_coordinates_GF2m(group, b, x1, y1, ctx)) + goto err; + } + + + if (BN_GF2m_cmp(x0, x1)) { + if (!BN_GF2m_add(t, x0, x1)) + goto err; + if (!BN_GF2m_add(s, y0, y1)) + goto err; + if (!group->meth->field_div(group, s, s, t, ctx)) + goto err; + if (!group->meth->field_sqr(group, x2, s, ctx)) + goto err; + if (!BN_GF2m_add(x2, x2, &group->a)) + goto err; + if (!BN_GF2m_add(x2, x2, s)) + goto err; + if (!BN_GF2m_add(x2, x2, t)) + goto err; + } else { + if (BN_GF2m_cmp(y0, y1) || BN_is_zero(x1)) { + if (!EC_POINT_set_to_infinity(group, r)) + goto err; + ret = 1; + goto err; + } + if (!group->meth->field_div(group, s, y1, x1, ctx)) + goto err; + if (!BN_GF2m_add(s, s, x1)) + goto err; + + if (!group->meth->field_sqr(group, x2, s, ctx)) + goto err; + if (!BN_GF2m_add(x2, x2, s)) + goto err; + if (!BN_GF2m_add(x2, x2, &group->a)) + goto err; + } + + if (!BN_GF2m_add(y2, x1, x2)) + goto err; + if (!group->meth->field_mul(group, y2, y2, s, ctx)) + goto err; + if (!BN_GF2m_add(y2, y2, x2)) + goto err; + if (!BN_GF2m_add(y2, y2, y1)) + goto err; + + if (!EC_POINT_set_affine_coordinates_GF2m(group, r, x2, y2, ctx)) + goto err; + + ret = 1; + + err: + BN_CTX_end(ctx); + BN_CTX_free(new_ctx); + return ret; +} + + +/* Computes 2 * a and stores the result in r. r could be a. + * Uses algorithm A.10.2 of IEEE P1363. + */ +int +ec_GF2m_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, + BN_CTX *ctx) +{ + return ec_GF2m_simple_add(group, r, a, a, ctx); +} + +int +ec_GF2m_simple_invert(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx) +{ + if (EC_POINT_is_at_infinity(group, point) > 0 || BN_is_zero(&point->Y)) + /* point is its own inverse */ + return 1; + + if (!EC_POINT_make_affine(group, point, ctx)) + return 0; + return BN_GF2m_add(&point->Y, &point->X, &point->Y); +} + + +/* Indicates whether the given point is the point at infinity. */ +int +ec_GF2m_simple_is_at_infinity(const EC_GROUP *group, const EC_POINT *point) +{ + return BN_is_zero(&point->Z); +} + + +/* Determines whether the given EC_POINT is an actual point on the curve defined + * in the EC_GROUP. A point is valid if it satisfies the Weierstrass equation: + * y^2 + x*y = x^3 + a*x^2 + b. + */ +int +ec_GF2m_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx) +{ + int ret = -1; + BN_CTX *new_ctx = NULL; + BIGNUM *lh, *y2; + int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); + int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); + + if (EC_POINT_is_at_infinity(group, point) > 0) + return 1; + + field_mul = group->meth->field_mul; + field_sqr = group->meth->field_sqr; + + /* only support affine coordinates */ + if (!point->Z_is_one) + return -1; + + if (ctx == NULL) { + ctx = new_ctx = BN_CTX_new(); + if (ctx == NULL) + return -1; + } + BN_CTX_start(ctx); + if ((y2 = BN_CTX_get(ctx)) == NULL) + goto err; + if ((lh = BN_CTX_get(ctx)) == NULL) + goto err; + + /* + * We have a curve defined by a Weierstrass equation y^2 + x*y = x^3 + * + a*x^2 + b. <=> x^3 + a*x^2 + x*y + b + y^2 = 0 <=> ((x + a) * x + * + y ) * x + b + y^2 = 0 + */ + if (!BN_GF2m_add(lh, &point->X, &group->a)) + goto err; + if (!field_mul(group, lh, lh, &point->X, ctx)) + goto err; + if (!BN_GF2m_add(lh, lh, &point->Y)) + goto err; + if (!field_mul(group, lh, lh, &point->X, ctx)) + goto err; + if (!BN_GF2m_add(lh, lh, &group->b)) + goto err; + if (!field_sqr(group, y2, &point->Y, ctx)) + goto err; + if (!BN_GF2m_add(lh, lh, y2)) + goto err; + ret = BN_is_zero(lh); + err: + if (ctx) + BN_CTX_end(ctx); + BN_CTX_free(new_ctx); + return ret; +} + + +/* Indicates whether two points are equal. + * Return values: + * -1 error + * 0 equal (in affine coordinates) + * 1 not equal + */ +int +ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a, + const EC_POINT *b, BN_CTX *ctx) +{ + BIGNUM *aX, *aY, *bX, *bY; + BN_CTX *new_ctx = NULL; + int ret = -1; + + if (EC_POINT_is_at_infinity(group, a) > 0) { + return EC_POINT_is_at_infinity(group, b) > 0 ? 0 : 1; + } + if (EC_POINT_is_at_infinity(group, b) > 0) + return 1; + + if (a->Z_is_one && b->Z_is_one) { + return ((BN_cmp(&a->X, &b->X) == 0) && BN_cmp(&a->Y, &b->Y) == 0) ? 0 : 1; + } + if (ctx == NULL) { + ctx = new_ctx = BN_CTX_new(); + if (ctx == NULL) + return -1; + } + BN_CTX_start(ctx); + if ((aX = BN_CTX_get(ctx)) == NULL) + goto err; + if ((aY = BN_CTX_get(ctx)) == NULL) + goto err; + if ((bX = BN_CTX_get(ctx)) == NULL) + goto err; + if ((bY = BN_CTX_get(ctx)) == NULL) + goto err; + + if (!EC_POINT_get_affine_coordinates_GF2m(group, a, aX, aY, ctx)) + goto err; + if (!EC_POINT_get_affine_coordinates_GF2m(group, b, bX, bY, ctx)) + goto err; + ret = ((BN_cmp(aX, bX) == 0) && BN_cmp(aY, bY) == 0) ? 0 : 1; + + err: + if (ctx) + BN_CTX_end(ctx); + BN_CTX_free(new_ctx); + return ret; +} + + +/* Forces the given EC_POINT to internally use affine coordinates. */ +int +ec_GF2m_simple_make_affine(const EC_GROUP * group, EC_POINT * point, BN_CTX * ctx) +{ + BN_CTX *new_ctx = NULL; + BIGNUM *x, *y; + int ret = 0; + + if (point->Z_is_one || EC_POINT_is_at_infinity(group, point) > 0) + return 1; + + if (ctx == NULL) { + ctx = new_ctx = BN_CTX_new(); + if (ctx == NULL) + return 0; + } + BN_CTX_start(ctx); + if ((x = BN_CTX_get(ctx)) == NULL) + goto err; + if ((y = BN_CTX_get(ctx)) == NULL) + goto err; + + if (!EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx)) + goto err; + if (!BN_copy(&point->X, x)) + goto err; + if (!BN_copy(&point->Y, y)) + goto err; + if (!BN_one(&point->Z)) + goto err; + + ret = 1; + + err: + if (ctx) + BN_CTX_end(ctx); + BN_CTX_free(new_ctx); + return ret; +} + + +/* Forces each of the EC_POINTs in the given array to use affine coordinates. */ +int +ec_GF2m_simple_points_make_affine(const EC_GROUP *group, size_t num, + EC_POINT *points[], BN_CTX *ctx) +{ + size_t i; + + for (i = 0; i < num; i++) { + if (!group->meth->make_affine(group, points[i], ctx)) + return 0; + } + + return 1; +} + + +/* Wrapper to simple binary polynomial field multiplication implementation. */ +int +ec_GF2m_simple_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx) +{ + return BN_GF2m_mod_mul_arr(r, a, b, group->poly, ctx); +} + + +/* Wrapper to simple binary polynomial field squaring implementation. */ +int +ec_GF2m_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, + BN_CTX *ctx) +{ + return BN_GF2m_mod_sqr_arr(r, a, group->poly, ctx); +} + + +/* Wrapper to simple binary polynomial field division implementation. */ +int +ec_GF2m_simple_field_div(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx) +{ + return BN_GF2m_mod_div(r, a, b, &group->field, ctx); +} + +#endif diff --git a/src/lib/libcrypto/ec/ec_ameth.c b/src/lib/libcrypto/ec/ec_ameth.c new file mode 100644 index 00000000000..3f5d008bd6f --- /dev/null +++ b/src/lib/libcrypto/ec/ec_ameth.c @@ -0,0 +1,625 @@ +/* $OpenBSD: ec_ameth.c,v 1.25 2018/08/24 20:22:15 tb Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2006. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include + +#include + +#include +#include +#include +#include + + +#include "asn1_locl.h" + +static int +eckey_param2type(int *pptype, void **ppval, EC_KEY * ec_key) +{ + const EC_GROUP *group; + int nid; + if (ec_key == NULL || (group = EC_KEY_get0_group(ec_key)) == NULL) { + ECerror(EC_R_MISSING_PARAMETERS); + return 0; + } + if (EC_GROUP_get_asn1_flag(group) && + (nid = EC_GROUP_get_curve_name(group))) { + /* we have a 'named curve' => just set the OID */ + *ppval = OBJ_nid2obj(nid); + *pptype = V_ASN1_OBJECT; + } else { + /* explicit parameters */ + ASN1_STRING *pstr = NULL; + pstr = ASN1_STRING_new(); + if (!pstr) + return 0; + pstr->length = i2d_ECParameters(ec_key, &pstr->data); + if (pstr->length <= 0) { + ASN1_STRING_free(pstr); + ECerror(ERR_R_EC_LIB); + return 0; + } + *ppval = pstr; + *pptype = V_ASN1_SEQUENCE; + } + return 1; +} + +static int +eckey_pub_encode(X509_PUBKEY * pk, const EVP_PKEY * pkey) +{ + EC_KEY *ec_key = pkey->pkey.ec; + void *pval = NULL; + int ptype; + unsigned char *penc = NULL, *p; + int penclen; + + if (!eckey_param2type(&ptype, &pval, ec_key)) { + ECerror(ERR_R_EC_LIB); + return 0; + } + penclen = i2o_ECPublicKey(ec_key, NULL); + if (penclen <= 0) + goto err; + penc = malloc(penclen); + if (!penc) + goto err; + p = penc; + penclen = i2o_ECPublicKey(ec_key, &p); + if (penclen <= 0) + goto err; + if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_EC), + ptype, pval, penc, penclen)) + return 1; + err: + if (ptype == V_ASN1_OBJECT) + ASN1_OBJECT_free(pval); + else + ASN1_STRING_free(pval); + free(penc); + return 0; +} + +static EC_KEY * +eckey_type2param(int ptype, const void *pval) +{ + EC_KEY *eckey = NULL; + + if (ptype == V_ASN1_SEQUENCE) { + const ASN1_STRING *pstr = pval; + const unsigned char *pm = NULL; + int pmlen; + + pm = pstr->data; + pmlen = pstr->length; + if (!(eckey = d2i_ECParameters(NULL, &pm, pmlen))) { + ECerror(EC_R_DECODE_ERROR); + goto ecerr; + } + } else if (ptype == V_ASN1_OBJECT) { + const ASN1_OBJECT *poid = pval; + EC_GROUP *group; + + /* + * type == V_ASN1_OBJECT => the parameters are given by an + * asn1 OID + */ + if ((eckey = EC_KEY_new()) == NULL) { + ECerror(ERR_R_MALLOC_FAILURE); + goto ecerr; + } + group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(poid)); + if (group == NULL) + goto ecerr; + EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); + if (EC_KEY_set_group(eckey, group) == 0) + goto ecerr; + EC_GROUP_free(group); + } else { + ECerror(EC_R_DECODE_ERROR); + goto ecerr; + } + + return eckey; + + ecerr: + if (eckey) + EC_KEY_free(eckey); + return NULL; +} + +static int +eckey_pub_decode(EVP_PKEY * pkey, X509_PUBKEY * pubkey) +{ + const unsigned char *p = NULL; + const void *pval; + int ptype, pklen; + EC_KEY *eckey = NULL; + X509_ALGOR *palg; + + if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey)) + return 0; + X509_ALGOR_get0(NULL, &ptype, &pval, palg); + + eckey = eckey_type2param(ptype, pval); + + if (!eckey) { + ECerror(ERR_R_EC_LIB); + return 0; + } + /* We have parameters now set public key */ + if (!o2i_ECPublicKey(&eckey, &p, pklen)) { + ECerror(EC_R_DECODE_ERROR); + goto ecerr; + } + EVP_PKEY_assign_EC_KEY(pkey, eckey); + return 1; + + ecerr: + if (eckey) + EC_KEY_free(eckey); + return 0; +} + +static int +eckey_pub_cmp(const EVP_PKEY * a, const EVP_PKEY * b) +{ + int r; + const EC_GROUP *group = EC_KEY_get0_group(b->pkey.ec); + const EC_POINT *pa = EC_KEY_get0_public_key(a->pkey.ec), *pb = EC_KEY_get0_public_key(b->pkey.ec); + + r = EC_POINT_cmp(group, pa, pb, NULL); + if (r == 0) + return 1; + if (r == 1) + return 0; + return -2; +} + +static int +eckey_priv_decode(EVP_PKEY * pkey, const PKCS8_PRIV_KEY_INFO * p8) +{ + const unsigned char *p = NULL; + const void *pval; + int ptype, pklen; + EC_KEY *eckey = NULL; + const X509_ALGOR *palg; + + if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8)) + return 0; + X509_ALGOR_get0(NULL, &ptype, &pval, palg); + + eckey = eckey_type2param(ptype, pval); + + if (!eckey) + goto ecliberr; + + /* We have parameters now set private key */ + if (!d2i_ECPrivateKey(&eckey, &p, pklen)) { + ECerror(EC_R_DECODE_ERROR); + goto ecerr; + } + /* calculate public key (if necessary) */ + if (EC_KEY_get0_public_key(eckey) == NULL) { + const BIGNUM *priv_key; + const EC_GROUP *group; + EC_POINT *pub_key; + /* + * the public key was not included in the SEC1 private key => + * calculate the public key + */ + group = EC_KEY_get0_group(eckey); + pub_key = EC_POINT_new(group); + if (pub_key == NULL) { + ECerror(ERR_R_EC_LIB); + goto ecliberr; + } + if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group))) { + EC_POINT_free(pub_key); + ECerror(ERR_R_EC_LIB); + goto ecliberr; + } + priv_key = EC_KEY_get0_private_key(eckey); + if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, NULL)) { + EC_POINT_free(pub_key); + ECerror(ERR_R_EC_LIB); + goto ecliberr; + } + if (EC_KEY_set_public_key(eckey, pub_key) == 0) { + EC_POINT_free(pub_key); + ECerror(ERR_R_EC_LIB); + goto ecliberr; + } + EC_POINT_free(pub_key); + } + EVP_PKEY_assign_EC_KEY(pkey, eckey); + return 1; + + ecliberr: + ECerror(ERR_R_EC_LIB); + ecerr: + if (eckey) + EC_KEY_free(eckey); + return 0; +} + +static int +eckey_priv_encode(PKCS8_PRIV_KEY_INFO * p8, const EVP_PKEY * pkey) +{ + EC_KEY *ec_key; + unsigned char *ep, *p; + int eplen, ptype; + void *pval; + unsigned int tmp_flags, old_flags; + + ec_key = pkey->pkey.ec; + + if (!eckey_param2type(&ptype, &pval, ec_key)) { + ECerror(EC_R_DECODE_ERROR); + return 0; + } + /* set the private key */ + + /* + * do not include the parameters in the SEC1 private key see PKCS#11 + * 12.11 + */ + old_flags = EC_KEY_get_enc_flags(ec_key); + tmp_flags = old_flags | EC_PKEY_NO_PARAMETERS; + EC_KEY_set_enc_flags(ec_key, tmp_flags); + eplen = i2d_ECPrivateKey(ec_key, NULL); + if (!eplen) { + EC_KEY_set_enc_flags(ec_key, old_flags); + ECerror(ERR_R_EC_LIB); + return 0; + } + ep = malloc(eplen); + if (!ep) { + EC_KEY_set_enc_flags(ec_key, old_flags); + ECerror(ERR_R_MALLOC_FAILURE); + return 0; + } + p = ep; + if (!i2d_ECPrivateKey(ec_key, &p)) { + EC_KEY_set_enc_flags(ec_key, old_flags); + free(ep); + ECerror(ERR_R_EC_LIB); + return 0; + } + /* restore old encoding flags */ + EC_KEY_set_enc_flags(ec_key, old_flags); + + if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_X9_62_id_ecPublicKey), 0, + ptype, pval, ep, eplen)) + return 0; + + return 1; +} + +static int +int_ec_size(const EVP_PKEY * pkey) +{ + return ECDSA_size(pkey->pkey.ec); +} + +static int +ec_bits(const EVP_PKEY * pkey) +{ + BIGNUM *order = BN_new(); + const EC_GROUP *group; + int ret; + + if (!order) { + ERR_clear_error(); + return 0; + } + group = EC_KEY_get0_group(pkey->pkey.ec); + if (!EC_GROUP_get_order(group, order, NULL)) { + BN_free(order); + ERR_clear_error(); + return 0; + } + ret = BN_num_bits(order); + BN_free(order); + return ret; +} + +static int +ec_missing_parameters(const EVP_PKEY * pkey) +{ + if (EC_KEY_get0_group(pkey->pkey.ec) == NULL) + return 1; + return 0; +} + +static int +ec_copy_parameters(EVP_PKEY * to, const EVP_PKEY * from) +{ + return EC_KEY_set_group(to->pkey.ec, EC_KEY_get0_group(from->pkey.ec)); +} + +static int +ec_cmp_parameters(const EVP_PKEY * a, const EVP_PKEY * b) +{ + const EC_GROUP *group_a = EC_KEY_get0_group(a->pkey.ec), *group_b = EC_KEY_get0_group(b->pkey.ec); + if (EC_GROUP_cmp(group_a, group_b, NULL)) + return 0; + else + return 1; +} + +static void +int_ec_free(EVP_PKEY * pkey) +{ + EC_KEY_free(pkey->pkey.ec); +} + +static int +do_EC_KEY_print(BIO * bp, const EC_KEY * x, int off, int ktype) +{ + unsigned char *buffer = NULL; + const char *ecstr; + size_t buf_len = 0, i; + int ret = 0, reason = ERR_R_BIO_LIB; + BIGNUM *pub_key = NULL, *order = NULL; + BN_CTX *ctx = NULL; + const EC_GROUP *group; + const EC_POINT *public_key; + const BIGNUM *priv_key; + + if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL) { + reason = ERR_R_PASSED_NULL_PARAMETER; + goto err; + } + ctx = BN_CTX_new(); + if (ctx == NULL) { + reason = ERR_R_MALLOC_FAILURE; + goto err; + } + if (ktype > 0) { + public_key = EC_KEY_get0_public_key(x); + if (public_key != NULL) { + if ((pub_key = EC_POINT_point2bn(group, public_key, + EC_KEY_get_conv_form(x), NULL, ctx)) == NULL) { + reason = ERR_R_EC_LIB; + goto err; + } + if (pub_key) + buf_len = (size_t) BN_num_bytes(pub_key); + } + } + if (ktype == 2) { + priv_key = EC_KEY_get0_private_key(x); + if (priv_key && (i = (size_t) BN_num_bytes(priv_key)) > buf_len) + buf_len = i; + } else + priv_key = NULL; + + if (ktype > 0) { + buf_len += 10; + if ((buffer = malloc(buf_len)) == NULL) { + reason = ERR_R_MALLOC_FAILURE; + goto err; + } + } + if (ktype == 2) + ecstr = "Private-Key"; + else if (ktype == 1) + ecstr = "Public-Key"; + else + ecstr = "ECDSA-Parameters"; + + if (!BIO_indent(bp, off, 128)) + goto err; + if ((order = BN_new()) == NULL) + goto err; + if (!EC_GROUP_get_order(group, order, NULL)) + goto err; + if (BIO_printf(bp, "%s: (%d bit)\n", ecstr, + BN_num_bits(order)) <= 0) + goto err; + + if ((priv_key != NULL) && !ASN1_bn_print(bp, "priv:", priv_key, + buffer, off)) + goto err; + if ((pub_key != NULL) && !ASN1_bn_print(bp, "pub: ", pub_key, + buffer, off)) + goto err; + if (!ECPKParameters_print(bp, group, off)) + goto err; + ret = 1; + err: + if (!ret) + ECerror(reason); + BN_free(pub_key); + BN_free(order); + BN_CTX_free(ctx); + free(buffer); + return (ret); +} + +static int +eckey_param_decode(EVP_PKEY * pkey, + const unsigned char **pder, int derlen) +{ + EC_KEY *eckey; + if (!(eckey = d2i_ECParameters(NULL, pder, derlen))) { + ECerror(ERR_R_EC_LIB); + return 0; + } + EVP_PKEY_assign_EC_KEY(pkey, eckey); + return 1; +} + +static int +eckey_param_encode(const EVP_PKEY * pkey, unsigned char **pder) +{ + return i2d_ECParameters(pkey->pkey.ec, pder); +} + +static int +eckey_param_print(BIO * bp, const EVP_PKEY * pkey, int indent, + ASN1_PCTX * ctx) +{ + return do_EC_KEY_print(bp, pkey->pkey.ec, indent, 0); +} + +static int +eckey_pub_print(BIO * bp, const EVP_PKEY * pkey, int indent, + ASN1_PCTX * ctx) +{ + return do_EC_KEY_print(bp, pkey->pkey.ec, indent, 1); +} + + +static int +eckey_priv_print(BIO * bp, const EVP_PKEY * pkey, int indent, + ASN1_PCTX * ctx) +{ + return do_EC_KEY_print(bp, pkey->pkey.ec, indent, 2); +} + +static int +old_ec_priv_decode(EVP_PKEY * pkey, + const unsigned char **pder, int derlen) +{ + EC_KEY *ec; + if (!(ec = d2i_ECPrivateKey(NULL, pder, derlen))) { + ECerror(EC_R_DECODE_ERROR); + return 0; + } + EVP_PKEY_assign_EC_KEY(pkey, ec); + return 1; +} + +static int +old_ec_priv_encode(const EVP_PKEY * pkey, unsigned char **pder) +{ + return i2d_ECPrivateKey(pkey->pkey.ec, pder); +} + +static int +ec_pkey_ctrl(EVP_PKEY * pkey, int op, long arg1, void *arg2) +{ + switch (op) { + case ASN1_PKEY_CTRL_PKCS7_SIGN: + if (arg1 == 0) { + int snid, hnid; + X509_ALGOR *alg1, *alg2; + PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2); + if (alg1 == NULL || alg1->algorithm == NULL) + return -1; + hnid = OBJ_obj2nid(alg1->algorithm); + if (hnid == NID_undef) + return -1; + if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey))) + return -1; + X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0); + } + return 1; + + case ASN1_PKEY_CTRL_DEFAULT_MD_NID: + *(int *) arg2 = NID_sha1; + return 2; + + default: + return -2; + + } + +} + +const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = { + .pkey_id = EVP_PKEY_EC, + .pkey_base_id = EVP_PKEY_EC, + + .pem_str = "EC", + .info = "OpenSSL EC algorithm", + + .pub_decode = eckey_pub_decode, + .pub_encode = eckey_pub_encode, + .pub_cmp = eckey_pub_cmp, + .pub_print = eckey_pub_print, + + .priv_decode = eckey_priv_decode, + .priv_encode = eckey_priv_encode, + .priv_print = eckey_priv_print, + + .pkey_size = int_ec_size, + .pkey_bits = ec_bits, + + .param_decode = eckey_param_decode, + .param_encode = eckey_param_encode, + .param_missing = ec_missing_parameters, + .param_copy = ec_copy_parameters, + .param_cmp = ec_cmp_parameters, + .param_print = eckey_param_print, + + .pkey_free = int_ec_free, + .pkey_ctrl = ec_pkey_ctrl, + .old_priv_decode = old_ec_priv_decode, + .old_priv_encode = old_ec_priv_encode +}; + +#if !defined(OPENSSL_NO_SM2) +const EVP_PKEY_ASN1_METHOD sm2_asn1_meth = { + .pkey_id = EVP_PKEY_SM2, + .pkey_base_id = EVP_PKEY_EC, + .pkey_flags = ASN1_PKEY_ALIAS +}; +#endif diff --git a/src/lib/libcrypto/ec/ec_asn1.c b/src/lib/libcrypto/ec/ec_asn1.c new file mode 100644 index 00000000000..f69dd023de9 --- /dev/null +++ b/src/lib/libcrypto/ec/ec_asn1.c @@ -0,0 +1,1623 @@ +/* $OpenBSD: ec_asn1.c,v 1.31 2018/09/01 16:23:15 tb Exp $ */ +/* + * Written by Nils Larsch for the OpenSSL project. + */ +/* ==================================================================== + * Copyright (c) 2000-2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include + +#include + +#include "ec_lcl.h" +#include +#include +#include + +int +EC_GROUP_get_basis_type(const EC_GROUP * group) +{ + int i = 0; + + if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) != + NID_X9_62_characteristic_two_field) + /* everything else is currently not supported */ + return 0; + + while (group->poly[i] != 0) + i++; + + if (i == 4) + return NID_X9_62_ppBasis; + else if (i == 2) + return NID_X9_62_tpBasis; + else + /* everything else is currently not supported */ + return 0; +} + +#ifndef OPENSSL_NO_EC2M +int +EC_GROUP_get_trinomial_basis(const EC_GROUP * group, unsigned int *k) +{ + if (group == NULL) + return 0; + + if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) != + NID_X9_62_characteristic_two_field + || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] == 0))) { + ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } + if (k) + *k = group->poly[1]; + + return 1; +} + +int +EC_GROUP_get_pentanomial_basis(const EC_GROUP * group, unsigned int *k1, + unsigned int *k2, unsigned int *k3) +{ + if (group == NULL) + return 0; + + if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) != + NID_X9_62_characteristic_two_field + || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] != 0) && (group->poly[3] != 0) && (group->poly[4] == 0))) { + ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } + if (k1) + *k1 = group->poly[3]; + if (k2) + *k2 = group->poly[2]; + if (k3) + *k3 = group->poly[1]; + + return 1; +} +#endif + +/* some structures needed for the asn1 encoding */ +typedef struct x9_62_pentanomial_st { + long k1; + long k2; + long k3; +} X9_62_PENTANOMIAL; + +typedef struct x9_62_characteristic_two_st { + long m; + ASN1_OBJECT *type; + union { + char *ptr; + /* NID_X9_62_onBasis */ + ASN1_NULL *onBasis; + /* NID_X9_62_tpBasis */ + ASN1_INTEGER *tpBasis; + /* NID_X9_62_ppBasis */ + X9_62_PENTANOMIAL *ppBasis; + /* anything else */ + ASN1_TYPE *other; + } p; +} X9_62_CHARACTERISTIC_TWO; + +typedef struct x9_62_fieldid_st { + ASN1_OBJECT *fieldType; + union { + char *ptr; + /* NID_X9_62_prime_field */ + ASN1_INTEGER *prime; + /* NID_X9_62_characteristic_two_field */ + X9_62_CHARACTERISTIC_TWO *char_two; + /* anything else */ + ASN1_TYPE *other; + } p; +} X9_62_FIELDID; + +typedef struct x9_62_curve_st { + ASN1_OCTET_STRING *a; + ASN1_OCTET_STRING *b; + ASN1_BIT_STRING *seed; +} X9_62_CURVE; + +typedef struct ec_parameters_st { + long version; + X9_62_FIELDID *fieldID; + X9_62_CURVE *curve; + ASN1_OCTET_STRING *base; + ASN1_INTEGER *order; + ASN1_INTEGER *cofactor; +} ECPARAMETERS; + +struct ecpk_parameters_st { + int type; + union { + ASN1_OBJECT *named_curve; + ECPARAMETERS *parameters; + ASN1_NULL *implicitlyCA; + } value; +} /* ECPKPARAMETERS */ ; + +/* SEC1 ECPrivateKey */ +typedef struct ec_privatekey_st { + long version; + ASN1_OCTET_STRING *privateKey; + ECPKPARAMETERS *parameters; + ASN1_BIT_STRING *publicKey; +} EC_PRIVATEKEY; + +/* the OpenSSL ASN.1 definitions */ +static const ASN1_TEMPLATE X9_62_PENTANOMIAL_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(X9_62_PENTANOMIAL, k1), + .field_name = "k1", + .item = &LONG_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(X9_62_PENTANOMIAL, k2), + .field_name = "k2", + .item = &LONG_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(X9_62_PENTANOMIAL, k3), + .field_name = "k3", + .item = &LONG_it, + }, +}; + +const ASN1_ITEM X9_62_PENTANOMIAL_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = X9_62_PENTANOMIAL_seq_tt, + .tcount = sizeof(X9_62_PENTANOMIAL_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(X9_62_PENTANOMIAL), + .sname = "X9_62_PENTANOMIAL", +}; + +X9_62_PENTANOMIAL *X9_62_PENTANOMIAL_new(void); +void X9_62_PENTANOMIAL_free(X9_62_PENTANOMIAL *a); + +X9_62_PENTANOMIAL * +X9_62_PENTANOMIAL_new(void) +{ + return (X9_62_PENTANOMIAL*)ASN1_item_new(&X9_62_PENTANOMIAL_it); +} + +void +X9_62_PENTANOMIAL_free(X9_62_PENTANOMIAL *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &X9_62_PENTANOMIAL_it); +} + +static const ASN1_TEMPLATE char_two_def_tt = { + .flags = 0, + .tag = 0, + .offset = offsetof(X9_62_CHARACTERISTIC_TWO, p.other), + .field_name = "p.other", + .item = &ASN1_ANY_it, +}; + +static const ASN1_ADB_TABLE X9_62_CHARACTERISTIC_TWO_adbtbl[] = { + { + .value = NID_X9_62_onBasis, + .tt = { + .flags = 0, + .tag = 0, + .offset = offsetof(X9_62_CHARACTERISTIC_TWO, p.onBasis), + .field_name = "p.onBasis", + .item = &ASN1_NULL_it, + }, + + }, + { + .value = NID_X9_62_tpBasis, + .tt = { + .flags = 0, + .tag = 0, + .offset = offsetof(X9_62_CHARACTERISTIC_TWO, p.tpBasis), + .field_name = "p.tpBasis", + .item = &ASN1_INTEGER_it, + }, + + }, + { + .value = NID_X9_62_ppBasis, + .tt = { + .flags = 0, + .tag = 0, + .offset = offsetof(X9_62_CHARACTERISTIC_TWO, p.ppBasis), + .field_name = "p.ppBasis", + .item = &X9_62_PENTANOMIAL_it, + }, + + }, +}; + +static const ASN1_ADB X9_62_CHARACTERISTIC_TWO_adb = { + .flags = 0, + .offset = offsetof(X9_62_CHARACTERISTIC_TWO, type), + .app_items = 0, + .tbl = X9_62_CHARACTERISTIC_TWO_adbtbl, + .tblcount = sizeof(X9_62_CHARACTERISTIC_TWO_adbtbl) / sizeof(ASN1_ADB_TABLE), + .default_tt = &char_two_def_tt, + .null_tt = NULL, +}; + +static const ASN1_TEMPLATE X9_62_CHARACTERISTIC_TWO_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(X9_62_CHARACTERISTIC_TWO, m), + .field_name = "m", + .item = &LONG_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(X9_62_CHARACTERISTIC_TWO, type), + .field_name = "type", + .item = &ASN1_OBJECT_it, + }, + { + .flags = ASN1_TFLG_ADB_OID, + .tag = -1, + .offset = 0, + .field_name = "X9_62_CHARACTERISTIC_TWO", + .item = (const ASN1_ITEM *)&X9_62_CHARACTERISTIC_TWO_adb, + }, +}; + +const ASN1_ITEM X9_62_CHARACTERISTIC_TWO_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = X9_62_CHARACTERISTIC_TWO_seq_tt, + .tcount = sizeof(X9_62_CHARACTERISTIC_TWO_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(X9_62_CHARACTERISTIC_TWO), + .sname = "X9_62_CHARACTERISTIC_TWO", +}; + +X9_62_CHARACTERISTIC_TWO *X9_62_CHARACTERISTIC_TWO_new(void); +void X9_62_CHARACTERISTIC_TWO_free(X9_62_CHARACTERISTIC_TWO *a); + +X9_62_CHARACTERISTIC_TWO * +X9_62_CHARACTERISTIC_TWO_new(void) +{ + return (X9_62_CHARACTERISTIC_TWO*)ASN1_item_new(&X9_62_CHARACTERISTIC_TWO_it); +} + +void +X9_62_CHARACTERISTIC_TWO_free(X9_62_CHARACTERISTIC_TWO *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &X9_62_CHARACTERISTIC_TWO_it); +} + +static const ASN1_TEMPLATE fieldID_def_tt = { + .flags = 0, + .tag = 0, + .offset = offsetof(X9_62_FIELDID, p.other), + .field_name = "p.other", + .item = &ASN1_ANY_it, +}; + +static const ASN1_ADB_TABLE X9_62_FIELDID_adbtbl[] = { + { + .value = NID_X9_62_prime_field, + .tt = { + .flags = 0, + .tag = 0, + .offset = offsetof(X9_62_FIELDID, p.prime), + .field_name = "p.prime", + .item = &ASN1_INTEGER_it, + }, + + }, + { + .value = NID_X9_62_characteristic_two_field, + .tt = { + .flags = 0, + .tag = 0, + .offset = offsetof(X9_62_FIELDID, p.char_two), + .field_name = "p.char_two", + .item = &X9_62_CHARACTERISTIC_TWO_it, + }, + + }, +}; + +static const ASN1_ADB X9_62_FIELDID_adb = { + .flags = 0, + .offset = offsetof(X9_62_FIELDID, fieldType), + .app_items = 0, + .tbl = X9_62_FIELDID_adbtbl, + .tblcount = sizeof(X9_62_FIELDID_adbtbl) / sizeof(ASN1_ADB_TABLE), + .default_tt = &fieldID_def_tt, + .null_tt = NULL, +}; + +static const ASN1_TEMPLATE X9_62_FIELDID_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(X9_62_FIELDID, fieldType), + .field_name = "fieldType", + .item = &ASN1_OBJECT_it, + }, + { + .flags = ASN1_TFLG_ADB_OID, + .tag = -1, + .offset = 0, + .field_name = "X9_62_FIELDID", + .item = (const ASN1_ITEM *)&X9_62_FIELDID_adb, + }, +}; + +const ASN1_ITEM X9_62_FIELDID_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = X9_62_FIELDID_seq_tt, + .tcount = sizeof(X9_62_FIELDID_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(X9_62_FIELDID), + .sname = "X9_62_FIELDID", +}; + +static const ASN1_TEMPLATE X9_62_CURVE_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(X9_62_CURVE, a), + .field_name = "a", + .item = &ASN1_OCTET_STRING_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(X9_62_CURVE, b), + .field_name = "b", + .item = &ASN1_OCTET_STRING_it, + }, + { + .flags = ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(X9_62_CURVE, seed), + .field_name = "seed", + .item = &ASN1_BIT_STRING_it, + }, +}; + +const ASN1_ITEM X9_62_CURVE_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = X9_62_CURVE_seq_tt, + .tcount = sizeof(X9_62_CURVE_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(X9_62_CURVE), + .sname = "X9_62_CURVE", +}; + +static const ASN1_TEMPLATE ECPARAMETERS_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(ECPARAMETERS, version), + .field_name = "version", + .item = &LONG_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(ECPARAMETERS, fieldID), + .field_name = "fieldID", + .item = &X9_62_FIELDID_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(ECPARAMETERS, curve), + .field_name = "curve", + .item = &X9_62_CURVE_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(ECPARAMETERS, base), + .field_name = "base", + .item = &ASN1_OCTET_STRING_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(ECPARAMETERS, order), + .field_name = "order", + .item = &ASN1_INTEGER_it, + }, + { + .flags = ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(ECPARAMETERS, cofactor), + .field_name = "cofactor", + .item = &ASN1_INTEGER_it, + }, +}; + +const ASN1_ITEM ECPARAMETERS_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = ECPARAMETERS_seq_tt, + .tcount = sizeof(ECPARAMETERS_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(ECPARAMETERS), + .sname = "ECPARAMETERS", +}; + +ECPARAMETERS *ECPARAMETERS_new(void); +void ECPARAMETERS_free(ECPARAMETERS *a); + +ECPARAMETERS * +ECPARAMETERS_new(void) +{ + return (ECPARAMETERS*)ASN1_item_new(&ECPARAMETERS_it); +} + +void +ECPARAMETERS_free(ECPARAMETERS *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &ECPARAMETERS_it); +} + +static const ASN1_TEMPLATE ECPKPARAMETERS_ch_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(ECPKPARAMETERS, value.named_curve), + .field_name = "value.named_curve", + .item = &ASN1_OBJECT_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(ECPKPARAMETERS, value.parameters), + .field_name = "value.parameters", + .item = &ECPARAMETERS_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(ECPKPARAMETERS, value.implicitlyCA), + .field_name = "value.implicitlyCA", + .item = &ASN1_NULL_it, + }, +}; + +const ASN1_ITEM ECPKPARAMETERS_it = { + .itype = ASN1_ITYPE_CHOICE, + .utype = offsetof(ECPKPARAMETERS, type), + .templates = ECPKPARAMETERS_ch_tt, + .tcount = sizeof(ECPKPARAMETERS_ch_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(ECPKPARAMETERS), + .sname = "ECPKPARAMETERS", +}; + +ECPKPARAMETERS *ECPKPARAMETERS_new(void); +void ECPKPARAMETERS_free(ECPKPARAMETERS *a); +ECPKPARAMETERS *d2i_ECPKPARAMETERS(ECPKPARAMETERS **a, const unsigned char **in, long len); +int i2d_ECPKPARAMETERS(const ECPKPARAMETERS *a, unsigned char **out); + +ECPKPARAMETERS * +d2i_ECPKPARAMETERS(ECPKPARAMETERS **a, const unsigned char **in, long len) +{ + return (ECPKPARAMETERS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &ECPKPARAMETERS_it); +} + +int +i2d_ECPKPARAMETERS(const ECPKPARAMETERS *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &ECPKPARAMETERS_it); +} + +ECPKPARAMETERS * +ECPKPARAMETERS_new(void) +{ + return (ECPKPARAMETERS *)ASN1_item_new(&ECPKPARAMETERS_it); +} + +void +ECPKPARAMETERS_free(ECPKPARAMETERS *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &ECPKPARAMETERS_it); +} + +static const ASN1_TEMPLATE EC_PRIVATEKEY_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(EC_PRIVATEKEY, version), + .field_name = "version", + .item = &LONG_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(EC_PRIVATEKEY, privateKey), + .field_name = "privateKey", + .item = &ASN1_OCTET_STRING_it, + }, + { + .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(EC_PRIVATEKEY, parameters), + .field_name = "parameters", + .item = &ECPKPARAMETERS_it, + }, + { + .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL, + .tag = 1, + .offset = offsetof(EC_PRIVATEKEY, publicKey), + .field_name = "publicKey", + .item = &ASN1_BIT_STRING_it, + }, +}; + +const ASN1_ITEM EC_PRIVATEKEY_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = EC_PRIVATEKEY_seq_tt, + .tcount = sizeof(EC_PRIVATEKEY_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(EC_PRIVATEKEY), + .sname = "EC_PRIVATEKEY", +}; + +EC_PRIVATEKEY *EC_PRIVATEKEY_new(void); +void EC_PRIVATEKEY_free(EC_PRIVATEKEY *a); +EC_PRIVATEKEY *d2i_EC_PRIVATEKEY(EC_PRIVATEKEY **a, const unsigned char **in, long len); +int i2d_EC_PRIVATEKEY(const EC_PRIVATEKEY *a, unsigned char **out); + +EC_PRIVATEKEY * +d2i_EC_PRIVATEKEY(EC_PRIVATEKEY **a, const unsigned char **in, long len) +{ + return (EC_PRIVATEKEY *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &EC_PRIVATEKEY_it); +} + +int +i2d_EC_PRIVATEKEY(const EC_PRIVATEKEY *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &EC_PRIVATEKEY_it); +} + +EC_PRIVATEKEY * +EC_PRIVATEKEY_new(void) +{ + return (EC_PRIVATEKEY *)ASN1_item_new(&EC_PRIVATEKEY_it); +} + +void +EC_PRIVATEKEY_free(EC_PRIVATEKEY *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &EC_PRIVATEKEY_it); +} + +/* some declarations of internal function */ + +/* ec_asn1_group2field() sets the values in a X9_62_FIELDID object */ +static int ec_asn1_group2fieldid(const EC_GROUP *, X9_62_FIELDID *); +/* ec_asn1_group2curve() sets the values in a X9_62_CURVE object */ +static int ec_asn1_group2curve(const EC_GROUP *, X9_62_CURVE *); +/* ec_asn1_parameters2group() creates a EC_GROUP object from a + * ECPARAMETERS object */ +static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *); +/* ec_asn1_group2parameters() creates a ECPARAMETERS object from a + * EC_GROUP object */ +static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *, ECPARAMETERS *); +/* ec_asn1_pkparameters2group() creates a EC_GROUP object from a + * ECPKPARAMETERS object */ +static EC_GROUP *ec_asn1_pkparameters2group(const ECPKPARAMETERS *); +/* ec_asn1_group2pkparameters() creates a ECPKPARAMETERS object from a + * EC_GROUP object */ +static ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *, + ECPKPARAMETERS *); + +/* the function definitions */ + +static int +ec_asn1_group2fieldid(const EC_GROUP * group, X9_62_FIELDID * field) +{ + int ok = 0, nid; + BIGNUM *tmp = NULL; + + if (group == NULL || field == NULL) + return 0; + + /* clear the old values (if necessary) */ + if (field->fieldType != NULL) + ASN1_OBJECT_free(field->fieldType); + if (field->p.other != NULL) + ASN1_TYPE_free(field->p.other); + + nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group)); + /* set OID for the field */ + if ((field->fieldType = OBJ_nid2obj(nid)) == NULL) { + ECerror(ERR_R_OBJ_LIB); + goto err; + } + if (nid == NID_X9_62_prime_field) { + if ((tmp = BN_new()) == NULL) { + ECerror(ERR_R_MALLOC_FAILURE); + goto err; + } + /* the parameters are specified by the prime number p */ + if (!EC_GROUP_get_curve_GFp(group, tmp, NULL, NULL, NULL)) { + ECerror(ERR_R_EC_LIB); + goto err; + } + /* set the prime number */ + field->p.prime = BN_to_ASN1_INTEGER(tmp, NULL); + if (field->p.prime == NULL) { + ECerror(ERR_R_ASN1_LIB); + goto err; + } + } else /* nid == NID_X9_62_characteristic_two_field */ +#ifdef OPENSSL_NO_EC2M + { + ECerror(EC_R_GF2M_NOT_SUPPORTED); + goto err; + } +#else + { + int field_type; + X9_62_CHARACTERISTIC_TWO *char_two; + + field->p.char_two = X9_62_CHARACTERISTIC_TWO_new(); + char_two = field->p.char_two; + + if (char_two == NULL) { + ECerror(ERR_R_MALLOC_FAILURE); + goto err; + } + char_two->m = (long) EC_GROUP_get_degree(group); + + field_type = EC_GROUP_get_basis_type(group); + + if (field_type == 0) { + ECerror(ERR_R_EC_LIB); + goto err; + } + /* set base type OID */ + if ((char_two->type = OBJ_nid2obj(field_type)) == NULL) { + ECerror(ERR_R_OBJ_LIB); + goto err; + } + if (field_type == NID_X9_62_tpBasis) { + unsigned int k; + + if (!EC_GROUP_get_trinomial_basis(group, &k)) + goto err; + + char_two->p.tpBasis = ASN1_INTEGER_new(); + if (!char_two->p.tpBasis) { + ECerror(ERR_R_MALLOC_FAILURE); + goto err; + } + if (!ASN1_INTEGER_set(char_two->p.tpBasis, (long) k)) { + ECerror(ERR_R_ASN1_LIB); + goto err; + } + } else if (field_type == NID_X9_62_ppBasis) { + unsigned int k1, k2, k3; + + if (!EC_GROUP_get_pentanomial_basis(group, &k1, &k2, &k3)) + goto err; + + char_two->p.ppBasis = X9_62_PENTANOMIAL_new(); + if (!char_two->p.ppBasis) { + ECerror(ERR_R_MALLOC_FAILURE); + goto err; + } + /* set k? values */ + char_two->p.ppBasis->k1 = (long) k1; + char_two->p.ppBasis->k2 = (long) k2; + char_two->p.ppBasis->k3 = (long) k3; + } else { /* field_type == NID_X9_62_onBasis */ + /* for ONB the parameters are (asn1) NULL */ + char_two->p.onBasis = ASN1_NULL_new(); + if (!char_two->p.onBasis) { + ECerror(ERR_R_MALLOC_FAILURE); + goto err; + } + } + } +#endif + + ok = 1; + + err: + BN_free(tmp); + return (ok); +} + +static int +ec_asn1_group2curve(const EC_GROUP * group, X9_62_CURVE * curve) +{ + int ok = 0, nid; + BIGNUM *tmp_1 = NULL, *tmp_2 = NULL; + unsigned char *buffer_1 = NULL, *buffer_2 = NULL, *a_buf = NULL, + *b_buf = NULL; + size_t len_1, len_2; + unsigned char char_zero = 0; + + if (!group || !curve || !curve->a || !curve->b) + return 0; + + if ((tmp_1 = BN_new()) == NULL || (tmp_2 = BN_new()) == NULL) { + ECerror(ERR_R_MALLOC_FAILURE); + goto err; + } + nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group)); + + /* get a and b */ + if (nid == NID_X9_62_prime_field) { + if (!EC_GROUP_get_curve_GFp(group, NULL, tmp_1, tmp_2, NULL)) { + ECerror(ERR_R_EC_LIB); + goto err; + } + } +#ifndef OPENSSL_NO_EC2M + else { /* nid == NID_X9_62_characteristic_two_field */ + if (!EC_GROUP_get_curve_GF2m(group, NULL, tmp_1, tmp_2, NULL)) { + ECerror(ERR_R_EC_LIB); + goto err; + } + } +#endif + len_1 = (size_t) BN_num_bytes(tmp_1); + len_2 = (size_t) BN_num_bytes(tmp_2); + + if (len_1 == 0) { + /* len_1 == 0 => a == 0 */ + a_buf = &char_zero; + len_1 = 1; + } else { + if ((buffer_1 = malloc(len_1)) == NULL) { + ECerror(ERR_R_MALLOC_FAILURE); + goto err; + } + if ((len_1 = BN_bn2bin(tmp_1, buffer_1)) == 0) { + ECerror(ERR_R_BN_LIB); + goto err; + } + a_buf = buffer_1; + } + + if (len_2 == 0) { + /* len_2 == 0 => b == 0 */ + b_buf = &char_zero; + len_2 = 1; + } else { + if ((buffer_2 = malloc(len_2)) == NULL) { + ECerror(ERR_R_MALLOC_FAILURE); + goto err; + } + if ((len_2 = BN_bn2bin(tmp_2, buffer_2)) == 0) { + ECerror(ERR_R_BN_LIB); + goto err; + } + b_buf = buffer_2; + } + + /* set a and b */ + if (!ASN1_STRING_set(curve->a, a_buf, len_1) || + !ASN1_STRING_set(curve->b, b_buf, len_2)) { + ECerror(ERR_R_ASN1_LIB); + goto err; + } + /* set the seed (optional) */ + if (group->seed) { + if (!curve->seed) + if ((curve->seed = ASN1_BIT_STRING_new()) == NULL) { + ECerror(ERR_R_MALLOC_FAILURE); + goto err; + } + curve->seed->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); + curve->seed->flags |= ASN1_STRING_FLAG_BITS_LEFT; + if (!ASN1_BIT_STRING_set(curve->seed, group->seed, + (int) group->seed_len)) { + ECerror(ERR_R_ASN1_LIB); + goto err; + } + } else { + if (curve->seed) { + ASN1_BIT_STRING_free(curve->seed); + curve->seed = NULL; + } + } + + ok = 1; + + err: + free(buffer_1); + free(buffer_2); + BN_free(tmp_1); + BN_free(tmp_2); + return (ok); +} + +static ECPARAMETERS * +ec_asn1_group2parameters(const EC_GROUP * group, ECPARAMETERS * param) +{ + int ok = 0; + size_t len = 0; + ECPARAMETERS *ret = NULL; + BIGNUM *tmp = NULL; + unsigned char *buffer = NULL; + const EC_POINT *point = NULL; + point_conversion_form_t form; + + if ((tmp = BN_new()) == NULL) { + ECerror(ERR_R_MALLOC_FAILURE); + goto err; + } + if (param == NULL) { + if ((ret = ECPARAMETERS_new()) == NULL) { + ECerror(ERR_R_MALLOC_FAILURE); + goto err; + } + } else + ret = param; + + /* set the version (always one) */ + ret->version = (long) 0x1; + + /* set the fieldID */ + if (!ec_asn1_group2fieldid(group, ret->fieldID)) { + ECerror(ERR_R_EC_LIB); + goto err; + } + /* set the curve */ + if (!ec_asn1_group2curve(group, ret->curve)) { + ECerror(ERR_R_EC_LIB); + goto err; + } + /* set the base point */ + if ((point = EC_GROUP_get0_generator(group)) == NULL) { + ECerror(EC_R_UNDEFINED_GENERATOR); + goto err; + } + form = EC_GROUP_get_point_conversion_form(group); + + len = EC_POINT_point2oct(group, point, form, NULL, len, NULL); + if (len == 0) { + ECerror(ERR_R_EC_LIB); + goto err; + } + if ((buffer = malloc(len)) == NULL) { + ECerror(ERR_R_MALLOC_FAILURE); + goto err; + } + if (!EC_POINT_point2oct(group, point, form, buffer, len, NULL)) { + ECerror(ERR_R_EC_LIB); + goto err; + } + if (ret->base == NULL && (ret->base = ASN1_OCTET_STRING_new()) == NULL) { + ECerror(ERR_R_MALLOC_FAILURE); + goto err; + } + if (!ASN1_OCTET_STRING_set(ret->base, buffer, len)) { + ECerror(ERR_R_ASN1_LIB); + goto err; + } + /* set the order */ + if (!EC_GROUP_get_order(group, tmp, NULL)) { + ECerror(ERR_R_EC_LIB); + goto err; + } + ret->order = BN_to_ASN1_INTEGER(tmp, ret->order); + if (ret->order == NULL) { + ECerror(ERR_R_ASN1_LIB); + goto err; + } + /* set the cofactor (optional) */ + if (EC_GROUP_get_cofactor(group, tmp, NULL)) { + ret->cofactor = BN_to_ASN1_INTEGER(tmp, ret->cofactor); + if (ret->cofactor == NULL) { + ECerror(ERR_R_ASN1_LIB); + goto err; + } + } + ok = 1; + + err: + if (!ok) { + if (ret && !param) + ECPARAMETERS_free(ret); + ret = NULL; + } + BN_free(tmp); + free(buffer); + return (ret); +} + +ECPKPARAMETERS * +ec_asn1_group2pkparameters(const EC_GROUP * group, ECPKPARAMETERS * params) +{ + int ok = 1, tmp; + ECPKPARAMETERS *ret = params; + + if (ret == NULL) { + if ((ret = ECPKPARAMETERS_new()) == NULL) { + ECerror(ERR_R_MALLOC_FAILURE); + return NULL; + } + } else { + if (ret->type == 0 && ret->value.named_curve) + ASN1_OBJECT_free(ret->value.named_curve); + else if (ret->type == 1 && ret->value.parameters) + ECPARAMETERS_free(ret->value.parameters); + } + + if (EC_GROUP_get_asn1_flag(group)) { + /* + * use the asn1 OID to describe the elliptic curve + * parameters + */ + tmp = EC_GROUP_get_curve_name(group); + if (tmp) { + ret->type = 0; + if ((ret->value.named_curve = OBJ_nid2obj(tmp)) == NULL) + ok = 0; + } else + /* we don't kmow the nid => ERROR */ + ok = 0; + } else { + /* use the ECPARAMETERS structure */ + ret->type = 1; + if ((ret->value.parameters = ec_asn1_group2parameters( + group, NULL)) == NULL) + ok = 0; + } + + if (!ok) { + ECPKPARAMETERS_free(ret); + return NULL; + } + return ret; +} + +static EC_GROUP * +ec_asn1_parameters2group(const ECPARAMETERS * params) +{ + int ok = 0, tmp; + EC_GROUP *ret = NULL; + BIGNUM *p = NULL, *a = NULL, *b = NULL; + EC_POINT *point = NULL; + long field_bits; + + if (!params->fieldID || !params->fieldID->fieldType || + !params->fieldID->p.ptr) { + ECerror(EC_R_ASN1_ERROR); + goto err; + } + /* now extract the curve parameters a and b */ + if (!params->curve || !params->curve->a || + !params->curve->a->data || !params->curve->b || + !params->curve->b->data) { + ECerror(EC_R_ASN1_ERROR); + goto err; + } + a = BN_bin2bn(params->curve->a->data, params->curve->a->length, NULL); + if (a == NULL) { + ECerror(ERR_R_BN_LIB); + goto err; + } + b = BN_bin2bn(params->curve->b->data, params->curve->b->length, NULL); + if (b == NULL) { + ECerror(ERR_R_BN_LIB); + goto err; + } + /* get the field parameters */ + tmp = OBJ_obj2nid(params->fieldID->fieldType); + if (tmp == NID_X9_62_characteristic_two_field) +#ifdef OPENSSL_NO_EC2M + { + ECerror(EC_R_GF2M_NOT_SUPPORTED); + goto err; + } +#else + { + X9_62_CHARACTERISTIC_TWO *char_two; + + char_two = params->fieldID->p.char_two; + + field_bits = char_two->m; + if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) { + ECerror(EC_R_FIELD_TOO_LARGE); + goto err; + } + if ((p = BN_new()) == NULL) { + ECerror(ERR_R_MALLOC_FAILURE); + goto err; + } + /* get the base type */ + tmp = OBJ_obj2nid(char_two->type); + + if (tmp == NID_X9_62_tpBasis) { + long tmp_long; + + if (!char_two->p.tpBasis) { + ECerror(EC_R_ASN1_ERROR); + goto err; + } + tmp_long = ASN1_INTEGER_get(char_two->p.tpBasis); + + if (!(char_two->m > tmp_long && tmp_long > 0)) { + ECerror(EC_R_INVALID_TRINOMIAL_BASIS); + goto err; + } + /* create the polynomial */ + if (!BN_set_bit(p, (int) char_two->m)) + goto err; + if (!BN_set_bit(p, (int) tmp_long)) + goto err; + if (!BN_set_bit(p, 0)) + goto err; + } else if (tmp == NID_X9_62_ppBasis) { + X9_62_PENTANOMIAL *penta; + + penta = char_two->p.ppBasis; + if (!penta) { + ECerror(EC_R_ASN1_ERROR); + goto err; + } + if (!(char_two->m > penta->k3 && penta->k3 > penta->k2 && penta->k2 > penta->k1 && penta->k1 > 0)) { + ECerror(EC_R_INVALID_PENTANOMIAL_BASIS); + goto err; + } + /* create the polynomial */ + if (!BN_set_bit(p, (int) char_two->m)) + goto err; + if (!BN_set_bit(p, (int) penta->k1)) + goto err; + if (!BN_set_bit(p, (int) penta->k2)) + goto err; + if (!BN_set_bit(p, (int) penta->k3)) + goto err; + if (!BN_set_bit(p, 0)) + goto err; + } else if (tmp == NID_X9_62_onBasis) { + ECerror(EC_R_NOT_IMPLEMENTED); + goto err; + } else { /* error */ + ECerror(EC_R_ASN1_ERROR); + goto err; + } + + /* create the EC_GROUP structure */ + ret = EC_GROUP_new_curve_GF2m(p, a, b, NULL); + } +#endif + else if (tmp == NID_X9_62_prime_field) { + /* we have a curve over a prime field */ + /* extract the prime number */ + if (!params->fieldID->p.prime) { + ECerror(EC_R_ASN1_ERROR); + goto err; + } + p = ASN1_INTEGER_to_BN(params->fieldID->p.prime, NULL); + if (p == NULL) { + ECerror(ERR_R_ASN1_LIB); + goto err; + } + if (BN_is_negative(p) || BN_is_zero(p)) { + ECerror(EC_R_INVALID_FIELD); + goto err; + } + field_bits = BN_num_bits(p); + if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) { + ECerror(EC_R_FIELD_TOO_LARGE); + goto err; + } + /* create the EC_GROUP structure */ + ret = EC_GROUP_new_curve_GFp(p, a, b, NULL); + } else { + ECerror(EC_R_INVALID_FIELD); + goto err; + } + + if (ret == NULL) { + ECerror(ERR_R_EC_LIB); + goto err; + } + /* extract seed (optional) */ + if (params->curve->seed != NULL) { + free(ret->seed); + if (!(ret->seed = malloc(params->curve->seed->length))) { + ECerror(ERR_R_MALLOC_FAILURE); + goto err; + } + memcpy(ret->seed, params->curve->seed->data, + params->curve->seed->length); + ret->seed_len = params->curve->seed->length; + } + if (!params->order || !params->base || !params->base->data) { + ECerror(EC_R_ASN1_ERROR); + goto err; + } + if ((point = EC_POINT_new(ret)) == NULL) + goto err; + + /* set the point conversion form */ + EC_GROUP_set_point_conversion_form(ret, (point_conversion_form_t) + (params->base->data[0] & ~0x01)); + + /* extract the ec point */ + if (!EC_POINT_oct2point(ret, point, params->base->data, + params->base->length, NULL)) { + ECerror(ERR_R_EC_LIB); + goto err; + } + /* extract the order */ + if ((a = ASN1_INTEGER_to_BN(params->order, a)) == NULL) { + ECerror(ERR_R_ASN1_LIB); + goto err; + } + if (BN_is_negative(a) || BN_is_zero(a)) { + ECerror(EC_R_INVALID_GROUP_ORDER); + goto err; + } + if (BN_num_bits(a) > (int) field_bits + 1) { /* Hasse bound */ + ECerror(EC_R_INVALID_GROUP_ORDER); + goto err; + } + /* extract the cofactor (optional) */ + if (params->cofactor == NULL) { + BN_free(b); + b = NULL; + } else if ((b = ASN1_INTEGER_to_BN(params->cofactor, b)) == NULL) { + ECerror(ERR_R_ASN1_LIB); + goto err; + } + /* set the generator, order and cofactor (if present) */ + if (!EC_GROUP_set_generator(ret, point, a, b)) { + ECerror(ERR_R_EC_LIB); + goto err; + } + ok = 1; + + err: + if (!ok) { + EC_GROUP_clear_free(ret); + ret = NULL; + } + BN_free(p); + BN_free(a); + BN_free(b); + EC_POINT_free(point); + return (ret); +} + +EC_GROUP * +ec_asn1_pkparameters2group(const ECPKPARAMETERS * params) +{ + EC_GROUP *ret = NULL; + int tmp = 0; + + if (params == NULL) { + ECerror(EC_R_MISSING_PARAMETERS); + return NULL; + } + if (params->type == 0) {/* the curve is given by an OID */ + tmp = OBJ_obj2nid(params->value.named_curve); + if ((ret = EC_GROUP_new_by_curve_name(tmp)) == NULL) { + ECerror(EC_R_EC_GROUP_NEW_BY_NAME_FAILURE); + return NULL; + } + EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_NAMED_CURVE); + } else if (params->type == 1) { /* the parameters are given by a + * ECPARAMETERS structure */ + ret = ec_asn1_parameters2group(params->value.parameters); + if (!ret) { + ECerror(ERR_R_EC_LIB); + return NULL; + } + EC_GROUP_set_asn1_flag(ret, 0x0); + } else if (params->type == 2) { /* implicitlyCA */ + return NULL; + } else { + ECerror(EC_R_ASN1_ERROR); + return NULL; + } + + return ret; +} + +/* EC_GROUP <-> DER encoding of ECPKPARAMETERS */ + +EC_GROUP * +d2i_ECPKParameters(EC_GROUP ** a, const unsigned char **in, long len) +{ + EC_GROUP *group = NULL; + ECPKPARAMETERS *params = NULL; + + if ((params = d2i_ECPKPARAMETERS(NULL, in, len)) == NULL) { + ECerror(EC_R_D2I_ECPKPARAMETERS_FAILURE); + goto err; + } + if ((group = ec_asn1_pkparameters2group(params)) == NULL) { + ECerror(EC_R_PKPARAMETERS2GROUP_FAILURE); + goto err; + } + + if (a != NULL) { + EC_GROUP_clear_free(*a); + *a = group; + } + + err: + ECPKPARAMETERS_free(params); + return (group); +} + +int +i2d_ECPKParameters(const EC_GROUP * a, unsigned char **out) +{ + int ret = 0; + ECPKPARAMETERS *tmp = ec_asn1_group2pkparameters(a, NULL); + if (tmp == NULL) { + ECerror(EC_R_GROUP2PKPARAMETERS_FAILURE); + return 0; + } + if ((ret = i2d_ECPKPARAMETERS(tmp, out)) == 0) { + ECerror(EC_R_I2D_ECPKPARAMETERS_FAILURE); + ECPKPARAMETERS_free(tmp); + return 0; + } + ECPKPARAMETERS_free(tmp); + return (ret); +} + +/* some EC_KEY functions */ + +EC_KEY * +d2i_ECPrivateKey(EC_KEY ** a, const unsigned char **in, long len) +{ + EC_KEY *ret = NULL; + EC_PRIVATEKEY *priv_key = NULL; + + if ((priv_key = EC_PRIVATEKEY_new()) == NULL) { + ECerror(ERR_R_MALLOC_FAILURE); + return NULL; + } + if ((priv_key = d2i_EC_PRIVATEKEY(&priv_key, in, len)) == NULL) { + ECerror(ERR_R_EC_LIB); + EC_PRIVATEKEY_free(priv_key); + return NULL; + } + if (a == NULL || *a == NULL) { + if ((ret = EC_KEY_new()) == NULL) { + ECerror(ERR_R_MALLOC_FAILURE); + goto err; + } + } else + ret = *a; + + if (priv_key->parameters) { + EC_GROUP_clear_free(ret->group); + ret->group = ec_asn1_pkparameters2group(priv_key->parameters); + } + if (ret->group == NULL) { + ECerror(ERR_R_EC_LIB); + goto err; + } + ret->version = priv_key->version; + + if (priv_key->privateKey) { + ret->priv_key = BN_bin2bn( + ASN1_STRING_data(priv_key->privateKey), + ASN1_STRING_length(priv_key->privateKey), + ret->priv_key); + if (ret->priv_key == NULL) { + ECerror(ERR_R_BN_LIB); + goto err; + } + } else { + ECerror(EC_R_MISSING_PRIVATE_KEY); + goto err; + } + + if (ret->pub_key) + EC_POINT_clear_free(ret->pub_key); + ret->pub_key = EC_POINT_new(ret->group); + if (ret->pub_key == NULL) { + ECerror(ERR_R_EC_LIB); + goto err; + } + + if (priv_key->publicKey) { + const unsigned char *pub_oct; + size_t pub_oct_len; + + pub_oct = ASN1_STRING_data(priv_key->publicKey); + pub_oct_len = ASN1_STRING_length(priv_key->publicKey); + if (pub_oct == NULL || pub_oct_len <= 0) { + ECerror(EC_R_BUFFER_TOO_SMALL); + goto err; + } + + /* save the point conversion form */ + ret->conv_form = (point_conversion_form_t) (pub_oct[0] & ~0x01); + if (!EC_POINT_oct2point(ret->group, ret->pub_key, + pub_oct, pub_oct_len, NULL)) { + ECerror(ERR_R_EC_LIB); + goto err; + } + } else { + if (!EC_POINT_mul(ret->group, ret->pub_key, ret->priv_key, + NULL, NULL, NULL)) { + ECerror(ERR_R_EC_LIB); + goto err; + } + /* Remember the original private-key-only encoding. */ + ret->enc_flag |= EC_PKEY_NO_PUBKEY; + } + + EC_PRIVATEKEY_free(priv_key); + if (a != NULL) + *a = ret; + return (ret); + + err: + if (a == NULL || *a != ret) + EC_KEY_free(ret); + if (priv_key) + EC_PRIVATEKEY_free(priv_key); + + return (NULL); +} + +int +i2d_ECPrivateKey(EC_KEY * a, unsigned char **out) +{ + int ret = 0, ok = 0; + unsigned char *buffer = NULL; + size_t buf_len = 0, tmp_len; + EC_PRIVATEKEY *priv_key = NULL; + + if (a == NULL || a->group == NULL || a->priv_key == NULL || + (!(a->enc_flag & EC_PKEY_NO_PUBKEY) && a->pub_key == NULL)) { + ECerror(ERR_R_PASSED_NULL_PARAMETER); + goto err; + } + if ((priv_key = EC_PRIVATEKEY_new()) == NULL) { + ECerror(ERR_R_MALLOC_FAILURE); + goto err; + } + priv_key->version = a->version; + + buf_len = (size_t) BN_num_bytes(a->priv_key); + buffer = malloc(buf_len); + if (buffer == NULL) { + ECerror(ERR_R_MALLOC_FAILURE); + goto err; + } + if (!BN_bn2bin(a->priv_key, buffer)) { + ECerror(ERR_R_BN_LIB); + goto err; + } + if (!ASN1_STRING_set(priv_key->privateKey, buffer, buf_len)) { + ECerror(ERR_R_ASN1_LIB); + goto err; + } + if (!(a->enc_flag & EC_PKEY_NO_PARAMETERS)) { + if ((priv_key->parameters = ec_asn1_group2pkparameters( + a->group, priv_key->parameters)) == NULL) { + ECerror(ERR_R_EC_LIB); + goto err; + } + } + if (!(a->enc_flag & EC_PKEY_NO_PUBKEY) && a->pub_key != NULL) { + priv_key->publicKey = ASN1_BIT_STRING_new(); + if (priv_key->publicKey == NULL) { + ECerror(ERR_R_MALLOC_FAILURE); + goto err; + } + tmp_len = EC_POINT_point2oct(a->group, a->pub_key, + a->conv_form, NULL, 0, NULL); + + if (tmp_len > buf_len) { + unsigned char *tmp_buffer = realloc(buffer, tmp_len); + if (!tmp_buffer) { + ECerror(ERR_R_MALLOC_FAILURE); + goto err; + } + buffer = tmp_buffer; + buf_len = tmp_len; + } + if (!EC_POINT_point2oct(a->group, a->pub_key, + a->conv_form, buffer, buf_len, NULL)) { + ECerror(ERR_R_EC_LIB); + goto err; + } + priv_key->publicKey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); + priv_key->publicKey->flags |= ASN1_STRING_FLAG_BITS_LEFT; + if (!ASN1_STRING_set(priv_key->publicKey, buffer, + buf_len)) { + ECerror(ERR_R_ASN1_LIB); + goto err; + } + } + if ((ret = i2d_EC_PRIVATEKEY(priv_key, out)) == 0) { + ECerror(ERR_R_EC_LIB); + goto err; + } + ok = 1; + err: + free(buffer); + if (priv_key) + EC_PRIVATEKEY_free(priv_key); + return (ok ? ret : 0); +} + +int +i2d_ECParameters(EC_KEY * a, unsigned char **out) +{ + if (a == NULL) { + ECerror(ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + return i2d_ECPKParameters(a->group, out); +} + +EC_KEY * +d2i_ECParameters(EC_KEY ** a, const unsigned char **in, long len) +{ + EC_KEY *ret; + + if (in == NULL || *in == NULL) { + ECerror(ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } + if (a == NULL || *a == NULL) { + if ((ret = EC_KEY_new()) == NULL) { + ECerror(ERR_R_MALLOC_FAILURE); + return NULL; + } + } else + ret = *a; + + if (!d2i_ECPKParameters(&ret->group, in, len)) { + ECerror(ERR_R_EC_LIB); + if (a == NULL || *a != ret) + EC_KEY_free(ret); + return NULL; + } + + if (a != NULL) + *a = ret; + return ret; +} + +EC_KEY * +o2i_ECPublicKey(EC_KEY ** a, const unsigned char **in, long len) +{ + EC_KEY *ret = NULL; + + if (a == NULL || (*a) == NULL || (*a)->group == NULL) { + /* An EC_GROUP structure is necessary to set the public key. */ + ECerror(ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + ret = *a; + if (ret->pub_key == NULL && + (ret->pub_key = EC_POINT_new(ret->group)) == NULL) { + ECerror(ERR_R_MALLOC_FAILURE); + return 0; + } + if (!EC_POINT_oct2point(ret->group, ret->pub_key, *in, len, NULL)) { + ECerror(ERR_R_EC_LIB); + return 0; + } + /* save the point conversion form */ + ret->conv_form = (point_conversion_form_t) (*in[0] & ~0x01); + *in += len; + return ret; +} + +int +i2o_ECPublicKey(const EC_KEY * a, unsigned char **out) +{ + size_t buf_len = 0; + int new_buffer = 0; + + if (a == NULL) { + ECerror(ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + buf_len = EC_POINT_point2oct(a->group, a->pub_key, + a->conv_form, NULL, 0, NULL); + + if (out == NULL || buf_len == 0) + /* out == NULL => just return the length of the octet string */ + return buf_len; + + if (*out == NULL) { + if ((*out = malloc(buf_len)) == NULL) { + ECerror(ERR_R_MALLOC_FAILURE); + return 0; + } + new_buffer = 1; + } + if (!EC_POINT_point2oct(a->group, a->pub_key, a->conv_form, + *out, buf_len, NULL)) { + ECerror(ERR_R_EC_LIB); + if (new_buffer) { + free(*out); + *out = NULL; + } + return 0; + } + if (!new_buffer) + *out += buf_len; + return buf_len; +} diff --git a/src/lib/libcrypto/ec/ec_check.c b/src/lib/libcrypto/ec/ec_check.c new file mode 100644 index 00000000000..dcca6616743 --- /dev/null +++ b/src/lib/libcrypto/ec/ec_check.c @@ -0,0 +1,115 @@ +/* $OpenBSD: ec_check.c,v 1.9 2018/07/15 16:27:39 tb Exp $ */ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include "ec_lcl.h" +#include + +int +EC_GROUP_check(const EC_GROUP * group, BN_CTX * ctx) +{ + int ret = 0; + BIGNUM *order; + BN_CTX *new_ctx = NULL; + EC_POINT *point = NULL; + + if (ctx == NULL) { + ctx = new_ctx = BN_CTX_new(); + if (ctx == NULL) { + ECerror(ERR_R_MALLOC_FAILURE); + goto err; + } + } + BN_CTX_start(ctx); + if ((order = BN_CTX_get(ctx)) == NULL) + goto err; + + /* check the discriminant */ + if (!EC_GROUP_check_discriminant(group, ctx)) { + ECerror(EC_R_DISCRIMINANT_IS_ZERO); + goto err; + } + /* check the generator */ + if (group->generator == NULL) { + ECerror(EC_R_UNDEFINED_GENERATOR); + goto err; + } + if (EC_POINT_is_on_curve(group, group->generator, ctx) <= 0) { + ECerror(EC_R_POINT_IS_NOT_ON_CURVE); + goto err; + } + /* check the order of the generator */ + if ((point = EC_POINT_new(group)) == NULL) + goto err; + if (!EC_GROUP_get_order(group, order, ctx)) + goto err; + if (BN_is_zero(order)) { + ECerror(EC_R_UNDEFINED_ORDER); + goto err; + } + if (!EC_POINT_mul(group, point, order, NULL, NULL, ctx)) + goto err; + if (EC_POINT_is_at_infinity(group, point) <= 0) { + ECerror(EC_R_INVALID_GROUP_ORDER); + goto err; + } + ret = 1; + + err: + if (ctx != NULL) + BN_CTX_end(ctx); + BN_CTX_free(new_ctx); + EC_POINT_free(point); + return ret; +} diff --git a/src/lib/libcrypto/ec/ec_curve.c b/src/lib/libcrypto/ec/ec_curve.c new file mode 100644 index 00000000000..7eab943eb34 --- /dev/null +++ b/src/lib/libcrypto/ec/ec_curve.c @@ -0,0 +1,3387 @@ +/* $OpenBSD: ec_curve.c,v 1.19 2018/07/15 16:27:39 tb Exp $ */ +/* + * Written by Nils Larsch for the OpenSSL project. + */ +/* ==================================================================== + * Copyright (c) 1998-2010 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * Portions of the attached software ("Contribution") are developed by + * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. + * + * The Contribution is licensed pursuant to the OpenSSL open source + * license provided above. + * + * The elliptic curve binary polynomial software is originally written by + * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. + * + */ + +#include + +#include + +#include "ec_lcl.h" +#include +#include + +typedef struct { + int field_type, /* either NID_X9_62_prime_field or + * NID_X9_62_characteristic_two_field */ + seed_len, param_len; + unsigned int cofactor; /* promoted to BN_ULONG */ +} EC_CURVE_DATA; + +/* the nist prime curves */ +static const struct { + EC_CURVE_DATA h; + unsigned char data[20 + 24 * 6]; +} + _EC_NIST_PRIME_192 = { + { + NID_X9_62_prime_field, 20, 24, 1 + }, + { + 0x30, 0x45, 0xAE, 0x6F, 0xC8, 0x42, 0x2F, 0x64, 0xED, 0x57, /* seed */ + 0x95, 0x28, 0xD3, 0x81, 0x20, 0xEA, 0xE1, 0x21, 0x96, 0xD5, + + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* a */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFC, + 0x64, 0x21, 0x05, 0x19, 0xE5, 0x9C, 0x80, 0xE7, 0x0F, 0xA7, /* b */ + 0xE9, 0xAB, 0x72, 0x24, 0x30, 0x49, 0xFE, 0xB8, 0xDE, 0xEC, + 0xC1, 0x46, 0xB9, 0xB1, + 0x18, 0x8D, 0xA8, 0x0E, 0xB0, 0x30, 0x90, 0xF6, 0x7C, 0xBF, /* x */ + 0x20, 0xEB, 0x43, 0xA1, 0x88, 0x00, 0xF4, 0xFF, 0x0A, 0xFD, + 0x82, 0xFF, 0x10, 0x12, + 0x07, 0x19, 0x2b, 0x95, 0xff, 0xc8, 0xda, 0x78, 0x63, 0x10, /* y */ + 0x11, 0xed, 0x6b, 0x24, 0xcd, 0xd5, 0x73, 0xf9, 0x77, 0xa1, + 0x1e, 0x79, 0x48, 0x11, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* order */ + 0xFF, 0xFF, 0x99, 0xDE, 0xF8, 0x36, 0x14, 0x6B, 0xC9, 0xB1, + 0xB4, 0xD2, 0x28, 0x31 + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[20 + 28 * 6]; +} + _EC_NIST_PRIME_224 = { + { + NID_X9_62_prime_field, 20, 28, 1 + }, + { + 0xBD, 0x71, 0x34, 0x47, 0x99, 0xD5, 0xC7, 0xFC, 0xDC, 0x45, /* seed */ + 0xB5, 0x9F, 0xA3, 0xB9, 0xAB, 0x8F, 0x6A, 0x94, 0x8B, 0xC5, + + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* a */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, + 0xB4, 0x05, 0x0A, 0x85, 0x0C, 0x04, 0xB3, 0xAB, 0xF5, 0x41, /* b */ + 0x32, 0x56, 0x50, 0x44, 0xB0, 0xB7, 0xD7, 0xBF, 0xD8, 0xBA, + 0x27, 0x0B, 0x39, 0x43, 0x23, 0x55, 0xFF, 0xB4, + 0xB7, 0x0E, 0x0C, 0xBD, 0x6B, 0xB4, 0xBF, 0x7F, 0x32, 0x13, /* x */ + 0x90, 0xB9, 0x4A, 0x03, 0xC1, 0xD3, 0x56, 0xC2, 0x11, 0x22, + 0x34, 0x32, 0x80, 0xD6, 0x11, 0x5C, 0x1D, 0x21, + 0xbd, 0x37, 0x63, 0x88, 0xb5, 0xf7, 0x23, 0xfb, 0x4c, 0x22, /* y */ + 0xdf, 0xe6, 0xcd, 0x43, 0x75, 0xa0, 0x5a, 0x07, 0x47, 0x64, + 0x44, 0xd5, 0x81, 0x99, 0x85, 0x00, 0x7e, 0x34, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* order */ + 0xFF, 0xFF, 0xFF, 0xFF, 0x16, 0xA2, 0xE0, 0xB8, 0xF0, 0x3E, + 0x13, 0xDD, 0x29, 0x45, 0x5C, 0x5C, 0x2A, 0x3D + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[20 + 48 * 6]; +} + _EC_NIST_PRIME_384 = { + { + NID_X9_62_prime_field, 20, 48, 1 + }, + { + 0xA3, 0x35, 0x92, 0x6A, 0xA3, 0x19, 0xA2, 0x7A, 0x1D, 0x00, /* seed */ + 0x89, 0x6A, 0x67, 0x73, 0xA4, 0x82, 0x7A, 0xCD, 0xAC, 0x73, + + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* a */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFC, + 0xB3, 0x31, 0x2F, 0xA7, 0xE2, 0x3E, 0xE7, 0xE4, 0x98, 0x8E, /* b */ + 0x05, 0x6B, 0xE3, 0xF8, 0x2D, 0x19, 0x18, 0x1D, 0x9C, 0x6E, + 0xFE, 0x81, 0x41, 0x12, 0x03, 0x14, 0x08, 0x8F, 0x50, 0x13, + 0x87, 0x5A, 0xC6, 0x56, 0x39, 0x8D, 0x8A, 0x2E, 0xD1, 0x9D, + 0x2A, 0x85, 0xC8, 0xED, 0xD3, 0xEC, 0x2A, 0xEF, + 0xAA, 0x87, 0xCA, 0x22, 0xBE, 0x8B, 0x05, 0x37, 0x8E, 0xB1, /* x */ + 0xC7, 0x1E, 0xF3, 0x20, 0xAD, 0x74, 0x6E, 0x1D, 0x3B, 0x62, + 0x8B, 0xA7, 0x9B, 0x98, 0x59, 0xF7, 0x41, 0xE0, 0x82, 0x54, + 0x2A, 0x38, 0x55, 0x02, 0xF2, 0x5D, 0xBF, 0x55, 0x29, 0x6C, + 0x3A, 0x54, 0x5E, 0x38, 0x72, 0x76, 0x0A, 0xB7, + 0x36, 0x17, 0xde, 0x4a, 0x96, 0x26, 0x2c, 0x6f, 0x5d, 0x9e, /* y */ + 0x98, 0xbf, 0x92, 0x92, 0xdc, 0x29, 0xf8, 0xf4, 0x1d, 0xbd, + 0x28, 0x9a, 0x14, 0x7c, 0xe9, 0xda, 0x31, 0x13, 0xb5, 0xf0, + 0xb8, 0xc0, 0x0a, 0x60, 0xb1, 0xce, 0x1d, 0x7e, 0x81, 0x9d, + 0x7a, 0x43, 0x1d, 0x7c, 0x90, 0xea, 0x0e, 0x5f, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* order */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xC7, 0x63, 0x4D, 0x81, 0xF4, 0x37, + 0x2D, 0xDF, 0x58, 0x1A, 0x0D, 0xB2, 0x48, 0xB0, 0xA7, 0x7A, + 0xEC, 0xEC, 0x19, 0x6A, 0xCC, 0xC5, 0x29, 0x73 + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[20 + 66 * 6]; +} + _EC_NIST_PRIME_521 = { + { + NID_X9_62_prime_field, 20, 66, 1 + }, + { + 0xD0, 0x9E, 0x88, 0x00, 0x29, 0x1C, 0xB8, 0x53, 0x96, 0xCC, /* seed */ + 0x67, 0x17, 0x39, 0x32, 0x84, 0xAA, 0xA0, 0xDA, 0x64, 0xBA, + + 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* a */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, + 0x00, 0x51, 0x95, 0x3E, 0xB9, 0x61, 0x8E, 0x1C, 0x9A, 0x1F, /* b */ + 0x92, 0x9A, 0x21, 0xA0, 0xB6, 0x85, 0x40, 0xEE, 0xA2, 0xDA, + 0x72, 0x5B, 0x99, 0xB3, 0x15, 0xF3, 0xB8, 0xB4, 0x89, 0x91, + 0x8E, 0xF1, 0x09, 0xE1, 0x56, 0x19, 0x39, 0x51, 0xEC, 0x7E, + 0x93, 0x7B, 0x16, 0x52, 0xC0, 0xBD, 0x3B, 0xB1, 0xBF, 0x07, + 0x35, 0x73, 0xDF, 0x88, 0x3D, 0x2C, 0x34, 0xF1, 0xEF, 0x45, + 0x1F, 0xD4, 0x6B, 0x50, 0x3F, 0x00, + 0x00, 0xC6, 0x85, 0x8E, 0x06, 0xB7, 0x04, 0x04, 0xE9, 0xCD, /* x */ + 0x9E, 0x3E, 0xCB, 0x66, 0x23, 0x95, 0xB4, 0x42, 0x9C, 0x64, + 0x81, 0x39, 0x05, 0x3F, 0xB5, 0x21, 0xF8, 0x28, 0xAF, 0x60, + 0x6B, 0x4D, 0x3D, 0xBA, 0xA1, 0x4B, 0x5E, 0x77, 0xEF, 0xE7, + 0x59, 0x28, 0xFE, 0x1D, 0xC1, 0x27, 0xA2, 0xFF, 0xA8, 0xDE, + 0x33, 0x48, 0xB3, 0xC1, 0x85, 0x6A, 0x42, 0x9B, 0xF9, 0x7E, + 0x7E, 0x31, 0xC2, 0xE5, 0xBD, 0x66, + 0x01, 0x18, 0x39, 0x29, 0x6a, 0x78, 0x9a, 0x3b, 0xc0, 0x04, /* y */ + 0x5c, 0x8a, 0x5f, 0xb4, 0x2c, 0x7d, 0x1b, 0xd9, 0x98, 0xf5, + 0x44, 0x49, 0x57, 0x9b, 0x44, 0x68, 0x17, 0xaf, 0xbd, 0x17, + 0x27, 0x3e, 0x66, 0x2c, 0x97, 0xee, 0x72, 0x99, 0x5e, 0xf4, + 0x26, 0x40, 0xc5, 0x50, 0xb9, 0x01, 0x3f, 0xad, 0x07, 0x61, + 0x35, 0x3c, 0x70, 0x86, 0xa2, 0x72, 0xc2, 0x40, 0x88, 0xbe, + 0x94, 0x76, 0x9f, 0xd1, 0x66, 0x50, + 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* order */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFA, 0x51, 0x86, 0x87, 0x83, 0xBF, 0x2F, + 0x96, 0x6B, 0x7F, 0xCC, 0x01, 0x48, 0xF7, 0x09, 0xA5, 0xD0, + 0x3B, 0xB5, 0xC9, 0xB8, 0x89, 0x9C, 0x47, 0xAE, 0xBB, 0x6F, + 0xB7, 0x1E, 0x91, 0x38, 0x64, 0x09 + } +}; + +/* the x9.62 prime curves (minus the nist prime curves) */ +static const struct { + EC_CURVE_DATA h; + unsigned char data[20 + 24 * 6]; +} + _EC_X9_62_PRIME_192V2 = { + { + NID_X9_62_prime_field, 20, 24, 1 + }, + { + 0x31, 0xA9, 0x2E, 0xE2, 0x02, 0x9F, 0xD1, 0x0D, 0x90, 0x1B, /* seed */ + 0x11, 0x3E, 0x99, 0x07, 0x10, 0xF0, 0xD2, 0x1A, 0xC6, 0xB6, + + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* a */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFC, + 0xCC, 0x22, 0xD6, 0xDF, 0xB9, 0x5C, 0x6B, 0x25, 0xE4, 0x9C, /* b */ + 0x0D, 0x63, 0x64, 0xA4, 0xE5, 0x98, 0x0C, 0x39, 0x3A, 0xA2, + 0x16, 0x68, 0xD9, 0x53, + 0xEE, 0xA2, 0xBA, 0xE7, 0xE1, 0x49, 0x78, 0x42, 0xF2, 0xDE, /* x */ + 0x77, 0x69, 0xCF, 0xE9, 0xC9, 0x89, 0xC0, 0x72, 0xAD, 0x69, + 0x6F, 0x48, 0x03, 0x4A, + 0x65, 0x74, 0xd1, 0x1d, 0x69, 0xb6, 0xec, 0x7a, 0x67, 0x2b, /* y */ + 0xb8, 0x2a, 0x08, 0x3d, 0xf2, 0xf2, 0xb0, 0x84, 0x7d, 0xe9, + 0x70, 0xb2, 0xde, 0x15, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* order */ + 0xFF, 0xFE, 0x5F, 0xB1, 0xA7, 0x24, 0xDC, 0x80, 0x41, 0x86, + 0x48, 0xD8, 0xDD, 0x31 + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[20 + 24 * 6]; +} + _EC_X9_62_PRIME_192V3 = { + { + NID_X9_62_prime_field, 20, 24, 1 + }, + { + 0xC4, 0x69, 0x68, 0x44, 0x35, 0xDE, 0xB3, 0x78, 0xC4, 0xB6, /* seed */ + 0x5C, 0xA9, 0x59, 0x1E, 0x2A, 0x57, 0x63, 0x05, 0x9A, 0x2E, + + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* a */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFC, + 0x22, 0x12, 0x3D, 0xC2, 0x39, 0x5A, 0x05, 0xCA, 0xA7, 0x42, /* b */ + 0x3D, 0xAE, 0xCC, 0xC9, 0x47, 0x60, 0xA7, 0xD4, 0x62, 0x25, + 0x6B, 0xD5, 0x69, 0x16, + 0x7D, 0x29, 0x77, 0x81, 0x00, 0xC6, 0x5A, 0x1D, 0xA1, 0x78, /* x */ + 0x37, 0x16, 0x58, 0x8D, 0xCE, 0x2B, 0x8B, 0x4A, 0xEE, 0x8E, + 0x22, 0x8F, 0x18, 0x96, + 0x38, 0xa9, 0x0f, 0x22, 0x63, 0x73, 0x37, 0x33, 0x4b, 0x49, /* y */ + 0xdc, 0xb6, 0x6a, 0x6d, 0xc8, 0xf9, 0x97, 0x8a, 0xca, 0x76, + 0x48, 0xa9, 0x43, 0xb0, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* order */ + 0xFF, 0xFF, 0x7A, 0x62, 0xD0, 0x31, 0xC8, 0x3F, 0x42, 0x94, + 0xF6, 0x40, 0xEC, 0x13 + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[20 + 30 * 6]; +} + _EC_X9_62_PRIME_239V1 = { + { + NID_X9_62_prime_field, 20, 30, 1 + }, + { + 0xE4, 0x3B, 0xB4, 0x60, 0xF0, 0xB8, 0x0C, 0xC0, 0xC0, 0xB0, /* seed */ + 0x75, 0x79, 0x8E, 0x94, 0x80, 0x60, 0xF8, 0x32, 0x1B, 0x7D, + + 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */ + 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + + 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* a */ + 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, + + 0x6B, 0x01, 0x6C, 0x3B, 0xDC, 0xF1, 0x89, 0x41, 0xD0, 0xD6, /* b */ + 0x54, 0x92, 0x14, 0x75, 0xCA, 0x71, 0xA9, 0xDB, 0x2F, 0xB2, + 0x7D, 0x1D, 0x37, 0x79, 0x61, 0x85, 0xC2, 0x94, 0x2C, 0x0A, + + 0x0F, 0xFA, 0x96, 0x3C, 0xDC, 0xA8, 0x81, 0x6C, 0xCC, 0x33, /* x */ + 0xB8, 0x64, 0x2B, 0xED, 0xF9, 0x05, 0xC3, 0xD3, 0x58, 0x57, + 0x3D, 0x3F, 0x27, 0xFB, 0xBD, 0x3B, 0x3C, 0xB9, 0xAA, 0xAF, + + 0x7d, 0xeb, 0xe8, 0xe4, 0xe9, 0x0a, 0x5d, 0xae, 0x6e, 0x40, /* y */ + 0x54, 0xca, 0x53, 0x0b, 0xa0, 0x46, 0x54, 0xb3, 0x68, 0x18, + 0xce, 0x22, 0x6b, 0x39, 0xfc, 0xcb, 0x7b, 0x02, 0xf1, 0xae, + + 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* order */ + 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0x9E, 0x5E, 0x9A, 0x9F, 0x5D, + 0x90, 0x71, 0xFB, 0xD1, 0x52, 0x26, 0x88, 0x90, 0x9D, 0x0B + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[20 + 30 * 6]; +} + _EC_X9_62_PRIME_239V2 = { + { + NID_X9_62_prime_field, 20, 30, 1 + }, + { + 0xE8, 0xB4, 0x01, 0x16, 0x04, 0x09, 0x53, 0x03, 0xCA, 0x3B, /* seed */ + 0x80, 0x99, 0x98, 0x2B, 0xE0, 0x9F, 0xCB, 0x9A, 0xE6, 0x16, + + 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */ + 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + + 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* a */ + 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, + + 0x61, 0x7F, 0xAB, 0x68, 0x32, 0x57, 0x6C, 0xBB, 0xFE, 0xD5, /* b */ + 0x0D, 0x99, 0xF0, 0x24, 0x9C, 0x3F, 0xEE, 0x58, 0xB9, 0x4B, + 0xA0, 0x03, 0x8C, 0x7A, 0xE8, 0x4C, 0x8C, 0x83, 0x2F, 0x2C, + + 0x38, 0xAF, 0x09, 0xD9, 0x87, 0x27, 0x70, 0x51, 0x20, 0xC9, /* x */ + 0x21, 0xBB, 0x5E, 0x9E, 0x26, 0x29, 0x6A, 0x3C, 0xDC, 0xF2, + 0xF3, 0x57, 0x57, 0xA0, 0xEA, 0xFD, 0x87, 0xB8, 0x30, 0xE7, + + 0x5b, 0x01, 0x25, 0xe4, 0xdb, 0xea, 0x0e, 0xc7, 0x20, 0x6d, /* y */ + 0xa0, 0xfc, 0x01, 0xd9, 0xb0, 0x81, 0x32, 0x9f, 0xb5, 0x55, + 0xde, 0x6e, 0xf4, 0x60, 0x23, 0x7d, 0xff, 0x8b, 0xe4, 0xba, + + 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* order */ + 0xFF, 0xFF, 0x80, 0x00, 0x00, 0xCF, 0xA7, 0xE8, 0x59, 0x43, + 0x77, 0xD4, 0x14, 0xC0, 0x38, 0x21, 0xBC, 0x58, 0x20, 0x63 + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[20 + 30 * 6]; +} + _EC_X9_62_PRIME_239V3 = { + { + NID_X9_62_prime_field, 20, 30, 1 + }, + { + 0x7D, 0x73, 0x74, 0x16, 0x8F, 0xFE, 0x34, 0x71, 0xB6, 0x0A, /* seed */ + 0x85, 0x76, 0x86, 0xA1, 0x94, 0x75, 0xD3, 0xBF, 0xA2, 0xFF, + + 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */ + 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + + 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* a */ + 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, + + 0x25, 0x57, 0x05, 0xFA, 0x2A, 0x30, 0x66, 0x54, 0xB1, 0xF4, /* b */ + 0xCB, 0x03, 0xD6, 0xA7, 0x50, 0xA3, 0x0C, 0x25, 0x01, 0x02, + 0xD4, 0x98, 0x87, 0x17, 0xD9, 0xBA, 0x15, 0xAB, 0x6D, 0x3E, + + 0x67, 0x68, 0xAE, 0x8E, 0x18, 0xBB, 0x92, 0xCF, 0xCF, 0x00, /* x */ + 0x5C, 0x94, 0x9A, 0xA2, 0xC6, 0xD9, 0x48, 0x53, 0xD0, 0xE6, + 0x60, 0xBB, 0xF8, 0x54, 0xB1, 0xC9, 0x50, 0x5F, 0xE9, 0x5A, + + 0x16, 0x07, 0xe6, 0x89, 0x8f, 0x39, 0x0c, 0x06, 0xbc, 0x1d, /* y */ + 0x55, 0x2b, 0xad, 0x22, 0x6f, 0x3b, 0x6f, 0xcf, 0xe4, 0x8b, + 0x6e, 0x81, 0x84, 0x99, 0xaf, 0x18, 0xe3, 0xed, 0x6c, 0xf3, + + 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* order */ + 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0x97, 0x5D, 0xEB, 0x41, 0xB3, + 0xA6, 0x05, 0x7C, 0x3C, 0x43, 0x21, 0x46, 0x52, 0x65, 0x51 + } +}; + + +static const struct { + EC_CURVE_DATA h; + unsigned char data[20 + 32 * 6]; +} + _EC_X9_62_PRIME_256V1 = { + { + NID_X9_62_prime_field, 20, 32, 1 + }, + { + 0xC4, 0x9D, 0x36, 0x08, 0x86, 0xE7, 0x04, 0x93, 0x6A, 0x66, /* seed */ + 0x78, 0xE1, 0x13, 0x9D, 0x26, 0xB7, 0x81, 0x9F, 0x7E, 0x90, + + 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, /* p */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, /* a */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFC, + 0x5A, 0xC6, 0x35, 0xD8, 0xAA, 0x3A, 0x93, 0xE7, 0xB3, 0xEB, /* b */ + 0xBD, 0x55, 0x76, 0x98, 0x86, 0xBC, 0x65, 0x1D, 0x06, 0xB0, + 0xCC, 0x53, 0xB0, 0xF6, 0x3B, 0xCE, 0x3C, 0x3E, 0x27, 0xD2, + 0x60, 0x4B, + 0x6B, 0x17, 0xD1, 0xF2, 0xE1, 0x2C, 0x42, 0x47, 0xF8, 0xBC, /* x */ + 0xE6, 0xE5, 0x63, 0xA4, 0x40, 0xF2, 0x77, 0x03, 0x7D, 0x81, + 0x2D, 0xEB, 0x33, 0xA0, 0xF4, 0xA1, 0x39, 0x45, 0xD8, 0x98, + 0xC2, 0x96, + 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, /* y */ + 0xeb, 0x4a, 0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, + 0x6b, 0x31, 0x5e, 0xce, 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, + 0x51, 0xf5, + 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, /* order */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, + 0xA7, 0x17, 0x9E, 0x84, 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, + 0x25, 0x51 + } +}; + +/* the secg prime curves (minus the nist and x9.62 prime curves) */ +static const struct { + EC_CURVE_DATA h; + unsigned char data[20 + 14 * 6]; +} + _EC_SECG_PRIME_112R1 = { + { + NID_X9_62_prime_field, 20, 14, 1 + }, + { + 0x00, 0xF5, 0x0B, 0x02, 0x8E, 0x4D, 0x69, 0x6E, 0x67, 0x68, /* seed */ + 0x75, 0x61, 0x51, 0x75, 0x29, 0x04, 0x72, 0x78, 0x3F, 0xB1, + + 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x66, 0x80, 0x76, /* p */ + 0xBE, 0xAD, 0x20, 0x8B, + 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x66, 0x80, 0x76, /* a */ + 0xBE, 0xAD, 0x20, 0x88, + 0x65, 0x9E, 0xF8, 0xBA, 0x04, 0x39, 0x16, 0xEE, 0xDE, 0x89, /* b */ + 0x11, 0x70, 0x2B, 0x22, + 0x09, 0x48, 0x72, 0x39, 0x99, 0x5A, 0x5E, 0xE7, 0x6B, 0x55, /* x */ + 0xF9, 0xC2, 0xF0, 0x98, + 0xa8, 0x9c, 0xe5, 0xaf, 0x87, 0x24, 0xc0, 0xa2, 0x3e, 0x0e, /* y */ + 0x0f, 0xf7, 0x75, 0x00, + 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x76, 0x28, 0xDF, /* order */ + 0xAC, 0x65, 0x61, 0xC5 + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[20 + 14 * 6]; +} + _EC_SECG_PRIME_112R2 = { + { + NID_X9_62_prime_field, 20, 14, 4 + }, + { + 0x00, 0x27, 0x57, 0xA1, 0x11, 0x4D, 0x69, 0x6E, 0x67, 0x68, /* seed */ + 0x75, 0x61, 0x51, 0x75, 0x53, 0x16, 0xC0, 0x5E, 0x0B, 0xD4, + + 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x66, 0x80, 0x76, /* p */ + 0xBE, 0xAD, 0x20, 0x8B, + 0x61, 0x27, 0xC2, 0x4C, 0x05, 0xF3, 0x8A, 0x0A, 0xAA, 0xF6, /* a */ + 0x5C, 0x0E, 0xF0, 0x2C, + 0x51, 0xDE, 0xF1, 0x81, 0x5D, 0xB5, 0xED, 0x74, 0xFC, 0xC3, /* b */ + 0x4C, 0x85, 0xD7, 0x09, + 0x4B, 0xA3, 0x0A, 0xB5, 0xE8, 0x92, 0xB4, 0xE1, 0x64, 0x9D, /* x */ + 0xD0, 0x92, 0x86, 0x43, + 0xad, 0xcd, 0x46, 0xf5, 0x88, 0x2e, 0x37, 0x47, 0xde, 0xf3, /* y */ + 0x6e, 0x95, 0x6e, 0x97, + 0x36, 0xDF, 0x0A, 0xAF, 0xD8, 0xB8, 0xD7, 0x59, 0x7C, 0xA1, /* order */ + 0x05, 0x20, 0xD0, 0x4B + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[20 + 16 * 6]; +} + _EC_SECG_PRIME_128R1 = { + { + NID_X9_62_prime_field, 20, 16, 1 + }, + { + 0x00, 0x0E, 0x0D, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, /* seed */ + 0x51, 0x75, 0x0C, 0xC0, 0x3A, 0x44, 0x73, 0xD0, 0x36, 0x79, + + 0xFF, 0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* a */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, + 0xE8, 0x75, 0x79, 0xC1, 0x10, 0x79, 0xF4, 0x3D, 0xD8, 0x24, /* b */ + 0x99, 0x3C, 0x2C, 0xEE, 0x5E, 0xD3, + 0x16, 0x1F, 0xF7, 0x52, 0x8B, 0x89, 0x9B, 0x2D, 0x0C, 0x28, /* x */ + 0x60, 0x7C, 0xA5, 0x2C, 0x5B, 0x86, + 0xcf, 0x5a, 0xc8, 0x39, 0x5b, 0xaf, 0xeb, 0x13, 0xc0, 0x2d, /* y */ + 0xa2, 0x92, 0xdd, 0xed, 0x7a, 0x83, + 0xFF, 0xFF, 0xFF, 0xFE, 0x00, 0x00, 0x00, 0x00, 0x75, 0xA3, /* order */ + 0x0D, 0x1B, 0x90, 0x38, 0xA1, 0x15 + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[20 + 16 * 6]; +} + _EC_SECG_PRIME_128R2 = { + { + NID_X9_62_prime_field, 20, 16, 4 + }, + { + 0x00, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75, /* seed */ + 0x12, 0xD8, 0xF0, 0x34, 0x31, 0xFC, 0xE6, 0x3B, 0x88, 0xF4, + + 0xFF, 0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xD6, 0x03, 0x19, 0x98, 0xD1, 0xB3, 0xBB, 0xFE, 0xBF, 0x59, /* a */ + 0xCC, 0x9B, 0xBF, 0xF9, 0xAE, 0xE1, + 0x5E, 0xEE, 0xFC, 0xA3, 0x80, 0xD0, 0x29, 0x19, 0xDC, 0x2C, /* b */ + 0x65, 0x58, 0xBB, 0x6D, 0x8A, 0x5D, + 0x7B, 0x6A, 0xA5, 0xD8, 0x5E, 0x57, 0x29, 0x83, 0xE6, 0xFB, /* x */ + 0x32, 0xA7, 0xCD, 0xEB, 0xC1, 0x40, + 0x27, 0xb6, 0x91, 0x6a, 0x89, 0x4d, 0x3a, 0xee, 0x71, 0x06, /* y */ + 0xfe, 0x80, 0x5f, 0xc3, 0x4b, 0x44, + 0x3F, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, 0xBE, 0x00, /* order */ + 0x24, 0x72, 0x06, 0x13, 0xB5, 0xA3 + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[0 + 21 * 6]; +} + _EC_SECG_PRIME_160K1 = { + { + NID_X9_62_prime_field, 0, 21, 1 + }, + { /* no seed */ + 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xAC, + 0x73, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* a */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* b */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x07, + 0x00, 0x3B, 0x4C, 0x38, 0x2C, 0xE3, 0x7A, 0xA1, 0x92, 0xA4, /* x */ + 0x01, 0x9E, 0x76, 0x30, 0x36, 0xF4, 0xF5, 0xDD, 0x4D, 0x7E, + 0xBB, + 0x00, 0x93, 0x8c, 0xf9, 0x35, 0x31, 0x8f, 0xdc, 0xed, 0x6b, /* y */ + 0xc2, 0x82, 0x86, 0x53, 0x17, 0x33, 0xc3, 0xf0, 0x3c, 0x4f, + 0xee, + 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* order */ + 0x01, 0xB8, 0xFA, 0x16, 0xDF, 0xAB, 0x9A, 0xCA, 0x16, 0xB6, + 0xB3 + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[20 + 21 * 6]; +} + _EC_SECG_PRIME_160R1 = { + { + NID_X9_62_prime_field, 20, 21, 1 + }, + { + 0x10, 0x53, 0xCD, 0xE4, 0x2C, 0x14, 0xD6, 0x96, 0xE6, 0x76, /* seed */ + 0x87, 0x56, 0x15, 0x17, 0x53, 0x3B, 0xF3, 0xF8, 0x33, 0x45, + + 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, + 0xFF, + 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* a */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, + 0xFC, + 0x00, 0x1C, 0x97, 0xBE, 0xFC, 0x54, 0xBD, 0x7A, 0x8B, 0x65, /* b */ + 0xAC, 0xF8, 0x9F, 0x81, 0xD4, 0xD4, 0xAD, 0xC5, 0x65, 0xFA, + 0x45, + 0x00, 0x4A, 0x96, 0xB5, 0x68, 0x8E, 0xF5, 0x73, 0x28, 0x46, /* x */ + 0x64, 0x69, 0x89, 0x68, 0xC3, 0x8B, 0xB9, 0x13, 0xCB, 0xFC, + 0x82, + 0x00, 0x23, 0xa6, 0x28, 0x55, 0x31, 0x68, 0x94, 0x7d, 0x59, /* y */ + 0xdc, 0xc9, 0x12, 0x04, 0x23, 0x51, 0x37, 0x7a, 0xc5, 0xfb, + 0x32, + 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* order */ + 0x01, 0xF4, 0xC8, 0xF9, 0x27, 0xAE, 0xD3, 0xCA, 0x75, 0x22, + 0x57 + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[20 + 21 * 6]; +} + _EC_SECG_PRIME_160R2 = { + { + NID_X9_62_prime_field, 20, 21, 1 + }, + { + 0xB9, 0x9B, 0x99, 0xB0, 0x99, 0xB3, 0x23, 0xE0, 0x27, 0x09, /* seed */ + 0xA4, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x51, + + 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xAC, + 0x73, + 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* a */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xAC, + 0x70, + 0x00, 0xB4, 0xE1, 0x34, 0xD3, 0xFB, 0x59, 0xEB, 0x8B, 0xAB, /* b */ + 0x57, 0x27, 0x49, 0x04, 0x66, 0x4D, 0x5A, 0xF5, 0x03, 0x88, + 0xBA, + 0x00, 0x52, 0xDC, 0xB0, 0x34, 0x29, 0x3A, 0x11, 0x7E, 0x1F, /* x */ + 0x4F, 0xF1, 0x1B, 0x30, 0xF7, 0x19, 0x9D, 0x31, 0x44, 0xCE, + 0x6D, + 0x00, 0xfe, 0xaf, 0xfe, 0xf2, 0xe3, 0x31, 0xf2, 0x96, 0xe0, /* y */ + 0x71, 0xfa, 0x0d, 0xf9, 0x98, 0x2c, 0xfe, 0xa7, 0xd4, 0x3f, + 0x2e, + 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* order */ + 0x00, 0x35, 0x1E, 0xE7, 0x86, 0xA8, 0x18, 0xF3, 0xA1, 0xA1, + 0x6B + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[0 + 24 * 6]; +} + _EC_SECG_PRIME_192K1 = { + { + NID_X9_62_prime_field, 0, 24, 1 + }, + { /* no seed */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, + 0xFF, 0xFF, 0xEE, 0x37, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* a */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* b */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x03, + 0xDB, 0x4F, 0xF1, 0x0E, 0xC0, 0x57, 0xE9, 0xAE, 0x26, 0xB0, /* x */ + 0x7D, 0x02, 0x80, 0xB7, 0xF4, 0x34, 0x1D, 0xA5, 0xD1, 0xB1, + 0xEA, 0xE0, 0x6C, 0x7D, + 0x9b, 0x2f, 0x2f, 0x6d, 0x9c, 0x56, 0x28, 0xa7, 0x84, 0x41, /* y */ + 0x63, 0xd0, 0x15, 0xbe, 0x86, 0x34, 0x40, 0x82, 0xaa, 0x88, + 0xd9, 0x5e, 0x2f, 0x9d, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* order */ + 0xFF, 0xFE, 0x26, 0xF2, 0xFC, 0x17, 0x0F, 0x69, 0x46, 0x6A, + 0x74, 0xDE, 0xFD, 0x8D + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[0 + 29 * 6]; +} + _EC_SECG_PRIME_224K1 = { + { + NID_X9_62_prime_field, 0, 29, 1 + }, + { /* no seed */ + 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xE5, 0x6D, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* a */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* b */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, + 0x00, 0xA1, 0x45, 0x5B, 0x33, 0x4D, 0xF0, 0x99, 0xDF, 0x30, /* x */ + 0xFC, 0x28, 0xA1, 0x69, 0xA4, 0x67, 0xE9, 0xE4, 0x70, 0x75, + 0xA9, 0x0F, 0x7E, 0x65, 0x0E, 0xB6, 0xB7, 0xA4, 0x5C, + 0x00, 0x7e, 0x08, 0x9f, 0xed, 0x7f, 0xba, 0x34, 0x42, 0x82, /* y */ + 0xca, 0xfb, 0xd6, 0xf7, 0xe3, 0x19, 0xf7, 0xc0, 0xb0, 0xbd, + 0x59, 0xe2, 0xca, 0x4b, 0xdb, 0x55, 0x6d, 0x61, 0xa5, + 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* order */ + 0x00, 0x00, 0x00, 0x00, 0x01, 0xDC, 0xE8, 0xD2, 0xEC, 0x61, + 0x84, 0xCA, 0xF0, 0xA9, 0x71, 0x76, 0x9F, 0xB1, 0xF7 + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[0 + 32 * 6]; +} + _EC_SECG_PRIME_256K1 = { + { + NID_X9_62_prime_field, 0, 32, 1 + }, + { /* no seed */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, + 0xFC, 0x2F, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* a */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* b */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x07, + 0x79, 0xBE, 0x66, 0x7E, 0xF9, 0xDC, 0xBB, 0xAC, 0x55, 0xA0, /* x */ + 0x62, 0x95, 0xCE, 0x87, 0x0B, 0x07, 0x02, 0x9B, 0xFC, 0xDB, + 0x2D, 0xCE, 0x28, 0xD9, 0x59, 0xF2, 0x81, 0x5B, 0x16, 0xF8, + 0x17, 0x98, + 0x48, 0x3a, 0xda, 0x77, 0x26, 0xa3, 0xc4, 0x65, 0x5d, 0xa4, /* y */ + 0xfb, 0xfc, 0x0e, 0x11, 0x08, 0xa8, 0xfd, 0x17, 0xb4, 0x48, + 0xa6, 0x85, 0x54, 0x19, 0x9c, 0x47, 0xd0, 0x8f, 0xfb, 0x10, + 0xd4, 0xb8, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* order */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, + 0xAF, 0x48, 0xA0, 0x3B, 0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, + 0x41, 0x41 + } +}; + +/* some wap/wtls curves */ +static const struct { + EC_CURVE_DATA h; + unsigned char data[0 + 15 * 6]; +} + _EC_WTLS_8 = { + { + NID_X9_62_prime_field, 0, 15, 1 + }, + { /* no seed */ + 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */ + 0xFF, 0xFF, 0xFF, 0xFD, 0xE7, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* a */ + 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* b */ + 0x00, 0x00, 0x00, 0x00, 0x03, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* x */ + 0x00, 0x00, 0x00, 0x00, 0x01, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* y */ + 0x00, 0x00, 0x00, 0x00, 0x02, + 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xEC, 0xEA, /* order */ + 0x55, 0x1A, 0xD8, 0x37, 0xE9 + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[0 + 21 * 6]; +} + _EC_WTLS_9 = { + { + NID_X9_62_prime_field, 0, 21, 1 + }, + { /* no seed */ + 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, 0x80, + 0x8F, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* a */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* b */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x03, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* x */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x01, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* y */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x02, + 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* order */ + 0x01, 0xCD, 0xC9, 0x8A, 0xE0, 0xE2, 0xDE, 0x57, 0x4A, 0xBF, + 0x33 + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[0 + 28 * 6]; +} + _EC_WTLS_12 = { + { + NID_X9_62_prime_field, 0, 28, 1 + }, + { /* no seed */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* a */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, + 0xB4, 0x05, 0x0A, 0x85, 0x0C, 0x04, 0xB3, 0xAB, 0xF5, 0x41, /* b */ + 0x32, 0x56, 0x50, 0x44, 0xB0, 0xB7, 0xD7, 0xBF, 0xD8, 0xBA, + 0x27, 0x0B, 0x39, 0x43, 0x23, 0x55, 0xFF, 0xB4, + 0xB7, 0x0E, 0x0C, 0xBD, 0x6B, 0xB4, 0xBF, 0x7F, 0x32, 0x13, /* x */ + 0x90, 0xB9, 0x4A, 0x03, 0xC1, 0xD3, 0x56, 0xC2, 0x11, 0x22, + 0x34, 0x32, 0x80, 0xD6, 0x11, 0x5C, 0x1D, 0x21, + 0xbd, 0x37, 0x63, 0x88, 0xb5, 0xf7, 0x23, 0xfb, 0x4c, 0x22, /* y */ + 0xdf, 0xe6, 0xcd, 0x43, 0x75, 0xa0, 0x5a, 0x07, 0x47, 0x64, + 0x44, 0xd5, 0x81, 0x99, 0x85, 0x00, 0x7e, 0x34, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* order */ + 0xFF, 0xFF, 0xFF, 0xFF, 0x16, 0xA2, 0xE0, 0xB8, 0xF0, 0x3E, + 0x13, 0xDD, 0x29, 0x45, 0x5C, 0x5C, 0x2A, 0x3D + } +}; + +#ifndef OPENSSL_NO_EC2M + +/* characteristic two curves */ +static const struct { + EC_CURVE_DATA h; + unsigned char data[20 + 15 * 6]; +} + _EC_SECG_CHAR2_113R1 = { + { + NID_X9_62_characteristic_two_field, 20, 15, 2 + }, + { + 0x10, 0xE7, 0x23, 0xAB, 0x14, 0xD6, 0x96, 0xE6, 0x76, 0x87, /* seed */ + 0x56, 0x15, 0x17, 0x56, 0xFE, 0xBF, 0x8F, 0xCB, 0x49, 0xA9, + + 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* p */ + 0x00, 0x00, 0x00, 0x02, 0x01, + 0x00, 0x30, 0x88, 0x25, 0x0C, 0xA6, 0xE7, 0xC7, 0xFE, 0x64, /* a */ + 0x9C, 0xE8, 0x58, 0x20, 0xF7, + 0x00, 0xE8, 0xBE, 0xE4, 0xD3, 0xE2, 0x26, 0x07, 0x44, 0x18, /* b */ + 0x8B, 0xE0, 0xE9, 0xC7, 0x23, + 0x00, 0x9D, 0x73, 0x61, 0x6F, 0x35, 0xF4, 0xAB, 0x14, 0x07, /* x */ + 0xD7, 0x35, 0x62, 0xC1, 0x0F, + 0x00, 0xA5, 0x28, 0x30, 0x27, 0x79, 0x58, 0xEE, 0x84, 0xD1, /* y */ + 0x31, 0x5E, 0xD3, 0x18, 0x86, + 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xD9, 0xCC, /* order */ + 0xEC, 0x8A, 0x39, 0xE5, 0x6F + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[20 + 15 * 6]; +} + _EC_SECG_CHAR2_113R2 = { + { + NID_X9_62_characteristic_two_field, 20, 15, 2 + }, + { + 0x10, 0xC0, 0xFB, 0x15, 0x76, 0x08, 0x60, 0xDE, 0xF1, 0xEE, /* seed */ + 0xF4, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x5D, + + 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* p */ + 0x00, 0x00, 0x00, 0x02, 0x01, + 0x00, 0x68, 0x99, 0x18, 0xDB, 0xEC, 0x7E, 0x5A, 0x0D, 0xD6, /* a */ + 0xDF, 0xC0, 0xAA, 0x55, 0xC7, + 0x00, 0x95, 0xE9, 0xA9, 0xEC, 0x9B, 0x29, 0x7B, 0xD4, 0xBF, /* b */ + 0x36, 0xE0, 0x59, 0x18, 0x4F, + 0x01, 0xA5, 0x7A, 0x6A, 0x7B, 0x26, 0xCA, 0x5E, 0xF5, 0x2F, /* x */ + 0xCD, 0xB8, 0x16, 0x47, 0x97, + 0x00, 0xB3, 0xAD, 0xC9, 0x4E, 0xD1, 0xFE, 0x67, 0x4C, 0x06, /* y */ + 0xE6, 0x95, 0xBA, 0xBA, 0x1D, + 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x08, 0x78, /* order */ + 0x9B, 0x24, 0x96, 0xAF, 0x93 + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[20 + 17 * 6]; +} + _EC_SECG_CHAR2_131R1 = { + { + NID_X9_62_characteristic_two_field, 20, 17, 2 + }, + { + 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75, 0x98, /* seed */ + 0x5B, 0xD3, 0xAD, 0xBA, 0xDA, 0x21, 0xB4, 0x3A, 0x97, 0xE2, + + 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* p */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x0D, + 0x07, 0xA1, 0x1B, 0x09, 0xA7, 0x6B, 0x56, 0x21, 0x44, 0x41, /* a */ + 0x8F, 0xF3, 0xFF, 0x8C, 0x25, 0x70, 0xB8, + 0x02, 0x17, 0xC0, 0x56, 0x10, 0x88, 0x4B, 0x63, 0xB9, 0xC6, /* b */ + 0xC7, 0x29, 0x16, 0x78, 0xF9, 0xD3, 0x41, + 0x00, 0x81, 0xBA, 0xF9, 0x1F, 0xDF, 0x98, 0x33, 0xC4, 0x0F, /* x */ + 0x9C, 0x18, 0x13, 0x43, 0x63, 0x83, 0x99, + 0x07, 0x8C, 0x6E, 0x7E, 0xA3, 0x8C, 0x00, 0x1F, 0x73, 0xC8, /* y */ + 0x13, 0x4B, 0x1B, 0x4E, 0xF9, 0xE1, 0x50, + 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x31, /* order */ + 0x23, 0x95, 0x3A, 0x94, 0x64, 0xB5, 0x4D + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[20 + 17 * 6]; +} + _EC_SECG_CHAR2_131R2 = { + { + NID_X9_62_characteristic_two_field, 20, 17, 2 + }, + { + 0x98, 0x5B, 0xD3, 0xAD, 0xBA, 0xD4, 0xD6, 0x96, 0xE6, 0x76, /* seed */ + 0x87, 0x56, 0x15, 0x17, 0x5A, 0x21, 0xB4, 0x3A, 0x97, 0xE3, + + 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* p */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x0D, + 0x03, 0xE5, 0xA8, 0x89, 0x19, 0xD7, 0xCA, 0xFC, 0xBF, 0x41, /* a */ + 0x5F, 0x07, 0xC2, 0x17, 0x65, 0x73, 0xB2, + 0x04, 0xB8, 0x26, 0x6A, 0x46, 0xC5, 0x56, 0x57, 0xAC, 0x73, /* b */ + 0x4C, 0xE3, 0x8F, 0x01, 0x8F, 0x21, 0x92, + 0x03, 0x56, 0xDC, 0xD8, 0xF2, 0xF9, 0x50, 0x31, 0xAD, 0x65, /* x */ + 0x2D, 0x23, 0x95, 0x1B, 0xB3, 0x66, 0xA8, + 0x06, 0x48, 0xF0, 0x6D, 0x86, 0x79, 0x40, 0xA5, 0x36, 0x6D, /* y */ + 0x9E, 0x26, 0x5D, 0xE9, 0xEB, 0x24, 0x0F, + 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x69, /* order */ + 0x54, 0xA2, 0x33, 0x04, 0x9B, 0xA9, 0x8F + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[0 + 21 * 6]; +} + _EC_NIST_CHAR2_163K = { + { + NID_X9_62_characteristic_two_field, 0, 21, 2 + }, + { /* no seed */ + 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* p */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0xC9, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* a */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x01, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* b */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x01, + 0x02, 0xFE, 0x13, 0xC0, 0x53, 0x7B, 0xBC, 0x11, 0xAC, 0xAA, /* x */ + 0x07, 0xD7, 0x93, 0xDE, 0x4E, 0x6D, 0x5E, 0x5C, 0x94, 0xEE, + 0xE8, + 0x02, 0x89, 0x07, 0x0F, 0xB0, 0x5D, 0x38, 0xFF, 0x58, 0x32, /* y */ + 0x1F, 0x2E, 0x80, 0x05, 0x36, 0xD5, 0x38, 0xCC, 0xDA, 0xA3, + 0xD9, + 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* order */ + 0x02, 0x01, 0x08, 0xA2, 0xE0, 0xCC, 0x0D, 0x99, 0xF8, 0xA5, + 0xEF + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[0 + 21 * 6]; +} + _EC_SECG_CHAR2_163R1 = { + { + NID_X9_62_characteristic_two_field, 0, 21, 2 + }, + { /* no seed */ + 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* p */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0xC9, + 0x07, 0xB6, 0x88, 0x2C, 0xAA, 0xEF, 0xA8, 0x4F, 0x95, 0x54, /* a */ + 0xFF, 0x84, 0x28, 0xBD, 0x88, 0xE2, 0x46, 0xD2, 0x78, 0x2A, + 0xE2, + 0x07, 0x13, 0x61, 0x2D, 0xCD, 0xDC, 0xB4, 0x0A, 0xAB, 0x94, /* b */ + 0x6B, 0xDA, 0x29, 0xCA, 0x91, 0xF7, 0x3A, 0xF9, 0x58, 0xAF, + 0xD9, + 0x03, 0x69, 0x97, 0x96, 0x97, 0xAB, 0x43, 0x89, 0x77, 0x89, /* x */ + 0x56, 0x67, 0x89, 0x56, 0x7F, 0x78, 0x7A, 0x78, 0x76, 0xA6, + 0x54, + 0x00, 0x43, 0x5E, 0xDB, 0x42, 0xEF, 0xAF, 0xB2, 0x98, 0x9D, /* y */ + 0x51, 0xFE, 0xFC, 0xE3, 0xC8, 0x09, 0x88, 0xF4, 0x1F, 0xF8, + 0x83, + 0x03, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* order */ + 0xFF, 0x48, 0xAA, 0xB6, 0x89, 0xC2, 0x9C, 0xA7, 0x10, 0x27, + 0x9B + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[0 + 21 * 6]; +} + _EC_NIST_CHAR2_163B = { + { + NID_X9_62_characteristic_two_field, 0, 21, 2 + }, + { /* no seed */ + 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* p */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0xC9, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* a */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x01, + 0x02, 0x0A, 0x60, 0x19, 0x07, 0xB8, 0xC9, 0x53, 0xCA, 0x14, /* b */ + 0x81, 0xEB, 0x10, 0x51, 0x2F, 0x78, 0x74, 0x4A, 0x32, 0x05, + 0xFD, + 0x03, 0xF0, 0xEB, 0xA1, 0x62, 0x86, 0xA2, 0xD5, 0x7E, 0xA0, /* x */ + 0x99, 0x11, 0x68, 0xD4, 0x99, 0x46, 0x37, 0xE8, 0x34, 0x3E, + 0x36, + 0x00, 0xD5, 0x1F, 0xBC, 0x6C, 0x71, 0xA0, 0x09, 0x4F, 0xA2, /* y */ + 0xCD, 0xD5, 0x45, 0xB1, 0x1C, 0x5C, 0x0C, 0x79, 0x73, 0x24, + 0xF1, + 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* order */ + 0x02, 0x92, 0xFE, 0x77, 0xE7, 0x0C, 0x12, 0xA4, 0x23, 0x4C, + 0x33 + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[20 + 25 * 6]; +} + _EC_SECG_CHAR2_193R1 = { + { + NID_X9_62_characteristic_two_field, 20, 25, 2 + }, + { + 0x10, 0x3F, 0xAE, 0xC7, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, /* seed */ + 0x61, 0x51, 0x75, 0x77, 0x7F, 0xC5, 0xB1, 0x91, 0xEF, 0x30, + + 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* p */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x80, 0x01, + 0x00, 0x17, 0x85, 0x8F, 0xEB, 0x7A, 0x98, 0x97, 0x51, 0x69, /* a */ + 0xE1, 0x71, 0xF7, 0x7B, 0x40, 0x87, 0xDE, 0x09, 0x8A, 0xC8, + 0xA9, 0x11, 0xDF, 0x7B, 0x01, + 0x00, 0xFD, 0xFB, 0x49, 0xBF, 0xE6, 0xC3, 0xA8, 0x9F, 0xAC, /* b */ + 0xAD, 0xAA, 0x7A, 0x1E, 0x5B, 0xBC, 0x7C, 0xC1, 0xC2, 0xE5, + 0xD8, 0x31, 0x47, 0x88, 0x14, + 0x01, 0xF4, 0x81, 0xBC, 0x5F, 0x0F, 0xF8, 0x4A, 0x74, 0xAD, /* x */ + 0x6C, 0xDF, 0x6F, 0xDE, 0xF4, 0xBF, 0x61, 0x79, 0x62, 0x53, + 0x72, 0xD8, 0xC0, 0xC5, 0xE1, + 0x00, 0x25, 0xE3, 0x99, 0xF2, 0x90, 0x37, 0x12, 0xCC, 0xF3, /* y */ + 0xEA, 0x9E, 0x3A, 0x1A, 0xD1, 0x7F, 0xB0, 0xB3, 0x20, 0x1B, + 0x6A, 0xF7, 0xCE, 0x1B, 0x05, + 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* order */ + 0x00, 0x00, 0x00, 0xC7, 0xF3, 0x4A, 0x77, 0x8F, 0x44, 0x3A, + 0xCC, 0x92, 0x0E, 0xBA, 0x49 + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[20 + 25 * 6]; +} + _EC_SECG_CHAR2_193R2 = { + { + NID_X9_62_characteristic_two_field, 20, 25, 2 + }, + { + 0x10, 0xB7, 0xB4, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, /* seed */ + 0x17, 0x51, 0x37, 0xC8, 0xA1, 0x6F, 0xD0, 0xDA, 0x22, 0x11, + + 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* p */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x80, 0x01, + 0x01, 0x63, 0xF3, 0x5A, 0x51, 0x37, 0xC2, 0xCE, 0x3E, 0xA6, /* a */ + 0xED, 0x86, 0x67, 0x19, 0x0B, 0x0B, 0xC4, 0x3E, 0xCD, 0x69, + 0x97, 0x77, 0x02, 0x70, 0x9B, + 0x00, 0xC9, 0xBB, 0x9E, 0x89, 0x27, 0xD4, 0xD6, 0x4C, 0x37, /* b */ + 0x7E, 0x2A, 0xB2, 0x85, 0x6A, 0x5B, 0x16, 0xE3, 0xEF, 0xB7, + 0xF6, 0x1D, 0x43, 0x16, 0xAE, + 0x00, 0xD9, 0xB6, 0x7D, 0x19, 0x2E, 0x03, 0x67, 0xC8, 0x03, /* x */ + 0xF3, 0x9E, 0x1A, 0x7E, 0x82, 0xCA, 0x14, 0xA6, 0x51, 0x35, + 0x0A, 0xAE, 0x61, 0x7E, 0x8F, + 0x01, 0xCE, 0x94, 0x33, 0x56, 0x07, 0xC3, 0x04, 0xAC, 0x29, /* y */ + 0xE7, 0xDE, 0xFB, 0xD9, 0xCA, 0x01, 0xF5, 0x96, 0xF9, 0x27, + 0x22, 0x4C, 0xDE, 0xCF, 0x6C, + 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* order */ + 0x00, 0x00, 0x01, 0x5A, 0xAB, 0x56, 0x1B, 0x00, 0x54, 0x13, + 0xCC, 0xD4, 0xEE, 0x99, 0xD5 + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[0 + 30 * 6]; +} + _EC_NIST_CHAR2_233K = { + { + NID_X9_62_characteristic_two_field, 0, 30, 4 + }, + { /* no seed */ + 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* a */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* b */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + + 0x01, 0x72, 0x32, 0xBA, 0x85, 0x3A, 0x7E, 0x73, 0x1A, 0xF1, /* x */ + 0x29, 0xF2, 0x2F, 0xF4, 0x14, 0x95, 0x63, 0xA4, 0x19, 0xC2, + 0x6B, 0xF5, 0x0A, 0x4C, 0x9D, 0x6E, 0xEF, 0xAD, 0x61, 0x26, + + 0x01, 0xDB, 0x53, 0x7D, 0xEC, 0xE8, 0x19, 0xB7, 0xF7, 0x0F, /* y */ + 0x55, 0x5A, 0x67, 0xC4, 0x27, 0xA8, 0xCD, 0x9B, 0xF1, 0x8A, + 0xEB, 0x9B, 0x56, 0xE0, 0xC1, 0x10, 0x56, 0xFA, 0xE6, 0xA3, + + 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* order */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x9D, 0x5B, 0xB9, 0x15, + 0xBC, 0xD4, 0x6E, 0xFB, 0x1A, 0xD5, 0xF1, 0x73, 0xAB, 0xDF + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[20 + 30 * 6]; +} + _EC_NIST_CHAR2_233B = { + { + NID_X9_62_characteristic_two_field, 20, 30, 2 + }, + { + 0x74, 0xD5, 0x9F, 0xF0, 0x7F, 0x6B, 0x41, 0x3D, 0x0E, 0xA1, /* seed */ + 0x4B, 0x34, 0x4B, 0x20, 0xA2, 0xDB, 0x04, 0x9B, 0x50, 0xC3, + + 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* p */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* a */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + + 0x00, 0x66, 0x64, 0x7E, 0xDE, 0x6C, 0x33, 0x2C, 0x7F, 0x8C, /* b */ + 0x09, 0x23, 0xBB, 0x58, 0x21, 0x3B, 0x33, 0x3B, 0x20, 0xE9, + 0xCE, 0x42, 0x81, 0xFE, 0x11, 0x5F, 0x7D, 0x8F, 0x90, 0xAD, + + 0x00, 0xFA, 0xC9, 0xDF, 0xCB, 0xAC, 0x83, 0x13, 0xBB, 0x21, /* x */ + 0x39, 0xF1, 0xBB, 0x75, 0x5F, 0xEF, 0x65, 0xBC, 0x39, 0x1F, + 0x8B, 0x36, 0xF8, 0xF8, 0xEB, 0x73, 0x71, 0xFD, 0x55, 0x8B, + + 0x01, 0x00, 0x6A, 0x08, 0xA4, 0x19, 0x03, 0x35, 0x06, 0x78, /* y */ + 0xE5, 0x85, 0x28, 0xBE, 0xBF, 0x8A, 0x0B, 0xEF, 0xF8, 0x67, + 0xA7, 0xCA, 0x36, 0x71, 0x6F, 0x7E, 0x01, 0xF8, 0x10, 0x52, + + 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* order */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x13, 0xE9, 0x74, 0xE7, 0x2F, + 0x8A, 0x69, 0x22, 0x03, 0x1D, 0x26, 0x03, 0xCF, 0xE0, 0xD7 + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[0 + 30 * 6]; +} + _EC_SECG_CHAR2_239K1 = { + { + NID_X9_62_characteristic_two_field, 0, 30, 4 + }, + { /* no seed */ + 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* a */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* b */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + + 0x29, 0xA0, 0xB6, 0xA8, 0x87, 0xA9, 0x83, 0xE9, 0x73, 0x09, /* x */ + 0x88, 0xA6, 0x87, 0x27, 0xA8, 0xB2, 0xD1, 0x26, 0xC4, 0x4C, + 0xC2, 0xCC, 0x7B, 0x2A, 0x65, 0x55, 0x19, 0x30, 0x35, 0xDC, + + 0x76, 0x31, 0x08, 0x04, 0xF1, 0x2E, 0x54, 0x9B, 0xDB, 0x01, /* y */ + 0x1C, 0x10, 0x30, 0x89, 0xE7, 0x35, 0x10, 0xAC, 0xB2, 0x75, + 0xFC, 0x31, 0x2A, 0x5D, 0xC6, 0xB7, 0x65, 0x53, 0xF0, 0xCA, + + 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* order */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x5A, 0x79, 0xFE, 0xC6, 0x7C, + 0xB6, 0xE9, 0x1F, 0x1C, 0x1D, 0xA8, 0x00, 0xE4, 0x78, 0xA5 + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[0 + 36 * 6]; +} + _EC_NIST_CHAR2_283K = { + { + NID_X9_62_characteristic_two_field, 0, 36, 4 + }, + { /* no seed */ + 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x10, 0xA1, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* a */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* b */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + 0x05, 0x03, 0x21, 0x3F, 0x78, 0xCA, 0x44, 0x88, 0x3F, 0x1A, /* x */ + 0x3B, 0x81, 0x62, 0xF1, 0x88, 0xE5, 0x53, 0xCD, 0x26, 0x5F, + 0x23, 0xC1, 0x56, 0x7A, 0x16, 0x87, 0x69, 0x13, 0xB0, 0xC2, + 0xAC, 0x24, 0x58, 0x49, 0x28, 0x36, + 0x01, 0xCC, 0xDA, 0x38, 0x0F, 0x1C, 0x9E, 0x31, 0x8D, 0x90, /* y */ + 0xF9, 0x5D, 0x07, 0xE5, 0x42, 0x6F, 0xE8, 0x7E, 0x45, 0xC0, + 0xE8, 0x18, 0x46, 0x98, 0xE4, 0x59, 0x62, 0x36, 0x4E, 0x34, + 0x11, 0x61, 0x77, 0xDD, 0x22, 0x59, + 0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* order */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xE9, 0xAE, + 0x2E, 0xD0, 0x75, 0x77, 0x26, 0x5D, 0xFF, 0x7F, 0x94, 0x45, + 0x1E, 0x06, 0x1E, 0x16, 0x3C, 0x61 + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[20 + 36 * 6]; +} + _EC_NIST_CHAR2_283B = { + { + NID_X9_62_characteristic_two_field, 20, 36, 2 + }, + { + 0x77, 0xE2, 0xB0, 0x73, 0x70, 0xEB, 0x0F, 0x83, 0x2A, 0x6D, /* no seed */ + 0xD5, 0xB6, 0x2D, 0xFC, 0x88, 0xCD, 0x06, 0xBB, 0x84, 0xBE, + + 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* p */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x10, 0xA1, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* a */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + 0x02, 0x7B, 0x68, 0x0A, 0xC8, 0xB8, 0x59, 0x6D, 0xA5, 0xA4, /* b */ + 0xAF, 0x8A, 0x19, 0xA0, 0x30, 0x3F, 0xCA, 0x97, 0xFD, 0x76, + 0x45, 0x30, 0x9F, 0xA2, 0xA5, 0x81, 0x48, 0x5A, 0xF6, 0x26, + 0x3E, 0x31, 0x3B, 0x79, 0xA2, 0xF5, + 0x05, 0xF9, 0x39, 0x25, 0x8D, 0xB7, 0xDD, 0x90, 0xE1, 0x93, /* x */ + 0x4F, 0x8C, 0x70, 0xB0, 0xDF, 0xEC, 0x2E, 0xED, 0x25, 0xB8, + 0x55, 0x7E, 0xAC, 0x9C, 0x80, 0xE2, 0xE1, 0x98, 0xF8, 0xCD, + 0xBE, 0xCD, 0x86, 0xB1, 0x20, 0x53, + 0x03, 0x67, 0x68, 0x54, 0xFE, 0x24, 0x14, 0x1C, 0xB9, 0x8F, /* y */ + 0xE6, 0xD4, 0xB2, 0x0D, 0x02, 0xB4, 0x51, 0x6F, 0xF7, 0x02, + 0x35, 0x0E, 0xDD, 0xB0, 0x82, 0x67, 0x79, 0xC8, 0x13, 0xF0, + 0xDF, 0x45, 0xBE, 0x81, 0x12, 0xF4, + 0x03, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* order */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xEF, 0x90, + 0x39, 0x96, 0x60, 0xFC, 0x93, 0x8A, 0x90, 0x16, 0x5B, 0x04, + 0x2A, 0x7C, 0xEF, 0xAD, 0xB3, 0x07 + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[0 + 52 * 6]; +} + _EC_NIST_CHAR2_409K = { + { + NID_X9_62_characteristic_two_field, 0, 52, 4 + }, + { /* no seed */ + 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* p */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x01, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* a */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* b */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x01, + 0x00, 0x60, 0xF0, 0x5F, 0x65, 0x8F, 0x49, 0xC1, 0xAD, 0x3A, /* x */ + 0xB1, 0x89, 0x0F, 0x71, 0x84, 0x21, 0x0E, 0xFD, 0x09, 0x87, + 0xE3, 0x07, 0xC8, 0x4C, 0x27, 0xAC, 0xCF, 0xB8, 0xF9, 0xF6, + 0x7C, 0xC2, 0xC4, 0x60, 0x18, 0x9E, 0xB5, 0xAA, 0xAA, 0x62, + 0xEE, 0x22, 0x2E, 0xB1, 0xB3, 0x55, 0x40, 0xCF, 0xE9, 0x02, + 0x37, 0x46, + 0x01, 0xE3, 0x69, 0x05, 0x0B, 0x7C, 0x4E, 0x42, 0xAC, 0xBA, /* y */ + 0x1D, 0xAC, 0xBF, 0x04, 0x29, 0x9C, 0x34, 0x60, 0x78, 0x2F, + 0x91, 0x8E, 0xA4, 0x27, 0xE6, 0x32, 0x51, 0x65, 0xE9, 0xEA, + 0x10, 0xE3, 0xDA, 0x5F, 0x6C, 0x42, 0xE9, 0xC5, 0x52, 0x15, + 0xAA, 0x9C, 0xA2, 0x7A, 0x58, 0x63, 0xEC, 0x48, 0xD8, 0xE0, + 0x28, 0x6B, + 0x00, 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* order */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0x5F, 0x83, 0xB2, + 0xD4, 0xEA, 0x20, 0x40, 0x0E, 0xC4, 0x55, 0x7D, 0x5E, 0xD3, + 0xE3, 0xE7, 0xCA, 0x5B, 0x4B, 0x5C, 0x83, 0xB8, 0xE0, 0x1E, + 0x5F, 0xCF + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[20 + 52 * 6]; +} + _EC_NIST_CHAR2_409B = { + { + NID_X9_62_characteristic_two_field, 20, 52, 2 + }, + { + 0x40, 0x99, 0xB5, 0xA4, 0x57, 0xF9, 0xD6, 0x9F, 0x79, 0x21, /* seed */ + 0x3D, 0x09, 0x4C, 0x4B, 0xCD, 0x4D, 0x42, 0x62, 0x21, 0x0B, + + 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* p */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x01, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* a */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x01, + 0x00, 0x21, 0xA5, 0xC2, 0xC8, 0xEE, 0x9F, 0xEB, 0x5C, 0x4B, /* b */ + 0x9A, 0x75, 0x3B, 0x7B, 0x47, 0x6B, 0x7F, 0xD6, 0x42, 0x2E, + 0xF1, 0xF3, 0xDD, 0x67, 0x47, 0x61, 0xFA, 0x99, 0xD6, 0xAC, + 0x27, 0xC8, 0xA9, 0xA1, 0x97, 0xB2, 0x72, 0x82, 0x2F, 0x6C, + 0xD5, 0x7A, 0x55, 0xAA, 0x4F, 0x50, 0xAE, 0x31, 0x7B, 0x13, + 0x54, 0x5F, + 0x01, 0x5D, 0x48, 0x60, 0xD0, 0x88, 0xDD, 0xB3, 0x49, 0x6B, /* x */ + 0x0C, 0x60, 0x64, 0x75, 0x62, 0x60, 0x44, 0x1C, 0xDE, 0x4A, + 0xF1, 0x77, 0x1D, 0x4D, 0xB0, 0x1F, 0xFE, 0x5B, 0x34, 0xE5, + 0x97, 0x03, 0xDC, 0x25, 0x5A, 0x86, 0x8A, 0x11, 0x80, 0x51, + 0x56, 0x03, 0xAE, 0xAB, 0x60, 0x79, 0x4E, 0x54, 0xBB, 0x79, + 0x96, 0xA7, + 0x00, 0x61, 0xB1, 0xCF, 0xAB, 0x6B, 0xE5, 0xF3, 0x2B, 0xBF, /* y */ + 0xA7, 0x83, 0x24, 0xED, 0x10, 0x6A, 0x76, 0x36, 0xB9, 0xC5, + 0xA7, 0xBD, 0x19, 0x8D, 0x01, 0x58, 0xAA, 0x4F, 0x54, 0x88, + 0xD0, 0x8F, 0x38, 0x51, 0x4F, 0x1F, 0xDF, 0x4B, 0x4F, 0x40, + 0xD2, 0x18, 0x1B, 0x36, 0x81, 0xC3, 0x64, 0xBA, 0x02, 0x73, + 0xC7, 0x06, + 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* order */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xE2, 0xAA, 0xD6, + 0xA6, 0x12, 0xF3, 0x33, 0x07, 0xBE, 0x5F, 0xA4, 0x7C, 0x3C, + 0x9E, 0x05, 0x2F, 0x83, 0x81, 0x64, 0xCD, 0x37, 0xD9, 0xA2, + 0x11, 0x73 + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[0 + 72 * 6]; +} + _EC_NIST_CHAR2_571K = { + { + NID_X9_62_characteristic_two_field, 0, 72, 4 + }, + { /* no seed */ + 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* p */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x04, 0x25, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* a */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* b */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x01, + 0x02, 0x6E, 0xB7, 0xA8, 0x59, 0x92, 0x3F, 0xBC, 0x82, 0x18, /* x */ + 0x96, 0x31, 0xF8, 0x10, 0x3F, 0xE4, 0xAC, 0x9C, 0xA2, 0x97, + 0x00, 0x12, 0xD5, 0xD4, 0x60, 0x24, 0x80, 0x48, 0x01, 0x84, + 0x1C, 0xA4, 0x43, 0x70, 0x95, 0x84, 0x93, 0xB2, 0x05, 0xE6, + 0x47, 0xDA, 0x30, 0x4D, 0xB4, 0xCE, 0xB0, 0x8C, 0xBB, 0xD1, + 0xBA, 0x39, 0x49, 0x47, 0x76, 0xFB, 0x98, 0x8B, 0x47, 0x17, + 0x4D, 0xCA, 0x88, 0xC7, 0xE2, 0x94, 0x52, 0x83, 0xA0, 0x1C, + 0x89, 0x72, + 0x03, 0x49, 0xDC, 0x80, 0x7F, 0x4F, 0xBF, 0x37, 0x4F, 0x4A, /* y */ + 0xEA, 0xDE, 0x3B, 0xCA, 0x95, 0x31, 0x4D, 0xD5, 0x8C, 0xEC, + 0x9F, 0x30, 0x7A, 0x54, 0xFF, 0xC6, 0x1E, 0xFC, 0x00, 0x6D, + 0x8A, 0x2C, 0x9D, 0x49, 0x79, 0xC0, 0xAC, 0x44, 0xAE, 0xA7, + 0x4F, 0xBE, 0xBB, 0xB9, 0xF7, 0x72, 0xAE, 0xDC, 0xB6, 0x20, + 0xB0, 0x1A, 0x7B, 0xA7, 0xAF, 0x1B, 0x32, 0x04, 0x30, 0xC8, + 0x59, 0x19, 0x84, 0xF6, 0x01, 0xCD, 0x4C, 0x14, 0x3E, 0xF1, + 0xC7, 0xA3, + 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* order */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x13, 0x18, 0x50, 0xE1, + 0xF1, 0x9A, 0x63, 0xE4, 0xB3, 0x91, 0xA8, 0xDB, 0x91, 0x7F, + 0x41, 0x38, 0xB6, 0x30, 0xD8, 0x4B, 0xE5, 0xD6, 0x39, 0x38, + 0x1E, 0x91, 0xDE, 0xB4, 0x5C, 0xFE, 0x77, 0x8F, 0x63, 0x7C, + 0x10, 0x01 + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[20 + 72 * 6]; +} + _EC_NIST_CHAR2_571B = { + { + NID_X9_62_characteristic_two_field, 20, 72, 2 + }, + { + 0x2A, 0xA0, 0x58, 0xF7, 0x3A, 0x0E, 0x33, 0xAB, 0x48, 0x6B, /* seed */ + 0x0F, 0x61, 0x04, 0x10, 0xC5, 0x3A, 0x7F, 0x13, 0x23, 0x10, + + 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* p */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x04, 0x25, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* a */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x01, + 0x02, 0xF4, 0x0E, 0x7E, 0x22, 0x21, 0xF2, 0x95, 0xDE, 0x29, /* b */ + 0x71, 0x17, 0xB7, 0xF3, 0xD6, 0x2F, 0x5C, 0x6A, 0x97, 0xFF, + 0xCB, 0x8C, 0xEF, 0xF1, 0xCD, 0x6B, 0xA8, 0xCE, 0x4A, 0x9A, + 0x18, 0xAD, 0x84, 0xFF, 0xAB, 0xBD, 0x8E, 0xFA, 0x59, 0x33, + 0x2B, 0xE7, 0xAD, 0x67, 0x56, 0xA6, 0x6E, 0x29, 0x4A, 0xFD, + 0x18, 0x5A, 0x78, 0xFF, 0x12, 0xAA, 0x52, 0x0E, 0x4D, 0xE7, + 0x39, 0xBA, 0xCA, 0x0C, 0x7F, 0xFE, 0xFF, 0x7F, 0x29, 0x55, + 0x72, 0x7A, + 0x03, 0x03, 0x00, 0x1D, 0x34, 0xB8, 0x56, 0x29, 0x6C, 0x16, /* x */ + 0xC0, 0xD4, 0x0D, 0x3C, 0xD7, 0x75, 0x0A, 0x93, 0xD1, 0xD2, + 0x95, 0x5F, 0xA8, 0x0A, 0xA5, 0xF4, 0x0F, 0xC8, 0xDB, 0x7B, + 0x2A, 0xBD, 0xBD, 0xE5, 0x39, 0x50, 0xF4, 0xC0, 0xD2, 0x93, + 0xCD, 0xD7, 0x11, 0xA3, 0x5B, 0x67, 0xFB, 0x14, 0x99, 0xAE, + 0x60, 0x03, 0x86, 0x14, 0xF1, 0x39, 0x4A, 0xBF, 0xA3, 0xB4, + 0xC8, 0x50, 0xD9, 0x27, 0xE1, 0xE7, 0x76, 0x9C, 0x8E, 0xEC, + 0x2D, 0x19, + 0x03, 0x7B, 0xF2, 0x73, 0x42, 0xDA, 0x63, 0x9B, 0x6D, 0xCC, /* y */ + 0xFF, 0xFE, 0xB7, 0x3D, 0x69, 0xD7, 0x8C, 0x6C, 0x27, 0xA6, + 0x00, 0x9C, 0xBB, 0xCA, 0x19, 0x80, 0xF8, 0x53, 0x39, 0x21, + 0xE8, 0xA6, 0x84, 0x42, 0x3E, 0x43, 0xBA, 0xB0, 0x8A, 0x57, + 0x62, 0x91, 0xAF, 0x8F, 0x46, 0x1B, 0xB2, 0xA8, 0xB3, 0x53, + 0x1D, 0x2F, 0x04, 0x85, 0xC1, 0x9B, 0x16, 0xE2, 0xF1, 0x51, + 0x6E, 0x23, 0xDD, 0x3C, 0x1A, 0x48, 0x27, 0xAF, 0x1B, 0x8A, + 0xC1, 0x5B, + 0x03, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* order */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xE6, 0x61, 0xCE, 0x18, + 0xFF, 0x55, 0x98, 0x73, 0x08, 0x05, 0x9B, 0x18, 0x68, 0x23, + 0x85, 0x1E, 0xC7, 0xDD, 0x9C, 0xA1, 0x16, 0x1D, 0xE9, 0x3D, + 0x51, 0x74, 0xD6, 0x6E, 0x83, 0x82, 0xE9, 0xBB, 0x2F, 0xE8, + 0x4E, 0x47 + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[20 + 21 * 6]; +} + _EC_X9_62_CHAR2_163V1 = { + { + NID_X9_62_characteristic_two_field, 20, 21, 2 + }, + { + 0xD2, 0xC0, 0xFB, 0x15, 0x76, 0x08, 0x60, 0xDE, 0xF1, 0xEE, + 0xF4, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x54, /* seed */ + + 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* p */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + 0x07, + 0x07, 0x25, 0x46, 0xB5, 0x43, 0x52, 0x34, 0xA4, 0x22, 0xE0, /* a */ + 0x78, 0x96, 0x75, 0xF4, 0x32, 0xC8, 0x94, 0x35, 0xDE, 0x52, + 0x42, + 0x00, 0xC9, 0x51, 0x7D, 0x06, 0xD5, 0x24, 0x0D, 0x3C, 0xFF, /* b */ + 0x38, 0xC7, 0x4B, 0x20, 0xB6, 0xCD, 0x4D, 0x6F, 0x9D, 0xD4, + 0xD9, + 0x07, 0xAF, 0x69, 0x98, 0x95, 0x46, 0x10, 0x3D, 0x79, 0x32, /* x */ + 0x9F, 0xCC, 0x3D, 0x74, 0x88, 0x0F, 0x33, 0xBB, 0xE8, 0x03, + 0xCB, + 0x01, 0xEC, 0x23, 0x21, 0x1B, 0x59, 0x66, 0xAD, 0xEA, 0x1D, /* y */ + 0x3F, 0x87, 0xF7, 0xEA, 0x58, 0x48, 0xAE, 0xF0, 0xB7, 0xCA, + 0x9F, + 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* order */ + 0x01, 0xE6, 0x0F, 0xC8, 0x82, 0x1C, 0xC7, 0x4D, 0xAE, 0xAF, + 0xC1 + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[20 + 21 * 6]; +} + _EC_X9_62_CHAR2_163V2 = { + { + NID_X9_62_characteristic_two_field, 20, 21, 2 + }, + { + 0x53, 0x81, 0x4C, 0x05, 0x0D, 0x44, 0xD6, 0x96, 0xE6, 0x76, /* seed */ + 0x87, 0x56, 0x15, 0x17, 0x58, 0x0C, 0xA4, 0xE2, 0x9F, 0xFD, + + 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* p */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + 0x07, + 0x01, 0x08, 0xB3, 0x9E, 0x77, 0xC4, 0xB1, 0x08, 0xBE, 0xD9, /* a */ + 0x81, 0xED, 0x0E, 0x89, 0x0E, 0x11, 0x7C, 0x51, 0x1C, 0xF0, + 0x72, + 0x06, 0x67, 0xAC, 0xEB, 0x38, 0xAF, 0x4E, 0x48, 0x8C, 0x40, /* b */ + 0x74, 0x33, 0xFF, 0xAE, 0x4F, 0x1C, 0x81, 0x16, 0x38, 0xDF, + 0x20, + 0x00, 0x24, 0x26, 0x6E, 0x4E, 0xB5, 0x10, 0x6D, 0x0A, 0x96, /* x */ + 0x4D, 0x92, 0xC4, 0x86, 0x0E, 0x26, 0x71, 0xDB, 0x9B, 0x6C, + 0xC5, + 0x07, 0x9F, 0x68, 0x4D, 0xDF, 0x66, 0x84, 0xC5, 0xCD, 0x25, /* y */ + 0x8B, 0x38, 0x90, 0x02, 0x1B, 0x23, 0x86, 0xDF, 0xD1, 0x9F, + 0xC5, + 0x03, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* order */ + 0xFD, 0xF6, 0x4D, 0xE1, 0x15, 0x1A, 0xDB, 0xB7, 0x8F, 0x10, + 0xA7 + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[20 + 21 * 6]; +} + _EC_X9_62_CHAR2_163V3 = { + { + NID_X9_62_characteristic_two_field, 20, 21, 2 + }, + { + 0x50, 0xCB, 0xF1, 0xD9, 0x5C, 0xA9, 0x4D, 0x69, 0x6E, 0x67, /* seed */ + 0x68, 0x75, 0x61, 0x51, 0x75, 0xF1, 0x6A, 0x36, 0xA3, 0xB8, + + 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* p */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + 0x07, + 0x07, 0xA5, 0x26, 0xC6, 0x3D, 0x3E, 0x25, 0xA2, 0x56, 0xA0, /* a */ + 0x07, 0x69, 0x9F, 0x54, 0x47, 0xE3, 0x2A, 0xE4, 0x56, 0xB5, + 0x0E, + 0x03, 0xF7, 0x06, 0x17, 0x98, 0xEB, 0x99, 0xE2, 0x38, 0xFD, /* b */ + 0x6F, 0x1B, 0xF9, 0x5B, 0x48, 0xFE, 0xEB, 0x48, 0x54, 0x25, + 0x2B, + 0x02, 0xF9, 0xF8, 0x7B, 0x7C, 0x57, 0x4D, 0x0B, 0xDE, 0xCF, /* x */ + 0x8A, 0x22, 0xE6, 0x52, 0x47, 0x75, 0xF9, 0x8C, 0xDE, 0xBD, + 0xCB, + 0x05, 0xB9, 0x35, 0x59, 0x0C, 0x15, 0x5E, 0x17, 0xEA, 0x48, /* y */ + 0xEB, 0x3F, 0xF3, 0x71, 0x8B, 0x89, 0x3D, 0xF5, 0x9A, 0x05, + 0xD0, + 0x03, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* order */ + 0xFE, 0x1A, 0xEE, 0x14, 0x0F, 0x11, 0x0A, 0xFF, 0x96, 0x13, + 0x09 + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[0 + 23 * 6]; +} + _EC_X9_62_CHAR2_176V1 = { + { + NID_X9_62_characteristic_two_field, 0, 23, 0xFF6E + }, + { /* no seed */ + 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* p */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, + 0x00, 0x00, 0x07, + 0x00, 0xE4, 0xE6, 0xDB, 0x29, 0x95, 0x06, 0x5C, 0x40, 0x7D, /* a */ + 0x9D, 0x39, 0xB8, 0xD0, 0x96, 0x7B, 0x96, 0x70, 0x4B, 0xA8, + 0xE9, 0xC9, 0x0B, + 0x00, 0x5D, 0xDA, 0x47, 0x0A, 0xBE, 0x64, 0x14, 0xDE, 0x8E, /* b */ + 0xC1, 0x33, 0xAE, 0x28, 0xE9, 0xBB, 0xD7, 0xFC, 0xEC, 0x0A, + 0xE0, 0xFF, 0xF2, + 0x00, 0x8D, 0x16, 0xC2, 0x86, 0x67, 0x98, 0xB6, 0x00, 0xF9, /* x */ + 0xF0, 0x8B, 0xB4, 0xA8, 0xE8, 0x60, 0xF3, 0x29, 0x8C, 0xE0, + 0x4A, 0x57, 0x98, + 0x00, 0x6F, 0xA4, 0x53, 0x9C, 0x2D, 0xAD, 0xDD, 0xD6, 0xBA, /* y */ + 0xB5, 0x16, 0x7D, 0x61, 0xB4, 0x36, 0xE1, 0xD9, 0x2B, 0xB1, + 0x6A, 0x56, 0x2C, + 0x00, 0x00, 0x01, 0x00, 0x92, 0x53, 0x73, 0x97, 0xEC, 0xA4, /* order */ + 0xF6, 0x14, 0x57, 0x99, 0xD6, 0x2B, 0x0A, 0x19, 0xCE, 0x06, + 0xFE, 0x26, 0xAD + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[20 + 24 * 6]; +} + _EC_X9_62_CHAR2_191V1 = { + { + NID_X9_62_characteristic_two_field, 20, 24, 2 + }, + { + 0x4E, 0x13, 0xCA, 0x54, 0x27, 0x44, 0xD6, 0x96, 0xE6, 0x76, /* seed */ + 0x87, 0x56, 0x15, 0x17, 0x55, 0x2F, 0x27, 0x9A, 0x8C, 0x84, + + 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* p */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x02, 0x01, + 0x28, 0x66, 0x53, 0x7B, 0x67, 0x67, 0x52, 0x63, 0x6A, 0x68, /* a */ + 0xF5, 0x65, 0x54, 0xE1, 0x26, 0x40, 0x27, 0x6B, 0x64, 0x9E, + 0xF7, 0x52, 0x62, 0x67, + 0x2E, 0x45, 0xEF, 0x57, 0x1F, 0x00, 0x78, 0x6F, 0x67, 0xB0, /* b */ + 0x08, 0x1B, 0x94, 0x95, 0xA3, 0xD9, 0x54, 0x62, 0xF5, 0xDE, + 0x0A, 0xA1, 0x85, 0xEC, + 0x36, 0xB3, 0xDA, 0xF8, 0xA2, 0x32, 0x06, 0xF9, 0xC4, 0xF2, /* x */ + 0x99, 0xD7, 0xB2, 0x1A, 0x9C, 0x36, 0x91, 0x37, 0xF2, 0xC8, + 0x4A, 0xE1, 0xAA, 0x0D, + 0x76, 0x5B, 0xE7, 0x34, 0x33, 0xB3, 0xF9, 0x5E, 0x33, 0x29, /* y */ + 0x32, 0xE7, 0x0E, 0xA2, 0x45, 0xCA, 0x24, 0x18, 0xEA, 0x0E, + 0xF9, 0x80, 0x18, 0xFB, + 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* order */ + 0x00, 0x00, 0x04, 0xA2, 0x0E, 0x90, 0xC3, 0x90, 0x67, 0xC8, + 0x93, 0xBB, 0xB9, 0xA5 + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[20 + 24 * 6]; +} + _EC_X9_62_CHAR2_191V2 = { + { + NID_X9_62_characteristic_two_field, 20, 24, 4 + }, + { + 0x08, 0x71, 0xEF, 0x2F, 0xEF, 0x24, 0xD6, 0x96, 0xE6, 0x76, /* seed */ + 0x87, 0x56, 0x15, 0x17, 0x58, 0xBE, 0xE0, 0xD9, 0x5C, 0x15, + + 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* p */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x02, 0x01, + 0x40, 0x10, 0x28, 0x77, 0x4D, 0x77, 0x77, 0xC7, 0xB7, 0x66, /* a */ + 0x6D, 0x13, 0x66, 0xEA, 0x43, 0x20, 0x71, 0x27, 0x4F, 0x89, + 0xFF, 0x01, 0xE7, 0x18, + 0x06, 0x20, 0x04, 0x8D, 0x28, 0xBC, 0xBD, 0x03, 0xB6, 0x24, /* b */ + 0x9C, 0x99, 0x18, 0x2B, 0x7C, 0x8C, 0xD1, 0x97, 0x00, 0xC3, + 0x62, 0xC4, 0x6A, 0x01, + 0x38, 0x09, 0xB2, 0xB7, 0xCC, 0x1B, 0x28, 0xCC, 0x5A, 0x87, /* x */ + 0x92, 0x6A, 0xAD, 0x83, 0xFD, 0x28, 0x78, 0x9E, 0x81, 0xE2, + 0xC9, 0xE3, 0xBF, 0x10, + 0x17, 0x43, 0x43, 0x86, 0x62, 0x6D, 0x14, 0xF3, 0xDB, 0xF0, /* y */ + 0x17, 0x60, 0xD9, 0x21, 0x3A, 0x3E, 0x1C, 0xF3, 0x7A, 0xEC, + 0x43, 0x7D, 0x66, 0x8A, + 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* order */ + 0x00, 0x00, 0x50, 0x50, 0x8C, 0xB8, 0x9F, 0x65, 0x28, 0x24, + 0xE0, 0x6B, 0x81, 0x73 + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[20 + 24 * 6]; +} + _EC_X9_62_CHAR2_191V3 = { + { + NID_X9_62_characteristic_two_field, 20, 24, 6 + }, + { + 0xE0, 0x53, 0x51, 0x2D, 0xC6, 0x84, 0xD6, 0x96, 0xE6, 0x76, /* seed */ + 0x87, 0x56, 0x15, 0x17, 0x50, 0x67, 0xAE, 0x78, 0x6D, 0x1F, + + 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* p */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x02, 0x01, + 0x6C, 0x01, 0x07, 0x47, 0x56, 0x09, 0x91, 0x22, 0x22, 0x10, /* a */ + 0x56, 0x91, 0x1C, 0x77, 0xD7, 0x7E, 0x77, 0xA7, 0x77, 0xE7, + 0xE7, 0xE7, 0x7F, 0xCB, + 0x71, 0xFE, 0x1A, 0xF9, 0x26, 0xCF, 0x84, 0x79, 0x89, 0xEF, /* b */ + 0xEF, 0x8D, 0xB4, 0x59, 0xF6, 0x63, 0x94, 0xD9, 0x0F, 0x32, + 0xAD, 0x3F, 0x15, 0xE8, + 0x37, 0x5D, 0x4C, 0xE2, 0x4F, 0xDE, 0x43, 0x44, 0x89, 0xDE, /* x */ + 0x87, 0x46, 0xE7, 0x17, 0x86, 0x01, 0x50, 0x09, 0xE6, 0x6E, + 0x38, 0xA9, 0x26, 0xDD, + 0x54, 0x5A, 0x39, 0x17, 0x61, 0x96, 0x57, 0x5D, 0x98, 0x59, /* y */ + 0x99, 0x36, 0x6E, 0x6A, 0xD3, 0x4C, 0xE0, 0xA7, 0x7C, 0xD7, + 0x12, 0x7B, 0x06, 0xBE, + 0x15, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, /* order */ + 0x55, 0x55, 0x61, 0x0C, 0x0B, 0x19, 0x68, 0x12, 0xBF, 0xB6, + 0x28, 0x8A, 0x3E, 0xA3 + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[0 + 27 * 6]; +} + _EC_X9_62_CHAR2_208W1 = { + { + NID_X9_62_characteristic_two_field, 0, 27, 0xFE48 + }, + { /* no seed */ + 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* p */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* a */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0xC8, 0x61, 0x9E, 0xD4, 0x5A, 0x62, 0xE6, 0x21, 0x2E, /* b */ + 0x11, 0x60, 0x34, 0x9E, 0x2B, 0xFA, 0x84, 0x44, 0x39, 0xFA, + 0xFC, 0x2A, 0x3F, 0xD1, 0x63, 0x8F, 0x9E, + 0x00, 0x89, 0xFD, 0xFB, 0xE4, 0xAB, 0xE1, 0x93, 0xDF, 0x95, /* x */ + 0x59, 0xEC, 0xF0, 0x7A, 0xC0, 0xCE, 0x78, 0x55, 0x4E, 0x27, + 0x84, 0xEB, 0x8C, 0x1E, 0xD1, 0xA5, 0x7A, + 0x00, 0x0F, 0x55, 0xB5, 0x1A, 0x06, 0xE7, 0x8E, 0x9A, 0xC3, /* y */ + 0x8A, 0x03, 0x5F, 0xF5, 0x20, 0xD8, 0xB0, 0x17, 0x81, 0xBE, + 0xB1, 0xA6, 0xBB, 0x08, 0x61, 0x7D, 0xE3, + 0x00, 0x00, 0x01, 0x01, 0xBA, 0xF9, 0x5C, 0x97, 0x23, 0xC5, /* order */ + 0x7B, 0x6C, 0x21, 0xDA, 0x2E, 0xFF, 0x2D, 0x5E, 0xD5, 0x88, + 0xBD, 0xD5, 0x71, 0x7E, 0x21, 0x2F, 0x9D + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[20 + 30 * 6]; +} + _EC_X9_62_CHAR2_239V1 = { + { + NID_X9_62_characteristic_two_field, 20, 30, 4 + }, + { + 0xD3, 0x4B, 0x9A, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, /* seed */ + 0x51, 0x75, 0xCA, 0x71, 0xB9, 0x20, 0xBF, 0xEF, 0xB0, 0x5D, + + 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* p */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x01, + + 0x32, 0x01, 0x08, 0x57, 0x07, 0x7C, 0x54, 0x31, 0x12, 0x3A, /* a */ + 0x46, 0xB8, 0x08, 0x90, 0x67, 0x56, 0xF5, 0x43, 0x42, 0x3E, + 0x8D, 0x27, 0x87, 0x75, 0x78, 0x12, 0x57, 0x78, 0xAC, 0x76, + + 0x79, 0x04, 0x08, 0xF2, 0xEE, 0xDA, 0xF3, 0x92, 0xB0, 0x12, /* b */ + 0xED, 0xEF, 0xB3, 0x39, 0x2F, 0x30, 0xF4, 0x32, 0x7C, 0x0C, + 0xA3, 0xF3, 0x1F, 0xC3, 0x83, 0xC4, 0x22, 0xAA, 0x8C, 0x16, + + 0x57, 0x92, 0x70, 0x98, 0xFA, 0x93, 0x2E, 0x7C, 0x0A, 0x96, /* x */ + 0xD3, 0xFD, 0x5B, 0x70, 0x6E, 0xF7, 0xE5, 0xF5, 0xC1, 0x56, + 0xE1, 0x6B, 0x7E, 0x7C, 0x86, 0x03, 0x85, 0x52, 0xE9, 0x1D, + + 0x61, 0xD8, 0xEE, 0x50, 0x77, 0xC3, 0x3F, 0xEC, 0xF6, 0xF1, /* y */ + 0xA1, 0x6B, 0x26, 0x8D, 0xE4, 0x69, 0xC3, 0xC7, 0x74, 0x4E, + 0xA9, 0xA9, 0x71, 0x64, 0x9F, 0xC7, 0xA9, 0x61, 0x63, 0x05, + + 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* order */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x0F, 0x4D, 0x42, 0xFF, 0xE1, + 0x49, 0x2A, 0x49, 0x93, 0xF1, 0xCA, 0xD6, 0x66, 0xE4, 0x47 + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[20 + 30 * 6]; +} + _EC_X9_62_CHAR2_239V2 = { + { + NID_X9_62_characteristic_two_field, 20, 30, 6 + }, + { + 0x2A, 0xA6, 0x98, 0x2F, 0xDF, 0xA4, 0xD6, 0x96, 0xE6, 0x76, /* seed */ + 0x87, 0x56, 0x15, 0x17, 0x5D, 0x26, 0x67, 0x27, 0x27, 0x7D, + + 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* p */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x01, + + 0x42, 0x30, 0x01, 0x77, 0x57, 0xA7, 0x67, 0xFA, 0xE4, 0x23, /* a */ + 0x98, 0x56, 0x9B, 0x74, 0x63, 0x25, 0xD4, 0x53, 0x13, 0xAF, + 0x07, 0x66, 0x26, 0x64, 0x79, 0xB7, 0x56, 0x54, 0xE6, 0x5F, + + 0x50, 0x37, 0xEA, 0x65, 0x41, 0x96, 0xCF, 0xF0, 0xCD, 0x82, /* b */ + 0xB2, 0xC1, 0x4A, 0x2F, 0xCF, 0x2E, 0x3F, 0xF8, 0x77, 0x52, + 0x85, 0xB5, 0x45, 0x72, 0x2F, 0x03, 0xEA, 0xCD, 0xB7, 0x4B, + + 0x28, 0xF9, 0xD0, 0x4E, 0x90, 0x00, 0x69, 0xC8, 0xDC, 0x47, /* x */ + 0xA0, 0x85, 0x34, 0xFE, 0x76, 0xD2, 0xB9, 0x00, 0xB7, 0xD7, + 0xEF, 0x31, 0xF5, 0x70, 0x9F, 0x20, 0x0C, 0x4C, 0xA2, 0x05, + + 0x56, 0x67, 0x33, 0x4C, 0x45, 0xAF, 0xF3, 0xB5, 0xA0, 0x3B, /* y */ + 0xAD, 0x9D, 0xD7, 0x5E, 0x2C, 0x71, 0xA9, 0x93, 0x62, 0x56, + 0x7D, 0x54, 0x53, 0xF7, 0xFA, 0x6E, 0x22, 0x7E, 0xC8, 0x33, + + 0x15, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, /* order */ + 0x55, 0x55, 0x55, 0x55, 0x55, 0x3C, 0x6F, 0x28, 0x85, 0x25, + 0x9C, 0x31, 0xE3, 0xFC, 0xDF, 0x15, 0x46, 0x24, 0x52, 0x2D + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[20 + 30 * 6]; +} + _EC_X9_62_CHAR2_239V3 = { + { + NID_X9_62_characteristic_two_field, 20, 30, 0xA + }, + { + 0x9E, 0x07, 0x6F, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, /* seed */ + 0x51, 0x75, 0xE1, 0x1E, 0x9F, 0xDD, 0x77, 0xF9, 0x20, 0x41, + + 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* p */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, 0x01, + + 0x01, 0x23, 0x87, 0x74, 0x66, 0x6A, 0x67, 0x76, 0x6D, 0x66, /* a */ + 0x76, 0xF7, 0x78, 0xE6, 0x76, 0xB6, 0x69, 0x99, 0x17, 0x66, + 0x66, 0xE6, 0x87, 0x66, 0x6D, 0x87, 0x66, 0xC6, 0x6A, 0x9F, + + 0x6A, 0x94, 0x19, 0x77, 0xBA, 0x9F, 0x6A, 0x43, 0x51, 0x99, /* b */ + 0xAC, 0xFC, 0x51, 0x06, 0x7E, 0xD5, 0x87, 0xF5, 0x19, 0xC5, + 0xEC, 0xB5, 0x41, 0xB8, 0xE4, 0x41, 0x11, 0xDE, 0x1D, 0x40, + + 0x70, 0xF6, 0xE9, 0xD0, 0x4D, 0x28, 0x9C, 0x4E, 0x89, 0x91, /* x */ + 0x3C, 0xE3, 0x53, 0x0B, 0xFD, 0xE9, 0x03, 0x97, 0x7D, 0x42, + 0xB1, 0x46, 0xD5, 0x39, 0xBF, 0x1B, 0xDE, 0x4E, 0x9C, 0x92, + + 0x2E, 0x5A, 0x0E, 0xAF, 0x6E, 0x5E, 0x13, 0x05, 0xB9, 0x00, /* y */ + 0x4D, 0xCE, 0x5C, 0x0E, 0xD7, 0xFE, 0x59, 0xA3, 0x56, 0x08, + 0xF3, 0x38, 0x37, 0xC8, 0x16, 0xD8, 0x0B, 0x79, 0xF4, 0x61, + + 0x0C, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, /* order */ + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xAC, 0x49, 0x12, 0xD2, 0xD9, + 0xDF, 0x90, 0x3E, 0xF9, 0x88, 0x8B, 0x8A, 0x0E, 0x4C, 0xFF + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[0 + 35 * 6]; +} + _EC_X9_62_CHAR2_272W1 = { + { + NID_X9_62_characteristic_two_field, 0, 35, 0xFF06 + }, + { /* no seed */ + 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* p */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x0B, + 0x00, 0x91, 0xA0, 0x91, 0xF0, 0x3B, 0x5F, 0xBA, 0x4A, 0xB2, /* a */ + 0xCC, 0xF4, 0x9C, 0x4E, 0xDD, 0x22, 0x0F, 0xB0, 0x28, 0x71, + 0x2D, 0x42, 0xBE, 0x75, 0x2B, 0x2C, 0x40, 0x09, 0x4D, 0xBA, + 0xCD, 0xB5, 0x86, 0xFB, 0x20, + 0x00, 0x71, 0x67, 0xEF, 0xC9, 0x2B, 0xB2, 0xE3, 0xCE, 0x7C, /* b */ + 0x8A, 0xAA, 0xFF, 0x34, 0xE1, 0x2A, 0x9C, 0x55, 0x70, 0x03, + 0xD7, 0xC7, 0x3A, 0x6F, 0xAF, 0x00, 0x3F, 0x99, 0xF6, 0xCC, + 0x84, 0x82, 0xE5, 0x40, 0xF7, + 0x00, 0x61, 0x08, 0xBA, 0xBB, 0x2C, 0xEE, 0xBC, 0xF7, 0x87, /* x */ + 0x05, 0x8A, 0x05, 0x6C, 0xBE, 0x0C, 0xFE, 0x62, 0x2D, 0x77, + 0x23, 0xA2, 0x89, 0xE0, 0x8A, 0x07, 0xAE, 0x13, 0xEF, 0x0D, + 0x10, 0xD1, 0x71, 0xDD, 0x8D, + 0x00, 0x10, 0xC7, 0x69, 0x57, 0x16, 0x85, 0x1E, 0xEF, 0x6B, /* y */ + 0xA7, 0xF6, 0x87, 0x2E, 0x61, 0x42, 0xFB, 0xD2, 0x41, 0xB8, + 0x30, 0xFF, 0x5E, 0xFC, 0xAC, 0xEC, 0xCA, 0xB0, 0x5E, 0x02, + 0x00, 0x5D, 0xDE, 0x9D, 0x23, + 0x00, 0x00, 0x01, 0x00, 0xFA, 0xF5, 0x13, 0x54, 0xE0, 0xE3, /* order */ + 0x9E, 0x48, 0x92, 0xDF, 0x6E, 0x31, 0x9C, 0x72, 0xC8, 0x16, + 0x16, 0x03, 0xFA, 0x45, 0xAA, 0x7B, 0x99, 0x8A, 0x16, 0x7B, + 0x8F, 0x1E, 0x62, 0x95, 0x21 + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[0 + 39 * 6]; +} + _EC_X9_62_CHAR2_304W1 = { + { + NID_X9_62_characteristic_two_field, 0, 39, 0xFE2E + }, + { /* no seed */ + 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* p */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x07, + 0x00, 0xFD, 0x0D, 0x69, 0x31, 0x49, 0xA1, 0x18, 0xF6, 0x51, /* a */ + 0xE6, 0xDC, 0xE6, 0x80, 0x20, 0x85, 0x37, 0x7E, 0x5F, 0x88, + 0x2D, 0x1B, 0x51, 0x0B, 0x44, 0x16, 0x00, 0x74, 0xC1, 0x28, + 0x80, 0x78, 0x36, 0x5A, 0x03, 0x96, 0xC8, 0xE6, 0x81, + 0x00, 0xBD, 0xDB, 0x97, 0xE5, 0x55, 0xA5, 0x0A, 0x90, 0x8E, /* b */ + 0x43, 0xB0, 0x1C, 0x79, 0x8E, 0xA5, 0xDA, 0xA6, 0x78, 0x8F, + 0x1E, 0xA2, 0x79, 0x4E, 0xFC, 0xF5, 0x71, 0x66, 0xB8, 0xC1, + 0x40, 0x39, 0x60, 0x1E, 0x55, 0x82, 0x73, 0x40, 0xBE, + 0x00, 0x19, 0x7B, 0x07, 0x84, 0x5E, 0x9B, 0xE2, 0xD9, 0x6A, /* x */ + 0xDB, 0x0F, 0x5F, 0x3C, 0x7F, 0x2C, 0xFF, 0xBD, 0x7A, 0x3E, + 0xB8, 0xB6, 0xFE, 0xC3, 0x5C, 0x7F, 0xD6, 0x7F, 0x26, 0xDD, + 0xF6, 0x28, 0x5A, 0x64, 0x4F, 0x74, 0x0A, 0x26, 0x14, + 0x00, 0xE1, 0x9F, 0xBE, 0xB7, 0x6E, 0x0D, 0xA1, 0x71, 0x51, /* y */ + 0x7E, 0xCF, 0x40, 0x1B, 0x50, 0x28, 0x9B, 0xF0, 0x14, 0x10, + 0x32, 0x88, 0x52, 0x7A, 0x9B, 0x41, 0x6A, 0x10, 0x5E, 0x80, + 0x26, 0x0B, 0x54, 0x9F, 0xDC, 0x1B, 0x92, 0xC0, 0x3B, + 0x00, 0x00, 0x01, 0x01, 0xD5, 0x56, 0x57, 0x2A, 0xAB, 0xAC, /* order */ + 0x80, 0x01, 0x01, 0xD5, 0x56, 0x57, 0x2A, 0xAB, 0xAC, 0x80, + 0x01, 0x02, 0x2D, 0x5C, 0x91, 0xDD, 0x17, 0x3F, 0x8F, 0xB5, + 0x61, 0xDA, 0x68, 0x99, 0x16, 0x44, 0x43, 0x05, 0x1D + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[20 + 45 * 6]; +} + _EC_X9_62_CHAR2_359V1 = { + { + NID_X9_62_characteristic_two_field, 20, 45, 0x4C + }, + { + 0x2B, 0x35, 0x49, 0x20, 0xB7, 0x24, 0xD6, 0x96, 0xE6, 0x76, /* seed */ + 0x87, 0x56, 0x15, 0x17, 0x58, 0x5B, 0xA1, 0x33, 0x2D, 0xC6, + + 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* p */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x01, + 0x56, 0x67, 0x67, 0x6A, 0x65, 0x4B, 0x20, 0x75, 0x4F, 0x35, /* a */ + 0x6E, 0xA9, 0x20, 0x17, 0xD9, 0x46, 0x56, 0x7C, 0x46, 0x67, + 0x55, 0x56, 0xF1, 0x95, 0x56, 0xA0, 0x46, 0x16, 0xB5, 0x67, + 0xD2, 0x23, 0xA5, 0xE0, 0x56, 0x56, 0xFB, 0x54, 0x90, 0x16, + 0xA9, 0x66, 0x56, 0xA5, 0x57, + 0x24, 0x72, 0xE2, 0xD0, 0x19, 0x7C, 0x49, 0x36, 0x3F, 0x1F, /* b */ + 0xE7, 0xF5, 0xB6, 0xDB, 0x07, 0x5D, 0x52, 0xB6, 0x94, 0x7D, + 0x13, 0x5D, 0x8C, 0xA4, 0x45, 0x80, 0x5D, 0x39, 0xBC, 0x34, + 0x56, 0x26, 0x08, 0x96, 0x87, 0x74, 0x2B, 0x63, 0x29, 0xE7, + 0x06, 0x80, 0x23, 0x19, 0x88, + 0x3C, 0x25, 0x8E, 0xF3, 0x04, 0x77, 0x67, 0xE7, 0xED, 0xE0, /* x */ + 0xF1, 0xFD, 0xAA, 0x79, 0xDA, 0xEE, 0x38, 0x41, 0x36, 0x6A, + 0x13, 0x2E, 0x16, 0x3A, 0xCE, 0xD4, 0xED, 0x24, 0x01, 0xDF, + 0x9C, 0x6B, 0xDC, 0xDE, 0x98, 0xE8, 0xE7, 0x07, 0xC0, 0x7A, + 0x22, 0x39, 0xB1, 0xB0, 0x97, + 0x53, 0xD7, 0xE0, 0x85, 0x29, 0x54, 0x70, 0x48, 0x12, 0x1E, /* y */ + 0x9C, 0x95, 0xF3, 0x79, 0x1D, 0xD8, 0x04, 0x96, 0x39, 0x48, + 0xF3, 0x4F, 0xAE, 0x7B, 0xF4, 0x4E, 0xA8, 0x23, 0x65, 0xDC, + 0x78, 0x68, 0xFE, 0x57, 0xE4, 0xAE, 0x2D, 0xE2, 0x11, 0x30, + 0x5A, 0x40, 0x71, 0x04, 0xBD, + 0x01, 0xAF, 0x28, 0x6B, 0xCA, 0x1A, 0xF2, 0x86, 0xBC, 0xA1, /* order */ + 0xAF, 0x28, 0x6B, 0xCA, 0x1A, 0xF2, 0x86, 0xBC, 0xA1, 0xAF, + 0x28, 0x6B, 0xC9, 0xFB, 0x8F, 0x6B, 0x85, 0xC5, 0x56, 0x89, + 0x2C, 0x20, 0xA7, 0xEB, 0x96, 0x4F, 0xE7, 0x71, 0x9E, 0x74, + 0xF4, 0x90, 0x75, 0x8D, 0x3B + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[0 + 47 * 6]; +} + _EC_X9_62_CHAR2_368W1 = { + { + NID_X9_62_characteristic_two_field, 0, 47, 0xFF70 + }, + { /* no seed */ + 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* p */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, + 0x00, 0xE0, 0xD2, 0xEE, 0x25, 0x09, 0x52, 0x06, 0xF5, 0xE2, /* a */ + 0xA4, 0xF9, 0xED, 0x22, 0x9F, 0x1F, 0x25, 0x6E, 0x79, 0xA0, + 0xE2, 0xB4, 0x55, 0x97, 0x0D, 0x8D, 0x0D, 0x86, 0x5B, 0xD9, + 0x47, 0x78, 0xC5, 0x76, 0xD6, 0x2F, 0x0A, 0xB7, 0x51, 0x9C, + 0xCD, 0x2A, 0x1A, 0x90, 0x6A, 0xE3, 0x0D, + 0x00, 0xFC, 0x12, 0x17, 0xD4, 0x32, 0x0A, 0x90, 0x45, 0x2C, /* b */ + 0x76, 0x0A, 0x58, 0xED, 0xCD, 0x30, 0xC8, 0xDD, 0x06, 0x9B, + 0x3C, 0x34, 0x45, 0x38, 0x37, 0xA3, 0x4E, 0xD5, 0x0C, 0xB5, + 0x49, 0x17, 0xE1, 0xC2, 0x11, 0x2D, 0x84, 0xD1, 0x64, 0xF4, + 0x44, 0xF8, 0xF7, 0x47, 0x86, 0x04, 0x6A, + 0x00, 0x10, 0x85, 0xE2, 0x75, 0x53, 0x81, 0xDC, 0xCC, 0xE3, /* x */ + 0xC1, 0x55, 0x7A, 0xFA, 0x10, 0xC2, 0xF0, 0xC0, 0xC2, 0x82, + 0x56, 0x46, 0xC5, 0xB3, 0x4A, 0x39, 0x4C, 0xBC, 0xFA, 0x8B, + 0xC1, 0x6B, 0x22, 0xE7, 0xE7, 0x89, 0xE9, 0x27, 0xBE, 0x21, + 0x6F, 0x02, 0xE1, 0xFB, 0x13, 0x6A, 0x5F, + 0x00, 0x7B, 0x3E, 0xB1, 0xBD, 0xDC, 0xBA, 0x62, 0xD5, 0xD8, /* y */ + 0xB2, 0x05, 0x9B, 0x52, 0x57, 0x97, 0xFC, 0x73, 0x82, 0x2C, + 0x59, 0x05, 0x9C, 0x62, 0x3A, 0x45, 0xFF, 0x38, 0x43, 0xCE, + 0xE8, 0xF8, 0x7C, 0xD1, 0x85, 0x5A, 0xDA, 0xA8, 0x1E, 0x2A, + 0x07, 0x50, 0xB8, 0x0F, 0xDA, 0x23, 0x10, + 0x00, 0x00, 0x01, 0x00, 0x90, 0x51, 0x2D, 0xA9, 0xAF, 0x72, /* order */ + 0xB0, 0x83, 0x49, 0xD9, 0x8A, 0x5D, 0xD4, 0xC7, 0xB0, 0x53, + 0x2E, 0xCA, 0x51, 0xCE, 0x03, 0xE2, 0xD1, 0x0F, 0x3B, 0x7A, + 0xC5, 0x79, 0xBD, 0x87, 0xE9, 0x09, 0xAE, 0x40, 0xA6, 0xF1, + 0x31, 0xE9, 0xCF, 0xCE, 0x5B, 0xD9, 0x67 + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[0 + 54 * 6]; +} + _EC_X9_62_CHAR2_431R1 = { + { + NID_X9_62_characteristic_two_field, 0, 54, 0x2760 + }, + { /* no seed */ + 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* p */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x01, + 0x1A, 0x82, 0x7E, 0xF0, 0x0D, 0xD6, 0xFC, 0x0E, 0x23, 0x4C, /* a */ + 0xAF, 0x04, 0x6C, 0x6A, 0x5D, 0x8A, 0x85, 0x39, 0x5B, 0x23, + 0x6C, 0xC4, 0xAD, 0x2C, 0xF3, 0x2A, 0x0C, 0xAD, 0xBD, 0xC9, + 0xDD, 0xF6, 0x20, 0xB0, 0xEB, 0x99, 0x06, 0xD0, 0x95, 0x7F, + 0x6C, 0x6F, 0xEA, 0xCD, 0x61, 0x54, 0x68, 0xDF, 0x10, 0x4D, + 0xE2, 0x96, 0xCD, 0x8F, + 0x10, 0xD9, 0xB4, 0xA3, 0xD9, 0x04, 0x7D, 0x8B, 0x15, 0x43, /* b */ + 0x59, 0xAB, 0xFB, 0x1B, 0x7F, 0x54, 0x85, 0xB0, 0x4C, 0xEB, + 0x86, 0x82, 0x37, 0xDD, 0xC9, 0xDE, 0xDA, 0x98, 0x2A, 0x67, + 0x9A, 0x5A, 0x91, 0x9B, 0x62, 0x6D, 0x4E, 0x50, 0xA8, 0xDD, + 0x73, 0x1B, 0x10, 0x7A, 0x99, 0x62, 0x38, 0x1F, 0xB5, 0xD8, + 0x07, 0xBF, 0x26, 0x18, + 0x12, 0x0F, 0xC0, 0x5D, 0x3C, 0x67, 0xA9, 0x9D, 0xE1, 0x61, /* x */ + 0xD2, 0xF4, 0x09, 0x26, 0x22, 0xFE, 0xCA, 0x70, 0x1B, 0xE4, + 0xF5, 0x0F, 0x47, 0x58, 0x71, 0x4E, 0x8A, 0x87, 0xBB, 0xF2, + 0xA6, 0x58, 0xEF, 0x8C, 0x21, 0xE7, 0xC5, 0xEF, 0xE9, 0x65, + 0x36, 0x1F, 0x6C, 0x29, 0x99, 0xC0, 0xC2, 0x47, 0xB0, 0xDB, + 0xD7, 0x0C, 0xE6, 0xB7, + 0x20, 0xD0, 0xAF, 0x89, 0x03, 0xA9, 0x6F, 0x8D, 0x5F, 0xA2, /* y */ + 0xC2, 0x55, 0x74, 0x5D, 0x3C, 0x45, 0x1B, 0x30, 0x2C, 0x93, + 0x46, 0xD9, 0xB7, 0xE4, 0x85, 0xE7, 0xBC, 0xE4, 0x1F, 0x6B, + 0x59, 0x1F, 0x3E, 0x8F, 0x6A, 0xDD, 0xCB, 0xB0, 0xBC, 0x4C, + 0x2F, 0x94, 0x7A, 0x7D, 0xE1, 0xA8, 0x9B, 0x62, 0x5D, 0x6A, + 0x59, 0x8B, 0x37, 0x60, + 0x00, 0x03, 0x40, 0x34, 0x03, 0x40, 0x34, 0x03, 0x40, 0x34, /* order */ + 0x03, 0x40, 0x34, 0x03, 0x40, 0x34, 0x03, 0x40, 0x34, 0x03, + 0x40, 0x34, 0x03, 0x40, 0x34, 0x03, 0x40, 0x34, 0x03, 0x23, + 0xC3, 0x13, 0xFA, 0xB5, 0x05, 0x89, 0x70, 0x3B, 0x5E, 0xC6, + 0x8D, 0x35, 0x87, 0xFE, 0xC6, 0x0D, 0x16, 0x1C, 0xC1, 0x49, + 0xC1, 0xAD, 0x4A, 0x91 + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[0 + 15 * 6]; +} + _EC_WTLS_1 = { + { + NID_X9_62_characteristic_two_field, 0, 15, 2 + }, + { /* no seed */ + 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* p */ + 0x00, 0x00, 0x00, 0x02, 0x01, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* a */ + 0x00, 0x00, 0x00, 0x00, 0x01, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* b */ + 0x00, 0x00, 0x00, 0x00, 0x01, + 0x01, 0x66, 0x79, 0x79, 0xA4, 0x0B, 0xA4, 0x97, 0xE5, 0xD5, /* x */ + 0xC2, 0x70, 0x78, 0x06, 0x17, + 0x00, 0xF4, 0x4B, 0x4A, 0xF1, 0xEC, 0xC2, 0x63, 0x0E, 0x08, /* y */ + 0x78, 0x5C, 0xEB, 0xCC, 0x15, + 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFD, 0xBF, /* order */ + 0x91, 0xAF, 0x6D, 0xEA, 0x73 + } +}; + +/* IPsec curves */ +/* NOTE: The of curves over a extension field of non prime degree + * is not recommended (Weil-descent). + * As the group order is not a prime this curve is not suitable + * for ECDSA. + */ +static const struct { + EC_CURVE_DATA h; + unsigned char data[0 + 20 * 6]; +} + _EC_IPSEC_155_ID3 = { + { + NID_X9_62_characteristic_two_field, 0, 20, 3 + }, + { /* no seed */ + 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* p */ + 0x00, 0x00, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* a */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* b */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, 0x33, 0x8f, + + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* x */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b, + + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* y */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xc8, + + 0x02, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, /* order */ + 0xC7, 0xF3, 0xC7, 0x88, 0x1B, 0xD0, 0x86, 0x8F, 0xA8, 0x6C + } +}; + +/* NOTE: The of curves over a extension field of non prime degree + * is not recommended (Weil-descent). + * As the group order is not a prime this curve is not suitable + * for ECDSA. + */ +static const struct { + EC_CURVE_DATA h; + unsigned char data[0 + 24 * 6]; +} + _EC_IPSEC_185_ID4 = { + { + NID_X9_62_characteristic_two_field, 0, 24, 2 + }, + { /* no seed */ + 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* p */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x01, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* a */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* b */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x1e, 0xe9, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* x */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x18, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* y */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x0d, + 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* order */ + 0xFF, 0xFF, 0xED, 0xF9, 0x7C, 0x44, 0xDB, 0x9F, 0x24, 0x20, + 0xBA, 0xFC, 0xA7, 0x5E + } +}; + +#endif + +/* These curves were added by Annie Yousar + * For the definition of RFC 5639 curves see + * https://www.ietf.org/rfc/rfc5639.txt + * These curves are generated verifiable at random, nevertheless the seed is + * omitted as parameter because the generation mechanism is different from + * those defined in ANSI X9.62. + */ + +static const struct { + EC_CURVE_DATA h; + unsigned char data[0 + 20 * 6]; +} + _EC_brainpoolP160r1 = { + { + NID_X9_62_prime_field, 0, 20, 1 + }, + { /* no seed */ + 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, /* p */ + 0xC7, 0xAD, 0x95, 0xB3, 0xD8, 0x13, 0x95, 0x15, 0x62, 0x0F, + 0x34, 0x0E, 0x7B, 0xE2, 0xA2, 0x80, 0xEB, 0x74, 0xE2, 0xBE, /* a */ + 0x61, 0xBA, 0xDA, 0x74, 0x5D, 0x97, 0xE8, 0xF7, 0xC3, 0x00, + 0x1E, 0x58, 0x9A, 0x85, 0x95, 0x42, 0x34, 0x12, 0x13, 0x4F, /* b */ + 0xAA, 0x2D, 0xBD, 0xEC, 0x95, 0xC8, 0xD8, 0x67, 0x5E, 0x58, + 0xBE, 0xD5, 0xAF, 0x16, 0xEA, 0x3F, 0x6A, 0x4F, 0x62, 0x93, /* x */ + 0x8C, 0x46, 0x31, 0xEB, 0x5A, 0xF7, 0xBD, 0xBC, 0xDB, 0xC3, + 0x16, 0x67, 0xCB, 0x47, 0x7A, 0x1A, 0x8E, 0xC3, 0x38, 0xF9, /* y */ + 0x47, 0x41, 0x66, 0x9C, 0x97, 0x63, 0x16, 0xDA, 0x63, 0x21, + 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, /* order */ + 0x59, 0x91, 0xD4, 0x50, 0x29, 0x40, 0x9E, 0x60, 0xFC, 0x09 + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[0 + 20 * 6]; +} + _EC_brainpoolP160t1 = { + { + NID_X9_62_prime_field, 0, 20, 1 + }, + { /* no seed */ + 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, /* p */ + 0xC7, 0xAD, 0x95, 0xB3, 0xD8, 0x13, 0x95, 0x15, 0x62, 0x0F, + 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, /* a */ + 0xC7, 0xAD, 0x95, 0xB3, 0xD8, 0x13, 0x95, 0x15, 0x62, 0x0C, + 0x7A, 0x55, 0x6B, 0x6D, 0xAE, 0x53, 0x5B, 0x7B, 0x51, 0xED, /* b */ + 0x2C, 0x4D, 0x7D, 0xAA, 0x7A, 0x0B, 0x5C, 0x55, 0xF3, 0x80, + 0xB1, 0x99, 0xB1, 0x3B, 0x9B, 0x34, 0xEF, 0xC1, 0x39, 0x7E, /* x */ + 0x64, 0xBA, 0xEB, 0x05, 0xAC, 0xC2, 0x65, 0xFF, 0x23, 0x78, + 0xAD, 0xD6, 0x71, 0x8B, 0x7C, 0x7C, 0x19, 0x61, 0xF0, 0x99, /* y */ + 0x1B, 0x84, 0x24, 0x43, 0x77, 0x21, 0x52, 0xC9, 0xE0, 0xAD, + 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, /* order */ + 0x59, 0x91, 0xD4, 0x50, 0x29, 0x40, 0x9E, 0x60, 0xFC, 0x09 + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[0 + 24 * 6]; +} + _EC_brainpoolP192r1 = { + { + NID_X9_62_prime_field, 0, 24, 1 + }, + { /* no seed */ + 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, /* p */ + 0x46, 0x30, 0x93, 0xD1, 0x8D, 0xB7, 0x8F, 0xCE, 0x47, 0x6D, + 0xE1, 0xA8, 0x62, 0x97, + 0x6A, 0x91, 0x17, 0x40, 0x76, 0xB1, 0xE0, 0xE1, 0x9C, 0x39, /* a */ + 0xC0, 0x31, 0xFE, 0x86, 0x85, 0xC1, 0xCA, 0xE0, 0x40, 0xE5, + 0xC6, 0x9A, 0x28, 0xEF, + 0x46, 0x9A, 0x28, 0xEF, 0x7C, 0x28, 0xCC, 0xA3, 0xDC, 0x72, /* b */ + 0x1D, 0x04, 0x4F, 0x44, 0x96, 0xBC, 0xCA, 0x7E, 0xF4, 0x14, + 0x6F, 0xBF, 0x25, 0xC9, + 0xC0, 0xA0, 0x64, 0x7E, 0xAA, 0xB6, 0xA4, 0x87, 0x53, 0xB0, /* x */ + 0x33, 0xC5, 0x6C, 0xB0, 0xF0, 0x90, 0x0A, 0x2F, 0x5C, 0x48, + 0x53, 0x37, 0x5F, 0xD6, + 0x14, 0xB6, 0x90, 0x86, 0x6A, 0xBD, 0x5B, 0xB8, 0x8B, 0x5F, /* y */ + 0x48, 0x28, 0xC1, 0x49, 0x00, 0x02, 0xE6, 0x77, 0x3F, 0xA2, + 0xFA, 0x29, 0x9B, 0x8F, + 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, /* order */ + 0x46, 0x2F, 0x9E, 0x9E, 0x91, 0x6B, 0x5B, 0xE8, 0xF1, 0x02, + 0x9A, 0xC4, 0xAC, 0xC1 + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[0 + 24 * 6]; +} + _EC_brainpoolP192t1 = { + { + NID_X9_62_prime_field, 0, 24, 1 + }, + { /* no seed */ + 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, /* p */ + 0x46, 0x30, 0x93, 0xD1, 0x8D, 0xB7, 0x8F, 0xCE, 0x47, 0x6D, + 0xE1, 0xA8, 0x62, 0x97, + 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, /* a */ + 0x46, 0x30, 0x93, 0xD1, 0x8D, 0xB7, 0x8F, 0xCE, 0x47, 0x6D, + 0xE1, 0xA8, 0x62, 0x94, + 0x13, 0xD5, 0x6F, 0xFA, 0xEC, 0x78, 0x68, 0x1E, 0x68, 0xF9, /* b */ + 0xDE, 0xB4, 0x3B, 0x35, 0xBE, 0xC2, 0xFB, 0x68, 0x54, 0x2E, + 0x27, 0x89, 0x7B, 0x79, + 0x3A, 0xE9, 0xE5, 0x8C, 0x82, 0xF6, 0x3C, 0x30, 0x28, 0x2E, /* x */ + 0x1F, 0xE7, 0xBB, 0xF4, 0x3F, 0xA7, 0x2C, 0x44, 0x6A, 0xF6, + 0xF4, 0x61, 0x81, 0x29, + 0x09, 0x7E, 0x2C, 0x56, 0x67, 0xC2, 0x22, 0x3A, 0x90, 0x2A, /* y */ + 0xB5, 0xCA, 0x44, 0x9D, 0x00, 0x84, 0xB7, 0xE5, 0xB3, 0xDE, + 0x7C, 0xCC, 0x01, 0xC9, + 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, /* order */ + 0x46, 0x2F, 0x9E, 0x9E, 0x91, 0x6B, 0x5B, 0xE8, 0xF1, 0x02, + 0x9A, 0xC4, 0xAC, 0xC1 + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[0 + 28 * 6]; +} + _EC_brainpoolP224r1 = { + { + NID_X9_62_prime_field, 0, 28, 1 + }, + { /* no seed */ + 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, /* p */ + 0x30, 0x25, 0x75, 0xD1, 0xD7, 0x87, 0xB0, 0x9F, 0x07, 0x57, + 0x97, 0xDA, 0x89, 0xF5, 0x7E, 0xC8, 0xC0, 0xFF, + 0x68, 0xA5, 0xE6, 0x2C, 0xA9, 0xCE, 0x6C, 0x1C, 0x29, 0x98, /* a */ + 0x03, 0xA6, 0xC1, 0x53, 0x0B, 0x51, 0x4E, 0x18, 0x2A, 0xD8, + 0xB0, 0x04, 0x2A, 0x59, 0xCA, 0xD2, 0x9F, 0x43, + 0x25, 0x80, 0xF6, 0x3C, 0xCF, 0xE4, 0x41, 0x38, 0x87, 0x07, /* b */ + 0x13, 0xB1, 0xA9, 0x23, 0x69, 0xE3, 0x3E, 0x21, 0x35, 0xD2, + 0x66, 0xDB, 0xB3, 0x72, 0x38, 0x6C, 0x40, 0x0B, + 0x0D, 0x90, 0x29, 0xAD, 0x2C, 0x7E, 0x5C, 0xF4, 0x34, 0x08, /* x */ + 0x23, 0xB2, 0xA8, 0x7D, 0xC6, 0x8C, 0x9E, 0x4C, 0xE3, 0x17, + 0x4C, 0x1E, 0x6E, 0xFD, 0xEE, 0x12, 0xC0, 0x7D, + 0x58, 0xAA, 0x56, 0xF7, 0x72, 0xC0, 0x72, 0x6F, 0x24, 0xC6, /* y */ + 0xB8, 0x9E, 0x4E, 0xCD, 0xAC, 0x24, 0x35, 0x4B, 0x9E, 0x99, + 0xCA, 0xA3, 0xF6, 0xD3, 0x76, 0x14, 0x02, 0xCD, + 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, /* order */ + 0x30, 0x25, 0x75, 0xD0, 0xFB, 0x98, 0xD1, 0x16, 0xBC, 0x4B, + 0x6D, 0xDE, 0xBC, 0xA3, 0xA5, 0xA7, 0x93, 0x9F + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[0 + 28 * 6]; +} + _EC_brainpoolP224t1 = { + { + NID_X9_62_prime_field, 0, 28, 1 + }, + { /* no seed */ + 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, /* p */ + 0x30, 0x25, 0x75, 0xD1, 0xD7, 0x87, 0xB0, 0x9F, 0x07, 0x57, + 0x97, 0xDA, 0x89, 0xF5, 0x7E, 0xC8, 0xC0, 0xFF, + 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, /* a */ + 0x30, 0x25, 0x75, 0xD1, 0xD7, 0x87, 0xB0, 0x9F, 0x07, 0x57, + 0x97, 0xDA, 0x89, 0xF5, 0x7E, 0xC8, 0xC0, 0xFC, + 0x4B, 0x33, 0x7D, 0x93, 0x41, 0x04, 0xCD, 0x7B, 0xEF, 0x27, /* b */ + 0x1B, 0xF6, 0x0C, 0xED, 0x1E, 0xD2, 0x0D, 0xA1, 0x4C, 0x08, + 0xB3, 0xBB, 0x64, 0xF1, 0x8A, 0x60, 0x88, 0x8D, + 0x6A, 0xB1, 0xE3, 0x44, 0xCE, 0x25, 0xFF, 0x38, 0x96, 0x42, /* x */ + 0x4E, 0x7F, 0xFE, 0x14, 0x76, 0x2E, 0xCB, 0x49, 0xF8, 0x92, + 0x8A, 0xC0, 0xC7, 0x60, 0x29, 0xB4, 0xD5, 0x80, + 0x03, 0x74, 0xE9, 0xF5, 0x14, 0x3E, 0x56, 0x8C, 0xD2, 0x3F, /* y */ + 0x3F, 0x4D, 0x7C, 0x0D, 0x4B, 0x1E, 0x41, 0xC8, 0xCC, 0x0D, + 0x1C, 0x6A, 0xBD, 0x5F, 0x1A, 0x46, 0xDB, 0x4C, + 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, /* order */ + 0x30, 0x25, 0x75, 0xD0, 0xFB, 0x98, 0xD1, 0x16, 0xBC, 0x4B, + 0x6D, 0xDE, 0xBC, 0xA3, 0xA5, 0xA7, 0x93, 0x9F + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[0 + 32 * 6]; +} + _EC_brainpoolP256r1 = { + { + NID_X9_62_prime_field, 0, 32, 1 + }, + { /* no seed */ + 0xA9, 0xFB, 0x57, 0xDB, 0xA1, 0xEE, 0xA9, 0xBC, 0x3E, 0x66, /* p */ + 0x0A, 0x90, 0x9D, 0x83, 0x8D, 0x72, 0x6E, 0x3B, 0xF6, 0x23, + 0xD5, 0x26, 0x20, 0x28, 0x20, 0x13, 0x48, 0x1D, 0x1F, 0x6E, + 0x53, 0x77, + 0x7D, 0x5A, 0x09, 0x75, 0xFC, 0x2C, 0x30, 0x57, 0xEE, 0xF6, /* a */ + 0x75, 0x30, 0x41, 0x7A, 0xFF, 0xE7, 0xFB, 0x80, 0x55, 0xC1, + 0x26, 0xDC, 0x5C, 0x6C, 0xE9, 0x4A, 0x4B, 0x44, 0xF3, 0x30, + 0xB5, 0xD9, + 0x26, 0xDC, 0x5C, 0x6C, 0xE9, 0x4A, 0x4B, 0x44, 0xF3, 0x30, /* b */ + 0xB5, 0xD9, 0xBB, 0xD7, 0x7C, 0xBF, 0x95, 0x84, 0x16, 0x29, + 0x5C, 0xF7, 0xE1, 0xCE, 0x6B, 0xCC, 0xDC, 0x18, 0xFF, 0x8C, + 0x07, 0xB6, + 0x8B, 0xD2, 0xAE, 0xB9, 0xCB, 0x7E, 0x57, 0xCB, 0x2C, 0x4B, /* x */ + 0x48, 0x2F, 0xFC, 0x81, 0xB7, 0xAF, 0xB9, 0xDE, 0x27, 0xE1, + 0xE3, 0xBD, 0x23, 0xC2, 0x3A, 0x44, 0x53, 0xBD, 0x9A, 0xCE, + 0x32, 0x62, + 0x54, 0x7E, 0xF8, 0x35, 0xC3, 0xDA, 0xC4, 0xFD, 0x97, 0xF8, /* y */ + 0x46, 0x1A, 0x14, 0x61, 0x1D, 0xC9, 0xC2, 0x77, 0x45, 0x13, + 0x2D, 0xED, 0x8E, 0x54, 0x5C, 0x1D, 0x54, 0xC7, 0x2F, 0x04, + 0x69, 0x97, + 0xA9, 0xFB, 0x57, 0xDB, 0xA1, 0xEE, 0xA9, 0xBC, 0x3E, 0x66, /* order */ + 0x0A, 0x90, 0x9D, 0x83, 0x8D, 0x71, 0x8C, 0x39, 0x7A, 0xA3, + 0xB5, 0x61, 0xA6, 0xF7, 0x90, 0x1E, 0x0E, 0x82, 0x97, 0x48, + 0x56, 0xA7 + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[0 + 32 * 6]; +} + _EC_brainpoolP256t1 = { + { + NID_X9_62_prime_field, 0, 32, 1 + }, + { /* no seed */ + 0xA9, 0xFB, 0x57, 0xDB, 0xA1, 0xEE, 0xA9, 0xBC, 0x3E, 0x66, /* p */ + 0x0A, 0x90, 0x9D, 0x83, 0x8D, 0x72, 0x6E, 0x3B, 0xF6, 0x23, + 0xD5, 0x26, 0x20, 0x28, 0x20, 0x13, 0x48, 0x1D, 0x1F, 0x6E, + 0x53, 0x77, + 0xA9, 0xFB, 0x57, 0xDB, 0xA1, 0xEE, 0xA9, 0xBC, 0x3E, 0x66, /* a */ + 0x0A, 0x90, 0x9D, 0x83, 0x8D, 0x72, 0x6E, 0x3B, 0xF6, 0x23, + 0xD5, 0x26, 0x20, 0x28, 0x20, 0x13, 0x48, 0x1D, 0x1F, 0x6E, + 0x53, 0x74, + 0x66, 0x2C, 0x61, 0xC4, 0x30, 0xD8, 0x4E, 0xA4, 0xFE, 0x66, /* b */ + 0xA7, 0x73, 0x3D, 0x0B, 0x76, 0xB7, 0xBF, 0x93, 0xEB, 0xC4, + 0xAF, 0x2F, 0x49, 0x25, 0x6A, 0xE5, 0x81, 0x01, 0xFE, 0xE9, + 0x2B, 0x04, + 0xA3, 0xE8, 0xEB, 0x3C, 0xC1, 0xCF, 0xE7, 0xB7, 0x73, 0x22, /* x */ + 0x13, 0xB2, 0x3A, 0x65, 0x61, 0x49, 0xAF, 0xA1, 0x42, 0xC4, + 0x7A, 0xAF, 0xBC, 0x2B, 0x79, 0xA1, 0x91, 0x56, 0x2E, 0x13, + 0x05, 0xF4, + 0x2D, 0x99, 0x6C, 0x82, 0x34, 0x39, 0xC5, 0x6D, 0x7F, 0x7B, /* y */ + 0x22, 0xE1, 0x46, 0x44, 0x41, 0x7E, 0x69, 0xBC, 0xB6, 0xDE, + 0x39, 0xD0, 0x27, 0x00, 0x1D, 0xAB, 0xE8, 0xF3, 0x5B, 0x25, + 0xC9, 0xBE, + 0xA9, 0xFB, 0x57, 0xDB, 0xA1, 0xEE, 0xA9, 0xBC, 0x3E, 0x66, /* order */ + 0x0A, 0x90, 0x9D, 0x83, 0x8D, 0x71, 0x8C, 0x39, 0x7A, 0xA3, + 0xB5, 0x61, 0xA6, 0xF7, 0x90, 0x1E, 0x0E, 0x82, 0x97, 0x48, + 0x56, 0xA7 + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[0 + 40 * 6]; +} + _EC_brainpoolP320r1 = { + { + NID_X9_62_prime_field, 0, 40, 1 + }, + { /* no seed */ + 0xD3, 0x5E, 0x47, 0x20, 0x36, 0xBC, 0x4F, 0xB7, 0xE1, 0x3C, /* p */ + 0x78, 0x5E, 0xD2, 0x01, 0xE0, 0x65, 0xF9, 0x8F, 0xCF, 0xA6, + 0xF6, 0xF4, 0x0D, 0xEF, 0x4F, 0x92, 0xB9, 0xEC, 0x78, 0x93, + 0xEC, 0x28, 0xFC, 0xD4, 0x12, 0xB1, 0xF1, 0xB3, 0x2E, 0x27, + 0x3E, 0xE3, 0x0B, 0x56, 0x8F, 0xBA, 0xB0, 0xF8, 0x83, 0xCC, /* a */ + 0xEB, 0xD4, 0x6D, 0x3F, 0x3B, 0xB8, 0xA2, 0xA7, 0x35, 0x13, + 0xF5, 0xEB, 0x79, 0xDA, 0x66, 0x19, 0x0E, 0xB0, 0x85, 0xFF, + 0xA9, 0xF4, 0x92, 0xF3, 0x75, 0xA9, 0x7D, 0x86, 0x0E, 0xB4, + 0x52, 0x08, 0x83, 0x94, 0x9D, 0xFD, 0xBC, 0x42, 0xD3, 0xAD, /* b */ + 0x19, 0x86, 0x40, 0x68, 0x8A, 0x6F, 0xE1, 0x3F, 0x41, 0x34, + 0x95, 0x54, 0xB4, 0x9A, 0xCC, 0x31, 0xDC, 0xCD, 0x88, 0x45, + 0x39, 0x81, 0x6F, 0x5E, 0xB4, 0xAC, 0x8F, 0xB1, 0xF1, 0xA6, + 0x43, 0xBD, 0x7E, 0x9A, 0xFB, 0x53, 0xD8, 0xB8, 0x52, 0x89, /* x */ + 0xBC, 0xC4, 0x8E, 0xE5, 0xBF, 0xE6, 0xF2, 0x01, 0x37, 0xD1, + 0x0A, 0x08, 0x7E, 0xB6, 0xE7, 0x87, 0x1E, 0x2A, 0x10, 0xA5, + 0x99, 0xC7, 0x10, 0xAF, 0x8D, 0x0D, 0x39, 0xE2, 0x06, 0x11, + 0x14, 0xFD, 0xD0, 0x55, 0x45, 0xEC, 0x1C, 0xC8, 0xAB, 0x40, /* y */ + 0x93, 0x24, 0x7F, 0x77, 0x27, 0x5E, 0x07, 0x43, 0xFF, 0xED, + 0x11, 0x71, 0x82, 0xEA, 0xA9, 0xC7, 0x78, 0x77, 0xAA, 0xAC, + 0x6A, 0xC7, 0xD3, 0x52, 0x45, 0xD1, 0x69, 0x2E, 0x8E, 0xE1, + 0xD3, 0x5E, 0x47, 0x20, 0x36, 0xBC, 0x4F, 0xB7, 0xE1, 0x3C, /* order */ + 0x78, 0x5E, 0xD2, 0x01, 0xE0, 0x65, 0xF9, 0x8F, 0xCF, 0xA5, + 0xB6, 0x8F, 0x12, 0xA3, 0x2D, 0x48, 0x2E, 0xC7, 0xEE, 0x86, + 0x58, 0xE9, 0x86, 0x91, 0x55, 0x5B, 0x44, 0xC5, 0x93, 0x11 + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[0 + 40 * 6]; +} + _EC_brainpoolP320t1 = { + { + NID_X9_62_prime_field, 0, 40, 1 + }, + { /* no seed */ + 0xD3, 0x5E, 0x47, 0x20, 0x36, 0xBC, 0x4F, 0xB7, 0xE1, 0x3C, /* p */ + 0x78, 0x5E, 0xD2, 0x01, 0xE0, 0x65, 0xF9, 0x8F, 0xCF, 0xA6, + 0xF6, 0xF4, 0x0D, 0xEF, 0x4F, 0x92, 0xB9, 0xEC, 0x78, 0x93, + 0xEC, 0x28, 0xFC, 0xD4, 0x12, 0xB1, 0xF1, 0xB3, 0x2E, 0x27, + 0xD3, 0x5E, 0x47, 0x20, 0x36, 0xBC, 0x4F, 0xB7, 0xE1, 0x3C, /* a */ + 0x78, 0x5E, 0xD2, 0x01, 0xE0, 0x65, 0xF9, 0x8F, 0xCF, 0xA6, + 0xF6, 0xF4, 0x0D, 0xEF, 0x4F, 0x92, 0xB9, 0xEC, 0x78, 0x93, + 0xEC, 0x28, 0xFC, 0xD4, 0x12, 0xB1, 0xF1, 0xB3, 0x2E, 0x24, + 0xA7, 0xF5, 0x61, 0xE0, 0x38, 0xEB, 0x1E, 0xD5, 0x60, 0xB3, /* b */ + 0xD1, 0x47, 0xDB, 0x78, 0x20, 0x13, 0x06, 0x4C, 0x19, 0xF2, + 0x7E, 0xD2, 0x7C, 0x67, 0x80, 0xAA, 0xF7, 0x7F, 0xB8, 0xA5, + 0x47, 0xCE, 0xB5, 0xB4, 0xFE, 0xF4, 0x22, 0x34, 0x03, 0x53, + 0x92, 0x5B, 0xE9, 0xFB, 0x01, 0xAF, 0xC6, 0xFB, 0x4D, 0x3E, /* x */ + 0x7D, 0x49, 0x90, 0x01, 0x0F, 0x81, 0x34, 0x08, 0xAB, 0x10, + 0x6C, 0x4F, 0x09, 0xCB, 0x7E, 0xE0, 0x78, 0x68, 0xCC, 0x13, + 0x6F, 0xFF, 0x33, 0x57, 0xF6, 0x24, 0xA2, 0x1B, 0xED, 0x52, + 0x63, 0xBA, 0x3A, 0x7A, 0x27, 0x48, 0x3E, 0xBF, 0x66, 0x71, /* y */ + 0xDB, 0xEF, 0x7A, 0xBB, 0x30, 0xEB, 0xEE, 0x08, 0x4E, 0x58, + 0xA0, 0xB0, 0x77, 0xAD, 0x42, 0xA5, 0xA0, 0x98, 0x9D, 0x1E, + 0xE7, 0x1B, 0x1B, 0x9B, 0xC0, 0x45, 0x5F, 0xB0, 0xD2, 0xC3, + 0xD3, 0x5E, 0x47, 0x20, 0x36, 0xBC, 0x4F, 0xB7, 0xE1, 0x3C, /* order */ + 0x78, 0x5E, 0xD2, 0x01, 0xE0, 0x65, 0xF9, 0x8F, 0xCF, 0xA5, + 0xB6, 0x8F, 0x12, 0xA3, 0x2D, 0x48, 0x2E, 0xC7, 0xEE, 0x86, + 0x58, 0xE9, 0x86, 0x91, 0x55, 0x5B, 0x44, 0xC5, 0x93, 0x11 + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[0 + 48 * 6]; +} + _EC_brainpoolP384r1 = { + { + NID_X9_62_prime_field, 0, 48, 1 + }, + { /* no seed */ + 0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, 0x0F, 0x5D, /* p */ + 0x6F, 0x7E, 0x50, 0xE6, 0x41, 0xDF, 0x15, 0x2F, 0x71, 0x09, + 0xED, 0x54, 0x56, 0xB4, 0x12, 0xB1, 0xDA, 0x19, 0x7F, 0xB7, + 0x11, 0x23, 0xAC, 0xD3, 0xA7, 0x29, 0x90, 0x1D, 0x1A, 0x71, + 0x87, 0x47, 0x00, 0x13, 0x31, 0x07, 0xEC, 0x53, + 0x7B, 0xC3, 0x82, 0xC6, 0x3D, 0x8C, 0x15, 0x0C, 0x3C, 0x72, /* a */ + 0x08, 0x0A, 0xCE, 0x05, 0xAF, 0xA0, 0xC2, 0xBE, 0xA2, 0x8E, + 0x4F, 0xB2, 0x27, 0x87, 0x13, 0x91, 0x65, 0xEF, 0xBA, 0x91, + 0xF9, 0x0F, 0x8A, 0xA5, 0x81, 0x4A, 0x50, 0x3A, 0xD4, 0xEB, + 0x04, 0xA8, 0xC7, 0xDD, 0x22, 0xCE, 0x28, 0x26, + 0x04, 0xA8, 0xC7, 0xDD, 0x22, 0xCE, 0x28, 0x26, 0x8B, 0x39, /* b */ + 0xB5, 0x54, 0x16, 0xF0, 0x44, 0x7C, 0x2F, 0xB7, 0x7D, 0xE1, + 0x07, 0xDC, 0xD2, 0xA6, 0x2E, 0x88, 0x0E, 0xA5, 0x3E, 0xEB, + 0x62, 0xD5, 0x7C, 0xB4, 0x39, 0x02, 0x95, 0xDB, 0xC9, 0x94, + 0x3A, 0xB7, 0x86, 0x96, 0xFA, 0x50, 0x4C, 0x11, + 0x1D, 0x1C, 0x64, 0xF0, 0x68, 0xCF, 0x45, 0xFF, 0xA2, 0xA6, /* x */ + 0x3A, 0x81, 0xB7, 0xC1, 0x3F, 0x6B, 0x88, 0x47, 0xA3, 0xE7, + 0x7E, 0xF1, 0x4F, 0xE3, 0xDB, 0x7F, 0xCA, 0xFE, 0x0C, 0xBD, + 0x10, 0xE8, 0xE8, 0x26, 0xE0, 0x34, 0x36, 0xD6, 0x46, 0xAA, + 0xEF, 0x87, 0xB2, 0xE2, 0x47, 0xD4, 0xAF, 0x1E, + 0x8A, 0xBE, 0x1D, 0x75, 0x20, 0xF9, 0xC2, 0xA4, 0x5C, 0xB1, /* y */ + 0xEB, 0x8E, 0x95, 0xCF, 0xD5, 0x52, 0x62, 0xB7, 0x0B, 0x29, + 0xFE, 0xEC, 0x58, 0x64, 0xE1, 0x9C, 0x05, 0x4F, 0xF9, 0x91, + 0x29, 0x28, 0x0E, 0x46, 0x46, 0x21, 0x77, 0x91, 0x81, 0x11, + 0x42, 0x82, 0x03, 0x41, 0x26, 0x3C, 0x53, 0x15, + 0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, 0x0F, 0x5D, /* order */ + 0x6F, 0x7E, 0x50, 0xE6, 0x41, 0xDF, 0x15, 0x2F, 0x71, 0x09, + 0xED, 0x54, 0x56, 0xB3, 0x1F, 0x16, 0x6E, 0x6C, 0xAC, 0x04, + 0x25, 0xA7, 0xCF, 0x3A, 0xB6, 0xAF, 0x6B, 0x7F, 0xC3, 0x10, + 0x3B, 0x88, 0x32, 0x02, 0xE9, 0x04, 0x65, 0x65 + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[0 + 48 * 6]; +} + _EC_brainpoolP384t1 = { + { + NID_X9_62_prime_field, 0, 48, 1 + }, + { /* no seed */ + 0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, 0x0F, 0x5D, /* p */ + 0x6F, 0x7E, 0x50, 0xE6, 0x41, 0xDF, 0x15, 0x2F, 0x71, 0x09, + 0xED, 0x54, 0x56, 0xB4, 0x12, 0xB1, 0xDA, 0x19, 0x7F, 0xB7, + 0x11, 0x23, 0xAC, 0xD3, 0xA7, 0x29, 0x90, 0x1D, 0x1A, 0x71, + 0x87, 0x47, 0x00, 0x13, 0x31, 0x07, 0xEC, 0x53, + 0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, 0x0F, 0x5D, /* a */ + 0x6F, 0x7E, 0x50, 0xE6, 0x41, 0xDF, 0x15, 0x2F, 0x71, 0x09, + 0xED, 0x54, 0x56, 0xB4, 0x12, 0xB1, 0xDA, 0x19, 0x7F, 0xB7, + 0x11, 0x23, 0xAC, 0xD3, 0xA7, 0x29, 0x90, 0x1D, 0x1A, 0x71, + 0x87, 0x47, 0x00, 0x13, 0x31, 0x07, 0xEC, 0x50, + 0x7F, 0x51, 0x9E, 0xAD, 0xA7, 0xBD, 0xA8, 0x1B, 0xD8, 0x26, /* b */ + 0xDB, 0xA6, 0x47, 0x91, 0x0F, 0x8C, 0x4B, 0x93, 0x46, 0xED, + 0x8C, 0xCD, 0xC6, 0x4E, 0x4B, 0x1A, 0xBD, 0x11, 0x75, 0x6D, + 0xCE, 0x1D, 0x20, 0x74, 0xAA, 0x26, 0x3B, 0x88, 0x80, 0x5C, + 0xED, 0x70, 0x35, 0x5A, 0x33, 0xB4, 0x71, 0xEE, + 0x18, 0xDE, 0x98, 0xB0, 0x2D, 0xB9, 0xA3, 0x06, 0xF2, 0xAF, /* x */ + 0xCD, 0x72, 0x35, 0xF7, 0x2A, 0x81, 0x9B, 0x80, 0xAB, 0x12, + 0xEB, 0xD6, 0x53, 0x17, 0x24, 0x76, 0xFE, 0xCD, 0x46, 0x2A, + 0xAB, 0xFF, 0xC4, 0xFF, 0x19, 0x1B, 0x94, 0x6A, 0x5F, 0x54, + 0xD8, 0xD0, 0xAA, 0x2F, 0x41, 0x88, 0x08, 0xCC, + 0x25, 0xAB, 0x05, 0x69, 0x62, 0xD3, 0x06, 0x51, 0xA1, 0x14, /* y */ + 0xAF, 0xD2, 0x75, 0x5A, 0xD3, 0x36, 0x74, 0x7F, 0x93, 0x47, + 0x5B, 0x7A, 0x1F, 0xCA, 0x3B, 0x88, 0xF2, 0xB6, 0xA2, 0x08, + 0xCC, 0xFE, 0x46, 0x94, 0x08, 0x58, 0x4D, 0xC2, 0xB2, 0x91, + 0x26, 0x75, 0xBF, 0x5B, 0x9E, 0x58, 0x29, 0x28, + 0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, 0x0F, 0x5D, /* order */ + 0x6F, 0x7E, 0x50, 0xE6, 0x41, 0xDF, 0x15, 0x2F, 0x71, 0x09, + 0xED, 0x54, 0x56, 0xB3, 0x1F, 0x16, 0x6E, 0x6C, 0xAC, 0x04, + 0x25, 0xA7, 0xCF, 0x3A, 0xB6, 0xAF, 0x6B, 0x7F, 0xC3, 0x10, + 0x3B, 0x88, 0x32, 0x02, 0xE9, 0x04, 0x65, 0x65 + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[0 + 64 * 6]; +} + _EC_brainpoolP512r1 = { + { + NID_X9_62_prime_field, 0, 64, 1 + }, + { /* no seed */ + 0xAA, 0xDD, 0x9D, 0xB8, 0xDB, 0xE9, 0xC4, 0x8B, 0x3F, 0xD4, /* p */ + 0xE6, 0xAE, 0x33, 0xC9, 0xFC, 0x07, 0xCB, 0x30, 0x8D, 0xB3, + 0xB3, 0xC9, 0xD2, 0x0E, 0xD6, 0x63, 0x9C, 0xCA, 0x70, 0x33, + 0x08, 0x71, 0x7D, 0x4D, 0x9B, 0x00, 0x9B, 0xC6, 0x68, 0x42, + 0xAE, 0xCD, 0xA1, 0x2A, 0xE6, 0xA3, 0x80, 0xE6, 0x28, 0x81, + 0xFF, 0x2F, 0x2D, 0x82, 0xC6, 0x85, 0x28, 0xAA, 0x60, 0x56, + 0x58, 0x3A, 0x48, 0xF3, + 0x78, 0x30, 0xA3, 0x31, 0x8B, 0x60, 0x3B, 0x89, 0xE2, 0x32, /* a */ + 0x71, 0x45, 0xAC, 0x23, 0x4C, 0xC5, 0x94, 0xCB, 0xDD, 0x8D, + 0x3D, 0xF9, 0x16, 0x10, 0xA8, 0x34, 0x41, 0xCA, 0xEA, 0x98, + 0x63, 0xBC, 0x2D, 0xED, 0x5D, 0x5A, 0xA8, 0x25, 0x3A, 0xA1, + 0x0A, 0x2E, 0xF1, 0xC9, 0x8B, 0x9A, 0xC8, 0xB5, 0x7F, 0x11, + 0x17, 0xA7, 0x2B, 0xF2, 0xC7, 0xB9, 0xE7, 0xC1, 0xAC, 0x4D, + 0x77, 0xFC, 0x94, 0xCA, + 0x3D, 0xF9, 0x16, 0x10, 0xA8, 0x34, 0x41, 0xCA, 0xEA, 0x98, /* b */ + 0x63, 0xBC, 0x2D, 0xED, 0x5D, 0x5A, 0xA8, 0x25, 0x3A, 0xA1, + 0x0A, 0x2E, 0xF1, 0xC9, 0x8B, 0x9A, 0xC8, 0xB5, 0x7F, 0x11, + 0x17, 0xA7, 0x2B, 0xF2, 0xC7, 0xB9, 0xE7, 0xC1, 0xAC, 0x4D, + 0x77, 0xFC, 0x94, 0xCA, 0xDC, 0x08, 0x3E, 0x67, 0x98, 0x40, + 0x50, 0xB7, 0x5E, 0xBA, 0xE5, 0xDD, 0x28, 0x09, 0xBD, 0x63, + 0x80, 0x16, 0xF7, 0x23, + 0x81, 0xAE, 0xE4, 0xBD, 0xD8, 0x2E, 0xD9, 0x64, 0x5A, 0x21, /* x */ + 0x32, 0x2E, 0x9C, 0x4C, 0x6A, 0x93, 0x85, 0xED, 0x9F, 0x70, + 0xB5, 0xD9, 0x16, 0xC1, 0xB4, 0x3B, 0x62, 0xEE, 0xF4, 0xD0, + 0x09, 0x8E, 0xFF, 0x3B, 0x1F, 0x78, 0xE2, 0xD0, 0xD4, 0x8D, + 0x50, 0xD1, 0x68, 0x7B, 0x93, 0xB9, 0x7D, 0x5F, 0x7C, 0x6D, + 0x50, 0x47, 0x40, 0x6A, 0x5E, 0x68, 0x8B, 0x35, 0x22, 0x09, + 0xBC, 0xB9, 0xF8, 0x22, + 0x7D, 0xDE, 0x38, 0x5D, 0x56, 0x63, 0x32, 0xEC, 0xC0, 0xEA, /* y */ + 0xBF, 0xA9, 0xCF, 0x78, 0x22, 0xFD, 0xF2, 0x09, 0xF7, 0x00, + 0x24, 0xA5, 0x7B, 0x1A, 0xA0, 0x00, 0xC5, 0x5B, 0x88, 0x1F, + 0x81, 0x11, 0xB2, 0xDC, 0xDE, 0x49, 0x4A, 0x5F, 0x48, 0x5E, + 0x5B, 0xCA, 0x4B, 0xD8, 0x8A, 0x27, 0x63, 0xAE, 0xD1, 0xCA, + 0x2B, 0x2F, 0xA8, 0xF0, 0x54, 0x06, 0x78, 0xCD, 0x1E, 0x0F, + 0x3A, 0xD8, 0x08, 0x92, + 0xAA, 0xDD, 0x9D, 0xB8, 0xDB, 0xE9, 0xC4, 0x8B, 0x3F, 0xD4, /* order */ + 0xE6, 0xAE, 0x33, 0xC9, 0xFC, 0x07, 0xCB, 0x30, 0x8D, 0xB3, + 0xB3, 0xC9, 0xD2, 0x0E, 0xD6, 0x63, 0x9C, 0xCA, 0x70, 0x33, + 0x08, 0x70, 0x55, 0x3E, 0x5C, 0x41, 0x4C, 0xA9, 0x26, 0x19, + 0x41, 0x86, 0x61, 0x19, 0x7F, 0xAC, 0x10, 0x47, 0x1D, 0xB1, + 0xD3, 0x81, 0x08, 0x5D, 0xDA, 0xDD, 0xB5, 0x87, 0x96, 0x82, + 0x9C, 0xA9, 0x00, 0x69 + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[0 + 64 * 6]; +} + _EC_brainpoolP512t1 = { + { + NID_X9_62_prime_field, 0, 64, 1 + }, + { /* no seed */ + 0xAA, 0xDD, 0x9D, 0xB8, 0xDB, 0xE9, 0xC4, 0x8B, 0x3F, 0xD4, /* p */ + 0xE6, 0xAE, 0x33, 0xC9, 0xFC, 0x07, 0xCB, 0x30, 0x8D, 0xB3, + 0xB3, 0xC9, 0xD2, 0x0E, 0xD6, 0x63, 0x9C, 0xCA, 0x70, 0x33, + 0x08, 0x71, 0x7D, 0x4D, 0x9B, 0x00, 0x9B, 0xC6, 0x68, 0x42, + 0xAE, 0xCD, 0xA1, 0x2A, 0xE6, 0xA3, 0x80, 0xE6, 0x28, 0x81, + 0xFF, 0x2F, 0x2D, 0x82, 0xC6, 0x85, 0x28, 0xAA, 0x60, 0x56, + 0x58, 0x3A, 0x48, 0xF3, + 0xAA, 0xDD, 0x9D, 0xB8, 0xDB, 0xE9, 0xC4, 0x8B, 0x3F, 0xD4, /* a */ + 0xE6, 0xAE, 0x33, 0xC9, 0xFC, 0x07, 0xCB, 0x30, 0x8D, 0xB3, + 0xB3, 0xC9, 0xD2, 0x0E, 0xD6, 0x63, 0x9C, 0xCA, 0x70, 0x33, + 0x08, 0x71, 0x7D, 0x4D, 0x9B, 0x00, 0x9B, 0xC6, 0x68, 0x42, + 0xAE, 0xCD, 0xA1, 0x2A, 0xE6, 0xA3, 0x80, 0xE6, 0x28, 0x81, + 0xFF, 0x2F, 0x2D, 0x82, 0xC6, 0x85, 0x28, 0xAA, 0x60, 0x56, + 0x58, 0x3A, 0x48, 0xF0, + 0x7C, 0xBB, 0xBC, 0xF9, 0x44, 0x1C, 0xFA, 0xB7, 0x6E, 0x18, /* b */ + 0x90, 0xE4, 0x68, 0x84, 0xEA, 0xE3, 0x21, 0xF7, 0x0C, 0x0B, + 0xCB, 0x49, 0x81, 0x52, 0x78, 0x97, 0x50, 0x4B, 0xEC, 0x3E, + 0x36, 0xA6, 0x2B, 0xCD, 0xFA, 0x23, 0x04, 0x97, 0x65, 0x40, + 0xF6, 0x45, 0x00, 0x85, 0xF2, 0xDA, 0xE1, 0x45, 0xC2, 0x25, + 0x53, 0xB4, 0x65, 0x76, 0x36, 0x89, 0x18, 0x0E, 0xA2, 0x57, + 0x18, 0x67, 0x42, 0x3E, + 0x64, 0x0E, 0xCE, 0x5C, 0x12, 0x78, 0x87, 0x17, 0xB9, 0xC1, /* x */ + 0xBA, 0x06, 0xCB, 0xC2, 0xA6, 0xFE, 0xBA, 0x85, 0x84, 0x24, + 0x58, 0xC5, 0x6D, 0xDE, 0x9D, 0xB1, 0x75, 0x8D, 0x39, 0xC0, + 0x31, 0x3D, 0x82, 0xBA, 0x51, 0x73, 0x5C, 0xDB, 0x3E, 0xA4, + 0x99, 0xAA, 0x77, 0xA7, 0xD6, 0x94, 0x3A, 0x64, 0xF7, 0xA3, + 0xF2, 0x5F, 0xE2, 0x6F, 0x06, 0xB5, 0x1B, 0xAA, 0x26, 0x96, + 0xFA, 0x90, 0x35, 0xDA, + 0x5B, 0x53, 0x4B, 0xD5, 0x95, 0xF5, 0xAF, 0x0F, 0xA2, 0xC8, /* y */ + 0x92, 0x37, 0x6C, 0x84, 0xAC, 0xE1, 0xBB, 0x4E, 0x30, 0x19, + 0xB7, 0x16, 0x34, 0xC0, 0x11, 0x31, 0x15, 0x9C, 0xAE, 0x03, + 0xCE, 0xE9, 0xD9, 0x93, 0x21, 0x84, 0xBE, 0xEF, 0x21, 0x6B, + 0xD7, 0x1D, 0xF2, 0xDA, 0xDF, 0x86, 0xA6, 0x27, 0x30, 0x6E, + 0xCF, 0xF9, 0x6D, 0xBB, 0x8B, 0xAC, 0xE1, 0x98, 0xB6, 0x1E, + 0x00, 0xF8, 0xB3, 0x32, + 0xAA, 0xDD, 0x9D, 0xB8, 0xDB, 0xE9, 0xC4, 0x8B, 0x3F, 0xD4, /* order */ + 0xE6, 0xAE, 0x33, 0xC9, 0xFC, 0x07, 0xCB, 0x30, 0x8D, 0xB3, + 0xB3, 0xC9, 0xD2, 0x0E, 0xD6, 0x63, 0x9C, 0xCA, 0x70, 0x33, + 0x08, 0x70, 0x55, 0x3E, 0x5C, 0x41, 0x4C, 0xA9, 0x26, 0x19, + 0x41, 0x86, 0x61, 0x19, 0x7F, 0xAC, 0x10, 0x47, 0x1D, 0xB1, + 0xD3, 0x81, 0x08, 0x5D, 0xDA, 0xDD, 0xB5, 0x87, 0x96, 0x82, + 0x9C, 0xA9, 0x00, 0x69 + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[0 + 32 * 6]; +} + _EC_FRP256v1 = { + { + NID_X9_62_prime_field, 0, 32, 1 + }, + { /* no seed */ + 0xF1, 0xFD, 0x17, 0x8C, 0x0B, 0x3A, 0xD5, 0x8F, 0x10, 0x12, /* p */ + 0x6D, 0xE8, 0xCE, 0x42, 0x43, 0x5B, 0x39, 0x61, 0xAD, 0xBC, + 0xAB, 0xC8, 0xCA, 0x6D, 0xE8, 0xFC, 0xF3, 0x53, 0xD8, 0x6E, + 0x9C, 0x03, + 0xF1, 0xFD, 0x17, 0x8C, 0x0B, 0x3A, 0xD5, 0x8F, 0x10, 0x12, /* a */ + 0x6D, 0xE8, 0xCE, 0x42, 0x43, 0x5B, 0x39, 0x61, 0xAD, 0xBC, + 0xAB, 0xC8, 0xCA, 0x6D, 0xE8, 0xFC, 0xF3, 0x53, 0xD8, 0x6E, + 0x9C, 0x00, + 0xEE, 0x35, 0x3F, 0xCA, 0x54, 0x28, 0xA9, 0x30, 0x0D, 0x4A, /* b */ + 0xBA, 0x75, 0x4A, 0x44, 0xC0, 0x0F, 0xDF, 0xEC, 0x0C, 0x9A, + 0xE4, 0xB1, 0xA1, 0x80, 0x30, 0x75, 0xED, 0x96, 0x7B, 0x7B, + 0xB7, 0x3F, + 0xB6, 0xB3, 0xD4, 0xC3, 0x56, 0xC1, 0x39, 0xEB, 0x31, 0x18, /* x */ + 0x3D, 0x47, 0x49, 0xD4, 0x23, 0x95, 0x8C, 0x27, 0xD2, 0xDC, + 0xAF, 0x98, 0xB7, 0x01, 0x64, 0xC9, 0x7A, 0x2D, 0xD9, 0x8F, + 0x5C, 0xFF, + 0x61, 0x42, 0xE0, 0xF7, 0xC8, 0xB2, 0x04, 0x91, 0x1F, 0x92, /* y */ + 0x71, 0xF0, 0xF3, 0xEC, 0xEF, 0x8C, 0x27, 0x01, 0xC3, 0x07, + 0xE8, 0xE4, 0xC9, 0xE1, 0x83, 0x11, 0x5A, 0x15, 0x54, 0x06, + 0x2C, 0xFB, + 0xF1, 0xFD, 0x17, 0x8C, 0x0B, 0x3A, 0xD5, 0x8F, 0x10, 0x12, /* order */ + 0x6D, 0xE8, 0xCE, 0x42, 0x43, 0x5B, 0x53, 0xDC, 0x67, 0xE1, + 0x40, 0xD2, 0xBF, 0x94, 0x1F, 0xFD, 0xD4, 0x59, 0xC6, 0xD6, + 0x55, 0xE1 + } +}; + +#ifndef OPENSSL_NO_GOST +static const struct { + EC_CURVE_DATA h; + unsigned char data[0 + 32 * 6]; +} + _EC_GOST_2001_Test = { + { + NID_X9_62_prime_field, 0, 32, 1 + }, + { /* no seed */ + 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* p */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x04, 0x31, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* a */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x07, + 0x5F, 0xBF, 0xF4, 0x98, 0xAA, 0x93, 0x8C, 0xE7, 0x39, 0xB8, /* b */ + 0xE0, 0x22, 0xFB, 0xAF, 0xEF, 0x40, 0x56, 0x3F, 0x6E, 0x6A, + 0x34, 0x72, 0xFC, 0x2A, 0x51, 0x4C, 0x0C, 0xE9, 0xDA, 0xE2, + 0x3B, 0x7E, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* x */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x02, + 0x08, 0xE2, 0xA8, 0xA0, 0xE6, 0x51, 0x47, 0xD4, 0xBD, 0x63, /* y */ + 0x16, 0x03, 0x0E, 0x16, 0xD1, 0x9C, 0x85, 0xC9, 0x7F, 0x0A, + 0x9C, 0xA2, 0x67, 0x12, 0x2B, 0x96, 0xAB, 0xBC, 0xEA, 0x7E, + 0x8F, 0xC8, + 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* order */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x50, 0xFE, 0x8A, 0x18, + 0x92, 0x97, 0x61, 0x54, 0xC5, 0x9C, 0xFC, 0x19, 0x3A, 0xCC, + 0xF5, 0xB3, + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[0 + 32 * 6]; +} + _EC_GOST_2001_CryptoPro_A = { + { + NID_X9_62_prime_field, 0, 32, 1 + }, + { /* no seed */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFD, 0x97, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* a */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFD, 0x94, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* b */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0xA6, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* x */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x01, + 0x8D, 0x91, 0xE4, 0x71, 0xE0, 0x98, 0x9C, 0xDA, 0x27, 0xDF, /* y */ + 0x50, 0x5A, 0x45, 0x3F, 0x2B, 0x76, 0x35, 0x29, 0x4F, 0x2D, + 0xDF, 0x23, 0xE3, 0xB1, 0x22, 0xAC, 0xC9, 0x9C, 0x9E, 0x9F, + 0x1E, 0x14, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* order */ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x6C, 0x61, 0x10, 0x70, + 0x99, 0x5A, 0xD1, 0x00, 0x45, 0x84, 0x1B, 0x09, 0xB7, 0x61, + 0xB8, 0x93, + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[0 + 32 * 6]; +} + _EC_GOST_2001_CryptoPro_B = { + { + NID_X9_62_prime_field, 0, 32, 1 + }, + { /* no seed */ + 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* p */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x0C, 0x99, + 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* a */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x0C, 0x96, + 0x3E, 0x1A, 0xF4, 0x19, 0xA2, 0x69, 0xA5, 0xF8, 0x66, 0xA7, /* b */ + 0xD3, 0xC2, 0x5C, 0x3D, 0xF8, 0x0A, 0xE9, 0x79, 0x25, 0x93, + 0x73, 0xFF, 0x2B, 0x18, 0x2F, 0x49, 0xD4, 0xCE, 0x7E, 0x1B, + 0xBC, 0x8B, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* x */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x01, + 0x3F, 0xA8, 0x12, 0x43, 0x59, 0xF9, 0x66, 0x80, 0xB8, 0x3D, /* y */ + 0x1C, 0x3E, 0xB2, 0xC0, 0x70, 0xE5, 0xC5, 0x45, 0xC9, 0x85, + 0x8D, 0x03, 0xEC, 0xFB, 0x74, 0x4B, 0xF8, 0xD7, 0x17, 0x71, + 0x7E, 0xFC, + 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* order */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x5F, 0x70, 0x0C, 0xFF, + 0xF1, 0xA6, 0x24, 0xE5, 0xE4, 0x97, 0x16, 0x1B, 0xCC, 0x8A, + 0x19, 0x8F, + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[0 + 32 * 6]; +} + _EC_GOST_2001_CryptoPro_C = { + { + NID_X9_62_prime_field, 0, 32, 1 + }, + { /* no seed */ + 0x9B, 0x9F, 0x60, 0x5F, 0x5A, 0x85, 0x81, 0x07, 0xAB, 0x1E, /* p */ + 0xC8, 0x5E, 0x6B, 0x41, 0xC8, 0xAA, 0xCF, 0x84, 0x6E, 0x86, + 0x78, 0x90, 0x51, 0xD3, 0x79, 0x98, 0xF7, 0xB9, 0x02, 0x2D, + 0x75, 0x9B, + 0x9B, 0x9F, 0x60, 0x5F, 0x5A, 0x85, 0x81, 0x07, 0xAB, 0x1E, /* a */ + 0xC8, 0x5E, 0x6B, 0x41, 0xC8, 0xAA, 0xCF, 0x84, 0x6E, 0x86, + 0x78, 0x90, 0x51, 0xD3, 0x79, 0x98, 0xF7, 0xB9, 0x02, 0x2D, + 0x75, 0x98, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* b */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x80, 0x5A, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* x */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, + 0x41, 0xEC, 0xE5, 0x57, 0x43, 0x71, 0x1A, 0x8C, 0x3C, 0xBF, /* y */ + 0x37, 0x83, 0xCD, 0x08, 0xC0, 0xEE, 0x4D, 0x4D, 0xC4, 0x40, + 0xD4, 0x64, 0x1A, 0x8F, 0x36, 0x6E, 0x55, 0x0D, 0xFD, 0xB3, + 0xBB, 0x67, + 0x9B, 0x9F, 0x60, 0x5F, 0x5A, 0x85, 0x81, 0x07, 0xAB, 0x1E, /* order */ + 0xC8, 0x5E, 0x6B, 0x41, 0xC8, 0xAA, 0x58, 0x2C, 0xA3, 0x51, + 0x1E, 0xDD, 0xFB, 0x74, 0xF0, 0x2F, 0x3A, 0x65, 0x98, 0x98, + 0x0B, 0xB9, + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[0 + 64 * 6]; +} + _EC_GOST_2012_TC26_A = { + { + NID_X9_62_prime_field, 0, 64, 1 + }, + { /* no seed */ + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, /* p */ + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xfd, 0xc7, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, /* a */ + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xfd, 0xc4, + 0xe8, 0xc2, 0x50, 0x5d, 0xed, 0xfc, 0x86, 0xdd, 0xc1, 0xbd, /* b */ + 0x0b, 0x2b, 0x66, 0x67, 0xf1, 0xda, 0x34, 0xb8, 0x25, 0x74, + 0x76, 0x1c, 0xb0, 0xe8, 0x79, 0xbd, 0x08, 0x1c, 0xfd, 0x0b, + 0x62, 0x65, 0xee, 0x3c, 0xb0, 0x90, 0xf3, 0x0d, 0x27, 0x61, + 0x4c, 0xb4, 0x57, 0x40, 0x10, 0xda, 0x90, 0xdd, 0x86, 0x2e, + 0xf9, 0xd4, 0xeb, 0xee, 0x47, 0x61, 0x50, 0x31, 0x90, 0x78, + 0x5a, 0x71, 0xc7, 0x60, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* x */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x03, + 0x75, 0x03, 0xcf, 0xe8, 0x7a, 0x83, 0x6a, 0xe3, 0xa6, 0x1b, /* y */ + 0x88, 0x16, 0xe2, 0x54, 0x50, 0xe6, 0xce, 0x5e, 0x1c, 0x93, + 0xac, 0xf1, 0xab, 0xc1, 0x77, 0x80, 0x64, 0xfd, 0xcb, 0xef, + 0xa9, 0x21, 0xdf, 0x16, 0x26, 0xbe, 0x4f, 0xd0, 0x36, 0xe9, + 0x3d, 0x75, 0xe6, 0xa5, 0x0e, 0x3a, 0x41, 0xe9, 0x80, 0x28, + 0xfe, 0x5f, 0xc2, 0x35, 0xf5, 0xb8, 0x89, 0xa5, 0x89, 0xcb, + 0x52, 0x15, 0xf2, 0xa4, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, /* order */ + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0x27, 0xe6, 0x95, 0x32, 0xf4, 0x8d, 0x89, 0x11, + 0x6f, 0xf2, 0x2b, 0x8d, 0x4e, 0x05, 0x60, 0x60, 0x9b, 0x4b, + 0x38, 0xab, 0xfa, 0xd2, 0xb8, 0x5d, 0xca, 0xcd, 0xb1, 0x41, + 0x1f, 0x10, 0xb2, 0x75 + } +}; + +static const struct { + EC_CURVE_DATA h; + unsigned char data[0 + 64 * 6]; +} + _EC_GOST_2012_TC26_B = { + { + NID_X9_62_prime_field, 0, 64, 1 + }, + { /* no seed */ + 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* p */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x6f, + 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* a */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x6c, + 0x68, 0x7d, 0x1b, 0x45, 0x9d, 0xc8, 0x41, 0x45, 0x7e, 0x3e, /* b */ + 0x06, 0xcf, 0x6f, 0x5e, 0x25, 0x17, 0xb9, 0x7c, 0x7d, 0x61, + 0x4a, 0xf1, 0x38, 0xbc, 0xbf, 0x85, 0xdc, 0x80, 0x6c, 0x4b, + 0x28, 0x9f, 0x3e, 0x96, 0x5d, 0x2d, 0xb1, 0x41, 0x6d, 0x21, + 0x7f, 0x8b, 0x27, 0x6f, 0xad, 0x1a, 0xb6, 0x9c, 0x50, 0xf7, + 0x8b, 0xee, 0x1f, 0xa3, 0x10, 0x6e, 0xfb, 0x8c, 0xcb, 0xc7, + 0xc5, 0x14, 0x01, 0x16, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* x */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x02, + 0x1a, 0x8f, 0x7e, 0xda, 0x38, 0x9b, 0x09, 0x4c, 0x2c, 0x07, /* y */ + 0x1e, 0x36, 0x47, 0xa8, 0x94, 0x0f, 0x3c, 0x12, 0x3b, 0x69, + 0x75, 0x78, 0xc2, 0x13, 0xbe, 0x6d, 0xd9, 0xe6, 0xc8, 0xec, + 0x73, 0x35, 0xdc, 0xb2, 0x28, 0xfd, 0x1e, 0xdf, 0x4a, 0x39, + 0x15, 0x2c, 0xbc, 0xaa, 0xf8, 0xc0, 0x39, 0x88, 0x28, 0x04, + 0x10, 0x55, 0xf9, 0x4c, 0xee, 0xec, 0x7e, 0x21, 0x34, 0x07, + 0x80, 0xfe, 0x41, 0xbd, + 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, /* order */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x01, 0x49, 0xa1, 0xec, 0x14, 0x25, 0x65, 0xa5, 0x45, + 0xac, 0xfd, 0xb7, 0x7b, 0xd9, 0xd4, 0x0c, 0xfa, 0x8b, 0x99, + 0x67, 0x12, 0x10, 0x1b, 0xea, 0x0e, 0xc6, 0x34, 0x6c, 0x54, + 0x37, 0x4f, 0x25, 0xbd + } +}; + +#endif + +#ifndef OPENSSL_NO_SM2 +static const struct { + EC_CURVE_DATA h; + unsigned char data[0 + 32 * 6]; +} _EC_sm2p256v1 = { + { + NID_X9_62_prime_field, 0, 32, 1 + }, + { + /* no seed */ + + /* p */ + 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + /* a */ + 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc, + /* b */ + 0x28, 0xe9, 0xfa, 0x9e, 0x9d, 0x9f, 0x5e, 0x34, 0x4d, 0x5a, 0x9e, 0x4b, + 0xcf, 0x65, 0x09, 0xa7, 0xf3, 0x97, 0x89, 0xf5, 0x15, 0xab, 0x8f, 0x92, + 0xdd, 0xbc, 0xbd, 0x41, 0x4d, 0x94, 0x0e, 0x93, + /* x */ + 0x32, 0xc4, 0xae, 0x2c, 0x1f, 0x19, 0x81, 0x19, 0x5f, 0x99, 0x04, 0x46, + 0x6a, 0x39, 0xc9, 0x94, 0x8f, 0xe3, 0x0b, 0xbf, 0xf2, 0x66, 0x0b, 0xe1, + 0x71, 0x5a, 0x45, 0x89, 0x33, 0x4c, 0x74, 0xc7, + /* y */ + 0xbc, 0x37, 0x36, 0xa2, 0xf4, 0xf6, 0x77, 0x9c, 0x59, 0xbd, 0xce, 0xe3, + 0x6b, 0x69, 0x21, 0x53, 0xd0, 0xa9, 0x87, 0x7c, 0xc6, 0x2a, 0x47, 0x40, + 0x02, 0xdf, 0x32, 0xe5, 0x21, 0x39, 0xf0, 0xa0, + /* order */ + 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0x72, 0x03, 0xdf, 0x6b, 0x21, 0xc6, 0x05, 0x2b, + 0x53, 0xbb, 0xf4, 0x09, 0x39, 0xd5, 0x41, 0x23, + } +}; +#endif + + +typedef struct _ec_list_element_st { + int nid; + const EC_CURVE_DATA *data; + const EC_METHOD *(*meth) (void); + const char *comment; +} ec_list_element; + +static const ec_list_element curve_list[] = { + /* prime field curves */ + /* secg curves */ + {NID_secp112r1, &_EC_SECG_PRIME_112R1.h, 0, "SECG/WTLS curve over a 112 bit prime field"}, + {NID_secp112r2, &_EC_SECG_PRIME_112R2.h, 0, "SECG curve over a 112 bit prime field"}, + {NID_secp128r1, &_EC_SECG_PRIME_128R1.h, 0, "SECG curve over a 128 bit prime field"}, + {NID_secp128r2, &_EC_SECG_PRIME_128R2.h, 0, "SECG curve over a 128 bit prime field"}, + {NID_secp160k1, &_EC_SECG_PRIME_160K1.h, 0, "SECG curve over a 160 bit prime field"}, + {NID_secp160r1, &_EC_SECG_PRIME_160R1.h, 0, "SECG curve over a 160 bit prime field"}, + {NID_secp160r2, &_EC_SECG_PRIME_160R2.h, 0, "SECG/WTLS curve over a 160 bit prime field"}, + /* SECG secp192r1 is the same as X9.62 prime192v1 and hence omitted */ + {NID_secp192k1, &_EC_SECG_PRIME_192K1.h, 0, "SECG curve over a 192 bit prime field"}, + {NID_secp224k1, &_EC_SECG_PRIME_224K1.h, 0, "SECG curve over a 224 bit prime field"}, +#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 + {NID_secp224r1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method, "NIST/SECG curve over a 224 bit prime field"}, +#else + {NID_secp224r1, &_EC_NIST_PRIME_224.h, 0, "NIST/SECG curve over a 224 bit prime field"}, +#endif + {NID_secp256k1, &_EC_SECG_PRIME_256K1.h, 0, "SECG curve over a 256 bit prime field"}, + /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */ + {NID_secp384r1, &_EC_NIST_PRIME_384.h, 0, "NIST/SECG curve over a 384 bit prime field"}, +#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 + {NID_secp521r1, &_EC_NIST_PRIME_521.h, EC_GFp_nistp521_method, "NIST/SECG curve over a 521 bit prime field"}, +#else + {NID_secp521r1, &_EC_NIST_PRIME_521.h, 0, "NIST/SECG curve over a 521 bit prime field"}, +#endif + /* X9.62 curves */ + {NID_X9_62_prime192v1, &_EC_NIST_PRIME_192.h, 0, "NIST/X9.62/SECG curve over a 192 bit prime field"}, + {NID_X9_62_prime192v2, &_EC_X9_62_PRIME_192V2.h, 0, "X9.62 curve over a 192 bit prime field"}, + {NID_X9_62_prime192v3, &_EC_X9_62_PRIME_192V3.h, 0, "X9.62 curve over a 192 bit prime field"}, + {NID_X9_62_prime239v1, &_EC_X9_62_PRIME_239V1.h, 0, "X9.62 curve over a 239 bit prime field"}, + {NID_X9_62_prime239v2, &_EC_X9_62_PRIME_239V2.h, 0, "X9.62 curve over a 239 bit prime field"}, + {NID_X9_62_prime239v3, &_EC_X9_62_PRIME_239V3.h, 0, "X9.62 curve over a 239 bit prime field"}, + {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, +#if defined(ECP_NISTZ256_ASM) + EC_GFp_nistz256_method, +#elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128) + EC_GFp_nistp256_method, +#else + 0, +#endif + "X9.62/SECG curve over a 256 bit prime field"}, +#ifndef OPENSSL_NO_EC2M + /* characteristic two field curves */ + /* NIST/SECG curves */ + {NID_sect113r1, &_EC_SECG_CHAR2_113R1.h, 0, "SECG curve over a 113 bit binary field"}, + {NID_sect113r2, &_EC_SECG_CHAR2_113R2.h, 0, "SECG curve over a 113 bit binary field"}, + {NID_sect131r1, &_EC_SECG_CHAR2_131R1.h, 0, "SECG/WTLS curve over a 131 bit binary field"}, + {NID_sect131r2, &_EC_SECG_CHAR2_131R2.h, 0, "SECG curve over a 131 bit binary field"}, + {NID_sect163k1, &_EC_NIST_CHAR2_163K.h, 0, "NIST/SECG/WTLS curve over a 163 bit binary field"}, + {NID_sect163r1, &_EC_SECG_CHAR2_163R1.h, 0, "SECG curve over a 163 bit binary field"}, + {NID_sect163r2, &_EC_NIST_CHAR2_163B.h, 0, "NIST/SECG curve over a 163 bit binary field"}, + {NID_sect193r1, &_EC_SECG_CHAR2_193R1.h, 0, "SECG curve over a 193 bit binary field"}, + {NID_sect193r2, &_EC_SECG_CHAR2_193R2.h, 0, "SECG curve over a 193 bit binary field"}, + {NID_sect233k1, &_EC_NIST_CHAR2_233K.h, 0, "NIST/SECG/WTLS curve over a 233 bit binary field"}, + {NID_sect233r1, &_EC_NIST_CHAR2_233B.h, 0, "NIST/SECG/WTLS curve over a 233 bit binary field"}, + {NID_sect239k1, &_EC_SECG_CHAR2_239K1.h, 0, "SECG curve over a 239 bit binary field"}, + {NID_sect283k1, &_EC_NIST_CHAR2_283K.h, 0, "NIST/SECG curve over a 283 bit binary field"}, + {NID_sect283r1, &_EC_NIST_CHAR2_283B.h, 0, "NIST/SECG curve over a 283 bit binary field"}, + {NID_sect409k1, &_EC_NIST_CHAR2_409K.h, 0, "NIST/SECG curve over a 409 bit binary field"}, + {NID_sect409r1, &_EC_NIST_CHAR2_409B.h, 0, "NIST/SECG curve over a 409 bit binary field"}, + {NID_sect571k1, &_EC_NIST_CHAR2_571K.h, 0, "NIST/SECG curve over a 571 bit binary field"}, + {NID_sect571r1, &_EC_NIST_CHAR2_571B.h, 0, "NIST/SECG curve over a 571 bit binary field"}, + /* X9.62 curves */ + {NID_X9_62_c2pnb163v1, &_EC_X9_62_CHAR2_163V1.h, 0, "X9.62 curve over a 163 bit binary field"}, + {NID_X9_62_c2pnb163v2, &_EC_X9_62_CHAR2_163V2.h, 0, "X9.62 curve over a 163 bit binary field"}, + {NID_X9_62_c2pnb163v3, &_EC_X9_62_CHAR2_163V3.h, 0, "X9.62 curve over a 163 bit binary field"}, + {NID_X9_62_c2pnb176v1, &_EC_X9_62_CHAR2_176V1.h, 0, "X9.62 curve over a 176 bit binary field"}, + {NID_X9_62_c2tnb191v1, &_EC_X9_62_CHAR2_191V1.h, 0, "X9.62 curve over a 191 bit binary field"}, + {NID_X9_62_c2tnb191v2, &_EC_X9_62_CHAR2_191V2.h, 0, "X9.62 curve over a 191 bit binary field"}, + {NID_X9_62_c2tnb191v3, &_EC_X9_62_CHAR2_191V3.h, 0, "X9.62 curve over a 191 bit binary field"}, + {NID_X9_62_c2pnb208w1, &_EC_X9_62_CHAR2_208W1.h, 0, "X9.62 curve over a 208 bit binary field"}, + {NID_X9_62_c2tnb239v1, &_EC_X9_62_CHAR2_239V1.h, 0, "X9.62 curve over a 239 bit binary field"}, + {NID_X9_62_c2tnb239v2, &_EC_X9_62_CHAR2_239V2.h, 0, "X9.62 curve over a 239 bit binary field"}, + {NID_X9_62_c2tnb239v3, &_EC_X9_62_CHAR2_239V3.h, 0, "X9.62 curve over a 239 bit binary field"}, + {NID_X9_62_c2pnb272w1, &_EC_X9_62_CHAR2_272W1.h, 0, "X9.62 curve over a 272 bit binary field"}, + {NID_X9_62_c2pnb304w1, &_EC_X9_62_CHAR2_304W1.h, 0, "X9.62 curve over a 304 bit binary field"}, + {NID_X9_62_c2tnb359v1, &_EC_X9_62_CHAR2_359V1.h, 0, "X9.62 curve over a 359 bit binary field"}, + {NID_X9_62_c2pnb368w1, &_EC_X9_62_CHAR2_368W1.h, 0, "X9.62 curve over a 368 bit binary field"}, + {NID_X9_62_c2tnb431r1, &_EC_X9_62_CHAR2_431R1.h, 0, "X9.62 curve over a 431 bit binary field"}, + /* + * the WAP/WTLS curves [unlike SECG, spec has its own OIDs for curves + * from X9.62] + */ + {NID_wap_wsg_idm_ecid_wtls1, &_EC_WTLS_1.h, 0, "WTLS curve over a 113 bit binary field"}, + {NID_wap_wsg_idm_ecid_wtls3, &_EC_NIST_CHAR2_163K.h, 0, "NIST/SECG/WTLS curve over a 163 bit binary field"}, + {NID_wap_wsg_idm_ecid_wtls4, &_EC_SECG_CHAR2_113R1.h, 0, "SECG curve over a 113 bit binary field"}, + {NID_wap_wsg_idm_ecid_wtls5, &_EC_X9_62_CHAR2_163V1.h, 0, "X9.62 curve over a 163 bit binary field"}, +#endif + {NID_wap_wsg_idm_ecid_wtls6, &_EC_SECG_PRIME_112R1.h, 0, "SECG/WTLS curve over a 112 bit prime field"}, + {NID_wap_wsg_idm_ecid_wtls7, &_EC_SECG_PRIME_160R2.h, 0, "SECG/WTLS curve over a 160 bit prime field"}, + {NID_wap_wsg_idm_ecid_wtls8, &_EC_WTLS_8.h, 0, "WTLS curve over a 112 bit prime field"}, + {NID_wap_wsg_idm_ecid_wtls9, &_EC_WTLS_9.h, 0, "WTLS curve over a 160 bit prime field"}, +#ifndef OPENSSL_NO_EC2M + {NID_wap_wsg_idm_ecid_wtls10, &_EC_NIST_CHAR2_233K.h, 0, "NIST/SECG/WTLS curve over a 233 bit binary field"}, + {NID_wap_wsg_idm_ecid_wtls11, &_EC_NIST_CHAR2_233B.h, 0, "NIST/SECG/WTLS curve over a 233 bit binary field"}, +#endif + {NID_wap_wsg_idm_ecid_wtls12, &_EC_WTLS_12.h, 0, "WTLS curve over a 224 bit prime field"}, +#ifndef OPENSSL_NO_EC2M + /* IPSec curves */ + {NID_ipsec3, &_EC_IPSEC_155_ID3.h, 0, "\n\tIPSec/IKE/Oakley curve #3 over a 155 bit binary field.\n" + "\tNot suitable for ECDSA.\n\tQuestionable extension field!"}, + {NID_ipsec4, &_EC_IPSEC_185_ID4.h, 0, "\n\tIPSec/IKE/Oakley curve #4 over a 185 bit binary field.\n" + "\tNot suitable for ECDSA.\n\tQuestionable extension field!"}, +#endif + /* RFC 5639 curves */ + {NID_brainpoolP160r1, &_EC_brainpoolP160r1.h, 0, "RFC 5639 curve over a 160 bit prime field"}, + {NID_brainpoolP160t1, &_EC_brainpoolP160t1.h, 0, "RFC 5639 curve over a 160 bit prime field"}, + {NID_brainpoolP192r1, &_EC_brainpoolP192r1.h, 0, "RFC 5639 curve over a 192 bit prime field"}, + {NID_brainpoolP192t1, &_EC_brainpoolP192t1.h, 0, "RFC 5639 curve over a 192 bit prime field"}, + {NID_brainpoolP224r1, &_EC_brainpoolP224r1.h, 0, "RFC 5639 curve over a 224 bit prime field"}, + {NID_brainpoolP224t1, &_EC_brainpoolP224t1.h, 0, "RFC 5639 curve over a 224 bit prime field"}, + {NID_brainpoolP256r1, &_EC_brainpoolP256r1.h, 0, "RFC 5639 curve over a 256 bit prime field"}, + {NID_brainpoolP256t1, &_EC_brainpoolP256t1.h, 0, "RFC 5639 curve over a 256 bit prime field"}, + {NID_brainpoolP320r1, &_EC_brainpoolP320r1.h, 0, "RFC 5639 curve over a 320 bit prime field"}, + {NID_brainpoolP320t1, &_EC_brainpoolP320t1.h, 0, "RFC 5639 curve over a 320 bit prime field"}, + {NID_brainpoolP384r1, &_EC_brainpoolP384r1.h, 0, "RFC 5639 curve over a 384 bit prime field"}, + {NID_brainpoolP384t1, &_EC_brainpoolP384t1.h, 0, "RFC 5639 curve over a 384 bit prime field"}, + {NID_brainpoolP512r1, &_EC_brainpoolP512r1.h, 0, "RFC 5639 curve over a 512 bit prime field"}, + {NID_brainpoolP512t1, &_EC_brainpoolP512t1.h, 0, "RFC 5639 curve over a 512 bit prime field"}, + /* ANSSI */ + {NID_FRP256v1, &_EC_FRP256v1.h, 0, "FRP256v1"}, +#ifndef OPENSSL_NO_GOST + /* GOST R 34.10-2001 */ + {NID_id_GostR3410_2001_TestParamSet, &_EC_GOST_2001_Test.h, 0, "GOST R 34.10-2001 Test Curve"}, + {NID_id_GostR3410_2001_CryptoPro_A_ParamSet, &_EC_GOST_2001_CryptoPro_A.h, 0, "GOST R 34.10-2001 CryptoPro-A"}, + {NID_id_GostR3410_2001_CryptoPro_B_ParamSet, &_EC_GOST_2001_CryptoPro_B.h, 0, "GOST R 34.10-2001 CryptoPro-B"}, + {NID_id_GostR3410_2001_CryptoPro_C_ParamSet, &_EC_GOST_2001_CryptoPro_C.h, 0, "GOST R 34.10-2001 CryptoPro-C"}, + {NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet, &_EC_GOST_2001_CryptoPro_A.h, 0, "GOST R 34.10-2001 CryptoPro-XchA"}, + {NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet, &_EC_GOST_2001_CryptoPro_C.h, 0, "GOST R 34.10-2001 CryptoPro-XchB"}, + {NID_id_tc26_gost_3410_2012_512_paramSetA, &_EC_GOST_2012_TC26_A.h, 0, "GOST R 34.10-2012 TC26-A"}, + {NID_id_tc26_gost_3410_2012_512_paramSetB, &_EC_GOST_2012_TC26_B.h, 0, "GOST R 34.10-2012 TC26-B"}, +#endif +#ifndef OPENSSL_NO_SM2 + {NID_sm2, &_EC_sm2p256v1.h, 0, "SM2 curve over a 256 bit prime field"}, +#endif +}; + +#define curve_list_length (sizeof(curve_list)/sizeof(ec_list_element)) + +static EC_GROUP * +ec_group_new_from_data(const ec_list_element curve) +{ + EC_GROUP *group = NULL; + EC_POINT *P = NULL; + BN_CTX *ctx = NULL; + BIGNUM *p = NULL, *a = NULL, *b = NULL, *x = NULL, *y = NULL, *order = NULL; + int ok = 0; + int seed_len, param_len; + const EC_METHOD *meth; + const EC_CURVE_DATA *data; + const unsigned char *params; + + if ((ctx = BN_CTX_new()) == NULL) { + ECerror(ERR_R_MALLOC_FAILURE); + goto err; + } + data = curve.data; + seed_len = data->seed_len; + param_len = data->param_len; + params = (const unsigned char *) (data + 1); /* skip header */ + params += seed_len; /* skip seed */ + + if (!(p = BN_bin2bn(params + 0 * param_len, param_len, NULL)) || + !(a = BN_bin2bn(params + 1 * param_len, param_len, NULL)) || + !(b = BN_bin2bn(params + 2 * param_len, param_len, NULL))) { + ECerror(ERR_R_BN_LIB); + goto err; + } + if (curve.meth != 0) { + meth = curve.meth(); + if (((group = EC_GROUP_new(meth)) == NULL) || + (!(group->meth->group_set_curve(group, p, a, b, ctx)))) { + ECerror(ERR_R_EC_LIB); + goto err; + } + } else if (data->field_type == NID_X9_62_prime_field) { + if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL) { + ECerror(ERR_R_EC_LIB); + goto err; + } + } +#ifndef OPENSSL_NO_EC2M + else { /* field_type == + * NID_X9_62_characteristic_two_field */ + if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL) { + ECerror(ERR_R_EC_LIB); + goto err; + } + } +#endif + + if ((P = EC_POINT_new(group)) == NULL) { + ECerror(ERR_R_EC_LIB); + goto err; + } + if (!(x = BN_bin2bn(params + 3 * param_len, param_len, NULL)) + || !(y = BN_bin2bn(params + 4 * param_len, param_len, NULL))) { + ECerror(ERR_R_BN_LIB); + goto err; + } + if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx)) { + ECerror(ERR_R_EC_LIB); + goto err; + } + if (!(order = BN_bin2bn(params + 5 * param_len, param_len, NULL)) + || !BN_set_word(x, (BN_ULONG) data->cofactor)) { + ECerror(ERR_R_BN_LIB); + goto err; + } + if (!EC_GROUP_set_generator(group, P, order, x)) { + ECerror(ERR_R_EC_LIB); + goto err; + } + if (seed_len) { + if (!EC_GROUP_set_seed(group, params - seed_len, seed_len)) { + ECerror(ERR_R_EC_LIB); + goto err; + } + } + ok = 1; + err: + if (!ok) { + EC_GROUP_free(group); + group = NULL; + } + EC_POINT_free(P); + BN_CTX_free(ctx); + BN_free(p); + BN_free(a); + BN_free(b); + BN_free(order); + BN_free(x); + BN_free(y); + return group; +} + +EC_GROUP * +EC_GROUP_new_by_curve_name(int nid) +{ + size_t i; + EC_GROUP *ret = NULL; + + if (nid <= 0) + return NULL; + + for (i = 0; i < curve_list_length; i++) + if (curve_list[i].nid == nid) { + ret = ec_group_new_from_data(curve_list[i]); + break; + } + if (ret == NULL) { + ECerror(EC_R_UNKNOWN_GROUP); + return NULL; + } + EC_GROUP_set_curve_name(ret, nid); + + return ret; +} + +size_t +EC_get_builtin_curves(EC_builtin_curve * r, size_t nitems) +{ + size_t i, min; + + if (r == NULL || nitems == 0) + return curve_list_length; + + min = nitems < curve_list_length ? nitems : curve_list_length; + + for (i = 0; i < min; i++) { + r[i].nid = curve_list[i].nid; + r[i].comment = curve_list[i].comment; + } + + return curve_list_length; +} + +/* + * Functions to translate between common NIST curve names and NIDs. + */ + +typedef struct { + const char *name; /* NIST Name of curve */ + int nid; /* Curve NID */ +} EC_NIST_NAME; + +static EC_NIST_NAME nist_curves[] = { + { "B-163", NID_sect163r2 }, + { "B-233", NID_sect233r1 }, + { "B-283", NID_sect283r1 }, + { "B-409", NID_sect409r1 }, + { "B-571", NID_sect571r1 }, + { "K-163", NID_sect163k1 }, + { "K-233", NID_sect233k1 }, + { "K-283", NID_sect283k1 }, + { "K-409", NID_sect409k1 }, + { "K-571", NID_sect571k1 }, + { "P-192", NID_X9_62_prime192v1 }, + { "P-224", NID_secp224r1 }, + { "P-256", NID_X9_62_prime256v1 }, + { "P-384", NID_secp384r1 }, + { "P-521", NID_secp521r1 } +}; + +const char * +EC_curve_nid2nist(int nid) +{ + size_t i; + + for (i = 0; i < sizeof(nist_curves) / sizeof(EC_NIST_NAME); i++) { + if (nist_curves[i].nid == nid) + return (nist_curves[i].name); + } + return (NULL); +} + +int +EC_curve_nist2nid(const char *name) +{ + size_t i; + + for (i = 0; i < sizeof(nist_curves) / sizeof(EC_NIST_NAME); i++) { + if (!strcmp(nist_curves[i].name, name)) + return (nist_curves[i].nid); + } + return (NID_undef); +} diff --git a/src/lib/libcrypto/ec/ec_cvt.c b/src/lib/libcrypto/ec/ec_cvt.c index 45b0ec33a0b..a0982064b89 100644 --- a/src/lib/libcrypto/ec/ec_cvt.c +++ b/src/lib/libcrypto/ec/ec_cvt.c @@ -1,13 +1,16 @@ -/* crypto/ec/ec_cvt.c */ +/* $OpenBSD: ec_cvt.c,v 1.6 2014/07/10 22:45:57 jsing Exp $ */ +/* + * Originally written by Bodo Moeller for the OpenSSL project. + */ /* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -52,29 +55,113 @@ * Hudson (tjh@cryptsoft.com). * */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * Portions of the attached software ("Contribution") are developed by + * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. + * + * The Contribution is licensed pursuant to the OpenSSL open source + * license provided above. + * + * The elliptic curve binary polynomial software is originally written by + * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. + * + */ -#include "ec_lcl.h" +#include +#include +#include "ec_lcl.h" -EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) - { +EC_GROUP * +EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, + BN_CTX *ctx) +{ const EC_METHOD *meth; EC_GROUP *ret; - - /* Finally, this will use EC_GFp_nist_method if 'p' is a special - * prime with optimized modular arithmetics (for NIST curves) + +#if defined(OPENSSL_BN_ASM_MONT) + /* + * This might appear controversial, but the fact is that generic + * prime method was observed to deliver better performance even + * for NIST primes on a range of platforms, e.g.: 60%-15% + * improvement on IA-64, ~25% on ARM, 30%-90% on P4, 20%-25% + * in 32-bit build and 35%--12% in 64-bit build on Core2... + * Coefficients are relative to optimized bn_nist.c for most + * intensive ECDSA verify and ECDH operations for 192- and 521- + * bit keys respectively. Choice of these boundary values is + * arguable, because the dependency of improvement coefficient + * from key length is not a "monotone" curve. For example while + * 571-bit result is 23% on ARM, 384-bit one is -1%. But it's + * generally faster, sometimes "respectfully" faster, sometimes + * "tolerably" slower... What effectively happens is that loop + * with bn_mul_add_words is put against bn_mul_mont, and the + * latter "wins" on short vectors. Correct solution should be + * implementing dedicated NxN multiplication subroutines for + * small N. But till it materializes, let's stick to generic + * prime method... + * */ meth = EC_GFp_mont_method(); - +#else + meth = EC_GFp_nist_method(); +#endif + ret = EC_GROUP_new(meth); if (ret == NULL) return NULL; - if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx)) - { - EC_GROUP_clear_free(ret); - return NULL; + if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx)) { + unsigned long err; + + err = ERR_peek_last_error(); + + if (!(ERR_GET_LIB(err) == ERR_LIB_EC && + ((ERR_GET_REASON(err) == EC_R_NOT_A_NIST_PRIME) || + (ERR_GET_REASON(err) == EC_R_NOT_A_SUPPORTED_NIST_PRIME)))) { + /* real error */ + + EC_GROUP_clear_free(ret); + return NULL; } + /* not an actual error, we just cannot use EC_GFp_nist_method */ + + ERR_clear_error(); + EC_GROUP_clear_free(ret); + meth = EC_GFp_mont_method(); + + ret = EC_GROUP_new(meth); + if (ret == NULL) + return NULL; + + if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx)) { + EC_GROUP_clear_free(ret); + return NULL; + } + } return ret; +} + +#ifndef OPENSSL_NO_EC2M +EC_GROUP * +EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, + BN_CTX *ctx) +{ + const EC_METHOD *meth; + EC_GROUP *ret; + + meth = EC_GF2m_simple_method(); + + ret = EC_GROUP_new(meth); + if (ret == NULL) + return NULL; + + if (!EC_GROUP_set_curve_GF2m(ret, p, a, b, ctx)) { + EC_GROUP_clear_free(ret); + return NULL; } + return ret; +} +#endif diff --git a/src/lib/libcrypto/ec/ec_err.c b/src/lib/libcrypto/ec/ec_err.c index 394cdc021fd..fa5deceda5d 100644 --- a/src/lib/libcrypto/ec/ec_err.c +++ b/src/lib/libcrypto/ec/ec_err.c @@ -1,13 +1,13 @@ -/* crypto/ec/ec_err.c */ +/* $OpenBSD: ec_err.c,v 1.10 2017/01/29 17:49:23 beck Exp $ */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -59,93 +59,85 @@ */ #include + +#include + #include #include /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -static ERR_STRING_DATA EC_str_functs[]= - { -{ERR_PACK(0,EC_F_COMPUTE_WNAF,0), "COMPUTE_WNAF"}, -{ERR_PACK(0,EC_F_EC_GFP_MONT_FIELD_DECODE,0), "ec_GFp_mont_field_decode"}, -{ERR_PACK(0,EC_F_EC_GFP_MONT_FIELD_ENCODE,0), "ec_GFp_mont_field_encode"}, -{ERR_PACK(0,EC_F_EC_GFP_MONT_FIELD_MUL,0), "ec_GFp_mont_field_mul"}, -{ERR_PACK(0,EC_F_EC_GFP_MONT_FIELD_SQR,0), "ec_GFp_mont_field_sqr"}, -{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP,0), "ec_GFp_simple_group_set_curve_GFp"}, -{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR,0), "ec_GFp_simple_group_set_generator"}, -{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_MAKE_AFFINE,0), "ec_GFp_simple_make_affine"}, -{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_OCT2POINT,0), "ec_GFp_simple_oct2point"}, -{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_POINT2OCT,0), "ec_GFp_simple_point2oct"}, -{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE,0), "ec_GFp_simple_points_make_affine"}, -{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP,0), "ec_GFp_simple_point_get_affine_coordinates_GFp"}, -{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP,0), "ec_GFp_simple_point_set_affine_coordinates_GFp"}, -{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP,0), "ec_GFp_simple_set_compressed_coordinates_GFp"}, -{ERR_PACK(0,EC_F_EC_GROUP_COPY,0), "EC_GROUP_copy"}, -{ERR_PACK(0,EC_F_EC_GROUP_GET0_GENERATOR,0), "EC_GROUP_get0_generator"}, -{ERR_PACK(0,EC_F_EC_GROUP_GET_COFACTOR,0), "EC_GROUP_get_cofactor"}, -{ERR_PACK(0,EC_F_EC_GROUP_GET_CURVE_GFP,0), "EC_GROUP_get_curve_GFp"}, -{ERR_PACK(0,EC_F_EC_GROUP_GET_EXTRA_DATA,0), "EC_GROUP_get_extra_data"}, -{ERR_PACK(0,EC_F_EC_GROUP_GET_ORDER,0), "EC_GROUP_get_order"}, -{ERR_PACK(0,EC_F_EC_GROUP_NEW,0), "EC_GROUP_new"}, -{ERR_PACK(0,EC_F_EC_GROUP_PRECOMPUTE_MULT,0), "EC_GROUP_precompute_mult"}, -{ERR_PACK(0,EC_F_EC_GROUP_SET_CURVE_GFP,0), "EC_GROUP_set_curve_GFp"}, -{ERR_PACK(0,EC_F_EC_GROUP_SET_EXTRA_DATA,0), "EC_GROUP_set_extra_data"}, -{ERR_PACK(0,EC_F_EC_GROUP_SET_GENERATOR,0), "EC_GROUP_set_generator"}, -{ERR_PACK(0,EC_F_EC_POINTS_MAKE_AFFINE,0), "EC_POINTs_make_affine"}, -{ERR_PACK(0,EC_F_EC_POINTS_MUL,0), "EC_POINTs_mul"}, -{ERR_PACK(0,EC_F_EC_POINT_ADD,0), "EC_POINT_add"}, -{ERR_PACK(0,EC_F_EC_POINT_CMP,0), "EC_POINT_cmp"}, -{ERR_PACK(0,EC_F_EC_POINT_COPY,0), "EC_POINT_copy"}, -{ERR_PACK(0,EC_F_EC_POINT_DBL,0), "EC_POINT_dbl"}, -{ERR_PACK(0,EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP,0), "EC_POINT_get_affine_coordinates_GFp"}, -{ERR_PACK(0,EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP,0), "EC_POINT_get_Jprojective_coordinates_GFp"}, -{ERR_PACK(0,EC_F_EC_POINT_IS_AT_INFINITY,0), "EC_POINT_is_at_infinity"}, -{ERR_PACK(0,EC_F_EC_POINT_IS_ON_CURVE,0), "EC_POINT_is_on_curve"}, -{ERR_PACK(0,EC_F_EC_POINT_MAKE_AFFINE,0), "EC_POINT_make_affine"}, -{ERR_PACK(0,EC_F_EC_POINT_NEW,0), "EC_POINT_new"}, -{ERR_PACK(0,EC_F_EC_POINT_OCT2POINT,0), "EC_POINT_oct2point"}, -{ERR_PACK(0,EC_F_EC_POINT_POINT2OCT,0), "EC_POINT_point2oct"}, -{ERR_PACK(0,EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP,0), "EC_POINT_set_affine_coordinates_GFp"}, -{ERR_PACK(0,EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP,0), "EC_POINT_set_compressed_coordinates_GFp"}, -{ERR_PACK(0,EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP,0), "EC_POINT_set_Jprojective_coordinates_GFp"}, -{ERR_PACK(0,EC_F_EC_POINT_SET_TO_INFINITY,0), "EC_POINT_set_to_infinity"}, -{ERR_PACK(0,EC_F_GFP_MONT_GROUP_SET_CURVE_GFP,0), "GFP_MONT_GROUP_SET_CURVE_GFP"}, -{0,NULL} - }; -static ERR_STRING_DATA EC_str_reasons[]= - { -{EC_R_BUFFER_TOO_SMALL ,"buffer too small"}, -{EC_R_INCOMPATIBLE_OBJECTS ,"incompatible objects"}, -{EC_R_INVALID_ARGUMENT ,"invalid argument"}, -{EC_R_INVALID_COMPRESSED_POINT ,"invalid compressed point"}, -{EC_R_INVALID_COMPRESSION_BIT ,"invalid compression bit"}, -{EC_R_INVALID_ENCODING ,"invalid encoding"}, -{EC_R_INVALID_FIELD ,"invalid field"}, -{EC_R_INVALID_FORM ,"invalid form"}, -{EC_R_NOT_INITIALIZED ,"not initialized"}, -{EC_R_NO_SUCH_EXTRA_DATA ,"no such extra data"}, -{EC_R_POINT_AT_INFINITY ,"point at infinity"}, -{EC_R_POINT_IS_NOT_ON_CURVE ,"point is not on curve"}, -{EC_R_SLOT_FULL ,"slot full"}, -{EC_R_UNDEFINED_GENERATOR ,"undefined generator"}, -{EC_R_UNKNOWN_ORDER ,"unknown order"}, -{0,NULL} - }; +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_EC,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_EC,0,reason) -#endif +static ERR_STRING_DATA EC_str_functs[] = { + {ERR_FUNC(0xfff), "CRYPTO_internal"}, + {0, NULL} +}; -void ERR_load_EC_strings(void) - { - static int init=1; +static ERR_STRING_DATA EC_str_reasons[] = +{ + {ERR_REASON(EC_R_ASN1_ERROR), "asn1 error"}, + {ERR_REASON(EC_R_ASN1_UNKNOWN_FIELD), "asn1 unknown field"}, + {ERR_REASON(EC_R_BIGNUM_OUT_OF_RANGE), "bignum out of range"}, + {ERR_REASON(EC_R_BUFFER_TOO_SMALL), "buffer too small"}, + {ERR_REASON(EC_R_COORDINATES_OUT_OF_RANGE), "coordinates out of range"}, + {ERR_REASON(EC_R_D2I_ECPKPARAMETERS_FAILURE), "d2i ecpkparameters failure"}, + {ERR_REASON(EC_R_DECODE_ERROR), "decode error"}, + {ERR_REASON(EC_R_DISCRIMINANT_IS_ZERO), "discriminant is zero"}, + {ERR_REASON(EC_R_EC_GROUP_NEW_BY_NAME_FAILURE), "ec group new by name failure"}, + {ERR_REASON(EC_R_FIELD_TOO_LARGE), "field too large"}, + {ERR_REASON(EC_R_GF2M_NOT_SUPPORTED), "gf2m not supported"}, + {ERR_REASON(EC_R_GROUP2PKPARAMETERS_FAILURE), "group2pkparameters failure"}, + {ERR_REASON(EC_R_I2D_ECPKPARAMETERS_FAILURE), "i2d ecpkparameters failure"}, + {ERR_REASON(EC_R_INCOMPATIBLE_OBJECTS), "incompatible objects"}, + {ERR_REASON(EC_R_INVALID_ARGUMENT), "invalid argument"}, + {ERR_REASON(EC_R_INVALID_COMPRESSED_POINT), "invalid compressed point"}, + {ERR_REASON(EC_R_INVALID_COMPRESSION_BIT), "invalid compression bit"}, + {ERR_REASON(EC_R_INVALID_CURVE), "invalid curve"}, + {ERR_REASON(EC_R_INVALID_DIGEST_TYPE), "invalid digest type"}, + {ERR_REASON(EC_R_INVALID_ENCODING), "invalid encoding"}, + {ERR_REASON(EC_R_INVALID_FIELD), "invalid field"}, + {ERR_REASON(EC_R_INVALID_FORM), "invalid form"}, + {ERR_REASON(EC_R_INVALID_GROUP_ORDER), "invalid group order"}, + {ERR_REASON(EC_R_INVALID_PENTANOMIAL_BASIS), "invalid pentanomial basis"}, + {ERR_REASON(EC_R_INVALID_PRIVATE_KEY), "invalid private key"}, + {ERR_REASON(EC_R_INVALID_TRINOMIAL_BASIS), "invalid trinomial basis"}, + {ERR_REASON(EC_R_KEYS_NOT_SET), "keys not set"}, + {ERR_REASON(EC_R_MISSING_PARAMETERS), "missing parameters"}, + {ERR_REASON(EC_R_MISSING_PRIVATE_KEY), "missing private key"}, + {ERR_REASON(EC_R_NOT_A_NIST_PRIME), "not a NIST prime"}, + {ERR_REASON(EC_R_NOT_A_SUPPORTED_NIST_PRIME), "not a supported NIST prime"}, + {ERR_REASON(EC_R_NOT_IMPLEMENTED), "not implemented"}, + {ERR_REASON(EC_R_NOT_INITIALIZED), "not initialized"}, + {ERR_REASON(EC_R_NO_FIELD_MOD), "no field mod"}, + {ERR_REASON(EC_R_NO_PARAMETERS_SET), "no parameters set"}, + {ERR_REASON(EC_R_PASSED_NULL_PARAMETER), "passed null parameter"}, + {ERR_REASON(EC_R_PKPARAMETERS2GROUP_FAILURE), "pkparameters2group failure"}, + {ERR_REASON(EC_R_POINT_AT_INFINITY), "point at infinity"}, + {ERR_REASON(EC_R_POINT_IS_NOT_ON_CURVE), "point is not on curve"}, + {ERR_REASON(EC_R_SLOT_FULL), "slot full"}, + {ERR_REASON(EC_R_UNDEFINED_GENERATOR), "undefined generator"}, + {ERR_REASON(EC_R_UNDEFINED_ORDER), "undefined order"}, + {ERR_REASON(EC_R_UNKNOWN_GROUP), "unknown group"}, + {ERR_REASON(EC_R_UNKNOWN_ORDER), "unknown order"}, + {ERR_REASON(EC_R_UNSUPPORTED_FIELD), "unsupported field"}, + {ERR_REASON(EC_R_WRONG_CURVE_PARAMETERS), "wrong curve parameters"}, + {ERR_REASON(EC_R_WRONG_ORDER), "wrong order"}, + {0, NULL} +}; - if (init) - { - init=0; -#ifndef OPENSSL_NO_ERR - ERR_load_strings(ERR_LIB_EC,EC_str_functs); - ERR_load_strings(ERR_LIB_EC,EC_str_reasons); #endif - } +void +ERR_load_EC_strings(void) +{ +#ifndef OPENSSL_NO_ERR + + if (ERR_func_error_string(EC_str_functs[0].error) == NULL) { + ERR_load_strings(0, EC_str_functs); + ERR_load_strings(0, EC_str_reasons); } +#endif +} diff --git a/src/lib/libcrypto/ec/ec_key.c b/src/lib/libcrypto/ec/ec_key.c new file mode 100644 index 00000000000..1d0a03ac883 --- /dev/null +++ b/src/lib/libcrypto/ec/ec_key.c @@ -0,0 +1,590 @@ +/* $OpenBSD: ec_key.c,v 1.24 2019/01/19 01:12:48 tb Exp $ */ +/* + * Written by Nils Larsch for the OpenSSL project. + */ +/* ==================================================================== + * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * Portions originally developed by SUN MICROSYSTEMS, INC., and + * contributed to the OpenSSL project. + */ + +#include + +#include + +#ifndef OPENSSL_NO_ENGINE +#include +#endif +#include + +#include "bn_lcl.h" +#include "ec_lcl.h" + +EC_KEY * +EC_KEY_new(void) +{ + return EC_KEY_new_method(NULL); +} + +EC_KEY * +EC_KEY_new_by_curve_name(int nid) +{ + EC_KEY *ret = EC_KEY_new(); + if (ret == NULL) + return NULL; + ret->group = EC_GROUP_new_by_curve_name(nid); + if (ret->group == NULL) { + EC_KEY_free(ret); + return NULL; + } + if (ret->meth->set_group != NULL && + ret->meth->set_group(ret, ret->group) == 0) { + EC_KEY_free(ret); + return NULL; + } + return ret; +} + +void +EC_KEY_free(EC_KEY * r) +{ + int i; + + if (r == NULL) + return; + + i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_EC); + if (i > 0) + return; + + if (r->meth != NULL && r->meth->finish != NULL) + r->meth->finish(r); + +#ifndef OPENSSL_NO_ENGINE + ENGINE_finish(r->engine); +#endif + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EC_KEY, r, &r->ex_data); + + EC_GROUP_free(r->group); + EC_POINT_free(r->pub_key); + BN_clear_free(r->priv_key); + + EC_EX_DATA_free_all_data(&r->method_data); + + freezero(r, sizeof(EC_KEY)); +} + +EC_KEY * +EC_KEY_copy(EC_KEY * dest, const EC_KEY * src) +{ + EC_EXTRA_DATA *d; + + if (dest == NULL || src == NULL) { + ECerror(ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } + if (src->meth != dest->meth) { + if (dest->meth != NULL && dest->meth->finish != NULL) + dest->meth->finish(dest); +#ifndef OPENSSL_NO_ENGINE + if (ENGINE_finish(dest->engine) == 0) + return 0; + dest->engine = NULL; +#endif + } + /* copy the parameters */ + if (src->group) { + const EC_METHOD *meth = EC_GROUP_method_of(src->group); + /* clear the old group */ + EC_GROUP_free(dest->group); + dest->group = EC_GROUP_new(meth); + if (dest->group == NULL) + return NULL; + if (!EC_GROUP_copy(dest->group, src->group)) + return NULL; + } + /* copy the public key */ + if (src->pub_key && src->group) { + EC_POINT_free(dest->pub_key); + dest->pub_key = EC_POINT_new(src->group); + if (dest->pub_key == NULL) + return NULL; + if (!EC_POINT_copy(dest->pub_key, src->pub_key)) + return NULL; + } + /* copy the private key */ + if (src->priv_key) { + if (dest->priv_key == NULL) { + dest->priv_key = BN_new(); + if (dest->priv_key == NULL) + return NULL; + } + if (!BN_copy(dest->priv_key, src->priv_key)) + return NULL; + } + /* copy method/extra data */ + EC_EX_DATA_free_all_data(&dest->method_data); + + for (d = src->method_data; d != NULL; d = d->next) { + void *t = d->dup_func(d->data); + + if (t == NULL) + return 0; + if (!EC_EX_DATA_set_data(&dest->method_data, t, d->dup_func, + d->free_func, d->clear_free_func)) + return 0; + } + + /* copy the rest */ + dest->enc_flag = src->enc_flag; + dest->conv_form = src->conv_form; + dest->version = src->version; + dest->flags = src->flags; + + if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_EC_KEY, &dest->ex_data, + &((EC_KEY *)src)->ex_data)) /* XXX const */ + return NULL; + + if (src->meth != dest->meth) { +#ifndef OPENSSL_NO_ENGINE + if (src->engine != NULL && ENGINE_init(src->engine) == 0) + return 0; + dest->engine = src->engine; +#endif + dest->meth = src->meth; + } + + if (src->meth != NULL && src->meth->copy != NULL && + src->meth->copy(dest, src) == 0) + return 0; + + return dest; +} + +EC_KEY * +EC_KEY_dup(const EC_KEY * ec_key) +{ + EC_KEY *ret; + + if ((ret = EC_KEY_new_method(ec_key->engine)) == NULL) + return NULL; + if (EC_KEY_copy(ret, ec_key) == NULL) { + EC_KEY_free(ret); + return NULL; + } + return ret; +} + +int +EC_KEY_up_ref(EC_KEY * r) +{ + int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_EC); + return ((i > 1) ? 1 : 0); +} + +int +EC_KEY_set_ex_data(EC_KEY *r, int idx, void *arg) +{ + return CRYPTO_set_ex_data(&r->ex_data, idx, arg); +} + +void * +EC_KEY_get_ex_data(const EC_KEY *r, int idx) +{ + return CRYPTO_get_ex_data(&r->ex_data, idx); +} + +int +EC_KEY_generate_key(EC_KEY *eckey) +{ + if (eckey->meth->keygen != NULL) + return eckey->meth->keygen(eckey); + ECerror(EC_R_NOT_IMPLEMENTED); + return 0; +} + +int +ossl_ec_key_gen(EC_KEY *eckey) +{ + int ok = 0; + BN_CTX *ctx = NULL; + BIGNUM *priv_key = NULL, *order = NULL; + EC_POINT *pub_key = NULL; + + if (!eckey || !eckey->group) { + ECerror(ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + if ((order = BN_new()) == NULL) + goto err; + if ((ctx = BN_CTX_new()) == NULL) + goto err; + + if ((priv_key = eckey->priv_key) == NULL) { + if ((priv_key = BN_new()) == NULL) + goto err; + } + + if (!EC_GROUP_get_order(eckey->group, order, ctx)) + goto err; + + if (!bn_rand_interval(priv_key, BN_value_one(), order)) + goto err; + + if ((pub_key = eckey->pub_key) == NULL) { + if ((pub_key = EC_POINT_new(eckey->group)) == NULL) + goto err; + } + + if (!EC_POINT_mul(eckey->group, pub_key, priv_key, NULL, NULL, ctx)) + goto err; + + eckey->priv_key = priv_key; + eckey->pub_key = pub_key; + + ok = 1; + + err: + BN_free(order); + if (eckey->pub_key == NULL) + EC_POINT_free(pub_key); + if (eckey->priv_key == NULL) + BN_free(priv_key); + BN_CTX_free(ctx); + return (ok); +} + +int +EC_KEY_check_key(const EC_KEY * eckey) +{ + int ok = 0; + BN_CTX *ctx = NULL; + const BIGNUM *order = NULL; + EC_POINT *point = NULL; + + if (!eckey || !eckey->group || !eckey->pub_key) { + ECerror(ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (EC_POINT_is_at_infinity(eckey->group, eckey->pub_key) > 0) { + ECerror(EC_R_POINT_AT_INFINITY); + goto err; + } + if ((ctx = BN_CTX_new()) == NULL) + goto err; + if ((point = EC_POINT_new(eckey->group)) == NULL) + goto err; + + /* testing whether the pub_key is on the elliptic curve */ + if (EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx) <= 0) { + ECerror(EC_R_POINT_IS_NOT_ON_CURVE); + goto err; + } + /* testing whether pub_key * order is the point at infinity */ + order = &eckey->group->order; + if (BN_is_zero(order)) { + ECerror(EC_R_INVALID_GROUP_ORDER); + goto err; + } + if (!EC_POINT_mul(eckey->group, point, NULL, eckey->pub_key, order, ctx)) { + ECerror(ERR_R_EC_LIB); + goto err; + } + if (EC_POINT_is_at_infinity(eckey->group, point) <= 0) { + ECerror(EC_R_WRONG_ORDER); + goto err; + } + /* + * in case the priv_key is present : check if generator * priv_key == + * pub_key + */ + if (eckey->priv_key) { + if (BN_cmp(eckey->priv_key, order) >= 0) { + ECerror(EC_R_WRONG_ORDER); + goto err; + } + if (!EC_POINT_mul(eckey->group, point, eckey->priv_key, + NULL, NULL, ctx)) { + ECerror(ERR_R_EC_LIB); + goto err; + } + if (EC_POINT_cmp(eckey->group, point, eckey->pub_key, + ctx) != 0) { + ECerror(EC_R_INVALID_PRIVATE_KEY); + goto err; + } + } + ok = 1; + err: + BN_CTX_free(ctx); + EC_POINT_free(point); + return (ok); +} + +int +EC_KEY_set_public_key_affine_coordinates(EC_KEY * key, BIGNUM * x, BIGNUM * y) +{ + BN_CTX *ctx = NULL; + BIGNUM *tx, *ty; + EC_POINT *point = NULL; + int ok = 0, tmp_nid, is_char_two = 0; + + if (!key || !key->group || !x || !y) { + ECerror(ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + ctx = BN_CTX_new(); + if (!ctx) + goto err; + + point = EC_POINT_new(key->group); + + if (!point) + goto err; + + tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(key->group)); + + if (tmp_nid == NID_X9_62_characteristic_two_field) + is_char_two = 1; + + if ((tx = BN_CTX_get(ctx)) == NULL) + goto err; + if ((ty = BN_CTX_get(ctx)) == NULL) + goto err; + +#ifndef OPENSSL_NO_EC2M + if (is_char_two) { + if (!EC_POINT_set_affine_coordinates_GF2m(key->group, point, + x, y, ctx)) + goto err; + if (!EC_POINT_get_affine_coordinates_GF2m(key->group, point, + tx, ty, ctx)) + goto err; + } else +#endif + { + if (!EC_POINT_set_affine_coordinates_GFp(key->group, point, + x, y, ctx)) + goto err; + if (!EC_POINT_get_affine_coordinates_GFp(key->group, point, + tx, ty, ctx)) + goto err; + } + /* + * Check if retrieved coordinates match originals: if not values are + * out of range. + */ + if (BN_cmp(x, tx) || BN_cmp(y, ty)) { + ECerror(EC_R_COORDINATES_OUT_OF_RANGE); + goto err; + } + if (!EC_KEY_set_public_key(key, point)) + goto err; + + if (EC_KEY_check_key(key) == 0) + goto err; + + ok = 1; + + err: + BN_CTX_free(ctx); + EC_POINT_free(point); + return ok; + +} + +const EC_GROUP * +EC_KEY_get0_group(const EC_KEY * key) +{ + return key->group; +} + +int +EC_KEY_set_group(EC_KEY * key, const EC_GROUP * group) +{ + if (key->meth->set_group != NULL && + key->meth->set_group(key, group) == 0) + return 0; + EC_GROUP_free(key->group); + key->group = EC_GROUP_dup(group); + return (key->group == NULL) ? 0 : 1; +} + +const BIGNUM * +EC_KEY_get0_private_key(const EC_KEY * key) +{ + return key->priv_key; +} + +int +EC_KEY_set_private_key(EC_KEY * key, const BIGNUM * priv_key) +{ + if (key->meth->set_private != NULL && + key->meth->set_private(key, priv_key) == 0) + return 0; + BN_clear_free(key->priv_key); + key->priv_key = BN_dup(priv_key); + return (key->priv_key == NULL) ? 0 : 1; +} + +const EC_POINT * +EC_KEY_get0_public_key(const EC_KEY * key) +{ + return key->pub_key; +} + +int +EC_KEY_set_public_key(EC_KEY * key, const EC_POINT * pub_key) +{ + if (key->meth->set_public != NULL && + key->meth->set_public(key, pub_key) == 0) + return 0; + EC_POINT_free(key->pub_key); + key->pub_key = EC_POINT_dup(pub_key, key->group); + return (key->pub_key == NULL) ? 0 : 1; +} + +unsigned int +EC_KEY_get_enc_flags(const EC_KEY * key) +{ + return key->enc_flag; +} + +void +EC_KEY_set_enc_flags(EC_KEY * key, unsigned int flags) +{ + key->enc_flag = flags; +} + +point_conversion_form_t +EC_KEY_get_conv_form(const EC_KEY * key) +{ + return key->conv_form; +} + +void +EC_KEY_set_conv_form(EC_KEY * key, point_conversion_form_t cform) +{ + key->conv_form = cform; + if (key->group != NULL) + EC_GROUP_set_point_conversion_form(key->group, cform); +} + +void * +EC_KEY_get_key_method_data(EC_KEY *key, + void *(*dup_func) (void *), + void (*free_func) (void *), + void (*clear_free_func) (void *)) +{ + void *ret; + + CRYPTO_r_lock(CRYPTO_LOCK_EC); + ret = EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func); + CRYPTO_r_unlock(CRYPTO_LOCK_EC); + + return ret; +} + +void * +EC_KEY_insert_key_method_data(EC_KEY * key, void *data, + void *(*dup_func) (void *), + void (*free_func) (void *), + void (*clear_free_func) (void *)) +{ + EC_EXTRA_DATA *ex_data; + + CRYPTO_w_lock(CRYPTO_LOCK_EC); + ex_data = EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func); + if (ex_data == NULL) + EC_EX_DATA_set_data(&key->method_data, data, dup_func, free_func, clear_free_func); + CRYPTO_w_unlock(CRYPTO_LOCK_EC); + + return ex_data; +} + +void +EC_KEY_set_asn1_flag(EC_KEY * key, int flag) +{ + if (key->group != NULL) + EC_GROUP_set_asn1_flag(key->group, flag); +} + +int +EC_KEY_precompute_mult(EC_KEY * key, BN_CTX * ctx) +{ + if (key->group == NULL) + return 0; + return EC_GROUP_precompute_mult(key->group, ctx); +} + +int +EC_KEY_get_flags(const EC_KEY * key) +{ + return key->flags; +} + +void +EC_KEY_set_flags(EC_KEY * key, int flags) +{ + key->flags |= flags; +} + +void +EC_KEY_clear_flags(EC_KEY * key, int flags) +{ + key->flags &= ~flags; +} diff --git a/src/lib/libcrypto/ec/ec_kmeth.c b/src/lib/libcrypto/ec/ec_kmeth.c new file mode 100644 index 00000000000..664c412c1a7 --- /dev/null +++ b/src/lib/libcrypto/ec/ec_kmeth.c @@ -0,0 +1,335 @@ +/* $OpenBSD: ec_kmeth.c,v 1.4 2019/01/19 01:18:56 tb Exp $ */ +/* + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2015 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include +#ifndef OPENSSL_NO_ENGINE +#include +#endif +#include + +#include "ec_lcl.h" +#include "ecs_locl.h" + +static const EC_KEY_METHOD openssl_ec_key_method = { + .name = "OpenSSL EC_KEY method", + .flags = 0, + + .init = NULL, + .finish = NULL, + .copy = NULL, + + .set_group = NULL, + .set_private = NULL, + .set_public = NULL, + + .keygen = ossl_ec_key_gen, + .compute_key = ossl_ecdh_compute_key, + + .sign = ossl_ecdsa_sign, + .sign_setup = ossl_ecdsa_sign_setup, + .sign_sig = ossl_ecdsa_sign_sig, + + .verify = ossl_ecdsa_verify, + .verify_sig = ossl_ecdsa_verify_sig, +}; + +const EC_KEY_METHOD *default_ec_key_meth = &openssl_ec_key_method; + +const EC_KEY_METHOD * +EC_KEY_OpenSSL(void) +{ + return &openssl_ec_key_method; +} + +const EC_KEY_METHOD * +EC_KEY_get_default_method(void) +{ + return default_ec_key_meth; +} + +void +EC_KEY_set_default_method(const EC_KEY_METHOD *meth) +{ + if (meth == NULL) + default_ec_key_meth = &openssl_ec_key_method; + else + default_ec_key_meth = meth; +} + +const EC_KEY_METHOD * +EC_KEY_get_method(const EC_KEY *key) +{ + return key->meth; +} + +int +EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth) +{ + void (*finish)(EC_KEY *key) = key->meth->finish; + + if (finish != NULL) + finish(key); + +#ifndef OPENSSL_NO_ENGINE + ENGINE_finish(key->engine); + key->engine = NULL; +#endif + + key->meth = meth; + if (meth->init != NULL) + return meth->init(key); + return 1; +} + +EC_KEY * +EC_KEY_new_method(ENGINE *engine) +{ + EC_KEY *ret; + + if ((ret = calloc(1, sizeof(EC_KEY))) == NULL) { + ECerror(ERR_R_MALLOC_FAILURE); + return NULL; + } + ret->meth = EC_KEY_get_default_method(); +#ifndef OPENSSL_NO_ENGINE + if (engine != NULL) { + if (!ENGINE_init(engine)) { + ECerror(ERR_R_ENGINE_LIB); + goto err; + } + ret->engine = engine; + } else + ret->engine = ENGINE_get_default_EC(); + if (ret->engine) { + ret->meth = ENGINE_get_EC(ret->engine); + if (ret->meth == NULL) { + ECerror(ERR_R_ENGINE_LIB); + goto err; + } + } +#endif + ret->version = 1; + ret->flags = 0; + ret->group = NULL; + ret->pub_key = NULL; + ret->priv_key = NULL; + ret->enc_flag = 0; + ret->conv_form = POINT_CONVERSION_UNCOMPRESSED; + ret->references = 1; + ret->method_data = NULL; + + if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) + goto err; + if (ret->meth->init != NULL && ret->meth->init(ret) == 0) + goto err; + + return ret; + + err: + EC_KEY_free(ret); + return NULL; +} + +EC_KEY_METHOD * +EC_KEY_METHOD_new(const EC_KEY_METHOD *meth) +{ + EC_KEY_METHOD *ret; + + if ((ret = malloc(sizeof(*meth))) == NULL) + return NULL; + if (meth != NULL) + *ret = *meth; + ret->flags |= EC_KEY_METHOD_DYNAMIC; + return ret; +} + +void +EC_KEY_METHOD_free(EC_KEY_METHOD *meth) +{ + if (meth == NULL) + return; + if (meth->flags & EC_KEY_METHOD_DYNAMIC) + free(meth); +} + +void +EC_KEY_METHOD_set_init(EC_KEY_METHOD *meth, + int (*init)(EC_KEY *key), + void (*finish)(EC_KEY *key), + int (*copy)(EC_KEY *dest, const EC_KEY *src), + int (*set_group)(EC_KEY *key, const EC_GROUP *grp), + int (*set_private)(EC_KEY *key, const BIGNUM *priv_key), + int (*set_public)(EC_KEY *key, const EC_POINT *pub_key)) +{ + meth->init = init; + meth->finish = finish; + meth->copy = copy; + meth->set_group = set_group; + meth->set_private = set_private; + meth->set_public = set_public; +} + +void +EC_KEY_METHOD_set_keygen(EC_KEY_METHOD *meth, int (*keygen)(EC_KEY *key)) +{ + meth->keygen = keygen; +} + +void +EC_KEY_METHOD_set_compute_key(EC_KEY_METHOD *meth, + int (*ckey)(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh, + void *(*KDF) (const void *in, size_t inlen, void *out, size_t *outlen))) +{ + meth->compute_key = ckey; +} + +void +EC_KEY_METHOD_set_sign(EC_KEY_METHOD *meth, + int (*sign)(int type, const unsigned char *dgst, + int dlen, unsigned char *sig, unsigned int *siglen, + const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey), + int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, + BIGNUM **kinvp, BIGNUM **rp), + ECDSA_SIG *(*sign_sig)(const unsigned char *dgst, + int dgst_len, const BIGNUM *in_kinv, + const BIGNUM *in_r, EC_KEY *eckey)) +{ + meth->sign = sign; + meth->sign_setup = sign_setup; + meth->sign_sig = sign_sig; +} + +void +EC_KEY_METHOD_set_verify(EC_KEY_METHOD *meth, + int (*verify)(int type, const unsigned char *dgst, int dgst_len, + const unsigned char *sigbuf, int sig_len, EC_KEY *eckey), + int (*verify_sig)(const unsigned char *dgst, int dgst_len, + const ECDSA_SIG *sig, EC_KEY *eckey)) +{ + meth->verify = verify; + meth->verify_sig = verify_sig; +} + + +void +EC_KEY_METHOD_get_init(const EC_KEY_METHOD *meth, + int (**pinit)(EC_KEY *key), + void (**pfinish)(EC_KEY *key), + int (**pcopy)(EC_KEY *dest, const EC_KEY *src), + int (**pset_group)(EC_KEY *key, const EC_GROUP *grp), + int (**pset_private)(EC_KEY *key, const BIGNUM *priv_key), + int (**pset_public)(EC_KEY *key, const EC_POINT *pub_key)) +{ + if (pinit != NULL) + *pinit = meth->init; + if (pfinish != NULL) + *pfinish = meth->finish; + if (pcopy != NULL) + *pcopy = meth->copy; + if (pset_group != NULL) + *pset_group = meth->set_group; + if (pset_private != NULL) + *pset_private = meth->set_private; + if (pset_public != NULL) + *pset_public = meth->set_public; +} + +void +EC_KEY_METHOD_get_keygen(const EC_KEY_METHOD *meth, + int (**pkeygen)(EC_KEY *key)) +{ + if (pkeygen != NULL) + *pkeygen = meth->keygen; +} + +void +EC_KEY_METHOD_get_compute_key(const EC_KEY_METHOD *meth, + int (**pck)(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh, + void *(*KDF) (const void *in, size_t inlen, void *out, size_t *outlen))) +{ + if (pck != NULL) + *pck = meth->compute_key; +} + +void +EC_KEY_METHOD_get_sign(const EC_KEY_METHOD *meth, + int (**psign)(int type, const unsigned char *dgst, + int dlen, unsigned char *sig, unsigned int *siglen, + const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey), + int (**psign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, + BIGNUM **kinvp, BIGNUM **rp), + ECDSA_SIG *(**psign_sig)(const unsigned char *dgst, + int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, + EC_KEY *eckey)) +{ + if (psign != NULL) + *psign = meth->sign; + if (psign_setup != NULL) + *psign_setup = meth->sign_setup; + if (psign_sig != NULL) + *psign_sig = meth->sign_sig; +} + +void +EC_KEY_METHOD_get_verify(const EC_KEY_METHOD *meth, + int (**pverify)(int type, const unsigned char *dgst, int dgst_len, + const unsigned char *sigbuf, int sig_len, EC_KEY *eckey), + int (**pverify_sig)(const unsigned char *dgst, int dgst_len, + const ECDSA_SIG *sig, EC_KEY *eckey)) +{ + if (pverify != NULL) + *pverify = meth->verify; + if (pverify_sig != NULL) + *pverify_sig = meth->verify_sig; +} diff --git a/src/lib/libcrypto/ec/ec_lcl.h b/src/lib/libcrypto/ec/ec_lcl.h index cc4cf277550..8948e51d698 100644 --- a/src/lib/libcrypto/ec/ec_lcl.h +++ b/src/lib/libcrypto/ec/ec_lcl.h @@ -1,6 +1,9 @@ -/* crypto/ec/ec_lcl.h */ +/* $OpenBSD: ec_lcl.h,v 1.13 2019/01/19 01:12:48 tb Exp $ */ +/* + * Originally written by Bodo Moeller for the OpenSSL project. + */ /* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2010 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -52,35 +55,66 @@ * Hudson (tjh@cryptsoft.com). * */ - +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * Portions of the attached software ("Contribution") are developed by + * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. + * + * The Contribution is licensed pursuant to the OpenSSL open source + * license provided above. + * + * The elliptic curve binary polynomial software is originally written by + * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories. + * + */ #include +#include #include +#include +#include + +__BEGIN_HIDDEN_DECLS + +#if defined(__SUNPRO_C) +# if __SUNPRO_C >= 0x520 +# pragma error_messages (off,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE) +# endif +#endif + +#define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words))) +BIGNUM *bn_expand2(BIGNUM *a, int words); +/* Use default functions for poin2oct, oct2point and compressed coordinates */ +#define EC_FLAGS_DEFAULT_OCT 0x1 /* Structure details are not part of the exported interface, * so all this may change in future versions. */ struct ec_method_st { + /* Various method flags */ + int flags; + /* used by EC_METHOD_get_field_type: */ + int field_type; /* a NID */ + /* used by EC_GROUP_new, EC_GROUP_free, EC_GROUP_clear_free, EC_GROUP_copy: */ int (*group_init)(EC_GROUP *); void (*group_finish)(EC_GROUP *); void (*group_clear_finish)(EC_GROUP *); int (*group_copy)(EC_GROUP *, const EC_GROUP *); - /* used by EC_GROUP_set_curve_GFp and EC_GROUP_get_curve_GFp: */ - int (*group_set_curve_GFp)(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); - int (*group_get_curve_GFp)(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *); + /* used by EC_GROUP_set_curve_GFp, EC_GROUP_get_curve_GFp, */ + /* EC_GROUP_set_curve_GF2m, and EC_GROUP_get_curve_GF2m: */ + int (*group_set_curve)(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); + int (*group_get_curve)(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *); - /* used by EC_GROUP_set_generator, EC_GROUP_get0_generator, - * EC_GROUP_get_order, EC_GROUP_get_cofactor: - */ - int (*group_set_generator)(EC_GROUP *, const EC_POINT *generator, - const BIGNUM *order, const BIGNUM *cofactor); - EC_POINT *(*group_get0_generator)(const EC_GROUP *); - int (*group_get_order)(const EC_GROUP *, BIGNUM *order, BN_CTX *); - int (*group_get_cofactor)(const EC_GROUP *, BIGNUM *cofactor, BN_CTX *); + /* used by EC_GROUP_get_degree: */ + int (*group_get_degree)(const EC_GROUP *); + + /* used by EC_GROUP_check: */ + int (*group_check_discriminant)(const EC_GROUP *, BN_CTX *); /* used by EC_POINT_new, EC_POINT_free, EC_POINT_clear_free, EC_POINT_copy: */ int (*point_init)(EC_POINT *); @@ -89,20 +123,22 @@ struct ec_method_st { int (*point_copy)(EC_POINT *, const EC_POINT *); /* used by EC_POINT_set_to_infinity, - * EC_POINT_set_Jprojective_coordinates_GFp, EC_POINT_get_Jprojective_coordinates_GFp, - * EC_POINT_set_affine_coordinates_GFp, EC_POINT_get_affine_coordinates_GFp, - * EC_POINT_set_compressed_coordinates_GFp: + * EC_POINT_set_Jprojective_coordinates_GFp, + * EC_POINT_get_Jprojective_coordinates_GFp, + * EC_POINT_set_affine_coordinates_GFp, ..._GF2m, + * EC_POINT_get_affine_coordinates_GFp, ..._GF2m, + * EC_POINT_set_compressed_coordinates_GFp, ..._GF2m: */ int (*point_set_to_infinity)(const EC_GROUP *, EC_POINT *); int (*point_set_Jprojective_coordinates_GFp)(const EC_GROUP *, EC_POINT *, const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *); int (*point_get_Jprojective_coordinates_GFp)(const EC_GROUP *, const EC_POINT *, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *); - int (*point_set_affine_coordinates_GFp)(const EC_GROUP *, EC_POINT *, + int (*point_set_affine_coordinates)(const EC_GROUP *, EC_POINT *, const BIGNUM *x, const BIGNUM *y, BN_CTX *); - int (*point_get_affine_coordinates_GFp)(const EC_GROUP *, const EC_POINT *, + int (*point_get_affine_coordinates)(const EC_GROUP *, const EC_POINT *, BIGNUM *x, BIGNUM *y, BN_CTX *); - int (*point_set_compressed_coordinates_GFp)(const EC_GROUP *, EC_POINT *, + int (*point_set_compressed_coordinates)(const EC_GROUP *, EC_POINT *, const BIGNUM *x, int y_bit, BN_CTX *); /* used by EC_POINT_point2oct, EC_POINT_oct2point: */ @@ -125,34 +161,71 @@ struct ec_method_st { int (*make_affine)(const EC_GROUP *, EC_POINT *, BN_CTX *); int (*points_make_affine)(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *); + /* used by EC_POINTs_mul, EC_POINT_mul, EC_POINT_precompute_mult, EC_POINT_have_precompute_mult */ + int (*mul_generator_ct)(const EC_GROUP *, EC_POINT *r, const BIGNUM *scalar, BN_CTX *); + int (*mul_single_ct)(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, + const EC_POINT *point, BN_CTX *); + int (*mul_double_nonct)(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar, + const BIGNUM *p_scalar, const EC_POINT *point, BN_CTX *); + int (*precompute_mult)(EC_GROUP *group, BN_CTX *); + int (*have_precompute_mult)(const EC_GROUP *group); + /* internal functions */ - /* 'field_mul' and 'field_sqr' can be used by 'add' and 'dbl' so that + /* 'field_mul', 'field_sqr', and 'field_div' can be used by 'add' and 'dbl' so that * the same implementations of point operations can be used with different * optimized implementations of expensive field operations: */ int (*field_mul)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *); int (*field_sqr)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); + int (*field_div)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *); int (*field_encode)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); /* e.g. to Montgomery */ int (*field_decode)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); /* e.g. from Montgomery */ int (*field_set_to_one)(const EC_GROUP *, BIGNUM *r, BN_CTX *); + int (*blind_coordinates)(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx); } /* EC_METHOD */; +typedef struct ec_extra_data_st { + struct ec_extra_data_st *next; + void *data; + void *(*dup_func)(void *); + void (*free_func)(void *); + void (*clear_free_func)(void *); +} EC_EXTRA_DATA; /* used in EC_GROUP */ struct ec_group_st { const EC_METHOD *meth; - void *extra_data; - void *(*extra_data_dup_func)(void *); - void (*extra_data_free_func)(void *); - void (*extra_data_clear_free_func)(void *); + EC_POINT *generator; /* optional */ + BIGNUM order, cofactor; - /* All members except 'meth' and 'extra_data...' are handled by - * the method functions, even if they appear generic */ + int curve_name;/* optional NID for named curve */ + int asn1_flag; /* flag to control the asn1 encoding */ + point_conversion_form_t asn1_form; + + unsigned char *seed; /* optional seed for parameters (appears in ASN1) */ + size_t seed_len; + + EC_EXTRA_DATA *extra_data; /* linked list */ + + /* The following members are handled by the method functions, + * even if they appear generic */ BIGNUM field; /* Field specification. - * For curves over GF(p), this is the modulus. */ + * For curves over GF(p), this is the modulus; + * for curves over GF(2^m), this is the + * irreducible polynomial defining the field. + */ + + int poly[6]; /* Field specification for curves over GF(2^m). + * The irreducible f(t) is then of the form: + * t^poly[0] + t^poly[1] + ... + t^poly[k] + * where m = poly[0] > poly[1] > ... > poly[k] = 0. + * The array is terminated with poly[k+1]=-1. + * All elliptic curve irreducibles have at most 5 + * non-zero terms. + */ BIGNUM a, b; /* Curve coefficients. * (Here the assumption is that BIGNUMs can be used @@ -160,29 +233,54 @@ struct ec_group_st { * For characteristic > 3, the curve is defined * by a Weierstrass equation of the form * y^2 = x^3 + a*x + b. + * For characteristic 2, the curve is defined by + * an equation of the form + * y^2 + x*y = x^3 + a*x^2 + b. */ - int a_is_minus3; /* enable optimized point arithmetics for special case */ - EC_POINT *generator; /* optional */ - BIGNUM order, cofactor; + int a_is_minus3; /* enable optimized point arithmetics for special case */ void *field_data1; /* method-specific (e.g., Montgomery structure) */ void *field_data2; /* method-specific */ + int (*field_mod_func)(BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); /* method-specific */ } /* EC_GROUP */; +struct ec_key_st { + const EC_KEY_METHOD *meth; + ENGINE *engine; + + int version; + + EC_GROUP *group; -/* Basically a 'mixin' for extra data, but available for EC_GROUPs only + EC_POINT *pub_key; + BIGNUM *priv_key; + + unsigned int enc_flag; + point_conversion_form_t conv_form; + + int references; + int flags; + + EC_EXTRA_DATA *method_data; + CRYPTO_EX_DATA ex_data; +} /* EC_KEY */; + +/* Basically a 'mixin' for extra data, but available for EC_GROUPs/EC_KEYs only * (with visibility limited to 'package' level for now). * We use the function pointers as index for retrieval; this obviates * global ex_data-style index tables. - * (Currently, we have one slot only, but is is possible to extend this - * if necessary.) */ -int EC_GROUP_set_extra_data(EC_GROUP *, void *extra_data, void *(*extra_data_dup_func)(void *), - void (*extra_data_free_func)(void *), void (*extra_data_clear_free_func)(void *)); -void *EC_GROUP_get_extra_data(const EC_GROUP *, void *(*extra_data_dup_func)(void *), - void (*extra_data_free_func)(void *), void (*extra_data_clear_free_func)(void *)); -void EC_GROUP_free_extra_data(EC_GROUP *); -void EC_GROUP_clear_free_extra_data(EC_GROUP *); + */ +int EC_EX_DATA_set_data(EC_EXTRA_DATA **, void *data, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); +void *EC_EX_DATA_get_data(const EC_EXTRA_DATA *, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); +void EC_EX_DATA_free_data(EC_EXTRA_DATA **, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); +void EC_EX_DATA_clear_free_data(EC_EXTRA_DATA **, + void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *)); +void EC_EX_DATA_free_all_data(EC_EXTRA_DATA **); +void EC_EX_DATA_clear_free_all_data(EC_EXTRA_DATA **); @@ -201,18 +299,23 @@ struct ec_point_st { +/* method functions in ec_mult.c + * (ec_lib.c uses these as defaults if group->method->mul is 0) */ +int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, + size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *); +int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *); +int ec_wNAF_have_precompute_mult(const EC_GROUP *group); + + /* method functions in ecp_smpl.c */ int ec_GFp_simple_group_init(EC_GROUP *); void ec_GFp_simple_group_finish(EC_GROUP *); void ec_GFp_simple_group_clear_finish(EC_GROUP *); int ec_GFp_simple_group_copy(EC_GROUP *, const EC_GROUP *); -int ec_GFp_simple_group_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); -int ec_GFp_simple_group_get_curve_GFp(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *); -int ec_GFp_simple_group_set_generator(EC_GROUP *, const EC_POINT *generator, - const BIGNUM *order, const BIGNUM *cofactor); -EC_POINT *ec_GFp_simple_group_get0_generator(const EC_GROUP *); -int ec_GFp_simple_group_get_order(const EC_GROUP *, BIGNUM *order, BN_CTX *); -int ec_GFp_simple_group_get_cofactor(const EC_GROUP *, BIGNUM *cofactor, BN_CTX *); +int ec_GFp_simple_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); +int ec_GFp_simple_group_get_curve(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *); +int ec_GFp_simple_group_get_degree(const EC_GROUP *); +int ec_GFp_simple_group_check_discriminant(const EC_GROUP *, BN_CTX *); int ec_GFp_simple_point_init(EC_POINT *); void ec_GFp_simple_point_finish(EC_POINT *); void ec_GFp_simple_point_clear_finish(EC_POINT *); @@ -222,11 +325,11 @@ int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *, EC_POINT *, const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *); int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *, const EC_POINT *, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *); -int ec_GFp_simple_point_set_affine_coordinates_GFp(const EC_GROUP *, EC_POINT *, +int ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *, EC_POINT *, const BIGNUM *x, const BIGNUM *y, BN_CTX *); -int ec_GFp_simple_point_get_affine_coordinates_GFp(const EC_GROUP *, const EC_POINT *, +int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *, const EC_POINT *, BIGNUM *x, BIGNUM *y, BN_CTX *); -int ec_GFp_simple_set_compressed_coordinates_GFp(const EC_GROUP *, EC_POINT *, +int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *, EC_POINT *, const BIGNUM *x, int y_bit, BN_CTX *); size_t ec_GFp_simple_point2oct(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form, unsigned char *buf, size_t len, BN_CTX *); @@ -242,11 +345,17 @@ int ec_GFp_simple_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *); int ec_GFp_simple_points_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *); int ec_GFp_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *); int ec_GFp_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); +int ec_GFp_simple_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx); +int ec_GFp_simple_mul_generator_ct(const EC_GROUP *, EC_POINT *r, const BIGNUM *scalar, BN_CTX *); +int ec_GFp_simple_mul_single_ct(const EC_GROUP *, EC_POINT *r, const BIGNUM *scalar, + const EC_POINT *point, BN_CTX *); +int ec_GFp_simple_mul_double_nonct(const EC_GROUP *, EC_POINT *r, const BIGNUM *g_scalar, + const BIGNUM *p_scalar, const EC_POINT *point, BN_CTX *); /* method functions in ecp_mont.c */ int ec_GFp_mont_group_init(EC_GROUP *); -int ec_GFp_mont_group_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); +int ec_GFp_mont_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); void ec_GFp_mont_group_finish(EC_GROUP *); void ec_GFp_mont_group_clear_finish(EC_GROUP *); int ec_GFp_mont_group_copy(EC_GROUP *, const EC_GROUP *); @@ -256,22 +365,146 @@ int ec_GFp_mont_field_encode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CT int ec_GFp_mont_field_decode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); int ec_GFp_mont_field_set_to_one(const EC_GROUP *, BIGNUM *r, BN_CTX *); - -/* method functions in ecp_recp.c */ -int ec_GFp_recp_group_init(EC_GROUP *); -int ec_GFp_recp_group_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); -void ec_GFp_recp_group_finish(EC_GROUP *); -void ec_GFp_recp_group_clear_finish(EC_GROUP *); -int ec_GFp_recp_group_copy(EC_GROUP *, const EC_GROUP *); -int ec_GFp_recp_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *); -int ec_GFp_recp_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); - +int ec_point_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx); /* method functions in ecp_nist.c */ -int ec_GFp_nist_group_init(EC_GROUP *); -int ec_GFp_nist_group_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); -void ec_GFp_nist_group_finish(EC_GROUP *); -void ec_GFp_nist_group_clear_finish(EC_GROUP *); -int ec_GFp_nist_group_copy(EC_GROUP *, const EC_GROUP *); +int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src); +int ec_GFp_nist_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); int ec_GFp_nist_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *); int ec_GFp_nist_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); + + +/* method functions in ec2_smpl.c */ +int ec_GF2m_simple_group_init(EC_GROUP *); +void ec_GF2m_simple_group_finish(EC_GROUP *); +void ec_GF2m_simple_group_clear_finish(EC_GROUP *); +int ec_GF2m_simple_group_copy(EC_GROUP *, const EC_GROUP *); +int ec_GF2m_simple_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *); +int ec_GF2m_simple_group_get_curve(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *); +int ec_GF2m_simple_group_get_degree(const EC_GROUP *); +int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *, BN_CTX *); +int ec_GF2m_simple_point_init(EC_POINT *); +void ec_GF2m_simple_point_finish(EC_POINT *); +void ec_GF2m_simple_point_clear_finish(EC_POINT *); +int ec_GF2m_simple_point_copy(EC_POINT *, const EC_POINT *); +int ec_GF2m_simple_point_set_to_infinity(const EC_GROUP *, EC_POINT *); +int ec_GF2m_simple_point_set_affine_coordinates(const EC_GROUP *, EC_POINT *, + const BIGNUM *x, const BIGNUM *y, BN_CTX *); +int ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *, const EC_POINT *, + BIGNUM *x, BIGNUM *y, BN_CTX *); +int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *, EC_POINT *, + const BIGNUM *x, int y_bit, BN_CTX *); +size_t ec_GF2m_simple_point2oct(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form, + unsigned char *buf, size_t len, BN_CTX *); +int ec_GF2m_simple_oct2point(const EC_GROUP *, EC_POINT *, + const unsigned char *buf, size_t len, BN_CTX *); +int ec_GF2m_simple_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *); +int ec_GF2m_simple_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *); +int ec_GF2m_simple_invert(const EC_GROUP *, EC_POINT *, BN_CTX *); +int ec_GF2m_simple_is_at_infinity(const EC_GROUP *, const EC_POINT *); +int ec_GF2m_simple_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *); +int ec_GF2m_simple_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, BN_CTX *); +int ec_GF2m_simple_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *); +int ec_GF2m_simple_points_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *); +int ec_GF2m_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *); +int ec_GF2m_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); +int ec_GF2m_simple_field_div(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *); + + +/* method functions in ec2_mult.c */ +int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, + size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *); +int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx); +int ec_GF2m_have_precompute_mult(const EC_GROUP *group); + +/* method functions in ec2_mult.c */ +int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, + size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *); +int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx); +int ec_GF2m_have_precompute_mult(const EC_GROUP *group); + +#ifndef OPENSSL_EC_NISTP_64_GCC_128 +/* method functions in ecp_nistp224.c */ +int ec_GFp_nistp224_group_init(EC_GROUP *group); +int ec_GFp_nistp224_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *n, BN_CTX *); +int ec_GFp_nistp224_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point, BIGNUM *x, BIGNUM *y, BN_CTX *ctx); +int ec_GFp_nistp224_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *); +int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx); +int ec_GFp_nistp224_precompute_mult(EC_GROUP *group, BN_CTX *ctx); +int ec_GFp_nistp224_have_precompute_mult(const EC_GROUP *group); + +/* method functions in ecp_nistp256.c */ +int ec_GFp_nistp256_group_init(EC_GROUP *group); +int ec_GFp_nistp256_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *n, BN_CTX *); +int ec_GFp_nistp256_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point, BIGNUM *x, BIGNUM *y, BN_CTX *ctx); +int ec_GFp_nistp256_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *); +int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx); +int ec_GFp_nistp256_precompute_mult(EC_GROUP *group, BN_CTX *ctx); +int ec_GFp_nistp256_have_precompute_mult(const EC_GROUP *group); + +#ifdef ECP_NISTZ256_ASM +const EC_METHOD *EC_GFp_nistz256_method(void); +#endif + +/* EC_METHOD definitions */ + +struct ec_key_method_st { + const char *name; + int32_t flags; + int (*init)(EC_KEY *key); + void (*finish)(EC_KEY *key); + int (*copy)(EC_KEY *dest, const EC_KEY *src); + int (*set_group)(EC_KEY *key, const EC_GROUP *grp); + int (*set_private)(EC_KEY *key, const BIGNUM *priv_key); + int (*set_public)(EC_KEY *key, const EC_POINT *pub_key); + int (*keygen)(EC_KEY *key); + int (*compute_key)(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh, + void *(*KDF) (const void *in, size_t inlen, void *out, size_t *outlen)); + int (*sign)(int type, const unsigned char *dgst, int dlen, unsigned char + *sig, unsigned int *siglen, const BIGNUM *kinv, + const BIGNUM *r, EC_KEY *eckey); + int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, + BIGNUM **rp); + ECDSA_SIG *(*sign_sig)(const unsigned char *dgst, int dgst_len, + const BIGNUM *in_kinv, const BIGNUM *in_r, + EC_KEY *eckey); + int (*verify)(int type, const unsigned char *dgst, int dgst_len, + const unsigned char *sigbuf, int sig_len, EC_KEY *eckey); + int (*verify_sig)(const unsigned char *dgst, int dgst_len, + const ECDSA_SIG *sig, EC_KEY *eckey); +} /* EC_KEY_METHOD */; + +#define EC_KEY_METHOD_DYNAMIC 1 + +int ossl_ec_key_gen(EC_KEY *eckey); +int ossl_ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh, + void *(*KDF) (const void *in, size_t inlen, void *out, size_t *outlen)); +int ossl_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len, + const unsigned char *sigbuf, int sig_len, EC_KEY *eckey); +int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len, + const ECDSA_SIG *sig, EC_KEY *eckey); + +/* method functions in ecp_nistp521.c */ +int ec_GFp_nistp521_group_init(EC_GROUP *group); +int ec_GFp_nistp521_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *n, BN_CTX *); +int ec_GFp_nistp521_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point, BIGNUM *x, BIGNUM *y, BN_CTX *ctx); +int ec_GFp_nistp521_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *); +int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx); +int ec_GFp_nistp521_precompute_mult(EC_GROUP *group, BN_CTX *ctx); +int ec_GFp_nistp521_have_precompute_mult(const EC_GROUP *group); + +/* utility functions in ecp_nistputil.c */ +void ec_GFp_nistp_points_make_affine_internal(size_t num, void *point_array, + size_t felem_size, void *tmp_felems, + void (*felem_one)(void *out), + int (*felem_is_zero)(const void *in), + void (*felem_assign)(void *out, const void *in), + void (*felem_square)(void *out, const void *in), + void (*felem_mul)(void *out, const void *in1, const void *in2), + void (*felem_inv)(void *out, const void *in), + void (*felem_contract)(void *out, const void *in)); +void ec_GFp_nistp_recode_scalar_bits(unsigned char *sign, unsigned char *digit, unsigned char in); + +#endif + +__END_HIDDEN_DECLS diff --git a/src/lib/libcrypto/ec/ec_lib.c b/src/lib/libcrypto/ec/ec_lib.c index 0cf485de601..e5d9620a004 100644 --- a/src/lib/libcrypto/ec/ec_lib.c +++ b/src/lib/libcrypto/ec/ec_lib.c @@ -1,13 +1,16 @@ -/* crypto/ec/ec_lib.c */ +/* $OpenBSD: ec_lib.c,v 1.31 2018/11/06 07:02:33 tb Exp $ */ +/* + * Originally written by Bodo Moeller for the OpenSSL project. + */ /* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -52,603 +55,1104 @@ * Hudson (tjh@cryptsoft.com). * */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * Binary polynomial ECC support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ #include +#include + #include #include #include "ec_lcl.h" -static const char EC_version[] = "EC" OPENSSL_VERSION_PTEXT; - - /* functions for EC_GROUP objects */ -EC_GROUP *EC_GROUP_new(const EC_METHOD *meth) - { +EC_GROUP * +EC_GROUP_new(const EC_METHOD * meth) +{ EC_GROUP *ret; - if (meth == NULL) - { - ECerr(EC_F_EC_GROUP_NEW, ERR_R_PASSED_NULL_PARAMETER); + if (meth == NULL) { + ECerror(EC_R_SLOT_FULL); return NULL; - } - if (meth->group_init == 0) - { - ECerr(EC_F_EC_GROUP_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + } + if (meth->group_init == 0) { + ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return NULL; - } - - ret = OPENSSL_malloc(sizeof *ret); - if (ret == NULL) - { - ECerr(EC_F_EC_GROUP_NEW, ERR_R_MALLOC_FAILURE); + } + ret = malloc(sizeof *ret); + if (ret == NULL) { + ECerror(ERR_R_MALLOC_FAILURE); return NULL; - } - + } ret->meth = meth; ret->extra_data = NULL; - ret->extra_data_dup_func = 0; - ret->extra_data_free_func = 0; - ret->extra_data_clear_free_func = 0; - - if (!meth->group_init(ret)) - { - OPENSSL_free(ret); + + ret->generator = NULL; + BN_init(&ret->order); + BN_init(&ret->cofactor); + + ret->curve_name = 0; + ret->asn1_flag = 0; + ret->asn1_form = POINT_CONVERSION_UNCOMPRESSED; + + ret->seed = NULL; + ret->seed_len = 0; + + if (!meth->group_init(ret)) { + free(ret); return NULL; - } - - return ret; } + return ret; +} -void EC_GROUP_free(EC_GROUP *group) - { - if (!group) return; +void +EC_GROUP_free(EC_GROUP * group) +{ + if (!group) + return; if (group->meth->group_finish != 0) group->meth->group_finish(group); - EC_GROUP_free_extra_data(group); + EC_EX_DATA_free_all_data(&group->extra_data); - OPENSSL_free(group); - } - + EC_POINT_free(group->generator); + BN_free(&group->order); + BN_free(&group->cofactor); + + free(group->seed); + + free(group); +} -void EC_GROUP_clear_free(EC_GROUP *group) - { - if (!group) return; + +void +EC_GROUP_clear_free(EC_GROUP * group) +{ + if (!group) + return; if (group->meth->group_clear_finish != 0) group->meth->group_clear_finish(group); - else if (group->meth != NULL && group->meth->group_finish != 0) + else if (group->meth->group_finish != 0) group->meth->group_finish(group); - EC_GROUP_clear_free_extra_data(group); + EC_EX_DATA_clear_free_all_data(&group->extra_data); + + EC_POINT_clear_free(group->generator); + BN_clear_free(&group->order); + BN_clear_free(&group->cofactor); + + freezero(group->seed, group->seed_len); + freezero(group, sizeof *group); +} - memset(group, 0, sizeof *group); - OPENSSL_free(group); - } +int +EC_GROUP_copy(EC_GROUP * dest, const EC_GROUP * src) +{ + EC_EXTRA_DATA *d; -int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src) - { - if (dest->meth->group_copy == 0) - { - ECerr(EC_F_EC_GROUP_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + if (dest->meth->group_copy == 0) { + ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; - } - if (dest->meth != src->meth) - { - ECerr(EC_F_EC_GROUP_COPY, EC_R_INCOMPATIBLE_OBJECTS); + } + if (dest->meth != src->meth) { + ECerror(EC_R_INCOMPATIBLE_OBJECTS); return 0; - } + } if (dest == src) return 1; - - EC_GROUP_clear_free_extra_data(dest); - if (src->extra_data_dup_func) - { - if (src->extra_data != NULL) - { - dest->extra_data = src->extra_data_dup_func(src->extra_data); - if (dest->extra_data == NULL) - return 0; - } - dest->extra_data_dup_func = src->extra_data_dup_func; - dest->extra_data_free_func = src->extra_data_free_func; - dest->extra_data_clear_free_func = src->extra_data_clear_free_func; + EC_EX_DATA_free_all_data(&dest->extra_data); + + for (d = src->extra_data; d != NULL; d = d->next) { + void *t = d->dup_func(d->data); + + if (t == NULL) + return 0; + if (!EC_EX_DATA_set_data(&dest->extra_data, t, d->dup_func, + d->free_func, d->clear_free_func)) + return 0; + } + + if (src->generator != NULL) { + if (dest->generator == NULL) { + dest->generator = EC_POINT_new(dest); + if (dest->generator == NULL) + return 0; } + if (!EC_POINT_copy(dest->generator, src->generator)) + return 0; + } else { + /* src->generator == NULL */ + EC_POINT_clear_free(dest->generator); + dest->generator = NULL; + } + + if (!BN_copy(&dest->order, &src->order)) + return 0; + if (!BN_copy(&dest->cofactor, &src->cofactor)) + return 0; + + dest->curve_name = src->curve_name; + dest->asn1_flag = src->asn1_flag; + dest->asn1_form = src->asn1_form; + + if (src->seed) { + free(dest->seed); + dest->seed = malloc(src->seed_len); + if (dest->seed == NULL) + return 0; + memcpy(dest->seed, src->seed, src->seed_len); + dest->seed_len = src->seed_len; + } else { + free(dest->seed); + dest->seed = NULL; + dest->seed_len = 0; + } + return dest->meth->group_copy(dest, src); +} + + +EC_GROUP * +EC_GROUP_dup(const EC_GROUP * a) +{ + EC_GROUP *t = NULL; + + if ((a != NULL) && ((t = EC_GROUP_new(a->meth)) != NULL) && + (!EC_GROUP_copy(t, a))) { + EC_GROUP_free(t); + t = NULL; } + return t; +} -const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group) - { +const EC_METHOD * +EC_GROUP_method_of(const EC_GROUP *group) +{ return group->meth; - } +} + + +int +EC_METHOD_get_field_type(const EC_METHOD *meth) +{ + return meth->field_type; +} -int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) - { - if (group->meth->group_set_curve_GFp == 0) - { - ECerr(EC_F_EC_GROUP_SET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +int +EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, + const BIGNUM *order, const BIGNUM *cofactor) +{ + if (generator == NULL) { + ECerror(ERR_R_PASSED_NULL_PARAMETER); return 0; - } - return group->meth->group_set_curve_GFp(group, p, a, b, ctx); } + if (group->generator == NULL) { + group->generator = EC_POINT_new(group); + if (group->generator == NULL) + return 0; + } + if (!EC_POINT_copy(group->generator, generator)) + return 0; + if (order != NULL) { + if (!BN_copy(&group->order, order)) + return 0; + } else + BN_zero(&group->order); + + if (cofactor != NULL) { + if (!BN_copy(&group->cofactor, cofactor)) + return 0; + } else + BN_zero(&group->cofactor); -int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx) - { - if (group->meth->group_get_curve_GFp == 0) - { - ECerr(EC_F_EC_GROUP_GET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 1; +} + + +const EC_POINT * +EC_GROUP_get0_generator(const EC_GROUP *group) +{ + return group->generator; +} + + +int +EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx) +{ + if (!BN_copy(order, &group->order)) return 0; - } - return group->meth->group_get_curve_GFp(group, p, a, b, ctx); + + return !BN_is_zero(order); +} + + +int +EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx) +{ + if (!BN_copy(cofactor, &group->cofactor)) + return 0; + + return !BN_is_zero(&group->cofactor); +} + + +void +EC_GROUP_set_curve_name(EC_GROUP * group, int nid) +{ + group->curve_name = nid; +} + + +int +EC_GROUP_get_curve_name(const EC_GROUP * group) +{ + return group->curve_name; +} + + +void +EC_GROUP_set_asn1_flag(EC_GROUP * group, int flag) +{ + group->asn1_flag = flag; +} + + +int +EC_GROUP_get_asn1_flag(const EC_GROUP * group) +{ + return group->asn1_flag; +} + + +void +EC_GROUP_set_point_conversion_form(EC_GROUP * group, + point_conversion_form_t form) +{ + group->asn1_form = form; +} + + +point_conversion_form_t +EC_GROUP_get_point_conversion_form(const EC_GROUP * group) +{ + return group->asn1_form; +} + + +size_t +EC_GROUP_set_seed(EC_GROUP * group, const unsigned char *p, size_t len) +{ + if (group->seed) { + free(group->seed); + group->seed = NULL; + group->seed_len = 0; } + if (!len || !p) + return 1; + if ((group->seed = malloc(len)) == NULL) + return 0; + memcpy(group->seed, p, len); + group->seed_len = len; + + return len; +} + + +unsigned char * +EC_GROUP_get0_seed(const EC_GROUP * group) +{ + return group->seed; +} -int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor) - { - if (group->meth->group_set_generator == 0) - { - ECerr(EC_F_EC_GROUP_SET_GENERATOR, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + +size_t +EC_GROUP_get_seed_len(const EC_GROUP * group) +{ + return group->seed_len; +} + + +int +EC_GROUP_set_curve_GFp(EC_GROUP * group, const BIGNUM * p, const BIGNUM * a, + const BIGNUM * b, BN_CTX * ctx) +{ + if (group->meth->group_set_curve == 0) { + ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; - } - return group->meth->group_set_generator(group, generator, order, cofactor); } + return group->meth->group_set_curve(group, p, a, b, ctx); +} -EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group) - { - if (group->meth->group_get0_generator == 0) - { - ECerr(EC_F_EC_GROUP_GET0_GENERATOR, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +int +EC_GROUP_get_curve_GFp(const EC_GROUP * group, BIGNUM * p, BIGNUM * a, + BIGNUM * b, BN_CTX * ctx) +{ + if (group->meth->group_get_curve == 0) { + ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } + return group->meth->group_get_curve(group, p, a, b, ctx); +} + +#ifndef OPENSSL_NO_EC2M +int +EC_GROUP_set_curve_GF2m(EC_GROUP * group, const BIGNUM * p, const BIGNUM * a, + const BIGNUM * b, BN_CTX * ctx) +{ + if (group->meth->group_set_curve == 0) { + ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; - } - return group->meth->group_get0_generator(group); } + return group->meth->group_set_curve(group, p, a, b, ctx); +} -int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx) - { - if (group->meth->group_get_order == 0) - { - ECerr(EC_F_EC_GROUP_GET_ORDER, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +int +EC_GROUP_get_curve_GF2m(const EC_GROUP * group, BIGNUM * p, BIGNUM * a, + BIGNUM * b, BN_CTX * ctx) +{ + if (group->meth->group_get_curve == 0) { + ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; - } - return group->meth->group_get_order(group, order, ctx); } + return group->meth->group_get_curve(group, p, a, b, ctx); +} +#endif + +int +EC_GROUP_get_degree(const EC_GROUP * group) +{ + if (group->meth->group_get_degree == 0) { + ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } + return group->meth->group_get_degree(group); +} -int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx) - { - if (group->meth->group_get_cofactor == 0) - { - ECerr(EC_F_EC_GROUP_GET_COFACTOR, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +int +EC_GROUP_check_discriminant(const EC_GROUP * group, BN_CTX * ctx) +{ + if (group->meth->group_check_discriminant == 0) { + ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; - } - return group->meth->group_get_cofactor(group, cofactor, ctx); } + return group->meth->group_check_discriminant(group, ctx); +} +int +EC_GROUP_cmp(const EC_GROUP * a, const EC_GROUP * b, BN_CTX * ctx) +{ + int r = 0; + BIGNUM *a1, *a2, *a3, *b1, *b2, *b3; + BN_CTX *ctx_new = NULL; + + /* compare the field types */ + if (EC_METHOD_get_field_type(EC_GROUP_method_of(a)) != + EC_METHOD_get_field_type(EC_GROUP_method_of(b))) + return 1; + /* compare the curve name (if present in both) */ + if (EC_GROUP_get_curve_name(a) && EC_GROUP_get_curve_name(b) && + EC_GROUP_get_curve_name(a) != EC_GROUP_get_curve_name(b)) + return 1; + + if (!ctx) + ctx_new = ctx = BN_CTX_new(); + if (!ctx) + return -1; + + BN_CTX_start(ctx); + if ((a1 = BN_CTX_get(ctx)) == NULL) + goto err; + if ((a2 = BN_CTX_get(ctx)) == NULL) + goto err; + if ((a3 = BN_CTX_get(ctx)) == NULL) + goto err; + if ((b1 = BN_CTX_get(ctx)) == NULL) + goto err; + if ((b2 = BN_CTX_get(ctx)) == NULL) + goto err; + if ((b3 = BN_CTX_get(ctx)) == NULL) + goto err; + + /* + * XXX This approach assumes that the external representation of + * curves over the same field type is the same. + */ + if (!a->meth->group_get_curve(a, a1, a2, a3, ctx) || + !b->meth->group_get_curve(b, b1, b2, b3, ctx)) + r = 1; + + if (r || BN_cmp(a1, b1) || BN_cmp(a2, b2) || BN_cmp(a3, b3)) + r = 1; + + /* XXX EC_POINT_cmp() assumes that the methods are equal */ + if (r || EC_POINT_cmp(a, EC_GROUP_get0_generator(a), + EC_GROUP_get0_generator(b), ctx)) + r = 1; + + if (!r) { + /* compare the order and cofactor */ + if (!EC_GROUP_get_order(a, a1, ctx) || + !EC_GROUP_get_order(b, b1, ctx) || + !EC_GROUP_get_cofactor(a, a2, ctx) || + !EC_GROUP_get_cofactor(b, b2, ctx)) + goto err; + if (BN_cmp(a1, b1) || BN_cmp(a2, b2)) + r = 1; + } + BN_CTX_end(ctx); + if (ctx_new) + BN_CTX_free(ctx); + + return r; + + err: + BN_CTX_end(ctx); + if (ctx_new) + BN_CTX_free(ctx); + return -1; +} + +/* + * Coordinate blinding for EC_POINT. + * + * The underlying EC_METHOD can optionally implement this function: + * underlying implementations should return 0 on errors, or 1 on success. + * + * This wrapper returns 1 in case the underlying EC_METHOD does not support + * coordinate blinding. + */ +int +ec_point_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx) +{ + if (group->meth->blind_coordinates == NULL) + return 1; + + return group->meth->blind_coordinates(group, p, ctx); +} + /* this has 'package' visibility */ -int EC_GROUP_set_extra_data(EC_GROUP *group, void *extra_data, void *(*extra_data_dup_func)(void *), - void (*extra_data_free_func)(void *), void (*extra_data_clear_free_func)(void *)) - { - if ((group->extra_data != NULL) - || (group->extra_data_dup_func != 0) - || (group->extra_data_free_func != 0) - || (group->extra_data_clear_free_func != 0)) - { - ECerr(EC_F_EC_GROUP_SET_EXTRA_DATA, EC_R_SLOT_FULL); +int +EC_EX_DATA_set_data(EC_EXTRA_DATA ** ex_data, void *data, + void *(*dup_func) (void *), + void (*free_func) (void *), + void (*clear_free_func) (void *)) +{ + EC_EXTRA_DATA *d; + + if (ex_data == NULL) return 0; + + for (d = *ex_data; d != NULL; d = d->next) { + if (d->dup_func == dup_func && d->free_func == free_func && + d->clear_free_func == clear_free_func) { + ECerror(EC_R_SLOT_FULL); + return 0; } + } + + if (data == NULL) + /* no explicit entry needed */ + return 1; + + d = malloc(sizeof *d); + if (d == NULL) + return 0; + + d->data = data; + d->dup_func = dup_func; + d->free_func = free_func; + d->clear_free_func = clear_free_func; + + d->next = *ex_data; + *ex_data = d; - group->extra_data = extra_data; - group->extra_data_dup_func = extra_data_dup_func; - group->extra_data_free_func = extra_data_free_func; - group->extra_data_clear_free_func = extra_data_clear_free_func; return 1; +} + +/* this has 'package' visibility */ +void * +EC_EX_DATA_get_data(const EC_EXTRA_DATA * ex_data, + void *(*dup_func) (void *), + void (*free_func) (void *), + void (*clear_free_func) (void *)) +{ + const EC_EXTRA_DATA *d; + + for (d = ex_data; d != NULL; d = d->next) { + if (d->dup_func == dup_func && d->free_func == free_func && d->clear_free_func == clear_free_func) + return d->data; } + return NULL; +} /* this has 'package' visibility */ -void *EC_GROUP_get_extra_data(const EC_GROUP *group, void *(*extra_data_dup_func)(void *), - void (*extra_data_free_func)(void *), void (*extra_data_clear_free_func)(void *)) - { - if ((group->extra_data_dup_func != extra_data_dup_func) - || (group->extra_data_free_func != extra_data_free_func) - || (group->extra_data_clear_free_func != extra_data_clear_free_func)) - { - ECerr(EC_F_EC_GROUP_GET_EXTRA_DATA, EC_R_NO_SUCH_EXTRA_DATA); - return NULL; +void +EC_EX_DATA_free_data(EC_EXTRA_DATA ** ex_data, + void *(*dup_func) (void *), + void (*free_func) (void *), + void (*clear_free_func) (void *)) +{ + EC_EXTRA_DATA **p; + + if (ex_data == NULL) + return; + + for (p = ex_data; *p != NULL; p = &((*p)->next)) { + if ((*p)->dup_func == dup_func && + (*p)->free_func == free_func && + (*p)->clear_free_func == clear_free_func) { + EC_EXTRA_DATA *next = (*p)->next; + + (*p)->free_func((*p)->data); + free(*p); + + *p = next; + return; } - - return group->extra_data; } - +} /* this has 'package' visibility */ -void EC_GROUP_free_extra_data(EC_GROUP *group) - { - if (group->extra_data_free_func) - group->extra_data_free_func(group->extra_data); - group->extra_data = NULL; - group->extra_data_dup_func = 0; - group->extra_data_free_func = 0; - group->extra_data_clear_free_func = 0; +void +EC_EX_DATA_clear_free_data(EC_EXTRA_DATA ** ex_data, + void *(*dup_func) (void *), + void (*free_func) (void *), + void (*clear_free_func) (void *)) +{ + EC_EXTRA_DATA **p; + + if (ex_data == NULL) + return; + + for (p = ex_data; *p != NULL; p = &((*p)->next)) { + if ((*p)->dup_func == dup_func && + (*p)->free_func == free_func && + (*p)->clear_free_func == clear_free_func) { + EC_EXTRA_DATA *next = (*p)->next; + + (*p)->clear_free_func((*p)->data); + free(*p); + + *p = next; + return; + } } - +} /* this has 'package' visibility */ -void EC_GROUP_clear_free_extra_data(EC_GROUP *group) - { - if (group->extra_data_clear_free_func) - group->extra_data_clear_free_func(group->extra_data); - else if (group->extra_data_free_func) - group->extra_data_free_func(group->extra_data); - group->extra_data = NULL; - group->extra_data_dup_func = 0; - group->extra_data_free_func = 0; - group->extra_data_clear_free_func = 0; +void +EC_EX_DATA_free_all_data(EC_EXTRA_DATA ** ex_data) +{ + EC_EXTRA_DATA *d; + + if (ex_data == NULL) + return; + + d = *ex_data; + while (d) { + EC_EXTRA_DATA *next = d->next; + + d->free_func(d->data); + free(d); + + d = next; } + *ex_data = NULL; +} +/* this has 'package' visibility */ +void +EC_EX_DATA_clear_free_all_data(EC_EXTRA_DATA ** ex_data) +{ + EC_EXTRA_DATA *d; + + if (ex_data == NULL) + return; + + d = *ex_data; + while (d) { + EC_EXTRA_DATA *next = d->next; + + d->clear_free_func(d->data); + free(d); + + d = next; + } + *ex_data = NULL; +} /* functions for EC_POINT objects */ -EC_POINT *EC_POINT_new(const EC_GROUP *group) - { +EC_POINT * +EC_POINT_new(const EC_GROUP * group) +{ EC_POINT *ret; - if (group == NULL) - { - ECerr(EC_F_EC_POINT_NEW, ERR_R_PASSED_NULL_PARAMETER); + if (group == NULL) { + ECerror(ERR_R_PASSED_NULL_PARAMETER); return NULL; - } - if (group->meth->point_init == 0) - { - ECerr(EC_F_EC_POINT_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + } + if (group->meth->point_init == 0) { + ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return NULL; - } - - ret = OPENSSL_malloc(sizeof *ret); - if (ret == NULL) - { - ECerr(EC_F_EC_POINT_NEW, ERR_R_MALLOC_FAILURE); + } + ret = malloc(sizeof *ret); + if (ret == NULL) { + ECerror(ERR_R_MALLOC_FAILURE); return NULL; - } - + } ret->meth = group->meth; - - if (!ret->meth->point_init(ret)) - { - OPENSSL_free(ret); + + if (!ret->meth->point_init(ret)) { + free(ret); return NULL; - } - - return ret; } + return ret; +} -void EC_POINT_free(EC_POINT *point) - { - if (!point) return; +void +EC_POINT_free(EC_POINT * point) +{ + if (!point) + return; if (point->meth->point_finish != 0) point->meth->point_finish(point); - OPENSSL_free(point); - } - + free(point); +} -void EC_POINT_clear_free(EC_POINT *point) - { - if (!point) return; + +void +EC_POINT_clear_free(EC_POINT * point) +{ + if (!point) + return; if (point->meth->point_clear_finish != 0) point->meth->point_clear_finish(point); - else if (point->meth != NULL && point->meth->point_finish != 0) + else if (point->meth->point_finish != 0) point->meth->point_finish(point); - memset(point, 0, sizeof *point); - OPENSSL_free(point); - } + freezero(point, sizeof *point); +} -int EC_POINT_copy(EC_POINT *dest, const EC_POINT *src) - { - if (dest->meth->point_copy == 0) - { - ECerr(EC_F_EC_POINT_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +int +EC_POINT_copy(EC_POINT * dest, const EC_POINT * src) +{ + if (dest->meth->point_copy == 0) { + ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; - } - if (dest->meth != src->meth) - { - ECerr(EC_F_EC_POINT_COPY, EC_R_INCOMPATIBLE_OBJECTS); + } + if (dest->meth != src->meth) { + ECerror(EC_R_INCOMPATIBLE_OBJECTS); return 0; - } + } if (dest == src) return 1; return dest->meth->point_copy(dest, src); - } +} -const EC_METHOD *EC_POINT_method_of(const EC_POINT *point) - { - return point->meth; - } +EC_POINT * +EC_POINT_dup(const EC_POINT * a, const EC_GROUP * group) +{ + EC_POINT *t; + int r; + if (a == NULL) + return NULL; -int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point) - { - if (group->meth->point_set_to_infinity == 0) - { - ECerr(EC_F_EC_POINT_SET_TO_INFINITY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - if (group->meth != point->meth) - { - ECerr(EC_F_EC_POINT_SET_TO_INFINITY, EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - return group->meth->point_set_to_infinity(group, point); - } + t = EC_POINT_new(group); + if (t == NULL) + return (NULL); + r = EC_POINT_copy(t, a); + if (!r) { + EC_POINT_free(t); + return NULL; + } else + return t; +} -int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *point, - const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx) - { - if (group->meth->point_set_Jprojective_coordinates_GFp == 0) - { - ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +const EC_METHOD * +EC_POINT_method_of(const EC_POINT * point) +{ + return point->meth; +} + + +int +EC_POINT_set_to_infinity(const EC_GROUP * group, EC_POINT * point) +{ + if (group->meth->point_set_to_infinity == 0) { + ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; - } - if (group->meth != point->meth) - { - ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); + } + if (group->meth != point->meth) { + ECerror(EC_R_INCOMPATIBLE_OBJECTS); return 0; - } - return group->meth->point_set_Jprojective_coordinates_GFp(group, point, x, y, z, ctx); } + return group->meth->point_set_to_infinity(group, point); +} -int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point, - BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx) - { - if (group->meth->point_get_Jprojective_coordinates_GFp == 0) - { - ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +int +EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *point, + const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx) +{ + if (group->meth->point_set_Jprojective_coordinates_GFp == 0) { + ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; - } - if (group->meth != point->meth) - { - ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); + } + if (group->meth != point->meth) { + ECerror(EC_R_INCOMPATIBLE_OBJECTS); return 0; - } - return group->meth->point_get_Jprojective_coordinates_GFp(group, point, x, y, z, ctx); } + return group->meth->point_set_Jprojective_coordinates_GFp(group, point, x, y, z, ctx); +} -int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *point, - const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx) - { - if (group->meth->point_set_affine_coordinates_GFp == 0) - { - ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +int +EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, + const EC_POINT *point, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx) +{ + if (group->meth->point_get_Jprojective_coordinates_GFp == 0) { + ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; - } - if (group->meth != point->meth) - { - ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); + } + if (group->meth != point->meth) { + ECerror(EC_R_INCOMPATIBLE_OBJECTS); return 0; - } - return group->meth->point_set_affine_coordinates_GFp(group, point, x, y, ctx); } + return group->meth->point_get_Jprojective_coordinates_GFp(group, point, x, y, z, ctx); +} -int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point, - BIGNUM *x, BIGNUM *y, BN_CTX *ctx) - { - if (group->meth->point_get_affine_coordinates_GFp == 0) - { - ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +int +EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *point, + const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx) +{ + if (group->meth->point_set_affine_coordinates == 0) { + ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; - } - if (group->meth != point->meth) - { - ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); + } + if (group->meth != point->meth) { + ECerror(EC_R_INCOMPATIBLE_OBJECTS); return 0; - } - return group->meth->point_get_affine_coordinates_GFp(group, point, x, y, ctx); } - - -int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *point, - const BIGNUM *x, int y_bit, BN_CTX *ctx) - { - if (group->meth->point_set_compressed_coordinates_GFp == 0) - { - ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return group->meth->point_set_affine_coordinates(group, point, x, y, ctx); +} + +#ifndef OPENSSL_NO_EC2M +int +EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *point, + const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx) +{ + if (group->meth->point_set_affine_coordinates == 0) { + ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; - } - if (group->meth != point->meth) - { - ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS); + } + if (group->meth != point->meth) { + ECerror(EC_R_INCOMPATIBLE_OBJECTS); return 0; - } - return group->meth->point_set_compressed_coordinates_GFp(group, point, x, y_bit, ctx); } - - -size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point, point_conversion_form_t form, - unsigned char *buf, size_t len, BN_CTX *ctx) - { - if (group->meth->point2oct == 0) - { - ECerr(EC_F_EC_POINT_POINT2OCT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return group->meth->point_set_affine_coordinates(group, point, x, y, ctx); +} +#endif + +int +EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point, + BIGNUM *x, BIGNUM *y, BN_CTX *ctx) +{ + if (group->meth->point_get_affine_coordinates == 0) { + ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; - } - if (group->meth != point->meth) - { - ECerr(EC_F_EC_POINT_POINT2OCT, EC_R_INCOMPATIBLE_OBJECTS); + } + if (group->meth != point->meth) { + ECerror(EC_R_INCOMPATIBLE_OBJECTS); return 0; - } - return group->meth->point2oct(group, point, form, buf, len, ctx); } - - -int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *point, - const unsigned char *buf, size_t len, BN_CTX *ctx) - { - if (group->meth->oct2point == 0) - { - ECerr(EC_F_EC_POINT_OCT2POINT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return group->meth->point_get_affine_coordinates(group, point, x, y, ctx); +} + +#ifndef OPENSSL_NO_EC2M +int +EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, const EC_POINT *point, + BIGNUM *x, BIGNUM *y, BN_CTX *ctx) +{ + if (group->meth->point_get_affine_coordinates == 0) { + ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; - } - if (group->meth != point->meth) - { - ECerr(EC_F_EC_POINT_OCT2POINT, EC_R_INCOMPATIBLE_OBJECTS); + } + if (group->meth != point->meth) { + ECerror(EC_R_INCOMPATIBLE_OBJECTS); return 0; - } - return group->meth->oct2point(group, point, buf, len, ctx); } - - -int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx) - { - if (group->meth->add == 0) - { - ECerr(EC_F_EC_POINT_ADD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return group->meth->point_get_affine_coordinates(group, point, x, y, ctx); +} +#endif + +int +EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, + const EC_POINT *b, BN_CTX *ctx) +{ + if (group->meth->add == 0) { + ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; - } - if ((group->meth != r->meth) || (r->meth != a->meth) || (a->meth != b->meth)) - { - ECerr(EC_F_EC_POINT_ADD, EC_R_INCOMPATIBLE_OBJECTS); + } + if ((group->meth != r->meth) || (r->meth != a->meth) || (a->meth != b->meth)) { + ECerror(EC_R_INCOMPATIBLE_OBJECTS); return 0; - } - return group->meth->add(group, r, a, b, ctx); } + return group->meth->add(group, r, a, b, ctx); +} -int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx) - { - if (group->meth->dbl == 0) - { - ECerr(EC_F_EC_POINT_DBL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +int +EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx) +{ + if (group->meth->dbl == 0) { + ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; - } - if ((group->meth != r->meth) || (r->meth != a->meth)) - { - ECerr(EC_F_EC_POINT_DBL, EC_R_INCOMPATIBLE_OBJECTS); + } + if ((group->meth != r->meth) || (r->meth != a->meth)) { + ECerror(EC_R_INCOMPATIBLE_OBJECTS); return 0; - } - return group->meth->dbl(group, r, a, ctx); } + return group->meth->dbl(group, r, a, ctx); +} -int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx) - { - if (group->meth->dbl == 0) - { - ECerr(EC_F_EC_POINT_DBL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +int +EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx) +{ + if (group->meth->invert == 0) { + ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; - } - if (group->meth != a->meth) - { - ECerr(EC_F_EC_POINT_DBL, EC_R_INCOMPATIBLE_OBJECTS); + } + if (group->meth != a->meth) { + ECerror(EC_R_INCOMPATIBLE_OBJECTS); return 0; - } - return group->meth->invert(group, a, ctx); } + return group->meth->invert(group, a, ctx); +} -int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point) - { - if (group->meth->is_at_infinity == 0) - { - ECerr(EC_F_EC_POINT_IS_AT_INFINITY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +int +EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point) +{ + if (group->meth->is_at_infinity == 0) { + ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; - } - if (group->meth != point->meth) - { - ECerr(EC_F_EC_POINT_IS_AT_INFINITY, EC_R_INCOMPATIBLE_OBJECTS); + } + if (group->meth != point->meth) { + ECerror(EC_R_INCOMPATIBLE_OBJECTS); return 0; - } - return group->meth->is_at_infinity(group, point); } + return group->meth->is_at_infinity(group, point); +} -int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx) - { - if (group->meth->is_on_curve == 0) - { - ECerr(EC_F_EC_POINT_IS_ON_CURVE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +int +EC_POINT_is_on_curve(const EC_GROUP * group, const EC_POINT * point, BN_CTX * ctx) +{ + if (group->meth->is_on_curve == 0) { + ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; - } - if (group->meth != point->meth) - { - ECerr(EC_F_EC_POINT_IS_ON_CURVE, EC_R_INCOMPATIBLE_OBJECTS); + } + if (group->meth != point->meth) { + ECerror(EC_R_INCOMPATIBLE_OBJECTS); return 0; - } - return group->meth->is_on_curve(group, point, ctx); } + return group->meth->is_on_curve(group, point, ctx); +} -int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx) - { - if (group->meth->point_cmp == 0) - { - ECerr(EC_F_EC_POINT_CMP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - if ((group->meth != a->meth) || (a->meth != b->meth)) - { - ECerr(EC_F_EC_POINT_CMP, EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } - return group->meth->point_cmp(group, a, b, ctx); +int +EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, + BN_CTX * ctx) +{ + if (group->meth->point_cmp == 0) { + ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return -1; + } + if ((group->meth != a->meth) || (a->meth != b->meth)) { + ECerror(EC_R_INCOMPATIBLE_OBJECTS); + return -1; } + return group->meth->point_cmp(group, a, b, ctx); +} -int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx) - { - if (group->meth->make_affine == 0) - { - ECerr(EC_F_EC_POINT_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); +int +EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx) +{ + if (group->meth->make_affine == 0) { + ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; - } - if (group->meth != point->meth) - { - ECerr(EC_F_EC_POINT_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS); + } + if (group->meth != point->meth) { + ECerror(EC_R_INCOMPATIBLE_OBJECTS); return 0; - } - return group->meth->make_affine(group, point, ctx); } + return group->meth->make_affine(group, point, ctx); +} -int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx) - { +int +EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], + BN_CTX *ctx) +{ size_t i; - if (group->meth->points_make_affine == 0) - { - ECerr(EC_F_EC_POINTS_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + if (group->meth->points_make_affine == 0) { + ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return 0; - } - for (i = 0; i < num; i++) - { - if (group->meth != points[i]->meth) - { - ECerr(EC_F_EC_POINTS_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS); + } + for (i = 0; i < num; i++) { + if (group->meth != points[i]->meth) { + ECerror(EC_R_INCOMPATIBLE_OBJECTS); return 0; - } } + } return group->meth->points_make_affine(group, num, points, ctx); +} + + +/* Functions for point multiplication */ +int +EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, + size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx) +{ + /* + * The function pointers must be set, and only support num == 0 and + * num == 1. + */ + if (group->meth->mul_generator_ct == NULL || + group->meth->mul_single_ct == NULL || + group->meth->mul_double_nonct == NULL || + num > 1) { + ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } + + /* Either bP or aG + bP, this is sane. */ + if (num == 1 && points != NULL && scalars != NULL) + return EC_POINT_mul(group, r, scalar, points[0], scalars[0], + ctx); + + /* aG, this is sane */ + if (scalar != NULL && points == NULL && scalars == NULL) + return EC_POINT_mul(group, r, scalar, NULL, NULL, ctx); + + /* anything else is an error */ + ECerror(ERR_R_EC_LIB); + return 0; +} + +int +EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar, + const EC_POINT *point, const BIGNUM *p_scalar, BN_CTX *ctx) +{ + if (group->meth->mul_generator_ct == NULL || + group->meth->mul_single_ct == NULL || + group->meth->mul_double_nonct == NULL) { + ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } + if (g_scalar != NULL && point == NULL && p_scalar == NULL) { + /* + * In this case we want to compute g_scalar * GeneratorPoint: + * this codepath is reached most prominently by (ephemeral) key + * generation of EC cryptosystems (i.e. ECDSA keygen and sign + * setup, ECDH keygen/first half), where the scalar is always + * secret. This is why we ignore if BN_FLG_CONSTTIME is actually + * set and we always call the constant time version. + */ + return group->meth->mul_generator_ct(group, r, g_scalar, ctx); + } + if (g_scalar == NULL && point != NULL && p_scalar != NULL) { + /* In this case we want to compute p_scalar * GenericPoint: + * this codepath is reached most prominently by the second half + * of ECDH, where the secret scalar is multiplied by the peer's + * public point. To protect the secret scalar, we ignore if + * BN_FLG_CONSTTIME is actually set and we always call the + * constant time version. + */ + return group->meth->mul_single_ct(group, r, p_scalar, point, + ctx); + } + if (g_scalar != NULL && point != NULL && p_scalar != NULL) { + /* + * In this case we want to compute + * g_scalar * GeneratorPoint + p_scalar * GenericPoint: + * this codepath is reached most prominently by ECDSA signature + * verification. So we call the non-ct version. + */ + return group->meth->mul_double_nonct(group, r, g_scalar, + p_scalar, point, ctx); } + + /* Anything else is an error. */ + ECerror(ERR_R_EC_LIB); + return 0; +} + +int +EC_GROUP_precompute_mult(EC_GROUP * group, BN_CTX * ctx) +{ + if (group->meth->precompute_mult != 0) + return group->meth->precompute_mult(group, ctx); + else + return 1; /* nothing to do, so report success */ +} + +int +EC_GROUP_have_precompute_mult(const EC_GROUP * group) +{ + if (group->meth->have_precompute_mult != 0) + return group->meth->have_precompute_mult(group); + else + return 0; /* cannot tell whether precomputation has + * been performed */ +} + +EC_KEY * +ECParameters_dup(EC_KEY *key) +{ + unsigned char *p = NULL; + EC_KEY *k = NULL; + int len; + + if (key == NULL) + return (NULL); + + if ((len = i2d_ECParameters(key, &p)) > 0) + k = d2i_ECParameters(NULL, (const unsigned char **)&p, len); + + return (k); +} diff --git a/src/lib/libcrypto/ec/ec_mult.c b/src/lib/libcrypto/ec/ec_mult.c index 603ba31b819..05f89a57872 100644 --- a/src/lib/libcrypto/ec/ec_mult.c +++ b/src/lib/libcrypto/ec/ec_mult.c @@ -1,13 +1,16 @@ -/* crypto/ec/ec_mult.c */ +/* $OpenBSD: ec_mult.c,v 1.24 2018/07/15 16:27:39 tb Exp $ */ +/* + * Originally written by Bodo Moeller and Nils Larsch for the OpenSSL project. + */ /* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -52,122 +55,261 @@ * Hudson (tjh@cryptsoft.com). * */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * Portions of this software developed by SUN MICROSYSTEMS, INC., + * and contributed to the OpenSSL project. + */ + +#include #include #include "ec_lcl.h" -/* TODO: optional precomputation of multiples of the generator */ +/* + * This file implements the wNAF-based interleaving multi-exponentation method + * (); + * for multiplication with precomputation, we use wNAF splitting + * (). + */ -/* - * wNAF-based interleaving multi-exponentation method - * () - */ +/* structure for precomputed multiples of the generator */ +typedef struct ec_pre_comp_st { + const EC_GROUP *group; /* parent EC_GROUP object */ + size_t blocksize; /* block size for wNAF splitting */ + size_t numblocks; /* max. number of blocks for which we have + * precomputation */ + size_t w; /* window size */ + EC_POINT **points; /* array with pre-calculated multiples of + * generator: 'num' pointers to EC_POINT + * objects followed by a NULL */ + size_t num; /* numblocks * 2^(w-1) */ + int references; +} EC_PRE_COMP; + +/* functions to manage EC_PRE_COMP within the EC_GROUP extra_data framework */ +static void *ec_pre_comp_dup(void *); +static void ec_pre_comp_free(void *); +static void ec_pre_comp_clear_free(void *); + +static EC_PRE_COMP * +ec_pre_comp_new(const EC_GROUP * group) +{ + EC_PRE_COMP *ret = NULL; + + if (!group) + return NULL; + + ret = malloc(sizeof(EC_PRE_COMP)); + if (!ret) { + ECerror(ERR_R_MALLOC_FAILURE); + return ret; + } + ret->group = group; + ret->blocksize = 8; /* default */ + ret->numblocks = 0; + ret->w = 4; /* default */ + ret->points = NULL; + ret->num = 0; + ret->references = 1; + return ret; +} + +static void * +ec_pre_comp_dup(void *src_) +{ + EC_PRE_COMP *src = src_; + + /* no need to actually copy, these objects never change! */ + + CRYPTO_add(&src->references, 1, CRYPTO_LOCK_EC_PRE_COMP); + + return src_; +} + +static void +ec_pre_comp_free(void *pre_) +{ + int i; + EC_PRE_COMP *pre = pre_; + + if (!pre) + return; + + i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP); + if (i > 0) + return; + + if (pre->points) { + EC_POINT **p; + + for (p = pre->points; *p != NULL; p++) + EC_POINT_free(*p); + free(pre->points); + } + free(pre); +} + +static void +ec_pre_comp_clear_free(void *pre_) +{ + int i; + EC_PRE_COMP *pre = pre_; + + if (!pre) + return; + + i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP); + if (i > 0) + return; + + if (pre->points) { + EC_POINT **p; -/* Determine the width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'. + for (p = pre->points; *p != NULL; p++) { + EC_POINT_clear_free(*p); + explicit_bzero(p, sizeof *p); + } + free(pre->points); + } + freezero(pre, sizeof *pre); +} + + + + +/* Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'. * This is an array r[] of values that are either zero or odd with an * absolute value less than 2^w satisfying * scalar = \sum_j r[j]*2^j - * where at most one of any w+1 consecutive digits is non-zero. + * where at most one of any w+1 consecutive digits is non-zero + * with the exception that the most significant digit may be only + * w-1 zeros away from that next non-zero digit. */ -static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len, BN_CTX *ctx) - { - BIGNUM *c; +static signed char * +compute_wNAF(const BIGNUM * scalar, int w, size_t * ret_len) +{ + int window_val; int ok = 0; signed char *r = NULL; int sign = 1; int bit, next_bit, mask; size_t len = 0, j; - - BN_CTX_start(ctx); - c = BN_CTX_get(ctx); - if (c == NULL) goto err; - - if (w <= 0 || w > 7) /* 'signed char' can represent integers with absolute values less than 2^7 */ - { - ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); - goto err; - } - bit = 1 << w; /* at most 128 */ - next_bit = bit << 1; /* at most 256 */ - mask = next_bit - 1; /* at most 255 */ - if (!BN_copy(c, scalar)) goto err; - if (c->neg) - { - sign = -1; - c->neg = 0; + if (BN_is_zero(scalar)) { + r = malloc(1); + if (!r) { + ECerror(ERR_R_MALLOC_FAILURE); + goto err; } + r[0] = 0; + *ret_len = 1; + return r; + } + if (w <= 0 || w > 7) { + /* 'signed char' can represent integers with + * absolute values less than 2^7 */ + ECerror(ERR_R_INTERNAL_ERROR); + goto err; + } + bit = 1 << w; /* at most 128 */ + next_bit = bit << 1; /* at most 256 */ + mask = next_bit - 1; /* at most 255 */ - len = BN_num_bits(c) + 1; /* wNAF may be one digit longer than binary representation */ - r = OPENSSL_malloc(len); - if (r == NULL) goto err; - + if (BN_is_negative(scalar)) { + sign = -1; + } + if (scalar->d == NULL || scalar->top == 0) { + ECerror(ERR_R_INTERNAL_ERROR); + goto err; + } + len = BN_num_bits(scalar); + r = malloc(len + 1); /* modified wNAF may be one digit longer than + * binary representation (*ret_len will be + * set to the actual length, i.e. at most + * BN_num_bits(scalar) + 1) */ + if (r == NULL) { + ECerror(ERR_R_MALLOC_FAILURE); + goto err; + } + window_val = scalar->d[0] & mask; j = 0; - while (!BN_is_zero(c)) - { - int u = 0; - - if (BN_is_odd(c)) - { - if (c->d == NULL || c->top == 0) - { - ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); - goto err; - } - u = c->d[0] & mask; - if (u & bit) - { - u -= next_bit; - /* u < 0 */ - if (!BN_add_word(c, -u)) goto err; - } - else - { - /* u > 0 */ - if (!BN_sub_word(c, u)) goto err; + while ((window_val != 0) || (j + w + 1 < len)) { + /* if j+w+1 >= len, window_val will not increase */ + int digit = 0; + + /* 0 <= window_val <= 2^(w+1) */ + if (window_val & 1) { + /* 0 < window_val < 2^(w+1) */ + if (window_val & bit) { + digit = window_val - next_bit; /* -2^w < digit < 0 */ + +#if 1 /* modified wNAF */ + if (j + w + 1 >= len) { + /* + * special case for generating + * modified wNAFs: no new bits will + * be added into window_val, so using + * a positive digit here will + * decrease the total length of the + * representation + */ + + digit = window_val & (mask >> 1); /* 0 < digit < 2^w */ } +#endif + } else { + digit = window_val; /* 0 < digit < 2^w */ + } - if (u <= -bit || u >= bit || !(u & 1) || c->neg) - { - ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); + if (digit <= -bit || digit >= bit || !(digit & 1)) { + ECerror(ERR_R_INTERNAL_ERROR); + goto err; + } + window_val -= digit; + + /* + * now window_val is 0 or 2^(w+1) in standard wNAF + * generation; for modified window NAFs, it may also + * be 2^w + */ + if (window_val != 0 && window_val != next_bit && window_val != bit) { + ECerror(ERR_R_INTERNAL_ERROR); goto err; - } } + } + r[j++] = sign * digit; + + window_val >>= 1; + window_val += bit * BN_is_bit_set(scalar, j + w); - r[j++] = sign * u; - - if (BN_is_odd(c)) - { - ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); + if (window_val > next_bit) { + ECerror(ERR_R_INTERNAL_ERROR); goto err; - } - if (!BN_rshift1(c, c)) goto err; } + } - if (j > len) - { - ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); + if (j > len + 1) { + ECerror(ERR_R_INTERNAL_ERROR); goto err; - } + } len = j; ok = 1; err: - BN_CTX_end(ctx); - if (!ok) - { - OPENSSL_free(r); + if (!ok) { + free(r); r = NULL; - } + } if (ok) *ret_len = len; return r; - } +} /* TODO: table should be optimised for the wNAF-based implementation, @@ -175,12 +317,13 @@ static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len, B * (thus the boundaries should be increased) */ #define EC_window_bits_for_scalar_size(b) \ - ((b) >= 2000 ? 6 : \ - (b) >= 800 ? 5 : \ - (b) >= 300 ? 4 : \ - (b) >= 70 ? 3 : \ - (b) >= 20 ? 2 : \ - 1) + ((size_t) \ + ((b) >= 2000 ? 6 : \ + (b) >= 800 ? 5 : \ + (b) >= 300 ? 4 : \ + (b) >= 70 ? 3 : \ + (b) >= 20 ? 2 : \ + 1)) /* Compute * \sum scalars[i]*points[i], @@ -188,286 +331,555 @@ static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len, B * scalar*generator * in the addition if scalar != NULL */ -int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, - size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx) - { +int +ec_wNAF_mul(const EC_GROUP * group, EC_POINT * r, const BIGNUM * scalar, + size_t num, const EC_POINT * points[], const BIGNUM * scalars[], BN_CTX * ctx) +{ BN_CTX *new_ctx = NULL; - EC_POINT *generator = NULL; + const EC_POINT *generator = NULL; EC_POINT *tmp = NULL; size_t totalnum; + size_t blocksize = 0, numblocks = 0; /* for wNAF splitting */ + size_t pre_points_per_block = 0; size_t i, j; int k; int r_is_inverted = 0; int r_is_at_infinity = 1; - size_t *wsize = NULL; /* individual window sizes */ - signed char **wNAF = NULL; /* individual wNAFs */ + size_t *wsize = NULL; /* individual window sizes */ + signed char **wNAF = NULL; /* individual wNAFs */ + signed char *tmp_wNAF = NULL; size_t *wNAF_len = NULL; size_t max_len = 0; size_t num_val; - EC_POINT **val = NULL; /* precomputation */ + EC_POINT **val = NULL; /* precomputation */ EC_POINT **v; - EC_POINT ***val_sub = NULL; /* pointers to sub-arrays of 'val' */ + EC_POINT ***val_sub = NULL; /* pointers to sub-arrays of 'val' or + * 'pre_comp->points' */ + const EC_PRE_COMP *pre_comp = NULL; + int num_scalar = 0; /* flag: will be set to 1 if 'scalar' must be + * treated like other scalars, i.e. + * precomputation is not available */ int ret = 0; - - if (scalar != NULL) - { - generator = EC_GROUP_get0_generator(group); - if (generator == NULL) - { - ECerr(EC_F_EC_POINTS_MUL, EC_R_UNDEFINED_GENERATOR); + + if (group->meth != r->meth) { + ECerror(EC_R_INCOMPATIBLE_OBJECTS); + return 0; + } + if ((scalar == NULL) && (num == 0)) { + return EC_POINT_set_to_infinity(group, r); + } + for (i = 0; i < num; i++) { + if (group->meth != points[i]->meth) { + ECerror(EC_R_INCOMPATIBLE_OBJECTS); return 0; - } } - - for (i = 0; i < num; i++) - { - if (group->meth != points[i]->meth) - { - ECerr(EC_F_EC_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS); - return 0; - } + } + + if (ctx == NULL) { + ctx = new_ctx = BN_CTX_new(); + if (ctx == NULL) + goto err; + } + if (scalar != NULL) { + generator = EC_GROUP_get0_generator(group); + if (generator == NULL) { + ECerror(EC_R_UNDEFINED_GENERATOR); + goto err; } + /* look if we can use precomputed multiples of generator */ + + pre_comp = EC_EX_DATA_get_data(group->extra_data, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free); + + if (pre_comp && pre_comp->numblocks && + (EC_POINT_cmp(group, generator, pre_comp->points[0], ctx) == 0)) { + blocksize = pre_comp->blocksize; + + /* + * determine maximum number of blocks that wNAF + * splitting may yield (NB: maximum wNAF length is + * bit length plus one) + */ + numblocks = (BN_num_bits(scalar) / blocksize) + 1; + + /* + * we cannot use more blocks than we have + * precomputation for + */ + if (numblocks > pre_comp->numblocks) + numblocks = pre_comp->numblocks; - totalnum = num + (scalar != NULL); + pre_points_per_block = (size_t) 1 << (pre_comp->w - 1); - wsize = OPENSSL_malloc(totalnum * sizeof wsize[0]); - wNAF_len = OPENSSL_malloc(totalnum * sizeof wNAF_len[0]); - wNAF = OPENSSL_malloc((totalnum + 1) * sizeof wNAF[0]); - if (wNAF != NULL) - { - wNAF[0] = NULL; /* preliminary pivot */ + /* check that pre_comp looks sane */ + if (pre_comp->num != (pre_comp->numblocks * pre_points_per_block)) { + ECerror(ERR_R_INTERNAL_ERROR); + goto err; + } + } else { + /* can't use precomputation */ + pre_comp = NULL; + numblocks = 1; + num_scalar = 1; /* treat 'scalar' like 'num'-th + * element of 'scalars' */ } - if (wsize == NULL || wNAF_len == NULL || wNAF == NULL) goto err; + } + totalnum = num + numblocks; + + /* includes space for pivot */ + wNAF = reallocarray(NULL, (totalnum + 1), sizeof wNAF[0]); + if (wNAF == NULL) { + ECerror(ERR_R_MALLOC_FAILURE); + goto err; + } + + wNAF[0] = NULL; /* preliminary pivot */ + + wsize = reallocarray(NULL, totalnum, sizeof wsize[0]); + wNAF_len = reallocarray(NULL, totalnum, sizeof wNAF_len[0]); + val_sub = reallocarray(NULL, totalnum, sizeof val_sub[0]); - /* num_val := total number of points to precompute */ + if (wsize == NULL || wNAF_len == NULL || val_sub == NULL) { + ECerror(ERR_R_MALLOC_FAILURE); + goto err; + } + + /* num_val will be the total number of temporarily precomputed points */ num_val = 0; - for (i = 0; i < totalnum; i++) - { + + for (i = 0; i < num + num_scalar; i++) { size_t bits; bits = i < num ? BN_num_bits(scalars[i]) : BN_num_bits(scalar); wsize[i] = EC_window_bits_for_scalar_size(bits); - num_val += 1u << (wsize[i] - 1); - } + num_val += (size_t) 1 << (wsize[i] - 1); + wNAF[i + 1] = NULL; /* make sure we always have a pivot */ + wNAF[i] = compute_wNAF((i < num ? scalars[i] : scalar), wsize[i], &wNAF_len[i]); + if (wNAF[i] == NULL) + goto err; + if (wNAF_len[i] > max_len) + max_len = wNAF_len[i]; + } + + if (numblocks) { + /* we go here iff scalar != NULL */ + + if (pre_comp == NULL) { + if (num_scalar != 1) { + ECerror(ERR_R_INTERNAL_ERROR); + goto err; + } + /* we have already generated a wNAF for 'scalar' */ + } else { + size_t tmp_len = 0; + + if (num_scalar != 0) { + ECerror(ERR_R_INTERNAL_ERROR); + goto err; + } + /* + * use the window size for which we have + * precomputation + */ + wsize[num] = pre_comp->w; + tmp_wNAF = compute_wNAF(scalar, wsize[num], &tmp_len); + if (tmp_wNAF == NULL) + goto err; - /* all precomputed points go into a single array 'val', - * 'val_sub[i]' is a pointer to the subarray for the i-th point */ - val = OPENSSL_malloc((num_val + 1) * sizeof val[0]); - if (val == NULL) goto err; - val[num_val] = NULL; /* pivot element */ + if (tmp_len <= max_len) { + /* + * One of the other wNAFs is at least as long + * as the wNAF belonging to the generator, so + * wNAF splitting will not buy us anything. + */ + + numblocks = 1; + totalnum = num + 1; /* don't use wNAF + * splitting */ + wNAF[num] = tmp_wNAF; + tmp_wNAF = NULL; + wNAF[num + 1] = NULL; + wNAF_len[num] = tmp_len; + if (tmp_len > max_len) + max_len = tmp_len; + /* + * pre_comp->points starts with the points + * that we need here: + */ + val_sub[num] = pre_comp->points; + } else { + /* + * don't include tmp_wNAF directly into wNAF + * array - use wNAF splitting and include the + * blocks + */ + + signed char *pp; + EC_POINT **tmp_points; + + if (tmp_len < numblocks * blocksize) { + /* + * possibly we can do with fewer + * blocks than estimated + */ + numblocks = (tmp_len + blocksize - 1) / blocksize; + if (numblocks > pre_comp->numblocks) { + ECerror(ERR_R_INTERNAL_ERROR); + goto err; + } + totalnum = num + numblocks; + } + /* split wNAF in 'numblocks' parts */ + pp = tmp_wNAF; + tmp_points = pre_comp->points; + + for (i = num; i < totalnum; i++) { + if (i < totalnum - 1) { + wNAF_len[i] = blocksize; + if (tmp_len < blocksize) { + ECerror(ERR_R_INTERNAL_ERROR); + goto err; + } + tmp_len -= blocksize; + } else + /* + * last block gets whatever + * is left (this could be + * more or less than + * 'blocksize'!) + */ + wNAF_len[i] = tmp_len; + + wNAF[i + 1] = NULL; + wNAF[i] = malloc(wNAF_len[i]); + if (wNAF[i] == NULL) { + ECerror(ERR_R_MALLOC_FAILURE); + goto err; + } + memcpy(wNAF[i], pp, wNAF_len[i]); + if (wNAF_len[i] > max_len) + max_len = wNAF_len[i]; - val_sub = OPENSSL_malloc(totalnum * sizeof val_sub[0]); - if (val_sub == NULL) goto err; + if (*tmp_points == NULL) { + ECerror(ERR_R_INTERNAL_ERROR); + goto err; + } + val_sub[i] = tmp_points; + tmp_points += pre_points_per_block; + pp += blocksize; + } + } + } + } + /* + * All points we precompute now go into a single array 'val'. + * 'val_sub[i]' is a pointer to the subarray for the i-th point, or + * to a subarray of 'pre_comp->points' if we already have + * precomputation. + */ + val = reallocarray(NULL, (num_val + 1), sizeof val[0]); + if (val == NULL) { + ECerror(ERR_R_MALLOC_FAILURE); + goto err; + } + val[num_val] = NULL; /* pivot element */ /* allocate points for precomputation */ v = val; - for (i = 0; i < totalnum; i++) - { + for (i = 0; i < num + num_scalar; i++) { val_sub[i] = v; - for (j = 0; j < (1u << (wsize[i] - 1)); j++) - { + for (j = 0; j < ((size_t) 1 << (wsize[i] - 1)); j++) { *v = EC_POINT_new(group); - if (*v == NULL) goto err; + if (*v == NULL) + goto err; v++; - } } - if (!(v == val + num_val)) - { - ECerr(EC_F_EC_POINTS_MUL, ERR_R_INTERNAL_ERROR); + } + if (!(v == val + num_val)) { + ECerror(ERR_R_INTERNAL_ERROR); + goto err; + } + if (!(tmp = EC_POINT_new(group))) goto err; - } - if (ctx == NULL) - { - ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) - goto err; - } - - tmp = EC_POINT_new(group); - if (tmp == NULL) goto err; - - /* prepare precomputed values: - * val_sub[i][0] := points[i] - * val_sub[i][1] := 3 * points[i] - * val_sub[i][2] := 5 * points[i] - * ... + /* + * prepare precomputed values: val_sub[i][0] := points[i] + * val_sub[i][1] := 3 * points[i] val_sub[i][2] := 5 * points[i] ... */ - for (i = 0; i < totalnum; i++) - { - if (i < num) - { - if (!EC_POINT_copy(val_sub[i][0], points[i])) goto err; - } - else - { - if (!EC_POINT_copy(val_sub[i][0], generator)) goto err; - } + for (i = 0; i < num + num_scalar; i++) { + if (i < num) { + if (!EC_POINT_copy(val_sub[i][0], points[i])) + goto err; + } else { + if (!EC_POINT_copy(val_sub[i][0], generator)) + goto err; + } - if (wsize[i] > 1) - { - if (!EC_POINT_dbl(group, tmp, val_sub[i][0], ctx)) goto err; - for (j = 1; j < (1u << (wsize[i] - 1)); j++) - { - if (!EC_POINT_add(group, val_sub[i][j], val_sub[i][j - 1], tmp, ctx)) goto err; - } + if (wsize[i] > 1) { + if (!EC_POINT_dbl(group, tmp, val_sub[i][0], ctx)) + goto err; + for (j = 1; j < ((size_t) 1 << (wsize[i] - 1)); j++) { + if (!EC_POINT_add(group, val_sub[i][j], val_sub[i][j - 1], tmp, ctx)) + goto err; } - - wNAF[i + 1] = NULL; /* make sure we always have a pivot */ - wNAF[i] = compute_wNAF((i < num ? scalars[i] : scalar), wsize[i], &wNAF_len[i], ctx); - if (wNAF[i] == NULL) goto err; - if (wNAF_len[i] > max_len) - max_len = wNAF_len[i]; } + } -#if 1 /* optional; EC_window_bits_for_scalar_size assumes we do this step */ - if (!EC_POINTs_make_affine(group, num_val, val, ctx)) goto err; -#endif + if (!EC_POINTs_make_affine(group, num_val, val, ctx)) + goto err; r_is_at_infinity = 1; - for (k = max_len - 1; k >= 0; k--) - { - if (!r_is_at_infinity) - { - if (!EC_POINT_dbl(group, r, r, ctx)) goto err; - } - - for (i = 0; i < totalnum; i++) - { - if (wNAF_len[i] > (size_t)k) - { + for (k = max_len - 1; k >= 0; k--) { + if (!r_is_at_infinity) { + if (!EC_POINT_dbl(group, r, r, ctx)) + goto err; + } + for (i = 0; i < totalnum; i++) { + if (wNAF_len[i] > (size_t) k) { int digit = wNAF[i][k]; int is_neg; - if (digit) - { + if (digit) { is_neg = digit < 0; if (is_neg) digit = -digit; - if (is_neg != r_is_inverted) - { - if (!r_is_at_infinity) - { - if (!EC_POINT_invert(group, r, ctx)) goto err; - } - r_is_inverted = !r_is_inverted; + if (is_neg != r_is_inverted) { + if (!r_is_at_infinity) { + if (!EC_POINT_invert(group, r, ctx)) + goto err; } - + r_is_inverted = !r_is_inverted; + } /* digit > 0 */ - if (r_is_at_infinity) - { - if (!EC_POINT_copy(r, val_sub[i][digit >> 1])) goto err; + if (r_is_at_infinity) { + if (!EC_POINT_copy(r, val_sub[i][digit >> 1])) + goto err; r_is_at_infinity = 0; - } - else - { - if (!EC_POINT_add(group, r, r, val_sub[i][digit >> 1], ctx)) goto err; - } + } else { + if (!EC_POINT_add(group, r, r, val_sub[i][digit >> 1], ctx)) + goto err; } } } } + } - if (r_is_at_infinity) - { - if (!EC_POINT_set_to_infinity(group, r)) goto err; - } - else - { + if (r_is_at_infinity) { + if (!EC_POINT_set_to_infinity(group, r)) + goto err; + } else { if (r_is_inverted) - if (!EC_POINT_invert(group, r, ctx)) goto err; - } - + if (!EC_POINT_invert(group, r, ctx)) + goto err; + } + ret = 1; err: - if (new_ctx != NULL) - BN_CTX_free(new_ctx); - if (tmp != NULL) - EC_POINT_free(tmp); - if (wsize != NULL) - OPENSSL_free(wsize); - if (wNAF_len != NULL) - OPENSSL_free(wNAF_len); - if (wNAF != NULL) - { + BN_CTX_free(new_ctx); + EC_POINT_free(tmp); + free(wsize); + free(wNAF_len); + free(tmp_wNAF); + if (wNAF != NULL) { signed char **w; - + for (w = wNAF; *w != NULL; w++) - OPENSSL_free(*w); - - OPENSSL_free(wNAF); - } - if (val != NULL) - { - for (v = val; *v != NULL; v++) - EC_POINT_clear_free(*v); + free(*w); - OPENSSL_free(val); - } - if (val_sub != NULL) - { - OPENSSL_free(val_sub); - } - return ret; + free(wNAF); } - - -int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar, const EC_POINT *point, const BIGNUM *p_scalar, BN_CTX *ctx) - { - const EC_POINT *points[1]; - const BIGNUM *scalars[1]; - - points[0] = point; - scalars[0] = p_scalar; - - return EC_POINTs_mul(group, r, g_scalar, (point != NULL && p_scalar != NULL), points, scalars, ctx); + if (val != NULL) { + for (v = val; *v != NULL; v++) + EC_POINT_clear_free(*v); + free(val); } + free(val_sub); + return ret; +} -int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx) - { +/* ec_wNAF_precompute_mult() + * creates an EC_PRE_COMP object with preprecomputed multiples of the generator + * for use with wNAF splitting as implemented in ec_wNAF_mul(). + * + * 'pre_comp->points' is an array of multiples of the generator + * of the following form: + * points[0] = generator; + * points[1] = 3 * generator; + * ... + * points[2^(w-1)-1] = (2^(w-1)-1) * generator; + * points[2^(w-1)] = 2^blocksize * generator; + * points[2^(w-1)+1] = 3 * 2^blocksize * generator; + * ... + * points[2^(w-1)*(numblocks-1)-1] = (2^(w-1)) * 2^(blocksize*(numblocks-2)) * generator + * points[2^(w-1)*(numblocks-1)] = 2^(blocksize*(numblocks-1)) * generator + * ... + * points[2^(w-1)*numblocks-1] = (2^(w-1)) * 2^(blocksize*(numblocks-1)) * generator + * points[2^(w-1)*numblocks] = NULL + */ +int +ec_wNAF_precompute_mult(EC_GROUP * group, BN_CTX * ctx) +{ const EC_POINT *generator; + EC_POINT *tmp_point = NULL, *base = NULL, **var; BN_CTX *new_ctx = NULL; BIGNUM *order; + size_t i, bits, w, pre_points_per_block, blocksize, numblocks, + num; + EC_POINT **points = NULL; + EC_PRE_COMP *pre_comp; int ret = 0; - generator = EC_GROUP_get0_generator(group); - if (generator == NULL) - { - ECerr(EC_F_EC_GROUP_PRECOMPUTE_MULT, EC_R_UNDEFINED_GENERATOR); + /* if there is an old EC_PRE_COMP object, throw it away */ + EC_EX_DATA_free_data(&group->extra_data, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free); + + if ((pre_comp = ec_pre_comp_new(group)) == NULL) return 0; - } - if (ctx == NULL) - { + generator = EC_GROUP_get0_generator(group); + if (generator == NULL) { + ECerror(EC_R_UNDEFINED_GENERATOR); + goto err; + } + if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); if (ctx == NULL) - return 0; - } - + goto err; + } BN_CTX_start(ctx); - order = BN_CTX_get(ctx); - if (order == NULL) goto err; - - if (!EC_GROUP_get_order(group, order, ctx)) return 0; - if (BN_is_zero(order)) - { - ECerr(EC_F_EC_GROUP_PRECOMPUTE_MULT, EC_R_UNKNOWN_ORDER); + if ((order = BN_CTX_get(ctx)) == NULL) + goto err; + + if (!EC_GROUP_get_order(group, order, ctx)) + goto err; + if (BN_is_zero(order)) { + ECerror(EC_R_UNKNOWN_ORDER); + goto err; + } + bits = BN_num_bits(order); + /* + * The following parameters mean we precompute (approximately) one + * point per bit. + * + * TBD: The combination 8, 4 is perfect for 160 bits; for other bit + * lengths, other parameter combinations might provide better + * efficiency. + */ + blocksize = 8; + w = 4; + if (EC_window_bits_for_scalar_size(bits) > w) { + /* let's not make the window too small ... */ + w = EC_window_bits_for_scalar_size(bits); + } + numblocks = (bits + blocksize - 1) / blocksize; /* max. number of blocks + * to use for wNAF + * splitting */ + + pre_points_per_block = (size_t) 1 << (w - 1); + num = pre_points_per_block * numblocks; /* number of points to + * compute and store */ + + points = reallocarray(NULL, (num + 1), sizeof(EC_POINT *)); + if (!points) { + ECerror(ERR_R_MALLOC_FAILURE); + goto err; + } + var = points; + var[num] = NULL; /* pivot */ + for (i = 0; i < num; i++) { + if ((var[i] = EC_POINT_new(group)) == NULL) { + ECerror(ERR_R_MALLOC_FAILURE); + goto err; + } + } + + if (!(tmp_point = EC_POINT_new(group)) || !(base = EC_POINT_new(group))) { + ECerror(ERR_R_MALLOC_FAILURE); + goto err; + } + if (!EC_POINT_copy(base, generator)) goto err; + + /* do the precomputation */ + for (i = 0; i < numblocks; i++) { + size_t j; + + if (!EC_POINT_dbl(group, tmp_point, base, ctx)) + goto err; + + if (!EC_POINT_copy(*var++, base)) + goto err; + + for (j = 1; j < pre_points_per_block; j++, var++) { + /* calculate odd multiples of the current base point */ + if (!EC_POINT_add(group, *var, tmp_point, *(var - 1), ctx)) + goto err; } - /* TODO */ + if (i < numblocks - 1) { + /* + * get the next base (multiply current one by + * 2^blocksize) + */ + size_t k; + + if (blocksize <= 2) { + ECerror(ERR_R_INTERNAL_ERROR); + goto err; + } + if (!EC_POINT_dbl(group, base, tmp_point, ctx)) + goto err; + for (k = 2; k < blocksize; k++) { + if (!EC_POINT_dbl(group, base, base, ctx)) + goto err; + } + } + } + + if (!EC_POINTs_make_affine(group, num, points, ctx)) + goto err; + + pre_comp->group = group; + pre_comp->blocksize = blocksize; + pre_comp->numblocks = numblocks; + pre_comp->w = w; + pre_comp->points = points; + points = NULL; + pre_comp->num = num; + + if (!EC_EX_DATA_set_data(&group->extra_data, pre_comp, + ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free)) + goto err; + pre_comp = NULL; ret = 1; - err: - BN_CTX_end(ctx); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); - return ret; + if (ctx != NULL) + BN_CTX_end(ctx); + BN_CTX_free(new_ctx); + ec_pre_comp_free(pre_comp); + if (points) { + EC_POINT **p; + + for (p = points; *p != NULL; p++) + EC_POINT_free(*p); + free(points); } + EC_POINT_free(tmp_point); + EC_POINT_free(base); + return ret; +} + + +int +ec_wNAF_have_precompute_mult(const EC_GROUP * group) +{ + if (EC_EX_DATA_get_data(group->extra_data, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free) != NULL) + return 1; + else + return 0; +} diff --git a/src/lib/libcrypto/ec/ec_oct.c b/src/lib/libcrypto/ec/ec_oct.c new file mode 100644 index 00000000000..f44b174fd75 --- /dev/null +++ b/src/lib/libcrypto/ec/ec_oct.c @@ -0,0 +1,192 @@ +/* $OpenBSD: ec_oct.c,v 1.5 2017/01/29 17:49:23 beck Exp $ */ +/* + * Originally written by Bodo Moeller for the OpenSSL project. + */ +/* ==================================================================== + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * Binary polynomial ECC support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ + +#include + +#include + +#include +#include + +#include "ec_lcl.h" + +int +EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP * group, EC_POINT * point, + const BIGNUM * x, int y_bit, BN_CTX * ctx) +{ + if (group->meth->point_set_compressed_coordinates == 0 + && !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) { + ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } + if (group->meth != point->meth) { + ECerror(EC_R_INCOMPATIBLE_OBJECTS); + return 0; + } + if (group->meth->flags & EC_FLAGS_DEFAULT_OCT) { + if (group->meth->field_type == NID_X9_62_prime_field) + return ec_GFp_simple_set_compressed_coordinates( + group, point, x, y_bit, ctx); + else +#ifdef OPENSSL_NO_EC2M + { + ECerror(EC_R_GF2M_NOT_SUPPORTED); + return 0; + } +#else + return ec_GF2m_simple_set_compressed_coordinates( + group, point, x, y_bit, ctx); +#endif + } + return group->meth->point_set_compressed_coordinates(group, point, x, y_bit, ctx); +} + +#ifndef OPENSSL_NO_EC2M +int +EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP * group, EC_POINT * point, + const BIGNUM * x, int y_bit, BN_CTX * ctx) +{ + if (group->meth->point_set_compressed_coordinates == 0 + && !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) { + ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } + if (group->meth != point->meth) { + ECerror(EC_R_INCOMPATIBLE_OBJECTS); + return 0; + } + if (group->meth->flags & EC_FLAGS_DEFAULT_OCT) { + if (group->meth->field_type == NID_X9_62_prime_field) + return ec_GFp_simple_set_compressed_coordinates( + group, point, x, y_bit, ctx); + else + return ec_GF2m_simple_set_compressed_coordinates( + group, point, x, y_bit, ctx); + } + return group->meth->point_set_compressed_coordinates(group, point, x, y_bit, ctx); +} +#endif + +size_t +EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point, + point_conversion_form_t form, + unsigned char *buf, size_t len, BN_CTX *ctx) +{ + if (group->meth->point2oct == 0 + && !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) { + ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } + if (group->meth != point->meth) { + ECerror(EC_R_INCOMPATIBLE_OBJECTS); + return 0; + } + if (group->meth->flags & EC_FLAGS_DEFAULT_OCT) { + if (group->meth->field_type == NID_X9_62_prime_field) + return ec_GFp_simple_point2oct(group, point, + form, buf, len, ctx); + else +#ifdef OPENSSL_NO_EC2M + { + ECerror(EC_R_GF2M_NOT_SUPPORTED); + return 0; + } +#else + return ec_GF2m_simple_point2oct(group, point, + form, buf, len, ctx); +#endif + } + return group->meth->point2oct(group, point, form, buf, len, ctx); +} + + +int +EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *point, + const unsigned char *buf, size_t len, BN_CTX *ctx) +{ + if (group->meth->oct2point == 0 && + !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) { + ECerror(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } + if (group->meth != point->meth) { + ECerror(EC_R_INCOMPATIBLE_OBJECTS); + return 0; + } + if (group->meth->flags & EC_FLAGS_DEFAULT_OCT) { + if (group->meth->field_type == NID_X9_62_prime_field) + return ec_GFp_simple_oct2point(group, point, + buf, len, ctx); + else +#ifdef OPENSSL_NO_EC2M + { + ECerror(EC_R_GF2M_NOT_SUPPORTED); + return 0; + } +#else + return ec_GF2m_simple_oct2point(group, point, + buf, len, ctx); +#endif + } + return group->meth->oct2point(group, point, buf, len, ctx); +} diff --git a/src/lib/libcrypto/ec/ec_pmeth.c b/src/lib/libcrypto/ec/ec_pmeth.c new file mode 100644 index 00000000000..ca7cd7db89a --- /dev/null +++ b/src/lib/libcrypto/ec/ec_pmeth.c @@ -0,0 +1,322 @@ +/* $OpenBSD: ec_pmeth.c,v 1.10 2017/01/29 17:49:23 beck Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2006. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include + +#include +#include +#include +#include +#include +#include + +#include "evp_locl.h" + +/* EC pkey context structure */ + +typedef struct { + /* Key and paramgen group */ + EC_GROUP *gen_group; + /* message digest */ + const EVP_MD *md; +} EC_PKEY_CTX; + +static int +pkey_ec_init(EVP_PKEY_CTX * ctx) +{ + EC_PKEY_CTX *dctx; + dctx = malloc(sizeof(EC_PKEY_CTX)); + if (!dctx) + return 0; + dctx->gen_group = NULL; + dctx->md = NULL; + + ctx->data = dctx; + + return 1; +} + +static int +pkey_ec_copy(EVP_PKEY_CTX * dst, EVP_PKEY_CTX * src) +{ + EC_PKEY_CTX *dctx, *sctx; + if (!pkey_ec_init(dst)) + return 0; + sctx = src->data; + dctx = dst->data; + if (sctx->gen_group) { + dctx->gen_group = EC_GROUP_dup(sctx->gen_group); + if (!dctx->gen_group) + return 0; + } + dctx->md = sctx->md; + return 1; +} + +static void +pkey_ec_cleanup(EVP_PKEY_CTX * ctx) +{ + EC_PKEY_CTX *dctx = ctx->data; + if (dctx) { + EC_GROUP_free(dctx->gen_group); + free(dctx); + } +} + +static int +pkey_ec_sign(EVP_PKEY_CTX * ctx, unsigned char *sig, size_t * siglen, + const unsigned char *tbs, size_t tbslen) +{ + int ret, type; + unsigned int sltmp; + EC_PKEY_CTX *dctx = ctx->data; + EC_KEY *ec = ctx->pkey->pkey.ec; + + if (!sig) { + *siglen = ECDSA_size(ec); + return 1; + } else if (*siglen < (size_t) ECDSA_size(ec)) { + ECerror(EC_R_BUFFER_TOO_SMALL); + return 0; + } + if (dctx->md) + type = EVP_MD_type(dctx->md); + else + type = NID_sha1; + + ret = ECDSA_sign(type, tbs, tbslen, sig, &sltmp, ec); + + if (ret <= 0) + return ret; + *siglen = (size_t) sltmp; + return 1; +} + +static int +pkey_ec_verify(EVP_PKEY_CTX * ctx, + const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen) +{ + int ret, type; + EC_PKEY_CTX *dctx = ctx->data; + EC_KEY *ec = ctx->pkey->pkey.ec; + + if (dctx->md) + type = EVP_MD_type(dctx->md); + else + type = NID_sha1; + + ret = ECDSA_verify(type, tbs, tbslen, sig, siglen, ec); + + return ret; +} + +static int +pkey_ec_derive(EVP_PKEY_CTX * ctx, unsigned char *key, size_t * keylen) +{ + int ret; + size_t outlen; + const EC_POINT *pubkey = NULL; + if (!ctx->pkey || !ctx->peerkey) { + ECerror(EC_R_KEYS_NOT_SET); + return 0; + } + if (!key) { + const EC_GROUP *group; + group = EC_KEY_get0_group(ctx->pkey->pkey.ec); + *keylen = (EC_GROUP_get_degree(group) + 7) / 8; + return 1; + } + pubkey = EC_KEY_get0_public_key(ctx->peerkey->pkey.ec); + + /* + * NB: unlike PKCS#3 DH, if *outlen is less than maximum size this is + * not an error, the result is truncated. + */ + + outlen = *keylen; + + ret = ECDH_compute_key(key, outlen, pubkey, ctx->pkey->pkey.ec, 0); + if (ret < 0) + return ret; + *keylen = ret; + return 1; +} + +static int +pkey_ec_ctrl(EVP_PKEY_CTX * ctx, int type, int p1, void *p2) +{ + EC_PKEY_CTX *dctx = ctx->data; + EC_GROUP *group; + switch (type) { + case EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID: + group = EC_GROUP_new_by_curve_name(p1); + if (group == NULL) { + ECerror(EC_R_INVALID_CURVE); + return 0; + } + EC_GROUP_free(dctx->gen_group); + dctx->gen_group = group; + return 1; + + case EVP_PKEY_CTRL_MD: + if (EVP_MD_type((const EVP_MD *) p2) != NID_sha1 && + EVP_MD_type((const EVP_MD *) p2) != NID_ecdsa_with_SHA1 && + EVP_MD_type((const EVP_MD *) p2) != NID_sha224 && + EVP_MD_type((const EVP_MD *) p2) != NID_sha256 && + EVP_MD_type((const EVP_MD *) p2) != NID_sha384 && + EVP_MD_type((const EVP_MD *) p2) != NID_sha512) { + ECerror(EC_R_INVALID_DIGEST_TYPE); + return 0; + } + dctx->md = p2; + return 1; + + case EVP_PKEY_CTRL_PEER_KEY: + /* Default behaviour is OK */ + case EVP_PKEY_CTRL_DIGESTINIT: + case EVP_PKEY_CTRL_PKCS7_SIGN: + case EVP_PKEY_CTRL_CMS_SIGN: + return 1; + + default: + return -2; + + } +} + +static int +pkey_ec_ctrl_str(EVP_PKEY_CTX * ctx, + const char *type, const char *value) +{ + if (!strcmp(type, "ec_paramgen_curve")) { + int nid; + nid = EC_curve_nist2nid(value); + if (nid == NID_undef) + nid = OBJ_sn2nid(value); + if (nid == NID_undef) + nid = OBJ_ln2nid(value); + if (nid == NID_undef) { + ECerror(EC_R_INVALID_CURVE); + return 0; + } + return EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid); + } + return -2; +} + +static int +pkey_ec_paramgen(EVP_PKEY_CTX * ctx, EVP_PKEY * pkey) +{ + EC_KEY *ec = NULL; + EC_PKEY_CTX *dctx = ctx->data; + int ret = 0; + if (dctx->gen_group == NULL) { + ECerror(EC_R_NO_PARAMETERS_SET); + return 0; + } + ec = EC_KEY_new(); + if (!ec) + return 0; + ret = EC_KEY_set_group(ec, dctx->gen_group); + if (ret) + EVP_PKEY_assign_EC_KEY(pkey, ec); + else + EC_KEY_free(ec); + return ret; +} + +static int +pkey_ec_keygen(EVP_PKEY_CTX * ctx, EVP_PKEY * pkey) +{ + EC_KEY *ec = NULL; + if (ctx->pkey == NULL) { + ECerror(EC_R_NO_PARAMETERS_SET); + return 0; + } + ec = EC_KEY_new(); + if (!ec) + return 0; + EVP_PKEY_assign_EC_KEY(pkey, ec); + /* Note: if error return, pkey is freed by parent routine */ + if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey)) + return 0; + return EC_KEY_generate_key(pkey->pkey.ec); +} + +const EVP_PKEY_METHOD ec_pkey_meth = { + .pkey_id = EVP_PKEY_EC, + + .init = pkey_ec_init, + .copy = pkey_ec_copy, + .cleanup = pkey_ec_cleanup, + + .paramgen = pkey_ec_paramgen, + + .keygen = pkey_ec_keygen, + + .sign = pkey_ec_sign, + + .verify = pkey_ec_verify, + + .derive = pkey_ec_derive, + + .ctrl = pkey_ec_ctrl, + .ctrl_str = pkey_ec_ctrl_str +}; diff --git a/src/lib/libcrypto/ec/ec_print.c b/src/lib/libcrypto/ec/ec_print.c new file mode 100644 index 00000000000..af4d1996c0f --- /dev/null +++ b/src/lib/libcrypto/ec/ec_print.c @@ -0,0 +1,178 @@ +/* $OpenBSD: ec_print.c,v 1.7 2014/12/03 19:53:20 deraadt Exp $ */ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include "ec_lcl.h" + +BIGNUM * +EC_POINT_point2bn(const EC_GROUP * group, const EC_POINT * point, + point_conversion_form_t form, BIGNUM * ret, BN_CTX * ctx) +{ + size_t buf_len = 0; + unsigned char *buf; + + buf_len = EC_POINT_point2oct(group, point, form, + NULL, 0, ctx); + if (buf_len == 0) + return NULL; + + if ((buf = malloc(buf_len)) == NULL) + return NULL; + + if (!EC_POINT_point2oct(group, point, form, buf, buf_len, ctx)) { + free(buf); + return NULL; + } + ret = BN_bin2bn(buf, buf_len, ret); + + free(buf); + + return ret; +} + +EC_POINT * +EC_POINT_bn2point(const EC_GROUP * group, + const BIGNUM * bn, EC_POINT * point, BN_CTX * ctx) +{ + size_t buf_len = 0; + unsigned char *buf; + EC_POINT *ret; + + if ((buf_len = BN_num_bytes(bn)) == 0) + return NULL; + buf = malloc(buf_len); + if (buf == NULL) + return NULL; + + if (!BN_bn2bin(bn, buf)) { + free(buf); + return NULL; + } + if (point == NULL) { + if ((ret = EC_POINT_new(group)) == NULL) { + free(buf); + return NULL; + } + } else + ret = point; + + if (!EC_POINT_oct2point(group, ret, buf, buf_len, ctx)) { + if (point == NULL) + EC_POINT_clear_free(ret); + free(buf); + return NULL; + } + free(buf); + return ret; +} + +static const char *HEX_DIGITS = "0123456789ABCDEF"; + +/* the return value must be freed (using free()) */ +char * +EC_POINT_point2hex(const EC_GROUP * group, const EC_POINT * point, + point_conversion_form_t form, BN_CTX * ctx) +{ + char *ret, *p; + size_t buf_len = 0, i; + unsigned char *buf, *pbuf; + + buf_len = EC_POINT_point2oct(group, point, form, + NULL, 0, ctx); + if (buf_len == 0 || buf_len + 1 == 0) + return NULL; + + if ((buf = malloc(buf_len)) == NULL) + return NULL; + + if (!EC_POINT_point2oct(group, point, form, buf, buf_len, ctx)) { + free(buf); + return NULL; + } + ret = reallocarray(NULL, buf_len + 1, 2); + if (ret == NULL) { + free(buf); + return NULL; + } + p = ret; + pbuf = buf; + for (i = buf_len; i > 0; i--) { + int v = (int) *(pbuf++); + *(p++) = HEX_DIGITS[v >> 4]; + *(p++) = HEX_DIGITS[v & 0x0F]; + } + *p = '\0'; + + free(buf); + + return ret; +} + +EC_POINT * +EC_POINT_hex2point(const EC_GROUP * group, const char *buf, + EC_POINT * point, BN_CTX * ctx) +{ + EC_POINT *ret = NULL; + BIGNUM *tmp_bn = NULL; + + if (!BN_hex2bn(&tmp_bn, buf)) + return NULL; + + ret = EC_POINT_bn2point(group, tmp_bn, point, ctx); + + BN_clear_free(tmp_bn); + + return ret; +} diff --git a/src/lib/libcrypto/ec/eck_prn.c b/src/lib/libcrypto/ec/eck_prn.c new file mode 100644 index 00000000000..be57d875e39 --- /dev/null +++ b/src/lib/libcrypto/ec/eck_prn.c @@ -0,0 +1,371 @@ +/* $OpenBSD: eck_prn.c,v 1.15 2018/07/15 16:27:39 tb Exp $ */ +/* + * Written by Nils Larsch for the OpenSSL project. + */ +/* ==================================================================== + * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * Portions originally developed by SUN MICROSYSTEMS, INC., and + * contributed to the OpenSSL project. + */ + +#include +#include + +#include + +#include +#include +#include +#include + +int +ECPKParameters_print_fp(FILE * fp, const EC_GROUP * x, int off) +{ + BIO *b; + int ret; + + if ((b = BIO_new(BIO_s_file())) == NULL) { + ECerror(ERR_R_BUF_LIB); + return (0); + } + BIO_set_fp(b, fp, BIO_NOCLOSE); + ret = ECPKParameters_print(b, x, off); + BIO_free(b); + return (ret); +} + +int +EC_KEY_print_fp(FILE * fp, const EC_KEY * x, int off) +{ + BIO *b; + int ret; + + if ((b = BIO_new(BIO_s_file())) == NULL) { + ECerror(ERR_R_BIO_LIB); + return (0); + } + BIO_set_fp(b, fp, BIO_NOCLOSE); + ret = EC_KEY_print(b, x, off); + BIO_free(b); + return (ret); +} + +int +ECParameters_print_fp(FILE * fp, const EC_KEY * x) +{ + BIO *b; + int ret; + + if ((b = BIO_new(BIO_s_file())) == NULL) { + ECerror(ERR_R_BIO_LIB); + return (0); + } + BIO_set_fp(b, fp, BIO_NOCLOSE); + ret = ECParameters_print(b, x); + BIO_free(b); + return (ret); +} + +int +EC_KEY_print(BIO * bp, const EC_KEY * x, int off) +{ + EVP_PKEY *pk; + int ret; + pk = EVP_PKEY_new(); + if (!pk || !EVP_PKEY_set1_EC_KEY(pk, (EC_KEY *) x)) + return 0; + ret = EVP_PKEY_print_private(bp, pk, off, NULL); + EVP_PKEY_free(pk); + return ret; +} + +int +ECParameters_print(BIO * bp, const EC_KEY * x) +{ + EVP_PKEY *pk; + int ret; + pk = EVP_PKEY_new(); + if (!pk || !EVP_PKEY_set1_EC_KEY(pk, (EC_KEY *) x)) + return 0; + ret = EVP_PKEY_print_params(bp, pk, 4, NULL); + EVP_PKEY_free(pk); + return ret; +} + +static int +print_bin(BIO * fp, const char *str, const unsigned char *num, + size_t len, int off); + +int +ECPKParameters_print(BIO * bp, const EC_GROUP * x, int off) +{ + unsigned char *buffer = NULL; + size_t buf_len = 0, i; + int ret = 0, reason = ERR_R_BIO_LIB; + BN_CTX *ctx = NULL; + const EC_POINT *point = NULL; + BIGNUM *p = NULL, *a = NULL, *b = NULL, *gen = NULL, *order = NULL, + *cofactor = NULL; + const unsigned char *seed; + size_t seed_len = 0; + const char *nname; + + static const char *gen_compressed = "Generator (compressed):"; + static const char *gen_uncompressed = "Generator (uncompressed):"; + static const char *gen_hybrid = "Generator (hybrid):"; + + if (!x) { + reason = ERR_R_PASSED_NULL_PARAMETER; + goto err; + } + ctx = BN_CTX_new(); + if (ctx == NULL) { + reason = ERR_R_MALLOC_FAILURE; + goto err; + } + if (EC_GROUP_get_asn1_flag(x)) { + /* the curve parameter are given by an asn1 OID */ + int nid; + + if (!BIO_indent(bp, off, 128)) + goto err; + + nid = EC_GROUP_get_curve_name(x); + if (nid == 0) + goto err; + + if (BIO_printf(bp, "ASN1 OID: %s", OBJ_nid2sn(nid)) <= 0) + goto err; + if (BIO_printf(bp, "\n") <= 0) + goto err; + + nname = EC_curve_nid2nist(nid); + if (nname) { + if (!BIO_indent(bp, off, 128)) + goto err; + if (BIO_printf(bp, "NIST CURVE: %s\n", nname) <= 0) + goto err; + } + } else { + /* explicit parameters */ + int is_char_two = 0; + point_conversion_form_t form; + int tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(x)); + + if (tmp_nid == NID_X9_62_characteristic_two_field) + is_char_two = 1; + + if ((p = BN_new()) == NULL || (a = BN_new()) == NULL || + (b = BN_new()) == NULL || (order = BN_new()) == NULL || + (cofactor = BN_new()) == NULL) { + reason = ERR_R_MALLOC_FAILURE; + goto err; + } +#ifndef OPENSSL_NO_EC2M + if (is_char_two) { + if (!EC_GROUP_get_curve_GF2m(x, p, a, b, ctx)) { + reason = ERR_R_EC_LIB; + goto err; + } + } else /* prime field */ +#endif + { + if (!EC_GROUP_get_curve_GFp(x, p, a, b, ctx)) { + reason = ERR_R_EC_LIB; + goto err; + } + } + + if ((point = EC_GROUP_get0_generator(x)) == NULL) { + reason = ERR_R_EC_LIB; + goto err; + } + if (!EC_GROUP_get_order(x, order, NULL) || + !EC_GROUP_get_cofactor(x, cofactor, NULL)) { + reason = ERR_R_EC_LIB; + goto err; + } + form = EC_GROUP_get_point_conversion_form(x); + + if ((gen = EC_POINT_point2bn(x, point, + form, NULL, ctx)) == NULL) { + reason = ERR_R_EC_LIB; + goto err; + } + buf_len = (size_t) BN_num_bytes(p); + if (buf_len < (i = (size_t) BN_num_bytes(a))) + buf_len = i; + if (buf_len < (i = (size_t) BN_num_bytes(b))) + buf_len = i; + if (buf_len < (i = (size_t) BN_num_bytes(gen))) + buf_len = i; + if (buf_len < (i = (size_t) BN_num_bytes(order))) + buf_len = i; + if (buf_len < (i = (size_t) BN_num_bytes(cofactor))) + buf_len = i; + + if ((seed = EC_GROUP_get0_seed(x)) != NULL) + seed_len = EC_GROUP_get_seed_len(x); + + buf_len += 10; + if ((buffer = malloc(buf_len)) == NULL) { + reason = ERR_R_MALLOC_FAILURE; + goto err; + } + if (!BIO_indent(bp, off, 128)) + goto err; + + /* print the 'short name' of the field type */ + if (BIO_printf(bp, "Field Type: %s\n", OBJ_nid2sn(tmp_nid)) + <= 0) + goto err; + + if (is_char_two) { + /* print the 'short name' of the base type OID */ + int basis_type = EC_GROUP_get_basis_type(x); + if (basis_type == 0) + goto err; + + if (!BIO_indent(bp, off, 128)) + goto err; + + if (BIO_printf(bp, "Basis Type: %s\n", + OBJ_nid2sn(basis_type)) <= 0) + goto err; + + /* print the polynomial */ + if ((p != NULL) && !ASN1_bn_print(bp, "Polynomial:", p, buffer, + off)) + goto err; + } else { + if ((p != NULL) && !ASN1_bn_print(bp, "Prime:", p, buffer, off)) + goto err; + } + if ((a != NULL) && !ASN1_bn_print(bp, "A: ", a, buffer, off)) + goto err; + if ((b != NULL) && !ASN1_bn_print(bp, "B: ", b, buffer, off)) + goto err; + if (form == POINT_CONVERSION_COMPRESSED) { + if ((gen != NULL) && !ASN1_bn_print(bp, gen_compressed, gen, + buffer, off)) + goto err; + } else if (form == POINT_CONVERSION_UNCOMPRESSED) { + if ((gen != NULL) && !ASN1_bn_print(bp, gen_uncompressed, gen, + buffer, off)) + goto err; + } else { /* form == POINT_CONVERSION_HYBRID */ + if ((gen != NULL) && !ASN1_bn_print(bp, gen_hybrid, gen, + buffer, off)) + goto err; + } + if ((order != NULL) && !ASN1_bn_print(bp, "Order: ", order, + buffer, off)) + goto err; + if ((cofactor != NULL) && !ASN1_bn_print(bp, "Cofactor: ", cofactor, + buffer, off)) + goto err; + if (seed && !print_bin(bp, "Seed:", seed, seed_len, off)) + goto err; + } + ret = 1; + err: + if (!ret) + ECerror(reason); + BN_free(p); + BN_free(a); + BN_free(b); + BN_free(gen); + BN_free(order); + BN_free(cofactor); + BN_CTX_free(ctx); + free(buffer); + return (ret); +} + +static int +print_bin(BIO * fp, const char *name, const unsigned char *buf, + size_t len, int off) +{ + size_t i; + char str[128]; + + if (buf == NULL) + return 1; + if (off) { + if (off > 128) + off = 128; + memset(str, ' ', off); + if (BIO_write(fp, str, off) <= 0) + return 0; + } + if (BIO_printf(fp, "%s", name) <= 0) + return 0; + + for (i = 0; i < len; i++) { + if ((i % 15) == 0) { + str[0] = '\n'; + memset(&(str[1]), ' ', off + 4); + if (BIO_write(fp, str, off + 1 + 4) <= 0) + return 0; + } + if (BIO_printf(fp, "%02x%s", buf[i], ((i + 1) == len) ? "" : ":") <= 0) + return 0; + } + if (BIO_write(fp, "\n", 1) <= 0) + return 0; + + return 1; +} diff --git a/src/lib/libcrypto/ec/ecp_mont.c b/src/lib/libcrypto/ec/ecp_mont.c index 7b30d4c38a7..f4dff9aa463 100644 --- a/src/lib/libcrypto/ec/ecp_mont.c +++ b/src/lib/libcrypto/ec/ecp_mont.c @@ -1,4 +1,7 @@ -/* crypto/ec/ecp_mont.c */ +/* $OpenBSD: ecp_mont.c,v 1.17 2018/11/05 20:18:21 tb Exp $ */ +/* + * Originally written by Bodo Moeller for the OpenSSL project. + */ /* ==================================================================== * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. * @@ -7,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -52,253 +55,244 @@ * Hudson (tjh@cryptsoft.com). * */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * Portions of this software developed by SUN MICROSYSTEMS, INC., + * and contributed to the OpenSSL project. + */ #include #include "ec_lcl.h" -const EC_METHOD *EC_GFp_mont_method(void) - { +const EC_METHOD * +EC_GFp_mont_method(void) +{ static const EC_METHOD ret = { - ec_GFp_mont_group_init, - ec_GFp_mont_group_finish, - ec_GFp_mont_group_clear_finish, - ec_GFp_mont_group_copy, - ec_GFp_mont_group_set_curve_GFp, - ec_GFp_simple_group_get_curve_GFp, - ec_GFp_simple_group_set_generator, - ec_GFp_simple_group_get0_generator, - ec_GFp_simple_group_get_order, - ec_GFp_simple_group_get_cofactor, - ec_GFp_simple_point_init, - ec_GFp_simple_point_finish, - ec_GFp_simple_point_clear_finish, - ec_GFp_simple_point_copy, - ec_GFp_simple_point_set_to_infinity, + .flags = EC_FLAGS_DEFAULT_OCT, + .field_type = NID_X9_62_prime_field, + .group_init = ec_GFp_mont_group_init, + .group_finish = ec_GFp_mont_group_finish, + .group_clear_finish = ec_GFp_mont_group_clear_finish, + .group_copy = ec_GFp_mont_group_copy, + .group_set_curve = ec_GFp_mont_group_set_curve, + .group_get_curve = ec_GFp_simple_group_get_curve, + .group_get_degree = ec_GFp_simple_group_get_degree, + .group_check_discriminant = + ec_GFp_simple_group_check_discriminant, + .point_init = ec_GFp_simple_point_init, + .point_finish = ec_GFp_simple_point_finish, + .point_clear_finish = ec_GFp_simple_point_clear_finish, + .point_copy = ec_GFp_simple_point_copy, + .point_set_to_infinity = ec_GFp_simple_point_set_to_infinity, + .point_set_Jprojective_coordinates_GFp = ec_GFp_simple_set_Jprojective_coordinates_GFp, + .point_get_Jprojective_coordinates_GFp = ec_GFp_simple_get_Jprojective_coordinates_GFp, - ec_GFp_simple_point_set_affine_coordinates_GFp, - ec_GFp_simple_point_get_affine_coordinates_GFp, - ec_GFp_simple_set_compressed_coordinates_GFp, - ec_GFp_simple_point2oct, - ec_GFp_simple_oct2point, - ec_GFp_simple_add, - ec_GFp_simple_dbl, - ec_GFp_simple_invert, - ec_GFp_simple_is_at_infinity, - ec_GFp_simple_is_on_curve, - ec_GFp_simple_cmp, - ec_GFp_simple_make_affine, - ec_GFp_simple_points_make_affine, - ec_GFp_mont_field_mul, - ec_GFp_mont_field_sqr, - ec_GFp_mont_field_encode, - ec_GFp_mont_field_decode, - ec_GFp_mont_field_set_to_one }; + .point_set_affine_coordinates = + ec_GFp_simple_point_set_affine_coordinates, + .point_get_affine_coordinates = + ec_GFp_simple_point_get_affine_coordinates, + .add = ec_GFp_simple_add, + .dbl = ec_GFp_simple_dbl, + .invert = ec_GFp_simple_invert, + .is_at_infinity = ec_GFp_simple_is_at_infinity, + .is_on_curve = ec_GFp_simple_is_on_curve, + .point_cmp = ec_GFp_simple_cmp, + .make_affine = ec_GFp_simple_make_affine, + .points_make_affine = ec_GFp_simple_points_make_affine, + .mul_generator_ct = ec_GFp_simple_mul_generator_ct, + .mul_single_ct = ec_GFp_simple_mul_single_ct, + .mul_double_nonct = ec_GFp_simple_mul_double_nonct, + .field_mul = ec_GFp_mont_field_mul, + .field_sqr = ec_GFp_mont_field_sqr, + .field_encode = ec_GFp_mont_field_encode, + .field_decode = ec_GFp_mont_field_decode, + .field_set_to_one = ec_GFp_mont_field_set_to_one, + .blind_coordinates = ec_GFp_simple_blind_coordinates, + }; return &ret; - } +} -int ec_GFp_mont_group_init(EC_GROUP *group) - { +int +ec_GFp_mont_group_init(EC_GROUP * group) +{ int ok; ok = ec_GFp_simple_group_init(group); group->field_data1 = NULL; group->field_data2 = NULL; return ok; +} + + +void +ec_GFp_mont_group_finish(EC_GROUP * group) +{ + BN_MONT_CTX_free(group->field_data1); + group->field_data1 = NULL; + BN_free(group->field_data2); + group->field_data2 = NULL; + ec_GFp_simple_group_finish(group); +} + + +void +ec_GFp_mont_group_clear_finish(EC_GROUP * group) +{ + BN_MONT_CTX_free(group->field_data1); + group->field_data1 = NULL; + BN_clear_free(group->field_data2); + group->field_data2 = NULL; + ec_GFp_simple_group_clear_finish(group); +} + + +int +ec_GFp_mont_group_copy(EC_GROUP * dest, const EC_GROUP * src) +{ + BN_MONT_CTX_free(dest->field_data1); + dest->field_data1 = NULL; + BN_clear_free(dest->field_data2); + dest->field_data2 = NULL; + + if (!ec_GFp_simple_group_copy(dest, src)) + return 0; + + if (src->field_data1 != NULL) { + dest->field_data1 = BN_MONT_CTX_new(); + if (dest->field_data1 == NULL) + return 0; + if (!BN_MONT_CTX_copy(dest->field_data1, src->field_data1)) + goto err; } + if (src->field_data2 != NULL) { + dest->field_data2 = BN_dup(src->field_data2); + if (dest->field_data2 == NULL) + goto err; + } + return 1; + err: + if (dest->field_data1 != NULL) { + BN_MONT_CTX_free(dest->field_data1); + dest->field_data1 = NULL; + } + return 0; +} -int ec_GFp_mont_group_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) - { + +int +ec_GFp_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx) +{ BN_CTX *new_ctx = NULL; BN_MONT_CTX *mont = NULL; BIGNUM *one = NULL; int ret = 0; - if (group->field_data1 != NULL) - { - BN_MONT_CTX_free(group->field_data1); - group->field_data1 = NULL; - } - if (group->field_data2 != NULL) - { - BN_free(group->field_data2); - group->field_data2 = NULL; - } - - if (ctx == NULL) - { + BN_MONT_CTX_free(group->field_data1); + group->field_data1 = NULL; + BN_free(group->field_data2); + group->field_data2 = NULL; + if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); if (ctx == NULL) return 0; - } - + } mont = BN_MONT_CTX_new(); - if (mont == NULL) goto err; - if (!BN_MONT_CTX_set(mont, p, ctx)) - { - ECerr(EC_F_GFP_MONT_GROUP_SET_CURVE_GFP, ERR_R_BN_LIB); + if (mont == NULL) + goto err; + if (!BN_MONT_CTX_set(mont, p, ctx)) { + ECerror(ERR_R_BN_LIB); goto err; - } + } one = BN_new(); - if (one == NULL) goto err; - if (!BN_to_montgomery(one, BN_value_one(), mont, ctx)) goto err; + if (one == NULL) + goto err; + if (!BN_to_montgomery(one, BN_value_one(), mont, ctx)) + goto err; group->field_data1 = mont; mont = NULL; group->field_data2 = one; one = NULL; - ret = ec_GFp_simple_group_set_curve_GFp(group, p, a, b, ctx); + ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx); - if (!ret) - { + if (!ret) { BN_MONT_CTX_free(group->field_data1); group->field_data1 = NULL; BN_free(group->field_data2); group->field_data2 = NULL; - } - + } err: - if (new_ctx != NULL) - BN_CTX_free(new_ctx); - if (mont != NULL) - BN_MONT_CTX_free(mont); + BN_CTX_free(new_ctx); + BN_MONT_CTX_free(mont); + BN_free(one); return ret; - } - - -void ec_GFp_mont_group_finish(EC_GROUP *group) - { - if (group->field_data1 != NULL) - { - BN_MONT_CTX_free(group->field_data1); - group->field_data1 = NULL; - } - if (group->field_data2 != NULL) - { - BN_free(group->field_data2); - group->field_data2 = NULL; - } - ec_GFp_simple_group_finish(group); - } - - -void ec_GFp_mont_group_clear_finish(EC_GROUP *group) - { - if (group->field_data1 != NULL) - { - BN_MONT_CTX_free(group->field_data1); - group->field_data1 = NULL; - } - if (group->field_data2 != NULL) - { - BN_clear_free(group->field_data2); - group->field_data2 = NULL; - } - ec_GFp_simple_group_clear_finish(group); - } +} -int ec_GFp_mont_group_copy(EC_GROUP *dest, const EC_GROUP *src) - { - if (dest->field_data1 != NULL) - { - BN_MONT_CTX_free(dest->field_data1); - dest->field_data1 = NULL; - } - if (dest->field_data2 != NULL) - { - BN_clear_free(dest->field_data2); - dest->field_data2 = NULL; - } - - if (!ec_GFp_simple_group_copy(dest, src)) return 0; - - if (src->field_data1 != NULL) - { - dest->field_data1 = BN_MONT_CTX_new(); - if (dest->field_data1 == NULL) return 0; - if (!BN_MONT_CTX_copy(dest->field_data1, src->field_data1)) goto err; - } - if (src->field_data2 != NULL) - { - dest->field_data2 = BN_dup(src->field_data2); - if (dest->field_data2 == NULL) goto err; - } - - return 1; - - err: - if (dest->field_data1 != NULL) - { - BN_MONT_CTX_free(dest->field_data1); - dest->field_data1 = NULL; - } - return 0; +int +ec_GFp_mont_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx) +{ + if (group->field_data1 == NULL) { + ECerror(EC_R_NOT_INITIALIZED); + return 0; } + return BN_mod_mul_montgomery(r, a, b, group->field_data1, ctx); +} -int ec_GFp_mont_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) - { - if (group->field_data1 == NULL) - { - ECerr(EC_F_EC_GFP_MONT_FIELD_MUL, EC_R_NOT_INITIALIZED); +int +ec_GFp_mont_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, + BN_CTX *ctx) +{ + if (group->field_data1 == NULL) { + ECerror(EC_R_NOT_INITIALIZED); return 0; - } - - return BN_mod_mul_montgomery(r, a, b, group->field_data1, ctx); } + return BN_mod_mul_montgomery(r, a, a, group->field_data1, ctx); +} -int ec_GFp_mont_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) - { - if (group->field_data1 == NULL) - { - ECerr(EC_F_EC_GFP_MONT_FIELD_SQR, EC_R_NOT_INITIALIZED); +int +ec_GFp_mont_field_encode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, + BN_CTX *ctx) +{ + if (group->field_data1 == NULL) { + ECerror(EC_R_NOT_INITIALIZED); return 0; - } - - return BN_mod_mul_montgomery(r, a, a, group->field_data1, ctx); } + return BN_to_montgomery(r, a, (BN_MONT_CTX *) group->field_data1, ctx); +} -int ec_GFp_mont_field_encode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) - { - if (group->field_data1 == NULL) - { - ECerr(EC_F_EC_GFP_MONT_FIELD_ENCODE, EC_R_NOT_INITIALIZED); +int +ec_GFp_mont_field_decode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, + BN_CTX *ctx) +{ + if (group->field_data1 == NULL) { + ECerror(EC_R_NOT_INITIALIZED); return 0; - } - - return BN_to_montgomery(r, a, (BN_MONT_CTX *)group->field_data1, ctx); } + return BN_from_montgomery(r, a, group->field_data1, ctx); +} -int ec_GFp_mont_field_decode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) - { - if (group->field_data1 == NULL) - { - ECerr(EC_F_EC_GFP_MONT_FIELD_DECODE, EC_R_NOT_INITIALIZED); +int +ec_GFp_mont_field_set_to_one(const EC_GROUP *group, BIGNUM *r, BN_CTX *ctx) +{ + if (group->field_data2 == NULL) { + ECerror(EC_R_NOT_INITIALIZED); return 0; - } - - return BN_from_montgomery(r, a, group->field_data1, ctx); } - - -int ec_GFp_mont_field_set_to_one(const EC_GROUP *group, BIGNUM *r, BN_CTX *ctx) - { - if (group->field_data2 == NULL) - { - ECerr(EC_F_EC_GFP_MONT_FIELD_DECODE, EC_R_NOT_INITIALIZED); + if (!BN_copy(r, group->field_data2)) return 0; - } - - if (!BN_copy(r, group->field_data2)) return 0; return 1; - } +} diff --git a/src/lib/libcrypto/ec/ecp_nist.c b/src/lib/libcrypto/ec/ecp_nist.c index ed077486754..073c0419cf2 100644 --- a/src/lib/libcrypto/ec/ecp_nist.c +++ b/src/lib/libcrypto/ec/ecp_nist.c @@ -1,13 +1,16 @@ -/* crypto/ec/ecp_nist.c */ +/* $OpenBSD: ecp_nist.c,v 1.15 2018/11/05 20:18:21 tb Exp $ */ +/* + * Written by Nils Larsch for the OpenSSL project. + */ /* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -52,83 +55,162 @@ * Hudson (tjh@cryptsoft.com). * */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * Portions of this software developed by SUN MICROSYSTEMS, INC., + * and contributed to the OpenSSL project. + */ +#include + +#include +#include #include "ec_lcl.h" -#if 0 -const EC_METHOD *EC_GFp_nist_method(void) - { +const EC_METHOD * +EC_GFp_nist_method(void) +{ static const EC_METHOD ret = { - ec_GFp_nist_group_init, - ec_GFp_nist_group_finish, - ec_GFp_nist_group_clear_finish, - ec_GFp_nist_group_copy, - ec_GFp_nist_group_set_curve_GFp, - ec_GFp_simple_group_get_curve_GFp, - ec_GFp_simple_group_set_generator, - ec_GFp_simple_group_get0_generator, - ec_GFp_simple_group_get_order, - ec_GFp_simple_group_get_cofactor, - ec_GFp_simple_point_init, - ec_GFp_simple_point_finish, - ec_GFp_simple_point_clear_finish, - ec_GFp_simple_point_copy, - ec_GFp_simple_point_set_to_infinity, + .flags = EC_FLAGS_DEFAULT_OCT, + .field_type = NID_X9_62_prime_field, + .group_init = ec_GFp_simple_group_init, + .group_finish = ec_GFp_simple_group_finish, + .group_clear_finish = ec_GFp_simple_group_clear_finish, + .group_copy = ec_GFp_nist_group_copy, + .group_set_curve = ec_GFp_nist_group_set_curve, + .group_get_curve = ec_GFp_simple_group_get_curve, + .group_get_degree = ec_GFp_simple_group_get_degree, + .group_check_discriminant = + ec_GFp_simple_group_check_discriminant, + .point_init = ec_GFp_simple_point_init, + .point_finish = ec_GFp_simple_point_finish, + .point_clear_finish = ec_GFp_simple_point_clear_finish, + .point_copy = ec_GFp_simple_point_copy, + .point_set_to_infinity = ec_GFp_simple_point_set_to_infinity, + .point_set_Jprojective_coordinates_GFp = ec_GFp_simple_set_Jprojective_coordinates_GFp, + .point_get_Jprojective_coordinates_GFp = ec_GFp_simple_get_Jprojective_coordinates_GFp, - ec_GFp_simple_point_set_affine_coordinates_GFp, - ec_GFp_simple_point_get_affine_coordinates_GFp, - ec_GFp_simple_set_compressed_coordinates_GFp, - ec_GFp_simple_point2oct, - ec_GFp_simple_oct2point, - ec_GFp_simple_add, - ec_GFp_simple_dbl, - ec_GFp_simple_invert, - ec_GFp_simple_is_at_infinity, - ec_GFp_simple_is_on_curve, - ec_GFp_simple_cmp, - ec_GFp_simple_make_affine, - ec_GFp_simple_points_make_affine, - ec_GFp_nist_field_mul, - ec_GFp_nist_field_sqr, - 0 /* field_encode */, - 0 /* field_decode */, - 0 /* field_set_to_one */ }; + .point_set_affine_coordinates = + ec_GFp_simple_point_set_affine_coordinates, + .point_get_affine_coordinates = + ec_GFp_simple_point_get_affine_coordinates, + .add = ec_GFp_simple_add, + .dbl = ec_GFp_simple_dbl, + .invert = ec_GFp_simple_invert, + .is_at_infinity = ec_GFp_simple_is_at_infinity, + .is_on_curve = ec_GFp_simple_is_on_curve, + .point_cmp = ec_GFp_simple_cmp, + .make_affine = ec_GFp_simple_make_affine, + .points_make_affine = ec_GFp_simple_points_make_affine, + .mul_generator_ct = ec_GFp_simple_mul_generator_ct, + .mul_single_ct = ec_GFp_simple_mul_single_ct, + .mul_double_nonct = ec_GFp_simple_mul_double_nonct, + .field_mul = ec_GFp_nist_field_mul, + .field_sqr = ec_GFp_nist_field_sqr, + .blind_coordinates = ec_GFp_simple_blind_coordinates, + }; return &ret; +} + +int +ec_GFp_nist_group_copy(EC_GROUP * dest, const EC_GROUP * src) +{ + dest->field_mod_func = src->field_mod_func; + + return ec_GFp_simple_group_copy(dest, src); +} + +int +ec_GFp_nist_group_set_curve(EC_GROUP *group, const BIGNUM *p, + const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) +{ + int ret = 0; + BN_CTX *new_ctx = NULL; + BIGNUM *tmp_bn; + + if (ctx == NULL) + if ((ctx = new_ctx = BN_CTX_new()) == NULL) + return 0; + + BN_CTX_start(ctx); + if ((tmp_bn = BN_CTX_get(ctx)) == NULL) + goto err; + + if (BN_ucmp(BN_get0_nist_prime_192(), p) == 0) + group->field_mod_func = BN_nist_mod_192; + else if (BN_ucmp(BN_get0_nist_prime_224(), p) == 0) + group->field_mod_func = BN_nist_mod_224; + else if (BN_ucmp(BN_get0_nist_prime_256(), p) == 0) + group->field_mod_func = BN_nist_mod_256; + else if (BN_ucmp(BN_get0_nist_prime_384(), p) == 0) + group->field_mod_func = BN_nist_mod_384; + else if (BN_ucmp(BN_get0_nist_prime_521(), p) == 0) + group->field_mod_func = BN_nist_mod_521; + else { + ECerror(EC_R_NOT_A_NIST_PRIME); + goto err; } -#endif - - -int ec_GFp_nist_group_init(EC_GROUP *group) - { - int ok; - - ok = ec_GFp_simple_group_init(group); - group->field_data1 = NULL; - return ok; - } - -int ec_GFp_nist_group_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); -/* TODO */ + ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx); + err: + BN_CTX_end(ctx); + BN_CTX_free(new_ctx); + return ret; +} -void ec_GFp_nist_group_finish(EC_GROUP *group); -/* TODO */ +int +ec_GFp_nist_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, + const BIGNUM *b, BN_CTX *ctx) +{ + int ret = 0; + BN_CTX *ctx_new = NULL; -void ec_GFp_nist_group_clear_finish(EC_GROUP *group); -/* TODO */ - - -int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src); -/* TODO */ - - -int ec_GFp_nist_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); -/* TODO */ - - -int ec_GFp_nist_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx); -/* TODO */ + if (!group || !r || !a || !b) { + ECerror(ERR_R_PASSED_NULL_PARAMETER); + goto err; + } + if (!ctx) + if ((ctx_new = ctx = BN_CTX_new()) == NULL) + goto err; + + if (!BN_mul(r, a, b, ctx)) + goto err; + if (!group->field_mod_func(r, r, &group->field, ctx)) + goto err; + + ret = 1; + err: + BN_CTX_free(ctx_new); + return ret; +} + + +int +ec_GFp_nist_field_sqr(const EC_GROUP * group, BIGNUM * r, const BIGNUM * a, + BN_CTX * ctx) +{ + int ret = 0; + BN_CTX *ctx_new = NULL; + + if (!group || !r || !a) { + ECerror(EC_R_PASSED_NULL_PARAMETER); + goto err; + } + if (!ctx) + if ((ctx_new = ctx = BN_CTX_new()) == NULL) + goto err; + + if (!BN_sqr(r, a, ctx)) + goto err; + if (!group->field_mod_func(r, r, &group->field, ctx)) + goto err; + + ret = 1; + err: + BN_CTX_free(ctx_new); + return ret; +} diff --git a/src/lib/libcrypto/ec/ecp_nistp224.c b/src/lib/libcrypto/ec/ecp_nistp224.c new file mode 100644 index 00000000000..21b431a0976 --- /dev/null +++ b/src/lib/libcrypto/ec/ecp_nistp224.c @@ -0,0 +1,1689 @@ +/* $OpenBSD: ecp_nistp224.c,v 1.23 2018/11/05 20:18:21 tb Exp $ */ +/* + * Written by Emilia Kasper (Google) for the OpenSSL project. + */ +/* + * Copyright (c) 2011 Google Inc. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * A 64-bit implementation of the NIST P-224 elliptic curve point multiplication + * + * Inspired by Daniel J. Bernstein's public domain nistp224 implementation + * and Adam Langley's public domain 64-bit C implementation of curve25519 + */ + +#include +#include + +#include + +#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 + +#include +#include "ec_lcl.h" + +#if defined(__GNUC__) && (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 1)) + /* even with gcc, the typedef won't work for 32-bit platforms */ + typedef __uint128_t uint128_t; /* nonstandard; implemented by gcc on 64-bit platforms */ +#else + #error "Need GCC 3.1 or later to define type uint128_t" +#endif + +typedef uint8_t u8; +typedef uint64_t u64; +typedef int64_t s64; + + +/******************************************************************************/ +/* INTERNAL REPRESENTATION OF FIELD ELEMENTS + * + * Field elements are represented as a_0 + 2^56*a_1 + 2^112*a_2 + 2^168*a_3 + * using 64-bit coefficients called 'limbs', + * and sometimes (for multiplication results) as + * b_0 + 2^56*b_1 + 2^112*b_2 + 2^168*b_3 + 2^224*b_4 + 2^280*b_5 + 2^336*b_6 + * using 128-bit coefficients called 'widelimbs'. + * A 4-limb representation is an 'felem'; + * a 7-widelimb representation is a 'widefelem'. + * Even within felems, bits of adjacent limbs overlap, and we don't always + * reduce the representations: we ensure that inputs to each felem + * multiplication satisfy a_i < 2^60, so outputs satisfy b_i < 4*2^60*2^60, + * and fit into a 128-bit word without overflow. The coefficients are then + * again partially reduced to obtain an felem satisfying a_i < 2^57. + * We only reduce to the unique minimal representation at the end of the + * computation. + */ + +typedef uint64_t limb; +typedef uint128_t widelimb; + +typedef limb felem[4]; +typedef widelimb widefelem[7]; + +/* Field element represented as a byte arrary. + * 28*8 = 224 bits is also the group order size for the elliptic curve, + * and we also use this type for scalars for point multiplication. + */ +typedef u8 felem_bytearray[28]; + +static const felem_bytearray nistp224_curve_params[5] = { + {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* p */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01}, + {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, /* a */ + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE}, + {0xB4,0x05,0x0A,0x85,0x0C,0x04,0xB3,0xAB,0xF5,0x41, /* b */ + 0x32,0x56,0x50,0x44,0xB0,0xB7,0xD7,0xBF,0xD8,0xBA, + 0x27,0x0B,0x39,0x43,0x23,0x55,0xFF,0xB4}, + {0xB7,0x0E,0x0C,0xBD,0x6B,0xB4,0xBF,0x7F,0x32,0x13, /* x */ + 0x90,0xB9,0x4A,0x03,0xC1,0xD3,0x56,0xC2,0x11,0x22, + 0x34,0x32,0x80,0xD6,0x11,0x5C,0x1D,0x21}, + {0xbd,0x37,0x63,0x88,0xb5,0xf7,0x23,0xfb,0x4c,0x22, /* y */ + 0xdf,0xe6,0xcd,0x43,0x75,0xa0,0x5a,0x07,0x47,0x64, + 0x44,0xd5,0x81,0x99,0x85,0x00,0x7e,0x34} +}; + +/* Precomputed multiples of the standard generator + * Points are given in coordinates (X, Y, Z) where Z normally is 1 + * (0 for the point at infinity). + * For each field element, slice a_0 is word 0, etc. + * + * The table has 2 * 16 elements, starting with the following: + * index | bits | point + * ------+---------+------------------------------ + * 0 | 0 0 0 0 | 0G + * 1 | 0 0 0 1 | 1G + * 2 | 0 0 1 0 | 2^56G + * 3 | 0 0 1 1 | (2^56 + 1)G + * 4 | 0 1 0 0 | 2^112G + * 5 | 0 1 0 1 | (2^112 + 1)G + * 6 | 0 1 1 0 | (2^112 + 2^56)G + * 7 | 0 1 1 1 | (2^112 + 2^56 + 1)G + * 8 | 1 0 0 0 | 2^168G + * 9 | 1 0 0 1 | (2^168 + 1)G + * 10 | 1 0 1 0 | (2^168 + 2^56)G + * 11 | 1 0 1 1 | (2^168 + 2^56 + 1)G + * 12 | 1 1 0 0 | (2^168 + 2^112)G + * 13 | 1 1 0 1 | (2^168 + 2^112 + 1)G + * 14 | 1 1 1 0 | (2^168 + 2^112 + 2^56)G + * 15 | 1 1 1 1 | (2^168 + 2^112 + 2^56 + 1)G + * followed by a copy of this with each element multiplied by 2^28. + * + * The reason for this is so that we can clock bits into four different + * locations when doing simple scalar multiplies against the base point, + * and then another four locations using the second 16 elements. + */ +static const felem gmul[2][16][3] = +{{{{0, 0, 0, 0}, + {0, 0, 0, 0}, + {0, 0, 0, 0}}, + {{0x3280d6115c1d21, 0xc1d356c2112234, 0x7f321390b94a03, 0xb70e0cbd6bb4bf}, + {0xd5819985007e34, 0x75a05a07476444, 0xfb4c22dfe6cd43, 0xbd376388b5f723}, + {1, 0, 0, 0}}, + {{0xfd9675666ebbe9, 0xbca7664d40ce5e, 0x2242df8d8a2a43, 0x1f49bbb0f99bc5}, + {0x29e0b892dc9c43, 0xece8608436e662, 0xdc858f185310d0, 0x9812dd4eb8d321}, + {1, 0, 0, 0}}, + {{0x6d3e678d5d8eb8, 0x559eed1cb362f1, 0x16e9a3bbce8a3f, 0xeedcccd8c2a748}, + {0xf19f90ed50266d, 0xabf2b4bf65f9df, 0x313865468fafec, 0x5cb379ba910a17}, + {1, 0, 0, 0}}, + {{0x0641966cab26e3, 0x91fb2991fab0a0, 0xefec27a4e13a0b, 0x0499aa8a5f8ebe}, + {0x7510407766af5d, 0x84d929610d5450, 0x81d77aae82f706, 0x6916f6d4338c5b}, + {1, 0, 0, 0}}, + {{0xea95ac3b1f15c6, 0x086000905e82d4, 0xdd323ae4d1c8b1, 0x932b56be7685a3}, + {0x9ef93dea25dbbf, 0x41665960f390f0, 0xfdec76dbe2a8a7, 0x523e80f019062a}, + {1, 0, 0, 0}}, + {{0x822fdd26732c73, 0xa01c83531b5d0f, 0x363f37347c1ba4, 0xc391b45c84725c}, + {0xbbd5e1b2d6ad24, 0xddfbcde19dfaec, 0xc393da7e222a7f, 0x1efb7890ede244}, + {1, 0, 0, 0}}, + {{0x4c9e90ca217da1, 0xd11beca79159bb, 0xff8d33c2c98b7c, 0x2610b39409f849}, + {0x44d1352ac64da0, 0xcdbb7b2c46b4fb, 0x966c079b753c89, 0xfe67e4e820b112}, + {1, 0, 0, 0}}, + {{0xe28cae2df5312d, 0xc71b61d16f5c6e, 0x79b7619a3e7c4c, 0x05c73240899b47}, + {0x9f7f6382c73e3a, 0x18615165c56bda, 0x641fab2116fd56, 0x72855882b08394}, + {1, 0, 0, 0}}, + {{0x0469182f161c09, 0x74a98ca8d00fb5, 0xb89da93489a3e0, 0x41c98768fb0c1d}, + {0xe5ea05fb32da81, 0x3dce9ffbca6855, 0x1cfe2d3fbf59e6, 0x0e5e03408738a7}, + {1, 0, 0, 0}}, + {{0xdab22b2333e87f, 0x4430137a5dd2f6, 0xe03ab9f738beb8, 0xcb0c5d0dc34f24}, + {0x764a7df0c8fda5, 0x185ba5c3fa2044, 0x9281d688bcbe50, 0xc40331df893881}, + {1, 0, 0, 0}}, + {{0xb89530796f0f60, 0xade92bd26909a3, 0x1a0c83fb4884da, 0x1765bf22a5a984}, + {0x772a9ee75db09e, 0x23bc6c67cec16f, 0x4c1edba8b14e2f, 0xe2a215d9611369}, + {1, 0, 0, 0}}, + {{0x571e509fb5efb3, 0xade88696410552, 0xc8ae85fada74fe, 0x6c7e4be83bbde3}, + {0xff9f51160f4652, 0xb47ce2495a6539, 0xa2946c53b582f4, 0x286d2db3ee9a60}, + {1, 0, 0, 0}}, + {{0x40bbd5081a44af, 0x0995183b13926c, 0xbcefba6f47f6d0, 0x215619e9cc0057}, + {0x8bc94d3b0df45e, 0xf11c54a3694f6f, 0x8631b93cdfe8b5, 0xe7e3f4b0982db9}, + {1, 0, 0, 0}}, + {{0xb17048ab3e1c7b, 0xac38f36ff8a1d8, 0x1c29819435d2c6, 0xc813132f4c07e9}, + {0x2891425503b11f, 0x08781030579fea, 0xf5426ba5cc9674, 0x1e28ebf18562bc}, + {1, 0, 0, 0}}, + {{0x9f31997cc864eb, 0x06cd91d28b5e4c, 0xff17036691a973, 0xf1aef351497c58}, + {0xdd1f2d600564ff, 0xdead073b1402db, 0x74a684435bd693, 0xeea7471f962558}, + {1, 0, 0, 0}}}, + {{{0, 0, 0, 0}, + {0, 0, 0, 0}, + {0, 0, 0, 0}}, + {{0x9665266dddf554, 0x9613d78b60ef2d, 0xce27a34cdba417, 0xd35ab74d6afc31}, + {0x85ccdd22deb15e, 0x2137e5783a6aab, 0xa141cffd8c93c6, 0x355a1830e90f2d}, + {1, 0, 0, 0}}, + {{0x1a494eadaade65, 0xd6da4da77fe53c, 0xe7992996abec86, 0x65c3553c6090e3}, + {0xfa610b1fb09346, 0xf1c6540b8a4aaf, 0xc51a13ccd3cbab, 0x02995b1b18c28a}, + {1, 0, 0, 0}}, + {{0x7874568e7295ef, 0x86b419fbe38d04, 0xdc0690a7550d9a, 0xd3966a44beac33}, + {0x2b7280ec29132f, 0xbeaa3b6a032df3, 0xdc7dd88ae41200, 0xd25e2513e3a100}, + {1, 0, 0, 0}}, + {{0x924857eb2efafd, 0xac2bce41223190, 0x8edaa1445553fc, 0x825800fd3562d5}, + {0x8d79148ea96621, 0x23a01c3dd9ed8d, 0xaf8b219f9416b5, 0xd8db0cc277daea}, + {1, 0, 0, 0}}, + {{0x76a9c3b1a700f0, 0xe9acd29bc7e691, 0x69212d1a6b0327, 0x6322e97fe154be}, + {0x469fc5465d62aa, 0x8d41ed18883b05, 0x1f8eae66c52b88, 0xe4fcbe9325be51}, + {1, 0, 0, 0}}, + {{0x825fdf583cac16, 0x020b857c7b023a, 0x683c17744b0165, 0x14ffd0a2daf2f1}, + {0x323b36184218f9, 0x4944ec4e3b47d4, 0xc15b3080841acf, 0x0bced4b01a28bb}, + {1, 0, 0, 0}}, + {{0x92ac22230df5c4, 0x52f33b4063eda8, 0xcb3f19870c0c93, 0x40064f2ba65233}, + {0xfe16f0924f8992, 0x012da25af5b517, 0x1a57bb24f723a6, 0x06f8bc76760def}, + {1, 0, 0, 0}}, + {{0x4a7084f7817cb9, 0xbcab0738ee9a78, 0x3ec11e11d9c326, 0xdc0fe90e0f1aae}, + {0xcf639ea5f98390, 0x5c350aa22ffb74, 0x9afae98a4047b7, 0x956ec2d617fc45}, + {1, 0, 0, 0}}, + {{0x4306d648c1be6a, 0x9247cd8bc9a462, 0xf5595e377d2f2e, 0xbd1c3caff1a52e}, + {0x045e14472409d0, 0x29f3e17078f773, 0x745a602b2d4f7d, 0x191837685cdfbb}, + {1, 0, 0, 0}}, + {{0x5b6ee254a8cb79, 0x4953433f5e7026, 0xe21faeb1d1def4, 0xc4c225785c09de}, + {0x307ce7bba1e518, 0x31b125b1036db8, 0x47e91868839e8f, 0xc765866e33b9f3}, + {1, 0, 0, 0}}, + {{0x3bfece24f96906, 0x4794da641e5093, 0xde5df64f95db26, 0x297ecd89714b05}, + {0x701bd3ebb2c3aa, 0x7073b4f53cb1d5, 0x13c5665658af16, 0x9895089d66fe58}, + {1, 0, 0, 0}}, + {{0x0fef05f78c4790, 0x2d773633b05d2e, 0x94229c3a951c94, 0xbbbd70df4911bb}, + {0xb2c6963d2c1168, 0x105f47a72b0d73, 0x9fdf6111614080, 0x7b7e94b39e67b0}, + {1, 0, 0, 0}}, + {{0xad1a7d6efbe2b3, 0xf012482c0da69d, 0x6b3bdf12438345, 0x40d7558d7aa4d9}, + {0x8a09fffb5c6d3d, 0x9a356e5d9ffd38, 0x5973f15f4f9b1c, 0xdcd5f59f63c3ea}, + {1, 0, 0, 0}}, + {{0xacf39f4c5ca7ab, 0x4c8071cc5fd737, 0xc64e3602cd1184, 0x0acd4644c9abba}, + {0x6c011a36d8bf6e, 0xfecd87ba24e32a, 0x19f6f56574fad8, 0x050b204ced9405}, + {1, 0, 0, 0}}, + {{0xed4f1cae7d9a96, 0x5ceef7ad94c40a, 0x778e4a3bf3ef9b, 0x7405783dc3b55e}, + {0x32477c61b6e8c6, 0xb46a97570f018b, 0x91176d0a7e95d1, 0x3df90fbc4c7d0e}, + {1, 0, 0, 0}}}}; + +/* Precomputation for the group generator. */ +typedef struct { + felem g_pre_comp[2][16][3]; + int references; +} NISTP224_PRE_COMP; + +const EC_METHOD * +EC_GFp_nistp224_method(void) +{ + static const EC_METHOD ret = { + .flags = EC_FLAGS_DEFAULT_OCT, + .field_type = NID_X9_62_prime_field, + .group_init = ec_GFp_nistp224_group_init, + .group_finish = ec_GFp_simple_group_finish, + .group_clear_finish = ec_GFp_simple_group_clear_finish, + .group_copy = ec_GFp_nist_group_copy, + .group_set_curve = ec_GFp_nistp224_group_set_curve, + .group_get_curve = ec_GFp_simple_group_get_curve, + .group_get_degree = ec_GFp_simple_group_get_degree, + .group_check_discriminant = + ec_GFp_simple_group_check_discriminant, + .point_init = ec_GFp_simple_point_init, + .point_finish = ec_GFp_simple_point_finish, + .point_clear_finish = ec_GFp_simple_point_clear_finish, + .point_copy = ec_GFp_simple_point_copy, + .point_set_to_infinity = ec_GFp_simple_point_set_to_infinity, + .point_set_Jprojective_coordinates_GFp = + ec_GFp_simple_set_Jprojective_coordinates_GFp, + .point_get_Jprojective_coordinates_GFp = + ec_GFp_simple_get_Jprojective_coordinates_GFp, + .point_set_affine_coordinates = + ec_GFp_simple_point_set_affine_coordinates, + .point_get_affine_coordinates = + ec_GFp_nistp224_point_get_affine_coordinates, + .add = ec_GFp_simple_add, + .dbl = ec_GFp_simple_dbl, + .invert = ec_GFp_simple_invert, + .is_at_infinity = ec_GFp_simple_is_at_infinity, + .is_on_curve = ec_GFp_simple_is_on_curve, + .point_cmp = ec_GFp_simple_cmp, + .make_affine = ec_GFp_simple_make_affine, + .points_make_affine = ec_GFp_simple_points_make_affine, + .mul = ec_GFp_nistp224_points_mul, + .precompute_mult = ec_GFp_nistp224_precompute_mult, + .have_precompute_mult = ec_GFp_nistp224_have_precompute_mult, + .field_mul = ec_GFp_nist_field_mul, + .field_sqr = ec_GFp_nist_field_sqr, + .blind_coordinates = NULL, + }; + + return &ret; +} + +/* Helper functions to convert field elements to/from internal representation */ +static void +bin28_to_felem(felem out, const u8 in[28]) +{ + out[0] = *((const uint64_t *) (in)) & 0x00ffffffffffffff; + out[1] = (*((const uint64_t *) (in + 7))) & 0x00ffffffffffffff; + out[2] = (*((const uint64_t *) (in + 14))) & 0x00ffffffffffffff; + out[3] = (*((const uint64_t *) (in + 21))) & 0x00ffffffffffffff; +} + +static void +felem_to_bin28(u8 out[28], const felem in) +{ + unsigned i; + for (i = 0; i < 7; ++i) { + out[i] = in[0] >> (8 * i); + out[i + 7] = in[1] >> (8 * i); + out[i + 14] = in[2] >> (8 * i); + out[i + 21] = in[3] >> (8 * i); + } +} + +/* To preserve endianness when using BN_bn2bin and BN_bin2bn */ +static void +flip_endian(u8 * out, const u8 * in, unsigned len) +{ + unsigned i; + for (i = 0; i < len; ++i) + out[i] = in[len - 1 - i]; +} + +/* From OpenSSL BIGNUM to internal representation */ +static int +BN_to_felem(felem out, const BIGNUM * bn) +{ + felem_bytearray b_in; + felem_bytearray b_out; + unsigned num_bytes; + + /* BN_bn2bin eats leading zeroes */ + memset(b_out, 0, sizeof b_out); + num_bytes = BN_num_bytes(bn); + if (num_bytes > sizeof b_out) { + ECerror(EC_R_BIGNUM_OUT_OF_RANGE); + return 0; + } + if (BN_is_negative(bn)) { + ECerror(EC_R_BIGNUM_OUT_OF_RANGE); + return 0; + } + num_bytes = BN_bn2bin(bn, b_in); + flip_endian(b_out, b_in, num_bytes); + bin28_to_felem(out, b_out); + return 1; +} + +/* From internal representation to OpenSSL BIGNUM */ +static BIGNUM * +felem_to_BN(BIGNUM * out, const felem in) +{ + felem_bytearray b_in, b_out; + felem_to_bin28(b_in, in); + flip_endian(b_out, b_in, sizeof b_out); + return BN_bin2bn(b_out, sizeof b_out, out); +} + +/******************************************************************************/ +/* FIELD OPERATIONS + * + * Field operations, using the internal representation of field elements. + * NB! These operations are specific to our point multiplication and cannot be + * expected to be correct in general - e.g., multiplication with a large scalar + * will cause an overflow. + * + */ + +static void +felem_one(felem out) +{ + out[0] = 1; + out[1] = 0; + out[2] = 0; + out[3] = 0; +} + +static void +felem_assign(felem out, const felem in) +{ + out[0] = in[0]; + out[1] = in[1]; + out[2] = in[2]; + out[3] = in[3]; +} + +/* Sum two field elements: out += in */ +static void +felem_sum(felem out, const felem in) +{ + out[0] += in[0]; + out[1] += in[1]; + out[2] += in[2]; + out[3] += in[3]; +} + +/* Get negative value: out = -in */ +/* Assumes in[i] < 2^57 */ +static void +felem_neg(felem out, const felem in) +{ + static const limb two58p2 = (((limb) 1) << 58) + (((limb) 1) << 2); + static const limb two58m2 = (((limb) 1) << 58) - (((limb) 1) << 2); + static const limb two58m42m2 = (((limb) 1) << 58) - + (((limb) 1) << 42) - (((limb) 1) << 2); + + /* Set to 0 mod 2^224-2^96+1 to ensure out > in */ + out[0] = two58p2 - in[0]; + out[1] = two58m42m2 - in[1]; + out[2] = two58m2 - in[2]; + out[3] = two58m2 - in[3]; +} + +/* Subtract field elements: out -= in */ +/* Assumes in[i] < 2^57 */ +static void +felem_diff(felem out, const felem in) +{ + static const limb two58p2 = (((limb) 1) << 58) + (((limb) 1) << 2); + static const limb two58m2 = (((limb) 1) << 58) - (((limb) 1) << 2); + static const limb two58m42m2 = (((limb) 1) << 58) - + (((limb) 1) << 42) - (((limb) 1) << 2); + + /* Add 0 mod 2^224-2^96+1 to ensure out > in */ + out[0] += two58p2; + out[1] += two58m42m2; + out[2] += two58m2; + out[3] += two58m2; + + out[0] -= in[0]; + out[1] -= in[1]; + out[2] -= in[2]; + out[3] -= in[3]; +} + +/* Subtract in unreduced 128-bit mode: out -= in */ +/* Assumes in[i] < 2^119 */ +static void +widefelem_diff(widefelem out, const widefelem in) +{ + static const widelimb two120 = ((widelimb) 1) << 120; + static const widelimb two120m64 = (((widelimb) 1) << 120) - + (((widelimb) 1) << 64); + static const widelimb two120m104m64 = (((widelimb) 1) << 120) - + (((widelimb) 1) << 104) - (((widelimb) 1) << 64); + + /* Add 0 mod 2^224-2^96+1 to ensure out > in */ + out[0] += two120; + out[1] += two120m64; + out[2] += two120m64; + out[3] += two120; + out[4] += two120m104m64; + out[5] += two120m64; + out[6] += two120m64; + + out[0] -= in[0]; + out[1] -= in[1]; + out[2] -= in[2]; + out[3] -= in[3]; + out[4] -= in[4]; + out[5] -= in[5]; + out[6] -= in[6]; +} + +/* Subtract in mixed mode: out128 -= in64 */ +/* in[i] < 2^63 */ +static void +felem_diff_128_64(widefelem out, const felem in) +{ + static const widelimb two64p8 = (((widelimb) 1) << 64) + + (((widelimb) 1) << 8); + static const widelimb two64m8 = (((widelimb) 1) << 64) - + (((widelimb) 1) << 8); + static const widelimb two64m48m8 = (((widelimb) 1) << 64) - + (((widelimb) 1) << 48) - (((widelimb) 1) << 8); + + /* Add 0 mod 2^224-2^96+1 to ensure out > in */ + out[0] += two64p8; + out[1] += two64m48m8; + out[2] += two64m8; + out[3] += two64m8; + + out[0] -= in[0]; + out[1] -= in[1]; + out[2] -= in[2]; + out[3] -= in[3]; +} + +/* Multiply a field element by a scalar: out = out * scalar + * The scalars we actually use are small, so results fit without overflow */ +static void +felem_scalar(felem out, const limb scalar) +{ + out[0] *= scalar; + out[1] *= scalar; + out[2] *= scalar; + out[3] *= scalar; +} + +/* Multiply an unreduced field element by a scalar: out = out * scalar + * The scalars we actually use are small, so results fit without overflow */ +static void +widefelem_scalar(widefelem out, const widelimb scalar) +{ + out[0] *= scalar; + out[1] *= scalar; + out[2] *= scalar; + out[3] *= scalar; + out[4] *= scalar; + out[5] *= scalar; + out[6] *= scalar; +} + +/* Square a field element: out = in^2 */ +static void +felem_square(widefelem out, const felem in) +{ + limb tmp0, tmp1, tmp2; + tmp0 = 2 * in[0]; + tmp1 = 2 * in[1]; + tmp2 = 2 * in[2]; + out[0] = ((widelimb) in[0]) * in[0]; + out[1] = ((widelimb) in[0]) * tmp1; + out[2] = ((widelimb) in[0]) * tmp2 + ((widelimb) in[1]) * in[1]; + out[3] = ((widelimb) in[3]) * tmp0 + + ((widelimb) in[1]) * tmp2; + out[4] = ((widelimb) in[3]) * tmp1 + ((widelimb) in[2]) * in[2]; + out[5] = ((widelimb) in[3]) * tmp2; + out[6] = ((widelimb) in[3]) * in[3]; +} + +/* Multiply two field elements: out = in1 * in2 */ +static void +felem_mul(widefelem out, const felem in1, const felem in2) +{ + out[0] = ((widelimb) in1[0]) * in2[0]; + out[1] = ((widelimb) in1[0]) * in2[1] + ((widelimb) in1[1]) * in2[0]; + out[2] = ((widelimb) in1[0]) * in2[2] + ((widelimb) in1[1]) * in2[1] + + ((widelimb) in1[2]) * in2[0]; + out[3] = ((widelimb) in1[0]) * in2[3] + ((widelimb) in1[1]) * in2[2] + + ((widelimb) in1[2]) * in2[1] + ((widelimb) in1[3]) * in2[0]; + out[4] = ((widelimb) in1[1]) * in2[3] + ((widelimb) in1[2]) * in2[2] + + ((widelimb) in1[3]) * in2[1]; + out[5] = ((widelimb) in1[2]) * in2[3] + ((widelimb) in1[3]) * in2[2]; + out[6] = ((widelimb) in1[3]) * in2[3]; +} + +/* Reduce seven 128-bit coefficients to four 64-bit coefficients. + * Requires in[i] < 2^126, + * ensures out[0] < 2^56, out[1] < 2^56, out[2] < 2^56, out[3] <= 2^56 + 2^16 */ +static void +felem_reduce(felem out, const widefelem in) +{ + static const widelimb two127p15 = (((widelimb) 1) << 127) + + (((widelimb) 1) << 15); + static const widelimb two127m71 = (((widelimb) 1) << 127) - + (((widelimb) 1) << 71); + static const widelimb two127m71m55 = (((widelimb) 1) << 127) - + (((widelimb) 1) << 71) - (((widelimb) 1) << 55); + widelimb output[5]; + + /* Add 0 mod 2^224-2^96+1 to ensure all differences are positive */ + output[0] = in[0] + two127p15; + output[1] = in[1] + two127m71m55; + output[2] = in[2] + two127m71; + output[3] = in[3]; + output[4] = in[4]; + + /* Eliminate in[4], in[5], in[6] */ + output[4] += in[6] >> 16; + output[3] += (in[6] & 0xffff) << 40; + output[2] -= in[6]; + + output[3] += in[5] >> 16; + output[2] += (in[5] & 0xffff) << 40; + output[1] -= in[5]; + + output[2] += output[4] >> 16; + output[1] += (output[4] & 0xffff) << 40; + output[0] -= output[4]; + + /* Carry 2 -> 3 -> 4 */ + output[3] += output[2] >> 56; + output[2] &= 0x00ffffffffffffff; + + output[4] = output[3] >> 56; + output[3] &= 0x00ffffffffffffff; + + /* Now output[2] < 2^56, output[3] < 2^56, output[4] < 2^72 */ + + /* Eliminate output[4] */ + output[2] += output[4] >> 16; + /* output[2] < 2^56 + 2^56 = 2^57 */ + output[1] += (output[4] & 0xffff) << 40; + output[0] -= output[4]; + + /* Carry 0 -> 1 -> 2 -> 3 */ + output[1] += output[0] >> 56; + out[0] = output[0] & 0x00ffffffffffffff; + + output[2] += output[1] >> 56; + /* output[2] < 2^57 + 2^72 */ + out[1] = output[1] & 0x00ffffffffffffff; + output[3] += output[2] >> 56; + /* output[3] <= 2^56 + 2^16 */ + out[2] = output[2] & 0x00ffffffffffffff; + + /* + * out[0] < 2^56, out[1] < 2^56, out[2] < 2^56, out[3] <= 2^56 + 2^16 + * (due to final carry), so out < 2*p + */ + out[3] = output[3]; +} + +static void +felem_square_reduce(felem out, const felem in) +{ + widefelem tmp; + felem_square(tmp, in); + felem_reduce(out, tmp); +} + +static void +felem_mul_reduce(felem out, const felem in1, const felem in2) +{ + widefelem tmp; + felem_mul(tmp, in1, in2); + felem_reduce(out, tmp); +} + +/* Reduce to unique minimal representation. + * Requires 0 <= in < 2*p (always call felem_reduce first) */ +static void +felem_contract(felem out, const felem in) +{ + static const int64_t two56 = ((limb) 1) << 56; + /* 0 <= in < 2*p, p = 2^224 - 2^96 + 1 */ + /* if in > p , reduce in = in - 2^224 + 2^96 - 1 */ + int64_t tmp[4], a; + tmp[0] = in[0]; + tmp[1] = in[1]; + tmp[2] = in[2]; + tmp[3] = in[3]; + /* Case 1: a = 1 iff in >= 2^224 */ + a = (in[3] >> 56); + tmp[0] -= a; + tmp[1] += a << 40; + tmp[3] &= 0x00ffffffffffffff; + /* + * Case 2: a = 0 iff p <= in < 2^224, i.e., the high 128 bits are all + * 1 and the lower part is non-zero + */ + a = ((in[3] & in[2] & (in[1] | 0x000000ffffffffff)) + 1) | + (((int64_t) (in[0] + (in[1] & 0x000000ffffffffff)) - 1) >> 63); + a &= 0x00ffffffffffffff; + /* turn a into an all-one mask (if a = 0) or an all-zero mask */ + a = (a - 1) >> 63; + /* subtract 2^224 - 2^96 + 1 if a is all-one */ + tmp[3] &= a ^ 0xffffffffffffffff; + tmp[2] &= a ^ 0xffffffffffffffff; + tmp[1] &= (a ^ 0xffffffffffffffff) | 0x000000ffffffffff; + tmp[0] -= 1 & a; + + /* + * eliminate negative coefficients: if tmp[0] is negative, tmp[1] + * must be non-zero, so we only need one step + */ + a = tmp[0] >> 63; + tmp[0] += two56 & a; + tmp[1] -= 1 & a; + + /* carry 1 -> 2 -> 3 */ + tmp[2] += tmp[1] >> 56; + tmp[1] &= 0x00ffffffffffffff; + + tmp[3] += tmp[2] >> 56; + tmp[2] &= 0x00ffffffffffffff; + + /* Now 0 <= out < p */ + out[0] = tmp[0]; + out[1] = tmp[1]; + out[2] = tmp[2]; + out[3] = tmp[3]; +} + +/* Zero-check: returns 1 if input is 0, and 0 otherwise. + * We know that field elements are reduced to in < 2^225, + * so we only need to check three cases: 0, 2^224 - 2^96 + 1, + * and 2^225 - 2^97 + 2 */ +static limb +felem_is_zero(const felem in) +{ + limb zero, two224m96p1, two225m97p2; + + zero = in[0] | in[1] | in[2] | in[3]; + zero = (((int64_t) (zero) - 1) >> 63) & 1; + two224m96p1 = (in[0] ^ 1) | (in[1] ^ 0x00ffff0000000000) + | (in[2] ^ 0x00ffffffffffffff) | (in[3] ^ 0x00ffffffffffffff); + two224m96p1 = (((int64_t) (two224m96p1) - 1) >> 63) & 1; + two225m97p2 = (in[0] ^ 2) | (in[1] ^ 0x00fffe0000000000) + | (in[2] ^ 0x00ffffffffffffff) | (in[3] ^ 0x01ffffffffffffff); + two225m97p2 = (((int64_t) (two225m97p2) - 1) >> 63) & 1; + return (zero | two224m96p1 | two225m97p2); +} + +static limb +felem_is_zero_int(const felem in) +{ + return (int) (felem_is_zero(in) & ((limb) 1)); +} + +/* Invert a field element */ +/* Computation chain copied from djb's code */ +static void +felem_inv(felem out, const felem in) +{ + felem ftmp, ftmp2, ftmp3, ftmp4; + widefelem tmp; + unsigned i; + + felem_square(tmp, in); + felem_reduce(ftmp, tmp);/* 2 */ + felem_mul(tmp, in, ftmp); + felem_reduce(ftmp, tmp);/* 2^2 - 1 */ + felem_square(tmp, ftmp); + felem_reduce(ftmp, tmp);/* 2^3 - 2 */ + felem_mul(tmp, in, ftmp); + felem_reduce(ftmp, tmp);/* 2^3 - 1 */ + felem_square(tmp, ftmp); + felem_reduce(ftmp2, tmp); /* 2^4 - 2 */ + felem_square(tmp, ftmp2); + felem_reduce(ftmp2, tmp); /* 2^5 - 4 */ + felem_square(tmp, ftmp2); + felem_reduce(ftmp2, tmp); /* 2^6 - 8 */ + felem_mul(tmp, ftmp2, ftmp); + felem_reduce(ftmp, tmp);/* 2^6 - 1 */ + felem_square(tmp, ftmp); + felem_reduce(ftmp2, tmp); /* 2^7 - 2 */ + for (i = 0; i < 5; ++i) { /* 2^12 - 2^6 */ + felem_square(tmp, ftmp2); + felem_reduce(ftmp2, tmp); + } + felem_mul(tmp, ftmp2, ftmp); + felem_reduce(ftmp2, tmp); /* 2^12 - 1 */ + felem_square(tmp, ftmp2); + felem_reduce(ftmp3, tmp); /* 2^13 - 2 */ + for (i = 0; i < 11; ++i) { /* 2^24 - 2^12 */ + felem_square(tmp, ftmp3); + felem_reduce(ftmp3, tmp); + } + felem_mul(tmp, ftmp3, ftmp2); + felem_reduce(ftmp2, tmp); /* 2^24 - 1 */ + felem_square(tmp, ftmp2); + felem_reduce(ftmp3, tmp); /* 2^25 - 2 */ + for (i = 0; i < 23; ++i) { /* 2^48 - 2^24 */ + felem_square(tmp, ftmp3); + felem_reduce(ftmp3, tmp); + } + felem_mul(tmp, ftmp3, ftmp2); + felem_reduce(ftmp3, tmp); /* 2^48 - 1 */ + felem_square(tmp, ftmp3); + felem_reduce(ftmp4, tmp); /* 2^49 - 2 */ + for (i = 0; i < 47; ++i) { /* 2^96 - 2^48 */ + felem_square(tmp, ftmp4); + felem_reduce(ftmp4, tmp); + } + felem_mul(tmp, ftmp3, ftmp4); + felem_reduce(ftmp3, tmp); /* 2^96 - 1 */ + felem_square(tmp, ftmp3); + felem_reduce(ftmp4, tmp); /* 2^97 - 2 */ + for (i = 0; i < 23; ++i) { /* 2^120 - 2^24 */ + felem_square(tmp, ftmp4); + felem_reduce(ftmp4, tmp); + } + felem_mul(tmp, ftmp2, ftmp4); + felem_reduce(ftmp2, tmp); /* 2^120 - 1 */ + for (i = 0; i < 6; ++i) { /* 2^126 - 2^6 */ + felem_square(tmp, ftmp2); + felem_reduce(ftmp2, tmp); + } + felem_mul(tmp, ftmp2, ftmp); + felem_reduce(ftmp, tmp);/* 2^126 - 1 */ + felem_square(tmp, ftmp); + felem_reduce(ftmp, tmp);/* 2^127 - 2 */ + felem_mul(tmp, ftmp, in); + felem_reduce(ftmp, tmp);/* 2^127 - 1 */ + for (i = 0; i < 97; ++i) { /* 2^224 - 2^97 */ + felem_square(tmp, ftmp); + felem_reduce(ftmp, tmp); + } + felem_mul(tmp, ftmp, ftmp3); + felem_reduce(out, tmp); /* 2^224 - 2^96 - 1 */ +} + +/* Copy in constant time: + * if icopy == 1, copy in to out, + * if icopy == 0, copy out to itself. */ +static void +copy_conditional(felem out, const felem in, limb icopy) +{ + unsigned i; + /* icopy is a (64-bit) 0 or 1, so copy is either all-zero or all-one */ + const limb copy = -icopy; + for (i = 0; i < 4; ++i) { + const limb tmp = copy & (in[i] ^ out[i]); + out[i] ^= tmp; + } +} + +/******************************************************************************/ +/* ELLIPTIC CURVE POINT OPERATIONS + * + * Points are represented in Jacobian projective coordinates: + * (X, Y, Z) corresponds to the affine point (X/Z^2, Y/Z^3), + * or to the point at infinity if Z == 0. + * + */ + +/* Double an elliptic curve point: + * (X', Y', Z') = 2 * (X, Y, Z), where + * X' = (3 * (X - Z^2) * (X + Z^2))^2 - 8 * X * Y^2 + * Y' = 3 * (X - Z^2) * (X + Z^2) * (4 * X * Y^2 - X') - 8 * Y^2 + * Z' = (Y + Z)^2 - Y^2 - Z^2 = 2 * Y * Z + * Outputs can equal corresponding inputs, i.e., x_out == x_in is allowed, + * while x_out == y_in is not (maybe this works, but it's not tested). */ +static void +point_double(felem x_out, felem y_out, felem z_out, + const felem x_in, const felem y_in, const felem z_in) +{ + widefelem tmp, tmp2; + felem delta, gamma, beta, alpha, ftmp, ftmp2; + + felem_assign(ftmp, x_in); + felem_assign(ftmp2, x_in); + + /* delta = z^2 */ + felem_square(tmp, z_in); + felem_reduce(delta, tmp); + + /* gamma = y^2 */ + felem_square(tmp, y_in); + felem_reduce(gamma, tmp); + + /* beta = x*gamma */ + felem_mul(tmp, x_in, gamma); + felem_reduce(beta, tmp); + + /* alpha = 3*(x-delta)*(x+delta) */ + felem_diff(ftmp, delta); + /* ftmp[i] < 2^57 + 2^58 + 2 < 2^59 */ + felem_sum(ftmp2, delta); + /* ftmp2[i] < 2^57 + 2^57 = 2^58 */ + felem_scalar(ftmp2, 3); + /* ftmp2[i] < 3 * 2^58 < 2^60 */ + felem_mul(tmp, ftmp, ftmp2); + /* tmp[i] < 2^60 * 2^59 * 4 = 2^121 */ + felem_reduce(alpha, tmp); + + /* x' = alpha^2 - 8*beta */ + felem_square(tmp, alpha); + /* tmp[i] < 4 * 2^57 * 2^57 = 2^116 */ + felem_assign(ftmp, beta); + felem_scalar(ftmp, 8); + /* ftmp[i] < 8 * 2^57 = 2^60 */ + felem_diff_128_64(tmp, ftmp); + /* tmp[i] < 2^116 + 2^64 + 8 < 2^117 */ + felem_reduce(x_out, tmp); + + /* z' = (y + z)^2 - gamma - delta */ + felem_sum(delta, gamma); + /* delta[i] < 2^57 + 2^57 = 2^58 */ + felem_assign(ftmp, y_in); + felem_sum(ftmp, z_in); + /* ftmp[i] < 2^57 + 2^57 = 2^58 */ + felem_square(tmp, ftmp); + /* tmp[i] < 4 * 2^58 * 2^58 = 2^118 */ + felem_diff_128_64(tmp, delta); + /* tmp[i] < 2^118 + 2^64 + 8 < 2^119 */ + felem_reduce(z_out, tmp); + + /* y' = alpha*(4*beta - x') - 8*gamma^2 */ + felem_scalar(beta, 4); + /* beta[i] < 4 * 2^57 = 2^59 */ + felem_diff(beta, x_out); + /* beta[i] < 2^59 + 2^58 + 2 < 2^60 */ + felem_mul(tmp, alpha, beta); + /* tmp[i] < 4 * 2^57 * 2^60 = 2^119 */ + felem_square(tmp2, gamma); + /* tmp2[i] < 4 * 2^57 * 2^57 = 2^116 */ + widefelem_scalar(tmp2, 8); + /* tmp2[i] < 8 * 2^116 = 2^119 */ + widefelem_diff(tmp, tmp2); + /* tmp[i] < 2^119 + 2^120 < 2^121 */ + felem_reduce(y_out, tmp); +} + +/* Add two elliptic curve points: + * (X_1, Y_1, Z_1) + (X_2, Y_2, Z_2) = (X_3, Y_3, Z_3), where + * X_3 = (Z_1^3 * Y_2 - Z_2^3 * Y_1)^2 - (Z_1^2 * X_2 - Z_2^2 * X_1)^3 - + * 2 * Z_2^2 * X_1 * (Z_1^2 * X_2 - Z_2^2 * X_1)^2 + * Y_3 = (Z_1^3 * Y_2 - Z_2^3 * Y_1) * (Z_2^2 * X_1 * (Z_1^2 * X_2 - Z_2^2 * X_1)^2 - X_3) - + * Z_2^3 * Y_1 * (Z_1^2 * X_2 - Z_2^2 * X_1)^3 + * Z_3 = (Z_1^2 * X_2 - Z_2^2 * X_1) * (Z_1 * Z_2) + * + * This runs faster if 'mixed' is set, which requires Z_2 = 1 or Z_2 = 0. + */ + +/* This function is not entirely constant-time: + * it includes a branch for checking whether the two input points are equal, + * (while not equal to the point at infinity). + * This case never happens during single point multiplication, + * so there is no timing leak for ECDH or ECDSA signing. */ +static void +point_add(felem x3, felem y3, felem z3, + const felem x1, const felem y1, const felem z1, + const int mixed, const felem x2, const felem y2, const felem z2) +{ + felem ftmp, ftmp2, ftmp3, ftmp4, ftmp5, x_out, y_out, z_out; + widefelem tmp, tmp2; + limb z1_is_zero, z2_is_zero, x_equal, y_equal; + + if (!mixed) { + /* ftmp2 = z2^2 */ + felem_square(tmp, z2); + felem_reduce(ftmp2, tmp); + + /* ftmp4 = z2^3 */ + felem_mul(tmp, ftmp2, z2); + felem_reduce(ftmp4, tmp); + + /* ftmp4 = z2^3*y1 */ + felem_mul(tmp2, ftmp4, y1); + felem_reduce(ftmp4, tmp2); + + /* ftmp2 = z2^2*x1 */ + felem_mul(tmp2, ftmp2, x1); + felem_reduce(ftmp2, tmp2); + } else { + /* We'll assume z2 = 1 (special case z2 = 0 is handled later) */ + + /* ftmp4 = z2^3*y1 */ + felem_assign(ftmp4, y1); + + /* ftmp2 = z2^2*x1 */ + felem_assign(ftmp2, x1); + } + + /* ftmp = z1^2 */ + felem_square(tmp, z1); + felem_reduce(ftmp, tmp); + + /* ftmp3 = z1^3 */ + felem_mul(tmp, ftmp, z1); + felem_reduce(ftmp3, tmp); + + /* tmp = z1^3*y2 */ + felem_mul(tmp, ftmp3, y2); + /* tmp[i] < 4 * 2^57 * 2^57 = 2^116 */ + + /* ftmp3 = z1^3*y2 - z2^3*y1 */ + felem_diff_128_64(tmp, ftmp4); + /* tmp[i] < 2^116 + 2^64 + 8 < 2^117 */ + felem_reduce(ftmp3, tmp); + + /* tmp = z1^2*x2 */ + felem_mul(tmp, ftmp, x2); + /* tmp[i] < 4 * 2^57 * 2^57 = 2^116 */ + + /* ftmp = z1^2*x2 - z2^2*x1 */ + felem_diff_128_64(tmp, ftmp2); + /* tmp[i] < 2^116 + 2^64 + 8 < 2^117 */ + felem_reduce(ftmp, tmp); + + /* + * the formulae are incorrect if the points are equal so we check for + * this and do doubling if this happens + */ + x_equal = felem_is_zero(ftmp); + y_equal = felem_is_zero(ftmp3); + z1_is_zero = felem_is_zero(z1); + z2_is_zero = felem_is_zero(z2); + /* In affine coordinates, (X_1, Y_1) == (X_2, Y_2) */ + if (x_equal && y_equal && !z1_is_zero && !z2_is_zero) { + point_double(x3, y3, z3, x1, y1, z1); + return; + } + /* ftmp5 = z1*z2 */ + if (!mixed) { + felem_mul(tmp, z1, z2); + felem_reduce(ftmp5, tmp); + } else { + /* special case z2 = 0 is handled later */ + felem_assign(ftmp5, z1); + } + + /* z_out = (z1^2*x2 - z2^2*x1)*(z1*z2) */ + felem_mul(tmp, ftmp, ftmp5); + felem_reduce(z_out, tmp); + + /* ftmp = (z1^2*x2 - z2^2*x1)^2 */ + felem_assign(ftmp5, ftmp); + felem_square(tmp, ftmp); + felem_reduce(ftmp, tmp); + + /* ftmp5 = (z1^2*x2 - z2^2*x1)^3 */ + felem_mul(tmp, ftmp, ftmp5); + felem_reduce(ftmp5, tmp); + + /* ftmp2 = z2^2*x1*(z1^2*x2 - z2^2*x1)^2 */ + felem_mul(tmp, ftmp2, ftmp); + felem_reduce(ftmp2, tmp); + + /* tmp = z2^3*y1*(z1^2*x2 - z2^2*x1)^3 */ + felem_mul(tmp, ftmp4, ftmp5); + /* tmp[i] < 4 * 2^57 * 2^57 = 2^116 */ + + /* tmp2 = (z1^3*y2 - z2^3*y1)^2 */ + felem_square(tmp2, ftmp3); + /* tmp2[i] < 4 * 2^57 * 2^57 < 2^116 */ + + /* tmp2 = (z1^3*y2 - z2^3*y1)^2 - (z1^2*x2 - z2^2*x1)^3 */ + felem_diff_128_64(tmp2, ftmp5); + /* tmp2[i] < 2^116 + 2^64 + 8 < 2^117 */ + + /* ftmp5 = 2*z2^2*x1*(z1^2*x2 - z2^2*x1)^2 */ + felem_assign(ftmp5, ftmp2); + felem_scalar(ftmp5, 2); + /* ftmp5[i] < 2 * 2^57 = 2^58 */ + + /* + * x_out = (z1^3*y2 - z2^3*y1)^2 - (z1^2*x2 - z2^2*x1)^3 - + * 2*z2^2*x1*(z1^2*x2 - z2^2*x1)^2 + */ + felem_diff_128_64(tmp2, ftmp5); + /* tmp2[i] < 2^117 + 2^64 + 8 < 2^118 */ + felem_reduce(x_out, tmp2); + + /* ftmp2 = z2^2*x1*(z1^2*x2 - z2^2*x1)^2 - x_out */ + felem_diff(ftmp2, x_out); + /* ftmp2[i] < 2^57 + 2^58 + 2 < 2^59 */ + + /* tmp2 = (z1^3*y2 - z2^3*y1)*(z2^2*x1*(z1^2*x2 - z2^2*x1)^2 - x_out) */ + felem_mul(tmp2, ftmp3, ftmp2); + /* tmp2[i] < 4 * 2^57 * 2^59 = 2^118 */ + + /* + * y_out = (z1^3*y2 - z2^3*y1)*(z2^2*x1*(z1^2*x2 - z2^2*x1)^2 - + * x_out) - z2^3*y1*(z1^2*x2 - z2^2*x1)^3 + */ + widefelem_diff(tmp2, tmp); + /* tmp2[i] < 2^118 + 2^120 < 2^121 */ + felem_reduce(y_out, tmp2); + + /* + * the result (x_out, y_out, z_out) is incorrect if one of the inputs + * is the point at infinity, so we need to check for this separately + */ + + /* if point 1 is at infinity, copy point 2 to output, and vice versa */ + copy_conditional(x_out, x2, z1_is_zero); + copy_conditional(x_out, x1, z2_is_zero); + copy_conditional(y_out, y2, z1_is_zero); + copy_conditional(y_out, y1, z2_is_zero); + copy_conditional(z_out, z2, z1_is_zero); + copy_conditional(z_out, z1, z2_is_zero); + felem_assign(x3, x_out); + felem_assign(y3, y_out); + felem_assign(z3, z_out); +} + +/* select_point selects the |idx|th point from a precomputation table and + * copies it to out. */ +static void +select_point(const u64 idx, unsigned int size, const felem pre_comp[ /* size */ ][3], felem out[3]) +{ + unsigned i, j; + limb *outlimbs = &out[0][0]; + memset(outlimbs, 0, 3 * sizeof(felem)); + + for (i = 0; i < size; i++) { + const limb *inlimbs = &pre_comp[i][0][0]; + u64 mask = i ^ idx; + mask |= mask >> 4; + mask |= mask >> 2; + mask |= mask >> 1; + mask &= 1; + mask--; + for (j = 0; j < 4 * 3; j++) + outlimbs[j] |= inlimbs[j] & mask; + } +} + +/* get_bit returns the |i|th bit in |in| */ +static char +get_bit(const felem_bytearray in, unsigned i) +{ + if (i >= 224) + return 0; + return (in[i >> 3] >> (i & 7)) & 1; +} + +/* Interleaved point multiplication using precomputed point multiples: + * The small point multiples 0*P, 1*P, ..., 16*P are in pre_comp[], + * the scalars in scalars[]. If g_scalar is non-NULL, we also add this multiple + * of the generator, using certain (large) precomputed multiples in g_pre_comp. + * Output point (X, Y, Z) is stored in x_out, y_out, z_out */ +static void +batch_mul(felem x_out, felem y_out, felem z_out, + const felem_bytearray scalars[], const unsigned num_points, const u8 * g_scalar, + const int mixed, const felem pre_comp[][17][3], const felem g_pre_comp[2][16][3]) +{ + int i, skip; + unsigned num; + unsigned gen_mul = (g_scalar != NULL); + felem nq[3], tmp[4]; + u64 bits; + u8 sign, digit; + + /* set nq to the point at infinity */ + memset(nq, 0, 3 * sizeof(felem)); + + /* + * Loop over all scalars msb-to-lsb, interleaving additions of + * multiples of the generator (two in each of the last 28 rounds) and + * additions of other points multiples (every 5th round). + */ + skip = 1; /* save two point operations in the first + * round */ + for (i = (num_points ? 220 : 27); i >= 0; --i) { + /* double */ + if (!skip) + point_double(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2]); + + /* add multiples of the generator */ + if (gen_mul && (i <= 27)) { + /* first, look 28 bits upwards */ + bits = get_bit(g_scalar, i + 196) << 3; + bits |= get_bit(g_scalar, i + 140) << 2; + bits |= get_bit(g_scalar, i + 84) << 1; + bits |= get_bit(g_scalar, i + 28); + /* select the point to add, in constant time */ + select_point(bits, 16, g_pre_comp[1], tmp); + + if (!skip) { + point_add(nq[0], nq[1], nq[2], + nq[0], nq[1], nq[2], + 1 /* mixed */ , tmp[0], tmp[1], tmp[2]); + } else { + memcpy(nq, tmp, 3 * sizeof(felem)); + skip = 0; + } + + /* second, look at the current position */ + bits = get_bit(g_scalar, i + 168) << 3; + bits |= get_bit(g_scalar, i + 112) << 2; + bits |= get_bit(g_scalar, i + 56) << 1; + bits |= get_bit(g_scalar, i); + /* select the point to add, in constant time */ + select_point(bits, 16, g_pre_comp[0], tmp); + point_add(nq[0], nq[1], nq[2], + nq[0], nq[1], nq[2], + 1 /* mixed */ , tmp[0], tmp[1], tmp[2]); + } + /* do other additions every 5 doublings */ + if (num_points && (i % 5 == 0)) { + /* loop over all scalars */ + for (num = 0; num < num_points; ++num) { + bits = get_bit(scalars[num], i + 4) << 5; + bits |= get_bit(scalars[num], i + 3) << 4; + bits |= get_bit(scalars[num], i + 2) << 3; + bits |= get_bit(scalars[num], i + 1) << 2; + bits |= get_bit(scalars[num], i) << 1; + bits |= get_bit(scalars[num], i - 1); + ec_GFp_nistp_recode_scalar_bits(&sign, &digit, bits); + + /* select the point to add or subtract */ + select_point(digit, 17, pre_comp[num], tmp); + felem_neg(tmp[3], tmp[1]); /* (X, -Y, Z) is the + * negative point */ + copy_conditional(tmp[1], tmp[3], sign); + + if (!skip) { + point_add(nq[0], nq[1], nq[2], + nq[0], nq[1], nq[2], + mixed, tmp[0], tmp[1], tmp[2]); + } else { + memcpy(nq, tmp, 3 * sizeof(felem)); + skip = 0; + } + } + } + } + felem_assign(x_out, nq[0]); + felem_assign(y_out, nq[1]); + felem_assign(z_out, nq[2]); +} + +/******************************************************************************/ +/* FUNCTIONS TO MANAGE PRECOMPUTATION + */ + +static NISTP224_PRE_COMP * +nistp224_pre_comp_new() +{ + NISTP224_PRE_COMP *ret = NULL; + ret = malloc(sizeof *ret); + if (!ret) { + ECerror(ERR_R_MALLOC_FAILURE); + return ret; + } + memset(ret->g_pre_comp, 0, sizeof(ret->g_pre_comp)); + ret->references = 1; + return ret; +} + +static void * +nistp224_pre_comp_dup(void *src_) +{ + NISTP224_PRE_COMP *src = src_; + + /* no need to actually copy, these objects never change! */ + CRYPTO_add(&src->references, 1, CRYPTO_LOCK_EC_PRE_COMP); + + return src_; +} + +static void +nistp224_pre_comp_free(void *pre_) +{ + int i; + NISTP224_PRE_COMP *pre = pre_; + + if (!pre) + return; + + i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP); + if (i > 0) + return; + + free(pre); +} + +static void +nistp224_pre_comp_clear_free(void *pre_) +{ + int i; + NISTP224_PRE_COMP *pre = pre_; + + if (!pre) + return; + + i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP); + if (i > 0) + return; + + freezero(pre, sizeof *pre); +} + +/******************************************************************************/ +/* OPENSSL EC_METHOD FUNCTIONS + */ + +int +ec_GFp_nistp224_group_init(EC_GROUP * group) +{ + int ret; + ret = ec_GFp_simple_group_init(group); + group->a_is_minus3 = 1; + return ret; +} + +int +ec_GFp_nistp224_group_set_curve(EC_GROUP * group, const BIGNUM * p, + const BIGNUM * a, const BIGNUM * b, BN_CTX * ctx) +{ + int ret = 0; + BN_CTX *new_ctx = NULL; + BIGNUM *curve_p, *curve_a, *curve_b; + + if (ctx == NULL) + if ((ctx = new_ctx = BN_CTX_new()) == NULL) + return 0; + BN_CTX_start(ctx); + if (((curve_p = BN_CTX_get(ctx)) == NULL) || + ((curve_a = BN_CTX_get(ctx)) == NULL) || + ((curve_b = BN_CTX_get(ctx)) == NULL)) + goto err; + BN_bin2bn(nistp224_curve_params[0], sizeof(felem_bytearray), curve_p); + BN_bin2bn(nistp224_curve_params[1], sizeof(felem_bytearray), curve_a); + BN_bin2bn(nistp224_curve_params[2], sizeof(felem_bytearray), curve_b); + if ((BN_cmp(curve_p, p)) || (BN_cmp(curve_a, a)) || + (BN_cmp(curve_b, b))) { + ECerror(EC_R_WRONG_CURVE_PARAMETERS); + goto err; + } + group->field_mod_func = BN_nist_mod_224; + ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx); + err: + BN_CTX_end(ctx); + BN_CTX_free(new_ctx); + return ret; +} + +/* Takes the Jacobian coordinates (X, Y, Z) of a point and returns + * (X', Y') = (X/Z^2, Y/Z^3) */ +int +ec_GFp_nistp224_point_get_affine_coordinates(const EC_GROUP * group, + const EC_POINT * point, BIGNUM * x, BIGNUM * y, BN_CTX * ctx) +{ + felem z1, z2, x_in, y_in, x_out, y_out; + widefelem tmp; + + if (EC_POINT_is_at_infinity(group, point) > 0) { + ECerror(EC_R_POINT_AT_INFINITY); + return 0; + } + if ((!BN_to_felem(x_in, &point->X)) || (!BN_to_felem(y_in, &point->Y)) || + (!BN_to_felem(z1, &point->Z))) + return 0; + felem_inv(z2, z1); + felem_square(tmp, z2); + felem_reduce(z1, tmp); + felem_mul(tmp, x_in, z1); + felem_reduce(x_in, tmp); + felem_contract(x_out, x_in); + if (x != NULL) { + if (!felem_to_BN(x, x_out)) { + ECerror(ERR_R_BN_LIB); + return 0; + } + } + felem_mul(tmp, z1, z2); + felem_reduce(z1, tmp); + felem_mul(tmp, y_in, z1); + felem_reduce(y_in, tmp); + felem_contract(y_out, y_in); + if (y != NULL) { + if (!felem_to_BN(y, y_out)) { + ECerror(ERR_R_BN_LIB); + return 0; + } + } + return 1; +} + +static void +make_points_affine(size_t num, felem points[ /* num */ ][3], felem tmp_felems[ /* num+1 */ ]) +{ + /* + * Runs in constant time, unless an input is the point at infinity + * (which normally shouldn't happen). + */ + ec_GFp_nistp_points_make_affine_internal( + num, + points, + sizeof(felem), + tmp_felems, + (void (*) (void *)) felem_one, + (int (*) (const void *)) felem_is_zero_int, + (void (*) (void *, const void *)) felem_assign, + (void (*) (void *, const void *)) felem_square_reduce, + (void (*) (void *, const void *, const void *)) felem_mul_reduce, + (void (*) (void *, const void *)) felem_inv, + (void (*) (void *, const void *)) felem_contract); +} + +/* Computes scalar*generator + \sum scalars[i]*points[i], ignoring NULL values + * Result is stored in r (r can equal one of the inputs). */ +int +ec_GFp_nistp224_points_mul(const EC_GROUP * group, EC_POINT * r, + const BIGNUM * scalar, size_t num, const EC_POINT * points[], + const BIGNUM * scalars[], BN_CTX * ctx) +{ + int ret = 0; + int j; + unsigned i; + int mixed = 0; + BN_CTX *new_ctx = NULL; + BIGNUM *x, *y, *z, *tmp_scalar; + felem_bytearray g_secret; + felem_bytearray *secrets = NULL; + felem(*pre_comp)[17][3] = NULL; + felem *tmp_felems = NULL; + felem_bytearray tmp; + unsigned num_bytes; + int have_pre_comp = 0; + size_t num_points = num; + felem x_in, y_in, z_in, x_out, y_out, z_out; + NISTP224_PRE_COMP *pre = NULL; + const felem(*g_pre_comp)[16][3] = NULL; + EC_POINT *generator = NULL; + const EC_POINT *p = NULL; + const BIGNUM *p_scalar = NULL; + + if (ctx == NULL) + if ((ctx = new_ctx = BN_CTX_new()) == NULL) + return 0; + BN_CTX_start(ctx); + if (((x = BN_CTX_get(ctx)) == NULL) || + ((y = BN_CTX_get(ctx)) == NULL) || + ((z = BN_CTX_get(ctx)) == NULL) || + ((tmp_scalar = BN_CTX_get(ctx)) == NULL)) + goto err; + + if (scalar != NULL) { + pre = EC_EX_DATA_get_data(group->extra_data, + nistp224_pre_comp_dup, nistp224_pre_comp_free, + nistp224_pre_comp_clear_free); + if (pre) + /* we have precomputation, try to use it */ + g_pre_comp = (const felem(*)[16][3]) pre->g_pre_comp; + else + /* try to use the standard precomputation */ + g_pre_comp = &gmul[0]; + generator = EC_POINT_new(group); + if (generator == NULL) + goto err; + /* get the generator from precomputation */ + if (!felem_to_BN(x, g_pre_comp[0][1][0]) || + !felem_to_BN(y, g_pre_comp[0][1][1]) || + !felem_to_BN(z, g_pre_comp[0][1][2])) { + ECerror(ERR_R_BN_LIB); + goto err; + } + if (!EC_POINT_set_Jprojective_coordinates_GFp(group, + generator, x, y, z, ctx)) + goto err; + if (0 == EC_POINT_cmp(group, generator, group->generator, ctx)) + /* precomputation matches generator */ + have_pre_comp = 1; + else + /* + * we don't have valid precomputation: treat the + * generator as a random point + */ + num_points = num_points + 1; + } + if (num_points > 0) { + if (num_points >= 3) { + /* + * unless we precompute multiples for just one or two + * points, converting those into affine form is time + * well spent + */ + mixed = 1; + } + secrets = calloc(num_points, sizeof(felem_bytearray)); + pre_comp = calloc(num_points, 17 * 3 * sizeof(felem)); + if (mixed) { + /* XXX should do more int overflow checking */ + tmp_felems = reallocarray(NULL, + (num_points * 17 + 1), sizeof(felem)); + } + if ((secrets == NULL) || (pre_comp == NULL) || (mixed && (tmp_felems == NULL))) { + ECerror(ERR_R_MALLOC_FAILURE); + goto err; + } + /* + * we treat NULL scalars as 0, and NULL points as points at + * infinity, i.e., they contribute nothing to the linear + * combination + */ + for (i = 0; i < num_points; ++i) { + if (i == num) + /* the generator */ + { + p = EC_GROUP_get0_generator(group); + p_scalar = scalar; + } else + /* the i^th point */ + { + p = points[i]; + p_scalar = scalars[i]; + } + if ((p_scalar != NULL) && (p != NULL)) { + /* reduce scalar to 0 <= scalar < 2^224 */ + if ((BN_num_bits(p_scalar) > 224) || (BN_is_negative(p_scalar))) { + /* + * this is an unusual input, and we + * don't guarantee constant-timeness + */ + if (!BN_nnmod(tmp_scalar, p_scalar, &group->order, ctx)) { + ECerror(ERR_R_BN_LIB); + goto err; + } + num_bytes = BN_bn2bin(tmp_scalar, tmp); + } else + num_bytes = BN_bn2bin(p_scalar, tmp); + flip_endian(secrets[i], tmp, num_bytes); + /* precompute multiples */ + if ((!BN_to_felem(x_out, &p->X)) || + (!BN_to_felem(y_out, &p->Y)) || + (!BN_to_felem(z_out, &p->Z))) + goto err; + felem_assign(pre_comp[i][1][0], x_out); + felem_assign(pre_comp[i][1][1], y_out); + felem_assign(pre_comp[i][1][2], z_out); + for (j = 2; j <= 16; ++j) { + if (j & 1) { + point_add( + pre_comp[i][j][0], pre_comp[i][j][1], pre_comp[i][j][2], + pre_comp[i][1][0], pre_comp[i][1][1], pre_comp[i][1][2], + 0, pre_comp[i][j - 1][0], pre_comp[i][j - 1][1], pre_comp[i][j - 1][2]); + } else { + point_double( + pre_comp[i][j][0], pre_comp[i][j][1], pre_comp[i][j][2], + pre_comp[i][j / 2][0], pre_comp[i][j / 2][1], pre_comp[i][j / 2][2]); + } + } + } + } + if (mixed) + make_points_affine(num_points * 17, pre_comp[0], tmp_felems); + } + /* the scalar for the generator */ + if ((scalar != NULL) && (have_pre_comp)) { + memset(g_secret, 0, sizeof g_secret); + /* reduce scalar to 0 <= scalar < 2^224 */ + if ((BN_num_bits(scalar) > 224) || (BN_is_negative(scalar))) { + /* + * this is an unusual input, and we don't guarantee + * constant-timeness + */ + if (!BN_nnmod(tmp_scalar, scalar, &group->order, ctx)) { + ECerror(ERR_R_BN_LIB); + goto err; + } + num_bytes = BN_bn2bin(tmp_scalar, tmp); + } else + num_bytes = BN_bn2bin(scalar, tmp); + flip_endian(g_secret, tmp, num_bytes); + /* do the multiplication with generator precomputation */ + batch_mul(x_out, y_out, z_out, + (const felem_bytearray(*)) secrets, num_points, + g_secret, + mixed, (const felem(*)[17][3]) pre_comp, + g_pre_comp); + } else + /* do the multiplication without generator precomputation */ + batch_mul(x_out, y_out, z_out, + (const felem_bytearray(*)) secrets, num_points, + NULL, mixed, (const felem(*)[17][3]) pre_comp, NULL); + /* reduce the output to its unique minimal representation */ + felem_contract(x_in, x_out); + felem_contract(y_in, y_out); + felem_contract(z_in, z_out); + if ((!felem_to_BN(x, x_in)) || (!felem_to_BN(y, y_in)) || + (!felem_to_BN(z, z_in))) { + ECerror(ERR_R_BN_LIB); + goto err; + } + ret = EC_POINT_set_Jprojective_coordinates_GFp(group, r, x, y, z, ctx); + + err: + BN_CTX_end(ctx); + EC_POINT_free(generator); + BN_CTX_free(new_ctx); + free(secrets); + free(pre_comp); + free(tmp_felems); + return ret; +} + +int +ec_GFp_nistp224_precompute_mult(EC_GROUP * group, BN_CTX * ctx) +{ + int ret = 0; + NISTP224_PRE_COMP *pre = NULL; + int i, j; + BN_CTX *new_ctx = NULL; + BIGNUM *x, *y; + EC_POINT *generator = NULL; + felem tmp_felems[32]; + + /* throw away old precomputation */ + EC_EX_DATA_free_data(&group->extra_data, nistp224_pre_comp_dup, + nistp224_pre_comp_free, nistp224_pre_comp_clear_free); + if (ctx == NULL) + if ((ctx = new_ctx = BN_CTX_new()) == NULL) + return 0; + BN_CTX_start(ctx); + if (((x = BN_CTX_get(ctx)) == NULL) || + ((y = BN_CTX_get(ctx)) == NULL)) + goto err; + /* get the generator */ + if (group->generator == NULL) + goto err; + generator = EC_POINT_new(group); + if (generator == NULL) + goto err; + BN_bin2bn(nistp224_curve_params[3], sizeof(felem_bytearray), x); + BN_bin2bn(nistp224_curve_params[4], sizeof(felem_bytearray), y); + if (!EC_POINT_set_affine_coordinates_GFp(group, generator, x, y, ctx)) + goto err; + if ((pre = nistp224_pre_comp_new()) == NULL) + goto err; + /* if the generator is the standard one, use built-in precomputation */ + if (0 == EC_POINT_cmp(group, generator, group->generator, ctx)) { + memcpy(pre->g_pre_comp, gmul, sizeof(pre->g_pre_comp)); + ret = 1; + goto err; + } + if ((!BN_to_felem(pre->g_pre_comp[0][1][0], &group->generator->X)) || + (!BN_to_felem(pre->g_pre_comp[0][1][1], &group->generator->Y)) || + (!BN_to_felem(pre->g_pre_comp[0][1][2], &group->generator->Z))) + goto err; + /* + * compute 2^56*G, 2^112*G, 2^168*G for the first table, 2^28*G, + * 2^84*G, 2^140*G, 2^196*G for the second one + */ + for (i = 1; i <= 8; i <<= 1) { + point_double( + pre->g_pre_comp[1][i][0], pre->g_pre_comp[1][i][1], pre->g_pre_comp[1][i][2], + pre->g_pre_comp[0][i][0], pre->g_pre_comp[0][i][1], pre->g_pre_comp[0][i][2]); + for (j = 0; j < 27; ++j) { + point_double( + pre->g_pre_comp[1][i][0], pre->g_pre_comp[1][i][1], pre->g_pre_comp[1][i][2], + pre->g_pre_comp[1][i][0], pre->g_pre_comp[1][i][1], pre->g_pre_comp[1][i][2]); + } + if (i == 8) + break; + point_double( + pre->g_pre_comp[0][2 * i][0], pre->g_pre_comp[0][2 * i][1], pre->g_pre_comp[0][2 * i][2], + pre->g_pre_comp[1][i][0], pre->g_pre_comp[1][i][1], pre->g_pre_comp[1][i][2]); + for (j = 0; j < 27; ++j) { + point_double( + pre->g_pre_comp[0][2 * i][0], pre->g_pre_comp[0][2 * i][1], pre->g_pre_comp[0][2 * i][2], + pre->g_pre_comp[0][2 * i][0], pre->g_pre_comp[0][2 * i][1], pre->g_pre_comp[0][2 * i][2]); + } + } + for (i = 0; i < 2; i++) { + /* g_pre_comp[i][0] is the point at infinity */ + memset(pre->g_pre_comp[i][0], 0, sizeof(pre->g_pre_comp[i][0])); + /* the remaining multiples */ + /* 2^56*G + 2^112*G resp. 2^84*G + 2^140*G */ + point_add( + pre->g_pre_comp[i][6][0], pre->g_pre_comp[i][6][1], + pre->g_pre_comp[i][6][2], pre->g_pre_comp[i][4][0], + pre->g_pre_comp[i][4][1], pre->g_pre_comp[i][4][2], + 0, pre->g_pre_comp[i][2][0], pre->g_pre_comp[i][2][1], + pre->g_pre_comp[i][2][2]); + /* 2^56*G + 2^168*G resp. 2^84*G + 2^196*G */ + point_add( + pre->g_pre_comp[i][10][0], pre->g_pre_comp[i][10][1], + pre->g_pre_comp[i][10][2], pre->g_pre_comp[i][8][0], + pre->g_pre_comp[i][8][1], pre->g_pre_comp[i][8][2], + 0, pre->g_pre_comp[i][2][0], pre->g_pre_comp[i][2][1], + pre->g_pre_comp[i][2][2]); + /* 2^112*G + 2^168*G resp. 2^140*G + 2^196*G */ + point_add( + pre->g_pre_comp[i][12][0], pre->g_pre_comp[i][12][1], + pre->g_pre_comp[i][12][2], pre->g_pre_comp[i][8][0], + pre->g_pre_comp[i][8][1], pre->g_pre_comp[i][8][2], + 0, pre->g_pre_comp[i][4][0], pre->g_pre_comp[i][4][1], + pre->g_pre_comp[i][4][2]); + /* + * 2^56*G + 2^112*G + 2^168*G resp. 2^84*G + 2^140*G + + * 2^196*G + */ + point_add( + pre->g_pre_comp[i][14][0], pre->g_pre_comp[i][14][1], + pre->g_pre_comp[i][14][2], pre->g_pre_comp[i][12][0], + pre->g_pre_comp[i][12][1], pre->g_pre_comp[i][12][2], + 0, pre->g_pre_comp[i][2][0], pre->g_pre_comp[i][2][1], + pre->g_pre_comp[i][2][2]); + for (j = 1; j < 8; ++j) { + /* odd multiples: add G resp. 2^28*G */ + point_add( + pre->g_pre_comp[i][2 * j + 1][0], pre->g_pre_comp[i][2 * j + 1][1], + pre->g_pre_comp[i][2 * j + 1][2], pre->g_pre_comp[i][2 * j][0], + pre->g_pre_comp[i][2 * j][1], pre->g_pre_comp[i][2 * j][2], + 0, pre->g_pre_comp[i][1][0], pre->g_pre_comp[i][1][1], + pre->g_pre_comp[i][1][2]); + } + } + make_points_affine(31, &(pre->g_pre_comp[0][1]), tmp_felems); + + if (!EC_EX_DATA_set_data(&group->extra_data, pre, nistp224_pre_comp_dup, + nistp224_pre_comp_free, nistp224_pre_comp_clear_free)) + goto err; + ret = 1; + pre = NULL; + err: + BN_CTX_end(ctx); + EC_POINT_free(generator); + BN_CTX_free(new_ctx); + nistp224_pre_comp_free(pre); + return ret; +} + +int +ec_GFp_nistp224_have_precompute_mult(const EC_GROUP * group) +{ + if (EC_EX_DATA_get_data(group->extra_data, nistp224_pre_comp_dup, + nistp224_pre_comp_free, nistp224_pre_comp_clear_free) + != NULL) + return 1; + else + return 0; +} + +#endif diff --git a/src/lib/libcrypto/ec/ecp_nistp256.c b/src/lib/libcrypto/ec/ecp_nistp256.c new file mode 100644 index 00000000000..fc68b6cd8d5 --- /dev/null +++ b/src/lib/libcrypto/ec/ecp_nistp256.c @@ -0,0 +1,2235 @@ +/* $OpenBSD: ecp_nistp256.c,v 1.22 2018/11/05 20:18:21 tb Exp $ */ +/* + * Written by Adam Langley (Google) for the OpenSSL project + */ +/* + * Copyright (c) 2011 Google Inc. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * A 64-bit implementation of the NIST P-256 elliptic curve point multiplication + * + * OpenSSL integration was taken from Emilia Kasper's work in ecp_nistp224.c. + * Otherwise based on Emilia's P224 work, which was inspired by my curve25519 + * work which got its smarts from Daniel J. Bernstein's work on the same. + */ + +#include +#include + +#include + +#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 + +#include +#include "ec_lcl.h" + +#if defined(__GNUC__) && (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 1)) + /* even with gcc, the typedef won't work for 32-bit platforms */ + typedef __uint128_t uint128_t; /* nonstandard; implemented by gcc on 64-bit platforms */ + typedef __int128_t int128_t; +#else + #error "Need GCC 3.1 or later to define type uint128_t" +#endif + +typedef uint8_t u8; +typedef uint32_t u32; +typedef uint64_t u64; +typedef int64_t s64; + +/* The underlying field. + * + * P256 operates over GF(2^256-2^224+2^192+2^96-1). We can serialise an element + * of this field into 32 bytes. We call this an felem_bytearray. */ + +typedef u8 felem_bytearray[32]; + +/* These are the parameters of P256, taken from FIPS 186-3, page 86. These + * values are big-endian. */ +static const felem_bytearray nistp256_curve_params[5] = { + {0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01, /* p */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, + {0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01, /* a = -3 */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc}, /* b */ + {0x5a, 0xc6, 0x35, 0xd8, 0xaa, 0x3a, 0x93, 0xe7, + 0xb3, 0xeb, 0xbd, 0x55, 0x76, 0x98, 0x86, 0xbc, + 0x65, 0x1d, 0x06, 0xb0, 0xcc, 0x53, 0xb0, 0xf6, + 0x3b, 0xce, 0x3c, 0x3e, 0x27, 0xd2, 0x60, 0x4b}, + {0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, /* x */ + 0xf8, 0xbc, 0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2, + 0x77, 0x03, 0x7d, 0x81, 0x2d, 0xeb, 0x33, 0xa0, + 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96}, + {0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, /* y */ + 0x8e, 0xe7, 0xeb, 0x4a, 0x7c, 0x0f, 0x9e, 0x16, + 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce, + 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5} +}; + +/* The representation of field elements. + * ------------------------------------ + * + * We represent field elements with either four 128-bit values, eight 128-bit + * values, or four 64-bit values. The field element represented is: + * v[0]*2^0 + v[1]*2^64 + v[2]*2^128 + v[3]*2^192 (mod p) + * or: + * v[0]*2^0 + v[1]*2^64 + v[2]*2^128 + ... + v[8]*2^512 (mod p) + * + * 128-bit values are called 'limbs'. Since the limbs are spaced only 64 bits + * apart, but are 128-bits wide, the most significant bits of each limb overlap + * with the least significant bits of the next. + * + * A field element with four limbs is an 'felem'. One with eight limbs is a + * 'longfelem' + * + * A field element with four, 64-bit values is called a 'smallfelem'. Small + * values are used as intermediate values before multiplication. + */ + +#define NLIMBS 4 + +typedef uint128_t limb; +typedef limb felem[NLIMBS]; +typedef limb longfelem[NLIMBS * 2]; +typedef u64 smallfelem[NLIMBS]; + +/* This is the value of the prime as four 64-bit words, little-endian. */ +static const u64 kPrime[4] = {0xfffffffffffffffful, 0xffffffff, 0, 0xffffffff00000001ul}; +static const limb bottom32bits = 0xffffffff; +static const u64 bottom63bits = 0x7ffffffffffffffful; + +/* bin32_to_felem takes a little-endian byte array and converts it into felem + * form. This assumes that the CPU is little-endian. */ +static void +bin32_to_felem(felem out, const u8 in[32]) +{ + out[0] = *((u64 *) & in[0]); + out[1] = *((u64 *) & in[8]); + out[2] = *((u64 *) & in[16]); + out[3] = *((u64 *) & in[24]); +} + +/* smallfelem_to_bin32 takes a smallfelem and serialises into a little endian, + * 32 byte array. This assumes that the CPU is little-endian. */ +static void +smallfelem_to_bin32(u8 out[32], const smallfelem in) +{ + *((u64 *) & out[0]) = in[0]; + *((u64 *) & out[8]) = in[1]; + *((u64 *) & out[16]) = in[2]; + *((u64 *) & out[24]) = in[3]; +} + +/* To preserve endianness when using BN_bn2bin and BN_bin2bn */ +static void +flip_endian(u8 * out, const u8 * in, unsigned len) +{ + unsigned i; + for (i = 0; i < len; ++i) + out[i] = in[len - 1 - i]; +} + +/* BN_to_felem converts an OpenSSL BIGNUM into an felem */ +static int +BN_to_felem(felem out, const BIGNUM * bn) +{ + felem_bytearray b_in; + felem_bytearray b_out; + unsigned num_bytes; + + /* BN_bn2bin eats leading zeroes */ + memset(b_out, 0, sizeof b_out); + num_bytes = BN_num_bytes(bn); + if (num_bytes > sizeof b_out) { + ECerror(EC_R_BIGNUM_OUT_OF_RANGE); + return 0; + } + if (BN_is_negative(bn)) { + ECerror(EC_R_BIGNUM_OUT_OF_RANGE); + return 0; + } + num_bytes = BN_bn2bin(bn, b_in); + flip_endian(b_out, b_in, num_bytes); + bin32_to_felem(out, b_out); + return 1; +} + +/* felem_to_BN converts an felem into an OpenSSL BIGNUM */ +static BIGNUM * +smallfelem_to_BN(BIGNUM * out, const smallfelem in) +{ + felem_bytearray b_in, b_out; + smallfelem_to_bin32(b_in, in); + flip_endian(b_out, b_in, sizeof b_out); + return BN_bin2bn(b_out, sizeof b_out, out); +} + + +/* Field operations + * ---------------- */ + +static void +smallfelem_one(smallfelem out) +{ + out[0] = 1; + out[1] = 0; + out[2] = 0; + out[3] = 0; +} + +static void +smallfelem_assign(smallfelem out, const smallfelem in) +{ + out[0] = in[0]; + out[1] = in[1]; + out[2] = in[2]; + out[3] = in[3]; +} + +static void +felem_assign(felem out, const felem in) +{ + out[0] = in[0]; + out[1] = in[1]; + out[2] = in[2]; + out[3] = in[3]; +} + +/* felem_sum sets out = out + in. */ +static void +felem_sum(felem out, const felem in) +{ + out[0] += in[0]; + out[1] += in[1]; + out[2] += in[2]; + out[3] += in[3]; +} + +/* felem_small_sum sets out = out + in. */ +static void +felem_small_sum(felem out, const smallfelem in) +{ + out[0] += in[0]; + out[1] += in[1]; + out[2] += in[2]; + out[3] += in[3]; +} + +/* felem_scalar sets out = out * scalar */ +static void +felem_scalar(felem out, const u64 scalar) +{ + out[0] *= scalar; + out[1] *= scalar; + out[2] *= scalar; + out[3] *= scalar; +} + +/* longfelem_scalar sets out = out * scalar */ +static void +longfelem_scalar(longfelem out, const u64 scalar) +{ + out[0] *= scalar; + out[1] *= scalar; + out[2] *= scalar; + out[3] *= scalar; + out[4] *= scalar; + out[5] *= scalar; + out[6] *= scalar; + out[7] *= scalar; +} + +#define two105m41m9 (((limb)1) << 105) - (((limb)1) << 41) - (((limb)1) << 9) +#define two105 (((limb)1) << 105) +#define two105m41p9 (((limb)1) << 105) - (((limb)1) << 41) + (((limb)1) << 9) + +/* zero105 is 0 mod p */ +static const felem zero105 = {two105m41m9, two105, two105m41p9, two105m41p9}; + +/* smallfelem_neg sets |out| to |-small| + * On exit: + * out[i] < out[i] + 2^105 + */ +static void +smallfelem_neg(felem out, const smallfelem small) +{ + /* In order to prevent underflow, we subtract from 0 mod p. */ + out[0] = zero105[0] - small[0]; + out[1] = zero105[1] - small[1]; + out[2] = zero105[2] - small[2]; + out[3] = zero105[3] - small[3]; +} + +/* felem_diff subtracts |in| from |out| + * On entry: + * in[i] < 2^104 + * On exit: + * out[i] < out[i] + 2^105 + */ +static void +felem_diff(felem out, const felem in) +{ + /* In order to prevent underflow, we add 0 mod p before subtracting. */ + out[0] += zero105[0]; + out[1] += zero105[1]; + out[2] += zero105[2]; + out[3] += zero105[3]; + + out[0] -= in[0]; + out[1] -= in[1]; + out[2] -= in[2]; + out[3] -= in[3]; +} + +#define two107m43m11 (((limb)1) << 107) - (((limb)1) << 43) - (((limb)1) << 11) +#define two107 (((limb)1) << 107) +#define two107m43p11 (((limb)1) << 107) - (((limb)1) << 43) + (((limb)1) << 11) + +/* zero107 is 0 mod p */ +static const felem zero107 = {two107m43m11, two107, two107m43p11, two107m43p11}; + +/* An alternative felem_diff for larger inputs |in| + * felem_diff_zero107 subtracts |in| from |out| + * On entry: + * in[i] < 2^106 + * On exit: + * out[i] < out[i] + 2^107 + */ +static void +felem_diff_zero107(felem out, const felem in) +{ + /* In order to prevent underflow, we add 0 mod p before subtracting. */ + out[0] += zero107[0]; + out[1] += zero107[1]; + out[2] += zero107[2]; + out[3] += zero107[3]; + + out[0] -= in[0]; + out[1] -= in[1]; + out[2] -= in[2]; + out[3] -= in[3]; +} + +/* longfelem_diff subtracts |in| from |out| + * On entry: + * in[i] < 7*2^67 + * On exit: + * out[i] < out[i] + 2^70 + 2^40 + */ +static void +longfelem_diff(longfelem out, const longfelem in) +{ + static const limb two70m8p6 = (((limb) 1) << 70) - (((limb) 1) << 8) + (((limb) 1) << 6); + static const limb two70p40 = (((limb) 1) << 70) + (((limb) 1) << 40); + static const limb two70 = (((limb) 1) << 70); + static const limb two70m40m38p6 = (((limb) 1) << 70) - (((limb) 1) << 40) - (((limb) 1) << 38) + (((limb) 1) << 6); + static const limb two70m6 = (((limb) 1) << 70) - (((limb) 1) << 6); + + /* add 0 mod p to avoid underflow */ + out[0] += two70m8p6; + out[1] += two70p40; + out[2] += two70; + out[3] += two70m40m38p6; + out[4] += two70m6; + out[5] += two70m6; + out[6] += two70m6; + out[7] += two70m6; + + /* in[i] < 7*2^67 < 2^70 - 2^40 - 2^38 + 2^6 */ + out[0] -= in[0]; + out[1] -= in[1]; + out[2] -= in[2]; + out[3] -= in[3]; + out[4] -= in[4]; + out[5] -= in[5]; + out[6] -= in[6]; + out[7] -= in[7]; +} + +#define two64m0 (((limb)1) << 64) - 1 +#define two110p32m0 (((limb)1) << 110) + (((limb)1) << 32) - 1 +#define two64m46 (((limb)1) << 64) - (((limb)1) << 46) +#define two64m32 (((limb)1) << 64) - (((limb)1) << 32) + +/* zero110 is 0 mod p */ +static const felem zero110 = {two64m0, two110p32m0, two64m46, two64m32}; + +/* felem_shrink converts an felem into a smallfelem. The result isn't quite + * minimal as the value may be greater than p. + * + * On entry: + * in[i] < 2^109 + * On exit: + * out[i] < 2^64 + */ +static void +felem_shrink(smallfelem out, const felem in) +{ + felem tmp; + u64 a, b, mask; + s64 high, low; + static const u64 kPrime3Test = 0x7fffffff00000001ul; /* 2^63 - 2^32 + 1 */ + + /* Carry 2->3 */ + tmp[3] = zero110[3] + in[3] + ((u64) (in[2] >> 64)); + /* tmp[3] < 2^110 */ + + tmp[2] = zero110[2] + (u64) in[2]; + tmp[0] = zero110[0] + in[0]; + tmp[1] = zero110[1] + in[1]; + /* tmp[0] < 2**110, tmp[1] < 2^111, tmp[2] < 2**65 */ + + /* + * We perform two partial reductions where we eliminate the high-word + * of tmp[3]. We don't update the other words till the end. + */ + a = tmp[3] >> 64; /* a < 2^46 */ + tmp[3] = (u64) tmp[3]; + tmp[3] -= a; + tmp[3] += ((limb) a) << 32; + /* tmp[3] < 2^79 */ + + b = a; + a = tmp[3] >> 64; /* a < 2^15 */ + b += a; /* b < 2^46 + 2^15 < 2^47 */ + tmp[3] = (u64) tmp[3]; + tmp[3] -= a; + tmp[3] += ((limb) a) << 32; + /* tmp[3] < 2^64 + 2^47 */ + + /* + * This adjusts the other two words to complete the two partial + * reductions. + */ + tmp[0] += b; + tmp[1] -= (((limb) b) << 32); + + /* + * In order to make space in tmp[3] for the carry from 2 -> 3, we + * conditionally subtract kPrime if tmp[3] is large enough. + */ + high = tmp[3] >> 64; + /* As tmp[3] < 2^65, high is either 1 or 0 */ + high <<= 63; + high >>= 63; + /* + * high is: all ones if the high word of tmp[3] is 1 all zeros if + * the high word of tmp[3] if 0 + */ + low = tmp[3]; + mask = low >> 63; + /* + * mask is: all ones if the MSB of low is 1 all zeros if the MSB + * of low if 0 + */ + low &= bottom63bits; + low -= kPrime3Test; + /* if low was greater than kPrime3Test then the MSB is zero */ + low = ~low; + low >>= 63; + /* + * low is: all ones if low was > kPrime3Test all zeros if low was + * <= kPrime3Test + */ + mask = (mask & low) | high; + tmp[0] -= mask & kPrime[0]; + tmp[1] -= mask & kPrime[1]; + /* kPrime[2] is zero, so omitted */ + tmp[3] -= mask & kPrime[3]; + /* tmp[3] < 2**64 - 2**32 + 1 */ + + tmp[1] += ((u64) (tmp[0] >> 64)); + tmp[0] = (u64) tmp[0]; + tmp[2] += ((u64) (tmp[1] >> 64)); + tmp[1] = (u64) tmp[1]; + tmp[3] += ((u64) (tmp[2] >> 64)); + tmp[2] = (u64) tmp[2]; + /* tmp[i] < 2^64 */ + + out[0] = tmp[0]; + out[1] = tmp[1]; + out[2] = tmp[2]; + out[3] = tmp[3]; +} + +/* smallfelem_expand converts a smallfelem to an felem */ +static void +smallfelem_expand(felem out, const smallfelem in) +{ + out[0] = in[0]; + out[1] = in[1]; + out[2] = in[2]; + out[3] = in[3]; +} + +/* smallfelem_square sets |out| = |small|^2 + * On entry: + * small[i] < 2^64 + * On exit: + * out[i] < 7 * 2^64 < 2^67 + */ +static void +smallfelem_square(longfelem out, const smallfelem small) +{ + limb a; + u64 high, low; + + a = ((uint128_t) small[0]) * small[0]; + low = a; + high = a >> 64; + out[0] = low; + out[1] = high; + + a = ((uint128_t) small[0]) * small[1]; + low = a; + high = a >> 64; + out[1] += low; + out[1] += low; + out[2] = high; + + a = ((uint128_t) small[0]) * small[2]; + low = a; + high = a >> 64; + out[2] += low; + out[2] *= 2; + out[3] = high; + + a = ((uint128_t) small[0]) * small[3]; + low = a; + high = a >> 64; + out[3] += low; + out[4] = high; + + a = ((uint128_t) small[1]) * small[2]; + low = a; + high = a >> 64; + out[3] += low; + out[3] *= 2; + out[4] += high; + + a = ((uint128_t) small[1]) * small[1]; + low = a; + high = a >> 64; + out[2] += low; + out[3] += high; + + a = ((uint128_t) small[1]) * small[3]; + low = a; + high = a >> 64; + out[4] += low; + out[4] *= 2; + out[5] = high; + + a = ((uint128_t) small[2]) * small[3]; + low = a; + high = a >> 64; + out[5] += low; + out[5] *= 2; + out[6] = high; + out[6] += high; + + a = ((uint128_t) small[2]) * small[2]; + low = a; + high = a >> 64; + out[4] += low; + out[5] += high; + + a = ((uint128_t) small[3]) * small[3]; + low = a; + high = a >> 64; + out[6] += low; + out[7] = high; +} + +/* felem_square sets |out| = |in|^2 + * On entry: + * in[i] < 2^109 + * On exit: + * out[i] < 7 * 2^64 < 2^67 + */ +static void +felem_square(longfelem out, const felem in) +{ + u64 small[4]; + felem_shrink(small, in); + smallfelem_square(out, small); +} + +/* smallfelem_mul sets |out| = |small1| * |small2| + * On entry: + * small1[i] < 2^64 + * small2[i] < 2^64 + * On exit: + * out[i] < 7 * 2^64 < 2^67 + */ +static void +smallfelem_mul(longfelem out, const smallfelem small1, const smallfelem small2) +{ + limb a; + u64 high, low; + + a = ((uint128_t) small1[0]) * small2[0]; + low = a; + high = a >> 64; + out[0] = low; + out[1] = high; + + + a = ((uint128_t) small1[0]) * small2[1]; + low = a; + high = a >> 64; + out[1] += low; + out[2] = high; + + a = ((uint128_t) small1[1]) * small2[0]; + low = a; + high = a >> 64; + out[1] += low; + out[2] += high; + + + a = ((uint128_t) small1[0]) * small2[2]; + low = a; + high = a >> 64; + out[2] += low; + out[3] = high; + + a = ((uint128_t) small1[1]) * small2[1]; + low = a; + high = a >> 64; + out[2] += low; + out[3] += high; + + a = ((uint128_t) small1[2]) * small2[0]; + low = a; + high = a >> 64; + out[2] += low; + out[3] += high; + + + a = ((uint128_t) small1[0]) * small2[3]; + low = a; + high = a >> 64; + out[3] += low; + out[4] = high; + + a = ((uint128_t) small1[1]) * small2[2]; + low = a; + high = a >> 64; + out[3] += low; + out[4] += high; + + a = ((uint128_t) small1[2]) * small2[1]; + low = a; + high = a >> 64; + out[3] += low; + out[4] += high; + + a = ((uint128_t) small1[3]) * small2[0]; + low = a; + high = a >> 64; + out[3] += low; + out[4] += high; + + + a = ((uint128_t) small1[1]) * small2[3]; + low = a; + high = a >> 64; + out[4] += low; + out[5] = high; + + a = ((uint128_t) small1[2]) * small2[2]; + low = a; + high = a >> 64; + out[4] += low; + out[5] += high; + + a = ((uint128_t) small1[3]) * small2[1]; + low = a; + high = a >> 64; + out[4] += low; + out[5] += high; + + + a = ((uint128_t) small1[2]) * small2[3]; + low = a; + high = a >> 64; + out[5] += low; + out[6] = high; + + a = ((uint128_t) small1[3]) * small2[2]; + low = a; + high = a >> 64; + out[5] += low; + out[6] += high; + + + a = ((uint128_t) small1[3]) * small2[3]; + low = a; + high = a >> 64; + out[6] += low; + out[7] = high; +} + +/* felem_mul sets |out| = |in1| * |in2| + * On entry: + * in1[i] < 2^109 + * in2[i] < 2^109 + * On exit: + * out[i] < 7 * 2^64 < 2^67 + */ +static void +felem_mul(longfelem out, const felem in1, const felem in2) +{ + smallfelem small1, small2; + felem_shrink(small1, in1); + felem_shrink(small2, in2); + smallfelem_mul(out, small1, small2); +} + +/* felem_small_mul sets |out| = |small1| * |in2| + * On entry: + * small1[i] < 2^64 + * in2[i] < 2^109 + * On exit: + * out[i] < 7 * 2^64 < 2^67 + */ +static void +felem_small_mul(longfelem out, const smallfelem small1, const felem in2) +{ + smallfelem small2; + felem_shrink(small2, in2); + smallfelem_mul(out, small1, small2); +} + +#define two100m36m4 (((limb)1) << 100) - (((limb)1) << 36) - (((limb)1) << 4) +#define two100 (((limb)1) << 100) +#define two100m36p4 (((limb)1) << 100) - (((limb)1) << 36) + (((limb)1) << 4) +/* zero100 is 0 mod p */ +static const felem zero100 = {two100m36m4, two100, two100m36p4, two100m36p4}; + +/* Internal function for the different flavours of felem_reduce. + * felem_reduce_ reduces the higher coefficients in[4]-in[7]. + * On entry: + * out[0] >= in[6] + 2^32*in[6] + in[7] + 2^32*in[7] + * out[1] >= in[7] + 2^32*in[4] + * out[2] >= in[5] + 2^32*in[5] + * out[3] >= in[4] + 2^32*in[5] + 2^32*in[6] + * On exit: + * out[0] <= out[0] + in[4] + 2^32*in[5] + * out[1] <= out[1] + in[5] + 2^33*in[6] + * out[2] <= out[2] + in[7] + 2*in[6] + 2^33*in[7] + * out[3] <= out[3] + 2^32*in[4] + 3*in[7] + */ +static void +felem_reduce_(felem out, const longfelem in) +{ + int128_t c; + /* combine common terms from below */ + c = in[4] + (in[5] << 32); + out[0] += c; + out[3] -= c; + + c = in[5] - in[7]; + out[1] += c; + out[2] -= c; + + /* the remaining terms */ + /* 256: [(0,1),(96,-1),(192,-1),(224,1)] */ + out[1] -= (in[4] << 32); + out[3] += (in[4] << 32); + + /* 320: [(32,1),(64,1),(128,-1),(160,-1),(224,-1)] */ + out[2] -= (in[5] << 32); + + /* 384: [(0,-1),(32,-1),(96,2),(128,2),(224,-1)] */ + out[0] -= in[6]; + out[0] -= (in[6] << 32); + out[1] += (in[6] << 33); + out[2] += (in[6] * 2); + out[3] -= (in[6] << 32); + + /* 448: [(0,-1),(32,-1),(64,-1),(128,1),(160,2),(192,3)] */ + out[0] -= in[7]; + out[0] -= (in[7] << 32); + out[2] += (in[7] << 33); + out[3] += (in[7] * 3); +} + +/* felem_reduce converts a longfelem into an felem. + * To be called directly after felem_square or felem_mul. + * On entry: + * in[0] < 2^64, in[1] < 3*2^64, in[2] < 5*2^64, in[3] < 7*2^64 + * in[4] < 7*2^64, in[5] < 5*2^64, in[6] < 3*2^64, in[7] < 2*64 + * On exit: + * out[i] < 2^101 + */ +static void +felem_reduce(felem out, const longfelem in) +{ + out[0] = zero100[0] + in[0]; + out[1] = zero100[1] + in[1]; + out[2] = zero100[2] + in[2]; + out[3] = zero100[3] + in[3]; + + felem_reduce_(out, in); + + /* + * out[0] > 2^100 - 2^36 - 2^4 - 3*2^64 - 3*2^96 - 2^64 - 2^96 > 0 + * out[1] > 2^100 - 2^64 - 7*2^96 > 0 out[2] > 2^100 - 2^36 + 2^4 - + * 5*2^64 - 5*2^96 > 0 out[3] > 2^100 - 2^36 + 2^4 - 7*2^64 - 5*2^96 + * - 3*2^96 > 0 + * + * out[0] < 2^100 + 2^64 + 7*2^64 + 5*2^96 < 2^101 out[1] < 2^100 + + * 3*2^64 + 5*2^64 + 3*2^97 < 2^101 out[2] < 2^100 + 5*2^64 + 2^64 + + * 3*2^65 + 2^97 < 2^101 out[3] < 2^100 + 7*2^64 + 7*2^96 + 3*2^64 < + * 2^101 + */ +} + +/* felem_reduce_zero105 converts a larger longfelem into an felem. + * On entry: + * in[0] < 2^71 + * On exit: + * out[i] < 2^106 + */ +static void +felem_reduce_zero105(felem out, const longfelem in) +{ + out[0] = zero105[0] + in[0]; + out[1] = zero105[1] + in[1]; + out[2] = zero105[2] + in[2]; + out[3] = zero105[3] + in[3]; + + felem_reduce_(out, in); + + /* + * out[0] > 2^105 - 2^41 - 2^9 - 2^71 - 2^103 - 2^71 - 2^103 > 0 + * out[1] > 2^105 - 2^71 - 2^103 > 0 out[2] > 2^105 - 2^41 + 2^9 - + * 2^71 - 2^103 > 0 out[3] > 2^105 - 2^41 + 2^9 - 2^71 - 2^103 - + * 2^103 > 0 + * + * out[0] < 2^105 + 2^71 + 2^71 + 2^103 < 2^106 out[1] < 2^105 + 2^71 + + * 2^71 + 2^103 < 2^106 out[2] < 2^105 + 2^71 + 2^71 + 2^71 + 2^103 < + * 2^106 out[3] < 2^105 + 2^71 + 2^103 + 2^71 < 2^106 + */ +} + +/* subtract_u64 sets *result = *result - v and *carry to one if the subtraction + * underflowed. */ +static void +subtract_u64(u64 * result, u64 * carry, u64 v) +{ + uint128_t r = *result; + r -= v; + *carry = (r >> 64) & 1; + *result = (u64) r; +} + +/* felem_contract converts |in| to its unique, minimal representation. + * On entry: + * in[i] < 2^109 + */ +static void +felem_contract(smallfelem out, const felem in) +{ + unsigned i; + u64 all_equal_so_far = 0, result = 0, carry; + + felem_shrink(out, in); + /* small is minimal except that the value might be > p */ + + all_equal_so_far--; + /* + * We are doing a constant time test if out >= kPrime. We need to + * compare each u64, from most-significant to least significant. For + * each one, if all words so far have been equal (m is all ones) then + * a non-equal result is the answer. Otherwise we continue. + */ + for (i = 3; i < 4; i--) { + u64 equal; + uint128_t a = ((uint128_t) kPrime[i]) - out[i]; + /* + * if out[i] > kPrime[i] then a will underflow and the high + * 64-bits will all be set. + */ + result |= all_equal_so_far & ((u64) (a >> 64)); + + /* + * if kPrime[i] == out[i] then |equal| will be all zeros and + * the decrement will make it all ones. + */ + equal = kPrime[i] ^ out[i]; + equal--; + equal &= equal << 32; + equal &= equal << 16; + equal &= equal << 8; + equal &= equal << 4; + equal &= equal << 2; + equal &= equal << 1; + equal = ((s64) equal) >> 63; + + all_equal_so_far &= equal; + } + + /* + * if all_equal_so_far is still all ones then the two values are + * equal and so out >= kPrime is true. + */ + result |= all_equal_so_far; + + /* if out >= kPrime then we subtract kPrime. */ + subtract_u64(&out[0], &carry, result & kPrime[0]); + subtract_u64(&out[1], &carry, carry); + subtract_u64(&out[2], &carry, carry); + subtract_u64(&out[3], &carry, carry); + + subtract_u64(&out[1], &carry, result & kPrime[1]); + subtract_u64(&out[2], &carry, carry); + subtract_u64(&out[3], &carry, carry); + + subtract_u64(&out[2], &carry, result & kPrime[2]); + subtract_u64(&out[3], &carry, carry); + + subtract_u64(&out[3], &carry, result & kPrime[3]); +} + +static void +smallfelem_square_contract(smallfelem out, const smallfelem in) +{ + longfelem longtmp; + felem tmp; + + smallfelem_square(longtmp, in); + felem_reduce(tmp, longtmp); + felem_contract(out, tmp); +} + +static void +smallfelem_mul_contract(smallfelem out, const smallfelem in1, const smallfelem in2) +{ + longfelem longtmp; + felem tmp; + + smallfelem_mul(longtmp, in1, in2); + felem_reduce(tmp, longtmp); + felem_contract(out, tmp); +} + +/* felem_is_zero returns a limb with all bits set if |in| == 0 (mod p) and 0 + * otherwise. + * On entry: + * small[i] < 2^64 + */ +static limb +smallfelem_is_zero(const smallfelem small) +{ + limb result; + u64 is_p; + + u64 is_zero = small[0] | small[1] | small[2] | small[3]; + is_zero--; + is_zero &= is_zero << 32; + is_zero &= is_zero << 16; + is_zero &= is_zero << 8; + is_zero &= is_zero << 4; + is_zero &= is_zero << 2; + is_zero &= is_zero << 1; + is_zero = ((s64) is_zero) >> 63; + + is_p = (small[0] ^ kPrime[0]) | + (small[1] ^ kPrime[1]) | + (small[2] ^ kPrime[2]) | + (small[3] ^ kPrime[3]); + is_p--; + is_p &= is_p << 32; + is_p &= is_p << 16; + is_p &= is_p << 8; + is_p &= is_p << 4; + is_p &= is_p << 2; + is_p &= is_p << 1; + is_p = ((s64) is_p) >> 63; + + is_zero |= is_p; + + result = is_zero; + result |= ((limb) is_zero) << 64; + return result; +} + +static int +smallfelem_is_zero_int(const smallfelem small) +{ + return (int) (smallfelem_is_zero(small) & ((limb) 1)); +} + +/* felem_inv calculates |out| = |in|^{-1} + * + * Based on Fermat's Little Theorem: + * a^p = a (mod p) + * a^{p-1} = 1 (mod p) + * a^{p-2} = a^{-1} (mod p) + */ +static void +felem_inv(felem out, const felem in) +{ + felem ftmp, ftmp2; + /* each e_I will hold |in|^{2^I - 1} */ + felem e2, e4, e8, e16, e32, e64; + longfelem tmp; + unsigned i; + + felem_square(tmp, in); + felem_reduce(ftmp, tmp);/* 2^1 */ + felem_mul(tmp, in, ftmp); + felem_reduce(ftmp, tmp);/* 2^2 - 2^0 */ + felem_assign(e2, ftmp); + felem_square(tmp, ftmp); + felem_reduce(ftmp, tmp);/* 2^3 - 2^1 */ + felem_square(tmp, ftmp); + felem_reduce(ftmp, tmp);/* 2^4 - 2^2 */ + felem_mul(tmp, ftmp, e2); + felem_reduce(ftmp, tmp);/* 2^4 - 2^0 */ + felem_assign(e4, ftmp); + felem_square(tmp, ftmp); + felem_reduce(ftmp, tmp);/* 2^5 - 2^1 */ + felem_square(tmp, ftmp); + felem_reduce(ftmp, tmp);/* 2^6 - 2^2 */ + felem_square(tmp, ftmp); + felem_reduce(ftmp, tmp);/* 2^7 - 2^3 */ + felem_square(tmp, ftmp); + felem_reduce(ftmp, tmp);/* 2^8 - 2^4 */ + felem_mul(tmp, ftmp, e4); + felem_reduce(ftmp, tmp);/* 2^8 - 2^0 */ + felem_assign(e8, ftmp); + for (i = 0; i < 8; i++) { + felem_square(tmp, ftmp); + felem_reduce(ftmp, tmp); + } /* 2^16 - 2^8 */ + felem_mul(tmp, ftmp, e8); + felem_reduce(ftmp, tmp);/* 2^16 - 2^0 */ + felem_assign(e16, ftmp); + for (i = 0; i < 16; i++) { + felem_square(tmp, ftmp); + felem_reduce(ftmp, tmp); + } /* 2^32 - 2^16 */ + felem_mul(tmp, ftmp, e16); + felem_reduce(ftmp, tmp);/* 2^32 - 2^0 */ + felem_assign(e32, ftmp); + for (i = 0; i < 32; i++) { + felem_square(tmp, ftmp); + felem_reduce(ftmp, tmp); + } /* 2^64 - 2^32 */ + felem_assign(e64, ftmp); + felem_mul(tmp, ftmp, in); + felem_reduce(ftmp, tmp);/* 2^64 - 2^32 + 2^0 */ + for (i = 0; i < 192; i++) { + felem_square(tmp, ftmp); + felem_reduce(ftmp, tmp); + } /* 2^256 - 2^224 + 2^192 */ + + felem_mul(tmp, e64, e32); + felem_reduce(ftmp2, tmp); /* 2^64 - 2^0 */ + for (i = 0; i < 16; i++) { + felem_square(tmp, ftmp2); + felem_reduce(ftmp2, tmp); + } /* 2^80 - 2^16 */ + felem_mul(tmp, ftmp2, e16); + felem_reduce(ftmp2, tmp); /* 2^80 - 2^0 */ + for (i = 0; i < 8; i++) { + felem_square(tmp, ftmp2); + felem_reduce(ftmp2, tmp); + } /* 2^88 - 2^8 */ + felem_mul(tmp, ftmp2, e8); + felem_reduce(ftmp2, tmp); /* 2^88 - 2^0 */ + for (i = 0; i < 4; i++) { + felem_square(tmp, ftmp2); + felem_reduce(ftmp2, tmp); + } /* 2^92 - 2^4 */ + felem_mul(tmp, ftmp2, e4); + felem_reduce(ftmp2, tmp); /* 2^92 - 2^0 */ + felem_square(tmp, ftmp2); + felem_reduce(ftmp2, tmp); /* 2^93 - 2^1 */ + felem_square(tmp, ftmp2); + felem_reduce(ftmp2, tmp); /* 2^94 - 2^2 */ + felem_mul(tmp, ftmp2, e2); + felem_reduce(ftmp2, tmp); /* 2^94 - 2^0 */ + felem_square(tmp, ftmp2); + felem_reduce(ftmp2, tmp); /* 2^95 - 2^1 */ + felem_square(tmp, ftmp2); + felem_reduce(ftmp2, tmp); /* 2^96 - 2^2 */ + felem_mul(tmp, ftmp2, in); + felem_reduce(ftmp2, tmp); /* 2^96 - 3 */ + + felem_mul(tmp, ftmp2, ftmp); + felem_reduce(out, tmp); /* 2^256 - 2^224 + 2^192 + 2^96 - 3 */ +} + +static void +smallfelem_inv_contract(smallfelem out, const smallfelem in) +{ + felem tmp; + + smallfelem_expand(tmp, in); + felem_inv(tmp, tmp); + felem_contract(out, tmp); +} + +/* Group operations + * ---------------- + * + * Building on top of the field operations we have the operations on the + * elliptic curve group itself. Points on the curve are represented in Jacobian + * coordinates */ + +/* point_double calculates 2*(x_in, y_in, z_in) + * + * The method is taken from: + * http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2001-b + * + * Outputs can equal corresponding inputs, i.e., x_out == x_in is allowed. + * while x_out == y_in is not (maybe this works, but it's not tested). */ +static void +point_double(felem x_out, felem y_out, felem z_out, + const felem x_in, const felem y_in, const felem z_in) +{ + longfelem tmp, tmp2; + felem delta, gamma, beta, alpha, ftmp, ftmp2; + smallfelem small1, small2; + + felem_assign(ftmp, x_in); + /* ftmp[i] < 2^106 */ + felem_assign(ftmp2, x_in); + /* ftmp2[i] < 2^106 */ + + /* delta = z^2 */ + felem_square(tmp, z_in); + felem_reduce(delta, tmp); + /* delta[i] < 2^101 */ + + /* gamma = y^2 */ + felem_square(tmp, y_in); + felem_reduce(gamma, tmp); + /* gamma[i] < 2^101 */ + felem_shrink(small1, gamma); + + /* beta = x*gamma */ + felem_small_mul(tmp, small1, x_in); + felem_reduce(beta, tmp); + /* beta[i] < 2^101 */ + + /* alpha = 3*(x-delta)*(x+delta) */ + felem_diff(ftmp, delta); + /* ftmp[i] < 2^105 + 2^106 < 2^107 */ + felem_sum(ftmp2, delta); + /* ftmp2[i] < 2^105 + 2^106 < 2^107 */ + felem_scalar(ftmp2, 3); + /* ftmp2[i] < 3 * 2^107 < 2^109 */ + felem_mul(tmp, ftmp, ftmp2); + felem_reduce(alpha, tmp); + /* alpha[i] < 2^101 */ + felem_shrink(small2, alpha); + + /* x' = alpha^2 - 8*beta */ + smallfelem_square(tmp, small2); + felem_reduce(x_out, tmp); + felem_assign(ftmp, beta); + felem_scalar(ftmp, 8); + /* ftmp[i] < 8 * 2^101 = 2^104 */ + felem_diff(x_out, ftmp); + /* x_out[i] < 2^105 + 2^101 < 2^106 */ + + /* z' = (y + z)^2 - gamma - delta */ + felem_sum(delta, gamma); + /* delta[i] < 2^101 + 2^101 = 2^102 */ + felem_assign(ftmp, y_in); + felem_sum(ftmp, z_in); + /* ftmp[i] < 2^106 + 2^106 = 2^107 */ + felem_square(tmp, ftmp); + felem_reduce(z_out, tmp); + felem_diff(z_out, delta); + /* z_out[i] < 2^105 + 2^101 < 2^106 */ + + /* y' = alpha*(4*beta - x') - 8*gamma^2 */ + felem_scalar(beta, 4); + /* beta[i] < 4 * 2^101 = 2^103 */ + felem_diff_zero107(beta, x_out); + /* beta[i] < 2^107 + 2^103 < 2^108 */ + felem_small_mul(tmp, small2, beta); + /* tmp[i] < 7 * 2^64 < 2^67 */ + smallfelem_square(tmp2, small1); + /* tmp2[i] < 7 * 2^64 */ + longfelem_scalar(tmp2, 8); + /* tmp2[i] < 8 * 7 * 2^64 = 7 * 2^67 */ + longfelem_diff(tmp, tmp2); + /* tmp[i] < 2^67 + 2^70 + 2^40 < 2^71 */ + felem_reduce_zero105(y_out, tmp); + /* y_out[i] < 2^106 */ +} + +/* point_double_small is the same as point_double, except that it operates on + * smallfelems */ +static void +point_double_small(smallfelem x_out, smallfelem y_out, smallfelem z_out, + const smallfelem x_in, const smallfelem y_in, const smallfelem z_in) +{ + felem felem_x_out, felem_y_out, felem_z_out; + felem felem_x_in, felem_y_in, felem_z_in; + + smallfelem_expand(felem_x_in, x_in); + smallfelem_expand(felem_y_in, y_in); + smallfelem_expand(felem_z_in, z_in); + point_double(felem_x_out, felem_y_out, felem_z_out, + felem_x_in, felem_y_in, felem_z_in); + felem_shrink(x_out, felem_x_out); + felem_shrink(y_out, felem_y_out); + felem_shrink(z_out, felem_z_out); +} + +/* copy_conditional copies in to out iff mask is all ones. */ +static void +copy_conditional(felem out, const felem in, limb mask) +{ + unsigned i; + for (i = 0; i < NLIMBS; ++i) { + const limb tmp = mask & (in[i] ^ out[i]); + out[i] ^= tmp; + } +} + +/* copy_small_conditional copies in to out iff mask is all ones. */ +static void +copy_small_conditional(felem out, const smallfelem in, limb mask) +{ + unsigned i; + const u64 mask64 = mask; + for (i = 0; i < NLIMBS; ++i) { + out[i] = ((limb) (in[i] & mask64)) | (out[i] & ~mask); + } +} + +/* point_add calcuates (x1, y1, z1) + (x2, y2, z2) + * + * The method is taken from: + * http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-2007-bl, + * adapted for mixed addition (z2 = 1, or z2 = 0 for the point at infinity). + * + * This function includes a branch for checking whether the two input points + * are equal, (while not equal to the point at infinity). This case never + * happens during single point multiplication, so there is no timing leak for + * ECDH or ECDSA signing. */ +static void +point_add(felem x3, felem y3, felem z3, + const felem x1, const felem y1, const felem z1, + const int mixed, const smallfelem x2, const smallfelem y2, const smallfelem z2) +{ + felem ftmp, ftmp2, ftmp3, ftmp4, ftmp5, ftmp6, x_out, y_out, z_out; + longfelem tmp, tmp2; + smallfelem small1, small2, small3, small4, small5; + limb x_equal, y_equal, z1_is_zero, z2_is_zero; + + felem_shrink(small3, z1); + + z1_is_zero = smallfelem_is_zero(small3); + z2_is_zero = smallfelem_is_zero(z2); + + /* ftmp = z1z1 = z1**2 */ + smallfelem_square(tmp, small3); + felem_reduce(ftmp, tmp); + /* ftmp[i] < 2^101 */ + felem_shrink(small1, ftmp); + + if (!mixed) { + /* ftmp2 = z2z2 = z2**2 */ + smallfelem_square(tmp, z2); + felem_reduce(ftmp2, tmp); + /* ftmp2[i] < 2^101 */ + felem_shrink(small2, ftmp2); + + felem_shrink(small5, x1); + + /* u1 = ftmp3 = x1*z2z2 */ + smallfelem_mul(tmp, small5, small2); + felem_reduce(ftmp3, tmp); + /* ftmp3[i] < 2^101 */ + + /* ftmp5 = z1 + z2 */ + felem_assign(ftmp5, z1); + felem_small_sum(ftmp5, z2); + /* ftmp5[i] < 2^107 */ + + /* ftmp5 = (z1 + z2)**2 - (z1z1 + z2z2) = 2z1z2 */ + felem_square(tmp, ftmp5); + felem_reduce(ftmp5, tmp); + /* ftmp2 = z2z2 + z1z1 */ + felem_sum(ftmp2, ftmp); + /* ftmp2[i] < 2^101 + 2^101 = 2^102 */ + felem_diff(ftmp5, ftmp2); + /* ftmp5[i] < 2^105 + 2^101 < 2^106 */ + + /* ftmp2 = z2 * z2z2 */ + smallfelem_mul(tmp, small2, z2); + felem_reduce(ftmp2, tmp); + + /* s1 = ftmp2 = y1 * z2**3 */ + felem_mul(tmp, y1, ftmp2); + felem_reduce(ftmp6, tmp); + /* ftmp6[i] < 2^101 */ + } else { + /* We'll assume z2 = 1 (special case z2 = 0 is handled later) */ + + /* u1 = ftmp3 = x1*z2z2 */ + felem_assign(ftmp3, x1); + /* ftmp3[i] < 2^106 */ + + /* ftmp5 = 2z1z2 */ + felem_assign(ftmp5, z1); + felem_scalar(ftmp5, 2); + /* ftmp5[i] < 2*2^106 = 2^107 */ + + /* s1 = ftmp2 = y1 * z2**3 */ + felem_assign(ftmp6, y1); + /* ftmp6[i] < 2^106 */ + } + + /* u2 = x2*z1z1 */ + smallfelem_mul(tmp, x2, small1); + felem_reduce(ftmp4, tmp); + + /* h = ftmp4 = u2 - u1 */ + felem_diff_zero107(ftmp4, ftmp3); + /* ftmp4[i] < 2^107 + 2^101 < 2^108 */ + felem_shrink(small4, ftmp4); + + x_equal = smallfelem_is_zero(small4); + + /* z_out = ftmp5 * h */ + felem_small_mul(tmp, small4, ftmp5); + felem_reduce(z_out, tmp); + /* z_out[i] < 2^101 */ + + /* ftmp = z1 * z1z1 */ + smallfelem_mul(tmp, small1, small3); + felem_reduce(ftmp, tmp); + + /* s2 = tmp = y2 * z1**3 */ + felem_small_mul(tmp, y2, ftmp); + felem_reduce(ftmp5, tmp); + + /* r = ftmp5 = (s2 - s1)*2 */ + felem_diff_zero107(ftmp5, ftmp6); + /* ftmp5[i] < 2^107 + 2^107 = 2^108 */ + felem_scalar(ftmp5, 2); + /* ftmp5[i] < 2^109 */ + felem_shrink(small1, ftmp5); + y_equal = smallfelem_is_zero(small1); + + if (x_equal && y_equal && !z1_is_zero && !z2_is_zero) { + point_double(x3, y3, z3, x1, y1, z1); + return; + } + /* I = ftmp = (2h)**2 */ + felem_assign(ftmp, ftmp4); + felem_scalar(ftmp, 2); + /* ftmp[i] < 2*2^108 = 2^109 */ + felem_square(tmp, ftmp); + felem_reduce(ftmp, tmp); + + /* J = ftmp2 = h * I */ + felem_mul(tmp, ftmp4, ftmp); + felem_reduce(ftmp2, tmp); + + /* V = ftmp4 = U1 * I */ + felem_mul(tmp, ftmp3, ftmp); + felem_reduce(ftmp4, tmp); + + /* x_out = r**2 - J - 2V */ + smallfelem_square(tmp, small1); + felem_reduce(x_out, tmp); + felem_assign(ftmp3, ftmp4); + felem_scalar(ftmp4, 2); + felem_sum(ftmp4, ftmp2); + /* ftmp4[i] < 2*2^101 + 2^101 < 2^103 */ + felem_diff(x_out, ftmp4); + /* x_out[i] < 2^105 + 2^101 */ + + /* y_out = r(V-x_out) - 2 * s1 * J */ + felem_diff_zero107(ftmp3, x_out); + /* ftmp3[i] < 2^107 + 2^101 < 2^108 */ + felem_small_mul(tmp, small1, ftmp3); + felem_mul(tmp2, ftmp6, ftmp2); + longfelem_scalar(tmp2, 2); + /* tmp2[i] < 2*2^67 = 2^68 */ + longfelem_diff(tmp, tmp2); + /* tmp[i] < 2^67 + 2^70 + 2^40 < 2^71 */ + felem_reduce_zero105(y_out, tmp); + /* y_out[i] < 2^106 */ + + copy_small_conditional(x_out, x2, z1_is_zero); + copy_conditional(x_out, x1, z2_is_zero); + copy_small_conditional(y_out, y2, z1_is_zero); + copy_conditional(y_out, y1, z2_is_zero); + copy_small_conditional(z_out, z2, z1_is_zero); + copy_conditional(z_out, z1, z2_is_zero); + felem_assign(x3, x_out); + felem_assign(y3, y_out); + felem_assign(z3, z_out); +} + +/* point_add_small is the same as point_add, except that it operates on + * smallfelems */ +static void +point_add_small(smallfelem x3, smallfelem y3, smallfelem z3, + smallfelem x1, smallfelem y1, smallfelem z1, + smallfelem x2, smallfelem y2, smallfelem z2) +{ + felem felem_x3, felem_y3, felem_z3; + felem felem_x1, felem_y1, felem_z1; + smallfelem_expand(felem_x1, x1); + smallfelem_expand(felem_y1, y1); + smallfelem_expand(felem_z1, z1); + point_add(felem_x3, felem_y3, felem_z3, felem_x1, felem_y1, felem_z1, 0, x2, y2, z2); + felem_shrink(x3, felem_x3); + felem_shrink(y3, felem_y3); + felem_shrink(z3, felem_z3); +} + +/* Base point pre computation + * -------------------------- + * + * Two different sorts of precomputed tables are used in the following code. + * Each contain various points on the curve, where each point is three field + * elements (x, y, z). + * + * For the base point table, z is usually 1 (0 for the point at infinity). + * This table has 2 * 16 elements, starting with the following: + * index | bits | point + * ------+---------+------------------------------ + * 0 | 0 0 0 0 | 0G + * 1 | 0 0 0 1 | 1G + * 2 | 0 0 1 0 | 2^64G + * 3 | 0 0 1 1 | (2^64 + 1)G + * 4 | 0 1 0 0 | 2^128G + * 5 | 0 1 0 1 | (2^128 + 1)G + * 6 | 0 1 1 0 | (2^128 + 2^64)G + * 7 | 0 1 1 1 | (2^128 + 2^64 + 1)G + * 8 | 1 0 0 0 | 2^192G + * 9 | 1 0 0 1 | (2^192 + 1)G + * 10 | 1 0 1 0 | (2^192 + 2^64)G + * 11 | 1 0 1 1 | (2^192 + 2^64 + 1)G + * 12 | 1 1 0 0 | (2^192 + 2^128)G + * 13 | 1 1 0 1 | (2^192 + 2^128 + 1)G + * 14 | 1 1 1 0 | (2^192 + 2^128 + 2^64)G + * 15 | 1 1 1 1 | (2^192 + 2^128 + 2^64 + 1)G + * followed by a copy of this with each element multiplied by 2^32. + * + * The reason for this is so that we can clock bits into four different + * locations when doing simple scalar multiplies against the base point, + * and then another four locations using the second 16 elements. + * + * Tables for other points have table[i] = iG for i in 0 .. 16. */ + +/* gmul is the table of precomputed base points */ +static const smallfelem gmul[2][16][3] = +{{{{0, 0, 0, 0}, +{0, 0, 0, 0}, +{0, 0, 0, 0}}, +{{0xf4a13945d898c296, 0x77037d812deb33a0, 0xf8bce6e563a440f2, 0x6b17d1f2e12c4247}, +{0xcbb6406837bf51f5, 0x2bce33576b315ece, 0x8ee7eb4a7c0f9e16, 0x4fe342e2fe1a7f9b}, +{1, 0, 0, 0}}, +{{0x90e75cb48e14db63, 0x29493baaad651f7e, 0x8492592e326e25de, 0x0fa822bc2811aaa5}, +{0xe41124545f462ee7, 0x34b1a65050fe82f5, 0x6f4ad4bcb3df188b, 0xbff44ae8f5dba80d}, +{1, 0, 0, 0}}, +{{0x93391ce2097992af, 0xe96c98fd0d35f1fa, 0xb257c0de95e02789, 0x300a4bbc89d6726f}, +{0xaa54a291c08127a0, 0x5bb1eeada9d806a5, 0x7f1ddb25ff1e3c6f, 0x72aac7e0d09b4644}, +{1, 0, 0, 0}}, +{{0x57c84fc9d789bd85, 0xfc35ff7dc297eac3, 0xfb982fd588c6766e, 0x447d739beedb5e67}, +{0x0c7e33c972e25b32, 0x3d349b95a7fae500, 0xe12e9d953a4aaff7, 0x2d4825ab834131ee}, +{1, 0, 0, 0}}, +{{0x13949c932a1d367f, 0xef7fbd2b1a0a11b7, 0xddc6068bb91dfc60, 0xef9519328a9c72ff}, +{0x196035a77376d8a8, 0x23183b0895ca1740, 0xc1ee9807022c219c, 0x611e9fc37dbb2c9b}, +{1, 0, 0, 0}}, +{{0xcae2b1920b57f4bc, 0x2936df5ec6c9bc36, 0x7dea6482e11238bf, 0x550663797b51f5d8}, +{0x44ffe216348a964c, 0x9fb3d576dbdefbe1, 0x0afa40018d9d50e5, 0x157164848aecb851}, +{1, 0, 0, 0}}, +{{0xe48ecafffc5cde01, 0x7ccd84e70d715f26, 0xa2e8f483f43e4391, 0xeb5d7745b21141ea}, +{0xcac917e2731a3479, 0x85f22cfe2844b645, 0x0990e6a158006cee, 0xeafd72ebdbecc17b}, +{1, 0, 0, 0}}, +{{0x6cf20ffb313728be, 0x96439591a3c6b94a, 0x2736ff8344315fc5, 0xa6d39677a7849276}, +{0xf2bab833c357f5f4, 0x824a920c2284059b, 0x66b8babd2d27ecdf, 0x674f84749b0b8816}, +{1, 0, 0, 0}}, +{{0x2df48c04677c8a3e, 0x74e02f080203a56b, 0x31855f7db8c7fedb, 0x4e769e7672c9ddad}, +{0xa4c36165b824bbb0, 0xfb9ae16f3b9122a5, 0x1ec0057206947281, 0x42b99082de830663}, +{1, 0, 0, 0}}, +{{0x6ef95150dda868b9, 0xd1f89e799c0ce131, 0x7fdc1ca008a1c478, 0x78878ef61c6ce04d}, +{0x9c62b9121fe0d976, 0x6ace570ebde08d4f, 0xde53142c12309def, 0xb6cb3f5d7b72c321}, +{1, 0, 0, 0}}, +{{0x7f991ed2c31a3573, 0x5b82dd5bd54fb496, 0x595c5220812ffcae, 0x0c88bc4d716b1287}, +{0x3a57bf635f48aca8, 0x7c8181f4df2564f3, 0x18d1b5b39c04e6aa, 0xdd5ddea3f3901dc6}, +{1, 0, 0, 0}}, +{{0xe96a79fb3e72ad0c, 0x43a0a28c42ba792f, 0xefe0a423083e49f3, 0x68f344af6b317466}, +{0xcdfe17db3fb24d4a, 0x668bfc2271f5c626, 0x604ed93c24d67ff3, 0x31b9c405f8540a20}, +{1, 0, 0, 0}}, +{{0xd36b4789a2582e7f, 0x0d1a10144ec39c28, 0x663c62c3edbad7a0, 0x4052bf4b6f461db9}, +{0x235a27c3188d25eb, 0xe724f33999bfcc5b, 0x862be6bd71d70cc8, 0xfecf4d5190b0fc61}, +{1, 0, 0, 0}}, +{{0x74346c10a1d4cfac, 0xafdf5cc08526a7a4, 0x123202a8f62bff7a, 0x1eddbae2c802e41a}, +{0x8fa0af2dd603f844, 0x36e06b7e4c701917, 0x0c45f45273db33a0, 0x43104d86560ebcfc}, +{1, 0, 0, 0}}, +{{0x9615b5110d1d78e5, 0x66b0de3225c4744b, 0x0a4a46fb6aaf363a, 0xb48e26b484f7a21c}, +{0x06ebb0f621a01b2d, 0xc004e4048b7b0f98, 0x64131bcdfed6f668, 0xfac015404d4d3dab}, +{1, 0, 0, 0}}}, +{{{0, 0, 0, 0}, +{0, 0, 0, 0}, +{0, 0, 0, 0}}, +{{0x3a5a9e22185a5943, 0x1ab919365c65dfb6, 0x21656b32262c71da, 0x7fe36b40af22af89}, +{0xd50d152c699ca101, 0x74b3d5867b8af212, 0x9f09f40407dca6f1, 0xe697d45825b63624}, +{1, 0, 0, 0}}, +{{0xa84aa9397512218e, 0xe9a521b074ca0141, 0x57880b3a18a2e902, 0x4a5b506612a677a6}, +{0x0beada7a4c4f3840, 0x626db15419e26d9d, 0xc42604fbe1627d40, 0xeb13461ceac089f1}, +{1, 0, 0, 0}}, +{{0xf9faed0927a43281, 0x5e52c4144103ecbc, 0xc342967aa815c857, 0x0781b8291c6a220a}, +{0x5a8343ceeac55f80, 0x88f80eeee54a05e3, 0x97b2a14f12916434, 0x690cde8df0151593}, +{1, 0, 0, 0}}, +{{0xaee9c75df7f82f2a, 0x9e4c35874afdf43a, 0xf5622df437371326, 0x8a535f566ec73617}, +{0xc5f9a0ac223094b7, 0xcde533864c8c7669, 0x37e02819085a92bf, 0x0455c08468b08bd7}, +{1, 0, 0, 0}}, +{{0x0c0a6e2c9477b5d9, 0xf9a4bf62876dc444, 0x5050a949b6cdc279, 0x06bada7ab77f8276}, +{0xc8b4aed1ea48dac9, 0xdebd8a4b7ea1070f, 0x427d49101366eb70, 0x5b476dfd0e6cb18a}, +{1, 0, 0, 0}}, +{{0x7c5c3e44278c340a, 0x4d54606812d66f3b, 0x29a751b1ae23c5d8, 0x3e29864e8a2ec908}, +{0x142d2a6626dbb850, 0xad1744c4765bd780, 0x1f150e68e322d1ed, 0x239b90ea3dc31e7e}, +{1, 0, 0, 0}}, +{{0x78c416527a53322a, 0x305dde6709776f8e, 0xdbcab759f8862ed4, 0x820f4dd949f72ff7}, +{0x6cc544a62b5debd4, 0x75be5d937b4e8cc4, 0x1b481b1b215c14d3, 0x140406ec783a05ec}, +{1, 0, 0, 0}}, +{{0x6a703f10e895df07, 0xfd75f3fa01876bd8, 0xeb5b06e70ce08ffe, 0x68f6b8542783dfee}, +{0x90c76f8a78712655, 0xcf5293d2f310bf7f, 0xfbc8044dfda45028, 0xcbe1feba92e40ce6}, +{1, 0, 0, 0}}, +{{0xe998ceea4396e4c1, 0xfc82ef0b6acea274, 0x230f729f2250e927, 0xd0b2f94d2f420109}, +{0x4305adddb38d4966, 0x10b838f8624c3b45, 0x7db2636658954e7a, 0x971459828b0719e5}, +{1, 0, 0, 0}}, +{{0x4bd6b72623369fc9, 0x57f2929e53d0b876, 0xc2d5cba4f2340687, 0x961610004a866aba}, +{0x49997bcd2e407a5e, 0x69ab197d92ddcb24, 0x2cf1f2438fe5131c, 0x7acb9fadcee75e44}, +{1, 0, 0, 0}}, +{{0x254e839423d2d4c0, 0xf57f0c917aea685b, 0xa60d880f6f75aaea, 0x24eb9acca333bf5b}, +{0xe3de4ccb1cda5dea, 0xfeef9341c51a6b4f, 0x743125f88bac4c4d, 0x69f891c5acd079cc}, +{1, 0, 0, 0}}, +{{0xeee44b35702476b5, 0x7ed031a0e45c2258, 0xb422d1e7bd6f8514, 0xe51f547c5972a107}, +{0xa25bcd6fc9cf343d, 0x8ca922ee097c184e, 0xa62f98b3a9fe9a06, 0x1c309a2b25bb1387}, +{1, 0, 0, 0}}, +{{0x9295dbeb1967c459, 0xb00148833472c98e, 0xc504977708011828, 0x20b87b8aa2c4e503}, +{0x3063175de057c277, 0x1bd539338fe582dd, 0x0d11adef5f69a044, 0xf5c6fa49919776be}, +{1, 0, 0, 0}}, +{{0x8c944e760fd59e11, 0x3876cba1102fad5f, 0xa454c3fad83faa56, 0x1ed7d1b9332010b9}, +{0xa1011a270024b889, 0x05e4d0dcac0cd344, 0x52b520f0eb6a2a24, 0x3a2b03f03217257a}, +{1, 0, 0, 0}}, +{{0xf20fc2afdf1d043d, 0xf330240db58d5a62, 0xfc7d229ca0058c3b, 0x15fee545c78dd9f6}, +{0x501e82885bc98cda, 0x41ef80e5d046ac04, 0x557d9f49461210fb, 0x4ab5b6b2b8753f81}, +{1, 0, 0, 0}}}}; + +/* select_point selects the |idx|th point from a precomputation table and + * copies it to out. */ +static void +select_point(const u64 idx, unsigned int size, const smallfelem pre_comp[16][3], smallfelem out[3]) +{ + unsigned i, j; + u64 *outlimbs = &out[0][0]; + memset(outlimbs, 0, 3 * sizeof(smallfelem)); + + for (i = 0; i < size; i++) { + const u64 *inlimbs = (u64 *) & pre_comp[i][0][0]; + u64 mask = i ^ idx; + mask |= mask >> 4; + mask |= mask >> 2; + mask |= mask >> 1; + mask &= 1; + mask--; + for (j = 0; j < NLIMBS * 3; j++) + outlimbs[j] |= inlimbs[j] & mask; + } +} + +/* get_bit returns the |i|th bit in |in| */ +static char +get_bit(const felem_bytearray in, int i) +{ + if ((i < 0) || (i >= 256)) + return 0; + return (in[i >> 3] >> (i & 7)) & 1; +} + +/* Interleaved point multiplication using precomputed point multiples: + * The small point multiples 0*P, 1*P, ..., 17*P are in pre_comp[], + * the scalars in scalars[]. If g_scalar is non-NULL, we also add this multiple + * of the generator, using certain (large) precomputed multiples in g_pre_comp. + * Output point (X, Y, Z) is stored in x_out, y_out, z_out */ +static void +batch_mul(felem x_out, felem y_out, felem z_out, + const felem_bytearray scalars[], const unsigned num_points, const u8 * g_scalar, + const int mixed, const smallfelem pre_comp[][17][3], const smallfelem g_pre_comp[2][16][3]) +{ + int i, skip; + unsigned num, gen_mul = (g_scalar != NULL); + felem nq[3], ftmp; + smallfelem tmp[3]; + u64 bits; + u8 sign, digit; + + /* set nq to the point at infinity */ + memset(nq, 0, 3 * sizeof(felem)); + + /* + * Loop over all scalars msb-to-lsb, interleaving additions of + * multiples of the generator (two in each of the last 32 rounds) and + * additions of other points multiples (every 5th round). + */ + skip = 1; /* save two point operations in the first + * round */ + for (i = (num_points ? 255 : 31); i >= 0; --i) { + /* double */ + if (!skip) + point_double(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2]); + + /* add multiples of the generator */ + if (gen_mul && (i <= 31)) { + /* first, look 32 bits upwards */ + bits = get_bit(g_scalar, i + 224) << 3; + bits |= get_bit(g_scalar, i + 160) << 2; + bits |= get_bit(g_scalar, i + 96) << 1; + bits |= get_bit(g_scalar, i + 32); + /* select the point to add, in constant time */ + select_point(bits, 16, g_pre_comp[1], tmp); + + if (!skip) { + point_add(nq[0], nq[1], nq[2], + nq[0], nq[1], nq[2], + 1 /* mixed */ , tmp[0], tmp[1], tmp[2]); + } else { + smallfelem_expand(nq[0], tmp[0]); + smallfelem_expand(nq[1], tmp[1]); + smallfelem_expand(nq[2], tmp[2]); + skip = 0; + } + + /* second, look at the current position */ + bits = get_bit(g_scalar, i + 192) << 3; + bits |= get_bit(g_scalar, i + 128) << 2; + bits |= get_bit(g_scalar, i + 64) << 1; + bits |= get_bit(g_scalar, i); + /* select the point to add, in constant time */ + select_point(bits, 16, g_pre_comp[0], tmp); + point_add(nq[0], nq[1], nq[2], + nq[0], nq[1], nq[2], + 1 /* mixed */ , tmp[0], tmp[1], tmp[2]); + } + /* do other additions every 5 doublings */ + if (num_points && (i % 5 == 0)) { + /* loop over all scalars */ + for (num = 0; num < num_points; ++num) { + bits = get_bit(scalars[num], i + 4) << 5; + bits |= get_bit(scalars[num], i + 3) << 4; + bits |= get_bit(scalars[num], i + 2) << 3; + bits |= get_bit(scalars[num], i + 1) << 2; + bits |= get_bit(scalars[num], i) << 1; + bits |= get_bit(scalars[num], i - 1); + ec_GFp_nistp_recode_scalar_bits(&sign, &digit, bits); + + /* + * select the point to add or subtract, in + * constant time + */ + select_point(digit, 17, pre_comp[num], tmp); + smallfelem_neg(ftmp, tmp[1]); /* (X, -Y, Z) is the + * negative point */ + copy_small_conditional(ftmp, tmp[1], (((limb) sign) - 1)); + felem_contract(tmp[1], ftmp); + + if (!skip) { + point_add(nq[0], nq[1], nq[2], + nq[0], nq[1], nq[2], + mixed, tmp[0], tmp[1], tmp[2]); + } else { + smallfelem_expand(nq[0], tmp[0]); + smallfelem_expand(nq[1], tmp[1]); + smallfelem_expand(nq[2], tmp[2]); + skip = 0; + } + } + } + } + felem_assign(x_out, nq[0]); + felem_assign(y_out, nq[1]); + felem_assign(z_out, nq[2]); +} + +/* Precomputation for the group generator. */ +typedef struct { + smallfelem g_pre_comp[2][16][3]; + int references; +} NISTP256_PRE_COMP; + +const EC_METHOD * +EC_GFp_nistp256_method(void) +{ + static const EC_METHOD ret = { + .flags = EC_FLAGS_DEFAULT_OCT, + .field_type = NID_X9_62_prime_field, + .group_init = ec_GFp_nistp256_group_init, + .group_finish = ec_GFp_simple_group_finish, + .group_clear_finish = ec_GFp_simple_group_clear_finish, + .group_copy = ec_GFp_nist_group_copy, + .group_set_curve = ec_GFp_nistp256_group_set_curve, + .group_get_curve = ec_GFp_simple_group_get_curve, + .group_get_degree = ec_GFp_simple_group_get_degree, + .group_check_discriminant = + ec_GFp_simple_group_check_discriminant, + .point_init = ec_GFp_simple_point_init, + .point_finish = ec_GFp_simple_point_finish, + .point_clear_finish = ec_GFp_simple_point_clear_finish, + .point_copy = ec_GFp_simple_point_copy, + .point_set_to_infinity = ec_GFp_simple_point_set_to_infinity, + .point_set_Jprojective_coordinates_GFp = + ec_GFp_simple_set_Jprojective_coordinates_GFp, + .point_get_Jprojective_coordinates_GFp = + ec_GFp_simple_get_Jprojective_coordinates_GFp, + .point_set_affine_coordinates = + ec_GFp_simple_point_set_affine_coordinates, + .point_get_affine_coordinates = + ec_GFp_nistp256_point_get_affine_coordinates, + .add = ec_GFp_simple_add, + .dbl = ec_GFp_simple_dbl, + .invert = ec_GFp_simple_invert, + .is_at_infinity = ec_GFp_simple_is_at_infinity, + .is_on_curve = ec_GFp_simple_is_on_curve, + .point_cmp = ec_GFp_simple_cmp, + .make_affine = ec_GFp_simple_make_affine, + .points_make_affine = ec_GFp_simple_points_make_affine, + .mul = ec_GFp_nistp256_points_mul, + .precompute_mult = ec_GFp_nistp256_precompute_mult, + .have_precompute_mult = ec_GFp_nistp256_have_precompute_mult, + .field_mul = ec_GFp_nist_field_mul, + .field_sqr = ec_GFp_nist_field_sqr, + .blind_coordinates = NULL, + }; + + return &ret; +} + +/******************************************************************************/ +/* FUNCTIONS TO MANAGE PRECOMPUTATION + */ + +static NISTP256_PRE_COMP * +nistp256_pre_comp_new() +{ + NISTP256_PRE_COMP *ret = NULL; + ret = malloc(sizeof *ret); + if (!ret) { + ECerror(ERR_R_MALLOC_FAILURE); + return ret; + } + memset(ret->g_pre_comp, 0, sizeof(ret->g_pre_comp)); + ret->references = 1; + return ret; +} + +static void * +nistp256_pre_comp_dup(void *src_) +{ + NISTP256_PRE_COMP *src = src_; + + /* no need to actually copy, these objects never change! */ + CRYPTO_add(&src->references, 1, CRYPTO_LOCK_EC_PRE_COMP); + + return src_; +} + +static void +nistp256_pre_comp_free(void *pre_) +{ + int i; + NISTP256_PRE_COMP *pre = pre_; + + if (!pre) + return; + + i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP); + if (i > 0) + return; + + free(pre); +} + +static void +nistp256_pre_comp_clear_free(void *pre_) +{ + int i; + NISTP256_PRE_COMP *pre = pre_; + + if (!pre) + return; + + i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP); + if (i > 0) + return; + + freezero(pre, sizeof *pre); +} + +/******************************************************************************/ +/* OPENSSL EC_METHOD FUNCTIONS + */ + +int +ec_GFp_nistp256_group_init(EC_GROUP * group) +{ + int ret; + ret = ec_GFp_simple_group_init(group); + group->a_is_minus3 = 1; + return ret; +} + +int +ec_GFp_nistp256_group_set_curve(EC_GROUP * group, const BIGNUM * p, + const BIGNUM * a, const BIGNUM * b, BN_CTX * ctx) +{ + int ret = 0; + BN_CTX *new_ctx = NULL; + BIGNUM *curve_p, *curve_a, *curve_b; + + if (ctx == NULL) + if ((ctx = new_ctx = BN_CTX_new()) == NULL) + return 0; + BN_CTX_start(ctx); + if (((curve_p = BN_CTX_get(ctx)) == NULL) || + ((curve_a = BN_CTX_get(ctx)) == NULL) || + ((curve_b = BN_CTX_get(ctx)) == NULL)) + goto err; + BN_bin2bn(nistp256_curve_params[0], sizeof(felem_bytearray), curve_p); + BN_bin2bn(nistp256_curve_params[1], sizeof(felem_bytearray), curve_a); + BN_bin2bn(nistp256_curve_params[2], sizeof(felem_bytearray), curve_b); + if ((BN_cmp(curve_p, p)) || (BN_cmp(curve_a, a)) || + (BN_cmp(curve_b, b))) { + ECerror(EC_R_WRONG_CURVE_PARAMETERS); + goto err; + } + group->field_mod_func = BN_nist_mod_256; + ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx); + err: + BN_CTX_end(ctx); + BN_CTX_free(new_ctx); + return ret; +} + +/* Takes the Jacobian coordinates (X, Y, Z) of a point and returns + * (X', Y') = (X/Z^2, Y/Z^3) */ +int +ec_GFp_nistp256_point_get_affine_coordinates(const EC_GROUP * group, + const EC_POINT * point, BIGNUM * x, BIGNUM * y, BN_CTX * ctx) +{ + felem z1, z2, x_in, y_in; + smallfelem x_out, y_out; + longfelem tmp; + + if (EC_POINT_is_at_infinity(group, point) > 0) { + ECerror(EC_R_POINT_AT_INFINITY); + return 0; + } + if ((!BN_to_felem(x_in, &point->X)) || (!BN_to_felem(y_in, &point->Y)) || + (!BN_to_felem(z1, &point->Z))) + return 0; + felem_inv(z2, z1); + felem_square(tmp, z2); + felem_reduce(z1, tmp); + felem_mul(tmp, x_in, z1); + felem_reduce(x_in, tmp); + felem_contract(x_out, x_in); + if (x != NULL) { + if (!smallfelem_to_BN(x, x_out)) { + ECerror(ERR_R_BN_LIB); + return 0; + } + } + felem_mul(tmp, z1, z2); + felem_reduce(z1, tmp); + felem_mul(tmp, y_in, z1); + felem_reduce(y_in, tmp); + felem_contract(y_out, y_in); + if (y != NULL) { + if (!smallfelem_to_BN(y, y_out)) { + ECerror(ERR_R_BN_LIB); + return 0; + } + } + return 1; +} + +static void +make_points_affine(size_t num, smallfelem points[ /* num */ ][3], smallfelem tmp_smallfelems[ /* num+1 */ ]) +{ + /* + * Runs in constant time, unless an input is the point at infinity + * (which normally shouldn't happen). + */ + ec_GFp_nistp_points_make_affine_internal( + num, + points, + sizeof(smallfelem), + tmp_smallfelems, + (void (*) (void *)) smallfelem_one, + (int (*) (const void *)) smallfelem_is_zero_int, + (void (*) (void *, const void *)) smallfelem_assign, + (void (*) (void *, const void *)) smallfelem_square_contract, + (void (*) (void *, const void *, const void *)) smallfelem_mul_contract, + (void (*) (void *, const void *)) smallfelem_inv_contract, + (void (*) (void *, const void *)) smallfelem_assign /* nothing to contract */ ); +} + +/* Computes scalar*generator + \sum scalars[i]*points[i], ignoring NULL values + * Result is stored in r (r can equal one of the inputs). */ +int +ec_GFp_nistp256_points_mul(const EC_GROUP * group, EC_POINT * r, + const BIGNUM * scalar, size_t num, const EC_POINT * points[], + const BIGNUM * scalars[], BN_CTX * ctx) +{ + int ret = 0; + int j; + int mixed = 0; + BN_CTX *new_ctx = NULL; + BIGNUM *x, *y, *z, *tmp_scalar; + felem_bytearray g_secret; + felem_bytearray *secrets = NULL; + smallfelem(*pre_comp)[17][3] = NULL; + smallfelem *tmp_smallfelems = NULL; + felem_bytearray tmp; + unsigned i, num_bytes; + int have_pre_comp = 0; + size_t num_points = num; + smallfelem x_in, y_in, z_in; + felem x_out, y_out, z_out; + NISTP256_PRE_COMP *pre = NULL; + const smallfelem(*g_pre_comp)[16][3] = NULL; + EC_POINT *generator = NULL; + const EC_POINT *p = NULL; + const BIGNUM *p_scalar = NULL; + + if (ctx == NULL) + if ((ctx = new_ctx = BN_CTX_new()) == NULL) + return 0; + BN_CTX_start(ctx); + if (((x = BN_CTX_get(ctx)) == NULL) || + ((y = BN_CTX_get(ctx)) == NULL) || + ((z = BN_CTX_get(ctx)) == NULL) || + ((tmp_scalar = BN_CTX_get(ctx)) == NULL)) + goto err; + + if (scalar != NULL) { + pre = EC_EX_DATA_get_data(group->extra_data, + nistp256_pre_comp_dup, nistp256_pre_comp_free, + nistp256_pre_comp_clear_free); + if (pre) + /* we have precomputation, try to use it */ + g_pre_comp = (const smallfelem(*)[16][3]) pre->g_pre_comp; + else + /* try to use the standard precomputation */ + g_pre_comp = &gmul[0]; + generator = EC_POINT_new(group); + if (generator == NULL) + goto err; + /* get the generator from precomputation */ + if (!smallfelem_to_BN(x, g_pre_comp[0][1][0]) || + !smallfelem_to_BN(y, g_pre_comp[0][1][1]) || + !smallfelem_to_BN(z, g_pre_comp[0][1][2])) { + ECerror(ERR_R_BN_LIB); + goto err; + } + if (!EC_POINT_set_Jprojective_coordinates_GFp(group, + generator, x, y, z, ctx)) + goto err; + if (0 == EC_POINT_cmp(group, generator, group->generator, ctx)) + /* precomputation matches generator */ + have_pre_comp = 1; + else + /* + * we don't have valid precomputation: treat the + * generator as a random point + */ + num_points++; + } + if (num_points > 0) { + if (num_points >= 3) { + /* + * unless we precompute multiples for just one or two + * points, converting those into affine form is time + * well spent + */ + mixed = 1; + } + secrets = calloc(num_points, sizeof(felem_bytearray)); + pre_comp = calloc(num_points, 17 * 3 * sizeof(smallfelem)); + if (mixed) { + /* XXX should do more int overflow checking */ + tmp_smallfelems = reallocarray(NULL, + (num_points * 17 + 1), sizeof(smallfelem)); + } + if ((secrets == NULL) || (pre_comp == NULL) || (mixed && (tmp_smallfelems == NULL))) { + ECerror(ERR_R_MALLOC_FAILURE); + goto err; + } + /* + * we treat NULL scalars as 0, and NULL points as points at + * infinity, i.e., they contribute nothing to the linear + * combination + */ + for (i = 0; i < num_points; ++i) { + if (i == num) + /* + * we didn't have a valid precomputation, so + * we pick the generator + */ + { + p = EC_GROUP_get0_generator(group); + p_scalar = scalar; + } else + /* the i^th point */ + { + p = points[i]; + p_scalar = scalars[i]; + } + if ((p_scalar != NULL) && (p != NULL)) { + /* reduce scalar to 0 <= scalar < 2^256 */ + if ((BN_num_bits(p_scalar) > 256) || (BN_is_negative(p_scalar))) { + /* + * this is an unusual input, and we + * don't guarantee constant-timeness + */ + if (!BN_nnmod(tmp_scalar, p_scalar, &group->order, ctx)) { + ECerror(ERR_R_BN_LIB); + goto err; + } + num_bytes = BN_bn2bin(tmp_scalar, tmp); + } else + num_bytes = BN_bn2bin(p_scalar, tmp); + flip_endian(secrets[i], tmp, num_bytes); + /* precompute multiples */ + if ((!BN_to_felem(x_out, &p->X)) || + (!BN_to_felem(y_out, &p->Y)) || + (!BN_to_felem(z_out, &p->Z))) + goto err; + felem_shrink(pre_comp[i][1][0], x_out); + felem_shrink(pre_comp[i][1][1], y_out); + felem_shrink(pre_comp[i][1][2], z_out); + for (j = 2; j <= 16; ++j) { + if (j & 1) { + point_add_small( + pre_comp[i][j][0], pre_comp[i][j][1], pre_comp[i][j][2], + pre_comp[i][1][0], pre_comp[i][1][1], pre_comp[i][1][2], + pre_comp[i][j - 1][0], pre_comp[i][j - 1][1], pre_comp[i][j - 1][2]); + } else { + point_double_small( + pre_comp[i][j][0], pre_comp[i][j][1], pre_comp[i][j][2], + pre_comp[i][j / 2][0], pre_comp[i][j / 2][1], pre_comp[i][j / 2][2]); + } + } + } + } + if (mixed) + make_points_affine(num_points * 17, pre_comp[0], tmp_smallfelems); + } + /* the scalar for the generator */ + if ((scalar != NULL) && (have_pre_comp)) { + memset(g_secret, 0, sizeof(g_secret)); + /* reduce scalar to 0 <= scalar < 2^256 */ + if ((BN_num_bits(scalar) > 256) || (BN_is_negative(scalar))) { + /* + * this is an unusual input, and we don't guarantee + * constant-timeness + */ + if (!BN_nnmod(tmp_scalar, scalar, &group->order, ctx)) { + ECerror(ERR_R_BN_LIB); + goto err; + } + num_bytes = BN_bn2bin(tmp_scalar, tmp); + } else + num_bytes = BN_bn2bin(scalar, tmp); + flip_endian(g_secret, tmp, num_bytes); + /* do the multiplication with generator precomputation */ + batch_mul(x_out, y_out, z_out, + (const felem_bytearray(*)) secrets, num_points, + g_secret, + mixed, (const smallfelem(*)[17][3]) pre_comp, + g_pre_comp); + } else + /* do the multiplication without generator precomputation */ + batch_mul(x_out, y_out, z_out, + (const felem_bytearray(*)) secrets, num_points, + NULL, mixed, (const smallfelem(*)[17][3]) pre_comp, NULL); + /* reduce the output to its unique minimal representation */ + felem_contract(x_in, x_out); + felem_contract(y_in, y_out); + felem_contract(z_in, z_out); + if ((!smallfelem_to_BN(x, x_in)) || (!smallfelem_to_BN(y, y_in)) || + (!smallfelem_to_BN(z, z_in))) { + ECerror(ERR_R_BN_LIB); + goto err; + } + ret = EC_POINT_set_Jprojective_coordinates_GFp(group, r, x, y, z, ctx); + + err: + BN_CTX_end(ctx); + EC_POINT_free(generator); + BN_CTX_free(new_ctx); + free(secrets); + free(pre_comp); + free(tmp_smallfelems); + return ret; +} + +int +ec_GFp_nistp256_precompute_mult(EC_GROUP * group, BN_CTX * ctx) +{ + int ret = 0; + NISTP256_PRE_COMP *pre = NULL; + int i, j; + BN_CTX *new_ctx = NULL; + BIGNUM *x, *y; + EC_POINT *generator = NULL; + smallfelem tmp_smallfelems[32]; + felem x_tmp, y_tmp, z_tmp; + + /* throw away old precomputation */ + EC_EX_DATA_free_data(&group->extra_data, nistp256_pre_comp_dup, + nistp256_pre_comp_free, nistp256_pre_comp_clear_free); + if (ctx == NULL) + if ((ctx = new_ctx = BN_CTX_new()) == NULL) + return 0; + BN_CTX_start(ctx); + if (((x = BN_CTX_get(ctx)) == NULL) || + ((y = BN_CTX_get(ctx)) == NULL)) + goto err; + /* get the generator */ + if (group->generator == NULL) + goto err; + generator = EC_POINT_new(group); + if (generator == NULL) + goto err; + BN_bin2bn(nistp256_curve_params[3], sizeof(felem_bytearray), x); + BN_bin2bn(nistp256_curve_params[4], sizeof(felem_bytearray), y); + if (!EC_POINT_set_affine_coordinates_GFp(group, generator, x, y, ctx)) + goto err; + if ((pre = nistp256_pre_comp_new()) == NULL) + goto err; + /* if the generator is the standard one, use built-in precomputation */ + if (0 == EC_POINT_cmp(group, generator, group->generator, ctx)) { + memcpy(pre->g_pre_comp, gmul, sizeof(pre->g_pre_comp)); + ret = 1; + goto err; + } + if ((!BN_to_felem(x_tmp, &group->generator->X)) || + (!BN_to_felem(y_tmp, &group->generator->Y)) || + (!BN_to_felem(z_tmp, &group->generator->Z))) + goto err; + felem_shrink(pre->g_pre_comp[0][1][0], x_tmp); + felem_shrink(pre->g_pre_comp[0][1][1], y_tmp); + felem_shrink(pre->g_pre_comp[0][1][2], z_tmp); + /* + * compute 2^64*G, 2^128*G, 2^192*G for the first table, 2^32*G, + * 2^96*G, 2^160*G, 2^224*G for the second one + */ + for (i = 1; i <= 8; i <<= 1) { + point_double_small( + pre->g_pre_comp[1][i][0], pre->g_pre_comp[1][i][1], pre->g_pre_comp[1][i][2], + pre->g_pre_comp[0][i][0], pre->g_pre_comp[0][i][1], pre->g_pre_comp[0][i][2]); + for (j = 0; j < 31; ++j) { + point_double_small( + pre->g_pre_comp[1][i][0], pre->g_pre_comp[1][i][1], pre->g_pre_comp[1][i][2], + pre->g_pre_comp[1][i][0], pre->g_pre_comp[1][i][1], pre->g_pre_comp[1][i][2]); + } + if (i == 8) + break; + point_double_small( + pre->g_pre_comp[0][2 * i][0], pre->g_pre_comp[0][2 * i][1], pre->g_pre_comp[0][2 * i][2], + pre->g_pre_comp[1][i][0], pre->g_pre_comp[1][i][1], pre->g_pre_comp[1][i][2]); + for (j = 0; j < 31; ++j) { + point_double_small( + pre->g_pre_comp[0][2 * i][0], pre->g_pre_comp[0][2 * i][1], pre->g_pre_comp[0][2 * i][2], + pre->g_pre_comp[0][2 * i][0], pre->g_pre_comp[0][2 * i][1], pre->g_pre_comp[0][2 * i][2]); + } + } + for (i = 0; i < 2; i++) { + /* g_pre_comp[i][0] is the point at infinity */ + memset(pre->g_pre_comp[i][0], 0, sizeof(pre->g_pre_comp[i][0])); + /* the remaining multiples */ + /* 2^64*G + 2^128*G resp. 2^96*G + 2^160*G */ + point_add_small( + pre->g_pre_comp[i][6][0], pre->g_pre_comp[i][6][1], pre->g_pre_comp[i][6][2], + pre->g_pre_comp[i][4][0], pre->g_pre_comp[i][4][1], pre->g_pre_comp[i][4][2], + pre->g_pre_comp[i][2][0], pre->g_pre_comp[i][2][1], pre->g_pre_comp[i][2][2]); + /* 2^64*G + 2^192*G resp. 2^96*G + 2^224*G */ + point_add_small( + pre->g_pre_comp[i][10][0], pre->g_pre_comp[i][10][1], pre->g_pre_comp[i][10][2], + pre->g_pre_comp[i][8][0], pre->g_pre_comp[i][8][1], pre->g_pre_comp[i][8][2], + pre->g_pre_comp[i][2][0], pre->g_pre_comp[i][2][1], pre->g_pre_comp[i][2][2]); + /* 2^128*G + 2^192*G resp. 2^160*G + 2^224*G */ + point_add_small( + pre->g_pre_comp[i][12][0], pre->g_pre_comp[i][12][1], pre->g_pre_comp[i][12][2], + pre->g_pre_comp[i][8][0], pre->g_pre_comp[i][8][1], pre->g_pre_comp[i][8][2], + pre->g_pre_comp[i][4][0], pre->g_pre_comp[i][4][1], pre->g_pre_comp[i][4][2]); + /* + * 2^64*G + 2^128*G + 2^192*G resp. 2^96*G + 2^160*G + + * 2^224*G + */ + point_add_small( + pre->g_pre_comp[i][14][0], pre->g_pre_comp[i][14][1], pre->g_pre_comp[i][14][2], + pre->g_pre_comp[i][12][0], pre->g_pre_comp[i][12][1], pre->g_pre_comp[i][12][2], + pre->g_pre_comp[i][2][0], pre->g_pre_comp[i][2][1], pre->g_pre_comp[i][2][2]); + for (j = 1; j < 8; ++j) { + /* odd multiples: add G resp. 2^32*G */ + point_add_small( + pre->g_pre_comp[i][2 * j + 1][0], pre->g_pre_comp[i][2 * j + 1][1], pre->g_pre_comp[i][2 * j + 1][2], + pre->g_pre_comp[i][2 * j][0], pre->g_pre_comp[i][2 * j][1], pre->g_pre_comp[i][2 * j][2], + pre->g_pre_comp[i][1][0], pre->g_pre_comp[i][1][1], pre->g_pre_comp[i][1][2]); + } + } + make_points_affine(31, &(pre->g_pre_comp[0][1]), tmp_smallfelems); + + if (!EC_EX_DATA_set_data(&group->extra_data, pre, nistp256_pre_comp_dup, + nistp256_pre_comp_free, nistp256_pre_comp_clear_free)) + goto err; + ret = 1; + pre = NULL; + err: + BN_CTX_end(ctx); + EC_POINT_free(generator); + BN_CTX_free(new_ctx); + nistp256_pre_comp_free(pre); + return ret; +} + +int +ec_GFp_nistp256_have_precompute_mult(const EC_GROUP * group) +{ + if (EC_EX_DATA_get_data(group->extra_data, nistp256_pre_comp_dup, + nistp256_pre_comp_free, nistp256_pre_comp_clear_free) + != NULL) + return 1; + else + return 0; +} +#endif diff --git a/src/lib/libcrypto/ec/ecp_nistp521.c b/src/lib/libcrypto/ec/ecp_nistp521.c new file mode 100644 index 00000000000..e085610cbc6 --- /dev/null +++ b/src/lib/libcrypto/ec/ecp_nistp521.c @@ -0,0 +1,2111 @@ +/* $OpenBSD: ecp_nistp521.c,v 1.23 2018/11/05 20:18:21 tb Exp $ */ +/* + * Written by Adam Langley (Google) for the OpenSSL project + */ +/* + * Copyright (c) 2011 Google Inc. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * A 64-bit implementation of the NIST P-521 elliptic curve point multiplication + * + * OpenSSL integration was taken from Emilia Kasper's work in ecp_nistp224.c. + * Otherwise based on Emilia's P224 work, which was inspired by my curve25519 + * work which got its smarts from Daniel J. Bernstein's work on the same. + */ + +#include +#include + +#include + +#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 + +#include +#include "ec_lcl.h" + +#if defined(__GNUC__) && (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 1)) + /* even with gcc, the typedef won't work for 32-bit platforms */ + typedef __uint128_t uint128_t; /* nonstandard; implemented by gcc on 64-bit platforms */ +#else + #error "Need GCC 3.1 or later to define type uint128_t" +#endif + +typedef uint8_t u8; +typedef uint64_t u64; +typedef int64_t s64; + +/* The underlying field. + * + * P521 operates over GF(2^521-1). We can serialise an element of this field + * into 66 bytes where the most significant byte contains only a single bit. We + * call this an felem_bytearray. */ + +typedef u8 felem_bytearray[66]; + +/* These are the parameters of P521, taken from FIPS 186-3, section D.1.2.5. + * These values are big-endian. */ +static const felem_bytearray nistp521_curve_params[5] = + { + {0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, /* p */ + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff}, + {0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, /* a = -3 */ + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xfc}, + {0x00, 0x51, 0x95, 0x3e, 0xb9, 0x61, 0x8e, 0x1c, /* b */ + 0x9a, 0x1f, 0x92, 0x9a, 0x21, 0xa0, 0xb6, 0x85, + 0x40, 0xee, 0xa2, 0xda, 0x72, 0x5b, 0x99, 0xb3, + 0x15, 0xf3, 0xb8, 0xb4, 0x89, 0x91, 0x8e, 0xf1, + 0x09, 0xe1, 0x56, 0x19, 0x39, 0x51, 0xec, 0x7e, + 0x93, 0x7b, 0x16, 0x52, 0xc0, 0xbd, 0x3b, 0xb1, + 0xbf, 0x07, 0x35, 0x73, 0xdf, 0x88, 0x3d, 0x2c, + 0x34, 0xf1, 0xef, 0x45, 0x1f, 0xd4, 0x6b, 0x50, + 0x3f, 0x00}, + {0x00, 0xc6, 0x85, 0x8e, 0x06, 0xb7, 0x04, 0x04, /* x */ + 0xe9, 0xcd, 0x9e, 0x3e, 0xcb, 0x66, 0x23, 0x95, + 0xb4, 0x42, 0x9c, 0x64, 0x81, 0x39, 0x05, 0x3f, + 0xb5, 0x21, 0xf8, 0x28, 0xaf, 0x60, 0x6b, 0x4d, + 0x3d, 0xba, 0xa1, 0x4b, 0x5e, 0x77, 0xef, 0xe7, + 0x59, 0x28, 0xfe, 0x1d, 0xc1, 0x27, 0xa2, 0xff, + 0xa8, 0xde, 0x33, 0x48, 0xb3, 0xc1, 0x85, 0x6a, + 0x42, 0x9b, 0xf9, 0x7e, 0x7e, 0x31, 0xc2, 0xe5, + 0xbd, 0x66}, + {0x01, 0x18, 0x39, 0x29, 0x6a, 0x78, 0x9a, 0x3b, /* y */ + 0xc0, 0x04, 0x5c, 0x8a, 0x5f, 0xb4, 0x2c, 0x7d, + 0x1b, 0xd9, 0x98, 0xf5, 0x44, 0x49, 0x57, 0x9b, + 0x44, 0x68, 0x17, 0xaf, 0xbd, 0x17, 0x27, 0x3e, + 0x66, 0x2c, 0x97, 0xee, 0x72, 0x99, 0x5e, 0xf4, + 0x26, 0x40, 0xc5, 0x50, 0xb9, 0x01, 0x3f, 0xad, + 0x07, 0x61, 0x35, 0x3c, 0x70, 0x86, 0xa2, 0x72, + 0xc2, 0x40, 0x88, 0xbe, 0x94, 0x76, 0x9f, 0xd1, + 0x66, 0x50} + }; + +/* The representation of field elements. + * ------------------------------------ + * + * We represent field elements with nine values. These values are either 64 or + * 128 bits and the field element represented is: + * v[0]*2^0 + v[1]*2^58 + v[2]*2^116 + ... + v[8]*2^464 (mod p) + * Each of the nine values is called a 'limb'. Since the limbs are spaced only + * 58 bits apart, but are greater than 58 bits in length, the most significant + * bits of each limb overlap with the least significant bits of the next. + * + * A field element with 64-bit limbs is an 'felem'. One with 128-bit limbs is a + * 'largefelem' */ + +#define NLIMBS 9 + +typedef uint64_t limb; +typedef limb felem[NLIMBS]; +typedef uint128_t largefelem[NLIMBS]; + +static const limb bottom57bits = 0x1ffffffffffffff; +static const limb bottom58bits = 0x3ffffffffffffff; + +/* bin66_to_felem takes a little-endian byte array and converts it into felem + * form. This assumes that the CPU is little-endian. */ +static void +bin66_to_felem(felem out, const u8 in[66]) +{ + out[0] = (*((limb *) & in[0])) & bottom58bits; + out[1] = (*((limb *) & in[7]) >> 2) & bottom58bits; + out[2] = (*((limb *) & in[14]) >> 4) & bottom58bits; + out[3] = (*((limb *) & in[21]) >> 6) & bottom58bits; + out[4] = (*((limb *) & in[29])) & bottom58bits; + out[5] = (*((limb *) & in[36]) >> 2) & bottom58bits; + out[6] = (*((limb *) & in[43]) >> 4) & bottom58bits; + out[7] = (*((limb *) & in[50]) >> 6) & bottom58bits; + out[8] = (*((limb *) & in[58])) & bottom57bits; +} + +/* felem_to_bin66 takes an felem and serialises into a little endian, 66 byte + * array. This assumes that the CPU is little-endian. */ +static void +felem_to_bin66(u8 out[66], const felem in) +{ + memset(out, 0, 66); + (*((limb *) & out[0])) = in[0]; + (*((limb *) & out[7])) |= in[1] << 2; + (*((limb *) & out[14])) |= in[2] << 4; + (*((limb *) & out[21])) |= in[3] << 6; + (*((limb *) & out[29])) = in[4]; + (*((limb *) & out[36])) |= in[5] << 2; + (*((limb *) & out[43])) |= in[6] << 4; + (*((limb *) & out[50])) |= in[7] << 6; + (*((limb *) & out[58])) = in[8]; +} + +/* To preserve endianness when using BN_bn2bin and BN_bin2bn */ +static void +flip_endian(u8 * out, const u8 * in, unsigned len) +{ + unsigned i; + for (i = 0; i < len; ++i) + out[i] = in[len - 1 - i]; +} + +/* BN_to_felem converts an OpenSSL BIGNUM into an felem */ +static int +BN_to_felem(felem out, const BIGNUM * bn) +{ + felem_bytearray b_in; + felem_bytearray b_out; + unsigned num_bytes; + + /* BN_bn2bin eats leading zeroes */ + memset(b_out, 0, sizeof b_out); + num_bytes = BN_num_bytes(bn); + if (num_bytes > sizeof b_out) { + ECerror(EC_R_BIGNUM_OUT_OF_RANGE); + return 0; + } + if (BN_is_negative(bn)) { + ECerror(EC_R_BIGNUM_OUT_OF_RANGE); + return 0; + } + num_bytes = BN_bn2bin(bn, b_in); + flip_endian(b_out, b_in, num_bytes); + bin66_to_felem(out, b_out); + return 1; +} + +/* felem_to_BN converts an felem into an OpenSSL BIGNUM */ +static BIGNUM * +felem_to_BN(BIGNUM * out, const felem in) +{ + felem_bytearray b_in, b_out; + felem_to_bin66(b_in, in); + flip_endian(b_out, b_in, sizeof b_out); + return BN_bin2bn(b_out, sizeof b_out, out); +} + + +/* Field operations + * ---------------- */ + +static void +felem_one(felem out) +{ + out[0] = 1; + out[1] = 0; + out[2] = 0; + out[3] = 0; + out[4] = 0; + out[5] = 0; + out[6] = 0; + out[7] = 0; + out[8] = 0; +} + +static void +felem_assign(felem out, const felem in) +{ + out[0] = in[0]; + out[1] = in[1]; + out[2] = in[2]; + out[3] = in[3]; + out[4] = in[4]; + out[5] = in[5]; + out[6] = in[6]; + out[7] = in[7]; + out[8] = in[8]; +} + +/* felem_sum64 sets out = out + in. */ +static void +felem_sum64(felem out, const felem in) +{ + out[0] += in[0]; + out[1] += in[1]; + out[2] += in[2]; + out[3] += in[3]; + out[4] += in[4]; + out[5] += in[5]; + out[6] += in[6]; + out[7] += in[7]; + out[8] += in[8]; +} + +/* felem_scalar sets out = in * scalar */ +static void +felem_scalar(felem out, const felem in, limb scalar) +{ + out[0] = in[0] * scalar; + out[1] = in[1] * scalar; + out[2] = in[2] * scalar; + out[3] = in[3] * scalar; + out[4] = in[4] * scalar; + out[5] = in[5] * scalar; + out[6] = in[6] * scalar; + out[7] = in[7] * scalar; + out[8] = in[8] * scalar; +} + +/* felem_scalar64 sets out = out * scalar */ +static void +felem_scalar64(felem out, limb scalar) +{ + out[0] *= scalar; + out[1] *= scalar; + out[2] *= scalar; + out[3] *= scalar; + out[4] *= scalar; + out[5] *= scalar; + out[6] *= scalar; + out[7] *= scalar; + out[8] *= scalar; +} + +/* felem_scalar128 sets out = out * scalar */ +static void +felem_scalar128(largefelem out, limb scalar) +{ + out[0] *= scalar; + out[1] *= scalar; + out[2] *= scalar; + out[3] *= scalar; + out[4] *= scalar; + out[5] *= scalar; + out[6] *= scalar; + out[7] *= scalar; + out[8] *= scalar; +} + +/* felem_neg sets |out| to |-in| + * On entry: + * in[i] < 2^59 + 2^14 + * On exit: + * out[i] < 2^62 + */ +static void +felem_neg(felem out, const felem in) +{ + /* In order to prevent underflow, we subtract from 0 mod p. */ + static const limb two62m3 = (((limb) 1) << 62) - (((limb) 1) << 5); + static const limb two62m2 = (((limb) 1) << 62) - (((limb) 1) << 4); + + out[0] = two62m3 - in[0]; + out[1] = two62m2 - in[1]; + out[2] = two62m2 - in[2]; + out[3] = two62m2 - in[3]; + out[4] = two62m2 - in[4]; + out[5] = two62m2 - in[5]; + out[6] = two62m2 - in[6]; + out[7] = two62m2 - in[7]; + out[8] = two62m2 - in[8]; +} + +/* felem_diff64 subtracts |in| from |out| + * On entry: + * in[i] < 2^59 + 2^14 + * On exit: + * out[i] < out[i] + 2^62 + */ +static void +felem_diff64(felem out, const felem in) +{ + /* In order to prevent underflow, we add 0 mod p before subtracting. */ + static const limb two62m3 = (((limb) 1) << 62) - (((limb) 1) << 5); + static const limb two62m2 = (((limb) 1) << 62) - (((limb) 1) << 4); + + out[0] += two62m3 - in[0]; + out[1] += two62m2 - in[1]; + out[2] += two62m2 - in[2]; + out[3] += two62m2 - in[3]; + out[4] += two62m2 - in[4]; + out[5] += two62m2 - in[5]; + out[6] += two62m2 - in[6]; + out[7] += two62m2 - in[7]; + out[8] += two62m2 - in[8]; +} + +/* felem_diff_128_64 subtracts |in| from |out| + * On entry: + * in[i] < 2^62 + 2^17 + * On exit: + * out[i] < out[i] + 2^63 + */ +static void +felem_diff_128_64(largefelem out, const felem in) +{ + /* In order to prevent underflow, we add 0 mod p before subtracting. */ + static const limb two63m6 = (((limb) 1) << 62) - (((limb) 1) << 5); + static const limb two63m5 = (((limb) 1) << 62) - (((limb) 1) << 4); + + out[0] += two63m6 - in[0]; + out[1] += two63m5 - in[1]; + out[2] += two63m5 - in[2]; + out[3] += two63m5 - in[3]; + out[4] += two63m5 - in[4]; + out[5] += two63m5 - in[5]; + out[6] += two63m5 - in[6]; + out[7] += two63m5 - in[7]; + out[8] += two63m5 - in[8]; +} + +/* felem_diff_128_64 subtracts |in| from |out| + * On entry: + * in[i] < 2^126 + * On exit: + * out[i] < out[i] + 2^127 - 2^69 + */ +static void +felem_diff128(largefelem out, const largefelem in) +{ + /* In order to prevent underflow, we add 0 mod p before subtracting. */ + static const uint128_t two127m70 = (((uint128_t) 1) << 127) - (((uint128_t) 1) << 70); + static const uint128_t two127m69 = (((uint128_t) 1) << 127) - (((uint128_t) 1) << 69); + + out[0] += (two127m70 - in[0]); + out[1] += (two127m69 - in[1]); + out[2] += (two127m69 - in[2]); + out[3] += (two127m69 - in[3]); + out[4] += (two127m69 - in[4]); + out[5] += (two127m69 - in[5]); + out[6] += (two127m69 - in[6]); + out[7] += (two127m69 - in[7]); + out[8] += (two127m69 - in[8]); +} + +/* felem_square sets |out| = |in|^2 + * On entry: + * in[i] < 2^62 + * On exit: + * out[i] < 17 * max(in[i]) * max(in[i]) + */ +static void +felem_square(largefelem out, const felem in) +{ + felem inx2, inx4; + felem_scalar(inx2, in, 2); + felem_scalar(inx4, in, 4); + + /* + * We have many cases were we want to do in[x] * in[y] + in[y] * + * in[x] This is obviously just 2 * in[x] * in[y] However, rather + * than do the doubling on the 128 bit result, we double one of the + * inputs to the multiplication by reading from |inx2| + */ + + out[0] = ((uint128_t) in[0]) * in[0]; + out[1] = ((uint128_t) in[0]) * inx2[1]; + out[2] = ((uint128_t) in[0]) * inx2[2] + + ((uint128_t) in[1]) * in[1]; + out[3] = ((uint128_t) in[0]) * inx2[3] + + ((uint128_t) in[1]) * inx2[2]; + out[4] = ((uint128_t) in[0]) * inx2[4] + + ((uint128_t) in[1]) * inx2[3] + + ((uint128_t) in[2]) * in[2]; + out[5] = ((uint128_t) in[0]) * inx2[5] + + ((uint128_t) in[1]) * inx2[4] + + ((uint128_t) in[2]) * inx2[3]; + out[6] = ((uint128_t) in[0]) * inx2[6] + + ((uint128_t) in[1]) * inx2[5] + + ((uint128_t) in[2]) * inx2[4] + + ((uint128_t) in[3]) * in[3]; + out[7] = ((uint128_t) in[0]) * inx2[7] + + ((uint128_t) in[1]) * inx2[6] + + ((uint128_t) in[2]) * inx2[5] + + ((uint128_t) in[3]) * inx2[4]; + out[8] = ((uint128_t) in[0]) * inx2[8] + + ((uint128_t) in[1]) * inx2[7] + + ((uint128_t) in[2]) * inx2[6] + + ((uint128_t) in[3]) * inx2[5] + + ((uint128_t) in[4]) * in[4]; + + /* + * The remaining limbs fall above 2^521, with the first falling at + * 2^522. They correspond to locations one bit up from the limbs + * produced above so we would have to multiply by two to align them. + * Again, rather than operate on the 128-bit result, we double one of + * the inputs to the multiplication. If we want to double for both + * this reason, and the reason above, then we end up multiplying by + * four. + */ + + /* 9 */ + out[0] += ((uint128_t) in[1]) * inx4[8] + + ((uint128_t) in[2]) * inx4[7] + + ((uint128_t) in[3]) * inx4[6] + + ((uint128_t) in[4]) * inx4[5]; + + /* 10 */ + out[1] += ((uint128_t) in[2]) * inx4[8] + + ((uint128_t) in[3]) * inx4[7] + + ((uint128_t) in[4]) * inx4[6] + + ((uint128_t) in[5]) * inx2[5]; + + /* 11 */ + out[2] += ((uint128_t) in[3]) * inx4[8] + + ((uint128_t) in[4]) * inx4[7] + + ((uint128_t) in[5]) * inx4[6]; + + /* 12 */ + out[3] += ((uint128_t) in[4]) * inx4[8] + + ((uint128_t) in[5]) * inx4[7] + + ((uint128_t) in[6]) * inx2[6]; + + /* 13 */ + out[4] += ((uint128_t) in[5]) * inx4[8] + + ((uint128_t) in[6]) * inx4[7]; + + /* 14 */ + out[5] += ((uint128_t) in[6]) * inx4[8] + + ((uint128_t) in[7]) * inx2[7]; + + /* 15 */ + out[6] += ((uint128_t) in[7]) * inx4[8]; + + /* 16 */ + out[7] += ((uint128_t) in[8]) * inx2[8]; +} + +/* felem_mul sets |out| = |in1| * |in2| + * On entry: + * in1[i] < 2^64 + * in2[i] < 2^63 + * On exit: + * out[i] < 17 * max(in1[i]) * max(in2[i]) + */ +static void +felem_mul(largefelem out, const felem in1, const felem in2) +{ + felem in2x2; + felem_scalar(in2x2, in2, 2); + + out[0] = ((uint128_t) in1[0]) * in2[0]; + + out[1] = ((uint128_t) in1[0]) * in2[1] + + ((uint128_t) in1[1]) * in2[0]; + + out[2] = ((uint128_t) in1[0]) * in2[2] + + ((uint128_t) in1[1]) * in2[1] + + ((uint128_t) in1[2]) * in2[0]; + + out[3] = ((uint128_t) in1[0]) * in2[3] + + ((uint128_t) in1[1]) * in2[2] + + ((uint128_t) in1[2]) * in2[1] + + ((uint128_t) in1[3]) * in2[0]; + + out[4] = ((uint128_t) in1[0]) * in2[4] + + ((uint128_t) in1[1]) * in2[3] + + ((uint128_t) in1[2]) * in2[2] + + ((uint128_t) in1[3]) * in2[1] + + ((uint128_t) in1[4]) * in2[0]; + + out[5] = ((uint128_t) in1[0]) * in2[5] + + ((uint128_t) in1[1]) * in2[4] + + ((uint128_t) in1[2]) * in2[3] + + ((uint128_t) in1[3]) * in2[2] + + ((uint128_t) in1[4]) * in2[1] + + ((uint128_t) in1[5]) * in2[0]; + + out[6] = ((uint128_t) in1[0]) * in2[6] + + ((uint128_t) in1[1]) * in2[5] + + ((uint128_t) in1[2]) * in2[4] + + ((uint128_t) in1[3]) * in2[3] + + ((uint128_t) in1[4]) * in2[2] + + ((uint128_t) in1[5]) * in2[1] + + ((uint128_t) in1[6]) * in2[0]; + + out[7] = ((uint128_t) in1[0]) * in2[7] + + ((uint128_t) in1[1]) * in2[6] + + ((uint128_t) in1[2]) * in2[5] + + ((uint128_t) in1[3]) * in2[4] + + ((uint128_t) in1[4]) * in2[3] + + ((uint128_t) in1[5]) * in2[2] + + ((uint128_t) in1[6]) * in2[1] + + ((uint128_t) in1[7]) * in2[0]; + + out[8] = ((uint128_t) in1[0]) * in2[8] + + ((uint128_t) in1[1]) * in2[7] + + ((uint128_t) in1[2]) * in2[6] + + ((uint128_t) in1[3]) * in2[5] + + ((uint128_t) in1[4]) * in2[4] + + ((uint128_t) in1[5]) * in2[3] + + ((uint128_t) in1[6]) * in2[2] + + ((uint128_t) in1[7]) * in2[1] + + ((uint128_t) in1[8]) * in2[0]; + + /* See comment in felem_square about the use of in2x2 here */ + + out[0] += ((uint128_t) in1[1]) * in2x2[8] + + ((uint128_t) in1[2]) * in2x2[7] + + ((uint128_t) in1[3]) * in2x2[6] + + ((uint128_t) in1[4]) * in2x2[5] + + ((uint128_t) in1[5]) * in2x2[4] + + ((uint128_t) in1[6]) * in2x2[3] + + ((uint128_t) in1[7]) * in2x2[2] + + ((uint128_t) in1[8]) * in2x2[1]; + + out[1] += ((uint128_t) in1[2]) * in2x2[8] + + ((uint128_t) in1[3]) * in2x2[7] + + ((uint128_t) in1[4]) * in2x2[6] + + ((uint128_t) in1[5]) * in2x2[5] + + ((uint128_t) in1[6]) * in2x2[4] + + ((uint128_t) in1[7]) * in2x2[3] + + ((uint128_t) in1[8]) * in2x2[2]; + + out[2] += ((uint128_t) in1[3]) * in2x2[8] + + ((uint128_t) in1[4]) * in2x2[7] + + ((uint128_t) in1[5]) * in2x2[6] + + ((uint128_t) in1[6]) * in2x2[5] + + ((uint128_t) in1[7]) * in2x2[4] + + ((uint128_t) in1[8]) * in2x2[3]; + + out[3] += ((uint128_t) in1[4]) * in2x2[8] + + ((uint128_t) in1[5]) * in2x2[7] + + ((uint128_t) in1[6]) * in2x2[6] + + ((uint128_t) in1[7]) * in2x2[5] + + ((uint128_t) in1[8]) * in2x2[4]; + + out[4] += ((uint128_t) in1[5]) * in2x2[8] + + ((uint128_t) in1[6]) * in2x2[7] + + ((uint128_t) in1[7]) * in2x2[6] + + ((uint128_t) in1[8]) * in2x2[5]; + + out[5] += ((uint128_t) in1[6]) * in2x2[8] + + ((uint128_t) in1[7]) * in2x2[7] + + ((uint128_t) in1[8]) * in2x2[6]; + + out[6] += ((uint128_t) in1[7]) * in2x2[8] + + ((uint128_t) in1[8]) * in2x2[7]; + + out[7] += ((uint128_t) in1[8]) * in2x2[8]; +} + +static const limb bottom52bits = 0xfffffffffffff; + +/* felem_reduce converts a largefelem to an felem. + * On entry: + * in[i] < 2^128 + * On exit: + * out[i] < 2^59 + 2^14 + */ +static void +felem_reduce(felem out, const largefelem in) +{ + u64 overflow1, overflow2; + + out[0] = ((limb) in[0]) & bottom58bits; + out[1] = ((limb) in[1]) & bottom58bits; + out[2] = ((limb) in[2]) & bottom58bits; + out[3] = ((limb) in[3]) & bottom58bits; + out[4] = ((limb) in[4]) & bottom58bits; + out[5] = ((limb) in[5]) & bottom58bits; + out[6] = ((limb) in[6]) & bottom58bits; + out[7] = ((limb) in[7]) & bottom58bits; + out[8] = ((limb) in[8]) & bottom58bits; + + /* out[i] < 2^58 */ + + out[1] += ((limb) in[0]) >> 58; + out[1] += (((limb) (in[0] >> 64)) & bottom52bits) << 6; + /* + * out[1] < 2^58 + 2^6 + 2^58 = 2^59 + 2^6 + */ + out[2] += ((limb) (in[0] >> 64)) >> 52; + + out[2] += ((limb) in[1]) >> 58; + out[2] += (((limb) (in[1] >> 64)) & bottom52bits) << 6; + out[3] += ((limb) (in[1] >> 64)) >> 52; + + out[3] += ((limb) in[2]) >> 58; + out[3] += (((limb) (in[2] >> 64)) & bottom52bits) << 6; + out[4] += ((limb) (in[2] >> 64)) >> 52; + + out[4] += ((limb) in[3]) >> 58; + out[4] += (((limb) (in[3] >> 64)) & bottom52bits) << 6; + out[5] += ((limb) (in[3] >> 64)) >> 52; + + out[5] += ((limb) in[4]) >> 58; + out[5] += (((limb) (in[4] >> 64)) & bottom52bits) << 6; + out[6] += ((limb) (in[4] >> 64)) >> 52; + + out[6] += ((limb) in[5]) >> 58; + out[6] += (((limb) (in[5] >> 64)) & bottom52bits) << 6; + out[7] += ((limb) (in[5] >> 64)) >> 52; + + out[7] += ((limb) in[6]) >> 58; + out[7] += (((limb) (in[6] >> 64)) & bottom52bits) << 6; + out[8] += ((limb) (in[6] >> 64)) >> 52; + + out[8] += ((limb) in[7]) >> 58; + out[8] += (((limb) (in[7] >> 64)) & bottom52bits) << 6; + /* + * out[x > 1] < 2^58 + 2^6 + 2^58 + 2^12 < 2^59 + 2^13 + */ + overflow1 = ((limb) (in[7] >> 64)) >> 52; + + overflow1 += ((limb) in[8]) >> 58; + overflow1 += (((limb) (in[8] >> 64)) & bottom52bits) << 6; + overflow2 = ((limb) (in[8] >> 64)) >> 52; + + overflow1 <<= 1; /* overflow1 < 2^13 + 2^7 + 2^59 */ + overflow2 <<= 1; /* overflow2 < 2^13 */ + + out[0] += overflow1; /* out[0] < 2^60 */ + out[1] += overflow2; /* out[1] < 2^59 + 2^6 + 2^13 */ + + out[1] += out[0] >> 58; + out[0] &= bottom58bits; + /* + * out[0] < 2^58 out[1] < 2^59 + 2^6 + 2^13 + 2^2 < 2^59 + 2^14 + */ +} + +static void +felem_square_reduce(felem out, const felem in) +{ + largefelem tmp; + felem_square(tmp, in); + felem_reduce(out, tmp); +} + +static void +felem_mul_reduce(felem out, const felem in1, const felem in2) +{ + largefelem tmp; + felem_mul(tmp, in1, in2); + felem_reduce(out, tmp); +} + +/* felem_inv calculates |out| = |in|^{-1} + * + * Based on Fermat's Little Theorem: + * a^p = a (mod p) + * a^{p-1} = 1 (mod p) + * a^{p-2} = a^{-1} (mod p) + */ +static void +felem_inv(felem out, const felem in) +{ + felem ftmp, ftmp2, ftmp3, ftmp4; + largefelem tmp; + unsigned i; + + felem_square(tmp, in); + felem_reduce(ftmp, tmp);/* 2^1 */ + felem_mul(tmp, in, ftmp); + felem_reduce(ftmp, tmp);/* 2^2 - 2^0 */ + felem_assign(ftmp2, ftmp); + felem_square(tmp, ftmp); + felem_reduce(ftmp, tmp);/* 2^3 - 2^1 */ + felem_mul(tmp, in, ftmp); + felem_reduce(ftmp, tmp);/* 2^3 - 2^0 */ + felem_square(tmp, ftmp); + felem_reduce(ftmp, tmp);/* 2^4 - 2^1 */ + + felem_square(tmp, ftmp2); + felem_reduce(ftmp3, tmp); /* 2^3 - 2^1 */ + felem_square(tmp, ftmp3); + felem_reduce(ftmp3, tmp); /* 2^4 - 2^2 */ + felem_mul(tmp, ftmp3, ftmp2); + felem_reduce(ftmp3, tmp); /* 2^4 - 2^0 */ + + felem_assign(ftmp2, ftmp3); + felem_square(tmp, ftmp3); + felem_reduce(ftmp3, tmp); /* 2^5 - 2^1 */ + felem_square(tmp, ftmp3); + felem_reduce(ftmp3, tmp); /* 2^6 - 2^2 */ + felem_square(tmp, ftmp3); + felem_reduce(ftmp3, tmp); /* 2^7 - 2^3 */ + felem_square(tmp, ftmp3); + felem_reduce(ftmp3, tmp); /* 2^8 - 2^4 */ + felem_assign(ftmp4, ftmp3); + felem_mul(tmp, ftmp3, ftmp); + felem_reduce(ftmp4, tmp); /* 2^8 - 2^1 */ + felem_square(tmp, ftmp4); + felem_reduce(ftmp4, tmp); /* 2^9 - 2^2 */ + felem_mul(tmp, ftmp3, ftmp2); + felem_reduce(ftmp3, tmp); /* 2^8 - 2^0 */ + felem_assign(ftmp2, ftmp3); + + for (i = 0; i < 8; i++) { + felem_square(tmp, ftmp3); + felem_reduce(ftmp3, tmp); /* 2^16 - 2^8 */ + } + felem_mul(tmp, ftmp3, ftmp2); + felem_reduce(ftmp3, tmp); /* 2^16 - 2^0 */ + felem_assign(ftmp2, ftmp3); + + for (i = 0; i < 16; i++) { + felem_square(tmp, ftmp3); + felem_reduce(ftmp3, tmp); /* 2^32 - 2^16 */ + } + felem_mul(tmp, ftmp3, ftmp2); + felem_reduce(ftmp3, tmp); /* 2^32 - 2^0 */ + felem_assign(ftmp2, ftmp3); + + for (i = 0; i < 32; i++) { + felem_square(tmp, ftmp3); + felem_reduce(ftmp3, tmp); /* 2^64 - 2^32 */ + } + felem_mul(tmp, ftmp3, ftmp2); + felem_reduce(ftmp3, tmp); /* 2^64 - 2^0 */ + felem_assign(ftmp2, ftmp3); + + for (i = 0; i < 64; i++) { + felem_square(tmp, ftmp3); + felem_reduce(ftmp3, tmp); /* 2^128 - 2^64 */ + } + felem_mul(tmp, ftmp3, ftmp2); + felem_reduce(ftmp3, tmp); /* 2^128 - 2^0 */ + felem_assign(ftmp2, ftmp3); + + for (i = 0; i < 128; i++) { + felem_square(tmp, ftmp3); + felem_reduce(ftmp3, tmp); /* 2^256 - 2^128 */ + } + felem_mul(tmp, ftmp3, ftmp2); + felem_reduce(ftmp3, tmp); /* 2^256 - 2^0 */ + felem_assign(ftmp2, ftmp3); + + for (i = 0; i < 256; i++) { + felem_square(tmp, ftmp3); + felem_reduce(ftmp3, tmp); /* 2^512 - 2^256 */ + } + felem_mul(tmp, ftmp3, ftmp2); + felem_reduce(ftmp3, tmp); /* 2^512 - 2^0 */ + + for (i = 0; i < 9; i++) { + felem_square(tmp, ftmp3); + felem_reduce(ftmp3, tmp); /* 2^521 - 2^9 */ + } + felem_mul(tmp, ftmp3, ftmp4); + felem_reduce(ftmp3, tmp); /* 2^512 - 2^2 */ + felem_mul(tmp, ftmp3, in); + felem_reduce(out, tmp); /* 2^512 - 3 */ +} + +/* This is 2^521-1, expressed as an felem */ +static const felem kPrime = +{ + 0x03ffffffffffffff, 0x03ffffffffffffff, 0x03ffffffffffffff, + 0x03ffffffffffffff, 0x03ffffffffffffff, 0x03ffffffffffffff, + 0x03ffffffffffffff, 0x03ffffffffffffff, 0x01ffffffffffffff +}; + +/* felem_is_zero returns a limb with all bits set if |in| == 0 (mod p) and 0 + * otherwise. + * On entry: + * in[i] < 2^59 + 2^14 + */ +static limb +felem_is_zero(const felem in) +{ + felem ftmp; + limb is_zero, is_p; + felem_assign(ftmp, in); + + ftmp[0] += ftmp[8] >> 57; + ftmp[8] &= bottom57bits; + /* ftmp[8] < 2^57 */ + ftmp[1] += ftmp[0] >> 58; + ftmp[0] &= bottom58bits; + ftmp[2] += ftmp[1] >> 58; + ftmp[1] &= bottom58bits; + ftmp[3] += ftmp[2] >> 58; + ftmp[2] &= bottom58bits; + ftmp[4] += ftmp[3] >> 58; + ftmp[3] &= bottom58bits; + ftmp[5] += ftmp[4] >> 58; + ftmp[4] &= bottom58bits; + ftmp[6] += ftmp[5] >> 58; + ftmp[5] &= bottom58bits; + ftmp[7] += ftmp[6] >> 58; + ftmp[6] &= bottom58bits; + ftmp[8] += ftmp[7] >> 58; + ftmp[7] &= bottom58bits; + /* ftmp[8] < 2^57 + 4 */ + + /* + * The ninth limb of 2*(2^521-1) is 0x03ffffffffffffff, which is + * greater than our bound for ftmp[8]. Therefore we only have to + * check if the zero is zero or 2^521-1. + */ + + is_zero = 0; + is_zero |= ftmp[0]; + is_zero |= ftmp[1]; + is_zero |= ftmp[2]; + is_zero |= ftmp[3]; + is_zero |= ftmp[4]; + is_zero |= ftmp[5]; + is_zero |= ftmp[6]; + is_zero |= ftmp[7]; + is_zero |= ftmp[8]; + + is_zero--; + /* + * We know that ftmp[i] < 2^63, therefore the only way that the top + * bit can be set is if is_zero was 0 before the decrement. + */ + is_zero = ((s64) is_zero) >> 63; + + is_p = ftmp[0] ^ kPrime[0]; + is_p |= ftmp[1] ^ kPrime[1]; + is_p |= ftmp[2] ^ kPrime[2]; + is_p |= ftmp[3] ^ kPrime[3]; + is_p |= ftmp[4] ^ kPrime[4]; + is_p |= ftmp[5] ^ kPrime[5]; + is_p |= ftmp[6] ^ kPrime[6]; + is_p |= ftmp[7] ^ kPrime[7]; + is_p |= ftmp[8] ^ kPrime[8]; + + is_p--; + is_p = ((s64) is_p) >> 63; + + is_zero |= is_p; + return is_zero; +} + +static int +felem_is_zero_int(const felem in) +{ + return (int) (felem_is_zero(in) & ((limb) 1)); +} + +/* felem_contract converts |in| to its unique, minimal representation. + * On entry: + * in[i] < 2^59 + 2^14 + */ +static void +felem_contract(felem out, const felem in) +{ + limb is_p, is_greater, sign; + static const limb two58 = ((limb) 1) << 58; + + felem_assign(out, in); + + out[0] += out[8] >> 57; + out[8] &= bottom57bits; + /* out[8] < 2^57 */ + out[1] += out[0] >> 58; + out[0] &= bottom58bits; + out[2] += out[1] >> 58; + out[1] &= bottom58bits; + out[3] += out[2] >> 58; + out[2] &= bottom58bits; + out[4] += out[3] >> 58; + out[3] &= bottom58bits; + out[5] += out[4] >> 58; + out[4] &= bottom58bits; + out[6] += out[5] >> 58; + out[5] &= bottom58bits; + out[7] += out[6] >> 58; + out[6] &= bottom58bits; + out[8] += out[7] >> 58; + out[7] &= bottom58bits; + /* out[8] < 2^57 + 4 */ + + /* + * If the value is greater than 2^521-1 then we have to subtract + * 2^521-1 out. See the comments in felem_is_zero regarding why we + * don't test for other multiples of the prime. + */ + + /* + * First, if |out| is equal to 2^521-1, we subtract it out to get + * zero. + */ + + is_p = out[0] ^ kPrime[0]; + is_p |= out[1] ^ kPrime[1]; + is_p |= out[2] ^ kPrime[2]; + is_p |= out[3] ^ kPrime[3]; + is_p |= out[4] ^ kPrime[4]; + is_p |= out[5] ^ kPrime[5]; + is_p |= out[6] ^ kPrime[6]; + is_p |= out[7] ^ kPrime[7]; + is_p |= out[8] ^ kPrime[8]; + + is_p--; + is_p &= is_p << 32; + is_p &= is_p << 16; + is_p &= is_p << 8; + is_p &= is_p << 4; + is_p &= is_p << 2; + is_p &= is_p << 1; + is_p = ((s64) is_p) >> 63; + is_p = ~is_p; + + /* is_p is 0 iff |out| == 2^521-1 and all ones otherwise */ + + out[0] &= is_p; + out[1] &= is_p; + out[2] &= is_p; + out[3] &= is_p; + out[4] &= is_p; + out[5] &= is_p; + out[6] &= is_p; + out[7] &= is_p; + out[8] &= is_p; + + /* + * In order to test that |out| >= 2^521-1 we need only test if out[8] + * >> 57 is greater than zero as (2^521-1) + x >= 2^522 + */ + is_greater = out[8] >> 57; + is_greater |= is_greater << 32; + is_greater |= is_greater << 16; + is_greater |= is_greater << 8; + is_greater |= is_greater << 4; + is_greater |= is_greater << 2; + is_greater |= is_greater << 1; + is_greater = ((s64) is_greater) >> 63; + + out[0] -= kPrime[0] & is_greater; + out[1] -= kPrime[1] & is_greater; + out[2] -= kPrime[2] & is_greater; + out[3] -= kPrime[3] & is_greater; + out[4] -= kPrime[4] & is_greater; + out[5] -= kPrime[5] & is_greater; + out[6] -= kPrime[6] & is_greater; + out[7] -= kPrime[7] & is_greater; + out[8] -= kPrime[8] & is_greater; + + /* Eliminate negative coefficients */ + sign = -(out[0] >> 63); + out[0] += (two58 & sign); + out[1] -= (1 & sign); + sign = -(out[1] >> 63); + out[1] += (two58 & sign); + out[2] -= (1 & sign); + sign = -(out[2] >> 63); + out[2] += (two58 & sign); + out[3] -= (1 & sign); + sign = -(out[3] >> 63); + out[3] += (two58 & sign); + out[4] -= (1 & sign); + sign = -(out[4] >> 63); + out[4] += (two58 & sign); + out[5] -= (1 & sign); + sign = -(out[0] >> 63); + out[5] += (two58 & sign); + out[6] -= (1 & sign); + sign = -(out[6] >> 63); + out[6] += (two58 & sign); + out[7] -= (1 & sign); + sign = -(out[7] >> 63); + out[7] += (two58 & sign); + out[8] -= (1 & sign); + sign = -(out[5] >> 63); + out[5] += (two58 & sign); + out[6] -= (1 & sign); + sign = -(out[6] >> 63); + out[6] += (two58 & sign); + out[7] -= (1 & sign); + sign = -(out[7] >> 63); + out[7] += (two58 & sign); + out[8] -= (1 & sign); +} + +/* Group operations + * ---------------- + * + * Building on top of the field operations we have the operations on the + * elliptic curve group itself. Points on the curve are represented in Jacobian + * coordinates */ + +/* point_double calcuates 2*(x_in, y_in, z_in) + * + * The method is taken from: + * http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2001-b + * + * Outputs can equal corresponding inputs, i.e., x_out == x_in is allowed. + * while x_out == y_in is not (maybe this works, but it's not tested). */ +static void +point_double(felem x_out, felem y_out, felem z_out, + const felem x_in, const felem y_in, const felem z_in) +{ + largefelem tmp, tmp2; + felem delta, gamma, beta, alpha, ftmp, ftmp2; + + felem_assign(ftmp, x_in); + felem_assign(ftmp2, x_in); + + /* delta = z^2 */ + felem_square(tmp, z_in); + felem_reduce(delta, tmp); /* delta[i] < 2^59 + 2^14 */ + + /* gamma = y^2 */ + felem_square(tmp, y_in); + felem_reduce(gamma, tmp); /* gamma[i] < 2^59 + 2^14 */ + + /* beta = x*gamma */ + felem_mul(tmp, x_in, gamma); + felem_reduce(beta, tmp);/* beta[i] < 2^59 + 2^14 */ + + /* alpha = 3*(x-delta)*(x+delta) */ + felem_diff64(ftmp, delta); + /* ftmp[i] < 2^61 */ + felem_sum64(ftmp2, delta); + /* ftmp2[i] < 2^60 + 2^15 */ + felem_scalar64(ftmp2, 3); + /* ftmp2[i] < 3*2^60 + 3*2^15 */ + felem_mul(tmp, ftmp, ftmp2); + /* + * tmp[i] < 17(3*2^121 + 3*2^76) = 61*2^121 + 61*2^76 < 64*2^121 + + * 64*2^76 = 2^127 + 2^82 < 2^128 + */ + felem_reduce(alpha, tmp); + + /* x' = alpha^2 - 8*beta */ + felem_square(tmp, alpha); + /* + * tmp[i] < 17*2^120 < 2^125 + */ + felem_assign(ftmp, beta); + felem_scalar64(ftmp, 8); + /* ftmp[i] < 2^62 + 2^17 */ + felem_diff_128_64(tmp, ftmp); + /* tmp[i] < 2^125 + 2^63 + 2^62 + 2^17 */ + felem_reduce(x_out, tmp); + + /* z' = (y + z)^2 - gamma - delta */ + felem_sum64(delta, gamma); + /* delta[i] < 2^60 + 2^15 */ + felem_assign(ftmp, y_in); + felem_sum64(ftmp, z_in); + /* ftmp[i] < 2^60 + 2^15 */ + felem_square(tmp, ftmp); + /* + * tmp[i] < 17(2^122) < 2^127 + */ + felem_diff_128_64(tmp, delta); + /* tmp[i] < 2^127 + 2^63 */ + felem_reduce(z_out, tmp); + + /* y' = alpha*(4*beta - x') - 8*gamma^2 */ + felem_scalar64(beta, 4); + /* beta[i] < 2^61 + 2^16 */ + felem_diff64(beta, x_out); + /* beta[i] < 2^61 + 2^60 + 2^16 */ + felem_mul(tmp, alpha, beta); + /* + * tmp[i] < 17*((2^59 + 2^14)(2^61 + 2^60 + 2^16)) = 17*(2^120 + 2^75 + * + 2^119 + 2^74 + 2^75 + 2^30) = 17*(2^120 + 2^119 + 2^76 + 2^74 + + * 2^30) < 2^128 + */ + felem_square(tmp2, gamma); + /* + * tmp2[i] < 17*(2^59 + 2^14)^2 = 17*(2^118 + 2^74 + 2^28) + */ + felem_scalar128(tmp2, 8); + /* + * tmp2[i] < 8*17*(2^118 + 2^74 + 2^28) = 2^125 + 2^121 + 2^81 + 2^77 + * + 2^35 + 2^31 < 2^126 + */ + felem_diff128(tmp, tmp2); + /* + * tmp[i] < 2^127 - 2^69 + 17(2^120 + 2^119 + 2^76 + 2^74 + 2^30) = + * 2^127 + 2^124 + 2^122 + 2^120 + 2^118 + 2^80 + 2^78 + 2^76 + 2^74 + * + 2^69 + 2^34 + 2^30 < 2^128 + */ + felem_reduce(y_out, tmp); +} + +/* copy_conditional copies in to out iff mask is all ones. */ +static void +copy_conditional(felem out, const felem in, limb mask) +{ + unsigned i; + for (i = 0; i < NLIMBS; ++i) { + const limb tmp = mask & (in[i] ^ out[i]); + out[i] ^= tmp; + } +} + +/* point_add calcuates (x1, y1, z1) + (x2, y2, z2) + * + * The method is taken from + * http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-2007-bl, + * adapted for mixed addition (z2 = 1, or z2 = 0 for the point at infinity). + * + * This function includes a branch for checking whether the two input points + * are equal (while not equal to the point at infinity). This case never + * happens during single point multiplication, so there is no timing leak for + * ECDH or ECDSA signing. */ +static void +point_add(felem x3, felem y3, felem z3, + const felem x1, const felem y1, const felem z1, + const int mixed, const felem x2, const felem y2, const felem z2) +{ + felem ftmp, ftmp2, ftmp3, ftmp4, ftmp5, ftmp6, x_out, y_out, z_out; + largefelem tmp, tmp2; + limb x_equal, y_equal, z1_is_zero, z2_is_zero; + + z1_is_zero = felem_is_zero(z1); + z2_is_zero = felem_is_zero(z2); + + /* ftmp = z1z1 = z1**2 */ + felem_square(tmp, z1); + felem_reduce(ftmp, tmp); + + if (!mixed) { + /* ftmp2 = z2z2 = z2**2 */ + felem_square(tmp, z2); + felem_reduce(ftmp2, tmp); + + /* u1 = ftmp3 = x1*z2z2 */ + felem_mul(tmp, x1, ftmp2); + felem_reduce(ftmp3, tmp); + + /* ftmp5 = z1 + z2 */ + felem_assign(ftmp5, z1); + felem_sum64(ftmp5, z2); + /* ftmp5[i] < 2^61 */ + + /* ftmp5 = (z1 + z2)**2 - z1z1 - z2z2 = 2*z1z2 */ + felem_square(tmp, ftmp5); + /* tmp[i] < 17*2^122 */ + felem_diff_128_64(tmp, ftmp); + /* tmp[i] < 17*2^122 + 2^63 */ + felem_diff_128_64(tmp, ftmp2); + /* tmp[i] < 17*2^122 + 2^64 */ + felem_reduce(ftmp5, tmp); + + /* ftmp2 = z2 * z2z2 */ + felem_mul(tmp, ftmp2, z2); + felem_reduce(ftmp2, tmp); + + /* s1 = ftmp6 = y1 * z2**3 */ + felem_mul(tmp, y1, ftmp2); + felem_reduce(ftmp6, tmp); + } else { + /* We'll assume z2 = 1 (special case z2 = 0 is handled later) */ + + /* u1 = ftmp3 = x1*z2z2 */ + felem_assign(ftmp3, x1); + + /* ftmp5 = 2*z1z2 */ + felem_scalar(ftmp5, z1, 2); + + /* s1 = ftmp6 = y1 * z2**3 */ + felem_assign(ftmp6, y1); + } + + /* u2 = x2*z1z1 */ + felem_mul(tmp, x2, ftmp); + /* tmp[i] < 17*2^120 */ + + /* h = ftmp4 = u2 - u1 */ + felem_diff_128_64(tmp, ftmp3); + /* tmp[i] < 17*2^120 + 2^63 */ + felem_reduce(ftmp4, tmp); + + x_equal = felem_is_zero(ftmp4); + + /* z_out = ftmp5 * h */ + felem_mul(tmp, ftmp5, ftmp4); + felem_reduce(z_out, tmp); + + /* ftmp = z1 * z1z1 */ + felem_mul(tmp, ftmp, z1); + felem_reduce(ftmp, tmp); + + /* s2 = tmp = y2 * z1**3 */ + felem_mul(tmp, y2, ftmp); + /* tmp[i] < 17*2^120 */ + + /* r = ftmp5 = (s2 - s1)*2 */ + felem_diff_128_64(tmp, ftmp6); + /* tmp[i] < 17*2^120 + 2^63 */ + felem_reduce(ftmp5, tmp); + y_equal = felem_is_zero(ftmp5); + felem_scalar64(ftmp5, 2); + /* ftmp5[i] < 2^61 */ + + if (x_equal && y_equal && !z1_is_zero && !z2_is_zero) { + point_double(x3, y3, z3, x1, y1, z1); + return; + } + /* I = ftmp = (2h)**2 */ + felem_assign(ftmp, ftmp4); + felem_scalar64(ftmp, 2); + /* ftmp[i] < 2^61 */ + felem_square(tmp, ftmp); + /* tmp[i] < 17*2^122 */ + felem_reduce(ftmp, tmp); + + /* J = ftmp2 = h * I */ + felem_mul(tmp, ftmp4, ftmp); + felem_reduce(ftmp2, tmp); + + /* V = ftmp4 = U1 * I */ + felem_mul(tmp, ftmp3, ftmp); + felem_reduce(ftmp4, tmp); + + /* x_out = r**2 - J - 2V */ + felem_square(tmp, ftmp5); + /* tmp[i] < 17*2^122 */ + felem_diff_128_64(tmp, ftmp2); + /* tmp[i] < 17*2^122 + 2^63 */ + felem_assign(ftmp3, ftmp4); + felem_scalar64(ftmp4, 2); + /* ftmp4[i] < 2^61 */ + felem_diff_128_64(tmp, ftmp4); + /* tmp[i] < 17*2^122 + 2^64 */ + felem_reduce(x_out, tmp); + + /* y_out = r(V-x_out) - 2 * s1 * J */ + felem_diff64(ftmp3, x_out); + /* + * ftmp3[i] < 2^60 + 2^60 = 2^61 + */ + felem_mul(tmp, ftmp5, ftmp3); + /* tmp[i] < 17*2^122 */ + felem_mul(tmp2, ftmp6, ftmp2); + /* tmp2[i] < 17*2^120 */ + felem_scalar128(tmp2, 2); + /* tmp2[i] < 17*2^121 */ + felem_diff128(tmp, tmp2); + /* + * tmp[i] < 2^127 - 2^69 + 17*2^122 = 2^126 - 2^122 - 2^6 - 2^2 - 1 < + * 2^127 + */ + felem_reduce(y_out, tmp); + + copy_conditional(x_out, x2, z1_is_zero); + copy_conditional(x_out, x1, z2_is_zero); + copy_conditional(y_out, y2, z1_is_zero); + copy_conditional(y_out, y1, z2_is_zero); + copy_conditional(z_out, z2, z1_is_zero); + copy_conditional(z_out, z1, z2_is_zero); + felem_assign(x3, x_out); + felem_assign(y3, y_out); + felem_assign(z3, z_out); +} + +/* Base point pre computation + * -------------------------- + * + * Two different sorts of precomputed tables are used in the following code. + * Each contain various points on the curve, where each point is three field + * elements (x, y, z). + * + * For the base point table, z is usually 1 (0 for the point at infinity). + * This table has 16 elements: + * index | bits | point + * ------+---------+------------------------------ + * 0 | 0 0 0 0 | 0G + * 1 | 0 0 0 1 | 1G + * 2 | 0 0 1 0 | 2^130G + * 3 | 0 0 1 1 | (2^130 + 1)G + * 4 | 0 1 0 0 | 2^260G + * 5 | 0 1 0 1 | (2^260 + 1)G + * 6 | 0 1 1 0 | (2^260 + 2^130)G + * 7 | 0 1 1 1 | (2^260 + 2^130 + 1)G + * 8 | 1 0 0 0 | 2^390G + * 9 | 1 0 0 1 | (2^390 + 1)G + * 10 | 1 0 1 0 | (2^390 + 2^130)G + * 11 | 1 0 1 1 | (2^390 + 2^130 + 1)G + * 12 | 1 1 0 0 | (2^390 + 2^260)G + * 13 | 1 1 0 1 | (2^390 + 2^260 + 1)G + * 14 | 1 1 1 0 | (2^390 + 2^260 + 2^130)G + * 15 | 1 1 1 1 | (2^390 + 2^260 + 2^130 + 1)G + * + * The reason for this is so that we can clock bits into four different + * locations when doing simple scalar multiplies against the base point. + * + * Tables for other points have table[i] = iG for i in 0 .. 16. */ + +/* gmul is the table of precomputed base points */ +static const felem gmul[16][3] = +{{{0, 0, 0, 0, 0, 0, 0, 0, 0}, +{0, 0, 0, 0, 0, 0, 0, 0, 0}, +{0, 0, 0, 0, 0, 0, 0, 0, 0}}, +{{0x017e7e31c2e5bd66, 0x022cf0615a90a6fe, 0x00127a2ffa8de334, + 0x01dfbf9d64a3f877, 0x006b4d3dbaa14b5e, 0x014fed487e0a2bd8, +0x015b4429c6481390, 0x03a73678fb2d988e, 0x00c6858e06b70404}, +{0x00be94769fd16650, 0x031c21a89cb09022, 0x039013fad0761353, + 0x02657bd099031542, 0x03273e662c97ee72, 0x01e6d11a05ebef45, +0x03d1bd998f544495, 0x03001172297ed0b1, 0x011839296a789a3b}, +{1, 0, 0, 0, 0, 0, 0, 0, 0}}, +{{0x0373faacbc875bae, 0x00f325023721c671, 0x00f666fd3dbde5ad, + 0x01a6932363f88ea7, 0x01fc6d9e13f9c47b, 0x03bcbffc2bbf734e, +0x013ee3c3647f3a92, 0x029409fefe75d07d, 0x00ef9199963d85e5}, +{0x011173743ad5b178, 0x02499c7c21bf7d46, 0x035beaeabb8b1a58, + 0x00f989c4752ea0a3, 0x0101e1de48a9c1a3, 0x01a20076be28ba6c, +0x02f8052e5eb2de95, 0x01bfe8f82dea117c, 0x0160074d3c36ddb7}, +{1, 0, 0, 0, 0, 0, 0, 0, 0}}, +{{0x012f3fc373393b3b, 0x03d3d6172f1419fa, 0x02adc943c0b86873, + 0x00d475584177952b, 0x012a4d1673750ee2, 0x00512517a0f13b0c, +0x02b184671a7b1734, 0x0315b84236f1a50a, 0x00a4afc472edbdb9}, +{0x00152a7077f385c4, 0x03044007d8d1c2ee, 0x0065829d61d52b52, + 0x00494ff6b6631d0d, 0x00a11d94d5f06bcf, 0x02d2f89474d9282e, +0x0241c5727c06eeb9, 0x0386928710fbdb9d, 0x01f883f727b0dfbe}, +{1, 0, 0, 0, 0, 0, 0, 0, 0}}, +{{0x019b0c3c9185544d, 0x006243a37c9d97db, 0x02ee3cbe030a2ad2, + 0x00cfdd946bb51e0d, 0x0271c00932606b91, 0x03f817d1ec68c561, +0x03f37009806a369c, 0x03c1f30baf184fd5, 0x01091022d6d2f065}, +{0x0292c583514c45ed, 0x0316fca51f9a286c, 0x00300af507c1489a, + 0x0295f69008298cf1, 0x02c0ed8274943d7b, 0x016509b9b47a431e, +0x02bc9de9634868ce, 0x005b34929bffcb09, 0x000c1a0121681524}, +{1, 0, 0, 0, 0, 0, 0, 0, 0}}, +{{0x0286abc0292fb9f2, 0x02665eee9805b3f7, 0x01ed7455f17f26d6, + 0x0346355b83175d13, 0x006284944cd0a097, 0x0191895bcdec5e51, +0x02e288370afda7d9, 0x03b22312bfefa67a, 0x01d104d3fc0613fe}, +{0x0092421a12f7e47f, 0x0077a83fa373c501, 0x03bd25c5f696bd0d, + 0x035c41e4d5459761, 0x01ca0d1742b24f53, 0x00aaab27863a509c, +0x018b6de47df73917, 0x025c0b771705cd01, 0x01fd51d566d760a7}, +{1, 0, 0, 0, 0, 0, 0, 0, 0}}, +{{0x01dd92ff6b0d1dbd, 0x039c5e2e8f8afa69, 0x0261ed13242c3b27, + 0x0382c6e67026e6a0, 0x01d60b10be2089f9, 0x03c15f3dce86723f, +0x03c764a32d2a062d, 0x017307eac0fad056, 0x018207c0b96c5256}, +{0x0196a16d60e13154, 0x03e6ce74c0267030, 0x00ddbf2b4e52a5aa, + 0x012738241bbf31c8, 0x00ebe8dc04685a28, 0x024c2ad6d380d4a2, +0x035ee062a6e62d0e, 0x0029ed74af7d3a0f, 0x00eef32aec142ebd}, +{1, 0, 0, 0, 0, 0, 0, 0, 0}}, +{{0x00c31ec398993b39, 0x03a9f45bcda68253, 0x00ac733c24c70890, + 0x00872b111401ff01, 0x01d178c23195eafb, 0x03bca2c816b87f74, +0x0261a9af46fbad7a, 0x0324b2a8dd3d28f9, 0x00918121d8f24e23}, +{0x032bc8c1ca983cd7, 0x00d869dfb08fc8c6, 0x01693cb61fce1516, + 0x012a5ea68f4e88a8, 0x010869cab88d7ae3, 0x009081ad277ceee1, +0x033a77166d064cdc, 0x03955235a1fb3a95, 0x01251a4a9b25b65e}, +{1, 0, 0, 0, 0, 0, 0, 0, 0}}, +{{0x00148a3a1b27f40b, 0x0123186df1b31fdc, 0x00026e7beaad34ce, + 0x01db446ac1d3dbba, 0x0299c1a33437eaec, 0x024540610183cbb7, +0x0173bb0e9ce92e46, 0x02b937e43921214b, 0x01ab0436a9bf01b5}, +{0x0383381640d46948, 0x008dacbf0e7f330f, 0x03602122bcc3f318, + 0x01ee596b200620d6, 0x03bd0585fda430b3, 0x014aed77fd123a83, +0x005ace749e52f742, 0x0390fe041da2b842, 0x0189a8ceb3299242}, +{1, 0, 0, 0, 0, 0, 0, 0, 0}}, +{{0x012a19d6b3282473, 0x00c0915918b423ce, 0x023a954eb94405ae, + 0x00529f692be26158, 0x0289fa1b6fa4b2aa, 0x0198ae4ceea346ef, +0x0047d8cdfbdedd49, 0x00cc8c8953f0f6b8, 0x001424abbff49203}, +{0x0256732a1115a03a, 0x0351bc38665c6733, 0x03f7b950fb4a6447, + 0x000afffa94c22155, 0x025763d0a4dab540, 0x000511e92d4fc283, +0x030a7e9eda0ee96c, 0x004c3cd93a28bf0a, 0x017edb3a8719217f}, +{1, 0, 0, 0, 0, 0, 0, 0, 0}}, +{{0x011de5675a88e673, 0x031d7d0f5e567fbe, 0x0016b2062c970ae5, + 0x03f4a2be49d90aa7, 0x03cef0bd13822866, 0x03f0923dcf774a6c, +0x0284bebc4f322f72, 0x016ab2645302bb2c, 0x01793f95dace0e2a}, +{0x010646e13527a28f, 0x01ca1babd59dc5e7, 0x01afedfd9a5595df, + 0x01f15785212ea6b1, 0x0324e5d64f6ae3f4, 0x02d680f526d00645, +0x0127920fadf627a7, 0x03b383f75df4f684, 0x0089e0057e783b0a}, +{1, 0, 0, 0, 0, 0, 0, 0, 0}}, +{{0x00f334b9eb3c26c6, 0x0298fdaa98568dce, 0x01c2d24843a82292, + 0x020bcb24fa1b0711, 0x02cbdb3d2b1875e6, 0x0014907598f89422, +0x03abe3aa43b26664, 0x02cbf47f720bc168, 0x0133b5e73014b79b}, +{0x034aab5dab05779d, 0x00cdc5d71fee9abb, 0x0399f16bd4bd9d30, + 0x03582fa592d82647, 0x02be1cdfb775b0e9, 0x0034f7cea32e94cb, +0x0335a7f08f56f286, 0x03b707e9565d1c8b, 0x0015c946ea5b614f}, +{1, 0, 0, 0, 0, 0, 0, 0, 0}}, +{{0x024676f6cff72255, 0x00d14625cac96378, 0x00532b6008bc3767, + 0x01fc16721b985322, 0x023355ea1b091668, 0x029de7afdc0317c3, +0x02fc8a7ca2da037c, 0x02de1217d74a6f30, 0x013f7173175b73bf}, +{0x0344913f441490b5, 0x0200f9e272b61eca, 0x0258a246b1dd55d2, + 0x03753db9ea496f36, 0x025e02937a09c5ef, 0x030cbd3d14012692, +0x01793a67e70dc72a, 0x03ec1d37048a662e, 0x006550f700c32a8d}, +{1, 0, 0, 0, 0, 0, 0, 0, 0}}, +{{0x00d3f48a347eba27, 0x008e636649b61bd8, 0x00d3b93716778fb3, + 0x004d1915757bd209, 0x019d5311a3da44e0, 0x016d1afcbbe6aade, +0x0241bf5f73265616, 0x0384672e5d50d39b, 0x005009fee522b684}, +{0x029b4fab064435fe, 0x018868ee095bbb07, 0x01ea3d6936cc92b8, + 0x000608b00f78a2f3, 0x02db911073d1c20f, 0x018205938470100a, +0x01f1e4964cbe6ff2, 0x021a19a29eed4663, 0x01414485f42afa81}, +{1, 0, 0, 0, 0, 0, 0, 0, 0}}, +{{0x01612b3a17f63e34, 0x03813992885428e6, 0x022b3c215b5a9608, + 0x029b4057e19f2fcb, 0x0384059a587af7e6, 0x02d6400ace6fe610, +0x029354d896e8e331, 0x00c047ee6dfba65e, 0x0037720542e9d49d}, +{0x02ce9eed7c5e9278, 0x0374ed703e79643b, 0x01316c54c4072006, + 0x005aaa09054b2ee8, 0x002824000c840d57, 0x03d4eba24771ed86, +0x0189c50aabc3bdae, 0x0338c01541e15510, 0x00466d56e38eed42}, +{1, 0, 0, 0, 0, 0, 0, 0, 0}}, +{{0x007efd8330ad8bd6, 0x02465ed48047710b, 0x0034c6606b215e0c, + 0x016ae30c53cbf839, 0x01fa17bd37161216, 0x018ead4e61ce8ab9, +0x005482ed5f5dee46, 0x037543755bba1d7f, 0x005e5ac7e70a9d0f}, +{0x0117e1bb2fdcb2a2, 0x03deea36249f40c4, 0x028d09b4a6246cb7, + 0x03524b8855bcf756, 0x023d7d109d5ceb58, 0x0178e43e3223ef9c, +0x0154536a0c6e966a, 0x037964d1286ee9fe, 0x0199bcd90e125055}, +{1, 0, 0, 0, 0, 0, 0, 0, 0}}}; + +/* select_point selects the |idx|th point from a precomputation table and + * copies it to out. */ +static void +select_point(const limb idx, unsigned int size, const felem pre_comp[ /* size */ ][3], + felem out[3]) +{ + unsigned i, j; + limb *outlimbs = &out[0][0]; + memset(outlimbs, 0, 3 * sizeof(felem)); + + for (i = 0; i < size; i++) { + const limb *inlimbs = &pre_comp[i][0][0]; + limb mask = i ^ idx; + mask |= mask >> 4; + mask |= mask >> 2; + mask |= mask >> 1; + mask &= 1; + mask--; + for (j = 0; j < NLIMBS * 3; j++) + outlimbs[j] |= inlimbs[j] & mask; + } +} + +/* get_bit returns the |i|th bit in |in| */ +static char +get_bit(const felem_bytearray in, int i) +{ + if (i < 0) + return 0; + return (in[i >> 3] >> (i & 7)) & 1; +} + +/* Interleaved point multiplication using precomputed point multiples: + * The small point multiples 0*P, 1*P, ..., 16*P are in pre_comp[], + * the scalars in scalars[]. If g_scalar is non-NULL, we also add this multiple + * of the generator, using certain (large) precomputed multiples in g_pre_comp. + * Output point (X, Y, Z) is stored in x_out, y_out, z_out */ +static void +batch_mul(felem x_out, felem y_out, felem z_out, + const felem_bytearray scalars[], const unsigned num_points, const u8 * g_scalar, + const int mixed, const felem pre_comp[][17][3], const felem g_pre_comp[16][3]) +{ + int i, skip; + unsigned num, gen_mul = (g_scalar != NULL); + felem nq[3], tmp[4]; + limb bits; + u8 sign, digit; + + /* set nq to the point at infinity */ + memset(nq, 0, 3 * sizeof(felem)); + + /* + * Loop over all scalars msb-to-lsb, interleaving additions of + * multiples of the generator (last quarter of rounds) and additions + * of other points multiples (every 5th round). + */ + skip = 1; /* save two point operations in the first + * round */ + for (i = (num_points ? 520 : 130); i >= 0; --i) { + /* double */ + if (!skip) + point_double(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2]); + + /* add multiples of the generator */ + if (gen_mul && (i <= 130)) { + bits = get_bit(g_scalar, i + 390) << 3; + if (i < 130) { + bits |= get_bit(g_scalar, i + 260) << 2; + bits |= get_bit(g_scalar, i + 130) << 1; + bits |= get_bit(g_scalar, i); + } + /* select the point to add, in constant time */ + select_point(bits, 16, g_pre_comp, tmp); + if (!skip) { + point_add(nq[0], nq[1], nq[2], + nq[0], nq[1], nq[2], + 1 /* mixed */ , tmp[0], tmp[1], tmp[2]); + } else { + memcpy(nq, tmp, 3 * sizeof(felem)); + skip = 0; + } + } + /* do other additions every 5 doublings */ + if (num_points && (i % 5 == 0)) { + /* loop over all scalars */ + for (num = 0; num < num_points; ++num) { + bits = get_bit(scalars[num], i + 4) << 5; + bits |= get_bit(scalars[num], i + 3) << 4; + bits |= get_bit(scalars[num], i + 2) << 3; + bits |= get_bit(scalars[num], i + 1) << 2; + bits |= get_bit(scalars[num], i) << 1; + bits |= get_bit(scalars[num], i - 1); + ec_GFp_nistp_recode_scalar_bits(&sign, &digit, bits); + + /* + * select the point to add or subtract, in + * constant time + */ + select_point(digit, 17, pre_comp[num], tmp); + felem_neg(tmp[3], tmp[1]); /* (X, -Y, Z) is the + * negative point */ + copy_conditional(tmp[1], tmp[3], (-(limb) sign)); + + if (!skip) { + point_add(nq[0], nq[1], nq[2], + nq[0], nq[1], nq[2], + mixed, tmp[0], tmp[1], tmp[2]); + } else { + memcpy(nq, tmp, 3 * sizeof(felem)); + skip = 0; + } + } + } + } + felem_assign(x_out, nq[0]); + felem_assign(y_out, nq[1]); + felem_assign(z_out, nq[2]); +} + + +/* Precomputation for the group generator. */ +typedef struct { + felem g_pre_comp[16][3]; + int references; +} NISTP521_PRE_COMP; + +const EC_METHOD * +EC_GFp_nistp521_method(void) +{ + static const EC_METHOD ret = { + .flags = EC_FLAGS_DEFAULT_OCT, + .field_type = NID_X9_62_prime_field, + .group_init = ec_GFp_nistp521_group_init, + .group_finish = ec_GFp_simple_group_finish, + .group_clear_finish = ec_GFp_simple_group_clear_finish, + .group_copy = ec_GFp_nist_group_copy, + .group_set_curve = ec_GFp_nistp521_group_set_curve, + .group_get_curve = ec_GFp_simple_group_get_curve, + .group_get_degree = ec_GFp_simple_group_get_degree, + .group_check_discriminant = + ec_GFp_simple_group_check_discriminant, + .point_init = ec_GFp_simple_point_init, + .point_finish = ec_GFp_simple_point_finish, + .point_clear_finish = ec_GFp_simple_point_clear_finish, + .point_copy = ec_GFp_simple_point_copy, + .point_set_to_infinity = ec_GFp_simple_point_set_to_infinity, + .point_set_Jprojective_coordinates_GFp = + ec_GFp_simple_set_Jprojective_coordinates_GFp, + .point_get_Jprojective_coordinates_GFp = + ec_GFp_simple_get_Jprojective_coordinates_GFp, + .point_set_affine_coordinates = + ec_GFp_simple_point_set_affine_coordinates, + .point_get_affine_coordinates = + ec_GFp_nistp521_point_get_affine_coordinates, + .add = ec_GFp_simple_add, + .dbl = ec_GFp_simple_dbl, + .invert = ec_GFp_simple_invert, + .is_at_infinity = ec_GFp_simple_is_at_infinity, + .is_on_curve = ec_GFp_simple_is_on_curve, + .point_cmp = ec_GFp_simple_cmp, + .make_affine = ec_GFp_simple_make_affine, + .points_make_affine = ec_GFp_simple_points_make_affine, + .mul = ec_GFp_nistp521_points_mul, + .precompute_mult = ec_GFp_nistp521_precompute_mult, + .have_precompute_mult = ec_GFp_nistp521_have_precompute_mult, + .field_mul = ec_GFp_nist_field_mul, + .field_sqr = ec_GFp_nist_field_sqr, + .blind_coordinates = NULL, + }; + + return &ret; +} + + +/******************************************************************************/ +/* FUNCTIONS TO MANAGE PRECOMPUTATION + */ + +static NISTP521_PRE_COMP * +nistp521_pre_comp_new() +{ + NISTP521_PRE_COMP *ret = NULL; + ret = malloc(sizeof(NISTP521_PRE_COMP)); + if (!ret) { + ECerror(ERR_R_MALLOC_FAILURE); + return ret; + } + memset(ret->g_pre_comp, 0, sizeof(ret->g_pre_comp)); + ret->references = 1; + return ret; +} + +static void * +nistp521_pre_comp_dup(void *src_) +{ + NISTP521_PRE_COMP *src = src_; + + /* no need to actually copy, these objects never change! */ + CRYPTO_add(&src->references, 1, CRYPTO_LOCK_EC_PRE_COMP); + + return src_; +} + +static void +nistp521_pre_comp_free(void *pre_) +{ + int i; + NISTP521_PRE_COMP *pre = pre_; + + if (!pre) + return; + + i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP); + if (i > 0) + return; + + free(pre); +} + +static void +nistp521_pre_comp_clear_free(void *pre_) +{ + int i; + NISTP521_PRE_COMP *pre = pre_; + + if (!pre) + return; + + i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP); + if (i > 0) + return; + + freezero(pre, sizeof(*pre)); +} + +/******************************************************************************/ +/* OPENSSL EC_METHOD FUNCTIONS + */ + +int +ec_GFp_nistp521_group_init(EC_GROUP * group) +{ + int ret; + ret = ec_GFp_simple_group_init(group); + group->a_is_minus3 = 1; + return ret; +} + +int +ec_GFp_nistp521_group_set_curve(EC_GROUP * group, const BIGNUM * p, + const BIGNUM * a, const BIGNUM * b, BN_CTX * ctx) +{ + int ret = 0; + BN_CTX *new_ctx = NULL; + BIGNUM *curve_p, *curve_a, *curve_b; + + if (ctx == NULL) + if ((ctx = new_ctx = BN_CTX_new()) == NULL) + return 0; + BN_CTX_start(ctx); + if (((curve_p = BN_CTX_get(ctx)) == NULL) || + ((curve_a = BN_CTX_get(ctx)) == NULL) || + ((curve_b = BN_CTX_get(ctx)) == NULL)) + goto err; + BN_bin2bn(nistp521_curve_params[0], sizeof(felem_bytearray), curve_p); + BN_bin2bn(nistp521_curve_params[1], sizeof(felem_bytearray), curve_a); + BN_bin2bn(nistp521_curve_params[2], sizeof(felem_bytearray), curve_b); + if ((BN_cmp(curve_p, p)) || (BN_cmp(curve_a, a)) || + (BN_cmp(curve_b, b))) { + ECerror(EC_R_WRONG_CURVE_PARAMETERS); + goto err; + } + group->field_mod_func = BN_nist_mod_521; + ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx); + err: + BN_CTX_end(ctx); + BN_CTX_free(new_ctx); + return ret; +} + +/* Takes the Jacobian coordinates (X, Y, Z) of a point and returns + * (X', Y') = (X/Z^2, Y/Z^3) */ +int +ec_GFp_nistp521_point_get_affine_coordinates(const EC_GROUP * group, + const EC_POINT * point, BIGNUM * x, BIGNUM * y, BN_CTX * ctx) +{ + felem z1, z2, x_in, y_in, x_out, y_out; + largefelem tmp; + + if (EC_POINT_is_at_infinity(group, point) > 0) { + ECerror(EC_R_POINT_AT_INFINITY); + return 0; + } + if ((!BN_to_felem(x_in, &point->X)) || (!BN_to_felem(y_in, &point->Y)) || + (!BN_to_felem(z1, &point->Z))) + return 0; + felem_inv(z2, z1); + felem_square(tmp, z2); + felem_reduce(z1, tmp); + felem_mul(tmp, x_in, z1); + felem_reduce(x_in, tmp); + felem_contract(x_out, x_in); + if (x != NULL) { + if (!felem_to_BN(x, x_out)) { + ECerror(ERR_R_BN_LIB); + return 0; + } + } + felem_mul(tmp, z1, z2); + felem_reduce(z1, tmp); + felem_mul(tmp, y_in, z1); + felem_reduce(y_in, tmp); + felem_contract(y_out, y_in); + if (y != NULL) { + if (!felem_to_BN(y, y_out)) { + ECerror(ERR_R_BN_LIB); + return 0; + } + } + return 1; +} + +static void +make_points_affine(size_t num, felem points[ /* num */ ][3], felem tmp_felems[ /* num+1 */ ]) +{ + /* + * Runs in constant time, unless an input is the point at infinity + * (which normally shouldn't happen). + */ + ec_GFp_nistp_points_make_affine_internal( + num, + points, + sizeof(felem), + tmp_felems, + (void (*) (void *)) felem_one, + (int (*) (const void *)) felem_is_zero_int, + (void (*) (void *, const void *)) felem_assign, + (void (*) (void *, const void *)) felem_square_reduce, + (void (*) (void *, const void *, const void *)) felem_mul_reduce, + (void (*) (void *, const void *)) felem_inv, + (void (*) (void *, const void *)) felem_contract); +} + +/* Computes scalar*generator + \sum scalars[i]*points[i], ignoring NULL values + * Result is stored in r (r can equal one of the inputs). */ +int +ec_GFp_nistp521_points_mul(const EC_GROUP * group, EC_POINT * r, + const BIGNUM * scalar, size_t num, const EC_POINT * points[], + const BIGNUM * scalars[], BN_CTX * ctx) +{ + int ret = 0; + int j; + int mixed = 0; + BN_CTX *new_ctx = NULL; + BIGNUM *x, *y, *z, *tmp_scalar; + felem_bytearray g_secret; + felem_bytearray *secrets = NULL; + felem(*pre_comp)[17][3] = NULL; + felem *tmp_felems = NULL; + felem_bytearray tmp; + unsigned i, num_bytes; + int have_pre_comp = 0; + size_t num_points = num; + felem x_in, y_in, z_in, x_out, y_out, z_out; + NISTP521_PRE_COMP *pre = NULL; + felem(*g_pre_comp)[3] = NULL; + EC_POINT *generator = NULL; + const EC_POINT *p = NULL; + const BIGNUM *p_scalar = NULL; + + if (ctx == NULL) + if ((ctx = new_ctx = BN_CTX_new()) == NULL) + return 0; + BN_CTX_start(ctx); + if (((x = BN_CTX_get(ctx)) == NULL) || + ((y = BN_CTX_get(ctx)) == NULL) || + ((z = BN_CTX_get(ctx)) == NULL) || + ((tmp_scalar = BN_CTX_get(ctx)) == NULL)) + goto err; + + if (scalar != NULL) { + pre = EC_EX_DATA_get_data(group->extra_data, + nistp521_pre_comp_dup, nistp521_pre_comp_free, + nistp521_pre_comp_clear_free); + if (pre) + /* we have precomputation, try to use it */ + g_pre_comp = &pre->g_pre_comp[0]; + else + /* try to use the standard precomputation */ + g_pre_comp = (felem(*)[3]) gmul; + generator = EC_POINT_new(group); + if (generator == NULL) + goto err; + /* get the generator from precomputation */ + if (!felem_to_BN(x, g_pre_comp[1][0]) || + !felem_to_BN(y, g_pre_comp[1][1]) || + !felem_to_BN(z, g_pre_comp[1][2])) { + ECerror(ERR_R_BN_LIB); + goto err; + } + if (!EC_POINT_set_Jprojective_coordinates_GFp(group, + generator, x, y, z, ctx)) + goto err; + if (0 == EC_POINT_cmp(group, generator, group->generator, ctx)) + /* precomputation matches generator */ + have_pre_comp = 1; + else + /* + * we don't have valid precomputation: treat the + * generator as a random point + */ + num_points++; + } + if (num_points > 0) { + if (num_points >= 2) { + /* + * unless we precompute multiples for just one point, + * converting those into affine form is time well + * spent + */ + mixed = 1; + } + secrets = calloc(num_points, sizeof(felem_bytearray)); + pre_comp = calloc(num_points, 17 * 3 * sizeof(felem)); + if (mixed) { + /* XXX should do more int overflow checking */ + tmp_felems = reallocarray(NULL, + (num_points * 17 + 1), sizeof(felem)); + } + if ((secrets == NULL) || (pre_comp == NULL) || (mixed && (tmp_felems == NULL))) { + ECerror(ERR_R_MALLOC_FAILURE); + goto err; + } + /* + * we treat NULL scalars as 0, and NULL points as points at + * infinity, i.e., they contribute nothing to the linear + * combination + */ + for (i = 0; i < num_points; ++i) { + if (i == num) + /* + * we didn't have a valid precomputation, so + * we pick the generator + */ + { + p = EC_GROUP_get0_generator(group); + p_scalar = scalar; + } else + /* the i^th point */ + { + p = points[i]; + p_scalar = scalars[i]; + } + if ((p_scalar != NULL) && (p != NULL)) { + /* reduce scalar to 0 <= scalar < 2^521 */ + if ((BN_num_bits(p_scalar) > 521) || (BN_is_negative(p_scalar))) { + /* + * this is an unusual input, and we + * don't guarantee constant-timeness + */ + if (!BN_nnmod(tmp_scalar, p_scalar, &group->order, ctx)) { + ECerror(ERR_R_BN_LIB); + goto err; + } + num_bytes = BN_bn2bin(tmp_scalar, tmp); + } else + num_bytes = BN_bn2bin(p_scalar, tmp); + flip_endian(secrets[i], tmp, num_bytes); + /* precompute multiples */ + if ((!BN_to_felem(x_out, &p->X)) || + (!BN_to_felem(y_out, &p->Y)) || + (!BN_to_felem(z_out, &p->Z))) + goto err; + memcpy(pre_comp[i][1][0], x_out, sizeof(felem)); + memcpy(pre_comp[i][1][1], y_out, sizeof(felem)); + memcpy(pre_comp[i][1][2], z_out, sizeof(felem)); + for (j = 2; j <= 16; ++j) { + if (j & 1) { + point_add( + pre_comp[i][j][0], pre_comp[i][j][1], pre_comp[i][j][2], + pre_comp[i][1][0], pre_comp[i][1][1], pre_comp[i][1][2], + 0, pre_comp[i][j - 1][0], pre_comp[i][j - 1][1], pre_comp[i][j - 1][2]); + } else { + point_double( + pre_comp[i][j][0], pre_comp[i][j][1], pre_comp[i][j][2], + pre_comp[i][j / 2][0], pre_comp[i][j / 2][1], pre_comp[i][j / 2][2]); + } + } + } + } + if (mixed) + make_points_affine(num_points * 17, pre_comp[0], tmp_felems); + } + /* the scalar for the generator */ + if ((scalar != NULL) && (have_pre_comp)) { + memset(g_secret, 0, sizeof(g_secret)); + /* reduce scalar to 0 <= scalar < 2^521 */ + if ((BN_num_bits(scalar) > 521) || (BN_is_negative(scalar))) { + /* + * this is an unusual input, and we don't guarantee + * constant-timeness + */ + if (!BN_nnmod(tmp_scalar, scalar, &group->order, ctx)) { + ECerror(ERR_R_BN_LIB); + goto err; + } + num_bytes = BN_bn2bin(tmp_scalar, tmp); + } else + num_bytes = BN_bn2bin(scalar, tmp); + flip_endian(g_secret, tmp, num_bytes); + /* do the multiplication with generator precomputation */ + batch_mul(x_out, y_out, z_out, + (const felem_bytearray(*)) secrets, num_points, + g_secret, + mixed, (const felem(*)[17][3]) pre_comp, + (const felem(*)[3]) g_pre_comp); + } else + /* do the multiplication without generator precomputation */ + batch_mul(x_out, y_out, z_out, + (const felem_bytearray(*)) secrets, num_points, + NULL, mixed, (const felem(*)[17][3]) pre_comp, NULL); + /* reduce the output to its unique minimal representation */ + felem_contract(x_in, x_out); + felem_contract(y_in, y_out); + felem_contract(z_in, z_out); + if ((!felem_to_BN(x, x_in)) || (!felem_to_BN(y, y_in)) || + (!felem_to_BN(z, z_in))) { + ECerror(ERR_R_BN_LIB); + goto err; + } + ret = EC_POINT_set_Jprojective_coordinates_GFp(group, r, x, y, z, ctx); + + err: + BN_CTX_end(ctx); + EC_POINT_free(generator); + BN_CTX_free(new_ctx); + free(secrets); + free(pre_comp); + free(tmp_felems); + return ret; +} + +int +ec_GFp_nistp521_precompute_mult(EC_GROUP * group, BN_CTX * ctx) +{ + int ret = 0; + NISTP521_PRE_COMP *pre = NULL; + int i, j; + BN_CTX *new_ctx = NULL; + BIGNUM *x, *y; + EC_POINT *generator = NULL; + felem tmp_felems[16]; + + /* throw away old precomputation */ + EC_EX_DATA_free_data(&group->extra_data, nistp521_pre_comp_dup, + nistp521_pre_comp_free, nistp521_pre_comp_clear_free); + if (ctx == NULL) + if ((ctx = new_ctx = BN_CTX_new()) == NULL) + return 0; + BN_CTX_start(ctx); + if (((x = BN_CTX_get(ctx)) == NULL) || + ((y = BN_CTX_get(ctx)) == NULL)) + goto err; + /* get the generator */ + if (group->generator == NULL) + goto err; + generator = EC_POINT_new(group); + if (generator == NULL) + goto err; + BN_bin2bn(nistp521_curve_params[3], sizeof(felem_bytearray), x); + BN_bin2bn(nistp521_curve_params[4], sizeof(felem_bytearray), y); + if (!EC_POINT_set_affine_coordinates_GFp(group, generator, x, y, ctx)) + goto err; + if ((pre = nistp521_pre_comp_new()) == NULL) + goto err; + /* if the generator is the standard one, use built-in precomputation */ + if (0 == EC_POINT_cmp(group, generator, group->generator, ctx)) { + memcpy(pre->g_pre_comp, gmul, sizeof(pre->g_pre_comp)); + ret = 1; + goto err; + } + if ((!BN_to_felem(pre->g_pre_comp[1][0], &group->generator->X)) || + (!BN_to_felem(pre->g_pre_comp[1][1], &group->generator->Y)) || + (!BN_to_felem(pre->g_pre_comp[1][2], &group->generator->Z))) + goto err; + /* compute 2^130*G, 2^260*G, 2^390*G */ + for (i = 1; i <= 4; i <<= 1) { + point_double(pre->g_pre_comp[2 * i][0], pre->g_pre_comp[2 * i][1], + pre->g_pre_comp[2 * i][2], pre->g_pre_comp[i][0], + pre->g_pre_comp[i][1], pre->g_pre_comp[i][2]); + for (j = 0; j < 129; ++j) { + point_double(pre->g_pre_comp[2 * i][0], + pre->g_pre_comp[2 * i][1], + pre->g_pre_comp[2 * i][2], + pre->g_pre_comp[2 * i][0], + pre->g_pre_comp[2 * i][1], + pre->g_pre_comp[2 * i][2]); + } + } + /* g_pre_comp[0] is the point at infinity */ + memset(pre->g_pre_comp[0], 0, sizeof(pre->g_pre_comp[0])); + /* the remaining multiples */ + /* 2^130*G + 2^260*G */ + point_add(pre->g_pre_comp[6][0], pre->g_pre_comp[6][1], + pre->g_pre_comp[6][2], pre->g_pre_comp[4][0], + pre->g_pre_comp[4][1], pre->g_pre_comp[4][2], + 0, pre->g_pre_comp[2][0], pre->g_pre_comp[2][1], + pre->g_pre_comp[2][2]); + /* 2^130*G + 2^390*G */ + point_add(pre->g_pre_comp[10][0], pre->g_pre_comp[10][1], + pre->g_pre_comp[10][2], pre->g_pre_comp[8][0], + pre->g_pre_comp[8][1], pre->g_pre_comp[8][2], + 0, pre->g_pre_comp[2][0], pre->g_pre_comp[2][1], + pre->g_pre_comp[2][2]); + /* 2^260*G + 2^390*G */ + point_add(pre->g_pre_comp[12][0], pre->g_pre_comp[12][1], + pre->g_pre_comp[12][2], pre->g_pre_comp[8][0], + pre->g_pre_comp[8][1], pre->g_pre_comp[8][2], + 0, pre->g_pre_comp[4][0], pre->g_pre_comp[4][1], + pre->g_pre_comp[4][2]); + /* 2^130*G + 2^260*G + 2^390*G */ + point_add(pre->g_pre_comp[14][0], pre->g_pre_comp[14][1], + pre->g_pre_comp[14][2], pre->g_pre_comp[12][0], + pre->g_pre_comp[12][1], pre->g_pre_comp[12][2], + 0, pre->g_pre_comp[2][0], pre->g_pre_comp[2][1], + pre->g_pre_comp[2][2]); + for (i = 1; i < 8; ++i) { + /* odd multiples: add G */ + point_add(pre->g_pre_comp[2 * i + 1][0], pre->g_pre_comp[2 * i + 1][1], + pre->g_pre_comp[2 * i + 1][2], pre->g_pre_comp[2 * i][0], + pre->g_pre_comp[2 * i][1], pre->g_pre_comp[2 * i][2], + 0, pre->g_pre_comp[1][0], pre->g_pre_comp[1][1], + pre->g_pre_comp[1][2]); + } + make_points_affine(15, &(pre->g_pre_comp[1]), tmp_felems); + + if (!EC_EX_DATA_set_data(&group->extra_data, pre, nistp521_pre_comp_dup, + nistp521_pre_comp_free, nistp521_pre_comp_clear_free)) + goto err; + ret = 1; + pre = NULL; + err: + BN_CTX_end(ctx); + EC_POINT_free(generator); + BN_CTX_free(new_ctx); + nistp521_pre_comp_free(pre); + return ret; +} + +int +ec_GFp_nistp521_have_precompute_mult(const EC_GROUP * group) +{ + if (EC_EX_DATA_get_data(group->extra_data, nistp521_pre_comp_dup, + nistp521_pre_comp_free, nistp521_pre_comp_clear_free) + != NULL) + return 1; + else + return 0; +} + +#endif diff --git a/src/lib/libcrypto/ec/ecp_nistputil.c b/src/lib/libcrypto/ec/ecp_nistputil.c new file mode 100644 index 00000000000..ca55b49ba29 --- /dev/null +++ b/src/lib/libcrypto/ec/ecp_nistputil.c @@ -0,0 +1,209 @@ +/* $OpenBSD: ecp_nistputil.c,v 1.6 2014/07/10 22:45:57 jsing Exp $ */ +/* + * Written by Bodo Moeller for the OpenSSL project. + */ +/* + * Copyright (c) 2011 Google Inc. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include + +#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 + +/* + * Common utility functions for ecp_nistp224.c, ecp_nistp256.c, ecp_nistp521.c. + */ + +#include "ec_lcl.h" + +/* Convert an array of points into affine coordinates. + * (If the point at infinity is found (Z = 0), it remains unchanged.) + * This function is essentially an equivalent to EC_POINTs_make_affine(), but + * works with the internal representation of points as used by ecp_nistp###.c + * rather than with (BIGNUM-based) EC_POINT data structures. + * + * point_array is the input/output buffer ('num' points in projective form, + * i.e. three coordinates each), based on an internal representation of + * field elements of size 'felem_size'. + * + * tmp_felems needs to point to a temporary array of 'num'+1 field elements + * for storage of intermediate values. + */ +void +ec_GFp_nistp_points_make_affine_internal(size_t num, void *point_array, + size_t felem_size, void *tmp_felems, + void (*felem_one) (void *out), + int (*felem_is_zero) (const void *in), + void (*felem_assign) (void *out, const void *in), + void (*felem_square) (void *out, const void *in), + void (*felem_mul) (void *out, const void *in1, const void *in2), + void (*felem_inv) (void *out, const void *in), + void (*felem_contract) (void *out, const void *in)) +{ + int i = 0; + +#define tmp_felem(I) (&((char *)tmp_felems)[(I) * felem_size]) +#define X(I) (&((char *)point_array)[3*(I) * felem_size]) +#define Y(I) (&((char *)point_array)[(3*(I) + 1) * felem_size]) +#define Z(I) (&((char *)point_array)[(3*(I) + 2) * felem_size]) + + if (!felem_is_zero(Z(0))) + felem_assign(tmp_felem(0), Z(0)); + else + felem_one(tmp_felem(0)); + for (i = 1; i < (int) num; i++) { + if (!felem_is_zero(Z(i))) + felem_mul(tmp_felem(i), tmp_felem(i - 1), Z(i)); + else + felem_assign(tmp_felem(i), tmp_felem(i - 1)); + } + /* + * Now each tmp_felem(i) is the product of Z(0) .. Z(i), skipping any + * zero-valued factors: if Z(i) = 0, we essentially pretend that Z(i) + * = 1 + */ + + felem_inv(tmp_felem(num - 1), tmp_felem(num - 1)); + for (i = num - 1; i >= 0; i--) { + if (i > 0) + /* + * tmp_felem(i-1) is the product of Z(0) .. Z(i-1), + * tmp_felem(i) is the inverse of the product of Z(0) + * .. Z(i) + */ + felem_mul(tmp_felem(num), tmp_felem(i - 1), tmp_felem(i)); /* 1/Z(i) */ + else + felem_assign(tmp_felem(num), tmp_felem(0)); /* 1/Z(0) */ + + if (!felem_is_zero(Z(i))) { + if (i > 0) + /* + * For next iteration, replace tmp_felem(i-1) + * by its inverse + */ + felem_mul(tmp_felem(i - 1), tmp_felem(i), Z(i)); + + /* + * Convert point (X, Y, Z) into affine form (X/(Z^2), + * Y/(Z^3), 1) + */ + felem_square(Z(i), tmp_felem(num)); /* 1/(Z^2) */ + felem_mul(X(i), X(i), Z(i)); /* X/(Z^2) */ + felem_mul(Z(i), Z(i), tmp_felem(num)); /* 1/(Z^3) */ + felem_mul(Y(i), Y(i), Z(i)); /* Y/(Z^3) */ + felem_contract(X(i), X(i)); + felem_contract(Y(i), Y(i)); + felem_one(Z(i)); + } else { + if (i > 0) + /* + * For next iteration, replace tmp_felem(i-1) + * by its inverse + */ + felem_assign(tmp_felem(i - 1), tmp_felem(i)); + } + } +} + +/* + * This function looks at 5+1 scalar bits (5 current, 1 adjacent less + * significant bit), and recodes them into a signed digit for use in fast point + * multiplication: the use of signed rather than unsigned digits means that + * fewer points need to be precomputed, given that point inversion is easy + * (a precomputed point dP makes -dP available as well). + * + * BACKGROUND: + * + * Signed digits for multiplication were introduced by Booth ("A signed binary + * multiplication technique", Quart. Journ. Mech. and Applied Math., vol. IV, + * pt. 2 (1951), pp. 236-240), in that case for multiplication of integers. + * Booth's original encoding did not generally improve the density of nonzero + * digits over the binary representation, and was merely meant to simplify the + * handling of signed factors given in two's complement; but it has since been + * shown to be the basis of various signed-digit representations that do have + * further advantages, including the wNAF, using the following general approach: + * + * (1) Given a binary representation + * + * b_k ... b_2 b_1 b_0, + * + * of a nonnegative integer (b_k in {0, 1}), rewrite it in digits 0, 1, -1 + * by using bit-wise subtraction as follows: + * + * b_k b_(k-1) ... b_2 b_1 b_0 + * - b_k ... b_3 b_2 b_1 b_0 + * ------------------------------------- + * s_k b_(k-1) ... s_3 s_2 s_1 s_0 + * + * A left-shift followed by subtraction of the original value yields a new + * representation of the same value, using signed bits s_i = b_(i+1) - b_i. + * This representation from Booth's paper has since appeared in the + * literature under a variety of different names including "reversed binary + * form", "alternating greedy expansion", "mutual opposite form", and + * "sign-alternating {+-1}-representation". + * + * An interesting property is that among the nonzero bits, values 1 and -1 + * strictly alternate. + * + * (2) Various window schemes can be applied to the Booth representation of + * integers: for example, right-to-left sliding windows yield the wNAF + * (a signed-digit encoding independently discovered by various researchers + * in the 1990s), and left-to-right sliding windows yield a left-to-right + * equivalent of the wNAF (independently discovered by various researchers + * around 2004). + * + * To prevent leaking information through side channels in point multiplication, + * we need to recode the given integer into a regular pattern: sliding windows + * as in wNAFs won't do, we need their fixed-window equivalent -- which is a few + * decades older: we'll be using the so-called "modified Booth encoding" due to + * MacSorley ("High-speed arithmetic in binary computers", Proc. IRE, vol. 49 + * (1961), pp. 67-91), in a radix-2^5 setting. That is, we always combine five + * signed bits into a signed digit: + * + * s_(4j + 4) s_(4j + 3) s_(4j + 2) s_(4j + 1) s_(4j) + * + * The sign-alternating property implies that the resulting digit values are + * integers from -16 to 16. + * + * Of course, we don't actually need to compute the signed digits s_i as an + * intermediate step (that's just a nice way to see how this scheme relates + * to the wNAF): a direct computation obtains the recoded digit from the + * six bits b_(4j + 4) ... b_(4j - 1). + * + * This function takes those five bits as an integer (0 .. 63), writing the + * recoded digit to *sign (0 for positive, 1 for negative) and *digit (absolute + * value, in the range 0 .. 8). Note that this integer essentially provides the + * input bits "shifted to the left" by one position: for example, the input to + * compute the least significant recoded digit, given that there's no bit b_-1, + * has to be b_4 b_3 b_2 b_1 b_0 0. + * + */ +void +ec_GFp_nistp_recode_scalar_bits(unsigned char *sign, unsigned char *digit, unsigned char in) +{ + unsigned char s, d; + + s = ~((in >> 5) - 1); /* sets all bits to MSB(in), 'in' seen as + * 6-bit value */ + d = (1 << 6) - in - 1; + d = (d & s) | (in & ~s); + d = (d >> 1) + (d & 1); + + *sign = s & 1; + *digit = d; +} +#endif diff --git a/src/lib/libcrypto/ec/ecp_nistz256.c b/src/lib/libcrypto/ec/ecp_nistz256.c new file mode 100644 index 00000000000..71e0835e708 --- /dev/null +++ b/src/lib/libcrypto/ec/ecp_nistz256.c @@ -0,0 +1,1190 @@ +/* $OpenBSD: ecp_nistz256.c,v 1.7 2018/11/05 20:18:21 tb Exp $ */ +/* Copyright (c) 2014, Intel Corporation. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +/* Developers and authors: + * Shay Gueron (1, 2), and Vlad Krasnov (1) + * (1) Intel Corporation, Israel Development Center + * (2) University of Haifa + * Reference: + * S.Gueron and V.Krasnov, "Fast Prime Field Elliptic Curve Cryptography with + * 256 Bit Primes" */ + +/* + * The following license applies to _booth_recode_w5() and + * _booth_recode_w7(): + */ +/* Copyright (c) 2015, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include + +#include +#include +#include +#include + +#include "ec_lcl.h" + +#if BN_BITS2 != 64 +#define TOBN(hi,lo) lo,hi +#else +#define TOBN(hi,lo) ((BN_ULONG)hi << 32 | lo) +#endif + +#if defined(__GNUC__) +#define ALIGN32 __attribute((aligned(32))) +#elif defined(_MSC_VER) +#define ALIGN32 __declspec(align(32)) +#else +#define ALIGN32 +#endif + +#define P256_LIMBS (256 / BN_BITS2) + +typedef struct { + BN_ULONG X[P256_LIMBS]; + BN_ULONG Y[P256_LIMBS]; + BN_ULONG Z[P256_LIMBS]; +} P256_POINT; + +typedef struct { + BN_ULONG X[P256_LIMBS]; + BN_ULONG Y[P256_LIMBS]; +} P256_POINT_AFFINE; + +typedef P256_POINT_AFFINE PRECOMP256_ROW[64]; + +/* structure for precomputed multiples of the generator */ +typedef struct ec_pre_comp_st { + const EC_GROUP *group; /* Parent EC_GROUP object */ + size_t w; /* Window size */ + /* + * Constant time access to the X and Y coordinates of the pre-computed, + * generator multiplies, in the Montgomery domain. Pre-calculated + * multiplies are stored in affine form. + */ + PRECOMP256_ROW *precomp; + int references; +} EC_PRE_COMP; + +/* + * Arithmetic on field elements using Almost Montgomery Multiplication. The + * "almost" means, in particular, that the inputs and outputs of these + * functions are in the range [0, 2**BN_BITS2), not [0, P). Only + * |ecp_nistz256_from_mont| outputs a fully reduced value in [0, P). Almost + * Montgomery Arithmetic is described clearly in "Efficient Software + * Implementations of Modular Exponentiation" by Shay Gueron. + */ + +/* Modular neg: res = -a mod P, where res is not fully reduced. */ +void ecp_nistz256_neg(BN_ULONG res[P256_LIMBS], + const BN_ULONG a[P256_LIMBS]); +/* Montgomery mul: res = a*b*2^-256 mod P, where res is not fully reduced. */ +void ecp_nistz256_mul_mont(BN_ULONG res[P256_LIMBS], + const BN_ULONG a[P256_LIMBS], const BN_ULONG b[P256_LIMBS]); +/* Montgomery sqr: res = a*a*2^-256 mod P, where res is not fully reduced. */ +void ecp_nistz256_sqr_mont(BN_ULONG res[P256_LIMBS], + const BN_ULONG a[P256_LIMBS]); +/* Convert a number from Montgomery domain, by multiplying with 1, where res + * will be fully reduced mod P. */ +void ecp_nistz256_from_mont(BN_ULONG res[P256_LIMBS], + const BN_ULONG in[P256_LIMBS]); + +/* Functions that perform constant time access to the precomputed tables */ +void ecp_nistz256_select_w5(P256_POINT *val, const P256_POINT *in_t, + int index); +void ecp_nistz256_select_w7(P256_POINT_AFFINE *val, + const P256_POINT_AFFINE *in_t, int index); + +/* One converted into the Montgomery domain */ +static const BN_ULONG ONE[P256_LIMBS] = { + TOBN(0x00000000, 0x00000001), TOBN(0xffffffff, 0x00000000), + TOBN(0xffffffff, 0xffffffff), TOBN(0x00000000, 0xfffffffe) +}; + +static void *ecp_nistz256_pre_comp_dup(void *); +static void ecp_nistz256_pre_comp_free(void *); +static void ecp_nistz256_pre_comp_clear_free(void *); +static EC_PRE_COMP *ecp_nistz256_pre_comp_new(const EC_GROUP *group); + +/* Precomputed tables for the default generator */ +#include "ecp_nistz256_table.h" + +/* This function looks at 5+1 scalar bits (5 current, 1 adjacent less + * significant bit), and recodes them into a signed digit for use in fast point + * multiplication: the use of signed rather than unsigned digits means that + * fewer points need to be precomputed, given that point inversion is easy (a + * precomputed point dP makes -dP available as well). + * + * BACKGROUND: + * + * Signed digits for multiplication were introduced by Booth ("A signed binary + * multiplication technique", Quart. Journ. Mech. and Applied Math., vol. IV, + * pt. 2 (1951), pp. 236-240), in that case for multiplication of integers. + * Booth's original encoding did not generally improve the density of nonzero + * digits over the binary representation, and was merely meant to simplify the + * handling of signed factors given in two's complement; but it has since been + * shown to be the basis of various signed-digit representations that do have + * further advantages, including the wNAF, using the following general + * approach: + * + * (1) Given a binary representation + * + * b_k ... b_2 b_1 b_0, + * + * of a nonnegative integer (b_k in {0, 1}), rewrite it in digits 0, 1, -1 + * by using bit-wise subtraction as follows: + * + * b_k b_(k-1) ... b_2 b_1 b_0 + * - b_k ... b_3 b_2 b_1 b_0 + * ------------------------------------- + * s_k b_(k-1) ... s_3 s_2 s_1 s_0 + * + * A left-shift followed by subtraction of the original value yields a new + * representation of the same value, using signed bits s_i = b_(i+1) - b_i. + * This representation from Booth's paper has since appeared in the + * literature under a variety of different names including "reversed binary + * form", "alternating greedy expansion", "mutual opposite form", and + * "sign-alternating {+-1}-representation". + * + * An interesting property is that among the nonzero bits, values 1 and -1 + * strictly alternate. + * + * (2) Various window schemes can be applied to the Booth representation of + * integers: for example, right-to-left sliding windows yield the wNAF + * (a signed-digit encoding independently discovered by various researchers + * in the 1990s), and left-to-right sliding windows yield a left-to-right + * equivalent of the wNAF (independently discovered by various researchers + * around 2004). + * + * To prevent leaking information through side channels in point multiplication, + * we need to recode the given integer into a regular pattern: sliding windows + * as in wNAFs won't do, we need their fixed-window equivalent -- which is a few + * decades older: we'll be using the so-called "modified Booth encoding" due to + * MacSorley ("High-speed arithmetic in binary computers", Proc. IRE, vol. 49 + * (1961), pp. 67-91), in a radix-2^5 setting. That is, we always combine five + * signed bits into a signed digit: + * + * s_(4j + 4) s_(4j + 3) s_(4j + 2) s_(4j + 1) s_(4j) + * + * The sign-alternating property implies that the resulting digit values are + * integers from -16 to 16. + * + * Of course, we don't actually need to compute the signed digits s_i as an + * intermediate step (that's just a nice way to see how this scheme relates + * to the wNAF): a direct computation obtains the recoded digit from the + * six bits b_(4j + 4) ... b_(4j - 1). + * + * This function takes those five bits as an integer (0 .. 63), writing the + * recoded digit to *sign (0 for positive, 1 for negative) and *digit (absolute + * value, in the range 0 .. 8). Note that this integer essentially provides the + * input bits "shifted to the left" by one position: for example, the input to + * compute the least significant recoded digit, given that there's no bit b_-1, + * has to be b_4 b_3 b_2 b_1 b_0 0. */ + +static unsigned int +_booth_recode_w5(unsigned int in) +{ + unsigned int s, d; + + /* sets all bits to MSB(in), 'in' seen as 6-bit value */ + s = ~((in >> 5) - 1); + d = (1 << 6) - in - 1; + d = (d & s) | (in & ~s); + d = (d >> 1) + (d & 1); + + return (d << 1) + (s & 1); +} + +static unsigned int +_booth_recode_w7(unsigned int in) +{ + unsigned int s, d; + + /* sets all bits to MSB(in), 'in' seen as 8-bit value */ + s = ~((in >> 7) - 1); + d = (1 << 8) - in - 1; + d = (d & s) | (in & ~s); + d = (d >> 1) + (d & 1); + + return (d << 1) + (s & 1); +} + +static void +copy_conditional(BN_ULONG dst[P256_LIMBS], const BN_ULONG src[P256_LIMBS], + BN_ULONG move) +{ + BN_ULONG mask1 = -move; + BN_ULONG mask2 = ~mask1; + + dst[0] = (src[0] & mask1) ^ (dst[0] & mask2); + dst[1] = (src[1] & mask1) ^ (dst[1] & mask2); + dst[2] = (src[2] & mask1) ^ (dst[2] & mask2); + dst[3] = (src[3] & mask1) ^ (dst[3] & mask2); + if (P256_LIMBS == 8) { + dst[4] = (src[4] & mask1) ^ (dst[4] & mask2); + dst[5] = (src[5] & mask1) ^ (dst[5] & mask2); + dst[6] = (src[6] & mask1) ^ (dst[6] & mask2); + dst[7] = (src[7] & mask1) ^ (dst[7] & mask2); + } +} + +static BN_ULONG +is_zero(BN_ULONG in) +{ + in |= (0 - in); + in = ~in; + in &= BN_MASK2; + in >>= BN_BITS2 - 1; + return in; +} + +static BN_ULONG +is_equal(const BN_ULONG a[P256_LIMBS], const BN_ULONG b[P256_LIMBS]) +{ + BN_ULONG res; + + res = a[0] ^ b[0]; + res |= a[1] ^ b[1]; + res |= a[2] ^ b[2]; + res |= a[3] ^ b[3]; + if (P256_LIMBS == 8) { + res |= a[4] ^ b[4]; + res |= a[5] ^ b[5]; + res |= a[6] ^ b[6]; + res |= a[7] ^ b[7]; + } + + return is_zero(res); +} + +static BN_ULONG +is_one(const BIGNUM *z) +{ + BN_ULONG res = 0; + BN_ULONG *a = z->d; + + if (z->top == (P256_LIMBS - P256_LIMBS / 8)) { + res = a[0] ^ ONE[0]; + res |= a[1] ^ ONE[1]; + res |= a[2] ^ ONE[2]; + res |= a[3] ^ ONE[3]; + if (P256_LIMBS == 8) { + res |= a[4] ^ ONE[4]; + res |= a[5] ^ ONE[5]; + res |= a[6] ^ ONE[6]; + /* + * No check for a[7] (being zero) on 32-bit platforms, + * because value of "one" takes only 7 limbs. + */ + } + res = is_zero(res); + } + + return res; +} + +static int +ecp_nistz256_set_words(BIGNUM *a, BN_ULONG words[P256_LIMBS]) +{ + if (bn_wexpand(a, P256_LIMBS) == NULL) { + ECerror(ERR_R_MALLOC_FAILURE); + return 0; + } + memcpy(a->d, words, sizeof(BN_ULONG) * P256_LIMBS); + a->top = P256_LIMBS; + bn_correct_top(a); + return 1; +} + +void ecp_nistz256_point_double(P256_POINT *r, const P256_POINT *a); +void ecp_nistz256_point_add(P256_POINT *r, const P256_POINT *a, + const P256_POINT *b); +void ecp_nistz256_point_add_affine(P256_POINT *r, const P256_POINT *a, + const P256_POINT_AFFINE *b); + +/* r = in^-1 mod p */ +static void +ecp_nistz256_mod_inverse(BN_ULONG r[P256_LIMBS], const BN_ULONG in[P256_LIMBS]) +{ + /* + * The poly is ffffffff 00000001 00000000 00000000 00000000 ffffffff + * ffffffff ffffffff. We use FLT and use poly-2 as exponent. + */ + BN_ULONG p2[P256_LIMBS]; + BN_ULONG p4[P256_LIMBS]; + BN_ULONG p8[P256_LIMBS]; + BN_ULONG p16[P256_LIMBS]; + BN_ULONG p32[P256_LIMBS]; + BN_ULONG res[P256_LIMBS]; + unsigned int i; + + ecp_nistz256_sqr_mont(res, in); + ecp_nistz256_mul_mont(p2, res, in); /* 3*p */ + + ecp_nistz256_sqr_mont(res, p2); + ecp_nistz256_sqr_mont(res, res); + ecp_nistz256_mul_mont(p4, res, p2); /* f*p */ + + ecp_nistz256_sqr_mont(res, p4); + ecp_nistz256_sqr_mont(res, res); + ecp_nistz256_sqr_mont(res, res); + ecp_nistz256_sqr_mont(res, res); + ecp_nistz256_mul_mont(p8, res, p4); /* ff*p */ + + ecp_nistz256_sqr_mont(res, p8); + for (i = 0; i < 7; i++) + ecp_nistz256_sqr_mont(res, res); + ecp_nistz256_mul_mont(p16, res, p8); /* ffff*p */ + + ecp_nistz256_sqr_mont(res, p16); + for (i = 0; i < 15; i++) + ecp_nistz256_sqr_mont(res, res); + ecp_nistz256_mul_mont(p32, res, p16); /* ffffffff*p */ + + ecp_nistz256_sqr_mont(res, p32); + for (i = 0; i < 31; i++) + ecp_nistz256_sqr_mont(res, res); + ecp_nistz256_mul_mont(res, res, in); + + for (i = 0; i < 32 * 4; i++) + ecp_nistz256_sqr_mont(res, res); + ecp_nistz256_mul_mont(res, res, p32); + + for (i = 0; i < 32; i++) + ecp_nistz256_sqr_mont(res, res); + ecp_nistz256_mul_mont(res, res, p32); + + for (i = 0; i < 16; i++) + ecp_nistz256_sqr_mont(res, res); + ecp_nistz256_mul_mont(res, res, p16); + + for (i = 0; i < 8; i++) + ecp_nistz256_sqr_mont(res, res); + ecp_nistz256_mul_mont(res, res, p8); + + ecp_nistz256_sqr_mont(res, res); + ecp_nistz256_sqr_mont(res, res); + ecp_nistz256_sqr_mont(res, res); + ecp_nistz256_sqr_mont(res, res); + ecp_nistz256_mul_mont(res, res, p4); + + ecp_nistz256_sqr_mont(res, res); + ecp_nistz256_sqr_mont(res, res); + ecp_nistz256_mul_mont(res, res, p2); + + ecp_nistz256_sqr_mont(res, res); + ecp_nistz256_sqr_mont(res, res); + ecp_nistz256_mul_mont(res, res, in); + + memcpy(r, res, sizeof(res)); +} + +/* + * ecp_nistz256_bignum_to_field_elem copies the contents of |in| to |out| and + * returns one if it fits. Otherwise it returns zero. + */ +static int +ecp_nistz256_bignum_to_field_elem(BN_ULONG out[P256_LIMBS], const BIGNUM *in) +{ + if (in->top > P256_LIMBS) + return 0; + + memset(out, 0, sizeof(BN_ULONG) * P256_LIMBS); + memcpy(out, in->d, sizeof(BN_ULONG) * in->top); + return 1; +} + +/* r = sum(scalar[i]*point[i]) */ +static int +ecp_nistz256_windowed_mul(const EC_GROUP *group, P256_POINT *r, + const BIGNUM **scalar, const EC_POINT **point, size_t num, BN_CTX *ctx) +{ + int ret = 0; + unsigned int i, j, index; + unsigned char (*p_str)[33] = NULL; + const unsigned int window_size = 5; + const unsigned int mask = (1 << (window_size + 1)) - 1; + unsigned int wvalue; + BN_ULONG tmp[P256_LIMBS]; + /* avoid warning about ignored alignment for stack variable */ +#if defined(__GNUC__) && !defined(__OpenBSD__) + ALIGN32 +#endif + P256_POINT h; + const BIGNUM **scalars = NULL; + P256_POINT (*table)[16] = NULL; + + if (posix_memalign((void **)&table, 64, num * sizeof(*table)) != 0 || + (p_str = reallocarray(NULL, num, sizeof(*p_str))) == NULL || + (scalars = reallocarray(NULL, num, sizeof(*scalars))) == NULL) { + ECerror(ERR_R_MALLOC_FAILURE); + goto err; + } + + for (i = 0; i < num; i++) { + P256_POINT *row = table[i]; + + /* + * This is an unusual input, we don't guarantee + * constant-timeness. + */ + if (BN_num_bits(scalar[i]) > 256 || BN_is_negative(scalar[i])) { + BIGNUM *mod; + + if ((mod = BN_CTX_get(ctx)) == NULL) + goto err; + if (!BN_nnmod(mod, scalar[i], &group->order, ctx)) { + ECerror(ERR_R_BN_LIB); + goto err; + } + scalars[i] = mod; + } else + scalars[i] = scalar[i]; + + for (j = 0; j < scalars[i]->top * BN_BYTES; j += BN_BYTES) { + BN_ULONG d = scalars[i]->d[j / BN_BYTES]; + + p_str[i][j + 0] = d & 0xff; + p_str[i][j + 1] = (d >> 8) & 0xff; + p_str[i][j + 2] = (d >> 16) & 0xff; + p_str[i][j + 3] = (d >> 24) & 0xff; + if (BN_BYTES == 8) { + d >>= 32; + p_str[i][j + 4] = d & 0xff; + p_str[i][j + 5] = (d >> 8) & 0xff; + p_str[i][j + 6] = (d >> 16) & 0xff; + p_str[i][j + 7] = (d >> 24) & 0xff; + } + } + for (; j < 33; j++) + p_str[i][j] = 0; + + /* + * table[0] is implicitly (0,0,0) (the point at infinity), + * therefore it is not stored. All other values are actually + * stored with an offset of -1 in table. + */ + + if (!ecp_nistz256_bignum_to_field_elem(row[1 - 1].X, + &point[i]->X) || + !ecp_nistz256_bignum_to_field_elem(row[1 - 1].Y, + &point[i]->Y) || + !ecp_nistz256_bignum_to_field_elem(row[1 - 1].Z, + &point[i]->Z)) { + ECerror(EC_R_COORDINATES_OUT_OF_RANGE); + goto err; + } + + ecp_nistz256_point_double(&row[ 2 - 1], &row[ 1 - 1]); + ecp_nistz256_point_add(&row[ 3 - 1], &row[ 2 - 1], &row[1 - 1]); + ecp_nistz256_point_double(&row[ 4 - 1], &row[ 2 - 1]); + ecp_nistz256_point_double(&row[ 6 - 1], &row[ 3 - 1]); + ecp_nistz256_point_double(&row[ 8 - 1], &row[ 4 - 1]); + ecp_nistz256_point_double(&row[12 - 1], &row[ 6 - 1]); + ecp_nistz256_point_add(&row[ 5 - 1], &row[ 4 - 1], &row[1 - 1]); + ecp_nistz256_point_add(&row[ 7 - 1], &row[ 6 - 1], &row[1 - 1]); + ecp_nistz256_point_add(&row[ 9 - 1], &row[ 8 - 1], &row[1 - 1]); + ecp_nistz256_point_add(&row[13 - 1], &row[12 - 1], &row[1 - 1]); + ecp_nistz256_point_double(&row[14 - 1], &row[ 7 - 1]); + ecp_nistz256_point_double(&row[10 - 1], &row[ 5 - 1]); + ecp_nistz256_point_add(&row[15 - 1], &row[14 - 1], &row[1 - 1]); + ecp_nistz256_point_add(&row[11 - 1], &row[10 - 1], &row[1 - 1]); + ecp_nistz256_point_add(&row[16 - 1], &row[15 - 1], &row[1 - 1]); + } + + index = 255; + + wvalue = p_str[0][(index - 1) / 8]; + wvalue = (wvalue >> ((index - 1) % 8)) & mask; + + ecp_nistz256_select_w5(r, table[0], _booth_recode_w5(wvalue) >> 1); + + while (index >= 5) { + for (i = (index == 255 ? 1 : 0); i < num; i++) { + unsigned int off = (index - 1) / 8; + + wvalue = p_str[i][off] | p_str[i][off + 1] << 8; + wvalue = (wvalue >> ((index - 1) % 8)) & mask; + + wvalue = _booth_recode_w5(wvalue); + + ecp_nistz256_select_w5(&h, table[i], wvalue >> 1); + + ecp_nistz256_neg(tmp, h.Y); + copy_conditional(h.Y, tmp, (wvalue & 1)); + + ecp_nistz256_point_add(r, r, &h); + } + + index -= window_size; + + ecp_nistz256_point_double(r, r); + ecp_nistz256_point_double(r, r); + ecp_nistz256_point_double(r, r); + ecp_nistz256_point_double(r, r); + ecp_nistz256_point_double(r, r); + } + + /* Final window */ + for (i = 0; i < num; i++) { + wvalue = p_str[i][0]; + wvalue = (wvalue << 1) & mask; + + wvalue = _booth_recode_w5(wvalue); + + ecp_nistz256_select_w5(&h, table[i], wvalue >> 1); + + ecp_nistz256_neg(tmp, h.Y); + copy_conditional(h.Y, tmp, wvalue & 1); + + ecp_nistz256_point_add(r, r, &h); + } + + ret = 1; + err: + free(table); + free(p_str); + free(scalars); + return ret; +} + +/* Coordinates of G, for which we have precomputed tables */ +const static BN_ULONG def_xG[P256_LIMBS] = { + TOBN(0x79e730d4, 0x18a9143c), TOBN(0x75ba95fc, 0x5fedb601), + TOBN(0x79fb732b, 0x77622510), TOBN(0x18905f76, 0xa53755c6) +}; + +const static BN_ULONG def_yG[P256_LIMBS] = { + TOBN(0xddf25357, 0xce95560a), TOBN(0x8b4ab8e4, 0xba19e45c), + TOBN(0xd2e88688, 0xdd21f325), TOBN(0x8571ff18, 0x25885d85) +}; + +/* + * ecp_nistz256_is_affine_G returns one if |generator| is the standard, P-256 + * generator. + */ +static int +ecp_nistz256_is_affine_G(const EC_POINT *generator) +{ + return generator->X.top == P256_LIMBS && + generator->Y.top == P256_LIMBS && + is_equal(generator->X.d, def_xG) && + is_equal(generator->Y.d, def_yG) && + is_one(&generator->Z); +} + +static int +ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx) +{ + /* + * We precompute a table for a Booth encoded exponent (wNAF) based + * computation. Each table holds 64 values for safe access, with an + * implicit value of infinity at index zero. We use a window of size 7, + * and therefore require ceil(256/7) = 37 tables. + */ + EC_POINT *P = NULL, *T = NULL; + BN_CTX *new_ctx = NULL; + const EC_POINT *generator; + EC_PRE_COMP *ec_pre_comp; + BIGNUM *order; + int ret = 0; + unsigned int i, j, k; + PRECOMP256_ROW *precomp = NULL; + + /* if there is an old EC_PRE_COMP object, throw it away */ + EC_EX_DATA_free_data(&group->extra_data, ecp_nistz256_pre_comp_dup, + ecp_nistz256_pre_comp_free, ecp_nistz256_pre_comp_clear_free); + + generator = EC_GROUP_get0_generator(group); + if (generator == NULL) { + ECerror(EC_R_UNDEFINED_GENERATOR); + return 0; + } + + if (ecp_nistz256_is_affine_G(generator)) { + /* + * No need to calculate tables for the standard generator + * because we have them statically. + */ + return 1; + } + + if ((ec_pre_comp = ecp_nistz256_pre_comp_new(group)) == NULL) + return 0; + + if (ctx == NULL) { + ctx = new_ctx = BN_CTX_new(); + if (ctx == NULL) + goto err; + } + + BN_CTX_start(ctx); + order = BN_CTX_get(ctx); + + if (order == NULL) + goto err; + + if (!EC_GROUP_get_order(group, order, ctx)) + goto err; + + if (BN_is_zero(order)) { + ECerror(EC_R_UNKNOWN_ORDER); + goto err; + } + + if (posix_memalign((void **)&precomp, 64, 37 * sizeof(*precomp)) != 0) { + ECerror(ERR_R_MALLOC_FAILURE); + goto err; + } + + P = EC_POINT_new(group); + T = EC_POINT_new(group); + if (P == NULL || T == NULL) + goto err; + + /* + * The zero entry is implicitly infinity, and we skip it, storing other + * values with -1 offset. + */ + if (!EC_POINT_copy(T, generator)) + goto err; + + for (k = 0; k < 64; k++) { + if (!EC_POINT_copy(P, T)) + goto err; + for (j = 0; j < 37; j++) { + /* + * It would be faster to use EC_POINTs_make_affine and + * make multiple points affine at the same time. + */ + if (!EC_POINT_make_affine(group, P, ctx)) + goto err; + if (!ecp_nistz256_bignum_to_field_elem( + precomp[j][k].X, &P->X) || + !ecp_nistz256_bignum_to_field_elem( + precomp[j][k].Y, &P->Y)) { + ECerror(EC_R_COORDINATES_OUT_OF_RANGE); + goto err; + } + for (i = 0; i < 7; i++) { + if (!EC_POINT_dbl(group, P, P, ctx)) + goto err; + } + } + if (!EC_POINT_add(group, T, T, generator, ctx)) + goto err; + } + + ec_pre_comp->group = group; + ec_pre_comp->w = 7; + ec_pre_comp->precomp = precomp; + + if (!EC_EX_DATA_set_data(&group->extra_data, ec_pre_comp, + ecp_nistz256_pre_comp_dup, ecp_nistz256_pre_comp_free, + ecp_nistz256_pre_comp_clear_free)) { + goto err; + } + + ec_pre_comp = NULL; + ret = 1; + + err: + if (ctx != NULL) + BN_CTX_end(ctx); + BN_CTX_free(new_ctx); + + ecp_nistz256_pre_comp_free(ec_pre_comp); + free(precomp); + EC_POINT_free(P); + EC_POINT_free(T); + return ret; +} + +static int +ecp_nistz256_set_from_affine(EC_POINT *out, const EC_GROUP *group, + const P256_POINT_AFFINE *in, BN_CTX *ctx) +{ + BIGNUM x, y; + BN_ULONG d_x[P256_LIMBS], d_y[P256_LIMBS]; + int ret = 0; + + memcpy(d_x, in->X, sizeof(d_x)); + x.d = d_x; + x.dmax = x.top = P256_LIMBS; + x.neg = 0; + x.flags = BN_FLG_STATIC_DATA; + + memcpy(d_y, in->Y, sizeof(d_y)); + y.d = d_y; + y.dmax = y.top = P256_LIMBS; + y.neg = 0; + y.flags = BN_FLG_STATIC_DATA; + + ret = EC_POINT_set_affine_coordinates_GFp(group, out, &x, &y, ctx); + + return ret; +} + +/* r = scalar*G + sum(scalars[i]*points[i]) */ +static int +ecp_nistz256_points_mul(const EC_GROUP *group, EC_POINT *r, + const BIGNUM *scalar, size_t num, const EC_POINT *points[], + const BIGNUM *scalars[], BN_CTX *ctx) +{ + int ret = 0, no_precomp_for_generator = 0, p_is_infinity = 0; + size_t j; + unsigned char p_str[33] = { 0 }; + const PRECOMP256_ROW *precomp = NULL; + const EC_PRE_COMP *ec_pre_comp = NULL; + const EC_POINT *generator = NULL; + unsigned int i = 0, index = 0; + BN_CTX *new_ctx = NULL; + const BIGNUM **new_scalars = NULL; + const EC_POINT **new_points = NULL; + const unsigned int window_size = 7; + const unsigned int mask = (1 << (window_size + 1)) - 1; + unsigned int wvalue; + /* avoid warning about ignored alignment for stack variable */ +#if defined(__GNUC__) && !defined(__OpenBSD__) + ALIGN32 +#endif + union { + P256_POINT p; + P256_POINT_AFFINE a; + } t, p; + BIGNUM *tmp_scalar; + + if (group->meth != r->meth) { + ECerror(EC_R_INCOMPATIBLE_OBJECTS); + return 0; + } + + if (scalar == NULL && num == 0) + return EC_POINT_set_to_infinity(group, r); + + for (j = 0; j < num; j++) { + if (group->meth != points[j]->meth) { + ECerror(EC_R_INCOMPATIBLE_OBJECTS); + return 0; + } + } + + if (ctx == NULL) { + ctx = new_ctx = BN_CTX_new(); + if (ctx == NULL) + goto err; + } + + BN_CTX_start(ctx); + + if (scalar) { + generator = EC_GROUP_get0_generator(group); + if (generator == NULL) { + ECerror(EC_R_UNDEFINED_GENERATOR); + goto err; + } + + /* look if we can use precomputed multiples of generator */ + ec_pre_comp = EC_EX_DATA_get_data(group->extra_data, + ecp_nistz256_pre_comp_dup, ecp_nistz256_pre_comp_free, + ecp_nistz256_pre_comp_clear_free); + if (ec_pre_comp != NULL) { + /* + * If there is a precomputed table for the generator, + * check that it was generated with the same generator. + */ + EC_POINT *pre_comp_generator = EC_POINT_new(group); + if (pre_comp_generator == NULL) + goto err; + + if (!ecp_nistz256_set_from_affine(pre_comp_generator, + group, ec_pre_comp->precomp[0], ctx)) { + EC_POINT_free(pre_comp_generator); + goto err; + } + + if (0 == EC_POINT_cmp(group, generator, + pre_comp_generator, ctx)) + precomp = (const PRECOMP256_ROW *) + ec_pre_comp->precomp; + + EC_POINT_free(pre_comp_generator); + } + + if (precomp == NULL && ecp_nistz256_is_affine_G(generator)) { + /* + * If there is no precomputed data, but the generator + * is the default, a hardcoded table of precomputed + * data is used. This is because applications, such as + * Apache, do not use EC_KEY_precompute_mult. + */ + precomp = + (const PRECOMP256_ROW *)ecp_nistz256_precomputed; + } + + if (precomp) { + if (BN_num_bits(scalar) > 256 || + BN_is_negative(scalar)) { + if ((tmp_scalar = BN_CTX_get(ctx)) == NULL) + goto err; + + if (!BN_nnmod(tmp_scalar, scalar, &group->order, + ctx)) { + ECerror(ERR_R_BN_LIB); + goto err; + } + scalar = tmp_scalar; + } + + for (i = 0; i < scalar->top * BN_BYTES; i += BN_BYTES) { + BN_ULONG d = scalar->d[i / BN_BYTES]; + + p_str[i + 0] = d & 0xff; + p_str[i + 1] = (d >> 8) & 0xff; + p_str[i + 2] = (d >> 16) & 0xff; + p_str[i + 3] = (d >> 24) & 0xff; + if (BN_BYTES == 8) { + d >>= 32; + p_str[i + 4] = d & 0xff; + p_str[i + 5] = (d >> 8) & 0xff; + p_str[i + 6] = (d >> 16) & 0xff; + p_str[i + 7] = (d >> 24) & 0xff; + } + } + + for (; i < 33; i++) + p_str[i] = 0; + + /* First window */ + wvalue = (p_str[0] << 1) & mask; + index += window_size; + + wvalue = _booth_recode_w7(wvalue); + + ecp_nistz256_select_w7(&p.a, precomp[0], wvalue >> 1); + + ecp_nistz256_neg(p.p.Z, p.p.Y); + copy_conditional(p.p.Y, p.p.Z, wvalue & 1); + + /* + * Since affine infinity is encoded as (0,0) and + * Jacobian is (,,0), we need to harmonize them + * by assigning "one" or zero to Z. + */ + BN_ULONG infty; + infty = (p.p.X[0] | p.p.X[1] | p.p.X[2] | p.p.X[3] | + p.p.Y[0] | p.p.Y[1] | p.p.Y[2] | p.p.Y[3]); + if (P256_LIMBS == 8) + infty |= + (p.p.X[4] | p.p.X[5] | p.p.X[6] | p.p.X[7] | + p.p.Y[4] | p.p.Y[5] | p.p.Y[6] | p.p.Y[7]); + + infty = 0 - is_zero(infty); + infty = ~infty; + + p.p.Z[0] = ONE[0] & infty; + p.p.Z[1] = ONE[1] & infty; + p.p.Z[2] = ONE[2] & infty; + p.p.Z[3] = ONE[3] & infty; + if (P256_LIMBS == 8) { + p.p.Z[4] = ONE[4] & infty; + p.p.Z[5] = ONE[5] & infty; + p.p.Z[6] = ONE[6] & infty; + p.p.Z[7] = ONE[7] & infty; + } + + for (i = 1; i < 37; i++) { + unsigned int off = (index - 1) / 8; + wvalue = p_str[off] | p_str[off + 1] << 8; + wvalue = (wvalue >> ((index - 1) % 8)) & mask; + index += window_size; + + wvalue = _booth_recode_w7(wvalue); + + ecp_nistz256_select_w7(&t.a, precomp[i], + wvalue >> 1); + + ecp_nistz256_neg(t.p.Z, t.a.Y); + copy_conditional(t.a.Y, t.p.Z, wvalue & 1); + + ecp_nistz256_point_add_affine(&p.p, &p.p, &t.a); + } + } else { + p_is_infinity = 1; + no_precomp_for_generator = 1; + } + } else + p_is_infinity = 1; + + if (no_precomp_for_generator) { + /* + * Without a precomputed table for the generator, it has to be + * handled like a normal point. + */ + new_scalars = reallocarray(NULL, num + 1, sizeof(BIGNUM *)); + new_points = reallocarray(NULL, num + 1, sizeof(EC_POINT *)); + if (new_scalars == NULL || new_points == NULL) { + ECerror(ERR_R_MALLOC_FAILURE); + goto err; + } + + memcpy(new_scalars, scalars, num * sizeof(BIGNUM *)); + new_scalars[num] = scalar; + memcpy(new_points, points, num * sizeof(EC_POINT *)); + new_points[num] = generator; + + scalars = new_scalars; + points = new_points; + num++; + } + + if (num != 0) { + P256_POINT *out = &t.p; + if (p_is_infinity) + out = &p.p; + + if (!ecp_nistz256_windowed_mul(group, out, scalars, points, num, + ctx)) + goto err; + + if (!p_is_infinity) + ecp_nistz256_point_add(&p.p, &p.p, out); + } + + /* Not constant-time, but we're only operating on the public output. */ + if (!ecp_nistz256_set_words(&r->X, p.p.X) || + !ecp_nistz256_set_words(&r->Y, p.p.Y) || + !ecp_nistz256_set_words(&r->Z, p.p.Z)) { + goto err; + } + r->Z_is_one = is_one(&r->Z) & 1; + + ret = 1; + + err: + if (ctx) + BN_CTX_end(ctx); + BN_CTX_free(new_ctx); + free(new_points); + free(new_scalars); + return ret; +} + +static int +ecp_nistz256_get_affine(const EC_GROUP *group, const EC_POINT *point, + BIGNUM *x, BIGNUM *y, BN_CTX *ctx) +{ + BN_ULONG z_inv2[P256_LIMBS]; + BN_ULONG z_inv3[P256_LIMBS]; + BN_ULONG point_x[P256_LIMBS], point_y[P256_LIMBS], point_z[P256_LIMBS]; + + if (EC_POINT_is_at_infinity(group, point)) { + ECerror(EC_R_POINT_AT_INFINITY); + return 0; + } + + if (!ecp_nistz256_bignum_to_field_elem(point_x, &point->X) || + !ecp_nistz256_bignum_to_field_elem(point_y, &point->Y) || + !ecp_nistz256_bignum_to_field_elem(point_z, &point->Z)) { + ECerror(EC_R_COORDINATES_OUT_OF_RANGE); + return 0; + } + + ecp_nistz256_mod_inverse(z_inv3, point_z); + ecp_nistz256_sqr_mont(z_inv2, z_inv3); + + /* + * Unlike the |BN_mod_mul_montgomery|-based implementation, we cannot + * factor out the two calls to |ecp_nistz256_from_mont| into one call, + * because |ecp_nistz256_from_mont| must be the last operation to + * ensure that the result is fully reduced mod P. + */ + if (x != NULL) { + BN_ULONG x_aff[P256_LIMBS]; + BN_ULONG x_ret[P256_LIMBS]; + + ecp_nistz256_mul_mont(x_aff, z_inv2, point_x); + ecp_nistz256_from_mont(x_ret, x_aff); + if (!ecp_nistz256_set_words(x, x_ret)) + return 0; + } + + if (y != NULL) { + BN_ULONG y_aff[P256_LIMBS]; + BN_ULONG y_ret[P256_LIMBS]; + + ecp_nistz256_mul_mont(z_inv3, z_inv3, z_inv2); + ecp_nistz256_mul_mont(y_aff, z_inv3, point_y); + ecp_nistz256_from_mont(y_ret, y_aff); + if (!ecp_nistz256_set_words(y, y_ret)) + return 0; + } + + return 1; +} + +static EC_PRE_COMP * +ecp_nistz256_pre_comp_new(const EC_GROUP *group) +{ + EC_PRE_COMP *ret; + + if (group == NULL) + return NULL; + + ret = (EC_PRE_COMP *)malloc(sizeof(EC_PRE_COMP)); + if (ret == NULL) { + ECerror(ERR_R_MALLOC_FAILURE); + return ret; + } + + ret->group = group; + ret->w = 6; /* default */ + ret->precomp = NULL; + ret->references = 1; + return ret; +} + +static void * +ecp_nistz256_pre_comp_dup(void *src_) +{ + EC_PRE_COMP *src = src_; + + /* no need to actually copy, these objects never change! */ + CRYPTO_add(&src->references, 1, CRYPTO_LOCK_EC_PRE_COMP); + + return src_; +} + +static void +ecp_nistz256_pre_comp_free(void *pre_) +{ + int i; + EC_PRE_COMP *pre = pre_; + + if (pre == NULL) + return; + + i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP); + if (i > 0) + return; + + free(pre->precomp); + free(pre); +} + +static void +ecp_nistz256_pre_comp_clear_free(void *pre_) +{ + int i; + EC_PRE_COMP *pre = pre_; + + if (pre == NULL) + return; + + i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP); + if (i > 0) + return; + + if (pre->precomp != NULL) { + /* + * LSSL XXX + * The original OpenSSL code uses an obfuscated + * computation which is intended to be + * 37 * (1 << pre->w) * sizeof(P256_POINT_AFFINE) + * here, but the only place where we allocate this uses + * PRECOMP256_ROW (i.e. 64 P256_POINT_AFFINE) but sets w == 7. + */ + freezero(pre->precomp, 37 * sizeof(PRECOMP256_ROW)); + } + freezero(pre, sizeof *pre); +} + +static int +ecp_nistz256_window_have_precompute_mult(const EC_GROUP *group) +{ + /* There is a hard-coded table for the default generator. */ + const EC_POINT *generator = EC_GROUP_get0_generator(group); + if (generator != NULL && ecp_nistz256_is_affine_G(generator)) { + /* There is a hard-coded table for the default generator. */ + return 1; + } + + return + EC_EX_DATA_get_data(group->extra_data, ecp_nistz256_pre_comp_dup, + ecp_nistz256_pre_comp_free, ecp_nistz256_pre_comp_clear_free) != + NULL; +} + +const EC_METHOD * +EC_GFp_nistz256_method(void) +{ + static const EC_METHOD ret = { + .flags = EC_FLAGS_DEFAULT_OCT, + .field_type = NID_X9_62_prime_field, + .group_init = ec_GFp_mont_group_init, + .group_finish = ec_GFp_mont_group_finish, + .group_clear_finish = ec_GFp_mont_group_clear_finish, + .group_copy = ec_GFp_mont_group_copy, + .group_set_curve = ec_GFp_mont_group_set_curve, + .group_get_curve = ec_GFp_simple_group_get_curve, + .group_get_degree = ec_GFp_simple_group_get_degree, + .group_check_discriminant = + ec_GFp_simple_group_check_discriminant, + .point_init = ec_GFp_simple_point_init, + .point_finish = ec_GFp_simple_point_finish, + .point_clear_finish = ec_GFp_simple_point_clear_finish, + .point_copy = ec_GFp_simple_point_copy, + .point_set_to_infinity = ec_GFp_simple_point_set_to_infinity, + .point_set_Jprojective_coordinates_GFp = + ec_GFp_simple_set_Jprojective_coordinates_GFp, + .point_get_Jprojective_coordinates_GFp = + ec_GFp_simple_get_Jprojective_coordinates_GFp, + .point_set_affine_coordinates = + ec_GFp_simple_point_set_affine_coordinates, + .point_get_affine_coordinates = ecp_nistz256_get_affine, + .add = ec_GFp_simple_add, + .dbl = ec_GFp_simple_dbl, + .invert = ec_GFp_simple_invert, + .is_at_infinity = ec_GFp_simple_is_at_infinity, + .is_on_curve = ec_GFp_simple_is_on_curve, + .point_cmp = ec_GFp_simple_cmp, + .make_affine = ec_GFp_simple_make_affine, + .points_make_affine = ec_GFp_simple_points_make_affine, + .mul = ecp_nistz256_points_mul, + .precompute_mult = ecp_nistz256_mult_precompute, + .have_precompute_mult = + ecp_nistz256_window_have_precompute_mult, + .field_mul = ec_GFp_mont_field_mul, + .field_sqr = ec_GFp_mont_field_sqr, + .field_encode = ec_GFp_mont_field_encode, + .field_decode = ec_GFp_mont_field_decode, + .field_set_to_one = ec_GFp_mont_field_set_to_one, + .blind_coordinates = NULL, + }; + + return &ret; +} diff --git a/src/lib/libcrypto/ec/ecp_nistz256_table.h b/src/lib/libcrypto/ec/ecp_nistz256_table.h new file mode 100644 index 00000000000..6aa74edf355 --- /dev/null +++ b/src/lib/libcrypto/ec/ecp_nistz256_table.h @@ -0,0 +1,9557 @@ +/* $OpenBSD: ecp_nistz256_table.h,v 1.2 2016/12/21 15:49:29 jsing Exp $ */ +/* Copyright (c) 2015, Intel Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +/* This is the precomputed constant time access table for the code in + * ecp_nistz256.c, for the default generator. The table consists of 37 + * subtables, each subtable contains 64 affine points. The affine points are + * encoded as eight uint64's, four for the x coordinate and four for the y. + * Both values are in little-endian order. There are 37 tables because a + * signed, 6-bit wNAF form of the scalar is used and ceil(256/(6 + 1)) = 37. + * Within each table there are 64 values because the 6-bit wNAF value can take + * 64 values, ignoring the sign bit, which is implemented by performing a + * negation of the affine point when required. We would like to align it to 2MB + * in order to increase the chances of using a large page but that appears to + * lead to invalid ELF files being produced. */ + +__BEGIN_HIDDEN_DECLS + +#if defined(__GNUC__) +__attribute((aligned(4096))) +#elif defined(_MSC_VER) +__declspec(align(4096)) +#elif defined(__SUNPRO_C) +# pragma align 4096(ecp_nistz256_precomputed) +#endif +static const BN_ULONG +ecp_nistz256_precomputed + [37][64 * sizeof(P256_POINT_AFFINE) / sizeof(BN_ULONG)] = +{ + {TOBN(0x79e730d4, 0x18a9143c), TOBN(0x75ba95fc, 0x5fedb601), + TOBN(0x79fb732b, 0x77622510), TOBN(0x18905f76, 0xa53755c6), + TOBN(0xddf25357, 0xce95560a), TOBN(0x8b4ab8e4, 0xba19e45c), + TOBN(0xd2e88688, 0xdd21f325), TOBN(0x8571ff18, 0x25885d85), + TOBN(0x850046d4, 0x10ddd64d), TOBN(0xaa6ae3c1, 0xa433827d), + TOBN(0x73220503, 0x8d1490d9), TOBN(0xf6bb32e4, 0x3dcf3a3b), + TOBN(0x2f3648d3, 0x61bee1a5), TOBN(0x152cd7cb, 0xeb236ff8), + TOBN(0x19a8fb0e, 0x92042dbe), TOBN(0x78c57751, 0x0a5b8a3b), + TOBN(0xffac3f90, 0x4eebc127), TOBN(0xb027f84a, 0x087d81fb), + TOBN(0x66ad77dd, 0x87cbbc98), TOBN(0x26936a3f, 0xb6ff747e), + TOBN(0xb04c5c1f, 0xc983a7eb), TOBN(0x583e47ad, 0x0861fe1a), + TOBN(0x78820831, 0x1a2ee98e), TOBN(0xd5f06a29, 0xe587cc07), + TOBN(0x74b0b50d, 0x46918dcc), TOBN(0x4650a6ed, 0xc623c173), + TOBN(0x0cdaacac, 0xe8100af2), TOBN(0x577362f5, 0x41b0176b), + TOBN(0x2d96f24c, 0xe4cbaba6), TOBN(0x17628471, 0xfad6f447), + TOBN(0x6b6c36de, 0xe5ddd22e), TOBN(0x84b14c39, 0x4c5ab863), + TOBN(0xbe1b8aae, 0xc45c61f5), TOBN(0x90ec649a, 0x94b9537d), + TOBN(0x941cb5aa, 0xd076c20c), TOBN(0xc9079605, 0x890523c8), + TOBN(0xeb309b4a, 0xe7ba4f10), TOBN(0x73c568ef, 0xe5eb882b), + TOBN(0x3540a987, 0x7e7a1f68), TOBN(0x73a076bb, 0x2dd1e916), + TOBN(0x40394737, 0x3e77664a), TOBN(0x55ae744f, 0x346cee3e), + TOBN(0xd50a961a, 0x5b17a3ad), TOBN(0x13074b59, 0x54213673), + TOBN(0x93d36220, 0xd377e44b), TOBN(0x299c2b53, 0xadff14b5), + TOBN(0xf424d44c, 0xef639f11), TOBN(0xa4c9916d, 0x4a07f75f), + TOBN(0x0746354e, 0xa0173b4f), TOBN(0x2bd20213, 0xd23c00f7), + TOBN(0xf43eaab5, 0x0c23bb08), TOBN(0x13ba5119, 0xc3123e03), + TOBN(0x2847d030, 0x3f5b9d4d), TOBN(0x6742f2f2, 0x5da67bdd), + TOBN(0xef933bdc, 0x77c94195), TOBN(0xeaedd915, 0x6e240867), + TOBN(0x27f14cd1, 0x9499a78f), TOBN(0x462ab5c5, 0x6f9b3455), + TOBN(0x8f90f02a, 0xf02cfc6b), TOBN(0xb763891e, 0xb265230d), + TOBN(0xf59da3a9, 0x532d4977), TOBN(0x21e3327d, 0xcf9eba15), + TOBN(0x123c7b84, 0xbe60bbf0), TOBN(0x56ec12f2, 0x7706df76), + TOBN(0x75c96e8f, 0x264e20e8), TOBN(0xabe6bfed, 0x59a7a841), + TOBN(0x2cc09c04, 0x44c8eb00), TOBN(0xe05b3080, 0xf0c4e16b), + TOBN(0x1eb7777a, 0xa45f3314), TOBN(0x56af7bed, 0xce5d45e3), + TOBN(0x2b6e019a, 0x88b12f1a), TOBN(0x086659cd, 0xfd835f9b), + TOBN(0x2c18dbd1, 0x9dc21ec8), TOBN(0x98f9868a, 0x0fcf8139), + TOBN(0x737d2cd6, 0x48250b49), TOBN(0xcc61c947, 0x24b3428f), + TOBN(0x0c2b4078, 0x80dd9e76), TOBN(0xc43a8991, 0x383fbe08), + TOBN(0x5f7d2d65, 0x779be5d2), TOBN(0x78719a54, 0xeb3b4ab5), + TOBN(0xea7d260a, 0x6245e404), TOBN(0x9de40795, 0x6e7fdfe0), + TOBN(0x1ff3a415, 0x8dac1ab5), TOBN(0x3e7090f1, 0x649c9073), + TOBN(0x1a768561, 0x2b944e88), TOBN(0x250f939e, 0xe57f61c8), + TOBN(0x0c0daa89, 0x1ead643d), TOBN(0x68930023, 0xe125b88e), + TOBN(0x04b71aa7, 0xd2697768), TOBN(0xabdedef5, 0xca345a33), + TOBN(0x2409d29d, 0xee37385e), TOBN(0x4ee1df77, 0xcb83e156), + TOBN(0x0cac12d9, 0x1cbb5b43), TOBN(0x170ed2f6, 0xca895637), + TOBN(0x28228cfa, 0x8ade6d66), TOBN(0x7ff57c95, 0x53238aca), + TOBN(0xccc42563, 0x4b2ed709), TOBN(0x0e356769, 0x856fd30d), + TOBN(0xbcbcd43f, 0x559e9811), TOBN(0x738477ac, 0x5395b759), + TOBN(0x35752b90, 0xc00ee17f), TOBN(0x68748390, 0x742ed2e3), + TOBN(0x7cd06422, 0xbd1f5bc1), TOBN(0xfbc08769, 0xc9e7b797), + TOBN(0xa242a35b, 0xb0cf664a), TOBN(0x126e48f7, 0x7f9707e3), + TOBN(0x1717bf54, 0xc6832660), TOBN(0xfaae7332, 0xfd12c72e), + TOBN(0x27b52db7, 0x995d586b), TOBN(0xbe29569e, 0x832237c2), + TOBN(0xe8e4193e, 0x2a65e7db), TOBN(0x152706dc, 0x2eaa1bbb), + TOBN(0x72bcd8b7, 0xbc60055b), TOBN(0x03cc23ee, 0x56e27e4b), + TOBN(0xee337424, 0xe4819370), TOBN(0xe2aa0e43, 0x0ad3da09), + TOBN(0x40b8524f, 0x6383c45d), TOBN(0xd7663554, 0x42a41b25), + TOBN(0x64efa6de, 0x778a4797), TOBN(0x2042170a, 0x7079adf4), + TOBN(0x808b0b65, 0x0bc6fb80), TOBN(0x5882e075, 0x3ffe2e6b), + TOBN(0xd5ef2f7c, 0x2c83f549), TOBN(0x54d63c80, 0x9103b723), + TOBN(0xf2f11bd6, 0x52a23f9b), TOBN(0x3670c319, 0x4b0b6587), + TOBN(0x55c4623b, 0xb1580e9e), TOBN(0x64edf7b2, 0x01efe220), + TOBN(0x97091dcb, 0xd53c5c9d), TOBN(0xf17624b6, 0xac0a177b), + TOBN(0xb0f13975, 0x2cfe2dff), TOBN(0xc1a35c0a, 0x6c7a574e), + TOBN(0x227d3146, 0x93e79987), TOBN(0x0575bf30, 0xe89cb80e), + TOBN(0x2f4e247f, 0x0d1883bb), TOBN(0xebd51226, 0x3274c3d0), + TOBN(0x5f3e51c8, 0x56ada97a), TOBN(0x4afc964d, 0x8f8b403e), + TOBN(0xa6f247ab, 0x412e2979), TOBN(0x675abd1b, 0x6f80ebda), + TOBN(0x66a2bd72, 0x5e485a1d), TOBN(0x4b2a5caf, 0x8f4f0b3c), + TOBN(0x2626927f, 0x1b847bba), TOBN(0x6c6fc7d9, 0x0502394d), + TOBN(0xfea912ba, 0xa5659ae8), TOBN(0x68363aba, 0x25e1a16e), + TOBN(0xb8842277, 0x752c41ac), TOBN(0xfe545c28, 0x2897c3fc), + TOBN(0x2d36e9e7, 0xdc4c696b), TOBN(0x5806244a, 0xfba977c5), + TOBN(0x85665e9b, 0xe39508c1), TOBN(0xf720ee25, 0x6d12597b), + TOBN(0x8a979129, 0xd2337a31), TOBN(0x5916868f, 0x0f862bdc), + TOBN(0x048099d9, 0x5dd283ba), TOBN(0xe2d1eeb6, 0xfe5bfb4e), + TOBN(0x82ef1c41, 0x7884005d), TOBN(0xa2d4ec17, 0xffffcbae), + TOBN(0x9161c53f, 0x8aa95e66), TOBN(0x5ee104e1, 0xc5fee0d0), + TOBN(0x562e4cec, 0xc135b208), TOBN(0x74e1b265, 0x4783f47d), + TOBN(0x6d2a506c, 0x5a3f3b30), TOBN(0xecead9f4, 0xc16762fc), + TOBN(0xf29dd4b2, 0xe286e5b9), TOBN(0x1b0fadc0, 0x83bb3c61), + TOBN(0x7a75023e, 0x7fac29a4), TOBN(0xc086d5f1, 0xc9477fa3), + TOBN(0x0fc61135, 0x2f6f3076), TOBN(0xc99ffa23, 0xe3912a9a), + TOBN(0x6a0b0685, 0xd2f8ba3d), TOBN(0xfdc777e8, 0xe93358a4), + TOBN(0x94a787bb, 0x35415f04), TOBN(0x640c2d6a, 0x4d23fea4), + TOBN(0x9de917da, 0x153a35b5), TOBN(0x793e8d07, 0x5d5cd074), + TOBN(0xf4f87653, 0x2de45068), TOBN(0x37c7a7e8, 0x9e2e1f6e), + TOBN(0xd0825fa2, 0xa3584069), TOBN(0xaf2cea7c, 0x1727bf42), + TOBN(0x0360a4fb, 0x9e4785a9), TOBN(0xe5fda49c, 0x27299f4a), + TOBN(0x48068e13, 0x71ac2f71), TOBN(0x83d0687b, 0x9077666f), + TOBN(0x6d3883b2, 0x15d02819), TOBN(0x6d0d7550, 0x40dd9a35), + TOBN(0x61d7cbf9, 0x1d2b469f), TOBN(0xf97b232f, 0x2efc3115), + TOBN(0xa551d750, 0xb24bcbc7), TOBN(0x11ea4949, 0x88a1e356), + TOBN(0x7669f031, 0x93cb7501), TOBN(0x595dc55e, 0xca737b8a), + TOBN(0xa4a319ac, 0xd837879f), TOBN(0x6fc1b49e, 0xed6b67b0), + TOBN(0xe3959933, 0x32f1f3af), TOBN(0x966742eb, 0x65432a2e), + TOBN(0x4b8dc9fe, 0xb4966228), TOBN(0x96cc6312, 0x43f43950), + TOBN(0x12068859, 0xc9b731ee), TOBN(0x7b948dc3, 0x56f79968), + TOBN(0x61e4ad32, 0xed1f8008), TOBN(0xe6c9267a, 0xd8b17538), + TOBN(0x1ac7c5eb, 0x857ff6fb), TOBN(0x994baaa8, 0x55f2fb10), + TOBN(0x84cf14e1, 0x1d248018), TOBN(0x5a39898b, 0x628ac508), + TOBN(0x14fde97b, 0x5fa944f5), TOBN(0xed178030, 0xd12e5ac7), + TOBN(0x042c2af4, 0x97e2feb4), TOBN(0xd36a42d7, 0xaebf7313), + TOBN(0x49d2c9eb, 0x084ffdd7), TOBN(0x9f8aa54b, 0x2ef7c76a), + TOBN(0x9200b7ba, 0x09895e70), TOBN(0x3bd0c66f, 0xddb7fb58), + TOBN(0x2d97d108, 0x78eb4cbb), TOBN(0x2d431068, 0xd84bde31), + TOBN(0x4b523eb7, 0x172ccd1f), TOBN(0x7323cb28, 0x30a6a892), + TOBN(0x97082ec0, 0xcfe153eb), TOBN(0xe97f6b6a, 0xf2aadb97), + TOBN(0x1d3d393e, 0xd1a83da1), TOBN(0xa6a7f9c7, 0x804b2a68), + TOBN(0x4a688b48, 0x2d0cb71e), TOBN(0xa9b4cc5f, 0x40585278), + TOBN(0x5e5db46a, 0xcb66e132), TOBN(0xf1be963a, 0x0d925880), + TOBN(0x944a7027, 0x0317b9e2), TOBN(0xe266f959, 0x48603d48), + TOBN(0x98db6673, 0x5c208899), TOBN(0x90472447, 0xa2fb18a3), + TOBN(0x8a966939, 0x777c619f), TOBN(0x3798142a, 0x2a3be21b), + TOBN(0xb4241cb1, 0x3298b343), TOBN(0xa3a14e49, 0xb44f65a1), + TOBN(0xc5f4d6cd, 0x3ac77acd), TOBN(0xd0288cb5, 0x52b6fc3c), + TOBN(0xd5cc8c2f, 0x1c040abc), TOBN(0xb675511e, 0x06bf9b4a), + TOBN(0xd667da37, 0x9b3aa441), TOBN(0x460d45ce, 0x51601f72), + TOBN(0xe2f73c69, 0x6755ff89), TOBN(0xdd3cf7e7, 0x473017e6), + TOBN(0x8ef5689d, 0x3cf7600d), TOBN(0x948dc4f8, 0xb1fc87b4), + TOBN(0xd9e9fe81, 0x4ea53299), TOBN(0x2d921ca2, 0x98eb6028), + TOBN(0xfaecedfd, 0x0c9803fc), TOBN(0xf38ae891, 0x4d7b4745), + TOBN(0xd8c5fccf, 0xc5e3a3d8), TOBN(0xbefd904c, 0x4079dfbf), + TOBN(0xbc6d6a58, 0xfead0197), TOBN(0x39227077, 0x695532a4), + TOBN(0x09e23e6d, 0xdbef42f5), TOBN(0x7e449b64, 0x480a9908), + TOBN(0x7b969c1a, 0xad9a2e40), TOBN(0x6231d792, 0x9591c2a4), + TOBN(0x87151456, 0x0f664534), TOBN(0x85ceae7c, 0x4b68f103), + TOBN(0xac09c4ae, 0x65578ab9), TOBN(0x33ec6868, 0xf044b10c), + TOBN(0x6ac4832b, 0x3a8ec1f1), TOBN(0x5509d128, 0x5847d5ef), + TOBN(0xf909604f, 0x763f1574), TOBN(0xb16c4303, 0xc32f63c4), + TOBN(0xb6ab2014, 0x7ca23cd3), TOBN(0xcaa7a5c6, 0xa391849d), + TOBN(0x5b0673a3, 0x75678d94), TOBN(0xc982ddd4, 0xdd303e64), + TOBN(0xfd7b000b, 0x5db6f971), TOBN(0xbba2cb1f, 0x6f876f92), + TOBN(0xc77332a3, 0x3c569426), TOBN(0xa159100c, 0x570d74f8), + TOBN(0xfd16847f, 0xdec67ef5), TOBN(0x742ee464, 0x233e76b7), + TOBN(0x0b8e4134, 0xefc2b4c8), TOBN(0xca640b86, 0x42a3e521), + TOBN(0x653a0190, 0x8ceb6aa9), TOBN(0x313c300c, 0x547852d5), + TOBN(0x24e4ab12, 0x6b237af7), TOBN(0x2ba90162, 0x8bb47af8), + TOBN(0x3d5e58d6, 0xa8219bb7), TOBN(0xc691d0bd, 0x1b06c57f), + TOBN(0x0ae4cb10, 0xd257576e), TOBN(0x3569656c, 0xd54a3dc3), + TOBN(0xe5ebaebd, 0x94cda03a), TOBN(0x934e82d3, 0x162bfe13), + TOBN(0x450ac0ba, 0xe251a0c6), TOBN(0x480b9e11, 0xdd6da526), + TOBN(0x00467bc5, 0x8cce08b5), TOBN(0xb636458c, 0x7f178d55), + TOBN(0xc5748bae, 0xa677d806), TOBN(0x2763a387, 0xdfa394eb), + TOBN(0xa12b448a, 0x7d3cebb6), TOBN(0xe7adda3e, 0x6f20d850), + TOBN(0xf63ebce5, 0x1558462c), TOBN(0x58b36143, 0x620088a8), + TOBN(0x8a2cc3ca, 0x4d63c0ee), TOBN(0x51233117, 0x0fe948ce), + TOBN(0x7463fd85, 0x222ef33b), TOBN(0xadf0c7dc, 0x7c603d6c), + TOBN(0x0ec32d3b, 0xfe7765e5), TOBN(0xccaab359, 0xbf380409), + TOBN(0xbdaa84d6, 0x8e59319c), TOBN(0xd9a4c280, 0x9c80c34d), + TOBN(0xa9d89488, 0xa059c142), TOBN(0x6f5ae714, 0xff0b9346), + TOBN(0x068f237d, 0x16fb3664), TOBN(0x5853e4c4, 0x363186ac), + TOBN(0xe2d87d23, 0x63c52f98), TOBN(0x2ec4a766, 0x81828876), + TOBN(0x47b864fa, 0xe14e7b1c), TOBN(0x0c0bc0e5, 0x69192408), + TOBN(0xe4d7681d, 0xb82e9f3e), TOBN(0x83200f0b, 0xdf25e13c), + TOBN(0x8909984c, 0x66f27280), TOBN(0x462d7b00, 0x75f73227), + TOBN(0xd90ba188, 0xf2651798), TOBN(0x74c6e18c, 0x36ab1c34), + TOBN(0xab256ea3, 0x5ef54359), TOBN(0x03466612, 0xd1aa702f), + TOBN(0x624d6049, 0x2ed22e91), TOBN(0x6fdfe0b5, 0x6f072822), + TOBN(0xeeca1115, 0x39ce2271), TOBN(0x98100a4f, 0xdb01614f), + TOBN(0xb6b0daa2, 0xa35c628f), TOBN(0xb6f94d2e, 0xc87e9a47), + TOBN(0xc6773259, 0x1d57d9ce), TOBN(0xf70bfeec, 0x03884a7b), + TOBN(0x5fb35ccf, 0xed2bad01), TOBN(0xa155cbe3, 0x1da6a5c7), + TOBN(0xc2e2594c, 0x30a92f8f), TOBN(0x649c89ce, 0x5bfafe43), + TOBN(0xd158667d, 0xe9ff257a), TOBN(0x9b359611, 0xf32c50ae), + TOBN(0x4b00b20b, 0x906014cf), TOBN(0xf3a8cfe3, 0x89bc7d3d), + TOBN(0x4ff23ffd, 0x248a7d06), TOBN(0x80c5bfb4, 0x878873fa), + TOBN(0xb7d9ad90, 0x05745981), TOBN(0x179c85db, 0x3db01994), + TOBN(0xba41b062, 0x61a6966c), TOBN(0x4d82d052, 0xeadce5a8), + TOBN(0x9e91cd3b, 0xa5e6a318), TOBN(0x47795f4f, 0x95b2dda0), + TOBN(0xecfd7c1f, 0xd55a897c), TOBN(0x009194ab, 0xb29110fb), + TOBN(0x5f0e2046, 0xe381d3b0), TOBN(0x5f3425f6, 0xa98dd291), + TOBN(0xbfa06687, 0x730d50da), TOBN(0x0423446c, 0x4b083b7f), + TOBN(0x397a247d, 0xd69d3417), TOBN(0xeb629f90, 0x387ba42a), + TOBN(0x1ee426cc, 0xd5cd79bf), TOBN(0x0032940b, 0x946c6e18), + TOBN(0x1b1e8ae0, 0x57477f58), TOBN(0xe94f7d34, 0x6d823278), + TOBN(0xc747cb96, 0x782ba21a), TOBN(0xc5254469, 0xf72b33a5), + TOBN(0x772ef6de, 0xc7f80c81), TOBN(0xd73acbfe, 0x2cd9e6b5), + TOBN(0x4075b5b1, 0x49ee90d9), TOBN(0x785c339a, 0xa06e9eba), + TOBN(0xa1030d5b, 0xabf825e0), TOBN(0xcec684c3, 0xa42931dc), + TOBN(0x42ab62c9, 0xc1586e63), TOBN(0x45431d66, 0x5ab43f2b), + TOBN(0x57c8b2c0, 0x55f7835d), TOBN(0x033da338, 0xc1b7f865), + TOBN(0x283c7513, 0xcaa76097), TOBN(0x0a624fa9, 0x36c83906), + TOBN(0x6b20afec, 0x715af2c7), TOBN(0x4b969974, 0xeba78bfd), + TOBN(0x220755cc, 0xd921d60e), TOBN(0x9b944e10, 0x7baeca13), + TOBN(0x04819d51, 0x5ded93d4), TOBN(0x9bbff86e, 0x6dddfd27), + TOBN(0x6b344130, 0x77adc612), TOBN(0xa7496529, 0xbbd803a0), + TOBN(0x1a1baaa7, 0x6d8805bd), TOBN(0xc8403902, 0x470343ad), + TOBN(0x39f59f66, 0x175adff1), TOBN(0x0b26d7fb, 0xb7d8c5b7), + TOBN(0xa875f5ce, 0x529d75e3), TOBN(0x85efc7e9, 0x41325cc2), + TOBN(0x21950b42, 0x1ff6acd3), TOBN(0xffe70484, 0x53dc6909), + TOBN(0xff4cd0b2, 0x28766127), TOBN(0xabdbe608, 0x4fb7db2b), + TOBN(0x837c9228, 0x5e1109e8), TOBN(0x26147d27, 0xf4645b5a), + TOBN(0x4d78f592, 0xf7818ed8), TOBN(0xd394077e, 0xf247fa36), + TOBN(0x0fb9c2d0, 0x488c171a), TOBN(0xa78bfbaa, 0x13685278), + TOBN(0xedfbe268, 0xd5b1fa6a), TOBN(0x0dceb8db, 0x2b7eaba7), + TOBN(0xbf9e8089, 0x9ae2b710), TOBN(0xefde7ae6, 0xa4449c96), + TOBN(0x43b7716b, 0xcc143a46), TOBN(0xd7d34194, 0xc3628c13), + TOBN(0x508cec1c, 0x3b3f64c9), TOBN(0xe20bc0ba, 0x1e5edf3f), + TOBN(0xda1deb85, 0x2f4318d4), TOBN(0xd20ebe0d, 0x5c3fa443), + TOBN(0x370b4ea7, 0x73241ea3), TOBN(0x61f1511c, 0x5e1a5f65), + TOBN(0x99a5e23d, 0x82681c62), TOBN(0xd731e383, 0xa2f54c2d), + TOBN(0x2692f36e, 0x83445904), TOBN(0x2e0ec469, 0xaf45f9c0), + TOBN(0x905a3201, 0xc67528b7), TOBN(0x88f77f34, 0xd0e5e542), + TOBN(0xf67a8d29, 0x5864687c), TOBN(0x23b92eae, 0x22df3562), + TOBN(0x5c27014b, 0x9bbec39e), TOBN(0x7ef2f226, 0x9c0f0f8d), + TOBN(0x97359638, 0x546c4d8d), TOBN(0x5f9c3fc4, 0x92f24679), + TOBN(0x912e8bed, 0xa8c8acd9), TOBN(0xec3a318d, 0x306634b0), + TOBN(0x80167f41, 0xc31cb264), TOBN(0x3db82f6f, 0x522113f2), + TOBN(0xb155bcd2, 0xdcafe197), TOBN(0xfba1da59, 0x43465283), + TOBN(0xa0425b8e, 0xb212cf53), TOBN(0x4f2e512e, 0xf8557c5f), + TOBN(0xc1286ff9, 0x25c4d56c), TOBN(0xbb8a0fea, 0xee26c851), + TOBN(0xc28f70d2, 0xe7d6107e), TOBN(0x7ee0c444, 0xe76265aa), + TOBN(0x3df277a4, 0x1d1936b1), TOBN(0x1a556e3f, 0xea9595eb), + TOBN(0x258bbbf9, 0xe7305683), TOBN(0x31eea5bf, 0x07ef5be6), + TOBN(0x0deb0e4a, 0x46c814c1), TOBN(0x5cee8449, 0xa7b730dd), + TOBN(0xeab495c5, 0xa0182bde), TOBN(0xee759f87, 0x9e27a6b4), + TOBN(0xc2cf6a68, 0x80e518ca), TOBN(0x25e8013f, 0xf14cf3f4), + TOBN(0x8fc44140, 0x7e8d7a14), TOBN(0xbb1ff3ca, 0x9556f36a), + TOBN(0x6a844385, 0x14600044), TOBN(0xba3f0c4a, 0x7451ae63), + TOBN(0xdfcac25b, 0x1f9af32a), TOBN(0x01e0db86, 0xb1f2214b), + TOBN(0x4e9a5bc2, 0xa4b596ac), TOBN(0x83927681, 0x026c2c08), + TOBN(0x3ec832e7, 0x7acaca28), TOBN(0x1bfeea57, 0xc7385b29), + TOBN(0x068212e3, 0xfd1eaf38), TOBN(0xc1329830, 0x6acf8ccc), + TOBN(0xb909f2db, 0x2aac9e59), TOBN(0x5748060d, 0xb661782a), + TOBN(0xc5ab2632, 0xc79b7a01), TOBN(0xda44c6c6, 0x00017626), + TOBN(0xf26c00e8, 0xa7ea82f0), TOBN(0x99cac80d, 0xe4299aaf), + TOBN(0xd66fe3b6, 0x7ed78be1), TOBN(0x305f725f, 0x648d02cd), + TOBN(0x33ed1bc4, 0x623fb21b), TOBN(0xfa70533e, 0x7a6319ad), + TOBN(0x17ab562d, 0xbe5ffb3e), TOBN(0x06374994, 0x56674741), + TOBN(0x69d44ed6, 0x5c46aa8e), TOBN(0x2100d5d3, 0xa8d063d1), + TOBN(0xcb9727ea, 0xa2d17c36), TOBN(0x4c2bab1b, 0x8add53b7), + TOBN(0xa084e90c, 0x15426704), TOBN(0x778afcd3, 0xa837ebea), + TOBN(0x6651f701, 0x7ce477f8), TOBN(0xa0624998, 0x46fb7a8b), + TOBN(0xdc1e6828, 0xed8a6e19), TOBN(0x33fc2336, 0x4189d9c7), + TOBN(0x026f8fe2, 0x671c39bc), TOBN(0xd40c4ccd, 0xbc6f9915), + TOBN(0xafa135bb, 0xf80e75ca), TOBN(0x12c651a0, 0x22adff2c), + TOBN(0xc40a04bd, 0x4f51ad96), TOBN(0x04820109, 0xbbe4e832), + TOBN(0x3667eb1a, 0x7f4c04cc), TOBN(0x59556621, 0xa9404f84), + TOBN(0x71cdf653, 0x7eceb50a), TOBN(0x994a44a6, 0x9b8335fa), + TOBN(0xd7faf819, 0xdbeb9b69), TOBN(0x473c5680, 0xeed4350d), + TOBN(0xb6658466, 0xda44bba2), TOBN(0x0d1bc780, 0x872bdbf3), + TOBN(0xe535f175, 0xa1962f91), TOBN(0x6ed7e061, 0xed58f5a7), + TOBN(0x177aa4c0, 0x2089a233), TOBN(0x0dbcb03a, 0xe539b413), + TOBN(0xe3dc424e, 0xbb32e38e), TOBN(0x6472e5ef, 0x6806701e), + TOBN(0xdd47ff98, 0x814be9ee), TOBN(0x6b60cfff, 0x35ace009), + TOBN(0xb8d3d931, 0x9ff91fe5), TOBN(0x039c4800, 0xf0518eed), + TOBN(0x95c37632, 0x9182cb26), TOBN(0x0763a434, 0x82fc568d), + TOBN(0x707c04d5, 0x383e76ba), TOBN(0xac98b930, 0x824e8197), + TOBN(0x92bf7c8f, 0x91230de0), TOBN(0x90876a01, 0x40959b70), + TOBN(0xdb6d96f3, 0x05968b80), TOBN(0x380a0913, 0x089f73b9), + TOBN(0x7da70b83, 0xc2c61e01), TOBN(0x95fb8394, 0x569b38c7), + TOBN(0x9a3c6512, 0x80edfe2f), TOBN(0x8f726bb9, 0x8faeaf82), + TOBN(0x8010a4a0, 0x78424bf8), TOBN(0x29672044, 0x0e844970)}, + {TOBN(0x63c5cb81, 0x7a2ad62a), TOBN(0x7ef2b6b9, 0xac62ff54), + TOBN(0x3749bba4, 0xb3ad9db5), TOBN(0xad311f2c, 0x46d5a617), + TOBN(0xb77a8087, 0xc2ff3b6d), TOBN(0xb46feaf3, 0x367834ff), + TOBN(0xf8aa266d, 0x75d6b138), TOBN(0xfa38d320, 0xec008188), + TOBN(0x486d8ffa, 0x696946fc), TOBN(0x50fbc6d8, 0xb9cba56d), + TOBN(0x7e3d423e, 0x90f35a15), TOBN(0x7c3da195, 0xc0dd962c), + TOBN(0xe673fdb0, 0x3cfd5d8b), TOBN(0x0704b7c2, 0x889dfca5), + TOBN(0xf6ce581f, 0xf52305aa), TOBN(0x399d49eb, 0x914d5e53), + TOBN(0x380a496d, 0x6ec293cd), TOBN(0x733dbda7, 0x8e7051f5), + TOBN(0x037e388d, 0xb849140a), TOBN(0xee4b32b0, 0x5946dbf6), + TOBN(0xb1c4fda9, 0xcae368d1), TOBN(0x5001a7b0, 0xfdb0b2f3), + TOBN(0x6df59374, 0x2e3ac46e), TOBN(0x4af675f2, 0x39b3e656), + TOBN(0x44e38110, 0x39949296), TOBN(0x5b63827b, 0x361db1b5), + TOBN(0x3e5323ed, 0x206eaff5), TOBN(0x942370d2, 0xc21f4290), + TOBN(0xf2caaf2e, 0xe0d985a1), TOBN(0x192cc64b, 0x7239846d), + TOBN(0x7c0b8f47, 0xae6312f8), TOBN(0x7dc61f91, 0x96620108), + TOBN(0xb830fb5b, 0xc2da7de9), TOBN(0xd0e643df, 0x0ff8d3be), + TOBN(0x31ee77ba, 0x188a9641), TOBN(0x4e8aa3aa, 0xbcf6d502), + TOBN(0xf9fb6532, 0x9a49110f), TOBN(0xd18317f6, 0x2dd6b220), + TOBN(0x7e3ced41, 0x52c3ea5a), TOBN(0x0d296a14, 0x7d579c4a), + TOBN(0x35d6a53e, 0xed4c3717), TOBN(0x9f8240cf, 0x3d0ed2a3), + TOBN(0x8c0d4d05, 0xe5543aa5), TOBN(0x45d5bbfb, 0xdd33b4b4), + TOBN(0xfa04cc73, 0x137fd28e), TOBN(0x862ac6ef, 0xc73b3ffd), + TOBN(0x403ff9f5, 0x31f51ef2), TOBN(0x34d5e0fc, 0xbc73f5a2), + TOBN(0xf2526820, 0x08913f4f), TOBN(0xea20ed61, 0xeac93d95), + TOBN(0x51ed38b4, 0x6ca6b26c), TOBN(0x8662dcbc, 0xea4327b0), + TOBN(0x6daf295c, 0x725d2aaa), TOBN(0xbad2752f, 0x8e52dcda), + TOBN(0x2210e721, 0x0b17dacc), TOBN(0xa37f7912, 0xd51e8232), + TOBN(0x4f7081e1, 0x44cc3add), TOBN(0xd5ffa1d6, 0x87be82cf), + TOBN(0x89890b6c, 0x0edd6472), TOBN(0xada26e1a, 0x3ed17863), + TOBN(0x276f2715, 0x63483caa), TOBN(0xe6924cd9, 0x2f6077fd), + TOBN(0x05a7fe98, 0x0a466e3c), TOBN(0xf1c794b0, 0xb1902d1f), + TOBN(0xe5213688, 0x82a8042c), TOBN(0xd931cfaf, 0xcd278298), + TOBN(0x069a0ae0, 0xf597a740), TOBN(0x0adbb3f3, 0xeb59107c), + TOBN(0x983e951e, 0x5eaa8eb8), TOBN(0xe663a8b5, 0x11b48e78), + TOBN(0x1631cc0d, 0x8a03f2c5), TOBN(0x7577c11e, 0x11e271e2), + TOBN(0x33b2385c, 0x08369a90), TOBN(0x2990c59b, 0x190eb4f8), + TOBN(0x819a6145, 0xc68eac80), TOBN(0x7a786d62, 0x2ec4a014), + TOBN(0x33faadbe, 0x20ac3a8d), TOBN(0x31a21781, 0x5aba2d30), + TOBN(0x209d2742, 0xdba4f565), TOBN(0xdb2ce9e3, 0x55aa0fbb), + TOBN(0x8cef334b, 0x168984df), TOBN(0xe81dce17, 0x33879638), + TOBN(0xf6e6949c, 0x263720f0), TOBN(0x5c56feaf, 0xf593cbec), + TOBN(0x8bff5601, 0xfde58c84), TOBN(0x74e24117, 0x2eccb314), + TOBN(0xbcf01b61, 0x4c9a8a78), TOBN(0xa233e35e, 0x544c9868), + TOBN(0xb3156bf3, 0x8bd7aff1), TOBN(0x1b5ee4cb, 0x1d81b146), + TOBN(0x7ba1ac41, 0xd628a915), TOBN(0x8f3a8f9c, 0xfd89699e), + TOBN(0x7329b9c9, 0xa0748be7), TOBN(0x1d391c95, 0xa92e621f), + TOBN(0xe51e6b21, 0x4d10a837), TOBN(0xd255f53a, 0x4947b435), + TOBN(0x07669e04, 0xf1788ee3), TOBN(0xc14f27af, 0xa86938a2), + TOBN(0x8b47a334, 0xe93a01c0), TOBN(0xff627438, 0xd9366808), + TOBN(0x7a0985d8, 0xca2a5965), TOBN(0x3d9a5542, 0xd6e9b9b3), + TOBN(0xc23eb80b, 0x4cf972e8), TOBN(0x5c1c33bb, 0x4fdf72fd), + TOBN(0x0c4a58d4, 0x74a86108), TOBN(0xf8048a8f, 0xee4c5d90), + TOBN(0xe3c7c924, 0xe86d4c80), TOBN(0x28c889de, 0x056a1e60), + TOBN(0x57e2662e, 0xb214a040), TOBN(0xe8c48e98, 0x37e10347), + TOBN(0x87742862, 0x80ac748a), TOBN(0xf1c24022, 0x186b06f2), + TOBN(0xac2dd4c3, 0x5f74040a), TOBN(0x409aeb71, 0xfceac957), + TOBN(0x4fbad782, 0x55c4ec23), TOBN(0xb359ed61, 0x8a7b76ec), + TOBN(0x12744926, 0xed6f4a60), TOBN(0xe21e8d7f, 0x4b912de3), + TOBN(0xe2575a59, 0xfc705a59), TOBN(0x72f1d4de, 0xed2dbc0e), + TOBN(0x3d2b24b9, 0xeb7926b8), TOBN(0xbff88cb3, 0xcdbe5509), + TOBN(0xd0f399af, 0xe4dd640b), TOBN(0x3c5fe130, 0x2f76ed45), + TOBN(0x6f3562f4, 0x3764fb3d), TOBN(0x7b5af318, 0x3151b62d), + TOBN(0xd5bd0bc7, 0xd79ce5f3), TOBN(0xfdaf6b20, 0xec66890f), + TOBN(0x735c67ec, 0x6063540c), TOBN(0x50b259c2, 0xe5f9cb8f), + TOBN(0xb8734f9a, 0x3f99c6ab), TOBN(0xf8cc13d5, 0xa3a7bc85), + TOBN(0x80c1b305, 0xc5217659), TOBN(0xfe5364d4, 0x4ec12a54), + TOBN(0xbd87045e, 0x681345fe), TOBN(0x7f8efeb1, 0x582f897f), + TOBN(0xe8cbf1e5, 0xd5923359), TOBN(0xdb0cea9d, 0x539b9fb0), + TOBN(0x0c5b34cf, 0x49859b98), TOBN(0x5e583c56, 0xa4403cc6), + TOBN(0x11fc1a2d, 0xd48185b7), TOBN(0xc93fbc7e, 0x6e521787), + TOBN(0x47e7a058, 0x05105b8b), TOBN(0x7b4d4d58, 0xdb8260c8), + TOBN(0xe33930b0, 0x46eb842a), TOBN(0x8e844a9a, 0x7bdae56d), + TOBN(0x34ef3a9e, 0x13f7fdfc), TOBN(0xb3768f82, 0x636ca176), + TOBN(0x2821f4e0, 0x4e09e61c), TOBN(0x414dc3a1, 0xa0c7cddc), + TOBN(0xd5379437, 0x54945fcd), TOBN(0x151b6eef, 0xb3555ff1), + TOBN(0xb31bd613, 0x6339c083), TOBN(0x39ff8155, 0xdfb64701), + TOBN(0x7c3388d2, 0xe29604ab), TOBN(0x1e19084b, 0xa6b10442), + TOBN(0x17cf54c0, 0xeccd47ef), TOBN(0x89693385, 0x4a5dfb30), + TOBN(0x69d023fb, 0x47daf9f6), TOBN(0x9222840b, 0x7d91d959), + TOBN(0x439108f5, 0x803bac62), TOBN(0x0b7dd91d, 0x379bd45f), + TOBN(0xd651e827, 0xca63c581), TOBN(0x5c5d75f6, 0x509c104f), + TOBN(0x7d5fc738, 0x1f2dc308), TOBN(0x20faa7bf, 0xd98454be), + TOBN(0x95374bee, 0xa517b031), TOBN(0xf036b9b1, 0x642692ac), + TOBN(0xc5106109, 0x39842194), TOBN(0xb7e2353e, 0x49d05295), + TOBN(0xfc8c1d5c, 0xefb42ee0), TOBN(0xe04884eb, 0x08ce811c), + TOBN(0xf1f75d81, 0x7419f40e), TOBN(0x5b0ac162, 0xa995c241), + TOBN(0x120921bb, 0xc4c55646), TOBN(0x713520c2, 0x8d33cf97), + TOBN(0xb4a65a5c, 0xe98c5100), TOBN(0x6cec871d, 0x2ddd0f5a), + TOBN(0x251f0b7f, 0x9ba2e78b), TOBN(0x224a8434, 0xce3a2a5f), + TOBN(0x26827f61, 0x25f5c46f), TOBN(0x6a22bedc, 0x48545ec0), + TOBN(0x25ae5fa0, 0xb1bb5cdc), TOBN(0xd693682f, 0xfcb9b98f), + TOBN(0x32027fe8, 0x91e5d7d3), TOBN(0xf14b7d17, 0x73a07678), + TOBN(0xf88497b3, 0xc0dfdd61), TOBN(0xf7c2eec0, 0x2a8c4f48), + TOBN(0xaa5573f4, 0x3756e621), TOBN(0xc013a240, 0x1825b948), + TOBN(0x1c03b345, 0x63878572), TOBN(0xa0472bea, 0x653a4184), + TOBN(0xf4222e27, 0x0ac69a80), TOBN(0x34096d25, 0xf51e54f6), + TOBN(0x00a648cb, 0x8fffa591), TOBN(0x4e87acdc, 0x69b6527f), + TOBN(0x0575e037, 0xe285ccb4), TOBN(0x188089e4, 0x50ddcf52), + TOBN(0xaa96c9a8, 0x870ff719), TOBN(0x74a56cd8, 0x1fc7e369), + TOBN(0x41d04ee2, 0x1726931a), TOBN(0x0bbbb2c8, 0x3660ecfd), + TOBN(0xa6ef6de5, 0x24818e18), TOBN(0xe421cc51, 0xe7d57887), + TOBN(0xf127d208, 0xbea87be6), TOBN(0x16a475d3, 0xb1cdd682), + TOBN(0x9db1b684, 0x439b63f7), TOBN(0x5359b3db, 0xf0f113b6), + TOBN(0xdfccf1de, 0x8bf06e31), TOBN(0x1fdf8f44, 0xdd383901), + TOBN(0x10775cad, 0x5017e7d2), TOBN(0xdfc3a597, 0x58d11eef), + TOBN(0x6ec9c8a0, 0xb1ecff10), TOBN(0xee6ed6cc, 0x28400549), + TOBN(0xb5ad7bae, 0x1b4f8d73), TOBN(0x61b4f11d, 0xe00aaab9), + TOBN(0x7b32d69b, 0xd4eff2d7), TOBN(0x88ae6771, 0x4288b60f), + TOBN(0x159461b4, 0x37a1e723), TOBN(0x1f3d4789, 0x570aae8c), + TOBN(0x869118c0, 0x7f9871da), TOBN(0x35fbda78, 0xf635e278), + TOBN(0x738f3641, 0xe1541dac), TOBN(0x6794b13a, 0xc0dae45f), + TOBN(0x065064ac, 0x09cc0917), TOBN(0x27c53729, 0xc68540fd), + TOBN(0x0d2d4c8e, 0xef227671), TOBN(0xd23a9f80, 0xa1785a04), + TOBN(0x98c59528, 0x52650359), TOBN(0xfa09ad01, 0x74a1acad), + TOBN(0x082d5a29, 0x0b55bf5c), TOBN(0xa40f1c67, 0x419b8084), + TOBN(0x3a5c752e, 0xdcc18770), TOBN(0x4baf1f2f, 0x8825c3a5), + TOBN(0xebd63f74, 0x21b153ed), TOBN(0xa2383e47, 0xb2f64723), + TOBN(0xe7bf620a, 0x2646d19a), TOBN(0x56cb44ec, 0x03c83ffd), + TOBN(0xaf7267c9, 0x4f6be9f1), TOBN(0x8b2dfd7b, 0xc06bb5e9), + TOBN(0xb87072f2, 0xa672c5c7), TOBN(0xeacb11c8, 0x0d53c5e2), + TOBN(0x22dac29d, 0xff435932), TOBN(0x37bdb99d, 0x4408693c), + TOBN(0xf6e62fb6, 0x2899c20f), TOBN(0x3535d512, 0x447ece24), + TOBN(0xfbdc6b88, 0xff577ce3), TOBN(0x726693bd, 0x190575f2), + TOBN(0x6772b0e5, 0xab4b35a2), TOBN(0x1d8b6001, 0xf5eeaacf), + TOBN(0x728f7ce4, 0x795b9580), TOBN(0x4a20ed2a, 0x41fb81da), + TOBN(0x9f685cd4, 0x4fec01e6), TOBN(0x3ed7ddcc, 0xa7ff50ad), + TOBN(0x460fd264, 0x0c2d97fd), TOBN(0x3a241426, 0xeb82f4f9), + TOBN(0x17d1df2c, 0x6a8ea820), TOBN(0xb2b50d3b, 0xf22cc254), + TOBN(0x03856cba, 0xb7291426), TOBN(0x87fd26ae, 0x04f5ee39), + TOBN(0x9cb696cc, 0x02bee4ba), TOBN(0x53121804, 0x06820fd6), + TOBN(0xa5dfc269, 0x0212e985), TOBN(0x666f7ffa, 0x160f9a09), + TOBN(0xc503cd33, 0xbccd9617), TOBN(0x365dede4, 0xba7730a3), + TOBN(0x798c6355, 0x5ddb0786), TOBN(0xa6c3200e, 0xfc9cd3bc), + TOBN(0x060ffb2c, 0xe5e35efd), TOBN(0x99a4e25b, 0x5555a1c1), + TOBN(0x11d95375, 0xf70b3751), TOBN(0x0a57354a, 0x160e1bf6), + TOBN(0xecb3ae4b, 0xf8e4b065), TOBN(0x07a834c4, 0x2e53022b), + TOBN(0x1cd300b3, 0x8692ed96), TOBN(0x16a6f792, 0x61ee14ec), + TOBN(0x8f1063c6, 0x6a8649ed), TOBN(0xfbcdfcfe, 0x869f3e14), + TOBN(0x2cfb97c1, 0x00a7b3ec), TOBN(0xcea49b3c, 0x7130c2f1), + TOBN(0x462d044f, 0xe9d96488), TOBN(0x4b53d52e, 0x8182a0c1), + TOBN(0x84b6ddd3, 0x0391e9e9), TOBN(0x80ab7b48, 0xb1741a09), + TOBN(0xec0e15d4, 0x27d3317f), TOBN(0x8dfc1ddb, 0x1a64671e), + TOBN(0x93cc5d5f, 0xd49c5b92), TOBN(0xc995d53d, 0x3674a331), + TOBN(0x302e41ec, 0x090090ae), TOBN(0x2278a0cc, 0xedb06830), + TOBN(0x1d025932, 0xfbc99690), TOBN(0x0c32fbd2, 0xb80d68da), + TOBN(0xd79146da, 0xf341a6c1), TOBN(0xae0ba139, 0x1bef68a0), + TOBN(0xc6b8a563, 0x8d774b3a), TOBN(0x1cf307bd, 0x880ba4d7), + TOBN(0xc033bdc7, 0x19803511), TOBN(0xa9f97b3b, 0x8888c3be), + TOBN(0x3d68aebc, 0x85c6d05e), TOBN(0xc3b88a9d, 0x193919eb), + TOBN(0x2d300748, 0xc48b0ee3), TOBN(0x7506bc7c, 0x07a746c1), + TOBN(0xfc48437c, 0x6e6d57f3), TOBN(0x5bd71587, 0xcfeaa91a), + TOBN(0xa4ed0408, 0xc1bc5225), TOBN(0xd0b946db, 0x2719226d), + TOBN(0x109ecd62, 0x758d2d43), TOBN(0x75c8485a, 0x2751759b), + TOBN(0xb0b75f49, 0x9ce4177a), TOBN(0x4fa61a1e, 0x79c10c3d), + TOBN(0xc062d300, 0xa167fcd7), TOBN(0x4df3874c, 0x750f0fa8), + TOBN(0x29ae2cf9, 0x83dfedc9), TOBN(0xf8437134, 0x8d87631a), + TOBN(0xaf571711, 0x7429c8d2), TOBN(0x18d15867, 0x146d9272), + TOBN(0x83053ecf, 0x69769bb7), TOBN(0xc55eb856, 0xc479ab82), + TOBN(0x5ef7791c, 0x21b0f4b2), TOBN(0xaa5956ba, 0x3d491525), + TOBN(0x407a96c2, 0x9fe20eba), TOBN(0xf27168bb, 0xe52a5ad3), + TOBN(0x43b60ab3, 0xbf1d9d89), TOBN(0xe45c51ef, 0x710e727a), + TOBN(0xdfca5276, 0x099b4221), TOBN(0x8dc6407c, 0x2557a159), + TOBN(0x0ead8335, 0x91035895), TOBN(0x0a9db957, 0x9c55dc32), + TOBN(0xe40736d3, 0xdf61bc76), TOBN(0x13a619c0, 0x3f778cdb), + TOBN(0x6dd921a4, 0xc56ea28f), TOBN(0x76a52433, 0x2fa647b4), + TOBN(0x23591891, 0xac5bdc5d), TOBN(0xff4a1a72, 0xbac7dc01), + TOBN(0x9905e261, 0x62df8453), TOBN(0x3ac045df, 0xe63b265f), + TOBN(0x8a3f341b, 0xad53dba7), TOBN(0x8ec269cc, 0x837b625a), + TOBN(0xd71a2782, 0x3ae31189), TOBN(0x8fb4f9a3, 0x55e96120), + TOBN(0x804af823, 0xff9875cf), TOBN(0x23224f57, 0x5d442a9b), + TOBN(0x1c4d3b9e, 0xecc62679), TOBN(0x91da22fb, 0xa0e7ddb1), + TOBN(0xa370324d, 0x6c04a661), TOBN(0x9710d3b6, 0x5e376d17), + TOBN(0xed8c98f0, 0x3044e357), TOBN(0xc364ebbe, 0x6422701c), + TOBN(0x347f5d51, 0x7733d61c), TOBN(0xd55644b9, 0xcea826c3), + TOBN(0x80c6e0ad, 0x55a25548), TOBN(0x0aa7641d, 0x844220a7), + TOBN(0x1438ec81, 0x31810660), TOBN(0x9dfa6507, 0xde4b4043), + TOBN(0x10b515d8, 0xcc3e0273), TOBN(0x1b6066dd, 0x28d8cfb2), + TOBN(0xd3b04591, 0x9c9efebd), TOBN(0x425d4bdf, 0xa21c1ff4), + TOBN(0x5fe5af19, 0xd57607d3), TOBN(0xbbf773f7, 0x54481084), + TOBN(0x8435bd69, 0x94b03ed1), TOBN(0xd9ad1de3, 0x634cc546), + TOBN(0x2cf423fc, 0x00e420ca), TOBN(0xeed26d80, 0xa03096dd), + TOBN(0xd7f60be7, 0xa4db09d2), TOBN(0xf47f569d, 0x960622f7), + TOBN(0xe5925fd7, 0x7296c729), TOBN(0xeff2db26, 0x26ca2715), + TOBN(0xa6fcd014, 0xb913e759), TOBN(0x53da4786, 0x8ff4de93), + TOBN(0x14616d79, 0xc32068e1), TOBN(0xb187d664, 0xccdf352e), + TOBN(0xf7afb650, 0x1dc90b59), TOBN(0x8170e943, 0x7daa1b26), + TOBN(0xc8e3bdd8, 0x700c0a84), TOBN(0x6e8d345f, 0x6482bdfa), + TOBN(0x84cfbfa1, 0xc5c5ea50), TOBN(0xd3baf14c, 0x67960681), + TOBN(0x26398403, 0x0dd50942), TOBN(0xe4b7839c, 0x4716a663), + TOBN(0xd5f1f794, 0xe7de6dc0), TOBN(0x5cd0f4d4, 0x622aa7ce), + TOBN(0x5295f3f1, 0x59acfeec), TOBN(0x8d933552, 0x953e0607), + TOBN(0xc7db8ec5, 0x776c5722), TOBN(0xdc467e62, 0x2b5f290c), + TOBN(0xd4297e70, 0x4ff425a9), TOBN(0x4be924c1, 0x0cf7bb72), + TOBN(0x0d5dc5ae, 0xa1892131), TOBN(0x8bf8a8e3, 0xa705c992), + TOBN(0x73a0b064, 0x7a305ac5), TOBN(0x00c9ca4e, 0x9a8c77a8), + TOBN(0x5dfee80f, 0x83774bdd), TOBN(0x63131602, 0x85734485), + TOBN(0xa1b524ae, 0x914a69a9), TOBN(0xebc2ffaf, 0xd4e300d7), + TOBN(0x52c93db7, 0x7cfa46a5), TOBN(0x71e6161f, 0x21653b50), + TOBN(0x3574fc57, 0xa4bc580a), TOBN(0xc09015dd, 0xe1bc1253), + TOBN(0x4b7b47b2, 0xd174d7aa), TOBN(0x4072d8e8, 0xf3a15d04), + TOBN(0xeeb7d47f, 0xd6fa07ed), TOBN(0x6f2b9ff9, 0xedbdafb1), + TOBN(0x18c51615, 0x3760fe8a), TOBN(0x7a96e6bf, 0xf06c6c13), + TOBN(0x4d7a0410, 0x0ea2d071), TOBN(0xa1914e9b, 0x0be2a5ce), + TOBN(0x5726e357, 0xd8a3c5cf), TOBN(0x1197ecc3, 0x2abb2b13), + TOBN(0x6c0d7f7f, 0x31ae88dd), TOBN(0x15b20d1a, 0xfdbb3efe), + TOBN(0xcd06aa26, 0x70584039), TOBN(0x2277c969, 0xa7dc9747), + TOBN(0xbca69587, 0x7855d815), TOBN(0x899ea238, 0x5188b32a), + TOBN(0x37d9228b, 0x760c1c9d), TOBN(0xc7efbb11, 0x9b5c18da), + TOBN(0x7f0d1bc8, 0x19f6dbc5), TOBN(0x4875384b, 0x07e6905b), + TOBN(0xc7c50baa, 0x3ba8cd86), TOBN(0xb0ce40fb, 0xc2905de0), + TOBN(0x70840673, 0x7a231952), TOBN(0xa912a262, 0xcf43de26), + TOBN(0x9c38ddcc, 0xeb5b76c1), TOBN(0x746f5285, 0x26fc0ab4), + TOBN(0x52a63a50, 0xd62c269f), TOBN(0x60049c55, 0x99458621), + TOBN(0xe7f48f82, 0x3c2f7c9e), TOBN(0x6bd99043, 0x917d5cf3), + TOBN(0xeb1317a8, 0x8701f469), TOBN(0xbd3fe2ed, 0x9a449fe0), + TOBN(0x421e79ca, 0x12ef3d36), TOBN(0x9ee3c36c, 0x3e7ea5de), + TOBN(0xe48198b5, 0xcdff36f7), TOBN(0xaff4f967, 0xc6b82228), + TOBN(0x15e19dd0, 0xc47adb7e), TOBN(0x45699b23, 0x032e7dfa), + TOBN(0x40680c8b, 0x1fae026a), TOBN(0x5a347a48, 0x550dbf4d), + TOBN(0xe652533b, 0x3cef0d7d), TOBN(0xd94f7b18, 0x2bbb4381), + TOBN(0x838752be, 0x0e80f500), TOBN(0x8e6e2488, 0x9e9c9bfb), + TOBN(0xc9751697, 0x16caca6a), TOBN(0x866c49d8, 0x38531ad9), + TOBN(0xc917e239, 0x7151ade1), TOBN(0x2d016ec1, 0x6037c407), + TOBN(0xa407ccc9, 0x00eac3f9), TOBN(0x835f6280, 0xe2ed4748), + TOBN(0xcc54c347, 0x1cc98e0d), TOBN(0x0e969937, 0xdcb572eb), + TOBN(0x1b16c8e8, 0x8f30c9cb), TOBN(0xa606ae75, 0x373c4661), + TOBN(0x47aa689b, 0x35502cab), TOBN(0xf89014ae, 0x4d9bb64f), + TOBN(0x202f6a9c, 0x31c71f7b), TOBN(0x01f95aa3, 0x296ffe5c), + TOBN(0x5fc06014, 0x53cec3a3), TOBN(0xeb991237, 0x5f498a45), + TOBN(0xae9a935e, 0x5d91ba87), TOBN(0xc6ac6281, 0x0b564a19), + TOBN(0x8a8fe81c, 0x3bd44e69), TOBN(0x7c8b467f, 0x9dd11d45), + TOBN(0xf772251f, 0xea5b8e69), TOBN(0xaeecb3bd, 0xc5b75fbc), + TOBN(0x1aca3331, 0x887ff0e5), TOBN(0xbe5d49ff, 0x19f0a131), + TOBN(0x582c13aa, 0xe5c8646f), TOBN(0xdbaa12e8, 0x20e19980), + TOBN(0x8f40f31a, 0xf7abbd94), TOBN(0x1f13f5a8, 0x1dfc7663), + TOBN(0x5d81f1ee, 0xaceb4fc0), TOBN(0x36256002, 0x5e6f0f42), + TOBN(0x4b67d6d7, 0x751370c8), TOBN(0x2608b698, 0x03e80589), + TOBN(0xcfc0d2fc, 0x05268301), TOBN(0xa6943d39, 0x40309212), + TOBN(0x192a90c2, 0x1fd0e1c2), TOBN(0xb209f113, 0x37f1dc76), + TOBN(0xefcc5e06, 0x97bf1298), TOBN(0xcbdb6730, 0x219d639e), + TOBN(0xd009c116, 0xb81e8c6f), TOBN(0xa3ffdde3, 0x1a7ce2e5), + TOBN(0xc53fbaaa, 0xa914d3ba), TOBN(0x836d500f, 0x88df85ee), + TOBN(0xd98dc71b, 0x66ee0751), TOBN(0x5a3d7005, 0x714516fd), + TOBN(0x21d3634d, 0x39eedbba), TOBN(0x35cd2e68, 0x0455a46d), + TOBN(0xc8cafe65, 0xf9d7eb0c), TOBN(0xbda3ce9e, 0x00cefb3e), + TOBN(0xddc17a60, 0x2c9cf7a4), TOBN(0x01572ee4, 0x7bcb8773), + TOBN(0xa92b2b01, 0x8c7548df), TOBN(0x732fd309, 0xa84600e3), + TOBN(0xe22109c7, 0x16543a40), TOBN(0x9acafd36, 0xfede3c6c), + TOBN(0xfb206852, 0x6824e614), TOBN(0x2a4544a9, 0xda25dca0), + TOBN(0x25985262, 0x91d60b06), TOBN(0x281b7be9, 0x28753545), + TOBN(0xec667b1a, 0x90f13b27), TOBN(0x33a83aff, 0x940e2eb4), + TOBN(0x80009862, 0xd5d721d5), TOBN(0x0c3357a3, 0x5bd3a182), + TOBN(0x27f3a83b, 0x7aa2cda4), TOBN(0xb58ae74e, 0xf6f83085), + TOBN(0x2a911a81, 0x2e6dad6b), TOBN(0xde286051, 0xf43d6c5b), + TOBN(0x4bdccc41, 0xf996c4d8), TOBN(0xe7312ec0, 0x0ae1e24e)}, + {TOBN(0xf8d112e7, 0x6e6485b3), TOBN(0x4d3e24db, 0x771c52f8), + TOBN(0x48e3ee41, 0x684a2f6d), TOBN(0x7161957d, 0x21d95551), + TOBN(0x19631283, 0xcdb12a6c), TOBN(0xbf3fa882, 0x2e50e164), + TOBN(0xf6254b63, 0x3166cc73), TOBN(0x3aefa7ae, 0xaee8cc38), + TOBN(0x79b0fe62, 0x3b36f9fd), TOBN(0x26543b23, 0xfde19fc0), + TOBN(0x136e64a0, 0x958482ef), TOBN(0x23f63771, 0x9b095825), + TOBN(0x14cfd596, 0xb6a1142e), TOBN(0x5ea6aac6, 0x335aac0b), + TOBN(0x86a0e8bd, 0xf3081dd5), TOBN(0x5fb89d79, 0x003dc12a), + TOBN(0xf615c33a, 0xf72e34d4), TOBN(0x0bd9ea40, 0x110eec35), + TOBN(0x1c12bc5b, 0xc1dea34e), TOBN(0x686584c9, 0x49ae4699), + TOBN(0x13ad95d3, 0x8c97b942), TOBN(0x4609561a, 0x4e5c7562), + TOBN(0x9e94a4ae, 0xf2737f89), TOBN(0xf57594c6, 0x371c78b6), + TOBN(0x0f0165fc, 0xe3779ee3), TOBN(0xe00e7f9d, 0xbd495d9e), + TOBN(0x1fa4efa2, 0x20284e7a), TOBN(0x4564bade, 0x47ac6219), + TOBN(0x90e6312a, 0xc4708e8e), TOBN(0x4f5725fb, 0xa71e9adf), + TOBN(0xe95f55ae, 0x3d684b9f), TOBN(0x47f7ccb1, 0x1e94b415), + TOBN(0x7322851b, 0x8d946581), TOBN(0xf0d13133, 0xbdf4a012), + TOBN(0xa3510f69, 0x6584dae0), TOBN(0x03a7c171, 0x3c9f6c6d), + TOBN(0x5be97f38, 0xe475381a), TOBN(0xca1ba422, 0x85823334), + TOBN(0xf83cc5c7, 0x0be17dda), TOBN(0x158b1494, 0x0b918c0f), + TOBN(0xda3a77e5, 0x522e6b69), TOBN(0x69c908c3, 0xbbcd6c18), + TOBN(0x1f1b9e48, 0xd924fd56), TOBN(0x37c64e36, 0xaa4bb3f7), + TOBN(0x5a4fdbdf, 0xee478d7d), TOBN(0xba75c8bc, 0x0193f7a0), + TOBN(0x84bc1e84, 0x56cd16df), TOBN(0x1fb08f08, 0x46fad151), + TOBN(0x8a7cabf9, 0x842e9f30), TOBN(0xa331d4bf, 0x5eab83af), + TOBN(0xd272cfba, 0x017f2a6a), TOBN(0x27560abc, 0x83aba0e3), + TOBN(0x94b83387, 0x0e3a6b75), TOBN(0x25c6aea2, 0x6b9f50f5), + TOBN(0x803d691d, 0xb5fdf6d0), TOBN(0x03b77509, 0xe6333514), + TOBN(0x36178903, 0x61a341c1), TOBN(0x3604dc60, 0x0cfd6142), + TOBN(0x022295eb, 0x8533316c), TOBN(0x3dbde4ac, 0x44af2922), + TOBN(0x898afc5d, 0x1c7eef69), TOBN(0x58896805, 0xd14f4fa1), + TOBN(0x05002160, 0x203c21ca), TOBN(0x6f0d1f30, 0x40ef730b), + TOBN(0x8e8c44d4, 0x196224f8), TOBN(0x75a4ab95, 0x374d079d), + TOBN(0x79085ecc, 0x7d48f123), TOBN(0x56f04d31, 0x1bf65ad8), + TOBN(0xe220bf1c, 0xbda602b2), TOBN(0x73ee1742, 0xf9612c69), + TOBN(0x76008fc8, 0x084fd06b), TOBN(0x4000ef9f, 0xf11380d1), + TOBN(0x48201b4b, 0x12cfe297), TOBN(0x3eee129c, 0x292f74e5), + TOBN(0xe1fe114e, 0xc9e874e8), TOBN(0x899b055c, 0x92c5fc41), + TOBN(0x4e477a64, 0x3a39c8cf), TOBN(0x82f09efe, 0x78963cc9), + TOBN(0x6fd3fd8f, 0xd333f863), TOBN(0x85132b2a, 0xdc949c63), + TOBN(0x7e06a3ab, 0x516eb17b), TOBN(0x73bec06f, 0xd2c7372b), + TOBN(0xe4f74f55, 0xba896da6), TOBN(0xbb4afef8, 0x8e9eb40f), + TOBN(0x2d75bec8, 0xe61d66b0), TOBN(0x02bda4b4, 0xef29300b), + TOBN(0x8bbaa8de, 0x026baa5a), TOBN(0xff54befd, 0xa07f4440), + TOBN(0xbd9b8b1d, 0xbe7a2af3), TOBN(0xec51caa9, 0x4fb74a72), + TOBN(0xb9937a4b, 0x63879697), TOBN(0x7c9a9d20, 0xec2687d5), + TOBN(0x1773e44f, 0x6ef5f014), TOBN(0x8abcf412, 0xe90c6900), + TOBN(0x387bd022, 0x8142161e), TOBN(0x50393755, 0xfcb6ff2a), + TOBN(0x9813fd56, 0xed6def63), TOBN(0x53cf6482, 0x7d53106c), + TOBN(0x991a35bd, 0x431f7ac1), TOBN(0xf1e274dd, 0x63e65faf), + TOBN(0xf63ffa3c, 0x44cc7880), TOBN(0x411a426b, 0x7c256981), + TOBN(0xb698b9fd, 0x93a420e0), TOBN(0x89fdddc0, 0xae53f8fe), + TOBN(0x766e0722, 0x32398baa), TOBN(0x205fee42, 0x5cfca031), + TOBN(0xa49f5341, 0x7a029cf2), TOBN(0xa88c68b8, 0x4023890d), + TOBN(0xbc275041, 0x7337aaa8), TOBN(0x9ed364ad, 0x0eb384f4), + TOBN(0xe0816f85, 0x29aba92f), TOBN(0x2e9e1941, 0x04e38a88), + TOBN(0x57eef44a, 0x3dafd2d5), TOBN(0x35d1fae5, 0x97ed98d8), + TOBN(0x50628c09, 0x2307f9b1), TOBN(0x09d84aae, 0xd6cba5c6), + TOBN(0x67071bc7, 0x88aaa691), TOBN(0x2dea57a9, 0xafe6cb03), + TOBN(0xdfe11bb4, 0x3d78ac01), TOBN(0x7286418c, 0x7fd7aa51), + TOBN(0xfabf7709, 0x77f7195a), TOBN(0x8ec86167, 0xadeb838f), + TOBN(0xea1285a8, 0xbb4f012d), TOBN(0xd6883503, 0x9a3eab3f), + TOBN(0xee5d24f8, 0x309004c2), TOBN(0xa96e4b76, 0x13ffe95e), + TOBN(0x0cdffe12, 0xbd223ea4), TOBN(0x8f5c2ee5, 0xb6739a53), + TOBN(0x5cb4aaa5, 0xdd968198), TOBN(0xfa131c52, 0x72413a6c), + TOBN(0x53d46a90, 0x9536d903), TOBN(0xb270f0d3, 0x48606d8e), + TOBN(0x518c7564, 0xa053a3bc), TOBN(0x088254b7, 0x1a86caef), + TOBN(0xb3ba8cb4, 0x0ab5efd0), TOBN(0x5c59900e, 0x4605945d), + TOBN(0xecace1dd, 0xa1887395), TOBN(0x40960f36, 0x932a65de), + TOBN(0x9611ff5c, 0x3aa95529), TOBN(0xc58215b0, 0x7c1e5a36), + TOBN(0xd48c9b58, 0xf0e1a524), TOBN(0xb406856b, 0xf590dfb8), + TOBN(0xc7605e04, 0x9cd95662), TOBN(0x0dd036ee, 0xa33ecf82), + TOBN(0xa50171ac, 0xc33156b3), TOBN(0xf09d24ea, 0x4a80172e), + TOBN(0x4e1f72c6, 0x76dc8eef), TOBN(0xe60caadc, 0x5e3d44ee), + TOBN(0x006ef8a6, 0x979b1d8f), TOBN(0x60908a1c, 0x97788d26), + TOBN(0x6e08f95b, 0x266feec0), TOBN(0x618427c2, 0x22e8c94e), + TOBN(0x3d613339, 0x59145a65), TOBN(0xcd9bc368, 0xfa406337), + TOBN(0x82d11be3, 0x2d8a52a0), TOBN(0xf6877b27, 0x97a1c590), + TOBN(0x837a819b, 0xf5cbdb25), TOBN(0x2a4fd1d8, 0xde090249), + TOBN(0x622a7de7, 0x74990e5f), TOBN(0x840fa5a0, 0x7945511b), + TOBN(0x30b974be, 0x6558842d), TOBN(0x70df8c64, 0x17f3d0a6), + TOBN(0x7c803520, 0x7542e46d), TOBN(0x7251fe7f, 0xe4ecc823), + TOBN(0xe59134cb, 0x5e9aac9a), TOBN(0x11bb0934, 0xf0045d71), + TOBN(0x53e5d9b5, 0xdbcb1d4e), TOBN(0x8d97a905, 0x92defc91), + TOBN(0xfe289327, 0x7946d3f9), TOBN(0xe132bd24, 0x07472273), + TOBN(0xeeeb510c, 0x1eb6ae86), TOBN(0x777708c5, 0xf0595067), + TOBN(0x18e2c8cd, 0x1297029e), TOBN(0x2c61095c, 0xbbf9305e), + TOBN(0xe466c258, 0x6b85d6d9), TOBN(0x8ac06c36, 0xda1ea530), + TOBN(0xa365dc39, 0xa1304668), TOBN(0xe4a9c885, 0x07f89606), + TOBN(0x65a4898f, 0xacc7228d), TOBN(0x3e2347ff, 0x84ca8303), + TOBN(0xa5f6fb77, 0xea7d23a3), TOBN(0x2fac257d, 0x672a71cd), + TOBN(0x6908bef8, 0x7e6a44d3), TOBN(0x8ff87566, 0x891d3d7a), + TOBN(0xe58e90b3, 0x6b0cf82e), TOBN(0x6438d246, 0x2615b5e7), + TOBN(0x07b1f8fc, 0x669c145a), TOBN(0xb0d8b2da, 0x36f1e1cb), + TOBN(0x54d5dadb, 0xd9184c4d), TOBN(0x3dbb18d5, 0xf93d9976), + TOBN(0x0a3e0f56, 0xd1147d47), TOBN(0x2afa8c8d, 0xa0a48609), + TOBN(0x275353e8, 0xbc36742c), TOBN(0x898f427e, 0xeea0ed90), + TOBN(0x26f4947e, 0x3e477b00), TOBN(0x8ad8848a, 0x308741e3), + TOBN(0x6c703c38, 0xd74a2a46), TOBN(0x5e3e05a9, 0x9ba17ba2), + TOBN(0xc1fa6f66, 0x4ab9a9e4), TOBN(0x474a2d9a, 0x3841d6ec), + TOBN(0x871239ad, 0x653ae326), TOBN(0x14bcf72a, 0xa74cbb43), + TOBN(0x8737650e, 0x20d4c083), TOBN(0x3df86536, 0x110ed4af), + TOBN(0xd2d86fe7, 0xb53ca555), TOBN(0x688cb00d, 0xabd5d538), + TOBN(0xcf81bda3, 0x1ad38468), TOBN(0x7ccfe3cc, 0xf01167b6), + TOBN(0xcf4f47e0, 0x6c4c1fe6), TOBN(0x557e1f1a, 0x298bbb79), + TOBN(0xf93b974f, 0x30d45a14), TOBN(0x174a1d2d, 0x0baf97c4), + TOBN(0x7a003b30, 0xc51fbf53), TOBN(0xd8940991, 0xee68b225), + TOBN(0x5b0aa7b7, 0x1c0f4173), TOBN(0x975797c9, 0xa20a7153), + TOBN(0x26e08c07, 0xe3533d77), TOBN(0xd7222e6a, 0x2e341c99), + TOBN(0x9d60ec3d, 0x8d2dc4ed), TOBN(0xbdfe0d8f, 0x7c476cf8), + TOBN(0x1fe59ab6, 0x1d056605), TOBN(0xa9ea9df6, 0x86a8551f), + TOBN(0x8489941e, 0x47fb8d8c), TOBN(0xfeb874eb, 0x4a7f1b10), + TOBN(0xfe5fea86, 0x7ee0d98f), TOBN(0x201ad34b, 0xdbf61864), + TOBN(0x45d8fe47, 0x37c031d4), TOBN(0xd5f49fae, 0x795f0822), + TOBN(0xdb0fb291, 0xc7f4a40c), TOBN(0x2e69d9c1, 0x730ddd92), + TOBN(0x754e1054, 0x49d76987), TOBN(0x8a24911d, 0x7662db87), + TOBN(0x61fc1810, 0x60a71676), TOBN(0xe852d1a8, 0xf66a8ad1), + TOBN(0x172bbd65, 0x6417231e), TOBN(0x0d6de7bd, 0x3babb11f), + TOBN(0x6fde6f88, 0xc8e347f8), TOBN(0x1c587547, 0x9bd99cc3), + TOBN(0x78e54ed0, 0x34076950), TOBN(0x97f0f334, 0x796e83ba), + TOBN(0xe4dbe1ce, 0x4924867a), TOBN(0xbd5f51b0, 0x60b84917), + TOBN(0x37530040, 0x3cb09a79), TOBN(0xdb3fe0f8, 0xff1743d8), + TOBN(0xed7894d8, 0x556fa9db), TOBN(0xfa262169, 0x23412fbf), + TOBN(0x563be0db, 0xba7b9291), TOBN(0x6ca8b8c0, 0x0c9fb234), + TOBN(0xed406aa9, 0xbd763802), TOBN(0xc21486a0, 0x65303da1), + TOBN(0x61ae291e, 0xc7e62ec4), TOBN(0x622a0492, 0xdf99333e), + TOBN(0x7fd80c9d, 0xbb7a8ee0), TOBN(0xdc2ed3bc, 0x6c01aedb), + TOBN(0x35c35a12, 0x08be74ec), TOBN(0xd540cb1a, 0x469f671f), + TOBN(0xd16ced4e, 0xcf84f6c7), TOBN(0x8561fb9c, 0x2d090f43), + TOBN(0x7e693d79, 0x6f239db4), TOBN(0xa736f928, 0x77bd0d94), + TOBN(0x07b4d929, 0x2c1950ee), TOBN(0xda177543, 0x56dc11b3), + TOBN(0xa5dfbbaa, 0x7a6a878e), TOBN(0x1c70cb29, 0x4decb08a), + TOBN(0xfba28c8b, 0x6f0f7c50), TOBN(0xa8eba2b8, 0x854dcc6d), + TOBN(0x5ff8e89a, 0x36b78642), TOBN(0x070c1c8e, 0xf6873adf), + TOBN(0xbbd3c371, 0x6484d2e4), TOBN(0xfb78318f, 0x0d414129), + TOBN(0x2621a39c, 0x6ad93b0b), TOBN(0x979d74c2, 0xa9e917f7), + TOBN(0xfc195647, 0x61fb0428), TOBN(0x4d78954a, 0xbee624d4), + TOBN(0xb94896e0, 0xb8ae86fd), TOBN(0x6667ac0c, 0xc91c8b13), + TOBN(0x9f180512, 0x43bcf832), TOBN(0xfbadf8b7, 0xa0010137), + TOBN(0xc69b4089, 0xb3ba8aa7), TOBN(0xfac4bacd, 0xe687ce85), + TOBN(0x9164088d, 0x977eab40), TOBN(0x51f4c5b6, 0x2760b390), + TOBN(0xd238238f, 0x340dd553), TOBN(0x358566c3, 0xdb1d31c9), + TOBN(0x3a5ad69e, 0x5068f5ff), TOBN(0xf31435fc, 0xdaff6b06), + TOBN(0xae549a5b, 0xd6debff0), TOBN(0x59e5f0b7, 0x75e01331), + TOBN(0x5d492fb8, 0x98559acf), TOBN(0x96018c2e, 0x4db79b50), + TOBN(0x55f4a48f, 0x609f66aa), TOBN(0x1943b3af, 0x4900a14f), + TOBN(0xc22496df, 0x15a40d39), TOBN(0xb2a44684, 0x4c20f7c5), + TOBN(0x76a35afa, 0x3b98404c), TOBN(0xbec75725, 0xff5d1b77), + TOBN(0xb67aa163, 0xbea06444), TOBN(0x27e95bb2, 0xf724b6f2), + TOBN(0x3c20e3e9, 0xd238c8ab), TOBN(0x1213754e, 0xddd6ae17), + TOBN(0x8c431020, 0x716e0f74), TOBN(0x6679c82e, 0xffc095c2), + TOBN(0x2eb3adf4, 0xd0ac2932), TOBN(0x2cc970d3, 0x01bb7a76), + TOBN(0x70c71f2f, 0x740f0e66), TOBN(0x545c616b, 0x2b6b23cc), + TOBN(0x4528cfcb, 0xb40a8bd7), TOBN(0xff839633, 0x2ab27722), + TOBN(0x049127d9, 0x025ac99a), TOBN(0xd314d4a0, 0x2b63e33b), + TOBN(0xc8c310e7, 0x28d84519), TOBN(0x0fcb8983, 0xb3bc84ba), + TOBN(0x2cc52261, 0x38634818), TOBN(0x501814f4, 0xb44c2e0b), + TOBN(0xf7e181aa, 0x54dfdba3), TOBN(0xcfd58ff0, 0xe759718c), + TOBN(0xf90cdb14, 0xd3b507a8), TOBN(0x57bd478e, 0xc50bdad8), + TOBN(0x29c197e2, 0x50e5f9aa), TOBN(0x4db6eef8, 0xe40bc855), + TOBN(0x2cc8f21a, 0xd1fc0654), TOBN(0xc71cc963, 0x81269d73), + TOBN(0xecfbb204, 0x077f49f9), TOBN(0xdde92571, 0xca56b793), + TOBN(0x9abed6a3, 0xf97ad8f7), TOBN(0xe6c19d3f, 0x924de3bd), + TOBN(0x8dce92f4, 0xa140a800), TOBN(0x85f44d1e, 0x1337af07), + TOBN(0x5953c08b, 0x09d64c52), TOBN(0xa1b5e49f, 0xf5df9749), + TOBN(0x336a8fb8, 0x52735f7d), TOBN(0xb332b6db, 0x9add676b), + TOBN(0x558b88a0, 0xb4511aa4), TOBN(0x09788752, 0xdbd5cc55), + TOBN(0x16b43b9c, 0xd8cd52bd), TOBN(0x7f0bc5a0, 0xc2a2696b), + TOBN(0x146e12d4, 0xc11f61ef), TOBN(0x9ce10754, 0x3a83e79e), + TOBN(0x08ec73d9, 0x6cbfca15), TOBN(0x09ff29ad, 0x5b49653f), + TOBN(0xe31b72bd, 0xe7da946e), TOBN(0xebf9eb3b, 0xee80a4f2), + TOBN(0xd1aabd08, 0x17598ce4), TOBN(0x18b5fef4, 0x53f37e80), + TOBN(0xd5d5cdd3, 0x5958cd79), TOBN(0x3580a1b5, 0x1d373114), + TOBN(0xa36e4c91, 0xfa935726), TOBN(0xa38c534d, 0xef20d760), + TOBN(0x7088e40a, 0x2ff5845b), TOBN(0xe5bb40bd, 0xbd78177f), + TOBN(0x4f06a7a8, 0x857f9920), TOBN(0xe3cc3e50, 0xe968f05d), + TOBN(0x1d68b7fe, 0xe5682d26), TOBN(0x5206f76f, 0xaec7f87c), + TOBN(0x41110530, 0x041951ab), TOBN(0x58ec52c1, 0xd4b5a71a), + TOBN(0xf3488f99, 0x0f75cf9a), TOBN(0xf411951f, 0xba82d0d5), + TOBN(0x27ee75be, 0x618895ab), TOBN(0xeae060d4, 0x6d8aab14), + TOBN(0x9ae1df73, 0x7fb54dc2), TOBN(0x1f3e391b, 0x25963649), + TOBN(0x242ec32a, 0xfe055081), TOBN(0x5bd450ef, 0x8491c9bd), + TOBN(0x367efc67, 0x981eb389), TOBN(0xed7e1928, 0x3a0550d5), + TOBN(0x362e776b, 0xab3ce75c), TOBN(0xe890e308, 0x1f24c523), + TOBN(0xb961b682, 0xfeccef76), TOBN(0x8b8e11f5, 0x8bba6d92), + TOBN(0x8f2ccc4c, 0x2b2375c4), TOBN(0x0d7f7a52, 0xe2f86cfa), + TOBN(0xfd94d30a, 0x9efe5633), TOBN(0x2d8d246b, 0x5451f934), + TOBN(0x2234c6e3, 0x244e6a00), TOBN(0xde2b5b0d, 0xddec8c50), + TOBN(0x2ce53c5a, 0xbf776f5b), TOBN(0x6f724071, 0x60357b05), + TOBN(0xb2593717, 0x71bf3f7a), TOBN(0x87d2501c, 0x440c4a9f), + TOBN(0x440552e1, 0x87b05340), TOBN(0xb7bf7cc8, 0x21624c32), + TOBN(0x4155a6ce, 0x22facddb), TOBN(0x5a4228cb, 0x889837ef), + TOBN(0xef87d6d6, 0xfd4fd671), TOBN(0xa233687e, 0xc2daa10e), + TOBN(0x75622244, 0x03c0eb96), TOBN(0x7632d184, 0x8bf19be6), + TOBN(0x05d0f8e9, 0x40735ff4), TOBN(0x3a3e6e13, 0xc00931f1), + TOBN(0x31ccde6a, 0xdafe3f18), TOBN(0xf381366a, 0xcfe51207), + TOBN(0x24c222a9, 0x60167d92), TOBN(0x62f9d6f8, 0x7529f18c), + TOBN(0x412397c0, 0x0353b114), TOBN(0x334d89dc, 0xef808043), + TOBN(0xd9ec63ba, 0x2a4383ce), TOBN(0xcec8e937, 0x5cf92ba0), + TOBN(0xfb8b4288, 0xc8be74c0), TOBN(0x67d6912f, 0x105d4391), + TOBN(0x7b996c46, 0x1b913149), TOBN(0x36aae2ef, 0x3a4e02da), + TOBN(0xb68aa003, 0x972de594), TOBN(0x284ec70d, 0x4ec6d545), + TOBN(0xf3d2b2d0, 0x61391d54), TOBN(0x69c5d5d6, 0xfe114e92), + TOBN(0xbe0f00b5, 0xb4482dff), TOBN(0xe1596fa5, 0xf5bf33c5), + TOBN(0x10595b56, 0x96a71cba), TOBN(0x944938b2, 0xfdcadeb7), + TOBN(0xa282da4c, 0xfccd8471), TOBN(0x98ec05f3, 0x0d37bfe1), + TOBN(0xe171ce1b, 0x0698304a), TOBN(0x2d691444, 0x21bdf79b), + TOBN(0xd0cd3b74, 0x1b21dec1), TOBN(0x712ecd8b, 0x16a15f71), + TOBN(0x8d4c00a7, 0x00fd56e1), TOBN(0x02ec9692, 0xf9527c18), + TOBN(0x21c44937, 0x4a3e42e1), TOBN(0x9176fbab, 0x1392ae0a), + TOBN(0x8726f1ba, 0x44b7b618), TOBN(0xb4d7aae9, 0xf1de491c), + TOBN(0xf91df7b9, 0x07b582c0), TOBN(0x7e116c30, 0xef60aa3a), + TOBN(0x99270f81, 0x466265d7), TOBN(0xb15b6fe2, 0x4df7adf0), + TOBN(0xfe33b2d3, 0xf9738f7f), TOBN(0x48553ab9, 0xd6d70f95), + TOBN(0x2cc72ac8, 0xc21e94db), TOBN(0x795ac38d, 0xbdc0bbee), + TOBN(0x0a1be449, 0x2e40478f), TOBN(0x81bd3394, 0x052bde55), + TOBN(0x63c8dbe9, 0x56b3c4f2), TOBN(0x017a99cf, 0x904177cc), + TOBN(0x947bbddb, 0x4d010fc1), TOBN(0xacf9b00b, 0xbb2c9b21), + TOBN(0x2970bc8d, 0x47173611), TOBN(0x1a4cbe08, 0xac7d756f), + TOBN(0x06d9f4aa, 0x67d541a2), TOBN(0xa3e8b689, 0x59c2cf44), + TOBN(0xaad066da, 0x4d88f1dd), TOBN(0xc604f165, 0x7ad35dea), + TOBN(0x7edc0720, 0x4478ca67), TOBN(0xa10dfae0, 0xba02ce06), + TOBN(0xeceb1c76, 0xaf36f4e4), TOBN(0x994b2292, 0xaf3f8f48), + TOBN(0xbf9ed77b, 0x77c8a68c), TOBN(0x74f544ea, 0x51744c9d), + TOBN(0x82d05bb9, 0x8113a757), TOBN(0x4ef2d2b4, 0x8a9885e4), + TOBN(0x1e332be5, 0x1aa7865f), TOBN(0x22b76b18, 0x290d1a52), + TOBN(0x308a2310, 0x44351683), TOBN(0x9d861896, 0xa3f22840), + TOBN(0x5959ddcd, 0x841ed947), TOBN(0x0def0c94, 0x154b73bf), + TOBN(0xf0105417, 0x4c7c15e0), TOBN(0x539bfb02, 0x3a277c32), + TOBN(0xe699268e, 0xf9dccf5f), TOBN(0x9f5796a5, 0x0247a3bd), + TOBN(0x8b839de8, 0x4f157269), TOBN(0xc825c1e5, 0x7a30196b), + TOBN(0x6ef0aabc, 0xdc8a5a91), TOBN(0xf4a8ce6c, 0x498b7fe6), + TOBN(0x1cce35a7, 0x70cbac78), TOBN(0x83488e9b, 0xf6b23958), + TOBN(0x0341a070, 0xd76cb011), TOBN(0xda6c9d06, 0xae1b2658), + TOBN(0xb701fb30, 0xdd648c52), TOBN(0x994ca02c, 0x52fb9fd1), + TOBN(0x06933117, 0x6f563086), TOBN(0x3d2b8100, 0x17856bab), + TOBN(0xe89f48c8, 0x5963a46e), TOBN(0x658ab875, 0xa99e61c7), + TOBN(0x6e296f87, 0x4b8517b4), TOBN(0x36c4fcdc, 0xfc1bc656), + TOBN(0xde5227a1, 0xa3906def), TOBN(0x9fe95f57, 0x62418945), + TOBN(0x20c91e81, 0xfdd96cde), TOBN(0x5adbe47e, 0xda4480de), + TOBN(0xa009370f, 0x396de2b6), TOBN(0x98583d4b, 0xf0ecc7bd), + TOBN(0xf44f6b57, 0xe51d0672), TOBN(0x03d6b078, 0x556b1984), + TOBN(0x27dbdd93, 0xb0b64912), TOBN(0x9b3a3434, 0x15687b09), + TOBN(0x0dba6461, 0x51ec20a9), TOBN(0xec93db7f, 0xff28187c), + TOBN(0x00ff8c24, 0x66e48bdd), TOBN(0x2514f2f9, 0x11ccd78e), + TOBN(0xeba11f4f, 0xe1250603), TOBN(0x8a22cd41, 0x243fa156), + TOBN(0xa4e58df4, 0xb283e4c6), TOBN(0x78c29859, 0x8b39783f), + TOBN(0x5235aee2, 0xa5259809), TOBN(0xc16284b5, 0x0e0227dd), + TOBN(0xa5f57916, 0x1338830d), TOBN(0x6d4b8a6b, 0xd2123fca), + TOBN(0x236ea68a, 0xf9c546f8), TOBN(0xc1d36873, 0xfa608d36), + TOBN(0xcd76e495, 0x8d436d13), TOBN(0xd4d9c221, 0x8fb080af), + TOBN(0x665c1728, 0xe8ad3fb5), TOBN(0xcf1ebe4d, 0xb3d572e0), + TOBN(0xa7a8746a, 0x584c5e20), TOBN(0x267e4ea1, 0xb9dc7035), + TOBN(0x593a15cf, 0xb9548c9b), TOBN(0x5e6e2135, 0x4bd012f3), + TOBN(0xdf31cc6a, 0x8c8f936e), TOBN(0x8af84d04, 0xb5c241dc), + TOBN(0x63990a6f, 0x345efb86), TOBN(0x6fef4e61, 0xb9b962cb)}, + {TOBN(0xf6368f09, 0x25722608), TOBN(0x131260db, 0x131cf5c6), + TOBN(0x40eb353b, 0xfab4f7ac), TOBN(0x85c78880, 0x37eee829), + TOBN(0x4c1581ff, 0xc3bdf24e), TOBN(0x5bff75cb, 0xf5c3c5a8), + TOBN(0x35e8c83f, 0xa14e6f40), TOBN(0xb81d1c0f, 0x0295e0ca), + TOBN(0xfcde7cc8, 0xf43a730f), TOBN(0xe89b6f3c, 0x33ab590e), + TOBN(0xc823f529, 0xad03240b), TOBN(0x82b79afe, 0x98bea5db), + TOBN(0x568f2856, 0x962fe5de), TOBN(0x0c590adb, 0x60c591f3), + TOBN(0x1fc74a14, 0x4a28a858), TOBN(0x3b662498, 0xb3203f4c), + TOBN(0x91e3cf0d, 0x6c39765a), TOBN(0xa2db3acd, 0xac3cca0b), + TOBN(0x288f2f08, 0xcb953b50), TOBN(0x2414582c, 0xcf43cf1a), + TOBN(0x8dec8bbc, 0x60eee9a8), TOBN(0x54c79f02, 0x729aa042), + TOBN(0xd81cd5ec, 0x6532f5d5), TOBN(0xa672303a, 0xcf82e15f), + TOBN(0x376aafa8, 0x719c0563), TOBN(0xcd8ad2dc, 0xbc5fc79f), + TOBN(0x303fdb9f, 0xcb750cd3), TOBN(0x14ff052f, 0x4418b08e), + TOBN(0xf75084cf, 0x3e2d6520), TOBN(0x7ebdf0f8, 0x144ed509), + TOBN(0xf43bf0f2, 0xd3f25b98), TOBN(0x86ad71cf, 0xa354d837), + TOBN(0xb827fe92, 0x26f43572), TOBN(0xdfd3ab5b, 0x5d824758), + TOBN(0x315dd23a, 0x539094c1), TOBN(0x85c0e37a, 0x66623d68), + TOBN(0x575c7972, 0x7be19ae0), TOBN(0x616a3396, 0xdf0d36b5), + TOBN(0xa1ebb3c8, 0x26b1ff7e), TOBN(0x635b9485, 0x140ad453), + TOBN(0x92bf3cda, 0xda430c0b), TOBN(0x4702850e, 0x3a96dac6), + TOBN(0xc91cf0a5, 0x15ac326a), TOBN(0x95de4f49, 0xab8c25e4), + TOBN(0xb01bad09, 0xe265c17c), TOBN(0x24e45464, 0x087b3881), + TOBN(0xd43e583c, 0xe1fac5ca), TOBN(0xe17cb318, 0x6ead97a6), + TOBN(0x6cc39243, 0x74dcec46), TOBN(0x33cfc02d, 0x54c2b73f), + TOBN(0x82917844, 0xf26cd99c), TOBN(0x8819dd95, 0xd1773f89), + TOBN(0x09572aa6, 0x0871f427), TOBN(0x8e0cf365, 0xf6f01c34), + TOBN(0x7fa52988, 0xbff1f5af), TOBN(0x4eb357ea, 0xe75e8e50), + TOBN(0xd9d0c8c4, 0x868af75d), TOBN(0xd7325cff, 0x45c8c7ea), + TOBN(0xab471996, 0xcc81ecb0), TOBN(0xff5d55f3, 0x611824ed), + TOBN(0xbe314541, 0x1977a0ee), TOBN(0x5085c4c5, 0x722038c6), + TOBN(0x2d5335bf, 0xf94bb495), TOBN(0x894ad8a6, 0xc8e2a082), + TOBN(0x5c3e2341, 0xada35438), TOBN(0xf4a9fc89, 0x049b8c4e), + TOBN(0xbeeb355a, 0x9f17cf34), TOBN(0x3f311e0e, 0x6c91fe10), + TOBN(0xc2d20038, 0x92ab9891), TOBN(0x257bdcc1, 0x3e8ce9a9), + TOBN(0x1b2d9789, 0x88c53bee), TOBN(0x927ce89a, 0xcdba143a), + TOBN(0xb0a32cca, 0x523db280), TOBN(0x5c889f8a, 0x50d43783), + TOBN(0x503e04b3, 0x4897d16f), TOBN(0x8cdb6e78, 0x08f5f2e8), + TOBN(0x6ab91cf0, 0x179c8e74), TOBN(0xd8874e52, 0x48211d60), + TOBN(0xf948d4d5, 0xea851200), TOBN(0x4076d41e, 0xe6f9840a), + TOBN(0xc20e263c, 0x47b517ea), TOBN(0x79a448fd, 0x30685e5e), + TOBN(0xe55f6f78, 0xf90631a0), TOBN(0x88a790b1, 0xa79e6346), + TOBN(0x62160c7d, 0x80969fe8), TOBN(0x54f92fd4, 0x41491bb9), + TOBN(0xa6645c23, 0x5c957526), TOBN(0xf44cc5ae, 0xbea3ce7b), + TOBN(0xf7628327, 0x8b1e68b7), TOBN(0xc731ad7a, 0x303f29d3), + TOBN(0xfe5a9ca9, 0x57d03ecb), TOBN(0x96c0d50c, 0x41bc97a7), + TOBN(0xc4669fe7, 0x9b4f7f24), TOBN(0xfdd781d8, 0x3d9967ef), + TOBN(0x7892c7c3, 0x5d2c208d), TOBN(0x8bf64f7c, 0xae545cb3), + TOBN(0xc01f862c, 0x467be912), TOBN(0xf4c85ee9, 0xc73d30cc), + TOBN(0x1fa6f4be, 0x6ab83ec7), TOBN(0xa07a3c1c, 0x4e3e3cf9), + TOBN(0x87f8ef45, 0x0c00beb3), TOBN(0x30e2c2b3, 0x000d4c3e), + TOBN(0x1aa00b94, 0xfe08bf5b), TOBN(0x32c133aa, 0x9224ef52), + TOBN(0x38df16bb, 0x32e5685d), TOBN(0x68a9e069, 0x58e6f544), + TOBN(0x495aaff7, 0xcdc5ebc6), TOBN(0xf894a645, 0x378b135f), + TOBN(0xf316350a, 0x09e27ecf), TOBN(0xeced201e, 0x58f7179d), + TOBN(0x2eec273c, 0xe97861ba), TOBN(0x47ec2cae, 0xd693be2e), + TOBN(0xfa4c97c4, 0xf68367ce), TOBN(0xe4f47d0b, 0xbe5a5755), + TOBN(0x17de815d, 0xb298a979), TOBN(0xd7eca659, 0xc177dc7d), + TOBN(0x20fdbb71, 0x49ded0a3), TOBN(0x4cb2aad4, 0xfb34d3c5), + TOBN(0x2cf31d28, 0x60858a33), TOBN(0x3b6873ef, 0xa24aa40f), + TOBN(0x540234b2, 0x2c11bb37), TOBN(0x2d0366dd, 0xed4c74a3), + TOBN(0xf9a968da, 0xeec5f25d), TOBN(0x36601068, 0x67b63142), + TOBN(0x07cd6d2c, 0x68d7b6d4), TOBN(0xa8f74f09, 0x0c842942), + TOBN(0xe2751404, 0x7768b1ee), TOBN(0x4b5f7e89, 0xfe62aee4), + TOBN(0xc6a77177, 0x89070d26), TOBN(0xa1f28e4e, 0xdd1c8bc7), + TOBN(0xea5f4f06, 0x469e1f17), TOBN(0x78fc242a, 0xfbdb78e0), + TOBN(0xc9c7c592, 0x8b0588f1), TOBN(0xb6b7a0fd, 0x1535921e), + TOBN(0xcc5bdb91, 0xbde5ae35), TOBN(0xb42c485e, 0x12ff1864), + TOBN(0xa1113e13, 0xdbab98aa), TOBN(0xde9d469b, 0xa17b1024), + TOBN(0x23f48b37, 0xc0462d3a), TOBN(0x3752e537, 0x7c5c078d), + TOBN(0xe3a86add, 0x15544eb9), TOBN(0xf013aea7, 0x80fba279), + TOBN(0x8b5bb76c, 0xf22001b5), TOBN(0xe617ba14, 0xf02891ab), + TOBN(0xd39182a6, 0x936219d3), TOBN(0x5ce1f194, 0xae51cb19), + TOBN(0xc78f8598, 0xbf07a74c), TOBN(0x6d7158f2, 0x22cbf1bc), + TOBN(0x3b846b21, 0xe300ce18), TOBN(0x35fba630, 0x2d11275d), + TOBN(0x5fe25c36, 0xa0239b9b), TOBN(0xd8beb35d, 0xdf05d940), + TOBN(0x4db02bb0, 0x1f7e320d), TOBN(0x0641c364, 0x6da320ea), + TOBN(0x6d95fa5d, 0x821389a3), TOBN(0x92699748, 0x8fcd8e3d), + TOBN(0x316fef17, 0xceb6c143), TOBN(0x67fcb841, 0xd933762b), + TOBN(0xbb837e35, 0x118b17f8), TOBN(0x4b92552f, 0x9fd24821), + TOBN(0xae6bc70e, 0x46aca793), TOBN(0x1cf0b0e4, 0xe579311b), + TOBN(0x8dc631be, 0x5802f716), TOBN(0x099bdc6f, 0xbddbee4d), + TOBN(0xcc352bb2, 0x0caf8b05), TOBN(0xf74d505a, 0x72d63df2), + TOBN(0xb9876d4b, 0x91c4f408), TOBN(0x1ce18473, 0x9e229b2d), + TOBN(0x49507597, 0x83abdb4a), TOBN(0x850fbcb6, 0xdee84b18), + TOBN(0x6325236e, 0x609e67dc), TOBN(0x04d831d9, 0x9336c6d8), + TOBN(0x8deaae3b, 0xfa12d45d), TOBN(0xe425f8ce, 0x4746e246), + TOBN(0x8004c175, 0x24f5f31e), TOBN(0xaca16d8f, 0xad62c3b7), + TOBN(0x0dc15a6a, 0x9152f934), TOBN(0xf1235e5d, 0xed0e12c1), + TOBN(0xc33c06ec, 0xda477dac), TOBN(0x76be8732, 0xb2ea0006), + TOBN(0xcf3f7831, 0x0c0cd313), TOBN(0x3c524553, 0xa614260d), + TOBN(0x31a756f8, 0xcab22d15), TOBN(0x03ee10d1, 0x77827a20), + TOBN(0xd1e059b2, 0x1994ef20), TOBN(0x2a653b69, 0x638ae318), + TOBN(0x70d5eb58, 0x2f699010), TOBN(0x279739f7, 0x09f5f84a), + TOBN(0x5da4663c, 0x8b799336), TOBN(0xfdfdf14d, 0x203c37eb), + TOBN(0x32d8a9dc, 0xa1dbfb2d), TOBN(0xab40cff0, 0x77d48f9b), + TOBN(0xc018b383, 0xd20b42d5), TOBN(0xf9a810ef, 0x9f78845f), + TOBN(0x40af3753, 0xbdba9df0), TOBN(0xb90bdcfc, 0x131dfdf9), + TOBN(0x18720591, 0xf01ab782), TOBN(0xc823f211, 0x6af12a88), + TOBN(0xa51b80f3, 0x0dc14401), TOBN(0xde248f77, 0xfb2dfbe3), + TOBN(0xef5a44e5, 0x0cafe751), TOBN(0x73997c9c, 0xd4dcd221), + TOBN(0x32fd86d1, 0xde854024), TOBN(0xd5b53adc, 0xa09b84bb), + TOBN(0x008d7a11, 0xdcedd8d1), TOBN(0x406bd1c8, 0x74b32c84), + TOBN(0x5d4472ff, 0x05dde8b1), TOBN(0x2e25f2cd, 0xfce2b32f), + TOBN(0xbec0dd5e, 0x29dfc254), TOBN(0x4455fcf6, 0x2b98b267), + TOBN(0x0b4d43a5, 0xc72df2ad), TOBN(0xea70e6be, 0x48a75397), + TOBN(0x2aad6169, 0x5820f3bf), TOBN(0xf410d2dd, 0x9e37f68f), + TOBN(0x70fb7dba, 0x7be5ac83), TOBN(0x636bb645, 0x36ec3eec), + TOBN(0x27104ea3, 0x9754e21c), TOBN(0xbc87a3e6, 0x8d63c373), + TOBN(0x483351d7, 0x4109db9a), TOBN(0x0fa724e3, 0x60134da7), + TOBN(0x9ff44c29, 0xb0720b16), TOBN(0x2dd0cf13, 0x06aceead), + TOBN(0x5942758c, 0xe26929a6), TOBN(0x96c5db92, 0xb766a92b), + TOBN(0xcec7d4c0, 0x5f18395e), TOBN(0xd3f22744, 0x1f80d032), + TOBN(0x7a68b37a, 0xcb86075b), TOBN(0x074764dd, 0xafef92db), + TOBN(0xded1e950, 0x7bc7f389), TOBN(0xc580c850, 0xb9756460), + TOBN(0xaeeec2a4, 0x7da48157), TOBN(0x3f0b4e7f, 0x82c587b3), + TOBN(0x231c6de8, 0xa9f19c53), TOBN(0x5717bd73, 0x6974e34e), + TOBN(0xd9e1d216, 0xf1508fa9), TOBN(0x9f112361, 0xdadaa124), + TOBN(0x80145e31, 0x823b7348), TOBN(0x4dd8f0d5, 0xac634069), + TOBN(0xe3d82fc7, 0x2297c258), TOBN(0x276fcfee, 0x9cee7431), + TOBN(0x8eb61b5e, 0x2bc0aea9), TOBN(0x4f668fd5, 0xde329431), + TOBN(0x03a32ab1, 0x38e4b87e), TOBN(0xe1374517, 0x73d0ef0b), + TOBN(0x1a46f7e6, 0x853ac983), TOBN(0xc3bdf42e, 0x68e78a57), + TOBN(0xacf20785, 0x2ea96dd1), TOBN(0xa10649b9, 0xf1638460), + TOBN(0xf2369f0b, 0x879fbbed), TOBN(0x0ff0ae86, 0xda9d1869), + TOBN(0x5251d759, 0x56766f45), TOBN(0x4984d8c0, 0x2be8d0fc), + TOBN(0x7ecc95a6, 0xd21008f0), TOBN(0x29bd54a0, 0x3a1a1c49), + TOBN(0xab9828c5, 0xd26c50f3), TOBN(0x32c0087c, 0x51d0d251), + TOBN(0x9bac3ce6, 0x0c1cdb26), TOBN(0xcd94d947, 0x557ca205), + TOBN(0x1b1bd598, 0x9db1fdcd), TOBN(0x0eda0108, 0xa3d8b149), + TOBN(0x95066610, 0x56152fcc), TOBN(0xc2f037e6, 0xe7192b33), + TOBN(0xdeffb41a, 0xc92e05a4), TOBN(0x1105f6c2, 0xc2f6c62e), + TOBN(0x68e73500, 0x8733913c), TOBN(0xcce86163, 0x3f3adc40), + TOBN(0xf407a942, 0x38a278e9), TOBN(0xd13c1b9d, 0x2ab21292), + TOBN(0x93ed7ec7, 0x1c74cf5c), TOBN(0x8887dc48, 0xf1a4c1b4), + TOBN(0x3830ff30, 0x4b3a11f1), TOBN(0x358c5a3c, 0x58937cb6), + TOBN(0x027dc404, 0x89022829), TOBN(0x40e93977, 0x3b798f79), + TOBN(0x90ad3337, 0x38be6ead), TOBN(0x9c23f6bc, 0xf34c0a5d), + TOBN(0xd1711a35, 0xfbffd8bb), TOBN(0x60fcfb49, 0x1949d3dd), + TOBN(0x09c8ef4b, 0x7825d93a), TOBN(0x24233cff, 0xa0a8c968), + TOBN(0x67ade46c, 0xe6d982af), TOBN(0xebb6bf3e, 0xe7544d7c), + TOBN(0xd6b9ba76, 0x3d8bd087), TOBN(0x46fe382d, 0x4dc61280), + TOBN(0xbd39a7e8, 0xb5bdbd75), TOBN(0xab381331, 0xb8f228fe), + TOBN(0x0709a77c, 0xce1c4300), TOBN(0x6a247e56, 0xf337ceac), + TOBN(0x8f34f21b, 0x636288be), TOBN(0x9dfdca74, 0xc8a7c305), + TOBN(0x6decfd1b, 0xea919e04), TOBN(0xcdf2688d, 0x8e1991f8), + TOBN(0xe607df44, 0xd0f8a67e), TOBN(0xd985df4b, 0x0b58d010), + TOBN(0x57f834c5, 0x0c24f8f4), TOBN(0xe976ef56, 0xa0bf01ae), + TOBN(0x536395ac, 0xa1c32373), TOBN(0x351027aa, 0x734c0a13), + TOBN(0xd2f1b5d6, 0x5e6bd5bc), TOBN(0x2b539e24, 0x223debed), + TOBN(0xd4994cec, 0x0eaa1d71), TOBN(0x2a83381d, 0x661dcf65), + TOBN(0x5f1aed2f, 0x7b54c740), TOBN(0x0bea3fa5, 0xd6dda5ee), + TOBN(0x9d4fb684, 0x36cc6134), TOBN(0x8eb9bbf3, 0xc0a443dd), + TOBN(0xfc500e2e, 0x383b7d2a), TOBN(0x7aad621c, 0x5b775257), + TOBN(0x69284d74, 0x0a8f7cc0), TOBN(0xe820c2ce, 0x07562d65), + TOBN(0xbf9531b9, 0x499758ee), TOBN(0x73e95ca5, 0x6ee0cc2d), + TOBN(0xf61790ab, 0xfbaf50a5), TOBN(0xdf55e76b, 0x684e0750), + TOBN(0xec516da7, 0xf176b005), TOBN(0x575553bb, 0x7a2dddc7), + TOBN(0x37c87ca3, 0x553afa73), TOBN(0x315f3ffc, 0x4d55c251), + TOBN(0xe846442a, 0xaf3e5d35), TOBN(0x61b91149, 0x6495ff28), + TOBN(0x23cc95d3, 0xfa326dc3), TOBN(0x1df4da1f, 0x18fc2cea), + TOBN(0x24bf9adc, 0xd0a37d59), TOBN(0xb6710053, 0x320d6e1e), + TOBN(0x96f9667e, 0x618344d1), TOBN(0xcc7ce042, 0xa06445af), + TOBN(0xa02d8514, 0xd68dbc3a), TOBN(0x4ea109e4, 0x280b5a5b), + TOBN(0x5741a7ac, 0xb40961bf), TOBN(0x4ada5937, 0x6aa56bfa), + TOBN(0x7feb9145, 0x02b765d1), TOBN(0x561e97be, 0xe6ad1582), + TOBN(0xbbc4a5b6, 0xda3982f5), TOBN(0x0c2659ed, 0xb546f468), + TOBN(0xb8e7e6aa, 0x59612d20), TOBN(0xd83dfe20, 0xac19e8e0), + TOBN(0x8530c45f, 0xb835398c), TOBN(0x6106a8bf, 0xb38a41c2), + TOBN(0x21e8f9a6, 0x35f5dcdb), TOBN(0x39707137, 0xcae498ed), + TOBN(0x70c23834, 0xd8249f00), TOBN(0x9f14b58f, 0xab2537a0), + TOBN(0xd043c365, 0x5f61c0c2), TOBN(0xdc5926d6, 0x09a194a7), + TOBN(0xddec0339, 0x8e77738a), TOBN(0xd07a63ef, 0xfba46426), + TOBN(0x2e58e79c, 0xee7f6e86), TOBN(0xe59b0459, 0xff32d241), + TOBN(0xc5ec84e5, 0x20fa0338), TOBN(0x97939ac8, 0xeaff5ace), + TOBN(0x0310a4e3, 0xb4a38313), TOBN(0x9115fba2, 0x8f9d9885), + TOBN(0x8dd710c2, 0x5fadf8c3), TOBN(0x66be38a2, 0xce19c0e2), + TOBN(0xd42a279c, 0x4cfe5022), TOBN(0x597bb530, 0x0e24e1b8), + TOBN(0x3cde86b7, 0xc153ca7f), TOBN(0xa8d30fb3, 0x707d63bd), + TOBN(0xac905f92, 0xbd60d21e), TOBN(0x98e7ffb6, 0x7b9a54ab), + TOBN(0xd7147df8, 0xe9726a30), TOBN(0xb5e216ff, 0xafce3533), + TOBN(0xb550b799, 0x2ff1ec40), TOBN(0x6b613b87, 0xa1e953fd), + TOBN(0x87b88dba, 0x792d5610), TOBN(0x2ee1270a, 0xa190fbe1), + TOBN(0x02f4e2dc, 0x2ef581da), TOBN(0x016530e4, 0xeff82a95), + TOBN(0xcbb93dfd, 0x8fd6ee89), TOBN(0x16d3d986, 0x46848fff), + TOBN(0x600eff24, 0x1da47adf), TOBN(0x1b9754a0, 0x0ad47a71), + TOBN(0x8f9266df, 0x70c33b98), TOBN(0xaadc87ae, 0xdf34186e), + TOBN(0x0d2ce8e1, 0x4ad24132), TOBN(0x8a47cbfc, 0x19946eba), + TOBN(0x47feeb66, 0x62b5f3af), TOBN(0xcefab561, 0x0abb3734), + TOBN(0x449de60e, 0x19f35cb1), TOBN(0x39f8db14, 0x157f0eb9), + TOBN(0xffaecc5b, 0x3c61bfd6), TOBN(0xa5a4d41d, 0x41216703), + TOBN(0x7f8fabed, 0x224e1cc2), TOBN(0x0d5a8186, 0x871ad953), + TOBN(0xf10774f7, 0xd22da9a9), TOBN(0x45b8a678, 0xcc8a9b0d), + TOBN(0xd9c2e722, 0xbdc32cff), TOBN(0xbf71b5f5, 0x337202a5), + TOBN(0x95c57f2f, 0x69fc4db9), TOBN(0xb6dad34c, 0x765d01e1), + TOBN(0x7e0bd13f, 0xcb904635), TOBN(0x61751253, 0x763a588c), + TOBN(0xd85c2997, 0x81af2c2d), TOBN(0xc0f7d9c4, 0x81b9d7da), + TOBN(0x838a34ae, 0x08533e8d), TOBN(0x15c4cb08, 0x311d8311), + TOBN(0x97f83285, 0x8e121e14), TOBN(0xeea7dc1e, 0x85000a5f), + TOBN(0x0c6059b6, 0x5d256274), TOBN(0xec9beace, 0xb95075c0), + TOBN(0x173daad7, 0x1df97828), TOBN(0xbf851cb5, 0xa8937877), + TOBN(0xb083c594, 0x01646f3c), TOBN(0x3bad30cf, 0x50c6d352), + TOBN(0xfeb2b202, 0x496bbcea), TOBN(0x3cf9fd4f, 0x18a1e8ba), + TOBN(0xd26de7ff, 0x1c066029), TOBN(0x39c81e9e, 0x4e9ed4f8), + TOBN(0xd8be0cb9, 0x7b390d35), TOBN(0x01df2bbd, 0x964aab27), + TOBN(0x3e8c1a65, 0xc3ef64f8), TOBN(0x567291d1, 0x716ed1dd), + TOBN(0x95499c6c, 0x5f5406d3), TOBN(0x71fdda39, 0x5ba8e23f), + TOBN(0xcfeb320e, 0xd5096ece), TOBN(0xbe7ba92b, 0xca66dd16), + TOBN(0x4608d36b, 0xc6fb5a7d), TOBN(0xe3eea15a, 0x6d2dd0e0), + TOBN(0x75b0a3eb, 0x8f97a36a), TOBN(0xf59814cc, 0x1c83de1e), + TOBN(0x56c9c5b0, 0x1c33c23f), TOBN(0xa96c1da4, 0x6faa4136), + TOBN(0x46bf2074, 0xde316551), TOBN(0x3b866e7b, 0x1f756c8f), + TOBN(0x727727d8, 0x1495ed6b), TOBN(0xb2394243, 0xb682dce7), + TOBN(0x8ab8454e, 0x758610f3), TOBN(0xc243ce84, 0x857d72a4), + TOBN(0x7b320d71, 0xdbbf370f), TOBN(0xff9afa37, 0x78e0f7ca), + TOBN(0x0119d1e0, 0xea7b523f), TOBN(0xb997f8cb, 0x058c7d42), + TOBN(0x285bcd2a, 0x37bbb184), TOBN(0x51dcec49, 0xa45d1fa6), + TOBN(0x6ade3b64, 0xe29634cb), TOBN(0x080c94a7, 0x26b86ef1), + TOBN(0xba583db1, 0x2283fbe3), TOBN(0x902bddc8, 0x5a9315ed), + TOBN(0x07c1ccb3, 0x86964bec), TOBN(0x78f4eacf, 0xb6258301), + TOBN(0x4bdf3a49, 0x56f90823), TOBN(0xba0f5080, 0x741d777b), + TOBN(0x091d71c3, 0xf38bf760), TOBN(0x9633d50f, 0x9b625b02), + TOBN(0x03ecb743, 0xb8c9de61), TOBN(0xb4751254, 0x5de74720), + TOBN(0x9f9defc9, 0x74ce1cb2), TOBN(0x774a4f6a, 0x00bd32ef), + TOBN(0xaca385f7, 0x73848f22), TOBN(0x53dad716, 0xf3f8558e), + TOBN(0xab7b34b0, 0x93c471f9), TOBN(0xf530e069, 0x19644bc7), + TOBN(0x3d9fb1ff, 0xdd59d31a), TOBN(0x4382e0df, 0x08daa795), + TOBN(0x165c6f4b, 0xd5cc88d7), TOBN(0xeaa392d5, 0x4a18c900), + TOBN(0x94203c67, 0x648024ee), TOBN(0x188763f2, 0x8c2fabcd), + TOBN(0xa80f87ac, 0xbbaec835), TOBN(0x632c96e0, 0xf29d8d54), + TOBN(0x29b0a60e, 0x4c00a95e), TOBN(0x2ef17f40, 0xe011e9fa), + TOBN(0xf6c0e1d1, 0x15b77223), TOBN(0xaaec2c62, 0x14b04e32), + TOBN(0xd35688d8, 0x3d84e58c), TOBN(0x2af5094c, 0x958571db), + TOBN(0x4fff7e19, 0x760682a6), TOBN(0x4cb27077, 0xe39a407c), + TOBN(0x0f59c547, 0x4ff0e321), TOBN(0x169f34a6, 0x1b34c8ff), + TOBN(0x2bff1096, 0x52bc1ba7), TOBN(0xa25423b7, 0x83583544), + TOBN(0x5d55d5d5, 0x0ac8b782), TOBN(0xff6622ec, 0x2db3c892), + TOBN(0x48fce741, 0x6b8bb642), TOBN(0x31d6998c, 0x69d7e3dc), + TOBN(0xdbaf8004, 0xcadcaed0), TOBN(0x801b0142, 0xd81d053c), + TOBN(0x94b189fc, 0x59630ec6), TOBN(0x120e9934, 0xaf762c8e), + TOBN(0x53a29aa4, 0xfdc6a404), TOBN(0x19d8e01e, 0xa1909948), + TOBN(0x3cfcabf1, 0xd7e89681), TOBN(0x3321a50d, 0x4e132d37), + TOBN(0xd0496863, 0xe9a86111), TOBN(0x8c0cde61, 0x06a3bc65), + TOBN(0xaf866c49, 0xfc9f8eef), TOBN(0x2066350e, 0xff7f5141), + TOBN(0x4f8a4689, 0xe56ddfbd), TOBN(0xea1b0c07, 0xfe32983a), + TOBN(0x2b317462, 0x873cb8cb), TOBN(0x658deddc, 0x2d93229f), + TOBN(0x65efaf4d, 0x0f64ef58), TOBN(0xfe43287d, 0x730cc7a8), + TOBN(0xaebc0c72, 0x3d047d70), TOBN(0x92efa539, 0xd92d26c9), + TOBN(0x06e78457, 0x94b56526), TOBN(0x415cb80f, 0x0961002d), + TOBN(0x89e5c565, 0x76dcb10f), TOBN(0x8bbb6982, 0xff9259fe), + TOBN(0x4fe8795b, 0x9abc2668), TOBN(0xb5d4f534, 0x1e678fb1), + TOBN(0x6601f3be, 0x7b7da2b9), TOBN(0x98da59e2, 0xa13d6805), + TOBN(0x190d8ea6, 0x01799a52), TOBN(0xa20cec41, 0xb86d2952), + TOBN(0x3062ffb2, 0x7fff2a7c), TOBN(0x741b32e5, 0x79f19d37), + TOBN(0xf80d8181, 0x4eb57d47), TOBN(0x7a2d0ed4, 0x16aef06b), + TOBN(0x09735fb0, 0x1cecb588), TOBN(0x1641caaa, 0xc6061f5b)}, + {TOBN(0x7f99824f, 0x20151427), TOBN(0x206828b6, 0x92430206), + TOBN(0xaa9097d7, 0xe1112357), TOBN(0xacf9a2f2, 0x09e414ec), + TOBN(0xdbdac9da, 0x27915356), TOBN(0x7e0734b7, 0x001efee3), + TOBN(0x54fab5bb, 0xd2b288e2), TOBN(0x4c630fc4, 0xf62dd09c), + TOBN(0x8537107a, 0x1ac2703b), TOBN(0xb49258d8, 0x6bc857b5), + TOBN(0x57df14de, 0xbcdaccd1), TOBN(0x24ab68d7, 0xc4ae8529), + TOBN(0x7ed8b5d4, 0x734e59d0), TOBN(0x5f8740c8, 0xc495cc80), + TOBN(0x84aedd5a, 0x291db9b3), TOBN(0x80b360f8, 0x4fb995be), + TOBN(0xae915f5d, 0x5fa067d1), TOBN(0x4134b57f, 0x9668960c), + TOBN(0xbd3656d6, 0xa48edaac), TOBN(0xdac1e3e4, 0xfc1d7436), + TOBN(0x674ff869, 0xd81fbb26), TOBN(0x449ed3ec, 0xb26c33d4), + TOBN(0x85138705, 0xd94203e8), TOBN(0xccde538b, 0xbeeb6f4a), + TOBN(0x55d5c68d, 0xa61a76fa), TOBN(0x598b441d, 0xca1554dc), + TOBN(0xd39923b9, 0x773b279c), TOBN(0x33331d3c, 0x36bf9efc), + TOBN(0x2d4c848e, 0x298de399), TOBN(0xcfdb8e77, 0xa1a27f56), + TOBN(0x94c855ea, 0x57b8ab70), TOBN(0xdcdb9dae, 0x6f7879ba), + TOBN(0x7bdff8c2, 0x019f2a59), TOBN(0xb3ce5bb3, 0xcb4fbc74), + TOBN(0xea907f68, 0x8a9173dd), TOBN(0x6cd3d0d3, 0x95a75439), + TOBN(0x92ecc4d6, 0xefed021c), TOBN(0x09a9f9b0, 0x6a77339a), + TOBN(0x87ca6b15, 0x7188c64a), TOBN(0x10c29968, 0x44899158), + TOBN(0x5859a229, 0xed6e82ef), TOBN(0x16f338e3, 0x65ebaf4e), + TOBN(0x0cd31387, 0x5ead67ae), TOBN(0x1c73d228, 0x54ef0bb4), + TOBN(0x4cb55131, 0x74a5c8c7), TOBN(0x01cd2970, 0x7f69ad6a), + TOBN(0xa04d00dd, 0xe966f87e), TOBN(0xd96fe447, 0x0b7b0321), + TOBN(0x342ac06e, 0x88fbd381), TOBN(0x02cd4a84, 0x5c35a493), + TOBN(0xe8fa89de, 0x54f1bbcd), TOBN(0x341d6367, 0x2575ed4c), + TOBN(0xebe357fb, 0xd238202b), TOBN(0x600b4d1a, 0xa984ead9), + TOBN(0xc35c9f44, 0x52436ea0), TOBN(0x96fe0a39, 0xa370751b), + TOBN(0x4c4f0736, 0x7f636a38), TOBN(0x9f943fb7, 0x0e76d5cb), + TOBN(0xb03510ba, 0xa8b68b8b), TOBN(0xc246780a, 0x9ed07a1f), + TOBN(0x3c051415, 0x6d549fc2), TOBN(0xc2953f31, 0x607781ca), + TOBN(0x955e2c69, 0xd8d95413), TOBN(0xb300fadc, 0x7bd282e3), + TOBN(0x81fe7b50, 0x87e9189f), TOBN(0xdb17375c, 0xf42dda27), + TOBN(0x22f7d896, 0xcf0a5904), TOBN(0xa0e57c5a, 0xebe348e6), + TOBN(0xa61011d3, 0xf40e3c80), TOBN(0xb1189321, 0x8db705c5), + TOBN(0x4ed9309e, 0x50fedec3), TOBN(0xdcf14a10, 0x4d6d5c1d), + TOBN(0x056c265b, 0x55691342), TOBN(0xe8e08504, 0x91049dc7), + TOBN(0x131329f5, 0xc9bae20a), TOBN(0x96c8b3e8, 0xd9dccdb4), + TOBN(0x8c5ff838, 0xfb4ee6b4), TOBN(0xfc5a9aeb, 0x41e8ccf0), + TOBN(0x7417b764, 0xfae050c6), TOBN(0x0953c3d7, 0x00452080), + TOBN(0x21372682, 0x38dfe7e8), TOBN(0xea417e15, 0x2bb79d4b), + TOBN(0x59641f1c, 0x76e7cf2d), TOBN(0x271e3059, 0xea0bcfcc), + TOBN(0x624c7dfd, 0x7253ecbd), TOBN(0x2f552e25, 0x4fca6186), + TOBN(0xcbf84ecd, 0x4d866e9c), TOBN(0x73967709, 0xf68d4610), + TOBN(0xa14b1163, 0xc27901b4), TOBN(0xfd9236e0, 0x899b8bf3), + TOBN(0x42b091ec, 0xcbc6da0a), TOBN(0xbb1dac6f, 0x5ad1d297), + TOBN(0x80e61d53, 0xa91cf76e), TOBN(0x4110a412, 0xd31f1ee7), + TOBN(0x2d87c3ba, 0x13efcf77), TOBN(0x1f374bb4, 0xdf450d76), + TOBN(0x5e78e2f2, 0x0d188dab), TOBN(0xe3968ed0, 0xf4b885ef), + TOBN(0x46c0568e, 0x7314570f), TOBN(0x31616338, 0x01170521), + TOBN(0x18e1e7e2, 0x4f0c8afe), TOBN(0x4caa75ff, 0xdeea78da), + TOBN(0x82db67f2, 0x7c5d8a51), TOBN(0x36a44d86, 0x6f505370), + TOBN(0xd72c5bda, 0x0333974f), TOBN(0x5db516ae, 0x27a70146), + TOBN(0x34705281, 0x210ef921), TOBN(0xbff17a8f, 0x0c9c38e5), + TOBN(0x78f4814e, 0x12476da1), TOBN(0xc1e16613, 0x33c16980), + TOBN(0x9e5b386f, 0x424d4bca), TOBN(0x4c274e87, 0xc85740de), + TOBN(0xb6a9b88d, 0x6c2f5226), TOBN(0x14d1b944, 0x550d7ca8), + TOBN(0x580c85fc, 0x1fc41709), TOBN(0xc1da368b, 0x54c6d519), + TOBN(0x2b0785ce, 0xd5113cf7), TOBN(0x0670f633, 0x5a34708f), + TOBN(0x46e23767, 0x15cc3f88), TOBN(0x1b480cfa, 0x50c72c8f), + TOBN(0x20288602, 0x4147519a), TOBN(0xd0981eac, 0x26b372f0), + TOBN(0xa9d4a7ca, 0xa785ebc8), TOBN(0xd953c50d, 0xdbdf58e9), + TOBN(0x9d6361cc, 0xfd590f8f), TOBN(0x72e9626b, 0x44e6c917), + TOBN(0x7fd96110, 0x22eb64cf), TOBN(0x863ebb7e, 0x9eb288f3), + TOBN(0x6e6ab761, 0x6aca8ee7), TOBN(0x97d10b39, 0xd7b40358), + TOBN(0x1687d377, 0x1e5feb0d), TOBN(0xc83e50e4, 0x8265a27a), + TOBN(0x8f75a9fe, 0xc954b313), TOBN(0xcc2e8f47, 0x310d1f61), + TOBN(0xf5ba81c5, 0x6557d0e0), TOBN(0x25f9680c, 0x3eaf6207), + TOBN(0xf95c6609, 0x4354080b), TOBN(0x5225bfa5, 0x7bf2fe1c), + TOBN(0xc5c004e2, 0x5c7d98fa), TOBN(0x3561bf1c, 0x019aaf60), + TOBN(0x5e6f9f17, 0xba151474), TOBN(0xdec2f934, 0xb04f6eca), + TOBN(0x64e368a1, 0x269acb1e), TOBN(0x1332d9e4, 0x0cdda493), + TOBN(0x60d6cf69, 0xdf23de05), TOBN(0x66d17da2, 0x009339a0), + TOBN(0x9fcac985, 0x0a693923), TOBN(0xbcf057fc, 0xed7c6a6d), + TOBN(0xc3c5c8c5, 0xf0b5662c), TOBN(0x25318dd8, 0xdcba4f24), + TOBN(0x60e8cb75, 0x082b69ff), TOBN(0x7c23b3ee, 0x1e728c01), + TOBN(0x15e10a0a, 0x097e4403), TOBN(0xcb3d0a86, 0x19854665), + TOBN(0x88d8e211, 0xd67d4826), TOBN(0xb39af66e, 0x0b9d2839), + TOBN(0xa5f94588, 0xbd475ca8), TOBN(0xe06b7966, 0xc077b80b), + TOBN(0xfedb1485, 0xda27c26c), TOBN(0xd290d33a, 0xfe0fd5e0), + TOBN(0xa40bcc47, 0xf34fb0fa), TOBN(0xb4760cc8, 0x1fb1ab09), + TOBN(0x8fca0993, 0xa273bfe3), TOBN(0x13e4fe07, 0xf70b213c), + TOBN(0x3bcdb992, 0xfdb05163), TOBN(0x8c484b11, 0x0c2b19b6), + TOBN(0x1acb815f, 0xaaf2e3e2), TOBN(0xc6905935, 0xb89ff1b4), + TOBN(0xb2ad6f9d, 0x586e74e1), TOBN(0x488883ad, 0x67b80484), + TOBN(0x758aa2c7, 0x369c3ddb), TOBN(0x8ab74e69, 0x9f9afd31), + TOBN(0x10fc2d28, 0x5e21beb1), TOBN(0x3484518a, 0x318c42f9), + TOBN(0x377427dc, 0x53cf40c3), TOBN(0x9de0781a, 0x391bc1d9), + TOBN(0x8faee858, 0x693807e1), TOBN(0xa3865327, 0x4e81ccc7), + TOBN(0x02c30ff2, 0x6f835b84), TOBN(0xb604437b, 0x0d3d38d4), + TOBN(0xb3fc8a98, 0x5ca1823d), TOBN(0xb82f7ec9, 0x03be0324), + TOBN(0xee36d761, 0xcf684a33), TOBN(0x5a01df0e, 0x9f29bf7d), + TOBN(0x686202f3, 0x1306583d), TOBN(0x05b10da0, 0x437c622e), + TOBN(0xbf9aaa0f, 0x076a7bc8), TOBN(0x25e94efb, 0x8f8f4e43), + TOBN(0x8a35c9b7, 0xfa3dc26d), TOBN(0xe0e5fb93, 0x96ff03c5), + TOBN(0xa77e3843, 0xebc394ce), TOBN(0xcede6595, 0x8361de60), + TOBN(0xd27c22f6, 0xa1993545), TOBN(0xab01cc36, 0x24d671ba), + TOBN(0x63fa2877, 0xa169c28e), TOBN(0x925ef904, 0x2eb08376), + TOBN(0x3b2fa3cf, 0x53aa0b32), TOBN(0xb27beb5b, 0x71c49d7a), + TOBN(0xb60e1834, 0xd105e27f), TOBN(0xd6089788, 0x4f68570d), + TOBN(0x23094ce0, 0xd6fbc2ac), TOBN(0x738037a1, 0x815ff551), + TOBN(0xda73b1bb, 0x6bef119c), TOBN(0xdcf6c430, 0xeef506ba), + TOBN(0x00e4fe7b, 0xe3ef104a), TOBN(0xebdd9a2c, 0x0a065628), + TOBN(0x853a81c3, 0x8792043e), TOBN(0x22ad6ece, 0xb3b59108), + TOBN(0x9fb813c0, 0x39cd297d), TOBN(0x8ec7e16e, 0x05bda5d9), + TOBN(0x2834797c, 0x0d104b96), TOBN(0xcc11a2e7, 0x7c511510), + TOBN(0x96ca5a53, 0x96ee6380), TOBN(0x054c8655, 0xcea38742), + TOBN(0xb5946852, 0xd54dfa7d), TOBN(0x97c422e7, 0x1f4ab207), + TOBN(0xbf907509, 0x0c22b540), TOBN(0x2cde42aa, 0xb7c267d4), + TOBN(0xba18f9ed, 0x5ab0d693), TOBN(0x3ba62aa6, 0x6e4660d9), + TOBN(0xb24bf97b, 0xab9ea96a), TOBN(0x5d039642, 0xe3b60e32), + TOBN(0x4e6a4506, 0x7c4d9bd5), TOBN(0x666c5b9e, 0x7ed4a6a4), + TOBN(0xfa3fdcd9, 0x8edbd7cc), TOBN(0x4660bb87, 0xc6ccd753), + TOBN(0x9ae90820, 0x21e6b64f), TOBN(0x8a56a713, 0xb36bfb3f), + TOBN(0xabfce096, 0x5726d47f), TOBN(0x9eed01b2, 0x0b1a9a7f), + TOBN(0x30e9cad4, 0x4eb74a37), TOBN(0x7b2524cc, 0x53e9666d), + TOBN(0x6a29683b, 0x8f4b002f), TOBN(0xc2200d7a, 0x41f4fc20), + TOBN(0xcf3af47a, 0x3a338acc), TOBN(0x6539a4fb, 0xe7128975), + TOBN(0xcec31c14, 0xc33c7fcf), TOBN(0x7eb6799b, 0xc7be322b), + TOBN(0x119ef4e9, 0x6646f623), TOBN(0x7b7a26a5, 0x54d7299b), + TOBN(0xcb37f08d, 0x403f46f2), TOBN(0x94b8fc43, 0x1a0ec0c7), + TOBN(0xbb8514e3, 0xc332142f), TOBN(0xf3ed2c33, 0xe80d2a7a), + TOBN(0x8d2080af, 0xb639126c), TOBN(0xf7b6be60, 0xe3553ade), + TOBN(0x3950aa9f, 0x1c7e2b09), TOBN(0x847ff958, 0x6410f02b), + TOBN(0x877b7cf5, 0x678a31b0), TOBN(0xd50301ae, 0x3998b620), + TOBN(0x734257c5, 0xc00fb396), TOBN(0xf9fb18a0, 0x04e672a6), + TOBN(0xff8bd8eb, 0xe8758851), TOBN(0x1e64e4c6, 0x5d99ba44), + TOBN(0x4b8eaedf, 0x7dfd93b7), TOBN(0xba2f2a98, 0x04e76b8c), + TOBN(0x7d790cba, 0xe8053433), TOBN(0xc8e725a0, 0x3d2c9585), + TOBN(0x58c5c476, 0xcdd8f5ed), TOBN(0xd106b952, 0xefa9fe1d), + TOBN(0x3c5c775b, 0x0eff13a9), TOBN(0x242442ba, 0xe057b930), + TOBN(0xe9f458d4, 0xc9b70cbd), TOBN(0x69b71448, 0xa3cdb89a), + TOBN(0x41ee46f6, 0x0e2ed742), TOBN(0x573f1045, 0x40067493), + TOBN(0xb1e154ff, 0x9d54c304), TOBN(0x2ad0436a, 0x8d3a7502), + TOBN(0xee4aaa2d, 0x431a8121), TOBN(0xcd38b3ab, 0x886f11ed), + TOBN(0x57d49ea6, 0x034a0eb7), TOBN(0xd2b773bd, 0xf7e85e58), + TOBN(0x4a559ac4, 0x9b5c1f14), TOBN(0xc444be1a, 0x3e54df2b), + TOBN(0x13aad704, 0xeda41891), TOBN(0xcd927bec, 0x5eb5c788), + TOBN(0xeb3c8516, 0xe48c8a34), TOBN(0x1b7ac812, 0x4b546669), + TOBN(0x1815f896, 0x594df8ec), TOBN(0x87c6a79c, 0x79227865), + TOBN(0xae02a2f0, 0x9b56ddbd), TOBN(0x1339b5ac, 0x8a2f1cf3), + TOBN(0xf2b569c7, 0x839dff0d), TOBN(0xb0b9e864, 0xfee9a43d), + TOBN(0x4ff8ca41, 0x77bb064e), TOBN(0x145a2812, 0xfd249f63), + TOBN(0x3ab7beac, 0xf86f689a), TOBN(0x9bafec27, 0x01d35f5e), + TOBN(0x28054c65, 0x4265aa91), TOBN(0xa4b18304, 0x035efe42), + TOBN(0x6887b0e6, 0x9639dec7), TOBN(0xf4b8f6ad, 0x3d52aea5), + TOBN(0xfb9293cc, 0x971a8a13), TOBN(0x3f159e5d, 0x4c934d07), + TOBN(0x2c50e9b1, 0x09acbc29), TOBN(0x08eb65e6, 0x7154d129), + TOBN(0x4feff589, 0x30b75c3e), TOBN(0x0bb82fe2, 0x94491c93), + TOBN(0xd8ac377a, 0x89af62bb), TOBN(0xd7b51490, 0x9685e49f), + TOBN(0xabca9a7b, 0x04497f19), TOBN(0x1b35ed0a, 0x1a7ad13f), + TOBN(0x6b601e21, 0x3ec86ed6), TOBN(0xda91fcb9, 0xce0c76f1), + TOBN(0x9e28507b, 0xd7ab27e1), TOBN(0x7c19a555, 0x63945b7b), + TOBN(0x6b43f0a1, 0xaafc9827), TOBN(0x443b4fbd, 0x3aa55b91), + TOBN(0x962b2e65, 0x6962c88f), TOBN(0x139da8d4, 0xce0db0ca), + TOBN(0xb93f05dd, 0x1b8d6c4f), TOBN(0x779cdff7, 0x180b9824), + TOBN(0xbba23fdd, 0xae57c7b7), TOBN(0x345342f2, 0x1b932522), + TOBN(0xfd9c80fe, 0x556d4aa3), TOBN(0xa03907ba, 0x6525bb61), + TOBN(0x38b010e1, 0xff218933), TOBN(0xc066b654, 0xaa52117b), + TOBN(0x8e141920, 0x94f2e6ea), TOBN(0x66a27dca, 0x0d32f2b2), + TOBN(0x69c7f993, 0x048b3717), TOBN(0xbf5a989a, 0xb178ae1c), + TOBN(0x49fa9058, 0x564f1d6b), TOBN(0x27ec6e15, 0xd31fde4e), + TOBN(0x4cce0373, 0x7276e7fc), TOBN(0x64086d79, 0x89d6bf02), + TOBN(0x5a72f046, 0x4ccdd979), TOBN(0x909c3566, 0x47775631), + TOBN(0x1c07bc6b, 0x75dd7125), TOBN(0xb4c6bc97, 0x87a0428d), + TOBN(0x507ece52, 0xfdeb6b9d), TOBN(0xfca56512, 0xb2c95432), + TOBN(0x15d97181, 0xd0e8bd06), TOBN(0x384dd317, 0xc6bb46ea), + TOBN(0x5441ea20, 0x3952b624), TOBN(0xbcf70dee, 0x4e7dc2fb), + TOBN(0x372b016e, 0x6628e8c3), TOBN(0x07a0d667, 0xb60a7522), + TOBN(0xcf05751b, 0x0a344ee2), TOBN(0x0ec09a48, 0x118bdeec), + TOBN(0x6e4b3d4e, 0xd83dce46), TOBN(0x43a6316d, 0x99d2fc6e), + TOBN(0xa99d8989, 0x56cf044c), TOBN(0x7c7f4454, 0xae3e5fb7), + TOBN(0xb2e6b121, 0xfbabbe92), TOBN(0x281850fb, 0xe1330076), + TOBN(0x093581ec, 0x97890015), TOBN(0x69b1dded, 0x75ff77f5), + TOBN(0x7cf0b18f, 0xab105105), TOBN(0x953ced31, 0xa89ccfef), + TOBN(0x3151f85f, 0xeb914009), TOBN(0x3c9f1b87, 0x88ed48ad), + TOBN(0xc9aba1a1, 0x4a7eadcb), TOBN(0x928e7501, 0x522e71cf), + TOBN(0xeaede727, 0x3a2e4f83), TOBN(0x467e10d1, 0x1ce3bbd3), + TOBN(0xf3442ac3, 0xb955dcf0), TOBN(0xba96307d, 0xd3d5e527), + TOBN(0xf763a10e, 0xfd77f474), TOBN(0x5d744bd0, 0x6a6e1ff0), + TOBN(0xd287282a, 0xa777899e), TOBN(0xe20eda8f, 0xd03f3cde), + TOBN(0x6a7e75bb, 0x50b07d31), TOBN(0x0b7e2a94, 0x6f379de4), + TOBN(0x31cb64ad, 0x19f593cf), TOBN(0x7b1a9e4f, 0x1e76ef1d), + TOBN(0xe18c9c9d, 0xb62d609c), TOBN(0x439bad6d, 0xe779a650), + TOBN(0x219d9066, 0xe032f144), TOBN(0x1db632b8, 0xe8b2ec6a), + TOBN(0xff0d0fd4, 0xfda12f78), TOBN(0x56fb4c2d, 0x2a25d265), + TOBN(0x5f4e2ee1, 0x255a03f1), TOBN(0x61cd6af2, 0xe96af176), + TOBN(0xe0317ba8, 0xd068bc97), TOBN(0x927d6bab, 0x264b988e), + TOBN(0xa18f07e0, 0xe90fb21e), TOBN(0x00fd2b80, 0xbba7fca1), + TOBN(0x20387f27, 0x95cd67b5), TOBN(0x5b89a4e7, 0xd39707f7), + TOBN(0x8f83ad3f, 0x894407ce), TOBN(0xa0025b94, 0x6c226132), + TOBN(0xc79563c7, 0xf906c13b), TOBN(0x5f548f31, 0x4e7bb025), + TOBN(0x2b4c6b8f, 0xeac6d113), TOBN(0xa67e3f9c, 0x0e813c76), + TOBN(0x3982717c, 0x3fe1f4b9), TOBN(0x58865819, 0x26d8050e), + TOBN(0x99f3640c, 0xf7f06f20), TOBN(0xdc610216, 0x2a66ebc2), + TOBN(0x52f2c175, 0x767a1e08), TOBN(0x05660e1a, 0x5999871b), + TOBN(0x6b0f1762, 0x6d3c4693), TOBN(0xf0e7d627, 0x37ed7bea), + TOBN(0xc51758c7, 0xb75b226d), TOBN(0x40a88628, 0x1f91613b), + TOBN(0x889dbaa7, 0xbbb38ce0), TOBN(0xe0404b65, 0xbddcad81), + TOBN(0xfebccd3a, 0x8bc9671f), TOBN(0xfbf9a357, 0xee1f5375), + TOBN(0x5dc169b0, 0x28f33398), TOBN(0xb07ec11d, 0x72e90f65), + TOBN(0xae7f3b4a, 0xfaab1eb1), TOBN(0xd970195e, 0x5f17538a), + TOBN(0x52b05cbe, 0x0181e640), TOBN(0xf5debd62, 0x2643313d), + TOBN(0x76148154, 0x5df31f82), TOBN(0x23e03b33, 0x3a9e13c5), + TOBN(0xff758949, 0x4fde0c1f), TOBN(0xbf8a1abe, 0xe5b6ec20), + TOBN(0x702278fb, 0x87e1db6c), TOBN(0xc447ad7a, 0x35ed658f), + TOBN(0x48d4aa38, 0x03d0ccf2), TOBN(0x80acb338, 0x819a7c03), + TOBN(0x9bc7c89e, 0x6e17cecc), TOBN(0x46736b8b, 0x03be1d82), + TOBN(0xd65d7b60, 0xc0432f96), TOBN(0xddebe7a3, 0xdeb5442f), + TOBN(0x79a25307, 0x7dff69a2), TOBN(0x37a56d94, 0x02cf3122), + TOBN(0x8bab8aed, 0xf2350d0a), TOBN(0x13c3f276, 0x037b0d9a), + TOBN(0xc664957c, 0x44c65cae), TOBN(0x88b44089, 0xc2e71a88), + TOBN(0xdb88e5a3, 0x5cb02664), TOBN(0x5d4c0bf1, 0x8686c72e), + TOBN(0xea3d9b62, 0xa682d53e), TOBN(0x9b605ef4, 0x0b2ad431), + TOBN(0x71bac202, 0xc69645d0), TOBN(0xa115f03a, 0x6a1b66e7), + TOBN(0xfe2c563a, 0x158f4dc4), TOBN(0xf715b3a0, 0x4d12a78c), + TOBN(0x8f7f0a48, 0xd413213a), TOBN(0x2035806d, 0xc04becdb), + TOBN(0xecd34a99, 0x5d8587f5), TOBN(0x4d8c3079, 0x9f6d3a71), + TOBN(0x1b2a2a67, 0x8d95a8f6), TOBN(0xc58c9d7d, 0xf2110d0d), + TOBN(0xdeee81d5, 0xcf8fba3f), TOBN(0xa42be3c0, 0x0c7cdf68), + TOBN(0x2126f742, 0xd43b5eaa), TOBN(0x054a0766, 0xdfa59b85), + TOBN(0x9d0d5e36, 0x126bfd45), TOBN(0xa1f8fbd7, 0x384f8a8f), + TOBN(0x317680f5, 0xd563fccc), TOBN(0x48ca5055, 0xf280a928), + TOBN(0xe00b81b2, 0x27b578cf), TOBN(0x10aad918, 0x2994a514), + TOBN(0xd9e07b62, 0xb7bdc953), TOBN(0x9f0f6ff2, 0x5bc086dd), + TOBN(0x09d1ccff, 0x655eee77), TOBN(0x45475f79, 0x5bef7df1), + TOBN(0x3faa28fa, 0x86f702cc), TOBN(0x92e60905, 0x0f021f07), + TOBN(0xe9e62968, 0x7f8fa8c6), TOBN(0xbd71419a, 0xf036ea2c), + TOBN(0x171ee1cc, 0x6028da9a), TOBN(0x5352fe1a, 0xc251f573), + TOBN(0xf8ff236e, 0x3fa997f4), TOBN(0xd831b6c9, 0xa5749d5f), + TOBN(0x7c872e1d, 0xe350e2c2), TOBN(0xc56240d9, 0x1e0ce403), + TOBN(0xf9deb077, 0x6974f5cb), TOBN(0x7d50ba87, 0x961c3728), + TOBN(0xd6f89426, 0x5a3a2518), TOBN(0xcf817799, 0xc6303d43), + TOBN(0x510a0471, 0x619e5696), TOBN(0xab049ff6, 0x3a5e307b), + TOBN(0xe4cdf9b0, 0xfeb13ec7), TOBN(0xd5e97117, 0x9d8ff90c), + TOBN(0xf6f64d06, 0x9afa96af), TOBN(0x00d0bf5e, 0x9d2012a2), + TOBN(0xe63f301f, 0x358bcdc0), TOBN(0x07689e99, 0x0a9d47f8), + TOBN(0x1f689e2f, 0x4f43d43a), TOBN(0x4d542a16, 0x90920904), + TOBN(0xaea293d5, 0x9ca0a707), TOBN(0xd061fe45, 0x8ac68065), + TOBN(0x1033bf1b, 0x0090008c), TOBN(0x29749558, 0xc08a6db6), + TOBN(0x74b5fc59, 0xc1d5d034), TOBN(0xf712e9f6, 0x67e215e0), + TOBN(0xfd520cbd, 0x860200e6), TOBN(0x0229acb4, 0x3ea22588), + TOBN(0x9cd1e14c, 0xfff0c82e), TOBN(0x87684b62, 0x59c69e73), + TOBN(0xda85e61c, 0x96ccb989), TOBN(0x2d5dbb02, 0xa3d06493), + TOBN(0xf22ad33a, 0xe86b173c), TOBN(0xe8e41ea5, 0xa79ff0e3), + TOBN(0x01d2d725, 0xdd0d0c10), TOBN(0x31f39088, 0x032d28f9), + TOBN(0x7b3f71e1, 0x7829839e), TOBN(0x0cf691b4, 0x4502ae58), + TOBN(0xef658dbd, 0xbefc6115), TOBN(0xa5cd6ee5, 0xb3ab5314), + TOBN(0x206c8d7b, 0x5f1d2347), TOBN(0x794645ba, 0x4cc2253a), + TOBN(0xd517d8ff, 0x58389e08), TOBN(0x4fa20dee, 0x9f847288), + TOBN(0xeba072d8, 0xd797770a), TOBN(0x7360c91d, 0xbf429e26), + TOBN(0x7200a3b3, 0x80af8279), TOBN(0x6a1c9150, 0x82dadce3), + TOBN(0x0ee6d3a7, 0xc35d8794), TOBN(0x042e6558, 0x0356bae5), + TOBN(0x9f59698d, 0x643322fd), TOBN(0x9379ae15, 0x50a61967), + TOBN(0x64b9ae62, 0xfcc9981e), TOBN(0xaed3d631, 0x6d2934c6), + TOBN(0x2454b302, 0x5e4e65eb), TOBN(0xab09f647, 0xf9950428)}, + {TOBN(0xb2083a12, 0x22248acc), TOBN(0x1f6ec0ef, 0x3264e366), + TOBN(0x5659b704, 0x5afdee28), TOBN(0x7a823a40, 0xe6430bb5), + TOBN(0x24592a04, 0xe1900a79), TOBN(0xcde09d4a, 0xc9ee6576), + TOBN(0x52b6463f, 0x4b5ea54a), TOBN(0x1efe9ed3, 0xd3ca65a7), + TOBN(0xe27a6dbe, 0x305406dd), TOBN(0x8eb7dc7f, 0xdd5d1957), + TOBN(0xf54a6876, 0x387d4d8f), TOBN(0x9c479409, 0xc7762de4), + TOBN(0xbe4d5b5d, 0x99b30778), TOBN(0x25380c56, 0x6e793682), + TOBN(0x602d37f3, 0xdac740e3), TOBN(0x140deabe, 0x1566e4ae), + TOBN(0x4481d067, 0xafd32acf), TOBN(0xd8f0fcca, 0xe1f71ccf), + TOBN(0xd208dd0c, 0xb596f2da), TOBN(0xd049d730, 0x9aad93f9), + TOBN(0xc79f263d, 0x42ab580e), TOBN(0x09411bb1, 0x23f707b4), + TOBN(0x8cfde1ff, 0x835e0eda), TOBN(0x72707490, 0x90f03402), + TOBN(0xeaee6126, 0xc49a861e), TOBN(0x024f3b65, 0xe14f0d06), + TOBN(0x51a3f1e8, 0xc69bfc17), TOBN(0xc3c3a8e9, 0xa7686381), + TOBN(0x3400752c, 0xb103d4c8), TOBN(0x02bc4613, 0x9218b36b), + TOBN(0xc67f75eb, 0x7651504a), TOBN(0xd6848b56, 0xd02aebfa), + TOBN(0xbd9802e6, 0xc30fa92b), TOBN(0x5a70d96d, 0x9a552784), + TOBN(0x9085c4ea, 0x3f83169b), TOBN(0xfa9423bb, 0x06908228), + TOBN(0x2ffebe12, 0xfe97a5b9), TOBN(0x85da6049, 0x71b99118), + TOBN(0x9cbc2f7f, 0x63178846), TOBN(0xfd96bc70, 0x9153218e), + TOBN(0x958381db, 0x1782269b), TOBN(0xae34bf79, 0x2597e550), + TOBN(0xbb5c6064, 0x5f385153), TOBN(0x6f0e96af, 0xe3088048), + TOBN(0xbf6a0215, 0x77884456), TOBN(0xb3b5688c, 0x69310ea7), + TOBN(0x17c94295, 0x04fad2de), TOBN(0xe020f0e5, 0x17896d4d), + TOBN(0x730ba0ab, 0x0976505f), TOBN(0x567f6813, 0x095e2ec5), + TOBN(0x47062010, 0x6331ab71), TOBN(0x72cfa977, 0x41d22b9f), + TOBN(0x33e55ead, 0x8a2373da), TOBN(0xa8d0d5f4, 0x7ba45a68), + TOBN(0xba1d8f9c, 0x03029d15), TOBN(0x8f34f1cc, 0xfc55b9f3), + TOBN(0xcca4428d, 0xbbe5a1a9), TOBN(0x8187fd5f, 0x3126bd67), + TOBN(0x0036973a, 0x48105826), TOBN(0xa39b6663, 0xb8bd61a0), + TOBN(0x6d42deef, 0x2d65a808), TOBN(0x4969044f, 0x94636b19), + TOBN(0xf611ee47, 0xdd5d564c), TOBN(0x7b2f3a49, 0xd2873077), + TOBN(0x94157d45, 0x300eb294), TOBN(0x2b2a656e, 0x169c1494), + TOBN(0xc000dd76, 0xd3a47aa9), TOBN(0xa2864e4f, 0xa6243ea4), + TOBN(0x82716c47, 0xdb89842e), TOBN(0x12dfd7d7, 0x61479fb7), + TOBN(0x3b9a2c56, 0xe0b2f6dc), TOBN(0x46be862a, 0xd7f85d67), + TOBN(0x03b0d8dd, 0x0f82b214), TOBN(0x460c34f9, 0xf103cbc6), + TOBN(0xf32e5c03, 0x18d79e19), TOBN(0x8b8888ba, 0xa84117f8), + TOBN(0x8f3c37dc, 0xc0722677), TOBN(0x10d21be9, 0x1c1c0f27), + TOBN(0xd47c8468, 0xe0f7a0c6), TOBN(0x9bf02213, 0xadecc0e0), + TOBN(0x0baa7d12, 0x42b48b99), TOBN(0x1bcb665d, 0x48424096), + TOBN(0x8b847cd6, 0xebfb5cfb), TOBN(0x87c2ae56, 0x9ad4d10d), + TOBN(0xf1cbb122, 0x0de36726), TOBN(0xe7043c68, 0x3fdfbd21), + TOBN(0x4bd0826a, 0x4e79d460), TOBN(0x11f5e598, 0x4bd1a2cb), + TOBN(0x97554160, 0xb7fe7b6e), TOBN(0x7d16189a, 0x400a3fb2), + TOBN(0xd73e9bea, 0xe328ca1e), TOBN(0x0dd04b97, 0xe793d8cc), + TOBN(0xa9c83c9b, 0x506db8cc), TOBN(0x5cd47aae, 0xcf38814c), + TOBN(0x26fc430d, 0xb64b45e6), TOBN(0x079b5499, 0xd818ea84), + TOBN(0xebb01102, 0xc1c24a3b), TOBN(0xca24e568, 0x1c161c1a), + TOBN(0x103eea69, 0x36f00a4a), TOBN(0x9ad76ee8, 0x76176c7b), + TOBN(0x97451fc2, 0x538e0ff7), TOBN(0x94f89809, 0x6604b3b0), + TOBN(0x6311436e, 0x3249cfd7), TOBN(0x27b4a7bd, 0x41224f69), + TOBN(0x03b5d21a, 0xe0ac2941), TOBN(0x279b0254, 0xc2d31937), + TOBN(0x3307c052, 0xcac992d0), TOBN(0x6aa7cb92, 0xefa8b1f3), + TOBN(0x5a182580, 0x0d37c7a5), TOBN(0x13380c37, 0x342d5422), + TOBN(0x92ac2d66, 0xd5d2ef92), TOBN(0x035a70c9, 0x030c63c6), + TOBN(0xc16025dd, 0x4ce4f152), TOBN(0x1f419a71, 0xf9df7c06), + TOBN(0x6d5b2214, 0x91e4bb14), TOBN(0xfc43c6cc, 0x839fb4ce), + TOBN(0x49f06591, 0x925d6b2d), TOBN(0x4b37d9d3, 0x62186598), + TOBN(0x8c54a971, 0xd01b1629), TOBN(0xe1a9c29f, 0x51d50e05), + TOBN(0x5109b785, 0x71ba1861), TOBN(0x48b22d5c, 0xd0c8f93d), + TOBN(0xe8fa84a7, 0x8633bb93), TOBN(0x53fba6ba, 0x5aebbd08), + TOBN(0x7ff27df3, 0xe5eea7d8), TOBN(0x521c8796, 0x68ca7158), + TOBN(0xb9d5133b, 0xce6f1a05), TOBN(0x2d50cd53, 0xfd0ebee4), + TOBN(0xc82115d6, 0xc5a3ef16), TOBN(0x993eff9d, 0xba079221), + TOBN(0xe4da2c5e, 0x4b5da81c), TOBN(0x9a89dbdb, 0x8033fd85), + TOBN(0x60819ebf, 0x2b892891), TOBN(0x53902b21, 0x5d14a4d5), + TOBN(0x6ac35051, 0xd7fda421), TOBN(0xcc6ab885, 0x61c83284), + TOBN(0x14eba133, 0xf74cff17), TOBN(0x240aaa03, 0xecb813f2), + TOBN(0xcfbb6540, 0x6f665bee), TOBN(0x084b1fe4, 0xa425ad73), + TOBN(0x009d5d16, 0xd081f6a6), TOBN(0x35304fe8, 0xeef82c90), + TOBN(0xf20346d5, 0xaa9eaa22), TOBN(0x0ada9f07, 0xac1c91e3), + TOBN(0xa6e21678, 0x968a6144), TOBN(0x54c1f77c, 0x07b31a1e), + TOBN(0xd6bb787e, 0x5781fbe1), TOBN(0x61bd2ee0, 0xe31f1c4a), + TOBN(0xf25aa1e9, 0x781105fc), TOBN(0x9cf2971f, 0x7b2f8e80), + TOBN(0x26d15412, 0xcdff919b), TOBN(0x01db4ebe, 0x34bc896e), + TOBN(0x7d9b3e23, 0xb40df1cf), TOBN(0x59337373, 0x94e971b4), + TOBN(0xbf57bd14, 0x669cf921), TOBN(0x865daedf, 0x0c1a1064), + TOBN(0x3eb70bd3, 0x83279125), TOBN(0xbc3d5b9f, 0x34ecdaab), + TOBN(0x91e3ed7e, 0x5f755caf), TOBN(0x49699f54, 0xd41e6f02), + TOBN(0x185770e1, 0xd4a7a15b), TOBN(0x08f3587a, 0xeaac87e7), + TOBN(0x352018db, 0x473133ea), TOBN(0x674ce719, 0x04fd30fc), + TOBN(0x7b8d9835, 0x088b3e0e), TOBN(0x7a0356a9, 0x5d0d47a1), + TOBN(0x9d9e7659, 0x6474a3c4), TOBN(0x61ea48a7, 0xff66966c), + TOBN(0x30417758, 0x0f3e4834), TOBN(0xfdbb21c2, 0x17a9afcb), + TOBN(0x756fa17f, 0x2f9a67b3), TOBN(0x2a6b2421, 0xa245c1a8), + TOBN(0x64be2794, 0x4af02291), TOBN(0xade465c6, 0x2a5804fe), + TOBN(0x8dffbd39, 0xa6f08fd7), TOBN(0xc4efa84c, 0xaa14403b), + TOBN(0xa1b91b2a, 0x442b0f5c), TOBN(0xb748e317, 0xcf997736), + TOBN(0x8d1b62bf, 0xcee90e16), TOBN(0x907ae271, 0x0b2078c0), + TOBN(0xdf31534b, 0x0c9bcddd), TOBN(0x043fb054, 0x39adce83), + TOBN(0x99031043, 0xd826846a), TOBN(0x61a9c0d6, 0xb144f393), + TOBN(0xdab48046, 0x47718427), TOBN(0xdf17ff9b, 0x6e830f8b), + TOBN(0x408d7ee8, 0xe49a1347), TOBN(0x6ac71e23, 0x91c1d4ae), + TOBN(0xc8cbb9fd, 0x1defd73c), TOBN(0x19840657, 0xbbbbfec5), + TOBN(0x39db1cb5, 0x9e7ef8ea), TOBN(0x78aa8296, 0x64105f30), + TOBN(0xa3d9b7f0, 0xa3738c29), TOBN(0x0a2f235a, 0xbc3250a3), + TOBN(0x55e506f6, 0x445e4caf), TOBN(0x0974f73d, 0x33475f7a), + TOBN(0xd37dbba3, 0x5ba2f5a8), TOBN(0x542c6e63, 0x6af40066), + TOBN(0x26d99b53, 0xc5d73e2c), TOBN(0x06060d7d, 0x6c3ca33e), + TOBN(0xcdbef1c2, 0x065fef4a), TOBN(0x77e60f7d, 0xfd5b92e3), + TOBN(0xd7c549f0, 0x26708350), TOBN(0x201b3ad0, 0x34f121bf), + TOBN(0x5fcac2a1, 0x0334fc14), TOBN(0x8a9a9e09, 0x344552f6), + TOBN(0x7dd8a1d3, 0x97653082), TOBN(0x5fc0738f, 0x79d4f289), + TOBN(0x787d244d, 0x17d2d8c3), TOBN(0xeffc6345, 0x70830684), + TOBN(0x5ddb96dd, 0xe4f73ae5), TOBN(0x8efb14b1, 0x172549a5), + TOBN(0x6eb73eee, 0x2245ae7a), TOBN(0xbca4061e, 0xea11f13e), + TOBN(0xb577421d, 0x30b01f5d), TOBN(0xaa688b24, 0x782e152c), + TOBN(0x67608e71, 0xbd3502ba), TOBN(0x4ef41f24, 0xb4de75a0), + TOBN(0xb08dde5e, 0xfd6125e5), TOBN(0xde484825, 0xa409543f), + TOBN(0x1f198d98, 0x65cc2295), TOBN(0x428a3771, 0x6e0edfa2), + TOBN(0x4f9697a2, 0xadf35fc7), TOBN(0x01a43c79, 0xf7cac3c7), + TOBN(0xb05d7059, 0x0fd3659a), TOBN(0x8927f30c, 0xbb7f2d9a), + TOBN(0x4023d1ac, 0x8cf984d3), TOBN(0x32125ed3, 0x02897a45), + TOBN(0xfb572dad, 0x3d414205), TOBN(0x73000ef2, 0xe3fa82a9), + TOBN(0x4c0868e9, 0xf10a5581), TOBN(0x5b61fc67, 0x6b0b3ca5), + TOBN(0xc1258d5b, 0x7cae440c), TOBN(0x21c08b41, 0x402b7531), + TOBN(0xf61a8955, 0xde932321), TOBN(0x3568faf8, 0x2d1408af), + TOBN(0x71b15e99, 0x9ecf965b), TOBN(0xf14ed248, 0xe917276f), + TOBN(0xc6f4caa1, 0x820cf9e2), TOBN(0x681b20b2, 0x18d83c7e), + TOBN(0x6cde738d, 0xc6c01120), TOBN(0x71db0813, 0xae70e0db), + TOBN(0x95fc0644, 0x74afe18c), TOBN(0x34619053, 0x129e2be7), + TOBN(0x80615cea, 0xdb2a3b15), TOBN(0x0a49a19e, 0xdb4c7073), + TOBN(0x0e1b84c8, 0x8fd2d367), TOBN(0xd74bf462, 0x033fb8aa), + TOBN(0x889f6d65, 0x533ef217), TOBN(0x7158c7e4, 0xc3ca2e87), + TOBN(0xfb670dfb, 0xdc2b4167), TOBN(0x75910a01, 0x844c257f), + TOBN(0xf336bf07, 0xcf88577d), TOBN(0x22245250, 0xe45e2ace), + TOBN(0x2ed92e8d, 0x7ca23d85), TOBN(0x29f8be4c, 0x2b812f58), + TOBN(0xdd9ebaa7, 0x076fe12b), TOBN(0x3f2400cb, 0xae1537f9), + TOBN(0x1aa93528, 0x17bdfb46), TOBN(0xc0f98430, 0x67883b41), + TOBN(0x5590ede1, 0x0170911d), TOBN(0x7562f5bb, 0x34d4b17f), + TOBN(0xe1fa1df2, 0x1826b8d2), TOBN(0xb40b796a, 0x6bd80d59), + TOBN(0xd65bf197, 0x3467ba92), TOBN(0x8c9b46db, 0xf70954b0), + TOBN(0x97c8a0f3, 0x0e78f15d), TOBN(0xa8f3a69a, 0x85a4c961), + TOBN(0x4242660f, 0x61e4ce9b), TOBN(0xbf06aab3, 0x6ea6790c), + TOBN(0xc6706f8e, 0xec986416), TOBN(0x9e56dec1, 0x9a9fc225), + TOBN(0x527c46f4, 0x9a9898d9), TOBN(0xd799e77b, 0x5633cdef), + TOBN(0x24eacc16, 0x7d9e4297), TOBN(0xabb61cea, 0x6b1cb734), + TOBN(0xbee2e8a7, 0xf778443c), TOBN(0x3bb42bf1, 0x29de2fe6), + TOBN(0xcbed86a1, 0x3003bb6f), TOBN(0xd3918e6c, 0xd781cdf6), + TOBN(0x4bee3271, 0x9a5103f1), TOBN(0x5243efc6, 0xf50eac06), + TOBN(0xb8e122cb, 0x6adcc119), TOBN(0x1b7faa84, 0xc0b80a08), + TOBN(0x32c3d1bd, 0x6dfcd08c), TOBN(0x129dec4e, 0x0be427de), + TOBN(0x98ab679c, 0x1d263c83), TOBN(0xafc83cb7, 0xcef64eff), + TOBN(0x85eb6088, 0x2fa6be76), TOBN(0x892585fb, 0x1328cbfe), + TOBN(0xc154d3ed, 0xcf618dda), TOBN(0xc44f601b, 0x3abaf26e), + TOBN(0x7bf57d0b, 0x2be1fdfd), TOBN(0xa833bd2d, 0x21137fee), + TOBN(0x9353af36, 0x2db591a8), TOBN(0xc76f26dc, 0x5562a056), + TOBN(0x1d87e47d, 0x3fdf5a51), TOBN(0x7afb5f93, 0x55c9cab0), + TOBN(0x91bbf58f, 0x89e0586e), TOBN(0x7c72c018, 0x0d843709), + TOBN(0xa9a5aafb, 0x99b5c3dc), TOBN(0xa48a0f1d, 0x3844aeb0), + TOBN(0x7178b7dd, 0xb667e482), TOBN(0x453985e9, 0x6e23a59a), + TOBN(0x4a54c860, 0x01b25dd8), TOBN(0x0dd37f48, 0xfb897c8a), + TOBN(0x5f8aa610, 0x0ea90cd9), TOBN(0xc8892c68, 0x16d5830d), + TOBN(0xeb4befc0, 0xef514ca5), TOBN(0x478eb679, 0xe72c9ee6), + TOBN(0x9bca20da, 0xdbc40d5f), TOBN(0xf015de21, 0xdde4f64a), + TOBN(0xaa6a4de0, 0xeaf4b8a5), TOBN(0x68cfd9ca, 0x4bc60e32), + TOBN(0x668a4b01, 0x7fd15e70), TOBN(0xd9f0694a, 0xf27dc09d), + TOBN(0xf6c3cad5, 0xba708bcd), TOBN(0x5cd2ba69, 0x5bb95c2a), + TOBN(0xaa28c1d3, 0x33c0a58f), TOBN(0x23e274e3, 0xabc77870), + TOBN(0x44c3692d, 0xdfd20a4a), TOBN(0x091c5fd3, 0x81a66653), + TOBN(0x6c0bb691, 0x09a0757d), TOBN(0x9072e8b9, 0x667343ea), + TOBN(0x31d40eb0, 0x80848bec), TOBN(0x95bd480a, 0x79fd36cc), + TOBN(0x01a77c61, 0x65ed43f5), TOBN(0xafccd127, 0x2e0d40bf), + TOBN(0xeccfc82d, 0x1cc1884b), TOBN(0xc85ac201, 0x5d4753b4), + TOBN(0xc7a6caac, 0x658e099f), TOBN(0xcf46369e, 0x04b27390), + TOBN(0xe2e7d049, 0x506467ea), TOBN(0x481b63a2, 0x37cdeccc), + TOBN(0x4029abd8, 0xed80143a), TOBN(0x28bfe3c7, 0xbcb00b88), + TOBN(0x3bec1009, 0x0643d84a), TOBN(0x885f3668, 0xabd11041), + TOBN(0xdb02432c, 0xf83a34d6), TOBN(0x32f7b360, 0x719ceebe), + TOBN(0xf06c7837, 0xdad1fe7a), TOBN(0x60a157a9, 0x5441a0b0), + TOBN(0x704970e9, 0xe2d47550), TOBN(0xcd2bd553, 0x271b9020), + TOBN(0xff57f82f, 0x33e24a0b), TOBN(0x9cbee23f, 0xf2565079), + TOBN(0x16353427, 0xeb5f5825), TOBN(0x276feec4, 0xe948d662), + TOBN(0xd1b62bc6, 0xda10032b), TOBN(0x718351dd, 0xf0e72a53), + TOBN(0x93452076, 0x2420e7ba), TOBN(0x96368fff, 0x3a00118d), + TOBN(0x00ce2d26, 0x150a49e4), TOBN(0x0c28b636, 0x3f04706b), + TOBN(0xbad65a46, 0x58b196d0), TOBN(0x6c8455fc, 0xec9f8b7c), + TOBN(0xe90c895f, 0x2d71867e), TOBN(0x5c0be31b, 0xedf9f38c), + TOBN(0x2a37a15e, 0xd8f6ec04), TOBN(0x239639e7, 0x8cd85251), + TOBN(0xd8975315, 0x9c7c4c6b), TOBN(0x603aa3c0, 0xd7409af7), + TOBN(0xb8d53d0c, 0x007132fb), TOBN(0x68d12af7, 0xa6849238), + TOBN(0xbe0607e7, 0xbf5d9279), TOBN(0x9aa50055, 0xaada74ce), + TOBN(0xe81079cb, 0xba7e8ccb), TOBN(0x610c71d1, 0xa5f4ff5e), + TOBN(0x9e2ee1a7, 0x5aa07093), TOBN(0xca84004b, 0xa75da47c), + TOBN(0x074d3951, 0x3de75401), TOBN(0xf938f756, 0xbb311592), + TOBN(0x96197618, 0x00a43421), TOBN(0x39a25362, 0x07bc78c8), + TOBN(0x278f710a, 0x0a171276), TOBN(0xb28446ea, 0x8d1a8f08), + TOBN(0x184781bf, 0xe3b6a661), TOBN(0x7751cb1d, 0xe6d279f7), + TOBN(0xf8ff95d6, 0xc59eb662), TOBN(0x186d90b7, 0x58d3dea7), + TOBN(0x0e4bb6c1, 0xdfb4f754), TOBN(0x5c5cf56b, 0x2b2801dc), + TOBN(0xc561e452, 0x1f54564d), TOBN(0xb4fb8c60, 0xf0dd7f13), + TOBN(0xf8849630, 0x33ff98c7), TOBN(0x9619fffa, 0xcf17769c), + TOBN(0xf8090bf6, 0x1bfdd80a), TOBN(0x14d9a149, 0x422cfe63), + TOBN(0xb354c360, 0x6f6df9ea), TOBN(0xdbcf770d, 0x218f17ea), + TOBN(0x207db7c8, 0x79eb3480), TOBN(0x213dbda8, 0x559b6a26), + TOBN(0xac4c200b, 0x29fc81b3), TOBN(0xebc3e09f, 0x171d87c1), + TOBN(0x91799530, 0x1481aa9e), TOBN(0x051b92e1, 0x92e114fa), + TOBN(0xdf8f92e9, 0xecb5537f), TOBN(0x44b1b2cc, 0x290c7483), + TOBN(0xa711455a, 0x2adeb016), TOBN(0x964b6856, 0x81a10c2c), + TOBN(0x4f159d99, 0xcec03623), TOBN(0x05532225, 0xef3271ea), + TOBN(0xb231bea3, 0xc5ee4849), TOBN(0x57a54f50, 0x7094f103), + TOBN(0x3e2d421d, 0x9598b352), TOBN(0xe865a49c, 0x67412ab4), + TOBN(0xd2998a25, 0x1cc3a912), TOBN(0x5d092808, 0x0c74d65d), + TOBN(0x73f45908, 0x4088567a), TOBN(0xeb6b280e, 0x1f214a61), + TOBN(0x8c9adc34, 0xcaf0c13d), TOBN(0x39d12938, 0xf561fb80), + TOBN(0xb2dc3a5e, 0xbc6edfb4), TOBN(0x7485b1b1, 0xfe4d210e), + TOBN(0x062e0400, 0xe186ae72), TOBN(0x91e32d5c, 0x6eeb3b88), + TOBN(0x6df574d7, 0x4be59224), TOBN(0xebc88ccc, 0x716d55f3), + TOBN(0x26c2e6d0, 0xcad6ed33), TOBN(0xc6e21e7d, 0x0d3e8b10), + TOBN(0x2cc5840e, 0x5bcc36bb), TOBN(0x9292445e, 0x7da74f69), + TOBN(0x8be8d321, 0x4e5193a8), TOBN(0x3ec23629, 0x8df06413), + TOBN(0xc7e9ae85, 0xb134defa), TOBN(0x6073b1d0, 0x1bb2d475), + TOBN(0xb9ad615e, 0x2863c00d), TOBN(0x9e29493d, 0x525f4ac4), + TOBN(0xc32b1dea, 0x4e9acf4f), TOBN(0x3e1f01c8, 0xa50db88d), + TOBN(0xb05d70ea, 0x04da916c), TOBN(0x714b0d0a, 0xd865803e), + TOBN(0x4bd493fc, 0x9920cb5e), TOBN(0x5b44b1f7, 0x92c7a3ac), + TOBN(0xa2a77293, 0xbcec9235), TOBN(0x5ee06e87, 0xcd378553), + TOBN(0xceff8173, 0xda621607), TOBN(0x2bb03e4c, 0x99f5d290), + TOBN(0x2945106a, 0xa6f734ac), TOBN(0xb5056604, 0xd25c4732), + TOBN(0x5945920c, 0xe079afee), TOBN(0x686e17a0, 0x6789831f), + TOBN(0x5966bee8, 0xb74a5ae5), TOBN(0x38a673a2, 0x1e258d46), + TOBN(0xbd1cc1f2, 0x83141c95), TOBN(0x3b2ecf4f, 0x0e96e486), + TOBN(0xcd3aa896, 0x74e5fc78), TOBN(0x415ec10c, 0x2482fa7a), + TOBN(0x15234419, 0x80503380), TOBN(0x513d917a, 0xd314b392), + TOBN(0xb0b52f4e, 0x63caecae), TOBN(0x07bf22ad, 0x2dc7780b), + TOBN(0xe761e8a1, 0xe4306839), TOBN(0x1b3be962, 0x5dd7feaa), + TOBN(0x4fe728de, 0x74c778f1), TOBN(0xf1fa0bda, 0x5e0070f6), + TOBN(0x85205a31, 0x6ec3f510), TOBN(0x2c7e4a14, 0xd2980475), + TOBN(0xde3c19c0, 0x6f30ebfd), TOBN(0xdb1c1f38, 0xd4b7e644), + TOBN(0xfe291a75, 0x5dce364a), TOBN(0xb7b22a3c, 0x058f5be3), + TOBN(0x2cd2c302, 0x37fea38c), TOBN(0x2930967a, 0x2e17be17), + TOBN(0x87f009de, 0x0c061c65), TOBN(0xcb014aac, 0xedc6ed44), + TOBN(0x49bd1cb4, 0x3bafb1eb), TOBN(0x81bd8b5c, 0x282d3688), + TOBN(0x1cdab87e, 0xf01a17af), TOBN(0x21f37ac4, 0xe710063b), + TOBN(0x5a6c5676, 0x42fc8193), TOBN(0xf4753e70, 0x56a6015c), + TOBN(0x020f795e, 0xa15b0a44), TOBN(0x8f37c8d7, 0x8958a958), + TOBN(0x63b7e89b, 0xa4b675b5), TOBN(0xb4fb0c0c, 0x0fc31aea), + TOBN(0xed95e639, 0xa7ff1f2e), TOBN(0x9880f5a3, 0x619614fb), + TOBN(0xdeb6ff02, 0x947151ab), TOBN(0x5bc5118c, 0xa868dcdb), + TOBN(0xd8da2055, 0x4c20cea5), TOBN(0xcac2776e, 0x14c4d69a), + TOBN(0xcccb22c1, 0x622d599b), TOBN(0xa4ddb653, 0x68a9bb50), + TOBN(0x2c4ff151, 0x1b4941b4), TOBN(0xe1ff19b4, 0x6efba588), + TOBN(0x35034363, 0xc48345e0), TOBN(0x45542e3d, 0x1e29dfc4), + TOBN(0xf197cb91, 0x349f7aed), TOBN(0x3b2b5a00, 0x8fca8420), + TOBN(0x7c175ee8, 0x23aaf6d8), TOBN(0x54dcf421, 0x35af32b6), + TOBN(0x0ba14307, 0x27d6561e), TOBN(0x879d5ee4, 0xd175b1e2), + TOBN(0xc7c43673, 0x99807db5), TOBN(0x77a54455, 0x9cd55bcd), + TOBN(0xe6c2ff13, 0x0105c072), TOBN(0x18f7a99f, 0x8dda7da4), + TOBN(0x4c301820, 0x0e2d35c1), TOBN(0x06a53ca0, 0xd9cc6c82), + TOBN(0xaa21cc1e, 0xf1aa1d9e), TOBN(0x32414334, 0x4a75b1e8), + TOBN(0x2a6d1328, 0x0ebe9fdc), TOBN(0x16bd173f, 0x98a4755a), + TOBN(0xfbb9b245, 0x2133ffd9), TOBN(0x39a8b2f1, 0x830f1a20), + TOBN(0x484bc97d, 0xd5a1f52a), TOBN(0xd6aebf56, 0xa40eddf8), + TOBN(0x32257acb, 0x76ccdac6), TOBN(0xaf4d36ec, 0x1586ff27), + TOBN(0x8eaa8863, 0xf8de7dd1), TOBN(0x0045d5cf, 0x88647c16)}, + {TOBN(0xa6f3d574, 0xc005979d), TOBN(0xc2072b42, 0x6a40e350), + TOBN(0xfca5c156, 0x8de2ecf9), TOBN(0xa8c8bf5b, 0xa515344e), + TOBN(0x97aee555, 0x114df14a), TOBN(0xd4374a4d, 0xfdc5ec6b), + TOBN(0x754cc28f, 0x2ca85418), TOBN(0x71cb9e27, 0xd3c41f78), + TOBN(0x89105079, 0x03605c39), TOBN(0xf0843d9e, 0xa142c96c), + TOBN(0xf3744934, 0x16923684), TOBN(0x732caa2f, 0xfa0a2893), + TOBN(0xb2e8c270, 0x61160170), TOBN(0xc32788cc, 0x437fbaa3), + TOBN(0x39cd818e, 0xa6eda3ac), TOBN(0xe2e94239, 0x9e2b2e07), + TOBN(0x6967d39b, 0x0260e52a), TOBN(0xd42585cc, 0x90653325), + TOBN(0x0d9bd605, 0x21ca7954), TOBN(0x4fa20877, 0x81ed57b3), + TOBN(0x60c1eff8, 0xe34a0bbe), TOBN(0x56b0040c, 0x84f6ef64), + TOBN(0x28be2b24, 0xb1af8483), TOBN(0xb2278163, 0xf5531614), + TOBN(0x8df27545, 0x5922ac1c), TOBN(0xa7b3ef5c, 0xa52b3f63), + TOBN(0x8e77b214, 0x71de57c4), TOBN(0x31682c10, 0x834c008b), + TOBN(0xc76824f0, 0x4bd55d31), TOBN(0xb6d1c086, 0x17b61c71), + TOBN(0x31db0903, 0xc2a5089d), TOBN(0x9c092172, 0x184e5d3f), + TOBN(0xdd7ced5b, 0xc00cc638), TOBN(0x1a2015eb, 0x61278fc2), + TOBN(0x2e8e5288, 0x6a37f8d6), TOBN(0xc457786f, 0xe79933ad), + TOBN(0xb3fe4cce, 0x2c51211a), TOBN(0xad9b10b2, 0x24c20498), + TOBN(0x90d87a4f, 0xd28db5e5), TOBN(0x698cd105, 0x3aca2fc3), + TOBN(0x4f112d07, 0xe91b536d), TOBN(0xceb982f2, 0x9eba09d6), + TOBN(0x3c157b2c, 0x197c396f), TOBN(0xe23c2d41, 0x7b66eb24), + TOBN(0x480c57d9, 0x3f330d37), TOBN(0xb3a4c8a1, 0x79108deb), + TOBN(0x702388de, 0xcb199ce5), TOBN(0x0b019211, 0xb944a8d4), + TOBN(0x24f2a692, 0x840bb336), TOBN(0x7c353bdc, 0xa669fa7b), + TOBN(0xda20d6fc, 0xdec9c300), TOBN(0x625fbe2f, 0xa13a4f17), + TOBN(0xa2b1b61a, 0xdbc17328), TOBN(0x008965bf, 0xa9515621), + TOBN(0x49690939, 0xc620ff46), TOBN(0x182dd27d, 0x8717e91c), + TOBN(0x5ace5035, 0xea6c3997), TOBN(0x54259aaa, 0xc2610bef), + TOBN(0xef18bb3f, 0x3c80dd39), TOBN(0x6910b95b, 0x5fc3fa39), + TOBN(0xfce2f510, 0x43e09aee), TOBN(0xced56c9f, 0xa7675665), + TOBN(0x10e265ac, 0xd872db61), TOBN(0x6982812e, 0xae9fce69), + TOBN(0x29be11c6, 0xce800998), TOBN(0x72bb1752, 0xb90360d9), + TOBN(0x2c193197, 0x5a4ad590), TOBN(0x2ba2f548, 0x9fc1dbc0), + TOBN(0x7fe4eebb, 0xe490ebe0), TOBN(0x12a0a4cd, 0x7fae11c0), + TOBN(0x7197cf81, 0xe903ba37), TOBN(0xcf7d4aa8, 0xde1c6dd8), + TOBN(0x92af6bf4, 0x3fd5684c), TOBN(0x2b26eecf, 0x80360aa1), + TOBN(0xbd960f30, 0x00546a82), TOBN(0x407b3c43, 0xf59ad8fe), + TOBN(0x86cae5fe, 0x249c82ba), TOBN(0x9e0faec7, 0x2463744c), + TOBN(0x87f551e8, 0x94916272), TOBN(0x033f9344, 0x6ceb0615), + TOBN(0x1e5eb0d1, 0x8be82e84), TOBN(0x89967f0e, 0x7a582fef), + TOBN(0xbcf687d5, 0xa6e921fa), TOBN(0xdfee4cf3, 0xd37a09ba), + TOBN(0x94f06965, 0xb493c465), TOBN(0x638b9a1c, 0x7635c030), + TOBN(0x76667864, 0x66f05e9f), TOBN(0xccaf6808, 0xc04da725), + TOBN(0xca2eb690, 0x768fccfc), TOBN(0xf402d37d, 0xb835b362), + TOBN(0x0efac0d0, 0xe2fdfcce), TOBN(0xefc9cdef, 0xb638d990), + TOBN(0x2af12b72, 0xd1669a8b), TOBN(0x33c536bc, 0x5774ccbd), + TOBN(0x30b21909, 0xfb34870e), TOBN(0xc38fa2f7, 0x7df25aca), + TOBN(0x74c5f02b, 0xbf81f3f5), TOBN(0x0525a5ae, 0xaf7e4581), + TOBN(0x88d2aaba, 0x433c54ae), TOBN(0xed9775db, 0x806a56c5), + TOBN(0xd320738a, 0xc0edb37d), TOBN(0x25fdb6ee, 0x66cc1f51), + TOBN(0xac661d17, 0x10600d76), TOBN(0x931ec1f3, 0xbdd1ed76), + TOBN(0x65c11d62, 0x19ee43f1), TOBN(0x5cd57c3e, 0x60829d97), + TOBN(0xd26c91a3, 0x984be6e8), TOBN(0xf08d9309, 0x8b0c53bd), + TOBN(0x94bc9e5b, 0xc016e4ea), TOBN(0xd3916839, 0x11d43d2b), + TOBN(0x886c5ad7, 0x73701155), TOBN(0xe0377626, 0x20b00715), + TOBN(0x7f01c9ec, 0xaa80ba59), TOBN(0x3083411a, 0x68538e51), + TOBN(0x970370f1, 0xe88128af), TOBN(0x625cc3db, 0x91dec14b), + TOBN(0xfef9666c, 0x01ac3107), TOBN(0xb2a8d577, 0xd5057ac3), + TOBN(0xb0f26299, 0x92be5df7), TOBN(0xf579c8e5, 0x00353924), + TOBN(0xb8fa3d93, 0x1341ed7a), TOBN(0x4223272c, 0xa7b59d49), + TOBN(0x3dcb1947, 0x83b8c4a4), TOBN(0x4e413c01, 0xed1302e4), + TOBN(0x6d999127, 0xe17e44ce), TOBN(0xee86bf75, 0x33b3adfb), + TOBN(0xf6902fe6, 0x25aa96ca), TOBN(0xb73540e4, 0xe5aae47d), + TOBN(0x32801d7b, 0x1b4a158c), TOBN(0xe571c99e, 0x27e2a369), + TOBN(0x40cb76c0, 0x10d9f197), TOBN(0xc308c289, 0x3167c0ae), + TOBN(0xa6ef9dd3, 0xeb7958f2), TOBN(0xa7226dfc, 0x300879b1), + TOBN(0x6cd0b362, 0x7edf0636), TOBN(0x4efbce6c, 0x7bc37eed), + TOBN(0x75f92a05, 0x8d699021), TOBN(0x586d4c79, 0x772566e3), + TOBN(0x378ca5f1, 0x761ad23a), TOBN(0x650d86fc, 0x1465a8ac), + TOBN(0x7a4ed457, 0x842ba251), TOBN(0x6b65e3e6, 0x42234933), + TOBN(0xaf1543b7, 0x31aad657), TOBN(0xa4cefe98, 0xcbfec369), + TOBN(0xb587da90, 0x9f47befb), TOBN(0x6562e9fb, 0x41312d13), + TOBN(0xa691ea59, 0xeff1cefe), TOBN(0xcc30477a, 0x05fc4cf6), + TOBN(0xa1632461, 0x0b0ffd3d), TOBN(0xa1f16f3b, 0x5b355956), + TOBN(0x5b148d53, 0x4224ec24), TOBN(0xdc834e7b, 0xf977012a), + TOBN(0x7bfc5e75, 0xb2c69dbc), TOBN(0x3aa77a29, 0x03c3da6c), + TOBN(0xde0df03c, 0xca910271), TOBN(0xcbd5ca4a, 0x7806dc55), + TOBN(0xe1ca5807, 0x6db476cb), TOBN(0xfde15d62, 0x5f37a31e), + TOBN(0xf49af520, 0xf41af416), TOBN(0x96c5c5b1, 0x7d342db5), + TOBN(0x155c43b7, 0xeb4ceb9b), TOBN(0x2e993010, 0x4e77371a), + TOBN(0x1d2987da, 0x675d43af), TOBN(0xef2bc1c0, 0x8599fd72), + TOBN(0x96894b7b, 0x9342f6b2), TOBN(0x201eadf2, 0x7c8e71f0), + TOBN(0xf3479d9f, 0x4a1f3efc), TOBN(0xe0f8a742, 0x702a9704), + TOBN(0xeafd44b6, 0xb3eba40c), TOBN(0xf9739f29, 0xc1c1e0d0), + TOBN(0x0091471a, 0x619d505e), TOBN(0xc15f9c96, 0x9d7c263e), + TOBN(0x5be47285, 0x83afbe33), TOBN(0xa3b6d6af, 0x04f1e092), + TOBN(0xe76526b9, 0x751a9d11), TOBN(0x2ec5b26d, 0x9a4ae4d2), + TOBN(0xeb66f4d9, 0x02f6fb8d), TOBN(0x4063c561, 0x96912164), + TOBN(0xeb7050c1, 0x80ef3000), TOBN(0x288d1c33, 0xeaa5b3f0), + TOBN(0xe87c68d6, 0x07806fd8), TOBN(0xb2f7f9d5, 0x4bbbf50f), + TOBN(0x25972f3a, 0xac8d6627), TOBN(0xf8547774, 0x10e8c13b), + TOBN(0xcc50ef6c, 0x872b4a60), TOBN(0xab2a34a4, 0x4613521b), + TOBN(0x39c5c190, 0x983e15d1), TOBN(0x61dde5df, 0x59905512), + TOBN(0xe417f621, 0x9f2275f3), TOBN(0x0750c8b6, 0x451d894b), + TOBN(0x75b04ab9, 0x78b0bdaa), TOBN(0x3bfd9fd4, 0x458589bd), + TOBN(0xf1013e30, 0xee9120b6), TOBN(0x2b51af93, 0x23a4743e), + TOBN(0xea96ffae, 0x48d14d9e), TOBN(0x71dc0dbe, 0x698a1d32), + TOBN(0x914962d2, 0x0180cca4), TOBN(0x1ae60677, 0xc3568963), + TOBN(0x8cf227b1, 0x437bc444), TOBN(0xc650c83b, 0xc9962c7a), + TOBN(0x23c2c7dd, 0xfe7ccfc4), TOBN(0xf925c89d, 0x1b929d48), + TOBN(0x4460f74b, 0x06783c33), TOBN(0xac2c8d49, 0xa590475a), + TOBN(0xfb40b407, 0xb807bba0), TOBN(0x9d1e362d, 0x69ff8f3a), + TOBN(0xa33e9681, 0xcbef64a4), TOBN(0x67ece5fa, 0x332fb4b2), + TOBN(0x6900a99b, 0x739f10e3), TOBN(0xc3341ca9, 0xff525925), + TOBN(0xee18a626, 0xa9e2d041), TOBN(0xa5a83685, 0x29580ddd), + TOBN(0xf3470c81, 0x9d7de3cd), TOBN(0xedf02586, 0x2062cf9c), + TOBN(0xf43522fa, 0xc010edb0), TOBN(0x30314135, 0x13a4b1ae), + TOBN(0xc792e02a, 0xdb22b94b), TOBN(0x993d8ae9, 0xa1eaa45b), + TOBN(0x8aad6cd3, 0xcd1e1c63), TOBN(0x89529ca7, 0xc5ce688a), + TOBN(0x2ccee3aa, 0xe572a253), TOBN(0xe02b6438, 0x02a21efb), + TOBN(0xa7091b6e, 0xc9430358), TOBN(0x06d1b1fa, 0x9d7db504), + TOBN(0x58846d32, 0xc4744733), TOBN(0x40517c71, 0x379f9e34), + TOBN(0x2f65655f, 0x130ef6ca), TOBN(0x526e4488, 0xf1f3503f), + TOBN(0x8467bd17, 0x7ee4a976), TOBN(0x1d9dc913, 0x921363d1), + TOBN(0xd8d24c33, 0xb069e041), TOBN(0x5eb5da0a, 0x2cdf7f51), + TOBN(0x1c0f3cb1, 0x197b994f), TOBN(0x3c95a6c5, 0x2843eae9), + TOBN(0x7766ffc9, 0xa6097ea5), TOBN(0x7bea4093, 0xd723b867), + TOBN(0xb48e1f73, 0x4db378f9), TOBN(0x70025b00, 0xe37b77ac), + TOBN(0x943dc8e7, 0xaf24ad46), TOBN(0xb98a15ac, 0x16d00a85), + TOBN(0x3adc38ba, 0x2743b004), TOBN(0xb1c7f4f7, 0x334415ee), + TOBN(0xea43df8f, 0x1e62d05a), TOBN(0x32618905, 0x9d76a3b6), + TOBN(0x2fbd0bb5, 0xa23a0f46), TOBN(0x5bc971db, 0x6a01918c), + TOBN(0x7801d94a, 0xb4743f94), TOBN(0xb94df65e, 0x676ae22b), + TOBN(0xaafcbfab, 0xaf95894c), TOBN(0x7b9bdc07, 0x276b2241), + TOBN(0xeaf98362, 0x5bdda48b), TOBN(0x5977faf2, 0xa3fcb4df), + TOBN(0xbed042ef, 0x052c4b5b), TOBN(0x9fe87f71, 0x067591f0), + TOBN(0xc89c73ca, 0x22f24ec7), TOBN(0x7d37fa9e, 0xe64a9f1b), + TOBN(0x2710841a, 0x15562627), TOBN(0x2c01a613, 0xc243b034), + TOBN(0x1d135c56, 0x2bc68609), TOBN(0xc2ca1715, 0x8b03f1f6), + TOBN(0xc9966c2d, 0x3eb81d82), TOBN(0xc02abf4a, 0x8f6df13e), + TOBN(0x77b34bd7, 0x8f72b43b), TOBN(0xaff6218f, 0x360c82b0), + TOBN(0x0aa5726c, 0x8d55b9d2), TOBN(0xdc0adbe9, 0x99e9bffb), + TOBN(0x9097549c, 0xefb9e72a), TOBN(0x16755712, 0x9dfb3111), + TOBN(0xdd8bf984, 0xf26847f9), TOBN(0xbcb8e387, 0xdfb30cb7), + TOBN(0xc1fd32a7, 0x5171ef9c), TOBN(0x977f3fc7, 0x389b363f), + TOBN(0x116eaf2b, 0xf4babda0), TOBN(0xfeab68bd, 0xf7113c8e), + TOBN(0xd1e3f064, 0xb7def526), TOBN(0x1ac30885, 0xe0b3fa02), + TOBN(0x1c5a6e7b, 0x40142d9d), TOBN(0x839b5603, 0x30921c0b), + TOBN(0x48f301fa, 0x36a116a3), TOBN(0x380e1107, 0xcfd9ee6d), + TOBN(0x7945ead8, 0x58854be1), TOBN(0x4111c12e, 0xcbd4d49d), + TOBN(0xece3b1ec, 0x3a29c2ef), TOBN(0x6356d404, 0x8d3616f5), + TOBN(0x9f0d6a8f, 0x594d320e), TOBN(0x0989316d, 0xf651ccd2), + TOBN(0x6c32117a, 0x0f8fdde4), TOBN(0x9abe5cc5, 0xa26a9bbc), + TOBN(0xcff560fb, 0x9723f671), TOBN(0x21b2a12d, 0x7f3d593c), + TOBN(0xe4cb18da, 0x24ba0696), TOBN(0x186e2220, 0xc3543384), + TOBN(0x722f64e0, 0x88312c29), TOBN(0x94282a99, 0x17dc7752), + TOBN(0x62467bbf, 0x5a85ee89), TOBN(0xf435c650, 0xf10076a0), + TOBN(0xc9ff1539, 0x43b3a50b), TOBN(0x7132130c, 0x1a53efbc), + TOBN(0x31bfe063, 0xf7b0c5b7), TOBN(0xb0179a7d, 0x4ea994cc), + TOBN(0x12d064b3, 0xc85f455b), TOBN(0x47259328, 0x8f6e0062), + TOBN(0xf64e590b, 0xb875d6d9), TOBN(0x22dd6225, 0xad92bcc7), + TOBN(0xb658038e, 0xb9c3bd6d), TOBN(0x00cdb0d6, 0xfbba27c8), + TOBN(0x0c681337, 0x1062c45d), TOBN(0xd8515b8c, 0x2d33407d), + TOBN(0xcb8f699e, 0x8cbb5ecf), TOBN(0x8c4347f8, 0xc608d7d8), + TOBN(0x2c11850a, 0xbb3e00db), TOBN(0x20a8dafd, 0xecb49d19), + TOBN(0xbd781480, 0x45ee2f40), TOBN(0x75e354af, 0x416b60cf), + TOBN(0xde0b58a1, 0x8d49a8c4), TOBN(0xe40e94e2, 0xfa359536), + TOBN(0xbd4fa59f, 0x62accd76), TOBN(0x05cf466a, 0x8c762837), + TOBN(0xb5abda99, 0x448c277b), TOBN(0x5a9e01bf, 0x48b13740), + TOBN(0x9d457798, 0x326aad8d), TOBN(0xbdef4954, 0xc396f7e7), + TOBN(0x6fb274a2, 0xc253e292), TOBN(0x2800bf0a, 0x1cfe53e7), + TOBN(0x22426d31, 0x44438fd4), TOBN(0xef233923, 0x5e259f9a), + TOBN(0x4188503c, 0x03f66264), TOBN(0x9e5e7f13, 0x7f9fdfab), + TOBN(0x565eb76c, 0x5fcc1aba), TOBN(0xea632548, 0x59b5bff8), + TOBN(0x5587c087, 0xaab6d3fa), TOBN(0x92b639ea, 0x6ce39c1b), + TOBN(0x0706e782, 0x953b135c), TOBN(0x7308912e, 0x425268ef), + TOBN(0x599e92c7, 0x090e7469), TOBN(0x83b90f52, 0x9bc35e75), + TOBN(0x4750b3d0, 0x244975b3), TOBN(0xf3a44358, 0x11965d72), + TOBN(0x179c6774, 0x9c8dc751), TOBN(0xff18cdfe, 0xd23d9ff0), + TOBN(0xc4013833, 0x2028e247), TOBN(0x96e280e2, 0xf3bfbc79), + TOBN(0xf60417bd, 0xd0880a84), TOBN(0x263c9f3d, 0x2a568151), + TOBN(0x36be15b3, 0x2d2ce811), TOBN(0x846dc0c2, 0xf8291d21), + TOBN(0x5cfa0ecb, 0x789fcfdb), TOBN(0x45a0beed, 0xd7535b9a), + TOBN(0xec8e9f07, 0x96d69af1), TOBN(0x31a7c5b8, 0x599ab6dc), + TOBN(0xd36d45ef, 0xf9e2e09f), TOBN(0x3cf49ef1, 0xdcee954b), + TOBN(0x6be34cf3, 0x086cff9b), TOBN(0x88dbd491, 0x39a3360f), + TOBN(0x1e96b8cc, 0x0dbfbd1d), TOBN(0xc1e5f7bf, 0xcb7e2552), + TOBN(0x0547b214, 0x28819d98), TOBN(0xc770dd9c, 0x7aea9dcb), + TOBN(0xaef0d4c7, 0x041d68c8), TOBN(0xcc2b9818, 0x13cb9ba8), + TOBN(0x7fc7bc76, 0xfe86c607), TOBN(0x6b7b9337, 0x502a9a95), + TOBN(0x1948dc27, 0xd14dab63), TOBN(0x249dd198, 0xdae047be), + TOBN(0xe8356584, 0xa981a202), TOBN(0x3531dd18, 0x3a893387), + TOBN(0x1be11f90, 0xc85c7209), TOBN(0x93d2fe1e, 0xe2a52b5a), + TOBN(0x8225bfe2, 0xec6d6b97), TOBN(0x9cf6d6f4, 0xbd0aa5de), + TOBN(0x911459cb, 0x54779f5f), TOBN(0x5649cddb, 0x86aeb1f3), + TOBN(0x32133579, 0x3f26ce5a), TOBN(0xc289a102, 0x550f431e), + TOBN(0x559dcfda, 0x73b84c6f), TOBN(0x84973819, 0xee3ac4d7), + TOBN(0xb51e55e6, 0xf2606a82), TOBN(0xe25f7061, 0x90f2fb57), + TOBN(0xacef6c2a, 0xb1a4e37c), TOBN(0x864e359d, 0x5dcf2706), + TOBN(0x479e6b18, 0x7ce57316), TOBN(0x2cab2500, 0x3a96b23d), + TOBN(0xed489862, 0x8ef16df7), TOBN(0x2056538c, 0xef3758b5), + TOBN(0xa7df865e, 0xf15d3101), TOBN(0x80c5533a, 0x61b553d7), + TOBN(0x366e1997, 0x4ed14294), TOBN(0x6620741f, 0xb3c0bcd6), + TOBN(0x21d1d9c4, 0xedc45418), TOBN(0x005b859e, 0xc1cc4a9d), + TOBN(0xdf01f630, 0xa1c462f0), TOBN(0x15d06cf3, 0xf26820c7), + TOBN(0x9f7f24ee, 0x3484be47), TOBN(0x2ff33e96, 0x4a0c902f), + TOBN(0x00bdf457, 0x5a0bc453), TOBN(0x2378dfaf, 0x1aa238db), + TOBN(0x272420ec, 0x856720f2), TOBN(0x2ad9d95b, 0x96797291), + TOBN(0xd1242cc6, 0x768a1558), TOBN(0x2e287f8b, 0x5cc86aa8), + TOBN(0x796873d0, 0x990cecaa), TOBN(0xade55f81, 0x675d4080), + TOBN(0x2645eea3, 0x21f0cd84), TOBN(0x7a1efa0f, 0xb4e17d02), + TOBN(0xf6858420, 0x037cc061), TOBN(0x682e05f0, 0xd5d43e12), + TOBN(0x59c36994, 0x27218710), TOBN(0x85cbba4d, 0x3f7cd2fc), + TOBN(0x726f9729, 0x7a3cd22a), TOBN(0x9f8cd5dc, 0x4a628397), + TOBN(0x17b93ab9, 0xc23165ed), TOBN(0xff5f5dbf, 0x122823d4), + TOBN(0xc1e4e4b5, 0x654a446d), TOBN(0xd1a9496f, 0x677257ba), + TOBN(0x6387ba94, 0xde766a56), TOBN(0x23608bc8, 0x521ec74a), + TOBN(0x16a522d7, 0x6688c4d4), TOBN(0x9d6b4282, 0x07373abd), + TOBN(0xa62f07ac, 0xb42efaa3), TOBN(0xf73e00f7, 0xe3b90180), + TOBN(0x36175fec, 0x49421c3e), TOBN(0xc4e44f9b, 0x3dcf2678), + TOBN(0x76df436b, 0x7220f09f), TOBN(0x172755fb, 0x3aa8b6cf), + TOBN(0xbab89d57, 0x446139cc), TOBN(0x0a0a6e02, 0x5fe0208f), + TOBN(0xcdbb63e2, 0x11e5d399), TOBN(0x33ecaa12, 0xa8977f0b), + TOBN(0x59598b21, 0xf7c42664), TOBN(0xb3e91b32, 0xab65d08a), + TOBN(0x035822ee, 0xf4502526), TOBN(0x1dcf0176, 0x720a82a9), + TOBN(0x50f8598f, 0x3d589e02), TOBN(0xdf0478ff, 0xb1d63d2c), + TOBN(0x8b8068bd, 0x1571cd07), TOBN(0x30c3aa4f, 0xd79670cd), + TOBN(0x25e8fd4b, 0x941ade7f), TOBN(0x3d1debdc, 0x32790011), + TOBN(0x65b6dcbd, 0x3a3f9ff0), TOBN(0x282736a4, 0x793de69c), + TOBN(0xef69a0c3, 0xd41d3bd3), TOBN(0xb533b8c9, 0x07a26bde), + TOBN(0xe2801d97, 0xdb2edf9f), TOBN(0xdc4a8269, 0xe1877af0), + TOBN(0x6c1c5851, 0x3d590dbe), TOBN(0x84632f6b, 0xee4e9357), + TOBN(0xd36d36b7, 0x79b33374), TOBN(0xb46833e3, 0x9bbca2e6), + TOBN(0x37893913, 0xf7fc0586), TOBN(0x385315f7, 0x66bf4719), + TOBN(0x72c56293, 0xb31855dc), TOBN(0xd1416d4e, 0x849061fe), + TOBN(0xbeb3ab78, 0x51047213), TOBN(0x447f6e61, 0xf040c996), + TOBN(0xd06d310d, 0x638b1d0c), TOBN(0xe28a413f, 0xbad1522e), + TOBN(0x685a76cb, 0x82003f86), TOBN(0x610d07f7, 0x0bcdbca3), + TOBN(0x6ff66021, 0x9ca4c455), TOBN(0x7df39b87, 0xcea10eec), + TOBN(0xb9255f96, 0xe22db218), TOBN(0x8cc6d9eb, 0x08a34c44), + TOBN(0xcd4ffb86, 0x859f9276), TOBN(0x8fa15eb2, 0x50d07335), + TOBN(0xdf553845, 0xcf2c24b5), TOBN(0x89f66a9f, 0x52f9c3ba), + TOBN(0x8f22b5b9, 0xe4a7ceb3), TOBN(0xaffef809, 0x0e134686), + TOBN(0x3e53e1c6, 0x8eb8fac2), TOBN(0x93c1e4eb, 0x28aec98e), + TOBN(0xb6b91ec5, 0x32a43bcb), TOBN(0x2dbfa947, 0xb2d74a51), + TOBN(0xe065d190, 0xca84bad7), TOBN(0xfb13919f, 0xad58e65c), + TOBN(0x3c41718b, 0xf1cb6e31), TOBN(0x688969f0, 0x06d05c3f), + TOBN(0xd4f94ce7, 0x21264d45), TOBN(0xfdfb65e9, 0x7367532b), + TOBN(0x5b1be8b1, 0x0945a39d), TOBN(0x229f789c, 0x2b8baf3b), + TOBN(0xd8f41f3e, 0x6f49f15d), TOBN(0x678ce828, 0x907f0792), + TOBN(0xc69ace82, 0xfca6e867), TOBN(0x106451ae, 0xd01dcc89), + TOBN(0x1bb4f7f0, 0x19fc32d2), TOBN(0x64633dfc, 0xb00c52d2), + TOBN(0x8f13549a, 0xad9ea445), TOBN(0x99a3bf50, 0xfb323705), + TOBN(0x0c9625a2, 0x534d4dbc), TOBN(0x45b8f1d1, 0xc2a2fea3), + TOBN(0x76ec21a1, 0xa530fc1a), TOBN(0x4bac9c2a, 0x9e5bd734), + TOBN(0x5996d76a, 0x7b4e3587), TOBN(0x0045cdee, 0x1182d9e3), + TOBN(0x1aee24b9, 0x1207f13d), TOBN(0x66452e97, 0x97345a41), + TOBN(0x16e5b054, 0x9f950cd0), TOBN(0x9cc72fb1, 0xd7fdd075), + TOBN(0x6edd61e7, 0x66249663), TOBN(0xde4caa4d, 0xf043cccb), + TOBN(0x11b1f57a, 0x55c7ac17), TOBN(0x779cbd44, 0x1a85e24d), + TOBN(0x78030f86, 0xe46081e7), TOBN(0xfd4a6032, 0x8e20f643), + TOBN(0xcc7a6488, 0x0a750c0f), TOBN(0x39bacfe3, 0x4e548e83), + TOBN(0x3d418c76, 0x0c110f05), TOBN(0x3e4daa4c, 0xb1f11588), + TOBN(0x2733e7b5, 0x5ffc69ff), TOBN(0x46f147bc, 0x92053127), + TOBN(0x885b2434, 0xd722df94), TOBN(0x6a444f65, 0xe6fc6b7c)}, + {TOBN(0x7a1a465a, 0xc3f16ea8), TOBN(0x115a461d, 0xb2f1d11c), + TOBN(0x4767dd95, 0x6c68a172), TOBN(0x3392f2eb, 0xd13a4698), + TOBN(0xc7a99ccd, 0xe526cdc7), TOBN(0x8e537fdc, 0x22292b81), + TOBN(0x76d8cf69, 0xa6d39198), TOBN(0xffc5ff43, 0x2446852d), + TOBN(0x97b14f7e, 0xa90567e6), TOBN(0x513257b7, 0xb6ae5cb7), + TOBN(0x85454a3c, 0x9f10903d), TOBN(0xd8d2c9ad, 0x69bc3724), + TOBN(0x38da9324, 0x6b29cb44), TOBN(0xb540a21d, 0x77c8cbac), + TOBN(0x9bbfe435, 0x01918e42), TOBN(0xfffa707a, 0x56c3614e), + TOBN(0x0ce4e3f1, 0xd4e353b7), TOBN(0x062d8a14, 0xef46b0a0), + TOBN(0x6408d5ab, 0x574b73fd), TOBN(0xbc41d1c9, 0xd3273ffd), + TOBN(0x3538e1e7, 0x6be77800), TOBN(0x71fe8b37, 0xc5655031), + TOBN(0x1cd91621, 0x6b9b331a), TOBN(0xad825d0b, 0xbb388f73), + TOBN(0x56c2e05b, 0x1cb76219), TOBN(0x0ec0bf91, 0x71567e7e), + TOBN(0xe7076f86, 0x61c4c910), TOBN(0xd67b085b, 0xbabc04d9), + TOBN(0x9fb90459, 0x5e93a96a), TOBN(0x7526c1ea, 0xfbdc249a), + TOBN(0x0d44d367, 0xecdd0bb7), TOBN(0x95399917, 0x9dc0d695), + TOBN(0x61360ee9, 0x9e240d18), TOBN(0x057cdcac, 0xb4b94466), + TOBN(0xe7667cd1, 0x2fe5325c), TOBN(0x1fa297b5, 0x21974e3b), + TOBN(0xfa4081e7, 0xdb083d76), TOBN(0x31993be6, 0xf206bd15), + TOBN(0x8949269b, 0x14c19f8c), TOBN(0x21468d72, 0xa9d92357), + TOBN(0x2ccbc583, 0xa4c506ec), TOBN(0x957ed188, 0xd1acfe97), + TOBN(0x8baed833, 0x12f1aea2), TOBN(0xef2a6cb4, 0x8325362d), + TOBN(0x130dde42, 0x8e195c43), TOBN(0xc842025a, 0x0e6050c6), + TOBN(0x2da972a7, 0x08686a5d), TOBN(0xb52999a1, 0xe508b4a8), + TOBN(0xd9f090b9, 0x10a5a8bd), TOBN(0xca91d249, 0x096864da), + TOBN(0x8e6a93be, 0x3f67dbc1), TOBN(0xacae6fba, 0xf5f4764c), + TOBN(0x1563c6e0, 0xd21411a0), TOBN(0x28fa787f, 0xda0a4ad8), + TOBN(0xd524491c, 0x908c8030), TOBN(0x1257ba0e, 0x4c795f07), + TOBN(0x83f49167, 0xceca9754), TOBN(0x426d2cf6, 0x4b7939a0), + TOBN(0x2555e355, 0x723fd0bf), TOBN(0xa96e6d06, 0xc4f144e2), + TOBN(0x4768a8dd, 0x87880e61), TOBN(0x15543815, 0xe508e4d5), + TOBN(0x09d7e772, 0xb1b65e15), TOBN(0x63439dd6, 0xac302fa0), + TOBN(0xb93f802f, 0xc14e35c2), TOBN(0x71735b7c, 0x4341333c), + TOBN(0x03a25104, 0x16d4f362), TOBN(0x3f4d069b, 0xbf433c8e), + TOBN(0x0d83ae01, 0xf78f5a7c), TOBN(0x50a8ffbe, 0x7c4eed07), + TOBN(0xc74f8906, 0x76e10f83), TOBN(0x7d080966, 0x9ddaf8e1), + TOBN(0xb11df8e1, 0x698e04cc), TOBN(0x877be203, 0x169005c8), + TOBN(0x32749e8c, 0x4f3c6179), TOBN(0x2dbc9d0a, 0x7853fc05), + TOBN(0x187d4f93, 0x9454d937), TOBN(0xe682ce9d, 0xb4800e1b), + TOBN(0xa9129ad8, 0x165e68e8), TOBN(0x0fe29735, 0xbe7f785b), + TOBN(0x5303f40c, 0x5b9e02b7), TOBN(0xa37c9692, 0x35ee04e8), + TOBN(0x5f46cc20, 0x34d6632b), TOBN(0x55ef72b2, 0x96ac545b), + TOBN(0xabec5c1f, 0x7b91b062), TOBN(0x0a79e1c7, 0xbb33e821), + TOBN(0xbb04b428, 0x3a9f4117), TOBN(0x0de1f28f, 0xfd2a475a), + TOBN(0x31019ccf, 0x3a4434b4), TOBN(0xa3458111, 0x1a7954dc), + TOBN(0xa9dac80d, 0xe34972a7), TOBN(0xb043d054, 0x74f6b8dd), + TOBN(0x021c319e, 0x11137b1a), TOBN(0x00a754ce, 0xed5cc03f), + TOBN(0x0aa2c794, 0xcbea5ad4), TOBN(0x093e67f4, 0x70c015b6), + TOBN(0x72cdfee9, 0xc97e3f6b), TOBN(0xc10bcab4, 0xb6da7461), + TOBN(0x3b02d2fc, 0xb59806b9), TOBN(0x85185e89, 0xa1de6f47), + TOBN(0x39e6931f, 0x0eb6c4d4), TOBN(0x4d4440bd, 0xd4fa5b04), + TOBN(0x5418786e, 0x34be7eb8), TOBN(0x6380e521, 0x9d7259bc), + TOBN(0x20ac0351, 0xd598d710), TOBN(0x272c4166, 0xcb3a4da4), + TOBN(0xdb82fe1a, 0xca71de1f), TOBN(0x746e79f2, 0xd8f54b0f), + TOBN(0x6e7fc736, 0x4b573e9b), TOBN(0x75d03f46, 0xfd4b5040), + TOBN(0x5c1cc36d, 0x0b98d87b), TOBN(0x513ba3f1, 0x1f472da1), + TOBN(0x79d0af26, 0xabb177dd), TOBN(0xf82ab568, 0x7891d564), + TOBN(0x2b6768a9, 0x72232173), TOBN(0xefbb3bb0, 0x8c1f6619), + TOBN(0xb29c11db, 0xa6d18358), TOBN(0x519e2797, 0xb0916d3a), + TOBN(0xd4dc18f0, 0x9188e290), TOBN(0x648e86e3, 0x98b0ca7f), + TOBN(0x859d3145, 0x983c38b5), TOBN(0xb14f176c, 0x637abc8b), + TOBN(0x2793fb9d, 0xcaff7be6), TOBN(0xebe5a55f, 0x35a66a5a), + TOBN(0x7cec1dcd, 0x9f87dc59), TOBN(0x7c595cd3, 0xfbdbf560), + TOBN(0x5b543b22, 0x26eb3257), TOBN(0x69080646, 0xc4c935fd), + TOBN(0x7f2e4403, 0x81e9ede3), TOBN(0x243c3894, 0xcaf6df0a), + TOBN(0x7c605bb1, 0x1c073b11), TOBN(0xcd06a541, 0xba6a4a62), + TOBN(0x29168949, 0x49d4e2e5), TOBN(0x33649d07, 0x4af66880), + TOBN(0xbfc0c885, 0xe9a85035), TOBN(0xb4e52113, 0xfc410f4b), + TOBN(0xdca3b706, 0x78a6513b), TOBN(0x92ea4a2a, 0x9edb1943), + TOBN(0x02642216, 0xdb6e2dd8), TOBN(0x9b45d0b4, 0x9fd57894), + TOBN(0x114e70db, 0xc69d11ae), TOBN(0x1477dd19, 0x4c57595f), + TOBN(0xbc2208b4, 0xec77c272), TOBN(0x95c5b4d7, 0xdb68f59c), + TOBN(0xb8c4fc63, 0x42e532b7), TOBN(0x386ba422, 0x9ae35290), + TOBN(0xfb5dda42, 0xd201ecbc), TOBN(0x2353dc8b, 0xa0e38fd6), + TOBN(0x9a0b85ea, 0x68f7e978), TOBN(0x96ec5682, 0x2ad6d11f), + TOBN(0x5e279d6c, 0xe5f6886d), TOBN(0xd3fe03cd, 0x3cb1914d), + TOBN(0xfe541fa4, 0x7ea67c77), TOBN(0x952bd2af, 0xe3ea810c), + TOBN(0x791fef56, 0x8d01d374), TOBN(0xa3a1c621, 0x0f11336e), + TOBN(0x5ad0d5a9, 0xc7ec6d79), TOBN(0xff7038af, 0x3225c342), + TOBN(0x003c6689, 0xbc69601b), TOBN(0x25059bc7, 0x45e8747d), + TOBN(0xfa4965b2, 0xf2086fbf), TOBN(0xf6840ea6, 0x86916078), + TOBN(0xd7ac7620, 0x70081d6c), TOBN(0xe600da31, 0xb5328645), + TOBN(0x01916f63, 0x529b8a80), TOBN(0xe80e4858, 0x2d7d6f3e), + TOBN(0x29eb0fe8, 0xd664ca7c), TOBN(0xf017637b, 0xe7b43b0c), + TOBN(0x9a75c806, 0x76cb2566), TOBN(0x8f76acb1, 0xb24892d9), + TOBN(0x7ae7b9cc, 0x1f08fe45), TOBN(0x19ef7329, 0x6a4907d8), + TOBN(0x2db4ab71, 0x5f228bf0), TOBN(0xf3cdea39, 0x817032d7), + TOBN(0x0b1f482e, 0xdcabe3c0), TOBN(0x3baf76b4, 0xbb86325c), + TOBN(0xd49065e0, 0x10089465), TOBN(0x3bab5d29, 0x8e77c596), + TOBN(0x7636c3a6, 0x193dbd95), TOBN(0xdef5d294, 0xb246e499), + TOBN(0xb22c58b9, 0x286b2475), TOBN(0xa0b93939, 0xcd80862b), + TOBN(0x3002c83a, 0xf0992388), TOBN(0x6de01f9b, 0xeacbe14c), + TOBN(0x6aac688e, 0xadd70482), TOBN(0x708de92a, 0x7b4a4e8a), + TOBN(0x75b6dd73, 0x758a6eef), TOBN(0xea4bf352, 0x725b3c43), + TOBN(0x10041f2c, 0x87912868), TOBN(0xb1b1be95, 0xef09297a), + TOBN(0x19ae23c5, 0xa9f3860a), TOBN(0xc4f0f839, 0x515dcf4b), + TOBN(0x3c7ecca3, 0x97f6306a), TOBN(0x744c44ae, 0x68a3a4b0), + TOBN(0x69cd13a0, 0xb3a1d8a2), TOBN(0x7cad0a1e, 0x5256b578), + TOBN(0xea653fcd, 0x33791d9e), TOBN(0x9cc2a05d, 0x74b2e05f), + TOBN(0x73b391dc, 0xfd7affa2), TOBN(0xddb7091e, 0xb6b05442), + TOBN(0xc71e27bf, 0x8538a5c6), TOBN(0x195c63dd, 0x89abff17), + TOBN(0xfd315285, 0x1b71e3da), TOBN(0x9cbdfda7, 0xfa680fa0), + TOBN(0x9db876ca, 0x849d7eab), TOBN(0xebe2764b, 0x3c273271), + TOBN(0x663357e3, 0xf208dcea), TOBN(0x8c5bd833, 0x565b1b70), + TOBN(0xccc3b4f5, 0x9837fc0d), TOBN(0x9b641ba8, 0xa79cf00f), + TOBN(0x7428243d, 0xdfdf3990), TOBN(0x83a594c4, 0x020786b1), + TOBN(0xb712451a, 0x526c4502), TOBN(0x9d39438e, 0x6adb3f93), + TOBN(0xfdb261e3, 0xe9ff0ccd), TOBN(0x80344e3c, 0xe07af4c3), + TOBN(0x75900d7c, 0x2fa4f126), TOBN(0x08a3b865, 0x5c99a232), + TOBN(0x2478b6bf, 0xdb25e0c3), TOBN(0x482cc2c2, 0x71db2edf), + TOBN(0x37df7e64, 0x5f321bb8), TOBN(0x8a93821b, 0x9a8005b4), + TOBN(0x3fa2f10c, 0xcc8c1958), TOBN(0x0d332218, 0x2c269d0a), + TOBN(0x20ab8119, 0xe246b0e6), TOBN(0xb39781e4, 0xd349fd17), + TOBN(0xd293231e, 0xb31aa100), TOBN(0x4b779c97, 0xbb032168), + TOBN(0x4b3f19e1, 0xc8470500), TOBN(0x45b7efe9, 0x0c4c869d), + TOBN(0xdb84f38a, 0xa1a6bbcc), TOBN(0x3b59cb15, 0xb2fddbc1), + TOBN(0xba5514df, 0x3fd165e8), TOBN(0x499fd6a9, 0x061f8811), + TOBN(0x72cd1fe0, 0xbfef9f00), TOBN(0x120a4bb9, 0x79ad7e8a), + TOBN(0xf2ffd095, 0x5f4a5ac5), TOBN(0xcfd174f1, 0x95a7a2f0), + TOBN(0xd42301ba, 0x9d17baf1), TOBN(0xd2fa487a, 0x77f22089), + TOBN(0x9cb09efe, 0xb1dc77e1), TOBN(0xe9566939, 0x21c99682), + TOBN(0x8c546901, 0x6c6067bb), TOBN(0xfd378574, 0x61c24456), + TOBN(0x2b6a6cbe, 0x81796b33), TOBN(0x62d550f6, 0x58e87f8b), + TOBN(0x1b763e1c, 0x7f1b01b4), TOBN(0x4b93cfea, 0x1b1b5e12), + TOBN(0xb9345238, 0x1d531696), TOBN(0x57201c00, 0x88cdde69), + TOBN(0xdde92251, 0x9a86afc7), TOBN(0xe3043895, 0xbd35cea8), + TOBN(0x7608c1e1, 0x8555970d), TOBN(0x8267dfa9, 0x2535935e), + TOBN(0xd4c60a57, 0x322ea38b), TOBN(0xe0bf7977, 0x804ef8b5), + TOBN(0x1a0dab28, 0xc06fece4), TOBN(0xd405991e, 0x94e7b49d), + TOBN(0xc542b6d2, 0x706dab28), TOBN(0xcb228da3, 0xa91618fb), + TOBN(0x224e4164, 0x107d1cea), TOBN(0xeb9fdab3, 0xd0f5d8f1), + TOBN(0xc02ba386, 0x0d6e41cd), TOBN(0x676a72c5, 0x9b1f7146), + TOBN(0xffd6dd98, 0x4d6cb00b), TOBN(0xcef9c5ca, 0xde2e8d7c), + TOBN(0xa1bbf5d7, 0x641c7936), TOBN(0x1b95b230, 0xee8f772e), + TOBN(0xf765a92e, 0xe8ac25b1), TOBN(0xceb04cfc, 0x3a18b7c6), + TOBN(0x27944cef, 0x0acc8966), TOBN(0xcbb3c957, 0x434c1004), + TOBN(0x9c9971a1, 0xa43ff93c), TOBN(0x5bc2db17, 0xa1e358a9), + TOBN(0x45b4862e, 0xa8d9bc82), TOBN(0x70ebfbfb, 0x2201e052), + TOBN(0xafdf64c7, 0x92871591), TOBN(0xea5bcae6, 0xb42d0219), + TOBN(0xde536c55, 0x2ad8f03c), TOBN(0xcd6c3f4d, 0xa76aa33c), + TOBN(0xbeb5f623, 0x0bca6de3), TOBN(0xdd20dd99, 0xb1e706fd), + TOBN(0x90b3ff9d, 0xac9059d4), TOBN(0x2d7b2902, 0x7ccccc4e), + TOBN(0x8a090a59, 0xce98840f), TOBN(0xa5d947e0, 0x8410680a), + TOBN(0x49ae346a, 0x923379a5), TOBN(0x7dbc84f9, 0xb28a3156), + TOBN(0xfd40d916, 0x54a1aff2), TOBN(0xabf318ba, 0x3a78fb9b), + TOBN(0x50152ed8, 0x3029f95e), TOBN(0x9fc1dd77, 0xc58ad7fa), + TOBN(0x5fa57915, 0x13595c17), TOBN(0xb9504668, 0x8f62b3a9), + TOBN(0x907b5b24, 0xff3055b0), TOBN(0x2e995e35, 0x9a84f125), + TOBN(0x87dacf69, 0x7e9bbcfb), TOBN(0x95d0c1d6, 0xe86d96e3), + TOBN(0x65726e3c, 0x2d95a75c), TOBN(0x2c3c9001, 0xacd27f21), + TOBN(0x1deab561, 0x6c973f57), TOBN(0x108b7e2c, 0xa5221643), + TOBN(0x5fee9859, 0xc4ef79d4), TOBN(0xbd62b88a, 0x40d4b8c6), + TOBN(0xb4dd29c4, 0x197c75d6), TOBN(0x266a6df2, 0xb7076feb), + TOBN(0x9512d0ea, 0x4bf2df11), TOBN(0x1320c24f, 0x6b0cc9ec), + TOBN(0x6bb1e0e1, 0x01a59596), TOBN(0x8317c5bb, 0xeff9aaac), + TOBN(0x65bb405e, 0x385aa6c9), TOBN(0x613439c1, 0x8f07988f), + TOBN(0xd730049f, 0x16a66e91), TOBN(0xe97f2820, 0xfa1b0e0d), + TOBN(0x4131e003, 0x304c28ea), TOBN(0x820ab732, 0x526bac62), + TOBN(0xb2ac9ef9, 0x28714423), TOBN(0x54ecfffa, 0xadb10cb2), + TOBN(0x8781476e, 0xf886a4cc), TOBN(0x4b2c87b5, 0xdb2f8d49), + TOBN(0xe857cd20, 0x0a44295d), TOBN(0x707d7d21, 0x58c6b044), + TOBN(0xae8521f9, 0xf596757c), TOBN(0x87448f03, 0x67b2b714), + TOBN(0x13a9bc45, 0x5ebcd58d), TOBN(0x79bcced9, 0x9122d3c1), + TOBN(0x3c644247, 0x9e076642), TOBN(0x0cf22778, 0x2df4767d), + TOBN(0x5e61aee4, 0x71d444b6), TOBN(0x211236bf, 0xc5084a1d), + TOBN(0x7e15bc9a, 0x4fd3eaf6), TOBN(0x68df2c34, 0xab622bf5), + TOBN(0x9e674f0f, 0x59bf4f36), TOBN(0xf883669b, 0xd7f34d73), + TOBN(0xc48ac1b8, 0x31497b1d), TOBN(0x323b925d, 0x5106703b), + TOBN(0x22156f42, 0x74082008), TOBN(0xeffc521a, 0xc8482bcb), + TOBN(0x5c6831bf, 0x12173479), TOBN(0xcaa2528f, 0xc4739490), + TOBN(0x84d2102a, 0x8f1b3c4d), TOBN(0xcf64dfc1, 0x2d9bec0d), + TOBN(0x433febad, 0x78a546ef), TOBN(0x1f621ec3, 0x7b73cef1), + TOBN(0x6aecd627, 0x37338615), TOBN(0x162082ab, 0x01d8edf6), + TOBN(0x833a8119, 0x19e86b66), TOBN(0x6023a251, 0xd299b5db), + TOBN(0xf5bb0c3a, 0xbbf04b89), TOBN(0x6735eb69, 0xae749a44), + TOBN(0xd0e058c5, 0x4713de3b), TOBN(0xfdf2593e, 0x2c3d4ccd), + TOBN(0x1b8f414e, 0xfdd23667), TOBN(0xdd52aaca, 0xfa2015ee), + TOBN(0x3e31b517, 0xbd9625ff), TOBN(0x5ec9322d, 0x8db5918c), + TOBN(0xbc73ac85, 0xa96f5294), TOBN(0x82aa5bf3, 0x61a0666a), + TOBN(0x49755810, 0xbf08ac42), TOBN(0xd21cdfd5, 0x891cedfc), + TOBN(0x918cb57b, 0x67f8be10), TOBN(0x365d1a7c, 0x56ffa726), + TOBN(0x2435c504, 0x6532de93), TOBN(0xc0fc5e10, 0x2674cd02), + TOBN(0x6e51fcf8, 0x9cbbb142), TOBN(0x1d436e5a, 0xafc50692), + TOBN(0x766bffff, 0x3fbcae22), TOBN(0x3148c2fd, 0xfd55d3b8), + TOBN(0x52c7fdc9, 0x233222fa), TOBN(0x89ff1092, 0xe419fb6b), + TOBN(0x3cd6db99, 0x25254977), TOBN(0x2e85a161, 0x1cf12ca7), + TOBN(0xadd2547c, 0xdc810bc9), TOBN(0xea3f458f, 0x9d257c22), + TOBN(0x642c1fbe, 0x27d6b19b), TOBN(0xed07e6b5, 0x140481a6), + TOBN(0x6ada1d42, 0x86d2e0f8), TOBN(0xe5920122, 0x0e8a9fd5), + TOBN(0x02c936af, 0x708c1b49), TOBN(0x60f30fee, 0x2b4bfaff), + TOBN(0x6637ad06, 0x858e6a61), TOBN(0xce4c7767, 0x3fd374d0), + TOBN(0x39d54b2d, 0x7188defb), TOBN(0xa8c9d250, 0xf56a6b66), + TOBN(0x58fc0f5e, 0xb24fe1dc), TOBN(0x9eaf9dee, 0x6b73f24c), + TOBN(0xa90d588b, 0x33650705), TOBN(0xde5b62c5, 0xaf2ec729), + TOBN(0x5c72cfae, 0xd3c2b36e), TOBN(0x868c19d5, 0x034435da), + TOBN(0x88605f93, 0xe17ee145), TOBN(0xaa60c4ee, 0x77a5d5b1), + TOBN(0xbcf5bfd2, 0x3b60c472), TOBN(0xaf4ef13c, 0xeb1d3049), + TOBN(0x373f44fc, 0xe13895c9), TOBN(0xf29b382f, 0x0cbc9822), + TOBN(0x1bfcb853, 0x73efaef6), TOBN(0xcf56ac9c, 0xa8c96f40), + TOBN(0xd7adf109, 0x7a191e24), TOBN(0x98035f44, 0xbf8a8dc2), + TOBN(0xf40a71b9, 0x1e750c84), TOBN(0xc57f7b0c, 0x5dc6c469), + TOBN(0x49a0e79c, 0x6fbc19c1), TOBN(0x6b0f5889, 0xa48ebdb8), + TOBN(0x5d3fd084, 0xa07c4e9f), TOBN(0xc3830111, 0xab27de14), + TOBN(0x0e4929fe, 0x33e08dcc), TOBN(0xf4a5ad24, 0x40bb73a3), + TOBN(0xde86c2bf, 0x490f97ca), TOBN(0x288f09c6, 0x67a1ce18), + TOBN(0x364bb886, 0x1844478d), TOBN(0x7840fa42, 0xceedb040), + TOBN(0x1269fdd2, 0x5a631b37), TOBN(0x94761f1e, 0xa47c8b7d), + TOBN(0xfc0c2e17, 0x481c6266), TOBN(0x85e16ea2, 0x3daa5fa7), + TOBN(0xccd86033, 0x92491048), TOBN(0x0c2f6963, 0xf4d402d7), + TOBN(0x6336f7df, 0xdf6a865c), TOBN(0x0a2a463c, 0xb5c02a87), + TOBN(0xb0e29be7, 0xbf2f12ee), TOBN(0xf0a22002, 0x66bad988), + TOBN(0x27f87e03, 0x9123c1d7), TOBN(0x21669c55, 0x328a8c98), + TOBN(0x186b9803, 0x92f14529), TOBN(0xd3d056cc, 0x63954df3), + TOBN(0x2f03fd58, 0x175a46f6), TOBN(0x63e34ebe, 0x11558558), + TOBN(0xe13fedee, 0x5b80cfa5), TOBN(0xe872a120, 0xd401dbd1), + TOBN(0x52657616, 0xe8a9d667), TOBN(0xbc8da4b6, 0xe08d6693), + TOBN(0x370fb9bb, 0x1b703e75), TOBN(0x6773b186, 0xd4338363), + TOBN(0x18dad378, 0xecef7bff), TOBN(0xaac787ed, 0x995677da), + TOBN(0x4801ea8b, 0x0437164b), TOBN(0xf430ad20, 0x73fe795e), + TOBN(0xb164154d, 0x8ee5eb73), TOBN(0x0884ecd8, 0x108f7c0e), + TOBN(0x0e6ec096, 0x5f520698), TOBN(0x640631fe, 0x44f7b8d9), + TOBN(0x92fd34fc, 0xa35a68b9), TOBN(0x9c5a4b66, 0x4d40cf4e), + TOBN(0x949454bf, 0x80b6783d), TOBN(0x80e701fe, 0x3a320a10), + TOBN(0x8d1a564a, 0x1a0a39b2), TOBN(0x1436d53d, 0x320587db), + TOBN(0xf5096e6d, 0x6556c362), TOBN(0xbc23a3c0, 0xe2455d7e), + TOBN(0x3a7aee54, 0x807230f9), TOBN(0x9ba1cfa6, 0x22ae82fd), + TOBN(0x833a057a, 0x99c5d706), TOBN(0x8be85f4b, 0x842315c9), + TOBN(0xd083179a, 0x66a72f12), TOBN(0x2fc77d5d, 0xcdcc73cd), + TOBN(0x22b88a80, 0x5616ee30), TOBN(0xfb09548f, 0xe7ab1083), + TOBN(0x8ad6ab0d, 0x511270cd), TOBN(0x61f6c57a, 0x6924d9ab), + TOBN(0xa0f7bf72, 0x90aecb08), TOBN(0x849f87c9, 0x0df784a4), + TOBN(0x27c79c15, 0xcfaf1d03), TOBN(0xbbf9f675, 0xc463face), + TOBN(0x91502c65, 0x765ba543), TOBN(0x18ce3cac, 0x42ea60dd), + TOBN(0xe5cee6ac, 0x6e43ecb3), TOBN(0x63e4e910, 0x68f2aeeb), + TOBN(0x26234fa3, 0xc85932ee), TOBN(0x96883e8b, 0x4c90c44d), + TOBN(0x29b9e738, 0xa18a50f6), TOBN(0xbfc62b2a, 0x3f0420df), + TOBN(0xd22a7d90, 0x6d3e1fa9), TOBN(0x17115618, 0xfe05b8a3), + TOBN(0x2a0c9926, 0xbb2b9c01), TOBN(0xc739fcc6, 0xe07e76a2), + TOBN(0x540e9157, 0x165e439a), TOBN(0x06353a62, 0x6a9063d8), + TOBN(0x84d95594, 0x61e927a3), TOBN(0x013b9b26, 0xe2e0be7f), + TOBN(0x4feaec3b, 0x973497f1), TOBN(0x15c0f94e, 0x093ebc2d), + TOBN(0x6af5f227, 0x33af0583), TOBN(0x0c2af206, 0xc61f3340), + TOBN(0xd25dbdf1, 0x4457397c), TOBN(0x2e8ed017, 0xcabcbae0), + TOBN(0xe3010938, 0xc2815306), TOBN(0xbaa99337, 0xe8c6cd68), + TOBN(0x08513182, 0x3b0ec7de), TOBN(0x1e1b822b, 0x58df05df), + TOBN(0x5c14842f, 0xa5c3b683), TOBN(0x98fe977e, 0x3eba34ce), + TOBN(0xfd2316c2, 0x0d5e8873), TOBN(0xe48d839a, 0xbd0d427d), + TOBN(0x495b2218, 0x623fc961), TOBN(0x24ee56e7, 0xb46fba5e), + TOBN(0x9184a55b, 0x91e4de58), TOBN(0xa7488ca5, 0xdfdea288), + TOBN(0xa723862e, 0xa8dcc943), TOBN(0x92d762b2, 0x849dc0fc), + TOBN(0x3c444a12, 0x091ff4a9), TOBN(0x581113fa, 0x0cada274), + TOBN(0xb9de0a45, 0x30d8eae2), TOBN(0x5e0fcd85, 0xdf6b41ea), + TOBN(0x6233ea68, 0xc094dbb5), TOBN(0xb77d062e, 0xd968d410), + TOBN(0x3e719bbc, 0x58b3002d), TOBN(0x68e7dd3d, 0x3dc49d58), + TOBN(0x8d825740, 0x013a5e58), TOBN(0x21311747, 0x3c9e3c1b), + TOBN(0x0cb0a2a7, 0x7c99b6ab), TOBN(0x5c48a3b3, 0xc2f888f2)}, + {TOBN(0xc7913e91, 0x991724f3), TOBN(0x5eda799c, 0x39cbd686), + TOBN(0xddb595c7, 0x63d4fc1e), TOBN(0x6b63b80b, 0xac4fed54), + TOBN(0x6ea0fc69, 0x7e5fb516), TOBN(0x737708ba, 0xd0f1c964), + TOBN(0x9628745f, 0x11a92ca5), TOBN(0x61f37958, 0x9a86967a), + TOBN(0x9af39b2c, 0xaa665072), TOBN(0x78322fa4, 0xefd324ef), + TOBN(0x3d153394, 0xc327bd31), TOBN(0x81d5f271, 0x3129dab0), + TOBN(0xc72e0c42, 0xf48027f5), TOBN(0xaa40cdbc, 0x8536e717), + TOBN(0xf45a657a, 0x2d369d0f), TOBN(0xb03bbfc4, 0xea7f74e6), + TOBN(0x46a8c418, 0x0d738ded), TOBN(0x6f1a5bb0, 0xe0de5729), + TOBN(0xf10230b9, 0x8ba81675), TOBN(0x32c6f30c, 0x112b33d4), + TOBN(0x7559129d, 0xd8fffb62), TOBN(0x6a281b47, 0xb459bf05), + TOBN(0x77c1bd3a, 0xfa3b6776), TOBN(0x0709b380, 0x7829973a), + TOBN(0x8c26b232, 0xa3326505), TOBN(0x38d69272, 0xee1d41bf), + TOBN(0x0459453e, 0xffe32afa), TOBN(0xce8143ad, 0x7cb3ea87), + TOBN(0x932ec1fa, 0x7e6ab666), TOBN(0x6cd2d230, 0x22286264), + TOBN(0x459a46fe, 0x6736f8ed), TOBN(0x50bf0d00, 0x9eca85bb), + TOBN(0x0b825852, 0x877a21ec), TOBN(0x300414a7, 0x0f537a94), + TOBN(0x3f1cba40, 0x21a9a6a2), TOBN(0x50824eee, 0x76943c00), + TOBN(0xa0dbfcec, 0xf83cba5d), TOBN(0xf9538148, 0x93b4f3c0), + TOBN(0x61744162, 0x48f24dd7), TOBN(0x5322d64d, 0xe4fb09dd), + TOBN(0x57447384, 0x3d9325f3), TOBN(0xa9bef2d0, 0xf371cb84), + TOBN(0x77d2188b, 0xa61e36c5), TOBN(0xbbd6a7d7, 0xc602df72), + TOBN(0xba3aa902, 0x8f61bc0b), TOBN(0xf49085ed, 0x6ed0b6a1), + TOBN(0x8bc625d6, 0xae6e8298), TOBN(0x832b0b1d, 0xa2e9c01d), + TOBN(0xa337c447, 0xf1f0ced1), TOBN(0x800cc793, 0x9492dd2b), + TOBN(0x4b93151d, 0xbea08efa), TOBN(0x820cf3f8, 0xde0a741e), + TOBN(0xff1982dc, 0x1c0f7d13), TOBN(0xef921960, 0x84dde6ca), + TOBN(0x1ad7d972, 0x45f96ee3), TOBN(0x319c8dbe, 0x29dea0c7), + TOBN(0xd3ea3871, 0x7b82b99b), TOBN(0x75922d4d, 0x470eb624), + TOBN(0x8f66ec54, 0x3b95d466), TOBN(0x66e673cc, 0xbee1e346), + TOBN(0x6afe67c4, 0xb5f2b89a), TOBN(0x3de9c1e6, 0x290e5cd3), + TOBN(0x8c278bb6, 0x310a2ada), TOBN(0x420fa384, 0x0bdb323b), + TOBN(0x0ae1d63b, 0x0eb919b0), TOBN(0xd74ee51d, 0xa74b9620), + TOBN(0x395458d0, 0xa674290c), TOBN(0x324c930f, 0x4620a510), + TOBN(0x2d1f4d19, 0xfbac27d4), TOBN(0x4086e8ca, 0x9bedeeac), + TOBN(0x0cdd211b, 0x9b679ab8), TOBN(0x5970167d, 0x7090fec4), + TOBN(0x3420f2c9, 0xfaf1fc63), TOBN(0x616d333a, 0x328c8bb4), + TOBN(0x7d65364c, 0x57f1fe4a), TOBN(0x9343e877, 0x55e5c73a), + TOBN(0x5795176b, 0xe970e78c), TOBN(0xa36ccebf, 0x60533627), + TOBN(0xfc7c7380, 0x09cdfc1b), TOBN(0xb39a2afe, 0xb3fec326), + TOBN(0xb7ff1ba1, 0x6224408a), TOBN(0xcc856e92, 0x247cfc5e), + TOBN(0x01f102e7, 0xc18bc493), TOBN(0x4613ab74, 0x2091c727), + TOBN(0xaa25e89c, 0xc420bf2b), TOBN(0x00a53176, 0x90337ec2), + TOBN(0xd2be9f43, 0x7d025fc7), TOBN(0x3316fb85, 0x6e6fe3dc), + TOBN(0x27520af5, 0x9ac50814), TOBN(0xfdf95e78, 0x9a8e4223), + TOBN(0xb7e7df2a, 0x56bec5a0), TOBN(0xf7022f7d, 0xdf159e5d), + TOBN(0x93eeeab1, 0xcac1fe8f), TOBN(0x8040188c, 0x37451168), + TOBN(0x7ee8aa8a, 0xd967dce6), TOBN(0xfa0e79e7, 0x3abc9299), + TOBN(0x67332cfc, 0x2064cfd1), TOBN(0x339c31de, 0xb0651934), + TOBN(0x719b28d5, 0x2a3bcbea), TOBN(0xee74c82b, 0x9d6ae5c6), + TOBN(0x0927d05e, 0xbaf28ee6), TOBN(0x82cecf2c, 0x9d719028), + TOBN(0x0b0d353e, 0xddb30289), TOBN(0xfe4bb977, 0xfddb2e29), + TOBN(0xbb5bb990, 0x640bfd9e), TOBN(0xd226e277, 0x82f62108), + TOBN(0x4bf00985, 0x02ffdd56), TOBN(0x7756758a, 0x2ca1b1b5), + TOBN(0xc32b62a3, 0x5285fe91), TOBN(0xedbc546a, 0x8c9cd140), + TOBN(0x1e47a013, 0xaf5cb008), TOBN(0xbca7e720, 0x073ce8f2), + TOBN(0xe10b2ab8, 0x17a91cae), TOBN(0xb89aab65, 0x08e27f63), + TOBN(0x7b3074a7, 0xdba3ddf9), TOBN(0x1c20ce09, 0x330c2972), + TOBN(0x6b9917b4, 0x5fcf7e33), TOBN(0xe6793743, 0x945ceb42), + TOBN(0x18fc2215, 0x5c633d19), TOBN(0xad1adb3c, 0xc7485474), + TOBN(0x646f9679, 0x6424c49b), TOBN(0xf888dfe8, 0x67c241c9), + TOBN(0xe12d4b93, 0x24f68b49), TOBN(0x9a6b62d8, 0xa571df20), + TOBN(0x81b4b26d, 0x179483cb), TOBN(0x666f9632, 0x9511fae2), + TOBN(0xd281b3e4, 0xd53aa51f), TOBN(0x7f96a765, 0x7f3dbd16), + TOBN(0xa7f8b5bf, 0x074a30ce), TOBN(0xd7f52107, 0x005a32e6), + TOBN(0x6f9e0907, 0x50237ed4), TOBN(0x2f21da47, 0x8096fa2b), + TOBN(0xf3e19cb4, 0xeec863a0), TOBN(0xd18f77fd, 0x9527620a), + TOBN(0x9505c81c, 0x407c1cf8), TOBN(0x9998db4e, 0x1b6ec284), + TOBN(0x7e3389e5, 0xc247d44d), TOBN(0x12507141, 0x3f4f3d80), + TOBN(0xd4ba0110, 0x4a78a6c7), TOBN(0x312874a0, 0x767720be), + TOBN(0xded059a6, 0x75944370), TOBN(0xd6123d90, 0x3b2c0bdd), + TOBN(0xa56b717b, 0x51c108e3), TOBN(0x9bb7940e, 0x070623e9), + TOBN(0x794e2d59, 0x84ac066c), TOBN(0xf5954a92, 0xe68c69a0), + TOBN(0x28c52458, 0x4fd99dcc), TOBN(0x60e639fc, 0xb1012517), + TOBN(0xc2e60125, 0x7de79248), TOBN(0xe9ef6404, 0xf12fc6d7), + TOBN(0x4c4f2808, 0x2a3b5d32), TOBN(0x865ad32e, 0xc768eb8a), + TOBN(0xac02331b, 0x13fb70b6), TOBN(0x037b44c1, 0x95599b27), + TOBN(0x1a860fc4, 0x60bd082c), TOBN(0xa2e25745, 0xc980cd01), + TOBN(0xee3387a8, 0x1da0263e), TOBN(0x931bfb95, 0x2d10f3d6), + TOBN(0x5b687270, 0xa1f24a32), TOBN(0xf140e65d, 0xca494b86), + TOBN(0x4f4ddf91, 0xb2f1ac7a), TOBN(0xf99eaabb, 0x760fee27), + TOBN(0x57f4008a, 0x49c228e5), TOBN(0x090be440, 0x1cf713bb), + TOBN(0xac91fbe4, 0x5004f022), TOBN(0xd838c2c2, 0x569e1af6), + TOBN(0xd6c7d20b, 0x0f1daaa5), TOBN(0xaa063ac1, 0x1bbb02c0), + TOBN(0x0938a422, 0x59558a78), TOBN(0x5343c669, 0x8435da2f), + TOBN(0x96f67b18, 0x034410dc), TOBN(0x7cc1e424, 0x84510804), + TOBN(0x86a1543f, 0x16dfbb7d), TOBN(0x921fa942, 0x5b5bd592), + TOBN(0x9dcccb6e, 0xb33dd03c), TOBN(0x8581ddd9, 0xb843f51e), + TOBN(0x54935fcb, 0x81d73c9e), TOBN(0x6d07e979, 0x0a5e97ab), + TOBN(0x4dc7b30a, 0xcf3a6bab), TOBN(0x147ab1f3, 0x170bee11), + TOBN(0x0aaf8e3d, 0x9fafdee4), TOBN(0xfab3dbcb, 0x538a8b95), + TOBN(0x405df4b3, 0x6ef13871), TOBN(0xf1f4e9cb, 0x088d5a49), + TOBN(0x9bcd24d3, 0x66b33f1d), TOBN(0x3b97b820, 0x5ce445c0), + TOBN(0xe2926549, 0xba93ff61), TOBN(0xd9c341ce, 0x4dafe616), + TOBN(0xfb30a76e, 0x16efb6f3), TOBN(0xdf24b8ca, 0x605b953c), + TOBN(0x8bd52afe, 0xc2fffb9f), TOBN(0xbbac5ff7, 0xe19d0b96), + TOBN(0x43c01b87, 0x459afccd), TOBN(0x6bd45143, 0xb7432652), + TOBN(0x84734530, 0x55b5d78e), TOBN(0x81088fdb, 0x1554ba7d), + TOBN(0xada0a52c, 0x1e269375), TOBN(0xf9f037c4, 0x2dc5ec10), + TOBN(0xc0660607, 0x94bfbc11), TOBN(0xc0a630bb, 0xc9c40d2f), + TOBN(0x5efc797e, 0xab64c31e), TOBN(0xffdb1dab, 0x74507144), + TOBN(0xf6124287, 0x1ca6790c), TOBN(0xe9609d81, 0xe69bf1bf), + TOBN(0xdb898595, 0x00d24fc9), TOBN(0x9c750333, 0xe51fb417), + TOBN(0x51830a91, 0xfef7bbde), TOBN(0x0ce67dc8, 0x945f585c), + TOBN(0x9a730ed4, 0x4763eb50), TOBN(0x24a0e221, 0xc1ab0d66), + TOBN(0x643b6393, 0x648748f3), TOBN(0x1982daa1, 0x6d3c6291), + TOBN(0x6f00a9f7, 0x8bbc5549), TOBN(0x7a1783e1, 0x7f36384e), + TOBN(0xe8346323, 0xde977f50), TOBN(0x91ab688d, 0xb245502a), + TOBN(0x331ab6b5, 0x6d0bdd66), TOBN(0x0a6ef32e, 0x64b71229), + TOBN(0x1028150e, 0xfe7c352f), TOBN(0x27e04350, 0xce7b39d3), + TOBN(0x2a3c8acd, 0xc1070c82), TOBN(0xfb2034d3, 0x80c9feef), + TOBN(0x2d729621, 0x709f3729), TOBN(0x8df290bf, 0x62cb4549), + TOBN(0x02f99f33, 0xfc2e4326), TOBN(0x3b30076d, 0x5eddf032), + TOBN(0xbb21f8cf, 0x0c652fb5), TOBN(0x314fb49e, 0xed91cf7b), + TOBN(0xa013eca5, 0x2f700750), TOBN(0x2b9e3c23, 0x712a4575), + TOBN(0xe5355557, 0xaf30fbb0), TOBN(0x1ada3516, 0x7c77e771), + TOBN(0x45f6ecb2, 0x7b135670), TOBN(0xe85d19df, 0x7cfc202e), + TOBN(0x0f1b50c7, 0x58d1be9f), TOBN(0x5ebf2c0a, 0xead2e344), + TOBN(0x1531fe4e, 0xabc199c9), TOBN(0xc7032592, 0x56bab0ae), + TOBN(0x16ab2e48, 0x6c1fec54), TOBN(0x0f87fda8, 0x04280188), + TOBN(0xdc9f46fc, 0x609e4a74), TOBN(0x2a44a143, 0xba667f91), + TOBN(0xbc3d8b95, 0xb4d83436), TOBN(0xa01e4bd0, 0xc7bd2958), + TOBN(0x7b182932, 0x73483c90), TOBN(0xa79c6aa1, 0xa7c7b598), + TOBN(0xbf3983c6, 0xeaaac07e), TOBN(0x8f18181e, 0x96e0d4e6), + TOBN(0x8553d37c, 0x051af62b), TOBN(0xe9a998eb, 0x0bf94496), + TOBN(0xe0844f9f, 0xb0d59aa1), TOBN(0x983fd558, 0xe6afb813), + TOBN(0x9670c0ca, 0x65d69804), TOBN(0x732b22de, 0x6ea5ff2d), + TOBN(0xd7640ba9, 0x5fd8623b), TOBN(0x9f619163, 0xa6351782), + TOBN(0x0bfc27ee, 0xacee5043), TOBN(0xae419e73, 0x2eb10f02), + TOBN(0x19c028d1, 0x8943fb05), TOBN(0x71f01cf7, 0xff13aa2a), + TOBN(0x7790737e, 0x8887a132), TOBN(0x67513309, 0x66318410), + TOBN(0x9819e8a3, 0x7ddb795e), TOBN(0xfecb8ef5, 0xdad100b2), + TOBN(0x59f74a22, 0x3021926a), TOBN(0xb7c28a49, 0x6f9b4c1c), + TOBN(0xed1a733f, 0x912ad0ab), TOBN(0x42a910af, 0x01a5659c), + TOBN(0x3842c6e0, 0x7bd68cab), TOBN(0x2b57fa38, 0x76d70ac8), + TOBN(0x8a6707a8, 0x3c53aaeb), TOBN(0x62c1c510, 0x65b4db18), + TOBN(0x8de2c1fb, 0xb2d09dc7), TOBN(0xc3dfed12, 0x266bd23b), + TOBN(0x927d039b, 0xd5b27db6), TOBN(0x2fb2f0f1, 0x103243da), + TOBN(0xf855a07b, 0x80be7399), TOBN(0xed9327ce, 0x1f9f27a8), + TOBN(0xa0bd99c7, 0x729bdef7), TOBN(0x2b67125e, 0x28250d88), + TOBN(0x784b26e8, 0x8670ced7), TOBN(0xe3dfe41f, 0xc31bd3b4), + TOBN(0x9e353a06, 0xbcc85cbc), TOBN(0x302e2909, 0x60178a9d), + TOBN(0x860abf11, 0xa6eac16e), TOBN(0x76447000, 0xaa2b3aac), + TOBN(0x46ff9d19, 0x850afdab), TOBN(0x35bdd6a5, 0xfdb2d4c1), + TOBN(0xe82594b0, 0x7e5c9ce9), TOBN(0x0f379e53, 0x20af346e), + TOBN(0x608b31e3, 0xbc65ad4a), TOBN(0x710c6b12, 0x267c4826), + TOBN(0x51c966f9, 0x71954cf1), TOBN(0xb1cec793, 0x0d0aa215), + TOBN(0x1f155989, 0x86bd23a8), TOBN(0xae2ff99c, 0xf9452e86), + TOBN(0xd8dd953c, 0x340ceaa2), TOBN(0x26355275, 0x2e2e9333), + TOBN(0x15d4e5f9, 0x8586f06d), TOBN(0xd6bf94a8, 0xf7cab546), + TOBN(0x33c59a0a, 0xb76a9af0), TOBN(0x52740ab3, 0xba095af7), + TOBN(0xc444de8a, 0x24389ca0), TOBN(0xcc6f9863, 0x706da0cb), + TOBN(0xb5a741a7, 0x6b2515cf), TOBN(0x71c41601, 0x9585c749), + TOBN(0x78350d4f, 0xe683de97), TOBN(0x31d61524, 0x63d0b5f5), + TOBN(0x7a0cc5e1, 0xfbce090b), TOBN(0xaac927ed, 0xfbcb2a5b), + TOBN(0xe920de49, 0x20d84c35), TOBN(0x8c06a0b6, 0x22b4de26), + TOBN(0xd34dd58b, 0xafe7ddf3), TOBN(0x55851fed, 0xc1e6e55b), + TOBN(0xd1395616, 0x960696e7), TOBN(0x940304b2, 0x5f22705f), + TOBN(0x6f43f861, 0xb0a2a860), TOBN(0xcf121282, 0x0e7cc981), + TOBN(0x12186212, 0x0ab64a96), TOBN(0x09215b9a, 0xb789383c), + TOBN(0x311eb305, 0x37387c09), TOBN(0xc5832fce, 0xf03ee760), + TOBN(0x30358f58, 0x32f7ea19), TOBN(0xe01d3c34, 0x91d53551), + TOBN(0x1ca5ee41, 0xda48ea80), TOBN(0x34e71e8e, 0xcf4fa4c1), + TOBN(0x312abd25, 0x7af1e1c7), TOBN(0xe3afcdeb, 0x2153f4a5), + TOBN(0x9d5c84d7, 0x00235e9a), TOBN(0x0308d3f4, 0x8c4c836f), + TOBN(0xc0a66b04, 0x89332de5), TOBN(0x610dd399, 0x89e566ef), + TOBN(0xf8eea460, 0xd1ac1635), TOBN(0x84cbb3fb, 0x20a2c0df), + TOBN(0x40afb488, 0xe74a48c5), TOBN(0x29738198, 0xd326b150), + TOBN(0x2a17747f, 0xa6d74081), TOBN(0x60ea4c05, 0x55a26214), + TOBN(0x53514bb4, 0x1f88c5fe), TOBN(0xedd64567, 0x7e83426c), + TOBN(0xd5d6cbec, 0x96460b25), TOBN(0xa12fd0ce, 0x68dc115e), + TOBN(0xc5bc3ed2, 0x697840ea), TOBN(0x969876a8, 0xa6331e31), + TOBN(0x60c36217, 0x472ff580), TOBN(0xf4229705, 0x4ad41393), + TOBN(0x4bd99ef0, 0xa03b8b92), TOBN(0x501c7317, 0xc144f4f6), + TOBN(0x159009b3, 0x18464945), TOBN(0x6d5e594c, 0x74c5c6be), + TOBN(0x2d587011, 0x321a3660), TOBN(0xd1e184b1, 0x3898d022), + TOBN(0x5ba04752, 0x4c6a7e04), TOBN(0x47fa1e2b, 0x45550b65), + TOBN(0x9419daf0, 0x48c0a9a5), TOBN(0x66362953, 0x7c243236), + TOBN(0xcd0744b1, 0x5cb12a88), TOBN(0x561b6f9a, 0x2b646188), + TOBN(0x599415a5, 0x66c2c0c0), TOBN(0xbe3f0859, 0x0f83f09a), + TOBN(0x9141c5be, 0xb92041b8), TOBN(0x01ae38c7, 0x26477d0d), + TOBN(0xca8b71f3, 0xd12c7a94), TOBN(0xfab5b31f, 0x765c70db), + TOBN(0x76ae7492, 0x487443e9), TOBN(0x8595a310, 0x990d1349), + TOBN(0xf8dbeda8, 0x7d460a37), TOBN(0x7f7ad082, 0x1e45a38f), + TOBN(0xed1d4db6, 0x1059705a), TOBN(0xa3dd492a, 0xe6b9c697), + TOBN(0x4b92ee3a, 0x6eb38bd5), TOBN(0xbab2609d, 0x67cc0bb7), + TOBN(0x7fc4fe89, 0x6e70ee82), TOBN(0xeff2c56e, 0x13e6b7e3), + TOBN(0x9b18959e, 0x34d26fca), TOBN(0x2517ab66, 0x889d6b45), + TOBN(0xf167b4e0, 0xbdefdd4f), TOBN(0x69958465, 0xf366e401), + TOBN(0x5aa368ab, 0xa73bbec0), TOBN(0x12148709, 0x7b240c21), + TOBN(0x378c3233, 0x18969006), TOBN(0xcb4d73ce, 0xe1fe53d1), + TOBN(0x5f50a80e, 0x130c4361), TOBN(0xd67f5951, 0x7ef5212b), + TOBN(0xf145e21e, 0x9e70c72e), TOBN(0xb2e52e29, 0x5566d2fb), + TOBN(0x44eaba4a, 0x032397f5), TOBN(0x5e56937b, 0x7e31a7de), + TOBN(0x68dcf517, 0x456c61e1), TOBN(0xbc2e954a, 0xa8b0a388), + TOBN(0xe3552fa7, 0x60a8b755), TOBN(0x03442dae, 0x73ad0cde), + TOBN(0x37ffe747, 0xceb26210), TOBN(0x983545e8, 0x787baef9), + TOBN(0x8b8c8535, 0x86a3de31), TOBN(0xc621dbcb, 0xfacd46db), + TOBN(0x82e442e9, 0x59266fbb), TOBN(0xa3514c37, 0x339d471c), + TOBN(0x3a11b771, 0x62cdad96), TOBN(0xf0cb3b3c, 0xecf9bdf0), + TOBN(0x3fcbdbce, 0x478e2135), TOBN(0x7547b5cf, 0xbda35342), + TOBN(0xa97e81f1, 0x8a677af6), TOBN(0xc8c2bf83, 0x28817987), + TOBN(0xdf07eaaf, 0x45580985), TOBN(0xc68d1f05, 0xc93b45cb), + TOBN(0x106aa2fe, 0xc77b4cac), TOBN(0x4c1d8afc, 0x04a7ae86), + TOBN(0xdb41c3fd, 0x9eb45ab2), TOBN(0x5b234b5b, 0xd4b22e74), + TOBN(0xda253dec, 0xf215958a), TOBN(0x67e0606e, 0xa04edfa0), + TOBN(0xabbbf070, 0xef751b11), TOBN(0xf352f175, 0xf6f06dce), + TOBN(0xdfc4b6af, 0x6839f6b4), TOBN(0x53ddf9a8, 0x9959848e), + TOBN(0xda49c379, 0xc21520b0), TOBN(0x90864ff0, 0xdbd5d1b6), + TOBN(0x2f055d23, 0x5f49c7f7), TOBN(0xe51e4e6a, 0xa796b2d8), + TOBN(0xc361a67f, 0x5c9dc340), TOBN(0x5ad53c37, 0xbca7c620), + TOBN(0xda1d6588, 0x32c756d0), TOBN(0xad60d911, 0x8bb67e13), + TOBN(0xd6c47bdf, 0x0eeec8c6), TOBN(0x4a27fec1, 0x078a1821), + TOBN(0x081f7415, 0xc3099524), TOBN(0x8effdf0b, 0x82cd8060), + TOBN(0xdb70ec1c, 0x65842df8), TOBN(0x8821b358, 0xd319a901), + TOBN(0x72ee56ee, 0xde42b529), TOBN(0x5bb39592, 0x236e4286), + TOBN(0xd1183316, 0xfd6f7140), TOBN(0xf9fadb5b, 0xbd8e81f7), + TOBN(0x701d5e0c, 0x5a02d962), TOBN(0xfdee4dbf, 0x1b601324), + TOBN(0xbed17407, 0x35d7620e), TOBN(0x04e3c2c3, 0xf48c0012), + TOBN(0x9ee29da7, 0x3455449a), TOBN(0x562cdef4, 0x91a836c4), + TOBN(0x8f682a5f, 0x47701097), TOBN(0x617125d8, 0xff88d0c2), + TOBN(0x948fda24, 0x57bb86dd), TOBN(0x348abb8f, 0x289f7286), + TOBN(0xeb10eab5, 0x99d94bbd), TOBN(0xd51ba28e, 0x4684d160), + TOBN(0xabe0e51c, 0x30c8f41a), TOBN(0x66588b45, 0x13254f4a), + TOBN(0x147ebf01, 0xfad097a5), TOBN(0x49883ea8, 0x610e815d), + TOBN(0xe44d60ba, 0x8a11de56), TOBN(0xa970de6e, 0x827a7a6d), + TOBN(0x2be41424, 0x5e17fc19), TOBN(0xd833c657, 0x01214057), + TOBN(0x1375813b, 0x363e723f), TOBN(0x6820bb88, 0xe6a52e9b), + TOBN(0x7e7f6970, 0xd875d56a), TOBN(0xd6a0a9ac, 0x51fbf6bf), + TOBN(0x54ba8790, 0xa3083c12), TOBN(0xebaeb23d, 0x6ae7eb64), + TOBN(0xa8685c3a, 0xb99a907a), TOBN(0xf1e74550, 0x026bf40b), + TOBN(0x7b73a027, 0xc802cd9e), TOBN(0x9a8a927c, 0x4fef4635), + TOBN(0xe1b6f60c, 0x08191224), TOBN(0xc4126ebb, 0xde4ec091), + TOBN(0xe1dff4dc, 0x4ae38d84), TOBN(0xde3f57db, 0x4f2ef985), + TOBN(0x34964337, 0xd446a1dd), TOBN(0x7bf217a0, 0x859e77f6), + TOBN(0x8ff10527, 0x8e1d13f5), TOBN(0xa304ef03, 0x74eeae27), + TOBN(0xfc6f5e47, 0xd19dfa5a), TOBN(0xdb007de3, 0x7fad982b), + TOBN(0x28205ad1, 0x613715f5), TOBN(0x251e6729, 0x7889529e), + TOBN(0x72705184, 0x1ae98e78), TOBN(0xf818537d, 0x271cac32), + TOBN(0xc8a15b7e, 0xb7f410f5), TOBN(0xc474356f, 0x81f62393), + TOBN(0x92dbdc5a, 0xc242316b), TOBN(0xabe060ac, 0xdbf4aff5), + TOBN(0x6e8c38fe, 0x909a8ec6), TOBN(0x43e514e5, 0x6116cb94), + TOBN(0x2078fa38, 0x07d784f9), TOBN(0x1161a880, 0xf4b5b357), + TOBN(0x5283ce79, 0x13adea3d), TOBN(0x0756c3e6, 0xcc6a910b), + TOBN(0x60bcfe01, 0xaaa79697), TOBN(0x04a73b29, 0x56391db1), + TOBN(0xdd8dad47, 0x189b45a0), TOBN(0xbfac0dd0, 0x48d5b8d9), + TOBN(0x34ab3af5, 0x7d3d2ec2), TOBN(0x6fa2fc2d, 0x207bd3af), + TOBN(0x9ff40092, 0x66550ded), TOBN(0x719b3e87, 0x1fd5b913), + TOBN(0xa573a496, 0x6d17fbc7), TOBN(0x0cd1a70a, 0x73d2b24e), + TOBN(0x34e2c5ca, 0xb2676937), TOBN(0xe7050b06, 0xbf669f21), + TOBN(0xfbe948b6, 0x1ede9046), TOBN(0xa0530051, 0x97662659), + TOBN(0x58cbd4ed, 0xf10124c5), TOBN(0xde2646e4, 0xdd6c06c8), + TOBN(0x332f8108, 0x8cad38c0), TOBN(0x471b7e90, 0x6bd68ae2), + TOBN(0x56ac3fb2, 0x0d8e27a3), TOBN(0xb54660db, 0x136b4b0d), + TOBN(0x123a1e11, 0xa6fd8de4), TOBN(0x44dbffea, 0xa37799ef), + TOBN(0x4540b977, 0xce6ac17c), TOBN(0x495173a8, 0xaf60acef)}, + {TOBN(0x9ebb284d, 0x391c2a82), TOBN(0xbcdd4863, 0x158308e8), + TOBN(0x006f16ec, 0x83f1edca), TOBN(0xa13e2c37, 0x695dc6c8), + TOBN(0x2ab756f0, 0x4a057a87), TOBN(0xa8765500, 0xa6b48f98), + TOBN(0x4252face, 0x68651c44), TOBN(0xa52b540b, 0xe1765e02), + TOBN(0x4f922fc5, 0x16a0d2bb), TOBN(0x0d5cc16c, 0x1a623499), + TOBN(0x9241cf3a, 0x57c62c8b), TOBN(0x2f5e6961, 0xfd1b667f), + TOBN(0x5c15c70b, 0xf5a01797), TOBN(0x3d20b44d, 0x60956192), + TOBN(0x04911b37, 0x071fdb52), TOBN(0xf648f916, 0x8d6f0f7b), + TOBN(0x6dc1acaf, 0xe60b7cf7), TOBN(0x25860a50, 0x84a9d869), + TOBN(0x56fc6f09, 0xe7ba8ac4), TOBN(0x828c5bd0, 0x6148d29e), + TOBN(0xac6b435e, 0xdc55ae5f), TOBN(0xa527f56c, 0xc0117411), + TOBN(0x94d5045e, 0xfd24342c), TOBN(0x2c4c0a35, 0x70b67c0d), + TOBN(0x027cc8b8, 0xfac61d9a), TOBN(0x7d25e062, 0xe3c6fe8a), + TOBN(0xe08805bf, 0xe5bff503), TOBN(0x13271e6c, 0x6ff632f7), + TOBN(0x55dca6c0, 0x232f76a5), TOBN(0x8957c32d, 0x701ef426), + TOBN(0xee728bcb, 0xa10a5178), TOBN(0x5ea60411, 0xb62c5173), + TOBN(0xfc4e964e, 0xd0b8892b), TOBN(0x9ea17683, 0x9301bb74), + TOBN(0x6265c5ae, 0xfcc48626), TOBN(0xe60cf82e, 0xbb3e9102), + TOBN(0x57adf797, 0xd4df5531), TOBN(0x235b59a1, 0x8deeefe2), + TOBN(0x60adcf58, 0x3f306eb1), TOBN(0x105c2753, 0x3d09492d), + TOBN(0x4090914b, 0xb5def996), TOBN(0x1cb69c83, 0x233dd1e7), + TOBN(0xc1e9c1d3, 0x9b3d5e76), TOBN(0x1f3338ed, 0xfccf6012), + TOBN(0xb1e95d0d, 0x2f5378a8), TOBN(0xacf4c2c7, 0x2f00cd21), + TOBN(0x6e984240, 0xeb5fe290), TOBN(0xd66c038d, 0x248088ae), + TOBN(0x804d264a, 0xf94d70cf), TOBN(0xbdb802ef, 0x7314bf7e), + TOBN(0x8fb54de2, 0x4333ed02), TOBN(0x740461e0, 0x285635d9), + TOBN(0x4113b2c8, 0x365e9383), TOBN(0xea762c83, 0x3fdef652), + TOBN(0x4eec6e2e, 0x47b956c1), TOBN(0xa3d814be, 0x65620fa4), + TOBN(0x9ad5462b, 0xb4d8bc50), TOBN(0x181c0b16, 0xa9195770), + TOBN(0xebd4fe1c, 0x78412a68), TOBN(0xae0341bc, 0xc0dff48c), + TOBN(0xb6bc45cf, 0x7003e866), TOBN(0xf11a6dea, 0x8a24a41b), + TOBN(0x5407151a, 0xd04c24c2), TOBN(0x62c9d27d, 0xda5b7b68), + TOBN(0x2e964235, 0x88cceff6), TOBN(0x8594c54f, 0x8b07ed69), + TOBN(0x1578e73c, 0xc84d0d0d), TOBN(0x7b4e1055, 0xff532868), + TOBN(0xa348c0d5, 0xb5ec995a), TOBN(0xbf4b9d55, 0x14289a54), + TOBN(0x9ba155a6, 0x58fbd777), TOBN(0x186ed7a8, 0x1a84491d), + TOBN(0xd4992b30, 0x614c0900), TOBN(0xda98d121, 0xbd00c24b), + TOBN(0x7f534dc8, 0x7ec4bfa1), TOBN(0x4a5ff674, 0x37dc34bc), + TOBN(0x68c196b8, 0x1d7ea1d7), TOBN(0x38cf2893, 0x80a6d208), + TOBN(0xfd56cd09, 0xe3cbbd6e), TOBN(0xec72e27e, 0x4205a5b6), + TOBN(0x15ea68f5, 0xa44f77f7), TOBN(0x7aa5f9fd, 0xb43c52bc), + TOBN(0x86ff676f, 0x94f0e609), TOBN(0xa4cde963, 0x2e2d432b), + TOBN(0x8cafa0c0, 0xeee470af), TOBN(0x84137d0e, 0x8a3f5ec8), + TOBN(0xebb40411, 0xfaa31231), TOBN(0xa239c13f, 0x6f7f7ccf), + TOBN(0x32865719, 0xa8afd30b), TOBN(0x86798328, 0x8a826dce), + TOBN(0xdf04e891, 0xc4a8fbe0), TOBN(0xbb6b6e1b, 0xebf56ad3), + TOBN(0x0a695b11, 0x471f1ff0), TOBN(0xd76c3389, 0xbe15baf0), + TOBN(0x018edb95, 0xbe96c43e), TOBN(0xf2beaaf4, 0x90794158), + TOBN(0x152db09e, 0xc3076a27), TOBN(0x5e82908e, 0xe416545d), + TOBN(0xa2c41272, 0x356d6f2e), TOBN(0xdc9c9642, 0x31fd74e1), + TOBN(0x66ceb88d, 0x519bf615), TOBN(0xe29ecd76, 0x05a2274e), + TOBN(0x3a0473c4, 0xbf5e2fa0), TOBN(0x6b6eb671, 0x64284e67), + TOBN(0xe8b97932, 0xb88756dd), TOBN(0xed4e8652, 0xf17e3e61), + TOBN(0xc2dd1499, 0x3ee1c4a4), TOBN(0xc0aaee17, 0x597f8c0e), + TOBN(0x15c4edb9, 0x6c168af3), TOBN(0x6563c7bf, 0xb39ae875), + TOBN(0xadfadb6f, 0x20adb436), TOBN(0xad55e8c9, 0x9a042ac0), + TOBN(0x975a1ed8, 0xb76da1f5), TOBN(0x10dfa466, 0xa58acb94), + TOBN(0x8dd7f7e3, 0xac060282), TOBN(0x6813e66a, 0x572a051e), + TOBN(0xb4ccae1e, 0x350cb901), TOBN(0xb653d656, 0x50cb7822), + TOBN(0x42484710, 0xdfab3b87), TOBN(0xcd7ee537, 0x9b670fd0), + TOBN(0x0a50b12e, 0x523b8bf6), TOBN(0x8009eb5b, 0x8f910c1b), + TOBN(0xf535af82, 0x4a167588), TOBN(0x0f835f9c, 0xfb2a2abd), + TOBN(0xf59b2931, 0x2afceb62), TOBN(0xc797df2a, 0x169d383f), + TOBN(0xeb3f5fb0, 0x66ac02b0), TOBN(0x029d4c6f, 0xdaa2d0ca), + TOBN(0xd4059bc1, 0xafab4bc5), TOBN(0x833f5c6f, 0x56783247), + TOBN(0xb5346630, 0x8d2d3605), TOBN(0x83387891, 0xd34d8433), + TOBN(0xd973b30f, 0xadd9419a), TOBN(0xbcca1099, 0xafe3fce8), + TOBN(0x08178315, 0x0809aac6), TOBN(0x01b7f21a, 0x540f0f11), + TOBN(0x65c29219, 0x909523c8), TOBN(0xa62f648f, 0xa3a1c741), + TOBN(0x88598d4f, 0x60c9e55a), TOBN(0xbce9141b, 0x0e4f347a), + TOBN(0x9af97d84, 0x35f9b988), TOBN(0x0210da62, 0x320475b6), + TOBN(0x3c076e22, 0x9191476c), TOBN(0x7520dbd9, 0x44fc7834), + TOBN(0x6a6b2cfe, 0xc1ab1bbd), TOBN(0xef8a65be, 0xdc650938), + TOBN(0x72855540, 0x805d7bc4), TOBN(0xda389396, 0xed11fdfd), + TOBN(0xa9d5bd36, 0x74660876), TOBN(0x11d67c54, 0xb45dff35), + TOBN(0x6af7d148, 0xa4f5da94), TOBN(0xbb8d4c3f, 0xc0bbeb31), + TOBN(0x87a7ebd1, 0xe0a1b12a), TOBN(0x1e4ef88d, 0x770ba95f), + TOBN(0x8c33345c, 0xdc2ae9cb), TOBN(0xcecf1276, 0x01cc8403), + TOBN(0x687c012e, 0x1b39b80f), TOBN(0xfd90d0ad, 0x35c33ba4), + TOBN(0xa3ef5a67, 0x5c9661c2), TOBN(0x368fc88e, 0xe017429e), + TOBN(0xd30c6761, 0x196a2fa2), TOBN(0x931b9817, 0xbd5b312e), + TOBN(0xba01000c, 0x72f54a31), TOBN(0xa203d2c8, 0x66eaa541), + TOBN(0xf2abdee0, 0x98939db3), TOBN(0xe37d6c2c, 0x3e606c02), + TOBN(0xf2921574, 0x521ff643), TOBN(0x2781b3c4, 0xd7e2fca3), + TOBN(0x664300b0, 0x7850ec06), TOBN(0xac5a38b9, 0x7d3a10cf), + TOBN(0x9233188d, 0xe34ab39d), TOBN(0xe77057e4, 0x5072cbb9), + TOBN(0xbcf0c042, 0xb59e78df), TOBN(0x4cfc91e8, 0x1d97de52), + TOBN(0x4661a26c, 0x3ee0ca4a), TOBN(0x5620a4c1, 0xfb8507bc), + TOBN(0x4b44d4aa, 0x049f842c), TOBN(0xceabc5d5, 0x1540e82b), + TOBN(0x306710fd, 0x15c6f156), TOBN(0xbe5ae52b, 0x63db1d72), + TOBN(0x06f1e7e6, 0x334957f1), TOBN(0x57e388f0, 0x31144a70), + TOBN(0xfb69bb2f, 0xdf96447b), TOBN(0x0f78ebd3, 0x73e38a12), + TOBN(0xb8222605, 0x2b7ce542), TOBN(0xe6d4ce99, 0x7472bde1), + TOBN(0x53e16ebe, 0x09d2f4da), TOBN(0x180ff42e, 0x53b92b2e), + TOBN(0xc59bcc02, 0x2c34a1c6), TOBN(0x3803d6f9, 0x422c46c2), + TOBN(0x18aff74f, 0x5c14a8a2), TOBN(0x55aebf80, 0x10a08b28), + TOBN(0x66097d58, 0x7135593f), TOBN(0x32e6eff7, 0x2be570cd), + TOBN(0x584e6a10, 0x2a8c860d), TOBN(0xcd185890, 0xa2eb4163), + TOBN(0x7ceae99d, 0x6d97e134), TOBN(0xd42c6b70, 0xdd8447ce), + TOBN(0x59ddbb4a, 0xb8c50273), TOBN(0x03c612df, 0x3cf34e1e), + TOBN(0x84b9ca15, 0x04b6c5a0), TOBN(0x35216f39, 0x18f0e3a3), + TOBN(0x3ec2d2bc, 0xbd986c00), TOBN(0x8bf546d9, 0xd19228fe), + TOBN(0xd1c655a4, 0x4cd623c3), TOBN(0x366ce718, 0x502b8e5a), + TOBN(0x2cfc84b4, 0xeea0bfe7), TOBN(0xe01d5cee, 0xcf443e8e), + TOBN(0x8ec045d9, 0x036520f8), TOBN(0xdfb3c3d1, 0x92d40e98), + TOBN(0x0bac4cce, 0xcc559a04), TOBN(0x35eccae5, 0x240ea6b1), + TOBN(0x180b32db, 0xf8a5a0ac), TOBN(0x547972a5, 0xeb699700), + TOBN(0xa3765801, 0xca26bca0), TOBN(0x57e09d0e, 0xa647f25a), + TOBN(0xb956970e, 0x2fdd23cc), TOBN(0xb80288bc, 0x5682e971), + TOBN(0xe6e6d91e, 0x9ae86ebc), TOBN(0x0564c83f, 0x8c9f1939), + TOBN(0x551932a2, 0x39560368), TOBN(0xe893752b, 0x049c28e2), + TOBN(0x0b03cee5, 0xa6a158c3), TOBN(0xe12d656b, 0x04964263), + TOBN(0x4b47554e, 0x63e3bc1d), TOBN(0xc719b6a2, 0x45044ff7), + TOBN(0x4f24d30a, 0xe48daa07), TOBN(0xa3f37556, 0xc8c1edc3), + TOBN(0x9a47bf76, 0x0700d360), TOBN(0xbb1a1824, 0x822ae4e2), + TOBN(0x22e275a3, 0x89f1fb4c), TOBN(0x72b1aa23, 0x9968c5f5), + TOBN(0xa75feaca, 0xbe063f64), TOBN(0x9b392f43, 0xbce47a09), + TOBN(0xd4241509, 0x1ad07aca), TOBN(0x4b0c591b, 0x8d26cd0f), + TOBN(0x2d42ddfd, 0x92f1169a), TOBN(0x63aeb1ac, 0x4cbf2392), + TOBN(0x1de9e877, 0x0691a2af), TOBN(0xebe79af7, 0xd98021da), + TOBN(0xcfdf2a4e, 0x40e50acf), TOBN(0xf0a98ad7, 0xaf01d665), + TOBN(0xefb640bf, 0x1831be1f), TOBN(0x6fe8bd2f, 0x80e9ada0), + TOBN(0x94c103a1, 0x6cafbc91), TOBN(0x170f8759, 0x8308e08c), + TOBN(0x5de2d2ab, 0x9780ff4f), TOBN(0x666466bc, 0x45b201f2), + TOBN(0x58af2010, 0xf5b343bc), TOBN(0x0f2e400a, 0xf2f142fe), + TOBN(0x3483bfde, 0xa85f4bdf), TOBN(0xf0b1d093, 0x03bfeaa9), + TOBN(0x2ea01b95, 0xc7081603), TOBN(0xe943e4c9, 0x3dba1097), + TOBN(0x47be92ad, 0xb438f3a6), TOBN(0x00bb7742, 0xe5bf6636), + TOBN(0x136b7083, 0x824297b4), TOBN(0x9d0e5580, 0x5584455f), + TOBN(0xab48cedc, 0xf1c7d69e), TOBN(0x53a9e481, 0x2a256e76), + TOBN(0x0402b0e0, 0x65eb2413), TOBN(0xdadbbb84, 0x8fc407a7), + TOBN(0xa65cd5a4, 0x8d7f5492), TOBN(0x21d44293, 0x74bae294), + TOBN(0x66917ce6, 0x3b5f1cc4), TOBN(0x37ae52ea, 0xce872e62), + TOBN(0xbb087b72, 0x2905f244), TOBN(0x12077086, 0x1e6af74f), + TOBN(0x4b644e49, 0x1058edea), TOBN(0x827510e3, 0xb638ca1d), + TOBN(0x8cf2b704, 0x6038591c), TOBN(0xffc8b47a, 0xfe635063), + TOBN(0x3ae220e6, 0x1b4d5e63), TOBN(0xbd864742, 0x9d961b4b), + TOBN(0x610c107e, 0x9bd16bed), TOBN(0x4270352a, 0x1127147b), + TOBN(0x7d17ffe6, 0x64cfc50e), TOBN(0x50dee01a, 0x1e36cb42), + TOBN(0x068a7622, 0x35dc5f9a), TOBN(0x9a08d536, 0xdf53f62c), + TOBN(0x4ed71457, 0x6be5f7de), TOBN(0xd93006f8, 0xc2263c9e), + TOBN(0xe073694c, 0xcacacb36), TOBN(0x2ff7a5b4, 0x3ae118ab), + TOBN(0x3cce53f1, 0xcd871236), TOBN(0xf156a39d, 0xc2aa6d52), + TOBN(0x9cc5f271, 0xb198d76d), TOBN(0xbc615b6f, 0x81383d39), + TOBN(0xa54538e8, 0xde3eee6b), TOBN(0x58c77538, 0xab910d91), + TOBN(0x31e5bdbc, 0x58d278bd), TOBN(0x3cde4adf, 0xb963acae), + TOBN(0xb1881fd2, 0x5302169c), TOBN(0x8ca60fa0, 0xa989ed8b), + TOBN(0xa1999458, 0xff96a0ee), TOBN(0xc1141f03, 0xac6c283d), + TOBN(0x7677408d, 0x6dfafed3), TOBN(0x33a01653, 0x39661588), + TOBN(0x3c9c15ec, 0x0b726fa0), TOBN(0x090cfd93, 0x6c9b56da), + TOBN(0xe34f4bae, 0xa3c40af5), TOBN(0x3469eadb, 0xd21129f1), + TOBN(0xcc51674a, 0x1e207ce8), TOBN(0x1e293b24, 0xc83b1ef9), + TOBN(0x17173d13, 0x1e6c0bb4), TOBN(0x19004695, 0x90776d35), + TOBN(0xe7980e34, 0x6de6f922), TOBN(0x873554cb, 0xf4dd9a22), + TOBN(0x0316c627, 0xcbf18a51), TOBN(0x4d93651b, 0x3032c081), + TOBN(0x207f2771, 0x3946834d), TOBN(0x2c08d7b4, 0x30cdbf80), + TOBN(0x137a4fb4, 0x86df2a61), TOBN(0xa1ed9c07, 0xecf7b4a2), + TOBN(0xb2e460e2, 0x7bd042ff), TOBN(0xb7f5e2fa, 0x5f62f5ec), + TOBN(0x7aa6ec6b, 0xcc2423b7), TOBN(0x75ce0a7f, 0xba63eea7), + TOBN(0x67a45fb1, 0xf250a6e1), TOBN(0x93bc919c, 0xe53cdc9f), + TOBN(0x9271f56f, 0x871942df), TOBN(0x2372ff6f, 0x7859ad66), + TOBN(0x5f4c2b96, 0x33cb1a78), TOBN(0xe3e29101, 0x5838aa83), + TOBN(0xa7ed1611, 0xe4e8110c), TOBN(0x2a2d70d5, 0x330198ce), + TOBN(0xbdf132e8, 0x6720efe0), TOBN(0xe61a8962, 0x66a471bf), + TOBN(0x796d3a85, 0x825808bd), TOBN(0x51dc3cb7, 0x3fd6e902), + TOBN(0x643c768a, 0x916219d1), TOBN(0x36cd7685, 0xa2ad7d32), + TOBN(0xe3db9d05, 0xb22922a4), TOBN(0x6494c87e, 0xdba29660), + TOBN(0xf0ac91df, 0xbcd2ebc7), TOBN(0x4deb57a0, 0x45107f8d), + TOBN(0x42271f59, 0xc3d12a73), TOBN(0x5f71687c, 0xa5c2c51d), + TOBN(0xcb1f50c6, 0x05797bcb), TOBN(0x29ed0ed9, 0xd6d34eb0), + TOBN(0xe5fe5b47, 0x4683c2eb), TOBN(0x4956eeb5, 0x97447c46), + TOBN(0x5b163a43, 0x71207167), TOBN(0x93fa2fed, 0x0248c5ef), + TOBN(0x67930af2, 0x31f63950), TOBN(0xa77797c1, 0x14caa2c9), + TOBN(0x526e80ee, 0x27ac7e62), TOBN(0xe1e6e626, 0x58b28aec), + TOBN(0x636178b0, 0xb3c9fef0), TOBN(0xaf7752e0, 0x6d5f90be), + TOBN(0x94ecaf18, 0xeece51cf), TOBN(0x2864d0ed, 0xca806e1f), + TOBN(0x6de2e383, 0x97c69134), TOBN(0x5a42c316, 0xeb291293), + TOBN(0xc7779219, 0x6a60bae0), TOBN(0xa24de346, 0x6b7599d1), + TOBN(0x49d374aa, 0xb75d4941), TOBN(0x98900586, 0x2d501ff0), + TOBN(0x9f16d40e, 0xeb7974cf), TOBN(0x1033860b, 0xcdd8c115), + TOBN(0xb6c69ac8, 0x2094cec3), TOBN(0x9976fb88, 0x403b770c), + TOBN(0x1dea026c, 0x4859590d), TOBN(0xb6acbb46, 0x8562d1fd), + TOBN(0x7cd6c461, 0x44569d85), TOBN(0xc3190a36, 0x97f0891d), + TOBN(0xc6f53195, 0x48d5a17d), TOBN(0x7d919966, 0xd749abc8), + TOBN(0x65104837, 0xdd1c8a20), TOBN(0x7e5410c8, 0x2f683419), + TOBN(0x958c3ca8, 0xbe94022e), TOBN(0x605c3197, 0x6145dac2), + TOBN(0x3fc07501, 0x01683d54), TOBN(0x1d7127c5, 0x595b1234), + TOBN(0x10b8f87c, 0x9481277f), TOBN(0x677db2a8, 0xe65a1adb), + TOBN(0xec2fccaa, 0xddce3345), TOBN(0x2a6811b7, 0x012a4350), + TOBN(0x96760ff1, 0xac598bdc), TOBN(0x054d652a, 0xd1bf4128), + TOBN(0x0a1151d4, 0x92a21005), TOBN(0xad7f3971, 0x33110fdf), + TOBN(0x8c95928c, 0x1960100f), TOBN(0x6c91c825, 0x7bf03362), + TOBN(0xc8c8b2a2, 0xce309f06), TOBN(0xfdb27b59, 0xca27204b), + TOBN(0xd223eaa5, 0x0848e32e), TOBN(0xb93e4b2e, 0xe7bfaf1e), + TOBN(0xc5308ae6, 0x44aa3ded), TOBN(0x317a666a, 0xc015d573), + TOBN(0xc888ce23, 0x1a979707), TOBN(0xf141c1e6, 0x0d5c4958), + TOBN(0xb53b7de5, 0x61906373), TOBN(0x858dbade, 0xeb999595), + TOBN(0x8cbb47b2, 0xa59e5c36), TOBN(0x660318b3, 0xdcf4e842), + TOBN(0xbd161ccd, 0x12ba4b7a), TOBN(0xf399daab, 0xf8c8282a), + TOBN(0x1587633a, 0xeeb2130d), TOBN(0xa465311a, 0xda38dd7d), + TOBN(0x5f75eec8, 0x64d3779b), TOBN(0x3c5d0476, 0xad64c171), + TOBN(0x87410371, 0x2a914428), TOBN(0x8096a891, 0x90e2fc29), + TOBN(0xd3d2ae9d, 0x23b3ebc2), TOBN(0x90bdd6db, 0xa580cfd6), + TOBN(0x52dbb7f3, 0xc5b01f6c), TOBN(0xe68eded4, 0xe102a2dc), + TOBN(0x17785b77, 0x99eb6df0), TOBN(0x26c3cc51, 0x7386b779), + TOBN(0x345ed988, 0x6417a48e), TOBN(0xe990b4e4, 0x07d6ef31), + TOBN(0x0f456b7e, 0x2586abba), TOBN(0x239ca6a5, 0x59c96e9a), + TOBN(0xe327459c, 0xe2eb4206), TOBN(0x3a4c3313, 0xa002b90a), + TOBN(0x2a114806, 0xf6a3f6fb), TOBN(0xad5cad2f, 0x85c251dd), + TOBN(0x92c1f613, 0xf5a784d3), TOBN(0xec7bfacf, 0x349766d5), + TOBN(0x04b3cd33, 0x3e23cb3b), TOBN(0x3979fe84, 0xc5a64b2d), + TOBN(0x192e2720, 0x7e589106), TOBN(0xa60c43d1, 0xa15b527f), + TOBN(0x2dae9082, 0xbe7cf3a6), TOBN(0xcc86ba92, 0xbc967274), + TOBN(0xf28a2ce8, 0xaea0a8a9), TOBN(0x404ca6d9, 0x6ee988b3), + TOBN(0xfd7e9c5d, 0x005921b8), TOBN(0xf56297f1, 0x44e79bf9), + TOBN(0xa163b460, 0x0d75ddc2), TOBN(0x30b23616, 0xa1f2be87), + TOBN(0x4b070d21, 0xbfe50e2b), TOBN(0x7ef8cfd0, 0xe1bfede1), + TOBN(0xadba0011, 0x2aac4ae0), TOBN(0x2a3e7d01, 0xb9ebd033), + TOBN(0x995277ec, 0xe38d9d1c), TOBN(0xb500249e, 0x9c5d2de3), + TOBN(0x8912b820, 0xf13ca8c9), TOBN(0xc8798114, 0x877793af), + TOBN(0x19e6125d, 0xec3f1dec), TOBN(0x07b1f040, 0x911178da), + TOBN(0xd93ededa, 0x904a6738), TOBN(0x55187a5a, 0x0bebedcd), + TOBN(0xf7d04722, 0xeb329d41), TOBN(0xf449099e, 0xf170b391), + TOBN(0xfd317a69, 0xca99f828), TOBN(0x50c3db2b, 0x34a4976d), + TOBN(0xe9ba7784, 0x3757b392), TOBN(0x326caefd, 0xaa3ca05a), + TOBN(0x78e5293b, 0xf1e593d4), TOBN(0x7842a937, 0x0d98fd13), + TOBN(0xe694bf96, 0x5f96b10d), TOBN(0x373a9df6, 0x06a8cd05), + TOBN(0x997d1e51, 0xe8f0c7fc), TOBN(0x1d019790, 0x63fd972e), + TOBN(0x0064d858, 0x5499fb32), TOBN(0x7b67bad9, 0x77a8aeb7), + TOBN(0x1d3eb977, 0x2d08eec5), TOBN(0x5fc047a6, 0xcbabae1d), + TOBN(0x0577d159, 0xe54a64bb), TOBN(0x8862201b, 0xc43497e4), + TOBN(0xad6b4e28, 0x2ce0608d), TOBN(0x8b687b7d, 0x0b167aac), + TOBN(0x6ed4d367, 0x8b2ecfa9), TOBN(0x24dfe62d, 0xa90c3c38), + TOBN(0xa1862e10, 0x3fe5c42b), TOBN(0x1ca73dca, 0xd5732a9f), + TOBN(0x35f038b7, 0x76bb87ad), TOBN(0x674976ab, 0xf242b81f), + TOBN(0x4f2bde7e, 0xb0fd90cd), TOBN(0x6efc172e, 0xa7fdf092), + TOBN(0x3806b69b, 0x92222f1f), TOBN(0x5a2459ca, 0x6cf7ae70), + TOBN(0x6789f69c, 0xa85217ee), TOBN(0x5f232b5e, 0xe3dc85ac), + TOBN(0x660e3ec5, 0x48e9e516), TOBN(0x124b4e47, 0x3197eb31), + TOBN(0x10a0cb13, 0xaafcca23), TOBN(0x7bd63ba4, 0x8213224f), + TOBN(0xaffad7cc, 0x290a7f4f), TOBN(0x6b409c9e, 0x0286b461), + TOBN(0x58ab809f, 0xffa407af), TOBN(0xc3122eed, 0xc68ac073), + TOBN(0x17bf9e50, 0x4ef24d7e), TOBN(0x5d929794, 0x3e2a5811), + TOBN(0x519bc867, 0x02902e01), TOBN(0x76bba5da, 0x39c8a851), + TOBN(0xe9f9669c, 0xda94951e), TOBN(0x4b6af58d, 0x66b8d418), + TOBN(0xfa321074, 0x17d426a4), TOBN(0xc78e66a9, 0x9dde6027), + TOBN(0x0516c083, 0x4a53b964), TOBN(0xfc659d38, 0xff602330), + TOBN(0x0ab55e5c, 0x58c5c897), TOBN(0x985099b2, 0x838bc5df), + TOBN(0x061d9efc, 0xc52fc238), TOBN(0x712b2728, 0x6ac1da3f), + TOBN(0xfb658149, 0x9283fe08), TOBN(0x4954ac94, 0xb8aaa2f7), + TOBN(0x85c0ada4, 0x7fb2e74f), TOBN(0xee8ba98e, 0xb89926b0), + TOBN(0xe4f9d37d, 0x23d1af5b), TOBN(0x14ccdbf9, 0xba9b015e), + TOBN(0xb674481b, 0x7bfe7178), TOBN(0x4e1debae, 0x65405868), + TOBN(0x061b2821, 0xc48c867d), TOBN(0x69c15b35, 0x513b30ea), + TOBN(0x3b4a1666, 0x36871088), TOBN(0xe5e29f5d, 0x1220b1ff), + TOBN(0x4b82bb35, 0x233d9f4d), TOBN(0x4e076333, 0x18cdc675)}, + {TOBN(0x0d53f5c7, 0xa3e6fced), TOBN(0xe8cbbdd5, 0xf45fbdeb), + TOBN(0xf85c01df, 0x13339a70), TOBN(0x0ff71880, 0x142ceb81), + TOBN(0x4c4e8774, 0xbd70437a), TOBN(0x5fb32891, 0xba0bda6a), + TOBN(0x1cdbebd2, 0xf18bd26e), TOBN(0x2f9526f1, 0x03a9d522), + TOBN(0x40ce3051, 0x92c4d684), TOBN(0x8b04d725, 0x7612efcd), + TOBN(0xb9dcda36, 0x6f9cae20), TOBN(0x0edc4d24, 0xf058856c), + TOBN(0x64f2e6bf, 0x85427900), TOBN(0x3de81295, 0xdc09dfea), + TOBN(0xd41b4487, 0x379bf26c), TOBN(0x50b62c6d, 0x6df135a9), + TOBN(0xd4f8e3b4, 0xc72dfe67), TOBN(0xc416b0f6, 0x90e19fdf), + TOBN(0x18b9098d, 0x4c13bd35), TOBN(0xac11118a, 0x15b8cb9e), + TOBN(0xf598a318, 0xf0062841), TOBN(0xbfe0602f, 0x89f356f4), + TOBN(0x7ae3637e, 0x30177a0c), TOBN(0x34097747, 0x61136537), + TOBN(0x0db2fb5e, 0xd005832a), TOBN(0x5f5efd3b, 0x91042e4f), + TOBN(0x8c4ffdc6, 0xed70f8ca), TOBN(0xe4645d0b, 0xb52da9cc), + TOBN(0x9596f58b, 0xc9001d1f), TOBN(0x52c8f0bc, 0x4e117205), + TOBN(0xfd4aa0d2, 0xe398a084), TOBN(0x815bfe3a, 0x104f49de), + TOBN(0x97e5443f, 0x23885e5f), TOBN(0xf72f8f99, 0xe8433aab), + TOBN(0xbd00b154, 0xe4d4e604), TOBN(0xd0b35e6a, 0xe5e173ff), + TOBN(0x57b2a048, 0x9164722d), TOBN(0x3e3c665b, 0x88761ec8), + TOBN(0x6bdd1397, 0x3da83832), TOBN(0x3c8b1a1e, 0x73dafe3b), + TOBN(0x4497ace6, 0x54317cac), TOBN(0xbe600ab9, 0x521771b3), + TOBN(0xb42e409e, 0xb0dfe8b8), TOBN(0x386a67d7, 0x3942310f), + TOBN(0x25548d8d, 0x4431cc28), TOBN(0xa7cff142, 0x985dc524), + TOBN(0x4d60f5a1, 0x93c4be32), TOBN(0x83ebd5c8, 0xd071c6e1), + TOBN(0xba3a80a7, 0xb1fd2b0b), TOBN(0x9b3ad396, 0x5bec33e8), + TOBN(0xb3868d61, 0x79743fb3), TOBN(0xcfd169fc, 0xfdb462fa), + TOBN(0xd3b499d7, 0x9ce0a6af), TOBN(0x55dc1cf1, 0xe42d3ff8), + TOBN(0x04fb9e6c, 0xc6c3e1b2), TOBN(0x47e6961d, 0x6f69a474), + TOBN(0x54eb3acc, 0xe548b37b), TOBN(0xb38e7542, 0x84d40549), + TOBN(0x8c3daa51, 0x7b341b4f), TOBN(0x2f6928ec, 0x690bf7fa), + TOBN(0x0496b323, 0x86ce6c41), TOBN(0x01be1c55, 0x10adadcd), + TOBN(0xc04e67e7, 0x4bb5faf9), TOBN(0x3cbaf678, 0xe15c9985), + TOBN(0x8cd12145, 0x50ca4247), TOBN(0xba1aa47a, 0xe7dd30aa), + TOBN(0x2f81ddf1, 0xe58fee24), TOBN(0x03452936, 0xeec9b0e8), + TOBN(0x8bdc3b81, 0x243aea96), TOBN(0x9a2919af, 0x15c3d0e5), + TOBN(0x9ea640ec, 0x10948361), TOBN(0x5ac86d5b, 0x6e0bcccf), + TOBN(0xf892d918, 0xc36cf440), TOBN(0xaed3e837, 0xc939719c), + TOBN(0xb07b08d2, 0xc0218b64), TOBN(0x6f1bcbba, 0xce9790dd), + TOBN(0x4a84d6ed, 0x60919b8e), TOBN(0xd8900791, 0x8ac1f9eb), + TOBN(0xf84941aa, 0x0dd5daef), TOBN(0xb22fe40a, 0x67fd62c5), + TOBN(0x97e15ba2, 0x157f2db3), TOBN(0xbda2fc8f, 0x8e28ca9c), + TOBN(0x5d050da4, 0x37b9f454), TOBN(0x3d57eb57, 0x2379d72e), + TOBN(0xe9b5eba2, 0xfb5ee997), TOBN(0x01648ca2, 0xe11538ca), + TOBN(0x32bb76f6, 0xf6327974), TOBN(0x338f14b8, 0xff3f4bb7), + TOBN(0x524d226a, 0xd7ab9a2d), TOBN(0x9c00090d, 0x7dfae958), + TOBN(0x0ba5f539, 0x8751d8c2), TOBN(0x8afcbcdd, 0x3ab8262d), + TOBN(0x57392729, 0xe99d043b), TOBN(0xef51263b, 0xaebc943a), + TOBN(0x9feace93, 0x20862935), TOBN(0x639efc03, 0xb06c817b), + TOBN(0x1fe054b3, 0x66b4be7a), TOBN(0x3f25a9de, 0x84a37a1e), + TOBN(0xf39ef1ad, 0x78d75cd9), TOBN(0xd7b58f49, 0x5062c1b5), + TOBN(0x6f74f9a9, 0xff563436), TOBN(0xf718ff29, 0xe8af51e7), + TOBN(0x5234d313, 0x15e97fec), TOBN(0xb6a8e2b1, 0x292f1c0a), + TOBN(0xa7f53aa8, 0x327720c1), TOBN(0x956ca322, 0xba092cc8), + TOBN(0x8f03d64a, 0x28746c4d), TOBN(0x51fe1782, 0x66d0d392), + TOBN(0xd19b34db, 0x3c832c80), TOBN(0x60dccc5c, 0x6da2e3b4), + TOBN(0x245dd62e, 0x0a104ccc), TOBN(0xa7ab1de1, 0x620b21fd), + TOBN(0xb293ae0b, 0x3893d123), TOBN(0xf7b75783, 0xb15ee71c), + TOBN(0x5aa3c614, 0x42a9468b), TOBN(0xd686123c, 0xdb15d744), + TOBN(0x8c616891, 0xa7ab4116), TOBN(0x6fcd72c8, 0xa4e6a459), + TOBN(0xac219110, 0x77e5fad7), TOBN(0xfb6a20e7, 0x704fa46b), + TOBN(0xe839be7d, 0x341d81dc), TOBN(0xcddb6889, 0x32148379), + TOBN(0xda6211a1, 0xf7026ead), TOBN(0xf3b2575f, 0xf4d1cc5e), + TOBN(0x40cfc8f6, 0xa7a73ae6), TOBN(0x83879a5e, 0x61d5b483), + TOBN(0xc5acb1ed, 0x41a50ebc), TOBN(0x59a60cc8, 0x3c07d8fa), + TOBN(0x1b73bdce, 0xb1876262), TOBN(0x2b0d79f0, 0x12af4ee9), + TOBN(0x8bcf3b0b, 0xd46e1d07), TOBN(0x17d6af9d, 0xe45d152f), + TOBN(0x73520461, 0x6d736451), TOBN(0x43cbbd97, 0x56b0bf5a), + TOBN(0xb0833a5b, 0xd5999b9d), TOBN(0x702614f0, 0xeb72e398), + TOBN(0x0aadf01a, 0x59c3e9f8), TOBN(0x40200e77, 0xce6b3d16), + TOBN(0xda22bdd3, 0xdeddafad), TOBN(0x76dedaf4, 0x310d72e1), + TOBN(0x49ef807c, 0x4bc2e88f), TOBN(0x6ba81291, 0x146dd5a5), + TOBN(0xa1a4077a, 0x7d8d59e9), TOBN(0x87b6a2e7, 0x802db349), + TOBN(0xd5679997, 0x1b4e598e), TOBN(0xf499ef1f, 0x06fe4b1d), + TOBN(0x3978d3ae, 0xfcb267c5), TOBN(0xb582b557, 0x235786d0), + TOBN(0x32b3b2ca, 0x1715cb07), TOBN(0x4c3de6a2, 0x8480241d), + TOBN(0x63b5ffed, 0xcb571ecd), TOBN(0xeaf53900, 0xed2fe9a9), + TOBN(0xdec98d4a, 0xc3b81990), TOBN(0x1cb83722, 0x9e0cc8fe), + TOBN(0xfe0b0491, 0xd2b427b9), TOBN(0x0f2386ac, 0xe983a66c), + TOBN(0x930c4d1e, 0xb3291213), TOBN(0xa2f82b2e, 0x59a62ae4), + TOBN(0x77233853, 0xf93e89e3), TOBN(0x7f8063ac, 0x11777c7f), + TOBN(0xff0eb567, 0x59ad2877), TOBN(0x6f454642, 0x9865c754), + TOBN(0xe6fe701a, 0x236e9a84), TOBN(0xc586ef16, 0x06e40fc3), + TOBN(0x3f62b6e0, 0x24bafad9), TOBN(0xc8b42bd2, 0x64da906a), + TOBN(0xc98e1eb4, 0xda3276a0), TOBN(0x30d0e5fc, 0x06cbf852), + TOBN(0x1b6b2ae1, 0xe8b4dfd4), TOBN(0xd754d5c7, 0x8301cbac), + TOBN(0x66097629, 0x112a39ac), TOBN(0xf86b5999, 0x93ba4ab9), + TOBN(0x26c9dea7, 0x99f9d581), TOBN(0x0473b1a8, 0xc2fafeaa), + TOBN(0x1469af55, 0x3b2505a5), TOBN(0x227d16d7, 0xd6a43323), + TOBN(0x3316f73c, 0xad3d97f9), TOBN(0x52bf3bb5, 0x1f137455), + TOBN(0x953eafeb, 0x09954e7c), TOBN(0xa721dfed, 0xdd732411), + TOBN(0xb4929821, 0x141d4579), TOBN(0x3411321c, 0xaa3bd435), + TOBN(0xafb355aa, 0x17fa6015), TOBN(0xb4e7ef4a, 0x18e42f0e), + TOBN(0x604ac97c, 0x59371000), TOBN(0xe1c48c70, 0x7f759c18), + TOBN(0x3f62ecc5, 0xa5db6b65), TOBN(0x0a78b173, 0x38a21495), + TOBN(0x6be1819d, 0xbcc8ad94), TOBN(0x70dc04f6, 0xd89c3400), + TOBN(0x462557b4, 0xa6b4840a), TOBN(0x544c6ade, 0x60bd21c0), + TOBN(0x6a00f24e, 0x907a544b), TOBN(0xa7520dcb, 0x313da210), + TOBN(0xfe939b75, 0x11e4994b), TOBN(0x918b6ba6, 0xbc275d70), + TOBN(0xd3e5e0fc, 0x644be892), TOBN(0x707a9816, 0xfdaf6c42), + TOBN(0x60145567, 0xf15c13fe), TOBN(0x4818ebaa, 0xe130a54a), + TOBN(0x28aad3ad, 0x58d2f767), TOBN(0xdc5267fd, 0xd7e7c773), + TOBN(0x4919cc88, 0xc3afcc98), TOBN(0xaa2e6ab0, 0x2db8cd4b), + TOBN(0xd46fec04, 0xd0c63eaa), TOBN(0xa1cb92c5, 0x19ffa832), + TOBN(0x678dd178, 0xe43a631f), TOBN(0xfb5ae1cd, 0x3dc788b3), + TOBN(0x68b4fb90, 0x6e77de04), TOBN(0x7992bcf0, 0xf06dbb97), + TOBN(0x896e6a13, 0xc417c01d), TOBN(0x8d96332c, 0xb956be01), + TOBN(0x902fc93a, 0x413aa2b9), TOBN(0x99a4d915, 0xfc98c8a5), + TOBN(0x52c29407, 0x565f1137), TOBN(0x4072690f, 0x21e4f281), + TOBN(0x36e607cf, 0x02ff6072), TOBN(0xa47d2ca9, 0x8ad98cdc), + TOBN(0xbf471d1e, 0xf5f56609), TOBN(0xbcf86623, 0xf264ada0), + TOBN(0xb70c0687, 0xaa9e5cb6), TOBN(0xc98124f2, 0x17401c6c), + TOBN(0x8189635f, 0xd4a61435), TOBN(0xd28fb8af, 0xa9d98ea6), + TOBN(0xb9a67c2a, 0x40c251f8), TOBN(0x88cd5d87, 0xa2da44be), + TOBN(0x437deb96, 0xe09b5423), TOBN(0x150467db, 0x64287dc1), + TOBN(0xe161debb, 0xcdabb839), TOBN(0xa79e9742, 0xf1839a3e), + TOBN(0xbb8dd3c2, 0x652d202b), TOBN(0x7b3e67f7, 0xe9f97d96), + TOBN(0x5aa5d78f, 0xb1cb6ac9), TOBN(0xffa13e8e, 0xca1d0d45), + TOBN(0x369295dd, 0x2ba5bf95), TOBN(0xd68bd1f8, 0x39aff05e), + TOBN(0xaf0d86f9, 0x26d783f2), TOBN(0x543a59b3, 0xfc3aafc1), + TOBN(0x3fcf81d2, 0x7b7da97c), TOBN(0xc990a056, 0xd25dee46), + TOBN(0x3e6775b8, 0x519cce2c), TOBN(0xfc9af71f, 0xae13d863), + TOBN(0x774a4a6f, 0x47c1605c), TOBN(0x46ba4245, 0x2fd205e8), + TOBN(0xa06feea4, 0xd3fd524d), TOBN(0x1e724641, 0x6de1acc2), + TOBN(0xf53816f1, 0x334e2b42), TOBN(0x49e5918e, 0x922f0024), + TOBN(0x439530b6, 0x65c7322d), TOBN(0xcf12cc01, 0xb3c1b3fb), + TOBN(0xc70b0186, 0x0172f685), TOBN(0xb915ee22, 0x1b58391d), + TOBN(0x9afdf03b, 0xa317db24), TOBN(0x87dec659, 0x17b8ffc4), + TOBN(0x7f46597b, 0xe4d3d050), TOBN(0x80a1c1ed, 0x006500e7), + TOBN(0x84902a96, 0x78bf030e), TOBN(0xfb5e9c9a, 0x50560148), + TOBN(0x6dae0a92, 0x63362426), TOBN(0xdcaeecf4, 0xa9e30c40), + TOBN(0xc0d887bb, 0x518d0c6b), TOBN(0x99181152, 0xcb985b9d), + TOBN(0xad186898, 0xef7bc381), TOBN(0x18168ffb, 0x9ee46201), + TOBN(0x9a04cdaa, 0x2502753c), TOBN(0xbb279e26, 0x51407c41), + TOBN(0xeacb03aa, 0xf23564e5), TOBN(0x18336582, 0x71e61016), + TOBN(0x8684b8c4, 0xeb809877), TOBN(0xb336e18d, 0xea0e672e), + TOBN(0xefb601f0, 0x34ee5867), TOBN(0x2733edbe, 0x1341cfd1), + TOBN(0xb15e809a, 0x26025c3c), TOBN(0xe6e981a6, 0x9350df88), + TOBN(0x92376237, 0x8502fd8e), TOBN(0x4791f216, 0x0c12be9b), + TOBN(0xb7256789, 0x25f02425), TOBN(0xec863194, 0x7a974443), + TOBN(0x7c0ce882, 0xfb41cc52), TOBN(0xc266ff7e, 0xf25c07f2), + TOBN(0x3d4da8c3, 0x017025f3), TOBN(0xefcf628c, 0xfb9579b4), + TOBN(0x5c4d0016, 0x1f3716ec), TOBN(0x9c27ebc4, 0x6801116e), + TOBN(0x5eba0ea1, 0x1da1767e), TOBN(0xfe151452, 0x47004c57), + TOBN(0x3ace6df6, 0x8c2373b7), TOBN(0x75c3dffe, 0x5dbc37ac), + TOBN(0x3dc32a73, 0xddc925fc), TOBN(0xb679c841, 0x2f65ee0b), + TOBN(0x715a3295, 0x451cbfeb), TOBN(0xd9889768, 0xf76e9a29), + TOBN(0xec20ce7f, 0xb28ad247), TOBN(0xe99146c4, 0x00894d79), + TOBN(0x71457d7c, 0x9f5e3ea7), TOBN(0x097b2662, 0x38030031), + TOBN(0xdb7f6ae6, 0xcf9f82a8), TOBN(0x319decb9, 0x438f473a), + TOBN(0xa63ab386, 0x283856c3), TOBN(0x13e3172f, 0xb06a361b), + TOBN(0x2959f8dc, 0x7d5a006c), TOBN(0x2dbc27c6, 0x75fba752), + TOBN(0xc1227ab2, 0x87c22c9e), TOBN(0x06f61f75, 0x71a268b2), + TOBN(0x1b6bb971, 0x04779ce2), TOBN(0xaca83812, 0x0aadcb1d), + TOBN(0x297ae0bc, 0xaeaab2d5), TOBN(0xa5c14ee7, 0x5bfb9f13), + TOBN(0xaa00c583, 0xf17a62c7), TOBN(0x39eb962c, 0x173759f6), + TOBN(0x1eeba1d4, 0x86c9a88f), TOBN(0x0ab6c37a, 0xdf016c5e), + TOBN(0xa2a147db, 0xa28a0749), TOBN(0x246c20d6, 0xee519165), + TOBN(0x5068d1b1, 0xd3810715), TOBN(0xb1e7018c, 0x748160b9), + TOBN(0x03f5b1fa, 0xf380ff62), TOBN(0xef7fb1dd, 0xf3cb2c1e), + TOBN(0xeab539a8, 0xfc91a7da), TOBN(0x83ddb707, 0xf3f9b561), + TOBN(0xc550e211, 0xfe7df7a4), TOBN(0xa7cd07f2, 0x063f6f40), + TOBN(0xb0de3635, 0x2976879c), TOBN(0xb5f83f85, 0xe55741da), + TOBN(0x4ea9d25e, 0xf3d8ac3d), TOBN(0x6fe2066f, 0x62819f02), + TOBN(0x4ab2b9c2, 0xcef4a564), TOBN(0x1e155d96, 0x5ffa2de3), + TOBN(0x0eb0a19b, 0xc3a72d00), TOBN(0x4037665b, 0x8513c31b), + TOBN(0x2fb2b6bf, 0x04c64637), TOBN(0x45c34d6e, 0x08cdc639), + TOBN(0x56f1e10f, 0xf01fd796), TOBN(0x4dfb8101, 0xfe3667b8), + TOBN(0xe0eda253, 0x9021d0c0), TOBN(0x7a94e9ff, 0x8a06c6ab), + TOBN(0x2d3bb0d9, 0xbb9aa882), TOBN(0xea20e4e5, 0xec05fd10), + TOBN(0xed7eeb5f, 0x1a1ca64e), TOBN(0x2fa6b43c, 0xc6327cbd), + TOBN(0xb577e3cf, 0x3aa91121), TOBN(0x8c6bd5ea, 0x3a34079b), + TOBN(0xd7e5ba39, 0x60e02fc0), TOBN(0xf16dd2c3, 0x90141bf8), + TOBN(0xb57276d9, 0x80101b98), TOBN(0x760883fd, 0xb82f0f66), + TOBN(0x89d7de75, 0x4bc3eff3), TOBN(0x03b60643, 0x5dc2ab40), + TOBN(0xcd6e53df, 0xe05beeac), TOBN(0xf2f1e862, 0xbc3325cd), + TOBN(0xdd0f7921, 0x774f03c3), TOBN(0x97ca7221, 0x4552cc1b), + TOBN(0x5a0d6afe, 0x1cd19f72), TOBN(0xa20915dc, 0xf183fbeb), + TOBN(0x9fda4b40, 0x832c403c), TOBN(0x32738edd, 0xbe425442), + TOBN(0x469a1df6, 0xb5eccf1a), TOBN(0x4b5aff42, 0x28bbe1f0), + TOBN(0x31359d7f, 0x570dfc93), TOBN(0xa18be235, 0xf0088628), + TOBN(0xa5b30fba, 0xb00ed3a9), TOBN(0x34c61374, 0x73cdf8be), + TOBN(0x2c5c5f46, 0xabc56797), TOBN(0x5cecf93d, 0xb82a8ae2), + TOBN(0x7d3dbe41, 0xa968fbf0), TOBN(0xd23d4583, 0x1a5c7f3d), + TOBN(0xf28f69a0, 0xc087a9c7), TOBN(0xc2d75471, 0x474471ca), + TOBN(0x36ec9f4a, 0x4eb732ec), TOBN(0x6c943bbd, 0xb1ca6bed), + TOBN(0xd64535e1, 0xf2457892), TOBN(0x8b84a8ea, 0xf7e2ac06), + TOBN(0xe0936cd3, 0x2499dd5f), TOBN(0x12053d7e, 0x0ed04e57), + TOBN(0x4bdd0076, 0xe4305d9d), TOBN(0x34a527b9, 0x1f67f0a2), + TOBN(0xe79a4af0, 0x9cec46ea), TOBN(0xb15347a1, 0x658b9bc7), + TOBN(0x6bd2796f, 0x35af2f75), TOBN(0xac957990, 0x4051c435), + TOBN(0x2669dda3, 0xc33a655d), TOBN(0x5d503c2e, 0x88514aa3), + TOBN(0xdfa11337, 0x3753dd41), TOBN(0x3f054673, 0x0b754f78), + TOBN(0xbf185677, 0x496125bd), TOBN(0xfb0023c8, 0x3775006c), + TOBN(0xfa0f072f, 0x3a037899), TOBN(0x4222b6eb, 0x0e4aea57), + TOBN(0x3dde5e76, 0x7866d25a), TOBN(0xb6eb04f8, 0x4837aa6f), + TOBN(0x5315591a, 0x2cf1cdb8), TOBN(0x6dfb4f41, 0x2d4e683c), + TOBN(0x7e923ea4, 0x48ee1f3a), TOBN(0x9604d9f7, 0x05a2afd5), + TOBN(0xbe1d4a33, 0x40ea4948), TOBN(0x5b45f1f4, 0xb44cbd2f), + TOBN(0x5faf8376, 0x4acc757e), TOBN(0xa7cf9ab8, 0x63d68ff7), + TOBN(0x8ad62f69, 0xdf0e404b), TOBN(0xd65f33c2, 0x12bdafdf), + TOBN(0xc365de15, 0xa377b14e), TOBN(0x6bf5463b, 0x8e39f60c), + TOBN(0x62030d2d, 0x2ce68148), TOBN(0xd95867ef, 0xe6f843a8), + TOBN(0xd39a0244, 0xef5ab017), TOBN(0x0bd2d8c1, 0x4ab55d12), + TOBN(0xc9503db3, 0x41639169), TOBN(0x2d4e25b0, 0xf7660c8a), + TOBN(0x760cb3b5, 0xe224c5d7), TOBN(0xfa3baf8c, 0x68616919), + TOBN(0x9fbca113, 0x8d142552), TOBN(0x1ab18bf1, 0x7669ebf5), + TOBN(0x55e6f53e, 0x9bdf25dd), TOBN(0x04cc0bf3, 0xcb6cd154), + TOBN(0x595bef49, 0x95e89080), TOBN(0xfe9459a8, 0x104a9ac1), + TOBN(0xad2d89ca, 0xcce9bb32), TOBN(0xddea65e1, 0xf7de8285), + TOBN(0x62ed8c35, 0xb351bd4b), TOBN(0x4150ff36, 0x0c0e19a7), + TOBN(0x86e3c801, 0x345f4e47), TOBN(0x3bf21f71, 0x203a266c), + TOBN(0x7ae110d4, 0x855b1f13), TOBN(0x5d6aaf6a, 0x07262517), + TOBN(0x1e0f12e1, 0x813d28f1), TOBN(0x6000e11d, 0x7ad7a523), + TOBN(0xc7d8deef, 0xc744a17b), TOBN(0x1e990b48, 0x14c05a00), + TOBN(0x68fddaee, 0x93e976d5), TOBN(0x696241d1, 0x46610d63), + TOBN(0xb204e7c3, 0x893dda88), TOBN(0x8bccfa65, 0x6a3a6946), + TOBN(0xb59425b4, 0xc5cd1411), TOBN(0x701b4042, 0xff3658b1), + TOBN(0xe3e56bca, 0x4784cf93), TOBN(0x27de5f15, 0x8fe68d60), + TOBN(0x4ab9cfce, 0xf8d53f19), TOBN(0xddb10311, 0xa40a730d), + TOBN(0x6fa73cd1, 0x4eee0a8a), TOBN(0xfd548748, 0x5249719d), + TOBN(0x49d66316, 0xa8123ef0), TOBN(0x73c32db4, 0xe7f95438), + TOBN(0x2e2ed209, 0x0d9e7854), TOBN(0xf98a9329, 0x9d9f0507), + TOBN(0xc5d33cf6, 0x0c6aa20a), TOBN(0x9a32ba14, 0x75279bb2), + TOBN(0x7e3202cb, 0x774a7307), TOBN(0x64ed4bc4, 0xe8c42dbd), + TOBN(0xc20f1a06, 0xd4caed0d), TOBN(0xb8021407, 0x171d22b3), + TOBN(0xd426ca04, 0xd13268d7), TOBN(0x92377007, 0x25f4d126), + TOBN(0x4204cbc3, 0x71f21a85), TOBN(0x18461b7a, 0xf82369ba), + TOBN(0xc0c07d31, 0x3fc858f9), TOBN(0x5deb5a50, 0xe2bab569), + TOBN(0xd5959d46, 0xd5eea89e), TOBN(0xfdff8424, 0x08437f4b), + TOBN(0xf21071e4, 0x3cfe254f), TOBN(0x72417696, 0x95468321), + TOBN(0x5d8288b9, 0x102cae3e), TOBN(0x2d143e3d, 0xf1965dff), + TOBN(0x00c9a376, 0xa078d847), TOBN(0x6fc0da31, 0x26028731), + TOBN(0xa2baeadf, 0xe45083a2), TOBN(0x66bc7218, 0x5e5b4bcd), + TOBN(0x2c826442, 0xd04b8e7f), TOBN(0xc19f5451, 0x6c4b586b), + TOBN(0x60182c49, 0x5b7eeed5), TOBN(0xd9954ecd, 0x7aa9dfa1), + TOBN(0xa403a8ec, 0xc73884ad), TOBN(0x7fb17de2, 0x9bb39041), + TOBN(0x694b64c5, 0xabb020e8), TOBN(0x3d18c184, 0x19c4eec7), + TOBN(0x9c4673ef, 0x1c4793e5), TOBN(0xc7b8aeb5, 0x056092e6), + TOBN(0x3aa1ca43, 0xf0f8c16b), TOBN(0x224ed5ec, 0xd679b2f6), + TOBN(0x0d56eeaf, 0x55a205c9), TOBN(0xbfe115ba, 0x4b8e028b), + TOBN(0x97e60849, 0x3927f4fe), TOBN(0xf91fbf94, 0x759aa7c5), + TOBN(0x985af769, 0x6be90a51), TOBN(0xc1277b78, 0x78ccb823), + TOBN(0x395b656e, 0xe7a75952), TOBN(0x00df7de0, 0x928da5f5), + TOBN(0x09c23175, 0x4ca4454f), TOBN(0x4ec971f4, 0x7aa2d3c1), + TOBN(0x45c3c507, 0xe75d9ccc), TOBN(0x63b7be8a, 0x3dc90306), + TOBN(0x37e09c66, 0x5db44bdc), TOBN(0x50d60da1, 0x6841c6a2), + TOBN(0x6f9b65ee, 0x08df1b12), TOBN(0x38734879, 0x7ff089df), + TOBN(0x9c331a66, 0x3fe8013d), TOBN(0x017f5de9, 0x5f42fcc8), + TOBN(0x43077866, 0xe8e57567), TOBN(0xc9f781ce, 0xf9fcdb18), + TOBN(0x38131dda, 0x9b12e174), TOBN(0x25d84aa3, 0x8a03752a), + TOBN(0x45e09e09, 0x4d0c0ce2), TOBN(0x1564008b, 0x92bebba5), + TOBN(0xf7e8ad31, 0xa87284c7), TOBN(0xb7c4b46c, 0x97e7bbaa), + TOBN(0x3e22a7b3, 0x97acf4ec), TOBN(0x0426c400, 0x5ea8b640), + TOBN(0x5e3295a6, 0x4e969285), TOBN(0x22aabc59, 0xa6a45670), + TOBN(0xb929714c, 0x5f5942bc), TOBN(0x9a6168bd, 0xfa3182ed), + TOBN(0x2216a665, 0x104152ba), TOBN(0x46908d03, 0xb6926368)}, + { + TOBN(0xa9f5d874, 0x5a1251fb), TOBN(0x967747a8, 0xc72725c7), + TOBN(0x195c33e5, 0x31ffe89e), TOBN(0x609d210f, 0xe964935e), + TOBN(0xcafd6ca8, 0x2fe12227), TOBN(0xaf9b5b96, 0x0426469d), + TOBN(0x2e9ee04c, 0x5693183c), TOBN(0x1084a333, 0xc8146fef), + TOBN(0x96649933, 0xaed1d1f7), TOBN(0x566eaff3, 0x50563090), + TOBN(0x345057f0, 0xad2e39cf), TOBN(0x148ff65b, 0x1f832124), + TOBN(0x042e89d4, 0xcf94cf0d), TOBN(0x319bec84, 0x520c58b3), + TOBN(0x2a267626, 0x5361aa0d), TOBN(0xc86fa302, 0x8fbc87ad), + TOBN(0xfc83d2ab, 0x5c8b06d5), TOBN(0xb1a785a2, 0xfe4eac46), + TOBN(0xb99315bc, 0x846f7779), TOBN(0xcf31d816, 0xef9ea505), + TOBN(0x2391fe6a, 0x15d7dc85), TOBN(0x2f132b04, 0xb4016b33), + TOBN(0x29547fe3, 0x181cb4c7), TOBN(0xdb66d8a6, 0x650155a1), + TOBN(0x6b66d7e1, 0xadc1696f), TOBN(0x98ebe593, 0x0acd72d0), + TOBN(0x65f24550, 0xcc1b7435), TOBN(0xce231393, 0xb4b9a5ec), + TOBN(0x234a22d4, 0xdb067df9), TOBN(0x98dda095, 0xcaff9b00), + TOBN(0x1bbc75a0, 0x6100c9c1), TOBN(0x1560a9c8, 0x939cf695), + TOBN(0xcf006d3e, 0x99e0925f), TOBN(0x2dd74a96, 0x6322375a), + TOBN(0xc58b446a, 0xb56af5ba), TOBN(0x50292683, 0xe0b9b4f1), + TOBN(0xe2c34cb4, 0x1aeaffa3), TOBN(0x8b17203f, 0x9b9587c1), + TOBN(0x6d559207, 0xead1350c), TOBN(0x2b66a215, 0xfb7f9604), + TOBN(0x0850325e, 0xfe51bf74), TOBN(0x9c4f579e, 0x5e460094), + TOBN(0x5c87b92a, 0x76da2f25), TOBN(0x889de4e0, 0x6febef33), + TOBN(0x6900ec06, 0x646083ce), TOBN(0xbe2a0335, 0xbfe12773), + TOBN(0xadd1da35, 0xc5344110), TOBN(0x757568b7, 0xb802cd20), + TOBN(0x75559779, 0x00f7e6c8), TOBN(0x38e8b94f, 0x0facd2f0), + TOBN(0xfea1f3af, 0x03fde375), TOBN(0x5e11a1d8, 0x75881dfc), + TOBN(0xb3a6b02e, 0xc1e2f2ef), TOBN(0x193d2bbb, 0xc605a6c5), + TOBN(0x325ffeee, 0x339a0b2d), TOBN(0x27b6a724, 0x9e0c8846), + TOBN(0xe4050f1c, 0xf1c367ca), TOBN(0x9bc85a9b, 0xc90fbc7d), + TOBN(0xa373c4a2, 0xe1a11032), TOBN(0xb64232b7, 0xad0393a9), + TOBN(0xf5577eb0, 0x167dad29), TOBN(0x1604f301, 0x94b78ab2), + TOBN(0x0baa94af, 0xe829348b), TOBN(0x77fbd8dd, 0x41654342), + TOBN(0xdab50ea5, 0xb964e39a), TOBN(0xd4c29e3c, 0xd0d3c76e), + TOBN(0x80dae67c, 0x56d11964), TOBN(0x7307a8bf, 0xe5ffcc2f), + TOBN(0x65bbc1aa, 0x91708c3b), TOBN(0xa151e62c, 0x28bf0eeb), + TOBN(0x6cb53381, 0x6fa34db7), TOBN(0x5139e05c, 0xa29403a8), + TOBN(0x6ff651b4, 0x94a7cd2e), TOBN(0x5671ffd1, 0x0699336c), + TOBN(0x6f5fd2cc, 0x979a896a), TOBN(0x11e893a8, 0xd8148cef), + TOBN(0x988906a1, 0x65cf7b10), TOBN(0x81b67178, 0xc50d8485), + TOBN(0x7c0deb35, 0x8a35b3de), TOBN(0x423ac855, 0xc1d29799), + TOBN(0xaf580d87, 0xdac50b74), TOBN(0x28b2b89f, 0x5869734c), + TOBN(0x99a3b936, 0x874e28fb), TOBN(0xbb2c9190, 0x25f3f73a), + TOBN(0x199f6918, 0x84a9d5b7), TOBN(0x7ebe2325, 0x7e770374), + TOBN(0xf442e107, 0x0738efe2), TOBN(0xcf9f3f56, 0xcf9082d2), + TOBN(0x719f69e1, 0x09618708), TOBN(0xcc9e8364, 0xc183f9b1), + TOBN(0xec203a95, 0x366a21af), TOBN(0x6aec5d6d, 0x068b141f), + TOBN(0xee2df78a, 0x994f04e9), TOBN(0xb39ccae8, 0x271245b0), + TOBN(0xb875a4a9, 0x97e43f4f), TOBN(0x507dfe11, 0xdb2cea98), + TOBN(0x4fbf81cb, 0x489b03e9), TOBN(0xdb86ec5b, 0x6ec414fa), + TOBN(0xfad444f9, 0xf51b3ae5), TOBN(0xca7d33d6, 0x1914e3fe), + TOBN(0xa9c32f5c, 0x0ae6c4d0), TOBN(0xa9ca1d1e, 0x73969568), + TOBN(0x98043c31, 0x1aa7467e), TOBN(0xe832e75c, 0xe21b5ac6), + TOBN(0x314b7aea, 0x5232123d), TOBN(0x08307c8c, 0x65ae86db), + TOBN(0x06e7165c, 0xaa4668ed), TOBN(0xb170458b, 0xb4d3ec39), + TOBN(0x4d2e3ec6, 0xc19bb986), TOBN(0xc5f34846, 0xae0304ed), + TOBN(0x917695a0, 0x6c9f9722), TOBN(0x6c7f7317, 0x4cab1c0a), + TOBN(0x6295940e, 0x9d6d2e8b), TOBN(0xd318b8c1, 0x549f7c97), + TOBN(0x22453204, 0x97713885), TOBN(0x468d834b, 0xa8a440fe), + TOBN(0xd81fe5b2, 0xbfba796e), TOBN(0x152364db, 0x6d71f116), + TOBN(0xbb8c7c59, 0xb5b66e53), TOBN(0x0b12c61b, 0x2641a192), + TOBN(0x31f14802, 0xfcf0a7fd), TOBN(0x42fd0789, 0x5488b01e), + TOBN(0x71d78d6d, 0x9952b498), TOBN(0x8eb572d9, 0x07ac5201), + TOBN(0xe0a2a44c, 0x4d194a88), TOBN(0xd2b63fd9, 0xba017e66), + TOBN(0x78efc6c8, 0xf888aefc), TOBN(0xb76f6bda, 0x4a881a11), + TOBN(0x187f314b, 0xb46c2397), TOBN(0x004cf566, 0x5ded2819), + TOBN(0xa9ea5704, 0x38764d34), TOBN(0xbba45217, 0x78084709), + TOBN(0x06474571, 0x1171121e), TOBN(0xad7b7eb1, 0xe7c9b671), + TOBN(0xdacfbc40, 0x730f7507), TOBN(0x178cd8c6, 0xc7ad7bd1), + TOBN(0xbf0be101, 0xb2a67238), TOBN(0x3556d367, 0xaf9c14f2), + TOBN(0x104b7831, 0xa5662075), TOBN(0x58ca59bb, 0x79d9e60a), + TOBN(0x4bc45392, 0xa569a73b), TOBN(0x517a52e8, 0x5698f6c9), + TOBN(0x85643da5, 0xaeadd755), TOBN(0x1aed0cd5, 0x2a581b84), + TOBN(0xb9b4ff84, 0x80af1372), TOBN(0x244c3113, 0xf1ba5d1f), + TOBN(0x2a5dacbe, 0xf5f98d31), TOBN(0x2c3323e8, 0x4375bc2a), + TOBN(0x17a3ab4a, 0x5594b1dd), TOBN(0xa1928bfb, 0xceb4797e), + TOBN(0xe83af245, 0xe4886a19), TOBN(0x8979d546, 0x72b5a74a), + TOBN(0xa0f726bc, 0x19f9e967), TOBN(0xd9d03152, 0xe8fbbf4e), + TOBN(0xcfd6f51d, 0xb7707d40), TOBN(0x633084d9, 0x63f6e6e0), + TOBN(0xedcd9cdc, 0x55667eaf), TOBN(0x73b7f92b, 0x2e44d56f), + TOBN(0xfb2e39b6, 0x4e962b14), TOBN(0x7d408f6e, 0xf671fcbf), + TOBN(0xcc634ddc, 0x164a89bb), TOBN(0x74a42bb2, 0x3ef3bd05), + TOBN(0x1280dbb2, 0x428decbb), TOBN(0x6103f6bb, 0x402c8596), + TOBN(0xfa2bf581, 0x355a5752), TOBN(0x562f96a8, 0x00946674), + TOBN(0x4e4ca16d, 0x6da0223b), TOBN(0xfe47819f, 0x28d3aa25), + TOBN(0x9eea3075, 0xf8dfcf8a), TOBN(0xa284f0aa, 0x95669825), + TOBN(0xb3fca250, 0x867d3fd8), TOBN(0x20757b5f, 0x269d691e), + TOBN(0xf2c24020, 0x93b8a5de), TOBN(0xd3f93359, 0xebc06da6), + TOBN(0x1178293e, 0xb2739c33), TOBN(0xd2a3e770, 0xbcd686e5), + TOBN(0xa76f49f4, 0xcd941534), TOBN(0x0d37406b, 0xe3c71c0e), + TOBN(0x172d9397, 0x3b97f7e3), TOBN(0xec17e239, 0xbd7fd0de), + TOBN(0xe3290551, 0x6f496ba2), TOBN(0x6a693172, 0x36ad50e7), + TOBN(0xc4e539a2, 0x83e7eff5), TOBN(0x752737e7, 0x18e1b4cf), + TOBN(0xa2f7932c, 0x68af43ee), TOBN(0x5502468e, 0x703d00bd), + TOBN(0xe5dc978f, 0x2fb061f5), TOBN(0xc9a1904a, 0x28c815ad), + TOBN(0xd3af538d, 0x470c56a4), TOBN(0x159abc5f, 0x193d8ced), + TOBN(0x2a37245f, 0x20108ef3), TOBN(0xfa17081e, 0x223f7178), + TOBN(0x27b0fb2b, 0x10c8c0f5), TOBN(0x2102c3ea, 0x40650547), + TOBN(0x594564df, 0x8ac3bfa7), TOBN(0x98102033, 0x509dad96), + TOBN(0x6989643f, 0xf1d18a13), TOBN(0x35eebd91, 0xd7fc5af0), + TOBN(0x078d096a, 0xfaeaafd8), TOBN(0xb7a89341, 0xdef3de98), + TOBN(0x2a206e8d, 0xecf2a73a), TOBN(0x066a6397, 0x8e551994), + TOBN(0x3a6a088a, 0xb98d53a2), TOBN(0x0ce7c67c, 0x2d1124aa), + TOBN(0x48cec671, 0x759a113c), TOBN(0xe3b373d3, 0x4f6f67fa), + TOBN(0x5455d479, 0xfd36727b), TOBN(0xe5a428ee, 0xa13c0d81), + TOBN(0xb853dbc8, 0x1c86682b), TOBN(0xb78d2727, 0xb8d02b2a), + TOBN(0xaaf69bed, 0x8ebc329a), TOBN(0xdb6b40b3, 0x293b2148), + TOBN(0xe42ea77d, 0xb8c4961f), TOBN(0xb1a12f7c, 0x20e5e0ab), + TOBN(0xa0ec5274, 0x79e8b05e), TOBN(0x68027391, 0xfab60a80), + TOBN(0x6bfeea5f, 0x16b1bd5e), TOBN(0xf957e420, 0x4de30ad3), + TOBN(0xcbaf664e, 0x6a353b9e), TOBN(0x5c873312, 0x26d14feb), + TOBN(0x4e87f98c, 0xb65f57cb), TOBN(0xdb60a621, 0x5e0cdd41), + TOBN(0x67c16865, 0xa6881440), TOBN(0x1093ef1a, 0x46ab52aa), + TOBN(0xc095afb5, 0x3f4ece64), TOBN(0x6a6bb02e, 0x7604551a), + TOBN(0x55d44b4e, 0x0b26b8cd), TOBN(0xe5f9a999, 0xf971268a), + TOBN(0xc08ec425, 0x11a7de84), TOBN(0x83568095, 0xfda469dd), + TOBN(0x737bfba1, 0x6c6c90a2), TOBN(0x1cb9c4a0, 0xbe229831), + TOBN(0x93bccbba, 0xbb2eec64), TOBN(0xa0c23b64, 0xda03adbe), + TOBN(0x5f7aa00a, 0xe0e86ac4), TOBN(0x470b941e, 0xfc1401e6), + TOBN(0x5ad8d679, 0x9df43574), TOBN(0x4ccfb8a9, 0x0f65d810), + TOBN(0x1bce80e3, 0xaa7fbd81), TOBN(0x273291ad, 0x9508d20a), + TOBN(0xf5c4b46b, 0x42a92806), TOBN(0x810684ec, 0xa86ab44a), + TOBN(0x4591640b, 0xca0bc9f8), TOBN(0xb5efcdfc, 0x5c4b6054), + TOBN(0x16fc8907, 0x6e9edd12), TOBN(0xe29d0b50, 0xd4d792f9), + TOBN(0xa45fd01c, 0x9b03116d), TOBN(0x85035235, 0xc81765a4), + TOBN(0x1fe2a9b2, 0xb4b4b67c), TOBN(0xc1d10df0, 0xe8020604), + TOBN(0x9d64abfc, 0xbc8058d8), TOBN(0x8943b9b2, 0x712a0fbb), + TOBN(0x90eed914, 0x3b3def04), TOBN(0x85ab3aa2, 0x4ce775ff), + TOBN(0x605fd4ca, 0x7bbc9040), TOBN(0x8b34a564, 0xe2c75dfb), + TOBN(0x41ffc94a, 0x10358560), TOBN(0x2d8a5072, 0x9e5c28aa), + TOBN(0xe915a0fc, 0x4cc7eb15), TOBN(0xe9efab05, 0x8f6d0f5d), + TOBN(0xdbab47a9, 0xd19e9b91), TOBN(0x8cfed745, 0x0276154c), + TOBN(0x154357ae, 0x2cfede0d), TOBN(0x520630df, 0x19f5a4ef), + TOBN(0x25759f7c, 0xe382360f), TOBN(0xb6db05c9, 0x88bf5857), + TOBN(0x2917d61d, 0x6c58d46c), TOBN(0x14f8e491, 0xfd20cb7a), + TOBN(0xb68a727a, 0x11c20340), TOBN(0x0386f86f, 0xaf7ccbb6), + TOBN(0x5c8bc6cc, 0xfee09a20), TOBN(0x7d76ff4a, 0xbb7eea35), + TOBN(0xa7bdebe7, 0xdb15be7a), TOBN(0x67a08054, 0xd89f0302), + TOBN(0x56bf0ea9, 0xc1193364), TOBN(0xc8244467, 0x62837ebe), + TOBN(0x32bd8e8b, 0x20d841b8), TOBN(0x127a0548, 0xdbb8a54f), + TOBN(0x83dd4ca6, 0x63b20236), TOBN(0x87714718, 0x203491fa), + TOBN(0x4dabcaaa, 0xaa8a5288), TOBN(0x91cc0c8a, 0xaf23a1c9), + TOBN(0x34c72c6a, 0x3f220e0c), TOBN(0xbcc20bdf, 0x1232144a), + TOBN(0x6e2f42da, 0xa20ede1b), TOBN(0xc441f00c, 0x74a00515), + TOBN(0xbf46a5b6, 0x734b8c4b), TOBN(0x57409503, 0x7b56c9a4), + TOBN(0x9f735261, 0xe4585d45), TOBN(0x9231faed, 0x6734e642), + TOBN(0x1158a176, 0xbe70ee6c), TOBN(0x35f1068d, 0x7c3501bf), + TOBN(0x6beef900, 0xa2d26115), TOBN(0x649406f2, 0xef0afee3), + TOBN(0x3f43a60a, 0xbc2420a1), TOBN(0x509002a7, 0xd5aee4ac), + TOBN(0xb46836a5, 0x3ff3571b), TOBN(0x24f98b78, 0x837927c1), + TOBN(0x6254256a, 0x4533c716), TOBN(0xf27abb0b, 0xd07ee196), + TOBN(0xd7cf64fc, 0x5c6d5bfd), TOBN(0x6915c751, 0xf0cd7a77), + TOBN(0xd9f59012, 0x8798f534), TOBN(0x772b0da8, 0xf81d8b5f), + TOBN(0x1244260c, 0x2e03fa69), TOBN(0x36cf0e3a, 0x3be1a374), + TOBN(0x6e7c1633, 0xef06b960), TOBN(0xa71a4c55, 0x671f90f6), + TOBN(0x7a941251, 0x33c673db), TOBN(0xc0bea510, 0x73e8c131), + TOBN(0x61a8a699, 0xd4f6c734), TOBN(0x25e78c88, 0x341ed001), + TOBN(0x5c18acf8, 0x8e2f7d90), TOBN(0xfdbf33d7, 0x77be32cd), + TOBN(0x0a085cd7, 0xd2eb5ee9), TOBN(0x2d702cfb, 0xb3201115), + TOBN(0xb6e0ebdb, 0x85c88ce8), TOBN(0x23a3ce3c, 0x1e01d617), + TOBN(0x3041618e, 0x567333ac), TOBN(0x9dd0fd8f, 0x157edb6b), + TOBN(0x27f74702, 0xb57872b8), TOBN(0x2ef26b4f, 0x657d5fe1), + TOBN(0x95426f0a, 0x57cf3d40), TOBN(0x847e2ad1, 0x65a6067a), + TOBN(0xd474d9a0, 0x09996a74), TOBN(0x16a56acd, 0x2a26115c), + TOBN(0x02a615c3, 0xd16f4d43), TOBN(0xcc3fc965, 0xaadb85b7), + TOBN(0x386bda73, 0xce07d1b0), TOBN(0xd82910c2, 0x58ad4178), + TOBN(0x124f82cf, 0xcd2617f4), TOBN(0xcc2f5e8d, 0xef691770), + TOBN(0x82702550, 0xb8c30ccc), TOBN(0x7b856aea, 0x1a8e575a), + TOBN(0xbb822fef, 0xb1ab9459), TOBN(0x085928bc, 0xec24e38e), + TOBN(0x5d0402ec, 0xba8f4b4d), TOBN(0xc07cd4ba, 0x00b4d58b), + TOBN(0x5d8dffd5, 0x29227e7a), TOBN(0x61d44d0c, 0x31bf386f), + TOBN(0xe486dc2b, 0x135e6f4d), TOBN(0x680962eb, 0xe79410ef), + TOBN(0xa61bd343, 0xf10088b5), TOBN(0x6aa76076, 0xe2e28686), + TOBN(0x80463d11, 0x8fb98871), TOBN(0xcb26f5c3, 0xbbc76aff), + TOBN(0xd4ab8edd, 0xfbe03614), TOBN(0xc8eb579b, 0xc0cf2dee), + TOBN(0xcc004c15, 0xc93bae41), TOBN(0x46fbae5d, 0x3aeca3b2), + TOBN(0x671235cf, 0x0f1e9ab1), TOBN(0xadfba934, 0x9ec285c1), + TOBN(0x88ded013, 0xf216c980), TOBN(0xc8ac4fb8, 0xf79e0bc1), + TOBN(0xa29b89c6, 0xfb97a237), TOBN(0xb697b780, 0x9922d8e7), + TOBN(0x3142c639, 0xddb945b5), TOBN(0x447b06c7, 0xe094c3a9), + TOBN(0xcdcb3642, 0x72266c90), TOBN(0x633aad08, 0xa9385046), + TOBN(0xa36c936b, 0xb57c6477), TOBN(0x871f8b64, 0xe94dbcc6), + TOBN(0x28d0fb62, 0xa591a67b), TOBN(0x9d40e081, 0xc1d926f5), + TOBN(0x3111eaf6, 0xf2d84b5a), TOBN(0x228993f9, 0xa565b644), + TOBN(0x0ccbf592, 0x2c83188b), TOBN(0xf87b30ab, 0x3df3e197), + TOBN(0xb8658b31, 0x7642bca8), TOBN(0x1a032d7f, 0x52800f17), + TOBN(0x051dcae5, 0x79bf9445), TOBN(0xeba6b8ee, 0x54a2e253), + TOBN(0x5c8b9cad, 0xd4485692), TOBN(0x84bda40e, 0x8986e9be), + TOBN(0xd16d16a4, 0x2f0db448), TOBN(0x8ec80050, 0xa14d4188), + TOBN(0xb2b26107, 0x98fa7aaa), TOBN(0x41209ee4, 0xf073aa4e), + TOBN(0xf1570359, 0xf2d6b19b), TOBN(0xcbe6868c, 0xfc577caf), + TOBN(0x186c4bdc, 0x32c04dd3), TOBN(0xa6c35fae, 0xcfeee397), + TOBN(0xb4a1b312, 0xf086c0cf), TOBN(0xe0a5ccc6, 0xd9461fe2), + TOBN(0xc32278aa, 0x1536189f), TOBN(0x1126c55f, 0xba6df571), + TOBN(0x0f71a602, 0xb194560e), TOBN(0x8b2d7405, 0x324bd6e1), + TOBN(0x8481939e, 0x3738be71), TOBN(0xb5090b1a, 0x1a4d97a9), + TOBN(0x116c65a3, 0xf05ba915), TOBN(0x21863ad3, 0xaae448aa), + TOBN(0xd24e2679, 0xa7aae5d3), TOBN(0x7076013d, 0x0de5c1c4), + TOBN(0x2d50f8ba, 0xbb05b629), TOBN(0x73c1abe2, 0x6e66efbb), + TOBN(0xefd4b422, 0xf2488af7), TOBN(0xe4105d02, 0x663ba575), + TOBN(0x7eb60a8b, 0x53a69457), TOBN(0x62210008, 0xc945973b), + TOBN(0xfb255478, 0x77a50ec6), TOBN(0xbf0392f7, 0x0a37a72c), + TOBN(0xa0a7a19c, 0x4be18e7a), TOBN(0x90d8ea16, 0x25b1e0af), + TOBN(0x7582a293, 0xef953f57), TOBN(0x90a64d05, 0xbdc5465a), + TOBN(0xca79c497, 0xe2510717), TOBN(0x560dbb7c, 0x18cb641f), + TOBN(0x1d8e3286, 0x4b66abfb), TOBN(0xd26f52e5, 0x59030900), + TOBN(0x1ee3f643, 0x5584941a), TOBN(0x6d3b3730, 0x569f5958), + TOBN(0x9ff2a62f, 0x4789dba5), TOBN(0x91fcb815, 0x72b5c9b7), + TOBN(0xf446cb7d, 0x6c8f9a0e), TOBN(0x48f625c1, 0x39b7ecb5), + TOBN(0xbabae801, 0x1c6219b8), TOBN(0xe7a562d9, 0x28ac2f23), + TOBN(0xe1b48732, 0x26e20588), TOBN(0x06ee1cad, 0x775af051), + TOBN(0xda29ae43, 0xfaff79f7), TOBN(0xc141a412, 0x652ee9e0), + TOBN(0x1e127f6f, 0x195f4bd0), TOBN(0x29c6ab4f, 0x072f34f8), + TOBN(0x7b7c1477, 0x30448112), TOBN(0x82b51af1, 0xe4a38656), + TOBN(0x2bf2028a, 0x2f315010), TOBN(0xc9a4a01f, 0x6ea88cd4), + TOBN(0xf63e95d8, 0x257e5818), TOBN(0xdd8efa10, 0xb4519b16), + TOBN(0xed8973e0, 0x0da910bf), TOBN(0xed49d077, 0x5c0fe4a9), + TOBN(0xac3aac5e, 0xb7caee1e), TOBN(0x1033898d, 0xa7f4da57), + TOBN(0x42145c0e, 0x5c6669b9), TOBN(0x42daa688, 0xc1aa2aa0), + TOBN(0x629cc15c, 0x1a1d885a), TOBN(0x25572ec0, 0xf4b76817), + TOBN(0x8312e435, 0x9c8f8f28), TOBN(0x8107f8cd, 0x81965490), + TOBN(0x516ff3a3, 0x6fa6110c), TOBN(0x74fb1eb1, 0xfb93561f), + TOBN(0x6c0c9047, 0x8457522b), TOBN(0xcfd32104, 0x6bb8bdc6), + TOBN(0x2d6884a2, 0xcc80ad57), TOBN(0x7c27fc35, 0x86a9b637), + TOBN(0x3461baed, 0xadf4e8cd), TOBN(0x1d56251a, 0x617242f0), + TOBN(0x0b80d209, 0xc955bef4), TOBN(0xdf02cad2, 0x06adb047), + TOBN(0xf0d7cb91, 0x5ec74fee), TOBN(0xd2503375, 0x1111ba44), + TOBN(0x9671755e, 0xdf53cb36), TOBN(0x54dcb612, 0x3368551b), + TOBN(0x66d69aac, 0xc8a025a4), TOBN(0x6be946c6, 0xe77ef445), + TOBN(0x719946d1, 0xa995e094), TOBN(0x65e848f6, 0xe51e04d8), + TOBN(0xe62f3300, 0x6a1e3113), TOBN(0x1541c7c1, 0x501de503), + TOBN(0x4daac9fa, 0xf4acfade), TOBN(0x0e585897, 0x44cd0b71), + TOBN(0x544fd869, 0x0a51cd77), TOBN(0x60fc20ed, 0x0031016d), + TOBN(0x58b404ec, 0xa4276867), TOBN(0x46f6c3cc, 0x34f34993), + TOBN(0x477ca007, 0xc636e5bd), TOBN(0x8018f5e5, 0x7c458b47), + TOBN(0xa1202270, 0xe47b668f), TOBN(0xcef48ccd, 0xee14f203), + TOBN(0x23f98bae, 0x62ff9b4d), TOBN(0x55acc035, 0xc589eddd), + TOBN(0x3fe712af, 0x64db4444), TOBN(0x19e9d634, 0xbecdd480), + TOBN(0xe08bc047, 0xa930978a), TOBN(0x2dbf24ec, 0xa1280733), + TOBN(0x3c0ae38c, 0x2cd706b2), TOBN(0x5b012a5b, 0x359017b9), + TOBN(0x3943c38c, 0x72e0f5ae), TOBN(0x786167ea, 0x57176fa3), + TOBN(0xe5f9897d, 0x594881dc), TOBN(0x6b5efad8, 0xcfb820c1), + TOBN(0xb2179093, 0xd55018de), TOBN(0x39ad7d32, 0x0bac56ce), + TOBN(0xb55122e0, 0x2cfc0e81), TOBN(0x117c4661, 0xf6d89daa), + TOBN(0x362d01e1, 0xcb64fa09), TOBN(0x6a309b4e, 0x3e9c4ddd), + TOBN(0xfa979fb7, 0xabea49b1), TOBN(0xb4b1d27d, 0x10e2c6c5), + TOBN(0xbd61c2c4, 0x23afde7a), TOBN(0xeb6614f8, 0x9786d358), + TOBN(0x4a5d816b, 0x7f6f7459), TOBN(0xe431a44f, 0x09360e7b), + TOBN(0x8c27a032, 0xc309914c), TOBN(0xcea5d68a, 0xcaede3d8), + TOBN(0x3668f665, 0x3a0a3f95), TOBN(0x89369416, 0x7ceba27b), + TOBN(0x89981fad, 0xe4728fe9), TOBN(0x7102c8a0, 0x8a093562), + TOBN(0xbb80310e, 0x235d21c8), TOBN(0x505e55d1, 0xbefb7f7b), + TOBN(0xa0a90811, 0x12958a67), TOBN(0xd67e106a, 0x4d851fef), + TOBN(0xb84011a9, 0x431dd80e), TOBN(0xeb7c7cca, 0x73306cd9), + TOBN(0x20fadd29, 0xd1b3b730), TOBN(0x83858b5b, 0xfe37b3d3), + TOBN(0xbf4cd193, 0xb6251d5c), TOBN(0x1cca1fd3, 0x1352d952), + TOBN(0xc66157a4, 0x90fbc051), TOBN(0x7990a638, 0x89b98636), + }, + {TOBN(0xe5aa692a, 0x87dec0e1), TOBN(0x010ded8d, 0xf7b39d00), + TOBN(0x7b1b80c8, 0x54cfa0b5), TOBN(0x66beb876, 0xa0f8ea28), + TOBN(0x50d7f531, 0x3476cd0e), TOBN(0xa63d0e65, 0xb08d3949), + TOBN(0x1a09eea9, 0x53479fc6), TOBN(0x82ae9891, 0xf499e742), + TOBN(0xab58b910, 0x5ca7d866), TOBN(0x582967e2, 0x3adb3b34), + TOBN(0x89ae4447, 0xcceac0bc), TOBN(0x919c667c, 0x7bf56af5), + TOBN(0x9aec17b1, 0x60f5dcd7), TOBN(0xec697b9f, 0xddcaadbc), + TOBN(0x0b98f341, 0x463467f5), TOBN(0xb187f1f7, 0xa967132f), + TOBN(0x90fe7a1d, 0x214aeb18), TOBN(0x1506af3c, 0x741432f7), + TOBN(0xbb5565f9, 0xe591a0c4), TOBN(0x10d41a77, 0xb44f1bc3), + TOBN(0xa09d65e4, 0xa84bde96), TOBN(0x42f060d8, 0xf20a6a1c), + TOBN(0x652a3bfd, 0xf27f9ce7), TOBN(0xb6bdb65c, 0x3b3d739f), + TOBN(0xeb5ddcb6, 0xec7fae9f), TOBN(0x995f2714, 0xefb66e5a), + TOBN(0xdee95d8e, 0x69445d52), TOBN(0x1b6c2d46, 0x09e27620), + TOBN(0x32621c31, 0x8129d716), TOBN(0xb03909f1, 0x0958c1aa), + TOBN(0x8c468ef9, 0x1af4af63), TOBN(0x162c429f, 0xfba5cdf6), + TOBN(0x2f682343, 0x753b9371), TOBN(0x29cab45a, 0x5f1f9cd7), + TOBN(0x571623ab, 0xb245db96), TOBN(0xc507db09, 0x3fd79999), + TOBN(0x4e2ef652, 0xaf036c32), TOBN(0x86f0cc78, 0x05018e5c), + TOBN(0xc10a73d4, 0xab8be350), TOBN(0x6519b397, 0x7e826327), + TOBN(0xe8cb5eef, 0x9c053df7), TOBN(0x8de25b37, 0xb300ea6f), + TOBN(0xdb03fa92, 0xc849cffb), TOBN(0x242e43a7, 0xe84169bb), + TOBN(0xe4fa51f4, 0xdd6f958e), TOBN(0x6925a77f, 0xf4445a8d), + TOBN(0xe6e72a50, 0xe90d8949), TOBN(0xc66648e3, 0x2b1f6390), + TOBN(0xb2ab1957, 0x173e460c), TOBN(0x1bbbce75, 0x30704590), + TOBN(0xc0a90dbd, 0xdb1c7162), TOBN(0x505e399e, 0x15cdd65d), + TOBN(0x68434dcb, 0x57797ab7), TOBN(0x60ad35ba, 0x6a2ca8e8), + TOBN(0x4bfdb1e0, 0xde3336c1), TOBN(0xbbef99eb, 0xd8b39015), + TOBN(0x6c3b96f3, 0x1711ebec), TOBN(0x2da40f1f, 0xce98fdc4), + TOBN(0xb99774d3, 0x57b4411f), TOBN(0x87c8bdf4, 0x15b65bb6), + TOBN(0xda3a89e3, 0xc2eef12d), TOBN(0xde95bb9b, 0x3c7471f3), + TOBN(0x600f225b, 0xd812c594), TOBN(0x54907c5d, 0x2b75a56b), + TOBN(0xa93cc5f0, 0x8db60e35), TOBN(0x743e3cd6, 0xfa833319), + TOBN(0x7dad5c41, 0xf81683c9), TOBN(0x70c1e7d9, 0x9c34107e), + TOBN(0x0edc4a39, 0xa6be0907), TOBN(0x36d47035, 0x86d0b7d3), + TOBN(0x8c76da03, 0x272bfa60), TOBN(0x0b4a07ea, 0x0f08a414), + TOBN(0x699e4d29, 0x45c1dd53), TOBN(0xcadc5898, 0x231debb5), + TOBN(0xdf49fcc7, 0xa77f00e0), TOBN(0x93057bbf, 0xa73e5a0e), + TOBN(0x2f8b7ecd, 0x027a4cd1), TOBN(0x114734b3, 0xc614011a), + TOBN(0xe7a01db7, 0x67677c68), TOBN(0x89d9be5e, 0x7e273f4f), + TOBN(0xd225cb2e, 0x089808ef), TOBN(0xf1f7a27d, 0xd59e4107), + TOBN(0x53afc761, 0x8211b9c9), TOBN(0x0361bc67, 0xe6819159), + TOBN(0x2a865d0b, 0x7f071426), TOBN(0x6a3c1810, 0xe7072567), + TOBN(0x3e3bca1e, 0x0d6bcabd), TOBN(0xa1b02bc1, 0x408591bc), + TOBN(0xe0deee59, 0x31fba239), TOBN(0xf47424d3, 0x98bd91d1), + TOBN(0x0f8886f4, 0x071a3c1d), TOBN(0x3f7d41e8, 0xa819233b), + TOBN(0x708623c2, 0xcf6eb998), TOBN(0x86bb49af, 0x609a287f), + TOBN(0x942bb249, 0x63c90762), TOBN(0x0ef6eea5, 0x55a9654b), + TOBN(0x5f6d2d72, 0x36f5defe), TOBN(0xfa9922dc, 0x56f99176), + TOBN(0x6c8c5ece, 0xf78ce0c7), TOBN(0x7b44589d, 0xbe09b55e), + TOBN(0xe11b3bca, 0x9ea83770), TOBN(0xd7fa2c7f, 0x2ab71547), + TOBN(0x2a3dd6fa, 0x2a1ddcc0), TOBN(0x09acb430, 0x5a7b7707), + TOBN(0x4add4a2e, 0x649d4e57), TOBN(0xcd53a2b0, 0x1917526e), + TOBN(0xc5262330, 0x20b44ac4), TOBN(0x4028746a, 0xbaa2c31d), + TOBN(0x51318390, 0x64291d4c), TOBN(0xbf48f151, 0xee5ad909), + TOBN(0xcce57f59, 0x7b185681), TOBN(0x7c3ac1b0, 0x4854d442), + TOBN(0x65587dc3, 0xc093c171), TOBN(0xae7acb24, 0x24f42b65), + TOBN(0x5a338adb, 0x955996cb), TOBN(0xc8e65675, 0x6051f91b), + TOBN(0x66711fba, 0x28b8d0b1), TOBN(0x15d74137, 0xb6c10a90), + TOBN(0x70cdd7eb, 0x3a232a80), TOBN(0xc9e2f07f, 0x6191ed24), + TOBN(0xa80d1db6, 0xf79588c0), TOBN(0xfa52fc69, 0xb55768cc), + TOBN(0x0b4df1ae, 0x7f54438a), TOBN(0x0cadd1a7, 0xf9b46a4f), + TOBN(0xb40ea6b3, 0x1803dd6f), TOBN(0x488e4fa5, 0x55eaae35), + TOBN(0x9f047d55, 0x382e4e16), TOBN(0xc9b5b7e0, 0x2f6e0c98), + TOBN(0x6b1bd2d3, 0x95762649), TOBN(0xa9604ee7, 0xc7aea3f6), + TOBN(0x3646ff27, 0x6dc6f896), TOBN(0x9bf0e7f5, 0x2860bad1), + TOBN(0x2d92c821, 0x7cb44b92), TOBN(0xa2f5ce63, 0xaea9c182), + TOBN(0xd0a2afb1, 0x9154a5fd), TOBN(0x482e474c, 0x95801da6), + TOBN(0xc19972d0, 0xb611c24b), TOBN(0x1d468e65, 0x60a8f351), + TOBN(0xeb758069, 0x7bcf6421), TOBN(0xec9dd0ee, 0x88fbc491), + TOBN(0x5b59d2bf, 0x956c2e32), TOBN(0x73dc6864, 0xdcddf94e), + TOBN(0xfd5e2321, 0xbcee7665), TOBN(0xa7b4f8ef, 0x5e9a06c4), + TOBN(0xfba918dd, 0x7280f855), TOBN(0xbbaac260, 0x8baec688), + TOBN(0xa3b3f00f, 0x33400f42), TOBN(0x3d2dba29, 0x66f2e6e4), + TOBN(0xb6f71a94, 0x98509375), TOBN(0x8f33031f, 0xcea423cc), + TOBN(0x009b8dd0, 0x4807e6fb), TOBN(0x5163cfe5, 0x5cdb954c), + TOBN(0x03cc8f17, 0xcf41c6e8), TOBN(0xf1f03c2a, 0x037b925c), + TOBN(0xc39c19cc, 0x66d2427c), TOBN(0x823d24ba, 0x7b6c18e4), + TOBN(0x32ef9013, 0x901f0b4f), TOBN(0x684360f1, 0xf8941c2e), + TOBN(0x0ebaff52, 0x2c28092e), TOBN(0x7891e4e3, 0x256c932f), + TOBN(0x51264319, 0xac445e3d), TOBN(0x553432e7, 0x8ea74381), + TOBN(0xe6eeaa69, 0x67e9c50a), TOBN(0x27ced284, 0x62e628c7), + TOBN(0x3f96d375, 0x7a4afa57), TOBN(0xde0a14c3, 0xe484c150), + TOBN(0x364a24eb, 0x38bd9923), TOBN(0x1df18da0, 0xe5177422), + TOBN(0x174e8f82, 0xd8d38a9b), TOBN(0x2e97c600, 0xe7de1391), + TOBN(0xc5709850, 0xa1c175dd), TOBN(0x969041a0, 0x32ae5035), + TOBN(0xcbfd533b, 0x76a2086b), TOBN(0xd6bba71b, 0xd7c2e8fe), + TOBN(0xb2d58ee6, 0x099dfb67), TOBN(0x3a8b342d, 0x064a85d9), + TOBN(0x3bc07649, 0x522f9be3), TOBN(0x690c075b, 0xdf1f49a8), + TOBN(0x80e1aee8, 0x3854ec42), TOBN(0x2a7dbf44, 0x17689dc7), + TOBN(0xc004fc0e, 0x3faf4078), TOBN(0xb2f02e9e, 0xdf11862c), + TOBN(0xf10a5e0f, 0xa0a1b7b3), TOBN(0x30aca623, 0x8936ec80), + TOBN(0xf83cbf05, 0x02f40d9a), TOBN(0x4681c468, 0x2c318a4d), + TOBN(0x98575618, 0x0e9c2674), TOBN(0xbe79d046, 0x1847092e), + TOBN(0xaf1e480a, 0x78bd01e0), TOBN(0x6dd359e4, 0x72a51db9), + TOBN(0x62ce3821, 0xe3afbab6), TOBN(0xc5cee5b6, 0x17733199), + TOBN(0xe08b30d4, 0x6ffd9fbb), TOBN(0x6e5bc699, 0x36c610b7), + TOBN(0xf343cff2, 0x9ce262cf), TOBN(0xca2e4e35, 0x68b914c1), + TOBN(0x011d64c0, 0x16de36c5), TOBN(0xe0b10fdd, 0x42e2b829), + TOBN(0x78942981, 0x6685aaf8), TOBN(0xe7511708, 0x230ede97), + TOBN(0x671ed8fc, 0x3b922bf8), TOBN(0xe4d8c0a0, 0x4c29b133), + TOBN(0x87eb1239, 0x3b6e99c4), TOBN(0xaff3974c, 0x8793beba), + TOBN(0x03749405, 0x2c18df9b), TOBN(0xc5c3a293, 0x91007139), + TOBN(0x6a77234f, 0xe37a0b95), TOBN(0x02c29a21, 0xb661c96b), + TOBN(0xc3aaf1d6, 0x141ecf61), TOBN(0x9195509e, 0x3bb22f53), + TOBN(0x29597404, 0x22d51357), TOBN(0x1b083822, 0x537bed60), + TOBN(0xcd7d6e35, 0xe07289f0), TOBN(0x1f94c48c, 0x6dd86eff), + TOBN(0xc8bb1f82, 0xeb0f9cfa), TOBN(0x9ee0b7e6, 0x1b2eb97d), + TOBN(0x5a52fe2e, 0x34d74e31), TOBN(0xa352c310, 0x3bf79ab6), + TOBN(0x97ff6c5a, 0xabfeeb8f), TOBN(0xbfbe8fef, 0xf5c97305), + TOBN(0xd6081ce6, 0xa7904608), TOBN(0x1f812f3a, 0xc4fca249), + TOBN(0x9b24bc9a, 0xb9e5e200), TOBN(0x91022c67, 0x38012ee8), + TOBN(0xe83d9c5d, 0x30a713a1), TOBN(0x4876e3f0, 0x84ef0f93), + TOBN(0xc9777029, 0xc1fbf928), TOBN(0xef7a6bb3, 0xbce7d2a4), + TOBN(0xb8067228, 0xdfa2a659), TOBN(0xd5cd3398, 0xd877a48f), + TOBN(0xbea4fd8f, 0x025d0f3f), TOBN(0xd67d2e35, 0x2eae7c2b), + TOBN(0x184de7d7, 0xcc5f4394), TOBN(0xb5551b5c, 0x4536e142), + TOBN(0x2e89b212, 0xd34aa60a), TOBN(0x14a96fea, 0xf50051d5), + TOBN(0x4e21ef74, 0x0d12bb0b), TOBN(0xc522f020, 0x60b9677e), + TOBN(0x8b12e467, 0x2df7731d), TOBN(0x39f80382, 0x7b326d31), + TOBN(0xdfb8630c, 0x39024a94), TOBN(0xaacb96a8, 0x97319452), + TOBN(0xd68a3961, 0xeda3867c), TOBN(0x0c58e2b0, 0x77c4ffca), + TOBN(0x3d545d63, 0x4da919fa), TOBN(0xef79b69a, 0xf15e2289), + TOBN(0x54bc3d3d, 0x808bab10), TOBN(0xc8ab3007, 0x45f82c37), + TOBN(0xc12738b6, 0x7c4a658a), TOBN(0xb3c47639, 0x40e72182), + TOBN(0x3b77be46, 0x8798e44f), TOBN(0xdc047df2, 0x17a7f85f), + TOBN(0x2439d4c5, 0x5e59d92d), TOBN(0xcedca475, 0xe8e64d8d), + TOBN(0xa724cd0d, 0x87ca9b16), TOBN(0x35e4fd59, 0xa5540dfe), + TOBN(0xf8c1ff18, 0xe4bcf6b1), TOBN(0x856d6285, 0x295018fa), + TOBN(0x433f665c, 0x3263c949), TOBN(0xa6a76dd6, 0xa1f21409), + TOBN(0x17d32334, 0xcc7b4f79), TOBN(0xa1d03122, 0x06720e4a), + TOBN(0xadb6661d, 0x81d9bed5), TOBN(0xf0d6fb02, 0x11db15d1), + TOBN(0x7fd11ad5, 0x1fb747d2), TOBN(0xab50f959, 0x3033762b), + TOBN(0x2a7e711b, 0xfbefaf5a), TOBN(0xc7393278, 0x3fef2bbf), + TOBN(0xe29fa244, 0x0df6f9be), TOBN(0x9092757b, 0x71efd215), + TOBN(0xee60e311, 0x4f3d6fd9), TOBN(0x338542d4, 0x0acfb78b), + TOBN(0x44a23f08, 0x38961a0f), TOBN(0x1426eade, 0x986987ca), + TOBN(0x36e6ee2e, 0x4a863cc6), TOBN(0x48059420, 0x628b8b79), + TOBN(0x30303ad8, 0x7396e1de), TOBN(0x5c8bdc48, 0x38c5aad1), + TOBN(0x3e40e11f, 0x5c8f5066), TOBN(0xabd6e768, 0x8d246bbd), + TOBN(0x68aa40bb, 0x23330a01), TOBN(0xd23f5ee4, 0xc34eafa0), + TOBN(0x3bbee315, 0x5de02c21), TOBN(0x18dd4397, 0xd1d8dd06), + TOBN(0x3ba1939a, 0x122d7b44), TOBN(0xe6d3b40a, 0xa33870d6), + TOBN(0x8e620f70, 0x1c4fe3f8), TOBN(0xf6bba1a5, 0xd3a50cbf), + TOBN(0x4a78bde5, 0xcfc0aee0), TOBN(0x847edc46, 0xc08c50bd), + TOBN(0xbaa2439c, 0xad63c9b2), TOBN(0xceb4a728, 0x10fc2acb), + TOBN(0xa419e40e, 0x26da033d), TOBN(0x6cc3889d, 0x03e02683), + TOBN(0x1cd28559, 0xfdccf725), TOBN(0x0fd7e0f1, 0x8d13d208), + TOBN(0x01b9733b, 0x1f0df9d4), TOBN(0x8cc2c5f3, 0xa2b5e4f3), + TOBN(0x43053bfa, 0x3a304fd4), TOBN(0x8e87665c, 0x0a9f1aa7), + TOBN(0x087f29ec, 0xd73dc965), TOBN(0x15ace455, 0x3e9023db), + TOBN(0x2370e309, 0x2bce28b4), TOBN(0xf9723442, 0xb6b1e84a), + TOBN(0xbeee662e, 0xb72d9f26), TOBN(0xb19396de, 0xf0e47109), + TOBN(0x85b1fa73, 0xe13289d0), TOBN(0x436cf77e, 0x54e58e32), + TOBN(0x0ec833b3, 0xe990ef77), TOBN(0x7373e3ed, 0x1b11fc25), + TOBN(0xbe0eda87, 0x0fc332ce), TOBN(0xced04970, 0x8d7ea856), + TOBN(0xf85ff785, 0x7e977ca0), TOBN(0xb66ee8da, 0xdfdd5d2b), + TOBN(0xf5e37950, 0x905af461), TOBN(0x587b9090, 0x966d487c), + TOBN(0x6a198a1b, 0x32ba0127), TOBN(0xa7720e07, 0x141615ac), + TOBN(0xa23f3499, 0x996ef2f2), TOBN(0xef5f64b4, 0x470bcb3d), + TOBN(0xa526a962, 0x92b8c559), TOBN(0x0c14aac0, 0x69740a0f), + TOBN(0x0d41a9e3, 0xa6bdc0a5), TOBN(0x97d52106, 0x9c48aef4), + TOBN(0xcf16bd30, 0x3e7c253b), TOBN(0xcc834b1a, 0x47fdedc1), + TOBN(0x7362c6e5, 0x373aab2e), TOBN(0x264ed85e, 0xc5f590ff), + TOBN(0x7a46d9c0, 0x66d41870), TOBN(0xa50c20b1, 0x4787ba09), + TOBN(0x185e7e51, 0xe3d44635), TOBN(0xb3b3e080, 0x31e2d8dc), + TOBN(0xbed1e558, 0xa179e9d9), TOBN(0x2daa3f79, 0x74a76781), + TOBN(0x4372baf2, 0x3a40864f), TOBN(0x46900c54, 0x4fe75cb5), + TOBN(0xb95f171e, 0xf76765d0), TOBN(0x4ad726d2, 0x95c87502), + TOBN(0x2ec769da, 0x4d7c99bd), TOBN(0x5e2ddd19, 0xc36cdfa8), + TOBN(0xc22117fc, 0xa93e6dea), TOBN(0xe8a2583b, 0x93771123), + TOBN(0xbe2f6089, 0xfa08a3a2), TOBN(0x4809d5ed, 0x8f0e1112), + TOBN(0x3b414aa3, 0xda7a095e), TOBN(0x9049acf1, 0x26f5aadd), + TOBN(0x78d46a4d, 0x6be8b84a), TOBN(0xd66b1963, 0xb732b9b3), + TOBN(0x5c2ac2a0, 0xde6e9555), TOBN(0xcf52d098, 0xb5bd8770), + TOBN(0x15a15fa6, 0x0fd28921), TOBN(0x56ccb81e, 0x8b27536d), + TOBN(0x0f0d8ab8, 0x9f4ccbb8), TOBN(0xed5f44d2, 0xdb221729), + TOBN(0x43141988, 0x00bed10c), TOBN(0xc94348a4, 0x1d735b8b), + TOBN(0x79f3e9c4, 0x29ef8479), TOBN(0x4c13a4e3, 0x614c693f), + TOBN(0x32c9af56, 0x8e143a14), TOBN(0xbc517799, 0xe29ac5c4), + TOBN(0x05e17992, 0x2774856f), TOBN(0x6e52fb05, 0x6c1bf55f), + TOBN(0xaeda4225, 0xe4f19e16), TOBN(0x70f4728a, 0xaf5ccb26), + TOBN(0x5d2118d1, 0xb2947f22), TOBN(0xc827ea16, 0x281d6fb9), + TOBN(0x8412328d, 0x8cf0eabd), TOBN(0x45ee9fb2, 0x03ef9dcf), + TOBN(0x8e700421, 0xbb937d63), TOBN(0xdf8ff2d5, 0xcc4b37a6), + TOBN(0xa4c0d5b2, 0x5ced7b68), TOBN(0x6537c1ef, 0xc7308f59), + TOBN(0x25ce6a26, 0x3b37f8e8), TOBN(0x170e9a9b, 0xdeebc6ce), + TOBN(0xdd037952, 0x8728d72c), TOBN(0x445b0e55, 0x850154bc), + TOBN(0x4b7d0e06, 0x83a7337b), TOBN(0x1e3416d4, 0xffecf249), + TOBN(0x24840eff, 0x66a2b71f), TOBN(0xd0d9a50a, 0xb37cc26d), + TOBN(0xe2198150, 0x6fe28ef7), TOBN(0x3cc5ef16, 0x23324c7f), + TOBN(0x220f3455, 0x769b5263), TOBN(0xe2ade2f1, 0xa10bf475), + TOBN(0x28cd20fa, 0x458d3671), TOBN(0x1549722c, 0x2dc4847b), + TOBN(0x6dd01e55, 0x591941e3), TOBN(0x0e6fbcea, 0x27128ccb), + TOBN(0xae1a1e6b, 0x3bef0262), TOBN(0xfa8c472c, 0x8f54e103), + TOBN(0x7539c0a8, 0x72c052ec), TOBN(0xd7b27369, 0x5a3490e9), + TOBN(0x143fe1f1, 0x71684349), TOBN(0x36b4722e, 0x32e19b97), + TOBN(0xdc059227, 0x90980aff), TOBN(0x175c9c88, 0x9e13d674), + TOBN(0xa7de5b22, 0x6e6bfdb1), TOBN(0x5ea5b7b2, 0xbedb4b46), + TOBN(0xd5570191, 0xd34a6e44), TOBN(0xfcf60d2e, 0xa24ff7e6), + TOBN(0x614a392d, 0x677819e1), TOBN(0x7be74c7e, 0xaa5a29e8), + TOBN(0xab50fece, 0x63c85f3f), TOBN(0xaca2e2a9, 0x46cab337), + TOBN(0x7f700388, 0x122a6fe3), TOBN(0xdb69f703, 0x882a04a8), + TOBN(0x9a77935d, 0xcf7aed57), TOBN(0xdf16207c, 0x8d91c86f), + TOBN(0x2fca49ab, 0x63ed9998), TOBN(0xa3125c44, 0xa77ddf96), + TOBN(0x05dd8a86, 0x24344072), TOBN(0xa023dda2, 0xfec3fb56), + TOBN(0x421b41fc, 0x0c743032), TOBN(0x4f2120c1, 0x5e438639), + TOBN(0xfb7cae51, 0xc83c1b07), TOBN(0xb2370caa, 0xcac2171a), + TOBN(0x2eb2d962, 0x6cc820fb), TOBN(0x59feee5c, 0xb85a44bf), + TOBN(0x94620fca, 0x5b6598f0), TOBN(0x6b922cae, 0x7e314051), + TOBN(0xff8745ad, 0x106bed4e), TOBN(0x546e71f5, 0xdfa1e9ab), + TOBN(0x935c1e48, 0x1ec29487), TOBN(0x9509216c, 0x4d936530), + TOBN(0xc7ca3067, 0x85c9a2db), TOBN(0xd6ae5152, 0x6be8606f), + TOBN(0x09dbcae6, 0xe14c651d), TOBN(0xc9536e23, 0x9bc32f96), + TOBN(0xa90535a9, 0x34521b03), TOBN(0xf39c526c, 0x878756ff), + TOBN(0x383172ec, 0x8aedf03c), TOBN(0x20a8075e, 0xefe0c034), + TOBN(0xf22f9c62, 0x64026422), TOBN(0x8dd10780, 0x24b9d076), + TOBN(0x944c742a, 0x3bef2950), TOBN(0x55b9502e, 0x88a2b00b), + TOBN(0xa59e14b4, 0x86a09817), TOBN(0xa39dd3ac, 0x47bb4071), + TOBN(0x55137f66, 0x3be0592f), TOBN(0x07fcafd4, 0xc9e63f5b), + TOBN(0x963652ee, 0x346eb226), TOBN(0x7dfab085, 0xec2facb7), + TOBN(0x273bf2b8, 0x691add26), TOBN(0x30d74540, 0xf2b46c44), + TOBN(0x05e8e73e, 0xf2c2d065), TOBN(0xff9b8a00, 0xd42eeac9), + TOBN(0x2fcbd205, 0x97209d22), TOBN(0xeb740ffa, 0xde14ea2c), + TOBN(0xc71ff913, 0xa8aef518), TOBN(0x7bfc74bb, 0xfff4cfa2), + TOBN(0x1716680c, 0xb6b36048), TOBN(0x121b2cce, 0x9ef79af1), + TOBN(0xbff3c836, 0xa01eb3d3), TOBN(0x50eb1c6a, 0x5f79077b), + TOBN(0xa48c32d6, 0xa004bbcf), TOBN(0x47a59316, 0x7d64f61d), + TOBN(0x6068147f, 0x93102016), TOBN(0x12c5f654, 0x94d12576), + TOBN(0xefb071a7, 0xc9bc6b91), TOBN(0x7c2da0c5, 0x6e23ea95), + TOBN(0xf4fd45b6, 0xd4a1dd5d), TOBN(0x3e7ad9b6, 0x9122b13c), + TOBN(0x342ca118, 0xe6f57a48), TOBN(0x1c2e94a7, 0x06f8288f), + TOBN(0x99e68f07, 0x5a97d231), TOBN(0x7c80de97, 0x4d838758), + TOBN(0xbce0f5d0, 0x05872727), TOBN(0xbe5d95c2, 0x19c4d016), + TOBN(0x921d5cb1, 0x9c2492ee), TOBN(0x42192dc1, 0x404d6fb3), + TOBN(0x4c84dcd1, 0x32f988d3), TOBN(0xde26d61f, 0xa17b8e85), + TOBN(0xc466dcb6, 0x137c7408), TOBN(0x9a38d7b6, 0x36a266da), + TOBN(0x7ef5cb06, 0x83bebf1b), TOBN(0xe5cdcbbf, 0x0fd014e3), + TOBN(0x30aa376d, 0xf65965a0), TOBN(0x60fe88c2, 0xebb3e95e), + TOBN(0x33fd0b61, 0x66ee6f20), TOBN(0x8827dcdb, 0x3f41f0a0), + TOBN(0xbf8a9d24, 0x0c56c690), TOBN(0x40265dad, 0xddb7641d), + TOBN(0x522b05bf, 0x3a6b662b), TOBN(0x466d1dfe, 0xb1478c9b), + TOBN(0xaa616962, 0x1484469b), TOBN(0x0db60549, 0x02df8f9f), + TOBN(0xc37bca02, 0x3cb8bf51), TOBN(0x5effe346, 0x21371ce8), + TOBN(0xe8f65264, 0xff112c32), TOBN(0x8a9c736d, 0x7b971fb2), + TOBN(0xa4f19470, 0x7b75080d), TOBN(0xfc3f2c5a, 0x8839c59b), + TOBN(0x1d6c777e, 0x5aeb49c2), TOBN(0xf3db034d, 0xda1addfe), + TOBN(0xd76fee5a, 0x5535affc), TOBN(0x0853ac70, 0xb92251fd), + TOBN(0x37e3d594, 0x8b2a29d5), TOBN(0x28f1f457, 0x4de00ddb), + TOBN(0x8083c1b5, 0xf42c328b), TOBN(0xd8ef1d8f, 0xe493c73b), + TOBN(0x96fb6260, 0x41dc61bd), TOBN(0xf74e8a9d, 0x27ee2f8a), + TOBN(0x7c605a80, 0x2c946a5d), TOBN(0xeed48d65, 0x3839ccfd), + TOBN(0x9894344f, 0x3a29467a), TOBN(0xde81e949, 0xc51eba6d), + TOBN(0xdaea066b, 0xa5e5c2f2), TOBN(0x3fc8a614, 0x08c8c7b3), + TOBN(0x7adff88f, 0x06d0de9f), TOBN(0xbbc11cf5, 0x3b75ce0a), + TOBN(0x9fbb7acc, 0xfbbc87d5), TOBN(0xa1458e26, 0x7badfde2)}, + { + TOBN(0x1cb43668, 0xe039c256), TOBN(0x5f26fb8b, 0x7c17fd5d), + TOBN(0xeee426af, 0x79aa062b), TOBN(0x072002d0, 0xd78fbf04), + TOBN(0x4c9ca237, 0xe84fb7e3), TOBN(0xb401d8a1, 0x0c82133d), + TOBN(0xaaa52592, 0x6d7e4181), TOBN(0xe9430833, 0x73dbb152), + TOBN(0xf92dda31, 0xbe24319a), TOBN(0x03f7d28b, 0xe095a8e7), + TOBN(0xa52fe840, 0x98782185), TOBN(0x276ddafe, 0x29c24dbc), + TOBN(0x80cd5496, 0x1d7a64eb), TOBN(0xe4360889, 0x7f1dbe42), + TOBN(0x2f81a877, 0x8438d2d5), TOBN(0x7e4d52a8, 0x85169036), + TOBN(0x19e3d5b1, 0x1d59715d), TOBN(0xc7eaa762, 0xd788983e), + TOBN(0xe5a730b0, 0xabf1f248), TOBN(0xfbab8084, 0xfae3fd83), + TOBN(0x65e50d21, 0x53765b2f), TOBN(0xbdd4e083, 0xfa127f3d), + TOBN(0x9cf3c074, 0x397b1b10), TOBN(0x59f8090c, 0xb1b59fd3), + TOBN(0x7b15fd9d, 0x615faa8f), TOBN(0x8fa1eb40, 0x968554ed), + TOBN(0x7bb4447e, 0x7aa44882), TOBN(0x2bb2d0d1, 0x029fff32), + TOBN(0x075e2a64, 0x6caa6d2f), TOBN(0x8eb879de, 0x22e7351b), + TOBN(0xbcd5624e, 0x9a506c62), TOBN(0x218eaef0, 0xa87e24dc), + TOBN(0x37e56847, 0x44ddfa35), TOBN(0x9ccfc5c5, 0xdab3f747), + TOBN(0x9ac1df3f, 0x1ee96cf4), TOBN(0x0c0571a1, 0x3b480b8f), + TOBN(0x2fbeb3d5, 0x4b3a7b3c), TOBN(0x35c03669, 0x5dcdbb99), + TOBN(0x52a0f5dc, 0xb2415b3a), TOBN(0xd57759b4, 0x4413ed9a), + TOBN(0x1fe647d8, 0x3d30a2c5), TOBN(0x0857f77e, 0xf78a81dc), + TOBN(0x11d5a334, 0x131a4a9b), TOBN(0xc0a94af9, 0x29d393f5), + TOBN(0xbc3a5c0b, 0xdaa6ec1a), TOBN(0xba9fe493, 0x88d2d7ed), + TOBN(0xbb4335b4, 0xbb614797), TOBN(0x991c4d68, 0x72f83533), + TOBN(0x53258c28, 0xd2f01cb3), TOBN(0x93d6eaa3, 0xd75db0b1), + TOBN(0x419a2b0d, 0xe87d0db4), TOBN(0xa1e48f03, 0xd8fe8493), + TOBN(0xf747faf6, 0xc508b23a), TOBN(0xf137571a, 0x35d53549), + TOBN(0x9f5e58e2, 0xfcf9b838), TOBN(0xc7186cee, 0xa7fd3cf5), + TOBN(0x77b868ce, 0xe978a1d3), TOBN(0xe3a68b33, 0x7ab92d04), + TOBN(0x51029794, 0x87a5b862), TOBN(0x5f0606c3, 0x3a61d41d), + TOBN(0x2814be27, 0x6f9326f1), TOBN(0x2f521c14, 0xc6fe3c2e), + TOBN(0x17464d7d, 0xacdf7351), TOBN(0x10f5f9d3, 0x777f7e44), + TOBN(0xce8e616b, 0x269fb37d), TOBN(0xaaf73804, 0x7de62de5), + TOBN(0xaba11175, 0x4fdd4153), TOBN(0x515759ba, 0x3770b49b), + TOBN(0x8b09ebf8, 0xaa423a61), TOBN(0x592245a1, 0xcd41fb92), + TOBN(0x1cba8ec1, 0x9b4c8936), TOBN(0xa87e91e3, 0xaf36710e), + TOBN(0x1fd84ce4, 0x3d34a2e3), TOBN(0xee3759ce, 0xb43b5d61), + TOBN(0x895bc78c, 0x619186c7), TOBN(0xf19c3809, 0xcbb9725a), + TOBN(0xc0be21aa, 0xde744b1f), TOBN(0xa7d222b0, 0x60f8056b), + TOBN(0x74be6157, 0xb23efe11), TOBN(0x6fab2b4f, 0x0cd68253), + TOBN(0xad33ea5f, 0x4bf1d725), TOBN(0x9c1d8ee2, 0x4f6c950f), + TOBN(0x544ee78a, 0xa377af06), TOBN(0x54f489bb, 0x94a113e1), + TOBN(0x8f11d634, 0x992fb7e8), TOBN(0x0169a7aa, 0xa2a44347), + TOBN(0x1d49d4af, 0x95020e00), TOBN(0x95945722, 0xe08e120b), + TOBN(0xb6e33878, 0xa4d32282), TOBN(0xe36e029d, 0x48020ae7), + TOBN(0xe05847fb, 0x37a9b750), TOBN(0xf876812c, 0xb29e3819), + TOBN(0x84ad138e, 0xd23a17f0), TOBN(0x6d7b4480, 0xf0b3950e), + TOBN(0xdfa8aef4, 0x2fd67ae0), TOBN(0x8d3eea24, 0x52333af6), + TOBN(0x0d052075, 0xb15d5acc), TOBN(0xc6d9c79f, 0xbd815bc4), + TOBN(0x8dcafd88, 0xdfa36cf2), TOBN(0x908ccbe2, 0x38aa9070), + TOBN(0x638722c4, 0xba35afce), TOBN(0x5a3da8b0, 0xfd6abf0b), + TOBN(0x2dce252c, 0xc9c335c1), TOBN(0x84e7f0de, 0x65aa799b), + TOBN(0x2101a522, 0xb99a72cb), TOBN(0x06de6e67, 0x87618016), + TOBN(0x5ff8c7cd, 0xe6f3653e), TOBN(0x0a821ab5, 0xc7a6754a), + TOBN(0x7e3fa52b, 0x7cb0b5a2), TOBN(0xa7fb121c, 0xc9048790), + TOBN(0x1a725020, 0x06ce053a), TOBN(0xb490a31f, 0x04e929b0), + TOBN(0xe17be47d, 0x62dd61ad), TOBN(0x781a961c, 0x6be01371), + TOBN(0x1063bfd3, 0xdae3cbba), TOBN(0x35647406, 0x7f73c9ba), + TOBN(0xf50e957b, 0x2736a129), TOBN(0xa6313702, 0xed13f256), + TOBN(0x9436ee65, 0x3a19fcc5), TOBN(0xcf2bdb29, 0xe7a4c8b6), + TOBN(0xb06b1244, 0xc5f95cd8), TOBN(0xda8c8af0, 0xf4ab95f4), + TOBN(0x1bae59c2, 0xb9e5836d), TOBN(0x07d51e7e, 0x3acffffc), + TOBN(0x01e15e6a, 0xc2ccbcda), TOBN(0x3bc1923f, 0x8528c3e0), + TOBN(0x43324577, 0xa49fead4), TOBN(0x61a1b884, 0x2aa7a711), + TOBN(0xf9a86e08, 0x700230ef), TOBN(0x0af585a1, 0xbd19adf8), + TOBN(0x7645f361, 0xf55ad8f2), TOBN(0x6e676223, 0x46c3614c), + TOBN(0x23cb257c, 0x4e774d3f), TOBN(0x82a38513, 0xac102d1b), + TOBN(0x9bcddd88, 0x7b126aa5), TOBN(0xe716998b, 0xeefd3ee4), + TOBN(0x4239d571, 0xfb167583), TOBN(0xdd011c78, 0xd16c8f8a), + TOBN(0x271c2895, 0x69a27519), TOBN(0x9ce0a3b7, 0xd2d64b6a), + TOBN(0x8c977289, 0xd5ec6738), TOBN(0xa3b49f9a, 0x8840ef6b), + TOBN(0x808c14c9, 0x9a453419), TOBN(0x5c00295b, 0x0cf0a2d5), + TOBN(0x524414fb, 0x1d4bcc76), TOBN(0xb07691d2, 0x459a88f1), + TOBN(0x77f43263, 0xf70d110f), TOBN(0x64ada5e0, 0xb7abf9f3), + TOBN(0xafd0f94e, 0x5b544cf5), TOBN(0xb4a13a15, 0xfd2713fe), + TOBN(0xb99b7d6e, 0x250c74f4), TOBN(0x097f2f73, 0x20324e45), + TOBN(0x994b37d8, 0xaffa8208), TOBN(0xc3c31b0b, 0xdc29aafc), + TOBN(0x3da74651, 0x7a3a607f), TOBN(0xd8e1b8c1, 0xfe6955d6), + TOBN(0x716e1815, 0xc8418682), TOBN(0x541d487f, 0x7dc91d97), + TOBN(0x48a04669, 0xc6996982), TOBN(0xf39cab15, 0x83a6502e), + TOBN(0x025801a0, 0xe68db055), TOBN(0xf3569758, 0xba3338d5), + TOBN(0xb0c8c0aa, 0xee2afa84), TOBN(0x4f6985d3, 0xfb6562d1), + TOBN(0x351f1f15, 0x132ed17a), TOBN(0x510ed0b4, 0xc04365fe), + TOBN(0xa3f98138, 0xe5b1f066), TOBN(0xbc9d95d6, 0x32df03dc), + TOBN(0xa83ccf6e, 0x19abd09e), TOBN(0x0b4097c1, 0x4ff17edb), + TOBN(0x58a5c478, 0xd64a06ce), TOBN(0x2ddcc3fd, 0x544a58fd), + TOBN(0xd449503d, 0x9e8153b8), TOBN(0x3324fd02, 0x7774179b), + TOBN(0xaf5d47c8, 0xdbd9120c), TOBN(0xeb860162, 0x34fa94db), + TOBN(0x5817bdd1, 0x972f07f4), TOBN(0xe5579e2e, 0xd27bbceb), + TOBN(0x86847a1f, 0x5f11e5a6), TOBN(0xb39ed255, 0x7c3cf048), + TOBN(0xe1076417, 0xa2f62e55), TOBN(0x6b9ab38f, 0x1bcf82a2), + TOBN(0x4bb7c319, 0x7aeb29f9), TOBN(0xf6d17da3, 0x17227a46), + TOBN(0xab53ddbd, 0x0f968c00), TOBN(0xa03da7ec, 0x000c880b), + TOBN(0x7b239624, 0x6a9ad24d), TOBN(0x612c0401, 0x01ec60d0), + TOBN(0x70d10493, 0x109f5df1), TOBN(0xfbda4030, 0x80af7550), + TOBN(0x30b93f95, 0xc6b9a9b3), TOBN(0x0c74ec71, 0x007d9418), + TOBN(0x94175564, 0x6edb951f), TOBN(0x5f4a9d78, 0x7f22c282), + TOBN(0xb7870895, 0xb38d1196), TOBN(0xbc593df3, 0xa228ce7c), + TOBN(0xc78c5bd4, 0x6af3641a), TOBN(0x7802200b, 0x3d9b3dcc), + TOBN(0x0dc73f32, 0x8be33304), TOBN(0x847ed87d, 0x61ffb79a), + TOBN(0xf85c974e, 0x6d671192), TOBN(0x1e14100a, 0xde16f60f), + TOBN(0x45cb0d5a, 0x95c38797), TOBN(0x18923bba, 0x9b022da4), + TOBN(0xef2be899, 0xbbe7e86e), TOBN(0x4a1510ee, 0x216067bf), + TOBN(0xd98c8154, 0x84d5ce3e), TOBN(0x1af777f0, 0xf92a2b90), + TOBN(0x9fbcb400, 0x4ef65724), TOBN(0x3e04a4c9, 0x3c0ca6fe), + TOBN(0xfb3e2cb5, 0x55002994), TOBN(0x1f3a93c5, 0x5363ecab), + TOBN(0x1fe00efe, 0x3923555b), TOBN(0x744bedd9, 0x1e1751ea), + TOBN(0x3fb2db59, 0x6ab69357), TOBN(0x8dbd7365, 0xf5e6618b), + TOBN(0x99d53099, 0xdf1ea40e), TOBN(0xb3f24a0b, 0x57d61e64), + TOBN(0xd088a198, 0x596eb812), TOBN(0x22c8361b, 0x5762940b), + TOBN(0x66f01f97, 0xf9c0d95c), TOBN(0x88461172, 0x8e43cdae), + TOBN(0x11599a7f, 0xb72b15c3), TOBN(0x135a7536, 0x420d95cc), + TOBN(0x2dcdf0f7, 0x5f7ae2f6), TOBN(0x15fc6e1d, 0xd7fa6da2), + TOBN(0x81ca829a, 0xd1d441b6), TOBN(0x84c10cf8, 0x04a106b6), + TOBN(0xa9b26c95, 0xa73fbbd0), TOBN(0x7f24e0cb, 0x4d8f6ee8), + TOBN(0x48b45937, 0x1e25a043), TOBN(0xf8a74fca, 0x036f3dfe), + TOBN(0x1ed46585, 0xc9f84296), TOBN(0x7fbaa8fb, 0x3bc278b0), + TOBN(0xa8e96cd4, 0x6c4fcbd0), TOBN(0x940a1202, 0x73b60a5f), + TOBN(0x34aae120, 0x55a4aec8), TOBN(0x550e9a74, 0xdbd742f0), + TOBN(0x794456d7, 0x228c68ab), TOBN(0x492f8868, 0xa4e25ec6), + TOBN(0x682915ad, 0xb2d8f398), TOBN(0xf13b51cc, 0x5b84c953), + TOBN(0xcda90ab8, 0x5bb917d6), TOBN(0x4b615560, 0x4ea3dee1), + TOBN(0x578b4e85, 0x0a52c1c8), TOBN(0xeab1a695, 0x20b75fc4), + TOBN(0x60c14f3c, 0xaa0bb3c6), TOBN(0x220f448a, 0xb8216094), + TOBN(0x4fe7ee31, 0xb0e63d34), TOBN(0xf4600572, 0xa9e54fab), + TOBN(0xc0493334, 0xd5e7b5a4), TOBN(0x8589fb92, 0x06d54831), + TOBN(0xaa70f5cc, 0x6583553a), TOBN(0x0879094a, 0xe25649e5), + TOBN(0xcc904507, 0x10044652), TOBN(0xebb0696d, 0x02541c4f), + TOBN(0x5a171fde, 0xb9718710), TOBN(0x38f1bed8, 0xf374a9f5), + TOBN(0xc8c582e1, 0xba39bdc1), TOBN(0xfc457b0a, 0x908cc0ce), + TOBN(0x9a187fd4, 0x883841e2), TOBN(0x8ec25b39, 0x38725381), + TOBN(0x2553ed05, 0x96f84395), TOBN(0x095c7661, 0x6f6c6897), + TOBN(0x917ac85c, 0x4bdc5610), TOBN(0xb2885fe4, 0x179eb301), + TOBN(0x5fc65547, 0x8b78bdcc), TOBN(0x4a9fc893, 0xe59e4699), + TOBN(0xbb7ff0cd, 0x3ce299af), TOBN(0x195be9b3, 0xadf38b20), + TOBN(0x6a929c87, 0xd38ddb8f), TOBN(0x55fcc99c, 0xb21a51b9), + TOBN(0x2b695b4c, 0x721a4593), TOBN(0xed1e9a15, 0x768eaac2), + TOBN(0xfb63d71c, 0x7489f914), TOBN(0xf98ba31c, 0x78118910), + TOBN(0x80291373, 0x9b128eb4), TOBN(0x7801214e, 0xd448af4a), + TOBN(0xdbd2e22b, 0x55418dd3), TOBN(0xeffb3c0d, 0xd3998242), + TOBN(0xdfa6077c, 0xc7bf3827), TOBN(0xf2165bcb, 0x47f8238f), + TOBN(0xfe37cf68, 0x8564d554), TOBN(0xe5f825c4, 0x0a81fb98), + TOBN(0x43cc4f67, 0xffed4d6f), TOBN(0xbc609578, 0xb50a34b0), + TOBN(0x8aa8fcf9, 0x5041faf1), TOBN(0x5659f053, 0x651773b6), + TOBN(0xe87582c3, 0x6044d63b), TOBN(0xa6089409, 0x0cdb0ca0), + TOBN(0x8c993e0f, 0xbfb2bcf6), TOBN(0xfc64a719, 0x45985cfc), + TOBN(0x15c4da80, 0x83dbedba), TOBN(0x804ae112, 0x2be67df7), + TOBN(0xda4c9658, 0xa23defde), TOBN(0x12002ddd, 0x5156e0d3), + TOBN(0xe68eae89, 0x5dd21b96), TOBN(0x8b99f28b, 0xcf44624d), + TOBN(0x0ae00808, 0x1ec8897a), TOBN(0xdd0a9303, 0x6712f76e), + TOBN(0x96237522, 0x4e233de4), TOBN(0x192445b1, 0x2b36a8a5), + TOBN(0xabf9ff74, 0x023993d9), TOBN(0x21f37bf4, 0x2aad4a8f), + TOBN(0x340a4349, 0xf8bd2bbd), TOBN(0x1d902cd9, 0x4868195d), + TOBN(0x3d27bbf1, 0xe5fdb6f1), TOBN(0x7a5ab088, 0x124f9f1c), + TOBN(0xc466ab06, 0xf7a09e03), TOBN(0x2f8a1977, 0x31f2c123), + TOBN(0xda355dc7, 0x041b6657), TOBN(0xcb840d12, 0x8ece2a7c), + TOBN(0xb600ad9f, 0x7db32675), TOBN(0x78fea133, 0x07a06f1b), + TOBN(0x5d032269, 0xb31f6094), TOBN(0x07753ef5, 0x83ec37aa), + TOBN(0x03485aed, 0x9c0bea78), TOBN(0x41bb3989, 0xbc3f4524), + TOBN(0x09403761, 0x697f726d), TOBN(0x6109beb3, 0xdf394820), + TOBN(0x804111ea, 0x3b6d1145), TOBN(0xb6271ea9, 0xa8582654), + TOBN(0x619615e6, 0x24e66562), TOBN(0xa2554945, 0xd7b6ad9c), + TOBN(0xd9c4985e, 0x99bfe35f), TOBN(0x9770ccc0, 0x7b51cdf6), + TOBN(0x7c327013, 0x92881832), TOBN(0x8777d45f, 0x286b26d1), + TOBN(0x9bbeda22, 0xd847999d), TOBN(0x03aa33b6, 0xc3525d32), + TOBN(0x4b7b96d4, 0x28a959a1), TOBN(0xbb3786e5, 0x31e5d234), + TOBN(0xaeb5d3ce, 0x6961f247), TOBN(0x20aa85af, 0x02f93d3f), + TOBN(0x9cd1ad3d, 0xd7a7ae4f), TOBN(0xbf6688f0, 0x781adaa8), + TOBN(0xb1b40e86, 0x7469cead), TOBN(0x1904c524, 0x309fca48), + TOBN(0x9b7312af, 0x4b54bbc7), TOBN(0xbe24bf8f, 0x593affa2), + TOBN(0xbe5e0790, 0xbd98764b), TOBN(0xa0f45f17, 0xa26e299e), + TOBN(0x4af0d2c2, 0x6b8fe4c7), TOBN(0xef170db1, 0x8ae8a3e6), + TOBN(0x0e8d61a0, 0x29e0ccc1), TOBN(0xcd53e87e, 0x60ad36ca), + TOBN(0x328c6623, 0xc8173822), TOBN(0x7ee1767d, 0xa496be55), + TOBN(0x89f13259, 0x648945af), TOBN(0x9e45a5fd, 0x25c8009c), + TOBN(0xaf2febd9, 0x1f61ab8c), TOBN(0x43f6bc86, 0x8a275385), + TOBN(0x87792348, 0xf2142e79), TOBN(0x17d89259, 0xc6e6238a), + TOBN(0x7536d2f6, 0x4a839d9b), TOBN(0x1f428fce, 0x76a1fbdc), + TOBN(0x1c109601, 0x0db06dfe), TOBN(0xbfc16bc1, 0x50a3a3cc), + TOBN(0xf9cbd9ec, 0x9b30f41b), TOBN(0x5b5da0d6, 0x00138cce), + TOBN(0xec1d0a48, 0x56ef96a7), TOBN(0xb47eb848, 0x982bf842), + TOBN(0x66deae32, 0xec3f700d), TOBN(0x4e43c42c, 0xaa1181e0), + TOBN(0xa1d72a31, 0xd1a4aa2a), TOBN(0x440d4668, 0xc004f3ce), + TOBN(0x0d6a2d3b, 0x45fe8a7a), TOBN(0x820e52e2, 0xfb128365), + TOBN(0x29ac5fcf, 0x25e51b09), TOBN(0x180cd2bf, 0x2023d159), + TOBN(0xa9892171, 0xa1ebf90e), TOBN(0xf97c4c87, 0x7c132181), + TOBN(0x9f1dc724, 0xc03dbb7e), TOBN(0xae043765, 0x018cbbe4), + TOBN(0xfb0b2a36, 0x0767d153), TOBN(0xa8e2f4d6, 0x249cbaeb), + TOBN(0x172a5247, 0xd95ea168), TOBN(0x1758fada, 0x2970764a), + TOBN(0xac803a51, 0x1d978169), TOBN(0x299cfe2e, 0xde77e01b), + TOBN(0x652a1e17, 0xb0a98927), TOBN(0x2e26e1d1, 0x20014495), + TOBN(0x7ae0af9f, 0x7175b56a), TOBN(0xc2e22a80, 0xd64b9f95), + TOBN(0x4d0ff9fb, 0xd90a060a), TOBN(0x496a27db, 0xbaf38085), + TOBN(0x32305401, 0xda776bcf), TOBN(0xb8cdcef6, 0x725f209e), + TOBN(0x61ba0f37, 0x436a0bba), TOBN(0x263fa108, 0x76860049), + TOBN(0x92beb98e, 0xda3542cf), TOBN(0xa2d4d14a, 0xd5849538), + TOBN(0x989b9d68, 0x12e9a1bc), TOBN(0x61d9075c, 0x5f6e3268), + TOBN(0x352c6aa9, 0x99ace638), TOBN(0xde4e4a55, 0x920f43ff), + TOBN(0xe5e4144a, 0xd673c017), TOBN(0x667417ae, 0x6f6e05ea), + TOBN(0x613416ae, 0xdcd1bd56), TOBN(0x5eb36201, 0x86693711), + TOBN(0x2d7bc504, 0x3a1aa914), TOBN(0x175a1299, 0x76dc5975), + TOBN(0xe900e0f2, 0x3fc8125c), TOBN(0x569ef68c, 0x11198875), + TOBN(0x9012db63, 0x63a113b4), TOBN(0xe3bd3f56, 0x98835766), + TOBN(0xa5c94a52, 0x76412dea), TOBN(0xad9e2a09, 0xaa735e5c), + TOBN(0x405a984c, 0x508b65e9), TOBN(0xbde4a1d1, 0x6df1a0d1), + TOBN(0x1a9433a1, 0xdfba80da), TOBN(0xe9192ff9, 0x9440ad2e), + TOBN(0x9f649696, 0x5099fe92), TOBN(0x25ddb65c, 0x0b27a54a), + TOBN(0x178279dd, 0xc590da61), TOBN(0x5479a999, 0xfbde681a), + TOBN(0xd0e84e05, 0x013fe162), TOBN(0xbe11dc92, 0x632d471b), + TOBN(0xdf0b0c45, 0xfc0e089f), TOBN(0x04fb15b0, 0x4c144025), + TOBN(0xa61d5fc2, 0x13c99927), TOBN(0xa033e9e0, 0x3de2eb35), + TOBN(0xf8185d5c, 0xb8dacbb4), TOBN(0x9a88e265, 0x8644549d), + TOBN(0xf717af62, 0x54671ff6), TOBN(0x4bd4241b, 0x5fa58603), + TOBN(0x06fba40b, 0xe67773c0), TOBN(0xc1d933d2, 0x6a2847e9), + TOBN(0xf4f5acf3, 0x689e2c70), TOBN(0x92aab0e7, 0x46bafd31), + TOBN(0x798d76aa, 0x3473f6e5), TOBN(0xcc6641db, 0x93141934), + TOBN(0xcae27757, 0xd31e535e), TOBN(0x04cc43b6, 0x87c2ee11), + TOBN(0x8d1f9675, 0x2e029ffa), TOBN(0xc2150672, 0xe4cc7a2c), + TOBN(0x3b03c1e0, 0x8d68b013), TOBN(0xa9d6816f, 0xedf298f3), + TOBN(0x1bfbb529, 0xa2804464), TOBN(0x95a52fae, 0x5db22125), + TOBN(0x55b32160, 0x0e1cb64e), TOBN(0x004828f6, 0x7e7fc9fe), + TOBN(0x13394b82, 0x1bb0fb93), TOBN(0xb6293a2d, 0x35f1a920), + TOBN(0xde35ef21, 0xd145d2d9), TOBN(0xbe6225b3, 0xbb8fa603), + TOBN(0x00fc8f6b, 0x32cf252d), TOBN(0xa28e52e6, 0x117cf8c2), + TOBN(0x9d1dc89b, 0x4c371e6d), TOBN(0xcebe0675, 0x36ef0f28), + TOBN(0x5de05d09, 0xa4292f81), TOBN(0xa8303593, 0x353e3083), + TOBN(0xa1715b0a, 0x7e37a9bb), TOBN(0x8c56f61e, 0x2b8faec3), + TOBN(0x52507431, 0x33c9b102), TOBN(0x0130cefc, 0xa44431f0), + TOBN(0x56039fa0, 0xbd865cfb), TOBN(0x4b03e578, 0xbc5f1dd7), + TOBN(0x40edf2e4, 0xbabe7224), TOBN(0xc752496d, 0x3a1988f6), + TOBN(0xd1572d3b, 0x564beb6b), TOBN(0x0db1d110, 0x39a1c608), + TOBN(0x568d1934, 0x16f60126), TOBN(0x05ae9668, 0xf354af33), + TOBN(0x19de6d37, 0xc92544f2), TOBN(0xcc084353, 0xa35837d5), + TOBN(0xcbb6869c, 0x1a514ece), TOBN(0xb633e728, 0x2e1d1066), + TOBN(0xf15dd69f, 0x936c581c), TOBN(0x96e7b8ce, 0x7439c4f9), + TOBN(0x5e676f48, 0x2e448a5b), TOBN(0xb2ca7d5b, 0xfd916bbb), + TOBN(0xd55a2541, 0xf5024025), TOBN(0x47bc5769, 0xe4c2d937), + TOBN(0x7d31b92a, 0x0362189f), TOBN(0x83f3086e, 0xef7816f9), + TOBN(0xf9f46d94, 0xb587579a), TOBN(0xec2d22d8, 0x30e76c5f), + TOBN(0x27d57461, 0xb000ffcf), TOBN(0xbb7e65f9, 0x364ffc2c), + TOBN(0x7c7c9477, 0x6652a220), TOBN(0x61618f89, 0xd696c981), + TOBN(0x5021701d, 0x89effff3), TOBN(0xf2c8ff8e, 0x7c314163), + TOBN(0x2da413ad, 0x8efb4d3e), TOBN(0x937b5adf, 0xce176d95), + TOBN(0x22867d34, 0x2a67d51c), TOBN(0x262b9b10, 0x18eb3ac9), + TOBN(0x4e314fe4, 0xc43ff28b), TOBN(0x76476627, 0x6a664e7a), + TOBN(0x3e90e40b, 0xb7a565c2), TOBN(0x8588993a, 0xc1acf831), + TOBN(0xd7b501d6, 0x8f938829), TOBN(0x996627ee, 0x3edd7d4c), + TOBN(0x37d44a62, 0x90cd34c7), TOBN(0xa8327499, 0xf3833e8d), + TOBN(0x2e18917d, 0x4bf50353), TOBN(0x85dd726b, 0x556765fb), + TOBN(0x54fe65d6, 0x93d5ab66), TOBN(0x3ddbaced, 0x915c25fe), + TOBN(0xa799d9a4, 0x12f22e85), TOBN(0xe2a24867, 0x6d06f6bc), + TOBN(0xf4f1ee56, 0x43ca1637), TOBN(0xfda2828b, 0x61ece30a), + TOBN(0x758c1a3e, 0xa2dee7a6), TOBN(0xdcde2f3c, 0x734b2284), + TOBN(0xaba445d2, 0x4eaba6ad), TOBN(0x35aaf668, 0x76cee0a7), + TOBN(0x7e0b04a9, 0xe5aa049a), TOBN(0xe74083ad, 0x91103e84), + TOBN(0xbeb183ce, 0x40afecc3), TOBN(0x6b89de9f, 0xea043f7a), + }, + {TOBN(0x0e299d23, 0xfe67ba66), TOBN(0x91450760, 0x93cf2f34), + TOBN(0xf45b5ea9, 0x97fcf913), TOBN(0x5be00843, 0x8bd7ddda), + TOBN(0x358c3e05, 0xd53ff04d), TOBN(0xbf7ccdc3, 0x5de91ef7), + TOBN(0xad684dbf, 0xb69ec1a0), TOBN(0x367e7cf2, 0x801fd997), + TOBN(0x0ca1f3b7, 0xb0dc8595), TOBN(0x27de4608, 0x9f1d9f2e), + TOBN(0x1af3bf39, 0xbadd82a7), TOBN(0x79356a79, 0x65862448), + TOBN(0xc0602345, 0xf5f9a052), TOBN(0x1a8b0f89, 0x139a42f9), + TOBN(0xb53eee42, 0x844d40fc), TOBN(0x93b0bfe5, 0x4e5b6368), + TOBN(0x5434dd02, 0xc024789c), TOBN(0x90dca9ea, 0x41b57bfc), + TOBN(0x8aa898e2, 0x243398df), TOBN(0xf607c834, 0x894a94bb), + TOBN(0xbb07be97, 0xc2c99b76), TOBN(0x6576ba67, 0x18c29302), + TOBN(0x3d79efcc, 0xe703a88c), TOBN(0xf259ced7, 0xb6a0d106), + TOBN(0x0f893a5d, 0xc8de610b), TOBN(0xe8c515fb, 0x67e223ce), + TOBN(0x7774bfa6, 0x4ead6dc5), TOBN(0x89d20f95, 0x925c728f), + TOBN(0x7a1e0966, 0x098583ce), TOBN(0xa2eedb94, 0x93f2a7d7), + TOBN(0x1b282097, 0x4c304d4a), TOBN(0x0842e3da, 0xc077282d), + TOBN(0xe4d972a3, 0x3b9e2d7b), TOBN(0x7cc60b27, 0xc48218ff), + TOBN(0x8fc70838, 0x84149d91), TOBN(0x5c04346f, 0x2f461ecc), + TOBN(0xebe9fdf2, 0x614650a9), TOBN(0x5e35b537, 0xc1f666ac), + TOBN(0x645613d1, 0x88babc83), TOBN(0x88cace3a, 0xc5e1c93e), + TOBN(0x209ca375, 0x3de92e23), TOBN(0xccb03cc8, 0x5fbbb6e3), + TOBN(0xccb90f03, 0xd7b1487e), TOBN(0xfa9c2a38, 0xc710941f), + TOBN(0x756c3823, 0x6724ceed), TOBN(0x3a902258, 0x192d0323), + TOBN(0xb150e519, 0xea5e038e), TOBN(0xdcba2865, 0xc7427591), + TOBN(0xe549237f, 0x78890732), TOBN(0xc443bef9, 0x53fcb4d9), + TOBN(0x9884d8a6, 0xeb3480d6), TOBN(0x8a35b6a1, 0x3048b186), + TOBN(0xb4e44716, 0x65e9a90a), TOBN(0x45bf380d, 0x653006c0), + TOBN(0x8f3f820d, 0x4fe9ae3b), TOBN(0x244a35a0, 0x979a3b71), + TOBN(0xa1010e9d, 0x74cd06ff), TOBN(0x9c17c7df, 0xaca3eeac), + TOBN(0x74c86cd3, 0x8063aa2b), TOBN(0x8595c4b3, 0x734614ff), + TOBN(0xa3de00ca, 0x990f62cc), TOBN(0xd9bed213, 0xca0c3be5), + TOBN(0x7886078a, 0xdf8ce9f5), TOBN(0xddb27ce3, 0x5cd44444), + TOBN(0xed374a66, 0x58926ddd), TOBN(0x138b2d49, 0x908015b8), + TOBN(0x886c6579, 0xde1f7ab8), TOBN(0x888b9aa0, 0xc3020b7a), + TOBN(0xd3ec034e, 0x3a96e355), TOBN(0xba65b0b8, 0xf30fbe9a), + TOBN(0x064c8e50, 0xff21367a), TOBN(0x1f508ea4, 0x0b04b46e), + TOBN(0x98561a49, 0x747c866c), TOBN(0xbbb1e5fe, 0x0518a062), + TOBN(0x20ff4e8b, 0xecdc3608), TOBN(0x7f55cded, 0x20184027), + TOBN(0x8d73ec95, 0xf38c85f0), TOBN(0x5b589fdf, 0x8bc3b8c3), + TOBN(0xbe95dd98, 0x0f12b66f), TOBN(0xf5bd1a09, 0x0e338e01), + TOBN(0x65163ae5, 0x5e915918), TOBN(0x6158d6d9, 0x86f8a46b), + TOBN(0x8466b538, 0xeeebf99c), TOBN(0xca8761f6, 0xbca477ef), + TOBN(0xaf3449c2, 0x9ebbc601), TOBN(0xef3b0f41, 0xe0c3ae2f), + TOBN(0xaa6c577d, 0x5de63752), TOBN(0xe9166601, 0x64682a51), + TOBN(0x5a3097be, 0xfc15aa1e), TOBN(0x40d12548, 0xb54b0745), + TOBN(0x5bad4706, 0x519a5f12), TOBN(0xed03f717, 0xa439dee6), + TOBN(0x0794bb6c, 0x4a02c499), TOBN(0xf725083d, 0xcffe71d2), + TOBN(0x2cad7519, 0x0f3adcaf), TOBN(0x7f68ea1c, 0x43729310), + TOBN(0xe747c8c7, 0xb7ffd977), TOBN(0xec104c35, 0x80761a22), + TOBN(0x8395ebaf, 0x5a3ffb83), TOBN(0xfb3261f4, 0xe4b63db7), + TOBN(0x53544960, 0xd883e544), TOBN(0x13520d70, 0x8cc2eeb8), + TOBN(0x08f6337b, 0xd3d65f99), TOBN(0x83997db2, 0x781cf95b), + TOBN(0xce6ff106, 0x0dbd2c01), TOBN(0x4f8eea6b, 0x1f9ce934), + TOBN(0x546f7c4b, 0x0e993921), TOBN(0x6236a324, 0x5e753fc7), + TOBN(0x65a41f84, 0xa16022e9), TOBN(0x0c18d878, 0x43d1dbb2), + TOBN(0x73c55640, 0x2d4cef9c), TOBN(0xa0428108, 0x70444c74), + TOBN(0x68e4f15e, 0x9afdfb3c), TOBN(0x49a56143, 0x5bdfb6df), + TOBN(0xa9bc1bd4, 0x5f823d97), TOBN(0xbceb5970, 0xea111c2a), + TOBN(0x366b455f, 0xb269bbc4), TOBN(0x7cd85e1e, 0xe9bc5d62), + TOBN(0xc743c41c, 0x4f18b086), TOBN(0xa4b40990, 0x95294fb9), + TOBN(0x9c7c581d, 0x26ee8382), TOBN(0xcf17dcc5, 0x359d638e), + TOBN(0xee8273ab, 0xb728ae3d), TOBN(0x1d112926, 0xf821f047), + TOBN(0x11498477, 0x50491a74), TOBN(0x687fa761, 0xfde0dfb9), + TOBN(0x2c258022, 0x7ea435ab), TOBN(0x6b8bdb94, 0x91ce7e3f), + TOBN(0x4c5b5dc9, 0x3bf834aa), TOBN(0x04371819, 0x4f6c7e4b), + TOBN(0xc284e00a, 0x3736bcad), TOBN(0x0d881118, 0x21ae8f8d), + TOBN(0xf9cf0f82, 0xf48c8e33), TOBN(0xa11fd075, 0xa1bf40db), + TOBN(0xdceab0de, 0xdc2733e5), TOBN(0xc560a8b5, 0x8e986bd7), + TOBN(0x48dd1fe2, 0x3929d097), TOBN(0x3885b290, 0x92f188f1), + TOBN(0x0f2ae613, 0xda6fcdac), TOBN(0x9054303e, 0xb662a46c), + TOBN(0xb6871e44, 0x0738042a), TOBN(0x98e6a977, 0xbdaf6449), + TOBN(0xd8bc0650, 0xd1c9df1b), TOBN(0xef3d6451, 0x36e098f9), + TOBN(0x03fbae82, 0xb6d72d28), TOBN(0x77ca9db1, 0xf5d84080), + TOBN(0x8a112cff, 0xa58efc1c), TOBN(0x518d761c, 0xc564cb4a), + TOBN(0x69b5740e, 0xf0d1b5ce), TOBN(0x717039cc, 0xe9eb1785), + TOBN(0x3fe29f90, 0x22f53382), TOBN(0x8e54ba56, 0x6bc7c95c), + TOBN(0x9c806d8a, 0xf7f91d0f), TOBN(0x3b61b0f1, 0xa82a5728), + TOBN(0x4640032d, 0x94d76754), TOBN(0x273eb5de, 0x47d834c6), + TOBN(0x2988abf7, 0x7b4e4d53), TOBN(0xb7ce66bf, 0xde401777), + TOBN(0x9fba6b32, 0x715071b3), TOBN(0x82413c24, 0xad3a1a98), + TOBN(0x5b7fc8c4, 0xe0e8ad93), TOBN(0xb5679aee, 0x5fab868d), + TOBN(0xb1f9d2fa, 0x2b3946f3), TOBN(0x458897dc, 0x5685b50a), + TOBN(0x1e98c930, 0x89d0caf3), TOBN(0x39564c5f, 0x78642e92), + TOBN(0x1b77729a, 0x0dbdaf18), TOBN(0xf9170722, 0x579e82e6), + TOBN(0x680c0317, 0xe4515fa5), TOBN(0xf85cff84, 0xfb0c790f), + TOBN(0xc7a82aab, 0x6d2e0765), TOBN(0x7446bca9, 0x35c82b32), + TOBN(0x5de607aa, 0x6d63184f), TOBN(0x7c1a46a8, 0x262803a6), + TOBN(0xd218313d, 0xaebe8035), TOBN(0x92113ffd, 0xc73c51f8), + TOBN(0x4b38e083, 0x12e7e46c), TOBN(0x69d0a37a, 0x56126bd5), + TOBN(0xfb3f324b, 0x73c07e04), TOBN(0xa0c22f67, 0x8fda7267), + TOBN(0x8f2c0051, 0x4d2c7d8f), TOBN(0xbc45ced3, 0xcbe2cae5), + TOBN(0xe1c6cf07, 0xa8f0f277), TOBN(0xbc392312, 0x1eb99a98), + TOBN(0x75537b7e, 0x3cc8ac85), TOBN(0x8d725f57, 0xdd02753b), + TOBN(0xfd05ff64, 0xb737df2f), TOBN(0x55fe8712, 0xf6d2531d), + TOBN(0x57ce04a9, 0x6ab6b01c), TOBN(0x69a02a89, 0x7cd93724), + TOBN(0x4f82ac35, 0xcf86699b), TOBN(0x8242d3ad, 0x9cb4b232), + TOBN(0x713d0f65, 0xd62105e5), TOBN(0xbb222bfa, 0x2d29be61), + TOBN(0xf2f9a79e, 0x6cfbef09), TOBN(0xfc24d8d3, 0xd5d6782f), + TOBN(0x5db77085, 0xd4129967), TOBN(0xdb81c3cc, 0xdc3c2a43), + TOBN(0x9d655fc0, 0x05d8d9a3), TOBN(0x3f5d057a, 0x54298026), + TOBN(0x1157f56d, 0x88c54694), TOBN(0xb26baba5, 0x9b09573e), + TOBN(0x2cab03b0, 0x22adffd1), TOBN(0x60a412c8, 0xdd69f383), + TOBN(0xed76e98b, 0x54b25039), TOBN(0xd4ee67d3, 0x687e714d), + TOBN(0x87739648, 0x7b00b594), TOBN(0xce419775, 0xc9ef709b), + TOBN(0x40f76f85, 0x1c203a40), TOBN(0x30d352d6, 0xeafd8f91), + TOBN(0xaf196d3d, 0x95578dd2), TOBN(0xea4bb3d7, 0x77cc3f3d), + TOBN(0x42a5bd03, 0xb98e782b), TOBN(0xac958c40, 0x0624920d), + TOBN(0xb838134c, 0xfc56fcc8), TOBN(0x86ec4ccf, 0x89572e5e), + TOBN(0x69c43526, 0x9be47be0), TOBN(0x323b7dd8, 0xcb28fea1), + TOBN(0xfa5538ba, 0x3a6c67e5), TOBN(0xef921d70, 0x1d378e46), + TOBN(0xf92961fc, 0x3c4b880e), TOBN(0x3f6f914e, 0x98940a67), + TOBN(0xa990eb0a, 0xfef0ff39), TOBN(0xa6c2920f, 0xf0eeff9c), + TOBN(0xca804166, 0x51b8d9a3), TOBN(0x42531bc9, 0x0ffb0db1), + TOBN(0x72ce4718, 0xaa82e7ce), TOBN(0x6e199913, 0xdf574741), + TOBN(0xd5f1b13d, 0xd5d36946), TOBN(0x8255dc65, 0xf68f0194), + TOBN(0xdc9df4cd, 0x8710d230), TOBN(0x3453c20f, 0x138c1988), + TOBN(0x9af98dc0, 0x89a6ef01), TOBN(0x4dbcc3f0, 0x9857df85), + TOBN(0x34805601, 0x5c1ad924), TOBN(0x40448da5, 0xd0493046), + TOBN(0xf629926d, 0x4ee343e2), TOBN(0x6343f1bd, 0x90e8a301), + TOBN(0xefc93491, 0x40815b3f), TOBN(0xf882a423, 0xde8f66fb), + TOBN(0x3a12d5f4, 0xe7db9f57), TOBN(0x7dfba38a, 0x3c384c27), + TOBN(0x7a904bfd, 0x6fc660b1), TOBN(0xeb6c5db3, 0x2773b21c), + TOBN(0xc350ee66, 0x1cdfe049), TOBN(0x9baac0ce, 0x44540f29), + TOBN(0xbc57b6ab, 0xa5ec6aad), TOBN(0x167ce8c3, 0x0a7c1baa), + TOBN(0xb23a03a5, 0x53fb2b56), TOBN(0x6ce141e7, 0x4e057f78), + TOBN(0x796525c3, 0x89e490d9), TOBN(0x0bc95725, 0xa31a7e75), + TOBN(0x1ec56791, 0x1220fd06), TOBN(0x716e3a3c, 0x408b0bd6), + TOBN(0x31cd6bf7, 0xe8ebeba9), TOBN(0xa7326ca6, 0xbee6b670), + TOBN(0x3d9f851c, 0xcd090c43), TOBN(0x561e8f13, 0xf12c3988), + TOBN(0x50490b6a, 0x904b7be4), TOBN(0x61690ce1, 0x0410737b), + TOBN(0x299e9a37, 0x0f009052), TOBN(0x258758f0, 0xf026092e), + TOBN(0x9fa255f3, 0xfdfcdc0f), TOBN(0xdbc9fb1f, 0xc0e1bcd2), + TOBN(0x35f9dd6e, 0x24651840), TOBN(0xdca45a84, 0xa5c59abc), + TOBN(0x103d396f, 0xecca4938), TOBN(0x4532da0a, 0xb97b3f29), + TOBN(0xc4135ea5, 0x1999a6bf), TOBN(0x3aa9505a, 0x5e6bf2ee), + TOBN(0xf77cef06, 0x3f5be093), TOBN(0x97d1a0f8, 0xa943152e), + TOBN(0x2cb0ebba, 0x2e1c21dd), TOBN(0xf41b29fc, 0x2c6797c4), + TOBN(0xc6e17321, 0xb300101f), TOBN(0x4422b0e9, 0xd0d79a89), + TOBN(0x49e4901c, 0x92f1bfc4), TOBN(0x06ab1f8f, 0xe1e10ed9), + TOBN(0x84d35577, 0xdb2926b8), TOBN(0xca349d39, 0x356e8ec2), + TOBN(0x70b63d32, 0x343bf1a9), TOBN(0x8fd3bd28, 0x37d1a6b1), + TOBN(0x0454879c, 0x316865b4), TOBN(0xee959ff6, 0xc458efa2), + TOBN(0x0461dcf8, 0x9706dc3f), TOBN(0x737db0e2, 0x164e4b2e), + TOBN(0x09262680, 0x2f8843c8), TOBN(0x54498bbc, 0x7745e6f6), + TOBN(0x359473fa, 0xa29e24af), TOBN(0xfcc3c454, 0x70aa87a1), + TOBN(0xfd2c4bf5, 0x00573ace), TOBN(0xb65b514e, 0x28dd1965), + TOBN(0xe46ae7cf, 0x2193e393), TOBN(0x60e9a4e1, 0xf5444d97), + TOBN(0xe7594e96, 0x00ff38ed), TOBN(0x43d84d2f, 0x0a0e0f02), + TOBN(0x8b6db141, 0xee398a21), TOBN(0xb88a56ae, 0xe3bcc5be), + TOBN(0x0a1aa52f, 0x373460ea), TOBN(0x20da1a56, 0x160bb19b), + TOBN(0xfb54999d, 0x65bf0384), TOBN(0x71a14d24, 0x5d5a180e), + TOBN(0xbc44db7b, 0x21737b04), TOBN(0xd84fcb18, 0x01dd8e92), + TOBN(0x80de937b, 0xfa44b479), TOBN(0x53505499, 0x5c98fd4f), + TOBN(0x1edb12ab, 0x28f08727), TOBN(0x4c58b582, 0xa5f3ef53), + TOBN(0xbfb236d8, 0x8327f246), TOBN(0xc3a3bfaa, 0x4d7df320), + TOBN(0xecd96c59, 0xb96024f2), TOBN(0xfc293a53, 0x7f4e0433), + TOBN(0x5341352b, 0x5acf6e10), TOBN(0xc50343fd, 0xafe652c3), + TOBN(0x4af3792d, 0x18577a7f), TOBN(0xe1a4c617, 0xaf16823d), + TOBN(0x9b26d0cd, 0x33425d0a), TOBN(0x306399ed, 0x9b7bc47f), + TOBN(0x2a792f33, 0x706bb20b), TOBN(0x31219614, 0x98111055), + TOBN(0x864ec064, 0x87f5d28b), TOBN(0x11392d91, 0x962277fd), + TOBN(0xb5aa7942, 0xbb6aed5f), TOBN(0x080094dc, 0x47e799d9), + TOBN(0x4afa588c, 0x208ba19b), TOBN(0xd3e7570f, 0x8512f284), + TOBN(0xcbae64e6, 0x02f5799a), TOBN(0xdeebe7ef, 0x514b9492), + TOBN(0x30300f98, 0xe5c298ff), TOBN(0x17f561be, 0x3678361f), + TOBN(0xf52ff312, 0x98cb9a16), TOBN(0x6233c3bc, 0x5562d490), + TOBN(0x7bfa15a1, 0x92e3a2cb), TOBN(0x961bcfd1, 0xe6365119), + TOBN(0x3bdd29bf, 0x2c8c53b1), TOBN(0x739704df, 0x822844ba), + TOBN(0x7dacfb58, 0x7e7b754b), TOBN(0x23360791, 0xa806c9b9), + TOBN(0xe7eb88c9, 0x23504452), TOBN(0x2983e996, 0x852c1783), + TOBN(0xdd4ae529, 0x958d881d), TOBN(0x026bae03, 0x262c7b3c), + TOBN(0x3a6f9193, 0x960b52d1), TOBN(0xd0980f90, 0x92696cfb), + TOBN(0x4c1f428c, 0xd5f30851), TOBN(0x94dfed27, 0x2a4f6630), + TOBN(0x4df53772, 0xfc5d48a4), TOBN(0xdd2d5a2f, 0x933260ce), + TOBN(0x574115bd, 0xd44cc7a5), TOBN(0x4ba6b20d, 0xbd12533a), + TOBN(0x30e93cb8, 0x243057c9), TOBN(0x794c486a, 0x14de320e), + TOBN(0xe925d4ce, 0xf21496e4), TOBN(0xf951d198, 0xec696331), + TOBN(0x9810e2de, 0x3e8d812f), TOBN(0xd0a47259, 0x389294ab), + TOBN(0x513ba2b5, 0x0e3bab66), TOBN(0x462caff5, 0xabad306f), + TOBN(0xe2dc6d59, 0xaf04c49e), TOBN(0x1aeb8750, 0xe0b84b0b), + TOBN(0xc034f12f, 0x2f7d0ca2), TOBN(0x6d2e8128, 0xe06acf2f), + TOBN(0x801f4f83, 0x21facc2f), TOBN(0xa1170c03, 0xf40ef607), + TOBN(0xfe0a1d4f, 0x7805a99c), TOBN(0xbde56a36, 0xcc26aba5), + TOBN(0x5b1629d0, 0x35531f40), TOBN(0xac212c2b, 0x9afa6108), + TOBN(0x30a06bf3, 0x15697be5), TOBN(0x6f0545dc, 0x2c63c7c1), + TOBN(0x5d8cb842, 0x7ccdadaf), TOBN(0xd52e379b, 0xac7015bb), + TOBN(0xc4f56147, 0xf462c23e), TOBN(0xd44a4298, 0x46bc24b0), + TOBN(0xbc73d23a, 0xe2856d4f), TOBN(0x61cedd8c, 0x0832bcdf), + TOBN(0x60953556, 0x99f241d7), TOBN(0xee4adbd7, 0x001a349d), + TOBN(0x0b35bf6a, 0xaa89e491), TOBN(0x7f0076f4, 0x136f7546), + TOBN(0xd19a18ba, 0x9264da3d), TOBN(0x6eb2d2cd, 0x62a7a28b), + TOBN(0xcdba941f, 0x8761c971), TOBN(0x1550518b, 0xa3be4a5d), + TOBN(0xd0e8e2f0, 0x57d0b70c), TOBN(0xeea8612e, 0xcd133ba3), + TOBN(0x814670f0, 0x44416aec), TOBN(0x424db6c3, 0x30775061), + TOBN(0xd96039d1, 0x16213fd1), TOBN(0xc61e7fa5, 0x18a3478f), + TOBN(0xa805bdcc, 0xcb0c5021), TOBN(0xbdd6f3a8, 0x0cc616dd), + TOBN(0x06009667, 0x5d97f7e2), TOBN(0x31db0fc1, 0xaf0bf4b6), + TOBN(0x23680ed4, 0x5491627a), TOBN(0xb99a3c66, 0x7d741fb1), + TOBN(0xe9bb5f55, 0x36b1ff92), TOBN(0x29738577, 0x512b388d), + TOBN(0xdb8a2ce7, 0x50fcf263), TOBN(0x385346d4, 0x6c4f7b47), + TOBN(0xbe86c5ef, 0x31631f9e), TOBN(0xbf91da21, 0x03a57a29), + TOBN(0xc3b1f796, 0x7b23f821), TOBN(0x0f7d00d2, 0x770db354), + TOBN(0x8ffc6c3b, 0xd8fe79da), TOBN(0xcc5e8c40, 0xd525c996), + TOBN(0x4640991d, 0xcfff632a), TOBN(0x64d97e8c, 0x67112528), + TOBN(0xc232d973, 0x02f1cd1e), TOBN(0xce87eacb, 0x1dd212a4), + TOBN(0x6e4c8c73, 0xe69802f7), TOBN(0x12ef0290, 0x1fffddbd), + TOBN(0x941ec74e, 0x1bcea6e2), TOBN(0xd0b54024, 0x3cb92cbb), + TOBN(0x809fb9d4, 0x7e8f9d05), TOBN(0x3bf16159, 0xf2992aae), + TOBN(0xad40f279, 0xf8a7a838), TOBN(0x11aea631, 0x05615660), + TOBN(0xbf52e6f1, 0xa01f6fa1), TOBN(0xef046995, 0x3dc2aec9), + TOBN(0x785dbec9, 0xd8080711), TOBN(0xe1aec60a, 0x9fdedf76), + TOBN(0xece797b5, 0xfa21c126), TOBN(0xc66e898f, 0x05e52732), + TOBN(0x39bb69c4, 0x08811fdb), TOBN(0x8bfe1ef8, 0x2fc7f082), + TOBN(0xc8e7a393, 0x174f4138), TOBN(0xfba8ad1d, 0xd58d1f98), + TOBN(0xbc21d0ce, 0xbfd2fd5b), TOBN(0x0b839a82, 0x6ee60d61), + TOBN(0xaacf7658, 0xafd22253), TOBN(0xb526bed8, 0xaae396b3), + TOBN(0xccc1bbc2, 0x38564464), TOBN(0x9e3ff947, 0x8c45bc73), + TOBN(0xcde9bca3, 0x58188a78), TOBN(0x138b8ee0, 0xd73bf8f7), + TOBN(0x5c7e234c, 0x4123c489), TOBN(0x66e69368, 0xfa643297), + TOBN(0x0629eeee, 0x39a15fa3), TOBN(0x95fab881, 0xa9e2a927), + TOBN(0xb2497007, 0xeafbb1e1), TOBN(0xd75c9ce6, 0xe75b7a93), + TOBN(0x3558352d, 0xefb68d78), TOBN(0xa2f26699, 0x223f6396), + TOBN(0xeb911ecf, 0xe469b17a), TOBN(0x62545779, 0xe72d3ec2), + TOBN(0x8ea47de7, 0x82cb113f), TOBN(0xebe4b086, 0x4e1fa98d), + TOBN(0xec2d5ed7, 0x8cdfedb1), TOBN(0xa535c077, 0xfe211a74), + TOBN(0x9678109b, 0x11d244c5), TOBN(0xf17c8bfb, 0xbe299a76), + TOBN(0xb651412e, 0xfb11fbc4), TOBN(0xea0b5482, 0x94ab3f65), + TOBN(0xd8dffd95, 0x0cf78243), TOBN(0x2e719e57, 0xce0361d4), + TOBN(0x9007f085, 0x304ddc5b), TOBN(0x095e8c6d, 0x4daba2ea), + TOBN(0x5a33cdb4, 0x3f9d28a9), TOBN(0x85b95cd8, 0xe2283003), + TOBN(0xbcd6c819, 0xb9744733), TOBN(0x29c5f538, 0xfc7f5783), + TOBN(0x6c49b2fa, 0xd59038e4), TOBN(0x68349cc1, 0x3bbe1018), + TOBN(0xcc490c1d, 0x21830ee5), TOBN(0x36f9c4ee, 0xe9bfa297), + TOBN(0x58fd7294, 0x48de1a94), TOBN(0xaadb13a8, 0x4e8f2cdc), + TOBN(0x515eaaa0, 0x81313dba), TOBN(0xc76bb468, 0xc2152dd8), + TOBN(0x357f8d75, 0xa653dbf8), TOBN(0xe4d8c4d1, 0xb14ac143), + TOBN(0xbdb8e675, 0xb055cb40), TOBN(0x898f8e7b, 0x977b5167), + TOBN(0xecc65651, 0xb82fb863), TOBN(0x56544814, 0x6d88f01f), + TOBN(0xb0928e95, 0x263a75a9), TOBN(0xcfb6836f, 0x1a22fcda), + TOBN(0x651d14db, 0x3f3bd37c), TOBN(0x1d3837fb, 0xb6ad4664), + TOBN(0x7c5fb538, 0xff4f94ab), TOBN(0x7243c712, 0x6d7fb8f2), + TOBN(0xef13d60c, 0xa85c5287), TOBN(0x18cfb7c7, 0x4bb8dd1b), + TOBN(0x82f9bfe6, 0x72908219), TOBN(0x35c4592b, 0x9d5144ab), + TOBN(0x52734f37, 0x9cf4b42f), TOBN(0x6bac55e7, 0x8c60ddc4), + TOBN(0xb5cd811e, 0x94dea0f6), TOBN(0x259ecae4, 0xe18cc1a3), + TOBN(0x6a0e836e, 0x15e660f8), TOBN(0x6c639ea6, 0x0e02bff2), + TOBN(0x8721b8cb, 0x7e1026fd), TOBN(0x9e73b50b, 0x63261942), + TOBN(0xb8c70974, 0x77f01da3), TOBN(0x1839e6a6, 0x8268f57f), + TOBN(0x571b9415, 0x5150b805), TOBN(0x1892389e, 0xf92c7097), + TOBN(0x8d69c18e, 0x4a084b95), TOBN(0x7014c512, 0xbe5b495c), + TOBN(0x4780db36, 0x1b07523c), TOBN(0x2f6219ce, 0x2c1c64fa), + TOBN(0xc38b81b0, 0x602c105a), TOBN(0xab4f4f20, 0x5dc8e360), + TOBN(0x20d3c982, 0xcf7d62d2), TOBN(0x1f36e29d, 0x23ba8150), + TOBN(0x48ae0bf0, 0x92763f9e), TOBN(0x7a527e6b, 0x1d3a7007), + TOBN(0xb4a89097, 0x581a85e3), TOBN(0x1f1a520f, 0xdc158be5), + TOBN(0xf98db37d, 0x167d726e), TOBN(0x8802786e, 0x1113e862)}, + {TOBN(0xefb2149e, 0x36f09ab0), TOBN(0x03f163ca, 0x4a10bb5b), + TOBN(0xd0297045, 0x06e20998), TOBN(0x56f0af00, 0x1b5a3bab), + TOBN(0x7af4cfec, 0x70880e0d), TOBN(0x7332a66f, 0xbe3d913f), + TOBN(0x32e6c84a, 0x7eceb4bd), TOBN(0xedc4a79a, 0x9c228f55), + TOBN(0xc37c7dd0, 0xc55c4496), TOBN(0xa6a96357, 0x25bbabd2), + TOBN(0x5b7e63f2, 0xadd7f363), TOBN(0x9dce3782, 0x2e73f1df), + TOBN(0xe1e5a16a, 0xb2b91f71), TOBN(0xe4489823, 0x5ba0163c), + TOBN(0xf2759c32, 0xf6e515ad), TOBN(0xa5e2f1f8, 0x8615eecf), + TOBN(0x74519be7, 0xabded551), TOBN(0x03d358b8, 0xc8b74410), + TOBN(0x4d00b10b, 0x0e10d9a9), TOBN(0x6392b0b1, 0x28da52b7), + TOBN(0x6744a298, 0x0b75c904), TOBN(0xc305b0ae, 0xa8f7f96c), + TOBN(0x042e421d, 0x182cf932), TOBN(0xf6fc5d50, 0x9e4636ca), + TOBN(0x795847c9, 0xd64cc78c), TOBN(0x6c50621b, 0x9b6cb27b), + TOBN(0x07099bf8, 0xdf8022ab), TOBN(0x48f862eb, 0xc04eda1d), + TOBN(0xd12732ed, 0xe1603c16), TOBN(0x19a80e0f, 0x5c9a9450), + TOBN(0xe2257f54, 0xb429b4fc), TOBN(0x66d3b2c6, 0x45460515), + TOBN(0x6ca4f87e, 0x822e37be), TOBN(0x73f237b4, 0x253bda4e), + TOBN(0xf747f3a2, 0x41190aeb), TOBN(0xf06fa36f, 0x804cf284), + TOBN(0x0a6bbb6e, 0xfc621c12), TOBN(0x5d624b64, 0x40b80ec6), + TOBN(0x4b072425, 0x7ba556f3), TOBN(0x7fa0c354, 0x3e2d20a8), + TOBN(0xe921fa31, 0xe3229d41), TOBN(0xa929c652, 0x94531bd4), + TOBN(0x84156027, 0xa6d38209), TOBN(0xf3d69f73, 0x6bdb97bd), + TOBN(0x8906d19a, 0x16833631), TOBN(0x68a34c2e, 0x03d51be3), + TOBN(0xcb59583b, 0x0e511cd8), TOBN(0x99ce6bfd, 0xfdc132a8), + TOBN(0x3facdaaa, 0xffcdb463), TOBN(0x658bbc1a, 0x34a38b08), + TOBN(0x12a801f8, 0xf1a9078d), TOBN(0x1567bcf9, 0x6ab855de), + TOBN(0xe08498e0, 0x3572359b), TOBN(0xcf0353e5, 0x8659e68b), + TOBN(0xbb86e9c8, 0x7d23807c), TOBN(0xbc08728d, 0x2198e8a2), + TOBN(0x8de2b7bc, 0x453cadd6), TOBN(0x203900a7, 0xbc0bc1f8), + TOBN(0xbcd86e47, 0xa6abd3af), TOBN(0x911cac12, 0x8502effb), + TOBN(0x2d550242, 0xec965469), TOBN(0x0e9f7692, 0x29e0017e), + TOBN(0x633f078f, 0x65979885), TOBN(0xfb87d449, 0x4cf751ef), + TOBN(0xe1790e4b, 0xfc25419a), TOBN(0x36467203, 0x4bff3cfd), + TOBN(0xc8db6386, 0x25b6e83f), TOBN(0x6cc69f23, 0x6cad6fd2), + TOBN(0x0219e45a, 0x6bc68bb9), TOBN(0xe43d79b6, 0x297f7334), + TOBN(0x7d445368, 0x465dc97c), TOBN(0x4b9eea32, 0x2a0b949a), + TOBN(0x1b96c6ba, 0x6102d021), TOBN(0xeaafac78, 0x2f4461ea), + TOBN(0xd4b85c41, 0xc49f19a8), TOBN(0x275c28e4, 0xcf538875), + TOBN(0x35451a9d, 0xdd2e54e0), TOBN(0x6991adb5, 0x0605618b), + TOBN(0x5b8b4bcd, 0x7b36cd24), TOBN(0x372a4f8c, 0x56f37216), + TOBN(0xc890bd73, 0xa6a5da60), TOBN(0x6f083da0, 0xdc4c9ff0), + TOBN(0xf4e14d94, 0xf0536e57), TOBN(0xf9ee1eda, 0xaaec8243), + TOBN(0x571241ec, 0x8bdcf8e7), TOBN(0xa5db8271, 0x0b041e26), + TOBN(0x9a0b9a99, 0xe3fff040), TOBN(0xcaaf21dd, 0x7c271202), + TOBN(0xb4e2b2e1, 0x4f0dd2e8), TOBN(0xe77e7c4f, 0x0a377ac7), + TOBN(0x69202c3f, 0x0d7a2198), TOBN(0xf759b7ff, 0x28200eb8), + TOBN(0xc87526ed, 0xdcfe314e), TOBN(0xeb84c524, 0x53d5cf99), + TOBN(0xb1b52ace, 0x515138b6), TOBN(0x5aa7ff8c, 0x23fca3f4), + TOBN(0xff0b13c3, 0xb9791a26), TOBN(0x960022da, 0xcdd58b16), + TOBN(0xdbd55c92, 0x57aad2de), TOBN(0x3baaaaa3, 0xf30fe619), + TOBN(0x9a4b2346, 0x0d881efd), TOBN(0x506416c0, 0x46325e2a), + TOBN(0x91381e76, 0x035c18d4), TOBN(0xb3bb68be, 0xf27817b0), + TOBN(0x15bfb8bf, 0x5116f937), TOBN(0x7c64a586, 0xc1268943), + TOBN(0x71e25cc3, 0x8419a2c8), TOBN(0x9fd6b0c4, 0x8335f463), + TOBN(0x4bf0ba3c, 0xe8ee0e0e), TOBN(0x6f6fba60, 0x298c21fa), + TOBN(0x57d57b39, 0xae66bee0), TOBN(0x292d5130, 0x22672544), + TOBN(0xf451105d, 0xbab093b3), TOBN(0x012f59b9, 0x02839986), + TOBN(0x8a915802, 0x3474a89c), TOBN(0x048c919c, 0x2de03e97), + TOBN(0xc476a2b5, 0x91071cd5), TOBN(0x791ed89a, 0x034970a5), + TOBN(0x89bd9042, 0xe1b7994b), TOBN(0x8eaf5179, 0xa1057ffd), + TOBN(0x6066e2a2, 0xd551ee10), TOBN(0x87a8f1d8, 0x727e09a6), + TOBN(0x00d08bab, 0x2c01148d), TOBN(0x6da8e4f1, 0x424f33fe), + TOBN(0x466d17f0, 0xcf9a4e71), TOBN(0xff502010, 0x3bf5cb19), + TOBN(0xdccf97d8, 0xd062ecc0), TOBN(0x80c0d9af, 0x81d80ac4), + TOBN(0xe87771d8, 0x033f2876), TOBN(0xb0186ec6, 0x7d5cc3db), + TOBN(0x58e8bb80, 0x3bc9bc1d), TOBN(0x4d1395cc, 0x6f6ef60e), + TOBN(0xa73c62d6, 0x186244a0), TOBN(0x918e5f23, 0x110a5b53), + TOBN(0xed4878ca, 0x741b7eab), TOBN(0x3038d71a, 0xdbe03e51), + TOBN(0x840204b7, 0xa93c3246), TOBN(0x21ab6069, 0xa0b9b4cd), + TOBN(0xf5fa6e2b, 0xb1d64218), TOBN(0x1de6ad0e, 0xf3d56191), + TOBN(0x570aaa88, 0xff1929c7), TOBN(0xc6df4c6b, 0x640e87b5), + TOBN(0xde8a74f2, 0xc65f0ccc), TOBN(0x8b972fd5, 0xe6f6cc01), + TOBN(0x3fff36b6, 0x0b846531), TOBN(0xba7e45e6, 0x10a5e475), + TOBN(0x84a1d10e, 0x4145b6c5), TOBN(0xf1f7f91a, 0x5e046d9d), + TOBN(0x0317a692, 0x44de90d7), TOBN(0x951a1d4a, 0xf199c15e), + TOBN(0x91f78046, 0xc9d73deb), TOBN(0x74c82828, 0xfab8224f), + TOBN(0xaa6778fc, 0xe7560b90), TOBN(0xb4073e61, 0xa7e824ce), + TOBN(0xff0d693c, 0xd642eba8), TOBN(0x7ce2e57a, 0x5dccef38), + TOBN(0x89c2c789, 0x1df1ad46), TOBN(0x83a06922, 0x098346fd), + TOBN(0x2d715d72, 0xda2fc177), TOBN(0x7b6dd71d, 0x85b6cf1d), + TOBN(0xc60a6d0a, 0x73fa9cb0), TOBN(0xedd3992e, 0x328bf5a9), + TOBN(0xc380ddd0, 0x832c8c82), TOBN(0xd182d410, 0xa2a0bf50), + TOBN(0x7d9d7438, 0xd9a528db), TOBN(0xe8b1a0e9, 0xcaf53994), + TOBN(0xddd6e5fe, 0x0e19987c), TOBN(0xacb8df03, 0x190b059d), + TOBN(0x53703a32, 0x8300129f), TOBN(0x1f637662, 0x68c43bfd), + TOBN(0xbcbd1913, 0x00e54051), TOBN(0x812fcc62, 0x7bf5a8c5), + TOBN(0x3f969d5f, 0x29fb85da), TOBN(0x72f4e00a, 0x694759e8), + TOBN(0x426b6e52, 0x790726b7), TOBN(0x617bbc87, 0x3bdbb209), + TOBN(0x511f8bb9, 0x97aee317), TOBN(0x812a4096, 0xe81536a8), + TOBN(0x137dfe59, 0x3ac09b9b), TOBN(0x0682238f, 0xba8c9a7a), + TOBN(0x7072ead6, 0xaeccb4bd), TOBN(0x6a34e9aa, 0x692ba633), + TOBN(0xc82eaec2, 0x6fff9d33), TOBN(0xfb753512, 0x1d4d2b62), + TOBN(0x1a0445ff, 0x1d7aadab), TOBN(0x65d38260, 0xd5f6a67c), + TOBN(0x6e62fb08, 0x91cfb26f), TOBN(0xef1e0fa5, 0x5c7d91d6), + TOBN(0x47e7c7ba, 0x33db72cd), TOBN(0x017cbc09, 0xfa7c74b2), + TOBN(0x3c931590, 0xf50a503c), TOBN(0xcac54f60, 0x616baa42), + TOBN(0x9b6cd380, 0xb2369f0f), TOBN(0x97d3a70d, 0x23c76151), + TOBN(0x5f9dd6fc, 0x9862a9c6), TOBN(0x044c4ab2, 0x12312f51), + TOBN(0x035ea0fd, 0x834a2ddc), TOBN(0x49e6b862, 0xcc7b826d), + TOBN(0xb03d6883, 0x62fce490), TOBN(0x62f2497a, 0xb37e36e9), + TOBN(0x04b005b6, 0xc6458293), TOBN(0x36bb5276, 0xe8d10af7), + TOBN(0xacf2dc13, 0x8ee617b8), TOBN(0x470d2d35, 0xb004b3d4), + TOBN(0x06790832, 0xfeeb1b77), TOBN(0x2bb75c39, 0x85657f9c), + TOBN(0xd70bd4ed, 0xc0f60004), TOBN(0xfe797ecc, 0x219b018b), + TOBN(0x9b5bec2a, 0x753aebcc), TOBN(0xdaf9f3dc, 0xc939eca5), + TOBN(0xd6bc6833, 0xd095ad09), TOBN(0x98abdd51, 0xdaa4d2fc), + TOBN(0xd9840a31, 0x8d168be5), TOBN(0xcf7c10e0, 0x2325a23c), + TOBN(0xa5c02aa0, 0x7e6ecfaf), TOBN(0x2462e7e6, 0xb5bfdf18), + TOBN(0xab2d8a8b, 0xa0cc3f12), TOBN(0x68dd485d, 0xbc672a29), + TOBN(0x72039752, 0x596f2cd3), TOBN(0x5d3eea67, 0xa0cf3d8d), + TOBN(0x810a1a81, 0xe6602671), TOBN(0x8f144a40, 0x14026c0c), + TOBN(0xbc753a6d, 0x76b50f85), TOBN(0xc4dc21e8, 0x645cd4a4), + TOBN(0xc5262dea, 0x521d0378), TOBN(0x802b8e0e, 0x05011c6f), + TOBN(0x1ba19cbb, 0x0b4c19ea), TOBN(0x21db64b5, 0xebf0aaec), + TOBN(0x1f394ee9, 0x70342f9d), TOBN(0x93a10aee, 0x1bc44a14), + TOBN(0xa7eed31b, 0x3efd0baa), TOBN(0x6e7c824e, 0x1d154e65), + TOBN(0xee23fa81, 0x9966e7ee), TOBN(0x64ec4aa8, 0x05b7920d), + TOBN(0x2d44462d, 0x2d90aad4), TOBN(0xf44dd195, 0xdf277ad5), + TOBN(0x8d6471f1, 0xbb46b6a1), TOBN(0x1e65d313, 0xfd885090), + TOBN(0x33a800f5, 0x13a977b4), TOBN(0xaca9d721, 0x0797e1ef), + TOBN(0x9a5a85a0, 0xfcff6a17), TOBN(0x9970a3f3, 0x1eca7cee), + TOBN(0xbb9f0d6b, 0xc9504be3), TOBN(0xe0c504be, 0xadd24ee2), + TOBN(0x7e09d956, 0x77fcc2f4), TOBN(0xef1a5227, 0x65bb5fc4), + TOBN(0x145d4fb1, 0x8b9286aa), TOBN(0x66fd0c5d, 0x6649028b), + TOBN(0x98857ceb, 0x1bf4581c), TOBN(0xe635e186, 0xaca7b166), + TOBN(0x278ddd22, 0x659722ac), TOBN(0xa0903c4c, 0x1db68007), + TOBN(0x366e4589, 0x48f21402), TOBN(0x31b49c14, 0xb96abda2), + TOBN(0x329c4b09, 0xe0403190), TOBN(0x97197ca3, 0xd29f43fe), + TOBN(0x8073dd1e, 0x274983d8), TOBN(0xda1a3bde, 0x55717c8f), + TOBN(0xfd3d4da2, 0x0361f9d1), TOBN(0x1332d081, 0x4c7de1ce), + TOBN(0x9b7ef7a3, 0xaa6d0e10), TOBN(0x17db2e73, 0xf54f1c4a), + TOBN(0xaf3dffae, 0x4cd35567), TOBN(0xaaa2f406, 0xe56f4e71), + TOBN(0x8966759e, 0x7ace3fc7), TOBN(0x9594eacf, 0x45a8d8c6), + TOBN(0x8de3bd8b, 0x91834e0e), TOBN(0xafe4ca53, 0x548c0421), + TOBN(0xfdd7e856, 0xe6ee81c6), TOBN(0x8f671beb, 0x6b891a3a), + TOBN(0xf7a58f2b, 0xfae63829), TOBN(0x9ab186fb, 0x9c11ac9f), + TOBN(0x8d6eb369, 0x10b5be76), TOBN(0x046b7739, 0xfb040bcd), + TOBN(0xccb4529f, 0xcb73de88), TOBN(0x1df0fefc, 0xcf26be03), + TOBN(0xad7757a6, 0xbcfcd027), TOBN(0xa8786c75, 0xbb3165ca), + TOBN(0xe9db1e34, 0x7e99a4d9), TOBN(0x99ee86df, 0xb06c504b), + TOBN(0x5b7c2ddd, 0xc15c9f0a), TOBN(0xdf87a734, 0x4295989e), + TOBN(0x59ece47c, 0x03d08fda), TOBN(0xb074d3dd, 0xad5fc702), + TOBN(0x20407903, 0x51a03776), TOBN(0x2bb1f77b, 0x2a608007), + TOBN(0x25c58f4f, 0xe1153185), TOBN(0xe6df62f6, 0x766e6447), + TOBN(0xefb3d1be, 0xed51275a), TOBN(0x5de47dc7, 0x2f0f483f), + TOBN(0x7932d98e, 0x97c2bedf), TOBN(0xd5c11927, 0x0219f8a1), + TOBN(0x9d751200, 0xa73a294e), TOBN(0x5f88434a, 0x9dc20172), + TOBN(0xd28d9fd3, 0xa26f506a), TOBN(0xa890cd31, 0x9d1dcd48), + TOBN(0x0aebaec1, 0x70f4d3b4), TOBN(0xfd1a1369, 0x0ffc8d00), + TOBN(0xb9d9c240, 0x57d57838), TOBN(0x45929d26, 0x68bac361), + TOBN(0x5a2cd060, 0x25b15ca6), TOBN(0x4b3c83e1, 0x6e474446), + TOBN(0x1aac7578, 0xee1e5134), TOBN(0xa418f5d6, 0xc91e2f41), + TOBN(0x6936fc8a, 0x213ed68b), TOBN(0x860ae7ed, 0x510a5224), + TOBN(0x63660335, 0xdef09b53), TOBN(0x641b2897, 0xcd79c98d), + TOBN(0x29bd38e1, 0x01110f35), TOBN(0x79c26f42, 0x648b1937), + TOBN(0x64dae519, 0x9d9164f4), TOBN(0xd85a2310, 0x0265c273), + TOBN(0x7173dd5d, 0x4b07e2b1), TOBN(0xd144c4cb, 0x8d9ea221), + TOBN(0xe8b04ea4, 0x1105ab14), TOBN(0x92dda542, 0xfe80d8f1), + TOBN(0xe9982fa8, 0xcf03dce6), TOBN(0x8b5ea965, 0x1a22cffc), + TOBN(0xf7f4ea7f, 0x3fad88c4), TOBN(0x62db773e, 0x6a5ba95c), + TOBN(0xd20f02fb, 0x93f24567), TOBN(0xfd46c69a, 0x315257ca), + TOBN(0x0ac74cc7, 0x8bcab987), TOBN(0x46f31c01, 0x5ceca2f5), + TOBN(0x40aedb59, 0x888b219e), TOBN(0xe50ecc37, 0xe1fccd02), + TOBN(0x1bcd9dad, 0x911f816c), TOBN(0x583cc1ec, 0x8db9b00c), + TOBN(0xf3cd2e66, 0xa483bf11), TOBN(0xfa08a6f5, 0xb1b2c169), + TOBN(0xf375e245, 0x4be9fa28), TOBN(0x99a7ffec, 0x5b6d011f), + TOBN(0x6a3ebddb, 0xc4ae62da), TOBN(0x6cea00ae, 0x374aef5d), + TOBN(0xab5fb98d, 0x9d4d05bc), TOBN(0x7cba1423, 0xd560f252), + TOBN(0x49b2cc21, 0x208490de), TOBN(0x1ca66ec3, 0xbcfb2879), + TOBN(0x7f1166b7, 0x1b6fb16f), TOBN(0xfff63e08, 0x65fe5db3), + TOBN(0xb8345abe, 0x8b2610be), TOBN(0xb732ed80, 0x39de3df4), + TOBN(0x0e24ed50, 0x211c32b4), TOBN(0xd10d8a69, 0x848ff27d), + TOBN(0xc1074398, 0xed4de248), TOBN(0xd7cedace, 0x10488927), + TOBN(0xa4aa6bf8, 0x85673e13), TOBN(0xb46bae91, 0x6daf30af), + TOBN(0x07088472, 0xfcef7ad8), TOBN(0x61151608, 0xd4b35e97), + TOBN(0xbcfe8f26, 0xdde29986), TOBN(0xeb84c4c7, 0xd5a34c79), + TOBN(0xc1eec55c, 0x164e1214), TOBN(0x891be86d, 0xa147bb03), + TOBN(0x9fab4d10, 0x0ba96835), TOBN(0xbf01e9b8, 0xa5c1ae9f), + TOBN(0x6b4de139, 0xb186ebc0), TOBN(0xd5c74c26, 0x85b91bca), + TOBN(0x5086a99c, 0xc2d93854), TOBN(0xeed62a7b, 0xa7a9dfbc), + TOBN(0x8778ed6f, 0x76b7618a), TOBN(0xbff750a5, 0x03b66062), + TOBN(0x4cb7be22, 0xb65186db), TOBN(0x369dfbf0, 0xcc3a6d13), + TOBN(0xc7dab26c, 0x7191a321), TOBN(0x9edac3f9, 0x40ed718e), + TOBN(0xbc142b36, 0xd0cfd183), TOBN(0xc8af82f6, 0x7c991693), + TOBN(0xb3d1e4d8, 0x97ce0b2a), TOBN(0xe6d7c87f, 0xc3a55cdf), + TOBN(0x35846b95, 0x68b81afe), TOBN(0x018d12af, 0xd3c239d8), + TOBN(0x2b2c6208, 0x01206e15), TOBN(0xe0e42453, 0xa3b882c6), + TOBN(0x854470a3, 0xa50162d5), TOBN(0x08157478, 0x7017a62a), + TOBN(0x18bd3fb4, 0x820357c7), TOBN(0x992039ae, 0x6f1458ad), + TOBN(0x9a1df3c5, 0x25b44aa1), TOBN(0x2d780357, 0xed3d5281), + TOBN(0x58cf7e4d, 0xc77ad4d4), TOBN(0xd49a7998, 0xf9df4fc4), + TOBN(0x4465a8b5, 0x1d71205e), TOBN(0xa0ee0ea6, 0x649254aa), + TOBN(0x4b5eeecf, 0xab7bd771), TOBN(0x6c873073, 0x35c262b9), + TOBN(0xdc5bd648, 0x3c9d61e7), TOBN(0x233d6d54, 0x321460d2), + TOBN(0xd20c5626, 0xfc195bcc), TOBN(0x25445958, 0x04d78b63), + TOBN(0xe03fcb3d, 0x17ec8ef3), TOBN(0x54b690d1, 0x46b8f781), + TOBN(0x82fa2c8a, 0x21230646), TOBN(0xf51aabb9, 0x084f418c), + TOBN(0xff4fbec1, 0x1a30ba43), TOBN(0x6a5acf73, 0x743c9df7), + TOBN(0x1da2b357, 0xd635b4d5), TOBN(0xc3de68dd, 0xecd5c1da), + TOBN(0xa689080b, 0xd61af0dd), TOBN(0xdea5938a, 0xd665bf99), + TOBN(0x0231d71a, 0xfe637294), TOBN(0x01968aa6, 0xa5a81cd8), + TOBN(0x11252d50, 0x048e63b5), TOBN(0xc446bc52, 0x6ca007e9), + TOBN(0xef8c50a6, 0x96d6134b), TOBN(0x9361fbf5, 0x9e09a05c), + TOBN(0xf17f85a6, 0xdca3291a), TOBN(0xb178d548, 0xff251a21), + TOBN(0x87f6374b, 0xa4df3915), TOBN(0x566ce1bf, 0x2fd5d608), + TOBN(0x425cba4d, 0x7de35102), TOBN(0x6b745f8f, 0x58c5d5e2), + TOBN(0x88402af6, 0x63122edf), TOBN(0x3190f9ed, 0x3b989a89), + TOBN(0x4ad3d387, 0xebba3156), TOBN(0xef385ad9, 0xc7c469a5), + TOBN(0xb08281de, 0x3f642c29), TOBN(0x20be0888, 0x910ffb88), + TOBN(0xf353dd4a, 0xd5292546), TOBN(0x3f1627de, 0x8377a262), + TOBN(0xa5faa013, 0xeefcd638), TOBN(0x8f3bf626, 0x74cc77c3), + TOBN(0x32618f65, 0xa348f55e), TOBN(0x5787c0dc, 0x9fefeb9e), + TOBN(0xf1673aa2, 0xd9a23e44), TOBN(0x88dfa993, 0x4e10690d), + TOBN(0x1ced1b36, 0x2bf91108), TOBN(0x9193ceca, 0x3af48649), + TOBN(0xfb34327d, 0x2d738fc5), TOBN(0x6697b037, 0x975fee6c), + TOBN(0x2f485da0, 0xc04079a5), TOBN(0x2cdf5735, 0x2feaa1ac), + TOBN(0x76944420, 0xbd55659e), TOBN(0x7973e32b, 0x4376090c), + TOBN(0x86bb4fe1, 0x163b591a), TOBN(0x10441aed, 0xc196f0ca), + TOBN(0x3b431f4a, 0x045ad915), TOBN(0x6c11b437, 0xa4afacb1), + TOBN(0x30b0c7db, 0x71fdbbd8), TOBN(0xb642931f, 0xeda65acd), + TOBN(0x4baae6e8, 0x9c92b235), TOBN(0xa73bbd0e, 0x6b3993a1), + TOBN(0xd06d60ec, 0x693dd031), TOBN(0x03cab91b, 0x7156881c), + TOBN(0xd615862f, 0x1db3574b), TOBN(0x485b0185, 0x64bb061a), + TOBN(0x27434988, 0xa0181e06), TOBN(0x2cd61ad4, 0xc1c0c757), + TOBN(0x3effed5a, 0x2ff9f403), TOBN(0x8dc98d8b, 0x62239029), + TOBN(0x2206021e, 0x1f17b70d), TOBN(0xafbec0ca, 0xbf510015), + TOBN(0x9fed7164, 0x80130dfa), TOBN(0x306dc2b5, 0x8a02dcf5), + TOBN(0x48f06620, 0xfeb10fc0), TOBN(0x78d1e1d5, 0x5a57cf51), + TOBN(0xadef8c5a, 0x192ef710), TOBN(0x88afbd4b, 0x3b7431f9), + TOBN(0x7e1f7407, 0x64250c9e), TOBN(0x6e31318d, 0xb58bec07), + TOBN(0xfd4fc4b8, 0x24f89b4e), TOBN(0x65a5dd88, 0x48c36a2a), + TOBN(0x4f1eccff, 0xf024baa7), TOBN(0x22a21cf2, 0xcba94650), + TOBN(0x95d29dee, 0x42a554f7), TOBN(0x828983a5, 0x002ec4ba), + TOBN(0x8112a1f7, 0x8badb73d), TOBN(0x79ea8897, 0xa27c1839), + TOBN(0x8969a5a7, 0xd065fd83), TOBN(0xf49af791, 0xb262a0bc), + TOBN(0xfcdea8b6, 0xaf2b5127), TOBN(0x10e913e1, 0x564c2dbc), + TOBN(0x51239d14, 0xbc21ef51), TOBN(0xe51c3ceb, 0x4ce57292), + TOBN(0x795ff068, 0x47bbcc3b), TOBN(0x86b46e1e, 0xbd7e11e6), + TOBN(0x0ea6ba23, 0x80041ef4), TOBN(0xd72fe505, 0x6262342e), + TOBN(0x8abc6dfd, 0x31d294d4), TOBN(0xbbe017a2, 0x1278c2c9), + TOBN(0xb1fcfa09, 0xb389328a), TOBN(0x322fbc62, 0xd01771b5), + TOBN(0x04c0d063, 0x60b045bf), TOBN(0xdb652edc, 0x10e52d01), + TOBN(0x50ef932c, 0x03ec6627), TOBN(0xde1b3b2d, 0xc1ee50e3), + TOBN(0x5ab7bdc5, 0xdc37a90d), TOBN(0xfea67213, 0x31e33a96), + TOBN(0x6482b5cb, 0x4f2999aa), TOBN(0x38476cc6, 0xb8cbf0dd), + TOBN(0x93ebfacb, 0x173405bb), TOBN(0x15cdafe7, 0xe52369ec), + TOBN(0xd42d5ba4, 0xd935b7db), TOBN(0x648b6004, 0x1c99a4cd), + TOBN(0x785101bd, 0xa3b5545b), TOBN(0x4bf2c38a, 0x9dd67faf), + TOBN(0xb1aadc63, 0x4442449c), TOBN(0xe0e9921a, 0x33ad4fb8), + TOBN(0x5c552313, 0xaa686d82), TOBN(0xdee635fa, 0x465d866c), + TOBN(0xbc3c224a, 0x18ee6e8a), TOBN(0xeed748a6, 0xed42e02f), + TOBN(0xe70f930a, 0xd474cd08), TOBN(0x774ea6ec, 0xfff24adf), + TOBN(0x03e2de1c, 0xf3480d4a), TOBN(0xf0d8edc7, 0xbc8acf1a), + TOBN(0xf23e3303, 0x68295a9c), TOBN(0xfadd5f68, 0xc546a97d), + TOBN(0x895597ad, 0x96f8acb1), TOBN(0xbddd49d5, 0x671bdae2), + TOBN(0x16fcd528, 0x21dd43f4), TOBN(0xa5a45412, 0x6619141a)}, + {TOBN(0x8ce9b6bf, 0xc360e25a), TOBN(0xe6425195, 0x075a1a78), + TOBN(0x9dc756a8, 0x481732f4), TOBN(0x83c0440f, 0x5432b57a), + TOBN(0xc670b3f1, 0xd720281f), TOBN(0x2205910e, 0xd135e051), + TOBN(0xded14b0e, 0xdb052be7), TOBN(0x697b3d27, 0xc568ea39), + TOBN(0x2e599b9a, 0xfb3ff9ed), TOBN(0x28c2e0ab, 0x17f6515c), + TOBN(0x1cbee4fd, 0x474da449), TOBN(0x071279a4, 0x4f364452), + TOBN(0x97abff66, 0x01fbe855), TOBN(0x3ee394e8, 0x5fda51c4), + TOBN(0x190385f6, 0x67597c0b), TOBN(0x6e9fccc6, 0xa27ee34b), + TOBN(0x0b89de93, 0x14092ebb), TOBN(0xf17256bd, 0x428e240c), + TOBN(0xcf89a7f3, 0x93d2f064), TOBN(0x4f57841e, 0xe1ed3b14), + TOBN(0x4ee14405, 0xe708d855), TOBN(0x856aae72, 0x03f1c3d0), + TOBN(0xc8e5424f, 0xbdd7eed5), TOBN(0x3333e4ef, 0x73ab4270), + TOBN(0x3bc77ade, 0xdda492f8), TOBN(0xc11a3aea, 0x78297205), + TOBN(0x5e89a3e7, 0x34931b4c), TOBN(0x17512e2e, 0x9f5694bb), + TOBN(0x5dc349f3, 0x177bf8b6), TOBN(0x232ea4ba, 0x08c7ff3e), + TOBN(0x9c4f9d16, 0xf511145d), TOBN(0xccf109a3, 0x33b379c3), + TOBN(0xe75e7a88, 0xa1f25897), TOBN(0x7ac6961f, 0xa1b5d4d8), + TOBN(0xe3e10773, 0x08f3ed5c), TOBN(0x208a54ec, 0x0a892dfb), + TOBN(0xbe826e19, 0x78660710), TOBN(0x0cf70a97, 0x237df2c8), + TOBN(0x418a7340, 0xed704da5), TOBN(0xa3eeb9a9, 0x08ca33fd), + TOBN(0x49d96233, 0x169bca96), TOBN(0x04d286d4, 0x2da6aafb), + TOBN(0xc09606ec, 0xa0c2fa94), TOBN(0x8869d0d5, 0x23ff0fb3), + TOBN(0xa99937e5, 0xd0150d65), TOBN(0xa92e2503, 0x240c14c9), + TOBN(0x656bf945, 0x108e2d49), TOBN(0x152a733a, 0xa2f59e2b), + TOBN(0xb4323d58, 0x8434a920), TOBN(0xc0af8e93, 0x622103c5), + TOBN(0x667518ef, 0x938dbf9a), TOBN(0xa1843073, 0x83a9cdf2), + TOBN(0x350a94aa, 0x5447ab80), TOBN(0xe5e5a325, 0xc75a3d61), + TOBN(0x74ba507f, 0x68411a9e), TOBN(0x10581fc1, 0x594f70c5), + TOBN(0x60e28570, 0x80eb24a9), TOBN(0x7bedfb4d, 0x488e0cfd), + TOBN(0x721ebbd7, 0xc259cdb8), TOBN(0x0b0da855, 0xbc6390a9), + TOBN(0x2b4d04db, 0xde314c70), TOBN(0xcdbf1fbc, 0x6c32e846), + TOBN(0x33833eab, 0xb162fc9e), TOBN(0x9939b48b, 0xb0dd3ab7), + TOBN(0x5aaa98a7, 0xcb0c9c8c), TOBN(0x75105f30, 0x81c4375c), + TOBN(0xceee5057, 0x5ef1c90f), TOBN(0xb31e065f, 0xc23a17bf), + TOBN(0x5364d275, 0xd4b6d45a), TOBN(0xd363f3ad, 0x62ec8996), + TOBN(0xb5d21239, 0x4391c65b), TOBN(0x84564765, 0xebb41b47), + TOBN(0x20d18ecc, 0x37107c78), TOBN(0xacff3b6b, 0x570c2a66), + TOBN(0x22f975d9, 0x9bd0d845), TOBN(0xef0a0c46, 0xba178fa0), + TOBN(0x1a419651, 0x76b6028e), TOBN(0xc49ec674, 0x248612d4), + TOBN(0x5b6ac4f2, 0x7338af55), TOBN(0x06145e62, 0x7bee5a36), + TOBN(0x33e95d07, 0xe75746b5), TOBN(0x1c1e1f6d, 0xc40c78be), + TOBN(0x967833ef, 0x222ff8e2), TOBN(0x4bedcf6a, 0xb49180ad), + TOBN(0x6b37e9c1, 0x3d7a4c8a), TOBN(0x2748887c, 0x6ddfe760), + TOBN(0xf7055123, 0xaa3a5bbc), TOBN(0x954ff225, 0x7bbb8e74), + TOBN(0xc42b8ab1, 0x97c3dfb9), TOBN(0x55a549b0, 0xcf168154), + TOBN(0xad6748e7, 0xc1b50692), TOBN(0x2775780f, 0x6fc5cbcb), + TOBN(0x4eab80b8, 0xe1c9d7c8), TOBN(0x8c69dae1, 0x3fdbcd56), + TOBN(0x47e6b4fb, 0x9969eace), TOBN(0x002f1085, 0xa705cb5a), + TOBN(0x4e23ca44, 0x6d3fea55), TOBN(0xb4ae9c86, 0xf4810568), + TOBN(0x47bfb91b, 0x2a62f27d), TOBN(0x60deb4c9, 0xd9bac28c), + TOBN(0xa892d894, 0x7de6c34c), TOBN(0x4ee68259, 0x4494587d), + TOBN(0x914ee14e, 0x1a3f8a5b), TOBN(0xbb113eaa, 0x28700385), + TOBN(0x81ca03b9, 0x2115b4c9), TOBN(0x7c163d38, 0x8908cad1), + TOBN(0xc912a118, 0xaa18179a), TOBN(0xe09ed750, 0x886e3081), + TOBN(0xa676e3fa, 0x26f516ca), TOBN(0x753cacf7, 0x8e732f91), + TOBN(0x51592aea, 0x833da8b4), TOBN(0xc626f42f, 0x4cbea8aa), + TOBN(0xef9dc899, 0xa7b56eaf), TOBN(0x00c0e52c, 0x34ef7316), + TOBN(0x5b1e4e24, 0xfe818a86), TOBN(0x9d31e20d, 0xc538be47), + TOBN(0x22eb932d, 0x3ed68974), TOBN(0xe44bbc08, 0x7c4e87c4), + TOBN(0x4121086e, 0x0dde9aef), TOBN(0x8e6b9cff, 0x134f4345), + TOBN(0x96892c1f, 0x711b0eb9), TOBN(0xb905f2c8, 0x780ab954), + TOBN(0xace26309, 0xa20792db), TOBN(0xec8ac9b3, 0x0684e126), + TOBN(0x486ad8b6, 0xb40a2447), TOBN(0x60121fc1, 0x9fe3fb24), + TOBN(0x5626fccf, 0x1a8e3b3f), TOBN(0x4e568622, 0x6ad1f394), + TOBN(0xda7aae0d, 0x196aa5a1), TOBN(0xe0df8c77, 0x1041b5fb), + TOBN(0x451465d9, 0x26b318b7), TOBN(0xc29b6e55, 0x7ab136e9), + TOBN(0x2c2ab48b, 0x71148463), TOBN(0xb5738de3, 0x64454a76), + TOBN(0x54ccf9a0, 0x5a03abe4), TOBN(0x377c0296, 0x0427d58e), + TOBN(0x73f5f0b9, 0x2bb39c1f), TOBN(0x14373f2c, 0xe608d8c5), + TOBN(0xdcbfd314, 0x00fbb805), TOBN(0xdf18fb20, 0x83afdcfb), + TOBN(0x81a57f42, 0x42b3523f), TOBN(0xe958532d, 0x87f650fb), + TOBN(0xaa8dc8b6, 0x8b0a7d7c), TOBN(0x1b75dfb7, 0x150166be), + TOBN(0x90e4f7c9, 0x2d7d1413), TOBN(0x67e2d6b5, 0x9834f597), + TOBN(0x4fd4f4f9, 0xa808c3e8), TOBN(0xaf8237e0, 0xd5281ec1), + TOBN(0x25ab5fdc, 0x84687cee), TOBN(0xc5ded6b1, 0xa5b26c09), + TOBN(0x8e4a5aec, 0xc8ea7650), TOBN(0x23b73e5c, 0x14cc417f), + TOBN(0x2bfb4318, 0x3037bf52), TOBN(0xb61e6db5, 0x78c725d7), + TOBN(0x8efd4060, 0xbbb3e5d7), TOBN(0x2e014701, 0xdbac488e), + TOBN(0xac75cf9a, 0x360aa449), TOBN(0xb70cfd05, 0x79634d08), + TOBN(0xa591536d, 0xfffb15ef), TOBN(0xb2c37582, 0xd07c106c), + TOBN(0xb4293fdc, 0xf50225f9), TOBN(0xc52e175c, 0xb0e12b03), + TOBN(0xf649c3ba, 0xd0a8bf64), TOBN(0x745a8fef, 0xeb8ae3c6), + TOBN(0x30d7e5a3, 0x58321bc3), TOBN(0xb1732be7, 0x0bc4df48), + TOBN(0x1f217993, 0xe9ea5058), TOBN(0xf7a71cde, 0x3e4fd745), + TOBN(0x86cc533e, 0x894c5bbb), TOBN(0x6915c7d9, 0x69d83082), + TOBN(0xa6aa2d05, 0x5815c244), TOBN(0xaeeee592, 0x49b22ce5), + TOBN(0x89e39d13, 0x78135486), TOBN(0x3a275c1f, 0x16b76f2f), + TOBN(0xdb6bcc1b, 0xe036e8f5), TOBN(0x4df69b21, 0x5e4709f5), + TOBN(0xa188b250, 0x2d0f39aa), TOBN(0x622118bb, 0x15a85947), + TOBN(0x2ebf520f, 0xfde0f4fa), TOBN(0xa40e9f29, 0x4860e539), + TOBN(0x7b6a51eb, 0x22b57f0f), TOBN(0x849a33b9, 0x7e80644a), + TOBN(0x50e5d16f, 0x1cf095fe), TOBN(0xd754b54e, 0xec55f002), + TOBN(0x5cfbbb22, 0x236f4a98), TOBN(0x0b0c59e9, 0x066800bb), + TOBN(0x4ac69a8f, 0x5a9a7774), TOBN(0x2b33f804, 0xd6bec948), + TOBN(0xb3729295, 0x32e6c466), TOBN(0x68956d0f, 0x4e599c73), + TOBN(0xa47a249f, 0x155c31cc), TOBN(0x24d80f0d, 0xe1ce284e), + TOBN(0xcd821dfb, 0x988baf01), TOBN(0xe6331a7d, 0xdbb16647), + TOBN(0x1eb8ad33, 0x094cb960), TOBN(0x593cca38, 0xc91bbca5), + TOBN(0x384aac8d, 0x26567456), TOBN(0x40fa0309, 0xc04b6490), + TOBN(0x97834cd6, 0xdab6c8f6), TOBN(0x68a7318d, 0x3f91e55f), + TOBN(0xa00fd04e, 0xfc4d3157), TOBN(0xb56f8ab2, 0x2bf3bdea), + TOBN(0x014f5648, 0x4fa57172), TOBN(0x948c5860, 0x450abdb3), + TOBN(0x342b5df0, 0x0ebd4f08), TOBN(0x3e5168cd, 0x0e82938e), + TOBN(0x7aedc1ce, 0xb0df5dd0), TOBN(0x6bbbc6d9, 0xe5732516), + TOBN(0xc7bfd486, 0x605daaa6), TOBN(0x46fd72b7, 0xbb9a6c9e), + TOBN(0xe4847fb1, 0xa124fb89), TOBN(0x75959cbd, 0xa2d8ffbc), + TOBN(0x42579f65, 0xc8a588ee), TOBN(0x368c92e6, 0xb80b499d), + TOBN(0xea4ef6cd, 0x999a5df1), TOBN(0xaa73bb7f, 0x936fe604), + TOBN(0xf347a70d, 0x6457d188), TOBN(0x86eda86b, 0x8b7a388b), + TOBN(0xb7cdff06, 0x0ccd6013), TOBN(0xbeb1b6c7, 0xd0053fb2), + TOBN(0x0b022387, 0x99240a9f), TOBN(0x1bbb384f, 0x776189b2), + TOBN(0x8695e71e, 0x9066193a), TOBN(0x2eb50097, 0x06ffac7e), + TOBN(0x0654a9c0, 0x4a7d2caa), TOBN(0x6f3fb3d1, 0xa5aaa290), + TOBN(0x835db041, 0xff476e8f), TOBN(0x540b8b0b, 0xc42295e4), + TOBN(0xa5c73ac9, 0x05e214f5), TOBN(0x9a74075a, 0x56a0b638), + TOBN(0x2e4b1090, 0xce9e680b), TOBN(0x57a5b479, 0x6b8d9afa), + TOBN(0x0dca48e7, 0x26bfe65c), TOBN(0x097e391c, 0x7290c307), + TOBN(0x683c462e, 0x6669e72e), TOBN(0xf505be1e, 0x062559ac), + TOBN(0x5fbe3ea1, 0xe3a3035a), TOBN(0x6431ebf6, 0x9cd50da8), + TOBN(0xfd169d5c, 0x1f6407f2), TOBN(0x8d838a95, 0x60fce6b8), + TOBN(0x2a2bfa7f, 0x650006f0), TOBN(0xdfd7dad3, 0x50c0fbb2), + TOBN(0x92452495, 0xccf9ad96), TOBN(0x183bf494, 0xd95635f9), + TOBN(0x02d5df43, 0x4a7bd989), TOBN(0x505385cc, 0xa5431095), + TOBN(0xdd98e67d, 0xfd43f53e), TOBN(0xd61e1a6c, 0x500c34a9), + TOBN(0x5a4b46c6, 0x4a8a3d62), TOBN(0x8469c4d0, 0x247743d2), + TOBN(0x2bb3a13d, 0x88f7e433), TOBN(0x62b23a10, 0x01be5849), + TOBN(0xe83596b4, 0xa63d1a4c), TOBN(0x454e7fea, 0x7d183f3e), + TOBN(0x643fce61, 0x17afb01c), TOBN(0x4e65e5e6, 0x1c4c3638), + TOBN(0x41d85ea1, 0xef74c45b), TOBN(0x2cfbfa66, 0xae328506), + TOBN(0x98b078f5, 0x3ada7da9), TOBN(0xd985fe37, 0xec752fbb), + TOBN(0xeece68fe, 0x5a0148b4), TOBN(0x6f9a55c7, 0x2d78136d), + TOBN(0x232dccc4, 0xd2b729ce), TOBN(0xa27e0dfd, 0x90aafbc4), + TOBN(0x96474452, 0x12b4603e), TOBN(0xa876c551, 0x6b706d14), + TOBN(0xdf145fcf, 0x69a9d412), TOBN(0xe2ab75b7, 0x2d479c34), + TOBN(0x12df9a76, 0x1a23ff97), TOBN(0xc6138992, 0x5d359d10), + TOBN(0x6e51c7ae, 0xfa835f22), TOBN(0x69a79cb1, 0xc0fcc4d9), + TOBN(0xf57f350d, 0x594cc7e1), TOBN(0x3079ca63, 0x3350ab79), + TOBN(0x226fb614, 0x9aff594a), TOBN(0x35afec02, 0x6d59a62b), + TOBN(0x9bee46f4, 0x06ed2c6e), TOBN(0x58da1735, 0x7d939a57), + TOBN(0x44c50402, 0x8fd1797e), TOBN(0xd8853e7c, 0x5ccea6ca), + TOBN(0x4065508d, 0xa35fcd5f), TOBN(0x8965df8c, 0x495ccaeb), + TOBN(0x0f2da850, 0x12e1a962), TOBN(0xee471b94, 0xc1cf1cc4), + TOBN(0xcef19bc8, 0x0a08fb75), TOBN(0x704958f5, 0x81de3591), + TOBN(0x2867f8b2, 0x3aef4f88), TOBN(0x8d749384, 0xea9f9a5f), + TOBN(0x1b385537, 0x8c9049f4), TOBN(0x5be948f3, 0x7b92d8b6), + TOBN(0xd96f725d, 0xb6e2bd6b), TOBN(0x37a222bc, 0x958c454d), + TOBN(0xe7c61abb, 0x8809bf61), TOBN(0x46f07fbc, 0x1346f18d), + TOBN(0xfb567a7a, 0xe87c0d1c), TOBN(0x84a461c8, 0x7ef3d07a), + TOBN(0x0a5adce6, 0xd9278d98), TOBN(0x24d94813, 0x9dfc73e1), + TOBN(0x4f3528b6, 0x054321c3), TOBN(0x2e03fdde, 0x692ea706), + TOBN(0x10e60619, 0x47b533c0), TOBN(0x1a8bc73f, 0x2ca3c055), + TOBN(0xae58d4b2, 0x1bb62b8f), TOBN(0xb2045a73, 0x584a24e3), + TOBN(0x3ab3d5af, 0xbd76e195), TOBN(0x478dd1ad, 0x6938a810), + TOBN(0x6ffab393, 0x6ee3d5cb), TOBN(0xdfb693db, 0x22b361e4), + TOBN(0xf9694496, 0x51dbf1a7), TOBN(0xcab4b4ef, 0x08a2e762), + TOBN(0xe8c92f25, 0xd39bba9a), TOBN(0x850e61bc, 0xf1464d96), + TOBN(0xb7e830e3, 0xdc09508b), TOBN(0xfaf6d2cf, 0x74317655), + TOBN(0x72606ceb, 0xdf690355), TOBN(0x48bb92b3, 0xd0c3ded6), + TOBN(0x65b75484, 0x5c7cf892), TOBN(0xf6cd7ac9, 0xd5d5f01f), + TOBN(0xc2c30a59, 0x96401d69), TOBN(0x91268650, 0xed921878), + TOBN(0x380bf913, 0xb78c558f), TOBN(0x43c0baeb, 0xc8afdaa9), + TOBN(0x377f61d5, 0x54f169d3), TOBN(0xf8da07e3, 0xae5ff20b), + TOBN(0xb676c49d, 0xa8a90ea8), TOBN(0x81c1ff2b, 0x83a29b21), + TOBN(0x383297ac, 0x2ad8d276), TOBN(0x3001122f, 0xba89f982), + TOBN(0xe1d794be, 0x6718e448), TOBN(0x246c1482, 0x7c3e6e13), + TOBN(0x56646ef8, 0x5d26b5ef), TOBN(0x80f5091e, 0x88069cdd), + TOBN(0xc5992e2f, 0x724bdd38), TOBN(0x02e915b4, 0x8471e8c7), + TOBN(0x96ff320a, 0x0d0ff2a9), TOBN(0xbf886487, 0x4384d1a0), + TOBN(0xbbe1e6a6, 0xc93f72d6), TOBN(0xd5f75d12, 0xcad800ea), + TOBN(0xfa40a09f, 0xe7acf117), TOBN(0x32c8cdd5, 0x7581a355), + TOBN(0x74221992, 0x7023c499), TOBN(0xa8afe5d7, 0x38ec3901), + TOBN(0x5691afcb, 0xa90e83f0), TOBN(0x41bcaa03, 0x0b8f8eac), + TOBN(0xe38b5ff9, 0x8d2668d5), TOBN(0x0715281a, 0x7ad81965), + TOBN(0x1bc8fc7c, 0x03c6ce11), TOBN(0xcbbee6e2, 0x8b650436), + TOBN(0x06b00fe8, 0x0cdb9808), TOBN(0x17d6e066, 0xfe3ed315), + TOBN(0x2e9d38c6, 0x4d0b5018), TOBN(0xab8bfd56, 0x844dcaef), + TOBN(0x42894a59, 0x513aed8b), TOBN(0xf77f3b6d, 0x314bd07a), + TOBN(0xbbdecb8f, 0x8e42b582), TOBN(0xf10e2fa8, 0xd2390fe6), + TOBN(0xefb95022, 0x62a2f201), TOBN(0x4d59ea50, 0x50ee32b0), + TOBN(0xd87f7728, 0x6da789a8), TOBN(0xcf98a2cf, 0xf79492c4), + TOBN(0xf9577239, 0x720943c2), TOBN(0xba044cf5, 0x3990b9d0), + TOBN(0x5aa8e823, 0x95f2884a), TOBN(0x834de6ed, 0x0278a0af), + TOBN(0xc8e1ee9a, 0x5f25bd12), TOBN(0x9259ceaa, 0x6f7ab271), + TOBN(0x7e6d97a2, 0x77d00b76), TOBN(0x5c0c6eea, 0xa437832a), + TOBN(0x5232c20f, 0x5606b81d), TOBN(0xabd7b375, 0x0d991ee5), + TOBN(0x4d2bfe35, 0x8632d951), TOBN(0x78f85146, 0x98ed9364), + TOBN(0x951873f0, 0xf30c3282), TOBN(0x0da8ac80, 0xa789230b), + TOBN(0x3ac7789c, 0x5398967f), TOBN(0xa69b8f7f, 0xbdda0fb5), + TOBN(0xe5db7717, 0x6add8545), TOBN(0x1b71cb66, 0x72c49b66), + TOBN(0xd8560739, 0x68421d77), TOBN(0x03840fe8, 0x83e3afea), + TOBN(0xb391dad5, 0x1ec69977), TOBN(0xae243fb9, 0x307f6726), + TOBN(0xc88ac87b, 0xe8ca160c), TOBN(0x5174cced, 0x4ce355f4), + TOBN(0x98a35966, 0xe58ba37d), TOBN(0xfdcc8da2, 0x7817335d), + TOBN(0x5b752830, 0x83fbc7bf), TOBN(0x68e419d4, 0xd9c96984), + TOBN(0x409a39f4, 0x02a40380), TOBN(0x88940faf, 0x1fe977bc), + TOBN(0xc640a94b, 0x8f8edea6), TOBN(0x1e22cd17, 0xed11547d), + TOBN(0xe28568ce, 0x59ffc3e2), TOBN(0x60aa1b55, 0xc1dee4e7), + TOBN(0xc67497c8, 0x837cb363), TOBN(0x06fb438a, 0x105a2bf2), + TOBN(0x30357ec4, 0x500d8e20), TOBN(0x1ad9095d, 0x0670db10), + TOBN(0x7f589a05, 0xc73b7cfd), TOBN(0xf544607d, 0x880d6d28), + TOBN(0x17ba93b1, 0xa20ef103), TOBN(0xad859130, 0x6ba6577b), + TOBN(0x65c91cf6, 0x6fa214a0), TOBN(0xd7d49c6c, 0x27990da5), + TOBN(0xecd9ec8d, 0x20bb569d), TOBN(0xbd4b2502, 0xeeffbc33), + TOBN(0x2056ca5a, 0x6bed0467), TOBN(0x7916a1f7, 0x5b63728c), + TOBN(0xd4f9497d, 0x53a4f566), TOBN(0x89734664, 0x97b56810), + TOBN(0xf8e1da74, 0x0494a621), TOBN(0x82546a93, 0x8d011c68), + TOBN(0x1f3acb19, 0xc61ac162), TOBN(0x52f8fa9c, 0xabad0d3e), + TOBN(0x15356523, 0xb4b7ea43), TOBN(0x5a16ad61, 0xae608125), + TOBN(0xb0bcb87f, 0x4faed184), TOBN(0x5f236b1d, 0x5029f45f), + TOBN(0xd42c7607, 0x0bc6b1fc), TOBN(0xc644324e, 0x68aefce3), + TOBN(0x8e191d59, 0x5c5d8446), TOBN(0xc0208077, 0x13ae1979), + TOBN(0xadcaee55, 0x3ba59cc7), TOBN(0x20ed6d6b, 0xa2cb81ba), + TOBN(0x0952ba19, 0xb6efcffc), TOBN(0x60f12d68, 0x97c0b87c), + TOBN(0x4ee2c7c4, 0x9caa30bc), TOBN(0x767238b7, 0x97fbff4e), + TOBN(0xebc73921, 0x501b5d92), TOBN(0x3279e3df, 0xc2a37737), + TOBN(0x9fc12bc8, 0x6d197543), TOBN(0xfa94dc6f, 0x0a40db4e), + TOBN(0x7392b41a, 0x530ccbbd), TOBN(0x87c82146, 0xea823525), + TOBN(0xa52f984c, 0x05d98d0c), TOBN(0x2ae57d73, 0x5ef6974c), + TOBN(0x9377f7bf, 0x3042a6dd), TOBN(0xb1a007c0, 0x19647a64), + TOBN(0xfaa9079a, 0x0cca9767), TOBN(0x3d81a25b, 0xf68f72d5), + TOBN(0x752067f8, 0xff81578e), TOBN(0x78622150, 0x9045447d), + TOBN(0xc0c22fcf, 0x0505aa6f), TOBN(0x1030f0a6, 0x6bed1c77), + TOBN(0x31f29f15, 0x1f0bd739), TOBN(0x2d7989c7, 0xe6debe85), + TOBN(0x5c070e72, 0x8e677e98), TOBN(0x0a817bd3, 0x06e81fd5), + TOBN(0xc110d830, 0xb0f2ac95), TOBN(0x48d0995a, 0xab20e64e), + TOBN(0x0f3e00e1, 0x7729cd9a), TOBN(0x2a570c20, 0xdd556946), + TOBN(0x912dbcfd, 0x4e86214d), TOBN(0x2d014ee2, 0xcf615498), + TOBN(0x55e2b1e6, 0x3530d76e), TOBN(0xc5135ae4, 0xfd0fd6d1), + TOBN(0x0066273a, 0xd4f3049f), TOBN(0xbb8e9893, 0xe7087477), + TOBN(0x2dba1ddb, 0x14c6e5fd), TOBN(0xdba37886, 0x51f57e6c), + TOBN(0x5aaee0a6, 0x5a72f2cf), TOBN(0x1208bfbf, 0x7bea5642), + TOBN(0xf5c6aa3b, 0x67872c37), TOBN(0xd726e083, 0x43f93224), + TOBN(0x1854daa5, 0x061f1658), TOBN(0xc0016df1, 0xdf0cd2b3), + TOBN(0xc2a3f23e, 0x833d50de), TOBN(0x73b681d2, 0xbbbd3017), + TOBN(0x2f046dc4, 0x3ac343c0), TOBN(0x9c847e7d, 0x85716421), + TOBN(0xe1e13c91, 0x0917eed4), TOBN(0x3fc9eebd, 0x63a1b9c6), + TOBN(0x0f816a72, 0x7fe02299), TOBN(0x6335ccc2, 0x294f3319), + TOBN(0x3820179f, 0x4745c5be), TOBN(0xe647b782, 0x922f066e), + TOBN(0xc22e49de, 0x02cafb8a), TOBN(0x299bc2ff, 0xfcc2eccc), + TOBN(0x9a8feea2, 0x6e0e8282), TOBN(0xa627278b, 0xfe893205), + TOBN(0xa7e19733, 0x7933e47b), TOBN(0xf4ff6b13, 0x2e766402), + TOBN(0xa4d8be0a, 0x98440d9f), TOBN(0x658f5c2f, 0x38938808), + TOBN(0x90b75677, 0xc95b3b3e), TOBN(0xfa044269, 0x3137b6ff), + TOBN(0x077b039b, 0x43c47c29), TOBN(0xcca95dd3, 0x8a6445b2), + TOBN(0x0b498ba4, 0x2333fc4c), TOBN(0x274f8e68, 0xf736a1b1), + TOBN(0x6ca348fd, 0x5f1d4b2e), TOBN(0x24d3be78, 0xa8f10199), + TOBN(0x8535f858, 0xca14f530), TOBN(0xa6e7f163, 0x5b982e51), + TOBN(0x847c8512, 0x36e1bf62), TOBN(0xf6a7c58e, 0x03448418), + TOBN(0x583f3703, 0xf9374ab6), TOBN(0x864f9195, 0x6e564145), + TOBN(0x33bc3f48, 0x22526d50), TOBN(0x9f323c80, 0x1262a496), + TOBN(0xaa97a7ae, 0x3f046a9a), TOBN(0x70da183e, 0xdf8a039a), + TOBN(0x5b68f71c, 0x52aa0ba6), TOBN(0x9be0fe51, 0x21459c2d), + TOBN(0xc1e17eb6, 0xcbc613e5), TOBN(0x33131d55, 0x497ea61c), + TOBN(0x2f69d39e, 0xaf7eded5), TOBN(0x73c2f434, 0xde6af11b), + TOBN(0x4ca52493, 0xa4a375fa), TOBN(0x5f06787c, 0xb833c5c2), + TOBN(0x814e091f, 0x3e6e71cf), TOBN(0x76451f57, 0x8b746666)}, + { + TOBN(0x80f9bdef, 0x694db7e0), TOBN(0xedca8787, 0xb9fcddc6), + TOBN(0x51981c34, 0x03b8dce1), TOBN(0x4274dcf1, 0x70e10ba1), + TOBN(0xf72743b8, 0x6def6d1a), TOBN(0xd25b1670, 0xebdb1866), + TOBN(0xc4491e8c, 0x050c6f58), TOBN(0x2be2b2ab, 0x87fbd7f5), + TOBN(0x3e0e5c9d, 0xd111f8ec), TOBN(0xbcc33f8d, 0xb7c4e760), + TOBN(0x702f9a91, 0xbd392a51), TOBN(0x7da4a795, 0xc132e92d), + TOBN(0x1a0b0ae3, 0x0bb1151b), TOBN(0x54febac8, 0x02e32251), + TOBN(0xea3a5082, 0x694e9e78), TOBN(0xe58ffec1, 0xe4fe40b8), + TOBN(0xf85592fc, 0xd1e0cf9e), TOBN(0xdea75f0d, 0xc0e7b2e8), + TOBN(0xc04215cf, 0xc135584e), TOBN(0x174fc727, 0x2f57092a), + TOBN(0xe7277877, 0xeb930bea), TOBN(0x504caccb, 0x5eb02a5a), + TOBN(0xf9fe08f7, 0xf5241b9b), TOBN(0xe7fb62f4, 0x8d5ca954), + TOBN(0xfbb8349d, 0x29c4120b), TOBN(0x9f94391f, 0xc0d0d915), + TOBN(0xc4074fa7, 0x5410ba51), TOBN(0xa66adbf6, 0x150a5911), + TOBN(0xc164543c, 0x34bfca38), TOBN(0xe0f27560, 0xb9e1ccfc), + TOBN(0x99da0f53, 0xe820219c), TOBN(0xe8234498, 0xc6b4997a), + TOBN(0xcfb88b76, 0x9d4c5423), TOBN(0x9e56eb10, 0xb0521c49), + TOBN(0x418e0b5e, 0xbe8700a1), TOBN(0x00cbaad6, 0xf93cb58a), + TOBN(0xe923fbde, 0xd92a5e67), TOBN(0xca4979ac, 0x1f347f11), + TOBN(0x89162d85, 0x6bc0585b), TOBN(0xdd6254af, 0xac3c70e3), + TOBN(0x7b23c513, 0x516e19e4), TOBN(0x56e2e847, 0xc5c4d593), + TOBN(0x9f727d73, 0x5ce71ef6), TOBN(0x5b6304a6, 0xf79a44c5), + TOBN(0x6638a736, 0x3ab7e433), TOBN(0x1adea470, 0xfe742f83), + TOBN(0xe054b854, 0x5b7fc19f), TOBN(0xf935381a, 0xba1d0698), + TOBN(0x546eab2d, 0x799e9a74), TOBN(0x96239e0e, 0xa949f729), + TOBN(0xca274c6b, 0x7090055a), TOBN(0x835142c3, 0x9020c9b0), + TOBN(0xa405667a, 0xa2e8807f), TOBN(0x29f2c085, 0x1aa3d39e), + TOBN(0xcc555d64, 0x42fc72f5), TOBN(0xe856e0e7, 0xfbeacb3c), + TOBN(0xb5504f9d, 0x918e4936), TOBN(0x65035ef6, 0xb2513982), + TOBN(0x0553a0c2, 0x6f4d9cb9), TOBN(0x6cb10d56, 0xbea85509), + TOBN(0x48d957b7, 0xa242da11), TOBN(0x16a4d3dd, 0x672b7268), + TOBN(0x3d7e637c, 0x8502a96b), TOBN(0x27c7032b, 0x730d463b), + TOBN(0xbdc02b18, 0xe4136a14), TOBN(0xbacf969d, 0x678e32bf), + TOBN(0xc98d89a3, 0xdd9c3c03), TOBN(0x7b92420a, 0x23becc4f), + TOBN(0xd4b41f78, 0xc64d565c), TOBN(0x9f969d00, 0x10f28295), + TOBN(0xec7f7f76, 0xb13d051a), TOBN(0x08945e1e, 0xa92da585), + TOBN(0x55366b7d, 0x5846426f), TOBN(0xe7d09e89, 0x247d441d), + TOBN(0x510b404d, 0x736fbf48), TOBN(0x7fa003d0, 0xe784bd7d), + TOBN(0x25f7614f, 0x17fd9596), TOBN(0x49e0e0a1, 0x35cb98db), + TOBN(0x2c65957b, 0x2e83a76a), TOBN(0x5d40da8d, 0xcddbe0f8), + TOBN(0xf2b8c405, 0x050bad24), TOBN(0x8918426d, 0xc2aa4823), + TOBN(0x2aeab3dd, 0xa38365a7), TOBN(0x72031717, 0x7c91b690), + TOBN(0x8b00d699, 0x60a94120), TOBN(0x478a255d, 0xe99eaeec), + TOBN(0xbf656a5f, 0x6f60aafd), TOBN(0xdfd7cb75, 0x5dee77b3), + TOBN(0x37f68bb4, 0xa595939d), TOBN(0x03556479, 0x28740217), + TOBN(0x8e740e7c, 0x84ad7612), TOBN(0xd89bc843, 0x9044695f), + TOBN(0xf7f3da5d, 0x85a9184d), TOBN(0x562563bb, 0x9fc0b074), + TOBN(0x06d2e6aa, 0xf88a888e), TOBN(0x612d8643, 0x161fbe7c), + TOBN(0x465edba7, 0xf64085e7), TOBN(0xb230f304, 0x29aa8511), + TOBN(0x53388426, 0xcda2d188), TOBN(0x90885735, 0x4b666649), + TOBN(0x6f02ff9a, 0x652f54f6), TOBN(0x65c82294, 0x5fae2bf0), + TOBN(0x7816ade0, 0x62f5eee3), TOBN(0xdcdbdf43, 0xfcc56d70), + TOBN(0x9fb3bba3, 0x54530bb2), TOBN(0xbde3ef77, 0xcb0869ea), + TOBN(0x89bc9046, 0x0b431163), TOBN(0x4d03d7d2, 0xe4819a35), + TOBN(0x33ae4f9e, 0x43b6a782), TOBN(0x216db307, 0x9c88a686), + TOBN(0x91dd88e0, 0x00ffedd9), TOBN(0xb280da9f, 0x12bd4840), + TOBN(0x32a7cb8a, 0x1635e741), TOBN(0xfe14008a, 0x78be02a7), + TOBN(0x3fafb334, 0x1b7ae030), TOBN(0x7fd508e7, 0x5add0ce9), + TOBN(0x72c83219, 0xd607ad51), TOBN(0x0f229c0a, 0x8d40964a), + TOBN(0x1be2c336, 0x1c878da2), TOBN(0xe0c96742, 0xeab2ab86), + TOBN(0x458f8691, 0x3e538cd7), TOBN(0xa7001f6c, 0x8e08ad53), + TOBN(0x52b8c6e6, 0xbf5d15ff), TOBN(0x548234a4, 0x011215dd), + TOBN(0xff5a9d2d, 0x3d5b4045), TOBN(0xb0ffeeb6, 0x4a904190), + TOBN(0x55a3aca4, 0x48607f8b), TOBN(0x8cbd665c, 0x30a0672a), + TOBN(0x87f834e0, 0x42583068), TOBN(0x02da2aeb, 0xf3f6e683), + TOBN(0x6b763e5d, 0x05c12248), TOBN(0x7230378f, 0x65a8aefc), + TOBN(0x93bd80b5, 0x71e8e5ca), TOBN(0x53ab041c, 0xb3b62524), + TOBN(0x1b860513, 0x6c9c552e), TOBN(0xe84d402c, 0xd5524e66), + TOBN(0xa37f3573, 0xf37f5937), TOBN(0xeb0f6c7d, 0xd1e4fca5), + TOBN(0x2965a554, 0xac8ab0fc), TOBN(0x17fbf56c, 0x274676ac), + TOBN(0x2e2f6bd9, 0xacf7d720), TOBN(0x41fc8f88, 0x10224766), + TOBN(0x517a14b3, 0x85d53bef), TOBN(0xdae327a5, 0x7d76a7d1), + TOBN(0x6ad0a065, 0xc4818267), TOBN(0x33aa189b, 0x37c1bbc1), + TOBN(0x64970b52, 0x27392a92), TOBN(0x21699a1c, 0x2d1535ea), + TOBN(0xcd20779c, 0xc2d7a7fd), TOBN(0xe3186059, 0x99c83cf2), + TOBN(0x9b69440b, 0x72c0b8c7), TOBN(0xa81497d7, 0x7b9e0e4d), + TOBN(0x515d5c89, 0x1f5f82dc), TOBN(0x9a7f67d7, 0x6361079e), + TOBN(0xa8da81e3, 0x11a35330), TOBN(0xe44990c4, 0x4b18be1b), + TOBN(0xc7d5ed95, 0xaf103e59), TOBN(0xece8aba7, 0x8dac9261), + TOBN(0xbe82b099, 0x9394b8d3), TOBN(0x6830f09a, 0x16adfe83), + TOBN(0x250a29b4, 0x88172d01), TOBN(0x8b20bd65, 0xcaff9e02), + TOBN(0xb8a7661e, 0xe8a6329a), TOBN(0x4520304d, 0xd3fce920), + TOBN(0xae45da1f, 0x2b47f7ef), TOBN(0xe07f5288, 0x5bffc540), + TOBN(0xf7997009, 0x3464f874), TOBN(0x2244c2cd, 0xa6fa1f38), + TOBN(0x43c41ac1, 0x94d7d9b1), TOBN(0x5bafdd82, 0xc82e7f17), + TOBN(0xdf0614c1, 0x5fda0fca), TOBN(0x74b043a7, 0xa8ae37ad), + TOBN(0x3ba6afa1, 0x9e71734c), TOBN(0x15d5437e, 0x9c450f2e), + TOBN(0x4a5883fe, 0x67e242b1), TOBN(0x5143bdc2, 0x2c1953c2), + TOBN(0x542b8b53, 0xfc5e8920), TOBN(0x363bf9a8, 0x9a9cee08), + TOBN(0x02375f10, 0xc3486e08), TOBN(0x2037543b, 0x8c5e70d2), + TOBN(0x7109bccc, 0x625640b4), TOBN(0xcbc1051e, 0x8bc62c3b), + TOBN(0xf8455fed, 0x803f26ea), TOBN(0x6badceab, 0xeb372424), + TOBN(0xa2a9ce7c, 0x6b53f5f9), TOBN(0x64246595, 0x1b176d99), + TOBN(0xb1298d36, 0xb95c081b), TOBN(0x53505bb8, 0x1d9a9ee6), + TOBN(0x3f6f9e61, 0xf2ba70b0), TOBN(0xd07e16c9, 0x8afad453), + TOBN(0x9f1694bb, 0xe7eb4a6a), TOBN(0xdfebced9, 0x3cb0bc8e), + TOBN(0x92d3dcdc, 0x53868c8b), TOBN(0x174311a2, 0x386107a6), + TOBN(0x4109e07c, 0x689b4e64), TOBN(0x30e4587f, 0x2df3dcb6), + TOBN(0x841aea31, 0x0811b3b2), TOBN(0x6144d41d, 0x0cce43ea), + TOBN(0x464c4581, 0x2a9a7803), TOBN(0xd03d371f, 0x3e158930), + TOBN(0xc676d7f2, 0xb1f3390b), TOBN(0x9f7a1b8c, 0xa5b61272), + TOBN(0x4ebebfc9, 0xc2e127a9), TOBN(0x4602500c, 0x5dd997bf), + TOBN(0x7f09771c, 0x4711230f), TOBN(0x058eb37c, 0x020f09c1), + TOBN(0xab693d4b, 0xfee5e38b), TOBN(0x9289eb1f, 0x4653cbc0), + TOBN(0xbecf46ab, 0xd51b9cf5), TOBN(0xd2aa9c02, 0x9f0121af), + TOBN(0x36aaf7d2, 0xe90dc274), TOBN(0x909e4ea0, 0x48b95a3c), + TOBN(0xe6b70496, 0x6f32dbdb), TOBN(0x672188a0, 0x8b030b3e), + TOBN(0xeeffe5b3, 0xcfb617e2), TOBN(0x87e947de, 0x7c82709e), + TOBN(0xa44d2b39, 0x1770f5a7), TOBN(0xe4d4d791, 0x0e44eb82), + TOBN(0x42e69d1e, 0x3f69712a), TOBN(0xbf11c4d6, 0xac6a820e), + TOBN(0xb5e7f3e5, 0x42c4224c), TOBN(0xd6b4e81c, 0x449d941c), + TOBN(0x5d72bd16, 0x5450e878), TOBN(0x6a61e28a, 0xee25ac54), + TOBN(0x33272094, 0xe6f1cd95), TOBN(0x7512f30d, 0x0d18673f), + TOBN(0x32f7a4ca, 0x5afc1464), TOBN(0x2f095656, 0x6bbb977b), + TOBN(0x586f47ca, 0xa8226200), TOBN(0x02c868ad, 0x1ac07369), + TOBN(0x4ef2b845, 0xc613acbe), TOBN(0x43d7563e, 0x0386054c), + TOBN(0x54da9dc7, 0xab952578), TOBN(0xb5423df2, 0x26e84d0b), + TOBN(0xa8b64eeb, 0x9b872042), TOBN(0xac205782, 0x5990f6df), + TOBN(0x4ff696eb, 0x21f4c77a), TOBN(0x1a79c3e4, 0xaab273af), + TOBN(0x29bc922e, 0x9436b3f1), TOBN(0xff807ef8, 0xd6d9a27a), + TOBN(0x82acea3d, 0x778f22a0), TOBN(0xfb10b2e8, 0x5b5e7469), + TOBN(0xc0b16980, 0x2818ee7d), TOBN(0x011afff4, 0xc91c1a2f), + TOBN(0x95a6d126, 0xad124418), TOBN(0x31c081a5, 0xe72e295f), + TOBN(0x36bb283a, 0xf2f4db75), TOBN(0xd115540f, 0x7acef462), + TOBN(0xc7f3a8f8, 0x33f6746c), TOBN(0x21e46f65, 0xfea990ca), + TOBN(0x915fd5c5, 0xcaddb0a9), TOBN(0xbd41f016, 0x78614555), + TOBN(0x346f4434, 0x426ffb58), TOBN(0x80559436, 0x14dbc204), + TOBN(0xf3dd20fe, 0x5a969b7f), TOBN(0x9d59e956, 0xe899a39a), + TOBN(0xf1b0971c, 0x8ad4cf4b), TOBN(0x03448860, 0x2ffb8fb8), + TOBN(0xf071ac3c, 0x65340ba4), TOBN(0x408d0596, 0xb27fd758), + TOBN(0xe7c78ea4, 0x98c364b0), TOBN(0xa4aac4a5, 0x051e8ab5), + TOBN(0xb9e1d560, 0x485d9002), TOBN(0x9acd518a, 0x88844455), + TOBN(0xe4ca688f, 0xd06f56c0), TOBN(0xa48af70d, 0xdf027972), + TOBN(0x691f0f04, 0x5e9a609d), TOBN(0xa9dd82cd, 0xee61270e), + TOBN(0x8903ca63, 0xa0ef18d3), TOBN(0x9fb7ee35, 0x3d6ca3bd), + TOBN(0xa7b4a09c, 0xabf47d03), TOBN(0x4cdada01, 0x1c67de8e), + TOBN(0x52003749, 0x9355a244), TOBN(0xe77fd2b6, 0x4f2151a9), + TOBN(0x695d6cf6, 0x66b4efcb), TOBN(0xc5a0cacf, 0xda2cfe25), + TOBN(0x104efe5c, 0xef811865), TOBN(0xf52813e8, 0x9ea5cc3d), + TOBN(0x855683dc, 0x40b58dbc), TOBN(0x0338ecde, 0x175fcb11), + TOBN(0xf9a05637, 0x74921592), TOBN(0xb4f1261d, 0xb9bb9d31), + TOBN(0x551429b7, 0x4e9c5459), TOBN(0xbe182e6f, 0x6ea71f53), + TOBN(0xd3a3b07c, 0xdfc50573), TOBN(0x9ba1afda, 0x62be8d44), + TOBN(0x9bcfd2cb, 0x52ab65d3), TOBN(0xdf11d547, 0xa9571802), + TOBN(0x099403ee, 0x02a2404a), TOBN(0x497406f4, 0x21088a71), + TOBN(0x99479409, 0x5004ae71), TOBN(0xbdb42078, 0xa812c362), + TOBN(0x2b72a30f, 0xd8828442), TOBN(0x283add27, 0xfcb5ed1c), + TOBN(0xf7c0e200, 0x66a40015), TOBN(0x3e3be641, 0x08b295ef), + TOBN(0xac127dc1, 0xe038a675), TOBN(0x729deff3, 0x8c5c6320), + TOBN(0xb7df8fd4, 0xa90d2c53), TOBN(0x9b74b0ec, 0x681e7cd3), + TOBN(0x5cb5a623, 0xdab407e5), TOBN(0xcdbd3615, 0x76b340c6), + TOBN(0xa184415a, 0x7d28392c), TOBN(0xc184c1d8, 0xe96f7830), + TOBN(0xc3204f19, 0x81d3a80f), TOBN(0xfde0c841, 0xc8e02432), + TOBN(0x78203b3e, 0x8149e0c1), TOBN(0x5904bdbb, 0x08053a73), + TOBN(0x30fc1dd1, 0x101b6805), TOBN(0x43c223bc, 0x49aa6d49), + TOBN(0x9ed67141, 0x7a174087), TOBN(0x311469a0, 0xd5997008), + TOBN(0xb189b684, 0x5e43fc61), TOBN(0xf3282375, 0xe0d3ab57), + TOBN(0x4fa34b67, 0xb1181da8), TOBN(0x621ed0b2, 0x99ee52b8), + TOBN(0x9b178de1, 0xad990676), TOBN(0xd51de67b, 0x56d54065), + TOBN(0x2a2c27c4, 0x7538c201), TOBN(0x33856ec8, 0x38a40f5c), + TOBN(0x2522fc15, 0xbe6cdcde), TOBN(0x1e603f33, 0x9f0c6f89), + TOBN(0x7994edc3, 0x103e30a6), TOBN(0x033a00db, 0x220c853e), + TOBN(0xd3cfa409, 0xf7bb7fd7), TOBN(0x70f8781e, 0x462d18f6), + TOBN(0xbbd82980, 0x687fe295), TOBN(0x6eef4c32, 0x595669f3), + TOBN(0x86a9303b, 0x2f7e85c3), TOBN(0x5fce4621, 0x71988f9b), + TOBN(0x5b935bf6, 0xc138acb5), TOBN(0x30ea7d67, 0x25661212), + TOBN(0xef1eb5f4, 0xe51ab9a2), TOBN(0x0587c98a, 0xae067c78), + TOBN(0xb3ce1b3c, 0x77ca9ca6), TOBN(0x2a553d4d, 0x54b5f057), + TOBN(0xc7898236, 0x4da29ec2), TOBN(0xdbdd5d13, 0xb9c57316), + TOBN(0xc57d6e6b, 0x2cd80d47), TOBN(0x80b460cf, 0xfe9e7391), + TOBN(0x98648cab, 0xf963c31e), TOBN(0x67f9f633, 0xcc4d32fd), + TOBN(0x0af42a9d, 0xfdf7c687), TOBN(0x55f292a3, 0x0b015ea7), + TOBN(0x89e468b2, 0xcd21ab3d), TOBN(0xe504f022, 0xc393d392), + TOBN(0xab21e1d4, 0xa5013af9), TOBN(0xe3283f78, 0xc2c28acb), + TOBN(0xf38b35f6, 0x226bf99f), TOBN(0xe8354274, 0x0e291e69), + TOBN(0x61673a15, 0xb20c162d), TOBN(0xc101dc75, 0xb04fbdbe), + TOBN(0x8323b4c2, 0x255bd617), TOBN(0x6c969693, 0x6c2a9154), + TOBN(0xc6e65860, 0x62679387), TOBN(0x8e01db0c, 0xb8c88e23), + TOBN(0x33c42873, 0x893a5559), TOBN(0x7630f04b, 0x47a3e149), + TOBN(0xb5d80805, 0xddcf35f8), TOBN(0x582ca080, 0x77dfe732), + TOBN(0x2c7156e1, 0x0b1894a0), TOBN(0x92034001, 0xd81c68c0), + TOBN(0xed225d00, 0xc8b115b5), TOBN(0x237f9c22, 0x83b907f2), + TOBN(0x0ea2f32f, 0x4470e2c0), TOBN(0xb725f7c1, 0x58be4e95), + TOBN(0x0f1dcafa, 0xb1ae5463), TOBN(0x59ed5187, 0x1ba2fc04), + TOBN(0xf6e0f316, 0xd0115d4d), TOBN(0x5180b12f, 0xd3691599), + TOBN(0x157e32c9, 0x527f0a41), TOBN(0x7b0b081d, 0xa8e0ecc0), + TOBN(0x6dbaaa8a, 0xbf4f0dd0), TOBN(0x99b289c7, 0x4d252696), + TOBN(0x79b7755e, 0xdbf864fe), TOBN(0x6974e2b1, 0x76cad3ab), + TOBN(0x35dbbee2, 0x06ddd657), TOBN(0xe7cbdd11, 0x2ff3a96d), + TOBN(0x88381968, 0x076be758), TOBN(0x2d737e72, 0x08c91f5d), + TOBN(0x5f83ab62, 0x86ec3776), TOBN(0x98aa649d, 0x945fa7a1), + TOBN(0xf477ec37, 0x72ef0933), TOBN(0x66f52b1e, 0x098c17b1), + TOBN(0x9eec58fb, 0xd803738b), TOBN(0x91aaade7, 0xe4e86aa4), + TOBN(0x6b1ae617, 0xa5b51492), TOBN(0x63272121, 0xbbc45974), + TOBN(0x7e0e28f0, 0x862c5129), TOBN(0x0a8f79a9, 0x3321a4a0), + TOBN(0xe26d1664, 0x5041c88f), TOBN(0x0571b805, 0x53233e3a), + TOBN(0xd1b0ccde, 0xc9520711), TOBN(0x55a9e4ed, 0x3c8b84bf), + TOBN(0x9426bd39, 0xa1fef314), TOBN(0x4f5f638e, 0x6eb93f2b), + TOBN(0xba2a1ed3, 0x2bf9341b), TOBN(0xd63c1321, 0x4d42d5a9), + TOBN(0xd2964a89, 0x316dc7c5), TOBN(0xd1759606, 0xca511851), + TOBN(0xd8a9201f, 0xf9e6ed35), TOBN(0xb7b5ee45, 0x6736925a), + TOBN(0x0a83fbbc, 0x99581af7), TOBN(0x3076bc40, 0x64eeb051), + TOBN(0x5511c98c, 0x02dec312), TOBN(0x270de898, 0x238dcb78), + TOBN(0x2cf4cf9c, 0x539c08c9), TOBN(0xa70cb65e, 0x38d3b06e), + TOBN(0xb12ec10e, 0xcfe57bbd), TOBN(0x82c7b656, 0x35a0c2b5), + TOBN(0xddc7d5cd, 0x161c67bd), TOBN(0xe32e8985, 0xae3a32cc), + TOBN(0x7aba9444, 0xd11a5529), TOBN(0xe964ed02, 0x2427fa1a), + TOBN(0x1528392d, 0x24a1770a), TOBN(0xa152ce2c, 0x12c72fcd), + TOBN(0x714553a4, 0x8ec07649), TOBN(0x18b4c290, 0x459dd453), + TOBN(0xea32b714, 0x7b64b110), TOBN(0xb871bfa5, 0x2e6f07a2), + TOBN(0xb67112e5, 0x9e2e3c9b), TOBN(0xfbf250e5, 0x44aa90f6), + TOBN(0xf77aedb8, 0xbd539006), TOBN(0x3b0cdf9a, 0xd172a66f), + TOBN(0xedf69fea, 0xf8c51187), TOBN(0x05bb67ec, 0x741e4da7), + TOBN(0x47df0f32, 0x08114345), TOBN(0x56facb07, 0xbb9792b1), + TOBN(0xf3e007e9, 0x8f6229e4), TOBN(0x62d103f4, 0x526fba0f), + TOBN(0x4f33bef7, 0xb0339d79), TOBN(0x9841357b, 0xb59bfec1), + TOBN(0xfa8dbb59, 0xc34e6705), TOBN(0xc3c7180b, 0x7fdaa84c), + TOBN(0xf95872fc, 0xa4108537), TOBN(0x8750cc3b, 0x932a3e5a), + TOBN(0xb61cc69d, 0xb7275d7d), TOBN(0xffa0168b, 0x2e59b2e9), + TOBN(0xca032abc, 0x6ecbb493), TOBN(0x1d86dbd3, 0x2c9082d8), + TOBN(0xae1e0b67, 0xe28ef5ba), TOBN(0x2c9a4699, 0xcb18e169), + TOBN(0x0ecd0e33, 0x1e6bbd20), TOBN(0x571b360e, 0xaf5e81d2), + TOBN(0xcd9fea58, 0x101c1d45), TOBN(0x6651788e, 0x18880452), + TOBN(0xa9972635, 0x1f8dd446), TOBN(0x44bed022, 0xe37281d0), + TOBN(0x094b2b2d, 0x33da525d), TOBN(0xf193678e, 0x13144fd8), + TOBN(0xb8ab5ba4, 0xf4c1061d), TOBN(0x4343b5fa, 0xdccbe0f4), + TOBN(0xa8702371, 0x63812713), TOBN(0x47bf6d2d, 0xf7611d93), + TOBN(0x46729b8c, 0xbd21e1d7), TOBN(0x7484d4e0, 0xd629e77d), + TOBN(0x830e6eea, 0x60dbac1f), TOBN(0x23d8c484, 0xda06a2f7), + TOBN(0x896714b0, 0x50ca535b), TOBN(0xdc8d3644, 0xebd97a9b), + TOBN(0x106ef9fa, 0xb12177b4), TOBN(0xf79bf464, 0x534d5d9c), + TOBN(0x2537a349, 0xa6ab360b), TOBN(0xc7c54253, 0xa00c744f), + TOBN(0xb3c7a047, 0xe5911a76), TOBN(0x61ffa5c8, 0x647f1ee7), + TOBN(0x15aed36f, 0x8f56ab42), TOBN(0x6a0d41b0, 0xa3ff9ac9), + TOBN(0x68f469f5, 0xcc30d357), TOBN(0xbe9adf81, 0x6b72be96), + TOBN(0x1cd926fe, 0x903ad461), TOBN(0x7e89e38f, 0xcaca441b), + TOBN(0xf0f82de5, 0xfacf69d4), TOBN(0x363b7e76, 0x4775344c), + TOBN(0x6894f312, 0xb2e36d04), TOBN(0x3c6cb4fe, 0x11d1c9a5), + TOBN(0x85d9c339, 0x4008e1f2), TOBN(0x5e9a85ea, 0x249f326c), + TOBN(0xdc35c60a, 0x678c5e06), TOBN(0xc08b944f, 0x9f86fba9), + TOBN(0xde40c02c, 0x89f71f0f), TOBN(0xad8f3e31, 0xff3da3c0), + TOBN(0x3ea5096b, 0x42125ded), TOBN(0x13879cbf, 0xa7379183), + TOBN(0x6f4714a5, 0x6b306a0b), TOBN(0x359c2ea6, 0x67646c5e), + TOBN(0xfacf8943, 0x07726368), TOBN(0x07a58935, 0x65ff431e), + TOBN(0x24d661d1, 0x68754ab0), TOBN(0x801fce1d, 0x6f429a76), + TOBN(0xc068a85f, 0xa58ce769), TOBN(0xedc35c54, 0x5d5eca2b), + TOBN(0xea31276f, 0xa3f660d1), TOBN(0xa0184ebe, 0xb8fc7167), + TOBN(0x0f20f21a, 0x1d8db0ae), TOBN(0xd96d095f, 0x56c35e12), + TOBN(0xedf402b5, 0xf8c2a25b), TOBN(0x1bb772b9, 0x059204b6), + TOBN(0x50cbeae2, 0x19b4e34c), TOBN(0x93109d80, 0x3fa0845a), + TOBN(0x54f7ccf7, 0x8ef59fb5), TOBN(0x3b438fe2, 0x88070963), + TOBN(0x9e28c659, 0x31f3ba9b), TOBN(0x9cc31b46, 0xead9da92), + TOBN(0x3c2f0ba9, 0xb733aa5f), TOBN(0xdece47cb, 0xf05af235), + TOBN(0xf8e3f715, 0xa2ac82a5), TOBN(0xc97ba641, 0x2203f18a), + TOBN(0xc3af5504, 0x09c11060), TOBN(0x56ea2c05, 0x46af512d), + TOBN(0xfac28daf, 0xf3f28146), TOBN(0x87fab43a, 0x959ef494), + }, + { + TOBN(0x09891641, 0xd4c5105f), TOBN(0x1ae80f8e, 0x6d7fbd65), + TOBN(0x9d67225f, 0xbee6bdb0), TOBN(0x3b433b59, 0x7fc4d860), + TOBN(0x44e66db6, 0x93e85638), TOBN(0xf7b59252, 0xe3e9862f), + TOBN(0xdb785157, 0x665c32ec), TOBN(0x702fefd7, 0xae362f50), + TOBN(0x3754475d, 0x0fefb0c3), TOBN(0xd48fb56b, 0x46d7c35d), + TOBN(0xa070b633, 0x363798a4), TOBN(0xae89f3d2, 0x8fdb98e6), + TOBN(0x970b89c8, 0x6363d14c), TOBN(0x89817521, 0x67abd27d), + TOBN(0x9bf7d474, 0x44d5a021), TOBN(0xb3083baf, 0xcac72aee), + TOBN(0x389741de, 0xbe949a44), TOBN(0x638e9388, 0x546a4fa5), + TOBN(0x3fe6419c, 0xa0047bdc), TOBN(0x7047f648, 0xaaea57ca), + TOBN(0x54e48a90, 0x41fbab17), TOBN(0xda8e0b28, 0x576bdba2), + TOBN(0xe807eebc, 0xc72afddc), TOBN(0x07d3336d, 0xf42577bf), + TOBN(0x62a8c244, 0xbfe20925), TOBN(0x91c19ac3, 0x8fdce867), + TOBN(0x5a96a5d5, 0xdd387063), TOBN(0x61d587d4, 0x21d324f6), + TOBN(0xe87673a2, 0xa37173ea), TOBN(0x23848008, 0x53778b65), + TOBN(0x10f8441e, 0x05bab43e), TOBN(0xfa11fe12, 0x4621efbe), + TOBN(0x047b772e, 0x81685d7b), TOBN(0x23f27d81, 0xbf34a976), + TOBN(0xc27608e2, 0x915f48ef), TOBN(0x3b0b43fa, 0xa521d5c3), + TOBN(0x7613fb26, 0x63ca7284), TOBN(0x7f5729b4, 0x1d4db837), + TOBN(0x87b14898, 0x583b526b), TOBN(0x00b732a6, 0xbbadd3d1), + TOBN(0x8e02f426, 0x2048e396), TOBN(0x436b50b6, 0x383d9de4), + TOBN(0xf78d3481, 0x471e85ad), TOBN(0x8b01ea6a, 0xd005c8d6), + TOBN(0xd3c7afee, 0x97015c07), TOBN(0x46cdf1a9, 0x4e3ba2ae), + TOBN(0x7a42e501, 0x83d3a1d2), TOBN(0xd54b5268, 0xb541dff4), + TOBN(0x3f24cf30, 0x4e23e9bc), TOBN(0x4387f816, 0x126e3624), + TOBN(0x26a46a03, 0x3b0b6d61), TOBN(0xaf1bc845, 0x8b2d777c), + TOBN(0x25c401ba, 0x527de79c), TOBN(0x0e1346d4, 0x4261bbb6), + TOBN(0x4b96c44b, 0x287b4bc7), TOBN(0x658493c7, 0x5254562f), + TOBN(0x23f949fe, 0xb8a24a20), TOBN(0x17ebfed1, 0xf52ca53f), + TOBN(0x9b691bbe, 0xbcfb4853), TOBN(0x5617ff6b, 0x6278a05d), + TOBN(0x241b34c5, 0xe3c99ebd), TOBN(0xfc64242e, 0x1784156a), + TOBN(0x4206482f, 0x695d67df), TOBN(0xb967ce0e, 0xee27c011), + TOBN(0x65db3751, 0x21c80b5d), TOBN(0x2e7a563c, 0xa31ecca0), + TOBN(0xe56ffc4e, 0x5238a07e), TOBN(0x3d6c2966, 0x32ced854), + TOBN(0xe99d7d1a, 0xaf70b885), TOBN(0xafc3bad9, 0x2d686459), + TOBN(0x9c78bf46, 0x0cc8ba5b), TOBN(0x5a439519, 0x18955aa3), + TOBN(0xf8b517a8, 0x5fe4e314), TOBN(0xe60234d0, 0xfcb8906f), + TOBN(0xffe542ac, 0xf2061b23), TOBN(0x287e191f, 0x6b4cb59c), + TOBN(0x21857ddc, 0x09d877d8), TOBN(0x1c23478c, 0x14678941), + TOBN(0xbbf0c056, 0xb6e05ea4), TOBN(0x82da4b53, 0xb01594fe), + TOBN(0xf7526791, 0xfadb8608), TOBN(0x049e832d, 0x7b74cdf6), + TOBN(0xa43581cc, 0xc2b90a34), TOBN(0x73639eb8, 0x9360b10c), + TOBN(0x4fba331f, 0xe1e4a71b), TOBN(0x6ffd6b93, 0x8072f919), + TOBN(0x6e53271c, 0x65679032), TOBN(0x67206444, 0xf14272ce), + TOBN(0xc0f734a3, 0xb2335834), TOBN(0x9526205a, 0x90ef6860), + TOBN(0xcb8be717, 0x04e2bb0d), TOBN(0x2418871e, 0x02f383fa), + TOBN(0xd7177681, 0x4082c157), TOBN(0xcc914ad0, 0x29c20073), + TOBN(0xf186c1eb, 0xe587e728), TOBN(0x6fdb3c22, 0x61bcd5fd), + TOBN(0x30d014a6, 0xf2f9f8e9), TOBN(0x963ece23, 0x4fec49d2), + TOBN(0x862025c5, 0x9605a8d9), TOBN(0x39874445, 0x19f8929a), + TOBN(0x01b6ff65, 0x12bf476a), TOBN(0x598a64d8, 0x09cf7d91), + TOBN(0xd7ec7749, 0x93be56ca), TOBN(0x10899785, 0xcbb33615), + TOBN(0xb8a092fd, 0x02eee3ad), TOBN(0xa86b3d35, 0x30145270), + TOBN(0x323d98c6, 0x8512b675), TOBN(0x4b8bc785, 0x62ebb40f), + TOBN(0x7d301f54, 0x413f9cde), TOBN(0xa5e4fb4f, 0x2bab5664), + TOBN(0x1d2b252d, 0x1cbfec23), TOBN(0xfcd576bb, 0xe177120d), + TOBN(0x04427d3e, 0x83731a34), TOBN(0x2bb9028e, 0xed836e8e), + TOBN(0xb36acff8, 0xb612ca7c), TOBN(0xb88fe5ef, 0xd3d9c73a), + TOBN(0xbe2a6bc6, 0xedea4eb3), TOBN(0x43b93133, 0x488eec77), + TOBN(0xf41ff566, 0xb17106e1), TOBN(0x469e9172, 0x654efa32), + TOBN(0xb4480f04, 0x41c23fa3), TOBN(0xb4712eb0, 0xc1989a2e), + TOBN(0x3ccbba0f, 0x93a29ca7), TOBN(0x6e205c14, 0xd619428c), + TOBN(0x90db7957, 0xb3641686), TOBN(0x0432691d, 0x45ac8b4e), + TOBN(0x07a759ac, 0xf64e0350), TOBN(0x0514d89c, 0x9c972517), + TOBN(0x1701147f, 0xa8e67fc3), TOBN(0x9e2e0b8b, 0xab2085be), + TOBN(0xd5651824, 0xac284e57), TOBN(0x890d4325, 0x74893664), + TOBN(0x8a7c5e6e, 0xc55e68a3), TOBN(0xbf12e90b, 0x4339c85a), + TOBN(0x31846b85, 0xf922b655), TOBN(0x9a54ce4d, 0x0bf4d700), + TOBN(0xd7f4e83a, 0xf1a14295), TOBN(0x916f955c, 0xb285d4f9), + TOBN(0xe57bb0e0, 0x99ffdaba), TOBN(0x28a43034, 0xeab0d152), + TOBN(0x0a36ffa2, 0xb8a9cef8), TOBN(0x5517407e, 0xb9ec051a), + TOBN(0x9c796096, 0xea68e672), TOBN(0x853db5fb, 0xfb3c77fb), + TOBN(0x21474ba9, 0xe864a51a), TOBN(0x6c267699, 0x6e8a1b8b), + TOBN(0x7c823626, 0x94120a28), TOBN(0xe61e9a48, 0x8383a5db), + TOBN(0x7dd75003, 0x9f84216d), TOBN(0xab020d07, 0xad43cd85), + TOBN(0x9437ae48, 0xda12c659), TOBN(0x6449c2eb, 0xe65452ad), + TOBN(0xcc7c4c1c, 0x2cf9d7c1), TOBN(0x1320886a, 0xee95e5ab), + TOBN(0xbb7b9056, 0xbeae170c), TOBN(0xc8a5b250, 0xdbc0d662), + TOBN(0x4ed81432, 0xc11d2303), TOBN(0x7da66912, 0x1f03769f), + TOBN(0x3ac7a5fd, 0x84539828), TOBN(0x14dada94, 0x3bccdd02), + TOBN(0x8b84c321, 0x7ef6b0d1), TOBN(0x52a9477a, 0x7c933f22), + TOBN(0x5ef6728a, 0xfd440b82), TOBN(0x5c3bd859, 0x6ce4bd5e), + TOBN(0x918b80f5, 0xf22c2d3e), TOBN(0x368d5040, 0xb7bb6cc5), + TOBN(0xb66142a1, 0x2695a11c), TOBN(0x60ac583a, 0xeb19ea70), + TOBN(0x317cbb98, 0x0eab2437), TOBN(0x8cc08c55, 0x5e2654c8), + TOBN(0xfe2d6520, 0xe6d8307f), TOBN(0xe9f147f3, 0x57428993), + TOBN(0x5f9c7d14, 0xd2fd6cf1), TOBN(0xa3ecd064, 0x2d4fcbb0), + TOBN(0xad83fef0, 0x8e7341f7), TOBN(0x643f23a0, 0x3a63115c), + TOBN(0xd38a78ab, 0xe65ab743), TOBN(0xbf7c75b1, 0x35edc89c), + TOBN(0x3dd8752e, 0x530df568), TOBN(0xf85c4a76, 0xe308c682), + TOBN(0x4c9955b2, 0xe68acf37), TOBN(0xa544df3d, 0xab32af85), + TOBN(0x4b8ec3f5, 0xa25cf493), TOBN(0x4d8f2764, 0x1a622feb), + TOBN(0x7bb4f7aa, 0xf0dcbc49), TOBN(0x7de551f9, 0x70bbb45b), + TOBN(0xcfd0f3e4, 0x9f2ca2e5), TOBN(0xece58709, 0x1f5c76ef), + TOBN(0x32920edd, 0x167d79ae), TOBN(0x039df8a2, 0xfa7d7ec1), + TOBN(0xf46206c0, 0xbb30af91), TOBN(0x1ff5e2f5, 0x22676b59), + TOBN(0x11f4a039, 0x6ea51d66), TOBN(0x506c1445, 0x807d7a26), + TOBN(0x60da5705, 0x755a9b24), TOBN(0x8fc8cc32, 0x1f1a319e), + TOBN(0x83642d4d, 0x9433d67d), TOBN(0x7fa5cb8f, 0x6a7dd296), + TOBN(0x576591db, 0x9b7bde07), TOBN(0x13173d25, 0x419716fb), + TOBN(0xea30599d, 0xd5b340ff), TOBN(0xfc6b5297, 0xb0fe76c5), + TOBN(0x1c6968c8, 0xab8f5adc), TOBN(0xf723c7f5, 0x901c928d), + TOBN(0x4203c321, 0x9773d402), TOBN(0xdf7c6aa3, 0x1b51dd47), + TOBN(0x3d49e37a, 0x552be23c), TOBN(0x57febee8, 0x0b5a6e87), + TOBN(0xc5ecbee4, 0x7bd8e739), TOBN(0x79d44994, 0xae63bf75), + TOBN(0x168bd00f, 0x38fb8923), TOBN(0x75d48ee4, 0xd0533130), + TOBN(0x554f77aa, 0xdb5cdf33), TOBN(0x3396e896, 0x3c696769), + TOBN(0x2fdddbf2, 0xd3fd674e), TOBN(0xbbb8f6ee, 0x99d0e3e5), + TOBN(0x51b90651, 0xcbae2f70), TOBN(0xefc4bc05, 0x93aaa8eb), + TOBN(0x8ecd8689, 0xdd1df499), TOBN(0x1aee99a8, 0x22f367a5), + TOBN(0x95d485b9, 0xae8274c5), TOBN(0x6c14d445, 0x7d30b39c), + TOBN(0xbafea90b, 0xbcc1ef81), TOBN(0x7c5f317a, 0xa459a2ed), + TOBN(0x01211075, 0x4ef44227), TOBN(0xa17bed6e, 0xdc20f496), + TOBN(0x0cdfe424, 0x819853cd), TOBN(0x13793298, 0xf71e2ce7), + TOBN(0x3c1f3078, 0xdbbe307b), TOBN(0x6dd1c20e, 0x76ee9936), + TOBN(0x23ee4b57, 0x423caa20), TOBN(0x4ac3793b, 0x8efb840e), + TOBN(0x934438eb, 0xed1f8ca0), TOBN(0x3e546658, 0x4ebb25a2), + TOBN(0xc415af0e, 0xc069896f), TOBN(0xc13eddb0, 0x9a5aa43d), + TOBN(0x7a04204f, 0xd49eb8f6), TOBN(0xd0d5bdfc, 0xd74f1670), + TOBN(0x3697e286, 0x56fc0558), TOBN(0x10207371, 0x01cebade), + TOBN(0x5f87e690, 0x0647a82b), TOBN(0x908e0ed4, 0x8f40054f), + TOBN(0xa9f633d4, 0x79853803), TOBN(0x8ed13c9a, 0x4a28b252), + TOBN(0x3e2ef676, 0x1f460f64), TOBN(0x53930b9b, 0x36d06336), + TOBN(0x347073ac, 0x8fc4979b), TOBN(0x84380e0e, 0x5ecd5597), + TOBN(0xe3b22c6b, 0xc4fe3c39), TOBN(0xba4a8153, 0x6c7bebdf), + TOBN(0xf23ab6b7, 0x25693459), TOBN(0x53bc3770, 0x14922b11), + TOBN(0x4645c8ab, 0x5afc60db), TOBN(0xaa022355, 0x20b9f2a3), + TOBN(0x52a2954c, 0xce0fc507), TOBN(0x8c2731bb, 0x7ce1c2e7), + TOBN(0xf39608ab, 0x18a0339d), TOBN(0xac7a658d, 0x3735436c), + TOBN(0xb22c2b07, 0xcd992b4f), TOBN(0x4e83daec, 0xf40dcfd4), + TOBN(0x8a34c7be, 0x2f39ea3e), TOBN(0xef0c005f, 0xb0a56d2e), + TOBN(0x62731f6a, 0x6edd8038), TOBN(0x5721d740, 0x4e3cb075), + TOBN(0x1ea41511, 0xfbeeee1b), TOBN(0xd1ef5e73, 0xef1d0c05), + TOBN(0x42feefd1, 0x73c07d35), TOBN(0xe530a00a, 0x8a329493), + TOBN(0x5d55b7fe, 0xf15ebfb0), TOBN(0x549de03c, 0xd322491a), + TOBN(0xf7b5f602, 0x745b3237), TOBN(0x3632a3a2, 0x1ab6e2b6), + TOBN(0x0d3bba89, 0x0ef59f78), TOBN(0x0dfc6443, 0xc9e52b9a), + TOBN(0x1dc79699, 0x72631447), TOBN(0xef033917, 0xb3be20b1), + TOBN(0x0c92735d, 0xb1383948), TOBN(0xc1fc29a2, 0xc0dd7d7d), + TOBN(0x6485b697, 0x403ed068), TOBN(0x13bfaab3, 0xaac93bdc), + TOBN(0x410dc6a9, 0x0deeaf52), TOBN(0xb003fb02, 0x4c641c15), + TOBN(0x1384978c, 0x5bc504c4), TOBN(0x37640487, 0x864a6a77), + TOBN(0x05991bc6, 0x222a77da), TOBN(0x62260a57, 0x5e47eb11), + TOBN(0xc7af6613, 0xf21b432c), TOBN(0x22f3acc9, 0xab4953e9), + TOBN(0x52934922, 0x8e41d155), TOBN(0x4d024568, 0x3ac059ef), + TOBN(0xb0201755, 0x4d884411), TOBN(0xce8055cf, 0xa59a178f), + TOBN(0xcd77d1af, 0xf6204549), TOBN(0xa0a00a3e, 0xc7066759), + TOBN(0x471071ef, 0x0272c229), TOBN(0x009bcf6b, 0xd3c4b6b0), + TOBN(0x2a2638a8, 0x22305177), TOBN(0xd51d59df, 0x41645bbf), + TOBN(0xa81142fd, 0xc0a7a3c0), TOBN(0xa17eca6d, 0x4c7063ee), + TOBN(0x0bb887ed, 0x60d9dcec), TOBN(0xd6d28e51, 0x20ad2455), + TOBN(0xebed6308, 0xa67102ba), TOBN(0x042c3114, 0x8bffa408), + TOBN(0xfd099ac5, 0x8aa68e30), TOBN(0x7a6a3d7c, 0x1483513e), + TOBN(0xffcc6b75, 0xba2d8f0c), TOBN(0x54dacf96, 0x1e78b954), + TOBN(0xf645696f, 0xa4a9af89), TOBN(0x3a411940, 0x06ac98ec), + TOBN(0x41b8b3f6, 0x22a67a20), TOBN(0x2d0b1e0f, 0x99dec626), + TOBN(0x27c89192, 0x40be34e8), TOBN(0xc7162b37, 0x91907f35), + TOBN(0x90188ec1, 0xa956702b), TOBN(0xca132f7d, 0xdf93769c), + TOBN(0x3ece44f9, 0x0e2025b4), TOBN(0x67aaec69, 0x0c62f14c), + TOBN(0xad741418, 0x22e3cc11), TOBN(0xcf9b75c3, 0x7ff9a50e), + TOBN(0x02fa2b16, 0x4d348272), TOBN(0xbd99d61a, 0x9959d56d), + TOBN(0xbc4f19db, 0x18762916), TOBN(0xcc7cce50, 0x49c1ac80), + TOBN(0x4d59ebaa, 0xd846bd83), TOBN(0x8775a9dc, 0xa9202849), + TOBN(0x07ec4ae1, 0x6e1f4ca9), TOBN(0x27eb5875, 0xba893f11), + TOBN(0x00284d51, 0x662cc565), TOBN(0x82353a6b, 0x0db4138d), + TOBN(0xd9c7aaaa, 0xaa32a594), TOBN(0xf5528b5e, 0xa5669c47), + TOBN(0xf3220231, 0x2f23c5ff), TOBN(0xe3e8147a, 0x6affa3a1), + TOBN(0xfb423d5c, 0x202ddda0), TOBN(0x3d6414ac, 0x6b871bd4), + TOBN(0x586f82e1, 0xa51a168a), TOBN(0xb712c671, 0x48ae5448), + TOBN(0x9a2e4bd1, 0x76233eb8), TOBN(0x0188223a, 0x78811ca9), + TOBN(0x553c5e21, 0xf7c18de1), TOBN(0x7682e451, 0xb27bb286), + TOBN(0x3ed036b3, 0x0e51e929), TOBN(0xf487211b, 0xec9cb34f), + TOBN(0x0d094277, 0x0c24efc8), TOBN(0x0349fd04, 0xbef737a4), + TOBN(0x6d1c9dd2, 0x514cdd28), TOBN(0x29c135ff, 0x30da9521), + TOBN(0xea6e4508, 0xf78b0b6f), TOBN(0x176f5dd2, 0x678c143c), + TOBN(0x08148418, 0x4be21e65), TOBN(0x27f7525c, 0xe7df38c4), + TOBN(0x1fb70e09, 0x748ab1a4), TOBN(0x9cba50a0, 0x5efe4433), + TOBN(0x7846c7a6, 0x15f75af2), TOBN(0x2a7c2c57, 0x5ee73ea8), + TOBN(0x42e566a4, 0x3f0a449a), TOBN(0x45474c3b, 0xad90fc3d), + TOBN(0x7447be3d, 0x8b61d057), TOBN(0x3e9d1cf1, 0x3a4ec092), + TOBN(0x1603e453, 0xf380a6e6), TOBN(0x0b86e431, 0x9b1437c2), + TOBN(0x7a4173f2, 0xef29610a), TOBN(0x8fa729a7, 0xf03d57f7), + TOBN(0x3e186f6e, 0x6c9c217e), TOBN(0xbe1d3079, 0x91919524), + TOBN(0x92a62a70, 0x153d4fb1), TOBN(0x32ed3e34, 0xd68c2f71), + TOBN(0xd785027f, 0x9eb1a8b7), TOBN(0xbc37eb77, 0xc5b22fe8), + TOBN(0x466b34f0, 0xb9d6a191), TOBN(0x008a89af, 0x9a05f816), + TOBN(0x19b028fb, 0x7d42c10a), TOBN(0x7fe8c92f, 0x49b3f6b8), + TOBN(0x58907cc0, 0xa5a0ade3), TOBN(0xb3154f51, 0x559d1a7c), + TOBN(0x5066efb6, 0xd9790ed6), TOBN(0xa77a0cbc, 0xa6aa793b), + TOBN(0x1a915f3c, 0x223e042e), TOBN(0x1c5def04, 0x69c5874b), + TOBN(0x0e830078, 0x73b6c1da), TOBN(0x55cf85d2, 0xfcd8557a), + TOBN(0x0f7c7c76, 0x0460f3b1), TOBN(0x87052acb, 0x46e58063), + TOBN(0x09212b80, 0x907eae66), TOBN(0x3cb068e0, 0x4d721c89), + TOBN(0xa87941ae, 0xdd45ac1c), TOBN(0xde8d5c0d, 0x0daa0dbb), + TOBN(0xda421fdc, 0xe3502e6e), TOBN(0xc8944201, 0x4d89a084), + TOBN(0x7307ba5e, 0xf0c24bfb), TOBN(0xda212beb, 0x20bde0ef), + TOBN(0xea2da24b, 0xf82ce682), TOBN(0x058d3816, 0x07f71fe4), + TOBN(0x35a02462, 0x5ffad8de), TOBN(0xcd7b05dc, 0xaadcefab), + TOBN(0xd442f8ed, 0x1d9f54ec), TOBN(0x8be3d618, 0xb2d3b5ca), + TOBN(0xe2220ed0, 0xe06b2ce2), TOBN(0x82699a5f, 0x1b0da4c0), + TOBN(0x3ff106f5, 0x71c0c3a7), TOBN(0x8f580f5a, 0x0d34180c), + TOBN(0x4ebb120e, 0x22d7d375), TOBN(0x5e5782cc, 0xe9513675), + TOBN(0x2275580c, 0x99c82a70), TOBN(0xe8359fbf, 0x15ea8c4c), + TOBN(0x53b48db8, 0x7b415e70), TOBN(0xaacf2240, 0x100c6014), + TOBN(0x9faaccf5, 0xe4652f1d), TOBN(0xbd6fdd2a, 0xd56157b2), + TOBN(0xa4f4fb1f, 0x6261ec50), TOBN(0x244e55ad, 0x476bcd52), + TOBN(0x881c9305, 0x047d320b), TOBN(0x1ca983d5, 0x6181263f), + TOBN(0x354e9a44, 0x278fb8ee), TOBN(0xad2dbc0f, 0x396e4964), + TOBN(0x723f3aa2, 0x9268b3de), TOBN(0x0d1ca29a, 0xe6e0609a), + TOBN(0x794866aa, 0x6cf44252), TOBN(0x0b59f3e3, 0x01af87ed), + TOBN(0xe234e5ff, 0x7f4a6c51), TOBN(0xa8768fd2, 0x61dc2f7e), + TOBN(0xdafc7332, 0x0a94d81f), TOBN(0xd7f84282, 0x06938ce1), + TOBN(0xae0b3c0e, 0x0546063e), TOBN(0x7fbadcb2, 0x5d61abc6), + TOBN(0xd5d7a2c9, 0x369ac400), TOBN(0xa5978d09, 0xae67d10c), + TOBN(0x290f211e, 0x4f85eaac), TOBN(0xe61e2ad1, 0xfacac681), + TOBN(0xae125225, 0x388384cd), TOBN(0xa7fb68e9, 0xccfde30f), + TOBN(0x7a59b936, 0x3daed4c2), TOBN(0x80a9aa40, 0x2606f789), + TOBN(0xb40c1ea5, 0xf6a6d90a), TOBN(0x948364d3, 0x514d5885), + TOBN(0x062ebc60, 0x70985182), TOBN(0xa6db5b0e, 0x33310895), + TOBN(0x64a12175, 0xe329c2f5), TOBN(0xc5f25bd2, 0x90ea237e), + TOBN(0x7915c524, 0x2d0a4c23), TOBN(0xeb5d26e4, 0x6bb3cc52), + TOBN(0x369a9116, 0xc09e2c92), TOBN(0x0c527f92, 0xcf182cf8), + TOBN(0x9e591938, 0x2aede0ac), TOBN(0xb2922208, 0x6cc34939), + TOBN(0x3c9d8962, 0x99a34361), TOBN(0x3c81836d, 0xc1905fe6), + TOBN(0x4bfeb57f, 0xa001ec5a), TOBN(0xe993f5bb, 0xa0dc5dba), + TOBN(0x47884109, 0x724a1380), TOBN(0x8a0369ab, 0x32fe9a04), + TOBN(0xea068d60, 0x8c927db8), TOBN(0xbf5f37cf, 0x94655741), + TOBN(0x47d402a2, 0x04b6c7ea), TOBN(0x4551c295, 0x6af259cb), + TOBN(0x698b71e7, 0xed77ee8b), TOBN(0xbddf7bd0, 0xf309d5c7), + TOBN(0x6201c22c, 0x34e780ca), TOBN(0xab04f7d8, 0x4c295ef4), + TOBN(0x1c947294, 0x4313a8ce), TOBN(0xe532e4ac, 0x92ca4cfe), + TOBN(0x89738f80, 0xd0a7a97a), TOBN(0xec088c88, 0xa580fd5b), + TOBN(0x612b1ecc, 0x42ce9e51), TOBN(0x8f9840fd, 0xb25fdd2a), + TOBN(0x3cda78c0, 0x01e7f839), TOBN(0x546b3d3a, 0xece05480), + TOBN(0x271719a9, 0x80d30916), TOBN(0x45497107, 0x584c20c4), + TOBN(0xaf8f9478, 0x5bc78608), TOBN(0x28c7d484, 0x277e2a4c), + TOBN(0xfce01767, 0x88a2ffe4), TOBN(0xdc506a35, 0x28e169a5), + TOBN(0x0ea10861, 0x7af9c93a), TOBN(0x1ed24361, 0x03fa0e08), + TOBN(0x96eaaa92, 0xa3d694e7), TOBN(0xc0f43b4d, 0xef50bc74), + TOBN(0xce6aa58c, 0x64114db4), TOBN(0x8218e8ea, 0x7c000fd4), + TOBN(0xac815dfb, 0x185f8844), TOBN(0xcd7e90cb, 0x1557abfb), + TOBN(0x23d16655, 0xafbfecdf), TOBN(0x80f3271f, 0x085cac4a), + TOBN(0x7fc39aa7, 0xd0e62f47), TOBN(0x88d519d1, 0x460a48e5), + TOBN(0x59559ac4, 0xd28f101e), TOBN(0x7981d9e9, 0xca9ae816), + TOBN(0x5c38652c, 0x9ac38203), TOBN(0x86eaf87f, 0x57657fe5), + TOBN(0x568fc472, 0xe21f5416), TOBN(0x2afff39c, 0xe7e597b5), + TOBN(0x3adbbb07, 0x256d4eab), TOBN(0x22598692, 0x8285ab89), + TOBN(0x35f8112a, 0x041caefe), TOBN(0x95df02e3, 0xa5064c8b), + TOBN(0x4d63356e, 0xc7004bf3), TOBN(0x230a08f4, 0xdb83c7de), + TOBN(0xca27b270, 0x8709a7b7), TOBN(0x0d1c4cc4, 0xcb9abd2d), + TOBN(0x8a0bc66e, 0x7550fee8), TOBN(0x369cd4c7, 0x9cf7247e), + TOBN(0x75562e84, 0x92b5b7e7), TOBN(0x8fed0da0, 0x5802af7b), + TOBN(0x6a7091c2, 0xe48fb889), TOBN(0x26882c13, 0x7b8a9d06), + TOBN(0xa2498663, 0x1b82a0e2), TOBN(0x844ed736, 0x3518152d), + TOBN(0x282f476f, 0xd86e27c7), TOBN(0xa04edaca, 0x04afefdc), + TOBN(0x8b256ebc, 0x6119e34d), TOBN(0x56a413e9, 0x0787d78b), + }, + { + TOBN(0x82ee061d, 0x5a74be50), TOBN(0xe41781c4, 0xdea16ff5), + TOBN(0xe0b0c81e, 0x99bfc8a2), TOBN(0x624f4d69, 0x0b547e2d), + TOBN(0x3a83545d, 0xbdcc9ae4), TOBN(0x2573dbb6, 0x409b1e8e), + TOBN(0x482960c4, 0xa6c93539), TOBN(0xf01059ad, 0x5ae18798), + TOBN(0x715c9f97, 0x3112795f), TOBN(0xe8244437, 0x984e6ee1), + TOBN(0x55cb4858, 0xecb66bcd), TOBN(0x7c136735, 0xabaffbee), + TOBN(0x54661595, 0x5dbec38e), TOBN(0x51c0782c, 0x388ad153), + TOBN(0x9ba4c53a, 0xc6e0952f), TOBN(0x27e6782a, 0x1b21dfa8), + TOBN(0x682f903d, 0x4ed2dbc2), TOBN(0x0eba59c8, 0x7c3b2d83), + TOBN(0x8e9dc84d, 0x9c7e9335), TOBN(0x5f9b21b0, 0x0eb226d7), + TOBN(0xe33bd394, 0xaf267bae), TOBN(0xaa86cc25, 0xbe2e15ae), + TOBN(0x4f0bf67d, 0x6a8ec500), TOBN(0x5846aa44, 0xf9630658), + TOBN(0xfeb09740, 0xe2c2bf15), TOBN(0x627a2205, 0xa9e99704), + TOBN(0xec8d73d0, 0xc2fbc565), TOBN(0x223eed8f, 0xc20c8de8), + TOBN(0x1ee32583, 0xa8363b49), TOBN(0x1a0b6cb9, 0xc9c2b0a6), + TOBN(0x49f7c3d2, 0x90dbc85c), TOBN(0xa8dfbb97, 0x1ef4c1ac), + TOBN(0xafb34d4c, 0x65c7c2ab), TOBN(0x1d4610e7, 0xe2c5ea84), + TOBN(0x893f6d1b, 0x973c4ab5), TOBN(0xa3cdd7e9, 0x945ba5c4), + TOBN(0x60514983, 0x064417ee), TOBN(0x1459b23c, 0xad6bdf2b), + TOBN(0x23b2c341, 0x5cf726c3), TOBN(0x3a829635, 0x32d6354a), + TOBN(0x294f901f, 0xab192c18), TOBN(0xec5fcbfe, 0x7030164f), + TOBN(0xe2e2fcb7, 0xe2246ba6), TOBN(0x1e7c88b3, 0x221a1a0c), + TOBN(0x72c7dd93, 0xc92d88c5), TOBN(0x41c2148e, 0x1106fb59), + TOBN(0x547dd4f5, 0xa0f60f14), TOBN(0xed9b52b2, 0x63960f31), + TOBN(0x6c8349eb, 0xb0a5b358), TOBN(0xb154c5c2, 0x9e7e2ed6), + TOBN(0xcad5eccf, 0xeda462db), TOBN(0xf2d6dbe4, 0x2de66b69), + TOBN(0x426aedf3, 0x8665e5b2), TOBN(0x488a8513, 0x7b7f5723), + TOBN(0x15cc43b3, 0x8bcbb386), TOBN(0x27ad0af3, 0xd791d879), + TOBN(0xc16c236e, 0x846e364f), TOBN(0x7f33527c, 0xdea50ca0), + TOBN(0xc4810775, 0x0926b86d), TOBN(0x6c2a3609, 0x0598e70c), + TOBN(0xa6755e52, 0xf024e924), TOBN(0xe0fa07a4, 0x9db4afca), + TOBN(0x15c3ce7d, 0x66831790), TOBN(0x5b4ef350, 0xa6cbb0d6), + TOBN(0x2c4aafc4, 0xb6205969), TOBN(0x42563f02, 0xf6c7854f), + TOBN(0x016aced5, 0x1d983b48), TOBN(0xfeb356d8, 0x99949755), + TOBN(0x8c2a2c81, 0xd1a39bd7), TOBN(0x8f44340f, 0xe6934ae9), + TOBN(0x148cf91c, 0x447904da), TOBN(0x7340185f, 0x0f51a926), + TOBN(0x2f8f00fb, 0x7409ab46), TOBN(0x057e78e6, 0x80e289b2), + TOBN(0x03e5022c, 0xa888e5d1), TOBN(0x3c87111a, 0x9dede4e2), + TOBN(0x5b9b0e1c, 0x7809460b), TOBN(0xe751c852, 0x71c9abc7), + TOBN(0x8b944e28, 0xc7cc1dc9), TOBN(0x4f201ffa, 0x1d3cfa08), + TOBN(0x02fc905c, 0x3e6721ce), TOBN(0xd52d70da, 0xd0b3674c), + TOBN(0x5dc2e5ca, 0x18810da4), TOBN(0xa984b273, 0x5c69dd99), + TOBN(0x63b92527, 0x84de5ca4), TOBN(0x2f1c9872, 0xc852dec4), + TOBN(0x18b03593, 0xc2e3de09), TOBN(0x19d70b01, 0x9813dc2f), + TOBN(0x42806b2d, 0xa6dc1d29), TOBN(0xd3030009, 0xf871e144), + TOBN(0xa1feb333, 0xaaf49276), TOBN(0xb5583b9e, 0xc70bc04b), + TOBN(0x1db0be78, 0x95695f20), TOBN(0xfc841811, 0x89d012b5), + TOBN(0x6409f272, 0x05f61643), TOBN(0x40d34174, 0xd5883128), + TOBN(0xd79196f5, 0x67419833), TOBN(0x6059e252, 0x863b7b08), + TOBN(0x84da1817, 0x1c56700c), TOBN(0x5758ee56, 0xb28d3ec4), + TOBN(0x7da2771d, 0x013b0ea6), TOBN(0xfddf524b, 0x54c5e9b9), + TOBN(0x7df4faf8, 0x24305d80), TOBN(0x58f5c1bf, 0x3a97763f), + TOBN(0xa5af37f1, 0x7c696042), TOBN(0xd4cba22c, 0x4a2538de), + TOBN(0x211cb995, 0x9ea42600), TOBN(0xcd105f41, 0x7b069889), + TOBN(0xb1e1cf19, 0xddb81e74), TOBN(0x472f2d89, 0x5157b8ca), + TOBN(0x086fb008, 0xee9db885), TOBN(0x365cd570, 0x0f26d131), + TOBN(0x284b02bb, 0xa2be7053), TOBN(0xdcbbf7c6, 0x7ab9a6d6), + TOBN(0x4425559c, 0x20f7a530), TOBN(0x961f2dfa, 0x188767c8), + TOBN(0xe2fd9435, 0x70dc80c4), TOBN(0x104d6b63, 0xf0784120), + TOBN(0x7f592bc1, 0x53567122), TOBN(0xf6bc1246, 0xf688ad77), + TOBN(0x05214c05, 0x0f15dde9), TOBN(0xa47a76a8, 0x0d5f2b82), + TOBN(0xbb254d30, 0x62e82b62), TOBN(0x11a05fe0, 0x3ec955ee), + TOBN(0x7eaff46e, 0x9d529b36), TOBN(0x55ab1301, 0x8f9e3df6), + TOBN(0xc463e371, 0x99317698), TOBN(0xfd251438, 0xccda47ad), + TOBN(0xca9c3547, 0x23d695ea), TOBN(0x48ce626e, 0x16e589b5), + TOBN(0x6b5b64c7, 0xb187d086), TOBN(0xd02e1794, 0xb2207948), + TOBN(0x8b58e98f, 0x7198111d), TOBN(0x90ca6305, 0xdcf9c3cc), + TOBN(0x5691fe72, 0xf34089b0), TOBN(0x60941af1, 0xfc7c80ff), + TOBN(0xa09bc0a2, 0x22eb51e5), TOBN(0xc0bb7244, 0xaa9cf09a), + TOBN(0x36a8077f, 0x80159f06), TOBN(0x8b5c989e, 0xdddc560e), + TOBN(0x19d2f316, 0x512e1f43), TOBN(0x02eac554, 0xad08ff62), + TOBN(0x012ab84c, 0x07d20b4e), TOBN(0x37d1e115, 0xd6d4e4e1), + TOBN(0xb6443e1a, 0xab7b19a8), TOBN(0xf08d067e, 0xdef8cd45), + TOBN(0x63adf3e9, 0x685e03da), TOBN(0xcf15a10e, 0x4792b916), + TOBN(0xf44bcce5, 0xb738a425), TOBN(0xebe131d5, 0x9636b2fd), + TOBN(0x94068841, 0x7850d605), TOBN(0x09684eaa, 0xb40d749d), + TOBN(0x8c3c669c, 0x72ba075b), TOBN(0x89f78b55, 0xba469015), + TOBN(0x5706aade, 0x3e9f8ba8), TOBN(0x6d8bd565, 0xb32d7ed7), + TOBN(0x25f4e63b, 0x805f08d6), TOBN(0x7f48200d, 0xc3bcc1b5), + TOBN(0x4e801968, 0xb025d847), TOBN(0x74afac04, 0x87cbe0a8), + TOBN(0x43ed2c2b, 0x7e63d690), TOBN(0xefb6bbf0, 0x0223cdb8), + TOBN(0x4fec3cae, 0x2884d3fe), TOBN(0x065ecce6, 0xd75e25a4), + TOBN(0x6c2294ce, 0x69f79071), TOBN(0x0d9a8e5f, 0x044b8666), + TOBN(0x5009f238, 0x17b69d8f), TOBN(0x3c29f8fe, 0xc5dfdaf7), + TOBN(0x9067528f, 0xebae68c4), TOBN(0x5b385632, 0x30c5ba21), + TOBN(0x540df119, 0x1fdd1aec), TOBN(0xcf37825b, 0xcfba4c78), + TOBN(0x77eff980, 0xbeb11454), TOBN(0x40a1a991, 0x60c1b066), + TOBN(0xe8018980, 0xf889a1c7), TOBN(0xb9c52ae9, 0x76c24be0), + TOBN(0x05fbbcce, 0x45650ef4), TOBN(0xae000f10, 0x8aa29ac7), + TOBN(0x884b7172, 0x4f04c470), TOBN(0x7cd4fde2, 0x19bb5c25), + TOBN(0x6477b22a, 0xe8840869), TOBN(0xa8868859, 0x5fbd0686), + TOBN(0xf23cc02e, 0x1116dfba), TOBN(0x76cd563f, 0xd87d7776), + TOBN(0xe2a37598, 0xa9d82abf), TOBN(0x5f188ccb, 0xe6c170f5), + TOBN(0x81682200, 0x5066b087), TOBN(0xda22c212, 0xc7155ada), + TOBN(0x151e5d3a, 0xfbddb479), TOBN(0x4b606b84, 0x6d715b99), + TOBN(0x4a73b54b, 0xf997cb2e), TOBN(0x9a1bfe43, 0x3ecd8b66), + TOBN(0x1c312809, 0x2a67d48a), TOBN(0xcd6a671e, 0x031fa9e2), + TOBN(0xbec3312a, 0x0e43a34a), TOBN(0x1d935639, 0x55ef47d3), + TOBN(0x5ea02489, 0x8fea73ea), TOBN(0x8247b364, 0xa035afb2), + TOBN(0xb58300a6, 0x5265b54c), TOBN(0x3286662f, 0x722c7148), + TOBN(0xb77fd76b, 0xb4ec4c20), TOBN(0xf0a12fa7, 0x0f3fe3fd), + TOBN(0xf845bbf5, 0x41d8c7e8), TOBN(0xe4d969ca, 0x5ec10aa8), + TOBN(0x4c0053b7, 0x43e232a3), TOBN(0xdc7a3fac, 0x37f8a45a), + TOBN(0x3c4261c5, 0x20d81c8f), TOBN(0xfd4b3453, 0xb00eab00), + TOBN(0x76d48f86, 0xd36e3062), TOBN(0x626c5277, 0xa143ff02), + TOBN(0x538174de, 0xaf76f42e), TOBN(0x2267aa86, 0x6407ceac), + TOBN(0xfad76351, 0x72e572d5), TOBN(0xab861af7, 0xba7330eb), + TOBN(0xa0a1c8c7, 0x418d8657), TOBN(0x988821cb, 0x20289a52), + TOBN(0x79732522, 0xcccc18ad), TOBN(0xaadf3f8d, 0xf1a6e027), + TOBN(0xf7382c93, 0x17c2354d), TOBN(0x5ce1680c, 0xd818b689), + TOBN(0x359ebbfc, 0xd9ecbee9), TOBN(0x4330689c, 0x1cae62ac), + TOBN(0xb55ce5b4, 0xc51ac38a), TOBN(0x7921dfea, 0xfe238ee8), + TOBN(0x3972bef8, 0x271d1ca5), TOBN(0x3e423bc7, 0xe8aabd18), + TOBN(0x57b09f3f, 0x44a3e5e3), TOBN(0x5da886ae, 0x7b444d66), + TOBN(0x68206634, 0xa9964375), TOBN(0x356a2fa3, 0x699cd0ff), + TOBN(0xaf0faa24, 0xdba515e9), TOBN(0x536e1f5c, 0xb321d79a), + TOBN(0xd3b9913a, 0x5c04e4ea), TOBN(0xd549dcfe, 0xd6f11513), + TOBN(0xee227bf5, 0x79fd1d94), TOBN(0x9f35afee, 0xb43f2c67), + TOBN(0xd2638d24, 0xf1314f53), TOBN(0x62baf948, 0xcabcd822), + TOBN(0x5542de29, 0x4ef48db0), TOBN(0xb3eb6a04, 0xfc5f6bb2), + TOBN(0x23c110ae, 0x1208e16a), TOBN(0x1a4d15b5, 0xf8363e24), + TOBN(0x30716844, 0x164be00b), TOBN(0xa8e24824, 0xf6f4690d), + TOBN(0x548773a2, 0x90b170cf), TOBN(0xa1bef331, 0x42f191f4), + TOBN(0x70f418d0, 0x9247aa97), TOBN(0xea06028e, 0x48be9147), + TOBN(0xe13122f3, 0xdbfb894e), TOBN(0xbe9b79f6, 0xce274b18), + TOBN(0x85a49de5, 0xca58aadf), TOBN(0x24957758, 0x11487351), + TOBN(0x111def61, 0xbb939099), TOBN(0x1d6a974a, 0x26d13694), + TOBN(0x4474b4ce, 0xd3fc253b), TOBN(0x3a1485e6, 0x4c5db15e), + TOBN(0xe79667b4, 0x147c15b4), TOBN(0xe34f553b, 0x7bc61301), + TOBN(0x032b80f8, 0x17094381), TOBN(0x55d8bafd, 0x723eaa21), + TOBN(0x5a987995, 0xf1c0e74e), TOBN(0x5a9b292e, 0xebba289c), + TOBN(0x413cd4b2, 0xeb4c8251), TOBN(0x98b5d243, 0xd162db0a), + TOBN(0xbb47bf66, 0x68342520), TOBN(0x08d68949, 0xbaa862d1), + TOBN(0x11f349c7, 0xe906abcd), TOBN(0x454ce985, 0xed7bf00e), + TOBN(0xacab5c9e, 0xb55b803b), TOBN(0xb03468ea, 0x31e3c16d), + TOBN(0x5c24213d, 0xd273bf12), TOBN(0x211538eb, 0x71587887), + TOBN(0x198e4a2f, 0x731dea2d), TOBN(0xd5856cf2, 0x74ed7b2a), + TOBN(0x86a632eb, 0x13a664fe), TOBN(0x932cd909, 0xbda41291), + TOBN(0x850e95d4, 0xc0c4ddc0), TOBN(0xc0f422f8, 0x347fc2c9), + TOBN(0xe68cbec4, 0x86076bcb), TOBN(0xf9e7c0c0, 0xcd6cd286), + TOBN(0x65994ddb, 0x0f5f27ca), TOBN(0xe85461fb, 0xa80d59ff), + TOBN(0xff05481a, 0x66601023), TOBN(0xc665427a, 0xfc9ebbfb), + TOBN(0xb0571a69, 0x7587fd52), TOBN(0x935289f8, 0x8d49efce), + TOBN(0x61becc60, 0xea420688), TOBN(0xb22639d9, 0x13a786af), + TOBN(0x1a8e6220, 0x361ecf90), TOBN(0x001f23e0, 0x25506463), + TOBN(0xe4ae9b5d, 0x0a5c2b79), TOBN(0xebc9cdad, 0xd8149db5), + TOBN(0xb33164a1, 0x934aa728), TOBN(0x750eb00e, 0xae9b60f3), + TOBN(0x5a91615b, 0x9b9cfbfd), TOBN(0x97015cbf, 0xef45f7f6), + TOBN(0xb462c4a5, 0xbf5151df), TOBN(0x21adcc41, 0xb07118f2), + TOBN(0xd60c545b, 0x043fa42c), TOBN(0xfc21aa54, 0xe96be1ab), + TOBN(0xe84bc32f, 0x4e51ea80), TOBN(0x3dae45f0, 0x259b5d8d), + TOBN(0xbb73c7eb, 0xc38f1b5e), TOBN(0xe405a74a, 0xe8ae617d), + TOBN(0xbb1ae9c6, 0x9f1c56bd), TOBN(0x8c176b98, 0x49f196a4), + TOBN(0xc448f311, 0x6875092b), TOBN(0xb5afe3de, 0x9f976033), + TOBN(0xa8dafd49, 0x145813e5), TOBN(0x687fc4d9, 0xe2b34226), + TOBN(0xf2dfc92d, 0x4c7ff57f), TOBN(0x004e3fc1, 0x401f1b46), + TOBN(0x5afddab6, 0x1430c9ab), TOBN(0x0bdd41d3, 0x2238e997), + TOBN(0xf0947430, 0x418042ae), TOBN(0x71f9adda, 0xcdddc4cb), + TOBN(0x7090c016, 0xc52dd907), TOBN(0xd9bdf44d, 0x29e2047f), + TOBN(0xe6f1fe80, 0x1b1011a6), TOBN(0xb63accbc, 0xd9acdc78), + TOBN(0xcfc7e235, 0x1272a95b), TOBN(0x0c667717, 0xa6276ac8), + TOBN(0x3c0d3709, 0xe2d7eef7), TOBN(0x5add2b06, 0x9a685b3e), + TOBN(0x363ad32d, 0x14ea5d65), TOBN(0xf8e01f06, 0x8d7dd506), + TOBN(0xc9ea2213, 0x75b4aac6), TOBN(0xed2a2bf9, 0x0d353466), + TOBN(0x439d79b5, 0xe9d3a7c3), TOBN(0x8e0ee5a6, 0x81b7f34b), + TOBN(0xcf3dacf5, 0x1dc4ba75), TOBN(0x1d3d1773, 0xeb3310c7), + TOBN(0xa8e67112, 0x7747ae83), TOBN(0x31f43160, 0x197d6b40), + TOBN(0x0521ccee, 0xcd961400), TOBN(0x67246f11, 0xf6535768), + TOBN(0x702fcc5a, 0xef0c3133), TOBN(0x247cc45d, 0x7e16693b), + TOBN(0xfd484e49, 0xc729b749), TOBN(0x522cef7d, 0xb218320f), + TOBN(0xe56ef405, 0x59ab93b3), TOBN(0x225fba11, 0x9f181071), + TOBN(0x33bd6595, 0x15330ed0), TOBN(0xc4be69d5, 0x1ddb32f7), + TOBN(0x264c7668, 0x0448087c), TOBN(0xac30903f, 0x71432dae), + TOBN(0x3851b266, 0x00f9bf47), TOBN(0x400ed311, 0x6cdd6d03), + TOBN(0x045e79fe, 0xf8fd2424), TOBN(0xfdfd974a, 0xfa6da98b), + TOBN(0x45c9f641, 0x0c1e673a), TOBN(0x76f2e733, 0x5b2c5168), + TOBN(0x1adaebb5, 0x2a601753), TOBN(0xb286514c, 0xc57c2d49), + TOBN(0xd8769670, 0x1e0bfd24), TOBN(0x950c547e, 0x04478922), + TOBN(0xd1d41969, 0xe5d32bfe), TOBN(0x30bc1472, 0x750d6c3e), + TOBN(0x8f3679fe, 0xe0e27f3a), TOBN(0x8f64a7dc, 0xa4a6ee0c), + TOBN(0x2fe59937, 0x633dfb1f), TOBN(0xea82c395, 0x977f2547), + TOBN(0xcbdfdf1a, 0x661ea646), TOBN(0xc7ccc591, 0xb9085451), + TOBN(0x82177962, 0x81761e13), TOBN(0xda57596f, 0x9196885c), + TOBN(0xbc17e849, 0x28ffbd70), TOBN(0x1e6e0a41, 0x2671d36f), + TOBN(0x61ae872c, 0x4152fcf5), TOBN(0x441c87b0, 0x9e77e754), + TOBN(0xd0799dd5, 0xa34dff09), TOBN(0x766b4e44, 0x88a6b171), + TOBN(0xdc06a512, 0x11f1c792), TOBN(0xea02ae93, 0x4be35c3e), + TOBN(0xe5ca4d6d, 0xe90c469e), TOBN(0x4df4368e, 0x56e4ff5c), + TOBN(0x7817acab, 0x4baef62e), TOBN(0x9f5a2202, 0xa85b91e8), + TOBN(0x9666ebe6, 0x6ce57610), TOBN(0x32ad31f3, 0xf73bfe03), + TOBN(0x628330a4, 0x25bcf4d6), TOBN(0xea950593, 0x515056e6), + TOBN(0x59811c89, 0xe1332156), TOBN(0xc89cf1fe, 0x8c11b2d7), + TOBN(0x75b63913, 0x04e60cc0), TOBN(0xce811e8d, 0x4625d375), + TOBN(0x030e43fc, 0x2d26e562), TOBN(0xfbb30b4b, 0x608d36a0), + TOBN(0x634ff82c, 0x48528118), TOBN(0x7c6fe085, 0xcd285911), + TOBN(0x7f2830c0, 0x99358f28), TOBN(0x2e60a95e, 0x665e6c09), + TOBN(0x08407d3d, 0x9b785dbf), TOBN(0x530889ab, 0xa759bce7), + TOBN(0xf228e0e6, 0x52f61239), TOBN(0x2b6d1461, 0x6879be3c), + TOBN(0xe6902c04, 0x51a7bbf7), TOBN(0x30ad99f0, 0x76f24a64), + TOBN(0x66d9317a, 0x98bc6da0), TOBN(0xf4f877f3, 0xcb596ac0), + TOBN(0xb05ff62d, 0x4c44f119), TOBN(0x4555f536, 0xe9b77416), + TOBN(0xc7c0d059, 0x8caed63b), TOBN(0x0cd2b7ce, 0xc358b2a9), + TOBN(0x3f33287b, 0x46945fa3), TOBN(0xf8785b20, 0xd67c8791), + TOBN(0xc54a7a61, 0x9637bd08), TOBN(0x54d4598c, 0x18be79d7), + TOBN(0x889e5acb, 0xc46d7ce1), TOBN(0x9a515bb7, 0x8b085877), + TOBN(0xfac1a03d, 0x0b7a5050), TOBN(0x7d3e738a, 0xf2926035), + TOBN(0x861cc2ce, 0x2a6cb0eb), TOBN(0x6f2e2955, 0x8f7adc79), + TOBN(0x61c4d451, 0x33016376), TOBN(0xd9fd2c80, 0x5ad59090), + TOBN(0xe5a83738, 0xb2b836a1), TOBN(0x855b41a0, 0x7c0d6622), + TOBN(0x186fe317, 0x7cc19af1), TOBN(0x6465c1ff, 0xfdd99acb), + TOBN(0x46e5c23f, 0x6974b99e), TOBN(0x75a7cf8b, 0xa2717cbe), + TOBN(0x4d2ebc3f, 0x062be658), TOBN(0x094b4447, 0x5f209c98), + TOBN(0x4af285ed, 0xb940cb5a), TOBN(0x6706d792, 0x7cc82f10), + TOBN(0xc8c8776c, 0x030526fa), TOBN(0xfa8e6f76, 0xa0da9140), + TOBN(0x77ea9d34, 0x591ee4f0), TOBN(0x5f46e337, 0x40274166), + TOBN(0x1bdf98bb, 0xea671457), TOBN(0xd7c08b46, 0x862a1fe2), + TOBN(0x46cc303c, 0x1c08ad63), TOBN(0x99543440, 0x4c845e7b), + TOBN(0x1b8fbdb5, 0x48f36bf7), TOBN(0x5b82c392, 0x8c8273a7), + TOBN(0x08f712c4, 0x928435d5), TOBN(0x071cf0f1, 0x79330380), + TOBN(0xc74c2d24, 0xa8da054a), TOBN(0xcb0e7201, 0x43c46b5c), + TOBN(0x0ad7337a, 0xc0b7eff3), TOBN(0x8552225e, 0xc5e48b3c), + TOBN(0xe6f78b0c, 0x73f13a5f), TOBN(0x5e70062e, 0x82349cbe), + TOBN(0x6b8d5048, 0xe7073969), TOBN(0x392d2a29, 0xc33cb3d2), + TOBN(0xee4f727c, 0x4ecaa20f), TOBN(0xa068c99e, 0x2ccde707), + TOBN(0xfcd5651f, 0xb87a2913), TOBN(0xea3e3c15, 0x3cc252f0), + TOBN(0x777d92df, 0x3b6cd3e4), TOBN(0x7a414143, 0xc5a732e7), + TOBN(0xa895951a, 0xa71ff493), TOBN(0xfe980c92, 0xbbd37cf6), + TOBN(0x45bd5e64, 0xdecfeeff), TOBN(0x910dc2a9, 0xa44c43e9), + TOBN(0xcb403f26, 0xcca9f54d), TOBN(0x928bbdfb, 0x9303f6db), + TOBN(0x3c37951e, 0xa9eee67c), TOBN(0x3bd61a52, 0xf79961c3), + TOBN(0x09a238e6, 0x395c9a79), TOBN(0x6940ca2d, 0x61eb352d), + TOBN(0x7d1e5c5e, 0xc1875631), TOBN(0x1e19742c, 0x1e1b20d1), + TOBN(0x4633d908, 0x23fc2e6e), TOBN(0xa76e29a9, 0x08959149), + TOBN(0x61069d9c, 0x84ed7da5), TOBN(0x0baa11cf, 0x5dbcad51), + TOBN(0xd01eec64, 0x961849da), TOBN(0x93b75f1f, 0xaf3d8c28), + TOBN(0x57bc4f9f, 0x1ca2ee44), TOBN(0x5a26322d, 0x00e00558), + TOBN(0x1888d658, 0x61a023ef), TOBN(0x1d72aab4, 0xb9e5246e), + TOBN(0xa9a26348, 0xe5563ec0), TOBN(0xa0971963, 0xc3439a43), + TOBN(0x567dd54b, 0xadb9b5b7), TOBN(0x73fac1a1, 0xc45a524b), + TOBN(0x8fe97ef7, 0xfe38e608), TOBN(0x608748d2, 0x3f384f48), + TOBN(0xb0571794, 0xc486094f), TOBN(0x869254a3, 0x8bf3a8d6), + TOBN(0x148a8dd1, 0x310b0e25), TOBN(0x99ab9f3f, 0x9aa3f7d8), + TOBN(0x0927c68a, 0x6706c02e), TOBN(0x22b5e76c, 0x69790e6c), + TOBN(0x6c325260, 0x6c71376c), TOBN(0x53a57690, 0x09ef6657), + TOBN(0x8d63f852, 0xedffcf3a), TOBN(0xb4d2ed04, 0x3c0a6f55), + TOBN(0xdb3aa8de, 0x12519b9e), TOBN(0x5d38e9c4, 0x1e0a569a), + TOBN(0x871528bf, 0x303747e2), TOBN(0xa208e77c, 0xf5b5c18d), + TOBN(0x9d129c88, 0xca6bf923), TOBN(0xbcbf197f, 0xbf02839f), + TOBN(0x9b9bf030, 0x27323194), TOBN(0x3b055a8b, 0x339ca59d), + TOBN(0xb46b2312, 0x0f669520), TOBN(0x19789f1f, 0x497e5f24), + TOBN(0x9c499468, 0xaaf01801), TOBN(0x72ee1190, 0x8b69d59c), + TOBN(0x8bd39595, 0xacf4c079), TOBN(0x3ee11ece, 0x8e0cd048), + TOBN(0xebde86ec, 0x1ed66f18), TOBN(0x225d906b, 0xd61fce43), + TOBN(0x5cab07d6, 0xe8bed74d), TOBN(0x16e4617f, 0x27855ab7), + TOBN(0x6568aadd, 0xb2fbc3dd), TOBN(0xedb5484f, 0x8aeddf5b), + TOBN(0x878f20e8, 0x6dcf2fad), TOBN(0x3516497c, 0x615f5699), + }, + { + TOBN(0xef0a3fec, 0xfa181e69), TOBN(0x9ea02f81, 0x30d69a98), + TOBN(0xb2e9cf8e, 0x66eab95d), TOBN(0x520f2beb, 0x24720021), + TOBN(0x621c540a, 0x1df84361), TOBN(0x12037721, 0x71fa6d5d), + TOBN(0x6e3c7b51, 0x0ff5f6ff), TOBN(0x817a069b, 0xabb2bef3), + TOBN(0x83572fb6, 0xb294cda6), TOBN(0x6ce9bf75, 0xb9039f34), + TOBN(0x20e012f0, 0x095cbb21), TOBN(0xa0aecc1b, 0xd063f0da), + TOBN(0x57c21c3a, 0xf02909e5), TOBN(0xc7d59ecf, 0x48ce9cdc), + TOBN(0x2732b844, 0x8ae336f8), TOBN(0x056e3723, 0x3f4f85f4), + TOBN(0x8a10b531, 0x89e800ca), TOBN(0x50fe0c17, 0x145208fd), + TOBN(0x9e43c0d3, 0xb714ba37), TOBN(0x427d200e, 0x34189acc), + TOBN(0x05dee24f, 0xe616e2c0), TOBN(0x9c25f4c8, 0xee1854c1), + TOBN(0x4d3222a5, 0x8f342a73), TOBN(0x0807804f, 0xa027c952), + TOBN(0xc222653a, 0x4f0d56f3), TOBN(0x961e4047, 0xca28b805), + TOBN(0x2c03f8b0, 0x4a73434b), TOBN(0x4c966787, 0xab712a19), + TOBN(0xcc196c42, 0x864fee42), TOBN(0xc1be93da, 0x5b0ece5c), + TOBN(0xa87d9f22, 0xc131c159), TOBN(0x2bb6d593, 0xdce45655), + TOBN(0x22c49ec9, 0xb809b7ce), TOBN(0x8a41486b, 0xe2c72c2c), + TOBN(0x813b9420, 0xfea0bf36), TOBN(0xb3d36ee9, 0xa66dac69), + TOBN(0x6fddc08a, 0x328cc987), TOBN(0x0a3bcd2c, 0x3a326461), + TOBN(0x7103c49d, 0xd810dbba), TOBN(0xf9d81a28, 0x4b78a4c4), + TOBN(0x3de865ad, 0xe4d55941), TOBN(0xdedafa5e, 0x30384087), + TOBN(0x6f414abb, 0x4ef18b9b), TOBN(0x9ee9ea42, 0xfaee5268), + TOBN(0x260faa16, 0x37a55a4a), TOBN(0xeb19a514, 0x015f93b9), + TOBN(0x51d7ebd2, 0x9e9c3598), TOBN(0x523fc56d, 0x1932178e), + TOBN(0x501d070c, 0xb98fe684), TOBN(0xd60fbe9a, 0x124a1458), + TOBN(0xa45761c8, 0x92bc6b3f), TOBN(0xf5384858, 0xfe6f27cb), + TOBN(0x4b0271f7, 0xb59e763b), TOBN(0x3d4606a9, 0x5b5a8e5e), + TOBN(0x1eda5d9b, 0x05a48292), TOBN(0xda7731d0, 0xe6fec446), + TOBN(0xa3e33693, 0x90d45871), TOBN(0xe9764040, 0x06166d8d), + TOBN(0xb5c33682, 0x89a90403), TOBN(0x4bd17983, 0x72f1d637), + TOBN(0xa616679e, 0xd5d2c53a), TOBN(0x5ec4bcd8, 0xfdcf3b87), + TOBN(0xae6d7613, 0xb66a694e), TOBN(0x7460fc76, 0xe3fc27e5), + TOBN(0x70469b82, 0x95caabee), TOBN(0xde024ca5, 0x889501e3), + TOBN(0x6bdadc06, 0x076ed265), TOBN(0x0cb1236b, 0x5a0ef8b2), + TOBN(0x4065ddbf, 0x0972ebf9), TOBN(0xf1dd3875, 0x22aca432), + TOBN(0xa88b97cf, 0x744aff76), TOBN(0xd1359afd, 0xfe8e3d24), + TOBN(0x52a3ba2b, 0x91502cf3), TOBN(0x2c3832a8, 0x084db75d), + TOBN(0x04a12ddd, 0xde30b1c9), TOBN(0x7802eabc, 0xe31fd60c), + TOBN(0x33707327, 0xa37fddab), TOBN(0x65d6f2ab, 0xfaafa973), + TOBN(0x3525c5b8, 0x11e6f91a), TOBN(0x76aeb0c9, 0x5f46530b), + TOBN(0xe8815ff6, 0x2f93a675), TOBN(0xa6ec9684, 0x05f48679), + TOBN(0x6dcbb556, 0x358ae884), TOBN(0x0af61472, 0xe19e3873), + TOBN(0x72334372, 0xa5f696be), TOBN(0xc65e57ea, 0x6f22fb70), + TOBN(0x268da30c, 0x946cea90), TOBN(0x136a8a87, 0x65681b2a), + TOBN(0xad5e81dc, 0x0f9f44d4), TOBN(0xf09a6960, 0x2c46585a), + TOBN(0xd1649164, 0xc447d1b1), TOBN(0x3b4b36c8, 0x879dc8b1), + TOBN(0x20d4177b, 0x3b6b234c), TOBN(0x096a2505, 0x1730d9d0), + TOBN(0x0611b9b8, 0xef80531d), TOBN(0xba904b3b, 0x64bb495d), + TOBN(0x1192d9d4, 0x93a3147a), TOBN(0x9f30a5dc, 0x9a565545), + TOBN(0x90b1f9cb, 0x6ef07212), TOBN(0x29958546, 0x0d87fc13), + TOBN(0xd3323eff, 0xc17db9ba), TOBN(0xcb18548c, 0xcb1644a8), + TOBN(0x18a306d4, 0x4f49ffbc), TOBN(0x28d658f1, 0x4c2e8684), + TOBN(0x44ba60cd, 0xa99f8c71), TOBN(0x67b7abdb, 0x4bf742ff), + TOBN(0x66310f9c, 0x914b3f99), TOBN(0xae430a32, 0xf412c161), + TOBN(0x1e6776d3, 0x88ace52f), TOBN(0x4bc0fa24, 0x52d7067d), + TOBN(0x03c286aa, 0x8f07cd1b), TOBN(0x4cb8f38c, 0xa985b2c1), + TOBN(0x83ccbe80, 0x8c3bff36), TOBN(0x005a0bd2, 0x5263e575), + TOBN(0x460d7dda, 0x259bdcd1), TOBN(0x4a1c5642, 0xfa5cab6b), + TOBN(0x2b7bdbb9, 0x9fe4fc88), TOBN(0x09418e28, 0xcc97bbb5), + TOBN(0xd8274fb4, 0xa12321ae), TOBN(0xb137007d, 0x5c87b64e), + TOBN(0x80531fe1, 0xc63c4962), TOBN(0x50541e89, 0x981fdb25), + TOBN(0xdc1291a1, 0xfd4c2b6b), TOBN(0xc0693a17, 0xa6df4fca), + TOBN(0xb2c4604e, 0x0117f203), TOBN(0x245f1963, 0x0a99b8d0), + TOBN(0xaedc20aa, 0xc6212c44), TOBN(0xb1ed4e56, 0x520f52a8), + TOBN(0xfe48f575, 0xf8547be3), TOBN(0x0a7033cd, 0xa9e45f98), + TOBN(0x4b45d3a9, 0x18c50100), TOBN(0xb2a6cd6a, 0xa61d41da), + TOBN(0x60bbb4f5, 0x57933c6b), TOBN(0xa7538ebd, 0x2b0d7ffc), + TOBN(0x9ea3ab8d, 0x8cd626b6), TOBN(0x8273a484, 0x3601625a), + TOBN(0x88859845, 0x0168e508), TOBN(0x8cbc9bb2, 0x99a94abd), + TOBN(0x713ac792, 0xfab0a671), TOBN(0xa3995b19, 0x6c9ebffc), + TOBN(0xe711668e, 0x1239e152), TOBN(0x56892558, 0xbbb8dff4), + TOBN(0x8bfc7dab, 0xdbf17963), TOBN(0x5b59fe5a, 0xb3de1253), + TOBN(0x7e3320eb, 0x34a9f7ae), TOBN(0xe5e8cf72, 0xd751efe4), + TOBN(0x7ea003bc, 0xd9be2f37), TOBN(0xc0f551a0, 0xb6c08ef7), + TOBN(0x56606268, 0x038f6725), TOBN(0x1dd38e35, 0x6d92d3b6), + TOBN(0x07dfce7c, 0xc3cbd686), TOBN(0x4e549e04, 0x651c5da8), + TOBN(0x4058f93b, 0x08b19340), TOBN(0xc2fae6f4, 0xcac6d89d), + TOBN(0x4bad8a8c, 0x8f159cc7), TOBN(0x0ddba4b3, 0xcb0b601c), + TOBN(0xda4fc7b5, 0x1dd95f8c), TOBN(0x1d163cd7, 0xcea5c255), + TOBN(0x30707d06, 0x274a8c4c), TOBN(0x79d9e008, 0x2802e9ce), + TOBN(0x02a29ebf, 0xe6ddd505), TOBN(0x37064e74, 0xb50bed1a), + TOBN(0x3f6bae65, 0xa7327d57), TOBN(0x3846f5f1, 0xf83920bc), + TOBN(0x87c37491, 0x60df1b9b), TOBN(0x4cfb2895, 0x2d1da29f), + TOBN(0x10a478ca, 0x4ed1743c), TOBN(0x390c6030, 0x3edd47c6), + TOBN(0x8f3e5312, 0x8c0a78de), TOBN(0xccd02bda, 0x1e85df70), + TOBN(0xd6c75c03, 0xa61b6582), TOBN(0x0762921c, 0xfc0eebd1), + TOBN(0xd34d0823, 0xd85010c0), TOBN(0xd73aaacb, 0x0044cf1f), + TOBN(0xfb4159bb, 0xa3b5e78a), TOBN(0x2287c7f7, 0xe5826f3f), + TOBN(0x4aeaf742, 0x580b1a01), TOBN(0xf080415d, 0x60423b79), + TOBN(0xe12622cd, 0xa7dea144), TOBN(0x49ea4996, 0x59d62472), + TOBN(0xb42991ef, 0x571f3913), TOBN(0x0610f214, 0xf5b25a8a), + TOBN(0x47adc585, 0x30b79e8f), TOBN(0xf90e3df6, 0x07a065a2), + TOBN(0x5d0a5deb, 0x43e2e034), TOBN(0x53fb5a34, 0x444024aa), + TOBN(0xa8628c68, 0x6b0c9f7f), TOBN(0x9c69c29c, 0xac563656), + TOBN(0x5a231feb, 0xbace47b6), TOBN(0xbdce0289, 0x9ea5a2ec), + TOBN(0x05da1fac, 0x9463853e), TOBN(0x96812c52, 0x509e78aa), + TOBN(0xd3fb5771, 0x57151692), TOBN(0xeb2721f8, 0xd98e1c44), + TOBN(0xc0506087, 0x32399be1), TOBN(0xda5a5511, 0xd979d8b8), + TOBN(0x737ed55d, 0xc6f56780), TOBN(0xe20d3004, 0x0dc7a7f4), + TOBN(0x02ce7301, 0xf5941a03), TOBN(0x91ef5215, 0xed30f83a), + TOBN(0x28727fc1, 0x4092d85f), TOBN(0x72d223c6, 0x5c49e41a), + TOBN(0xa7cf30a2, 0xba6a4d81), TOBN(0x7c086209, 0xb030d87d), + TOBN(0x04844c7d, 0xfc588b09), TOBN(0x728cd499, 0x5874bbb0), + TOBN(0xcc1281ee, 0xe84c0495), TOBN(0x0769b5ba, 0xec31958f), + TOBN(0x665c228b, 0xf99c2471), TOBN(0xf2d8a11b, 0x191eb110), + TOBN(0x4594f494, 0xd36d7024), TOBN(0x482ded8b, 0xcdcb25a1), + TOBN(0xc958a9d8, 0xdadd4885), TOBN(0x7004477e, 0xf1d2b547), + TOBN(0x0a45f6ef, 0x2a0af550), TOBN(0x4fc739d6, 0x2f8d6351), + TOBN(0x75cdaf27, 0x786f08a9), TOBN(0x8700bb26, 0x42c2737f), + TOBN(0x855a7141, 0x1c4e2670), TOBN(0x810188c1, 0x15076fef), + TOBN(0xc251d0c9, 0xabcd3297), TOBN(0xae4c8967, 0xf48108eb), + TOBN(0xbd146de7, 0x18ceed30), TOBN(0xf9d4f07a, 0xc986bced), + TOBN(0x5ad98ed5, 0x83fa1e08), TOBN(0x7780d33e, 0xbeabd1fb), + TOBN(0xe330513c, 0x903b1196), TOBN(0xba11de9e, 0xa47bc8c4), + TOBN(0x684334da, 0x02c2d064), TOBN(0x7ecf360d, 0xa48de23b), + TOBN(0x57a1b474, 0x0a9089d8), TOBN(0xf28fa439, 0xff36734c), + TOBN(0xf2a482cb, 0xea4570b3), TOBN(0xee65d68b, 0xa5ebcee9), + TOBN(0x988d0036, 0xb9694cd5), TOBN(0x53edd0e9, 0x37885d32), + TOBN(0xe37e3307, 0xbeb9bc6d), TOBN(0xe9abb907, 0x9f5c6768), + TOBN(0x4396ccd5, 0x51f2160f), TOBN(0x2500888c, 0x47336da6), + TOBN(0x383f9ed9, 0x926fce43), TOBN(0x809dd1c7, 0x04da2930), + TOBN(0x30f6f596, 0x8a4cb227), TOBN(0x0d700c7f, 0x73a56b38), + TOBN(0x1825ea33, 0xab64a065), TOBN(0xaab9b735, 0x1338df80), + TOBN(0x1516100d, 0x9b63f57f), TOBN(0x2574395a, 0x27a6a634), + TOBN(0xb5560fb6, 0x700a1acd), TOBN(0xe823fd73, 0xfd999681), + TOBN(0xda915d1f, 0x6cb4e1ba), TOBN(0x0d030118, 0x6ebe00a3), + TOBN(0x744fb0c9, 0x89fca8cd), TOBN(0x970d01db, 0xf9da0e0b), + TOBN(0x0ad8c564, 0x7931d76f), TOBN(0xb15737bf, 0xf659b96a), + TOBN(0xdc9933e8, 0xa8b484e7), TOBN(0xb2fdbdf9, 0x7a26dec7), + TOBN(0x2349e9a4, 0x9f1f0136), TOBN(0x7860368e, 0x70fddddb), + TOBN(0xd93d2c1c, 0xf9ad3e18), TOBN(0x6d6c5f17, 0x689f4e79), + TOBN(0x7a544d91, 0xb24ff1b6), TOBN(0x3e12a5eb, 0xfe16cd8c), + TOBN(0x543574e9, 0xa56b872f), TOBN(0xa1ad550c, 0xfcf68ea2), + TOBN(0x689e37d2, 0x3f560ef7), TOBN(0x8c54b9ca, 0xc9d47a8b), + TOBN(0x46d40a4a, 0x088ac342), TOBN(0xec450c7c, 0x1576c6d0), + TOBN(0xb589e31c, 0x1f9689e9), TOBN(0xdacf2602, 0xb8781718), + TOBN(0xa89237c6, 0xc8cb6b42), TOBN(0x1326fc93, 0xb96ef381), + TOBN(0x55d56c6d, 0xb5f07825), TOBN(0xacba2eea, 0x7449e22d), + TOBN(0x74e0887a, 0x633c3000), TOBN(0xcb6cd172, 0xd7cbcf71), + TOBN(0x309e81de, 0xc36cf1be), TOBN(0x07a18a6d, 0x60ae399b), + TOBN(0xb36c2679, 0x9edce57e), TOBN(0x52b892f4, 0xdf001d41), + TOBN(0xd884ae5d, 0x16a1f2c6), TOBN(0x9b329424, 0xefcc370a), + TOBN(0x3120daf2, 0xbd2e21df), TOBN(0x55298d2d, 0x02470a99), + TOBN(0x0b78af6c, 0xa05db32e), TOBN(0x5c76a331, 0x601f5636), + TOBN(0xaae861ff, 0xf8a4f29c), TOBN(0x70dc9240, 0xd68f8d49), + TOBN(0x960e649f, 0x81b1321c), TOBN(0x3d2c801b, 0x8792e4ce), + TOBN(0xf479f772, 0x42521876), TOBN(0x0bed93bc, 0x416c79b1), + TOBN(0xa67fbc05, 0x263e5bc9), TOBN(0x01e8e630, 0x521db049), + TOBN(0x76f26738, 0xc6f3431e), TOBN(0xe609cb02, 0xe3267541), + TOBN(0xb10cff2d, 0x818c877c), TOBN(0x1f0e75ce, 0x786a13cb), + TOBN(0xf4fdca64, 0x1158544d), TOBN(0x5d777e89, 0x6cb71ed0), + TOBN(0x3c233737, 0xa9aa4755), TOBN(0x7b453192, 0xe527ab40), + TOBN(0xdb59f688, 0x39f05ffe), TOBN(0x8f4f4be0, 0x6d82574e), + TOBN(0xcce3450c, 0xee292d1b), TOBN(0xaa448a12, 0x61ccd086), + TOBN(0xabce91b3, 0xf7914967), TOBN(0x4537f09b, 0x1908a5ed), + TOBN(0xa812421e, 0xf51042e7), TOBN(0xfaf5cebc, 0xec0b3a34), + TOBN(0x730ffd87, 0x4ca6b39a), TOBN(0x70fb72ed, 0x02efd342), + TOBN(0xeb4735f9, 0xd75c8edb), TOBN(0xc11f2157, 0xc278aa51), + TOBN(0xc459f635, 0xbf3bfebf), TOBN(0x3a1ff0b4, 0x6bd9601f), + TOBN(0xc9d12823, 0xc420cb73), TOBN(0x3e9af3e2, 0x3c2915a3), + TOBN(0xe0c82c72, 0xb41c3440), TOBN(0x175239e5, 0xe3039a5f), + TOBN(0xe1084b8a, 0x558795a3), TOBN(0x328d0a1d, 0xd01e5c60), + TOBN(0x0a495f2e, 0xd3788a04), TOBN(0x25d8ff16, 0x66c11a9f), + TOBN(0xf5155f05, 0x9ed692d6), TOBN(0x954fa107, 0x4f425fe4), + TOBN(0xd16aabf2, 0xe98aaa99), TOBN(0x90cd8ba0, 0x96b0f88a), + TOBN(0x957f4782, 0xc154026a), TOBN(0x54ee0734, 0x52af56d2), + TOBN(0xbcf89e54, 0x45b4147a), TOBN(0x3d102f21, 0x9a52816c), + TOBN(0x6808517e, 0x39b62e77), TOBN(0x92e25421, 0x69169ad8), + TOBN(0xd721d871, 0xbb608558), TOBN(0x60e4ebae, 0xf6d4ff9b), + TOBN(0x0ba10819, 0x41f2763e), TOBN(0xca2e45be, 0x51ee3247), + TOBN(0x66d172ec, 0x2bfd7a5f), TOBN(0x528a8f2f, 0x74d0b12d), + TOBN(0xe17f1e38, 0xdabe70dc), TOBN(0x1d5d7316, 0x9f93983c), + TOBN(0x51b2184a, 0xdf423e31), TOBN(0xcb417291, 0xaedb1a10), + TOBN(0x2054ca93, 0x625bcab9), TOBN(0x54396860, 0xa98998f0), + TOBN(0x4e53f6c4, 0xa54ae57e), TOBN(0x0ffeb590, 0xee648e9d), + TOBN(0xfbbdaadc, 0x6afaf6bc), TOBN(0xf88ae796, 0xaa3bfb8a), + TOBN(0x209f1d44, 0xd2359ed9), TOBN(0xac68dd03, 0xf3544ce2), + TOBN(0xf378da47, 0xfd51e569), TOBN(0xe1abd860, 0x2cc80097), + TOBN(0x23ca18d9, 0x343b6e3a), TOBN(0x480797e8, 0xb40a1bae), + TOBN(0xd1f0c717, 0x533f3e67), TOBN(0x44896970, 0x06e6cdfc), + TOBN(0x8ca21055, 0x52a82e8d), TOBN(0xb2caf785, 0x78460cdc), + TOBN(0x4c1b7b62, 0xe9037178), TOBN(0xefc09d2c, 0xdb514b58), + TOBN(0x5f2df9ee, 0x9113be5c), TOBN(0x2fbda78f, 0xb3f9271c), + TOBN(0xe09a81af, 0x8f83fc54), TOBN(0x06b13866, 0x8afb5141), + TOBN(0x38f6480f, 0x43e3865d), TOBN(0x72dd77a8, 0x1ddf47d9), + TOBN(0xf2a8e971, 0x4c205ff7), TOBN(0x46d449d8, 0x9d088ad8), + TOBN(0x926619ea, 0x185d706f), TOBN(0xe47e02eb, 0xc7dd7f62), + TOBN(0xe7f120a7, 0x8cbc2031), TOBN(0xc18bef00, 0x998d4ac9), + TOBN(0x18f37a9c, 0x6bdf22da), TOBN(0xefbc432f, 0x90dc82df), + TOBN(0xc52cef8e, 0x5d703651), TOBN(0x82887ba0, 0xd99881a5), + TOBN(0x7cec9dda, 0xb920ec1d), TOBN(0xd0d7e8c3, 0xec3e8d3b), + TOBN(0x445bc395, 0x4ca88747), TOBN(0xedeaa2e0, 0x9fd53535), + TOBN(0x461b1d93, 0x6cc87475), TOBN(0xd92a52e2, 0x6d2383bd), + TOBN(0xfabccb59, 0xd7903546), TOBN(0x6111a761, 0x3d14b112), + TOBN(0x0ae584fe, 0xb3d5f612), TOBN(0x5ea69b8d, 0x60e828ec), + TOBN(0x6c078985, 0x54087030), TOBN(0x649cab04, 0xac4821fe), + TOBN(0x25ecedcf, 0x8bdce214), TOBN(0xb5622f72, 0x86af7361), + TOBN(0x0e1227aa, 0x7038b9e2), TOBN(0xd0efb273, 0xac20fa77), + TOBN(0x817ff88b, 0x79df975b), TOBN(0x856bf286, 0x1999503e), + TOBN(0xb4d5351f, 0x5038ec46), TOBN(0x740a52c5, 0xfc42af6e), + TOBN(0x2e38bb15, 0x2cbb1a3f), TOBN(0xc3eb99fe, 0x17a83429), + TOBN(0xca4fcbf1, 0xdd66bb74), TOBN(0x880784d6, 0xcde5e8fc), + TOBN(0xddc84c1c, 0xb4e7a0be), TOBN(0x8780510d, 0xbd15a72f), + TOBN(0x44bcf1af, 0x81ec30e1), TOBN(0x141e50a8, 0x0a61073e), + TOBN(0x0d955718, 0x47be87ae), TOBN(0x68a61417, 0xf76a4372), + TOBN(0xf57e7e87, 0xc607c3d3), TOBN(0x043afaf8, 0x5252f332), + TOBN(0xcc14e121, 0x1552a4d2), TOBN(0xb6dee692, 0xbb4d4ab4), + TOBN(0xb6ab74c8, 0xa03816a4), TOBN(0x84001ae4, 0x6f394a29), + TOBN(0x5bed8344, 0xd795fb45), TOBN(0x57326e7d, 0xb79f55a5), + TOBN(0xc9533ce0, 0x4accdffc), TOBN(0x53473caf, 0x3993fa04), + TOBN(0x7906eb93, 0xa13df4c8), TOBN(0xa73e51f6, 0x97cbe46f), + TOBN(0xd1ab3ae1, 0x0ae4ccf8), TOBN(0x25614508, 0x8a5b3dbc), + TOBN(0x61eff962, 0x11a71b27), TOBN(0xdf71412b, 0x6bb7fa39), + TOBN(0xb31ba6b8, 0x2bd7f3ef), TOBN(0xb0b9c415, 0x69180d29), + TOBN(0xeec14552, 0x014cdde5), TOBN(0x702c624b, 0x227b4bbb), + TOBN(0x2b15e8c2, 0xd3e988f3), TOBN(0xee3bcc6d, 0xa4f7fd04), + TOBN(0x9d00822a, 0x42ac6c85), TOBN(0x2db0cea6, 0x1df9f2b7), + TOBN(0xd7cad2ab, 0x42de1e58), TOBN(0x346ed526, 0x2d6fbb61), + TOBN(0xb3962995, 0x1a2faf09), TOBN(0x2fa8a580, 0x7c25612e), + TOBN(0x30ae04da, 0x7cf56490), TOBN(0x75662908, 0x0eea3961), + TOBN(0x3609f5c5, 0x3d080847), TOBN(0xcb081d39, 0x5241d4f6), + TOBN(0xb4fb3810, 0x77961a63), TOBN(0xc20c5984, 0x2abb66fc), + TOBN(0x3d40aa7c, 0xf902f245), TOBN(0x9cb12736, 0x4e536b1e), + TOBN(0x5eda24da, 0x99b3134f), TOBN(0xafbd9c69, 0x5cd011af), + TOBN(0x9a16e30a, 0xc7088c7d), TOBN(0x5ab65710, 0x3207389f), + TOBN(0x1b09547f, 0xe7407a53), TOBN(0x2322f9d7, 0x4fdc6eab), + TOBN(0xc0f2f22d, 0x7430de4d), TOBN(0x19382696, 0xe68ca9a9), + TOBN(0x17f1eff1, 0x918e5868), TOBN(0xe3b5b635, 0x586f4204), + TOBN(0x146ef980, 0x3fbc4341), TOBN(0x359f2c80, 0x5b5eed4e), + TOBN(0x9f35744e, 0x7482e41d), TOBN(0x9a9ac3ec, 0xf3b224c2), + TOBN(0x9161a6fe, 0x91fc50ae), TOBN(0x89ccc66b, 0xc613fa7c), + TOBN(0x89268b14, 0xc732f15a), TOBN(0x7cd6f4e2, 0xb467ed03), + TOBN(0xfbf79869, 0xce56b40e), TOBN(0xf93e094c, 0xc02dde98), + TOBN(0xefe0c3a8, 0xedee2cd7), TOBN(0x90f3ffc0, 0xb268fd42), + TOBN(0x81a7fd56, 0x08241aed), TOBN(0x95ab7ad8, 0x00b1afe8), + TOBN(0x40127056, 0x3e310d52), TOBN(0xd3ffdeb1, 0x09d9fc43), + TOBN(0xc8f85c91, 0xd11a8594), TOBN(0x2e74d258, 0x31cf6db8), + TOBN(0x829c7ca3, 0x02b5dfd0), TOBN(0xe389cfbe, 0x69143c86), + TOBN(0xd01b6405, 0x941768d8), TOBN(0x45103995, 0x03bf825d), + TOBN(0xcc4ee166, 0x56cd17e2), TOBN(0xbea3c283, 0xba037e79), + TOBN(0x4e1ac06e, 0xd9a47520), TOBN(0xfbfe18aa, 0xaf852404), + TOBN(0x5615f8e2, 0x8087648a), TOBN(0x7301e47e, 0xb9d150d9), + TOBN(0x79f9f9dd, 0xb299b977), TOBN(0x76697a7b, 0xa5b78314), + TOBN(0x10d67468, 0x7d7c90e7), TOBN(0x7afffe03, 0x937210b5), + TOBN(0x5aef3e4b, 0x28c22cee), TOBN(0xefb0ecd8, 0x09fd55ae), + TOBN(0x4cea7132, 0x0d2a5d6a), TOBN(0x9cfb5fa1, 0x01db6357), + TOBN(0x395e0b57, 0xf36e1ac5), TOBN(0x008fa9ad, 0x36cafb7d), + TOBN(0x8f6cdf70, 0x5308c4db), TOBN(0x51527a37, 0x95ed2477), + TOBN(0xba0dee30, 0x5bd21311), TOBN(0x6ed41b22, 0x909c90d7), + TOBN(0xc5f6b758, 0x7c8696d3), TOBN(0x0db8eaa8, 0x3ce83a80), + TOBN(0xd297fe37, 0xb24b4b6f), TOBN(0xfe58afe8, 0x522d1f0d), + TOBN(0x97358736, 0x8c98dbd9), TOBN(0x6bc226ca, 0x9454a527), + TOBN(0xa12b384e, 0xce53c2d0), TOBN(0x779d897d, 0x5e4606da), + TOBN(0xa53e47b0, 0x73ec12b0), TOBN(0x462dbbba, 0x5756f1ad), + TOBN(0x69fe09f2, 0xcafe37b6), TOBN(0x273d1ebf, 0xecce2e17), + TOBN(0x8ac1d538, 0x3cf607fd), TOBN(0x8035f7ff, 0x12e10c25), + }, + { + TOBN(0x854d34c7, 0x7e6c5520), TOBN(0xc27df9ef, 0xdcb9ea58), + TOBN(0x405f2369, 0xd686666d), TOBN(0x29d1febf, 0x0417aa85), + TOBN(0x9846819e, 0x93470afe), TOBN(0x3e6a9669, 0xe2a27f9e), + TOBN(0x24d008a2, 0xe31e6504), TOBN(0xdba7cecf, 0x9cb7680a), + TOBN(0xecaff541, 0x338d6e43), TOBN(0x56f7dd73, 0x4541d5cc), + TOBN(0xb5d426de, 0x96bc88ca), TOBN(0x48d94f6b, 0x9ed3a2c3), + TOBN(0x6354a3bb, 0x2ef8279c), TOBN(0xd575465b, 0x0b1867f2), + TOBN(0xef99b0ff, 0x95225151), TOBN(0xf3e19d88, 0xf94500d8), + TOBN(0x92a83268, 0xe32dd620), TOBN(0x913ec99f, 0x627849a2), + TOBN(0xedd8fdfa, 0x2c378882), TOBN(0xaf96f33e, 0xee6f8cfe), + TOBN(0xc06737e5, 0xdc3fa8a5), TOBN(0x236bb531, 0xb0b03a1d), + TOBN(0x33e59f29, 0x89f037b0), TOBN(0x13f9b5a7, 0xd9a12a53), + TOBN(0x0d0df6ce, 0x51efb310), TOBN(0xcb5b2eb4, 0x958df5be), + TOBN(0xd6459e29, 0x36158e59), TOBN(0x82aae2b9, 0x1466e336), + TOBN(0xfb658a39, 0x411aa636), TOBN(0x7152ecc5, 0xd4c0a933), + TOBN(0xf10c758a, 0x49f026b7), TOBN(0xf4837f97, 0xcb09311f), + TOBN(0xddfb02c4, 0xc753c45f), TOBN(0x18ca81b6, 0xf9c840fe), + TOBN(0x846fd09a, 0xb0f8a3e6), TOBN(0xb1162add, 0xe7733dbc), + TOBN(0x7070ad20, 0x236e3ab6), TOBN(0xf88cdaf5, 0xb2a56326), + TOBN(0x05fc8719, 0x997cbc7a), TOBN(0x442cd452, 0x4b665272), + TOBN(0x7807f364, 0xb71698f5), TOBN(0x6ba418d2, 0x9f7b605e), + TOBN(0xfd20b00f, 0xa03b2cbb), TOBN(0x883eca37, 0xda54386f), + TOBN(0xff0be43f, 0xf3437f24), TOBN(0xe910b432, 0xa48bb33c), + TOBN(0x4963a128, 0x329df765), TOBN(0xac1dd556, 0xbe2fe6f7), + TOBN(0x557610f9, 0x24a0a3fc), TOBN(0x38e17bf4, 0xe881c3f9), + TOBN(0x6ba84faf, 0xed0dac99), TOBN(0xd4a222c3, 0x59eeb918), + TOBN(0xc79c1dbe, 0x13f542b6), TOBN(0x1fc65e0d, 0xe425d457), + TOBN(0xeffb754f, 0x1debb779), TOBN(0x638d8fd0, 0x9e08af60), + TOBN(0x994f523a, 0x626332d5), TOBN(0x7bc38833, 0x5561bb44), + TOBN(0x005ed4b0, 0x3d845ea2), TOBN(0xd39d3ee1, 0xc2a1f08a), + TOBN(0x6561fdd3, 0xe7676b0d), TOBN(0x620e35ff, 0xfb706017), + TOBN(0x36ce424f, 0xf264f9a8), TOBN(0xc4c3419f, 0xda2681f7), + TOBN(0xfb6afd2f, 0x69beb6e8), TOBN(0x3a50b993, 0x6d700d03), + TOBN(0xc840b2ad, 0x0c83a14f), TOBN(0x573207be, 0x54085bef), + TOBN(0x5af882e3, 0x09fe7e5b), TOBN(0x957678a4, 0x3b40a7e1), + TOBN(0x172d4bdd, 0x543056e2), TOBN(0x9c1b26b4, 0x0df13c0a), + TOBN(0x1c30861c, 0xf405ff06), TOBN(0xebac86bd, 0x486e828b), + TOBN(0xe791a971, 0x636933fc), TOBN(0x50e7c2be, 0x7aeee947), + TOBN(0xc3d4a095, 0xfa90d767), TOBN(0xae60eb7b, 0xe670ab7b), + TOBN(0x17633a64, 0x397b056d), TOBN(0x93a21f33, 0x105012aa), + TOBN(0x663c370b, 0xabb88643), TOBN(0x91df36d7, 0x22e21599), + TOBN(0x183ba835, 0x8b761671), TOBN(0x381eea1d, 0x728f3bf1), + TOBN(0xb9b2f1ba, 0x39966e6c), TOBN(0x7c464a28, 0xe7295492), + TOBN(0x0fd5f70a, 0x09b26b7f), TOBN(0xa9aba1f9, 0xfbe009df), + TOBN(0x857c1f22, 0x369b87ad), TOBN(0x3c00e5d9, 0x32fca556), + TOBN(0x1ad74cab, 0x90b06466), TOBN(0xa7112386, 0x550faaf2), + TOBN(0x7435e198, 0x6d9bd5f5), TOBN(0x2dcc7e38, 0x59c3463f), + TOBN(0xdc7df748, 0xca7bd4b2), TOBN(0x13cd4c08, 0x9dec2f31), + TOBN(0x0d3b5df8, 0xe3237710), TOBN(0x0dadb26e, 0xcbd2f7b0), + TOBN(0x9f5966ab, 0xe4aa082b), TOBN(0x666ec8de, 0x350e966e), + TOBN(0x1bfd1ed5, 0xee524216), TOBN(0xcd93c59b, 0x41dab0b6), + TOBN(0x658a8435, 0xd186d6ba), TOBN(0x1b7d34d2, 0x159d1195), + TOBN(0x5936e460, 0x22caf46b), TOBN(0x6a45dd8f, 0x9a96fe4f), + TOBN(0xf7925434, 0xb98f474e), TOBN(0x41410412, 0x0053ef15), + TOBN(0x71cf8d12, 0x41de97bf), TOBN(0xb8547b61, 0xbd80bef4), + TOBN(0xb47d3970, 0xc4db0037), TOBN(0xf1bcd328, 0xfef20dff), + TOBN(0x31a92e09, 0x10caad67), TOBN(0x1f591960, 0x5531a1e1), + TOBN(0x3bb852e0, 0x5f4fc840), TOBN(0x63e297ca, 0x93a72c6c), + TOBN(0x3c2b0b2e, 0x49abad67), TOBN(0x6ec405fc, 0xed3db0d9), + TOBN(0xdc14a530, 0x7fef1d40), TOBN(0xccd19846, 0x280896fc), + TOBN(0x00f83176, 0x9bb81648), TOBN(0xd69eb485, 0x653120d0), + TOBN(0xd17d75f4, 0x4ccabc62), TOBN(0x34a07f82, 0xb749fcb1), + TOBN(0x2c3af787, 0xbbfb5554), TOBN(0xb06ed4d0, 0x62e283f8), + TOBN(0x5722889f, 0xa19213a0), TOBN(0x162b085e, 0xdcf3c7b4), + TOBN(0xbcaecb31, 0xe0dd3eca), TOBN(0xc6237fbc, 0xe52f13a5), + TOBN(0xcc2b6b03, 0x27bac297), TOBN(0x2ae1cac5, 0xb917f54a), + TOBN(0x474807d4, 0x7845ae4f), TOBN(0xfec7dd92, 0xce5972e0), + TOBN(0xc3bd2541, 0x1d7915bb), TOBN(0x66f85dc4, 0xd94907ca), + TOBN(0xd981b888, 0xbdbcf0ca), TOBN(0xd75f5da6, 0xdf279e9f), + TOBN(0x128bbf24, 0x7054e934), TOBN(0x3c6ff6e5, 0x81db134b), + TOBN(0x795b7cf4, 0x047d26e4), TOBN(0xf370f7b8, 0x5049ec37), + TOBN(0xc6712d4d, 0xced945af), TOBN(0xdf30b5ec, 0x095642bc), + TOBN(0x9b034c62, 0x4896246e), TOBN(0x5652c016, 0xee90bbd1), + TOBN(0xeb38636f, 0x87fedb73), TOBN(0x5e32f847, 0x0135a613), + TOBN(0x0703b312, 0xcf933c83), TOBN(0xd05bb76e, 0x1a7f47e6), + TOBN(0x825e4f0c, 0x949c2415), TOBN(0x569e5622, 0x7250d6f8), + TOBN(0xbbe9eb3a, 0x6568013e), TOBN(0x8dbd203f, 0x22f243fc), + TOBN(0x9dbd7694, 0xb342734a), TOBN(0x8f6d12f8, 0x46afa984), + TOBN(0xb98610a2, 0xc9eade29), TOBN(0xbab4f323, 0x47dd0f18), + TOBN(0x5779737b, 0x671c0d46), TOBN(0x10b6a7c6, 0xd3e0a42a), + TOBN(0xfb19ddf3, 0x3035b41c), TOBN(0xd336343f, 0x99c45895), + TOBN(0x61fe4938, 0x54c857e5), TOBN(0xc4d506be, 0xae4e57d5), + TOBN(0x3cd8c8cb, 0xbbc33f75), TOBN(0x7281f08a, 0x9262c77d), + TOBN(0x083f4ea6, 0xf11a2823), TOBN(0x8895041e, 0x9fba2e33), + TOBN(0xfcdfea49, 0x9c438edf), TOBN(0x7678dcc3, 0x91edba44), + TOBN(0xf07b3b87, 0xe2ba50f0), TOBN(0xc13888ef, 0x43948c1b), + TOBN(0xc2135ad4, 0x1140af42), TOBN(0x8e5104f3, 0x926ed1a7), + TOBN(0xf24430cb, 0x88f6695f), TOBN(0x0ce0637b, 0x6d73c120), + TOBN(0xb2db01e6, 0xfe631e8f), TOBN(0x1c5563d7, 0xd7bdd24b), + TOBN(0x8daea3ba, 0x369ad44f), TOBN(0x000c81b6, 0x8187a9f9), + TOBN(0x5f48a951, 0xaae1fd9a), TOBN(0xe35626c7, 0x8d5aed8a), + TOBN(0x20952763, 0x0498c622), TOBN(0x76d17634, 0x773aa504), + TOBN(0x36d90dda, 0xeb300f7a), TOBN(0x9dcf7dfc, 0xedb5e801), + TOBN(0x645cb268, 0x74d5244c), TOBN(0xa127ee79, 0x348e3aa2), + TOBN(0x488acc53, 0x575f1dbb), TOBN(0x95037e85, 0x80e6161e), + TOBN(0x57e59283, 0x292650d0), TOBN(0xabe67d99, 0x14938216), + TOBN(0x3c7f944b, 0x3f8e1065), TOBN(0xed908cb6, 0x330e8924), + TOBN(0x08ee8fd5, 0x6f530136), TOBN(0x2227b7d5, 0xd7ffc169), + TOBN(0x4f55c893, 0xb5cd6dd5), TOBN(0x82225e11, 0xa62796e8), + TOBN(0x5c6cead1, 0xcb18e12c), TOBN(0x4381ae0c, 0x84f5a51a), + TOBN(0x345913d3, 0x7fafa4c8), TOBN(0x3d918082, 0x0491aac0), + TOBN(0x9347871f, 0x3e69264c), TOBN(0xbea9dd3c, 0xb4f4f0cd), + TOBN(0xbda5d067, 0x3eadd3e7), TOBN(0x0033c1b8, 0x0573bcd8), + TOBN(0x25589379, 0x5da2486c), TOBN(0xcb89ee5b, 0x86abbee7), + TOBN(0x8fe0a8f3, 0x22532e5d), TOBN(0xb6410ff0, 0x727dfc4c), + TOBN(0x619b9d58, 0x226726db), TOBN(0x5ec25669, 0x7a2b2dc7), + TOBN(0xaf4d2e06, 0x4c3beb01), TOBN(0x852123d0, 0x7acea556), + TOBN(0x0e9470fa, 0xf783487a), TOBN(0x75a7ea04, 0x5664b3eb), + TOBN(0x4ad78f35, 0x6798e4ba), TOBN(0x9214e6e5, 0xc7d0e091), + TOBN(0xc420b488, 0xb1290403), TOBN(0x64049e0a, 0xfc295749), + TOBN(0x03ef5af1, 0x3ae9841f), TOBN(0xdbe4ca19, 0xb0b662a6), + TOBN(0x46845c5f, 0xfa453458), TOBN(0xf8dabf19, 0x10b66722), + TOBN(0xb650f0aa, 0xcce2793b), TOBN(0x71db851e, 0xc5ec47c1), + TOBN(0x3eb78f3e, 0x3b234fa9), TOBN(0xb0c60f35, 0xfc0106ce), + TOBN(0x05427121, 0x774eadbd), TOBN(0x25367faf, 0xce323863), + TOBN(0x7541b5c9, 0xcd086976), TOBN(0x4ff069e2, 0xdc507ad1), + TOBN(0x74145256, 0x8776e667), TOBN(0x6e76142c, 0xb23c6bb5), + TOBN(0xdbf30712, 0x1b3a8a87), TOBN(0x60e7363e, 0x98450836), + TOBN(0x5741450e, 0xb7366d80), TOBN(0xe4ee14ca, 0x4837dbdf), + TOBN(0xa765eb9b, 0x69d4316f), TOBN(0x04548dca, 0x8ef43825), + TOBN(0x9c9f4e4c, 0x5ae888eb), TOBN(0x733abb51, 0x56e9ac99), + TOBN(0xdaad3c20, 0xba6ac029), TOBN(0x9b8dd3d3, 0x2ba3e38e), + TOBN(0xa9bb4c92, 0x0bc5d11a), TOBN(0xf20127a7, 0x9c5f88a3), + TOBN(0x4f52b06e, 0x161d3cb8), TOBN(0x26c1ff09, 0x6afaf0a6), + TOBN(0x32670d2f, 0x7189e71f), TOBN(0xc6438748, 0x5ecf91e7), + TOBN(0x15758e57, 0xdb757a21), TOBN(0x427d09f8, 0x290a9ce5), + TOBN(0x846a308f, 0x38384a7a), TOBN(0xaac3acb4, 0xb0732b99), + TOBN(0x9e941009, 0x17845819), TOBN(0x95cba111, 0xa7ce5e03), + TOBN(0x6f3d4f7f, 0xb00009c4), TOBN(0xb8396c27, 0x8ff28b5f), + TOBN(0xb1a9ae43, 0x1c97975d), TOBN(0x9d7ba8af, 0xe5d9fed5), + TOBN(0x338cf09f, 0x34f485b6), TOBN(0xbc0ddacc, 0x64122516), + TOBN(0xa450da12, 0x05d471fe), TOBN(0x4c3a6250, 0x628dd8c9), + TOBN(0x69c7d103, 0xd1295837), TOBN(0xa2893e50, 0x3807eb2f), + TOBN(0xd6e1e1de, 0xbdb41491), TOBN(0xc630745b, 0x5e138235), + TOBN(0xc892109e, 0x48661ae1), TOBN(0x8d17e7eb, 0xea2b2674), + TOBN(0x00ec0f87, 0xc328d6b5), TOBN(0x6d858645, 0xf079ff9e), + TOBN(0x6cdf243e, 0x19115ead), TOBN(0x1ce1393e, 0x4bac4fcf), + TOBN(0x2c960ed0, 0x9c29f25b), TOBN(0x59be4d8e, 0x9d388a05), + TOBN(0x0d46e06c, 0xd0def72b), TOBN(0xb923db5d, 0xe0342748), + TOBN(0xf7d3aacd, 0x936d4a3d), TOBN(0x558519cc, 0x0b0b099e), + TOBN(0x3ea8ebf8, 0x827097ef), TOBN(0x259353db, 0xd054f55d), + TOBN(0x84c89abc, 0x6d2ed089), TOBN(0x5c548b69, 0x8e096a7c), + TOBN(0xd587f616, 0x994b995d), TOBN(0x4d1531f6, 0xa5845601), + TOBN(0x792ab31e, 0x451fd9f0), TOBN(0xc8b57bb2, 0x65adf6ca), + TOBN(0x68440fcb, 0x1cd5ad73), TOBN(0xb9c860e6, 0x6144da4f), + TOBN(0x2ab286aa, 0x8462beb8), TOBN(0xcc6b8fff, 0xef46797f), + TOBN(0xac820da4, 0x20c8a471), TOBN(0x69ae05a1, 0x77ff7faf), + TOBN(0xb9163f39, 0xbfb5da77), TOBN(0xbd03e590, 0x2c73ab7a), + TOBN(0x7e862b5e, 0xb2940d9e), TOBN(0x3c663d86, 0x4b9af564), + TOBN(0xd8309031, 0xbde3033d), TOBN(0x298231b2, 0xd42c5bc6), + TOBN(0x42090d2c, 0x552ad093), TOBN(0xa4799d1c, 0xff854695), + TOBN(0x0a88b5d6, 0xd31f0d00), TOBN(0xf8b40825, 0xa2f26b46), + TOBN(0xec29b1ed, 0xf1bd7218), TOBN(0xd491c53b, 0x4b24c86e), + TOBN(0xd2fe588f, 0x3395ea65), TOBN(0x6f3764f7, 0x4456ef15), + TOBN(0xdb43116d, 0xcdc34800), TOBN(0xcdbcd456, 0xc1e33955), + TOBN(0xefdb5540, 0x74ab286b), TOBN(0x948c7a51, 0xd18c5d7c), + TOBN(0xeb81aa37, 0x7378058e), TOBN(0x41c746a1, 0x04411154), + TOBN(0xa10c73bc, 0xfb828ac7), TOBN(0x6439be91, 0x9d972b29), + TOBN(0x4bf3b4b0, 0x43a2fbad), TOBN(0x39e6dadf, 0x82b5e840), + TOBN(0x4f716408, 0x6397bd4c), TOBN(0x0f7de568, 0x7f1eeccb), + TOBN(0x5865c5a1, 0xd2ffbfc1), TOBN(0xf74211fa, 0x4ccb6451), + TOBN(0x66368a88, 0xc0b32558), TOBN(0x5b539dc2, 0x9ad7812e), + TOBN(0x579483d0, 0x2f3af6f6), TOBN(0x52132078, 0x99934ece), + TOBN(0x50b9650f, 0xdcc9e983), TOBN(0xca989ec9, 0xaee42b8a), + TOBN(0x6a44c829, 0xd6f62f99), TOBN(0x8f06a309, 0x4c2a7c0c), + TOBN(0x4ea2b3a0, 0x98a0cb0a), TOBN(0x5c547b70, 0xbeee8364), + TOBN(0x461d40e1, 0x682afe11), TOBN(0x9e0fc77a, 0x7b41c0a8), + TOBN(0x79e4aefd, 0xe20d5d36), TOBN(0x2916e520, 0x32dd9f63), + TOBN(0xf59e52e8, 0x3f883faf), TOBN(0x396f9639, 0x2b868d35), + TOBN(0xc902a9df, 0x4ca19881), TOBN(0x0fc96822, 0xdb2401a6), + TOBN(0x41237587, 0x66f1c68d), TOBN(0x10fc6de3, 0xfb476c0d), + TOBN(0xf8b6b579, 0x841f5d90), TOBN(0x2ba8446c, 0xfa24f44a), + TOBN(0xa237b920, 0xef4a9975), TOBN(0x60bb6004, 0x2330435f), + TOBN(0xd6f4ab5a, 0xcfb7e7b5), TOBN(0xb2ac5097, 0x83435391), + TOBN(0xf036ee2f, 0xb0d1ea67), TOBN(0xae779a6a, 0x74c56230), + TOBN(0x59bff8c8, 0xab838ae6), TOBN(0xcd83ca99, 0x9b38e6f0), + TOBN(0xbb27bef5, 0xe33deed3), TOBN(0xe6356f6f, 0x001892a8), + TOBN(0xbf3be6cc, 0x7adfbd3e), TOBN(0xaecbc81c, 0x33d1ac9d), + TOBN(0xe4feb909, 0xe6e861dc), TOBN(0x90a247a4, 0x53f5f801), + TOBN(0x01c50acb, 0x27346e57), TOBN(0xce29242e, 0x461acc1b), + TOBN(0x04dd214a, 0x2f998a91), TOBN(0x271ee9b1, 0xd4baf27b), + TOBN(0x7e3027d1, 0xe8c26722), TOBN(0x21d1645c, 0x1820dce5), + TOBN(0x086f242c, 0x7501779c), TOBN(0xf0061407, 0xfa0e8009), + TOBN(0xf23ce477, 0x60187129), TOBN(0x05bbdedb, 0x0fde9bd0), + TOBN(0x682f4832, 0x25d98473), TOBN(0xf207fe85, 0x5c658427), + TOBN(0xb6fdd7ba, 0x4166ffa1), TOBN(0x0c314056, 0x9eed799d), + TOBN(0x0db8048f, 0x4107e28f), TOBN(0x74ed3871, 0x41216840), + TOBN(0x74489f8f, 0x56a3c06e), TOBN(0x1e1c005b, 0x12777134), + TOBN(0xdb332a73, 0xf37ec3c3), TOBN(0xc65259bd, 0xdd59eba0), + TOBN(0x2291709c, 0xdb4d3257), TOBN(0x9a793b25, 0xbd389390), + TOBN(0xf39fe34b, 0xe43756f0), TOBN(0x2f76bdce, 0x9afb56c9), + TOBN(0x9f37867a, 0x61208b27), TOBN(0xea1d4307, 0x089972c3), + TOBN(0x8c595330, 0x8bdf623a), TOBN(0x5f5accda, 0x8441fb7d), + TOBN(0xfafa9418, 0x32ddfd95), TOBN(0x6ad40c5a, 0x0fde9be7), + TOBN(0x43faba89, 0xaeca8709), TOBN(0xc64a7cf1, 0x2c248a9d), + TOBN(0x16620252, 0x72637a76), TOBN(0xaee1c791, 0x22b8d1bb), + TOBN(0xf0f798fd, 0x21a843b2), TOBN(0x56e4ed4d, 0x8d005cb1), + TOBN(0x355f7780, 0x1f0d8abe), TOBN(0x197b04cf, 0x34522326), + TOBN(0x41f9b31f, 0xfd42c13f), TOBN(0x5ef7feb2, 0xb40f933d), + TOBN(0x27326f42, 0x5d60bad4), TOBN(0x027ecdb2, 0x8c92cf89), + TOBN(0x04aae4d1, 0x4e3352fe), TOBN(0x08414d2f, 0x73591b90), + TOBN(0x5ed6124e, 0xb7da7d60), TOBN(0xb985b931, 0x4d13d4ec), + TOBN(0xa592d3ab, 0x96bf36f9), TOBN(0x012dbed5, 0xbbdf51df), + TOBN(0xa57963c0, 0xdf6c177d), TOBN(0x010ec869, 0x87ca29cf), + TOBN(0xba1700f6, 0xbf926dff), TOBN(0x7c9fdbd1, 0xf4bf6bc2), + TOBN(0xdc18dc8f, 0x64da11f5), TOBN(0xa6074b7a, 0xd938ae75), + TOBN(0x14270066, 0xe84f44a4), TOBN(0x99998d38, 0xd27b954e), + TOBN(0xc1be8ab2, 0xb4f38e9a), TOBN(0x8bb55bbf, 0x15c01016), + TOBN(0xf73472b4, 0x0ea2ab30), TOBN(0xd365a340, 0xf73d68dd), + TOBN(0xc01a7168, 0x19c2e1eb), TOBN(0x32f49e37, 0x34061719), + TOBN(0xb73c57f1, 0x01d8b4d6), TOBN(0x03c8423c, 0x26b47700), + TOBN(0x321d0bc8, 0xa4d8826a), TOBN(0x6004213c, 0x4bc0e638), + TOBN(0xf78c64a1, 0xc1c06681), TOBN(0x16e0a16f, 0xef018e50), + TOBN(0x31cbdf91, 0xdb42b2b3), TOBN(0xf8f4ffce, 0xe0d36f58), + TOBN(0xcdcc71cd, 0x4cc5e3e0), TOBN(0xd55c7cfa, 0xa129e3e0), + TOBN(0xccdb6ba0, 0x0fb2cbf1), TOBN(0x6aba0005, 0xc4bce3cb), + TOBN(0x501cdb30, 0xd232cfc4), TOBN(0x9ddcf12e, 0xd58a3cef), + TOBN(0x02d2cf9c, 0x87e09149), TOBN(0xdc5d7ec7, 0x2c976257), + TOBN(0x6447986e, 0x0b50d7dd), TOBN(0x88fdbaf7, 0x807f112a), + TOBN(0x58c9822a, 0xb00ae9f6), TOBN(0x6abfb950, 0x6d3d27e0), + TOBN(0xd0a74487, 0x8a429f4f), TOBN(0x0649712b, 0xdb516609), + TOBN(0xb826ba57, 0xe769b5df), TOBN(0x82335df2, 0x1fc7aaf2), + TOBN(0x2389f067, 0x5c93d995), TOBN(0x59ac367a, 0x68677be6), + TOBN(0xa77985ff, 0x21d9951b), TOBN(0x038956fb, 0x85011cce), + TOBN(0x608e48cb, 0xbb734e37), TOBN(0xc08c0bf2, 0x2be5b26f), + TOBN(0x17bbdd3b, 0xf9b1a0d9), TOBN(0xeac7d898, 0x10483319), + TOBN(0xc95c4baf, 0xbc1a6dea), TOBN(0xfdd0e2bf, 0x172aafdb), + TOBN(0x40373cbc, 0x8235c41a), TOBN(0x14303f21, 0xfb6f41d5), + TOBN(0xba063621, 0x0408f237), TOBN(0xcad3b09a, 0xecd2d1ed), + TOBN(0x4667855a, 0x52abb6a2), TOBN(0xba9157dc, 0xaa8b417b), + TOBN(0xfe7f3507, 0x4f013efb), TOBN(0x1b112c4b, 0xaa38c4a2), + TOBN(0xa1406a60, 0x9ba64345), TOBN(0xe53cba33, 0x6993c80b), + TOBN(0x45466063, 0xded40d23), TOBN(0x3d5f1f4d, 0x54908e25), + TOBN(0x9ebefe62, 0x403c3c31), TOBN(0x274ea0b5, 0x0672a624), + TOBN(0xff818d99, 0x451d1b71), TOBN(0x80e82643, 0x8f79cf79), + TOBN(0xa165df13, 0x73ce37f5), TOBN(0xa744ef4f, 0xfe3a21fd), + TOBN(0x73f1e7f5, 0xcf551396), TOBN(0xc616898e, 0x868c676b), + TOBN(0x671c28c7, 0x8c442c36), TOBN(0xcfe5e558, 0x5e0a317d), + TOBN(0x1242d818, 0x7051f476), TOBN(0x56fad2a6, 0x14f03442), + TOBN(0x262068bc, 0x0a44d0f6), TOBN(0xdfa2cd6e, 0xce6edf4e), + TOBN(0x0f43813a, 0xd15d1517), TOBN(0x61214cb2, 0x377d44f5), + TOBN(0xd399aa29, 0xc639b35f), TOBN(0x42136d71, 0x54c51c19), + TOBN(0x9774711b, 0x08417221), TOBN(0x0a5546b3, 0x52545a57), + TOBN(0x80624c41, 0x1150582d), TOBN(0x9ec5c418, 0xfbc555bc), + TOBN(0x2c87dcad, 0x771849f1), TOBN(0xb0c932c5, 0x01d7bf6f), + TOBN(0x6aa5cd3e, 0x89116eb2), TOBN(0xd378c25a, 0x51ca7bd3), + TOBN(0xc612a0da, 0x9e6e3e31), TOBN(0x0417a54d, 0xb68ad5d0), + TOBN(0x00451e4a, 0x22c6edb8), TOBN(0x9fbfe019, 0xb42827ce), + TOBN(0x2fa92505, 0xba9384a2), TOBN(0x21b8596e, 0x64ad69c1), + TOBN(0x8f4fcc49, 0x983b35a6), TOBN(0xde093760, 0x72754672), + TOBN(0x2f14ccc8, 0xf7bffe6d), TOBN(0x27566bff, 0x5d94263d), + TOBN(0xb5b4e9c6, 0x2df3ec30), TOBN(0x94f1d7d5, 0x3e6ea6ba), + TOBN(0x97b7851a, 0xaaca5e9b), TOBN(0x518aa521, 0x56713b97), + TOBN(0x3357e8c7, 0x150a61f6), TOBN(0x7842e7e2, 0xec2c2b69), + TOBN(0x8dffaf65, 0x6868a548), TOBN(0xd963bd82, 0xe068fc81), + TOBN(0x64da5c8b, 0x65917733), TOBN(0x927090ff, 0x7b247328), + }, + { + TOBN(0x214bc9a7, 0xd298c241), TOBN(0xe3b697ba, 0x56807cfd), + TOBN(0xef1c7802, 0x4564eadb), TOBN(0xdde8cdcf, 0xb48149c5), + TOBN(0x946bf0a7, 0x5a4d2604), TOBN(0x27154d7f, 0x6c1538af), + TOBN(0x95cc9230, 0xde5b1fcc), TOBN(0xd88519e9, 0x66864f82), + TOBN(0xb828dd1a, 0x7cb1282c), TOBN(0xa08d7626, 0xbe46973a), + TOBN(0x6baf8d40, 0xe708d6b2), TOBN(0x72571fa1, 0x4daeb3f3), + TOBN(0x85b1732f, 0xf22dfd98), TOBN(0x87ab01a7, 0x0087108d), + TOBN(0xaaaafea8, 0x5988207a), TOBN(0xccc832f8, 0x69f00755), + TOBN(0x964d950e, 0x36ff3bf0), TOBN(0x8ad20f6f, 0xf0b34638), + TOBN(0x4d9177b3, 0xb5d7585f), TOBN(0xcf839760, 0xef3f019f), + TOBN(0x582fc5b3, 0x8288c545), TOBN(0x2f8e4e9b, 0x13116bd1), + TOBN(0xf91e1b2f, 0x332120ef), TOBN(0xcf568724, 0x2a17dd23), + TOBN(0x488f1185, 0xca8d9d1a), TOBN(0xadf2c77d, 0xd987ded2), + TOBN(0x5f3039f0, 0x60c46124), TOBN(0xe5d70b75, 0x71e095f4), + TOBN(0x82d58650, 0x6260e70f), TOBN(0x39d75ea7, 0xf750d105), + TOBN(0x8cf3d0b1, 0x75bac364), TOBN(0xf3a7564d, 0x21d01329), + TOBN(0x182f04cd, 0x2f52d2a7), TOBN(0x4fde149a, 0xe2df565a), + TOBN(0xb80c5eec, 0xa79fb2f7), TOBN(0xab491d7b, 0x22ddc897), + TOBN(0x99d76c18, 0xc6312c7f), TOBN(0xca0d5f3d, 0x6aa41a57), + TOBN(0x71207325, 0xd15363a0), TOBN(0xe82aa265, 0xbeb252c2), + TOBN(0x94ab4700, 0xec3128c2), TOBN(0x6c76d862, 0x8e383f49), + TOBN(0xdc36b150, 0xc03024eb), TOBN(0xfb439477, 0x53daac69), + TOBN(0xfc68764a, 0x8dc79623), TOBN(0x5b86995d, 0xb440fbb2), + TOBN(0xd66879bf, 0xccc5ee0d), TOBN(0x05228942, 0x95aa8bd3), + TOBN(0xb51a40a5, 0x1e6a75c1), TOBN(0x24327c76, 0x0ea7d817), + TOBN(0x06630182, 0x07774597), TOBN(0xd6fdbec3, 0x97fa7164), + TOBN(0x20c99dfb, 0x13c90f48), TOBN(0xd6ac5273, 0x686ef263), + TOBN(0xc6a50bdc, 0xfef64eeb), TOBN(0xcd87b281, 0x86fdfc32), + TOBN(0xb24aa43e, 0x3fcd3efc), TOBN(0xdd26c034, 0xb8088e9a), + TOBN(0xa5ef4dc9, 0xbd3d46ea), TOBN(0xa2f99d58, 0x8a4c6a6f), + TOBN(0xddabd355, 0x2f1da46c), TOBN(0x72c3f8ce, 0x1afacdd1), + TOBN(0xd90c4eee, 0x92d40578), TOBN(0xd28bb41f, 0xca623b94), + TOBN(0x50fc0711, 0x745edc11), TOBN(0x9dd9ad7d, 0x3dc87558), + TOBN(0xce6931fb, 0xb49d1e64), TOBN(0x6c77a0a2, 0xc98bd0f9), + TOBN(0x62b9a629, 0x6baf7cb1), TOBN(0xcf065f91, 0xccf72d22), + TOBN(0x7203cce9, 0x79639071), TOBN(0x09ae4885, 0xf9cb732f), + TOBN(0x5e7c3bec, 0xee8314f3), TOBN(0x1c068aed, 0xdbea298f), + TOBN(0x08d381f1, 0x7c80acec), TOBN(0x03b56be8, 0xe330495b), + TOBN(0xaeffb8f2, 0x9222882d), TOBN(0x95ff38f6, 0xc4af8bf7), + TOBN(0x50e32d35, 0x1fc57d8c), TOBN(0x6635be52, 0x17b444f0), + TOBN(0x04d15276, 0xa5177900), TOBN(0x4e1dbb47, 0xf6858752), + TOBN(0x5b475622, 0xc615796c), TOBN(0xa6fa0387, 0x691867bf), + TOBN(0xed7f5d56, 0x2844c6d0), TOBN(0xc633cf9b, 0x03a2477d), + TOBN(0xf6be5c40, 0x2d3721d6), TOBN(0xaf312eb7, 0xe9fd68e6), + TOBN(0x242792d2, 0xe7417ce1), TOBN(0xff42bc71, 0x970ee7f5), + TOBN(0x1ff4dc6d, 0x5c67a41e), TOBN(0x77709b7b, 0x20882a58), + TOBN(0x3554731d, 0xbe217f2c), TOBN(0x2af2a8cd, 0x5bb72177), + TOBN(0x58eee769, 0x591dd059), TOBN(0xbb2930c9, 0x4bba6477), + TOBN(0x863ee047, 0x7d930cfc), TOBN(0x4c262ad1, 0x396fd1f4), + TOBN(0xf4765bc8, 0x039af7e1), TOBN(0x2519834b, 0x5ba104f6), + TOBN(0x7cd61b4c, 0xd105f961), TOBN(0xa5415da5, 0xd63bca54), + TOBN(0x778280a0, 0x88a1f17c), TOBN(0xc4968949, 0x2329512c), + TOBN(0x174a9126, 0xcecdaa7a), TOBN(0xfc8c7e0e, 0x0b13247b), + TOBN(0x29c110d2, 0x3484c1c4), TOBN(0xf8eb8757, 0x831dfc3b), + TOBN(0x022f0212, 0xc0067452), TOBN(0x3f6f69ee, 0x7b9b926c), + TOBN(0x09032da0, 0xef42daf4), TOBN(0x79f00ade, 0x83f80de4), + TOBN(0x6210db71, 0x81236c97), TOBN(0x74f7685b, 0x3ee0781f), + TOBN(0x4df7da7b, 0xa3e41372), TOBN(0x2aae38b1, 0xb1a1553e), + TOBN(0x1688e222, 0xf6dd9d1b), TOBN(0x57695448, 0x5b8b6487), + TOBN(0x478d2127, 0x4b2edeaa), TOBN(0xb2818fa5, 0x1e85956a), + TOBN(0x1e6addda, 0xf176f2c0), TOBN(0x01ca4604, 0xe2572658), + TOBN(0x0a404ded, 0x85342ffb), TOBN(0x8cf60f96, 0x441838d6), + TOBN(0x9bbc691c, 0xc9071c4a), TOBN(0xfd588744, 0x34442803), + TOBN(0x97101c85, 0x809c0d81), TOBN(0xa7fb754c, 0x8c456f7f), + TOBN(0xc95f3c5c, 0xd51805e1), TOBN(0xab4ccd39, 0xb299dca8), + TOBN(0x3e03d20b, 0x47eaf500), TOBN(0xfa3165c1, 0xd7b80893), + TOBN(0x005e8b54, 0xe160e552), TOBN(0xdc4972ba, 0x9019d11f), + TOBN(0x21a6972e, 0x0c9a4a7a), TOBN(0xa52c258f, 0x37840fd7), + TOBN(0xf8559ff4, 0xc1e99d81), TOBN(0x08e1a7d6, 0xa3c617c0), + TOBN(0xb398fd43, 0x248c6ba7), TOBN(0x6ffedd91, 0xd1283794), + TOBN(0x8a6a59d2, 0xd629d208), TOBN(0xa9d141d5, 0x3490530e), + TOBN(0x42f6fc18, 0x38505989), TOBN(0x09bf250d, 0x479d94ee), + TOBN(0x223ad3b1, 0xb3822790), TOBN(0x6c5926c0, 0x93b8971c), + TOBN(0x609efc7e, 0x75f7fa62), TOBN(0x45d66a6d, 0x1ec2d989), + TOBN(0x4422d663, 0x987d2792), TOBN(0x4a73caad, 0x3eb31d2b), + TOBN(0xf06c2ac1, 0xa32cb9e6), TOBN(0xd9445c5f, 0x91aeba84), + TOBN(0x6af7a1d5, 0xaf71013f), TOBN(0xe68216e5, 0x0bedc946), + TOBN(0xf4cba30b, 0xd27370a0), TOBN(0x7981afbf, 0x870421cc), + TOBN(0x02496a67, 0x9449f0e1), TOBN(0x86cfc4be, 0x0a47edae), + TOBN(0x3073c936, 0xb1feca22), TOBN(0xf5694612, 0x03f8f8fb), + TOBN(0xd063b723, 0x901515ea), TOBN(0x4c6c77a5, 0x749cf038), + TOBN(0x6361e360, 0xab9e5059), TOBN(0x596cf171, 0xa76a37c0), + TOBN(0x800f53fa, 0x6530ae7a), TOBN(0x0f5e631e, 0x0792a7a6), + TOBN(0x5cc29c24, 0xefdb81c9), TOBN(0xa269e868, 0x3f9c40ba), + TOBN(0xec14f9e1, 0x2cb7191e), TOBN(0x78ea1bd8, 0xe5b08ea6), + TOBN(0x3c65aa9b, 0x46332bb9), TOBN(0x84cc22b3, 0xbf80ce25), + TOBN(0x0098e9e9, 0xd49d5bf1), TOBN(0xcd4ec1c6, 0x19087da4), + TOBN(0x3c9d07c5, 0xaef6e357), TOBN(0x839a0268, 0x9f8f64b8), + TOBN(0xc5e9eb62, 0xc6d8607f), TOBN(0x759689f5, 0x6aa995e4), + TOBN(0x70464669, 0xbbb48317), TOBN(0x921474bf, 0xe402417d), + TOBN(0xcabe135b, 0x2a354c8c), TOBN(0xd51e52d2, 0x812fa4b5), + TOBN(0xec741096, 0x53311fe8), TOBN(0x4f774535, 0xb864514b), + TOBN(0xbcadd671, 0x5bde48f8), TOBN(0xc9703873, 0x2189bc7d), + TOBN(0x5d45299e, 0xc709ee8a), TOBN(0xd1287ee2, 0x845aaff8), + TOBN(0x7d1f8874, 0xdb1dbf1f), TOBN(0xea46588b, 0x990c88d6), + TOBN(0x60ba649a, 0x84368313), TOBN(0xd5fdcbce, 0x60d543ae), + TOBN(0x90b46d43, 0x810d5ab0), TOBN(0x6739d8f9, 0x04d7e5cc), + TOBN(0x021c1a58, 0x0d337c33), TOBN(0x00a61162, 0x68e67c40), + TOBN(0x95ef413b, 0x379f0a1f), TOBN(0xfe126605, 0xe9e2ab95), + TOBN(0x67578b85, 0x2f5f199c), TOBN(0xf5c00329, 0x2cb84913), + TOBN(0xf7956430, 0x37577dd8), TOBN(0x83b82af4, 0x29c5fe88), + TOBN(0x9c1bea26, 0xcdbdc132), TOBN(0x589fa086, 0x9c04339e), + TOBN(0x033e9538, 0xb13799df), TOBN(0x85fa8b21, 0xd295d034), + TOBN(0xdf17f73f, 0xbd9ddcca), TOBN(0xf32bd122, 0xddb66334), + TOBN(0x55ef88a7, 0x858b044c), TOBN(0x1f0d69c2, 0x5aa9e397), + TOBN(0x55fd9cc3, 0x40d85559), TOBN(0xc774df72, 0x7785ddb2), + TOBN(0x5dcce9f6, 0xd3bd2e1c), TOBN(0xeb30da20, 0xa85dfed0), + TOBN(0x5ed7f5bb, 0xd3ed09c4), TOBN(0x7d42a35c, 0x82a9c1bd), + TOBN(0xcf3de995, 0x9890272d), TOBN(0x75f3432a, 0x3e713a10), + TOBN(0x5e13479f, 0xe28227b8), TOBN(0xb8561ea9, 0xfefacdc8), + TOBN(0xa6a297a0, 0x8332aafd), TOBN(0x9b0d8bb5, 0x73809b62), + TOBN(0xd2fa1cfd, 0x0c63036f), TOBN(0x7a16eb55, 0xbd64bda8), + TOBN(0x3f5cf5f6, 0x78e62ddc), TOBN(0x2267c454, 0x07fd752b), + TOBN(0x5e361b6b, 0x5e437bbe), TOBN(0x95c59501, 0x8354e075), + TOBN(0xec725f85, 0xf2b254d9), TOBN(0x844b617d, 0x2cb52b4e), + TOBN(0xed8554f5, 0xcf425fb5), TOBN(0xab67703e, 0x2af9f312), + TOBN(0x4cc34ec1, 0x3cf48283), TOBN(0xb09daa25, 0x9c8a705e), + TOBN(0xd1e9d0d0, 0x5b7d4f84), TOBN(0x4df6ef64, 0xdb38929d), + TOBN(0xe16b0763, 0xaa21ba46), TOBN(0xc6b1d178, 0xa293f8fb), + TOBN(0x0ff5b602, 0xd520aabf), TOBN(0x94d671bd, 0xc339397a), + TOBN(0x7c7d98cf, 0x4f5792fa), TOBN(0x7c5e0d67, 0x11215261), + TOBN(0x9b19a631, 0xa7c5a6d4), TOBN(0xc8511a62, 0x7a45274d), + TOBN(0x0c16621c, 0xa5a60d99), TOBN(0xf7fbab88, 0xcf5e48cb), + TOBN(0xab1e6ca2, 0xf7ddee08), TOBN(0x83bd08ce, 0xe7867f3c), + TOBN(0xf7e48e8a, 0x2ac13e27), TOBN(0x4494f6df, 0x4eb1a9f5), + TOBN(0xedbf84eb, 0x981f0a62), TOBN(0x49badc32, 0x536438f0), + TOBN(0x50bea541, 0x004f7571), TOBN(0xbac67d10, 0xdf1c94ee), + TOBN(0x253d73a1, 0xb727bc31), TOBN(0xb3d01cf2, 0x30686e28), + TOBN(0x51b77b1b, 0x55fd0b8b), TOBN(0xa099d183, 0xfeec3173), + TOBN(0x202b1fb7, 0x670e72b7), TOBN(0xadc88b33, 0xa8e1635f), + TOBN(0x34e8216a, 0xf989d905), TOBN(0xc2e68d20, 0x29b58d01), + TOBN(0x11f81c92, 0x6fe55a93), TOBN(0x15f1462a, 0x8f296f40), + TOBN(0x1915d375, 0xea3d62f2), TOBN(0xa17765a3, 0x01c8977d), + TOBN(0x7559710a, 0xe47b26f6), TOBN(0xe0bd29c8, 0x535077a5), + TOBN(0x615f976d, 0x08d84858), TOBN(0x370dfe85, 0x69ced5c1), + TOBN(0xbbc7503c, 0xa734fa56), TOBN(0xfbb9f1ec, 0x91ac4574), + TOBN(0x95d7ec53, 0x060dd7ef), TOBN(0xeef2dacd, 0x6e657979), + TOBN(0x54511af3, 0xe2a08235), TOBN(0x1e324aa4, 0x1f4aea3d), + TOBN(0x550e7e71, 0xe6e67671), TOBN(0xbccd5190, 0xbf52faf7), + TOBN(0xf880d316, 0x223cc62a), TOBN(0x0d402c7e, 0x2b32eb5d), + TOBN(0xa40bc039, 0x306a5a3b), TOBN(0x4e0a41fd, 0x96783a1b), + TOBN(0xa1e8d39a, 0x0253cdd4), TOBN(0x6480be26, 0xc7388638), + TOBN(0xee365e1d, 0x2285f382), TOBN(0x188d8d8f, 0xec0b5c36), + TOBN(0x34ef1a48, 0x1f0f4d82), TOBN(0x1a8f43e1, 0xa487d29a), + TOBN(0x8168226d, 0x77aefb3a), TOBN(0xf69a751e, 0x1e72c253), + TOBN(0x8e04359a, 0xe9594df1), TOBN(0x475ffd7d, 0xd14c0467), + TOBN(0xb5a2c2b1, 0x3844e95c), TOBN(0x85caf647, 0xdd12ef94), + TOBN(0x1ecd2a9f, 0xf1063d00), TOBN(0x1dd2e229, 0x23843311), + TOBN(0x38f0e09d, 0x73d17244), TOBN(0x3ede7746, 0x8fc653f1), + TOBN(0xae4459f5, 0xdc20e21c), TOBN(0x00db2ffa, 0x6a8599ea), + TOBN(0x11682c39, 0x30cfd905), TOBN(0x4934d074, 0xa5c112a6), + TOBN(0xbdf063c5, 0x568bfe95), TOBN(0x779a440a, 0x016c441a), + TOBN(0x0c23f218, 0x97d6fbdc), TOBN(0xd3a5cd87, 0xe0776aac), + TOBN(0xcee37f72, 0xd712e8db), TOBN(0xfb28c70d, 0x26f74e8d), + TOBN(0xffe0c728, 0xb61301a0), TOBN(0xa6282168, 0xd3724354), + TOBN(0x7ff4cb00, 0x768ffedc), TOBN(0xc51b3088, 0x03b02de9), + TOBN(0xa5a8147c, 0x3902dda5), TOBN(0x35d2f706, 0xfe6973b4), + TOBN(0x5ac2efcf, 0xc257457e), TOBN(0x933f48d4, 0x8700611b), + TOBN(0xc365af88, 0x4912beb2), TOBN(0x7f5a4de6, 0x162edf94), + TOBN(0xc646ba7c, 0x0c32f34b), TOBN(0x632c6af3, 0xb2091074), + TOBN(0x58d4f2e3, 0x753e43a9), TOBN(0x70e1d217, 0x24d4e23f), + TOBN(0xb24bf729, 0xafede6a6), TOBN(0x7f4a94d8, 0x710c8b60), + TOBN(0xaad90a96, 0x8d4faa6a), TOBN(0xd9ed0b32, 0xb066b690), + TOBN(0x52fcd37b, 0x78b6dbfd), TOBN(0x0b64615e, 0x8bd2b431), + TOBN(0x228e2048, 0xcfb9fad5), TOBN(0xbeaa386d, 0x240b76bd), + TOBN(0x2d6681c8, 0x90dad7bc), TOBN(0x3e553fc3, 0x06d38f5e), + TOBN(0xf27cdb9b, 0x9d5f9750), TOBN(0x3e85c52a, 0xd28c5b0e), + TOBN(0x190795af, 0x5247c39b), TOBN(0x547831eb, 0xbddd6828), + TOBN(0xf327a227, 0x4a82f424), TOBN(0x36919c78, 0x7e47f89d), + TOBN(0xe4783919, 0x43c7392c), TOBN(0xf101b9aa, 0x2316fefe), + TOBN(0xbcdc9e9c, 0x1c5009d2), TOBN(0xfb55ea13, 0x9cd18345), + TOBN(0xf5b5e231, 0xa3ce77c7), TOBN(0xde6b4527, 0xd2f2cb3d), + TOBN(0x10f6a333, 0x9bb26f5f), TOBN(0x1e85db8e, 0x044d85b6), + TOBN(0xc3697a08, 0x94197e54), TOBN(0x65e18cc0, 0xa7cb4ea8), + TOBN(0xa38c4f50, 0xa471fe6e), TOBN(0xf031747a, 0x2f13439c), + TOBN(0x53c4a6ba, 0xc007318b), TOBN(0xa8da3ee5, 0x1deccb3d), + TOBN(0x0555b31c, 0x558216b1), TOBN(0x90c7810c, 0x2f79e6c2), + TOBN(0x9b669f4d, 0xfe8eed3c), TOBN(0x70398ec8, 0xe0fac126), + TOBN(0xa96a449e, 0xf701b235), TOBN(0x0ceecdb3, 0xeb94f395), + TOBN(0x285fc368, 0xd0cb7431), TOBN(0x0d37bb52, 0x16a18c64), + TOBN(0x05110d38, 0xb880d2dd), TOBN(0xa60f177b, 0x65930d57), + TOBN(0x7da34a67, 0xf36235f5), TOBN(0x47f5e17c, 0x183816b9), + TOBN(0xc7664b57, 0xdb394af4), TOBN(0x39ba215d, 0x7036f789), + TOBN(0x46d2ca0e, 0x2f27b472), TOBN(0xc42647ee, 0xf73a84b7), + TOBN(0x44bc7545, 0x64488f1d), TOBN(0xaa922708, 0xf4cf85d5), + TOBN(0x721a01d5, 0x53e4df63), TOBN(0x649c0c51, 0x5db46ced), + TOBN(0x6bf0d64e, 0x3cffcb6c), TOBN(0xe3bf93fe, 0x50f71d96), + TOBN(0x75044558, 0xbcc194a0), TOBN(0x16ae3372, 0x6afdc554), + TOBN(0xbfc01adf, 0x5ca48f3f), TOBN(0x64352f06, 0xe22a9b84), + TOBN(0xcee54da1, 0xc1099e4a), TOBN(0xbbda54e8, 0xfa1b89c0), + TOBN(0x166a3df5, 0x6f6e55fb), TOBN(0x1ca44a24, 0x20176f88), + TOBN(0x936afd88, 0xdfb7b5ff), TOBN(0xe34c2437, 0x8611d4a0), + TOBN(0x7effbb75, 0x86142103), TOBN(0x6704ba1b, 0x1f34fc4d), + TOBN(0x7c2a468f, 0x10c1b122), TOBN(0x36b3a610, 0x8c6aace9), + TOBN(0xabfcc0a7, 0x75a0d050), TOBN(0x066f9197, 0x3ce33e32), + TOBN(0xce905ef4, 0x29fe09be), TOBN(0x89ee25ba, 0xa8376351), + TOBN(0x2a3ede22, 0xfd29dc76), TOBN(0x7fd32ed9, 0x36f17260), + TOBN(0x0cadcf68, 0x284b4126), TOBN(0x63422f08, 0xa7951fc8), + TOBN(0x562b24f4, 0x0807e199), TOBN(0xfe9ce5d1, 0x22ad4490), + TOBN(0xc2f51b10, 0x0db2b1b4), TOBN(0xeb3613ff, 0xe4541d0d), + TOBN(0xbd2c4a05, 0x2680813b), TOBN(0x527aa55d, 0x561b08d6), + TOBN(0xa9f8a40e, 0xa7205558), TOBN(0xe3eea56f, 0x243d0bec), + TOBN(0x7b853817, 0xa0ff58b3), TOBN(0xb67d3f65, 0x1a69e627), + TOBN(0x0b76bbb9, 0xa869b5d6), TOBN(0xa3afeb82, 0x546723ed), + TOBN(0x5f24416d, 0x3e554892), TOBN(0x8413b53d, 0x430e2a45), + TOBN(0x99c56aee, 0x9032a2a0), TOBN(0x09432bf6, 0xeec367b1), + TOBN(0x552850c6, 0xdaf0ecc1), TOBN(0x49ebce55, 0x5bc92048), + TOBN(0xdfb66ba6, 0x54811307), TOBN(0x1b84f797, 0x6f298597), + TOBN(0x79590481, 0x8d1d7a0d), TOBN(0xd9fabe03, 0x3a6fa556), + TOBN(0xa40f9c59, 0xba9e5d35), TOBN(0xcb1771c1, 0xf6247577), + TOBN(0x542a47ca, 0xe9a6312b), TOBN(0xa34b3560, 0x552dd8c5), + TOBN(0xfdf94de0, 0x0d794716), TOBN(0xd46124a9, 0x9c623094), + TOBN(0x56b7435d, 0x68afe8b4), TOBN(0x27f20540, 0x6c0d8ea1), + TOBN(0x12b77e14, 0x73186898), TOBN(0xdbc3dd46, 0x7479490f), + TOBN(0x951a9842, 0xc03b0c05), TOBN(0x8b1b3bb3, 0x7921bc96), + TOBN(0xa573b346, 0x2b202e0a), TOBN(0x77e4665d, 0x47254d56), + TOBN(0x08b70dfc, 0xd23e3984), TOBN(0xab86e8bc, 0xebd14236), + TOBN(0xaa3e07f8, 0x57114ba7), TOBN(0x5ac71689, 0xab0ef4f2), + TOBN(0x88fca384, 0x0139d9af), TOBN(0x72733f88, 0x76644af0), + TOBN(0xf122f72a, 0x65d74f4a), TOBN(0x13931577, 0xa5626c7a), + TOBN(0xd5b5d9eb, 0x70f8d5a4), TOBN(0x375adde7, 0xd7bbb228), + TOBN(0x31e88b86, 0x0c1c0b32), TOBN(0xd1f568c4, 0x173edbaa), + TOBN(0x1592fc83, 0x5459df02), TOBN(0x2beac0fb, 0x0fcd9a7e), + TOBN(0xb0a6fdb8, 0x1b473b0a), TOBN(0xe3224c6f, 0x0fe8fc48), + TOBN(0x680bd00e, 0xe87edf5b), TOBN(0x30385f02, 0x20e77cf5), + TOBN(0xe9ab98c0, 0x4d42d1b2), TOBN(0x72d191d2, 0xd3816d77), + TOBN(0x1564daca, 0x0917d9e5), TOBN(0x394eab59, 0x1f8fed7f), + TOBN(0xa209aa8d, 0x7fbb3896), TOBN(0x5564f3b9, 0xbe6ac98e), + TOBN(0xead21d05, 0xd73654ef), TOBN(0x68d1a9c4, 0x13d78d74), + TOBN(0x61e01708, 0x6d4973a0), TOBN(0x83da3500, 0x46e6d32a), + TOBN(0x6a3dfca4, 0x68ae0118), TOBN(0xa1b9a4c9, 0xd02da069), + TOBN(0x0b2ff9c7, 0xebab8302), TOBN(0x98af07c3, 0x944ba436), + TOBN(0x85997326, 0x995f0f9f), TOBN(0x467fade0, 0x71b58bc6), + TOBN(0x47e4495a, 0xbd625a2b), TOBN(0xfdd2d01d, 0x33c3b8cd), + TOBN(0x2c38ae28, 0xc693f9fa), TOBN(0x48622329, 0x348f7999), + TOBN(0x97bf738e, 0x2161f583), TOBN(0x15ee2fa7, 0x565e8cc9), + TOBN(0xa1a5c845, 0x5777e189), TOBN(0xcc10bee0, 0x456f2829), + TOBN(0x8ad95c56, 0xda762bd5), TOBN(0x152e2214, 0xe9d91da8), + TOBN(0x975b0e72, 0x7cb23c74), TOBN(0xfd5d7670, 0xa90c66df), + TOBN(0xb5b5b8ad, 0x225ffc53), TOBN(0xab6dff73, 0xfaded2ae), + TOBN(0xebd56781, 0x6f4cbe9d), TOBN(0x0ed8b249, 0x6a574bd7), + TOBN(0x41c246fe, 0x81a881fa), TOBN(0x91564805, 0xc3db9c70), + TOBN(0xd7c12b08, 0x5b862809), TOBN(0x1facd1f1, 0x55858d7b), + TOBN(0x7693747c, 0xaf09e92a), TOBN(0x3b69dcba, 0x189a425f), + TOBN(0x0be28e9f, 0x967365ef), TOBN(0x57300eb2, 0xe801f5c9), + TOBN(0x93b8ac6a, 0xd583352f), TOBN(0xa2cf1f89, 0xcd05b2b7), + TOBN(0x7c0c9b74, 0x4dcc40cc), TOBN(0xfee38c45, 0xada523fb), + TOBN(0xb49a4dec, 0x1099cc4d), TOBN(0x325c377f, 0x69f069c6), + TOBN(0xe12458ce, 0x476cc9ff), TOBN(0x580e0b6c, 0xc6d4cb63), + TOBN(0xd561c8b7, 0x9072289b), TOBN(0x0377f264, 0xa619e6da), + TOBN(0x26685362, 0x88e591a5), TOBN(0xa453a7bd, 0x7523ca2b), + TOBN(0x8a9536d2, 0xc1df4533), TOBN(0xc8e50f2f, 0xbe972f79), + TOBN(0xd433e50f, 0x6d3549cf), TOBN(0x6f33696f, 0xfacd665e), + TOBN(0x695bfdac, 0xce11fcb4), TOBN(0x810ee252, 0xaf7c9860), + TOBN(0x65450fe1, 0x7159bb2c), TOBN(0xf7dfbebe, 0x758b357b), + TOBN(0x2b057e74, 0xd69fea72), TOBN(0xd485717a, 0x92731745), + }, + { + TOBN(0x896c42e8, 0xee36860c), TOBN(0xdaf04dfd, 0x4113c22d), + TOBN(0x1adbb7b7, 0x44104213), TOBN(0xe5fd5fa1, 0x1fd394ea), + TOBN(0x68235d94, 0x1a4e0551), TOBN(0x6772cfbe, 0x18d10151), + TOBN(0x276071e3, 0x09984523), TOBN(0xe4e879de, 0x5a56ba98), + TOBN(0xaaafafb0, 0x285b9491), TOBN(0x01a0be88, 0x1e4c705e), + TOBN(0xff1d4f5d, 0x2ad9caab), TOBN(0x6e349a4a, 0xc37a233f), + TOBN(0xcf1c1246, 0x4a1c6a16), TOBN(0xd99e6b66, 0x29383260), + TOBN(0xea3d4366, 0x5f6d5471), TOBN(0x36974d04, 0xff8cc89b), + TOBN(0xc26c49a1, 0xcfe89d80), TOBN(0xb42c026d, 0xda9c8371), + TOBN(0xca6c013a, 0xdad066d2), TOBN(0xfb8f7228, 0x56a4f3ee), + TOBN(0x08b579ec, 0xd850935b), TOBN(0x34c1a74c, 0xd631e1b3), + TOBN(0xcb5fe596, 0xac198534), TOBN(0x39ff21f6, 0xe1f24f25), + TOBN(0x27f29e14, 0x8f929057), TOBN(0x7a64ae06, 0xc0c853df), + TOBN(0x256cd183, 0x58e9c5ce), TOBN(0x9d9cce82, 0xded092a5), + TOBN(0xcc6e5979, 0x6e93b7c7), TOBN(0xe1e47092, 0x31bb9e27), + TOBN(0xb70b3083, 0xaa9e29a0), TOBN(0xbf181a75, 0x3785e644), + TOBN(0xf53f2c65, 0x8ead09f7), TOBN(0x1335e1d5, 0x9780d14d), + TOBN(0x69cc20e0, 0xcd1b66bc), TOBN(0x9b670a37, 0xbbe0bfc8), + TOBN(0xce53dc81, 0x28efbeed), TOBN(0x0c74e77c, 0x8326a6e5), + TOBN(0x3604e0d2, 0xb88e9a63), TOBN(0xbab38fca, 0x13dc2248), + TOBN(0x8ed6e8c8, 0x5c0a3f1e), TOBN(0xbcad2492, 0x7c87c37f), + TOBN(0xfdfb62bb, 0x9ee3b78d), TOBN(0xeba8e477, 0xcbceba46), + TOBN(0x37d38cb0, 0xeeaede4b), TOBN(0x0bc498e8, 0x7976deb6), + TOBN(0xb2944c04, 0x6b6147fb), TOBN(0x8b123f35, 0xf71f9609), + TOBN(0xa155dcc7, 0xde79dc24), TOBN(0xf1168a32, 0x558f69cd), + TOBN(0xbac21595, 0x0d1850df), TOBN(0x15c8295b, 0xb204c848), + TOBN(0xf661aa36, 0x7d8184ff), TOBN(0xc396228e, 0x30447bdb), + TOBN(0x11cd5143, 0xbde4a59e), TOBN(0xe3a26e3b, 0x6beab5e6), + TOBN(0xd3b3a13f, 0x1402b9d0), TOBN(0x573441c3, 0x2c7bc863), + TOBN(0x4b301ec4, 0x578c3e6e), TOBN(0xc26fc9c4, 0x0adaf57e), + TOBN(0x96e71bfd, 0x7493cea3), TOBN(0xd05d4b3f, 0x1af81456), + TOBN(0xdaca2a8a, 0x6a8c608f), TOBN(0x53ef07f6, 0x0725b276), + TOBN(0x07a5fbd2, 0x7824fc56), TOBN(0x34675218, 0x13289077), + TOBN(0x5bf69fd5, 0xe0c48349), TOBN(0xa613ddd3, 0xb6aa7875), + TOBN(0x7f78c19c, 0x5450d866), TOBN(0x46f4409c, 0x8f84a481), + TOBN(0x9f1d1928, 0x90fce239), TOBN(0x016c4168, 0xb2ce44b9), + TOBN(0xbae023f0, 0xc7435978), TOBN(0xb152c888, 0x20e30e19), + TOBN(0x9c241645, 0xe3fa6faf), TOBN(0x735d95c1, 0x84823e60), + TOBN(0x03197573, 0x03955317), TOBN(0x0b4b02a9, 0xf03b4995), + TOBN(0x076bf559, 0x70274600), TOBN(0x32c5cc53, 0xaaf57508), + TOBN(0xe8af6d1f, 0x60624129), TOBN(0xb7bc5d64, 0x9a5e2b5e), + TOBN(0x3814b048, 0x5f082d72), TOBN(0x76f267f2, 0xce19677a), + TOBN(0x626c630f, 0xb36eed93), TOBN(0x55230cd7, 0x3bf56803), + TOBN(0x78837949, 0xce2736a0), TOBN(0x0d792d60, 0xaa6c55f1), + TOBN(0x0318dbfd, 0xd5c7c5d2), TOBN(0xb38f8da7, 0x072b342d), + TOBN(0x3569bddc, 0x7b8de38a), TOBN(0xf25b5887, 0xa1c94842), + TOBN(0xb2d5b284, 0x2946ad60), TOBN(0x854f29ad, 0xe9d1707e), + TOBN(0xaa5159dc, 0x2c6a4509), TOBN(0x899f94c0, 0x57189837), + TOBN(0xcf6adc51, 0xf4a55b03), TOBN(0x261762de, 0x35e3b2d5), + TOBN(0x4cc43012, 0x04827b51), TOBN(0xcd22a113, 0xc6021442), + TOBN(0xce2fd61a, 0x247c9569), TOBN(0x59a50973, 0xd152beca), + TOBN(0x6c835a11, 0x63a716d4), TOBN(0xc26455ed, 0x187dedcf), + TOBN(0x27f536e0, 0x49ce89e7), TOBN(0x18908539, 0xcc890cb5), + TOBN(0x308909ab, 0xd83c2aa1), TOBN(0xecd3142b, 0x1ab73bd3), + TOBN(0x6a85bf59, 0xb3f5ab84), TOBN(0x3c320a68, 0xf2bea4c6), + TOBN(0xad8dc538, 0x6da4541f), TOBN(0xeaf34eb0, 0xb7c41186), + TOBN(0x1c780129, 0x977c97c4), TOBN(0x5ff9beeb, 0xc57eb9fa), + TOBN(0xa24d0524, 0xc822c478), TOBN(0xfd8eec2a, 0x461cd415), + TOBN(0xfbde194e, 0xf027458c), TOBN(0xb4ff5319, 0x1d1be115), + TOBN(0x63f874d9, 0x4866d6f4), TOBN(0x35c75015, 0xb21ad0c9), + TOBN(0xa6b5c9d6, 0x46ac49d2), TOBN(0x42c77c0b, 0x83137aa9), + TOBN(0x24d000fc, 0x68225a38), TOBN(0x0f63cfc8, 0x2fe1e907), + TOBN(0x22d1b01b, 0xc6441f95), TOBN(0x7d38f719, 0xec8e448f), + TOBN(0x9b33fa5f, 0x787fb1ba), TOBN(0x94dcfda1, 0x190158df), + TOBN(0xc47cb339, 0x5f6d4a09), TOBN(0x6b4f355c, 0xee52b826), + TOBN(0x3d100f5d, 0xf51b930a), TOBN(0xf4512fac, 0x9f668f69), + TOBN(0x546781d5, 0x206c4c74), TOBN(0xd021d4d4, 0xcb4d2e48), + TOBN(0x494a54c2, 0xca085c2d), TOBN(0xf1dbaca4, 0x520850a8), + TOBN(0x63c79326, 0x490a1aca), TOBN(0xcb64dd9c, 0x41526b02), + TOBN(0xbb772591, 0xa2979258), TOBN(0x3f582970, 0x48d97846), + TOBN(0xd66b70d1, 0x7c213ba7), TOBN(0xc28febb5, 0xe8a0ced4), + TOBN(0x6b911831, 0xc10338c1), TOBN(0x0d54e389, 0xbf0126f3), + TOBN(0x7048d460, 0x4af206ee), TOBN(0x786c88f6, 0x77e97cb9), + TOBN(0xd4375ae1, 0xac64802e), TOBN(0x469bcfe1, 0xd53ec11c), + TOBN(0xfc9b340d, 0x47062230), TOBN(0xe743bb57, 0xc5b4a3ac), + TOBN(0xfe00b4aa, 0x59ef45ac), TOBN(0x29a4ef23, 0x59edf188), + TOBN(0x40242efe, 0xb483689b), TOBN(0x2575d3f6, 0x513ac262), + TOBN(0xf30037c8, 0x0ca6db72), TOBN(0xc9fcce82, 0x98864be2), + TOBN(0x84a112ff, 0x0149362d), TOBN(0x95e57582, 0x1c4ae971), + TOBN(0x1fa4b1a8, 0x945cf86c), TOBN(0x4525a734, 0x0b024a2f), + TOBN(0xe76c8b62, 0x8f338360), TOBN(0x483ff593, 0x28edf32b), + TOBN(0x67e8e90a, 0x298b1aec), TOBN(0x9caab338, 0x736d9a21), + TOBN(0x5c09d2fd, 0x66892709), TOBN(0x2496b4dc, 0xb55a1d41), + TOBN(0x93f5fb1a, 0xe24a4394), TOBN(0x08c75049, 0x6fa8f6c1), + TOBN(0xcaead1c2, 0xc905d85f), TOBN(0xe9d7f790, 0x0733ae57), + TOBN(0x24c9a65c, 0xf07cdd94), TOBN(0x7389359c, 0xa4b55931), + TOBN(0xf58709b7, 0x367e45f7), TOBN(0x1f203067, 0xcb7e7adc), + TOBN(0x82444bff, 0xc7b72818), TOBN(0x07303b35, 0xbaac8033), + TOBN(0x1e1ee4e4, 0xd13b7ea1), TOBN(0xe6489b24, 0xe0e74180), + TOBN(0xa5f2c610, 0x7e70ef70), TOBN(0xa1655412, 0xbdd10894), + TOBN(0x555ebefb, 0x7af4194e), TOBN(0x533c1c3c, 0x8e89bd9c), + TOBN(0x735b9b57, 0x89895856), TOBN(0x15fb3cd2, 0x567f5c15), + TOBN(0x057fed45, 0x526f09fd), TOBN(0xe8a4f10c, 0x8128240a), + TOBN(0x9332efc4, 0xff2bfd8d), TOBN(0x214e77a0, 0xbd35aa31), + TOBN(0x32896d73, 0x14faa40e), TOBN(0x767867ec, 0x01e5f186), + TOBN(0xc9adf8f1, 0x17a1813e), TOBN(0xcb6cda78, 0x54741795), + TOBN(0xb7521b6d, 0x349d51aa), TOBN(0xf56b5a9e, 0xe3c7b8e9), + TOBN(0xc6f1e5c9, 0x32a096df), TOBN(0x083667c4, 0xa3635024), + TOBN(0x365ea135, 0x18087f2f), TOBN(0xf1b8eaac, 0xd136e45d), + TOBN(0xc8a0e484, 0x73aec989), TOBN(0xd75a324b, 0x142c9259), + TOBN(0xb7b4d001, 0x01dae185), TOBN(0x45434e0b, 0x9b7a94bc), + TOBN(0xf54339af, 0xfbd8cb0b), TOBN(0xdcc4569e, 0xe98ef49e), + TOBN(0x7789318a, 0x09a51299), TOBN(0x81b4d206, 0xb2b025d8), + TOBN(0xf64aa418, 0xfae85792), TOBN(0x3e50258f, 0xacd7baf7), + TOBN(0xdce84cdb, 0x2996864b), TOBN(0xa2e67089, 0x1f485fa4), + TOBN(0xb28b2bb6, 0x534c6a5a), TOBN(0x31a7ec6b, 0xc94b9d39), + TOBN(0x1d217766, 0xd6bc20da), TOBN(0x4acdb5ec, 0x86761190), + TOBN(0x68726328, 0x73701063), TOBN(0x4d24ee7c, 0x2128c29b), + TOBN(0xc072ebd3, 0xa19fd868), TOBN(0x612e481c, 0xdb8ddd3b), + TOBN(0xb4e1d754, 0x1a64d852), TOBN(0x00ef95ac, 0xc4c6c4ab), + TOBN(0x1536d2ed, 0xaa0a6c46), TOBN(0x61294086, 0x43774790), + TOBN(0x54af25e8, 0x343fda10), TOBN(0x9ff9d98d, 0xfd25d6f2), + TOBN(0x0746af7c, 0x468b8835), TOBN(0x977a31cb, 0x730ecea7), + TOBN(0xa5096b80, 0xc2cf4a81), TOBN(0xaa986833, 0x6458c37a), + TOBN(0x6af29bf3, 0xa6bd9d34), TOBN(0x6a62fe9b, 0x33c5d854), + TOBN(0x50e6c304, 0xb7133b5e), TOBN(0x04b60159, 0x7d6e6848), + TOBN(0x4cd296df, 0x5579bea4), TOBN(0x10e35ac8, 0x5ceedaf1), + TOBN(0x04c4c5fd, 0xe3bcc5b1), TOBN(0x95f9ee8a, 0x89412cf9), + TOBN(0x2c9459ee, 0x82b6eb0f), TOBN(0x2e845765, 0x95c2aadd), + TOBN(0x774a84ae, 0xd327fcfe), TOBN(0xd8c93722, 0x0368d476), + TOBN(0x0dbd5748, 0xf83e8a3b), TOBN(0xa579aa96, 0x8d2495f3), + TOBN(0x535996a0, 0xae496e9b), TOBN(0x07afbfe9, 0xb7f9bcc2), + TOBN(0x3ac1dc6d, 0x5b7bd293), TOBN(0x3b592cff, 0x7022323d), + TOBN(0xba0deb98, 0x9c0a3e76), TOBN(0x18e78e9f, 0x4b197acb), + TOBN(0x211cde10, 0x296c36ef), TOBN(0x7ee89672, 0x82c4da77), + TOBN(0xb617d270, 0xa57836da), TOBN(0xf0cd9c31, 0x9cb7560b), + TOBN(0x01fdcbf7, 0xe455fe90), TOBN(0x3fb53cbb, 0x7e7334f3), + TOBN(0x781e2ea4, 0x4e7de4ec), TOBN(0x8adab3ad, 0x0b384fd0), + TOBN(0x129eee2f, 0x53d64829), TOBN(0x7a471e17, 0xa261492b), + TOBN(0xe4f9adb9, 0xe4cb4a2c), TOBN(0x3d359f6f, 0x97ba2c2d), + TOBN(0x346c6786, 0x0aacd697), TOBN(0x92b444c3, 0x75c2f8a8), + TOBN(0xc79fa117, 0xd85df44e), TOBN(0x56782372, 0x398ddf31), + TOBN(0x60e690f2, 0xbbbab3b8), TOBN(0x4851f8ae, 0x8b04816b), + TOBN(0xc72046ab, 0x9c92e4d2), TOBN(0x518c74a1, 0x7cf3136b), + TOBN(0xff4eb50a, 0xf9877d4c), TOBN(0x14578d90, 0xa919cabb), + TOBN(0x8218f8c4, 0xac5eb2b6), TOBN(0xa3ccc547, 0x542016e4), + TOBN(0x025bf48e, 0x327f8349), TOBN(0xf3e97346, 0xf43cb641), + TOBN(0xdc2bafdf, 0x500f1085), TOBN(0x57167876, 0x2f063055), + TOBN(0x5bd914b9, 0x411925a6), TOBN(0x7c078d48, 0xa1123de5), + TOBN(0xee6bf835, 0x182b165d), TOBN(0xb11b5e5b, 0xba519727), + TOBN(0xe33ea76c, 0x1eea7b85), TOBN(0x2352b461, 0x92d4f85e), + TOBN(0xf101d334, 0xafe115bb), TOBN(0xfabc1294, 0x889175a3), + TOBN(0x7f6bcdc0, 0x5233f925), TOBN(0xe0a802db, 0xe77fec55), + TOBN(0xbdb47b75, 0x8069b659), TOBN(0x1c5e12de, 0xf98fbd74), + TOBN(0x869c58c6, 0x4b8457ee), TOBN(0xa5360f69, 0x4f7ea9f7), + TOBN(0xe576c09f, 0xf460b38f), TOBN(0x6b70d548, 0x22b7fb36), + TOBN(0x3fd237f1, 0x3bfae315), TOBN(0x33797852, 0xcbdff369), + TOBN(0x97df25f5, 0x25b516f9), TOBN(0x46f388f2, 0xba38ad2d), + TOBN(0x656c4658, 0x89d8ddbb), TOBN(0x8830b26e, 0x70f38ee8), + TOBN(0x4320fd5c, 0xde1212b0), TOBN(0xc34f30cf, 0xe4a2edb2), + TOBN(0xabb131a3, 0x56ab64b8), TOBN(0x7f77f0cc, 0xd99c5d26), + TOBN(0x66856a37, 0xbf981d94), TOBN(0x19e76d09, 0x738bd76e), + TOBN(0xe76c8ac3, 0x96238f39), TOBN(0xc0a482be, 0xa830b366), + TOBN(0xb7b8eaff, 0x0b4eb499), TOBN(0x8ecd83bc, 0x4bfb4865), + TOBN(0x971b2cb7, 0xa2f3776f), TOBN(0xb42176a4, 0xf4b88adf), + TOBN(0xb9617df5, 0xbe1fa446), TOBN(0x8b32d508, 0xcd031bd2), + TOBN(0x1c6bd47d, 0x53b618c0), TOBN(0xc424f46c, 0x6a227923), + TOBN(0x7303ffde, 0xdd92d964), TOBN(0xe9712878, 0x71b5abf2), + TOBN(0x8f48a632, 0xf815561d), TOBN(0x85f48ff5, 0xd3c055d1), + TOBN(0x222a1427, 0x7525684f), TOBN(0xd0d841a0, 0x67360cc3), + TOBN(0x4245a926, 0x0b9267c6), TOBN(0xc78913f1, 0xcf07f863), + TOBN(0xaa844c8e, 0x4d0d9e24), TOBN(0xa42ad522, 0x3d5f9017), + TOBN(0xbd371749, 0xa2c989d5), TOBN(0x928292df, 0xe1f5e78e), + TOBN(0x493b383e, 0x0a1ea6da), TOBN(0x5136fd8d, 0x13aee529), + TOBN(0x860c44b1, 0xf2c34a99), TOBN(0x3b00aca4, 0xbf5855ac), + TOBN(0xabf6aaa0, 0xfaaf37be), TOBN(0x65f43682, 0x2a53ec08), + TOBN(0x1d9a5801, 0xa11b12e1), TOBN(0x78a7ab2c, 0xe20ed475), + TOBN(0x0de1067e, 0x9a41e0d5), TOBN(0x30473f5f, 0x305023ea), + TOBN(0xdd3ae09d, 0x169c7d97), TOBN(0x5cd5baa4, 0xcfaef9cd), + TOBN(0x5cd7440b, 0x65a44803), TOBN(0xdc13966a, 0x47f364de), + TOBN(0x077b2be8, 0x2b8357c1), TOBN(0x0cb1b4c5, 0xe9d57c2a), + TOBN(0x7a4ceb32, 0x05ff363e), TOBN(0xf310fa4d, 0xca35a9ef), + TOBN(0xdbb7b352, 0xf97f68c6), TOBN(0x0c773b50, 0x0b02cf58), + TOBN(0xea2e4821, 0x3c1f96d9), TOBN(0xffb357b0, 0xeee01815), + TOBN(0xb9c924cd, 0xe0f28039), TOBN(0x0b36c95a, 0x46a3fbe4), + TOBN(0x1faaaea4, 0x5e46db6c), TOBN(0xcae575c3, 0x1928aaff), + TOBN(0x7f671302, 0xa70dab86), TOBN(0xfcbd12a9, 0x71c58cfc), + TOBN(0xcbef9acf, 0xbee0cb92), TOBN(0x573da0b9, 0xf8c1b583), + TOBN(0x4752fcfe, 0x0d41d550), TOBN(0xe7eec0e3, 0x2155cffe), + TOBN(0x0fc39fcb, 0x545ae248), TOBN(0x522cb8d1, 0x8065f44e), + TOBN(0x263c962a, 0x70cbb96c), TOBN(0xe034362a, 0xbcd124a9), + TOBN(0xf120db28, 0x3c2ae58d), TOBN(0xb9a38d49, 0xfef6d507), + TOBN(0xb1fd2a82, 0x1ff140fd), TOBN(0xbd162f30, 0x20aee7e0), + TOBN(0x4e17a5d4, 0xcb251949), TOBN(0x2aebcb83, 0x4f7e1c3d), + TOBN(0x608eb25f, 0x937b0527), TOBN(0xf42e1e47, 0xeb7d9997), + TOBN(0xeba699c4, 0xb8a53a29), TOBN(0x1f921c71, 0xe091b536), + TOBN(0xcce29e7b, 0x5b26bbd5), TOBN(0x7a8ef5ed, 0x3b61a680), + TOBN(0xe5ef8043, 0xba1f1c7e), TOBN(0x16ea8217, 0x18158dda), + TOBN(0x01778a2b, 0x599ff0f9), TOBN(0x68a923d7, 0x8104fc6b), + TOBN(0x5bfa44df, 0xda694ff3), TOBN(0x4f7199db, 0xf7667f12), + TOBN(0xc06d8ff6, 0xe46f2a79), TOBN(0x08b5dead, 0xe9f8131d), + TOBN(0x02519a59, 0xabb4ce7c), TOBN(0xc4f710bc, 0xb42aec3e), + TOBN(0x3d77b057, 0x78bde41a), TOBN(0x6474bf80, 0xb4186b5a), + TOBN(0x048b3f67, 0x88c65741), TOBN(0xc64519de, 0x03c7c154), + TOBN(0xdf073846, 0x0edfcc4f), TOBN(0x319aa737, 0x48f1aa6b), + TOBN(0x8b9f8a02, 0xca909f77), TOBN(0x90258139, 0x7580bfef), + TOBN(0xd8bfd3ca, 0xc0c22719), TOBN(0xc60209e4, 0xc9ca151e), + TOBN(0x7a744ab5, 0xd9a1a69c), TOBN(0x6de5048b, 0x14937f8f), + TOBN(0x171938d8, 0xe115ac04), TOBN(0x7df70940, 0x1c6b16d2), + TOBN(0xa6aeb663, 0x7f8e94e7), TOBN(0xc130388e, 0x2a2cf094), + TOBN(0x1850be84, 0x77f54e6e), TOBN(0x9f258a72, 0x65d60fe5), + TOBN(0xff7ff0c0, 0x6c9146d6), TOBN(0x039aaf90, 0xe63a830b), + TOBN(0x38f27a73, 0x9460342f), TOBN(0x4703148c, 0x3f795f8a), + TOBN(0x1bb5467b, 0x9681a97e), TOBN(0x00931ba5, 0xecaeb594), + TOBN(0xcdb6719d, 0x786f337c), TOBN(0xd9c01cd2, 0xe704397d), + TOBN(0x0f4a3f20, 0x555c2fef), TOBN(0x00452509, 0x7c0af223), + TOBN(0x54a58047, 0x84db8e76), TOBN(0x3bacf1aa, 0x93c8aa06), + TOBN(0x11ca957c, 0xf7919422), TOBN(0x50641053, 0x78cdaa40), + TOBN(0x7a303874, 0x9f7144ae), TOBN(0x170c963f, 0x43d4acfd), + TOBN(0x5e148149, 0x58ddd3ef), TOBN(0xa7bde582, 0x9e72dba8), + TOBN(0x0769da8b, 0x6fa68750), TOBN(0xfa64e532, 0x572e0249), + TOBN(0xfcaadf9d, 0x2619ad31), TOBN(0x87882daa, 0xa7b349cd), + TOBN(0x9f6eb731, 0x6c67a775), TOBN(0xcb10471a, 0xefc5d0b1), + TOBN(0xb433750c, 0xe1b806b2), TOBN(0x19c5714d, 0x57b1ae7e), + TOBN(0xc0dc8b7b, 0xed03fd3f), TOBN(0xdd03344f, 0x31bc194e), + TOBN(0xa66c52a7, 0x8c6320b5), TOBN(0x8bc82ce3, 0xd0b6fd93), + TOBN(0xf8e13501, 0xb35f1341), TOBN(0xe53156dd, 0x25a43e42), + TOBN(0xd3adf27e, 0x4daeb85c), TOBN(0xb81d8379, 0xbbeddeb5), + TOBN(0x1b0b546e, 0x2e435867), TOBN(0x9020eb94, 0xeba5dd60), + TOBN(0x37d91161, 0x8210cb9d), TOBN(0x4c596b31, 0x5c91f1cf), + TOBN(0xb228a90f, 0x0e0b040d), TOBN(0xbaf02d82, 0x45ff897f), + TOBN(0x2aac79e6, 0x00fa6122), TOBN(0x24828817, 0x8e36f557), + TOBN(0xb9521d31, 0x113ec356), TOBN(0x9e48861e, 0x15eff1f8), + TOBN(0x2aa1d412, 0xe0d41715), TOBN(0x71f86203, 0x53f131b8), + TOBN(0xf60da8da, 0x3fd19408), TOBN(0x4aa716dc, 0x278d9d99), + TOBN(0x394531f7, 0xa8c51c90), TOBN(0xb560b0e8, 0xf59db51c), + TOBN(0xa28fc992, 0xfa34bdad), TOBN(0xf024fa14, 0x9cd4f8bd), + TOBN(0x5cf530f7, 0x23a9d0d3), TOBN(0x615ca193, 0xe28c9b56), + TOBN(0x6d2a483d, 0x6f73c51e), TOBN(0xa4cb2412, 0xea0dc2dd), + TOBN(0x50663c41, 0x1eb917ff), TOBN(0x3d3a74cf, 0xeade299e), + TOBN(0x29b3990f, 0x4a7a9202), TOBN(0xa9bccf59, 0xa7b15c3d), + TOBN(0x66a3ccdc, 0xa5df9208), TOBN(0x48027c14, 0x43f2f929), + TOBN(0xd385377c, 0x40b557f0), TOBN(0xe001c366, 0xcd684660), + TOBN(0x1b18ed6b, 0xe2183a27), TOBN(0x879738d8, 0x63210329), + TOBN(0xa687c74b, 0xbda94882), TOBN(0xd1bbcc48, 0xa684b299), + TOBN(0xaf6f1112, 0x863b3724), TOBN(0x6943d1b4, 0x2c8ce9f8), + TOBN(0xe044a3bb, 0x098cafb4), TOBN(0x27ed2310, 0x60d48caf), + TOBN(0x542b5675, 0x3a31b84d), TOBN(0xcbf3dd50, 0xfcddbed7), + TOBN(0x25031f16, 0x41b1d830), TOBN(0xa7ec851d, 0xcb0c1e27), + TOBN(0xac1c8fe0, 0xb5ae75db), TOBN(0xb24c7557, 0x08c52120), + TOBN(0x57f811dc, 0x1d4636c3), TOBN(0xf8436526, 0x681a9939), + TOBN(0x1f6bc6d9, 0x9c81adb3), TOBN(0x840f8ac3, 0x5b7d80d4), + TOBN(0x731a9811, 0xf4387f1a), TOBN(0x7c501cd3, 0xb5156880), + TOBN(0xa5ca4a07, 0xdfe68867), TOBN(0xf123d8f0, 0x5fcea120), + TOBN(0x1fbb0e71, 0xd607039e), TOBN(0x2b70e215, 0xcd3a4546), + TOBN(0x32d2f01d, 0x53324091), TOBN(0xb796ff08, 0x180ab19b), + TOBN(0x32d87a86, 0x3c57c4aa), TOBN(0x2aed9caf, 0xb7c49a27), + TOBN(0x9fb35eac, 0x31630d98), TOBN(0x338e8cdf, 0x5c3e20a3), + TOBN(0x80f16182, 0x66cde8db), TOBN(0x4e159980, 0x2d72fd36), + TOBN(0xd7b8f13b, 0x9b6e5072), TOBN(0xf5213907, 0x3b7b5dc1), + TOBN(0x4d431f1d, 0x8ce4396e), TOBN(0x37a1a680, 0xa7ed2142), + TOBN(0xbf375696, 0xd01aaf6b), TOBN(0xaa1c0c54, 0xe63aab66), + TOBN(0x3014368b, 0x4ed80940), TOBN(0x67e6d056, 0x7a6fcedd), + TOBN(0x7c208c49, 0xca97579f), TOBN(0xfe3d7a81, 0xa23597f6), + TOBN(0x5e203202, 0x7e096ae2), TOBN(0xb1f3e1e7, 0x24b39366), + TOBN(0x26da26f3, 0x2fdcdffc), TOBN(0x79422f1d, 0x6097be83), + }, + { + TOBN(0x263a2cfb, 0x9db3b381), TOBN(0x9c3a2dee, 0xd4df0a4b), + TOBN(0x728d06e9, 0x7d04e61f), TOBN(0x8b1adfbc, 0x42449325), + TOBN(0x6ec1d939, 0x7e053a1b), TOBN(0xee2be5c7, 0x66daf707), + TOBN(0x80ba1e14, 0x810ac7ab), TOBN(0xdd2ae778, 0xf530f174), + TOBN(0x0435d97a, 0x205b9d8b), TOBN(0x6eb8f064, 0x056756d4), + TOBN(0xd5e88a8b, 0xb6f8210e), TOBN(0x070ef12d, 0xec9fd9ea), + TOBN(0x4d849505, 0x3bcc876a), TOBN(0x12a75338, 0xa7404ce3), + TOBN(0xd22b49e1, 0xb8a1db5e), TOBN(0xec1f2051, 0x14bfa5ad), + TOBN(0xadbaeb79, 0xb6828f36), TOBN(0x9d7a0258, 0x01bd5b9e), + TOBN(0xeda01e0d, 0x1e844b0c), TOBN(0x4b625175, 0x887edfc9), + TOBN(0x14109fdd, 0x9669b621), TOBN(0x88a2ca56, 0xf6f87b98), + TOBN(0xfe2eb788, 0x170df6bc), TOBN(0x0cea06f4, 0xffa473f9), + TOBN(0x43ed81b5, 0xc4e83d33), TOBN(0xd9f35879, 0x5efd488b), + TOBN(0x164a620f, 0x9deb4d0f), TOBN(0xc6927bdb, 0xac6a7394), + TOBN(0x45c28df7, 0x9f9e0f03), TOBN(0x2868661e, 0xfcd7e1a9), + TOBN(0x7cf4e8d0, 0xffa348f1), TOBN(0x6bd4c284, 0x398538e0), + TOBN(0x2618a091, 0x289a8619), TOBN(0xef796e60, 0x6671b173), + TOBN(0x664e46e5, 0x9090c632), TOBN(0xa38062d4, 0x1e66f8fb), + TOBN(0x6c744a20, 0x0573274e), TOBN(0xd07b67e4, 0xa9271394), + TOBN(0x391223b2, 0x6bdc0e20), TOBN(0xbe2d93f1, 0xeb0a05a7), + TOBN(0xf23e2e53, 0x3f36d141), TOBN(0xe84bb3d4, 0x4dfca442), + TOBN(0xb804a48d, 0x6b7c023a), TOBN(0x1e16a8fa, 0x76431c3b), + TOBN(0x1b5452ad, 0xddd472e0), TOBN(0x7d405ee7, 0x0d1ee127), + TOBN(0x50fc6f1d, 0xffa27599), TOBN(0x351ac53c, 0xbf391b35), + TOBN(0x7efa14b8, 0x4444896b), TOBN(0x64974d2f, 0xf94027fb), + TOBN(0xefdcd0e8, 0xde84487d), TOBN(0x8c45b260, 0x2b48989b), + TOBN(0xa8fcbbc2, 0xd8463487), TOBN(0xd1b2b3f7, 0x3fbc476c), + TOBN(0x21d005b7, 0xc8f443c0), TOBN(0x518f2e67, 0x40c0139c), + TOBN(0x56036e8c, 0x06d75fc1), TOBN(0x2dcf7bb7, 0x3249a89f), + TOBN(0x81dd1d3d, 0xe245e7dd), TOBN(0xf578dc4b, 0xebd6e2a7), + TOBN(0x4c028903, 0xdf2ce7a0), TOBN(0xaee36288, 0x9c39afac), + TOBN(0xdc847c31, 0x146404ab), TOBN(0x6304c0d8, 0xa4e97818), + TOBN(0xae51dca2, 0xa91f6791), TOBN(0x2abe4190, 0x9baa9efc), + TOBN(0xd9d2e2f4, 0x559c7ac1), TOBN(0xe82f4b51, 0xfc9f773a), + TOBN(0xa7713027, 0x4073e81c), TOBN(0xc0276fac, 0xfbb596fc), + TOBN(0x1d819fc9, 0xa684f70c), TOBN(0x29b47fdd, 0xc9f7b1e0), + TOBN(0x358de103, 0x459b1940), TOBN(0xec881c59, 0x5b013e93), + TOBN(0x51574c93, 0x49532ad3), TOBN(0x2db1d445, 0xb37b46de), + TOBN(0xc6445b87, 0xdf239fd8), TOBN(0xc718af75, 0x151d24ee), + TOBN(0xaea1c4a4, 0xf43c6259), TOBN(0x40c0e5d7, 0x70be02f7), + TOBN(0x6a4590f4, 0x721b33f2), TOBN(0x2124f1fb, 0xfedf04ea), + TOBN(0xf8e53cde, 0x9745efe7), TOBN(0xe7e10432, 0x65f046d9), + TOBN(0xc3fca28e, 0xe4d0c7e6), TOBN(0x847e339a, 0x87253b1b), + TOBN(0x9b595348, 0x3743e643), TOBN(0xcb6a0a0b, 0x4fd12fc5), + TOBN(0xfb6836c3, 0x27d02dcc), TOBN(0x5ad00982, 0x7a68bcc2), + TOBN(0x1b24b44c, 0x005e912d), TOBN(0xcc83d20f, 0x811fdcfe), + TOBN(0x36527ec1, 0x666fba0c), TOBN(0x69948197, 0x14754635), + TOBN(0xfcdcb1a8, 0x556da9c2), TOBN(0xa5934267, 0x81a732b2), + TOBN(0xec1214ed, 0xa714181d), TOBN(0x609ac13b, 0x6067b341), + TOBN(0xff4b4c97, 0xa545df1f), TOBN(0xa1240501, 0x34d2076b), + TOBN(0x6efa0c23, 0x1409ca97), TOBN(0x254cc1a8, 0x20638c43), + TOBN(0xd4e363af, 0xdcfb46cd), TOBN(0x62c2adc3, 0x03942a27), + TOBN(0xc67b9df0, 0x56e46483), TOBN(0xa55abb20, 0x63736356), + TOBN(0xab93c098, 0xc551bc52), TOBN(0x382b49f9, 0xb15fe64b), + TOBN(0x9ec221ad, 0x4dff8d47), TOBN(0x79caf615, 0x437df4d6), + TOBN(0x5f13dc64, 0xbb456509), TOBN(0xe4c589d9, 0x191f0714), + TOBN(0x27b6a8ab, 0x3fd40e09), TOBN(0xe455842e, 0x77313ea9), + TOBN(0x8b51d1e2, 0x1f55988b), TOBN(0x5716dd73, 0x062bbbfc), + TOBN(0x633c11e5, 0x4e8bf3de), TOBN(0x9a0e77b6, 0x1b85be3b), + TOBN(0x56510729, 0x0911cca6), TOBN(0x27e76495, 0xefa6590f), + TOBN(0xe4ac8b33, 0x070d3aab), TOBN(0x2643672b, 0x9a2cd5e5), + TOBN(0x52eff79b, 0x1cfc9173), TOBN(0x665ca49b, 0x90a7c13f), + TOBN(0x5a8dda59, 0xb3efb998), TOBN(0x8a5b922d, 0x052f1341), + TOBN(0xae9ebbab, 0x3cf9a530), TOBN(0x35986e7b, 0xf56da4d7), + TOBN(0x3a636b5c, 0xff3513cc), TOBN(0xbb0cf8ba, 0x3198f7dd), + TOBN(0xb8d40522, 0x41f16f86), TOBN(0x760575d8, 0xde13a7bf), + TOBN(0x36f74e16, 0x9f7aa181), TOBN(0x163a3ecf, 0xf509ed1c), + TOBN(0x6aead61f, 0x3c40a491), TOBN(0x158c95fc, 0xdfe8fcaa), + TOBN(0xa3991b6e, 0x13cda46f), TOBN(0x79482415, 0x342faed0), + TOBN(0xf3ba5bde, 0x666b5970), TOBN(0x1d52e6bc, 0xb26ab6dd), + TOBN(0x768ba1e7, 0x8608dd3d), TOBN(0x4930db2a, 0xea076586), + TOBN(0xd9575714, 0xe7dc1afa), TOBN(0x1fc7bf7d, 0xf7c58817), + TOBN(0x6b47accd, 0xd9eee96c), TOBN(0x0ca277fb, 0xe58cec37), + TOBN(0x113fe413, 0xe702c42a), TOBN(0xdd1764ee, 0xc47cbe51), + TOBN(0x041e7cde, 0x7b3ed739), TOBN(0x50cb7459, 0x5ce9e1c0), + TOBN(0x35568513, 0x2925b212), TOBN(0x7cff95c4, 0x001b081c), + TOBN(0x63ee4cbd, 0x8088b454), TOBN(0xdb7f32f7, 0x9a9e0c8a), + TOBN(0xb377d418, 0x6b2447cb), TOBN(0xe3e982aa, 0xd370219b), + TOBN(0x06ccc1e4, 0xc2a2a593), TOBN(0x72c36865, 0x0773f24f), + TOBN(0xa13b4da7, 0x95859423), TOBN(0x8bbf1d33, 0x75040c8f), + TOBN(0x726f0973, 0xda50c991), TOBN(0x48afcd5b, 0x822d6ee2), + TOBN(0xe5fc718b, 0x20fd7771), TOBN(0xb9e8e77d, 0xfd0807a1), + TOBN(0x7f5e0f44, 0x99a7703d), TOBN(0x6972930e, 0x618e36f3), + TOBN(0x2b7c77b8, 0x23807bbe), TOBN(0xe5b82405, 0xcb27ff50), + TOBN(0xba8b8be3, 0xbd379062), TOBN(0xd64b7a1d, 0x2dce4a92), + TOBN(0x040a73c5, 0xb2952e37), TOBN(0x0a9e252e, 0xd438aeca), + TOBN(0xdd43956b, 0xc39d3bcb), TOBN(0x1a31ca00, 0xb32b2d63), + TOBN(0xd67133b8, 0x5c417a18), TOBN(0xd08e4790, 0x2ef442c8), + TOBN(0x98cb1ae9, 0x255c0980), TOBN(0x4bd86381, 0x2b4a739f), + TOBN(0x5a5c31e1, 0x1e4a45a1), TOBN(0x1e5d55fe, 0x9cb0db2f), + TOBN(0x74661b06, 0x8ff5cc29), TOBN(0x026b389f, 0x0eb8a4f4), + TOBN(0x536b21a4, 0x58848c24), TOBN(0x2e5bf8ec, 0x81dc72b0), + TOBN(0x03c187d0, 0xad886aac), TOBN(0x5c16878a, 0xb771b645), + TOBN(0xb07dfc6f, 0xc74045ab), TOBN(0x2c6360bf, 0x7800caed), + TOBN(0x24295bb5, 0xb9c972a3), TOBN(0xc9e6f88e, 0x7c9a6dba), + TOBN(0x90ffbf24, 0x92a79aa6), TOBN(0xde29d50a, 0x41c26ac2), + TOBN(0x9f0af483, 0xd309cbe6), TOBN(0x5b020d8a, 0xe0bced4f), + TOBN(0x606e986d, 0xb38023e3), TOBN(0xad8f2c9d, 0x1abc6933), + TOBN(0x19292e1d, 0xe7400e93), TOBN(0xfe3e18a9, 0x52be5e4d), + TOBN(0xe8e9771d, 0x2e0680bf), TOBN(0x8c5bec98, 0xc54db063), + TOBN(0x2af9662a, 0x74a55d1f), TOBN(0xe3fbf28f, 0x046f66d8), + TOBN(0xa3a72ab4, 0xd4dc4794), TOBN(0x09779f45, 0x5c7c2dd8), + TOBN(0xd893bdaf, 0xc3d19d8d), TOBN(0xd5a75094, 0x57d6a6df), + TOBN(0x8cf8fef9, 0x952e6255), TOBN(0x3da67cfb, 0xda9a8aff), + TOBN(0x4c23f62a, 0x2c160dcd), TOBN(0x34e6c5e3, 0x8f90eaef), + TOBN(0x35865519, 0xa9a65d5a), TOBN(0x07c48aae, 0x8fd38a3d), + TOBN(0xb7e7aeda, 0x50068527), TOBN(0x2c09ef23, 0x1c90936a), + TOBN(0x31ecfeb6, 0xe879324c), TOBN(0xa0871f6b, 0xfb0ec938), + TOBN(0xb1f0fb68, 0xd84d835d), TOBN(0xc90caf39, 0x861dc1e6), + TOBN(0x12e5b046, 0x7594f8d7), TOBN(0x26897ae2, 0x65012b92), + TOBN(0xbcf68a08, 0xa4d6755d), TOBN(0x403ee41c, 0x0991fbda), + TOBN(0x733e343e, 0x3bbf17e8), TOBN(0xd2c7980d, 0x679b3d65), + TOBN(0x33056232, 0xd2e11305), TOBN(0x966be492, 0xf3c07a6f), + TOBN(0x6a8878ff, 0xbb15509d), TOBN(0xff221101, 0x0a9b59a4), + TOBN(0x6c9f564a, 0xabe30129), TOBN(0xc6f2c940, 0x336e64cf), + TOBN(0x0fe75262, 0x8b0c8022), TOBN(0xbe0267e9, 0x6ae8db87), + TOBN(0x22e192f1, 0x93bc042b), TOBN(0xf085b534, 0xb237c458), + TOBN(0xa0d192bd, 0x832c4168), TOBN(0x7a76e9e3, 0xbdf6271d), + TOBN(0x52a882fa, 0xb88911b5), TOBN(0xc85345e4, 0xb4db0eb5), + TOBN(0xa3be02a6, 0x81a7c3ff), TOBN(0x51889c8c, 0xf0ec0469), + TOBN(0x9d031369, 0xa5e829e5), TOBN(0xcbb4c6fc, 0x1607aa41), + TOBN(0x75ac59a6, 0x241d84c1), TOBN(0xc043f2bf, 0x8829e0ee), + TOBN(0x82a38f75, 0x8ea5e185), TOBN(0x8bda40b9, 0xd87cbd9f), + TOBN(0x9e65e75e, 0x2d8fc601), TOBN(0x3d515f74, 0xa35690b3), + TOBN(0x534acf4f, 0xda79e5ac), TOBN(0x68b83b3a, 0x8630215f), + TOBN(0x5c748b2e, 0xd085756e), TOBN(0xb0317258, 0xe5d37cb2), + TOBN(0x6735841a, 0xc5ccc2c4), TOBN(0x7d7dc96b, 0x3d9d5069), + TOBN(0xa147e410, 0xfd1754bd), TOBN(0x65296e94, 0xd399ddd5), + TOBN(0xf6b5b2d0, 0xbc8fa5bc), TOBN(0x8a5ead67, 0x500c277b), + TOBN(0x214625e6, 0xdfa08a5d), TOBN(0x51fdfedc, 0x959cf047), + TOBN(0x6bc9430b, 0x289fca32), TOBN(0xe36ff0cf, 0x9d9bdc3f), + TOBN(0x2fe187cb, 0x58ea0ede), TOBN(0xed66af20, 0x5a900b3f), + TOBN(0x00e0968b, 0x5fa9f4d6), TOBN(0x2d4066ce, 0x37a362e7), + TOBN(0xa99a9748, 0xbd07e772), TOBN(0x710989c0, 0x06a4f1d0), + TOBN(0xd5dedf35, 0xce40cbd8), TOBN(0xab55c5f0, 0x1743293d), + TOBN(0x766f1144, 0x8aa24e2c), TOBN(0x94d874f8, 0x605fbcb4), + TOBN(0xa365f0e8, 0xa518001b), TOBN(0xee605eb6, 0x9d04ef0f), + TOBN(0x5a3915cd, 0xba8d4d25), TOBN(0x44c0e1b8, 0xb5113472), + TOBN(0xcbb024e8, 0x8b6740dc), TOBN(0x89087a53, 0xee1d4f0c), + TOBN(0xa88fa05c, 0x1fc4e372), TOBN(0x8bf395cb, 0xaf8b3af2), + TOBN(0x1e71c9a1, 0xdeb8568b), TOBN(0xa35daea0, 0x80fb3d32), + TOBN(0xe8b6f266, 0x2cf8fb81), TOBN(0x6d51afe8, 0x9490696a), + TOBN(0x81beac6e, 0x51803a19), TOBN(0xe3d24b7f, 0x86219080), + TOBN(0x727cfd9d, 0xdf6f463c), TOBN(0x8c6865ca, 0x72284ee8), + TOBN(0x32c88b7d, 0xb743f4ef), TOBN(0x3793909b, 0xe7d11dce), + TOBN(0xd398f922, 0x2ff2ebe8), TOBN(0x2c70ca44, 0xe5e49796), + TOBN(0xdf4d9929, 0xcb1131b1), TOBN(0x7826f298, 0x25888e79), + TOBN(0x4d3a112c, 0xf1d8740a), TOBN(0x00384cb6, 0x270afa8b), + TOBN(0xcb64125b, 0x3ab48095), TOBN(0x3451c256, 0x62d05106), + TOBN(0xd73d577d, 0xa4955845), TOBN(0x39570c16, 0xbf9f4433), + TOBN(0xd7dfaad3, 0xadecf263), TOBN(0xf1c3d8d1, 0xdc76e102), + TOBN(0x5e774a58, 0x54c6a836), TOBN(0xdad4b672, 0x3e92d47b), + TOBN(0xbe7e990f, 0xf0d796a0), TOBN(0x5fc62478, 0xdf0e8b02), + TOBN(0x8aae8bf4, 0x030c00ad), TOBN(0x3d2db93b, 0x9004ba0f), + TOBN(0xe48c8a79, 0xd85d5ddc), TOBN(0xe907caa7, 0x6bb07f34), + TOBN(0x58db343a, 0xa39eaed5), TOBN(0x0ea6e007, 0xadaf5724), + TOBN(0xe00df169, 0xd23233f3), TOBN(0x3e322796, 0x77cb637f), + TOBN(0x1f897c0e, 0x1da0cf6c), TOBN(0xa651f5d8, 0x31d6bbdd), + TOBN(0xdd61af19, 0x1a230c76), TOBN(0xbd527272, 0xcdaa5e4a), + TOBN(0xca753636, 0xd0abcd7e), TOBN(0x78bdd37c, 0x370bd8dc), + TOBN(0xc23916c2, 0x17cd93fe), TOBN(0x65b97a4d, 0xdadce6e2), + TOBN(0xe04ed4eb, 0x174e42f8), TOBN(0x1491ccaa, 0xbb21480a), + TOBN(0x145a8280, 0x23196332), TOBN(0x3c3862d7, 0x587b479a), + TOBN(0x9f4a88a3, 0x01dcd0ed), TOBN(0x4da2b7ef, 0x3ea12f1f), + TOBN(0xf8e7ae33, 0xb126e48e), TOBN(0x404a0b32, 0xf494e237), + TOBN(0x9beac474, 0xc55acadb), TOBN(0x4ee5cf3b, 0xcbec9fd9), + TOBN(0x336b33b9, 0x7df3c8c3), TOBN(0xbd905fe3, 0xb76808fd), + TOBN(0x8f436981, 0xaa45c16a), TOBN(0x255c5bfa, 0x3dd27b62), + TOBN(0x71965cbf, 0xc3dd9b4d), TOBN(0xce23edbf, 0xfc068a87), + TOBN(0xb78d4725, 0x745b029b), TOBN(0x74610713, 0xcefdd9bd), + TOBN(0x7116f75f, 0x1266bf52), TOBN(0x02046722, 0x18e49bb6), + TOBN(0xdf43df9f, 0x3d6f19e3), TOBN(0xef1bc7d0, 0xe685cb2f), + TOBN(0xcddb27c1, 0x7078c432), TOBN(0xe1961b9c, 0xb77fedb7), + TOBN(0x1edc2f5c, 0xc2290570), TOBN(0x2c3fefca, 0x19cbd886), + TOBN(0xcf880a36, 0xc2af389a), TOBN(0x96c610fd, 0xbda71cea), + TOBN(0xf03977a9, 0x32aa8463), TOBN(0x8eb7763f, 0x8586d90a), + TOBN(0x3f342454, 0x2a296e77), TOBN(0xc8718683, 0x42837a35), + TOBN(0x7dc71090, 0x6a09c731), TOBN(0x54778ffb, 0x51b816db), + TOBN(0x6b33bfec, 0xaf06defd), TOBN(0xfe3c105f, 0x8592b70b), + TOBN(0xf937fda4, 0x61da6114), TOBN(0x3c13e651, 0x4c266ad7), + TOBN(0xe363a829, 0x855938e8), TOBN(0x2eeb5d9e, 0x9de54b72), + TOBN(0xbeb93b0e, 0x20ccfab9), TOBN(0x3dffbb5f, 0x25e61a25), + TOBN(0x7f655e43, 0x1acc093d), TOBN(0x0cb6cc3d, 0x3964ce61), + TOBN(0x6ab283a1, 0xe5e9b460), TOBN(0x55d787c5, 0xa1c7e72d), + TOBN(0x4d2efd47, 0xdeadbf02), TOBN(0x11e80219, 0xac459068), + TOBN(0x810c7626, 0x71f311f0), TOBN(0xfa17ef8d, 0x4ab6ef53), + TOBN(0xaf47fd25, 0x93e43bff), TOBN(0x5cb5ff3f, 0x0be40632), + TOBN(0x54687106, 0x8ee61da3), TOBN(0x7764196e, 0xb08afd0f), + TOBN(0x831ab3ed, 0xf0290a8f), TOBN(0xcae81966, 0xcb47c387), + TOBN(0xaad7dece, 0x184efb4f), TOBN(0xdcfc53b3, 0x4749110e), + TOBN(0x6698f23c, 0x4cb632f9), TOBN(0xc42a1ad6, 0xb91f8067), + TOBN(0xb116a81d, 0x6284180a), TOBN(0xebedf5f8, 0xe901326f), + TOBN(0xf2274c9f, 0x97e3e044), TOBN(0x42018520, 0x11d09fc9), + TOBN(0x56a65f17, 0xd18e6e23), TOBN(0x2ea61e2a, 0x352b683c), + TOBN(0x27d291bc, 0x575eaa94), TOBN(0x9e7bc721, 0xb8ff522d), + TOBN(0x5f7268bf, 0xa7f04d6f), TOBN(0x5868c73f, 0xaba41748), + TOBN(0x9f85c2db, 0x7be0eead), TOBN(0x511e7842, 0xff719135), + TOBN(0x5a06b1e9, 0xc5ea90d7), TOBN(0x0c19e283, 0x26fab631), + TOBN(0x8af8f0cf, 0xe9206c55), TOBN(0x89389cb4, 0x3553c06a), + TOBN(0x39dbed97, 0xf65f8004), TOBN(0x0621b037, 0xc508991d), + TOBN(0x1c52e635, 0x96e78cc4), TOBN(0x5385c8b2, 0x0c06b4a8), + TOBN(0xd84ddfdb, 0xb0e87d03), TOBN(0xc49dfb66, 0x934bafad), + TOBN(0x7071e170, 0x59f70772), TOBN(0x3a073a84, 0x3a1db56b), + TOBN(0x03494903, 0x3b8af190), TOBN(0x7d882de3, 0xd32920f0), + TOBN(0x91633f0a, 0xb2cf8940), TOBN(0x72b0b178, 0x6f948f51), + TOBN(0x2d28dc30, 0x782653c8), TOBN(0x88829849, 0xdb903a05), + TOBN(0xb8095d0c, 0x6a19d2bb), TOBN(0x4b9e7f0c, 0x86f782cb), + TOBN(0x7af73988, 0x2d907064), TOBN(0xd12be0fe, 0x8b32643c), + TOBN(0x358ed23d, 0x0e165dc3), TOBN(0x3d47ce62, 0x4e2378ce), + TOBN(0x7e2bb0b9, 0xfeb8a087), TOBN(0x3246e8ae, 0xe29e10b9), + TOBN(0x459f4ec7, 0x03ce2b4d), TOBN(0xe9b4ca1b, 0xbbc077cf), + TOBN(0x2613b4f2, 0x0e9940c1), TOBN(0xfc598bb9, 0x047d1eb1), + TOBN(0x9744c62b, 0x45036099), TOBN(0xa9dee742, 0x167c65d8), + TOBN(0x0c511525, 0xdabe1943), TOBN(0xda110554, 0x93c6c624), + TOBN(0xae00a52c, 0x651a3be2), TOBN(0xcda5111d, 0x884449a6), + TOBN(0x063c06f4, 0xff33bed1), TOBN(0x73baaf9a, 0x0d3d76b4), + TOBN(0x52fb0c9d, 0x7fc63668), TOBN(0x6886c9dd, 0x0c039cde), + TOBN(0x602bd599, 0x55b22351), TOBN(0xb00cab02, 0x360c7c13), + TOBN(0x8cb616bc, 0x81b69442), TOBN(0x41486700, 0xb55c3cee), + TOBN(0x71093281, 0xf49ba278), TOBN(0xad956d9c, 0x64a50710), + TOBN(0x9561f28b, 0x638a7e81), TOBN(0x54155cdf, 0x5980ddc3), + TOBN(0xb2db4a96, 0xd26f247a), TOBN(0x9d774e4e, 0x4787d100), + TOBN(0x1a9e6e2e, 0x078637d2), TOBN(0x1c363e2d, 0x5e0ae06a), + TOBN(0x7493483e, 0xe9cfa354), TOBN(0x76843cb3, 0x7f74b98d), + TOBN(0xbaca6591, 0xd4b66947), TOBN(0xb452ce98, 0x04460a8c), + TOBN(0x6830d246, 0x43768f55), TOBN(0xf4197ed8, 0x7dff12df), + TOBN(0x6521b472, 0x400dd0f7), TOBN(0x59f5ca8f, 0x4b1e7093), + TOBN(0x6feff11b, 0x080338ae), TOBN(0x0ada31f6, 0xa29ca3c6), + TOBN(0x24794eb6, 0x94a2c215), TOBN(0xd83a43ab, 0x05a57ab4), + TOBN(0x264a543a, 0x2a6f89fe), TOBN(0x2c2a3868, 0xdd5ec7c2), + TOBN(0xd3373940, 0x8439d9b2), TOBN(0x715ea672, 0x0acd1f11), + TOBN(0x42c1d235, 0xe7e6cc19), TOBN(0x81ce6e96, 0xb990585c), + TOBN(0x04e5dfe0, 0xd809c7bd), TOBN(0xd7b2580c, 0x8f1050ab), + TOBN(0x6d91ad78, 0xd8a4176f), TOBN(0x0af556ee, 0x4e2e897c), + TOBN(0x162a8b73, 0x921de0ac), TOBN(0x52ac9c22, 0x7ea78400), + TOBN(0xee2a4eea, 0xefce2174), TOBN(0xbe61844e, 0x6d637f79), + TOBN(0x0491f1bc, 0x789a283b), TOBN(0x72d3ac3d, 0x880836f4), + TOBN(0xaa1c5ea3, 0x88e5402d), TOBN(0x1b192421, 0xd5cc473d), + TOBN(0x5c0b9998, 0x9dc84cac), TOBN(0xb0a8482d, 0x9c6e75b8), + TOBN(0x639961d0, 0x3a191ce2), TOBN(0xda3bc865, 0x6d837930), + TOBN(0xca990653, 0x056e6f8f), TOBN(0x84861c41, 0x64d133a7), + TOBN(0x8b403276, 0x746abe40), TOBN(0xb7b4d51a, 0xebf8e303), + TOBN(0x05b43211, 0x220a255d), TOBN(0xc997152c, 0x02419e6e), + TOBN(0x76ff47b6, 0x630c2fea), TOBN(0x50518677, 0x281fdade), + TOBN(0x3283b8ba, 0xcf902b0b), TOBN(0x8d4b4eb5, 0x37db303b), + TOBN(0xcc89f42d, 0x755011bc), TOBN(0xb43d74bb, 0xdd09d19b), + TOBN(0x65746bc9, 0x8adba350), TOBN(0x364eaf8c, 0xb51c1927), + TOBN(0x13c76596, 0x10ad72ec), TOBN(0x30045121, 0xf8d40c20), + TOBN(0x6d2d99b7, 0xea7b979b), TOBN(0xcd78cd74, 0xe6fb3bcd), + TOBN(0x11e45a9e, 0x86cffbfe), TOBN(0x78a61cf4, 0x637024f6), + TOBN(0xd06bc872, 0x3d502295), TOBN(0xf1376854, 0x458cb288), + TOBN(0xb9db26a1, 0x342f8586), TOBN(0xf33effcf, 0x4beee09e), + TOBN(0xd7e0c4cd, 0xb30cfb3a), TOBN(0x6d09b8c1, 0x6c9db4c8), + TOBN(0x40ba1a42, 0x07c8d9df), TOBN(0x6fd495f7, 0x1c52c66d), + TOBN(0xfb0e169f, 0x275264da), TOBN(0x80c2b746, 0xe57d8362), + TOBN(0xedd987f7, 0x49ad7222), TOBN(0xfdc229af, 0x4398ec7b), + }, + { + TOBN(0xb0d1ed84, 0x52666a58), TOBN(0x4bcb6e00, 0xe6a9c3c2), + TOBN(0x3c57411c, 0x26906408), TOBN(0xcfc20755, 0x13556400), + TOBN(0xa08b1c50, 0x5294dba3), TOBN(0xa30ba286, 0x8b7dd31e), + TOBN(0xd70ba90e, 0x991eca74), TOBN(0x094e142c, 0xe762c2b9), + TOBN(0xb81d783e, 0x979f3925), TOBN(0x1efd130a, 0xaf4c89a7), + TOBN(0x525c2144, 0xfd1bf7fa), TOBN(0x4b296904, 0x1b265a9e), + TOBN(0xed8e9634, 0xb9db65b6), TOBN(0x35c82e32, 0x03599d8a), + TOBN(0xdaa7a54f, 0x403563f3), TOBN(0x9df088ad, 0x022c38ab), + TOBN(0xe5cfb066, 0xbb3fd30a), TOBN(0x429169da, 0xeff0354e), + TOBN(0x809cf852, 0x3524e36c), TOBN(0x136f4fb3, 0x0155be1d), + TOBN(0x4826af01, 0x1fbba712), TOBN(0x6ef0f0b4, 0x506ba1a1), + TOBN(0xd9928b31, 0x77aea73e), TOBN(0xe2bf6af2, 0x5eaa244e), + TOBN(0x8d084f12, 0x4237b64b), TOBN(0x688ebe99, 0xe3ecfd07), + TOBN(0x57b8a70c, 0xf6845dd8), TOBN(0x808fc59c, 0x5da4a325), + TOBN(0xa9032b2b, 0xa3585862), TOBN(0xb66825d5, 0xedf29386), + TOBN(0xb5a5a8db, 0x431ec29b), TOBN(0xbb143a98, 0x3a1e8dc8), + TOBN(0x35ee94ce, 0x12ae381b), TOBN(0x3a7f176c, 0x86ccda90), + TOBN(0xc63a657e, 0x4606eaca), TOBN(0x9ae5a380, 0x43cd04df), + TOBN(0x9bec8d15, 0xed251b46), TOBN(0x1f5d6d30, 0xcaca5e64), + TOBN(0x347b3b35, 0x9ff20f07), TOBN(0x4d65f034, 0xf7e4b286), + TOBN(0x9e93ba24, 0xf111661e), TOBN(0xedced484, 0xb105eb04), + TOBN(0x96dc9ba1, 0xf424b578), TOBN(0xbf8f66b7, 0xe83e9069), + TOBN(0x872d4df4, 0xd7ed8216), TOBN(0xbf07f377, 0x8e2cbecf), + TOBN(0x4281d899, 0x98e73754), TOBN(0xfec85fbb, 0x8aab8708), + TOBN(0x9a3c0dee, 0xa5ba5b0b), TOBN(0xe6a116ce, 0x42d05299), + TOBN(0xae9775fe, 0xe9b02d42), TOBN(0x72b05200, 0xa1545cb6), + TOBN(0xbc506f7d, 0x31a3b4ea), TOBN(0xe5893078, 0x8bbd9b32), + TOBN(0xc8bc5f37, 0xe4b12a97), TOBN(0x6b000c06, 0x4a73b671), + TOBN(0x13b5bf22, 0x765fa7d0), TOBN(0x59805bf0, 0x1d6a5370), + TOBN(0x67a5e29d, 0x4280db98), TOBN(0x4f53916f, 0x776b1ce3), + TOBN(0x714ff61f, 0x33ddf626), TOBN(0x4206238e, 0xa085d103), + TOBN(0x1c50d4b7, 0xe5809ee3), TOBN(0x999f450d, 0x85f8eb1d), + TOBN(0x658a6051, 0xe4c79e9b), TOBN(0x1394cb73, 0xc66a9fea), + TOBN(0x27f31ed5, 0xc6be7b23), TOBN(0xf4c88f36, 0x5aa6f8fe), + TOBN(0x0fb0721f, 0x4aaa499e), TOBN(0x68b3a7d5, 0xe3fb2a6b), + TOBN(0xa788097d, 0x3a92851d), TOBN(0x060e7f8a, 0xe96f4913), + TOBN(0x82eebe73, 0x1a3a93bc), TOBN(0x42bbf465, 0xa21adc1a), + TOBN(0xc10b6fa4, 0xef030efd), TOBN(0x247aa4c7, 0x87b097bb), + TOBN(0x8b8dc632, 0xf60c77da), TOBN(0x6ffbc26a, 0xc223523e), + TOBN(0xa4f6ff11, 0x344579cf), TOBN(0x5825653c, 0x980250f6), + TOBN(0xb2dd097e, 0xbc1aa2b9), TOBN(0x07889393, 0x37a0333a), + TOBN(0x1cf55e71, 0x37a0db38), TOBN(0x2648487f, 0x792c1613), + TOBN(0xdad01336, 0x3fcef261), TOBN(0x6239c81d, 0x0eabf129), + TOBN(0x8ee761de, 0x9d276be2), TOBN(0x406a7a34, 0x1eda6ad3), + TOBN(0x4bf367ba, 0x4a493b31), TOBN(0x54f20a52, 0x9bf7f026), + TOBN(0xb696e062, 0x9795914b), TOBN(0xcddab96d, 0x8bf236ac), + TOBN(0x4ff2c70a, 0xed25ea13), TOBN(0xfa1d09eb, 0x81cbbbe7), + TOBN(0x88fc8c87, 0x468544c5), TOBN(0x847a670d, 0x696b3317), + TOBN(0xf133421e, 0x64bcb626), TOBN(0xaea638c8, 0x26dee0b5), + TOBN(0xd6e7680b, 0xb310346c), TOBN(0xe06f4097, 0xd5d4ced3), + TOBN(0x09961452, 0x7512a30b), TOBN(0xf3d867fd, 0xe589a59a), + TOBN(0x2e73254f, 0x52d0c180), TOBN(0x9063d8a3, 0x333c74ac), + TOBN(0xeda6c595, 0xd314e7bc), TOBN(0x2ee7464b, 0x467899ed), + TOBN(0x1cef423c, 0x0a1ed5d3), TOBN(0x217e76ea, 0x69cc7613), + TOBN(0x27ccce1f, 0xe7cda917), TOBN(0x12d8016b, 0x8a893f16), + TOBN(0xbcd6de84, 0x9fc74f6b), TOBN(0xfa5817e2, 0xf3144e61), + TOBN(0x1f354164, 0x0821ee4c), TOBN(0x1583eab4, 0x0bc61992), + TOBN(0x7490caf6, 0x1d72879f), TOBN(0x998ad9f3, 0xf76ae7b2), + TOBN(0x1e181950, 0xa41157f7), TOBN(0xa9d7e1e6, 0xe8da3a7e), + TOBN(0x963784eb, 0x8426b95f), TOBN(0x0ee4ed6e, 0x542e2a10), + TOBN(0xb79d4cc5, 0xac751e7b), TOBN(0x93f96472, 0xfd4211bd), + TOBN(0x8c72d3d2, 0xc8de4fc6), TOBN(0x7b69cbf5, 0xdf44f064), + TOBN(0x3da90ca2, 0xf4bf94e1), TOBN(0x1a5325f8, 0xf12894e2), + TOBN(0x0a437f6c, 0x7917d60b), TOBN(0x9be70486, 0x96c9cb5d), + TOBN(0xb4d880bf, 0xe1dc5c05), TOBN(0xd738adda, 0xeebeeb57), + TOBN(0x6f0119d3, 0xdf0fe6a3), TOBN(0x5c686e55, 0x66eaaf5a), + TOBN(0x9cb10b50, 0xdfd0b7ec), TOBN(0xbdd0264b, 0x6a497c21), + TOBN(0xfc093514, 0x8c546c96), TOBN(0x58a947fa, 0x79dbf42a), + TOBN(0xc0b48d4e, 0x49ccd6d7), TOBN(0xff8fb02c, 0x88bd5580), + TOBN(0xc75235e9, 0x07d473b2), TOBN(0x4fab1ac5, 0xa2188af3), + TOBN(0x030fa3bc, 0x97576ec0), TOBN(0xe8c946e8, 0x0b7e7d2f), + TOBN(0x40a5c9cc, 0x70305600), TOBN(0x6d8260a9, 0xc8b013b4), + TOBN(0x0368304f, 0x70bba85c), TOBN(0xad090da1, 0xa4a0d311), + TOBN(0x7170e870, 0x2415eec1), TOBN(0xbfba35fe, 0x8461ea47), + TOBN(0x6279019a, 0xc1e91938), TOBN(0xa47638f3, 0x1afc415f), + TOBN(0x36c65cbb, 0xbcba0e0f), TOBN(0x02160efb, 0x034e2c48), + TOBN(0xe6c51073, 0x615cd9e4), TOBN(0x498ec047, 0xf1243c06), + TOBN(0x3e5a8809, 0xb17b3d8c), TOBN(0x5cd99e61, 0x0cc565f1), + TOBN(0x81e312df, 0x7851dafe), TOBN(0xf156f5ba, 0xa79061e2), + TOBN(0x80d62b71, 0x880c590e), TOBN(0xbec9746f, 0x0a39faa1), + TOBN(0x1d98a9c1, 0xc8ed1f7a), TOBN(0x09e43bb5, 0xa81d5ff2), + TOBN(0xd5f00f68, 0x0da0794a), TOBN(0x412050d9, 0x661aa836), + TOBN(0xa89f7c4e, 0x90747e40), TOBN(0x6dc05ebb, 0xb62a3686), + TOBN(0xdf4de847, 0x308e3353), TOBN(0x53868fbb, 0x9fb53bb9), + TOBN(0x2b09d2c3, 0xcfdcf7dd), TOBN(0x41a9fce3, 0x723fcab4), + TOBN(0x73d905f7, 0x07f57ca3), TOBN(0x080f9fb1, 0xac8e1555), + TOBN(0x7c088e84, 0x9ba7a531), TOBN(0x07d35586, 0xed9a147f), + TOBN(0x602846ab, 0xaf48c336), TOBN(0x7320fd32, 0x0ccf0e79), + TOBN(0xaa780798, 0xb18bd1ff), TOBN(0x52c2e300, 0xafdd2905), + TOBN(0xf27ea3d6, 0x434267cd), TOBN(0x8b96d16d, 0x15605b5f), + TOBN(0x7bb31049, 0x4b45706b), TOBN(0xe7f58b8e, 0x743d25f8), + TOBN(0xe9b5e45b, 0x87f30076), TOBN(0xd19448d6, 0x5d053d5a), + TOBN(0x1ecc8cb9, 0xd3210a04), TOBN(0x6bc7d463, 0xdafb5269), + TOBN(0x3e59b10a, 0x67c3489f), TOBN(0x1769788c, 0x65641e1b), + TOBN(0x8a53b82d, 0xbd6cb838), TOBN(0x7066d6e6, 0x236d5f22), + TOBN(0x03aa1c61, 0x6908536e), TOBN(0xc971da0d, 0x66ae9809), + TOBN(0x01b3a86b, 0xc49a2fac), TOBN(0x3b8420c0, 0x3092e77a), + TOBN(0x02057300, 0x7d6fb556), TOBN(0x6941b2a1, 0xbff40a87), + TOBN(0x140b6308, 0x0658ff2a), TOBN(0x87804363, 0x3424ab36), + TOBN(0x0253bd51, 0x5751e299), TOBN(0xc75bcd76, 0x449c3e3a), + TOBN(0x92eb4090, 0x7f8f875d), TOBN(0x9c9d754e, 0x56c26bbf), + TOBN(0x158cea61, 0x8110bbe7), TOBN(0x62a6b802, 0x745f91ea), + TOBN(0xa79c41aa, 0xc6e7394b), TOBN(0x445b6a83, 0xad57ef10), + TOBN(0x0c5277eb, 0x6ea6f40c), TOBN(0x319fe96b, 0x88633365), + TOBN(0x0b0fc61f, 0x385f63cb), TOBN(0x41250c84, 0x22bdd127), + TOBN(0x67d153f1, 0x09e942c2), TOBN(0x60920d08, 0xc021ad5d), + TOBN(0x229f5746, 0x724d81a5), TOBN(0xb7ffb892, 0x5bba3299), + TOBN(0x518c51a1, 0xde413032), TOBN(0x2a9bfe77, 0x3c2fd94c), + TOBN(0xcbcde239, 0x3191f4fd), TOBN(0x43093e16, 0xd3d6ada1), + TOBN(0x184579f3, 0x58769606), TOBN(0x2c94a8b3, 0xd236625c), + TOBN(0x6922b9c0, 0x5c437d8e), TOBN(0x3d4ae423, 0xd8d9f3c8), + TOBN(0xf72c31c1, 0x2e7090a2), TOBN(0x4ac3f5f3, 0xd76a55bd), + TOBN(0x342508fc, 0x6b6af991), TOBN(0x0d527100, 0x1b5cebbd), + TOBN(0xb84740d0, 0xdd440dd7), TOBN(0x748ef841, 0x780162fd), + TOBN(0xa8dbfe0e, 0xdfc6fafb), TOBN(0xeadfdf05, 0xf7300f27), + TOBN(0x7d06555f, 0xfeba4ec9), TOBN(0x12c56f83, 0x9e25fa97), + TOBN(0x77f84203, 0xd39b8c34), TOBN(0xed8b1be6, 0x3125eddb), + TOBN(0x5bbf2441, 0xf6e39dc5), TOBN(0xb00f6ee6, 0x6a5d678a), + TOBN(0xba456ecf, 0x57d0ea99), TOBN(0xdcae0f58, 0x17e06c43), + TOBN(0x01643de4, 0x0f5b4baa), TOBN(0x2c324341, 0xd161b9be), + TOBN(0x80177f55, 0xe126d468), TOBN(0xed325f1f, 0x76748e09), + TOBN(0x6116004a, 0xcfa9bdc2), TOBN(0x2d8607e6, 0x3a9fb468), + TOBN(0x0e573e27, 0x6009d660), TOBN(0x3a525d2e, 0x8d10c5a1), + TOBN(0xd26cb45c, 0x3b9009a0), TOBN(0xb6b0cdc0, 0xde9d7448), + TOBN(0x949c9976, 0xe1337c26), TOBN(0x6faadebd, 0xd73d68e5), + TOBN(0x9e158614, 0xf1b768d9), TOBN(0x22dfa557, 0x9cc4f069), + TOBN(0xccd6da17, 0xbe93c6d6), TOBN(0x24866c61, 0xa504f5b9), + TOBN(0x2121353c, 0x8d694da1), TOBN(0x1c6ca580, 0x0140b8c6), + TOBN(0xc245ad8c, 0xe964021e), TOBN(0xb83bffba, 0x032b82b3), + TOBN(0xfaa220c6, 0x47ef9898), TOBN(0x7e8d3ac6, 0x982c948a), + TOBN(0x1faa2091, 0xbc2d124a), TOBN(0xbd54c3dd, 0x05b15ff4), + TOBN(0x386bf3ab, 0xc87c6fb7), TOBN(0xfb2b0563, 0xfdeb6f66), + TOBN(0x4e77c557, 0x5b45afb4), TOBN(0xe9ded649, 0xefb8912d), + TOBN(0x7ec9bbf5, 0x42f6e557), TOBN(0x2570dfff, 0x62671f00), + TOBN(0x2b3bfb78, 0x88e084bd), TOBN(0xa024b238, 0xf37fe5b4), + TOBN(0x44e7dc04, 0x95649aee), TOBN(0x498ca255, 0x5e7ec1d8), + TOBN(0x3bc766ea, 0xaaa07e86), TOBN(0x0db6facb, 0xf3608586), + TOBN(0xbadd2549, 0xbdc259c8), TOBN(0x95af3c6e, 0x041c649f), + TOBN(0xb36a928c, 0x02e30afb), TOBN(0x9b5356ad, 0x008a88b8), + TOBN(0x4b67a5f1, 0xcf1d9e9d), TOBN(0xc6542e47, 0xa5d8d8ce), + TOBN(0x73061fe8, 0x7adfb6cc), TOBN(0xcc826fd3, 0x98678141), + TOBN(0x00e758b1, 0x3c80515a), TOBN(0x6afe3247, 0x41485083), + TOBN(0x0fcb08b9, 0xb6ae8a75), TOBN(0xb8cf388d, 0x4acf51e1), + TOBN(0x344a5560, 0x6961b9d6), TOBN(0x1a6778b8, 0x6a97fd0c), + TOBN(0xd840fdc1, 0xecc4c7e3), TOBN(0xde9fe47d, 0x16db68cc), + TOBN(0xe95f89de, 0xa3e216aa), TOBN(0x84f1a6a4, 0x9594a8be), + TOBN(0x7ddc7d72, 0x5a7b162b), TOBN(0xc5cfda19, 0xadc817a3), + TOBN(0x80a5d350, 0x78b58d46), TOBN(0x93365b13, 0x82978f19), + TOBN(0x2e44d225, 0x26a1fc90), TOBN(0x0d6d10d2, 0x4d70705d), + TOBN(0xd94b6b10, 0xd70c45f4), TOBN(0x0f201022, 0xb216c079), + TOBN(0xcec966c5, 0x658fde41), TOBN(0xa8d2bc7d, 0x7e27601d), + TOBN(0xbfcce3e1, 0xff230be7), TOBN(0x3394ff6b, 0x0033ffb5), + TOBN(0xd890c509, 0x8132c9af), TOBN(0xaac4b0eb, 0x361e7868), + TOBN(0x5194ded3, 0xe82d15aa), TOBN(0x4550bd2e, 0x23ae6b7d), + TOBN(0x3fda318e, 0xea5399d4), TOBN(0xd989bffa, 0x91638b80), + TOBN(0x5ea124d0, 0xa14aa12d), TOBN(0x1fb1b899, 0x3667b944), + TOBN(0x95ec7969, 0x44c44d6a), TOBN(0x91df144a, 0x57e86137), + TOBN(0x915fd620, 0x73adac44), TOBN(0x8f01732d, 0x59a83801), + TOBN(0xec579d25, 0x3aa0a633), TOBN(0x06de5e7c, 0xc9d6d59c), + TOBN(0xc132f958, 0xb1ef8010), TOBN(0x29476f96, 0xe65c1a02), + TOBN(0x336a77c0, 0xd34c3565), TOBN(0xef1105b2, 0x1b9f1e9e), + TOBN(0x63e6d08b, 0xf9e08002), TOBN(0x9aff2f21, 0xc613809e), + TOBN(0xb5754f85, 0x3a80e75d), TOBN(0xde71853e, 0x6bbda681), + TOBN(0x86f041df, 0x8197fd7a), TOBN(0x8b332e08, 0x127817fa), + TOBN(0x05d99be8, 0xb9c20cda), TOBN(0x89f7aad5, 0xd5cd0c98), + TOBN(0x7ef936fe, 0x5bb94183), TOBN(0x92ca0753, 0xb05cd7f2), + TOBN(0x9d65db11, 0x74a1e035), TOBN(0x02628cc8, 0x13eaea92), + TOBN(0xf2d9e242, 0x49e4fbf2), TOBN(0x94fdfd9b, 0xe384f8b7), + TOBN(0x65f56054, 0x63428c6b), TOBN(0x2f7205b2, 0x90b409a5), + TOBN(0xf778bb78, 0xff45ae11), TOBN(0xa13045be, 0xc5ee53b2), + TOBN(0xe00a14ff, 0x03ef77fe), TOBN(0x689cd59f, 0xffef8bef), + TOBN(0x3578f0ed, 0x1e9ade22), TOBN(0xe99f3ec0, 0x6268b6a8), + TOBN(0xa2057d91, 0xea1b3c3e), TOBN(0x2d1a7053, 0xb8823a4a), + TOBN(0xabbb336a, 0x2cca451e), TOBN(0xcd2466e3, 0x2218bb5d), + TOBN(0x3ac1f42f, 0xc8cb762d), TOBN(0x7e312aae, 0x7690211f), + TOBN(0xebb9bd73, 0x45d07450), TOBN(0x207c4b82, 0x46c2213f), + TOBN(0x99d425c1, 0x375913ec), TOBN(0x94e45e96, 0x67908220), + TOBN(0xc08f3087, 0xcd67dbf6), TOBN(0xa5670fbe, 0xc0887056), + TOBN(0x6717b64a, 0x66f5b8fc), TOBN(0xd5a56aea, 0x786fec28), + TOBN(0xa8c3f55f, 0xc0ff4952), TOBN(0xa77fefae, 0x457ac49b), + TOBN(0x29882d7c, 0x98379d44), TOBN(0xd000bdfb, 0x509edc8a), + TOBN(0xc6f95979, 0xe66fe464), TOBN(0x504a6115, 0xfa61bde0), + TOBN(0x56b3b871, 0xeffea31a), TOBN(0x2d3de26d, 0xf0c21a54), + TOBN(0x21dbff31, 0x834753bf), TOBN(0xe67ecf49, 0x69269d86), + TOBN(0x7a176952, 0x151fe690), TOBN(0x03515804, 0x7f2adb5f), + TOBN(0xee794b15, 0xd1b62a8d), TOBN(0xf004ceec, 0xaae454e6), + TOBN(0x0897ea7c, 0xf0386fac), TOBN(0x3b62ff12, 0xd1fca751), + TOBN(0x154181df, 0x1b7a04ec), TOBN(0x2008e04a, 0xfb5847ec), + TOBN(0xd147148e, 0x41dbd772), TOBN(0x2b419f73, 0x22942654), + TOBN(0x669f30d3, 0xe9c544f7), TOBN(0x52a2c223, 0xc8540149), + TOBN(0x5da9ee14, 0x634dfb02), TOBN(0x5f074ff0, 0xf47869f3), + TOBN(0x74ee878d, 0xa3933acc), TOBN(0xe6510651, 0x4fe35ed1), + TOBN(0xb3eb9482, 0xf1012e7a), TOBN(0x51013cc0, 0xa8a566ae), + TOBN(0xdd5e9243, 0x47c00d3b), TOBN(0x7fde089d, 0x946bb0e5), + TOBN(0x030754fe, 0xc731b4b3), TOBN(0x12a136a4, 0x99fda062), + TOBN(0x7c1064b8, 0x5a1a35bc), TOBN(0xbf1f5763, 0x446c84ef), + TOBN(0xed29a56d, 0xa16d4b34), TOBN(0x7fba9d09, 0xdca21c4f), + TOBN(0x66d7ac00, 0x6d8de486), TOBN(0x60061987, 0x73a2a5e1), + TOBN(0x8b400f86, 0x9da28ff0), TOBN(0x3133f708, 0x43c4599c), + TOBN(0x9911c9b8, 0xee28cb0d), TOBN(0xcd7e2874, 0x8e0af61d), + TOBN(0x5a85f0f2, 0x72ed91fc), TOBN(0x85214f31, 0x9cd4a373), + TOBN(0x881fe5be, 0x1925253c), TOBN(0xd8dc98e0, 0x91e8bc76), + TOBN(0x7120affe, 0x585cc3a2), TOBN(0x724952ed, 0x735bf97a), + TOBN(0x5581e7dc, 0x3eb34581), TOBN(0x5cbff4f2, 0xe52ee57d), + TOBN(0x8d320a0e, 0x87d8cc7b), TOBN(0x9beaa7f3, 0xf1d280d0), + TOBN(0x7a0b9571, 0x9beec704), TOBN(0x9126332e, 0x5b7f0057), + TOBN(0x01fbc1b4, 0x8ed3bd6d), TOBN(0x35bb2c12, 0xd945eb24), + TOBN(0x6404694e, 0x9a8ae255), TOBN(0xb6092eec, 0x8d6abfb3), + TOBN(0x4d76143f, 0xcc058865), TOBN(0x7b0a5af2, 0x6e249922), + TOBN(0x8aef9440, 0x6a50d353), TOBN(0xe11e4bcc, 0x64f0e07a), + TOBN(0x4472993a, 0xa14a90fa), TOBN(0x7706e20c, 0xba0c51d4), + TOBN(0xf403292f, 0x1532672d), TOBN(0x52573bfa, 0x21829382), + TOBN(0x6a7bb6a9, 0x3b5bdb83), TOBN(0x08da65c0, 0xa4a72318), + TOBN(0xc58d22aa, 0x63eb065f), TOBN(0x1717596c, 0x1b15d685), + TOBN(0x112df0d0, 0xb266d88b), TOBN(0xf688ae97, 0x5941945a), + TOBN(0x487386e3, 0x7c292cac), TOBN(0x42f3b50d, 0x57d6985c), + TOBN(0x6da4f998, 0x6a90fc34), TOBN(0xc8f257d3, 0x65ca8a8d), + TOBN(0xc2feabca, 0x6951f762), TOBN(0xe1bc81d0, 0x74c323ac), + TOBN(0x1bc68f67, 0x251a2a12), TOBN(0x10d86587, 0xbe8a70dc), + TOBN(0xd648af7f, 0xf0f84d2e), TOBN(0xf0aa9ebc, 0x6a43ac92), + TOBN(0x69e3be04, 0x27596893), TOBN(0xb6bb02a6, 0x45bf452b), + TOBN(0x0875c11a, 0xf4c698c8), TOBN(0x6652b5c7, 0xbece3794), + TOBN(0x7b3755fd, 0x4f5c0499), TOBN(0x6ea16558, 0xb5532b38), + TOBN(0xd1c69889, 0xa2e96ef7), TOBN(0x9c773c3a, 0x61ed8f48), + TOBN(0x2b653a40, 0x9b323abc), TOBN(0xe26605e1, 0xf0e1d791), + TOBN(0x45d41064, 0x4a87157a), TOBN(0x8f9a78b7, 0xcbbce616), + TOBN(0xcf1e44aa, 0xc407eddd), TOBN(0x81ddd1d8, 0xa35b964f), + TOBN(0x473e339e, 0xfd083999), TOBN(0x6c94bdde, 0x8e796802), + TOBN(0x5a304ada, 0x8545d185), TOBN(0x82ae44ea, 0x738bb8cb), + TOBN(0x628a35e3, 0xdf87e10e), TOBN(0xd3624f3d, 0xa15b9fe3), + TOBN(0xcc44209b, 0x14be4254), TOBN(0x7d0efcbc, 0xbdbc2ea5), + TOBN(0x1f603362, 0x04c37bbe), TOBN(0x21f363f5, 0x56a5852c), + TOBN(0xa1503d1c, 0xa8501550), TOBN(0x2251e0e1, 0xd8ab10bb), + TOBN(0xde129c96, 0x6961c51c), TOBN(0x1f7246a4, 0x81910f68), + TOBN(0x2eb744ee, 0x5f2591f2), TOBN(0x3c47d33f, 0x5e627157), + TOBN(0x4d6d62c9, 0x22f3bd68), TOBN(0x6120a64b, 0xcb8df856), + TOBN(0x3a9ac6c0, 0x7b5d07df), TOBN(0xa92b9558, 0x7ef39783), + TOBN(0xe128a134, 0xab3a9b4f), TOBN(0x41c18807, 0xb1252f05), + TOBN(0xfc7ed089, 0x80ba9b1c), TOBN(0xac8dc6de, 0xc532a9dd), + TOBN(0xbf829cef, 0x55246809), TOBN(0x101b784f, 0x5b4ee80f), + TOBN(0xc09945bb, 0xb6f11603), TOBN(0x57b09dbe, 0x41d2801e), + TOBN(0xfba5202f, 0xa97534a8), TOBN(0x7fd8ae5f, 0xc17b9614), + TOBN(0xa50ba666, 0x78308435), TOBN(0x9572f77c, 0xd3868c4d), + TOBN(0x0cef7bfd, 0x2dd7aab0), TOBN(0xe7958e08, 0x2c7c79ff), + TOBN(0x81262e42, 0x25346689), TOBN(0x716da290, 0xb07c7004), + TOBN(0x35f911ea, 0xb7950ee3), TOBN(0x6fd72969, 0x261d21b5), + TOBN(0x52389803, 0x08b640d3), TOBN(0x5b0026ee, 0x887f12a1), + TOBN(0x20e21660, 0x742e9311), TOBN(0x0ef6d541, 0x5ff77ff7), + TOBN(0x969127f0, 0xf9c41135), TOBN(0xf21d60c9, 0x68a64993), + TOBN(0x656e5d0c, 0xe541875c), TOBN(0xf1e0f84e, 0xa1d3c233), + TOBN(0x9bcca359, 0x06002d60), TOBN(0xbe2da60c, 0x06191552), + TOBN(0x5da8bbae, 0x61181ec3), TOBN(0x9f04b823, 0x65806f19), + TOBN(0xf1604a7d, 0xd4b79bb8), TOBN(0xaee806fb, 0x52c878c8), + TOBN(0x34144f11, 0x8d47b8e8), TOBN(0x72edf52b, 0x949f9054), + TOBN(0xebfca84e, 0x2127015a), TOBN(0x9051d0c0, 0x9cb7cef3), + TOBN(0x86e8fe58, 0x296deec8), TOBN(0x33b28188, 0x41010d74), + }, + { + TOBN(0x01079383, 0x171b445f), TOBN(0x9bcf21e3, 0x8131ad4c), + TOBN(0x8cdfe205, 0xc93987e8), TOBN(0xe63f4152, 0xc92e8c8f), + TOBN(0x729462a9, 0x30add43d), TOBN(0x62ebb143, 0xc980f05a), + TOBN(0x4f3954e5, 0x3b06e968), TOBN(0xfe1d75ad, 0x242cf6b1), + TOBN(0x5f95c6c7, 0xaf8685c8), TOBN(0xd4c1c8ce, 0x2f8f01aa), + TOBN(0xc44bbe32, 0x2574692a), TOBN(0xb8003478, 0xd4a4a068), + TOBN(0x7c8fc6e5, 0x2eca3cdb), TOBN(0xea1db16b, 0xec04d399), + TOBN(0xb05bc82e, 0x8f2bc5cf), TOBN(0x763d517f, 0xf44793d2), + TOBN(0x4451c1b8, 0x08bd98d0), TOBN(0x644b1cd4, 0x6575f240), + TOBN(0x6907eb33, 0x7375d270), TOBN(0x56c8bebd, 0xfa2286bd), + TOBN(0xc713d2ac, 0xc4632b46), TOBN(0x17da427a, 0xafd60242), + TOBN(0x313065b7, 0xc95c7546), TOBN(0xf8239898, 0xbf17a3de), + TOBN(0xf3b7963f, 0x4c830320), TOBN(0x842c7aa0, 0x903203e3), + TOBN(0xaf22ca0a, 0xe7327afb), TOBN(0x38e13092, 0x967609b6), + TOBN(0x73b8fb62, 0x757558f1), TOBN(0x3cc3e831, 0xf7eca8c1), + TOBN(0xe4174474, 0xf6331627), TOBN(0xa77989ca, 0xc3c40234), + TOBN(0xe5fd17a1, 0x44a081e0), TOBN(0xd797fb7d, 0xb70e296a), + TOBN(0x2b472b30, 0x481f719c), TOBN(0x0e632a98, 0xfe6f8c52), + TOBN(0x89ccd116, 0xc5f0c284), TOBN(0xf51088af, 0x2d987c62), + TOBN(0x2a2bccda, 0x4c2de6cf), TOBN(0x810f9efe, 0xf679f0f9), + TOBN(0xb0f394b9, 0x7ffe4b3e), TOBN(0x0b691d21, 0xe5fa5d21), + TOBN(0xb0bd7747, 0x9dfbbc75), TOBN(0xd2830fda, 0xfaf78b00), + TOBN(0xf78c249c, 0x52434f57), TOBN(0x4b1f7545, 0x98096dab), + TOBN(0x73bf6f94, 0x8ff8c0b3), TOBN(0x34aef03d, 0x454e134c), + TOBN(0xf8d151f4, 0xb7ac7ec5), TOBN(0xd6ceb95a, 0xe50da7d5), + TOBN(0xa1b492b0, 0xdc3a0eb8), TOBN(0x75157b69, 0xb3dd2863), + TOBN(0xe2c4c74e, 0xc5413d62), TOBN(0xbe329ff7, 0xbc5fc4c7), + TOBN(0x835a2aea, 0x60fa9dda), TOBN(0xf117f5ad, 0x7445cb87), + TOBN(0xae8317f4, 0xb0166f7a), TOBN(0xfbd3e3f7, 0xceec74e6), + TOBN(0xfdb516ac, 0xe0874bfd), TOBN(0x3d846019, 0xc681f3a3), + TOBN(0x0b12ee5c, 0x7c1620b0), TOBN(0xba68b4dd, 0x2b63c501), + TOBN(0xac03cd32, 0x6668c51e), TOBN(0x2a6279f7, 0x4e0bcb5b), + TOBN(0x17bd69b0, 0x6ae85c10), TOBN(0x72946979, 0x1dfdd3a6), + TOBN(0xd9a03268, 0x2c078bec), TOBN(0x41c6a658, 0xbfd68a52), + TOBN(0xcdea1024, 0x0e023900), TOBN(0xbaeec121, 0xb10d144d), + TOBN(0x5a600e74, 0x058ab8dc), TOBN(0x1333af21, 0xbb89ccdd), + TOBN(0xdf25eae0, 0x3aaba1f1), TOBN(0x2cada16e, 0x3b7144cf), + TOBN(0x657ee27d, 0x71ab98bc), TOBN(0x99088b4c, 0x7a6fc96e), + TOBN(0x05d5c0a0, 0x3549dbd4), TOBN(0x42cbdf8f, 0xf158c3ac), + TOBN(0x3fb6b3b0, 0x87edd685), TOBN(0x22071cf6, 0x86f064d0), + TOBN(0xd2d6721f, 0xff2811e5), TOBN(0xdb81b703, 0xfe7fae8c), + TOBN(0x3cfb74ef, 0xd3f1f7bb), TOBN(0x0cdbcd76, 0x16cdeb5d), + TOBN(0x4f39642a, 0x566a808c), TOBN(0x02b74454, 0x340064d6), + TOBN(0xfabbadca, 0x0528fa6f), TOBN(0xe4c3074c, 0xd3fc0bb6), + TOBN(0xb32cb8b0, 0xb796d219), TOBN(0xc3e95f4f, 0x34741dd9), + TOBN(0x87212125, 0x68edf6f5), TOBN(0x7a03aee4, 0xa2b9cb8e), + TOBN(0x0cd3c376, 0xf53a89aa), TOBN(0x0d8af9b1, 0x948a28dc), + TOBN(0xcf86a3f4, 0x902ab04f), TOBN(0x8aacb62a, 0x7f42002d), + TOBN(0x106985eb, 0xf62ffd52), TOBN(0xe670b54e, 0x5797bf10), + TOBN(0x4b405209, 0xc5e30aef), TOBN(0x12c97a20, 0x4365b5e9), + TOBN(0x104646ce, 0x1fe32093), TOBN(0x13cb4ff6, 0x3907a8c9), + TOBN(0x8b9f30d1, 0xd46e726b), TOBN(0xe1985e21, 0xaba0f499), + TOBN(0xc573dea9, 0x10a230cd), TOBN(0x24f46a93, 0xcd30f947), + TOBN(0xf2623fcf, 0xabe2010a), TOBN(0x3f278cb2, 0x73f00e4f), + TOBN(0xed55c67d, 0x50b920eb), TOBN(0xf1cb9a2d, 0x8e760571), + TOBN(0x7c50d109, 0x0895b709), TOBN(0x4207cf07, 0x190d4369), + TOBN(0x3b027e81, 0xc4127fe1), TOBN(0xa9f8b9ad, 0x3ae9c566), + TOBN(0x5ab10851, 0xacbfbba5), TOBN(0xa747d648, 0x569556f5), + TOBN(0xcc172b5c, 0x2ba97bf7), TOBN(0x15e0f77d, 0xbcfa3324), + TOBN(0xa345b797, 0x7686279d), TOBN(0x5a723480, 0xe38003d3), + TOBN(0xfd8e139f, 0x8f5fcda8), TOBN(0xf3e558c4, 0xbdee5bfd), + TOBN(0xd76cbaf4, 0xe33f9f77), TOBN(0x3a4c97a4, 0x71771969), + TOBN(0xda27e84b, 0xf6dce6a7), TOBN(0xff373d96, 0x13e6c2d1), + TOBN(0xf115193c, 0xd759a6e9), TOBN(0x3f9b7025, 0x63d2262c), + TOBN(0xd9764a31, 0x317cd062), TOBN(0x30779d8e, 0x199f8332), + TOBN(0xd8074106, 0x16b11b0b), TOBN(0x7917ab9f, 0x78aeaed8), + TOBN(0xb67a9cbe, 0x28fb1d8e), TOBN(0x2e313563, 0x136eda33), + TOBN(0x010b7069, 0xa371a86c), TOBN(0x44d90fa2, 0x6744e6b7), + TOBN(0x68190867, 0xd6b3e243), TOBN(0x9fe6cd9d, 0x59048c48), + TOBN(0xb900b028, 0x95731538), TOBN(0xa012062f, 0x32cae04f), + TOBN(0x8107c8bc, 0x9399d082), TOBN(0x47e8c54a, 0x41df12e2), + TOBN(0x14ba5117, 0xb6ef3f73), TOBN(0x22260bea, 0x81362f0b), + TOBN(0x90ea261e, 0x1a18cc20), TOBN(0x2192999f, 0x2321d636), + TOBN(0xef64d314, 0xe311b6a0), TOBN(0xd7401e4c, 0x3b54a1f5), + TOBN(0x19019983, 0x6fbca2ba), TOBN(0x46ad3293, 0x8fbffc4b), + TOBN(0xa142d3f6, 0x3786bf40), TOBN(0xeb5cbc26, 0xb67039fc), + TOBN(0x9cb0ae6c, 0x252bd479), TOBN(0x05e0f88a, 0x12b5848f), + TOBN(0x78f6d2b2, 0xa5c97663), TOBN(0x6f6e149b, 0xc162225c), + TOBN(0xe602235c, 0xde601a89), TOBN(0xd17bbe98, 0xf373be1f), + TOBN(0xcaf49a5b, 0xa8471827), TOBN(0x7e1a0a85, 0x18aaa116), + TOBN(0x6c833196, 0x270580c3), TOBN(0x1e233839, 0xf1c98a14), + TOBN(0x67b2f7b4, 0xae34e0a5), TOBN(0x47ac8745, 0xd8ce7289), + TOBN(0x2b74779a, 0x100dd467), TOBN(0x274a4337, 0x4ee50d09), + TOBN(0x603dcf13, 0x83608bc9), TOBN(0xcd9da6c3, 0xc89e8388), + TOBN(0x2660199f, 0x355116ac), TOBN(0xcc38bb59, 0xb6d18eed), + TOBN(0x3075f31f, 0x2f4bc071), TOBN(0x9774457f, 0x265dc57e), + TOBN(0x06a6a9c8, 0xc6db88bb), TOBN(0x6429d07f, 0x4ec98e04), + TOBN(0x8d05e57b, 0x05ecaa8b), TOBN(0x20f140b1, 0x7872ea7b), + TOBN(0xdf8c0f09, 0xca494693), TOBN(0x48d3a020, 0xf252e909), + TOBN(0x4c5c29af, 0x57b14b12), TOBN(0x7e6fa37d, 0xbf47ad1c), + TOBN(0x66e7b506, 0x49a0c938), TOBN(0xb72c0d48, 0x6be5f41f), + TOBN(0x6a6242b8, 0xb2359412), TOBN(0xcd35c774, 0x8e859480), + TOBN(0x12536fea, 0x87baa627), TOBN(0x58c1fec1, 0xf72aa680), + TOBN(0x6c29b637, 0x601e5dc9), TOBN(0x9e3c3c1c, 0xde9e01b9), + TOBN(0xefc8127b, 0x2bcfe0b0), TOBN(0x35107102, 0x2a12f50d), + TOBN(0x6ccd6cb1, 0x4879b397), TOBN(0xf792f804, 0xf8a82f21), + TOBN(0x509d4804, 0xa9b46402), TOBN(0xedddf85d, 0xc10f0850), + TOBN(0x928410dc, 0x4b6208aa), TOBN(0xf6229c46, 0x391012dc), + TOBN(0xc5a7c41e, 0x7727b9b6), TOBN(0x289e4e4b, 0xaa444842), + TOBN(0x049ba1d9, 0xe9a947ea), TOBN(0x44f9e47f, 0x83c8debc), + TOBN(0xfa77a1fe, 0x611f8b8e), TOBN(0xfd2e416a, 0xf518f427), + TOBN(0xc5fffa70, 0x114ebac3), TOBN(0xfe57c4e9, 0x5d89697b), + TOBN(0xfdd053ac, 0xb1aaf613), TOBN(0x31df210f, 0xea585a45), + TOBN(0x318cc10e, 0x24985034), TOBN(0x1a38efd1, 0x5f1d6130), + TOBN(0xbf86f237, 0x0b1e9e21), TOBN(0xb258514d, 0x1dbe88aa), + TOBN(0x1e38a588, 0x90c1baf9), TOBN(0x2936a01e, 0xbdb9b692), + TOBN(0xd576de98, 0x6dd5b20c), TOBN(0xb586bf71, 0x70f98ecf), + TOBN(0xcccf0f12, 0xc42d2fd7), TOBN(0x8717e61c, 0xfb35bd7b), + TOBN(0x8b1e5722, 0x35e6fc06), TOBN(0x3477728f, 0x0b3e13d5), + TOBN(0x150c294d, 0xaa8a7372), TOBN(0xc0291d43, 0x3bfa528a), + TOBN(0xc6c8bc67, 0xcec5a196), TOBN(0xdeeb31e4, 0x5c2e8a7c), + TOBN(0xba93e244, 0xfb6e1c51), TOBN(0xb9f8b71b, 0x2e28e156), + TOBN(0xce65a287, 0x968a2ab9), TOBN(0xe3c5ce69, 0x46bbcb1f), + TOBN(0xf8c835b9, 0xe7ae3f30), TOBN(0x16bbee26, 0xff72b82b), + TOBN(0x665e2017, 0xfd42cd22), TOBN(0x1e139970, 0xf8b1d2a0), + TOBN(0x125cda29, 0x79204932), TOBN(0x7aee94a5, 0x49c3bee5), + TOBN(0x68c70160, 0x89821a66), TOBN(0xf7c37678, 0x8f981669), + TOBN(0xd90829fc, 0x48cc3645), TOBN(0x346af049, 0xd70addfc), + TOBN(0x2057b232, 0x370bf29c), TOBN(0xf90c73ce, 0x42e650ee), + TOBN(0xe03386ea, 0xa126ab90), TOBN(0x0e266e7e, 0x975a087b), + TOBN(0x80578eb9, 0x0fca65d9), TOBN(0x7e2989ea, 0x16af45b8), + TOBN(0x7438212d, 0xcac75a4e), TOBN(0x38c7ca39, 0x4fef36b8), + TOBN(0x8650c494, 0xd402676a), TOBN(0x26ab5a66, 0xf72c7c48), + TOBN(0x4e6cb426, 0xce3a464e), TOBN(0xf8f99896, 0x2b72f841), + TOBN(0x8c318491, 0x1a335cc8), TOBN(0x563459ba, 0x6a5913e4), + TOBN(0x1b920d61, 0xc7b32919), TOBN(0x805ab8b6, 0xa02425ad), + TOBN(0x2ac512da, 0x8d006086), TOBN(0x6ca4846a, 0xbcf5c0fd), + TOBN(0xafea51d8, 0xac2138d7), TOBN(0xcb647545, 0x344cd443), + TOBN(0x0429ee8f, 0xbd7d9040), TOBN(0xee66a2de, 0x819b9c96), + TOBN(0x54f9ec25, 0xdea7d744), TOBN(0x2ffea642, 0x671721bb), + TOBN(0x4f19dbd1, 0x114344ea), TOBN(0x04304536, 0xfd0dbc8b), + TOBN(0x014b50aa, 0x29ec7f91), TOBN(0xb5fc22fe, 0xbb06014d), + TOBN(0x60d963a9, 0x1ee682e0), TOBN(0xdf48abc0, 0xfe85c727), + TOBN(0x0cadba13, 0x2e707c2d), TOBN(0xde608d3a, 0xa645aeff), + TOBN(0x05f1c28b, 0xedafd883), TOBN(0x3c362ede, 0xbd94de1f), + TOBN(0x8dd0629d, 0x13593e41), TOBN(0x0a5e736f, 0x766d6eaf), + TOBN(0xbfa92311, 0xf68cf9d1), TOBN(0xa4f9ef87, 0xc1797556), + TOBN(0x10d75a1f, 0x5601c209), TOBN(0x651c374c, 0x09b07361), + TOBN(0x49950b58, 0x88b5cead), TOBN(0x0ef00058, 0x6fa9dbaa), + TOBN(0xf51ddc26, 0x4e15f33a), TOBN(0x1f8b5ca6, 0x2ef46140), + TOBN(0x343ac0a3, 0xee9523f0), TOBN(0xbb75eab2, 0x975ea978), + TOBN(0x1bccf332, 0x107387f4), TOBN(0x790f9259, 0x9ab0062e), + TOBN(0xf1a363ad, 0x1e4f6a5f), TOBN(0x06e08b84, 0x62519a50), + TOBN(0x60915187, 0x7265f1ee), TOBN(0x6a80ca34, 0x93ae985e), + TOBN(0x81b29768, 0xaaba4864), TOBN(0xb13cabf2, 0x8d52a7d6), + TOBN(0xb5c36348, 0x8ead03f1), TOBN(0xc932ad95, 0x81c7c1c0), + TOBN(0x5452708e, 0xcae1e27b), TOBN(0x9dac4269, 0x1b0df648), + TOBN(0x233e3f0c, 0xdfcdb8bc), TOBN(0xe6ceccdf, 0xec540174), + TOBN(0xbd0d845e, 0x95081181), TOBN(0xcc8a7920, 0x699355d5), + TOBN(0x111c0f6d, 0xc3b375a8), TOBN(0xfd95bc6b, 0xfd51e0dc), + TOBN(0x4a106a26, 0x6888523a), TOBN(0x4d142bd6, 0xcb01a06d), + TOBN(0x79bfd289, 0xadb9b397), TOBN(0x0bdbfb94, 0xe9863914), + TOBN(0x29d8a229, 0x1660f6a6), TOBN(0x7f6abcd6, 0x551c042d), + TOBN(0x13039deb, 0x0ac3ffe8), TOBN(0xa01be628, 0xec8523fb), + TOBN(0x6ea34103, 0x0ca1c328), TOBN(0xc74114bd, 0xb903928e), + TOBN(0x8aa4ff4e, 0x9e9144b0), TOBN(0x7064091f, 0x7f9a4b17), + TOBN(0xa3f4f521, 0xe447f2c4), TOBN(0x81b8da7a, 0x604291f0), + TOBN(0xd680bc46, 0x7d5926de), TOBN(0x84f21fd5, 0x34a1202f), + TOBN(0x1d1e3181, 0x4e9df3d8), TOBN(0x1ca4861a, 0x39ab8d34), + TOBN(0x809ddeec, 0x5b19aa4a), TOBN(0x59f72f7e, 0x4d329366), + TOBN(0xa2f93f41, 0x386d5087), TOBN(0x40bf739c, 0xdd67d64f), + TOBN(0xb4494205, 0x66702158), TOBN(0xc33c65be, 0x73b1e178), + TOBN(0xcdcd657c, 0x38ca6153), TOBN(0x97f4519a, 0xdc791976), + TOBN(0xcc7c7f29, 0xcd6e1f39), TOBN(0x38de9cfb, 0x7e3c3932), + TOBN(0xe448eba3, 0x7b793f85), TOBN(0xe9f8dbf9, 0xf067e914), + TOBN(0xc0390266, 0xf114ae87), TOBN(0x39ed75a7, 0xcd6a8e2a), + TOBN(0xadb14848, 0x7ffba390), TOBN(0x67f8cb8b, 0x6af9bc09), + TOBN(0x322c3848, 0x9c7476db), TOBN(0xa320fecf, 0x52a538d6), + TOBN(0xe0493002, 0xb2aced2b), TOBN(0xdfba1809, 0x616bd430), + TOBN(0x531c4644, 0xc331be70), TOBN(0xbc04d32e, 0x90d2e450), + TOBN(0x1805a0d1, 0x0f9f142d), TOBN(0x2c44a0c5, 0x47ee5a23), + TOBN(0x31875a43, 0x3989b4e3), TOBN(0x6b1949fd, 0x0c063481), + TOBN(0x2dfb9e08, 0xbe0f4492), TOBN(0x3ff0da03, 0xe9d5e517), + TOBN(0x03dbe9a1, 0xf79466a8), TOBN(0x0b87bcd0, 0x15ea9932), + TOBN(0xeb64fc83, 0xab1f58ab), TOBN(0x6d9598da, 0x817edc8a), + TOBN(0x699cff66, 0x1d3b67e5), TOBN(0x645c0f29, 0x92635853), + TOBN(0x253cdd82, 0xeabaf21c), TOBN(0x82b9602a, 0x2241659e), + TOBN(0x2cae07ec, 0x2d9f7091), TOBN(0xbe4c720c, 0x8b48cd9b), + TOBN(0x6ce5bc03, 0x6f08d6c9), TOBN(0x36e8a997, 0xaf10bf40), + TOBN(0x83422d21, 0x3e10ff12), TOBN(0x7b26d3eb, 0xbcc12494), + TOBN(0xb240d2d0, 0xc9469ad6), TOBN(0xc4a11b4d, 0x30afa05b), + TOBN(0x4b604ace, 0xdd6ba286), TOBN(0x18486600, 0x3ee2864c), + TOBN(0x5869d6ba, 0x8d9ce5be), TOBN(0x0d8f68c5, 0xff4bfb0d), + TOBN(0xb69f210b, 0x5700cf73), TOBN(0x61f6653a, 0x6d37c135), + TOBN(0xff3d432b, 0x5aff5a48), TOBN(0x0d81c4b9, 0x72ba3a69), + TOBN(0xee879ae9, 0xfa1899ef), TOBN(0xbac7e2a0, 0x2d6acafd), + TOBN(0xd6d93f6c, 0x1c664399), TOBN(0x4c288de1, 0x5bcb135d), + TOBN(0x83031dab, 0x9dab7cbf), TOBN(0xfe23feb0, 0x3abbf5f0), + TOBN(0x9f1b2466, 0xcdedca85), TOBN(0x140bb710, 0x1a09538c), + TOBN(0xac8ae851, 0x5e11115d), TOBN(0x0d63ff67, 0x6f03f59e), + TOBN(0x755e5551, 0x7d234afb), TOBN(0x61c2db4e, 0x7e208fc1), + TOBN(0xaa9859ce, 0xf28a4b5d), TOBN(0xbdd6d4fc, 0x34af030f), + TOBN(0xd1c4a26d, 0x3be01cb1), TOBN(0x9ba14ffc, 0x243aa07c), + TOBN(0xf95cd3a9, 0xb2503502), TOBN(0xe379bc06, 0x7d2a93ab), + TOBN(0x3efc18e9, 0xd4ca8d68), TOBN(0x083558ec, 0x80bb412a), + TOBN(0xd903b940, 0x9645a968), TOBN(0xa499f0b6, 0x9ba6054f), + TOBN(0x208b573c, 0xb8349abe), TOBN(0x3baab3e5, 0x30b4fc1c), + TOBN(0x87e978ba, 0xcb524990), TOBN(0x3524194e, 0xccdf0e80), + TOBN(0x62711725, 0x7d4bcc42), TOBN(0xe90a3d9b, 0xb90109ba), + TOBN(0x3b1bdd57, 0x1323e1e0), TOBN(0xb78e9bd5, 0x5eae1599), + TOBN(0x0794b746, 0x9e03d278), TOBN(0x80178605, 0xd70e6297), + TOBN(0x171792f8, 0x99c97855), TOBN(0x11b393ee, 0xf5a86b5c), + TOBN(0x48ef6582, 0xd8884f27), TOBN(0xbd44737a, 0xbf19ba5f), + TOBN(0x8698de4c, 0xa42062c6), TOBN(0x8975eb80, 0x61ce9c54), + TOBN(0xd50e57c7, 0xd7fe71f3), TOBN(0x15342190, 0xbc97ce38), + TOBN(0x51bda2de, 0x4df07b63), TOBN(0xba12aeae, 0x200eb87d), + TOBN(0xabe135d2, 0xa9b4f8f6), TOBN(0x04619d65, 0xfad6d99c), + TOBN(0x4a6683a7, 0x7994937c), TOBN(0x7a778c8b, 0x6f94f09a), + TOBN(0x8c508623, 0x20a71b89), TOBN(0x241a2aed, 0x1c229165), + TOBN(0x352be595, 0xaaf83a99), TOBN(0x9fbfee7f, 0x1562bac8), + TOBN(0xeaf658b9, 0x5c4017e3), TOBN(0x1dc7f9e0, 0x15120b86), + TOBN(0xd84f13dd, 0x4c034d6f), TOBN(0x283dd737, 0xeaea3038), + TOBN(0x197f2609, 0xcd85d6a2), TOBN(0x6ebbc345, 0xfae60177), + TOBN(0xb80f031b, 0x4e12fede), TOBN(0xde55d0c2, 0x07a2186b), + TOBN(0x1fb3e37f, 0x24dcdd5a), TOBN(0x8d602da5, 0x7ed191fb), + TOBN(0x108fb056, 0x76023e0d), TOBN(0x70178c71, 0x459c20c0), + TOBN(0xfad5a386, 0x3fe54cf0), TOBN(0xa4a3ec4f, 0x02bbb475), + TOBN(0x1aa5ec20, 0x919d94d7), TOBN(0x5d3b63b5, 0xa81e4ab3), + TOBN(0x7fa733d8, 0x5ad3d2af), TOBN(0xfbc586dd, 0xd1ac7a37), + TOBN(0x282925de, 0x40779614), TOBN(0xfe0ffffb, 0xe74a242a), + TOBN(0x3f39e67f, 0x906151e5), TOBN(0xcea27f5f, 0x55e10649), + TOBN(0xdca1d4e1, 0xc17cf7b7), TOBN(0x0c326d12, 0x2fe2362d), + TOBN(0x05f7ac33, 0x7dd35df3), TOBN(0x0c3b7639, 0xc396dbdf), + TOBN(0x0912f5ac, 0x03b7db1c), TOBN(0x9dea4b70, 0x5c9ed4a9), + TOBN(0x475e6e53, 0xaae3f639), TOBN(0xfaba0e7c, 0xfc278bac), + TOBN(0x16f9e221, 0x9490375f), TOBN(0xaebf9746, 0xa5a7ed0a), + TOBN(0x45f9af3f, 0xf41ad5d6), TOBN(0x03c4623c, 0xb2e99224), + TOBN(0x82c5bb5c, 0xb3cf56aa), TOBN(0x64311819, 0x34567ed3), + TOBN(0xec57f211, 0x8be489ac), TOBN(0x2821895d, 0xb9a1104b), + TOBN(0x610dc875, 0x6064e007), TOBN(0x8e526f3f, 0x5b20d0fe), + TOBN(0x6e71ca77, 0x5b645aee), TOBN(0x3d1dcb9f, 0x800e10ff), + TOBN(0x36b51162, 0x189cf6de), TOBN(0x2c5a3e30, 0x6bb17353), + TOBN(0xc186cd3e, 0x2a6c6fbf), TOBN(0xa74516fa, 0x4bf97906), + TOBN(0x5b4b8f4b, 0x279d6901), TOBN(0x0c4e57b4, 0x2b573743), + TOBN(0x75fdb229, 0xb6e386b6), TOBN(0xb46793fd, 0x99deac27), + TOBN(0xeeec47ea, 0xcf712629), TOBN(0xe965f3c4, 0xcbc3b2dd), + TOBN(0x8dd1fb83, 0x425c6559), TOBN(0x7fc00ee6, 0x0af06fda), + TOBN(0xe98c9225, 0x33d956df), TOBN(0x0f1ef335, 0x4fbdc8a2), + TOBN(0x2abb5145, 0xb79b8ea2), TOBN(0x40fd2945, 0xbdbff288), + TOBN(0x6a814ac4, 0xd7185db7), TOBN(0xc4329d6f, 0xc084609a), + TOBN(0xc9ba7b52, 0xed1be45d), TOBN(0x891dd20d, 0xe4cd2c74), + TOBN(0x5a4d4a7f, 0x824139b1), TOBN(0x66c17716, 0xb873c710), + TOBN(0x5e5bc141, 0x2843c4e0), TOBN(0xd5ac4817, 0xb97eb5bf), + TOBN(0xc0f8af54, 0x450c95c7), TOBN(0xc91b3fa0, 0x318406c5), + TOBN(0x360c340a, 0xab9d97f8), TOBN(0xfb57bd07, 0x90a2d611), + TOBN(0x4339ae3c, 0xa6a6f7e5), TOBN(0x9c1fcd2a, 0x2feb8a10), + TOBN(0x972bcca9, 0xc7ea7432), TOBN(0x1b0b924c, 0x308076f6), + TOBN(0x80b2814a, 0x2a5b4ca5), TOBN(0x2f78f55b, 0x61ef3b29), + TOBN(0xf838744a, 0xc18a414f), TOBN(0xc611eaae, 0x903d0a86), + TOBN(0x94dabc16, 0x2a453f55), TOBN(0xe6f2e3da, 0x14efb279), + TOBN(0x5b7a6017, 0x9320dc3c), TOBN(0x692e382f, 0x8df6b5a4), + TOBN(0x3f5e15e0, 0x2d40fa90), TOBN(0xc87883ae, 0x643dd318), + TOBN(0x511053e4, 0x53544774), TOBN(0x834d0ecc, 0x3adba2bc), + TOBN(0x4215d7f7, 0xbae371f5), TOBN(0xfcfd57bf, 0x6c8663bc), + TOBN(0xded2383d, 0xd6901b1d), TOBN(0x3b49fbb4, 0xb5587dc3), + TOBN(0xfd44a08d, 0x07625f62), TOBN(0x3ee4d65b, 0x9de9b762), + }, + { + TOBN(0x64e5137d, 0x0d63d1fa), TOBN(0x658fc052, 0x02a9d89f), + TOBN(0x48894874, 0x50436309), TOBN(0xe9ae30f8, 0xd598da61), + TOBN(0x2ed710d1, 0x818baf91), TOBN(0xe27e9e06, 0x8b6a0c20), + TOBN(0x1e28dcfb, 0x1c1a6b44), TOBN(0x883acb64, 0xd6ac57dc), + TOBN(0x8735728d, 0xc2c6ff70), TOBN(0x79d6122f, 0xc5dc2235), + TOBN(0x23f5d003, 0x19e277f9), TOBN(0x7ee84e25, 0xdded8cc7), + TOBN(0x91a8afb0, 0x63cd880a), TOBN(0x3f3ea7c6, 0x3574af60), + TOBN(0x0cfcdc84, 0x02de7f42), TOBN(0x62d0792f, 0xb31aa152), + TOBN(0x8e1b4e43, 0x8a5807ce), TOBN(0xad283893, 0xe4109a7e), + TOBN(0xc30cc9cb, 0xafd59dda), TOBN(0xf65f36c6, 0x3d8d8093), + TOBN(0xdf31469e, 0xa60d32b2), TOBN(0xee93df4b, 0x3e8191c8), + TOBN(0x9c1017c5, 0x355bdeb5), TOBN(0xd2623185, 0x8616aa28), + TOBN(0xb02c83f9, 0xdec31a21), TOBN(0x988c8b23, 0x6ad9d573), + TOBN(0x53e983ae, 0xa57be365), TOBN(0xe968734d, 0x646f834e), + TOBN(0x9137ea8f, 0x5da6309b), TOBN(0x10f3a624, 0xc1f1ce16), + TOBN(0x782a9ea2, 0xca440921), TOBN(0xdf94739e, 0x5b46f1b5), + TOBN(0x9f9be006, 0xcce85c9b), TOBN(0x360e70d6, 0xa4c7c2d3), + TOBN(0x2cd5beea, 0xaefa1e60), TOBN(0x64cf63c0, 0x8c3d2b6d), + TOBN(0xfb107fa3, 0xe1cf6f90), TOBN(0xb7e937c6, 0xd5e044e6), + TOBN(0x74e8ca78, 0xce34db9f), TOBN(0x4f8b36c1, 0x3e210bd0), + TOBN(0x1df165a4, 0x34a35ea8), TOBN(0x3418e0f7, 0x4d4412f6), + TOBN(0x5af1f8af, 0x518836c3), TOBN(0x42ceef4d, 0x130e1965), + TOBN(0x5560ca0b, 0x543a1957), TOBN(0xc33761e5, 0x886cb123), + TOBN(0x66624b1f, 0xfe98ed30), TOBN(0xf772f4bf, 0x1090997d), + TOBN(0xf4e540bb, 0x4885d410), TOBN(0x7287f810, 0x9ba5f8d7), + TOBN(0x22d0d865, 0xde98dfb1), TOBN(0x49ff51a1, 0xbcfbb8a3), + TOBN(0xb6b6fa53, 0x6bc3012e), TOBN(0x3d31fd72, 0x170d541d), + TOBN(0x8018724f, 0x4b0f4966), TOBN(0x79e7399f, 0x87dbde07), + TOBN(0x56f8410e, 0xf4f8b16a), TOBN(0x97241afe, 0xc47b266a), + TOBN(0x0a406b8e, 0x6d9c87c1), TOBN(0x803f3e02, 0xcd42ab1b), + TOBN(0x7f0309a8, 0x04dbec69), TOBN(0xa83b85f7, 0x3bbad05f), + TOBN(0xc6097273, 0xad8e197f), TOBN(0xc097440e, 0x5067adc1), + TOBN(0x730eafb6, 0x3524ff16), TOBN(0xd7f9b51e, 0x823fc6ce), + TOBN(0x27bd0d32, 0x443e4ac0), TOBN(0x40c59ad9, 0x4d66f217), + TOBN(0x6c33136f, 0x17c387a4), TOBN(0x5043b8d5, 0xeb86804d), + TOBN(0x74970312, 0x675a73c9), TOBN(0x838fdb31, 0xf16669b6), + TOBN(0xc507b6dd, 0x418e7ddd), TOBN(0x39888d93, 0x472f19d6), + TOBN(0x7eae26be, 0x0c27eb4d), TOBN(0x17b53ed3, 0xfbabb884), + TOBN(0xfc27021b, 0x2b01ae4f), TOBN(0x88462e87, 0xcf488682), + TOBN(0xbee096ec, 0x215e2d87), TOBN(0xeb2fea9a, 0xd242e29b), + TOBN(0x5d985b5f, 0xb821fc28), TOBN(0x89d2e197, 0xdc1e2ad2), + TOBN(0x55b566b8, 0x9030ba62), TOBN(0xe3fd41b5, 0x4f41b1c6), + TOBN(0xb738ac2e, 0xb9a96d61), TOBN(0x7f8567ca, 0x369443f4), + TOBN(0x8698622d, 0xf803a440), TOBN(0x2b586236, 0x8fe2f4dc), + TOBN(0xbbcc00c7, 0x56b95bce), TOBN(0x5ec03906, 0x616da680), + TOBN(0x79162ee6, 0x72214252), TOBN(0x43132b63, 0x86a892d2), + TOBN(0x4bdd3ff2, 0x2f3263bf), TOBN(0xd5b3733c, 0x9cd0a142), + TOBN(0x592eaa82, 0x44415ccb), TOBN(0x663e8924, 0x8d5474ea), + TOBN(0x8058a25e, 0x5236344e), TOBN(0x82e8df9d, 0xbda76ee6), + TOBN(0xdcf6efd8, 0x11cc3d22), TOBN(0x00089cda, 0x3b4ab529), + TOBN(0x91d3a071, 0xbd38a3db), TOBN(0x4ea97fc0, 0xef72b925), + TOBN(0x0c9fc15b, 0xea3edf75), TOBN(0x5a6297cd, 0xa4348ed3), + TOBN(0x0d38ab35, 0xce7c42d4), TOBN(0x9fd493ef, 0x82feab10), + TOBN(0x46056b6d, 0x82111b45), TOBN(0xda11dae1, 0x73efc5c3), + TOBN(0xdc740278, 0x5545a7fb), TOBN(0xbdb2601c, 0x40d507e6), + TOBN(0x121dfeeb, 0x7066fa58), TOBN(0x214369a8, 0x39ae8c2a), + TOBN(0x195709cb, 0x06e0956c), TOBN(0x4c9d254f, 0x010cd34b), + TOBN(0xf51e13f7, 0x0471a532), TOBN(0xe19d6791, 0x1e73054d), + TOBN(0xf702a628, 0xdb5c7be3), TOBN(0xc7141218, 0xb24dde05), + TOBN(0xdc18233c, 0xf29b2e2e), TOBN(0x3a6bd1e8, 0x85342dba), + TOBN(0x3f747fa0, 0xb311898c), TOBN(0xe2a272e4, 0xcd0eac65), + TOBN(0x4bba5851, 0xf914d0bc), TOBN(0x7a1a9660, 0xc4a43ee3), + TOBN(0xe5a367ce, 0xa1c8cde9), TOBN(0x9d958ba9, 0x7271abe3), + TOBN(0xf3ff7eb6, 0x3d1615cd), TOBN(0xa2280dce, 0xf5ae20b0), + TOBN(0x56dba5c1, 0xcf640147), TOBN(0xea5a2e3d, 0x5e83d118), + TOBN(0x04cd6b6d, 0xda24c511), TOBN(0x1c0f4671, 0xe854d214), + TOBN(0x91a6b7a9, 0x69565381), TOBN(0xdc966240, 0xdecf1f5b), + TOBN(0x1b22d21c, 0xfcf5d009), TOBN(0x2a05f641, 0x9021dbd5), + TOBN(0x8c0ed566, 0xd4312483), TOBN(0x5179a95d, 0x643e216f), + TOBN(0xcc185fec, 0x17044493), TOBN(0xb3063339, 0x54991a21), + TOBN(0xd801ecdb, 0x0081a726), TOBN(0x0149b0c6, 0x4fa89bbb), + TOBN(0xafe9065a, 0x4391b6b9), TOBN(0xedc92786, 0xd633f3a3), + TOBN(0xe408c24a, 0xae6a8e13), TOBN(0x85833fde, 0x9f3897ab), + TOBN(0x43800e7e, 0xd81a0715), TOBN(0xde08e346, 0xb44ffc5f), + TOBN(0x7094184c, 0xcdeff2e0), TOBN(0x49f9387b, 0x165eaed1), + TOBN(0x635d6129, 0x777c468a), TOBN(0x8c0dcfd1, 0x538c2dd8), + TOBN(0xd6d9d9e3, 0x7a6a308b), TOBN(0x62375830, 0x4c2767d3), + TOBN(0x874a8bc6, 0xf38cbeb6), TOBN(0xd94d3f1a, 0xccb6fd9e), + TOBN(0x92a9735b, 0xba21f248), TOBN(0x272ad0e5, 0x6cd1efb0), + TOBN(0x7437b69c, 0x05b03284), TOBN(0xe7f04702, 0x6948c225), + TOBN(0x8a56c04a, 0xcba2ecec), TOBN(0x0c181270, 0xe3a73e41), + TOBN(0x6cb34e9d, 0x03e93725), TOBN(0xf77c8713, 0x496521a9), + TOBN(0x94569183, 0xfa7f9f90), TOBN(0xf2e7aa4c, 0x8c9707ad), + TOBN(0xced2c9ba, 0x26c1c9a3), TOBN(0x9109fe96, 0x40197507), + TOBN(0x9ae868a9, 0xe9adfe1c), TOBN(0x3984403d, 0x314e39bb), + TOBN(0xb5875720, 0xf2fe378f), TOBN(0x33f901e0, 0xba44a628), + TOBN(0xea1125fe, 0x3652438c), TOBN(0xae9ec4e6, 0x9dd1f20b), + TOBN(0x1e740d9e, 0xbebf7fbd), TOBN(0x6dbd3ddc, 0x42dbe79c), + TOBN(0x62082aec, 0xedd36776), TOBN(0xf612c478, 0xe9859039), + TOBN(0xa493b201, 0x032f7065), TOBN(0xebd4d8f2, 0x4ff9b211), + TOBN(0x3f23a0aa, 0xaac4cb32), TOBN(0xea3aadb7, 0x15ed4005), + TOBN(0xacf17ea4, 0xafa27e63), TOBN(0x56125c1a, 0xc11fd66c), + TOBN(0x266344a4, 0x3794f8dc), TOBN(0xdcca923a, 0x483c5c36), + TOBN(0x2d6b6bbf, 0x3f9d10a0), TOBN(0xb320c5ca, 0x81d9bdf3), + TOBN(0x620e28ff, 0x47b50a95), TOBN(0x933e3b01, 0xcef03371), + TOBN(0xf081bf85, 0x99100153), TOBN(0x183be9a0, 0xc3a8c8d6), + TOBN(0x4e3ddc5a, 0xd6bbe24d), TOBN(0xc6c74630, 0x53843795), + TOBN(0x78193dd7, 0x65ec2d4c), TOBN(0xb8df26cc, 0xcd3c89b2), + TOBN(0x98dbe399, 0x5a483f8d), TOBN(0x72d8a957, 0x7dd3313a), + TOBN(0x65087294, 0xab0bd375), TOBN(0xfcd89248, 0x7c259d16), + TOBN(0x8a9443d7, 0x7613aa81), TOBN(0x80100800, 0x85fe6584), + TOBN(0x70fc4dbc, 0x7fb10288), TOBN(0xf58280d3, 0xe86beee8), + TOBN(0x14fdd82f, 0x7c978c38), TOBN(0xdf1204c1, 0x0de44d7b), + TOBN(0xa08a1c84, 0x4160252f), TOBN(0x591554ca, 0xc17646a5), + TOBN(0x214a37d6, 0xa05bd525), TOBN(0x48d5f09b, 0x07957b3c), + TOBN(0x0247cdcb, 0xd7109bc9), TOBN(0x40f9e4bb, 0x30599ce7), + TOBN(0xc325fa03, 0xf46ad2ec), TOBN(0x00f766cf, 0xc3e3f9ee), + TOBN(0xab556668, 0xd43a4577), TOBN(0x68d30a61, 0x3ee03b93), + TOBN(0x7ddc81ea, 0x77b46a08), TOBN(0xcf5a6477, 0xc7480699), + TOBN(0x43a8cb34, 0x6633f683), TOBN(0x1b867e6b, 0x92363c60), + TOBN(0x43921114, 0x1f60558e), TOBN(0xcdbcdd63, 0x2f41450e), + TOBN(0x7fc04601, 0xcc630e8b), TOBN(0xea7c66d5, 0x97038b43), + TOBN(0x7259b8a5, 0x04e99fd8), TOBN(0x98a8dd12, 0x4785549a), + TOBN(0x0e459a7c, 0x840552e1), TOBN(0xcdfcf4d0, 0x4bb0909e), + TOBN(0x34a86db2, 0x53758da7), TOBN(0xe643bb83, 0xeac997e1), + TOBN(0x96400bd7, 0x530c5b7e), TOBN(0x9f97af87, 0xb41c8b52), + TOBN(0x34fc8820, 0xfbeee3f9), TOBN(0x93e53490, 0x49091afd), + TOBN(0x764b9be5, 0x9a31f35c), TOBN(0x71f37864, 0x57e3d924), + TOBN(0x02fb34e0, 0x943aa75e), TOBN(0xa18c9c58, 0xab8ff6e4), + TOBN(0x080f31b1, 0x33cf0d19), TOBN(0x5c9682db, 0x083518a7), + TOBN(0x873d4ca6, 0xb709c3de), TOBN(0x64a84262, 0x3575b8f0), + TOBN(0x6275da1f, 0x020154bb), TOBN(0x97678caa, 0xd17cf1ab), + TOBN(0x8779795f, 0x951a95c3), TOBN(0xdd35b163, 0x50fccc08), + TOBN(0x32709627, 0x33d8f031), TOBN(0x3c5ab10a, 0x498dd85c), + TOBN(0xb6c185c3, 0x41dca566), TOBN(0x7de7feda, 0xd8622aa3), + TOBN(0x99e84d92, 0x901b6dfb), TOBN(0x30a02b0e, 0x7c4ad288), + TOBN(0xc7c81daa, 0x2fd3cf36), TOBN(0xd1319547, 0xdf89e59f), + TOBN(0xb2be8184, 0xcd496733), TOBN(0xd5f449eb, 0x93d3412b), + TOBN(0x7ea41b1b, 0x25fe531d), TOBN(0xf9797432, 0x6a1d5646), + TOBN(0x86067f72, 0x2bde501a), TOBN(0xf91481c0, 0x0c85e89c), + TOBN(0xca8ee465, 0xf8b05bc6), TOBN(0x1844e1cf, 0x02e83cda), + TOBN(0xca82114a, 0xb4dbe33b), TOBN(0x0f9f8769, 0x4eabfde2), + TOBN(0x4936b1c0, 0x38b27fe2), TOBN(0x63b6359b, 0xaba402df), + TOBN(0x40c0ea2f, 0x656bdbab), TOBN(0x9c992a89, 0x6580c39c), + TOBN(0x600e8f15, 0x2a60aed1), TOBN(0xeb089ca4, 0xe0bf49df), + TOBN(0x9c233d7d, 0x2d42d99a), TOBN(0x648d3f95, 0x4c6bc2fa), + TOBN(0xdcc383a8, 0xe1add3f3), TOBN(0xf42c0c6a, 0x4f64a348), + TOBN(0x2abd176f, 0x0030dbdb), TOBN(0x4de501a3, 0x7d6c215e), + TOBN(0x4a107c1f, 0x4b9a64bc), TOBN(0xa77f0ad3, 0x2496cd59), + TOBN(0xfb78ac62, 0x7688dffb), TOBN(0x7025a2ca, 0x67937d8e), + TOBN(0xfde8b2d1, 0xd1a8f4e7), TOBN(0xf5b3da47, 0x7354927c), + TOBN(0xe48606a3, 0xd9205735), TOBN(0xac477cc6, 0xe177b917), + TOBN(0xfb1f73d2, 0xa883239a), TOBN(0xe12572f6, 0xcc8b8357), + TOBN(0x9d355e9c, 0xfb1f4f86), TOBN(0x89b795f8, 0xd9f3ec6e), + TOBN(0x27be56f1, 0xb54398dc), TOBN(0x1890efd7, 0x3fedeed5), + TOBN(0x62f77f1f, 0x9c6d0140), TOBN(0x7ef0e314, 0x596f0ee4), + TOBN(0x50ca6631, 0xcc61dab3), TOBN(0x4a39801d, 0xf4866e4f), + TOBN(0x66c8d032, 0xae363b39), TOBN(0x22c591e5, 0x2ead66aa), + TOBN(0x954ba308, 0xde02a53e), TOBN(0x2a6c060f, 0xd389f357), + TOBN(0xe6cfcde8, 0xfbf40b66), TOBN(0x8e02fc56, 0xc6340ce1), + TOBN(0xe4957795, 0x73adb4ba), TOBN(0x7b86122c, 0xa7b03805), + TOBN(0x63f83512, 0x0c8e6fa6), TOBN(0x83660ea0, 0x057d7804), + TOBN(0xbad79105, 0x21ba473c), TOBN(0xb6c50bee, 0xded5389d), + TOBN(0xee2caf4d, 0xaa7c9bc0), TOBN(0xd97b8de4, 0x8c4e98a7), + TOBN(0xa9f63e70, 0xab3bbddb), TOBN(0x3898aabf, 0x2597815a), + TOBN(0x7659af89, 0xac15b3d9), TOBN(0xedf7725b, 0x703ce784), + TOBN(0x25470fab, 0xe085116b), TOBN(0x04a43375, 0x87285310), + TOBN(0x4e39187e, 0xe2bfd52f), TOBN(0x36166b44, 0x7d9ebc74), + TOBN(0x92ad433c, 0xfd4b322c), TOBN(0x726aa817, 0xba79ab51), + TOBN(0xf96eacd8, 0xc1db15eb), TOBN(0xfaf71e91, 0x0476be63), + TOBN(0xdd69a640, 0x641fad98), TOBN(0xb7995918, 0x29622559), + TOBN(0x03c6daa5, 0xde4199dc), TOBN(0x92cadc97, 0xad545eb4), + TOBN(0x1028238b, 0x256534e4), TOBN(0x73e80ce6, 0x8595409a), + TOBN(0x690d4c66, 0xd05dc59b), TOBN(0xc95f7b8f, 0x981dee80), + TOBN(0xf4337014, 0xd856ac25), TOBN(0x441bd9dd, 0xac524dca), + TOBN(0x640b3d85, 0x5f0499f5), TOBN(0x39cf84a9, 0xd5fda182), + TOBN(0x04e7b055, 0xb2aa95a0), TOBN(0x29e33f0a, 0x0ddf1860), + TOBN(0x082e74b5, 0x423f6b43), TOBN(0x217edeb9, 0x0aaa2b0f), + TOBN(0x58b83f35, 0x83cbea55), TOBN(0xc485ee4d, 0xbc185d70), + TOBN(0x833ff03b, 0x1e5f6992), TOBN(0xb5b9b9cc, 0xcf0c0dd5), + TOBN(0x7caaee8e, 0x4e9e8a50), TOBN(0x462e907b, 0x6269dafd), + TOBN(0x6ed5cee9, 0xfbe791c6), TOBN(0x68ca3259, 0xed430790), + TOBN(0x2b72bdf2, 0x13b5ba88), TOBN(0x60294c8a, 0x35ef0ac4), + TOBN(0x9c3230ed, 0x19b99b08), TOBN(0x560fff17, 0x6c2589aa), + TOBN(0x552b8487, 0xd6770374), TOBN(0xa373202d, 0x9a56f685), + TOBN(0xd3e7f907, 0x45f175d9), TOBN(0x3c2f315f, 0xd080d810), + TOBN(0x1130e9dd, 0x7b9520e8), TOBN(0xc078f9e2, 0x0af037b5), + TOBN(0x38cd2ec7, 0x1e9c104c), TOBN(0x0f684368, 0xc472fe92), + TOBN(0xd3f1b5ed, 0x6247e7ef), TOBN(0xb32d33a9, 0x396dfe21), + TOBN(0x46f59cf4, 0x4a9aa2c2), TOBN(0x69cd5168, 0xff0f7e41), + TOBN(0x3f59da0f, 0x4b3234da), TOBN(0xcf0b0235, 0xb4579ebe), + TOBN(0x6d1cbb25, 0x6d2476c7), TOBN(0x4f0837e6, 0x9dc30f08), + TOBN(0x9a4075bb, 0x906f6e98), TOBN(0x253bb434, 0xc761e7d1), + TOBN(0xde2e645f, 0x6e73af10), TOBN(0xb89a4060, 0x0c5f131c), + TOBN(0xd12840c5, 0xb8cc037f), TOBN(0x3d093a5b, 0x7405bb47), + TOBN(0x6202c253, 0x206348b8), TOBN(0xbf5d57fc, 0xc55a3ca7), + TOBN(0x89f6c90c, 0x8c3bef48), TOBN(0x23ac7623, 0x5a0a960a), + TOBN(0xdfbd3d6b, 0x552b42ab), TOBN(0x3ef22458, 0x132061f6), + TOBN(0xd74e9bda, 0xc97e6516), TOBN(0x88779360, 0xc230f49e), + TOBN(0xa6ec1de3, 0x1e74ea49), TOBN(0x581dcee5, 0x3fb645a2), + TOBN(0xbaef2391, 0x8f483f14), TOBN(0x6d2dddfc, 0xd137d13b), + TOBN(0x54cde50e, 0xd2743a42), TOBN(0x89a34fc5, 0xe4d97e67), + TOBN(0x13f1f5b3, 0x12e08ce5), TOBN(0xa80540b8, 0xa7f0b2ca), + TOBN(0x854bcf77, 0x01982805), TOBN(0xb8653ffd, 0x233bea04), + TOBN(0x8e7b8787, 0x02b0b4c9), TOBN(0x2675261f, 0x9acb170a), + TOBN(0x061a9d90, 0x930c14e5), TOBN(0xb59b30e0, 0xdef0abea), + TOBN(0x1dc19ea6, 0x0200ec7d), TOBN(0xb6f4a3f9, 0x0bce132b), + TOBN(0xb8d5de90, 0xf13e27e0), TOBN(0xbaee5ef0, 0x1fade16f), + TOBN(0x6f406aaa, 0xe4c6cf38), TOBN(0xab4cfe06, 0xd1369815), + TOBN(0x0dcffe87, 0xefd550c6), TOBN(0x9d4f59c7, 0x75ff7d39), + TOBN(0xb02553b1, 0x51deb6ad), TOBN(0x812399a4, 0xb1877749), + TOBN(0xce90f71f, 0xca6006e1), TOBN(0xc32363a6, 0xb02b6e77), + TOBN(0x02284fbe, 0xdc36c64d), TOBN(0x86c81e31, 0xa7e1ae61), + TOBN(0x2576c7e5, 0xb909d94a), TOBN(0x8b6f7d02, 0x818b2bb0), + TOBN(0xeca3ed07, 0x56faa38a), TOBN(0xa3790e6c, 0x9305bb54), + TOBN(0xd784eeda, 0x7bc73061), TOBN(0xbd56d369, 0x6dd50614), + TOBN(0xd6575949, 0x229a8aa9), TOBN(0xdcca8f47, 0x4595ec28), + TOBN(0x814305c1, 0x06ab4fe6), TOBN(0xc8c39768, 0x24f43f16), + TOBN(0xe2a45f36, 0x523f2b36), TOBN(0x995c6493, 0x920d93bb), + TOBN(0xf8afdab7, 0x90f1632b), TOBN(0x79ebbecd, 0x1c295954), + TOBN(0xc7bb3ddb, 0x79592f48), TOBN(0x67216a7b, 0x5f88e998), + TOBN(0xd91f098b, 0xbc01193e), TOBN(0xf7d928a5, 0xb1db83fc), + TOBN(0x55e38417, 0xe991f600), TOBN(0x2a91113e, 0x2981a934), + TOBN(0xcbc9d648, 0x06b13bde), TOBN(0xb011b6ac, 0x0755ff44), + TOBN(0x6f4cb518, 0x045ec613), TOBN(0x522d2d31, 0xc2f5930a), + TOBN(0x5acae1af, 0x382e65de), TOBN(0x57643067, 0x27bc966f), + TOBN(0x5e12705d, 0x1c7193f0), TOBN(0xf0f32f47, 0x3be8858e), + TOBN(0x785c3d7d, 0x96c6dfc7), TOBN(0xd75b4a20, 0xbf31795d), + TOBN(0x91acf17b, 0x342659d4), TOBN(0xe596ea34, 0x44f0378f), + TOBN(0x4515708f, 0xce52129d), TOBN(0x17387e1e, 0x79f2f585), + TOBN(0x72cfd2e9, 0x49dee168), TOBN(0x1ae05223, 0x3e2af239), + TOBN(0x009e75be, 0x1d94066a), TOBN(0x6cca31c7, 0x38abf413), + TOBN(0xb50bd61d, 0x9bc49908), TOBN(0x4a9b4a8c, 0xf5e2bc1e), + TOBN(0xeb6cc5f7, 0x946f83ac), TOBN(0x27da93fc, 0xebffab28), + TOBN(0xea314c96, 0x4821c8c5), TOBN(0x8de49ded, 0xa83c15f4), + TOBN(0x7a64cf20, 0x7af33004), TOBN(0x45f1bfeb, 0xc9627e10), + TOBN(0x878b0626, 0x54b9df60), TOBN(0x5e4fdc3c, 0xa95c0b33), + TOBN(0xe54a37ca, 0xc2035d8e), TOBN(0x9087cda9, 0x80f20b8c), + TOBN(0x36f61c23, 0x8319ade4), TOBN(0x766f287a, 0xde8cfdf8), + TOBN(0x48821948, 0x346f3705), TOBN(0x49a7b853, 0x16e4f4a2), + TOBN(0xb9b3f8a7, 0x5cedadfd), TOBN(0x8f562815, 0x8db2a815), + TOBN(0xc0b7d554, 0x01f68f95), TOBN(0x12971e27, 0x688a208e), + TOBN(0xc9f8b696, 0xd0ff34fc), TOBN(0x20824de2, 0x1222718c), + TOBN(0x7213cf9f, 0x0c95284d), TOBN(0xe2ad741b, 0xdc158240), + TOBN(0x0ee3a6df, 0x54043ccf), TOBN(0x16ff479b, 0xd84412b3), + TOBN(0xf6c74ee0, 0xdfc98af0), TOBN(0xa78a169f, 0x52fcd2fb), + TOBN(0xd8ae8746, 0x99c930e9), TOBN(0x1d33e858, 0x49e117a5), + TOBN(0x7581fcb4, 0x6624759f), TOBN(0xde50644f, 0x5bedc01d), + TOBN(0xbeec5d00, 0xcaf3155e), TOBN(0x672d66ac, 0xbc73e75f), + TOBN(0x86b9d8c6, 0x270b01db), TOBN(0xd249ef83, 0x50f55b79), + TOBN(0x6131d6d4, 0x73978fe3), TOBN(0xcc4e4542, 0x754b00a1), + TOBN(0x4e05df05, 0x57dfcfe9), TOBN(0x94b29cdd, 0x51ef6bf0), + TOBN(0xe4530cff, 0x9bc7edf2), TOBN(0x8ac236fd, 0xd3da65f3), + TOBN(0x0faf7d5f, 0xc8eb0b48), TOBN(0x4d2de14c, 0x660eb039), + TOBN(0xc006bba7, 0x60430e54), TOBN(0x10a2d0d6, 0xda3289ab), + TOBN(0x9c037a5d, 0xd7979c59), TOBN(0x04d1f3d3, 0xa116d944), + TOBN(0x9ff22473, 0x8a0983cd), TOBN(0x28e25b38, 0xc883cabb), + TOBN(0xe968dba5, 0x47a58995), TOBN(0x2c80b505, 0x774eebdf), + TOBN(0xee763b71, 0x4a953beb), TOBN(0x502e223f, 0x1642e7f6), + TOBN(0x6fe4b641, 0x61d5e722), TOBN(0x9d37c5b0, 0xdbef5316), + TOBN(0x0115ed70, 0xf8330bc7), TOBN(0x139850e6, 0x75a72789), + TOBN(0x27d7faec, 0xffceccc2), TOBN(0x3016a860, 0x4fd9f7f6), + TOBN(0xc492ec64, 0x4cd8f64c), TOBN(0x58a2d790, 0x279d7b51), + TOBN(0x0ced1fc5, 0x1fc75256), TOBN(0x3e658aed, 0x8f433017), + TOBN(0x0b61942e, 0x05da59eb), TOBN(0xba3d60a3, 0x0ddc3722), + TOBN(0x7c311cd1, 0x742e7f87), TOBN(0x6473ffee, 0xf6b01b6e), + }, + { + TOBN(0x8303604f, 0x692ac542), TOBN(0xf079ffe1, 0x227b91d3), + TOBN(0x19f63e63, 0x15aaf9bd), TOBN(0xf99ee565, 0xf1f344fb), + TOBN(0x8a1d661f, 0xd6219199), TOBN(0x8c883bc6, 0xd48ce41c), + TOBN(0x1065118f, 0x3c74d904), TOBN(0x713889ee, 0x0faf8b1b), + TOBN(0x972b3f8f, 0x81a1b3be), TOBN(0x4f3ce145, 0xce2764a0), + TOBN(0xe2d0f1cc, 0x28c4f5f7), TOBN(0xdeee0c0d, 0xc7f3985b), + TOBN(0x7df4adc0, 0xd39e25c3), TOBN(0x40619820, 0xc467a080), + TOBN(0x440ebc93, 0x61cf5a58), TOBN(0x527729a6, 0x422ad600), + TOBN(0xca6c0937, 0xb1b76ba6), TOBN(0x1a2eab85, 0x4d2026dc), + TOBN(0xb1715e15, 0x19d9ae0a), TOBN(0xf1ad9199, 0xbac4a026), + TOBN(0x35b3dfb8, 0x07ea7b0e), TOBN(0xedf5496f, 0x3ed9eb89), + TOBN(0x8932e5ff, 0x2d6d08ab), TOBN(0xf314874e, 0x25bd2731), + TOBN(0xefb26a75, 0x3f73f449), TOBN(0x1d1c94f8, 0x8d44fc79), + TOBN(0x49f0fbc5, 0x3bc0dc4d), TOBN(0xb747ea0b, 0x3698a0d0), + TOBN(0x5218c3fe, 0x228d291e), TOBN(0x35b804b5, 0x43c129d6), + TOBN(0xfac859b8, 0xd1acc516), TOBN(0x6c10697d, 0x95d6e668), + TOBN(0xc38e438f, 0x0876fd4e), TOBN(0x45f0c307, 0x83d2f383), + TOBN(0x203cc2ec, 0xb10934cb), TOBN(0x6a8f2439, 0x2c9d46ee), + TOBN(0xf16b431b, 0x65ccde7b), TOBN(0x41e2cd18, 0x27e76a6f), + TOBN(0xb9c8cf8f, 0x4e3484d7), TOBN(0x64426efd, 0x8315244a), + TOBN(0x1c0a8e44, 0xfc94dea3), TOBN(0x34c8cdbf, 0xdad6a0b0), + TOBN(0x919c3840, 0x04113cef), TOBN(0xfd32fba4, 0x15490ffa), + TOBN(0x58d190f6, 0x795dcfb7), TOBN(0xfef01b03, 0x83588baf), + TOBN(0x9e6d1d63, 0xca1fc1c0), TOBN(0x53173f96, 0xf0a41ac9), + TOBN(0x2b1d402a, 0xba16f73b), TOBN(0x2fb31014, 0x8cf9b9fc), + TOBN(0x2d51e60e, 0x446ef7bf), TOBN(0xc731021b, 0xb91e1745), + TOBN(0x9d3b4724, 0x4fee99d4), TOBN(0x4bca48b6, 0xfac5c1ea), + TOBN(0x70f5f514, 0xbbea9af7), TOBN(0x751f55a5, 0x974c283a), + TOBN(0x6e30251a, 0xcb452fdb), TOBN(0x31ee6965, 0x50f30650), + TOBN(0xb0b3e508, 0x933548d9), TOBN(0xb8949a4f, 0xf4b0ef5b), + TOBN(0x208b8326, 0x3c88f3bd), TOBN(0xab147c30, 0xdb1d9989), + TOBN(0xed6515fd, 0x44d4df03), TOBN(0x17a12f75, 0xe72eb0c5), + TOBN(0x3b59796d, 0x36cf69db), TOBN(0x1219eee9, 0x56670c18), + TOBN(0xfe3341f7, 0x7a070d8e), TOBN(0x9b70130b, 0xa327f90c), + TOBN(0x36a32462, 0x0ae18e0e), TOBN(0x2021a623, 0x46c0a638), + TOBN(0x251b5817, 0xc62eb0d4), TOBN(0x87bfbcdf, 0x4c762293), + TOBN(0xf78ab505, 0xcdd61d64), TOBN(0x8c7a53fc, 0xc8c18857), + TOBN(0xa653ce6f, 0x16147515), TOBN(0x9c923aa5, 0xea7d52d5), + TOBN(0xc24709cb, 0x5c18871f), TOBN(0x7d53bec8, 0x73b3cc74), + TOBN(0x59264aff, 0xfdd1d4c4), TOBN(0x5555917e, 0x240da582), + TOBN(0xcae8bbda, 0x548f5a0e), TOBN(0x1910eaba, 0x3bbfbbe1), + TOBN(0xae579685, 0x7677afc3), TOBN(0x49ea61f1, 0x73ff0b5c), + TOBN(0x78655478, 0x4f7c3922), TOBN(0x95d337cd, 0x20c68eef), + TOBN(0x68f1e1e5, 0xdf779ab9), TOBN(0x14b491b0, 0xb5cf69a8), + TOBN(0x7a6cbbe0, 0x28e3fe89), TOBN(0xe7e1fee4, 0xc5aac0eb), + TOBN(0x7f47eda5, 0x697e5140), TOBN(0x4f450137, 0xb454921f), + TOBN(0xdb625f84, 0x95cd8185), TOBN(0x74be0ba1, 0xcdb2e583), + TOBN(0xaee4fd7c, 0xdd5e6de4), TOBN(0x4251437d, 0xe8101739), + TOBN(0x686d72a0, 0xac620366), TOBN(0x4be3fb9c, 0xb6d59344), + TOBN(0x6e8b44e7, 0xa1eb75b9), TOBN(0x84e39da3, 0x91a5c10c), + TOBN(0x37cc1490, 0xb38f0409), TOBN(0x02951943, 0x2c2ade82), + TOBN(0x9b688783, 0x1190a2d8), TOBN(0x25627d14, 0x231182ba), + TOBN(0x6eb550aa, 0x658a6d87), TOBN(0x1405aaa7, 0xcf9c7325), + TOBN(0xd147142e, 0x5c8748c9), TOBN(0x7f637e4f, 0x53ede0e0), + TOBN(0xf8ca2776, 0x14ffad2c), TOBN(0xe58fb1bd, 0xbafb6791), + TOBN(0x17158c23, 0xbf8f93fc), TOBN(0x7f15b373, 0x0a4a4655), + TOBN(0x39d4add2, 0xd842ca72), TOBN(0xa71e4391, 0x3ed96305), + TOBN(0x5bb09cbe, 0x6700be14), TOBN(0x68d69d54, 0xd8befcf6), + TOBN(0xa45f5367, 0x37183bcf), TOBN(0x7152b7bb, 0x3370dff7), + TOBN(0xcf887baa, 0xbf12525b), TOBN(0xe7ac7bdd, 0xd6d1e3cd), + TOBN(0x25914f78, 0x81fdad90), TOBN(0xcf638f56, 0x0d2cf6ab), + TOBN(0xb90bc03f, 0xcc054de5), TOBN(0x932811a7, 0x18b06350), + TOBN(0x2f00b330, 0x9bbd11ff), TOBN(0x76108a6f, 0xb4044974), + TOBN(0x801bb9e0, 0xa851d266), TOBN(0x0dd099be, 0xbf8990c1), + TOBN(0x58c5aaaa, 0xabe32986), TOBN(0x0fe9dd2a, 0x50d59c27), + TOBN(0x84951ff4, 0x8d307305), TOBN(0x6c23f829, 0x86529b78), + TOBN(0x50bb2218, 0x0b136a79), TOBN(0x7e2174de, 0x77a20996), + TOBN(0x6f00a4b9, 0xc0bb4da6), TOBN(0x89a25a17, 0xefdde8da), + TOBN(0xf728a27e, 0xc11ee01d), TOBN(0xf900553a, 0xe5f10dfb), + TOBN(0x189a83c8, 0x02ec893c), TOBN(0x3ca5bdc1, 0x23f66d77), + TOBN(0x98781537, 0x97eada9f), TOBN(0x59c50ab3, 0x10256230), + TOBN(0x346042d9, 0x323c69b3), TOBN(0x1b715a6d, 0x2c460449), + TOBN(0xa41dd476, 0x6ae06e0b), TOBN(0xcdd7888e, 0x9d42e25f), + TOBN(0x0f395f74, 0x56b25a20), TOBN(0xeadfe0ae, 0x8700e27e), + TOBN(0xb09d52a9, 0x69950093), TOBN(0x3525d9cb, 0x327f8d40), + TOBN(0xb8235a94, 0x67df886a), TOBN(0x77e4b0dd, 0x035faec2), + TOBN(0x115eb20a, 0x517d7061), TOBN(0x77fe3433, 0x6c2df683), + TOBN(0x6870ddc7, 0xcdc6fc67), TOBN(0xb1610588, 0x0b87de83), + TOBN(0x343584ca, 0xd9c4ddbe), TOBN(0xb3164f1c, 0x3d754be2), + TOBN(0x0731ed3a, 0xc1e6c894), TOBN(0x26327dec, 0x4f6b904c), + TOBN(0x9d49c6de, 0x97b5cd32), TOBN(0x40835dae, 0xb5eceecd), + TOBN(0xc66350ed, 0xd9ded7fe), TOBN(0x8aeebb5c, 0x7a678804), + TOBN(0x51d42fb7, 0x5b8ee9ec), TOBN(0xd7a17bdd, 0x8e3ca118), + TOBN(0x40d7511a, 0x2ef4400e), TOBN(0xc48990ac, 0x875a66f4), + TOBN(0x8de07d2a, 0x2199e347), TOBN(0xbee75556, 0x2a39e051), + TOBN(0x56918786, 0x916e51dc), TOBN(0xeb191313, 0x4a2d89ec), + TOBN(0x6679610d, 0x37d341ed), TOBN(0x434fbb41, 0x56d51c2b), + TOBN(0xe54b7ee7, 0xd7492dba), TOBN(0xaa33a79a, 0x59021493), + TOBN(0x49fc5054, 0xe4bd6d3d), TOBN(0x09540f04, 0x5ab551d0), + TOBN(0x8acc9085, 0x4942d3a6), TOBN(0x231af02f, 0x2d28323b), + TOBN(0x93458cac, 0x0992c163), TOBN(0x1fef8e71, 0x888e3bb4), + TOBN(0x27578da5, 0xbe8c268c), TOBN(0xcc8be792, 0xe805ec00), + TOBN(0x29267bae, 0xc61c3855), TOBN(0xebff429d, 0x58c1fd3b), + TOBN(0x22d886c0, 0x8c0b93b8), TOBN(0xca5e00b2, 0x2ddb8953), + TOBN(0xcf330117, 0xc3fed8b7), TOBN(0xd49ac6fa, 0x819c01f6), + TOBN(0x6ddaa6bd, 0x3c0fbd54), TOBN(0x91743068, 0x8049a2cf), + TOBN(0xd67f981e, 0xaff2ef81), TOBN(0xc3654d35, 0x2818ae80), + TOBN(0x81d05044, 0x1b2aa892), TOBN(0x2db067bf, 0x3d099328), + TOBN(0xe7c79e86, 0x703dcc97), TOBN(0xe66f9b37, 0xe133e215), + TOBN(0xcdf119a6, 0xe39a7a5c), TOBN(0x47c60de3, 0x876f1b61), + TOBN(0x6e405939, 0xd860f1b2), TOBN(0x3e9a1dbc, 0xf5ed4d4a), + TOBN(0x3f23619e, 0xc9b6bcbd), TOBN(0x5ee790cf, 0x734e4497), + TOBN(0xf0a834b1, 0x5bdaf9bb), TOBN(0x02cedda7, 0x4ca295f0), + TOBN(0x4619aa2b, 0xcb8e378c), TOBN(0xe5613244, 0xcc987ea4), + TOBN(0x0bc022cc, 0x76b23a50), TOBN(0x4a2793ad, 0x0a6c21ce), + TOBN(0x38328780, 0x89cac3f5), TOBN(0x29176f1b, 0xcba26d56), + TOBN(0x06296187, 0x4f6f59eb), TOBN(0x86e9bca9, 0x8bdc658e), + TOBN(0x2ca9c4d3, 0x57e30402), TOBN(0x5438b216, 0x516a09bb), + TOBN(0x0a6a063c, 0x7672765a), TOBN(0x37a3ce64, 0x0547b9bf), + TOBN(0x42c099c8, 0x98b1a633), TOBN(0xb5ab800d, 0x05ee6961), + TOBN(0xf1963f59, 0x11a5acd6), TOBN(0xbaee6157, 0x46201063), + TOBN(0x36d9a649, 0xa596210a), TOBN(0xaed04363, 0x1ba7138c), + TOBN(0xcf817d1c, 0xa4a82b76), TOBN(0x5586960e, 0xf3806be9), + TOBN(0x7ab67c89, 0x09dc6bb5), TOBN(0x52ace7a0, 0x114fe7eb), + TOBN(0xcd987618, 0xcbbc9b70), TOBN(0x4f06fd5a, 0x604ca5e1), + TOBN(0x90af14ca, 0x6dbde133), TOBN(0x1afe4322, 0x948a3264), + TOBN(0xa70d2ca6, 0xc44b2c6c), TOBN(0xab726799, 0x0ef87dfe), + TOBN(0x310f64dc, 0x2e696377), TOBN(0x49b42e68, 0x4c8126a0), + TOBN(0x0ea444c3, 0xcea0b176), TOBN(0x53a8ddf7, 0xcb269182), + TOBN(0xf3e674eb, 0xbbba9dcb), TOBN(0x0d2878a8, 0xd8669d33), + TOBN(0x04b935d5, 0xd019b6a3), TOBN(0xbb5cf88e, 0x406f1e46), + TOBN(0xa1912d16, 0x5b57c111), TOBN(0x9803fc21, 0x19ebfd78), + TOBN(0x4f231c9e, 0xc07764a9), TOBN(0xd93286ee, 0xb75bd055), + TOBN(0x83a9457d, 0x8ee6c9de), TOBN(0x04695915, 0x6087ec90), + TOBN(0x14c6dd8a, 0x58d6cd46), TOBN(0x9cb633b5, 0x8e6634d2), + TOBN(0xc1305047, 0xf81bc328), TOBN(0x12ede0e2, 0x26a177e5), + TOBN(0x332cca62, 0x065a6f4f), TOBN(0xc3a47ecd, 0x67be487b), + TOBN(0x741eb187, 0x0f47ed1c), TOBN(0x99e66e58, 0xe7598b14), + TOBN(0x6f0544ca, 0x63d0ff12), TOBN(0xe5efc784, 0xb610a05f), + TOBN(0xf72917b1, 0x7cad7b47), TOBN(0x3ff6ea20, 0xf2cac0c0), + TOBN(0xcc23791b, 0xf21db8b7), TOBN(0x7dac70b1, 0xd7d93565), + TOBN(0x682cda1d, 0x694bdaad), TOBN(0xeb88bb8c, 0x1023516d), + TOBN(0xc4c634b4, 0xdfdbeb1b), TOBN(0x22f5ca72, 0xb4ee4dea), + TOBN(0x1045a368, 0xe6524821), TOBN(0xed9e8a3f, 0x052b18b2), + TOBN(0x9b7f2cb1, 0xb961f49a), TOBN(0x7fee2ec1, 0x7b009670), + TOBN(0x350d8754, 0x22507a6d), TOBN(0x561bd711, 0x4db55f1d), + TOBN(0x4c189ccc, 0x320bbcaf), TOBN(0x568434cf, 0xdf1de48c), + TOBN(0x6af1b00e, 0x0fa8f128), TOBN(0xf0ba9d02, 0x8907583c), + TOBN(0x735a4004, 0x32ff9f60), TOBN(0x3dd8e4b6, 0xc25dcf33), + TOBN(0xf2230f16, 0x42c74cef), TOBN(0xd8117623, 0x013fa8ad), + TOBN(0x36822876, 0xf51fe76e), TOBN(0x8a6811cc, 0x11d62589), + TOBN(0xc3fc7e65, 0x46225718), TOBN(0xb7df2c9f, 0xc82fdbcd), + TOBN(0x3b1d4e52, 0xdd7b205b), TOBN(0xb6959478, 0x47a2e414), + TOBN(0x05e4d793, 0xefa91148), TOBN(0xb47ed446, 0xfd2e9675), + TOBN(0x1a7098b9, 0x04c9d9bf), TOBN(0x661e2881, 0x1b793048), + TOBN(0xb1a16966, 0xb01ee461), TOBN(0xbc521308, 0x2954746f), + TOBN(0xc909a0fc, 0x2477de50), TOBN(0xd80bb41c, 0x7dbd51ef), + TOBN(0xa85be7ec, 0x53294905), TOBN(0x6d465b18, 0x83958f97), + TOBN(0x16f6f330, 0xfb6840fd), TOBN(0xfaaeb214, 0x3401e6c8), + TOBN(0xaf83d30f, 0xccb5b4f8), TOBN(0x22885739, 0x266dec4b), + TOBN(0x51b4367c, 0x7bc467df), TOBN(0x926562e3, 0xd842d27a), + TOBN(0xdfcb6614, 0x0fea14a6), TOBN(0xeb394dae, 0xf2734cd9), + TOBN(0x3eeae5d2, 0x11c0be98), TOBN(0xb1e6ed11, 0x814e8165), + TOBN(0x191086bc, 0xe52bce1c), TOBN(0x14b74cc6, 0xa75a04da), + TOBN(0x63cf1186, 0x8c060985), TOBN(0x071047de, 0x2dbd7f7c), + TOBN(0x4e433b8b, 0xce0942ca), TOBN(0xecbac447, 0xd8fec61d), + TOBN(0x8f0ed0e2, 0xebf3232f), TOBN(0xfff80f9e, 0xc52a2edd), + TOBN(0xad9ab433, 0x75b55fdb), TOBN(0x73ca7820, 0xe42e0c11), + TOBN(0x6dace0a0, 0xe6251b46), TOBN(0x89bc6b5c, 0x4c0d932d), + TOBN(0x3438cd77, 0x095da19a), TOBN(0x2f24a939, 0x8d48bdfb), + TOBN(0x99b47e46, 0x766561b7), TOBN(0x736600e6, 0x0ed0322a), + TOBN(0x06a47cb1, 0x638e1865), TOBN(0x927c1c2d, 0xcb136000), + TOBN(0x29542337, 0x0cc5df69), TOBN(0x99b37c02, 0x09d649a9), + TOBN(0xc5f0043c, 0x6aefdb27), TOBN(0x6cdd9987, 0x1be95c27), + TOBN(0x69850931, 0x390420d2), TOBN(0x299c40ac, 0x0983efa4), + TOBN(0x3a05e778, 0xaf39aead), TOBN(0x84274408, 0x43a45193), + TOBN(0x6bcd0fb9, 0x91a711a0), TOBN(0x461592c8, 0x9f52ab17), + TOBN(0xb49302b4, 0xda3c6ed6), TOBN(0xc51fddc7, 0x330d7067), + TOBN(0x94babeb6, 0xda50d531), TOBN(0x521b840d, 0xa6a7b9da), + TOBN(0x5305151e, 0x404bdc89), TOBN(0x1bcde201, 0xd0d07449), + TOBN(0xf427a78b, 0x3b76a59a), TOBN(0xf84841ce, 0x07791a1b), + TOBN(0xebd314be, 0xbf91ed1c), TOBN(0x8e61d34c, 0xbf172943), + TOBN(0x1d5dc451, 0x5541b892), TOBN(0xb186ee41, 0xfc9d9e54), + TOBN(0x9d9f345e, 0xd5bf610d), TOBN(0x3e7ba65d, 0xf6acca9f), + TOBN(0x9dda787a, 0xa8369486), TOBN(0x09f9dab7, 0x8eb5ba53), + TOBN(0x5afb2033, 0xd6481bc3), TOBN(0x76f4ce30, 0xafa62104), + TOBN(0xa8fa00cf, 0xf4f066b5), TOBN(0x89ab5143, 0x461dafc2), + TOBN(0x44339ed7, 0xa3389998), TOBN(0x2ff862f1, 0xbc214903), + TOBN(0x2c88f985, 0xb05556e3), TOBN(0xcd96058e, 0x3467081e), + TOBN(0x7d6a4176, 0xedc637ea), TOBN(0xe1743d09, 0x36a5acdc), + TOBN(0x66fd72e2, 0x7eb37726), TOBN(0xf7fa264e, 0x1481a037), + TOBN(0x9fbd3bde, 0x45f4aa79), TOBN(0xed1e0147, 0x767c3e22), + TOBN(0x7621f979, 0x82e7abe2), TOBN(0x19eedc72, 0x45f633f8), + TOBN(0xe69b155e, 0x6137bf3a), TOBN(0xa0ad13ce, 0x414ee94e), + TOBN(0x93e3d524, 0x1c0e651a), TOBN(0xab1a6e2a, 0x02ce227e), + TOBN(0xe7af1797, 0x4ab27eca), TOBN(0x245446de, 0xbd444f39), + TOBN(0x59e22a21, 0x56c07613), TOBN(0x43deafce, 0xf4275498), + TOBN(0x10834ccb, 0x67fd0946), TOBN(0xa75841e5, 0x47406edf), + TOBN(0xebd6a677, 0x7b0ac93d), TOBN(0xa6e37b0d, 0x78f5e0d7), + TOBN(0x2516c096, 0x76f5492b), TOBN(0x1e4bf888, 0x9ac05f3a), + TOBN(0xcdb42ce0, 0x4df0ba2b), TOBN(0x935d5cfd, 0x5062341b), + TOBN(0x8a303333, 0x82acac20), TOBN(0x429438c4, 0x5198b00e), + TOBN(0x1d083bc9, 0x049d33fa), TOBN(0x58b82dda, 0x946f67ff), + TOBN(0xac3e2db8, 0x67a1d6a3), TOBN(0x62e6bead, 0x1798aac8), + TOBN(0xfc85980f, 0xde46c58c), TOBN(0xa7f69379, 0x69c8d7be), + TOBN(0x23557927, 0x837b35ec), TOBN(0x06a933d8, 0xe0790c0c), + TOBN(0x827c0e9b, 0x077ff55d), TOBN(0x53977798, 0xbb26e680), + TOBN(0x59530874, 0x1d9cb54f), TOBN(0xcca3f449, 0x4aac53ef), + TOBN(0x11dc5c87, 0xa07eda0f), TOBN(0xc138bccf, 0xfd6400c8), + TOBN(0x549680d3, 0x13e5da72), TOBN(0xc93eed82, 0x4540617e), + TOBN(0xfd3db157, 0x4d0b75c0), TOBN(0x9716eb42, 0x6386075b), + TOBN(0x0639605c, 0x817b2c16), TOBN(0x09915109, 0xf1e4f201), + TOBN(0x35c9a928, 0x5cca6c3b), TOBN(0xb25f7d1a, 0x3505c900), + TOBN(0xeb9f7d20, 0x630480c4), TOBN(0xc3c7b8c6, 0x2a1a501c), + TOBN(0x3f99183c, 0x5a1f8e24), TOBN(0xfdb118fa, 0x9dd255f0), + TOBN(0xb9b18b90, 0xc27f62a6), TOBN(0xe8f732f7, 0x396ec191), + TOBN(0x524a2d91, 0x0be786ab), TOBN(0x5d32adef, 0x0ac5a0f5), + TOBN(0x9b53d4d6, 0x9725f694), TOBN(0x032a76c6, 0x0510ba89), + TOBN(0x840391a3, 0xebeb1544), TOBN(0x44b7b88c, 0x3ed73ac3), + TOBN(0xd24bae7a, 0x256cb8b3), TOBN(0x7ceb151a, 0xe394cb12), + TOBN(0xbd6b66d0, 0x5bc1e6a8), TOBN(0xec70cecb, 0x090f07bf), + TOBN(0x270644ed, 0x7d937589), TOBN(0xee9e1a3d, 0x5f1dccfe), + TOBN(0xb0d40a84, 0x745b98d2), TOBN(0xda429a21, 0x2556ed40), + TOBN(0xf676eced, 0x85148cb9), TOBN(0x5a22d40c, 0xded18936), + TOBN(0x3bc4b9e5, 0x70e8a4ce), TOBN(0xbfd1445b, 0x9eae0379), + TOBN(0xf23f2c0c, 0x1a0bd47e), TOBN(0xa9c0bb31, 0xe1845531), + TOBN(0x9ddc4d60, 0x0a4c3f6b), TOBN(0xbdfaad79, 0x2c15ef44), + TOBN(0xce55a236, 0x7f484acc), TOBN(0x08653ca7, 0x055b1f15), + TOBN(0x2efa8724, 0x538873a3), TOBN(0x09299e5d, 0xace1c7e7), + TOBN(0x07afab66, 0xade332ba), TOBN(0x9be1fdf6, 0x92dd71b7), + TOBN(0xa49b5d59, 0x5758b11c), TOBN(0x0b852893, 0xc8654f40), + TOBN(0xb63ef6f4, 0x52379447), TOBN(0xd4957d29, 0x105e690c), + TOBN(0x7d484363, 0x646559b0), TOBN(0xf4a8273c, 0x49788a8e), + TOBN(0xee406cb8, 0x34ce54a9), TOBN(0x1e1c260f, 0xf86fda9b), + TOBN(0xe150e228, 0xcf6a4a81), TOBN(0x1fa3b6a3, 0x1b488772), + TOBN(0x1e6ff110, 0xc5a9c15b), TOBN(0xc6133b91, 0x8ad6aa47), + TOBN(0x8ac5d55c, 0x9dffa978), TOBN(0xba1d1c1d, 0x5f3965f2), + TOBN(0xf969f4e0, 0x7732b52f), TOBN(0xfceecdb5, 0xa5172a07), + TOBN(0xb0120a5f, 0x10f2b8f5), TOBN(0xc83a6cdf, 0x5c4c2f63), + TOBN(0x4d47a491, 0xf8f9c213), TOBN(0xd9e1cce5, 0xd3f1bbd5), + TOBN(0x0d91bc7c, 0xaba7e372), TOBN(0xfcdc74c8, 0xdfd1a2db), + TOBN(0x05efa800, 0x374618e5), TOBN(0x11216969, 0x15a7925e), + TOBN(0xd4c89823, 0xf6021c5d), TOBN(0x880d5e84, 0xeff14423), + TOBN(0x6523bc5a, 0x6dcd1396), TOBN(0xd1acfdfc, 0x113c978b), + TOBN(0xb0c164e8, 0xbbb66840), TOBN(0xf7f4301e, 0x72b58459), + TOBN(0xc29ad4a6, 0xa638e8ec), TOBN(0xf5ab8961, 0x46b78699), + TOBN(0x9dbd7974, 0x0e954750), TOBN(0x0121de88, 0x64f9d2c6), + TOBN(0x2e597b42, 0xd985232e), TOBN(0x55b6c3c5, 0x53451777), + TOBN(0xbb53e547, 0x519cb9fb), TOBN(0xf134019f, 0x8428600d), + TOBN(0x5a473176, 0xe081791a), TOBN(0x2f3e2263, 0x35fb0c08), + TOBN(0xb28c3017, 0x73d273b0), TOBN(0xccd21076, 0x7721ef9a), + TOBN(0x054cc292, 0xb650dc39), TOBN(0x662246de, 0x6188045e), + TOBN(0x904b52fa, 0x6b83c0d1), TOBN(0xa72df267, 0x97e9cd46), + TOBN(0x886b43cd, 0x899725e4), TOBN(0x2b651688, 0xd849ff22), + TOBN(0x60479b79, 0x02f34533), TOBN(0x5e354c14, 0x0c77c148), + TOBN(0xb4bb7581, 0xa8537c78), TOBN(0x188043d7, 0xefe1495f), + TOBN(0x9ba12f42, 0x8c1d5026), TOBN(0x2e0c8a26, 0x93d4aaab), + TOBN(0xbdba7b8b, 0xaa57c450), TOBN(0x140c9ad6, 0x9bbdafef), + TOBN(0x2067aa42, 0x25ac0f18), TOBN(0xf7b1295b, 0x04d1fbf3), + TOBN(0x14829111, 0xa4b04824), TOBN(0x2ce3f192, 0x33bd5e91), + TOBN(0x9c7a1d55, 0x8f2e1b72), TOBN(0xfe932286, 0x302aa243), + TOBN(0x497ca7b4, 0xd4be9554), TOBN(0xb8e821b8, 0xe0547a6e), + TOBN(0xfb2838be, 0x67e573e0), TOBN(0x05891db9, 0x4084c44b), + TOBN(0x91311373, 0x96c1c2c5), TOBN(0x6aebfa3f, 0xd958444b), + TOBN(0xac9cdce9, 0xe56e55c1), TOBN(0x7148ced3, 0x2caa46d0), + TOBN(0x2e10c7ef, 0xb61fe8eb), TOBN(0x9fd835da, 0xff97cf4d), + }, + { + TOBN(0xa36da109, 0x081e9387), TOBN(0xfb9780d7, 0x8c935828), + TOBN(0xd5940332, 0xe540b015), TOBN(0xc9d7b51b, 0xe0f466fa), + TOBN(0xfaadcd41, 0xd6d9f671), TOBN(0xba6c1e28, 0xb1a2ac17), + TOBN(0x066a7833, 0xed201e5f), TOBN(0x19d99719, 0xf90f462b), + TOBN(0xf431f462, 0x060b5f61), TOBN(0xa56f46b4, 0x7bd057c2), + TOBN(0x348dca6c, 0x47e1bf65), TOBN(0x9a38783e, 0x41bcf1ff), + TOBN(0x7a5d33a9, 0xda710718), TOBN(0x5a779987, 0x2e0aeaf6), + TOBN(0xca87314d, 0x2d29d187), TOBN(0xfa0edc3e, 0xc687d733), + TOBN(0x9df33621, 0x6a31e09b), TOBN(0xde89e44d, 0xc1350e35), + TOBN(0x29214871, 0x4ca0cf52), TOBN(0xdf379672, 0x0b88a538), + TOBN(0xc92a510a, 0x2591d61b), TOBN(0x79aa87d7, 0x585b447b), + TOBN(0xf67db604, 0xe5287f77), TOBN(0x1697c8bf, 0x5efe7a80), + TOBN(0x1c894849, 0xcb198ac7), TOBN(0xa884a93d, 0x0f264665), + TOBN(0x2da964ef, 0x9b200678), TOBN(0x3c351b87, 0x009834e6), + TOBN(0xafb2ef9f, 0xe2c4b44b), TOBN(0x580f6c47, 0x3326790c), + TOBN(0xb8480521, 0x0b02264a), TOBN(0x8ba6f9e2, 0x42a194e2), + TOBN(0xfc87975f, 0x8fb54738), TOBN(0x35160788, 0x27c3ead3), + TOBN(0x834116d2, 0xb74a085a), TOBN(0x53c99a73, 0xa62fe996), + TOBN(0x87585be0, 0x5b81c51b), TOBN(0x925bafa8, 0xbe0852b7), + TOBN(0x76a4fafd, 0xa84d19a7), TOBN(0x39a45982, 0x585206d4), + TOBN(0x499b6ab6, 0x5eb03c0e), TOBN(0xf19b7954, 0x72bc3fde), + TOBN(0xa86b5b9c, 0x6e3a80d2), TOBN(0xe4377508, 0x6d42819f), + TOBN(0xc1663650, 0xbb3ee8a3), TOBN(0x75eb14fc, 0xb132075f), + TOBN(0xa8ccc906, 0x7ad834f6), TOBN(0xea6a2474, 0xe6e92ffd), + TOBN(0x9d72fd95, 0x0f8d6758), TOBN(0xcb84e101, 0x408c07dd), + TOBN(0xb9114bfd, 0xa5e23221), TOBN(0x358b5fe2, 0xe94e742c), + TOBN(0x1c0577ec, 0x95f40e75), TOBN(0xf0155451, 0x3d73f3d6), + TOBN(0x9d55cd67, 0xbd1b9b66), TOBN(0x63e86e78, 0xaf8d63c7), + TOBN(0x39d934ab, 0xd3c095f1), TOBN(0x04b261be, 0xe4b76d71), + TOBN(0x1d2e6970, 0xe73e6984), TOBN(0x879fb23b, 0x5e5fcb11), + TOBN(0x11506c72, 0xdfd75490), TOBN(0x3a97d085, 0x61bcf1c1), + TOBN(0x43201d82, 0xbf5e7007), TOBN(0x7f0ac52f, 0x798232a7), + TOBN(0x2715cbc4, 0x6eb564d4), TOBN(0x8d6c752c, 0x9e570e29), + TOBN(0xf80247c8, 0x9ef5fd5d), TOBN(0xc3c66b46, 0xd53eb514), + TOBN(0x9666b401, 0x0f87de56), TOBN(0xce62c06f, 0xc6c603b5), + TOBN(0xae7b4c60, 0x7e4fc942), TOBN(0x38ac0b77, 0x663a9c19), + TOBN(0xcb4d20ee, 0x4b049136), TOBN(0x8b63bf12, 0x356a4613), + TOBN(0x1221aef6, 0x70e08128), TOBN(0xe62d8c51, 0x4acb6b16), + TOBN(0x71f64a67, 0x379e7896), TOBN(0xb25237a2, 0xcafd7fa5), + TOBN(0xf077bd98, 0x3841ba6a), TOBN(0xc4ac0244, 0x3cd16e7e), + TOBN(0x548ba869, 0x21fea4ca), TOBN(0xd36d0817, 0xf3dfdac1), + TOBN(0x09d8d71f, 0xf4685faf), TOBN(0x8eff66be, 0xc52c459a), + TOBN(0x182faee7, 0x0b57235e), TOBN(0xee3c39b1, 0x0106712b), + TOBN(0x5107331f, 0xc0fcdcb0), TOBN(0x669fb9dc, 0xa51054ba), + TOBN(0xb25101fb, 0x319d7682), TOBN(0xb0293129, 0x0a982fee), + TOBN(0x51c1c9b9, 0x0261b344), TOBN(0x0e008c5b, 0xbfd371fa), + TOBN(0xd866dd1c, 0x0278ca33), TOBN(0x666f76a6, 0xe5aa53b1), + TOBN(0xe5cfb779, 0x6013a2cf), TOBN(0x1d3a1aad, 0xa3521836), + TOBN(0xcedd2531, 0x73faa485), TOBN(0xc8ee6c4f, 0xc0a76878), + TOBN(0xddbccfc9, 0x2a11667d), TOBN(0x1a418ea9, 0x1c2f695a), + TOBN(0xdb11bd92, 0x51f73971), TOBN(0x3e4b3c82, 0xda2ed89f), + TOBN(0x9a44f3f4, 0xe73e0319), TOBN(0xd1e3de0f, 0x303431af), + TOBN(0x3c5604ff, 0x50f75f9c), TOBN(0x1d8eddf3, 0x7e752b22), + TOBN(0x0ef074dd, 0x3c9a1118), TOBN(0xd0ffc172, 0xccb86d7b), + TOBN(0xabd1ece3, 0x037d90f2), TOBN(0xe3f307d6, 0x6055856c), + TOBN(0x422f9328, 0x7e4c6daf), TOBN(0x902aac66, 0x334879a0), + TOBN(0xb6a1e7bf, 0x94cdfade), TOBN(0x6c97e1ed, 0x7fc6d634), + TOBN(0x662ad24d, 0xa2fb63f8), TOBN(0xf81be1b9, 0xa5928405), + TOBN(0x86d765e4, 0xd14b4206), TOBN(0xbecc2e0e, 0x8fa0db65), + TOBN(0xa28838e0, 0xb17fc76c), TOBN(0xe49a602a, 0xe37cf24e), + TOBN(0x76b4131a, 0x567193ec), TOBN(0xaf3c305a, 0xe5f6e70b), + TOBN(0x9587bd39, 0x031eebdd), TOBN(0x5709def8, 0x71bbe831), + TOBN(0x57059983, 0x0eb2b669), TOBN(0x4d80ce1b, 0x875b7029), + TOBN(0x838a7da8, 0x0364ac16), TOBN(0x2f431d23, 0xbe1c83ab), + TOBN(0xe56812a6, 0xf9294dd3), TOBN(0xb448d01f, 0x9b4b0d77), + TOBN(0xf3ae6061, 0x04e8305c), TOBN(0x2bead645, 0x94d8c63e), + TOBN(0x0a85434d, 0x84fd8b07), TOBN(0x537b983f, 0xf7a9dee5), + TOBN(0xedcc5f18, 0xef55bd85), TOBN(0x2041af62, 0x21c6cf8b), + TOBN(0x8e52874c, 0xb940c71e), TOBN(0x211935a9, 0xdb5f4b3a), + TOBN(0x94350492, 0x301b1dc3), TOBN(0x33d2646d, 0x29958620), + TOBN(0x16b0d64b, 0xef911404), TOBN(0x9d1f25ea, 0x9a3c5ef4), + TOBN(0x20f200eb, 0x4a352c78), TOBN(0x43929f2c, 0x4bd0b428), + TOBN(0xa5656667, 0xc7196e29), TOBN(0x7992c2f0, 0x9391be48), + TOBN(0xaaa97cbd, 0x9ee0cd6e), TOBN(0x51b0310c, 0x3dc8c9bf), + TOBN(0x237f8acf, 0xdd9f22cb), TOBN(0xbb1d81a1, 0xb585d584), + TOBN(0x8d5d85f5, 0x8c416388), TOBN(0x0d6e5a5a, 0x42fe474f), + TOBN(0xe7812766, 0x38235d4e), TOBN(0x1c62bd67, 0x496e3298), + TOBN(0x8378660c, 0x3f175bc8), TOBN(0x4d04e189, 0x17afdd4d), + TOBN(0x32a81601, 0x85a8068c), TOBN(0xdb58e4e1, 0x92b29a85), + TOBN(0xe8a65b86, 0xc70d8a3b), TOBN(0x5f0e6f4e, 0x98a0403b), + TOBN(0x08129684, 0x69ed2370), TOBN(0x34dc30bd, 0x0871ee26), + TOBN(0x3a5ce948, 0x7c9c5b05), TOBN(0x7d487b80, 0x43a90c87), + TOBN(0x4089ba37, 0xdd0e7179), TOBN(0x45f80191, 0xb4041811), + TOBN(0x1c3e1058, 0x98747ba5), TOBN(0x98c4e13a, 0x6e1ae592), + TOBN(0xd44636e6, 0xe82c9f9e), TOBN(0x711db87c, 0xc33a1043), + TOBN(0x6f431263, 0xaa8aec05), TOBN(0x43ff120d, 0x2744a4aa), + TOBN(0xd3bd892f, 0xae77779b), TOBN(0xf0fe0cc9, 0x8cdc9f82), + TOBN(0xca5f7fe6, 0xf1c5b1bc), TOBN(0xcc63a682, 0x44929a72), + TOBN(0xc7eaba0c, 0x09dbe19a), TOBN(0x2f3585ad, 0x6b5c73c2), + TOBN(0x8ab8924b, 0x0ae50c30), TOBN(0x17fcd27a, 0x638b30ba), + TOBN(0xaf414d34, 0x10b3d5a5), TOBN(0x09c107d2, 0x2a9accf1), + TOBN(0x15dac49f, 0x946a6242), TOBN(0xaec3df2a, 0xd707d642), + TOBN(0x2c2492b7, 0x3f894ae0), TOBN(0xf59df3e5, 0xb75f18ce), + TOBN(0x7cb740d2, 0x8f53cad0), TOBN(0x3eb585fb, 0xc4f01294), + TOBN(0x17da0c86, 0x32c7f717), TOBN(0xeb8c795b, 0xaf943f4c), + TOBN(0x4ee23fb5, 0xf67c51d2), TOBN(0xef187575, 0x68889949), + TOBN(0xa6b4bdb2, 0x0389168b), TOBN(0xc4ecd258, 0xea577d03), + TOBN(0x3a63782b, 0x55743082), TOBN(0x6f678f4c, 0xc72f08cd), + TOBN(0x553511cf, 0x65e58dd8), TOBN(0xd53b4e3e, 0xd402c0cd), + TOBN(0x37de3e29, 0xa037c14c), TOBN(0x86b6c516, 0xc05712aa), + TOBN(0x2834da3e, 0xb38dff6f), TOBN(0xbe012c52, 0xea636be8), + TOBN(0x292d238c, 0x61dd37f8), TOBN(0x0e54523f, 0x8f8142db), + TOBN(0xe31eb436, 0x036a05d8), TOBN(0x83e3cdff, 0x1e93c0ff), + TOBN(0x3fd2fe0f, 0x50821ddf), TOBN(0xc8e19b0d, 0xff9eb33b), + TOBN(0xc8cc943f, 0xb569a5fe), TOBN(0xad0090d4, 0xd4342d75), + TOBN(0x82090b4b, 0xcaeca000), TOBN(0xca39687f, 0x1bd410eb), + TOBN(0xe7bb0df7, 0x65959d77), TOBN(0x39d78218, 0x9c964999), + TOBN(0xd87f62e8, 0xb2415451), TOBN(0xe5efb774, 0xbed76108), + TOBN(0x3ea011a4, 0xe822f0d0), TOBN(0xbc647ad1, 0x5a8704f8), + TOBN(0xbb315b35, 0x50c6820f), TOBN(0x863dec3d, 0xb7e76bec), + TOBN(0x01ff5d3a, 0xf017bfc7), TOBN(0x20054439, 0x976b8229), + TOBN(0x067fca37, 0x0bbd0d3b), TOBN(0xf63dde64, 0x7f5e3d0f), + TOBN(0x22dbefb3, 0x2a4c94e9), TOBN(0xafbff0fe, 0x96f8278a), + TOBN(0x80aea0b1, 0x3503793d), TOBN(0xb2238029, 0x5f06cd29), + TOBN(0x65703e57, 0x8ec3feca), TOBN(0x06c38314, 0x393e7053), + TOBN(0xa0b751eb, 0x7c6734c4), TOBN(0xd2e8a435, 0xc59f0f1e), + TOBN(0x147d9052, 0x5e9ca895), TOBN(0x2f4dd31e, 0x972072df), + TOBN(0xa16fda8e, 0xe6c6755c), TOBN(0xc66826ff, 0xcf196558), + TOBN(0x1f1a76a3, 0x0cf43895), TOBN(0xa9d604e0, 0x83c3097b), + TOBN(0xe1908309, 0x66390e0e), TOBN(0xa50bf753, 0xb3c85eff), + TOBN(0x0696bdde, 0xf6a70251), TOBN(0x548b801b, 0x3c6ab16a), + TOBN(0x37fcf704, 0xa4d08762), TOBN(0x090b3def, 0xdff76c4e), + TOBN(0x87e8cb89, 0x69cb9158), TOBN(0x44a90744, 0x995ece43), + TOBN(0xf85395f4, 0x0ad9fbf5), TOBN(0x49b0f6c5, 0x4fb0c82d), + TOBN(0x75d9bc15, 0xadf7cccf), TOBN(0x81a3e5d6, 0xdfa1e1b0), + TOBN(0x8c39e444, 0x249bc17e), TOBN(0xf37dccb2, 0x8ea7fd43), + TOBN(0xda654873, 0x907fba12), TOBN(0x35daa6da, 0x4a372904), + TOBN(0x0564cfc6, 0x6283a6c5), TOBN(0xd09fa4f6, 0x4a9395bf), + TOBN(0x688e9ec9, 0xaeb19a36), TOBN(0xd913f1ce, 0xc7bfbfb4), + TOBN(0x797b9a3c, 0x61c2faa6), TOBN(0x2f979bec, 0x6a0a9c12), + TOBN(0xb5969d0f, 0x359679ec), TOBN(0xebcf523d, 0x079b0460), + TOBN(0xfd6b0008, 0x10fab870), TOBN(0x3f2edcda, 0x9373a39c), + TOBN(0x0d64f9a7, 0x6f568431), TOBN(0xf848c27c, 0x02f8898c), + TOBN(0xf418ade1, 0x260b5bd5), TOBN(0xc1f3e323, 0x6973dee8), + TOBN(0x46e9319c, 0x26c185dd), TOBN(0x6d85b7d8, 0x546f0ac4), + TOBN(0x427965f2, 0x247f9d57), TOBN(0xb519b636, 0xb0035f48), + TOBN(0x6b6163a9, 0xab87d59c), TOBN(0xff9f58c3, 0x39caaa11), + TOBN(0x4ac39cde, 0x3177387b), TOBN(0x5f6557c2, 0x873e77f9), + TOBN(0x67504006, 0x36a83041), TOBN(0x9b1c96ca, 0x75ef196c), + TOBN(0xf34283de, 0xb08c7940), TOBN(0x7ea09644, 0x1128c316), + TOBN(0xb510b3b5, 0x6aa39dff), TOBN(0x59b43da2, 0x9f8e4d8c), + TOBN(0xa8ce31fd, 0x9e4c4b9f), TOBN(0x0e20be26, 0xc1303c01), + TOBN(0x18187182, 0xe8ee47c9), TOBN(0xd9687cdb, 0x7db98101), + TOBN(0x7a520e4d, 0xa1e14ff6), TOBN(0x429808ba, 0x8836d572), + TOBN(0xa37ca60d, 0x4944b663), TOBN(0xf901f7a9, 0xa3f91ae5), + TOBN(0xe4e3e76e, 0x9e36e3b1), TOBN(0x9aa219cf, 0x29d93250), + TOBN(0x347fe275, 0x056a2512), TOBN(0xa4d643d9, 0xde65d95c), + TOBN(0x9669d396, 0x699fc3ed), TOBN(0xb598dee2, 0xcf8c6bbe), + TOBN(0x682ac1e5, 0xdda9e5c6), TOBN(0x4e0d3c72, 0xcaa9fc95), + TOBN(0x17faaade, 0x772bea44), TOBN(0x5ef8428c, 0xab0009c8), + TOBN(0xcc4ce47a, 0x460ff016), TOBN(0xda6d12bf, 0x725281cb), + TOBN(0x44c67848, 0x0223aad2), TOBN(0x6e342afa, 0x36256e28), + TOBN(0x1400bb0b, 0x93a37c04), TOBN(0x62b1bc9b, 0xdd10bd96), + TOBN(0x7251adeb, 0x0dac46b7), TOBN(0x7d33b92e, 0x7be4ef51), + TOBN(0x28b2a94b, 0xe61fa29a), TOBN(0x4b2be13f, 0x06422233), + TOBN(0x36d6d062, 0x330d8d37), TOBN(0x5ef80e1e, 0xb28ca005), + TOBN(0x174d4699, 0x6d16768e), TOBN(0x9fc4ff6a, 0x628bf217), + TOBN(0x77705a94, 0x154e490d), TOBN(0x9d96dd28, 0x8d2d997a), + TOBN(0x77e2d9d8, 0xce5d72c4), TOBN(0x9d06c5a4, 0xc11c714f), + TOBN(0x02aa5136, 0x79e4a03e), TOBN(0x1386b3c2, 0x030ff28b), + TOBN(0xfe82e8a6, 0xfb283f61), TOBN(0x7df203e5, 0xf3abc3fb), + TOBN(0xeec7c351, 0x3a4d3622), TOBN(0xf7d17dbf, 0xdf762761), + TOBN(0xc3956e44, 0x522055f0), TOBN(0xde3012db, 0x8fa748db), + TOBN(0xca9fcb63, 0xbf1dcc14), TOBN(0xa56d9dcf, 0xbe4e2f3a), + TOBN(0xb86186b6, 0x8bcec9c2), TOBN(0x7cf24df9, 0x680b9f06), + TOBN(0xc46b45ea, 0xc0d29281), TOBN(0xfff42bc5, 0x07b10e12), + TOBN(0x12263c40, 0x4d289427), TOBN(0x3d5f1899, 0xb4848ec4), + TOBN(0x11f97010, 0xd040800c), TOBN(0xb4c5f529, 0x300feb20), + TOBN(0xcc543f8f, 0xde94fdcb), TOBN(0xe96af739, 0xc7c2f05e), + TOBN(0xaa5e0036, 0x882692e1), TOBN(0x09c75b68, 0x950d4ae9), + TOBN(0x62f63df2, 0xb5932a7a), TOBN(0x2658252e, 0xde0979ad), + TOBN(0x2a19343f, 0xb5e69631), TOBN(0x718c7501, 0x525b666b), + TOBN(0x26a42d69, 0xea40dc3a), TOBN(0xdc84ad22, 0xaecc018f), + TOBN(0x25c36c7b, 0x3270f04a), TOBN(0x46ba6d47, 0x50fa72ed), + TOBN(0x6c37d1c5, 0x93e58a8e), TOBN(0xa2394731, 0x120c088c), + TOBN(0xc3be4263, 0xcb6e86da), TOBN(0x2c417d36, 0x7126d038), + TOBN(0x5b70f9c5, 0x8b6f8efa), TOBN(0x671a2faa, 0x37718536), + TOBN(0xd3ced3c6, 0xb539c92b), TOBN(0xe56f1bd9, 0xa31203c2), + TOBN(0x8b096ec4, 0x9ff3c8eb), TOBN(0x2deae432, 0x43491cea), + TOBN(0x2465c6eb, 0x17943794), TOBN(0x5d267e66, 0x20586843), + TOBN(0x9d3d116d, 0xb07159d0), TOBN(0xae07a67f, 0xc1896210), + TOBN(0x8fc84d87, 0xbb961579), TOBN(0x30009e49, 0x1c1f8dd6), + TOBN(0x8a8caf22, 0xe3132819), TOBN(0xcffa197c, 0xf23ab4ff), + TOBN(0x58103a44, 0x205dd687), TOBN(0x57b796c3, 0x0ded67a2), + TOBN(0x0b9c3a6c, 0xa1779ad7), TOBN(0xa33cfe2e, 0x357c09c5), + TOBN(0x2ea29315, 0x3db4a57e), TOBN(0x91959695, 0x8ebeb52e), + TOBN(0x118db9a6, 0xe546c879), TOBN(0x8e996df4, 0x6295c8d6), + TOBN(0xdd990484, 0x55ec806b), TOBN(0x24f291ca, 0x165c1035), + TOBN(0xcca523bb, 0x440e2229), TOBN(0x324673a2, 0x73ef4d04), + TOBN(0xaf3adf34, 0x3e11ec39), TOBN(0x6136d7f1, 0xdc5968d3), + TOBN(0x7a7b2899, 0xb053a927), TOBN(0x3eaa2661, 0xae067ecd), + TOBN(0x8549b9c8, 0x02779cd9), TOBN(0x061d7940, 0xc53385ea), + TOBN(0x3e0ba883, 0xf06d18bd), TOBN(0x4ba6de53, 0xb2700843), + TOBN(0xb966b668, 0x591a9e4d), TOBN(0x93f67567, 0x7f4fa0ed), + TOBN(0x5a02711b, 0x4347237b), TOBN(0xbc041e2f, 0xe794608e), + TOBN(0x55af10f5, 0x70f73d8c), TOBN(0xd2d4d4f7, 0xbb7564f7), + TOBN(0xd7d27a89, 0xb3e93ce7), TOBN(0xf7b5a875, 0x5d3a2c1b), + TOBN(0xb29e68a0, 0x255b218a), TOBN(0xb533837e, 0x8af76754), + TOBN(0xd1b05a73, 0x579fab2e), TOBN(0xb41055a1, 0xecd74385), + TOBN(0xb2369274, 0x445e9115), TOBN(0x2972a7c4, 0xf520274e), + TOBN(0x6c08334e, 0xf678e68a), TOBN(0x4e4160f0, 0x99b057ed), + TOBN(0x3cfe11b8, 0x52ccb69a), TOBN(0x2fd1823a, 0x21c8f772), + TOBN(0xdf7f072f, 0x3298f055), TOBN(0x8c0566f9, 0xfec74a6e), + TOBN(0xe549e019, 0x5bb4d041), TOBN(0x7c3930ba, 0x9208d850), + TOBN(0xe07141fc, 0xaaa2902b), TOBN(0x539ad799, 0xe4f69ad3), + TOBN(0xa6453f94, 0x813f9ffd), TOBN(0xc58d3c48, 0x375bc2f7), + TOBN(0xb3326fad, 0x5dc64e96), TOBN(0x3aafcaa9, 0xb240e354), + TOBN(0x1d1b0903, 0xaca1e7a9), TOBN(0x4ceb9767, 0x1211b8a0), + TOBN(0xeca83e49, 0xe32a858e), TOBN(0x4c32892e, 0xae907bad), + TOBN(0xd5b42ab6, 0x2eb9b494), TOBN(0x7fde3ee2, 0x1eabae1b), + TOBN(0x13b5ab09, 0xcaf54957), TOBN(0xbfb028be, 0xe5f5d5d5), + TOBN(0x928a0650, 0x2003e2c0), TOBN(0x90793aac, 0x67476843), + TOBN(0x5e942e79, 0xc81710a0), TOBN(0x557e4a36, 0x27ccadd4), + TOBN(0x72a2bc56, 0x4bcf6d0c), TOBN(0x09ee5f43, 0x26d7b80c), + TOBN(0x6b70dbe9, 0xd4292f19), TOBN(0x56f74c26, 0x63f16b18), + TOBN(0xc23db0f7, 0x35fbb42a), TOBN(0xb606bdf6, 0x6ae10040), + TOBN(0x1eb15d4d, 0x044573ac), TOBN(0x7dc3cf86, 0x556b0ba4), + TOBN(0x97af9a33, 0xc60df6f7), TOBN(0x0b1ef85c, 0xa716ce8c), + TOBN(0x2922f884, 0xc96958be), TOBN(0x7c32fa94, 0x35690963), + TOBN(0x2d7f667c, 0xeaa00061), TOBN(0xeaaf7c17, 0x3547365c), + TOBN(0x1eb4de46, 0x87032d58), TOBN(0xc54f3d83, 0x5e2c79e0), + TOBN(0x07818df4, 0x5d04ef23), TOBN(0x55faa9c8, 0x673d41b4), + TOBN(0xced64f6f, 0x89b95355), TOBN(0x4860d2ea, 0xb7415c84), + TOBN(0x5fdb9bd2, 0x050ebad3), TOBN(0xdb53e0cc, 0x6685a5bf), + TOBN(0xb830c031, 0x9feb6593), TOBN(0xdd87f310, 0x6accff17), + TOBN(0x2303ebab, 0x9f555c10), TOBN(0x94603695, 0x287e7065), + TOBN(0xf88311c3, 0x2e83358c), TOBN(0x508dd9b4, 0xeefb0178), + TOBN(0x7ca23706, 0x2dba8652), TOBN(0x62aac5a3, 0x0047abe5), + TOBN(0x9a61d2a0, 0x8b1ea7b3), TOBN(0xd495ab63, 0xae8b1485), + TOBN(0x38740f84, 0x87052f99), TOBN(0x178ebe5b, 0xb2974eea), + TOBN(0x030bbcca, 0x5b36d17f), TOBN(0xb5e4cce3, 0xaaf86eea), + TOBN(0xb51a0220, 0x68f8e9e0), TOBN(0xa4348796, 0x09eb3e75), + TOBN(0xbe592309, 0xeef1a752), TOBN(0x5d7162d7, 0x6f2aa1ed), + TOBN(0xaebfb5ed, 0x0f007dd2), TOBN(0x255e14b2, 0xc89edd22), + TOBN(0xba85e072, 0x0303b697), TOBN(0xc5d17e25, 0xf05720ff), + TOBN(0x02b58d6e, 0x5128ebb6), TOBN(0x2c80242d, 0xd754e113), + TOBN(0x919fca5f, 0xabfae1ca), TOBN(0x937afaac, 0x1a21459b), + TOBN(0x9e0ca91c, 0x1f66a4d2), TOBN(0x194cc7f3, 0x23ec1331), + TOBN(0xad25143a, 0x8aa11690), TOBN(0xbe40ad8d, 0x09b59e08), + TOBN(0x37d60d9b, 0xe750860a), TOBN(0x6c53b008, 0xc6bf434c), + TOBN(0xb572415d, 0x1356eb80), TOBN(0xb8bf9da3, 0x9578ded8), + TOBN(0x22658e36, 0x5e8fb38b), TOBN(0x9b70ce22, 0x5af8cb22), + TOBN(0x7c00018a, 0x829a8180), TOBN(0x84329f93, 0xb81ed295), + TOBN(0x7c343ea2, 0x5f3cea83), TOBN(0x38f8655f, 0x67586536), + TOBN(0xa661a0d0, 0x1d3ec517), TOBN(0x98744652, 0x512321ae), + TOBN(0x084ca591, 0xeca92598), TOBN(0xa9bb9dc9, 0x1dcb3feb), + TOBN(0x14c54355, 0x78b4c240), TOBN(0x5ed62a3b, 0x610cafdc), + TOBN(0x07512f37, 0x1b38846b), TOBN(0x571bb70a, 0xb0e38161), + TOBN(0xb556b95b, 0x2da705d2), TOBN(0x3ef8ada6, 0xb1a08f98), + TOBN(0x85302ca7, 0xddecfbe5), TOBN(0x0e530573, 0x943105cd), + TOBN(0x60554d55, 0x21a9255d), TOBN(0x63a32fa1, 0xf2f3802a), + TOBN(0x35c8c5b0, 0xcd477875), TOBN(0x97f458ea, 0x6ad42da1), + TOBN(0x832d7080, 0xeb6b242d), TOBN(0xd30bd023, 0x3b71e246), + TOBN(0x7027991b, 0xbe31139d), TOBN(0x68797e91, 0x462e4e53), + TOBN(0x423fe20a, 0x6b4e185a), TOBN(0x82f2c67e, 0x42d9b707), + TOBN(0x25c81768, 0x4cf7811b), TOBN(0xbd53005e, 0x045bb95d), + }, + { + TOBN(0xe5f649be, 0x9d8e68fd), TOBN(0xdb0f0533, 0x1b044320), + TOBN(0xf6fde9b3, 0xe0c33398), TOBN(0x92f4209b, 0x66c8cfae), + TOBN(0xe9d1afcc, 0x1a739d4b), TOBN(0x09aea75f, 0xa28ab8de), + TOBN(0x14375fb5, 0xeac6f1d0), TOBN(0x6420b560, 0x708f7aa5), + TOBN(0x9eae499c, 0x6254dc41), TOBN(0x7e293924, 0x7a837e7e), + TOBN(0x74aec08c, 0x090524a7), TOBN(0xf82b9219, 0x8d6f55f2), + TOBN(0x493c962e, 0x1402cec5), TOBN(0x9f17ca17, 0xfa2f30e7), + TOBN(0xbcd783e8, 0xe9b879cb), TOBN(0xea3d8c14, 0x5a6f145f), + TOBN(0xdede15e7, 0x5e0dee6e), TOBN(0x74f24872, 0xdc628aa2), + TOBN(0xd3e9c4fe, 0x7861bb93), TOBN(0x56d4822a, 0x6187b2e0), + TOBN(0xb66417cf, 0xc59826f9), TOBN(0xca260969, 0x2408169e), + TOBN(0xedf69d06, 0xc79ef885), TOBN(0x00031f8a, 0xdc7d138f), + TOBN(0x103c46e6, 0x0ebcf726), TOBN(0x4482b831, 0x6231470e), + TOBN(0x6f6dfaca, 0x487c2109), TOBN(0x2e0ace97, 0x62e666ef), + TOBN(0x3246a9d3, 0x1f8d1f42), TOBN(0x1b1e83f1, 0x574944d2), + TOBN(0x13dfa63a, 0xa57f334b), TOBN(0x0cf8daed, 0x9f025d81), + TOBN(0x30d78ea8, 0x00ee11c1), TOBN(0xeb053cd4, 0xb5e3dd75), + TOBN(0x9b65b13e, 0xd58c43c5), TOBN(0xc3ad49bd, 0xbd151663), + TOBN(0x99fd8e41, 0xb6427990), TOBN(0x12cf15bd, 0x707eae1e), + TOBN(0x29ad4f1b, 0x1aabb71e), TOBN(0x5143e74d, 0x07545d0e), + TOBN(0x30266336, 0xc88bdee1), TOBN(0x25f29306, 0x5876767c), + TOBN(0x9c078571, 0xc6731996), TOBN(0xc88690b2, 0xed552951), + TOBN(0x274f2c2d, 0x852705b4), TOBN(0xb0bf8d44, 0x4e09552d), + TOBN(0x7628beeb, 0x986575d1), TOBN(0x407be238, 0x7f864651), + TOBN(0x0e5e3049, 0xa639fc6b), TOBN(0xe75c35d9, 0x86003625), + TOBN(0x0cf35bd8, 0x5dcc1646), TOBN(0x8bcaced2, 0x6c26273a), + TOBN(0xe22ecf1d, 0xb5536742), TOBN(0x013dd897, 0x1a9e068b), + TOBN(0x17f411cb, 0x8a7909c5), TOBN(0x5757ac98, 0x861dd506), + TOBN(0x85de1f0d, 0x1e935abb), TOBN(0xdefd10b4, 0x154de37a), + TOBN(0xb8d9e392, 0x369cebb5), TOBN(0x54d5ef9b, 0x761324be), + TOBN(0x4d6341ba, 0x74f17e26), TOBN(0xc0a0e3c8, 0x78c1dde4), + TOBN(0xa6d77581, 0x87d918fd), TOBN(0x66876015, 0x02ca3a13), + TOBN(0xc7313e9c, 0xf36658f0), TOBN(0xc433ef1c, 0x71f8057e), + TOBN(0x85326246, 0x1b6a835a), TOBN(0xc8f05398, 0x7c86394c), + TOBN(0xff398cdf, 0xe983c4a1), TOBN(0xbf5e8162, 0x03b7b931), + TOBN(0x93193c46, 0xb7b9045b), TOBN(0x1e4ebf5d, 0xa4a6e46b), + TOBN(0xf9942a60, 0x43a24fe7), TOBN(0x29c1191e, 0xffb3492b), + TOBN(0x9f662449, 0x902fde05), TOBN(0xc792a7ac, 0x6713c32d), + TOBN(0x2fd88ad8, 0xb737982c), TOBN(0x7e3a0319, 0xa21e60e3), + TOBN(0x09b0de44, 0x7383591a), TOBN(0x6df141ee, 0x8310a456), + TOBN(0xaec1a039, 0xe6d6f471), TOBN(0x14b2ba0f, 0x1198d12e), + TOBN(0xebc1a160, 0x3aeee5ac), TOBN(0x401f4836, 0xe0b964ce), + TOBN(0x2ee43796, 0x4fd03f66), TOBN(0x3fdb4e49, 0xdd8f3f12), + TOBN(0x6ef267f6, 0x29380f18), TOBN(0x3e8e9670, 0x8da64d16), + TOBN(0xbc19180c, 0x207674f1), TOBN(0x112e09a7, 0x33ae8fdb), + TOBN(0x99667554, 0x6aaeb71e), TOBN(0x79432af1, 0xe101b1c7), + TOBN(0xd5eb558f, 0xde2ddec6), TOBN(0x81392d1f, 0x5357753f), + TOBN(0xa7a76b97, 0x3ae1158a), TOBN(0x416fbbff, 0x4a899991), + TOBN(0x9e65fdfd, 0x0d4a9dcf), TOBN(0x7bc29e48, 0x944ddf12), + TOBN(0xbc1a92d9, 0x3c856866), TOBN(0x273c6905, 0x6e98dfe2), + TOBN(0x69fce418, 0xcdfaa6b8), TOBN(0x606bd823, 0x5061c69f), + TOBN(0x42d495a0, 0x6af75e27), TOBN(0x8ed3d505, 0x6d873a1f), + TOBN(0xaf552841, 0x6ab25b6a), TOBN(0xc6c0ffc7, 0x2b1a4523), + TOBN(0xab18827b, 0x21c99e03), TOBN(0x060e8648, 0x9034691b), + TOBN(0x5207f90f, 0x93c7f398), TOBN(0x9f4a96cb, 0x82f8d10b), + TOBN(0xdd71cd79, 0x3ad0f9e3), TOBN(0x84f435d2, 0xfc3a54f5), + TOBN(0x4b03c55b, 0x8e33787f), TOBN(0xef42f975, 0xa6384673), + TOBN(0xff7304f7, 0x5051b9f0), TOBN(0x18aca1dc, 0x741c87c2), + TOBN(0x56f120a7, 0x2d4bfe80), TOBN(0xfd823b3d, 0x053e732c), + TOBN(0x11bccfe4, 0x7537ca16), TOBN(0xdf6c9c74, 0x1b5a996b), + TOBN(0xee7332c7, 0x904fc3fa), TOBN(0x14a23f45, 0xc7e3636a), + TOBN(0xc38659c3, 0xf091d9aa), TOBN(0x4a995e5d, 0xb12d8540), + TOBN(0x20a53bec, 0xf3a5598a), TOBN(0x56534b17, 0xb1eaa995), + TOBN(0x9ed3dca4, 0xbf04e03c), TOBN(0x716c563a, 0xd8d56268), + TOBN(0x27ba77a4, 0x1d6178e7), TOBN(0xe4c80c40, 0x68a1ff8e), + TOBN(0x75011099, 0x0a13f63d), TOBN(0x7bf33521, 0xa61d46f3), + TOBN(0x0aff218e, 0x10b365bb), TOBN(0x81021804, 0x0fd7ea75), + TOBN(0x05a3fd8a, 0xa4b3a925), TOBN(0xb829e75f, 0x9b3db4e6), + TOBN(0x6bdc75a5, 0x4d53e5fb), TOBN(0x04a5dc02, 0xd52717e3), + TOBN(0x86af502f, 0xe9a42ec2), TOBN(0x8867e8fb, 0x2630e382), + TOBN(0xbf845c6e, 0xbec9889b), TOBN(0x54f491f2, 0xcb47c98d), + TOBN(0xa3091fba, 0x790c2a12), TOBN(0xd7f6fd78, 0xc20f708b), + TOBN(0xa569ac30, 0xacde5e17), TOBN(0xd0f996d0, 0x6852b4d7), + TOBN(0xe51d4bb5, 0x4609ae54), TOBN(0x3fa37d17, 0x0daed061), + TOBN(0x62a88684, 0x34b8fb41), TOBN(0x99a2acbd, 0x9efb64f1), + TOBN(0xb75c1a5e, 0x6448e1f2), TOBN(0xfa99951a, 0x42b5a069), + TOBN(0x6d956e89, 0x2f3b26e7), TOBN(0xf4709860, 0xda875247), + TOBN(0x3ad15179, 0x2482dda3), TOBN(0xd64110e3, 0x017d82f0), + TOBN(0x14928d2c, 0xfad414e4), TOBN(0x2b155f58, 0x2ed02b24), + TOBN(0x481a141b, 0xcb821bf1), TOBN(0x12e3c770, 0x4f81f5da), + TOBN(0xe49c5de5, 0x9fff8381), TOBN(0x11053232, 0x5bbec894), + TOBN(0xa0d051cc, 0x454d88c4), TOBN(0x4f6db89c, 0x1f8e531b), + TOBN(0x34fe3fd6, 0xca563a44), TOBN(0x7f5c2215, 0x58da8ab9), + TOBN(0x8445016d, 0x9474f0a1), TOBN(0x17d34d61, 0xcb7d8a0a), + TOBN(0x8e9d3910, 0x1c474019), TOBN(0xcaff2629, 0xd52ceefb), + TOBN(0xf9cf3e32, 0xc1622c2b), TOBN(0xd4b95e3c, 0xe9071a05), + TOBN(0xfbbca61f, 0x1594438c), TOBN(0x1eb6e6a6, 0x04aadedf), + TOBN(0x853027f4, 0x68e14940), TOBN(0x221d322a, 0xdfabda9c), + TOBN(0xed8ea9f6, 0xb7cb179a), TOBN(0xdc7b764d, 0xb7934dcc), + TOBN(0xfcb13940, 0x5e09180d), TOBN(0x6629a6bf, 0xb47dc2dd), + TOBN(0xbfc55e4e, 0x9f5a915e), TOBN(0xb1db9d37, 0x6204441e), + TOBN(0xf82d68cf, 0x930c5f53), TOBN(0x17d3a142, 0xcbb605b1), + TOBN(0xdd5944ea, 0x308780f2), TOBN(0xdc8de761, 0x3845f5e4), + TOBN(0x6beaba7d, 0x7624d7a3), TOBN(0x1e709afd, 0x304df11e), + TOBN(0x95364376, 0x02170456), TOBN(0xbf204b3a, 0xc8f94b64), + TOBN(0x4e53af7c, 0x5680ca68), TOBN(0x0526074a, 0xe0c67574), + TOBN(0x95d8cef8, 0xecd92af6), TOBN(0xe6b9fa7a, 0x6cd1745a), + TOBN(0x3d546d3d, 0xa325c3e4), TOBN(0x1f57691d, 0x9ae93aae), + TOBN(0xe891f3fe, 0x9d2e1a33), TOBN(0xd430093f, 0xac063d35), + TOBN(0xeda59b12, 0x5513a327), TOBN(0xdc2134f3, 0x5536f18f), + TOBN(0xaa51fe2c, 0x5c210286), TOBN(0x3f68aaee, 0x1cab658c), + TOBN(0x5a23a00b, 0xf9357292), TOBN(0x9a626f39, 0x7efdabed), + TOBN(0xfe2b3bf3, 0x199d78e3), TOBN(0xb7a2af77, 0x71bbc345), + TOBN(0x3d19827a, 0x1e59802c), TOBN(0x823bbc15, 0xb487a51c), + TOBN(0x856139f2, 0x99d0a422), TOBN(0x9ac3df65, 0xf456c6fb), + TOBN(0xaddf65c6, 0x701f8bd6), TOBN(0x149f321e, 0x3758df87), + TOBN(0xb1ecf714, 0x721b7eba), TOBN(0xe17df098, 0x31a3312a), + TOBN(0xdb2fd6ec, 0xd5c4d581), TOBN(0xfd02996f, 0x8fcea1b3), + TOBN(0xe29fa63e, 0x7882f14f), TOBN(0xc9f6dc35, 0x07c6cadc), + TOBN(0x46f22d6f, 0xb882bed0), TOBN(0x1a45755b, 0xd118e52c), + TOBN(0x9f2c7c27, 0x7c4608cf), TOBN(0x7ccbdf32, 0x568012c2), + TOBN(0xfcb0aedd, 0x61729b0e), TOBN(0x7ca2ca9e, 0xf7d75dbf), + TOBN(0xf58fecb1, 0x6f640f62), TOBN(0xe274b92b, 0x39f51946), + TOBN(0x7f4dfc04, 0x6288af44), TOBN(0x0a91f32a, 0xeac329e5), + TOBN(0x43ad274b, 0xd6aaba31), TOBN(0x719a1640, 0x0f6884f9), + TOBN(0x685d29f6, 0xdaf91e20), TOBN(0x5ec1cc33, 0x27e49d52), + TOBN(0x38f4de96, 0x3b54a059), TOBN(0x0e0015e5, 0xefbcfdb3), + TOBN(0x177d23d9, 0x4dbb8da6), TOBN(0x98724aa2, 0x97a617ad), + TOBN(0x30f0885b, 0xfdb6558e), TOBN(0xf9f7a28a, 0xc7899a96), + TOBN(0xd2ae8ac8, 0x872dc112), TOBN(0xfa0642ca, 0x73c3c459), + TOBN(0x15296981, 0xe7dfc8d6), TOBN(0x67cd4450, 0x1fb5b94a), + TOBN(0x0ec71cf1, 0x0eddfd37), TOBN(0xc7e5eeb3, 0x9a8eddc7), + TOBN(0x02ac8e3d, 0x81d95028), TOBN(0x0088f172, 0x70b0e35d), + TOBN(0xec041fab, 0xe1881fe3), TOBN(0x62cf71b8, 0xd99e7faa), + TOBN(0x5043dea7, 0xe0f222c2), TOBN(0x309d42ac, 0x72e65142), + TOBN(0x94fe9ddd, 0x9216cd30), TOBN(0xd6539c7d, 0x0f87feec), + TOBN(0x03c5a57c, 0x432ac7d7), TOBN(0x72692cf0, 0x327fda10), + TOBN(0xec28c85f, 0x280698de), TOBN(0x2331fb46, 0x7ec283b1), + TOBN(0xd34bfa32, 0x2867e633), TOBN(0x78709a82, 0x0a9cc815), + TOBN(0xb7fe6964, 0x875e2fa5), TOBN(0x25cc064f, 0x9e98bfb5), + TOBN(0x9eb0151c, 0x493a65c5), TOBN(0x5fb5d941, 0x53182464), + TOBN(0x69e6f130, 0xf04618e2), TOBN(0xa8ecec22, 0xf89c8ab6), + TOBN(0xcd6ac88b, 0xb96209bd), TOBN(0x65fa8cdb, 0xb3e1c9e0), + TOBN(0xa47d22f5, 0x4a8d8eac), TOBN(0x83895cdf, 0x8d33f963), + TOBN(0xa8adca59, 0xb56cd3d1), TOBN(0x10c8350b, 0xdaf38232), + TOBN(0x2b161fb3, 0xa5080a9f), TOBN(0xbe7f5c64, 0x3af65b3a), + TOBN(0x2c754039, 0x97403a11), TOBN(0x94626cf7, 0x121b96af), + TOBN(0x431de7c4, 0x6a983ec2), TOBN(0x3780dd3a, 0x52cc3df7), + TOBN(0xe28a0e46, 0x2baf8e3b), TOBN(0xabe68aad, 0x51d299ae), + TOBN(0x603eb8f9, 0x647a2408), TOBN(0x14c61ed6, 0x5c750981), + TOBN(0x88b34414, 0xc53352e7), TOBN(0x5a34889c, 0x1337d46e), + TOBN(0x612c1560, 0xf95f2bc8), TOBN(0x8a3f8441, 0xd4807a3a), + TOBN(0x680d9e97, 0x5224da68), TOBN(0x60cd6e88, 0xc3eb00e9), + TOBN(0x3875a98e, 0x9a6bc375), TOBN(0xdc80f924, 0x4fd554c2), + TOBN(0x6c4b3415, 0x6ac77407), TOBN(0xa1e5ea8f, 0x25420681), + TOBN(0x541bfa14, 0x4607a458), TOBN(0x5dbc7e7a, 0x96d7fbf9), + TOBN(0x646a851b, 0x31590a47), TOBN(0x039e85ba, 0x15ee6df8), + TOBN(0xd19fa231, 0xd7b43fc0), TOBN(0x84bc8be8, 0x299a0e04), + TOBN(0x2b9d2936, 0xf20df03a), TOBN(0x24054382, 0x8608d472), + TOBN(0x76b6ba04, 0x9149202a), TOBN(0xb21c3831, 0x3670e7b7), + TOBN(0xddd93059, 0xd6fdee10), TOBN(0x9da47ad3, 0x78488e71), + TOBN(0x99cc1dfd, 0xa0fcfb25), TOBN(0x42abde10, 0x64696954), + TOBN(0x14cc15fc, 0x17eab9fe), TOBN(0xd6e863e4, 0xd3e70972), + TOBN(0x29a7765c, 0x6432112c), TOBN(0x88660001, 0x5b0774d8), + TOBN(0x3729175a, 0x2c088eae), TOBN(0x13afbcae, 0x8230b8d4), + TOBN(0x44768151, 0x915f4379), TOBN(0xf086431a, 0xd8d22812), + TOBN(0x37461955, 0xc298b974), TOBN(0x905fb5f0, 0xf8711e04), + TOBN(0x787abf3a, 0xfe969d18), TOBN(0x392167c2, 0x6f6a494e), + TOBN(0xfc7a0d2d, 0x28c511da), TOBN(0xf127c7dc, 0xb66a262d), + TOBN(0xf9c4bb95, 0xfd63fdf0), TOBN(0x90016589, 0x3913ef46), + TOBN(0x74d2a73c, 0x11aa600d), TOBN(0x2f5379bd, 0x9fb5ab52), + TOBN(0xe49e53a4, 0x7fb70068), TOBN(0x68dd39e5, 0x404aa9a7), + TOBN(0xb9b0cf57, 0x2ecaa9c3), TOBN(0xba0e103b, 0xe824826b), + TOBN(0x60c2198b, 0x4631a3c4), TOBN(0xc5ff84ab, 0xfa8966a2), + TOBN(0x2d6ebe22, 0xac95aff8), TOBN(0x1c9bb6db, 0xb5a46d09), + TOBN(0x419062da, 0x53ee4f8d), TOBN(0x7b9042d0, 0xbb97efef), + TOBN(0x0f87f080, 0x830cf6bd), TOBN(0x4861d19a, 0x6ec8a6c6), + TOBN(0xd3a0daa1, 0x202f01aa), TOBN(0xb0111674, 0xf25afbd5), + TOBN(0x6d00d6cf, 0x1afb20d9), TOBN(0x13695000, 0x40671bc5), + TOBN(0x913ab0dc, 0x2485ea9b), TOBN(0x1f2bed06, 0x9eef61ac), + TOBN(0x850c8217, 0x6d799e20), TOBN(0x93415f37, 0x3271c2de), + TOBN(0x5afb06e9, 0x6c4f5910), TOBN(0x688a52df, 0xc4e9e421), + TOBN(0x30495ba3, 0xe2a9a6db), TOBN(0x4601303d, 0x58f9268b), + TOBN(0xbe3b0dad, 0x7eb0f04f), TOBN(0x4ea47250, 0x4456936d), + TOBN(0x8caf8798, 0xd33fd3e7), TOBN(0x1ccd8a89, 0xeb433708), + TOBN(0x9effe3e8, 0x87fd50ad), TOBN(0xbe240a56, 0x6b29c4df), + TOBN(0xec4ffd98, 0xca0e7ebd), TOBN(0xf586783a, 0xe748616e), + TOBN(0xa5b00d8f, 0xc77baa99), TOBN(0x0acada29, 0xb4f34c9c), + TOBN(0x36dad67d, 0x0fe723ac), TOBN(0x1d8e53a5, 0x39c36c1e), + TOBN(0xe4dd342d, 0x1f4bea41), TOBN(0x64fd5e35, 0xebc9e4e0), + TOBN(0x96f01f90, 0x57908805), TOBN(0xb5b9ea3d, 0x5ed480dd), + TOBN(0x366c5dc2, 0x3efd2dd0), TOBN(0xed2fe305, 0x6e9dfa27), + TOBN(0x4575e892, 0x6e9197e2), TOBN(0x11719c09, 0xab502a5d), + TOBN(0x264c7bec, 0xe81f213f), TOBN(0x741b9241, 0x55f5c457), + TOBN(0x78ac7b68, 0x49a5f4f4), TOBN(0xf91d70a2, 0x9fc45b7d), + TOBN(0x39b05544, 0xb0f5f355), TOBN(0x11f06bce, 0xeef930d9), + TOBN(0xdb84d25d, 0x038d05e1), TOBN(0x04838ee5, 0xbacc1d51), + TOBN(0x9da3ce86, 0x9e8ee00b), TOBN(0xc3412057, 0xc36eda1f), + TOBN(0xae80b913, 0x64d9c2f4), TOBN(0x7468bac3, 0xa010a8ff), + TOBN(0xdfd20037, 0x37359d41), TOBN(0x1a0f5ab8, 0x15efeacc), + TOBN(0x7c25ad2f, 0x659d0ce0), TOBN(0x4011bcbb, 0x6785cff1), + TOBN(0x128b9912, 0x7e2192c7), TOBN(0xa549d8e1, 0x13ccb0e8), + TOBN(0x805588d8, 0xc85438b1), TOBN(0x5680332d, 0xbc25cb27), + TOBN(0xdcd1bc96, 0x1a4bfdf4), TOBN(0x779ff428, 0x706f6566), + TOBN(0x8bbee998, 0xf059987a), TOBN(0xf6ce8cf2, 0xcc686de7), + TOBN(0xf8ad3c4a, 0x953cfdb2), TOBN(0xd1d426d9, 0x2205da36), + TOBN(0xb3c0f13f, 0xc781a241), TOBN(0x3e89360e, 0xd75362a8), + TOBN(0xccd05863, 0xc8a91184), TOBN(0x9bd0c9b7, 0xefa8a7f4), + TOBN(0x97ee4d53, 0x8a912a4b), TOBN(0xde5e15f8, 0xbcf518fd), + TOBN(0x6a055bf8, 0xc467e1e0), TOBN(0x10be4b4b, 0x1587e256), + TOBN(0xd90c14f2, 0x668621c9), TOBN(0xd5518f51, 0xab9c92c1), + TOBN(0x8e6a0100, 0xd6d47b3c), TOBN(0xcbe980dd, 0x66716175), + TOBN(0x500d3f10, 0xddd83683), TOBN(0x3b6cb35d, 0x99cac73c), + TOBN(0x53730c8b, 0x6083d550), TOBN(0xcf159767, 0xdf0a1987), + TOBN(0x84bfcf53, 0x43ad73b3), TOBN(0x1b528c20, 0x4f035a94), + TOBN(0x4294edf7, 0x33eeac69), TOBN(0xb6283e83, 0x817f3240), + TOBN(0xc3fdc959, 0x0a5f25b1), TOBN(0xefaf8aa5, 0x5844ee22), + TOBN(0xde269ba5, 0xdbdde4de), TOBN(0xe3347160, 0xc56133bf), + TOBN(0xc1184219, 0x8d9ea9f8), TOBN(0x090de5db, 0xf3fc1ab5), + TOBN(0x404c37b1, 0x0bf22cda), TOBN(0x7de20ec8, 0xf5618894), + TOBN(0x754c588e, 0xecdaecab), TOBN(0x6ca4b0ed, 0x88342743), + TOBN(0x76f08bdd, 0xf4a938ec), TOBN(0xd182de89, 0x91493ccb), + TOBN(0xd652c53e, 0xc8a4186a), TOBN(0xb3e878db, 0x946d8e33), + TOBN(0x088453c0, 0x5f37663c), TOBN(0x5cd9daaa, 0xb407748b), + TOBN(0xa1f5197f, 0x586d5e72), TOBN(0x47500be8, 0xc443ca59), + TOBN(0x78ef35b2, 0xe2652424), TOBN(0x09c5d26f, 0x6dd7767d), + TOBN(0x7175a79a, 0xa74d3f7b), TOBN(0x0428fd8d, 0xcf5ea459), + TOBN(0x511cb97c, 0xa5d1746d), TOBN(0x36363939, 0xe71d1278), + TOBN(0xcf2df955, 0x10350bf4), TOBN(0xb3817439, 0x60aae782), + TOBN(0xa748c0e4, 0x3e688809), TOBN(0x98021fbf, 0xd7a5a006), + TOBN(0x9076a70c, 0x0e367a98), TOBN(0xbea1bc15, 0x0f62b7c2), + TOBN(0x2645a68c, 0x30fe0343), TOBN(0xacaffa78, 0x699dc14f), + TOBN(0xf4469964, 0x457bf9c4), TOBN(0x0db6407b, 0x0d2ead83), + TOBN(0x68d56cad, 0xb2c6f3eb), TOBN(0x3b512e73, 0xf376356c), + TOBN(0xe43b0e1f, 0xfce10408), TOBN(0x89ddc003, 0x5a5e257d), + TOBN(0xb0ae0d12, 0x0362e5b3), TOBN(0x07f983c7, 0xb0519161), + TOBN(0xc2e94d15, 0x5d5231e7), TOBN(0xcff22aed, 0x0b4f9513), + TOBN(0xb02588dd, 0x6ad0b0b5), TOBN(0xb967d1ac, 0x11d0dcd5), + TOBN(0x8dac6bc6, 0xcf777b6c), TOBN(0x0062bdbd, 0x4c6d1959), + TOBN(0x53da71b5, 0x0ef5cc85), TOBN(0x07012c7d, 0x4006f14f), + TOBN(0x4617f962, 0xac47800d), TOBN(0x53365f2b, 0xc102ed75), + TOBN(0xb422efcb, 0x4ab8c9d3), TOBN(0x195cb26b, 0x34af31c9), + TOBN(0x3a926e29, 0x05f2c4ce), TOBN(0xbd2bdecb, 0x9856966c), + TOBN(0x5d16ab3a, 0x85527015), TOBN(0x9f81609e, 0x4486c231), + TOBN(0xd8b96b2c, 0xda350002), TOBN(0xbd054690, 0xfa1b7d36), + TOBN(0xdc90ebf5, 0xe71d79bc), TOBN(0xf241b6f9, 0x08964e4e), + TOBN(0x7c838643, 0x2fe3cd4c), TOBN(0xe0f33acb, 0xb4bc633c), + TOBN(0xb4a9ecec, 0x3d139f1f), TOBN(0x05ce69cd, 0xdc4a1f49), + TOBN(0xa19d1b16, 0xf5f98aaf), TOBN(0x45bb71d6, 0x6f23e0ef), + TOBN(0x33789fcd, 0x46cdfdd3), TOBN(0x9b8e2978, 0xcee040ca), + TOBN(0x9c69b246, 0xae0a6828), TOBN(0xba533d24, 0x7078d5aa), + TOBN(0x7a2e42c0, 0x7bb4fbdb), TOBN(0xcfb4879a, 0x7035385c), + TOBN(0x8c3dd30b, 0x3281705b), TOBN(0x7e361c6c, 0x404fe081), + TOBN(0x7b21649c, 0x3f604edf), TOBN(0x5dbf6a3f, 0xe52ffe47), + TOBN(0xc41b7c23, 0x4b54d9bf), TOBN(0x1374e681, 0x3511c3d9), + TOBN(0x1863bf16, 0xc1b2b758), TOBN(0x90e78507, 0x1e9e6a96), + TOBN(0xab4bf98d, 0x5d86f174), TOBN(0xd74e0bd3, 0x85e96fe4), + TOBN(0x8afde39f, 0xcac5d344), TOBN(0x90946dbc, 0xbd91b847), + TOBN(0xf5b42358, 0xfe1a838c), TOBN(0x05aae6c5, 0x620ac9d8), + TOBN(0x8e193bd8, 0xa1ce5a0b), TOBN(0x8f710571, 0x4dabfd72), + TOBN(0x8d8fdd48, 0x182caaac), TOBN(0x8c4aeefa, 0x040745cf), + TOBN(0x73c6c30a, 0xf3b93e6d), TOBN(0x991241f3, 0x16f42011), + TOBN(0xa0158eea, 0xe457a477), TOBN(0xd19857db, 0xee6ddc05), + TOBN(0xb3265224, 0x18c41671), TOBN(0x3ffdfc7e, 0x3c2c0d58), + TOBN(0x3a3a5254, 0x26ee7cda), TOBN(0x341b0869, 0xdf02c3a8), + TOBN(0xa023bf42, 0x723bbfc8), TOBN(0x3d15002a, 0x14452691), + }, + { + TOBN(0x5ef7324c, 0x85edfa30), TOBN(0x25976554, 0x87d4f3da), + TOBN(0x352f5bc0, 0xdcb50c86), TOBN(0x8f6927b0, 0x4832a96c), + TOBN(0xd08ee1ba, 0x55f2f94c), TOBN(0x6a996f99, 0x344b45fa), + TOBN(0xe133cb8d, 0xa8aa455d), TOBN(0x5d0721ec, 0x758dc1f7), + TOBN(0x6ba7a920, 0x79e5fb67), TOBN(0xe1331feb, 0x70aa725e), + TOBN(0x5080ccf5, 0x7df5d837), TOBN(0xe4cae01d, 0x7ff72e21), + TOBN(0xd9243ee6, 0x0412a77d), TOBN(0x06ff7cac, 0xdf449025), + TOBN(0xbe75f7cd, 0x23ef5a31), TOBN(0xbc957822, 0x0ddef7a8), + TOBN(0x8cf7230c, 0xb0ce1c55), TOBN(0x5b534d05, 0x0bbfb607), + TOBN(0xee1ef113, 0x0e16363b), TOBN(0x27e0aa7a, 0xb4999e82), + TOBN(0xce1dac2d, 0x79362c41), TOBN(0x67920c90, 0x91bb6cb0), + TOBN(0x1e648d63, 0x2223df24), TOBN(0x0f7d9eef, 0xe32e8f28), + TOBN(0x6943f39a, 0xfa833834), TOBN(0x22951722, 0xa6328562), + TOBN(0x81d63dd5, 0x4170fc10), TOBN(0x9f5fa58f, 0xaecc2e6d), + TOBN(0xb66c8725, 0xe77d9a3b), TOBN(0x11235cea, 0x6384ebe0), + TOBN(0x06a8c118, 0x5845e24a), TOBN(0x0137b286, 0xebd093b1), + TOBN(0xc589e1ce, 0x44ace150), TOBN(0xe0f8d3d9, 0x4381e97c), + TOBN(0x59e99b11, 0x62c5a4b8), TOBN(0x90d262f7, 0xfd0ec9f9), + TOBN(0xfbc854c9, 0x283e13c9), TOBN(0x2d04fde7, 0xaedc7085), + TOBN(0x057d7765, 0x47dcbecb), TOBN(0x8dbdf591, 0x9a76fa5f), + TOBN(0xd0150695, 0x0de1e578), TOBN(0x2e1463e7, 0xe9f72bc6), + TOBN(0xffa68441, 0x1b39eca5), TOBN(0x673c8530, 0x7c037f2f), + TOBN(0xd0d6a600, 0x747f91da), TOBN(0xb08d43e1, 0xc9cb78e9), + TOBN(0x0fc0c644, 0x27b5cef5), TOBN(0x5c1d160a, 0xa60a2fd6), + TOBN(0xf98cae53, 0x28c8e13b), TOBN(0x375f10c4, 0xb2eddcd1), + TOBN(0xd4eb8b7f, 0x5cce06ad), TOBN(0xb4669f45, 0x80a2e1ef), + TOBN(0xd593f9d0, 0x5bbd8699), TOBN(0x5528a4c9, 0xe7976d13), + TOBN(0x3923e095, 0x1c7e28d3), TOBN(0xb9293790, 0x3f6bb577), + TOBN(0xdb567d6a, 0xc42bd6d2), TOBN(0x6df86468, 0xbb1f96ae), + TOBN(0x0efe5b1a, 0x4843b28e), TOBN(0x961bbb05, 0x6379b240), + TOBN(0xb6caf5f0, 0x70a6a26b), TOBN(0x70686c0d, 0x328e6e39), + TOBN(0x80da06cf, 0x895fc8d3), TOBN(0x804d8810, 0xb363fdc9), + TOBN(0xbe22877b, 0x207f1670), TOBN(0x9b0dd188, 0x4e615291), + TOBN(0x625ae8dc, 0x97a3c2bf), TOBN(0x08584ef7, 0x439b86e8), + TOBN(0xde7190a5, 0xdcd898ff), TOBN(0x26286c40, 0x2058ee3d), + TOBN(0x3db0b217, 0x5f87b1c1), TOBN(0xcc334771, 0x102a6db5), + TOBN(0xd99de954, 0x2f770fb1), TOBN(0x97c1c620, 0x4cd7535e), + TOBN(0xd3b6c448, 0x3f09cefc), TOBN(0xd725af15, 0x5a63b4f8), + TOBN(0x0c95d24f, 0xc01e20ec), TOBN(0xdfd37494, 0x9ae7121f), + TOBN(0x7d6ddb72, 0xec77b7ec), TOBN(0xfe079d3b, 0x0353a4ae), + TOBN(0x3066e70a, 0x2e6ac8d2), TOBN(0x9c6b5a43, 0x106e5c05), + TOBN(0x52d3c6f5, 0xede59b8c), TOBN(0x30d6a5c3, 0xfccec9ae), + TOBN(0xedec7c22, 0x4fc0a9ef), TOBN(0x190ff083, 0x95c16ced), + TOBN(0xbe12ec8f, 0x94de0fde), TOBN(0x0d131ab8, 0x852d3433), + TOBN(0x42ace07e, 0x85701291), TOBN(0x94793ed9, 0x194061a8), + TOBN(0x30e83ed6, 0xd7f4a485), TOBN(0x9eec7269, 0xf9eeff4d), + TOBN(0x90acba59, 0x0c9d8005), TOBN(0x5feca458, 0x1e79b9d1), + TOBN(0x8fbe5427, 0x1d506a1e), TOBN(0xa32b2c8e, 0x2439cfa7), + TOBN(0x1671c173, 0x73dd0b4e), TOBN(0x37a28214, 0x44a054c6), + TOBN(0x81760a1b, 0x4e8b53f1), TOBN(0xa6c04224, 0xf9f93b9e), + TOBN(0x18784b34, 0xcf671e3c), TOBN(0x81bbecd2, 0xcda9b994), + TOBN(0x38831979, 0xb2ab3848), TOBN(0xef54feb7, 0xf2e03c2d), + TOBN(0xcf197ca7, 0xfb8088fa), TOBN(0x01427247, 0x4ddc96c5), + TOBN(0xa2d2550a, 0x30777176), TOBN(0x53469898, 0x4d0cf71d), + TOBN(0x6ce937b8, 0x3a2aaac6), TOBN(0xe9f91dc3, 0x5af38d9b), + TOBN(0x2598ad83, 0xc8bf2899), TOBN(0x8e706ac9, 0xb5536c16), + TOBN(0x40dc7495, 0xf688dc98), TOBN(0x26490cd7, 0x124c4afc), + TOBN(0xe651ec84, 0x1f18775c), TOBN(0x393ea6c3, 0xb4fdaf4a), + TOBN(0x1e1f3343, 0x7f338e0d), TOBN(0x39fb832b, 0x6053e7b5), + TOBN(0x46e702da, 0x619e14d5), TOBN(0x859cacd1, 0xcdeef6e0), + TOBN(0x63b99ce7, 0x4462007d), TOBN(0xb8ab48a5, 0x4cb5f5b7), + TOBN(0x9ec673d2, 0xf55edde7), TOBN(0xd1567f74, 0x8cfaefda), + TOBN(0x46381b6b, 0x0887bcec), TOBN(0x694497ce, 0xe178f3c2), + TOBN(0x5e6525e3, 0x1e6266cb), TOBN(0x5931de26, 0x697d6413), + TOBN(0x87f8df7c, 0x0e58d493), TOBN(0xb1ae5ed0, 0x58b73f12), + TOBN(0xc368f784, 0xdea0c34d), TOBN(0x9bd0a120, 0x859a91a0), + TOBN(0xb00d88b7, 0xcc863c68), TOBN(0x3a1cc11e, 0x3d1f4d65), + TOBN(0xea38e0e7, 0x0aa85593), TOBN(0x37f13e98, 0x7dc4aee8), + TOBN(0x10d38667, 0xbc947bad), TOBN(0x738e07ce, 0x2a36ee2e), + TOBN(0xc93470cd, 0xc577fcac), TOBN(0xdee1b616, 0x2782470d), + TOBN(0x36a25e67, 0x2e793d12), TOBN(0xd6aa6cae, 0xe0f186da), + TOBN(0x474d0fd9, 0x80e07af7), TOBN(0xf7cdc47d, 0xba8a5cd4), + TOBN(0x28af6d9d, 0xab15247f), TOBN(0x7c789c10, 0x493a537f), + TOBN(0x7ac9b110, 0x23a334e7), TOBN(0x0236ac09, 0x12c9c277), + TOBN(0xa7e5bd25, 0x1d7a5144), TOBN(0x098b9c2a, 0xf13ec4ec), + TOBN(0x3639daca, 0xd3f0abca), TOBN(0x642da81a, 0xa23960f9), + TOBN(0x7d2e5c05, 0x4f7269b1), TOBN(0xfcf30777, 0xe287c385), + TOBN(0x10edc84f, 0xf2a46f21), TOBN(0x35441757, 0x4f43fa36), + TOBN(0xf1327899, 0xfd703431), TOBN(0xa438d7a6, 0x16dd587a), + TOBN(0x65c34c57, 0xe9c8352d), TOBN(0xa728edab, 0x5cc5a24e), + TOBN(0xaed78abc, 0x42531689), TOBN(0x0a51a0e8, 0x010963ef), + TOBN(0x5776fa0a, 0xd717d9b3), TOBN(0xf356c239, 0x7dd3428b), + TOBN(0x29903fff, 0x8d3a3dac), TOBN(0x409597fa, 0x3d94491f), + TOBN(0x4cd7a5ff, 0xbf4a56a4), TOBN(0xe5096474, 0x8adab462), + TOBN(0xa97b5126, 0x5c3427b0), TOBN(0x6401405c, 0xd282c9bd), + TOBN(0x3629f8d7, 0x222c5c45), TOBN(0xb1c02c16, 0xe8d50aed), + TOBN(0xbea2ed75, 0xd9635bc9), TOBN(0x226790c7, 0x6e24552f), + TOBN(0x3c33f2a3, 0x65f1d066), TOBN(0x2a43463e, 0x6dfccc2e), + TOBN(0x8cc3453a, 0xdb483761), TOBN(0xe7cc6085, 0x65d5672b), + TOBN(0x277ed6cb, 0xde3efc87), TOBN(0x19f2f368, 0x69234eaf), + TOBN(0x9aaf4317, 0x5c0b800b), TOBN(0x1f1e7c89, 0x8b6da6e2), + TOBN(0x6cfb4715, 0xb94ec75e), TOBN(0xd590dd5f, 0x453118c2), + TOBN(0x14e49da1, 0x1f17a34c), TOBN(0x5420ab39, 0x235a1456), + TOBN(0xb7637241, 0x2f50363b), TOBN(0x7b15d623, 0xc3fabb6e), + TOBN(0xa0ef40b1, 0xe274e49c), TOBN(0x5cf50744, 0x96b1860a), + TOBN(0xd6583fbf, 0x66afe5a4), TOBN(0x44240510, 0xf47e3e9a), + TOBN(0x99254343, 0x11b2d595), TOBN(0xf1367499, 0xeec8df57), + TOBN(0x3cb12c61, 0x3e73dd05), TOBN(0xd248c033, 0x7dac102a), + TOBN(0xcf154f13, 0xa77739f5), TOBN(0xbf4288cb, 0x23d2af42), + TOBN(0xaa64c9b6, 0x32e4a1cf), TOBN(0xee8c07a8, 0xc8a208f3), + TOBN(0xe10d4999, 0x6fe8393f), TOBN(0x0f809a3f, 0xe91f3a32), + TOBN(0x61096d1c, 0x802f63c8), TOBN(0x289e1462, 0x57750d3d), + TOBN(0xed06167e, 0x9889feea), TOBN(0xd5c9c0e2, 0xe0993909), + TOBN(0x46fca0d8, 0x56508ac6), TOBN(0x91826047, 0x4f1b8e83), + TOBN(0x4f2c877a, 0x9a4a2751), TOBN(0x71bd0072, 0xcae6fead), + TOBN(0x38df8dcc, 0x06aa1941), TOBN(0x5a074b4c, 0x63beeaa8), + TOBN(0xd6d65934, 0xc1cec8ed), TOBN(0xa6ecb49e, 0xaabc03bd), + TOBN(0xaade91c2, 0xde8a8415), TOBN(0xcfb0efdf, 0x691136e0), + TOBN(0x11af45ee, 0x23ab3495), TOBN(0xa132df88, 0x0b77463d), + TOBN(0x8923c15c, 0x815d06f4), TOBN(0xc3ceb3f5, 0x0d61a436), + TOBN(0xaf52291d, 0xe88fb1da), TOBN(0xea057974, 0x1da12179), + TOBN(0xb0d7218c, 0xd2fef720), TOBN(0x6c0899c9, 0x8e1d8845), + TOBN(0x98157504, 0x752ddad7), TOBN(0xd60bd74f, 0xa1a68a97), + TOBN(0x7047a3a9, 0xf658fb99), TOBN(0x1f5d86d6, 0x5f8511e4), + TOBN(0xb8a4bc42, 0x4b5a6d88), TOBN(0x69eb2c33, 0x1abefa7d), + TOBN(0x95bf39e8, 0x13c9c510), TOBN(0xf571960a, 0xd48aab43), + TOBN(0x7e8cfbcf, 0x704e23c6), TOBN(0xc71b7d22, 0x28aaa65b), + TOBN(0xa041b2bd, 0x245e3c83), TOBN(0x69b98834, 0xd21854ff), + TOBN(0x89d227a3, 0x963bfeec), TOBN(0x99947aaa, 0xde7da7cb), + TOBN(0x1d9ee9db, 0xee68a9b1), TOBN(0x0a08f003, 0x698ec368), + TOBN(0xe9ea4094, 0x78ef2487), TOBN(0xc8d2d415, 0x02cfec26), + TOBN(0xc52f9a6e, 0xb7dcf328), TOBN(0x0ed489e3, 0x85b6a937), + TOBN(0x9b94986b, 0xbef3366e), TOBN(0x0de59c70, 0xedddddb8), + TOBN(0xffdb748c, 0xeadddbe2), TOBN(0x9b9784bb, 0x8266ea40), + TOBN(0x142b5502, 0x1a93507a), TOBN(0xb4cd1187, 0x8d3c06cf), + TOBN(0xdf70e76a, 0x91ec3f40), TOBN(0x484e81ad, 0x4e7553c2), + TOBN(0x830f87b5, 0x272e9d6e), TOBN(0xea1c93e5, 0xc6ff514a), + TOBN(0x67cc2adc, 0xc4192a8e), TOBN(0xc77e27e2, 0x42f4535a), + TOBN(0x9cdbab36, 0xd2b713c5), TOBN(0x86274ea0, 0xcf7b0cd3), + TOBN(0x784680f3, 0x09af826b), TOBN(0xbfcc837a, 0x0c72dea3), + TOBN(0xa8bdfe9d, 0xd6529b73), TOBN(0x708aa228, 0x63a88002), + TOBN(0x6c7a9a54, 0xc91d45b9), TOBN(0xdf1a38bb, 0xfd004f56), + TOBN(0x2e8c9a26, 0xb8bad853), TOBN(0x2d52cea3, 0x3723eae7), + TOBN(0x054d6d81, 0x56ca2830), TOBN(0xa3317d14, 0x9a8dc411), + TOBN(0xa08662fe, 0xfd4ddeda), TOBN(0xed2a153a, 0xb55d792b), + TOBN(0x7035c16a, 0xbfc6e944), TOBN(0xb6bc5834, 0x00171cf3), + TOBN(0xe27152b3, 0x83d102b6), TOBN(0xfe695a47, 0x0646b848), + TOBN(0xa5bb09d8, 0x916e6d37), TOBN(0xb4269d64, 0x0d17015e), + TOBN(0x8d8156a1, 0x0a1d2285), TOBN(0xfeef6c51, 0x46d26d72), + TOBN(0x9dac57c8, 0x4c5434a7), TOBN(0x0282e5be, 0x59d39e31), + TOBN(0xedfff181, 0x721c486d), TOBN(0x301baf10, 0xbc58824e), + TOBN(0x8136a6aa, 0x00570031), TOBN(0x55aaf78c, 0x1cddde68), + TOBN(0x26829371, 0x59c63952), TOBN(0x3a3bd274, 0x8bc25baf), + TOBN(0xecdf8657, 0xb7e52dc3), TOBN(0x2dd8c087, 0xfd78e6c8), + TOBN(0x20553274, 0xf5531461), TOBN(0x8b4a1281, 0x5d95499b), + TOBN(0xe2c8763a, 0x1a80f9d2), TOBN(0xd1dbe32b, 0x4ddec758), + TOBN(0xaf12210d, 0x30c34169), TOBN(0xba74a953, 0x78baa533), + TOBN(0x3d133c6e, 0xa438f254), TOBN(0xa431531a, 0x201bef5b), + TOBN(0x15295e22, 0xf669d7ec), TOBN(0xca374f64, 0x357fb515), + TOBN(0x8a8406ff, 0xeaa3fdb3), TOBN(0x106ae448, 0xdf3f2da8), + TOBN(0x8f9b0a90, 0x33c8e9a1), TOBN(0x234645e2, 0x71ad5885), + TOBN(0x3d083224, 0x1c0aed14), TOBN(0xf10a7d3e, 0x7a942d46), + TOBN(0x7c11deee, 0x40d5c9be), TOBN(0xb2bae7ff, 0xba84ed98), + TOBN(0x93e97139, 0xaad58ddd), TOBN(0x3d872796, 0x3f6d1fa3), + TOBN(0x483aca81, 0x8569ff13), TOBN(0x8b89a5fb, 0x9a600f72), + TOBN(0x4cbc27c3, 0xc06f2b86), TOBN(0x22130713, 0x63ad9c0b), + TOBN(0xb5358b1e, 0x48ac2840), TOBN(0x18311294, 0xecba9477), + TOBN(0xda58f990, 0xa6946b43), TOBN(0x3098baf9, 0x9ab41819), + TOBN(0x66c4c158, 0x4198da52), TOBN(0xab4fc17c, 0x146bfd1b), + TOBN(0x2f0a4c3c, 0xbf36a908), TOBN(0x2ae9e34b, 0x58cf7838), + TOBN(0xf411529e, 0x3fa11b1f), TOBN(0x21e43677, 0x974af2b4), + TOBN(0x7c20958e, 0xc230793b), TOBN(0x710ea885, 0x16e840f3), + TOBN(0xfc0b21fc, 0xc5dc67cf), TOBN(0x08d51647, 0x88405718), + TOBN(0xd955c21f, 0xcfe49eb7), TOBN(0x9722a5d5, 0x56dd4a1f), + TOBN(0xc9ef50e2, 0xc861baa5), TOBN(0xc0c21a5d, 0x9505ac3e), + TOBN(0xaf6b9a33, 0x8b7c063f), TOBN(0xc6370339, 0x2f4779c1), + TOBN(0x22df99c7, 0x638167c3), TOBN(0xfe6ffe76, 0x795db30c), + TOBN(0x2b822d33, 0xa4854989), TOBN(0xfef031dd, 0x30563aa5), + TOBN(0x16b09f82, 0xd57c667f), TOBN(0xc70312ce, 0xcc0b76f1), + TOBN(0xbf04a9e6, 0xc9118aec), TOBN(0x82fcb419, 0x3409d133), + TOBN(0x1a8ab385, 0xab45d44d), TOBN(0xfba07222, 0x617b83a3), + TOBN(0xb05f50dd, 0x58e81b52), TOBN(0x1d8db553, 0x21ce5aff), + TOBN(0x3097b8d4, 0xe344a873), TOBN(0x7d8d116d, 0xfe36d53e), + TOBN(0x6db22f58, 0x7875e750), TOBN(0x2dc5e373, 0x43e144ea), + TOBN(0xc05f32e6, 0xe799eb95), TOBN(0xe9e5f4df, 0x6899e6ec), + TOBN(0xbdc3bd68, 0x1fab23d5), TOBN(0xb72b8ab7, 0x73af60e6), + TOBN(0x8db27ae0, 0x2cecc84a), TOBN(0x600016d8, 0x7bdb871c), + TOBN(0x42a44b13, 0xd7c46f58), TOBN(0xb8919727, 0xc3a77d39), + TOBN(0xcfc6bbbd, 0xdafd6088), TOBN(0x1a740146, 0x6bd20d39), + TOBN(0x8c747abd, 0x98c41072), TOBN(0x4c91e765, 0xbdf68ea1), + TOBN(0x7c95e5ca, 0x08819a78), TOBN(0xcf48b729, 0xc9587921), + TOBN(0x091c7c5f, 0xdebbcc7d), TOBN(0x6f287404, 0xf0e05149), + TOBN(0xf83b5ac2, 0x26cd44ec), TOBN(0x88ae32a6, 0xcfea250e), + TOBN(0x6ac5047a, 0x1d06ebc5), TOBN(0xc7e550b4, 0xd434f781), + TOBN(0x61ab1cf2, 0x5c727bd2), TOBN(0x2e4badb1, 0x1cf915b0), + TOBN(0x1b4dadec, 0xf69d3920), TOBN(0xe61b1ca6, 0xf14c1dfe), + TOBN(0x90b479cc, 0xbd6bd51f), TOBN(0x8024e401, 0x8045ec30), + TOBN(0xcab29ca3, 0x25ef0e62), TOBN(0x4f2e9416, 0x49e4ebc0), + TOBN(0x45eb40ec, 0x0ccced58), TOBN(0x25cd4b9c, 0x0da44f98), + TOBN(0x43e06458, 0x871812c6), TOBN(0x99f80d55, 0x16cef651), + TOBN(0x571340c9, 0xce6dc153), TOBN(0x138d5117, 0xd8665521), + TOBN(0xacdb45bc, 0x4e07014d), TOBN(0x2f34bb38, 0x84b60b91), + TOBN(0xf44a4fd2, 0x2ae8921e), TOBN(0xb039288e, 0x892ba1e2), + TOBN(0x9da50174, 0xb1c180b2), TOBN(0x6b70ab66, 0x1693dc87), + TOBN(0x7e9babc9, 0xe7057481), TOBN(0x4581ddef, 0x9c80dc41), + TOBN(0x0c890da9, 0x51294682), TOBN(0x0b5629d3, 0x3f4736e5), + TOBN(0x2340c79e, 0xb06f5b41), TOBN(0xa42e84ce, 0x4e243469), + TOBN(0xf9a20135, 0x045a71a9), TOBN(0xefbfb415, 0xd27b6fb6), + TOBN(0x25ebea23, 0x9d33cd6f), TOBN(0x9caedb88, 0xaa6c0af8), + TOBN(0x53dc7e9a, 0xd9ce6f96), TOBN(0x3897f9fd, 0x51e0b15a), + TOBN(0xf51cb1f8, 0x8e5d788e), TOBN(0x1aec7ba8, 0xe1d490ee), + TOBN(0x265991e0, 0xcc58cb3c), TOBN(0x9f306e8c, 0x9fc3ad31), + TOBN(0x5fed006e, 0x5040a0ac), TOBN(0xca9d5043, 0xfb476f2e), + TOBN(0xa19c06e8, 0xbeea7a23), TOBN(0xd2865801, 0x0edabb63), + TOBN(0xdb92293f, 0x6967469a), TOBN(0x2894d839, 0x8d8a8ed8), + TOBN(0x87c9e406, 0xbbc77122), TOBN(0x8671c6f1, 0x2ea3a26a), + TOBN(0xe42df8d6, 0xd7de9853), TOBN(0x2e3ce346, 0xb1f2bcc7), + TOBN(0xda601dfc, 0x899d50cf), TOBN(0xbfc913de, 0xfb1b598f), + TOBN(0x81c4909f, 0xe61f7908), TOBN(0x192e304f, 0x9bbc7b29), + TOBN(0xc3ed8738, 0xc104b338), TOBN(0xedbe9e47, 0x783f5d61), + TOBN(0x0c06e9be, 0x2db30660), TOBN(0xda3e613f, 0xc0eb7d8e), + TOBN(0xd8fa3e97, 0x322e096e), TOBN(0xfebd91e8, 0xd336e247), + TOBN(0x8f13ccc4, 0xdf655a49), TOBN(0xa9e00dfc, 0x5eb20210), + TOBN(0x84631d0f, 0xc656b6ea), TOBN(0x93a058cd, 0xd8c0d947), + TOBN(0x6846904a, 0x67bd3448), TOBN(0x4a3d4e1a, 0xf394fd5c), + TOBN(0xc102c1a5, 0xdb225f52), TOBN(0xe3455bba, 0xfc4f5e9a), + TOBN(0x6b36985b, 0x4b9ad1ce), TOBN(0xa9818536, 0x5bb7f793), + TOBN(0x6c25e1d0, 0x48b1a416), TOBN(0x1381dd53, 0x3c81bee7), + TOBN(0xd2a30d61, 0x7a4a7620), TOBN(0xc8412926, 0x39b8944c), + TOBN(0x3c1c6fbe, 0x7a97c33a), TOBN(0x941e541d, 0x938664e7), + TOBN(0x417499e8, 0x4a34f239), TOBN(0x15fdb83c, 0xb90402d5), + TOBN(0xb75f46bf, 0x433aa832), TOBN(0xb61e15af, 0x63215db1), + TOBN(0xaabe59d4, 0xa127f89a), TOBN(0x5d541e0c, 0x07e816da), + TOBN(0xaaba0659, 0xa618b692), TOBN(0x55327733, 0x17266026), + TOBN(0xaf53a0fc, 0x95f57552), TOBN(0x32947650, 0x6cacb0c9), + TOBN(0x253ff58d, 0xc821be01), TOBN(0xb0309531, 0xa06f1146), + TOBN(0x59bbbdf5, 0x05c2e54d), TOBN(0x158f27ad, 0x26e8dd22), + TOBN(0xcc5b7ffb, 0x397e1e53), TOBN(0xae03f65b, 0x7fc1e50d), + TOBN(0xa9784ebd, 0x9c95f0f9), TOBN(0x5ed9deb2, 0x24640771), + TOBN(0x31244af7, 0x035561c4), TOBN(0x87332f3a, 0x7ee857de), + TOBN(0x09e16e9e, 0x2b9e0d88), TOBN(0x52d910f4, 0x56a06049), + TOBN(0x507ed477, 0xa9592f48), TOBN(0x85cb917b, 0x2365d678), + TOBN(0xf8511c93, 0x4c8998d1), TOBN(0x2186a3f1, 0x730ea58f), + TOBN(0x50189626, 0xb2029db0), TOBN(0x9137a6d9, 0x02ceb75a), + TOBN(0x2fe17f37, 0x748bc82c), TOBN(0x87c2e931, 0x80469f8c), + TOBN(0x850f71cd, 0xbf891aa2), TOBN(0x0ca1b89b, 0x75ec3d8d), + TOBN(0x516c43aa, 0x5e1cd3cd), TOBN(0x89397808, 0x9a887c28), + TOBN(0x0059c699, 0xddea1f9f), TOBN(0x7737d6fa, 0x8e6868f7), + TOBN(0x6d93746a, 0x60f1524b), TOBN(0x36985e55, 0xba052aa7), + TOBN(0x41b1d322, 0xed923ea5), TOBN(0x3429759f, 0x25852a11), + TOBN(0xbeca6ec3, 0x092e9f41), TOBN(0x3a238c66, 0x62256bbd), + TOBN(0xd82958ea, 0x70ad487d), TOBN(0x4ac8aaf9, 0x65610d93), + TOBN(0x3fa101b1, 0x5e4ccab0), TOBN(0x9bf430f2, 0x9de14bfb), + TOBN(0xa10f5cc6, 0x6531899d), TOBN(0x590005fb, 0xea8ce17d), + TOBN(0xc437912f, 0x24544cb6), TOBN(0x9987b71a, 0xd79ac2e3), + TOBN(0x13e3d9dd, 0xc058a212), TOBN(0x00075aac, 0xd2de9606), + TOBN(0x80ab508b, 0x6cac8369), TOBN(0x87842be7, 0xf54f6c89), + TOBN(0xa7ad663d, 0x6bc532a4), TOBN(0x67813de7, 0x78a91bc8), + TOBN(0x5dcb61ce, 0xc3427239), TOBN(0x5f3c7cf0, 0xc56934d9), + TOBN(0xc079e0fb, 0xe3191591), TOBN(0xe40896bd, 0xb01aada7), + TOBN(0x8d466791, 0x0492d25f), TOBN(0x8aeb30c9, 0xe7408276), + TOBN(0xe9437495, 0x9287aacc), TOBN(0x23d4708d, 0x79fe03d4), + TOBN(0x8cda9cf2, 0xd0c05199), TOBN(0x502fbc22, 0xfae78454), + TOBN(0xc0bda9df, 0xf572a182), TOBN(0x5f9b71b8, 0x6158b372), + TOBN(0xe0f33a59, 0x2b82dd07), TOBN(0x76302735, 0x9523032e), + TOBN(0x7fe1a721, 0xc4505a32), TOBN(0x7b6e3e82, 0xf796409f), + }, + { + TOBN(0xe3417bc0, 0x35d0b34a), TOBN(0x440b386b, 0x8327c0a7), + TOBN(0x8fb7262d, 0xac0362d1), TOBN(0x2c41114c, 0xe0cdf943), + TOBN(0x2ba5cef1, 0xad95a0b1), TOBN(0xc09b37a8, 0x67d54362), + TOBN(0x26d6cdd2, 0x01e486c9), TOBN(0x20477abf, 0x42ff9297), + TOBN(0xa004dcb3, 0x292a9287), TOBN(0xddc15cf6, 0x77b092c7), + TOBN(0x083a8464, 0x806c0605), TOBN(0x4a68df70, 0x3db997b0), + TOBN(0x9c134e45, 0x05bf7dd0), TOBN(0xa4e63d39, 0x8ccf7f8c), + TOBN(0xa6e6517f, 0x41b5f8af), TOBN(0xaa8b9342, 0xad7bc1cc), + TOBN(0x126f35b5, 0x1e706ad9), TOBN(0xb99cebb4, 0xc3a9ebdf), + TOBN(0xa75389af, 0xbf608d90), TOBN(0x76113c4f, 0xc6c89858), + TOBN(0x80de8eb0, 0x97e2b5aa), TOBN(0x7e1022cc, 0x63b91304), + TOBN(0x3bdab605, 0x6ccc066c), TOBN(0x33cbb144, 0xb2edf900), + TOBN(0xc4176471, 0x7af715d2), TOBN(0xe2f7f594, 0xd0134a96), + TOBN(0x2c1873ef, 0xa41ec956), TOBN(0xe4e7b4f6, 0x77821304), + TOBN(0xe5c8ff97, 0x88d5374a), TOBN(0x2b915e63, 0x80823d5b), + TOBN(0xea6bc755, 0xb2ee8fe2), TOBN(0x6657624c, 0xe7112651), + TOBN(0x157af101, 0xdace5aca), TOBN(0xc4fdbcf2, 0x11a6a267), + TOBN(0xdaddf340, 0xc49c8609), TOBN(0x97e49f52, 0xe9604a65), + TOBN(0x9be8e790, 0x937e2ad5), TOBN(0x846e2508, 0x326e17f1), + TOBN(0x3f38007a, 0x0bbbc0dc), TOBN(0xcf03603f, 0xb11e16d6), + TOBN(0xd6f800e0, 0x7442f1d5), TOBN(0x475607d1, 0x66e0e3ab), + TOBN(0x82807f16, 0xb7c64047), TOBN(0x8858e1e3, 0xa749883d), + TOBN(0x5859120b, 0x8231ee10), TOBN(0x1b80e7eb, 0x638a1ece), + TOBN(0xcb72525a, 0xc6aa73a4), TOBN(0xa7cdea3d, 0x844423ac), + TOBN(0x5ed0c007, 0xf8ae7c38), TOBN(0x6db07a5c, 0x3d740192), + TOBN(0xbe5e9c2a, 0x5fe36db3), TOBN(0xd5b9d57a, 0x76e95046), + TOBN(0x54ac32e7, 0x8eba20f2), TOBN(0xef11ca8f, 0x71b9a352), + TOBN(0x305e373e, 0xff98a658), TOBN(0xffe5a100, 0x823eb667), + TOBN(0x57477b11, 0xe51732d2), TOBN(0xdfd6eb28, 0x2538fc0e), + TOBN(0x5c43b0cc, 0x3b39eec5), TOBN(0x6af12778, 0xcb36cc57), + TOBN(0x70b0852d, 0x06c425ae), TOBN(0x6df92f8c, 0x5c221b9b), + TOBN(0x6c8d4f9e, 0xce826d9c), TOBN(0xf59aba7b, 0xb49359c3), + TOBN(0x5c8ed8d5, 0xda64309d), TOBN(0x61a6de56, 0x91b30704), + TOBN(0xd6b52f6a, 0x2f9b5808), TOBN(0x0eee4194, 0x98c958a7), + TOBN(0xcddd9aab, 0x771e4caa), TOBN(0x83965dfd, 0x78bc21be), + TOBN(0x02affce3, 0xb3b504f5), TOBN(0x30847a21, 0x561c8291), + TOBN(0xd2eb2cf1, 0x52bfda05), TOBN(0xe0e4c4e9, 0x6197b98c), + TOBN(0x1d35076c, 0xf8a1726f), TOBN(0x6c06085b, 0x2db11e3d), + TOBN(0x15c0c4d7, 0x4463ba14), TOBN(0x9d292f83, 0x0030238c), + TOBN(0x1311ee8b, 0x3727536d), TOBN(0xfeea86ef, 0xbeaedc1e), + TOBN(0xb9d18cd3, 0x66131e2e), TOBN(0xf31d974f, 0x80fe2682), + TOBN(0xb6e49e0f, 0xe4160289), TOBN(0x7c48ec0b, 0x08e92799), + TOBN(0x818111d8, 0xd1989aa7), TOBN(0xb34fa0aa, 0xebf926f9), + TOBN(0xdb5fe2f5, 0xa245474a), TOBN(0xf80a6ebb, 0x3c7ca756), + TOBN(0xa7f96054, 0xafa05dd8), TOBN(0x26dfcf21, 0xfcaf119e), + TOBN(0xe20ef2e3, 0x0564bb59), TOBN(0xef4dca50, 0x61cb02b8), + TOBN(0xcda7838a, 0x65d30672), TOBN(0x8b08d534, 0xfd657e86), + TOBN(0x4c5b4395, 0x46d595c8), TOBN(0x39b58725, 0x425cb836), + TOBN(0x8ea61059, 0x3de9abe3), TOBN(0x40434881, 0x9cdc03be), + TOBN(0x9b261245, 0xcfedce8c), TOBN(0x78c318b4, 0xcf5234a1), + TOBN(0x510bcf16, 0xfde24c99), TOBN(0x2a77cb75, 0xa2c2ff5d), + TOBN(0x9c895c2b, 0x27960fb4), TOBN(0xd30ce975, 0xb0eda42b), + TOBN(0xfda85393, 0x1a62cc26), TOBN(0x23c69b96, 0x50c0e052), + TOBN(0xa227df15, 0xbfc633f3), TOBN(0x2ac78848, 0x1bae7d48), + TOBN(0x487878f9, 0x187d073d), TOBN(0x6c2be919, 0x967f807d), + TOBN(0x765861d8, 0x336e6d8f), TOBN(0x88b8974c, 0xce528a43), + TOBN(0x09521177, 0xff57d051), TOBN(0x2ff38037, 0xfb6a1961), + TOBN(0xfc0aba74, 0xa3d76ad4), TOBN(0x7c764803, 0x25a7ec17), + TOBN(0x7532d75f, 0x48879bc8), TOBN(0xea7eacc0, 0x58ce6bc1), + TOBN(0xc82176b4, 0x8e896c16), TOBN(0x9a30e0b2, 0x2c750fed), + TOBN(0xc37e2c2e, 0x421d3aa4), TOBN(0xf926407c, 0xe84fa840), + TOBN(0x18abc03d, 0x1454e41c), TOBN(0x26605ecd, 0x3f7af644), + TOBN(0x242341a6, 0xd6a5eabf), TOBN(0x1edb84f4, 0x216b668e), + TOBN(0xd836edb8, 0x04010102), TOBN(0x5b337ce7, 0x945e1d8c), + TOBN(0xd2075c77, 0xc055dc14), TOBN(0x2a0ffa25, 0x81d89cdf), + TOBN(0x8ce815ea, 0x6ffdcbaf), TOBN(0xa3428878, 0xfb648867), + TOBN(0x277699cf, 0x884655fb), TOBN(0xfa5b5bd6, 0x364d3e41), + TOBN(0x01f680c6, 0x441e1cb7), TOBN(0x3fd61e66, 0xb70a7d67), + TOBN(0x666ba2dc, 0xcc78cf66), TOBN(0xb3018174, 0x6fdbff77), + TOBN(0x8d4dd0db, 0x168d4668), TOBN(0x259455d0, 0x1dab3a2a), + TOBN(0xf58564c5, 0xcde3acec), TOBN(0x77141925, 0x13adb276), + TOBN(0x527d725d, 0x8a303f65), TOBN(0x55deb6c9, 0xe6f38f7b), + TOBN(0xfd5bb657, 0xb1fa70fb), TOBN(0xfa07f50f, 0xd8073a00), + TOBN(0xf72e3aa7, 0xbca02500), TOBN(0xf68f895d, 0x9975740d), + TOBN(0x30112060, 0x5cae2a6a), TOBN(0x01bd7218, 0x02874842), + TOBN(0x3d423891, 0x7ce47bd3), TOBN(0xa66663c1, 0x789544f6), + TOBN(0x864d05d7, 0x3272d838), TOBN(0xe22924f9, 0xfa6295c5), + TOBN(0x8189593f, 0x6c2fda32), TOBN(0x330d7189, 0xb184b544), + TOBN(0x79efa62c, 0xbde1f714), TOBN(0x35771c94, 0xe5cb1a63), + TOBN(0x2f4826b8, 0x641c8332), TOBN(0x00a894fb, 0xc8cee854), + TOBN(0xb4b9a39b, 0x36194d40), TOBN(0xe857a7c5, 0x77612601), + TOBN(0xf4209dd2, 0x4ecf2f58), TOBN(0x82b9e66d, 0x5a033487), + TOBN(0xc1e36934, 0xe4e8b9dd), TOBN(0xd2372c9d, 0xa42377d7), + TOBN(0x51dc94c7, 0x0e3ae43b), TOBN(0x4c57761e, 0x04474f6f), + TOBN(0xdcdacd0a, 0x1058a318), TOBN(0x369cf3f5, 0x78053a9a), + TOBN(0xc6c3de50, 0x31c68de2), TOBN(0x4653a576, 0x3c4b6d9f), + TOBN(0x1688dd5a, 0xaa4e5c97), TOBN(0x5be80aa1, 0xb7ab3c74), + TOBN(0x70cefe7c, 0xbc65c283), TOBN(0x57f95f13, 0x06867091), + TOBN(0xa39114e2, 0x4415503b), TOBN(0xc08ff7c6, 0x4cbb17e9), + TOBN(0x1eff674d, 0xd7dec966), TOBN(0x6d4690af, 0x53376f63), + TOBN(0xff6fe32e, 0xea74237b), TOBN(0xc436d17e, 0xcd57508e), + TOBN(0x15aa28e1, 0xedcc40fe), TOBN(0x0d769c04, 0x581bbb44), + TOBN(0xc240b6de, 0x34eaacda), TOBN(0xd9e116e8, 0x2ba0f1de), + TOBN(0xcbe45ec7, 0x79438e55), TOBN(0x91787c9d, 0x96f752d7), + TOBN(0x897f532b, 0xf129ac2f), TOBN(0xd307b7c8, 0x5a36e22c), + TOBN(0x91940675, 0x749fb8f3), TOBN(0xd14f95d0, 0x157fdb28), + TOBN(0xfe51d029, 0x6ae55043), TOBN(0x8931e98f, 0x44a87de1), + TOBN(0xe57f1cc6, 0x09e4fee2), TOBN(0x0d063b67, 0x4e072d92), + TOBN(0x70a998b9, 0xed0e4316), TOBN(0xe74a736b, 0x306aca46), + TOBN(0xecf0fbf2, 0x4fda97c7), TOBN(0xa40f65cb, 0x3e178d93), + TOBN(0x16253604, 0x16df4285), TOBN(0xb0c9babb, 0xd0c56ae2), + TOBN(0x73032b19, 0xcfc5cfc3), TOBN(0xe497e5c3, 0x09752056), + TOBN(0x12096bb4, 0x164bda96), TOBN(0x1ee42419, 0xa0b74da1), + TOBN(0x8fc36243, 0x403826ba), TOBN(0x0c8f0069, 0xdc09e660), + TOBN(0x8667e981, 0xc27253c9), TOBN(0x05a6aefb, 0x92b36a45), + TOBN(0xa62c4b36, 0x9cb7bb46), TOBN(0x8394f375, 0x11f7027b), + TOBN(0x747bc79c, 0x5f109d0f), TOBN(0xcad88a76, 0x5b8cc60a), + TOBN(0x80c5a66b, 0x58f09e68), TOBN(0xe753d451, 0xf6127eac), + TOBN(0xc44b74a1, 0x5b0ec6f5), TOBN(0x47989fe4, 0x5289b2b8), + TOBN(0x745f8484, 0x58d6fc73), TOBN(0xec362a6f, 0xf61c70ab), + TOBN(0x070c98a7, 0xb3a8ad41), TOBN(0x73a20fc0, 0x7b63db51), + TOBN(0xed2c2173, 0xf44c35f4), TOBN(0x8a56149d, 0x9acc9dca), + TOBN(0x98f17881, 0x9ac6e0f4), TOBN(0x360fdeaf, 0xa413b5ed), + TOBN(0x0625b8f4, 0xa300b0fd), TOBN(0xf1f4d76a, 0x5b3222d3), + TOBN(0x9d6f5109, 0x587f76b8), TOBN(0x8b4ee08d, 0x2317fdb5), + TOBN(0x88089bb7, 0x8c68b095), TOBN(0x95570e9a, 0x5808d9b9), + TOBN(0xa395c36f, 0x35d33ae7), TOBN(0x200ea123, 0x50bb5a94), + TOBN(0x20c789bd, 0x0bafe84b), TOBN(0x243ef52d, 0x0919276a), + TOBN(0x3934c577, 0xe23ae233), TOBN(0xb93807af, 0xa460d1ec), + TOBN(0xb72a53b1, 0xf8fa76a4), TOBN(0xd8914cb0, 0xc3ca4491), + TOBN(0x2e128494, 0x3fb42622), TOBN(0x3b2700ac, 0x500907d5), + TOBN(0xf370fb09, 0x1a95ec63), TOBN(0xf8f30be2, 0x31b6dfbd), + TOBN(0xf2b2f8d2, 0x69e55f15), TOBN(0x1fead851, 0xcc1323e9), + TOBN(0xfa366010, 0xd9e5eef6), TOBN(0x64d487b0, 0xe316107e), + TOBN(0x4c076b86, 0xd23ddc82), TOBN(0x03fd344c, 0x7e0143f0), + TOBN(0xa95362ff, 0x317af2c5), TOBN(0x0add3db7, 0xe18b7a4f), + TOBN(0x9c673e3f, 0x8260e01b), TOBN(0xfbeb49e5, 0x54a1cc91), + TOBN(0x91351bf2, 0x92f2e433), TOBN(0xc755e7ec, 0x851141eb), + TOBN(0xc9a95139, 0x29607745), TOBN(0x0ca07420, 0xa26f2b28), + TOBN(0xcb2790e7, 0x4bc6f9dd), TOBN(0x345bbb58, 0xadcaffc0), + TOBN(0xc65ea38c, 0xbe0f27a2), TOBN(0x67c24d7c, 0x641fcb56), + TOBN(0x2c25f0a7, 0xa9e2c757), TOBN(0x93f5cdb0, 0x16f16c49), + TOBN(0x2ca5a9d7, 0xc5ee30a1), TOBN(0xd1593635, 0xb909b729), + TOBN(0x804ce9f3, 0xdadeff48), TOBN(0xec464751, 0xb07c30c3), + TOBN(0x89d65ff3, 0x9e49af6a), TOBN(0xf2d6238a, 0x6f3d01bc), + TOBN(0x1095561e, 0x0bced843), TOBN(0x51789e12, 0xc8a13fd8), + TOBN(0xd633f929, 0x763231df), TOBN(0x46df9f7d, 0xe7cbddef), + TOBN(0x01c889c0, 0xcb265da8), TOBN(0xfce1ad10, 0xaf4336d2), + TOBN(0x8d110df6, 0xfc6a0a7e), TOBN(0xdd431b98, 0x6da425dc), + TOBN(0xcdc4aeab, 0x1834aabe), TOBN(0x84deb124, 0x8439b7fc), + TOBN(0x8796f169, 0x3c2a5998), TOBN(0x9b9247b4, 0x7947190d), + TOBN(0x55b9d9a5, 0x11597014), TOBN(0x7e9dd70d, 0x7b1566ee), + TOBN(0x94ad78f7, 0xcbcd5e64), TOBN(0x0359ac17, 0x9bd4c032), + TOBN(0x3b11baaf, 0x7cc222ae), TOBN(0xa6a6e284, 0xba78e812), + TOBN(0x8392053f, 0x24cea1a0), TOBN(0xc97bce4a, 0x33621491), + TOBN(0x7eb1db34, 0x35399ee9), TOBN(0x473f78ef, 0xece81ad1), + TOBN(0x41d72fe0, 0xf63d3d0d), TOBN(0xe620b880, 0xafab62fc), + TOBN(0x92096bc9, 0x93158383), TOBN(0x41a21357, 0x8f896f6c), + TOBN(0x1b5ee2fa, 0xc7dcfcab), TOBN(0x650acfde, 0x9546e007), + TOBN(0xc081b749, 0xb1b02e07), TOBN(0xda9e41a0, 0xf9eca03d), + TOBN(0x013ba727, 0x175a54ab), TOBN(0xca0cd190, 0xea5d8d10), + TOBN(0x85ea52c0, 0x95fd96a9), TOBN(0x2c591b9f, 0xbc5c3940), + TOBN(0x6fb4d4e4, 0x2bad4d5f), TOBN(0xfa4c3590, 0xfef0059b), + TOBN(0x6a10218a, 0xf5122294), TOBN(0x9a78a81a, 0xa85751d1), + TOBN(0x04f20579, 0xa98e84e7), TOBN(0xfe1242c0, 0x4997e5b5), + TOBN(0xe77a273b, 0xca21e1e4), TOBN(0xfcc8b1ef, 0x9411939d), + TOBN(0xe20ea302, 0x92d0487a), TOBN(0x1442dbec, 0x294b91fe), + TOBN(0x1f7a4afe, 0xbb6b0e8f), TOBN(0x1700ef74, 0x6889c318), + TOBN(0xf5bbffc3, 0x70f1fc62), TOBN(0x3b31d4b6, 0x69c79cca), + TOBN(0xe8bc2aab, 0xa7f6340d), TOBN(0xb0b08ab4, 0xa725e10a), + TOBN(0x44f05701, 0xae340050), TOBN(0xba4b3016, 0x1cf0c569), + TOBN(0x5aa29f83, 0xfbe19a51), TOBN(0x1b9ed428, 0xb71d752e), + TOBN(0x1666e54e, 0xeb4819f5), TOBN(0x616cdfed, 0x9e18b75b), + TOBN(0x112ed5be, 0x3ee27b0b), TOBN(0xfbf28319, 0x44c7de4d), + TOBN(0xd685ec85, 0xe0e60d84), TOBN(0x68037e30, 0x1db7ee78), + TOBN(0x5b65bdcd, 0x003c4d6e), TOBN(0x33e7363a, 0x93e29a6a), + TOBN(0x995b3a61, 0x08d0756c), TOBN(0xd727f85c, 0x2faf134b), + TOBN(0xfac6edf7, 0x1d337823), TOBN(0x99b9aa50, 0x0439b8b4), + TOBN(0x722eb104, 0xe2b4e075), TOBN(0x49987295, 0x437c4926), + TOBN(0xb1e4c0e4, 0x46a9b82d), TOBN(0xd0cb3197, 0x57a006f5), + TOBN(0xf3de0f7d, 0xd7808c56), TOBN(0xb5c54d8f, 0x51f89772), + TOBN(0x500a114a, 0xadbd31aa), TOBN(0x9afaaaa6, 0x295f6cab), + TOBN(0x94705e21, 0x04cf667a), TOBN(0xfc2a811b, 0x9d3935d7), + TOBN(0x560b0280, 0x6d09267c), TOBN(0xf19ed119, 0xf780e53b), + TOBN(0xf0227c09, 0x067b6269), TOBN(0x967b8533, 0x5caef599), + TOBN(0x155b9243, 0x68efeebc), TOBN(0xcd6d34f5, 0xc497bae6), + TOBN(0x1dd8d5d3, 0x6cceb370), TOBN(0x2aeac579, 0xa78d7bf9), + TOBN(0x5d65017d, 0x70b67a62), TOBN(0x70c8e44f, 0x17c53f67), + TOBN(0xd1fc0950, 0x86a34d09), TOBN(0xe0fca256, 0xe7134907), + TOBN(0xe24fa29c, 0x80fdd315), TOBN(0x2c4acd03, 0xd87499ad), + TOBN(0xbaaf7517, 0x3b5a9ba6), TOBN(0xb9cbe1f6, 0x12e51a51), + TOBN(0xd88edae3, 0x5e154897), TOBN(0xe4309c3c, 0x77b66ca0), + TOBN(0xf5555805, 0xf67f3746), TOBN(0x85fc37ba, 0xa36401ff), + TOBN(0xdf86e2ca, 0xd9499a53), TOBN(0x6270b2a3, 0xecbc955b), + TOBN(0xafae64f5, 0x974ad33b), TOBN(0x04d85977, 0xfe7b2df1), + TOBN(0x2a3db3ff, 0x4ab03f73), TOBN(0x0b87878a, 0x8702740a), + TOBN(0x6d263f01, 0x5a061732), TOBN(0xc25430ce, 0xa32a1901), + TOBN(0xf7ebab3d, 0xdb155018), TOBN(0x3a86f693, 0x63a9b78e), + TOBN(0x349ae368, 0xda9f3804), TOBN(0x470f07fe, 0xa164349c), + TOBN(0xd52f4cc9, 0x8562baa5), TOBN(0xc74a9e86, 0x2b290df3), + TOBN(0xd3a1aa35, 0x43471a24), TOBN(0x239446be, 0xb8194511), + TOBN(0xbec2dd00, 0x81dcd44d), TOBN(0xca3d7f0f, 0xc42ac82d), + TOBN(0x1f3db085, 0xfdaf4520), TOBN(0xbb6d3e80, 0x4549daf2), + TOBN(0xf5969d8a, 0x19ad5c42), TOBN(0x7052b13d, 0xdbfd1511), + TOBN(0x11890d1b, 0x682b9060), TOBN(0xa71d3883, 0xac34452c), + TOBN(0xa438055b, 0x783805b4), TOBN(0x43241277, 0x4725b23e), + TOBN(0xf20cf96e, 0x4901bbed), TOBN(0x6419c710, 0xf432a2bb), + TOBN(0x57a0fbb9, 0xdfa9cd7d), TOBN(0x589111e4, 0x00daa249), + TOBN(0x19809a33, 0x7b60554e), TOBN(0xea5f8887, 0xede283a4), + TOBN(0x2d713802, 0x503bfd35), TOBN(0x151bb0af, 0x585d2a53), + TOBN(0x40b08f74, 0x43b30ca8), TOBN(0xe10b5bba, 0xd9934583), + TOBN(0xe8a546d6, 0xb51110ad), TOBN(0x1dd50e66, 0x28e0b6c5), + TOBN(0x292e9d54, 0xcff2b821), TOBN(0x3882555d, 0x47281760), + TOBN(0x134838f8, 0x3724d6e3), TOBN(0xf2c679e0, 0x22ddcda1), + TOBN(0x40ee8815, 0x6d2a5768), TOBN(0x7f227bd2, 0x1c1e7e2d), + TOBN(0x487ba134, 0xd04ff443), TOBN(0x76e2ff3d, 0xc614e54b), + TOBN(0x36b88d6f, 0xa3177ec7), TOBN(0xbf731d51, 0x2328fff5), + TOBN(0x758caea2, 0x49ba158e), TOBN(0x5ab8ff4c, 0x02938188), + TOBN(0x33e16056, 0x35edc56d), TOBN(0x5a69d349, 0x7e940d79), + TOBN(0x6c4fd001, 0x03866dcb), TOBN(0x20a38f57, 0x4893cdef), + TOBN(0xfbf3e790, 0xfac3a15b), TOBN(0x6ed7ea2e, 0x7a4f8e6b), + TOBN(0xa663eb4f, 0xbc3aca86), TOBN(0x22061ea5, 0x080d53f7), + TOBN(0x2480dfe6, 0xf546783f), TOBN(0xd38bc6da, 0x5a0a641e), + TOBN(0xfb093cd1, 0x2ede8965), TOBN(0x89654db4, 0xacb455cf), + TOBN(0x413cbf9a, 0x26e1adee), TOBN(0x291f3764, 0x373294d4), + TOBN(0x00797257, 0x648083fe), TOBN(0x25f504d3, 0x208cc341), + TOBN(0x635a8e5e, 0xc3a0ee43), TOBN(0x70aaebca, 0x679898ff), + TOBN(0x9ee9f547, 0x5dc63d56), TOBN(0xce987966, 0xffb34d00), + TOBN(0xf9f86b19, 0x5e26310a), TOBN(0x9e435484, 0x382a8ca8), + TOBN(0x253bcb81, 0xc2352fe4), TOBN(0xa4eac8b0, 0x4474b571), + TOBN(0xc1b97512, 0xc1ad8cf8), TOBN(0x193b4e9e, 0x99e0b697), + TOBN(0x939d2716, 0x01e85df0), TOBN(0x4fb265b3, 0xcd44eafd), + TOBN(0x321e7dcd, 0xe51e1ae2), TOBN(0x8e3a8ca6, 0xe3d8b096), + TOBN(0x8de46cb0, 0x52604998), TOBN(0x91099ad8, 0x39072aa7), + TOBN(0x2617f91c, 0x93aa96b8), TOBN(0x0fc8716b, 0x7fca2e13), + TOBN(0xa7106f5e, 0x95328723), TOBN(0xd1c9c40b, 0x262e6522), + TOBN(0xb9bafe86, 0x42b7c094), TOBN(0x1873439d, 0x1543c021), + TOBN(0xe1baa5de, 0x5cbefd5d), TOBN(0xa363fc5e, 0x521e8aff), + TOBN(0xefe6320d, 0xf862eaac), TOBN(0x14419c63, 0x22c647dc), + TOBN(0x0e06707c, 0x4e46d428), TOBN(0xcb6c834f, 0x4a178f8f), + TOBN(0x0f993a45, 0xd30f917c), TOBN(0xd4c4b049, 0x9879afee), + TOBN(0xb6142a1e, 0x70500063), TOBN(0x7c9b41c3, 0xa5d9d605), + TOBN(0xbc00fc2f, 0x2f8ba2c7), TOBN(0x0966eb2f, 0x7c67aa28), + TOBN(0x13f7b516, 0x5a786972), TOBN(0x3bfb7557, 0x8a2fbba0), + TOBN(0x131c4f23, 0x5a2b9620), TOBN(0xbff3ed27, 0x6faf46be), + TOBN(0x9b4473d1, 0x7e172323), TOBN(0x421e8878, 0x339f6246), + TOBN(0x0fa8587a, 0x25a41632), TOBN(0xc0814124, 0xa35b6c93), + TOBN(0x2b18a9f5, 0x59ebb8db), TOBN(0x264e3357, 0x76edb29c), + TOBN(0xaf245ccd, 0xc87c51e2), TOBN(0x16b3015b, 0x501e6214), + TOBN(0xbb31c560, 0x0a3882ce), TOBN(0x6961bb94, 0xfec11e04), + TOBN(0x3b825b8d, 0xeff7a3a0), TOBN(0xbec33738, 0xb1df7326), + TOBN(0x68ad747c, 0x99604a1f), TOBN(0xd154c934, 0x9a3bd499), + TOBN(0xac33506f, 0x1cc7a906), TOBN(0x73bb5392, 0x6c560e8f), + TOBN(0x6428fcbe, 0x263e3944), TOBN(0xc11828d5, 0x1c387434), + TOBN(0x3cd04be1, 0x3e4b12ff), TOBN(0xc3aad9f9, 0x2d88667c), + TOBN(0xc52ddcf8, 0x248120cf), TOBN(0x985a892e, 0x2a389532), + TOBN(0xfbb4b21b, 0x3bb85fa0), TOBN(0xf95375e0, 0x8dfc6269), + TOBN(0xfb4fb06c, 0x7ee2acea), TOBN(0x6785426e, 0x309c4d1f), + TOBN(0x659b17c8, 0xd8ceb147), TOBN(0x9b649eee, 0xb70a5554), + TOBN(0x6b7fa0b5, 0xac6bc634), TOBN(0xd99fe2c7, 0x1d6e732f), + TOBN(0x30e6e762, 0x8d3abba2), TOBN(0x18fee6e7, 0xa797b799), + TOBN(0x5c9d360d, 0xc696464d), TOBN(0xe3baeb48, 0x27bfde12), + TOBN(0x2bf5db47, 0xf23206d5), TOBN(0x2f6d3420, 0x1d260152), + TOBN(0x17b87653, 0x3f8ff89a), TOBN(0x5157c30c, 0x378fa458), + TOBN(0x7517c5c5, 0x2d4fb936), TOBN(0xef22f7ac, 0xe6518cdc), + TOBN(0xdeb483e6, 0xbf847a64), TOBN(0xf5084558, 0x92e0fa89), + }, + { + TOBN(0xab9659d8, 0xdf7304d4), TOBN(0xb71bcf1b, 0xff210e8e), + TOBN(0xa9a2438b, 0xd73fbd60), TOBN(0x4595cd1f, 0x5d11b4de), + TOBN(0x9c0d329a, 0x4835859d), TOBN(0x4a0f0d2d, 0x7dbb6e56), + TOBN(0xc6038e5e, 0xdf928a4e), TOBN(0xc9429621, 0x8f5ad154), + TOBN(0x91213462, 0xf23f2d92), TOBN(0x6cab71bd, 0x60b94078), + TOBN(0x6bdd0a63, 0x176cde20), TOBN(0x54c9b20c, 0xee4d54bc), + TOBN(0x3cd2d8aa, 0x9f2ac02f), TOBN(0x03f8e617, 0x206eedb0), + TOBN(0xc7f68e16, 0x93086434), TOBN(0x831469c5, 0x92dd3db9), + TOBN(0x8521df24, 0x8f981354), TOBN(0x587e23ec, 0x3588a259), + TOBN(0xcbedf281, 0xd7a0992c), TOBN(0x06930a55, 0x38961407), + TOBN(0x09320deb, 0xbe5bbe21), TOBN(0xa7ffa5b5, 0x2491817f), + TOBN(0xe6c8b4d9, 0x09065160), TOBN(0xac4f3992, 0xfff6d2a9), + TOBN(0x7aa7a158, 0x3ae9c1bd), TOBN(0xe0af6d98, 0xe37ce240), + TOBN(0xe54342d9, 0x28ab38b4), TOBN(0xe8b75007, 0x0a1c98ca), + TOBN(0xefce86af, 0xe02358f2), TOBN(0x31b8b856, 0xea921228), + TOBN(0x052a1912, 0x0a1c67fc), TOBN(0xb4069ea4, 0xe3aead59), + TOBN(0x3232d6e2, 0x7fa03cb3), TOBN(0xdb938e5b, 0x0fdd7d88), + TOBN(0x04c1d2cd, 0x2ccbfc5d), TOBN(0xd2f45c12, 0xaf3a580f), + TOBN(0x592620b5, 0x7883e614), TOBN(0x5fd27e68, 0xbe7c5f26), + TOBN(0x139e45a9, 0x1567e1e3), TOBN(0x2cc71d2d, 0x44d8aaaf), + TOBN(0x4a9090cd, 0xe36d0757), TOBN(0xf722d7b1, 0xd9a29382), + TOBN(0xfb7fb04c, 0x04b48ddf), TOBN(0x628ad2a7, 0xebe16f43), + TOBN(0xcd3fbfb5, 0x20226040), TOBN(0x6c34ecb1, 0x5104b6c4), + TOBN(0x30c0754e, 0xc903c188), TOBN(0xec336b08, 0x2d23cab0), + TOBN(0x473d62a2, 0x1e206ee5), TOBN(0xf1e27480, 0x8c49a633), + TOBN(0x87ab956c, 0xe9f6b2c3), TOBN(0x61830b48, 0x62b606ea), + TOBN(0x67cd6846, 0xe78e815f), TOBN(0xfe40139f, 0x4c02082a), + TOBN(0x52bbbfcb, 0x952ec365), TOBN(0x74c11642, 0x6b9836ab), + TOBN(0x9f51439e, 0x558df019), TOBN(0x230da4ba, 0xac712b27), + TOBN(0x518919e3, 0x55185a24), TOBN(0x4dcefcdd, 0x84b78f50), + TOBN(0xa7d90fb2, 0xa47d4c5a), TOBN(0x55ac9abf, 0xb30e009e), + TOBN(0xfd2fc359, 0x74eed273), TOBN(0xb72d824c, 0xdbea8faf), + TOBN(0xce721a74, 0x4513e2ca), TOBN(0x0b418612, 0x38240b2c), + TOBN(0x05199968, 0xd5baa450), TOBN(0xeb1757ed, 0x2b0e8c25), + TOBN(0x6ebc3e28, 0x3dfac6d5), TOBN(0xb2431e2e, 0x48a237f5), + TOBN(0x2acb5e23, 0x52f61499), TOBN(0x5558a2a7, 0xe06c936b), + TOBN(0xd213f923, 0xcbb13d1b), TOBN(0x98799f42, 0x5bfb9bfe), + TOBN(0x1ae8ddc9, 0x701144a9), TOBN(0x0b8b3bb6, 0x4c5595ee), + TOBN(0x0ea9ef2e, 0x3ecebb21), TOBN(0x17cb6c4b, 0x3671f9a7), + TOBN(0x47ef464f, 0x726f1d1f), TOBN(0x171b9484, 0x6943a276), + TOBN(0x51a4ae2d, 0x7ef0329c), TOBN(0x08509222, 0x91c4402a), + TOBN(0x64a61d35, 0xafd45bbc), TOBN(0x38f096fe, 0x3035a851), + TOBN(0xc7468b74, 0xa1dec027), TOBN(0xe8cf10e7, 0x4fc7dcba), + TOBN(0xea35ff40, 0xf4a06353), TOBN(0x0b4c0dfa, 0x8b77dd66), + TOBN(0x779b8552, 0xde7e5c19), TOBN(0xfab28609, 0xc1c0256c), + TOBN(0x64f58eee, 0xabd4743d), TOBN(0x4e8ef838, 0x7b6cc93b), + TOBN(0xee650d26, 0x4cb1bf3d), TOBN(0x4c1f9d09, 0x73dedf61), + TOBN(0xaef7c9d7, 0xbfb70ced), TOBN(0x1ec0507e, 0x1641de1e), + TOBN(0xcd7e5cc7, 0xcde45079), TOBN(0xde173c9a, 0x516ac9e4), + TOBN(0x517a8494, 0xc170315c), TOBN(0x438fd905, 0x91d8e8fb), + TOBN(0x5145c506, 0xc7d9630b), TOBN(0x6457a87b, 0xf47d4d75), + TOBN(0xd31646bf, 0x0d9a80e8), TOBN(0x453add2b, 0xcef3aabe), + TOBN(0xc9941109, 0xa607419d), TOBN(0xfaa71e62, 0xbb6bca80), + TOBN(0x34158c13, 0x07c431f3), TOBN(0x594abebc, 0x992bc47a), + TOBN(0x6dfea691, 0xeb78399f), TOBN(0x48aafb35, 0x3f42cba4), + TOBN(0xedcd65af, 0x077c04f0), TOBN(0x1a29a366, 0xe884491a), + TOBN(0x023a40e5, 0x1c21f2bf), TOBN(0xf99a513c, 0xa5057aee), + TOBN(0xa3fe7e25, 0xbcab072e), TOBN(0x8568d2e1, 0x40e32bcf), + TOBN(0x904594eb, 0xd3f69d9f), TOBN(0x181a9733, 0x07affab1), + TOBN(0xe4d68d76, 0xb6e330f4), TOBN(0x87a6dafb, 0xc75a7fc1), + TOBN(0x549db2b5, 0xef7d9289), TOBN(0x2480d4a8, 0x197f015a), + TOBN(0x61d5590b, 0xc40493b6), TOBN(0x3a55b52e, 0x6f780331), + TOBN(0x40eb8115, 0x309eadb0), TOBN(0xdea7de5a, 0x92e5c625), + TOBN(0x64d631f0, 0xcc6a3d5a), TOBN(0x9d5e9d7c, 0x93e8dd61), + TOBN(0xf297bef5, 0x206d3ffc), TOBN(0x23d5e033, 0x7d808bd4), + TOBN(0x4a4f6912, 0xd24cf5ba), TOBN(0xe4d8163b, 0x09cdaa8a), + TOBN(0x0e0de9ef, 0xd3082e8e), TOBN(0x4fe1246c, 0x0192f360), + TOBN(0x1f900150, 0x4b8eee0a), TOBN(0x5219da81, 0xf1da391b), + TOBN(0x7bf6a5c1, 0xf7ea25aa), TOBN(0xd165e6bf, 0xfbb07d5f), + TOBN(0xe3539361, 0x89e78671), TOBN(0xa3fcac89, 0x2bac4219), + TOBN(0xdfab6fd4, 0xf0baa8ab), TOBN(0x5a4adac1, 0xe2c1c2e5), + TOBN(0x6cd75e31, 0x40d85849), TOBN(0xce263fea, 0x19b39181), + TOBN(0xcb6803d3, 0x07032c72), TOBN(0x7f40d5ce, 0x790968c8), + TOBN(0xa6de86bd, 0xdce978f0), TOBN(0x25547c4f, 0x368f751c), + TOBN(0xb1e685fd, 0x65fb2a9e), TOBN(0xce69336f, 0x1eb9179c), + TOBN(0xb15d1c27, 0x12504442), TOBN(0xb7df465c, 0xb911a06b), + TOBN(0xb8d804a3, 0x315980cd), TOBN(0x693bc492, 0xfa3bebf7), + TOBN(0x3578aeee, 0x2253c504), TOBN(0x158de498, 0xcd2474a2), + TOBN(0x1331f5c7, 0xcfda8368), TOBN(0xd2d7bbb3, 0x78d7177e), + TOBN(0xdf61133a, 0xf3c1e46e), TOBN(0x5836ce7d, 0xd30e7be8), + TOBN(0x83084f19, 0x94f834cb), TOBN(0xd35653d4, 0x429ed782), + TOBN(0xa542f16f, 0x59e58243), TOBN(0xc2b52f65, 0x0470a22d), + TOBN(0xe3b6221b, 0x18f23d96), TOBN(0xcb05abac, 0x3f5252b4), + TOBN(0xca00938b, 0x87d61402), TOBN(0x2f186cdd, 0x411933e4), + TOBN(0xe042ece5, 0x9a29a5c5), TOBN(0xb19b3c07, 0x3b6c8402), + TOBN(0xc97667c7, 0x19d92684), TOBN(0xb5624622, 0xebc66372), + TOBN(0x0cb96e65, 0x3c04fa02), TOBN(0x83a7176c, 0x8eaa39aa), + TOBN(0x2033561d, 0xeaa1633f), TOBN(0x45a9d086, 0x4533df73), + TOBN(0xe0542c1d, 0x3dc090bc), TOBN(0x82c996ef, 0xaa59c167), + TOBN(0xe3f735e8, 0x0ee7fc4d), TOBN(0x7b179393, 0x7c35db79), + TOBN(0xb6419e25, 0xf8c5dbfd), TOBN(0x4d9d7a1e, 0x1f327b04), + TOBN(0x979f6f9b, 0x298dfca8), TOBN(0xc7c5dff1, 0x8de9366a), + TOBN(0x1b7a588d, 0x04c82bdd), TOBN(0x68005534, 0xf8319dfd), + TOBN(0xde8a55b5, 0xd8eb9580), TOBN(0x5ea886da, 0x8d5bca81), + TOBN(0xe8530a01, 0x252a0b4d), TOBN(0x1bffb4fe, 0x35eaa0a1), + TOBN(0x2ad828b1, 0xd8e99563), TOBN(0x7de96ef5, 0x95f9cd87), + TOBN(0x4abb2d0c, 0xd77d970c), TOBN(0x03cfb933, 0xd33ef9cb), + TOBN(0xb0547c01, 0x8b211fe9), TOBN(0x2fe64809, 0xa56ed1c6), + TOBN(0xcb7d5624, 0xc2ac98cc), TOBN(0x2a1372c0, 0x1a393e33), + TOBN(0xc8d1ec1c, 0x29660521), TOBN(0xf3d31b04, 0xb37ac3e9), + TOBN(0xa29ae9df, 0x5ece6e7c), TOBN(0x0603ac8f, 0x0facfb55), + TOBN(0xcfe85b7a, 0xdda233a5), TOBN(0xe618919f, 0xbd75f0b8), + TOBN(0xf555a3d2, 0x99bf1603), TOBN(0x1f43afc9, 0xf184255a), + TOBN(0xdcdaf341, 0x319a3e02), TOBN(0xd3b117ef, 0x03903a39), + TOBN(0xe095da13, 0x65d1d131), TOBN(0x86f16367, 0xc37ad03e), + TOBN(0x5f37389e, 0x462cd8dd), TOBN(0xc103fa04, 0xd67a60e6), + TOBN(0x57c34344, 0xf4b478f0), TOBN(0xce91edd8, 0xe117c98d), + TOBN(0x001777b0, 0x231fc12e), TOBN(0x11ae47f2, 0xb207bccb), + TOBN(0xd983cf8d, 0x20f8a242), TOBN(0x7aff5b1d, 0xf22e1ad8), + TOBN(0x68fd11d0, 0x7fc4feb3), TOBN(0x5d53ae90, 0xb0f1c3e1), + TOBN(0x50fb7905, 0xec041803), TOBN(0x85e3c977, 0x14404888), + TOBN(0x0e67faed, 0xac628d8f), TOBN(0x2e865150, 0x6668532c), + TOBN(0x15acaaa4, 0x6a67a6b0), TOBN(0xf4cdee25, 0xb25cec41), + TOBN(0x49ee565a, 0xe4c6701e), TOBN(0x2a04ca66, 0xfc7d63d8), + TOBN(0xeb105018, 0xef0543fb), TOBN(0xf709a4f5, 0xd1b0d81d), + TOBN(0x5b906ee6, 0x2915d333), TOBN(0xf4a87412, 0x96f1f0ab), + TOBN(0xb6b82fa7, 0x4d82f4c2), TOBN(0x90725a60, 0x6804efb3), + TOBN(0xbc82ec46, 0xadc3425e), TOBN(0xb7b80581, 0x2787843e), + TOBN(0xdf46d91c, 0xdd1fc74c), TOBN(0xdc1c62cb, 0xe783a6c4), + TOBN(0x59d1b9f3, 0x1a04cbba), TOBN(0xd87f6f72, 0x95e40764), + TOBN(0x02b4cfc1, 0x317f4a76), TOBN(0x8d2703eb, 0x91036bce), + TOBN(0x98206cc6, 0xa5e72a56), TOBN(0x57be9ed1, 0xcf53fb0f), + TOBN(0x09374571, 0xef0b17ac), TOBN(0x74b2655e, 0xd9181b38), + TOBN(0xc8f80ea8, 0x89935d0e), TOBN(0xc0d9e942, 0x91529936), + TOBN(0x19686041, 0x1e84e0e5), TOBN(0xa5db84d3, 0xaea34c93), + TOBN(0xf9d5bb19, 0x7073a732), TOBN(0xb8d2fe56, 0x6bcfd7c0), + TOBN(0x45775f36, 0xf3eb82fa), TOBN(0x8cb20ccc, 0xfdff8b58), + TOBN(0x1659b65f, 0x8374c110), TOBN(0xb8b4a422, 0x330c789a), + TOBN(0x75e3c3ea, 0x6fe8208b), TOBN(0xbd74b9e4, 0x286e78fe), + TOBN(0x0be2e81b, 0xd7d93a1a), TOBN(0x7ed06e27, 0xdd0a5aae), + TOBN(0x721f5a58, 0x6be8b800), TOBN(0x428299d1, 0xd846db28), + TOBN(0x95cb8e6b, 0x5be88ed3), TOBN(0xc3186b23, 0x1c034e11), + TOBN(0xa6312c9e, 0x8977d99b), TOBN(0xbe944331, 0x83f531e7), + TOBN(0x8232c0c2, 0x18d3b1d4), TOBN(0x617aae8b, 0xe1247b73), + TOBN(0x40153fc4, 0x282aec3b), TOBN(0xc6063d2f, 0xf7b8f823), + TOBN(0x68f10e58, 0x3304f94c), TOBN(0x31efae74, 0xee676346), + TOBN(0xbadb6c6d, 0x40a9b97c), TOBN(0x14702c63, 0x4f666256), + TOBN(0xdeb954f1, 0x5184b2e3), TOBN(0x5184a526, 0x94b6ca40), + TOBN(0xfff05337, 0x003c32ea), TOBN(0x5aa374dd, 0x205974c7), + TOBN(0x9a763854, 0x4b0dd71a), TOBN(0x459cd27f, 0xdeb947ec), + TOBN(0xa6e28161, 0x459c2b92), TOBN(0x2f020fa8, 0x75ee8ef5), + TOBN(0xb132ec2d, 0x30b06310), TOBN(0xc3e15899, 0xbc6a4530), + TOBN(0xdc5f53fe, 0xaa3f451a), TOBN(0x3a3c7f23, 0xc2d9acac), + TOBN(0x2ec2f892, 0x6b27e58b), TOBN(0x68466ee7, 0xd742799f), + TOBN(0x98324dd4, 0x1fa26613), TOBN(0xa2dc6dab, 0xbdc29d63), + TOBN(0xf9675faa, 0xd712d657), TOBN(0x813994be, 0x21fd8d15), + TOBN(0x5ccbb722, 0xfd4f7553), TOBN(0x5135ff8b, 0xf3a36b20), + TOBN(0x44be28af, 0x69559df5), TOBN(0x40b65bed, 0x9d41bf30), + TOBN(0xd98bf2a4, 0x3734e520), TOBN(0x5e3abbe3, 0x209bdcba), + TOBN(0x77c76553, 0xbc945b35), TOBN(0x5331c093, 0xc6ef14aa), + TOBN(0x518ffe29, 0x76b60c80), TOBN(0x2285593b, 0x7ace16f8), + TOBN(0xab1f64cc, 0xbe2b9784), TOBN(0xe8f2c0d9, 0xab2421b6), + TOBN(0x617d7174, 0xc1df065c), TOBN(0xafeeb5ab, 0x5f6578fa), + TOBN(0x16ff1329, 0x263b54a8), TOBN(0x45c55808, 0xc990dce3), + TOBN(0x42eab6c0, 0xecc8c177), TOBN(0x799ea9b5, 0x5982ecaa), + TOBN(0xf65da244, 0xb607ef8e), TOBN(0x8ab226ce, 0x32a3fc2c), + TOBN(0x745741e5, 0x7ea973dc), TOBN(0x5c00ca70, 0x20888f2e), + TOBN(0x7cdce3cf, 0x45fd9cf1), TOBN(0x8a741ef1, 0x5507f872), + TOBN(0x47c51c2f, 0x196b4cec), TOBN(0x70d08e43, 0xc97ea618), + TOBN(0x930da15c, 0x15b18a2b), TOBN(0x33b6c678, 0x2f610514), + TOBN(0xc662e4f8, 0x07ac9794), TOBN(0x1eccf050, 0xba06cb79), + TOBN(0x1ff08623, 0xe7d954e5), TOBN(0x6ef2c5fb, 0x24cf71c3), + TOBN(0xb2c063d2, 0x67978453), TOBN(0xa0cf3796, 0x1d654af8), + TOBN(0x7cb242ea, 0x7ebdaa37), TOBN(0x206e0b10, 0xb86747e0), + TOBN(0x481dae5f, 0xd5ecfefc), TOBN(0x07084fd8, 0xc2bff8fc), + TOBN(0x8040a01a, 0xea324596), TOBN(0x4c646980, 0xd4de4036), + TOBN(0x9eb8ab4e, 0xd65abfc3), TOBN(0xe01cb91f, 0x13541ec7), + TOBN(0x8f029adb, 0xfd695012), TOBN(0x9ae28483, 0x3c7569ec), + TOBN(0xa5614c9e, 0xa66d80a1), TOBN(0x680a3e44, 0x75f5f911), + TOBN(0x0c07b14d, 0xceba4fc1), TOBN(0x891c285b, 0xa13071c1), + TOBN(0xcac67ceb, 0x799ece3c), TOBN(0x29b910a9, 0x41e07e27), + TOBN(0x66bdb409, 0xf2e43123), TOBN(0x06f8b137, 0x7ac9ecbe), + TOBN(0x5981fafd, 0x38547090), TOBN(0x19ab8b9f, 0x85e3415d), + TOBN(0xfc28c194, 0xc7e31b27), TOBN(0x843be0aa, 0x6fbcbb42), + TOBN(0xf3b1ed43, 0xa6db836c), TOBN(0x2a1330e4, 0x01a45c05), + TOBN(0x4f19f3c5, 0x95c1a377), TOBN(0xa85f39d0, 0x44b5ee33), + TOBN(0x3da18e6d, 0x4ae52834), TOBN(0x5a403b39, 0x7423dcb0), + TOBN(0xbb555e0a, 0xf2374aef), TOBN(0x2ad599c4, 0x1e8ca111), + TOBN(0x1b3a2fb9, 0x014b3bf8), TOBN(0x73092684, 0xf66d5007), + TOBN(0x079f1426, 0xc4340102), TOBN(0x1827cf81, 0x8fddf4de), + TOBN(0xc83605f6, 0xf10ff927), TOBN(0xd3871451, 0x23739fc6), + TOBN(0x6d163450, 0xcac1c2cc), TOBN(0x6b521296, 0xa2ec1ac5), + TOBN(0x0606c4f9, 0x6e3cb4a5), TOBN(0xe47d3f41, 0x778abff7), + TOBN(0x425a8d5e, 0xbe8e3a45), TOBN(0x53ea9e97, 0xa6102160), + TOBN(0x477a106e, 0x39cbb688), TOBN(0x532401d2, 0xf3386d32), + TOBN(0x8e564f64, 0xb1b9b421), TOBN(0xca9b8388, 0x81dad33f), + TOBN(0xb1422b4e, 0x2093913e), TOBN(0x533d2f92, 0x69bc8112), + TOBN(0x3fa017be, 0xebe7b2c7), TOBN(0xb2767c4a, 0xcaf197c6), + TOBN(0xc925ff87, 0xaedbae9f), TOBN(0x7daf0eb9, 0x36880a54), + TOBN(0x9284ddf5, 0x9c4d0e71), TOBN(0x1581cf93, 0x316f8cf5), + TOBN(0x3eeca887, 0x3ac1f452), TOBN(0xb417fce9, 0xfb6aeffe), + TOBN(0xa5918046, 0xeefb8dc3), TOBN(0x73d318ac, 0x02209400), + TOBN(0xe800400f, 0x728693e5), TOBN(0xe87d814b, 0x339927ed), + TOBN(0x93e94d3b, 0x57ea9910), TOBN(0xff8a35b6, 0x2245fb69), + TOBN(0x043853d7, 0x7f200d34), TOBN(0x470f1e68, 0x0f653ce1), + TOBN(0x81ac05bd, 0x59a06379), TOBN(0xa14052c2, 0x03930c29), + TOBN(0x6b72fab5, 0x26bc2797), TOBN(0x13670d16, 0x99f16771), + TOBN(0x00170052, 0x1e3e48d1), TOBN(0x978fe401, 0xb7adf678), + TOBN(0x55ecfb92, 0xd41c5dd4), TOBN(0x5ff8e247, 0xc7b27da5), + TOBN(0xe7518272, 0x013fb606), TOBN(0x5768d7e5, 0x2f547a3c), + TOBN(0xbb24eaa3, 0x60017a5f), TOBN(0x6b18e6e4, 0x9c64ce9b), + TOBN(0xc225c655, 0x103dde07), TOBN(0xfc3672ae, 0x7592f7ea), + TOBN(0x9606ad77, 0xd06283a1), TOBN(0x542fc650, 0xe4d59d99), + TOBN(0xabb57c49, 0x2a40e7c2), TOBN(0xac948f13, 0xa8db9f55), + TOBN(0x6d4c9682, 0xb04465c3), TOBN(0xe3d062fa, 0x6468bd15), + TOBN(0xa51729ac, 0x5f318d7e), TOBN(0x1fc87df6, 0x9eb6fc95), + TOBN(0x63d146a8, 0x0591f652), TOBN(0xa861b8f7, 0x589621aa), + TOBN(0x59f5f15a, 0xce31348c), TOBN(0x8f663391, 0x440da6da), + TOBN(0xcfa778ac, 0xb591ffa3), TOBN(0x027ca9c5, 0x4cdfebce), + TOBN(0xbe8e05a5, 0x444ea6b3), TOBN(0x8aab4e69, 0xa78d8254), + TOBN(0x2437f04f, 0xb474d6b8), TOBN(0x6597ffd4, 0x045b3855), + TOBN(0xbb0aea4e, 0xca47ecaa), TOBN(0x568aae83, 0x85c7ebfc), + TOBN(0x0e966e64, 0xc73b2383), TOBN(0x49eb3447, 0xd17d8762), + TOBN(0xde107821, 0x8da05dab), TOBN(0x443d8baa, 0x016b7236), + TOBN(0x163b63a5, 0xea7610d6), TOBN(0xe47e4185, 0xce1ca979), + TOBN(0xae648b65, 0x80baa132), TOBN(0xebf53de2, 0x0e0d5b64), + TOBN(0x8d3bfcb4, 0xd3c8c1ca), TOBN(0x0d914ef3, 0x5d04b309), + TOBN(0x55ef6415, 0x3de7d395), TOBN(0xbde1666f, 0x26b850e8), + TOBN(0xdbe1ca6e, 0xd449ab19), TOBN(0x8902b322, 0xe89a2672), + TOBN(0xb1674b7e, 0xdacb7a53), TOBN(0x8e9faf6e, 0xf52523ff), + TOBN(0x6ba535da, 0x9a85788b), TOBN(0xd21f03ae, 0xbd0626d4), + TOBN(0x099f8c47, 0xe873dc64), TOBN(0xcda8564d, 0x018ec97e), + TOBN(0x3e8d7a5c, 0xde92c68c), TOBN(0x78e035a1, 0x73323cc4), + TOBN(0x3ef26275, 0xf880ff7c), TOBN(0xa4ee3dff, 0x273eedaa), + TOBN(0x58823507, 0xaf4e18f8), TOBN(0x967ec9b5, 0x0672f328), + TOBN(0x9ded19d9, 0x559d3186), TOBN(0x5e2ab3de, 0x6cdce39c), + TOBN(0xabad6e4d, 0x11c226df), TOBN(0xf9783f43, 0x87723014), + TOBN(0x9a49a0cf, 0x1a885719), TOBN(0xfc0c1a5a, 0x90da9dbf), + TOBN(0x8bbaec49, 0x571d92ac), TOBN(0x569e85fe, 0x4692517f), + TOBN(0x8333b014, 0xa14ea4af), TOBN(0x32f2a62f, 0x12e5c5ad), + TOBN(0x98c2ce3a, 0x06d89b85), TOBN(0xb90741aa, 0x2ff77a08), + TOBN(0x2530defc, 0x01f795a2), TOBN(0xd6e5ba0b, 0x84b3c199), + TOBN(0x7d8e8451, 0x12e4c936), TOBN(0xae419f7d, 0xbd0be17b), + TOBN(0xa583fc8c, 0x22262bc9), TOBN(0x6b842ac7, 0x91bfe2bd), + TOBN(0x33cef4e9, 0x440d6827), TOBN(0x5f69f4de, 0xef81fb14), + TOBN(0xf16cf6f6, 0x234fbb92), TOBN(0x76ae3fc3, 0xd9e7e158), + TOBN(0x4e89f6c2, 0xe9740b33), TOBN(0x677bc85d, 0x4962d6a1), + TOBN(0x6c6d8a7f, 0x68d10d15), TOBN(0x5f9a7224, 0x0257b1cd), + TOBN(0x7096b916, 0x4ad85961), TOBN(0x5f8c47f7, 0xe657ab4a), + TOBN(0xde57d7d0, 0xf7461d7e), TOBN(0x7eb6094d, 0x80ce5ee2), + TOBN(0x0b1e1dfd, 0x34190547), TOBN(0x8a394f43, 0xf05dd150), + TOBN(0x0a9eb24d, 0x97df44e6), TOBN(0x78ca06bf, 0x87675719), + TOBN(0x6f0b3462, 0x6ffeec22), TOBN(0x9d91bcea, 0x36cdd8fb), + TOBN(0xac83363c, 0xa105be47), TOBN(0x81ba76c1, 0x069710e3), + TOBN(0x3d1b24cb, 0x28c682c6), TOBN(0x27f25228, 0x8612575b), + TOBN(0xb587c779, 0xe8e66e98), TOBN(0x7b0c03e9, 0x405eb1fe), + TOBN(0xfdf0d030, 0x15b548e7), TOBN(0xa8be76e0, 0x38b36af7), + TOBN(0x4cdab04a, 0x4f310c40), TOBN(0x6287223e, 0xf47ecaec), + TOBN(0x678e6055, 0x8b399320), TOBN(0x61fe3fa6, 0xc01e4646), + TOBN(0xc482866b, 0x03261a5e), TOBN(0xdfcf45b8, 0x5c2f244a), + TOBN(0x8fab9a51, 0x2f684b43), TOBN(0xf796c654, 0xc7220a66), + TOBN(0x1d90707e, 0xf5afa58f), TOBN(0x2c421d97, 0x4fdbe0de), + TOBN(0xc4f4cda3, 0xaf2ebc2f), TOBN(0xa0af843d, 0xcb4efe24), + TOBN(0x53b857c1, 0x9ccd10b1), TOBN(0xddc9d1eb, 0x914d3e04), + TOBN(0x7bdec8bb, 0x62771deb), TOBN(0x829277aa, 0x91c5aa81), + TOBN(0x7af18dd6, 0x832391ae), TOBN(0x1740f316, 0xc71a84ca), + }, + { + TOBN(0x8928e99a, 0xeeaf8c49), TOBN(0xee7aa73d, 0x6e24d728), + TOBN(0x4c5007c2, 0xe72b156c), TOBN(0x5fcf57c5, 0xed408a1d), + TOBN(0x9f719e39, 0xb6057604), TOBN(0x7d343c01, 0xc2868bbf), + TOBN(0x2cca254b, 0x7e103e2d), TOBN(0xe6eb38a9, 0xf131bea2), + TOBN(0xb33e624f, 0x8be762b4), TOBN(0x2a9ee4d1, 0x058e3413), + TOBN(0x968e6369, 0x67d805fa), TOBN(0x9848949b, 0x7db8bfd7), + TOBN(0x5308d7e5, 0xd23a8417), TOBN(0x892f3b1d, 0xf3e29da5), + TOBN(0xc95c139e, 0x3dee471f), TOBN(0x8631594d, 0xd757e089), + TOBN(0xe0c82a3c, 0xde918dcc), TOBN(0x2e7b5994, 0x26fdcf4b), + TOBN(0x82c50249, 0x32cb1b2d), TOBN(0xea613a9d, 0x7657ae07), + TOBN(0xc2eb5f6c, 0xf1fdc9f7), TOBN(0xb6eae8b8, 0x879fe682), + TOBN(0x253dfee0, 0x591cbc7f), TOBN(0x000da713, 0x3e1290e6), + TOBN(0x1083e2ea, 0x1f095615), TOBN(0x0a28ad77, 0x14e68c33), + TOBN(0x6bfc0252, 0x3d8818be), TOBN(0xb585113a, 0xf35850cd), + TOBN(0x7d935f0b, 0x30df8aa1), TOBN(0xaddda07c, 0x4ab7e3ac), + TOBN(0x92c34299, 0x552f00cb), TOBN(0xc33ed1de, 0x2909df6c), + TOBN(0x22c2195d, 0x80e87766), TOBN(0x9e99e6d8, 0x9ddf4ac0), + TOBN(0x09642e4e, 0x65e74934), TOBN(0x2610ffa2, 0xff1ff241), + TOBN(0x4d1d47d4, 0x751c8159), TOBN(0x697b4985, 0xaf3a9363), + TOBN(0x0318ca46, 0x87477c33), TOBN(0xa90cb565, 0x9441eff3), + TOBN(0x58bb3848, 0x36f024cb), TOBN(0x85be1f77, 0x36016168), + TOBN(0x6c59587c, 0xdc7e07f1), TOBN(0x191be071, 0xaf1d8f02), + TOBN(0xbf169fa5, 0xcca5e55c), TOBN(0x3864ba3c, 0xf7d04eac), + TOBN(0x915e367f, 0x8d7d05db), TOBN(0xb48a876d, 0xa6549e5d), + TOBN(0xef89c656, 0x580e40a2), TOBN(0xf194ed8c, 0x728068bc), + TOBN(0x74528045, 0xa47990c9), TOBN(0xf53fc7d7, 0x5e1a4649), + TOBN(0xbec5ae9b, 0x78593e7d), TOBN(0x2cac4ee3, 0x41db65d7), + TOBN(0xa8c1eb24, 0x04a3d39b), TOBN(0x53b7d634, 0x03f8f3ef), + TOBN(0x2dc40d48, 0x3e07113c), TOBN(0x6e4a5d39, 0x7d8b63ae), + TOBN(0x5582a94b, 0x79684c2b), TOBN(0x932b33d4, 0x622da26c), + TOBN(0xf534f651, 0x0dbbf08d), TOBN(0x211d07c9, 0x64c23a52), + TOBN(0x0eeece0f, 0xee5bdc9b), TOBN(0xdf178168, 0xf7015558), + TOBN(0xd4294635, 0x0a712229), TOBN(0x93cbe448, 0x09273f8c), + TOBN(0x00b095ef, 0x8f13bc83), TOBN(0xbb741972, 0x8798978c), + TOBN(0x9d7309a2, 0x56dbe6e7), TOBN(0xe578ec56, 0x5a5d39ec), + TOBN(0x3961151b, 0x851f9a31), TOBN(0x2da7715d, 0xe5709eb4), + TOBN(0x867f3017, 0x53dfabf0), TOBN(0x728d2078, 0xb8e39259), + TOBN(0x5c75a0cd, 0x815d9958), TOBN(0xf84867a6, 0x16603be1), + TOBN(0xc865b13d, 0x70e35b1c), TOBN(0x02414468, 0x19b03e2c), + TOBN(0xe46041da, 0xac1f3121), TOBN(0x7c9017ad, 0x6f028a7c), + TOBN(0xabc96de9, 0x0a482873), TOBN(0x4265d6b1, 0xb77e54d4), + TOBN(0x68c38e79, 0xa57d88e7), TOBN(0xd461d766, 0x9ce82de3), + TOBN(0x817a9ec5, 0x64a7e489), TOBN(0xcc5675cd, 0xa0def5f2), + TOBN(0x9a00e785, 0x985d494e), TOBN(0xc626833f, 0x1b03514a), + TOBN(0xabe7905a, 0x83cdd60e), TOBN(0x50602fb5, 0xa1170184), + TOBN(0x689886cd, 0xb023642a), TOBN(0xd568d090, 0xa6e1fb00), + TOBN(0x5b1922c7, 0x0259217f), TOBN(0x93831cd9, 0xc43141e4), + TOBN(0xdfca3587, 0x0c95f86e), TOBN(0xdec2057a, 0x568ae828), + TOBN(0xc44ea599, 0xf98a759a), TOBN(0x55a0a7a2, 0xf7c23c1d), + TOBN(0xd5ffb6e6, 0x94c4f687), TOBN(0x3563cce2, 0x12848478), + TOBN(0x812b3517, 0xe7b1fbe1), TOBN(0x8a7dc979, 0x4f7338e0), + TOBN(0x211ecee9, 0x52d048db), TOBN(0x2eea4056, 0xc86ea3b8), + TOBN(0xd8cb68a7, 0xba772b34), TOBN(0xe16ed341, 0x5f4e2541), + TOBN(0x9b32f6a6, 0x0fec14db), TOBN(0xeee376f7, 0x391698be), + TOBN(0xe9a7aa17, 0x83674c02), TOBN(0x65832f97, 0x5843022a), + TOBN(0x29f3a8da, 0x5ba4990f), TOBN(0x79a59c3a, 0xfb8e3216), + TOBN(0x9cdc4d2e, 0xbd19bb16), TOBN(0xc6c7cfd0, 0xb3262d86), + TOBN(0xd4ce14d0, 0x969c0b47), TOBN(0x1fa352b7, 0x13e56128), + TOBN(0x383d55b8, 0x973db6d3), TOBN(0x71836850, 0xe8e5b7bf), + TOBN(0xc7714596, 0xe6bb571f), TOBN(0x259df31f, 0x2d5b2dd2), + TOBN(0x568f8925, 0x913cc16d), TOBN(0x18bc5b6d, 0xe1a26f5a), + TOBN(0xdfa413be, 0xf5f499ae), TOBN(0xf8835dec, 0xc3f0ae84), + TOBN(0xb6e60bd8, 0x65a40ab0), TOBN(0x65596439, 0x194b377e), + TOBN(0xbcd85625, 0x92084a69), TOBN(0x5ce433b9, 0x4f23ede0), + TOBN(0xe8e8f04f, 0x6ad65143), TOBN(0x11511827, 0xd6e14af6), + TOBN(0x3d390a10, 0x8295c0c7), TOBN(0x71e29ee4, 0x621eba16), + TOBN(0xa588fc09, 0x63717b46), TOBN(0x02be02fe, 0xe06ad4a2), + TOBN(0x931558c6, 0x04c22b22), TOBN(0xbb4d4bd6, 0x12f3c849), + TOBN(0x54a4f496, 0x20efd662), TOBN(0x92ba6d20, 0xc5952d14), + TOBN(0x2db8ea1e, 0xcc9784c2), TOBN(0x81cc10ca, 0x4b353644), + TOBN(0x40b570ad, 0x4b4d7f6c), TOBN(0x5c9f1d96, 0x84a1dcd2), + TOBN(0x01379f81, 0x3147e797), TOBN(0xe5c6097b, 0x2bd499f5), + TOBN(0x40dcafa6, 0x328e5e20), TOBN(0xf7b5244a, 0x54815550), + TOBN(0xb9a4f118, 0x47bfc978), TOBN(0x0ea0e79f, 0xd25825b1), + TOBN(0xa50f96eb, 0x646c7ecf), TOBN(0xeb811493, 0x446dea9d), + TOBN(0x2af04677, 0xdfabcf69), TOBN(0xbe3a068f, 0xc713f6e8), + TOBN(0x860d523d, 0x42e06189), TOBN(0xbf077941, 0x4e3aff13), + TOBN(0x0b616dca, 0xc1b20650), TOBN(0xe66dd6d1, 0x2131300d), + TOBN(0xd4a0fd67, 0xff99abde), TOBN(0xc9903550, 0xc7aac50d), + TOBN(0x022ecf8b, 0x7c46b2d7), TOBN(0x3333b1e8, 0x3abf92af), + TOBN(0x11cc113c, 0x6c491c14), TOBN(0x05976688, 0x80dd3f88), + TOBN(0xf5b4d9e7, 0x29d932ed), TOBN(0xe982aad8, 0xa2c38b6d), + TOBN(0x6f925347, 0x8be0dcf0), TOBN(0x700080ae, 0x65ca53f2), + TOBN(0xd8131156, 0x443ca77f), TOBN(0xe92d6942, 0xec51f984), + TOBN(0xd2a08af8, 0x85dfe9ae), TOBN(0xd825d9a5, 0x4d2a86ca), + TOBN(0x2c53988d, 0x39dff020), TOBN(0xf38b135a, 0x430cdc40), + TOBN(0x0c918ae0, 0x62a7150b), TOBN(0xf31fd8de, 0x0c340e9b), + TOBN(0xafa0e7ae, 0x4dbbf02e), TOBN(0x5847fb2a, 0x5eba6239), + TOBN(0x6b1647dc, 0xdccbac8b), TOBN(0xb642aa78, 0x06f485c8), + TOBN(0x873f3765, 0x7038ecdf), TOBN(0x2ce5e865, 0xfa49d3fe), + TOBN(0xea223788, 0xc98c4400), TOBN(0x8104a8cd, 0xf1fa5279), + TOBN(0xbcf7cc7a, 0x06becfd7), TOBN(0x49424316, 0xc8f974ae), + TOBN(0xc0da65e7, 0x84d6365d), TOBN(0xbcb7443f, 0x8f759fb8), + TOBN(0x35c712b1, 0x7ae81930), TOBN(0x80428dff, 0x4c6e08ab), + TOBN(0xf19dafef, 0xa4faf843), TOBN(0xced8538d, 0xffa9855f), + TOBN(0x20ac409c, 0xbe3ac7ce), TOBN(0x358c1fb6, 0x882da71e), + TOBN(0xafa9c0e5, 0xfd349961), TOBN(0x2b2cfa51, 0x8421c2fc), + TOBN(0x2a80db17, 0xf3a28d38), TOBN(0xa8aba539, 0x5d138e7e), + TOBN(0x52012d1d, 0x6e96eb8d), TOBN(0x65d8dea0, 0xcbaf9622), + TOBN(0x57735447, 0xb264f56c), TOBN(0xbeebef3f, 0x1b6c8da2), + TOBN(0xfc346d98, 0xce785254), TOBN(0xd50e8d72, 0xbb64a161), + TOBN(0xc03567c7, 0x49794add), TOBN(0x15a76065, 0x752c7ef6), + TOBN(0x59f3a222, 0x961f23d6), TOBN(0x378e4438, 0x73ecc0b0), + TOBN(0xc74be434, 0x5a82fde4), TOBN(0xae509af2, 0xd8b9cf34), + TOBN(0x4a61ee46, 0x577f44a1), TOBN(0xe09b748c, 0xb611deeb), + TOBN(0xc0481b2c, 0xf5f7b884), TOBN(0x35626678, 0x61acfa6b), + TOBN(0x37f4c518, 0xbf8d21e6), TOBN(0x22d96531, 0xb205a76d), + TOBN(0x37fb85e1, 0x954073c0), TOBN(0xbceafe4f, 0x65b3a567), + TOBN(0xefecdef7, 0xbe42a582), TOBN(0xd3fc6080, 0x65046be6), + TOBN(0xc9af13c8, 0x09e8dba9), TOBN(0x1e6c9847, 0x641491ff), + TOBN(0x3b574925, 0xd30c31f7), TOBN(0xb7eb72ba, 0xac2a2122), + TOBN(0x776a0dac, 0xef0859e7), TOBN(0x06fec314, 0x21900942), + TOBN(0x2464bc10, 0xf8c22049), TOBN(0x9bfbcce7, 0x875ebf69), + TOBN(0xd7a88e2a, 0x4336326b), TOBN(0xda05261c, 0x5bc2acfa), + TOBN(0xc29f5bdc, 0xeba7efc8), TOBN(0x471237ca, 0x25dbbf2e), + TOBN(0xa72773f2, 0x2975f127), TOBN(0xdc744e8e, 0x04d0b326), + TOBN(0x38a7ed16, 0xa56edb73), TOBN(0x64357e37, 0x2c007e70), + TOBN(0xa167d15b, 0x5080b400), TOBN(0x07b41164, 0x23de4be1), + TOBN(0xb2d91e32, 0x74c89883), TOBN(0x3c162821, 0x2882e7ed), + TOBN(0xad6b36ba, 0x7503e482), TOBN(0x48434e8e, 0x0ea34331), + TOBN(0x79f4f24f, 0x2c7ae0b9), TOBN(0xc46fbf81, 0x1939b44a), + TOBN(0x76fefae8, 0x56595eb1), TOBN(0x417b66ab, 0xcd5f29c7), + TOBN(0x5f2332b2, 0xc5ceec20), TOBN(0xd69661ff, 0xe1a1cae2), + TOBN(0x5ede7e52, 0x9b0286e6), TOBN(0x9d062529, 0xe276b993), + TOBN(0x324794b0, 0x7e50122b), TOBN(0xdd744f8b, 0x4af07ca5), + TOBN(0x30a12f08, 0xd63fc97b), TOBN(0x39650f1a, 0x76626d9d), + TOBN(0x101b47f7, 0x1fa38477), TOBN(0x3d815f19, 0xd4dc124f), + TOBN(0x1569ae95, 0xb26eb58a), TOBN(0xc3cde188, 0x95fb1887), + TOBN(0x54e9f37b, 0xf9539a48), TOBN(0xb0100e06, 0x7408c1a5), + TOBN(0x821d9811, 0xea580cbb), TOBN(0x8af52d35, 0x86e50c56), + TOBN(0xdfbd9d47, 0xdbbf698b), TOBN(0x2961a1ea, 0x03dc1c73), + TOBN(0x203d38f8, 0xe76a5df8), TOBN(0x08a53a68, 0x6def707a), + TOBN(0x26eefb48, 0x1bee45d4), TOBN(0xb3cee346, 0x3c688036), + TOBN(0x463c5315, 0xc42f2469), TOBN(0x19d84d2e, 0x81378162), + TOBN(0x22d7c3c5, 0x1c4d349f), TOBN(0x65965844, 0x163d59c5), + TOBN(0xcf198c56, 0xb8abceae), TOBN(0x6fb1fb1b, 0x628559d5), + TOBN(0x8bbffd06, 0x07bf8fe3), TOBN(0x46259c58, 0x3467734b), + TOBN(0xd8953cea, 0x35f7f0d3), TOBN(0x1f0bece2, 0xd65b0ff1), + TOBN(0xf7d5b4b3, 0xf3c72914), TOBN(0x29e8ea95, 0x3cb53389), + TOBN(0x4a365626, 0x836b6d46), TOBN(0xe849f910, 0xea174fde), + TOBN(0x7ec62fbb, 0xf4737f21), TOBN(0xd8dba5ab, 0x6209f5ac), + TOBN(0x24b5d7a9, 0xa5f9adbe), TOBN(0x707d28f7, 0xa61dc768), + TOBN(0x7711460b, 0xcaa999ea), TOBN(0xba7b174d, 0x1c92e4cc), + TOBN(0x3c4bab66, 0x18d4bf2d), TOBN(0xb8f0c980, 0xeb8bd279), + TOBN(0x024bea9a, 0x324b4737), TOBN(0xfba9e423, 0x32a83bca), + TOBN(0x6e635643, 0xa232dced), TOBN(0x99619367, 0x2571c8ba), + TOBN(0xe8c9f357, 0x54b7032b), TOBN(0xf936b3ba, 0x2442d54a), + TOBN(0x2263f0f0, 0x8290c65a), TOBN(0x48989780, 0xee2c7fdb), + TOBN(0xadc5d55a, 0x13d4f95e), TOBN(0x737cff85, 0xad9b8500), + TOBN(0x271c557b, 0x8a73f43d), TOBN(0xbed617a4, 0xe18bc476), + TOBN(0x66245401, 0x7dfd8ab2), TOBN(0xae7b89ae, 0x3a2870aa), + TOBN(0x1b555f53, 0x23a7e545), TOBN(0x6791e247, 0xbe057e4c), + TOBN(0x860136ad, 0x324fa34d), TOBN(0xea111447, 0x4cbeae28), + TOBN(0x023a4270, 0xbedd3299), TOBN(0x3d5c3a7f, 0xc1c35c34), + TOBN(0xb0f6db67, 0x8d0412d2), TOBN(0xd92625e2, 0xfcdc6b9a), + TOBN(0x92ae5ccc, 0x4e28a982), TOBN(0xea251c36, 0x47a3ce7e), + TOBN(0x9d658932, 0x790691bf), TOBN(0xed610589, 0x06b736ae), + TOBN(0x712c2f04, 0xc0d63b6e), TOBN(0x5cf06fd5, 0xc63d488f), + TOBN(0x97363fac, 0xd9588e41), TOBN(0x1f9bf762, 0x2b93257e), + TOBN(0xa9d1ffc4, 0x667acace), TOBN(0x1cf4a1aa, 0x0a061ecf), + TOBN(0x40e48a49, 0xdc1818d0), TOBN(0x0643ff39, 0xa3621ab0), + TOBN(0x5768640c, 0xe39ef639), TOBN(0x1fc099ea, 0x04d86854), + TOBN(0x9130b9c3, 0xeccd28fd), TOBN(0xd743cbd2, 0x7eec54ab), + TOBN(0x052b146f, 0xe5b475b6), TOBN(0x058d9a82, 0x900a7d1f), + TOBN(0x65e02292, 0x91262b72), TOBN(0x96f924f9, 0xbb0edf03), + TOBN(0x5cfa59c8, 0xfe206842), TOBN(0xf6037004, 0x5eafa720), + TOBN(0x5f30699e, 0x18d7dd96), TOBN(0x381e8782, 0xcbab2495), + TOBN(0x91669b46, 0xdd8be949), TOBN(0xb40606f5, 0x26aae8ef), + TOBN(0x2812b839, 0xfc6751a4), TOBN(0x16196214, 0xfba800ef), + TOBN(0x4398d5ca, 0x4c1a2875), TOBN(0x720c00ee, 0x653d8349), + TOBN(0xc2699eb0, 0xd820007c), TOBN(0x880ee660, 0xa39b5825), + TOBN(0x70694694, 0x471f6984), TOBN(0xf7d16ea8, 0xe3dda99a), + TOBN(0x28d675b2, 0xc0519a23), TOBN(0x9ebf94fe, 0x4f6952e3), + TOBN(0xf28bb767, 0xa2294a8a), TOBN(0x85512b4d, 0xfe0af3f5), + TOBN(0x18958ba8, 0x99b16a0d), TOBN(0x95c2430c, 0xba7548a7), + TOBN(0xb30d1b10, 0xa16be615), TOBN(0xe3ebbb97, 0x85bfb74c), + TOBN(0xa3273cfe, 0x18549fdb), TOBN(0xf6e200bf, 0x4fcdb792), + TOBN(0x54a76e18, 0x83aba56c), TOBN(0x73ec66f6, 0x89ef6aa2), + TOBN(0x8d17add7, 0xd1b9a305), TOBN(0xa959c5b9, 0xb7ae1b9d), + TOBN(0x88643522, 0x6bcc094a), TOBN(0xcc5616c4, 0xd7d429b9), + TOBN(0xa6dada01, 0xe6a33f7c), TOBN(0xc6217a07, 0x9d4e70ad), + TOBN(0xd619a818, 0x09c15b7c), TOBN(0xea06b329, 0x0e80c854), + TOBN(0x174811ce, 0xa5f5e7b9), TOBN(0x66dfc310, 0x787c65f4), + TOBN(0x4ea7bd69, 0x3316ab54), TOBN(0xc12c4acb, 0x1dcc0f70), + TOBN(0xe4308d1a, 0x1e407dd9), TOBN(0xe8a3587c, 0x91afa997), + TOBN(0xea296c12, 0xab77b7a5), TOBN(0xb5ad49e4, 0x673c0d52), + TOBN(0x40f9b2b2, 0x7006085a), TOBN(0xa88ff340, 0x87bf6ec2), + TOBN(0x978603b1, 0x4e3066a6), TOBN(0xb3f99fc2, 0xb5e486e2), + TOBN(0x07b53f5e, 0xb2e63645), TOBN(0xbe57e547, 0x84c84232), + TOBN(0xd779c216, 0x7214d5cf), TOBN(0x617969cd, 0x029a3aca), + TOBN(0xd17668cd, 0x8a7017a0), TOBN(0x77b4d19a, 0xbe9b7ee8), + TOBN(0x58fd0e93, 0x9c161776), TOBN(0xa8c4f4ef, 0xd5968a72), + TOBN(0x296071cc, 0x67b3de77), TOBN(0xae3c0b8e, 0x634f7905), + TOBN(0x67e440c2, 0x8a7100c9), TOBN(0xbb8c3c1b, 0xeb4b9b42), + TOBN(0x6d71e8ea, 0xc51b3583), TOBN(0x7591f5af, 0x9525e642), + TOBN(0xf73a2f7b, 0x13f509f3), TOBN(0x618487aa, 0x5619ac9b), + TOBN(0x3a72e5f7, 0x9d61718a), TOBN(0x00413bcc, 0x7592d28c), + TOBN(0x7d9b11d3, 0x963c35cf), TOBN(0x77623bcf, 0xb90a46ed), + TOBN(0xdeef273b, 0xdcdd2a50), TOBN(0x4a741f9b, 0x0601846e), + TOBN(0x33b89e51, 0x0ec6e929), TOBN(0xcb02319f, 0x8b7f22cd), + TOBN(0xbbe1500d, 0x084bae24), TOBN(0x2f0ae8d7, 0x343d2693), + TOBN(0xacffb5f2, 0x7cdef811), TOBN(0xaa0c030a, 0x263fb94f), + TOBN(0x6eef0d61, 0xa0f442de), TOBN(0xf92e1817, 0x27b139d3), + TOBN(0x1ae6deb7, 0x0ad8bc28), TOBN(0xa89e38dc, 0xc0514130), + TOBN(0x81eeb865, 0xd2fdca23), TOBN(0x5a15ee08, 0xcc8ef895), + TOBN(0x768fa10a, 0x01905614), TOBN(0xeff5b8ef, 0x880ee19b), + TOBN(0xf0c0cabb, 0xcb1c8a0e), TOBN(0x2e1ee9cd, 0xb8c838f9), + TOBN(0x0587d8b8, 0x8a4a14c0), TOBN(0xf6f27896, 0x2ff698e5), + TOBN(0xed38ef1c, 0x89ee6256), TOBN(0xf44ee1fe, 0x6b353b45), + TOBN(0x9115c0c7, 0x70e903b3), TOBN(0xc78ec0a1, 0x818f31df), + TOBN(0x6c003324, 0xb7dccbc6), TOBN(0xd96dd1f3, 0x163bbc25), + TOBN(0x33aa82dd, 0x5cedd805), TOBN(0x123aae4f, 0x7f7eb2f1), + TOBN(0x1723fcf5, 0xa26262cd), TOBN(0x1f7f4d5d, 0x0060ebd5), + TOBN(0xf19c5c01, 0xb2eaa3af), TOBN(0x2ccb9b14, 0x9790accf), + TOBN(0x1f9c1cad, 0x52324aa6), TOBN(0x63200526, 0x7247df54), + TOBN(0x5732fe42, 0xbac96f82), TOBN(0x52fe771f, 0x01a1c384), + TOBN(0x546ca13d, 0xb1001684), TOBN(0xb56b4eee, 0xa1709f75), + TOBN(0x266545a9, 0xd5db8672), TOBN(0xed971c90, 0x1e8f3cfb), + TOBN(0x4e7d8691, 0xe3a07b29), TOBN(0x7570d9ec, 0xe4b696b9), + TOBN(0xdc5fa067, 0x7bc7e9ae), TOBN(0x68b44caf, 0xc82c4844), + TOBN(0x519d34b3, 0xbf44da80), TOBN(0x283834f9, 0x5ab32e66), + TOBN(0x6e608797, 0x6278a000), TOBN(0x1e62960e, 0x627312f6), + TOBN(0x9b87b27b, 0xe6901c55), TOBN(0x80e78538, 0x24fdbc1f), + TOBN(0xbbbc0951, 0x2facc27d), TOBN(0x06394239, 0xac143b5a), + TOBN(0x35bb4a40, 0x376c1944), TOBN(0x7cb62694, 0x63da1511), + TOBN(0xafd29161, 0xb7148a3b), TOBN(0xa6f9d9ed, 0x4e2ea2ee), + TOBN(0x15dc2ca2, 0x880dd212), TOBN(0x903c3813, 0xa61139a9), + TOBN(0x2aa7b46d, 0x6c0f8785), TOBN(0x36ce2871, 0x901c60ff), + TOBN(0xc683b028, 0xe10d9c12), TOBN(0x7573baa2, 0x032f33d3), + TOBN(0x87a9b1f6, 0x67a31b58), TOBN(0xfd3ed11a, 0xf4ffae12), + TOBN(0x83dcaa9a, 0x0cb2748e), TOBN(0x8239f018, 0x5d6fdf16), + TOBN(0xba67b49c, 0x72753941), TOBN(0x2beec455, 0xc321cb36), + TOBN(0x88015606, 0x3f8b84ce), TOBN(0x76417083, 0x8d38c86f), + TOBN(0x054f1ca7, 0x598953dd), TOBN(0xc939e110, 0x4e8e7429), + TOBN(0x9b1ac2b3, 0x5a914f2f), TOBN(0x39e35ed3, 0xe74b8f9c), + TOBN(0xd0debdb2, 0x781b2fb0), TOBN(0x1585638f, 0x2d997ba2), + TOBN(0x9c4b646e, 0x9e2fce99), TOBN(0x68a21081, 0x1e80857f), + TOBN(0x06d54e44, 0x3643b52a), TOBN(0xde8d6d63, 0x0d8eb843), + TOBN(0x70321563, 0x42146a0a), TOBN(0x8ba826f2, 0x5eaa3622), + TOBN(0x227a58bd, 0x86138787), TOBN(0x43b6c03c, 0x10281d37), + TOBN(0x6326afbb, 0xb54dde39), TOBN(0x744e5e8a, 0xdb6f2d5f), + TOBN(0x48b2a99a, 0xcff158e1), TOBN(0xa93c8fa0, 0xef87918f), + TOBN(0x2182f956, 0xde058c5c), TOBN(0x216235d2, 0x936f9e7a), + TOBN(0xace0c0db, 0xd2e31e67), TOBN(0xc96449bf, 0xf23ac3e7), + TOBN(0x7e9a2874, 0x170693bd), TOBN(0xa28e14fd, 0xa45e6335), + TOBN(0x5757f6b3, 0x56427344), TOBN(0x822e4556, 0xacf8edf9), + TOBN(0x2b7a6ee2, 0xe6a285cd), TOBN(0x5866f211, 0xa9df3af0), + TOBN(0x40dde2dd, 0xf845b844), TOBN(0x986c3726, 0x110e5e49), + TOBN(0x73680c2a, 0xf7172277), TOBN(0x57b94f0f, 0x0cccb244), + TOBN(0xbdff7267, 0x2d438ca7), TOBN(0xbad1ce11, 0xcf4663fd), + TOBN(0x9813ed9d, 0xd8f71cae), TOBN(0xf43272a6, 0x961fdaa6), + TOBN(0xbeff0119, 0xbd6d1637), TOBN(0xfebc4f91, 0x30361978), + TOBN(0x02b37a95, 0x2f41deff), TOBN(0x0e44a59a, 0xe63b89b7), + TOBN(0x673257dc, 0x143ff951), TOBN(0x19c02205, 0xd752baf4), + TOBN(0x46c23069, 0xc4b7d692), TOBN(0x2e6392c3, 0xfd1502ac), + TOBN(0x6057b1a2, 0x1b220846), TOBN(0xe51ff946, 0x0c1b5b63), + }, + { + TOBN(0x6e85cb51, 0x566c5c43), TOBN(0xcff9c919, 0x3597f046), + TOBN(0x9354e90c, 0x4994d94a), TOBN(0xe0a39332, 0x2147927d), + TOBN(0x8427fac1, 0x0dc1eb2b), TOBN(0x88cfd8c2, 0x2ff319fa), + TOBN(0xe2d4e684, 0x01965274), TOBN(0xfa2e067d, 0x67aaa746), + TOBN(0xb6d92a7f, 0x3e5f9f11), TOBN(0x9afe153a, 0xd6cb3b8e), + TOBN(0x4d1a6dd7, 0xddf800bd), TOBN(0xf6c13cc0, 0xcaf17e19), + TOBN(0x15f6c58e, 0x325fc3ee), TOBN(0x71095400, 0xa31dc3b2), + TOBN(0x168e7c07, 0xafa3d3e7), TOBN(0x3f8417a1, 0x94c7ae2d), + TOBN(0xec234772, 0x813b230d), TOBN(0x634d0f5f, 0x17344427), + TOBN(0x11548ab1, 0xd77fc56a), TOBN(0x7fab1750, 0xce06af77), + TOBN(0xb62c10a7, 0x4f7c4f83), TOBN(0xa7d2edc4, 0x220a67d9), + TOBN(0x1c404170, 0x921209a0), TOBN(0x0b9815a0, 0xface59f0), + TOBN(0x2842589b, 0x319540c3), TOBN(0x18490f59, 0xa283d6f8), + TOBN(0xa2731f84, 0xdaae9fcb), TOBN(0x3db6d960, 0xc3683ba0), + TOBN(0xc85c63bb, 0x14611069), TOBN(0xb19436af, 0x0788bf05), + TOBN(0x905459df, 0x347460d2), TOBN(0x73f6e094, 0xe11a7db1), + TOBN(0xdc7f938e, 0xb6357f37), TOBN(0xc5d00f79, 0x2bd8aa62), + TOBN(0xc878dcb9, 0x2ca979fc), TOBN(0x37e83ed9, 0xeb023a99), + TOBN(0x6b23e273, 0x1560bf3d), TOBN(0x1086e459, 0x1d0fae61), + TOBN(0x78248316, 0x9a9414bd), TOBN(0x1b956bc0, 0xf0ea9ea1), + TOBN(0x7b85bb91, 0xc31b9c38), TOBN(0x0c5aa90b, 0x48ef57b5), + TOBN(0xdedeb169, 0xaf3bab6f), TOBN(0xe610ad73, 0x2d373685), + TOBN(0xf13870df, 0x02ba8e15), TOBN(0x0337edb6, 0x8ca7f771), + TOBN(0xe4acf747, 0xb62c036c), TOBN(0xd921d576, 0xb6b94e81), + TOBN(0xdbc86439, 0x2c422f7a), TOBN(0xfb635362, 0xed348898), + TOBN(0x83084668, 0xc45bfcd1), TOBN(0xc357c9e3, 0x2b315e11), + TOBN(0xb173b540, 0x5b2e5b8c), TOBN(0x7e946931, 0xe102b9a4), + TOBN(0x17c890eb, 0x7b0fb199), TOBN(0xec225a83, 0xd61b662b), + TOBN(0xf306a3c8, 0xee3c76cb), TOBN(0x3cf11623, 0xd32a1f6e), + TOBN(0xe6d5ab64, 0x6863e956), TOBN(0x3b8a4cbe, 0x5c005c26), + TOBN(0xdcd529a5, 0x9ce6bb27), TOBN(0xc4afaa52, 0x04d4b16f), + TOBN(0xb0624a26, 0x7923798d), TOBN(0x85e56df6, 0x6b307fab), + TOBN(0x0281893c, 0x2bf29698), TOBN(0x91fc19a4, 0xd7ce7603), + TOBN(0x75a5dca3, 0xad9a558f), TOBN(0x40ceb3fa, 0x4d50bf77), + TOBN(0x1baf6060, 0xbc9ba369), TOBN(0x927e1037, 0x597888c2), + TOBN(0xd936bf19, 0x86a34c07), TOBN(0xd4cf10c1, 0xc34ae980), + TOBN(0x3a3e5334, 0x859dd614), TOBN(0x9c475b5b, 0x18d0c8ee), + TOBN(0x63080d1f, 0x07cd51d5), TOBN(0xc9c0d0a6, 0xb88b4326), + TOBN(0x1ac98691, 0xc234296f), TOBN(0x2a0a83a4, 0x94887fb6), + TOBN(0x56511427, 0x0cea9cf2), TOBN(0x5230a6e8, 0xa24802f5), + TOBN(0xf7a2bf0f, 0x72e3d5c1), TOBN(0x37717446, 0x4f21439e), + TOBN(0xfedcbf25, 0x9ce30334), TOBN(0xe0030a78, 0x7ce202f9), + TOBN(0x6f2d9ebf, 0x1202e9ca), TOBN(0xe79dde6c, 0x75e6e591), + TOBN(0xf52072af, 0xf1dac4f8), TOBN(0x6c8d087e, 0xbb9b404d), + TOBN(0xad0fc73d, 0xbce913af), TOBN(0x909e587b, 0x458a07cb), + TOBN(0x1300da84, 0xd4f00c8a), TOBN(0x425cd048, 0xb54466ac), + TOBN(0xb59cb9be, 0x90e9d8bf), TOBN(0x991616db, 0x3e431b0e), + TOBN(0xd3aa117a, 0x531aecff), TOBN(0x91af92d3, 0x59f4dc3b), + TOBN(0x9b1ec292, 0xe93fda29), TOBN(0x76bb6c17, 0xe97d91bc), + TOBN(0x7509d95f, 0xaface1e6), TOBN(0x3653fe47, 0xbe855ae3), + TOBN(0x73180b28, 0x0f680e75), TOBN(0x75eefd1b, 0xeeb6c26c), + TOBN(0xa4cdf29f, 0xb66d4236), TOBN(0x2d70a997, 0x6b5821d8), + TOBN(0x7a3ee207, 0x20445c36), TOBN(0x71d1ac82, 0x59877174), + TOBN(0x0fc539f7, 0x949f73e9), TOBN(0xd05cf3d7, 0x982e3081), + TOBN(0x8758e20b, 0x7b1c7129), TOBN(0xffadcc20, 0x569e61f2), + TOBN(0xb05d3a2f, 0x59544c2d), TOBN(0xbe16f5c1, 0x9fff5e53), + TOBN(0x73cf65b8, 0xaad58135), TOBN(0x622c2119, 0x037aa5be), + TOBN(0x79373b3f, 0x646fd6a0), TOBN(0x0e029db5, 0x0d3978cf), + TOBN(0x8bdfc437, 0x94fba037), TOBN(0xaefbd687, 0x620797a6), + TOBN(0x3fa5382b, 0xbd30d38e), TOBN(0x7627cfbf, 0x585d7464), + TOBN(0xb2330fef, 0x4e4ca463), TOBN(0xbcef7287, 0x3566cc63), + TOBN(0xd161d2ca, 0xcf780900), TOBN(0x135dc539, 0x5b54827d), + TOBN(0x638f052e, 0x27bf1bc6), TOBN(0x10a224f0, 0x07dfa06c), + TOBN(0xe973586d, 0x6d3321da), TOBN(0x8b0c5738, 0x26152c8f), + TOBN(0x07ef4f2a, 0x34606074), TOBN(0x80fe7fe8, 0xa0f7047a), + TOBN(0x3d1a8152, 0xe1a0e306), TOBN(0x32cf43d8, 0x88da5222), + TOBN(0xbf89a95f, 0x5f02ffe6), TOBN(0x3d9eb9a4, 0x806ad3ea), + TOBN(0x012c17bb, 0x79c8e55e), TOBN(0xfdcd1a74, 0x99c81dac), + TOBN(0x7043178b, 0xb9556098), TOBN(0x4090a1df, 0x801c3886), + TOBN(0x759800ff, 0x9b67b912), TOBN(0x3e5c0304, 0x232620c8), + TOBN(0x4b9d3c4b, 0x70dceeca), TOBN(0xbb2d3c15, 0x181f648e), + TOBN(0xf981d837, 0x6e33345c), TOBN(0xb626289b, 0x0cf2297a), + TOBN(0x766ac659, 0x8baebdcf), TOBN(0x1a28ae09, 0x75df01e5), + TOBN(0xb71283da, 0x375876d8), TOBN(0x4865a96d, 0x607b9800), + TOBN(0x25dd1bcd, 0x237936b2), TOBN(0x332f4f4b, 0x60417494), + TOBN(0xd0923d68, 0x370a2147), TOBN(0x497f5dfb, 0xdc842203), + TOBN(0x9dc74cbd, 0x32be5e0f), TOBN(0x7475bcb7, 0x17a01375), + TOBN(0x438477c9, 0x50d872b1), TOBN(0xcec67879, 0xffe1d63d), + TOBN(0x9b006014, 0xd8578c70), TOBN(0xc9ad99a8, 0x78bb6b8b), + TOBN(0x6799008e, 0x11fb3806), TOBN(0xcfe81435, 0xcd44cab3), + TOBN(0xa2ee1582, 0x2f4fb344), TOBN(0xb8823450, 0x483fa6eb), + TOBN(0x622d323d, 0x652c7749), TOBN(0xd8474a98, 0xbeb0a15b), + TOBN(0xe43c154d, 0x5d1c00d0), TOBN(0x7fd581d9, 0x0e3e7aac), + TOBN(0x2b44c619, 0x2525ddf8), TOBN(0x67a033eb, 0xb8ae9739), + TOBN(0x113ffec1, 0x9ef2d2e4), TOBN(0x1bf6767e, 0xd5a0ea7f), + TOBN(0x57fff75e, 0x03714c0a), TOBN(0xa23c422e, 0x0a23e9ee), + TOBN(0xdd5f6b2d, 0x540f83af), TOBN(0xc2c2c27e, 0x55ea46a7), + TOBN(0xeb6b4246, 0x672a1208), TOBN(0xd13599f7, 0xae634f7a), + TOBN(0xcf914b5c, 0xd7b32c6e), TOBN(0x61a5a640, 0xeaf61814), + TOBN(0x8dc3df8b, 0x208a1bbb), TOBN(0xef627fd6, 0xb6d79aa5), + TOBN(0x44232ffc, 0xc4c86bc8), TOBN(0xe6f9231b, 0x061539fe), + TOBN(0x1d04f25a, 0x958b9533), TOBN(0x180cf934, 0x49e8c885), + TOBN(0x89689595, 0x9884aaf7), TOBN(0xb1959be3, 0x07b348a6), + TOBN(0x96250e57, 0x3c147c87), TOBN(0xae0efb3a, 0xdd0c61f8), + TOBN(0xed00745e, 0xca8c325e), TOBN(0x3c911696, 0xecff3f70), + TOBN(0x73acbc65, 0x319ad41d), TOBN(0x7b01a020, 0xf0b1c7ef), + TOBN(0xea32b293, 0x63a1483f), TOBN(0x89eabe71, 0x7a248f96), + TOBN(0x9c6231d3, 0x343157e5), TOBN(0x93a375e5, 0xdf3c546d), + TOBN(0xe76e9343, 0x6a2afe69), TOBN(0xc4f89100, 0xe166c88e), + TOBN(0x248efd0d, 0x4f872093), TOBN(0xae0eb3ea, 0x8fe0ea61), + TOBN(0xaf89790d, 0x9d79046e), TOBN(0x4d650f2d, 0x6cee0976), + TOBN(0xa3935d9a, 0x43071eca), TOBN(0x66fcd2c9, 0x283b0bfe), + TOBN(0x0e665eb5, 0x696605f1), TOBN(0xe77e5d07, 0xa54cd38d), + TOBN(0x90ee050a, 0x43d950cf), TOBN(0x86ddebda, 0xd32e69b5), + TOBN(0x6ad94a3d, 0xfddf7415), TOBN(0xf7fa1309, 0x3f6e8d5a), + TOBN(0xc4831d1d, 0xe9957f75), TOBN(0x7de28501, 0xd5817447), + TOBN(0x6f1d7078, 0x9e2aeb6b), TOBN(0xba2b9ff4, 0xf67a53c2), + TOBN(0x36963767, 0xdf9defc3), TOBN(0x479deed3, 0x0d38022c), + TOBN(0xd2edb89b, 0x3a8631e8), TOBN(0x8de855de, 0x7a213746), + TOBN(0xb2056cb7, 0xb00c5f11), TOBN(0xdeaefbd0, 0x2c9b85e4), + TOBN(0x03f39a8d, 0xd150892d), TOBN(0x37b84686, 0x218b7985), + TOBN(0x36296dd8, 0xb7375f1a), TOBN(0x472cd4b1, 0xb78e898e), + TOBN(0x15dff651, 0xe9f05de9), TOBN(0xd4045069, 0x2ce98ba9), + TOBN(0x8466a7ae, 0x9b38024c), TOBN(0xb910e700, 0xe5a6b5ef), + TOBN(0xae1c56ea, 0xb3aa8f0d), TOBN(0xbab2a507, 0x7eee74a6), + TOBN(0x0dca11e2, 0x4b4c4620), TOBN(0xfd896e2e, 0x4c47d1f4), + TOBN(0xeb45ae53, 0x308fbd93), TOBN(0x46cd5a2e, 0x02c36fda), + TOBN(0x6a3d4e90, 0xbaa48385), TOBN(0xdd55e62e, 0x9dbe9960), + TOBN(0xa1406aa0, 0x2a81ede7), TOBN(0x6860dd14, 0xf9274ea7), + TOBN(0xcfdcb0c2, 0x80414f86), TOBN(0xff410b10, 0x22f94327), + TOBN(0x5a33cc38, 0x49ad467b), TOBN(0xefb48b6c, 0x0a7335f1), + TOBN(0x14fb54a4, 0xb153a360), TOBN(0x604aa9d2, 0xb52469cc), + TOBN(0x5e9dc486, 0x754e48e9), TOBN(0x693cb455, 0x37471e8e), + TOBN(0xfb2fd7cd, 0x8d3b37b6), TOBN(0x63345e16, 0xcf09ff07), + TOBN(0x9910ba6b, 0x23a5d896), TOBN(0x1fe19e35, 0x7fe4364e), + TOBN(0x6e1da8c3, 0x9a33c677), TOBN(0x15b4488b, 0x29fd9fd0), + TOBN(0x1f439254, 0x1a1f22bf), TOBN(0x920a8a70, 0xab8163e8), + TOBN(0x3fd1b249, 0x07e5658e), TOBN(0xf2c4f79c, 0xb6ec839b), + TOBN(0x1abbc3d0, 0x4aa38d1b), TOBN(0x3b0db35c, 0xb5d9510e), + TOBN(0x1754ac78, 0x3e60dec0), TOBN(0x53272fd7, 0xea099b33), + TOBN(0x5fb0494f, 0x07a8e107), TOBN(0x4a89e137, 0x6a8191fa), + TOBN(0xa113b7f6, 0x3c4ad544), TOBN(0x88a2e909, 0x6cb9897b), + TOBN(0x17d55de3, 0xb44a3f84), TOBN(0xacb2f344, 0x17c6c690), + TOBN(0x32088168, 0x10232390), TOBN(0xf2e8a61f, 0x6c733bf7), + TOBN(0xa774aab6, 0x9c2d7652), TOBN(0xfb5307e3, 0xed95c5bc), + TOBN(0xa05c73c2, 0x4981f110), TOBN(0x1baae31c, 0xa39458c9), + TOBN(0x1def185b, 0xcbea62e7), TOBN(0xe8ac9eae, 0xeaf63059), + TOBN(0x098a8cfd, 0x9921851c), TOBN(0xd959c3f1, 0x3abe2f5b), + TOBN(0xa4f19525, 0x20e40ae5), TOBN(0x320789e3, 0x07a24aa1), + TOBN(0x259e6927, 0x7392b2bc), TOBN(0x58f6c667, 0x1918668b), + TOBN(0xce1db2bb, 0xc55d2d8b), TOBN(0x41d58bb7, 0xf4f6ca56), + TOBN(0x7650b680, 0x8f877614), TOBN(0x905e16ba, 0xf4c349ed), + TOBN(0xed415140, 0xf661acac), TOBN(0x3b8784f0, 0xcb2270af), + TOBN(0x3bc280ac, 0x8a402cba), TOBN(0xd53f7146, 0x0937921a), + TOBN(0xc03c8ee5, 0xe5681e83), TOBN(0x62126105, 0xf6ac9e4a), + TOBN(0x9503a53f, 0x936b1a38), TOBN(0x3d45e2d4, 0x782fecbd), + TOBN(0x69a5c439, 0x76e8ae98), TOBN(0xb53b2eeb, 0xbfb4b00e), + TOBN(0xf1674712, 0x72386c89), TOBN(0x30ca34a2, 0x4268bce4), + TOBN(0x7f1ed86c, 0x78341730), TOBN(0x8ef5beb8, 0xb525e248), + TOBN(0xbbc489fd, 0xb74fbf38), TOBN(0x38a92a0e, 0x91a0b382), + TOBN(0x7a77ba3f, 0x22433ccf), TOBN(0xde8362d6, 0xa29f05a9), + TOBN(0x7f6a30ea, 0x61189afc), TOBN(0x693b5505, 0x59ef114f), + TOBN(0x50266bc0, 0xcd1797a1), TOBN(0xea17b47e, 0xf4b7af2d), + TOBN(0xd6c4025c, 0x3df9483e), TOBN(0x8cbb9d9f, 0xa37b18c9), + TOBN(0x91cbfd9c, 0x4d8424cf), TOBN(0xdb7048f1, 0xab1c3506), + TOBN(0x9eaf641f, 0x028206a3), TOBN(0xf986f3f9, 0x25bdf6ce), + TOBN(0x262143b5, 0x224c08dc), TOBN(0x2bbb09b4, 0x81b50c91), + TOBN(0xc16ed709, 0xaca8c84f), TOBN(0xa6210d9d, 0xb2850ca8), + TOBN(0x6d8df67a, 0x09cb54d6), TOBN(0x91eef6e0, 0x500919a4), + TOBN(0x90f61381, 0x0f132857), TOBN(0x9acede47, 0xf8d5028b), + TOBN(0x844d1b71, 0x90b771c3), TOBN(0x563b71e4, 0xba6426be), + TOBN(0x2efa2e83, 0xbdb802ff), TOBN(0x3410cbab, 0xab5b4a41), + TOBN(0x555b2d26, 0x30da84dd), TOBN(0xd0711ae9, 0xee1cc29a), + TOBN(0xcf3e8c60, 0x2f547792), TOBN(0x03d7d5de, 0xdc678b35), + TOBN(0x071a2fa8, 0xced806b8), TOBN(0x222e6134, 0x697f1478), + TOBN(0xdc16fd5d, 0xabfcdbbf), TOBN(0x44912ebf, 0x121b53b8), + TOBN(0xac943674, 0x2496c27c), TOBN(0x8ea3176c, 0x1ffc26b0), + TOBN(0xb6e224ac, 0x13debf2c), TOBN(0x524cc235, 0xf372a832), + TOBN(0xd706e1d8, 0x9f6f1b18), TOBN(0x2552f005, 0x44cce35b), + TOBN(0x8c8326c2, 0xa88e31fc), TOBN(0xb5468b2c, 0xf9552047), + TOBN(0xce683e88, 0x3ff90f2b), TOBN(0x77947bdf, 0x2f0a5423), + TOBN(0xd0a1b28b, 0xed56e328), TOBN(0xaee35253, 0xc20134ac), + TOBN(0x7e98367d, 0x3567962f), TOBN(0x379ed61f, 0x8188bffb), + TOBN(0x73bba348, 0xfaf130a1), TOBN(0x6c1f75e1, 0x904ed734), + TOBN(0x18956642, 0x3b4a79fc), TOBN(0xf20bc83d, 0x54ef4493), + TOBN(0x836d425d, 0x9111eca1), TOBN(0xe5b5c318, 0x009a8dcf), + TOBN(0x3360b25d, 0x13221bc5), TOBN(0x707baad2, 0x6b3eeaf7), + TOBN(0xd7279ed8, 0x743a95a1), TOBN(0x7450a875, 0x969e809f), + TOBN(0x32b6bd53, 0xe5d0338f), TOBN(0x1e77f7af, 0x2b883bbc), + TOBN(0x90da12cc, 0x1063ecd0), TOBN(0xe2697b58, 0xc315be47), + TOBN(0x2771a5bd, 0xda85d534), TOBN(0x53e78c1f, 0xff980eea), + TOBN(0xadf1cf84, 0x900385e7), TOBN(0x7d3b14f6, 0xc9387b62), + TOBN(0x170e74b0, 0xcb8f2bd2), TOBN(0x2d50b486, 0x827fa993), + TOBN(0xcdbe8c9a, 0xf6f32bab), TOBN(0x55e906b0, 0xc3b93ab8), + TOBN(0x747f22fc, 0x8fe280d1), TOBN(0xcd8e0de5, 0xb2e114ab), + TOBN(0x5ab7dbeb, 0xe10b68b0), TOBN(0x9dc63a9c, 0xa480d4b2), + TOBN(0x78d4bc3b, 0x4be1495f), TOBN(0x25eb3db8, 0x9359122d), + TOBN(0x3f8ac05b, 0x0809cbdc), TOBN(0xbf4187bb, 0xd37c702f), + TOBN(0x84cea069, 0x1416a6a5), TOBN(0x8f860c79, 0x43ef881c), + TOBN(0x41311f8a, 0x38038a5d), TOBN(0xe78c2ec0, 0xfc612067), + TOBN(0x494d2e81, 0x5ad73581), TOBN(0xb4cc9e00, 0x59604097), + TOBN(0xff558aec, 0xf3612cba), TOBN(0x35beef7a, 0x9e36c39e), + TOBN(0x1845c7cf, 0xdbcf41b9), TOBN(0x5703662a, 0xaea997c0), + TOBN(0x8b925afe, 0xe402f6d8), TOBN(0xd0a1b1ae, 0x4dd72162), + TOBN(0x9f47b375, 0x03c41c4b), TOBN(0xa023829b, 0x0391d042), + TOBN(0x5f5045c3, 0x503b8b0a), TOBN(0x123c2688, 0x98c010e5), + TOBN(0x324ec0cc, 0x36ba06ee), TOBN(0xface3115, 0x3dd2cc0c), + TOBN(0xb364f3be, 0xf333e91f), TOBN(0xef8aff73, 0x28e832b0), + TOBN(0x1e9bad04, 0x2d05841b), TOBN(0x42f0e3df, 0x356a21e2), + TOBN(0xa3270bcb, 0x4add627e), TOBN(0xb09a8158, 0xd322e711), + TOBN(0x86e326a1, 0x0fee104a), TOBN(0xad7788f8, 0x3703f65d), + TOBN(0x7e765430, 0x47bc4833), TOBN(0x6cee582b, 0x2b9b893a), + TOBN(0x9cd2a167, 0xe8f55a7b), TOBN(0xefbee3c6, 0xd9e4190d), + TOBN(0x33ee7185, 0xd40c2e9d), TOBN(0x844cc9c5, 0xa380b548), + TOBN(0x323f8ecd, 0x66926e04), TOBN(0x0001e38f, 0x8110c1ba), + TOBN(0x8dbcac12, 0xfc6a7f07), TOBN(0xd65e1d58, 0x0cec0827), + TOBN(0xd2cd4141, 0xbe76ca2d), TOBN(0x7895cf5c, 0xe892f33a), + TOBN(0x956d230d, 0x367139d2), TOBN(0xa91abd3e, 0xd012c4c1), + TOBN(0x34fa4883, 0x87eb36bf), TOBN(0xc5f07102, 0x914b8fb4), + TOBN(0x90f0e579, 0xadb9c95f), TOBN(0xfe6ea8cb, 0x28888195), + TOBN(0x7b9b5065, 0xedfa9284), TOBN(0x6c510bd2, 0x2b8c8d65), + TOBN(0xd7b8ebef, 0xcbe8aafd), TOBN(0xedb3af98, 0x96b1da07), + TOBN(0x28ff779d, 0x6295d426), TOBN(0x0c4f6ac7, 0x3fa3ad7b), + TOBN(0xec44d054, 0x8b8e2604), TOBN(0x9b32a66d, 0x8b0050e1), + TOBN(0x1f943366, 0xf0476ce2), TOBN(0x7554d953, 0xa602c7b4), + TOBN(0xbe35aca6, 0x524f2809), TOBN(0xb6881229, 0xfd4edbea), + TOBN(0xe8cd0c8f, 0x508efb63), TOBN(0x9eb5b5c8, 0x6abcefc7), + TOBN(0xf5621f5f, 0xb441ab4f), TOBN(0x79e6c046, 0xb76a2b22), + TOBN(0x74a4792c, 0xe37a1f69), TOBN(0xcbd252cb, 0x03542b60), + TOBN(0x785f65d5, 0xb3c20bd3), TOBN(0x8dea6143, 0x4fabc60c), + TOBN(0x45e21446, 0xde673629), TOBN(0x57f7aa1e, 0x703c2d21), + TOBN(0xa0e99b7f, 0x98c868c7), TOBN(0x4e42f66d, 0x8b641676), + TOBN(0x602884dc, 0x91077896), TOBN(0xa0d690cf, 0xc2c9885b), + TOBN(0xfeb4da33, 0x3b9a5187), TOBN(0x5f789598, 0x153c87ee), + TOBN(0x2192dd47, 0x52b16dba), TOBN(0xdeefc0e6, 0x3524c1b1), + TOBN(0x465ea76e, 0xe4383693), TOBN(0x79401711, 0x361b8d98), + TOBN(0xa5f9ace9, 0xf21a15cb), TOBN(0x73d26163, 0xefee9aeb), + TOBN(0xcca844b3, 0xe677016c), TOBN(0x6c122b07, 0x57eaee06), + TOBN(0xb782dce7, 0x15f09690), TOBN(0x508b9b12, 0x2dfc0fc9), + TOBN(0x9015ab4b, 0x65d89fc6), TOBN(0x5e79dab7, 0xd6d5bb0f), + TOBN(0x64f021f0, 0x6c775aa2), TOBN(0xdf09d8cc, 0x37c7eca1), + TOBN(0x9a761367, 0xef2fa506), TOBN(0xed4ca476, 0x5b81eec6), + TOBN(0x262ede36, 0x10bbb8b5), TOBN(0x0737ce83, 0x0641ada3), + TOBN(0x4c94288a, 0xe9831ccc), TOBN(0x487fc1ce, 0x8065e635), + TOBN(0xb13d7ab3, 0xb8bb3659), TOBN(0xdea5df3e, 0x855e4120), + TOBN(0xb9a18573, 0x85eb0244), TOBN(0x1a1b8ea3, 0xa7cfe0a3), + TOBN(0x3b837119, 0x67b0867c), TOBN(0x8d5e0d08, 0x9d364520), + TOBN(0x52dccc1e, 0xd930f0e3), TOBN(0xefbbcec7, 0xbf20bbaf), + TOBN(0x99cffcab, 0x0263ad10), TOBN(0xd8199e6d, 0xfcd18f8a), + TOBN(0x64e2773f, 0xe9f10617), TOBN(0x0079e8e1, 0x08704848), + TOBN(0x1169989f, 0x8a342283), TOBN(0x8097799c, 0xa83012e6), + TOBN(0xece966cb, 0x8a6a9001), TOBN(0x93b3afef, 0x072ac7fc), + TOBN(0xe6893a2a, 0x2db3d5ba), TOBN(0x263dc462, 0x89bf4fdc), + TOBN(0x8852dfc9, 0xe0396673), TOBN(0x7ac70895, 0x3af362b6), + TOBN(0xbb9cce4d, 0x5c2f342b), TOBN(0xbf80907a, 0xb52d7aae), + TOBN(0x97f3d3cd, 0x2161bcd0), TOBN(0xb25b0834, 0x0962744d), + TOBN(0xc5b18ea5, 0x6c3a1dda), TOBN(0xfe4ec7eb, 0x06c92317), + TOBN(0xb787b890, 0xad1c4afe), TOBN(0xdccd9a92, 0x0ede801a), + TOBN(0x9ac6ddda, 0xdb58da1f), TOBN(0x22bbc12f, 0xb8cae6ee), + TOBN(0xc6f8bced, 0x815c4a43), TOBN(0x8105a92c, 0xf96480c7), + TOBN(0x0dc3dbf3, 0x7a859d51), TOBN(0xe3ec7ce6, 0x3041196b), + TOBN(0xd9f64b25, 0x0d1067c9), TOBN(0xf2321321, 0x3d1f8dd8), + TOBN(0x8b5c619c, 0x76497ee8), TOBN(0x5d2b0ac6, 0xc717370e), + TOBN(0x98204cb6, 0x4fcf68e1), TOBN(0x0bdec211, 0x62bc6792), + TOBN(0x6973ccef, 0xa63b1011), TOBN(0xf9e3fa97, 0xe0de1ac5), + TOBN(0x5efb693e, 0x3d0e0c8b), TOBN(0x037248e9, 0xd2d4fcb4), + }, + {TOBN(0x80802dc9, 0x1ec34f9e), TOBN(0xd8772d35, 0x33810603), + TOBN(0x3f06d66c, 0x530cb4f3), TOBN(0x7be5ed0d, 0xc475c129), + TOBN(0xcb9e3c19, 0x31e82b10), TOBN(0xc63d2857, 0xc9ff6b4c), + TOBN(0xb92118c6, 0x92a1b45e), TOBN(0x0aec4414, 0x7285bbca), + TOBN(0xfc189ae7, 0x1e29a3ef), TOBN(0xcbe906f0, 0x4c93302e), + TOBN(0xd0107914, 0xceaae10e), TOBN(0xb7a23f34, 0xb68e19f8), + TOBN(0xe9d875c2, 0xefd2119d), TOBN(0x03198c6e, 0xfcadc9c8), + TOBN(0x65591bf6, 0x4da17113), TOBN(0x3cf0bbf8, 0x3d443038), + TOBN(0xae485bb7, 0x2b724759), TOBN(0x945353e1, 0xb2d4c63a), + TOBN(0x82159d07, 0xde7d6f2c), TOBN(0x389caef3, 0x4ec5b109), + TOBN(0x4a8ebb53, 0xdb65ef14), TOBN(0x2dc2cb7e, 0xdd99de43), + TOBN(0x816fa3ed, 0x83f2405f), TOBN(0x73429bb9, 0xc14208a3), + TOBN(0xb618d590, 0xb01e6e27), TOBN(0x047e2ccd, 0xe180b2dc), + TOBN(0xd1b299b5, 0x04aea4a9), TOBN(0x412c9e1e, 0x9fa403a4), + TOBN(0x88d28a36, 0x79407552), TOBN(0x49c50136, 0xf332b8e3), + TOBN(0x3a1b6fcc, 0xe668de19), TOBN(0x178851bc, 0x75122b97), + TOBN(0xb1e13752, 0xfb85fa4c), TOBN(0xd61257ce, 0x383c8ce9), + TOBN(0xd43da670, 0xd2f74dae), TOBN(0xa35aa23f, 0xbf846bbb), + TOBN(0x5e74235d, 0x4421fc83), TOBN(0xf6df8ee0, 0xc363473b), + TOBN(0x34d7f52a, 0x3c4aa158), TOBN(0x50d05aab, 0x9bc6d22e), + TOBN(0x8c56e735, 0xa64785f4), TOBN(0xbc56637b, 0x5f29cd07), + TOBN(0x53b2bb80, 0x3ee35067), TOBN(0x50235a0f, 0xdc919270), + TOBN(0x191ab6d8, 0xf2c4aa65), TOBN(0xc3475831, 0x8396023b), + TOBN(0x80400ba5, 0xf0f805ba), TOBN(0x8881065b, 0x5ec0f80f), + TOBN(0xc370e522, 0xcc1b5e83), TOBN(0xde2d4ad1, 0x860b8bfb), + TOBN(0xad364df0, 0x67b256df), TOBN(0x8f12502e, 0xe0138997), + TOBN(0x503fa0dc, 0x7783920a), TOBN(0xe80014ad, 0xc0bc866a), + TOBN(0x3f89b744, 0xd3064ba6), TOBN(0x03511dcd, 0xcba5dba5), + TOBN(0x197dd46d, 0x95a7b1a2), TOBN(0x9c4e7ad6, 0x3c6341fb), + TOBN(0x426eca29, 0x484c2ece), TOBN(0x9211e489, 0xde7f4f8a), + TOBN(0x14997f6e, 0xc78ef1f4), TOBN(0x2b2c0910, 0x06574586), + TOBN(0x17286a6e, 0x1c3eede8), TOBN(0x25f92e47, 0x0f60e018), + TOBN(0x805c5646, 0x31890a36), TOBN(0x703ef600, 0x57feea5b), + TOBN(0x389f747c, 0xaf3c3030), TOBN(0xe0e5daeb, 0x54dd3739), + TOBN(0xfe24a4c3, 0xc9c9f155), TOBN(0x7e4bf176, 0xb5393962), + TOBN(0x37183de2, 0xaf20bf29), TOBN(0x4a1bd7b5, 0xf95a8c3b), + TOBN(0xa83b9699, 0x46191d3d), TOBN(0x281fc8dd, 0x7b87f257), + TOBN(0xb18e2c13, 0x54107588), TOBN(0x6372def7, 0x9b2bafe8), + TOBN(0xdaf4bb48, 0x0d8972ca), TOBN(0x3f2dd4b7, 0x56167a3f), + TOBN(0x1eace32d, 0x84310cf4), TOBN(0xe3bcefaf, 0xe42700aa), + TOBN(0x5fe5691e, 0xd785e73d), TOBN(0xa5db5ab6, 0x2ea60467), + TOBN(0x02e23d41, 0xdfc6514a), TOBN(0x35e8048e, 0xe03c3665), + TOBN(0x3f8b118f, 0x1adaa0f8), TOBN(0x28ec3b45, 0x84ce1a5a), + TOBN(0xe8cacc6e, 0x2c6646b8), TOBN(0x1343d185, 0xdbd0e40f), + TOBN(0xe5d7f844, 0xcaaa358c), TOBN(0x1a1db7e4, 0x9924182a), + TOBN(0xd64cd42d, 0x9c875d9a), TOBN(0xb37b515f, 0x042eeec8), + TOBN(0x4d4dd409, 0x7b165fbe), TOBN(0xfc322ed9, 0xe206eff3), + TOBN(0x7dee4102, 0x59b7e17e), TOBN(0x55a481c0, 0x8236ca00), + TOBN(0x8c885312, 0xc23fc975), TOBN(0x15715806, 0x05d6297b), + TOBN(0xa078868e, 0xf78edd39), TOBN(0x956b31e0, 0x03c45e52), + TOBN(0x470275d5, 0xff7b33a6), TOBN(0xc8d5dc3a, 0x0c7e673f), + TOBN(0x419227b4, 0x7e2f2598), TOBN(0x8b37b634, 0x4c14a975), + TOBN(0xd0667ed6, 0x8b11888c), TOBN(0x5e0e8c3e, 0x803e25dc), + TOBN(0x34e5d0dc, 0xb987a24a), TOBN(0x9f40ac3b, 0xae920323), + TOBN(0x5463de95, 0x34e0f63a), TOBN(0xa128bf92, 0x6b6328f9), + TOBN(0x491ccd7c, 0xda64f1b7), TOBN(0x7ef1ec27, 0xc47bde35), + TOBN(0xa857240f, 0xa36a2737), TOBN(0x35dc1366, 0x63621bc1), + TOBN(0x7a3a6453, 0xd4fb6897), TOBN(0x80f1a439, 0xc929319d), + TOBN(0xfc18274b, 0xf8cb0ba0), TOBN(0xb0b53766, 0x8078c5eb), + TOBN(0xfb0d4924, 0x1e01d0ef), TOBN(0x50d7c67d, 0x372ab09c), + TOBN(0xb4e370af, 0x3aeac968), TOBN(0xe4f7fee9, 0xc4b63266), + TOBN(0xb4acd4c2, 0xe3ac5664), TOBN(0xf8910bd2, 0xceb38cbf), + TOBN(0x1c3ae50c, 0xc9c0726e), TOBN(0x15309569, 0xd97b40bf), + TOBN(0x70884b7f, 0xfd5a5a1b), TOBN(0x3890896a, 0xef8314cd), + TOBN(0x58e1515c, 0xa5618c93), TOBN(0xe665432b, 0x77d942d1), + TOBN(0xb32181bf, 0xb6f767a8), TOBN(0x753794e8, 0x3a604110), + TOBN(0x09afeb7c, 0xe8c0dbcc), TOBN(0x31e02613, 0x598673a3), + TOBN(0x5d98e557, 0x7d46db00), TOBN(0xfc21fb8c, 0x9d985b28), + TOBN(0xc9040116, 0xb0843e0b), TOBN(0x53b1b3a8, 0x69b04531), + TOBN(0xdd1649f0, 0x85d7d830), TOBN(0xbb3bcc87, 0xcb7427e8), + TOBN(0x77261100, 0xc93dce83), TOBN(0x7e79da61, 0xa1922a2a), + TOBN(0x587a2b02, 0xf3149ce8), TOBN(0x147e1384, 0xde92ec83), + TOBN(0x484c83d3, 0xaf077f30), TOBN(0xea78f844, 0x0658b53a), + TOBN(0x912076c2, 0x027aec53), TOBN(0xf34714e3, 0x93c8177d), + TOBN(0x37ef5d15, 0xc2376c84), TOBN(0x8315b659, 0x3d1aa783), + TOBN(0x3a75c484, 0xef852a90), TOBN(0x0ba0c58a, 0x16086bd4), + TOBN(0x29688d7a, 0x529a6d48), TOBN(0x9c7f250d, 0xc2f19203), + TOBN(0x123042fb, 0x682e2df9), TOBN(0x2b7587e7, 0xad8121bc), + TOBN(0x30fc0233, 0xe0182a65), TOBN(0xb82ecf87, 0xe3e1128a), + TOBN(0x71682861, 0x93fb098f), TOBN(0x043e21ae, 0x85e9e6a7), + TOBN(0xab5b49d6, 0x66c834ea), TOBN(0x3be43e18, 0x47414287), + TOBN(0xf40fb859, 0x219a2a47), TOBN(0x0e6559e9, 0xcc58df3c), + TOBN(0xfe1dfe8e, 0x0c6615b4), TOBN(0x14abc8fd, 0x56459d70), + TOBN(0x7be0fa8e, 0x05de0386), TOBN(0x8e63ef68, 0xe9035c7c), + TOBN(0x116401b4, 0x53b31e91), TOBN(0x0cba7ad4, 0x4436b4d8), + TOBN(0x9151f9a0, 0x107afd66), TOBN(0xafaca8d0, 0x1f0ee4c4), + TOBN(0x75fe5c1d, 0x9ee9761c), TOBN(0x3497a16b, 0xf0c0588f), + TOBN(0x3ee2bebd, 0x0304804c), TOBN(0xa8fb9a60, 0xc2c990b9), + TOBN(0xd14d32fe, 0x39251114), TOBN(0x36bf25bc, 0xcac73366), + TOBN(0xc9562c66, 0xdba7495c), TOBN(0x324d301b, 0x46ad348b), + TOBN(0x9f46620c, 0xd670407e), TOBN(0x0ea8d4f1, 0xe3733a01), + TOBN(0xd396d532, 0xb0c324e0), TOBN(0x5b211a0e, 0x03c317cd), + TOBN(0x090d7d20, 0x5ffe7b37), TOBN(0x3b7f3efb, 0x1747d2da), + TOBN(0xa2cb525f, 0xb54fc519), TOBN(0x6e220932, 0xf66a971e), + TOBN(0xddc160df, 0xb486d440), TOBN(0x7fcfec46, 0x3fe13465), + TOBN(0x83da7e4e, 0x76e4c151), TOBN(0xd6fa48a1, 0xd8d302b5), + TOBN(0xc6304f26, 0x5872cd88), TOBN(0x806c1d3c, 0x278b90a1), + TOBN(0x3553e725, 0xcaf0bc1c), TOBN(0xff59e603, 0xbb9d8d5c), + TOBN(0xa4550f32, 0x7a0b85dd), TOBN(0xdec5720a, 0x93ecc217), + TOBN(0x0b88b741, 0x69d62213), TOBN(0x7212f245, 0x5b365955), + TOBN(0x20764111, 0xb5cae787), TOBN(0x13cb7f58, 0x1dfd3124), + TOBN(0x2dca77da, 0x1175aefb), TOBN(0xeb75466b, 0xffaae775), + TOBN(0x74d76f3b, 0xdb6cff32), TOBN(0x7440f37a, 0x61fcda9a), + TOBN(0x1bb3ac92, 0xb525028b), TOBN(0x20fbf8f7, 0xa1975f29), + TOBN(0x982692e1, 0xdf83097f), TOBN(0x28738f6c, 0x554b0800), + TOBN(0xdc703717, 0xa2ce2f2f), TOBN(0x7913b93c, 0x40814194), + TOBN(0x04924593, 0x1fe89636), TOBN(0x7b98443f, 0xf78834a6), + TOBN(0x11c6ab01, 0x5114a5a1), TOBN(0x60deb383, 0xffba5f4c), + TOBN(0x4caa54c6, 0x01a982e6), TOBN(0x1dd35e11, 0x3491cd26), + TOBN(0x973c315f, 0x7cbd6b05), TOBN(0xcab00775, 0x52494724), + TOBN(0x04659b1f, 0x6565e15a), TOBN(0xbf30f529, 0x8c8fb026), + TOBN(0xfc21641b, 0xa8a0de37), TOBN(0xe9c7a366, 0xfa5e5114), + TOBN(0xdb849ca5, 0x52f03ad8), TOBN(0xc7e8dbe9, 0x024e35c0), + TOBN(0xa1a2bbac, 0xcfc3c789), TOBN(0xbf733e7d, 0x9c26f262), + TOBN(0x882ffbf5, 0xb8444823), TOBN(0xb7224e88, 0x6bf8483b), + TOBN(0x53023b8b, 0x65bef640), TOBN(0xaabfec91, 0xd4d5f8cd), + TOBN(0xa40e1510, 0x079ea1bd), TOBN(0x1ad9addc, 0xd05d5d26), + TOBN(0xdb3f2eab, 0x13e68d4f), TOBN(0x1cff1ae2, 0x640f803f), + TOBN(0xe0e7b749, 0xd4cee117), TOBN(0x8e9f275b, 0x4036d909), + TOBN(0xce34e31d, 0x8f4d4c38), TOBN(0x22b37f69, 0xd75130fc), + TOBN(0x83e0f1fd, 0xb4014604), TOBN(0xa8ce9919, 0x89415078), + TOBN(0x82375b75, 0x41792efe), TOBN(0x4f59bf5c, 0x97d4515b), + TOBN(0xac4f324f, 0x923a277d), TOBN(0xd9bc9b7d, 0x650f3406), + TOBN(0xc6fa87d1, 0x8a39bc51), TOBN(0x82588530, 0x5ccc108f), + TOBN(0x5ced3c9f, 0x82e4c634), TOBN(0x8efb8314, 0x3a4464f8), + TOBN(0xe706381b, 0x7a1dca25), TOBN(0x6cd15a3c, 0x5a2a412b), + TOBN(0x9347a8fd, 0xbfcd8fb5), TOBN(0x31db2eef, 0x6e54cd22), + TOBN(0xc4aeb11e, 0xf8d8932f), TOBN(0x11e7c1ed, 0x344411af), + TOBN(0x2653050c, 0xdc9a151e), TOBN(0x9edbfc08, 0x3bb0a859), + TOBN(0x926c81c7, 0xfd5691e7), TOBN(0x9c1b2342, 0x6f39019a), + TOBN(0x64a81c8b, 0x7f8474b9), TOBN(0x90657c07, 0x01761819), + TOBN(0x390b3331, 0x55e0375a), TOBN(0xc676c626, 0xb6ebc47d), + TOBN(0x51623247, 0xb7d6dee8), TOBN(0x0948d927, 0x79659313), + TOBN(0x99700161, 0xe9ab35ed), TOBN(0x06cc32b4, 0x8ddde408), + TOBN(0x6f2fd664, 0x061ef338), TOBN(0x1606fa02, 0xc202e9ed), + TOBN(0x55388bc1, 0x929ba99b), TOBN(0xc4428c5e, 0x1e81df69), + TOBN(0xce2028ae, 0xf91b0b2a), TOBN(0xce870a23, 0xf03dfd3f), + TOBN(0x66ec2c87, 0x0affe8ed), TOBN(0xb205fb46, 0x284d0c00), + TOBN(0xbf5dffe7, 0x44cefa48), TOBN(0xb6fc37a8, 0xa19876d7), + TOBN(0xbecfa84c, 0x08b72863), TOBN(0xd7205ff5, 0x2576374f), + TOBN(0x80330d32, 0x8887de41), TOBN(0x5de0df0c, 0x869ea534), + TOBN(0x13f42753, 0x3c56ea17), TOBN(0xeb1f6069, 0x452b1a78), + TOBN(0x50474396, 0xe30ea15c), TOBN(0x575816a1, 0xc1494125), + TOBN(0xbe1ce55b, 0xfe6bb38f), TOBN(0xb901a948, 0x96ae30f7), + TOBN(0xe5af0f08, 0xd8fc3548), TOBN(0x5010b5d0, 0xd73bfd08), + TOBN(0x993d2880, 0x53fe655a), TOBN(0x99f2630b, 0x1c1309fd), + TOBN(0xd8677baf, 0xb4e3b76f), TOBN(0x14e51ddc, 0xb840784b), + TOBN(0x326c750c, 0xbf0092ce), TOBN(0xc83d306b, 0xf528320f), + TOBN(0xc4456715, 0x77d4715c), TOBN(0xd30019f9, 0x6b703235), + TOBN(0x207ccb2e, 0xd669e986), TOBN(0x57c824af, 0xf6dbfc28), + TOBN(0xf0eb532f, 0xd8f92a23), TOBN(0x4a557fd4, 0x9bb98fd2), + TOBN(0xa57acea7, 0xc1e6199a), TOBN(0x0c663820, 0x8b94b1ed), + TOBN(0x9b42be8f, 0xf83a9266), TOBN(0xc7741c97, 0x0101bd45), + TOBN(0x95770c11, 0x07bd9ceb), TOBN(0x1f50250a, 0x8b2e0744), + TOBN(0xf762eec8, 0x1477b654), TOBN(0xc65b900e, 0x15efe59a), + TOBN(0x88c96148, 0x9546a897), TOBN(0x7e8025b3, 0xc30b4d7c), + TOBN(0xae4065ef, 0x12045cf9), TOBN(0x6fcb2caf, 0x9ccce8bd), + TOBN(0x1fa0ba4e, 0xf2cf6525), TOBN(0xf683125d, 0xcb72c312), + TOBN(0xa01da4ea, 0xe312410e), TOBN(0x67e28677, 0x6cd8e830), + TOBN(0xabd95752, 0x98fb3f07), TOBN(0x05f11e11, 0xeef649a5), + TOBN(0xba47faef, 0x9d3472c2), TOBN(0x3adff697, 0xc77d1345), + TOBN(0x4761fa04, 0xdd15afee), TOBN(0x64f1f61a, 0xb9e69462), + TOBN(0xfa691fab, 0x9bfb9093), TOBN(0x3df8ae8f, 0xa1133dfe), + TOBN(0xcd5f8967, 0x58cc710d), TOBN(0xfbb88d50, 0x16c7fe79), + TOBN(0x8e011b4c, 0xe88c50d1), TOBN(0x7532e807, 0xa8771c4f), + TOBN(0x64c78a48, 0xe2278ee4), TOBN(0x0b283e83, 0x3845072a), + TOBN(0x98a6f291, 0x49e69274), TOBN(0xb96e9668, 0x1868b21c), + TOBN(0x38f0adc2, 0xb1a8908e), TOBN(0x90afcff7, 0x1feb829d), + TOBN(0x9915a383, 0x210b0856), TOBN(0xa5a80602, 0xdef04889), + TOBN(0x800e9af9, 0x7c64d509), TOBN(0x81382d0b, 0xb8996f6f), + TOBN(0x490eba53, 0x81927e27), TOBN(0x46c63b32, 0x4af50182), + TOBN(0x784c5fd9, 0xd3ad62ce), TOBN(0xe4fa1870, 0xf8ae8736), + TOBN(0x4ec9d0bc, 0xd7466b25), TOBN(0x84ddbe1a, 0xdb235c65), + TOBN(0x5e2645ee, 0x163c1688), TOBN(0x570bd00e, 0x00eba747), + TOBN(0xfa51b629, 0x128bfa0f), TOBN(0x92fce1bd, 0x6c1d3b68), + TOBN(0x3e7361dc, 0xb66778b1), TOBN(0x9c7d249d, 0x5561d2bb), + TOBN(0xa40b28bf, 0x0bbc6229), TOBN(0x1c83c05e, 0xdfd91497), + TOBN(0x5f9f5154, 0xf083df05), TOBN(0xbac38b3c, 0xeee66c9d), + TOBN(0xf71db7e3, 0xec0dfcfd), TOBN(0xf2ecda8e, 0x8b0a8416), + TOBN(0x52fddd86, 0x7812aa66), TOBN(0x2896ef10, 0x4e6f4272), + TOBN(0xff27186a, 0x0fe9a745), TOBN(0x08249fcd, 0x49ca70db), + TOBN(0x7425a2e6, 0x441cac49), TOBN(0xf4a0885a, 0xece5ff57), + TOBN(0x6e2cb731, 0x7d7ead58), TOBN(0xf96cf7d6, 0x1898d104), + TOBN(0xafe67c9d, 0x4f2c9a89), TOBN(0x89895a50, 0x1c7bf5bc), + TOBN(0xdc7cb8e5, 0x573cecfa), TOBN(0x66497eae, 0xd15f03e6), + TOBN(0x6bc0de69, 0x3f084420), TOBN(0x323b9b36, 0xacd532b0), + TOBN(0xcfed390a, 0x0115a3c1), TOBN(0x9414c40b, 0x2d65ca0e), + TOBN(0x641406bd, 0x2f530c78), TOBN(0x29369a44, 0x833438f2), + TOBN(0x996884f5, 0x903fa271), TOBN(0xe6da0fd2, 0xb9da921e), + TOBN(0xa6f2f269, 0x5db01e54), TOBN(0x1ee3e9bd, 0x6876214e), + TOBN(0xa26e181c, 0xe27a9497), TOBN(0x36d254e4, 0x8e215e04), + TOBN(0x42f32a6c, 0x252cabca), TOBN(0x99481487, 0x80b57614), + TOBN(0x4c4dfe69, 0x40d9cae1), TOBN(0x05869580, 0x11a10f09), + TOBN(0xca287b57, 0x3491b64b), TOBN(0x77862d5d, 0x3fd4a53b), + TOBN(0xbf94856e, 0x50349126), TOBN(0x2be30bd1, 0x71c5268f), + TOBN(0x10393f19, 0xcbb650a6), TOBN(0x639531fe, 0x778cf9fd), + TOBN(0x02556a11, 0xb2935359), TOBN(0xda38aa96, 0xaf8c126e), + TOBN(0x47dbe6c2, 0x0960167f), TOBN(0x37bbabb6, 0x501901cd), + TOBN(0xb6e979e0, 0x2c947778), TOBN(0xd69a5175, 0x7a1a1dc6), + TOBN(0xc3ed5095, 0x9d9faf0c), TOBN(0x4dd9c096, 0x1d5fa5f0), + TOBN(0xa0c4304d, 0x64f16ea8), TOBN(0x8b1cac16, 0x7e718623), + TOBN(0x0b576546, 0x7c67f03e), TOBN(0x559cf5ad, 0xcbd88c01), + TOBN(0x074877bb, 0x0e2af19a), TOBN(0x1f717ec1, 0xa1228c92), + TOBN(0x70bcb800, 0x326e8920), TOBN(0xec6e2c5c, 0x4f312804), + TOBN(0x426aea7d, 0x3fca4752), TOBN(0xf12c0949, 0x2211f62a), + TOBN(0x24beecd8, 0x7be7b6b5), TOBN(0xb77eaf4c, 0x36d7a27d), + TOBN(0x154c2781, 0xfda78fd3), TOBN(0x848a83b0, 0x264eeabe), + TOBN(0x81287ef0, 0x4ffe2bc4), TOBN(0x7b6d88c6, 0xb6b6fc2a), + TOBN(0x805fb947, 0xce417d99), TOBN(0x4b93dcc3, 0x8b916cc4), + TOBN(0x72e65bb3, 0x21273323), TOBN(0xbcc1badd, 0x6ea9886e), + TOBN(0x0e223011, 0x4bc5ee85), TOBN(0xa561be74, 0xc18ee1e4), + TOBN(0x762fd2d4, 0xa6bcf1f1), TOBN(0x50e6a5a4, 0x95231489), + TOBN(0xca96001f, 0xa00b500b), TOBN(0x5c098cfc, 0x5d7dcdf5), + TOBN(0xa64e2d2e, 0x8c446a85), TOBN(0xbae9bcf1, 0x971f3c62), + TOBN(0x4ec22683, 0x8435a2c5), TOBN(0x8ceaed6c, 0x4bad4643), + TOBN(0xe9f8fb47, 0xccccf4e3), TOBN(0xbd4f3fa4, 0x1ce3b21e), + TOBN(0xd79fb110, 0xa3db3292), TOBN(0xe28a37da, 0xb536c66a), + TOBN(0x279ce87b, 0x8e49e6a9), TOBN(0x70ccfe8d, 0xfdcec8e3), + TOBN(0x2193e4e0, 0x3ba464b2), TOBN(0x0f39d60e, 0xaca9a398), + TOBN(0x7d7932af, 0xf82c12ab), TOBN(0xd8ff50ed, 0x91e7e0f7), + TOBN(0xea961058, 0xfa28a7e0), TOBN(0xc726cf25, 0x0bf5ec74), + TOBN(0xe74d55c8, 0xdb229666), TOBN(0x0bd9abbf, 0xa57f5799), + TOBN(0x7479ef07, 0x4dfc47b3), TOBN(0xd9c65fc3, 0x0c52f91d), + TOBN(0x8e0283fe, 0x36a8bde2), TOBN(0xa32a8b5e, 0x7d4b7280), + TOBN(0x6a677c61, 0x12e83233), TOBN(0x0fbb3512, 0xdcc9bf28), + TOBN(0x562e8ea5, 0x0d780f61), TOBN(0x0db8b22b, 0x1dc4e89c), + TOBN(0x0a6fd1fb, 0x89be0144), TOBN(0x8c77d246, 0xca57113b), + TOBN(0x4639075d, 0xff09c91c), TOBN(0x5b47b17f, 0x5060824c), + TOBN(0x58aea2b0, 0x16287b52), TOBN(0xa1343520, 0xd0cd8eb0), + TOBN(0x6148b4d0, 0xc5d58573), TOBN(0xdd2b6170, 0x291c68ae), + TOBN(0xa61b3929, 0x1da3b3b7), TOBN(0x5f946d79, 0x08c4ac10), + TOBN(0x4105d4a5, 0x7217d583), TOBN(0x5061da3d, 0x25e6de5e), + TOBN(0x3113940d, 0xec1b4991), TOBN(0xf12195e1, 0x36f485ae), + TOBN(0xa7507fb2, 0x731a2ee0), TOBN(0x95057a8e, 0x6e9e196e), + TOBN(0xa3c2c911, 0x2e130136), TOBN(0x97dfbb36, 0x33c60d15), + TOBN(0xcaf3c581, 0xb300ee2b), TOBN(0x77f25d90, 0xf4bac8b8), + TOBN(0xdb1c4f98, 0x6d840cd6), TOBN(0x471d62c0, 0xe634288c), + TOBN(0x8ec2f85e, 0xcec8a161), TOBN(0x41f37cbc, 0xfa6f4ae2), + TOBN(0x6793a20f, 0x4b709985), TOBN(0x7a7bd33b, 0xefa8985b), + TOBN(0x2c6a3fbd, 0x938e6446), TOBN(0x19042619, 0x2a8d47c1), + TOBN(0x16848667, 0xcc36975f), TOBN(0x02acf168, 0x9d5f1dfb), + TOBN(0x62d41ad4, 0x613baa94), TOBN(0xb56fbb92, 0x9f684670), + TOBN(0xce610d0d, 0xe9e40569), TOBN(0x7b99c65f, 0x35489fef), + TOBN(0x0c88ad1b, 0x3df18b97), TOBN(0x81b7d9be, 0x5d0e9edb), + TOBN(0xd85218c0, 0xc716cc0a), TOBN(0xf4b5ff90, 0x85691c49), + TOBN(0xa4fd666b, 0xce356ac6), TOBN(0x17c72895, 0x4b327a7a), + TOBN(0xf93d5085, 0xda6be7de), TOBN(0xff71530e, 0x3301d34e), + TOBN(0x4cd96442, 0xd8f448e8), TOBN(0x9283d331, 0x2ed18ffa), + TOBN(0x4d33dd99, 0x2a849870), TOBN(0xa716964b, 0x41576335), + TOBN(0xff5e3a9b, 0x179be0e5), TOBN(0x5b9d6b1b, 0x83b13632), + TOBN(0x3b8bd7d4, 0xa52f313b), TOBN(0xc9dd95a0, 0x637a4660), + TOBN(0x30035962, 0x0b3e218f), TOBN(0xce1481a3, 0xc7b28a3c), + TOBN(0xab41b43a, 0x43228d83), TOBN(0x24ae1c30, 0x4ad63f99), + TOBN(0x8e525f1a, 0x46a51229), TOBN(0x14af860f, 0xcd26d2b4), + TOBN(0xd6baef61, 0x3f714aa1), TOBN(0xf51865ad, 0xeb78795e), + TOBN(0xd3e21fce, 0xe6a9d694), TOBN(0x82ceb1dd, 0x8a37b527)} +}; + +__END_HIDDEN_DECLS diff --git a/src/lib/libcrypto/ec/ecp_oct.c b/src/lib/libcrypto/ec/ecp_oct.c new file mode 100644 index 00000000000..90c5ca2e4e1 --- /dev/null +++ b/src/lib/libcrypto/ec/ecp_oct.c @@ -0,0 +1,395 @@ +/* $OpenBSD: ecp_oct.c,v 1.11 2018/07/15 16:27:39 tb Exp $ */ +/* Includes code written by Lenka Fibikova + * for the OpenSSL project. + * Includes code written by Bodo Moeller for the OpenSSL project. +*/ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * Portions of this software developed by SUN MICROSYSTEMS, INC., + * and contributed to the OpenSSL project. + */ + +#include + +#include "ec_lcl.h" + +int +ec_GFp_simple_set_compressed_coordinates(const EC_GROUP * group, + EC_POINT * point, const BIGNUM * x_, int y_bit, BN_CTX * ctx) +{ + BN_CTX *new_ctx = NULL; + BIGNUM *tmp1, *tmp2, *x, *y; + int ret = 0; + + /* clear error queue */ + ERR_clear_error(); + + if (ctx == NULL) { + ctx = new_ctx = BN_CTX_new(); + if (ctx == NULL) + return 0; + } + y_bit = (y_bit != 0); + + BN_CTX_start(ctx); + if ((tmp1 = BN_CTX_get(ctx)) == NULL) + goto err; + if ((tmp2 = BN_CTX_get(ctx)) == NULL) + goto err; + if ((x = BN_CTX_get(ctx)) == NULL) + goto err; + if ((y = BN_CTX_get(ctx)) == NULL) + goto err; + + /* + * Recover y. We have a Weierstrass equation y^2 = x^3 + a*x + b, so + * y is one of the square roots of x^3 + a*x + b. + */ + + /* tmp1 := x^3 */ + if (!BN_nnmod(x, x_, &group->field, ctx)) + goto err; + if (group->meth->field_decode == 0) { + /* field_{sqr,mul} work on standard representation */ + if (!group->meth->field_sqr(group, tmp2, x_, ctx)) + goto err; + if (!group->meth->field_mul(group, tmp1, tmp2, x_, ctx)) + goto err; + } else { + if (!BN_mod_sqr(tmp2, x_, &group->field, ctx)) + goto err; + if (!BN_mod_mul(tmp1, tmp2, x_, &group->field, ctx)) + goto err; + } + + /* tmp1 := tmp1 + a*x */ + if (group->a_is_minus3) { + if (!BN_mod_lshift1_quick(tmp2, x, &group->field)) + goto err; + if (!BN_mod_add_quick(tmp2, tmp2, x, &group->field)) + goto err; + if (!BN_mod_sub_quick(tmp1, tmp1, tmp2, &group->field)) + goto err; + } else { + if (group->meth->field_decode) { + if (!group->meth->field_decode(group, tmp2, &group->a, ctx)) + goto err; + if (!BN_mod_mul(tmp2, tmp2, x, &group->field, ctx)) + goto err; + } else { + /* field_mul works on standard representation */ + if (!group->meth->field_mul(group, tmp2, &group->a, x, ctx)) + goto err; + } + + if (!BN_mod_add_quick(tmp1, tmp1, tmp2, &group->field)) + goto err; + } + + /* tmp1 := tmp1 + b */ + if (group->meth->field_decode) { + if (!group->meth->field_decode(group, tmp2, &group->b, ctx)) + goto err; + if (!BN_mod_add_quick(tmp1, tmp1, tmp2, &group->field)) + goto err; + } else { + if (!BN_mod_add_quick(tmp1, tmp1, &group->b, &group->field)) + goto err; + } + + if (!BN_mod_sqrt(y, tmp1, &group->field, ctx)) { + unsigned long err = ERR_peek_last_error(); + + if (ERR_GET_LIB(err) == ERR_LIB_BN && ERR_GET_REASON(err) == BN_R_NOT_A_SQUARE) { + ERR_clear_error(); + ECerror(EC_R_INVALID_COMPRESSED_POINT); + } else + ECerror(ERR_R_BN_LIB); + goto err; + } + if (y_bit != BN_is_odd(y)) { + if (BN_is_zero(y)) { + int kron; + + kron = BN_kronecker(x, &group->field, ctx); + if (kron == -2) + goto err; + + if (kron == 1) + ECerror(EC_R_INVALID_COMPRESSION_BIT); + else + /* + * BN_mod_sqrt() should have cought this + * error (not a square) + */ + ECerror(EC_R_INVALID_COMPRESSED_POINT); + goto err; + } + if (!BN_usub(y, &group->field, y)) + goto err; + } + if (y_bit != BN_is_odd(y)) { + ECerror(ERR_R_INTERNAL_ERROR); + goto err; + } + if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) + goto err; + + ret = 1; + + err: + BN_CTX_end(ctx); + BN_CTX_free(new_ctx); + return ret; +} + + +size_t +ec_GFp_simple_point2oct(const EC_GROUP * group, const EC_POINT * point, point_conversion_form_t form, + unsigned char *buf, size_t len, BN_CTX * ctx) +{ + size_t ret; + BN_CTX *new_ctx = NULL; + int used_ctx = 0; + BIGNUM *x, *y; + size_t field_len, i, skip; + + if ((form != POINT_CONVERSION_COMPRESSED) + && (form != POINT_CONVERSION_UNCOMPRESSED) + && (form != POINT_CONVERSION_HYBRID)) { + ECerror(EC_R_INVALID_FORM); + goto err; + } + if (EC_POINT_is_at_infinity(group, point) > 0) { + /* encodes to a single 0 octet */ + if (buf != NULL) { + if (len < 1) { + ECerror(EC_R_BUFFER_TOO_SMALL); + return 0; + } + buf[0] = 0; + } + return 1; + } + /* ret := required output buffer length */ + field_len = BN_num_bytes(&group->field); + ret = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len; + + /* if 'buf' is NULL, just return required length */ + if (buf != NULL) { + if (len < ret) { + ECerror(EC_R_BUFFER_TOO_SMALL); + goto err; + } + if (ctx == NULL) { + ctx = new_ctx = BN_CTX_new(); + if (ctx == NULL) + return 0; + } + BN_CTX_start(ctx); + used_ctx = 1; + if ((x = BN_CTX_get(ctx)) == NULL) + goto err; + if ((y = BN_CTX_get(ctx)) == NULL) + goto err; + + if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx)) + goto err; + + if ((form == POINT_CONVERSION_COMPRESSED || form == POINT_CONVERSION_HYBRID) && BN_is_odd(y)) + buf[0] = form + 1; + else + buf[0] = form; + + i = 1; + + skip = field_len - BN_num_bytes(x); + if (skip > field_len) { + ECerror(ERR_R_INTERNAL_ERROR); + goto err; + } + while (skip > 0) { + buf[i++] = 0; + skip--; + } + skip = BN_bn2bin(x, buf + i); + i += skip; + if (i != 1 + field_len) { + ECerror(ERR_R_INTERNAL_ERROR); + goto err; + } + if (form == POINT_CONVERSION_UNCOMPRESSED || form == POINT_CONVERSION_HYBRID) { + skip = field_len - BN_num_bytes(y); + if (skip > field_len) { + ECerror(ERR_R_INTERNAL_ERROR); + goto err; + } + while (skip > 0) { + buf[i++] = 0; + skip--; + } + skip = BN_bn2bin(y, buf + i); + i += skip; + } + if (i != ret) { + ECerror(ERR_R_INTERNAL_ERROR); + goto err; + } + } + if (used_ctx) + BN_CTX_end(ctx); + BN_CTX_free(new_ctx); + return ret; + + err: + if (used_ctx) + BN_CTX_end(ctx); + BN_CTX_free(new_ctx); + return 0; +} + + +int +ec_GFp_simple_oct2point(const EC_GROUP * group, EC_POINT * point, + const unsigned char *buf, size_t len, BN_CTX * ctx) +{ + point_conversion_form_t form; + int y_bit; + BN_CTX *new_ctx = NULL; + BIGNUM *x, *y; + size_t field_len, enc_len; + int ret = 0; + + if (len == 0) { + ECerror(EC_R_BUFFER_TOO_SMALL); + return 0; + } + form = buf[0]; + y_bit = form & 1; + form = form & ~1U; + if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED) + && (form != POINT_CONVERSION_UNCOMPRESSED) + && (form != POINT_CONVERSION_HYBRID)) { + ECerror(EC_R_INVALID_ENCODING); + return 0; + } + if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit) { + ECerror(EC_R_INVALID_ENCODING); + return 0; + } + if (form == 0) { + if (len != 1) { + ECerror(EC_R_INVALID_ENCODING); + return 0; + } + return EC_POINT_set_to_infinity(group, point); + } + field_len = BN_num_bytes(&group->field); + enc_len = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len; + + if (len != enc_len) { + ECerror(EC_R_INVALID_ENCODING); + return 0; + } + if (ctx == NULL) { + ctx = new_ctx = BN_CTX_new(); + if (ctx == NULL) + return 0; + } + BN_CTX_start(ctx); + if ((x = BN_CTX_get(ctx)) == NULL) + goto err; + if ((y = BN_CTX_get(ctx)) == NULL) + goto err; + + if (!BN_bin2bn(buf + 1, field_len, x)) + goto err; + if (BN_ucmp(x, &group->field) >= 0) { + ECerror(EC_R_INVALID_ENCODING); + goto err; + } + if (form == POINT_CONVERSION_COMPRESSED) { + if (!EC_POINT_set_compressed_coordinates_GFp(group, point, x, y_bit, ctx)) + goto err; + } else { + if (!BN_bin2bn(buf + 1 + field_len, field_len, y)) + goto err; + if (BN_ucmp(y, &group->field) >= 0) { + ECerror(EC_R_INVALID_ENCODING); + goto err; + } + if (form == POINT_CONVERSION_HYBRID) { + if (y_bit != BN_is_odd(y)) { + ECerror(EC_R_INVALID_ENCODING); + goto err; + } + } + if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) + goto err; + } + + /* test required by X9.62 */ + if (EC_POINT_is_on_curve(group, point, ctx) <= 0) { + ECerror(EC_R_POINT_IS_NOT_ON_CURVE); + goto err; + } + ret = 1; + + err: + BN_CTX_end(ctx); + BN_CTX_free(new_ctx); + return ret; +} diff --git a/src/lib/libcrypto/ec/ecp_recp.c b/src/lib/libcrypto/ec/ecp_recp.c deleted file mode 100644 index fec843b5c85..00000000000 --- a/src/lib/libcrypto/ec/ecp_recp.c +++ /dev/null @@ -1,133 +0,0 @@ -/* crypto/ec/ecp_recp.c */ -/* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include "ec_lcl.h" - -#if 0 -const EC_METHOD *EC_GFp_recp_method(void) - { - static const EC_METHOD ret = { - ec_GFp_recp_group_init, - ec_GFp_recp_group_finish, - ec_GFp_recp_group_clear_finish, - ec_GFp_recp_group_copy, - ec_GFp_recp_group_set_curve_GFp, - ec_GFp_simple_group_get_curve_GFp, - ec_GFp_simple_group_set_generator, - ec_GFp_simple_group_get0_generator, - ec_GFp_simple_group_get_order, - ec_GFp_simple_group_get_cofactor, - ec_GFp_simple_point_init, - ec_GFp_simple_point_finish, - ec_GFp_simple_point_clear_finish, - ec_GFp_simple_point_copy, - ec_GFp_simple_point_set_to_infinity, - ec_GFp_simple_set_Jprojective_coordinates_GFp, - ec_GFp_simple_get_Jprojective_coordinates_GFp, - ec_GFp_simple_point_set_affine_coordinates_GFp, - ec_GFp_simple_point_get_affine_coordinates_GFp, - ec_GFp_simple_set_compressed_coordinates_GFp, - ec_GFp_simple_point2oct, - ec_GFp_simple_oct2point, - ec_GFp_simple_add, - ec_GFp_simple_dbl, - ec_GFp_simple_invert, - ec_GFp_simple_is_at_infinity, - ec_GFp_simple_is_on_curve, - ec_GFp_simple_cmp, - ec_GFp_simple_make_affine, - ec_GFp_simple_points_make_affine, - ec_GFp_recp_field_mul, - ec_GFp_recp_field_sqr, - 0 /* field_encode */, - 0 /* field_decode */, - 0 /* field_set_to_one */ }; - - return &ret; - } -#endif - -int ec_GFp_recp_group_init(EC_GROUP *group) - { - int ok; - - ok = ec_GFp_simple_group_init(group); - group->field_data1 = NULL; - return ok; - } - - -int ec_GFp_recp_group_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); -/* TODO */ - - -void ec_GFp_recp_group_finish(EC_GROUP *group); -/* TODO */ - - -void ec_GFp_recp_group_clear_finish(EC_GROUP *group); -/* TODO */ - - -int ec_GFp_recp_group_copy(EC_GROUP *dest, const EC_GROUP *src); -/* TODO */ - - -int ec_GFp_recp_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); -/* TODO */ - - -int ec_GFp_recp_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx); -/* TODO */ diff --git a/src/lib/libcrypto/ec/ecp_smpl.c b/src/lib/libcrypto/ec/ecp_smpl.c index 4666a052bfa..3957bd154c2 100644 --- a/src/lib/libcrypto/ec/ecp_smpl.c +++ b/src/lib/libcrypto/ec/ecp_smpl.c @@ -1,15 +1,17 @@ -/* crypto/ec/ecp_smpl.c */ +/* $OpenBSD: ecp_smpl.c,v 1.29 2018/11/15 05:53:31 tb Exp $ */ /* Includes code written by Lenka Fibikova - * for the OpenSSL project. */ + * for the OpenSSL project. + * Includes code written by Bodo Moeller for the OpenSSL project. +*/ /* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -54,1489 +56,1179 @@ * Hudson (tjh@cryptsoft.com). * */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * Portions of this software developed by SUN MICROSYSTEMS, INC., + * and contributed to the OpenSSL project. + */ #include +#include "bn_lcl.h" #include "ec_lcl.h" - -const EC_METHOD *EC_GFp_simple_method(void) - { +const EC_METHOD * +EC_GFp_simple_method(void) +{ static const EC_METHOD ret = { - ec_GFp_simple_group_init, - ec_GFp_simple_group_finish, - ec_GFp_simple_group_clear_finish, - ec_GFp_simple_group_copy, - ec_GFp_simple_group_set_curve_GFp, - ec_GFp_simple_group_get_curve_GFp, - ec_GFp_simple_group_set_generator, - ec_GFp_simple_group_get0_generator, - ec_GFp_simple_group_get_order, - ec_GFp_simple_group_get_cofactor, - ec_GFp_simple_point_init, - ec_GFp_simple_point_finish, - ec_GFp_simple_point_clear_finish, - ec_GFp_simple_point_copy, - ec_GFp_simple_point_set_to_infinity, + .flags = EC_FLAGS_DEFAULT_OCT, + .field_type = NID_X9_62_prime_field, + .group_init = ec_GFp_simple_group_init, + .group_finish = ec_GFp_simple_group_finish, + .group_clear_finish = ec_GFp_simple_group_clear_finish, + .group_copy = ec_GFp_simple_group_copy, + .group_set_curve = ec_GFp_simple_group_set_curve, + .group_get_curve = ec_GFp_simple_group_get_curve, + .group_get_degree = ec_GFp_simple_group_get_degree, + .group_check_discriminant = + ec_GFp_simple_group_check_discriminant, + .point_init = ec_GFp_simple_point_init, + .point_finish = ec_GFp_simple_point_finish, + .point_clear_finish = ec_GFp_simple_point_clear_finish, + .point_copy = ec_GFp_simple_point_copy, + .point_set_to_infinity = ec_GFp_simple_point_set_to_infinity, + .point_set_Jprojective_coordinates_GFp = ec_GFp_simple_set_Jprojective_coordinates_GFp, + .point_get_Jprojective_coordinates_GFp = ec_GFp_simple_get_Jprojective_coordinates_GFp, - ec_GFp_simple_point_set_affine_coordinates_GFp, - ec_GFp_simple_point_get_affine_coordinates_GFp, - ec_GFp_simple_set_compressed_coordinates_GFp, - ec_GFp_simple_point2oct, - ec_GFp_simple_oct2point, - ec_GFp_simple_add, - ec_GFp_simple_dbl, - ec_GFp_simple_invert, - ec_GFp_simple_is_at_infinity, - ec_GFp_simple_is_on_curve, - ec_GFp_simple_cmp, - ec_GFp_simple_make_affine, - ec_GFp_simple_points_make_affine, - ec_GFp_simple_field_mul, - ec_GFp_simple_field_sqr, - 0 /* field_encode */, - 0 /* field_decode */, - 0 /* field_set_to_one */ }; + .point_set_affine_coordinates = + ec_GFp_simple_point_set_affine_coordinates, + .point_get_affine_coordinates = + ec_GFp_simple_point_get_affine_coordinates, + .add = ec_GFp_simple_add, + .dbl = ec_GFp_simple_dbl, + .invert = ec_GFp_simple_invert, + .is_at_infinity = ec_GFp_simple_is_at_infinity, + .is_on_curve = ec_GFp_simple_is_on_curve, + .point_cmp = ec_GFp_simple_cmp, + .make_affine = ec_GFp_simple_make_affine, + .points_make_affine = ec_GFp_simple_points_make_affine, + .mul_generator_ct = ec_GFp_simple_mul_generator_ct, + .mul_single_ct = ec_GFp_simple_mul_single_ct, + .mul_double_nonct = ec_GFp_simple_mul_double_nonct, + .field_mul = ec_GFp_simple_field_mul, + .field_sqr = ec_GFp_simple_field_sqr, + .blind_coordinates = ec_GFp_simple_blind_coordinates, + }; return &ret; - } +} + + +/* Most method functions in this file are designed to work with + * non-trivial representations of field elements if necessary + * (see ecp_mont.c): while standard modular addition and subtraction + * are used, the field_mul and field_sqr methods will be used for + * multiplication, and field_encode and field_decode (if defined) + * will be used for converting between representations. + + * Functions ec_GFp_simple_points_make_affine() and + * ec_GFp_simple_point_get_affine_coordinates() specifically assume + * that if a non-trivial representation is used, it is a Montgomery + * representation (i.e. 'encoding' means multiplying by some factor R). + */ -int ec_GFp_simple_group_init(EC_GROUP *group) - { +int +ec_GFp_simple_group_init(EC_GROUP * group) +{ BN_init(&group->field); BN_init(&group->a); BN_init(&group->b); group->a_is_minus3 = 0; - group->generator = NULL; - BN_init(&group->order); - BN_init(&group->cofactor); return 1; - } +} -void ec_GFp_simple_group_finish(EC_GROUP *group) - { +void +ec_GFp_simple_group_finish(EC_GROUP * group) +{ BN_free(&group->field); BN_free(&group->a); BN_free(&group->b); - if (group->generator != NULL) - EC_POINT_free(group->generator); - BN_free(&group->order); - BN_free(&group->cofactor); - } +} -void ec_GFp_simple_group_clear_finish(EC_GROUP *group) - { +void +ec_GFp_simple_group_clear_finish(EC_GROUP * group) +{ BN_clear_free(&group->field); BN_clear_free(&group->a); BN_clear_free(&group->b); - if (group->generator != NULL) - { - EC_POINT_clear_free(group->generator); - group->generator = NULL; - } - BN_clear_free(&group->order); - BN_clear_free(&group->cofactor); - } +} -int ec_GFp_simple_group_copy(EC_GROUP *dest, const EC_GROUP *src) - { - if (!BN_copy(&dest->field, &src->field)) return 0; - if (!BN_copy(&dest->a, &src->a)) return 0; - if (!BN_copy(&dest->b, &src->b)) return 0; +int +ec_GFp_simple_group_copy(EC_GROUP * dest, const EC_GROUP * src) +{ + if (!BN_copy(&dest->field, &src->field)) + return 0; + if (!BN_copy(&dest->a, &src->a)) + return 0; + if (!BN_copy(&dest->b, &src->b)) + return 0; dest->a_is_minus3 = src->a_is_minus3; - if (src->generator != NULL) - { - if (dest->generator == NULL) - { - dest->generator = EC_POINT_new(dest); - if (dest->generator == NULL) return 0; - } - if (!EC_POINT_copy(dest->generator, src->generator)) return 0; - } - else - { - /* src->generator == NULL */ - if (dest->generator != NULL) - { - EC_POINT_clear_free(dest->generator); - dest->generator = NULL; - } - } - - if (!BN_copy(&dest->order, &src->order)) return 0; - if (!BN_copy(&dest->cofactor, &src->cofactor)) return 0; - return 1; - } +} -int ec_GFp_simple_group_set_curve_GFp(EC_GROUP *group, - const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) - { +int +ec_GFp_simple_group_set_curve(EC_GROUP * group, + const BIGNUM * p, const BIGNUM * a, const BIGNUM * b, BN_CTX * ctx) +{ int ret = 0; BN_CTX *new_ctx = NULL; BIGNUM *tmp_a; - + /* p must be a prime > 3 */ - if (BN_num_bits(p) <= 2 || !BN_is_odd(p)) - { - ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP, EC_R_INVALID_FIELD); + if (BN_num_bits(p) <= 2 || !BN_is_odd(p)) { + ECerror(EC_R_INVALID_FIELD); return 0; - } - - if (ctx == NULL) - { + } + if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); if (ctx == NULL) return 0; - } - + } BN_CTX_start(ctx); - tmp_a = BN_CTX_get(ctx); - if (tmp_a == NULL) goto err; + if ((tmp_a = BN_CTX_get(ctx)) == NULL) + goto err; /* group->field */ - if (!BN_copy(&group->field, p)) goto err; - group->field.neg = 0; + if (!BN_copy(&group->field, p)) + goto err; + BN_set_negative(&group->field, 0); /* group->a */ - if (!BN_nnmod(tmp_a, a, p, ctx)) goto err; - if (group->meth->field_encode) - { if (!group->meth->field_encode(group, &group->a, tmp_a, ctx)) goto err; } - else - if (!BN_copy(&group->a, tmp_a)) goto err; - + if (!BN_nnmod(tmp_a, a, p, ctx)) + goto err; + if (group->meth->field_encode) { + if (!group->meth->field_encode(group, &group->a, tmp_a, ctx)) + goto err; + } else if (!BN_copy(&group->a, tmp_a)) + goto err; + /* group->b */ - if (!BN_nnmod(&group->b, b, p, ctx)) goto err; + if (!BN_nnmod(&group->b, b, p, ctx)) + goto err; if (group->meth->field_encode) - if (!group->meth->field_encode(group, &group->b, &group->b, ctx)) goto err; - + if (!group->meth->field_encode(group, &group->b, &group->b, ctx)) + goto err; + /* group->a_is_minus3 */ - if (!BN_add_word(tmp_a, 3)) goto err; + if (!BN_add_word(tmp_a, 3)) + goto err; group->a_is_minus3 = (0 == BN_cmp(tmp_a, &group->field)); ret = 1; err: BN_CTX_end(ctx); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); return ret; - } +} -int ec_GFp_simple_group_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx) - { +int +ec_GFp_simple_group_get_curve(const EC_GROUP * group, BIGNUM * p, BIGNUM * a, BIGNUM * b, BN_CTX * ctx) +{ int ret = 0; BN_CTX *new_ctx = NULL; - - if (p != NULL) - { - if (!BN_copy(p, &group->field)) return 0; - } - if (a != NULL || b != NULL) - { - if (group->meth->field_decode) - { - if (ctx == NULL) - { + if (p != NULL) { + if (!BN_copy(p, &group->field)) + return 0; + } + if (a != NULL || b != NULL) { + if (group->meth->field_decode) { + if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); if (ctx == NULL) return 0; - } - if (a != NULL) - { - if (!group->meth->field_decode(group, a, &group->a, ctx)) goto err; - } - if (b != NULL) - { - if (!group->meth->field_decode(group, b, &group->b, ctx)) goto err; - } } - else - { - if (a != NULL) - { - if (!BN_copy(a, &group->a)) goto err; - } - if (b != NULL) - { - if (!BN_copy(b, &group->b)) goto err; - } + if (a != NULL) { + if (!group->meth->field_decode(group, a, &group->a, ctx)) + goto err; + } + if (b != NULL) { + if (!group->meth->field_decode(group, b, &group->b, ctx)) + goto err; + } + } else { + if (a != NULL) { + if (!BN_copy(a, &group->a)) + goto err; + } + if (b != NULL) { + if (!BN_copy(b, &group->b)) + goto err; } } - + } ret = 1; - + err: - if (new_ctx) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); return ret; - } - - +} -int ec_GFp_simple_group_set_generator(EC_GROUP *group, const EC_POINT *generator, - const BIGNUM *order, const BIGNUM *cofactor) - { - if (generator == NULL) - { - ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR, ERR_R_PASSED_NULL_PARAMETER); - return 0 ; - } - if (group->generator == NULL) - { - group->generator = EC_POINT_new(group); - if (group->generator == NULL) return 0; - } - if (!EC_POINT_copy(group->generator, generator)) return 0; +int +ec_GFp_simple_group_get_degree(const EC_GROUP * group) +{ + return BN_num_bits(&group->field); +} - if (order != NULL) - { if (!BN_copy(&group->order, order)) return 0; } - else - { if (!BN_zero(&group->order)) return 0; } - if (cofactor != NULL) - { if (!BN_copy(&group->cofactor, cofactor)) return 0; } - else - { if (!BN_zero(&group->cofactor)) return 0; } +int +ec_GFp_simple_group_check_discriminant(const EC_GROUP * group, BN_CTX * ctx) +{ + int ret = 0; + BIGNUM *a, *b, *order, *tmp_1, *tmp_2; + const BIGNUM *p = &group->field; + BN_CTX *new_ctx = NULL; - return 1; + if (ctx == NULL) { + ctx = new_ctx = BN_CTX_new(); + if (ctx == NULL) { + ECerror(ERR_R_MALLOC_FAILURE); + goto err; + } } + BN_CTX_start(ctx); + if ((a = BN_CTX_get(ctx)) == NULL) + goto err; + if ((b = BN_CTX_get(ctx)) == NULL) + goto err; + if ((tmp_1 = BN_CTX_get(ctx)) == NULL) + goto err; + if ((tmp_2 = BN_CTX_get(ctx)) == NULL) + goto err; + if ((order = BN_CTX_get(ctx)) == NULL) + goto err; - -EC_POINT *ec_GFp_simple_group_get0_generator(const EC_GROUP *group) - { - return group->generator; + if (group->meth->field_decode) { + if (!group->meth->field_decode(group, a, &group->a, ctx)) + goto err; + if (!group->meth->field_decode(group, b, &group->b, ctx)) + goto err; + } else { + if (!BN_copy(a, &group->a)) + goto err; + if (!BN_copy(b, &group->b)) + goto err; } + /* + * check the discriminant: y^2 = x^3 + a*x + b is an elliptic curve + * <=> 4*a^3 + 27*b^2 != 0 (mod p) 0 =< a, b < p + */ + if (BN_is_zero(a)) { + if (BN_is_zero(b)) + goto err; + } else if (!BN_is_zero(b)) { + if (!BN_mod_sqr(tmp_1, a, p, ctx)) + goto err; + if (!BN_mod_mul(tmp_2, tmp_1, a, p, ctx)) + goto err; + if (!BN_lshift(tmp_1, tmp_2, 2)) + goto err; + /* tmp_1 = 4*a^3 */ -int ec_GFp_simple_group_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx) - { - if (!BN_copy(order, &group->order)) - return 0; + if (!BN_mod_sqr(tmp_2, b, p, ctx)) + goto err; + if (!BN_mul_word(tmp_2, 27)) + goto err; + /* tmp_2 = 27*b^2 */ - return !BN_is_zero(&group->order); + if (!BN_mod_add(a, tmp_1, tmp_2, p, ctx)) + goto err; + if (BN_is_zero(a)) + goto err; } + ret = 1; - -int ec_GFp_simple_group_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx) - { - if (!BN_copy(cofactor, &group->cofactor)) - return 0; - - return !BN_is_zero(&group->cofactor); - } + err: + if (ctx != NULL) + BN_CTX_end(ctx); + BN_CTX_free(new_ctx); + return ret; +} -int ec_GFp_simple_point_init(EC_POINT *point) - { +int +ec_GFp_simple_point_init(EC_POINT * point) +{ BN_init(&point->X); BN_init(&point->Y); BN_init(&point->Z); point->Z_is_one = 0; return 1; - } +} -void ec_GFp_simple_point_finish(EC_POINT *point) - { +void +ec_GFp_simple_point_finish(EC_POINT * point) +{ BN_free(&point->X); BN_free(&point->Y); BN_free(&point->Z); - } +} -void ec_GFp_simple_point_clear_finish(EC_POINT *point) - { +void +ec_GFp_simple_point_clear_finish(EC_POINT * point) +{ BN_clear_free(&point->X); BN_clear_free(&point->Y); BN_clear_free(&point->Z); point->Z_is_one = 0; - } +} -int ec_GFp_simple_point_copy(EC_POINT *dest, const EC_POINT *src) - { - if (!BN_copy(&dest->X, &src->X)) return 0; - if (!BN_copy(&dest->Y, &src->Y)) return 0; - if (!BN_copy(&dest->Z, &src->Z)) return 0; +int +ec_GFp_simple_point_copy(EC_POINT * dest, const EC_POINT * src) +{ + if (!BN_copy(&dest->X, &src->X)) + return 0; + if (!BN_copy(&dest->Y, &src->Y)) + return 0; + if (!BN_copy(&dest->Z, &src->Z)) + return 0; dest->Z_is_one = src->Z_is_one; return 1; - } +} -int ec_GFp_simple_point_set_to_infinity(const EC_GROUP *group, EC_POINT *point) - { +int +ec_GFp_simple_point_set_to_infinity(const EC_GROUP * group, EC_POINT * point) +{ point->Z_is_one = 0; - return (BN_zero(&point->Z)); - } + BN_zero(&point->Z); + return 1; +} -int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *point, - const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx) - { +int +ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP * group, EC_POINT * point, + const BIGNUM * x, const BIGNUM * y, const BIGNUM * z, BN_CTX * ctx) +{ BN_CTX *new_ctx = NULL; int ret = 0; - - if (ctx == NULL) - { + + if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); if (ctx == NULL) return 0; + } + if (x != NULL) { + if (!BN_nnmod(&point->X, x, &group->field, ctx)) + goto err; + if (group->meth->field_encode) { + if (!group->meth->field_encode(group, &point->X, &point->X, ctx)) + goto err; } - - if (x != NULL) - { - if (!BN_nnmod(&point->X, x, &group->field, ctx)) goto err; - if (group->meth->field_encode) - { - if (!group->meth->field_encode(group, &point->X, &point->X, ctx)) goto err; - } - } - - if (y != NULL) - { - if (!BN_nnmod(&point->Y, y, &group->field, ctx)) goto err; - if (group->meth->field_encode) - { - if (!group->meth->field_encode(group, &point->Y, &point->Y, ctx)) goto err; - } + } + if (y != NULL) { + if (!BN_nnmod(&point->Y, y, &group->field, ctx)) + goto err; + if (group->meth->field_encode) { + if (!group->meth->field_encode(group, &point->Y, &point->Y, ctx)) + goto err; } - - if (z != NULL) - { + } + if (z != NULL) { int Z_is_one; - if (!BN_nnmod(&point->Z, z, &group->field, ctx)) goto err; + if (!BN_nnmod(&point->Z, z, &group->field, ctx)) + goto err; Z_is_one = BN_is_one(&point->Z); - if (group->meth->field_encode) - { - if (Z_is_one && (group->meth->field_set_to_one != 0)) - { - if (!group->meth->field_set_to_one(group, &point->Z, ctx)) goto err; - } - else - { - if (!group->meth->field_encode(group, &point->Z, &point->Z, ctx)) goto err; - } + if (group->meth->field_encode) { + if (Z_is_one && (group->meth->field_set_to_one != 0)) { + if (!group->meth->field_set_to_one(group, &point->Z, ctx)) + goto err; + } else { + if (!group->meth->field_encode(group, &point->Z, &point->Z, ctx)) + goto err; } - point->Z_is_one = Z_is_one; } - + point->Z_is_one = Z_is_one; + } ret = 1; - + err: - if (new_ctx != NULL) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); return ret; - } +} -int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point, - BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx) - { +int +ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP * group, const EC_POINT * point, + BIGNUM * x, BIGNUM * y, BIGNUM * z, BN_CTX * ctx) +{ BN_CTX *new_ctx = NULL; int ret = 0; - - if (group->meth->field_decode != 0) - { - if (ctx == NULL) - { + + if (group->meth->field_decode != 0) { + if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); if (ctx == NULL) return 0; - } - - if (x != NULL) - { - if (!group->meth->field_decode(group, x, &point->X, ctx)) goto err; - } - if (y != NULL) - { - if (!group->meth->field_decode(group, y, &point->Y, ctx)) goto err; - } - if (z != NULL) - { - if (!group->meth->field_decode(group, z, &point->Z, ctx)) goto err; - } } - else - { - if (x != NULL) - { - if (!BN_copy(x, &point->X)) goto err; - } - if (y != NULL) - { - if (!BN_copy(y, &point->Y)) goto err; - } - if (z != NULL) - { - if (!BN_copy(z, &point->Z)) goto err; - } + if (x != NULL) { + if (!group->meth->field_decode(group, x, &point->X, ctx)) + goto err; } - + if (y != NULL) { + if (!group->meth->field_decode(group, y, &point->Y, ctx)) + goto err; + } + if (z != NULL) { + if (!group->meth->field_decode(group, z, &point->Z, ctx)) + goto err; + } + } else { + if (x != NULL) { + if (!BN_copy(x, &point->X)) + goto err; + } + if (y != NULL) { + if (!BN_copy(y, &point->Y)) + goto err; + } + if (z != NULL) { + if (!BN_copy(z, &point->Z)) + goto err; + } + } + ret = 1; err: - if (new_ctx != NULL) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); return ret; - } +} -int ec_GFp_simple_point_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *point, - const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx) - { - if (x == NULL || y == NULL) - { +int +ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP * group, EC_POINT * point, + const BIGNUM * x, const BIGNUM * y, BN_CTX * ctx) +{ + if (x == NULL || y == NULL) { /* unlike for projective coordinates, we do not tolerate this */ - ECerr(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP, ERR_R_PASSED_NULL_PARAMETER); + ECerror(ERR_R_PASSED_NULL_PARAMETER); return 0; - } - - return EC_POINT_set_Jprojective_coordinates_GFp(group, point, x, y, BN_value_one(), ctx); } + return EC_POINT_set_Jprojective_coordinates_GFp(group, point, x, y, BN_value_one(), ctx); +} -int ec_GFp_simple_point_get_affine_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point, - BIGNUM *x, BIGNUM *y, BN_CTX *ctx) - { +int +ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP * group, const EC_POINT * point, + BIGNUM * x, BIGNUM * y, BN_CTX * ctx) +{ BN_CTX *new_ctx = NULL; - BIGNUM *X, *Y, *Z, *Z_1, *Z_2, *Z_3; - const BIGNUM *X_, *Y_, *Z_; + BIGNUM *Z, *Z_1, *Z_2, *Z_3; + const BIGNUM *Z_; int ret = 0; - if (EC_POINT_is_at_infinity(group, point)) - { - ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP, EC_R_POINT_AT_INFINITY); + if (EC_POINT_is_at_infinity(group, point) > 0) { + ECerror(EC_R_POINT_AT_INFINITY); return 0; - } - - if (ctx == NULL) - { + } + if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); if (ctx == NULL) return 0; - } - + } BN_CTX_start(ctx); - X = BN_CTX_get(ctx); - Y = BN_CTX_get(ctx); - Z = BN_CTX_get(ctx); - Z_1 = BN_CTX_get(ctx); - Z_2 = BN_CTX_get(ctx); - Z_3 = BN_CTX_get(ctx); - if (Z_3 == NULL) goto err; + if ((Z = BN_CTX_get(ctx)) == NULL) + goto err; + if ((Z_1 = BN_CTX_get(ctx)) == NULL) + goto err; + if ((Z_2 = BN_CTX_get(ctx)) == NULL) + goto err; + if ((Z_3 = BN_CTX_get(ctx)) == NULL) + goto err; /* transform (X, Y, Z) into (x, y) := (X/Z^2, Y/Z^3) */ - - if (group->meth->field_decode) - { - if (!group->meth->field_decode(group, X, &point->X, ctx)) goto err; - if (!group->meth->field_decode(group, Y, &point->Y, ctx)) goto err; - if (!group->meth->field_decode(group, Z, &point->Z, ctx)) goto err; - X_ = X; Y_ = Y; Z_ = Z; - } - else - { - X_ = &point->X; - Y_ = &point->Y; + + if (group->meth->field_decode) { + if (!group->meth->field_decode(group, Z, &point->Z, ctx)) + goto err; + Z_ = Z; + } else { Z_ = &point->Z; - } - - if (BN_is_one(Z_)) - { - if (x != NULL) - { - if (!BN_copy(x, X_)) goto err; + } + + if (BN_is_one(Z_)) { + if (group->meth->field_decode) { + if (x != NULL) { + if (!group->meth->field_decode(group, x, &point->X, ctx)) + goto err; + } + if (y != NULL) { + if (!group->meth->field_decode(group, y, &point->Y, ctx)) + goto err; } - if (y != NULL) - { - if (!BN_copy(y, Y_)) goto err; + } else { + if (x != NULL) { + if (!BN_copy(x, &point->X)) + goto err; + } + if (y != NULL) { + if (!BN_copy(y, &point->Y)) + goto err; } } - else - { - if (!BN_mod_inverse(Z_1, Z_, &group->field, ctx)) - { - ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP, ERR_R_BN_LIB); + } else { + if (!BN_mod_inverse_ct(Z_1, Z_, &group->field, ctx)) { + ECerror(ERR_R_BN_LIB); goto err; - } - - if (group->meth->field_encode == 0) - { + } + if (group->meth->field_encode == 0) { /* field_sqr works on standard representation */ - if (!group->meth->field_sqr(group, Z_2, Z_1, ctx)) goto err; - } - else - { - if (!BN_mod_sqr(Z_2, Z_1, &group->field, ctx)) goto err; - } - - if (x != NULL) - { - if (group->meth->field_encode == 0) - { - /* field_mul works on standard representation */ - if (!group->meth->field_mul(group, x, X_, Z_2, ctx)) goto err; - } - else - { - if (!BN_mod_mul(x, X_, Z_2, &group->field, ctx)) goto err; - } - } + if (!group->meth->field_sqr(group, Z_2, Z_1, ctx)) + goto err; + } else { + if (!BN_mod_sqr(Z_2, Z_1, &group->field, ctx)) + goto err; + } - if (y != NULL) - { - if (group->meth->field_encode == 0) - { + if (x != NULL) { + /* + * in the Montgomery case, field_mul will cancel out + * Montgomery factor in X: + */ + if (!group->meth->field_mul(group, x, &point->X, Z_2, ctx)) + goto err; + } + if (y != NULL) { + if (group->meth->field_encode == 0) { /* field_mul works on standard representation */ - if (!group->meth->field_mul(group, Z_3, Z_2, Z_1, ctx)) goto err; - if (!group->meth->field_mul(group, y, Y_, Z_3, ctx)) goto err; - - } - else - { - if (!BN_mod_mul(Z_3, Z_2, Z_1, &group->field, ctx)) goto err; - if (!BN_mod_mul(y, Y_, Z_3, &group->field, ctx)) goto err; - } + if (!group->meth->field_mul(group, Z_3, Z_2, Z_1, ctx)) + goto err; + } else { + if (!BN_mod_mul(Z_3, Z_2, Z_1, &group->field, ctx)) + goto err; } + + /* + * in the Montgomery case, field_mul will cancel out + * Montgomery factor in Y: + */ + if (!group->meth->field_mul(group, y, &point->Y, Z_3, ctx)) + goto err; } + } ret = 1; err: BN_CTX_end(ctx); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); return ret; - } - +} -int ec_GFp_simple_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *point, - const BIGNUM *x_, int y_bit, BN_CTX *ctx) - { +int +ec_GFp_simple_add(const EC_GROUP * group, EC_POINT * r, const EC_POINT * a, const EC_POINT * b, BN_CTX * ctx) +{ + int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); + int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); + const BIGNUM *p; BN_CTX *new_ctx = NULL; - BIGNUM *tmp1, *tmp2, *x, *y; + BIGNUM *n0, *n1, *n2, *n3, *n4, *n5, *n6; int ret = 0; - if (ctx == NULL) - { + if (a == b) + return EC_POINT_dbl(group, r, a, ctx); + if (EC_POINT_is_at_infinity(group, a) > 0) + return EC_POINT_copy(r, b); + if (EC_POINT_is_at_infinity(group, b) > 0) + return EC_POINT_copy(r, a); + + field_mul = group->meth->field_mul; + field_sqr = group->meth->field_sqr; + p = &group->field; + + if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); if (ctx == NULL) return 0; - } - - y_bit = (y_bit != 0); - + } BN_CTX_start(ctx); - tmp1 = BN_CTX_get(ctx); - tmp2 = BN_CTX_get(ctx); - x = BN_CTX_get(ctx); - y = BN_CTX_get(ctx); - if (y == NULL) goto err; - - /* Recover y. We have a Weierstrass equation - * y^2 = x^3 + a*x + b, - * so y is one of the square roots of x^3 + a*x + b. + if ((n0 = BN_CTX_get(ctx)) == NULL) + goto end; + if ((n1 = BN_CTX_get(ctx)) == NULL) + goto end; + if ((n2 = BN_CTX_get(ctx)) == NULL) + goto end; + if ((n3 = BN_CTX_get(ctx)) == NULL) + goto end; + if ((n4 = BN_CTX_get(ctx)) == NULL) + goto end; + if ((n5 = BN_CTX_get(ctx)) == NULL) + goto end; + if ((n6 = BN_CTX_get(ctx)) == NULL) + goto end; + + /* + * Note that in this function we must not read components of 'a' or + * 'b' once we have written the corresponding components of 'r'. ('r' + * might be one of 'a' or 'b'.) */ - /* tmp1 := x^3 */ - if (!BN_nnmod(x, x_, &group->field,ctx)) goto err; - if (group->meth->field_decode == 0) - { - /* field_{sqr,mul} work on standard representation */ - if (!group->meth->field_sqr(group, tmp2, x_, ctx)) goto err; - if (!group->meth->field_mul(group, tmp1, tmp2, x_, ctx)) goto err; - } - else - { - if (!BN_mod_sqr(tmp2, x_, &group->field, ctx)) goto err; - if (!BN_mod_mul(tmp1, tmp2, x_, &group->field, ctx)) goto err; - } - - /* tmp1 := tmp1 + a*x */ - if (group->a_is_minus3) - { - if (!BN_mod_lshift1_quick(tmp2, x, &group->field)) goto err; - if (!BN_mod_add_quick(tmp2, tmp2, x, &group->field)) goto err; - if (!BN_mod_sub_quick(tmp1, tmp1, tmp2, &group->field)) goto err; - } - else - { - if (group->meth->field_decode) - { - if (!group->meth->field_decode(group, tmp2, &group->a, ctx)) goto err; - if (!BN_mod_mul(tmp2, tmp2, x, &group->field, ctx)) goto err; - } - else - { - /* field_mul works on standard representation */ - if (!group->meth->field_mul(group, tmp2, &group->a, x, ctx)) goto err; - } - - if (!BN_mod_add_quick(tmp1, tmp1, tmp2, &group->field)) goto err; - } - - /* tmp1 := tmp1 + b */ - if (group->meth->field_decode) - { - if (!group->meth->field_decode(group, tmp2, &group->b, ctx)) goto err; - if (!BN_mod_add_quick(tmp1, tmp1, tmp2, &group->field)) goto err; - } - else - { - if (!BN_mod_add_quick(tmp1, tmp1, &group->b, &group->field)) goto err; - } - - if (!BN_mod_sqrt(y, tmp1, &group->field, ctx)) - { - unsigned long err = ERR_peek_error(); - - if (ERR_GET_LIB(err) == ERR_LIB_BN && ERR_GET_REASON(err) == BN_R_NOT_A_SQUARE) - { - (void)ERR_get_error(); - ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP, EC_R_INVALID_COMPRESSED_POINT); - } - else - ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP, ERR_R_BN_LIB); - goto err; - } - /* If tmp1 is not a square (i.e. there is no point on the curve with - * our x), then y now is a nonsense value too */ - - if (y_bit != BN_is_odd(y)) - { - if (BN_is_zero(y)) - { - int kron; - - kron = BN_kronecker(x, &group->field, ctx); - if (kron == -2) goto err; - - if (kron == 1) - ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP, EC_R_INVALID_COMPRESSION_BIT); - else - ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP, EC_R_INVALID_COMPRESSED_POINT); - goto err; - } - if (!BN_usub(y, &group->field, y)) goto err; - } - if (y_bit != BN_is_odd(y)) - { - ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP, ERR_R_INTERNAL_ERROR); - goto err; - } + /* n1, n2 */ + if (b->Z_is_one) { + if (!BN_copy(n1, &a->X)) + goto end; + if (!BN_copy(n2, &a->Y)) + goto end; + /* n1 = X_a */ + /* n2 = Y_a */ + } else { + if (!field_sqr(group, n0, &b->Z, ctx)) + goto end; + if (!field_mul(group, n1, &a->X, n0, ctx)) + goto end; + /* n1 = X_a * Z_b^2 */ - if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) goto err; - - ret = 1; - - err: - BN_CTX_end(ctx); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); - return ret; - } - - -size_t ec_GFp_simple_point2oct(const EC_GROUP *group, const EC_POINT *point, point_conversion_form_t form, - unsigned char *buf, size_t len, BN_CTX *ctx) - { - size_t ret; - BN_CTX *new_ctx = NULL; - int used_ctx = 0; - BIGNUM *x, *y; - size_t field_len, i, skip; - - if ((form != POINT_CONVERSION_COMPRESSED) - && (form != POINT_CONVERSION_UNCOMPRESSED) - && (form != POINT_CONVERSION_HYBRID)) - { - ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_INVALID_FORM); - goto err; - } - - if (EC_POINT_is_at_infinity(group, point)) - { - /* encodes to a single 0 octet */ - if (buf != NULL) - { - if (len < 1) - { - ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL); - return 0; - } - buf[0] = 0; - } - return 1; - } - - - /* ret := required output buffer length */ - field_len = BN_num_bytes(&group->field); - ret = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2*field_len; - - /* if 'buf' is NULL, just return required length */ - if (buf != NULL) - { - if (len < ret) - { - ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL); - goto err; - } - - if (ctx == NULL) - { - ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) - return 0; - } - - BN_CTX_start(ctx); - used_ctx = 1; - x = BN_CTX_get(ctx); - y = BN_CTX_get(ctx); - if (y == NULL) goto err; - - if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx)) goto err; - - if ((form == POINT_CONVERSION_COMPRESSED || form == POINT_CONVERSION_HYBRID) && BN_is_odd(y)) - buf[0] = form + 1; - else - buf[0] = form; - - i = 1; - - skip = field_len - BN_num_bytes(x); - if (skip > field_len) - { - ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR); - goto err; - } - while (skip > 0) - { - buf[i++] = 0; - skip--; - } - skip = BN_bn2bin(x, buf + i); - i += skip; - if (i != 1 + field_len) - { - ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR); - goto err; - } - - if (form == POINT_CONVERSION_UNCOMPRESSED || form == POINT_CONVERSION_HYBRID) - { - skip = field_len - BN_num_bytes(y); - if (skip > field_len) - { - ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR); - goto err; - } - while (skip > 0) - { - buf[i++] = 0; - skip--; - } - skip = BN_bn2bin(y, buf + i); - i += skip; - } - - if (i != ret) - { - ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR); - goto err; - } - } - - if (used_ctx) - BN_CTX_end(ctx); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); - return ret; - - err: - if (used_ctx) - BN_CTX_end(ctx); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); - return 0; - } - - -int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point, - const unsigned char *buf, size_t len, BN_CTX *ctx) - { - point_conversion_form_t form; - int y_bit; - BN_CTX *new_ctx = NULL; - BIGNUM *x, *y; - size_t field_len, enc_len; - int ret = 0; - - if (len == 0) - { - ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_BUFFER_TOO_SMALL); - return 0; - } - form = buf[0]; - y_bit = form & 1; - form = form & ~1; - if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED) - && (form != POINT_CONVERSION_UNCOMPRESSED) - && (form != POINT_CONVERSION_HYBRID)) - { - ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); - return 0; - } - if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit) - { - ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); - return 0; - } - - if (form == 0) - { - if (len != 1) - { - ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); - return 0; - } - - return EC_POINT_set_to_infinity(group, point); - } - - field_len = BN_num_bytes(&group->field); - enc_len = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2*field_len; - - if (len != enc_len) - { - ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); - return 0; - } - - if (ctx == NULL) - { - ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) - return 0; - } - - BN_CTX_start(ctx); - x = BN_CTX_get(ctx); - y = BN_CTX_get(ctx); - if (y == NULL) goto err; - - if (!BN_bin2bn(buf + 1, field_len, x)) goto err; - if (BN_ucmp(x, &group->field) >= 0) - { - ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); - goto err; - } - - if (form == POINT_CONVERSION_COMPRESSED) - { - if (!EC_POINT_set_compressed_coordinates_GFp(group, point, x, y_bit, ctx)) goto err; - } - else - { - if (!BN_bin2bn(buf + 1 + field_len, field_len, y)) goto err; - if (BN_ucmp(y, &group->field) >= 0) - { - ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); - goto err; - } - if (form == POINT_CONVERSION_HYBRID) - { - if (y_bit != BN_is_odd(y)) - { - ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING); - goto err; - } - } - - if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) goto err; - } - - if (!EC_POINT_is_on_curve(group, point, ctx)) /* test required by X9.62 */ - { - ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE); - goto err; - } - - ret = 1; - - err: - BN_CTX_end(ctx); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); - return ret; - } - - -int ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx) - { - int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); - int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); - const BIGNUM *p; - BN_CTX *new_ctx = NULL; - BIGNUM *n0, *n1, *n2, *n3, *n4, *n5, *n6; - int ret = 0; - - if (a == b) - return EC_POINT_dbl(group, r, a, ctx); - if (EC_POINT_is_at_infinity(group, a)) - return EC_POINT_copy(r, b); - if (EC_POINT_is_at_infinity(group, b)) - return EC_POINT_copy(r, a); - - field_mul = group->meth->field_mul; - field_sqr = group->meth->field_sqr; - p = &group->field; - - if (ctx == NULL) - { - ctx = new_ctx = BN_CTX_new(); - if (ctx == NULL) - return 0; - } - - BN_CTX_start(ctx); - n0 = BN_CTX_get(ctx); - n1 = BN_CTX_get(ctx); - n2 = BN_CTX_get(ctx); - n3 = BN_CTX_get(ctx); - n4 = BN_CTX_get(ctx); - n5 = BN_CTX_get(ctx); - n6 = BN_CTX_get(ctx); - if (n6 == NULL) goto end; - - /* Note that in this function we must not read components of 'a' or 'b' - * once we have written the corresponding components of 'r'. - * ('r' might be one of 'a' or 'b'.) - */ - - /* n1, n2 */ - if (b->Z_is_one) - { - if (!BN_copy(n1, &a->X)) goto end; - if (!BN_copy(n2, &a->Y)) goto end; - /* n1 = X_a */ - /* n2 = Y_a */ - } - else - { - if (!field_sqr(group, n0, &b->Z, ctx)) goto end; - if (!field_mul(group, n1, &a->X, n0, ctx)) goto end; - /* n1 = X_a * Z_b^2 */ - - if (!field_mul(group, n0, n0, &b->Z, ctx)) goto end; - if (!field_mul(group, n2, &a->Y, n0, ctx)) goto end; + if (!field_mul(group, n0, n0, &b->Z, ctx)) + goto end; + if (!field_mul(group, n2, &a->Y, n0, ctx)) + goto end; /* n2 = Y_a * Z_b^3 */ - } + } /* n3, n4 */ - if (a->Z_is_one) - { - if (!BN_copy(n3, &b->X)) goto end; - if (!BN_copy(n4, &b->Y)) goto end; + if (a->Z_is_one) { + if (!BN_copy(n3, &b->X)) + goto end; + if (!BN_copy(n4, &b->Y)) + goto end; /* n3 = X_b */ /* n4 = Y_b */ - } - else - { - if (!field_sqr(group, n0, &a->Z, ctx)) goto end; - if (!field_mul(group, n3, &b->X, n0, ctx)) goto end; + } else { + if (!field_sqr(group, n0, &a->Z, ctx)) + goto end; + if (!field_mul(group, n3, &b->X, n0, ctx)) + goto end; /* n3 = X_b * Z_a^2 */ - if (!field_mul(group, n0, n0, &a->Z, ctx)) goto end; - if (!field_mul(group, n4, &b->Y, n0, ctx)) goto end; + if (!field_mul(group, n0, n0, &a->Z, ctx)) + goto end; + if (!field_mul(group, n4, &b->Y, n0, ctx)) + goto end; /* n4 = Y_b * Z_a^3 */ - } + } /* n5, n6 */ - if (!BN_mod_sub_quick(n5, n1, n3, p)) goto end; - if (!BN_mod_sub_quick(n6, n2, n4, p)) goto end; + if (!BN_mod_sub_quick(n5, n1, n3, p)) + goto end; + if (!BN_mod_sub_quick(n6, n2, n4, p)) + goto end; /* n5 = n1 - n3 */ /* n6 = n2 - n4 */ - if (BN_is_zero(n5)) - { - if (BN_is_zero(n6)) - { + if (BN_is_zero(n5)) { + if (BN_is_zero(n6)) { /* a is the same point as b */ BN_CTX_end(ctx); ret = EC_POINT_dbl(group, r, a, ctx); ctx = NULL; goto end; - } - else - { + } else { /* a is the inverse of b */ - if (!BN_zero(&r->Z)) goto end; + BN_zero(&r->Z); r->Z_is_one = 0; ret = 1; goto end; - } } - + } /* 'n7', 'n8' */ - if (!BN_mod_add_quick(n1, n1, n3, p)) goto end; - if (!BN_mod_add_quick(n2, n2, n4, p)) goto end; + if (!BN_mod_add_quick(n1, n1, n3, p)) + goto end; + if (!BN_mod_add_quick(n2, n2, n4, p)) + goto end; /* 'n7' = n1 + n3 */ /* 'n8' = n2 + n4 */ /* Z_r */ - if (a->Z_is_one && b->Z_is_one) - { - if (!BN_copy(&r->Z, n5)) goto end; - } - else - { - if (a->Z_is_one) - { if (!BN_copy(n0, &b->Z)) goto end; } - else if (b->Z_is_one) - { if (!BN_copy(n0, &a->Z)) goto end; } - else - { if (!field_mul(group, n0, &a->Z, &b->Z, ctx)) goto end; } - if (!field_mul(group, &r->Z, n0, n5, ctx)) goto end; - } + if (a->Z_is_one && b->Z_is_one) { + if (!BN_copy(&r->Z, n5)) + goto end; + } else { + if (a->Z_is_one) { + if (!BN_copy(n0, &b->Z)) + goto end; + } else if (b->Z_is_one) { + if (!BN_copy(n0, &a->Z)) + goto end; + } else { + if (!field_mul(group, n0, &a->Z, &b->Z, ctx)) + goto end; + } + if (!field_mul(group, &r->Z, n0, n5, ctx)) + goto end; + } r->Z_is_one = 0; /* Z_r = Z_a * Z_b * n5 */ /* X_r */ - if (!field_sqr(group, n0, n6, ctx)) goto end; - if (!field_sqr(group, n4, n5, ctx)) goto end; - if (!field_mul(group, n3, n1, n4, ctx)) goto end; - if (!BN_mod_sub_quick(&r->X, n0, n3, p)) goto end; + if (!field_sqr(group, n0, n6, ctx)) + goto end; + if (!field_sqr(group, n4, n5, ctx)) + goto end; + if (!field_mul(group, n3, n1, n4, ctx)) + goto end; + if (!BN_mod_sub_quick(&r->X, n0, n3, p)) + goto end; /* X_r = n6^2 - n5^2 * 'n7' */ - + /* 'n9' */ - if (!BN_mod_lshift1_quick(n0, &r->X, p)) goto end; - if (!BN_mod_sub_quick(n0, n3, n0, p)) goto end; + if (!BN_mod_lshift1_quick(n0, &r->X, p)) + goto end; + if (!BN_mod_sub_quick(n0, n3, n0, p)) + goto end; /* n9 = n5^2 * 'n7' - 2 * X_r */ /* Y_r */ - if (!field_mul(group, n0, n0, n6, ctx)) goto end; - if (!field_mul(group, n5, n4, n5, ctx)) goto end; /* now n5 is n5^3 */ - if (!field_mul(group, n1, n2, n5, ctx)) goto end; - if (!BN_mod_sub_quick(n0, n0, n1, p)) goto end; + if (!field_mul(group, n0, n0, n6, ctx)) + goto end; + if (!field_mul(group, n5, n4, n5, ctx)) + goto end; /* now n5 is n5^3 */ + if (!field_mul(group, n1, n2, n5, ctx)) + goto end; + if (!BN_mod_sub_quick(n0, n0, n1, p)) + goto end; if (BN_is_odd(n0)) - if (!BN_add(n0, n0, p)) goto end; + if (!BN_add(n0, n0, p)) + goto end; /* now 0 <= n0 < 2*p, and n0 is even */ - if (!BN_rshift1(&r->Y, n0)) goto end; + if (!BN_rshift1(&r->Y, n0)) + goto end; /* Y_r = (n6 * 'n9' - 'n8' * 'n5^3') / 2 */ ret = 1; end: - if (ctx) /* otherwise we already called BN_CTX_end */ + if (ctx) /* otherwise we already called BN_CTX_end */ BN_CTX_end(ctx); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); return ret; - } +} -int ec_GFp_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx) - { - int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); - int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); +int +ec_GFp_simple_dbl(const EC_GROUP * group, EC_POINT * r, const EC_POINT * a, BN_CTX * ctx) +{ + int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); + int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); const BIGNUM *p; BN_CTX *new_ctx = NULL; BIGNUM *n0, *n1, *n2, *n3; int ret = 0; - - if (EC_POINT_is_at_infinity(group, a)) - { - if (!BN_zero(&r->Z)) return 0; + + if (EC_POINT_is_at_infinity(group, a) > 0) { + BN_zero(&r->Z); r->Z_is_one = 0; return 1; - } - + } field_mul = group->meth->field_mul; field_sqr = group->meth->field_sqr; p = &group->field; - if (ctx == NULL) - { + if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); if (ctx == NULL) return 0; - } - + } BN_CTX_start(ctx); - n0 = BN_CTX_get(ctx); - n1 = BN_CTX_get(ctx); - n2 = BN_CTX_get(ctx); - n3 = BN_CTX_get(ctx); - if (n3 == NULL) goto err; - - /* Note that in this function we must not read components of 'a' - * once we have written the corresponding components of 'r'. - * ('r' might the same as 'a'.) + if ((n0 = BN_CTX_get(ctx)) == NULL) + goto err; + if ((n1 = BN_CTX_get(ctx)) == NULL) + goto err; + if ((n2 = BN_CTX_get(ctx)) == NULL) + goto err; + if ((n3 = BN_CTX_get(ctx)) == NULL) + goto err; + + /* + * Note that in this function we must not read components of 'a' once + * we have written the corresponding components of 'r'. ('r' might + * the same as 'a'.) */ /* n1 */ - if (a->Z_is_one) - { - if (!field_sqr(group, n0, &a->X, ctx)) goto err; - if (!BN_mod_lshift1_quick(n1, n0, p)) goto err; - if (!BN_mod_add_quick(n0, n0, n1, p)) goto err; - if (!BN_mod_add_quick(n1, n0, &group->a, p)) goto err; + if (a->Z_is_one) { + if (!field_sqr(group, n0, &a->X, ctx)) + goto err; + if (!BN_mod_lshift1_quick(n1, n0, p)) + goto err; + if (!BN_mod_add_quick(n0, n0, n1, p)) + goto err; + if (!BN_mod_add_quick(n1, n0, &group->a, p)) + goto err; /* n1 = 3 * X_a^2 + a_curve */ - } - else if (group->a_is_minus3) - { - if (!field_sqr(group, n1, &a->Z, ctx)) goto err; - if (!BN_mod_add_quick(n0, &a->X, n1, p)) goto err; - if (!BN_mod_sub_quick(n2, &a->X, n1, p)) goto err; - if (!field_mul(group, n1, n0, n2, ctx)) goto err; - if (!BN_mod_lshift1_quick(n0, n1, p)) goto err; - if (!BN_mod_add_quick(n1, n0, n1, p)) goto err; - /* n1 = 3 * (X_a + Z_a^2) * (X_a - Z_a^2) - * = 3 * X_a^2 - 3 * Z_a^4 */ - } - else - { - if (!field_sqr(group, n0, &a->X, ctx)) goto err; - if (!BN_mod_lshift1_quick(n1, n0, p)) goto err; - if (!BN_mod_add_quick(n0, n0, n1, p)) goto err; - if (!field_sqr(group, n1, &a->Z, ctx)) goto err; - if (!field_sqr(group, n1, n1, ctx)) goto err; - if (!field_mul(group, n1, n1, &group->a, ctx)) goto err; - if (!BN_mod_add_quick(n1, n1, n0, p)) goto err; + } else if (group->a_is_minus3) { + if (!field_sqr(group, n1, &a->Z, ctx)) + goto err; + if (!BN_mod_add_quick(n0, &a->X, n1, p)) + goto err; + if (!BN_mod_sub_quick(n2, &a->X, n1, p)) + goto err; + if (!field_mul(group, n1, n0, n2, ctx)) + goto err; + if (!BN_mod_lshift1_quick(n0, n1, p)) + goto err; + if (!BN_mod_add_quick(n1, n0, n1, p)) + goto err; + /* + * n1 = 3 * (X_a + Z_a^2) * (X_a - Z_a^2) = 3 * X_a^2 - 3 * + * Z_a^4 + */ + } else { + if (!field_sqr(group, n0, &a->X, ctx)) + goto err; + if (!BN_mod_lshift1_quick(n1, n0, p)) + goto err; + if (!BN_mod_add_quick(n0, n0, n1, p)) + goto err; + if (!field_sqr(group, n1, &a->Z, ctx)) + goto err; + if (!field_sqr(group, n1, n1, ctx)) + goto err; + if (!field_mul(group, n1, n1, &group->a, ctx)) + goto err; + if (!BN_mod_add_quick(n1, n1, n0, p)) + goto err; /* n1 = 3 * X_a^2 + a_curve * Z_a^4 */ - } + } /* Z_r */ - if (a->Z_is_one) - { - if (!BN_copy(n0, &a->Y)) goto err; - } - else - { - if (!field_mul(group, n0, &a->Y, &a->Z, ctx)) goto err; - } - if (!BN_mod_lshift1_quick(&r->Z, n0, p)) goto err; + if (a->Z_is_one) { + if (!BN_copy(n0, &a->Y)) + goto err; + } else { + if (!field_mul(group, n0, &a->Y, &a->Z, ctx)) + goto err; + } + if (!BN_mod_lshift1_quick(&r->Z, n0, p)) + goto err; r->Z_is_one = 0; /* Z_r = 2 * Y_a * Z_a */ /* n2 */ - if (!field_sqr(group, n3, &a->Y, ctx)) goto err; - if (!field_mul(group, n2, &a->X, n3, ctx)) goto err; - if (!BN_mod_lshift_quick(n2, n2, 2, p)) goto err; + if (!field_sqr(group, n3, &a->Y, ctx)) + goto err; + if (!field_mul(group, n2, &a->X, n3, ctx)) + goto err; + if (!BN_mod_lshift_quick(n2, n2, 2, p)) + goto err; /* n2 = 4 * X_a * Y_a^2 */ /* X_r */ - if (!BN_mod_lshift1_quick(n0, n2, p)) goto err; - if (!field_sqr(group, &r->X, n1, ctx)) goto err; - if (!BN_mod_sub_quick(&r->X, &r->X, n0, p)) goto err; + if (!BN_mod_lshift1_quick(n0, n2, p)) + goto err; + if (!field_sqr(group, &r->X, n1, ctx)) + goto err; + if (!BN_mod_sub_quick(&r->X, &r->X, n0, p)) + goto err; /* X_r = n1^2 - 2 * n2 */ - + /* n3 */ - if (!field_sqr(group, n0, n3, ctx)) goto err; - if (!BN_mod_lshift_quick(n3, n0, 3, p)) goto err; + if (!field_sqr(group, n0, n3, ctx)) + goto err; + if (!BN_mod_lshift_quick(n3, n0, 3, p)) + goto err; /* n3 = 8 * Y_a^4 */ - + /* Y_r */ - if (!BN_mod_sub_quick(n0, n2, &r->X, p)) goto err; - if (!field_mul(group, n0, n1, n0, ctx)) goto err; - if (!BN_mod_sub_quick(&r->Y, n0, n3, p)) goto err; + if (!BN_mod_sub_quick(n0, n2, &r->X, p)) + goto err; + if (!field_mul(group, n0, n1, n0, ctx)) + goto err; + if (!BN_mod_sub_quick(&r->Y, n0, n3, p)) + goto err; /* Y_r = n1 * (n2 - X_r) - n3 */ ret = 1; err: BN_CTX_end(ctx); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); return ret; - } +} -int ec_GFp_simple_invert(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx) - { - if (EC_POINT_is_at_infinity(group, point) || BN_is_zero(&point->Y)) +int +ec_GFp_simple_invert(const EC_GROUP * group, EC_POINT * point, BN_CTX * ctx) +{ + if (EC_POINT_is_at_infinity(group, point) > 0 || BN_is_zero(&point->Y)) /* point is its own inverse */ return 1; - + return BN_usub(&point->Y, &group->field, &point->Y); - } +} -int ec_GFp_simple_is_at_infinity(const EC_GROUP *group, const EC_POINT *point) - { +int +ec_GFp_simple_is_at_infinity(const EC_GROUP * group, const EC_POINT * point) +{ return BN_is_zero(&point->Z); - } +} -int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx) - { - int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); - int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); +int +ec_GFp_simple_is_on_curve(const EC_GROUP * group, const EC_POINT * point, BN_CTX * ctx) +{ + int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); + int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); const BIGNUM *p; BN_CTX *new_ctx = NULL; - BIGNUM *rh, *tmp1, *tmp2, *Z4, *Z6; + BIGNUM *rh, *tmp, *Z4, *Z6; int ret = -1; - if (EC_POINT_is_at_infinity(group, point)) + if (EC_POINT_is_at_infinity(group, point) > 0) return 1; - + field_mul = group->meth->field_mul; field_sqr = group->meth->field_sqr; p = &group->field; - if (ctx == NULL) - { + if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); if (ctx == NULL) return -1; - } - + } BN_CTX_start(ctx); - rh = BN_CTX_get(ctx); - tmp1 = BN_CTX_get(ctx); - tmp2 = BN_CTX_get(ctx); - Z4 = BN_CTX_get(ctx); - Z6 = BN_CTX_get(ctx); - if (Z6 == NULL) goto err; - - /* We have a curve defined by a Weierstrass equation - * y^2 = x^3 + a*x + b. - * The point to consider is given in Jacobian projective coordinates - * where (X, Y, Z) represents (x, y) = (X/Z^2, Y/Z^3). - * Substituting this and multiplying by Z^6 transforms the above equation into - * Y^2 = X^3 + a*X*Z^4 + b*Z^6. - * To test this, we add up the right-hand side in 'rh'. + if ((rh = BN_CTX_get(ctx)) == NULL) + goto err; + if ((tmp = BN_CTX_get(ctx)) == NULL) + goto err; + if ((Z4 = BN_CTX_get(ctx)) == NULL) + goto err; + if ((Z6 = BN_CTX_get(ctx)) == NULL) + goto err; + + /* + * We have a curve defined by a Weierstrass equation y^2 = x^3 + a*x + * + b. The point to consider is given in Jacobian projective + * coordinates where (X, Y, Z) represents (x, y) = (X/Z^2, Y/Z^3). + * Substituting this and multiplying by Z^6 transforms the above + * equation into Y^2 = X^3 + a*X*Z^4 + b*Z^6. To test this, we add up + * the right-hand side in 'rh'. */ - /* rh := X^3 */ - if (!field_sqr(group, rh, &point->X, ctx)) goto err; - if (!field_mul(group, rh, rh, &point->X, ctx)) goto err; - - if (!point->Z_is_one) - { - if (!field_sqr(group, tmp1, &point->Z, ctx)) goto err; - if (!field_sqr(group, Z4, tmp1, ctx)) goto err; - if (!field_mul(group, Z6, Z4, tmp1, ctx)) goto err; - - /* rh := rh + a*X*Z^4 */ - if (!field_mul(group, tmp1, &point->X, Z4, ctx)) goto err; - if (group->a_is_minus3) - { - if (!BN_mod_lshift1_quick(tmp2, tmp1, p)) goto err; - if (!BN_mod_add_quick(tmp2, tmp2, tmp1, p)) goto err; - if (!BN_mod_sub_quick(rh, rh, tmp2, p)) goto err; - } - else - { - if (!field_mul(group, tmp2, tmp1, &group->a, ctx)) goto err; - if (!BN_mod_add_quick(rh, rh, tmp2, p)) goto err; - } + /* rh := X^2 */ + if (!field_sqr(group, rh, &point->X, ctx)) + goto err; - /* rh := rh + b*Z^6 */ - if (!field_mul(group, tmp1, &group->b, Z6, ctx)) goto err; - if (!BN_mod_add_quick(rh, rh, tmp1, p)) goto err; + if (!point->Z_is_one) { + if (!field_sqr(group, tmp, &point->Z, ctx)) + goto err; + if (!field_sqr(group, Z4, tmp, ctx)) + goto err; + if (!field_mul(group, Z6, Z4, tmp, ctx)) + goto err; + + /* rh := (rh + a*Z^4)*X */ + if (group->a_is_minus3) { + if (!BN_mod_lshift1_quick(tmp, Z4, p)) + goto err; + if (!BN_mod_add_quick(tmp, tmp, Z4, p)) + goto err; + if (!BN_mod_sub_quick(rh, rh, tmp, p)) + goto err; + if (!field_mul(group, rh, rh, &point->X, ctx)) + goto err; + } else { + if (!field_mul(group, tmp, Z4, &group->a, ctx)) + goto err; + if (!BN_mod_add_quick(rh, rh, tmp, p)) + goto err; + if (!field_mul(group, rh, rh, &point->X, ctx)) + goto err; } - else - { - /* point->Z_is_one */ - /* rh := rh + a*X */ - if (group->a_is_minus3) - { - if (!BN_mod_lshift1_quick(tmp2, &point->X, p)) goto err; - if (!BN_mod_add_quick(tmp2, tmp2, &point->X, p)) goto err; - if (!BN_mod_sub_quick(rh, rh, tmp2, p)) goto err; - } - else - { - if (!field_mul(group, tmp2, &point->X, &group->a, ctx)) goto err; - if (!BN_mod_add_quick(rh, rh, tmp2, p)) goto err; - } + /* rh := rh + b*Z^6 */ + if (!field_mul(group, tmp, &group->b, Z6, ctx)) + goto err; + if (!BN_mod_add_quick(rh, rh, tmp, p)) + goto err; + } else { + /* point->Z_is_one */ + /* rh := (rh + a)*X */ + if (!BN_mod_add_quick(rh, rh, &group->a, p)) + goto err; + if (!field_mul(group, rh, rh, &point->X, ctx)) + goto err; /* rh := rh + b */ - if (!BN_mod_add_quick(rh, rh, &group->b, p)) goto err; - } + if (!BN_mod_add_quick(rh, rh, &group->b, p)) + goto err; + } /* 'lh' := Y^2 */ - if (!field_sqr(group, tmp1, &point->Y, ctx)) goto err; + if (!field_sqr(group, tmp, &point->Y, ctx)) + goto err; - ret = (0 == BN_cmp(tmp1, rh)); + ret = (0 == BN_ucmp(tmp, rh)); err: BN_CTX_end(ctx); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); return ret; - } +} -int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx) - { - /* return values: - * -1 error - * 0 equal (in affine coordinates) - * 1 not equal +int +ec_GFp_simple_cmp(const EC_GROUP * group, const EC_POINT * a, const EC_POINT * b, BN_CTX * ctx) +{ + /* + * return values: -1 error 0 equal (in affine coordinates) 1 + * not equal */ - int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); - int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); + int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); + int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); BN_CTX *new_ctx = NULL; BIGNUM *tmp1, *tmp2, *Za23, *Zb23; const BIGNUM *tmp1_, *tmp2_; int ret = -1; - - if (EC_POINT_is_at_infinity(group, a)) - { - return EC_POINT_is_at_infinity(group, b) ? 0 : 1; - } - - if (a->Z_is_one && b->Z_is_one) - { - return ((BN_cmp(&a->X, &b->X) == 0) && BN_cmp(&a->Y, &b->Y) == 0) ? 0 : 1; - } + if (EC_POINT_is_at_infinity(group, a) > 0) { + return EC_POINT_is_at_infinity(group, b) > 0 ? 0 : 1; + } + if (EC_POINT_is_at_infinity(group, b) > 0) + return 1; + + if (a->Z_is_one && b->Z_is_one) { + return ((BN_cmp(&a->X, &b->X) == 0) && BN_cmp(&a->Y, &b->Y) == 0) ? 0 : 1; + } field_mul = group->meth->field_mul; field_sqr = group->meth->field_sqr; - if (ctx == NULL) - { + if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); if (ctx == NULL) return -1; - } - + } BN_CTX_start(ctx); - tmp1 = BN_CTX_get(ctx); - tmp2 = BN_CTX_get(ctx); - Za23 = BN_CTX_get(ctx); - Zb23 = BN_CTX_get(ctx); - if (Zb23 == NULL) goto end; - - /* We have to decide whether - * (X_a/Z_a^2, Y_a/Z_a^3) = (X_b/Z_b^2, Y_b/Z_b^3), - * or equivalently, whether - * (X_a*Z_b^2, Y_a*Z_b^3) = (X_b*Z_a^2, Y_b*Z_a^3). + if ((tmp1 = BN_CTX_get(ctx)) == NULL) + goto end; + if ((tmp2 = BN_CTX_get(ctx)) == NULL) + goto end; + if ((Za23 = BN_CTX_get(ctx)) == NULL) + goto end; + if ((Zb23 = BN_CTX_get(ctx)) == NULL) + goto end; + + /* + * We have to decide whether (X_a/Z_a^2, Y_a/Z_a^3) = (X_b/Z_b^2, + * Y_b/Z_b^3), or equivalently, whether (X_a*Z_b^2, Y_a*Z_b^3) = + * (X_b*Z_a^2, Y_b*Z_a^3). */ - if (!b->Z_is_one) - { - if (!field_sqr(group, Zb23, &b->Z, ctx)) goto end; - if (!field_mul(group, tmp1, &a->X, Zb23, ctx)) goto end; + if (!b->Z_is_one) { + if (!field_sqr(group, Zb23, &b->Z, ctx)) + goto end; + if (!field_mul(group, tmp1, &a->X, Zb23, ctx)) + goto end; tmp1_ = tmp1; - } - else + } else tmp1_ = &a->X; - if (!a->Z_is_one) - { - if (!field_sqr(group, Za23, &a->Z, ctx)) goto end; - if (!field_mul(group, tmp2, &b->X, Za23, ctx)) goto end; + if (!a->Z_is_one) { + if (!field_sqr(group, Za23, &a->Z, ctx)) + goto end; + if (!field_mul(group, tmp2, &b->X, Za23, ctx)) + goto end; tmp2_ = tmp2; - } - else + } else tmp2_ = &b->X; - + /* compare X_a*Z_b^2 with X_b*Z_a^2 */ - if (BN_cmp(tmp1_, tmp2_) != 0) - { - ret = 1; /* points differ */ + if (BN_cmp(tmp1_, tmp2_) != 0) { + ret = 1; /* points differ */ goto end; - } - - - if (!b->Z_is_one) - { - if (!field_mul(group, Zb23, Zb23, &b->Z, ctx)) goto end; - if (!field_mul(group, tmp1, &a->Y, Zb23, ctx)) goto end; + } + if (!b->Z_is_one) { + if (!field_mul(group, Zb23, Zb23, &b->Z, ctx)) + goto end; + if (!field_mul(group, tmp1, &a->Y, Zb23, ctx)) + goto end; /* tmp1_ = tmp1 */ - } - else + } else tmp1_ = &a->Y; - if (!a->Z_is_one) - { - if (!field_mul(group, Za23, Za23, &a->Z, ctx)) goto end; - if (!field_mul(group, tmp2, &b->Y, Za23, ctx)) goto end; + if (!a->Z_is_one) { + if (!field_mul(group, Za23, Za23, &a->Z, ctx)) + goto end; + if (!field_mul(group, tmp2, &b->Y, Za23, ctx)) + goto end; /* tmp2_ = tmp2 */ - } - else + } else tmp2_ = &b->Y; /* compare Y_a*Z_b^3 with Y_b*Z_a^3 */ - if (BN_cmp(tmp1_, tmp2_) != 0) - { - ret = 1; /* points differ */ + if (BN_cmp(tmp1_, tmp2_) != 0) { + ret = 1; /* points differ */ goto end; - } - + } /* points are equal */ ret = 0; end: BN_CTX_end(ctx); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); return ret; - } +} -int ec_GFp_simple_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx) - { +int +ec_GFp_simple_make_affine(const EC_GROUP * group, EC_POINT * point, BN_CTX * ctx) +{ BN_CTX *new_ctx = NULL; BIGNUM *x, *y; int ret = 0; - if (point->Z_is_one || EC_POINT_is_at_infinity(group, point)) + if (point->Z_is_one || EC_POINT_is_at_infinity(group, point) > 0) return 1; - if (ctx == NULL) - { + if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); if (ctx == NULL) return 0; - } - + } BN_CTX_start(ctx); - x = BN_CTX_get(ctx); - y = BN_CTX_get(ctx); - if (y == NULL) goto err; + if ((x = BN_CTX_get(ctx)) == NULL) + goto err; + if ((y = BN_CTX_get(ctx)) == NULL) + goto err; - if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx)) goto err; - if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) goto err; - if (!point->Z_is_one) - { - ECerr(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE, ERR_R_INTERNAL_ERROR); + if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx)) goto err; - } - + if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) + goto err; + if (!point->Z_is_one) { + ECerror(ERR_R_INTERNAL_ERROR); + goto err; + } ret = 1; err: BN_CTX_end(ctx); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); return ret; - } +} -int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx) - { +int +ec_GFp_simple_points_make_affine(const EC_GROUP * group, size_t num, EC_POINT * points[], BN_CTX * ctx) +{ BN_CTX *new_ctx = NULL; BIGNUM *tmp0, *tmp1; size_t pow2 = 0; @@ -1547,171 +1239,487 @@ int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT if (num == 0) return 1; - if (ctx == NULL) - { + if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); if (ctx == NULL) return 0; - } - + } BN_CTX_start(ctx); - tmp0 = BN_CTX_get(ctx); - tmp1 = BN_CTX_get(ctx); - if (tmp0 == NULL || tmp1 == NULL) goto err; + if ((tmp0 = BN_CTX_get(ctx)) == NULL) + goto err; + if ((tmp1 = BN_CTX_get(ctx)) == NULL) + goto err; - /* Before converting the individual points, compute inverses of all Z values. - * Modular inversion is rather slow, but luckily we can do with a single - * explicit inversion, plus about 3 multiplications per input value. + /* + * Before converting the individual points, compute inverses of all Z + * values. Modular inversion is rather slow, but luckily we can do + * with a single explicit inversion, plus about 3 multiplications per + * input value. */ pow2 = 1; while (num > pow2) pow2 <<= 1; - /* Now pow2 is the smallest power of 2 satifsying pow2 >= num. - * We need twice that. */ + /* + * Now pow2 is the smallest power of 2 satifsying pow2 >= num. We + * need twice that. + */ pow2 <<= 1; - heap = OPENSSL_malloc(pow2 * sizeof heap[0]); - if (heap == NULL) goto err; - - /* The array is used as a binary tree, exactly as in heapsort: - * - * heap[1] - * heap[2] heap[3] - * heap[4] heap[5] heap[6] heap[7] - * heap[8]heap[9] heap[10]heap[11] heap[12]heap[13] heap[14] heap[15] - * - * We put the Z's in the last line; - * then we set each other node to the product of its two child-nodes (where - * empty or 0 entries are treated as ones); - * then we invert heap[1]; - * then we invert each other node by replacing it by the product of its - * parent (after inversion) and its sibling (before inversion). + heap = reallocarray(NULL, pow2, sizeof heap[0]); + if (heap == NULL) + goto err; + + /* + * The array is used as a binary tree, exactly as in heapsort: + * + * heap[1] heap[2] heap[3] heap[4] heap[5] + * heap[6] heap[7] heap[8]heap[9] heap[10]heap[11] + * heap[12]heap[13] heap[14] heap[15] + * + * We put the Z's in the last line; then we set each other node to the + * product of its two child-nodes (where empty or 0 entries are + * treated as ones); then we invert heap[1]; then we invert each + * other node by replacing it by the product of its parent (after + * inversion) and its sibling (before inversion). */ heap[0] = NULL; - for (i = pow2/2 - 1; i > 0; i--) + for (i = pow2 / 2 - 1; i > 0; i--) heap[i] = NULL; for (i = 0; i < num; i++) - heap[pow2/2 + i] = &points[i]->Z; - for (i = pow2/2 + num; i < pow2; i++) + heap[pow2 / 2 + i] = &points[i]->Z; + for (i = pow2 / 2 + num; i < pow2; i++) heap[i] = NULL; - + /* set each node to the product of its children */ - for (i = pow2/2 - 1; i > 0; i--) - { + for (i = pow2 / 2 - 1; i > 0; i--) { heap[i] = BN_new(); - if (heap[i] == NULL) goto err; - - if (heap[2*i] != NULL) - { - if ((heap[2*i + 1] == NULL) || BN_is_zero(heap[2*i + 1])) - { - if (!BN_copy(heap[i], heap[2*i])) goto err; - } - else - { - if (BN_is_zero(heap[2*i])) - { - if (!BN_copy(heap[i], heap[2*i + 1])) goto err; - } - else - { + if (heap[i] == NULL) + goto err; + + if (heap[2 * i] != NULL) { + if ((heap[2 * i + 1] == NULL) || BN_is_zero(heap[2 * i + 1])) { + if (!BN_copy(heap[i], heap[2 * i])) + goto err; + } else { + if (BN_is_zero(heap[2 * i])) { + if (!BN_copy(heap[i], heap[2 * i + 1])) + goto err; + } else { if (!group->meth->field_mul(group, heap[i], - heap[2*i], heap[2*i + 1], ctx)) goto err; - } + heap[2 * i], heap[2 * i + 1], ctx)) + goto err; } } } + } /* invert heap[1] */ - if (!BN_is_zero(heap[1])) - { - if (!BN_mod_inverse(heap[1], heap[1], &group->field, ctx)) - { - ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB); + if (!BN_is_zero(heap[1])) { + if (!BN_mod_inverse_ct(heap[1], heap[1], &group->field, ctx)) { + ECerror(ERR_R_BN_LIB); goto err; - } - } - if (group->meth->field_encode != 0) - { - /* in the Montgomery case, we just turned R*H (representing H) - * into 1/(R*H), but we need R*(1/H) (representing 1/H); - * i.e. we have need to multiply by the Montgomery factor twice */ - if (!group->meth->field_encode(group, heap[1], heap[1], ctx)) goto err; - if (!group->meth->field_encode(group, heap[1], heap[1], ctx)) goto err; } - + } + if (group->meth->field_encode != 0) { + /* + * in the Montgomery case, we just turned R*H (representing + * H) into 1/(R*H), but we need R*(1/H) (representing + * 1/H); i.e. we have need to multiply by the Montgomery + * factor twice + */ + if (!group->meth->field_encode(group, heap[1], heap[1], ctx)) + goto err; + if (!group->meth->field_encode(group, heap[1], heap[1], ctx)) + goto err; + } /* set other heap[i]'s to their inverses */ - for (i = 2; i < pow2/2 + num; i += 2) - { + for (i = 2; i < pow2 / 2 + num; i += 2) { /* i is even */ - if ((heap[i + 1] != NULL) && !BN_is_zero(heap[i + 1])) - { - if (!group->meth->field_mul(group, tmp0, heap[i/2], heap[i + 1], ctx)) goto err; - if (!group->meth->field_mul(group, tmp1, heap[i/2], heap[i], ctx)) goto err; - if (!BN_copy(heap[i], tmp0)) goto err; - if (!BN_copy(heap[i + 1], tmp1)) goto err; - } - else - { - if (!BN_copy(heap[i], heap[i/2])) goto err; - } + if ((heap[i + 1] != NULL) && !BN_is_zero(heap[i + 1])) { + if (!group->meth->field_mul(group, tmp0, heap[i / 2], heap[i + 1], ctx)) + goto err; + if (!group->meth->field_mul(group, tmp1, heap[i / 2], heap[i], ctx)) + goto err; + if (!BN_copy(heap[i], tmp0)) + goto err; + if (!BN_copy(heap[i + 1], tmp1)) + goto err; + } else { + if (!BN_copy(heap[i], heap[i / 2])) + goto err; } + } - /* we have replaced all non-zero Z's by their inverses, now fix up all the points */ - for (i = 0; i < num; i++) - { + /* + * we have replaced all non-zero Z's by their inverses, now fix up + * all the points + */ + for (i = 0; i < num; i++) { EC_POINT *p = points[i]; - - if (!BN_is_zero(&p->Z)) - { + + if (!BN_is_zero(&p->Z)) { /* turn (X, Y, 1/Z) into (X/Z^2, Y/Z^3, 1) */ - if (!group->meth->field_sqr(group, tmp1, &p->Z, ctx)) goto err; - if (!group->meth->field_mul(group, &p->X, &p->X, tmp1, ctx)) goto err; + if (!group->meth->field_sqr(group, tmp1, &p->Z, ctx)) + goto err; + if (!group->meth->field_mul(group, &p->X, &p->X, tmp1, ctx)) + goto err; + + if (!group->meth->field_mul(group, tmp1, tmp1, &p->Z, ctx)) + goto err; + if (!group->meth->field_mul(group, &p->Y, &p->Y, tmp1, ctx)) + goto err; - if (!group->meth->field_mul(group, tmp1, tmp1, &p->Z, ctx)) goto err; - if (!group->meth->field_mul(group, &p->Y, &p->Y, tmp1, ctx)) goto err; - - if (group->meth->field_set_to_one != 0) - { - if (!group->meth->field_set_to_one(group, &p->Z, ctx)) goto err; - } - else - { - if (!BN_one(&p->Z)) goto err; - } - p->Z_is_one = 1; + if (group->meth->field_set_to_one != 0) { + if (!group->meth->field_set_to_one(group, &p->Z, ctx)) + goto err; + } else { + if (!BN_one(&p->Z)) + goto err; } + p->Z_is_one = 1; } + } ret = 1; - + err: BN_CTX_end(ctx); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); - if (heap != NULL) - { - /* heap[pow2/2] .. heap[pow2-1] have not been allocated locally! */ - for (i = pow2/2 - 1; i > 0; i--) - { - if (heap[i] != NULL) - BN_clear_free(heap[i]); - } - OPENSSL_free(heap); - } - return ret; + BN_CTX_free(new_ctx); + if (heap != NULL) { + /* + * heap[pow2/2] .. heap[pow2-1] have not been allocated + * locally! + */ + for (i = pow2 / 2 - 1; i > 0; i--) { + BN_clear_free(heap[i]); + } + free(heap); } + return ret; +} -int ec_GFp_simple_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) - { +int +ec_GFp_simple_field_mul(const EC_GROUP * group, BIGNUM * r, const BIGNUM * a, const BIGNUM * b, BN_CTX * ctx) +{ return BN_mod_mul(r, a, b, &group->field, ctx); +} + +int +ec_GFp_simple_field_sqr(const EC_GROUP * group, BIGNUM * r, const BIGNUM * a, BN_CTX * ctx) +{ + return BN_mod_sqr(r, a, &group->field, ctx); +} + +/* + * Apply randomization of EC point projective coordinates: + * + * (X, Y, Z) = (lambda^2 * X, lambda^3 * Y, lambda * Z) + * + * where lambda is in the interval [1, group->field). + */ +int +ec_GFp_simple_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx) +{ + BIGNUM *lambda = NULL; + BIGNUM *tmp = NULL; + int ret = 0; + + BN_CTX_start(ctx); + if ((lambda = BN_CTX_get(ctx)) == NULL) + goto err; + if ((tmp = BN_CTX_get(ctx)) == NULL) + goto err; + + /* Generate lambda in [1, group->field - 1] */ + if (!bn_rand_interval(lambda, BN_value_one(), &group->field)) + goto err; + + if (group->meth->field_encode != NULL && + !group->meth->field_encode(group, lambda, lambda, ctx)) + goto err; + + /* Z = lambda * Z */ + if (!group->meth->field_mul(group, &p->Z, lambda, &p->Z, ctx)) + goto err; + + /* tmp = lambda^2 */ + if (!group->meth->field_sqr(group, tmp, lambda, ctx)) + goto err; + + /* X = lambda^2 * X */ + if (!group->meth->field_mul(group, &p->X, tmp, &p->X, ctx)) + goto err; + + /* tmp = lambda^3 */ + if (!group->meth->field_mul(group, tmp, tmp, lambda, ctx)) + goto err; + + /* Y = lambda^3 * Y */ + if (!group->meth->field_mul(group, &p->Y, tmp, &p->Y, ctx)) + goto err; + + /* Disable optimized arithmetics after replacing Z by lambda * Z. */ + p->Z_is_one = 0; + + ret = 1; + + err: + BN_CTX_end(ctx); + return ret; +} + + +#define EC_POINT_BN_set_flags(P, flags) do { \ + BN_set_flags(&(P)->X, (flags)); \ + BN_set_flags(&(P)->Y, (flags)); \ + BN_set_flags(&(P)->Z, (flags)); \ +} while(0) + +#define EC_POINT_CSWAP(c, a, b, w, t) do { \ + if (!BN_swap_ct(c, &(a)->X, &(b)->X, w) || \ + !BN_swap_ct(c, &(a)->Y, &(b)->Y, w) || \ + !BN_swap_ct(c, &(a)->Z, &(b)->Z, w)) \ + goto err; \ + t = ((a)->Z_is_one ^ (b)->Z_is_one) & (c); \ + (a)->Z_is_one ^= (t); \ + (b)->Z_is_one ^= (t); \ +} while(0) + +/* + * This function computes (in constant time) a point multiplication over the + * EC group. + * + * At a high level, it is Montgomery ladder with conditional swaps. + * + * It performs either a fixed point multiplication + * (scalar * generator) + * when point is NULL, or a variable point multiplication + * (scalar * point) + * when point is not NULL. + * + * scalar should be in the range [0,n) otherwise all constant time bets are off. + * + * NB: This says nothing about EC_POINT_add and EC_POINT_dbl, + * which of course are not constant time themselves. + * + * The product is stored in r. + * + * Returns 1 on success, 0 otherwise. + */ +static int +ec_GFp_simple_mul_ct(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, + const EC_POINT *point, BN_CTX *ctx) +{ + int i, cardinality_bits, group_top, kbit, pbit, Z_is_one; + EC_POINT *s = NULL; + BIGNUM *k = NULL; + BIGNUM *lambda = NULL; + BIGNUM *cardinality = NULL; + BN_CTX *new_ctx = NULL; + int ret = 0; + + if (ctx == NULL && (ctx = new_ctx = BN_CTX_new()) == NULL) + return 0; + + BN_CTX_start(ctx); + + if ((s = EC_POINT_new(group)) == NULL) + goto err; + + if (point == NULL) { + if (!EC_POINT_copy(s, group->generator)) + goto err; + } else { + if (!EC_POINT_copy(s, point)) + goto err; } + EC_POINT_BN_set_flags(s, BN_FLG_CONSTTIME); -int ec_GFp_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) - { - return BN_mod_sqr(r, a, &group->field, ctx); + if ((cardinality = BN_CTX_get(ctx)) == NULL) + goto err; + if ((lambda = BN_CTX_get(ctx)) == NULL) + goto err; + if ((k = BN_CTX_get(ctx)) == NULL) + goto err; + if (!BN_mul(cardinality, &group->order, &group->cofactor, ctx)) + goto err; + + /* + * Group cardinalities are often on a word boundary. + * So when we pad the scalar, some timing diff might + * pop if it needs to be expanded due to carries. + * So expand ahead of time. + */ + cardinality_bits = BN_num_bits(cardinality); + group_top = cardinality->top; + if ((bn_wexpand(k, group_top + 2) == NULL) || + (bn_wexpand(lambda, group_top + 2) == NULL)) + goto err; + + if (!BN_copy(k, scalar)) + goto err; + + BN_set_flags(k, BN_FLG_CONSTTIME); + + if (BN_num_bits(k) > cardinality_bits || BN_is_negative(k)) { + /* + * This is an unusual input, and we don't guarantee + * constant-timeness + */ + if (!BN_nnmod(k, k, cardinality, ctx)) + goto err; + } + + if (!BN_add(lambda, k, cardinality)) + goto err; + BN_set_flags(lambda, BN_FLG_CONSTTIME); + if (!BN_add(k, lambda, cardinality)) + goto err; + /* + * lambda := scalar + cardinality + * k := scalar + 2*cardinality + */ + kbit = BN_is_bit_set(lambda, cardinality_bits); + if (!BN_swap_ct(kbit, k, lambda, group_top + 2)) + goto err; + + group_top = group->field.top; + if ((bn_wexpand(&s->X, group_top) == NULL) || + (bn_wexpand(&s->Y, group_top) == NULL) || + (bn_wexpand(&s->Z, group_top) == NULL) || + (bn_wexpand(&r->X, group_top) == NULL) || + (bn_wexpand(&r->Y, group_top) == NULL) || + (bn_wexpand(&r->Z, group_top) == NULL)) + goto err; + + /* + * Apply coordinate blinding for EC_POINT if the underlying EC_METHOD + * implements it. + */ + if (!ec_point_blind_coordinates(group, s, ctx)) + goto err; + + /* top bit is a 1, in a fixed pos */ + if (!EC_POINT_copy(r, s)) + goto err; + + EC_POINT_BN_set_flags(r, BN_FLG_CONSTTIME); + + if (!EC_POINT_dbl(group, s, s, ctx)) + goto err; + + pbit = 0; + + /* + * The ladder step, with branches, is + * + * k[i] == 0: S = add(R, S), R = dbl(R) + * k[i] == 1: R = add(S, R), S = dbl(S) + * + * Swapping R, S conditionally on k[i] leaves you with state + * + * k[i] == 0: T, U = R, S + * k[i] == 1: T, U = S, R + * + * Then perform the ECC ops. + * + * U = add(T, U) + * T = dbl(T) + * + * Which leaves you with state + * + * k[i] == 0: U = add(R, S), T = dbl(R) + * k[i] == 1: U = add(S, R), T = dbl(S) + * + * Swapping T, U conditionally on k[i] leaves you with state + * + * k[i] == 0: R, S = T, U + * k[i] == 1: R, S = U, T + * + * Which leaves you with state + * + * k[i] == 0: S = add(R, S), R = dbl(R) + * k[i] == 1: R = add(S, R), S = dbl(S) + * + * So we get the same logic, but instead of a branch it's a + * conditional swap, followed by ECC ops, then another conditional swap. + * + * Optimization: The end of iteration i and start of i-1 looks like + * + * ... + * CSWAP(k[i], R, S) + * ECC + * CSWAP(k[i], R, S) + * (next iteration) + * CSWAP(k[i-1], R, S) + * ECC + * CSWAP(k[i-1], R, S) + * ... + * + * So instead of two contiguous swaps, you can merge the condition + * bits and do a single swap. + * + * k[i] k[i-1] Outcome + * 0 0 No Swap + * 0 1 Swap + * 1 0 Swap + * 1 1 No Swap + * + * This is XOR. pbit tracks the previous bit of k. + */ + + for (i = cardinality_bits - 1; i >= 0; i--) { + kbit = BN_is_bit_set(k, i) ^ pbit; + EC_POINT_CSWAP(kbit, r, s, group_top, Z_is_one); + if (!EC_POINT_add(group, s, r, s, ctx)) + goto err; + if (!EC_POINT_dbl(group, r, r, ctx)) + goto err; + /* + * pbit logic merges this cswap with that of the + * next iteration + */ + pbit ^= kbit; } + /* one final cswap to move the right value into r */ + EC_POINT_CSWAP(pbit, r, s, group_top, Z_is_one); + + ret = 1; + + err: + EC_POINT_free(s); + if (ctx != NULL) + BN_CTX_end(ctx); + BN_CTX_free(new_ctx); + + return ret; +} + +#undef EC_POINT_BN_set_flags +#undef EC_POINT_CSWAP + +int +ec_GFp_simple_mul_generator_ct(const EC_GROUP *group, EC_POINT *r, + const BIGNUM *scalar, BN_CTX *ctx) +{ + return ec_GFp_simple_mul_ct(group, r, scalar, NULL, ctx); +} + +int +ec_GFp_simple_mul_single_ct(const EC_GROUP *group, EC_POINT *r, + const BIGNUM *scalar, const EC_POINT *point, BN_CTX *ctx) +{ + return ec_GFp_simple_mul_ct(group, r, scalar, point, ctx); +} + +int +ec_GFp_simple_mul_double_nonct(const EC_GROUP *group, EC_POINT *r, + const BIGNUM *g_scalar, const BIGNUM *p_scalar, const EC_POINT *point, + BN_CTX *ctx) +{ + return ec_wNAF_mul(group, r, g_scalar, 1, &point, &p_scalar, ctx); +} diff --git a/src/lib/libcrypto/ec/ectest.c b/src/lib/libcrypto/ec/ectest.c deleted file mode 100644 index 243cd83fb54..00000000000 --- a/src/lib/libcrypto/ec/ectest.c +++ /dev/null @@ -1,634 +0,0 @@ -/* crypto/ec/ectest.c */ -/* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include -#include -#include - - -#ifdef OPENSSL_NO_EC -int main(int argc, char * argv[]) { puts("Elliptic curves are disabled."); return 0; } -#else - - -#include -#include -#include - -#define ABORT do { \ - fflush(stdout); \ - fprintf(stderr, "%s:%d: ABORT\n", __FILE__, __LINE__); \ - ERR_print_errors_fp(stderr); \ - exit(1); \ -} while (0) - - -void timings(EC_GROUP *group, int multi, BN_CTX *ctx) - { - clock_t clck; - int i, j; - BIGNUM *s, *s0; - EC_POINT *P; - - s = BN_new(); - s0 = BN_new(); - if (s == NULL || s0 == NULL) ABORT; - - if (!EC_GROUP_get_curve_GFp(group, s, NULL, NULL, ctx)) ABORT; - fprintf(stdout, "Timings for %d bit prime, ", (int)BN_num_bits(s)); - if (!EC_GROUP_get_order(group, s, ctx)) ABORT; - fprintf(stdout, "%d bit scalars ", (int)BN_num_bits(s)); - fflush(stdout); - - P = EC_POINT_new(group); - if (P == NULL) ABORT; - EC_POINT_copy(P, EC_GROUP_get0_generator(group)); - - clck = clock(); - for (i = 0; i < 10; i++) - { - if (!BN_pseudo_rand(s, BN_num_bits(s), 0, 0)) ABORT; - if (multi) - { - if (!BN_pseudo_rand(s0, BN_num_bits(s), 0, 0)) ABORT; - } - for (j = 0; j < 10; j++) - { - if (!EC_POINT_mul(group, P, s, multi ? P : NULL, multi ? s0 : NULL, ctx)) ABORT; - } - fprintf(stdout, "."); - fflush(stdout); - } - fprintf(stdout, "\n"); - - clck = clock() - clck; - -#ifdef CLOCKS_PER_SEC - /* "To determine the time in seconds, the value returned - * by the clock function should be divided by the value - * of the macro CLOCKS_PER_SEC." - * -- ISO/IEC 9899 */ -# define UNIT "s" -#else - /* "`CLOCKS_PER_SEC' undeclared (first use this function)" - * -- cc on NeXTstep/OpenStep */ -# define UNIT "units" -# define CLOCKS_PER_SEC 1 -#endif - - fprintf(stdout, "%i %s in %.2f " UNIT "\n", i*j, - multi ? "s*P+t*Q operations" : "point multiplications", - (double)clck/CLOCKS_PER_SEC); - fprintf(stdout, "average: %.4f " UNIT "\n", (double)clck/(CLOCKS_PER_SEC*i*j)); - - EC_POINT_free(P); - BN_free(s); - BN_free(s0); - } - - -int main(int argc, char *argv[]) - { - BN_CTX *ctx = NULL; - BIGNUM *p, *a, *b; - EC_GROUP *group; - EC_GROUP *P_192 = NULL, *P_224 = NULL, *P_256 = NULL, *P_384 = NULL, *P_521 = NULL; - EC_POINT *P, *Q, *R; - BIGNUM *x, *y, *z; - unsigned char buf[100]; - size_t i, len; - int k; - - /* enable memory leak checking unless explicitly disabled */ - if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))) - { - CRYPTO_malloc_debug_init(); - CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); - } - else - { - /* OPENSSL_DEBUG_MEMORY=off */ - CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0); - } - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - ERR_load_crypto_strings(); - -#if 1 /* optional */ - ctx = BN_CTX_new(); - if (!ctx) ABORT; -#endif - - p = BN_new(); - a = BN_new(); - b = BN_new(); - if (!p || !a || !b) ABORT; - - if (!BN_hex2bn(&p, "17")) ABORT; - if (!BN_hex2bn(&a, "1")) ABORT; - if (!BN_hex2bn(&b, "1")) ABORT; - - group = EC_GROUP_new(EC_GFp_mont_method()); /* applications should use EC_GROUP_new_curve_GFp - * so that the library gets to choose the EC_METHOD */ - if (!group) ABORT; - - if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT; - - { - EC_GROUP *tmp; - tmp = EC_GROUP_new(EC_GROUP_method_of(group)); - if (!tmp) ABORT; - if (!EC_GROUP_copy(tmp, group)); - EC_GROUP_free(group); - group = tmp; - } - - if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) ABORT; - - fprintf(stdout, "Curve defined by Weierstrass equation\n y^2 = x^3 + a*x + b (mod 0x"); - BN_print_fp(stdout, p); - fprintf(stdout, ")\n a = 0x"); - BN_print_fp(stdout, a); - fprintf(stdout, "\n b = 0x"); - BN_print_fp(stdout, b); - fprintf(stdout, "\n"); - - P = EC_POINT_new(group); - Q = EC_POINT_new(group); - R = EC_POINT_new(group); - if (!P || !Q || !R) ABORT; - - if (!EC_POINT_set_to_infinity(group, P)) ABORT; - if (!EC_POINT_is_at_infinity(group, P)) ABORT; - - buf[0] = 0; - if (!EC_POINT_oct2point(group, Q, buf, 1, ctx)) ABORT; - - if (!EC_POINT_add(group, P, P, Q, ctx)) ABORT; - if (!EC_POINT_is_at_infinity(group, P)) ABORT; - - x = BN_new(); - y = BN_new(); - z = BN_new(); - if (!x || !y || !z) ABORT; - - if (!BN_hex2bn(&x, "D")) ABORT; - if (!EC_POINT_set_compressed_coordinates_GFp(group, Q, x, 1, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, Q, ctx)) - { - if (!EC_POINT_get_affine_coordinates_GFp(group, Q, x, y, ctx)) ABORT; - fprintf(stderr, "Point is not on curve: x = 0x"); - BN_print_fp(stderr, x); - fprintf(stderr, ", y = 0x"); - BN_print_fp(stderr, y); - fprintf(stderr, "\n"); - ABORT; - } - - fprintf(stdout, "A cyclic subgroup:\n"); - k = 100; - do - { - if (k-- == 0) ABORT; - - if (EC_POINT_is_at_infinity(group, P)) - fprintf(stdout, " point at infinity\n"); - else - { - if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT; - - fprintf(stdout, " x = 0x"); - BN_print_fp(stdout, x); - fprintf(stdout, ", y = 0x"); - BN_print_fp(stdout, y); - fprintf(stdout, "\n"); - } - - if (!EC_POINT_copy(R, P)) ABORT; - if (!EC_POINT_add(group, P, P, Q, ctx)) ABORT; - -#if 0 /* optional */ - { - EC_POINT *points[3]; - - points[0] = R; - points[1] = Q; - points[2] = P; - if (!EC_POINTs_make_affine(group, 2, points, ctx)) ABORT; - } -#endif - - } - while (!EC_POINT_is_at_infinity(group, P)); - - if (!EC_POINT_add(group, P, Q, R, ctx)) ABORT; - if (!EC_POINT_is_at_infinity(group, P)) ABORT; - - len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf, sizeof buf, ctx); - if (len == 0) ABORT; - if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT; - if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT; - fprintf(stdout, "Generator as octect string, compressed form:\n "); - for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]); - - len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf, sizeof buf, ctx); - if (len == 0) ABORT; - if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT; - if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT; - fprintf(stdout, "\nGenerator as octect string, uncompressed form:\n "); - for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]); - - len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof buf, ctx); - if (len == 0) ABORT; - if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT; - if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT; - fprintf(stdout, "\nGenerator as octect string, hybrid form:\n "); - for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]); - - if (!EC_POINT_get_Jprojective_coordinates_GFp(group, R, x, y, z, ctx)) ABORT; - fprintf(stdout, "\nA representation of the inverse of that generator in\nJacobian projective coordinates:\n X = 0x"); - BN_print_fp(stdout, x); - fprintf(stdout, ", Y = 0x"); - BN_print_fp(stdout, y); - fprintf(stdout, ", Z = 0x"); - BN_print_fp(stdout, z); - fprintf(stdout, "\n"); - - if (!EC_POINT_invert(group, P, ctx)) ABORT; - if (0 != EC_POINT_cmp(group, P, R, ctx)) ABORT; - - - /* Curve P-192 (FIPS PUB 186-2, App. 6) */ - - if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF")) ABORT; - if (1 != BN_is_prime(p, BN_prime_checks, 0, ctx, NULL)) ABORT; - if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC")) ABORT; - if (!BN_hex2bn(&b, "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1")) ABORT; - if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT; - - if (!BN_hex2bn(&x, "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012")) ABORT; - if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; - if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831")) ABORT; - if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT; - - if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT; - fprintf(stdout, "\nNIST curve P-192 -- Generator:\n x = 0x"); - BN_print_fp(stdout, x); - fprintf(stdout, "\n y = 0x"); - BN_print_fp(stdout, y); - fprintf(stdout, "\n"); - /* G_y value taken from the standard: */ - if (!BN_hex2bn(&z, "07192B95FFC8DA78631011ED6B24CDD573F977A11E794811")) ABORT; - if (0 != BN_cmp(y, z)) ABORT; - - fprintf(stdout, "verify group order ..."); - fflush(stdout); - if (!EC_GROUP_get_order(group, z, ctx)) ABORT; - if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; - if (!EC_POINT_is_at_infinity(group, Q)) ABORT; - fprintf(stdout, "."); - fflush(stdout); - if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; - if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; - if (!EC_POINT_is_at_infinity(group, Q)) ABORT; - fprintf(stdout, " ok\n"); - - if (!(P_192 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT; - if (!EC_GROUP_copy(P_192, group)) ABORT; - - - /* Curve P-224 (FIPS PUB 186-2, App. 6) */ - - if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001")) ABORT; - if (1 != BN_is_prime(p, BN_prime_checks, 0, ctx, NULL)) ABORT; - if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE")) ABORT; - if (!BN_hex2bn(&b, "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4")) ABORT; - if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT; - - if (!BN_hex2bn(&x, "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21")) ABORT; - if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; - if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D")) ABORT; - if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT; - - if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT; - fprintf(stdout, "\nNIST curve P-224 -- Generator:\n x = 0x"); - BN_print_fp(stdout, x); - fprintf(stdout, "\n y = 0x"); - BN_print_fp(stdout, y); - fprintf(stdout, "\n"); - /* G_y value taken from the standard: */ - if (!BN_hex2bn(&z, "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34")) ABORT; - if (0 != BN_cmp(y, z)) ABORT; - - fprintf(stdout, "verify group order ..."); - fflush(stdout); - if (!EC_GROUP_get_order(group, z, ctx)) ABORT; - if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; - if (!EC_POINT_is_at_infinity(group, Q)) ABORT; - fprintf(stdout, "."); - fflush(stdout); - if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; - if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; - if (!EC_POINT_is_at_infinity(group, Q)) ABORT; - fprintf(stdout, " ok\n"); - - if (!(P_224 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT; - if (!EC_GROUP_copy(P_224, group)) ABORT; - - - /* Curve P-256 (FIPS PUB 186-2, App. 6) */ - - if (!BN_hex2bn(&p, "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF")) ABORT; - if (1 != BN_is_prime(p, BN_prime_checks, 0, ctx, NULL)) ABORT; - if (!BN_hex2bn(&a, "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC")) ABORT; - if (!BN_hex2bn(&b, "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B")) ABORT; - if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT; - - if (!BN_hex2bn(&x, "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296")) ABORT; - if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; - if (!BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E" - "84F3B9CAC2FC632551")) ABORT; - if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT; - - if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT; - fprintf(stdout, "\nNIST curve P-256 -- Generator:\n x = 0x"); - BN_print_fp(stdout, x); - fprintf(stdout, "\n y = 0x"); - BN_print_fp(stdout, y); - fprintf(stdout, "\n"); - /* G_y value taken from the standard: */ - if (!BN_hex2bn(&z, "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5")) ABORT; - if (0 != BN_cmp(y, z)) ABORT; - - fprintf(stdout, "verify group order ..."); - fflush(stdout); - if (!EC_GROUP_get_order(group, z, ctx)) ABORT; - if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; - if (!EC_POINT_is_at_infinity(group, Q)) ABORT; - fprintf(stdout, "."); - fflush(stdout); - if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; - if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; - if (!EC_POINT_is_at_infinity(group, Q)) ABORT; - fprintf(stdout, " ok\n"); - - if (!(P_256 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT; - if (!EC_GROUP_copy(P_256, group)) ABORT; - - - /* Curve P-384 (FIPS PUB 186-2, App. 6) */ - - if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF")) ABORT; - if (1 != BN_is_prime(p, BN_prime_checks, 0, ctx, NULL)) ABORT; - if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC")) ABORT; - if (!BN_hex2bn(&b, "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141" - "120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF")) ABORT; - if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT; - - if (!BN_hex2bn(&x, "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B" - "9859F741E082542A385502F25DBF55296C3A545E3872760AB7")) ABORT; - if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; - if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973")) ABORT; - if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT; - - if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT; - fprintf(stdout, "\nNIST curve P-384 -- Generator:\n x = 0x"); - BN_print_fp(stdout, x); - fprintf(stdout, "\n y = 0x"); - BN_print_fp(stdout, y); - fprintf(stdout, "\n"); - /* G_y value taken from the standard: */ - if (!BN_hex2bn(&z, "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A14" - "7CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F")) ABORT; - if (0 != BN_cmp(y, z)) ABORT; - - fprintf(stdout, "verify group order ..."); - fflush(stdout); - if (!EC_GROUP_get_order(group, z, ctx)) ABORT; - if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; - if (!EC_POINT_is_at_infinity(group, Q)) ABORT; - fprintf(stdout, "."); - fflush(stdout); - if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; - if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; - if (!EC_POINT_is_at_infinity(group, Q)) ABORT; - fprintf(stdout, " ok\n"); - - if (!(P_384 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT; - if (!EC_GROUP_copy(P_384, group)) ABORT; - - - /* Curve P-521 (FIPS PUB 186-2, App. 6) */ - - if (!BN_hex2bn(&p, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFFFFFFFFFFFF")) ABORT; - if (1 != BN_is_prime(p, BN_prime_checks, 0, ctx, NULL)) ABORT; - if (!BN_hex2bn(&a, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFFFFFFFFFFFC")) ABORT; - if (!BN_hex2bn(&b, "051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B" - "315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573" - "DF883D2C34F1EF451FD46B503F00")) ABORT; - if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT; - - if (!BN_hex2bn(&x, "C6858E06B70404E9CD9E3ECB662395B4429C648139053F" - "B521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B" - "3C1856A429BF97E7E31C2E5BD66")) ABORT; - if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; - if (!BN_hex2bn(&z, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" - "FFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5" - "C9B8899C47AEBB6FB71E91386409")) ABORT; - if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT; - - if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT; - fprintf(stdout, "\nNIST curve P-521 -- Generator:\n x = 0x"); - BN_print_fp(stdout, x); - fprintf(stdout, "\n y = 0x"); - BN_print_fp(stdout, y); - fprintf(stdout, "\n"); - /* G_y value taken from the standard: */ - if (!BN_hex2bn(&z, "11839296A789A3BC0045C8A5FB42C7D1BD998F54449579" - "B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C" - "7086A272C24088BE94769FD16650")) ABORT; - if (0 != BN_cmp(y, z)) ABORT; - - fprintf(stdout, "verify group order ..."); - fflush(stdout); - if (!EC_GROUP_get_order(group, z, ctx)) ABORT; - if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; - if (!EC_POINT_is_at_infinity(group, Q)) ABORT; - fprintf(stdout, "."); - fflush(stdout); - if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; - if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; - if (!EC_POINT_is_at_infinity(group, Q)) ABORT; - fprintf(stdout, " ok\n"); - - if (!(P_521 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT; - if (!EC_GROUP_copy(P_521, group)) ABORT; - - - /* more tests using the last curve */ - - if (!EC_POINT_copy(Q, P)) ABORT; - if (EC_POINT_is_at_infinity(group, Q)) ABORT; - if (!EC_POINT_dbl(group, P, P, ctx)) ABORT; - if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; - if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */ - - if (!EC_POINT_add(group, R, P, Q, ctx)) ABORT; - if (!EC_POINT_add(group, R, R, Q, ctx)) ABORT; - if (!EC_POINT_is_at_infinity(group, R)) ABORT; /* R = P + 2Q */ - - { - const EC_POINT *points[3]; - const BIGNUM *scalars[3]; - - if (EC_POINT_is_at_infinity(group, Q)) ABORT; - points[0] = Q; - points[1] = Q; - points[2] = Q; - - if (!BN_add(y, z, BN_value_one())) ABORT; - if (BN_is_odd(y)) ABORT; - if (!BN_rshift1(y, y)) ABORT; - scalars[0] = y; /* (group order + 1)/2, so y*Q + y*Q = Q */ - scalars[1] = y; - - fprintf(stdout, "combined multiplication ..."); - fflush(stdout); - - /* z is still the group order */ - if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) ABORT; - if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx)) ABORT; - if (0 != EC_POINT_cmp(group, P, R, ctx)) ABORT; - if (0 != EC_POINT_cmp(group, R, Q, ctx)) ABORT; - - fprintf(stdout, "."); - fflush(stdout); - - if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0)) ABORT; - if (!BN_add(z, z, y)) ABORT; - z->neg = 1; - scalars[0] = y; - scalars[1] = z; /* z = -(order + y) */ - - if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) ABORT; - if (!EC_POINT_is_at_infinity(group, P)) ABORT; - - fprintf(stdout, "."); - fflush(stdout); - - if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0)) ABORT; - if (!BN_add(z, x, y)) ABORT; - z->neg = 1; - scalars[0] = x; - scalars[1] = y; - scalars[2] = z; /* z = -(x+y) */ - - if (!EC_POINTs_mul(group, P, NULL, 3, points, scalars, ctx)) ABORT; - if (!EC_POINT_is_at_infinity(group, P)) ABORT; - - fprintf(stdout, " ok\n\n"); - } - - -#if 0 - timings(P_192, 0, ctx); - timings(P_192, 1, ctx); - timings(P_224, 0, ctx); - timings(P_224, 1, ctx); - timings(P_256, 0, ctx); - timings(P_256, 1, ctx); - timings(P_384, 0, ctx); - timings(P_384, 1, ctx); - timings(P_521, 0, ctx); - timings(P_521, 1, ctx); -#endif - - - if (ctx) - BN_CTX_free(ctx); - BN_free(p); BN_free(a); BN_free(b); - EC_GROUP_free(group); - EC_POINT_free(P); - EC_POINT_free(Q); - EC_POINT_free(R); - BN_free(x); BN_free(y); BN_free(z); - - if (P_192) EC_GROUP_free(P_192); - if (P_224) EC_GROUP_free(P_224); - if (P_256) EC_GROUP_free(P_256); - if (P_384) EC_GROUP_free(P_384); - if (P_521) EC_GROUP_free(P_521); - - ENGINE_cleanup(); - CRYPTO_cleanup_all_ex_data(); - ERR_free_strings(); - ERR_remove_state(0); - CRYPTO_mem_leaks_fp(stderr); - - return 0; - } -#endif diff --git a/src/lib/libcrypto/ecdh/ecdh.h b/src/lib/libcrypto/ecdh/ecdh.h new file mode 100644 index 00000000000..ccc1312fd87 --- /dev/null +++ b/src/lib/libcrypto/ecdh/ecdh.h @@ -0,0 +1,128 @@ +/* $OpenBSD: ecdh.h,v 1.5 2015/09/13 12:03:07 jsing Exp $ */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * The Elliptic Curve Public-Key Crypto Library (ECC Code) included + * herein is developed by SUN MICROSYSTEMS, INC., and is contributed + * to the OpenSSL project. + * + * The ECC Code is licensed pursuant to the OpenSSL open source + * license provided below. + * + * The ECDH software is originally written by Douglas Stebila of + * Sun Microsystems Laboratories. + * + */ +/* ==================================================================== + * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +#ifndef HEADER_ECDH_H +#define HEADER_ECDH_H + +#include + +#ifdef OPENSSL_NO_ECDH +#error ECDH is disabled. +#endif + +#include +#include +#ifndef OPENSSL_NO_DEPRECATED +#include +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +const ECDH_METHOD *ECDH_OpenSSL(void); + +void ECDH_set_default_method(const ECDH_METHOD *); +const ECDH_METHOD *ECDH_get_default_method(void); +int ECDH_set_method(EC_KEY *, const ECDH_METHOD *); + +int ECDH_size(const EC_KEY *ecdh); +int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, + EC_KEY *ecdh, + void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)); + +int ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new +*new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +int ECDH_set_ex_data(EC_KEY *d, int idx, void *arg); +void *ECDH_get_ex_data(EC_KEY *d, int idx); + + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_ECDH_strings(void); + +/* Error codes for the ECDH functions. */ + +/* Function codes. */ +#define ECDH_F_ECDH_CHECK 102 +#define ECDH_F_ECDH_COMPUTE_KEY 100 +#define ECDH_F_ECDH_DATA_NEW_METHOD 101 + +/* Reason codes. */ +#define ECDH_R_KDF_FAILED 102 +#define ECDH_R_KEY_TRUNCATION 104 +#define ECDH_R_NON_FIPS_METHOD 103 +#define ECDH_R_NO_PRIVATE_VALUE 100 +#define ECDH_R_POINT_ARITHMETIC_FAILURE 101 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/src/lib/libcrypto/ecdh/ech_err.c b/src/lib/libcrypto/ecdh/ech_err.c new file mode 100644 index 00000000000..149c2a85052 --- /dev/null +++ b/src/lib/libcrypto/ecdh/ech_err.c @@ -0,0 +1,99 @@ +/* $OpenBSD: ech_err.c,v 1.6 2017/01/29 17:49:23 beck Exp $ */ +/* ==================================================================== + * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ + +#include + +#include + +#include +#include + +/* BEGIN ERROR CODES */ +#ifndef OPENSSL_NO_ERR + +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ECDH,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ECDH,0,reason) + +static ERR_STRING_DATA ECDH_str_functs[]= { + {ERR_FUNC(0xfff), "CRYPTO_internal"}, + {0, NULL} +}; + +static ERR_STRING_DATA ECDH_str_reasons[]= { + {ERR_REASON(ECDH_R_KDF_FAILED) , "KDF failed"}, + {ERR_REASON(ECDH_R_KEY_TRUNCATION), "key would be truncated"}, + {ERR_REASON(ECDH_R_NON_FIPS_METHOD) , "non fips method"}, + {ERR_REASON(ECDH_R_NO_PRIVATE_VALUE) , "no private value"}, + {ERR_REASON(ECDH_R_POINT_ARITHMETIC_FAILURE), "point arithmetic failure"}, + {0, NULL} +}; + +#endif + +void +ERR_load_ECDH_strings(void) +{ +#ifndef OPENSSL_NO_ERR + if (ERR_func_error_string(ECDH_str_functs[0].error) == NULL) { + ERR_load_strings(0, ECDH_str_functs); + ERR_load_strings(0, ECDH_str_reasons); + } +#endif +} diff --git a/src/lib/libcrypto/ecdh/ech_key.c b/src/lib/libcrypto/ecdh/ech_key.c new file mode 100644 index 00000000000..378912cacba --- /dev/null +++ b/src/lib/libcrypto/ecdh/ech_key.c @@ -0,0 +1,241 @@ +/* $OpenBSD: ech_key.c,v 1.9 2019/01/19 01:12:48 tb Exp $ */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * The Elliptic Curve Public-Key Crypto Library (ECC Code) included + * herein is developed by SUN MICROSYSTEMS, INC., and is contributed + * to the OpenSSL project. + * + * The ECC Code is licensed pursuant to the OpenSSL open source + * license provided below. + * + * The ECDH software is originally written by Douglas Stebila of + * Sun Microsystems Laboratories. + * + */ +/* ==================================================================== + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include + +#include + +#include +#include +#include +#include + +#include "ech_locl.h" +#include "ec_lcl.h" + +static int ecdh_compute_key(void *out, size_t len, const EC_POINT *pub_key, + EC_KEY *ecdh, + void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)); + +/* + * This implementation is based on the following primitives in the IEEE 1363 + * standard: + * - ECKAS-DH1 + * - ECSVDP-DH + * Finally an optional KDF is applied. + */ +static int +ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, + EC_KEY *ecdh, + void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)) +{ + BN_CTX *ctx; + EC_POINT *tmp = NULL; + BIGNUM *x = NULL, *y = NULL; + const BIGNUM *priv_key; + const EC_GROUP* group; + int ret = -1; + size_t buflen, len; + unsigned char *buf = NULL; + + if (outlen > INT_MAX) { + /* Sort of, anyway. */ + ECDHerror(ERR_R_MALLOC_FAILURE); + return -1; + } + + if ((ctx = BN_CTX_new()) == NULL) + goto err; + BN_CTX_start(ctx); + if ((x = BN_CTX_get(ctx)) == NULL) + goto err; + if ((y = BN_CTX_get(ctx)) == NULL) + goto err; + + priv_key = EC_KEY_get0_private_key(ecdh); + if (priv_key == NULL) { + ECDHerror(ECDH_R_NO_PRIVATE_VALUE); + goto err; + } + + group = EC_KEY_get0_group(ecdh); + + if (!EC_POINT_is_on_curve(group, pub_key, ctx)) + goto err; + + if ((tmp = EC_POINT_new(group)) == NULL) { + ECDHerror(ERR_R_MALLOC_FAILURE); + goto err; + } + + if (!EC_POINT_mul(group, tmp, NULL, pub_key, priv_key, ctx)) { + ECDHerror(ECDH_R_POINT_ARITHMETIC_FAILURE); + goto err; + } + + if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == + NID_X9_62_prime_field) { + if (!EC_POINT_get_affine_coordinates_GFp(group, tmp, x, y, + ctx)) { + ECDHerror(ECDH_R_POINT_ARITHMETIC_FAILURE); + goto err; + } + } +#ifndef OPENSSL_NO_EC2M + else { + if (!EC_POINT_get_affine_coordinates_GF2m(group, tmp, x, y, + ctx)) { + ECDHerror(ECDH_R_POINT_ARITHMETIC_FAILURE); + goto err; + } + } +#endif + + buflen = ECDH_size(ecdh); + len = BN_num_bytes(x); + if (len > buflen) { + ECDHerror(ERR_R_INTERNAL_ERROR); + goto err; + } + if (KDF == NULL && outlen < buflen) { + /* The resulting key would be truncated. */ + ECDHerror(ECDH_R_KEY_TRUNCATION); + goto err; + } + if ((buf = malloc(buflen)) == NULL) { + ECDHerror(ERR_R_MALLOC_FAILURE); + goto err; + } + + memset(buf, 0, buflen - len); + if (len != (size_t)BN_bn2bin(x, buf + buflen - len)) { + ECDHerror(ERR_R_BN_LIB); + goto err; + } + + if (KDF != NULL) { + if (KDF(buf, buflen, out, &outlen) == NULL) { + ECDHerror(ECDH_R_KDF_FAILED); + goto err; + } + ret = outlen; + } else { + /* No KDF, just copy out the key and zero the rest. */ + if (outlen > buflen) { + memset((void *)((uintptr_t)out + buflen), 0, outlen - buflen); + outlen = buflen; + } + memcpy(out, buf, outlen); + ret = outlen; + } + +err: + EC_POINT_free(tmp); + if (ctx) + BN_CTX_end(ctx); + BN_CTX_free(ctx); + free(buf); + return (ret); +} + +static ECDH_METHOD openssl_ecdh_meth = { + .name = "OpenSSL ECDH method", + .compute_key = ecdh_compute_key +}; + +const ECDH_METHOD * +ECDH_OpenSSL(void) +{ + return &openssl_ecdh_meth; +} + +/* replace w/ ecdh_compute_key() when ECDH_METHOD gets removed */ +int +ossl_ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, + EC_KEY *eckey, + void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)) +{ + ECDH_DATA *ecdh; + + if ((ecdh = ecdh_check(eckey)) == NULL) + return 0; + return ecdh->meth->compute_key(out, outlen, pub_key, eckey, KDF); +} + +int +ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, + EC_KEY *eckey, + void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)) +{ + if (eckey->meth->compute_key != NULL) + return eckey->meth->compute_key(out, outlen, pub_key, eckey, KDF); + ECerror(EC_R_NOT_IMPLEMENTED); + return 0; +} diff --git a/src/lib/libcrypto/ecdh/ech_lib.c b/src/lib/libcrypto/ecdh/ech_lib.c new file mode 100644 index 00000000000..cc8edafa077 --- /dev/null +++ b/src/lib/libcrypto/ecdh/ech_lib.c @@ -0,0 +1,242 @@ +/* $OpenBSD: ech_lib.c,v 1.14 2018/04/14 07:09:21 tb Exp $ */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * The Elliptic Curve Public-Key Crypto Library (ECC Code) included + * herein is developed by SUN MICROSYSTEMS, INC., and is contributed + * to the OpenSSL project. + * + * The ECC Code is licensed pursuant to the OpenSSL open source + * license provided below. + * + * The ECDH software is originally written by Douglas Stebila of + * Sun Microsystems Laboratories. + * + */ +/* ==================================================================== + * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include + +#include + +#include "ech_locl.h" +#ifndef OPENSSL_NO_ENGINE +#include +#endif +#include + +static const ECDH_METHOD *default_ECDH_method = NULL; + +static void *ecdh_data_new(void); +static void *ecdh_data_dup(void *); +static void ecdh_data_free(void *); + +void +ECDH_set_default_method(const ECDH_METHOD *meth) +{ + default_ECDH_method = meth; +} + +const ECDH_METHOD * +ECDH_get_default_method(void) +{ + if (!default_ECDH_method) { + default_ECDH_method = ECDH_OpenSSL(); + } + return default_ECDH_method; +} + +int +ECDH_set_method(EC_KEY *eckey, const ECDH_METHOD *meth) +{ + ECDH_DATA *ecdh; + + ecdh = ecdh_check(eckey); + + if (ecdh == NULL) + return 0; + +#ifndef OPENSSL_NO_ENGINE + ENGINE_finish(ecdh->engine); + ecdh->engine = NULL; +#endif + ecdh->meth = meth; + return 1; +} + +static ECDH_DATA * +ECDH_DATA_new_method(ENGINE *engine) +{ + ECDH_DATA *ret; + + ret = malloc(sizeof(ECDH_DATA)); + if (ret == NULL) { + ECDHerror(ERR_R_MALLOC_FAILURE); + return (NULL); + } + + ret->init = NULL; + + ret->meth = ECDH_get_default_method(); + ret->engine = engine; +#ifndef OPENSSL_NO_ENGINE + if (!ret->engine) + ret->engine = ENGINE_get_default_ECDH(); + if (ret->engine) { + ret->meth = ENGINE_get_ECDH(ret->engine); + if (ret->meth == NULL) { + ECDHerror(ERR_R_ENGINE_LIB); + ENGINE_finish(ret->engine); + free(ret); + return NULL; + } + } +#endif + + ret->flags = ret->meth->flags; + CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ECDH, ret, &ret->ex_data); + return (ret); +} + +static void * +ecdh_data_new(void) +{ + return (void *)ECDH_DATA_new_method(NULL); +} + +static void * +ecdh_data_dup(void *data) +{ + ECDH_DATA *r = (ECDH_DATA *)data; + + /* XXX: dummy operation */ + if (r == NULL) + return NULL; + + return (void *)ecdh_data_new(); +} + +void +ecdh_data_free(void *data) +{ + ECDH_DATA *r = (ECDH_DATA *)data; + +#ifndef OPENSSL_NO_ENGINE + ENGINE_finish(r->engine); +#endif + + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, r, &r->ex_data); + + freezero(r, sizeof(ECDH_DATA)); +} + +ECDH_DATA * +ecdh_check(EC_KEY *key) +{ + ECDH_DATA *ecdh_data; + + void *data = EC_KEY_get_key_method_data(key, ecdh_data_dup, + ecdh_data_free, ecdh_data_free); + if (data == NULL) { + ecdh_data = (ECDH_DATA *)ecdh_data_new(); + if (ecdh_data == NULL) + return NULL; + data = EC_KEY_insert_key_method_data(key, (void *)ecdh_data, + ecdh_data_dup, ecdh_data_free, ecdh_data_free); + if (data != NULL) { + /* Another thread raced us to install the key_method + * data and won. */ + ecdh_data_free(ecdh_data); + ecdh_data = (ECDH_DATA *)data; + } + } else + ecdh_data = (ECDH_DATA *)data; + + return ecdh_data; +} + +int +ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) +{ + return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ECDH, argl, argp, + new_func, dup_func, free_func); +} + +int +ECDH_set_ex_data(EC_KEY *d, int idx, void *arg) +{ + ECDH_DATA *ecdh; + ecdh = ecdh_check(d); + if (ecdh == NULL) + return 0; + return (CRYPTO_set_ex_data(&ecdh->ex_data, idx, arg)); +} + +void * +ECDH_get_ex_data(EC_KEY *d, int idx) +{ + ECDH_DATA *ecdh; + ecdh = ecdh_check(d); + if (ecdh == NULL) + return NULL; + return (CRYPTO_get_ex_data(&ecdh->ex_data, idx)); +} + +int +ECDH_size(const EC_KEY *d) +{ + return ((EC_GROUP_get_degree(EC_KEY_get0_group(d)) + 7) / 8); +} diff --git a/src/lib/libcrypto/ecdh/ech_locl.h b/src/lib/libcrypto/ecdh/ech_locl.h new file mode 100644 index 00000000000..b5777df4230 --- /dev/null +++ b/src/lib/libcrypto/ecdh/ech_locl.h @@ -0,0 +1,93 @@ +/* $OpenBSD: ech_locl.h,v 1.5 2016/12/21 15:49:29 jsing Exp $ */ +/* ==================================================================== + * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_ECH_LOCL_H +#define HEADER_ECH_LOCL_H + +#include + +__BEGIN_HIDDEN_DECLS + +struct ecdh_method { + const char *name; + int (*compute_key)(void *key, size_t outlen, const EC_POINT *pub_key, EC_KEY *ecdh, + void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen)); + int flags; + char *app_data; +}; + +/* If this flag is set the ECDH method is FIPS compliant and can be used + * in FIPS mode. This is set in the validated module method. If an + * application sets this flag in its own methods it is its responsibility + * to ensure the result is compliant. + */ + +#define ECDH_FLAG_FIPS_METHOD 0x1 + +typedef struct ecdh_data_st { + /* EC_KEY_METH_DATA part */ + int (*init)(EC_KEY *); + /* method specific part */ + ENGINE *engine; + int flags; + const ECDH_METHOD *meth; + CRYPTO_EX_DATA ex_data; +} ECDH_DATA; + +ECDH_DATA *ecdh_check(EC_KEY *); + +__END_HIDDEN_DECLS + +#endif /* HEADER_ECH_LOCL_H */ diff --git a/src/lib/libcrypto/ecdsa/ecdsa.h b/src/lib/libcrypto/ecdsa/ecdsa.h new file mode 100644 index 00000000000..c4e107eee58 --- /dev/null +++ b/src/lib/libcrypto/ecdsa/ecdsa.h @@ -0,0 +1,331 @@ +/* $OpenBSD: ecdsa.h,v 1.8 2019/01/19 01:17:41 tb Exp $ */ +/** + * \file crypto/ecdsa/ecdsa.h Include file for the OpenSSL ECDSA functions + * \author Written by Nils Larsch for the OpenSSL project + */ +/* ==================================================================== + * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +#ifndef HEADER_ECDSA_H +#define HEADER_ECDSA_H + +#include + +#ifdef OPENSSL_NO_ECDSA +#error ECDSA is disabled. +#endif + +#include +#include +#ifndef OPENSSL_NO_DEPRECATED +#include +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct ECDSA_SIG_st ECDSA_SIG; + +struct ecdsa_method { + const char *name; + ECDSA_SIG *(*ecdsa_do_sign)(const unsigned char *dgst, int dgst_len, + const BIGNUM *inv, const BIGNUM *rp, EC_KEY *eckey); + int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, + BIGNUM **r); + int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len, + const ECDSA_SIG *sig, EC_KEY *eckey); +#if 0 + int (*init)(EC_KEY *eckey); + int (*finish)(EC_KEY *eckey); +#endif + int flags; + char *app_data; +}; + +/* If this flag is set the ECDSA method is FIPS compliant and can be used + * in FIPS mode. This is set in the validated module method. If an + * application sets this flag in its own methods it is its responsibility + * to ensure the result is compliant. + */ + +#define ECDSA_FLAG_FIPS_METHOD 0x1 + +struct ECDSA_SIG_st { + BIGNUM *r; + BIGNUM *s; +}; + +/** Allocates and initialize a ECDSA_SIG structure + * \return pointer to a ECDSA_SIG structure or NULL if an error occurred + */ +ECDSA_SIG *ECDSA_SIG_new(void); + +/** frees a ECDSA_SIG structure + * \param sig pointer to the ECDSA_SIG structure + */ +void ECDSA_SIG_free(ECDSA_SIG *sig); + +/** DER encode content of ECDSA_SIG object (note: this function modifies *pp + * (*pp += length of the DER encoded signature)). + * \param sig pointer to the ECDSA_SIG object + * \param pp pointer to a unsigned char pointer for the output or NULL + * \return the length of the DER encoded ECDSA_SIG object or 0 + */ +int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp); + +/** Decodes a DER encoded ECDSA signature (note: this function changes *pp + * (*pp += len)). + * \param sig pointer to ECDSA_SIG pointer (may be NULL) + * \param pp memory buffer with the DER encoded signature + * \param len length of the buffer + * \return pointer to the decoded ECDSA_SIG structure (or NULL) + */ +ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len); + +/** Accessor for r and s fields of ECDSA_SIG + * \param sig pointer to ECDSA_SIG pointer + * \param pr pointer to BIGNUM pointer for r (may be NULL) + * \param ps pointer to BIGNUM pointer for s (may be NULL) + */ +void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); + +/** Setter for r and s fields of ECDSA_SIG + * \param sig pointer to ECDSA_SIG pointer + * \param r pointer to BIGNUM for r (may be NULL) + * \param s pointer to BIGNUM for s (may be NULL) + */ +int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); + +/** Computes the ECDSA signature of the given hash value using + * the supplied private key and returns the created signature. + * \param dgst pointer to the hash value + * \param dgst_len length of the hash value + * \param eckey EC_KEY object containing a private EC key + * \return pointer to a ECDSA_SIG structure or NULL if an error occurred + */ +ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len, + EC_KEY *eckey); + +/** Computes ECDSA signature of a given hash value using the supplied + * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). + * \param dgst pointer to the hash value to sign + * \param dgstlen length of the hash value + * \param kinv BIGNUM with a pre-computed inverse k (optional) + * \param rp BIGNUM with a pre-computed rp value (optioanl), + * see ECDSA_sign_setup + * \param eckey EC_KEY object containing a private EC key + * \return pointer to a ECDSA_SIG structure or NULL if an error occurred + */ +ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, + const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey); + +/** Verifies that the supplied signature is a valid ECDSA + * signature of the supplied hash value using the supplied public key. + * \param dgst pointer to the hash value + * \param dgst_len length of the hash value + * \param sig ECDSA_SIG structure + * \param eckey EC_KEY object containing a public EC key + * \return 1 if the signature is valid, 0 if the signature is invalid + * and -1 on error + */ +int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, + const ECDSA_SIG *sig, EC_KEY* eckey); + +const ECDSA_METHOD *ECDSA_OpenSSL(void); + +/** Sets the default ECDSA method + * \param meth new default ECDSA_METHOD + */ +void ECDSA_set_default_method(const ECDSA_METHOD *meth); + +/** Returns the default ECDSA method + * \return pointer to ECDSA_METHOD structure containing the default method + */ +const ECDSA_METHOD *ECDSA_get_default_method(void); + +/** Sets method to be used for the ECDSA operations + * \param eckey EC_KEY object + * \param meth new method + * \return 1 on success and 0 otherwise + */ +int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth); + +/** Returns the maximum length of the DER encoded signature + * \param eckey EC_KEY object + * \return numbers of bytes required for the DER encoded signature + */ +int ECDSA_size(const EC_KEY *eckey); + +/** Precompute parts of the signing operation + * \param eckey EC_KEY object containing a private EC key + * \param ctx BN_CTX object (optional) + * \param kinv BIGNUM pointer for the inverse of k + * \param rp BIGNUM pointer for x coordinate of k * generator + * \return 1 on success and 0 otherwise + */ +int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, + BIGNUM **rp); + +/** Computes ECDSA signature of a given hash value using the supplied + * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). + * \param type this parameter is ignored + * \param dgst pointer to the hash value to sign + * \param dgstlen length of the hash value + * \param sig memory for the DER encoded created signature + * \param siglen pointer to the length of the returned signature + * \param eckey EC_KEY object containing a private EC key + * \return 1 on success and 0 otherwise + */ +int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen, + unsigned char *sig, unsigned int *siglen, EC_KEY *eckey); + + +/** Computes ECDSA signature of a given hash value using the supplied + * private key (note: sig must point to ECDSA_size(eckey) bytes of memory). + * \param type this parameter is ignored + * \param dgst pointer to the hash value to sign + * \param dgstlen length of the hash value + * \param sig buffer to hold the DER encoded signature + * \param siglen pointer to the length of the returned signature + * \param kinv BIGNUM with a pre-computed inverse k (optional) + * \param rp BIGNUM with a pre-computed rp value (optioanl), + * see ECDSA_sign_setup + * \param eckey EC_KEY object containing a private EC key + * \return 1 on success and 0 otherwise + */ +int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen, + unsigned char *sig, unsigned int *siglen, const BIGNUM *kinv, + const BIGNUM *rp, EC_KEY *eckey); + +/** Verifies that the given signature is valid ECDSA signature + * of the supplied hash value using the specified public key. + * \param type this parameter is ignored + * \param dgst pointer to the hash value + * \param dgstlen length of the hash value + * \param sig pointer to the DER encoded signature + * \param siglen length of the DER encoded signature + * \param eckey EC_KEY object containing a public EC key + * \return 1 if the signature is valid, 0 if the signature is invalid + * and -1 on error + */ +int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen, + const unsigned char *sig, int siglen, EC_KEY *eckey); + +/* the standard ex_data functions */ +int ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +int ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg); +void *ECDSA_get_ex_data(EC_KEY *d, int idx); + + +/* XXX should be in ec.h, but needs ECDSA_SIG */ +void EC_KEY_METHOD_set_sign(EC_KEY_METHOD *meth, + int (*sign)(int type, const unsigned char *dgst, + int dlen, unsigned char *sig, unsigned int *siglen, + const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey), + int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, + BIGNUM **kinvp, BIGNUM **rp), + ECDSA_SIG *(*sign_sig)(const unsigned char *dgst, + int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, + EC_KEY *eckey)); +void EC_KEY_METHOD_set_verify(EC_KEY_METHOD *meth, + int (*verify)(int type, const unsigned char *dgst, int dgst_len, + const unsigned char *sigbuf, int sig_len, EC_KEY *eckey), + int (*verify_sig)(const unsigned char *dgst, int dgst_len, + const ECDSA_SIG *sig, EC_KEY *eckey)); +void EC_KEY_METHOD_get_sign(const EC_KEY_METHOD *meth, + int (**psign)(int type, const unsigned char *dgst, + int dlen, unsigned char *sig, unsigned int *siglen, + const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey), + int (**psign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, + BIGNUM **kinvp, BIGNUM **rp), + ECDSA_SIG *(**psign_sig)(const unsigned char *dgst, + int dgst_len, const BIGNUM *in_kinv, const BIGNUM *in_r, + EC_KEY *eckey)); +void EC_KEY_METHOD_get_verify(const EC_KEY_METHOD *meth, + int (**pverify)(int type, const unsigned char *dgst, int dgst_len, + const unsigned char *sigbuf, int sig_len, EC_KEY *eckey), + int (**pverify_sig)(const unsigned char *dgst, int dgst_len, + const ECDSA_SIG *sig, EC_KEY *eckey)); + + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_ECDSA_strings(void); + +/* Error codes for the ECDSA functions. */ + +/* Function codes. */ +#define ECDSA_F_ECDSA_CHECK 104 +#define ECDSA_F_ECDSA_DATA_NEW_METHOD 100 +#define ECDSA_F_ECDSA_DO_SIGN 101 +#define ECDSA_F_ECDSA_DO_VERIFY 102 +#define ECDSA_F_ECDSA_SIGN_SETUP 103 + +/* Reason codes. */ +#define ECDSA_R_BAD_SIGNATURE 100 +#define ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 101 +#define ECDSA_R_ERR_EC_LIB 102 +#define ECDSA_R_MISSING_PARAMETERS 103 +#define ECDSA_R_NEED_NEW_SETUP_VALUES 106 +#define ECDSA_R_NON_FIPS_METHOD 107 +#define ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED 104 +#define ECDSA_R_SIGNATURE_MALLOC_FAILED 105 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/src/lib/libcrypto/ecdsa/ecs_asn1.c b/src/lib/libcrypto/ecdsa/ecs_asn1.c new file mode 100644 index 00000000000..e463858669c --- /dev/null +++ b/src/lib/libcrypto/ecdsa/ecs_asn1.c @@ -0,0 +1,137 @@ +/* $OpenBSD: ecs_asn1.c,v 1.9 2018/03/17 15:24:44 tb Exp $ */ +/* ==================================================================== + * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include "ecs_locl.h" +#include +#include + +static const ASN1_TEMPLATE ECDSA_SIG_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(ECDSA_SIG, r), + .field_name = "r", + .item = &CBIGNUM_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(ECDSA_SIG, s), + .field_name = "s", + .item = &CBIGNUM_it, + }, +}; + +const ASN1_ITEM ECDSA_SIG_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = ECDSA_SIG_seq_tt, + .tcount = sizeof(ECDSA_SIG_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(ECDSA_SIG), + .sname = "ECDSA_SIG", +}; + +ECDSA_SIG *ECDSA_SIG_new(void); +void ECDSA_SIG_free(ECDSA_SIG *a); +ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **a, const unsigned char **in, long len); +int i2d_ECDSA_SIG(const ECDSA_SIG *a, unsigned char **out); + +ECDSA_SIG * +d2i_ECDSA_SIG(ECDSA_SIG **a, const unsigned char **in, long len) +{ + return (ECDSA_SIG *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &ECDSA_SIG_it); +} + +int +i2d_ECDSA_SIG(const ECDSA_SIG *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &ECDSA_SIG_it); +} + +ECDSA_SIG * +ECDSA_SIG_new(void) +{ + return (ECDSA_SIG *)ASN1_item_new(&ECDSA_SIG_it); +} + +void +ECDSA_SIG_free(ECDSA_SIG *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &ECDSA_SIG_it); +} + +void +ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) +{ + if (pr != NULL) + *pr = sig->r; + if (ps != NULL) + *ps = sig->s; +} + +int +ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s) +{ + if (r == NULL || s == NULL) + return 0; + + BN_clear_free(sig->r); + BN_clear_free(sig->s); + sig->r = r; + sig->s = s; + return 1; +} diff --git a/src/lib/libcrypto/ecdsa/ecs_err.c b/src/lib/libcrypto/ecdsa/ecs_err.c new file mode 100644 index 00000000000..9c5a546746f --- /dev/null +++ b/src/lib/libcrypto/ecdsa/ecs_err.c @@ -0,0 +1,102 @@ +/* $OpenBSD: ecs_err.c,v 1.5 2017/01/29 17:49:23 beck Exp $ */ +/* ==================================================================== + * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ + +#include + +#include + +#include +#include + +/* BEGIN ERROR CODES */ +#ifndef OPENSSL_NO_ERR + +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ECDSA,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ECDSA,0,reason) + +static ERR_STRING_DATA ECDSA_str_functs[]= { + {ERR_FUNC(0xfff), "CRYPTO_internal"}, + {0, NULL} +}; + +static ERR_STRING_DATA ECDSA_str_reasons[]= { + {ERR_REASON(ECDSA_R_BAD_SIGNATURE) , "bad signature"}, + {ERR_REASON(ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE), "data too large for key size"}, + {ERR_REASON(ECDSA_R_ERR_EC_LIB) , "err ec lib"}, + {ERR_REASON(ECDSA_R_MISSING_PARAMETERS) , "missing parameters"}, + {ERR_REASON(ECDSA_R_NEED_NEW_SETUP_VALUES), "need new setup values"}, + {ERR_REASON(ECDSA_R_NON_FIPS_METHOD) , "non fips method"}, + {ERR_REASON(ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED), "random number generation failed"}, + {ERR_REASON(ECDSA_R_SIGNATURE_MALLOC_FAILED), "signature malloc failed"}, + {0, NULL} +}; + +#endif + +void +ERR_load_ECDSA_strings(void) +{ +#ifndef OPENSSL_NO_ERR + if (ERR_func_error_string(ECDSA_str_functs[0].error) == NULL) { + ERR_load_strings(0, ECDSA_str_functs); + ERR_load_strings(0, ECDSA_str_reasons); + } +#endif +} diff --git a/src/lib/libcrypto/ecdsa/ecs_lib.c b/src/lib/libcrypto/ecdsa/ecs_lib.c new file mode 100644 index 00000000000..c688a95f3b2 --- /dev/null +++ b/src/lib/libcrypto/ecdsa/ecs_lib.c @@ -0,0 +1,258 @@ +/* $OpenBSD: ecs_lib.c,v 1.13 2018/04/14 07:09:21 tb Exp $ */ +/* ==================================================================== + * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include + +#include + +#include "ecs_locl.h" +#ifndef OPENSSL_NO_ENGINE +#include +#endif +#include +#include + +static const ECDSA_METHOD *default_ECDSA_method = NULL; + +static void *ecdsa_data_new(void); +static void *ecdsa_data_dup(void *); +static void ecdsa_data_free(void *); + +void +ECDSA_set_default_method(const ECDSA_METHOD *meth) +{ + default_ECDSA_method = meth; +} + +const ECDSA_METHOD * +ECDSA_get_default_method(void) +{ + if (!default_ECDSA_method) { + default_ECDSA_method = ECDSA_OpenSSL(); + } + return default_ECDSA_method; +} + +int +ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth) +{ + ECDSA_DATA *ecdsa; + + ecdsa = ecdsa_check(eckey); + + if (ecdsa == NULL) + return 0; + +#ifndef OPENSSL_NO_ENGINE + ENGINE_finish(ecdsa->engine); + ecdsa->engine = NULL; +#endif + ecdsa->meth = meth; + + return 1; +} + +static ECDSA_DATA * +ECDSA_DATA_new_method(ENGINE *engine) +{ + ECDSA_DATA *ret; + + ret = malloc(sizeof(ECDSA_DATA)); + if (ret == NULL) { + ECDSAerror(ERR_R_MALLOC_FAILURE); + return (NULL); + } + + ret->init = NULL; + + ret->meth = ECDSA_get_default_method(); + ret->engine = engine; +#ifndef OPENSSL_NO_ENGINE + if (!ret->engine) + ret->engine = ENGINE_get_default_ECDSA(); + if (ret->engine) { + ret->meth = ENGINE_get_ECDSA(ret->engine); + if (ret->meth == NULL) { + ECDSAerror(ERR_R_ENGINE_LIB); + ENGINE_finish(ret->engine); + free(ret); + return NULL; + } + } +#endif + + ret->flags = ret->meth->flags; + CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ECDSA, ret, &ret->ex_data); + return (ret); +} + +static void * +ecdsa_data_new(void) +{ + return (void *)ECDSA_DATA_new_method(NULL); +} + +static void * +ecdsa_data_dup(void *data) +{ + ECDSA_DATA *r = (ECDSA_DATA *)data; + + /* XXX: dummy operation */ + if (r == NULL) + return NULL; + + return ecdsa_data_new(); +} + +static void +ecdsa_data_free(void *data) +{ + ECDSA_DATA *r = (ECDSA_DATA *)data; + +#ifndef OPENSSL_NO_ENGINE + ENGINE_finish(r->engine); +#endif + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDSA, r, &r->ex_data); + + freezero(r, sizeof(ECDSA_DATA)); +} + +ECDSA_DATA * +ecdsa_check(EC_KEY *key) +{ + ECDSA_DATA *ecdsa_data; + + void *data = EC_KEY_get_key_method_data(key, ecdsa_data_dup, + ecdsa_data_free, ecdsa_data_free); + if (data == NULL) { + ecdsa_data = (ECDSA_DATA *)ecdsa_data_new(); + if (ecdsa_data == NULL) + return NULL; + data = EC_KEY_insert_key_method_data(key, (void *)ecdsa_data, + ecdsa_data_dup, ecdsa_data_free, ecdsa_data_free); + if (data != NULL) { + /* Another thread raced us to install the key_method + * data and won. */ + ecdsa_data_free(ecdsa_data); + ecdsa_data = (ECDSA_DATA *)data; + } + } else + ecdsa_data = (ECDSA_DATA *)data; + + return ecdsa_data; +} + +int +ECDSA_size(const EC_KEY *r) +{ + int ret, i; + ASN1_INTEGER bs; + BIGNUM *order = NULL; + unsigned char buf[4]; + const EC_GROUP *group; + + if (r == NULL) + return 0; + group = EC_KEY_get0_group(r); + if (group == NULL) + return 0; + + if ((order = BN_new()) == NULL) + return 0; + if (!EC_GROUP_get_order(group, order, NULL)) { + BN_clear_free(order); + return 0; + } + i = BN_num_bits(order); + bs.length = (i + 7) / 8; + bs.data = buf; + bs.type = V_ASN1_INTEGER; + /* If the top bit is set the asn1 encoding is 1 larger. */ + buf[0] = 0xff; + + i = i2d_ASN1_INTEGER(&bs, NULL); + i += i; /* r and s */ + ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE); + BN_clear_free(order); + return (ret); +} + +int +ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) +{ + return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ECDSA, argl, argp, + new_func, dup_func, free_func); +} + +int +ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg) +{ + ECDSA_DATA *ecdsa; + ecdsa = ecdsa_check(d); + if (ecdsa == NULL) + return 0; + return (CRYPTO_set_ex_data(&ecdsa->ex_data, idx, arg)); +} + +void * +ECDSA_get_ex_data(EC_KEY *d, int idx) +{ + ECDSA_DATA *ecdsa; + ecdsa = ecdsa_check(d); + if (ecdsa == NULL) + return NULL; + return (CRYPTO_get_ex_data(&ecdsa->ex_data, idx)); +} diff --git a/src/lib/libcrypto/ecdsa/ecs_locl.h b/src/lib/libcrypto/ecdsa/ecs_locl.h new file mode 100644 index 00000000000..0a9f17908ba --- /dev/null +++ b/src/lib/libcrypto/ecdsa/ecs_locl.h @@ -0,0 +1,94 @@ +/* $OpenBSD: ecs_locl.h,v 1.6 2019/01/19 01:07:00 tb Exp $ */ +/* + * Written by Nils Larsch for the OpenSSL project + */ +/* ==================================================================== + * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_ECS_LOCL_H +#define HEADER_ECS_LOCL_H + +#include + +__BEGIN_HIDDEN_DECLS + +typedef struct ecdsa_data_st { + /* EC_KEY_METH_DATA part */ + int (*init)(EC_KEY *); + /* method (ECDSA) specific part */ + ENGINE *engine; + int flags; + const ECDSA_METHOD *meth; + CRYPTO_EX_DATA ex_data; +} ECDSA_DATA; + +/** ecdsa_check + * checks whether ECKEY->meth_data is a pointer to a ECDSA_DATA structure + * and if not it removes the old meth_data and creates a ECDSA_DATA structure. + * \param eckey pointer to a EC_KEY object + * \return pointer to a ECDSA_DATA structure + */ +ECDSA_DATA *ecdsa_check(EC_KEY *eckey); + +int ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, + BIGNUM **rp); +int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen, + unsigned char *sig, unsigned int *siglen, const BIGNUM *kinv, + const BIGNUM *r, EC_KEY *eckey); +ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, + const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey); + +__END_HIDDEN_DECLS + +#endif /* HEADER_ECS_LOCL_H */ diff --git a/src/lib/libcrypto/ecdsa/ecs_ossl.c b/src/lib/libcrypto/ecdsa/ecs_ossl.c new file mode 100644 index 00000000000..791a5c48e1f --- /dev/null +++ b/src/lib/libcrypto/ecdsa/ecs_ossl.c @@ -0,0 +1,566 @@ +/* $OpenBSD: ecs_ossl.c,v 1.18 2019/01/19 01:12:48 tb Exp $ */ +/* + * Written by Nils Larsch for the OpenSSL project + */ +/* ==================================================================== + * Copyright (c) 1998-2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include + +#include + +#include +#include +#include + +#include "bn_lcl.h" +#include "ecs_locl.h" + +static int ecdsa_prepare_digest(const unsigned char *dgst, int dgst_len, + BIGNUM *order, BIGNUM *ret); +static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, + const BIGNUM *, const BIGNUM *, EC_KEY *eckey); +static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, + BIGNUM **rp); +static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, + const ECDSA_SIG *sig, EC_KEY *eckey); + +static ECDSA_METHOD openssl_ecdsa_meth = { + .name = "OpenSSL ECDSA method", + .ecdsa_do_sign = ecdsa_do_sign, + .ecdsa_sign_setup = ecdsa_sign_setup, + .ecdsa_do_verify = ecdsa_do_verify +}; + +const ECDSA_METHOD * +ECDSA_OpenSSL(void) +{ + return &openssl_ecdsa_meth; +} + +static int +ecdsa_prepare_digest(const unsigned char *dgst, int dgst_len, BIGNUM *order, + BIGNUM *ret) +{ + int dgst_bits, order_bits; + + if (!BN_bin2bn(dgst, dgst_len, ret)) { + ECDSAerror(ERR_R_BN_LIB); + return 0; + } + + /* FIPS 186-3 6.4: Use order_bits leftmost bits if digest is too long */ + dgst_bits = 8 * dgst_len; + order_bits = BN_num_bits(order); + if (dgst_bits > order_bits) { + if (!BN_rshift(ret, ret, dgst_bits - order_bits)) { + ECDSAerror(ERR_R_BN_LIB); + return 0; + } + } + + return 1; +} + +int +ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, + unsigned int *siglen, const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey) +{ + ECDSA_SIG *s; + + if ((s = ECDSA_do_sign_ex(dgst, dlen, kinv, r, eckey)) == NULL) { + *siglen = 0; + return 0; + } + *siglen = i2d_ECDSA_SIG(s, &sig); + ECDSA_SIG_free(s); + return 1; +} + +static int +ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) +{ + BN_CTX *ctx = ctx_in; + BIGNUM *k = NULL, *r = NULL, *order = NULL, *X = NULL; + EC_POINT *point = NULL; + const EC_GROUP *group; + int order_bits, ret = 0; + + if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL) { + ECDSAerror(ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + if (ctx == NULL) { + if ((ctx = BN_CTX_new()) == NULL) { + ECDSAerror(ERR_R_MALLOC_FAILURE); + return 0; + } + } + + if ((k = BN_new()) == NULL || (r = BN_new()) == NULL || + (order = BN_new()) == NULL || (X = BN_new()) == NULL) { + ECDSAerror(ERR_R_MALLOC_FAILURE); + goto err; + } + if ((point = EC_POINT_new(group)) == NULL) { + ECDSAerror(ERR_R_EC_LIB); + goto err; + } + if (!EC_GROUP_get_order(group, order, ctx)) { + ECDSAerror(ERR_R_EC_LIB); + goto err; + } + + /* Preallocate space. */ + order_bits = BN_num_bits(order); + if (!BN_set_bit(k, order_bits) || + !BN_set_bit(r, order_bits) || + !BN_set_bit(X, order_bits)) + goto err; + + do { + do { + if (!BN_rand_range(k, order)) { + ECDSAerror( + ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED); + goto err; + } + } while (BN_is_zero(k)); + + /* + * We do not want timing information to leak the length of k, + * so we compute G * k using an equivalent scalar of fixed + * bit-length. + * + * We unconditionally perform both of these additions to prevent + * a small timing information leakage. We then choose the sum + * that is one bit longer than the order. This guarantees the + * code path used in the constant time implementations + * elsewhere. + * + * TODO: revisit the BN_copy aiming for a memory access agnostic + * conditional copy. + */ + if (!BN_add(r, k, order) || + !BN_add(X, r, order) || + !BN_copy(k, BN_num_bits(r) > order_bits ? r : X)) + goto err; + + BN_set_flags(k, BN_FLG_CONSTTIME); + + /* Compute r, the x-coordinate of G * k. */ + if (!EC_POINT_mul(group, point, k, NULL, NULL, ctx)) { + ECDSAerror(ERR_R_EC_LIB); + goto err; + } + if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == + NID_X9_62_prime_field) { + if (!EC_POINT_get_affine_coordinates_GFp(group, point, + X, NULL, ctx)) { + ECDSAerror(ERR_R_EC_LIB); + goto err; + } + } +#ifndef OPENSSL_NO_EC2M + else { /* NID_X9_62_characteristic_two_field */ + if (!EC_POINT_get_affine_coordinates_GF2m(group, point, + X, NULL, ctx)) { + ECDSAerror(ERR_R_EC_LIB); + goto err; + } + } +#endif + if (!BN_nnmod(r, X, order, ctx)) { + ECDSAerror(ERR_R_BN_LIB); + goto err; + } + } while (BN_is_zero(r)); + + if (!BN_mod_inverse_ct(k, k, order, ctx)) { + ECDSAerror(ERR_R_BN_LIB); + goto err; + } + BN_clear_free(*rp); + BN_clear_free(*kinvp); + *rp = r; + *kinvp = k; + ret = 1; + + err: + if (ret == 0) { + BN_clear_free(k); + BN_clear_free(r); + } + if (ctx_in == NULL) + BN_CTX_free(ctx); + BN_free(order); + EC_POINT_free(point); + BN_clear_free(X); + return (ret); +} + +/* replace w/ ecdsa_sign_setup() when ECDSA_METHOD gets removed */ +int +ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) +{ + ECDSA_DATA *ecdsa; + + if ((ecdsa = ecdsa_check(eckey)) == NULL) + return 0; + return ecdsa->meth->ecdsa_sign_setup(eckey, ctx_in, kinvp, rp); +} + +static ECDSA_SIG * +ecdsa_do_sign(const unsigned char *dgst, int dgst_len, + const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey) +{ + BIGNUM *b = NULL, *binv = NULL, *bm = NULL, *bxr = NULL; + BIGNUM *kinv = NULL, *m = NULL, *order = NULL, *range = NULL, *s; + const BIGNUM *ckinv, *priv_key; + BN_CTX *ctx = NULL; + const EC_GROUP *group; + ECDSA_SIG *ret; + ECDSA_DATA *ecdsa; + int ok = 0; + + ecdsa = ecdsa_check(eckey); + group = EC_KEY_get0_group(eckey); + priv_key = EC_KEY_get0_private_key(eckey); + + if (group == NULL || priv_key == NULL || ecdsa == NULL) { + ECDSAerror(ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } + + if ((ret = ECDSA_SIG_new()) == NULL) { + ECDSAerror(ERR_R_MALLOC_FAILURE); + return NULL; + } + s = ret->s; + + if ((ctx = BN_CTX_new()) == NULL || (order = BN_new()) == NULL || + (range = BN_new()) == NULL || (b = BN_new()) == NULL || + (binv = BN_new()) == NULL || (bm = BN_new()) == NULL || + (bxr = BN_new()) == NULL || (m = BN_new()) == NULL) { + ECDSAerror(ERR_R_MALLOC_FAILURE); + goto err; + } + + if (!EC_GROUP_get_order(group, order, ctx)) { + ECDSAerror(ERR_R_EC_LIB); + goto err; + } + + if (!ecdsa_prepare_digest(dgst, dgst_len, order, m)) + goto err; + + do { + if (in_kinv == NULL || in_r == NULL) { + if (!ECDSA_sign_setup(eckey, ctx, &kinv, &ret->r)) { + ECDSAerror(ERR_R_ECDSA_LIB); + goto err; + } + ckinv = kinv; + } else { + ckinv = in_kinv; + if (BN_copy(ret->r, in_r) == NULL) { + ECDSAerror(ERR_R_MALLOC_FAILURE); + goto err; + } + } + + /* + * Compute: + * + * s = inv(k)(m + xr) mod order + * + * In order to reduce the possibility of a side-channel attack, + * the following is calculated using a blinding value: + * + * s = inv(k)inv(b)(bm + bxr) mod order + * + * where b is a random value in the range [1, order-1]. + */ + + /* Generate b in range [1, order-1]. */ + if (!BN_sub(range, order, BN_value_one())) { + ECDSAerror(ERR_R_BN_LIB); + goto err; + } + if (!BN_rand_range(b, range)) { + ECDSAerror(ERR_R_BN_LIB); + goto err; + } + if (!BN_add(b, b, BN_value_one())) { + ECDSAerror(ERR_R_BN_LIB); + goto err; + } + + if (BN_mod_inverse_ct(binv, b, order, ctx) == NULL) { + ECDSAerror(ERR_R_BN_LIB); + goto err; + } + + if (!BN_mod_mul(bxr, b, priv_key, order, ctx)) { /* bx */ + ECDSAerror(ERR_R_BN_LIB); + goto err; + } + if (!BN_mod_mul(bxr, bxr, ret->r, order, ctx)) { /* bxr */ + ECDSAerror(ERR_R_BN_LIB); + goto err; + } + if (!BN_mod_mul(bm, b, m, order, ctx)) { /* bm */ + ECDSAerror(ERR_R_BN_LIB); + goto err; + } + if (!BN_mod_add(s, bm, bxr, order, ctx)) { /* s = bm + bxr */ + ECDSAerror(ERR_R_BN_LIB); + goto err; + } + if (!BN_mod_mul(s, s, binv, order, ctx)) { /* s = m + xr */ + ECDSAerror(ERR_R_BN_LIB); + goto err; + } + if (!BN_mod_mul(s, s, ckinv, order, ctx)) { + ECDSAerror(ERR_R_BN_LIB); + goto err; + } + + if (BN_is_zero(s)) { + /* + * If kinv and r have been supplied by the caller, + * don't generate new kinv and r values + */ + if (in_kinv != NULL && in_r != NULL) { + ECDSAerror(ECDSA_R_NEED_NEW_SETUP_VALUES); + goto err; + } + } else + /* s != 0 => we have a valid signature */ + break; + } while (1); + + ok = 1; + + err: + if (ok == 0) { + ECDSA_SIG_free(ret); + ret = NULL; + } + BN_CTX_free(ctx); + BN_clear_free(b); + BN_clear_free(binv); + BN_clear_free(bm); + BN_clear_free(bxr); + BN_clear_free(kinv); + BN_clear_free(m); + BN_free(order); + BN_free(range); + return ret; +} + +/* replace w/ ecdsa_do_sign() when ECDSA_METHOD gets removed */ +ECDSA_SIG * +ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len, + const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey) +{ + ECDSA_DATA *ecdsa; + + if ((ecdsa = ecdsa_check(eckey)) == NULL) + return NULL; + return ecdsa->meth->ecdsa_do_sign(dgst, dgst_len, in_kinv, in_r, eckey); +} + +int +ossl_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len, + const unsigned char *sigbuf, int sig_len, EC_KEY *eckey) +{ + ECDSA_SIG *s; + unsigned char *der = NULL; + const unsigned char *p = sigbuf; + int derlen = -1; + int ret = -1; + + if ((s = ECDSA_SIG_new()) == NULL) + return (ret); + if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL) + goto err; + /* Ensure signature uses DER and doesn't have trailing garbage */ + derlen = i2d_ECDSA_SIG(s, &der); + if (derlen != sig_len || memcmp(sigbuf, der, derlen)) + goto err; + ret = ECDSA_do_verify(dgst, dgst_len, s, eckey); + + err: + freezero(der, derlen); + ECDSA_SIG_free(s); + return (ret); +} + +static int +ecdsa_do_verify(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig, + EC_KEY *eckey) +{ + BN_CTX *ctx; + BIGNUM *order, *u1, *u2, *m, *X; + EC_POINT *point = NULL; + const EC_GROUP *group; + const EC_POINT *pub_key; + int ret = -1; + + if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL || + (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) { + ECDSAerror(ECDSA_R_MISSING_PARAMETERS); + return -1; + } + + if ((ctx = BN_CTX_new()) == NULL) { + ECDSAerror(ERR_R_MALLOC_FAILURE); + return -1; + } + BN_CTX_start(ctx); + order = BN_CTX_get(ctx); + u1 = BN_CTX_get(ctx); + u2 = BN_CTX_get(ctx); + m = BN_CTX_get(ctx); + X = BN_CTX_get(ctx); + if (X == NULL) { + ECDSAerror(ERR_R_BN_LIB); + goto err; + } + + if (!EC_GROUP_get_order(group, order, ctx)) { + ECDSAerror(ERR_R_EC_LIB); + goto err; + } + + /* Verify that r and s are in the range [1, order-1]. */ + if (BN_is_zero(sig->r) || BN_is_negative(sig->r) || + BN_ucmp(sig->r, order) >= 0 || + BN_is_zero(sig->s) || BN_is_negative(sig->s) || + BN_ucmp(sig->s, order) >= 0) { + ECDSAerror(ECDSA_R_BAD_SIGNATURE); + ret = 0; + goto err; + } + + if (!ecdsa_prepare_digest(dgst, dgst_len, order, m)) + goto err; + + if (!BN_mod_inverse_ct(u2, sig->s, order, ctx)) { /* w = inv(s) */ + ECDSAerror(ERR_R_BN_LIB); + goto err; + } + if (!BN_mod_mul(u1, m, u2, order, ctx)) { /* u1 = mw */ + ECDSAerror(ERR_R_BN_LIB); + goto err; + } + if (!BN_mod_mul(u2, sig->r, u2, order, ctx)) { /* u2 = rw */ + ECDSAerror(ERR_R_BN_LIB); + goto err; + } + + /* Compute the x-coordinate of G * u1 + pub_key * u2. */ + if ((point = EC_POINT_new(group)) == NULL) { + ECDSAerror(ERR_R_MALLOC_FAILURE); + goto err; + } + if (!EC_POINT_mul(group, point, u1, pub_key, u2, ctx)) { + ECDSAerror(ERR_R_EC_LIB); + goto err; + } + if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == + NID_X9_62_prime_field) { + if (!EC_POINT_get_affine_coordinates_GFp(group, point, X, NULL, + ctx)) { + ECDSAerror(ERR_R_EC_LIB); + goto err; + } + } +#ifndef OPENSSL_NO_EC2M + else { /* NID_X9_62_characteristic_two_field */ + if (!EC_POINT_get_affine_coordinates_GF2m(group, point, X, NULL, + ctx)) { + ECDSAerror(ERR_R_EC_LIB); + goto err; + } + } +#endif + if (!BN_nnmod(u1, X, order, ctx)) { + ECDSAerror(ERR_R_BN_LIB); + goto err; + } + + /* If the signature is correct, the x-coordinate is equal to sig->r. */ + ret = (BN_ucmp(u1, sig->r) == 0); + + err: + BN_CTX_end(ctx); + BN_CTX_free(ctx); + EC_POINT_free(point); + return ret; +} + +/* replace w/ ecdsa_do_verify() when ECDSA_METHOD gets removed */ +int +ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len, + const ECDSA_SIG *sig, EC_KEY *eckey) +{ + ECDSA_DATA *ecdsa; + + if ((ecdsa = ecdsa_check(eckey)) == NULL) + return 0; + return ecdsa->meth->ecdsa_do_verify(dgst, dgst_len, sig, eckey); +} diff --git a/src/lib/libcrypto/ecdsa/ecs_sign.c b/src/lib/libcrypto/ecdsa/ecs_sign.c new file mode 100644 index 00000000000..5beb853b94a --- /dev/null +++ b/src/lib/libcrypto/ecdsa/ecs_sign.c @@ -0,0 +1,105 @@ +/* $OpenBSD: ecs_sign.c,v 1.7 2019/01/19 01:07:00 tb Exp $ */ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include + +#ifndef OPENSSL_NO_ENGINE +#include +#endif + +#include "ecs_locl.h" +#include "ec_lcl.h" + +ECDSA_SIG * +ECDSA_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey) +{ + return ECDSA_do_sign_ex(dgst, dlen, NULL, NULL, eckey); +} + +ECDSA_SIG * +ECDSA_do_sign_ex(const unsigned char *dgst, int dlen, const BIGNUM *kinv, + const BIGNUM *rp, EC_KEY *eckey) +{ + if (eckey->meth->sign_sig != NULL) + return eckey->meth->sign_sig(dgst, dlen, kinv, rp, eckey); + ECDSAerror(EVP_R_METHOD_NOT_SUPPORTED); + return 0; +} + +int +ECDSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, + unsigned int *siglen, EC_KEY *eckey) +{ + return ECDSA_sign_ex(type, dgst, dlen, sig, siglen, NULL, NULL, eckey); +} + +int +ECDSA_sign_ex(int type, const unsigned char *dgst, int dlen, unsigned char *sig, + unsigned int *siglen, const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey) +{ + if (eckey->meth->sign != NULL) + return eckey->meth->sign(type, dgst, dlen, sig, siglen, kinv, r, eckey); + ECDSAerror(EVP_R_METHOD_NOT_SUPPORTED); + return 0; +} + +int +ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) +{ + if (eckey->meth->sign_setup != NULL) + return eckey->meth->sign_setup(eckey, ctx_in, kinvp, rp); + ECDSAerror(EVP_R_METHOD_NOT_SUPPORTED); + return 0; +} diff --git a/src/lib/libcrypto/ecdsa/ecs_vrf.c b/src/lib/libcrypto/ecdsa/ecs_vrf.c new file mode 100644 index 00000000000..4c1bc85e068 --- /dev/null +++ b/src/lib/libcrypto/ecdsa/ecs_vrf.c @@ -0,0 +1,96 @@ +/* $OpenBSD: ecs_vrf.c,v 1.7 2019/01/19 01:12:48 tb Exp $ */ +/* + * Written by Nils Larsch for the OpenSSL project + */ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include + +#include "ecs_locl.h" +#include "ec_lcl.h" +#ifndef OPENSSL_NO_ENGINE +#include +#endif + +/* returns + * 1: correct signature + * 0: incorrect signature + * -1: error + */ +int +ECDSA_do_verify(const unsigned char *dgst, int dgst_len, const ECDSA_SIG *sig, + EC_KEY *eckey) +{ + if (eckey->meth->verify_sig != NULL) + return eckey->meth->verify_sig(dgst, dgst_len, sig, eckey); + ECDSAerror(EVP_R_METHOD_NOT_SUPPORTED); + return 0; +} + +/* returns + * 1: correct signature + * 0: incorrect signature + * -1: error + */ +int +ECDSA_verify(int type, const unsigned char *dgst, int dgst_len, + const unsigned char *sigbuf, int sig_len, EC_KEY *eckey) +{ + if (eckey->meth->verify != NULL) + return eckey->meth->verify(type, dgst, dgst_len, + sigbuf, sig_len, eckey); + ECDSAerror(EVP_R_METHOD_NOT_SUPPORTED); + return 0; +} diff --git a/src/lib/libcrypto/engine/Makefile.ssl b/src/lib/libcrypto/engine/Makefile.ssl deleted file mode 100644 index 8ee3b7d2dd0..00000000000 --- a/src/lib/libcrypto/engine/Makefile.ssl +++ /dev/null @@ -1,453 +0,0 @@ -# -# OpenSSL/crypto/engine/Makefile -# - -DIR= engine -TOP= ../.. -CC= cc -INCLUDES= -I.. -I$(TOP) -I../../include -CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKE= make -f Makefile.ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) -MAKEFILE= Makefile.ssl -AR= ar r - -CFLAGS= $(INCLUDES) $(CFLAG) - -GENERAL=Makefile -TEST= enginetest.c -APPS= - -LIB=$(TOP)/libcrypto.a -LIBSRC= eng_err.c eng_lib.c eng_list.c eng_init.c eng_ctrl.c \ - eng_table.c eng_pkey.c eng_fat.c eng_all.c \ - tb_rsa.c tb_dsa.c tb_dh.c tb_rand.c tb_cipher.c tb_digest.c \ - eng_openssl.c eng_dyn.c eng_cnf.c \ - hw_atalla.c hw_cswift.c hw_ncipher.c hw_nuron.c hw_ubsec.c \ - hw_cryptodev.c hw_aep.c hw_sureware.c hw_4758_cca.c -LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \ - eng_table.o eng_pkey.o eng_fat.o eng_all.o \ - tb_rsa.o tb_dsa.o tb_dh.o tb_rand.o tb_cipher.o tb_digest.o \ - eng_openssl.o eng_dyn.o eng_cnf.o \ - hw_atalla.o hw_cswift.o hw_ncipher.o hw_nuron.o hw_ubsec.o \ - hw_cryptodev.o hw_aep.o hw_sureware.o hw_4758_cca.o - -SRC= $(LIBSRC) - -EXHEADER= engine.h -HEADER= $(EXHEADER) - -ALL= $(GENERAL) $(SRC) $(HEADER) - -top: - (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) - -all: lib - -lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) - @touch lib - -files: - $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO - -links: - @sh $(TOP)/util/point.sh Makefile.ssl Makefile - @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) - @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) - @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) - -install: - @for i in $(EXHEADER) ; \ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; - -tags: - ctags $(SRC) - -errors: - $(PERL) $(TOP)/util/mkerr.pl -conf hw.ec \ - -nostatic -staticloader -write hw_*.c - -tests: - -lint: - lint -DLINT $(INCLUDES) $(SRC)>fluff - -depend: - $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) - -dclean: - $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new - mv -f Makefile.new $(MAKEFILE) - -clean: - rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff - -# DO NOT DELETE THIS LINE -- make depend depends on it. - -eng_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -eng_all.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -eng_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -eng_all.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -eng_all.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -eng_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -eng_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -eng_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -eng_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -eng_all.o: ../../include/openssl/ui.h eng_all.c eng_int.h -eng_cnf.o: ../../e_os.h ../../include/openssl/asn1.h -eng_cnf.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -eng_cnf.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h -eng_cnf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -eng_cnf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -eng_cnf.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_cnf.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -eng_cnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_cnf.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -eng_cnf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -eng_cnf.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -eng_cnf.o: ../cryptlib.h eng_cnf.c -eng_ctrl.o: ../../e_os.h ../../include/openssl/asn1.h -eng_ctrl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -eng_ctrl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -eng_ctrl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -eng_ctrl.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -eng_ctrl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -eng_ctrl.o: ../../include/openssl/opensslconf.h -eng_ctrl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_ctrl.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -eng_ctrl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -eng_ctrl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -eng_ctrl.o: ../cryptlib.h eng_ctrl.c eng_int.h -eng_dyn.o: ../../e_os.h ../../include/openssl/asn1.h -eng_dyn.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -eng_dyn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -eng_dyn.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -eng_dyn.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h -eng_dyn.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_dyn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -eng_dyn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_dyn.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -eng_dyn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -eng_dyn.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -eng_dyn.o: ../cryptlib.h eng_dyn.c eng_int.h -eng_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -eng_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -eng_err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -eng_err.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -eng_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -eng_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -eng_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -eng_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -eng_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -eng_err.o: ../../include/openssl/ui.h eng_err.c -eng_fat.o: ../../e_os.h ../../include/openssl/asn1.h -eng_fat.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -eng_fat.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h -eng_fat.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -eng_fat.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -eng_fat.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_fat.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -eng_fat.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_fat.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -eng_fat.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -eng_fat.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -eng_fat.o: ../cryptlib.h eng_fat.c eng_int.h -eng_init.o: ../../e_os.h ../../include/openssl/asn1.h -eng_init.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -eng_init.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -eng_init.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -eng_init.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -eng_init.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -eng_init.o: ../../include/openssl/opensslconf.h -eng_init.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_init.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -eng_init.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -eng_init.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -eng_init.o: ../cryptlib.h eng_init.c eng_int.h -eng_lib.o: ../../e_os.h ../../include/openssl/asn1.h -eng_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -eng_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -eng_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -eng_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -eng_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -eng_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -eng_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -eng_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -eng_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -eng_lib.o: ../../include/openssl/ui.h ../cryptlib.h eng_int.h eng_lib.c -eng_list.o: ../../e_os.h ../../include/openssl/asn1.h -eng_list.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -eng_list.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -eng_list.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -eng_list.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -eng_list.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -eng_list.o: ../../include/openssl/opensslconf.h -eng_list.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_list.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -eng_list.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -eng_list.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -eng_list.o: ../cryptlib.h eng_int.h eng_list.c -eng_openssl.o: ../../e_os.h ../../include/openssl/asn1.h -eng_openssl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -eng_openssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -eng_openssl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -eng_openssl.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h -eng_openssl.o: ../../include/openssl/engine.h ../../include/openssl/err.h -eng_openssl.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -eng_openssl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -eng_openssl.o: ../../include/openssl/opensslconf.h -eng_openssl.o: ../../include/openssl/opensslv.h -eng_openssl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h -eng_openssl.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h -eng_openssl.o: ../../include/openssl/rand.h ../../include/openssl/rc4.h -eng_openssl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -eng_openssl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -eng_openssl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -eng_openssl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -eng_openssl.o: ../cryptlib.h eng_openssl.c -eng_pkey.o: ../../e_os.h ../../include/openssl/asn1.h -eng_pkey.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -eng_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -eng_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -eng_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -eng_pkey.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -eng_pkey.o: ../../include/openssl/opensslconf.h -eng_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_pkey.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -eng_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -eng_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -eng_pkey.o: ../cryptlib.h eng_int.h eng_pkey.c -eng_table.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -eng_table.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -eng_table.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -eng_table.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -eng_table.o: ../../include/openssl/err.h ../../include/openssl/evp.h -eng_table.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -eng_table.o: ../../include/openssl/objects.h -eng_table.o: ../../include/openssl/opensslconf.h -eng_table.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_table.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -eng_table.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -eng_table.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -eng_table.o: eng_int.h eng_table.c -hw_4758_cca.o: ../../e_os.h ../../include/openssl/asn1.h -hw_4758_cca.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -hw_4758_cca.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -hw_4758_cca.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -hw_4758_cca.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h -hw_4758_cca.o: ../../include/openssl/engine.h ../../include/openssl/err.h -hw_4758_cca.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -hw_4758_cca.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -hw_4758_cca.o: ../../include/openssl/opensslconf.h -hw_4758_cca.o: ../../include/openssl/opensslv.h -hw_4758_cca.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -hw_4758_cca.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -hw_4758_cca.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -hw_4758_cca.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -hw_4758_cca.o: ../../include/openssl/ui.h ../../include/openssl/x509.h -hw_4758_cca.o: ../../include/openssl/x509_vfy.h ../cryptlib.h hw_4758_cca.c -hw_4758_cca.o: hw_4758_cca_err.c hw_4758_cca_err.h vendor_defns/hw_4758_cca.h -hw_aep.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -hw_aep.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -hw_aep.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -hw_aep.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h -hw_aep.o: ../../include/openssl/engine.h ../../include/openssl/err.h -hw_aep.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -hw_aep.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -hw_aep.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -hw_aep.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -hw_aep.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h hw_aep.c -hw_aep.o: hw_aep_err.c hw_aep_err.h vendor_defns/aep.h -hw_atalla.o: ../../e_os.h ../../include/openssl/asn1.h -hw_atalla.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -hw_atalla.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -hw_atalla.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -hw_atalla.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h -hw_atalla.o: ../../include/openssl/engine.h ../../include/openssl/err.h -hw_atalla.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -hw_atalla.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -hw_atalla.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -hw_atalla.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -hw_atalla.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -hw_atalla.o: ../cryptlib.h hw_atalla.c hw_atalla_err.c hw_atalla_err.h -hw_atalla.o: vendor_defns/atalla.h -hw_cswift.o: ../../e_os.h ../../include/openssl/asn1.h -hw_cswift.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -hw_cswift.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -hw_cswift.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -hw_cswift.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h -hw_cswift.o: ../../include/openssl/engine.h ../../include/openssl/err.h -hw_cswift.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -hw_cswift.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -hw_cswift.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -hw_cswift.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -hw_cswift.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -hw_cswift.o: ../cryptlib.h hw_cswift.c hw_cswift_err.c hw_cswift_err.h -hw_cswift.o: vendor_defns/cswift.h -hw_ncipher.o: ../../e_os.h ../../include/openssl/asn1.h -hw_ncipher.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -hw_ncipher.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -hw_ncipher.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -hw_ncipher.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h -hw_ncipher.o: ../../include/openssl/engine.h ../../include/openssl/err.h -hw_ncipher.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -hw_ncipher.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -hw_ncipher.o: ../../include/openssl/opensslconf.h -hw_ncipher.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -hw_ncipher.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h -hw_ncipher.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -hw_ncipher.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -hw_ncipher.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -hw_ncipher.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -hw_ncipher.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -hw_ncipher.o: ../cryptlib.h hw_ncipher.c hw_ncipher_err.c hw_ncipher_err.h -hw_ncipher.o: vendor_defns/hwcryptohook.h -hw_nuron.o: ../../e_os.h ../../include/openssl/asn1.h -hw_nuron.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -hw_nuron.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -hw_nuron.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -hw_nuron.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h -hw_nuron.o: ../../include/openssl/engine.h ../../include/openssl/err.h -hw_nuron.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -hw_nuron.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -hw_nuron.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -hw_nuron.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -hw_nuron.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -hw_nuron.o: ../cryptlib.h hw_nuron.c hw_nuron_err.c hw_nuron_err.h -hw_cryptodev.o: ../../include/openssl/asn1.h -hw_cryptodev.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -hw_cryptodev.o: ../../include/openssl/conf.h -hw_cryptodev.o: ../../include/openssl/crypto.h -hw_cryptodev.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -hw_cryptodev.o: ../../include/openssl/e_os2.h -hw_cryptodev.o: ../../include/openssl/engine.h -hw_cryptodev.o: ../../include/openssl/err.h -hw_cryptodev.o: ../../include/openssl/evp.h -hw_cryptodev.o: ../../include/openssl/lhash.h -hw_cryptodev.o: ../../include/openssl/obj_mac.h -hw_cryptodev.o: ../../include/openssl/objects.h -hw_cryptodev.o: ../../include/openssl/opensslconf.h -hw_cryptodev.o: ../../include/openssl/opensslv.h -hw_cryptodev.o: ../../include/openssl/ossl_typ.h -hw_cryptodev.o: ../../include/openssl/rand.h -hw_cryptodev.o: ../../include/openssl/rsa.h -hw_cryptodev.o: ../../include/openssl/safestack.h -hw_cryptodev.o: ../../include/openssl/stack.h -hw_cryptodev.o: ../../include/openssl/symhacks.h -hw_cryptodev.o: ../../include/openssl/ui.h ../evp/evp_locl.h eng_int.h -hw_cryptodev.o: hw_cryptodev.c -hw_sureware.o: ../../e_os.h ../../include/openssl/asn1.h -hw_sureware.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -hw_sureware.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -hw_sureware.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -hw_sureware.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h -hw_sureware.o: ../../include/openssl/engine.h ../../include/openssl/err.h -hw_sureware.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -hw_sureware.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -hw_sureware.o: ../../include/openssl/opensslconf.h -hw_sureware.o: ../../include/openssl/opensslv.h -hw_sureware.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h -hw_sureware.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h -hw_sureware.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -hw_sureware.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -hw_sureware.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -hw_sureware.o: ../../include/openssl/ui.h ../../include/openssl/x509.h -hw_sureware.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h -hw_sureware.o: engine.h hw_sureware.c hw_sureware_err.c hw_sureware_err.h -hw_sureware.o: vendor_defns/sureware.h -hw_ubsec.o: ../../e_os.h ../../include/openssl/asn1.h -hw_ubsec.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -hw_ubsec.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -hw_ubsec.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -hw_ubsec.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h -hw_ubsec.o: ../../include/openssl/engine.h ../../include/openssl/err.h -hw_ubsec.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -hw_ubsec.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -hw_ubsec.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -hw_ubsec.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -hw_ubsec.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -hw_ubsec.o: ../cryptlib.h hw_ubsec.c hw_ubsec_err.c hw_ubsec_err.h -hw_ubsec.o: vendor_defns/hw_ubsec.h -tb_cipher.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -tb_cipher.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -tb_cipher.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -tb_cipher.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -tb_cipher.o: ../../include/openssl/err.h ../../include/openssl/evp.h -tb_cipher.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -tb_cipher.o: ../../include/openssl/objects.h -tb_cipher.o: ../../include/openssl/opensslconf.h -tb_cipher.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -tb_cipher.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -tb_cipher.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -tb_cipher.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -tb_cipher.o: eng_int.h tb_cipher.c -tb_dh.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -tb_dh.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -tb_dh.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -tb_dh.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -tb_dh.o: ../../include/openssl/err.h ../../include/openssl/evp.h -tb_dh.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -tb_dh.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -tb_dh.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -tb_dh.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -tb_dh.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -tb_dh.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h eng_int.h -tb_dh.o: tb_dh.c -tb_digest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -tb_digest.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -tb_digest.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -tb_digest.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -tb_digest.o: ../../include/openssl/err.h ../../include/openssl/evp.h -tb_digest.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -tb_digest.o: ../../include/openssl/objects.h -tb_digest.o: ../../include/openssl/opensslconf.h -tb_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -tb_digest.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -tb_digest.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -tb_digest.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -tb_digest.o: eng_int.h tb_digest.c -tb_dsa.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -tb_dsa.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -tb_dsa.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -tb_dsa.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -tb_dsa.o: ../../include/openssl/err.h ../../include/openssl/evp.h -tb_dsa.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -tb_dsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -tb_dsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -tb_dsa.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -tb_dsa.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -tb_dsa.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h eng_int.h -tb_dsa.o: tb_dsa.c -tb_rand.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -tb_rand.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -tb_rand.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -tb_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -tb_rand.o: ../../include/openssl/err.h ../../include/openssl/evp.h -tb_rand.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -tb_rand.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -tb_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -tb_rand.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -tb_rand.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -tb_rand.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -tb_rand.o: eng_int.h tb_rand.c -tb_rsa.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -tb_rsa.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -tb_rsa.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -tb_rsa.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -tb_rsa.o: ../../include/openssl/err.h ../../include/openssl/evp.h -tb_rsa.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -tb_rsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -tb_rsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -tb_rsa.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -tb_rsa.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -tb_rsa.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h eng_int.h -tb_rsa.o: tb_rsa.c diff --git a/src/lib/libcrypto/engine/eng_aesni.c b/src/lib/libcrypto/engine/eng_aesni.c new file mode 100644 index 00000000000..586f74792ac --- /dev/null +++ b/src/lib/libcrypto/engine/eng_aesni.c @@ -0,0 +1,562 @@ +/* $OpenBSD: eng_aesni.c,v 1.11 2018/04/14 07:18:37 tb Exp $ */ +/* + * Support for Intel AES-NI intruction set + * Author: Huang Ying + * + * Intel AES-NI is a new set of Single Instruction Multiple Data + * (SIMD) instructions that are going to be introduced in the next + * generation of Intel processor, as of 2009. These instructions + * enable fast and secure data encryption and decryption, using the + * Advanced Encryption Standard (AES), defined by FIPS Publication + * number 197. The architecture introduces six instructions that + * offer full hardware support for AES. Four of them support high + * performance data encryption and decryption, and the other two + * instructions support the AES key expansion procedure. + * + * The white paper can be downloaded from: + * http://softwarecommunity.intel.com/isn/downloads/intelavx/AES-Instructions-Set_WP.pdf + * + * This file is based on engines/e_padlock.c + */ + +/* ==================================================================== + * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include + +#include + +#if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_AES_NI) && !defined(OPENSSL_NO_AES) + +#include +#include +#include +#include +#include + +/* AES-NI is available *ONLY* on some x86 CPUs. Not only that it + doesn't exist elsewhere, but it even can't be compiled on other + platforms! */ +#undef COMPILE_HW_AESNI +#if (defined(__x86_64) || defined(__x86_64__) || \ + defined(_M_AMD64) || defined(_M_X64) || \ + defined(OPENSSL_IA32_SSE2)) && !defined(OPENSSL_NO_ASM) && !defined(__i386__) +#define COMPILE_HW_AESNI +#include "x86_arch.h" +#endif +static ENGINE *ENGINE_aesni(void); + +void ENGINE_load_aesni(void) +{ +/* On non-x86 CPUs it just returns. */ +#ifdef COMPILE_HW_AESNI + ENGINE *toadd = ENGINE_aesni(); + if (toadd == NULL) + return; + ENGINE_add(toadd); + ENGINE_register_complete(toadd); + ENGINE_free(toadd); + ERR_clear_error(); +#endif +} + +#ifdef COMPILE_HW_AESNI +int aesni_set_encrypt_key(const unsigned char *userKey, int bits, + AES_KEY *key); +int aesni_set_decrypt_key(const unsigned char *userKey, int bits, + AES_KEY *key); + +void aesni_encrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); +void aesni_decrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); + +void aesni_ecb_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, int enc); +void aesni_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, unsigned char *ivec, int enc); + +/* Function for ENGINE detection and control */ +static int aesni_init(ENGINE *e); + +/* Cipher Stuff */ +static int aesni_ciphers(ENGINE *e, const EVP_CIPHER **cipher, + const int **nids, int nid); + +#define AESNI_MIN_ALIGN 16 +#define AESNI_ALIGN(x) \ + ((void *)(((unsigned long)(x)+AESNI_MIN_ALIGN-1)&~(AESNI_MIN_ALIGN-1))) + +/* Engine names */ +static const char aesni_id[] = "aesni", + aesni_name[] = "Intel AES-NI engine", + no_aesni_name[] = "Intel AES-NI engine (no-aesni)"; + + +/* The input and output encrypted as though 128bit cfb mode is being + * used. The extra state information to record how much of the + * 128bit block we have used is contained in *num; + */ +static void +aesni_cfb128_encrypt(const unsigned char *in, unsigned char *out, + unsigned int len, const void *key, unsigned char ivec[16], int *num, + int enc) +{ + unsigned int n; + size_t l = 0; + + n = *num; + + if (enc) { +#if !defined(OPENSSL_SMALL_FOOTPRINT) + if (16%sizeof(size_t) == 0) do { /* always true actually */ + while (n && len) { + *(out++) = ivec[n] ^= *(in++); + --len; + n = (n + 1) % 16; + } + while (len >= 16) { + aesni_encrypt(ivec, ivec, key); + for (n = 0; n < 16; n += sizeof(size_t)) { + *(size_t*)(out + n) = + *(size_t*)(ivec + n) ^= *(size_t*)(in + n); + } + len -= 16; + out += 16; + in += 16; + } + n = 0; + if (len) { + aesni_encrypt(ivec, ivec, key); + while (len--) { + out[n] = ivec[n] ^= in[n]; + ++n; + } + } + *num = n; + return; + } while (0); + /* the rest would be commonly eliminated by x86* compiler */ +#endif + while (l < len) { + if (n == 0) { + aesni_encrypt(ivec, ivec, key); + } + out[l] = ivec[n] ^= in[l]; + ++l; + n = (n + 1) % 16; + } + *num = n; + } else { +#if !defined(OPENSSL_SMALL_FOOTPRINT) + if (16%sizeof(size_t) == 0) do { /* always true actually */ + while (n && len) { + unsigned char c; + *(out++) = ivec[n] ^ (c = *(in++)); + ivec[n] = c; + --len; + n = (n + 1) % 16; + } + while (len >= 16) { + aesni_encrypt(ivec, ivec, key); + for (n = 0; n < 16; n += sizeof(size_t)) { + size_t t = *(size_t*)(in + n); + *(size_t*)(out + n) = *(size_t*)(ivec + n) ^ t; + *(size_t*)(ivec + n) = t; + } + len -= 16; + out += 16; + in += 16; + } + n = 0; + if (len) { + aesni_encrypt(ivec, ivec, key); + while (len--) { + unsigned char c; + out[n] = ivec[n] ^ (c = in[n]); + ivec[n] = c; + ++n; + } + } + *num = n; + return; + } while (0); + /* the rest would be commonly eliminated by x86* compiler */ +#endif + while (l < len) { + unsigned char c; + if (n == 0) { + aesni_encrypt(ivec, ivec, key); + } + out[l] = ivec[n] ^ (c = in[l]); + ivec[n] = c; + ++l; + n = (n + 1) % 16; + } + *num = n; + } +} + +/* The input and output encrypted as though 128bit ofb mode is being + * used. The extra state information to record how much of the + * 128bit block we have used is contained in *num; + */ +static void +aesni_ofb128_encrypt(const unsigned char *in, unsigned char *out, + unsigned int len, const void *key, unsigned char ivec[16], int *num) +{ + unsigned int n; + size_t l = 0; + + n = *num; + +#if !defined(OPENSSL_SMALL_FOOTPRINT) + if (16%sizeof(size_t) == 0) do { /* always true actually */ + while (n && len) { + *(out++) = *(in++) ^ ivec[n]; + --len; + n = (n + 1) % 16; + } + while (len >= 16) { + aesni_encrypt(ivec, ivec, key); + for (n = 0; n < 16; n += sizeof(size_t)) + *(size_t*)(out + n) = + *(size_t*)(in + n) ^ *(size_t*)(ivec + n); + len -= 16; + out += 16; + in += 16; + } + n = 0; + if (len) { + aesni_encrypt(ivec, ivec, key); + while (len--) { + out[n] = in[n] ^ ivec[n]; + ++n; + } + } + *num = n; + return; + } while (0); + /* the rest would be commonly eliminated by x86* compiler */ +#endif + while (l < len) { + if (n == 0) { + aesni_encrypt(ivec, ivec, key); + } + out[l] = in[l] ^ ivec[n]; + ++l; + n = (n + 1) % 16; + } + + *num = n; +} +/* ===== Engine "management" functions ===== */ + +/* Prepare the ENGINE structure for registration */ +static int +aesni_bind_helper(ENGINE *e) +{ + int engage; + + engage = (OPENSSL_cpu_caps() & CPUCAP_MASK_AESNI) != 0; + + /* Register everything or return with an error */ + if (!ENGINE_set_id(e, aesni_id) || + !ENGINE_set_name(e, engage ? aesni_name : no_aesni_name) || + !ENGINE_set_init_function(e, aesni_init) || + (engage && !ENGINE_set_ciphers (e, aesni_ciphers))) + return 0; + + /* Everything looks good */ + return 1; +} + +/* Constructor */ +static ENGINE * +ENGINE_aesni(void) +{ + ENGINE *eng = ENGINE_new(); + + if (!eng) { + return NULL; + } + + if (!aesni_bind_helper(eng)) { + ENGINE_free(eng); + return NULL; + } + + return eng; +} + +/* Check availability of the engine */ +static int +aesni_init(ENGINE *e) +{ + return 1; +} + +#if defined(NID_aes_128_cfb128) && ! defined (NID_aes_128_cfb) +#define NID_aes_128_cfb NID_aes_128_cfb128 +#endif + +#if defined(NID_aes_128_ofb128) && ! defined (NID_aes_128_ofb) +#define NID_aes_128_ofb NID_aes_128_ofb128 +#endif + +#if defined(NID_aes_192_cfb128) && ! defined (NID_aes_192_cfb) +#define NID_aes_192_cfb NID_aes_192_cfb128 +#endif + +#if defined(NID_aes_192_ofb128) && ! defined (NID_aes_192_ofb) +#define NID_aes_192_ofb NID_aes_192_ofb128 +#endif + +#if defined(NID_aes_256_cfb128) && ! defined (NID_aes_256_cfb) +#define NID_aes_256_cfb NID_aes_256_cfb128 +#endif + +#if defined(NID_aes_256_ofb128) && ! defined (NID_aes_256_ofb) +#define NID_aes_256_ofb NID_aes_256_ofb128 +#endif + +/* List of supported ciphers. */ +static int aesni_cipher_nids[] = { + NID_aes_128_ecb, + NID_aes_128_cbc, + NID_aes_128_cfb, + NID_aes_128_ofb, + + NID_aes_192_ecb, + NID_aes_192_cbc, + NID_aes_192_cfb, + NID_aes_192_ofb, + + NID_aes_256_ecb, + NID_aes_256_cbc, + NID_aes_256_cfb, + NID_aes_256_ofb, +}; +static int aesni_cipher_nids_num = + (sizeof(aesni_cipher_nids) / sizeof(aesni_cipher_nids[0])); + +typedef struct { + AES_KEY ks; + unsigned int _pad1[3]; +} AESNI_KEY; + +static int +aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *user_key, + const unsigned char *iv, int enc) +{ + int ret; + AES_KEY *key = AESNI_ALIGN(ctx->cipher_data); + + if ((ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_CFB_MODE || + (ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_OFB_MODE || + enc) + ret = aesni_set_encrypt_key(user_key, ctx->key_len * 8, key); + else + ret = aesni_set_decrypt_key(user_key, ctx->key_len * 8, key); + + if (ret < 0) { + EVPerror(EVP_R_AES_KEY_SETUP_FAILED); + return 0; + } + + return 1; +} + +static int +aesni_cipher_ecb(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl) +{ + AES_KEY *key = AESNI_ALIGN(ctx->cipher_data); + + aesni_ecb_encrypt(in, out, inl, key, ctx->encrypt); + return 1; +} + +static int +aesni_cipher_cbc(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl) +{ + AES_KEY *key = AESNI_ALIGN(ctx->cipher_data); + + aesni_cbc_encrypt(in, out, inl, key, ctx->iv, ctx->encrypt); + return 1; +} + +static int +aesni_cipher_cfb(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl) +{ + AES_KEY *key = AESNI_ALIGN(ctx->cipher_data); + + aesni_cfb128_encrypt(in, out, inl, key, ctx->iv, &ctx->num, + ctx->encrypt); + return 1; +} + +static int +aesni_cipher_ofb(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl) +{ + AES_KEY *key = AESNI_ALIGN(ctx->cipher_data); + + aesni_ofb128_encrypt(in, out, inl, key, ctx->iv, &ctx->num); + return 1; +} + +#define AES_BLOCK_SIZE 16 + +#define EVP_CIPHER_block_size_ECB AES_BLOCK_SIZE +#define EVP_CIPHER_block_size_CBC AES_BLOCK_SIZE +#define EVP_CIPHER_block_size_OFB 1 +#define EVP_CIPHER_block_size_CFB 1 + +/* Declaring so many ciphers by hand would be a pain. + Instead introduce a bit of preprocessor magic :-) */ +#define DECLARE_AES_EVP(ksize,lmode,umode) \ +static const EVP_CIPHER aesni_##ksize##_##lmode = { \ + NID_aes_##ksize##_##lmode, \ + EVP_CIPHER_block_size_##umode, \ + ksize / 8, \ + AES_BLOCK_SIZE, \ + 0 | EVP_CIPH_##umode##_MODE, \ + aesni_init_key, \ + aesni_cipher_##lmode, \ + NULL, \ + sizeof(AESNI_KEY), \ + EVP_CIPHER_set_asn1_iv, \ + EVP_CIPHER_get_asn1_iv, \ + NULL, \ + NULL \ +} + +DECLARE_AES_EVP(128, ecb, ECB); +DECLARE_AES_EVP(128, cbc, CBC); +DECLARE_AES_EVP(128, cfb, CFB); +DECLARE_AES_EVP(128, ofb, OFB); + +DECLARE_AES_EVP(192, ecb, ECB); +DECLARE_AES_EVP(192, cbc, CBC); +DECLARE_AES_EVP(192, cfb, CFB); +DECLARE_AES_EVP(192, ofb, OFB); + +DECLARE_AES_EVP(256, ecb, ECB); +DECLARE_AES_EVP(256, cbc, CBC); +DECLARE_AES_EVP(256, cfb, CFB); +DECLARE_AES_EVP(256, ofb, OFB); + +static int +aesni_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid) +{ + /* No specific cipher => return a list of supported nids ... */ + if (!cipher) { + *nids = aesni_cipher_nids; + return aesni_cipher_nids_num; + } + + /* ... or the requested "cipher" otherwise */ + switch (nid) { + case NID_aes_128_ecb: + *cipher = &aesni_128_ecb; + break; + case NID_aes_128_cbc: + *cipher = &aesni_128_cbc; + break; + case NID_aes_128_cfb: + *cipher = &aesni_128_cfb; + break; + case NID_aes_128_ofb: + *cipher = &aesni_128_ofb; + break; + + case NID_aes_192_ecb: + *cipher = &aesni_192_ecb; + break; + case NID_aes_192_cbc: + *cipher = &aesni_192_cbc; + break; + case NID_aes_192_cfb: + *cipher = &aesni_192_cfb; + break; + case NID_aes_192_ofb: + *cipher = &aesni_192_ofb; + break; + + case NID_aes_256_ecb: + *cipher = &aesni_256_ecb; + break; + case NID_aes_256_cbc: + *cipher = &aesni_256_cbc; + break; + case NID_aes_256_cfb: + *cipher = &aesni_256_cfb; + break; + case NID_aes_256_ofb: + *cipher = &aesni_256_ofb; + break; + + default: + /* Sorry, we don't support this NID */ + *cipher = NULL; + return 0; + } + return 1; +} + +#endif /* COMPILE_HW_AESNI */ +#endif /* !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_AESNI) && !defined(OPENSSL_NO_AES) */ diff --git a/src/lib/libcrypto/engine/eng_all.c b/src/lib/libcrypto/engine/eng_all.c index a35b3db9e86..403ca6865d5 100644 --- a/src/lib/libcrypto/engine/eng_all.c +++ b/src/lib/libcrypto/engine/eng_all.c @@ -1,4 +1,4 @@ -/* crypto/engine/eng_all.c -*- mode: C; c-file-style: "eay" -*- */ +/* $OpenBSD: eng_all.c,v 1.30 2018/03/17 16:20:01 beck Exp $ */ /* Written by Richard Levitte for the OpenSSL * project 2000. */ @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -56,63 +56,33 @@ * */ -#include -#include -#include "eng_int.h" +#include -#ifdef __OpenBSD__ -static int openbsd_default_loaded = 0; -#endif +#include -void ENGINE_load_builtin_engines(void) - { - /* There's no longer any need for an "openssl" ENGINE unless, one day, - * it is the *only* way for standard builtin implementations to be be - * accessed (ie. it would be possible to statically link binaries with - * *no* builtin implementations). */ -#if 0 - ENGINE_load_openssl(); -#endif - ENGINE_load_dynamic(); +#include "cryptlib.h" +#include "eng_int.h" + +void +ENGINE_load_builtin_engines_internal(void) +{ +#ifndef OPENSSL_NO_STATIC_ENGINE #ifndef OPENSSL_NO_HW -#ifndef OPENSSL_NO_HW_CSWIFT - ENGINE_load_cswift(); -#endif -#ifndef OPENSSL_NO_HW_NCIPHER - ENGINE_load_chil(); -#endif -#ifndef OPENSSL_NO_HW_ATALLA - ENGINE_load_atalla(); -#endif -#ifndef OPENSSL_NO_HW_NURON - ENGINE_load_nuron(); +#ifndef OPENSSL_NO_HW_PADLOCK + ENGINE_load_padlock(); #endif -#ifndef OPENSSL_NO_HW_UBSEC - ENGINE_load_ubsec(); #endif -#ifndef OPENSSL_NO_HW_AEP - ENGINE_load_aep(); #endif -#ifndef OPENSSL_NO_HW_SUREWARE - ENGINE_load_sureware(); -#endif -#ifdef OPENSSL_OPENBSD_DEV_CRYPTO - ENGINE_load_openbsd_dev_crypto(); -#endif -#ifdef __OpenBSD__ - ENGINE_load_cryptodev(); -#endif -#endif - } - -#ifdef __OpenBSD__ -void ENGINE_setup_openbsd(void) { - if (!openbsd_default_loaded) { - ENGINE_load_cryptodev(); - ENGINE_register_all_complete(); - } - openbsd_default_loaded=1; + ENGINE_register_all_complete(); } -#endif +void +ENGINE_load_builtin_engines(void) +{ + static pthread_once_t once = PTHREAD_ONCE_INIT; + /* Prayer and clean living lets you ignore errors, OpenSSL style */ + (void) OPENSSL_init_crypto(0, NULL); + + (void) pthread_once(&once, ENGINE_load_builtin_engines_internal); +} diff --git a/src/lib/libcrypto/engine/eng_cnf.c b/src/lib/libcrypto/engine/eng_cnf.c index 8c0ae8a1ad3..24358af8cd2 100644 --- a/src/lib/libcrypto/engine/eng_cnf.c +++ b/src/lib/libcrypto/engine/eng_cnf.c @@ -1,5 +1,5 @@ -/* eng_cnf.c */ -/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: eng_cnf.c,v 1.15 2018/04/14 07:18:37 tb Exp $ */ +/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL * project 2001. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -56,51 +56,57 @@ * */ -#include -#include -#include "cryptlib.h" +#include + +#include + +#include "eng_int.h" #include -#include /* #define ENGINE_CONF_DEBUG */ /* ENGINE config module */ -static char *skip_dot(char *name) - { +static char * +skip_dot(char *name) +{ char *p; + p = strchr(name, '.'); if (p) return p + 1; return name; - } +} static STACK_OF(ENGINE) *initialized_engines = NULL; -static int int_engine_init(ENGINE *e) - { +static int +int_engine_init(ENGINE *e) +{ if (!ENGINE_init(e)) return 0; if (!initialized_engines) initialized_engines = sk_ENGINE_new_null(); - if (!initialized_engines || !sk_ENGINE_push(initialized_engines, e)) - { + if (!initialized_engines || !sk_ENGINE_push(initialized_engines, e)) { ENGINE_finish(e); return 0; - } - return 1; } - + return 1; +} + -int int_engine_configure(char *name, char *value, const CONF *cnf) - { +static int +int_engine_configure(char *name, char *value, const CONF *cnf) +{ int i; int ret = 0; long do_init = -1; STACK_OF(CONF_VALUE) *ecmds; - CONF_VALUE *ecmd; + CONF_VALUE *ecmd = NULL; char *ctrlname, *ctrlvalue; ENGINE *e = NULL; + int soft = 0; + name = skip_dot(name); #ifdef ENGINE_CONF_DEBUG fprintf(stderr, "Configuring engine %s\n", name); @@ -108,19 +114,18 @@ int int_engine_configure(char *name, char *value, const CONF *cnf) /* Value is a section containing ENGINE commands */ ecmds = NCONF_get_section(cnf, value); - if (!ecmds) - { - ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, ENGINE_R_ENGINE_SECTION_ERROR); + if (!ecmds) { + ENGINEerror(ENGINE_R_ENGINE_SECTION_ERROR); return 0; - } + } - for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++) - { + for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++) { ecmd = sk_CONF_VALUE_value(ecmds, i); ctrlname = skip_dot(ecmd->name); ctrlvalue = ecmd->value; #ifdef ENGINE_CONF_DEBUG - fprintf(stderr, "ENGINE conf: doing ctrl(%s,%s)\n", ctrlname, ctrlvalue); + fprintf(stderr, "ENGINE conf: doing ctrl(%s,%s)\n", + ctrlname, ctrlvalue); #endif /* First handle some special pseudo ctrls */ @@ -128,9 +133,10 @@ int int_engine_configure(char *name, char *value, const CONF *cnf) /* Override engine name to use */ if (!strcmp(ctrlname, "engine_id")) name = ctrlvalue; + else if (!strcmp(ctrlname, "soft_load")) + soft = 1; /* Load a dynamic ENGINE */ - else if (!strcmp(ctrlname, "dynamic_path")) - { + else if (!strcmp(ctrlname, "dynamic_path")) { e = ENGINE_by_id("dynamic"); if (!e) goto err; @@ -140,103 +146,107 @@ int int_engine_configure(char *name, char *value, const CONF *cnf) goto err; if (!ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0)) goto err; - } + } /* ... add other pseudos here ... */ - else - { + else { /* At this point we need an ENGINE structural reference * if we don't already have one. */ - if (!e) - { + if (!e) { e = ENGINE_by_id(name); - if (!e) - return 0; + if (!e && soft) { + ERR_clear_error(); + return 1; } + if (!e) + goto err; + } /* Allow "EMPTY" to mean no value: this allows a valid * "value" to be passed to ctrls of type NO_INPUT */ if (!strcmp(ctrlvalue, "EMPTY")) ctrlvalue = NULL; - else if (!strcmp(ctrlname, "init")) - { - if (!NCONF_get_number_e(cnf, value, "init", &do_init)) + if (!strcmp(ctrlname, "init")) { + if (!NCONF_get_number_e(cnf, value, "init", + &do_init)) goto err; - if (do_init == 1) - { + if (do_init == 1) { if (!int_engine_init(e)) goto err; - } - else if (do_init != 0) - { - ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, ENGINE_R_INVALID_INIT_VALUE); + } else if (do_init != 0) { + ENGINEerror(ENGINE_R_INVALID_INIT_VALUE); goto err; - } } - else if (!strcmp(ctrlname, "default_algorithms")) - { + } + else if (!strcmp(ctrlname, "default_algorithms")) { if (!ENGINE_set_default_string(e, ctrlvalue)) goto err; - } - else if (!ENGINE_ctrl_cmd_string(e, - ctrlname, ctrlvalue, 0)) - return 0; - } - - - + } else if (!ENGINE_ctrl_cmd_string(e, + ctrlname, ctrlvalue, 0)) + goto err; } - if (e && (do_init == -1) && !int_engine_init(e)) + } + if (e && (do_init == -1) && !int_engine_init(e)) { + ecmd = NULL; goto err; + } ret = 1; - err: - if (e) - ENGINE_free(e); - return ret; + +err: + if (ret != 1) { + ENGINEerror(ENGINE_R_ENGINE_CONFIGURATION_ERROR); + if (ecmd) + ERR_asprintf_error_data( + "section=%s, name=%s, value=%s", + ecmd->section, ecmd->name, ecmd->value); } + ENGINE_free(e); + return ret; +} -static int int_engine_module_init(CONF_IMODULE *md, const CONF *cnf) - { +static int +int_engine_module_init(CONF_IMODULE *md, const CONF *cnf) +{ STACK_OF(CONF_VALUE) *elist; CONF_VALUE *cval; int i; + #ifdef ENGINE_CONF_DEBUG fprintf(stderr, "Called engine module: name %s, value %s\n", - CONF_imodule_get_name(md), CONF_imodule_get_value(md)); + CONF_imodule_get_name(md), CONF_imodule_get_value(md)); #endif /* Value is a section containing ENGINEs to configure */ elist = NCONF_get_section(cnf, CONF_imodule_get_value(md)); - if (!elist) - { - ENGINEerr(ENGINE_F_ENGINE_MODULE_INIT, ENGINE_R_ENGINES_SECTION_ERROR); + if (!elist) { + ENGINEerror(ENGINE_R_ENGINES_SECTION_ERROR); return 0; - } + } - for (i = 0; i < sk_CONF_VALUE_num(elist); i++) - { + for (i = 0; i < sk_CONF_VALUE_num(elist); i++) { cval = sk_CONF_VALUE_value(elist, i); if (!int_engine_configure(cval->name, cval->value, cnf)) return 0; - } + } return 1; - } +} -static void int_engine_module_finish(CONF_IMODULE *md) - { +static void +int_engine_module_finish(CONF_IMODULE *md) +{ ENGINE *e; + while ((e = sk_ENGINE_pop(initialized_engines))) ENGINE_finish(e); sk_ENGINE_free(initialized_engines); initialized_engines = NULL; - } - - -void ENGINE_add_conf_module(void) - { - CONF_module_add("engines", - int_engine_module_init, - int_engine_module_finish); - } +} + +void +ENGINE_add_conf_module(void) +{ + CONF_module_add("engines", int_engine_module_init, + int_engine_module_finish); +} diff --git a/src/lib/libcrypto/engine/eng_ctrl.c b/src/lib/libcrypto/engine/eng_ctrl.c index ad3858395be..1a3c25fbaee 100644 --- a/src/lib/libcrypto/engine/eng_ctrl.c +++ b/src/lib/libcrypto/engine/eng_ctrl.c @@ -1,4 +1,4 @@ -/* crypto/engine/eng_ctrl.c */ +/* $OpenBSD: eng_ctrl.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */ /* ==================================================================== * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. * @@ -7,7 +7,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -53,10 +53,11 @@ * */ -#include -#include "cryptlib.h" +#include + +#include + #include "eng_int.h" -#include /* When querying a ENGINE-specific control command's 'description', this string * is used if the ENGINE_CMD_DEFN has cmd_desc set to NULL. */ @@ -66,93 +67,89 @@ static const char *int_no_description = ""; * ENGINE in question has asked us to take care of it (ie. the ENGINE did not * set the ENGINE_FLAGS_MANUAL_CMD_CTRL flag. */ -static int int_ctrl_cmd_is_null(const ENGINE_CMD_DEFN *defn) - { - if((defn->cmd_num == 0) || (defn->cmd_name == NULL)) +static int +int_ctrl_cmd_is_null(const ENGINE_CMD_DEFN *defn) +{ + if ((defn->cmd_num == 0) || (defn->cmd_name == NULL)) return 1; return 0; - } +} -static int int_ctrl_cmd_by_name(const ENGINE_CMD_DEFN *defn, const char *s) - { +static int +int_ctrl_cmd_by_name(const ENGINE_CMD_DEFN *defn, const char *s) +{ int idx = 0; - while(!int_ctrl_cmd_is_null(defn) && (strcmp(defn->cmd_name, s) != 0)) - { + while (!int_ctrl_cmd_is_null(defn) && + (strcmp(defn->cmd_name, s) != 0)) { idx++; defn++; - } - if(int_ctrl_cmd_is_null(defn)) + } + if (int_ctrl_cmd_is_null(defn)) /* The given name wasn't found */ return -1; return idx; - } +} -static int int_ctrl_cmd_by_num(const ENGINE_CMD_DEFN *defn, unsigned int num) - { +static int +int_ctrl_cmd_by_num(const ENGINE_CMD_DEFN *defn, unsigned int num) +{ int idx = 0; /* NB: It is stipulated that 'cmd_defn' lists are ordered by cmd_num. So * our searches don't need to take any longer than necessary. */ - while(!int_ctrl_cmd_is_null(defn) && (defn->cmd_num < num)) - { + while (!int_ctrl_cmd_is_null(defn) && (defn->cmd_num < num)) { idx++; defn++; - } - if(defn->cmd_num == num) + } + if (defn->cmd_num == num) return idx; /* The given cmd_num wasn't found */ return -1; - } +} -static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p, void (*f)()) - { +static int +int_ctrl_helper(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) +{ int idx; + int ret; char *s = (char *)p; + /* Take care of the easy one first (eg. it requires no searches) */ - if(cmd == ENGINE_CTRL_GET_FIRST_CMD_TYPE) - { - if((e->cmd_defns == NULL) || int_ctrl_cmd_is_null(e->cmd_defns)) + if (cmd == ENGINE_CTRL_GET_FIRST_CMD_TYPE) { + if ((e->cmd_defns == NULL) || + int_ctrl_cmd_is_null(e->cmd_defns)) return 0; return e->cmd_defns->cmd_num; - } + } /* One or two commands require that "p" be a valid string buffer */ - if((cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) || - (cmd == ENGINE_CTRL_GET_NAME_FROM_CMD) || - (cmd == ENGINE_CTRL_GET_DESC_FROM_CMD)) - { - if(s == NULL) - { - ENGINEerr(ENGINE_F_INT_CTRL_HELPER, - ERR_R_PASSED_NULL_PARAMETER); + if ((cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) || + (cmd == ENGINE_CTRL_GET_NAME_FROM_CMD) || + (cmd == ENGINE_CTRL_GET_DESC_FROM_CMD)) { + if (s == NULL) { + ENGINEerror(ERR_R_PASSED_NULL_PARAMETER); return -1; - } } + } /* Now handle cmd_name -> cmd_num conversion */ - if(cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) - { - if((e->cmd_defns == NULL) || ((idx = int_ctrl_cmd_by_name( - e->cmd_defns, s)) < 0)) - { - ENGINEerr(ENGINE_F_INT_CTRL_HELPER, - ENGINE_R_INVALID_CMD_NAME); + if (cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) { + if ((e->cmd_defns == NULL) || + ((idx = int_ctrl_cmd_by_name(e->cmd_defns, s)) < 0)) { + ENGINEerror(ENGINE_R_INVALID_CMD_NAME); return -1; - } - return e->cmd_defns[idx].cmd_num; } + return e->cmd_defns[idx].cmd_num; + } /* For the rest of the commands, the 'long' argument must specify a * valie command number - so we need to conduct a search. */ - if((e->cmd_defns == NULL) || ((idx = int_ctrl_cmd_by_num(e->cmd_defns, - (unsigned int)i)) < 0)) - { - ENGINEerr(ENGINE_F_INT_CTRL_HELPER, - ENGINE_R_INVALID_CMD_NUMBER); + if ((e->cmd_defns == NULL) || + ((idx = int_ctrl_cmd_by_num(e->cmd_defns, (unsigned int)i)) < 0)) { + ENGINEerror(ENGINE_R_INVALID_CMD_NUMBER); return -1; - } + } /* Now the logic splits depending on command type */ - switch(cmd) - { + switch (cmd) { case ENGINE_CTRL_GET_NEXT_CMD_TYPE: idx++; - if(int_ctrl_cmd_is_null(e->cmd_defns + idx)) + if (int_ctrl_cmd_is_null(e->cmd_defns + idx)) /* end-of-list */ return 0; else @@ -160,44 +157,58 @@ static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p, void (*f)()) case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD: return strlen(e->cmd_defns[idx].cmd_name); case ENGINE_CTRL_GET_NAME_FROM_CMD: - return sprintf(s, "%s", e->cmd_defns[idx].cmd_name); + ret = snprintf(s, strlen(e->cmd_defns[idx].cmd_name) + 1, + "%s", e->cmd_defns[idx].cmd_name); + if (ret >= (strlen(e->cmd_defns[idx].cmd_name) + 1)) + ret = -1; + return ret; case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD: - if(e->cmd_defns[idx].cmd_desc) + if (e->cmd_defns[idx].cmd_desc) return strlen(e->cmd_defns[idx].cmd_desc); return strlen(int_no_description); case ENGINE_CTRL_GET_DESC_FROM_CMD: - if(e->cmd_defns[idx].cmd_desc) - return sprintf(s, "%s", e->cmd_defns[idx].cmd_desc); - return sprintf(s, "%s", int_no_description); + if (e->cmd_defns[idx].cmd_desc) { + ret = snprintf(s, + strlen(e->cmd_defns[idx].cmd_desc) + 1, + "%s", e->cmd_defns[idx].cmd_desc); + if (ret >= strlen(e->cmd_defns[idx].cmd_desc) + 1) + ret = -1; + return ret; + } + ret = snprintf(s, strlen(int_no_description) + 1, "%s", + int_no_description); + if (ret >= strlen(int_no_description) + 1) + ret = -1; + return ret; case ENGINE_CTRL_GET_CMD_FLAGS: return e->cmd_defns[idx].cmd_flags; - } + } + /* Shouldn't really be here ... */ - ENGINEerr(ENGINE_F_INT_CTRL_HELPER,ENGINE_R_INTERNAL_LIST_ERROR); + ENGINEerror(ENGINE_R_INTERNAL_LIST_ERROR); return -1; - } +} -int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) - { +int +ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)) +{ int ctrl_exists, ref_exists; - if(e == NULL) - { - ENGINEerr(ENGINE_F_ENGINE_CTRL,ERR_R_PASSED_NULL_PARAMETER); + + if (e == NULL) { + ENGINEerror(ERR_R_PASSED_NULL_PARAMETER); return 0; - } + } CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); ref_exists = ((e->struct_ref > 0) ? 1 : 0); CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); ctrl_exists = ((e->ctrl == NULL) ? 0 : 1); - if(!ref_exists) - { - ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_REFERENCE); + if (!ref_exists) { + ENGINEerror(ENGINE_R_NO_REFERENCE); return 0; - } + } /* Intercept any "root-level" commands before trying to hand them on to * ctrl() handlers. */ - switch(cmd) - { + switch (cmd) { case ENGINE_CTRL_HAS_CTRL_FUNCTION: return ctrl_exists; case ENGINE_CTRL_GET_FIRST_CMD_TYPE: @@ -208,180 +219,161 @@ int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD: case ENGINE_CTRL_GET_DESC_FROM_CMD: case ENGINE_CTRL_GET_CMD_FLAGS: - if(ctrl_exists && !(e->flags & ENGINE_FLAGS_MANUAL_CMD_CTRL)) - return int_ctrl_helper(e,cmd,i,p,f); - if(!ctrl_exists) - { - ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_CONTROL_FUNCTION); + if (ctrl_exists && !(e->flags & ENGINE_FLAGS_MANUAL_CMD_CTRL)) + return int_ctrl_helper(e, cmd, i, p, f); + if (!ctrl_exists) { + ENGINEerror(ENGINE_R_NO_CONTROL_FUNCTION); /* For these cmd-related functions, failure is indicated * by a -1 return value (because 0 is used as a valid * return in some places). */ return -1; - } + } default: break; - } + } /* Anything else requires a ctrl() handler to exist. */ - if(!ctrl_exists) - { - ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_CONTROL_FUNCTION); + if (!ctrl_exists) { + ENGINEerror(ENGINE_R_NO_CONTROL_FUNCTION); return 0; - } - return e->ctrl(e, cmd, i, p, f); } + return e->ctrl(e, cmd, i, p, f); +} -int ENGINE_cmd_is_executable(ENGINE *e, int cmd) - { +int +ENGINE_cmd_is_executable(ENGINE *e, int cmd) +{ int flags; - if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, cmd, NULL, NULL)) < 0) - { - ENGINEerr(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE, - ENGINE_R_INVALID_CMD_NUMBER); + + if ((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, cmd, + NULL, NULL)) < 0) { + ENGINEerror(ENGINE_R_INVALID_CMD_NUMBER); return 0; - } - if(!(flags & ENGINE_CMD_FLAG_NO_INPUT) && - !(flags & ENGINE_CMD_FLAG_NUMERIC) && - !(flags & ENGINE_CMD_FLAG_STRING)) + } + if (!(flags & ENGINE_CMD_FLAG_NO_INPUT) && + !(flags & ENGINE_CMD_FLAG_NUMERIC) && + !(flags & ENGINE_CMD_FLAG_STRING)) return 0; return 1; - } +} -int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, - long i, void *p, void (*f)(), int cmd_optional) - { +int +ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, long i, void *p, + void (*f)(void), int cmd_optional) +{ int num; - if((e == NULL) || (cmd_name == NULL)) - { - ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, - ERR_R_PASSED_NULL_PARAMETER); + if ((e == NULL) || (cmd_name == NULL)) { + ENGINEerror(ERR_R_PASSED_NULL_PARAMETER); return 0; - } - if((e->ctrl == NULL) || ((num = ENGINE_ctrl(e, - ENGINE_CTRL_GET_CMD_FROM_NAME, - 0, (void *)cmd_name, NULL)) <= 0)) - { + } + if ((e->ctrl == NULL) || + ((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FROM_NAME, + 0, (void *)cmd_name, NULL)) <= 0)) { /* If the command didn't *have* to be supported, we fake * success. This allows certain settings to be specified for * multiple ENGINEs and only require a change of ENGINE id * (without having to selectively apply settings). Eg. changing * from a hardware device back to the regular software ENGINE * without editing the config file, etc. */ - if(cmd_optional) - { + if (cmd_optional) { ERR_clear_error(); return 1; - } - ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD, - ENGINE_R_INVALID_CMD_NAME); - return 0; } + ENGINEerror(ENGINE_R_INVALID_CMD_NAME); + return 0; + } + /* Force the result of the control command to 0 or 1, for the reasons * mentioned before. */ - if (ENGINE_ctrl(e, num, i, p, f)) - return 1; - return 0; - } + if (ENGINE_ctrl(e, num, i, p, f) > 0) + return 1; + + return 0; +} -int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, - int cmd_optional) - { +int +ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, + int cmd_optional) +{ int num, flags; long l; char *ptr; - if((e == NULL) || (cmd_name == NULL)) - { - ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, - ERR_R_PASSED_NULL_PARAMETER); + + if ((e == NULL) || (cmd_name == NULL)) { + ENGINEerror(ERR_R_PASSED_NULL_PARAMETER); return 0; - } - if((e->ctrl == NULL) || ((num = ENGINE_ctrl(e, - ENGINE_CTRL_GET_CMD_FROM_NAME, - 0, (void *)cmd_name, NULL)) <= 0)) - { + } + if ((e->ctrl == NULL) || + ((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FROM_NAME, 0, + (void *)cmd_name, NULL)) <= 0)) { /* If the command didn't *have* to be supported, we fake * success. This allows certain settings to be specified for * multiple ENGINEs and only require a change of ENGINE id * (without having to selectively apply settings). Eg. changing * from a hardware device back to the regular software ENGINE * without editing the config file, etc. */ - if(cmd_optional) - { + if (cmd_optional) { ERR_clear_error(); return 1; - } - ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, - ENGINE_R_INVALID_CMD_NAME); - return 0; } - if(!ENGINE_cmd_is_executable(e, num)) - { - ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, - ENGINE_R_CMD_NOT_EXECUTABLE); + ENGINEerror(ENGINE_R_INVALID_CMD_NAME); return 0; - } - if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num, NULL, NULL)) < 0) - { + } + if (!ENGINE_cmd_is_executable(e, num)) { + ENGINEerror(ENGINE_R_CMD_NOT_EXECUTABLE); + return 0; + } + if ((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num, + NULL, NULL)) < 0) { /* Shouldn't happen, given that ENGINE_cmd_is_executable() * returned success. */ - ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, - ENGINE_R_INTERNAL_LIST_ERROR); + ENGINEerror(ENGINE_R_INTERNAL_LIST_ERROR); return 0; - } + } /* If the command takes no input, there must be no input. And vice * versa. */ - if(flags & ENGINE_CMD_FLAG_NO_INPUT) - { - if(arg != NULL) - { - ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, - ENGINE_R_COMMAND_TAKES_NO_INPUT); + if (flags & ENGINE_CMD_FLAG_NO_INPUT) { + if (arg != NULL) { + ENGINEerror(ENGINE_R_COMMAND_TAKES_NO_INPUT); return 0; - } + } /* We deliberately force the result of ENGINE_ctrl() to 0 or 1 * rather than returning it as "return data". This is to ensure * usage of these commands is consistent across applications and * that certain applications don't understand it one way, and * others another. */ - if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL)) + if (ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0) return 1; return 0; - } + } /* So, we require input */ - if(arg == NULL) - { - ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, - ENGINE_R_COMMAND_TAKES_INPUT); + if (arg == NULL) { + ENGINEerror(ENGINE_R_COMMAND_TAKES_INPUT); return 0; - } + } /* If it takes string input, that's easy */ - if(flags & ENGINE_CMD_FLAG_STRING) - { + if (flags & ENGINE_CMD_FLAG_STRING) { /* Same explanation as above */ - if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL)) + if (ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0) return 1; return 0; - } + } /* If it doesn't take numeric either, then it is unsupported for use in * a config-setting situation, which is what this function is for. This * should never happen though, because ENGINE_cmd_is_executable() was * used. */ - if(!(flags & ENGINE_CMD_FLAG_NUMERIC)) - { - ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, - ENGINE_R_INTERNAL_LIST_ERROR); + if (!(flags & ENGINE_CMD_FLAG_NUMERIC)) { + ENGINEerror(ENGINE_R_INTERNAL_LIST_ERROR); return 0; - } + } l = strtol(arg, &ptr, 10); - if((arg == ptr) || (*ptr != '\0')) - { - ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, - ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER); + if ((arg == ptr) || (*ptr != '\0')) { + ENGINEerror(ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER); return 0; - } + } /* Force the result of the control command to 0 or 1, for the reasons * mentioned before. */ - if(ENGINE_ctrl(e, num, l, NULL, NULL)) + if (ENGINE_ctrl(e, num, l, NULL, NULL) > 0) return 1; return 0; - } +} diff --git a/src/lib/libcrypto/engine/eng_dyn.c b/src/lib/libcrypto/engine/eng_dyn.c index 4fefcc0caee..400ce726815 100644 --- a/src/lib/libcrypto/engine/eng_dyn.c +++ b/src/lib/libcrypto/engine/eng_dyn.c @@ -1,4 +1,4 @@ -/* crypto/engine/eng_dyn.c */ +/* $OpenBSD: eng_dyn.c,v 1.14 2015/06/19 06:05:11 bcook Exp $ */ /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL * project 2001. */ @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -56,391 +56,9 @@ * */ - -#include -#include -#include "cryptlib.h" -#include "eng_int.h" #include -#include - -/* Shared libraries implementing ENGINEs for use by the "dynamic" ENGINE loader - * should implement the hook-up functions with the following prototypes. */ - -/* Our ENGINE handlers */ -static int dynamic_init(ENGINE *e); -static int dynamic_finish(ENGINE *e); -static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); -/* Predeclare our context type */ -typedef struct st_dynamic_data_ctx dynamic_data_ctx; -/* The implementation for the important control command */ -static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx); - -#define DYNAMIC_CMD_SO_PATH ENGINE_CMD_BASE -#define DYNAMIC_CMD_NO_VCHECK (ENGINE_CMD_BASE + 1) -#define DYNAMIC_CMD_ID (ENGINE_CMD_BASE + 2) -#define DYNAMIC_CMD_LIST_ADD (ENGINE_CMD_BASE + 3) -#define DYNAMIC_CMD_LOAD (ENGINE_CMD_BASE + 4) - -/* The constants used when creating the ENGINE */ -static const char *engine_dynamic_id = "dynamic"; -static const char *engine_dynamic_name = "Dynamic engine loading support"; -static const ENGINE_CMD_DEFN dynamic_cmd_defns[] = { - {DYNAMIC_CMD_SO_PATH, - "SO_PATH", - "Specifies the path to the new ENGINE shared library", - ENGINE_CMD_FLAG_STRING}, - {DYNAMIC_CMD_NO_VCHECK, - "NO_VCHECK", - "Specifies to continue even if version checking fails (boolean)", - ENGINE_CMD_FLAG_NUMERIC}, - {DYNAMIC_CMD_ID, - "ID", - "Specifies an ENGINE id name for loading", - ENGINE_CMD_FLAG_STRING}, - {DYNAMIC_CMD_LIST_ADD, - "LIST_ADD", - "Whether to add a loaded ENGINE to the internal list (0=no,1=yes,2=mandatory)", - ENGINE_CMD_FLAG_NUMERIC}, - {DYNAMIC_CMD_LOAD, - "LOAD", - "Load up the ENGINE specified by other settings", - ENGINE_CMD_FLAG_NO_INPUT}, - {0, NULL, NULL, 0} - }; -static const ENGINE_CMD_DEFN dynamic_cmd_defns_empty[] = { - {0, NULL, NULL, 0} - }; - -/* Loading code stores state inside the ENGINE structure via the "ex_data" - * element. We load all our state into a single structure and use that as a - * single context in the "ex_data" stack. */ -struct st_dynamic_data_ctx - { - /* The DSO object we load that supplies the ENGINE code */ - DSO *dynamic_dso; - /* The function pointer to the version checking shared library function */ - dynamic_v_check_fn v_check; - /* The function pointer to the engine-binding shared library function */ - dynamic_bind_engine bind_engine; - /* The default name/path for loading the shared library */ - const char *DYNAMIC_LIBNAME; - /* Whether to continue loading on a version check failure */ - int no_vcheck; - /* If non-NULL, stipulates the 'id' of the ENGINE to be loaded */ - const char *engine_id; - /* If non-zero, a successfully loaded ENGINE should be added to the internal - * ENGINE list. If 2, the add must succeed or the entire load should fail. */ - int list_add_value; - /* The symbol name for the version checking function */ - const char *DYNAMIC_F1; - /* The symbol name for the "initialise ENGINE structure" function */ - const char *DYNAMIC_F2; - }; - -/* This is the "ex_data" index we obtain and reserve for use with our context - * structure. */ -static int dynamic_ex_data_idx = -1; - -/* Because our ex_data element may or may not get allocated depending on whether - * a "first-use" occurs before the ENGINE is freed, we have a memory leak - * problem to solve. We can't declare a "new" handler for the ex_data as we - * don't want a dynamic_data_ctx in *all* ENGINE structures of all types (this - * is a bug in the design of CRYPTO_EX_DATA). As such, we just declare a "free" - * handler and that will get called if an ENGINE is being destroyed and there - * was an ex_data element corresponding to our context type. */ -static void dynamic_data_ctx_free_func(void *parent, void *ptr, - CRYPTO_EX_DATA *ad, int idx, long argl, void *argp) - { - if(ptr) - { - dynamic_data_ctx *ctx = (dynamic_data_ctx *)ptr; - if(ctx->dynamic_dso) - DSO_free(ctx->dynamic_dso); - OPENSSL_free(ctx); - } - } - -/* Construct the per-ENGINE context. We create it blindly and then use a lock to - * check for a race - if so, all but one of the threads "racing" will have - * wasted their time. The alternative involves creating everything inside the - * lock which is far worse. */ -static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx) - { - dynamic_data_ctx *c; - c = OPENSSL_malloc(sizeof(dynamic_data_ctx)); - if(!ctx) - { - ENGINEerr(ENGINE_F_SET_DATA_CTX,ERR_R_MALLOC_FAILURE); - return 0; - } - memset(c, 0, sizeof(dynamic_data_ctx)); - c->dynamic_dso = NULL; - c->v_check = NULL; - c->bind_engine = NULL; - c->DYNAMIC_LIBNAME = NULL; - c->no_vcheck = 0; - c->engine_id = NULL; - c->list_add_value = 0; - c->DYNAMIC_F1 = "v_check"; - c->DYNAMIC_F2 = "bind_engine"; - CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); - if((*ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e, - dynamic_ex_data_idx)) == NULL) - { - /* Good, we're the first */ - ENGINE_set_ex_data(e, dynamic_ex_data_idx, c); - *ctx = c; - c = NULL; - } - CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); - /* If we lost the race to set the context, c is non-NULL and *ctx is the - * context of the thread that won. */ - if(c) - OPENSSL_free(c); - return 1; - } - -/* This function retrieves the context structure from an ENGINE's "ex_data", or - * if it doesn't exist yet, sets it up. */ -static dynamic_data_ctx *dynamic_get_data_ctx(ENGINE *e) - { - dynamic_data_ctx *ctx; - if(dynamic_ex_data_idx < 0) - { - /* Create and register the ENGINE ex_data, and associate our - * "free" function with it to ensure any allocated contexts get - * freed when an ENGINE goes underground. */ - int new_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL, - dynamic_data_ctx_free_func); - if(new_idx == -1) - { - ENGINEerr(ENGINE_F_DYNAMIC_GET_DATA_CTX,ENGINE_R_NO_INDEX); - return NULL; - } - CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); - /* Avoid a race by checking again inside this lock */ - if(dynamic_ex_data_idx < 0) - { - /* Good, someone didn't beat us to it */ - dynamic_ex_data_idx = new_idx; - new_idx = -1; - } - CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); - /* In theory we could "give back" the index here if - * (new_idx>-1), but it's not possible and wouldn't gain us much - * if it were. */ - } - ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e, dynamic_ex_data_idx); - /* Check if the context needs to be created */ - if((ctx == NULL) && !dynamic_set_data_ctx(e, &ctx)) - /* "set_data" will set errors if necessary */ - return NULL; - return ctx; - } - -static ENGINE *engine_dynamic(void) - { - ENGINE *ret = ENGINE_new(); - if(!ret) - return NULL; - if(!ENGINE_set_id(ret, engine_dynamic_id) || - !ENGINE_set_name(ret, engine_dynamic_name) || - !ENGINE_set_init_function(ret, dynamic_init) || - !ENGINE_set_finish_function(ret, dynamic_finish) || - !ENGINE_set_ctrl_function(ret, dynamic_ctrl) || - !ENGINE_set_flags(ret, ENGINE_FLAGS_BY_ID_COPY) || - !ENGINE_set_cmd_defns(ret, dynamic_cmd_defns)) - { - ENGINE_free(ret); - return NULL; - } - return ret; - } - -void ENGINE_load_dynamic(void) - { - ENGINE *toadd = engine_dynamic(); - if(!toadd) return; - ENGINE_add(toadd); - /* If the "add" worked, it gets a structural reference. So either way, - * we release our just-created reference. */ - ENGINE_free(toadd); - /* If the "add" didn't work, it was probably a conflict because it was - * already added (eg. someone calling ENGINE_load_blah then calling - * ENGINE_load_builtin_engines() perhaps). */ - ERR_clear_error(); - } - -static int dynamic_init(ENGINE *e) - { - /* We always return failure - the "dyanamic" engine itself can't be used - * for anything. */ - return 0; - } - -static int dynamic_finish(ENGINE *e) - { - /* This should never be called on account of "dynamic_init" always - * failing. */ - return 0; - } - -static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) - { - dynamic_data_ctx *ctx = dynamic_get_data_ctx(e); - int initialised; - - if(!ctx) - { - ENGINEerr(ENGINE_F_DYNAMIC_CTRL,ENGINE_R_NOT_LOADED); - return 0; - } - initialised = ((ctx->dynamic_dso == NULL) ? 0 : 1); - /* All our control commands require the ENGINE to be uninitialised */ - if(initialised) - { - ENGINEerr(ENGINE_F_DYNAMIC_CTRL, - ENGINE_R_ALREADY_LOADED); - return 0; - } - switch(cmd) - { - case DYNAMIC_CMD_SO_PATH: - /* a NULL 'p' or a string of zero-length is the same thing */ - if(p && (strlen((const char *)p) < 1)) - p = NULL; - ctx->DYNAMIC_LIBNAME = (const char *)p; - return 1; - case DYNAMIC_CMD_NO_VCHECK: - ctx->no_vcheck = ((i == 0) ? 0 : 1); - return 1; - case DYNAMIC_CMD_ID: - /* a NULL 'p' or a string of zero-length is the same thing */ - if(p && (strlen((const char *)p) < 1)) - p = NULL; - ctx->engine_id = (const char *)p; - return 1; - case DYNAMIC_CMD_LIST_ADD: - if((i < 0) || (i > 2)) - { - ENGINEerr(ENGINE_F_DYNAMIC_CTRL, - ENGINE_R_INVALID_ARGUMENT); - return 0; - } - ctx->list_add_value = (int)i; - return 1; - case DYNAMIC_CMD_LOAD: - return dynamic_load(e, ctx); - default: - break; - } - ENGINEerr(ENGINE_F_DYNAMIC_CTRL,ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED); - return 0; - } - -static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx) - { - ENGINE cpy; - dynamic_fns fns; - - if(!ctx->DYNAMIC_LIBNAME || ((ctx->dynamic_dso = DSO_load(NULL, - ctx->DYNAMIC_LIBNAME, NULL, 0)) == NULL)) - { - ENGINEerr(ENGINE_F_DYNAMIC_LOAD, - ENGINE_R_DSO_NOT_FOUND); - return 0; - } - /* We have to find a bind function otherwise it'll always end badly */ - if(!(ctx->bind_engine = (dynamic_bind_engine)DSO_bind_func( - ctx->dynamic_dso, ctx->DYNAMIC_F2))) - { - ctx->bind_engine = NULL; - DSO_free(ctx->dynamic_dso); - ctx->dynamic_dso = NULL; - ENGINEerr(ENGINE_F_DYNAMIC_LOAD, - ENGINE_R_DSO_FAILURE); - return 0; - } - /* Do we perform version checking? */ - if(!ctx->no_vcheck) - { - unsigned long vcheck_res = 0; - /* Now we try to find a version checking function and decide how - * to cope with failure if/when it fails. */ - ctx->v_check = (dynamic_v_check_fn)DSO_bind_func( - ctx->dynamic_dso, ctx->DYNAMIC_F1); - if(ctx->v_check) - vcheck_res = ctx->v_check(OSSL_DYNAMIC_VERSION); - /* We fail if the version checker veto'd the load *or* if it is - * deferring to us (by returning its version) and we think it is - * too old. */ - if(vcheck_res < OSSL_DYNAMIC_OLDEST) - { - /* Fail */ - ctx->bind_engine = NULL; - ctx->v_check = NULL; - DSO_free(ctx->dynamic_dso); - ctx->dynamic_dso = NULL; - ENGINEerr(ENGINE_F_DYNAMIC_LOAD, - ENGINE_R_VERSION_INCOMPATIBILITY); - return 0; - } - } - /* First binary copy the ENGINE structure so that we can roll back if - * the hand-over fails */ - memcpy(&cpy, e, sizeof(ENGINE)); - /* Provide the ERR, "ex_data", memory, and locking callbacks so the - * loaded library uses our state rather than its own. FIXME: As noted in - * engine.h, much of this would be simplified if each area of code - * provided its own "summary" structure of all related callbacks. It - * would also increase opaqueness. */ - fns.err_fns = ERR_get_implementation(); - fns.ex_data_fns = CRYPTO_get_ex_data_implementation(); - CRYPTO_get_mem_functions(&fns.mem_fns.malloc_cb, - &fns.mem_fns.realloc_cb, - &fns.mem_fns.free_cb); - fns.lock_fns.lock_locking_cb = CRYPTO_get_locking_callback(); - fns.lock_fns.lock_add_lock_cb = CRYPTO_get_add_lock_callback(); - fns.lock_fns.dynlock_create_cb = CRYPTO_get_dynlock_create_callback(); - fns.lock_fns.dynlock_lock_cb = CRYPTO_get_dynlock_lock_callback(); - fns.lock_fns.dynlock_destroy_cb = CRYPTO_get_dynlock_destroy_callback(); - /* Now that we've loaded the dynamic engine, make sure no "dynamic" - * ENGINE elements will show through. */ - engine_set_all_null(e); - /* Try to bind the ENGINE onto our own ENGINE structure */ - if(!ctx->bind_engine(e, ctx->engine_id, &fns)) - { - ctx->bind_engine = NULL; - ctx->v_check = NULL; - DSO_free(ctx->dynamic_dso); - ctx->dynamic_dso = NULL; - ENGINEerr(ENGINE_F_DYNAMIC_LOAD,ENGINE_R_INIT_FAILED); - /* Copy the original ENGINE structure back */ - memcpy(e, &cpy, sizeof(ENGINE)); - return 0; - } - /* Do we try to add this ENGINE to the internal list too? */ - if(ctx->list_add_value > 0) - { - if(!ENGINE_add(e)) - { - /* Do we tolerate this or fail? */ - if(ctx->list_add_value > 1) - { - /* Fail - NB: By this time, it's too late to - * rollback, and trying to do so allows the - * bind_engine() code to have created leaks. We - * just have to fail where we are, after the - * ENGINE has changed. */ - ENGINEerr(ENGINE_F_DYNAMIC_LOAD, - ENGINE_R_CONFLICTING_ENGINE_ID); - return 0; - } - /* Tolerate */ - ERR_clear_error(); - } - } - return 1; - } +void +ENGINE_load_dynamic(void) +{ +} diff --git a/src/lib/libcrypto/engine/eng_err.c b/src/lib/libcrypto/engine/eng_err.c index f6c56303959..b604cbba9e0 100644 --- a/src/lib/libcrypto/engine/eng_err.c +++ b/src/lib/libcrypto/engine/eng_err.c @@ -1,13 +1,13 @@ -/* crypto/engine/eng_err.c */ +/* $OpenBSD: eng_err.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2010 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -59,107 +59,77 @@ */ #include + +#include + #include #include /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -static ERR_STRING_DATA ENGINE_str_functs[]= - { -{ERR_PACK(0,ENGINE_F_DYNAMIC_CTRL,0), "DYNAMIC_CTRL"}, -{ERR_PACK(0,ENGINE_F_DYNAMIC_GET_DATA_CTX,0), "DYNAMIC_GET_DATA_CTX"}, -{ERR_PACK(0,ENGINE_F_DYNAMIC_LOAD,0), "DYNAMIC_LOAD"}, -{ERR_PACK(0,ENGINE_F_ENGINE_ADD,0), "ENGINE_add"}, -{ERR_PACK(0,ENGINE_F_ENGINE_BY_ID,0), "ENGINE_by_id"}, -{ERR_PACK(0,ENGINE_F_ENGINE_CMD_IS_EXECUTABLE,0), "ENGINE_cmd_is_executable"}, -{ERR_PACK(0,ENGINE_F_ENGINE_CTRL,0), "ENGINE_ctrl"}, -{ERR_PACK(0,ENGINE_F_ENGINE_CTRL_CMD,0), "ENGINE_ctrl_cmd"}, -{ERR_PACK(0,ENGINE_F_ENGINE_CTRL_CMD_STRING,0), "ENGINE_ctrl_cmd_string"}, -{ERR_PACK(0,ENGINE_F_ENGINE_FINISH,0), "ENGINE_finish"}, -{ERR_PACK(0,ENGINE_F_ENGINE_FREE,0), "ENGINE_free"}, -{ERR_PACK(0,ENGINE_F_ENGINE_GET_CIPHER,0), "ENGINE_get_cipher"}, -{ERR_PACK(0,ENGINE_F_ENGINE_GET_DEFAULT_TYPE,0), "ENGINE_GET_DEFAULT_TYPE"}, -{ERR_PACK(0,ENGINE_F_ENGINE_GET_DIGEST,0), "ENGINE_get_digest"}, -{ERR_PACK(0,ENGINE_F_ENGINE_GET_NEXT,0), "ENGINE_get_next"}, -{ERR_PACK(0,ENGINE_F_ENGINE_GET_PREV,0), "ENGINE_get_prev"}, -{ERR_PACK(0,ENGINE_F_ENGINE_INIT,0), "ENGINE_init"}, -{ERR_PACK(0,ENGINE_F_ENGINE_LIST_ADD,0), "ENGINE_LIST_ADD"}, -{ERR_PACK(0,ENGINE_F_ENGINE_LIST_REMOVE,0), "ENGINE_LIST_REMOVE"}, -{ERR_PACK(0,ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,0), "ENGINE_load_private_key"}, -{ERR_PACK(0,ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,0), "ENGINE_load_public_key"}, -{ERR_PACK(0,ENGINE_F_ENGINE_MODULE_INIT,0), "ENGINE_MODULE_INIT"}, -{ERR_PACK(0,ENGINE_F_ENGINE_NEW,0), "ENGINE_new"}, -{ERR_PACK(0,ENGINE_F_ENGINE_REMOVE,0), "ENGINE_remove"}, -{ERR_PACK(0,ENGINE_F_ENGINE_SET_DEFAULT_STRING,0), "ENGINE_set_default_string"}, -{ERR_PACK(0,ENGINE_F_ENGINE_SET_DEFAULT_TYPE,0), "ENGINE_SET_DEFAULT_TYPE"}, -{ERR_PACK(0,ENGINE_F_ENGINE_SET_ID,0), "ENGINE_set_id"}, -{ERR_PACK(0,ENGINE_F_ENGINE_SET_NAME,0), "ENGINE_set_name"}, -{ERR_PACK(0,ENGINE_F_ENGINE_TABLE_REGISTER,0), "ENGINE_TABLE_REGISTER"}, -{ERR_PACK(0,ENGINE_F_ENGINE_UNLOAD_KEY,0), "ENGINE_UNLOAD_KEY"}, -{ERR_PACK(0,ENGINE_F_INT_CTRL_HELPER,0), "INT_CTRL_HELPER"}, -{ERR_PACK(0,ENGINE_F_INT_ENGINE_CONFIGURE,0), "INT_ENGINE_CONFIGURE"}, -{ERR_PACK(0,ENGINE_F_LOG_MESSAGE,0), "LOG_MESSAGE"}, -{ERR_PACK(0,ENGINE_F_SET_DATA_CTX,0), "SET_DATA_CTX"}, -{0,NULL} - }; -static ERR_STRING_DATA ENGINE_str_reasons[]= - { -{ENGINE_R_ALREADY_LOADED ,"already loaded"}, -{ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER ,"argument is not a number"}, -{ENGINE_R_CMD_NOT_EXECUTABLE ,"cmd not executable"}, -{ENGINE_R_COMMAND_TAKES_INPUT ,"command takes input"}, -{ENGINE_R_COMMAND_TAKES_NO_INPUT ,"command takes no input"}, -{ENGINE_R_CONFLICTING_ENGINE_ID ,"conflicting engine id"}, -{ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"}, -{ENGINE_R_DH_NOT_IMPLEMENTED ,"dh not implemented"}, -{ENGINE_R_DSA_NOT_IMPLEMENTED ,"dsa not implemented"}, -{ENGINE_R_DSO_FAILURE ,"DSO failure"}, -{ENGINE_R_DSO_NOT_FOUND ,"dso not found"}, -{ENGINE_R_ENGINES_SECTION_ERROR ,"engines section error"}, -{ENGINE_R_ENGINE_IS_NOT_IN_LIST ,"engine is not in the list"}, -{ENGINE_R_ENGINE_SECTION_ERROR ,"engine section error"}, -{ENGINE_R_FAILED_LOADING_PRIVATE_KEY ,"failed loading private key"}, -{ENGINE_R_FAILED_LOADING_PUBLIC_KEY ,"failed loading public key"}, -{ENGINE_R_FINISH_FAILED ,"finish failed"}, -{ENGINE_R_GET_HANDLE_FAILED ,"could not obtain hardware handle"}, -{ENGINE_R_ID_OR_NAME_MISSING ,"'id' or 'name' missing"}, -{ENGINE_R_INIT_FAILED ,"init failed"}, -{ENGINE_R_INTERNAL_LIST_ERROR ,"internal list error"}, -{ENGINE_R_INVALID_ARGUMENT ,"invalid argument"}, -{ENGINE_R_INVALID_CMD_NAME ,"invalid cmd name"}, -{ENGINE_R_INVALID_CMD_NUMBER ,"invalid cmd number"}, -{ENGINE_R_INVALID_INIT_VALUE ,"invalid init value"}, -{ENGINE_R_INVALID_STRING ,"invalid string"}, -{ENGINE_R_NOT_INITIALISED ,"not initialised"}, -{ENGINE_R_NOT_LOADED ,"not loaded"}, -{ENGINE_R_NO_CONTROL_FUNCTION ,"no control function"}, -{ENGINE_R_NO_INDEX ,"no index"}, -{ENGINE_R_NO_LOAD_FUNCTION ,"no load function"}, -{ENGINE_R_NO_REFERENCE ,"no reference"}, -{ENGINE_R_NO_SUCH_ENGINE ,"no such engine"}, -{ENGINE_R_NO_UNLOAD_FUNCTION ,"no unload function"}, -{ENGINE_R_PROVIDE_PARAMETERS ,"provide parameters"}, -{ENGINE_R_RSA_NOT_IMPLEMENTED ,"rsa not implemented"}, -{ENGINE_R_UNIMPLEMENTED_CIPHER ,"unimplemented cipher"}, -{ENGINE_R_UNIMPLEMENTED_DIGEST ,"unimplemented digest"}, -{ENGINE_R_VERSION_INCOMPATIBILITY ,"version incompatibility"}, -{0,NULL} - }; +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ENGINE,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ENGINE,0,reason) -#endif +static ERR_STRING_DATA ENGINE_str_functs[] = { + {ERR_FUNC(0xfff), "CRYPTO_internal"}, + {0, NULL} +}; -void ERR_load_ENGINE_strings(void) - { - static int init=1; +static ERR_STRING_DATA ENGINE_str_reasons[] = { + {ERR_REASON(ENGINE_R_ALREADY_LOADED) , "already loaded"}, + {ERR_REASON(ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER), "argument is not a number"}, + {ERR_REASON(ENGINE_R_CMD_NOT_EXECUTABLE) , "cmd not executable"}, + {ERR_REASON(ENGINE_R_COMMAND_TAKES_INPUT), "command takes input"}, + {ERR_REASON(ENGINE_R_COMMAND_TAKES_NO_INPUT), "command takes no input"}, + {ERR_REASON(ENGINE_R_CONFLICTING_ENGINE_ID), "conflicting engine id"}, + {ERR_REASON(ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED), "ctrl command not implemented"}, + {ERR_REASON(ENGINE_R_DH_NOT_IMPLEMENTED) , "dh not implemented"}, + {ERR_REASON(ENGINE_R_DSA_NOT_IMPLEMENTED), "dsa not implemented"}, + {ERR_REASON(ENGINE_R_DSO_FAILURE) , "DSO failure"}, + {ERR_REASON(ENGINE_R_DSO_NOT_FOUND) , "dso not found"}, + {ERR_REASON(ENGINE_R_ENGINES_SECTION_ERROR), "engines section error"}, + {ERR_REASON(ENGINE_R_ENGINE_CONFIGURATION_ERROR), "engine configuration error"}, + {ERR_REASON(ENGINE_R_ENGINE_IS_NOT_IN_LIST), "engine is not in the list"}, + {ERR_REASON(ENGINE_R_ENGINE_SECTION_ERROR), "engine section error"}, + {ERR_REASON(ENGINE_R_FAILED_LOADING_PRIVATE_KEY), "failed loading private key"}, + {ERR_REASON(ENGINE_R_FAILED_LOADING_PUBLIC_KEY), "failed loading public key"}, + {ERR_REASON(ENGINE_R_FINISH_FAILED) , "finish failed"}, + {ERR_REASON(ENGINE_R_GET_HANDLE_FAILED) , "could not obtain hardware handle"}, + {ERR_REASON(ENGINE_R_ID_OR_NAME_MISSING) , "'id' or 'name' missing"}, + {ERR_REASON(ENGINE_R_INIT_FAILED) , "init failed"}, + {ERR_REASON(ENGINE_R_INTERNAL_LIST_ERROR), "internal list error"}, + {ERR_REASON(ENGINE_R_INVALID_ARGUMENT) , "invalid argument"}, + {ERR_REASON(ENGINE_R_INVALID_CMD_NAME) , "invalid cmd name"}, + {ERR_REASON(ENGINE_R_INVALID_CMD_NUMBER) , "invalid cmd number"}, + {ERR_REASON(ENGINE_R_INVALID_INIT_VALUE) , "invalid init value"}, + {ERR_REASON(ENGINE_R_INVALID_STRING) , "invalid string"}, + {ERR_REASON(ENGINE_R_NOT_INITIALISED) , "not initialised"}, + {ERR_REASON(ENGINE_R_NOT_LOADED) , "not loaded"}, + {ERR_REASON(ENGINE_R_NO_CONTROL_FUNCTION), "no control function"}, + {ERR_REASON(ENGINE_R_NO_INDEX) , "no index"}, + {ERR_REASON(ENGINE_R_NO_LOAD_FUNCTION) , "no load function"}, + {ERR_REASON(ENGINE_R_NO_REFERENCE) , "no reference"}, + {ERR_REASON(ENGINE_R_NO_SUCH_ENGINE) , "no such engine"}, + {ERR_REASON(ENGINE_R_NO_UNLOAD_FUNCTION) , "no unload function"}, + {ERR_REASON(ENGINE_R_PROVIDE_PARAMETERS) , "provide parameters"}, + {ERR_REASON(ENGINE_R_RSA_NOT_IMPLEMENTED), "rsa not implemented"}, + {ERR_REASON(ENGINE_R_UNIMPLEMENTED_CIPHER), "unimplemented cipher"}, + {ERR_REASON(ENGINE_R_UNIMPLEMENTED_DIGEST), "unimplemented digest"}, + {ERR_REASON(ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD), "unimplemented public key method"}, + {ERR_REASON(ENGINE_R_VERSION_INCOMPATIBILITY), "version incompatibility"}, + {0, NULL} +}; - if (init) - { - init=0; -#ifndef OPENSSL_NO_ERR - ERR_load_strings(ERR_LIB_ENGINE,ENGINE_str_functs); - ERR_load_strings(ERR_LIB_ENGINE,ENGINE_str_reasons); #endif - } +void +ERR_load_ENGINE_strings(void) +{ +#ifndef OPENSSL_NO_ERR + if (ERR_func_error_string(ENGINE_str_functs[0].error) == NULL) { + ERR_load_strings(0, ENGINE_str_functs); + ERR_load_strings(0, ENGINE_str_reasons); } +#endif +} diff --git a/src/lib/libcrypto/engine/eng_fat.c b/src/lib/libcrypto/engine/eng_fat.c index d49aa7ed408..baf1a54883d 100644 --- a/src/lib/libcrypto/engine/eng_fat.c +++ b/src/lib/libcrypto/engine/eng_fat.c @@ -1,4 +1,4 @@ -/* crypto/engine/eng_fat.c */ +/* $OpenBSD: eng_fat.c,v 1.17 2019/01/19 01:07:00 tb Exp $ */ /* ==================================================================== * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. * @@ -7,7 +7,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -52,76 +52,117 @@ * Hudson (tjh@cryptsoft.com). * */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECDH support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ + +#include -#include -#include "cryptlib.h" +#include + +#include #include "eng_int.h" -#include #include -int ENGINE_set_default(ENGINE *e, unsigned int flags) - { - if((flags & ENGINE_METHOD_CIPHERS) && !ENGINE_set_default_ciphers(e)) +int +ENGINE_set_default(ENGINE *e, unsigned int flags) +{ + if ((flags & ENGINE_METHOD_CIPHERS) && !ENGINE_set_default_ciphers(e)) return 0; - if((flags & ENGINE_METHOD_DIGESTS) && !ENGINE_set_default_digests(e)) + if ((flags & ENGINE_METHOD_DIGESTS) && !ENGINE_set_default_digests(e)) return 0; #ifndef OPENSSL_NO_RSA - if((flags & ENGINE_METHOD_RSA) & !ENGINE_set_default_RSA(e)) + if ((flags & ENGINE_METHOD_RSA) && !ENGINE_set_default_RSA(e)) return 0; #endif #ifndef OPENSSL_NO_DSA - if((flags & ENGINE_METHOD_DSA) & !ENGINE_set_default_DSA(e)) + if ((flags & ENGINE_METHOD_DSA) && !ENGINE_set_default_DSA(e)) return 0; #endif #ifndef OPENSSL_NO_DH - if((flags & ENGINE_METHOD_DH) & !ENGINE_set_default_DH(e)) + if ((flags & ENGINE_METHOD_DH) && !ENGINE_set_default_DH(e)) + return 0; +#endif +#ifndef OPENSSL_NO_ECDH + if ((flags & ENGINE_METHOD_ECDH) && !ENGINE_set_default_ECDH(e)) return 0; #endif - if((flags & ENGINE_METHOD_RAND) & !ENGINE_set_default_RAND(e)) +#ifndef OPENSSL_NO_ECDSA + if ((flags & ENGINE_METHOD_ECDSA) && !ENGINE_set_default_ECDSA(e)) + return 0; +#endif +#ifndef OPENSSL_NO_EC + if ((flags & ENGINE_METHOD_EC) && !ENGINE_set_default_EC(e)) + return 0; +#endif + if ((flags & ENGINE_METHOD_RAND) && !ENGINE_set_default_RAND(e)) + return 0; + if ((flags & ENGINE_METHOD_PKEY_METHS) && + !ENGINE_set_default_pkey_meths(e)) + return 0; + if ((flags & ENGINE_METHOD_PKEY_ASN1_METHS) && + !ENGINE_set_default_pkey_asn1_meths(e)) return 0; return 1; - } +} /* Set default algorithms using a string */ -int int_def_cb(const char *alg, int len, void *arg) - { +static int +int_def_cb(const char *alg, int len, void *arg) +{ unsigned int *pflags = arg; + if (!strncmp(alg, "ALL", len)) *pflags |= ENGINE_METHOD_ALL; else if (!strncmp(alg, "RSA", len)) *pflags |= ENGINE_METHOD_RSA; else if (!strncmp(alg, "DSA", len)) *pflags |= ENGINE_METHOD_DSA; + else if (!strncmp(alg, "ECDH", len)) + *pflags |= ENGINE_METHOD_ECDH; + else if (!strncmp(alg, "ECDSA", len)) + *pflags |= ENGINE_METHOD_ECDSA; else if (!strncmp(alg, "DH", len)) *pflags |= ENGINE_METHOD_DH; + else if (strncmp(alg, "EC", len) == 0) + *pflags |= ENGINE_METHOD_EC; else if (!strncmp(alg, "RAND", len)) *pflags |= ENGINE_METHOD_RAND; else if (!strncmp(alg, "CIPHERS", len)) *pflags |= ENGINE_METHOD_CIPHERS; else if (!strncmp(alg, "DIGESTS", len)) *pflags |= ENGINE_METHOD_DIGESTS; + else if (!strncmp(alg, "PKEY", len)) + *pflags |= ENGINE_METHOD_PKEY_METHS | + ENGINE_METHOD_PKEY_ASN1_METHS; + else if (!strncmp(alg, "PKEY_CRYPTO", len)) + *pflags |= ENGINE_METHOD_PKEY_METHS; + else if (!strncmp(alg, "PKEY_ASN1", len)) + *pflags |= ENGINE_METHOD_PKEY_ASN1_METHS; else return 0; return 1; - } +} - -int ENGINE_set_default_string(ENGINE *e, const char *list) - { +int +ENGINE_set_default_string(ENGINE *e, const char *def_list) +{ unsigned int flags = 0; - if (!CONF_parse_list(list, ',', 1, int_def_cb, &flags)) - { - ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_STRING, - ENGINE_R_INVALID_STRING); - ERR_add_error_data(2, "str=",list); + + if (!CONF_parse_list(def_list, ',', 1, int_def_cb, &flags)) { + ENGINEerror(ENGINE_R_INVALID_STRING); + ERR_asprintf_error_data("str=%s",def_list); return 0; - } - return ENGINE_set_default(e, flags); } + return ENGINE_set_default(e, flags); +} -int ENGINE_register_complete(ENGINE *e) - { +int +ENGINE_register_complete(ENGINE *e) +{ ENGINE_register_ciphers(e); ENGINE_register_digests(e); #ifndef OPENSSL_NO_RSA @@ -132,16 +173,28 @@ int ENGINE_register_complete(ENGINE *e) #endif #ifndef OPENSSL_NO_DH ENGINE_register_DH(e); +#endif +#ifndef OPENSSL_NO_ECDH + ENGINE_register_ECDH(e); +#endif +#ifndef OPENSSL_NO_ECDSA + ENGINE_register_ECDSA(e); +#endif +#ifndef OPENSSL_NO_EC + ENGINE_register_EC(e); #endif ENGINE_register_RAND(e); + ENGINE_register_pkey_meths(e); return 1; - } +} -int ENGINE_register_all_complete(void) - { +int +ENGINE_register_all_complete(void) +{ ENGINE *e; - for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e)) - ENGINE_register_complete(e); + for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) + if (!(e->flags & ENGINE_FLAGS_NO_REGISTER_ALL)) + ENGINE_register_complete(e); return 1; - } +} diff --git a/src/lib/libcrypto/engine/eng_init.c b/src/lib/libcrypto/engine/eng_init.c index 170c1791b30..793adba8bea 100644 --- a/src/lib/libcrypto/engine/eng_init.c +++ b/src/lib/libcrypto/engine/eng_init.c @@ -1,4 +1,4 @@ -/* crypto/engine/eng_init.c */ +/* $OpenBSD: eng_init.c,v 1.9 2018/04/14 07:09:21 tb Exp $ */ /* ==================================================================== * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. * @@ -7,7 +7,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -53,37 +53,37 @@ * */ -#include -#include "cryptlib.h" +#include + #include "eng_int.h" -#include /* Initialise a engine type for use (or up its functional reference count * if it's already in use). This version is only used internally. */ -int engine_unlocked_init(ENGINE *e) - { +int +engine_unlocked_init(ENGINE *e) +{ int to_return = 1; - if((e->funct_ref == 0) && e->init) + if ((e->funct_ref == 0) && e->init) /* This is the first functional reference and the engine * requires initialisation so we do it now. */ to_return = e->init(e); - if(to_return) - { + if (to_return) { /* OK, we return a functional reference which is also a * structural reference. */ e->struct_ref++; e->funct_ref++; engine_ref_debug(e, 0, 1) engine_ref_debug(e, 1, 1) - } - return to_return; } + return to_return; +} /* Free a functional reference to a engine type. This version is only used * internally. */ -int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers) - { +int +engine_unlocked_finish(ENGINE *e, int unlock_for_handlers) +{ int to_return = 1; /* Reduce the functional reference count here so if it's the terminating @@ -94,64 +94,54 @@ int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers) * 2 to 0 without either calling finish(). */ e->funct_ref--; engine_ref_debug(e, 1, -1); - if((e->funct_ref == 0) && e->finish) - { - if(unlock_for_handlers) + if ((e->funct_ref == 0) && e->finish) { + if (unlock_for_handlers) CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); to_return = e->finish(e); - if(unlock_for_handlers) + if (unlock_for_handlers) CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); - if(!to_return) + if (!to_return) return 0; - } -#ifdef REF_CHECK - if(e->funct_ref < 0) - { - fprintf(stderr,"ENGINE_finish, bad functional reference count\n"); - abort(); - } -#endif + } + /* Release the structural reference too */ - if(!engine_free_util(e, 0)) - { - ENGINEerr(ENGINE_F_ENGINE_FINISH,ENGINE_R_FINISH_FAILED); + if (!engine_free_util(e, 0)) { + ENGINEerror(ENGINE_R_FINISH_FAILED); return 0; - } - return to_return; } + return to_return; +} /* The API (locked) version of "init" */ -int ENGINE_init(ENGINE *e) - { +int +ENGINE_init(ENGINE *e) +{ int ret; - if(e == NULL) - { - ENGINEerr(ENGINE_F_ENGINE_INIT,ERR_R_PASSED_NULL_PARAMETER); + + if (e == NULL) { + ENGINEerror(ERR_R_PASSED_NULL_PARAMETER); return 0; - } + } CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); ret = engine_unlocked_init(e); CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); return ret; - } +} /* The API (locked) version of "finish" */ -int ENGINE_finish(ENGINE *e) - { +int +ENGINE_finish(ENGINE *e) +{ int to_return = 1; - if(e == NULL) - { - ENGINEerr(ENGINE_F_ENGINE_FINISH,ERR_R_PASSED_NULL_PARAMETER); - return 0; - } + if (e == NULL) + return 1; CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); to_return = engine_unlocked_finish(e, 1); CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); - if(!to_return) - { - ENGINEerr(ENGINE_F_ENGINE_FINISH,ENGINE_R_FINISH_FAILED); + if (!to_return) { + ENGINEerror(ENGINE_R_FINISH_FAILED); return 0; - } - return to_return; } + return to_return; +} diff --git a/src/lib/libcrypto/engine/eng_int.h b/src/lib/libcrypto/engine/eng_int.h index 38335f99cda..298c0e327fa 100644 --- a/src/lib/libcrypto/engine/eng_int.h +++ b/src/lib/libcrypto/engine/eng_int.h @@ -1,4 +1,4 @@ -/* crypto/engine/eng_int.h */ +/* $OpenBSD: eng_int.h,v 1.10 2019/01/19 01:07:00 tb Exp $ */ /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL * project 2000. */ @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -55,6 +55,11 @@ * Hudson (tjh@cryptsoft.com). * */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECDH support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ #ifndef HEADER_ENGINE_INT_H #define HEADER_ENGINE_INT_H @@ -62,9 +67,7 @@ /* Take public definitions from engine.h */ #include -#ifdef __cplusplus -extern "C" { -#endif +__BEGIN_HIDDEN_DECLS /* If we compile with this symbol defined, then both reference counts in the * ENGINE structure will be monitored with a line of output on stderr for each @@ -92,10 +95,9 @@ extern "C" { * order. NB: both the "add" functions assume CRYPTO_LOCK_ENGINE to already be * held (in "write" mode). */ typedef void (ENGINE_CLEANUP_CB)(void); -typedef struct st_engine_cleanup_item - { +typedef struct st_engine_cleanup_item { ENGINE_CLEANUP_CB *cb; - } ENGINE_CLEANUP_ITEM; +} ENGINE_CLEANUP_ITEM; DECLARE_STACK_OF(ENGINE_CLEANUP_ITEM) void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb); void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb); @@ -112,15 +114,20 @@ DECLARE_STACK_OF(ENGINE) * as a (ENGINE_TABLE *) pointer value set initially to NULL. */ typedef struct st_engine_table ENGINE_TABLE; int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup, - ENGINE *e, const int *nids, int num_nids, int setdefault); + ENGINE *e, const int *nids, int num_nids, int setdefault); void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e); void engine_table_cleanup(ENGINE_TABLE **table); #ifndef ENGINE_TABLE_DEBUG ENGINE *engine_table_select(ENGINE_TABLE **table, int nid); #else -ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, int l); +ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, + int l); #define engine_table_select(t,n) engine_table_select_tmp(t,n,__FILE__,__LINE__) #endif +typedef void (engine_table_doall_cb)(int nid, STACK_OF(ENGINE) *sk, + ENGINE *def, void *arg); +void engine_table_doall(ENGINE_TABLE *table, engine_table_doall_cb *cb, + void *arg); /* Internal versions of API functions that have control over locking. These are * used between C files when functionality needs to be shared but the caller may @@ -137,21 +144,32 @@ void engine_set_all_null(ENGINE *e); /* NB: Bitwise OR-able values for the "flags" variable in ENGINE are now exposed * in engine.h. */ +/* Free up dynamically allocated public key methods associated with ENGINE */ + +void engine_pkey_meths_free(ENGINE *e); +void engine_pkey_asn1_meths_free(ENGINE *e); + /* This is a structure for storing implementations of various crypto * algorithms and functions. */ -struct engine_st - { +struct engine_st { const char *id; const char *name; const RSA_METHOD *rsa_meth; const DSA_METHOD *dsa_meth; const DH_METHOD *dh_meth; + const ECDH_METHOD *ecdh_meth; + const ECDSA_METHOD *ecdsa_meth; + const EC_KEY_METHOD *ec_meth; const RAND_METHOD *rand_meth; + const STORE_METHOD *store_meth; /* Cipher handling is via this callback */ ENGINE_CIPHERS_PTR ciphers; /* Digest handling is via this callback */ ENGINE_DIGESTS_PTR digests; - + /* Public key handling via this callback */ + ENGINE_PKEY_METHS_PTR pkey_meths; + /* ASN1 public key handling via this callback */ + ENGINE_PKEY_ASN1_METHS_PTR pkey_asn1_meths; ENGINE_GEN_INT_FUNC_PTR destroy; @@ -161,6 +179,8 @@ struct engine_st ENGINE_LOAD_KEY_PTR load_privkey; ENGINE_LOAD_KEY_PTR load_pubkey; + ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert; + const ENGINE_CMD_DEFN *cmd_defns; int flags; /* reference count on the structure itself */ @@ -176,10 +196,8 @@ struct engine_st /* Used to maintain the linked-list of engines. */ struct engine_st *prev; struct engine_st *next; - }; +}; -#ifdef __cplusplus -} -#endif +__END_HIDDEN_DECLS #endif /* HEADER_ENGINE_INT_H */ diff --git a/src/lib/libcrypto/engine/eng_lib.c b/src/lib/libcrypto/engine/eng_lib.c index a66d0f08af2..1aedcb18c66 100644 --- a/src/lib/libcrypto/engine/eng_lib.c +++ b/src/lib/libcrypto/engine/eng_lib.c @@ -1,4 +1,4 @@ -/* crypto/engine/eng_lib.c */ +/* $OpenBSD: eng_lib.c,v 1.14 2018/04/14 07:18:37 tb Exp $ */ /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL * project 2000. */ @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -56,42 +56,48 @@ * */ -#include -#include "cryptlib.h" +#include + +#include +#include + #include "eng_int.h" -#include /* FIXME: This shouldn't be needed */ -#include /* The "new"/"free" stuff first */ -ENGINE *ENGINE_new(void) - { +ENGINE * +ENGINE_new(void) +{ ENGINE *ret; - ret = (ENGINE *)OPENSSL_malloc(sizeof(ENGINE)); - if(ret == NULL) - { - ENGINEerr(ENGINE_F_ENGINE_NEW, ERR_R_MALLOC_FAILURE); + if (!OPENSSL_init_crypto(0, NULL)) + return NULL; + + ret = malloc(sizeof(ENGINE)); + if (ret == NULL) { + ENGINEerror(ERR_R_MALLOC_FAILURE); return NULL; - } + } memset(ret, 0, sizeof(ENGINE)); ret->struct_ref = 1; engine_ref_debug(ret, 0, 1) CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ENGINE, ret, &ret->ex_data); return ret; - } +} /* Placed here (close proximity to ENGINE_new) so that modifications to the * elements of the ENGINE structure are more likely to be caught and changed * here. */ -void engine_set_all_null(ENGINE *e) - { +void +engine_set_all_null(ENGINE *e) +{ e->id = NULL; e->name = NULL; e->rsa_meth = NULL; e->dsa_meth = NULL; e->dh_meth = NULL; e->rand_meth = NULL; + e->store_meth = NULL; e->ciphers = NULL; e->digests = NULL; e->destroy = NULL; @@ -102,44 +108,40 @@ void engine_set_all_null(ENGINE *e) e->load_pubkey = NULL; e->cmd_defns = NULL; e->flags = 0; - } +} -int engine_free_util(ENGINE *e, int locked) - { +int +engine_free_util(ENGINE *e, int locked) +{ int i; - if(e == NULL) - { - ENGINEerr(ENGINE_F_ENGINE_FREE, - ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if(locked) - i = CRYPTO_add(&e->struct_ref,-1,CRYPTO_LOCK_ENGINE); + if (e == NULL) + return 1; + if (locked) + i = CRYPTO_add(&e->struct_ref, -1, CRYPTO_LOCK_ENGINE); else i = --e->struct_ref; engine_ref_debug(e, 0, -1) - if (i > 0) return 1; -#ifdef REF_CHECK - if (i < 0) - { - fprintf(stderr,"ENGINE_free, bad structural reference count\n"); - abort(); - } -#endif + if (i > 0) + return 1; + + /* Free up any dynamically allocated public key methods */ + engine_pkey_meths_free(e); + engine_pkey_asn1_meths_free(e); /* Give the ENGINE a chance to do any structural cleanup corresponding * to allocation it did in its constructor (eg. unload error strings) */ - if(e->destroy) + if (e->destroy) e->destroy(e); CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ENGINE, e, &e->ex_data); - OPENSSL_free(e); + free(e); return 1; - } +} -int ENGINE_free(ENGINE *e) - { +int +ENGINE_free(ENGINE *e) +{ return engine_free_util(e, 1); - } +} /* Cleanup stuff */ @@ -148,174 +150,216 @@ int ENGINE_free(ENGINE *e) * bloat by referring to all *possible* cleanups, but any linker bloat into code * "X" will cause X's cleanup function to end up here. */ static STACK_OF(ENGINE_CLEANUP_ITEM) *cleanup_stack = NULL; -static int int_cleanup_check(int create) - { - if(cleanup_stack) return 1; - if(!create) return 0; +static int +int_cleanup_check(int create) +{ + if (cleanup_stack) + return 1; + if (!create) + return 0; cleanup_stack = sk_ENGINE_CLEANUP_ITEM_new_null(); return (cleanup_stack ? 1 : 0); - } -static ENGINE_CLEANUP_ITEM *int_cleanup_item(ENGINE_CLEANUP_CB *cb) - { - ENGINE_CLEANUP_ITEM *item = OPENSSL_malloc(sizeof( - ENGINE_CLEANUP_ITEM)); - if(!item) return NULL; +} + +static ENGINE_CLEANUP_ITEM * +int_cleanup_item(ENGINE_CLEANUP_CB *cb) +{ + ENGINE_CLEANUP_ITEM *item = malloc(sizeof(ENGINE_CLEANUP_ITEM)); + + if (!item) + return NULL; item->cb = cb; return item; - } -void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb) - { +} + +void +engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb) +{ ENGINE_CLEANUP_ITEM *item; - if(!int_cleanup_check(1)) return; + + if (!int_cleanup_check(1)) + return; item = int_cleanup_item(cb); - if(item) + if (item) sk_ENGINE_CLEANUP_ITEM_insert(cleanup_stack, item, 0); - } -void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb) - { +} + +void +engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb) +{ ENGINE_CLEANUP_ITEM *item; - if(!int_cleanup_check(1)) return; + + if (!int_cleanup_check(1)) + return; item = int_cleanup_item(cb); - if(item) + if (item) sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item); - } +} /* The API function that performs all cleanup */ -static void engine_cleanup_cb_free(ENGINE_CLEANUP_ITEM *item) - { +static void +engine_cleanup_cb_free(ENGINE_CLEANUP_ITEM *item) +{ (*(item->cb))(); - OPENSSL_free(item); - } -void ENGINE_cleanup(void) - { - if(int_cleanup_check(0)) - { + free(item); +} + +void +ENGINE_cleanup(void) +{ + if (int_cleanup_check(0)) { sk_ENGINE_CLEANUP_ITEM_pop_free(cleanup_stack, - engine_cleanup_cb_free); + engine_cleanup_cb_free); cleanup_stack = NULL; - } + } /* FIXME: This should be handled (somehow) through RAND, eg. by it * registering a cleanup callback. */ RAND_set_rand_method(NULL); - } +} /* Now the "ex_data" support */ -int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) - { +int +ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) +{ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE, argl, argp, - new_func, dup_func, free_func); - } + new_func, dup_func, free_func); +} -int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg) - { - return(CRYPTO_set_ex_data(&e->ex_data, idx, arg)); - } +int +ENGINE_set_ex_data(ENGINE *e, int idx, void *arg) +{ + return (CRYPTO_set_ex_data(&e->ex_data, idx, arg)); +} -void *ENGINE_get_ex_data(const ENGINE *e, int idx) - { - return(CRYPTO_get_ex_data(&e->ex_data, idx)); - } +void * +ENGINE_get_ex_data(const ENGINE *e, int idx) +{ + return (CRYPTO_get_ex_data(&e->ex_data, idx)); +} /* Functions to get/set an ENGINE's elements - mainly to avoid exposing the * ENGINE structure itself. */ -int ENGINE_set_id(ENGINE *e, const char *id) - { - if(id == NULL) - { - ENGINEerr(ENGINE_F_ENGINE_SET_ID, - ERR_R_PASSED_NULL_PARAMETER); +int +ENGINE_set_id(ENGINE *e, const char *id) +{ + if (id == NULL) { + ENGINEerror(ERR_R_PASSED_NULL_PARAMETER); return 0; - } + } e->id = id; return 1; - } +} -int ENGINE_set_name(ENGINE *e, const char *name) - { - if(name == NULL) - { - ENGINEerr(ENGINE_F_ENGINE_SET_NAME, - ERR_R_PASSED_NULL_PARAMETER); +int +ENGINE_set_name(ENGINE *e, const char *name) +{ + if (name == NULL) { + ENGINEerror(ERR_R_PASSED_NULL_PARAMETER); return 0; - } + } e->name = name; return 1; - } +} -int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f) - { +int +ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f) +{ e->destroy = destroy_f; return 1; - } +} -int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f) - { +int +ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f) +{ e->init = init_f; return 1; - } +} -int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f) - { +int +ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f) +{ e->finish = finish_f; return 1; - } +} -int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f) - { +int +ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f) +{ e->ctrl = ctrl_f; return 1; - } +} -int ENGINE_set_flags(ENGINE *e, int flags) - { +int +ENGINE_set_flags(ENGINE *e, int flags) +{ e->flags = flags; return 1; - } +} -int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns) - { +int +ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns) +{ e->cmd_defns = defns; return 1; - } +} -const char *ENGINE_get_id(const ENGINE *e) - { +const char * +ENGINE_get_id(const ENGINE *e) +{ return e->id; - } +} -const char *ENGINE_get_name(const ENGINE *e) - { +const char * +ENGINE_get_name(const ENGINE *e) +{ return e->name; - } +} -ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e) - { +ENGINE_GEN_INT_FUNC_PTR +ENGINE_get_destroy_function(const ENGINE *e) +{ return e->destroy; - } +} -ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e) - { +ENGINE_GEN_INT_FUNC_PTR +ENGINE_get_init_function(const ENGINE *e) +{ return e->init; - } +} -ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e) - { +ENGINE_GEN_INT_FUNC_PTR +ENGINE_get_finish_function(const ENGINE *e) +{ return e->finish; - } +} -ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e) - { +ENGINE_CTRL_FUNC_PTR +ENGINE_get_ctrl_function(const ENGINE *e) +{ return e->ctrl; - } +} -int ENGINE_get_flags(const ENGINE *e) - { +int +ENGINE_get_flags(const ENGINE *e) +{ return e->flags; - } +} -const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e) - { +const ENGINE_CMD_DEFN * +ENGINE_get_cmd_defns(const ENGINE *e) +{ return e->cmd_defns; - } +} + +/* eng_lib.o is pretty much linked into anything that touches ENGINE already, so + * put the "static_state" hack here. */ + +static int internal_static_hack = 0; + +void * +ENGINE_get_static_state(void) +{ + return &internal_static_hack; +} diff --git a/src/lib/libcrypto/engine/eng_list.c b/src/lib/libcrypto/engine/eng_list.c index 0c220558e78..b29b4102e40 100644 --- a/src/lib/libcrypto/engine/eng_list.c +++ b/src/lib/libcrypto/engine/eng_list.c @@ -1,4 +1,4 @@ -/* crypto/engine/eng_list.c */ +/* $OpenBSD: eng_list.c,v 1.24 2019/01/19 01:07:00 tb Exp $ */ /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL * project 2000. */ @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -55,11 +55,21 @@ * Hudson (tjh@cryptsoft.com). * */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECDH support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ + +#include +#include + +#include + +#include -#include #include "cryptlib.h" #include "eng_int.h" -#include /* The linked-list of pointers to engine types. engine_list_head * incorporates an implicit structural reference but engine_list_tail @@ -77,71 +87,57 @@ static ENGINE *engine_list_tail = NULL; /* This cleanup function is only needed internally. If it should be called, we * register it with the "ENGINE_cleanup()" stack to be called during cleanup. */ -static void engine_list_cleanup(void) - { +static void +engine_list_cleanup(void) +{ ENGINE *iterator = engine_list_head; - while(iterator != NULL) - { - ENGINE_remove(iterator); + while (iterator != NULL && ENGINE_remove(iterator)) iterator = engine_list_head; - } - return; - } +} /* These static functions starting with a lower case "engine_" always * take place when CRYPTO_LOCK_ENGINE has been locked up. */ -static int engine_list_add(ENGINE *e) - { +static int +engine_list_add(ENGINE *e) +{ int conflict = 0; ENGINE *iterator = NULL; - if(e == NULL) - { - ENGINEerr(ENGINE_F_ENGINE_LIST_ADD, - ERR_R_PASSED_NULL_PARAMETER); + if (e == NULL) { + ENGINEerror(ERR_R_PASSED_NULL_PARAMETER); return 0; - } + } iterator = engine_list_head; - while(iterator && !conflict) - { + while (iterator && !conflict) { conflict = (strcmp(iterator->id, e->id) == 0); iterator = iterator->next; - } - if(conflict) - { - ENGINEerr(ENGINE_F_ENGINE_LIST_ADD, - ENGINE_R_CONFLICTING_ENGINE_ID); + } + if (conflict) { + ENGINEerror(ENGINE_R_CONFLICTING_ENGINE_ID); return 0; - } - if(engine_list_head == NULL) - { + } + if (engine_list_head == NULL) { /* We are adding to an empty list. */ - if(engine_list_tail) - { - ENGINEerr(ENGINE_F_ENGINE_LIST_ADD, - ENGINE_R_INTERNAL_LIST_ERROR); + if (engine_list_tail) { + ENGINEerror(ENGINE_R_INTERNAL_LIST_ERROR); return 0; - } + } engine_list_head = e; e->prev = NULL; /* The first time the list allocates, we should register the * cleanup. */ engine_cleanup_add_last(engine_list_cleanup); - } - else - { + } else { /* We are adding to the tail of an existing list. */ - if((engine_list_tail == NULL) || - (engine_list_tail->next != NULL)) - { - ENGINEerr(ENGINE_F_ENGINE_LIST_ADD, - ENGINE_R_INTERNAL_LIST_ERROR); + if ((engine_list_tail == NULL) || + (engine_list_tail->next != NULL)) { + ENGINEerror(ENGINE_R_INTERNAL_LIST_ERROR); return 0; - } + } engine_list_tail->next = e; e->prev = engine_list_tail; - } + } /* Having the engine in the list assumes a structural * reference. */ e->struct_ref++; @@ -150,169 +146,159 @@ static int engine_list_add(ENGINE *e) engine_list_tail = e; e->next = NULL; return 1; - } +} -static int engine_list_remove(ENGINE *e) - { +static int +engine_list_remove(ENGINE *e) +{ ENGINE *iterator; - if(e == NULL) - { - ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE, - ERR_R_PASSED_NULL_PARAMETER); + if (e == NULL) { + ENGINEerror(ERR_R_PASSED_NULL_PARAMETER); return 0; - } + } /* We need to check that e is in our linked list! */ iterator = engine_list_head; - while(iterator && (iterator != e)) + while (iterator && (iterator != e)) iterator = iterator->next; - if(iterator == NULL) - { - ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE, - ENGINE_R_ENGINE_IS_NOT_IN_LIST); + if (iterator == NULL) { + ENGINEerror(ENGINE_R_ENGINE_IS_NOT_IN_LIST); return 0; - } + } /* un-link e from the chain. */ - if(e->next) + if (e->next) e->next->prev = e->prev; - if(e->prev) + if (e->prev) e->prev->next = e->next; /* Correct our head/tail if necessary. */ - if(engine_list_head == e) + if (engine_list_head == e) engine_list_head = e->next; - if(engine_list_tail == e) + if (engine_list_tail == e) engine_list_tail = e->prev; engine_free_util(e, 0); return 1; - } +} /* Get the first/last "ENGINE" type available. */ -ENGINE *ENGINE_get_first(void) - { +ENGINE * +ENGINE_get_first(void) +{ ENGINE *ret; - CRYPTO_r_lock(CRYPTO_LOCK_ENGINE); + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); ret = engine_list_head; - if(ret) - { + if (ret) { ret->struct_ref++; engine_ref_debug(ret, 0, 1) - } - CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE); - return ret; } + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); + return ret; +} -ENGINE *ENGINE_get_last(void) - { +ENGINE * +ENGINE_get_last(void) +{ ENGINE *ret; - CRYPTO_r_lock(CRYPTO_LOCK_ENGINE); - ret = engine_list_tail; - if(ret) - { + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); + ret = engine_list_tail; + if (ret) { ret->struct_ref++; engine_ref_debug(ret, 0, 1) - } - CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE); - return ret; } + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); + return ret; +} /* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */ -ENGINE *ENGINE_get_next(ENGINE *e) - { +ENGINE * +ENGINE_get_next(ENGINE *e) +{ ENGINE *ret = NULL; - if(e == NULL) - { - ENGINEerr(ENGINE_F_ENGINE_GET_NEXT, - ERR_R_PASSED_NULL_PARAMETER); + + if (e == NULL) { + ENGINEerror(ERR_R_PASSED_NULL_PARAMETER); return 0; - } - CRYPTO_r_lock(CRYPTO_LOCK_ENGINE); + } + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); ret = e->next; - if(ret) - { + if (ret) { /* Return a valid structural refernce to the next ENGINE */ ret->struct_ref++; engine_ref_debug(ret, 0, 1) - } - CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE); + } + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); /* Release the structural reference to the previous ENGINE */ ENGINE_free(e); return ret; - } +} -ENGINE *ENGINE_get_prev(ENGINE *e) - { +ENGINE * +ENGINE_get_prev(ENGINE *e) +{ ENGINE *ret = NULL; - if(e == NULL) - { - ENGINEerr(ENGINE_F_ENGINE_GET_PREV, - ERR_R_PASSED_NULL_PARAMETER); + + if (e == NULL) { + ENGINEerror(ERR_R_PASSED_NULL_PARAMETER); return 0; - } - CRYPTO_r_lock(CRYPTO_LOCK_ENGINE); + } + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); ret = e->prev; - if(ret) - { + if (ret) { /* Return a valid structural reference to the next ENGINE */ ret->struct_ref++; engine_ref_debug(ret, 0, 1) - } - CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE); + } + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); /* Release the structural reference to the previous ENGINE */ ENGINE_free(e); return ret; - } +} /* Add another "ENGINE" type into the list. */ -int ENGINE_add(ENGINE *e) - { +int +ENGINE_add(ENGINE *e) +{ int to_return = 1; - if(e == NULL) - { - ENGINEerr(ENGINE_F_ENGINE_ADD, - ERR_R_PASSED_NULL_PARAMETER); + + if (e == NULL) { + ENGINEerror(ERR_R_PASSED_NULL_PARAMETER); return 0; - } - if((e->id == NULL) || (e->name == NULL)) - { - ENGINEerr(ENGINE_F_ENGINE_ADD, - ENGINE_R_ID_OR_NAME_MISSING); - } + } + if ((e->id == NULL) || (e->name == NULL)) { + ENGINEerror(ENGINE_R_ID_OR_NAME_MISSING); + } CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); - if(!engine_list_add(e)) - { - ENGINEerr(ENGINE_F_ENGINE_ADD, - ENGINE_R_INTERNAL_LIST_ERROR); + if (!engine_list_add(e)) { + ENGINEerror(ENGINE_R_INTERNAL_LIST_ERROR); to_return = 0; - } + } CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); return to_return; - } +} /* Remove an existing "ENGINE" type from the array. */ -int ENGINE_remove(ENGINE *e) - { +int +ENGINE_remove(ENGINE *e) +{ int to_return = 1; - if(e == NULL) - { - ENGINEerr(ENGINE_F_ENGINE_REMOVE, - ERR_R_PASSED_NULL_PARAMETER); + + if (e == NULL) { + ENGINEerror(ERR_R_PASSED_NULL_PARAMETER); return 0; - } + } CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); - if(!engine_list_remove(e)) - { - ENGINEerr(ENGINE_F_ENGINE_REMOVE, - ENGINE_R_INTERNAL_LIST_ERROR); + if (!engine_list_remove(e)) { + ENGINEerror(ENGINE_R_INTERNAL_LIST_ERROR); to_return = 0; - } + } CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); return to_return; - } +} -static void engine_cpy(ENGINE *dest, const ENGINE *src) - { +static void +engine_cpy(ENGINE *dest, const ENGINE *src) +{ dest->id = src->id; dest->name = src->name; #ifndef OPENSSL_NO_RSA @@ -323,10 +309,21 @@ static void engine_cpy(ENGINE *dest, const ENGINE *src) #endif #ifndef OPENSSL_NO_DH dest->dh_meth = src->dh_meth; +#endif +#ifndef OPENSSL_NO_ECDH + dest->ecdh_meth = src->ecdh_meth; +#endif +#ifndef OPENSSL_NO_ECDSA + dest->ecdsa_meth = src->ecdsa_meth; +#endif +#ifndef OPENSSL_NO_EC + dest->ec_meth = src->ec_meth; #endif dest->rand_meth = src->rand_meth; + dest->store_meth = src->store_meth; dest->ciphers = src->ciphers; dest->digests = src->digests; + dest->pkey_meths = src->pkey_meths; dest->destroy = src->destroy; dest->init = src->init; dest->finish = src->finish; @@ -335,49 +332,56 @@ static void engine_cpy(ENGINE *dest, const ENGINE *src) dest->load_pubkey = src->load_pubkey; dest->cmd_defns = src->cmd_defns; dest->flags = src->flags; - } +} -ENGINE *ENGINE_by_id(const char *id) - { +ENGINE * +ENGINE_by_id(const char *id) +{ ENGINE *iterator; - if(id == NULL) - { - ENGINEerr(ENGINE_F_ENGINE_BY_ID, - ERR_R_PASSED_NULL_PARAMETER); + + if (id == NULL) { + ENGINEerror(ERR_R_PASSED_NULL_PARAMETER); return NULL; - } - CRYPTO_r_lock(CRYPTO_LOCK_ENGINE); + } + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); iterator = engine_list_head; - while(iterator && (strcmp(id, iterator->id) != 0)) + while (iterator && (strcmp(id, iterator->id) != 0)) iterator = iterator->next; - if(iterator) - { + if (iterator) { /* We need to return a structural reference. If this is an * ENGINE type that returns copies, make a duplicate - otherwise * increment the existing ENGINE's reference count. */ - if(iterator->flags & ENGINE_FLAGS_BY_ID_COPY) - { + if (iterator->flags & ENGINE_FLAGS_BY_ID_COPY) { ENGINE *cp = ENGINE_new(); - if(!cp) + if (!cp) iterator = NULL; - else - { + else { engine_cpy(cp, iterator); iterator = cp; - } } - else - { + } else { iterator->struct_ref++; engine_ref_debug(iterator, 0, 1) - } - } - CRYPTO_r_unlock(CRYPTO_LOCK_ENGINE); - if(iterator == NULL) - { - ENGINEerr(ENGINE_F_ENGINE_BY_ID, - ENGINE_R_NO_SUCH_ENGINE); - ERR_add_error_data(2, "id=", id); } + } + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); + + if (iterator == NULL) { + ENGINEerror(ENGINE_R_NO_SUCH_ENGINE); + ERR_asprintf_error_data("id=%s", id); + } return iterator; +} + +int +ENGINE_up_ref(ENGINE *e) +{ + int refs; + + if (e == NULL) { + ENGINEerror(ERR_R_PASSED_NULL_PARAMETER); + return 0; } + refs = CRYPTO_add(&e->struct_ref, 1, CRYPTO_LOCK_ENGINE); + return refs > 1 ? 1 : 0; +} diff --git a/src/lib/libcrypto/engine/eng_openssl.c b/src/lib/libcrypto/engine/eng_openssl.c index e9d976f46bf..f8f6c8f58cd 100644 --- a/src/lib/libcrypto/engine/eng_openssl.c +++ b/src/lib/libcrypto/engine/eng_openssl.c @@ -1,4 +1,4 @@ -/* crypto/engine/eng_openssl.c */ +/* $OpenBSD: eng_openssl.c,v 1.13 2018/04/14 07:18:37 tb Exp $ */ /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL * project 2000. */ @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -55,14 +55,34 @@ * Hudson (tjh@cryptsoft.com). * */ - +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECDH support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ #include +#include + +#include + #include -#include "cryptlib.h" -#include #include +#include +#include +#include #include +#include + +#ifndef OPENSSL_NO_DH +#include +#endif +#ifndef OPENSSL_NO_DSA +#include +#endif +#ifndef OPENSSL_NO_RSA +#include +#endif /* This testing gunk is implemented (and explained) lower down. It also assumes * the application explicitly calls "ENGINE_load_openssl()" because this is no @@ -78,18 +98,33 @@ /* #define TEST_ENG_OPENSSL_SHA_P_UPDATE */ /* #define TEST_ENG_OPENSSL_SHA_P_FINAL */ +/* Now check what of those algorithms are actually enabled */ +#ifdef OPENSSL_NO_RC4 +#undef TEST_ENG_OPENSSL_RC4 +#undef TEST_ENG_OPENSSL_RC4_OTHERS +#undef TEST_ENG_OPENSSL_RC4_P_INIT +#undef TEST_ENG_OPENSSL_RC4_P_CIPHER +#endif +#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA1) +#undef TEST_ENG_OPENSSL_SHA +#undef TEST_ENG_OPENSSL_SHA_OTHERS +#undef TEST_ENG_OPENSSL_SHA_P_INIT +#undef TEST_ENG_OPENSSL_SHA_P_UPDATE +#undef TEST_ENG_OPENSSL_SHA_P_FINAL +#endif + #ifdef TEST_ENG_OPENSSL_RC4 static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher, - const int **nids, int nid); + const int **nids, int nid); #endif #ifdef TEST_ENG_OPENSSL_SHA static int openssl_digests(ENGINE *e, const EVP_MD **digest, - const int **nids, int nid); + const int **nids, int nid); #endif #ifdef TEST_ENG_OPENSSL_PKEY static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id, - UI_METHOD *ui_method, void *callback_data); + UI_METHOD *ui_method, void *callback_data); #endif /* The constants used when creating the ENGINE */ @@ -98,73 +133,85 @@ static const char *engine_openssl_name = "Software engine support"; /* This internal function is used by ENGINE_openssl() and possibly by the * "dynamic" ENGINE support too */ -static int bind_helper(ENGINE *e) - { - if(!ENGINE_set_id(e, engine_openssl_id) - || !ENGINE_set_name(e, engine_openssl_name) +static int +bind_helper(ENGINE *e) +{ + if (!ENGINE_set_id(e, engine_openssl_id) || + !ENGINE_set_name(e, engine_openssl_name) #ifndef TEST_ENG_OPENSSL_NO_ALGORITHMS #ifndef OPENSSL_NO_RSA - || !ENGINE_set_RSA(e, RSA_get_default_method()) + || !ENGINE_set_RSA(e, RSA_get_default_method()) #endif #ifndef OPENSSL_NO_DSA - || !ENGINE_set_DSA(e, DSA_get_default_method()) + || !ENGINE_set_DSA(e, DSA_get_default_method()) +#endif +#ifndef OPENSSL_NO_ECDH + || !ENGINE_set_ECDH(e, ECDH_OpenSSL()) +#endif +#ifndef OPENSSL_NO_ECDSA + || !ENGINE_set_ECDSA(e, ECDSA_OpenSSL()) #endif #ifndef OPENSSL_NO_DH - || !ENGINE_set_DH(e, DH_get_default_method()) + || !ENGINE_set_DH(e, DH_get_default_method()) #endif - || !ENGINE_set_RAND(e, RAND_SSLeay()) + || !ENGINE_set_RAND(e, RAND_SSLeay()) #ifdef TEST_ENG_OPENSSL_RC4 - || !ENGINE_set_ciphers(e, openssl_ciphers) + || !ENGINE_set_ciphers(e, openssl_ciphers) #endif #ifdef TEST_ENG_OPENSSL_SHA - || !ENGINE_set_digests(e, openssl_digests) + || !ENGINE_set_digests(e, openssl_digests) #endif #endif #ifdef TEST_ENG_OPENSSL_PKEY - || !ENGINE_set_load_privkey_function(e, openssl_load_privkey) + || !ENGINE_set_load_privkey_function(e, openssl_load_privkey) #endif - ) + ) return 0; /* If we add errors to this ENGINE, ensure the error handling is setup here */ /* openssl_load_error_strings(); */ return 1; - } +} -static ENGINE *engine_openssl(void) - { +static ENGINE * +engine_openssl(void) +{ ENGINE *ret = ENGINE_new(); - if(!ret) + + if (ret == NULL) return NULL; - if(!bind_helper(ret)) - { + if (!bind_helper(ret)) { ENGINE_free(ret); return NULL; - } - return ret; } + return ret; +} -void ENGINE_load_openssl(void) - { +void +ENGINE_load_openssl(void) +{ ENGINE *toadd = engine_openssl(); - if(!toadd) return; - ENGINE_add(toadd); + + if (toadd == NULL) + return; + (void) ENGINE_add(toadd); /* If the "add" worked, it gets a structural reference. So either way, * we release our just-created reference. */ ENGINE_free(toadd); ERR_clear_error(); - } +} /* This stuff is needed if this ENGINE is being compiled into a self-contained * shared-library. */ #ifdef ENGINE_DYNAMIC_SUPPORT -static int bind_fn(ENGINE *e, const char *id) - { - if(id && (strcmp(id, engine_openssl_id) != 0)) +static int +bind_fn(ENGINE *e, const char *id) +{ + if (id && (strcmp(id, engine_openssl_id) != 0)) return 0; - if(!bind_helper(e)) + if (!bind_helper(e)) return 0; return 1; - } +} IMPLEMENT_DYNAMIC_CHECK_FN() IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) #endif /* ENGINE_DYNAMIC_SUPPORT */ @@ -180,40 +227,44 @@ IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) * the "init_key" handler is called. * TEST_ENG_OPENSSL_RC4_P_CIPHER - ditto for the "cipher" handler. */ -#include #include #define TEST_RC4_KEY_SIZE 16 -static int test_cipher_nids[] = {NID_rc4,NID_rc4_40}; +static int test_cipher_nids[] = {NID_rc4, NID_rc4_40}; static int test_cipher_nids_number = 2; + typedef struct { unsigned char key[TEST_RC4_KEY_SIZE]; RC4_KEY ks; - } TEST_RC4_KEY; +} TEST_RC4_KEY; + #define test(ctx) ((TEST_RC4_KEY *)(ctx)->cipher_data) -static int test_rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) - { +static int +test_rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ #ifdef TEST_ENG_OPENSSL_RC4_P_INIT fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_init_key() called\n"); #endif - memcpy(&test(ctx)->key[0],key,EVP_CIPHER_CTX_key_length(ctx)); - RC4_set_key(&test(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx), - test(ctx)->key); + memcpy(&test(ctx)->key[0], key, EVP_CIPHER_CTX_key_length(ctx)); + RC4_set_key(&test(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), + test(ctx)->key); return 1; - } -static int test_rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl) - { +} + +static int +test_rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl) +{ #ifdef TEST_ENG_OPENSSL_RC4_P_CIPHER fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_cipher() called\n"); #endif - RC4(&test(ctx)->ks,inl,in,out); + RC4(&test(ctx)->ks, inl, in, out); return 1; - } -static const EVP_CIPHER test_r4_cipher= - { +} + +static const EVP_CIPHER test_r4_cipher = { NID_rc4, - 1,TEST_RC4_KEY_SIZE,0, + 1, TEST_RC4_KEY_SIZE, 0, EVP_CIPH_VARIABLE_LENGTH, test_rc4_init_key, test_rc4_cipher, @@ -221,10 +272,11 @@ static const EVP_CIPHER test_r4_cipher= sizeof(TEST_RC4_KEY), NULL, NULL, + NULL, NULL - }; -static const EVP_CIPHER test_r4_40_cipher= - { +}; + +static const EVP_CIPHER test_r4_40_cipher = { NID_rc4_40, 1,5 /* 40 bit */,0, EVP_CIPH_VARIABLE_LENGTH, @@ -232,66 +284,71 @@ static const EVP_CIPHER test_r4_40_cipher= test_rc4_cipher, NULL, sizeof(TEST_RC4_KEY), - NULL, + NULL, + NULL, NULL, NULL - }; -static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher, - const int **nids, int nid) - { - if(!cipher) - { +}; + +static int +openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid) +{ + if (!cipher) { /* We are returning a list of supported nids */ *nids = test_cipher_nids; return test_cipher_nids_number; - } + } /* We are being asked for a specific cipher */ - if(nid == NID_rc4) + if (nid == NID_rc4) *cipher = &test_r4_cipher; - else if(nid == NID_rc4_40) + else if (nid == NID_rc4_40) *cipher = &test_r4_40_cipher; - else - { + else { #ifdef TEST_ENG_OPENSSL_RC4_OTHERS fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) returning NULL for " - "nid %d\n", nid); + "nid %d\n", nid); #endif *cipher = NULL; return 0; - } - return 1; } + return 1; +} #endif #ifdef TEST_ENG_OPENSSL_SHA /* Much the same sort of comment as for TEST_ENG_OPENSSL_RC4 */ -#include #include static int test_digest_nids[] = {NID_sha1}; static int test_digest_nids_number = 1; -static int test_sha1_init(EVP_MD_CTX *ctx) - { + +static int +test_sha1_init(EVP_MD_CTX *ctx) +{ #ifdef TEST_ENG_OPENSSL_SHA_P_INIT fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_init() called\n"); #endif return SHA1_Init(ctx->md_data); - } -static int test_sha1_update(EVP_MD_CTX *ctx,const void *data,unsigned long count) - { +} + +static int +test_sha1_update(EVP_MD_CTX *ctx, const void *data, size_t count) +{ #ifdef TEST_ENG_OPENSSL_SHA_P_UPDATE fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_update() called\n"); #endif - return SHA1_Update(ctx->md_data,data,count); - } -static int test_sha1_final(EVP_MD_CTX *ctx,unsigned char *md) - { + return SHA1_Update(ctx->md_data, data, count); +} + +static int +test_sha1_final(EVP_MD_CTX *ctx, unsigned char *md) +{ #ifdef TEST_ENG_OPENSSL_SHA_P_FINAL fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_final() called\n"); #endif - return SHA1_Final(md,ctx->md_data); - } -static const EVP_MD test_sha_md= - { + return SHA1_Final(md, ctx->md_data); +} + +static const EVP_MD test_sha_md = { NID_sha1, NID_sha1WithRSAEncryption, SHA_DIGEST_LENGTH, @@ -303,45 +360,47 @@ static const EVP_MD test_sha_md= NULL, EVP_PKEY_RSA_method, SHA_CBLOCK, - sizeof(EVP_MD *)+sizeof(SHA_CTX), - }; -static int openssl_digests(ENGINE *e, const EVP_MD **digest, - const int **nids, int nid) - { - if(!digest) - { + sizeof(EVP_MD *) + sizeof(SHA_CTX), +}; + +static int +openssl_digests(ENGINE *e, const EVP_MD **digest, const int **nids, int nid) +{ + if (!digest) { /* We are returning a list of supported nids */ *nids = test_digest_nids; return test_digest_nids_number; - } + } /* We are being asked for a specific digest */ - if(nid == NID_sha1) + if (nid == NID_sha1) *digest = &test_sha_md; - else - { + else { #ifdef TEST_ENG_OPENSSL_SHA_OTHERS fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) returning NULL for " - "nid %d\n", nid); + "nid %d\n", nid); #endif *digest = NULL; return 0; - } - return 1; } + return 1; +} #endif #ifdef TEST_ENG_OPENSSL_PKEY -static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id, - UI_METHOD *ui_method, void *callback_data) - { +static EVP_PKEY * +openssl_load_privkey(ENGINE *eng, const char *key_id, UI_METHOD *ui_method, + void *callback_data) +{ BIO *in; EVP_PKEY *key; - fprintf(stderr, "(TEST_ENG_OPENSSL_PKEY)Loading Private key %s\n", key_id); + + fprintf(stderr, "(TEST_ENG_OPENSSL_PKEY)Loading Private key %s\n", + key_id); in = BIO_new_file(key_id, "r"); if (!in) return NULL; key = PEM_read_bio_PrivateKey(in, NULL, 0, NULL); BIO_free(in); return key; - } +} #endif diff --git a/src/lib/libcrypto/engine/eng_padlock.c b/src/lib/libcrypto/engine/eng_padlock.c new file mode 100644 index 00000000000..0281ab810c6 --- /dev/null +++ b/src/lib/libcrypto/engine/eng_padlock.c @@ -0,0 +1,1129 @@ +/* $OpenBSD: eng_padlock.c,v 1.16 2018/04/14 07:18:37 tb Exp $ */ +/* + * Support for VIA PadLock Advanced Cryptography Engine (ACE) + * Written by Michal Ludvig + * http://www.logix.cz/michal + * + * Big thanks to Andy Polyakov for a help with optimization, + * assembler fixes, port to MS Windows and a lot of other + * valuable work on this engine! + */ + +/* ==================================================================== + * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include + +#include + +#include +#include +#include +#include +#ifndef OPENSSL_NO_AES +#include +#endif +#include + +#ifndef OPENSSL_NO_HW +#ifndef OPENSSL_NO_HW_PADLOCK + +/* Attempt to have a single source for both 0.9.7 and 0.9.8 :-) */ +#if (OPENSSL_VERSION_NUMBER >= 0x00908000L) +# ifndef OPENSSL_NO_DYNAMIC_ENGINE +# define DYNAMIC_ENGINE +# endif +#elif (OPENSSL_VERSION_NUMBER >= 0x00907000L) +# ifdef ENGINE_DYNAMIC_SUPPORT +# define DYNAMIC_ENGINE +# endif +#else +# error "Only OpenSSL >= 0.9.7 is supported" +#endif + +/* VIA PadLock AES is available *ONLY* on some x86 CPUs. + Not only that it doesn't exist elsewhere, but it + even can't be compiled on other platforms! + + In addition, because of the heavy use of inline assembler, + compiler choice is limited to GCC and Microsoft C. */ +#undef COMPILE_HW_PADLOCK +#if !defined(OPENSSL_NO_INLINE_ASM) +# if (defined(__GNUC__) && (defined(__i386__) || defined(__i386))) +# define COMPILE_HW_PADLOCK +# endif +#endif + +#ifdef OPENSSL_NO_DYNAMIC_ENGINE +#ifdef COMPILE_HW_PADLOCK +static ENGINE *ENGINE_padlock(void); +#endif + +void +ENGINE_load_padlock(void) +{ +/* On non-x86 CPUs it just returns. */ +#ifdef COMPILE_HW_PADLOCK + ENGINE *toadd = ENGINE_padlock(); + + if (toadd == NULL) + return; + ENGINE_add(toadd); + ENGINE_free(toadd); + ERR_clear_error(); +#endif +} + +#endif + +#ifdef COMPILE_HW_PADLOCK +/* We do these includes here to avoid header problems on platforms that + do not have the VIA padlock anyway... */ +#include +#if defined(__GNUC__) +# ifndef alloca +# define alloca(s) __builtin_alloca(s) +# endif +#endif + +/* Function for ENGINE detection and control */ +static int padlock_available(void); +static int padlock_init(ENGINE *e); + +/* RNG Stuff */ +static RAND_METHOD padlock_rand; + +/* Cipher Stuff */ +#ifndef OPENSSL_NO_AES +static int padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid); +#endif + +/* Engine names */ +static const char *padlock_id = "padlock"; +static char padlock_name[100]; + +/* Available features */ +static int padlock_use_ace = 0; /* Advanced Cryptography Engine */ +static int padlock_use_rng = 0; /* Random Number Generator */ +#ifndef OPENSSL_NO_AES +static int padlock_aes_align_required = 1; +#endif + +/* ===== Engine "management" functions ===== */ + +/* Prepare the ENGINE structure for registration */ +static int +padlock_bind_helper(ENGINE *e) +{ + /* Check available features */ + padlock_available(); + + /* + * RNG is currently disabled for reasons discussed in commentary just + * before padlock_rand_bytes function. + */ + padlock_use_rng = 0; + + /* Generate a nice engine name with available features */ + (void) snprintf(padlock_name, sizeof(padlock_name), + "VIA PadLock (%s, %s)", + padlock_use_rng ? "RNG" : "no-RNG", + padlock_use_ace ? "ACE" : "no-ACE"); + + /* Register everything or return with an error */ + if (!ENGINE_set_id(e, padlock_id) || + !ENGINE_set_name(e, padlock_name) || + !ENGINE_set_init_function(e, padlock_init) || +#ifndef OPENSSL_NO_AES + (padlock_use_ace && !ENGINE_set_ciphers (e, padlock_ciphers)) || +#endif + (padlock_use_rng && !ENGINE_set_RAND (e, &padlock_rand))) { + return 0; + } + + /* Everything looks good */ + return 1; +} + +#ifdef OPENSSL_NO_DYNAMIC_ENGINE + +/* Constructor */ +static ENGINE * +ENGINE_padlock(void) +{ + ENGINE *eng = ENGINE_new(); + + if (eng == NULL) + return NULL; + + if (!padlock_bind_helper(eng)) { + ENGINE_free(eng); + return NULL; + } + + return eng; +} + +#endif + +/* Check availability of the engine */ +static int +padlock_init(ENGINE *e) +{ + return (padlock_use_rng || padlock_use_ace); +} + +/* This stuff is needed if this ENGINE is being compiled into a self-contained + * shared-library. + */ +#ifdef DYNAMIC_ENGINE +static int +padlock_bind_fn(ENGINE *e, const char *id) +{ + if (id && (strcmp(id, padlock_id) != 0)) { + return 0; + } + + if (!padlock_bind_helper(e)) { + return 0; + } + + return 1; +} + +IMPLEMENT_DYNAMIC_CHECK_FN() +IMPLEMENT_DYNAMIC_BIND_FN (padlock_bind_fn) +#endif /* DYNAMIC_ENGINE */ + +/* ===== Here comes the "real" engine ===== */ + +#ifndef OPENSSL_NO_AES +/* Some AES-related constants */ +#define AES_BLOCK_SIZE 16 +#define AES_KEY_SIZE_128 16 +#define AES_KEY_SIZE_192 24 +#define AES_KEY_SIZE_256 32 + +/* Here we store the status information relevant to the + current context. */ +/* BIG FAT WARNING: + * Inline assembler in PADLOCK_XCRYPT_ASM() + * depends on the order of items in this structure. + * Don't blindly modify, reorder, etc! + */ +struct padlock_cipher_data { + unsigned char iv[AES_BLOCK_SIZE]; /* Initialization vector */ + union { + unsigned int pad[4]; + struct { + int rounds : 4; + int dgst : 1; /* n/a in C3 */ + int align : 1; /* n/a in C3 */ + int ciphr : 1; /* n/a in C3 */ + unsigned int keygen : 1; + int interm : 1; + unsigned int encdec : 1; + int ksize : 2; + } b; + } cword; /* Control word */ + AES_KEY ks; /* Encryption key */ +}; + +/* + * Essentially this variable belongs in thread local storage. + * Having this variable global on the other hand can only cause + * few bogus key reloads [if any at all on single-CPU system], + * so we accept the penatly... + */ +static volatile struct padlock_cipher_data *padlock_saved_context; +#endif + +/* + * ======================================================= + * Inline assembler section(s). + * ======================================================= + * Order of arguments is chosen to facilitate Windows port + * using __fastcall calling convention. If you wish to add + * more routines, keep in mind that first __fastcall + * argument is passed in %ecx and second - in %edx. + * ======================================================= + */ +#if defined(__GNUC__) && __GNUC__>=2 +/* + * As for excessive "push %ebx"/"pop %ebx" found all over. + * When generating position-independent code GCC won't let + * us use "b" in assembler templates nor even respect "ebx" + * in "clobber description." Therefore the trouble... + */ + +/* Helper function - check if a CPUID instruction + is available on this CPU */ +static int +padlock_insn_cpuid_available(void) +{ + int result = -1; + + /* We're checking if the bit #21 of EFLAGS + can be toggled. If yes = CPUID is available. */ + asm volatile ( + "pushf\n" + "popl %%eax\n" + "xorl $0x200000, %%eax\n" + "movl %%eax, %%ecx\n" + "andl $0x200000, %%ecx\n" + "pushl %%eax\n" + "popf\n" + "pushf\n" + "popl %%eax\n" + "andl $0x200000, %%eax\n" + "xorl %%eax, %%ecx\n" + "movl %%ecx, %0\n" + : "=r" (result) : : "eax", "ecx"); + + return (result == 0); +} + +/* Load supported features of the CPU to see if + the PadLock is available. */ +static int +padlock_available(void) +{ + char vendor_string[16]; + unsigned int eax, edx; + + /* First check if the CPUID instruction is available at all... */ + if (! padlock_insn_cpuid_available()) + return 0; + + /* Are we running on the Centaur (VIA) CPU? */ + eax = 0x00000000; + vendor_string[12] = 0; + asm volatile ( + "pushl %%ebx\n" + "cpuid\n" + "movl %%ebx,(%%edi)\n" + "movl %%edx,4(%%edi)\n" + "movl %%ecx,8(%%edi)\n" + "popl %%ebx" + : "+a"(eax) : "D"(vendor_string) : "ecx", "edx"); + if (strcmp(vendor_string, "CentaurHauls") != 0) + return 0; + + /* Check for Centaur Extended Feature Flags presence */ + eax = 0xC0000000; + asm volatile ("pushl %%ebx; cpuid; popl %%ebx" + : "+a"(eax) : : "ecx", "edx"); + if (eax < 0xC0000001) + return 0; + + /* Read the Centaur Extended Feature Flags */ + eax = 0xC0000001; + asm volatile ("pushl %%ebx; cpuid; popl %%ebx" + : "+a"(eax), "=d"(edx) : : "ecx"); + + /* Fill up some flags */ + padlock_use_ace = ((edx & (0x3 << 6)) == (0x3 << 6)); + padlock_use_rng = ((edx & (0x3 << 2)) == (0x3 << 2)); + + return padlock_use_ace + padlock_use_rng; +} + +#ifndef OPENSSL_NO_AES +/* Our own htonl()/ntohl() */ +static inline void +padlock_bswapl(AES_KEY *ks) +{ + size_t i = sizeof(ks->rd_key)/sizeof(ks->rd_key[0]); + unsigned int *key = ks->rd_key; + + while (i--) { + asm volatile ("bswapl %0" : "+r"(*key)); + key++; + } +} +#endif + +/* Force key reload from memory to the CPU microcode. + Loading EFLAGS from the stack clears EFLAGS[30] + which does the trick. */ +static inline void +padlock_reload_key(void) +{ + asm volatile ("pushfl; popfl"); +} + +#ifndef OPENSSL_NO_AES +/* + * This is heuristic key context tracing. At first one + * believes that one should use atomic swap instructions, + * but it's not actually necessary. Point is that if + * padlock_saved_context was changed by another thread + * after we've read it and before we compare it with cdata, + * our key *shall* be reloaded upon thread context switch + * and we are therefore set in either case... + */ +static inline void +padlock_verify_context(struct padlock_cipher_data *cdata) +{ + asm volatile ( + "pushfl\n" + " btl $30,(%%esp)\n" + " jnc 1f\n" + " cmpl %2,%1\n" + " je 1f\n" + " popfl\n" + " subl $4,%%esp\n" + "1: addl $4,%%esp\n" + " movl %2,%0" + :"+m"(padlock_saved_context) + : "r"(padlock_saved_context), "r"(cdata) : "cc"); +} + +/* Template for padlock_xcrypt_* modes */ +/* BIG FAT WARNING: + * The offsets used with 'leal' instructions + * describe items of the 'padlock_cipher_data' + * structure. + */ +#define PADLOCK_XCRYPT_ASM(name,rep_xcrypt) \ +static inline void *name(size_t cnt, \ + struct padlock_cipher_data *cdata, \ + void *out, const void *inp) \ +{ void *iv; \ + asm volatile ( "pushl %%ebx\n" \ + " leal 16(%0),%%edx\n" \ + " leal 32(%0),%%ebx\n" \ + rep_xcrypt "\n" \ + " popl %%ebx" \ + : "=a"(iv), "=c"(cnt), "=D"(out), "=S"(inp) \ + : "0"(cdata), "1"(cnt), "2"(out), "3"(inp) \ + : "edx", "cc", "memory"); \ + return iv; \ +} + +/* Generate all functions with appropriate opcodes */ +PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb, ".byte 0xf3,0x0f,0xa7,0xc8") /* rep xcryptecb */ +PADLOCK_XCRYPT_ASM(padlock_xcrypt_cbc, ".byte 0xf3,0x0f,0xa7,0xd0") /* rep xcryptcbc */ +PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb, ".byte 0xf3,0x0f,0xa7,0xe0") /* rep xcryptcfb */ +PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb, ".byte 0xf3,0x0f,0xa7,0xe8") /* rep xcryptofb */ +#endif + +/* The RNG call itself */ +static inline unsigned int +padlock_xstore(void *addr, unsigned int edx_in) +{ + unsigned int eax_out; + + asm volatile (".byte 0x0f,0xa7,0xc0" /* xstore */ + : "=a"(eax_out),"=m"(*(unsigned *)addr) + : "D"(addr), "d" (edx_in) + ); + + return eax_out; +} + +/* Why not inline 'rep movsd'? I failed to find information on what + * value in Direction Flag one can expect and consequently have to + * apply "better-safe-than-sorry" approach and assume "undefined." + * I could explicitly clear it and restore the original value upon + * return from padlock_aes_cipher, but it's presumably too much + * trouble for too little gain... + * + * In case you wonder 'rep xcrypt*' instructions above are *not* + * affected by the Direction Flag and pointers advance toward + * larger addresses unconditionally. + */ +static inline unsigned char * +padlock_memcpy(void *dst, const void *src, size_t n) +{ + long *d = dst; + const long *s = src; + + n /= sizeof(*d); + do { *d++ = *s++; + } while (--n); + + return dst; +} +#endif + +/* ===== AES encryption/decryption ===== */ +#ifndef OPENSSL_NO_AES + +#if defined(NID_aes_128_cfb128) && ! defined (NID_aes_128_cfb) +#define NID_aes_128_cfb NID_aes_128_cfb128 +#endif + +#if defined(NID_aes_128_ofb128) && ! defined (NID_aes_128_ofb) +#define NID_aes_128_ofb NID_aes_128_ofb128 +#endif + +#if defined(NID_aes_192_cfb128) && ! defined (NID_aes_192_cfb) +#define NID_aes_192_cfb NID_aes_192_cfb128 +#endif + +#if defined(NID_aes_192_ofb128) && ! defined (NID_aes_192_ofb) +#define NID_aes_192_ofb NID_aes_192_ofb128 +#endif + +#if defined(NID_aes_256_cfb128) && ! defined (NID_aes_256_cfb) +#define NID_aes_256_cfb NID_aes_256_cfb128 +#endif + +#if defined(NID_aes_256_ofb128) && ! defined (NID_aes_256_ofb) +#define NID_aes_256_ofb NID_aes_256_ofb128 +#endif + +/* List of supported ciphers. */ +static int padlock_cipher_nids[] = { + NID_aes_128_ecb, + NID_aes_128_cbc, + NID_aes_128_cfb, + NID_aes_128_ofb, + + NID_aes_192_ecb, + NID_aes_192_cbc, + NID_aes_192_cfb, + NID_aes_192_ofb, + + NID_aes_256_ecb, + NID_aes_256_cbc, + NID_aes_256_cfb, + NID_aes_256_ofb, +}; +static int padlock_cipher_nids_num = (sizeof(padlock_cipher_nids)/ +sizeof(padlock_cipher_nids[0])); + +/* Function prototypes ... */ +static int padlock_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc); +static int padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t nbytes); + +#define NEAREST_ALIGNED(ptr) ( (unsigned char *)(ptr) + \ + ( (0x10 - ((size_t)(ptr) & 0x0F)) & 0x0F ) ) +#define ALIGNED_CIPHER_DATA(ctx) ((struct padlock_cipher_data *)\ + NEAREST_ALIGNED(ctx->cipher_data)) + +#define EVP_CIPHER_block_size_ECB AES_BLOCK_SIZE +#define EVP_CIPHER_block_size_CBC AES_BLOCK_SIZE +#define EVP_CIPHER_block_size_OFB 1 +#define EVP_CIPHER_block_size_CFB 1 + +/* Declaring so many ciphers by hand would be a pain. + Instead introduce a bit of preprocessor magic :-) */ +#define DECLARE_AES_EVP(ksize,lmode,umode) \ +static const EVP_CIPHER padlock_aes_##ksize##_##lmode = { \ + NID_aes_##ksize##_##lmode, \ + EVP_CIPHER_block_size_##umode, \ + AES_KEY_SIZE_##ksize, \ + AES_BLOCK_SIZE, \ + 0 | EVP_CIPH_##umode##_MODE, \ + padlock_aes_init_key, \ + padlock_aes_cipher, \ + NULL, \ + sizeof(struct padlock_cipher_data) + 16, \ + EVP_CIPHER_set_asn1_iv, \ + EVP_CIPHER_get_asn1_iv, \ + NULL, \ + NULL \ +} + +DECLARE_AES_EVP(128, ecb, ECB); +DECLARE_AES_EVP(128, cbc, CBC); +DECLARE_AES_EVP(128, cfb, CFB); +DECLARE_AES_EVP(128, ofb, OFB); + +DECLARE_AES_EVP(192, ecb, ECB); +DECLARE_AES_EVP(192, cbc, CBC); +DECLARE_AES_EVP(192, cfb, CFB); +DECLARE_AES_EVP(192, ofb, OFB); + +DECLARE_AES_EVP(256, ecb, ECB); +DECLARE_AES_EVP(256, cbc, CBC); +DECLARE_AES_EVP(256, cfb, CFB); +DECLARE_AES_EVP(256, ofb, OFB); + +static int +padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid) +{ + /* No specific cipher => return a list of supported nids ... */ + if (!cipher) { + *nids = padlock_cipher_nids; + return padlock_cipher_nids_num; + } + + /* ... or the requested "cipher" otherwise */ + switch (nid) { + case NID_aes_128_ecb: + *cipher = &padlock_aes_128_ecb; + break; + case NID_aes_128_cbc: + *cipher = &padlock_aes_128_cbc; + break; + case NID_aes_128_cfb: + *cipher = &padlock_aes_128_cfb; + break; + case NID_aes_128_ofb: + *cipher = &padlock_aes_128_ofb; + break; + case NID_aes_192_ecb: + *cipher = &padlock_aes_192_ecb; + break; + case NID_aes_192_cbc: + *cipher = &padlock_aes_192_cbc; + break; + case NID_aes_192_cfb: + *cipher = &padlock_aes_192_cfb; + break; + case NID_aes_192_ofb: + *cipher = &padlock_aes_192_ofb; + break; + case NID_aes_256_ecb: + *cipher = &padlock_aes_256_ecb; + break; + case NID_aes_256_cbc: + *cipher = &padlock_aes_256_cbc; + break; + case NID_aes_256_cfb: + *cipher = &padlock_aes_256_cfb; + break; + case NID_aes_256_ofb: + *cipher = &padlock_aes_256_ofb; + break; + default: + /* Sorry, we don't support this NID */ + *cipher = NULL; + return 0; + } + + return 1; +} + +/* Prepare the encryption key for PadLock usage */ +static int +padlock_aes_init_key (EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ + struct padlock_cipher_data *cdata; + int key_len = EVP_CIPHER_CTX_key_length(ctx) * 8; + + if (key == NULL) + return 0; /* ERROR */ + + cdata = ALIGNED_CIPHER_DATA(ctx); + memset(cdata, 0, sizeof(struct padlock_cipher_data)); + + /* Prepare Control word. */ + if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) + cdata->cword.b.encdec = 0; + else + cdata->cword.b.encdec = (ctx->encrypt == 0); + cdata->cword.b.rounds = 10 + (key_len - 128) / 32; + cdata->cword.b.ksize = (key_len - 128) / 64; + + switch (key_len) { + case 128: + /* PadLock can generate an extended key for + AES128 in hardware */ + memcpy(cdata->ks.rd_key, key, AES_KEY_SIZE_128); + cdata->cword.b.keygen = 0; + break; + + case 192: + case 256: + /* Generate an extended AES key in software. + Needed for AES192/AES256 */ + /* Well, the above applies to Stepping 8 CPUs + and is listed as hardware errata. They most + likely will fix it at some point and then + a check for stepping would be due here. */ + if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CFB_MODE || + EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE || + enc) + AES_set_encrypt_key(key, key_len, &cdata->ks); + else + AES_set_decrypt_key(key, key_len, &cdata->ks); +#ifndef AES_ASM + /* OpenSSL C functions use byte-swapped extended key. */ + padlock_bswapl(&cdata->ks); +#endif + cdata->cword.b.keygen = 1; + break; + + default: + /* ERROR */ + return 0; + } + + /* + * This is done to cover for cases when user reuses the + * context for new key. The catch is that if we don't do + * this, padlock_eas_cipher might proceed with old key... + */ + padlock_reload_key (); + + return 1; +} + +/* + * Simplified version of padlock_aes_cipher() used when + * 1) both input and output buffers are at aligned addresses. + * or when + * 2) running on a newer CPU that doesn't require aligned buffers. + */ +static int +padlock_aes_cipher_omnivorous(EVP_CIPHER_CTX *ctx, unsigned char *out_arg, + const unsigned char *in_arg, size_t nbytes) +{ + struct padlock_cipher_data *cdata; + void *iv; + + cdata = ALIGNED_CIPHER_DATA(ctx); + padlock_verify_context(cdata); + + switch (EVP_CIPHER_CTX_mode(ctx)) { + case EVP_CIPH_ECB_MODE: + padlock_xcrypt_ecb(nbytes / AES_BLOCK_SIZE, cdata, + out_arg, in_arg); + break; + + case EVP_CIPH_CBC_MODE: + memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE); + iv = padlock_xcrypt_cbc(nbytes / AES_BLOCK_SIZE, cdata, + out_arg, in_arg); + memcpy(ctx->iv, iv, AES_BLOCK_SIZE); + break; + + case EVP_CIPH_CFB_MODE: + memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE); + iv = padlock_xcrypt_cfb(nbytes / AES_BLOCK_SIZE, cdata, + out_arg, in_arg); + memcpy(ctx->iv, iv, AES_BLOCK_SIZE); + break; + + case EVP_CIPH_OFB_MODE: + memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE); + padlock_xcrypt_ofb(nbytes / AES_BLOCK_SIZE, cdata, + out_arg, in_arg); + memcpy(ctx->iv, cdata->iv, AES_BLOCK_SIZE); + break; + + default: + return 0; + } + + memset(cdata->iv, 0, AES_BLOCK_SIZE); + + return 1; +} + +#ifndef PADLOCK_CHUNK +# define PADLOCK_CHUNK 512 /* Must be a power of 2 larger than 16 */ +#endif +#if PADLOCK_CHUNK<16 || PADLOCK_CHUNK&(PADLOCK_CHUNK-1) +# error "insane PADLOCK_CHUNK..." +#endif + +/* Re-align the arguments to 16-Bytes boundaries and run the + encryption function itself. This function is not AES-specific. */ +static int +padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg, + const unsigned char *in_arg, size_t nbytes) +{ + struct padlock_cipher_data *cdata; + const void *inp; + unsigned char *out; + void *iv; + int inp_misaligned, out_misaligned, realign_in_loop; + size_t chunk, allocated = 0; + + /* ctx->num is maintained in byte-oriented modes, + such as CFB and OFB... */ + if ((chunk = ctx->num)) { + /* borrow chunk variable */ + unsigned char *ivp = ctx->iv; + + switch (EVP_CIPHER_CTX_mode(ctx)) { + case EVP_CIPH_CFB_MODE: + if (chunk >= AES_BLOCK_SIZE) + return 0; /* bogus value */ + + if (ctx->encrypt) + while (chunk < AES_BLOCK_SIZE && nbytes != 0) { + ivp[chunk] = *(out_arg++) = *(in_arg++) ^ ivp[chunk]; + chunk++, nbytes--; + } + else + while (chunk < AES_BLOCK_SIZE && nbytes != 0) { + unsigned char c = *(in_arg++); + *(out_arg++) = c ^ ivp[chunk]; + ivp[chunk++] = c, nbytes--; + } + + ctx->num = chunk % AES_BLOCK_SIZE; + break; + case EVP_CIPH_OFB_MODE: + if (chunk >= AES_BLOCK_SIZE) + return 0; /* bogus value */ + + while (chunk < AES_BLOCK_SIZE && nbytes != 0) { + *(out_arg++) = *(in_arg++) ^ ivp[chunk]; + chunk++, nbytes--; + } + + ctx->num = chunk % AES_BLOCK_SIZE; + break; + } + } + + if (nbytes == 0) + return 1; +#if 0 + if (nbytes % AES_BLOCK_SIZE) + return 0; /* are we expected to do tail processing? */ +#else + /* nbytes is always multiple of AES_BLOCK_SIZE in ECB and CBC + modes and arbitrary value in byte-oriented modes, such as + CFB and OFB... */ +#endif + + /* VIA promises CPUs that won't require alignment in the future. + For now padlock_aes_align_required is initialized to 1 and + the condition is never met... */ + /* C7 core is capable to manage unaligned input in non-ECB[!] + mode, but performance penalties appear to be approximately + same as for software alignment below or ~3x. They promise to + improve it in the future, but for now we can just as well + pretend that it can only handle aligned input... */ + if (!padlock_aes_align_required && (nbytes % AES_BLOCK_SIZE) == 0) + return padlock_aes_cipher_omnivorous(ctx, out_arg, in_arg, + nbytes); + + inp_misaligned = (((size_t)in_arg) & 0x0F); + out_misaligned = (((size_t)out_arg) & 0x0F); + + /* Note that even if output is aligned and input not, + * I still prefer to loop instead of copy the whole + * input and then encrypt in one stroke. This is done + * in order to improve L1 cache utilization... */ + realign_in_loop = out_misaligned|inp_misaligned; + + if (!realign_in_loop && (nbytes % AES_BLOCK_SIZE) == 0) + return padlock_aes_cipher_omnivorous(ctx, out_arg, in_arg, + nbytes); + + /* this takes one "if" out of the loops */ + chunk = nbytes; + chunk %= PADLOCK_CHUNK; + if (chunk == 0) + chunk = PADLOCK_CHUNK; + + if (out_misaligned) { + /* optmize for small input */ + allocated = (chunk < nbytes ? PADLOCK_CHUNK : nbytes); + out = alloca(0x10 + allocated); + out = NEAREST_ALIGNED(out); + } else + out = out_arg; + + cdata = ALIGNED_CIPHER_DATA(ctx); + padlock_verify_context(cdata); + + switch (EVP_CIPHER_CTX_mode(ctx)) { + case EVP_CIPH_ECB_MODE: + do { + if (inp_misaligned) + inp = padlock_memcpy(out, in_arg, chunk); + else + inp = in_arg; + in_arg += chunk; + + padlock_xcrypt_ecb(chunk / AES_BLOCK_SIZE, cdata, + out, inp); + + if (out_misaligned) + out_arg = padlock_memcpy(out_arg, out, chunk) + + chunk; + else + out = out_arg += chunk; + + nbytes -= chunk; + chunk = PADLOCK_CHUNK; + } while (nbytes); + break; + + case EVP_CIPH_CBC_MODE: + memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE); + goto cbc_shortcut; + do { + if (iv != cdata->iv) + memcpy(cdata->iv, iv, AES_BLOCK_SIZE); + chunk = PADLOCK_CHUNK; + cbc_shortcut: /* optimize for small input */ + if (inp_misaligned) + inp = padlock_memcpy(out, in_arg, chunk); + else + inp = in_arg; + in_arg += chunk; + + iv = padlock_xcrypt_cbc(chunk / AES_BLOCK_SIZE, cdata, + out, inp); + + if (out_misaligned) + out_arg = padlock_memcpy(out_arg, out, chunk) + + chunk; + else + out = out_arg += chunk; + } while (nbytes -= chunk); + memcpy(ctx->iv, iv, AES_BLOCK_SIZE); + break; + + case EVP_CIPH_CFB_MODE: + memcpy (iv = cdata->iv, ctx->iv, AES_BLOCK_SIZE); + chunk &= ~(AES_BLOCK_SIZE - 1); + if (chunk) + goto cfb_shortcut; + else + goto cfb_skiploop; + do { + if (iv != cdata->iv) + memcpy(cdata->iv, iv, AES_BLOCK_SIZE); + chunk = PADLOCK_CHUNK; + cfb_shortcut: /* optimize for small input */ + if (inp_misaligned) + inp = padlock_memcpy(out, in_arg, chunk); + else + inp = in_arg; + in_arg += chunk; + + iv = padlock_xcrypt_cfb(chunk / AES_BLOCK_SIZE, cdata, + out, inp); + + if (out_misaligned) + out_arg = padlock_memcpy(out_arg, out, chunk) + + chunk; + else + out = out_arg += chunk; + + nbytes -= chunk; + } while (nbytes >= AES_BLOCK_SIZE); + +cfb_skiploop: + if (nbytes) { + unsigned char *ivp = cdata->iv; + + if (iv != ivp) { + memcpy(ivp, iv, AES_BLOCK_SIZE); + iv = ivp; + } + ctx->num = nbytes; + if (cdata->cword.b.encdec) { + cdata->cword.b.encdec = 0; + padlock_reload_key(); + padlock_xcrypt_ecb(1, cdata, ivp, ivp); + cdata->cword.b.encdec = 1; + padlock_reload_key(); + while (nbytes) { + unsigned char c = *(in_arg++); + *(out_arg++) = c ^ *ivp; + *(ivp++) = c, nbytes--; + } + } else { + padlock_reload_key(); + padlock_xcrypt_ecb(1, cdata, ivp, ivp); + padlock_reload_key(); + while (nbytes) { + *ivp = *(out_arg++) = *(in_arg++) ^ *ivp; + ivp++, nbytes--; + } + } + } + + memcpy(ctx->iv, iv, AES_BLOCK_SIZE); + break; + + case EVP_CIPH_OFB_MODE: + memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE); + chunk &= ~(AES_BLOCK_SIZE - 1); + if (chunk) do { + if (inp_misaligned) + inp = padlock_memcpy(out, in_arg, chunk); + else + inp = in_arg; + in_arg += chunk; + + padlock_xcrypt_ofb(chunk / AES_BLOCK_SIZE, cdata, + out, inp); + + if (out_misaligned) + out_arg = padlock_memcpy(out_arg, out, chunk) + + chunk; + else + out = out_arg += chunk; + + nbytes -= chunk; + chunk = PADLOCK_CHUNK; + } while (nbytes >= AES_BLOCK_SIZE); + + if (nbytes) { + unsigned char *ivp = cdata->iv; + + ctx->num = nbytes; + padlock_reload_key(); /* empirically found */ + padlock_xcrypt_ecb(1, cdata, ivp, ivp); + padlock_reload_key(); /* empirically found */ + while (nbytes) { + *(out_arg++) = *(in_arg++) ^ *ivp; + ivp++, nbytes--; + } + } + + memcpy(ctx->iv, cdata->iv, AES_BLOCK_SIZE); + break; + + default: + return 0; + } + + /* Clean the realign buffer if it was used */ + if (out_misaligned) { + volatile unsigned long *p = (void *)out; + size_t n = allocated/sizeof(*p); + while (n--) + *p++ = 0; + } + + memset(cdata->iv, 0, AES_BLOCK_SIZE); + + return 1; +} + +#endif /* OPENSSL_NO_AES */ + +/* ===== Random Number Generator ===== */ +/* + * This code is not engaged. The reason is that it does not comply + * with recommendations for VIA RNG usage for secure applications + * (posted at http://www.via.com.tw/en/viac3/c3.jsp) nor does it + * provide meaningful error control... + */ +/* Wrapper that provides an interface between the API and + the raw PadLock RNG */ +static int +padlock_rand_bytes(unsigned char *output, int count) +{ + unsigned int eax, buf; + + while (count >= 8) { + eax = padlock_xstore(output, 0); + if (!(eax & (1 << 6))) + return 0; /* RNG disabled */ + /* this ---vv--- covers DC bias, Raw Bits and String Filter */ + if (eax & (0x1F << 10)) + return 0; + if ((eax & 0x1F) == 0) + continue; /* no data, retry... */ + if ((eax & 0x1F) != 8) + return 0; /* fatal failure... */ + output += 8; + count -= 8; + } + while (count > 0) { + eax = padlock_xstore(&buf, 3); + if (!(eax & (1 << 6))) + return 0; /* RNG disabled */ + /* this ---vv--- covers DC bias, Raw Bits and String Filter */ + if (eax & (0x1F << 10)) + return 0; + if ((eax & 0x1F) == 0) + continue; /* no data, retry... */ + if ((eax & 0x1F) != 1) + return 0; /* fatal failure... */ + *output++ = (unsigned char)buf; + count--; + } + *(volatile unsigned int *)&buf = 0; + + return 1; +} + +/* Dummy but necessary function */ +static int +padlock_rand_status(void) +{ + return 1; +} + +/* Prepare structure for registration */ +static RAND_METHOD padlock_rand = { + .bytes = padlock_rand_bytes, + .pseudorand = padlock_rand_bytes, + .status = padlock_rand_status +}; + +#else /* !COMPILE_HW_PADLOCK */ +#ifndef OPENSSL_NO_DYNAMIC_ENGINE +extern int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); +extern int +bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { + return 0; +} +IMPLEMENT_DYNAMIC_CHECK_FN() +#endif +#endif /* COMPILE_HW_PADLOCK */ + +#endif /* !OPENSSL_NO_HW_PADLOCK */ +#endif /* !OPENSSL_NO_HW */ diff --git a/src/lib/libcrypto/engine/eng_padlock.ec b/src/lib/libcrypto/engine/eng_padlock.ec new file mode 100644 index 00000000000..a0e7cbd60dc --- /dev/null +++ b/src/lib/libcrypto/engine/eng_padlock.ec @@ -0,0 +1 @@ +L PADLOCK eng_padlock_err.h eng_padlock_err.c diff --git a/src/lib/libcrypto/engine/eng_pkey.c b/src/lib/libcrypto/engine/eng_pkey.c index 8c69171511e..a0320e973f6 100644 --- a/src/lib/libcrypto/engine/eng_pkey.c +++ b/src/lib/libcrypto/engine/eng_pkey.c @@ -1,4 +1,4 @@ -/* crypto/engine/eng_pkey.c */ +/* $OpenBSD: eng_pkey.c,v 1.7 2017/01/29 17:49:23 beck Exp $ */ /* ==================================================================== * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. * @@ -7,7 +7,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -53,105 +53,132 @@ * */ -#include -#include "cryptlib.h" +#include + #include "eng_int.h" -#include /* Basic get/set stuff */ -int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f) - { +int +ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f) +{ e->load_privkey = loadpriv_f; return 1; - } +} -int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f) - { +int +ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f) +{ e->load_pubkey = loadpub_f; return 1; - } +} -ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e) - { +int +ENGINE_set_load_ssl_client_cert_function(ENGINE *e, + ENGINE_SSL_CLIENT_CERT_PTR loadssl_f) +{ + e->load_ssl_client_cert = loadssl_f; + return 1; +} + +ENGINE_LOAD_KEY_PTR +ENGINE_get_load_privkey_function(const ENGINE *e) +{ return e->load_privkey; - } +} -ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e) - { +ENGINE_LOAD_KEY_PTR +ENGINE_get_load_pubkey_function(const ENGINE *e) +{ return e->load_pubkey; - } +} + +ENGINE_SSL_CLIENT_CERT_PTR +ENGINE_get_ssl_client_cert_function(const ENGINE *e) +{ + return e->load_ssl_client_cert; +} /* API functions to load public/private keys */ -EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, - UI_METHOD *ui_method, void *callback_data) - { +EVP_PKEY * +ENGINE_load_private_key(ENGINE *e, const char *key_id, UI_METHOD *ui_method, + void *callback_data) +{ EVP_PKEY *pkey; - if(e == NULL) - { - ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, - ERR_R_PASSED_NULL_PARAMETER); + if (e == NULL) { + ENGINEerror(ERR_R_PASSED_NULL_PARAMETER); return 0; - } + } CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); - if(e->funct_ref == 0) - { + if (e->funct_ref == 0) { CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); - ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, - ENGINE_R_NOT_INITIALISED); + ENGINEerror(ENGINE_R_NOT_INITIALISED); return 0; - } + } CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); - if (!e->load_privkey) - { - ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, - ENGINE_R_NO_LOAD_FUNCTION); + if (!e->load_privkey) { + ENGINEerror(ENGINE_R_NO_LOAD_FUNCTION); return 0; - } + } pkey = e->load_privkey(e, key_id, ui_method, callback_data); - if (!pkey) - { - ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, - ENGINE_R_FAILED_LOADING_PRIVATE_KEY); + if (!pkey) { + ENGINEerror(ENGINE_R_FAILED_LOADING_PRIVATE_KEY); return 0; - } - return pkey; } + return pkey; +} -EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, - UI_METHOD *ui_method, void *callback_data) - { +EVP_PKEY * +ENGINE_load_public_key(ENGINE *e, const char *key_id, UI_METHOD *ui_method, + void *callback_data) +{ EVP_PKEY *pkey; - if(e == NULL) - { - ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, - ERR_R_PASSED_NULL_PARAMETER); + if (e == NULL) { + ENGINEerror(ERR_R_PASSED_NULL_PARAMETER); return 0; - } + } CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); - if(e->funct_ref == 0) - { + if (e->funct_ref == 0) { CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); - ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, - ENGINE_R_NOT_INITIALISED); + ENGINEerror(ENGINE_R_NOT_INITIALISED); return 0; - } + } CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); - if (!e->load_pubkey) - { - ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, - ENGINE_R_NO_LOAD_FUNCTION); + if (!e->load_pubkey) { + ENGINEerror(ENGINE_R_NO_LOAD_FUNCTION); return 0; - } + } pkey = e->load_pubkey(e, key_id, ui_method, callback_data); - if (!pkey) - { - ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, - ENGINE_R_FAILED_LOADING_PUBLIC_KEY); + if (!pkey) { + ENGINEerror(ENGINE_R_FAILED_LOADING_PUBLIC_KEY); return 0; - } + } return pkey; +} + +int +ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s, STACK_OF(X509_NAME) *ca_dn, + X509 **pcert, EVP_PKEY **ppkey, STACK_OF(X509) **pother, + UI_METHOD *ui_method, void *callback_data) +{ + if (e == NULL) { + ENGINEerror(ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); + if (e->funct_ref == 0) { + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); + ENGINEerror(ENGINE_R_NOT_INITIALISED); + return 0; + } + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); + if (!e->load_ssl_client_cert) { + ENGINEerror(ENGINE_R_NO_LOAD_FUNCTION); + return 0; } + return e->load_ssl_client_cert(e, s, ca_dn, pcert, ppkey, pother, + ui_method, callback_data); +} diff --git a/src/lib/libcrypto/engine/eng_table.c b/src/lib/libcrypto/engine/eng_table.c index c69a84a8bf4..a8aded5aaf8 100644 --- a/src/lib/libcrypto/engine/eng_table.c +++ b/src/lib/libcrypto/engine/eng_table.c @@ -1,3 +1,4 @@ +/* $OpenBSD: eng_table.c,v 1.9 2017/01/29 17:49:23 beck Exp $ */ /* ==================================================================== * Copyright (c) 2001 The OpenSSL Project. All rights reserved. * @@ -6,7 +7,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -52,310 +53,302 @@ * */ +#include #include -#include -#include "eng_int.h" +#include -/* This is the type of item in the 'implementation' table. Each 'nid' hashes to - * a (potentially NULL) ENGINE_PILE structure which contains a stack of ENGINE* - * pointers. These pointers aren't references, because they're inserted and - * removed during ENGINE creation and ENGINE destruction. They point to ENGINEs - * that *exist* (ie. have a structural reference count greater than zero) rather - * than ENGINEs that are *functional*. Each pointer in those stacks are to - * ENGINEs that implements the algorithm corresponding to each 'nid'. */ +#include "eng_int.h" /* The type of the items in the table */ -typedef struct st_engine_pile - { - /* The 'nid' of the algorithm/mode this ENGINE_PILE structure represents - * */ +typedef struct st_engine_pile { + /* The 'nid' of this algorithm/mode */ int nid; - /* A stack of ENGINE pointers for ENGINEs that support this - * algorithm/mode. In the event that 'funct' is NULL, the first entry in - * this stack that initialises will be set as 'funct' and assumed as the - * default for operations of this type. */ + /* ENGINEs that implement this algorithm/mode. */ STACK_OF(ENGINE) *sk; /* The default ENGINE to perform this algorithm/mode. */ ENGINE *funct; - /* This value optimises engine_table_select(). If it is called it sets - * this value to 1. Any changes to this ENGINE_PILE resets it to zero. - * As such, no ENGINE_init() thrashing is done unless ENGINEs - * continually register (and/or unregister). */ + /* Zero if 'sk' is newer than the cached 'funct', non-zero otherwise */ int uptodate; - } ENGINE_PILE; +} ENGINE_PILE; + +DECLARE_LHASH_OF(ENGINE_PILE); + +/* The type exposed in eng_int.h */ +struct st_engine_table { + LHASH_OF(ENGINE_PILE) piles; +}; /* ENGINE_TABLE */ -/* The type of the hash table of ENGINE_PILE structures such that each are - * unique and keyed by the 'nid' value. */ -struct st_engine_table - { - LHASH piles; - }; /* ENGINE_TABLE */ +typedef struct st_engine_pile_doall { + engine_table_doall_cb *cb; + void *arg; +} ENGINE_PILE_DOALL; -/* This value stores global options controlling behaviour of (mostly) the - * engine_table_select() function. It's a bitmask of flag values of the form - * ENGINE_TABLE_FLAG_*** (as defined in engine.h) and is controlled by the - * ENGINE_[get|set]_table_flags() function. */ +/* Global flags (ENGINE_TABLE_FLAG_***). */ static unsigned int table_flags = 0; /* API function manipulating 'table_flags' */ -unsigned int ENGINE_get_table_flags(void) - { +unsigned int +ENGINE_get_table_flags(void) +{ return table_flags; - } -void ENGINE_set_table_flags(unsigned int flags) - { +} + +void +ENGINE_set_table_flags(unsigned int flags) +{ table_flags = flags; - } +} /* Internal functions for the "piles" hash table */ -static unsigned long engine_pile_hash(const ENGINE_PILE *c) - { +static unsigned long +engine_pile_hash(const ENGINE_PILE *c) +{ return c->nid; - } -static int engine_pile_cmp(const ENGINE_PILE *a, const ENGINE_PILE *b) - { +} + +static int +engine_pile_cmp(const ENGINE_PILE *a, const ENGINE_PILE *b) +{ return a->nid - b->nid; - } -static IMPLEMENT_LHASH_HASH_FN(engine_pile_hash, const ENGINE_PILE *) -static IMPLEMENT_LHASH_COMP_FN(engine_pile_cmp, const ENGINE_PILE *) -static int int_table_check(ENGINE_TABLE **t, int create) - { - LHASH *lh; - if(*t) +} +static IMPLEMENT_LHASH_HASH_FN(engine_pile, ENGINE_PILE) +static IMPLEMENT_LHASH_COMP_FN(engine_pile, ENGINE_PILE) + +static int +int_table_check(ENGINE_TABLE **t, int create) +{ + LHASH_OF(ENGINE_PILE) *lh; + + if (*t) return 1; - if(!create) + if (!create) return 0; - if((lh = lh_new(LHASH_HASH_FN(engine_pile_hash), - LHASH_COMP_FN(engine_pile_cmp))) == NULL) + if ((lh = lh_ENGINE_PILE_new()) == NULL) return 0; *t = (ENGINE_TABLE *)lh; return 1; - } +} /* Privately exposed (via eng_int.h) functions for adding and/or removing * ENGINEs from the implementation table */ -int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup, - ENGINE *e, const int *nids, int num_nids, int setdefault) - { +int +engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup, + ENGINE *e, const int *nids, int num_nids, int setdefault) +{ int ret = 0, added = 0; ENGINE_PILE tmplate, *fnd; + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); - if(!(*table)) + if (!(*table)) added = 1; - if(!int_table_check(table, 1)) + if (!int_table_check(table, 1)) goto end; - if(added) + if (added) /* The cleanup callback needs to be added */ engine_cleanup_add_first(cleanup); - while(num_nids--) - { + while (num_nids--) { tmplate.nid = *nids; - fnd = lh_retrieve(&(*table)->piles, &tmplate); - if(!fnd) - { - fnd = OPENSSL_malloc(sizeof(ENGINE_PILE)); - if(!fnd) + fnd = lh_ENGINE_PILE_retrieve(&(*table)->piles, &tmplate); + if (!fnd) { + fnd = malloc(sizeof(ENGINE_PILE)); + if (!fnd) goto end; fnd->uptodate = 1; fnd->nid = *nids; fnd->sk = sk_ENGINE_new_null(); - if(!fnd->sk) - { - OPENSSL_free(fnd); + if (!fnd->sk) { + free(fnd); goto end; - } - fnd->funct= NULL; - lh_insert(&(*table)->piles, fnd); } + fnd->funct = NULL; + (void)lh_ENGINE_PILE_insert(&(*table)->piles, fnd); + } /* A registration shouldn't add duplciate entries */ - sk_ENGINE_delete_ptr(fnd->sk, e); + (void)sk_ENGINE_delete_ptr(fnd->sk, e); /* if 'setdefault', this ENGINE goes to the head of the list */ - if(!sk_ENGINE_push(fnd->sk, e)) + if (!sk_ENGINE_push(fnd->sk, e)) goto end; /* "touch" this ENGINE_PILE */ fnd->uptodate = 0; - if(setdefault) - { - if(!engine_unlocked_init(e)) - { - ENGINEerr(ENGINE_F_ENGINE_TABLE_REGISTER, - ENGINE_R_INIT_FAILED); + if (setdefault) { + if (!engine_unlocked_init(e)) { + ENGINEerror(ENGINE_R_INIT_FAILED); goto end; - } - if(fnd->funct) + } + if (fnd->funct) engine_unlocked_finish(fnd->funct, 0); fnd->funct = e; - } - nids++; + fnd->uptodate = 1; } + nids++; + } ret = 1; end: CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); return ret; - } -static void int_unregister_cb(ENGINE_PILE *pile, ENGINE *e) - { +} + +static void +int_unregister_cb_doall_arg(ENGINE_PILE *pile, ENGINE *e) +{ int n; + /* Iterate the 'c->sk' stack removing any occurance of 'e' */ - while((n = sk_ENGINE_find(pile->sk, e)) >= 0) - { - sk_ENGINE_delete(pile->sk, n); - /* "touch" this ENGINE_CIPHER */ + while ((n = sk_ENGINE_find(pile->sk, e)) >= 0) { + (void)sk_ENGINE_delete(pile->sk, n); pile->uptodate = 0; - } - if(pile->funct == e) - { + } + if (pile->funct == e) { engine_unlocked_finish(e, 0); pile->funct = NULL; - } } -static IMPLEMENT_LHASH_DOALL_ARG_FN(int_unregister_cb,ENGINE_PILE *,ENGINE *) -void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e) - { +} +static IMPLEMENT_LHASH_DOALL_ARG_FN(int_unregister_cb, ENGINE_PILE, ENGINE) + +void +engine_table_unregister(ENGINE_TABLE **table, ENGINE *e) +{ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); - if(int_table_check(table, 0)) - lh_doall_arg(&(*table)->piles, - LHASH_DOALL_ARG_FN(int_unregister_cb), e); + if (int_table_check(table, 0)) + lh_ENGINE_PILE_doall_arg(&(*table)->piles, + LHASH_DOALL_ARG_FN(int_unregister_cb), ENGINE, e); CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); - } +} -static void int_cleanup_cb(ENGINE_PILE *p) - { +static void +int_cleanup_cb_doall(ENGINE_PILE *p) +{ sk_ENGINE_free(p->sk); - if(p->funct) + if (p->funct) engine_unlocked_finish(p->funct, 0); - OPENSSL_free(p); - } -static IMPLEMENT_LHASH_DOALL_FN(int_cleanup_cb,ENGINE_PILE *) -void engine_table_cleanup(ENGINE_TABLE **table) - { + free(p); +} +static IMPLEMENT_LHASH_DOALL_FN(int_cleanup_cb, ENGINE_PILE) + +void +engine_table_cleanup(ENGINE_TABLE **table) +{ CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); - if(*table) - { - lh_doall(&(*table)->piles, LHASH_DOALL_FN(int_cleanup_cb)); - lh_free(&(*table)->piles); + if (*table) { + lh_ENGINE_PILE_doall(&(*table)->piles, + LHASH_DOALL_FN(int_cleanup_cb)); + lh_ENGINE_PILE_free(&(*table)->piles); *table = NULL; - } - CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); } + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); +} -/* Exposed API function to get a functional reference from the implementation - * table (ie. try to get a functional reference from the tabled structural - * references) for a given cipher 'nid' */ +/* return a functional reference for a given 'nid' */ #ifndef ENGINE_TABLE_DEBUG -ENGINE *engine_table_select(ENGINE_TABLE **table, int nid) +ENGINE * +engine_table_select(ENGINE_TABLE **table, int nid) #else -ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, int l) +ENGINE * +engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, int l) #endif - { +{ ENGINE *ret = NULL; - ENGINE_PILE tmplate, *fnd=NULL; + ENGINE_PILE tmplate, *fnd = NULL; int initres, loop = 0; - /* If 'engine_ciphers' is NULL, then it's absolutely *sure* that no - * ENGINEs have registered any implementations! */ - if(!(*table)) - { + if (!(*table)) { #ifdef ENGINE_TABLE_DEBUG - fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, no " - "registered for anything!\n", f, l, nid); + fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, nothing " + "registered!\n", f, l, nid); #endif return NULL; - } + } + ERR_set_mark(); CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); /* Check again inside the lock otherwise we could race against cleanup * operations. But don't worry about a fprintf(stderr). */ - if(!int_table_check(table, 0)) + if (!int_table_check(table, 0)) goto end; tmplate.nid = nid; - fnd = lh_retrieve(&(*table)->piles, &tmplate); - if(!fnd) + fnd = lh_ENGINE_PILE_retrieve(&(*table)->piles, &tmplate); + if (!fnd) goto end; - if(fnd->funct && engine_unlocked_init(fnd->funct)) - { + if (fnd->funct && engine_unlocked_init(fnd->funct)) { #ifdef ENGINE_TABLE_DEBUG fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using " - "ENGINE '%s' cached\n", f, l, nid, fnd->funct->id); + "ENGINE '%s' cached\n", f, l, nid, fnd->funct->id); #endif ret = fnd->funct; goto end; - } - if(fnd->uptodate) - { + } + if (fnd->uptodate) { ret = fnd->funct; goto end; - } + } trynext: ret = sk_ENGINE_value(fnd->sk, loop++); - if(!ret) - { + if (!ret) { #ifdef ENGINE_TABLE_DEBUG fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, no " - "registered implementations would initialise\n", - f, l, nid); + "registered implementations would initialise\n", f, l, nid); #endif goto end; - } -#if 0 - /* Don't need to get a reference if we hold the lock. If the locking has - * to change in future, that would be different ... */ - ret->struct_ref++; engine_ref_debug(ret, 0, 1) -#endif - /* Try and initialise the ENGINE if it's already functional *or* if the - * ENGINE_TABLE_FLAG_NOINIT flag is not set. */ - if((ret->funct_ref > 0) || !(table_flags & ENGINE_TABLE_FLAG_NOINIT)) + } + /* Try to initialise the ENGINE? */ + if ((ret->funct_ref > 0) || !(table_flags & ENGINE_TABLE_FLAG_NOINIT)) initres = engine_unlocked_init(ret); else initres = 0; -#if 0 - /* Release the structural reference */ - ret->struct_ref--; engine_ref_debug(ret, 0, -1); -#endif - if(initres) - { - /* If we didn't have a default (functional reference) for this - * 'nid' (or we had one but for whatever reason we're now - * initialising a different one), use this opportunity to set - * 'funct'. */ - if((fnd->funct != ret) && engine_unlocked_init(ret)) - { + if (initres) { + /* Update 'funct' */ + if ((fnd->funct != ret) && engine_unlocked_init(ret)) { /* If there was a previous default we release it. */ - if(fnd->funct) + if (fnd->funct) engine_unlocked_finish(fnd->funct, 0); - /* We got an extra functional reference for the - * per-'nid' default */ fnd->funct = ret; #ifdef ENGINE_TABLE_DEBUG fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, " - "setting default to '%s'\n", f, l, nid, ret->id); + "setting default to '%s'\n", f, l, nid, ret->id); #endif - } + } #ifdef ENGINE_TABLE_DEBUG fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using " - "newly initialised '%s'\n", f, l, nid, ret->id); + "newly initialised '%s'\n", f, l, nid, ret->id); #endif goto end; - } + } goto trynext; end: - /* Whatever happened - we should "untouch" our uptodate file seeing as - * we have tried our best to find a functional reference for 'nid'. If - * it failed, it is unlikely to succeed again until some future - * registrations (or unregistrations) have taken place that affect that - * 'nid'. */ - if(fnd) + /* If it failed, it is unlikely to succeed again until some future + * registrations have taken place. In all cases, we cache. */ + if (fnd) fnd->uptodate = 1; #ifdef ENGINE_TABLE_DEBUG - if(ret) + if (ret) fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching " - "ENGINE '%s'\n", f, l, nid, ret->id); + "ENGINE '%s'\n", f, l, nid, ret->id); else fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching " - "'no matching ENGINE'\n", f, l, nid); + "'no matching ENGINE'\n", f, l, nid); #endif CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); /* Whatever happened, any failed init()s are not failures in this * context, so clear our error state. */ - ERR_clear_error(); + ERR_pop_to_mark(); return ret; - } +} + +/* Table enumeration */ + +static void +int_cb_doall_arg(ENGINE_PILE *pile, ENGINE_PILE_DOALL *dall) +{ + dall->cb(pile->nid, pile->sk, pile->funct, dall->arg); +} +static IMPLEMENT_LHASH_DOALL_ARG_FN(int_cb, ENGINE_PILE, ENGINE_PILE_DOALL) + +void +engine_table_doall(ENGINE_TABLE *table, engine_table_doall_cb *cb, void *arg) +{ + ENGINE_PILE_DOALL dall; + + dall.cb = cb; + dall.arg = arg; + lh_ENGINE_PILE_doall_arg(&table->piles, LHASH_DOALL_ARG_FN(int_cb), + ENGINE_PILE_DOALL, &dall); +} diff --git a/src/lib/libcrypto/engine/engine.h b/src/lib/libcrypto/engine/engine.h index 97f5de9e129..dc14be8e386 100644 --- a/src/lib/libcrypto/engine/engine.h +++ b/src/lib/libcrypto/engine/engine.h @@ -1,16 +1,16 @@ -/* openssl/engine.h */ +/* $OpenBSD: engine.h,v 1.33 2019/01/19 01:07:00 tb Exp $ */ /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL * project 2000. */ /* ==================================================================== - * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -55,11 +55,22 @@ * Hudson (tjh@cryptsoft.com). * */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECDH support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ #ifndef HEADER_ENGINE_H #define HEADER_ENGINE_H -#include +#include + +#ifdef OPENSSL_NO_ENGINE +#error ENGINE is disabled. +#endif + +#ifndef OPENSSL_NO_DEPRECATED #include #ifndef OPENSSL_NO_RSA #include @@ -70,34 +81,41 @@ #ifndef OPENSSL_NO_DH #include #endif -#include +#ifndef OPENSSL_NO_ECDH +#include +#endif +#ifndef OPENSSL_NO_ECDSA +#include +#endif +#ifndef OPENSSL_NO_EC +#include +#endif #include -#include #include +#endif + +#include + +#include #ifdef __cplusplus extern "C" { #endif -/* Fixups for missing algorithms */ -#ifdef OPENSSL_NO_RSA -typedef void RSA_METHOD; -#endif -#ifdef OPENSSL_NO_DSA -typedef void DSA_METHOD; -#endif -#ifdef OPENSSL_NO_DH -typedef void DH_METHOD; -#endif - /* These flags are used to control combinations of algorithm (methods) * by bitwise "OR"ing. */ #define ENGINE_METHOD_RSA (unsigned int)0x0001 #define ENGINE_METHOD_DSA (unsigned int)0x0002 #define ENGINE_METHOD_DH (unsigned int)0x0004 #define ENGINE_METHOD_RAND (unsigned int)0x0008 +#define ENGINE_METHOD_ECDH (unsigned int)0x0010 +#define ENGINE_METHOD_ECDSA (unsigned int)0x0020 #define ENGINE_METHOD_CIPHERS (unsigned int)0x0040 #define ENGINE_METHOD_DIGESTS (unsigned int)0x0080 +#define ENGINE_METHOD_STORE (unsigned int)0x0100 +#define ENGINE_METHOD_PKEY_METHS (unsigned int)0x0200 +#define ENGINE_METHOD_PKEY_ASN1_METHS (unsigned int)0x0400 +#define ENGINE_METHOD_EC (unsigned int)0x0800 /* Obvious all-or-nothing cases. */ #define ENGINE_METHOD_ALL (unsigned int)0xFFFF #define ENGINE_METHOD_NONE (unsigned int)0x0000 @@ -125,6 +143,13 @@ typedef void DH_METHOD; * the existing ENGINE's structural reference count. */ #define ENGINE_FLAGS_BY_ID_COPY (int)0x0004 +/* This flag if for an ENGINE that does not want its methods registered as + * part of ENGINE_register_all_complete() for example if the methods are + * not usable as default methods. + */ + +#define ENGINE_FLAGS_NO_REGISTER_ALL (int)0x0008 + /* ENGINEs can support their own command types, and these flags are used in * ENGINE_CTRL_GET_CMD_FLAGS to indicate to the caller what kind of input each * command expects. Currently only numeric and string input is supported. If a @@ -167,9 +192,15 @@ typedef void DH_METHOD; handles/connections etc. */ #define ENGINE_CTRL_SET_USER_INTERFACE 4 /* Alternative to callback */ #define ENGINE_CTRL_SET_CALLBACK_DATA 5 /* User-specific data, used - when calling the password - callback and the user - interface */ + when calling the password + callback and the user + interface */ +#define ENGINE_CTRL_LOAD_CONFIGURATION 6 /* Load a configuration, given + a string that represents a + file name or so */ +#define ENGINE_CTRL_LOAD_SECTION 7 /* Load data from a given + section in the already loaded + configuration */ /* These control commands allow an application to deal with an arbitrary engine * in a dynamic way. Warn: Negative return values indicate errors FOR THESE @@ -216,23 +247,7 @@ typedef void DH_METHOD; /* ENGINE implementations should start the numbering of their own control * commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc). */ -#define ENGINE_CMD_BASE 200 - -/* NB: These 2 nCipher "chil" control commands are deprecated, and their - * functionality is now available through ENGINE-specific control commands - * (exposed through the above-mentioned 'CMD'-handling). Code using these 2 - * commands should be migrated to the more general command handling before these - * are removed. */ - -/* Flags specific to the nCipher "chil" engine */ -#define ENGINE_CTRL_CHIL_SET_FORKCHECK 100 - /* Depending on the value of the (long)i argument, this sets or - * unsets the SimpleForkCheck flag in the CHIL API to enable or - * disable checking and workarounds for applications that fork(). - */ -#define ENGINE_CTRL_CHIL_NO_LOCKING 101 - /* This prevents the initialisation function from providing mutex - * callbacks to the nCipher library. */ +#define ENGINE_CMD_BASE 200 /* If an ENGINE supports its own specific control commands and wishes the * framework to handle the above 'ENGINE_CMD_***'-manipulation commands on its @@ -242,23 +257,27 @@ typedef void DH_METHOD; * array). NB: The array must be ordered in increasing order of cmd_num. * "null-terminated" means that the last ENGINE_CMD_DEFN element has cmd_num set * to zero and/or cmd_name set to NULL. */ -typedef struct ENGINE_CMD_DEFN_st - { +typedef struct ENGINE_CMD_DEFN_st { unsigned int cmd_num; /* The command number */ const char *cmd_name; /* The command name itself */ const char *cmd_desc; /* A short description of the command */ unsigned int cmd_flags; /* The input the command expects */ - } ENGINE_CMD_DEFN; +} ENGINE_CMD_DEFN; /* Generic function pointer */ -typedef int (*ENGINE_GEN_FUNC_PTR)(); +typedef int (*ENGINE_GEN_FUNC_PTR)(void); /* Generic function pointer taking no arguments */ typedef int (*ENGINE_GEN_INT_FUNC_PTR)(ENGINE *); /* Specific control function pointer */ -typedef int (*ENGINE_CTRL_FUNC_PTR)(ENGINE *, int, long, void *, void (*f)()); +typedef int (*ENGINE_CTRL_FUNC_PTR)(ENGINE *, int, long, void *, + void (*f)(void)); /* Generic load_key function pointer */ typedef EVP_PKEY * (*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *, - UI_METHOD *ui_method, void *callback_data); + UI_METHOD *ui_method, void *callback_data); +typedef int (*ENGINE_SSL_CLIENT_CERT_PTR)(ENGINE *, SSL *ssl, + STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **pkey, + STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data); + /* These callback types are for an ENGINE's handler for cipher and digest logic. * These handlers have these prototypes; * int foo(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid); @@ -271,8 +290,13 @@ typedef EVP_PKEY * (*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *, */ /* Returns to a pointer to the array of supported cipher 'nid's. If the second * parameter is non-NULL it is set to the size of the returned array. */ -typedef int (*ENGINE_CIPHERS_PTR)(ENGINE *, const EVP_CIPHER **, const int **, int); +typedef int (*ENGINE_CIPHERS_PTR)(ENGINE *, const EVP_CIPHER **, + const int **, int); typedef int (*ENGINE_DIGESTS_PTR)(ENGINE *, const EVP_MD **, const int **, int); +typedef int (*ENGINE_PKEY_METHS_PTR)(ENGINE *, EVP_PKEY_METHOD **, + const int **, int); +typedef int (*ENGINE_PKEY_ASN1_METHS_PTR)(ENGINE *, EVP_PKEY_ASN1_METHOD **, + const int **, int); /* STRUCTURE functions ... all of these functions deal with pointers to ENGINE * structures where the pointers have a "structural reference". This means that @@ -299,20 +323,11 @@ ENGINE *ENGINE_by_id(const char *id); /* Add all the built-in engines. */ void ENGINE_load_openssl(void); void ENGINE_load_dynamic(void); -void ENGINE_load_cswift(void); -void ENGINE_load_chil(void); -void ENGINE_load_atalla(void); -void ENGINE_load_nuron(void); -void ENGINE_load_ubsec(void); -void ENGINE_load_aep(void); -void ENGINE_load_sureware(void); -void ENGINE_load_4758cca(void); -void ENGINE_load_openbsd_dev_crypto(void); +#ifndef OPENSSL_NO_STATIC_ENGINE +void ENGINE_load_padlock(void); +#endif void ENGINE_load_builtin_engines(void); -#ifdef __OpenBSD__ -void ENGINE_load_cryptodev(void); -#endif - + /* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation * "registry" handling. */ unsigned int ENGINE_get_table_flags(void); @@ -334,6 +349,18 @@ int ENGINE_register_DSA(ENGINE *e); void ENGINE_unregister_DSA(ENGINE *e); void ENGINE_register_all_DSA(void); +int ENGINE_register_ECDH(ENGINE *e); +void ENGINE_unregister_ECDH(ENGINE *e); +void ENGINE_register_all_ECDH(void); + +int ENGINE_register_ECDSA(ENGINE *e); +void ENGINE_unregister_ECDSA(ENGINE *e); +void ENGINE_register_all_ECDSA(void); + +int ENGINE_register_EC(ENGINE *e); +void ENGINE_unregister_EC(ENGINE *e); +void ENGINE_register_all_EC(void); + int ENGINE_register_DH(ENGINE *e); void ENGINE_unregister_DH(ENGINE *e); void ENGINE_register_all_DH(void); @@ -342,6 +369,10 @@ int ENGINE_register_RAND(ENGINE *e); void ENGINE_unregister_RAND(ENGINE *e); void ENGINE_register_all_RAND(void); +int ENGINE_register_STORE(ENGINE *e); +void ENGINE_unregister_STORE(ENGINE *e); +void ENGINE_register_all_STORE(void); + int ENGINE_register_ciphers(ENGINE *e); void ENGINE_unregister_ciphers(ENGINE *e); void ENGINE_register_all_ciphers(void); @@ -350,6 +381,14 @@ int ENGINE_register_digests(ENGINE *e); void ENGINE_unregister_digests(ENGINE *e); void ENGINE_register_all_digests(void); +int ENGINE_register_pkey_meths(ENGINE *e); +void ENGINE_unregister_pkey_meths(ENGINE *e); +void ENGINE_register_all_pkey_meths(void); + +int ENGINE_register_pkey_asn1_meths(ENGINE *e); +void ENGINE_unregister_pkey_asn1_meths(ENGINE *e); +void ENGINE_register_all_pkey_asn1_meths(void); + /* These functions register all support from the above categories. Note, use of * these functions can result in static linkage of code your application may not * need. If you only need a subset of functionality, consider using more @@ -364,7 +403,7 @@ int ENGINE_register_all_complete(void); * reference to an engine, but many control commands may require the engine be * functional. The caller should be aware of trying commands that require an * operational ENGINE, and only use functional references in such situations. */ -int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); +int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void)); /* This function tests if an ENGINE-specific command is usable as a "setting". * Eg. in an application's config file that gets processed through @@ -377,7 +416,7 @@ int ENGINE_cmd_is_executable(ENGINE *e, int cmd); * See the comment on ENGINE_ctrl_cmd_string() for an explanation on how to * use the cmd_name and cmd_optional. */ int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, - long i, void *p, void (*f)(), int cmd_optional); + long i, void *p, void (*f)(void), int cmd_optional); /* This function passes a command-name and argument to an ENGINE. The cmd_name * is converted to a command number and the control command is called using @@ -399,7 +438,7 @@ int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, * compliant ENGINE-based applications can work consistently with the same * configuration for the same ENGINE-enabled devices, across applications. */ int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, - int cmd_optional); + int cmd_optional); /* These functions are useful for manufacturing new ENGINE structures. They * don't address reference counting at all - one uses them to populate an ENGINE @@ -409,27 +448,36 @@ int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, * compatibility! */ ENGINE *ENGINE_new(void); int ENGINE_free(ENGINE *e); +int ENGINE_up_ref(ENGINE *e); int ENGINE_set_id(ENGINE *e, const char *id); int ENGINE_set_name(ENGINE *e, const char *name); int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth); int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth); +int ENGINE_set_ECDH(ENGINE *e, const ECDH_METHOD *ecdh_meth); +int ENGINE_set_ECDSA(ENGINE *e, const ECDSA_METHOD *ecdsa_meth); +int ENGINE_set_EC(ENGINE *e, const EC_KEY_METHOD *ec_meth); int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth); int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth); +int ENGINE_set_STORE(ENGINE *e, const STORE_METHOD *store_meth); int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f); int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f); int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f); int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f); int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f); int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f); +int ENGINE_set_load_ssl_client_cert_function(ENGINE *e, + ENGINE_SSL_CLIENT_CERT_PTR loadssl_f); int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f); int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f); +int ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f); +int ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f); int ENGINE_set_flags(ENGINE *e, int flags); int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns); -/* These functions (and the "get" function lower down) allow control over any - * per-structure ENGINE data. */ +/* These functions allow control over any per-structure ENGINE data. */ int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg); +void *ENGINE_get_ex_data(const ENGINE *e, int idx); /* This function cleans up anything that needs it. Eg. the ENGINE_add() function * automatically ensures the list cleanup function is registered to be called @@ -445,21 +493,33 @@ const char *ENGINE_get_id(const ENGINE *e); const char *ENGINE_get_name(const ENGINE *e); const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e); const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e); +const ECDH_METHOD *ENGINE_get_ECDH(const ENGINE *e); +const ECDSA_METHOD *ENGINE_get_ECDSA(const ENGINE *e); +const EC_KEY_METHOD *ENGINE_get_EC(const ENGINE *e); const DH_METHOD *ENGINE_get_DH(const ENGINE *e); const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e); +const STORE_METHOD *ENGINE_get_STORE(const ENGINE *e); ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e); ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e); ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e); ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e); ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e); ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e); +ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE *e); ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e); ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e); +ENGINE_PKEY_METHS_PTR ENGINE_get_pkey_meths(const ENGINE *e); +ENGINE_PKEY_ASN1_METHS_PTR ENGINE_get_pkey_asn1_meths(const ENGINE *e); const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid); const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid); +const EVP_PKEY_METHOD *ENGINE_get_pkey_meth(ENGINE *e, int nid); +const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid); +const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e, + const char *str, int len); +const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_asn1_find_str(ENGINE **pe, + const char *str, int len); const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e); int ENGINE_get_flags(const ENGINE *e); -void *ENGINE_get_ex_data(const ENGINE *e, int idx); /* FUNCTIONAL functions. These functions deal with ENGINE structures * that have (or will) be initialised for use. Broadly speaking, the @@ -486,9 +546,13 @@ int ENGINE_finish(ENGINE *e); * location, handled by the engine. The storage may be on a card or * whatever. */ EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, - UI_METHOD *ui_method, void *callback_data); + UI_METHOD *ui_method, void *callback_data); EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, - UI_METHOD *ui_method, void *callback_data); + UI_METHOD *ui_method, void *callback_data); +int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s, + STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **ppkey, + STACK_OF(X509) **pother, + UI_METHOD *ui_method, void *callback_data); /* This returns a pointer for the current ENGINE structure that * is (by default) performing any RSA operations. The value returned @@ -497,25 +561,35 @@ EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, ENGINE *ENGINE_get_default_RSA(void); /* Same for the other "methods" */ ENGINE *ENGINE_get_default_DSA(void); +ENGINE *ENGINE_get_default_ECDH(void); +ENGINE *ENGINE_get_default_ECDSA(void); +ENGINE *ENGINE_get_default_EC(void); ENGINE *ENGINE_get_default_DH(void); ENGINE *ENGINE_get_default_RAND(void); /* These functions can be used to get a functional reference to perform * ciphering or digesting corresponding to "nid". */ ENGINE *ENGINE_get_cipher_engine(int nid); ENGINE *ENGINE_get_digest_engine(int nid); +ENGINE *ENGINE_get_pkey_meth_engine(int nid); +ENGINE *ENGINE_get_pkey_asn1_meth_engine(int nid); /* This sets a new default ENGINE structure for performing RSA * operations. If the result is non-zero (success) then the ENGINE * structure will have had its reference count up'd so the caller * should still free their own reference 'e'. */ int ENGINE_set_default_RSA(ENGINE *e); -int ENGINE_set_default_string(ENGINE *e, const char *list); +int ENGINE_set_default_string(ENGINE *e, const char *def_list); /* Same for the other "methods" */ int ENGINE_set_default_DSA(ENGINE *e); +int ENGINE_set_default_ECDH(ENGINE *e); +int ENGINE_set_default_ECDSA(ENGINE *e); +int ENGINE_set_default_EC(ENGINE *e); int ENGINE_set_default_DH(ENGINE *e); int ENGINE_set_default_RAND(ENGINE *e); int ENGINE_set_default_ciphers(ENGINE *e); int ENGINE_set_default_digests(ENGINE *e); +int ENGINE_set_default_pkey_meths(ENGINE *e); +int ENGINE_set_default_pkey_asn1_meths(ENGINE *e); /* The combination "set" - the flags are bitwise "OR"d from the * ENGINE_METHOD_*** defines above. As with the "ENGINE_register_complete()" @@ -534,17 +608,20 @@ void ENGINE_add_conf_module(void); /**************************/ /* Binary/behaviour compatibility levels */ -#define OSSL_DYNAMIC_VERSION (unsigned long)0x00010100 +#define OSSL_DYNAMIC_VERSION (unsigned long)0x00020000 /* Binary versions older than this are too old for us (whether we're a loader or * a loadee) */ -#define OSSL_DYNAMIC_OLDEST (unsigned long)0x00010100 +#define OSSL_DYNAMIC_OLDEST (unsigned long)0x00020000 /* When compiling an ENGINE entirely as an external shared library, loadable by * the "dynamic" ENGINE, these types are needed. The 'dynamic_fns' structure * type provides the calling application's (or library's) error functionality * and memory management function pointers to the loaded library. These should * be used/set in the loaded library code so that the loading application's - * 'state' will be used/changed in all operations. */ + * 'state' will be used/changed in all operations. The 'static_state' pointer + * allows the loaded library to know if it shares the same static data as the + * calling application (or library), and thus whether these callbacks need to be + * set or not. */ typedef void *(*dyn_MEM_malloc_cb)(size_t); typedef void *(*dyn_MEM_realloc_cb)(void *, size_t); typedef void (*dyn_MEM_free_cb)(void *); @@ -552,31 +629,32 @@ typedef struct st_dynamic_MEM_fns { dyn_MEM_malloc_cb malloc_cb; dyn_MEM_realloc_cb realloc_cb; dyn_MEM_free_cb free_cb; - } dynamic_MEM_fns; +} dynamic_MEM_fns; /* FIXME: Perhaps the memory and locking code (crypto.h) should declare and use * these types so we (and any other dependant code) can simplify a bit?? */ -typedef void (*dyn_lock_locking_cb)(int,int,const char *,int); -typedef int (*dyn_lock_add_lock_cb)(int*,int,int,const char *,int); +typedef void (*dyn_lock_locking_cb)(int, int, const char *, int); +typedef int (*dyn_lock_add_lock_cb)(int*, int, int, const char *, int); typedef struct CRYPTO_dynlock_value *(*dyn_dynlock_create_cb)( - const char *,int); -typedef void (*dyn_dynlock_lock_cb)(int,struct CRYPTO_dynlock_value *, - const char *,int); + const char *, int); +typedef void (*dyn_dynlock_lock_cb)(int, struct CRYPTO_dynlock_value *, + const char *, int); typedef void (*dyn_dynlock_destroy_cb)(struct CRYPTO_dynlock_value *, - const char *,int); + const char *, int); typedef struct st_dynamic_LOCK_fns { dyn_lock_locking_cb lock_locking_cb; dyn_lock_add_lock_cb lock_add_lock_cb; dyn_dynlock_create_cb dynlock_create_cb; dyn_dynlock_lock_cb dynlock_lock_cb; dyn_dynlock_destroy_cb dynlock_destroy_cb; - } dynamic_LOCK_fns; +} dynamic_LOCK_fns; /* The top-level structure */ typedef struct st_dynamic_fns { + void *static_state; const ERR_FNS *err_fns; const CRYPTO_EX_DATA_IMPL *ex_data_fns; dynamic_MEM_fns mem_fns; dynamic_LOCK_fns lock_fns; - } dynamic_fns; +} dynamic_fns; /* The version checking function should be of this prototype. NB: The * ossl_version value passed in is the OSSL_DYNAMIC_VERSION of the loading code. @@ -589,7 +667,8 @@ typedef struct st_dynamic_fns { * can be fully instantiated with IMPLEMENT_DYNAMIC_CHECK_FN(). */ typedef unsigned long (*dynamic_v_check_fn)(unsigned long ossl_version); #define IMPLEMENT_DYNAMIC_CHECK_FN() \ - unsigned long v_check(unsigned long v) { \ + extern unsigned long v_check(unsigned long v); \ + extern unsigned long v_check(unsigned long v) { \ if(v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \ return 0; } @@ -609,23 +688,34 @@ typedef unsigned long (*dynamic_v_check_fn)(unsigned long ossl_version); * and returns an int value (zero for failure). 'fn' should have prototype; * [static] int fn(ENGINE *e, const char *id); */ typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id, - const dynamic_fns *fns); + const dynamic_fns *fns); #define IMPLEMENT_DYNAMIC_BIND_FN(fn) \ + extern \ + int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); \ + extern \ int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \ + if(ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \ if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \ fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \ return 0; \ - CRYPTO_set_locking_callback(fns->lock_fns.lock_locking_cb); \ - CRYPTO_set_add_lock_callback(fns->lock_fns.lock_add_lock_cb); \ - CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \ - CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \ - CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \ if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \ return 0; \ if(!ERR_set_implementation(fns->err_fns)) return 0; \ + skip_cbs: \ if(!fn(e,id)) return 0; \ return 1; } +/* If the loading application (or library) and the loaded ENGINE library share + * the same static data (eg. they're both dynamically linked to the same + * libcrypto.so) we need a way to avoid trying to set system callbacks - this + * would fail, and for the same reason that it's unnecessary to try. If the + * loaded ENGINE has (or gets from through the loader) its own copy of the + * libcrypto static data, we will need to set the callbacks. The easiest way to + * detect this is to have a function that returns a pointer to some static data + * and let the loading application and loaded ENGINE compare their respective + * values. */ + void *ENGINE_get_static_state(void); + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. @@ -638,6 +728,7 @@ void ERR_load_ENGINE_strings(void); #define ENGINE_F_DYNAMIC_CTRL 180 #define ENGINE_F_DYNAMIC_GET_DATA_CTX 181 #define ENGINE_F_DYNAMIC_LOAD 182 +#define ENGINE_F_DYNAMIC_SET_DATA_CTX 183 #define ENGINE_F_ENGINE_ADD 105 #define ENGINE_F_ENGINE_BY_ID 106 #define ENGINE_F_ENGINE_CMD_IS_EXECUTABLE 170 @@ -645,18 +736,20 @@ void ERR_load_ENGINE_strings(void); #define ENGINE_F_ENGINE_CTRL_CMD 178 #define ENGINE_F_ENGINE_CTRL_CMD_STRING 171 #define ENGINE_F_ENGINE_FINISH 107 -#define ENGINE_F_ENGINE_FREE 108 +#define ENGINE_F_ENGINE_FREE_UTIL 108 #define ENGINE_F_ENGINE_GET_CIPHER 185 #define ENGINE_F_ENGINE_GET_DEFAULT_TYPE 177 #define ENGINE_F_ENGINE_GET_DIGEST 186 #define ENGINE_F_ENGINE_GET_NEXT 115 +#define ENGINE_F_ENGINE_GET_PKEY_ASN1_METH 193 +#define ENGINE_F_ENGINE_GET_PKEY_METH 192 #define ENGINE_F_ENGINE_GET_PREV 116 #define ENGINE_F_ENGINE_INIT 119 #define ENGINE_F_ENGINE_LIST_ADD 120 #define ENGINE_F_ENGINE_LIST_REMOVE 121 #define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY 150 #define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY 151 -#define ENGINE_F_ENGINE_MODULE_INIT 187 +#define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT 194 #define ENGINE_F_ENGINE_NEW 122 #define ENGINE_F_ENGINE_REMOVE 123 #define ENGINE_F_ENGINE_SET_DEFAULT_STRING 189 @@ -665,10 +758,12 @@ void ERR_load_ENGINE_strings(void); #define ENGINE_F_ENGINE_SET_NAME 130 #define ENGINE_F_ENGINE_TABLE_REGISTER 184 #define ENGINE_F_ENGINE_UNLOAD_KEY 152 +#define ENGINE_F_ENGINE_UNLOCKED_FINISH 191 +#define ENGINE_F_ENGINE_UP_REF 190 #define ENGINE_F_INT_CTRL_HELPER 172 #define ENGINE_F_INT_ENGINE_CONFIGURE 188 +#define ENGINE_F_INT_ENGINE_MODULE_INIT 187 #define ENGINE_F_LOG_MESSAGE 141 -#define ENGINE_F_SET_DATA_CTX 183 /* Reason codes. */ #define ENGINE_R_ALREADY_LOADED 100 @@ -683,6 +778,7 @@ void ERR_load_ENGINE_strings(void); #define ENGINE_R_DSO_FAILURE 104 #define ENGINE_R_DSO_NOT_FOUND 132 #define ENGINE_R_ENGINES_SECTION_ERROR 148 +#define ENGINE_R_ENGINE_CONFIGURATION_ERROR 102 #define ENGINE_R_ENGINE_IS_NOT_IN_LIST 105 #define ENGINE_R_ENGINE_SECTION_ERROR 149 #define ENGINE_R_FAILED_LOADING_PRIVATE_KEY 128 @@ -709,6 +805,7 @@ void ERR_load_ENGINE_strings(void); #define ENGINE_R_RSA_NOT_IMPLEMENTED 141 #define ENGINE_R_UNIMPLEMENTED_CIPHER 146 #define ENGINE_R_UNIMPLEMENTED_DIGEST 147 +#define ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD 101 #define ENGINE_R_VERSION_INCOMPATIBILITY 145 #ifdef __cplusplus diff --git a/src/lib/libcrypto/engine/enginetest.c b/src/lib/libcrypto/engine/enginetest.c deleted file mode 100644 index 87fa8c57b72..00000000000 --- a/src/lib/libcrypto/engine/enginetest.c +++ /dev/null @@ -1,274 +0,0 @@ -/* crypto/engine/enginetest.c */ -/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL - * project 2000. - */ -/* ==================================================================== - * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include -#include -#include -#include -#include -#include - -static void display_engine_list() - { - ENGINE *h; - int loop; - - h = ENGINE_get_first(); - loop = 0; - printf("listing available engine types\n"); - while(h) - { - printf("engine %i, id = \"%s\", name = \"%s\"\n", - loop++, ENGINE_get_id(h), ENGINE_get_name(h)); - h = ENGINE_get_next(h); - } - printf("end of list\n"); - /* ENGINE_get_first() increases the struct_ref counter, so we - must call ENGINE_free() to decrease it again */ - ENGINE_free(h); - } - -int main(int argc, char *argv[]) - { - ENGINE *block[512]; - char buf[256]; - const char *id, *name; - ENGINE *ptr; - int loop; - int to_return = 1; - ENGINE *new_h1 = NULL; - ENGINE *new_h2 = NULL; - ENGINE *new_h3 = NULL; - ENGINE *new_h4 = NULL; - - /* enable memory leak checking unless explicitly disabled */ - if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))) - { - CRYPTO_malloc_debug_init(); - CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); - } - else - { - /* OPENSSL_DEBUG_MEMORY=off */ - CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0); - } - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - ERR_load_crypto_strings(); - - memset(block, 0, 512 * sizeof(ENGINE *)); - if(((new_h1 = ENGINE_new()) == NULL) || - !ENGINE_set_id(new_h1, "test_id0") || - !ENGINE_set_name(new_h1, "First test item") || - ((new_h2 = ENGINE_new()) == NULL) || - !ENGINE_set_id(new_h2, "test_id1") || - !ENGINE_set_name(new_h2, "Second test item") || - ((new_h3 = ENGINE_new()) == NULL) || - !ENGINE_set_id(new_h3, "test_id2") || - !ENGINE_set_name(new_h3, "Third test item") || - ((new_h4 = ENGINE_new()) == NULL) || - !ENGINE_set_id(new_h4, "test_id3") || - !ENGINE_set_name(new_h4, "Fourth test item")) - { - printf("Couldn't set up test ENGINE structures\n"); - goto end; - } - printf("\nenginetest beginning\n\n"); - display_engine_list(); - if(!ENGINE_add(new_h1)) - { - printf("Add failed!\n"); - goto end; - } - display_engine_list(); - ptr = ENGINE_get_first(); - if(!ENGINE_remove(ptr)) - { - printf("Remove failed!\n"); - goto end; - } - if (ptr) - ENGINE_free(ptr); - display_engine_list(); - if(!ENGINE_add(new_h3) || !ENGINE_add(new_h2)) - { - printf("Add failed!\n"); - goto end; - } - display_engine_list(); - if(!ENGINE_remove(new_h2)) - { - printf("Remove failed!\n"); - goto end; - } - display_engine_list(); - if(!ENGINE_add(new_h4)) - { - printf("Add failed!\n"); - goto end; - } - display_engine_list(); - if(ENGINE_add(new_h3)) - { - printf("Add *should* have failed but didn't!\n"); - goto end; - } - else - printf("Add that should fail did.\n"); - ERR_clear_error(); - if(ENGINE_remove(new_h2)) - { - printf("Remove *should* have failed but didn't!\n"); - goto end; - } - else - printf("Remove that should fail did.\n"); - ERR_clear_error(); - if(!ENGINE_remove(new_h3)) - { - printf("Remove failed!\n"); - goto end; - } - display_engine_list(); - if(!ENGINE_remove(new_h4)) - { - printf("Remove failed!\n"); - goto end; - } - display_engine_list(); - /* Depending on whether there's any hardware support compiled - * in, this remove may be destined to fail. */ - ptr = ENGINE_get_first(); - if(ptr) - if(!ENGINE_remove(ptr)) - printf("Remove failed!i - probably no hardware " - "support present.\n"); - if (ptr) - ENGINE_free(ptr); - display_engine_list(); - if(!ENGINE_add(new_h1) || !ENGINE_remove(new_h1)) - { - printf("Couldn't add and remove to an empty list!\n"); - goto end; - } - else - printf("Successfully added and removed to an empty list!\n"); - printf("About to beef up the engine-type list\n"); - for(loop = 0; loop < 512; loop++) - { - sprintf(buf, "id%i", loop); - id = BUF_strdup(buf); - sprintf(buf, "Fake engine type %i", loop); - name = BUF_strdup(buf); - if(((block[loop] = ENGINE_new()) == NULL) || - !ENGINE_set_id(block[loop], id) || - !ENGINE_set_name(block[loop], name)) - { - printf("Couldn't create block of ENGINE structures.\n" - "I'll probably also core-dump now, damn.\n"); - goto end; - } - } - for(loop = 0; loop < 512; loop++) - { - if(!ENGINE_add(block[loop])) - { - printf("\nAdding stopped at %i, (%s,%s)\n", - loop, ENGINE_get_id(block[loop]), - ENGINE_get_name(block[loop])); - goto cleanup_loop; - } - else - printf("."); fflush(stdout); - } -cleanup_loop: - printf("\nAbout to empty the engine-type list\n"); - while((ptr = ENGINE_get_first()) != NULL) - { - if(!ENGINE_remove(ptr)) - { - printf("\nRemove failed!\n"); - goto end; - } - ENGINE_free(ptr); - printf("."); fflush(stdout); - } - for(loop = 0; loop < 512; loop++) - { - OPENSSL_free((void *)ENGINE_get_id(block[loop])); - OPENSSL_free((void *)ENGINE_get_name(block[loop])); - } - printf("\nTests completed happily\n"); - to_return = 0; -end: - if(to_return) - ERR_print_errors_fp(stderr); - if(new_h1) ENGINE_free(new_h1); - if(new_h2) ENGINE_free(new_h2); - if(new_h3) ENGINE_free(new_h3); - if(new_h4) ENGINE_free(new_h4); - for(loop = 0; loop < 512; loop++) - if(block[loop]) - ENGINE_free(block[loop]); - ENGINE_cleanup(); - CRYPTO_cleanup_all_ex_data(); - ERR_free_strings(); - ERR_remove_state(0); - CRYPTO_mem_leaks_fp(stderr); - return to_return; - } diff --git a/src/lib/libcrypto/engine/hw.ec b/src/lib/libcrypto/engine/hw.ec deleted file mode 100644 index 5481a439183..00000000000 --- a/src/lib/libcrypto/engine/hw.ec +++ /dev/null @@ -1,8 +0,0 @@ -L AEPHK hw_aep_err.h hw_aep_err.c -L ATALLA hw_atalla_err.h hw_atalla_err.c -L CSWIFT hw_cswift_err.h hw_cswift_err.c -L HWCRHK hw_ncipher_err.h hw_ncipher_err.c -L NURON hw_nuron_err.h hw_nuron_err.c -L SUREWARE hw_sureware_err.h hw_sureware_err.c -L UBSEC hw_ubsec_err.h hw_ubsec_err.c -L CCA4758 hw_4758_cca_err.h hw_4758_cca_err.c diff --git a/src/lib/libcrypto/engine/hw_4758_cca.c b/src/lib/libcrypto/engine/hw_4758_cca.c deleted file mode 100644 index 0ca2f920dc3..00000000000 --- a/src/lib/libcrypto/engine/hw_4758_cca.c +++ /dev/null @@ -1,950 +0,0 @@ -/* Author: Maurice Gittens */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include -/* #include */ -#include "cryptlib.h" -#include -#include -#include -#include - -#ifndef OPENSSL_NO_HW -#ifndef OPENSSL_NO_HW_4758_CCA - -#ifdef FLAT_INC -#include "hw_4758_cca.h" -#else -#include "vendor_defns/hw_4758_cca.h" -#endif - -#include "hw_4758_cca_err.c" - -static int ibm_4758_cca_destroy(ENGINE *e); -static int ibm_4758_cca_init(ENGINE *e); -static int ibm_4758_cca_finish(ENGINE *e); -static int ibm_4758_cca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); - -/* rsa functions */ -/*---------------*/ -#ifndef OPENSSL_NO_RSA -static int cca_rsa_pub_enc(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa,int padding); -static int cca_rsa_priv_dec(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa,int padding); -static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len, - unsigned char *sigret, unsigned int *siglen, const RSA *rsa); -static int cca_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len, - unsigned char *sigbuf, unsigned int siglen, const RSA *rsa); - -/* utility functions */ -/*-----------------------*/ -static EVP_PKEY *ibm_4758_load_privkey(ENGINE*, const char*, - UI_METHOD *ui_method, void *callback_data); -static EVP_PKEY *ibm_4758_load_pubkey(ENGINE*, const char*, - UI_METHOD *ui_method, void *callback_data); - -static int getModulusAndExponent(const unsigned char *token, long *exponentLength, - unsigned char *exponent, long *modulusLength, - long *modulusFieldLength, unsigned char *modulus); -#endif - -/* RAND number functions */ -/*-----------------------*/ -static int cca_get_random_bytes(unsigned char*, int ); -static int cca_random_status(void); - -static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, - int idx,long argl, void *argp); - -/* Function pointers for CCA verbs */ -/*---------------------------------*/ -#ifndef OPENSSL_NO_RSA -static F_KEYRECORDREAD keyRecordRead; -static F_DIGITALSIGNATUREGENERATE digitalSignatureGenerate; -static F_DIGITALSIGNATUREVERIFY digitalSignatureVerify; -static F_PUBLICKEYEXTRACT publicKeyExtract; -static F_PKAENCRYPT pkaEncrypt; -static F_PKADECRYPT pkaDecrypt; -#endif -static F_RANDOMNUMBERGENERATE randomNumberGenerate; - -/* static variables */ -/*------------------*/ -static const char def_CCA4758_LIB_NAME[] = CCA_LIB_NAME; -static const char *CCA4758_LIB_NAME = def_CCA4758_LIB_NAME; -#ifndef OPENSSL_NO_RSA -static const char* n_keyRecordRead = CSNDKRR; -static const char* n_digitalSignatureGenerate = CSNDDSG; -static const char* n_digitalSignatureVerify = CSNDDSV; -static const char* n_publicKeyExtract = CSNDPKX; -static const char* n_pkaEncrypt = CSNDPKE; -static const char* n_pkaDecrypt = CSNDPKD; -#endif -static const char* n_randomNumberGenerate = CSNBRNG; - -static int hndidx = -1; -static DSO *dso = NULL; - -/* openssl engine initialization structures */ -/*------------------------------------------*/ - -#define CCA4758_CMD_SO_PATH ENGINE_CMD_BASE -static const ENGINE_CMD_DEFN cca4758_cmd_defns[] = { - {CCA4758_CMD_SO_PATH, - "SO_PATH", - "Specifies the path to the '4758cca' shared library", - ENGINE_CMD_FLAG_STRING}, - {0, NULL, NULL, 0} - }; - -#ifndef OPENSSL_NO_RSA -static RSA_METHOD ibm_4758_cca_rsa = - { - "IBM 4758 CCA RSA method", - cca_rsa_pub_enc, - NULL, - NULL, - cca_rsa_priv_dec, - NULL, /*rsa_mod_exp,*/ - NULL, /*mod_exp_mont,*/ - NULL, /* init */ - NULL, /* finish */ - RSA_FLAG_SIGN_VER, /* flags */ - NULL, /* app_data */ - cca_rsa_sign, /* rsa_sign */ - cca_rsa_verify /* rsa_verify */ - }; -#endif - -static RAND_METHOD ibm_4758_cca_rand = - { - /* "IBM 4758 RAND method", */ - NULL, /* seed */ - cca_get_random_bytes, /* get random bytes from the card */ - NULL, /* cleanup */ - NULL, /* add */ - cca_get_random_bytes, /* pseudo rand */ - cca_random_status, /* status */ - }; - -static const char *engine_4758_cca_id = "4758cca"; -static const char *engine_4758_cca_name = "IBM 4758 CCA hardware engine support"; - -/* engine implementation */ -/*-----------------------*/ -static int bind_helper(ENGINE *e) - { - if(!ENGINE_set_id(e, engine_4758_cca_id) || - !ENGINE_set_name(e, engine_4758_cca_name) || -#ifndef OPENSSL_NO_RSA - !ENGINE_set_RSA(e, &ibm_4758_cca_rsa) || -#endif - !ENGINE_set_RAND(e, &ibm_4758_cca_rand) || - !ENGINE_set_destroy_function(e, ibm_4758_cca_destroy) || - !ENGINE_set_init_function(e, ibm_4758_cca_init) || - !ENGINE_set_finish_function(e, ibm_4758_cca_finish) || - !ENGINE_set_ctrl_function(e, ibm_4758_cca_ctrl) || - !ENGINE_set_load_privkey_function(e, ibm_4758_load_privkey) || - !ENGINE_set_load_pubkey_function(e, ibm_4758_load_pubkey) || - !ENGINE_set_cmd_defns(e, cca4758_cmd_defns)) - return 0; - /* Ensure the error handling is set up */ - ERR_load_CCA4758_strings(); - return 1; - } - -static ENGINE *engine_4758_cca(void) - { - ENGINE *ret = ENGINE_new(); - if(!ret) - return NULL; - if(!bind_helper(ret)) - { - ENGINE_free(ret); - return NULL; - } - return ret; - } - -void ENGINE_load_4758cca(void) - { - ENGINE *e_4758 = engine_4758_cca(); - if (!e_4758) return; - ENGINE_add(e_4758); - ENGINE_free(e_4758); - ERR_clear_error(); - } - -static int ibm_4758_cca_destroy(ENGINE *e) - { - ERR_unload_CCA4758_strings(); - return 1; - } - -static int ibm_4758_cca_init(ENGINE *e) - { - if(dso) - { - CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_ALREADY_LOADED); - goto err; - } - - dso = DSO_load(NULL, CCA4758_LIB_NAME , NULL, 0); - if(!dso) - { - CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_DSO_FAILURE); - goto err; - } - -#ifndef OPENSSL_NO_RSA - if(!(keyRecordRead = (F_KEYRECORDREAD) - DSO_bind_func(dso, n_keyRecordRead)) || - !(randomNumberGenerate = (F_RANDOMNUMBERGENERATE) - DSO_bind_func(dso, n_randomNumberGenerate)) || - !(digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE) - DSO_bind_func(dso, n_digitalSignatureGenerate)) || - !(digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY) - DSO_bind_func(dso, n_digitalSignatureVerify)) || - !(publicKeyExtract = (F_PUBLICKEYEXTRACT) - DSO_bind_func(dso, n_publicKeyExtract)) || - !(pkaEncrypt = (F_PKAENCRYPT) - DSO_bind_func(dso, n_pkaEncrypt)) || - !(pkaDecrypt = (F_PKADECRYPT) - DSO_bind_func(dso, n_pkaDecrypt))) - { - CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_DSO_FAILURE); - goto err; - } -#else - if(!(randomNumberGenerate = (F_RANDOMNUMBERGENERATE) - DSO_bind_func(dso, n_randomNumberGenerate))) - { - CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_DSO_FAILURE); - goto err; - } -#endif - - hndidx = RSA_get_ex_new_index(0, "IBM 4758 CCA RSA key handle", - NULL, NULL, cca_ex_free); - - return 1; -err: - if(dso) - DSO_free(dso); - dso = NULL; - - keyRecordRead = (F_KEYRECORDREAD)0; - randomNumberGenerate = (F_RANDOMNUMBERGENERATE)0; - digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE)0; - digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)0; - publicKeyExtract = (F_PUBLICKEYEXTRACT)0; - pkaEncrypt = (F_PKAENCRYPT)0; - pkaDecrypt = (F_PKADECRYPT)0; - return 0; - } - -static int ibm_4758_cca_finish(ENGINE *e) - { - if(dso) - { - CCA4758err(CCA4758_F_IBM_4758_CCA_FINISH, - CCA4758_R_NOT_LOADED); - return 0; - } - if(!DSO_free(dso)) - { - CCA4758err(CCA4758_F_IBM_4758_CCA_FINISH, - CCA4758_R_UNIT_FAILURE); - return 0; - } - dso = NULL; - keyRecordRead = (F_KEYRECORDREAD)0; - randomNumberGenerate = (F_RANDOMNUMBERGENERATE)0; - digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE)0; - digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)0; - publicKeyExtract = (F_PUBLICKEYEXTRACT)0; - pkaEncrypt = (F_PKAENCRYPT)0; - pkaDecrypt = (F_PKADECRYPT)0; - return 1; - } - -static int ibm_4758_cca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) - { - int initialised = ((dso == NULL) ? 0 : 1); - switch(cmd) - { - case CCA4758_CMD_SO_PATH: - if(p == NULL) - { - CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL, - ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if(initialised) - { - CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL, - CCA4758_R_ALREADY_LOADED); - return 0; - } - CCA4758_LIB_NAME = (const char *)p; - return 1; - default: - break; - } - CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL, - CCA4758_R_COMMAND_NOT_IMPLEMENTED); - return 0; - } - -#ifndef OPENSSL_NO_RSA - -#define MAX_CCA_PKA_TOKEN_SIZE 2500 - -static EVP_PKEY *ibm_4758_load_privkey(ENGINE* e, const char* key_id, - UI_METHOD *ui_method, void *callback_data) - { - RSA *rtmp = NULL; - EVP_PKEY *res = NULL; - unsigned char* keyToken = NULL; - unsigned char pubKeyToken[MAX_CCA_PKA_TOKEN_SIZE]; - long pubKeyTokenLength = MAX_CCA_PKA_TOKEN_SIZE; - long keyTokenLength = MAX_CCA_PKA_TOKEN_SIZE; - long returnCode; - long reasonCode; - long exitDataLength = 0; - long ruleArrayLength = 0; - unsigned char exitData[8]; - unsigned char ruleArray[8]; - unsigned char keyLabel[64]; - long keyLabelLength = strlen(key_id); - unsigned char modulus[256]; - long modulusFieldLength = sizeof(modulus); - long modulusLength = 0; - unsigned char exponent[256]; - long exponentLength = sizeof(exponent); - - if (keyLabelLength > sizeof(keyLabel)) - { - CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY, - CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL); - return NULL; - } - - memset(keyLabel,' ', sizeof(keyLabel)); - memcpy(keyLabel, key_id, keyLabelLength); - - keyToken = OPENSSL_malloc(MAX_CCA_PKA_TOKEN_SIZE + sizeof(long)); - if (!keyToken) - { - CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY, - ERR_R_MALLOC_FAILURE); - goto err; - } - - keyRecordRead(&returnCode, &reasonCode, &exitDataLength, - exitData, &ruleArrayLength, ruleArray, keyLabel, - &keyTokenLength, keyToken+sizeof(long)); - - if (returnCode) - { - CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY, - CCA4758_R_FAILED_LOADING_PRIVATE_KEY); - goto err; - } - - publicKeyExtract(&returnCode, &reasonCode, &exitDataLength, - exitData, &ruleArrayLength, ruleArray, &keyTokenLength, - keyToken+sizeof(long), &pubKeyTokenLength, pubKeyToken); - - if (returnCode) - { - CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY, - CCA4758_R_FAILED_LOADING_PRIVATE_KEY); - goto err; - } - - if (!getModulusAndExponent(pubKeyToken, &exponentLength, - exponent, &modulusLength, &modulusFieldLength, - modulus)) - { - CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY, - CCA4758_R_FAILED_LOADING_PRIVATE_KEY); - goto err; - } - - (*(long*)keyToken) = keyTokenLength; - rtmp = RSA_new_method(e); - RSA_set_ex_data(rtmp, hndidx, (char *)keyToken); - - rtmp->e = BN_bin2bn(exponent, exponentLength, NULL); - rtmp->n = BN_bin2bn(modulus, modulusFieldLength, NULL); - rtmp->flags |= RSA_FLAG_EXT_PKEY; - - res = EVP_PKEY_new(); - EVP_PKEY_assign_RSA(res, rtmp); - - return res; -err: - if (keyToken) - OPENSSL_free(keyToken); - if (res) - EVP_PKEY_free(res); - if (rtmp) - RSA_free(rtmp); - return NULL; - } - -static EVP_PKEY *ibm_4758_load_pubkey(ENGINE* e, const char* key_id, - UI_METHOD *ui_method, void *callback_data) - { - RSA *rtmp = NULL; - EVP_PKEY *res = NULL; - unsigned char* keyToken = NULL; - long keyTokenLength = MAX_CCA_PKA_TOKEN_SIZE; - long returnCode; - long reasonCode; - long exitDataLength = 0; - long ruleArrayLength = 0; - unsigned char exitData[8]; - unsigned char ruleArray[8]; - unsigned char keyLabel[64]; - long keyLabelLength = strlen(key_id); - unsigned char modulus[512]; - long modulusFieldLength = sizeof(modulus); - long modulusLength = 0; - unsigned char exponent[512]; - long exponentLength = sizeof(exponent); - - if (keyLabelLength > sizeof(keyLabel)) - { - CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY, - CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL); - return NULL; - } - - memset(keyLabel,' ', sizeof(keyLabel)); - memcpy(keyLabel, key_id, keyLabelLength); - - keyToken = OPENSSL_malloc(MAX_CCA_PKA_TOKEN_SIZE + sizeof(long)); - if (!keyToken) - { - CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PUBKEY, - ERR_R_MALLOC_FAILURE); - goto err; - } - - keyRecordRead(&returnCode, &reasonCode, &exitDataLength, exitData, - &ruleArrayLength, ruleArray, keyLabel, &keyTokenLength, - keyToken+sizeof(long)); - - if (returnCode) - { - CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY, - ERR_R_MALLOC_FAILURE); - goto err; - } - - if (!getModulusAndExponent(keyToken+sizeof(long), &exponentLength, - exponent, &modulusLength, &modulusFieldLength, modulus)) - { - CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY, - CCA4758_R_FAILED_LOADING_PUBLIC_KEY); - goto err; - } - - (*(long*)keyToken) = keyTokenLength; - rtmp = RSA_new_method(e); - RSA_set_ex_data(rtmp, hndidx, (char *)keyToken); - rtmp->e = BN_bin2bn(exponent, exponentLength, NULL); - rtmp->n = BN_bin2bn(modulus, modulusFieldLength, NULL); - rtmp->flags |= RSA_FLAG_EXT_PKEY; - res = EVP_PKEY_new(); - EVP_PKEY_assign_RSA(res, rtmp); - - return res; -err: - if (keyToken) - OPENSSL_free(keyToken); - if (res) - EVP_PKEY_free(res); - if (rtmp) - RSA_free(rtmp); - return NULL; - } - -static int cca_rsa_pub_enc(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa,int padding) - { - long returnCode; - long reasonCode; - long lflen = flen; - long exitDataLength = 0; - unsigned char exitData[8]; - long ruleArrayLength = 1; - unsigned char ruleArray[8] = "PKCS-1.2"; - long dataStructureLength = 0; - unsigned char dataStructure[8]; - long outputLength = RSA_size(rsa); - long keyTokenLength; - unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx); - - keyTokenLength = *(long*)keyToken; - keyToken+=sizeof(long); - - pkaEncrypt(&returnCode, &reasonCode, &exitDataLength, exitData, - &ruleArrayLength, ruleArray, &lflen, (unsigned char*)from, - &dataStructureLength, dataStructure, &keyTokenLength, - keyToken, &outputLength, to); - - if (returnCode || reasonCode) - return -(returnCode << 16 | reasonCode); - return outputLength; - } - -static int cca_rsa_priv_dec(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa,int padding) - { - long returnCode; - long reasonCode; - long lflen = flen; - long exitDataLength = 0; - unsigned char exitData[8]; - long ruleArrayLength = 1; - unsigned char ruleArray[8] = "PKCS-1.2"; - long dataStructureLength = 0; - unsigned char dataStructure[8]; - long outputLength = RSA_size(rsa); - long keyTokenLength; - unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx); - - keyTokenLength = *(long*)keyToken; - keyToken+=sizeof(long); - - pkaDecrypt(&returnCode, &reasonCode, &exitDataLength, exitData, - &ruleArrayLength, ruleArray, &lflen, (unsigned char*)from, - &dataStructureLength, dataStructure, &keyTokenLength, - keyToken, &outputLength, to); - - return (returnCode | reasonCode) ? 0 : 1; - } - -#define SSL_SIG_LEN 36 - -static int cca_rsa_verify(int type, const unsigned char *m, unsigned int m_len, - unsigned char *sigbuf, unsigned int siglen, const RSA *rsa) - { - long returnCode; - long reasonCode; - long lsiglen = siglen; - long exitDataLength = 0; - unsigned char exitData[8]; - long ruleArrayLength = 1; - unsigned char ruleArray[8] = "PKCS-1.1"; - long keyTokenLength; - unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx); - long length = SSL_SIG_LEN; - long keyLength ; - unsigned char *hashBuffer = NULL; - X509_SIG sig; - ASN1_TYPE parameter; - X509_ALGOR algorithm; - ASN1_OCTET_STRING digest; - - keyTokenLength = *(long*)keyToken; - keyToken+=sizeof(long); - - if (type == NID_md5 || type == NID_sha1) - { - sig.algor = &algorithm; - algorithm.algorithm = OBJ_nid2obj(type); - - if (!algorithm.algorithm) - { - CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY, - CCA4758_R_UNKNOWN_ALGORITHM_TYPE); - return 0; - } - - if (!algorithm.algorithm->length) - { - CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY, - CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD); - return 0; - } - - parameter.type = V_ASN1_NULL; - parameter.value.ptr = NULL; - algorithm.parameter = ¶meter; - - sig.digest = &digest; - sig.digest->data = (unsigned char*)m; - sig.digest->length = m_len; - - length = i2d_X509_SIG(&sig, NULL); - } - - keyLength = RSA_size(rsa); - - if (length - RSA_PKCS1_PADDING > keyLength) - { - CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY, - CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL); - return 0; - } - - switch (type) - { - case NID_md5_sha1 : - if (m_len != SSL_SIG_LEN) - { - CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY, - CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL); - return 0; - } - - hashBuffer = (unsigned char *)m; - length = m_len; - break; - case NID_md5 : - { - unsigned char *ptr; - ptr = hashBuffer = OPENSSL_malloc( - (unsigned int)keyLength+1); - if (!hashBuffer) - { - CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY, - ERR_R_MALLOC_FAILURE); - return 0; - } - - i2d_X509_SIG(&sig, &ptr); - } - break; - case NID_sha1 : - { - unsigned char *ptr; - ptr = hashBuffer = OPENSSL_malloc( - (unsigned int)keyLength+1); - if (!hashBuffer) - { - CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY, - ERR_R_MALLOC_FAILURE); - return 0; - } - i2d_X509_SIG(&sig, &ptr); - } - break; - default: - return 0; - } - - digitalSignatureVerify(&returnCode, &reasonCode, &exitDataLength, - exitData, &ruleArrayLength, ruleArray, &keyTokenLength, - keyToken, &length, hashBuffer, &lsiglen, sigbuf); - - if (type == NID_sha1 || type == NID_md5) - { - memset(hashBuffer, 0, keyLength+1); - OPENSSL_free(hashBuffer); - } - - return ((returnCode || reasonCode) ? 0 : 1); - } - -#define SSL_SIG_LEN 36 - -static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len, - unsigned char *sigret, unsigned int *siglen, const RSA *rsa) - { - long returnCode; - long reasonCode; - long exitDataLength = 0; - unsigned char exitData[8]; - long ruleArrayLength = 1; - unsigned char ruleArray[8] = "PKCS-1.1"; - long outputLength=256; - long outputBitLength; - long keyTokenLength; - unsigned char *hashBuffer = NULL; - unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx); - long length = SSL_SIG_LEN; - long keyLength ; - X509_SIG sig; - ASN1_TYPE parameter; - X509_ALGOR algorithm; - ASN1_OCTET_STRING digest; - - keyTokenLength = *(long*)keyToken; - keyToken+=sizeof(long); - - if (type == NID_md5 || type == NID_sha1) - { - sig.algor = &algorithm; - algorithm.algorithm = OBJ_nid2obj(type); - - if (!algorithm.algorithm) - { - CCA4758err(CCA4758_F_IBM_4758_CCA_SIGN, - CCA4758_R_UNKNOWN_ALGORITHM_TYPE); - return 0; - } - - if (!algorithm.algorithm->length) - { - CCA4758err(CCA4758_F_IBM_4758_CCA_SIGN, - CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD); - return 0; - } - - parameter.type = V_ASN1_NULL; - parameter.value.ptr = NULL; - algorithm.parameter = ¶meter; - - sig.digest = &digest; - sig.digest->data = (unsigned char*)m; - sig.digest->length = m_len; - - length = i2d_X509_SIG(&sig, NULL); - } - - keyLength = RSA_size(rsa); - - if (length - RSA_PKCS1_PADDING > keyLength) - { - CCA4758err(CCA4758_F_IBM_4758_CCA_SIGN, - CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL); - return 0; - } - - switch (type) - { - case NID_md5_sha1 : - if (m_len != SSL_SIG_LEN) - { - CCA4758err(CCA4758_F_IBM_4758_CCA_SIGN, - CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL); - return 0; - } - hashBuffer = (unsigned char*)m; - length = m_len; - break; - case NID_md5 : - { - unsigned char *ptr; - ptr = hashBuffer = OPENSSL_malloc( - (unsigned int)keyLength+1); - if (!hashBuffer) - { - CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY, - ERR_R_MALLOC_FAILURE); - return 0; - } - i2d_X509_SIG(&sig, &ptr); - } - break; - case NID_sha1 : - { - unsigned char *ptr; - ptr = hashBuffer = OPENSSL_malloc( - (unsigned int)keyLength+1); - if (!hashBuffer) - { - CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY, - ERR_R_MALLOC_FAILURE); - return 0; - } - i2d_X509_SIG(&sig, &ptr); - } - break; - default: - return 0; - } - - digitalSignatureGenerate(&returnCode, &reasonCode, &exitDataLength, - exitData, &ruleArrayLength, ruleArray, &keyTokenLength, - keyToken, &length, hashBuffer, &outputLength, &outputBitLength, - sigret); - - if (type == NID_sha1 || type == NID_md5) - { - memset(hashBuffer, 0, keyLength+1); - OPENSSL_free(hashBuffer); - } - - *siglen = outputLength; - - return ((returnCode || reasonCode) ? 0 : 1); - } - -static int getModulusAndExponent(const unsigned char*token, long *exponentLength, - unsigned char *exponent, long *modulusLength, long *modulusFieldLength, - unsigned char *modulus) - { - unsigned long len; - - if (*token++ != (char)0x1E) /* internal PKA token? */ - return 0; - - if (*token++) /* token version must be zero */ - return 0; - - len = *token++; - len = len << 8; - len |= (unsigned char)*token++; - - token += 4; /* skip reserved bytes */ - - if (*token++ == (char)0x04) - { - if (*token++) /* token version must be zero */ - return 0; - - len = *token++; - len = len << 8; - len |= (unsigned char)*token++; - - token+=2; /* skip reserved section */ - - len = *token++; - len = len << 8; - len |= (unsigned char)*token++; - - *exponentLength = len; - - len = *token++; - len = len << 8; - len |= (unsigned char)*token++; - - *modulusLength = len; - - len = *token++; - len = len << 8; - len |= (unsigned char)*token++; - - *modulusFieldLength = len; - - memcpy(exponent, token, *exponentLength); - token+= *exponentLength; - - memcpy(modulus, token, *modulusFieldLength); - return 1; - } - return 0; - } - -#endif /* OPENSSL_NO_RSA */ - -static int cca_random_status(void) - { - return 1; - } - -static int cca_get_random_bytes(unsigned char* buf, int num) - { - long ret_code; - long reason_code; - long exit_data_length; - unsigned char exit_data[4]; - unsigned char form[] = "RANDOM "; - unsigned char rand_buf[8]; - - while(num >= sizeof(rand_buf)) - { - randomNumberGenerate(&ret_code, &reason_code, &exit_data_length, - exit_data, form, rand_buf); - if (ret_code) - return 0; - num -= sizeof(rand_buf); - memcpy(buf, rand_buf, sizeof(rand_buf)); - buf += sizeof(rand_buf); - } - - if (num) - { - randomNumberGenerate(&ret_code, &reason_code, NULL, NULL, - form, rand_buf); - if (ret_code) - return 0; - memcpy(buf, rand_buf, num); - } - - return 1; - } - -static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, int idx, - long argl, void *argp) - { - if (item) - OPENSSL_free(item); - } - -/* Goo to handle building as a dynamic engine */ -#ifdef ENGINE_DYNAMIC_SUPPORT -static int bind_fn(ENGINE *e, const char *id) - { - if(id && (strcmp(id, engine_cswift_id) != 0)) - return 0; - if(!bind_helper(e)) - return 0; - return 1; - } -IMPLEMENT_DYNAMIC_CHECK_FN() -IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) -#endif /* ENGINE_DYNAMIC_SUPPORT */ - -#endif /* !OPENSSL_NO_HW_4758_CCA */ -#endif /* !OPENSSL_NO_HW */ diff --git a/src/lib/libcrypto/engine/hw_4758_cca_err.c b/src/lib/libcrypto/engine/hw_4758_cca_err.c deleted file mode 100644 index 7ea5c63707b..00000000000 --- a/src/lib/libcrypto/engine/hw_4758_cca_err.c +++ /dev/null @@ -1,149 +0,0 @@ -/* hw_4758_cca_err.c */ -/* ==================================================================== - * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -/* NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - -#include -#include -#include "hw_4758_cca_err.h" - -/* BEGIN ERROR CODES */ -#ifndef OPENSSL_NO_ERR -static ERR_STRING_DATA CCA4758_str_functs[]= - { -{ERR_PACK(0,CCA4758_F_IBM_4758_CCA_CTRL,0), "IBM_4758_CCA_CTRL"}, -{ERR_PACK(0,CCA4758_F_IBM_4758_CCA_FINISH,0), "IBM_4758_CCA_FINISH"}, -{ERR_PACK(0,CCA4758_F_IBM_4758_CCA_INIT,0), "IBM_4758_CCA_INIT"}, -{ERR_PACK(0,CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY,0), "IBM_4758_CCA_LOAD_PRIVKEY"}, -{ERR_PACK(0,CCA4758_F_IBM_4758_CCA_LOAD_PUBKEY,0), "IBM_4758_CCA_LOAD_PUBKEY"}, -{ERR_PACK(0,CCA4758_F_IBM_4758_CCA_SIGN,0), "IBM_4758_CCA_SIGN"}, -{ERR_PACK(0,CCA4758_F_IBM_4758_CCA_VERIFY,0), "IBM_4758_CCA_VERIFY"}, -{0,NULL} - }; - -static ERR_STRING_DATA CCA4758_str_reasons[]= - { -{CCA4758_R_ALREADY_LOADED ,"already loaded"}, -{CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD ,"asn1 oid unknown for md"}, -{CCA4758_R_COMMAND_NOT_IMPLEMENTED ,"command not implemented"}, -{CCA4758_R_DSO_FAILURE ,"dso failure"}, -{CCA4758_R_FAILED_LOADING_PRIVATE_KEY ,"failed loading private key"}, -{CCA4758_R_FAILED_LOADING_PUBLIC_KEY ,"failed loading public key"}, -{CCA4758_R_NOT_LOADED ,"not loaded"}, -{CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL ,"size too large or too small"}, -{CCA4758_R_UNIT_FAILURE ,"unit failure"}, -{CCA4758_R_UNKNOWN_ALGORITHM_TYPE ,"unknown algorithm type"}, -{0,NULL} - }; - -#endif - -#ifdef CCA4758_LIB_NAME -static ERR_STRING_DATA CCA4758_lib_name[]= - { -{0 ,CCA4758_LIB_NAME}, -{0,NULL} - }; -#endif - - -static int CCA4758_lib_error_code=0; -static int CCA4758_error_init=1; - -static void ERR_load_CCA4758_strings(void) - { - if (CCA4758_lib_error_code == 0) - CCA4758_lib_error_code=ERR_get_next_error_library(); - - if (CCA4758_error_init) - { - CCA4758_error_init=0; -#ifndef OPENSSL_NO_ERR - ERR_load_strings(CCA4758_lib_error_code,CCA4758_str_functs); - ERR_load_strings(CCA4758_lib_error_code,CCA4758_str_reasons); -#endif - -#ifdef CCA4758_LIB_NAME - CCA4758_lib_name->error = ERR_PACK(CCA4758_lib_error_code,0,0); - ERR_load_strings(0,CCA4758_lib_name); -#endif - } - } - -static void ERR_unload_CCA4758_strings(void) - { - if (CCA4758_error_init == 0) - { -#ifndef OPENSSL_NO_ERR - ERR_unload_strings(CCA4758_lib_error_code,CCA4758_str_functs); - ERR_unload_strings(CCA4758_lib_error_code,CCA4758_str_reasons); -#endif - -#ifdef CCA4758_LIB_NAME - ERR_unload_strings(0,CCA4758_lib_name); -#endif - CCA4758_error_init=1; - } - } - -static void ERR_CCA4758_error(int function, int reason, char *file, int line) - { - if (CCA4758_lib_error_code == 0) - CCA4758_lib_error_code=ERR_get_next_error_library(); - ERR_PUT_error(CCA4758_lib_error_code,function,reason,file,line); - } diff --git a/src/lib/libcrypto/engine/hw_4758_cca_err.h b/src/lib/libcrypto/engine/hw_4758_cca_err.h deleted file mode 100644 index 2fc563ab117..00000000000 --- a/src/lib/libcrypto/engine/hw_4758_cca_err.h +++ /dev/null @@ -1,93 +0,0 @@ -/* ==================================================================== - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#ifndef HEADER_CCA4758_ERR_H -#define HEADER_CCA4758_ERR_H - -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ -static void ERR_load_CCA4758_strings(void); -static void ERR_unload_CCA4758_strings(void); -static void ERR_CCA4758_error(int function, int reason, char *file, int line); -#define CCA4758err(f,r) ERR_CCA4758_error((f),(r),__FILE__,__LINE__) - -/* Error codes for the CCA4758 functions. */ - -/* Function codes. */ -#define CCA4758_F_IBM_4758_CCA_CTRL 100 -#define CCA4758_F_IBM_4758_CCA_FINISH 101 -#define CCA4758_F_IBM_4758_CCA_INIT 102 -#define CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY 103 -#define CCA4758_F_IBM_4758_CCA_LOAD_PUBKEY 104 -#define CCA4758_F_IBM_4758_CCA_SIGN 105 -#define CCA4758_F_IBM_4758_CCA_VERIFY 106 - -/* Reason codes. */ -#define CCA4758_R_ALREADY_LOADED 100 -#define CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD 101 -#define CCA4758_R_COMMAND_NOT_IMPLEMENTED 102 -#define CCA4758_R_DSO_FAILURE 103 -#define CCA4758_R_FAILED_LOADING_PRIVATE_KEY 104 -#define CCA4758_R_FAILED_LOADING_PUBLIC_KEY 105 -#define CCA4758_R_NOT_LOADED 106 -#define CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL 107 -#define CCA4758_R_UNIT_FAILURE 108 -#define CCA4758_R_UNKNOWN_ALGORITHM_TYPE 109 - -#ifdef __cplusplus -} -#endif -#endif diff --git a/src/lib/libcrypto/engine/hw_aep.c b/src/lib/libcrypto/engine/hw_aep.c deleted file mode 100644 index cf4507cff11..00000000000 --- a/src/lib/libcrypto/engine/hw_aep.c +++ /dev/null @@ -1,1101 +0,0 @@ -/* crypto/engine/hw_aep.c */ -/* - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include -#include - -#include -#ifndef OPENSSL_SYS_MSDOS -#include -#include -#else -#include -typedef int pid_t; -#endif - -#include -#include -#include - -#ifndef OPENSSL_NO_HW -#ifndef OPENSSL_NO_HW_AEP -#ifdef FLAT_INC -#include "aep.h" -#else -#include "vendor_defns/aep.h" -#endif - -#define AEP_LIB_NAME "aep engine" -#define FAIL_TO_SW 0x10101010 - -#include "hw_aep_err.c" - -static int aep_init(ENGINE *e); -static int aep_finish(ENGINE *e); -static int aep_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); -static int aep_destroy(ENGINE *e); - -static AEP_RV aep_get_connection(AEP_CONNECTION_HNDL_PTR hConnection); -static AEP_RV aep_return_connection(AEP_CONNECTION_HNDL hConnection); -static AEP_RV aep_close_connection(AEP_CONNECTION_HNDL hConnection); -static AEP_RV aep_close_all_connections(int use_engine_lock, int *in_use); - -/* BIGNUM stuff */ -static int aep_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx); - -static AEP_RV aep_mod_exp_crt(BIGNUM *r,const BIGNUM *a, const BIGNUM *p, - const BIGNUM *q, const BIGNUM *dmp1,const BIGNUM *dmq1, - const BIGNUM *iqmp, BN_CTX *ctx); - -/* RSA stuff */ -#ifndef OPENSSL_NO_RSA -static int aep_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa); -#endif - -/* This function is aliased to mod_exp (with the mont stuff dropped). */ -static int aep_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); - -/* DSA stuff */ -#ifndef OPENSSL_NO_DSA -static int aep_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, - BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m, - BN_CTX *ctx, BN_MONT_CTX *in_mont); - -static int aep_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a, - const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx); -#endif - -/* DH stuff */ -/* This function is aliased to mod_exp (with the DH and mont dropped). */ -#ifndef OPENSSL_NO_DH -static int aep_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, - const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); -#endif - -/* rand stuff */ -#ifdef AEPRAND -static int aep_rand(unsigned char *buf, int num); -static int aep_rand_status(void); -#endif - -/* Bignum conversion stuff */ -static AEP_RV GetBigNumSize(AEP_VOID_PTR ArbBigNum, AEP_U32* BigNumSize); -static AEP_RV MakeAEPBigNum(AEP_VOID_PTR ArbBigNum, AEP_U32 BigNumSize, - unsigned char* AEP_BigNum); -static AEP_RV ConvertAEPBigNum(void* ArbBigNum, AEP_U32 BigNumSize, - unsigned char* AEP_BigNum); - -/* The definitions for control commands specific to this engine */ -#define AEP_CMD_SO_PATH ENGINE_CMD_BASE -static const ENGINE_CMD_DEFN aep_cmd_defns[] = - { - { AEP_CMD_SO_PATH, - "SO_PATH", - "Specifies the path to the 'aep' shared library", - ENGINE_CMD_FLAG_STRING - }, - {0, NULL, NULL, 0} - }; - -#ifndef OPENSSL_NO_RSA -/* Our internal RSA_METHOD that we provide pointers to */ -static RSA_METHOD aep_rsa = - { - "Aep RSA method", - NULL, /*rsa_pub_encrypt*/ - NULL, /*rsa_pub_decrypt*/ - NULL, /*rsa_priv_encrypt*/ - NULL, /*rsa_priv_encrypt*/ - aep_rsa_mod_exp, /*rsa_mod_exp*/ - aep_mod_exp_mont, /*bn_mod_exp*/ - NULL, /*init*/ - NULL, /*finish*/ - 0, /*flags*/ - NULL, /*app_data*/ - NULL, /*rsa_sign*/ - NULL /*rsa_verify*/ - }; -#endif - -#ifndef OPENSSL_NO_DSA -/* Our internal DSA_METHOD that we provide pointers to */ -static DSA_METHOD aep_dsa = - { - "Aep DSA method", - NULL, /* dsa_do_sign */ - NULL, /* dsa_sign_setup */ - NULL, /* dsa_do_verify */ - aep_dsa_mod_exp, /* dsa_mod_exp */ - aep_mod_exp_dsa, /* bn_mod_exp */ - NULL, /* init */ - NULL, /* finish */ - 0, /* flags */ - NULL /* app_data */ - }; -#endif - -#ifndef OPENSSL_NO_DH -/* Our internal DH_METHOD that we provide pointers to */ -static DH_METHOD aep_dh = - { - "Aep DH method", - NULL, - NULL, - aep_mod_exp_dh, - NULL, - NULL, - 0, - NULL - }; -#endif - -#ifdef AEPRAND -/* our internal RAND_method that we provide pointers to */ -static RAND_METHOD aep_random = - { - /*"AEP RAND method", */ - NULL, - aep_rand, - NULL, - NULL, - aep_rand, - aep_rand_status, - }; -#endif - -/*Define an array of structures to hold connections*/ -static AEP_CONNECTION_ENTRY aep_app_conn_table[MAX_PROCESS_CONNECTIONS]; - -/*Used to determine if this is a new process*/ -static pid_t recorded_pid = 0; - -#ifdef AEPRAND -static AEP_U8 rand_block[RAND_BLK_SIZE]; -static AEP_U32 rand_block_bytes = 0; -#endif - -/* Constants used when creating the ENGINE */ -static const char *engine_aep_id = "aep"; -static const char *engine_aep_name = "Aep hardware engine support"; - -static int max_key_len = 2176; - - -/* This internal function is used by ENGINE_aep() and possibly by the - * "dynamic" ENGINE support too */ -static int bind_aep(ENGINE *e) - { -#ifndef OPENSSL_NO_RSA - const RSA_METHOD *meth1; -#endif -#ifndef OPENSSL_NO_DSA - const DSA_METHOD *meth2; -#endif -#ifndef OPENSSL_NO_DH - const DH_METHOD *meth3; -#endif - - if(!ENGINE_set_id(e, engine_aep_id) || - !ENGINE_set_name(e, engine_aep_name) || -#ifndef OPENSSL_NO_RSA - !ENGINE_set_RSA(e, &aep_rsa) || -#endif -#ifndef OPENSSL_NO_DSA - !ENGINE_set_DSA(e, &aep_dsa) || -#endif -#ifndef OPENSSL_NO_DH - !ENGINE_set_DH(e, &aep_dh) || -#endif -#ifdef AEPRAND - !ENGINE_set_RAND(e, &aep_random) || -#endif - !ENGINE_set_init_function(e, aep_init) || - !ENGINE_set_destroy_function(e, aep_destroy) || - !ENGINE_set_finish_function(e, aep_finish) || - !ENGINE_set_ctrl_function(e, aep_ctrl) || - !ENGINE_set_cmd_defns(e, aep_cmd_defns)) - return 0; - -#ifndef OPENSSL_NO_RSA - /* We know that the "PKCS1_SSLeay()" functions hook properly - * to the aep-specific mod_exp and mod_exp_crt so we use - * those functions. NB: We don't use ENGINE_openssl() or - * anything "more generic" because something like the RSAref - * code may not hook properly, and if you own one of these - * cards then you have the right to do RSA operations on it - * anyway! */ - meth1 = RSA_PKCS1_SSLeay(); - aep_rsa.rsa_pub_enc = meth1->rsa_pub_enc; - aep_rsa.rsa_pub_dec = meth1->rsa_pub_dec; - aep_rsa.rsa_priv_enc = meth1->rsa_priv_enc; - aep_rsa.rsa_priv_dec = meth1->rsa_priv_dec; -#endif - - -#ifndef OPENSSL_NO_DSA - /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish - * bits. */ - meth2 = DSA_OpenSSL(); - aep_dsa.dsa_do_sign = meth2->dsa_do_sign; - aep_dsa.dsa_sign_setup = meth2->dsa_sign_setup; - aep_dsa.dsa_do_verify = meth2->dsa_do_verify; - - aep_dsa = *DSA_get_default_method(); - aep_dsa.dsa_mod_exp = aep_dsa_mod_exp; - aep_dsa.bn_mod_exp = aep_mod_exp_dsa; -#endif - -#ifndef OPENSSL_NO_DH - /* Much the same for Diffie-Hellman */ - meth3 = DH_OpenSSL(); - aep_dh.generate_key = meth3->generate_key; - aep_dh.compute_key = meth3->compute_key; - aep_dh.bn_mod_exp = meth3->bn_mod_exp; -#endif - - /* Ensure the aep error handling is set up */ - ERR_load_AEPHK_strings(); - - return 1; -} - -#ifdef ENGINE_DYNAMIC_SUPPORT -static int bind_helper(ENGINE *e, const char *id) - { - if(id && (strcmp(id, engine_aep_id) != 0)) - return 0; - if(!bind_aep(e)) - return 0; - return 1; - } -IMPLEMENT_DYNAMIC_CHECK_FN() -IMPLEMENT_DYNAMIC_BIND_FN(bind_helper) -#else -static ENGINE *engine_aep(void) - { - ENGINE *ret = ENGINE_new(); - if(!ret) - return NULL; - if(!bind_aep(ret)) - { - ENGINE_free(ret); - return NULL; - } - return ret; - } - -void ENGINE_load_aep(void) - { - /* Copied from eng_[openssl|dyn].c */ - ENGINE *toadd = engine_aep(); - if(!toadd) return; - ENGINE_add(toadd); - ENGINE_free(toadd); - ERR_clear_error(); - } -#endif - -/* This is a process-global DSO handle used for loading and unloading - * the Aep library. NB: This is only set (or unset) during an - * init() or finish() call (reference counts permitting) and they're - * operating with global locks, so this should be thread-safe - * implicitly. */ -static DSO *aep_dso = NULL; - -/* These are the static string constants for the DSO file name and the function - * symbol names to bind to. -*/ -static const char *AEP_LIBNAME = "aep"; - -static const char *AEP_F1 = "AEP_ModExp"; -static const char *AEP_F2 = "AEP_ModExpCrt"; -#ifdef AEPRAND -static const char *AEP_F3 = "AEP_GenRandom"; -#endif -static const char *AEP_F4 = "AEP_Finalize"; -static const char *AEP_F5 = "AEP_Initialize"; -static const char *AEP_F6 = "AEP_OpenConnection"; -static const char *AEP_F7 = "AEP_SetBNCallBacks"; -static const char *AEP_F8 = "AEP_CloseConnection"; - -/* These are the function pointers that are (un)set when the library has - * successfully (un)loaded. */ -static t_AEP_OpenConnection *p_AEP_OpenConnection = NULL; -static t_AEP_CloseConnection *p_AEP_CloseConnection = NULL; -static t_AEP_ModExp *p_AEP_ModExp = NULL; -static t_AEP_ModExpCrt *p_AEP_ModExpCrt = NULL; -#ifdef AEPRAND -static t_AEP_GenRandom *p_AEP_GenRandom = NULL; -#endif -static t_AEP_Initialize *p_AEP_Initialize = NULL; -static t_AEP_Finalize *p_AEP_Finalize = NULL; -static t_AEP_SetBNCallBacks *p_AEP_SetBNCallBacks = NULL; - -/* (de)initialisation functions. */ -static int aep_init(ENGINE *e) - { - t_AEP_ModExp *p1; - t_AEP_ModExpCrt *p2; -#ifdef AEPRAND - t_AEP_GenRandom *p3; -#endif - t_AEP_Finalize *p4; - t_AEP_Initialize *p5; - t_AEP_OpenConnection *p6; - t_AEP_SetBNCallBacks *p7; - t_AEP_CloseConnection *p8; - - int to_return = 0; - - if(aep_dso != NULL) - { - AEPHKerr(AEPHK_F_AEP_INIT,AEPHK_R_ALREADY_LOADED); - goto err; - } - /* Attempt to load libaep.so. */ - - aep_dso = DSO_load(NULL, AEP_LIBNAME, NULL, 0); - - if(aep_dso == NULL) - { - AEPHKerr(AEPHK_F_AEP_INIT,AEPHK_R_NOT_LOADED); - goto err; - } - - if( !(p1 = (t_AEP_ModExp *) DSO_bind_func( aep_dso,AEP_F1)) || - !(p2 = (t_AEP_ModExpCrt*) DSO_bind_func( aep_dso,AEP_F2)) || -#ifdef AEPRAND - !(p3 = (t_AEP_GenRandom*) DSO_bind_func( aep_dso,AEP_F3)) || -#endif - !(p4 = (t_AEP_Finalize*) DSO_bind_func( aep_dso,AEP_F4)) || - !(p5 = (t_AEP_Initialize*) DSO_bind_func( aep_dso,AEP_F5)) || - !(p6 = (t_AEP_OpenConnection*) DSO_bind_func( aep_dso,AEP_F6)) || - !(p7 = (t_AEP_SetBNCallBacks*) DSO_bind_func( aep_dso,AEP_F7)) || - !(p8 = (t_AEP_CloseConnection*) DSO_bind_func( aep_dso,AEP_F8))) - { - AEPHKerr(AEPHK_F_AEP_INIT,AEPHK_R_NOT_LOADED); - goto err; - } - - /* Copy the pointers */ - - p_AEP_ModExp = p1; - p_AEP_ModExpCrt = p2; -#ifdef AEPRAND - p_AEP_GenRandom = p3; -#endif - p_AEP_Finalize = p4; - p_AEP_Initialize = p5; - p_AEP_OpenConnection = p6; - p_AEP_SetBNCallBacks = p7; - p_AEP_CloseConnection = p8; - - to_return = 1; - - return to_return; - - err: - - if(aep_dso) - DSO_free(aep_dso); - - p_AEP_OpenConnection = NULL; - p_AEP_ModExp = NULL; - p_AEP_ModExpCrt = NULL; -#ifdef AEPRAND - p_AEP_GenRandom = NULL; -#endif - p_AEP_Initialize = NULL; - p_AEP_Finalize = NULL; - p_AEP_SetBNCallBacks = NULL; - p_AEP_CloseConnection = NULL; - - return to_return; - } - -/* Destructor (complements the "ENGINE_aep()" constructor) */ -static int aep_destroy(ENGINE *e) - { - ERR_unload_AEPHK_strings(); - return 1; - } - -static int aep_finish(ENGINE *e) - { - int to_return = 0, in_use; - AEP_RV rv; - - if(aep_dso == NULL) - { - AEPHKerr(AEPHK_F_AEP_FINISH,AEPHK_R_NOT_LOADED); - goto err; - } - - rv = aep_close_all_connections(0, &in_use); - if (rv != AEP_R_OK) - { - AEPHKerr(AEPHK_F_AEP_FINISH,AEPHK_R_CLOSE_HANDLES_FAILED); - goto err; - } - if (in_use) - { - AEPHKerr(AEPHK_F_AEP_FINISH,AEPHK_R_CONNECTIONS_IN_USE); - goto err; - } - - rv = p_AEP_Finalize(); - if (rv != AEP_R_OK) - { - AEPHKerr(AEPHK_F_AEP_FINISH,AEPHK_R_FINALIZE_FAILED); - goto err; - } - - if(!DSO_free(aep_dso)) - { - AEPHKerr(AEPHK_F_AEP_FINISH,AEPHK_R_UNIT_FAILURE); - goto err; - } - - aep_dso = NULL; - p_AEP_CloseConnection = NULL; - p_AEP_OpenConnection = NULL; - p_AEP_ModExp = NULL; - p_AEP_ModExpCrt = NULL; -#ifdef AEPRAND - p_AEP_GenRandom = NULL; -#endif - p_AEP_Initialize = NULL; - p_AEP_Finalize = NULL; - p_AEP_SetBNCallBacks = NULL; - - to_return = 1; - err: - return to_return; - } - -static int aep_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) - { - int initialised = ((aep_dso == NULL) ? 0 : 1); - switch(cmd) - { - case AEP_CMD_SO_PATH: - if(p == NULL) - { - AEPHKerr(AEPHK_F_AEP_CTRL, - ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if(initialised) - { - AEPHKerr(AEPHK_F_AEP_CTRL, - AEPHK_R_ALREADY_LOADED); - return 0; - } - AEP_LIBNAME = (const char *)p; - return 1; - default: - break; - } - AEPHKerr(AEPHK_F_AEP_CTRL,AEPHK_R_CTRL_COMMAND_NOT_IMPLEMENTED); - return 0; - } - -static int aep_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx) - { - int to_return = 0; - int r_len = 0; - AEP_CONNECTION_HNDL hConnection; - AEP_RV rv; - - r_len = BN_num_bits(m); - - /* Perform in software if modulus is too large for hardware. */ - - if (r_len > max_key_len){ - AEPHKerr(AEPHK_F_AEP_MOD_EXP, AEPHK_R_SIZE_TOO_LARGE_OR_TOO_SMALL); - return BN_mod_exp(r, a, p, m, ctx); - } - - /*Grab a connection from the pool*/ - rv = aep_get_connection(&hConnection); - if (rv != AEP_R_OK) - { - AEPHKerr(AEPHK_F_AEP_MOD_EXP,AEPHK_R_GET_HANDLE_FAILED); - return BN_mod_exp(r, a, p, m, ctx); - } - - /*To the card with the mod exp*/ - rv = p_AEP_ModExp(hConnection,(void*)a, (void*)p,(void*)m, (void*)r,NULL); - - if (rv != AEP_R_OK) - { - AEPHKerr(AEPHK_F_AEP_MOD_EXP,AEPHK_R_MOD_EXP_FAILED); - rv = aep_close_connection(hConnection); - return BN_mod_exp(r, a, p, m, ctx); - } - - /*Return the connection to the pool*/ - rv = aep_return_connection(hConnection); - if (rv != AEP_R_OK) - { - AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_RETURN_CONNECTION_FAILED); - goto err; - } - - to_return = 1; - err: - return to_return; - } - -static AEP_RV aep_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *q, const BIGNUM *dmp1, - const BIGNUM *dmq1,const BIGNUM *iqmp, BN_CTX *ctx) - { - AEP_RV rv = AEP_R_OK; - AEP_CONNECTION_HNDL hConnection; - - /*Grab a connection from the pool*/ - rv = aep_get_connection(&hConnection); - if (rv != AEP_R_OK) - { - AEPHKerr(AEPHK_F_AEP_MOD_EXP_CRT,AEPHK_R_GET_HANDLE_FAILED); - return FAIL_TO_SW; - } - - /*To the card with the mod exp*/ - rv = p_AEP_ModExpCrt(hConnection,(void*)a, (void*)p, (void*)q, (void*)dmp1,(void*)dmq1, - (void*)iqmp,(void*)r,NULL); - if (rv != AEP_R_OK) - { - AEPHKerr(AEPHK_F_AEP_MOD_EXP_CRT,AEPHK_R_MOD_EXP_CRT_FAILED); - rv = aep_close_connection(hConnection); - return FAIL_TO_SW; - } - - /*Return the connection to the pool*/ - rv = aep_return_connection(hConnection); - if (rv != AEP_R_OK) - { - AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_RETURN_CONNECTION_FAILED); - goto err; - } - - err: - return rv; - } - - -#ifdef AEPRAND -static int aep_rand(unsigned char *buf,int len ) - { - AEP_RV rv = AEP_R_OK; - AEP_CONNECTION_HNDL hConnection; - - CRYPTO_w_lock(CRYPTO_LOCK_RAND); - - /*Can the request be serviced with what's already in the buffer?*/ - if (len <= rand_block_bytes) - { - memcpy(buf, &rand_block[RAND_BLK_SIZE - rand_block_bytes], len); - rand_block_bytes -= len; - CRYPTO_w_unlock(CRYPTO_LOCK_RAND); - } - else - /*If not the get another block of random bytes*/ - { - CRYPTO_w_unlock(CRYPTO_LOCK_RAND); - - rv = aep_get_connection(&hConnection); - if (rv != AEP_R_OK) - { - AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_GET_HANDLE_FAILED); - goto err_nounlock; - } - - if (len > RAND_BLK_SIZE) - { - rv = p_AEP_GenRandom(hConnection, len, 2, buf, NULL); - if (rv != AEP_R_OK) - { - AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_GET_RANDOM_FAILED); - goto err_nounlock; - } - } - else - { - CRYPTO_w_lock(CRYPTO_LOCK_RAND); - - rv = p_AEP_GenRandom(hConnection, RAND_BLK_SIZE, 2, &rand_block[0], NULL); - if (rv != AEP_R_OK) - { - AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_GET_RANDOM_FAILED); - - goto err; - } - - rand_block_bytes = RAND_BLK_SIZE; - - memcpy(buf, &rand_block[RAND_BLK_SIZE - rand_block_bytes], len); - rand_block_bytes -= len; - - CRYPTO_w_unlock(CRYPTO_LOCK_RAND); - } - - rv = aep_return_connection(hConnection); - if (rv != AEP_R_OK) - { - AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_RETURN_CONNECTION_FAILED); - - goto err_nounlock; - } - } - - return 1; - err: - CRYPTO_w_unlock(CRYPTO_LOCK_RAND); - err_nounlock: - return 0; - } - -static int aep_rand_status(void) -{ - return 1; -} -#endif - -#ifndef OPENSSL_NO_RSA -static int aep_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) - { - BN_CTX *ctx = NULL; - int to_return = 0; - AEP_RV rv = AEP_R_OK; - - if ((ctx = BN_CTX_new()) == NULL) - goto err; - - if (!aep_dso) - { - AEPHKerr(AEPHK_F_AEP_RSA_MOD_EXP,AEPHK_R_NOT_LOADED); - goto err; - } - - /*See if we have all the necessary bits for a crt*/ - if (rsa->q && rsa->dmp1 && rsa->dmq1 && rsa->iqmp) - { - rv = aep_mod_exp_crt(r0,I,rsa->p,rsa->q, rsa->dmp1,rsa->dmq1,rsa->iqmp,ctx); - - if (rv == FAIL_TO_SW){ - const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); - to_return = (*meth->rsa_mod_exp)(r0, I, rsa); - goto err; - } - else if (rv != AEP_R_OK) - goto err; - } - else - { - if (!rsa->d || !rsa->n) - { - AEPHKerr(AEPHK_F_AEP_RSA_MOD_EXP,AEPHK_R_MISSING_KEY_COMPONENTS); - goto err; - } - - rv = aep_mod_exp(r0,I,rsa->d,rsa->n,ctx); - if (rv != AEP_R_OK) - goto err; - - } - - to_return = 1; - - err: - if(ctx) - BN_CTX_free(ctx); - return to_return; -} -#endif - -#ifndef OPENSSL_NO_DSA -static int aep_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, - BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m, - BN_CTX *ctx, BN_MONT_CTX *in_mont) - { - BIGNUM t; - int to_return = 0; - BN_init(&t); - - /* let rr = a1 ^ p1 mod m */ - if (!aep_mod_exp(rr,a1,p1,m,ctx)) goto end; - /* let t = a2 ^ p2 mod m */ - if (!aep_mod_exp(&t,a2,p2,m,ctx)) goto end; - /* let rr = rr * t mod m */ - if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end; - to_return = 1; - end: - BN_free(&t); - return to_return; - } - -static int aep_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a, - const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx) - { - return aep_mod_exp(r, a, p, m, ctx); - } -#endif - -/* This function is aliased to mod_exp (with the mont stuff dropped). */ -static int aep_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) - { - return aep_mod_exp(r, a, p, m, ctx); - } - -#ifndef OPENSSL_NO_DH -/* This function is aliased to mod_exp (with the dh and mont dropped). */ -static int aep_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, - const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx) - { - return aep_mod_exp(r, a, p, m, ctx); - } -#endif - -static AEP_RV aep_get_connection(AEP_CONNECTION_HNDL_PTR phConnection) - { - int count; - AEP_RV rv = AEP_R_OK; - - /*Get the current process id*/ - pid_t curr_pid; - - CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); - - curr_pid = getpid(); - - /*Check if this is the first time this is being called from the current - process*/ - if (recorded_pid != curr_pid) - { - /*Remember our pid so we can check if we're in a new process*/ - recorded_pid = curr_pid; - - /*Call Finalize to make sure we have not inherited some data - from a parent process*/ - p_AEP_Finalize(); - - /*Initialise the AEP API*/ - rv = p_AEP_Initialize(NULL); - - if (rv != AEP_R_OK) - { - AEPHKerr(AEPHK_F_AEP_GET_CONNECTION,AEPHK_R_INIT_FAILURE); - recorded_pid = 0; - goto end; - } - - /*Set the AEP big num call back functions*/ - rv = p_AEP_SetBNCallBacks(&GetBigNumSize, &MakeAEPBigNum, - &ConvertAEPBigNum); - - if (rv != AEP_R_OK) - { - AEPHKerr(AEPHK_F_AEP_GET_CONNECTION,AEPHK_R_SETBNCALLBACK_FAILURE); - recorded_pid = 0; - goto end; - } - -#ifdef AEPRAND - /*Reset the rand byte count*/ - rand_block_bytes = 0; -#endif - - /*Init the structures*/ - for (count = 0;count < MAX_PROCESS_CONNECTIONS;count ++) - { - aep_app_conn_table[count].conn_state = NotConnected; - aep_app_conn_table[count].conn_hndl = 0; - } - - /*Open a connection*/ - rv = p_AEP_OpenConnection(phConnection); - - if (rv != AEP_R_OK) - { - AEPHKerr(AEPHK_F_AEP_GET_CONNECTION,AEPHK_R_UNIT_FAILURE); - recorded_pid = 0; - goto end; - } - - aep_app_conn_table[0].conn_state = InUse; - aep_app_conn_table[0].conn_hndl = *phConnection; - goto end; - } - /*Check the existing connections to see if we can find a free one*/ - for (count = 0;count < MAX_PROCESS_CONNECTIONS;count ++) - { - if (aep_app_conn_table[count].conn_state == Connected) - { - aep_app_conn_table[count].conn_state = InUse; - *phConnection = aep_app_conn_table[count].conn_hndl; - goto end; - } - } - /*If no connections available, we're going to have to try - to open a new one*/ - for (count = 0;count < MAX_PROCESS_CONNECTIONS;count ++) - { - if (aep_app_conn_table[count].conn_state == NotConnected) - { - /*Open a connection*/ - rv = p_AEP_OpenConnection(phConnection); - - if (rv != AEP_R_OK) - { - AEPHKerr(AEPHK_F_AEP_GET_CONNECTION,AEPHK_R_UNIT_FAILURE); - goto end; - } - - aep_app_conn_table[count].conn_state = InUse; - aep_app_conn_table[count].conn_hndl = *phConnection; - goto end; - } - } - rv = AEP_R_GENERAL_ERROR; - end: - CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); - return rv; - } - - -static AEP_RV aep_return_connection(AEP_CONNECTION_HNDL hConnection) - { - int count; - - CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); - - /*Find the connection item that matches this connection handle*/ - for(count = 0;count < MAX_PROCESS_CONNECTIONS;count ++) - { - if (aep_app_conn_table[count].conn_hndl == hConnection) - { - aep_app_conn_table[count].conn_state = Connected; - break; - } - } - - CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); - - return AEP_R_OK; - } - -static AEP_RV aep_close_connection(AEP_CONNECTION_HNDL hConnection) - { - int count; - AEP_RV rv = AEP_R_OK; - - CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); - - /*Find the connection item that matches this connection handle*/ - for(count = 0;count < MAX_PROCESS_CONNECTIONS;count ++) - { - if (aep_app_conn_table[count].conn_hndl == hConnection) - { - rv = p_AEP_CloseConnection(aep_app_conn_table[count].conn_hndl); - if (rv != AEP_R_OK) - goto end; - aep_app_conn_table[count].conn_state = NotConnected; - aep_app_conn_table[count].conn_hndl = 0; - break; - } - } - - end: - CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); - return rv; - } - -static AEP_RV aep_close_all_connections(int use_engine_lock, int *in_use) - { - int count; - AEP_RV rv = AEP_R_OK; - - *in_use = 0; - if (use_engine_lock) CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); - for (count = 0;count < MAX_PROCESS_CONNECTIONS;count ++) - { - switch (aep_app_conn_table[count].conn_state) - { - case Connected: - rv = p_AEP_CloseConnection(aep_app_conn_table[count].conn_hndl); - if (rv != AEP_R_OK) - goto end; - aep_app_conn_table[count].conn_state = NotConnected; - aep_app_conn_table[count].conn_hndl = 0; - break; - case InUse: - (*in_use)++; - break; - case NotConnected: - break; - } - } - end: - if (use_engine_lock) CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); - return rv; - } - -/*BigNum call back functions, used to convert OpenSSL bignums into AEP bignums. - Note only 32bit Openssl build support*/ - -static AEP_RV GetBigNumSize(AEP_VOID_PTR ArbBigNum, AEP_U32* BigNumSize) - { - BIGNUM* bn; - - /*Cast the ArbBigNum pointer to our BIGNUM struct*/ - bn = (BIGNUM*) ArbBigNum; - -#ifdef SIXTY_FOUR_BIT_LONG - *BigNumSize = bn->top << 3; -#else - /*Size of the bignum in bytes is equal to the bn->top (no of 32 bit - words) multiplies by 4*/ - *BigNumSize = bn->top << 2; -#endif - - return AEP_R_OK; - } - -static AEP_RV MakeAEPBigNum(AEP_VOID_PTR ArbBigNum, AEP_U32 BigNumSize, - unsigned char* AEP_BigNum) - { - BIGNUM* bn; - -#ifndef SIXTY_FOUR_BIT_LONG - unsigned char* buf; - int i; -#endif - - /*Cast the ArbBigNum pointer to our BIGNUM struct*/ - bn = (BIGNUM*) ArbBigNum; - -#ifdef SIXTY_FOUR_BIT_LONG - memcpy(AEP_BigNum, bn->d, BigNumSize); -#else - /*Must copy data into a (monotone) least significant byte first format - performing endian conversion if necessary*/ - for(i=0;itop;i++) - { - buf = (unsigned char*)&bn->d[i]; - - *((AEP_U32*)AEP_BigNum) = (AEP_U32) - ((unsigned) buf[1] << 8 | buf[0]) | - ((unsigned) buf[3] << 8 | buf[2]) << 16; - - AEP_BigNum += 4; - } -#endif - - return AEP_R_OK; - } - -/*Turn an AEP Big Num back to a user big num*/ -static AEP_RV ConvertAEPBigNum(void* ArbBigNum, AEP_U32 BigNumSize, - unsigned char* AEP_BigNum) - { - BIGNUM* bn; -#ifndef SIXTY_FOUR_BIT_LONG - int i; -#endif - - bn = (BIGNUM*)ArbBigNum; - - /*Expand the result bn so that it can hold our big num. - Size is in bits*/ - bn_expand(bn, (int)(BigNumSize << 3)); - -#ifdef SIXTY_FOUR_BIT_LONG - bn->top = BigNumSize >> 3; - - if((BigNumSize & 7) != 0) - bn->top++; - - memset(bn->d, 0, bn->top << 3); - - memcpy(bn->d, AEP_BigNum, BigNumSize); -#else - bn->top = BigNumSize >> 2; - - for(i=0;itop;i++) - { - bn->d[i] = (AEP_U32) - ((unsigned) AEP_BigNum[3] << 8 | AEP_BigNum[2]) << 16 | - ((unsigned) AEP_BigNum[1] << 8 | AEP_BigNum[0]); - AEP_BigNum += 4; - } -#endif - - return AEP_R_OK; -} - -#endif /* !OPENSSL_NO_HW_AEP */ -#endif /* !OPENSSL_NO_HW */ diff --git a/src/lib/libcrypto/engine/hw_aep_err.c b/src/lib/libcrypto/engine/hw_aep_err.c deleted file mode 100644 index 092f532946c..00000000000 --- a/src/lib/libcrypto/engine/hw_aep_err.c +++ /dev/null @@ -1,157 +0,0 @@ -/* hw_aep_err.c */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -/* NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - -#include -#include -#include "hw_aep_err.h" - -/* BEGIN ERROR CODES */ -#ifndef OPENSSL_NO_ERR -static ERR_STRING_DATA AEPHK_str_functs[]= - { -{ERR_PACK(0,AEPHK_F_AEP_CTRL,0), "AEP_CTRL"}, -{ERR_PACK(0,AEPHK_F_AEP_FINISH,0), "AEP_FINISH"}, -{ERR_PACK(0,AEPHK_F_AEP_GET_CONNECTION,0), "AEP_GET_CONNECTION"}, -{ERR_PACK(0,AEPHK_F_AEP_INIT,0), "AEP_INIT"}, -{ERR_PACK(0,AEPHK_F_AEP_MOD_EXP,0), "AEP_MOD_EXP"}, -{ERR_PACK(0,AEPHK_F_AEP_MOD_EXP_CRT,0), "AEP_MOD_EXP_CRT"}, -{ERR_PACK(0,AEPHK_F_AEP_RAND,0), "AEP_RAND"}, -{ERR_PACK(0,AEPHK_F_AEP_RSA_MOD_EXP,0), "AEP_RSA_MOD_EXP"}, -{0,NULL} - }; - -static ERR_STRING_DATA AEPHK_str_reasons[]= - { -{AEPHK_R_ALREADY_LOADED ,"already loaded"}, -{AEPHK_R_CLOSE_HANDLES_FAILED ,"close handles failed"}, -{AEPHK_R_CONNECTIONS_IN_USE ,"connections in use"}, -{AEPHK_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"}, -{AEPHK_R_FINALIZE_FAILED ,"finalize failed"}, -{AEPHK_R_GET_HANDLE_FAILED ,"get handle failed"}, -{AEPHK_R_GET_RANDOM_FAILED ,"get random failed"}, -{AEPHK_R_INIT_FAILURE ,"init failure"}, -{AEPHK_R_MISSING_KEY_COMPONENTS ,"missing key components"}, -{AEPHK_R_MOD_EXP_CRT_FAILED ,"mod exp crt failed"}, -{AEPHK_R_MOD_EXP_FAILED ,"mod exp failed"}, -{AEPHK_R_NOT_LOADED ,"not loaded"}, -{AEPHK_R_OK ,"ok"}, -{AEPHK_R_RETURN_CONNECTION_FAILED ,"return connection failed"}, -{AEPHK_R_SETBNCALLBACK_FAILURE ,"setbncallback failure"}, -{AEPHK_R_SIZE_TOO_LARGE_OR_TOO_SMALL ,"size too large or too small"}, -{AEPHK_R_UNIT_FAILURE ,"unit failure"}, -{0,NULL} - }; - -#endif - -#ifdef AEPHK_LIB_NAME -static ERR_STRING_DATA AEPHK_lib_name[]= - { -{0 ,AEPHK_LIB_NAME}, -{0,NULL} - }; -#endif - - -static int AEPHK_lib_error_code=0; -static int AEPHK_error_init=1; - -static void ERR_load_AEPHK_strings(void) - { - if (AEPHK_lib_error_code == 0) - AEPHK_lib_error_code=ERR_get_next_error_library(); - - if (AEPHK_error_init) - { - AEPHK_error_init=0; -#ifndef OPENSSL_NO_ERR - ERR_load_strings(AEPHK_lib_error_code,AEPHK_str_functs); - ERR_load_strings(AEPHK_lib_error_code,AEPHK_str_reasons); -#endif - -#ifdef AEPHK_LIB_NAME - AEPHK_lib_name->error = ERR_PACK(AEPHK_lib_error_code,0,0); - ERR_load_strings(0,AEPHK_lib_name); -#endif - } - } - -static void ERR_unload_AEPHK_strings(void) - { - if (AEPHK_error_init == 0) - { -#ifndef OPENSSL_NO_ERR - ERR_unload_strings(AEPHK_lib_error_code,AEPHK_str_functs); - ERR_unload_strings(AEPHK_lib_error_code,AEPHK_str_reasons); -#endif - -#ifdef AEPHK_LIB_NAME - ERR_unload_strings(0,AEPHK_lib_name); -#endif - AEPHK_error_init=1; - } - } - -static void ERR_AEPHK_error(int function, int reason, char *file, int line) - { - if (AEPHK_lib_error_code == 0) - AEPHK_lib_error_code=ERR_get_next_error_library(); - ERR_PUT_error(AEPHK_lib_error_code,function,reason,file,line); - } diff --git a/src/lib/libcrypto/engine/hw_aep_err.h b/src/lib/libcrypto/engine/hw_aep_err.h deleted file mode 100644 index 8fe4cf921f0..00000000000 --- a/src/lib/libcrypto/engine/hw_aep_err.h +++ /dev/null @@ -1,101 +0,0 @@ -/* ==================================================================== - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#ifndef HEADER_AEPHK_ERR_H -#define HEADER_AEPHK_ERR_H - -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ -static void ERR_load_AEPHK_strings(void); -static void ERR_unload_AEPHK_strings(void); -static void ERR_AEPHK_error(int function, int reason, char *file, int line); -#define AEPHKerr(f,r) ERR_AEPHK_error((f),(r),__FILE__,__LINE__) - -/* Error codes for the AEPHK functions. */ - -/* Function codes. */ -#define AEPHK_F_AEP_CTRL 100 -#define AEPHK_F_AEP_FINISH 101 -#define AEPHK_F_AEP_GET_CONNECTION 102 -#define AEPHK_F_AEP_INIT 103 -#define AEPHK_F_AEP_MOD_EXP 104 -#define AEPHK_F_AEP_MOD_EXP_CRT 105 -#define AEPHK_F_AEP_RAND 106 -#define AEPHK_F_AEP_RSA_MOD_EXP 107 - -/* Reason codes. */ -#define AEPHK_R_ALREADY_LOADED 100 -#define AEPHK_R_CLOSE_HANDLES_FAILED 101 -#define AEPHK_R_CONNECTIONS_IN_USE 102 -#define AEPHK_R_CTRL_COMMAND_NOT_IMPLEMENTED 103 -#define AEPHK_R_FINALIZE_FAILED 104 -#define AEPHK_R_GET_HANDLE_FAILED 105 -#define AEPHK_R_GET_RANDOM_FAILED 106 -#define AEPHK_R_INIT_FAILURE 107 -#define AEPHK_R_MISSING_KEY_COMPONENTS 108 -#define AEPHK_R_MOD_EXP_CRT_FAILED 109 -#define AEPHK_R_MOD_EXP_FAILED 110 -#define AEPHK_R_NOT_LOADED 111 -#define AEPHK_R_OK 112 -#define AEPHK_R_RETURN_CONNECTION_FAILED 113 -#define AEPHK_R_SETBNCALLBACK_FAILURE 114 -#define AEPHK_R_SIZE_TOO_LARGE_OR_TOO_SMALL 116 -#define AEPHK_R_UNIT_FAILURE 115 - -#ifdef __cplusplus -} -#endif -#endif diff --git a/src/lib/libcrypto/engine/hw_atalla.c b/src/lib/libcrypto/engine/hw_atalla.c deleted file mode 100644 index 696cfcf156f..00000000000 --- a/src/lib/libcrypto/engine/hw_atalla.c +++ /dev/null @@ -1,575 +0,0 @@ -/* crypto/engine/hw_atalla.c */ -/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL - * project 2000. - */ -/* ==================================================================== - * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include -#include "cryptlib.h" -#include -#include - -#ifndef OPENSSL_NO_HW -#ifndef OPENSSL_NO_HW_ATALLA - -#ifdef FLAT_INC -#include "atalla.h" -#else -#include "vendor_defns/atalla.h" -#endif - -#define ATALLA_LIB_NAME "atalla engine" -#include "hw_atalla_err.c" - -static int atalla_destroy(ENGINE *e); -static int atalla_init(ENGINE *e); -static int atalla_finish(ENGINE *e); -static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); - -/* BIGNUM stuff */ -static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx); - -#ifndef OPENSSL_NO_RSA -/* RSA stuff */ -static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa); -#endif -/* This function is aliased to mod_exp (with the mont stuff dropped). */ -static int atalla_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); - -#ifndef OPENSSL_NO_DSA -/* DSA stuff */ -static int atalla_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, - BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m, - BN_CTX *ctx, BN_MONT_CTX *in_mont); -static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a, - const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx); -#endif - -#ifndef OPENSSL_NO_DH -/* DH stuff */ -/* This function is alised to mod_exp (with the DH and mont dropped). */ -static int atalla_mod_exp_dh(const DH *dh, BIGNUM *r, - const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); -#endif - -/* The definitions for control commands specific to this engine */ -#define ATALLA_CMD_SO_PATH ENGINE_CMD_BASE -static const ENGINE_CMD_DEFN atalla_cmd_defns[] = { - {ATALLA_CMD_SO_PATH, - "SO_PATH", - "Specifies the path to the 'atasi' shared library", - ENGINE_CMD_FLAG_STRING}, - {0, NULL, NULL, 0} - }; - -#ifndef OPENSSL_NO_RSA -/* Our internal RSA_METHOD that we provide pointers to */ -static RSA_METHOD atalla_rsa = - { - "Atalla RSA method", - NULL, - NULL, - NULL, - NULL, - atalla_rsa_mod_exp, - atalla_mod_exp_mont, - NULL, - NULL, - 0, - NULL, - NULL, - NULL - }; -#endif - -#ifndef OPENSSL_NO_DSA -/* Our internal DSA_METHOD that we provide pointers to */ -static DSA_METHOD atalla_dsa = - { - "Atalla DSA method", - NULL, /* dsa_do_sign */ - NULL, /* dsa_sign_setup */ - NULL, /* dsa_do_verify */ - atalla_dsa_mod_exp, /* dsa_mod_exp */ - atalla_mod_exp_dsa, /* bn_mod_exp */ - NULL, /* init */ - NULL, /* finish */ - 0, /* flags */ - NULL /* app_data */ - }; -#endif - -#ifndef OPENSSL_NO_DH -/* Our internal DH_METHOD that we provide pointers to */ -static DH_METHOD atalla_dh = - { - "Atalla DH method", - NULL, - NULL, - atalla_mod_exp_dh, - NULL, - NULL, - 0, - NULL - }; -#endif - -/* Constants used when creating the ENGINE */ -static const char *engine_atalla_id = "atalla"; -static const char *engine_atalla_name = "Atalla hardware engine support"; - -/* This internal function is used by ENGINE_atalla() and possibly by the - * "dynamic" ENGINE support too */ -static int bind_helper(ENGINE *e) - { -#ifndef OPENSSL_NO_RSA - const RSA_METHOD *meth1; -#endif -#ifndef OPENSSL_NO_DSA - const DSA_METHOD *meth2; -#endif -#ifndef OPENSSL_NO_DH - const DH_METHOD *meth3; -#endif - if(!ENGINE_set_id(e, engine_atalla_id) || - !ENGINE_set_name(e, engine_atalla_name) || -#ifndef OPENSSL_NO_RSA - !ENGINE_set_RSA(e, &atalla_rsa) || -#endif -#ifndef OPENSSL_NO_DSA - !ENGINE_set_DSA(e, &atalla_dsa) || -#endif -#ifndef OPENSSL_NO_DH - !ENGINE_set_DH(e, &atalla_dh) || -#endif - !ENGINE_set_destroy_function(e, atalla_destroy) || - !ENGINE_set_init_function(e, atalla_init) || - !ENGINE_set_finish_function(e, atalla_finish) || - !ENGINE_set_ctrl_function(e, atalla_ctrl) || - !ENGINE_set_cmd_defns(e, atalla_cmd_defns)) - return 0; - -#ifndef OPENSSL_NO_RSA - /* We know that the "PKCS1_SSLeay()" functions hook properly - * to the atalla-specific mod_exp and mod_exp_crt so we use - * those functions. NB: We don't use ENGINE_openssl() or - * anything "more generic" because something like the RSAref - * code may not hook properly, and if you own one of these - * cards then you have the right to do RSA operations on it - * anyway! */ - meth1 = RSA_PKCS1_SSLeay(); - atalla_rsa.rsa_pub_enc = meth1->rsa_pub_enc; - atalla_rsa.rsa_pub_dec = meth1->rsa_pub_dec; - atalla_rsa.rsa_priv_enc = meth1->rsa_priv_enc; - atalla_rsa.rsa_priv_dec = meth1->rsa_priv_dec; -#endif - -#ifndef OPENSSL_NO_DSA - /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish - * bits. */ - meth2 = DSA_OpenSSL(); - atalla_dsa.dsa_do_sign = meth2->dsa_do_sign; - atalla_dsa.dsa_sign_setup = meth2->dsa_sign_setup; - atalla_dsa.dsa_do_verify = meth2->dsa_do_verify; -#endif - -#ifndef OPENSSL_NO_DH - /* Much the same for Diffie-Hellman */ - meth3 = DH_OpenSSL(); - atalla_dh.generate_key = meth3->generate_key; - atalla_dh.compute_key = meth3->compute_key; -#endif - - /* Ensure the atalla error handling is set up */ - ERR_load_ATALLA_strings(); - return 1; - } - -static ENGINE *engine_atalla(void) - { - ENGINE *ret = ENGINE_new(); - if(!ret) - return NULL; - if(!bind_helper(ret)) - { - ENGINE_free(ret); - return NULL; - } - return ret; - } - -void ENGINE_load_atalla(void) - { - /* Copied from eng_[openssl|dyn].c */ - ENGINE *toadd = engine_atalla(); - if(!toadd) return; - ENGINE_add(toadd); - ENGINE_free(toadd); - ERR_clear_error(); - } - -/* This is a process-global DSO handle used for loading and unloading - * the Atalla library. NB: This is only set (or unset) during an - * init() or finish() call (reference counts permitting) and they're - * operating with global locks, so this should be thread-safe - * implicitly. */ -static DSO *atalla_dso = NULL; - -/* These are the function pointers that are (un)set when the library has - * successfully (un)loaded. */ -static tfnASI_GetHardwareConfig *p_Atalla_GetHardwareConfig = NULL; -static tfnASI_RSAPrivateKeyOpFn *p_Atalla_RSAPrivateKeyOpFn = NULL; -static tfnASI_GetPerformanceStatistics *p_Atalla_GetPerformanceStatistics = NULL; - -/* These are the static string constants for the DSO file name and the function - * symbol names to bind to. Regrettably, the DSO name on *nix appears to be - * "atasi.so" rather than something more consistent like "libatasi.so". At the - * time of writing, I'm not sure what the file name on win32 is but clearly - * native name translation is not possible (eg libatasi.so on *nix, and - * atasi.dll on win32). For the purposes of testing, I have created a symbollic - * link called "libatasi.so" so that we can use native name-translation - a - * better solution will be needed. */ -static const char def_ATALLA_LIBNAME[] = "atasi"; -static const char *ATALLA_LIBNAME = def_ATALLA_LIBNAME; -static const char *ATALLA_F1 = "ASI_GetHardwareConfig"; -static const char *ATALLA_F2 = "ASI_RSAPrivateKeyOpFn"; -static const char *ATALLA_F3 = "ASI_GetPerformanceStatistics"; - -/* Destructor (complements the "ENGINE_atalla()" constructor) */ -static int atalla_destroy(ENGINE *e) - { - /* Unload the atalla error strings so any error state including our - * functs or reasons won't lead to a segfault (they simply get displayed - * without corresponding string data because none will be found). */ - ERR_unload_ATALLA_strings(); - return 1; - } - -/* (de)initialisation functions. */ -static int atalla_init(ENGINE *e) - { - tfnASI_GetHardwareConfig *p1; - tfnASI_RSAPrivateKeyOpFn *p2; - tfnASI_GetPerformanceStatistics *p3; - /* Not sure of the origin of this magic value, but Ben's code had it - * and it seemed to have been working for a few people. :-) */ - unsigned int config_buf[1024]; - - if(atalla_dso != NULL) - { - ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_ALREADY_LOADED); - goto err; - } - /* Attempt to load libatasi.so/atasi.dll/whatever. Needs to be - * changed unfortunately because the Atalla drivers don't have - * standard library names that can be platform-translated well. */ - /* TODO: Work out how to actually map to the names the Atalla - * drivers really use - for now a symbollic link needs to be - * created on the host system from libatasi.so to atasi.so on - * unix variants. */ - atalla_dso = DSO_load(NULL, ATALLA_LIBNAME, NULL, 0); - if(atalla_dso == NULL) - { - ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_NOT_LOADED); - goto err; - } - if(!(p1 = (tfnASI_GetHardwareConfig *)DSO_bind_func( - atalla_dso, ATALLA_F1)) || - !(p2 = (tfnASI_RSAPrivateKeyOpFn *)DSO_bind_func( - atalla_dso, ATALLA_F2)) || - !(p3 = (tfnASI_GetPerformanceStatistics *)DSO_bind_func( - atalla_dso, ATALLA_F3))) - { - ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_NOT_LOADED); - goto err; - } - /* Copy the pointers */ - p_Atalla_GetHardwareConfig = p1; - p_Atalla_RSAPrivateKeyOpFn = p2; - p_Atalla_GetPerformanceStatistics = p3; - /* Perform a basic test to see if there's actually any unit - * running. */ - if(p1(0L, config_buf) != 0) - { - ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_UNIT_FAILURE); - goto err; - } - /* Everything's fine. */ - return 1; -err: - if(atalla_dso) - DSO_free(atalla_dso); - p_Atalla_GetHardwareConfig = NULL; - p_Atalla_RSAPrivateKeyOpFn = NULL; - p_Atalla_GetPerformanceStatistics = NULL; - return 0; - } - -static int atalla_finish(ENGINE *e) - { - if(atalla_dso == NULL) - { - ATALLAerr(ATALLA_F_ATALLA_FINISH,ATALLA_R_NOT_LOADED); - return 0; - } - if(!DSO_free(atalla_dso)) - { - ATALLAerr(ATALLA_F_ATALLA_FINISH,ATALLA_R_UNIT_FAILURE); - return 0; - } - atalla_dso = NULL; - p_Atalla_GetHardwareConfig = NULL; - p_Atalla_RSAPrivateKeyOpFn = NULL; - p_Atalla_GetPerformanceStatistics = NULL; - return 1; - } - -static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) - { - int initialised = ((atalla_dso == NULL) ? 0 : 1); - switch(cmd) - { - case ATALLA_CMD_SO_PATH: - if(p == NULL) - { - ATALLAerr(ATALLA_F_ATALLA_CTRL,ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if(initialised) - { - ATALLAerr(ATALLA_F_ATALLA_CTRL,ATALLA_R_ALREADY_LOADED); - return 0; - } - ATALLA_LIBNAME = (const char *)p; - return 1; - default: - break; - } - ATALLAerr(ATALLA_F_ATALLA_CTRL,ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED); - return 0; - } - -static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx) - { - /* I need somewhere to store temporary serialised values for - * use with the Atalla API calls. A neat cheat - I'll use - * BIGNUMs from the BN_CTX but access their arrays directly as - * byte arrays . This way I don't have to clean anything - * up. */ - BIGNUM *modulus; - BIGNUM *exponent; - BIGNUM *argument; - BIGNUM *result; - RSAPrivateKey keydata; - int to_return, numbytes; - - modulus = exponent = argument = result = NULL; - to_return = 0; /* expect failure */ - - if(!atalla_dso) - { - ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_NOT_LOADED); - goto err; - } - /* Prepare the params */ - BN_CTX_start(ctx); - modulus = BN_CTX_get(ctx); - exponent = BN_CTX_get(ctx); - argument = BN_CTX_get(ctx); - result = BN_CTX_get(ctx); - if (!result) - { - ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_BN_CTX_FULL); - goto err; - } - if(!bn_wexpand(modulus, m->top) || !bn_wexpand(exponent, m->top) || - !bn_wexpand(argument, m->top) || !bn_wexpand(result, m->top)) - { - ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_BN_EXPAND_FAIL); - goto err; - } - /* Prepare the key-data */ - memset(&keydata, 0,sizeof keydata); - numbytes = BN_num_bytes(m); - memset(exponent->d, 0, numbytes); - memset(modulus->d, 0, numbytes); - BN_bn2bin(p, (unsigned char *)exponent->d + numbytes - BN_num_bytes(p)); - BN_bn2bin(m, (unsigned char *)modulus->d + numbytes - BN_num_bytes(m)); - keydata.privateExponent.data = (unsigned char *)exponent->d; - keydata.privateExponent.len = numbytes; - keydata.modulus.data = (unsigned char *)modulus->d; - keydata.modulus.len = numbytes; - /* Prepare the argument */ - memset(argument->d, 0, numbytes); - memset(result->d, 0, numbytes); - BN_bn2bin(a, (unsigned char *)argument->d + numbytes - BN_num_bytes(a)); - /* Perform the operation */ - if(p_Atalla_RSAPrivateKeyOpFn(&keydata, (unsigned char *)result->d, - (unsigned char *)argument->d, - keydata.modulus.len) != 0) - { - ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_REQUEST_FAILED); - goto err; - } - /* Convert the response */ - BN_bin2bn((unsigned char *)result->d, numbytes, r); - to_return = 1; -err: - BN_CTX_end(ctx); - return to_return; - } - -#ifndef OPENSSL_NO_RSA -static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) - { - BN_CTX *ctx = NULL; - int to_return = 0; - - if(!atalla_dso) - { - ATALLAerr(ATALLA_F_ATALLA_RSA_MOD_EXP,ATALLA_R_NOT_LOADED); - goto err; - } - if((ctx = BN_CTX_new()) == NULL) - goto err; - if(!rsa->d || !rsa->n) - { - ATALLAerr(ATALLA_F_ATALLA_RSA_MOD_EXP,ATALLA_R_MISSING_KEY_COMPONENTS); - goto err; - } - to_return = atalla_mod_exp(r0, I, rsa->d, rsa->n, ctx); -err: - if(ctx) - BN_CTX_free(ctx); - return to_return; - } -#endif - -#ifndef OPENSSL_NO_DSA -/* This code was liberated and adapted from the commented-out code in - * dsa_ossl.c. Because of the unoptimised form of the Atalla acceleration - * (it doesn't have a CRT form for RSA), this function means that an - * Atalla system running with a DSA server certificate can handshake - * around 5 or 6 times faster/more than an equivalent system running with - * RSA. Just check out the "signs" statistics from the RSA and DSA parts - * of "openssl speed -engine atalla dsa1024 rsa1024". */ -static int atalla_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, - BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m, - BN_CTX *ctx, BN_MONT_CTX *in_mont) - { - BIGNUM t; - int to_return = 0; - - BN_init(&t); - /* let rr = a1 ^ p1 mod m */ - if (!atalla_mod_exp(rr,a1,p1,m,ctx)) goto end; - /* let t = a2 ^ p2 mod m */ - if (!atalla_mod_exp(&t,a2,p2,m,ctx)) goto end; - /* let rr = rr * t mod m */ - if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end; - to_return = 1; -end: - BN_free(&t); - return to_return; - } - -static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a, - const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx) - { - return atalla_mod_exp(r, a, p, m, ctx); - } -#endif - -/* This function is aliased to mod_exp (with the mont stuff dropped). */ -static int atalla_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) - { - return atalla_mod_exp(r, a, p, m, ctx); - } - -#ifndef OPENSSL_NO_DH -/* This function is aliased to mod_exp (with the dh and mont dropped). */ -static int atalla_mod_exp_dh(const DH *dh, BIGNUM *r, - const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) - { - return atalla_mod_exp(r, a, p, m, ctx); - } -#endif - -/* This stuff is needed if this ENGINE is being compiled into a self-contained - * shared-library. */ -#ifdef ENGINE_DYNAMIC_SUPPORT -static int bind_fn(ENGINE *e, const char *id) - { - if(id && (strcmp(id, engine_atalla_id) != 0)) - return 0; - if(!bind_helper(e)) - return 0; - return 1; - } -IMPLEMENT_DYNAMIC_CHECK_FN() -IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) -#endif /* ENGINE_DYNAMIC_SUPPORT */ - -#endif /* !OPENSSL_NO_HW_ATALLA */ -#endif /* !OPENSSL_NO_HW */ diff --git a/src/lib/libcrypto/engine/hw_atalla_err.c b/src/lib/libcrypto/engine/hw_atalla_err.c deleted file mode 100644 index 1df9c4570c5..00000000000 --- a/src/lib/libcrypto/engine/hw_atalla_err.c +++ /dev/null @@ -1,145 +0,0 @@ -/* hw_atalla_err.c */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -/* NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - -#include -#include -#include "hw_atalla_err.h" - -/* BEGIN ERROR CODES */ -#ifndef OPENSSL_NO_ERR -static ERR_STRING_DATA ATALLA_str_functs[]= - { -{ERR_PACK(0,ATALLA_F_ATALLA_CTRL,0), "ATALLA_CTRL"}, -{ERR_PACK(0,ATALLA_F_ATALLA_FINISH,0), "ATALLA_FINISH"}, -{ERR_PACK(0,ATALLA_F_ATALLA_INIT,0), "ATALLA_INIT"}, -{ERR_PACK(0,ATALLA_F_ATALLA_MOD_EXP,0), "ATALLA_MOD_EXP"}, -{ERR_PACK(0,ATALLA_F_ATALLA_RSA_MOD_EXP,0), "ATALLA_RSA_MOD_EXP"}, -{0,NULL} - }; - -static ERR_STRING_DATA ATALLA_str_reasons[]= - { -{ATALLA_R_ALREADY_LOADED ,"already loaded"}, -{ATALLA_R_BN_CTX_FULL ,"bn ctx full"}, -{ATALLA_R_BN_EXPAND_FAIL ,"bn expand fail"}, -{ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"}, -{ATALLA_R_MISSING_KEY_COMPONENTS ,"missing key components"}, -{ATALLA_R_NOT_LOADED ,"not loaded"}, -{ATALLA_R_REQUEST_FAILED ,"request failed"}, -{ATALLA_R_UNIT_FAILURE ,"unit failure"}, -{0,NULL} - }; - -#endif - -#ifdef ATALLA_LIB_NAME -static ERR_STRING_DATA ATALLA_lib_name[]= - { -{0 ,ATALLA_LIB_NAME}, -{0,NULL} - }; -#endif - - -static int ATALLA_lib_error_code=0; -static int ATALLA_error_init=1; - -static void ERR_load_ATALLA_strings(void) - { - if (ATALLA_lib_error_code == 0) - ATALLA_lib_error_code=ERR_get_next_error_library(); - - if (ATALLA_error_init) - { - ATALLA_error_init=0; -#ifndef OPENSSL_NO_ERR - ERR_load_strings(ATALLA_lib_error_code,ATALLA_str_functs); - ERR_load_strings(ATALLA_lib_error_code,ATALLA_str_reasons); -#endif - -#ifdef ATALLA_LIB_NAME - ATALLA_lib_name->error = ERR_PACK(ATALLA_lib_error_code,0,0); - ERR_load_strings(0,ATALLA_lib_name); -#endif - } - } - -static void ERR_unload_ATALLA_strings(void) - { - if (ATALLA_error_init == 0) - { -#ifndef OPENSSL_NO_ERR - ERR_unload_strings(ATALLA_lib_error_code,ATALLA_str_functs); - ERR_unload_strings(ATALLA_lib_error_code,ATALLA_str_reasons); -#endif - -#ifdef ATALLA_LIB_NAME - ERR_unload_strings(0,ATALLA_lib_name); -#endif - ATALLA_error_init=1; - } - } - -static void ERR_ATALLA_error(int function, int reason, char *file, int line) - { - if (ATALLA_lib_error_code == 0) - ATALLA_lib_error_code=ERR_get_next_error_library(); - ERR_PUT_error(ATALLA_lib_error_code,function,reason,file,line); - } diff --git a/src/lib/libcrypto/engine/hw_atalla_err.h b/src/lib/libcrypto/engine/hw_atalla_err.h deleted file mode 100644 index cdac052d8c9..00000000000 --- a/src/lib/libcrypto/engine/hw_atalla_err.h +++ /dev/null @@ -1,89 +0,0 @@ -/* ==================================================================== - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#ifndef HEADER_ATALLA_ERR_H -#define HEADER_ATALLA_ERR_H - -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ -static void ERR_load_ATALLA_strings(void); -static void ERR_unload_ATALLA_strings(void); -static void ERR_ATALLA_error(int function, int reason, char *file, int line); -#define ATALLAerr(f,r) ERR_ATALLA_error((f),(r),__FILE__,__LINE__) - -/* Error codes for the ATALLA functions. */ - -/* Function codes. */ -#define ATALLA_F_ATALLA_CTRL 100 -#define ATALLA_F_ATALLA_FINISH 101 -#define ATALLA_F_ATALLA_INIT 102 -#define ATALLA_F_ATALLA_MOD_EXP 103 -#define ATALLA_F_ATALLA_RSA_MOD_EXP 104 - -/* Reason codes. */ -#define ATALLA_R_ALREADY_LOADED 100 -#define ATALLA_R_BN_CTX_FULL 101 -#define ATALLA_R_BN_EXPAND_FAIL 102 -#define ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED 103 -#define ATALLA_R_MISSING_KEY_COMPONENTS 104 -#define ATALLA_R_NOT_LOADED 105 -#define ATALLA_R_REQUEST_FAILED 106 -#define ATALLA_R_UNIT_FAILURE 107 - -#ifdef __cplusplus -} -#endif -#endif diff --git a/src/lib/libcrypto/engine/hw_cryptodev.c b/src/lib/libcrypto/engine/hw_cryptodev.c deleted file mode 100644 index 954eb852078..00000000000 --- a/src/lib/libcrypto/engine/hw_cryptodev.c +++ /dev/null @@ -1,1107 +0,0 @@ -/* - * Copyright (c) 2002 Bob Beck - * Copyright (c) 2002 Theo de Raadt - * Copyright (c) 2002 Markus Friedl - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the author nor the names of contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY - * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED - * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY - * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND - * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -struct dev_crypto_state { - struct session_op d_sess; - int d_fd; -}; - -static u_int32_t cryptodev_asymfeat = 0; - -static int get_asym_dev_crypto(void); -static int open_dev_crypto(void); -static int get_dev_crypto(void); -static int cryptodev_max_iv(int cipher); -static int cryptodev_key_length_valid(int cipher, int len); -static int cipher_nid_to_cryptodev(int nid); -static int get_cryptodev_ciphers(const int **cnids); -static int get_cryptodev_digests(const int **cnids); -static int cryptodev_usable_ciphers(const int **nids); -static int cryptodev_usable_digests(const int **nids); -static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl); -static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); -static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx); -static int cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, - const int **nids, int nid); -static int cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, - const int **nids, int nid); -static int bn2crparam(const BIGNUM *a, struct crparam *crp); -static int crparam2bn(struct crparam *crp, BIGNUM *a); -static void zapparams(struct crypt_kop *kop); -static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, - int slen, BIGNUM *s); - -static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, - const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); -static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, - RSA *rsa); -static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa); -static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, - const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); -static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g, - BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p, - BN_CTX *ctx, BN_MONT_CTX *mont); -static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, - int dlen, DSA *dsa); -static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len, - DSA_SIG *sig, DSA *dsa); -static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, - const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx); -static int cryptodev_dh_compute_key(unsigned char *key, - const BIGNUM *pub_key, DH *dh); -static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, - void (*f)()); -void ENGINE_load_cryptodev(void); - -static const ENGINE_CMD_DEFN cryptodev_defns[] = { - {ENGINE_CMD_BASE, - "SO_PATH", - "Specifies the path to the some stupid shared library", - ENGINE_CMD_FLAG_STRING}, - { 0, NULL, NULL, 0 } -}; - -static struct { - int id; - int nid; - int ivmax; - int keylen; -} ciphers[] = { - { CRYPTO_DES_CBC, NID_des_cbc, 8, 8, }, - { CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24, }, - { CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16, }, - { CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16, }, - { CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16, }, - { CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0, }, - { 0, NID_undef, 0, 0, }, -}; - -static struct { - int id; - int nid; -} digests[] = { - { CRYPTO_SHA1_HMAC, NID_hmacWithSHA1, }, - { CRYPTO_RIPEMD160_HMAC, NID_ripemd160, }, - { CRYPTO_MD5_KPDK, NID_undef, }, - { CRYPTO_SHA1_KPDK, NID_undef, }, - { CRYPTO_MD5, NID_md5, }, - { CRYPTO_SHA1, NID_undef, }, - { 0, NID_undef, }, -}; - -/* - * Return a fd if /dev/crypto seems usable, 0 otherwise. - */ -static int -open_dev_crypto(void) -{ - static int fd = -1; - - if (fd == -1) { - if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1) - return (-1); - /* close on exec */ - if (fcntl(fd, F_SETFD, 1) == -1) { - close(fd); - fd = -1; - return (-1); - } - } - return (fd); -} - -static int -get_dev_crypto(void) -{ - int fd, retfd; - - if ((fd = open_dev_crypto()) == -1) - return (-1); - if (ioctl(fd, CRIOGET, &retfd) == -1) - return (-1); - - /* close on exec */ - if (fcntl(retfd, F_SETFD, 1) == -1) { - close(retfd); - return (-1); - } - return (retfd); -} - -/* Caching version for asym operations */ -static int -get_asym_dev_crypto(void) -{ - static int fd = -1; - - if (fd == -1) - fd = get_dev_crypto(); - return fd; -} - -/* - * XXXX this needs to be set for each alg - and determined from - * a running card. - */ -static int -cryptodev_max_iv(int cipher) -{ - int i; - - for (i = 0; ciphers[i].id; i++) - if (ciphers[i].id == cipher) - return (ciphers[i].ivmax); - return (0); -} - -/* - * XXXX this needs to be set for each alg - and determined from - * a running card. For now, fake it out - but most of these - * for real devices should return 1 for the supported key - * sizes the device can handle. - */ -static int -cryptodev_key_length_valid(int cipher, int len) -{ - int i; - - for (i = 0; ciphers[i].id; i++) - if (ciphers[i].id == cipher) - return (ciphers[i].keylen == len); - return (0); -} - -/* convert libcrypto nids to cryptodev */ -static int -cipher_nid_to_cryptodev(int nid) -{ - int i; - - for (i = 0; ciphers[i].id; i++) - if (ciphers[i].nid == nid) - return (ciphers[i].id); - return (0); -} - -/* - * Find out what ciphers /dev/crypto will let us have a session for. - * XXX note, that some of these openssl doesn't deal with yet! - * returning them here is harmless, as long as we return NULL - * when asked for a handler in the cryptodev_engine_ciphers routine - */ -static int -get_cryptodev_ciphers(const int **cnids) -{ - static int nids[CRYPTO_ALGORITHM_MAX]; - struct session_op sess; - int fd, i, count = 0; - - if ((fd = get_dev_crypto()) < 0) { - *nids = NULL; - return (0); - } - memset(&sess, 0, sizeof(sess)); - sess.key = (caddr_t)"123456781234567812345678"; - - for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { - if (ciphers[i].nid == NID_undef) - continue; - sess.cipher = ciphers[i].id; - sess.keylen = ciphers[i].keylen; - sess.mac = 0; - if (ioctl(fd, CIOCGSESSION, &sess) != -1 && - ioctl(fd, CIOCFSESSION, &sess.ses) != -1) - nids[count++] = ciphers[i].nid; - } - close(fd); - - if (count > 0) - *cnids = nids; - else - *cnids = NULL; - return (count); -} - -/* - * Find out what digests /dev/crypto will let us have a session for. - * XXX note, that some of these openssl doesn't deal with yet! - * returning them here is harmless, as long as we return NULL - * when asked for a handler in the cryptodev_engine_digests routine - */ -static int -get_cryptodev_digests(const int **cnids) -{ - static int nids[CRYPTO_ALGORITHM_MAX]; - struct session_op sess; - int fd, i, count = 0; - - if ((fd = get_dev_crypto()) < 0) { - *nids = NULL; - return (0); - } - memset(&sess, 0, sizeof(sess)); - for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) { - if (digests[i].nid == NID_undef) - continue; - sess.mac = digests[i].id; - sess.cipher = 0; - if (ioctl(fd, CIOCGSESSION, &sess) != -1 && - ioctl(fd, CIOCFSESSION, &sess.ses) != -1) - nids[count++] = digests[i].nid; - } - close(fd); - - if (count > 0) - *cnids = nids; - else - *cnids = NULL; - return (count); -} - -/* - * Find the useable ciphers|digests from dev/crypto - this is the first - * thing called by the engine init crud which determines what it - * can use for ciphers from this engine. We want to return - * only what we can do, anythine else is handled by software. - * - * If we can't initialize the device to do anything useful for - * any reason, we want to return a NULL array, and 0 length, - * which forces everything to be done is software. By putting - * the initalization of the device in here, we ensure we can - * use this engine as the default, and if for whatever reason - * /dev/crypto won't do what we want it will just be done in - * software - * - * This can (should) be greatly expanded to perhaps take into - * account speed of the device, and what we want to do. - * (although the disabling of particular alg's could be controlled - * by the device driver with sysctl's.) - this is where we - * want most of the decisions made about what we actually want - * to use from /dev/crypto. - */ -static int -cryptodev_usable_ciphers(const int **nids) -{ - return (get_cryptodev_ciphers(nids)); -} - -static int -cryptodev_usable_digests(const int **nids) -{ - /* - * XXXX just disable all digests for now, because it sucks. - * we need a better way to decide this - i.e. I may not - * want digests on slow cards like hifn on fast machines, - * but might want them on slow or loaded machines, etc. - * will also want them when using crypto cards that don't - * suck moose gonads - would be nice to be able to decide something - * as reasonable default without having hackery that's card dependent. - * of course, the default should probably be just do everything, - * with perhaps a sysctl to turn algoritms off (or have them off - * by default) on cards that generally suck like the hifn. - */ - *nids = NULL; - return (0); -} - -static int -cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl) -{ - struct crypt_op cryp; - struct dev_crypto_state *state = ctx->cipher_data; - struct session_op *sess = &state->d_sess; - void *iiv; - unsigned char save_iv[EVP_MAX_IV_LENGTH]; - - if (state->d_fd < 0) - return (0); - if (!inl) - return (1); - if ((inl % ctx->cipher->block_size) != 0) - return (0); - - memset(&cryp, 0, sizeof(cryp)); - - cryp.ses = sess->ses; - cryp.flags = 0; - cryp.len = inl; - cryp.src = (caddr_t) in; - cryp.dst = (caddr_t) out; - cryp.mac = 0; - - cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; - - if (ctx->cipher->iv_len) { - cryp.iv = (caddr_t) ctx->iv; - if (!ctx->encrypt) { - iiv = (void *) in + inl - ctx->cipher->iv_len; - memcpy(save_iv, iiv, ctx->cipher->iv_len); - } - } else - cryp.iv = NULL; - - if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) { - /* XXX need better errror handling - * this can fail for a number of different reasons. - */ - return (0); - } - - if (ctx->cipher->iv_len) { - if (ctx->encrypt) - iiv = (void *) out + inl - ctx->cipher->iv_len; - else - iiv = save_iv; - memcpy(ctx->iv, iiv, ctx->cipher->iv_len); - } - return (1); -} - -static int -cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) -{ - struct dev_crypto_state *state = ctx->cipher_data; - struct session_op *sess = &state->d_sess; - int cipher; - - if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NID_undef) - return (0); - - if (ctx->cipher->iv_len > cryptodev_max_iv(cipher)) - return (0); - - if (!cryptodev_key_length_valid(cipher, ctx->key_len)) - return (0); - - memset(sess, 0, sizeof(struct session_op)); - - if ((state->d_fd = get_dev_crypto()) < 0) - return (0); - - sess->key = (unsigned char *)key; - sess->keylen = ctx->key_len; - sess->cipher = cipher; - - if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) { - close(state->d_fd); - state->d_fd = -1; - return (0); - } - return (1); -} - -/* - * free anything we allocated earlier when initting a - * session, and close the session. - */ -static int -cryptodev_cleanup(EVP_CIPHER_CTX *ctx) -{ - int ret = 0; - struct dev_crypto_state *state = ctx->cipher_data; - struct session_op *sess = &state->d_sess; - - if (state->d_fd < 0) - return (0); - - /* XXX if this ioctl fails, someting's wrong. the invoker - * may have called us with a bogus ctx, or we could - * have a device that for whatever reason just doesn't - * want to play ball - it's not clear what's right - * here - should this be an error? should it just - * increase a counter, hmm. For right now, we return - * 0 - I don't believe that to be "right". we could - * call the gorpy openssl lib error handlers that - * print messages to users of the library. hmm.. - */ - - if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) == -1) { - ret = 0; - } else { - ret = 1; - } - close(state->d_fd); - state->d_fd = -1; - - return (ret); -} - -/* - * libcrypto EVP stuff - this is how we get wired to EVP so the engine - * gets called when libcrypto requests a cipher NID. - */ - -/* DES CBC EVP */ -const EVP_CIPHER cryptodev_des_cbc = { - NID_des_cbc, - 8, 8, 8, - EVP_CIPH_CBC_MODE, - cryptodev_init_key, - cryptodev_cipher, - cryptodev_cleanup, - sizeof(struct dev_crypto_state), - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL -}; - -/* 3DES CBC EVP */ -const EVP_CIPHER cryptodev_3des_cbc = { - NID_des_ede3_cbc, - 8, 24, 8, - EVP_CIPH_CBC_MODE, - cryptodev_init_key, - cryptodev_cipher, - cryptodev_cleanup, - sizeof(struct dev_crypto_state), - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL -}; - -const EVP_CIPHER cryptodev_bf_cbc = { - NID_bf_cbc, - 8, 16, 8, - EVP_CIPH_CBC_MODE, - cryptodev_init_key, - cryptodev_cipher, - cryptodev_cleanup, - sizeof(struct dev_crypto_state), - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL -}; - -const EVP_CIPHER cryptodev_cast_cbc = { - NID_cast5_cbc, - 8, 16, 8, - EVP_CIPH_CBC_MODE, - cryptodev_init_key, - cryptodev_cipher, - cryptodev_cleanup, - sizeof(struct dev_crypto_state), - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL -}; - -const EVP_CIPHER cryptodev_aes_cbc = { - NID_aes_128_cbc, - 16, 16, 16, - EVP_CIPH_CBC_MODE, - cryptodev_init_key, - cryptodev_cipher, - cryptodev_cleanup, - sizeof(struct dev_crypto_state), - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL -}; - -/* - * Registered by the ENGINE when used to find out how to deal with - * a particular NID in the ENGINE. this says what we'll do at the - * top level - note, that list is restricted by what we answer with - */ -static int -cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher, - const int **nids, int nid) -{ - if (!cipher) - return (cryptodev_usable_ciphers(nids)); - - switch (nid) { - case NID_des_ede3_cbc: - *cipher = &cryptodev_3des_cbc; - break; - case NID_des_cbc: - *cipher = &cryptodev_des_cbc; - break; - case NID_bf_cbc: - *cipher = &cryptodev_bf_cbc; - break; - case NID_cast5_cbc: - *cipher = &cryptodev_cast_cbc; - break; - case NID_aes_128_cbc: - *cipher = &cryptodev_aes_cbc; - break; - default: - *cipher = NULL; - break; - } - return (*cipher != NULL); -} - -static int -cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest, - const int **nids, int nid) -{ - if (!digest) - return (cryptodev_usable_digests(nids)); - - switch (nid) { - case NID_md5: - *digest = NULL; /* need to make a clean md5 critter */ - break; - default: - *digest = NULL; - break; - } - return (*digest != NULL); -} - -/* - * Convert a BIGNUM to the representation that /dev/crypto needs. - * Upon completion of use, the caller is responsible for freeing - * crp->crp_p. - */ -static int -bn2crparam(const BIGNUM *a, struct crparam *crp) -{ - int i, j, k; - ssize_t words, bytes, bits; - u_char *b; - - crp->crp_p = NULL; - crp->crp_nbits = 0; - - bits = BN_num_bits(a); - bytes = (bits + 7) / 8; - - b = malloc(bytes); - if (b == NULL) - return (1); - - crp->crp_p = b; - crp->crp_nbits = bits; - - for (i = 0, j = 0; i < a->top; i++) { - for (k = 0; k < BN_BITS2 / 8; k++) { - if ((j + k) >= bytes) - return (0); - b[j + k] = a->d[i] >> (k * 8); - } - j += BN_BITS2 / 8; - } - return (0); -} - -/* Convert a /dev/crypto parameter to a BIGNUM */ -static int -crparam2bn(struct crparam *crp, BIGNUM *a) -{ - u_int8_t *pd; - int i, bytes; - - bytes = (crp->crp_nbits + 7) / 8; - - if (bytes == 0) - return (-1); - - if ((pd = (u_int8_t *) malloc(bytes)) == NULL) - return (-1); - - for (i = 0; i < bytes; i++) - pd[i] = crp->crp_p[bytes - i - 1]; - - BN_bin2bn(pd, bytes, a); - free(pd); - - return (0); -} - -static void -zapparams(struct crypt_kop *kop) -{ - int i; - - for (i = 0; i <= kop->crk_iparams + kop->crk_oparams; i++) { - if (kop->crk_param[i].crp_p) - free(kop->crk_param[i].crp_p); - kop->crk_param[i].crp_p = NULL; - kop->crk_param[i].crp_nbits = 0; - } -} - -static int -cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s) -{ - int fd, ret = -1; - - if ((fd = get_asym_dev_crypto()) < 0) - return (ret); - - if (r) { - kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char)); - kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8; - kop->crk_oparams++; - } - if (s) { - kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char)); - kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8; - kop->crk_oparams++; - } - - if (ioctl(fd, CIOCKEY, kop) == 0) { - if (r) - crparam2bn(&kop->crk_param[kop->crk_iparams], r); - if (s) - crparam2bn(&kop->crk_param[kop->crk_iparams+1], s); - ret = 0; - } - - return (ret); -} - -static int -cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) -{ - struct crypt_kop kop; - int ret = 1; - - /* Currently, we know we can do mod exp iff we can do any - * asymmetric operations at all. - */ - if (cryptodev_asymfeat == 0) { - ret = BN_mod_exp(r, a, p, m, ctx); - return (ret); - } - - memset(&kop, 0, sizeof kop); - kop.crk_op = CRK_MOD_EXP; - - /* inputs: a^p % m */ - if (bn2crparam(a, &kop.crk_param[0])) - goto err; - if (bn2crparam(p, &kop.crk_param[1])) - goto err; - if (bn2crparam(m, &kop.crk_param[2])) - goto err; - kop.crk_iparams = 3; - - if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL) == -1) { - const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); - ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont); - } -err: - zapparams(&kop); - return (ret); -} - -static int -cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) -{ - int r; - BN_CTX *ctx; - - ctx = BN_CTX_new(); - r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL); - BN_CTX_free(ctx); - return (r); -} - -static int -cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) -{ - struct crypt_kop kop; - int ret = 1; - - if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) { - /* XXX 0 means failure?? */ - return (0); - } - - memset(&kop, 0, sizeof kop); - kop.crk_op = CRK_MOD_EXP_CRT; - /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */ - if (bn2crparam(rsa->p, &kop.crk_param[0])) - goto err; - if (bn2crparam(rsa->q, &kop.crk_param[1])) - goto err; - if (bn2crparam(I, &kop.crk_param[2])) - goto err; - if (bn2crparam(rsa->dmp1, &kop.crk_param[3])) - goto err; - if (bn2crparam(rsa->dmq1, &kop.crk_param[4])) - goto err; - if (bn2crparam(rsa->iqmp, &kop.crk_param[5])) - goto err; - kop.crk_iparams = 6; - - if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL) == -1) { - const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); - ret = (*meth->rsa_mod_exp)(r0, I, rsa); - } -err: - zapparams(&kop); - return (ret); -} - -static RSA_METHOD cryptodev_rsa = { - "cryptodev RSA method", - NULL, /* rsa_pub_enc */ - NULL, /* rsa_pub_dec */ - NULL, /* rsa_priv_enc */ - NULL, /* rsa_priv_dec */ - NULL, - NULL, - NULL, /* init */ - NULL, /* finish */ - 0, /* flags */ - NULL, /* app_data */ - NULL, /* rsa_sign */ - NULL /* rsa_verify */ -}; - -static int -cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) -{ - return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx)); -} - -static int -cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g, - BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p, - BN_CTX *ctx, BN_MONT_CTX *mont) -{ - BIGNUM t2; - int ret = 0; - - BN_init(&t2); - - /* v = ( g^u1 * y^u2 mod p ) mod q */ - /* let t1 = g ^ u1 mod p */ - ret = 0; - - if (!dsa->meth->bn_mod_exp(dsa,t1,dsa->g,u1,dsa->p,ctx,mont)) - goto err; - - /* let t2 = y ^ u2 mod p */ - if (!dsa->meth->bn_mod_exp(dsa,&t2,dsa->pub_key,u2,dsa->p,ctx,mont)) - goto err; - /* let u1 = t1 * t2 mod p */ - if (!BN_mod_mul(u1,t1,&t2,dsa->p,ctx)) - goto err; - - BN_copy(t1,u1); - - ret = 1; -err: - BN_free(&t2); - return(ret); -} - -static DSA_SIG * -cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) -{ - struct crypt_kop kop; - BIGNUM *r = NULL, *s = NULL; - DSA_SIG *dsaret = NULL; - - if ((r = BN_new()) == NULL) - goto err; - if ((s = BN_new()) == NULL) { - BN_free(r); - goto err; - } - - printf("bar\n"); - memset(&kop, 0, sizeof kop); - kop.crk_op = CRK_DSA_SIGN; - - /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ - kop.crk_param[0].crp_p = (caddr_t)dgst; - kop.crk_param[0].crp_nbits = dlen * 8; - if (bn2crparam(dsa->p, &kop.crk_param[1])) - goto err; - if (bn2crparam(dsa->q, &kop.crk_param[2])) - goto err; - if (bn2crparam(dsa->g, &kop.crk_param[3])) - goto err; - if (bn2crparam(dsa->priv_key, &kop.crk_param[4])) - goto err; - kop.crk_iparams = 5; - - if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r, - BN_num_bytes(dsa->q), s) == 0) { - dsaret = DSA_SIG_new(); - dsaret->r = r; - dsaret->s = s; - } else { - const DSA_METHOD *meth = DSA_OpenSSL(); - BN_free(r); - BN_free(s); - dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa); - } -err: - kop.crk_param[0].crp_p = NULL; - zapparams(&kop); - return (dsaret); -} - -static int -cryptodev_dsa_verify(const unsigned char *dgst, int dlen, - DSA_SIG *sig, DSA *dsa) -{ - struct crypt_kop kop; - int dsaret = 1; - - memset(&kop, 0, sizeof kop); - kop.crk_op = CRK_DSA_VERIFY; - - /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */ - kop.crk_param[0].crp_p = (caddr_t)dgst; - kop.crk_param[0].crp_nbits = dlen * 8; - if (bn2crparam(dsa->p, &kop.crk_param[1])) - goto err; - if (bn2crparam(dsa->q, &kop.crk_param[2])) - goto err; - if (bn2crparam(dsa->g, &kop.crk_param[3])) - goto err; - if (bn2crparam(dsa->pub_key, &kop.crk_param[4])) - goto err; - if (bn2crparam(sig->r, &kop.crk_param[5])) - goto err; - if (bn2crparam(sig->s, &kop.crk_param[6])) - goto err; - kop.crk_iparams = 7; - - if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) { - dsaret = kop.crk_status; - } else { - const DSA_METHOD *meth = DSA_OpenSSL(); - - dsaret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa); - } -err: - kop.crk_param[0].crp_p = NULL; - zapparams(&kop); - return (dsaret); -} - -static DSA_METHOD cryptodev_dsa = { - "cryptodev DSA method", - NULL, - NULL, /* dsa_sign_setup */ - NULL, - NULL, /* dsa_mod_exp */ - NULL, - NULL, /* init */ - NULL, /* finish */ - 0, /* flags */ - NULL /* app_data */ -}; - -static int -cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, - const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx) -{ - return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx)); -} - -static int -cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) -{ - struct crypt_kop kop; - int dhret = 1; - int fd, keylen; - - if ((fd = get_asym_dev_crypto()) < 0) { - const DH_METHOD *meth = DH_OpenSSL(); - - return ((meth->compute_key)(key, pub_key, dh)); - } - - keylen = BN_num_bits(dh->p); - - memset(&kop, 0, sizeof kop); - kop.crk_op = CRK_DH_COMPUTE_KEY; - - /* inputs: dh->priv_key pub_key dh->p key */ - if (bn2crparam(dh->priv_key, &kop.crk_param[0])) - goto err; - if (bn2crparam(pub_key, &kop.crk_param[1])) - goto err; - if (bn2crparam(dh->p, &kop.crk_param[2])) - goto err; - kop.crk_iparams = 3; - - kop.crk_param[3].crp_p = key; - kop.crk_param[3].crp_nbits = keylen * 8; - kop.crk_oparams = 1; - - if (ioctl(fd, CIOCKEY, &kop) == -1) { - const DH_METHOD *meth = DH_OpenSSL(); - - dhret = (meth->compute_key)(key, pub_key, dh); - } -err: - kop.crk_param[3].crp_p = NULL; - zapparams(&kop); - return (dhret); -} - -static DH_METHOD cryptodev_dh = { - "cryptodev DH method", - NULL, /* cryptodev_dh_generate_key */ - NULL, - NULL, - NULL, - NULL, - 0, /* flags */ - NULL /* app_data */ -}; - -/* - * ctrl right now is just a wrapper that doesn't do much - * but I expect we'll want some options soon. - */ -static int -cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) -{ - struct syslog_data sd = SYSLOG_DATA_INIT; - - switch (cmd) { - default: - syslog_r(LOG_ERR, &sd, - "cryptodev_ctrl: unknown command %d", cmd); - break; - } - return (1); -} - -void -ENGINE_load_cryptodev(void) -{ - ENGINE *engine = ENGINE_new(); - int fd; - - if (engine == NULL) - return; - if ((fd = get_dev_crypto()) < 0) - return; - - /* - * find out what asymmetric crypto algorithms we support - */ - if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) { - close(fd); - return; - } - close(fd); - - if (!ENGINE_set_id(engine, "cryptodev") || - !ENGINE_set_name(engine, "OpenBSD cryptodev engine") || - !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) || - !ENGINE_set_digests(engine, cryptodev_engine_digests) || - !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) || - !ENGINE_set_cmd_defns(engine, cryptodev_defns)) { - ENGINE_free(engine); - return; - } - - if (ENGINE_set_RSA(engine, &cryptodev_rsa)) { - const RSA_METHOD *rsa_meth = RSA_PKCS1_SSLeay(); - - cryptodev_rsa.bn_mod_exp = rsa_meth->bn_mod_exp; - cryptodev_rsa.rsa_mod_exp = rsa_meth->rsa_mod_exp; - cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc; - cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec; - cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_enc; - cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec; - if (cryptodev_asymfeat & CRF_MOD_EXP) { - cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp; - if (cryptodev_asymfeat & CRF_MOD_EXP_CRT) - cryptodev_rsa.rsa_mod_exp = - cryptodev_rsa_mod_exp; - else - cryptodev_rsa.rsa_mod_exp = - cryptodev_rsa_nocrt_mod_exp; - } - } - - if (ENGINE_set_DSA(engine, &cryptodev_dsa)) { - const DSA_METHOD *meth = DSA_OpenSSL(); - - memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD)); - if (cryptodev_asymfeat & CRF_DSA_SIGN) - cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign; - if (cryptodev_asymfeat & CRF_MOD_EXP) { - cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp; - cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp; - } - if (cryptodev_asymfeat & CRF_DSA_VERIFY) - cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify; - } - - if (ENGINE_set_DH(engine, &cryptodev_dh)){ - const DH_METHOD *dh_meth = DH_OpenSSL(); - - cryptodev_dh.generate_key = dh_meth->generate_key; - cryptodev_dh.compute_key = dh_meth->compute_key; - cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp; - if (cryptodev_asymfeat & CRF_MOD_EXP) { - cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh; - if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY) - cryptodev_dh.compute_key = - cryptodev_dh_compute_key; - } - } - - ENGINE_add(engine); - ENGINE_free(engine); - ERR_clear_error(); -} diff --git a/src/lib/libcrypto/engine/hw_cswift.c b/src/lib/libcrypto/engine/hw_cswift.c deleted file mode 100644 index da732abce0a..00000000000 --- a/src/lib/libcrypto/engine/hw_cswift.c +++ /dev/null @@ -1,907 +0,0 @@ -/* crypto/engine/hw_cswift.c */ -/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL - * project 2000. - */ -/* ==================================================================== - * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include -#include "cryptlib.h" -#include -#include - -#ifndef OPENSSL_NO_HW -#ifndef OPENSSL_NO_HW_CSWIFT - -/* Attribution notice: Rainbow have generously allowed me to reproduce - * the necessary definitions here from their API. This means the support - * can build independently of whether application builders have the - * API or hardware. This will allow developers to easily produce software - * that has latent hardware support for any users that have accelerators - * installed, without the developers themselves needing anything extra. - * - * I have only clipped the parts from the CryptoSwift header files that - * are (or seem) relevant to the CryptoSwift support code. This is - * simply to keep the file sizes reasonable. - * [Geoff] - */ -#ifdef FLAT_INC -#include "cswift.h" -#else -#include "vendor_defns/cswift.h" -#endif - -#define CSWIFT_LIB_NAME "cswift engine" -#include "hw_cswift_err.c" - -static int cswift_destroy(ENGINE *e); -static int cswift_init(ENGINE *e); -static int cswift_finish(ENGINE *e); -static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); - -/* BIGNUM stuff */ -static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx); -static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1, - const BIGNUM *iqmp, BN_CTX *ctx); - -#ifndef OPENSSL_NO_RSA -/* RSA stuff */ -static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa); -#endif -/* This function is aliased to mod_exp (with the mont stuff dropped). */ -static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); - -#ifndef OPENSSL_NO_DSA -/* DSA stuff */ -static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa); -static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len, - DSA_SIG *sig, DSA *dsa); -#endif - -#ifndef OPENSSL_NO_DH -/* DH stuff */ -/* This function is alised to mod_exp (with the DH and mont dropped). */ -static int cswift_mod_exp_dh(const DH *dh, BIGNUM *r, - const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); -#endif - -/* The definitions for control commands specific to this engine */ -#define CSWIFT_CMD_SO_PATH ENGINE_CMD_BASE -static const ENGINE_CMD_DEFN cswift_cmd_defns[] = { - {CSWIFT_CMD_SO_PATH, - "SO_PATH", - "Specifies the path to the 'cswift' shared library", - ENGINE_CMD_FLAG_STRING}, - {0, NULL, NULL, 0} - }; - -#ifndef OPENSSL_NO_RSA -/* Our internal RSA_METHOD that we provide pointers to */ -static RSA_METHOD cswift_rsa = - { - "CryptoSwift RSA method", - NULL, - NULL, - NULL, - NULL, - cswift_rsa_mod_exp, - cswift_mod_exp_mont, - NULL, - NULL, - 0, - NULL, - NULL, - NULL - }; -#endif - -#ifndef OPENSSL_NO_DSA -/* Our internal DSA_METHOD that we provide pointers to */ -static DSA_METHOD cswift_dsa = - { - "CryptoSwift DSA method", - cswift_dsa_sign, - NULL, /* dsa_sign_setup */ - cswift_dsa_verify, - NULL, /* dsa_mod_exp */ - NULL, /* bn_mod_exp */ - NULL, /* init */ - NULL, /* finish */ - 0, /* flags */ - NULL /* app_data */ - }; -#endif - -#ifndef OPENSSL_NO_DH -/* Our internal DH_METHOD that we provide pointers to */ -static DH_METHOD cswift_dh = - { - "CryptoSwift DH method", - NULL, - NULL, - cswift_mod_exp_dh, - NULL, - NULL, - 0, - NULL - }; -#endif - -/* Constants used when creating the ENGINE */ -static const char *engine_cswift_id = "cswift"; -static const char *engine_cswift_name = "CryptoSwift hardware engine support"; - -/* This internal function is used by ENGINE_cswift() and possibly by the - * "dynamic" ENGINE support too */ -static int bind_helper(ENGINE *e) - { -#ifndef OPENSSL_NO_RSA - const RSA_METHOD *meth1; -#endif -#ifndef OPENSSL_NO_DH - const DH_METHOD *meth2; -#endif - if(!ENGINE_set_id(e, engine_cswift_id) || - !ENGINE_set_name(e, engine_cswift_name) || -#ifndef OPENSSL_NO_RSA - !ENGINE_set_RSA(e, &cswift_rsa) || -#endif -#ifndef OPENSSL_NO_DSA - !ENGINE_set_DSA(e, &cswift_dsa) || -#endif -#ifndef OPENSSL_NO_DH - !ENGINE_set_DH(e, &cswift_dh) || -#endif - !ENGINE_set_destroy_function(e, cswift_destroy) || - !ENGINE_set_init_function(e, cswift_init) || - !ENGINE_set_finish_function(e, cswift_finish) || - !ENGINE_set_ctrl_function(e, cswift_ctrl) || - !ENGINE_set_cmd_defns(e, cswift_cmd_defns)) - return 0; - -#ifndef OPENSSL_NO_RSA - /* We know that the "PKCS1_SSLeay()" functions hook properly - * to the cswift-specific mod_exp and mod_exp_crt so we use - * those functions. NB: We don't use ENGINE_openssl() or - * anything "more generic" because something like the RSAref - * code may not hook properly, and if you own one of these - * cards then you have the right to do RSA operations on it - * anyway! */ - meth1 = RSA_PKCS1_SSLeay(); - cswift_rsa.rsa_pub_enc = meth1->rsa_pub_enc; - cswift_rsa.rsa_pub_dec = meth1->rsa_pub_dec; - cswift_rsa.rsa_priv_enc = meth1->rsa_priv_enc; - cswift_rsa.rsa_priv_dec = meth1->rsa_priv_dec; -#endif - -#ifndef OPENSSL_NO_DH - /* Much the same for Diffie-Hellman */ - meth2 = DH_OpenSSL(); - cswift_dh.generate_key = meth2->generate_key; - cswift_dh.compute_key = meth2->compute_key; -#endif - - /* Ensure the cswift error handling is set up */ - ERR_load_CSWIFT_strings(); - return 1; - } - -static ENGINE *engine_cswift(void) - { - ENGINE *ret = ENGINE_new(); - if(!ret) - return NULL; - if(!bind_helper(ret)) - { - ENGINE_free(ret); - return NULL; - } - return ret; - } - -void ENGINE_load_cswift(void) - { - /* Copied from eng_[openssl|dyn].c */ - ENGINE *toadd = engine_cswift(); - if(!toadd) return; - ENGINE_add(toadd); - ENGINE_free(toadd); - ERR_clear_error(); - } - -/* This is a process-global DSO handle used for loading and unloading - * the CryptoSwift library. NB: This is only set (or unset) during an - * init() or finish() call (reference counts permitting) and they're - * operating with global locks, so this should be thread-safe - * implicitly. */ -static DSO *cswift_dso = NULL; - -/* These are the function pointers that are (un)set when the library has - * successfully (un)loaded. */ -t_swAcquireAccContext *p_CSwift_AcquireAccContext = NULL; -t_swAttachKeyParam *p_CSwift_AttachKeyParam = NULL; -t_swSimpleRequest *p_CSwift_SimpleRequest = NULL; -t_swReleaseAccContext *p_CSwift_ReleaseAccContext = NULL; - -/* Used in the DSO operations. */ -static const char def_CSWIFT_LIBNAME[] = "swift"; -static const char *CSWIFT_LIBNAME = def_CSWIFT_LIBNAME; -static const char *CSWIFT_F1 = "swAcquireAccContext"; -static const char *CSWIFT_F2 = "swAttachKeyParam"; -static const char *CSWIFT_F3 = "swSimpleRequest"; -static const char *CSWIFT_F4 = "swReleaseAccContext"; - - -/* CryptoSwift library functions and mechanics - these are used by the - * higher-level functions further down. NB: As and where there's no - * error checking, take a look lower down where these functions are - * called, the checking and error handling is probably down there. */ - -/* utility function to obtain a context */ -static int get_context(SW_CONTEXT_HANDLE *hac) - { - SW_STATUS status; - - status = p_CSwift_AcquireAccContext(hac); - if(status != SW_OK) - return 0; - return 1; - } - -/* similarly to release one. */ -static void release_context(SW_CONTEXT_HANDLE hac) - { - p_CSwift_ReleaseAccContext(hac); - } - -/* Destructor (complements the "ENGINE_cswift()" constructor) */ -static int cswift_destroy(ENGINE *e) - { - ERR_unload_CSWIFT_strings(); - return 1; - } - -/* (de)initialisation functions. */ -static int cswift_init(ENGINE *e) - { - SW_CONTEXT_HANDLE hac; - t_swAcquireAccContext *p1; - t_swAttachKeyParam *p2; - t_swSimpleRequest *p3; - t_swReleaseAccContext *p4; - - if(cswift_dso != NULL) - { - CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_ALREADY_LOADED); - goto err; - } - /* Attempt to load libswift.so/swift.dll/whatever. */ - cswift_dso = DSO_load(NULL, CSWIFT_LIBNAME, NULL, 0); - if(cswift_dso == NULL) - { - CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_NOT_LOADED); - goto err; - } - if(!(p1 = (t_swAcquireAccContext *) - DSO_bind_func(cswift_dso, CSWIFT_F1)) || - !(p2 = (t_swAttachKeyParam *) - DSO_bind_func(cswift_dso, CSWIFT_F2)) || - !(p3 = (t_swSimpleRequest *) - DSO_bind_func(cswift_dso, CSWIFT_F3)) || - !(p4 = (t_swReleaseAccContext *) - DSO_bind_func(cswift_dso, CSWIFT_F4))) - { - CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_NOT_LOADED); - goto err; - } - /* Copy the pointers */ - p_CSwift_AcquireAccContext = p1; - p_CSwift_AttachKeyParam = p2; - p_CSwift_SimpleRequest = p3; - p_CSwift_ReleaseAccContext = p4; - /* Try and get a context - if not, we may have a DSO but no - * accelerator! */ - if(!get_context(&hac)) - { - CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_UNIT_FAILURE); - goto err; - } - release_context(hac); - /* Everything's fine. */ - return 1; -err: - if(cswift_dso) - DSO_free(cswift_dso); - p_CSwift_AcquireAccContext = NULL; - p_CSwift_AttachKeyParam = NULL; - p_CSwift_SimpleRequest = NULL; - p_CSwift_ReleaseAccContext = NULL; - return 0; - } - -static int cswift_finish(ENGINE *e) - { - if(cswift_dso == NULL) - { - CSWIFTerr(CSWIFT_F_CSWIFT_FINISH,CSWIFT_R_NOT_LOADED); - return 0; - } - if(!DSO_free(cswift_dso)) - { - CSWIFTerr(CSWIFT_F_CSWIFT_FINISH,CSWIFT_R_UNIT_FAILURE); - return 0; - } - cswift_dso = NULL; - p_CSwift_AcquireAccContext = NULL; - p_CSwift_AttachKeyParam = NULL; - p_CSwift_SimpleRequest = NULL; - p_CSwift_ReleaseAccContext = NULL; - return 1; - } - -static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) - { - int initialised = ((cswift_dso == NULL) ? 0 : 1); - switch(cmd) - { - case CSWIFT_CMD_SO_PATH: - if(p == NULL) - { - CSWIFTerr(CSWIFT_F_CSWIFT_CTRL,ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if(initialised) - { - CSWIFTerr(CSWIFT_F_CSWIFT_CTRL,CSWIFT_R_ALREADY_LOADED); - return 0; - } - CSWIFT_LIBNAME = (const char *)p; - return 1; - default: - break; - } - CSWIFTerr(CSWIFT_F_CSWIFT_CTRL,CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED); - return 0; - } - -/* Un petit mod_exp */ -static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx) - { - /* I need somewhere to store temporary serialised values for - * use with the CryptoSwift API calls. A neat cheat - I'll use - * BIGNUMs from the BN_CTX but access their arrays directly as - * byte arrays . This way I don't have to clean anything - * up. */ - BIGNUM *modulus; - BIGNUM *exponent; - BIGNUM *argument; - BIGNUM *result; - SW_STATUS sw_status; - SW_LARGENUMBER arg, res; - SW_PARAM sw_param; - SW_CONTEXT_HANDLE hac; - int to_return, acquired; - - modulus = exponent = argument = result = NULL; - to_return = 0; /* expect failure */ - acquired = 0; - - if(!get_context(&hac)) - { - CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_UNIT_FAILURE); - goto err; - } - acquired = 1; - /* Prepare the params */ - BN_CTX_start(ctx); - modulus = BN_CTX_get(ctx); - exponent = BN_CTX_get(ctx); - argument = BN_CTX_get(ctx); - result = BN_CTX_get(ctx); - if(!result) - { - CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_BN_CTX_FULL); - goto err; - } - if(!bn_wexpand(modulus, m->top) || !bn_wexpand(exponent, p->top) || - !bn_wexpand(argument, a->top) || !bn_wexpand(result, m->top)) - { - CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_BN_EXPAND_FAIL); - goto err; - } - sw_param.type = SW_ALG_EXP; - sw_param.up.exp.modulus.nbytes = BN_bn2bin(m, - (unsigned char *)modulus->d); - sw_param.up.exp.modulus.value = (unsigned char *)modulus->d; - sw_param.up.exp.exponent.nbytes = BN_bn2bin(p, - (unsigned char *)exponent->d); - sw_param.up.exp.exponent.value = (unsigned char *)exponent->d; - /* Attach the key params */ - sw_status = p_CSwift_AttachKeyParam(hac, &sw_param); - switch(sw_status) - { - case SW_OK: - break; - case SW_ERR_INPUT_SIZE: - CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_BAD_KEY_SIZE); - goto err; - default: - { - char tmpbuf[DECIMAL_SIZE(sw_status)+1]; - CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED); - sprintf(tmpbuf, "%ld", sw_status); - ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); - } - goto err; - } - /* Prepare the argument and response */ - arg.nbytes = BN_bn2bin(a, (unsigned char *)argument->d); - arg.value = (unsigned char *)argument->d; - res.nbytes = BN_num_bytes(m); - memset(result->d, 0, res.nbytes); - res.value = (unsigned char *)result->d; - /* Perform the operation */ - if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP, &arg, 1, - &res, 1)) != SW_OK) - { - char tmpbuf[DECIMAL_SIZE(sw_status)+1]; - CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED); - sprintf(tmpbuf, "%ld", sw_status); - ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); - goto err; - } - /* Convert the response */ - BN_bin2bn((unsigned char *)result->d, res.nbytes, r); - to_return = 1; -err: - if(acquired) - release_context(hac); - BN_CTX_end(ctx); - return to_return; - } - -/* Un petit mod_exp chinois */ -static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *q, const BIGNUM *dmp1, - const BIGNUM *dmq1, const BIGNUM *iqmp, BN_CTX *ctx) - { - SW_STATUS sw_status; - SW_LARGENUMBER arg, res; - SW_PARAM sw_param; - SW_CONTEXT_HANDLE hac; - BIGNUM *rsa_p = NULL; - BIGNUM *rsa_q = NULL; - BIGNUM *rsa_dmp1 = NULL; - BIGNUM *rsa_dmq1 = NULL; - BIGNUM *rsa_iqmp = NULL; - BIGNUM *argument = NULL; - BIGNUM *result = NULL; - int to_return = 0; /* expect failure */ - int acquired = 0; - - if(!get_context(&hac)) - { - CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_UNIT_FAILURE); - goto err; - } - acquired = 1; - /* Prepare the params */ - BN_CTX_start(ctx); - rsa_p = BN_CTX_get(ctx); - rsa_q = BN_CTX_get(ctx); - rsa_dmp1 = BN_CTX_get(ctx); - rsa_dmq1 = BN_CTX_get(ctx); - rsa_iqmp = BN_CTX_get(ctx); - argument = BN_CTX_get(ctx); - result = BN_CTX_get(ctx); - if(!result) - { - CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_CTX_FULL); - goto err; - } - if(!bn_wexpand(rsa_p, p->top) || !bn_wexpand(rsa_q, q->top) || - !bn_wexpand(rsa_dmp1, dmp1->top) || - !bn_wexpand(rsa_dmq1, dmq1->top) || - !bn_wexpand(rsa_iqmp, iqmp->top) || - !bn_wexpand(argument, a->top) || - !bn_wexpand(result, p->top + q->top)) - { - CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL); - goto err; - } - sw_param.type = SW_ALG_CRT; - sw_param.up.crt.p.nbytes = BN_bn2bin(p, (unsigned char *)rsa_p->d); - sw_param.up.crt.p.value = (unsigned char *)rsa_p->d; - sw_param.up.crt.q.nbytes = BN_bn2bin(q, (unsigned char *)rsa_q->d); - sw_param.up.crt.q.value = (unsigned char *)rsa_q->d; - sw_param.up.crt.dmp1.nbytes = BN_bn2bin(dmp1, - (unsigned char *)rsa_dmp1->d); - sw_param.up.crt.dmp1.value = (unsigned char *)rsa_dmp1->d; - sw_param.up.crt.dmq1.nbytes = BN_bn2bin(dmq1, - (unsigned char *)rsa_dmq1->d); - sw_param.up.crt.dmq1.value = (unsigned char *)rsa_dmq1->d; - sw_param.up.crt.iqmp.nbytes = BN_bn2bin(iqmp, - (unsigned char *)rsa_iqmp->d); - sw_param.up.crt.iqmp.value = (unsigned char *)rsa_iqmp->d; - /* Attach the key params */ - sw_status = p_CSwift_AttachKeyParam(hac, &sw_param); - switch(sw_status) - { - case SW_OK: - break; - case SW_ERR_INPUT_SIZE: - CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BAD_KEY_SIZE); - goto err; - default: - { - char tmpbuf[DECIMAL_SIZE(sw_status)+1]; - CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED); - sprintf(tmpbuf, "%ld", sw_status); - ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); - } - goto err; - } - /* Prepare the argument and response */ - arg.nbytes = BN_bn2bin(a, (unsigned char *)argument->d); - arg.value = (unsigned char *)argument->d; - res.nbytes = 2 * BN_num_bytes(p); - memset(result->d, 0, res.nbytes); - res.value = (unsigned char *)result->d; - /* Perform the operation */ - if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP_CRT, &arg, 1, - &res, 1)) != SW_OK) - { - char tmpbuf[DECIMAL_SIZE(sw_status)+1]; - CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED); - sprintf(tmpbuf, "%ld", sw_status); - ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); - goto err; - } - /* Convert the response */ - BN_bin2bn((unsigned char *)result->d, res.nbytes, r); - to_return = 1; -err: - if(acquired) - release_context(hac); - BN_CTX_end(ctx); - return to_return; - } - -#ifndef OPENSSL_NO_RSA -static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) - { - BN_CTX *ctx; - int to_return = 0; - - if((ctx = BN_CTX_new()) == NULL) - goto err; - if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) - { - CSWIFTerr(CSWIFT_F_CSWIFT_RSA_MOD_EXP,CSWIFT_R_MISSING_KEY_COMPONENTS); - goto err; - } - to_return = cswift_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1, - rsa->dmq1, rsa->iqmp, ctx); -err: - if(ctx) - BN_CTX_free(ctx); - return to_return; - } -#endif - -/* This function is aliased to mod_exp (with the mont stuff dropped). */ -static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) - { - return cswift_mod_exp(r, a, p, m, ctx); - } - -#ifndef OPENSSL_NO_DSA -static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa) - { - SW_CONTEXT_HANDLE hac; - SW_PARAM sw_param; - SW_STATUS sw_status; - SW_LARGENUMBER arg, res; - unsigned char *ptr; - BN_CTX *ctx; - BIGNUM *dsa_p = NULL; - BIGNUM *dsa_q = NULL; - BIGNUM *dsa_g = NULL; - BIGNUM *dsa_key = NULL; - BIGNUM *result = NULL; - DSA_SIG *to_return = NULL; - int acquired = 0; - - if((ctx = BN_CTX_new()) == NULL) - goto err; - if(!get_context(&hac)) - { - CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_UNIT_FAILURE); - goto err; - } - acquired = 1; - /* Prepare the params */ - BN_CTX_start(ctx); - dsa_p = BN_CTX_get(ctx); - dsa_q = BN_CTX_get(ctx); - dsa_g = BN_CTX_get(ctx); - dsa_key = BN_CTX_get(ctx); - result = BN_CTX_get(ctx); - if(!result) - { - CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_BN_CTX_FULL); - goto err; - } - if(!bn_wexpand(dsa_p, dsa->p->top) || - !bn_wexpand(dsa_q, dsa->q->top) || - !bn_wexpand(dsa_g, dsa->g->top) || - !bn_wexpand(dsa_key, dsa->priv_key->top) || - !bn_wexpand(result, dsa->p->top)) - { - CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_BN_EXPAND_FAIL); - goto err; - } - sw_param.type = SW_ALG_DSA; - sw_param.up.dsa.p.nbytes = BN_bn2bin(dsa->p, - (unsigned char *)dsa_p->d); - sw_param.up.dsa.p.value = (unsigned char *)dsa_p->d; - sw_param.up.dsa.q.nbytes = BN_bn2bin(dsa->q, - (unsigned char *)dsa_q->d); - sw_param.up.dsa.q.value = (unsigned char *)dsa_q->d; - sw_param.up.dsa.g.nbytes = BN_bn2bin(dsa->g, - (unsigned char *)dsa_g->d); - sw_param.up.dsa.g.value = (unsigned char *)dsa_g->d; - sw_param.up.dsa.key.nbytes = BN_bn2bin(dsa->priv_key, - (unsigned char *)dsa_key->d); - sw_param.up.dsa.key.value = (unsigned char *)dsa_key->d; - /* Attach the key params */ - sw_status = p_CSwift_AttachKeyParam(hac, &sw_param); - switch(sw_status) - { - case SW_OK: - break; - case SW_ERR_INPUT_SIZE: - CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_BAD_KEY_SIZE); - goto err; - default: - { - char tmpbuf[DECIMAL_SIZE(sw_status)+1]; - CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED); - sprintf(tmpbuf, "%ld", sw_status); - ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); - } - goto err; - } - /* Prepare the argument and response */ - arg.nbytes = dlen; - arg.value = (unsigned char *)dgst; - res.nbytes = BN_num_bytes(dsa->p); - memset(result->d, 0, res.nbytes); - res.value = (unsigned char *)result->d; - /* Perform the operation */ - sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_DSS_SIGN, &arg, 1, - &res, 1); - if(sw_status != SW_OK) - { - char tmpbuf[DECIMAL_SIZE(sw_status)+1]; - CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED); - sprintf(tmpbuf, "%ld", sw_status); - ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); - goto err; - } - /* Convert the response */ - ptr = (unsigned char *)result->d; - if((to_return = DSA_SIG_new()) == NULL) - goto err; - to_return->r = BN_bin2bn((unsigned char *)result->d, 20, NULL); - to_return->s = BN_bin2bn((unsigned char *)result->d + 20, 20, NULL); - -err: - if(acquired) - release_context(hac); - if(ctx) - { - BN_CTX_end(ctx); - BN_CTX_free(ctx); - } - return to_return; - } - -static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len, - DSA_SIG *sig, DSA *dsa) - { - SW_CONTEXT_HANDLE hac; - SW_PARAM sw_param; - SW_STATUS sw_status; - SW_LARGENUMBER arg[2], res; - unsigned long sig_result; - BN_CTX *ctx; - BIGNUM *dsa_p = NULL; - BIGNUM *dsa_q = NULL; - BIGNUM *dsa_g = NULL; - BIGNUM *dsa_key = NULL; - BIGNUM *argument = NULL; - int to_return = -1; - int acquired = 0; - - if((ctx = BN_CTX_new()) == NULL) - goto err; - if(!get_context(&hac)) - { - CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_UNIT_FAILURE); - goto err; - } - acquired = 1; - /* Prepare the params */ - BN_CTX_start(ctx); - dsa_p = BN_CTX_get(ctx); - dsa_q = BN_CTX_get(ctx); - dsa_g = BN_CTX_get(ctx); - dsa_key = BN_CTX_get(ctx); - argument = BN_CTX_get(ctx); - if(!argument) - { - CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_BN_CTX_FULL); - goto err; - } - if(!bn_wexpand(dsa_p, dsa->p->top) || - !bn_wexpand(dsa_q, dsa->q->top) || - !bn_wexpand(dsa_g, dsa->g->top) || - !bn_wexpand(dsa_key, dsa->pub_key->top) || - !bn_wexpand(argument, 40)) - { - CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_BN_EXPAND_FAIL); - goto err; - } - sw_param.type = SW_ALG_DSA; - sw_param.up.dsa.p.nbytes = BN_bn2bin(dsa->p, - (unsigned char *)dsa_p->d); - sw_param.up.dsa.p.value = (unsigned char *)dsa_p->d; - sw_param.up.dsa.q.nbytes = BN_bn2bin(dsa->q, - (unsigned char *)dsa_q->d); - sw_param.up.dsa.q.value = (unsigned char *)dsa_q->d; - sw_param.up.dsa.g.nbytes = BN_bn2bin(dsa->g, - (unsigned char *)dsa_g->d); - sw_param.up.dsa.g.value = (unsigned char *)dsa_g->d; - sw_param.up.dsa.key.nbytes = BN_bn2bin(dsa->pub_key, - (unsigned char *)dsa_key->d); - sw_param.up.dsa.key.value = (unsigned char *)dsa_key->d; - /* Attach the key params */ - sw_status = p_CSwift_AttachKeyParam(hac, &sw_param); - switch(sw_status) - { - case SW_OK: - break; - case SW_ERR_INPUT_SIZE: - CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_BAD_KEY_SIZE); - goto err; - default: - { - char tmpbuf[DECIMAL_SIZE(sw_status)+1]; - CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED); - sprintf(tmpbuf, "%ld", sw_status); - ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); - } - goto err; - } - /* Prepare the argument and response */ - arg[0].nbytes = dgst_len; - arg[0].value = (unsigned char *)dgst; - arg[1].nbytes = 40; - arg[1].value = (unsigned char *)argument->d; - memset(arg[1].value, 0, 40); - BN_bn2bin(sig->r, arg[1].value + 20 - BN_num_bytes(sig->r)); - BN_bn2bin(sig->s, arg[1].value + 40 - BN_num_bytes(sig->s)); - res.nbytes = 4; /* unsigned long */ - res.value = (unsigned char *)(&sig_result); - /* Perform the operation */ - sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_DSS_VERIFY, arg, 2, - &res, 1); - if(sw_status != SW_OK) - { - char tmpbuf[DECIMAL_SIZE(sw_status)+1]; - CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED); - sprintf(tmpbuf, "%ld", sw_status); - ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf); - goto err; - } - /* Convert the response */ - to_return = ((sig_result == 0) ? 0 : 1); - -err: - if(acquired) - release_context(hac); - if(ctx) - { - BN_CTX_end(ctx); - BN_CTX_free(ctx); - } - return to_return; - } -#endif - -#ifndef OPENSSL_NO_DH -/* This function is aliased to mod_exp (with the dh and mont dropped). */ -static int cswift_mod_exp_dh(const DH *dh, BIGNUM *r, - const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) - { - return cswift_mod_exp(r, a, p, m, ctx); - } -#endif - -/* This stuff is needed if this ENGINE is being compiled into a self-contained - * shared-library. */ -#ifdef ENGINE_DYNAMIC_SUPPORT -static int bind_fn(ENGINE *e, const char *id) - { - if(id && (strcmp(id, engine_cswift_id) != 0)) - return 0; - if(!bind_helper(e)) - return 0; - return 1; - } -IMPLEMENT_DYNAMIC_CHECK_FN() -IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) -#endif /* ENGINE_DYNAMIC_SUPPORT */ - -#endif /* !OPENSSL_NO_HW_CSWIFT */ -#endif /* !OPENSSL_NO_HW */ diff --git a/src/lib/libcrypto/engine/hw_cswift_err.c b/src/lib/libcrypto/engine/hw_cswift_err.c deleted file mode 100644 index 684f53bf27e..00000000000 --- a/src/lib/libcrypto/engine/hw_cswift_err.c +++ /dev/null @@ -1,149 +0,0 @@ -/* hw_cswift_err.c */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -/* NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - -#include -#include -#include "hw_cswift_err.h" - -/* BEGIN ERROR CODES */ -#ifndef OPENSSL_NO_ERR -static ERR_STRING_DATA CSWIFT_str_functs[]= - { -{ERR_PACK(0,CSWIFT_F_CSWIFT_CTRL,0), "CSWIFT_CTRL"}, -{ERR_PACK(0,CSWIFT_F_CSWIFT_DSA_SIGN,0), "CSWIFT_DSA_SIGN"}, -{ERR_PACK(0,CSWIFT_F_CSWIFT_DSA_VERIFY,0), "CSWIFT_DSA_VERIFY"}, -{ERR_PACK(0,CSWIFT_F_CSWIFT_FINISH,0), "CSWIFT_FINISH"}, -{ERR_PACK(0,CSWIFT_F_CSWIFT_INIT,0), "CSWIFT_INIT"}, -{ERR_PACK(0,CSWIFT_F_CSWIFT_MOD_EXP,0), "CSWIFT_MOD_EXP"}, -{ERR_PACK(0,CSWIFT_F_CSWIFT_MOD_EXP_CRT,0), "CSWIFT_MOD_EXP_CRT"}, -{ERR_PACK(0,CSWIFT_F_CSWIFT_RSA_MOD_EXP,0), "CSWIFT_RSA_MOD_EXP"}, -{0,NULL} - }; - -static ERR_STRING_DATA CSWIFT_str_reasons[]= - { -{CSWIFT_R_ALREADY_LOADED ,"already loaded"}, -{CSWIFT_R_BAD_KEY_SIZE ,"bad key size"}, -{CSWIFT_R_BN_CTX_FULL ,"bn ctx full"}, -{CSWIFT_R_BN_EXPAND_FAIL ,"bn expand fail"}, -{CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"}, -{CSWIFT_R_MISSING_KEY_COMPONENTS ,"missing key components"}, -{CSWIFT_R_NOT_LOADED ,"not loaded"}, -{CSWIFT_R_REQUEST_FAILED ,"request failed"}, -{CSWIFT_R_UNIT_FAILURE ,"unit failure"}, -{0,NULL} - }; - -#endif - -#ifdef CSWIFT_LIB_NAME -static ERR_STRING_DATA CSWIFT_lib_name[]= - { -{0 ,CSWIFT_LIB_NAME}, -{0,NULL} - }; -#endif - - -static int CSWIFT_lib_error_code=0; -static int CSWIFT_error_init=1; - -static void ERR_load_CSWIFT_strings(void) - { - if (CSWIFT_lib_error_code == 0) - CSWIFT_lib_error_code=ERR_get_next_error_library(); - - if (CSWIFT_error_init) - { - CSWIFT_error_init=0; -#ifndef OPENSSL_NO_ERR - ERR_load_strings(CSWIFT_lib_error_code,CSWIFT_str_functs); - ERR_load_strings(CSWIFT_lib_error_code,CSWIFT_str_reasons); -#endif - -#ifdef CSWIFT_LIB_NAME - CSWIFT_lib_name->error = ERR_PACK(CSWIFT_lib_error_code,0,0); - ERR_load_strings(0,CSWIFT_lib_name); -#endif - } - } - -static void ERR_unload_CSWIFT_strings(void) - { - if (CSWIFT_error_init == 0) - { -#ifndef OPENSSL_NO_ERR - ERR_unload_strings(CSWIFT_lib_error_code,CSWIFT_str_functs); - ERR_unload_strings(CSWIFT_lib_error_code,CSWIFT_str_reasons); -#endif - -#ifdef CSWIFT_LIB_NAME - ERR_unload_strings(0,CSWIFT_lib_name); -#endif - CSWIFT_error_init=1; - } - } - -static void ERR_CSWIFT_error(int function, int reason, char *file, int line) - { - if (CSWIFT_lib_error_code == 0) - CSWIFT_lib_error_code=ERR_get_next_error_library(); - ERR_PUT_error(CSWIFT_lib_error_code,function,reason,file,line); - } diff --git a/src/lib/libcrypto/engine/hw_cswift_err.h b/src/lib/libcrypto/engine/hw_cswift_err.h deleted file mode 100644 index 7120c3216fb..00000000000 --- a/src/lib/libcrypto/engine/hw_cswift_err.h +++ /dev/null @@ -1,93 +0,0 @@ -/* ==================================================================== - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#ifndef HEADER_CSWIFT_ERR_H -#define HEADER_CSWIFT_ERR_H - -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ -static void ERR_load_CSWIFT_strings(void); -static void ERR_unload_CSWIFT_strings(void); -static void ERR_CSWIFT_error(int function, int reason, char *file, int line); -#define CSWIFTerr(f,r) ERR_CSWIFT_error((f),(r),__FILE__,__LINE__) - -/* Error codes for the CSWIFT functions. */ - -/* Function codes. */ -#define CSWIFT_F_CSWIFT_CTRL 100 -#define CSWIFT_F_CSWIFT_DSA_SIGN 101 -#define CSWIFT_F_CSWIFT_DSA_VERIFY 102 -#define CSWIFT_F_CSWIFT_FINISH 103 -#define CSWIFT_F_CSWIFT_INIT 104 -#define CSWIFT_F_CSWIFT_MOD_EXP 105 -#define CSWIFT_F_CSWIFT_MOD_EXP_CRT 106 -#define CSWIFT_F_CSWIFT_RSA_MOD_EXP 107 - -/* Reason codes. */ -#define CSWIFT_R_ALREADY_LOADED 100 -#define CSWIFT_R_BAD_KEY_SIZE 101 -#define CSWIFT_R_BN_CTX_FULL 102 -#define CSWIFT_R_BN_EXPAND_FAIL 103 -#define CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED 104 -#define CSWIFT_R_MISSING_KEY_COMPONENTS 105 -#define CSWIFT_R_NOT_LOADED 106 -#define CSWIFT_R_REQUEST_FAILED 107 -#define CSWIFT_R_UNIT_FAILURE 108 - -#ifdef __cplusplus -} -#endif -#endif diff --git a/src/lib/libcrypto/engine/hw_ncipher.c b/src/lib/libcrypto/engine/hw_ncipher.c deleted file mode 100644 index 4762a54e3d7..00000000000 --- a/src/lib/libcrypto/engine/hw_ncipher.c +++ /dev/null @@ -1,1321 +0,0 @@ -/* crypto/engine/hw_ncipher.c -*- mode: C; c-file-style: "eay" -*- */ -/* Written by Richard Levitte (richard@levitte.org), Geoff Thorpe - * (geoff@geoffthorpe.net) and Dr Stephen N Henson (shenson@bigfoot.com) - * for the OpenSSL project 2000. - */ -/* ==================================================================== - * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include -#include -#include -#include "cryptlib.h" -#include -#include -#include - -#ifndef OPENSSL_NO_HW -#ifndef OPENSSL_NO_HW_NCIPHER - -/* Attribution notice: nCipher have said several times that it's OK for - * us to implement a general interface to their boxes, and recently declared - * their HWCryptoHook to be public, and therefore available for us to use. - * Thanks, nCipher. - * - * The hwcryptohook.h included here is from May 2000. - * [Richard Levitte] - */ -#ifdef FLAT_INC -#include "hwcryptohook.h" -#else -#include "vendor_defns/hwcryptohook.h" -#endif - -#define HWCRHK_LIB_NAME "hwcrhk engine" -#include "hw_ncipher_err.c" - -static int hwcrhk_destroy(ENGINE *e); -static int hwcrhk_init(ENGINE *e); -static int hwcrhk_finish(ENGINE *e); -static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); - -/* Functions to handle mutexes */ -static int hwcrhk_mutex_init(HWCryptoHook_Mutex*, HWCryptoHook_CallerContext*); -static int hwcrhk_mutex_lock(HWCryptoHook_Mutex*); -static void hwcrhk_mutex_unlock(HWCryptoHook_Mutex*); -static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex*); - -/* BIGNUM stuff */ -static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx); - -#ifndef OPENSSL_NO_RSA -/* RSA stuff */ -static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa); -#endif -/* This function is aliased to mod_exp (with the mont stuff dropped). */ -static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); - -/* DH stuff */ -/* This function is alised to mod_exp (with the DH and mont dropped). */ -static int hwcrhk_mod_exp_dh(const DH *dh, BIGNUM *r, - const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); - -/* RAND stuff */ -static int hwcrhk_rand_bytes(unsigned char *buf, int num); -static int hwcrhk_rand_status(void); - -/* KM stuff */ -static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id, - UI_METHOD *ui_method, void *callback_data); -static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id, - UI_METHOD *ui_method, void *callback_data); -static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, - int ind,long argl, void *argp); - -/* Interaction stuff */ -static int hwcrhk_insert_card(const char *prompt_info, - const char *wrong_info, - HWCryptoHook_PassphraseContext *ppctx, - HWCryptoHook_CallerContext *cactx); -static int hwcrhk_get_pass(const char *prompt_info, - int *len_io, char *buf, - HWCryptoHook_PassphraseContext *ppctx, - HWCryptoHook_CallerContext *cactx); -static void hwcrhk_log_message(void *logstr, const char *message); - -/* The definitions for control commands specific to this engine */ -#define HWCRHK_CMD_SO_PATH ENGINE_CMD_BASE -#define HWCRHK_CMD_FORK_CHECK (ENGINE_CMD_BASE + 1) -#define HWCRHK_CMD_THREAD_LOCKING (ENGINE_CMD_BASE + 2) -#define HWCRHK_CMD_SET_USER_INTERFACE (ENGINE_CMD_BASE + 3) -#define HWCRHK_CMD_SET_CALLBACK_DATA (ENGINE_CMD_BASE + 4) -static const ENGINE_CMD_DEFN hwcrhk_cmd_defns[] = { - {HWCRHK_CMD_SO_PATH, - "SO_PATH", - "Specifies the path to the 'hwcrhk' shared library", - ENGINE_CMD_FLAG_STRING}, - {HWCRHK_CMD_FORK_CHECK, - "FORK_CHECK", - "Turns fork() checking on or off (boolean)", - ENGINE_CMD_FLAG_NUMERIC}, - {HWCRHK_CMD_THREAD_LOCKING, - "THREAD_LOCKING", - "Turns thread-safe locking on or off (boolean)", - ENGINE_CMD_FLAG_NUMERIC}, - {HWCRHK_CMD_SET_USER_INTERFACE, - "SET_USER_INTERFACE", - "Set the global user interface (internal)", - ENGINE_CMD_FLAG_INTERNAL}, - {HWCRHK_CMD_SET_CALLBACK_DATA, - "SET_CALLBACK_DATA", - "Set the global user interface extra data (internal)", - ENGINE_CMD_FLAG_INTERNAL}, - {0, NULL, NULL, 0} - }; - -#ifndef OPENSSL_NO_RSA -/* Our internal RSA_METHOD that we provide pointers to */ -static RSA_METHOD hwcrhk_rsa = - { - "nCipher RSA method", - NULL, - NULL, - NULL, - NULL, - hwcrhk_rsa_mod_exp, - hwcrhk_mod_exp_mont, - NULL, - NULL, - 0, - NULL, - NULL, - NULL - }; -#endif - -#ifndef OPENSSL_NO_DH -/* Our internal DH_METHOD that we provide pointers to */ -static DH_METHOD hwcrhk_dh = - { - "nCipher DH method", - NULL, - NULL, - hwcrhk_mod_exp_dh, - NULL, - NULL, - 0, - NULL - }; -#endif - -static RAND_METHOD hwcrhk_rand = - { - /* "nCipher RAND method", */ - NULL, - hwcrhk_rand_bytes, - NULL, - NULL, - hwcrhk_rand_bytes, - hwcrhk_rand_status, - }; - -/* Constants used when creating the ENGINE */ -static const char *engine_hwcrhk_id = "chil"; -static const char *engine_hwcrhk_name = "nCipher hardware engine support"; - -/* Internal stuff for HWCryptoHook */ - -/* Some structures needed for proper use of thread locks */ -/* hwcryptohook.h has some typedefs that turn struct HWCryptoHook_MutexValue - into HWCryptoHook_Mutex */ -struct HWCryptoHook_MutexValue - { - int lockid; - }; - -/* hwcryptohook.h has some typedefs that turn - struct HWCryptoHook_PassphraseContextValue - into HWCryptoHook_PassphraseContext */ -struct HWCryptoHook_PassphraseContextValue - { - UI_METHOD *ui_method; - void *callback_data; - }; - -/* hwcryptohook.h has some typedefs that turn - struct HWCryptoHook_CallerContextValue - into HWCryptoHook_CallerContext */ -struct HWCryptoHook_CallerContextValue - { - pem_password_cb *password_callback; /* Deprecated! Only present for - backward compatibility! */ - UI_METHOD *ui_method; - void *callback_data; - }; - -/* The MPI structure in HWCryptoHook is pretty compatible with OpenSSL - BIGNUM's, so lets define a couple of conversion macros */ -#define BN2MPI(mp, bn) \ - {mp.size = bn->top * sizeof(BN_ULONG); mp.buf = (unsigned char *)bn->d;} -#define MPI2BN(bn, mp) \ - {mp.size = bn->dmax * sizeof(BN_ULONG); mp.buf = (unsigned char *)bn->d;} - -static BIO *logstream = NULL; -static int disable_mutex_callbacks = 0; - -/* One might wonder why these are needed, since one can pass down at least - a UI_METHOD and a pointer to callback data to the key-loading functions. - The thing is that the ModExp and RSAImmed functions can load keys as well, - if the data they get is in a special, nCipher-defined format (hint: if you - look at the private exponent of the RSA data as a string, you'll see this - string: "nCipher KM tool key id", followed by some bytes, followed a key - identity string, followed by more bytes. This happens when you use "embed" - keys instead of "hwcrhk" keys). Unfortunately, those functions do not take - any passphrase or caller context, and our functions can't really take any - callback data either. Still, the "insert_card" and "get_passphrase" - callbacks may be called down the line, and will need to know what user - interface callbacks to call, and having callback data from the application - may be a nice thing as well, so we need to keep track of that globally. */ -static HWCryptoHook_CallerContext password_context = { NULL, NULL, NULL }; - -/* Stuff to pass to the HWCryptoHook library */ -static HWCryptoHook_InitInfo hwcrhk_globals = { - HWCryptoHook_InitFlags_SimpleForkCheck, /* Flags */ - &logstream, /* logstream */ - sizeof(BN_ULONG), /* limbsize */ - 0, /* mslimb first: false for BNs */ - -1, /* msbyte first: use native */ - 0, /* Max mutexes, 0 = no small limit */ - 0, /* Max simultaneous, 0 = default */ - - /* The next few are mutex stuff: we write wrapper functions - around the OS mutex functions. We initialise them to 0 - here, and change that to actual function pointers in hwcrhk_init() - if dynamic locks are supported (that is, if the application - programmer has made sure of setting up callbacks bafore starting - this engine) *and* if disable_mutex_callbacks hasn't been set by - a call to ENGINE_ctrl(ENGINE_CTRL_CHIL_NO_LOCKING). */ - sizeof(HWCryptoHook_Mutex), - 0, - 0, - 0, - 0, - - /* The next few are condvar stuff: we write wrapper functions - round the OS functions. Currently not implemented and not - and absolute necessity even in threaded programs, therefore - 0'ed. Will hopefully be implemented some day, since it - enhances the efficiency of HWCryptoHook. */ - 0, /* sizeof(HWCryptoHook_CondVar), */ - 0, /* hwcrhk_cv_init, */ - 0, /* hwcrhk_cv_wait, */ - 0, /* hwcrhk_cv_signal, */ - 0, /* hwcrhk_cv_broadcast, */ - 0, /* hwcrhk_cv_destroy, */ - - hwcrhk_get_pass, /* pass phrase */ - hwcrhk_insert_card, /* insert a card */ - hwcrhk_log_message /* Log message */ -}; - - -/* Now, to our own code */ - -/* This internal function is used by ENGINE_ncipher() and possibly by the - * "dynamic" ENGINE support too */ -static int bind_helper(ENGINE *e) - { -#ifndef OPENSSL_NO_RSA - const RSA_METHOD *meth1; -#endif -#ifndef OPENSSL_NO_DH - const DH_METHOD *meth2; -#endif - if(!ENGINE_set_id(e, engine_hwcrhk_id) || - !ENGINE_set_name(e, engine_hwcrhk_name) || -#ifndef OPENSSL_NO_RSA - !ENGINE_set_RSA(e, &hwcrhk_rsa) || -#endif -#ifndef OPENSSL_NO_DH - !ENGINE_set_DH(e, &hwcrhk_dh) || -#endif - !ENGINE_set_RAND(e, &hwcrhk_rand) || - !ENGINE_set_destroy_function(e, hwcrhk_destroy) || - !ENGINE_set_init_function(e, hwcrhk_init) || - !ENGINE_set_finish_function(e, hwcrhk_finish) || - !ENGINE_set_ctrl_function(e, hwcrhk_ctrl) || - !ENGINE_set_load_privkey_function(e, hwcrhk_load_privkey) || - !ENGINE_set_load_pubkey_function(e, hwcrhk_load_pubkey) || - !ENGINE_set_cmd_defns(e, hwcrhk_cmd_defns)) - return 0; - -#ifndef OPENSSL_NO_RSA - /* We know that the "PKCS1_SSLeay()" functions hook properly - * to the cswift-specific mod_exp and mod_exp_crt so we use - * those functions. NB: We don't use ENGINE_openssl() or - * anything "more generic" because something like the RSAref - * code may not hook properly, and if you own one of these - * cards then you have the right to do RSA operations on it - * anyway! */ - meth1 = RSA_PKCS1_SSLeay(); - hwcrhk_rsa.rsa_pub_enc = meth1->rsa_pub_enc; - hwcrhk_rsa.rsa_pub_dec = meth1->rsa_pub_dec; - hwcrhk_rsa.rsa_priv_enc = meth1->rsa_priv_enc; - hwcrhk_rsa.rsa_priv_dec = meth1->rsa_priv_dec; -#endif - -#ifndef OPENSSL_NO_DH - /* Much the same for Diffie-Hellman */ - meth2 = DH_OpenSSL(); - hwcrhk_dh.generate_key = meth2->generate_key; - hwcrhk_dh.compute_key = meth2->compute_key; -#endif - - /* Ensure the hwcrhk error handling is set up */ - ERR_load_HWCRHK_strings(); - return 1; - } - -static ENGINE *engine_ncipher(void) - { - ENGINE *ret = ENGINE_new(); - if(!ret) - return NULL; - if(!bind_helper(ret)) - { - ENGINE_free(ret); - return NULL; - } - return ret; - } - -void ENGINE_load_chil(void) - { - /* Copied from eng_[openssl|dyn].c */ - ENGINE *toadd = engine_ncipher(); - if(!toadd) return; - ENGINE_add(toadd); - ENGINE_free(toadd); - ERR_clear_error(); - } - -/* This is a process-global DSO handle used for loading and unloading - * the HWCryptoHook library. NB: This is only set (or unset) during an - * init() or finish() call (reference counts permitting) and they're - * operating with global locks, so this should be thread-safe - * implicitly. */ -static DSO *hwcrhk_dso = NULL; -static HWCryptoHook_ContextHandle hwcrhk_context = 0; -#ifndef OPENSSL_NO_RSA -static int hndidx_rsa = -1; /* Index for KM handle. Not really used yet. */ -#endif - -/* These are the function pointers that are (un)set when the library has - * successfully (un)loaded. */ -static HWCryptoHook_Init_t *p_hwcrhk_Init = NULL; -static HWCryptoHook_Finish_t *p_hwcrhk_Finish = NULL; -static HWCryptoHook_ModExp_t *p_hwcrhk_ModExp = NULL; -#ifndef OPENSSL_NO_RSA -static HWCryptoHook_RSA_t *p_hwcrhk_RSA = NULL; -#endif -static HWCryptoHook_RandomBytes_t *p_hwcrhk_RandomBytes = NULL; -#ifndef OPENSSL_NO_RSA -static HWCryptoHook_RSALoadKey_t *p_hwcrhk_RSALoadKey = NULL; -static HWCryptoHook_RSAGetPublicKey_t *p_hwcrhk_RSAGetPublicKey = NULL; -static HWCryptoHook_RSAUnloadKey_t *p_hwcrhk_RSAUnloadKey = NULL; -#endif -static HWCryptoHook_ModExpCRT_t *p_hwcrhk_ModExpCRT = NULL; - -/* Used in the DSO operations. */ -static const char def_HWCRHK_LIBNAME[] = "nfhwcrhk"; -static const char *HWCRHK_LIBNAME = def_HWCRHK_LIBNAME; -static const char *n_hwcrhk_Init = "HWCryptoHook_Init"; -static const char *n_hwcrhk_Finish = "HWCryptoHook_Finish"; -static const char *n_hwcrhk_ModExp = "HWCryptoHook_ModExp"; -#ifndef OPENSSL_NO_RSA -static const char *n_hwcrhk_RSA = "HWCryptoHook_RSA"; -#endif -static const char *n_hwcrhk_RandomBytes = "HWCryptoHook_RandomBytes"; -#ifndef OPENSSL_NO_RSA -static const char *n_hwcrhk_RSALoadKey = "HWCryptoHook_RSALoadKey"; -static const char *n_hwcrhk_RSAGetPublicKey = "HWCryptoHook_RSAGetPublicKey"; -static const char *n_hwcrhk_RSAUnloadKey = "HWCryptoHook_RSAUnloadKey"; -#endif -static const char *n_hwcrhk_ModExpCRT = "HWCryptoHook_ModExpCRT"; - -/* HWCryptoHook library functions and mechanics - these are used by the - * higher-level functions further down. NB: As and where there's no - * error checking, take a look lower down where these functions are - * called, the checking and error handling is probably down there. */ - -/* utility function to obtain a context */ -static int get_context(HWCryptoHook_ContextHandle *hac, - HWCryptoHook_CallerContext *cac) - { - char tempbuf[1024]; - HWCryptoHook_ErrMsgBuf rmsg; - - rmsg.buf = tempbuf; - rmsg.size = sizeof(tempbuf); - - *hac = p_hwcrhk_Init(&hwcrhk_globals, sizeof(hwcrhk_globals), &rmsg, - cac); - if (!*hac) - return 0; - return 1; - } - -/* similarly to release one. */ -static void release_context(HWCryptoHook_ContextHandle hac) - { - p_hwcrhk_Finish(hac); - } - -/* Destructor (complements the "ENGINE_ncipher()" constructor) */ -static int hwcrhk_destroy(ENGINE *e) - { - ERR_unload_HWCRHK_strings(); - return 1; - } - -/* (de)initialisation functions. */ -static int hwcrhk_init(ENGINE *e) - { - HWCryptoHook_Init_t *p1; - HWCryptoHook_Finish_t *p2; - HWCryptoHook_ModExp_t *p3; -#ifndef OPENSSL_NO_RSA - HWCryptoHook_RSA_t *p4; - HWCryptoHook_RSALoadKey_t *p5; - HWCryptoHook_RSAGetPublicKey_t *p6; - HWCryptoHook_RSAUnloadKey_t *p7; -#endif - HWCryptoHook_RandomBytes_t *p8; - HWCryptoHook_ModExpCRT_t *p9; - - if(hwcrhk_dso != NULL) - { - HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_ALREADY_LOADED); - goto err; - } - /* Attempt to load libnfhwcrhk.so/nfhwcrhk.dll/whatever. */ - hwcrhk_dso = DSO_load(NULL, HWCRHK_LIBNAME, NULL, 0); - if(hwcrhk_dso == NULL) - { - HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_DSO_FAILURE); - goto err; - } - if(!(p1 = (HWCryptoHook_Init_t *) - DSO_bind_func(hwcrhk_dso, n_hwcrhk_Init)) || - !(p2 = (HWCryptoHook_Finish_t *) - DSO_bind_func(hwcrhk_dso, n_hwcrhk_Finish)) || - !(p3 = (HWCryptoHook_ModExp_t *) - DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExp)) || -#ifndef OPENSSL_NO_RSA - !(p4 = (HWCryptoHook_RSA_t *) - DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSA)) || - !(p5 = (HWCryptoHook_RSALoadKey_t *) - DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSALoadKey)) || - !(p6 = (HWCryptoHook_RSAGetPublicKey_t *) - DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAGetPublicKey)) || - !(p7 = (HWCryptoHook_RSAUnloadKey_t *) - DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAUnloadKey)) || -#endif - !(p8 = (HWCryptoHook_RandomBytes_t *) - DSO_bind_func(hwcrhk_dso, n_hwcrhk_RandomBytes)) || - !(p9 = (HWCryptoHook_ModExpCRT_t *) - DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExpCRT))) - { - HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_DSO_FAILURE); - goto err; - } - /* Copy the pointers */ - p_hwcrhk_Init = p1; - p_hwcrhk_Finish = p2; - p_hwcrhk_ModExp = p3; -#ifndef OPENSSL_NO_RSA - p_hwcrhk_RSA = p4; - p_hwcrhk_RSALoadKey = p5; - p_hwcrhk_RSAGetPublicKey = p6; - p_hwcrhk_RSAUnloadKey = p7; -#endif - p_hwcrhk_RandomBytes = p8; - p_hwcrhk_ModExpCRT = p9; - - /* Check if the application decided to support dynamic locks, - and if it does, use them. */ - if (disable_mutex_callbacks == 0 && - CRYPTO_get_dynlock_create_callback() != NULL && - CRYPTO_get_dynlock_lock_callback() != NULL && - CRYPTO_get_dynlock_destroy_callback() != NULL) - { - hwcrhk_globals.mutex_init = hwcrhk_mutex_init; - hwcrhk_globals.mutex_acquire = hwcrhk_mutex_lock; - hwcrhk_globals.mutex_release = hwcrhk_mutex_unlock; - hwcrhk_globals.mutex_destroy = hwcrhk_mutex_destroy; - } - - /* Try and get a context - if not, we may have a DSO but no - * accelerator! */ - if(!get_context(&hwcrhk_context, &password_context)) - { - HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_UNIT_FAILURE); - goto err; - } - /* Everything's fine. */ -#ifndef OPENSSL_NO_RSA - if (hndidx_rsa == -1) - hndidx_rsa = RSA_get_ex_new_index(0, - "nFast HWCryptoHook RSA key handle", - NULL, NULL, hwcrhk_ex_free); -#endif - return 1; -err: - if(hwcrhk_dso) - DSO_free(hwcrhk_dso); - hwcrhk_dso = NULL; - p_hwcrhk_Init = NULL; - p_hwcrhk_Finish = NULL; - p_hwcrhk_ModExp = NULL; -#ifndef OPENSSL_NO_RSA - p_hwcrhk_RSA = NULL; - p_hwcrhk_RSALoadKey = NULL; - p_hwcrhk_RSAGetPublicKey = NULL; - p_hwcrhk_RSAUnloadKey = NULL; -#endif - p_hwcrhk_ModExpCRT = NULL; - p_hwcrhk_RandomBytes = NULL; - return 0; - } - -static int hwcrhk_finish(ENGINE *e) - { - int to_return = 1; - if(hwcrhk_dso == NULL) - { - HWCRHKerr(HWCRHK_F_HWCRHK_FINISH,HWCRHK_R_NOT_LOADED); - to_return = 0; - goto err; - } - release_context(hwcrhk_context); - if(!DSO_free(hwcrhk_dso)) - { - HWCRHKerr(HWCRHK_F_HWCRHK_FINISH,HWCRHK_R_DSO_FAILURE); - to_return = 0; - goto err; - } - err: - if (logstream) - BIO_free(logstream); - hwcrhk_dso = NULL; - p_hwcrhk_Init = NULL; - p_hwcrhk_Finish = NULL; - p_hwcrhk_ModExp = NULL; -#ifndef OPENSSL_NO_RSA - p_hwcrhk_RSA = NULL; - p_hwcrhk_RSALoadKey = NULL; - p_hwcrhk_RSAGetPublicKey = NULL; - p_hwcrhk_RSAUnloadKey = NULL; -#endif - p_hwcrhk_ModExpCRT = NULL; - p_hwcrhk_RandomBytes = NULL; - return to_return; - } - -static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) - { - int to_return = 1; - - switch(cmd) - { - case HWCRHK_CMD_SO_PATH: - if(hwcrhk_dso) - { - HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,HWCRHK_R_ALREADY_LOADED); - return 0; - } - if(p == NULL) - { - HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - HWCRHK_LIBNAME = (const char *)p; - return 1; - case ENGINE_CTRL_SET_LOGSTREAM: - { - BIO *bio = (BIO *)p; - - CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); - if (logstream) - { - BIO_free(logstream); - logstream = NULL; - } - if (CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO) > 1) - logstream = bio; - else - HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,HWCRHK_R_BIO_WAS_FREED); - } - CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); - break; - case ENGINE_CTRL_SET_PASSWORD_CALLBACK: - CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); - password_context.password_callback = (pem_password_cb *)f; - CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); - break; - case ENGINE_CTRL_SET_USER_INTERFACE: - case HWCRHK_CMD_SET_USER_INTERFACE: - CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); - password_context.ui_method = (UI_METHOD *)p; - CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); - break; - case ENGINE_CTRL_SET_CALLBACK_DATA: - case HWCRHK_CMD_SET_CALLBACK_DATA: - CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); - password_context.callback_data = p; - CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); - break; - /* this enables or disables the "SimpleForkCheck" flag used in the - * initialisation structure. */ - case ENGINE_CTRL_CHIL_SET_FORKCHECK: - case HWCRHK_CMD_FORK_CHECK: - CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); - if(i) - hwcrhk_globals.flags |= - HWCryptoHook_InitFlags_SimpleForkCheck; - else - hwcrhk_globals.flags &= - ~HWCryptoHook_InitFlags_SimpleForkCheck; - CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); - break; - /* This will prevent the initialisation function from "installing" - * the mutex-handling callbacks, even if they are available from - * within the library (or were provided to the library from the - * calling application). This is to remove any baggage for - * applications not using multithreading. */ - case ENGINE_CTRL_CHIL_NO_LOCKING: - CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); - disable_mutex_callbacks = 1; - CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); - break; - case HWCRHK_CMD_THREAD_LOCKING: - CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); - disable_mutex_callbacks = ((i == 0) ? 0 : 1); - CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); - break; - - /* The command isn't understood by this engine */ - default: - HWCRHKerr(HWCRHK_F_HWCRHK_CTRL, - HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED); - to_return = 0; - break; - } - - return to_return; - } - -static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id, - UI_METHOD *ui_method, void *callback_data) - { -#ifndef OPENSSL_NO_RSA - RSA *rtmp = NULL; -#endif - EVP_PKEY *res = NULL; -#ifndef OPENSSL_NO_RSA - HWCryptoHook_MPI e, n; - HWCryptoHook_RSAKeyHandle *hptr; -#endif -#if !defined(OPENSSL_NO_RSA) - char tempbuf[1024]; - HWCryptoHook_ErrMsgBuf rmsg; -#endif - HWCryptoHook_PassphraseContext ppctx; - -#if !defined(OPENSSL_NO_RSA) - rmsg.buf = tempbuf; - rmsg.size = sizeof(tempbuf); -#endif - - if(!hwcrhk_context) - { - HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, - HWCRHK_R_NOT_INITIALISED); - goto err; - } -#ifndef OPENSSL_NO_RSA - hptr = OPENSSL_malloc(sizeof(HWCryptoHook_RSAKeyHandle)); - if (!hptr) - { - HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, - ERR_R_MALLOC_FAILURE); - goto err; - } - ppctx.ui_method = ui_method; - ppctx.callback_data = callback_data; - if (p_hwcrhk_RSALoadKey(hwcrhk_context, key_id, hptr, - &rmsg, &ppctx)) - { - HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, - HWCRHK_R_CHIL_ERROR); - ERR_add_error_data(1,rmsg.buf); - goto err; - } - if (!*hptr) - { - HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, - HWCRHK_R_NO_KEY); - goto err; - } -#endif -#ifndef OPENSSL_NO_RSA - rtmp = RSA_new_method(eng); - RSA_set_ex_data(rtmp, hndidx_rsa, (char *)hptr); - rtmp->e = BN_new(); - rtmp->n = BN_new(); - rtmp->flags |= RSA_FLAG_EXT_PKEY; - MPI2BN(rtmp->e, e); - MPI2BN(rtmp->n, n); - if (p_hwcrhk_RSAGetPublicKey(*hptr, &n, &e, &rmsg) - != HWCRYPTOHOOK_ERROR_MPISIZE) - { - HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PUBKEY,HWCRHK_R_CHIL_ERROR); - ERR_add_error_data(1,rmsg.buf); - goto err; - } - - bn_expand2(rtmp->e, e.size/sizeof(BN_ULONG)); - bn_expand2(rtmp->n, n.size/sizeof(BN_ULONG)); - MPI2BN(rtmp->e, e); - MPI2BN(rtmp->n, n); - - if (p_hwcrhk_RSAGetPublicKey(*hptr, &n, &e, &rmsg)) - { - HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PUBKEY, - HWCRHK_R_CHIL_ERROR); - ERR_add_error_data(1,rmsg.buf); - goto err; - } - rtmp->e->top = e.size / sizeof(BN_ULONG); - bn_fix_top(rtmp->e); - rtmp->n->top = n.size / sizeof(BN_ULONG); - bn_fix_top(rtmp->n); - - res = EVP_PKEY_new(); - EVP_PKEY_assign_RSA(res, rtmp); -#endif - - if (!res) - HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PUBKEY, - HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED); - - return res; - err: - if (res) - EVP_PKEY_free(res); -#ifndef OPENSSL_NO_RSA - if (rtmp) - RSA_free(rtmp); -#endif - return NULL; - } - -static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id, - UI_METHOD *ui_method, void *callback_data) - { - EVP_PKEY *res = NULL; - -#ifndef OPENSSL_NO_RSA - res = hwcrhk_load_privkey(eng, key_id, - ui_method, callback_data); -#endif - - if (res) - switch(res->type) - { -#ifndef OPENSSL_NO_RSA - case EVP_PKEY_RSA: - { - RSA *rsa = NULL; - - CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY); - rsa = res->pkey.rsa; - res->pkey.rsa = RSA_new(); - res->pkey.rsa->n = rsa->n; - res->pkey.rsa->e = rsa->e; - rsa->n = NULL; - rsa->e = NULL; - CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY); - RSA_free(rsa); - } - break; -#endif - default: - HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PUBKEY, - HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED); - goto err; - } - - return res; - err: - if (res) - EVP_PKEY_free(res); - return NULL; - } - -/* A little mod_exp */ -static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx) - { - char tempbuf[1024]; - HWCryptoHook_ErrMsgBuf rmsg; - /* Since HWCryptoHook_MPI is pretty compatible with BIGNUM's, - we use them directly, plus a little macro magic. We only - thing we need to make sure of is that enough space is allocated. */ - HWCryptoHook_MPI m_a, m_p, m_n, m_r; - int to_return, ret; - - to_return = 0; /* expect failure */ - rmsg.buf = tempbuf; - rmsg.size = sizeof(tempbuf); - - if(!hwcrhk_context) - { - HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_NOT_INITIALISED); - goto err; - } - /* Prepare the params */ - bn_expand2(r, m->top); /* Check for error !! */ - BN2MPI(m_a, a); - BN2MPI(m_p, p); - BN2MPI(m_n, m); - MPI2BN(r, m_r); - - /* Perform the operation */ - ret = p_hwcrhk_ModExp(hwcrhk_context, m_a, m_p, m_n, &m_r, &rmsg); - - /* Convert the response */ - r->top = m_r.size / sizeof(BN_ULONG); - bn_fix_top(r); - - if (ret < 0) - { - /* FIXME: When this error is returned, HWCryptoHook is - telling us that falling back to software computation - might be a good thing. */ - if(ret == HWCRYPTOHOOK_ERROR_FALLBACK) - { - HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_REQUEST_FALLBACK); - } - else - { - HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_REQUEST_FAILED); - } - ERR_add_error_data(1,rmsg.buf); - goto err; - } - - to_return = 1; -err: - return to_return; - } - -#ifndef OPENSSL_NO_RSA -static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa) - { - char tempbuf[1024]; - HWCryptoHook_ErrMsgBuf rmsg; - HWCryptoHook_RSAKeyHandle *hptr; - int to_return = 0, ret; - - rmsg.buf = tempbuf; - rmsg.size = sizeof(tempbuf); - - if(!hwcrhk_context) - { - HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_NOT_INITIALISED); - goto err; - } - - /* This provides support for nForce keys. Since that's opaque data - all we do is provide a handle to the proper key and let HWCryptoHook - take care of the rest. */ - if ((hptr = (HWCryptoHook_RSAKeyHandle *) RSA_get_ex_data(rsa, hndidx_rsa)) - != NULL) - { - HWCryptoHook_MPI m_a, m_r; - - if(!rsa->n) - { - HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, - HWCRHK_R_MISSING_KEY_COMPONENTS); - goto err; - } - - /* Prepare the params */ - bn_expand2(r, rsa->n->top); /* Check for error !! */ - BN2MPI(m_a, I); - MPI2BN(r, m_r); - - /* Perform the operation */ - ret = p_hwcrhk_RSA(m_a, *hptr, &m_r, &rmsg); - - /* Convert the response */ - r->top = m_r.size / sizeof(BN_ULONG); - bn_fix_top(r); - - if (ret < 0) - { - /* FIXME: When this error is returned, HWCryptoHook is - telling us that falling back to software computation - might be a good thing. */ - if(ret == HWCRYPTOHOOK_ERROR_FALLBACK) - { - HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, - HWCRHK_R_REQUEST_FALLBACK); - } - else - { - HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, - HWCRHK_R_REQUEST_FAILED); - } - ERR_add_error_data(1,rmsg.buf); - goto err; - } - } - else - { - HWCryptoHook_MPI m_a, m_p, m_q, m_dmp1, m_dmq1, m_iqmp, m_r; - - if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) - { - HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, - HWCRHK_R_MISSING_KEY_COMPONENTS); - goto err; - } - - /* Prepare the params */ - bn_expand2(r, rsa->n->top); /* Check for error !! */ - BN2MPI(m_a, I); - BN2MPI(m_p, rsa->p); - BN2MPI(m_q, rsa->q); - BN2MPI(m_dmp1, rsa->dmp1); - BN2MPI(m_dmq1, rsa->dmq1); - BN2MPI(m_iqmp, rsa->iqmp); - MPI2BN(r, m_r); - - /* Perform the operation */ - ret = p_hwcrhk_ModExpCRT(hwcrhk_context, m_a, m_p, m_q, - m_dmp1, m_dmq1, m_iqmp, &m_r, NULL); - - /* Convert the response */ - r->top = m_r.size / sizeof(BN_ULONG); - bn_fix_top(r); - - if (ret < 0) - { - /* FIXME: When this error is returned, HWCryptoHook is - telling us that falling back to software computation - might be a good thing. */ - if(ret == HWCRYPTOHOOK_ERROR_FALLBACK) - { - HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, - HWCRHK_R_REQUEST_FALLBACK); - } - else - { - HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP, - HWCRHK_R_REQUEST_FAILED); - } - ERR_add_error_data(1,rmsg.buf); - goto err; - } - } - /* If we're here, we must be here with some semblance of success :-) */ - to_return = 1; -err: - return to_return; - } -#endif - -/* This function is aliased to mod_exp (with the mont stuff dropped). */ -static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) - { - return hwcrhk_mod_exp(r, a, p, m, ctx); - } - -/* This function is aliased to mod_exp (with the dh and mont dropped). */ -static int hwcrhk_mod_exp_dh(const DH *dh, BIGNUM *r, - const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) - { - return hwcrhk_mod_exp(r, a, p, m, ctx); - } - -/* Random bytes are good */ -static int hwcrhk_rand_bytes(unsigned char *buf, int num) - { - char tempbuf[1024]; - HWCryptoHook_ErrMsgBuf rmsg; - int to_return = 0; /* assume failure */ - int ret; - - rmsg.buf = tempbuf; - rmsg.size = sizeof(tempbuf); - - if(!hwcrhk_context) - { - HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES,HWCRHK_R_NOT_INITIALISED); - goto err; - } - - ret = p_hwcrhk_RandomBytes(hwcrhk_context, buf, num, &rmsg); - if (ret < 0) - { - /* FIXME: When this error is returned, HWCryptoHook is - telling us that falling back to software computation - might be a good thing. */ - if(ret == HWCRYPTOHOOK_ERROR_FALLBACK) - { - HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES, - HWCRHK_R_REQUEST_FALLBACK); - } - else - { - HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES, - HWCRHK_R_REQUEST_FAILED); - } - ERR_add_error_data(1,rmsg.buf); - goto err; - } - to_return = 1; - err: - return to_return; - } - -static int hwcrhk_rand_status(void) - { - return 1; - } - -/* This cleans up an RSA KM key, called when ex_data is freed */ - -static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, - int ind,long argl, void *argp) -{ - char tempbuf[1024]; - HWCryptoHook_ErrMsgBuf rmsg; -#ifndef OPENSSL_NO_RSA - HWCryptoHook_RSAKeyHandle *hptr; -#endif -#if !defined(OPENSSL_NO_RSA) - int ret; -#endif - - rmsg.buf = tempbuf; - rmsg.size = sizeof(tempbuf); - -#ifndef OPENSSL_NO_RSA - hptr = (HWCryptoHook_RSAKeyHandle *) item; - if(hptr) - { - ret = p_hwcrhk_RSAUnloadKey(*hptr, NULL); - OPENSSL_free(hptr); - } -#endif -} - -/* Mutex calls: since the HWCryptoHook model closely follows the POSIX model - * these just wrap the POSIX functions and add some logging. - */ - -static int hwcrhk_mutex_init(HWCryptoHook_Mutex* mt, - HWCryptoHook_CallerContext *cactx) - { - mt->lockid = CRYPTO_get_new_dynlockid(); - if (mt->lockid == 0) - return 1; /* failure */ - return 0; /* success */ - } - -static int hwcrhk_mutex_lock(HWCryptoHook_Mutex *mt) - { - CRYPTO_w_lock(mt->lockid); - return 0; - } - -static void hwcrhk_mutex_unlock(HWCryptoHook_Mutex * mt) - { - CRYPTO_w_unlock(mt->lockid); - } - -static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex *mt) - { - CRYPTO_destroy_dynlockid(mt->lockid); - } - -static int hwcrhk_get_pass(const char *prompt_info, - int *len_io, char *buf, - HWCryptoHook_PassphraseContext *ppctx, - HWCryptoHook_CallerContext *cactx) - { - pem_password_cb *callback = NULL; - void *callback_data = NULL; - UI_METHOD *ui_method = NULL; - - if (cactx) - { - if (cactx->ui_method) - ui_method = cactx->ui_method; - if (cactx->password_callback) - callback = cactx->password_callback; - if (cactx->callback_data) - callback_data = cactx->callback_data; - } - if (ppctx) - { - if (ppctx->ui_method) - { - ui_method = ppctx->ui_method; - callback = NULL; - } - if (ppctx->callback_data) - callback_data = ppctx->callback_data; - } - if (callback == NULL && ui_method == NULL) - { - HWCRHKerr(HWCRHK_F_HWCRHK_GET_PASS,HWCRHK_R_NO_CALLBACK); - return -1; - } - - if (ui_method) - { - UI *ui = UI_new_method(ui_method); - if (ui) - { - int ok; - char *prompt = UI_construct_prompt(ui, - "pass phrase", prompt_info); - - ok = UI_add_input_string(ui,prompt, - UI_INPUT_FLAG_DEFAULT_PWD, - buf,0,(*len_io) - 1); - UI_add_user_data(ui, callback_data); - UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0); - - if (ok >= 0) - do - { - ok=UI_process(ui); - } - while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0)); - - if (ok >= 0) - *len_io = strlen(buf); - - UI_free(ui); - OPENSSL_free(prompt); - } - } - else - { - *len_io = callback(buf, *len_io, 0, callback_data); - } - if(!*len_io) - return -1; - return 0; - } - -static int hwcrhk_insert_card(const char *prompt_info, - const char *wrong_info, - HWCryptoHook_PassphraseContext *ppctx, - HWCryptoHook_CallerContext *cactx) - { - int ok = -1; - UI *ui; - void *callback_data = NULL; - UI_METHOD *ui_method = NULL; - - if (cactx) - { - if (cactx->ui_method) - ui_method = cactx->ui_method; - if (cactx->callback_data) - callback_data = cactx->callback_data; - } - if (ppctx) - { - if (ppctx->ui_method) - ui_method = ppctx->ui_method; - if (ppctx->callback_data) - callback_data = ppctx->callback_data; - } - if (ui_method == NULL) - { - HWCRHKerr(HWCRHK_F_HWCRHK_INSERT_CARD, - HWCRHK_R_NO_CALLBACK); - return -1; - } - - ui = UI_new_method(ui_method); - - if (ui) - { - char answer; - char buf[BUFSIZ]; - - if (wrong_info) - BIO_snprintf(buf, sizeof(buf)-1, - "Current card: \"%s\"\n", wrong_info); - ok = UI_dup_info_string(ui, buf); - if (ok >= 0 && prompt_info) - { - BIO_snprintf(buf, sizeof(buf)-1, - "Insert card \"%s\"", prompt_info); - ok = UI_dup_input_boolean(ui, buf, - "\n then hit or C to cancel\n", - "\r\n", "Cc", UI_INPUT_FLAG_ECHO, &answer); - } - UI_add_user_data(ui, callback_data); - - if (ok >= 0) - ok = UI_process(ui); - UI_free(ui); - - if (ok == -2 || (ok >= 0 && answer == 'C')) - ok = 1; - else if (ok < 0) - ok = -1; - else - ok = 0; - } - return ok; - } - -static void hwcrhk_log_message(void *logstr, const char *message) - { - BIO *lstream = NULL; - - CRYPTO_w_lock(CRYPTO_LOCK_BIO); - if (logstr) - lstream=*(BIO **)logstr; - if (lstream) - { - BIO_write(lstream, message, strlen(message)); - } - CRYPTO_w_unlock(CRYPTO_LOCK_BIO); - } - -/* This stuff is needed if this ENGINE is being compiled into a self-contained - * shared-library. */ -#ifdef ENGINE_DYNAMIC_SUPPORT -static int bind_fn(ENGINE *e, const char *id) - { - if(id && (strcmp(id, engine_hwcrhk_id) != 0)) - return 0; - if(!bind_helper(e)) - return 0; - return 1; - } -IMPLEMENT_DYNAMIC_CHECK_FN() -IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) -#endif /* ENGINE_DYNAMIC_SUPPORT */ - -#endif /* !OPENSSL_NO_HW_NCIPHER */ -#endif /* !OPENSSL_NO_HW */ diff --git a/src/lib/libcrypto/engine/hw_ncipher_err.c b/src/lib/libcrypto/engine/hw_ncipher_err.c deleted file mode 100644 index 24024cfc6f4..00000000000 --- a/src/lib/libcrypto/engine/hw_ncipher_err.c +++ /dev/null @@ -1,156 +0,0 @@ -/* hw_ncipher_err.c */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -/* NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - -#include -#include -#include "hw_ncipher_err.h" - -/* BEGIN ERROR CODES */ -#ifndef OPENSSL_NO_ERR -static ERR_STRING_DATA HWCRHK_str_functs[]= - { -{ERR_PACK(0,HWCRHK_F_HWCRHK_CTRL,0), "HWCRHK_CTRL"}, -{ERR_PACK(0,HWCRHK_F_HWCRHK_FINISH,0), "HWCRHK_FINISH"}, -{ERR_PACK(0,HWCRHK_F_HWCRHK_GET_PASS,0), "HWCRHK_GET_PASS"}, -{ERR_PACK(0,HWCRHK_F_HWCRHK_INIT,0), "HWCRHK_INIT"}, -{ERR_PACK(0,HWCRHK_F_HWCRHK_INSERT_CARD,0), "HWCRHK_INSERT_CARD"}, -{ERR_PACK(0,HWCRHK_F_HWCRHK_LOAD_PRIVKEY,0), "HWCRHK_LOAD_PRIVKEY"}, -{ERR_PACK(0,HWCRHK_F_HWCRHK_LOAD_PUBKEY,0), "HWCRHK_LOAD_PUBKEY"}, -{ERR_PACK(0,HWCRHK_F_HWCRHK_MOD_EXP,0), "HWCRHK_MOD_EXP"}, -{ERR_PACK(0,HWCRHK_F_HWCRHK_RAND_BYTES,0), "HWCRHK_RAND_BYTES"}, -{ERR_PACK(0,HWCRHK_F_HWCRHK_RSA_MOD_EXP,0), "HWCRHK_RSA_MOD_EXP"}, -{0,NULL} - }; - -static ERR_STRING_DATA HWCRHK_str_reasons[]= - { -{HWCRHK_R_ALREADY_LOADED ,"already loaded"}, -{HWCRHK_R_BIO_WAS_FREED ,"bio was freed"}, -{HWCRHK_R_CHIL_ERROR ,"chil error"}, -{HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"}, -{HWCRHK_R_DSO_FAILURE ,"dso failure"}, -{HWCRHK_R_MISSING_KEY_COMPONENTS ,"missing key components"}, -{HWCRHK_R_NOT_INITIALISED ,"not initialised"}, -{HWCRHK_R_NOT_LOADED ,"not loaded"}, -{HWCRHK_R_NO_CALLBACK ,"no callback"}, -{HWCRHK_R_NO_KEY ,"no key"}, -{HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED,"private key algorithms disabled"}, -{HWCRHK_R_REQUEST_FAILED ,"request failed"}, -{HWCRHK_R_REQUEST_FALLBACK ,"request fallback"}, -{HWCRHK_R_UNIT_FAILURE ,"unit failure"}, -{0,NULL} - }; - -#endif - -#ifdef HWCRHK_LIB_NAME -static ERR_STRING_DATA HWCRHK_lib_name[]= - { -{0 ,HWCRHK_LIB_NAME}, -{0,NULL} - }; -#endif - - -static int HWCRHK_lib_error_code=0; -static int HWCRHK_error_init=1; - -static void ERR_load_HWCRHK_strings(void) - { - if (HWCRHK_lib_error_code == 0) - HWCRHK_lib_error_code=ERR_get_next_error_library(); - - if (HWCRHK_error_init) - { - HWCRHK_error_init=0; -#ifndef OPENSSL_NO_ERR - ERR_load_strings(HWCRHK_lib_error_code,HWCRHK_str_functs); - ERR_load_strings(HWCRHK_lib_error_code,HWCRHK_str_reasons); -#endif - -#ifdef HWCRHK_LIB_NAME - HWCRHK_lib_name->error = ERR_PACK(HWCRHK_lib_error_code,0,0); - ERR_load_strings(0,HWCRHK_lib_name); -#endif - } - } - -static void ERR_unload_HWCRHK_strings(void) - { - if (HWCRHK_error_init == 0) - { -#ifndef OPENSSL_NO_ERR - ERR_unload_strings(HWCRHK_lib_error_code,HWCRHK_str_functs); - ERR_unload_strings(HWCRHK_lib_error_code,HWCRHK_str_reasons); -#endif - -#ifdef HWCRHK_LIB_NAME - ERR_unload_strings(0,HWCRHK_lib_name); -#endif - HWCRHK_error_init=1; - } - } - -static void ERR_HWCRHK_error(int function, int reason, char *file, int line) - { - if (HWCRHK_lib_error_code == 0) - HWCRHK_lib_error_code=ERR_get_next_error_library(); - ERR_PUT_error(HWCRHK_lib_error_code,function,reason,file,line); - } diff --git a/src/lib/libcrypto/engine/hw_ncipher_err.h b/src/lib/libcrypto/engine/hw_ncipher_err.h deleted file mode 100644 index 4d65b1d4700..00000000000 --- a/src/lib/libcrypto/engine/hw_ncipher_err.h +++ /dev/null @@ -1,100 +0,0 @@ -/* ==================================================================== - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#ifndef HEADER_HWCRHK_ERR_H -#define HEADER_HWCRHK_ERR_H - -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ -static void ERR_load_HWCRHK_strings(void); -static void ERR_unload_HWCRHK_strings(void); -static void ERR_HWCRHK_error(int function, int reason, char *file, int line); -#define HWCRHKerr(f,r) ERR_HWCRHK_error((f),(r),__FILE__,__LINE__) - -/* Error codes for the HWCRHK functions. */ - -/* Function codes. */ -#define HWCRHK_F_HWCRHK_CTRL 100 -#define HWCRHK_F_HWCRHK_FINISH 101 -#define HWCRHK_F_HWCRHK_GET_PASS 102 -#define HWCRHK_F_HWCRHK_INIT 103 -#define HWCRHK_F_HWCRHK_INSERT_CARD 104 -#define HWCRHK_F_HWCRHK_LOAD_PRIVKEY 105 -#define HWCRHK_F_HWCRHK_LOAD_PUBKEY 106 -#define HWCRHK_F_HWCRHK_MOD_EXP 107 -#define HWCRHK_F_HWCRHK_RAND_BYTES 108 -#define HWCRHK_F_HWCRHK_RSA_MOD_EXP 109 - -/* Reason codes. */ -#define HWCRHK_R_ALREADY_LOADED 100 -#define HWCRHK_R_BIO_WAS_FREED 101 -#define HWCRHK_R_CHIL_ERROR 102 -#define HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED 103 -#define HWCRHK_R_DSO_FAILURE 104 -#define HWCRHK_R_MISSING_KEY_COMPONENTS 105 -#define HWCRHK_R_NOT_INITIALISED 106 -#define HWCRHK_R_NOT_LOADED 107 -#define HWCRHK_R_NO_CALLBACK 108 -#define HWCRHK_R_NO_KEY 109 -#define HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED 110 -#define HWCRHK_R_REQUEST_FAILED 111 -#define HWCRHK_R_REQUEST_FALLBACK 112 -#define HWCRHK_R_UNIT_FAILURE 113 - -#ifdef __cplusplus -} -#endif -#endif diff --git a/src/lib/libcrypto/engine/hw_nuron.c b/src/lib/libcrypto/engine/hw_nuron.c deleted file mode 100644 index 26720121547..00000000000 --- a/src/lib/libcrypto/engine/hw_nuron.c +++ /dev/null @@ -1,399 +0,0 @@ -/* crypto/engine/hw_nuron.c */ -/* Written by Ben Laurie for the OpenSSL Project, leaning heavily on Geoff - * Thorpe's Atalla implementation. - */ -/* ==================================================================== - * Copyright (c) 2000-2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include -#include "cryptlib.h" -#include -#include - - -#ifndef OPENSSL_NO_HW -#ifndef OPENSSL_NO_HW_NURON - -#define NURON_LIB_NAME "nuron engine" -#include "hw_nuron_err.c" - -static const char def_NURON_LIBNAME[] = "nuronssl"; -static const char *NURON_LIBNAME = def_NURON_LIBNAME; -static const char *NURON_F1 = "nuron_mod_exp"; - -/* The definitions for control commands specific to this engine */ -#define NURON_CMD_SO_PATH ENGINE_CMD_BASE -static const ENGINE_CMD_DEFN nuron_cmd_defns[] = { - {NURON_CMD_SO_PATH, - "SO_PATH", - "Specifies the path to the 'nuronssl' shared library", - ENGINE_CMD_FLAG_STRING}, - {0, NULL, NULL, 0} - }; - -typedef int tfnModExp(BIGNUM *r,const BIGNUM *a,const BIGNUM *p,const BIGNUM *m); -static tfnModExp *pfnModExp = NULL; - -static DSO *pvDSOHandle = NULL; - -static int nuron_destroy(ENGINE *e) - { - ERR_unload_NURON_strings(); - return 1; - } - -static int nuron_init(ENGINE *e) - { - if(pvDSOHandle != NULL) - { - NURONerr(NURON_F_NURON_INIT,NURON_R_ALREADY_LOADED); - return 0; - } - - pvDSOHandle = DSO_load(NULL, NURON_LIBNAME, NULL, - DSO_FLAG_NAME_TRANSLATION_EXT_ONLY); - if(!pvDSOHandle) - { - NURONerr(NURON_F_NURON_INIT,NURON_R_DSO_NOT_FOUND); - return 0; - } - - pfnModExp = (tfnModExp *)DSO_bind_func(pvDSOHandle, NURON_F1); - if(!pfnModExp) - { - NURONerr(NURON_F_NURON_INIT,NURON_R_DSO_FUNCTION_NOT_FOUND); - return 0; - } - - return 1; - } - -static int nuron_finish(ENGINE *e) - { - if(pvDSOHandle == NULL) - { - NURONerr(NURON_F_NURON_FINISH,NURON_R_NOT_LOADED); - return 0; - } - if(!DSO_free(pvDSOHandle)) - { - NURONerr(NURON_F_NURON_FINISH,NURON_R_DSO_FAILURE); - return 0; - } - pvDSOHandle=NULL; - pfnModExp=NULL; - return 1; - } - -static int nuron_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) - { - int initialised = ((pvDSOHandle == NULL) ? 0 : 1); - switch(cmd) - { - case NURON_CMD_SO_PATH: - if(p == NULL) - { - NURONerr(NURON_F_NURON_CTRL,ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if(initialised) - { - NURONerr(NURON_F_NURON_CTRL,NURON_R_ALREADY_LOADED); - return 0; - } - NURON_LIBNAME = (const char *)p; - return 1; - default: - break; - } - NURONerr(NURON_F_NURON_CTRL,NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED); - return 0; -} - -static int nuron_mod_exp(BIGNUM *r,const BIGNUM *a,const BIGNUM *p, - const BIGNUM *m,BN_CTX *ctx) - { - if(!pvDSOHandle) - { - NURONerr(NURON_F_NURON_MOD_EXP,NURON_R_NOT_LOADED); - return 0; - } - return pfnModExp(r,a,p,m); - } - -#ifndef OPENSSL_NO_RSA -static int nuron_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) - { - return nuron_mod_exp(r0,I,rsa->d,rsa->n,NULL); - } -#endif - -#ifndef OPENSSL_NO_DSA -/* This code was liberated and adapted from the commented-out code in - * dsa_ossl.c. Because of the unoptimised form of the Atalla acceleration - * (it doesn't have a CRT form for RSA), this function means that an - * Atalla system running with a DSA server certificate can handshake - * around 5 or 6 times faster/more than an equivalent system running with - * RSA. Just check out the "signs" statistics from the RSA and DSA parts - * of "openssl speed -engine atalla dsa1024 rsa1024". */ -static int nuron_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, - BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m, - BN_CTX *ctx, BN_MONT_CTX *in_mont) - { - BIGNUM t; - int to_return = 0; - - BN_init(&t); - /* let rr = a1 ^ p1 mod m */ - if (!nuron_mod_exp(rr,a1,p1,m,ctx)) - goto end; - /* let t = a2 ^ p2 mod m */ - if (!nuron_mod_exp(&t,a2,p2,m,ctx)) - goto end; - /* let rr = rr * t mod m */ - if (!BN_mod_mul(rr,rr,&t,m,ctx)) - goto end; - to_return = 1; -end: - BN_free(&t); - return to_return; - } - - -static int nuron_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a, - const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx) - { - return nuron_mod_exp(r, a, p, m, ctx); - } -#endif - -/* This function is aliased to mod_exp (with the mont stuff dropped). */ -static int nuron_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) - { - return nuron_mod_exp(r, a, p, m, ctx); - } - -#ifndef OPENSSL_NO_DH -/* This function is aliased to mod_exp (with the dh and mont dropped). */ -static int nuron_mod_exp_dh(const DH *dh, BIGNUM *r, - const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) - { - return nuron_mod_exp(r, a, p, m, ctx); - } -#endif - -#ifndef OPENSSL_NO_RSA -static RSA_METHOD nuron_rsa = - { - "Nuron RSA method", - NULL, - NULL, - NULL, - NULL, - nuron_rsa_mod_exp, - nuron_mod_exp_mont, - NULL, - NULL, - 0, - NULL, - NULL, - NULL - }; -#endif - -#ifndef OPENSSL_NO_DSA -static DSA_METHOD nuron_dsa = - { - "Nuron DSA method", - NULL, /* dsa_do_sign */ - NULL, /* dsa_sign_setup */ - NULL, /* dsa_do_verify */ - nuron_dsa_mod_exp, /* dsa_mod_exp */ - nuron_mod_exp_dsa, /* bn_mod_exp */ - NULL, /* init */ - NULL, /* finish */ - 0, /* flags */ - NULL /* app_data */ - }; -#endif - -#ifndef OPENSSL_NO_DH -static DH_METHOD nuron_dh = - { - "Nuron DH method", - NULL, - NULL, - nuron_mod_exp_dh, - NULL, - NULL, - 0, - NULL - }; -#endif - -/* Constants used when creating the ENGINE */ -static const char *engine_nuron_id = "nuron"; -static const char *engine_nuron_name = "Nuron hardware engine support"; - -/* This internal function is used by ENGINE_nuron() and possibly by the - * "dynamic" ENGINE support too */ -static int bind_helper(ENGINE *e) - { -#ifndef OPENSSL_NO_RSA - const RSA_METHOD *meth1; -#endif -#ifndef OPENSSL_NO_DSA - const DSA_METHOD *meth2; -#endif -#ifndef OPENSSL_NO_DH - const DH_METHOD *meth3; -#endif - if(!ENGINE_set_id(e, engine_nuron_id) || - !ENGINE_set_name(e, engine_nuron_name) || -#ifndef OPENSSL_NO_RSA - !ENGINE_set_RSA(e, &nuron_rsa) || -#endif -#ifndef OPENSSL_NO_DSA - !ENGINE_set_DSA(e, &nuron_dsa) || -#endif -#ifndef OPENSSL_NO_DH - !ENGINE_set_DH(e, &nuron_dh) || -#endif - !ENGINE_set_destroy_function(e, nuron_destroy) || - !ENGINE_set_init_function(e, nuron_init) || - !ENGINE_set_finish_function(e, nuron_finish) || - !ENGINE_set_ctrl_function(e, nuron_ctrl) || - !ENGINE_set_cmd_defns(e, nuron_cmd_defns)) - return 0; - -#ifndef OPENSSL_NO_RSA - /* We know that the "PKCS1_SSLeay()" functions hook properly - * to the nuron-specific mod_exp and mod_exp_crt so we use - * those functions. NB: We don't use ENGINE_openssl() or - * anything "more generic" because something like the RSAref - * code may not hook properly, and if you own one of these - * cards then you have the right to do RSA operations on it - * anyway! */ - meth1=RSA_PKCS1_SSLeay(); - nuron_rsa.rsa_pub_enc=meth1->rsa_pub_enc; - nuron_rsa.rsa_pub_dec=meth1->rsa_pub_dec; - nuron_rsa.rsa_priv_enc=meth1->rsa_priv_enc; - nuron_rsa.rsa_priv_dec=meth1->rsa_priv_dec; -#endif - -#ifndef OPENSSL_NO_DSA - /* Use the DSA_OpenSSL() method and just hook the mod_exp-ish - * bits. */ - meth2=DSA_OpenSSL(); - nuron_dsa.dsa_do_sign=meth2->dsa_do_sign; - nuron_dsa.dsa_sign_setup=meth2->dsa_sign_setup; - nuron_dsa.dsa_do_verify=meth2->dsa_do_verify; -#endif - -#ifndef OPENSSL_NO_DH - /* Much the same for Diffie-Hellman */ - meth3=DH_OpenSSL(); - nuron_dh.generate_key=meth3->generate_key; - nuron_dh.compute_key=meth3->compute_key; -#endif - - /* Ensure the nuron error handling is set up */ - ERR_load_NURON_strings(); - return 1; - } - -static ENGINE *engine_nuron(void) - { - ENGINE *ret = ENGINE_new(); - if(!ret) - return NULL; - if(!bind_helper(ret)) - { - ENGINE_free(ret); - return NULL; - } - return ret; - } - -void ENGINE_load_nuron(void) - { - /* Copied from eng_[openssl|dyn].c */ - ENGINE *toadd = engine_nuron(); - if(!toadd) return; - ENGINE_add(toadd); - ENGINE_free(toadd); - ERR_clear_error(); - } - -/* This stuff is needed if this ENGINE is being compiled into a self-contained - * shared-library. */ -#ifdef ENGINE_DYNAMIC_SUPPORT -static int bind_fn(ENGINE *e, const char *id) - { - if(id && (strcmp(id, engine_nuron_id) != 0)) - return 0; - if(!bind_helper(e)) - return 0; - return 1; - } -IMPLEMENT_DYNAMIC_CHECK_FN() -IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) -#endif /* ENGINE_DYNAMIC_SUPPORT */ - -#endif /* !OPENSSL_NO_HW_NURON */ -#endif /* !OPENSSL_NO_HW */ diff --git a/src/lib/libcrypto/engine/hw_nuron_err.c b/src/lib/libcrypto/engine/hw_nuron_err.c deleted file mode 100644 index df9d7bde766..00000000000 --- a/src/lib/libcrypto/engine/hw_nuron_err.c +++ /dev/null @@ -1,142 +0,0 @@ -/* hw_nuron_err.c */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -/* NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - -#include -#include -#include "hw_nuron_err.h" - -/* BEGIN ERROR CODES */ -#ifndef OPENSSL_NO_ERR -static ERR_STRING_DATA NURON_str_functs[]= - { -{ERR_PACK(0,NURON_F_NURON_CTRL,0), "NURON_CTRL"}, -{ERR_PACK(0,NURON_F_NURON_FINISH,0), "NURON_FINISH"}, -{ERR_PACK(0,NURON_F_NURON_INIT,0), "NURON_INIT"}, -{ERR_PACK(0,NURON_F_NURON_MOD_EXP,0), "NURON_MOD_EXP"}, -{0,NULL} - }; - -static ERR_STRING_DATA NURON_str_reasons[]= - { -{NURON_R_ALREADY_LOADED ,"already loaded"}, -{NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"}, -{NURON_R_DSO_FAILURE ,"dso failure"}, -{NURON_R_DSO_FUNCTION_NOT_FOUND ,"dso function not found"}, -{NURON_R_DSO_NOT_FOUND ,"dso not found"}, -{NURON_R_NOT_LOADED ,"not loaded"}, -{0,NULL} - }; - -#endif - -#ifdef NURON_LIB_NAME -static ERR_STRING_DATA NURON_lib_name[]= - { -{0 ,NURON_LIB_NAME}, -{0,NULL} - }; -#endif - - -static int NURON_lib_error_code=0; -static int NURON_error_init=1; - -static void ERR_load_NURON_strings(void) - { - if (NURON_lib_error_code == 0) - NURON_lib_error_code=ERR_get_next_error_library(); - - if (NURON_error_init) - { - NURON_error_init=0; -#ifndef OPENSSL_NO_ERR - ERR_load_strings(NURON_lib_error_code,NURON_str_functs); - ERR_load_strings(NURON_lib_error_code,NURON_str_reasons); -#endif - -#ifdef NURON_LIB_NAME - NURON_lib_name->error = ERR_PACK(NURON_lib_error_code,0,0); - ERR_load_strings(0,NURON_lib_name); -#endif - } - } - -static void ERR_unload_NURON_strings(void) - { - if (NURON_error_init == 0) - { -#ifndef OPENSSL_NO_ERR - ERR_unload_strings(NURON_lib_error_code,NURON_str_functs); - ERR_unload_strings(NURON_lib_error_code,NURON_str_reasons); -#endif - -#ifdef NURON_LIB_NAME - ERR_unload_strings(0,NURON_lib_name); -#endif - NURON_error_init=1; - } - } - -static void ERR_NURON_error(int function, int reason, char *file, int line) - { - if (NURON_lib_error_code == 0) - NURON_lib_error_code=ERR_get_next_error_library(); - ERR_PUT_error(NURON_lib_error_code,function,reason,file,line); - } diff --git a/src/lib/libcrypto/engine/hw_nuron_err.h b/src/lib/libcrypto/engine/hw_nuron_err.h deleted file mode 100644 index a56bfdf3039..00000000000 --- a/src/lib/libcrypto/engine/hw_nuron_err.h +++ /dev/null @@ -1,86 +0,0 @@ -/* ==================================================================== - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#ifndef HEADER_NURON_ERR_H -#define HEADER_NURON_ERR_H - -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ -static void ERR_load_NURON_strings(void); -static void ERR_unload_NURON_strings(void); -static void ERR_NURON_error(int function, int reason, char *file, int line); -#define NURONerr(f,r) ERR_NURON_error((f),(r),__FILE__,__LINE__) - -/* Error codes for the NURON functions. */ - -/* Function codes. */ -#define NURON_F_NURON_CTRL 100 -#define NURON_F_NURON_FINISH 101 -#define NURON_F_NURON_INIT 102 -#define NURON_F_NURON_MOD_EXP 103 - -/* Reason codes. */ -#define NURON_R_ALREADY_LOADED 100 -#define NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED 101 -#define NURON_R_DSO_FAILURE 102 -#define NURON_R_DSO_FUNCTION_NOT_FOUND 103 -#define NURON_R_DSO_NOT_FOUND 104 -#define NURON_R_NOT_LOADED 105 - -#ifdef __cplusplus -} -#endif -#endif diff --git a/src/lib/libcrypto/engine/hw_openbsd_dev_crypto.c b/src/lib/libcrypto/engine/hw_openbsd_dev_crypto.c deleted file mode 100644 index f946389b8a3..00000000000 --- a/src/lib/libcrypto/engine/hw_openbsd_dev_crypto.c +++ /dev/null @@ -1,594 +0,0 @@ -/* Written by Ben Laurie August 2001 */ -/* ==================================================================== - * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include -#include "eng_int.h" -/* Maybe this is needed? ... */ -#ifdef FLAT_INC -#include "evp_locl.h" -#else -#include "../evp/evp_locl.h" -#endif -#include - -#ifndef OPENSSL_OPENBSD_DEV_CRYPTO - -void ENGINE_load_openbsd_dev_crypto(void) - { - /* This is a NOP unless OPENSSL_OPENBSD_DEV_CRYPTO is defined */ - return; - } - -#else /* OPENSSL_OPENBSD_DEV_CRYPTO */ - -#include -#include -#include -#include -#include -#include - -#include - -/****************************************************/ -/* Declare the normal generic ENGINE stuff here ... */ - -static int dev_crypto_ciphers(ENGINE *e, const EVP_CIPHER **cipher, - const int **nids, int nid); -static int dev_crypto_digests(ENGINE *e, const EVP_MD **digest, - const int **nids, int nid); - -static const char dev_crypto_id[] = "openbsd_dev_crypto"; -static const char dev_crypto_name[] = "OpenBSD /dev/crypto"; - -static long allow_misaligned; - -#define DEV_CRYPTO_CMD_ALLOW_MISALIGNED ENGINE_CMD_BASE -static const ENGINE_CMD_DEFN dev_crypto_cmd_defns[]= - { - { DEV_CRYPTO_CMD_ALLOW_MISALIGNED, - "allow_misaligned", - "Permit misaligned data to be used", - ENGINE_CMD_FLAG_NUMERIC }, - { 0, NULL, NULL, 0 } - }; - -static int dev_crypto_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) - { - switch(cmd) - { - case DEV_CRYPTO_CMD_ALLOW_MISALIGNED: - allow_misaligned=i; - printf("allow misaligned=%ld\n",allow_misaligned); - break; - } - - return 1; - } - -static ENGINE *engine_openbsd_dev_crypto(void) - { - ENGINE *engine=ENGINE_new(); - - if(!ENGINE_set_id(engine, dev_crypto_id) || - !ENGINE_set_name(engine, dev_crypto_name) || - !ENGINE_set_ciphers(engine, dev_crypto_ciphers) || - !ENGINE_set_digests(engine, dev_crypto_digests) || - !ENGINE_set_ctrl_function(engine, dev_crypto_ctrl) || - !ENGINE_set_cmd_defns(engine, dev_crypto_cmd_defns)) - { - ENGINE_free(engine); - return NULL; - } - - return engine; - } - -void ENGINE_load_openbsd_dev_crypto(void) - { - /* Copied from eng_[openssl|dyn].c */ - ENGINE *toadd = engine_openbsd_dev_crypto(); - if(!toadd) return; - ENGINE_add(toadd); - ENGINE_free(toadd); - ERR_clear_error(); - } - -/******************************************************************************/ -/* Clip in the stuff from crypto/evp/openbsd_hw.c here. NB: What has changed? */ -/* I've removed the exposed EVP_*** functions, they're accessed through the */ -/* "dev_crypto_[ciphers|digests]" handlers. I've also moved the EVP_CIPHER */ -/* and EVP_MD structures to the bottom where they are close to the handlers */ -/* that expose them. What should be done? The global data (file-descriptors, */ -/* etc) should be put into ENGINE's ex_data support, and per-context data */ -/* (also file-descriptors perhaps) should be put into the contexts. Also code */ -/* formatting, fprintf statements, and OpenSSL-style error handling should be */ -/* added (dynamically, like the other ENGINEs). Also, "dynamic" support */ -/* be added to this ENGINE once it's up and running so that it could be built */ -/* as a shared-library. What else? device initialisation should take place */ -/* inside an ENGINE 'init()' handler (and likewise 'finish()'). ciphers and */ -/* digests won't be used by the framework unless the ENGINE has been */ -/* successfully initialised (that's one of the things you get for free) so */ -/* initialisation, including returning failure if device setup fails, can be */ -/* handled quite cleanly. This could presumably handle the opening (and then */ -/* closing inside 'finish()') of the 'cryptodev_fd' file-descriptor). */ - -/* longest key supported in hardware */ -#define MAX_HW_KEY 24 -#define MAX_HW_IV 8 - -#define MD5_DIGEST_LENGTH 16 -#define MD5_CBLOCK 64 - -static int fd; -static int dev_failed; - -typedef struct session_op session_op; - -#define CDATA(ctx) EVP_C_DATA(session_op,ctx) - -static void err(const char *str) - { - fprintf(stderr,"%s: errno %d\n",str,errno); - } - -static int dev_crypto_init(session_op *ses) - { - if(dev_failed) - return 0; - if(!fd) - { - int cryptodev_fd; - - if ((cryptodev_fd=open("/dev/crypto",O_RDWR,0)) < 0) - { - err("/dev/crypto"); - dev_failed=1; - return 0; - } - if (ioctl(cryptodev_fd,CRIOGET,&fd) == -1) - { - err("CRIOGET failed"); - close(cryptodev_fd); - dev_failed=1; - return 0; - } - close(cryptodev_fd); - } - assert(ses); - memset(ses,'\0',sizeof *ses); - - return 1; - } - -static int dev_crypto_cleanup(EVP_CIPHER_CTX *ctx) - { - fprintf(stderr,"cleanup %d\n",CDATA(ctx)->ses); - if(ioctl(fd,CIOCFSESSION,&CDATA(ctx)->ses) == -1) - err("CIOCFSESSION failed"); - - OPENSSL_free(CDATA(ctx)->key); - - return 1; - } - -static int dev_crypto_init_key(EVP_CIPHER_CTX *ctx,int cipher, - const unsigned char *key,int klen) - { - if(!dev_crypto_init(CDATA(ctx))) - return 0; - - CDATA(ctx)->key=OPENSSL_malloc(MAX_HW_KEY); - - assert(ctx->cipher->iv_len <= MAX_HW_IV); - - memcpy(CDATA(ctx)->key,key,klen); - - CDATA(ctx)->cipher=cipher; - CDATA(ctx)->keylen=klen; - - if (ioctl(fd,CIOCGSESSION,CDATA(ctx)) == -1) - { - err("CIOCGSESSION failed"); - return 0; - } - return 1; - } - -static int dev_crypto_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out, - const unsigned char *in,unsigned int inl) - { - struct crypt_op cryp; - unsigned char lb[MAX_HW_IV]; - - if(!inl) - return 1; - - assert(CDATA(ctx)); - assert(!dev_failed); - - memset(&cryp,'\0',sizeof cryp); - cryp.ses=CDATA(ctx)->ses; - cryp.op=ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; - cryp.flags=0; - cryp.len=inl; - assert((inl&(ctx->cipher->block_size-1)) == 0); - cryp.src=(caddr_t)in; - cryp.dst=(caddr_t)out; - cryp.mac=0; - if(ctx->cipher->iv_len) - cryp.iv=(caddr_t)ctx->iv; - - if(!ctx->encrypt) - memcpy(lb,&in[cryp.len-ctx->cipher->iv_len],ctx->cipher->iv_len); - - if(ioctl(fd, CIOCCRYPT, &cryp) == -1) - { - if(errno == EINVAL) /* buffers are misaligned */ - { - unsigned int cinl=0; - char *cin=NULL; - char *cout=NULL; - - /* NB: this can only make cinl != inl with stream ciphers */ - cinl=(inl+3)/4*4; - - if(((unsigned long)in&3) || cinl != inl) - { - cin=OPENSSL_malloc(cinl); - memcpy(cin,in,inl); - cryp.src=cin; - } - - if(((unsigned long)out&3) || cinl != inl) - { - cout=OPENSSL_malloc(cinl); - cryp.dst=cout; - } - - cryp.len=cinl; - - if(ioctl(fd, CIOCCRYPT, &cryp) == -1) - { - err("CIOCCRYPT(2) failed"); - printf("src=%p dst=%p\n",cryp.src,cryp.dst); - abort(); - return 0; - } - - if(cout) - { - memcpy(out,cout,inl); - OPENSSL_free(cout); - } - if(cin) - OPENSSL_free(cin); - } - else - { - err("CIOCCRYPT failed"); - abort(); - return 0; - } - } - - if(ctx->encrypt) - memcpy(ctx->iv,&out[cryp.len-ctx->cipher->iv_len],ctx->cipher->iv_len); - else - memcpy(ctx->iv,lb,ctx->cipher->iv_len); - - return 1; - } - -static int dev_crypto_des_ede3_init_key(EVP_CIPHER_CTX *ctx, - const unsigned char *key, - const unsigned char *iv, int enc) - { return dev_crypto_init_key(ctx,CRYPTO_3DES_CBC,key,24); } - -static int dev_crypto_rc4_init_key(EVP_CIPHER_CTX *ctx, - const unsigned char *key, - const unsigned char *iv, int enc) - { return dev_crypto_init_key(ctx,CRYPTO_ARC4,key,16); } - -typedef struct - { - session_op sess; - char *data; - int len; - unsigned char md[EVP_MAX_MD_SIZE]; - } MD_DATA; - -static int dev_crypto_init_digest(MD_DATA *md_data,int mac) - { - if(!dev_crypto_init(&md_data->sess)) - return 0; - - md_data->len=0; - md_data->data=NULL; - - md_data->sess.mac=mac; - - if (ioctl(fd,CIOCGSESSION,&md_data->sess) == -1) - { - err("CIOCGSESSION failed"); - return 0; - } - fprintf(stderr,"opened %d\n",md_data->sess.ses); - return 1; - } - -static int dev_crypto_cleanup_digest(MD_DATA *md_data) - { - fprintf(stderr,"cleanup %d\n",md_data->sess.ses); - if (ioctl(fd,CIOCFSESSION,&md_data->sess.ses) == -1) - { - err("CIOCFSESSION failed"); - return 0; - } - - return 1; - } - -/* FIXME: if device can do chained MACs, then don't accumulate */ -/* FIXME: move accumulation to the framework */ -static int dev_crypto_md5_init(EVP_MD_CTX *ctx) - { return dev_crypto_init_digest(ctx->md_data,CRYPTO_MD5); } - -static int do_digest(int ses,unsigned char *md,const void *data,int len) - { - struct crypt_op cryp; - static unsigned char md5zero[16]= - { - 0xd4,0x1d,0x8c,0xd9,0x8f,0x00,0xb2,0x04, - 0xe9,0x80,0x09,0x98,0xec,0xf8,0x42,0x7e - }; - - /* some cards can't do zero length */ - if(!len) - { - memcpy(md,md5zero,16); - return 1; - } - - memset(&cryp,'\0',sizeof cryp); - cryp.ses=ses; - cryp.op=COP_ENCRYPT;/* required to do the MAC rather than check it */ - cryp.len=len; - cryp.src=(caddr_t)data; - cryp.dst=(caddr_t)data; // FIXME!!! - cryp.mac=(caddr_t)md; - - if(ioctl(fd, CIOCCRYPT, &cryp) == -1) - { - if(errno == EINVAL && allow_misaligned) /* buffer is misaligned */ - { - char *dcopy; - - dcopy=OPENSSL_malloc(len); - memcpy(dcopy,data,len); - cryp.src=dcopy; - cryp.dst=cryp.src; // FIXME!!! - - if(ioctl(fd, CIOCCRYPT, &cryp) == -1) - { - err("CIOCCRYPT(MAC2) failed"); - abort(); - return 0; - } - OPENSSL_free(dcopy); - } - else - { - err("CIOCCRYPT(MAC) failed"); - abort(); - return 0; - } - } - // printf("done\n"); - - return 1; - } - -static int dev_crypto_md5_update(EVP_MD_CTX *ctx,const void *data, - unsigned long len) - { - MD_DATA *md_data=ctx->md_data; - - if(ctx->flags&EVP_MD_CTX_FLAG_ONESHOT) - return do_digest(md_data->sess.ses,md_data->md,data,len); - - md_data->data=OPENSSL_realloc(md_data->data,md_data->len+len); - memcpy(md_data->data+md_data->len,data,len); - md_data->len+=len; - - return 1; - } - -static int dev_crypto_md5_final(EVP_MD_CTX *ctx,unsigned char *md) - { - int ret; - MD_DATA *md_data=ctx->md_data; - - if(ctx->flags&EVP_MD_CTX_FLAG_ONESHOT) - { - memcpy(md,md_data->md,MD5_DIGEST_LENGTH); - ret=1; - } - else - { - ret=do_digest(md_data->sess.ses,md,md_data->data,md_data->len); - OPENSSL_free(md_data->data); - md_data->data=NULL; - md_data->len=0; - } - - return ret; - } - -static int dev_crypto_md5_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from) - { - const MD_DATA *from_md=from->md_data; - MD_DATA *to_md=to->md_data; - - // How do we copy sessions? - assert(from->digest->flags&EVP_MD_FLAG_ONESHOT); - - to_md->data=OPENSSL_malloc(from_md->len); - memcpy(to_md->data,from_md->data,from_md->len); - - return 1; - } - -static int dev_crypto_md5_cleanup(EVP_MD_CTX *ctx) - { - return dev_crypto_cleanup_digest(ctx->md_data); - } - -/**************************************************************************/ -/* Here are the moved declarations of the EVP_CIPHER and EVP_MD */ -/* implementations. They're down here to be within easy editor-distance */ -/* of the digests and ciphers handler functions. */ - -#define dev_crypto_des_ede3_cbc_cipher dev_crypto_cipher - -BLOCK_CIPHER_def_cbc(dev_crypto_des_ede3, session_op, NID_des_ede3, 8, 24, 8, - 0, dev_crypto_des_ede3_init_key, - dev_crypto_cleanup, - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL) - -static const EVP_CIPHER r4_cipher= - { - NID_rc4, - 1,16,0, /* FIXME: key should be up to 256 bytes */ - EVP_CIPH_VARIABLE_LENGTH, - dev_crypto_rc4_init_key, - dev_crypto_cipher, - dev_crypto_cleanup, - sizeof(session_op), - NULL, - NULL, - NULL - }; - -static const EVP_MD md5_md= - { - NID_md5, - NID_md5WithRSAEncryption, - MD5_DIGEST_LENGTH, - EVP_MD_FLAG_ONESHOT, // XXX: set according to device info... - dev_crypto_md5_init, - dev_crypto_md5_update, - dev_crypto_md5_final, - dev_crypto_md5_copy, - dev_crypto_md5_cleanup, - EVP_PKEY_RSA_method, - MD5_CBLOCK, - sizeof(MD_DATA), - }; - -/****************************************************************/ -/* Implement the dev_crypto_[ciphers|digests] handlers here ... */ - -static int cipher_nids[] = {NID_des_ede3_cbc, NID_rc4}; -static int cipher_nids_num = 2; -static int digest_nids[] = {NID_md5}; -static int digest_nids_num = 1; - -static int dev_crypto_ciphers(ENGINE *e, const EVP_CIPHER **cipher, - const int **nids, int nid) - { - if(!cipher) - { - /* We are returning a list of supported nids */ - *nids = cipher_nids; - return cipher_nids_num; - } - /* We are being asked for a specific cipher */ - if(nid == NID_rc4) - *cipher = &r4_cipher; - else if(nid == NID_des_ede3_cbc) - *cipher = &dev_crypto_des_ede3_cbc; - else - { - *cipher = NULL; - return 0; - } - return 1; - } - -static int dev_crypto_digests(ENGINE *e, const EVP_MD **digest, - const int **nids, int nid) - { - if(!digest) - { - /* We are returning a list of supported nids */ - *nids = digest_nids; - return digest_nids_num; - } - /* We are being asked for a specific digest */ - if(nid == NID_md5) - *digest = &md5_md; - else - { - *digest = NULL; - return 0; - } - return 1; - } - -#endif /* OPENSSL_OPENBSD_DEV_CRYPTO */ diff --git a/src/lib/libcrypto/engine/hw_sureware_err.c b/src/lib/libcrypto/engine/hw_sureware_err.c deleted file mode 100644 index 69955dadbb9..00000000000 --- a/src/lib/libcrypto/engine/hw_sureware_err.c +++ /dev/null @@ -1,150 +0,0 @@ -/* hw_sureware_err.c */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -/* NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - -#include -#include -#include "hw_sureware_err.h" - -/* BEGIN ERROR CODES */ -#ifndef OPENSSL_NO_ERR -static ERR_STRING_DATA SUREWARE_str_functs[]= - { -{ERR_PACK(0,SUREWARE_F_SUREWAREHK_CTRL,0), "SUREWAREHK_CTRL"}, -{ERR_PACK(0,SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,0), "SUREWAREHK_DSA_DO_SIGN"}, -{ERR_PACK(0,SUREWARE_F_SUREWAREHK_EX_FREE,0), "SUREWAREHK_EX_FREE"}, -{ERR_PACK(0,SUREWARE_F_SUREWAREHK_FINISH,0), "SUREWAREHK_FINISH"}, -{ERR_PACK(0,SUREWARE_F_SUREWAREHK_INIT,0), "SUREWAREHK_INIT"}, -{ERR_PACK(0,SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY,0), "SUREWAREHK_LOAD_PRIVATE_KEY"}, -{ERR_PACK(0,SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY,0), "SUREWAREHK_LOAD_PUBLIC_KEY"}, -{ERR_PACK(0,SUREWARE_F_SUREWAREHK_MOD_EXP,0), "SUREWAREHK_MOD_EXP"}, -{ERR_PACK(0,SUREWARE_F_SUREWAREHK_RAND_BYTES,0), "SUREWAREHK_RAND_BYTES"}, -{ERR_PACK(0,SUREWARE_F_SUREWAREHK_RAND_SEED,0), "SUREWAREHK_RAND_SEED"}, -{ERR_PACK(0,SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,0), "SUREWAREHK_RSA_PRIV_DEC"}, -{ERR_PACK(0,SUREWARE_F_SUREWAREHK_RSA_PRIV_ENC,0), "SUREWAREHK_RSA_PRIV_ENC"}, -{0,NULL} - }; - -static ERR_STRING_DATA SUREWARE_str_reasons[]= - { -{SUREWARE_R_BIO_WAS_FREED ,"bio was freed"}, -{SUREWARE_R_MISSING_KEY_COMPONENTS ,"missing key components"}, -{SUREWARE_R_REQUEST_FAILED ,"request failed"}, -{SUREWARE_R_REQUEST_FALLBACK ,"request fallback"}, -{SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL ,"size too large or too small"}, -{SUREWARE_R_UNIT_FAILURE ,"unit failure"}, -{0,NULL} - }; - -#endif - -#ifdef SUREWARE_LIB_NAME -static ERR_STRING_DATA SUREWARE_lib_name[]= - { -{0 ,SUREWARE_LIB_NAME}, -{0,NULL} - }; -#endif - - -static int SUREWARE_lib_error_code=0; -static int SUREWARE_error_init=1; - -static void ERR_load_SUREWARE_strings(void) - { - if (SUREWARE_lib_error_code == 0) - SUREWARE_lib_error_code=ERR_get_next_error_library(); - - if (SUREWARE_error_init) - { - SUREWARE_error_init=0; -#ifndef OPENSSL_NO_ERR - ERR_load_strings(SUREWARE_lib_error_code,SUREWARE_str_functs); - ERR_load_strings(SUREWARE_lib_error_code,SUREWARE_str_reasons); -#endif - -#ifdef SUREWARE_LIB_NAME - SUREWARE_lib_name->error = ERR_PACK(SUREWARE_lib_error_code,0,0); - ERR_load_strings(0,SUREWARE_lib_name); -#endif - } - } - -static void ERR_unload_SUREWARE_strings(void) - { - if (SUREWARE_error_init == 0) - { -#ifndef OPENSSL_NO_ERR - ERR_unload_strings(SUREWARE_lib_error_code,SUREWARE_str_functs); - ERR_unload_strings(SUREWARE_lib_error_code,SUREWARE_str_reasons); -#endif - -#ifdef SUREWARE_LIB_NAME - ERR_unload_strings(0,SUREWARE_lib_name); -#endif - SUREWARE_error_init=1; - } - } - -static void ERR_SUREWARE_error(int function, int reason, char *file, int line) - { - if (SUREWARE_lib_error_code == 0) - SUREWARE_lib_error_code=ERR_get_next_error_library(); - ERR_PUT_error(SUREWARE_lib_error_code,function,reason,file,line); - } diff --git a/src/lib/libcrypto/engine/hw_sureware_err.h b/src/lib/libcrypto/engine/hw_sureware_err.h deleted file mode 100644 index bc52af5e05d..00000000000 --- a/src/lib/libcrypto/engine/hw_sureware_err.h +++ /dev/null @@ -1,94 +0,0 @@ -/* ==================================================================== - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#ifndef HEADER_SUREWARE_ERR_H -#define HEADER_SUREWARE_ERR_H - -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ -static void ERR_load_SUREWARE_strings(void); -static void ERR_unload_SUREWARE_strings(void); -static void ERR_SUREWARE_error(int function, int reason, char *file, int line); -#define SUREWAREerr(f,r) ERR_SUREWARE_error((f),(r),__FILE__,__LINE__) - -/* Error codes for the SUREWARE functions. */ - -/* Function codes. */ -#define SUREWARE_F_SUREWAREHK_CTRL 100 -#define SUREWARE_F_SUREWAREHK_DSA_DO_SIGN 101 -#define SUREWARE_F_SUREWAREHK_EX_FREE 102 -#define SUREWARE_F_SUREWAREHK_FINISH 103 -#define SUREWARE_F_SUREWAREHK_INIT 104 -#define SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY 105 -#define SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY 106 -#define SUREWARE_F_SUREWAREHK_MOD_EXP 107 -#define SUREWARE_F_SUREWAREHK_RAND_BYTES 108 -#define SUREWARE_F_SUREWAREHK_RAND_SEED 109 -#define SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC 110 -#define SUREWARE_F_SUREWAREHK_RSA_PRIV_ENC 111 - -/* Reason codes. */ -#define SUREWARE_R_BIO_WAS_FREED 100 -#define SUREWARE_R_MISSING_KEY_COMPONENTS 105 -#define SUREWARE_R_REQUEST_FAILED 101 -#define SUREWARE_R_REQUEST_FALLBACK 102 -#define SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL 103 -#define SUREWARE_R_UNIT_FAILURE 104 - -#ifdef __cplusplus -} -#endif -#endif diff --git a/src/lib/libcrypto/engine/hw_ubsec.c b/src/lib/libcrypto/engine/hw_ubsec.c deleted file mode 100644 index 743c06043c7..00000000000 --- a/src/lib/libcrypto/engine/hw_ubsec.c +++ /dev/null @@ -1,1041 +0,0 @@ -/* crypto/engine/hw_ubsec.c */ -/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL - * project 2000. - * - * Cloned shamelessly by Joe Tardo. - */ -/* ==================================================================== - * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include -#include "cryptlib.h" -#include -#include - -#ifndef OPENSSL_NO_HW -#ifndef OPENSSL_NO_HW_UBSEC - -#ifdef FLAT_INC -#include "hw_ubsec.h" -#else -#include "vendor_defns/hw_ubsec.h" -#endif - -#define UBSEC_LIB_NAME "ubsec engine" -#include "hw_ubsec_err.c" - -#define FAIL_TO_SOFTWARE -15 - -static int ubsec_destroy(ENGINE *e); -static int ubsec_init(ENGINE *e); -static int ubsec_finish(ENGINE *e); -static int ubsec_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); -static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx); -static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *q, const BIGNUM *dp, - const BIGNUM *dq, const BIGNUM *qinv, BN_CTX *ctx); -#ifndef OPENSSL_NO_RSA -static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa); -#endif -static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); -#ifndef OPENSSL_NO_DSA -#if NOT_USED -static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, - BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m, - BN_CTX *ctx, BN_MONT_CTX *in_mont); -static int ubsec_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a, - const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx); -#endif -static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); -static int ubsec_dsa_verify(const unsigned char *dgst, int dgst_len, - DSA_SIG *sig, DSA *dsa); -#endif -#ifndef OPENSSL_NO_DH -static int ubsec_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, - const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx); -static int ubsec_dh_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh); -static int ubsec_dh_generate_key(DH *dh); -#endif - -#if NOT_USED -static int ubsec_rand_bytes(unsigned char *buf, int num); -static int ubsec_rand_status(void); -#endif - -#define UBSEC_CMD_SO_PATH ENGINE_CMD_BASE -static const ENGINE_CMD_DEFN ubsec_cmd_defns[] = { - {UBSEC_CMD_SO_PATH, - "SO_PATH", - "Specifies the path to the 'ubsec' shared library", - ENGINE_CMD_FLAG_STRING}, - {0, NULL, NULL, 0} - }; - -#ifndef OPENSSL_NO_RSA -/* Our internal RSA_METHOD that we provide pointers to */ -static RSA_METHOD ubsec_rsa = - { - "UBSEC RSA method", - NULL, - NULL, - NULL, - NULL, - ubsec_rsa_mod_exp, - ubsec_mod_exp_mont, - NULL, - NULL, - 0, - NULL, - NULL, - NULL - }; -#endif - -#ifndef OPENSSL_NO_DSA -/* Our internal DSA_METHOD that we provide pointers to */ -static DSA_METHOD ubsec_dsa = - { - "UBSEC DSA method", - ubsec_dsa_do_sign, /* dsa_do_sign */ - NULL, /* dsa_sign_setup */ - ubsec_dsa_verify, /* dsa_do_verify */ - NULL, /* ubsec_dsa_mod_exp */ /* dsa_mod_exp */ - NULL, /* ubsec_mod_exp_dsa */ /* bn_mod_exp */ - NULL, /* init */ - NULL, /* finish */ - 0, /* flags */ - NULL /* app_data */ - }; -#endif - -#ifndef OPENSSL_NO_DH -/* Our internal DH_METHOD that we provide pointers to */ -static DH_METHOD ubsec_dh = - { - "UBSEC DH method", - ubsec_dh_generate_key, - ubsec_dh_compute_key, - ubsec_mod_exp_dh, - NULL, - NULL, - 0, - NULL - }; -#endif - -/* Constants used when creating the ENGINE */ -static const char *engine_ubsec_id = "ubsec"; -static const char *engine_ubsec_name = "UBSEC hardware engine support"; - -/* This internal function is used by ENGINE_ubsec() and possibly by the - * "dynamic" ENGINE support too */ -static int bind_helper(ENGINE *e) - { -#ifndef OPENSSL_NO_RSA - const RSA_METHOD *meth1; -#endif -#ifndef OPENSSL_NO_DH -#ifndef HAVE_UBSEC_DH - const DH_METHOD *meth3; -#endif /* HAVE_UBSEC_DH */ -#endif - if(!ENGINE_set_id(e, engine_ubsec_id) || - !ENGINE_set_name(e, engine_ubsec_name) || -#ifndef OPENSSL_NO_RSA - !ENGINE_set_RSA(e, &ubsec_rsa) || -#endif -#ifndef OPENSSL_NO_DSA - !ENGINE_set_DSA(e, &ubsec_dsa) || -#endif -#ifndef OPENSSL_NO_DH - !ENGINE_set_DH(e, &ubsec_dh) || -#endif - !ENGINE_set_destroy_function(e, ubsec_destroy) || - !ENGINE_set_init_function(e, ubsec_init) || - !ENGINE_set_finish_function(e, ubsec_finish) || - !ENGINE_set_ctrl_function(e, ubsec_ctrl) || - !ENGINE_set_cmd_defns(e, ubsec_cmd_defns)) - return 0; - -#ifndef OPENSSL_NO_RSA - /* We know that the "PKCS1_SSLeay()" functions hook properly - * to the Broadcom-specific mod_exp and mod_exp_crt so we use - * those functions. NB: We don't use ENGINE_openssl() or - * anything "more generic" because something like the RSAref - * code may not hook properly, and if you own one of these - * cards then you have the right to do RSA operations on it - * anyway! */ - meth1 = RSA_PKCS1_SSLeay(); - ubsec_rsa.rsa_pub_enc = meth1->rsa_pub_enc; - ubsec_rsa.rsa_pub_dec = meth1->rsa_pub_dec; - ubsec_rsa.rsa_priv_enc = meth1->rsa_priv_enc; - ubsec_rsa.rsa_priv_dec = meth1->rsa_priv_dec; -#endif - -#ifndef OPENSSL_NO_DH -#ifndef HAVE_UBSEC_DH - /* Much the same for Diffie-Hellman */ - meth3 = DH_OpenSSL(); - ubsec_dh.generate_key = meth3->generate_key; - ubsec_dh.compute_key = meth3->compute_key; -#endif /* HAVE_UBSEC_DH */ -#endif - - /* Ensure the ubsec error handling is set up */ - ERR_load_UBSEC_strings(); - return 1; - } - -static ENGINE *engine_ubsec(void) - { - ENGINE *ret = ENGINE_new(); - if(!ret) - return NULL; - if(!bind_helper(ret)) - { - ENGINE_free(ret); - return NULL; - } - return ret; - } - -void ENGINE_load_ubsec(void) - { - /* Copied from eng_[openssl|dyn].c */ - ENGINE *toadd = engine_ubsec(); - if(!toadd) return; - ENGINE_add(toadd); - ENGINE_free(toadd); - ERR_clear_error(); - } - -/* This is a process-global DSO handle used for loading and unloading - * the UBSEC library. NB: This is only set (or unset) during an - * init() or finish() call (reference counts permitting) and they're - * operating with global locks, so this should be thread-safe - * implicitly. */ - -static DSO *ubsec_dso = NULL; - -/* These are the function pointers that are (un)set when the library has - * successfully (un)loaded. */ - -static t_UBSEC_ubsec_bytes_to_bits *p_UBSEC_ubsec_bytes_to_bits = NULL; -static t_UBSEC_ubsec_bits_to_bytes *p_UBSEC_ubsec_bits_to_bytes = NULL; -static t_UBSEC_ubsec_open *p_UBSEC_ubsec_open = NULL; -static t_UBSEC_ubsec_close *p_UBSEC_ubsec_close = NULL; -#ifndef OPENSSL_NO_DH -static t_UBSEC_diffie_hellman_generate_ioctl - *p_UBSEC_diffie_hellman_generate_ioctl = NULL; -static t_UBSEC_diffie_hellman_agree_ioctl *p_UBSEC_diffie_hellman_agree_ioctl = NULL; -#endif -/* #ifndef OPENSSL_NO_RSA */ -static t_UBSEC_rsa_mod_exp_ioctl *p_UBSEC_rsa_mod_exp_ioctl = NULL; -static t_UBSEC_rsa_mod_exp_crt_ioctl *p_UBSEC_rsa_mod_exp_crt_ioctl = NULL; -/* #endif */ -#ifndef OPENSSL_NO_DSA -static t_UBSEC_dsa_sign_ioctl *p_UBSEC_dsa_sign_ioctl = NULL; -static t_UBSEC_dsa_verify_ioctl *p_UBSEC_dsa_verify_ioctl = NULL; -#endif -static t_UBSEC_math_accelerate_ioctl *p_UBSEC_math_accelerate_ioctl = NULL; -static t_UBSEC_rng_ioctl *p_UBSEC_rng_ioctl = NULL; -static t_UBSEC_max_key_len_ioctl *p_UBSEC_max_key_len_ioctl = NULL; - -static int max_key_len = 1024; /* ??? */ - -/* - * These are the static string constants for the DSO file name and the function - * symbol names to bind to. - */ - -static const char *UBSEC_LIBNAME = "ubsec"; -static const char *UBSEC_F1 = "ubsec_bytes_to_bits"; -static const char *UBSEC_F2 = "ubsec_bits_to_bytes"; -static const char *UBSEC_F3 = "ubsec_open"; -static const char *UBSEC_F4 = "ubsec_close"; -#ifndef OPENSSL_NO_DH -static const char *UBSEC_F5 = "diffie_hellman_generate_ioctl"; -static const char *UBSEC_F6 = "diffie_hellman_agree_ioctl"; -#endif -/* #ifndef OPENSSL_NO_RSA */ -static const char *UBSEC_F7 = "rsa_mod_exp_ioctl"; -static const char *UBSEC_F8 = "rsa_mod_exp_crt_ioctl"; -/* #endif */ -#ifndef OPENSSL_NO_DSA -static const char *UBSEC_F9 = "dsa_sign_ioctl"; -static const char *UBSEC_F10 = "dsa_verify_ioctl"; -#endif -static const char *UBSEC_F11 = "math_accelerate_ioctl"; -static const char *UBSEC_F12 = "rng_ioctl"; -static const char *UBSEC_F13 = "ubsec_max_key_len_ioctl"; - -/* Destructor (complements the "ENGINE_ubsec()" constructor) */ -static int ubsec_destroy(ENGINE *e) - { - ERR_unload_UBSEC_strings(); - return 1; - } - -/* (de)initialisation functions. */ -static int ubsec_init(ENGINE *e) - { - t_UBSEC_ubsec_bytes_to_bits *p1; - t_UBSEC_ubsec_bits_to_bytes *p2; - t_UBSEC_ubsec_open *p3; - t_UBSEC_ubsec_close *p4; -#ifndef OPENSSL_NO_DH - t_UBSEC_diffie_hellman_generate_ioctl *p5; - t_UBSEC_diffie_hellman_agree_ioctl *p6; -#endif -/* #ifndef OPENSSL_NO_RSA */ - t_UBSEC_rsa_mod_exp_ioctl *p7; - t_UBSEC_rsa_mod_exp_crt_ioctl *p8; -/* #endif */ -#ifndef OPENSSL_NO_DSA - t_UBSEC_dsa_sign_ioctl *p9; - t_UBSEC_dsa_verify_ioctl *p10; -#endif - t_UBSEC_math_accelerate_ioctl *p11; - t_UBSEC_rng_ioctl *p12; - t_UBSEC_max_key_len_ioctl *p13; - int fd = 0; - - if(ubsec_dso != NULL) - { - UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_ALREADY_LOADED); - goto err; - } - /* - * Attempt to load libubsec.so/ubsec.dll/whatever. - */ - ubsec_dso = DSO_load(NULL, UBSEC_LIBNAME, NULL, 0); - if(ubsec_dso == NULL) - { - UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_DSO_FAILURE); - goto err; - } - - if ( - !(p1 = (t_UBSEC_ubsec_bytes_to_bits *) DSO_bind_func(ubsec_dso, UBSEC_F1)) || - !(p2 = (t_UBSEC_ubsec_bits_to_bytes *) DSO_bind_func(ubsec_dso, UBSEC_F2)) || - !(p3 = (t_UBSEC_ubsec_open *) DSO_bind_func(ubsec_dso, UBSEC_F3)) || - !(p4 = (t_UBSEC_ubsec_close *) DSO_bind_func(ubsec_dso, UBSEC_F4)) || -#ifndef OPENSSL_NO_DH - !(p5 = (t_UBSEC_diffie_hellman_generate_ioctl *) - DSO_bind_func(ubsec_dso, UBSEC_F5)) || - !(p6 = (t_UBSEC_diffie_hellman_agree_ioctl *) - DSO_bind_func(ubsec_dso, UBSEC_F6)) || -#endif -/* #ifndef OPENSSL_NO_RSA */ - !(p7 = (t_UBSEC_rsa_mod_exp_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F7)) || - !(p8 = (t_UBSEC_rsa_mod_exp_crt_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F8)) || -/* #endif */ -#ifndef OPENSSL_NO_DSA - !(p9 = (t_UBSEC_dsa_sign_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F9)) || - !(p10 = (t_UBSEC_dsa_verify_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F10)) || -#endif - !(p11 = (t_UBSEC_math_accelerate_ioctl *) - DSO_bind_func(ubsec_dso, UBSEC_F11)) || - !(p12 = (t_UBSEC_rng_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F12)) || - !(p13 = (t_UBSEC_max_key_len_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F13))) - { - UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_DSO_FAILURE); - goto err; - } - - /* Copy the pointers */ - p_UBSEC_ubsec_bytes_to_bits = p1; - p_UBSEC_ubsec_bits_to_bytes = p2; - p_UBSEC_ubsec_open = p3; - p_UBSEC_ubsec_close = p4; -#ifndef OPENSSL_NO_DH - p_UBSEC_diffie_hellman_generate_ioctl = p5; - p_UBSEC_diffie_hellman_agree_ioctl = p6; -#endif -#ifndef OPENSSL_NO_RSA - p_UBSEC_rsa_mod_exp_ioctl = p7; - p_UBSEC_rsa_mod_exp_crt_ioctl = p8; -#endif -#ifndef OPENSSL_NO_DSA - p_UBSEC_dsa_sign_ioctl = p9; - p_UBSEC_dsa_verify_ioctl = p10; -#endif - p_UBSEC_math_accelerate_ioctl = p11; - p_UBSEC_rng_ioctl = p12; - p_UBSEC_max_key_len_ioctl = p13; - - /* Perform an open to see if there's actually any unit running. */ - if (((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) > 0) && (p_UBSEC_max_key_len_ioctl(fd, &max_key_len) == 0)) - { - p_UBSEC_ubsec_close(fd); - return 1; - } - else - { - UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE); - } - -err: - if(ubsec_dso) - DSO_free(ubsec_dso); - p_UBSEC_ubsec_bytes_to_bits = NULL; - p_UBSEC_ubsec_bits_to_bytes = NULL; - p_UBSEC_ubsec_open = NULL; - p_UBSEC_ubsec_close = NULL; -#ifndef OPENSSL_NO_DH - p_UBSEC_diffie_hellman_generate_ioctl = NULL; - p_UBSEC_diffie_hellman_agree_ioctl = NULL; -#endif -#ifndef OPENSSL_NO_RSA - p_UBSEC_rsa_mod_exp_ioctl = NULL; - p_UBSEC_rsa_mod_exp_crt_ioctl = NULL; -#endif -#ifndef OPENSSL_NO_DSA - p_UBSEC_dsa_sign_ioctl = NULL; - p_UBSEC_dsa_verify_ioctl = NULL; -#endif - p_UBSEC_math_accelerate_ioctl = NULL; - p_UBSEC_rng_ioctl = NULL; - p_UBSEC_max_key_len_ioctl = NULL; - - return 0; - } - -static int ubsec_finish(ENGINE *e) - { - if(ubsec_dso == NULL) - { - UBSECerr(UBSEC_F_UBSEC_FINISH, UBSEC_R_NOT_LOADED); - return 0; - } - if(!DSO_free(ubsec_dso)) - { - UBSECerr(UBSEC_F_UBSEC_FINISH, UBSEC_R_DSO_FAILURE); - return 0; - } - ubsec_dso = NULL; - p_UBSEC_ubsec_bytes_to_bits = NULL; - p_UBSEC_ubsec_bits_to_bytes = NULL; - p_UBSEC_ubsec_open = NULL; - p_UBSEC_ubsec_close = NULL; -#ifndef OPENSSL_NO_DH - p_UBSEC_diffie_hellman_generate_ioctl = NULL; - p_UBSEC_diffie_hellman_agree_ioctl = NULL; -#endif -#ifndef OPENSSL_NO_RSA - p_UBSEC_rsa_mod_exp_ioctl = NULL; - p_UBSEC_rsa_mod_exp_crt_ioctl = NULL; -#endif -#ifndef OPENSSL_NO_DSA - p_UBSEC_dsa_sign_ioctl = NULL; - p_UBSEC_dsa_verify_ioctl = NULL; -#endif - p_UBSEC_math_accelerate_ioctl = NULL; - p_UBSEC_rng_ioctl = NULL; - p_UBSEC_max_key_len_ioctl = NULL; - return 1; - } - -static int ubsec_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()) - { - int initialised = ((ubsec_dso == NULL) ? 0 : 1); - switch(cmd) - { - case UBSEC_CMD_SO_PATH: - if(p == NULL) - { - UBSECerr(UBSEC_F_UBSEC_CTRL,ERR_R_PASSED_NULL_PARAMETER); - return 0; - } - if(initialised) - { - UBSECerr(UBSEC_F_UBSEC_CTRL,UBSEC_R_ALREADY_LOADED); - return 0; - } - UBSEC_LIBNAME = (const char *)p; - return 1; - default: - break; - } - UBSECerr(UBSEC_F_UBSEC_CTRL,UBSEC_R_CTRL_COMMAND_NOT_IMPLEMENTED); - return 0; - } - -static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx) - { - int y_len = 0; - int fd; - - if(ubsec_dso == NULL) - { - UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_NOT_LOADED); - return 0; - } - - /* Check if hardware can't handle this argument. */ - y_len = BN_num_bits(m); - if (y_len > max_key_len) { - UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL); - return BN_mod_exp(r, a, p, m, ctx); - } - - if(!bn_wexpand(r, m->top)) - { - UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_BN_EXPAND_FAIL); - return 0; - } - memset(r->d, 0, BN_num_bytes(m)); - - if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) { - fd = 0; - UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE); - return BN_mod_exp(r, a, p, m, ctx); - } - - if (p_UBSEC_rsa_mod_exp_ioctl(fd, (unsigned char *)a->d, BN_num_bits(a), - (unsigned char *)m->d, BN_num_bits(m), (unsigned char *)p->d, - BN_num_bits(p), (unsigned char *)r->d, &y_len) != 0) - { - UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_REQUEST_FAILED); - p_UBSEC_ubsec_close(fd); - - return BN_mod_exp(r, a, p, m, ctx); - } - - p_UBSEC_ubsec_close(fd); - - r->top = (BN_num_bits(m)+BN_BITS2-1)/BN_BITS2; - return 1; - } - -#ifndef OPENSSL_NO_RSA -static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) - { - BN_CTX *ctx; - int to_return = 0; - - if((ctx = BN_CTX_new()) == NULL) - goto err; - - if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) - { - UBSECerr(UBSEC_F_UBSEC_RSA_MOD_EXP, UBSEC_R_MISSING_KEY_COMPONENTS); - goto err; - } - - to_return = ubsec_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1, - rsa->dmq1, rsa->iqmp, ctx); - if (to_return == FAIL_TO_SOFTWARE) - { - /* - * Do in software as hardware failed. - */ - const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); - to_return = (*meth->rsa_mod_exp)(r0, I, rsa); - } -err: - if(ctx) - BN_CTX_free(ctx); - return to_return; - } -#endif - -static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *q, const BIGNUM *dp, - const BIGNUM *dq, const BIGNUM *qinv, BN_CTX *ctx) - { - int y_len, - m_len, - fd; - - m_len = BN_num_bytes(p) + BN_num_bytes(q) + 1; - y_len = BN_num_bits(p) + BN_num_bits(q); - - /* Check if hardware can't handle this argument. */ - if (y_len > max_key_len) { - UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL); - return FAIL_TO_SOFTWARE; - } - - if (!bn_wexpand(r, p->top + q->top + 1)) { - UBSECerr(UBSEC_F_UBSEC_RSA_MOD_EXP_CRT, UBSEC_R_BN_EXPAND_FAIL); - return 0; - } - - if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) { - fd = 0; - UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE); - return FAIL_TO_SOFTWARE; - } - - if (p_UBSEC_rsa_mod_exp_crt_ioctl(fd, - (unsigned char *)a->d, BN_num_bits(a), - (unsigned char *)qinv->d, BN_num_bits(qinv), - (unsigned char *)dp->d, BN_num_bits(dp), - (unsigned char *)p->d, BN_num_bits(p), - (unsigned char *)dq->d, BN_num_bits(dq), - (unsigned char *)q->d, BN_num_bits(q), - (unsigned char *)r->d, &y_len) != 0) { - UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_REQUEST_FAILED); - p_UBSEC_ubsec_close(fd); - return FAIL_TO_SOFTWARE; - } - - p_UBSEC_ubsec_close(fd); - - r->top = (BN_num_bits(p) + BN_num_bits(q) + BN_BITS2 - 1)/BN_BITS2; - return 1; -} - -#ifndef OPENSSL_NO_DSA -#if NOT_USED -static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, - BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m, - BN_CTX *ctx, BN_MONT_CTX *in_mont) - { - BIGNUM t; - int to_return = 0; - - BN_init(&t); - /* let rr = a1 ^ p1 mod m */ - if (!ubsec_mod_exp(rr,a1,p1,m,ctx)) goto end; - /* let t = a2 ^ p2 mod m */ - if (!ubsec_mod_exp(&t,a2,p2,m,ctx)) goto end; - /* let rr = rr * t mod m */ - if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end; - to_return = 1; -end: - BN_free(&t); - return to_return; - } - -static int ubsec_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a, - const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx) - { - return ubsec_mod_exp(r, a, p, m, ctx); - } -#endif -#endif - -/* - * This function is aliased to mod_exp (with the mont stuff dropped). - */ -static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) - { - int ret = 0; - -#ifndef OPENSSL_NO_RSA - /* Do in software if the key is too large for the hardware. */ - if (BN_num_bits(m) > max_key_len) - { - const RSA_METHOD *meth = RSA_PKCS1_SSLeay(); - ret = (*meth->bn_mod_exp)(r, a, p, m, ctx, m_ctx); - } - else -#endif - { - ret = ubsec_mod_exp(r, a, p, m, ctx); - } - - return ret; - } - -#ifndef OPENSSL_NO_DH -/* This function is aliased to mod_exp (with the dh and mont dropped). */ -static int ubsec_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, - const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx) - { - return ubsec_mod_exp(r, a, p, m, ctx); - } -#endif - -#ifndef OPENSSL_NO_DSA -static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) - { - DSA_SIG *to_return = NULL; - int s_len = 160, r_len = 160, d_len, fd; - BIGNUM m, *r=NULL, *s=NULL; - - BN_init(&m); - - s = BN_new(); - r = BN_new(); - if ((s == NULL) || (r==NULL)) - goto err; - - d_len = p_UBSEC_ubsec_bytes_to_bits((unsigned char *)dgst, dlen); - - if(!bn_wexpand(r, (160+BN_BITS2-1)/BN_BITS2) || - (!bn_wexpand(s, (160+BN_BITS2-1)/BN_BITS2))) { - UBSECerr(UBSEC_F_UBSEC_DSA_SIGN, UBSEC_R_BN_EXPAND_FAIL); - goto err; - } - - if (BN_bin2bn(dgst,dlen,&m) == NULL) { - UBSECerr(UBSEC_F_UBSEC_DSA_SIGN, UBSEC_R_BN_EXPAND_FAIL); - goto err; - } - - if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) { - const DSA_METHOD *meth; - fd = 0; - UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE); - meth = DSA_OpenSSL(); - to_return = meth->dsa_do_sign(dgst, dlen, dsa); - goto err; - } - - if (p_UBSEC_dsa_sign_ioctl(fd, 0, /* compute hash before signing */ - (unsigned char *)dgst, d_len, - NULL, 0, /* compute random value */ - (unsigned char *)dsa->p->d, BN_num_bits(dsa->p), - (unsigned char *)dsa->q->d, BN_num_bits(dsa->q), - (unsigned char *)dsa->g->d, BN_num_bits(dsa->g), - (unsigned char *)dsa->priv_key->d, BN_num_bits(dsa->priv_key), - (unsigned char *)r->d, &r_len, - (unsigned char *)s->d, &s_len ) != 0) { - const DSA_METHOD *meth; - - UBSECerr(UBSEC_F_UBSEC_DSA_SIGN, UBSEC_R_REQUEST_FAILED); - p_UBSEC_ubsec_close(fd); - meth = DSA_OpenSSL(); - to_return = meth->dsa_do_sign(dgst, dlen, dsa); - - goto err; - } - - p_UBSEC_ubsec_close(fd); - - r->top = (160+BN_BITS2-1)/BN_BITS2; - s->top = (160+BN_BITS2-1)/BN_BITS2; - - to_return = DSA_SIG_new(); - if(to_return == NULL) { - UBSECerr(UBSEC_F_UBSEC_DSA_SIGN, UBSEC_R_BN_EXPAND_FAIL); - goto err; - } - - to_return->r = r; - to_return->s = s; - -err: - if (!to_return) { - if (r) BN_free(r); - if (s) BN_free(s); - } - BN_clear_free(&m); - return to_return; -} - -static int ubsec_dsa_verify(const unsigned char *dgst, int dgst_len, - DSA_SIG *sig, DSA *dsa) - { - int v_len, d_len; - int to_return = 0; - int fd; - BIGNUM v; - - BN_init(&v); - - if(!bn_wexpand(&v, dsa->p->top)) { - UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY ,UBSEC_R_BN_EXPAND_FAIL); - goto err; - } - - v_len = BN_num_bits(dsa->p); - - d_len = p_UBSEC_ubsec_bytes_to_bits((unsigned char *)dgst, dgst_len); - - if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) { - const DSA_METHOD *meth; - fd = 0; - UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE); - meth = DSA_OpenSSL(); - to_return = meth->dsa_do_verify(dgst, dgst_len, sig, dsa); - goto err; - } - - if (p_UBSEC_dsa_verify_ioctl(fd, 0, /* compute hash before signing */ - (unsigned char *)dgst, d_len, - (unsigned char *)dsa->p->d, BN_num_bits(dsa->p), - (unsigned char *)dsa->q->d, BN_num_bits(dsa->q), - (unsigned char *)dsa->g->d, BN_num_bits(dsa->g), - (unsigned char *)dsa->pub_key->d, BN_num_bits(dsa->pub_key), - (unsigned char *)sig->r->d, BN_num_bits(sig->r), - (unsigned char *)sig->s->d, BN_num_bits(sig->s), - (unsigned char *)v.d, &v_len) != 0) { - const DSA_METHOD *meth; - UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY , UBSEC_R_REQUEST_FAILED); - p_UBSEC_ubsec_close(fd); - - meth = DSA_OpenSSL(); - to_return = meth->dsa_do_verify(dgst, dgst_len, sig, dsa); - - goto err; - } - - p_UBSEC_ubsec_close(fd); - - to_return = 1; -err: - BN_clear_free(&v); - return to_return; - } -#endif - -#ifndef OPENSSL_NO_DH -static int ubsec_dh_compute_key (unsigned char *key,const BIGNUM *pub_key,DH *dh) - { - int ret = -1, - k_len, - fd; - - k_len = BN_num_bits(dh->p); - - if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) - { - const DH_METHOD *meth; - ENGINEerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE); - meth = DH_OpenSSL(); - ret = meth->compute_key(key, pub_key, dh); - goto err; - } - - if (p_UBSEC_diffie_hellman_agree_ioctl(fd, - (unsigned char *)dh->priv_key->d, BN_num_bits(dh->priv_key), - (unsigned char *)pub_key->d, BN_num_bits(pub_key), - (unsigned char *)dh->p->d, BN_num_bits(dh->p), - key, &k_len) != 0) - { - /* Hardware's a no go, failover to software */ - const DH_METHOD *meth; - ENGINEerr(UBSEC_F_UBSEC_DH_COMPUTE_KEY, UBSEC_R_REQUEST_FAILED); - p_UBSEC_ubsec_close(fd); - - meth = DH_OpenSSL(); - ret = meth->compute_key(key, pub_key, dh); - - goto err; - } - - p_UBSEC_ubsec_close(fd); - - ret = p_UBSEC_ubsec_bits_to_bytes(k_len); -err: - return ret; - } - -static int ubsec_dh_generate_key (DH *dh) - { - int ret = 0, - random_bits = 0, - pub_key_len = 0, - priv_key_len = 0, - fd; - BIGNUM *pub_key = NULL; - BIGNUM *priv_key = NULL; - - /* - * How many bits should Random x be? dh_key.c - * sets the range from 0 to num_bits(modulus) ??? - */ - - if (dh->priv_key == NULL) - { - priv_key = BN_new(); - if (priv_key == NULL) goto err; - priv_key_len = BN_num_bits(dh->p); - bn_wexpand(priv_key, dh->p->top); - do - if (!BN_rand_range(priv_key, dh->p)) goto err; - while (BN_is_zero(priv_key)); - random_bits = BN_num_bits(priv_key); - } - else - { - priv_key = dh->priv_key; - } - - if (dh->pub_key == NULL) - { - pub_key = BN_new(); - pub_key_len = BN_num_bits(dh->p); - bn_wexpand(pub_key, dh->p->top); - if(pub_key == NULL) goto err; - } - else - { - pub_key = dh->pub_key; - } - - if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) - { - const DH_METHOD *meth; - ENGINEerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE); - meth = DH_OpenSSL(); - ret = meth->generate_key(dh); - goto err; - } - - if (p_UBSEC_diffie_hellman_generate_ioctl(fd, - (unsigned char *)priv_key->d, &priv_key_len, - (unsigned char *)pub_key->d, &pub_key_len, - (unsigned char *)dh->g->d, BN_num_bits(dh->g), - (unsigned char *)dh->p->d, BN_num_bits(dh->p), - 0, 0, random_bits) != 0) - { - /* Hardware's a no go, failover to software */ - const DH_METHOD *meth; - - ENGINEerr(UBSEC_F_UBSEC_DH_COMPUTE_KEY, UBSEC_R_REQUEST_FAILED); - p_UBSEC_ubsec_close(fd); - - meth = DH_OpenSSL(); - ret = meth->generate_key(dh); - - goto err; - } - - p_UBSEC_ubsec_close(fd); - - dh->pub_key = pub_key; - dh->pub_key->top = (pub_key_len + BN_BITS2-1) / BN_BITS2; - dh->priv_key = priv_key; - dh->priv_key->top = (priv_key_len + BN_BITS2-1) / BN_BITS2; - - ret = 1; -err: - return ret; - } -#endif - -#if NOT_USED -static int ubsec_rand_bytes(unsigned char * buf, - int num) - { - int ret = 0, - fd; - - if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) - { - const RAND_METHOD *meth; - ENGINEerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE); - num = p_UBSEC_ubsec_bits_to_bytes(num); - meth = RAND_SSLeay(); - meth->seed(buf, num); - ret = meth->bytes(buf, num); - goto err; - } - - num *= 8; /* bytes to bits */ - - if (p_UBSEC_rng_ioctl(fd, - UBSEC_RNG_DIRECT, - buf, - &num) != 0) - { - /* Hardware's a no go, failover to software */ - const RAND_METHOD *meth; - - ENGINEerr(UBSEC_F_UBSEC_RNG_BYTES, UBSEC_R_REQUEST_FAILED); - p_UBSEC_ubsec_close(fd); - - num = p_UBSEC_ubsec_bits_to_bytes(num); - meth = RAND_SSLeay(); - meth->seed(buf, num); - ret = meth->bytes(buf, num); - - goto err; - } - - p_UBSEC_ubsec_close(fd); - - ret = 1; -err: - return(ret); - } - - -static int ubsec_rand_status(void) - { - return 0; - } -#endif - -/* This stuff is needed if this ENGINE is being compiled into a self-contained - * shared-library. */ -#ifdef ENGINE_DYNAMIC_SUPPORT -static int bind_fn(ENGINE *e, const char *id) - { - if(id && (strcmp(id, engine_ubsec_id) != 0)) - return 0; - if(!bind_helper(e)) - return 0; - return 1; - } -IMPLEMENT_DYNAMIC_CHECK_FN() -IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) -#endif /* ENGINE_DYNAMIC_SUPPORT */ - -#endif /* !OPENSSL_NO_HW_UBSEC */ -#endif /* !OPENSSL_NO_HW */ diff --git a/src/lib/libcrypto/engine/hw_ubsec_err.c b/src/lib/libcrypto/engine/hw_ubsec_err.c deleted file mode 100644 index d707331fc20..00000000000 --- a/src/lib/libcrypto/engine/hw_ubsec_err.c +++ /dev/null @@ -1,151 +0,0 @@ -/* hw_ubsec_err.c */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -/* NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. - */ - -#include -#include -#include "hw_ubsec_err.h" - -/* BEGIN ERROR CODES */ -#ifndef OPENSSL_NO_ERR -static ERR_STRING_DATA UBSEC_str_functs[]= - { -{ERR_PACK(0,UBSEC_F_UBSEC_CTRL,0), "UBSEC_CTRL"}, -{ERR_PACK(0,UBSEC_F_UBSEC_DH_COMPUTE_KEY,0), "UBSEC_DH_COMPUTE_KEY"}, -{ERR_PACK(0,UBSEC_F_UBSEC_DSA_SIGN,0), "UBSEC_DSA_SIGN"}, -{ERR_PACK(0,UBSEC_F_UBSEC_DSA_VERIFY,0), "UBSEC_DSA_VERIFY"}, -{ERR_PACK(0,UBSEC_F_UBSEC_FINISH,0), "UBSEC_FINISH"}, -{ERR_PACK(0,UBSEC_F_UBSEC_INIT,0), "UBSEC_INIT"}, -{ERR_PACK(0,UBSEC_F_UBSEC_MOD_EXP,0), "UBSEC_MOD_EXP"}, -{ERR_PACK(0,UBSEC_F_UBSEC_RNG_BYTES,0), "UBSEC_RNG_BYTES"}, -{ERR_PACK(0,UBSEC_F_UBSEC_RSA_MOD_EXP,0), "UBSEC_RSA_MOD_EXP"}, -{ERR_PACK(0,UBSEC_F_UBSEC_RSA_MOD_EXP_CRT,0), "UBSEC_RSA_MOD_EXP_CRT"}, -{0,NULL} - }; - -static ERR_STRING_DATA UBSEC_str_reasons[]= - { -{UBSEC_R_ALREADY_LOADED ,"already loaded"}, -{UBSEC_R_BN_EXPAND_FAIL ,"bn expand fail"}, -{UBSEC_R_CTRL_COMMAND_NOT_IMPLEMENTED ,"ctrl command not implemented"}, -{UBSEC_R_DSO_FAILURE ,"dso failure"}, -{UBSEC_R_MISSING_KEY_COMPONENTS ,"missing key components"}, -{UBSEC_R_NOT_LOADED ,"not loaded"}, -{UBSEC_R_REQUEST_FAILED ,"request failed"}, -{UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL ,"size too large or too small"}, -{UBSEC_R_UNIT_FAILURE ,"unit failure"}, -{0,NULL} - }; - -#endif - -#ifdef UBSEC_LIB_NAME -static ERR_STRING_DATA UBSEC_lib_name[]= - { -{0 ,UBSEC_LIB_NAME}, -{0,NULL} - }; -#endif - - -static int UBSEC_lib_error_code=0; -static int UBSEC_error_init=1; - -static void ERR_load_UBSEC_strings(void) - { - if (UBSEC_lib_error_code == 0) - UBSEC_lib_error_code=ERR_get_next_error_library(); - - if (UBSEC_error_init) - { - UBSEC_error_init=0; -#ifndef OPENSSL_NO_ERR - ERR_load_strings(UBSEC_lib_error_code,UBSEC_str_functs); - ERR_load_strings(UBSEC_lib_error_code,UBSEC_str_reasons); -#endif - -#ifdef UBSEC_LIB_NAME - UBSEC_lib_name->error = ERR_PACK(UBSEC_lib_error_code,0,0); - ERR_load_strings(0,UBSEC_lib_name); -#endif - } - } - -static void ERR_unload_UBSEC_strings(void) - { - if (UBSEC_error_init == 0) - { -#ifndef OPENSSL_NO_ERR - ERR_unload_strings(UBSEC_lib_error_code,UBSEC_str_functs); - ERR_unload_strings(UBSEC_lib_error_code,UBSEC_str_reasons); -#endif - -#ifdef UBSEC_LIB_NAME - ERR_unload_strings(0,UBSEC_lib_name); -#endif - UBSEC_error_init=1; - } - } - -static void ERR_UBSEC_error(int function, int reason, char *file, int line) - { - if (UBSEC_lib_error_code == 0) - UBSEC_lib_error_code=ERR_get_next_error_library(); - ERR_PUT_error(UBSEC_lib_error_code,function,reason,file,line); - } diff --git a/src/lib/libcrypto/engine/hw_ubsec_err.h b/src/lib/libcrypto/engine/hw_ubsec_err.h deleted file mode 100644 index 023d3be7711..00000000000 --- a/src/lib/libcrypto/engine/hw_ubsec_err.h +++ /dev/null @@ -1,95 +0,0 @@ -/* ==================================================================== - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#ifndef HEADER_UBSEC_ERR_H -#define HEADER_UBSEC_ERR_H - -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ -static void ERR_load_UBSEC_strings(void); -static void ERR_unload_UBSEC_strings(void); -static void ERR_UBSEC_error(int function, int reason, char *file, int line); -#define UBSECerr(f,r) ERR_UBSEC_error((f),(r),__FILE__,__LINE__) - -/* Error codes for the UBSEC functions. */ - -/* Function codes. */ -#define UBSEC_F_UBSEC_CTRL 100 -#define UBSEC_F_UBSEC_DH_COMPUTE_KEY 101 -#define UBSEC_F_UBSEC_DSA_SIGN 102 -#define UBSEC_F_UBSEC_DSA_VERIFY 103 -#define UBSEC_F_UBSEC_FINISH 104 -#define UBSEC_F_UBSEC_INIT 105 -#define UBSEC_F_UBSEC_MOD_EXP 106 -#define UBSEC_F_UBSEC_RNG_BYTES 107 -#define UBSEC_F_UBSEC_RSA_MOD_EXP 108 -#define UBSEC_F_UBSEC_RSA_MOD_EXP_CRT 109 - -/* Reason codes. */ -#define UBSEC_R_ALREADY_LOADED 100 -#define UBSEC_R_BN_EXPAND_FAIL 101 -#define UBSEC_R_CTRL_COMMAND_NOT_IMPLEMENTED 102 -#define UBSEC_R_DSO_FAILURE 103 -#define UBSEC_R_MISSING_KEY_COMPONENTS 104 -#define UBSEC_R_NOT_LOADED 105 -#define UBSEC_R_REQUEST_FAILED 106 -#define UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL 107 -#define UBSEC_R_UNIT_FAILURE 108 - -#ifdef __cplusplus -} -#endif -#endif diff --git a/src/lib/libcrypto/engine/tb_asnmth.c b/src/lib/libcrypto/engine/tb_asnmth.c new file mode 100644 index 00000000000..51e5198b407 --- /dev/null +++ b/src/lib/libcrypto/engine/tb_asnmth.c @@ -0,0 +1,255 @@ +/* $OpenBSD: tb_asnmth.c,v 1.6 2017/01/29 17:49:23 beck Exp $ */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include + +#include + +#include "eng_int.h" +#include "asn1_locl.h" +#include + +/* If this symbol is defined then ENGINE_get_pkey_asn1_meth_engine(), the + * function that is used by EVP to hook in pkey_asn1_meth code and cache + * defaults (etc), will display brief debugging summaries to stderr with the + * 'nid'. */ +/* #define ENGINE_PKEY_ASN1_METH_DEBUG */ + +static ENGINE_TABLE *pkey_asn1_meth_table = NULL; + +void +ENGINE_unregister_pkey_asn1_meths(ENGINE *e) +{ + engine_table_unregister(&pkey_asn1_meth_table, e); +} + +static void +engine_unregister_all_pkey_asn1_meths(void) +{ + engine_table_cleanup(&pkey_asn1_meth_table); +} + +int +ENGINE_register_pkey_asn1_meths(ENGINE *e) +{ + if (e->pkey_asn1_meths) { + const int *nids; + int num_nids = e->pkey_asn1_meths(e, NULL, &nids, 0); + if (num_nids > 0) + return engine_table_register(&pkey_asn1_meth_table, + engine_unregister_all_pkey_asn1_meths, e, nids, + num_nids, 0); + } + return 1; +} + +void +ENGINE_register_all_pkey_asn1_meths(void) +{ + ENGINE *e; + + for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) + ENGINE_register_pkey_asn1_meths(e); +} + +int +ENGINE_set_default_pkey_asn1_meths(ENGINE *e) +{ + if (e->pkey_asn1_meths) { + const int *nids; + int num_nids = e->pkey_asn1_meths(e, NULL, &nids, 0); + if (num_nids > 0) + return engine_table_register(&pkey_asn1_meth_table, + engine_unregister_all_pkey_asn1_meths, e, nids, + num_nids, 1); + } + return 1; +} + +/* Exposed API function to get a functional reference from the implementation + * table (ie. try to get a functional reference from the tabled structural + * references) for a given pkey_asn1_meth 'nid' */ +ENGINE * +ENGINE_get_pkey_asn1_meth_engine(int nid) +{ + return engine_table_select(&pkey_asn1_meth_table, nid); +} + +/* Obtains a pkey_asn1_meth implementation from an ENGINE functional reference */ +const EVP_PKEY_ASN1_METHOD * +ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid) +{ + EVP_PKEY_ASN1_METHOD *ret; + ENGINE_PKEY_ASN1_METHS_PTR fn = ENGINE_get_pkey_asn1_meths(e); + + if (!fn || !fn(e, &ret, NULL, nid)) { + ENGINEerror(ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD); + return NULL; + } + return ret; +} + +/* Gets the pkey_asn1_meth callback from an ENGINE structure */ +ENGINE_PKEY_ASN1_METHS_PTR +ENGINE_get_pkey_asn1_meths(const ENGINE *e) +{ + return e->pkey_asn1_meths; +} + +/* Sets the pkey_asn1_meth callback in an ENGINE structure */ +int +ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f) +{ + e->pkey_asn1_meths = f; + return 1; +} + +/* Internal function to free up EVP_PKEY_ASN1_METHOD structures before an + * ENGINE is destroyed + */ + +void +engine_pkey_asn1_meths_free(ENGINE *e) +{ + int i; + EVP_PKEY_ASN1_METHOD *pkm; + + if (e->pkey_asn1_meths) { + const int *pknids; + int npknids; + npknids = e->pkey_asn1_meths(e, NULL, &pknids, 0); + for (i = 0; i < npknids; i++) { + if (e->pkey_asn1_meths(e, &pkm, NULL, pknids[i])) { + EVP_PKEY_asn1_free(pkm); + } + } + } +} + +/* Find a method based on a string. This does a linear search through + * all implemented algorithms. This is OK in practice because only + * a small number of algorithms are likely to be implemented in an engine + * and it is not used for speed critical operations. + */ + +const EVP_PKEY_ASN1_METHOD * +ENGINE_get_pkey_asn1_meth_str(ENGINE *e, const char *str, int len) +{ + int i, nidcount; + const int *nids; + EVP_PKEY_ASN1_METHOD *ameth; + + if (!e->pkey_asn1_meths) + return NULL; + if (len == -1) + len = strlen(str); + nidcount = e->pkey_asn1_meths(e, NULL, &nids, 0); + for (i = 0; i < nidcount; i++) { + e->pkey_asn1_meths(e, &ameth, NULL, nids[i]); + if (((int)strlen(ameth->pem_str) == len) && + !strncasecmp(ameth->pem_str, str, len)) + return ameth; + } + return NULL; +} + +typedef struct { + ENGINE *e; + const EVP_PKEY_ASN1_METHOD *ameth; + const char *str; + int len; +} ENGINE_FIND_STR; + +static void +look_str_cb(int nid, STACK_OF(ENGINE) *sk, ENGINE *def, void *arg) +{ + ENGINE_FIND_STR *lk = arg; + int i; + + if (lk->ameth) + return; + for (i = 0; i < sk_ENGINE_num(sk); i++) { + ENGINE *e = sk_ENGINE_value(sk, i); + EVP_PKEY_ASN1_METHOD *ameth; + e->pkey_asn1_meths(e, &ameth, NULL, nid); + if (((int)strlen(ameth->pem_str) == lk->len) && + !strncasecmp(ameth->pem_str, lk->str, lk->len)) { + lk->e = e; + lk->ameth = ameth; + return; + } + } +} + +const EVP_PKEY_ASN1_METHOD * +ENGINE_pkey_asn1_find_str(ENGINE **pe, const char *str, int len) +{ + ENGINE_FIND_STR fstr; + + fstr.e = NULL; + fstr.ameth = NULL; + fstr.str = str; + fstr.len = len; + CRYPTO_w_lock(CRYPTO_LOCK_ENGINE); + engine_table_doall(pkey_asn1_meth_table, look_str_cb, &fstr); + /* If found obtain a structural reference to engine */ + if (fstr.e) { + fstr.e->struct_ref++; + engine_ref_debug(fstr.e, 0, 1) + } + *pe = fstr.e; + CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE); + return fstr.ameth; +} diff --git a/src/lib/libcrypto/engine/tb_cipher.c b/src/lib/libcrypto/engine/tb_cipher.c index c5a50fc9102..ed87ff199e1 100644 --- a/src/lib/libcrypto/engine/tb_cipher.c +++ b/src/lib/libcrypto/engine/tb_cipher.c @@ -1,3 +1,4 @@ +/* $OpenBSD: tb_cipher.c,v 1.8 2017/01/29 17:49:23 beck Exp $ */ /* ==================================================================== * Copyright (c) 2000 The OpenSSL Project. All rights reserved. * @@ -6,7 +7,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -52,8 +53,8 @@ * */ -#include -#include +#include + #include "eng_int.h" /* If this symbol is defined then ENGINE_get_cipher_engine(), the function that @@ -63,83 +64,89 @@ static ENGINE_TABLE *cipher_table = NULL; -void ENGINE_unregister_ciphers(ENGINE *e) - { +void +ENGINE_unregister_ciphers(ENGINE *e) +{ engine_table_unregister(&cipher_table, e); - } +} -static void engine_unregister_all_ciphers(void) - { +static void +engine_unregister_all_ciphers(void) +{ engine_table_cleanup(&cipher_table); - } +} -int ENGINE_register_ciphers(ENGINE *e) - { - if(e->ciphers) - { +int +ENGINE_register_ciphers(ENGINE *e) +{ + if (e->ciphers) { const int *nids; int num_nids = e->ciphers(e, NULL, &nids, 0); - if(num_nids > 0) + if (num_nids > 0) return engine_table_register(&cipher_table, - &engine_unregister_all_ciphers, e, nids, - num_nids, 0); - } - return 1; + engine_unregister_all_ciphers, e, nids, + num_nids, 0); } + return 1; +} -void ENGINE_register_all_ciphers() - { +void +ENGINE_register_all_ciphers(void) +{ ENGINE *e; - for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e)) + for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) ENGINE_register_ciphers(e); - } +} -int ENGINE_set_default_ciphers(ENGINE *e) - { - if(e->ciphers) - { +int +ENGINE_set_default_ciphers(ENGINE *e) +{ + if (e->ciphers) { const int *nids; int num_nids = e->ciphers(e, NULL, &nids, 0); - if(num_nids > 0) + if (num_nids > 0) return engine_table_register(&cipher_table, - &engine_unregister_all_ciphers, e, nids, - num_nids, 1); - } - return 1; + engine_unregister_all_ciphers, e, nids, + num_nids, 1); } + return 1; +} /* Exposed API function to get a functional reference from the implementation * table (ie. try to get a functional reference from the tabled structural * references) for a given cipher 'nid' */ -ENGINE *ENGINE_get_cipher_engine(int nid) - { +ENGINE * +ENGINE_get_cipher_engine(int nid) +{ return engine_table_select(&cipher_table, nid); - } +} /* Obtains a cipher implementation from an ENGINE functional reference */ -const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid) - { +const EVP_CIPHER * +ENGINE_get_cipher(ENGINE *e, int nid) +{ const EVP_CIPHER *ret; ENGINE_CIPHERS_PTR fn = ENGINE_get_ciphers(e); - if(!fn || !fn(e, &ret, NULL, nid)) - { - ENGINEerr(ENGINE_F_ENGINE_GET_CIPHER, - ENGINE_R_UNIMPLEMENTED_CIPHER); + + if (!fn || !fn(e, &ret, NULL, nid)) { + ENGINEerror(ENGINE_R_UNIMPLEMENTED_CIPHER); return NULL; - } - return ret; } + return ret; +} /* Gets the cipher callback from an ENGINE structure */ -ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e) - { +ENGINE_CIPHERS_PTR +ENGINE_get_ciphers(const ENGINE *e) +{ return e->ciphers; - } +} /* Sets the cipher callback in an ENGINE structure */ -int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f) - { +int +ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f) +{ e->ciphers = f; return 1; - } +} diff --git a/src/lib/libcrypto/engine/tb_dh.c b/src/lib/libcrypto/engine/tb_dh.c index c9347235ead..4f200424e5f 100644 --- a/src/lib/libcrypto/engine/tb_dh.c +++ b/src/lib/libcrypto/engine/tb_dh.c @@ -1,3 +1,4 @@ +/* $OpenBSD: tb_dh.c,v 1.6 2014/06/12 15:49:29 deraadt Exp $ */ /* ==================================================================== * Copyright (c) 2000 The OpenSSL Project. All rights reserved. * @@ -6,7 +7,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -52,8 +53,6 @@ * */ -#include -#include #include "eng_int.h" /* If this symbol is defined then ENGINE_get_default_DH(), the function that is @@ -64,57 +63,65 @@ static ENGINE_TABLE *dh_table = NULL; static const int dummy_nid = 1; -void ENGINE_unregister_DH(ENGINE *e) - { +void +ENGINE_unregister_DH(ENGINE *e) +{ engine_table_unregister(&dh_table, e); - } +} -static void engine_unregister_all_DH(void) - { +static void +engine_unregister_all_DH(void) +{ engine_table_cleanup(&dh_table); - } +} -int ENGINE_register_DH(ENGINE *e) - { - if(e->dh_meth) +int +ENGINE_register_DH(ENGINE *e) +{ + if (e->dh_meth) return engine_table_register(&dh_table, - &engine_unregister_all_DH, e, &dummy_nid, 1, 0); + engine_unregister_all_DH, e, &dummy_nid, 1, 0); return 1; - } +} -void ENGINE_register_all_DH() - { +void +ENGINE_register_all_DH(void) +{ ENGINE *e; - for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e)) + for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) ENGINE_register_DH(e); - } +} -int ENGINE_set_default_DH(ENGINE *e) - { - if(e->dh_meth) +int +ENGINE_set_default_DH(ENGINE *e) +{ + if (e->dh_meth) return engine_table_register(&dh_table, - &engine_unregister_all_DH, e, &dummy_nid, 1, 1); + engine_unregister_all_DH, e, &dummy_nid, 1, 1); return 1; - } +} /* Exposed API function to get a functional reference from the implementation * table (ie. try to get a functional reference from the tabled structural * references). */ -ENGINE *ENGINE_get_default_DH(void) - { +ENGINE * +ENGINE_get_default_DH(void) +{ return engine_table_select(&dh_table, dummy_nid); - } +} /* Obtains an DH implementation from an ENGINE functional reference */ -const DH_METHOD *ENGINE_get_DH(const ENGINE *e) - { +const DH_METHOD * +ENGINE_get_DH(const ENGINE *e) +{ return e->dh_meth; - } +} /* Sets an DH implementation in an ENGINE structure */ -int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth) - { +int +ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth) +{ e->dh_meth = dh_meth; return 1; - } +} diff --git a/src/lib/libcrypto/engine/tb_digest.c b/src/lib/libcrypto/engine/tb_digest.c index 2c4dd6f796f..f1a2e8a6b3f 100644 --- a/src/lib/libcrypto/engine/tb_digest.c +++ b/src/lib/libcrypto/engine/tb_digest.c @@ -1,3 +1,4 @@ +/* $OpenBSD: tb_digest.c,v 1.8 2017/01/29 17:49:23 beck Exp $ */ /* ==================================================================== * Copyright (c) 2000 The OpenSSL Project. All rights reserved. * @@ -6,7 +7,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -52,8 +53,8 @@ * */ -#include -#include +#include + #include "eng_int.h" /* If this symbol is defined then ENGINE_get_digest_engine(), the function that @@ -63,83 +64,89 @@ static ENGINE_TABLE *digest_table = NULL; -void ENGINE_unregister_digests(ENGINE *e) - { +void +ENGINE_unregister_digests(ENGINE *e) +{ engine_table_unregister(&digest_table, e); - } +} -static void engine_unregister_all_digests(void) - { +static void +engine_unregister_all_digests(void) +{ engine_table_cleanup(&digest_table); - } +} -int ENGINE_register_digests(ENGINE *e) - { - if(e->digests) - { +int +ENGINE_register_digests(ENGINE *e) +{ + if (e->digests) { const int *nids; int num_nids = e->digests(e, NULL, &nids, 0); - if(num_nids > 0) + if (num_nids > 0) return engine_table_register(&digest_table, - &engine_unregister_all_digests, e, nids, - num_nids, 0); - } - return 1; + engine_unregister_all_digests, e, nids, + num_nids, 0); } + return 1; +} -void ENGINE_register_all_digests() - { +void +ENGINE_register_all_digests(void) +{ ENGINE *e; - for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e)) + for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) ENGINE_register_digests(e); - } +} -int ENGINE_set_default_digests(ENGINE *e) - { - if(e->digests) - { +int +ENGINE_set_default_digests(ENGINE *e) +{ + if (e->digests) { const int *nids; int num_nids = e->digests(e, NULL, &nids, 0); - if(num_nids > 0) + if (num_nids > 0) return engine_table_register(&digest_table, - &engine_unregister_all_digests, e, nids, - num_nids, 1); - } - return 1; + engine_unregister_all_digests, e, nids, + num_nids, 1); } + return 1; +} /* Exposed API function to get a functional reference from the implementation * table (ie. try to get a functional reference from the tabled structural * references) for a given digest 'nid' */ -ENGINE *ENGINE_get_digest_engine(int nid) - { +ENGINE * +ENGINE_get_digest_engine(int nid) +{ return engine_table_select(&digest_table, nid); - } +} /* Obtains a digest implementation from an ENGINE functional reference */ -const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid) - { +const EVP_MD * +ENGINE_get_digest(ENGINE *e, int nid) +{ const EVP_MD *ret; ENGINE_DIGESTS_PTR fn = ENGINE_get_digests(e); - if(!fn || !fn(e, &ret, NULL, nid)) - { - ENGINEerr(ENGINE_F_ENGINE_GET_DIGEST, - ENGINE_R_UNIMPLEMENTED_DIGEST); + + if (!fn || !fn(e, &ret, NULL, nid)) { + ENGINEerror(ENGINE_R_UNIMPLEMENTED_DIGEST); return NULL; - } - return ret; } + return ret; +} /* Gets the digest callback from an ENGINE structure */ -ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e) - { +ENGINE_DIGESTS_PTR +ENGINE_get_digests(const ENGINE *e) +{ return e->digests; - } +} /* Sets the digest callback in an ENGINE structure */ -int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f) - { +int +ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f) +{ e->digests = f; return 1; - } +} diff --git a/src/lib/libcrypto/engine/tb_dsa.c b/src/lib/libcrypto/engine/tb_dsa.c index e9209476b83..23e92361073 100644 --- a/src/lib/libcrypto/engine/tb_dsa.c +++ b/src/lib/libcrypto/engine/tb_dsa.c @@ -1,3 +1,4 @@ +/* $OpenBSD: tb_dsa.c,v 1.7 2014/06/12 15:49:29 deraadt Exp $ */ /* ==================================================================== * Copyright (c) 2000 The OpenSSL Project. All rights reserved. * @@ -6,7 +7,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -52,8 +53,6 @@ * */ -#include -#include #include "eng_int.h" /* If this symbol is defined then ENGINE_get_default_DSA(), the function that is @@ -64,57 +63,65 @@ static ENGINE_TABLE *dsa_table = NULL; static const int dummy_nid = 1; -void ENGINE_unregister_DSA(ENGINE *e) - { +void +ENGINE_unregister_DSA(ENGINE *e) +{ engine_table_unregister(&dsa_table, e); - } +} -static void engine_unregister_all_DSA(void) - { +static void +engine_unregister_all_DSA(void) +{ engine_table_cleanup(&dsa_table); - } +} -int ENGINE_register_DSA(ENGINE *e) - { - if(e->dsa_meth) +int +ENGINE_register_DSA(ENGINE *e) +{ + if (e->dsa_meth) return engine_table_register(&dsa_table, - &engine_unregister_all_DSA, e, &dummy_nid, 1, 0); + engine_unregister_all_DSA, e, &dummy_nid, 1, 0); return 1; - } +} -void ENGINE_register_all_DSA() - { +void +ENGINE_register_all_DSA(void) +{ ENGINE *e; - for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e)) + for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) ENGINE_register_DSA(e); - } +} -int ENGINE_set_default_DSA(ENGINE *e) - { - if(e->dsa_meth) +int +ENGINE_set_default_DSA(ENGINE *e) +{ + if (e->dsa_meth) return engine_table_register(&dsa_table, - &engine_unregister_all_DSA, e, &dummy_nid, 1, 0); + engine_unregister_all_DSA, e, &dummy_nid, 1, 1); return 1; - } +} /* Exposed API function to get a functional reference from the implementation * table (ie. try to get a functional reference from the tabled structural * references). */ -ENGINE *ENGINE_get_default_DSA(void) - { +ENGINE * +ENGINE_get_default_DSA(void) +{ return engine_table_select(&dsa_table, dummy_nid); - } +} /* Obtains an DSA implementation from an ENGINE functional reference */ -const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e) - { +const DSA_METHOD * +ENGINE_get_DSA(const ENGINE *e) +{ return e->dsa_meth; - } +} /* Sets an DSA implementation in an ENGINE structure */ -int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth) - { +int +ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth) +{ e->dsa_meth = dsa_meth; return 1; - } +} diff --git a/src/lib/libcrypto/engine/tb_ecdh.c b/src/lib/libcrypto/engine/tb_ecdh.c new file mode 100644 index 00000000000..a67877addde --- /dev/null +++ b/src/lib/libcrypto/engine/tb_ecdh.c @@ -0,0 +1,141 @@ +/* $OpenBSD: tb_ecdh.c,v 1.4 2014/06/12 15:49:29 deraadt Exp $ */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * The Elliptic Curve Public-Key Crypto Library (ECC Code) included + * herein is developed by SUN MICROSYSTEMS, INC., and is contributed + * to the OpenSSL project. + * + * The ECC Code is licensed pursuant to the OpenSSL open source + * license provided below. + * + * The ECDH engine software is originally written by Nils Gura and + * Douglas Stebila of Sun Microsystems Laboratories. + * + */ +/* ==================================================================== + * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include "eng_int.h" + +/* If this symbol is defined then ENGINE_get_default_ECDH(), the function that is + * used by ECDH to hook in implementation code and cache defaults (etc), will + * display brief debugging summaries to stderr with the 'nid'. */ +/* #define ENGINE_ECDH_DEBUG */ + +static ENGINE_TABLE *ecdh_table = NULL; +static const int dummy_nid = 1; + +void +ENGINE_unregister_ECDH(ENGINE *e) +{ + engine_table_unregister(&ecdh_table, e); +} + +static void +engine_unregister_all_ECDH(void) +{ + engine_table_cleanup(&ecdh_table); +} + +int +ENGINE_register_ECDH(ENGINE *e) +{ + if (e->ecdh_meth) + return engine_table_register(&ecdh_table, + engine_unregister_all_ECDH, e, &dummy_nid, 1, 0); + return 1; +} + +void +ENGINE_register_all_ECDH(void) +{ + ENGINE *e; + + for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) + ENGINE_register_ECDH(e); +} + +int +ENGINE_set_default_ECDH(ENGINE *e) +{ + if (e->ecdh_meth) + return engine_table_register(&ecdh_table, + engine_unregister_all_ECDH, e, &dummy_nid, 1, 1); + return 1; +} + +/* Exposed API function to get a functional reference from the implementation + * table (ie. try to get a functional reference from the tabled structural + * references). */ +ENGINE * +ENGINE_get_default_ECDH(void) +{ + return engine_table_select(&ecdh_table, dummy_nid); +} + +/* Obtains an ECDH implementation from an ENGINE functional reference */ +const ECDH_METHOD * +ENGINE_get_ECDH(const ENGINE *e) +{ + return e->ecdh_meth; +} + +/* Sets an ECDH implementation in an ENGINE structure */ +int +ENGINE_set_ECDH(ENGINE *e, const ECDH_METHOD *ecdh_meth) +{ + e->ecdh_meth = ecdh_meth; + return 1; +} diff --git a/src/lib/libcrypto/engine/tb_ecdsa.c b/src/lib/libcrypto/engine/tb_ecdsa.c new file mode 100644 index 00000000000..226b76e185f --- /dev/null +++ b/src/lib/libcrypto/engine/tb_ecdsa.c @@ -0,0 +1,127 @@ +/* $OpenBSD: tb_ecdsa.c,v 1.4 2014/06/12 15:49:29 deraadt Exp $ */ +/* ==================================================================== + * Copyright (c) 2000-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include "eng_int.h" + +/* If this symbol is defined then ENGINE_get_default_ECDSA(), the function that is + * used by ECDSA to hook in implementation code and cache defaults (etc), will + * display brief debugging summaries to stderr with the 'nid'. */ +/* #define ENGINE_ECDSA_DEBUG */ + +static ENGINE_TABLE *ecdsa_table = NULL; +static const int dummy_nid = 1; + +void +ENGINE_unregister_ECDSA(ENGINE *e) +{ + engine_table_unregister(&ecdsa_table, e); +} + +static void +engine_unregister_all_ECDSA(void) +{ + engine_table_cleanup(&ecdsa_table); +} + +int +ENGINE_register_ECDSA(ENGINE *e) +{ + if (e->ecdsa_meth) + return engine_table_register(&ecdsa_table, + engine_unregister_all_ECDSA, e, &dummy_nid, 1, 0); + return 1; +} + +void +ENGINE_register_all_ECDSA(void) +{ + ENGINE *e; + + for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) + ENGINE_register_ECDSA(e); +} + +int +ENGINE_set_default_ECDSA(ENGINE *e) +{ + if (e->ecdsa_meth) + return engine_table_register(&ecdsa_table, + engine_unregister_all_ECDSA, e, &dummy_nid, 1, 1); + return 1; +} + +/* Exposed API function to get a functional reference from the implementation + * table (ie. try to get a functional reference from the tabled structural + * references). */ +ENGINE * +ENGINE_get_default_ECDSA(void) +{ + return engine_table_select(&ecdsa_table, dummy_nid); +} + +/* Obtains an ECDSA implementation from an ENGINE functional reference */ +const ECDSA_METHOD * +ENGINE_get_ECDSA(const ENGINE *e) +{ + return e->ecdsa_meth; +} + +/* Sets an ECDSA implementation in an ENGINE structure */ +int +ENGINE_set_ECDSA(ENGINE *e, const ECDSA_METHOD *ecdsa_meth) +{ + e->ecdsa_meth = ecdsa_meth; + return 1; +} diff --git a/src/lib/libcrypto/engine/tb_eckey.c b/src/lib/libcrypto/engine/tb_eckey.c new file mode 100644 index 00000000000..464156aefa8 --- /dev/null +++ b/src/lib/libcrypto/engine/tb_eckey.c @@ -0,0 +1,124 @@ +/* $OpenBSD: tb_eckey.c,v 1.2 2019/01/19 01:18:56 tb Exp $ */ +/* ==================================================================== + * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include "eng_int.h" + +static ENGINE_TABLE *ec_table = NULL; +static const int dummy_nid = 1; + +void +ENGINE_unregister_EC(ENGINE *e) +{ + engine_table_unregister(&ec_table, e); +} + +static void +engine_unregister_all_EC(void) +{ + engine_table_cleanup(&ec_table); +} + +int +ENGINE_register_EC(ENGINE *e) +{ + if (e->ec_meth) + return engine_table_register(&ec_table, + engine_unregister_all_EC, e, &dummy_nid, 1, 0); + return 1; +} + +void +ENGINE_register_all_EC(void) +{ + ENGINE *e; + + for (e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e)) + ENGINE_register_EC(e); +} + +int +ENGINE_set_default_EC(ENGINE *e) +{ + if (e->ec_meth != NULL) + return engine_table_register(&ec_table, + engine_unregister_all_EC, e, &dummy_nid, 1, 1); + return 1; +} + +/* + * Exposed API function to get a functional reference from the implementation + * table (ie. try to get a functional reference from the tabled structural + * references). + */ +ENGINE * +ENGINE_get_default_EC(void) +{ + return engine_table_select(&ec_table, dummy_nid); +} + +/* Obtains an EC_KEY implementation from an ENGINE functional reference */ +const EC_KEY_METHOD * +ENGINE_get_EC(const ENGINE *e) +{ + return e->ec_meth; +} + +/* Sets an EC_KEY implementation in an ENGINE structure */ +int +ENGINE_set_EC(ENGINE *e, const EC_KEY_METHOD *ec_meth) +{ + e->ec_meth = ec_meth; + return 1; +} diff --git a/src/lib/libcrypto/engine/tb_pkmeth.c b/src/lib/libcrypto/engine/tb_pkmeth.c new file mode 100644 index 00000000000..05566a34641 --- /dev/null +++ b/src/lib/libcrypto/engine/tb_pkmeth.c @@ -0,0 +1,175 @@ +/* $OpenBSD: tb_pkmeth.c,v 1.6 2017/01/29 17:49:23 beck Exp $ */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include + +#include "eng_int.h" +#include + +/* If this symbol is defined then ENGINE_get_pkey_meth_engine(), the function + * that is used by EVP to hook in pkey_meth code and cache defaults (etc), will + * display brief debugging summaries to stderr with the 'nid'. */ +/* #define ENGINE_PKEY_METH_DEBUG */ + +static ENGINE_TABLE *pkey_meth_table = NULL; + +void +ENGINE_unregister_pkey_meths(ENGINE *e) +{ + engine_table_unregister(&pkey_meth_table, e); +} + +static void +engine_unregister_all_pkey_meths(void) +{ + engine_table_cleanup(&pkey_meth_table); +} + +int +ENGINE_register_pkey_meths(ENGINE *e) +{ + if (e->pkey_meths) { + const int *nids; + int num_nids = e->pkey_meths(e, NULL, &nids, 0); + if (num_nids > 0) + return engine_table_register(&pkey_meth_table, + engine_unregister_all_pkey_meths, e, nids, + num_nids, 0); + } + return 1; +} + +void +ENGINE_register_all_pkey_meths(void) +{ + ENGINE *e; + + for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) + ENGINE_register_pkey_meths(e); +} + +int +ENGINE_set_default_pkey_meths(ENGINE *e) +{ + if (e->pkey_meths) { + const int *nids; + int num_nids = e->pkey_meths(e, NULL, &nids, 0); + if (num_nids > 0) + return engine_table_register(&pkey_meth_table, + engine_unregister_all_pkey_meths, e, nids, + num_nids, 1); + } + return 1; +} + +/* Exposed API function to get a functional reference from the implementation + * table (ie. try to get a functional reference from the tabled structural + * references) for a given pkey_meth 'nid' */ +ENGINE * +ENGINE_get_pkey_meth_engine(int nid) +{ + return engine_table_select(&pkey_meth_table, nid); +} + +/* Obtains a pkey_meth implementation from an ENGINE functional reference */ +const EVP_PKEY_METHOD * +ENGINE_get_pkey_meth(ENGINE *e, int nid) +{ + EVP_PKEY_METHOD *ret; + ENGINE_PKEY_METHS_PTR fn = ENGINE_get_pkey_meths(e); + + if (!fn || !fn(e, &ret, NULL, nid)) { + ENGINEerror(ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD); + return NULL; + } + return ret; +} + +/* Gets the pkey_meth callback from an ENGINE structure */ +ENGINE_PKEY_METHS_PTR +ENGINE_get_pkey_meths(const ENGINE *e) +{ + return e->pkey_meths; +} + +/* Sets the pkey_meth callback in an ENGINE structure */ +int +ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f) +{ + e->pkey_meths = f; + return 1; +} + +/* Internal function to free up EVP_PKEY_METHOD structures before an + * ENGINE is destroyed + */ + +void +engine_pkey_meths_free(ENGINE *e) +{ + int i; + EVP_PKEY_METHOD *pkm; + + if (e->pkey_meths) { + const int *pknids; + int npknids; + npknids = e->pkey_meths(e, NULL, &pknids, 0); + for (i = 0; i < npknids; i++) { + if (e->pkey_meths(e, &pkm, NULL, pknids[i])) { + EVP_PKEY_meth_free(pkm); + } + } + } +} diff --git a/src/lib/libcrypto/engine/tb_rand.c b/src/lib/libcrypto/engine/tb_rand.c index 0b1d031f1ec..cc61da747c6 100644 --- a/src/lib/libcrypto/engine/tb_rand.c +++ b/src/lib/libcrypto/engine/tb_rand.c @@ -1,3 +1,4 @@ +/* $OpenBSD: tb_rand.c,v 1.6 2014/06/12 15:49:29 deraadt Exp $ */ /* ==================================================================== * Copyright (c) 2000 The OpenSSL Project. All rights reserved. * @@ -6,7 +7,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -52,8 +53,6 @@ * */ -#include -#include #include "eng_int.h" /* If this symbol is defined then ENGINE_get_default_RAND(), the function that is @@ -64,57 +63,65 @@ static ENGINE_TABLE *rand_table = NULL; static const int dummy_nid = 1; -void ENGINE_unregister_RAND(ENGINE *e) - { +void +ENGINE_unregister_RAND(ENGINE *e) +{ engine_table_unregister(&rand_table, e); - } +} -static void engine_unregister_all_RAND(void) - { +static void +engine_unregister_all_RAND(void) +{ engine_table_cleanup(&rand_table); - } +} -int ENGINE_register_RAND(ENGINE *e) - { - if(e->rand_meth) +int +ENGINE_register_RAND(ENGINE *e) +{ + if (e->rand_meth) return engine_table_register(&rand_table, - &engine_unregister_all_RAND, e, &dummy_nid, 1, 0); + engine_unregister_all_RAND, e, &dummy_nid, 1, 0); return 1; - } +} -void ENGINE_register_all_RAND() - { +void +ENGINE_register_all_RAND(void) +{ ENGINE *e; - for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e)) + for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) ENGINE_register_RAND(e); - } +} -int ENGINE_set_default_RAND(ENGINE *e) - { - if(e->rand_meth) +int +ENGINE_set_default_RAND(ENGINE *e) +{ + if (e->rand_meth) return engine_table_register(&rand_table, - &engine_unregister_all_RAND, e, &dummy_nid, 1, 1); + engine_unregister_all_RAND, e, &dummy_nid, 1, 1); return 1; - } +} /* Exposed API function to get a functional reference from the implementation * table (ie. try to get a functional reference from the tabled structural * references). */ -ENGINE *ENGINE_get_default_RAND(void) - { +ENGINE * +ENGINE_get_default_RAND(void) +{ return engine_table_select(&rand_table, dummy_nid); - } +} /* Obtains an RAND implementation from an ENGINE functional reference */ -const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e) - { +const RAND_METHOD * +ENGINE_get_RAND(const ENGINE *e) +{ return e->rand_meth; - } +} /* Sets an RAND implementation in an ENGINE structure */ -int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth) - { +int +ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth) +{ e->rand_meth = rand_meth; return 1; - } +} diff --git a/src/lib/libcrypto/engine/tb_rsa.c b/src/lib/libcrypto/engine/tb_rsa.c index f84fea3968c..52ee8889a0a 100644 --- a/src/lib/libcrypto/engine/tb_rsa.c +++ b/src/lib/libcrypto/engine/tb_rsa.c @@ -1,3 +1,4 @@ +/* $OpenBSD: tb_rsa.c,v 1.6 2014/06/12 15:49:29 deraadt Exp $ */ /* ==================================================================== * Copyright (c) 2000 The OpenSSL Project. All rights reserved. * @@ -6,7 +7,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -52,8 +53,6 @@ * */ -#include -#include #include "eng_int.h" /* If this symbol is defined then ENGINE_get_default_RSA(), the function that is @@ -64,57 +63,65 @@ static ENGINE_TABLE *rsa_table = NULL; static const int dummy_nid = 1; -void ENGINE_unregister_RSA(ENGINE *e) - { +void +ENGINE_unregister_RSA(ENGINE *e) +{ engine_table_unregister(&rsa_table, e); - } +} -static void engine_unregister_all_RSA(void) - { +static void +engine_unregister_all_RSA(void) +{ engine_table_cleanup(&rsa_table); - } +} -int ENGINE_register_RSA(ENGINE *e) - { - if(e->rsa_meth) +int +ENGINE_register_RSA(ENGINE *e) +{ + if (e->rsa_meth) return engine_table_register(&rsa_table, - &engine_unregister_all_RSA, e, &dummy_nid, 1, 0); + engine_unregister_all_RSA, e, &dummy_nid, 1, 0); return 1; - } +} -void ENGINE_register_all_RSA() - { +void +ENGINE_register_all_RSA(void) +{ ENGINE *e; - for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e)) + for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) ENGINE_register_RSA(e); - } +} -int ENGINE_set_default_RSA(ENGINE *e) - { - if(e->rsa_meth) +int +ENGINE_set_default_RSA(ENGINE *e) +{ + if (e->rsa_meth) return engine_table_register(&rsa_table, - &engine_unregister_all_RSA, e, &dummy_nid, 1, 1); + engine_unregister_all_RSA, e, &dummy_nid, 1, 1); return 1; - } +} /* Exposed API function to get a functional reference from the implementation * table (ie. try to get a functional reference from the tabled structural * references). */ -ENGINE *ENGINE_get_default_RSA(void) - { +ENGINE * +ENGINE_get_default_RSA(void) +{ return engine_table_select(&rsa_table, dummy_nid); - } +} /* Obtains an RSA implementation from an ENGINE functional reference */ -const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e) - { +const RSA_METHOD * +ENGINE_get_RSA(const ENGINE *e) +{ return e->rsa_meth; - } +} /* Sets an RSA implementation in an ENGINE structure */ -int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth) - { +int +ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth) +{ e->rsa_meth = rsa_meth; return 1; - } +} diff --git a/src/lib/libcrypto/engine/tb_store.c b/src/lib/libcrypto/engine/tb_store.c new file mode 100644 index 00000000000..e9ad11ab017 --- /dev/null +++ b/src/lib/libcrypto/engine/tb_store.c @@ -0,0 +1,109 @@ +/* $OpenBSD: tb_store.c,v 1.5 2015/02/07 13:19:15 doug Exp $ */ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include "eng_int.h" + +/* If this symbol is defined then ENGINE_get_default_STORE(), the function that is + * used by STORE to hook in implementation code and cache defaults (etc), will + * display brief debugging summaries to stderr with the 'nid'. */ +/* #define ENGINE_STORE_DEBUG */ + +static ENGINE_TABLE *store_table = NULL; +static const int dummy_nid = 1; + +void +ENGINE_unregister_STORE(ENGINE *e) +{ + engine_table_unregister(&store_table, e); +} + +static void +engine_unregister_all_STORE(void) +{ + engine_table_cleanup(&store_table); +} + +int +ENGINE_register_STORE(ENGINE *e) +{ + if (e->store_meth) + return engine_table_register(&store_table, + engine_unregister_all_STORE, e, &dummy_nid, 1, 0); + return 1; +} + +void +ENGINE_register_all_STORE(void) +{ + ENGINE *e; + + for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e)) + ENGINE_register_STORE(e); +} + +/* Obtains an STORE implementation from an ENGINE functional reference */ +const STORE_METHOD * +ENGINE_get_STORE(const ENGINE *e) +{ + return e->store_meth; +} + +/* Sets an STORE implementation in an ENGINE structure */ +int +ENGINE_set_STORE(ENGINE *e, const STORE_METHOD *store_meth) +{ + e->store_meth = store_meth; + return 1; +} diff --git a/src/lib/libcrypto/engine/vendor_defns/aep.h b/src/lib/libcrypto/engine/vendor_defns/aep.h deleted file mode 100644 index 2b2792d2d6f..00000000000 --- a/src/lib/libcrypto/engine/vendor_defns/aep.h +++ /dev/null @@ -1,178 +0,0 @@ -/* This header declares the necessary definitions for using the exponentiation - * acceleration capabilities, and rnd number generation of the AEP card. - * - */ - -/* - * - * Some AEP defines - * - */ - -/*Successful return value*/ -#define AEP_R_OK 0x00000000 - -/*Miscelleanous unsuccessful return value*/ -#define AEP_R_GENERAL_ERROR 0x10000001 - -/*Insufficient host memory*/ -#define AEP_R_HOST_MEMORY 0x10000002 - -#define AEP_R_FUNCTION_FAILED 0x10000006 - -/*Invalid arguments in function call*/ -#define AEP_R_ARGUMENTS_BAD 0x10020000 - -#define AEP_R_NO_TARGET_RESOURCES 0x10030000 - -/*Error occuring on socket operation*/ -#define AEP_R_SOCKERROR 0x10000010 - -/*Socket has been closed from the other end*/ -#define AEP_R_SOCKEOF 0x10000011 - -/*Invalid handles*/ -#define AEP_R_CONNECTION_HANDLE_INVALID 0x100000B3 - -#define AEP_R_TRANSACTION_HANDLE_INVALID 0x10040000 - -/*Transaction has not yet returned from accelerator*/ -#define AEP_R_TRANSACTION_NOT_READY 0x00010000 - -/*There is already a thread waiting on this transaction*/ -#define AEP_R_TRANSACTION_CLAIMED 0x10050000 - -/*The transaction timed out*/ -#define AEP_R_TIMED_OUT 0x10060000 - -#define AEP_R_FXN_NOT_IMPLEMENTED 0x10070000 - -#define AEP_R_TARGET_ERROR 0x10080000 - -/*Error in the AEP daemon process*/ -#define AEP_R_DAEMON_ERROR 0x10090000 - -/*Invalid ctx id*/ -#define AEP_R_INVALID_CTX_ID 0x10009000 - -#define AEP_R_NO_KEY_MANAGER 0x1000a000 - -/*Error obtaining a mutex*/ -#define AEP_R_MUTEX_BAD 0x000001A0 - -/*Fxn call before AEP_Initialise ot after AEP_Finialise*/ -#define AEP_R_AEPAPI_NOT_INITIALIZED 0x10000190 - -/*AEP_Initialise has already been called*/ -#define AEP_R_AEPAPI_ALREADY_INITIALIZED 0x10000191 - -/*Maximum number of connections to daemon reached*/ -#define AEP_R_NO_MORE_CONNECTION_HNDLS 0x10000200 - -/* - * - * Some AEP Type definitions - * - */ - -/* an unsigned 8-bit value */ -typedef unsigned char AEP_U8; - -/* an unsigned 8-bit character */ -typedef char AEP_CHAR; - -/* a BYTE-sized Boolean flag */ -typedef AEP_U8 AEP_BBOOL; - -/*Unsigned value, at least 16 bits long*/ -typedef unsigned short AEP_U16; - -/* an unsigned value, at least 32 bits long */ -#ifdef SIXTY_FOUR_BIT_LONG -typedef unsigned int AEP_U32; -#else -typedef unsigned long AEP_U32; -#endif - -#ifdef SIXTY_FOUR_BIT_LONG -typedef unsigned long AEP_U64; -#else -typedef struct { unsigned long l1, l2; } AEP_U64; -#endif - -/* at least 32 bits; each bit is a Boolean flag */ -typedef AEP_U32 AEP_FLAGS; - -typedef AEP_U8 *AEP_U8_PTR; -typedef AEP_CHAR *AEP_CHAR_PTR; -typedef AEP_U32 *AEP_U32_PTR; -typedef AEP_U64 *AEP_U64_PTR; -typedef void *AEP_VOID_PTR; - -/* Pointer to a AEP_VOID_PTR-- i.e., pointer to pointer to void */ -typedef AEP_VOID_PTR *AEP_VOID_PTR_PTR; - -/*Used to identify an AEP connection handle*/ -typedef AEP_U32 AEP_CONNECTION_HNDL; - -/*Pointer to an AEP connection handle*/ -typedef AEP_CONNECTION_HNDL *AEP_CONNECTION_HNDL_PTR; - -/*Used by an application (in conjunction with the apps process id) to -identify an individual transaction*/ -typedef AEP_U32 AEP_TRANSACTION_ID; - -/*Pointer to an applications transaction identifier*/ -typedef AEP_TRANSACTION_ID *AEP_TRANSACTION_ID_PTR; - -/*Return value type*/ -typedef AEP_U32 AEP_RV; - -#define MAX_PROCESS_CONNECTIONS 256 - -#define RAND_BLK_SIZE 1024 - -typedef enum{ - NotConnected= 0, - Connected= 1, - InUse= 2 -} AEP_CONNECTION_STATE; - - -typedef struct AEP_CONNECTION_ENTRY{ - AEP_CONNECTION_STATE conn_state; - AEP_CONNECTION_HNDL conn_hndl; -} AEP_CONNECTION_ENTRY; - - -typedef AEP_RV t_AEP_OpenConnection(AEP_CONNECTION_HNDL_PTR phConnection); -typedef AEP_RV t_AEP_CloseConnection(AEP_CONNECTION_HNDL hConnection); - -typedef AEP_RV t_AEP_ModExp(AEP_CONNECTION_HNDL hConnection, - AEP_VOID_PTR pA, AEP_VOID_PTR pP, - AEP_VOID_PTR pN, - AEP_VOID_PTR pResult, - AEP_TRANSACTION_ID* pidTransID); - -typedef AEP_RV t_AEP_ModExpCrt(AEP_CONNECTION_HNDL hConnection, - AEP_VOID_PTR pA, AEP_VOID_PTR pP, - AEP_VOID_PTR pQ, - AEP_VOID_PTR pDmp1, AEP_VOID_PTR pDmq1, - AEP_VOID_PTR pIqmp, - AEP_VOID_PTR pResult, - AEP_TRANSACTION_ID* pidTransID); - -#ifdef AEPRAND -typedef AEP_RV t_AEP_GenRandom(AEP_CONNECTION_HNDL hConnection, - AEP_U32 Len, - AEP_U32 Type, - AEP_VOID_PTR pResult, - AEP_TRANSACTION_ID* pidTransID); -#endif - -typedef AEP_RV t_AEP_Initialize(AEP_VOID_PTR pInitArgs); -typedef AEP_RV t_AEP_Finalize(); -typedef AEP_RV t_AEP_SetBNCallBacks(AEP_RV (*GetBigNumSizeFunc)(), - AEP_RV (*MakeAEPBigNumFunc)(), - AEP_RV (*ConverAEPBigNumFunc)()); - diff --git a/src/lib/libcrypto/engine/vendor_defns/atalla.h b/src/lib/libcrypto/engine/vendor_defns/atalla.h deleted file mode 100644 index 149970d4414..00000000000 --- a/src/lib/libcrypto/engine/vendor_defns/atalla.h +++ /dev/null @@ -1,48 +0,0 @@ -/* This header declares the necessary definitions for using the exponentiation - * acceleration capabilities of Atalla cards. The only cryptographic operation - * is performed by "ASI_RSAPrivateKeyOpFn" and this takes a structure that - * defines an "RSA private key". However, it is really only performing a - * regular mod_exp using the supplied modulus and exponent - no CRT form is - * being used. Hence, it is a generic mod_exp function in disguise, and we use - * it as such. - * - * Thanks to the people at Atalla for letting me know these definitions are - * fine and that they can be reproduced here. - * - * Geoff. - */ - -typedef struct ItemStr - { - unsigned char *data; - int len; - } Item; - -typedef struct RSAPrivateKeyStr - { - void *reserved; - Item version; - Item modulus; - Item publicExponent; - Item privateExponent; - Item prime[2]; - Item exponent[2]; - Item coefficient; - } RSAPrivateKey; - -/* Predeclare the function pointer types that we dynamically load from the DSO. - * These use the same names and form that Ben's original support code had (in - * crypto/bn/bn_exp.c) unless of course I've inadvertently changed the style - * somewhere along the way! - */ - -typedef int tfnASI_GetPerformanceStatistics(int reset_flag, - unsigned int *ret_buf); - -typedef int tfnASI_GetHardwareConfig(long card_num, unsigned int *ret_buf); - -typedef int tfnASI_RSAPrivateKeyOpFn(RSAPrivateKey * rsaKey, - unsigned char *output, - unsigned char *input, - unsigned int modulus_len); - diff --git a/src/lib/libcrypto/engine/vendor_defns/cswift.h b/src/lib/libcrypto/engine/vendor_defns/cswift.h deleted file mode 100644 index 60079326bbb..00000000000 --- a/src/lib/libcrypto/engine/vendor_defns/cswift.h +++ /dev/null @@ -1,234 +0,0 @@ -/* Attribution notice: Rainbow have generously allowed me to reproduce - * the necessary definitions here from their API. This means the support - * can build independently of whether application builders have the - * API or hardware. This will allow developers to easily produce software - * that has latent hardware support for any users that have accelertors - * installed, without the developers themselves needing anything extra. - * - * I have only clipped the parts from the CryptoSwift header files that - * are (or seem) relevant to the CryptoSwift support code. This is - * simply to keep the file sizes reasonable. - * [Geoff] - */ - - -/* NB: These type widths do *not* seem right in general, in particular - * they're not terribly friendly to 64-bit architectures (unsigned long) - * will be 64-bit on IA-64 for a start. I'm leaving these alone as they - * agree with Rainbow's API and this will only be called into question - * on platforms with Rainbow support anyway! ;-) */ - -#ifdef __cplusplus -extern "C" { -#endif /* __cplusplus */ - -typedef long SW_STATUS; /* status */ -typedef unsigned char SW_BYTE; /* 8 bit byte */ -typedef unsigned short SW_U16; /* 16 bit number */ -#if defined(_IRIX) -#include -typedef __uint32_t SW_U32; -#else -typedef unsigned long SW_U32; /* 32 bit integer */ -#endif - -#if defined(OPENSSL_SYS_WIN32) - typedef struct _SW_U64 { - SW_U32 low32; - SW_U32 high32; - } SW_U64; /* 64 bit integer */ -#elif defined(OPENSSL_SYS_MACINTOSH_CLASSIC) - typedef longlong SW_U64 -#else /* Unix variants */ - typedef struct _SW_U64 { - SW_U32 low32; - SW_U32 high32; - } SW_U64; /* 64 bit integer */ -#endif - -/* status codes */ -#define SW_OK (0L) -#define SW_ERR_BASE (-10000L) -#define SW_ERR_NO_CARD (SW_ERR_BASE-1) /* The Card is not present */ -#define SW_ERR_CARD_NOT_READY (SW_ERR_BASE-2) /* The card has not powered */ - /* up yet */ -#define SW_ERR_TIME_OUT (SW_ERR_BASE-3) /* Execution of a command */ - /* time out */ -#define SW_ERR_NO_EXECUTE (SW_ERR_BASE-4) /* The Card failed to */ - /* execute the command */ -#define SW_ERR_INPUT_NULL_PTR (SW_ERR_BASE-5) /* a required pointer is */ - /* NULL */ -#define SW_ERR_INPUT_SIZE (SW_ERR_BASE-6) /* size is invalid, too */ - /* small, too large. */ -#define SW_ERR_INVALID_HANDLE (SW_ERR_BASE-7) /* Invalid SW_ACC_CONTEXT */ - /* handle */ -#define SW_ERR_PENDING (SW_ERR_BASE-8) /* A request is already out- */ - /* standing at this */ - /* context handle */ -#define SW_ERR_AVAILABLE (SW_ERR_BASE-9) /* A result is available. */ -#define SW_ERR_NO_PENDING (SW_ERR_BASE-10)/* No request is pending. */ -#define SW_ERR_NO_MEMORY (SW_ERR_BASE-11)/* Not enough memory */ -#define SW_ERR_BAD_ALGORITHM (SW_ERR_BASE-12)/* Invalid algorithm type */ - /* in SW_PARAM structure */ -#define SW_ERR_MISSING_KEY (SW_ERR_BASE-13)/* No key is associated with */ - /* context. */ - /* swAttachKeyParam() is */ - /* not called. */ -#define SW_ERR_KEY_CMD_MISMATCH \ - (SW_ERR_BASE-14)/* Cannot perform requested */ - /* SW_COMMAND_CODE since */ - /* key attached via */ - /* swAttachKeyParam() */ - /* cannot be used for this*/ - /* SW_COMMAND_CODE. */ -#define SW_ERR_NOT_IMPLEMENTED \ - (SW_ERR_BASE-15)/* Not implemented */ -#define SW_ERR_BAD_COMMAND (SW_ERR_BASE-16)/* Bad command code */ -#define SW_ERR_BAD_ITEM_SIZE (SW_ERR_BASE-17)/* too small or too large in */ - /* the "initems" or */ - /* "outitems". */ -#define SW_ERR_BAD_ACCNUM (SW_ERR_BASE-18)/* Bad accelerator number */ -#define SW_ERR_SELFTEST_FAIL (SW_ERR_BASE-19)/* At least one of the self */ - /* test fail, look at the */ - /* selfTestBitmap in */ - /* SW_ACCELERATOR_INFO for*/ - /* details. */ -#define SW_ERR_MISALIGN (SW_ERR_BASE-20)/* Certain alogrithms require*/ - /* key materials aligned */ - /* in certain order, e.g. */ - /* 128 bit for CRT */ -#define SW_ERR_OUTPUT_NULL_PTR \ - (SW_ERR_BASE-21)/* a required pointer is */ - /* NULL */ -#define SW_ERR_OUTPUT_SIZE \ - (SW_ERR_BASE-22)/* size is invalid, too */ - /* small, too large. */ -#define SW_ERR_FIRMWARE_CHECKSUM \ - (SW_ERR_BASE-23)/* firmware checksum mismatch*/ - /* download failed. */ -#define SW_ERR_UNKNOWN_FIRMWARE \ - (SW_ERR_BASE-24)/* unknown firmware error */ -#define SW_ERR_INTERRUPT (SW_ERR_BASE-25)/* request is abort when */ - /* it's waiting to be */ - /* completed. */ -#define SW_ERR_NVWRITE_FAIL (SW_ERR_BASE-26)/* error in writing to Non- */ - /* volatile memory */ -#define SW_ERR_NVWRITE_RANGE (SW_ERR_BASE-27)/* out of range error in */ - /* writing to NV memory */ -#define SW_ERR_RNG_ERROR (SW_ERR_BASE-28)/* Random Number Generation */ - /* failure */ -#define SW_ERR_DSS_FAILURE (SW_ERR_BASE-29)/* DSS Sign or Verify failure*/ -#define SW_ERR_MODEXP_FAILURE (SW_ERR_BASE-30)/* Failure in various math */ - /* calculations */ -#define SW_ERR_ONBOARD_MEMORY (SW_ERR_BASE-31)/* Error in accessing on - */ - /* board memory */ -#define SW_ERR_FIRMWARE_VERSION \ - (SW_ERR_BASE-32)/* Wrong version in firmware */ - /* update */ -#define SW_ERR_ZERO_WORKING_ACCELERATOR \ - (SW_ERR_BASE-44)/* All accelerators are bad */ - - - /* algorithm type */ -#define SW_ALG_CRT 1 -#define SW_ALG_EXP 2 -#define SW_ALG_DSA 3 -#define SW_ALG_NVDATA 4 - - /* command code */ -#define SW_CMD_MODEXP_CRT 1 /* perform Modular Exponentiation using */ - /* Chinese Remainder Theorem (CRT) */ -#define SW_CMD_MODEXP 2 /* perform Modular Exponentiation */ -#define SW_CMD_DSS_SIGN 3 /* perform DSS sign */ -#define SW_CMD_DSS_VERIFY 4 /* perform DSS verify */ -#define SW_CMD_RAND 5 /* perform random number generation */ -#define SW_CMD_NVREAD 6 /* perform read to nonvolatile RAM */ -#define SW_CMD_NVWRITE 7 /* perform write to nonvolatile RAM */ - -typedef SW_U32 SW_ALGTYPE; /* alogrithm type */ -typedef SW_U32 SW_STATE; /* state */ -typedef SW_U32 SW_COMMAND_CODE; /* command code */ -typedef SW_U32 SW_COMMAND_BITMAP[4]; /* bitmap */ - -typedef struct _SW_LARGENUMBER { - SW_U32 nbytes; /* number of bytes in the buffer "value" */ - SW_BYTE* value; /* the large integer as a string of */ - /* bytes in network (big endian) order */ -} SW_LARGENUMBER; - -#if defined(OPENSSL_SYS_WIN32) - #include - typedef HANDLE SW_OSHANDLE; /* handle to kernel object */ - #define SW_OS_INVALID_HANDLE INVALID_HANDLE_VALUE - #define SW_CALLCONV _stdcall -#elif defined(OPENSSL_SYS_MACINTOSH_CLASSIC) - /* async callback mechanisms */ - /* swiftCallbackLevel */ - #define SW_MAC_CALLBACK_LEVEL_NO 0 - #define SW_MAC_CALLBACK_LEVEL_HARDWARE 1 /* from the hardware ISR */ - #define SW_MAC_CALLBACK_LEVEL_SECONDARY 2 /* as secondary ISR */ - typedef int SW_MAC_CALLBACK_LEVEL; - typedef int SW_OSHANDLE; - #define SW_OS_INVALID_HANDLE (-1) - #define SW_CALLCONV -#else /* Unix variants */ - typedef int SW_OSHANDLE; /* handle to driver */ - #define SW_OS_INVALID_HANDLE (-1) - #define SW_CALLCONV -#endif - -typedef struct _SW_CRT { - SW_LARGENUMBER p; /* prime number p */ - SW_LARGENUMBER q; /* prime number q */ - SW_LARGENUMBER dmp1; /* exponent1 */ - SW_LARGENUMBER dmq1; /* exponent2 */ - SW_LARGENUMBER iqmp; /* CRT coefficient */ -} SW_CRT; - -typedef struct _SW_EXP { - SW_LARGENUMBER modulus; /* modulus */ - SW_LARGENUMBER exponent;/* exponent */ -} SW_EXP; - -typedef struct _SW_DSA { - SW_LARGENUMBER p; /* */ - SW_LARGENUMBER q; /* */ - SW_LARGENUMBER g; /* */ - SW_LARGENUMBER key; /* private/public key */ -} SW_DSA; - -typedef struct _SW_NVDATA { - SW_U32 accnum; /* accelerator board number */ - SW_U32 offset; /* offset in byte */ -} SW_NVDATA; - -typedef struct _SW_PARAM { - SW_ALGTYPE type; /* type of the alogrithm */ - union { - SW_CRT crt; - SW_EXP exp; - SW_DSA dsa; - SW_NVDATA nvdata; - } up; -} SW_PARAM; - -typedef SW_U32 SW_CONTEXT_HANDLE; /* opaque context handle */ - - -/* Now the OpenSSL bits, these function types are the for the function - * pointers that will bound into the Rainbow shared libraries. */ -typedef SW_STATUS SW_CALLCONV t_swAcquireAccContext(SW_CONTEXT_HANDLE *hac); -typedef SW_STATUS SW_CALLCONV t_swAttachKeyParam(SW_CONTEXT_HANDLE hac, - SW_PARAM *key_params); -typedef SW_STATUS SW_CALLCONV t_swSimpleRequest(SW_CONTEXT_HANDLE hac, - SW_COMMAND_CODE cmd, - SW_LARGENUMBER pin[], - SW_U32 pin_count, - SW_LARGENUMBER pout[], - SW_U32 pout_count); -typedef SW_STATUS SW_CALLCONV t_swReleaseAccContext(SW_CONTEXT_HANDLE hac); - -#ifdef __cplusplus -} -#endif /* __cplusplus */ - diff --git a/src/lib/libcrypto/engine/vendor_defns/hw_4758_cca.h b/src/lib/libcrypto/engine/vendor_defns/hw_4758_cca.h deleted file mode 100644 index 296636e81a8..00000000000 --- a/src/lib/libcrypto/engine/vendor_defns/hw_4758_cca.h +++ /dev/null @@ -1,149 +0,0 @@ -/**********************************************************************/ -/* */ -/* Prototypes of the CCA verbs used by the 4758 CCA openssl driver */ -/* */ -/* Maurice Gittens */ -/* */ -/**********************************************************************/ - -#ifndef __HW_4758_CCA__ -#define __HW_4758_CCA__ - -/* - * Only WIN32 support for now - */ -#if defined(WIN32) - - #define CCA_LIB_NAME "CSUNSAPI" - - #define CSNDPKX "CSNDPKX_32" - #define CSNDKRR "CSNDKRR_32" - #define CSNDPKE "CSNDPKE_32" - #define CSNDPKD "CSNDPKD_32" - #define CSNDDSV "CSNDDSV_32" - #define CSNDDSG "CSNDDSG_32" - #define CSNBRNG "CSNBRNG_32" - - #define SECURITYAPI __stdcall -#else - /* Fixme!! - Find out the values of these constants for other platforms. - */ - #define CCA_LIB_NAME "CSUNSAPI" - - #define CSNDPKX "CSNDPKX" - #define CSNDKRR "CSNDKRR" - #define CSNDPKE "CSNDPKE" - #define CSNDPKD "CSNDPKD" - #define CSNDDSV "CSNDDSV" - #define CSNDDSG "CSNDDSG" - #define CSNBRNG "CSNBRNG" - - #define SECURITYAPI -#endif - -/* - * security API prototypes - */ - -/* PKA Key Record Read */ -typedef void (SECURITYAPI *F_KEYRECORDREAD) - (long * return_code, - long * reason_code, - long * exit_data_length, - unsigned char * exit_data, - long * rule_array_count, - unsigned char * rule_array, - unsigned char * key_label, - long * key_token_length, - unsigned char * key_token); - -/* Random Number Generate */ -typedef void (SECURITYAPI *F_RANDOMNUMBERGENERATE) - (long * return_code, - long * reason_code, - long * exit_data_length, - unsigned char * exit_data, - unsigned char * form, - unsigned char * random_number); - -/* Digital Signature Generate */ -typedef void (SECURITYAPI *F_DIGITALSIGNATUREGENERATE) - (long * return_code, - long * reason_code, - long * exit_data_length, - unsigned char * exit_data, - long * rule_array_count, - unsigned char * rule_array, - long * PKA_private_key_id_length, - unsigned char * PKA_private_key_id, - long * hash_length, - unsigned char * hash, - long * signature_field_length, - long * signature_bit_length, - unsigned char * signature_field); - -/* Digital Signature Verify */ -typedef void (SECURITYAPI *F_DIGITALSIGNATUREVERIFY)( - long * return_code, - long * reason_code, - long * exit_data_length, - unsigned char * exit_data, - long * rule_array_count, - unsigned char * rule_array, - long * PKA_public_key_id_length, - unsigned char * PKA_public_key_id, - long * hash_length, - unsigned char * hash, - long * signature_field_length, - unsigned char * signature_field); - -/* PKA Public Key Extract */ -typedef void (SECURITYAPI *F_PUBLICKEYEXTRACT)( - long * return_code, - long * reason_code, - long * exit_data_length, - unsigned char * exit_data, - long * rule_array_count, - unsigned char * rule_array, - long * source_key_identifier_length, - unsigned char * source_key_identifier, - long * target_key_token_length, - unsigned char * target_key_token); - -/* PKA Encrypt */ -typedef void (SECURITYAPI *F_PKAENCRYPT) - (long * return_code, - long * reason_code, - long * exit_data_length, - unsigned char * exit_data, - long * rule_array_count, - unsigned char * rule_array, - long * key_value_length, - unsigned char * key_value, - long * data_struct_length, - unsigned char * data_struct, - long * RSA_public_key_length, - unsigned char * RSA_public_key, - long * RSA_encipher_length, - unsigned char * RSA_encipher ); - -/* PKA Decrypt */ -typedef void (SECURITYAPI *F_PKADECRYPT) - (long * return_code, - long * reason_code, - long * exit_data_length, - unsigned char * exit_data, - long * rule_array_count, - unsigned char * rule_array, - long * enciphered_key_length, - unsigned char * enciphered_key, - long * data_struct_length, - unsigned char * data_struct, - long * RSA_private_key_length, - unsigned char * RSA_private_key, - long * key_value_length, - unsigned char * key_value ); - - -#endif diff --git a/src/lib/libcrypto/err/Makefile.ssl b/src/lib/libcrypto/err/Makefile.ssl deleted file mode 100644 index 1b3c58626c5..00000000000 --- a/src/lib/libcrypto/err/Makefile.ssl +++ /dev/null @@ -1,112 +0,0 @@ -# -# SSLeay/crypto/err/Makefile -# - -DIR= err -TOP= ../.. -CC= cc -INCLUDES= -I.. -I$(TOP) -I../../include -CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKE= make -f Makefile.ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) -MAKEFILE= Makefile.ssl -AR= ar r - -CFLAGS= $(INCLUDES) $(CFLAG) - -GENERAL=Makefile -TEST= -APPS= - -LIB=$(TOP)/libcrypto.a -LIBSRC=err.c err_all.c err_prn.c -LIBOBJ=err.o err_all.o err_prn.o - -SRC= $(LIBSRC) - -EXHEADER= err.h -HEADER= $(EXHEADER) - -ALL= $(GENERAL) $(SRC) $(HEADER) - -top: - (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) - -all: lib - -lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) || echo Never mind. - @touch lib - -files: - $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO - -links: - @sh $(TOP)/util/point.sh Makefile.ssl Makefile - @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) - @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) - @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) - -install: - @for i in $(EXHEADER) ; \ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; - -tags: - ctags $(SRC) - -tests: - -lint: - lint -DLINT $(INCLUDES) $(SRC)>fluff - -depend: - $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) - -dclean: - $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new - mv -f Makefile.new $(MAKEFILE) - -clean: - rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff - -# DO NOT DELETE THIS LINE -- make depend depends on it. - -err.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/buffer.h -err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -err.o: ../../include/openssl/symhacks.h ../cryptlib.h err.c -err_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -err_all.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -err_all.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -err_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -err_all.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h -err_all.o: ../../include/openssl/ec.h ../../include/openssl/engine.h -err_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h -err_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -err_all.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h -err_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -err_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem2.h -err_all.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h -err_all.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -err_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -err_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -err_all.o: ../../include/openssl/ui.h ../../include/openssl/x509.h -err_all.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -err_all.o: err_all.c -err_prn.o: ../../e_os.h ../../include/openssl/bio.h -err_prn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -err_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -err_prn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -err_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -err_prn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -err_prn.o: ../cryptlib.h err_prn.c diff --git a/src/lib/libcrypto/err/err.c b/src/lib/libcrypto/err/err.c index 04773d65a69..7d56fa261d1 100644 --- a/src/lib/libcrypto/err/err.c +++ b/src/lib/libcrypto/err/err.c @@ -1,25 +1,25 @@ -/* crypto/err/err.c */ +/* $OpenBSD: err.c,v 1.47 2018/04/03 21:59:37 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,21 +49,21 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -109,152 +109,164 @@ * */ -#include +#include #include +#include #include -#include -#include -#include "cryptlib.h" -#include + +#include + #include +#include +#include #include +#include + +DECLARE_LHASH_OF(ERR_STRING_DATA); +DECLARE_LHASH_OF(ERR_STATE); static void err_load_strings(int lib, ERR_STRING_DATA *str); static void ERR_STATE_free(ERR_STATE *s); #ifndef OPENSSL_NO_ERR -static ERR_STRING_DATA ERR_str_libraries[]= - { -{ERR_PACK(ERR_LIB_NONE,0,0) ,"unknown library"}, -{ERR_PACK(ERR_LIB_SYS,0,0) ,"system library"}, -{ERR_PACK(ERR_LIB_BN,0,0) ,"bignum routines"}, -{ERR_PACK(ERR_LIB_RSA,0,0) ,"rsa routines"}, -{ERR_PACK(ERR_LIB_DH,0,0) ,"Diffie-Hellman routines"}, -{ERR_PACK(ERR_LIB_EVP,0,0) ,"digital envelope routines"}, -{ERR_PACK(ERR_LIB_BUF,0,0) ,"memory buffer routines"}, -{ERR_PACK(ERR_LIB_OBJ,0,0) ,"object identifier routines"}, -{ERR_PACK(ERR_LIB_PEM,0,0) ,"PEM routines"}, -{ERR_PACK(ERR_LIB_DSA,0,0) ,"dsa routines"}, -{ERR_PACK(ERR_LIB_X509,0,0) ,"x509 certificate routines"}, -{ERR_PACK(ERR_LIB_ASN1,0,0) ,"asn1 encoding routines"}, -{ERR_PACK(ERR_LIB_CONF,0,0) ,"configuration file routines"}, -{ERR_PACK(ERR_LIB_CRYPTO,0,0) ,"common libcrypto routines"}, -{ERR_PACK(ERR_LIB_EC,0,0) ,"elliptic curve routines"}, -{ERR_PACK(ERR_LIB_SSL,0,0) ,"SSL routines"}, -{ERR_PACK(ERR_LIB_BIO,0,0) ,"BIO routines"}, -{ERR_PACK(ERR_LIB_PKCS7,0,0) ,"PKCS7 routines"}, -{ERR_PACK(ERR_LIB_X509V3,0,0) ,"X509 V3 routines"}, -{ERR_PACK(ERR_LIB_PKCS12,0,0) ,"PKCS12 routines"}, -{ERR_PACK(ERR_LIB_RAND,0,0) ,"random number generator"}, -{ERR_PACK(ERR_LIB_DSO,0,0) ,"DSO support routines"}, -{ERR_PACK(ERR_LIB_ENGINE,0,0) ,"engine routines"}, -{ERR_PACK(ERR_LIB_OCSP,0,0) ,"OCSP routines"}, -{0,NULL}, - }; - -static ERR_STRING_DATA ERR_str_functs[]= - { - {ERR_PACK(0,SYS_F_FOPEN,0), "fopen"}, - {ERR_PACK(0,SYS_F_CONNECT,0), "connect"}, - {ERR_PACK(0,SYS_F_GETSERVBYNAME,0), "getservbyname"}, - {ERR_PACK(0,SYS_F_SOCKET,0), "socket"}, - {ERR_PACK(0,SYS_F_IOCTLSOCKET,0), "ioctlsocket"}, - {ERR_PACK(0,SYS_F_BIND,0), "bind"}, - {ERR_PACK(0,SYS_F_LISTEN,0), "listen"}, - {ERR_PACK(0,SYS_F_ACCEPT,0), "accept"}, -#ifdef OPENSSL_SYS_WINDOWS - {ERR_PACK(0,SYS_F_WSASTARTUP,0), "WSAstartup"}, +static ERR_STRING_DATA ERR_str_libraries[] = { + {ERR_PACK(ERR_LIB_NONE,0,0), "unknown library"}, + {ERR_PACK(ERR_LIB_SYS,0,0), "system library"}, + {ERR_PACK(ERR_LIB_BN,0,0), "bignum routines"}, + {ERR_PACK(ERR_LIB_RSA,0,0), "rsa routines"}, + {ERR_PACK(ERR_LIB_DH,0,0), "Diffie-Hellman routines"}, + {ERR_PACK(ERR_LIB_EVP,0,0), "digital envelope routines"}, + {ERR_PACK(ERR_LIB_BUF,0,0), "memory buffer routines"}, + {ERR_PACK(ERR_LIB_OBJ,0,0), "object identifier routines"}, + {ERR_PACK(ERR_LIB_PEM,0,0), "PEM routines"}, + {ERR_PACK(ERR_LIB_DSA,0,0), "dsa routines"}, + {ERR_PACK(ERR_LIB_X509,0,0), "x509 certificate routines"}, + {ERR_PACK(ERR_LIB_ASN1,0,0), "asn1 encoding routines"}, + {ERR_PACK(ERR_LIB_CONF,0,0), "configuration file routines"}, + {ERR_PACK(ERR_LIB_CRYPTO,0,0), "common libcrypto routines"}, + {ERR_PACK(ERR_LIB_EC,0,0), "elliptic curve routines"}, + {ERR_PACK(ERR_LIB_SSL,0,0), "SSL routines"}, + {ERR_PACK(ERR_LIB_BIO,0,0), "BIO routines"}, + {ERR_PACK(ERR_LIB_PKCS7,0,0), "PKCS7 routines"}, + {ERR_PACK(ERR_LIB_X509V3,0,0), "X509 V3 routines"}, + {ERR_PACK(ERR_LIB_PKCS12,0,0), "PKCS12 routines"}, + {ERR_PACK(ERR_LIB_RAND,0,0), "random number generator"}, + {ERR_PACK(ERR_LIB_DSO,0,0), "DSO support routines"}, + {ERR_PACK(ERR_LIB_TS,0,0), "time stamp routines"}, + {ERR_PACK(ERR_LIB_ENGINE,0,0), "engine routines"}, + {ERR_PACK(ERR_LIB_OCSP,0,0), "OCSP routines"}, + {ERR_PACK(ERR_LIB_FIPS,0,0), "FIPS routines"}, + {ERR_PACK(ERR_LIB_CMS,0,0), "CMS routines"}, + {ERR_PACK(ERR_LIB_HMAC,0,0), "HMAC routines"}, + {ERR_PACK(ERR_LIB_GOST,0,0), "GOST routines"}, + {ERR_PACK(ERR_LIB_SM2,0,0), "SM2 routines"}, + {0, NULL}, +}; + +static ERR_STRING_DATA ERR_str_functs[] = { + {ERR_PACK(0,SYS_F_FOPEN, 0), "fopen"}, + {ERR_PACK(0,SYS_F_CONNECT, 0), "connect"}, + {ERR_PACK(0,SYS_F_GETSERVBYNAME, 0), "getservbyname"}, + {ERR_PACK(0,SYS_F_SOCKET, 0), "socket"}, + {ERR_PACK(0,SYS_F_IOCTLSOCKET, 0), "ioctl"}, + {ERR_PACK(0,SYS_F_BIND, 0), "bind"}, + {ERR_PACK(0,SYS_F_LISTEN, 0), "listen"}, + {ERR_PACK(0,SYS_F_ACCEPT, 0), "accept"}, + {ERR_PACK(0,SYS_F_OPENDIR, 0), "opendir"}, + {ERR_PACK(0,SYS_F_FREAD, 0), "fread"}, + {0, NULL}, +}; + +static ERR_STRING_DATA ERR_str_reasons[] = { + {ERR_R_SYS_LIB, "system lib"}, + {ERR_R_BN_LIB, "BN lib"}, + {ERR_R_RSA_LIB, "RSA lib"}, + {ERR_R_DH_LIB, "DH lib"}, + {ERR_R_EVP_LIB, "EVP lib"}, + {ERR_R_BUF_LIB, "BUF lib"}, + {ERR_R_OBJ_LIB, "OBJ lib"}, + {ERR_R_PEM_LIB, "PEM lib"}, + {ERR_R_DSA_LIB, "DSA lib"}, + {ERR_R_X509_LIB, "X509 lib"}, + {ERR_R_ASN1_LIB, "ASN1 lib"}, + {ERR_R_CONF_LIB, "CONF lib"}, + {ERR_R_CRYPTO_LIB, "CRYPTO lib"}, + {ERR_R_EC_LIB, "EC lib"}, + {ERR_R_SSL_LIB, "SSL lib"}, + {ERR_R_BIO_LIB, "BIO lib"}, + {ERR_R_PKCS7_LIB, "PKCS7 lib"}, + {ERR_R_X509V3_LIB, "X509V3 lib"}, + {ERR_R_PKCS12_LIB, "PKCS12 lib"}, + {ERR_R_RAND_LIB, "RAND lib"}, + {ERR_R_DSO_LIB, "DSO lib"}, + {ERR_R_ENGINE_LIB, "ENGINE lib"}, + {ERR_R_OCSP_LIB, "OCSP lib"}, + {ERR_R_TS_LIB, "TS lib"}, + + {ERR_R_NESTED_ASN1_ERROR, "nested asn1 error"}, + {ERR_R_BAD_ASN1_OBJECT_HEADER, "bad asn1 object header"}, + {ERR_R_BAD_GET_ASN1_OBJECT_CALL, "bad get asn1 object call"}, + {ERR_R_EXPECTING_AN_ASN1_SEQUENCE, "expecting an asn1 sequence"}, + {ERR_R_ASN1_LENGTH_MISMATCH, "asn1 length mismatch"}, + {ERR_R_MISSING_ASN1_EOS, "missing asn1 eos"}, + + {ERR_R_FATAL, "fatal"}, + {ERR_R_MALLOC_FAILURE, "malloc failure"}, + {ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, "called a function you should not call"}, + {ERR_R_PASSED_NULL_PARAMETER, "passed a null parameter"}, + {ERR_R_INTERNAL_ERROR, "internal error"}, + {ERR_R_DISABLED , "called a function that was disabled at compile-time"}, + + {0, NULL}, +}; #endif - {ERR_PACK(0,SYS_F_OPENDIR,0), "opendir"}, - {0,NULL}, - }; - -static ERR_STRING_DATA ERR_str_reasons[]= - { -{ERR_R_SYS_LIB ,"system lib"}, -{ERR_R_BN_LIB ,"BN lib"}, -{ERR_R_RSA_LIB ,"RSA lib"}, -{ERR_R_DH_LIB ,"DH lib"}, -{ERR_R_EVP_LIB ,"EVP lib"}, -{ERR_R_BUF_LIB ,"BUF lib"}, -{ERR_R_OBJ_LIB ,"OBJ lib"}, -{ERR_R_PEM_LIB ,"PEM lib"}, -{ERR_R_DSA_LIB ,"DSA lib"}, -{ERR_R_X509_LIB ,"X509 lib"}, -{ERR_R_ASN1_LIB ,"ASN1 lib"}, -{ERR_R_CONF_LIB ,"CONF lib"}, -{ERR_R_CRYPTO_LIB ,"CRYPTO lib"}, -{ERR_R_EC_LIB ,"EC lib"}, -{ERR_R_SSL_LIB ,"SSL lib"}, -{ERR_R_BIO_LIB ,"BIO lib"}, -{ERR_R_PKCS7_LIB ,"PKCS7 lib"}, -{ERR_R_X509V3_LIB ,"X509V3 lib"}, -{ERR_R_PKCS12_LIB ,"PKCS12 lib"}, -{ERR_R_RAND_LIB ,"RAND lib"}, -{ERR_R_DSO_LIB ,"DSO lib"}, -{ERR_R_ENGINE_LIB ,"ENGINE lib"}, -{ERR_R_OCSP_LIB ,"OCSP lib"}, - -{ERR_R_NESTED_ASN1_ERROR ,"nested asn1 error"}, -{ERR_R_BAD_ASN1_OBJECT_HEADER ,"bad asn1 object header"}, -{ERR_R_BAD_GET_ASN1_OBJECT_CALL ,"bad get asn1 object call"}, -{ERR_R_EXPECTING_AN_ASN1_SEQUENCE ,"expecting an asn1 sequence"}, -{ERR_R_ASN1_LENGTH_MISMATCH ,"asn1 length mismatch"}, -{ERR_R_MISSING_ASN1_EOS ,"missing asn1 eos"}, - -{ERR_R_FATAL ,"fatal"}, -{ERR_R_MALLOC_FAILURE ,"malloc failure"}, -{ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED ,"called a function you should not call"}, -{ERR_R_PASSED_NULL_PARAMETER ,"passed a null parameter"}, -{ERR_R_INTERNAL_ERROR ,"internal error"}, - -{0,NULL}, - }; /* Define the predeclared (but externally opaque) "ERR_FNS" type */ -struct st_ERR_FNS - { +struct st_ERR_FNS { /* Works on the "error_hash" string table */ - LHASH *(*cb_err_get)(int create); + LHASH_OF(ERR_STRING_DATA) *(*cb_err_get)(int create); void (*cb_err_del)(void); ERR_STRING_DATA *(*cb_err_get_item)(const ERR_STRING_DATA *); ERR_STRING_DATA *(*cb_err_set_item)(ERR_STRING_DATA *); ERR_STRING_DATA *(*cb_err_del_item)(ERR_STRING_DATA *); /* Works on the "thread_hash" error-state table */ - LHASH *(*cb_thread_get)(int create); + LHASH_OF(ERR_STATE) *(*cb_thread_get)(int create); + void (*cb_thread_release)(LHASH_OF(ERR_STATE) **hash); ERR_STATE *(*cb_thread_get_item)(const ERR_STATE *); ERR_STATE *(*cb_thread_set_item)(ERR_STATE *); void (*cb_thread_del_item)(const ERR_STATE *); /* Returns the next available error "library" numbers */ int (*cb_get_next_lib)(void); - }; +}; /* Predeclarations of the "err_defaults" functions */ -static LHASH *int_err_get(int create); +static LHASH_OF(ERR_STRING_DATA) *int_err_get(int create); static void int_err_del(void); static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *); static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *); static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *); -static LHASH *int_thread_get(int create); +static LHASH_OF(ERR_STATE) *int_thread_get(int create); +static void int_thread_release(LHASH_OF(ERR_STATE) **hash); static ERR_STATE *int_thread_get_item(const ERR_STATE *); static ERR_STATE *int_thread_set_item(ERR_STATE *); static void int_thread_del_item(const ERR_STATE *); static int int_err_get_next_lib(void); + /* The static ERR_FNS table using these defaults functions */ -static const ERR_FNS err_defaults = - { +static const ERR_FNS err_defaults = { int_err_get, int_err_del, int_err_get_item, int_err_set_item, int_err_del_item, int_thread_get, + int_thread_release, int_thread_get_item, int_thread_set_item, int_thread_del_item, int_err_get_next_lib - }; +}; /* The replacable table of ERR_FNS functions we use at run-time */ static const ERR_FNS *err_fns = NULL; @@ -267,95 +279,112 @@ static const ERR_FNS *err_fns = NULL; * "err_defaults" functions. This way, a linked module can completely defer all * ERR state operation (together with requisite locking) to the implementations * and state in the loading application. */ -static LHASH *int_error_hash = NULL; -static LHASH *int_thread_hash = NULL; -static int int_err_library_number= ERR_LIB_USER; +static LHASH_OF(ERR_STRING_DATA) *int_error_hash = NULL; +static LHASH_OF(ERR_STATE) *int_thread_hash = NULL; +static int int_thread_hash_references = 0; +static int int_err_library_number = ERR_LIB_USER; + +static pthread_t err_init_thread; /* Internal function that checks whether "err_fns" is set and if not, sets it to * the defaults. */ -static void err_fns_check(void) - { - if (err_fns) return; - +static void +err_fns_check(void) +{ + if (err_fns) + return; + CRYPTO_w_lock(CRYPTO_LOCK_ERR); if (!err_fns) err_fns = &err_defaults; CRYPTO_w_unlock(CRYPTO_LOCK_ERR); - } +} /* API functions to get or set the underlying ERR functions. */ -const ERR_FNS *ERR_get_implementation(void) - { +const ERR_FNS * +ERR_get_implementation(void) +{ err_fns_check(); return err_fns; - } +} -int ERR_set_implementation(const ERR_FNS *fns) - { +int +ERR_set_implementation(const ERR_FNS *fns) +{ int ret = 0; CRYPTO_w_lock(CRYPTO_LOCK_ERR); /* It's too late if 'err_fns' is non-NULL. BTW: not much point setting * an error is there?! */ - if (!err_fns) - { + if (!err_fns) { err_fns = fns; ret = 1; - } + } CRYPTO_w_unlock(CRYPTO_LOCK_ERR); return ret; - } +} /* These are the callbacks provided to "lh_new()" when creating the LHASH tables * internal to the "err_defaults" implementation. */ -/* static unsigned long err_hash(ERR_STRING_DATA *a); */ -static unsigned long err_hash(const void *a_void); -/* static int err_cmp(ERR_STRING_DATA *a, ERR_STRING_DATA *b); */ -static int err_cmp(const void *a_void, const void *b_void); -/* static unsigned long pid_hash(ERR_STATE *pid); */ -static unsigned long pid_hash(const void *pid_void); -/* static int pid_cmp(ERR_STATE *a,ERR_STATE *pid); */ -static int pid_cmp(const void *a_void,const void *pid_void); -static unsigned long get_error_values(int inc,int top,const char **file,int *line, - const char **data,int *flags); +static unsigned long get_error_values(int inc, int top, const char **file, + int *line, const char **data, int *flags); /* The internal functions used in the "err_defaults" implementation */ -static LHASH *int_err_get(int create) - { - LHASH *ret = NULL; +static unsigned long +err_string_data_hash(const ERR_STRING_DATA *a) +{ + unsigned long ret, l; + + l = a->error; + ret = l^ERR_GET_LIB(l)^ERR_GET_FUNC(l); + return (ret^ret % 19*13); +} +static IMPLEMENT_LHASH_HASH_FN(err_string_data, ERR_STRING_DATA) + +static int +err_string_data_cmp(const ERR_STRING_DATA *a, const ERR_STRING_DATA *b) +{ + return (int)(a->error - b->error); +} +static IMPLEMENT_LHASH_COMP_FN(err_string_data, ERR_STRING_DATA) + +static +LHASH_OF(ERR_STRING_DATA) *int_err_get(int create) +{ + LHASH_OF(ERR_STRING_DATA) *ret = NULL; CRYPTO_w_lock(CRYPTO_LOCK_ERR); - if (!int_error_hash && create) - { + if (!int_error_hash && create) { CRYPTO_push_info("int_err_get (err.c)"); - int_error_hash = lh_new(err_hash, err_cmp); + int_error_hash = lh_ERR_STRING_DATA_new(); CRYPTO_pop_info(); - } + } if (int_error_hash) ret = int_error_hash; CRYPTO_w_unlock(CRYPTO_LOCK_ERR); return ret; - } +} -static void int_err_del(void) - { +static void +int_err_del(void) +{ CRYPTO_w_lock(CRYPTO_LOCK_ERR); - if (int_error_hash) - { - lh_free(int_error_hash); + if (int_error_hash) { + lh_ERR_STRING_DATA_free(int_error_hash); int_error_hash = NULL; - } - CRYPTO_w_unlock(CRYPTO_LOCK_ERR); } + CRYPTO_w_unlock(CRYPTO_LOCK_ERR); +} -static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *d) - { +static ERR_STRING_DATA * +int_err_get_item(const ERR_STRING_DATA *d) +{ ERR_STRING_DATA *p; - LHASH *hash; + LHASH_OF(ERR_STRING_DATA) *hash; err_fns_check(); hash = ERRFN(err_get)(0); @@ -363,16 +392,17 @@ static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *d) return NULL; CRYPTO_r_lock(CRYPTO_LOCK_ERR); - p = (ERR_STRING_DATA *)lh_retrieve(hash, d); + p = lh_ERR_STRING_DATA_retrieve(hash, d); CRYPTO_r_unlock(CRYPTO_LOCK_ERR); return p; - } +} -static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *d) - { +static ERR_STRING_DATA * +int_err_set_item(ERR_STRING_DATA *d) +{ ERR_STRING_DATA *p; - LHASH *hash; + LHASH_OF(ERR_STRING_DATA) *hash; err_fns_check(); hash = ERRFN(err_get)(1); @@ -380,16 +410,17 @@ static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *d) return NULL; CRYPTO_w_lock(CRYPTO_LOCK_ERR); - p = (ERR_STRING_DATA *)lh_insert(hash, d); + p = lh_ERR_STRING_DATA_insert(hash, d); CRYPTO_w_unlock(CRYPTO_LOCK_ERR); return p; - } +} -static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *d) - { +static ERR_STRING_DATA * +int_err_del_item(ERR_STRING_DATA *d) +{ ERR_STRING_DATA *p; - LHASH *hash; + LHASH_OF(ERR_STRING_DATA) *hash; err_fns_check(); hash = ERRFN(err_get)(0); @@ -397,33 +428,65 @@ static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *d) return NULL; CRYPTO_w_lock(CRYPTO_LOCK_ERR); - p = (ERR_STRING_DATA *)lh_delete(hash, d); + p = lh_ERR_STRING_DATA_delete(hash, d); CRYPTO_w_unlock(CRYPTO_LOCK_ERR); return p; - } - -static LHASH *int_thread_get(int create) - { - LHASH *ret = NULL; +} + +static unsigned long +err_state_hash(const ERR_STATE *a) +{ + return CRYPTO_THREADID_hash(&a->tid) * 13; +} +static IMPLEMENT_LHASH_HASH_FN(err_state, ERR_STATE) + +static int +err_state_cmp(const ERR_STATE *a, const ERR_STATE *b) +{ + return CRYPTO_THREADID_cmp(&a->tid, &b->tid); +} +static IMPLEMENT_LHASH_COMP_FN(err_state, ERR_STATE) + +static +LHASH_OF(ERR_STATE) *int_thread_get(int create) +{ + LHASH_OF(ERR_STATE) *ret = NULL; CRYPTO_w_lock(CRYPTO_LOCK_ERR); - if (!int_thread_hash && create) - { + if (!int_thread_hash && create) { CRYPTO_push_info("int_thread_get (err.c)"); - int_thread_hash = lh_new(pid_hash, pid_cmp); + int_thread_hash = lh_ERR_STATE_new(); CRYPTO_pop_info(); - } - if (int_thread_hash) + } + if (int_thread_hash) { + int_thread_hash_references++; ret = int_thread_hash; + } CRYPTO_w_unlock(CRYPTO_LOCK_ERR); return ret; - } +} + +static void +int_thread_release(LHASH_OF(ERR_STATE) **hash) +{ + int i; -static ERR_STATE *int_thread_get_item(const ERR_STATE *d) - { + if (hash == NULL || *hash == NULL) + return; + + i = CRYPTO_add(&int_thread_hash_references, -1, CRYPTO_LOCK_ERR); + if (i > 0) + return; + + *hash = NULL; +} + +static ERR_STATE * +int_thread_get_item(const ERR_STATE *d) +{ ERR_STATE *p; - LHASH *hash; + LHASH_OF(ERR_STATE) *hash; err_fns_check(); hash = ERRFN(thread_get)(0); @@ -431,16 +494,18 @@ static ERR_STATE *int_thread_get_item(const ERR_STATE *d) return NULL; CRYPTO_r_lock(CRYPTO_LOCK_ERR); - p = (ERR_STATE *)lh_retrieve(hash, d); + p = lh_ERR_STATE_retrieve(hash, d); CRYPTO_r_unlock(CRYPTO_LOCK_ERR); + ERRFN(thread_release)(&hash); return p; - } +} -static ERR_STATE *int_thread_set_item(ERR_STATE *d) - { +static ERR_STATE * +int_thread_set_item(ERR_STATE *d) +{ ERR_STATE *p; - LHASH *hash; + LHASH_OF(ERR_STATE) *hash; err_fns_check(); hash = ERRFN(thread_get)(1); @@ -448,16 +513,18 @@ static ERR_STATE *int_thread_set_item(ERR_STATE *d) return NULL; CRYPTO_w_lock(CRYPTO_LOCK_ERR); - p = (ERR_STATE *)lh_insert(hash, d); + p = lh_ERR_STATE_insert(hash, d); CRYPTO_w_unlock(CRYPTO_LOCK_ERR); + ERRFN(thread_release)(&hash); return p; - } +} -static void int_thread_del_item(const ERR_STATE *d) - { +static void +int_thread_del_item(const ERR_STATE *d) +{ ERR_STATE *p; - LHASH *hash; + LHASH_OF(ERR_STATE) *hash; err_fns_check(); hash = ERRFN(thread_get)(0); @@ -465,21 +532,23 @@ static void int_thread_del_item(const ERR_STATE *d) return; CRYPTO_w_lock(CRYPTO_LOCK_ERR); - p = (ERR_STATE *)lh_delete(hash, d); + p = lh_ERR_STATE_delete(hash, d); /* make sure we don't leak memory */ - if (int_thread_hash && (lh_num_items(int_thread_hash) == 0)) - { - lh_free(int_thread_hash); + if (int_thread_hash_references == 1 && + int_thread_hash && lh_ERR_STATE_num_items(int_thread_hash) == 0) { + lh_ERR_STATE_free(int_thread_hash); int_thread_hash = NULL; - } + } CRYPTO_w_unlock(CRYPTO_LOCK_ERR); + ERRFN(thread_release)(&hash); if (p) ERR_STATE_free(p); - } +} -static int int_err_get_next_lib(void) - { +static int +int_err_get_next_lib(void) +{ int ret; CRYPTO_w_lock(CRYPTO_LOCK_ERR); @@ -487,9 +556,10 @@ static int int_err_get_next_lib(void) CRYPTO_w_unlock(CRYPTO_LOCK_ERR); return ret; - } +} +#ifndef OPENSSL_NO_ERR #define NUM_SYS_STR_REASONS 127 #define LEN_SYS_STR_REASON 32 @@ -500,533 +570,618 @@ static ERR_STRING_DATA SYS_str_reasons[NUM_SYS_STR_REASONS + 1]; * others will be displayed numerically by ERR_error_string. * It is crucial that we have something for each reason code * that occurs in ERR_str_reasons, or bogus reason strings - * will be returned for SYSerr(), which always gets an errno + * will be returned for SYSerror(which always gets an errno * value and never one of those 'standard' reason codes. */ -static void build_SYS_str_reasons() - { - /* OPENSSL_malloc cannot be used here, use static storage instead */ +static void +build_SYS_str_reasons(void) +{ + /* malloc cannot be used here, use static storage instead */ static char strerror_tab[NUM_SYS_STR_REASONS][LEN_SYS_STR_REASON]; int i; static int init = 1; - if (!init) return; + CRYPTO_r_lock(CRYPTO_LOCK_ERR); + if (!init) { + CRYPTO_r_unlock(CRYPTO_LOCK_ERR); + return; + } + CRYPTO_r_unlock(CRYPTO_LOCK_ERR); CRYPTO_w_lock(CRYPTO_LOCK_ERR); + if (!init) { + CRYPTO_w_unlock(CRYPTO_LOCK_ERR); + return; + } - for (i = 1; i <= NUM_SYS_STR_REASONS; i++) - { + for (i = 1; i <= NUM_SYS_STR_REASONS; i++) { ERR_STRING_DATA *str = &SYS_str_reasons[i - 1]; str->error = (unsigned long)i; - if (str->string == NULL) - { - char (*dest)[LEN_SYS_STR_REASON] = &(strerror_tab[i - 1]); - char *src = strerror(i); - if (src != NULL) - { - strncpy(*dest, src, sizeof *dest); - (*dest)[sizeof *dest - 1] = '\0'; + if (str->string == NULL) { + char (*dest)[LEN_SYS_STR_REASON] = + &(strerror_tab[i - 1]); + const char *src = strerror(i); + if (src != NULL) { + strlcpy(*dest, src, sizeof *dest); str->string = *dest; - } } + } if (str->string == NULL) str->string = "unknown"; - } + } /* Now we still have SYS_str_reasons[NUM_SYS_STR_REASONS] = {0, NULL}, * as required by ERR_load_strings. */ init = 0; - + CRYPTO_w_unlock(CRYPTO_LOCK_ERR); - } +} #endif #define err_clear_data(p,i) \ - if (((p)->err_data[i] != NULL) && \ - (p)->err_data_flags[i] & ERR_TXT_MALLOCED) \ - { \ - OPENSSL_free((p)->err_data[i]); \ - (p)->err_data[i]=NULL; \ + do { \ + if (((p)->err_data[i] != NULL) && \ + (p)->err_data_flags[i] & ERR_TXT_MALLOCED) { \ + free((p)->err_data[i]); \ + (p)->err_data[i] = NULL; \ } \ - (p)->err_data_flags[i]=0; - -static void ERR_STATE_free(ERR_STATE *s) - { + (p)->err_data_flags[i] = 0; \ + } while(0) + +#define err_clear(p,i) \ + do { \ + (p)->err_flags[i] = 0; \ + (p)->err_buffer[i] = 0; \ + err_clear_data(p, i); \ + (p)->err_file[i] = NULL; \ + (p)->err_line[i] = -1; \ + } while(0) + +static void +ERR_STATE_free(ERR_STATE *s) +{ int i; if (s == NULL) - return; + return; - for (i=0; ierror) - { - str->error|=ERR_PACK(lib,0,0); + +void +ERR_load_ERR_strings(void) +{ + static pthread_once_t once = PTHREAD_ONCE_INIT; + + if (pthread_equal(pthread_self(), err_init_thread)) + return; /* don't recurse */ + + /* Prayer and clean living lets you ignore errors, OpenSSL style */ + (void) OPENSSL_init_crypto(0, NULL); + + (void) pthread_once(&once, ERR_load_ERR_strings_internal); +} + +static void +err_load_strings(int lib, ERR_STRING_DATA *str) +{ + while (str->error) { + if (lib) + str->error |= ERR_PACK(lib, 0, 0); ERRFN(err_set_item)(str); str++; - } } +} -void ERR_load_strings(int lib, ERR_STRING_DATA *str) - { +void +ERR_load_strings(int lib, ERR_STRING_DATA *str) +{ ERR_load_ERR_strings(); err_load_strings(lib, str); - } +} -void ERR_unload_strings(int lib, ERR_STRING_DATA *str) - { - while (str->error) - { - str->error|=ERR_PACK(lib,0,0); +void +ERR_unload_strings(int lib, ERR_STRING_DATA *str) +{ + /* Prayer and clean living lets you ignore errors, OpenSSL style */ + (void) OPENSSL_init_crypto(0, NULL); + + while (str->error) { + if (lib) + str->error |= ERR_PACK(lib, 0, 0); ERRFN(err_del_item)(str); str++; - } } +} + +void +ERR_free_strings(void) +{ + /* Prayer and clean living lets you ignore errors, OpenSSL style */ + (void) OPENSSL_init_crypto(0, NULL); -void ERR_free_strings(void) - { err_fns_check(); ERRFN(err_del)(); - } +} /********************************************************/ -void ERR_put_error(int lib, int func, int reason, const char *file, - int line) - { +void +ERR_put_error(int lib, int func, int reason, const char *file, int line) +{ ERR_STATE *es; + int save_errno = errno; -#ifdef _OSD_POSIX - /* In the BS2000-OSD POSIX subsystem, the compiler generates - * path names in the form "*POSIX(/etc/passwd)". - * This dirty hack strips them to something sensible. - * @@@ We shouldn't modify a const string, though. - */ - if (strncmp(file,"*POSIX(", sizeof("*POSIX(")-1) == 0) { - char *end; - - /* Skip the "*POSIX(" prefix */ - file += sizeof("*POSIX(")-1; - end = &file[strlen(file)-1]; - if (*end == ')') - *end = '\0'; - /* Optional: use the basename of the path only. */ - if ((end = strrchr(file, '/')) != NULL) - file = &end[1]; - } -#endif - es=ERR_get_state(); + es = ERR_get_state(); - es->top=(es->top+1)%ERR_NUM_ERRORS; + es->top = (es->top + 1) % ERR_NUM_ERRORS; if (es->top == es->bottom) - es->bottom=(es->bottom+1)%ERR_NUM_ERRORS; - es->err_buffer[es->top]=ERR_PACK(lib,func,reason); - es->err_file[es->top]=file; - es->err_line[es->top]=line; - err_clear_data(es,es->top); - } - -void ERR_clear_error(void) - { + es->bottom = (es->bottom + 1) % ERR_NUM_ERRORS; + es->err_flags[es->top] = 0; + es->err_buffer[es->top] = ERR_PACK(lib, func, reason); + es->err_file[es->top] = file; + es->err_line[es->top] = line; + err_clear_data(es, es->top); + errno = save_errno; +} + +void +ERR_clear_error(void) +{ int i; ERR_STATE *es; - es=ERR_get_state(); + es = ERR_get_state(); - for (i=0; ierr_buffer[i]=0; - err_clear_data(es,i); - es->err_file[i]=NULL; - es->err_line[i]= -1; - } - es->top=es->bottom=0; + for (i = 0; i < ERR_NUM_ERRORS; i++) { + err_clear(es, i); } - - -unsigned long ERR_get_error(void) - { return(get_error_values(1,0,NULL,NULL,NULL,NULL)); } - -unsigned long ERR_get_error_line(const char **file, - int *line) - { return(get_error_values(1,0,file,line,NULL,NULL)); } - -unsigned long ERR_get_error_line_data(const char **file, int *line, - const char **data, int *flags) - { return(get_error_values(1,0,file,line,data,flags)); } - - -unsigned long ERR_peek_error(void) - { return(get_error_values(0,0,NULL,NULL,NULL,NULL)); } - -unsigned long ERR_peek_error_line(const char **file, int *line) - { return(get_error_values(0,0,file,line,NULL,NULL)); } - -unsigned long ERR_peek_error_line_data(const char **file, int *line, - const char **data, int *flags) - { return(get_error_values(0,0,file,line,data,flags)); } - - -unsigned long ERR_peek_last_error(void) - { return(get_error_values(0,1,NULL,NULL,NULL,NULL)); } - -unsigned long ERR_peek_last_error_line(const char **file, int *line) - { return(get_error_values(0,1,file,line,NULL,NULL)); } - -unsigned long ERR_peek_last_error_line_data(const char **file, int *line, - const char **data, int *flags) - { return(get_error_values(0,1,file,line,data,flags)); } - - -static unsigned long get_error_values(int inc, int top, const char **file, int *line, - const char **data, int *flags) - { - int i=0; + es->top = es->bottom = 0; +} + + +unsigned long +ERR_get_error(void) +{ + return (get_error_values(1, 0, NULL, NULL, NULL, NULL)); +} + +unsigned long +ERR_get_error_line(const char **file, int *line) +{ + return (get_error_values(1, 0, file, line, NULL, NULL)); +} + +unsigned long +ERR_get_error_line_data(const char **file, int *line, + const char **data, int *flags) +{ + return (get_error_values(1, 0, file, line, data, flags)); +} + + +unsigned long +ERR_peek_error(void) +{ + return (get_error_values(0, 0, NULL, NULL, NULL, NULL)); +} + +unsigned long +ERR_peek_error_line(const char **file, int *line) +{ + return (get_error_values(0, 0, file, line, NULL, NULL)); +} + +unsigned long +ERR_peek_error_line_data(const char **file, int *line, + const char **data, int *flags) +{ + return (get_error_values(0, 0, file, line, data, flags)); +} + +unsigned long +ERR_peek_last_error(void) +{ + return (get_error_values(0, 1, NULL, NULL, NULL, NULL)); +} + +unsigned long +ERR_peek_last_error_line(const char **file, int *line) +{ + return (get_error_values(0, 1, file, line, NULL, NULL)); +} + +unsigned long +ERR_peek_last_error_line_data(const char **file, int *line, + const char **data, int *flags) +{ + return (get_error_values(0, 1, file, line, data, flags)); +} + +static unsigned long +get_error_values(int inc, int top, const char **file, int *line, + const char **data, int *flags) +{ + int i = 0; ERR_STATE *es; unsigned long ret; - es=ERR_get_state(); + es = ERR_get_state(); + + if (inc && top) { + if (file) + *file = ""; + if (line) + *line = 0; + if (data) + *data = ""; + if (flags) + *flags = 0; - if (inc && top) - { - if (file) *file = ""; - if (line) *line = 0; - if (data) *data = ""; - if (flags) *flags = 0; - return ERR_R_INTERNAL_ERROR; - } + } - if (es->bottom == es->top) return 0; + if (es->bottom == es->top) + return 0; if (top) - i=es->top; /* last error */ + i = es->top; /* last error */ else - i=(es->bottom+1)%ERR_NUM_ERRORS; /* first error */ + i = (es->bottom + 1) % ERR_NUM_ERRORS; /* first error */ - ret=es->err_buffer[i]; - if (inc) - { - es->bottom=i; - es->err_buffer[i]=0; - } + ret = es->err_buffer[i]; + if (inc) { + es->bottom = i; + es->err_buffer[i] = 0; + } - if ((file != NULL) && (line != NULL)) - { - if (es->err_file[i] == NULL) - { - *file="NA"; - if (line != NULL) *line=0; - } - else - { - *file=es->err_file[i]; - if (line != NULL) *line=es->err_line[i]; - } + if ((file != NULL) && (line != NULL)) { + if (es->err_file[i] == NULL) { + *file = "NA"; + if (line != NULL) + *line = 0; + } else { + *file = es->err_file[i]; + if (line != NULL) + *line = es->err_line[i]; } + } - if (data == NULL) - { - if (inc) - { + if (data == NULL) { + if (inc) { err_clear_data(es, i); - } } - else - { - if (es->err_data[i] == NULL) - { - *data=""; - if (flags != NULL) *flags=0; - } - else - { - *data=es->err_data[i]; - if (flags != NULL) *flags=es->err_data_flags[i]; - } + } else { + if (es->err_data[i] == NULL) { + *data = ""; + if (flags != NULL) + *flags = 0; + } else { + *data = es->err_data[i]; + if (flags != NULL) + *flags = es->err_data_flags[i]; } + } return ret; +} + +void +ERR_error_string_n(unsigned long e, char *buf, size_t len) +{ + char lsbuf[30], fsbuf[30], rsbuf[30]; + const char *ls, *fs, *rs; + int l, f, r, ret; + + l = ERR_GET_LIB(e); + f = ERR_GET_FUNC(e); + r = ERR_GET_REASON(e); + + ls = ERR_lib_error_string(e); + fs = ERR_func_error_string(e); + rs = ERR_reason_error_string(e); + + if (ls == NULL) { + (void) snprintf(lsbuf, sizeof(lsbuf), "lib(%d)", l); + ls = lsbuf; + } + if (fs == NULL) { + (void) snprintf(fsbuf, sizeof(fsbuf), "func(%d)", f); + fs = fsbuf; + } + if (rs == NULL) { + (void) snprintf(rsbuf, sizeof(rsbuf), "reason(%d)", r); + rs = rsbuf; } -void ERR_error_string_n(unsigned long e, char *buf, size_t len) - { - char lsbuf[64], fsbuf[64], rsbuf[64]; - const char *ls,*fs,*rs; - unsigned long l,f,r; - - l=ERR_GET_LIB(e); - f=ERR_GET_FUNC(e); - r=ERR_GET_REASON(e); - - ls=ERR_lib_error_string(e); - fs=ERR_func_error_string(e); - rs=ERR_reason_error_string(e); - - if (ls == NULL) - BIO_snprintf(lsbuf, sizeof(lsbuf), "lib(%lu)", l); - if (fs == NULL) - BIO_snprintf(fsbuf, sizeof(fsbuf), "func(%lu)", f); - if (rs == NULL) - BIO_snprintf(rsbuf, sizeof(rsbuf), "reason(%lu)", r); - - BIO_snprintf(buf, len,"error:%08lX:%s:%s:%s", e, ls?ls:lsbuf, - fs?fs:fsbuf, rs?rs:rsbuf); - if (strlen(buf) == len-1) - { - /* output may be truncated; make sure we always have 5 + ret = snprintf(buf, len, "error:%08lX:%s:%s:%s", e, ls, fs, rs); + if (ret == -1) + return; /* can't happen, and can't do better if it does */ + if (ret >= len) { + /* output may be truncated; make sure we always have 5 * colon-separated fields, i.e. 4 colons ... */ #define NUM_COLONS 4 if (len > NUM_COLONS) /* ... if possible */ - { + { int i; char *s = buf; - - for (i = 0; i < NUM_COLONS; i++) - { + + for (i = 0; i < NUM_COLONS; i++) { char *colon = strchr(s, ':'); - if (colon == NULL || colon > &buf[len-1] - NUM_COLONS + i) - { + if (colon == NULL || + colon > &buf[len - 1] - NUM_COLONS + i) { /* set colon no. i at last possible position * (buf[len-1] is the terminating 0)*/ - colon = &buf[len-1] - NUM_COLONS + i; + colon = &buf[len - 1] - NUM_COLONS + i; *colon = ':'; - } - s = colon + 1; } + s = colon + 1; } } } +} /* BAD for multi-threading: uses a local buffer if ret == NULL */ /* ERR_error_string_n should be used instead for ret != NULL * as ERR_error_string cannot know how large the buffer is */ -char *ERR_error_string(unsigned long e, char *ret) - { +char * +ERR_error_string(unsigned long e, char *ret) +{ static char buf[256]; - if (ret == NULL) ret=buf; + if (ret == NULL) + ret = buf; ERR_error_string_n(e, ret, 256); return ret; - } +} -LHASH *ERR_get_string_table(void) - { +LHASH_OF(ERR_STRING_DATA) *ERR_get_string_table(void) +{ err_fns_check(); return ERRFN(err_get)(0); - } +} -LHASH *ERR_get_err_state_table(void) - { +LHASH_OF(ERR_STATE) *ERR_get_err_state_table(void) +{ err_fns_check(); return ERRFN(thread_get)(0); - } - -const char *ERR_lib_error_string(unsigned long e) - { - ERR_STRING_DATA d,*p; - unsigned long l; +} +void +ERR_release_err_state_table(LHASH_OF(ERR_STATE) **hash) +{ err_fns_check(); - l=ERR_GET_LIB(e); - d.error=ERR_PACK(l,0,0); - p=ERRFN(err_get_item)(&d); - return((p == NULL)?NULL:p->string); - } - -const char *ERR_func_error_string(unsigned long e) - { - ERR_STRING_DATA d,*p; - unsigned long l,f; + ERRFN(thread_release)(hash); +} - err_fns_check(); - l=ERR_GET_LIB(e); - f=ERR_GET_FUNC(e); - d.error=ERR_PACK(l,f,0); - p=ERRFN(err_get_item)(&d); - return((p == NULL)?NULL:p->string); - } +const char * +ERR_lib_error_string(unsigned long e) +{ + ERR_STRING_DATA d, *p; + unsigned long l; -const char *ERR_reason_error_string(unsigned long e) - { - ERR_STRING_DATA d,*p=NULL; - unsigned long l,r; + if (!OPENSSL_init_crypto(0, NULL)) + return NULL; err_fns_check(); - l=ERR_GET_LIB(e); - r=ERR_GET_REASON(e); - d.error=ERR_PACK(l,0,r); - p=ERRFN(err_get_item)(&d); - if (!p) - { - d.error=ERR_PACK(0,0,r); - p=ERRFN(err_get_item)(&d); - } - return((p == NULL)?NULL:p->string); - } - -/* static unsigned long err_hash(ERR_STRING_DATA *a) */ -static unsigned long err_hash(const void *a_void) - { - unsigned long ret,l; - - l=((ERR_STRING_DATA *)a_void)->error; - ret=l^ERR_GET_LIB(l)^ERR_GET_FUNC(l); - return(ret^ret%19*13); - } + l = ERR_GET_LIB(e); + d.error = ERR_PACK(l, 0, 0); + p = ERRFN(err_get_item)(&d); + return ((p == NULL) ? NULL : p->string); +} + +const char * +ERR_func_error_string(unsigned long e) +{ + ERR_STRING_DATA d, *p; + unsigned long l, f; -/* static int err_cmp(ERR_STRING_DATA *a, ERR_STRING_DATA *b) */ -static int err_cmp(const void *a_void, const void *b_void) - { - return((int)(((ERR_STRING_DATA *)a_void)->error - - ((ERR_STRING_DATA *)b_void)->error)); - } - -/* static unsigned long pid_hash(ERR_STATE *a) */ -static unsigned long pid_hash(const void *a_void) - { - return(((ERR_STATE *)a_void)->pid*13); - } + err_fns_check(); + l = ERR_GET_LIB(e); + f = ERR_GET_FUNC(e); + d.error = ERR_PACK(l, f, 0); + p = ERRFN(err_get_item)(&d); + return ((p == NULL) ? NULL : p->string); +} + +const char * +ERR_reason_error_string(unsigned long e) +{ + ERR_STRING_DATA d, *p = NULL; + unsigned long l, r; -/* static int pid_cmp(ERR_STATE *a, ERR_STATE *b) */ -static int pid_cmp(const void *a_void, const void *b_void) - { - return((int)((long)((ERR_STATE *)a_void)->pid - - (long)((ERR_STATE *)b_void)->pid)); + err_fns_check(); + l = ERR_GET_LIB(e); + r = ERR_GET_REASON(e); + d.error = ERR_PACK(l, 0, r); + p = ERRFN(err_get_item)(&d); + if (!p) { + d.error = ERR_PACK(0, 0, r); + p = ERRFN(err_get_item)(&d); } + return ((p == NULL) ? NULL : p->string); +} -void ERR_remove_state(unsigned long pid) - { +void +ERR_remove_thread_state(const CRYPTO_THREADID *id) +{ ERR_STATE tmp; + if (id) + CRYPTO_THREADID_cpy(&tmp.tid, id); + else + CRYPTO_THREADID_current(&tmp.tid); err_fns_check(); - if (pid == 0) - pid=(unsigned long)CRYPTO_thread_id(); - tmp.pid=pid; /* thread_del_item automatically destroys the LHASH if the number of * items reaches zero. */ ERRFN(thread_del_item)(&tmp); - } +} + +#ifndef OPENSSL_NO_DEPRECATED +void +ERR_remove_state(unsigned long pid) +{ + ERR_remove_thread_state(NULL); +} +#endif -ERR_STATE *ERR_get_state(void) - { +ERR_STATE * +ERR_get_state(void) +{ static ERR_STATE fallback; - ERR_STATE *ret,tmp,*tmpp=NULL; + ERR_STATE *ret, tmp, *tmpp = NULL; int i; - unsigned long pid; + CRYPTO_THREADID tid; err_fns_check(); - pid=(unsigned long)CRYPTO_thread_id(); - tmp.pid=pid; - ret=ERRFN(thread_get_item)(&tmp); + CRYPTO_THREADID_current(&tid); + CRYPTO_THREADID_cpy(&tmp.tid, &tid); + ret = ERRFN(thread_get_item)(&tmp); /* ret == the error state, if NULL, make a new one */ - if (ret == NULL) - { - ret=(ERR_STATE *)OPENSSL_malloc(sizeof(ERR_STATE)); - if (ret == NULL) return(&fallback); - ret->pid=pid; - ret->top=0; - ret->bottom=0; - for (i=0; ierr_data[i]=NULL; - ret->err_data_flags[i]=0; - } + if (ret == NULL) { + ret = malloc(sizeof(ERR_STATE)); + if (ret == NULL) + return (&fallback); + CRYPTO_THREADID_cpy(&ret->tid, &tid); + ret->top = 0; + ret->bottom = 0; + for (i = 0; i < ERR_NUM_ERRORS; i++) { + ret->err_data[i] = NULL; + ret->err_data_flags[i] = 0; + } tmpp = ERRFN(thread_set_item)(ret); /* To check if insertion failed, do a get. */ - if (ERRFN(thread_get_item)(ret) != ret) - { + if (ERRFN(thread_get_item)(ret) != ret) { ERR_STATE_free(ret); /* could not insert it */ - return(&fallback); - } + return (&fallback); + } /* If a race occured in this function and we came second, tmpp * is the first one that we just replaced. */ if (tmpp) ERR_STATE_free(tmpp); - } - return ret; } + return ret; +} -int ERR_get_next_error_library(void) - { +int +ERR_get_next_error_library(void) +{ err_fns_check(); return ERRFN(get_next_lib)(); - } +} -void ERR_set_error_data(char *data, int flags) - { +void +ERR_set_error_data(char *data, int flags) +{ ERR_STATE *es; int i; - es=ERR_get_state(); + es = ERR_get_state(); - i=es->top; + i = es->top; if (i == 0) - i=ERR_NUM_ERRORS-1; + i = ERR_NUM_ERRORS - 1; + + err_clear_data(es, i); + es->err_data[i] = data; + es->err_data_flags[i] = flags; +} + +void +ERR_asprintf_error_data(char * format, ...) +{ + char *errbuf = NULL; + va_list ap; + int r; + + va_start(ap, format); + r = vasprintf(&errbuf, format, ap); + va_end(ap); + if (r == -1) + ERR_set_error_data("malloc failed", ERR_TXT_STRING); + else + ERR_set_error_data(errbuf, ERR_TXT_MALLOCED|ERR_TXT_STRING); +} + +void +ERR_add_error_vdata(int num, va_list args) +{ + char format[129]; + char *errbuf; + int i; - err_clear_data(es,i); - es->err_data[i]=data; - es->err_data_flags[i]=flags; + format[0] = '\0'; + for (i = 0; i < num; i++) { + if (strlcat(format, "%s", sizeof(format)) >= sizeof(format)) { + ERR_set_error_data("too many errors", ERR_TXT_STRING); + return; + } } + if (vasprintf(&errbuf, format, args) == -1) + ERR_set_error_data("malloc failed", ERR_TXT_STRING); + else + ERR_set_error_data(errbuf, ERR_TXT_MALLOCED|ERR_TXT_STRING); +} -void ERR_add_error_data(int num, ...) - { +void +ERR_add_error_data(int num, ...) +{ va_list args; - int i,n,s; - char *str,*p,*a; + va_start(args, num); + ERR_add_error_vdata(num, args); + va_end(args); +} - s=80; - str=OPENSSL_malloc(s+1); - if (str == NULL) return; - str[0]='\0'; +int +ERR_set_mark(void) +{ + ERR_STATE *es; - va_start(args, num); - n=0; - for (i=0; i */ - if (a != NULL) - { - n+=strlen(a); - if (n > s) - { - s=n+20; - p=OPENSSL_realloc(str,s+1); - if (p == NULL) - { - OPENSSL_free(str); - goto err; - } - else - str=p; - } - strcat(str,a); - } - } - ERR_set_error_data(str,ERR_TXT_MALLOCED|ERR_TXT_STRING); + es = ERR_get_state(); -err: - va_end(args); + if (es->bottom == es->top) + return 0; + es->err_flags[es->top] |= ERR_FLAG_MARK; + return 1; +} + +int +ERR_pop_to_mark(void) +{ + ERR_STATE *es; + + es = ERR_get_state(); + + while (es->bottom != es->top && + (es->err_flags[es->top] & ERR_FLAG_MARK) == 0) { + err_clear(es, es->top); + es->top -= 1; + if (es->top == -1) + es->top = ERR_NUM_ERRORS - 1; } + + if (es->bottom == es->top) + return 0; + es->err_flags[es->top]&=~ERR_FLAG_MARK; + return 1; +} diff --git a/src/lib/libcrypto/err/err.h b/src/lib/libcrypto/err/err.h index cc9bb649eaf..b66e77b7463 100644 --- a/src/lib/libcrypto/err/err.h +++ b/src/lib/libcrypto/err/err.h @@ -1,25 +1,25 @@ -/* crypto/err/err.h */ +/* $OpenBSD: err.h,v 1.25 2017/02/20 23:21:19 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,21 +49,75 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ #ifndef HEADER_ERR_H #define HEADER_ERR_H -#ifndef OPENSSL_NO_FP_API +#include + #include #include -#endif +#include #ifndef OPENSSL_NO_BIO #include #endif @@ -86,17 +140,19 @@ extern "C" { #define ERR_TXT_MALLOCED 0x01 #define ERR_TXT_STRING 0x02 +#define ERR_FLAG_MARK 0x01 + #define ERR_NUM_ERRORS 16 -typedef struct err_state_st - { - unsigned long pid; +typedef struct err_state_st { + CRYPTO_THREADID tid; + int err_flags[ERR_NUM_ERRORS]; unsigned long err_buffer[ERR_NUM_ERRORS]; char *err_data[ERR_NUM_ERRORS]; int err_data_flags[ERR_NUM_ERRORS]; const char *err_file[ERR_NUM_ERRORS]; int err_line[ERR_NUM_ERRORS]; - int top,bottom; - } ERR_STATE; + int top, bottom; +} ERR_STATE; /* library */ #define ERR_LIB_NONE 1 @@ -131,9 +187,20 @@ typedef struct err_state_st #define ERR_LIB_OCSP 39 #define ERR_LIB_UI 40 #define ERR_LIB_COMP 41 +#define ERR_LIB_ECDSA 42 +#define ERR_LIB_ECDH 43 +#define ERR_LIB_STORE 44 +#define ERR_LIB_FIPS 45 +#define ERR_LIB_CMS 46 +#define ERR_LIB_TS 47 +#define ERR_LIB_HMAC 48 +#define ERR_LIB_JPAKE 49 +#define ERR_LIB_GOST 50 +#define ERR_LIB_SM2 51 #define ERR_LIB_USER 128 +#ifndef LIBRESSL_INTERNAL #define SYSerr(f,r) ERR_PUT_error(ERR_LIB_SYS,(f),(r),__FILE__,__LINE__) #define BNerr(f,r) ERR_PUT_error(ERR_LIB_BN,(f),(r),__FILE__,__LINE__) #define RSAerr(f,r) ERR_PUT_error(ERR_LIB_RSA,(f),(r),__FILE__,__LINE__) @@ -148,7 +215,6 @@ typedef struct err_state_st #define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),__FILE__,__LINE__) #define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),__FILE__,__LINE__) #define ECerr(f,r) ERR_PUT_error(ERR_LIB_EC,(f),(r),__FILE__,__LINE__) -#define SSLerr(f,r) ERR_PUT_error(ERR_LIB_SSL,(f),(r),__FILE__,__LINE__) #define BIOerr(f,r) ERR_PUT_error(ERR_LIB_BIO,(f),(r),__FILE__,__LINE__) #define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),__FILE__,__LINE__) #define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),__FILE__,__LINE__) @@ -159,11 +225,58 @@ typedef struct err_state_st #define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),__FILE__,__LINE__) #define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),__FILE__,__LINE__) #define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),__FILE__,__LINE__) +#define ECDSAerr(f,r) ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),__FILE__,__LINE__) +#define ECDHerr(f,r) ERR_PUT_error(ERR_LIB_ECDH,(f),(r),__FILE__,__LINE__) +#define STOREerr(f,r) ERR_PUT_error(ERR_LIB_STORE,(f),(r),__FILE__,__LINE__) +#define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),__FILE__,__LINE__) +#define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),__FILE__,__LINE__) +#define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),__FILE__,__LINE__) +#define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),__FILE__,__LINE__) +#define JPAKEerr(f,r) ERR_PUT_error(ERR_LIB_JPAKE,(f),(r),__FILE__,__LINE__) +#define GOSTerr(f,r) ERR_PUT_error(ERR_LIB_GOST,(f),(r),__FILE__,__LINE__) +#define SSLerr(f,r) ERR_PUT_error(ERR_LIB_SSL,(f),(r),__FILE__,__LINE__) +#define SM2err(f,r) ERR_PUT_error(ERR_LIB_SM2,(f),(r),__FILE__,__LINE__) +#endif + +#ifdef LIBRESSL_INTERNAL +#define SYSerror(r) ERR_PUT_error(ERR_LIB_SYS,(0xfff),(r),__FILE__,__LINE__) +#define BNerror(r) ERR_PUT_error(ERR_LIB_BN,(0xfff),(r),__FILE__,__LINE__) +#define RSAerror(r) ERR_PUT_error(ERR_LIB_RSA,(0xfff),(r),__FILE__,__LINE__) +#define DHerror(r) ERR_PUT_error(ERR_LIB_DH,(0xfff),(r),__FILE__,__LINE__) +#define EVPerror(r) ERR_PUT_error(ERR_LIB_EVP,(0xfff),(r),__FILE__,__LINE__) +#define BUFerror(r) ERR_PUT_error(ERR_LIB_BUF,(0xfff),(r),__FILE__,__LINE__) +#define OBJerror(r) ERR_PUT_error(ERR_LIB_OBJ,(0xfff),(r),__FILE__,__LINE__) +#define PEMerror(r) ERR_PUT_error(ERR_LIB_PEM,(0xfff),(r),__FILE__,__LINE__) +#define DSAerror(r) ERR_PUT_error(ERR_LIB_DSA,(0xfff),(r),__FILE__,__LINE__) +#define X509error(r) ERR_PUT_error(ERR_LIB_X509,(0xfff),(r),__FILE__,__LINE__) +#define ASN1error(r) ERR_PUT_error(ERR_LIB_ASN1,(0xfff),(r),__FILE__,__LINE__) +#define CONFerror(r) ERR_PUT_error(ERR_LIB_CONF,(0xfff),(r),__FILE__,__LINE__) +#define CRYPTOerror(r) ERR_PUT_error(ERR_LIB_CRYPTO,(0xfff),(r),__FILE__,__LINE__) +#define ECerror(r) ERR_PUT_error(ERR_LIB_EC,(0xfff),(r),__FILE__,__LINE__) +#define BIOerror(r) ERR_PUT_error(ERR_LIB_BIO,(0xfff),(r),__FILE__,__LINE__) +#define PKCS7error(r) ERR_PUT_error(ERR_LIB_PKCS7,(0xfff),(r),__FILE__,__LINE__) +#define X509V3error(r) ERR_PUT_error(ERR_LIB_X509V3,(0xfff),(r),__FILE__,__LINE__) +#define PKCS12error(r) ERR_PUT_error(ERR_LIB_PKCS12,(0xfff),(r),__FILE__,__LINE__) +#define RANDerror(r) ERR_PUT_error(ERR_LIB_RAND,(0xfff),(r),__FILE__,__LINE__) +#define DSOerror(r) ERR_PUT_error(ERR_LIB_DSO,(0xfff),(r),__FILE__,__LINE__) +#define ENGINEerror(r) ERR_PUT_error(ERR_LIB_ENGINE,(0xfff),(r),__FILE__,__LINE__) +#define OCSPerror(r) ERR_PUT_error(ERR_LIB_OCSP,(0xfff),(r),__FILE__,__LINE__) +#define UIerror(r) ERR_PUT_error(ERR_LIB_UI,(0xfff),(r),__FILE__,__LINE__) +#define COMPerror(r) ERR_PUT_error(ERR_LIB_COMP,(0xfff),(r),__FILE__,__LINE__) +#define ECDSAerror(r) ERR_PUT_error(ERR_LIB_ECDSA,(0xfff),(r),__FILE__,__LINE__) +#define ECDHerror(r) ERR_PUT_error(ERR_LIB_ECDH,(0xfff),(r),__FILE__,__LINE__) +#define STOREerror(r) ERR_PUT_error(ERR_LIB_STORE,(0xfff),(r),__FILE__,__LINE__) +#define FIPSerror(r) ERR_PUT_error(ERR_LIB_FIPS,(0xfff),(r),__FILE__,__LINE__) +#define CMSerror(r) ERR_PUT_error(ERR_LIB_CMS,(0xfff),(r),__FILE__,__LINE__) +#define TSerror(r) ERR_PUT_error(ERR_LIB_TS,(0xfff),(r),__FILE__,__LINE__) +#define HMACerror(r) ERR_PUT_error(ERR_LIB_HMAC,(0xfff),(r),__FILE__,__LINE__) +#define JPAKEerror(r) ERR_PUT_error(ERR_LIB_JPAKE,(0xfff),(r),__FILE__,__LINE__) +#define GOSTerror(r) ERR_PUT_error(ERR_LIB_GOST,(0xfff),(r),__FILE__,__LINE__) +#define SM2error(r) ERR_PUT_error(ERR_LIB_SM2,(0xfff),(r),__FILE__,__LINE__) +#endif -/* Borland C seems too stupid to be able to shift and do longs in - * the pre-processor :-( */ -#define ERR_PACK(l,f,r) (((((unsigned long)l)&0xffL)*0x1000000)| \ - ((((unsigned long)f)&0xfffL)*0x1000)| \ +#define ERR_PACK(l,f,r) (((((unsigned long)l)&0xffL)<<24L)| \ + ((((unsigned long)f)&0xfffL)<<12L)| \ ((((unsigned long)r)&0xfffL))) #define ERR_GET_LIB(l) (int)((((unsigned long)l)>>24L)&0xffL) #define ERR_GET_FUNC(l) (int)((((unsigned long)l)>>12L)&0xfffL) @@ -182,6 +295,7 @@ typedef struct err_state_st #define SYS_F_ACCEPT 8 #define SYS_F_WSASTARTUP 9 /* Winsock stuff */ #define SYS_F_OPENDIR 10 +#define SYS_F_FREAD 11 /* reasons */ @@ -210,6 +324,10 @@ typedef struct err_state_st #define ERR_R_OCSP_LIB ERR_LIB_OCSP /* 39 */ #define ERR_R_UI_LIB ERR_LIB_UI /* 40 */ #define ERR_R_COMP_LIB ERR_LIB_COMP /* 41 */ +#define ERR_R_ECDSA_LIB ERR_LIB_ECDSA /* 42 */ +#define ERR_R_ECDH_LIB ERR_LIB_ECDH /* 43 */ +#define ERR_R_STORE_LIB ERR_LIB_STORE /* 44 */ +#define ERR_R_TS_LIB ERR_LIB_TS /* 45 */ #define ERR_R_NESTED_ASN1_ERROR 58 #define ERR_R_BAD_ASN1_OBJECT_HEADER 59 @@ -224,65 +342,74 @@ typedef struct err_state_st #define ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED (2|ERR_R_FATAL) #define ERR_R_PASSED_NULL_PARAMETER (3|ERR_R_FATAL) #define ERR_R_INTERNAL_ERROR (4|ERR_R_FATAL) +#define ERR_R_DISABLED (5|ERR_R_FATAL) /* 99 is the maximum possible ERR_R_... code, higher values * are reserved for the individual libraries */ -typedef struct ERR_string_data_st - { +typedef struct ERR_string_data_st { unsigned long error; const char *string; - } ERR_STRING_DATA; +} ERR_STRING_DATA; -void ERR_put_error(int lib, int func,int reason,const char *file,int line); -void ERR_set_error_data(char *data,int flags); +void ERR_put_error(int lib, int func, int reason, const char *file, int line); +void ERR_set_error_data(char *data, int flags); unsigned long ERR_get_error(void); -unsigned long ERR_get_error_line(const char **file,int *line); -unsigned long ERR_get_error_line_data(const char **file,int *line, - const char **data, int *flags); +unsigned long ERR_get_error_line(const char **file, int *line); +unsigned long ERR_get_error_line_data(const char **file, int *line, + const char **data, int *flags); unsigned long ERR_peek_error(void); -unsigned long ERR_peek_error_line(const char **file,int *line); -unsigned long ERR_peek_error_line_data(const char **file,int *line, - const char **data,int *flags); +unsigned long ERR_peek_error_line(const char **file, int *line); +unsigned long ERR_peek_error_line_data(const char **file, int *line, + const char **data, int *flags); unsigned long ERR_peek_last_error(void); -unsigned long ERR_peek_last_error_line(const char **file,int *line); -unsigned long ERR_peek_last_error_line_data(const char **file,int *line, - const char **data,int *flags); +unsigned long ERR_peek_last_error_line(const char **file, int *line); +unsigned long ERR_peek_last_error_line_data(const char **file, int *line, + const char **data, int *flags); void ERR_clear_error(void ); -char *ERR_error_string(unsigned long e,char *buf); +char *ERR_error_string(unsigned long e, char *buf); void ERR_error_string_n(unsigned long e, char *buf, size_t len); const char *ERR_lib_error_string(unsigned long e); const char *ERR_func_error_string(unsigned long e); const char *ERR_reason_error_string(unsigned long e); void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u), - void *u); -#ifndef OPENSSL_NO_FP_API + void *u); void ERR_print_errors_fp(FILE *fp); -#endif #ifndef OPENSSL_NO_BIO void ERR_print_errors(BIO *bp); +#endif +void ERR_asprintf_error_data(char * format, ...); +#ifndef LIBRESSL_INTERNAL void ERR_add_error_data(int num, ...); +void ERR_add_error_vdata(int num, va_list args); #endif -void ERR_load_strings(int lib,ERR_STRING_DATA str[]); -void ERR_unload_strings(int lib,ERR_STRING_DATA str[]); +void ERR_load_strings(int lib, ERR_STRING_DATA str[]); +void ERR_unload_strings(int lib, ERR_STRING_DATA str[]); void ERR_load_ERR_strings(void); void ERR_load_crypto_strings(void); void ERR_free_strings(void); +void ERR_remove_thread_state(const CRYPTO_THREADID *tid); +#ifndef OPENSSL_NO_DEPRECATED void ERR_remove_state(unsigned long pid); /* if zero we look it up */ +#endif ERR_STATE *ERR_get_state(void); #ifndef OPENSSL_NO_LHASH -LHASH *ERR_get_string_table(void); -LHASH *ERR_get_err_state_table(void); +LHASH_OF(ERR_STRING_DATA) *ERR_get_string_table(void); +LHASH_OF(ERR_STATE) *ERR_get_err_state_table(void); +void ERR_release_err_state_table(LHASH_OF(ERR_STATE) **hash); #endif int ERR_get_next_error_library(void); -/* This opaque type encapsulates the low-level error-state functions */ -typedef struct st_ERR_FNS ERR_FNS; +int ERR_set_mark(void); +int ERR_pop_to_mark(void); + +/* Already defined in ossl_typ.h */ +/* typedef struct st_ERR_FNS ERR_FNS; */ /* An application can use this function and provide the return value to loaded * modules that should use the application's ERR state/functionality */ const ERR_FNS *ERR_get_implementation(void); diff --git a/src/lib/libcrypto/err/err_all.c b/src/lib/libcrypto/err/err_all.c index 90029fd159f..90d1db8811c 100644 --- a/src/lib/libcrypto/err/err_all.c +++ b/src/lib/libcrypto/err/err_all.c @@ -1,25 +1,25 @@ -/* crypto/err/err_all.c */ +/* $OpenBSD: err_all.c,v 1.24 2018/03/17 16:20:01 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,51 +49,71 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ +#include #include + +#include + #include +#include #include -#ifndef OPENSSL_NO_EC -#include -#endif #include -#include -#ifndef OPENSSL_NO_RSA -#include -#endif +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + #ifndef OPENSSL_NO_DH #include #endif #ifndef OPENSSL_NO_DSA #include #endif -#include -#include -#include -#include -#include -#include -#include -#include -#include +#ifndef OPENSSL_NO_EC +#include +#endif +#ifndef OPENSSL_NO_ECDH +#include +#endif +#ifndef OPENSSL_NO_ECDSA +#include +#endif +#ifndef OPENSSL_NO_ENGINE #include -#include -#include +#endif +#ifndef OPENSSL_NO_RSA +#include +#endif +#ifndef OPENSSL_NO_GOST +#include +#endif +#ifndef OPENSSL_NO_SM2 +#include +#endif -void ERR_load_crypto_strings(void) - { - static int done=0; +void ERR_load_ERR_strings_internal(void); - if (done) return; - done=1; +static void +ERR_load_crypto_strings_internal(void) +{ #ifndef OPENSSL_NO_ERR - ERR_load_ERR_strings(); /* include error strings for SYSerr */ + ERR_load_ERR_strings_internal(); /* include error strings for SYSerr */ ERR_load_BN_strings(); #ifndef OPENSSL_NO_RSA ERR_load_RSA_strings(); @@ -114,16 +134,38 @@ void ERR_load_crypto_strings(void) ERR_load_CRYPTO_strings(); #ifndef OPENSSL_NO_EC ERR_load_EC_strings(); +#endif +#ifndef OPENSSL_NO_ECDSA + ERR_load_ECDSA_strings(); +#endif +#ifndef OPENSSL_NO_ECDH + ERR_load_ECDH_strings(); #endif /* skip ERR_load_SSL_strings() because it is not in this library */ ERR_load_BIO_strings(); - ERR_load_PKCS7_strings(); + ERR_load_PKCS7_strings(); ERR_load_X509V3_strings(); ERR_load_PKCS12_strings(); ERR_load_RAND_strings(); ERR_load_DSO_strings(); + ERR_load_TS_strings(); +#ifndef OPENSSL_NO_ENGINE ERR_load_ENGINE_strings(); +#endif ERR_load_OCSP_strings(); ERR_load_UI_strings(); +#ifndef OPENSSL_NO_GOST + ERR_load_GOST_strings(); #endif - } +#ifndef OPENSSL_NO_SM2 + ERR_load_SM2_strings(); +#endif +#endif +} + +void +ERR_load_crypto_strings(void) +{ + static pthread_once_t loaded = PTHREAD_ONCE_INIT; + (void) pthread_once(&loaded, ERR_load_crypto_strings_internal); +} diff --git a/src/lib/libcrypto/err/err_prn.c b/src/lib/libcrypto/err/err_prn.c index c156663f0ef..48166829d44 100644 --- a/src/lib/libcrypto/err/err_prn.c +++ b/src/lib/libcrypto/err/err_prn.c @@ -1,25 +1,25 @@ -/* crypto/err/err_prn.c */ +/* $OpenBSD: err_prn.c,v 1.18 2017/02/07 15:52:33 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,51 +57,61 @@ */ #include -#include -#include -#include "cryptlib.h" +#include + #include -#include #include +#include +#include -void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u), - void *u) - { +void +ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u), void *u) +{ unsigned long l; char buf[256]; char buf2[4096]; - const char *file,*data; - int line,flags; + const char *file, *data; + int line, flags; unsigned long es; + CRYPTO_THREADID cur; - es=CRYPTO_thread_id(); - while ((l=ERR_get_error_line_data(&file,&line,&data,&flags)) != 0) - { + CRYPTO_THREADID_current(&cur); + es = CRYPTO_THREADID_hash(&cur); + while ((l = ERR_get_error_line_data(&file, &line, &data, + &flags)) != 0) { ERR_error_string_n(l, buf, sizeof buf); - BIO_snprintf(buf2, sizeof(buf2), "%lu:%s:%s:%d:%s\n", es, buf, - file, line, (flags & ERR_TXT_STRING) ? data : ""); - cb(buf2, strlen(buf2), u); - } + (void) snprintf(buf2, sizeof(buf2), "%lu:%s:%s:%d:%s\n", es, + buf, file, line, (flags & ERR_TXT_STRING) ? data : ""); + if (cb(buf2, strlen(buf2), u) <= 0) + break; /* abort outputting the error report */ } +} -#ifndef OPENSSL_NO_FP_API -static int print_fp(const char *str, size_t len, void *fp) - { - return fprintf((FILE *)fp, "%s", str); - } -void ERR_print_errors_fp(FILE *fp) - { +static int +print_fp(const char *str, size_t len, void *fp) +{ + BIO bio; + + BIO_set(&bio, BIO_s_file()); + BIO_set_fp(&bio, fp, BIO_NOCLOSE); + + return BIO_printf(&bio, "%s", str); +} + +void +ERR_print_errors_fp(FILE *fp) +{ ERR_print_errors_cb(print_fp, fp); - } -#endif +} -static int print_bio(const char *str, size_t len, void *bp) - { +static int +print_bio(const char *str, size_t len, void *bp) +{ return BIO_write((BIO *)bp, str, len); - } -void ERR_print_errors(BIO *bp) - { - ERR_print_errors_cb(print_bio, bp); - } +} - +void +ERR_print_errors(BIO *bp) +{ + ERR_print_errors_cb(print_bio, bp); +} diff --git a/src/lib/libcrypto/err/openssl.ec b/src/lib/libcrypto/err/openssl.ec index 29a69dfdd43..8f55fac9a48 100644 --- a/src/lib/libcrypto/err/openssl.ec +++ b/src/lib/libcrypto/err/openssl.ec @@ -27,10 +27,21 @@ L DSO crypto/dso/dso.h crypto/dso/dso_err.c L ENGINE crypto/engine/engine.h crypto/engine/eng_err.c L OCSP crypto/ocsp/ocsp.h crypto/ocsp/ocsp_err.c L UI crypto/ui/ui.h crypto/ui/ui_err.c +L COMP crypto/comp/comp.h crypto/comp/comp_err.c +L ECDSA crypto/ecdsa/ecdsa.h crypto/ecdsa/ecs_err.c +L ECDH crypto/ecdh/ecdh.h crypto/ecdh/ech_err.c +L STORE crypto/store/store.h crypto/store/str_err.c +L TS crypto/ts/ts.h crypto/ts/ts_err.c +L HMAC crypto/hmac/hmac.h crypto/hmac/hmac_err.c +L CMS crypto/cms/cms.h crypto/cms/cms_err.c +L GOST crypto/gost/gost.h crypto/gost/gost_err.c +L SM2 crypto/sm2/sm2.h crypto/sm2/sm2_err.c # additional header files to be scanned for function names L NONE crypto/x509/x509_vfy.h NONE L NONE crypto/ec/ec_lcl.h NONE +L NONE crypto/asn1/asn_lcl.h NONE +L NONE crypto/cms/cms_lcl.h NONE F RSAREF_F_RSA_BN2BIN @@ -63,6 +74,11 @@ R SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 R SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 R SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 R SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 +R SSL_R_TLSV1_UNSUPPORTED_EXTENSION 1110 +R SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE 1111 +R SSL_R_TLSV1_UNRECOGNIZED_NAME 1112 +R SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE 1113 +R SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE 1114 R RSAREF_R_CONTENT_ENCODING 0x0400 R RSAREF_R_DATA 0x0401 diff --git a/src/lib/libcrypto/evp/Makefile.ssl b/src/lib/libcrypto/evp/Makefile.ssl deleted file mode 100644 index 75f078af761..00000000000 --- a/src/lib/libcrypto/evp/Makefile.ssl +++ /dev/null @@ -1,662 +0,0 @@ -# -# SSLeay/crypto/evp/Makefile -# - -DIR= evp -TOP= ../.. -CC= cc -INCLUDES= -I.. -I$(TOP) -I../../include -CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKE= make -f Makefile.ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) -MAKEFILE= Makefile.ssl -AR= ar r - -CFLAGS= $(INCLUDES) $(CFLAG) - -GENERAL=Makefile -TEST=evp_test.c -TESTDATA=evptests.txt -APPS= - -LIB=$(TOP)/libcrypto.a -LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c \ - e_des.c e_bf.c e_idea.c e_des3.c \ - e_rc4.c e_aes.c names.c \ - e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c \ - m_null.c m_md2.c m_md4.c m_md5.c m_sha.c m_sha1.c \ - m_dss.c m_dss1.c m_mdc2.c m_ripemd.c \ - p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \ - bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \ - c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \ - evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c - -LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o \ - e_des.o e_bf.o e_idea.o e_des3.o \ - e_rc4.o e_aes.o names.o \ - e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o \ - m_null.o m_md2.o m_md4.o m_md5.o m_sha.o m_sha1.o \ - m_dss.o m_dss1.o m_mdc2.o m_ripemd.o \ - p_open.o p_seal.o p_sign.o p_verify.o p_lib.o p_enc.o p_dec.o \ - bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \ - c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o \ - evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o - -SRC= $(LIBSRC) - -EXHEADER= evp.h -HEADER= $(EXHEADER) - -ALL= $(GENERAL) $(SRC) $(HEADER) - -top: - (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) - -all: lib - -lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) || echo Never mind. - @touch lib - -files: - $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO - -links: - @sh $(TOP)/util/point.sh Makefile.ssl Makefile - @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) - @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) - @$(PERL) $(TOP)/util/mklink.pl ../../test $(TESTDATA) - @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) - -install: - @for i in $(EXHEADER) ; \ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; - -tags: - ctags $(SRC) - -tests: - -lint: - lint -DLINT $(INCLUDES) $(SRC)>fluff - -depend: - $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC) - -dclean: - $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new - mv -f Makefile.new $(MAKEFILE) - -clean: - rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff - -# DO NOT DELETE THIS LINE -- make depend depends on it. - -bio_b64.o: ../../e_os.h ../../include/openssl/asn1.h -bio_b64.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -bio_b64.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bio_b64.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bio_b64.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -bio_b64.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -bio_b64.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -bio_b64.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -bio_b64.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bio_b64.o: ../cryptlib.h bio_b64.c -bio_enc.o: ../../e_os.h ../../include/openssl/asn1.h -bio_enc.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -bio_enc.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -bio_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -bio_enc.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -bio_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -bio_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -bio_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -bio_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bio_enc.o: ../cryptlib.h bio_enc.c -bio_md.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -bio_md.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -bio_md.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -bio_md.o: ../../include/openssl/err.h ../../include/openssl/evp.h -bio_md.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -bio_md.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -bio_md.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -bio_md.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bio_md.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_md.c -bio_ok.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -bio_ok.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -bio_ok.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -bio_ok.o: ../../include/openssl/err.h ../../include/openssl/evp.h -bio_ok.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -bio_ok.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -bio_ok.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -bio_ok.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -bio_ok.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bio_ok.o: ../cryptlib.h bio_ok.c -c_all.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -c_all.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -c_all.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -c_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h -c_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -c_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -c_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -c_all.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -c_all.o: ../../include/openssl/symhacks.h ../cryptlib.h c_all.c -c_allc.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -c_allc.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -c_allc.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -c_allc.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -c_allc.o: ../../include/openssl/err.h ../../include/openssl/evp.h -c_allc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -c_allc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -c_allc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -c_allc.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h -c_allc.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -c_allc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -c_allc.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -c_allc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h c_allc.c -c_alld.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -c_alld.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -c_alld.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -c_alld.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -c_alld.o: ../../include/openssl/err.h ../../include/openssl/evp.h -c_alld.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -c_alld.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -c_alld.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -c_alld.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h -c_alld.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -c_alld.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -c_alld.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -c_alld.o: ../../include/openssl/x509_vfy.h ../cryptlib.h c_alld.c -digest.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -digest.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -digest.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -digest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -digest.o: ../../include/openssl/engine.h ../../include/openssl/err.h -digest.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -digest.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -digest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -digest.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -digest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -digest.o: ../../include/openssl/ui.h ../cryptlib.h digest.c -e_aes.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h -e_aes.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -e_aes.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -e_aes.o: ../../include/openssl/err.h ../../include/openssl/evp.h -e_aes.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -e_aes.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -e_aes.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -e_aes.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -e_aes.o: ../../include/openssl/symhacks.h e_aes.c evp_locl.h -e_bf.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -e_bf.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h -e_bf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -e_bf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -e_bf.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -e_bf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -e_bf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -e_bf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -e_bf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -e_bf.o: ../cryptlib.h e_bf.c evp_locl.h -e_cast.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -e_cast.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -e_cast.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h -e_cast.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -e_cast.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -e_cast.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -e_cast.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -e_cast.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -e_cast.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -e_cast.o: ../cryptlib.h e_cast.c evp_locl.h -e_des.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -e_des.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -e_des.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -e_des.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h -e_des.o: ../../include/openssl/err.h ../../include/openssl/evp.h -e_des.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -e_des.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -e_des.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -e_des.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -e_des.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -e_des.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_des.c evp_locl.h -e_des3.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -e_des3.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -e_des3.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -e_des3.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h -e_des3.o: ../../include/openssl/err.h ../../include/openssl/evp.h -e_des3.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -e_des3.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -e_des3.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -e_des3.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -e_des3.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -e_des3.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_des3.c evp_locl.h -e_idea.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -e_idea.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -e_idea.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -e_idea.o: ../../include/openssl/err.h ../../include/openssl/evp.h -e_idea.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h -e_idea.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -e_idea.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -e_idea.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -e_idea.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -e_idea.o: ../cryptlib.h e_idea.c evp_locl.h -e_null.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -e_null.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -e_null.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -e_null.o: ../../include/openssl/err.h ../../include/openssl/evp.h -e_null.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -e_null.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -e_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -e_null.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -e_null.o: ../../include/openssl/symhacks.h ../cryptlib.h e_null.c -e_rc2.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -e_rc2.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -e_rc2.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -e_rc2.o: ../../include/openssl/err.h ../../include/openssl/evp.h -e_rc2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -e_rc2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -e_rc2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -e_rc2.o: ../../include/openssl/rc2.h ../../include/openssl/safestack.h -e_rc2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -e_rc2.o: ../cryptlib.h e_rc2.c evp_locl.h -e_rc4.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -e_rc4.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -e_rc4.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -e_rc4.o: ../../include/openssl/err.h ../../include/openssl/evp.h -e_rc4.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -e_rc4.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -e_rc4.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -e_rc4.o: ../../include/openssl/rc4.h ../../include/openssl/safestack.h -e_rc4.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -e_rc4.o: ../cryptlib.h e_rc4.c -e_rc5.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -e_rc5.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -e_rc5.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -e_rc5.o: ../../include/openssl/err.h ../../include/openssl/evp.h -e_rc5.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -e_rc5.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -e_rc5.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -e_rc5.o: ../../include/openssl/rc5.h ../../include/openssl/safestack.h -e_rc5.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -e_rc5.o: ../cryptlib.h e_rc5.c evp_locl.h -e_xcbc_d.o: ../../e_os.h ../../include/openssl/asn1.h -e_xcbc_d.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -e_xcbc_d.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -e_xcbc_d.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -e_xcbc_d.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -e_xcbc_d.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -e_xcbc_d.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -e_xcbc_d.o: ../../include/openssl/opensslconf.h -e_xcbc_d.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -e_xcbc_d.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -e_xcbc_d.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -e_xcbc_d.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_xcbc_d.c -encode.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -encode.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -encode.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -encode.o: ../../include/openssl/err.h ../../include/openssl/evp.h -encode.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -encode.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -encode.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -encode.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -encode.o: ../../include/openssl/symhacks.h ../cryptlib.h encode.c -evp_acnf.o: ../../e_os.h ../../include/openssl/asn1.h -evp_acnf.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -evp_acnf.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h -evp_acnf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -evp_acnf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -evp_acnf.o: ../../include/openssl/engine.h ../../include/openssl/err.h -evp_acnf.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -evp_acnf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -evp_acnf.o: ../../include/openssl/opensslconf.h -evp_acnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -evp_acnf.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -evp_acnf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -evp_acnf.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -evp_acnf.o: ../cryptlib.h evp_acnf.c -evp_enc.o: ../../e_os.h ../../include/openssl/asn1.h -evp_enc.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -evp_enc.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -evp_enc.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -evp_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -evp_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h -evp_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -evp_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -evp_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -evp_enc.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -evp_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -evp_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -evp_enc.o: ../cryptlib.h evp_enc.c evp_locl.h -evp_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -evp_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -evp_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -evp_err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -evp_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -evp_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -evp_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -evp_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -evp_err.o: evp_err.c -evp_key.o: ../../e_os.h ../../include/openssl/asn1.h -evp_key.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -evp_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -evp_key.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -evp_key.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -evp_key.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -evp_key.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -evp_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -evp_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -evp_key.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -evp_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -evp_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -evp_key.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -evp_key.o: ../cryptlib.h evp_key.c -evp_lib.o: ../../e_os.h ../../include/openssl/asn1.h -evp_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -evp_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -evp_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -evp_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -evp_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -evp_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -evp_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -evp_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -evp_lib.o: ../cryptlib.h evp_lib.c -evp_pbe.o: ../../e_os.h ../../include/openssl/asn1.h -evp_pbe.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -evp_pbe.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -evp_pbe.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -evp_pbe.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -evp_pbe.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -evp_pbe.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -evp_pbe.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -evp_pbe.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -evp_pbe.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -evp_pbe.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -evp_pbe.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -evp_pbe.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_pbe.c -evp_pkey.o: ../../e_os.h ../../include/openssl/asn1.h -evp_pkey.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -evp_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -evp_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -evp_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -evp_pkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -evp_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -evp_pkey.o: ../../include/openssl/opensslconf.h -evp_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -evp_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -evp_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -evp_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -evp_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -evp_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_pkey.c -m_dss.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -m_dss.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -m_dss.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -m_dss.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -m_dss.o: ../../include/openssl/err.h ../../include/openssl/evp.h -m_dss.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -m_dss.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -m_dss.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -m_dss.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -m_dss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -m_dss.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -m_dss.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -m_dss.o: ../cryptlib.h m_dss.c -m_dss1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -m_dss1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -m_dss1.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -m_dss1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -m_dss1.o: ../../include/openssl/err.h ../../include/openssl/evp.h -m_dss1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -m_dss1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -m_dss1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -m_dss1.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -m_dss1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -m_dss1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -m_dss1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -m_dss1.o: ../cryptlib.h m_dss1.c -m_md2.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -m_md2.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -m_md2.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -m_md2.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -m_md2.o: ../../include/openssl/err.h ../../include/openssl/evp.h -m_md2.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -m_md2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -m_md2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -m_md2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -m_md2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -m_md2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -m_md2.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -m_md2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_md2.c -m_md4.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -m_md4.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -m_md4.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -m_md4.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -m_md4.o: ../../include/openssl/err.h ../../include/openssl/evp.h -m_md4.o: ../../include/openssl/lhash.h ../../include/openssl/md4.h -m_md4.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -m_md4.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -m_md4.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -m_md4.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -m_md4.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -m_md4.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -m_md4.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_md4.c -m_md5.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -m_md5.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -m_md5.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -m_md5.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -m_md5.o: ../../include/openssl/err.h ../../include/openssl/evp.h -m_md5.o: ../../include/openssl/lhash.h ../../include/openssl/md5.h -m_md5.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -m_md5.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -m_md5.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -m_md5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -m_md5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -m_md5.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -m_md5.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_md5.c -m_mdc2.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -m_mdc2.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -m_mdc2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -m_mdc2.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h -m_mdc2.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -m_mdc2.o: ../../include/openssl/err.h ../../include/openssl/evp.h -m_mdc2.o: ../../include/openssl/lhash.h ../../include/openssl/mdc2.h -m_mdc2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -m_mdc2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -m_mdc2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -m_mdc2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -m_mdc2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -m_mdc2.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -m_mdc2.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h -m_mdc2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_mdc2.c -m_null.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -m_null.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -m_null.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -m_null.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -m_null.o: ../../include/openssl/err.h ../../include/openssl/evp.h -m_null.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -m_null.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -m_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -m_null.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -m_null.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -m_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -m_null.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -m_null.o: ../cryptlib.h m_null.c -m_ripemd.o: ../../e_os.h ../../include/openssl/asn1.h -m_ripemd.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -m_ripemd.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -m_ripemd.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -m_ripemd.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -m_ripemd.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -m_ripemd.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -m_ripemd.o: ../../include/openssl/opensslconf.h -m_ripemd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -m_ripemd.o: ../../include/openssl/pkcs7.h ../../include/openssl/ripemd.h -m_ripemd.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -m_ripemd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -m_ripemd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -m_ripemd.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_ripemd.c -m_sha.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -m_sha.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -m_sha.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -m_sha.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -m_sha.o: ../../include/openssl/err.h ../../include/openssl/evp.h -m_sha.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -m_sha.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -m_sha.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -m_sha.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -m_sha.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -m_sha.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -m_sha.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -m_sha.o: ../cryptlib.h m_sha.c -m_sha1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -m_sha1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -m_sha1.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -m_sha1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -m_sha1.o: ../../include/openssl/err.h ../../include/openssl/evp.h -m_sha1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -m_sha1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -m_sha1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -m_sha1.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -m_sha1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -m_sha1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -m_sha1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -m_sha1.o: ../cryptlib.h m_sha1.c -names.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -names.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -names.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -names.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -names.o: ../../include/openssl/err.h ../../include/openssl/evp.h -names.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -names.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -names.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -names.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -names.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -names.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -names.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -names.o: ../cryptlib.h names.c -p5_crpt.o: ../../e_os.h ../../include/openssl/asn1.h -p5_crpt.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -p5_crpt.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -p5_crpt.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -p5_crpt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -p5_crpt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -p5_crpt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p5_crpt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -p5_crpt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -p5_crpt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -p5_crpt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p5_crpt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p5_crpt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p5_crpt.c -p5_crpt2.o: ../../e_os.h ../../include/openssl/asn1.h -p5_crpt2.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -p5_crpt2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -p5_crpt2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -p5_crpt2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -p5_crpt2.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h -p5_crpt2.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p5_crpt2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -p5_crpt2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -p5_crpt2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -p5_crpt2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p5_crpt2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p5_crpt2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p5_crpt2.o: ../cryptlib.h p5_crpt2.c -p_dec.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -p_dec.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -p_dec.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -p_dec.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -p_dec.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p_dec.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p_dec.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -p_dec.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -p_dec.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -p_dec.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -p_dec.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p_dec.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p_dec.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_dec.c -p_enc.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -p_enc.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -p_enc.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -p_enc.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -p_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -p_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -p_enc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -p_enc.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -p_enc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p_enc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_enc.c -p_lib.o: ../../e_os.h ../../include/openssl/asn1.h -p_lib.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h -p_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -p_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -p_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -p_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -p_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -p_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -p_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p_lib.o: ../cryptlib.h p_lib.c -p_open.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -p_open.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -p_open.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -p_open.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -p_open.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p_open.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p_open.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -p_open.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -p_open.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -p_open.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p_open.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p_open.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p_open.o: ../cryptlib.h p_open.c -p_seal.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -p_seal.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -p_seal.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -p_seal.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -p_seal.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p_seal.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p_seal.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -p_seal.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -p_seal.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -p_seal.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -p_seal.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p_seal.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p_seal.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_seal.c -p_sign.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -p_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -p_sign.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -p_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -p_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -p_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -p_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -p_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p_sign.o: ../cryptlib.h p_sign.c -p_verify.o: ../../e_os.h ../../include/openssl/asn1.h -p_verify.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -p_verify.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -p_verify.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -p_verify.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -p_verify.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -p_verify.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p_verify.o: ../../include/openssl/opensslconf.h -p_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -p_verify.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -p_verify.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p_verify.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p_verify.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p_verify.o: ../cryptlib.h p_verify.c diff --git a/src/lib/libcrypto/evp/bio_b64.c b/src/lib/libcrypto/evp/bio_b64.c index f12eac1b55a..82aaa8bf7a2 100644 --- a/src/lib/libcrypto/evp/bio_b64.c +++ b/src/lib/libcrypto/evp/bio_b64.c @@ -1,25 +1,25 @@ -/* crypto/evp/bio_b64.c */ +/* $OpenBSD: bio_b64.c,v 1.22 2018/08/24 19:47:25 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,35 +49,35 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ -#include #include -#include "cryptlib.h" +#include +#include + #include #include static int b64_write(BIO *h, const char *buf, int num); static int b64_read(BIO *h, char *buf, int size); -/*static int b64_puts(BIO *h, const char *str); */ +static int b64_puts(BIO *h, const char *str); /*static int b64_gets(BIO *h, char *str, int size); */ static long b64_ctrl(BIO *h, int cmd, long arg1, void *arg2); static int b64_new(BIO *h); static int b64_free(BIO *data); -static long b64_callback_ctrl(BIO *h,int cmd,bio_info_cb *fp); +static long b64_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); #define B64_BLOCK_SIZE 1024 #define B64_BLOCK_SIZE2 768 #define B64_NONE 0 #define B64_ENCODE 1 #define B64_DECODE 2 -typedef struct b64_struct - { +typedef struct b64_struct { /*BIO *bio; moved to the BIO structure */ int buf_len; int buf_off; @@ -87,436 +87,450 @@ typedef struct b64_struct int start; /* have we started decoding yet? */ int cont; /* <= 0 when finished */ EVP_ENCODE_CTX base64; - char buf[EVP_ENCODE_LENGTH(B64_BLOCK_SIZE)+10]; + char buf[EVP_ENCODE_LENGTH(B64_BLOCK_SIZE) + 10]; char tmp[B64_BLOCK_SIZE]; - } BIO_B64_CTX; - -static BIO_METHOD methods_b64= - { - BIO_TYPE_BASE64,"base64 encoding", - b64_write, - b64_read, - NULL, /* b64_puts, */ - NULL, /* b64_gets, */ - b64_ctrl, - b64_new, - b64_free, - b64_callback_ctrl, - }; - -BIO_METHOD *BIO_f_base64(void) - { - return(&methods_b64); - } - -static int b64_new(BIO *bi) - { +} BIO_B64_CTX; + +static const BIO_METHOD methods_b64 = { + .type = BIO_TYPE_BASE64, + .name = "base64 encoding", + .bwrite = b64_write, + .bread = b64_read, + .bputs = b64_puts, + .ctrl = b64_ctrl, + .create = b64_new, + .destroy = b64_free, + .callback_ctrl = b64_callback_ctrl +}; + +const BIO_METHOD * +BIO_f_base64(void) +{ + return (&methods_b64); +} + +static int +b64_new(BIO *bi) +{ BIO_B64_CTX *ctx; - ctx=(BIO_B64_CTX *)OPENSSL_malloc(sizeof(BIO_B64_CTX)); - if (ctx == NULL) return(0); - - ctx->buf_len=0; - ctx->tmp_len=0; - ctx->tmp_nl=0; - ctx->buf_off=0; - ctx->cont=1; - ctx->start=1; - ctx->encode=0; - - bi->init=1; - bi->ptr=(char *)ctx; - bi->flags=0; - return(1); - } - -static int b64_free(BIO *a) - { - if (a == NULL) return(0); - OPENSSL_free(a->ptr); - a->ptr=NULL; - a->init=0; - a->flags=0; - return(1); - } - -static int b64_read(BIO *b, char *out, int outl) - { - int ret=0,i,ii,j,k,x,n,num,ret_code=0; + ctx = malloc(sizeof(BIO_B64_CTX)); + if (ctx == NULL) + return (0); + + ctx->buf_len = 0; + ctx->tmp_len = 0; + ctx->tmp_nl = 0; + ctx->buf_off = 0; + ctx->cont = 1; + ctx->start = 1; + ctx->encode = 0; + + bi->init = 1; + bi->ptr = (char *)ctx; + bi->flags = 0; + bi->num = 0; + return (1); +} + +static int +b64_free(BIO *a) +{ + if (a == NULL) + return (0); + free(a->ptr); + a->ptr = NULL; + a->init = 0; + a->flags = 0; + return (1); +} + +static int +b64_read(BIO *b, char *out, int outl) +{ + int ret = 0, i, ii, j, k, x, n, num, ret_code = 0; BIO_B64_CTX *ctx; - unsigned char *p,*q; + unsigned char *p, *q; + + if (out == NULL) + return (0); + ctx = (BIO_B64_CTX *)b->ptr; - if (out == NULL) return(0); - ctx=(BIO_B64_CTX *)b->ptr; + if ((ctx == NULL) || (b->next_bio == NULL)) + return (0); - if ((ctx == NULL) || (b->next_bio == NULL)) return(0); + BIO_clear_retry_flags(b); - if (ctx->encode != B64_DECODE) - { - ctx->encode=B64_DECODE; - ctx->buf_len=0; - ctx->buf_off=0; - ctx->tmp_len=0; + if (ctx->encode != B64_DECODE) { + ctx->encode = B64_DECODE; + ctx->buf_len = 0; + ctx->buf_off = 0; + ctx->tmp_len = 0; EVP_DecodeInit(&(ctx->base64)); - } + } /* First check if there are bytes decoded/encoded */ - if (ctx->buf_len > 0) - { - i=ctx->buf_len-ctx->buf_off; - if (i > outl) i=outl; - memcpy(out,&(ctx->buf[ctx->buf_off]),i); - ret=i; - out+=i; - outl-=i; - ctx->buf_off+=i; - if (ctx->buf_len == ctx->buf_off) - { - ctx->buf_len=0; - ctx->buf_off=0; - } + if (ctx->buf_len > 0) { + OPENSSL_assert(ctx->buf_len >= ctx->buf_off); + i = ctx->buf_len - ctx->buf_off; + if (i > outl) + i = outl; + OPENSSL_assert(ctx->buf_off + i < (int)sizeof(ctx->buf)); + memcpy(out, &(ctx->buf[ctx->buf_off]), i); + ret = i; + out += i; + outl -= i; + ctx->buf_off += i; + if (ctx->buf_len == ctx->buf_off) { + ctx->buf_len = 0; + ctx->buf_off = 0; } + } /* At this point, we have room of outl bytes and an empty * buffer, so we should read in some more. */ - ret_code=0; - while (outl > 0) - { - if (ctx->cont <= 0) break; + ret_code = 0; + while (outl > 0) { + if (ctx->cont <= 0) + break; - i=BIO_read(b->next_bio,&(ctx->tmp[ctx->tmp_len]), - B64_BLOCK_SIZE-ctx->tmp_len); + i = BIO_read(b->next_bio, &(ctx->tmp[ctx->tmp_len]), + B64_BLOCK_SIZE - ctx->tmp_len); - if (i <= 0) - { - ret_code=i; + if (i <= 0) { + ret_code = i; - /* Should be continue next time we are called? */ - if (!BIO_should_retry(b->next_bio)) - ctx->cont=i; - /* else we should continue when called again */ - break; + /* Should we continue next time we are called? */ + if (!BIO_should_retry(b->next_bio)) { + ctx->cont = i; + /* If buffer empty break */ + if (ctx->tmp_len == 0) + break; + /* Fall through and process what we have */ + else + i = 0; } - i+=ctx->tmp_len; + /* else we retry and add more data to buffer */ + else + break; + } + i += ctx->tmp_len; + ctx->tmp_len = i; /* We need to scan, a line at a time until we * have a valid line if we are starting. */ - if (ctx->start && (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)) - { + if (ctx->start && (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)) { /* ctx->start=1; */ - ctx->tmp_len=0; - } - else if (ctx->start) - { - q=p=(unsigned char *)ctx->tmp; - for (j=0; jtmp_len = 0; + } else if (ctx->start) { + q = p =(unsigned char *)ctx->tmp; + num = 0; + for (j = 0; j < i; j++) { + if (*(q++) != '\n') + continue; /* due to a previous very long line, * we need to keep on scanning for a '\n' * before we even start looking for * base64 encoded stuff. */ - if (ctx->tmp_nl) - { - p=q; - ctx->tmp_nl=0; + if (ctx->tmp_nl) { + p = q; + ctx->tmp_nl = 0; continue; - } + } - k=EVP_DecodeUpdate(&(ctx->base64), - (unsigned char *)ctx->buf, - &num,p,q-p); + k = EVP_DecodeUpdate(&(ctx->base64), + (unsigned char *)ctx->buf, + &num, p, q - p); if ((k <= 0) && (num == 0) && (ctx->start)) EVP_DecodeInit(&ctx->base64); - else - { + else { if (p != (unsigned char *) - &(ctx->tmp[0])) - { - i-=(p- (unsigned char *) - &(ctx->tmp[0])); - for (x=0; x < i; x++) - ctx->tmp[x]=p[x]; - } + &(ctx->tmp[0])) { + i -= (p - (unsigned char *) + &(ctx->tmp[0])); + for (x = 0; x < i; x++) + ctx->tmp[x] = p[x]; + } EVP_DecodeInit(&ctx->base64); - ctx->start=0; + ctx->start = 0; break; - } - p=q; } + p = q; + } /* we fell off the end without starting */ - if (j == i) - { + if ((j == i) && (num == 0)) { /* Is this is one long chunk?, if so, keep on * reading until a new line. */ - if (p == (unsigned char *)&(ctx->tmp[0])) - { - ctx->tmp_nl=1; - ctx->tmp_len=0; + if (p == (unsigned char *)&(ctx->tmp[0])) { + /* Check buffer full */ + if (i == B64_BLOCK_SIZE) { + ctx->tmp_nl = 1; + ctx->tmp_len = 0; } + } else if (p != q) /* finished on a '\n' */ - { - n=q-p; - for (ii=0; iitmp[ii]=p[ii]; - ctx->tmp_len=n; - } + { + n = q - p; + for (ii = 0; ii < n; ii++) + ctx->tmp[ii] = p[ii]; + ctx->tmp_len = n; + } /* else finished on a '\n' */ continue; - } - else - ctx->tmp_len=0; + } else { + ctx->tmp_len = 0; } + } else if ((i < B64_BLOCK_SIZE) && (ctx->cont > 0)) { + /* If buffer isn't full and we can retry then + * restart to read in more data. + */ + continue; + } - if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) - { - int z,jj; + if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) { + int z, jj; - jj=(i>>2)<<2; - z=EVP_DecodeBlock((unsigned char *)ctx->buf, - (unsigned char *)ctx->tmp,jj); - if (jj > 2) - { - if (ctx->tmp[jj-1] == '=') - { + jj = i & ~3; /* process per 4 */ + z = EVP_DecodeBlock((unsigned char *)ctx->buf, + (unsigned char *)ctx->tmp, jj); + if (jj > 2) { + if (ctx->tmp[jj-1] == '=') { z--; if (ctx->tmp[jj-2] == '=') z--; - } } + } /* z is now number of output bytes and jj is the * number consumed */ - if (jj != i) - { - memcpy((unsigned char *)ctx->tmp, - (unsigned char *)&(ctx->tmp[jj]),i-jj); - ctx->tmp_len=i-jj; - } - ctx->buf_len=0; - if (z > 0) - { - ctx->buf_len=z; - i=1; - } - else - i=z; + if (jj != i) { + memmove(ctx->tmp, &ctx->tmp[jj], i - jj); + ctx->tmp_len = i - jj; } - else - { - i=EVP_DecodeUpdate(&(ctx->base64), - (unsigned char *)ctx->buf,&ctx->buf_len, - (unsigned char *)ctx->tmp,i); + ctx->buf_len = 0; + if (z > 0) { + ctx->buf_len = z; } - ctx->cont=i; - ctx->buf_off=0; - if (i < 0) - { - ret_code=0; - ctx->buf_len=0; + i = z; + } else { + i = EVP_DecodeUpdate(&(ctx->base64), + (unsigned char *)ctx->buf, &ctx->buf_len, + (unsigned char *)ctx->tmp, i); + ctx->tmp_len = 0; + } + ctx->buf_off = 0; + if (i < 0) { + ret_code = 0; + ctx->buf_len = 0; break; - } + } if (ctx->buf_len <= outl) - i=ctx->buf_len; + i = ctx->buf_len; else - i=outl; - - memcpy(out,ctx->buf,i); - ret+=i; - ctx->buf_off=i; - if (ctx->buf_off == ctx->buf_len) - { - ctx->buf_len=0; - ctx->buf_off=0; - } - outl-=i; - out+=i; + i = outl; + + memcpy(out, ctx->buf, i); + ret += i; + ctx->buf_off = i; + if (ctx->buf_off == ctx->buf_len) { + ctx->buf_len = 0; + ctx->buf_off = 0; } - BIO_clear_retry_flags(b); - BIO_copy_next_retry(b); - return((ret == 0)?ret_code:ret); + outl -= i; + out += i; } - -static int b64_write(BIO *b, const char *in, int inl) - { - int ret=inl,n,i; + /* BIO_clear_retry_flags(b); */ + BIO_copy_next_retry(b); + return ((ret == 0) ? ret_code : ret); +} + +static int +b64_write(BIO *b, const char *in, int inl) +{ + int ret = 0; + int n; + int i; BIO_B64_CTX *ctx; - ctx=(BIO_B64_CTX *)b->ptr; + ctx = (BIO_B64_CTX *)b->ptr; BIO_clear_retry_flags(b); - if (ctx->encode != B64_ENCODE) - { - ctx->encode=B64_ENCODE; - ctx->buf_len=0; - ctx->buf_off=0; - ctx->tmp_len=0; + if (ctx->encode != B64_ENCODE) { + ctx->encode = B64_ENCODE; + ctx->buf_len = 0; + ctx->buf_off = 0; + ctx->tmp_len = 0; EVP_EncodeInit(&(ctx->base64)); - } + } - n=ctx->buf_len-ctx->buf_off; - while (n > 0) - { - i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n); - if (i <= 0) - { + OPENSSL_assert(ctx->buf_off < (int)sizeof(ctx->buf)); + OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf)); + OPENSSL_assert(ctx->buf_len >= ctx->buf_off); + n = ctx->buf_len - ctx->buf_off; + while (n > 0) { + i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n); + if (i <= 0) { BIO_copy_next_retry(b); - return(i); - } - ctx->buf_off+=i; - n-=i; + return (i); } + OPENSSL_assert(i <= n); + ctx->buf_off += i; + OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf)); + OPENSSL_assert(ctx->buf_len >= ctx->buf_off); + n -= i; + } /* at this point all pending data has been written */ - ctx->buf_off=0; - ctx->buf_len=0; - - if ((in == NULL) || (inl <= 0)) return(0); - - while (inl > 0) - { - n=(inl > B64_BLOCK_SIZE)?B64_BLOCK_SIZE:inl; - - if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) - { - if (ctx->tmp_len > 0) - { - n=3-ctx->tmp_len; - /* There's a teoretical possibility for this */ - if (n > inl) - n=inl; - memcpy(&(ctx->tmp[ctx->tmp_len]),in,n); - ctx->tmp_len+=n; + ctx->buf_off = 0; + ctx->buf_len = 0; + + if ((in == NULL) || (inl <= 0)) + return (0); + + while (inl > 0) { + n = (inl > B64_BLOCK_SIZE) ? B64_BLOCK_SIZE : inl; + + if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) { + if (ctx->tmp_len > 0) { + OPENSSL_assert(ctx->tmp_len <= 3); + n = 3 - ctx->tmp_len; + /* There's a theoretical possibility for this */ + if (n > inl) + n = inl; + memcpy(&(ctx->tmp[ctx->tmp_len]), in, n); + ctx->tmp_len += n; + ret += n; if (ctx->tmp_len < 3) break; - ctx->buf_len=EVP_EncodeBlock( - (unsigned char *)ctx->buf, - (unsigned char *)ctx->tmp, - ctx->tmp_len); + ctx->buf_len = EVP_EncodeBlock( + (unsigned char *)ctx->buf, + (unsigned char *)ctx->tmp, ctx->tmp_len); + OPENSSL_assert(ctx->buf_len <= + (int)sizeof(ctx->buf)); + OPENSSL_assert(ctx->buf_len >= ctx->buf_off); /* Since we're now done using the temporary buffer, the length should be 0'd */ - ctx->tmp_len=0; - } - else - { - if (n < 3) - { - memcpy(&(ctx->tmp[0]),in,n); - ctx->tmp_len=n; + ctx->tmp_len = 0; + } else { + if (n < 3) { + memcpy(ctx->tmp, in, n); + ctx->tmp_len = n; + ret += n; break; - } - n-=n%3; - ctx->buf_len=EVP_EncodeBlock( - (unsigned char *)ctx->buf, - (unsigned char *)in,n); } + n -= n % 3; + ctx->buf_len = EVP_EncodeBlock( + (unsigned char *)ctx->buf, + (const unsigned char *)in, n); + OPENSSL_assert(ctx->buf_len <= + (int)sizeof(ctx->buf)); + OPENSSL_assert(ctx->buf_len >= ctx->buf_off); + ret += n; } - else - { - EVP_EncodeUpdate(&(ctx->base64), - (unsigned char *)ctx->buf,&ctx->buf_len, - (unsigned char *)in,n); - } - inl-=n; - in+=n; - - ctx->buf_off=0; - n=ctx->buf_len; - while (n > 0) - { - i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n); - if (i <= 0) - { + } else { + if (!EVP_EncodeUpdate(&(ctx->base64), + (unsigned char *)ctx->buf, &ctx->buf_len, + (unsigned char *)in, n)) + return ((ret == 0) ? -1 : ret); + OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf)); + OPENSSL_assert(ctx->buf_len >= ctx->buf_off); + ret += n; + } + inl -= n; + in += n; + + ctx->buf_off = 0; + n = ctx->buf_len; + while (n > 0) { + i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n); + if (i <= 0) { BIO_copy_next_retry(b); - return((ret == 0)?i:ret); - } - n-=i; - ctx->buf_off+=i; + return ((ret == 0) ? i : ret); } - ctx->buf_len=0; - ctx->buf_off=0; + OPENSSL_assert(i <= n); + n -= i; + ctx->buf_off += i; + OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf)); + OPENSSL_assert(ctx->buf_len >= ctx->buf_off); } - return(ret); + ctx->buf_len = 0; + ctx->buf_off = 0; } + return (ret); +} -static long b64_ctrl(BIO *b, int cmd, long num, void *ptr) - { +static long +b64_ctrl(BIO *b, int cmd, long num, void *ptr) +{ BIO_B64_CTX *ctx; - long ret=1; + long ret = 1; int i; - ctx=(BIO_B64_CTX *)b->ptr; + ctx = (BIO_B64_CTX *)b->ptr; - switch (cmd) - { + switch (cmd) { case BIO_CTRL_RESET: - ctx->cont=1; - ctx->start=1; - ctx->encode=B64_NONE; - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + ctx->cont = 1; + ctx->start = 1; + ctx->encode = B64_NONE; + ret = BIO_ctrl(b->next_bio, cmd, num, ptr); break; case BIO_CTRL_EOF: /* More to read */ if (ctx->cont <= 0) - ret=1; + ret = 1; else - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + ret = BIO_ctrl(b->next_bio, cmd, num, ptr); break; case BIO_CTRL_WPENDING: /* More to write in buffer */ - ret=ctx->buf_len-ctx->buf_off; - if ((ret == 0) && (ctx->encode != B64_NONE) - && (ctx->base64.num != 0)) - ret=1; + OPENSSL_assert(ctx->buf_len >= ctx->buf_off); + ret = ctx->buf_len - ctx->buf_off; + if ((ret == 0) && (ctx->encode != B64_NONE) && + (ctx->base64.num != 0)) + ret = 1; else if (ret <= 0) - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + ret = BIO_ctrl(b->next_bio, cmd, num, ptr); break; case BIO_CTRL_PENDING: /* More to read in buffer */ - ret=ctx->buf_len-ctx->buf_off; + OPENSSL_assert(ctx->buf_len >= ctx->buf_off); + ret = ctx->buf_len - ctx->buf_off; if (ret <= 0) - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + ret = BIO_ctrl(b->next_bio, cmd, num, ptr); break; case BIO_CTRL_FLUSH: /* do a final write */ again: - while (ctx->buf_len != ctx->buf_off) - { - i=b64_write(b,NULL,0); + while (ctx->buf_len != ctx->buf_off) { + i = b64_write(b, NULL, 0); if (i < 0) - { - ret=i; - break; - } - } - if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) - { - if (ctx->tmp_len != 0) - { - ctx->buf_len=EVP_EncodeBlock( - (unsigned char *)ctx->buf, - (unsigned char *)ctx->tmp, - ctx->tmp_len); - ctx->buf_off=0; - ctx->tmp_len=0; + return i; + } + if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) { + if (ctx->tmp_len != 0) { + ctx->buf_len = EVP_EncodeBlock( + (unsigned char *)ctx->buf, + (unsigned char *)ctx->tmp, + ctx->tmp_len); + ctx->buf_off = 0; + ctx->tmp_len = 0; goto again; - } } - else if (ctx->encode != B64_NONE && ctx->base64.num != 0) - { - ctx->buf_off=0; + } else if (ctx->encode != B64_NONE && ctx->base64.num != 0) { + ctx->buf_off = 0; EVP_EncodeFinal(&(ctx->base64), - (unsigned char *)ctx->buf, - &(ctx->buf_len)); + (unsigned char *)ctx->buf, + &(ctx->buf_len)); /* push out the bytes */ goto again; - } + } /* Finally flush the underlying BIO */ - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + ret = BIO_ctrl(b->next_bio, cmd, num, ptr); break; case BIO_C_DO_STATE_MACHINE: BIO_clear_retry_flags(b); - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + ret = BIO_ctrl(b->next_bio, cmd, num, ptr); BIO_copy_next_retry(b); break; @@ -526,23 +540,29 @@ static long b64_ctrl(BIO *b, int cmd, long num, void *ptr) case BIO_CTRL_GET: case BIO_CTRL_SET: default: - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + ret = BIO_ctrl(b->next_bio, cmd, num, ptr); break; - } - return(ret); } + return (ret); +} -static long b64_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) - { - long ret=1; +static long +b64_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) +{ + long ret = 1; - if (b->next_bio == NULL) return(0); - switch (cmd) - { + if (b->next_bio == NULL) + return (0); + switch (cmd) { default: - ret=BIO_callback_ctrl(b->next_bio,cmd,fp); + ret = BIO_callback_ctrl(b->next_bio, cmd, fp); break; - } - return(ret); } - + return (ret); +} + +static int +b64_puts(BIO *b, const char *str) +{ + return b64_write(b, str, strlen(str)); +} diff --git a/src/lib/libcrypto/evp/bio_enc.c b/src/lib/libcrypto/evp/bio_enc.c index 64fb2353af6..7b559989527 100644 --- a/src/lib/libcrypto/evp/bio_enc.c +++ b/src/lib/libcrypto/evp/bio_enc.c @@ -1,25 +1,25 @@ -/* crypto/evp/bio_enc.c */ +/* $OpenBSD: bio_enc.c,v 1.22 2018/08/24 19:30:24 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,16 +49,17 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ -#include #include -#include "cryptlib.h" +#include +#include + #include #include @@ -71,10 +72,9 @@ static int enc_new(BIO *h); static int enc_free(BIO *data); static long enc_callback_ctrl(BIO *h, int cmd, bio_info_cb *fps); #define ENC_BLOCK_SIZE (1024*4) -#define BUF_OFFSET EVP_MAX_BLOCK_LENGTH +#define BUF_OFFSET (EVP_MAX_BLOCK_LENGTH*2) -typedef struct enc_struct - { +typedef struct enc_struct { int buf_len; int buf_off; int cont; /* <= 0 when finished */ @@ -84,309 +84,305 @@ typedef struct enc_struct /* buf is larger than ENC_BLOCK_SIZE because EVP_DecryptUpdate * can return up to a block more data than is presented to it */ - char buf[ENC_BLOCK_SIZE+BUF_OFFSET+2]; - } BIO_ENC_CTX; - -static BIO_METHOD methods_enc= - { - BIO_TYPE_CIPHER,"cipher", - enc_write, - enc_read, - NULL, /* enc_puts, */ - NULL, /* enc_gets, */ - enc_ctrl, - enc_new, - enc_free, - enc_callback_ctrl, - }; - -BIO_METHOD *BIO_f_cipher(void) - { - return(&methods_enc); - } - -static int enc_new(BIO *bi) - { + char buf[ENC_BLOCK_SIZE + BUF_OFFSET + 2]; +} BIO_ENC_CTX; + +static const BIO_METHOD methods_enc = { + .type = BIO_TYPE_CIPHER, + .name = "cipher", + .bwrite = enc_write, + .bread = enc_read, + .ctrl = enc_ctrl, + .create = enc_new, + .destroy = enc_free, + .callback_ctrl = enc_callback_ctrl +}; + +const BIO_METHOD * +BIO_f_cipher(void) +{ + return (&methods_enc); +} + +static int +enc_new(BIO *bi) +{ BIO_ENC_CTX *ctx; - ctx=(BIO_ENC_CTX *)OPENSSL_malloc(sizeof(BIO_ENC_CTX)); - if (ctx == NULL) return(0); + ctx = malloc(sizeof(BIO_ENC_CTX)); + if (ctx == NULL) + return (0); EVP_CIPHER_CTX_init(&ctx->cipher); - ctx->buf_len=0; - ctx->buf_off=0; - ctx->cont=1; - ctx->finished=0; - ctx->ok=1; - - bi->init=0; - bi->ptr=(char *)ctx; - bi->flags=0; - return(1); - } - -static int enc_free(BIO *a) - { + ctx->buf_len = 0; + ctx->buf_off = 0; + ctx->cont = 1; + ctx->finished = 0; + ctx->ok = 1; + + bi->init = 0; + bi->ptr = (char *)ctx; + bi->flags = 0; + return (1); +} + +static int +enc_free(BIO *a) +{ BIO_ENC_CTX *b; - if (a == NULL) return(0); - b=(BIO_ENC_CTX *)a->ptr; + if (a == NULL) + return (0); + b = (BIO_ENC_CTX *)a->ptr; EVP_CIPHER_CTX_cleanup(&(b->cipher)); - memset(a->ptr,0,sizeof(BIO_ENC_CTX)); - OPENSSL_free(a->ptr); - a->ptr=NULL; - a->init=0; - a->flags=0; - return(1); - } - -static int enc_read(BIO *b, char *out, int outl) - { - int ret=0,i; + freezero(a->ptr, sizeof(BIO_ENC_CTX)); + a->ptr = NULL; + a->init = 0; + a->flags = 0; + return (1); +} + +static int +enc_read(BIO *b, char *out, int outl) +{ + int ret = 0, i; BIO_ENC_CTX *ctx; - if (out == NULL) return(0); - ctx=(BIO_ENC_CTX *)b->ptr; + if (out == NULL) + return (0); + ctx = (BIO_ENC_CTX *)b->ptr; - if ((ctx == NULL) || (b->next_bio == NULL)) return(0); + if ((ctx == NULL) || (b->next_bio == NULL)) + return (0); /* First check if there are bytes decoded/encoded */ - if (ctx->buf_len > 0) - { - i=ctx->buf_len-ctx->buf_off; - if (i > outl) i=outl; - memcpy(out,&(ctx->buf[ctx->buf_off]),i); - ret=i; - out+=i; - outl-=i; - ctx->buf_off+=i; - if (ctx->buf_len == ctx->buf_off) - { - ctx->buf_len=0; - ctx->buf_off=0; - } + if (ctx->buf_len > 0) { + i = ctx->buf_len - ctx->buf_off; + if (i > outl) + i = outl; + memcpy(out, &(ctx->buf[ctx->buf_off]), i); + ret = i; + out += i; + outl -= i; + ctx->buf_off += i; + if (ctx->buf_len == ctx->buf_off) { + ctx->buf_len = 0; + ctx->buf_off = 0; } + } /* At this point, we have room of outl bytes and an empty * buffer, so we should read in some more. */ - while (outl > 0) - { - if (ctx->cont <= 0) break; + while (outl > 0) { + if (ctx->cont <= 0) + break; /* read in at IV offset, read the EVP_Cipher * documentation about why */ - i=BIO_read(b->next_bio,&(ctx->buf[BUF_OFFSET]),ENC_BLOCK_SIZE); + i = BIO_read(b->next_bio, &(ctx->buf[BUF_OFFSET]), ENC_BLOCK_SIZE); - if (i <= 0) - { + if (i <= 0) { /* Should be continue next time we are called? */ - if (!BIO_should_retry(b->next_bio)) - { - ctx->cont=i; - i=EVP_CipherFinal_ex(&(ctx->cipher), - (unsigned char *)ctx->buf, - &(ctx->buf_len)); - ctx->ok=i; - ctx->buf_off=0; - } - else - { - ret=(ret == 0)?i:ret; + if (!BIO_should_retry(b->next_bio)) { + ctx->cont = i; + i = EVP_CipherFinal_ex(&(ctx->cipher), + (unsigned char *)ctx->buf, + &(ctx->buf_len)); + ctx->ok = i; + ctx->buf_off = 0; + } else { + ret = (ret == 0) ? i : ret; break; - } } - else - { + } else { EVP_CipherUpdate(&(ctx->cipher), - (unsigned char *)ctx->buf,&ctx->buf_len, - (unsigned char *)&(ctx->buf[BUF_OFFSET]),i); - ctx->cont=1; + (unsigned char *)ctx->buf, &ctx->buf_len, + (unsigned char *)&(ctx->buf[BUF_OFFSET]), i); + ctx->cont = 1; /* Note: it is possible for EVP_CipherUpdate to * decrypt zero bytes because this is or looks like * the final block: if this happens we should retry * and either read more data or decrypt the final * block */ - if(ctx->buf_len == 0) continue; - } + if (ctx->buf_len == 0) + continue; + } if (ctx->buf_len <= outl) - i=ctx->buf_len; + i = ctx->buf_len; else - i=outl; - if (i <= 0) break; - memcpy(out,ctx->buf,i); - ret+=i; - ctx->buf_off=i; - outl-=i; - out+=i; - } + i = outl; + if (i <= 0) + break; + memcpy(out, ctx->buf, i); + ret += i; + ctx->buf_off = i; + outl -= i; + out += i; + } BIO_clear_retry_flags(b); BIO_copy_next_retry(b); - return((ret == 0)?ctx->cont:ret); - } + return ((ret == 0) ? ctx->cont : ret); +} -static int enc_write(BIO *b, const char *in, int inl) - { - int ret=0,n,i; +static int +enc_write(BIO *b, const char *in, int inl) +{ + int ret = 0, n, i; BIO_ENC_CTX *ctx; - ctx=(BIO_ENC_CTX *)b->ptr; - ret=inl; + ctx = (BIO_ENC_CTX *)b->ptr; + ret = inl; BIO_clear_retry_flags(b); - n=ctx->buf_len-ctx->buf_off; - while (n > 0) - { - i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n); - if (i <= 0) - { + n = ctx->buf_len - ctx->buf_off; + while (n > 0) { + i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n); + if (i <= 0) { BIO_copy_next_retry(b); - return(i); - } - ctx->buf_off+=i; - n-=i; + return (i); } + ctx->buf_off += i; + n -= i; + } /* at this point all pending data has been written */ - if ((in == NULL) || (inl <= 0)) return(0); + if ((in == NULL) || (inl <= 0)) + return (0); - ctx->buf_off=0; - while (inl > 0) - { - n=(inl > ENC_BLOCK_SIZE)?ENC_BLOCK_SIZE:inl; + ctx->buf_off = 0; + while (inl > 0) { + n = (inl > ENC_BLOCK_SIZE) ? ENC_BLOCK_SIZE : inl; EVP_CipherUpdate(&(ctx->cipher), - (unsigned char *)ctx->buf,&ctx->buf_len, - (unsigned char *)in,n); - inl-=n; - in+=n; - - ctx->buf_off=0; - n=ctx->buf_len; - while (n > 0) - { - i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n); - if (i <= 0) - { + (unsigned char *)ctx->buf, &ctx->buf_len, + (unsigned char *)in, n); + inl -= n; + in += n; + + ctx->buf_off = 0; + n = ctx->buf_len; + while (n > 0) { + i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n); + if (i <= 0) { BIO_copy_next_retry(b); - return(i); - } - n-=i; - ctx->buf_off+=i; + return (ret == inl) ? i : ret - inl; } - ctx->buf_len=0; - ctx->buf_off=0; + n -= i; + ctx->buf_off += i; } - BIO_copy_next_retry(b); - return(ret); + ctx->buf_len = 0; + ctx->buf_off = 0; } + BIO_copy_next_retry(b); + return (ret); +} -static long enc_ctrl(BIO *b, int cmd, long num, void *ptr) - { +static long +enc_ctrl(BIO *b, int cmd, long num, void *ptr) +{ BIO *dbio; - BIO_ENC_CTX *ctx,*dctx; - long ret=1; + BIO_ENC_CTX *ctx, *dctx; + long ret = 1; int i; EVP_CIPHER_CTX **c_ctx; - ctx=(BIO_ENC_CTX *)b->ptr; + ctx = (BIO_ENC_CTX *)b->ptr; - switch (cmd) - { + switch (cmd) { case BIO_CTRL_RESET: - ctx->ok=1; - ctx->finished=0; - EVP_CipherInit_ex(&(ctx->cipher),NULL,NULL,NULL,NULL, - ctx->cipher.encrypt); - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + ctx->ok = 1; + ctx->finished = 0; + EVP_CipherInit_ex(&(ctx->cipher), NULL, NULL, NULL, NULL, + ctx->cipher.encrypt); + ret = BIO_ctrl(b->next_bio, cmd, num, ptr); break; case BIO_CTRL_EOF: /* More to read */ if (ctx->cont <= 0) - ret=1; + ret = 1; else - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + ret = BIO_ctrl(b->next_bio, cmd, num, ptr); break; case BIO_CTRL_WPENDING: - ret=ctx->buf_len-ctx->buf_off; + ret = ctx->buf_len - ctx->buf_off; if (ret <= 0) - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + ret = BIO_ctrl(b->next_bio, cmd, num, ptr); break; case BIO_CTRL_PENDING: /* More to read in buffer */ - ret=ctx->buf_len-ctx->buf_off; + ret = ctx->buf_len - ctx->buf_off; if (ret <= 0) - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + ret = BIO_ctrl(b->next_bio, cmd, num, ptr); break; case BIO_CTRL_FLUSH: /* do a final write */ again: - while (ctx->buf_len != ctx->buf_off) - { - i=enc_write(b,NULL,0); + while (ctx->buf_len != ctx->buf_off) { + i = enc_write(b, NULL, 0); if (i < 0) - { - ret=i; - break; - } - } + return i; + } - if (!ctx->finished) - { - ctx->finished=1; - ctx->buf_off=0; - ret=EVP_CipherFinal_ex(&(ctx->cipher), - (unsigned char *)ctx->buf, - &(ctx->buf_len)); - ctx->ok=(int)ret; - if (ret <= 0) break; + if (!ctx->finished) { + ctx->finished = 1; + ctx->buf_off = 0; + ret = EVP_CipherFinal_ex(&(ctx->cipher), + (unsigned char *)ctx->buf, + &(ctx->buf_len)); + ctx->ok = (int)ret; + if (ret <= 0) + break; /* push out the bytes */ goto again; - } - + } + /* Finally flush the underlying BIO */ - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + ret = BIO_ctrl(b->next_bio, cmd, num, ptr); break; case BIO_C_GET_CIPHER_STATUS: - ret=(long)ctx->ok; + ret = (long)ctx->ok; break; case BIO_C_DO_STATE_MACHINE: BIO_clear_retry_flags(b); - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + ret = BIO_ctrl(b->next_bio, cmd, num, ptr); BIO_copy_next_retry(b); break; case BIO_C_GET_CIPHER_CTX: - c_ctx=(EVP_CIPHER_CTX **)ptr; - (*c_ctx)= &(ctx->cipher); - b->init=1; + c_ctx = (EVP_CIPHER_CTX **)ptr; + (*c_ctx) = &(ctx->cipher); + b->init = 1; break; case BIO_CTRL_DUP: - dbio=(BIO *)ptr; - dctx=(BIO_ENC_CTX *)dbio->ptr; - memcpy(&(dctx->cipher),&(ctx->cipher),sizeof(ctx->cipher)); - dbio->init=1; + dbio = (BIO *)ptr; + dctx = (BIO_ENC_CTX *)dbio->ptr; + EVP_CIPHER_CTX_init(&dctx->cipher); + ret = EVP_CIPHER_CTX_copy(&dctx->cipher, &ctx->cipher); + if (ret) + dbio->init = 1; break; default: - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + ret = BIO_ctrl(b->next_bio, cmd, num, ptr); break; - } - return(ret); } + return (ret); +} -static long enc_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) - { - long ret=1; +static long +enc_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) +{ + long ret = 1; - if (b->next_bio == NULL) return(0); - switch (cmd) - { + if (b->next_bio == NULL) + return (0); + switch (cmd) { default: - ret=BIO_callback_ctrl(b->next_bio,cmd,fp); + ret = BIO_callback_ctrl(b->next_bio, cmd, fp); break; - } - return(ret); } + return (ret); +} /* void BIO_set_cipher_ctx(b,c) @@ -402,28 +398,38 @@ EVP_CIPHER_ctx *c; b->init=1; ctx=(BIO_ENC_CTX *)b->ptr; memcpy(ctx->cipher,c,sizeof(EVP_CIPHER_CTX)); - + if (b->callback != NULL) b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L); } */ -void BIO_set_cipher(BIO *b, const EVP_CIPHER *c, unsigned char *k, - unsigned char *i, int e) - { +int +BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k, + const unsigned char *i, int e) +{ BIO_ENC_CTX *ctx; + long (*cb)(BIO *, int, const char *, int, long, long); - if (b == NULL) return; + if (b == NULL) + return 0; - if ((b->callback != NULL) && - (b->callback(b,BIO_CB_CTRL,(const char *)c,BIO_CTRL_SET,e,0L) <= 0)) - return; + if ((ctx = BIO_get_data(b)) == NULL) + return 0; - b->init=1; - ctx=(BIO_ENC_CTX *)b->ptr; - EVP_CipherInit_ex(&(ctx->cipher),c,NULL, k,i,e); - - if (b->callback != NULL) - b->callback(b,BIO_CB_CTRL,(const char *)c,BIO_CTRL_SET,e,1L); + if ((cb = BIO_get_callback(b)) != NULL) { + if (cb(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e, 0L) + <= 0) + return 0; } + BIO_set_init(b, 1); + + if (!EVP_CipherInit_ex(&(ctx->cipher), c, NULL, k, i, e)) + return 0; + + if (cb != NULL) + return cb(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e, 1L); + + return 1; +} diff --git a/src/lib/libcrypto/evp/bio_md.c b/src/lib/libcrypto/evp/bio_md.c index c632dfb2022..44f72185dc9 100644 --- a/src/lib/libcrypto/evp/bio_md.c +++ b/src/lib/libcrypto/evp/bio_md.c @@ -1,25 +1,25 @@ -/* crypto/evp/bio_md.c */ +/* $OpenBSD: bio_md.c,v 1.15 2018/05/02 15:51:41 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -58,7 +58,7 @@ #include #include -#include "cryptlib.h" + #include #include @@ -72,183 +72,200 @@ static int md_gets(BIO *h, char *str, int size); static long md_ctrl(BIO *h, int cmd, long arg1, void *arg2); static int md_new(BIO *h); static int md_free(BIO *data); -static long md_callback_ctrl(BIO *h,int cmd,bio_info_cb *fp); +static long md_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); -static BIO_METHOD methods_md= - { - BIO_TYPE_MD,"message digest", - md_write, - md_read, - NULL, /* md_puts, */ - md_gets, - md_ctrl, - md_new, - md_free, - md_callback_ctrl, - }; +static const BIO_METHOD methods_md = { + .type = BIO_TYPE_MD, + .name = "message digest", + .bwrite = md_write, + .bread = md_read, + .bgets = md_gets, + .ctrl = md_ctrl, + .create = md_new, + .destroy = md_free, + .callback_ctrl = md_callback_ctrl +}; -BIO_METHOD *BIO_f_md(void) - { - return(&methods_md); - } +const BIO_METHOD * +BIO_f_md(void) +{ + return (&methods_md); +} -static int md_new(BIO *bi) - { +static int +md_new(BIO *bi) +{ EVP_MD_CTX *ctx; - ctx=EVP_MD_CTX_create(); - if (ctx == NULL) return(0); + ctx = EVP_MD_CTX_create(); + if (ctx == NULL) + return (0); - bi->init=0; - bi->ptr=(char *)ctx; - bi->flags=0; - return(1); - } + bi->init = 0; + bi->ptr = (char *)ctx; + bi->flags = 0; + return (1); +} -static int md_free(BIO *a) - { - if (a == NULL) return(0); +static int +md_free(BIO *a) +{ + if (a == NULL) + return (0); EVP_MD_CTX_destroy(a->ptr); - a->ptr=NULL; - a->init=0; - a->flags=0; - return(1); - } - -static int md_read(BIO *b, char *out, int outl) - { - int ret=0; + a->ptr = NULL; + a->init = 0; + a->flags = 0; + return (1); +} + +static int +md_read(BIO *b, char *out, int outl) +{ + int ret = 0; EVP_MD_CTX *ctx; - if (out == NULL) return(0); - ctx=b->ptr; + if (out == NULL) + return (0); + ctx = b->ptr; - if ((ctx == NULL) || (b->next_bio == NULL)) return(0); + if ((ctx == NULL) || (b->next_bio == NULL)) + return (0); - ret=BIO_read(b->next_bio,out,outl); - if (b->init) - { - if (ret > 0) - { - EVP_DigestUpdate(ctx,(unsigned char *)out, - (unsigned int)ret); - } + ret = BIO_read(b->next_bio, out, outl); + if (b->init) { + if (ret > 0) { + if (EVP_DigestUpdate(ctx, (unsigned char *)out, + (unsigned int)ret) <= 0) + return (-1); } + } BIO_clear_retry_flags(b); BIO_copy_next_retry(b); - return(ret); - } + return (ret); +} -static int md_write(BIO *b, const char *in, int inl) - { - int ret=0; +static int +md_write(BIO *b, const char *in, int inl) +{ + int ret = 0; EVP_MD_CTX *ctx; - if ((in == NULL) || (inl <= 0)) return(0); - ctx=b->ptr; + if ((in == NULL) || (inl <= 0)) + return (0); + ctx = b->ptr; if ((ctx != NULL) && (b->next_bio != NULL)) - ret=BIO_write(b->next_bio,in,inl); - if (b->init) - { - if (ret > 0) - { - EVP_DigestUpdate(ctx,(unsigned char *)in, - (unsigned int)ret); + ret = BIO_write(b->next_bio, in, inl); + if (b->init) { + if (ret > 0) { + if (!EVP_DigestUpdate(ctx, (const unsigned char *)in, + (unsigned int)ret)) { + BIO_clear_retry_flags(b); + return 0; } } - BIO_clear_retry_flags(b); - BIO_copy_next_retry(b); - return(ret); } + if (b->next_bio != NULL) { + BIO_clear_retry_flags(b); + BIO_copy_next_retry(b); + } + return (ret); +} -static long md_ctrl(BIO *b, int cmd, long num, void *ptr) - { - EVP_MD_CTX *ctx,*dctx,**pctx; +static long +md_ctrl(BIO *b, int cmd, long num, void *ptr) +{ + EVP_MD_CTX *ctx, *dctx, **pctx; const EVP_MD **ppmd; EVP_MD *md; - long ret=1; + long ret = 1; BIO *dbio; - ctx=b->ptr; + ctx = b->ptr; - switch (cmd) - { + switch (cmd) { case BIO_CTRL_RESET: if (b->init) - EVP_DigestInit_ex(ctx,ctx->digest, NULL); + ret = EVP_DigestInit_ex(ctx, ctx->digest, NULL); else - ret=0; - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + ret = 0; + if (ret > 0) + ret = BIO_ctrl(b->next_bio, cmd, num, ptr); break; case BIO_C_GET_MD: - if (b->init) - { - ppmd=ptr; - *ppmd=ctx->digest; - } - else - ret=0; + if (b->init) { + ppmd = ptr; + *ppmd = ctx->digest; + } else + ret = 0; break; case BIO_C_GET_MD_CTX: + pctx = ptr; + *pctx = ctx; + b->init = 1; + break; + case BIO_C_SET_MD_CTX: if (b->init) - { - pctx=ptr; - *pctx=ctx; - } + b->ptr = ptr; else - ret=0; + ret = 0; break; case BIO_C_DO_STATE_MACHINE: BIO_clear_retry_flags(b); - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + ret = BIO_ctrl(b->next_bio, cmd, num, ptr); BIO_copy_next_retry(b); break; case BIO_C_SET_MD: - md=ptr; - EVP_DigestInit_ex(ctx,md, NULL); - b->init=1; + md = ptr; + ret = EVP_DigestInit_ex(ctx, md, NULL); + if (ret > 0) + b->init = 1; break; case BIO_CTRL_DUP: - dbio=ptr; - dctx=dbio->ptr; - EVP_MD_CTX_copy_ex(dctx,ctx); - b->init=1; + dbio = ptr; + dctx = dbio->ptr; + if (!EVP_MD_CTX_copy_ex(dctx, ctx)) + return 0; + b->init = 1; break; default: - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + ret = BIO_ctrl(b->next_bio, cmd, num, ptr); break; - } - return(ret); } + return (ret); +} -static long md_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) - { - long ret=1; +static long +md_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) +{ + long ret = 1; - if (b->next_bio == NULL) return(0); - switch (cmd) - { + if (b->next_bio == NULL) + return (0); + switch (cmd) { default: - ret=BIO_callback_ctrl(b->next_bio,cmd,fp); + ret = BIO_callback_ctrl(b->next_bio, cmd, fp); break; - } - return(ret); } + return (ret); +} -static int md_gets(BIO *bp, char *buf, int size) - { +static int +md_gets(BIO *bp, char *buf, int size) +{ EVP_MD_CTX *ctx; unsigned int ret; - - ctx=bp->ptr; + ctx = bp->ptr; if (size < ctx->digest->md_size) - return(0); - EVP_DigestFinal_ex(ctx,(unsigned char *)buf,&ret); - return((int)ret); - } + return (0); + if (EVP_DigestFinal_ex(ctx, (unsigned char *)buf, &ret) <= 0) + return -1; + + return ((int)ret); +} /* static int md_puts(bp,str) @@ -258,4 +275,3 @@ char *str; return(-1); } */ - diff --git a/src/lib/libcrypto/evp/bio_ok.c b/src/lib/libcrypto/evp/bio_ok.c deleted file mode 100644 index 3cbc6e78481..00000000000 --- a/src/lib/libcrypto/evp/bio_ok.c +++ /dev/null @@ -1,575 +0,0 @@ -/* crypto/evp/bio_ok.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -/* - From: Arne Ansper - - Why BIO_f_reliable? - - I wrote function which took BIO* as argument, read data from it - and processed it. Then I wanted to store the input file in - encrypted form. OK I pushed BIO_f_cipher to the BIO stack - and everything was OK. BUT if user types wrong password - BIO_f_cipher outputs only garbage and my function crashes. Yes - I can and I should fix my function, but BIO_f_cipher is - easy way to add encryption support to many existing applications - and it's hard to debug and fix them all. - - So I wanted another BIO which would catch the incorrect passwords and - file damages which cause garbage on BIO_f_cipher's output. - - The easy way is to push the BIO_f_md and save the checksum at - the end of the file. However there are several problems with this - approach: - - 1) you must somehow separate checksum from actual data. - 2) you need lot's of memory when reading the file, because you - must read to the end of the file and verify the checksum before - letting the application to read the data. - - BIO_f_reliable tries to solve both problems, so that you can - read and write arbitrary long streams using only fixed amount - of memory. - - BIO_f_reliable splits data stream into blocks. Each block is prefixed - with it's length and suffixed with it's digest. So you need only - several Kbytes of memory to buffer single block before verifying - it's digest. - - BIO_f_reliable goes further and adds several important capabilities: - - 1) the digest of the block is computed over the whole stream - -- so nobody can rearrange the blocks or remove or replace them. - - 2) to detect invalid passwords right at the start BIO_f_reliable - adds special prefix to the stream. In order to avoid known plain-text - attacks this prefix is generated as follows: - - *) digest is initialized with random seed instead of - standardized one. - *) same seed is written to ouput - *) well-known text is then hashed and the output - of the digest is also written to output. - - reader can now read the seed from stream, hash the same string - and then compare the digest output. - - Bad things: BIO_f_reliable knows what's going on in EVP_Digest. I - initially wrote and tested this code on x86 machine and wrote the - digests out in machine-dependent order :( There are people using - this code and I cannot change this easily without making existing - data files unreadable. - -*/ - -#include -#include -#include "cryptlib.h" -#include -#include -#include -#include - -static int ok_write(BIO *h, const char *buf, int num); -static int ok_read(BIO *h, char *buf, int size); -static long ok_ctrl(BIO *h, int cmd, long arg1, void *arg2); -static int ok_new(BIO *h); -static int ok_free(BIO *data); -static long ok_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); - -static void sig_out(BIO* b); -static void sig_in(BIO* b); -static void block_out(BIO* b); -static void block_in(BIO* b); -#define OK_BLOCK_SIZE (1024*4) -#define OK_BLOCK_BLOCK 4 -#define IOBS (OK_BLOCK_SIZE+ OK_BLOCK_BLOCK+ 3*EVP_MAX_MD_SIZE) -#define WELLKNOWN "The quick brown fox jumped over the lazy dog's back." - -#ifndef L_ENDIAN -#define swapem(x) \ - ((unsigned long int)((((unsigned long int)(x) & 0x000000ffU) << 24) | \ - (((unsigned long int)(x) & 0x0000ff00U) << 8) | \ - (((unsigned long int)(x) & 0x00ff0000U) >> 8) | \ - (((unsigned long int)(x) & 0xff000000U) >> 24))) -#else -#define swapem(x) (x) -#endif - -typedef struct ok_struct - { - int buf_len; - int buf_off; - int buf_len_save; - int buf_off_save; - int cont; /* <= 0 when finished */ - int finished; - EVP_MD_CTX md; - int blockout; /* output block is ready */ - int sigio; /* must process signature */ - unsigned char buf[IOBS]; - } BIO_OK_CTX; - -static BIO_METHOD methods_ok= - { - BIO_TYPE_CIPHER,"reliable", - ok_write, - ok_read, - NULL, /* ok_puts, */ - NULL, /* ok_gets, */ - ok_ctrl, - ok_new, - ok_free, - ok_callback_ctrl, - }; - -BIO_METHOD *BIO_f_reliable(void) - { - return(&methods_ok); - } - -static int ok_new(BIO *bi) - { - BIO_OK_CTX *ctx; - - ctx=(BIO_OK_CTX *)OPENSSL_malloc(sizeof(BIO_OK_CTX)); - if (ctx == NULL) return(0); - - ctx->buf_len=0; - ctx->buf_off=0; - ctx->buf_len_save=0; - ctx->buf_off_save=0; - ctx->cont=1; - ctx->finished=0; - ctx->blockout= 0; - ctx->sigio=1; - - EVP_MD_CTX_init(&ctx->md); - - bi->init=0; - bi->ptr=(char *)ctx; - bi->flags=0; - return(1); - } - -static int ok_free(BIO *a) - { - if (a == NULL) return(0); - EVP_MD_CTX_cleanup(&((BIO_OK_CTX *)a->ptr)->md); - memset(a->ptr,0,sizeof(BIO_OK_CTX)); - OPENSSL_free(a->ptr); - a->ptr=NULL; - a->init=0; - a->flags=0; - return(1); - } - -static int ok_read(BIO *b, char *out, int outl) - { - int ret=0,i,n; - BIO_OK_CTX *ctx; - - if (out == NULL) return(0); - ctx=(BIO_OK_CTX *)b->ptr; - - if ((ctx == NULL) || (b->next_bio == NULL) || (b->init == 0)) return(0); - - while(outl > 0) - { - - /* copy clean bytes to output buffer */ - if (ctx->blockout) - { - i=ctx->buf_len-ctx->buf_off; - if (i > outl) i=outl; - memcpy(out,&(ctx->buf[ctx->buf_off]),i); - ret+=i; - out+=i; - outl-=i; - ctx->buf_off+=i; - - /* all clean bytes are out */ - if (ctx->buf_len == ctx->buf_off) - { - ctx->buf_off=0; - - /* copy start of the next block into proper place */ - if(ctx->buf_len_save- ctx->buf_off_save > 0) - { - ctx->buf_len= ctx->buf_len_save- ctx->buf_off_save; - memmove(ctx->buf, &(ctx->buf[ctx->buf_off_save]), - ctx->buf_len); - } - else - { - ctx->buf_len=0; - } - ctx->blockout= 0; - } - } - - /* output buffer full -- cancel */ - if (outl == 0) break; - - /* no clean bytes in buffer -- fill it */ - n=IOBS- ctx->buf_len; - i=BIO_read(b->next_bio,&(ctx->buf[ctx->buf_len]),n); - - if (i <= 0) break; /* nothing new */ - - ctx->buf_len+= i; - - /* no signature yet -- check if we got one */ - if (ctx->sigio == 1) sig_in(b); - - /* signature ok -- check if we got block */ - if (ctx->sigio == 0) block_in(b); - - /* invalid block -- cancel */ - if (ctx->cont <= 0) break; - - } - - BIO_clear_retry_flags(b); - BIO_copy_next_retry(b); - return(ret); - } - -static int ok_write(BIO *b, const char *in, int inl) - { - int ret=0,n,i; - BIO_OK_CTX *ctx; - - ctx=(BIO_OK_CTX *)b->ptr; - ret=inl; - - if ((ctx == NULL) || (b->next_bio == NULL) || (b->init == 0)) return(0); - - if(ctx->sigio) sig_out(b); - - do{ - BIO_clear_retry_flags(b); - n=ctx->buf_len-ctx->buf_off; - while (ctx->blockout && n > 0) - { - i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n); - if (i <= 0) - { - BIO_copy_next_retry(b); - if(!BIO_should_retry(b)) - ctx->cont= 0; - return(i); - } - ctx->buf_off+=i; - n-=i; - } - - /* at this point all pending data has been written */ - ctx->blockout= 0; - if (ctx->buf_len == ctx->buf_off) - { - ctx->buf_len=OK_BLOCK_BLOCK; - ctx->buf_off=0; - } - - if ((in == NULL) || (inl <= 0)) return(0); - - n= (inl+ ctx->buf_len > OK_BLOCK_SIZE+ OK_BLOCK_BLOCK) ? - OK_BLOCK_SIZE+ OK_BLOCK_BLOCK- ctx->buf_len : inl; - - memcpy((unsigned char *)(&(ctx->buf[ctx->buf_len])),(unsigned char *)in,n); - ctx->buf_len+= n; - inl-=n; - in+=n; - - if(ctx->buf_len >= OK_BLOCK_SIZE+ OK_BLOCK_BLOCK) - { - block_out(b); - } - }while(inl > 0); - - BIO_clear_retry_flags(b); - BIO_copy_next_retry(b); - return(ret); - } - -static long ok_ctrl(BIO *b, int cmd, long num, void *ptr) - { - BIO_OK_CTX *ctx; - EVP_MD *md; - const EVP_MD **ppmd; - long ret=1; - int i; - - ctx=b->ptr; - - switch (cmd) - { - case BIO_CTRL_RESET: - ctx->buf_len=0; - ctx->buf_off=0; - ctx->buf_len_save=0; - ctx->buf_off_save=0; - ctx->cont=1; - ctx->finished=0; - ctx->blockout= 0; - ctx->sigio=1; - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); - break; - case BIO_CTRL_EOF: /* More to read */ - if (ctx->cont <= 0) - ret=1; - else - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); - break; - case BIO_CTRL_PENDING: /* More to read in buffer */ - case BIO_CTRL_WPENDING: /* More to read in buffer */ - ret=ctx->blockout ? ctx->buf_len-ctx->buf_off : 0; - if (ret <= 0) - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); - break; - case BIO_CTRL_FLUSH: - /* do a final write */ - if(ctx->blockout == 0) - block_out(b); - - while (ctx->blockout) - { - i=ok_write(b,NULL,0); - if (i < 0) - { - ret=i; - break; - } - } - - ctx->finished=1; - ctx->buf_off=ctx->buf_len=0; - ctx->cont=(int)ret; - - /* Finally flush the underlying BIO */ - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); - break; - case BIO_C_DO_STATE_MACHINE: - BIO_clear_retry_flags(b); - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); - BIO_copy_next_retry(b); - break; - case BIO_CTRL_INFO: - ret=(long)ctx->cont; - break; - case BIO_C_SET_MD: - md=ptr; - EVP_DigestInit_ex(&ctx->md, md, NULL); - b->init=1; - break; - case BIO_C_GET_MD: - if (b->init) - { - ppmd=ptr; - *ppmd=ctx->md.digest; - } - else - ret=0; - break; - default: - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); - break; - } - return(ret); - } - -static long ok_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) - { - long ret=1; - - if (b->next_bio == NULL) return(0); - switch (cmd) - { - default: - ret=BIO_callback_ctrl(b->next_bio,cmd,fp); - break; - } - return(ret); - } - -static void longswap(void *_ptr, int len) -{ -#ifndef L_ENDIAN - int i; - char *ptr=_ptr; - - for(i= 0;i < len;i+= 4){ - *((unsigned long *)&(ptr[i]))= swapem(*((unsigned long *)&(ptr[i]))); - } -#endif -} - -static void sig_out(BIO* b) - { - BIO_OK_CTX *ctx; - EVP_MD_CTX *md; - - ctx=b->ptr; - md=&ctx->md; - - if(ctx->buf_len+ 2* md->digest->md_size > OK_BLOCK_SIZE) return; - - EVP_DigestInit_ex(md, md->digest, NULL); - /* FIXME: there's absolutely no guarantee this makes any sense at all, - * particularly now EVP_MD_CTX has been restructured. - */ - RAND_pseudo_bytes(md->md_data, md->digest->md_size); - memcpy(&(ctx->buf[ctx->buf_len]), md->md_data, md->digest->md_size); - longswap(&(ctx->buf[ctx->buf_len]), md->digest->md_size); - ctx->buf_len+= md->digest->md_size; - - EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN)); - EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL); - ctx->buf_len+= md->digest->md_size; - ctx->blockout= 1; - ctx->sigio= 0; - } - -static void sig_in(BIO* b) - { - BIO_OK_CTX *ctx; - EVP_MD_CTX *md; - unsigned char tmp[EVP_MAX_MD_SIZE]; - int ret= 0; - - ctx=b->ptr; - md=&ctx->md; - - if(ctx->buf_len- ctx->buf_off < 2* md->digest->md_size) return; - - EVP_DigestInit_ex(md, md->digest, NULL); - memcpy(md->md_data, &(ctx->buf[ctx->buf_off]), md->digest->md_size); - longswap(md->md_data, md->digest->md_size); - ctx->buf_off+= md->digest->md_size; - - EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN)); - EVP_DigestFinal_ex(md, tmp, NULL); - ret= memcmp(&(ctx->buf[ctx->buf_off]), tmp, md->digest->md_size) == 0; - ctx->buf_off+= md->digest->md_size; - if(ret == 1) - { - ctx->sigio= 0; - if(ctx->buf_len != ctx->buf_off) - { - memmove(ctx->buf, &(ctx->buf[ctx->buf_off]), ctx->buf_len- ctx->buf_off); - } - ctx->buf_len-= ctx->buf_off; - ctx->buf_off= 0; - } - else - { - ctx->cont= 0; - } - } - -static void block_out(BIO* b) - { - BIO_OK_CTX *ctx; - EVP_MD_CTX *md; - unsigned long tl; - - ctx=b->ptr; - md=&ctx->md; - - tl= ctx->buf_len- OK_BLOCK_BLOCK; - tl= swapem(tl); - memcpy(ctx->buf, &tl, OK_BLOCK_BLOCK); - tl= swapem(tl); - EVP_DigestUpdate(md, (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl); - EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL); - ctx->buf_len+= md->digest->md_size; - ctx->blockout= 1; - } - -static void block_in(BIO* b) - { - BIO_OK_CTX *ctx; - EVP_MD_CTX *md; - long tl= 0; - unsigned char tmp[EVP_MAX_MD_SIZE]; - - ctx=b->ptr; - md=&ctx->md; - - memcpy(&tl, ctx->buf, OK_BLOCK_BLOCK); - tl= swapem(tl); - if (ctx->buf_len < tl+ OK_BLOCK_BLOCK+ md->digest->md_size) return; - - EVP_DigestUpdate(md, (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl); - EVP_DigestFinal_ex(md, tmp, NULL); - if(memcmp(&(ctx->buf[tl+ OK_BLOCK_BLOCK]), tmp, md->digest->md_size) == 0) - { - /* there might be parts from next block lurking around ! */ - ctx->buf_off_save= tl+ OK_BLOCK_BLOCK+ md->digest->md_size; - ctx->buf_len_save= ctx->buf_len; - ctx->buf_off= OK_BLOCK_BLOCK; - ctx->buf_len= tl+ OK_BLOCK_BLOCK; - ctx->blockout= 1; - } - else - { - ctx->cont= 0; - } - } - diff --git a/src/lib/libcrypto/evp/c_all.c b/src/lib/libcrypto/evp/c_all.c index 3d390dfbf13..9e9d39d5aba 100644 --- a/src/lib/libcrypto/evp/c_all.c +++ b/src/lib/libcrypto/evp/c_all.c @@ -1,25 +1,25 @@ -/* crypto/evp/c_all.c */ +/* $OpenBSD: c_all.c,v 1.26 2019/03/17 18:07:41 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,19 +57,277 @@ */ #include -#include "cryptlib.h" +#include + +#include + +#include #include +#include -#undef OpenSSL_add_all_algorithms +#include "cryptlib.h" -void OpenSSL_add_all_algorithms(void) - { - OPENSSL_add_all_algorithms_noconf(); - } +static void +OpenSSL_add_all_ciphers_internal(void) +{ +#ifndef OPENSSL_NO_DES + EVP_add_cipher(EVP_des_cfb()); + EVP_add_cipher(EVP_des_cfb1()); + EVP_add_cipher(EVP_des_cfb8()); + EVP_add_cipher(EVP_des_ede_cfb()); + EVP_add_cipher(EVP_des_ede3_cfb()); + EVP_add_cipher(EVP_des_ede3_cfb1()); + EVP_add_cipher(EVP_des_ede3_cfb8()); + + EVP_add_cipher(EVP_des_ofb()); + EVP_add_cipher(EVP_des_ede_ofb()); + EVP_add_cipher(EVP_des_ede3_ofb()); + + EVP_add_cipher(EVP_desx_cbc()); + EVP_add_cipher_alias(SN_desx_cbc, "DESX"); + EVP_add_cipher_alias(SN_desx_cbc, "desx"); + + EVP_add_cipher(EVP_des_cbc()); + EVP_add_cipher_alias(SN_des_cbc, "DES"); + EVP_add_cipher_alias(SN_des_cbc, "des"); + EVP_add_cipher(EVP_des_ede_cbc()); + EVP_add_cipher(EVP_des_ede3_cbc()); + EVP_add_cipher_alias(SN_des_ede3_cbc, "DES3"); + EVP_add_cipher_alias(SN_des_ede3_cbc, "des3"); + + EVP_add_cipher(EVP_des_ecb()); + EVP_add_cipher(EVP_des_ede()); + EVP_add_cipher(EVP_des_ede3()); +#endif + +#ifndef OPENSSL_NO_RC4 + EVP_add_cipher(EVP_rc4()); + EVP_add_cipher(EVP_rc4_40()); +#ifndef OPENSSL_NO_MD5 + EVP_add_cipher(EVP_rc4_hmac_md5()); +#endif +#endif + +#ifndef OPENSSL_NO_IDEA + EVP_add_cipher(EVP_idea_ecb()); + EVP_add_cipher(EVP_idea_cfb()); + EVP_add_cipher(EVP_idea_ofb()); + EVP_add_cipher(EVP_idea_cbc()); + EVP_add_cipher_alias(SN_idea_cbc, "IDEA"); + EVP_add_cipher_alias(SN_idea_cbc, "idea"); +#endif -void OPENSSL_add_all_algorithms_noconf(void) - { +#ifndef OPENSSL_NO_RC2 + EVP_add_cipher(EVP_rc2_ecb()); + EVP_add_cipher(EVP_rc2_cfb()); + EVP_add_cipher(EVP_rc2_ofb()); + EVP_add_cipher(EVP_rc2_cbc()); + EVP_add_cipher(EVP_rc2_40_cbc()); + EVP_add_cipher(EVP_rc2_64_cbc()); + EVP_add_cipher_alias(SN_rc2_cbc, "RC2"); + EVP_add_cipher_alias(SN_rc2_cbc, "rc2"); +#endif + +#ifndef OPENSSL_NO_BF + EVP_add_cipher(EVP_bf_ecb()); + EVP_add_cipher(EVP_bf_cfb()); + EVP_add_cipher(EVP_bf_ofb()); + EVP_add_cipher(EVP_bf_cbc()); + EVP_add_cipher_alias(SN_bf_cbc, "BF"); + EVP_add_cipher_alias(SN_bf_cbc, "bf"); + EVP_add_cipher_alias(SN_bf_cbc, "blowfish"); +#endif + +#ifndef OPENSSL_NO_CAST + EVP_add_cipher(EVP_cast5_ecb()); + EVP_add_cipher(EVP_cast5_cfb()); + EVP_add_cipher(EVP_cast5_ofb()); + EVP_add_cipher(EVP_cast5_cbc()); + EVP_add_cipher_alias(SN_cast5_cbc, "CAST"); + EVP_add_cipher_alias(SN_cast5_cbc, "cast"); + EVP_add_cipher_alias(SN_cast5_cbc, "CAST-cbc"); + EVP_add_cipher_alias(SN_cast5_cbc, "cast-cbc"); +#endif + +#ifndef OPENSSL_NO_AES + EVP_add_cipher(EVP_aes_128_ecb()); + EVP_add_cipher(EVP_aes_128_cbc()); + EVP_add_cipher(EVP_aes_128_ccm()); + EVP_add_cipher(EVP_aes_128_cfb()); + EVP_add_cipher(EVP_aes_128_cfb1()); + EVP_add_cipher(EVP_aes_128_cfb8()); + EVP_add_cipher(EVP_aes_128_ofb()); + EVP_add_cipher(EVP_aes_128_ctr()); + EVP_add_cipher(EVP_aes_128_gcm()); + EVP_add_cipher(EVP_aes_128_wrap()); + EVP_add_cipher(EVP_aes_128_xts()); + EVP_add_cipher_alias(SN_aes_128_cbc, "AES128"); + EVP_add_cipher_alias(SN_aes_128_cbc, "aes128"); + EVP_add_cipher(EVP_aes_192_ecb()); + EVP_add_cipher(EVP_aes_192_cbc()); + EVP_add_cipher(EVP_aes_192_ccm()); + EVP_add_cipher(EVP_aes_192_cfb()); + EVP_add_cipher(EVP_aes_192_cfb1()); + EVP_add_cipher(EVP_aes_192_cfb8()); + EVP_add_cipher(EVP_aes_192_ofb()); + EVP_add_cipher(EVP_aes_192_ctr()); + EVP_add_cipher(EVP_aes_192_gcm()); + EVP_add_cipher(EVP_aes_192_wrap()); + EVP_add_cipher_alias(SN_aes_192_cbc, "AES192"); + EVP_add_cipher_alias(SN_aes_192_cbc, "aes192"); + EVP_add_cipher(EVP_aes_256_ecb()); + EVP_add_cipher(EVP_aes_256_cbc()); + EVP_add_cipher(EVP_aes_256_ccm()); + EVP_add_cipher(EVP_aes_256_cfb()); + EVP_add_cipher(EVP_aes_256_cfb1()); + EVP_add_cipher(EVP_aes_256_cfb8()); + EVP_add_cipher(EVP_aes_256_ofb()); + EVP_add_cipher(EVP_aes_256_ctr()); + EVP_add_cipher(EVP_aes_256_gcm()); + EVP_add_cipher(EVP_aes_256_wrap()); + EVP_add_cipher(EVP_aes_256_xts()); + EVP_add_cipher_alias(SN_aes_256_cbc, "AES256"); + EVP_add_cipher_alias(SN_aes_256_cbc, "aes256"); +#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) + EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1()); + EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1()); +#endif +#endif + +#ifndef OPENSSL_NO_CAMELLIA + EVP_add_cipher(EVP_camellia_128_ecb()); + EVP_add_cipher(EVP_camellia_128_cbc()); + EVP_add_cipher(EVP_camellia_128_cfb()); + EVP_add_cipher(EVP_camellia_128_cfb1()); + EVP_add_cipher(EVP_camellia_128_cfb8()); + EVP_add_cipher(EVP_camellia_128_ofb()); + EVP_add_cipher_alias(SN_camellia_128_cbc, "CAMELLIA128"); + EVP_add_cipher_alias(SN_camellia_128_cbc, "camellia128"); + EVP_add_cipher(EVP_camellia_192_ecb()); + EVP_add_cipher(EVP_camellia_192_cbc()); + EVP_add_cipher(EVP_camellia_192_cfb()); + EVP_add_cipher(EVP_camellia_192_cfb1()); + EVP_add_cipher(EVP_camellia_192_cfb8()); + EVP_add_cipher(EVP_camellia_192_ofb()); + EVP_add_cipher_alias(SN_camellia_192_cbc, "CAMELLIA192"); + EVP_add_cipher_alias(SN_camellia_192_cbc, "camellia192"); + EVP_add_cipher(EVP_camellia_256_ecb()); + EVP_add_cipher(EVP_camellia_256_cbc()); + EVP_add_cipher(EVP_camellia_256_cfb()); + EVP_add_cipher(EVP_camellia_256_cfb1()); + EVP_add_cipher(EVP_camellia_256_cfb8()); + EVP_add_cipher(EVP_camellia_256_ofb()); + EVP_add_cipher_alias(SN_camellia_256_cbc, "CAMELLIA256"); + EVP_add_cipher_alias(SN_camellia_256_cbc, "camellia256"); +#endif + +#ifndef OPENSSL_NO_CHACHA + EVP_add_cipher(EVP_chacha20()); +#endif + +#ifndef OPENSSL_NO_GOST + EVP_add_cipher(EVP_gost2814789_ecb()); + EVP_add_cipher(EVP_gost2814789_cfb64()); + EVP_add_cipher(EVP_gost2814789_cnt()); +#endif + +#ifndef OPENSSL_NO_SM4 + EVP_add_cipher(EVP_sm4_ecb()); + EVP_add_cipher(EVP_sm4_cbc()); + EVP_add_cipher(EVP_sm4_cfb()); + EVP_add_cipher(EVP_sm4_ofb()); + EVP_add_cipher(EVP_sm4_ctr()); + EVP_add_cipher_alias(SN_sm4_cbc, "SM4"); + EVP_add_cipher_alias(SN_sm4_cbc, "sm4"); +#endif +} + +void +OpenSSL_add_all_ciphers(void) +{ + static pthread_once_t add_all_ciphers_once = PTHREAD_ONCE_INIT; + (void) pthread_once(&add_all_ciphers_once, OpenSSL_add_all_ciphers_internal); +} + +static void +OpenSSL_add_all_digests_internal(void) +{ +#ifndef OPENSSL_NO_MD4 + EVP_add_digest(EVP_md4()); +#endif + +#ifndef OPENSSL_NO_MD5 + EVP_add_digest(EVP_md5()); + EVP_add_digest(EVP_md5_sha1()); + EVP_add_digest_alias(SN_md5, "ssl2-md5"); + EVP_add_digest_alias(SN_md5, "ssl3-md5"); +#endif + +#if !defined(OPENSSL_NO_SHA) +#ifndef OPENSSL_NO_DSA + EVP_add_digest(EVP_dss()); +#endif +#endif +#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) + EVP_add_digest(EVP_sha1()); + EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); + EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); +#ifndef OPENSSL_NO_DSA + EVP_add_digest(EVP_dss1()); + EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2); + EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1"); + EVP_add_digest_alias(SN_dsaWithSHA1, "dss1"); +#endif +#ifndef OPENSSL_NO_ECDSA + EVP_add_digest(EVP_ecdsa()); +#endif +#endif + +#ifndef OPENSSL_NO_GOST + EVP_add_digest(EVP_gostr341194()); + EVP_add_digest(EVP_gost2814789imit()); + EVP_add_digest(EVP_streebog256()); + EVP_add_digest(EVP_streebog512()); +#endif +#ifndef OPENSSL_NO_RIPEMD + EVP_add_digest(EVP_ripemd160()); + EVP_add_digest_alias(SN_ripemd160, "ripemd"); + EVP_add_digest_alias(SN_ripemd160, "rmd160"); +#endif +#ifndef OPENSSL_NO_SHA256 + EVP_add_digest(EVP_sha224()); + EVP_add_digest(EVP_sha256()); +#endif +#ifndef OPENSSL_NO_SHA512 + EVP_add_digest(EVP_sha384()); + EVP_add_digest(EVP_sha512()); +#endif +#ifndef OPENSSL_NO_SM3 + EVP_add_digest(EVP_sm3()); +#endif +#ifndef OPENSSL_NO_WHIRLPOOL + EVP_add_digest(EVP_whirlpool()); +#endif +} + +void +OpenSSL_add_all_digests(void) +{ + static pthread_once_t add_all_digests_once = PTHREAD_ONCE_INIT; + (void) pthread_once(&add_all_digests_once, OpenSSL_add_all_digests_internal); +} + +void +OPENSSL_add_all_algorithms_noconf(void) +{ + OPENSSL_cpuid_setup(); OpenSSL_add_all_ciphers(); OpenSSL_add_all_digests(); - ENGINE_setup_openbsd(); - } +} + +void +OPENSSL_add_all_algorithms_conf(void) +{ + OPENSSL_add_all_algorithms_noconf(); + OPENSSL_config(NULL); +} diff --git a/src/lib/libcrypto/evp/c_allc.c b/src/lib/libcrypto/evp/c_allc.c deleted file mode 100644 index 341a958fd47..00000000000 --- a/src/lib/libcrypto/evp/c_allc.c +++ /dev/null @@ -1,180 +0,0 @@ -/* crypto/evp/c_allc.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include "cryptlib.h" -#include -#include -#include - -void OpenSSL_add_all_ciphers(void) - { - -#ifndef OPENSSL_NO_DES - EVP_add_cipher(EVP_des_cfb()); - EVP_add_cipher(EVP_des_ede_cfb()); - EVP_add_cipher(EVP_des_ede3_cfb()); - - EVP_add_cipher(EVP_des_ofb()); - EVP_add_cipher(EVP_des_ede_ofb()); - EVP_add_cipher(EVP_des_ede3_ofb()); - - EVP_add_cipher(EVP_desx_cbc()); - EVP_add_cipher_alias(SN_desx_cbc,"DESX"); - EVP_add_cipher_alias(SN_desx_cbc,"desx"); - - EVP_add_cipher(EVP_des_cbc()); - EVP_add_cipher_alias(SN_des_cbc,"DES"); - EVP_add_cipher_alias(SN_des_cbc,"des"); - EVP_add_cipher(EVP_des_ede_cbc()); - EVP_add_cipher(EVP_des_ede3_cbc()); - EVP_add_cipher_alias(SN_des_ede3_cbc,"DES3"); - EVP_add_cipher_alias(SN_des_ede3_cbc,"des3"); - - EVP_add_cipher(EVP_des_ecb()); - EVP_add_cipher(EVP_des_ede()); - EVP_add_cipher(EVP_des_ede3()); -#endif - -#ifndef OPENSSL_NO_RC4 - EVP_add_cipher(EVP_rc4()); - EVP_add_cipher(EVP_rc4_40()); -#endif - -#ifndef OPENSSL_NO_IDEA - EVP_add_cipher(EVP_idea_ecb()); - EVP_add_cipher(EVP_idea_cfb()); - EVP_add_cipher(EVP_idea_ofb()); - EVP_add_cipher(EVP_idea_cbc()); - EVP_add_cipher_alias(SN_idea_cbc,"IDEA"); - EVP_add_cipher_alias(SN_idea_cbc,"idea"); -#endif - -#ifndef OPENSSL_NO_RC2 - EVP_add_cipher(EVP_rc2_ecb()); - EVP_add_cipher(EVP_rc2_cfb()); - EVP_add_cipher(EVP_rc2_ofb()); - EVP_add_cipher(EVP_rc2_cbc()); - EVP_add_cipher(EVP_rc2_40_cbc()); - EVP_add_cipher(EVP_rc2_64_cbc()); - EVP_add_cipher_alias(SN_rc2_cbc,"RC2"); - EVP_add_cipher_alias(SN_rc2_cbc,"rc2"); -#endif - -#ifndef OPENSSL_NO_BF - EVP_add_cipher(EVP_bf_ecb()); - EVP_add_cipher(EVP_bf_cfb()); - EVP_add_cipher(EVP_bf_ofb()); - EVP_add_cipher(EVP_bf_cbc()); - EVP_add_cipher_alias(SN_bf_cbc,"BF"); - EVP_add_cipher_alias(SN_bf_cbc,"bf"); - EVP_add_cipher_alias(SN_bf_cbc,"blowfish"); -#endif - -#ifndef OPENSSL_NO_CAST - EVP_add_cipher(EVP_cast5_ecb()); - EVP_add_cipher(EVP_cast5_cfb()); - EVP_add_cipher(EVP_cast5_ofb()); - EVP_add_cipher(EVP_cast5_cbc()); - EVP_add_cipher_alias(SN_cast5_cbc,"CAST"); - EVP_add_cipher_alias(SN_cast5_cbc,"cast"); - EVP_add_cipher_alias(SN_cast5_cbc,"CAST-cbc"); - EVP_add_cipher_alias(SN_cast5_cbc,"cast-cbc"); -#endif - -#ifndef OPENSSL_NO_RC5 - EVP_add_cipher(EVP_rc5_32_12_16_ecb()); - EVP_add_cipher(EVP_rc5_32_12_16_cfb()); - EVP_add_cipher(EVP_rc5_32_12_16_ofb()); - EVP_add_cipher(EVP_rc5_32_12_16_cbc()); - EVP_add_cipher_alias(SN_rc5_cbc,"rc5"); - EVP_add_cipher_alias(SN_rc5_cbc,"RC5"); -#endif - -#ifndef OPENSSL_NO_AES - EVP_add_cipher(EVP_aes_128_ecb()); - EVP_add_cipher(EVP_aes_128_cbc()); - EVP_add_cipher(EVP_aes_128_cfb()); - EVP_add_cipher(EVP_aes_128_ofb()); -#if 0 - EVP_add_cipher(EVP_aes_128_ctr()); -#endif - EVP_add_cipher_alias(SN_aes_128_cbc,"AES128"); - EVP_add_cipher_alias(SN_aes_128_cbc,"aes128"); - EVP_add_cipher(EVP_aes_192_ecb()); - EVP_add_cipher(EVP_aes_192_cbc()); - EVP_add_cipher(EVP_aes_192_cfb()); - EVP_add_cipher(EVP_aes_192_ofb()); -#if 0 - EVP_add_cipher(EVP_aes_192_ctr()); -#endif - EVP_add_cipher_alias(SN_aes_192_cbc,"AES192"); - EVP_add_cipher_alias(SN_aes_192_cbc,"aes192"); - EVP_add_cipher(EVP_aes_256_ecb()); - EVP_add_cipher(EVP_aes_256_cbc()); - EVP_add_cipher(EVP_aes_256_cfb()); - EVP_add_cipher(EVP_aes_256_ofb()); -#if 0 - EVP_add_cipher(EVP_aes_256_ctr()); -#endif - EVP_add_cipher_alias(SN_aes_256_cbc,"AES256"); - EVP_add_cipher_alias(SN_aes_256_cbc,"aes256"); -#endif - PKCS12_PBE_add(); - PKCS5_PBE_add(); - } diff --git a/src/lib/libcrypto/evp/c_alld.c b/src/lib/libcrypto/evp/c_alld.c deleted file mode 100644 index be91cdb0373..00000000000 --- a/src/lib/libcrypto/evp/c_alld.c +++ /dev/null @@ -1,103 +0,0 @@ -/* crypto/evp/c_alld.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include "cryptlib.h" -#include -#include -#include - -void OpenSSL_add_all_digests(void) - { -#ifndef OPENSSL_NO_MD2 - EVP_add_digest(EVP_md2()); -#endif -#ifndef OPENSSL_NO_MD4 - EVP_add_digest(EVP_md4()); -#endif -#ifndef OPENSSL_NO_MD5 - EVP_add_digest(EVP_md5()); - EVP_add_digest_alias(SN_md5,"ssl2-md5"); - EVP_add_digest_alias(SN_md5,"ssl3-md5"); -#endif -#ifndef OPENSSL_NO_SHA - EVP_add_digest(EVP_sha()); -#ifndef OPENSSL_NO_DSA - EVP_add_digest(EVP_dss()); -#endif -#endif -#ifndef OPENSSL_NO_SHA - EVP_add_digest(EVP_sha1()); - EVP_add_digest_alias(SN_sha1,"ssl3-sha1"); - EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA); -#ifndef OPENSSL_NO_DSA - EVP_add_digest(EVP_dss1()); - EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2); - EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1"); - EVP_add_digest_alias(SN_dsaWithSHA1,"dss1"); -#endif -#endif -#if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES) - EVP_add_digest(EVP_mdc2()); -#endif -#ifndef OPENSSL_NO_RIPEMD - EVP_add_digest(EVP_ripemd160()); - EVP_add_digest_alias(SN_ripemd160,"ripemd"); - EVP_add_digest_alias(SN_ripemd160,"rmd160"); -#endif - } diff --git a/src/lib/libcrypto/evp/digest.c b/src/lib/libcrypto/evp/digest.c index a969ac69edb..6a7d86d702a 100644 --- a/src/lib/libcrypto/evp/digest.c +++ b/src/lib/libcrypto/evp/digest.c @@ -1,25 +1,25 @@ -/* crypto/evp/digest.c */ +/* $OpenBSD: digest.c,v 1.30 2018/04/14 07:09:21 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -63,7 +63,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -110,203 +110,305 @@ */ #include -#include "cryptlib.h" -#include -#include -#include +#include -void EVP_MD_CTX_init(EVP_MD_CTX *ctx) - { - memset(ctx,'\0',sizeof *ctx); - } +#include -EVP_MD_CTX *EVP_MD_CTX_create(void) - { - EVP_MD_CTX *ctx=OPENSSL_malloc(sizeof *ctx); - - EVP_MD_CTX_init(ctx); +#include +#include +#include - return ctx; - } +#ifndef OPENSSL_NO_ENGINE +#include +#endif -int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type) - { +int +EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type) +{ EVP_MD_CTX_init(ctx); return EVP_DigestInit_ex(ctx, type, NULL); - } +} -int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) - { - EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); +int +EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) +{ + EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_CLEANED); + +#ifndef OPENSSL_NO_ENGINE /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts * so this context may already have an ENGINE! Try to avoid releasing * the previous handle, re-querying for an ENGINE, and having a * reinitialisation, when it may all be unecessary. */ if (ctx->engine && ctx->digest && (!type || - (type && (type->type == ctx->digest->type)))) + (type && (type->type == ctx->digest->type)))) goto skip_to_init; - if (type) - { + if (type) { /* Ensure an ENGINE left lying around from last time is cleared * (the previous check attempted to avoid this if the same * ENGINE and EVP_MD could be used). */ - if(ctx->engine) - ENGINE_finish(ctx->engine); - if(impl) - { - if (!ENGINE_init(impl)) - { - EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_INITIALIZATION_ERROR); + ENGINE_finish(ctx->engine); + if (impl != NULL) { + if (!ENGINE_init(impl)) { + EVPerror(EVP_R_INITIALIZATION_ERROR); return 0; - } } - else + } else /* Ask if an ENGINE is reserved for this job */ impl = ENGINE_get_digest_engine(type->type); - if(impl) - { + if (impl != NULL) { /* There's an ENGINE for this job ... (apparently) */ const EVP_MD *d = ENGINE_get_digest(impl, type->type); - if(!d) - { + if (d == NULL) { /* Same comment from evp_enc.c */ - EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_INITIALIZATION_ERROR); + EVPerror(EVP_R_INITIALIZATION_ERROR); + ENGINE_finish(impl); return 0; - } + } /* We'll use the ENGINE's private digest definition */ type = d; /* Store the ENGINE functional reference so we know * 'type' came from an ENGINE and we need to release * it when done. */ ctx->engine = impl; - } - else + } else ctx->engine = NULL; - } - else if(!ctx->digest) - { - EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_NO_DIGEST_SET); + } else if (!ctx->digest) { + EVPerror(EVP_R_NO_DIGEST_SET); return 0; + } +#endif + if (ctx->digest != type) { + if (ctx->digest && ctx->digest->ctx_size && ctx->md_data && + !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) { + freezero(ctx->md_data, ctx->digest->ctx_size); + ctx->md_data = NULL; } - if (ctx->digest != type) - { - if (ctx->digest && ctx->digest->ctx_size) - OPENSSL_free(ctx->md_data); - ctx->digest=type; - if (type->ctx_size) - ctx->md_data=OPENSSL_malloc(type->ctx_size); + ctx->digest = type; + if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size) { + ctx->update = type->update; + ctx->md_data = malloc(type->ctx_size); + if (ctx->md_data == NULL) { + EVP_PKEY_CTX_free(ctx->pctx); + ctx->pctx = NULL; + EVPerror(ERR_R_MALLOC_FAILURE); + return 0; + } } + } +#ifndef OPENSSL_NO_ENGINE skip_to_init: - return ctx->digest->init(ctx); +#endif + if (ctx->pctx) { + int r; + r = EVP_PKEY_CTX_ctrl(ctx->pctx, -1, EVP_PKEY_OP_TYPE_SIG, + EVP_PKEY_CTRL_DIGESTINIT, 0, ctx); + if (r <= 0 && (r != -2)) + return 0; } + if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) + return 1; + return ctx->digest->init(ctx); +} -int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, - unsigned int count) - { - return ctx->digest->update(ctx,data,(unsigned long)count); - } +int +EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count) +{ + return ctx->update(ctx, data, count); +} /* The caller can assume that this removes any secret data from the context */ -int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) - { +int +EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) +{ int ret; + ret = EVP_DigestFinal_ex(ctx, md, size); EVP_MD_CTX_cleanup(ctx); return ret; - } +} /* The caller can assume that this removes any secret data from the context */ -int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) - { +int +EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) +{ int ret; - ret=ctx->digest->final(ctx,md); + + if ((size_t)ctx->digest->md_size > EVP_MAX_MD_SIZE) { + EVPerror(EVP_R_TOO_LARGE); + return 0; + } + ret = ctx->digest->final(ctx, md); if (size != NULL) - *size=ctx->digest->md_size; - if (ctx->digest->cleanup) - { + *size = ctx->digest->md_size; + if (ctx->digest->cleanup) { ctx->digest->cleanup(ctx); - EVP_MD_CTX_set_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); - } - memset(ctx->md_data,0,ctx->digest->ctx_size); - return ret; + EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED); } + memset(ctx->md_data, 0, ctx->digest->ctx_size); + return ret; +} -int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in) - { +int +EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in) +{ EVP_MD_CTX_init(out); return EVP_MD_CTX_copy_ex(out, in); - } +} -int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) - { - if ((in == NULL) || (in->digest == NULL)) - { - EVPerr(EVP_F_EVP_MD_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED); +int +EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) +{ + unsigned char *tmp_buf; + + if ((in == NULL) || (in->digest == NULL)) { + EVPerror(EVP_R_INPUT_NOT_INITIALIZED); return 0; - } + } +#ifndef OPENSSL_NO_ENGINE /* Make sure it's safe to copy a digest context using an ENGINE */ - if (in->engine && !ENGINE_init(in->engine)) - { - EVPerr(EVP_F_EVP_MD_CTX_COPY,ERR_R_ENGINE_LIB); + if (in->engine && !ENGINE_init(in->engine)) { + EVPerror(ERR_R_ENGINE_LIB); return 0; - } + } +#endif + if (out->digest == in->digest) { + tmp_buf = out->md_data; + EVP_MD_CTX_set_flags(out, EVP_MD_CTX_FLAG_REUSE); + } else + tmp_buf = NULL; EVP_MD_CTX_cleanup(out); - memcpy(out,in,sizeof *out); + memcpy(out, in, sizeof *out); - if (out->digest->ctx_size) - { - out->md_data=OPENSSL_malloc(out->digest->ctx_size); - memcpy(out->md_data,in->md_data,out->digest->ctx_size); + if (in->md_data && out->digest->ctx_size) { + if (tmp_buf) + out->md_data = tmp_buf; + else { + out->md_data = malloc(out->digest->ctx_size); + if (!out->md_data) { + EVPerror(ERR_R_MALLOC_FAILURE); + return 0; + } } - + memcpy(out->md_data, in->md_data, out->digest->ctx_size); + } + + out->update = in->update; + + if (in->pctx) { + out->pctx = EVP_PKEY_CTX_dup(in->pctx); + if (!out->pctx) { + EVP_MD_CTX_cleanup(out); + return 0; + } + } + if (out->digest->copy) - return out->digest->copy(out,in); - + return out->digest->copy(out, in); + return 1; - } +} -int EVP_Digest(void *data, unsigned int count, - unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl) - { +int +EVP_Digest(const void *data, size_t count, + unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl) +{ EVP_MD_CTX ctx; int ret; EVP_MD_CTX_init(&ctx); - EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_ONESHOT); - ret=EVP_DigestInit_ex(&ctx, type, impl) - && EVP_DigestUpdate(&ctx, data, count) - && EVP_DigestFinal_ex(&ctx, md, size); + EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_ONESHOT); + ret = EVP_DigestInit_ex(&ctx, type, impl) && + EVP_DigestUpdate(&ctx, data, count) && + EVP_DigestFinal_ex(&ctx, md, size); EVP_MD_CTX_cleanup(&ctx); return ret; - } +} + +EVP_MD_CTX * +EVP_MD_CTX_new(void) +{ + return calloc(1, sizeof(EVP_MD_CTX)); +} + +void +EVP_MD_CTX_free(EVP_MD_CTX *ctx) +{ + if (ctx == NULL) + return; -void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx) - { EVP_MD_CTX_cleanup(ctx); - OPENSSL_free(ctx); - } + + free(ctx); +} + +void +EVP_MD_CTX_init(EVP_MD_CTX *ctx) +{ + memset(ctx, 0, sizeof(*ctx)); +} + +int +EVP_MD_CTX_reset(EVP_MD_CTX *ctx) +{ + return EVP_MD_CTX_cleanup(ctx); +} + +EVP_MD_CTX * +EVP_MD_CTX_create(void) +{ + return EVP_MD_CTX_new(); +} + +void +EVP_MD_CTX_destroy(EVP_MD_CTX *ctx) +{ + EVP_MD_CTX_free(ctx); +} /* This call frees resources associated with the context */ -int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) - { - /* Don't assume ctx->md_data was cleaned in EVP_Digest_Final, +int +EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) +{ + /* + * Don't assume ctx->md_data was cleaned in EVP_Digest_Final, * because sometimes only copies of the context are ever finalised. */ - if (ctx->digest && ctx->digest->cleanup - && !EVP_MD_CTX_test_flags(ctx,EVP_MD_CTX_FLAG_CLEANED)) + if (ctx->digest && ctx->digest->cleanup && + !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED)) ctx->digest->cleanup(ctx); - if (ctx->digest && ctx->digest->ctx_size && ctx->md_data) - { - memset(ctx->md_data,0,ctx->digest->ctx_size); - OPENSSL_free(ctx->md_data); - } - if(ctx->engine) - /* The EVP_MD we used belongs to an ENGINE, release the - * functional reference we held for this reason. */ - ENGINE_finish(ctx->engine); - memset(ctx,'\0',sizeof *ctx); + if (ctx->digest && ctx->digest->ctx_size && ctx->md_data && + !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) + freezero(ctx->md_data, ctx->digest->ctx_size); + EVP_PKEY_CTX_free(ctx->pctx); +#ifndef OPENSSL_NO_ENGINE + ENGINE_finish(ctx->engine); +#endif + memset(ctx, 0, sizeof(*ctx)); return 1; +} + +int +EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int type, int arg, void *ptr) +{ + int ret; + + if (!ctx->digest) { + EVPerror(EVP_R_NO_CIPHER_SET); + return 0; + } + + if (!ctx->digest->md_ctrl) { + EVPerror(EVP_R_CTRL_NOT_IMPLEMENTED); + return 0; } + + ret = ctx->digest->md_ctrl(ctx, type, arg, ptr); + if (ret == -1) { + EVPerror(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED); + return 0; + } + return ret; +} diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c index c323fa28922..6b455dc503c 100644 --- a/src/lib/libcrypto/evp/e_aes.c +++ b/src/lib/libcrypto/evp/e_aes.c @@ -1,12 +1,13 @@ +/* $OpenBSD: e_aes.c,v 1.35 2019/03/17 18:07:41 tb Exp $ */ /* ==================================================================== - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -48,54 +49,1648 @@ * */ -#ifndef OPENSSL_NO_AES -#include -#include +#include +#include #include -#include + +#include + +#ifndef OPENSSL_NO_AES #include -#include "evp_locl.h" +#include +#include -static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); +#include "evp_locl.h" +#include "modes_lcl.h" -typedef struct - { +typedef struct { AES_KEY ks; - } EVP_AES_KEY; - -#define data(ctx) EVP_C_DATA(EVP_AES_KEY,ctx) - -IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY, - NID_aes_128, 16, 16, 16, 128, - 0, aes_init_key, NULL, - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL) -IMPLEMENT_BLOCK_CIPHER(aes_192, ks, AES, EVP_AES_KEY, - NID_aes_192, 16, 24, 16, 128, - 0, aes_init_key, NULL, - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL) -IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY, - NID_aes_256, 16, 32, 16, 128, - 0, aes_init_key, NULL, - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL) - -static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) { - - if ((ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_CFB_MODE - || (ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_OFB_MODE - || enc) - AES_set_encrypt_key(key, ctx->key_len * 8, ctx->cipher_data); + block128_f block; + union { + cbc128_f cbc; + ctr128_f ctr; + } stream; +} EVP_AES_KEY; + +typedef struct { + AES_KEY ks; /* AES key schedule to use */ + int key_set; /* Set if key initialised */ + int iv_set; /* Set if an iv is set */ + GCM128_CONTEXT gcm; + unsigned char *iv; /* Temporary IV store */ + int ivlen; /* IV length */ + int taglen; + int iv_gen; /* It is OK to generate IVs */ + int tls_aad_len; /* TLS AAD length */ + ctr128_f ctr; +} EVP_AES_GCM_CTX; + +typedef struct { + AES_KEY ks1, ks2; /* AES key schedules to use */ + XTS128_CONTEXT xts; + void (*stream)(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key1, const AES_KEY *key2, + const unsigned char iv[16]); +} EVP_AES_XTS_CTX; + +typedef struct { + AES_KEY ks; /* AES key schedule to use */ + int key_set; /* Set if key initialised */ + int iv_set; /* Set if an iv is set */ + int tag_set; /* Set if tag is valid */ + int len_set; /* Set if message length set */ + int L, M; /* L and M parameters from RFC3610 */ + CCM128_CONTEXT ccm; + ccm128_f str; +} EVP_AES_CCM_CTX; + +#define MAXBITCHUNK ((size_t)1<<(sizeof(size_t)*8-4)) + +#ifdef VPAES_ASM +int vpaes_set_encrypt_key(const unsigned char *userKey, int bits, + AES_KEY *key); +int vpaes_set_decrypt_key(const unsigned char *userKey, int bits, + AES_KEY *key); + +void vpaes_encrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); +void vpaes_decrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); + +void vpaes_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, unsigned char *ivec, int enc); +#endif +#ifdef BSAES_ASM +void bsaes_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, unsigned char ivec[16], int enc); +void bsaes_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out, + size_t len, const AES_KEY *key, const unsigned char ivec[16]); +void bsaes_xts_encrypt(const unsigned char *inp, unsigned char *out, + size_t len, const AES_KEY *key1, const AES_KEY *key2, + const unsigned char iv[16]); +void bsaes_xts_decrypt(const unsigned char *inp, unsigned char *out, + size_t len, const AES_KEY *key1, const AES_KEY *key2, + const unsigned char iv[16]); +#endif +#ifdef AES_CTR_ASM +void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out, + size_t blocks, const AES_KEY *key, + const unsigned char ivec[AES_BLOCK_SIZE]); +#endif +#ifdef AES_XTS_ASM +void AES_xts_encrypt(const char *inp, char *out, size_t len, + const AES_KEY *key1, const AES_KEY *key2, const unsigned char iv[16]); +void AES_xts_decrypt(const char *inp, char *out, size_t len, + const AES_KEY *key1, const AES_KEY *key2, const unsigned char iv[16]); +#endif + +#if defined(AES_ASM) && ( \ + ((defined(__i386) || defined(__i386__) || \ + defined(_M_IX86)) && defined(OPENSSL_IA32_SSE2))|| \ + defined(__x86_64) || defined(__x86_64__) || \ + defined(_M_AMD64) || defined(_M_X64) || \ + defined(__INTEL__) ) + +#include "x86_arch.h" + +#ifdef VPAES_ASM +#define VPAES_CAPABLE (OPENSSL_cpu_caps() & CPUCAP_MASK_SSSE3) +#endif +#ifdef BSAES_ASM +#define BSAES_CAPABLE VPAES_CAPABLE +#endif +/* + * AES-NI section + */ +#define AESNI_CAPABLE (OPENSSL_cpu_caps() & CPUCAP_MASK_AESNI) + +int aesni_set_encrypt_key(const unsigned char *userKey, int bits, + AES_KEY *key); +int aesni_set_decrypt_key(const unsigned char *userKey, int bits, + AES_KEY *key); + +void aesni_encrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); +void aesni_decrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); + +void aesni_ecb_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, int enc); +void aesni_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, unsigned char *ivec, int enc); + +void aesni_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out, + size_t blocks, const void *key, const unsigned char *ivec); + +void aesni_xts_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key1, const AES_KEY *key2, + const unsigned char iv[16]); + +void aesni_xts_decrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key1, const AES_KEY *key2, + const unsigned char iv[16]); + +void aesni_ccm64_encrypt_blocks (const unsigned char *in, unsigned char *out, + size_t blocks, const void *key, const unsigned char ivec[16], + unsigned char cmac[16]); + +void aesni_ccm64_decrypt_blocks (const unsigned char *in, unsigned char *out, + size_t blocks, const void *key, const unsigned char ivec[16], + unsigned char cmac[16]); + +static int +aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ + int ret, mode; + EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; + + mode = ctx->cipher->flags & EVP_CIPH_MODE; + if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) && + !enc) { + ret = aesni_set_decrypt_key(key, ctx->key_len * 8, + ctx->cipher_data); + dat->block = (block128_f)aesni_decrypt; + dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? + (cbc128_f)aesni_cbc_encrypt : NULL; + } else { + ret = aesni_set_encrypt_key(key, ctx->key_len * 8, + ctx->cipher_data); + dat->block = (block128_f)aesni_encrypt; + if (mode == EVP_CIPH_CBC_MODE) + dat->stream.cbc = (cbc128_f)aesni_cbc_encrypt; + else if (mode == EVP_CIPH_CTR_MODE) + dat->stream.ctr = (ctr128_f)aesni_ctr32_encrypt_blocks; + else + dat->stream.cbc = NULL; + } + + if (ret < 0) { + EVPerror(EVP_R_AES_KEY_SETUP_FAILED); + return 0; + } + + return 1; +} + +static int +aesni_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) +{ + aesni_cbc_encrypt(in, out, len, ctx->cipher_data, ctx->iv, + ctx->encrypt); + + return 1; +} + +static int +aesni_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) +{ + size_t bl = ctx->cipher->block_size; + + if (len < bl) + return 1; + + aesni_ecb_encrypt(in, out, len, ctx->cipher_data, ctx->encrypt); + + return 1; +} + +#define aesni_ofb_cipher aes_ofb_cipher +static int aesni_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); + +#define aesni_cfb_cipher aes_cfb_cipher +static int aesni_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); + +#define aesni_cfb8_cipher aes_cfb8_cipher +static int aesni_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); + +#define aesni_cfb1_cipher aes_cfb1_cipher +static int aesni_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); + +#define aesni_ctr_cipher aes_ctr_cipher +static int aesni_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); + +static int +aesni_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ + EVP_AES_GCM_CTX *gctx = ctx->cipher_data; + + if (!iv && !key) + return 1; + if (key) { + aesni_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks); + CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, + (block128_f)aesni_encrypt); + gctx->ctr = (ctr128_f)aesni_ctr32_encrypt_blocks; + /* If we have an iv can set it directly, otherwise use + * saved IV. + */ + if (iv == NULL && gctx->iv_set) + iv = gctx->iv; + if (iv) { + CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen); + gctx->iv_set = 1; + } + gctx->key_set = 1; + } else { + /* If key set use IV, otherwise copy */ + if (gctx->key_set) + CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen); + else + memcpy(gctx->iv, iv, gctx->ivlen); + gctx->iv_set = 1; + gctx->iv_gen = 0; + } + return 1; +} + +#define aesni_gcm_cipher aes_gcm_cipher +static int aesni_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); + +static int +aesni_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ + EVP_AES_XTS_CTX *xctx = ctx->cipher_data; + + if (!iv && !key) + return 1; + + if (key) { + /* key_len is two AES keys */ + if (enc) { + aesni_set_encrypt_key(key, ctx->key_len * 4, + &xctx->ks1); + xctx->xts.block1 = (block128_f)aesni_encrypt; + xctx->stream = aesni_xts_encrypt; + } else { + aesni_set_decrypt_key(key, ctx->key_len * 4, + &xctx->ks1); + xctx->xts.block1 = (block128_f)aesni_decrypt; + xctx->stream = aesni_xts_decrypt; + } + + aesni_set_encrypt_key(key + ctx->key_len / 2, + ctx->key_len * 4, &xctx->ks2); + xctx->xts.block2 = (block128_f)aesni_encrypt; + + xctx->xts.key1 = &xctx->ks1; + } + + if (iv) { + xctx->xts.key2 = &xctx->ks2; + memcpy(ctx->iv, iv, 16); + } + + return 1; +} + +#define aesni_xts_cipher aes_xts_cipher +static int aesni_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); + +static int +aesni_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ + EVP_AES_CCM_CTX *cctx = ctx->cipher_data; + + if (!iv && !key) + return 1; + if (key) { + aesni_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks); + CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, + &cctx->ks, (block128_f)aesni_encrypt); + cctx->str = enc ? (ccm128_f)aesni_ccm64_encrypt_blocks : + (ccm128_f)aesni_ccm64_decrypt_blocks; + cctx->key_set = 1; + } + if (iv) { + memcpy(ctx->iv, iv, 15 - cctx->L); + cctx->iv_set = 1; + } + return 1; +} + +#define aesni_ccm_cipher aes_ccm_cipher +static int aesni_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); + +#define BLOCK_CIPHER_generic(n,keylen,blocksize,ivlen,nmode,mode,MODE,fl) \ +static const EVP_CIPHER aesni_##keylen##_##mode = { \ + .nid = n##_##keylen##_##nmode, \ + .block_size = blocksize, \ + .key_len = keylen / 8, \ + .iv_len = ivlen, \ + .flags = fl | EVP_CIPH_##MODE##_MODE, \ + .init = aesni_init_key, \ + .do_cipher = aesni_##mode##_cipher, \ + .ctx_size = sizeof(EVP_AES_KEY) \ +}; \ +static const EVP_CIPHER aes_##keylen##_##mode = { \ + .nid = n##_##keylen##_##nmode, \ + .block_size = blocksize, \ + .key_len = keylen / 8, \ + .iv_len = ivlen, \ + .flags = fl | EVP_CIPH_##MODE##_MODE, \ + .init = aes_init_key, \ + .do_cipher = aes_##mode##_cipher, \ + .ctx_size = sizeof(EVP_AES_KEY) \ +}; \ +const EVP_CIPHER * \ +EVP_aes_##keylen##_##mode(void) \ +{ \ + return AESNI_CAPABLE ? \ + &aesni_##keylen##_##mode : &aes_##keylen##_##mode; \ +} + +#define BLOCK_CIPHER_custom(n,keylen,blocksize,ivlen,mode,MODE,fl) \ +static const EVP_CIPHER aesni_##keylen##_##mode = { \ + .nid = n##_##keylen##_##mode, \ + .block_size = blocksize, \ + .key_len = \ + (EVP_CIPH_##MODE##_MODE == EVP_CIPH_XTS_MODE ? 2 : 1) * \ + keylen / 8, \ + .iv_len = ivlen, \ + .flags = fl | EVP_CIPH_##MODE##_MODE, \ + .init = aesni_##mode##_init_key, \ + .do_cipher = aesni_##mode##_cipher, \ + .cleanup = aes_##mode##_cleanup, \ + .ctx_size = sizeof(EVP_AES_##MODE##_CTX), \ + .ctrl = aes_##mode##_ctrl \ +}; \ +static const EVP_CIPHER aes_##keylen##_##mode = { \ + .nid = n##_##keylen##_##mode, \ + .block_size = blocksize, \ + .key_len = \ + (EVP_CIPH_##MODE##_MODE == EVP_CIPH_XTS_MODE ? 2 : 1) * \ + keylen / 8, \ + .iv_len = ivlen, \ + .flags = fl | EVP_CIPH_##MODE##_MODE, \ + .init = aes_##mode##_init_key, \ + .do_cipher = aes_##mode##_cipher, \ + .cleanup = aes_##mode##_cleanup, \ + .ctx_size = sizeof(EVP_AES_##MODE##_CTX), \ + .ctrl = aes_##mode##_ctrl \ +}; \ +const EVP_CIPHER * \ +EVP_aes_##keylen##_##mode(void) \ +{ \ + return AESNI_CAPABLE ? \ + &aesni_##keylen##_##mode : &aes_##keylen##_##mode; \ +} + +#else + +#define BLOCK_CIPHER_generic(n,keylen,blocksize,ivlen,nmode,mode,MODE,fl) \ +static const EVP_CIPHER aes_##keylen##_##mode = { \ + .nid = n##_##keylen##_##nmode, \ + .block_size = blocksize, \ + .key_len = keylen / 8, \ + .iv_len = ivlen, \ + .flags = fl | EVP_CIPH_##MODE##_MODE, \ + .init = aes_init_key, \ + .do_cipher = aes_##mode##_cipher, \ + .ctx_size = sizeof(EVP_AES_KEY) \ +}; \ +const EVP_CIPHER * \ +EVP_aes_##keylen##_##mode(void) \ +{ \ + return &aes_##keylen##_##mode; \ +} + +#define BLOCK_CIPHER_custom(n,keylen,blocksize,ivlen,mode,MODE,fl) \ +static const EVP_CIPHER aes_##keylen##_##mode = { \ + .nid = n##_##keylen##_##mode, \ + .block_size = blocksize, \ + .key_len = \ + (EVP_CIPH_##MODE##_MODE == EVP_CIPH_XTS_MODE ? 2 : 1) * \ + keylen / 8, \ + .iv_len = ivlen, \ + .flags = fl | EVP_CIPH_##MODE##_MODE, \ + .init = aes_##mode##_init_key, \ + .do_cipher = aes_##mode##_cipher, \ + .cleanup = aes_##mode##_cleanup, \ + .ctx_size = sizeof(EVP_AES_##MODE##_CTX), \ + .ctrl = aes_##mode##_ctrl \ +}; \ +const EVP_CIPHER * \ +EVP_aes_##keylen##_##mode(void) \ +{ \ + return &aes_##keylen##_##mode; \ +} + +#endif + +#define BLOCK_CIPHER_generic_pack(nid,keylen,flags) \ + BLOCK_CIPHER_generic(nid,keylen,16,16,cbc,cbc,CBC,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ + BLOCK_CIPHER_generic(nid,keylen,16,0,ecb,ecb,ECB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ + BLOCK_CIPHER_generic(nid,keylen,1,16,ofb128,ofb,OFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ + BLOCK_CIPHER_generic(nid,keylen,1,16,cfb128,cfb,CFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ + BLOCK_CIPHER_generic(nid,keylen,1,16,cfb1,cfb1,CFB,flags) \ + BLOCK_CIPHER_generic(nid,keylen,1,16,cfb8,cfb8,CFB,flags) \ + BLOCK_CIPHER_generic(nid,keylen,1,16,ctr,ctr,CTR,flags) + +static int +aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ + int ret, mode; + EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; + + mode = ctx->cipher->flags & EVP_CIPH_MODE; + if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) && + !enc) +#ifdef BSAES_CAPABLE + if (BSAES_CAPABLE && mode == EVP_CIPH_CBC_MODE) { + ret = AES_set_decrypt_key(key, ctx->key_len * 8, + &dat->ks); + dat->block = (block128_f)AES_decrypt; + dat->stream.cbc = (cbc128_f)bsaes_cbc_encrypt; + } else +#endif +#ifdef VPAES_CAPABLE + if (VPAES_CAPABLE) { + ret = vpaes_set_decrypt_key(key, ctx->key_len * 8, + &dat->ks); + dat->block = (block128_f)vpaes_decrypt; + dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? + (cbc128_f)vpaes_cbc_encrypt : NULL; + } else +#endif + { + ret = AES_set_decrypt_key(key, ctx->key_len * 8, + &dat->ks); + dat->block = (block128_f)AES_decrypt; + dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? + (cbc128_f)AES_cbc_encrypt : NULL; + } else +#ifdef BSAES_CAPABLE + if (BSAES_CAPABLE && mode == EVP_CIPH_CTR_MODE) { + ret = AES_set_encrypt_key(key, ctx->key_len * 8, + &dat->ks); + dat->block = (block128_f)AES_encrypt; + dat->stream.ctr = (ctr128_f)bsaes_ctr32_encrypt_blocks; + } else +#endif +#ifdef VPAES_CAPABLE + if (VPAES_CAPABLE) { + ret = vpaes_set_encrypt_key(key, ctx->key_len * 8, + &dat->ks); + dat->block = (block128_f)vpaes_encrypt; + dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? + (cbc128_f)vpaes_cbc_encrypt : NULL; + } else +#endif + { + ret = AES_set_encrypt_key(key, ctx->key_len * 8, + &dat->ks); + dat->block = (block128_f)AES_encrypt; + dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ? + (cbc128_f)AES_cbc_encrypt : NULL; +#ifdef AES_CTR_ASM + if (mode == EVP_CIPH_CTR_MODE) + dat->stream.ctr = (ctr128_f)AES_ctr32_encrypt; +#endif + } + + if (ret < 0) { + EVPerror(EVP_R_AES_KEY_SETUP_FAILED); + return 0; + } + + return 1; +} + +static int +aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) +{ + EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; + + if (dat->stream.cbc) + (*dat->stream.cbc)(in, out, len, &dat->ks, ctx->iv, + ctx->encrypt); + else if (ctx->encrypt) + CRYPTO_cbc128_encrypt(in, out, len, &dat->ks, ctx->iv, + dat->block); else - AES_set_decrypt_key(key, ctx->key_len * 8, ctx->cipher_data); + CRYPTO_cbc128_decrypt(in, out, len, &dat->ks, ctx->iv, + dat->block); + + return 1; +} + +static int +aes_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) +{ + size_t bl = ctx->cipher->block_size; + size_t i; + EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; + + if (len < bl) + return 1; + + for (i = 0, len -= bl; i <= len; i += bl) + (*dat->block)(in + i, out + i, &dat->ks); return 1; } +static int +aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) +{ + EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; + + CRYPTO_ofb128_encrypt(in, out, len, &dat->ks, ctx->iv, &ctx->num, + dat->block); + return 1; +} + +static int +aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) +{ + EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; + + CRYPTO_cfb128_encrypt(in, out, len, &dat->ks, ctx->iv, &ctx->num, + ctx->encrypt, dat->block); + return 1; +} + +static int +aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) +{ + EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; + + CRYPTO_cfb128_8_encrypt(in, out, len, &dat->ks, ctx->iv, &ctx->num, + ctx->encrypt, dat->block); + return 1; +} + +static int +aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) +{ + EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; + + if (ctx->flags&EVP_CIPH_FLAG_LENGTH_BITS) { + CRYPTO_cfb128_1_encrypt(in, out, len, &dat->ks, ctx->iv, + &ctx->num, ctx->encrypt, dat->block); + return 1; + } + + while (len >= MAXBITCHUNK) { + CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK*8, &dat->ks, + ctx->iv, &ctx->num, ctx->encrypt, dat->block); + len -= MAXBITCHUNK; + } + if (len) + CRYPTO_cfb128_1_encrypt(in, out, len*8, &dat->ks, + ctx->iv, &ctx->num, ctx->encrypt, dat->block); + + return 1; +} + +static int aes_ctr_cipher (EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) +{ + unsigned int num = ctx->num; + EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data; + + if (dat->stream.ctr) + CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks, + ctx->iv, ctx->buf, &num, dat->stream.ctr); + else + CRYPTO_ctr128_encrypt(in, out, len, &dat->ks, + ctx->iv, ctx->buf, &num, dat->block); + ctx->num = (size_t)num; + return 1; +} + +BLOCK_CIPHER_generic_pack(NID_aes, 128, EVP_CIPH_FLAG_FIPS) +BLOCK_CIPHER_generic_pack(NID_aes, 192, EVP_CIPH_FLAG_FIPS) +BLOCK_CIPHER_generic_pack(NID_aes, 256, EVP_CIPH_FLAG_FIPS) + +static int +aes_gcm_cleanup(EVP_CIPHER_CTX *c) +{ + EVP_AES_GCM_CTX *gctx = c->cipher_data; + + if (gctx->iv != c->iv) + free(gctx->iv); + explicit_bzero(gctx, sizeof(*gctx)); + return 1; +} + +/* increment counter (64-bit int) by 1 */ +static void +ctr64_inc(unsigned char *counter) +{ + int n = 8; + unsigned char c; + + do { + --n; + c = counter[n]; + ++c; + counter[n] = c; + if (c) + return; + } while (n); +} + +static int +aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) +{ + EVP_AES_GCM_CTX *gctx = c->cipher_data; + + switch (type) { + case EVP_CTRL_INIT: + gctx->key_set = 0; + gctx->iv_set = 0; + gctx->ivlen = c->cipher->iv_len; + gctx->iv = c->iv; + gctx->taglen = -1; + gctx->iv_gen = 0; + gctx->tls_aad_len = -1; + return 1; + + case EVP_CTRL_GCM_SET_IVLEN: + if (arg <= 0) + return 0; + /* Allocate memory for IV if needed */ + if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen)) { + if (gctx->iv != c->iv) + free(gctx->iv); + gctx->iv = malloc(arg); + if (!gctx->iv) + return 0; + } + gctx->ivlen = arg; + return 1; + + case EVP_CTRL_GCM_SET_TAG: + if (arg <= 0 || arg > 16 || c->encrypt) + return 0; + memcpy(c->buf, ptr, arg); + gctx->taglen = arg; + return 1; + + case EVP_CTRL_GCM_GET_TAG: + if (arg <= 0 || arg > 16 || !c->encrypt || gctx->taglen < 0) + return 0; + memcpy(ptr, c->buf, arg); + return 1; + + case EVP_CTRL_GCM_SET_IV_FIXED: + /* Special case: -1 length restores whole IV */ + if (arg == -1) { + memcpy(gctx->iv, ptr, gctx->ivlen); + gctx->iv_gen = 1; + return 1; + } + /* Fixed field must be at least 4 bytes and invocation field + * at least 8. + */ + if ((arg < 4) || (gctx->ivlen - arg) < 8) + return 0; + if (arg) + memcpy(gctx->iv, ptr, arg); + if (c->encrypt) + arc4random_buf(gctx->iv + arg, gctx->ivlen - arg); + gctx->iv_gen = 1; + return 1; + + case EVP_CTRL_GCM_IV_GEN: + if (gctx->iv_gen == 0 || gctx->key_set == 0) + return 0; + CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen); + if (arg <= 0 || arg > gctx->ivlen) + arg = gctx->ivlen; + memcpy(ptr, gctx->iv + gctx->ivlen - arg, arg); + /* Invocation field will be at least 8 bytes in size and + * so no need to check wrap around or increment more than + * last 8 bytes. + */ + ctr64_inc(gctx->iv + gctx->ivlen - 8); + gctx->iv_set = 1; + return 1; + + case EVP_CTRL_GCM_SET_IV_INV: + if (gctx->iv_gen == 0 || gctx->key_set == 0 || c->encrypt) + return 0; + memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg); + CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen); + gctx->iv_set = 1; + return 1; + + case EVP_CTRL_AEAD_TLS1_AAD: + /* Save the AAD for later use */ + if (arg != 13) + return 0; + memcpy(c->buf, ptr, arg); + gctx->tls_aad_len = arg; + { + unsigned int len = c->buf[arg - 2] << 8 | + c->buf[arg - 1]; + + /* Correct length for explicit IV */ + if (len < EVP_GCM_TLS_EXPLICIT_IV_LEN) + return 0; + len -= EVP_GCM_TLS_EXPLICIT_IV_LEN; + + /* If decrypting correct for tag too */ + if (!c->encrypt) { + if (len < EVP_GCM_TLS_TAG_LEN) + return 0; + len -= EVP_GCM_TLS_TAG_LEN; + } + c->buf[arg - 2] = len >> 8; + c->buf[arg - 1] = len & 0xff; + } + /* Extra padding: tag appended to record */ + return EVP_GCM_TLS_TAG_LEN; + + case EVP_CTRL_COPY: + { + EVP_CIPHER_CTX *out = ptr; + EVP_AES_GCM_CTX *gctx_out = out->cipher_data; + + if (gctx->gcm.key) { + if (gctx->gcm.key != &gctx->ks) + return 0; + gctx_out->gcm.key = &gctx_out->ks; + } + if (gctx->iv == c->iv) + gctx_out->iv = out->iv; + else { + gctx_out->iv = malloc(gctx->ivlen); + if (!gctx_out->iv) + return 0; + memcpy(gctx_out->iv, gctx->iv, gctx->ivlen); + } + return 1; + } + + default: + return -1; + + } +} + +static ctr128_f +aes_gcm_set_key(AES_KEY *aes_key, GCM128_CONTEXT *gcm_ctx, + const unsigned char *key, size_t key_len) +{ +#ifdef BSAES_CAPABLE + if (BSAES_CAPABLE) { + AES_set_encrypt_key(key, key_len * 8, aes_key); + CRYPTO_gcm128_init(gcm_ctx, aes_key, (block128_f)AES_encrypt); + return (ctr128_f)bsaes_ctr32_encrypt_blocks; + } else +#endif +#ifdef VPAES_CAPABLE + if (VPAES_CAPABLE) { + vpaes_set_encrypt_key(key, key_len * 8, aes_key); + CRYPTO_gcm128_init(gcm_ctx, aes_key, (block128_f)vpaes_encrypt); + return NULL; + } else +#endif + (void)0; /* terminate potentially open 'else' */ + + AES_set_encrypt_key(key, key_len * 8, aes_key); + CRYPTO_gcm128_init(gcm_ctx, aes_key, (block128_f)AES_encrypt); +#ifdef AES_CTR_ASM + return (ctr128_f)AES_ctr32_encrypt; +#else + return NULL; +#endif +} + +static int +aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ + EVP_AES_GCM_CTX *gctx = ctx->cipher_data; + + if (!iv && !key) + return 1; + if (key) { + gctx->ctr = aes_gcm_set_key(&gctx->ks, &gctx->gcm, + key, ctx->key_len); + + /* If we have an iv can set it directly, otherwise use + * saved IV. + */ + if (iv == NULL && gctx->iv_set) + iv = gctx->iv; + if (iv) { + CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen); + gctx->iv_set = 1; + } + gctx->key_set = 1; + } else { + /* If key set use IV, otherwise copy */ + if (gctx->key_set) + CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen); + else + memcpy(gctx->iv, iv, gctx->ivlen); + gctx->iv_set = 1; + gctx->iv_gen = 0; + } + return 1; +} + +/* Handle TLS GCM packet format. This consists of the last portion of the IV + * followed by the payload and finally the tag. On encrypt generate IV, + * encrypt payload and write the tag. On verify retrieve IV, decrypt payload + * and verify tag. + */ + +static int +aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) +{ + EVP_AES_GCM_CTX *gctx = ctx->cipher_data; + int rv = -1; + + /* Encrypt/decrypt must be performed in place */ + if (out != in || + len < (EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN)) + return -1; + + /* Set IV from start of buffer or generate IV and write to start + * of buffer. + */ + if (EVP_CIPHER_CTX_ctrl(ctx, ctx->encrypt ? + EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV, + EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0) + goto err; + + /* Use saved AAD */ + if (CRYPTO_gcm128_aad(&gctx->gcm, ctx->buf, gctx->tls_aad_len)) + goto err; + + /* Fix buffer and length to point to payload */ + in += EVP_GCM_TLS_EXPLICIT_IV_LEN; + out += EVP_GCM_TLS_EXPLICIT_IV_LEN; + len -= EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN; + if (ctx->encrypt) { + /* Encrypt payload */ + if (gctx->ctr) { + if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm, in, out, + len, gctx->ctr)) + goto err; + } else { + if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, len)) + goto err; + } + out += len; + + /* Finally write tag */ + CRYPTO_gcm128_tag(&gctx->gcm, out, EVP_GCM_TLS_TAG_LEN); + rv = len + EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN; + } else { + /* Decrypt */ + if (gctx->ctr) { + if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm, in, out, + len, gctx->ctr)) + goto err; + } else { + if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, len)) + goto err; + } + /* Retrieve tag */ + CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, EVP_GCM_TLS_TAG_LEN); + + /* If tag mismatch wipe buffer */ + if (memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN)) { + explicit_bzero(out, len); + goto err; + } + rv = len; + } + +err: + gctx->iv_set = 0; + gctx->tls_aad_len = -1; + return rv; +} + +static int +aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) +{ + EVP_AES_GCM_CTX *gctx = ctx->cipher_data; + + /* If not set up, return error */ + if (!gctx->key_set) + return -1; + + if (gctx->tls_aad_len >= 0) + return aes_gcm_tls_cipher(ctx, out, in, len); + + if (!gctx->iv_set) + return -1; + + if (in) { + if (out == NULL) { + if (CRYPTO_gcm128_aad(&gctx->gcm, in, len)) + return -1; + } else if (ctx->encrypt) { + if (gctx->ctr) { + if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm, + in, out, len, gctx->ctr)) + return -1; + } else { + if (CRYPTO_gcm128_encrypt(&gctx->gcm, + in, out, len)) + return -1; + } + } else { + if (gctx->ctr) { + if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm, + in, out, len, gctx->ctr)) + return -1; + } else { + if (CRYPTO_gcm128_decrypt(&gctx->gcm, + in, out, len)) + return -1; + } + } + return len; + } else { + if (!ctx->encrypt) { + if (gctx->taglen < 0) + return -1; + if (CRYPTO_gcm128_finish(&gctx->gcm, ctx->buf, + gctx->taglen) != 0) + return -1; + gctx->iv_set = 0; + return 0; + } + CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, 16); + gctx->taglen = 16; + + /* Don't reuse the IV */ + gctx->iv_set = 0; + return 0; + } + +} + +#define CUSTOM_FLAGS \ + ( EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CUSTOM_IV | \ + EVP_CIPH_FLAG_CUSTOM_CIPHER | EVP_CIPH_ALWAYS_CALL_INIT | \ + EVP_CIPH_CTRL_INIT | EVP_CIPH_CUSTOM_COPY ) + +BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, gcm, GCM, + EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS) +BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, gcm, GCM, + EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS) +BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, gcm, GCM, + EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS) + +static int +aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) +{ + EVP_AES_XTS_CTX *xctx = c->cipher_data; + + switch (type) { + case EVP_CTRL_INIT: + /* + * key1 and key2 are used as an indicator both key and IV + * are set + */ + xctx->xts.key1 = NULL; + xctx->xts.key2 = NULL; + return 1; + + case EVP_CTRL_COPY: + { + EVP_CIPHER_CTX *out = ptr; + EVP_AES_XTS_CTX *xctx_out = out->cipher_data; + + if (xctx->xts.key1) { + if (xctx->xts.key1 != &xctx->ks1) + return 0; + xctx_out->xts.key1 = &xctx_out->ks1; + } + if (xctx->xts.key2) { + if (xctx->xts.key2 != &xctx->ks2) + return 0; + xctx_out->xts.key2 = &xctx_out->ks2; + } + return 1; + } + } + return -1; +} + +static int +aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ + EVP_AES_XTS_CTX *xctx = ctx->cipher_data; + + if (!iv && !key) + return 1; + + if (key) do { +#ifdef AES_XTS_ASM + xctx->stream = enc ? AES_xts_encrypt : AES_xts_decrypt; +#else + xctx->stream = NULL; +#endif + /* key_len is two AES keys */ +#ifdef BSAES_CAPABLE + if (BSAES_CAPABLE) + xctx->stream = enc ? bsaes_xts_encrypt : + bsaes_xts_decrypt; + else +#endif +#ifdef VPAES_CAPABLE + if (VPAES_CAPABLE) { + if (enc) { + vpaes_set_encrypt_key(key, ctx->key_len * 4, + &xctx->ks1); + xctx->xts.block1 = (block128_f)vpaes_encrypt; + } else { + vpaes_set_decrypt_key(key, ctx->key_len * 4, + &xctx->ks1); + xctx->xts.block1 = (block128_f)vpaes_decrypt; + } + + vpaes_set_encrypt_key(key + ctx->key_len / 2, + ctx->key_len * 4, &xctx->ks2); + xctx->xts.block2 = (block128_f)vpaes_encrypt; + + xctx->xts.key1 = &xctx->ks1; + break; + } else +#endif + (void)0; /* terminate potentially open 'else' */ + + if (enc) { + AES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1); + xctx->xts.block1 = (block128_f)AES_encrypt; + } else { + AES_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1); + xctx->xts.block1 = (block128_f)AES_decrypt; + } + + AES_set_encrypt_key(key + ctx->key_len / 2, + ctx->key_len * 4, &xctx->ks2); + xctx->xts.block2 = (block128_f)AES_encrypt; + + xctx->xts.key1 = &xctx->ks1; + } while (0); + + if (iv) { + xctx->xts.key2 = &xctx->ks2; + memcpy(ctx->iv, iv, 16); + } + + return 1; +} + +static int +aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) +{ + EVP_AES_XTS_CTX *xctx = ctx->cipher_data; + + if (!xctx->xts.key1 || !xctx->xts.key2) + return 0; + if (!out || !in || len < AES_BLOCK_SIZE) + return 0; + + if (xctx->stream) + (*xctx->stream)(in, out, len, xctx->xts.key1, xctx->xts.key2, + ctx->iv); + else if (CRYPTO_xts128_encrypt(&xctx->xts, ctx->iv, in, out, len, + ctx->encrypt)) + return 0; + return 1; +} + +#define aes_xts_cleanup NULL + +#define XTS_FLAGS \ + ( EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CUSTOM_IV | \ + EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT | EVP_CIPH_CUSTOM_COPY ) + +BLOCK_CIPHER_custom(NID_aes, 128, 1, 16, xts, XTS, EVP_CIPH_FLAG_FIPS|XTS_FLAGS) +BLOCK_CIPHER_custom(NID_aes, 256, 1, 16, xts, XTS, EVP_CIPH_FLAG_FIPS|XTS_FLAGS) + +static int +aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) +{ + EVP_AES_CCM_CTX *cctx = c->cipher_data; + + switch (type) { + case EVP_CTRL_INIT: + cctx->key_set = 0; + cctx->iv_set = 0; + cctx->L = 8; + cctx->M = 12; + cctx->tag_set = 0; + cctx->len_set = 0; + return 1; + + case EVP_CTRL_CCM_SET_IVLEN: + arg = 15 - arg; + + case EVP_CTRL_CCM_SET_L: + if (arg < 2 || arg > 8) + return 0; + cctx->L = arg; + return 1; + + case EVP_CTRL_CCM_SET_TAG: + if ((arg & 1) || arg < 4 || arg > 16) + return 0; + if ((c->encrypt && ptr) || (!c->encrypt && !ptr)) + return 0; + if (ptr) { + cctx->tag_set = 1; + memcpy(c->buf, ptr, arg); + } + cctx->M = arg; + return 1; + + case EVP_CTRL_CCM_GET_TAG: + if (!c->encrypt || !cctx->tag_set) + return 0; + if (!CRYPTO_ccm128_tag(&cctx->ccm, ptr, (size_t)arg)) + return 0; + cctx->tag_set = 0; + cctx->iv_set = 0; + cctx->len_set = 0; + return 1; + + case EVP_CTRL_COPY: + { + EVP_CIPHER_CTX *out = ptr; + EVP_AES_CCM_CTX *cctx_out = out->cipher_data; + + if (cctx->ccm.key) { + if (cctx->ccm.key != &cctx->ks) + return 0; + cctx_out->ccm.key = &cctx_out->ks; + } + return 1; + } + + default: + return -1; + } +} + +static int +aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ + EVP_AES_CCM_CTX *cctx = ctx->cipher_data; + + if (!iv && !key) + return 1; + if (key) do { +#ifdef VPAES_CAPABLE + if (VPAES_CAPABLE) { + vpaes_set_encrypt_key(key, ctx->key_len*8, &cctx->ks); + CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, + &cctx->ks, (block128_f)vpaes_encrypt); + cctx->str = NULL; + cctx->key_set = 1; + break; + } +#endif + AES_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks); + CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, + &cctx->ks, (block128_f)AES_encrypt); + cctx->str = NULL; + cctx->key_set = 1; + } while (0); + if (iv) { + memcpy(ctx->iv, iv, 15 - cctx->L); + cctx->iv_set = 1; + } + return 1; +} + +static int +aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) +{ + EVP_AES_CCM_CTX *cctx = ctx->cipher_data; + CCM128_CONTEXT *ccm = &cctx->ccm; + + /* If not set up, return error */ + if (!cctx->iv_set && !cctx->key_set) + return -1; + if (!ctx->encrypt && !cctx->tag_set) + return -1; + + if (!out) { + if (!in) { + if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L, + len)) + return -1; + cctx->len_set = 1; + return len; + } + /* If have AAD need message length */ + if (!cctx->len_set && len) + return -1; + CRYPTO_ccm128_aad(ccm, in, len); + return len; + } + /* EVP_*Final() doesn't return any data */ + if (!in) + return 0; + /* If not set length yet do it */ + if (!cctx->len_set) { + if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L, len)) + return -1; + cctx->len_set = 1; + } + if (ctx->encrypt) { + if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len, + cctx->str) : CRYPTO_ccm128_encrypt(ccm, in, out, len)) + return -1; + cctx->tag_set = 1; + return len; + } else { + int rv = -1; + if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len, + cctx->str) : !CRYPTO_ccm128_decrypt(ccm, in, out, len)) { + unsigned char tag[16]; + if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) { + if (!memcmp(tag, ctx->buf, cctx->M)) + rv = len; + } + } + if (rv == -1) + explicit_bzero(out, len); + cctx->iv_set = 0; + cctx->tag_set = 0; + cctx->len_set = 0; + return rv; + } + +} + +#define aes_ccm_cleanup NULL + +BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, ccm, CCM, + EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS) +BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, ccm, CCM, + EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS) +BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, ccm, CCM, + EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS) + +#define EVP_AEAD_AES_GCM_TAG_LEN 16 + +struct aead_aes_gcm_ctx { + union { + double align; + AES_KEY ks; + } ks; + GCM128_CONTEXT gcm; + ctr128_f ctr; + unsigned char tag_len; +}; + +static int +aead_aes_gcm_init(EVP_AEAD_CTX *ctx, const unsigned char *key, size_t key_len, + size_t tag_len) +{ + struct aead_aes_gcm_ctx *gcm_ctx; + const size_t key_bits = key_len * 8; + + /* EVP_AEAD_CTX_init should catch this. */ + if (key_bits != 128 && key_bits != 256) { + EVPerror(EVP_R_BAD_KEY_LENGTH); + return 0; + } + + if (tag_len == EVP_AEAD_DEFAULT_TAG_LENGTH) + tag_len = EVP_AEAD_AES_GCM_TAG_LEN; + + if (tag_len > EVP_AEAD_AES_GCM_TAG_LEN) { + EVPerror(EVP_R_TAG_TOO_LARGE); + return 0; + } + + gcm_ctx = malloc(sizeof(struct aead_aes_gcm_ctx)); + if (gcm_ctx == NULL) + return 0; + +#ifdef AESNI_CAPABLE + if (AESNI_CAPABLE) { + aesni_set_encrypt_key(key, key_bits, &gcm_ctx->ks.ks); + CRYPTO_gcm128_init(&gcm_ctx->gcm, &gcm_ctx->ks.ks, + (block128_f)aesni_encrypt); + gcm_ctx->ctr = (ctr128_f) aesni_ctr32_encrypt_blocks; + } else +#endif + { + gcm_ctx->ctr = aes_gcm_set_key(&gcm_ctx->ks.ks, &gcm_ctx->gcm, + key, key_len); + } + gcm_ctx->tag_len = tag_len; + ctx->aead_state = gcm_ctx; + + return 1; +} + +static void +aead_aes_gcm_cleanup(EVP_AEAD_CTX *ctx) +{ + struct aead_aes_gcm_ctx *gcm_ctx = ctx->aead_state; + + freezero(gcm_ctx, sizeof(*gcm_ctx)); +} + +static int +aead_aes_gcm_seal(const EVP_AEAD_CTX *ctx, unsigned char *out, size_t *out_len, + size_t max_out_len, const unsigned char *nonce, size_t nonce_len, + const unsigned char *in, size_t in_len, const unsigned char *ad, + size_t ad_len) +{ + const struct aead_aes_gcm_ctx *gcm_ctx = ctx->aead_state; + GCM128_CONTEXT gcm; + size_t bulk = 0; + + if (max_out_len < in_len + gcm_ctx->tag_len) { + EVPerror(EVP_R_BUFFER_TOO_SMALL); + return 0; + } + + memcpy(&gcm, &gcm_ctx->gcm, sizeof(gcm)); + CRYPTO_gcm128_setiv(&gcm, nonce, nonce_len); + + if (ad_len > 0 && CRYPTO_gcm128_aad(&gcm, ad, ad_len)) + return 0; + + if (gcm_ctx->ctr) { + if (CRYPTO_gcm128_encrypt_ctr32(&gcm, in + bulk, out + bulk, + in_len - bulk, gcm_ctx->ctr)) + return 0; + } else { + if (CRYPTO_gcm128_encrypt(&gcm, in + bulk, out + bulk, + in_len - bulk)) + return 0; + } + + CRYPTO_gcm128_tag(&gcm, out + in_len, gcm_ctx->tag_len); + *out_len = in_len + gcm_ctx->tag_len; + + return 1; +} + +static int +aead_aes_gcm_open(const EVP_AEAD_CTX *ctx, unsigned char *out, size_t *out_len, + size_t max_out_len, const unsigned char *nonce, size_t nonce_len, + const unsigned char *in, size_t in_len, const unsigned char *ad, + size_t ad_len) +{ + const struct aead_aes_gcm_ctx *gcm_ctx = ctx->aead_state; + unsigned char tag[EVP_AEAD_AES_GCM_TAG_LEN]; + GCM128_CONTEXT gcm; + size_t plaintext_len; + size_t bulk = 0; + + if (in_len < gcm_ctx->tag_len) { + EVPerror(EVP_R_BAD_DECRYPT); + return 0; + } + + plaintext_len = in_len - gcm_ctx->tag_len; + + if (max_out_len < plaintext_len) { + EVPerror(EVP_R_BUFFER_TOO_SMALL); + return 0; + } + + memcpy(&gcm, &gcm_ctx->gcm, sizeof(gcm)); + CRYPTO_gcm128_setiv(&gcm, nonce, nonce_len); + + if (CRYPTO_gcm128_aad(&gcm, ad, ad_len)) + return 0; + + if (gcm_ctx->ctr) { + if (CRYPTO_gcm128_decrypt_ctr32(&gcm, in + bulk, out + bulk, + in_len - bulk - gcm_ctx->tag_len, gcm_ctx->ctr)) + return 0; + } else { + if (CRYPTO_gcm128_decrypt(&gcm, in + bulk, out + bulk, + in_len - bulk - gcm_ctx->tag_len)) + return 0; + } + + CRYPTO_gcm128_tag(&gcm, tag, gcm_ctx->tag_len); + if (timingsafe_memcmp(tag, in + plaintext_len, gcm_ctx->tag_len) != 0) { + EVPerror(EVP_R_BAD_DECRYPT); + return 0; + } + + *out_len = plaintext_len; + + return 1; +} + +static const EVP_AEAD aead_aes_128_gcm = { + .key_len = 16, + .nonce_len = 12, + .overhead = EVP_AEAD_AES_GCM_TAG_LEN, + .max_tag_len = EVP_AEAD_AES_GCM_TAG_LEN, + + .init = aead_aes_gcm_init, + .cleanup = aead_aes_gcm_cleanup, + .seal = aead_aes_gcm_seal, + .open = aead_aes_gcm_open, +}; + +static const EVP_AEAD aead_aes_256_gcm = { + .key_len = 32, + .nonce_len = 12, + .overhead = EVP_AEAD_AES_GCM_TAG_LEN, + .max_tag_len = EVP_AEAD_AES_GCM_TAG_LEN, + + .init = aead_aes_gcm_init, + .cleanup = aead_aes_gcm_cleanup, + .seal = aead_aes_gcm_seal, + .open = aead_aes_gcm_open, +}; + +const EVP_AEAD * +EVP_aead_aes_128_gcm(void) +{ + return &aead_aes_128_gcm; +} + +const EVP_AEAD * +EVP_aead_aes_256_gcm(void) +{ + return &aead_aes_256_gcm; +} + +typedef struct { + union { + double align; + AES_KEY ks; + } ks; + unsigned char *iv; +} EVP_AES_WRAP_CTX; + +static int +aes_wrap_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ + EVP_AES_WRAP_CTX *wctx = (EVP_AES_WRAP_CTX *)ctx->cipher_data; + + if (iv == NULL && key == NULL) + return 1; + + if (key != NULL) { + if (ctx->encrypt) + AES_set_encrypt_key(key, 8 * ctx->key_len, + &wctx->ks.ks); + else + AES_set_decrypt_key(key, 8 * ctx->key_len, + &wctx->ks.ks); + + if (iv == NULL) + wctx->iv = NULL; + } + + if (iv != NULL) { + memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx)); + wctx->iv = ctx->iv; + } + + return 1; +} + +static int +aes_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inlen) +{ + EVP_AES_WRAP_CTX *wctx = ctx->cipher_data; + int ret; + + if (in == NULL) + return 0; + + if (inlen % 8 != 0) + return -1; + if (ctx->encrypt && inlen < 8) + return -1; + if (!ctx->encrypt && inlen < 16) + return -1; + if (inlen > INT_MAX) + return -1; + + if (out == NULL) { + if (ctx->encrypt) + return inlen + 8; + else + return inlen - 8; + } + + if (ctx->encrypt) + ret = AES_wrap_key(&wctx->ks.ks, wctx->iv, out, in, + (unsigned int)inlen); + else + ret = AES_unwrap_key(&wctx->ks.ks, wctx->iv, out, in, + (unsigned int)inlen); + + return ret != 0 ? ret : -1; +} + +#define WRAP_FLAGS \ + ( EVP_CIPH_WRAP_MODE | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER | \ + EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_FLAG_DEFAULT_ASN1 ) + +static const EVP_CIPHER aes_128_wrap = { + .nid = NID_id_aes128_wrap, + .block_size = 8, + .key_len = 16, + .iv_len = 8, + .flags = WRAP_FLAGS, + .init = aes_wrap_init_key, + .do_cipher = aes_wrap_cipher, + .cleanup = NULL, + .ctx_size = sizeof(EVP_AES_WRAP_CTX), + .set_asn1_parameters = NULL, + .get_asn1_parameters = NULL, + .ctrl = NULL, + .app_data = NULL, +}; + +const EVP_CIPHER * +EVP_aes_128_wrap(void) +{ + return &aes_128_wrap; +} + +static const EVP_CIPHER aes_192_wrap = { + .nid = NID_id_aes192_wrap, + .block_size = 8, + .key_len = 24, + .iv_len = 8, + .flags = WRAP_FLAGS, + .init = aes_wrap_init_key, + .do_cipher = aes_wrap_cipher, + .cleanup = NULL, + .ctx_size = sizeof(EVP_AES_WRAP_CTX), + .set_asn1_parameters = NULL, + .get_asn1_parameters = NULL, + .ctrl = NULL, + .app_data = NULL, +}; + +const EVP_CIPHER * +EVP_aes_192_wrap(void) +{ + return &aes_192_wrap; +} + +static const EVP_CIPHER aes_256_wrap = { + .nid = NID_id_aes256_wrap, + .block_size = 8, + .key_len = 32, + .iv_len = 8, + .flags = WRAP_FLAGS, + .init = aes_wrap_init_key, + .do_cipher = aes_wrap_cipher, + .cleanup = NULL, + .ctx_size = sizeof(EVP_AES_WRAP_CTX), + .set_asn1_parameters = NULL, + .get_asn1_parameters = NULL, + .ctrl = NULL, + .app_data = NULL, +}; + +const EVP_CIPHER * +EVP_aes_256_wrap(void) +{ + return &aes_256_wrap; +} + #endif diff --git a/src/lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c b/src/lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c new file mode 100644 index 00000000000..f25b927aeb1 --- /dev/null +++ b/src/lib/libcrypto/evp/e_aes_cbc_hmac_sha1.c @@ -0,0 +1,597 @@ +/* $OpenBSD: e_aes_cbc_hmac_sha1.c,v 1.14 2016/11/05 10:47:57 miod Exp $ */ +/* ==================================================================== + * Copyright (c) 2011-2013 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include +#include + +#include + +#if !defined(OPENSSL_NO_AES) && !defined(OPENSSL_NO_SHA1) + +#include +#include +#include +#include +#include "evp_locl.h" +#include "constant_time_locl.h" + +#define TLS1_1_VERSION 0x0302 + +typedef struct { + AES_KEY ks; + SHA_CTX head, tail, md; + size_t payload_length; /* AAD length in decrypt case */ + union { + unsigned int tls_ver; + unsigned char tls_aad[16]; /* 13 used */ + } aux; +} EVP_AES_HMAC_SHA1; + +#define NO_PAYLOAD_LENGTH ((size_t)-1) + +#if defined(AES_ASM) && ( \ + defined(__x86_64) || defined(__x86_64__) || \ + defined(_M_AMD64) || defined(_M_X64) || \ + defined(__INTEL__) ) + +#include "x86_arch.h" + +#if defined(__GNUC__) && __GNUC__>=2 +# define BSWAP(x) ({ unsigned int r=(x); asm ("bswapl %0":"=r"(r):"0"(r)); r; }) +#endif + +int aesni_set_encrypt_key(const unsigned char *userKey, int bits, AES_KEY *key); +int aesni_set_decrypt_key(const unsigned char *userKey, int bits, AES_KEY *key); + +void aesni_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, unsigned char *ivec, int enc); + +void aesni_cbc_sha1_enc (const void *inp, void *out, size_t blocks, + const AES_KEY *key, unsigned char iv[16], SHA_CTX *ctx, const void *in0); + +#define data(ctx) ((EVP_AES_HMAC_SHA1 *)(ctx)->cipher_data) + +static int +aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *inkey, + const unsigned char *iv, int enc) +{ + EVP_AES_HMAC_SHA1 *key = data(ctx); + int ret; + + if (enc) + ret = aesni_set_encrypt_key(inkey, ctx->key_len * 8, &key->ks); + else + ret = aesni_set_decrypt_key(inkey, ctx->key_len * 8, &key->ks); + + SHA1_Init(&key->head); /* handy when benchmarking */ + key->tail = key->head; + key->md = key->head; + + key->payload_length = NO_PAYLOAD_LENGTH; + + return ret < 0 ? 0 : 1; +} + +#define STITCHED_CALL + +#if !defined(STITCHED_CALL) +#define aes_off 0 +#endif + +void sha1_block_data_order (void *c, const void *p, size_t len); + +static void +sha1_update(SHA_CTX *c, const void *data, size_t len) +{ + const unsigned char *ptr = data; + size_t res; + + if ((res = c->num)) { + res = SHA_CBLOCK - res; + if (len < res) + res = len; + SHA1_Update(c, ptr, res); + ptr += res; + len -= res; + } + + res = len % SHA_CBLOCK; + len -= res; + + if (len) { + sha1_block_data_order(c, ptr, len / SHA_CBLOCK); + + ptr += len; + c->Nh += len >> 29; + c->Nl += len <<= 3; + if (c->Nl < (unsigned int)len) + c->Nh++; + } + + if (res) + SHA1_Update(c, ptr, res); +} + +#ifdef SHA1_Update +#undef SHA1_Update +#endif +#define SHA1_Update sha1_update + +static int +aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) +{ + EVP_AES_HMAC_SHA1 *key = data(ctx); + unsigned int l; + size_t plen = key->payload_length, + iv = 0, /* explicit IV in TLS 1.1 and later */ + sha_off = 0; +#if defined(STITCHED_CALL) + size_t aes_off = 0, blocks; + + sha_off = SHA_CBLOCK - key->md.num; +#endif + + key->payload_length = NO_PAYLOAD_LENGTH; + + if (len % AES_BLOCK_SIZE) + return 0; + + if (ctx->encrypt) { + if (plen == NO_PAYLOAD_LENGTH) + plen = len; + else if (len != ((plen + SHA_DIGEST_LENGTH + AES_BLOCK_SIZE) & + -AES_BLOCK_SIZE)) + return 0; + else if (key->aux.tls_ver >= TLS1_1_VERSION) + iv = AES_BLOCK_SIZE; + +#if defined(STITCHED_CALL) + if (plen > (sha_off + iv) && + (blocks = (plen - (sha_off + iv)) / SHA_CBLOCK)) { + SHA1_Update(&key->md, in + iv, sha_off); + + aesni_cbc_sha1_enc(in, out, blocks, &key->ks, + ctx->iv, &key->md, in + iv + sha_off); + blocks *= SHA_CBLOCK; + aes_off += blocks; + sha_off += blocks; + key->md.Nh += blocks >> 29; + key->md.Nl += blocks <<= 3; + if (key->md.Nl < (unsigned int)blocks) + key->md.Nh++; + } else { + sha_off = 0; + } +#endif + sha_off += iv; + SHA1_Update(&key->md, in + sha_off, plen - sha_off); + + if (plen != len) { /* "TLS" mode of operation */ + if (in != out) + memcpy(out + aes_off, in + aes_off, + plen - aes_off); + + /* calculate HMAC and append it to payload */ + SHA1_Final(out + plen, &key->md); + key->md = key->tail; + SHA1_Update(&key->md, out + plen, SHA_DIGEST_LENGTH); + SHA1_Final(out + plen, &key->md); + + /* pad the payload|hmac */ + plen += SHA_DIGEST_LENGTH; + for (l = len - plen - 1; plen < len; plen++) + out[plen] = l; + + /* encrypt HMAC|padding at once */ + aesni_cbc_encrypt(out + aes_off, out + aes_off, + len - aes_off, &key->ks, ctx->iv, 1); + } else { + aesni_cbc_encrypt(in + aes_off, out + aes_off, + len - aes_off, &key->ks, ctx->iv, 1); + } + } else { + union { + unsigned int u[SHA_DIGEST_LENGTH/sizeof(unsigned int)]; + unsigned char c[32 + SHA_DIGEST_LENGTH]; + } mac, *pmac; + + /* arrange cache line alignment */ + pmac = (void *)(((size_t)mac.c + 31) & ((size_t)0 - 32)); + + /* decrypt HMAC|padding at once */ + aesni_cbc_encrypt(in, out, len, &key->ks, ctx->iv, 0); + + if (plen) { /* "TLS" mode of operation */ + size_t inp_len, mask, j, i; + unsigned int res, maxpad, pad, bitlen; + int ret = 1; + union { + unsigned int u[SHA_LBLOCK]; + unsigned char c[SHA_CBLOCK]; + } + *data = (void *)key->md.data; + + if ((key->aux.tls_aad[plen - 4] << 8 | + key->aux.tls_aad[plen - 3]) >= TLS1_1_VERSION) + iv = AES_BLOCK_SIZE; + + if (len < (iv + SHA_DIGEST_LENGTH + 1)) + return 0; + + /* omit explicit iv */ + out += iv; + len -= iv; + + /* figure out payload length */ + pad = out[len - 1]; + maxpad = len - (SHA_DIGEST_LENGTH + 1); + maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8); + maxpad &= 255; + + ret &= constant_time_ge(maxpad, pad); + + inp_len = len - (SHA_DIGEST_LENGTH + pad + 1); + mask = (0 - ((inp_len - len) >> + (sizeof(inp_len) * 8 - 1))); + inp_len &= mask; + ret &= (int)mask; + + key->aux.tls_aad[plen - 2] = inp_len >> 8; + key->aux.tls_aad[plen - 1] = inp_len; + + /* calculate HMAC */ + key->md = key->head; + SHA1_Update(&key->md, key->aux.tls_aad, plen); + +#if 1 + len -= SHA_DIGEST_LENGTH; /* amend mac */ + if (len >= (256 + SHA_CBLOCK)) { + j = (len - (256 + SHA_CBLOCK)) & + (0 - SHA_CBLOCK); + j += SHA_CBLOCK - key->md.num; + SHA1_Update(&key->md, out, j); + out += j; + len -= j; + inp_len -= j; + } + + /* but pretend as if we hashed padded payload */ + bitlen = key->md.Nl + (inp_len << 3); /* at most 18 bits */ +#ifdef BSWAP + bitlen = BSWAP(bitlen); +#else + mac.c[0] = 0; + mac.c[1] = (unsigned char)(bitlen >> 16); + mac.c[2] = (unsigned char)(bitlen >> 8); + mac.c[3] = (unsigned char)bitlen; + bitlen = mac.u[0]; +#endif + + pmac->u[0] = 0; + pmac->u[1] = 0; + pmac->u[2] = 0; + pmac->u[3] = 0; + pmac->u[4] = 0; + + for (res = key->md.num, j = 0; j < len; j++) { + size_t c = out[j]; + mask = (j - inp_len) >> (sizeof(j) * 8 - 8); + c &= mask; + c |= 0x80 & ~mask & + ~((inp_len - j) >> (sizeof(j) * 8 - 8)); + data->c[res++] = (unsigned char)c; + + if (res != SHA_CBLOCK) + continue; + + /* j is not incremented yet */ + mask = 0 - ((inp_len + 7 - j) >> + (sizeof(j) * 8 - 1)); + data->u[SHA_LBLOCK - 1] |= bitlen&mask; + sha1_block_data_order(&key->md, data, 1); + mask &= 0 - ((j - inp_len - 72) >> + (sizeof(j) * 8 - 1)); + pmac->u[0] |= key->md.h0 & mask; + pmac->u[1] |= key->md.h1 & mask; + pmac->u[2] |= key->md.h2 & mask; + pmac->u[3] |= key->md.h3 & mask; + pmac->u[4] |= key->md.h4 & mask; + res = 0; + } + + for (i = res; i < SHA_CBLOCK; i++, j++) + data->c[i] = 0; + + if (res > SHA_CBLOCK - 8) { + mask = 0 - ((inp_len + 8 - j) >> + (sizeof(j) * 8 - 1)); + data->u[SHA_LBLOCK - 1] |= bitlen & mask; + sha1_block_data_order(&key->md, data, 1); + mask &= 0 - ((j - inp_len - 73) >> + (sizeof(j) * 8 - 1)); + pmac->u[0] |= key->md.h0 & mask; + pmac->u[1] |= key->md.h1 & mask; + pmac->u[2] |= key->md.h2 & mask; + pmac->u[3] |= key->md.h3 & mask; + pmac->u[4] |= key->md.h4 & mask; + + memset(data, 0, SHA_CBLOCK); + j += 64; + } + data->u[SHA_LBLOCK - 1] = bitlen; + sha1_block_data_order(&key->md, data, 1); + mask = 0 - ((j - inp_len - 73) >> (sizeof(j) * 8 - 1)); + pmac->u[0] |= key->md.h0 & mask; + pmac->u[1] |= key->md.h1 & mask; + pmac->u[2] |= key->md.h2 & mask; + pmac->u[3] |= key->md.h3 & mask; + pmac->u[4] |= key->md.h4 & mask; + +#ifdef BSWAP + pmac->u[0] = BSWAP(pmac->u[0]); + pmac->u[1] = BSWAP(pmac->u[1]); + pmac->u[2] = BSWAP(pmac->u[2]); + pmac->u[3] = BSWAP(pmac->u[3]); + pmac->u[4] = BSWAP(pmac->u[4]); +#else + for (i = 0; i < 5; i++) { + res = pmac->u[i]; + pmac->c[4 * i + 0] = (unsigned char)(res >> 24); + pmac->c[4 * i + 1] = (unsigned char)(res >> 16); + pmac->c[4 * i + 2] = (unsigned char)(res >> 8); + pmac->c[4 * i + 3] = (unsigned char)res; + } +#endif + len += SHA_DIGEST_LENGTH; +#else + SHA1_Update(&key->md, out, inp_len); + res = key->md.num; + SHA1_Final(pmac->c, &key->md); + + { + unsigned int inp_blocks, pad_blocks; + + /* but pretend as if we hashed padded payload */ + inp_blocks = 1 + ((SHA_CBLOCK - 9 - res) >> + (sizeof(res) * 8 - 1)); + res += (unsigned int)(len - inp_len); + pad_blocks = res / SHA_CBLOCK; + res %= SHA_CBLOCK; + pad_blocks += 1 + ((SHA_CBLOCK - 9 - res) >> + (sizeof(res) * 8 - 1)); + for (; inp_blocks < pad_blocks; inp_blocks++) + sha1_block_data_order(&key->md, + data, 1); + } +#endif + key->md = key->tail; + SHA1_Update(&key->md, pmac->c, SHA_DIGEST_LENGTH); + SHA1_Final(pmac->c, &key->md); + + /* verify HMAC */ + out += inp_len; + len -= inp_len; +#if 1 + { + unsigned char *p = + out + len - 1 - maxpad - SHA_DIGEST_LENGTH; + size_t off = out - p; + unsigned int c, cmask; + + maxpad += SHA_DIGEST_LENGTH; + for (res = 0, i = 0, j = 0; j < maxpad; j++) { + c = p[j]; + cmask = ((int)(j - off - + SHA_DIGEST_LENGTH)) >> + (sizeof(int) * 8 - 1); + res |= (c ^ pad) & ~cmask; /* ... and padding */ + cmask &= ((int)(off - 1 - j)) >> + (sizeof(int) * 8 - 1); + res |= (c ^ pmac->c[i]) & cmask; + i += 1 & cmask; + } + maxpad -= SHA_DIGEST_LENGTH; + + res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1)); + ret &= (int)~res; + } +#else + for (res = 0, i = 0; i < SHA_DIGEST_LENGTH; i++) + res |= out[i] ^ pmac->c[i]; + res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1)); + ret &= (int)~res; + + /* verify padding */ + pad = (pad & ~res) | (maxpad & res); + out = out + len - 1 - pad; + for (res = 0, i = 0; i < pad; i++) + res |= out[i] ^ pad; + + res = (0 - res) >> (sizeof(res) * 8 - 1); + ret &= (int)~res; +#endif + return ret; + } else { + SHA1_Update(&key->md, out, len); + } + } + + return 1; +} + +static int +aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) +{ + EVP_AES_HMAC_SHA1 *key = data(ctx); + + switch (type) { + case EVP_CTRL_AEAD_SET_MAC_KEY: + { + unsigned int i; + unsigned char hmac_key[64]; + + memset(hmac_key, 0, sizeof(hmac_key)); + + if (arg > (int)sizeof(hmac_key)) { + SHA1_Init(&key->head); + SHA1_Update(&key->head, ptr, arg); + SHA1_Final(hmac_key, &key->head); + } else { + memcpy(hmac_key, ptr, arg); + } + + for (i = 0; i < sizeof(hmac_key); i++) + hmac_key[i] ^= 0x36; /* ipad */ + SHA1_Init(&key->head); + SHA1_Update(&key->head, hmac_key, sizeof(hmac_key)); + + for (i = 0; i < sizeof(hmac_key); i++) + hmac_key[i] ^= 0x36 ^ 0x5c; /* opad */ + SHA1_Init(&key->tail); + SHA1_Update(&key->tail, hmac_key, sizeof(hmac_key)); + + explicit_bzero(hmac_key, sizeof(hmac_key)); + + return 1; + } + case EVP_CTRL_AEAD_TLS1_AAD: + { + unsigned char *p = ptr; + unsigned int len = p[arg - 2] << 8 | p[arg - 1]; + + if (ctx->encrypt) { + key->payload_length = len; + if ((key->aux.tls_ver = p[arg - 4] << 8 | + p[arg - 3]) >= TLS1_1_VERSION) { + len -= AES_BLOCK_SIZE; + p[arg - 2] = len >> 8; + p[arg - 1] = len; + } + key->md = key->head; + SHA1_Update(&key->md, p, arg); + + return (int)(((len + SHA_DIGEST_LENGTH + + AES_BLOCK_SIZE) & -AES_BLOCK_SIZE) - len); + } else { + if (arg > 13) + arg = 13; + memcpy(key->aux.tls_aad, ptr, arg); + key->payload_length = arg; + + return SHA_DIGEST_LENGTH; + } + } + default: + return -1; + } +} + +static EVP_CIPHER aesni_128_cbc_hmac_sha1_cipher = { +#ifdef NID_aes_128_cbc_hmac_sha1 + .nid = NID_aes_128_cbc_hmac_sha1, +#else + .nid = NID_undef, +#endif + .block_size = 16, + .key_len = 16, + .iv_len = 16, + .flags = EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 | + EVP_CIPH_FLAG_AEAD_CIPHER, + .init = aesni_cbc_hmac_sha1_init_key, + .do_cipher = aesni_cbc_hmac_sha1_cipher, + .ctx_size = sizeof(EVP_AES_HMAC_SHA1), + .ctrl = aesni_cbc_hmac_sha1_ctrl +}; + +static EVP_CIPHER aesni_256_cbc_hmac_sha1_cipher = { +#ifdef NID_aes_256_cbc_hmac_sha1 + .nid = NID_aes_256_cbc_hmac_sha1, +#else + .nid = NID_undef, +#endif + .block_size = 16, + .key_len = 32, + .iv_len = 16, + .flags = EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 | + EVP_CIPH_FLAG_AEAD_CIPHER, + .init = aesni_cbc_hmac_sha1_init_key, + .do_cipher = aesni_cbc_hmac_sha1_cipher, + .ctx_size = sizeof(EVP_AES_HMAC_SHA1), + .ctrl = aesni_cbc_hmac_sha1_ctrl +}; + +const EVP_CIPHER * +EVP_aes_128_cbc_hmac_sha1(void) +{ + return (OPENSSL_cpu_caps() & CPUCAP_MASK_AESNI) ? + &aesni_128_cbc_hmac_sha1_cipher : NULL; +} + +const EVP_CIPHER * +EVP_aes_256_cbc_hmac_sha1(void) +{ + return (OPENSSL_cpu_caps() & CPUCAP_MASK_AESNI) ? + &aesni_256_cbc_hmac_sha1_cipher : NULL; +} +#else +const EVP_CIPHER * +EVP_aes_128_cbc_hmac_sha1(void) +{ + return NULL; +} + +const EVP_CIPHER * +EVP_aes_256_cbc_hmac_sha1(void) +{ + return NULL; +} +#endif +#endif diff --git a/src/lib/libcrypto/evp/e_bf.c b/src/lib/libcrypto/evp/e_bf.c index e74337567b5..615c9bd7710 100644 --- a/src/lib/libcrypto/evp/e_bf.c +++ b/src/lib/libcrypto/evp/e_bf.c @@ -1,25 +1,25 @@ -/* crypto/evp/e_bf.c */ +/* $OpenBSD: e_bf.c,v 1.8 2014/07/11 08:44:48 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,40 +49,43 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_BF #include -#include "cryptlib.h" + +#include + +#ifndef OPENSSL_NO_BF + +#include #include -#include "evp_locl.h" #include -#include + +#include "evp_locl.h" static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); + const unsigned char *iv, int enc); -typedef struct - { +typedef struct { BF_KEY ks; - } EVP_BF_KEY; +} EVP_BF_KEY; #define data(ctx) EVP_C_DATA(EVP_BF_KEY,ctx) IMPLEMENT_BLOCK_CIPHER(bf, ks, BF, EVP_BF_KEY, NID_bf, 8, 16, 8, 64, - EVP_CIPH_VARIABLE_LENGTH, bf_init_key, NULL, - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) - -static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) - { - BF_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),key); - return 1; - } + EVP_CIPH_VARIABLE_LENGTH, bf_init_key, NULL, + EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) +static int +bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ + BF_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), key); + return 1; +} #endif diff --git a/src/lib/libcrypto/evp/e_camellia.c b/src/lib/libcrypto/evp/e_camellia.c new file mode 100644 index 00000000000..fd12cf9c500 --- /dev/null +++ b/src/lib/libcrypto/evp/e_camellia.c @@ -0,0 +1,123 @@ +/* $OpenBSD: e_camellia.c,v 1.8 2017/01/29 17:49:23 beck Exp $ */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include + +#include + +#ifndef OPENSSL_NO_CAMELLIA +#include +#include +#include +#include "evp_locl.h" + +static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc); + +/* Camellia subkey Structure */ +typedef struct { + CAMELLIA_KEY ks; +} EVP_CAMELLIA_KEY; + +/* Attribute operation for Camellia */ +#define data(ctx) EVP_C_DATA(EVP_CAMELLIA_KEY,ctx) + +IMPLEMENT_BLOCK_CIPHER(camellia_128, ks, Camellia, EVP_CAMELLIA_KEY, + NID_camellia_128, 16, 16, 16, 128, + 0, camellia_init_key, NULL, + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + NULL) +IMPLEMENT_BLOCK_CIPHER(camellia_192, ks, Camellia, EVP_CAMELLIA_KEY, + NID_camellia_192, 16, 24, 16, 128, + 0, camellia_init_key, NULL, + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + NULL) +IMPLEMENT_BLOCK_CIPHER(camellia_256, ks, Camellia, EVP_CAMELLIA_KEY, + NID_camellia_256, 16, 32, 16, 128, + 0, camellia_init_key, NULL, + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + NULL) + +#define IMPLEMENT_CAMELLIA_CFBR(ksize,cbits) IMPLEMENT_CFBR(camellia,Camellia,EVP_CAMELLIA_KEY,ks,ksize,cbits,16) + +IMPLEMENT_CAMELLIA_CFBR(128, 1) +IMPLEMENT_CAMELLIA_CFBR(192, 1) +IMPLEMENT_CAMELLIA_CFBR(256, 1) + +IMPLEMENT_CAMELLIA_CFBR(128, 8) +IMPLEMENT_CAMELLIA_CFBR(192, 8) +IMPLEMENT_CAMELLIA_CFBR(256, 8) + + +/* The subkey for Camellia is generated. */ +static int +camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ + int ret; + + ret = Camellia_set_key(key, ctx->key_len * 8, ctx->cipher_data); + + if (ret < 0) { + EVPerror(EVP_R_CAMELLIA_KEY_SETUP_FAILED); + return 0; + } + + return 1; +} +#endif diff --git a/src/lib/libcrypto/evp/e_cast.c b/src/lib/libcrypto/evp/e_cast.c index 3400fef187f..707daa96564 100644 --- a/src/lib/libcrypto/evp/e_cast.c +++ b/src/lib/libcrypto/evp/e_cast.c @@ -1,25 +1,25 @@ -/* crypto/evp/e_cast.c */ +/* $OpenBSD: e_cast.c,v 1.7 2014/07/11 08:44:48 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,42 +49,44 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ +#include + +#include + #ifndef OPENSSL_NO_CAST -#include -#include "cryptlib.h" +#include #include #include + #include "evp_locl.h" -#include static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv,int enc); + const unsigned char *iv, int enc); -typedef struct - { +typedef struct { CAST_KEY ks; - } EVP_CAST_KEY; +} EVP_CAST_KEY; #define data(ctx) EVP_C_DATA(EVP_CAST_KEY,ctx) -IMPLEMENT_BLOCK_CIPHER(cast5, ks, CAST, EVP_CAST_KEY, - NID_cast5, 8, CAST_KEY_LENGTH, 8, 64, - EVP_CIPH_VARIABLE_LENGTH, cast_init_key, NULL, - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) - -static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) - { - CAST_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),key); - return 1; - } +IMPLEMENT_BLOCK_CIPHER(cast5, ks, CAST, EVP_CAST_KEY, + NID_cast5, 8, CAST_KEY_LENGTH, 8, 64, + EVP_CIPH_VARIABLE_LENGTH, cast_init_key, NULL, + EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) +static int +cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ + CAST_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), key); + return 1; +} #endif diff --git a/src/lib/libcrypto/evp/e_chacha.c b/src/lib/libcrypto/evp/e_chacha.c new file mode 100644 index 00000000000..b63f586bba8 --- /dev/null +++ b/src/lib/libcrypto/evp/e_chacha.c @@ -0,0 +1,69 @@ +/* $OpenBSD: e_chacha.c,v 1.5 2014/08/04 04:16:11 miod Exp $ */ +/* + * Copyright (c) 2014 Joel Sing + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#ifndef OPENSSL_NO_CHACHA + +#include +#include +#include + +#include "evp_locl.h" + +static int chacha_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len); +static int chacha_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc); + +static const EVP_CIPHER chacha20_cipher = { + .nid = NID_chacha20, + .block_size = 1, + .key_len = 32, + .iv_len = 8, + .flags = EVP_CIPH_STREAM_CIPHER, + .init = chacha_init, + .do_cipher = chacha_cipher, + .ctx_size = sizeof(ChaCha_ctx) +}; + +const EVP_CIPHER * +EVP_chacha20(void) +{ + return (&chacha20_cipher); +} + +static int +chacha_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ + ChaCha_set_key((ChaCha_ctx *)ctx->cipher_data, key, + EVP_CIPHER_CTX_key_length(ctx) * 8); + if (iv != NULL) + ChaCha_set_iv((ChaCha_ctx *)ctx->cipher_data, iv, NULL); + return 1; +} + +static int +chacha_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, + size_t len) +{ + ChaCha((ChaCha_ctx *)ctx->cipher_data, out, in, len); + return 1; +} + +#endif diff --git a/src/lib/libcrypto/evp/e_chacha20poly1305.c b/src/lib/libcrypto/evp/e_chacha20poly1305.c new file mode 100644 index 00000000000..2b9e7b11884 --- /dev/null +++ b/src/lib/libcrypto/evp/e_chacha20poly1305.c @@ -0,0 +1,389 @@ +/* $OpenBSD: e_chacha20poly1305.c,v 1.20 2019/03/24 12:04:12 jsing Exp $ */ + +/* + * Copyright (c) 2015 Reyk Floter + * Copyright (c) 2014, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include + +#include + +#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) + +#include +#include +#include +#include + +#include "evp_locl.h" + +#define POLY1305_TAG_LEN 16 + +#define CHACHA20_CONSTANT_LEN 4 +#define CHACHA20_IV_LEN 8 +#define CHACHA20_NONCE_LEN (CHACHA20_CONSTANT_LEN + CHACHA20_IV_LEN) +#define XCHACHA20_NONCE_LEN 24 + +struct aead_chacha20_poly1305_ctx { + unsigned char key[32]; + unsigned char tag_len; +}; + +static int +aead_chacha20_poly1305_init(EVP_AEAD_CTX *ctx, const unsigned char *key, + size_t key_len, size_t tag_len) +{ + struct aead_chacha20_poly1305_ctx *c20_ctx; + + if (tag_len == 0) + tag_len = POLY1305_TAG_LEN; + + if (tag_len > POLY1305_TAG_LEN) { + EVPerror(EVP_R_TOO_LARGE); + return 0; + } + + /* Internal error - EVP_AEAD_CTX_init should catch this. */ + if (key_len != sizeof(c20_ctx->key)) + return 0; + + c20_ctx = malloc(sizeof(struct aead_chacha20_poly1305_ctx)); + if (c20_ctx == NULL) + return 0; + + memcpy(&c20_ctx->key[0], key, key_len); + c20_ctx->tag_len = tag_len; + ctx->aead_state = c20_ctx; + + return 1; +} + +static void +aead_chacha20_poly1305_cleanup(EVP_AEAD_CTX *ctx) +{ + struct aead_chacha20_poly1305_ctx *c20_ctx = ctx->aead_state; + + freezero(c20_ctx, sizeof(*c20_ctx)); +} + +static void +poly1305_update_with_length(poly1305_state *poly1305, + const unsigned char *data, size_t data_len) +{ + size_t j = data_len; + unsigned char length_bytes[8]; + unsigned i; + + for (i = 0; i < sizeof(length_bytes); i++) { + length_bytes[i] = j; + j >>= 8; + } + + if (data != NULL) + CRYPTO_poly1305_update(poly1305, data, data_len); + CRYPTO_poly1305_update(poly1305, length_bytes, sizeof(length_bytes)); +} + +static void +poly1305_update_with_pad16(poly1305_state *poly1305, + const unsigned char *data, size_t data_len) +{ + static const unsigned char zero_pad16[16]; + size_t pad_len; + + CRYPTO_poly1305_update(poly1305, data, data_len); + + /* pad16() is defined in RFC 7539 2.8.1. */ + if ((pad_len = data_len % 16) == 0) + return; + + CRYPTO_poly1305_update(poly1305, zero_pad16, 16 - pad_len); +} + +static int +aead_chacha20_poly1305_seal(const EVP_AEAD_CTX *ctx, unsigned char *out, + size_t *out_len, size_t max_out_len, const unsigned char *nonce, + size_t nonce_len, const unsigned char *in, size_t in_len, + const unsigned char *ad, size_t ad_len) +{ + const struct aead_chacha20_poly1305_ctx *c20_ctx = ctx->aead_state; + unsigned char poly1305_key[32]; + poly1305_state poly1305; + const unsigned char *iv; + const uint64_t in_len_64 = in_len; + uint64_t ctr; + + /* The underlying ChaCha implementation may not overflow the block + * counter into the second counter word. Therefore we disallow + * individual operations that work on more than 2TB at a time. + * in_len_64 is needed because, on 32-bit platforms, size_t is only + * 32-bits and this produces a warning because it's always false. + * Casting to uint64_t inside the conditional is not sufficient to stop + * the warning. */ + if (in_len_64 >= (1ULL << 32) * 64 - 64) { + EVPerror(EVP_R_TOO_LARGE); + return 0; + } + + if (max_out_len < in_len + c20_ctx->tag_len) { + EVPerror(EVP_R_BUFFER_TOO_SMALL); + return 0; + } + + if (nonce_len != ctx->aead->nonce_len) { + EVPerror(EVP_R_IV_TOO_LARGE); + return 0; + } + + ctr = (uint64_t)((uint32_t)(nonce[0]) | (uint32_t)(nonce[1]) << 8 | + (uint32_t)(nonce[2]) << 16 | (uint32_t)(nonce[3]) << 24) << 32; + iv = nonce + CHACHA20_CONSTANT_LEN; + + memset(poly1305_key, 0, sizeof(poly1305_key)); + CRYPTO_chacha_20(poly1305_key, poly1305_key, + sizeof(poly1305_key), c20_ctx->key, iv, ctr); + + CRYPTO_poly1305_init(&poly1305, poly1305_key); + poly1305_update_with_pad16(&poly1305, ad, ad_len); + CRYPTO_chacha_20(out, in, in_len, c20_ctx->key, iv, ctr + 1); + poly1305_update_with_pad16(&poly1305, out, in_len); + poly1305_update_with_length(&poly1305, NULL, ad_len); + poly1305_update_with_length(&poly1305, NULL, in_len); + + if (c20_ctx->tag_len != POLY1305_TAG_LEN) { + unsigned char tag[POLY1305_TAG_LEN]; + CRYPTO_poly1305_finish(&poly1305, tag); + memcpy(out + in_len, tag, c20_ctx->tag_len); + *out_len = in_len + c20_ctx->tag_len; + return 1; + } + + CRYPTO_poly1305_finish(&poly1305, out + in_len); + *out_len = in_len + POLY1305_TAG_LEN; + return 1; +} + +static int +aead_chacha20_poly1305_open(const EVP_AEAD_CTX *ctx, unsigned char *out, + size_t *out_len, size_t max_out_len, const unsigned char *nonce, + size_t nonce_len, const unsigned char *in, size_t in_len, + const unsigned char *ad, size_t ad_len) +{ + const struct aead_chacha20_poly1305_ctx *c20_ctx = ctx->aead_state; + unsigned char mac[POLY1305_TAG_LEN]; + unsigned char poly1305_key[32]; + const unsigned char *iv = nonce; + poly1305_state poly1305; + const uint64_t in_len_64 = in_len; + size_t plaintext_len; + uint64_t ctr = 0; + + if (in_len < c20_ctx->tag_len) { + EVPerror(EVP_R_BAD_DECRYPT); + return 0; + } + + /* The underlying ChaCha implementation may not overflow the block + * counter into the second counter word. Therefore we disallow + * individual operations that work on more than 2TB at a time. + * in_len_64 is needed because, on 32-bit platforms, size_t is only + * 32-bits and this produces a warning because it's always false. + * Casting to uint64_t inside the conditional is not sufficient to stop + * the warning. */ + if (in_len_64 >= (1ULL << 32) * 64 - 64) { + EVPerror(EVP_R_TOO_LARGE); + return 0; + } + + if (nonce_len != ctx->aead->nonce_len) { + EVPerror(EVP_R_IV_TOO_LARGE); + return 0; + } + + plaintext_len = in_len - c20_ctx->tag_len; + + if (max_out_len < plaintext_len) { + EVPerror(EVP_R_BUFFER_TOO_SMALL); + return 0; + } + + ctr = (uint64_t)(nonce[0] | nonce[1] << 8 | + nonce[2] << 16 | nonce[3] << 24) << 32; + iv = nonce + CHACHA20_CONSTANT_LEN; + + memset(poly1305_key, 0, sizeof(poly1305_key)); + CRYPTO_chacha_20(poly1305_key, poly1305_key, + sizeof(poly1305_key), c20_ctx->key, iv, ctr); + + CRYPTO_poly1305_init(&poly1305, poly1305_key); + poly1305_update_with_pad16(&poly1305, ad, ad_len); + poly1305_update_with_pad16(&poly1305, in, plaintext_len); + poly1305_update_with_length(&poly1305, NULL, ad_len); + poly1305_update_with_length(&poly1305, NULL, plaintext_len); + + CRYPTO_poly1305_finish(&poly1305, mac); + + if (timingsafe_memcmp(mac, in + plaintext_len, c20_ctx->tag_len) != 0) { + EVPerror(EVP_R_BAD_DECRYPT); + return 0; + } + + CRYPTO_chacha_20(out, in, plaintext_len, c20_ctx->key, iv, ctr + 1); + *out_len = plaintext_len; + return 1; +} + +static int +aead_xchacha20_poly1305_seal(const EVP_AEAD_CTX *ctx, unsigned char *out, + size_t *out_len, size_t max_out_len, const unsigned char *nonce, + size_t nonce_len, const unsigned char *in, size_t in_len, + const unsigned char *ad, size_t ad_len) +{ + const struct aead_chacha20_poly1305_ctx *c20_ctx = ctx->aead_state; + unsigned char poly1305_key[32]; + unsigned char subkey[32]; + poly1305_state poly1305; + + if (max_out_len < in_len + c20_ctx->tag_len) { + EVPerror(EVP_R_BUFFER_TOO_SMALL); + return 0; + } + + if (nonce_len != ctx->aead->nonce_len) { + EVPerror(EVP_R_IV_TOO_LARGE); + return 0; + } + + CRYPTO_hchacha_20(subkey, c20_ctx->key, nonce); + + CRYPTO_chacha_20(out, in, in_len, subkey, nonce + 16, 1); + + memset(poly1305_key, 0, sizeof(poly1305_key)); + CRYPTO_chacha_20(poly1305_key, poly1305_key, sizeof(poly1305_key), + subkey, nonce + 16, 0); + + CRYPTO_poly1305_init(&poly1305, poly1305_key); + poly1305_update_with_pad16(&poly1305, ad, ad_len); + poly1305_update_with_pad16(&poly1305, out, in_len); + poly1305_update_with_length(&poly1305, NULL, ad_len); + poly1305_update_with_length(&poly1305, NULL, in_len); + + if (c20_ctx->tag_len != POLY1305_TAG_LEN) { + unsigned char tag[POLY1305_TAG_LEN]; + CRYPTO_poly1305_finish(&poly1305, tag); + memcpy(out + in_len, tag, c20_ctx->tag_len); + *out_len = in_len + c20_ctx->tag_len; + return 1; + } + + CRYPTO_poly1305_finish(&poly1305, out + in_len); + *out_len = in_len + POLY1305_TAG_LEN; + return 1; +} + +static int +aead_xchacha20_poly1305_open(const EVP_AEAD_CTX *ctx, unsigned char *out, + size_t *out_len, size_t max_out_len, const unsigned char *nonce, + size_t nonce_len, const unsigned char *in, size_t in_len, + const unsigned char *ad, size_t ad_len) +{ + const struct aead_chacha20_poly1305_ctx *c20_ctx = ctx->aead_state; + unsigned char mac[POLY1305_TAG_LEN]; + unsigned char poly1305_key[32]; + unsigned char subkey[32]; + poly1305_state poly1305; + size_t plaintext_len; + + if (in_len < c20_ctx->tag_len) { + EVPerror(EVP_R_BAD_DECRYPT); + return 0; + } + + if (nonce_len != ctx->aead->nonce_len) { + EVPerror(EVP_R_IV_TOO_LARGE); + return 0; + } + + plaintext_len = in_len - c20_ctx->tag_len; + + if (max_out_len < plaintext_len) { + EVPerror(EVP_R_BUFFER_TOO_SMALL); + return 0; + } + + CRYPTO_hchacha_20(subkey, c20_ctx->key, nonce); + + memset(poly1305_key, 0, sizeof(poly1305_key)); + CRYPTO_chacha_20(poly1305_key, poly1305_key, sizeof(poly1305_key), + subkey, nonce + 16, 0); + + CRYPTO_poly1305_init(&poly1305, poly1305_key); + poly1305_update_with_pad16(&poly1305, ad, ad_len); + poly1305_update_with_pad16(&poly1305, in, plaintext_len); + poly1305_update_with_length(&poly1305, NULL, ad_len); + poly1305_update_with_length(&poly1305, NULL, plaintext_len); + + CRYPTO_poly1305_finish(&poly1305, mac); + if (timingsafe_memcmp(mac, in + plaintext_len, c20_ctx->tag_len) != 0) { + EVPerror(EVP_R_BAD_DECRYPT); + return 0; + } + + CRYPTO_chacha_20(out, in, plaintext_len, subkey, nonce + 16, 1); + + *out_len = plaintext_len; + return 1; +} + +/* RFC 7539 */ +static const EVP_AEAD aead_chacha20_poly1305 = { + .key_len = 32, + .nonce_len = CHACHA20_NONCE_LEN, + .overhead = POLY1305_TAG_LEN, + .max_tag_len = POLY1305_TAG_LEN, + + .init = aead_chacha20_poly1305_init, + .cleanup = aead_chacha20_poly1305_cleanup, + .seal = aead_chacha20_poly1305_seal, + .open = aead_chacha20_poly1305_open, +}; + +const EVP_AEAD * +EVP_aead_chacha20_poly1305() +{ + return &aead_chacha20_poly1305; +} + +static const EVP_AEAD aead_xchacha20_poly1305 = { + .key_len = 32, + .nonce_len = XCHACHA20_NONCE_LEN, + .overhead = POLY1305_TAG_LEN, + .max_tag_len = POLY1305_TAG_LEN, + + .init = aead_chacha20_poly1305_init, + .cleanup = aead_chacha20_poly1305_cleanup, + .seal = aead_xchacha20_poly1305_seal, + .open = aead_xchacha20_poly1305_open, +}; + +const EVP_AEAD * +EVP_aead_xchacha20_poly1305() +{ + return &aead_xchacha20_poly1305; +} + +#endif /* !OPENSSL_NO_CHACHA && !OPENSSL_NO_POLY1305 */ diff --git a/src/lib/libcrypto/evp/e_des.c b/src/lib/libcrypto/evp/e_des.c index 105266a4b36..ad91720ff1c 100644 --- a/src/lib/libcrypto/evp/e_des.c +++ b/src/lib/libcrypto/evp/e_des.c @@ -1,25 +1,25 @@ -/* crypto/evp/e_des.c */ +/* $OpenBSD: e_des.c,v 1.14 2015/10/12 06:05:52 guenther Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,71 +49,178 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_DES #include -#include "cryptlib.h" + +#include + +#ifndef OPENSSL_NO_DES + #include +#include #include + #include "evp_locl.h" -#include static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); + const unsigned char *iv, int enc); +static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); /* Because of various casts and different names can't use IMPLEMENT_BLOCK_CIPHER */ -static int des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl) +static int +des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl) { BLOCK_CIPHER_ecb_loop() - DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i), ctx->cipher_data, ctx->encrypt); + DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i), + ctx->cipher_data, ctx->encrypt); return 1; } -static int des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl) +static int +des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl) { - DES_ofb64_encrypt(in, out, (long)inl, ctx->cipher_data, (DES_cblock *)ctx->iv, &ctx->num); + while (inl >= EVP_MAXCHUNK) { + DES_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data, + (DES_cblock *)ctx->iv, &ctx->num); + inl -= EVP_MAXCHUNK; + in += EVP_MAXCHUNK; + out += EVP_MAXCHUNK; + } + if (inl) + DES_ofb64_encrypt(in, out, (long)inl, ctx->cipher_data, + (DES_cblock *)ctx->iv, &ctx->num); return 1; } -static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl) +static int +des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl) { - DES_ncbc_encrypt(in, out, (long)inl, ctx->cipher_data, - (DES_cblock *)ctx->iv, ctx->encrypt); + while (inl >= EVP_MAXCHUNK) { + DES_ncbc_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data, + (DES_cblock *)ctx->iv, ctx->encrypt); + inl -= EVP_MAXCHUNK; + in += EVP_MAXCHUNK; + out += EVP_MAXCHUNK; + } + if (inl) + DES_ncbc_encrypt(in, out, (long)inl, ctx->cipher_data, + (DES_cblock *)ctx->iv, ctx->encrypt); return 1; } -static int des_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl) +static int +des_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl) { - DES_cfb64_encrypt(in, out, (long)inl, ctx->cipher_data, - (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt); + while (inl >= EVP_MAXCHUNK) { + DES_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK, ctx->cipher_data, + (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt); + inl -= EVP_MAXCHUNK; + in += EVP_MAXCHUNK; + out += EVP_MAXCHUNK; + } + if (inl) + DES_cfb64_encrypt(in, out, (long)inl, ctx->cipher_data, + (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt); + return 1; +} + +/* Although we have a CFB-r implementation for DES, it doesn't pack the right + way, so wrap it here */ +static int +des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl) +{ + size_t n, chunk = EVP_MAXCHUNK/8; + unsigned char c[1], d[1]; + + if (inl < chunk) + chunk = inl; + + while (inl && inl >= chunk) { + for (n = 0; n < chunk*8; ++n) { + c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0; + DES_cfb_encrypt(c, d, 1, 1, ctx->cipher_data, + (DES_cblock *)ctx->iv, ctx->encrypt); + out[n / 8] = (out[n / 8] & + ~(0x80 >> (unsigned int)(n % 8))) | + ((d[0] & 0x80) >> (unsigned int)(n % 8)); + } + inl -= chunk; + in += chunk; + out += chunk; + if (inl < chunk) + chunk = inl; + } + + return 1; +} + +static int +des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl) +{ + while (inl >= EVP_MAXCHUNK) { + DES_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK, + ctx->cipher_data, (DES_cblock *)ctx->iv, ctx->encrypt); + inl -= EVP_MAXCHUNK; + in += EVP_MAXCHUNK; + out += EVP_MAXCHUNK; + } + if (inl) + DES_cfb_encrypt(in, out, 8, (long)inl, ctx->cipher_data, + (DES_cblock *)ctx->iv, ctx->encrypt); return 1; } BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64, - 0, des_init_key, NULL, - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL) + EVP_CIPH_RAND_KEY, des_init_key, NULL, + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + des_ctrl) +BLOCK_CIPHER_def_cfb(des, DES_key_schedule, NID_des, 8, 8, 1, + EVP_CIPH_RAND_KEY, des_init_key, NULL, + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, des_ctrl) -static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) - { +BLOCK_CIPHER_def_cfb(des, DES_key_schedule, NID_des, 8, 8, 8, + EVP_CIPH_RAND_KEY, des_init_key, NULL, + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, des_ctrl) + +static int +des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ DES_cblock *deskey = (DES_cblock *)key; - DES_set_key_unchecked(deskey,ctx->cipher_data); + DES_set_key_unchecked(deskey, ctx->cipher_data); return 1; +} + +static int +des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) +{ + switch (type) { + case EVP_CTRL_RAND_KEY: + if (DES_random_key((DES_cblock *)ptr) == 0) + return 0; + return 1; + + default: + return -1; } +} #endif diff --git a/src/lib/libcrypto/evp/e_des3.c b/src/lib/libcrypto/evp/e_des3.c index 077860e7b61..3cb95a8e22b 100644 --- a/src/lib/libcrypto/evp/e_des3.c +++ b/src/lib/libcrypto/evp/e_des3.c @@ -1,25 +1,25 @@ -/* crypto/evp/e_des3.c */ +/* $OpenBSD: e_des3.c,v 1.19 2015/10/12 06:05:52 guenther Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,144 +49,235 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_DES #include -#include "cryptlib.h" +#include + +#include + +#ifndef OPENSSL_NO_DES + +#include #include #include + #include "evp_locl.h" -#include static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv,int enc); + const unsigned char *iv, int enc); static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv,int enc); + const unsigned char *iv, int enc); + +static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); -typedef struct - { +typedef struct { DES_key_schedule ks1;/* key schedule */ DES_key_schedule ks2;/* key schedule (for ede) */ DES_key_schedule ks3;/* key schedule (for ede3) */ - } DES_EDE_KEY; +} DES_EDE_KEY; #define data(ctx) ((DES_EDE_KEY *)(ctx)->cipher_data) /* Because of various casts and different args can't use IMPLEMENT_BLOCK_CIPHER */ -static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl) +static int +des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl) { BLOCK_CIPHER_ecb_loop() - DES_ecb3_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i), - &data(ctx)->ks1, &data(ctx)->ks2, - &data(ctx)->ks3, - ctx->encrypt); + DES_ecb3_encrypt((const_DES_cblock *)(in + i), (DES_cblock *)(out + i), + &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, ctx->encrypt); + return 1; +} + +static int +des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl) +{ + while (inl >= EVP_MAXCHUNK) { + DES_ede3_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK, + &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, + (DES_cblock *)ctx->iv, &ctx->num); + inl -= EVP_MAXCHUNK; + in += EVP_MAXCHUNK; + out += EVP_MAXCHUNK; + } + if (inl) + DES_ede3_ofb64_encrypt(in, out, (long)inl, + &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, + (DES_cblock *)ctx->iv, &ctx->num); + + return 1; +} + +static int +des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl) +{ + while (inl >= EVP_MAXCHUNK) { + DES_ede3_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, + &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, + (DES_cblock *)ctx->iv, ctx->encrypt); + inl -= EVP_MAXCHUNK; + in += EVP_MAXCHUNK; + out += EVP_MAXCHUNK; + } + if (inl) + DES_ede3_cbc_encrypt(in, out, (long)inl, + &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, + (DES_cblock *)ctx->iv, ctx->encrypt); return 1; } -static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl) +static int +des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl) { - DES_ede3_ofb64_encrypt(in, out, (long)inl, - &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, - (DES_cblock *)ctx->iv, &ctx->num); + while (inl >= EVP_MAXCHUNK) { + DES_ede3_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK, + &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, + (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt); + inl -= EVP_MAXCHUNK; + in += EVP_MAXCHUNK; + out += EVP_MAXCHUNK; + } + if (inl) + DES_ede3_cfb64_encrypt(in, out, (long)inl, + &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, + (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt); return 1; } -static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl) +/* Although we have a CFB-r implementation for 3-DES, it doesn't pack the right + way, so wrap it here */ +static int +des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl) { -#ifdef KSSL_DEBUG - { - int i; - char *cp; - printf("des_ede_cbc_cipher(ctx=%lx, buflen=%d)\n", ctx, ctx->buf_len); - printf("\t iv= "); - for(i=0;i<8;i++) - printf("%02X",ctx->iv[i]); - printf("\n"); + size_t n; + unsigned char c[1], d[1]; + + for (n = 0; n < inl; ++n) { + c[0] = (in[n/8]&(1 << (7 - n % 8))) ? 0x80 : 0; + DES_ede3_cfb_encrypt(c, d, 1, 1, + &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, + (DES_cblock *)ctx->iv, ctx->encrypt); + out[n / 8] = (out[n / 8] & ~(0x80 >> (unsigned int)(n % 8))) | + ((d[0] & 0x80) >> (unsigned int)(n % 8)); } -#endif /* KSSL_DEBUG */ - DES_ede3_cbc_encrypt(in, out, (long)inl, - &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, - (DES_cblock *)ctx->iv, ctx->encrypt); + return 1; } -static int des_ede_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl) +static int +des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl) { - DES_ede3_cfb64_encrypt(in, out, (long)inl, - &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, - (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt); + while (inl >= EVP_MAXCHUNK) { + DES_ede3_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK, + &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, + (DES_cblock *)ctx->iv, ctx->encrypt); + inl -= EVP_MAXCHUNK; + in += EVP_MAXCHUNK; + out += EVP_MAXCHUNK; + } + if (inl) + DES_ede3_cfb_encrypt(in, out, 8, (long)inl, + &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, + (DES_cblock *)ctx->iv, ctx->encrypt); return 1; } BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64, - 0, des_ede_init_key, NULL, - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL) + EVP_CIPH_RAND_KEY, des_ede_init_key, NULL, + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + des3_ctrl) -#define des_ede3_cfb_cipher des_ede_cfb_cipher +#define des_ede3_cfb64_cipher des_ede_cfb64_cipher #define des_ede3_ofb_cipher des_ede_ofb_cipher #define des_ede3_cbc_cipher des_ede_cbc_cipher #define des_ede3_ecb_cipher des_ede_ecb_cipher BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64, - 0, des_ede3_init_key, NULL, - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL) + EVP_CIPH_RAND_KEY, des_ede3_init_key, NULL, + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + des3_ctrl) -static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) - { +BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 1, + EVP_CIPH_RAND_KEY, des_ede3_init_key, NULL, + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + des3_ctrl) + +BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 8, + EVP_CIPH_RAND_KEY, des_ede3_init_key, NULL, + EVP_CIPHER_set_asn1_iv, + EVP_CIPHER_get_asn1_iv, + des3_ctrl) + +static int +des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ DES_cblock *deskey = (DES_cblock *)key; - DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1); - DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2); - memcpy(&data(ctx)->ks3,&data(ctx)->ks1, - sizeof(data(ctx)->ks1)); + DES_set_key_unchecked(&deskey[0], &data(ctx)->ks1); + DES_set_key_unchecked(&deskey[1], &data(ctx)->ks2); + memcpy(&data(ctx)->ks3, &data(ctx)->ks1, + sizeof(data(ctx)->ks1)); return 1; - } +} -static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) - { +static int +des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ DES_cblock *deskey = (DES_cblock *)key; -#ifdef KSSL_DEBUG - { - int i; - printf("des_ede3_init_key(ctx=%lx)\n", ctx); - printf("\tKEY= "); - for(i=0;i<24;i++) printf("%02X",key[i]); printf("\n"); - printf("\t IV= "); - for(i=0;i<8;i++) printf("%02X",iv[i]); printf("\n"); - } -#endif /* KSSL_DEBUG */ - DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1); - DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2); - DES_set_key_unchecked(&deskey[2],&data(ctx)->ks3); + DES_set_key_unchecked(&deskey[0], &data(ctx)->ks1); + DES_set_key_unchecked(&deskey[1], &data(ctx)->ks2); + DES_set_key_unchecked(&deskey[2], &data(ctx)->ks3); return 1; +} + +static int +des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) +{ + DES_cblock *deskey = ptr; + + switch (type) { + case EVP_CTRL_RAND_KEY: + if (DES_random_key(deskey) == 0) + return 0; + if (c->key_len >= 16 && DES_random_key(deskey + 1) == 0) + return 0; + if (c->key_len >= 24 && DES_random_key(deskey + 2) == 0) + return 0; + return 1; + + default: + return -1; } +} -const EVP_CIPHER *EVP_des_ede(void) +const EVP_CIPHER * +EVP_des_ede(void) { return &des_ede_ecb; } -const EVP_CIPHER *EVP_des_ede3(void) +const EVP_CIPHER * +EVP_des_ede3(void) { return &des_ede3_ecb; } diff --git a/src/lib/libcrypto/evp/e_dsa.c b/src/lib/libcrypto/evp/e_dsa.c deleted file mode 100644 index b96f2738b3e..00000000000 --- a/src/lib/libcrypto/evp/e_dsa.c +++ /dev/null @@ -1,71 +0,0 @@ -/* crypto/evp/e_dsa.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include "cryptlib.h" -#include -#include -#include - -static EVP_PKEY_METHOD dss_method= - { - DSA_sign, - DSA_verify, - {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3,NULL}, - }; - diff --git a/src/lib/libcrypto/evp/e_gost2814789.c b/src/lib/libcrypto/evp/e_gost2814789.c new file mode 100644 index 00000000000..730de4fed1d --- /dev/null +++ b/src/lib/libcrypto/evp/e_gost2814789.c @@ -0,0 +1,225 @@ +/* $OpenBSD: e_gost2814789.c,v 1.4 2017/01/29 17:49:23 beck Exp $ */ +/* + * Copyright (c) 2014 Dmitry Eremin-Solenikov + * Copyright (c) 2005-2006 Cryptocom LTD + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ +#include + +#include + +#ifndef OPENSSL_NO_GOST +#include +#include +#include +#include "evp_locl.h" + +typedef struct { + GOST2814789_KEY ks; + int param_nid; +} EVP_GOST2814789_CTX; + +static int +gost2814789_ctl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) +{ + EVP_GOST2814789_CTX *c = ctx->cipher_data; + + switch (type) { + case EVP_CTRL_PBE_PRF_NID: + if (ptr != NULL) { + *((int *)ptr) = NID_id_HMACGostR3411_94; + return 1; + } else { + return 0; + } + case EVP_CTRL_INIT: + /* Default value to have any s-box set at all */ + c->param_nid = NID_id_Gost28147_89_CryptoPro_A_ParamSet; + return Gost2814789_set_sbox(&c->ks, c->param_nid); + case EVP_CTRL_GOST_SET_SBOX: + return Gost2814789_set_sbox(&c->ks, arg); + default: + return -1; + } +} + +static int +gost2814789_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ + EVP_GOST2814789_CTX *c = ctx->cipher_data; + + return Gost2814789_set_key(&c->ks, key, ctx->key_len * 8); +} + +int +gost2814789_set_asn1_params(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params) +{ + int len = 0; + unsigned char *buf = NULL; + unsigned char *p = NULL; + EVP_GOST2814789_CTX *c = ctx->cipher_data; + ASN1_OCTET_STRING *os = NULL; + GOST_CIPHER_PARAMS *gcp = GOST_CIPHER_PARAMS_new(); + + if (gcp == NULL) { + GOSTerror(ERR_R_MALLOC_FAILURE); + return 0; + } + if (ASN1_OCTET_STRING_set(gcp->iv, ctx->iv, ctx->cipher->iv_len) == 0) { + GOST_CIPHER_PARAMS_free(gcp); + GOSTerror(ERR_R_ASN1_LIB); + return 0; + } + ASN1_OBJECT_free(gcp->enc_param_set); + gcp->enc_param_set = OBJ_nid2obj(c->param_nid); + + len = i2d_GOST_CIPHER_PARAMS(gcp, NULL); + p = buf = malloc(len); + if (buf == NULL) { + GOST_CIPHER_PARAMS_free(gcp); + GOSTerror(ERR_R_MALLOC_FAILURE); + return 0; + } + i2d_GOST_CIPHER_PARAMS(gcp, &p); + GOST_CIPHER_PARAMS_free(gcp); + + os = ASN1_OCTET_STRING_new(); + if (os == NULL) { + free(buf); + GOSTerror(ERR_R_MALLOC_FAILURE); + return 0; + } + if (ASN1_OCTET_STRING_set(os, buf, len) == 0) { + ASN1_OCTET_STRING_free(os); + free(buf); + GOSTerror(ERR_R_ASN1_LIB); + return 0; + } + free(buf); + + ASN1_TYPE_set(params, V_ASN1_SEQUENCE, os); + return 1; +} + +int +gost2814789_get_asn1_params(EVP_CIPHER_CTX *ctx, ASN1_TYPE *params) +{ + int ret = -1; + int len; + GOST_CIPHER_PARAMS *gcp = NULL; + EVP_GOST2814789_CTX *c = ctx->cipher_data; + unsigned char *p; + + if (ASN1_TYPE_get(params) != V_ASN1_SEQUENCE) + return ret; + + p = params->value.sequence->data; + + gcp = d2i_GOST_CIPHER_PARAMS(NULL, (const unsigned char **)&p, + params->value.sequence->length); + + len = gcp->iv->length; + if (len != ctx->cipher->iv_len) { + GOST_CIPHER_PARAMS_free(gcp); + GOSTerror(GOST_R_INVALID_IV_LENGTH); + return -1; + } + + if (!Gost2814789_set_sbox(&c->ks, OBJ_obj2nid(gcp->enc_param_set))) { + GOST_CIPHER_PARAMS_free(gcp); + return -1; + } + c->param_nid = OBJ_obj2nid(gcp->enc_param_set); + + memcpy(ctx->oiv, gcp->iv->data, len); + memcpy(ctx->iv, gcp->iv->data, len); + + GOST_CIPHER_PARAMS_free(gcp); + + return 1; +} + +BLOCK_CIPHER_func_ecb(gost2814789, Gost2814789, EVP_GOST2814789_CTX, ks) +BLOCK_CIPHER_func_cfb(gost2814789, Gost2814789, 64, EVP_GOST2814789_CTX, ks) + +static int +gost2814789_cnt_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl) +{ + EVP_GOST2814789_CTX *c = ctx->cipher_data; + + while (inl >= EVP_MAXCHUNK) { + Gost2814789_cnt_encrypt(in, out, (long)EVP_MAXCHUNK, &c->ks, + ctx->iv, ctx->buf, &ctx->num); + inl -= EVP_MAXCHUNK; + in += EVP_MAXCHUNK; + out += EVP_MAXCHUNK; + } + + if (inl) + Gost2814789_cnt_encrypt(in, out, inl, &c->ks, ctx->iv, ctx->buf, + &ctx->num); + return 1; +} + +/* gost89 is CFB-64 */ +#define NID_gost89_cfb64 NID_id_Gost28147_89 + +BLOCK_CIPHER_def_ecb(gost2814789, EVP_GOST2814789_CTX, NID_gost89, 8, 32, + EVP_CIPH_NO_PADDING | EVP_CIPH_CTRL_INIT, + gost2814789_init_key, NULL, gost2814789_set_asn1_params, + gost2814789_get_asn1_params, gost2814789_ctl) +BLOCK_CIPHER_def_cfb(gost2814789, EVP_GOST2814789_CTX, NID_gost89, 32, 8, 64, + EVP_CIPH_NO_PADDING | EVP_CIPH_CTRL_INIT, + gost2814789_init_key, NULL, gost2814789_set_asn1_params, + gost2814789_get_asn1_params, gost2814789_ctl) +BLOCK_CIPHER_def1(gost2814789, cnt, cnt, OFB, EVP_GOST2814789_CTX, NID_gost89, + 1, 32, 8, EVP_CIPH_NO_PADDING | EVP_CIPH_CTRL_INIT, + gost2814789_init_key, NULL, gost2814789_set_asn1_params, + gost2814789_get_asn1_params, gost2814789_ctl) +#endif diff --git a/src/lib/libcrypto/evp/e_idea.c b/src/lib/libcrypto/evp/e_idea.c index ed838d3e620..454ad4e6722 100644 --- a/src/lib/libcrypto/evp/e_idea.c +++ b/src/lib/libcrypto/evp/e_idea.c @@ -1,25 +1,25 @@ -/* crypto/evp/e_idea.c */ +/* $OpenBSD: e_idea.c,v 1.10 2015/09/10 15:56:25 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,70 +49,77 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ +#include +#include + +#include + #ifndef OPENSSL_NO_IDEA -#include -#include "cryptlib.h" #include +#include #include + #include "evp_locl.h" -#include static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv,int enc); + const unsigned char *iv, int enc); /* NB idea_ecb_encrypt doesn't take an 'encrypt' argument so we treat it as a special - * case + * case */ -static int idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl) +static int +idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl) { BLOCK_CIPHER_ecb_loop() - idea_ecb_encrypt(in + i, out + i, ctx->cipher_data); + idea_ecb_encrypt(in + i, out + i, ctx->cipher_data); return 1; } /* Can't use IMPLEMENT_BLOCK_CIPHER because idea_ecb_encrypt is different */ -typedef struct - { +typedef struct { IDEA_KEY_SCHEDULE ks; - } EVP_IDEA_KEY; +} EVP_IDEA_KEY; BLOCK_CIPHER_func_cbc(idea, idea, EVP_IDEA_KEY, ks) BLOCK_CIPHER_func_ofb(idea, idea, 64, EVP_IDEA_KEY, ks) BLOCK_CIPHER_func_cfb(idea, idea, 64, EVP_IDEA_KEY, ks) BLOCK_CIPHER_defs(idea, IDEA_KEY_SCHEDULE, NID_idea, 8, 16, 8, 64, - 0, idea_init_key, NULL, - EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) + 0, idea_init_key, NULL, + EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) -static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) - { - if(!enc) { - if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) enc = 1; - else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CFB_MODE) enc = 1; +static int +idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ + if (!enc) { + if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) + enc = 1; + else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CFB_MODE) + enc = 1; } - if (enc) idea_set_encrypt_key(key,ctx->cipher_data); - else - { + if (enc) + idea_set_encrypt_key(key, ctx->cipher_data); + else { IDEA_KEY_SCHEDULE tmp; - idea_set_encrypt_key(key,&tmp); - idea_set_decrypt_key(&tmp,ctx->cipher_data); - memset((unsigned char *)&tmp,0, - sizeof(IDEA_KEY_SCHEDULE)); - } - return 1; + idea_set_encrypt_key(key, &tmp); + idea_set_decrypt_key(&tmp, ctx->cipher_data); + explicit_bzero((unsigned char *)&tmp, + sizeof(IDEA_KEY_SCHEDULE)); } + return 1; +} #endif diff --git a/src/lib/libcrypto/evp/e_null.c b/src/lib/libcrypto/evp/e_null.c index 2420d7e5af8..65374cc3f53 100644 --- a/src/lib/libcrypto/evp/e_null.c +++ b/src/lib/libcrypto/evp/e_null.c @@ -1,25 +1,25 @@ -/* crypto/evp/e_null.c */ +/* $OpenBSD: e_null.c,v 1.14 2014/07/11 08:44:48 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,18 +57,19 @@ */ #include -#include "cryptlib.h" +#include + #include #include static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv,int enc); + const unsigned char *iv, int enc); static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl); -static const EVP_CIPHER n_cipher= - { + const unsigned char *in, size_t inl); + +static const EVP_CIPHER n_cipher = { NID_undef, - 1,0,0, + 1, 0, 0, 0, null_init_key, null_cipher, @@ -76,26 +77,29 @@ static const EVP_CIPHER n_cipher= 0, NULL, NULL, + NULL, NULL - }; +}; -const EVP_CIPHER *EVP_enc_null(void) - { - return(&n_cipher); - } +const EVP_CIPHER * +EVP_enc_null(void) +{ + return (&n_cipher); +} -static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) - { +static int +null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ /* memset(&(ctx->c),0,sizeof(ctx->c));*/ return 1; - } +} -static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl) - { +static int +null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl) +{ if (in != out) - memcpy((char *)out,(char *)in,(int)inl); + memcpy((char *)out, (const char *)in, inl); return 1; - } - +} diff --git a/src/lib/libcrypto/evp/e_old.c b/src/lib/libcrypto/evp/e_old.c new file mode 100644 index 00000000000..71166654b01 --- /dev/null +++ b/src/lib/libcrypto/evp/e_old.c @@ -0,0 +1,159 @@ +/* $OpenBSD: e_old.c,v 1.8 2015/02/10 11:45:09 jsing Exp $ */ +/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL + * project 2004. + */ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include + +#ifndef OPENSSL_NO_DEPRECATED + +#include + +/* Define some deprecated functions, so older programs + don't crash and burn too quickly. On Windows and VMS, + these will never be used, since functions and variables + in shared libraries are selected by entry point location, + not by name. */ + +#ifndef OPENSSL_NO_BF +#undef EVP_bf_cfb +const EVP_CIPHER *EVP_bf_cfb(void); +const EVP_CIPHER * +EVP_bf_cfb(void) +{ + return EVP_bf_cfb64(); +} +#endif + +#ifndef OPENSSL_NO_DES +#undef EVP_des_cfb +const EVP_CIPHER *EVP_des_cfb(void); +const EVP_CIPHER * +EVP_des_cfb(void) +{ + return EVP_des_cfb64(); +} +#undef EVP_des_ede3_cfb +const EVP_CIPHER *EVP_des_ede3_cfb(void); +const EVP_CIPHER * +EVP_des_ede3_cfb(void) +{ + return EVP_des_ede3_cfb64(); +} +#undef EVP_des_ede_cfb +const EVP_CIPHER *EVP_des_ede_cfb(void); +const EVP_CIPHER * +EVP_des_ede_cfb(void) +{ + return EVP_des_ede_cfb64(); +} +#endif + +#ifndef OPENSSL_NO_IDEA +#undef EVP_idea_cfb +const EVP_CIPHER *EVP_idea_cfb(void); +const EVP_CIPHER * +EVP_idea_cfb(void) +{ + return EVP_idea_cfb64(); +} +#endif + +#ifndef OPENSSL_NO_RC2 +#undef EVP_rc2_cfb +const EVP_CIPHER *EVP_rc2_cfb(void); +const EVP_CIPHER * +EVP_rc2_cfb(void) +{ + return EVP_rc2_cfb64(); +} +#endif + +#ifndef OPENSSL_NO_CAST +#undef EVP_cast5_cfb +const EVP_CIPHER *EVP_cast5_cfb(void); +const EVP_CIPHER * +EVP_cast5_cfb(void) +{ + return EVP_cast5_cfb64(); +} +#endif + +#ifndef OPENSSL_NO_AES +#undef EVP_aes_128_cfb +const EVP_CIPHER *EVP_aes_128_cfb(void); +const EVP_CIPHER * +EVP_aes_128_cfb(void) +{ + return EVP_aes_128_cfb128(); +} +#undef EVP_aes_192_cfb +const EVP_CIPHER *EVP_aes_192_cfb(void); +const EVP_CIPHER * +EVP_aes_192_cfb(void) +{ + return EVP_aes_192_cfb128(); +} +#undef EVP_aes_256_cfb +const EVP_CIPHER *EVP_aes_256_cfb(void); +const EVP_CIPHER * +EVP_aes_256_cfb(void) +{ + return EVP_aes_256_cfb128(); +} +#endif + +#endif diff --git a/src/lib/libcrypto/evp/e_rc2.c b/src/lib/libcrypto/evp/e_rc2.c index 4685198e2e5..de1b24a306d 100644 --- a/src/lib/libcrypto/evp/e_rc2.c +++ b/src/lib/libcrypto/evp/e_rc2.c @@ -1,25 +1,25 @@ -/* crypto/evp/e_rc2.c */ +/* $OpenBSD: e_rc2.c,v 1.12 2017/01/29 17:49:23 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,54 +49,56 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ +#include + +#include + #ifndef OPENSSL_NO_RC2 -#include -#include "cryptlib.h" +#include #include #include -#include "evp_locl.h" #include +#include "evp_locl.h" + static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv,int enc); + const unsigned char *iv, int enc); static int rc2_meth_to_magic(EVP_CIPHER_CTX *ctx); static int rc2_magic_to_meth(int i); static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type); static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type); static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); -typedef struct - { +typedef struct { int key_bits; /* effective key bits */ RC2_KEY ks; /* key schedule */ - } EVP_RC2_KEY; +} EVP_RC2_KEY; #define data(ctx) ((EVP_RC2_KEY *)(ctx)->cipher_data) IMPLEMENT_BLOCK_CIPHER(rc2, ks, RC2, EVP_RC2_KEY, NID_rc2, - 8, - RC2_KEY_LENGTH, 8, 64, - EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, - rc2_init_key, NULL, - rc2_set_asn1_type_and_iv, rc2_get_asn1_type_and_iv, - rc2_ctrl) + 8, + RC2_KEY_LENGTH, 8, 64, + EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, + rc2_init_key, NULL, + rc2_set_asn1_type_and_iv, rc2_get_asn1_type_and_iv, + rc2_ctrl) #define RC2_40_MAGIC 0xa0 #define RC2_64_MAGIC 0x78 #define RC2_128_MAGIC 0x3a -static const EVP_CIPHER r2_64_cbc_cipher= - { +static const EVP_CIPHER r2_64_cbc_cipher = { NID_rc2_64_cbc, - 8,8 /* 64 bit */,8, + 8, 8 /* 64 bit */, 8, EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, rc2_init_key, rc2_cbc_cipher, @@ -106,12 +108,11 @@ static const EVP_CIPHER r2_64_cbc_cipher= rc2_get_asn1_type_and_iv, rc2_ctrl, NULL - }; +}; -static const EVP_CIPHER r2_40_cbc_cipher= - { +static const EVP_CIPHER r2_40_cbc_cipher = { NID_rc2_40_cbc, - 8,5 /* 40 bit */,8, + 8, 5 /* 40 bit */, 8, EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, rc2_init_key, rc2_cbc_cipher, @@ -121,90 +122,108 @@ static const EVP_CIPHER r2_40_cbc_cipher= rc2_get_asn1_type_and_iv, rc2_ctrl, NULL - }; - -const EVP_CIPHER *EVP_rc2_64_cbc(void) - { - return(&r2_64_cbc_cipher); - } - -const EVP_CIPHER *EVP_rc2_40_cbc(void) - { - return(&r2_40_cbc_cipher); - } - -static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) - { - RC2_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx), - key,data(ctx)->key_bits); +}; + +const EVP_CIPHER * +EVP_rc2_64_cbc(void) +{ + return (&r2_64_cbc_cipher); +} + +const EVP_CIPHER * +EVP_rc2_40_cbc(void) +{ + return (&r2_40_cbc_cipher); +} + +static int +rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ + RC2_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), + key, data(ctx)->key_bits); return 1; - } +} -static int rc2_meth_to_magic(EVP_CIPHER_CTX *e) - { +static int +rc2_meth_to_magic(EVP_CIPHER_CTX *e) +{ int i; EVP_CIPHER_CTX_ctrl(e, EVP_CTRL_GET_RC2_KEY_BITS, 0, &i); - if (i == 128) return(RC2_128_MAGIC); - else if (i == 64) return(RC2_64_MAGIC); - else if (i == 40) return(RC2_40_MAGIC); - else return(0); - } - -static int rc2_magic_to_meth(int i) - { - if (i == RC2_128_MAGIC) return 128; - else if (i == RC2_64_MAGIC) return 64; - else if (i == RC2_40_MAGIC) return 40; + if (i == 128) + return (RC2_128_MAGIC); + else if (i == 64) + return (RC2_64_MAGIC); + else if (i == 40) + return (RC2_40_MAGIC); else - { - EVPerr(EVP_F_RC2_MAGIC_TO_METH,EVP_R_UNSUPPORTED_KEY_SIZE); - return(0); - } + return (0); +} + +static int +rc2_magic_to_meth(int i) +{ + if (i == RC2_128_MAGIC) + return 128; + else if (i == RC2_64_MAGIC) + return 64; + else if (i == RC2_40_MAGIC) + return 40; + else { + EVPerror(EVP_R_UNSUPPORTED_KEY_SIZE); + return (0); } +} -static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) - { - long num=0; - int i=0,l; +static int +rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) +{ + long num = 0; + int i = 0; int key_bits; + unsigned int l; unsigned char iv[EVP_MAX_IV_LENGTH]; - if (type != NULL) - { - l=EVP_CIPHER_CTX_iv_length(c); - i=ASN1_TYPE_get_int_octetstring(type,&num,iv,l); - if (i != l) - return(-1); - key_bits =rc2_magic_to_meth((int)num); + if (type != NULL) { + l = EVP_CIPHER_CTX_iv_length(c); + if (l > sizeof(iv)) { + EVPerror(EVP_R_IV_TOO_LARGE); + return -1; + } + i = ASN1_TYPE_get_int_octetstring(type, &num, iv, l); + if (i != (int)l) + return (-1); + key_bits = rc2_magic_to_meth((int)num); if (!key_bits) - return(-1); - if(i > 0) EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1); - EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL); + return (-1); + if (i > 0 && !EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1)) + return -1; + EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, + key_bits, NULL); EVP_CIPHER_CTX_set_key_length(c, key_bits / 8); - } - return(i); } + return (i); +} -static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) - { +static int +rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) +{ long num; - int i=0,j; + int i = 0, j; - if (type != NULL) - { - num=rc2_meth_to_magic(c); - j=EVP_CIPHER_CTX_iv_length(c); - i=ASN1_TYPE_set_int_octetstring(type,num,c->oiv,j); - } - return(i); + if (type != NULL) { + num = rc2_meth_to_magic(c); + j = EVP_CIPHER_CTX_iv_length(c); + i = ASN1_TYPE_set_int_octetstring(type, num, c->oiv, j); } + return (i); +} -static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) - { - switch(type) - { +static int +rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) +{ + switch (type) { case EVP_CTRL_INIT: data(c)->key_bits = EVP_CIPHER_CTX_key_length(c) * 8; return 1; @@ -212,18 +231,23 @@ static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) case EVP_CTRL_GET_RC2_KEY_BITS: *(int *)ptr = data(c)->key_bits; return 1; - + case EVP_CTRL_SET_RC2_KEY_BITS: - if(arg > 0) - { + if (arg > 0) { data(c)->key_bits = arg; return 1; - } + } return 0; +#ifdef PBE_PRF_TEST + case EVP_CTRL_PBE_PRF_NID: + *(int *)ptr = NID_hmacWithMD5; + return 1; +#endif + default: return -1; - } } +} #endif diff --git a/src/lib/libcrypto/evp/e_rc4.c b/src/lib/libcrypto/evp/e_rc4.c index 4064cc5fa04..e77a2931415 100644 --- a/src/lib/libcrypto/evp/e_rc4.c +++ b/src/lib/libcrypto/evp/e_rc4.c @@ -1,25 +1,25 @@ -/* crypto/evp/e_rc4.c */ +/* $OpenBSD: e_rc4.c,v 1.14 2014/07/11 08:44:48 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,41 +49,42 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ +#include + +#include + #ifndef OPENSSL_NO_RC4 -#include -#include "cryptlib.h" #include #include #include +#include "evp_locl.h" + /* FIXME: surely this is available elsewhere? */ #define EVP_RC4_KEY_SIZE 16 -typedef struct - { - /* FIXME: what is the key for? */ - unsigned char key[EVP_RC4_KEY_SIZE]; +typedef struct { RC4_KEY ks; /* working key */ - } EVP_RC4_KEY; +} EVP_RC4_KEY; #define data(ctx) ((EVP_RC4_KEY *)(ctx)->cipher_data) static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv,int enc); + const unsigned char *iv, int enc); static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl); -static const EVP_CIPHER r4_cipher= - { + const unsigned char *in, size_t inl); + +static const EVP_CIPHER r4_cipher = { NID_rc4, - 1,EVP_RC4_KEY_SIZE,0, + 1, EVP_RC4_KEY_SIZE, 0, EVP_CIPH_VARIABLE_LENGTH, rc4_init_key, rc4_cipher, @@ -91,46 +92,49 @@ static const EVP_CIPHER r4_cipher= sizeof(EVP_RC4_KEY), NULL, NULL, + NULL, NULL - }; +}; -static const EVP_CIPHER r4_40_cipher= - { +static const EVP_CIPHER r4_40_cipher = { NID_rc4_40, - 1,5 /* 40 bit */,0, + 1, 5 /* 40 bit */, 0, EVP_CIPH_VARIABLE_LENGTH, rc4_init_key, rc4_cipher, NULL, sizeof(EVP_RC4_KEY), - NULL, + NULL, + NULL, NULL, NULL - }; +}; -const EVP_CIPHER *EVP_rc4(void) - { - return(&r4_cipher); - } +const EVP_CIPHER * +EVP_rc4(void) +{ + return (&r4_cipher); +} -const EVP_CIPHER *EVP_rc4_40(void) - { - return(&r4_40_cipher); - } +const EVP_CIPHER * +EVP_rc4_40(void) +{ + return (&r4_40_cipher); +} -static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) - { - memcpy(&data(ctx)->key[0],key,EVP_CIPHER_CTX_key_length(ctx)); - RC4_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx), - data(ctx)->key); +static int +rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ + RC4_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), key); return 1; - } +} -static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl) - { - RC4(&data(ctx)->ks,inl,in,out); +static int +rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl) +{ + RC4(&data(ctx)->ks, inl, in, out); return 1; - } +} #endif diff --git a/src/lib/libcrypto/evp/e_rc4_hmac_md5.c b/src/lib/libcrypto/evp/e_rc4_hmac_md5.c new file mode 100644 index 00000000000..ac73361fa37 --- /dev/null +++ b/src/lib/libcrypto/evp/e_rc4_hmac_md5.c @@ -0,0 +1,305 @@ +/* $OpenBSD: e_rc4_hmac_md5.c,v 1.8 2017/01/31 13:17:21 inoguchi Exp $ */ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include +#include + +#include + +#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_MD5) + +#include +#include +#include +#include + +/* FIXME: surely this is available elsewhere? */ +#define EVP_RC4_KEY_SIZE 16 + +typedef struct { + RC4_KEY ks; + MD5_CTX head, tail, md; + size_t payload_length; +} EVP_RC4_HMAC_MD5; + +#define NO_PAYLOAD_LENGTH ((size_t)-1) + +void rc4_md5_enc (RC4_KEY *key, const void *in0, void *out, + MD5_CTX *ctx, const void *inp, size_t blocks); + +#define data(ctx) ((EVP_RC4_HMAC_MD5 *)(ctx)->cipher_data) + +static int +rc4_hmac_md5_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *inkey, + const unsigned char *iv, int enc) +{ + EVP_RC4_HMAC_MD5 *key = data(ctx); + + RC4_set_key(&key->ks, EVP_CIPHER_CTX_key_length(ctx), inkey); + + MD5_Init(&key->head); /* handy when benchmarking */ + key->tail = key->head; + key->md = key->head; + + key->payload_length = NO_PAYLOAD_LENGTH; + + return 1; +} + +#if !defined(OPENSSL_NO_ASM) && defined(RC4_MD5_ASM) && ( \ + defined(__x86_64) || defined(__x86_64__) || \ + defined(_M_AMD64) || defined(_M_X64) || \ + defined(__INTEL__) ) && \ + !(defined(__APPLE__) && defined(__MACH__)) +#define STITCHED_CALL +#include "x86_arch.h" +#endif + +#if !defined(STITCHED_CALL) +#define rc4_off 0 +#define md5_off 0 +#endif + +static int +rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t len) +{ + EVP_RC4_HMAC_MD5 *key = data(ctx); +#if defined(STITCHED_CALL) + size_t rc4_off = 32-1-(key->ks.x&(32-1)), /* 32 is $MOD from rc4_md5-x86_64.pl */ + md5_off = MD5_CBLOCK - key->md.num, + blocks; + unsigned int l; +#endif + size_t plen = key->payload_length; + + if (plen != NO_PAYLOAD_LENGTH && len != (plen + MD5_DIGEST_LENGTH)) + return 0; + + if (ctx->encrypt) { + if (plen == NO_PAYLOAD_LENGTH) + plen = len; +#if defined(STITCHED_CALL) + /* cipher has to "fall behind" */ + if (rc4_off > md5_off) + md5_off += MD5_CBLOCK; + + if (plen > md5_off && + (blocks = (plen - md5_off) / MD5_CBLOCK) && + (OPENSSL_cpu_caps() & CPUCAP_MASK_INTELP4) == 0) { + MD5_Update(&key->md, in, md5_off); + RC4(&key->ks, rc4_off, in, out); + + rc4_md5_enc(&key->ks, in + rc4_off, out + rc4_off, + &key->md, in + md5_off, blocks); + blocks *= MD5_CBLOCK; + rc4_off += blocks; + md5_off += blocks; + key->md.Nh += blocks >> 29; + key->md.Nl += blocks <<= 3; + if (key->md.Nl < (unsigned int)blocks) + key->md.Nh++; + } else { + rc4_off = 0; + md5_off = 0; + } +#endif + MD5_Update(&key->md, in + md5_off, plen - md5_off); + + if (plen!=len) { /* "TLS" mode of operation */ + if (in != out) + memcpy(out + rc4_off, in + rc4_off, + plen - rc4_off); + + /* calculate HMAC and append it to payload */ + MD5_Final(out + plen, &key->md); + key->md = key->tail; + MD5_Update(&key->md, out + plen, MD5_DIGEST_LENGTH); + MD5_Final(out + plen, &key->md); + + /* encrypt HMAC at once */ + RC4(&key->ks, len - rc4_off, out + rc4_off, + out + rc4_off); + } else { + RC4(&key->ks, len - rc4_off, in + rc4_off, + out + rc4_off); + } + } else { + unsigned char mac[MD5_DIGEST_LENGTH]; +#if defined(STITCHED_CALL) + /* digest has to "fall behind" */ + if (md5_off > rc4_off) + rc4_off += 2*MD5_CBLOCK; + else + rc4_off += MD5_CBLOCK; + + if (len > rc4_off && (blocks = (len - rc4_off) / MD5_CBLOCK) && + (OPENSSL_cpu_caps() & CPUCAP_MASK_INTELP4) == 0) { + RC4(&key->ks, rc4_off, in, out); + MD5_Update(&key->md, out, md5_off); + + rc4_md5_enc(&key->ks, in + rc4_off, out + rc4_off, + &key->md, out + md5_off, blocks); + blocks *= MD5_CBLOCK; + rc4_off += blocks; + md5_off += blocks; + l = (key->md.Nl + (blocks << 3)) & 0xffffffffU; + if (l < key->md.Nl) + key->md.Nh++; + key->md.Nl = l; + key->md.Nh += blocks >> 29; + } else { + md5_off = 0; + rc4_off = 0; + } +#endif + /* decrypt HMAC at once */ + RC4(&key->ks, len - rc4_off, in + rc4_off, out + rc4_off); + if (plen!=NO_PAYLOAD_LENGTH) { /* "TLS" mode of operation */ + MD5_Update(&key->md, out + md5_off, plen - md5_off); + + /* calculate HMAC and verify it */ + MD5_Final(mac, &key->md); + key->md = key->tail; + MD5_Update(&key->md, mac, MD5_DIGEST_LENGTH); + MD5_Final(mac, &key->md); + + if (memcmp(out + plen, mac, MD5_DIGEST_LENGTH)) + return 0; + } else { + MD5_Update(&key->md, out + md5_off, len - md5_off); + } + } + + key->payload_length = NO_PAYLOAD_LENGTH; + + return 1; +} + +static int +rc4_hmac_md5_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) +{ + EVP_RC4_HMAC_MD5 *key = data(ctx); + + switch (type) { + case EVP_CTRL_AEAD_SET_MAC_KEY: + { + unsigned int i; + unsigned char hmac_key[64]; + + memset (hmac_key, 0, sizeof(hmac_key)); + + if (arg > (int)sizeof(hmac_key)) { + MD5_Init(&key->head); + MD5_Update(&key->head, ptr, arg); + MD5_Final(hmac_key, &key->head); + } else { + memcpy(hmac_key, ptr, arg); + } + + for (i = 0; i < sizeof(hmac_key); i++) + hmac_key[i] ^= 0x36; /* ipad */ + MD5_Init(&key->head); + MD5_Update(&key->head, hmac_key, sizeof(hmac_key)); + + for (i = 0; i < sizeof(hmac_key); i++) + hmac_key[i] ^= 0x36 ^ 0x5c; /* opad */ + MD5_Init(&key->tail); + MD5_Update(&key->tail, hmac_key, sizeof(hmac_key)); + + return 1; + } + case EVP_CTRL_AEAD_TLS1_AAD: + { + unsigned char *p = ptr; + unsigned int len = p[arg - 2] << 8 | p[arg - 1]; + + if (!ctx->encrypt) { + if (len < MD5_DIGEST_LENGTH) + return -1; + len -= MD5_DIGEST_LENGTH; + p[arg - 2] = len >> 8; + p[arg - 1] = len; + } + key->payload_length = len; + key->md = key->head; + MD5_Update(&key->md, p, arg); + + return MD5_DIGEST_LENGTH; + } + default: + return -1; + } +} + +static EVP_CIPHER r4_hmac_md5_cipher = { +#ifdef NID_rc4_hmac_md5 + NID_rc4_hmac_md5, +#else + NID_undef, +#endif + 1, EVP_RC4_KEY_SIZE, 0, + EVP_CIPH_STREAM_CIPHER|EVP_CIPH_VARIABLE_LENGTH|EVP_CIPH_FLAG_AEAD_CIPHER, + rc4_hmac_md5_init_key, + rc4_hmac_md5_cipher, + NULL, + sizeof(EVP_RC4_HMAC_MD5), + NULL, + NULL, + rc4_hmac_md5_ctrl, + NULL +}; + +const EVP_CIPHER * +EVP_rc4_hmac_md5(void) +{ + return (&r4_hmac_md5_cipher); +} +#endif diff --git a/src/lib/libcrypto/evp/e_rc5.c b/src/lib/libcrypto/evp/e_rc5.c deleted file mode 100644 index 3c7713b1816..00000000000 --- a/src/lib/libcrypto/evp/e_rc5.c +++ /dev/null @@ -1,125 +0,0 @@ -/* crypto/evp/e_rc5.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#ifndef OPENSSL_NO_RC5 - -#include -#include "cryptlib.h" -#include -#include -#include "evp_locl.h" -#include - -static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv,int enc); -static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); - -typedef struct - { - int rounds; /* number of rounds */ - RC5_32_KEY ks; /* key schedule */ - } EVP_RC5_KEY; - -#define data(ctx) EVP_C_DATA(EVP_RC5_KEY,ctx) - -IMPLEMENT_BLOCK_CIPHER(rc5_32_12_16, ks, RC5_32, EVP_RC5_KEY, NID_rc5, - 8, RC5_32_KEY_LENGTH, 8, 64, - EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, - r_32_12_16_init_key, NULL, - NULL, NULL, rc5_ctrl) - -static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) - { - switch(type) - { - case EVP_CTRL_INIT: - data(c)->rounds = RC5_12_ROUNDS; - return 1; - - case EVP_CTRL_GET_RC5_ROUNDS: - *(int *)ptr = data(c)->rounds; - return 1; - - case EVP_CTRL_SET_RC5_ROUNDS: - switch(arg) - { - case RC5_8_ROUNDS: - case RC5_12_ROUNDS: - case RC5_16_ROUNDS: - data(c)->rounds = arg; - return 1; - - default: - EVPerr(EVP_F_RC5_CTRL, EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS); - return 0; - } - - default: - return -1; - } - } - -static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) - { - RC5_32_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx), - key,data(ctx)->rounds); - return 1; - } - -#endif diff --git a/src/lib/libcrypto/evp/e_sm4.c b/src/lib/libcrypto/evp/e_sm4.c new file mode 100644 index 00000000000..554915b29c2 --- /dev/null +++ b/src/lib/libcrypto/evp/e_sm4.c @@ -0,0 +1,113 @@ +/* $OpenBSD: e_sm4.c,v 1.1 2019/03/17 17:42:37 tb Exp $ */ +/* + * Copyright (c) 2017, 2019 Ribose Inc + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#ifndef OPENSSL_NO_SM4 +#include +#include +#include + +#include "evp_locl.h" + +typedef struct { + SM4_KEY ks; +} EVP_SM4_KEY; + +static int +sm4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ + SM4_set_key(key, ctx->cipher_data); + return 1; +} + +static void +sm4_cbc_encrypt(const unsigned char *in, unsigned char *out, size_t len, + const SM4_KEY *key, unsigned char *ivec, const int enc) +{ + if (enc) + CRYPTO_cbc128_encrypt(in, out, len, key, ivec, + (block128_f)SM4_encrypt); + else + CRYPTO_cbc128_decrypt(in, out, len, key, ivec, + (block128_f)SM4_decrypt); +} + +static void +sm4_cfb128_encrypt(const unsigned char *in, unsigned char *out, size_t length, + const SM4_KEY *key, unsigned char *ivec, int *num, const int enc) +{ + CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc, + (block128_f)SM4_encrypt); +} + +static void +sm4_ecb_encrypt(const unsigned char *in, unsigned char *out, const SM4_KEY *key, + const int enc) +{ + if (enc) + SM4_encrypt(in, out, key); + else + SM4_decrypt(in, out, key); +} + +static void +sm4_ofb128_encrypt(const unsigned char *in, unsigned char *out, size_t length, + const SM4_KEY *key, unsigned char *ivec, int *num) +{ + CRYPTO_ofb128_encrypt(in, out, length, key, ivec, num, + (block128_f)SM4_encrypt); +} + +IMPLEMENT_BLOCK_CIPHER(sm4, ks, sm4, EVP_SM4_KEY, NID_sm4, 16, 16, 16, 128, + EVP_CIPH_FLAG_DEFAULT_ASN1, sm4_init_key, NULL, 0, 0, 0) + +static int +sm4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, + size_t len) +{ + EVP_SM4_KEY *key = EVP_C_DATA(EVP_SM4_KEY, ctx); + + CRYPTO_ctr128_encrypt(in, out, len, &key->ks, ctx->iv, ctx->buf, + &ctx->num, (block128_f)SM4_encrypt); + return 1; +} + +static const EVP_CIPHER sm4_ctr_mode = { + .nid = NID_sm4_ctr, + .block_size = 1, + .key_len = 16, + .iv_len = 16, + .flags = EVP_CIPH_CTR_MODE, + .init = sm4_init_key, + .do_cipher = sm4_ctr_cipher, + .cleanup = NULL, + .ctx_size = sizeof(EVP_SM4_KEY), + .set_asn1_parameters = NULL, + .get_asn1_parameters = NULL, + .ctrl = NULL, + .app_data = NULL, +}; + +const EVP_CIPHER * +EVP_sm4_ctr(void) +{ + return &sm4_ctr_mode; +} + +#endif diff --git a/src/lib/libcrypto/evp/e_xcbc_d.c b/src/lib/libcrypto/evp/e_xcbc_d.c index a6f849e93d0..2aae0a91512 100644 --- a/src/lib/libcrypto/evp/e_xcbc_d.c +++ b/src/lib/libcrypto/evp/e_xcbc_d.c @@ -1,25 +1,25 @@ -/* crypto/evp/e_xcbc_d.c */ +/* $OpenBSD: e_xcbc_d.c,v 1.12 2014/07/11 08:44:48 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,39 +49,43 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_DES #include -#include "cryptlib.h" +#include + +#include + +#ifndef OPENSSL_NO_DES + +#include #include #include -#include + +#include "evp_locl.h" static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv,int enc); + const unsigned char *iv, int enc); static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl); + const unsigned char *in, size_t inl); -typedef struct - { - DES_key_schedule ks;/* key schedule */ - DES_cblock inw; - DES_cblock outw; - } DESX_CBC_KEY; +typedef struct { + DES_key_schedule ks;/* key schedule */ + DES_cblock inw; + DES_cblock outw; +} DESX_CBC_KEY; #define data(ctx) ((DESX_CBC_KEY *)(ctx)->cipher_data) -static const EVP_CIPHER d_xcbc_cipher= - { +static const EVP_CIPHER d_xcbc_cipher = { NID_desx_cbc, - 8,24,8, + 8, 24, 8, EVP_CIPH_CBC_MODE, desx_cbc_init_key, desx_cbc_cipher, @@ -89,34 +93,45 @@ static const EVP_CIPHER d_xcbc_cipher= sizeof(DESX_CBC_KEY), EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, + NULL, NULL - }; +}; -const EVP_CIPHER *EVP_desx_cbc(void) - { - return(&d_xcbc_cipher); - } - -static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc) - { +const EVP_CIPHER * +EVP_desx_cbc(void) +{ + return (&d_xcbc_cipher); +} + +static int +desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ DES_cblock *deskey = (DES_cblock *)key; - DES_set_key_unchecked(deskey,&data(ctx)->ks); - memcpy(&data(ctx)->inw[0],&key[8],8); - memcpy(&data(ctx)->outw[0],&key[16],8); + DES_set_key_unchecked(deskey, &data(ctx)->ks); + memcpy(&data(ctx)->inw[0], &key[8], 8); + memcpy(&data(ctx)->outw[0], &key[16], 8); return 1; - } +} -static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl) - { - DES_xcbc_encrypt(in,out,inl,&data(ctx)->ks, - (DES_cblock *)&(ctx->iv[0]), - &data(ctx)->inw, - &data(ctx)->outw, - ctx->encrypt); - return 1; +static int +desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl) +{ + while (inl >= EVP_MAXCHUNK) { + DES_xcbc_encrypt(in, out, (long)EVP_MAXCHUNK, &data(ctx)->ks, + (DES_cblock *)&(ctx->iv[0]), &data(ctx)->inw, + &data(ctx)->outw, ctx->encrypt); + inl -= EVP_MAXCHUNK; + in += EVP_MAXCHUNK; + out += EVP_MAXCHUNK; } + if (inl) + DES_xcbc_encrypt(in, out, (long)inl, &data(ctx)->ks, + (DES_cblock *)&(ctx->iv[0]), &data(ctx)->inw, + &data(ctx)->outw, ctx->encrypt); + return 1; +} #endif diff --git a/src/lib/libcrypto/evp/encode.c b/src/lib/libcrypto/evp/encode.c index 12c6379df18..ae107abb875 100644 --- a/src/lib/libcrypto/evp/encode.c +++ b/src/lib/libcrypto/evp/encode.c @@ -1,25 +1,25 @@ -/* crypto/evp/encode.c */ +/* $OpenBSD: encode.c,v 1.26 2019/01/19 01:24:18 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,30 +49,21 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ +#include #include -#include "cryptlib.h" +#include + #include -#ifndef CHARSET_EBCDIC #define conv_bin2ascii(a) (data_bin2ascii[(a)&0x3f]) #define conv_ascii2bin(a) (data_ascii2bin[(a)&0x7f]) -#else -/* We assume that PEM encoded files are EBCDIC files - * (i.e., printable text files). Convert them here while decoding. - * When encoding, output is EBCDIC (text) format again. - * (No need for conversion in the conv_bin2ascii macro, as the - * underlying textstring data_bin2ascii[] is already EBCDIC) - */ -#define conv_bin2ascii(a) (data_bin2ascii[(a)&0x3f]) -#define conv_ascii2bin(a) (data_ascii2bin[os_toascii[a]&0x7f]) -#endif /* 64 char lines * pad input with 0 @@ -85,7 +76,7 @@ #define CHUNKS_PER_LINE (64/4) #define CHAR_PER_LINE (64+1) -static unsigned char data_bin2ascii[65]="ABCDEFGHIJKLMNOPQRSTUVWXYZ\ +static const unsigned char data_bin2ascii[65] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ\ abcdefghijklmnopqrstuvwxyz0123456789+/"; /* 0xF0 is a EOLN @@ -102,343 +93,345 @@ abcdefghijklmnopqrstuvwxyz0123456789+/"; #define B64_ERROR 0xFF #define B64_NOT_BASE64(a) (((a)|0x13) == 0xF3) -static unsigned char data_ascii2bin[128]={ - 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, - 0xFF,0xE0,0xF0,0xFF,0xFF,0xF1,0xFF,0xFF, - 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, - 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, - 0xE0,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, - 0xFF,0xFF,0xFF,0x3E,0xFF,0xF2,0xFF,0x3F, - 0x34,0x35,0x36,0x37,0x38,0x39,0x3A,0x3B, - 0x3C,0x3D,0xFF,0xFF,0xFF,0x00,0xFF,0xFF, - 0xFF,0x00,0x01,0x02,0x03,0x04,0x05,0x06, - 0x07,0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E, - 0x0F,0x10,0x11,0x12,0x13,0x14,0x15,0x16, - 0x17,0x18,0x19,0xFF,0xFF,0xFF,0xFF,0xFF, - 0xFF,0x1A,0x1B,0x1C,0x1D,0x1E,0x1F,0x20, - 0x21,0x22,0x23,0x24,0x25,0x26,0x27,0x28, - 0x29,0x2A,0x2B,0x2C,0x2D,0x2E,0x2F,0x30, - 0x31,0x32,0x33,0xFF,0xFF,0xFF,0xFF,0xFF, - }; - -void EVP_EncodeInit(EVP_ENCODE_CTX *ctx) - { - ctx->length=48; - ctx->num=0; - ctx->line_num=0; +static const unsigned char data_ascii2bin[128] = { + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xE0, 0xF0, 0xFF, 0xFF, 0xF1, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xE0, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0x3E, 0xFF, 0xF2, 0xFF, 0x3F, + 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, + 0x3C, 0x3D, 0xFF, 0xFF, 0xFF, 0x00, 0xFF, 0xFF, + 0xFF, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, + 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, + 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, + 0x17, 0x18, 0x19, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, + 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, + 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, + 0x31, 0x32, 0x33, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +}; + +EVP_ENCODE_CTX * +EVP_ENCODE_CTX_new(void) +{ + return calloc(1, sizeof(EVP_ENCODE_CTX)); +} + +void +EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx) +{ + free(ctx); +} + +void +EVP_EncodeInit(EVP_ENCODE_CTX *ctx) +{ + ctx->length = 48; + ctx->num = 0; + ctx->line_num = 0; +} + +int +EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, + const unsigned char *in, int inl) +{ + int i, j; + size_t total = 0; + + *outl = 0; + if (inl <= 0) + return 0; + OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data)); + if (ctx->length - ctx->num > inl) { + memcpy(&(ctx->enc_data[ctx->num]), in, inl); + ctx->num += inl; + return 1; } - -void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, - unsigned char *in, int inl) - { - int i,j; - unsigned int total=0; - - *outl=0; - if (inl == 0) return; - if ((ctx->num+inl) < ctx->length) - { - memcpy(&(ctx->enc_data[ctx->num]),in,inl); - ctx->num+=inl; - return; - } - if (ctx->num != 0) - { - i=ctx->length-ctx->num; - memcpy(&(ctx->enc_data[ctx->num]),in,i); - in+=i; - inl-=i; - j=EVP_EncodeBlock(out,ctx->enc_data,ctx->length); - ctx->num=0; - out+=j; - *(out++)='\n'; - *out='\0'; - total=j+1; - } - while (inl >= ctx->length) - { - j=EVP_EncodeBlock(out,in,ctx->length); - in+=ctx->length; - inl-=ctx->length; - out+=j; - *(out++)='\n'; - *out='\0'; - total+=j+1; - } - if (inl != 0) - memcpy(&(ctx->enc_data[0]),in,inl); - ctx->num=inl; - *outl=total; + if (ctx->num != 0) { + i = ctx->length - ctx->num; + memcpy(&(ctx->enc_data[ctx->num]), in, i); + in += i; + inl -= i; + j = EVP_EncodeBlock(out, ctx->enc_data, ctx->length); + ctx->num = 0; + out += j; + *(out++) = '\n'; + *out = '\0'; + total = j + 1; } - -void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl) - { - unsigned int ret=0; - - if (ctx->num != 0) - { - ret=EVP_EncodeBlock(out,ctx->enc_data,ctx->num); - out[ret++]='\n'; - out[ret]='\0'; - ctx->num=0; - } - *outl=ret; + while (inl >= ctx->length && total <= INT_MAX) { + j = EVP_EncodeBlock(out, in, ctx->length); + in += ctx->length; + inl -= ctx->length; + out += j; + *(out++) = '\n'; + *out = '\0'; + total += j + 1; } + if (total > INT_MAX) { + /* Too much output data! */ + *outl = 0; + return 0; + } + if (inl != 0) + memcpy(&(ctx->enc_data[0]), in, inl); + ctx->num = inl; + *outl = total; + + return 1; +} + +void +EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl) +{ + unsigned int ret = 0; + + if (ctx->num != 0) { + ret = EVP_EncodeBlock(out, ctx->enc_data, ctx->num); + out[ret++] = '\n'; + out[ret] = '\0'; + ctx->num = 0; + } + *outl = ret; +} -int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int dlen) - { - int i,ret=0; +int +EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int dlen) +{ + int i, ret = 0; unsigned long l; - for (i=dlen; i > 0; i-=3) - { - if (i >= 3) - { - l= (((unsigned long)f[0])<<16L)| - (((unsigned long)f[1])<< 8L)|f[2]; - *(t++)=conv_bin2ascii(l>>18L); - *(t++)=conv_bin2ascii(l>>12L); - *(t++)=conv_bin2ascii(l>> 6L); - *(t++)=conv_bin2ascii(l ); - } - else - { - l=((unsigned long)f[0])<<16L; - if (i == 2) l|=((unsigned long)f[1]<<8L); - - *(t++)=conv_bin2ascii(l>>18L); - *(t++)=conv_bin2ascii(l>>12L); - *(t++)=(i == 1)?'=':conv_bin2ascii(l>> 6L); - *(t++)='='; - } - ret+=4; - f+=3; + for (i = dlen; i > 0; i -= 3) { + if (i >= 3) { + l = (((unsigned long)f[0]) << 16L) | + (((unsigned long)f[1]) << 8L) | f[2]; + *(t++) = conv_bin2ascii(l >> 18L); + *(t++) = conv_bin2ascii(l >> 12L); + *(t++) = conv_bin2ascii(l >> 6L); + *(t++) = conv_bin2ascii(l ); + } else { + l = ((unsigned long)f[0]) << 16L; + if (i == 2) + l |= ((unsigned long)f[1] << 8L); + + *(t++) = conv_bin2ascii(l >> 18L); + *(t++) = conv_bin2ascii(l >> 12L); + *(t++) = (i == 1) ? '=' : conv_bin2ascii(l >> 6L); + *(t++) = '='; } - - *t='\0'; - return(ret); + ret += 4; + f += 3; } -void EVP_DecodeInit(EVP_ENCODE_CTX *ctx) - { - ctx->length=30; - ctx->num=0; - ctx->line_num=0; - ctx->expect_nl=0; - } + *t = '\0'; + return (ret); +} + +void +EVP_DecodeInit(EVP_ENCODE_CTX *ctx) +{ + ctx->length = 30; + ctx->num = 0; + ctx->line_num = 0; + ctx->expect_nl = 0; +} /* -1 for error * 0 for last line * 1 for full line */ -int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, - unsigned char *in, int inl) - { - int seof= -1,eof=0,rv= -1,ret=0,i,v,tmp,n,ln,tmp2,exp_nl; +int +EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, + const unsigned char *in, int inl) +{ + int seof = -1, eof = 0, rv = -1, ret = 0, i, v, tmp, n, ln, exp_nl; unsigned char *d; - n=ctx->num; - d=ctx->enc_data; - ln=ctx->line_num; - exp_nl=ctx->expect_nl; + n = ctx->num; + d = ctx->enc_data; + ln = ctx->line_num; + exp_nl = ctx->expect_nl; /* last line of input. */ - if ((inl == 0) || ((n == 0) && (conv_ascii2bin(in[0]) == B64_EOF))) - { rv=0; goto end; } - + if ((inl == 0) || ((n == 0) && (conv_ascii2bin(in[0]) == B64_EOF))) { + rv = 0; + goto end; + } + /* We parse the input data */ - for (i=0; i 80 characters, scream alot */ - if (ln >= 80) { rv= -1; goto end; } + if (ln >= 80) { + rv = -1; + goto end; + } /* Get char and put it into the buffer */ tmp= *(in++); - v=conv_ascii2bin(tmp); + v = conv_ascii2bin(tmp); /* only save the good data :-) */ - if (!B64_NOT_BASE64(v)) - { - d[n++]=tmp; + if (!B64_NOT_BASE64(v)) { + OPENSSL_assert(n < (int)sizeof(ctx->enc_data)); + d[n++] = tmp; ln++; - } - else if (v == B64_ERROR) - { - rv= -1; + } else if (v == B64_ERROR) { + rv = -1; goto end; - } + } - /* have we seen a '=' which is 'definitly' the last + /* There should not be base64 data after padding. */ + if (eof && tmp != '=' && tmp != '\r' && tmp != '\n' && + v != B64_EOF) { + rv = -1; + goto end; + } + + /* have we seen a '=' which is 'definitely' the last * input line. seof will point to the character that * holds it. and eof will hold how many characters to * chop off. */ - if (tmp == '=') - { - if (seof == -1) seof=n; + if (tmp == '=') { + if (seof == -1) + seof = n; eof++; - } + } - if (v == B64_CR) - { + /* There should be no more than two padding markers. */ + if (eof > 2) { + rv = -1; + goto end; + } + + if (v == B64_CR) { ln = 0; if (exp_nl) continue; - } + } /* eoln */ - if (v == B64_EOLN) - { - ln=0; - if (exp_nl) - { - exp_nl=0; + if (v == B64_EOLN) { + ln = 0; + if (exp_nl) { + exp_nl = 0; continue; - } } - exp_nl=0; + } + exp_nl = 0; /* If we are at the end of input and it looks like a * line, process it. */ - if (((i+1) == inl) && (((n&3) == 0) || eof)) - { - v=B64_EOF; + if (((i + 1) == inl) && (((n&3) == 0) || eof)) { + v = B64_EOF; /* In case things were given us in really small records (so two '=' were given in separate updates), eof may contain the incorrect number of ending bytes to skip, so let's redo the count */ eof = 0; - if (d[n-1] == '=') eof++; - if (d[n-2] == '=') eof++; + if (d[n-1] == '=') + eof++; + if (d[n-2] == '=') + eof++; /* There will never be more than two '=' */ - } + } - if ((v == B64_EOF) || (n >= 64)) - { + if ((v == B64_EOF && (n&3) == 0) || (n >= 64)) { /* This is needed to work correctly on 64 byte input * lines. We process the line and then need to * accept the '\n' */ - if ((v != B64_EOF) && (n >= 64)) exp_nl=1; - tmp2=v; - if (n > 0) - { - v=EVP_DecodeBlock(out,d,n); - if (v < 0) { rv=0; goto end; } - n=0; - ret+=(v-eof); - } - else - { - eof=1; - v=0; + if ((v != B64_EOF) && (n >= 64)) + exp_nl = 1; + if (n > 0) { + v = EVP_DecodeBlock(out, d, n); + n = 0; + if (v < 0) { + rv = 0; + goto end; } + ret += (v - eof); + } else { + eof = 1; + v = 0; + } /* This is the case where we have had a short * but valid input line */ - if ((v < ctx->length) && eof) - { - rv=0; + if ((v < ctx->length) && eof) { + rv = 0; goto end; - } - else - ctx->length=v; + } else + ctx->length = v; - if (seof >= 0) { rv=0; goto end; } - out+=v; + if (seof >= 0) { + rv = 0; + goto end; } + out += v; } - rv=1; -end: - *outl=ret; - ctx->num=n; - ctx->line_num=ln; - ctx->expect_nl=exp_nl; - return(rv); } + rv = 1; -int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n) - { - int i,ret=0,a,b,c,d; +end: + *outl = ret; + ctx->num = n; + ctx->line_num = ln; + ctx->expect_nl = exp_nl; + return (rv); +} + +int +EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n) +{ + int i, ret = 0, a, b, c, d; unsigned long l; /* trim white space from the start of the line. */ - while ((conv_ascii2bin(*f) == B64_WS) && (n > 0)) - { + while ((conv_ascii2bin(*f) == B64_WS) && (n > 0)) { f++; n--; - } + } /* strip off stuff at the end of the line * ascii2bin values B64_WS, B64_EOLN, B64_EOLN and B64_EOF */ - while ((n > 3) && (B64_NOT_BASE64(conv_ascii2bin(f[n-1])))) + while ((n > 3) && (B64_NOT_BASE64(conv_ascii2bin(f[n - 1])))) n--; - if (n%4 != 0) return(-1); - - for (i=0; i>16L)&0xff; - *(t++)=(unsigned char)(l>> 8L)&0xff; - *(t++)=(unsigned char)(l )&0xff; - ret+=3; - } - return(ret); + if (n % 4 != 0) + return (-1); + + for (i = 0; i < n; i += 4) { + a = conv_ascii2bin(*(f++)); + b = conv_ascii2bin(*(f++)); + c = conv_ascii2bin(*(f++)); + d = conv_ascii2bin(*(f++)); + if ((a & 0x80) || (b & 0x80) || + (c & 0x80) || (d & 0x80)) + return (-1); + l = ((((unsigned long)a) << 18L) | + (((unsigned long)b) << 12L) | + (((unsigned long)c) << 6L) | + (((unsigned long)d))); + *(t++) = (unsigned char)(l >> 16L) & 0xff; + *(t++) = (unsigned char)(l >> 8L) & 0xff; + *(t++) = (unsigned char)(l) & 0xff; + ret += 3; } + return (ret); +} -int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl) - { +int +EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl) +{ int i; - *outl=0; - if (ctx->num != 0) - { - i=EVP_DecodeBlock(out,ctx->enc_data,ctx->num); - if (i < 0) return(-1); - ctx->num=0; - *outl=i; - return(1); - } - else - return(1); - } - -#ifdef undef -int EVP_DecodeValid(unsigned char *buf, int len) - { - int i,num=0,bad=0; - - if (len == 0) return(-1); - while (conv_ascii2bin(*buf) == B64_WS) - { - buf++; - len--; - if (len == 0) return(-1); - } - - for (i=len; i >= 4; i-=4) - { - if ( (conv_ascii2bin(buf[0]) >= 0x40) || - (conv_ascii2bin(buf[1]) >= 0x40) || - (conv_ascii2bin(buf[2]) >= 0x40) || - (conv_ascii2bin(buf[3]) >= 0x40)) - return(-1); - buf+=4; - num+=1+(buf[2] != '=')+(buf[3] != '='); - } - if ((i == 1) && (conv_ascii2bin(buf[0]) == B64_EOLN)) - return(num); - if ((i == 2) && (conv_ascii2bin(buf[0]) == B64_EOLN) && - (conv_ascii2bin(buf[0]) == B64_EOLN)) - return(num); - return(1); - } -#endif + *outl = 0; + if (ctx->num != 0) { + i = EVP_DecodeBlock(out, ctx->enc_data, ctx->num); + if (i < 0) + return (-1); + ctx->num = 0; + *outl = i; + return (1); + } else + return (1); +} diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h index fb16de68528..f0b50b555e6 100644 --- a/src/lib/libcrypto/evp/evp.h +++ b/src/lib/libcrypto/evp/evp.h @@ -1,25 +1,25 @@ -/* crypto/evp/evp.h */ +/* $OpenBSD: evp.h,v 1.75 2019/03/17 18:17:44 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -59,18 +59,10 @@ #ifndef HEADER_ENVELOPE_H #define HEADER_ENVELOPE_H -#ifdef OPENSSL_ALGORITHM_DEFINES -# include -#else -# define OPENSSL_ALGORITHM_DEFINES -# include -# undef OPENSSL_ALGORITHM_DEFINES -#endif +#include #include -#include - #ifndef OPENSSL_NO_BIO #include #endif @@ -82,8 +74,8 @@ #define EVP_CAST5_KEY_SIZE 16 #define EVP_RC5_32_12_16_KEY_SIZE 16 */ -#define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */ -#define EVP_MAX_KEY_LENGTH 32 +#define EVP_MAX_MD_SIZE 64 /* longest known is SHA512 */ +#define EVP_MAX_KEY_LENGTH 64 #define EVP_MAX_IV_LENGTH 16 #define EVP_MAX_BLOCK_LENGTH 32 @@ -96,11 +88,13 @@ #define EVP_PK_RSA 0x0001 #define EVP_PK_DSA 0x0002 #define EVP_PK_DH 0x0004 +#define EVP_PK_EC 0x0008 #define EVP_PKT_SIGN 0x0010 #define EVP_PKT_ENC 0x0020 #define EVP_PKT_EXCH 0x0040 #define EVP_PKS_RSA 0x0100 #define EVP_PKS_DSA 0x0200 +#define EVP_PKS_EC 0x0400 #define EVP_PKT_EXP 0x1000 /* <= 512 bit key */ #define EVP_PKEY_NONE NID_undef @@ -112,6 +106,14 @@ #define EVP_PKEY_DSA3 NID_dsaWithSHA1 #define EVP_PKEY_DSA4 NID_dsaWithSHA1_2 #define EVP_PKEY_DH NID_dhKeyAgreement +#define EVP_PKEY_EC NID_X9_62_id_ecPublicKey +#define EVP_PKEY_GOSTR01 NID_id_GostR3410_2001 +#define EVP_PKEY_GOSTIMIT NID_id_Gost28147_89_MAC +#define EVP_PKEY_HMAC NID_hmac +#define EVP_PKEY_CMAC NID_cmac +#define EVP_PKEY_GOSTR12_256 NID_id_tc26_gost3410_2012_256 +#define EVP_PKEY_GOSTR12_512 NID_id_tc26_gost3410_2012_512 +#define EVP_PKEY_SM2 NID_sm2 #ifdef __cplusplus extern "C" { @@ -120,11 +122,12 @@ extern "C" { /* Type needs to be a bit field * Sub-type needs to be for variations on the method, as in, can it do * arbitrary encryption.... */ -struct evp_pkey_st - { +struct evp_pkey_st { int type; int save_type; int references; + const EVP_PKEY_ASN1_METHOD *ameth; + ENGINE *engine; union { char *ptr; #ifndef OPENSSL_NO_RSA @@ -136,123 +139,117 @@ struct evp_pkey_st #ifndef OPENSSL_NO_DH struct dh_st *dh; /* DH */ #endif - } pkey; +#ifndef OPENSSL_NO_EC + struct ec_key_st *ec; /* ECC */ +#endif +#ifndef OPENSSL_NO_GOST + struct gost_key_st *gost; /* GOST */ +#endif + } pkey; int save_parameters; STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ - } /* EVP_PKEY */; +} /* EVP_PKEY */; #define EVP_PKEY_MO_SIGN 0x0001 #define EVP_PKEY_MO_VERIFY 0x0002 #define EVP_PKEY_MO_ENCRYPT 0x0004 #define EVP_PKEY_MO_DECRYPT 0x0008 -#if 0 -/* This structure is required to tie the message digest and signing together. - * The lookup can be done by md/pkey_method, oid, oid/pkey_method, or - * oid, md and pkey. - * This is required because for various smart-card perform the digest and - * signing/verification on-board. To handle this case, the specific - * EVP_MD and EVP_PKEY_METHODs need to be closely associated. - * When a PKEY is created, it will have a EVP_PKEY_METHOD associated with it. - * This can either be software or a token to provide the required low level - * routines. - */ -typedef struct evp_pkey_md_st - { - int oid; - EVP_MD *md; - EVP_PKEY_METHOD *pkey; - } EVP_PKEY_MD; - -#define EVP_rsa_md2() \ - EVP_PKEY_MD_add(NID_md2WithRSAEncryption,\ - EVP_rsa_pkcs1(),EVP_md2()) -#define EVP_rsa_md5() \ - EVP_PKEY_MD_add(NID_md5WithRSAEncryption,\ - EVP_rsa_pkcs1(),EVP_md5()) -#define EVP_rsa_sha0() \ - EVP_PKEY_MD_add(NID_shaWithRSAEncryption,\ - EVP_rsa_pkcs1(),EVP_sha()) -#define EVP_rsa_sha1() \ - EVP_PKEY_MD_add(NID_sha1WithRSAEncryption,\ - EVP_rsa_pkcs1(),EVP_sha1()) -#define EVP_rsa_ripemd160() \ - EVP_PKEY_MD_add(NID_ripemd160WithRSA,\ - EVP_rsa_pkcs1(),EVP_ripemd160()) -#define EVP_rsa_mdc2() \ - EVP_PKEY_MD_add(NID_mdc2WithRSA,\ - EVP_rsa_octet_string(),EVP_mdc2()) -#define EVP_dsa_sha() \ - EVP_PKEY_MD_add(NID_dsaWithSHA,\ - EVP_dsa(),EVP_sha()) -#define EVP_dsa_sha1() \ - EVP_PKEY_MD_add(NID_dsaWithSHA1,\ - EVP_dsa(),EVP_sha1()) - -typedef struct evp_pkey_method_st - { - char *name; - int flags; - int type; /* RSA, DSA, an SSLeay specific constant */ - int oid; /* For the pub-key type */ - int encrypt_oid; /* pub/priv key encryption */ - - int (*sign)(); - int (*verify)(); - struct { - int (*set)(); /* get and/or set the underlying type */ - int (*get)(); - int (*encrypt)(); - int (*decrypt)(); - int (*i2d)(); - int (*d2i)(); - int (*dup)(); - } pub,priv; - int (*set_asn1_parameters)(); - int (*get_asn1_parameters)(); - } EVP_PKEY_METHOD; -#endif +typedef int evp_sign_method(int type, const unsigned char *m, + unsigned int m_length, unsigned char *sigret, unsigned int *siglen, + void *key); +typedef int evp_verify_method(int type, const unsigned char *m, + unsigned int m_length, const unsigned char *sigbuf, unsigned int siglen, + void *key); #ifndef EVP_MD -struct env_md_st - { +struct env_md_st { int type; int pkey_type; int md_size; unsigned long flags; int (*init)(EVP_MD_CTX *ctx); - int (*update)(EVP_MD_CTX *ctx,const void *data,unsigned long count); - int (*final)(EVP_MD_CTX *ctx,unsigned char *md); - int (*copy)(EVP_MD_CTX *to,const EVP_MD_CTX *from); + int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count); + int (*final)(EVP_MD_CTX *ctx, unsigned char *md); + int (*copy)(EVP_MD_CTX *to, const EVP_MD_CTX *from); int (*cleanup)(EVP_MD_CTX *ctx); - /* FIXME: prototype these some day */ - int (*sign)(); - int (*verify)(); + evp_sign_method *sign; + evp_verify_method *verify; int required_pkey_type[5]; /*EVP_PKEY_xxx */ int block_size; int ctx_size; /* how big does the ctx->md_data need to be */ - } /* EVP_MD */; + /* control function */ + int (*md_ctrl)(EVP_MD_CTX *ctx, int cmd, int p1, void *p2); +} /* EVP_MD */; #define EVP_MD_FLAG_ONESHOT 0x0001 /* digest can only handle a single * block */ +#define EVP_MD_FLAG_PKEY_DIGEST 0x0002 /* digest is a "clone" digest used + * which is a copy of an existing + * one for a specific public key type. + * EVP_dss1() etc */ + +/* Digest uses EVP_PKEY_METHOD for signing instead of MD specific signing */ + +#define EVP_MD_FLAG_PKEY_METHOD_SIGNATURE 0x0004 + +/* DigestAlgorithmIdentifier flags... */ + +#define EVP_MD_FLAG_DIGALGID_MASK 0x0018 + +/* NULL or absent parameter accepted. Use NULL */ + +#define EVP_MD_FLAG_DIGALGID_NULL 0x0000 + +/* NULL or absent parameter accepted. Use NULL for PKCS#1 otherwise absent */ + +#define EVP_MD_FLAG_DIGALGID_ABSENT 0x0008 + +/* Custom handling via ctrl */ + +#define EVP_MD_FLAG_DIGALGID_CUSTOM 0x0018 + +#define EVP_MD_FLAG_FIPS 0x0400 /* Note if suitable for use in FIPS mode */ + +/* Digest ctrls */ + +#define EVP_MD_CTRL_DIGALGID 0x1 +#define EVP_MD_CTRL_MICALG 0x2 +#define EVP_MD_CTRL_SET_KEY 0x3 +#define EVP_MD_CTRL_GOST_SET_SBOX 0x4 + +/* Minimum Algorithm specific ctrl value */ + +#define EVP_MD_CTRL_ALG_CTRL 0x1000 + #define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0} #ifndef OPENSSL_NO_DSA -#define EVP_PKEY_DSA_method DSA_sign,DSA_verify, \ +#define EVP_PKEY_DSA_method (evp_sign_method *)DSA_sign, \ + (evp_verify_method *)DSA_verify, \ {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3, \ EVP_PKEY_DSA4,0} #else #define EVP_PKEY_DSA_method EVP_PKEY_NULL_method #endif +#ifndef OPENSSL_NO_ECDSA +#define EVP_PKEY_ECDSA_method (evp_sign_method *)ECDSA_sign, \ + (evp_verify_method *)ECDSA_verify, \ + {EVP_PKEY_EC,0,0,0} +#else +#define EVP_PKEY_ECDSA_method EVP_PKEY_NULL_method +#endif + #ifndef OPENSSL_NO_RSA -#define EVP_PKEY_RSA_method RSA_sign,RSA_verify, \ +#define EVP_PKEY_RSA_method (evp_sign_method *)RSA_sign, \ + (evp_verify_method *)RSA_verify, \ {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} #define EVP_PKEY_RSA_ASN1_OCTET_STRING_method \ - RSA_sign_ASN1_OCTET_STRING, \ - RSA_verify_ASN1_OCTET_STRING, \ + (evp_sign_method *)RSA_sign_ASN1_OCTET_STRING, \ + (evp_verify_method *)RSA_verify_ASN1_OCTET_STRING, \ {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} #else #define EVP_PKEY_RSA_method EVP_PKEY_NULL_method @@ -261,13 +258,16 @@ struct env_md_st #endif /* !EVP_MD */ -struct env_md_ctx_st - { +struct env_md_ctx_st { const EVP_MD *digest; ENGINE *engine; /* functional reference if 'digest' is ENGINE-provided */ unsigned long flags; void *md_data; - } /* EVP_MD_CTX */; + /* Public key context for sign/verify */ + EVP_PKEY_CTX *pctx; + /* Update function: usually copied from EVP_MD */ + int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count); +} /* EVP_MD_CTX */; /* values for EVP_MD_CTX flags */ @@ -275,25 +275,43 @@ struct env_md_ctx_st * once only */ #define EVP_MD_CTX_FLAG_CLEANED 0x0002 /* context has already been * cleaned */ +#define EVP_MD_CTX_FLAG_REUSE 0x0004 /* Don't free up ctx->md_data + * in EVP_MD_CTX_cleanup */ +/* FIPS and pad options are ignored in 1.0.0, definitions are here + * so we don't accidentally reuse the values for other purposes. + */ + +#define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW 0x0008 /* Allow use of non FIPS digest + * in FIPS mode */ -struct evp_cipher_st - { +/* The following PAD options are also currently ignored in 1.0.0, digest + * parameters are handled through EVP_DigestSign*() and EVP_DigestVerify*() + * instead. + */ +#define EVP_MD_CTX_FLAG_PAD_MASK 0xF0 /* RSA mode to use */ +#define EVP_MD_CTX_FLAG_PAD_PKCS1 0x00 /* PKCS#1 v1.5 mode */ +#define EVP_MD_CTX_FLAG_PAD_X931 0x10 /* X9.31 mode */ +#define EVP_MD_CTX_FLAG_PAD_PSS 0x20 /* PSS mode */ + +#define EVP_MD_CTX_FLAG_NO_INIT 0x0100 /* Don't initialize md_data */ + +struct evp_cipher_st { int nid; int block_size; int key_len; /* Default value for variable length ciphers */ int iv_len; unsigned long flags; /* Various flags */ int (*init)(EVP_CIPHER_CTX *ctx, const unsigned char *key, - const unsigned char *iv, int enc); /* init key */ + const unsigned char *iv, int enc); /* init key */ int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out, - const unsigned char *in, unsigned int inl);/* encrypt/decrypt data */ + const unsigned char *in, size_t inl);/* encrypt/decrypt data */ int (*cleanup)(EVP_CIPHER_CTX *); /* cleanup ctx */ int ctx_size; /* how big ctx->cipher_data needs to be */ int (*set_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Populate a ASN1_TYPE with parameters */ int (*get_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Get parameters from a ASN1_TYPE */ int (*ctrl)(EVP_CIPHER_CTX *, int type, int arg, void *ptr); /* Miscellaneous operations */ void *app_data; /* Application data */ - } /* EVP_CIPHER */; +} /* EVP_CIPHER */; /* Values for cipher flags */ @@ -304,7 +322,12 @@ struct evp_cipher_st #define EVP_CIPH_CBC_MODE 0x2 #define EVP_CIPH_CFB_MODE 0x3 #define EVP_CIPH_OFB_MODE 0x4 -#define EVP_CIPH_MODE 0x7 +#define EVP_CIPH_CTR_MODE 0x5 +#define EVP_CIPH_GCM_MODE 0x6 +#define EVP_CIPH_CCM_MODE 0x7 +#define EVP_CIPH_XTS_MODE 0x10001 +#define EVP_CIPH_WRAP_MODE 0x10002 +#define EVP_CIPH_MODE 0xF0007 /* Set if variable length cipher */ #define EVP_CIPH_VARIABLE_LENGTH 0x8 /* Set if the iv handling should be done by the cipher itself */ @@ -317,6 +340,29 @@ struct evp_cipher_st #define EVP_CIPH_CUSTOM_KEY_LENGTH 0x80 /* Don't use standard block padding */ #define EVP_CIPH_NO_PADDING 0x100 +/* cipher handles random key generation */ +#define EVP_CIPH_RAND_KEY 0x200 +/* cipher has its own additional copying logic */ +#define EVP_CIPH_CUSTOM_COPY 0x400 +/* Allow use default ASN1 get/set iv */ +#define EVP_CIPH_FLAG_DEFAULT_ASN1 0x1000 +/* Buffer length in bits not bytes: CFB1 mode only */ +#define EVP_CIPH_FLAG_LENGTH_BITS 0x2000 +/* Note if suitable for use in FIPS mode */ +#define EVP_CIPH_FLAG_FIPS 0x4000 +/* Allow non FIPS cipher in FIPS mode */ +#define EVP_CIPH_FLAG_NON_FIPS_ALLOW 0x8000 +/* Cipher handles any and all padding logic as well + * as finalisation. + */ +#define EVP_CIPH_FLAG_CUSTOM_CIPHER 0x100000 +#define EVP_CIPH_FLAG_AEAD_CIPHER 0x200000 + +/* + * Cipher context flag to indicate that we can handle wrap mode: if allowed in + * older applications, it could overflow buffers. + */ +#define EVP_CIPHER_CTX_FLAG_WRAP_ALLOW 0x1 /* ctrl() values */ @@ -326,15 +372,45 @@ struct evp_cipher_st #define EVP_CTRL_SET_RC2_KEY_BITS 0x3 #define EVP_CTRL_GET_RC5_ROUNDS 0x4 #define EVP_CTRL_SET_RC5_ROUNDS 0x5 - -typedef struct evp_cipher_info_st - { +#define EVP_CTRL_RAND_KEY 0x6 +#define EVP_CTRL_PBE_PRF_NID 0x7 +#define EVP_CTRL_COPY 0x8 +#define EVP_CTRL_GCM_SET_IVLEN 0x9 +#define EVP_CTRL_GCM_GET_TAG 0x10 +#define EVP_CTRL_GCM_SET_TAG 0x11 +#define EVP_CTRL_GCM_SET_IV_FIXED 0x12 +#define EVP_CTRL_GCM_IV_GEN 0x13 +#define EVP_CTRL_CCM_SET_IVLEN EVP_CTRL_GCM_SET_IVLEN +#define EVP_CTRL_CCM_GET_TAG EVP_CTRL_GCM_GET_TAG +#define EVP_CTRL_CCM_SET_TAG EVP_CTRL_GCM_SET_TAG +#define EVP_CTRL_CCM_SET_L 0x14 +#define EVP_CTRL_CCM_SET_MSGLEN 0x15 +/* AEAD cipher deduces payload length and returns number of bytes + * required to store MAC and eventual padding. Subsequent call to + * EVP_Cipher even appends/verifies MAC. + */ +#define EVP_CTRL_AEAD_TLS1_AAD 0x16 +/* Used by composite AEAD ciphers, no-op in GCM, CCM... */ +#define EVP_CTRL_AEAD_SET_MAC_KEY 0x17 +/* Set the GCM invocation field, decrypt only */ +#define EVP_CTRL_GCM_SET_IV_INV 0x18 +/* Set the S-BOX NID for GOST ciphers */ +#define EVP_CTRL_GOST_SET_SBOX 0x19 + +/* GCM TLS constants */ +/* Length of fixed part of IV derived from PRF */ +#define EVP_GCM_TLS_FIXED_IV_LEN 4 +/* Length of explicit part of IV part of TLS records */ +#define EVP_GCM_TLS_EXPLICIT_IV_LEN 8 +/* Length of tag for TLS */ +#define EVP_GCM_TLS_TAG_LEN 16 + +typedef struct evp_cipher_info_st { const EVP_CIPHER *cipher; unsigned char iv[EVP_MAX_IV_LENGTH]; - } EVP_CIPHER_INFO; +} EVP_CIPHER_INFO; -struct evp_cipher_ctx_st - { +struct evp_cipher_ctx_st { const EVP_CIPHER *cipher; ENGINE *engine; /* functional reference if 'cipher' is ENGINE-provided */ int encrypt; /* encrypt or decrypt */ @@ -343,7 +419,7 @@ struct evp_cipher_ctx_st unsigned char oiv[EVP_MAX_IV_LENGTH]; /* original iv */ unsigned char iv[EVP_MAX_IV_LENGTH]; /* working iv */ unsigned char buf[EVP_MAX_BLOCK_LENGTH];/* saved partial block */ - int num; /* used by cfb/ofb mode */ + int num; /* used by cfb/ofb/ctr mode */ void *app_data; /* application stuff */ int key_len; /* May change for variable length cipher */ @@ -352,10 +428,9 @@ struct evp_cipher_ctx_st int final_used; int block_mask; unsigned char final[EVP_MAX_BLOCK_LENGTH];/* possible final block */ - } /* EVP_CIPHER_CTX */; +} /* EVP_CIPHER_CTX */; -typedef struct evp_Encode_Ctx_st - { +typedef struct evp_Encode_Ctx_st { int num; /* number saved in a partial encode/decode */ int length; /* The length is either the output line length * (in input bytes) or the shortest input line @@ -365,12 +440,11 @@ typedef struct evp_Encode_Ctx_st unsigned char enc_data[80]; /* data to encode */ int line_num; /* number read on current line */ int expect_nl; - } EVP_ENCODE_CTX; +} EVP_ENCODE_CTX; /* Password based encryption function */ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - ASN1_TYPE *param, const EVP_CIPHER *cipher, - const EVP_MD *md, int en_de); + ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de); #ifndef OPENSSL_NO_RSA #define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\ @@ -387,42 +461,59 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, (char *)(dh)) #endif +#ifndef OPENSSL_NO_EC +#define EVP_PKEY_assign_EC_KEY(pkey,eckey) EVP_PKEY_assign((pkey),EVP_PKEY_EC,\ + (char *)(eckey)) +#endif + +#ifndef OPENSSL_NO_GOST +#define EVP_PKEY_assign_GOST(pkey,gostkey) EVP_PKEY_assign((pkey),EVP_PKEY_GOSTR01,\ + (char *)(gostkey)) +#endif + /* Add some extra combinations */ #define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a)) #define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a)) #define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a)) #define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a)) -#define EVP_MD_type(e) ((e)->type) +int EVP_MD_type(const EVP_MD *md); #define EVP_MD_nid(e) EVP_MD_type(e) #define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_nid(e)) -#define EVP_MD_pkey_type(e) ((e)->pkey_type) -#define EVP_MD_size(e) ((e)->md_size) -#define EVP_MD_block_size(e) ((e)->block_size) +int EVP_MD_pkey_type(const EVP_MD *md); +int EVP_MD_size(const EVP_MD *md); +int EVP_MD_block_size(const EVP_MD *md); +unsigned long EVP_MD_flags(const EVP_MD *md); -#define EVP_MD_CTX_md(e) ((e)->digest) -#define EVP_MD_CTX_size(e) EVP_MD_size((e)->digest) -#define EVP_MD_CTX_block_size(e) EVP_MD_block_size((e)->digest) -#define EVP_MD_CTX_type(e) EVP_MD_type((e)->digest) +const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx); +#define EVP_MD_CTX_size(e) EVP_MD_size(EVP_MD_CTX_md(e)) +#define EVP_MD_CTX_block_size(e) EVP_MD_block_size(EVP_MD_CTX_md(e)) +#define EVP_MD_CTX_type(e) EVP_MD_type(EVP_MD_CTX_md(e)) -#define EVP_CIPHER_nid(e) ((e)->nid) +int EVP_CIPHER_nid(const EVP_CIPHER *cipher); #define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e)) -#define EVP_CIPHER_block_size(e) ((e)->block_size) -#define EVP_CIPHER_key_length(e) ((e)->key_len) -#define EVP_CIPHER_iv_length(e) ((e)->iv_len) -#define EVP_CIPHER_flags(e) ((e)->flags) -#define EVP_CIPHER_mode(e) (((e)->flags) & EVP_CIPH_MODE) - -#define EVP_CIPHER_CTX_cipher(e) ((e)->cipher) -#define EVP_CIPHER_CTX_nid(e) ((e)->cipher->nid) -#define EVP_CIPHER_CTX_block_size(e) ((e)->cipher->block_size) -#define EVP_CIPHER_CTX_key_length(e) ((e)->key_len) -#define EVP_CIPHER_CTX_iv_length(e) ((e)->cipher->iv_len) -#define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data) -#define EVP_CIPHER_CTX_set_app_data(e,d) ((e)->app_data=(char *)(d)) +int EVP_CIPHER_block_size(const EVP_CIPHER *cipher); +int EVP_CIPHER_key_length(const EVP_CIPHER *cipher); +int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher); +unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher); +#define EVP_CIPHER_mode(e) (EVP_CIPHER_flags(e) & EVP_CIPH_MODE) + +const EVP_CIPHER * EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx); +int EVP_CIPHER_CTX_get_iv(const EVP_CIPHER_CTX *ctx, + unsigned char *iv, size_t len); +int EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx, + const unsigned char *iv, size_t len); +int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in); +void * EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx); +void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data); #define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) -#define EVP_CIPHER_CTX_flags(e) ((e)->cipher->flags) -#define EVP_CIPHER_CTX_mode(e) ((e)->cipher->flags & EVP_CIPH_MODE) +unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx); +#define EVP_CIPHER_CTX_mode(e) (EVP_CIPHER_CTX_flags(e) & EVP_CIPH_MODE) #define EVP_ENCODE_LENGTH(l) (((l+2)/3*4)+(l/48+1)*2+80) #define EVP_DECODE_LENGTH(l) ((l+3)/4*3+80) @@ -434,19 +525,19 @@ typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, #define EVP_VerifyInit(a,b) EVP_DigestInit(a,b) #define EVP_VerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c) #define EVP_OpenUpdate(a,b,c,d,e) EVP_DecryptUpdate(a,b,c,d,e) -#define EVP_SealUpdate(a,b,c,d,e) EVP_EncryptUpdate(a,b,c,d,e) +#define EVP_SealUpdate(a,b,c,d,e) EVP_EncryptUpdate(a,b,c,d,e) +#define EVP_DigestSignUpdate(a,b,c) EVP_DigestUpdate(a,b,c) +#define EVP_DigestVerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c) -#ifdef CONST_STRICT -void BIO_set_md(BIO *,const EVP_MD *md); -#else -# define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,0,(char *)md) -#endif +#define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,0,(char *)md) #define BIO_get_md(b,mdp) BIO_ctrl(b,BIO_C_GET_MD,0,(char *)mdp) #define BIO_get_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_GET_MD_CTX,0,(char *)mdcp) +#define BIO_set_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_SET_MD_CTX,0,(char *)mdcp) #define BIO_get_cipher_status(b) BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL) #define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(char *)c_pp) -#define EVP_Cipher(c,o,i,l) (c)->cipher->do_cipher((c),(o),(i),(l)) +int EVP_Cipher(EVP_CIPHER_CTX *c, unsigned char *out, const unsigned char *in, + unsigned int inl); #define EVP_add_cipher_alias(n,alias) \ OBJ_NAME_add((alias),OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS,(n)) @@ -457,134 +548,186 @@ void BIO_set_md(BIO *,const EVP_MD *md); #define EVP_delete_digest_alias(alias) \ OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS); -void EVP_MD_CTX_init(EVP_MD_CTX *ctx); -int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx); +EVP_MD_CTX *EVP_MD_CTX_new(void); +void EVP_MD_CTX_free(EVP_MD_CTX *ctx); +void EVP_MD_CTX_init(EVP_MD_CTX *ctx); +int EVP_MD_CTX_reset(EVP_MD_CTX *ctx); EVP_MD_CTX *EVP_MD_CTX_create(void); -void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx); -int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in); -#define EVP_MD_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs)) -#define EVP_MD_CTX_clear_flags(ctx,flgs) ((ctx)->flags&=~(flgs)) -#define EVP_MD_CTX_test_flags(ctx,flgs) ((ctx)->flags&(flgs)) -int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); -int EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d, - unsigned int cnt); -int EVP_DigestFinal_ex(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s); -int EVP_Digest(void *data, unsigned int count, - unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl); - -int EVP_MD_CTX_copy(EVP_MD_CTX *out,const EVP_MD_CTX *in); -int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); -int EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s); - -int EVP_read_pw_string(char *buf,int length,const char *prompt,int verify); -void EVP_set_pw_prompt(char *prompt); -char * EVP_get_pw_prompt(void); - -int EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md, - const unsigned char *salt, const unsigned char *data, - int datal, int count, unsigned char *key,unsigned char *iv); - -int EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, - const unsigned char *key, const unsigned char *iv); -int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl, - const unsigned char *key, const unsigned char *iv); -int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, - int *outl, const unsigned char *in, int inl); -int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); -int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); - -int EVP_DecryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, - const unsigned char *key, const unsigned char *iv); -int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl, - const unsigned char *key, const unsigned char *iv); -int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, - int *outl, const unsigned char *in, int inl); -int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); -int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); - -int EVP_CipherInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, - const unsigned char *key,const unsigned char *iv, - int enc); -int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl, - const unsigned char *key,const unsigned char *iv, - int enc); -int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, - int *outl, const unsigned char *in, int inl); -int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); -int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); - -int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s, - EVP_PKEY *pkey); - -int EVP_VerifyFinal(EVP_MD_CTX *ctx,unsigned char *sigbuf, - unsigned int siglen,EVP_PKEY *pkey); - -int EVP_OpenInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,unsigned char *ek, - int ekl,unsigned char *iv,EVP_PKEY *priv); -int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); - -int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek, - int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk); -int EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl); - -void EVP_EncodeInit(EVP_ENCODE_CTX *ctx); -void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out, - int *outl,unsigned char *in,int inl); -void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl); -int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n); - -void EVP_DecodeInit(EVP_ENCODE_CTX *ctx); -int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl, - unsigned char *in, int inl); -int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned - char *out, int *outl); -int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n); +void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx); +int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx); +int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in); +void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags); +void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags); +int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int type, int arg, void *ptr); +int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags); + +int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); +int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt); +int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s); +int EVP_Digest(const void *data, size_t count, unsigned char *md, + unsigned int *size, const EVP_MD *type, ENGINE *impl); + +int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in); +int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); +int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s); + +int EVP_read_pw_string(char *buf, int length, const char *prompt, int verify); +int EVP_read_pw_string_min(char *buf, int minlen, int maxlen, + const char *prompt, int verify); +void EVP_set_pw_prompt(const char *prompt); +char *EVP_get_pw_prompt(void); + +int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, + const unsigned char *salt, const unsigned char *data, int datal, int count, + unsigned char *key, unsigned char *iv); + +void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags); +void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags); +int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags); + +int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv); +int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + ENGINE *impl, const unsigned char *key, const unsigned char *iv); +int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, + const unsigned char *in, int inl); +int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); +#ifndef LIBRESSL_INTERNAL +int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); +#endif + +int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv); +int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + ENGINE *impl, const unsigned char *key, const unsigned char *iv); +int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, + const unsigned char *in, int inl); +int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); +#ifndef LIBRESSL_INTERNAL +int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); +#endif + +int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv, int enc); +int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + ENGINE *impl, const unsigned char *key, const unsigned char *iv, int enc); +int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, + const unsigned char *in, int inl); +int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); +#ifndef LIBRESSL_INTERNAL +int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); +#endif + +int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s, + EVP_PKEY *pkey); + +int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, + unsigned int siglen, EVP_PKEY *pkey); + +int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); +int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen); + +int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, + const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey); +int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, + size_t siglen); + +int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, + const unsigned char *ek, int ekl, const unsigned char *iv, EVP_PKEY *priv); +int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); + +int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, + unsigned char **ek, int *ekl, unsigned char *iv, EVP_PKEY **pubk, + int npubk); +int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); + +EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void); +void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx); +void EVP_EncodeInit(EVP_ENCODE_CTX *ctx); +int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, + const unsigned char *in, int inl); +void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl); +int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n); + +void EVP_DecodeInit(EVP_ENCODE_CTX *ctx); +int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, + const unsigned char *in, int inl); +int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl); +int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n); void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a); int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a); +EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void); +void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *a); +int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *a); int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad); int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); +int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key); #ifndef OPENSSL_NO_BIO -BIO_METHOD *BIO_f_md(void); -BIO_METHOD *BIO_f_base64(void); -BIO_METHOD *BIO_f_cipher(void); -BIO_METHOD *BIO_f_reliable(void); -void BIO_set_cipher(BIO *b,const EVP_CIPHER *c,unsigned char *k, - unsigned char *i, int enc); +const BIO_METHOD *BIO_f_md(void); +const BIO_METHOD *BIO_f_base64(void); +const BIO_METHOD *BIO_f_cipher(void); +int BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k, + const unsigned char *i, int enc); #endif const EVP_MD *EVP_md_null(void); -#ifndef OPENSSL_NO_MD2 -const EVP_MD *EVP_md2(void); -#endif #ifndef OPENSSL_NO_MD4 const EVP_MD *EVP_md4(void); #endif #ifndef OPENSSL_NO_MD5 const EVP_MD *EVP_md5(void); +const EVP_MD *EVP_md5_sha1(void); #endif #ifndef OPENSSL_NO_SHA -const EVP_MD *EVP_sha(void); const EVP_MD *EVP_sha1(void); const EVP_MD *EVP_dss(void); const EVP_MD *EVP_dss1(void); +const EVP_MD *EVP_ecdsa(void); +#endif +#ifndef OPENSSL_NO_SHA256 +const EVP_MD *EVP_sha224(void); +const EVP_MD *EVP_sha256(void); #endif -#ifndef OPENSSL_NO_MDC2 -const EVP_MD *EVP_mdc2(void); +#ifndef OPENSSL_NO_SHA512 +const EVP_MD *EVP_sha384(void); +const EVP_MD *EVP_sha512(void); +#endif +#ifndef OPENSSL_NO_SM3 +const EVP_MD *EVP_sm3(void); #endif #ifndef OPENSSL_NO_RIPEMD const EVP_MD *EVP_ripemd160(void); #endif +#ifndef OPENSSL_NO_WHIRLPOOL +const EVP_MD *EVP_whirlpool(void); +#endif +#ifndef OPENSSL_NO_GOST +const EVP_MD *EVP_gostr341194(void); +const EVP_MD *EVP_gost2814789imit(void); +const EVP_MD *EVP_streebog256(void); +const EVP_MD *EVP_streebog512(void); +#endif const EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */ #ifndef OPENSSL_NO_DES const EVP_CIPHER *EVP_des_ecb(void); const EVP_CIPHER *EVP_des_ede(void); const EVP_CIPHER *EVP_des_ede3(void); -const EVP_CIPHER *EVP_des_cfb(void); -const EVP_CIPHER *EVP_des_ede_cfb(void); -const EVP_CIPHER *EVP_des_ede3_cfb(void); +const EVP_CIPHER *EVP_des_ede_ecb(void); +const EVP_CIPHER *EVP_des_ede3_ecb(void); +const EVP_CIPHER *EVP_des_cfb64(void); +# define EVP_des_cfb EVP_des_cfb64 +const EVP_CIPHER *EVP_des_cfb1(void); +const EVP_CIPHER *EVP_des_cfb8(void); +const EVP_CIPHER *EVP_des_ede_cfb64(void); +# define EVP_des_ede_cfb EVP_des_ede_cfb64 +const EVP_CIPHER *EVP_des_ede3_cfb64(void); +# define EVP_des_ede3_cfb EVP_des_ede3_cfb64 +const EVP_CIPHER *EVP_des_ede3_cfb1(void); +const EVP_CIPHER *EVP_des_ede3_cfb8(void); const EVP_CIPHER *EVP_des_ofb(void); const EVP_CIPHER *EVP_des_ede_ofb(void); const EVP_CIPHER *EVP_des_ede3_ofb(void); @@ -592,23 +735,18 @@ const EVP_CIPHER *EVP_des_cbc(void); const EVP_CIPHER *EVP_des_ede_cbc(void); const EVP_CIPHER *EVP_des_ede3_cbc(void); const EVP_CIPHER *EVP_desx_cbc(void); -/* This should now be supported through the dev_crypto ENGINE. But also, why are - * rc4 and md5 declarations made here inside a "NO_DES" precompiler branch? */ -#if 0 -# ifdef OPENSSL_OPENBSD_DEV_CRYPTO -const EVP_CIPHER *EVP_dev_crypto_des_ede3_cbc(void); -const EVP_CIPHER *EVP_dev_crypto_rc4(void); -const EVP_MD *EVP_dev_crypto_md5(void); -# endif -#endif #endif #ifndef OPENSSL_NO_RC4 const EVP_CIPHER *EVP_rc4(void); const EVP_CIPHER *EVP_rc4_40(void); +#ifndef OPENSSL_NO_MD5 +const EVP_CIPHER *EVP_rc4_hmac_md5(void); +#endif #endif #ifndef OPENSSL_NO_IDEA const EVP_CIPHER *EVP_idea_ecb(void); -const EVP_CIPHER *EVP_idea_cfb(void); +const EVP_CIPHER *EVP_idea_cfb64(void); +# define EVP_idea_cfb EVP_idea_cfb64 const EVP_CIPHER *EVP_idea_ofb(void); const EVP_CIPHER *EVP_idea_cbc(void); #endif @@ -617,64 +755,120 @@ const EVP_CIPHER *EVP_rc2_ecb(void); const EVP_CIPHER *EVP_rc2_cbc(void); const EVP_CIPHER *EVP_rc2_40_cbc(void); const EVP_CIPHER *EVP_rc2_64_cbc(void); -const EVP_CIPHER *EVP_rc2_cfb(void); +const EVP_CIPHER *EVP_rc2_cfb64(void); +# define EVP_rc2_cfb EVP_rc2_cfb64 const EVP_CIPHER *EVP_rc2_ofb(void); #endif #ifndef OPENSSL_NO_BF const EVP_CIPHER *EVP_bf_ecb(void); const EVP_CIPHER *EVP_bf_cbc(void); -const EVP_CIPHER *EVP_bf_cfb(void); +const EVP_CIPHER *EVP_bf_cfb64(void); +# define EVP_bf_cfb EVP_bf_cfb64 const EVP_CIPHER *EVP_bf_ofb(void); #endif #ifndef OPENSSL_NO_CAST const EVP_CIPHER *EVP_cast5_ecb(void); const EVP_CIPHER *EVP_cast5_cbc(void); -const EVP_CIPHER *EVP_cast5_cfb(void); +const EVP_CIPHER *EVP_cast5_cfb64(void); +# define EVP_cast5_cfb EVP_cast5_cfb64 const EVP_CIPHER *EVP_cast5_ofb(void); #endif -#ifndef OPENSSL_NO_RC5 -const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void); -const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void); -const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void); -const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void); -#endif #ifndef OPENSSL_NO_AES const EVP_CIPHER *EVP_aes_128_ecb(void); const EVP_CIPHER *EVP_aes_128_cbc(void); -const EVP_CIPHER *EVP_aes_128_cfb(void); +const EVP_CIPHER *EVP_aes_128_cfb1(void); +const EVP_CIPHER *EVP_aes_128_cfb8(void); +const EVP_CIPHER *EVP_aes_128_cfb128(void); +# define EVP_aes_128_cfb EVP_aes_128_cfb128 const EVP_CIPHER *EVP_aes_128_ofb(void); -#if 0 const EVP_CIPHER *EVP_aes_128_ctr(void); -#endif +const EVP_CIPHER *EVP_aes_128_ccm(void); +const EVP_CIPHER *EVP_aes_128_gcm(void); +const EVP_CIPHER *EVP_aes_128_wrap(void); +const EVP_CIPHER *EVP_aes_128_xts(void); const EVP_CIPHER *EVP_aes_192_ecb(void); const EVP_CIPHER *EVP_aes_192_cbc(void); -const EVP_CIPHER *EVP_aes_192_cfb(void); +const EVP_CIPHER *EVP_aes_192_cfb1(void); +const EVP_CIPHER *EVP_aes_192_cfb8(void); +const EVP_CIPHER *EVP_aes_192_cfb128(void); +# define EVP_aes_192_cfb EVP_aes_192_cfb128 const EVP_CIPHER *EVP_aes_192_ofb(void); -#if 0 const EVP_CIPHER *EVP_aes_192_ctr(void); -#endif +const EVP_CIPHER *EVP_aes_192_ccm(void); +const EVP_CIPHER *EVP_aes_192_gcm(void); +const EVP_CIPHER *EVP_aes_192_wrap(void); const EVP_CIPHER *EVP_aes_256_ecb(void); const EVP_CIPHER *EVP_aes_256_cbc(void); -const EVP_CIPHER *EVP_aes_256_cfb(void); +const EVP_CIPHER *EVP_aes_256_cfb1(void); +const EVP_CIPHER *EVP_aes_256_cfb8(void); +const EVP_CIPHER *EVP_aes_256_cfb128(void); +# define EVP_aes_256_cfb EVP_aes_256_cfb128 const EVP_CIPHER *EVP_aes_256_ofb(void); -#if 0 const EVP_CIPHER *EVP_aes_256_ctr(void); +const EVP_CIPHER *EVP_aes_256_ccm(void); +const EVP_CIPHER *EVP_aes_256_gcm(void); +const EVP_CIPHER *EVP_aes_256_wrap(void); +const EVP_CIPHER *EVP_aes_256_xts(void); +#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) +const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void); +const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void); #endif #endif +#ifndef OPENSSL_NO_CAMELLIA +const EVP_CIPHER *EVP_camellia_128_ecb(void); +const EVP_CIPHER *EVP_camellia_128_cbc(void); +const EVP_CIPHER *EVP_camellia_128_cfb1(void); +const EVP_CIPHER *EVP_camellia_128_cfb8(void); +const EVP_CIPHER *EVP_camellia_128_cfb128(void); +# define EVP_camellia_128_cfb EVP_camellia_128_cfb128 +const EVP_CIPHER *EVP_camellia_128_ofb(void); +const EVP_CIPHER *EVP_camellia_192_ecb(void); +const EVP_CIPHER *EVP_camellia_192_cbc(void); +const EVP_CIPHER *EVP_camellia_192_cfb1(void); +const EVP_CIPHER *EVP_camellia_192_cfb8(void); +const EVP_CIPHER *EVP_camellia_192_cfb128(void); +# define EVP_camellia_192_cfb EVP_camellia_192_cfb128 +const EVP_CIPHER *EVP_camellia_192_ofb(void); +const EVP_CIPHER *EVP_camellia_256_ecb(void); +const EVP_CIPHER *EVP_camellia_256_cbc(void); +const EVP_CIPHER *EVP_camellia_256_cfb1(void); +const EVP_CIPHER *EVP_camellia_256_cfb8(void); +const EVP_CIPHER *EVP_camellia_256_cfb128(void); +# define EVP_camellia_256_cfb EVP_camellia_256_cfb128 +const EVP_CIPHER *EVP_camellia_256_ofb(void); +#endif + +#ifndef OPENSSL_NO_CHACHA +const EVP_CIPHER *EVP_chacha20(void); +#endif + +#ifndef OPENSSL_NO_GOST +const EVP_CIPHER *EVP_gost2814789_ecb(void); +const EVP_CIPHER *EVP_gost2814789_cfb64(void); +const EVP_CIPHER *EVP_gost2814789_cnt(void); +#endif + +#ifndef OPENSSL_NO_SM4 +const EVP_CIPHER *EVP_sm4_ecb(void); +const EVP_CIPHER *EVP_sm4_cbc(void); +const EVP_CIPHER *EVP_sm4_cfb128(void); +#define EVP_sm4_cfb EVP_sm4_cfb128 +const EVP_CIPHER *EVP_sm4_ofb(void); +const EVP_CIPHER *EVP_sm4_ctr(void); +#endif void OPENSSL_add_all_algorithms_noconf(void); void OPENSSL_add_all_algorithms_conf(void); #ifdef OPENSSL_LOAD_CONF -#define OpenSSL_add_all_algorithms() \ - OPENSSL_add_all_algorithms_conf() +#define OpenSSL_add_all_algorithms() OPENSSL_add_all_algorithms_conf() #else -#define OpenSSL_add_all_algorithms() \ - OPENSSL_add_all_algorithms_noconf() +#define OpenSSL_add_all_algorithms() OPENSSL_add_all_algorithms_noconf() #endif void OpenSSL_add_all_ciphers(void); void OpenSSL_add_all_digests(void); + #define SSLeay_add_all_algorithms() OpenSSL_add_all_algorithms() #define SSLeay_add_all_ciphers() OpenSSL_add_all_ciphers() #define SSLeay_add_all_digests() OpenSSL_add_all_digests() @@ -686,48 +880,89 @@ const EVP_CIPHER *EVP_get_cipherbyname(const char *name); const EVP_MD *EVP_get_digestbyname(const char *name); void EVP_cleanup(void); -int EVP_PKEY_decrypt(unsigned char *dec_key,unsigned char *enc_key, - int enc_key_len,EVP_PKEY *private_key); -int EVP_PKEY_encrypt(unsigned char *enc_key, - unsigned char *key,int key_len,EVP_PKEY *pub_key); -int EVP_PKEY_type(int type); -int EVP_PKEY_bits(EVP_PKEY *pkey); -int EVP_PKEY_size(EVP_PKEY *pkey); -int EVP_PKEY_assign(EVP_PKEY *pkey,int type,char *key); +void EVP_CIPHER_do_all(void (*fn)(const EVP_CIPHER *ciph, const char *from, + const char *to, void *x), void *arg); +void EVP_CIPHER_do_all_sorted(void (*fn)(const EVP_CIPHER *ciph, + const char *from, const char *to, void *x), void *arg); + +void EVP_MD_do_all(void (*fn)(const EVP_MD *ciph, const char *from, + const char *to, void *x), void *arg); +void EVP_MD_do_all_sorted(void (*fn)(const EVP_MD *ciph, const char *from, + const char *to, void *x), void *arg); + +int EVP_PKEY_decrypt_old(unsigned char *dec_key, const unsigned char *enc_key, + int enc_key_len, EVP_PKEY *private_key); +int EVP_PKEY_encrypt_old(unsigned char *enc_key, const unsigned char *key, + int key_len, EVP_PKEY *pub_key); +int EVP_PKEY_type(int type); +int EVP_PKEY_id(const EVP_PKEY *pkey); +int EVP_PKEY_base_id(const EVP_PKEY *pkey); +int EVP_PKEY_bits(const EVP_PKEY *pkey); +int EVP_PKEY_size(const EVP_PKEY *pkey); +int EVP_PKEY_set_type(EVP_PKEY *pkey, int type); +int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len); +int EVP_PKEY_set_alias_type(EVP_PKEY *pkey, int type); +int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key); +void *EVP_PKEY_get0(const EVP_PKEY *pkey); +const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len); #ifndef OPENSSL_NO_RSA struct rsa_st; -int EVP_PKEY_set1_RSA(EVP_PKEY *pkey,struct rsa_st *key); +struct rsa_st *EVP_PKEY_get0_RSA(EVP_PKEY *pkey); struct rsa_st *EVP_PKEY_get1_RSA(EVP_PKEY *pkey); +int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, struct rsa_st *key); #endif #ifndef OPENSSL_NO_DSA struct dsa_st; -int EVP_PKEY_set1_DSA(EVP_PKEY *pkey,struct dsa_st *key); +struct dsa_st *EVP_PKEY_get0_DSA(EVP_PKEY *pkey); struct dsa_st *EVP_PKEY_get1_DSA(EVP_PKEY *pkey); +int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, struct dsa_st *key); #endif #ifndef OPENSSL_NO_DH struct dh_st; -int EVP_PKEY_set1_DH(EVP_PKEY *pkey,struct dh_st *key); +struct dh_st *EVP_PKEY_get0_DH(EVP_PKEY *pkey); struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey); +int EVP_PKEY_set1_DH(EVP_PKEY *pkey, struct dh_st *key); +#endif +#ifndef OPENSSL_NO_EC +struct ec_key_st; +struct ec_key_st *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey); +struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey); +int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, struct ec_key_st *key); #endif +#ifndef OPENSSL_NO_GOST +struct gost_key_st; +#endif + +EVP_PKEY *EVP_PKEY_new(void); +void EVP_PKEY_free(EVP_PKEY *pkey); +int EVP_PKEY_up_ref(EVP_PKEY *pkey); + +EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, + long length); +int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp); +EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, + long length); +EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, + long length); +int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp); -EVP_PKEY * EVP_PKEY_new(void); -void EVP_PKEY_free(EVP_PKEY *pkey); -EVP_PKEY * d2i_PublicKey(int type,EVP_PKEY **a, unsigned char **pp, - long length); -int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp); +int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from); +int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey); +int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode); +int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b); -EVP_PKEY * d2i_PrivateKey(int type,EVP_PKEY **a, unsigned char **pp, - long length); -EVP_PKEY * d2i_AutoPrivateKey(EVP_PKEY **a, unsigned char **pp, - long length); -int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp); +int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b); -int EVP_PKEY_copy_parameters(EVP_PKEY *to,EVP_PKEY *from); -int EVP_PKEY_missing_parameters(EVP_PKEY *pkey); -int EVP_PKEY_save_parameters(EVP_PKEY *pkey,int mode); -int EVP_PKEY_cmp_parameters(EVP_PKEY *a,EVP_PKEY *b); +int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *pctx); +int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *pctx); +int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *pctx); + +int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid); int EVP_CIPHER_type(const EVP_CIPHER *ctx); @@ -736,28 +971,395 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type); int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type); /* These are used by EVP_CIPHER methods */ -int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c,ASN1_TYPE *type); -int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c,ASN1_TYPE *type); +int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type); +int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type); /* PKCS5 password based encryption */ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, - int en_de); + ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de); int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, - unsigned char *salt, int saltlen, int iter, - int keylen, unsigned char *out); + const unsigned char *salt, int saltlen, int iter, int keylen, + unsigned char *out); +int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, const unsigned char *salt, + int saltlen, int iter, const EVP_MD *digest, int keylen, + unsigned char *out); int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, - int en_de); + ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, + int en_de); void PKCS5_PBE_add(void); int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen, - ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de); + ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de); + +/* PBE type */ + +/* Can appear as the outermost AlgorithmIdentifier */ +#define EVP_PBE_TYPE_OUTER 0x0 +/* Is an PRF type OID */ +#define EVP_PBE_TYPE_PRF 0x1 + +int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, int md_nid, + EVP_PBE_KEYGEN *keygen); int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, - EVP_PBE_KEYGEN *keygen); + EVP_PBE_KEYGEN *keygen); +int EVP_PBE_find(int type, int pbe_nid, int *pcnid, int *pmnid, + EVP_PBE_KEYGEN **pkeygen); void EVP_PBE_cleanup(void); +#define ASN1_PKEY_ALIAS 0x1 +#define ASN1_PKEY_DYNAMIC 0x2 +#define ASN1_PKEY_SIGPARAM_NULL 0x4 + +#define ASN1_PKEY_CTRL_PKCS7_SIGN 0x1 +#define ASN1_PKEY_CTRL_PKCS7_ENCRYPT 0x2 +#define ASN1_PKEY_CTRL_DEFAULT_MD_NID 0x3 +#define ASN1_PKEY_CTRL_CMS_SIGN 0x5 +#define ASN1_PKEY_CTRL_CMS_ENVELOPE 0x7 + +int EVP_PKEY_asn1_get_count(void); +const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx); +const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type); +const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe, + const char *str, int len); +int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth); +int EVP_PKEY_asn1_add_alias(int to, int from); +int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *pkey_base_id, int *ppkey_flags, + const char **pinfo, const char **ppem_str, + const EVP_PKEY_ASN1_METHOD *ameth); + +const EVP_PKEY_ASN1_METHOD* EVP_PKEY_get0_asn1(const EVP_PKEY *pkey); +EVP_PKEY_ASN1_METHOD* EVP_PKEY_asn1_new(int id, int flags, const char *pem_str, + const char *info); +void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst, + const EVP_PKEY_ASN1_METHOD *src); +void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth); +void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth, + int (*pub_decode)(EVP_PKEY *pk, X509_PUBKEY *pub), + int (*pub_encode)(X509_PUBKEY *pub, const EVP_PKEY *pk), + int (*pub_cmp)(const EVP_PKEY *a, const EVP_PKEY *b), + int (*pub_print)(BIO *out, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *pctx), + int (*pkey_size)(const EVP_PKEY *pk), + int (*pkey_bits)(const EVP_PKEY *pk)); +void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth, + int (*priv_decode)(EVP_PKEY *pk, const PKCS8_PRIV_KEY_INFO *p8inf), + int (*priv_encode)(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk), + int (*priv_print)(BIO *out, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *pctx)); +void EVP_PKEY_asn1_set_param(EVP_PKEY_ASN1_METHOD *ameth, + int (*param_decode)(EVP_PKEY *pkey, const unsigned char **pder, int derlen), + int (*param_encode)(const EVP_PKEY *pkey, unsigned char **pder), + int (*param_missing)(const EVP_PKEY *pk), + int (*param_copy)(EVP_PKEY *to, const EVP_PKEY *from), + int (*param_cmp)(const EVP_PKEY *a, const EVP_PKEY *b), + int (*param_print)(BIO *out, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *pctx)); + +void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth, + void (*pkey_free)(EVP_PKEY *pkey)); +void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth, + int (*pkey_ctrl)(EVP_PKEY *pkey, int op, long arg1, void *arg2)); + +#define EVP_PKEY_OP_UNDEFINED 0 +#define EVP_PKEY_OP_PARAMGEN (1<<1) +#define EVP_PKEY_OP_KEYGEN (1<<2) +#define EVP_PKEY_OP_SIGN (1<<3) +#define EVP_PKEY_OP_VERIFY (1<<4) +#define EVP_PKEY_OP_VERIFYRECOVER (1<<5) +#define EVP_PKEY_OP_SIGNCTX (1<<6) +#define EVP_PKEY_OP_VERIFYCTX (1<<7) +#define EVP_PKEY_OP_ENCRYPT (1<<8) +#define EVP_PKEY_OP_DECRYPT (1<<9) +#define EVP_PKEY_OP_DERIVE (1<<10) + +#define EVP_PKEY_OP_TYPE_SIG \ + (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY | EVP_PKEY_OP_VERIFYRECOVER \ + | EVP_PKEY_OP_SIGNCTX | EVP_PKEY_OP_VERIFYCTX) + +#define EVP_PKEY_OP_TYPE_CRYPT \ + (EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT) + +#define EVP_PKEY_OP_TYPE_NOGEN \ + (EVP_PKEY_OP_SIG | EVP_PKEY_OP_CRYPT | EVP_PKEY_OP_DERIVE) + +#define EVP_PKEY_OP_TYPE_GEN \ + (EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN) + +#define EVP_PKEY_CTX_set_signature_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, \ + EVP_PKEY_CTRL_MD, 0, (void *)md) + +#define EVP_PKEY_CTRL_MD 1 +#define EVP_PKEY_CTRL_PEER_KEY 2 + +#define EVP_PKEY_CTRL_PKCS7_ENCRYPT 3 +#define EVP_PKEY_CTRL_PKCS7_DECRYPT 4 + +#define EVP_PKEY_CTRL_PKCS7_SIGN 5 + +#define EVP_PKEY_CTRL_SET_MAC_KEY 6 + +#define EVP_PKEY_CTRL_DIGESTINIT 7 + +/* Used by GOST key encryption in TLS */ +#define EVP_PKEY_CTRL_SET_IV 8 + +#define EVP_PKEY_CTRL_CMS_ENCRYPT 9 +#define EVP_PKEY_CTRL_CMS_DECRYPT 10 +#define EVP_PKEY_CTRL_CMS_SIGN 11 + +#define EVP_PKEY_CTRL_CIPHER 12 + +#define EVP_PKEY_ALG_CTRL 0x1000 + + +#define EVP_PKEY_FLAG_AUTOARGLEN 2 +/* Method handles all operations: don't assume any digest related + * defaults. + */ +#define EVP_PKEY_FLAG_SIGCTX_CUSTOM 4 + +const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type); +EVP_PKEY_METHOD* EVP_PKEY_meth_new(int id, int flags); +void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags, + const EVP_PKEY_METHOD *meth); +void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src); +void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth); +int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth); + +EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e); +EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e); +EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *ctx); +void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx); + +int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, int cmd, + int p1, void *p2); +int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, + const char *value); + +int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx); +void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen); + +EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, const unsigned char *key, + int keylen); + +void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data); +void *EVP_PKEY_CTX_get_data(EVP_PKEY_CTX *ctx); +EVP_PKEY *EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx); + +EVP_PKEY *EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX *ctx); + +void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data); +void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx); + +int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen); +int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen); +int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, unsigned char *rout, + size_t *routlen, const unsigned char *sig, size_t siglen); +int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen); +int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen); + +int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer); +int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); + +typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx); + +int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); +int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx); +int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); + +void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb); +EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx); + +int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx); + +void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth, + int (*init)(EVP_PKEY_CTX *ctx)); + +void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth, + int (*copy)(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)); + +void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth, + void (*cleanup)(EVP_PKEY_CTX *ctx)); + +void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth, + int (*paramgen_init)(EVP_PKEY_CTX *ctx), + int (*paramgen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)); + +void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth, + int (*keygen_init)(EVP_PKEY_CTX *ctx), + int (*keygen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)); + +void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth, + int (*sign_init)(EVP_PKEY_CTX *ctx), + int (*sign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen)); + +void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth, + int (*verify_init)(EVP_PKEY_CTX *ctx), + int (*verify)(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen)); + +void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth, + int (*verify_recover_init)(EVP_PKEY_CTX *ctx), + int (*verify_recover)(EVP_PKEY_CTX *ctx, unsigned char *sig, + size_t *siglen, const unsigned char *tbs, size_t tbslen)); + +void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth, + int (*signctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx), + int (*signctx)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + EVP_MD_CTX *mctx)); + +void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth, + int (*verifyctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx), + int (*verifyctx)(EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen, + EVP_MD_CTX *mctx)); + +void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth, + int (*encrypt_init)(EVP_PKEY_CTX *ctx), + int (*encryptfn)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen)); + +void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth, + int (*decrypt_init)(EVP_PKEY_CTX *ctx), + int (*decrypt)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen)); + +void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth, + int (*derive_init)(EVP_PKEY_CTX *ctx), + int (*derive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)); + +void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, + int (*ctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2), + int (*ctrl_str)(EVP_PKEY_CTX *ctx, const char *type, const char *value)); + +/* Authenticated Encryption with Additional Data. + * + * AEAD couples confidentiality and integrity in a single primtive. AEAD + * algorithms take a key and then can seal and open individual messages. Each + * message has a unique, per-message nonce and, optionally, additional data + * which is authenticated but not included in the output. */ + +struct evp_aead_st; +typedef struct evp_aead_st EVP_AEAD; + +#ifndef OPENSSL_NO_AES +/* EVP_aes_128_gcm is AES-128 in Galois Counter Mode. */ +const EVP_AEAD *EVP_aead_aes_128_gcm(void); +/* EVP_aes_256_gcm is AES-256 in Galois Counter Mode. */ +const EVP_AEAD *EVP_aead_aes_256_gcm(void); +#endif + +#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) +/* EVP_aead_chacha20_poly1305 is ChaCha20 with a Poly1305 authenticator. */ +const EVP_AEAD *EVP_aead_chacha20_poly1305(void); +/* EVP_aead_xchacha20_poly1305 is XChaCha20 with a Poly1305 authenticator. */ +const EVP_AEAD *EVP_aead_xchacha20_poly1305(void); +#endif + +/* EVP_AEAD_key_length returns the length of the keys used. */ +size_t EVP_AEAD_key_length(const EVP_AEAD *aead); + +/* EVP_AEAD_nonce_length returns the length of the per-message nonce. */ +size_t EVP_AEAD_nonce_length(const EVP_AEAD *aead); + +/* EVP_AEAD_max_overhead returns the maximum number of additional bytes added + * by the act of sealing data with the AEAD. */ +size_t EVP_AEAD_max_overhead(const EVP_AEAD *aead); + +/* EVP_AEAD_max_tag_len returns the maximum tag length when using this AEAD. + * This * is the largest value that can be passed as a tag length to + * EVP_AEAD_CTX_init. */ +size_t EVP_AEAD_max_tag_len(const EVP_AEAD *aead); + +/* An EVP_AEAD_CTX represents an AEAD algorithm configured with a specific key + * and message-independent IV. */ +typedef struct evp_aead_ctx_st { + const EVP_AEAD *aead; + /* aead_state is an opaque pointer to the AEAD specific state. */ + void *aead_state; +} EVP_AEAD_CTX; + +/* EVP_AEAD_MAX_TAG_LENGTH is the maximum tag length used by any AEAD + * defined in this header. */ +#define EVP_AEAD_MAX_TAG_LENGTH 16 + +/* EVP_AEAD_DEFAULT_TAG_LENGTH is a magic value that can be passed to + * EVP_AEAD_CTX_init to indicate that the default tag length for an AEAD + * should be used. */ +#define EVP_AEAD_DEFAULT_TAG_LENGTH 0 + +/* EVP_AEAD_init initializes the context for the given AEAD algorithm. + * The implementation argument may be NULL to choose the default implementation. + * Authentication tags may be truncated by passing a tag length. A tag length + * of zero indicates the default tag length should be used. */ +int EVP_AEAD_CTX_init(EVP_AEAD_CTX *ctx, const EVP_AEAD *aead, + const unsigned char *key, size_t key_len, size_t tag_len, ENGINE *impl); + +/* EVP_AEAD_CTX_cleanup frees any data allocated for this context. */ +void EVP_AEAD_CTX_cleanup(EVP_AEAD_CTX *ctx); + +/* EVP_AEAD_CTX_seal encrypts and authenticates the input and authenticates + * any additional data (AD), the result being written as output. One is + * returned on success, otherwise zero. + * + * This function may be called (with the same EVP_AEAD_CTX) concurrently with + * itself or EVP_AEAD_CTX_open. + * + * At most max_out_len bytes are written as output and, in order to ensure + * success, this value should be the length of the input plus the result of + * EVP_AEAD_overhead. On successful return, out_len is set to the actual + * number of bytes written. + * + * The length of the nonce is must be equal to the result of + * EVP_AEAD_nonce_length for this AEAD. + * + * EVP_AEAD_CTX_seal never results in a partial output. If max_out_len is + * insufficient, zero will be returned and out_len will be set to zero. + * + * If the input and output are aliased then out must be <= in. */ +int EVP_AEAD_CTX_seal(const EVP_AEAD_CTX *ctx, unsigned char *out, + size_t *out_len, size_t max_out_len, const unsigned char *nonce, + size_t nonce_len, const unsigned char *in, size_t in_len, + const unsigned char *ad, size_t ad_len); + +/* EVP_AEAD_CTX_open authenticates the input and additional data, decrypting + * the input and writing it as output. One is returned on success, otherwise + * zero. + * + * This function may be called (with the same EVP_AEAD_CTX) concurrently with + * itself or EVP_AEAD_CTX_seal. + * + * At most the number of input bytes are written as output. In order to ensure + * success, max_out_len should be at least the same as the input length. On + * successful return out_len is set to the actual number of bytes written. + * + * The length of nonce must be equal to the result of EVP_AEAD_nonce_length + * for this AEAD. + * + * EVP_AEAD_CTX_open never results in a partial output. If max_out_len is + * insufficient, zero will be returned and out_len will be set to zero. + * + * If the input and output are aliased then out must be <= in. */ +int EVP_AEAD_CTX_open(const EVP_AEAD_CTX *ctx, unsigned char *out, + size_t *out_len, size_t max_out_len, const unsigned char *nonce, + size_t nonce_len, const unsigned char *in, size_t in_len, + const unsigned char *ad, size_t ad_len); + +void EVP_add_alg_module(void); + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. @@ -767,73 +1369,175 @@ void ERR_load_EVP_strings(void); /* Error codes for the EVP functions. */ /* Function codes. */ +#define EVP_F_AEAD_AES_GCM_INIT 187 +#define EVP_F_AEAD_AES_GCM_OPEN 188 +#define EVP_F_AEAD_AES_GCM_SEAL 189 +#define EVP_F_AEAD_CHACHA20_POLY1305_INIT 192 +#define EVP_F_AEAD_CHACHA20_POLY1305_OPEN 193 +#define EVP_F_AEAD_CHACHA20_POLY1305_SEAL 194 +#define EVP_F_AEAD_CTX_OPEN 185 +#define EVP_F_AEAD_CTX_SEAL 186 +#define EVP_F_AESNI_INIT_KEY 165 +#define EVP_F_AESNI_XTS_CIPHER 176 +#define EVP_F_AES_INIT_KEY 133 +#define EVP_F_AES_XTS 172 +#define EVP_F_AES_XTS_CIPHER 175 +#define EVP_F_ALG_MODULE_INIT 177 +#define EVP_F_CAMELLIA_INIT_KEY 159 +#define EVP_F_CMAC_INIT 173 #define EVP_F_D2I_PKEY 100 -#define EVP_F_EVP_CIPHERINIT 123 +#define EVP_F_DO_SIGVER_INIT 161 +#define EVP_F_DSAPKEY2PKCS8 134 +#define EVP_F_DSA_PKEY2PKCS8 135 +#define EVP_F_ECDSA_PKEY2PKCS8 129 +#define EVP_F_ECKEY_PKEY2PKCS8 132 +#define EVP_F_EVP_AEAD_CTX_INIT 180 +#define EVP_F_EVP_AEAD_CTX_OPEN 190 +#define EVP_F_EVP_AEAD_CTX_SEAL 191 +#define EVP_F_EVP_BYTESTOKEY 200 +#define EVP_F_EVP_CIPHERINIT_EX 123 +#define EVP_F_EVP_CIPHER_CTX_COPY 163 #define EVP_F_EVP_CIPHER_CTX_CTRL 124 #define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122 -#define EVP_F_EVP_DECRYPTFINAL 101 -#define EVP_F_EVP_DIGESTINIT 128 -#define EVP_F_EVP_ENCRYPTFINAL 127 -#define EVP_F_EVP_MD_CTX_COPY 110 +#define EVP_F_EVP_CIPHER_GET_ASN1_IV 201 +#define EVP_F_EVP_CIPHER_SET_ASN1_IV 202 +#define EVP_F_EVP_DECRYPTFINAL_EX 101 +#define EVP_F_EVP_DECRYPTUPDATE 199 +#define EVP_F_EVP_DIGESTFINAL_EX 196 +#define EVP_F_EVP_DIGESTINIT_EX 128 +#define EVP_F_EVP_ENCRYPTFINAL_EX 127 +#define EVP_F_EVP_ENCRYPTUPDATE 198 +#define EVP_F_EVP_MD_CTX_COPY_EX 110 +#define EVP_F_EVP_MD_CTX_CTRL 195 +#define EVP_F_EVP_MD_SIZE 162 #define EVP_F_EVP_OPENINIT 102 #define EVP_F_EVP_PBE_ALG_ADD 115 +#define EVP_F_EVP_PBE_ALG_ADD_TYPE 160 #define EVP_F_EVP_PBE_CIPHERINIT 116 #define EVP_F_EVP_PKCS82PKEY 111 -#define EVP_F_EVP_PKCS8_SET_BROKEN 112 -#define EVP_F_EVP_PKEY2PKCS8 113 +#define EVP_F_EVP_PKCS82PKEY_BROKEN 136 +#define EVP_F_EVP_PKEY2PKCS8_BROKEN 113 #define EVP_F_EVP_PKEY_COPY_PARAMETERS 103 +#define EVP_F_EVP_PKEY_CTX_CTRL 137 +#define EVP_F_EVP_PKEY_CTX_CTRL_STR 150 +#define EVP_F_EVP_PKEY_CTX_DUP 156 #define EVP_F_EVP_PKEY_DECRYPT 104 +#define EVP_F_EVP_PKEY_DECRYPT_INIT 138 +#define EVP_F_EVP_PKEY_DECRYPT_OLD 151 +#define EVP_F_EVP_PKEY_DERIVE 153 +#define EVP_F_EVP_PKEY_DERIVE_INIT 154 +#define EVP_F_EVP_PKEY_DERIVE_SET_PEER 155 #define EVP_F_EVP_PKEY_ENCRYPT 105 +#define EVP_F_EVP_PKEY_ENCRYPT_INIT 139 +#define EVP_F_EVP_PKEY_ENCRYPT_OLD 152 #define EVP_F_EVP_PKEY_GET1_DH 119 #define EVP_F_EVP_PKEY_GET1_DSA 120 +#define EVP_F_EVP_PKEY_GET1_ECDSA 130 +#define EVP_F_EVP_PKEY_GET1_EC_KEY 131 #define EVP_F_EVP_PKEY_GET1_RSA 121 +#define EVP_F_EVP_PKEY_KEYGEN 146 +#define EVP_F_EVP_PKEY_KEYGEN_INIT 147 #define EVP_F_EVP_PKEY_NEW 106 +#define EVP_F_EVP_PKEY_PARAMGEN 148 +#define EVP_F_EVP_PKEY_PARAMGEN_INIT 149 +#define EVP_F_EVP_PKEY_SIGN 140 +#define EVP_F_EVP_PKEY_SIGN_INIT 141 +#define EVP_F_EVP_PKEY_VERIFY 142 +#define EVP_F_EVP_PKEY_VERIFY_INIT 143 +#define EVP_F_EVP_PKEY_VERIFY_RECOVER 144 +#define EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT 145 #define EVP_F_EVP_RIJNDAEL 126 #define EVP_F_EVP_SIGNFINAL 107 #define EVP_F_EVP_VERIFYFINAL 108 +#define EVP_F_FIPS_CIPHERINIT 166 +#define EVP_F_FIPS_CIPHER_CTX_COPY 170 +#define EVP_F_FIPS_CIPHER_CTX_CTRL 167 +#define EVP_F_FIPS_CIPHER_CTX_SET_KEY_LENGTH 171 +#define EVP_F_FIPS_DIGESTINIT 168 +#define EVP_F_FIPS_MD_CTX_COPY 169 +#define EVP_F_HMAC_INIT_EX 174 +#define EVP_F_INT_CTX_NEW 157 #define EVP_F_PKCS5_PBE_KEYIVGEN 117 #define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118 +#define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN 164 +#define EVP_F_PKCS8_SET_BROKEN 112 +#define EVP_F_PKEY_SET_TYPE 158 +#define EVP_F_RC2_GET_ASN1_TYPE_AND_IV 197 #define EVP_F_RC2_MAGIC_TO_METH 109 #define EVP_F_RC5_CTRL 125 /* Reason codes. */ +#define EVP_R_AES_IV_SETUP_FAILED 162 +#define EVP_R_AES_KEY_SETUP_FAILED 143 +#define EVP_R_ASN1_LIB 140 #define EVP_R_BAD_BLOCK_LENGTH 136 #define EVP_R_BAD_DECRYPT 100 #define EVP_R_BAD_KEY_LENGTH 137 #define EVP_R_BN_DECODE_ERROR 112 #define EVP_R_BN_PUBKEY_ERROR 113 +#define EVP_R_BUFFER_TOO_SMALL 155 +#define EVP_R_CAMELLIA_KEY_SETUP_FAILED 157 #define EVP_R_CIPHER_PARAMETER_ERROR 122 +#define EVP_R_COMMAND_NOT_SUPPORTED 147 #define EVP_R_CTRL_NOT_IMPLEMENTED 132 #define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133 #define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 #define EVP_R_DECODE_ERROR 114 #define EVP_R_DIFFERENT_KEY_TYPES 101 +#define EVP_R_DIFFERENT_PARAMETERS 153 +#define EVP_R_DISABLED_FOR_FIPS 163 #define EVP_R_ENCODE_ERROR 115 +#define EVP_R_ERROR_LOADING_SECTION 165 +#define EVP_R_ERROR_SETTING_FIPS_MODE 166 #define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119 +#define EVP_R_EXPECTING_AN_HMAC_KEY 174 #define EVP_R_EXPECTING_AN_RSA_KEY 127 #define EVP_R_EXPECTING_A_DH_KEY 128 #define EVP_R_EXPECTING_A_DSA_KEY 129 +#define EVP_R_EXPECTING_A_ECDSA_KEY 141 +#define EVP_R_EXPECTING_A_EC_KEY 142 +#define EVP_R_FIPS_MODE_NOT_SUPPORTED 167 #define EVP_R_INITIALIZATION_ERROR 134 #define EVP_R_INPUT_NOT_INITIALIZED 111 +#define EVP_R_INVALID_DIGEST 152 +#define EVP_R_INVALID_FIPS_MODE 168 #define EVP_R_INVALID_KEY_LENGTH 130 +#define EVP_R_INVALID_OPERATION 148 #define EVP_R_IV_TOO_LARGE 102 #define EVP_R_KEYGEN_FAILURE 120 +#define EVP_R_MESSAGE_DIGEST_IS_NULL 159 +#define EVP_R_METHOD_NOT_SUPPORTED 144 #define EVP_R_MISSING_PARAMETERS 103 #define EVP_R_NO_CIPHER_SET 131 +#define EVP_R_NO_DEFAULT_DIGEST 158 #define EVP_R_NO_DIGEST_SET 139 #define EVP_R_NO_DSA_PARAMETERS 116 +#define EVP_R_NO_KEY_SET 154 +#define EVP_R_NO_OPERATION_SET 149 #define EVP_R_NO_SIGN_FUNCTION_CONFIGURED 104 #define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED 105 +#define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150 +#define EVP_R_OPERATON_NOT_INITIALIZED 151 +#define EVP_R_OUTPUT_ALIASES_INPUT 172 #define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE 117 +#define EVP_R_PRIVATE_KEY_DECODE_ERROR 145 +#define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146 #define EVP_R_PUBLIC_KEY_NOT_RSA 106 +#define EVP_R_TAG_TOO_LARGE 171 +#define EVP_R_TOO_LARGE 164 +#define EVP_R_UNKNOWN_CIPHER 160 +#define EVP_R_UNKNOWN_DIGEST 161 +#define EVP_R_UNKNOWN_OPTION 169 #define EVP_R_UNKNOWN_PBE_ALGORITHM 121 #define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS 135 +#define EVP_R_UNSUPPORTED_ALGORITHM 156 #define EVP_R_UNSUPPORTED_CIPHER 107 #define EVP_R_UNSUPPORTED_KEYLENGTH 123 #define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION 124 #define EVP_R_UNSUPPORTED_KEY_SIZE 108 #define EVP_R_UNSUPPORTED_PRF 125 #define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM 118 +#define EVP_R_WRAP_MODE_NOT_ALLOWED 170 #define EVP_R_UNSUPPORTED_SALT_TYPE 126 #define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 #define EVP_R_WRONG_PUBLIC_KEY_TYPE 110 diff --git a/src/lib/libcrypto/evp/evp_acnf.c b/src/lib/libcrypto/evp/evp_acnf.c deleted file mode 100644 index a68b979bdbd..00000000000 --- a/src/lib/libcrypto/evp/evp_acnf.c +++ /dev/null @@ -1,74 +0,0 @@ -/* evp_acnf.c */ -/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL - * project 2001. - */ -/* ==================================================================== - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include "cryptlib.h" -#include -#include -#include - - -/* Load all algorithms and configure OpenSSL. - * This function is called automatically when - * OPENSSL_LOAD_CONF is set. - */ - -void OPENSSL_add_all_algorithms_conf(void) - { - OPENSSL_add_all_algorithms_noconf(); - OPENSSL_config(NULL); - } diff --git a/src/lib/libcrypto/evp/evp_aead.c b/src/lib/libcrypto/evp/evp_aead.c new file mode 100644 index 00000000000..40471b00226 --- /dev/null +++ b/src/lib/libcrypto/evp/evp_aead.c @@ -0,0 +1,144 @@ +/* $OpenBSD: evp_aead.c,v 1.6 2017/01/29 17:49:23 beck Exp $ */ +/* + * Copyright (c) 2014, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include + +#include +#include + +#include "evp_locl.h" + +size_t +EVP_AEAD_key_length(const EVP_AEAD *aead) +{ + return aead->key_len; +} + +size_t +EVP_AEAD_nonce_length(const EVP_AEAD *aead) +{ + return aead->nonce_len; +} + +size_t +EVP_AEAD_max_overhead(const EVP_AEAD *aead) +{ + return aead->overhead; +} + +size_t +EVP_AEAD_max_tag_len(const EVP_AEAD *aead) +{ + return aead->max_tag_len; +} + +int +EVP_AEAD_CTX_init(EVP_AEAD_CTX *ctx, const EVP_AEAD *aead, + const unsigned char *key, size_t key_len, size_t tag_len, ENGINE *impl) +{ + ctx->aead = aead; + if (key_len != aead->key_len) { + EVPerror(EVP_R_UNSUPPORTED_KEY_SIZE); + return 0; + } + return aead->init(ctx, key, key_len, tag_len); +} + +void +EVP_AEAD_CTX_cleanup(EVP_AEAD_CTX *ctx) +{ + if (ctx->aead == NULL) + return; + ctx->aead->cleanup(ctx); + ctx->aead = NULL; +} + +/* check_alias returns 0 if out points within the buffer determined by in + * and in_len and 1 otherwise. + * + * When processing, there's only an issue if out points within in[:in_len] + * and isn't equal to in. If that's the case then writing the output will + * stomp input that hasn't been read yet. + * + * This function checks for that case. */ +static int +check_alias(const unsigned char *in, size_t in_len, const unsigned char *out) +{ + if (out <= in) + return 1; + if (in + in_len <= out) + return 1; + return 0; +} + +int +EVP_AEAD_CTX_seal(const EVP_AEAD_CTX *ctx, unsigned char *out, size_t *out_len, + size_t max_out_len, const unsigned char *nonce, size_t nonce_len, + const unsigned char *in, size_t in_len, const unsigned char *ad, + size_t ad_len) +{ + size_t possible_out_len = in_len + ctx->aead->overhead; + + /* Overflow. */ + if (possible_out_len < in_len) { + EVPerror(EVP_R_TOO_LARGE); + goto error; + } + + if (!check_alias(in, in_len, out)) { + EVPerror(EVP_R_OUTPUT_ALIASES_INPUT); + goto error; + } + + if (ctx->aead->seal(ctx, out, out_len, max_out_len, nonce, nonce_len, + in, in_len, ad, ad_len)) { + return 1; + } + +error: + /* In the event of an error, clear the output buffer so that a caller + * that doesn't check the return value doesn't send raw data. */ + memset(out, 0, max_out_len); + *out_len = 0; + return 0; +} + +int +EVP_AEAD_CTX_open(const EVP_AEAD_CTX *ctx, unsigned char *out, size_t *out_len, + size_t max_out_len, const unsigned char *nonce, size_t nonce_len, + const unsigned char *in, size_t in_len, const unsigned char *ad, + size_t ad_len) +{ + if (!check_alias(in, in_len, out)) { + EVPerror(EVP_R_OUTPUT_ALIASES_INPUT); + goto error; + } + + if (ctx->aead->open(ctx, out, out_len, max_out_len, nonce, nonce_len, + in, in_len, ad, ad_len)) { + return 1; + } + +error: + /* In the event of an error, clear the output buffer so that a caller + * that doesn't check the return value doesn't try and process bad + * data. */ + memset(out, 0, max_out_len); + *out_len = 0; + return 0; +} diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c index 32a1c7a2e94..a229901956d 100644 --- a/src/lib/libcrypto/evp/evp_enc.c +++ b/src/lib/libcrypto/evp/evp_enc.c @@ -1,25 +1,25 @@ -/* crypto/evp/evp_enc.c */ +/* $OpenBSD: evp_enc.c,v 1.40 2019/03/17 18:07:41 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,451 +57,625 @@ */ #include -#include "cryptlib.h" -#include -#include -#include -#include "evp_locl.h" +#include +#include -#include +#include -const char *EVP_version="EVP" OPENSSL_VERSION_PTEXT; +#include -void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) - { - memset(ctx,0,sizeof(EVP_CIPHER_CTX)); - /* ctx->cipher=NULL; */ - } +#include +#include +#ifndef OPENSSL_NO_ENGINE +#include +#endif -int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - const unsigned char *key, const unsigned char *iv, int enc) - { +#include "evp_locl.h" + +#define M_do_cipher(ctx, out, in, inl) ctx->cipher->do_cipher(ctx, out, in, inl) + +int +EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv, int enc) +{ if (cipher) EVP_CIPHER_CTX_init(ctx); - return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc); - } + return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc); +} -int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, - const unsigned char *key, const unsigned char *iv, int enc) - { +int +EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, + const unsigned char *key, const unsigned char *iv, int enc) +{ if (enc == -1) enc = ctx->encrypt; - else - { + else { if (enc) enc = 1; ctx->encrypt = enc; - } + } +#ifndef OPENSSL_NO_ENGINE /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts * so this context may already have an ENGINE! Try to avoid releasing * the previous handle, re-querying for an ENGINE, and having a * reinitialisation, when it may all be unecessary. */ - if (ctx->engine && ctx->cipher && (!cipher || - (cipher && (cipher->nid == ctx->cipher->nid)))) + if (ctx->engine && ctx->cipher && + (!cipher || (cipher && (cipher->nid == ctx->cipher->nid)))) goto skip_to_init; - if (cipher) - { +#endif + if (cipher) { /* Ensure a context left lying around from last time is cleared * (the previous check attempted to avoid this if the same * ENGINE and EVP_CIPHER could be used). */ - EVP_CIPHER_CTX_cleanup(ctx); - - /* Restore encrypt field: it is zeroed by cleanup */ - ctx->encrypt = enc; - if(impl) - { - if (!ENGINE_init(impl)) - { - EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_INITIALIZATION_ERROR); + if (ctx->cipher) { + unsigned long flags = ctx->flags; + EVP_CIPHER_CTX_cleanup(ctx); + /* Restore encrypt and flags */ + ctx->encrypt = enc; + ctx->flags = flags; + } +#ifndef OPENSSL_NO_ENGINE + if (impl) { + if (!ENGINE_init(impl)) { + EVPerror(EVP_R_INITIALIZATION_ERROR); return 0; - } } - else + } else /* Ask if an ENGINE is reserved for this job */ impl = ENGINE_get_cipher_engine(cipher->nid); - if(impl) - { + if (impl) { /* There's an ENGINE for this job ... (apparently) */ - const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid); - if(!c) - { - /* One positive side-effect of US's export - * control history, is that we should at least - * be able to avoid using US mispellings of - * "initialisation"? */ - EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_INITIALIZATION_ERROR); + const EVP_CIPHER *c = + ENGINE_get_cipher(impl, cipher->nid); + if (!c) { + EVPerror(EVP_R_INITIALIZATION_ERROR); return 0; - } + } /* We'll use the ENGINE's private cipher definition */ cipher = c; /* Store the ENGINE functional reference so we know * 'cipher' came from an ENGINE and we need to release * it when done. */ ctx->engine = impl; - } - else + } else ctx->engine = NULL; +#endif - ctx->cipher=cipher; - ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size); + ctx->cipher = cipher; + if (ctx->cipher->ctx_size) { + ctx->cipher_data = malloc(ctx->cipher->ctx_size); + if (!ctx->cipher_data) { + EVPerror(ERR_R_MALLOC_FAILURE); + return 0; + } + } else { + ctx->cipher_data = NULL; + } ctx->key_len = cipher->key_len; - ctx->flags = 0; - if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT) - { - if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) - { - EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_INITIALIZATION_ERROR); + ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW; + if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) { + if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) { + EVPerror(EVP_R_INITIALIZATION_ERROR); return 0; - } } } - else if(!ctx->cipher) - { - EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_NO_CIPHER_SET); + } else if (!ctx->cipher) { + EVPerror(EVP_R_NO_CIPHER_SET); return 0; - } + } +#ifndef OPENSSL_NO_ENGINE skip_to_init: +#endif /* we assume block size is a power of 2 in *cryptUpdate */ - assert(ctx->cipher->block_size == 1 - || ctx->cipher->block_size == 8 - || ctx->cipher->block_size == 16); + if (ctx->cipher->block_size != 1 && + ctx->cipher->block_size != 8 && + ctx->cipher->block_size != 16) { + EVPerror(EVP_R_BAD_BLOCK_LENGTH); + return 0; + } + + if (!(ctx->flags & EVP_CIPHER_CTX_FLAG_WRAP_ALLOW) && + EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_WRAP_MODE) { + EVPerror(EVP_R_WRAP_MODE_NOT_ALLOWED); + return 0; + } - if(!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) { - switch(EVP_CIPHER_CTX_mode(ctx)) { + if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) { + switch (EVP_CIPHER_CTX_mode(ctx)) { - case EVP_CIPH_STREAM_CIPHER: - case EVP_CIPH_ECB_MODE: + case EVP_CIPH_STREAM_CIPHER: + case EVP_CIPH_ECB_MODE: break; - case EVP_CIPH_CFB_MODE: - case EVP_CIPH_OFB_MODE: + case EVP_CIPH_CFB_MODE: + case EVP_CIPH_OFB_MODE: ctx->num = 0; + /* fall-through */ - case EVP_CIPH_CBC_MODE: + case EVP_CIPH_CBC_MODE: - if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); - memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); + if ((size_t)EVP_CIPHER_CTX_iv_length(ctx) > + sizeof(ctx->iv)) { + EVPerror(EVP_R_IV_TOO_LARGE); + return 0; + } + if (iv) + memcpy(ctx->oiv, iv, + EVP_CIPHER_CTX_iv_length(ctx)); + memcpy(ctx->iv, ctx->oiv, + EVP_CIPHER_CTX_iv_length(ctx)); break; - default: + case EVP_CIPH_CTR_MODE: + ctx->num = 0; + /* Don't reuse IV for CTR mode */ + if (iv) + memcpy(ctx->iv, iv, + EVP_CIPHER_CTX_iv_length(ctx)); + break; + + default: return 0; break; } } - if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { - if(!ctx->cipher->init(ctx,key,iv,enc)) return 0; + if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { + if (!ctx->cipher->init(ctx, key, iv, enc)) + return 0; } - ctx->buf_len=0; - ctx->final_used=0; - ctx->block_mask=ctx->cipher->block_size-1; + ctx->buf_len = 0; + ctx->final_used = 0; + ctx->block_mask = ctx->cipher->block_size - 1; return 1; - } +} -int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, - const unsigned char *in, int inl) - { +int +EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, + const unsigned char *in, int inl) +{ if (ctx->encrypt) - return EVP_EncryptUpdate(ctx,out,outl,in,inl); - else return EVP_DecryptUpdate(ctx,out,outl,in,inl); - } + return EVP_EncryptUpdate(ctx, out, outl, in, inl); + else + return EVP_DecryptUpdate(ctx, out, outl, in, inl); +} -int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) - { +int +EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) +{ if (ctx->encrypt) - return EVP_EncryptFinal_ex(ctx,out,outl); - else return EVP_DecryptFinal_ex(ctx,out,outl); - } + return EVP_EncryptFinal_ex(ctx, out, outl); + else + return EVP_DecryptFinal_ex(ctx, out, outl); +} -int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) - { +__warn_references(EVP_CipherFinal, + "EVP_CipherFinal is often misused, please use EVP_CipherFinal_ex and EVP_CIPHER_CTX_cleanup"); + +int +EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) +{ + int ret; if (ctx->encrypt) - return EVP_EncryptFinal(ctx,out,outl); - else return EVP_DecryptFinal(ctx,out,outl); - } + ret = EVP_EncryptFinal_ex(ctx, out, outl); + else + ret = EVP_DecryptFinal_ex(ctx, out, outl); + return ret; +} -int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - const unsigned char *key, const unsigned char *iv) - { +int +EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv) +{ return EVP_CipherInit(ctx, cipher, key, iv, 1); - } +} -int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl, - const unsigned char *key, const unsigned char *iv) - { +int +EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, + const unsigned char *key, const unsigned char *iv) +{ return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 1); - } +} -int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, - const unsigned char *key, const unsigned char *iv) - { - return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 0); - } +int +EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + const unsigned char *key, const unsigned char *iv) +{ + return EVP_CipherInit(ctx, cipher, key, iv, 0); +} -int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, - const unsigned char *key, const unsigned char *iv) - { +int +EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, + const unsigned char *key, const unsigned char *iv) +{ return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0); +} + +int +EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, + const unsigned char *in, int inl) +{ + int i, j, bl; + + if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { + i = M_do_cipher(ctx, out, in, inl); + if (i < 0) + return 0; + else + *outl = i; + return 1; } -int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, - const unsigned char *in, int inl) - { - int i,j,bl; + if (inl <= 0) { + *outl = 0; + return inl == 0; + } - if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0) - { - if(ctx->cipher->do_cipher(ctx,out,in,inl)) - { - *outl=inl; + if (ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0) { + if (M_do_cipher(ctx, out, in, inl)) { + *outl = inl; return 1; - } - else - { - *outl=0; + } else { + *outl = 0; return 0; - } } - i=ctx->buf_len; - bl=ctx->cipher->block_size; - if (i != 0) - { - if (i+inl < bl) - { - memcpy(&(ctx->buf[i]),in,inl); - ctx->buf_len+=inl; - *outl=0; + } + i = ctx->buf_len; + bl = ctx->cipher->block_size; + if ((size_t)bl > sizeof(ctx->buf)) { + EVPerror(EVP_R_BAD_BLOCK_LENGTH); + *outl = 0; + return 0; + } + if (i != 0) { + if (bl - i > inl) { + memcpy(&(ctx->buf[i]), in, inl); + ctx->buf_len += inl; + *outl = 0; return 1; - } - else - { - j=bl-i; - memcpy(&(ctx->buf[i]),in,j); - if(!ctx->cipher->do_cipher(ctx,out,ctx->buf,bl)) return 0; - inl-=j; - in+=j; - out+=bl; - *outl=bl; - } + } else { + j = bl - i; + memcpy(&(ctx->buf[i]), in, j); + if (!M_do_cipher(ctx, out, ctx->buf, bl)) + return 0; + inl -= j; + in += j; + out += bl; + *outl = bl; } - else + } else *outl = 0; - i=inl&(bl-1); - inl-=i; - if (inl > 0) - { - if(!ctx->cipher->do_cipher(ctx,out,in,inl)) return 0; - *outl+=inl; - } + i = inl&(bl - 1); + inl -= i; + if (inl > 0) { + if (!M_do_cipher(ctx, out, in, inl)) + return 0; + *outl += inl; + } if (i != 0) - memcpy(ctx->buf,&(in[inl]),i); - ctx->buf_len=i; + memcpy(ctx->buf, &(in[inl]), i); + ctx->buf_len = i; return 1; - } +} + +__warn_references(EVP_EncryptFinal, + "EVP_EncryptFinal is often misused, please use EVP_EncryptFinal_ex and EVP_CIPHER_CTX_cleanup"); -int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) - { +int +EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) +{ int ret; + ret = EVP_EncryptFinal_ex(ctx, out, outl); return ret; - } +} -int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) - { - int i,n,b,bl,ret; +int +EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) +{ + int n, ret; + unsigned int i, b, bl; - b=ctx->cipher->block_size; - if (b == 1) - { - *outl=0; - return 1; - } - bl=ctx->buf_len; - if (ctx->flags & EVP_CIPH_NO_PADDING) - { - if(bl) - { - EVPerr(EVP_F_EVP_ENCRYPTFINAL,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); + if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { + ret = M_do_cipher(ctx, out, NULL, 0); + if (ret < 0) return 0; - } + else + *outl = ret; + return 1; + } + + b = ctx->cipher->block_size; + if (b > sizeof ctx->buf) { + EVPerror(EVP_R_BAD_BLOCK_LENGTH); + return 0; + } + if (b == 1) { *outl = 0; return 1; + } + bl = ctx->buf_len; + if (ctx->flags & EVP_CIPH_NO_PADDING) { + if (bl) { + EVPerror(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); + return 0; } + *outl = 0; + return 1; + } - n=b-bl; - for (i=bl; ibuf[i]=n; - ret=ctx->cipher->do_cipher(ctx,out,ctx->buf,b); + n = b - bl; + for (i = bl; i < b; i++) + ctx->buf[i] = n; + ret = M_do_cipher(ctx, out, ctx->buf, b); - if(ret) - *outl=b; + if (ret) + *outl = b; return ret; - } +} -int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, - const unsigned char *in, int inl) - { - int b, fix_len; +int +EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, + const unsigned char *in, int inl) +{ + int fix_len; + unsigned int b; - if (inl == 0) - { - *outl=0; + if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { + fix_len = M_do_cipher(ctx, out, in, inl); + if (fix_len < 0) { + *outl = 0; + return 0; + } else + *outl = fix_len; return 1; - } + } + + if (inl <= 0) { + *outl = 0; + return inl == 0; + } if (ctx->flags & EVP_CIPH_NO_PADDING) return EVP_EncryptUpdate(ctx, out, outl, in, inl); - b=ctx->cipher->block_size; + b = ctx->cipher->block_size; + if (b > sizeof ctx->final) { + EVPerror(EVP_R_BAD_BLOCK_LENGTH); + return 0; + } - if(ctx->final_used) - { - memcpy(out,ctx->final,b); - out+=b; + if (ctx->final_used) { + memcpy(out, ctx->final, b); + out += b; fix_len = 1; - } - else + } else fix_len = 0; - if(!EVP_EncryptUpdate(ctx,out,outl,in,inl)) + if (!EVP_EncryptUpdate(ctx, out, outl, in, inl)) return 0; /* if we have 'decrypted' a multiple of block size, make sure * we have a copy of this last block */ - if (b > 1 && !ctx->buf_len) - { - *outl-=b; - ctx->final_used=1; - memcpy(ctx->final,&out[*outl],b); - } - else + if (b > 1 && !ctx->buf_len) { + *outl -= b; + ctx->final_used = 1; + memcpy(ctx->final, &out[*outl], b); + } else ctx->final_used = 0; if (fix_len) *outl += b; - + return 1; - } +} -int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) - { +__warn_references(EVP_DecryptFinal, + "EVP_DecryptFinal is often misused, please use EVP_DecryptFinal_ex and EVP_CIPHER_CTX_cleanup"); + +int +EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) +{ int ret; + ret = EVP_DecryptFinal_ex(ctx, out, outl); return ret; - } +} + +int +EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) +{ + int i, n; + unsigned int b; + *outl = 0; -int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) - { - int i,b; - int n; + if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) { + i = M_do_cipher(ctx, out, NULL, 0); + if (i < 0) + return 0; + else + *outl = i; + return 1; + } - *outl=0; - b=ctx->cipher->block_size; - if (ctx->flags & EVP_CIPH_NO_PADDING) - { - if(ctx->buf_len) - { - EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); + b = ctx->cipher->block_size; + if (ctx->flags & EVP_CIPH_NO_PADDING) { + if (ctx->buf_len) { + EVPerror(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); return 0; - } + } *outl = 0; return 1; + } + if (b > 1) { + if (ctx->buf_len || !ctx->final_used) { + EVPerror(EVP_R_WRONG_FINAL_BLOCK_LENGTH); + return (0); } - if (b > 1) - { - if (ctx->buf_len || !ctx->final_used) - { - EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_WRONG_FINAL_BLOCK_LENGTH); - return(0); - } - n=ctx->final[b-1]; - if (n > b) - { - EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT); - return(0); - } - for (i=0; ifinal[--b] != n) - { - EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT); - return(0); - } + if (b > sizeof ctx->final) { + EVPerror(EVP_R_BAD_BLOCK_LENGTH); + return 0; + } + n = ctx->final[b - 1]; + if (n == 0 || n > (int)b) { + EVPerror(EVP_R_BAD_DECRYPT); + return (0); + } + for (i = 0; i < n; i++) { + if (ctx->final[--b] != n) { + EVPerror(EVP_R_BAD_DECRYPT); + return (0); } - n=ctx->cipher->block_size-n; - for (i=0; ifinal[i]; - *outl=n; } - else - *outl=0; - return(1); - } + n = ctx->cipher->block_size - n; + for (i = 0; i < n; i++) + out[i] = ctx->final[i]; + *outl = n; + } else + *outl = 0; + return (1); +} + +EVP_CIPHER_CTX * +EVP_CIPHER_CTX_new(void) +{ + return calloc(1, sizeof(EVP_CIPHER_CTX)); +} + +void +EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) +{ + if (ctx == NULL) + return; + + EVP_CIPHER_CTX_cleanup(ctx); -int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) - { - if (c->cipher != NULL) - { - if(c->cipher->cleanup && !c->cipher->cleanup(c)) + free(ctx); +} + +void +EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) +{ + memset(ctx, 0, sizeof(EVP_CIPHER_CTX)); +} + +int +EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *a) +{ + return EVP_CIPHER_CTX_cleanup(a); +} + +int +EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) +{ + if (c->cipher != NULL) { + if (c->cipher->cleanup && !c->cipher->cleanup(c)) return 0; - /* Zero cipher context data */ + /* Cleanse cipher context data */ if (c->cipher_data) - memset(c->cipher_data, 0, c->cipher->ctx_size); - } - if (c->cipher_data) - OPENSSL_free(c->cipher_data); - if (c->engine) - /* The EVP_CIPHER we used belongs to an ENGINE, release the - * functional reference we held for this reason. */ - ENGINE_finish(c->engine); - memset(c,0,sizeof(EVP_CIPHER_CTX)); - return 1; + explicit_bzero(c->cipher_data, c->cipher->ctx_size); } + free(c->cipher_data); +#ifndef OPENSSL_NO_ENGINE + ENGINE_finish(c->engine); +#endif + explicit_bzero(c, sizeof(EVP_CIPHER_CTX)); + return 1; +} -int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen) - { - if(c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH) - return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH, keylen, NULL); - if(c->key_len == keylen) return 1; - if((keylen > 0) && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH)) - { +int +EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen) +{ + if (c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH) + return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH, + keylen, NULL); + if (c->key_len == keylen) + return 1; + if ((keylen > 0) && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH)) { c->key_len = keylen; return 1; - } - EVPerr(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH,EVP_R_INVALID_KEY_LENGTH); - return 0; } + EVPerror(EVP_R_INVALID_KEY_LENGTH); + return 0; +} -int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad) - { - if (pad) ctx->flags &= ~EVP_CIPH_NO_PADDING; - else ctx->flags |= EVP_CIPH_NO_PADDING; +int +EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad) +{ + if (pad) + ctx->flags &= ~EVP_CIPH_NO_PADDING; + else + ctx->flags |= EVP_CIPH_NO_PADDING; return 1; - } +} -int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) +int +EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) { int ret; - if(!ctx->cipher) { - EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET); + + if (!ctx->cipher) { + EVPerror(EVP_R_NO_CIPHER_SET); return 0; } - if(!ctx->cipher->ctrl) { - EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED); + if (!ctx->cipher->ctrl) { + EVPerror(EVP_R_CTRL_NOT_IMPLEMENTED); return 0; } ret = ctx->cipher->ctrl(ctx, type, arg, ptr); - if(ret == -1) { - EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED); + if (ret == -1) { + EVPerror(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED); return 0; } return ret; } + +int +EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key) +{ + if (ctx->cipher->flags & EVP_CIPH_RAND_KEY) + return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key); + arc4random_buf(key, ctx->key_len); + return 1; +} + +int +EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) +{ + if ((in == NULL) || (in->cipher == NULL)) { + EVPerror(EVP_R_INPUT_NOT_INITIALIZED); + return 0; + } +#ifndef OPENSSL_NO_ENGINE + /* Make sure it's safe to copy a cipher context using an ENGINE */ + if (in->engine && !ENGINE_init(in->engine)) { + EVPerror(ERR_R_ENGINE_LIB); + return 0; + } +#endif + + EVP_CIPHER_CTX_cleanup(out); + memcpy(out, in, sizeof *out); + + if (in->cipher_data && in->cipher->ctx_size) { + out->cipher_data = malloc(in->cipher->ctx_size); + if (!out->cipher_data) { + EVPerror(ERR_R_MALLOC_FAILURE); + return 0; + } + memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size); + } + + if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY) + return in->cipher->ctrl((EVP_CIPHER_CTX *)in, + EVP_CTRL_COPY, 0, out); + return 1; +} diff --git a/src/lib/libcrypto/evp/evp_err.c b/src/lib/libcrypto/evp/evp_err.c index 3a23d21c217..89f980b7962 100644 --- a/src/lib/libcrypto/evp/evp_err.c +++ b/src/lib/libcrypto/evp/evp_err.c @@ -1,13 +1,13 @@ -/* crypto/evp/evp_err.c */ +/* $OpenBSD: evp_err.c,v 1.25 2019/03/18 05:34:29 tb Exp $ */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -59,102 +59,110 @@ */ #include + +#include + #include #include /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -static ERR_STRING_DATA EVP_str_functs[]= - { -{ERR_PACK(0,EVP_F_D2I_PKEY,0), "D2I_PKEY"}, -{ERR_PACK(0,EVP_F_EVP_CIPHERINIT,0), "EVP_CipherInit"}, -{ERR_PACK(0,EVP_F_EVP_CIPHER_CTX_CTRL,0), "EVP_CIPHER_CTX_ctrl"}, -{ERR_PACK(0,EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH,0), "EVP_CIPHER_CTX_set_key_length"}, -{ERR_PACK(0,EVP_F_EVP_DECRYPTFINAL,0), "EVP_DecryptFinal"}, -{ERR_PACK(0,EVP_F_EVP_DIGESTINIT,0), "EVP_DigestInit"}, -{ERR_PACK(0,EVP_F_EVP_ENCRYPTFINAL,0), "EVP_EncryptFinal"}, -{ERR_PACK(0,EVP_F_EVP_MD_CTX_COPY,0), "EVP_MD_CTX_copy"}, -{ERR_PACK(0,EVP_F_EVP_OPENINIT,0), "EVP_OpenInit"}, -{ERR_PACK(0,EVP_F_EVP_PBE_ALG_ADD,0), "EVP_PBE_alg_add"}, -{ERR_PACK(0,EVP_F_EVP_PBE_CIPHERINIT,0), "EVP_PBE_CipherInit"}, -{ERR_PACK(0,EVP_F_EVP_PKCS82PKEY,0), "EVP_PKCS82PKEY"}, -{ERR_PACK(0,EVP_F_EVP_PKCS8_SET_BROKEN,0), "EVP_PKCS8_SET_BROKEN"}, -{ERR_PACK(0,EVP_F_EVP_PKEY2PKCS8,0), "EVP_PKEY2PKCS8"}, -{ERR_PACK(0,EVP_F_EVP_PKEY_COPY_PARAMETERS,0), "EVP_PKEY_copy_parameters"}, -{ERR_PACK(0,EVP_F_EVP_PKEY_DECRYPT,0), "EVP_PKEY_decrypt"}, -{ERR_PACK(0,EVP_F_EVP_PKEY_ENCRYPT,0), "EVP_PKEY_encrypt"}, -{ERR_PACK(0,EVP_F_EVP_PKEY_GET1_DH,0), "EVP_PKEY_get1_DH"}, -{ERR_PACK(0,EVP_F_EVP_PKEY_GET1_DSA,0), "EVP_PKEY_get1_DSA"}, -{ERR_PACK(0,EVP_F_EVP_PKEY_GET1_RSA,0), "EVP_PKEY_get1_RSA"}, -{ERR_PACK(0,EVP_F_EVP_PKEY_NEW,0), "EVP_PKEY_new"}, -{ERR_PACK(0,EVP_F_EVP_RIJNDAEL,0), "EVP_RIJNDAEL"}, -{ERR_PACK(0,EVP_F_EVP_SIGNFINAL,0), "EVP_SignFinal"}, -{ERR_PACK(0,EVP_F_EVP_VERIFYFINAL,0), "EVP_VerifyFinal"}, -{ERR_PACK(0,EVP_F_PKCS5_PBE_KEYIVGEN,0), "PKCS5_PBE_keyivgen"}, -{ERR_PACK(0,EVP_F_PKCS5_V2_PBE_KEYIVGEN,0), "PKCS5_v2_PBE_keyivgen"}, -{ERR_PACK(0,EVP_F_RC2_MAGIC_TO_METH,0), "RC2_MAGIC_TO_METH"}, -{ERR_PACK(0,EVP_F_RC5_CTRL,0), "RC5_CTRL"}, -{0,NULL} - }; -static ERR_STRING_DATA EVP_str_reasons[]= - { -{EVP_R_BAD_BLOCK_LENGTH ,"bad block length"}, -{EVP_R_BAD_DECRYPT ,"bad decrypt"}, -{EVP_R_BAD_KEY_LENGTH ,"bad key length"}, -{EVP_R_BN_DECODE_ERROR ,"bn decode error"}, -{EVP_R_BN_PUBKEY_ERROR ,"bn pubkey error"}, -{EVP_R_CIPHER_PARAMETER_ERROR ,"cipher parameter error"}, -{EVP_R_CTRL_NOT_IMPLEMENTED ,"ctrl not implemented"}, -{EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED ,"ctrl operation not implemented"}, -{EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH ,"data not multiple of block length"}, -{EVP_R_DECODE_ERROR ,"decode error"}, -{EVP_R_DIFFERENT_KEY_TYPES ,"different key types"}, -{EVP_R_ENCODE_ERROR ,"encode error"}, -{EVP_R_EVP_PBE_CIPHERINIT_ERROR ,"evp pbe cipherinit error"}, -{EVP_R_EXPECTING_AN_RSA_KEY ,"expecting an rsa key"}, -{EVP_R_EXPECTING_A_DH_KEY ,"expecting a dh key"}, -{EVP_R_EXPECTING_A_DSA_KEY ,"expecting a dsa key"}, -{EVP_R_INITIALIZATION_ERROR ,"initialization error"}, -{EVP_R_INPUT_NOT_INITIALIZED ,"input not initialized"}, -{EVP_R_INVALID_KEY_LENGTH ,"invalid key length"}, -{EVP_R_IV_TOO_LARGE ,"iv too large"}, -{EVP_R_KEYGEN_FAILURE ,"keygen failure"}, -{EVP_R_MISSING_PARAMETERS ,"missing parameters"}, -{EVP_R_NO_CIPHER_SET ,"no cipher set"}, -{EVP_R_NO_DIGEST_SET ,"no digest set"}, -{EVP_R_NO_DSA_PARAMETERS ,"no dsa parameters"}, -{EVP_R_NO_SIGN_FUNCTION_CONFIGURED ,"no sign function configured"}, -{EVP_R_NO_VERIFY_FUNCTION_CONFIGURED ,"no verify function configured"}, -{EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE ,"pkcs8 unknown broken type"}, -{EVP_R_PUBLIC_KEY_NOT_RSA ,"public key not rsa"}, -{EVP_R_UNKNOWN_PBE_ALGORITHM ,"unknown pbe algorithm"}, -{EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS ,"unsuported number of rounds"}, -{EVP_R_UNSUPPORTED_CIPHER ,"unsupported cipher"}, -{EVP_R_UNSUPPORTED_KEYLENGTH ,"unsupported keylength"}, -{EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION,"unsupported key derivation function"}, -{EVP_R_UNSUPPORTED_KEY_SIZE ,"unsupported key size"}, -{EVP_R_UNSUPPORTED_PRF ,"unsupported prf"}, -{EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM ,"unsupported private key algorithm"}, -{EVP_R_UNSUPPORTED_SALT_TYPE ,"unsupported salt type"}, -{EVP_R_WRONG_FINAL_BLOCK_LENGTH ,"wrong final block length"}, -{EVP_R_WRONG_PUBLIC_KEY_TYPE ,"wrong public key type"}, -{0,NULL} - }; +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_EVP,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_EVP,0,reason) -#endif +static ERR_STRING_DATA EVP_str_functs[] = { + {ERR_FUNC(0xfff), "CRYPTO_internal"}, + {0, NULL} +}; -void ERR_load_EVP_strings(void) - { - static int init=1; +static ERR_STRING_DATA EVP_str_reasons[] = { + {ERR_REASON(EVP_R_AES_IV_SETUP_FAILED) , "aes iv setup failed"}, + {ERR_REASON(EVP_R_AES_KEY_SETUP_FAILED) , "aes key setup failed"}, + {ERR_REASON(EVP_R_ASN1_LIB) , "asn1 lib"}, + {ERR_REASON(EVP_R_BAD_BLOCK_LENGTH) , "bad block length"}, + {ERR_REASON(EVP_R_BAD_DECRYPT) , "bad decrypt"}, + {ERR_REASON(EVP_R_BAD_KEY_LENGTH) , "bad key length"}, + {ERR_REASON(EVP_R_BN_DECODE_ERROR) , "bn decode error"}, + {ERR_REASON(EVP_R_BN_PUBKEY_ERROR) , "bn pubkey error"}, + {ERR_REASON(EVP_R_BUFFER_TOO_SMALL) , "buffer too small"}, + {ERR_REASON(EVP_R_CAMELLIA_KEY_SETUP_FAILED), "camellia key setup failed"}, + {ERR_REASON(EVP_R_CIPHER_PARAMETER_ERROR), "cipher parameter error"}, + {ERR_REASON(EVP_R_COMMAND_NOT_SUPPORTED) , "command not supported"}, + {ERR_REASON(EVP_R_CTRL_NOT_IMPLEMENTED) , "ctrl not implemented"}, + {ERR_REASON(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED), "ctrl operation not implemented"}, + {ERR_REASON(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH), "data not multiple of block length"}, + {ERR_REASON(EVP_R_DECODE_ERROR) , "decode error"}, + {ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES) , "different key types"}, + {ERR_REASON(EVP_R_DIFFERENT_PARAMETERS) , "different parameters"}, + {ERR_REASON(EVP_R_DISABLED_FOR_FIPS) , "disabled for fips"}, + {ERR_REASON(EVP_R_ENCODE_ERROR) , "encode error"}, + {ERR_REASON(EVP_R_ERROR_LOADING_SECTION) , "error loading section"}, + {ERR_REASON(EVP_R_ERROR_SETTING_FIPS_MODE), "error setting fips mode"}, + {ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR), "evp pbe cipherinit error"}, + {ERR_REASON(EVP_R_EXPECTING_AN_HMAC_KEY), "expecting an hmac key"}, + {ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY) , "expecting an rsa key"}, + {ERR_REASON(EVP_R_EXPECTING_A_DH_KEY) , "expecting a dh key"}, + {ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY) , "expecting a dsa key"}, + {ERR_REASON(EVP_R_EXPECTING_A_ECDSA_KEY) , "expecting a ecdsa key"}, + {ERR_REASON(EVP_R_EXPECTING_A_EC_KEY) , "expecting a ec key"}, + {ERR_REASON(EVP_R_FIPS_MODE_NOT_SUPPORTED), "fips mode not supported"}, + {ERR_REASON(EVP_R_INITIALIZATION_ERROR) , "initialization error"}, + {ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED) , "input not initialized"}, + {ERR_REASON(EVP_R_INVALID_DIGEST) , "invalid digest"}, + {ERR_REASON(EVP_R_INVALID_FIPS_MODE) , "invalid fips mode"}, + {ERR_REASON(EVP_R_INVALID_KEY_LENGTH) , "invalid key length"}, + {ERR_REASON(EVP_R_INVALID_OPERATION) , "invalid operation"}, + {ERR_REASON(EVP_R_IV_TOO_LARGE) , "iv too large"}, + {ERR_REASON(EVP_R_KEYGEN_FAILURE) , "keygen failure"}, + {ERR_REASON(EVP_R_MESSAGE_DIGEST_IS_NULL), "message digest is null"}, + {ERR_REASON(EVP_R_METHOD_NOT_SUPPORTED) , "method not supported"}, + {ERR_REASON(EVP_R_MISSING_PARAMETERS) , "missing parameters"}, + {ERR_REASON(EVP_R_NO_CIPHER_SET) , "no cipher set"}, + {ERR_REASON(EVP_R_NO_DEFAULT_DIGEST) , "no default digest"}, + {ERR_REASON(EVP_R_NO_DIGEST_SET) , "no digest set"}, + {ERR_REASON(EVP_R_NO_DSA_PARAMETERS) , "no dsa parameters"}, + {ERR_REASON(EVP_R_NO_KEY_SET) , "no key set"}, + {ERR_REASON(EVP_R_NO_OPERATION_SET) , "no operation set"}, + {ERR_REASON(EVP_R_NO_SIGN_FUNCTION_CONFIGURED), "no sign function configured"}, + {ERR_REASON(EVP_R_NO_VERIFY_FUNCTION_CONFIGURED), "no verify function configured"}, + {ERR_REASON(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), "operation not supported for this keytype"}, + {ERR_REASON(EVP_R_OPERATON_NOT_INITIALIZED), "operaton not initialized"}, + {ERR_REASON(EVP_R_OUTPUT_ALIASES_INPUT) , "output aliases input"}, + {ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE), "pkcs8 unknown broken type"}, + {ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR), "private key decode error"}, + {ERR_REASON(EVP_R_PRIVATE_KEY_ENCODE_ERROR), "private key encode error"}, + {ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA) , "public key not rsa"}, + {ERR_REASON(EVP_R_TAG_TOO_LARGE) , "tag too large"}, + {ERR_REASON(EVP_R_TOO_LARGE) , "too large"}, + {ERR_REASON(EVP_R_UNKNOWN_CIPHER) , "unknown cipher"}, + {ERR_REASON(EVP_R_UNKNOWN_DIGEST) , "unknown digest"}, + {ERR_REASON(EVP_R_UNKNOWN_OPTION) , "unknown option"}, + {ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM) , "unknown pbe algorithm"}, + {ERR_REASON(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS), "unsuported number of rounds"}, + {ERR_REASON(EVP_R_UNSUPPORTED_ALGORITHM) , "unsupported algorithm"}, + {ERR_REASON(EVP_R_UNSUPPORTED_CIPHER) , "unsupported cipher"}, + {ERR_REASON(EVP_R_UNSUPPORTED_KEYLENGTH) , "unsupported keylength"}, + {ERR_REASON(EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION), "unsupported key derivation function"}, + {ERR_REASON(EVP_R_UNSUPPORTED_KEY_SIZE) , "unsupported key size"}, + {ERR_REASON(EVP_R_UNSUPPORTED_PRF) , "unsupported prf"}, + {ERR_REASON(EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM), "unsupported private key algorithm"}, + {ERR_REASON(EVP_R_UNSUPPORTED_SALT_TYPE) , "unsupported salt type"}, + {ERR_REASON(EVP_R_WRAP_MODE_NOT_ALLOWED), "wrap mode not allowed"}, + {ERR_REASON(EVP_R_WRONG_FINAL_BLOCK_LENGTH), "wrong final block length"}, + {ERR_REASON(EVP_R_WRONG_PUBLIC_KEY_TYPE) , "wrong public key type"}, + {0, NULL} +}; - if (init) - { - init=0; -#ifndef OPENSSL_NO_ERR - ERR_load_strings(ERR_LIB_EVP,EVP_str_functs); - ERR_load_strings(ERR_LIB_EVP,EVP_str_reasons); #endif - } +void +ERR_load_EVP_strings(void) +{ +#ifndef OPENSSL_NO_ERR + if (ERR_func_error_string(EVP_str_functs[0].error) == NULL) { + ERR_load_strings(0, EVP_str_functs); + ERR_load_strings(0, EVP_str_reasons); } +#endif +} diff --git a/src/lib/libcrypto/evp/evp_key.c b/src/lib/libcrypto/evp/evp_key.c index 4271393069d..91d0fc0de97 100644 --- a/src/lib/libcrypto/evp/evp_key.c +++ b/src/lib/libcrypto/evp/evp_key.c @@ -1,25 +1,25 @@ -/* crypto/evp/evp_key.c */ +/* $OpenBSD: evp_key.c,v 1.26 2018/08/14 17:59:26 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,116 +57,154 @@ */ #include -#include "cryptlib.h" -#include -#include +#include + +#include #include +#include #include +#include /* should be init to zeros. */ static char prompt_string[80]; -void EVP_set_pw_prompt(char *prompt) - { +void +EVP_set_pw_prompt(const char *prompt) +{ if (prompt == NULL) - prompt_string[0]='\0'; - else - { - strncpy(prompt_string,prompt,79); - prompt_string[79]='\0'; - } + prompt_string[0] = '\0'; + else { + strlcpy(prompt_string, prompt, sizeof(prompt_string)); } +} -char *EVP_get_pw_prompt(void) - { +char * +EVP_get_pw_prompt(void) +{ if (prompt_string[0] == '\0') - return(NULL); + return (NULL); else - return(prompt_string); - } + return (prompt_string); +} + +int +EVP_read_pw_string(char *buf, int len, const char *prompt, int verify) +{ + return EVP_read_pw_string_min(buf, 0, len, prompt, verify); +} -/* For historical reasons, the standard function for reading passwords is - * in the DES library -- if someone ever wants to disable DES, - * this function will fail */ -int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify) - { +int +EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt, + int verify) +{ int ret; char buff[BUFSIZ]; UI *ui; + if (len > BUFSIZ) + len = BUFSIZ; + /* Ensure that 0 <= min <= len - 1. In particular, 1 <= len. */ + if (min < 0 || len - 1 < min) + return -1; if ((prompt == NULL) && (prompt_string[0] != '\0')) - prompt=prompt_string; + prompt = prompt_string; ui = UI_new(); - UI_add_input_string(ui,prompt,0,buf,0,(len>=BUFSIZ)?BUFSIZ-1:len); - if (verify) - UI_add_verify_string(ui,prompt,0, - buff,0,(len>=BUFSIZ)?BUFSIZ-1:len,buf); + if (ui == NULL) + return -1; + if (UI_add_input_string(ui, prompt, 0, buf, min, len - 1) < 0) + return -1; + if (verify) { + if (UI_add_verify_string(ui, prompt, 0, buff, min, len - 1, buf) + < 0) + return -1; + } ret = UI_process(ui); UI_free(ui); - memset(buff,0,BUFSIZ); + explicit_bzero(buff, BUFSIZ); return ret; - } +} -int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, - const unsigned char *salt, const unsigned char *data, int datal, - int count, unsigned char *key, unsigned char *iv) - { +int +EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, + const unsigned char *salt, const unsigned char *data, int datal, + int count, unsigned char *key, unsigned char *iv) +{ EVP_MD_CTX c; unsigned char md_buf[EVP_MAX_MD_SIZE]; - int niv,nkey,addmd=0; - unsigned int mds=0,i; + int niv, nkey, addmd = 0; + unsigned int mds = 0, i; + int rv = 0; + + nkey = type->key_len; + niv = type->iv_len; - nkey=type->key_len; - niv=type->iv_len; + if ((size_t)nkey > EVP_MAX_KEY_LENGTH) { + EVPerror(EVP_R_BAD_KEY_LENGTH); + return 0; + } + if ((size_t)niv > EVP_MAX_IV_LENGTH) { + EVPerror(EVP_R_IV_TOO_LARGE); + return 0; + } - if (data == NULL) return(nkey); + if (data == NULL) + return (nkey); EVP_MD_CTX_init(&c); - for (;;) - { - EVP_DigestInit_ex(&c,md, NULL); + for (;;) { + if (!EVP_DigestInit_ex(&c, md, NULL)) + goto err; if (addmd++) - EVP_DigestUpdate(&c,&(md_buf[0]),mds); - EVP_DigestUpdate(&c,data,datal); + if (!EVP_DigestUpdate(&c, &(md_buf[0]), mds)) + goto err; + if (!EVP_DigestUpdate(&c, data, datal)) + goto err; if (salt != NULL) - EVP_DigestUpdate(&c,salt,PKCS5_SALT_LEN); - EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds); + if (!EVP_DigestUpdate(&c, salt, PKCS5_SALT_LEN)) + goto err; + if (!EVP_DigestFinal_ex(&c, &(md_buf[0]), &mds)) + goto err; - for (i=1; i<(unsigned int)count; i++) - { - EVP_DigestInit_ex(&c,md, NULL); - EVP_DigestUpdate(&c,&(md_buf[0]),mds); - EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds); - } - i=0; - if (nkey) - { - for (;;) - { - if (nkey == 0) break; - if (i == mds) break; + for (i = 1; i < (unsigned int)count; i++) { + if (!EVP_DigestInit_ex(&c, md, NULL)) + goto err; + if (!EVP_DigestUpdate(&c, &(md_buf[0]), mds)) + goto err; + if (!EVP_DigestFinal_ex(&c, &(md_buf[0]), &mds)) + goto err; + } + i = 0; + if (nkey) { + for (;;) { + if (nkey == 0) + break; + if (i == mds) + break; if (key != NULL) - *(key++)=md_buf[i]; + *(key++) = md_buf[i]; nkey--; i++; - } } - if (niv && (i != mds)) - { - for (;;) - { - if (niv == 0) break; - if (i == mds) break; + } + if (niv && (i != mds)) { + for (;;) { + if (niv == 0) + break; + if (i == mds) + break; if (iv != NULL) - *(iv++)=md_buf[i]; + *(iv++) = md_buf[i]; niv--; i++; - } } - if ((nkey == 0) && (niv == 0)) break; } - EVP_MD_CTX_cleanup(&c); - memset(&(md_buf[0]),0,EVP_MAX_MD_SIZE); - return(type->key_len); + if ((nkey == 0) && (niv == 0)) + break; } + rv = type->key_len; +err: + EVP_MD_CTX_cleanup(&c); + explicit_bzero(md_buf, sizeof md_buf); + return rv; +} diff --git a/src/lib/libcrypto/evp/evp_lib.c b/src/lib/libcrypto/evp/evp_lib.c index a431945ef5c..90107739e7d 100644 --- a/src/lib/libcrypto/evp/evp_lib.c +++ b/src/lib/libcrypto/evp/evp_lib.c @@ -1,25 +1,25 @@ -/* crypto/evp/evp_lib.c */ +/* $OpenBSD: evp_lib.c,v 1.17 2018/09/12 06:35:38 djm Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,86 +57,334 @@ */ #include -#include "cryptlib.h" +#include + +#include #include #include -int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) - { +int +EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) +{ int ret; if (c->cipher->set_asn1_parameters != NULL) - ret=c->cipher->set_asn1_parameters(c,type); + ret = c->cipher->set_asn1_parameters(c, type); + else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) + ret = EVP_CIPHER_set_asn1_iv(c, type); else - ret=1; - return(ret); - } + ret = -1; + return (ret); +} -int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type) - { +int +EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type) +{ int ret; if (c->cipher->get_asn1_parameters != NULL) - ret=c->cipher->get_asn1_parameters(c,type); + ret = c->cipher->get_asn1_parameters(c, type); + else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) + ret = EVP_CIPHER_get_asn1_iv(c, type); else - ret=1; - return(ret); - } + ret = -1; + return (ret); +} -int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) - { - int i=0,l; +int +EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) +{ + int i = 0; + unsigned int l; - if (type != NULL) - { - l=EVP_CIPHER_CTX_iv_length(c); - i=ASN1_TYPE_get_octetstring(type,c->oiv,l); - if (i != l) - return(-1); - else if (i > 0) - memcpy(c->iv,c->oiv,l); + if (type != NULL) { + l = EVP_CIPHER_CTX_iv_length(c); + if (l > sizeof(c->iv)) { + EVPerror(EVP_R_IV_TOO_LARGE); + return 0; } - return(i); + i = ASN1_TYPE_get_octetstring(type, c->oiv, l); + if (i != (int)l) + return (-1); + else if (i > 0) + memcpy(c->iv, c->oiv, l); } + return (i); +} -int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) - { - int i=0,j; +int +EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) +{ + int i = 0; + unsigned int j; - if (type != NULL) - { - j=EVP_CIPHER_CTX_iv_length(c); - i=ASN1_TYPE_set_octetstring(type,c->oiv,j); + if (type != NULL) { + j = EVP_CIPHER_CTX_iv_length(c); + if (j > sizeof(c->iv)) { + EVPerror(EVP_R_IV_TOO_LARGE); + return 0; } - return(i); + i = ASN1_TYPE_set_octetstring(type, c->oiv, j); } + return (i); +} /* Convert the various cipher NIDs and dummies to a proper OID NID */ -int EVP_CIPHER_type(const EVP_CIPHER *ctx) +int +EVP_CIPHER_type(const EVP_CIPHER *ctx) { int nid; ASN1_OBJECT *otmp; nid = EVP_CIPHER_nid(ctx); - switch(nid) { + switch (nid) { + case NID_rc2_cbc: + case NID_rc2_64_cbc: + case NID_rc2_40_cbc: + return NID_rc2_cbc; - case NID_rc2_cbc: - case NID_rc2_64_cbc: - case NID_rc2_40_cbc: + case NID_rc4: + case NID_rc4_40: + return NID_rc4; - return NID_rc2_cbc; + case NID_aes_128_cfb128: + case NID_aes_128_cfb8: + case NID_aes_128_cfb1: + return NID_aes_128_cfb128; - case NID_rc4: - case NID_rc4_40: + case NID_aes_192_cfb128: + case NID_aes_192_cfb8: + case NID_aes_192_cfb1: + return NID_aes_192_cfb128; - return NID_rc4; + case NID_aes_256_cfb128: + case NID_aes_256_cfb8: + case NID_aes_256_cfb1: + return NID_aes_256_cfb128; - default: + case NID_des_cfb64: + case NID_des_cfb8: + case NID_des_cfb1: + return NID_des_cfb64; + + case NID_des_ede3_cfb64: + case NID_des_ede3_cfb8: + case NID_des_ede3_cfb1: + return NID_des_cfb64; + + default: /* Check it has an OID and it is valid */ otmp = OBJ_nid2obj(nid); - if(!otmp || !otmp->data) nid = NID_undef; + if (!otmp || !otmp->data) + nid = NID_undef; ASN1_OBJECT_free(otmp); return nid; } } +int +EVP_CIPHER_block_size(const EVP_CIPHER *e) +{ + return e->block_size; +} + +int +EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx) +{ + return ctx->cipher->block_size; +} + +int +EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, + unsigned int inl) +{ + return ctx->cipher->do_cipher(ctx, out, in, inl); +} + +const EVP_CIPHER * +EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx) +{ + return ctx->cipher; +} + +int +EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx) +{ + return ctx->encrypt; +} + +unsigned long +EVP_CIPHER_flags(const EVP_CIPHER *cipher) +{ + return cipher->flags; +} + +unsigned long +EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx) +{ + return ctx->cipher->flags; +} + +void * +EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx) +{ + return ctx->app_data; +} + +void +EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data) +{ + ctx->app_data = data; +} + +int +EVP_CIPHER_iv_length(const EVP_CIPHER *cipher) +{ + return cipher->iv_len; +} + +int +EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx) +{ + return ctx->cipher->iv_len; +} + +int +EVP_CIPHER_key_length(const EVP_CIPHER *cipher) +{ + return cipher->key_len; +} + +int +EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx) +{ + return ctx->key_len; +} + +int +EVP_CIPHER_nid(const EVP_CIPHER *cipher) +{ + return cipher->nid; +} + +int +EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx) +{ + return ctx->cipher->nid; +} + +int +EVP_CIPHER_CTX_get_iv(const EVP_CIPHER_CTX *ctx, unsigned char *iv, size_t len) +{ + if (ctx == NULL || len != EVP_CIPHER_CTX_iv_length(ctx)) + return 0; + if (len > EVP_MAX_IV_LENGTH) + return 0; /* sanity check; shouldn't happen */ + /* + * Skip the memcpy entirely when the requested IV length is zero, + * since the iv pointer may be NULL or invalid. + */ + if (len != 0) { + if (iv == NULL) + return 0; + memcpy(iv, ctx->iv, len); + } + return 1; +} + +int +EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx, const unsigned char *iv, size_t len) +{ + if (ctx == NULL || len != EVP_CIPHER_CTX_iv_length(ctx)) + return 0; + if (len > EVP_MAX_IV_LENGTH) + return 0; /* sanity check; shouldn't happen */ + /* + * Skip the memcpy entirely when the requested IV length is zero, + * since the iv pointer may be NULL or invalid. + */ + if (len != 0) { + if (iv == NULL) + return 0; + memcpy(ctx->iv, iv, len); + } + return 1; +} + +int +EVP_MD_block_size(const EVP_MD *md) +{ + return md->block_size; +} + +int +EVP_MD_type(const EVP_MD *md) +{ + return md->type; +} + +int +EVP_MD_pkey_type(const EVP_MD *md) +{ + return md->pkey_type; +} + +int +EVP_MD_size(const EVP_MD *md) +{ + if (!md) { + EVPerror(EVP_R_MESSAGE_DIGEST_IS_NULL); + return -1; + } + return md->md_size; +} + +unsigned long +EVP_MD_flags(const EVP_MD *md) +{ + return md->flags; +} + +const EVP_MD * +EVP_MD_CTX_md(const EVP_MD_CTX *ctx) +{ + if (!ctx) + return NULL; + return ctx->digest; +} + +void +EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags) +{ + ctx->flags |= flags; +} + +void +EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags) +{ + ctx->flags &= ~flags; +} + +int +EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags) +{ + return (ctx->flags & flags); +} + +void +EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags) +{ + ctx->flags |= flags; +} + +void +EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags) +{ + ctx->flags &= ~flags; +} + +int +EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags) +{ + return (ctx->flags & flags); +} diff --git a/src/lib/libcrypto/evp/evp_locl.h b/src/lib/libcrypto/evp/evp_locl.h index 7b088b48480..0b1bea9583c 100644 --- a/src/lib/libcrypto/evp/evp_locl.h +++ b/src/lib/libcrypto/evp/evp_locl.h @@ -1,5 +1,5 @@ -/* evp_locl.h */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: evp_locl.h,v 1.15 2018/11/24 11:16:44 tb Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -56,43 +56,73 @@ * */ +__BEGIN_HIDDEN_DECLS + /* Macros to code block cipher wrappers */ /* Wrapper functions for each cipher mode */ #define BLOCK_CIPHER_ecb_loop() \ - unsigned int i, bl; \ + size_t i, bl; \ bl = ctx->cipher->block_size;\ if(inl < bl) return 1;\ inl -= bl; \ - for(i=0; i <= inl; i+=bl) \ + for(i=0; i <= inl; i+=bl) #define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \ -static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \ +static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ {\ BLOCK_CIPHER_ecb_loop() \ cprefix##_ecb_encrypt(in + i, out + i, &((kstruct *)ctx->cipher_data)->ksched, ctx->encrypt);\ return 1;\ } +#define EVP_MAXCHUNK ((size_t)1<<(sizeof(long)*8-2)) + #define BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) \ -static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \ +static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ {\ - cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num);\ + while(inl>=EVP_MAXCHUNK)\ + {\ + cprefix##_ofb##cbits##_encrypt(in, out, (long)EVP_MAXCHUNK, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num);\ + inl-=EVP_MAXCHUNK;\ + in +=EVP_MAXCHUNK;\ + out+=EVP_MAXCHUNK;\ + }\ + if (inl)\ + cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num);\ return 1;\ } #define BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \ -static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \ +static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ {\ - cprefix##_cbc_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, ctx->encrypt);\ + while(inl>=EVP_MAXCHUNK) \ + {\ + cprefix##_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, ctx->encrypt);\ + inl-=EVP_MAXCHUNK;\ + in +=EVP_MAXCHUNK;\ + out+=EVP_MAXCHUNK;\ + }\ + if (inl)\ + cprefix##_cbc_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, ctx->encrypt);\ return 1;\ } #define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ -static int cname##_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \ +static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ {\ - cprefix##_cfb##cbits##_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\ + size_t chunk=EVP_MAXCHUNK;\ + if (cbits==1) chunk>>=3;\ + if (inl=chunk)\ + {\ + cprefix##_cfb##cbits##_encrypt(in, out, (long)((cbits==1) && !(ctx->flags & EVP_CIPH_FLAG_LENGTH_BITS) ?inl*8:inl), &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\ + inl-=chunk;\ + in +=chunk;\ + out+=chunk;\ + if(inlcipher_data) + +#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len) \ + BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \ + BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \ + NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \ + 0, cipher##_init_key, NULL, \ + EVP_CIPHER_set_asn1_iv, \ + EVP_CIPHER_get_asn1_iv, \ + NULL) + +struct evp_pkey_ctx_st { + /* Method associated with this operation */ + const EVP_PKEY_METHOD *pmeth; + /* Engine that implements this method or NULL if builtin */ + ENGINE *engine; + /* Key: may be NULL */ + EVP_PKEY *pkey; + /* Peer key for key agreement, may be NULL */ + EVP_PKEY *peerkey; + /* Actual operation */ + int operation; + /* Algorithm specific data */ + void *data; + /* Application specific data */ + void *app_data; + /* Keygen callback */ + EVP_PKEY_gen_cb *pkey_gencb; + /* implementation specific keygen data */ + int *keygen_info; + int keygen_info_count; +} /* EVP_PKEY_CTX */; + +#define EVP_PKEY_FLAG_DYNAMIC 1 + +struct evp_pkey_method_st { + int pkey_id; + int flags; + + int (*init)(EVP_PKEY_CTX *ctx); + int (*copy)(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src); + void (*cleanup)(EVP_PKEY_CTX *ctx); + + int (*paramgen_init)(EVP_PKEY_CTX *ctx); + int (*paramgen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); + + int (*keygen_init)(EVP_PKEY_CTX *ctx); + int (*keygen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); + + int (*sign_init)(EVP_PKEY_CTX *ctx); + int (*sign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen); + + int (*verify_init)(EVP_PKEY_CTX *ctx); + int (*verify)(EVP_PKEY_CTX *ctx, + const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen); + + int (*verify_recover_init)(EVP_PKEY_CTX *ctx); + int (*verify_recover)(EVP_PKEY_CTX *ctx, + unsigned char *rout, size_t *routlen, + const unsigned char *sig, size_t siglen); + + int (*signctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); + int (*signctx)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + EVP_MD_CTX *mctx); + + int (*verifyctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); + int (*verifyctx)(EVP_PKEY_CTX *ctx, const unsigned char *sig, + int siglen, EVP_MD_CTX *mctx); + + int (*encrypt_init)(EVP_PKEY_CTX *ctx); + int (*encrypt)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen); + + int (*decrypt_init)(EVP_PKEY_CTX *ctx); + int (*decrypt)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen); + + int (*derive_init)(EVP_PKEY_CTX *ctx); + int (*derive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); + + int (*ctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2); + int (*ctrl_str)(EVP_PKEY_CTX *ctx, const char *type, const char *value); +} /* EVP_PKEY_METHOD */; + +void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx); + +int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, int en_de); + +/* EVP_AEAD represents a specific AEAD algorithm. */ +struct evp_aead_st { + unsigned char key_len; + unsigned char nonce_len; + unsigned char overhead; + unsigned char max_tag_len; + + int (*init)(struct evp_aead_ctx_st*, const unsigned char *key, + size_t key_len, size_t tag_len); + void (*cleanup)(struct evp_aead_ctx_st*); + + int (*seal)(const struct evp_aead_ctx_st *ctx, unsigned char *out, + size_t *out_len, size_t max_out_len, const unsigned char *nonce, + size_t nonce_len, const unsigned char *in, size_t in_len, + const unsigned char *ad, size_t ad_len); + + int (*open)(const struct evp_aead_ctx_st *ctx, unsigned char *out, + size_t *out_len, size_t max_out_len, const unsigned char *nonce, + size_t nonce_len, const unsigned char *in, size_t in_len, + const unsigned char *ad, size_t ad_len); +}; + +__END_HIDDEN_DECLS diff --git a/src/lib/libcrypto/evp/evp_pbe.c b/src/lib/libcrypto/evp/evp_pbe.c index 06afb9d152a..de08c8d78c5 100644 --- a/src/lib/libcrypto/evp/evp_pbe.c +++ b/src/lib/libcrypto/evp/evp_pbe.c @@ -1,16 +1,16 @@ -/* evp_pbe.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: evp_pbe.c,v 1.25 2017/01/29 17:49:23 beck Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,80 +57,254 @@ */ #include +#include + +#include + +#include #include +#include #include -#include "cryptlib.h" + +#include "evp_locl.h" /* Password based encryption (PBE) functions */ -static STACK *pbe_algs; +DECLARE_STACK_OF(EVP_PBE_CTL) +static STACK_OF(EVP_PBE_CTL) *pbe_algs; /* Setup a cipher context from a PBE algorithm */ typedef struct { -int pbe_nid; -const EVP_CIPHER *cipher; -const EVP_MD *md; -EVP_PBE_KEYGEN *keygen; + int pbe_type; + int pbe_nid; + int cipher_nid; + int md_nid; + EVP_PBE_KEYGEN *keygen; } EVP_PBE_CTL; -int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen, - ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de) -{ +static const EVP_PBE_CTL builtin_pbe[] = { + {EVP_PBE_TYPE_OUTER, NID_pbeWithMD2AndDES_CBC, NID_des_cbc, NID_md2, PKCS5_PBE_keyivgen}, + {EVP_PBE_TYPE_OUTER, NID_pbeWithMD5AndDES_CBC, NID_des_cbc, NID_md5, PKCS5_PBE_keyivgen}, + {EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndRC2_CBC, NID_rc2_64_cbc, NID_sha1, PKCS5_PBE_keyivgen}, - EVP_PBE_CTL *pbetmp, pbelu; - int i; - pbelu.pbe_nid = OBJ_obj2nid(pbe_obj); - if (pbelu.pbe_nid != NID_undef) i = sk_find(pbe_algs, (char *)&pbelu); - else i = -1; +#ifndef OPENSSL_NO_HMAC + {EVP_PBE_TYPE_OUTER, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen}, +#endif + + {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And128BitRC4, NID_rc4, NID_sha1, PKCS12_PBE_keyivgen}, + {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And40BitRC4, NID_rc4_40, NID_sha1, PKCS12_PBE_keyivgen}, + {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, NID_des_ede3_cbc, NID_sha1, PKCS12_PBE_keyivgen}, + {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And2_Key_TripleDES_CBC, NID_des_ede_cbc, NID_sha1, PKCS12_PBE_keyivgen}, + {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And128BitRC2_CBC, NID_rc2_cbc, NID_sha1, PKCS12_PBE_keyivgen}, + {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And40BitRC2_CBC, NID_rc2_40_cbc, NID_sha1, PKCS12_PBE_keyivgen}, + +#ifndef OPENSSL_NO_HMAC + {EVP_PBE_TYPE_OUTER, NID_pbes2, -1, -1, PKCS5_v2_PBE_keyivgen}, +#endif + {EVP_PBE_TYPE_OUTER, NID_pbeWithMD2AndRC2_CBC, NID_rc2_64_cbc, NID_md2, PKCS5_PBE_keyivgen}, + {EVP_PBE_TYPE_OUTER, NID_pbeWithMD5AndRC2_CBC, NID_rc2_64_cbc, NID_md5, PKCS5_PBE_keyivgen}, + {EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndDES_CBC, NID_des_cbc, NID_sha1, PKCS5_PBE_keyivgen}, - if (i == -1) { + + {EVP_PBE_TYPE_PRF, NID_hmacWithSHA1, -1, NID_sha1, 0}, + {EVP_PBE_TYPE_PRF, NID_hmacWithMD5, -1, NID_md5, 0}, + {EVP_PBE_TYPE_PRF, NID_hmacWithSHA224, -1, NID_sha224, 0}, + {EVP_PBE_TYPE_PRF, NID_hmacWithSHA256, -1, NID_sha256, 0}, + {EVP_PBE_TYPE_PRF, NID_hmacWithSHA384, -1, NID_sha384, 0}, + {EVP_PBE_TYPE_PRF, NID_hmacWithSHA512, -1, NID_sha512, 0}, + {EVP_PBE_TYPE_PRF, NID_id_HMACGostR3411_94, -1, NID_id_GostR3411_94, 0}, +}; + +int +EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, + ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de) +{ + const EVP_CIPHER *cipher; + const EVP_MD *md; + int cipher_nid, md_nid; + EVP_PBE_KEYGEN *keygen; + + if (!EVP_PBE_find(EVP_PBE_TYPE_OUTER, OBJ_obj2nid(pbe_obj), + &cipher_nid, &md_nid, &keygen)) { char obj_tmp[80]; - EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_PBE_ALGORITHM); - if (!pbe_obj) strcpy (obj_tmp, "NULL"); - else i2t_ASN1_OBJECT(obj_tmp, 80, pbe_obj); - ERR_add_error_data(2, "TYPE=", obj_tmp); + EVPerror(EVP_R_UNKNOWN_PBE_ALGORITHM); + if (!pbe_obj) + strlcpy(obj_tmp, "NULL", sizeof obj_tmp); + else + i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj); + ERR_asprintf_error_data("TYPE=%s", obj_tmp); return 0; } - if(!pass) passlen = 0; - else if (passlen == -1) passlen = strlen(pass); - pbetmp = (EVP_PBE_CTL *)sk_value (pbe_algs, i); - i = (*pbetmp->keygen)(ctx, pass, passlen, param, pbetmp->cipher, - pbetmp->md, en_de); - if (!i) { - EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_KEYGEN_FAILURE); + + if (!pass) + passlen = 0; + else if (passlen == -1) + passlen = strlen(pass); + + if (cipher_nid == -1) + cipher = NULL; + else { + cipher = EVP_get_cipherbynid(cipher_nid); + if (!cipher) { + EVPerror(EVP_R_UNKNOWN_CIPHER); + return 0; + } + } + + if (md_nid == -1) + md = NULL; + else { + md = EVP_get_digestbynid(md_nid); + if (!md) { + EVPerror(EVP_R_UNKNOWN_DIGEST); + return 0; + } + } + + if (!keygen(ctx, pass, passlen, param, cipher, md, en_de)) { + EVPerror(EVP_R_KEYGEN_FAILURE); return 0; } - return 1; + return 1; +} + +static int pbe2_cmp_BSEARCH_CMP_FN(const void *, const void *); +static int pbe2_cmp(EVP_PBE_CTL const *, EVP_PBE_CTL const *); +static EVP_PBE_CTL *OBJ_bsearch_pbe2(EVP_PBE_CTL *key, EVP_PBE_CTL const *base, int num); + +static int +pbe2_cmp(const EVP_PBE_CTL *pbe1, const EVP_PBE_CTL *pbe2) +{ + int ret = pbe1->pbe_type - pbe2->pbe_type; + + if (ret) + return ret; + else + return pbe1->pbe_nid - pbe2->pbe_nid; } -static int pbe_cmp(const char * const *a, const char * const *b) + +static int +pbe2_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) { - EVP_PBE_CTL **pbe1 = (EVP_PBE_CTL **) a, **pbe2 = (EVP_PBE_CTL **)b; - return ((*pbe1)->pbe_nid - (*pbe2)->pbe_nid); + EVP_PBE_CTL const *a = a_; + EVP_PBE_CTL const *b = b_; + return pbe2_cmp(a, b); +} + +static EVP_PBE_CTL * +OBJ_bsearch_pbe2(EVP_PBE_CTL *key, EVP_PBE_CTL const *base, int num) +{ + return (EVP_PBE_CTL *)OBJ_bsearch_(key, base, num, sizeof(EVP_PBE_CTL), + pbe2_cmp_BSEARCH_CMP_FN); +} + +static int +pbe_cmp(const EVP_PBE_CTL * const *a, const EVP_PBE_CTL * const *b) +{ + int ret = (*a)->pbe_type - (*b)->pbe_type; + + if (ret) + return ret; + else + return (*a)->pbe_nid - (*b)->pbe_nid; } /* Add a PBE algorithm */ -int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, - EVP_PBE_KEYGEN *keygen) +int +EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, int md_nid, + EVP_PBE_KEYGEN *keygen) { EVP_PBE_CTL *pbe_tmp; - if (!pbe_algs) pbe_algs = sk_new(pbe_cmp); - if (!(pbe_tmp = (EVP_PBE_CTL*) OPENSSL_malloc (sizeof(EVP_PBE_CTL)))) { - EVPerr(EVP_F_EVP_PBE_ALG_ADD,ERR_R_MALLOC_FAILURE); + + if (pbe_algs == NULL) { + pbe_algs = sk_EVP_PBE_CTL_new(pbe_cmp); + if (pbe_algs == NULL) { + EVPerror(ERR_R_MALLOC_FAILURE); + return 0; + } + } + pbe_tmp = malloc(sizeof(EVP_PBE_CTL)); + if (pbe_tmp == NULL) { + EVPerror(ERR_R_MALLOC_FAILURE); return 0; } - pbe_tmp->pbe_nid = nid; - pbe_tmp->cipher = cipher; - pbe_tmp->md = md; + pbe_tmp->pbe_type = pbe_type; + pbe_tmp->pbe_nid = pbe_nid; + pbe_tmp->cipher_nid = cipher_nid; + pbe_tmp->md_nid = md_nid; pbe_tmp->keygen = keygen; - sk_push (pbe_algs, (char *)pbe_tmp); + + if (sk_EVP_PBE_CTL_push(pbe_algs, pbe_tmp) == 0) { + free(pbe_tmp); + EVPerror(ERR_R_MALLOC_FAILURE); + return 0; + } return 1; } -void EVP_PBE_cleanup(void) +int +EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, + EVP_PBE_KEYGEN *keygen) +{ + int cipher_nid, md_nid; + + if (cipher) + cipher_nid = EVP_CIPHER_nid(cipher); + else + cipher_nid = -1; + if (md) + md_nid = EVP_MD_type(md); + else + md_nid = -1; + + return EVP_PBE_alg_add_type(EVP_PBE_TYPE_OUTER, nid, + cipher_nid, md_nid, keygen); +} + +int +EVP_PBE_find(int type, int pbe_nid, + int *pcnid, int *pmnid, EVP_PBE_KEYGEN **pkeygen) +{ + EVP_PBE_CTL *pbetmp = NULL, pbelu; + int i; + if (pbe_nid == NID_undef) + return 0; + + pbelu.pbe_type = type; + pbelu.pbe_nid = pbe_nid; + + if (pbe_algs) { + i = sk_EVP_PBE_CTL_find(pbe_algs, &pbelu); + if (i != -1) + pbetmp = sk_EVP_PBE_CTL_value (pbe_algs, i); + } + if (pbetmp == NULL) { + pbetmp = OBJ_bsearch_pbe2(&pbelu, builtin_pbe, + sizeof(builtin_pbe)/sizeof(EVP_PBE_CTL)); + } + if (pbetmp == NULL) + return 0; + if (pcnid) + *pcnid = pbetmp->cipher_nid; + if (pmnid) + *pmnid = pbetmp->md_nid; + if (pkeygen) + *pkeygen = pbetmp->keygen; + return 1; +} + +static void +free_evp_pbe_ctl(EVP_PBE_CTL *pbe) +{ + free(pbe); +} + +void +EVP_PBE_cleanup(void) { - sk_pop_free(pbe_algs, OPENSSL_freeFunc); + sk_EVP_PBE_CTL_pop_free(pbe_algs, free_evp_pbe_ctl); pbe_algs = NULL; } diff --git a/src/lib/libcrypto/evp/evp_pkey.c b/src/lib/libcrypto/evp/evp_pkey.c index 34b5b1d21cc..9ff544b84af 100644 --- a/src/lib/libcrypto/evp/evp_pkey.c +++ b/src/lib/libcrypto/evp/evp_pkey.c @@ -1,16 +1,16 @@ -/* evp_pkey.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: evp_pkey.c,v 1.23 2018/08/24 20:26:03 tb Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -58,355 +58,151 @@ #include #include -#include "cryptlib.h" + +#include #include -#include -#ifndef OPENSSL_NO_DSA -static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey); -#endif +#include "asn1_locl.h" /* Extract a private key from a PKCS8 structure */ -EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8) +EVP_PKEY * +EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO *p8) { EVP_PKEY *pkey = NULL; -#ifndef OPENSSL_NO_RSA - RSA *rsa = NULL; -#endif -#ifndef OPENSSL_NO_DSA - DSA *dsa = NULL; - ASN1_INTEGER *privkey; - ASN1_TYPE *t1, *t2, *param = NULL; - STACK_OF(ASN1_TYPE) *ndsa = NULL; - BN_CTX *ctx = NULL; - int plen; -#endif - X509_ALGOR *a; - unsigned char *p; - const unsigned char *cp; - int pkeylen; + const ASN1_OBJECT *algoid; char obj_tmp[80]; - if(p8->pkey->type == V_ASN1_OCTET_STRING) { - p8->broken = PKCS8_OK; - p = p8->pkey->value.octet_string->data; - pkeylen = p8->pkey->value.octet_string->length; - } else { - p8->broken = PKCS8_NO_OCTET; - p = p8->pkey->value.sequence->data; - pkeylen = p8->pkey->value.sequence->length; - } + if (!PKCS8_pkey_get0(&algoid, NULL, NULL, NULL, p8)) + return NULL; + if (!(pkey = EVP_PKEY_new())) { - EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE); + EVPerror(ERR_R_MALLOC_FAILURE); return NULL; } - a = p8->pkeyalg; - switch (OBJ_obj2nid(a->algorithm)) - { -#ifndef OPENSSL_NO_RSA - case NID_rsaEncryption: - cp = p; - if (!(rsa = d2i_RSAPrivateKey (NULL,&cp, pkeylen))) { - EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); - return NULL; - } - EVP_PKEY_assign_RSA (pkey, rsa); - break; -#endif -#ifndef OPENSSL_NO_DSA - case NID_dsa: - /* PKCS#8 DSA is weird: you just get a private key integer - * and parameters in the AlgorithmIdentifier the pubkey must - * be recalculated. - */ - - /* Check for broken DSA PKCS#8, UGH! */ - if(*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) { - if(!(ndsa = ASN1_seq_unpack_ASN1_TYPE(p, pkeylen, - d2i_ASN1_TYPE, - ASN1_TYPE_free))) { - EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); - goto dsaerr; - } - if(sk_ASN1_TYPE_num(ndsa) != 2 ) { - EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); - goto dsaerr; - } - /* Handle Two broken types: - * SEQUENCE {parameters, priv_key} - * SEQUENCE {pub_key, priv_key} - */ - t1 = sk_ASN1_TYPE_value(ndsa, 0); - t2 = sk_ASN1_TYPE_value(ndsa, 1); - if(t1->type == V_ASN1_SEQUENCE) { - p8->broken = PKCS8_EMBEDDED_PARAM; - param = t1; - } else if(a->parameter->type == V_ASN1_SEQUENCE) { - p8->broken = PKCS8_NS_DB; - param = a->parameter; - } else { - EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); - goto dsaerr; - } + if (!EVP_PKEY_set_type(pkey, OBJ_obj2nid(algoid))) { + EVPerror(EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); + i2t_ASN1_OBJECT(obj_tmp, 80, algoid); + ERR_asprintf_error_data("TYPE=%s", obj_tmp); + goto error; + } - if(t2->type != V_ASN1_INTEGER) { - EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); - goto dsaerr; - } - privkey = t2->value.integer; - } else { - if (!(privkey=d2i_ASN1_INTEGER (NULL, &p, pkeylen))) { - EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); - goto dsaerr; - } - param = p8->pkeyalg->parameter; + if (pkey->ameth->priv_decode) { + if (!pkey->ameth->priv_decode(pkey, p8)) { + EVPerror(EVP_R_PRIVATE_KEY_DECODE_ERROR); + goto error; } - if (!param || (param->type != V_ASN1_SEQUENCE)) { - EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); - goto dsaerr; - } - cp = p = param->value.sequence->data; - plen = param->value.sequence->length; - if (!(dsa = d2i_DSAparams (NULL, &cp, plen))) { - EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); - goto dsaerr; - } - /* We have parameters now set private key */ - if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) { - EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_DECODE_ERROR); - goto dsaerr; - } - /* Calculate public key (ouch!) */ - if (!(dsa->pub_key = BN_new())) { - EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE); - goto dsaerr; - } - if (!(ctx = BN_CTX_new())) { - EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE); - goto dsaerr; - } - - if (!BN_mod_exp(dsa->pub_key, dsa->g, - dsa->priv_key, dsa->p, ctx)) { - - EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_PUBKEY_ERROR); - goto dsaerr; - } - - EVP_PKEY_assign_DSA(pkey, dsa); - BN_CTX_free (ctx); - if(ndsa) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); - else ASN1_INTEGER_free(privkey); - break; - dsaerr: - BN_CTX_free (ctx); - sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); - DSA_free(dsa); - EVP_PKEY_free(pkey); - return NULL; - break; -#endif - default: - EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); - if (!a->algorithm) strcpy (obj_tmp, "NULL"); - else i2t_ASN1_OBJECT(obj_tmp, 80, a->algorithm); - ERR_add_error_data(2, "TYPE=", obj_tmp); - EVP_PKEY_free (pkey); - return NULL; + } else { + EVPerror(EVP_R_METHOD_NOT_SUPPORTED); + goto error; } + return pkey; -} -PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey) -{ - return EVP_PKEY2PKCS8_broken(pkey, PKCS8_OK); +error: + EVP_PKEY_free(pkey); + return NULL; } /* Turn a private key into a PKCS8 structure */ -PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken) +PKCS8_PRIV_KEY_INFO * +EVP_PKEY2PKCS8(EVP_PKEY *pkey) { PKCS8_PRIV_KEY_INFO *p8; - if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) { - EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); + if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) { + EVPerror(ERR_R_MALLOC_FAILURE); return NULL; } - p8->broken = broken; - ASN1_INTEGER_set (p8->version, 0); - if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) { - EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); - PKCS8_PRIV_KEY_INFO_free (p8); - return NULL; - } - p8->pkey->type = V_ASN1_OCTET_STRING; - switch (EVP_PKEY_type(pkey->type)) { -#ifndef OPENSSL_NO_RSA - case EVP_PKEY_RSA: - - if(p8->broken == PKCS8_NO_OCTET) p8->pkey->type = V_ASN1_SEQUENCE; - p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption); - p8->pkeyalg->parameter->type = V_ASN1_NULL; - if (!ASN1_pack_string ((char *)pkey, i2d_PrivateKey, - &p8->pkey->value.octet_string)) { - EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); - PKCS8_PRIV_KEY_INFO_free (p8); - return NULL; - } - break; -#endif -#ifndef OPENSSL_NO_DSA - case EVP_PKEY_DSA: - if(!dsa_pkey2pkcs8(p8, pkey)) { - PKCS8_PRIV_KEY_INFO_free (p8); - return NULL; + if (pkey->ameth) { + if (pkey->ameth->priv_encode) { + if (!pkey->ameth->priv_encode(p8, pkey)) { + EVPerror(EVP_R_PRIVATE_KEY_ENCODE_ERROR); + goto error; + } + } else { + EVPerror(EVP_R_METHOD_NOT_SUPPORTED); + goto error; } - - break; -#endif - default: - EVPerr(EVP_F_EVP_PKEY2PKCS8, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); - PKCS8_PRIV_KEY_INFO_free (p8); - return NULL; + } else { + EVPerror(EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM); + goto error; } - RAND_add(p8->pkey->value.octet_string->data, - p8->pkey->value.octet_string->length, 0); return p8; -} - -PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken) -{ - switch (broken) { - case PKCS8_OK: - p8->broken = PKCS8_OK; - return p8; - break; +error: + PKCS8_PRIV_KEY_INFO_free(p8); + return NULL; +} - case PKCS8_NO_OCTET: - p8->broken = PKCS8_NO_OCTET; - p8->pkey->type = V_ASN1_SEQUENCE; - return p8; - break; +/* EVP_PKEY attribute functions */ - default: - EVPerr(EVP_F_EVP_PKCS8_SET_BROKEN,EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE); - return NULL; - break; - - } +int +EVP_PKEY_get_attr_count(const EVP_PKEY *key) +{ + return X509at_get_attr_count(key->attributes); } -#ifndef OPENSSL_NO_DSA -static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) +int +EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, int lastpos) { - ASN1_STRING *params; - ASN1_INTEGER *prkey; - ASN1_TYPE *ttmp; - STACK_OF(ASN1_TYPE) *ndsa; - unsigned char *p, *q; - int len; - - p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa); - len = i2d_DSAparams (pkey->pkey.dsa, NULL); - if (!(p = OPENSSL_malloc(len))) { - EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); - PKCS8_PRIV_KEY_INFO_free (p8); - return 0; - } - q = p; - i2d_DSAparams (pkey->pkey.dsa, &q); - params = ASN1_STRING_new(); - ASN1_STRING_set(params, p, len); - OPENSSL_free(p); - /* Get private key into integer */ - if (!(prkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) { - EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR); - return 0; - } - - switch(p8->broken) { - - case PKCS8_OK: - case PKCS8_NO_OCTET: - - if (!ASN1_pack_string((char *)prkey, i2d_ASN1_INTEGER, - &p8->pkey->value.octet_string)) { - EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); - M_ASN1_INTEGER_free (prkey); - return 0; - } - - M_ASN1_INTEGER_free (prkey); - p8->pkeyalg->parameter->value.sequence = params; - p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; - - break; - - case PKCS8_NS_DB: - - p8->pkeyalg->parameter->value.sequence = params; - p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; - ndsa = sk_ASN1_TYPE_new_null(); - ttmp = ASN1_TYPE_new(); - if (!(ttmp->value.integer = BN_to_ASN1_INTEGER (pkey->pkey.dsa->pub_key, NULL))) { - EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR); - PKCS8_PRIV_KEY_INFO_free(p8); - return 0; - } - ttmp->type = V_ASN1_INTEGER; - sk_ASN1_TYPE_push(ndsa, ttmp); - - ttmp = ASN1_TYPE_new(); - ttmp->value.integer = prkey; - ttmp->type = V_ASN1_INTEGER; - sk_ASN1_TYPE_push(ndsa, ttmp); - - p8->pkey->value.octet_string = ASN1_OCTET_STRING_new(); - - if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE, - &p8->pkey->value.octet_string->data, - &p8->pkey->value.octet_string->length)) { + return X509at_get_attr_by_NID(key->attributes, nid, lastpos); +} - EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); - sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); - M_ASN1_INTEGER_free(prkey); - return 0; - } - sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); - break; +int +EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, const ASN1_OBJECT *obj, + int lastpos) +{ + return X509at_get_attr_by_OBJ(key->attributes, obj, lastpos); +} - case PKCS8_EMBEDDED_PARAM: +X509_ATTRIBUTE * +EVP_PKEY_get_attr(const EVP_PKEY *key, int loc) +{ + return X509at_get_attr(key->attributes, loc); +} - p8->pkeyalg->parameter->type = V_ASN1_NULL; - ndsa = sk_ASN1_TYPE_new_null(); - ttmp = ASN1_TYPE_new(); - ttmp->value.sequence = params; - ttmp->type = V_ASN1_SEQUENCE; - sk_ASN1_TYPE_push(ndsa, ttmp); +X509_ATTRIBUTE * +EVP_PKEY_delete_attr(EVP_PKEY *key, int loc) +{ + return X509at_delete_attr(key->attributes, loc); +} - ttmp = ASN1_TYPE_new(); - ttmp->value.integer = prkey; - ttmp->type = V_ASN1_INTEGER; - sk_ASN1_TYPE_push(ndsa, ttmp); +int +EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr) +{ + if (X509at_add1_attr(&key->attributes, attr)) + return 1; + return 0; +} - p8->pkey->value.octet_string = ASN1_OCTET_STRING_new(); +int +EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key, const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len) +{ + if (X509at_add1_attr_by_OBJ(&key->attributes, obj, type, bytes, len)) + return 1; + return 0; +} - if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE, - &p8->pkey->value.octet_string->data, - &p8->pkey->value.octet_string->length)) { +int +EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key, int nid, int type, + const unsigned char *bytes, int len) +{ + if (X509at_add1_attr_by_NID(&key->attributes, nid, type, bytes, len)) + return 1; + return 0; +} - EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); - sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); - M_ASN1_INTEGER_free (prkey); - return 0; - } - sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); - break; - } - return 1; +int +EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key, const char *attrname, int type, + const unsigned char *bytes, int len) +{ + if (X509at_add1_attr_by_txt(&key->attributes, attrname, type, + bytes, len)) + return 1; + return 0; } -#endif diff --git a/src/lib/libcrypto/evp/evp_test.c b/src/lib/libcrypto/evp/evp_test.c deleted file mode 100644 index 90294ef686e..00000000000 --- a/src/lib/libcrypto/evp/evp_test.c +++ /dev/null @@ -1,386 +0,0 @@ -/* Written by Ben Laurie, 2001 */ -/* - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include -#include -#include -#include -#include - -static void hexdump(FILE *f,const char *title,const unsigned char *s,int l) - { - int n=0; - - fprintf(f,"%s",title); - for( ; n < l ; ++n) - { - if((n%16) == 0) - fprintf(f,"\n%04x",n); - fprintf(f," %02x",s[n]); - } - fprintf(f,"\n"); - } - -static int convert(unsigned char *s) - { - unsigned char *d; - - for(d=s ; *s ; s+=2,++d) - { - unsigned int n; - - if(!s[1]) - { - fprintf(stderr,"Odd number of hex digits!"); - exit(4); - } - sscanf((char *)s,"%2x",&n); - *d=(unsigned char)n; - } - return s-d; - } - -static char *sstrsep(char **string, const char *delim) - { - char isdelim[256]; - char *token = *string; - - if (**string == 0) - return NULL; - - memset(isdelim, 0, 256); - isdelim[0] = 1; - - while (*delim) - { - isdelim[(unsigned char)(*delim)] = 1; - delim++; - } - - while (!isdelim[(unsigned char)(**string)]) - { - (*string)++; - } - - if (**string) - { - **string = 0; - (*string)++; - } - - return token; - } - -static unsigned char *ustrsep(char **p,const char *sep) - { return (unsigned char *)sstrsep(p,sep); } - -static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn, - const unsigned char *iv,int in, - const unsigned char *plaintext,int pn, - const unsigned char *ciphertext,int cn, - int encdec) - { - EVP_CIPHER_CTX ctx; - unsigned char out[4096]; - int outl,outl2; - - printf("Testing cipher %s%s\n",EVP_CIPHER_name(c), - (encdec == 1 ? "(encrypt)" : (encdec == 0 ? "(decrypt)" : "(encrypt/decrypt)"))); - hexdump(stdout,"Key",key,kn); - if(in) - hexdump(stdout,"IV",iv,in); - hexdump(stdout,"Plaintext",plaintext,pn); - hexdump(stdout,"Ciphertext",ciphertext,cn); - - if(kn != c->key_len) - { - fprintf(stderr,"Key length doesn't match, got %d expected %d\n",kn, - c->key_len); - exit(5); - } - EVP_CIPHER_CTX_init(&ctx); - if (encdec != 0) - { - if(!EVP_EncryptInit_ex(&ctx,c,NULL,key,iv)) - { - fprintf(stderr,"EncryptInit failed\n"); - exit(10); - } - EVP_CIPHER_CTX_set_padding(&ctx,0); - - if(!EVP_EncryptUpdate(&ctx,out,&outl,plaintext,pn)) - { - fprintf(stderr,"Encrypt failed\n"); - exit(6); - } - if(!EVP_EncryptFinal_ex(&ctx,out+outl,&outl2)) - { - fprintf(stderr,"EncryptFinal failed\n"); - exit(7); - } - - if(outl+outl2 != cn) - { - fprintf(stderr,"Ciphertext length mismatch got %d expected %d\n", - outl+outl2,cn); - exit(8); - } - - if(memcmp(out,ciphertext,cn)) - { - fprintf(stderr,"Ciphertext mismatch\n"); - hexdump(stderr,"Got",out,cn); - hexdump(stderr,"Expected",ciphertext,cn); - exit(9); - } - } - - if (encdec <= 0) - { - if(!EVP_DecryptInit_ex(&ctx,c,NULL,key,iv)) - { - fprintf(stderr,"DecryptInit failed\n"); - exit(11); - } - EVP_CIPHER_CTX_set_padding(&ctx,0); - - if(!EVP_DecryptUpdate(&ctx,out,&outl,ciphertext,cn)) - { - fprintf(stderr,"Decrypt failed\n"); - exit(6); - } - if(!EVP_DecryptFinal_ex(&ctx,out+outl,&outl2)) - { - fprintf(stderr,"DecryptFinal failed\n"); - exit(7); - } - - if(outl+outl2 != cn) - { - fprintf(stderr,"Plaintext length mismatch got %d expected %d\n", - outl+outl2,cn); - exit(8); - } - - if(memcmp(out,plaintext,cn)) - { - fprintf(stderr,"Plaintext mismatch\n"); - hexdump(stderr,"Got",out,cn); - hexdump(stderr,"Expected",plaintext,cn); - exit(9); - } - } - - EVP_CIPHER_CTX_cleanup(&ctx); - - printf("\n"); - } - -static int test_cipher(const char *cipher,const unsigned char *key,int kn, - const unsigned char *iv,int in, - const unsigned char *plaintext,int pn, - const unsigned char *ciphertext,int cn, - int encdec) - { - const EVP_CIPHER *c; - - c=EVP_get_cipherbyname(cipher); - if(!c) - return 0; - - test1(c,key,kn,iv,in,plaintext,pn,ciphertext,cn,encdec); - - return 1; - } - -static int test_digest(const char *digest, - const unsigned char *plaintext,int pn, - const unsigned char *ciphertext, unsigned int cn) - { - const EVP_MD *d; - EVP_MD_CTX ctx; - unsigned char md[EVP_MAX_MD_SIZE]; - unsigned int mdn; - - d=EVP_get_digestbyname(digest); - if(!d) - return 0; - - printf("Testing digest %s\n",EVP_MD_name(d)); - hexdump(stdout,"Plaintext",plaintext,pn); - hexdump(stdout,"Digest",ciphertext,cn); - - EVP_MD_CTX_init(&ctx); - if(!EVP_DigestInit_ex(&ctx,d, NULL)) - { - fprintf(stderr,"DigestInit failed\n"); - exit(100); - } - if(!EVP_DigestUpdate(&ctx,plaintext,pn)) - { - fprintf(stderr,"DigestUpdate failed\n"); - exit(101); - } - if(!EVP_DigestFinal_ex(&ctx,md,&mdn)) - { - fprintf(stderr,"DigestFinal failed\n"); - exit(101); - } - EVP_MD_CTX_cleanup(&ctx); - - if(mdn != cn) - { - fprintf(stderr,"Digest length mismatch, got %d expected %d\n",mdn,cn); - exit(102); - } - - if(memcmp(md,ciphertext,cn)) - { - fprintf(stderr,"Digest mismatch\n"); - hexdump(stderr,"Got",md,cn); - hexdump(stderr,"Expected",ciphertext,cn); - exit(103); - } - - printf("\n"); - - EVP_MD_CTX_cleanup(&ctx); - - return 1; - } - -int main(int argc,char **argv) - { - const char *szTestFile; - FILE *f; - - if(argc != 2) - { - fprintf(stderr,"%s \n",argv[0]); - exit(1); - } - CRYPTO_malloc_debug_init(); - CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - - szTestFile=argv[1]; - - f=fopen(szTestFile,"r"); - if(!f) - { - perror(szTestFile); - exit(2); - } - - /* Load up the software EVP_CIPHER and EVP_MD definitions */ - OpenSSL_add_all_ciphers(); - OpenSSL_add_all_digests(); - /* Load all compiled-in ENGINEs */ - ENGINE_load_builtin_engines(); -#if 0 - OPENSSL_config(); -#endif - /* Register all available ENGINE implementations of ciphers and digests. - * This could perhaps be changed to "ENGINE_register_all_complete()"? */ - ENGINE_register_all_ciphers(); - ENGINE_register_all_digests(); - /* If we add command-line options, this statement should be switchable. - * It'll prevent ENGINEs being ENGINE_init()ialised for cipher/digest use if - * they weren't already initialised. */ - /* ENGINE_set_cipher_flags(ENGINE_CIPHER_FLAG_NOINIT); */ - - for( ; ; ) - { - char line[4096]; - char *p; - char *cipher; - unsigned char *iv,*key,*plaintext,*ciphertext; - int encdec; - int kn,in,pn,cn; - - if(!fgets((char *)line,sizeof line,f)) - break; - if(line[0] == '#' || line[0] == '\n') - continue; - p=line; - cipher=sstrsep(&p,":"); - key=ustrsep(&p,":"); - iv=ustrsep(&p,":"); - plaintext=ustrsep(&p,":"); - ciphertext=ustrsep(&p,":"); - if (p[-1] == '\n') { - p[-1] = '\0'; - encdec = -1; - } else { - encdec = atoi(sstrsep(&p,"\n")); - } - - - kn=convert(key); - in=convert(iv); - pn=convert(plaintext); - cn=convert(ciphertext); - - if(!test_cipher(cipher,key,kn,iv,in,plaintext,pn,ciphertext,cn,encdec) - && !test_digest(cipher,plaintext,pn,ciphertext,cn)) - { - fprintf(stderr,"Can't find %s\n",cipher); - exit(3); - } - } - - ENGINE_cleanup(); - EVP_cleanup(); - CRYPTO_cleanup_all_ex_data(); - ERR_remove_state(0); - ERR_free_strings(); - CRYPTO_mem_leaks_fp(stderr); - - return 0; - } diff --git a/src/lib/libcrypto/evp/evptests.txt b/src/lib/libcrypto/evp/evptests.txt deleted file mode 100644 index 80bd9c7765c..00000000000 --- a/src/lib/libcrypto/evp/evptests.txt +++ /dev/null @@ -1,183 +0,0 @@ -#cipher:key:iv:plaintext:ciphertext:0/1(decrypt/encrypt) -#digest:::input:output - -# SHA(1) tests (from shatest.c) -SHA1:::616263:a9993e364706816aba3e25717850c26c9cd0d89d - -# MD5 tests (from md5test.c) -MD5::::d41d8cd98f00b204e9800998ecf8427e -MD5:::61:0cc175b9c0f1b6a831c399e269772661 -MD5:::616263:900150983cd24fb0d6963f7d28e17f72 -MD5:::6d65737361676520646967657374:f96b697d7cb7938d525a2f31aaf161d0 -MD5:::6162636465666768696a6b6c6d6e6f707172737475767778797a:c3fcd3d76192e4007dfb496cca67e13b -MD5:::4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839:d174ab98d277d9f5a5611c2c9f419d9f -MD5:::3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930:57edf4a22be3c955ac49da2e2107b67a - -# AES 128 ECB tests (from FIPS-197 test vectors, encrypt) - -AES-128-ECB:000102030405060708090A0B0C0D0E0F::00112233445566778899AABBCCDDEEFF:69C4E0D86A7B0430D8CDB78070B4C55A:1 - -# AES 192 ECB tests (from FIPS-197 test vectors, encrypt) - -AES-192-ECB:000102030405060708090A0B0C0D0E0F1011121314151617::00112233445566778899AABBCCDDEEFF:DDA97CA4864CDFE06EAF70A0EC0D7191:1 - -# AES 256 ECB tests (from FIPS-197 test vectors, encrypt) - -AES-256-ECB:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F::00112233445566778899AABBCCDDEEFF:8EA2B7CA516745BFEAFC49904B496089:1 - -# AES 128 ECB tests (from NIST test vectors, encrypt) - -#AES-128-ECB:00000000000000000000000000000000::00000000000000000000000000000000:C34C052CC0DA8D73451AFE5F03BE297F:1 - -# AES 128 ECB tests (from NIST test vectors, decrypt) - -#AES-128-ECB:00000000000000000000000000000000::44416AC2D1F53C583303917E6BE9EBE0:00000000000000000000000000000000:0 - -# AES 192 ECB tests (from NIST test vectors, decrypt) - -#AES-192-ECB:000000000000000000000000000000000000000000000000::48E31E9E256718F29229319C19F15BA4:00000000000000000000000000000000:0 - -# AES 256 ECB tests (from NIST test vectors, decrypt) - -#AES-256-ECB:0000000000000000000000000000000000000000000000000000000000000000::058CCFFDBBCB382D1F6F56585D8A4ADE:00000000000000000000000000000000:0 - -# AES 128 CBC tests (from NIST test vectors, encrypt) - -#AES-128-CBC:00000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:8A05FC5E095AF4848A08D328D3688E3D:1 - -# AES 192 CBC tests (from NIST test vectors, encrypt) - -#AES-192-CBC:000000000000000000000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:7BD966D53AD8C1BB85D2ADFAE87BB104:1 - -# AES 256 CBC tests (from NIST test vectors, encrypt) - -#AES-256-CBC:0000000000000000000000000000000000000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:FE3C53653E2F45B56FCD88B2CC898FF0:1 - -# AES 128 CBC tests (from NIST test vectors, decrypt) - -#AES-128-CBC:00000000000000000000000000000000:00000000000000000000000000000000:FACA37E0B0C85373DF706E73F7C9AF86:00000000000000000000000000000000:0 - -# AES tests from NIST document SP800-38A -# For all ECB encrypts and decrypts, the transformed sequence is -# AES-bits-ECB:key::plaintext:ciphertext:encdec -# ECB-AES128.Encrypt and ECB-AES128.Decrypt -AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::6BC1BEE22E409F96E93D7E117393172A:3AD77BB40D7A3660A89ECAF32466EF97 -AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::AE2D8A571E03AC9C9EB76FAC45AF8E51:F5D3D58503B9699DE785895A96FDBAAF -AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::30C81C46A35CE411E5FBC1191A0A52EF:43B1CD7F598ECE23881B00E3ED030688 -AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::F69F2445DF4F9B17AD2B417BE66C3710:7B0C785E27E8AD3F8223207104725DD4 -# ECB-AES192.Encrypt and ECB-AES192.Decrypt -AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::6BC1BEE22E409F96E93D7E117393172A:BD334F1D6E45F25FF712A214571FA5CC -AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::AE2D8A571E03AC9C9EB76FAC45AF8E51:974104846D0AD3AD7734ECB3ECEE4EEF -AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::30C81C46A35CE411E5FBC1191A0A52EF:EF7AFD2270E2E60ADCE0BA2FACE6444E -AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::F69F2445DF4F9B17AD2B417BE66C3710:9A4B41BA738D6C72FB16691603C18E0E -# ECB-AES256.Encrypt and ECB-AES256.Decrypt -AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::6BC1BEE22E409F96E93D7E117393172A:F3EED1BDB5D2A03C064B5A7E3DB181F8 -AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::AE2D8A571E03AC9C9EB76FAC45AF8E51:591CCB10D410ED26DC5BA74A31362870 -AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::30C81C46A35CE411E5FBC1191A0A52EF:B6ED21B99CA6F4F9F153E7B1BEAFED1D -AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::F69F2445DF4F9B17AD2B417BE66C3710:23304B7A39F9F3FF067D8D8F9E24ECC7 -# For all CBC encrypts and decrypts, the transformed sequence is -# AES-bits-CBC:key:IV/ciphertext':plaintext:ciphertext:encdec -# CBC-AES128.Encrypt and CBC-AES128.Decrypt -AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:7649ABAC8119B246CEE98E9B12E9197D -AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:7649ABAC8119B246CEE98E9B12E9197D:AE2D8A571E03AC9C9EB76FAC45AF8E51:5086CB9B507219EE95DB113A917678B2 -AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:5086CB9B507219EE95DB113A917678B2:30C81C46A35CE411E5FBC1191A0A52EF:73BED6B8E3C1743B7116E69E22229516 -AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:73BED6B8E3C1743B7116E69E22229516:F69F2445DF4F9B17AD2B417BE66C3710:3FF1CAA1681FAC09120ECA307586E1A7 -# CBC-AES192.Encrypt and CBC-AES192.Decrypt -AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:4F021DB243BC633D7178183A9FA071E8 -AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:4F021DB243BC633D7178183A9FA071E8:AE2D8A571E03AC9C9EB76FAC45AF8E51:B4D9ADA9AD7DEDF4E5E738763F69145A -AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:B4D9ADA9AD7DEDF4E5E738763F69145A:30C81C46A35CE411E5FBC1191A0A52EF:571B242012FB7AE07FA9BAAC3DF102E0 -AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:571B242012FB7AE07FA9BAAC3DF102E0:F69F2445DF4F9B17AD2B417BE66C3710:08B0E27988598881D920A9E64F5615CD -# CBC-AES256.Encrypt and CBC-AES256.Decrypt -AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:F58C4C04D6E5F1BA779EABFB5F7BFBD6 -AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:F58C4C04D6E5F1BA779EABFB5F7BFBD6:AE2D8A571E03AC9C9EB76FAC45AF8E51:9CFC4E967EDB808D679F777BC6702C7D -AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:9CFC4E967EDB808D679F777BC6702C7D:30C81C46A35CE411E5FBC1191A0A52EF:39F23369A9D9BACFA530E26304231461 -AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39F23369A9D9BACFA530E26304231461:F69F2445DF4F9B17AD2B417BE66C3710:B2EB05E2C39BE9FCDA6C19078C6A9D1B -# We don't support CFB{1,8}-AESxxx.{En,De}crypt -# For all CFB128 encrypts and decrypts, the transformed sequence is -# AES-bits-CFB:key:IV/ciphertext':plaintext:ciphertext:encdec -# CFB128-AES128.Encrypt -AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:1 -AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:3B3FD92EB72DAD20333449F8E83CFB4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:C8A64537A0B3A93FCDE3CDAD9F1CE58B:1 -AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:C8A64537A0B3A93FCDE3CDAD9F1CE58B:30C81C46A35CE411E5FBC1191A0A52EF:26751F67A3CBB140B1808CF187A4F4DF:1 -AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:26751F67A3CBB140B1808CF187A4F4DF:F69F2445DF4F9B17AD2B417BE66C3710:C04B05357C5D1C0EEAC4C66F9FF7F2E6:1 -# CFB128-AES128.Decrypt -AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:0 -AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:3B3FD92EB72DAD20333449F8E83CFB4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:C8A64537A0B3A93FCDE3CDAD9F1CE58B:0 -AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:C8A64537A0B3A93FCDE3CDAD9F1CE58B:30C81C46A35CE411E5FBC1191A0A52EF:26751F67A3CBB140B1808CF187A4F4DF:0 -AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:26751F67A3CBB140B1808CF187A4F4DF:F69F2445DF4F9B17AD2B417BE66C3710:C04B05357C5D1C0EEAC4C66F9FF7F2E6:0 -# CFB128-AES192.Encrypt -AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:1 -AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:CDC80D6FDDF18CAB34C25909C99A4174:AE2D8A571E03AC9C9EB76FAC45AF8E51:67CE7F7F81173621961A2B70171D3D7A:1 -AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:67CE7F7F81173621961A2B70171D3D7A:30C81C46A35CE411E5FBC1191A0A52EF:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:1 -AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:F69F2445DF4F9B17AD2B417BE66C3710:C05F9F9CA9834FA042AE8FBA584B09FF:1 -# CFB128-AES192.Decrypt -AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:0 -AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:CDC80D6FDDF18CAB34C25909C99A4174:AE2D8A571E03AC9C9EB76FAC45AF8E51:67CE7F7F81173621961A2B70171D3D7A:0 -AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:67CE7F7F81173621961A2B70171D3D7A:30C81C46A35CE411E5FBC1191A0A52EF:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:0 -AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:F69F2445DF4F9B17AD2B417BE66C3710:C05F9F9CA9834FA042AE8FBA584B09FF:0 -# CFB128-AES256.Encrypt -AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:1 -AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DC7E84BFDA79164B7ECD8486985D3860:AE2D8A571E03AC9C9EB76FAC45AF8E51:39FFED143B28B1C832113C6331E5407B:1 -AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39FFED143B28B1C832113C6331E5407B:30C81C46A35CE411E5FBC1191A0A52EF:DF10132415E54B92A13ED0A8267AE2F9:1 -AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DF10132415E54B92A13ED0A8267AE2F9:F69F2445DF4F9B17AD2B417BE66C3710:75A385741AB9CEF82031623D55B1E471:1 -# CFB128-AES256.Decrypt -AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:0 -AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DC7E84BFDA79164B7ECD8486985D3860:AE2D8A571E03AC9C9EB76FAC45AF8E51:39FFED143B28B1C832113C6331E5407B:0 -AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39FFED143B28B1C832113C6331E5407B:30C81C46A35CE411E5FBC1191A0A52EF:DF10132415E54B92A13ED0A8267AE2F9:0 -AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DF10132415E54B92A13ED0A8267AE2F9:F69F2445DF4F9B17AD2B417BE66C3710:75A385741AB9CEF82031623D55B1E471:0 -# For all OFB encrypts and decrypts, the transformed sequence is -# AES-bits-CFB:key:IV/output':plaintext:ciphertext:encdec -# OFB-AES128.Encrypt -AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:1 -AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:7789508D16918F03F53C52DAC54ED825:1 -AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:9740051E9C5FECF64344F7A82260EDCC:1 -AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:304C6528F659C77866A510D9C1D6AE5E:1 -# OFB-AES128.Decrypt -AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:0 -AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:7789508D16918F03F53C52DAC54ED825:0 -AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:9740051E9C5FECF64344F7A82260EDCC:0 -AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:304C6528F659C77866A510D9C1D6AE5E:0 -# OFB-AES192.Encrypt -AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:1 -AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:FCC28B8D4C63837C09E81700C1100401:1 -AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:8D9A9AEAC0F6596F559C6D4DAF59A5F2:1 -AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:6D9F200857CA6C3E9CAC524BD9ACC92A:1 -# OFB-AES192.Decrypt -AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:0 -AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:FCC28B8D4C63837C09E81700C1100401:0 -AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:8D9A9AEAC0F6596F559C6D4DAF59A5F2:0 -AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:6D9F200857CA6C3E9CAC524BD9ACC92A:0 -# OFB-AES256.Encrypt -AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:1 -AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:4FEBDC6740D20B3AC88F6AD82A4FB08D:1 -AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:71AB47A086E86EEDF39D1C5BBA97C408:1 -AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0126141D67F37BE8538F5A8BE740E484:1 -# OFB-AES256.Decrypt -AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:0 -AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:4FEBDC6740D20B3AC88F6AD82A4FB08D:0 -AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:71AB47A086E86EEDF39D1C5BBA97C408:0 -AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0126141D67F37BE8538F5A8BE740E484:0 - -# DES ECB tests (from destest) - -DES-ECB:0000000000000000::0000000000000000:8CA64DE9C1B123A7 -DES-ECB:FFFFFFFFFFFFFFFF::FFFFFFFFFFFFFFFF:7359B2163E4EDC58 -DES-ECB:3000000000000000::1000000000000001:958E6E627A05557B -DES-ECB:1111111111111111::1111111111111111:F40379AB9E0EC533 -DES-ECB:0123456789ABCDEF::1111111111111111:17668DFC7292532D -DES-ECB:1111111111111111::0123456789ABCDEF:8A5AE1F81AB8F2DD -DES-ECB:FEDCBA9876543210::0123456789ABCDEF:ED39D950FA74BCC4 - -# DESX-CBC tests (from destest) -DESX-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363534333231204E6F77206973207468652074696D6520666F722000000000:846B2914851E9A2954732F8AA0A611C115CDC2D7951B1053A63C5E03B21AA3C4 - -# DES EDE3 CBC tests (from destest) -DES-EDE3-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363534333231204E6F77206973207468652074696D6520666F722000000000:3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675 - -# RC4 tests (from rc4test) -RC4:0123456789abcdef0123456789abcdef::0123456789abcdef:75b7878099e0c596 -RC4:0123456789abcdef0123456789abcdef::0000000000000000:7494c2e7104b0879 -RC4:00000000000000000000000000000000::0000000000000000:de188941a3375d3a -RC4:ef012345ef012345ef012345ef012345::0000000000000000000000000000000000000000:d6a141a7ec3c38dfbd615a1162e1c7ba36b67858 -RC4:0123456789abcdef0123456789abcdef::123456789ABCDEF0123456789ABCDEF0123456789ABCDEF012345678:66a0949f8af7d6891f7f832ba833c00c892ebe30143ce28740011ecf -RC4:ef012345ef012345ef012345ef012345::00000000000000000000:d6a141a7ec3c38dfbd61 diff --git a/src/lib/libcrypto/evp/m_dss.c b/src/lib/libcrypto/evp/m_dss.c index beb8d7fc5c9..d23c9b4e71a 100644 --- a/src/lib/libcrypto/evp/m_dss.c +++ b/src/lib/libcrypto/evp/m_dss.c @@ -1,25 +1,25 @@ -/* crypto/evp/m_dss.c */ +/* $OpenBSD: m_dss.c,v 1.16 2014/07/11 08:44:48 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,39 +57,61 @@ */ #include -#include "cryptlib.h" + +#include + #include #include -#include +#include + +#ifndef OPENSSL_NO_DSA +#include +#endif #ifndef OPENSSL_NO_SHA -static int init(EVP_MD_CTX *ctx) - { return SHA1_Init(ctx->md_data); } -static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) - { return SHA1_Update(ctx->md_data,data,count); } +static int +init(EVP_MD_CTX *ctx) +{ + return SHA1_Init(ctx->md_data); +} -static int final(EVP_MD_CTX *ctx,unsigned char *md) - { return SHA1_Final(md,ctx->md_data); } +static int +update(EVP_MD_CTX *ctx, const void *data, size_t count) +{ + return SHA1_Update(ctx->md_data, data, count); +} -static const EVP_MD dsa_md= - { - NID_dsaWithSHA, - NID_dsaWithSHA, - SHA_DIGEST_LENGTH, - 0, - init, - update, - final, - NULL, - NULL, - EVP_PKEY_DSA_method, - SHA_CBLOCK, - sizeof(EVP_MD *)+sizeof(SHA_CTX), - }; +static int +final(EVP_MD_CTX *ctx, unsigned char *md) +{ + return SHA1_Final(md, ctx->md_data); +} + +static const EVP_MD dsa_md = { + .type = NID_dsaWithSHA, + .pkey_type = NID_dsaWithSHA, + .md_size = SHA_DIGEST_LENGTH, + .flags = EVP_MD_FLAG_PKEY_DIGEST, + .init = init, + .update = update, + .final = final, + .copy = NULL, + .cleanup = NULL, +#ifndef OPENSSL_NO_DSA + .sign = (evp_sign_method *)DSA_sign, + .verify = (evp_verify_method *)DSA_verify, + .required_pkey_type = { + EVP_PKEY_DSA, EVP_PKEY_DSA2, EVP_PKEY_DSA3, EVP_PKEY_DSA4, 0, + }, +#endif + .block_size = SHA_CBLOCK, + .ctx_size = sizeof(EVP_MD *) + sizeof(SHA_CTX), +}; -const EVP_MD *EVP_dss(void) - { - return(&dsa_md); - } +const EVP_MD * +EVP_dss(void) +{ + return (&dsa_md); +} #endif diff --git a/src/lib/libcrypto/evp/m_dss1.c b/src/lib/libcrypto/evp/m_dss1.c index f5668ebda0a..a906c11b69e 100644 --- a/src/lib/libcrypto/evp/m_dss1.c +++ b/src/lib/libcrypto/evp/m_dss1.c @@ -1,25 +1,25 @@ -/* crypto/evp/m_dss1.c */ +/* $OpenBSD: m_dss1.c,v 1.16 2014/07/11 08:44:48 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,47 +49,69 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_SHA #include -#include "cryptlib.h" + +#include + +#ifndef OPENSSL_NO_SHA + #include #include -#include +#include -static int init(EVP_MD_CTX *ctx) - { return SHA1_Init(ctx->md_data); } +#ifndef OPENSSL_NO_DSA +#include +#endif + +static int +init(EVP_MD_CTX *ctx) +{ + return SHA1_Init(ctx->md_data); +} -static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) - { return SHA1_Update(ctx->md_data,data,count); } +static int +update(EVP_MD_CTX *ctx, const void *data, size_t count) +{ + return SHA1_Update(ctx->md_data, data, count); +} -static int final(EVP_MD_CTX *ctx,unsigned char *md) - { return SHA1_Final(md,ctx->md_data); } +static int +final(EVP_MD_CTX *ctx, unsigned char *md) +{ + return SHA1_Final(md, ctx->md_data); +} -static const EVP_MD dss1_md= - { - NID_dsa, - NID_dsaWithSHA1, - SHA_DIGEST_LENGTH, - 0, - init, - update, - final, - NULL, - NULL, - EVP_PKEY_DSA_method, - SHA_CBLOCK, - sizeof(EVP_MD *)+sizeof(SHA_CTX), - }; +static const EVP_MD dss1_md = { + .type = NID_dsa, + .pkey_type = NID_dsaWithSHA1, + .md_size = SHA_DIGEST_LENGTH, + .flags = EVP_MD_FLAG_PKEY_DIGEST, + .init = init, + .update = update, + .final = final, + .copy = NULL, + .cleanup = NULL, +#ifndef OPENSSL_NO_DSA + .sign = (evp_sign_method *)DSA_sign, + .verify = (evp_verify_method *)DSA_verify, + .required_pkey_type = { + EVP_PKEY_DSA, EVP_PKEY_DSA2, EVP_PKEY_DSA3, EVP_PKEY_DSA4, 0, + }, +#endif + .block_size = SHA_CBLOCK, + .ctx_size = sizeof(EVP_MD *) + sizeof(SHA_CTX), +}; -const EVP_MD *EVP_dss1(void) - { - return(&dss1_md); - } +const EVP_MD * +EVP_dss1(void) +{ + return (&dss1_md); +} #endif diff --git a/src/lib/libcrypto/evp/m_ecdsa.c b/src/lib/libcrypto/evp/m_ecdsa.c new file mode 100644 index 00000000000..b9af6423b56 --- /dev/null +++ b/src/lib/libcrypto/evp/m_ecdsa.c @@ -0,0 +1,166 @@ +/* $OpenBSD: m_ecdsa.c,v 1.8 2014/07/11 08:44:48 jsing Exp $ */ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include + +#include + +#include +#include +#include + +#ifndef OPENSSL_NO_SHA + +static int +init(EVP_MD_CTX *ctx) +{ + return SHA1_Init(ctx->md_data); +} + +static int +update(EVP_MD_CTX *ctx, const void *data, size_t count) +{ + return SHA1_Update(ctx->md_data, data, count); +} + +static int +final(EVP_MD_CTX *ctx, unsigned char *md) +{ + return SHA1_Final(md, ctx->md_data); +} + +static const EVP_MD ecdsa_md = { + .type = NID_ecdsa_with_SHA1, + .pkey_type = NID_ecdsa_with_SHA1, + .md_size = SHA_DIGEST_LENGTH, + .flags = EVP_MD_FLAG_PKEY_DIGEST, + .init = init, + .update = update, + .final = final, + .copy = NULL, + .cleanup = NULL, +#ifndef OPENSSL_NO_ECDSA + .sign = (evp_sign_method *)ECDSA_sign, + .verify = (evp_verify_method *)ECDSA_verify, + .required_pkey_type = { + EVP_PKEY_EC, 0, 0, 0, + }, +#endif + .block_size = SHA_CBLOCK, + .ctx_size = sizeof(EVP_MD *) + sizeof(SHA_CTX), +}; + +const EVP_MD * +EVP_ecdsa(void) +{ + return (&ecdsa_md); +} +#endif diff --git a/src/lib/libcrypto/evp/m_gost2814789.c b/src/lib/libcrypto/evp/m_gost2814789.c new file mode 100644 index 00000000000..279af872e02 --- /dev/null +++ b/src/lib/libcrypto/evp/m_gost2814789.c @@ -0,0 +1,110 @@ +/* $OpenBSD: m_gost2814789.c,v 1.2 2014/11/09 23:06:50 miod Exp $ */ +/* + * Copyright (c) 2014 Dmitry Eremin-Solenikov + * Copyright (c) 2005-2006 Cryptocom LTD + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ +#include + +#ifndef OPENSSL_NO_GOST + +#include +#include +#include + +static int +gost2814789_init(EVP_MD_CTX *ctx) +{ + return GOST2814789IMIT_Init(ctx->md_data, + NID_id_Gost28147_89_CryptoPro_A_ParamSet); +} + +static int +gost2814789_update(EVP_MD_CTX *ctx, const void *data, size_t count) +{ + return GOST2814789IMIT_Update(ctx->md_data, data, count); +} + +static int +gost2814789_final(EVP_MD_CTX *ctx, unsigned char *md) +{ + return GOST2814789IMIT_Final(md, ctx->md_data); +} + +static int +gost2814789_md_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2) +{ + GOST2814789IMIT_CTX *gctx = ctx->md_data; + + switch (cmd) { + case EVP_MD_CTRL_SET_KEY: + return Gost2814789_set_key(&gctx->cipher, p2, p1); + case EVP_MD_CTRL_GOST_SET_SBOX: + return Gost2814789_set_sbox(&gctx->cipher, p1); + } + return -2; +} + +static const EVP_MD gost2814789imit_md = { + .type = NID_id_Gost28147_89_MAC, + .pkey_type = NID_undef, + .md_size = GOST2814789IMIT_LENGTH, + .flags = 0, + .init = gost2814789_init, + .update = gost2814789_update, + .final = gost2814789_final, + .block_size = GOST2814789IMIT_CBLOCK, + .ctx_size = sizeof(EVP_MD *) + sizeof(GOST2814789IMIT_CTX), + .md_ctrl = gost2814789_md_ctrl, +}; + +const EVP_MD * +EVP_gost2814789imit(void) +{ + return (&gost2814789imit_md); +} +#endif diff --git a/src/lib/libcrypto/evp/m_gostr341194.c b/src/lib/libcrypto/evp/m_gostr341194.c new file mode 100644 index 00000000000..66d9b4f303e --- /dev/null +++ b/src/lib/libcrypto/evp/m_gostr341194.c @@ -0,0 +1,97 @@ +/* $OpenBSD: m_gostr341194.c,v 1.2 2014/11/09 23:06:50 miod Exp $ */ +/* + * Copyright (c) 2014 Dmitry Eremin-Solenikov + * Copyright (c) 2005-2006 Cryptocom LTD + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ +#include + +#include + +#ifndef OPENSSL_NO_GOST + +#include +#include +#include + +static int +gostr341194_init(EVP_MD_CTX *ctx) +{ + return GOSTR341194_Init(ctx->md_data, + NID_id_GostR3411_94_CryptoProParamSet); +} + +static int +gostr341194_update(EVP_MD_CTX *ctx, const void *data, size_t count) +{ + return GOSTR341194_Update(ctx->md_data, data, count); +} + +static int +gostr341194_final(EVP_MD_CTX *ctx, unsigned char *md) +{ + return GOSTR341194_Final(md, ctx->md_data); +} + +static const EVP_MD gostr341194_md = { + .type = NID_id_GostR3411_94, + .pkey_type = NID_undef, + .md_size = GOSTR341194_LENGTH, + .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE, + .init = gostr341194_init, + .update = gostr341194_update, + .final = gostr341194_final, + .block_size = GOSTR341194_CBLOCK, + .ctx_size = sizeof(EVP_MD *) + sizeof(GOSTR341194_CTX), +}; + +const EVP_MD * +EVP_gostr341194(void) +{ + return (&gostr341194_md); +} +#endif diff --git a/src/lib/libcrypto/evp/m_md2.c b/src/lib/libcrypto/evp/m_md2.c deleted file mode 100644 index 50914c83b3a..00000000000 --- a/src/lib/libcrypto/evp/m_md2.c +++ /dev/null @@ -1,96 +0,0 @@ -/* crypto/evp/m_md2.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#ifndef OPENSSL_NO_MD2 -#include -#include "cryptlib.h" -#include -#include -#include -#include - -static int init(EVP_MD_CTX *ctx) - { return MD2_Init(ctx->md_data); } - -static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) - { return MD2_Update(ctx->md_data,data,count); } - -static int final(EVP_MD_CTX *ctx,unsigned char *md) - { return MD2_Final(md,ctx->md_data); } - -static const EVP_MD md2_md= - { - NID_md2, - NID_md2WithRSAEncryption, - MD2_DIGEST_LENGTH, - 0, - init, - update, - final, - NULL, - NULL, - EVP_PKEY_RSA_method, - MD2_BLOCK, - sizeof(EVP_MD *)+sizeof(MD2_CTX), - }; - -const EVP_MD *EVP_md2(void) - { - return(&md2_md); - } -#endif diff --git a/src/lib/libcrypto/evp/m_md4.c b/src/lib/libcrypto/evp/m_md4.c index e19b6637546..ab3cc852bec 100644 --- a/src/lib/libcrypto/evp/m_md4.c +++ b/src/lib/libcrypto/evp/m_md4.c @@ -1,25 +1,25 @@ -/* crypto/evp/m_md4.c */ +/* $OpenBSD: m_md4.c,v 1.16 2015/09/14 01:45:03 doug Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,48 +49,70 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_MD4 #include -#include "cryptlib.h" + +#include + +#ifndef OPENSSL_NO_MD4 + #include +#include #include #include -#include -static int init(EVP_MD_CTX *ctx) - { return MD4_Init(ctx->md_data); } +#ifndef OPENSSL_NO_RSA +#include +#endif + +static int +init(EVP_MD_CTX *ctx) +{ + return MD4_Init(ctx->md_data); +} -static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) - { return MD4_Update(ctx->md_data,data,count); } +static int +update(EVP_MD_CTX *ctx, const void *data, size_t count) +{ + return MD4_Update(ctx->md_data, data, count); +} -static int final(EVP_MD_CTX *ctx,unsigned char *md) - { return MD4_Final(md,ctx->md_data); } +static int +final(EVP_MD_CTX *ctx, unsigned char *md) +{ + return MD4_Final(md, ctx->md_data); +} -static const EVP_MD md4_md= - { - NID_md4, - NID_md4WithRSAEncryption, - MD4_DIGEST_LENGTH, - 0, - init, - update, - final, - NULL, - NULL, - EVP_PKEY_RSA_method, - MD4_CBLOCK, - sizeof(EVP_MD *)+sizeof(MD4_CTX), - }; +static const EVP_MD md4_md = { + .type = NID_md4, + .pkey_type = NID_md4WithRSAEncryption, + .md_size = MD4_DIGEST_LENGTH, + .flags = 0, + .init = init, + .update = update, + .final = final, + .copy = NULL, + .cleanup = NULL, +#ifndef OPENSSL_NO_RSA + .sign = (evp_sign_method *)RSA_sign, + .verify = (evp_verify_method *)RSA_verify, + .required_pkey_type = { + EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0, + }, +#endif + .block_size = MD4_CBLOCK, + .ctx_size = sizeof(EVP_MD *) + sizeof(MD4_CTX), +}; -const EVP_MD *EVP_md4(void) - { - return(&md4_md); - } +const EVP_MD * +EVP_md4(void) +{ + return (&md4_md); +} #endif diff --git a/src/lib/libcrypto/evp/m_md5.c b/src/lib/libcrypto/evp/m_md5.c index b00a03e048b..36cff7ab519 100644 --- a/src/lib/libcrypto/evp/m_md5.c +++ b/src/lib/libcrypto/evp/m_md5.c @@ -1,25 +1,25 @@ -/* crypto/evp/m_md5.c */ +/* $OpenBSD: m_md5.c,v 1.15 2014/07/13 09:30:02 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,48 +49,70 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_MD5 #include -#include "cryptlib.h" + +#include + +#ifndef OPENSSL_NO_MD5 + #include +#include #include #include -#include -static int init(EVP_MD_CTX *ctx) - { return MD5_Init(ctx->md_data); } +#ifndef OPENSSL_NO_RSA +#include +#endif + +static int +init(EVP_MD_CTX *ctx) +{ + return MD5_Init(ctx->md_data); +} -static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) - { return MD5_Update(ctx->md_data,data,count); } +static int +update(EVP_MD_CTX *ctx, const void *data, size_t count) +{ + return MD5_Update(ctx->md_data, data, count); +} -static int final(EVP_MD_CTX *ctx,unsigned char *md) - { return MD5_Final(md,ctx->md_data); } +static int +final(EVP_MD_CTX *ctx, unsigned char *md) +{ + return MD5_Final(md, ctx->md_data); +} -static const EVP_MD md5_md= - { - NID_md5, - NID_md5WithRSAEncryption, - MD5_DIGEST_LENGTH, - 0, - init, - update, - final, - NULL, - NULL, - EVP_PKEY_RSA_method, - MD5_CBLOCK, - sizeof(EVP_MD *)+sizeof(MD5_CTX), - }; +static const EVP_MD md5_md = { + .type = NID_md5, + .pkey_type = NID_md5WithRSAEncryption, + .md_size = MD5_DIGEST_LENGTH, + .flags = 0, + .init = init, + .update = update, + .final = final, + .copy = NULL, + .cleanup = NULL, +#ifndef OPENSSL_NO_RSA + .sign = (evp_sign_method *)RSA_sign, + .verify = (evp_verify_method *)RSA_verify, + .required_pkey_type = { + EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0, + }, +#endif + .block_size = MD5_CBLOCK, + .ctx_size = sizeof(EVP_MD *) + sizeof(MD5_CTX), +}; -const EVP_MD *EVP_md5(void) - { - return(&md5_md); - } +const EVP_MD * +EVP_md5(void) +{ + return (&md5_md); +} #endif diff --git a/src/lib/libcrypto/evp/m_md5_sha1.c b/src/lib/libcrypto/evp/m_md5_sha1.c new file mode 100644 index 00000000000..4e8a0c32f62 --- /dev/null +++ b/src/lib/libcrypto/evp/m_md5_sha1.c @@ -0,0 +1,94 @@ +/* $OpenBSD: m_md5_sha1.c,v 1.2 2018/08/10 17:30:29 jsing Exp $ */ +/* + * Copyright (c) 2017 Joel Sing + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include +#include +#include + +#ifndef OPENSSL_NO_RSA +#include +#endif + +struct md5_sha1_ctx { + MD5_CTX md5; + SHA_CTX sha1; +}; + +static int +md5_sha1_init(EVP_MD_CTX *ctx) +{ + struct md5_sha1_ctx *mdctx = ctx->md_data; + + if (!MD5_Init(&mdctx->md5)) + return 0; + if (!SHA1_Init(&mdctx->sha1)) + return 0; + + return 1; +} + +static int +md5_sha1_update(EVP_MD_CTX *ctx, const void *data, size_t count) +{ + struct md5_sha1_ctx *mdctx = ctx->md_data; + + if (!MD5_Update(&mdctx->md5, data, count)) + return 0; + if (!SHA1_Update(&mdctx->sha1, data, count)) + return 0; + + return 1; +} + +static int +md5_sha1_final(EVP_MD_CTX *ctx, unsigned char *out) +{ + struct md5_sha1_ctx *mdctx = ctx->md_data; + + if (!MD5_Final(out, &mdctx->md5)) + return 0; + if (!SHA1_Final(out + MD5_DIGEST_LENGTH, &mdctx->sha1)) + return 0; + + return 1; +} + +static const EVP_MD md5_sha1_md = { + .type = NID_md5_sha1, + .pkey_type = NID_md5_sha1, + .md_size = MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, + .flags = 0, + .init = md5_sha1_init, + .update = md5_sha1_update, + .final = md5_sha1_final, + .block_size = MD5_CBLOCK, /* MD5_CBLOCK == SHA_CBLOCK */ + .ctx_size = sizeof(EVP_MD *) + sizeof(struct md5_sha1_ctx), +#ifndef OPENSSL_NO_RSA + .sign = (evp_sign_method *)RSA_sign, + .verify = (evp_verify_method *)RSA_verify, + .required_pkey_type = { + EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0, + }, +#endif +}; + +const EVP_MD * +EVP_md5_sha1(void) +{ + return &md5_sha1_md; +} diff --git a/src/lib/libcrypto/evp/m_mdc2.c b/src/lib/libcrypto/evp/m_mdc2.c deleted file mode 100644 index 9f6467c9314..00000000000 --- a/src/lib/libcrypto/evp/m_mdc2.c +++ /dev/null @@ -1,96 +0,0 @@ -/* crypto/evp/m_mdc2.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#ifndef OPENSSL_NO_MDC2 -#include -#include "cryptlib.h" -#include -#include -#include -#include - -static int init(EVP_MD_CTX *ctx) - { return MDC2_Init(ctx->md_data); } - -static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) - { return MDC2_Update(ctx->md_data,data,count); } - -static int final(EVP_MD_CTX *ctx,unsigned char *md) - { return MDC2_Final(md,ctx->md_data); } - -static const EVP_MD mdc2_md= - { - NID_mdc2, - NID_mdc2WithRSA, - MDC2_DIGEST_LENGTH, - 0, - init, - update, - final, - NULL, - NULL, - EVP_PKEY_RSA_ASN1_OCTET_STRING_method, - MDC2_BLOCK, - sizeof(EVP_MD *)+sizeof(MDC2_CTX), - }; - -const EVP_MD *EVP_mdc2(void) - { - return(&mdc2_md); - } -#endif diff --git a/src/lib/libcrypto/evp/m_null.c b/src/lib/libcrypto/evp/m_null.c index f6f0a1d2c05..897be3cee99 100644 --- a/src/lib/libcrypto/evp/m_null.c +++ b/src/lib/libcrypto/evp/m_null.c @@ -1,25 +1,25 @@ -/* crypto/evp/m_null.c */ +/* $OpenBSD: m_null.c,v 1.9 2014/07/11 08:44:48 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,39 +57,50 @@ */ #include -#include "cryptlib.h" + #include #include #include -static int init(EVP_MD_CTX *ctx) - { return 1; } - -static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) - { return 1; } - -static int final(EVP_MD_CTX *ctx,unsigned char *md) - { return 1; } +static int +init(EVP_MD_CTX *ctx) +{ + return 1; +} -static const EVP_MD null_md= - { - NID_undef, - NID_undef, - 0, - 0, - init, - update, - final, - NULL, - NULL, - EVP_PKEY_NULL_method, - 0, - sizeof(EVP_MD *), - }; +static int +update(EVP_MD_CTX *ctx, const void *data, size_t count) +{ + return 1; +} -const EVP_MD *EVP_md_null(void) - { - return(&null_md); - } +static int +final(EVP_MD_CTX *ctx, unsigned char *md) +{ + return 1; +} +static const EVP_MD null_md = { + .type = NID_undef, + .pkey_type = NID_undef, + .md_size = 0, + .flags = 0, + .init = init, + .update = update, + .final = final, + .copy = NULL, + .cleanup = NULL, + .sign = NULL, + .verify = NULL, + .required_pkey_type = { + 0, 0, 0, 0, + }, + .block_size = 0, + .ctx_size = sizeof(EVP_MD *), +}; +const EVP_MD * +EVP_md_null(void) +{ + return (&null_md); +} diff --git a/src/lib/libcrypto/evp/m_ripemd.c b/src/lib/libcrypto/evp/m_ripemd.c index 64725528dcc..be7f1393b02 100644 --- a/src/lib/libcrypto/evp/m_ripemd.c +++ b/src/lib/libcrypto/evp/m_ripemd.c @@ -1,25 +1,25 @@ -/* crypto/evp/m_ripemd.c */ +/* $OpenBSD: m_ripemd.c,v 1.12 2014/07/13 09:30:02 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,48 +49,70 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_RIPEMD #include -#include "cryptlib.h" -#include + +#include + +#ifndef OPENSSL_NO_RIPEMD + #include #include +#include #include -static int init(EVP_MD_CTX *ctx) - { return RIPEMD160_Init(ctx->md_data); } +#ifndef OPENSSL_NO_RSA +#include +#endif + +static int +init(EVP_MD_CTX *ctx) +{ + return RIPEMD160_Init(ctx->md_data); +} -static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) - { return RIPEMD160_Update(ctx->md_data,data,count); } +static int +update(EVP_MD_CTX *ctx, const void *data, size_t count) +{ + return RIPEMD160_Update(ctx->md_data, data, count); +} -static int final(EVP_MD_CTX *ctx,unsigned char *md) - { return RIPEMD160_Final(md,ctx->md_data); } +static int +final(EVP_MD_CTX *ctx, unsigned char *md) +{ + return RIPEMD160_Final(md, ctx->md_data); +} -static const EVP_MD ripemd160_md= - { - NID_ripemd160, - NID_ripemd160WithRSA, - RIPEMD160_DIGEST_LENGTH, - 0, - init, - update, - final, - NULL, - NULL, - EVP_PKEY_RSA_method, - RIPEMD160_CBLOCK, - sizeof(EVP_MD *)+sizeof(RIPEMD160_CTX), - }; +static const EVP_MD ripemd160_md = { + .type = NID_ripemd160, + .pkey_type = NID_ripemd160WithRSA, + .md_size = RIPEMD160_DIGEST_LENGTH, + .flags = 0, + .init = init, + .update = update, + .final = final, + .copy = NULL, + .cleanup = NULL, +#ifndef OPENSSL_NO_RSA + .sign = (evp_sign_method *)RSA_sign, + .verify = (evp_verify_method *)RSA_verify, + .required_pkey_type = { + EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0, + }, +#endif + .block_size = RIPEMD160_CBLOCK, + .ctx_size = sizeof(EVP_MD *) + sizeof(RIPEMD160_CTX), +}; -const EVP_MD *EVP_ripemd160(void) - { - return(&ripemd160_md); - } +const EVP_MD * +EVP_ripemd160(void) +{ + return (&ripemd160_md); +} #endif diff --git a/src/lib/libcrypto/evp/m_sha.c b/src/lib/libcrypto/evp/m_sha.c deleted file mode 100644 index 10697c7ed38..00000000000 --- a/src/lib/libcrypto/evp/m_sha.c +++ /dev/null @@ -1,95 +0,0 @@ -/* crypto/evp/m_sha.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#ifndef OPENSSL_NO_SHA -#include -#include "cryptlib.h" -#include -#include -#include - -static int init(EVP_MD_CTX *ctx) - { return SHA_Init(ctx->md_data); } - -static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) - { return SHA_Update(ctx->md_data,data,count); } - -static int final(EVP_MD_CTX *ctx,unsigned char *md) - { return SHA_Final(md,ctx->md_data); } - -static const EVP_MD sha_md= - { - NID_sha, - NID_shaWithRSAEncryption, - SHA_DIGEST_LENGTH, - 0, - init, - update, - final, - NULL, - NULL, - EVP_PKEY_RSA_method, - SHA_CBLOCK, - sizeof(EVP_MD *)+sizeof(SHA_CTX), - }; - -const EVP_MD *EVP_sha(void) - { - return(&sha_md); - } -#endif diff --git a/src/lib/libcrypto/evp/m_sha1.c b/src/lib/libcrypto/evp/m_sha1.c index d6be3502f0a..13d5b030d27 100644 --- a/src/lib/libcrypto/evp/m_sha1.c +++ b/src/lib/libcrypto/evp/m_sha1.c @@ -1,25 +1,25 @@ -/* crypto/evp/m_sha1.c */ +/* $OpenBSD: m_sha1.c,v 1.17 2014/07/11 08:44:48 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,47 +49,233 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_SHA #include -#include "cryptlib.h" + +#include + +#ifndef OPENSSL_NO_SHA + #include #include -#include - -static int init(EVP_MD_CTX *ctx) - { return SHA1_Init(ctx->md_data); } - -static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) - { return SHA1_Update(ctx->md_data,data,count); } - -static int final(EVP_MD_CTX *ctx,unsigned char *md) - { return SHA1_Final(md,ctx->md_data); } - -static const EVP_MD sha1_md= - { - NID_sha1, - NID_sha1WithRSAEncryption, - SHA_DIGEST_LENGTH, - 0, - init, - update, - final, - NULL, - NULL, - EVP_PKEY_RSA_method, - SHA_CBLOCK, - sizeof(EVP_MD *)+sizeof(SHA_CTX), - }; - -const EVP_MD *EVP_sha1(void) - { - return(&sha1_md); - } +#include + +#ifndef OPENSSL_NO_RSA +#include #endif + +static int +init(EVP_MD_CTX *ctx) +{ + return SHA1_Init(ctx->md_data); +} + +static int +update(EVP_MD_CTX *ctx, const void *data, size_t count) +{ + return SHA1_Update(ctx->md_data, data, count); +} + +static int +final(EVP_MD_CTX *ctx, unsigned char *md) +{ + return SHA1_Final(md, ctx->md_data); +} + +static const EVP_MD sha1_md = { + .type = NID_sha1, + .pkey_type = NID_sha1WithRSAEncryption, + .md_size = SHA_DIGEST_LENGTH, + .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, + .init = init, + .update = update, + .final = final, + .copy = NULL, + .cleanup = NULL, +#ifndef OPENSSL_NO_RSA + .sign = (evp_sign_method *)RSA_sign, + .verify = (evp_verify_method *)RSA_verify, + .required_pkey_type = { + EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0, + }, +#endif + .block_size = SHA_CBLOCK, + .ctx_size = sizeof(EVP_MD *) + sizeof(SHA_CTX), +}; + +const EVP_MD * +EVP_sha1(void) +{ + return (&sha1_md); +} +#endif + +#ifndef OPENSSL_NO_SHA256 +static int +init224(EVP_MD_CTX *ctx) +{ + return SHA224_Init(ctx->md_data); +} + +static int +init256(EVP_MD_CTX *ctx) +{ + return SHA256_Init(ctx->md_data); +} +/* + * Even though there're separate SHA224_[Update|Final], we call + * SHA256 functions even in SHA224 context. This is what happens + * there anyway, so we can spare few CPU cycles:-) + */ +static int +update256(EVP_MD_CTX *ctx, const void *data, size_t count) +{ + return SHA256_Update(ctx->md_data, data, count); +} + +static int +final256(EVP_MD_CTX *ctx, unsigned char *md) +{ + return SHA256_Final(md, ctx->md_data); +} + +static const EVP_MD sha224_md = { + .type = NID_sha224, + .pkey_type = NID_sha224WithRSAEncryption, + .md_size = SHA224_DIGEST_LENGTH, + .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, + .init = init224, + .update = update256, + .final = final256, + .copy = NULL, + .cleanup = NULL, +#ifndef OPENSSL_NO_RSA + .sign = (evp_sign_method *)RSA_sign, + .verify = (evp_verify_method *)RSA_verify, + .required_pkey_type = { + EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0, + }, +#endif + .block_size = SHA256_CBLOCK, + .ctx_size = sizeof(EVP_MD *) + sizeof(SHA256_CTX), +}; + +const EVP_MD * +EVP_sha224(void) +{ + return (&sha224_md); +} + +static const EVP_MD sha256_md = { + .type = NID_sha256, + .pkey_type = NID_sha256WithRSAEncryption, + .md_size = SHA256_DIGEST_LENGTH, + .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, + .init = init256, + .update = update256, + .final = final256, + .copy = NULL, + .cleanup = NULL, +#ifndef OPENSSL_NO_RSA + .sign = (evp_sign_method *)RSA_sign, + .verify = (evp_verify_method *)RSA_verify, + .required_pkey_type = { + EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0, + }, +#endif + .block_size = SHA256_CBLOCK, + .ctx_size = sizeof(EVP_MD *) + sizeof(SHA256_CTX), +}; + +const EVP_MD * +EVP_sha256(void) +{ + return (&sha256_md); +} +#endif /* ifndef OPENSSL_NO_SHA256 */ + +#ifndef OPENSSL_NO_SHA512 +static int +init384(EVP_MD_CTX *ctx) +{ + return SHA384_Init(ctx->md_data); +} + +static int +init512(EVP_MD_CTX *ctx) +{ + return SHA512_Init(ctx->md_data); +} +/* See comment in SHA224/256 section */ +static int +update512(EVP_MD_CTX *ctx, const void *data, size_t count) +{ + return SHA512_Update(ctx->md_data, data, count); +} + +static int +final512(EVP_MD_CTX *ctx, unsigned char *md) +{ + return SHA512_Final(md, ctx->md_data); +} + +static const EVP_MD sha384_md = { + .type = NID_sha384, + .pkey_type = NID_sha384WithRSAEncryption, + .md_size = SHA384_DIGEST_LENGTH, + .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, + .init = init384, + .update = update512, + .final = final512, + .copy = NULL, + .cleanup = NULL, +#ifndef OPENSSL_NO_RSA + .sign = (evp_sign_method *)RSA_sign, + .verify = (evp_verify_method *)RSA_verify, + .required_pkey_type = { + EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0, + }, +#endif + .block_size = SHA512_CBLOCK, + .ctx_size = sizeof(EVP_MD *) + sizeof(SHA512_CTX), +}; + +const EVP_MD * +EVP_sha384(void) +{ + return (&sha384_md); +} + +static const EVP_MD sha512_md = { + .type = NID_sha512, + .pkey_type = NID_sha512WithRSAEncryption, + .md_size = SHA512_DIGEST_LENGTH, + .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, + .init = init512, + .update = update512, + .final = final512, + .copy = NULL, + .cleanup = NULL, +#ifndef OPENSSL_NO_RSA + .sign = (evp_sign_method *)RSA_sign, + .verify = (evp_verify_method *)RSA_verify, + .required_pkey_type = { + EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0, + }, +#endif + .block_size = SHA512_CBLOCK, + .ctx_size = sizeof(EVP_MD *) + sizeof(SHA512_CTX), +}; + +const EVP_MD * +EVP_sha512(void) +{ + return (&sha512_md); +} +#endif /* ifndef OPENSSL_NO_SHA512 */ diff --git a/src/lib/libcrypto/evp/m_sigver.c b/src/lib/libcrypto/evp/m_sigver.c new file mode 100644 index 00000000000..9e313c36308 --- /dev/null +++ b/src/lib/libcrypto/evp/m_sigver.c @@ -0,0 +1,193 @@ +/* $OpenBSD: m_sigver.c,v 1.7 2018/05/13 06:35:10 tb Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2006. + */ +/* ==================================================================== + * Copyright (c) 2006,2007 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include + +#include +#include +#include +#include + +#include "evp_locl.h" + +static int +do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type, + ENGINE *e, EVP_PKEY *pkey, int ver) +{ + if (ctx->pctx == NULL) + ctx->pctx = EVP_PKEY_CTX_new(pkey, e); + if (ctx->pctx == NULL) + return 0; + + if (type == NULL) { + int def_nid; + if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0) + type = EVP_get_digestbynid(def_nid); + } + + if (type == NULL) { + EVPerror(EVP_R_NO_DEFAULT_DIGEST); + return 0; + } + + if (ver) { + if (ctx->pctx->pmeth->verifyctx_init) { + if (ctx->pctx->pmeth->verifyctx_init(ctx->pctx, + ctx) <=0) + return 0; + ctx->pctx->operation = EVP_PKEY_OP_VERIFYCTX; + } else if (EVP_PKEY_verify_init(ctx->pctx) <= 0) + return 0; + } else { + if (ctx->pctx->pmeth->signctx_init) { + if (ctx->pctx->pmeth->signctx_init(ctx->pctx, ctx) <= 0) + return 0; + ctx->pctx->operation = EVP_PKEY_OP_SIGNCTX; + } else if (EVP_PKEY_sign_init(ctx->pctx) <= 0) + return 0; + } + if (EVP_PKEY_CTX_set_signature_md(ctx->pctx, type) <= 0) + return 0; + if (pctx) + *pctx = ctx->pctx; + if (!EVP_DigestInit_ex(ctx, type, e)) + return 0; + return 1; +} + +int +EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type, + ENGINE *e, EVP_PKEY *pkey) +{ + return do_sigver_init(ctx, pctx, type, e, pkey, 0); +} + +int +EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type, + ENGINE *e, EVP_PKEY *pkey) +{ + return do_sigver_init(ctx, pctx, type, e, pkey, 1); +} + +int +EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen) +{ + int sctx, r = 0; + + if (ctx->pctx->pmeth->signctx) + sctx = 1; + else + sctx = 0; + if (sigret) { + EVP_MD_CTX tmp_ctx; + unsigned char md[EVP_MAX_MD_SIZE]; + unsigned int mdlen = 0; + EVP_MD_CTX_init(&tmp_ctx); + if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx)) + return 0; + if (sctx) + r = tmp_ctx.pctx->pmeth->signctx(tmp_ctx.pctx, + sigret, siglen, &tmp_ctx); + else + r = EVP_DigestFinal_ex(&tmp_ctx, md, &mdlen); + EVP_MD_CTX_cleanup(&tmp_ctx); + if (sctx || !r) + return r; + if (EVP_PKEY_sign(ctx->pctx, sigret, siglen, md, mdlen) <= 0) + return 0; + } else { + if (sctx) { + if (ctx->pctx->pmeth->signctx(ctx->pctx, sigret, + siglen, ctx) <= 0) + return 0; + } else { + int s = EVP_MD_size(ctx->digest); + if (s < 0 || EVP_PKEY_sign(ctx->pctx, sigret, siglen, + NULL, s) <= 0) + return 0; + } + } + return 1; +} + +int +EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, size_t siglen) +{ + EVP_MD_CTX tmp_ctx; + unsigned char md[EVP_MAX_MD_SIZE]; + int r; + unsigned int mdlen = 0; + int vctx; + + if (ctx->pctx->pmeth->verifyctx) + vctx = 1; + else + vctx = 0; + EVP_MD_CTX_init(&tmp_ctx); + if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx)) + return -1; + if (vctx) { + r = tmp_ctx.pctx->pmeth->verifyctx(tmp_ctx.pctx, sig, + siglen, &tmp_ctx); + } else + r = EVP_DigestFinal_ex(&tmp_ctx, md, &mdlen); + EVP_MD_CTX_cleanup(&tmp_ctx); + if (vctx || !r) + return r; + return EVP_PKEY_verify(ctx->pctx, sig, siglen, md, mdlen); +} diff --git a/src/lib/libcrypto/evp/m_sm3.c b/src/lib/libcrypto/evp/m_sm3.c new file mode 100644 index 00000000000..66582b8e4a4 --- /dev/null +++ b/src/lib/libcrypto/evp/m_sm3.c @@ -0,0 +1,73 @@ +/* $OpenBSD: m_sm3.c,v 1.1 2018/11/11 06:53:31 tb Exp $ */ +/* + * Copyright (c) 2018, Ribose Inc + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#ifndef OPENSSL_NO_SM3 +#include +#include + +#ifndef OPENSSL_NO_RSA +#include +#endif + +static int +sm3_init(EVP_MD_CTX *ctx) +{ + return SM3_Init(ctx->md_data); +} + +static int +sm3_update(EVP_MD_CTX *ctx, const void *data, size_t count) +{ + return SM3_Update(ctx->md_data, data, count); +} + +static int +sm3_final(EVP_MD_CTX *ctx, unsigned char *md) +{ + return SM3_Final(md, ctx->md_data); +} + +static const EVP_MD sm3_md = { + .type = NID_sm3, + .pkey_type = NID_sm3WithRSAEncryption, + .md_size = SM3_DIGEST_LENGTH, + .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE|EVP_MD_FLAG_DIGALGID_ABSENT, + .init = sm3_init, + .update = sm3_update, + .final = sm3_final, + .copy = NULL, + .cleanup = NULL, +#ifndef OPENSSL_NO_RSA + .sign = (evp_sign_method *)RSA_sign, + .verify = (evp_verify_method *)RSA_verify, + .required_pkey_type = { + EVP_PKEY_RSA, EVP_PKEY_RSA2, 0, 0, + }, +#endif + .block_size = SM3_CBLOCK, + .ctx_size = sizeof(EVP_MD *) + sizeof(SM3_CTX), +}; + +const EVP_MD * +EVP_sm3(void) +{ + return &sm3_md; +} + +#endif /* OPENSSL_NO_SM3 */ diff --git a/src/lib/libcrypto/evp/m_streebog.c b/src/lib/libcrypto/evp/m_streebog.c new file mode 100644 index 00000000000..882c7852bb7 --- /dev/null +++ b/src/lib/libcrypto/evp/m_streebog.c @@ -0,0 +1,131 @@ +/* $OpenBSD: m_streebog.c,v 1.2 2014/11/09 23:06:50 miod Exp $ */ +/* + * Copyright (c) 2014 Dmitry Eremin-Solenikov + * Copyright (c) 2005-2006 Cryptocom LTD + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include + +#ifndef OPENSSL_NO_GOST + +#include +#include +#include + +static int +streebog_init256(EVP_MD_CTX *ctx) +{ + return STREEBOG256_Init(ctx->md_data); +} + +static int +streebog_update256(EVP_MD_CTX *ctx, const void *data, size_t count) +{ + return STREEBOG256_Update(ctx->md_data, data, count); +} + +static int +streebog_final256(EVP_MD_CTX *ctx, unsigned char *md) +{ + return STREEBOG256_Final(md, ctx->md_data); +} + +static int +streebog_init512(EVP_MD_CTX *ctx) +{ + return STREEBOG512_Init(ctx->md_data); +} + +static int +streebog_update512(EVP_MD_CTX *ctx, const void *data, size_t count) +{ + return STREEBOG512_Update(ctx->md_data, data, count); +} + +static int +streebog_final512(EVP_MD_CTX *ctx, unsigned char *md) +{ + return STREEBOG512_Final(md, ctx->md_data); +} + +static const EVP_MD streebog256_md = { + .type = NID_id_tc26_gost3411_2012_256, + .pkey_type = NID_undef, + .md_size = STREEBOG256_LENGTH, + .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE, + .init = streebog_init256, + .update = streebog_update256, + .final = streebog_final256, + .block_size = STREEBOG_CBLOCK, + .ctx_size = sizeof(EVP_MD *) + sizeof(STREEBOG_CTX), +}; + +static const EVP_MD streebog512_md = { + .type = NID_id_tc26_gost3411_2012_512, + .pkey_type = NID_undef, + .md_size = STREEBOG512_LENGTH, + .flags = EVP_MD_FLAG_PKEY_METHOD_SIGNATURE, + .init = streebog_init512, + .update = streebog_update512, + .final = streebog_final512, + .block_size = STREEBOG_CBLOCK, + .ctx_size = sizeof(EVP_MD *) + sizeof(STREEBOG_CTX), +}; + +const EVP_MD * +EVP_streebog256(void) +{ + return (&streebog256_md); +} + +const EVP_MD * +EVP_streebog512(void) +{ + return (&streebog512_md); +} +#endif diff --git a/src/lib/libcrypto/evp/m_wp.c b/src/lib/libcrypto/evp/m_wp.c new file mode 100644 index 00000000000..3f543ac0af8 --- /dev/null +++ b/src/lib/libcrypto/evp/m_wp.c @@ -0,0 +1,56 @@ +/* $OpenBSD: m_wp.c,v 1.8 2014/07/13 09:30:02 miod Exp $ */ + +#include + +#include + +#ifndef OPENSSL_NO_WHIRLPOOL + +#include +#include +#include +#include + +static int +init(EVP_MD_CTX *ctx) +{ + return WHIRLPOOL_Init(ctx->md_data); +} + +static int +update(EVP_MD_CTX *ctx, const void *data, size_t count) +{ + return WHIRLPOOL_Update(ctx->md_data, data, count); +} + +static int +final(EVP_MD_CTX *ctx, unsigned char *md) +{ + return WHIRLPOOL_Final(md, ctx->md_data); +} + +static const EVP_MD whirlpool_md = { + .type = NID_whirlpool, + .pkey_type = 0, + .md_size = WHIRLPOOL_DIGEST_LENGTH, + .flags = 0, + .init = init, + .update = update, + .final = final, + .copy = NULL, + .cleanup = NULL, + .sign = NULL, + .verify = NULL, + .required_pkey_type = { + 0, 0, 0, 0, + }, + .block_size = WHIRLPOOL_BBLOCK / 8, + .ctx_size = sizeof(EVP_MD *) + sizeof(WHIRLPOOL_CTX), +}; + +const EVP_MD * +EVP_whirlpool(void) +{ + return (&whirlpool_md); +} +#endif diff --git a/src/lib/libcrypto/evp/names.c b/src/lib/libcrypto/evp/names.c index eb9f4329cd4..dfcf9ee2251 100644 --- a/src/lib/libcrypto/evp/names.c +++ b/src/lib/libcrypto/evp/names.c @@ -1,25 +1,25 @@ -/* crypto/evp/names.c */ +/* $OpenBSD: names.c,v 1.14 2018/03/17 16:20:01 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,61 +57,84 @@ */ #include -#include "cryptlib.h" + #include #include #include -int EVP_add_cipher(const EVP_CIPHER *c) - { +int +EVP_add_cipher(const EVP_CIPHER *c) +{ int r; - r=OBJ_NAME_add(OBJ_nid2sn(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(char *)c); - if (r == 0) return(0); - r=OBJ_NAME_add(OBJ_nid2ln(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(char *)c); - return(r); - } + if (c == NULL) + return 0; + + r = OBJ_NAME_add(OBJ_nid2sn(c->nid), OBJ_NAME_TYPE_CIPHER_METH, + (const char *)c); + if (r == 0) + return (0); + check_defer(c->nid); + r = OBJ_NAME_add(OBJ_nid2ln(c->nid), OBJ_NAME_TYPE_CIPHER_METH, + (const char *)c); + return (r); +} -int EVP_add_digest(const EVP_MD *md) - { +int +EVP_add_digest(const EVP_MD *md) +{ int r; const char *name; - name=OBJ_nid2sn(md->type); - r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(char *)md); - if (r == 0) return(0); - r=OBJ_NAME_add(OBJ_nid2ln(md->type),OBJ_NAME_TYPE_MD_METH,(char *)md); - if (r == 0) return(0); - - if (md->type != md->pkey_type) - { - r=OBJ_NAME_add(OBJ_nid2sn(md->pkey_type), - OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,name); - if (r == 0) return(0); - r=OBJ_NAME_add(OBJ_nid2ln(md->pkey_type), - OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,name); - } - return(r); + name = OBJ_nid2sn(md->type); + r = OBJ_NAME_add(name, OBJ_NAME_TYPE_MD_METH, (const char *)md); + if (r == 0) + return (0); + check_defer(md->type); + r = OBJ_NAME_add(OBJ_nid2ln(md->type), OBJ_NAME_TYPE_MD_METH, + (const char *)md); + if (r == 0) + return (0); + + if (md->pkey_type && md->type != md->pkey_type) { + r = OBJ_NAME_add(OBJ_nid2sn(md->pkey_type), + OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS, name); + if (r == 0) + return (0); + check_defer(md->pkey_type); + r = OBJ_NAME_add(OBJ_nid2ln(md->pkey_type), + OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS, name); } + return (r); +} -const EVP_CIPHER *EVP_get_cipherbyname(const char *name) - { +const EVP_CIPHER * +EVP_get_cipherbyname(const char *name) +{ const EVP_CIPHER *cp; - cp=(const EVP_CIPHER *)OBJ_NAME_get(name,OBJ_NAME_TYPE_CIPHER_METH); - return(cp); - } + if (!OPENSSL_init_crypto(0, NULL)) + return NULL; -const EVP_MD *EVP_get_digestbyname(const char *name) - { + cp = (const EVP_CIPHER *)OBJ_NAME_get(name, OBJ_NAME_TYPE_CIPHER_METH); + return (cp); +} + +const EVP_MD * +EVP_get_digestbyname(const char *name) +{ const EVP_MD *cp; - cp=(const EVP_MD *)OBJ_NAME_get(name,OBJ_NAME_TYPE_MD_METH); - return(cp); - } + if (!OPENSSL_init_crypto(0, NULL)) + return NULL; -void EVP_cleanup(void) - { + cp = (const EVP_MD *)OBJ_NAME_get(name, OBJ_NAME_TYPE_MD_METH); + return (cp); +} + +void +EVP_cleanup(void) +{ OBJ_NAME_cleanup(OBJ_NAME_TYPE_CIPHER_METH); OBJ_NAME_cleanup(OBJ_NAME_TYPE_MD_METH); /* The above calls will only clean out the contents of the name @@ -120,4 +143,100 @@ void EVP_cleanup(void) OBJ_NAME_cleanup(-1); EVP_PBE_cleanup(); + if (obj_cleanup_defer == 2) { + obj_cleanup_defer = 0; + OBJ_cleanup(); } + OBJ_sigid_free(); +} + +struct doall_cipher { + void *arg; + void (*fn)(const EVP_CIPHER *ciph, const char *from, const char *to, + void *arg); +}; + +static void +do_all_cipher_fn(const OBJ_NAME *nm, void *arg) +{ + struct doall_cipher *dc = arg; + + if (nm->alias) + dc->fn(NULL, nm->name, nm->data, dc->arg); + else + dc->fn((const EVP_CIPHER *)nm->data, nm->name, NULL, dc->arg); +} + +void +EVP_CIPHER_do_all(void (*fn)(const EVP_CIPHER *ciph, const char *from, + const char *to, void *x), void *arg) +{ + struct doall_cipher dc; + + /* Prayer and clean living lets you ignore errors, OpenSSL style */ + (void) OPENSSL_init_crypto(0, NULL); + + dc.fn = fn; + dc.arg = arg; + OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH, do_all_cipher_fn, &dc); +} + +void +EVP_CIPHER_do_all_sorted(void (*fn)(const EVP_CIPHER *ciph, const char *from, + const char *to, void *x), void *arg) +{ + struct doall_cipher dc; + + /* Prayer and clean living lets you ignore errors, OpenSSL style */ + (void) OPENSSL_init_crypto(0, NULL); + + dc.fn = fn; + dc.arg = arg; + OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, + do_all_cipher_fn, &dc); +} + +struct doall_md { + void *arg; + void (*fn)(const EVP_MD *ciph, const char *from, const char *to, + void *arg); +}; + +static void +do_all_md_fn(const OBJ_NAME *nm, void *arg) +{ + struct doall_md *dc = arg; + + if (nm->alias) + dc->fn(NULL, nm->name, nm->data, dc->arg); + else + dc->fn((const EVP_MD *)nm->data, nm->name, NULL, dc->arg); +} + +void +EVP_MD_do_all(void (*fn)(const EVP_MD *md, const char *from, const char *to, + void *x), void *arg) +{ + struct doall_md dc; + + /* Prayer and clean living lets you ignore errors, OpenSSL style */ + (void) OPENSSL_init_crypto(0, NULL); + + dc.fn = fn; + dc.arg = arg; + OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, do_all_md_fn, &dc); +} + +void +EVP_MD_do_all_sorted(void (*fn)(const EVP_MD *md, + const char *from, const char *to, void *x), void *arg) +{ + struct doall_md dc; + + /* Prayer and clean living lets you ignore errors, OpenSSL style */ + (void) OPENSSL_init_crypto(0, NULL); + + dc.fn = fn; + dc.arg = arg; + OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_MD_METH, do_all_md_fn, &dc); +} diff --git a/src/lib/libcrypto/evp/openbsd_hw.c b/src/lib/libcrypto/evp/openbsd_hw.c deleted file mode 100644 index 3831a5731e9..00000000000 --- a/src/lib/libcrypto/evp/openbsd_hw.c +++ /dev/null @@ -1,446 +0,0 @@ -/* Written by Ben Laurie, 2001 */ -/* - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include -#include -#include -#include "evp_locl.h" - -/* This stuff should now all be supported through - * crypto/engine/hw_openbsd_dev_crypto.c unless I botched it up */ -static void *dummy=&dummy; - -#if 0 - -/* check flag after OpenSSL headers to ensure make depend works */ -#ifdef OPENSSL_OPENBSD_DEV_CRYPTO - -#include -#include -#include -#include -#include -#include -#include - -/* longest key supported in hardware */ -#define MAX_HW_KEY 24 -#define MAX_HW_IV 8 - -#define MD5_DIGEST_LENGTH 16 -#define MD5_CBLOCK 64 - -static int fd; -static int dev_failed; - -typedef struct session_op session_op; - -#define CDATA(ctx) EVP_C_DATA(session_op,ctx) - -static void err(const char *str) - { - fprintf(stderr,"%s: errno %d\n",str,errno); - } - -static int dev_crypto_init(session_op *ses) - { - if(dev_failed) - return 0; - if(!fd) - { - int cryptodev_fd; - - if ((cryptodev_fd=open("/dev/crypto",O_RDWR,0)) < 0) - { - err("/dev/crypto"); - dev_failed=1; - return 0; - } - if (ioctl(cryptodev_fd,CRIOGET,&fd) == -1) - { - err("CRIOGET failed"); - close(cryptodev_fd); - dev_failed=1; - return 0; - } - close(cryptodev_fd); - } - assert(ses); - memset(ses,'\0',sizeof *ses); - - return 1; - } - -static int dev_crypto_cleanup(EVP_CIPHER_CTX *ctx) - { - if(ioctl(fd,CIOCFSESSION,&CDATA(ctx)->ses) == -1) - err("CIOCFSESSION failed"); - - OPENSSL_free(CDATA(ctx)->key); - - return 1; - } - -static int dev_crypto_init_key(EVP_CIPHER_CTX *ctx,int cipher, - const unsigned char *key,int klen) - { - if(!dev_crypto_init(CDATA(ctx))) - return 0; - - CDATA(ctx)->key=OPENSSL_malloc(MAX_HW_KEY); - - assert(ctx->cipher->iv_len <= MAX_HW_IV); - - memcpy(CDATA(ctx)->key,key,klen); - - CDATA(ctx)->cipher=cipher; - CDATA(ctx)->keylen=klen; - - if (ioctl(fd,CIOCGSESSION,CDATA(ctx)) == -1) - { - err("CIOCGSESSION failed"); - return 0; - } - return 1; - } - -static int dev_crypto_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out, - const unsigned char *in,unsigned int inl) - { - struct crypt_op cryp; - unsigned char lb[MAX_HW_IV]; - - if(!inl) - return 1; - - assert(CDATA(ctx)); - assert(!dev_failed); - - memset(&cryp,'\0',sizeof cryp); - cryp.ses=CDATA(ctx)->ses; - cryp.op=ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT; - cryp.flags=0; - cryp.len=inl; - assert((inl&(ctx->cipher->block_size-1)) == 0); - cryp.src=(caddr_t)in; - cryp.dst=(caddr_t)out; - cryp.mac=0; - if(ctx->cipher->iv_len) - cryp.iv=(caddr_t)ctx->iv; - - if(!ctx->encrypt) - memcpy(lb,&in[cryp.len-ctx->cipher->iv_len],ctx->cipher->iv_len); - - if(ioctl(fd, CIOCCRYPT, &cryp) == -1) - { - if(errno == EINVAL) /* buffers are misaligned */ - { - unsigned int cinl=0; - char *cin=NULL; - char *cout=NULL; - - /* NB: this can only make cinl != inl with stream ciphers */ - cinl=(inl+3)/4*4; - - if(((unsigned long)in&3) || cinl != inl) - { - cin=OPENSSL_malloc(cinl); - memcpy(cin,in,inl); - cryp.src=cin; - } - - if(((unsigned long)out&3) || cinl != inl) - { - cout=OPENSSL_malloc(cinl); - cryp.dst=cout; - } - - cryp.len=cinl; - - if(ioctl(fd, CIOCCRYPT, &cryp) == -1) - { - err("CIOCCRYPT(2) failed"); - printf("src=%p dst=%p\n",cryp.src,cryp.dst); - abort(); - return 0; - } - - if(cout) - { - memcpy(out,cout,inl); - OPENSSL_free(cout); - } - if(cin) - OPENSSL_free(cin); - } - else - { - err("CIOCCRYPT failed"); - abort(); - return 0; - } - } - - if(ctx->encrypt) - memcpy(ctx->iv,&out[cryp.len-ctx->cipher->iv_len],ctx->cipher->iv_len); - else - memcpy(ctx->iv,lb,ctx->cipher->iv_len); - - return 1; - } - -static int dev_crypto_des_ede3_init_key(EVP_CIPHER_CTX *ctx, - const unsigned char *key, - const unsigned char *iv, int enc) - { return dev_crypto_init_key(ctx,CRYPTO_3DES_CBC,key,24); } - -#define dev_crypto_des_ede3_cbc_cipher dev_crypto_cipher - -BLOCK_CIPHER_def_cbc(dev_crypto_des_ede3, session_op, NID_des_ede3, 8, 24, 8, - 0, dev_crypto_des_ede3_init_key, - dev_crypto_cleanup, - EVP_CIPHER_set_asn1_iv, - EVP_CIPHER_get_asn1_iv, - NULL) - -static int dev_crypto_rc4_init_key(EVP_CIPHER_CTX *ctx, - const unsigned char *key, - const unsigned char *iv, int enc) - { return dev_crypto_init_key(ctx,CRYPTO_ARC4,key,16); } - -static const EVP_CIPHER r4_cipher= - { - NID_rc4, - 1,16,0, /* FIXME: key should be up to 256 bytes */ - EVP_CIPH_VARIABLE_LENGTH, - dev_crypto_rc4_init_key, - dev_crypto_cipher, - dev_crypto_cleanup, - sizeof(session_op), - NULL, - NULL, - NULL - }; - -const EVP_CIPHER *EVP_dev_crypto_rc4(void) - { return &r4_cipher; } - -typedef struct - { - session_op sess; - char *data; - int len; - unsigned char md[EVP_MAX_MD_SIZE]; - } MD_DATA; - -static int dev_crypto_init_digest(MD_DATA *md_data,int mac) - { - if(!dev_crypto_init(&md_data->sess)) - return 0; - - md_data->len=0; - md_data->data=NULL; - - md_data->sess.mac=mac; - - if (ioctl(fd,CIOCGSESSION,&md_data->sess) == -1) - { - err("CIOCGSESSION failed"); - return 0; - } - return 1; - } - -static int dev_crypto_cleanup_digest(MD_DATA *md_data) - { - if (ioctl(fd,CIOCFSESSION,&md_data->sess.ses) == -1) - { - err("CIOCFSESSION failed"); - return 0; - } - - return 1; - } - -/* FIXME: if device can do chained MACs, then don't accumulate */ -/* FIXME: move accumulation to the framework */ -static int dev_crypto_md5_init(EVP_MD_CTX *ctx) - { return dev_crypto_init_digest(ctx->md_data,CRYPTO_MD5); } - -static int do_digest(int ses,unsigned char *md,const void *data,int len) - { - struct crypt_op cryp; - static unsigned char md5zero[16]= - { - 0xd4,0x1d,0x8c,0xd9,0x8f,0x00,0xb2,0x04, - 0xe9,0x80,0x09,0x98,0xec,0xf8,0x42,0x7e - }; - - /* some cards can't do zero length */ - if(!len) - { - memcpy(md,md5zero,16); - return 1; - } - - memset(&cryp,'\0',sizeof cryp); - cryp.ses=ses; - cryp.op=COP_ENCRYPT;/* required to do the MAC rather than check it */ - cryp.len=len; - cryp.src=(caddr_t)data; - cryp.dst=(caddr_t)data; // FIXME!!! - cryp.mac=(caddr_t)md; - - if(ioctl(fd, CIOCCRYPT, &cryp) == -1) - { - if(errno == EINVAL) /* buffer is misaligned */ - { - char *dcopy; - - dcopy=OPENSSL_malloc(len); - memcpy(dcopy,data,len); - cryp.src=dcopy; - cryp.dst=cryp.src; // FIXME!!! - - if(ioctl(fd, CIOCCRYPT, &cryp) == -1) - { - err("CIOCCRYPT(MAC2) failed"); - abort(); - return 0; - } - OPENSSL_free(dcopy); - } - else - { - err("CIOCCRYPT(MAC) failed"); - abort(); - return 0; - } - } - // printf("done\n"); - - return 1; - } - -static int dev_crypto_md5_update(EVP_MD_CTX *ctx,const void *data, - unsigned long len) - { - MD_DATA *md_data=ctx->md_data; - - if(ctx->flags&EVP_MD_CTX_FLAG_ONESHOT) - return do_digest(md_data->sess.ses,md_data->md,data,len); - - md_data->data=OPENSSL_realloc(md_data->data,md_data->len+len); - memcpy(md_data->data+md_data->len,data,len); - md_data->len+=len; - - return 1; - } - -static int dev_crypto_md5_final(EVP_MD_CTX *ctx,unsigned char *md) - { - int ret; - MD_DATA *md_data=ctx->md_data; - - if(ctx->flags&EVP_MD_CTX_FLAG_ONESHOT) - { - memcpy(md,md_data->md,MD5_DIGEST_LENGTH); - ret=1; - } - else - { - ret=do_digest(md_data->sess.ses,md,md_data->data,md_data->len); - OPENSSL_free(md_data->data); - md_data->data=NULL; - md_data->len=0; - } - - return ret; - } - -static int dev_crypto_md5_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from) - { - const MD_DATA *from_md=from->md_data; - MD_DATA *to_md=to->md_data; - - // How do we copy sessions? - assert(from->digest->flags&EVP_MD_FLAG_ONESHOT); - - to_md->data=OPENSSL_malloc(from_md->len); - memcpy(to_md->data,from_md->data,from_md->len); - - return 1; - } - -static int dev_crypto_md5_cleanup(EVP_MD_CTX *ctx) - { - return dev_crypto_cleanup_digest(ctx->md_data); - } - -static const EVP_MD md5_md= - { - NID_md5, - NID_md5WithRSAEncryption, - MD5_DIGEST_LENGTH, - EVP_MD_FLAG_ONESHOT, // XXX: set according to device info... - dev_crypto_md5_init, - dev_crypto_md5_update, - dev_crypto_md5_final, - dev_crypto_md5_copy, - dev_crypto_md5_cleanup, - EVP_PKEY_RSA_method, - MD5_CBLOCK, - sizeof(MD_DATA), - }; - -const EVP_MD *EVP_dev_crypto_md5(void) - { return &md5_md; } - -#endif -#endif diff --git a/src/lib/libcrypto/evp/p5_crpt.c b/src/lib/libcrypto/evp/p5_crpt.c index 113c60fedb8..75a631bf989 100644 --- a/src/lib/libcrypto/evp/p5_crpt.c +++ b/src/lib/libcrypto/evp/p5_crpt.c @@ -1,5 +1,5 @@ -/* p5_crpt.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: p5_crpt.c,v 1.18 2017/01/29 17:49:23 beck Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -58,51 +58,23 @@ #include #include -#include +#include + +#include #include -#include "cryptlib.h" +#include -/* PKCS#5 v1.5 compatible PBE functions: see PKCS#5 v2.0 for more info. +/* Doesn't do anything now: Builtin PBE algorithms in static table. */ -void PKCS5_PBE_add(void) +void +PKCS5_PBE_add(void) { -#ifndef OPENSSL_NO_DES -# ifndef OPENSSL_NO_MD5 -EVP_PBE_alg_add(NID_pbeWithMD5AndDES_CBC, EVP_des_cbc(), EVP_md5(), - PKCS5_PBE_keyivgen); -# endif -# ifndef OPENSSL_NO_MD2 -EVP_PBE_alg_add(NID_pbeWithMD2AndDES_CBC, EVP_des_cbc(), EVP_md2(), - PKCS5_PBE_keyivgen); -# endif -# ifndef OPENSSL_NO_SHA -EVP_PBE_alg_add(NID_pbeWithSHA1AndDES_CBC, EVP_des_cbc(), EVP_sha1(), - PKCS5_PBE_keyivgen); -# endif -#endif -#ifndef OPENSSL_NO_RC2 -# ifndef OPENSSL_NO_MD5 -EVP_PBE_alg_add(NID_pbeWithMD5AndRC2_CBC, EVP_rc2_64_cbc(), EVP_md5(), - PKCS5_PBE_keyivgen); -# endif -# ifndef OPENSSL_NO_MD2 -EVP_PBE_alg_add(NID_pbeWithMD2AndRC2_CBC, EVP_rc2_64_cbc(), EVP_md2(), - PKCS5_PBE_keyivgen); -# endif -# ifndef OPENSSL_NO_SHA -EVP_PBE_alg_add(NID_pbeWithSHA1AndRC2_CBC, EVP_rc2_64_cbc(), EVP_sha1(), - PKCS5_PBE_keyivgen); -# endif -#endif -#ifndef OPENSSL_NO_HMAC -EVP_PBE_alg_add(NID_pbes2, NULL, NULL, PKCS5_v2_PBE_keyivgen); -#endif } -int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, - ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, - int en_de) +int +PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de) { EVP_MD_CTX ctx; unsigned char md_tmp[EVP_MAX_MD_SIZE]; @@ -110,42 +82,79 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, int i; PBEPARAM *pbe; int saltlen, iter; - unsigned char *salt, *pbuf; + unsigned char *salt; + const unsigned char *pbuf; + int mdsize; + int rv = 0; /* Extract useful info from parameter */ + if (param == NULL || param->type != V_ASN1_SEQUENCE || + param->value.sequence == NULL) { + EVPerror(EVP_R_DECODE_ERROR); + return 0; + } + + mdsize = EVP_MD_size(md); + if (mdsize < 0) + return 0; + pbuf = param->value.sequence->data; - if (!param || (param->type != V_ASN1_SEQUENCE) || - !(pbe = d2i_PBEPARAM (NULL, &pbuf, param->value.sequence->length))) { - EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); + if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) { + EVPerror(EVP_R_DECODE_ERROR); return 0; } - if (!pbe->iter) iter = 1; - else iter = ASN1_INTEGER_get (pbe->iter); + if (!pbe->iter) + iter = 1; + else if ((iter = ASN1_INTEGER_get(pbe->iter)) <= 0) { + EVPerror(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS); + return 0; + } salt = pbe->salt->data; saltlen = pbe->salt->length; - if(!pass) passlen = 0; - else if(passlen == -1) passlen = strlen(pass); + if (!pass) + passlen = 0; + else if (passlen == -1) + passlen = strlen(pass); EVP_MD_CTX_init(&ctx); - EVP_DigestInit_ex(&ctx, md, NULL); - EVP_DigestUpdate(&ctx, pass, passlen); - EVP_DigestUpdate(&ctx, salt, saltlen); - PBEPARAM_free(pbe); - EVP_DigestFinal_ex(&ctx, md_tmp, NULL); + + if (!EVP_DigestInit_ex(&ctx, md, NULL)) + goto err; + if (!EVP_DigestUpdate(&ctx, pass, passlen)) + goto err; + if (!EVP_DigestUpdate(&ctx, salt, saltlen)) + goto err; + if (!EVP_DigestFinal_ex(&ctx, md_tmp, NULL)) + goto err; for (i = 1; i < iter; i++) { - EVP_DigestInit_ex(&ctx, md, NULL); - EVP_DigestUpdate(&ctx, md_tmp, EVP_MD_size(md)); - EVP_DigestFinal_ex (&ctx, md_tmp, NULL); + if (!EVP_DigestInit_ex(&ctx, md, NULL)) + goto err; + if (!EVP_DigestUpdate(&ctx, md_tmp, mdsize)) + goto err; + if (!EVP_DigestFinal_ex (&ctx, md_tmp, NULL)) + goto err; + } + if ((size_t)EVP_CIPHER_key_length(cipher) > sizeof(md_tmp)) { + EVPerror(EVP_R_BAD_KEY_LENGTH); + goto err; } - EVP_MD_CTX_cleanup(&ctx); memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher)); + if ((size_t)EVP_CIPHER_iv_length(cipher) > 16) { + EVPerror(EVP_R_IV_TOO_LARGE); + goto err; + } memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)), - EVP_CIPHER_iv_length(cipher)); - EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de); - memset(md_tmp, 0, EVP_MAX_MD_SIZE); - memset(key, 0, EVP_MAX_KEY_LENGTH); - memset(iv, 0, EVP_MAX_IV_LENGTH); - return 1; + EVP_CIPHER_iv_length(cipher)); + if (!EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de)) + goto err; + explicit_bzero(md_tmp, EVP_MAX_MD_SIZE); + explicit_bzero(key, EVP_MAX_KEY_LENGTH); + explicit_bzero(iv, EVP_MAX_IV_LENGTH); + rv = 1; +err: + EVP_MD_CTX_cleanup(&ctx); + PBEPARAM_free(pbe); + return rv; } diff --git a/src/lib/libcrypto/evp/p5_crpt2.c b/src/lib/libcrypto/evp/p5_crpt2.c index 7881860b53e..4bef2877069 100644 --- a/src/lib/libcrypto/evp/p5_crpt2.c +++ b/src/lib/libcrypto/evp/p5_crpt2.c @@ -1,16 +1,16 @@ -/* p5_crpt2.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: p5_crpt2.c,v 1.23 2017/01/29 17:49:23 beck Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -55,44 +55,57 @@ * Hudson (tjh@cryptsoft.com). * */ -#if !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA) + #include #include -#include +#include + +#include + +#if !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA) + +#include #include #include -#include "cryptlib.h" - -/* set this to print out info about the keygen algorithm */ -/* #define DEBUG_PKCS5V2 */ +#include -#ifdef DEBUG_PKCS5V2 - static void h__dump (const unsigned char *p, int len); -#endif +#include "evp_locl.h" /* This is an implementation of PKCS#5 v2.0 password based encryption key - * derivation function PBKDF2 using the only currently defined function HMAC - * with SHA1. Verified against test vectors posted by Peter Gutmann + * derivation function PBKDF2. + * SHA1 version verified against test vectors posted by Peter Gutmann * to the PKCS-TNG mailing list. */ -int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, - unsigned char *salt, int saltlen, int iter, - int keylen, unsigned char *out) +int +PKCS5_PBKDF2_HMAC(const char *pass, int passlen, const unsigned char *salt, + int saltlen, int iter, const EVP_MD *digest, int keylen, unsigned char *out) { - unsigned char digtmp[SHA_DIGEST_LENGTH], *p, itmp[4]; - int cplen, j, k, tkeylen; + unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4]; + int cplen, j, k, tkeylen, mdlen; unsigned long i = 1; - HMAC_CTX hctx; + HMAC_CTX hctx_tpl, hctx; + + mdlen = EVP_MD_size(digest); + if (mdlen < 0) + return 0; - HMAC_CTX_init(&hctx); + HMAC_CTX_init(&hctx_tpl); p = out; tkeylen = keylen; - if(!pass) passlen = 0; - else if(passlen == -1) passlen = strlen(pass); - while(tkeylen) { - if(tkeylen > SHA_DIGEST_LENGTH) cplen = SHA_DIGEST_LENGTH; - else cplen = tkeylen; + if (!pass) + passlen = 0; + else if (passlen == -1) + passlen = strlen(pass); + if (!HMAC_Init_ex(&hctx_tpl, pass, passlen, digest, NULL)) { + HMAC_CTX_cleanup(&hctx_tpl); + return 0; + } + while (tkeylen) { + if (tkeylen > mdlen) + cplen = mdlen; + else + cplen = tkeylen; /* We are unlikely to ever use more than 256 blocks (5120 bits!) * but just in case... */ @@ -100,151 +113,194 @@ int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, itmp[1] = (unsigned char)((i >> 16) & 0xff); itmp[2] = (unsigned char)((i >> 8) & 0xff); itmp[3] = (unsigned char)(i & 0xff); - HMAC_Init_ex(&hctx, pass, passlen, EVP_sha1(), NULL); - HMAC_Update(&hctx, salt, saltlen); - HMAC_Update(&hctx, itmp, 4); - HMAC_Final(&hctx, digtmp, NULL); + if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) { + HMAC_CTX_cleanup(&hctx_tpl); + return 0; + } + if (!HMAC_Update(&hctx, salt, saltlen) || + !HMAC_Update(&hctx, itmp, 4) || + !HMAC_Final(&hctx, digtmp, NULL)) { + HMAC_CTX_cleanup(&hctx_tpl); + HMAC_CTX_cleanup(&hctx); + return 0; + } + HMAC_CTX_cleanup(&hctx); memcpy(p, digtmp, cplen); - for(j = 1; j < iter; j++) { - HMAC(EVP_sha1(), pass, passlen, - digtmp, SHA_DIGEST_LENGTH, digtmp, NULL); - for(k = 0; k < cplen; k++) p[k] ^= digtmp[k]; + for (j = 1; j < iter; j++) { + if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) { + HMAC_CTX_cleanup(&hctx_tpl); + return 0; + } + if (!HMAC_Update(&hctx, digtmp, mdlen) || + !HMAC_Final(&hctx, digtmp, NULL)) { + HMAC_CTX_cleanup(&hctx_tpl); + HMAC_CTX_cleanup(&hctx); + return 0; + } + HMAC_CTX_cleanup(&hctx); + for (k = 0; k < cplen; k++) + p[k] ^= digtmp[k]; } - tkeylen-= cplen; + tkeylen -= cplen; i++; - p+= cplen; - } - HMAC_CTX_cleanup(&hctx); -#ifdef DEBUG_PKCS5V2 - fprintf(stderr, "Password:\n"); - h__dump (pass, passlen); - fprintf(stderr, "Salt:\n"); - h__dump (salt, saltlen); - fprintf(stderr, "Iteration count %d\n", iter); - fprintf(stderr, "Key:\n"); - h__dump (out, keylen); -#endif + p += cplen; + } + HMAC_CTX_cleanup(&hctx_tpl); return 1; } -#ifdef DO_TEST -main() +int +PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, const unsigned char *salt, + int saltlen, int iter, int keylen, unsigned char *out) { - unsigned char out[4]; - unsigned char salt[] = {0x12, 0x34, 0x56, 0x78}; - PKCS5_PBKDF2_HMAC_SHA1("password", -1, salt, 4, 5, 4, out); - fprintf(stderr, "Out %02X %02X %02X %02X\n", - out[0], out[1], out[2], out[3]); + return PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, + EVP_sha1(), keylen, out); } -#endif - /* Now the key derivation function itself. This is a bit evil because * it has to check the ASN1 parameters are valid: and there are quite a * few of them... */ -int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, - int en_de) +int +PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, int en_de) { - unsigned char *pbuf, *salt, key[EVP_MAX_KEY_LENGTH]; - int saltlen, keylen, iter, plen; + const unsigned char *pbuf; + int plen; PBE2PARAM *pbe2 = NULL; const EVP_CIPHER *cipher; - PBKDF2PARAM *kdf = NULL; + + int rv = 0; + + if (param == NULL || param->type != V_ASN1_SEQUENCE || + param->value.sequence == NULL) { + EVPerror(EVP_R_DECODE_ERROR); + goto err; + } pbuf = param->value.sequence->data; plen = param->value.sequence->length; - if(!param || (param->type != V_ASN1_SEQUENCE) || - !(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) { - EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); - return 0; + if (!(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) { + EVPerror(EVP_R_DECODE_ERROR); + goto err; } /* See if we recognise the key derivation function */ - if(OBJ_obj2nid(pbe2->keyfunc->algorithm) != NID_id_pbkdf2) { - EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, - EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION); + if (OBJ_obj2nid(pbe2->keyfunc->algorithm) != NID_id_pbkdf2) { + EVPerror(EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION); goto err; } /* lets see if we recognise the encryption algorithm. */ - cipher = EVP_get_cipherbyname( - OBJ_nid2sn(OBJ_obj2nid(pbe2->encryption->algorithm))); + cipher = EVP_get_cipherbyobj(pbe2->encryption->algorithm); - if(!cipher) { - EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, - EVP_R_UNSUPPORTED_CIPHER); + if (!cipher) { + EVPerror(EVP_R_UNSUPPORTED_CIPHER); goto err; } /* Fixup cipher based on AlgorithmIdentifier */ - EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de); - if(EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) { - EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, - EVP_R_CIPHER_PARAMETER_ERROR); + if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de)) goto err; + if (EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) { + EVPerror(EVP_R_CIPHER_PARAMETER_ERROR); + goto err; + } + rv = PKCS5_v2_PBKDF2_keyivgen(ctx, pass, passlen, + pbe2->keyfunc->parameter, c, md, en_de); + +err: + PBE2PARAM_free(pbe2); + return rv; +} + +int +PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, int en_de) +{ + unsigned char *salt, key[EVP_MAX_KEY_LENGTH]; + const unsigned char *pbuf; + int saltlen, iter, plen; + int rv = 0; + unsigned int keylen = 0; + int prf_nid, hmac_md_nid; + PBKDF2PARAM *kdf = NULL; + const EVP_MD *prfmd; + + if (EVP_CIPHER_CTX_cipher(ctx) == NULL) { + EVPerror(EVP_R_NO_CIPHER_SET); + return 0; } keylen = EVP_CIPHER_CTX_key_length(ctx); + if (keylen > sizeof key) { + EVPerror(EVP_R_BAD_KEY_LENGTH); + return 0; + } - /* Now decode key derivation function */ + /* Decode parameter */ - pbuf = pbe2->keyfunc->parameter->value.sequence->data; - plen = pbe2->keyfunc->parameter->value.sequence->length; - if(!pbe2->keyfunc->parameter || - (pbe2->keyfunc->parameter->type != V_ASN1_SEQUENCE) || - !(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) { - EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); - goto err; + if (!param || (param->type != V_ASN1_SEQUENCE)) { + EVPerror(EVP_R_DECODE_ERROR); + return 0; } - PBE2PARAM_free(pbe2); - pbe2 = NULL; + pbuf = param->value.sequence->data; + plen = param->value.sequence->length; + + if (!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) { + EVPerror(EVP_R_DECODE_ERROR); + return 0; + } /* Now check the parameters of the kdf */ - if(kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != keylen)){ - EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, - EVP_R_UNSUPPORTED_KEYLENGTH); + if (kdf->keylength && + (ASN1_INTEGER_get(kdf->keylength) != (int)keylen)){ + EVPerror(EVP_R_UNSUPPORTED_KEYLENGTH); + goto err; + } + + if (kdf->prf) + prf_nid = OBJ_obj2nid(kdf->prf->algorithm); + else + prf_nid = NID_hmacWithSHA1; + + if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, prf_nid, NULL, &hmac_md_nid, 0)) { + EVPerror(EVP_R_UNSUPPORTED_PRF); goto err; } - if(kdf->prf && (OBJ_obj2nid(kdf->prf->algorithm) != NID_hmacWithSHA1)) { - EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_PRF); + prfmd = EVP_get_digestbynid(hmac_md_nid); + if (prfmd == NULL) { + EVPerror(EVP_R_UNSUPPORTED_PRF); goto err; } - if(kdf->salt->type != V_ASN1_OCTET_STRING) { - EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, - EVP_R_UNSUPPORTED_SALT_TYPE); + if (kdf->salt->type != V_ASN1_OCTET_STRING) { + EVPerror(EVP_R_UNSUPPORTED_SALT_TYPE); goto err; } /* it seems that its all OK */ salt = kdf->salt->value.octet_string->data; saltlen = kdf->salt->value.octet_string->length; - iter = ASN1_INTEGER_get(kdf->iter); - PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key); - EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de); - memset(key, 0, keylen); - PBKDF2PARAM_free(kdf); - return 1; + if ((iter = ASN1_INTEGER_get(kdf->iter)) <= 0) { + EVPerror(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS); + goto err; + } + if (!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, prfmd, + keylen, key)) + goto err; + rv = EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de); - err: - PBE2PARAM_free(pbe2); +err: + explicit_bzero(key, keylen); PBKDF2PARAM_free(kdf); - return 0; + return rv; } -#ifdef DEBUG_PKCS5V2 -static void h__dump (const unsigned char *p, int len) -{ - for (; len --; p++) fprintf(stderr, "%02X ", *p); - fprintf(stderr, "\n"); -} -#endif #endif diff --git a/src/lib/libcrypto/evp/p_dec.c b/src/lib/libcrypto/evp/p_dec.c index 8af620400e2..c827c5e4c21 100644 --- a/src/lib/libcrypto/evp/p_dec.c +++ b/src/lib/libcrypto/evp/p_dec.c @@ -1,25 +1,25 @@ -/* crypto/evp/p_dec.c */ +/* $OpenBSD: p_dec.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,31 +57,36 @@ */ #include -#include "cryptlib.h" -#include -#ifndef OPENSSL_NO_RSA -#include -#endif + +#include + #include +#include #include #include -int EVP_PKEY_decrypt(unsigned char *key, unsigned char *ek, int ekl, - EVP_PKEY *priv) - { - int ret= -1; - #ifndef OPENSSL_NO_RSA - if (priv->type != EVP_PKEY_RSA) - { +#include #endif - EVPerr(EVP_F_EVP_PKEY_DECRYPT,EVP_R_PUBLIC_KEY_NOT_RSA); + +int +EVP_PKEY_decrypt_old(unsigned char *key, const unsigned char *ek, int ekl, + EVP_PKEY *priv) +{ + int ret = -1; + +#ifndef OPENSSL_NO_RSA + if (priv->type != EVP_PKEY_RSA) { +#endif + EVPerror(EVP_R_PUBLIC_KEY_NOT_RSA); #ifndef OPENSSL_NO_RSA goto err; - } + } + + ret = RSA_private_decrypt(ekl, ek, key, priv->pkey.rsa, + RSA_PKCS1_PADDING); - ret=RSA_private_decrypt(ekl,ek,key,priv->pkey.rsa,RSA_PKCS1_PADDING); err: #endif - return(ret); - } + return (ret); +} diff --git a/src/lib/libcrypto/evp/p_enc.c b/src/lib/libcrypto/evp/p_enc.c index 656883b9968..49c46f1a709 100644 --- a/src/lib/libcrypto/evp/p_enc.c +++ b/src/lib/libcrypto/evp/p_enc.c @@ -1,25 +1,25 @@ -/* crypto/evp/p_enc.c */ +/* $OpenBSD: p_enc.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,30 +57,33 @@ */ #include -#include "cryptlib.h" -#include -#ifndef OPENSSL_NO_RSA -#include -#endif + +#include + +#include #include #include #include -int EVP_PKEY_encrypt(unsigned char *ek, unsigned char *key, int key_len, - EVP_PKEY *pubk) - { - int ret=0; - #ifndef OPENSSL_NO_RSA - if (pubk->type != EVP_PKEY_RSA) - { +#include +#endif + +int +EVP_PKEY_encrypt_old(unsigned char *ek, const unsigned char *key, int key_len, + EVP_PKEY *pubk) +{ + int ret = 0; + +#ifndef OPENSSL_NO_RSA + if (pubk->type != EVP_PKEY_RSA) { #endif - EVPerr(EVP_F_EVP_PKEY_ENCRYPT,EVP_R_PUBLIC_KEY_NOT_RSA); + EVPerror(EVP_R_PUBLIC_KEY_NOT_RSA); #ifndef OPENSSL_NO_RSA goto err; - } - ret=RSA_public_encrypt(key_len,key,ek,pubk->pkey.rsa,RSA_PKCS1_PADDING); + } + ret = RSA_public_encrypt(key_len, key, ek, pubk->pkey.rsa, RSA_PKCS1_PADDING); err: #endif - return(ret); - } + return (ret); +} diff --git a/src/lib/libcrypto/evp/p_lib.c b/src/lib/libcrypto/evp/p_lib.c index 215b94292aa..a0e41d3c75e 100644 --- a/src/lib/libcrypto/evp/p_lib.c +++ b/src/lib/libcrypto/evp/p_lib.c @@ -1,25 +1,25 @@ -/* crypto/evp/p_lib.c */ +/* $OpenBSD: p_lib.c,v 1.25 2019/03/17 18:17:45 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,281 +57,499 @@ */ #include -#include "cryptlib.h" -#include + +#include + +#include +#include #include -#include +#include #include -static void EVP_PKEY_free_it(EVP_PKEY *x); - -int EVP_PKEY_bits(EVP_PKEY *pkey) - { -#ifndef OPENSSL_NO_RSA - if (pkey->type == EVP_PKEY_RSA) - return(BN_num_bits(pkey->pkey.rsa->n)); - else +#ifndef OPENSSL_NO_DH +#include #endif #ifndef OPENSSL_NO_DSA - if (pkey->type == EVP_PKEY_DSA) - return(BN_num_bits(pkey->pkey.dsa->p)); +#include #endif - return(0); - } - -int EVP_PKEY_size(EVP_PKEY *pkey) - { - if (pkey == NULL) - return(0); #ifndef OPENSSL_NO_RSA - if (pkey->type == EVP_PKEY_RSA) - return(RSA_size(pkey->pkey.rsa)); - else +#include #endif -#ifndef OPENSSL_NO_DSA - if (pkey->type == EVP_PKEY_DSA) - return(DSA_size(pkey->pkey.dsa)); + +#ifndef OPENSSL_NO_ENGINE +#include #endif - return(0); - } -int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode) - { +#include "asn1_locl.h" + +static void EVP_PKEY_free_it(EVP_PKEY *x); + +int +EVP_PKEY_bits(const EVP_PKEY *pkey) +{ + if (pkey && pkey->ameth && pkey->ameth->pkey_bits) + return pkey->ameth->pkey_bits(pkey); + return 0; +} + +int +EVP_PKEY_size(const EVP_PKEY *pkey) +{ + if (pkey && pkey->ameth && pkey->ameth->pkey_size) + return pkey->ameth->pkey_size(pkey); + return 0; +} + +int +EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode) +{ #ifndef OPENSSL_NO_DSA - if (pkey->type == EVP_PKEY_DSA) - { - int ret=pkey->save_parameters; + if (pkey->type == EVP_PKEY_DSA) { + int ret = pkey->save_parameters; if (mode >= 0) - pkey->save_parameters=mode; - return(ret); - } + pkey->save_parameters = mode; + return (ret); + } #endif - return(0); +#ifndef OPENSSL_NO_EC + if (pkey->type == EVP_PKEY_EC) { + int ret = pkey->save_parameters; + + if (mode >= 0) + pkey->save_parameters = mode; + return (ret); } +#endif + return (0); +} -int EVP_PKEY_copy_parameters(EVP_PKEY *to, EVP_PKEY *from) - { - if (to->type != from->type) - { - EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS,EVP_R_DIFFERENT_KEY_TYPES); +int +EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) +{ + if (to->type != from->type) { + EVPerror(EVP_R_DIFFERENT_KEY_TYPES); goto err; - } + } - if (EVP_PKEY_missing_parameters(from)) - { - EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS,EVP_R_MISSING_PARAMETERS); + if (EVP_PKEY_missing_parameters(from)) { + EVPerror(EVP_R_MISSING_PARAMETERS); goto err; - } -#ifndef OPENSSL_NO_DSA - if (to->type == EVP_PKEY_DSA) - { - BIGNUM *a; + } + if (from->ameth && from->ameth->param_copy) + return from->ameth->param_copy(to, from); + +err: + return 0; +} + +int +EVP_PKEY_missing_parameters(const EVP_PKEY *pkey) +{ + if (pkey->ameth && pkey->ameth->param_missing) + return pkey->ameth->param_missing(pkey); + return 0; +} - if ((a=BN_dup(from->pkey.dsa->p)) == NULL) goto err; - if (to->pkey.dsa->p != NULL) BN_free(to->pkey.dsa->p); - to->pkey.dsa->p=a; +int +EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) +{ + if (a->type != b->type) + return -1; + if (a->ameth && a->ameth->param_cmp) + return a->ameth->param_cmp(a, b); + return -2; +} - if ((a=BN_dup(from->pkey.dsa->q)) == NULL) goto err; - if (to->pkey.dsa->q != NULL) BN_free(to->pkey.dsa->q); - to->pkey.dsa->q=a; +int +EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b) +{ + if (a->type != b->type) + return -1; - if ((a=BN_dup(from->pkey.dsa->g)) == NULL) goto err; - if (to->pkey.dsa->g != NULL) BN_free(to->pkey.dsa->g); - to->pkey.dsa->g=a; + if (a->ameth) { + int ret; + /* Compare parameters if the algorithm has them */ + if (a->ameth->param_cmp) { + ret = a->ameth->param_cmp(a, b); + if (ret <= 0) + return ret; } -#endif - return(1); -err: - return(0); + + if (a->ameth->pub_cmp) + return a->ameth->pub_cmp(a, b); } -int EVP_PKEY_missing_parameters(EVP_PKEY *pkey) - { -#ifndef OPENSSL_NO_DSA - if (pkey->type == EVP_PKEY_DSA) - { - DSA *dsa; + return -2; +} - dsa=pkey->pkey.dsa; - if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL)) - return(1); - } -#endif - return(0); +EVP_PKEY * +EVP_PKEY_new(void) +{ + EVP_PKEY *ret; + + ret = malloc(sizeof(EVP_PKEY)); + if (ret == NULL) { + EVPerror(ERR_R_MALLOC_FAILURE); + return (NULL); } + ret->type = EVP_PKEY_NONE; + ret->save_type = EVP_PKEY_NONE; + ret->references = 1; + ret->ameth = NULL; + ret->engine = NULL; + ret->pkey.ptr = NULL; + ret->attributes = NULL; + ret->save_parameters = 1; + return (ret); +} -int EVP_PKEY_cmp_parameters(EVP_PKEY *a, EVP_PKEY *b) - { -#ifndef OPENSSL_NO_DSA - if ((a->type == EVP_PKEY_DSA) && (b->type == EVP_PKEY_DSA)) - { - if ( BN_cmp(a->pkey.dsa->p,b->pkey.dsa->p) || - BN_cmp(a->pkey.dsa->q,b->pkey.dsa->q) || - BN_cmp(a->pkey.dsa->g,b->pkey.dsa->g)) - return(0); - else - return(1); - } +int +EVP_PKEY_up_ref(EVP_PKEY *pkey) +{ + int refs = CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); + return ((refs > 1) ? 1 : 0); +} + +/* Setup a public key ASN1 method and ENGINE from a NID or a string. + * If pkey is NULL just return 1 or 0 if the algorithm exists. + */ + +static int +pkey_set_type(EVP_PKEY *pkey, int type, const char *str, int len) +{ + const EVP_PKEY_ASN1_METHOD *ameth; + ENGINE *e = NULL; + if (pkey) { + if (pkey->pkey.ptr) + EVP_PKEY_free_it(pkey); + /* If key type matches and a method exists then this + * lookup has succeeded once so just indicate success. + */ + if ((type == pkey->save_type) && pkey->ameth) + return 1; +#ifndef OPENSSL_NO_ENGINE + ENGINE_finish(pkey->engine); + pkey->engine = NULL; #endif - return(-1); } + if (str) + ameth = EVP_PKEY_asn1_find_str(&e, str, len); + else + ameth = EVP_PKEY_asn1_find(&e, type); +#ifndef OPENSSL_NO_ENGINE + if (pkey == NULL) + ENGINE_finish(e); +#endif + if (!ameth) { + EVPerror(EVP_R_UNSUPPORTED_ALGORITHM); + return 0; + } + if (pkey) { + pkey->ameth = ameth; + pkey->engine = e; -EVP_PKEY *EVP_PKEY_new(void) - { - EVP_PKEY *ret; + pkey->type = pkey->ameth->pkey_id; + pkey->save_type = type; + } + return 1; +} - ret=(EVP_PKEY *)OPENSSL_malloc(sizeof(EVP_PKEY)); - if (ret == NULL) - { - EVPerr(EVP_F_EVP_PKEY_NEW,ERR_R_MALLOC_FAILURE); - return(NULL); - } - ret->type=EVP_PKEY_NONE; - ret->references=1; - ret->pkey.ptr=NULL; - ret->attributes=NULL; - ret->save_parameters=1; - return(ret); +int +EVP_PKEY_set_type(EVP_PKEY *pkey, int type) +{ + return pkey_set_type(pkey, type, NULL, -1); +} + +int +EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len) +{ + return pkey_set_type(pkey, EVP_PKEY_NONE, str, len); +} + +int EVP_PKEY_set_alias_type(EVP_PKEY *pkey, int type) +{ + if (pkey->type == type) { + return 1; /* it already is that type */ } -int EVP_PKEY_assign(EVP_PKEY *pkey, int type, char *key) - { - if (pkey == NULL) return(0); - if (pkey->pkey.ptr != NULL) - EVP_PKEY_free_it(pkey); - pkey->type=EVP_PKEY_type(type); - pkey->save_type=type; - pkey->pkey.ptr=key; - return(key != NULL); + /* + * The application is requesting to alias this to a different pkey type, + * but not one that resolves to the base type. + */ + if (EVP_PKEY_type(type) != EVP_PKEY_base_id(pkey)) { + EVPerror(EVP_R_UNSUPPORTED_ALGORITHM); + return 0; } + pkey->type = type; + return 1; +} + +int +EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key) +{ + if (!EVP_PKEY_set_type(pkey, type)) + return 0; + pkey->pkey.ptr = key; + return (key != NULL); +} + +void * +EVP_PKEY_get0(const EVP_PKEY *pkey) +{ + return pkey->pkey.ptr; +} + +const unsigned char * +EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len) +{ + ASN1_OCTET_STRING *os; + + if (pkey->type != EVP_PKEY_HMAC) { + EVPerror(EVP_R_EXPECTING_AN_HMAC_KEY); + return NULL; + } + + os = EVP_PKEY_get0(pkey); + *len = os->length; + + return os->data; +} + #ifndef OPENSSL_NO_RSA -int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key) +RSA * +EVP_PKEY_get0_RSA(EVP_PKEY *pkey) { - int ret = EVP_PKEY_assign_RSA(pkey, key); - if(ret) - RSA_up_ref(key); - return ret; + if (pkey->type != EVP_PKEY_RSA) { + EVPerror(EVP_R_EXPECTING_AN_RSA_KEY); + return NULL; + } + return pkey->pkey.rsa; } -RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey) - { - if(pkey->type != EVP_PKEY_RSA) { - EVPerr(EVP_F_EVP_PKEY_GET1_RSA, EVP_R_EXPECTING_AN_RSA_KEY); +RSA * +EVP_PKEY_get1_RSA(EVP_PKEY *pkey) +{ + if (pkey->type != EVP_PKEY_RSA) { + EVPerror(EVP_R_EXPECTING_AN_RSA_KEY); return NULL; } RSA_up_ref(pkey->pkey.rsa); return pkey->pkey.rsa; } + +int +EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key) +{ + int ret = EVP_PKEY_assign_RSA(pkey, key); + if (ret != 0) + RSA_up_ref(key); + return ret; +} #endif #ifndef OPENSSL_NO_DSA -int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key) +DSA * +EVP_PKEY_get0_DSA(EVP_PKEY *pkey) { - int ret = EVP_PKEY_assign_DSA(pkey, key); - if(ret) - DSA_up_ref(key); - return ret; + if (pkey->type != EVP_PKEY_DSA) { + EVPerror(EVP_R_EXPECTING_A_DSA_KEY); + return NULL; + } + return pkey->pkey.dsa; } -DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey) - { - if(pkey->type != EVP_PKEY_DSA) { - EVPerr(EVP_F_EVP_PKEY_GET1_DSA, EVP_R_EXPECTING_A_DSA_KEY); +DSA * +EVP_PKEY_get1_DSA(EVP_PKEY *pkey) +{ + if (pkey->type != EVP_PKEY_DSA) { + EVPerror(EVP_R_EXPECTING_A_DSA_KEY); return NULL; } DSA_up_ref(pkey->pkey.dsa); return pkey->pkey.dsa; } + +int +EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key) +{ + int ret = EVP_PKEY_assign_DSA(pkey, key); + if (ret != 0) + DSA_up_ref(key); + return ret; +} #endif -#ifndef OPENSSL_NO_DH +#ifndef OPENSSL_NO_EC +EC_KEY * +EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey) +{ + if (pkey->type != EVP_PKEY_EC) { + EVPerror(EVP_R_EXPECTING_A_EC_KEY); + return NULL; + } + return pkey->pkey.ec; +} -int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key) +EC_KEY * +EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey) { - int ret = EVP_PKEY_assign_DH(pkey, key); - if(ret) - DH_up_ref(key); + if (pkey->type != EVP_PKEY_EC) { + EVPerror(EVP_R_EXPECTING_A_EC_KEY); + return NULL; + } + EC_KEY_up_ref(pkey->pkey.ec); + return pkey->pkey.ec; +} + +int +EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key) +{ + int ret = EVP_PKEY_assign_EC_KEY(pkey, key); + if (ret != 0) + EC_KEY_up_ref(key); return ret; } +#endif -DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey) - { - if(pkey->type != EVP_PKEY_DH) { - EVPerr(EVP_F_EVP_PKEY_GET1_DH, EVP_R_EXPECTING_A_DH_KEY); + +#ifndef OPENSSL_NO_DH +DH * +EVP_PKEY_get0_DH(EVP_PKEY *pkey) +{ + if (pkey->type != EVP_PKEY_DH) { + EVPerror(EVP_R_EXPECTING_A_DH_KEY); + return NULL; + } + return pkey->pkey.dh; +} + +DH * +EVP_PKEY_get1_DH(EVP_PKEY *pkey) +{ + if (pkey->type != EVP_PKEY_DH) { + EVPerror(EVP_R_EXPECTING_A_DH_KEY); return NULL; } DH_up_ref(pkey->pkey.dh); return pkey->pkey.dh; } + +int +EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key) +{ + int ret = EVP_PKEY_assign_DH(pkey, key); + if (ret != 0) + DH_up_ref(key); + return ret; +} #endif -int EVP_PKEY_type(int type) - { - switch (type) - { - case EVP_PKEY_RSA: - case EVP_PKEY_RSA2: - return(EVP_PKEY_RSA); - case EVP_PKEY_DSA: - case EVP_PKEY_DSA1: - case EVP_PKEY_DSA2: - case EVP_PKEY_DSA3: - case EVP_PKEY_DSA4: - return(EVP_PKEY_DSA); - case EVP_PKEY_DH: - return(EVP_PKEY_DH); - default: - return(NID_undef); - } - } +int +EVP_PKEY_type(int type) +{ + int ret; + const EVP_PKEY_ASN1_METHOD *ameth; + ENGINE *e; + ameth = EVP_PKEY_asn1_find(&e, type); + if (ameth) + ret = ameth->pkey_id; + else + ret = NID_undef; +#ifndef OPENSSL_NO_ENGINE + ENGINE_finish(e); +#endif + return ret; +} + +int +EVP_PKEY_id(const EVP_PKEY *pkey) +{ + return pkey->type; +} -void EVP_PKEY_free(EVP_PKEY *x) - { +int +EVP_PKEY_base_id(const EVP_PKEY *pkey) +{ + return EVP_PKEY_type(pkey->type); +} + +void +EVP_PKEY_free(EVP_PKEY *x) +{ int i; - if (x == NULL) return; + if (x == NULL) + return; + + i = CRYPTO_add(&x->references, -1, CRYPTO_LOCK_EVP_PKEY); + if (i > 0) + return; - i=CRYPTO_add(&x->references,-1,CRYPTO_LOCK_EVP_PKEY); -#ifdef REF_PRINT - REF_PRINT("EVP_PKEY",x); -#endif - if (i > 0) return; -#ifdef REF_CHECK - if (i < 0) - { - fprintf(stderr,"EVP_PKEY_free, bad reference count\n"); - abort(); - } -#endif EVP_PKEY_free_it(x); - OPENSSL_free(x); - } + if (x->attributes) + sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free); + free(x); +} -static void EVP_PKEY_free_it(EVP_PKEY *x) - { - switch (x->type) - { -#ifndef OPENSSL_NO_RSA - case EVP_PKEY_RSA: - case EVP_PKEY_RSA2: - RSA_free(x->pkey.rsa); - break; -#endif -#ifndef OPENSSL_NO_DSA - case EVP_PKEY_DSA: - case EVP_PKEY_DSA2: - case EVP_PKEY_DSA3: - case EVP_PKEY_DSA4: - DSA_free(x->pkey.dsa); - break; -#endif -#ifndef OPENSSL_NO_DH - case EVP_PKEY_DH: - DH_free(x->pkey.dh); - break; -#endif - } +static void +EVP_PKEY_free_it(EVP_PKEY *x) +{ + if (x->ameth && x->ameth->pkey_free) { + x->ameth->pkey_free(x); + x->pkey.ptr = NULL; } +#ifndef OPENSSL_NO_ENGINE + ENGINE_finish(x->engine); + x->engine = NULL; +#endif +} + +static int +unsup_alg(BIO *out, const EVP_PKEY *pkey, int indent, const char *kstr) +{ + BIO_indent(out, indent, 128); + BIO_printf(out, "%s algorithm \"%s\" unsupported\n", + kstr, OBJ_nid2ln(pkey->type)); + return 1; +} + +int +EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *pctx) +{ + if (pkey->ameth && pkey->ameth->pub_print) + return pkey->ameth->pub_print(out, pkey, indent, pctx); + + return unsup_alg(out, pkey, indent, "Public Key"); +} + +int +EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *pctx) +{ + if (pkey->ameth && pkey->ameth->priv_print) + return pkey->ameth->priv_print(out, pkey, indent, pctx); + + return unsup_alg(out, pkey, indent, "Private Key"); +} + +int +EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *pctx) +{ + if (pkey->ameth && pkey->ameth->param_print) + return pkey->ameth->param_print(out, pkey, indent, pctx); + return unsup_alg(out, pkey, indent, "Parameters"); +} + +int +EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid) +{ + if (!pkey->ameth || !pkey->ameth->pkey_ctrl) + return -2; + return pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_DEFAULT_MD_NID, + 0, pnid); +} diff --git a/src/lib/libcrypto/evp/p_open.c b/src/lib/libcrypto/evp/p_open.c index 6976f2a867d..57a46706b93 100644 --- a/src/lib/libcrypto/evp/p_open.c +++ b/src/lib/libcrypto/evp/p_open.c @@ -1,25 +1,25 @@ -/* crypto/evp/p_open.c */ +/* $OpenBSD: p_open.c,v 1.19 2017/05/02 03:59:44 deraadt Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,75 +49,78 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_RSA #include -#include "cryptlib.h" +#include + +#include + +#ifndef OPENSSL_NO_RSA + +#include #include #include +#include #include -int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char *ek, - int ekl, unsigned char *iv, EVP_PKEY *priv) - { - unsigned char *key=NULL; - int i,size=0,ret=0; +int +EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, + const unsigned char *ek, int ekl, const unsigned char *iv, EVP_PKEY *priv) +{ + unsigned char *key = NULL; + int i, size = 0, ret = 0; - if(type) { + if (type) { EVP_CIPHER_CTX_init(ctx); - if(!EVP_DecryptInit_ex(ctx,type,NULL, NULL,NULL)) return 0; + if (!EVP_DecryptInit_ex(ctx, type, NULL, NULL, NULL)) + return 0; } - if(!priv) return 1; + if (!priv) + return 1; - if (priv->type != EVP_PKEY_RSA) - { - EVPerr(EVP_F_EVP_OPENINIT,EVP_R_PUBLIC_KEY_NOT_RSA); + if (priv->type != EVP_PKEY_RSA) { + EVPerror(EVP_R_PUBLIC_KEY_NOT_RSA); goto err; - } + } - size=RSA_size(priv->pkey.rsa); - key=(unsigned char *)OPENSSL_malloc(size+2); - if (key == NULL) - { + size = RSA_size(priv->pkey.rsa); + key = malloc(size + 2); + if (key == NULL) { /* ERROR */ - EVPerr(EVP_F_EVP_OPENINIT,ERR_R_MALLOC_FAILURE); + EVPerror(ERR_R_MALLOC_FAILURE); goto err; - } + } - i=EVP_PKEY_decrypt(key,ek,ekl,priv); - if ((i <= 0) || !EVP_CIPHER_CTX_set_key_length(ctx, i)) - { + i = EVP_PKEY_decrypt_old(key, ek, ekl, priv); + if ((i <= 0) || !EVP_CIPHER_CTX_set_key_length(ctx, i)) { /* ERROR */ goto err; - } - if(!EVP_DecryptInit_ex(ctx,NULL,NULL,key,iv)) goto err; - - ret=1; -err: - if (key != NULL) memset(key,0,size); - OPENSSL_free(key); - return(ret); } + if (!EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv)) + goto err; -int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) - { - int i; + ret = 1; - i=EVP_DecryptFinal_ex(ctx,out,outl); - EVP_DecryptInit_ex(ctx,NULL,NULL,NULL,NULL); - return(i); - } -#else /* !OPENSSL_NO_RSA */ +err: + freezero(key, size); + return (ret); +} -# ifdef PEDANTIC -static void *dummy=&dummy; -# endif +int +EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) +{ + int i; + i = EVP_DecryptFinal_ex(ctx, out, outl); + if (i) + i = EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, NULL); + return (i); +} #endif diff --git a/src/lib/libcrypto/evp/p_seal.c b/src/lib/libcrypto/evp/p_seal.c index 37e547fe727..8b9740fbcdc 100644 --- a/src/lib/libcrypto/evp/p_seal.c +++ b/src/lib/libcrypto/evp/p_seal.c @@ -1,25 +1,25 @@ -/* crypto/evp/p_seal.c */ +/* $OpenBSD: p_seal.c,v 1.14 2014/10/22 13:02:04 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,42 +57,48 @@ */ #include -#include "cryptlib.h" -#include -#ifndef OPENSSL_NO_RSA -#include -#endif +#include + +#include + #include #include #include -int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek, - int *ekl, unsigned char *iv, EVP_PKEY **pubk, int npubk) - { +#ifndef OPENSSL_NO_RSA +#include +#endif + +int +EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek, + int *ekl, unsigned char *iv, EVP_PKEY **pubk, int npubk) +{ unsigned char key[EVP_MAX_KEY_LENGTH]; int i; - - if(type) { + + if (type) { EVP_CIPHER_CTX_init(ctx); - if(!EVP_EncryptInit_ex(ctx,type,NULL,NULL,NULL)) return 0; + if (!EVP_EncryptInit_ex(ctx, type, NULL, NULL, NULL)) + return 0; } if ((npubk <= 0) || !pubk) return 1; - if (RAND_bytes(key,EVP_MAX_KEY_LENGTH) <= 0) + if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0) return 0; if (EVP_CIPHER_CTX_iv_length(ctx)) - RAND_pseudo_bytes(iv,EVP_CIPHER_CTX_iv_length(ctx)); + arc4random_buf(iv, EVP_CIPHER_CTX_iv_length(ctx)); - if(!EVP_EncryptInit_ex(ctx,NULL,NULL,key,iv)) return 0; + if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv)) + return 0; - for (i=0; i -#include "cryptlib.h" + +#include #include #include #include -#ifdef undef -void EVP_SignInit(EVP_MD_CTX *ctx, EVP_MD *type) - { - EVP_DigestInit_ex(ctx,type); - } - -void EVP_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data, - unsigned int count) - { - EVP_DigestUpdate(ctx,data,count); - } -#endif - -int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, - EVP_PKEY *pkey) - { +int +EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, + EVP_PKEY *pkey) +{ unsigned char m[EVP_MAX_MD_SIZE]; unsigned int m_len; - int i,ok=0,v; - MS_STATIC EVP_MD_CTX tmp_ctx; + int i = 0, ok = 0, v; + EVP_MD_CTX tmp_ctx; + EVP_PKEY_CTX *pkctx = NULL; - *siglen=0; + *siglen = 0; EVP_MD_CTX_init(&tmp_ctx); - EVP_MD_CTX_copy_ex(&tmp_ctx,ctx); - EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len); + if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx)) + goto err; + if (!EVP_DigestFinal_ex(&tmp_ctx, &(m[0]), &m_len)) + goto err; EVP_MD_CTX_cleanup(&tmp_ctx); - for (i=0; i<4; i++) - { - v=ctx->digest->required_pkey_type[i]; - if (v == 0) break; - if (pkey->type == v) - { - ok=1; + + if (ctx->digest->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) { + size_t sltmp = (size_t)EVP_PKEY_size(pkey); + i = 0; + pkctx = EVP_PKEY_CTX_new(pkey, NULL); + if (!pkctx) + goto err; + if (EVP_PKEY_sign_init(pkctx) <= 0) + goto err; + if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0) + goto err; + if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0) + goto err; + *siglen = sltmp; + i = 1; +err: + EVP_PKEY_CTX_free(pkctx); + return i; + } + + for (i = 0; i < 4; i++) { + v = ctx->digest->required_pkey_type[i]; + if (v == 0) + break; + if (pkey->type == v) { + ok = 1; break; - } - } - if (!ok) - { - EVPerr(EVP_F_EVP_SIGNFINAL,EVP_R_WRONG_PUBLIC_KEY_TYPE); - return(0); - } - if (ctx->digest->sign == NULL) - { - EVPerr(EVP_F_EVP_SIGNFINAL,EVP_R_NO_SIGN_FUNCTION_CONFIGURED); - return(0); } - return(ctx->digest->sign(ctx->digest->type,m,m_len,sigret,siglen, - pkey->pkey.ptr)); + } + if (!ok) { + EVPerror(EVP_R_WRONG_PUBLIC_KEY_TYPE); + return (0); } + if (ctx->digest->sign == NULL) { + EVPerror(EVP_R_NO_SIGN_FUNCTION_CONFIGURED); + return (0); + } + return(ctx->digest->sign(ctx->digest->type, m, m_len, sigret, siglen, + pkey->pkey.ptr)); +} diff --git a/src/lib/libcrypto/evp/p_verify.c b/src/lib/libcrypto/evp/p_verify.c index d854d743a5e..7dd752c4fbe 100644 --- a/src/lib/libcrypto/evp/p_verify.c +++ b/src/lib/libcrypto/evp/p_verify.c @@ -1,25 +1,25 @@ -/* crypto/evp/p_verify.c */ +/* $OpenBSD: p_verify.c,v 1.13 2017/01/29 17:49:23 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,45 +57,62 @@ */ #include -#include "cryptlib.h" + +#include #include #include #include -int EVP_VerifyFinal(EVP_MD_CTX *ctx, unsigned char *sigbuf, - unsigned int siglen, EVP_PKEY *pkey) - { +int +EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, + unsigned int siglen, EVP_PKEY *pkey) +{ unsigned char m[EVP_MAX_MD_SIZE]; unsigned int m_len; - int i,ok=0,v; - MS_STATIC EVP_MD_CTX tmp_ctx; + int i = 0, ok = 0, v; + EVP_MD_CTX tmp_ctx; + EVP_PKEY_CTX *pkctx = NULL; - for (i=0; i<4; i++) - { - v=ctx->digest->required_pkey_type[i]; - if (v == 0) break; - if (pkey->type == v) - { - ok=1; - break; - } - } - if (!ok) - { - EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_WRONG_PUBLIC_KEY_TYPE); - return(-1); - } EVP_MD_CTX_init(&tmp_ctx); - EVP_MD_CTX_copy_ex(&tmp_ctx,ctx); - EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len); + if (!EVP_MD_CTX_copy_ex(&tmp_ctx, ctx)) + goto err; + if (!EVP_DigestFinal_ex(&tmp_ctx, &(m[0]), &m_len)) + goto err; EVP_MD_CTX_cleanup(&tmp_ctx); - if (ctx->digest->verify == NULL) - { - EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_NO_VERIFY_FUNCTION_CONFIGURED); - return(0); - } - return(ctx->digest->verify(ctx->digest->type,m,m_len, - sigbuf,siglen,pkey->pkey.ptr)); + if (ctx->digest->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) { + i = -1; + pkctx = EVP_PKEY_CTX_new(pkey, NULL); + if (!pkctx) + goto err; + if (EVP_PKEY_verify_init(pkctx) <= 0) + goto err; + if (EVP_PKEY_CTX_set_signature_md(pkctx, ctx->digest) <= 0) + goto err; + i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len); +err: + EVP_PKEY_CTX_free(pkctx); + return i; + } + + for (i = 0; i < 4; i++) { + v = ctx->digest->required_pkey_type[i]; + if (v == 0) + break; + if (pkey->type == v) { + ok = 1; + break; + } + } + if (!ok) { + EVPerror(EVP_R_WRONG_PUBLIC_KEY_TYPE); + return (-1); + } + if (ctx->digest->verify == NULL) { + EVPerror(EVP_R_NO_VERIFY_FUNCTION_CONFIGURED); + return (0); } + return(ctx->digest->verify(ctx->digest->type, m, m_len, + sigbuf, siglen, pkey->pkey.ptr)); +} diff --git a/src/lib/libcrypto/evp/pmeth_fn.c b/src/lib/libcrypto/evp/pmeth_fn.c new file mode 100644 index 00000000000..c9117eedd48 --- /dev/null +++ b/src/lib/libcrypto/evp/pmeth_fn.c @@ -0,0 +1,345 @@ +/* $OpenBSD: pmeth_fn.c,v 1.6 2017/01/29 17:49:23 beck Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2006. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include + +#include +#include +#include + +#include "evp_locl.h" + +#define M_check_autoarg(ctx, arg, arglen, err) \ + if (ctx->pmeth->flags & EVP_PKEY_FLAG_AUTOARGLEN) \ + { \ + size_t pksize = (size_t)EVP_PKEY_size(ctx->pkey); \ + if (!arg) \ + { \ + *arglen = pksize; \ + return 1; \ + } \ + else if (*arglen < pksize) \ + { \ + EVPerror(EVP_R_BUFFER_TOO_SMALL); /*ckerr_ignore*/\ + return 0; \ + } \ + } + +int +EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx) +{ + int ret; + + if (!ctx || !ctx->pmeth || !ctx->pmeth->sign) { + EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + ctx->operation = EVP_PKEY_OP_SIGN; + if (!ctx->pmeth->sign_init) + return 1; + ret = ctx->pmeth->sign_init(ctx); + if (ret <= 0) + ctx->operation = EVP_PKEY_OP_UNDEFINED; + return ret; +} + +int +EVP_PKEY_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen) +{ + if (!ctx || !ctx->pmeth || !ctx->pmeth->sign) { + EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + if (ctx->operation != EVP_PKEY_OP_SIGN) { + EVPerror(EVP_R_OPERATON_NOT_INITIALIZED); + return -1; + } + M_check_autoarg(ctx, sig, siglen, EVP_F_EVP_PKEY_SIGN) + return ctx->pmeth->sign(ctx, sig, siglen, tbs, tbslen); +} + +int +EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx) +{ + int ret; + + if (!ctx || !ctx->pmeth || !ctx->pmeth->verify) { + EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + ctx->operation = EVP_PKEY_OP_VERIFY; + if (!ctx->pmeth->verify_init) + return 1; + ret = ctx->pmeth->verify_init(ctx); + if (ret <= 0) + ctx->operation = EVP_PKEY_OP_UNDEFINED; + return ret; +} + +int +EVP_PKEY_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen) +{ + if (!ctx || !ctx->pmeth || !ctx->pmeth->verify) { + EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + if (ctx->operation != EVP_PKEY_OP_VERIFY) { + EVPerror(EVP_R_OPERATON_NOT_INITIALIZED); + return -1; + } + return ctx->pmeth->verify(ctx, sig, siglen, tbs, tbslen); +} + +int +EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx) +{ + int ret; + + if (!ctx || !ctx->pmeth || !ctx->pmeth->verify_recover) { + EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + ctx->operation = EVP_PKEY_OP_VERIFYRECOVER; + if (!ctx->pmeth->verify_recover_init) + return 1; + ret = ctx->pmeth->verify_recover_init(ctx); + if (ret <= 0) + ctx->operation = EVP_PKEY_OP_UNDEFINED; + return ret; +} + +int +EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx, unsigned char *rout, size_t *routlen, + const unsigned char *sig, size_t siglen) +{ + if (!ctx || !ctx->pmeth || !ctx->pmeth->verify_recover) { + EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + if (ctx->operation != EVP_PKEY_OP_VERIFYRECOVER) { + EVPerror(EVP_R_OPERATON_NOT_INITIALIZED); + return -1; + } + M_check_autoarg(ctx, rout, routlen, EVP_F_EVP_PKEY_VERIFY_RECOVER) + return ctx->pmeth->verify_recover(ctx, rout, routlen, sig, siglen); +} + +int +EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx) +{ + int ret; + + if (!ctx || !ctx->pmeth || !ctx->pmeth->encrypt) { + EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + ctx->operation = EVP_PKEY_OP_ENCRYPT; + if (!ctx->pmeth->encrypt_init) + return 1; + ret = ctx->pmeth->encrypt_init(ctx); + if (ret <= 0) + ctx->operation = EVP_PKEY_OP_UNDEFINED; + return ret; +} + +int +EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen) +{ + if (!ctx || !ctx->pmeth || !ctx->pmeth->encrypt) { + EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + if (ctx->operation != EVP_PKEY_OP_ENCRYPT) { + EVPerror(EVP_R_OPERATON_NOT_INITIALIZED); + return -1; + } + M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_ENCRYPT) + return ctx->pmeth->encrypt(ctx, out, outlen, in, inlen); +} + +int +EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx) +{ + int ret; + + if (!ctx || !ctx->pmeth || !ctx->pmeth->decrypt) { + EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + ctx->operation = EVP_PKEY_OP_DECRYPT; + if (!ctx->pmeth->decrypt_init) + return 1; + ret = ctx->pmeth->decrypt_init(ctx); + if (ret <= 0) + ctx->operation = EVP_PKEY_OP_UNDEFINED; + return ret; +} + +int +EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen) +{ + if (!ctx || !ctx->pmeth || !ctx->pmeth->decrypt) { + EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + if (ctx->operation != EVP_PKEY_OP_DECRYPT) { + EVPerror(EVP_R_OPERATON_NOT_INITIALIZED); + return -1; + } + M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_DECRYPT) + return ctx->pmeth->decrypt(ctx, out, outlen, in, inlen); +} + +int +EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx) +{ + int ret; + + if (!ctx || !ctx->pmeth || !ctx->pmeth->derive) { + EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + ctx->operation = EVP_PKEY_OP_DERIVE; + if (!ctx->pmeth->derive_init) + return 1; + ret = ctx->pmeth->derive_init(ctx); + if (ret <= 0) + ctx->operation = EVP_PKEY_OP_UNDEFINED; + return ret; +} + +int +EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer) +{ + int ret; + + if (!ctx || !ctx->pmeth || !(ctx->pmeth->derive || + ctx->pmeth->encrypt || ctx->pmeth->decrypt) || + !ctx->pmeth->ctrl) { + EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + if (ctx->operation != EVP_PKEY_OP_DERIVE && + ctx->operation != EVP_PKEY_OP_ENCRYPT && + ctx->operation != EVP_PKEY_OP_DECRYPT) { + EVPerror(EVP_R_OPERATON_NOT_INITIALIZED); + return -1; + } + + ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 0, peer); + + if (ret <= 0) + return ret; + + if (ret == 2) + return 1; + + if (!ctx->pkey) { + EVPerror(EVP_R_NO_KEY_SET); + return -1; + } + + if (ctx->pkey->type != peer->type) { + EVPerror(EVP_R_DIFFERENT_KEY_TYPES); + return -1; + } + + /* ran@cryptocom.ru: For clarity. The error is if parameters in peer are + * present (!missing) but don't match. EVP_PKEY_cmp_parameters may return + * 1 (match), 0 (don't match) and -2 (comparison is not defined). -1 + * (different key types) is impossible here because it is checked earlier. + * -2 is OK for us here, as well as 1, so we can check for 0 only. */ + if (!EVP_PKEY_missing_parameters(peer) && + !EVP_PKEY_cmp_parameters(ctx->pkey, peer)) { + EVPerror(EVP_R_DIFFERENT_PARAMETERS); + return -1; + } + + EVP_PKEY_free(ctx->peerkey); + ctx->peerkey = peer; + + ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 1, peer); + + if (ret <= 0) { + ctx->peerkey = NULL; + return ret; + } + + CRYPTO_add(&peer->references, 1, CRYPTO_LOCK_EVP_PKEY); + return 1; +} + +int +EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *pkeylen) +{ + if (!ctx || !ctx->pmeth || !ctx->pmeth->derive) { + EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + if (ctx->operation != EVP_PKEY_OP_DERIVE) { + EVPerror(EVP_R_OPERATON_NOT_INITIALIZED); + return -1; + } + M_check_autoarg(ctx, key, pkeylen, EVP_F_EVP_PKEY_DERIVE) + return ctx->pmeth->derive(ctx, key, pkeylen); +} diff --git a/src/lib/libcrypto/evp/pmeth_gn.c b/src/lib/libcrypto/evp/pmeth_gn.c new file mode 100644 index 00000000000..d1cbdc409f6 --- /dev/null +++ b/src/lib/libcrypto/evp/pmeth_gn.c @@ -0,0 +1,223 @@ +/* $OpenBSD: pmeth_gn.c,v 1.6 2017/01/29 17:49:23 beck Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2006. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include + +#include +#include +#include +#include + +#include "evp_locl.h" + +int +EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx) +{ + int ret; + + if (!ctx || !ctx->pmeth || !ctx->pmeth->paramgen) { + EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + ctx->operation = EVP_PKEY_OP_PARAMGEN; + if (!ctx->pmeth->paramgen_init) + return 1; + ret = ctx->pmeth->paramgen_init(ctx); + if (ret <= 0) + ctx->operation = EVP_PKEY_OP_UNDEFINED; + return ret; +} + +int +EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) +{ + int ret; + + if (!ctx || !ctx->pmeth || !ctx->pmeth->paramgen) { + EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + + if (ctx->operation != EVP_PKEY_OP_PARAMGEN) { + EVPerror(EVP_R_OPERATON_NOT_INITIALIZED); + return -1; + } + + if (!ppkey) + return -1; + + if (!*ppkey) + *ppkey = EVP_PKEY_new(); + + ret = ctx->pmeth->paramgen(ctx, *ppkey); + if (ret <= 0) { + EVP_PKEY_free(*ppkey); + *ppkey = NULL; + } + return ret; +} + +int +EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx) +{ + int ret; + + if (!ctx || !ctx->pmeth || !ctx->pmeth->keygen) { + EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + ctx->operation = EVP_PKEY_OP_KEYGEN; + if (!ctx->pmeth->keygen_init) + return 1; + ret = ctx->pmeth->keygen_init(ctx); + if (ret <= 0) + ctx->operation = EVP_PKEY_OP_UNDEFINED; + return ret; +} + +int +EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey) +{ + int ret; + + if (!ctx || !ctx->pmeth || !ctx->pmeth->keygen) { + EVPerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + } + if (ctx->operation != EVP_PKEY_OP_KEYGEN) { + EVPerror(EVP_R_OPERATON_NOT_INITIALIZED); + return -1; + } + + if (!ppkey) + return -1; + + if (!*ppkey) + *ppkey = EVP_PKEY_new(); + + ret = ctx->pmeth->keygen(ctx, *ppkey); + if (ret <= 0) { + EVP_PKEY_free(*ppkey); + *ppkey = NULL; + } + return ret; +} + +void +EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb) +{ + ctx->pkey_gencb = cb; +} + +EVP_PKEY_gen_cb * +EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx) +{ + return ctx->pkey_gencb; +} + +/* "translation callback" to call EVP_PKEY_CTX callbacks using BN_GENCB + * style callbacks. + */ + +static int +trans_cb(int a, int b, BN_GENCB *gcb) +{ + EVP_PKEY_CTX *ctx = gcb->arg; + ctx->keygen_info[0] = a; + ctx->keygen_info[1] = b; + return ctx->pkey_gencb(ctx); +} + +void +evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx) +{ + BN_GENCB_set(cb, trans_cb, ctx) +} + +int +EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx) +{ + if (idx == -1) + return ctx->keygen_info_count; + if (idx < 0 || idx > ctx->keygen_info_count) + return 0; + return ctx->keygen_info[idx]; +} + +EVP_PKEY * +EVP_PKEY_new_mac_key(int type, ENGINE *e, const unsigned char *key, int keylen) +{ + EVP_PKEY_CTX *mac_ctx = NULL; + EVP_PKEY *mac_key = NULL; + + mac_ctx = EVP_PKEY_CTX_new_id(type, e); + if (!mac_ctx) + return NULL; + if (EVP_PKEY_keygen_init(mac_ctx) <= 0) + goto merr; + if (EVP_PKEY_CTX_ctrl(mac_ctx, -1, EVP_PKEY_OP_KEYGEN, + EVP_PKEY_CTRL_SET_MAC_KEY, keylen, (void *)key) <= 0) + goto merr; + if (EVP_PKEY_keygen(mac_ctx, &mac_key) <= 0) + goto merr; + +merr: + EVP_PKEY_CTX_free(mac_ctx); + return mac_key; +} diff --git a/src/lib/libcrypto/evp/pmeth_lib.c b/src/lib/libcrypto/evp/pmeth_lib.c new file mode 100644 index 00000000000..ff0be001002 --- /dev/null +++ b/src/lib/libcrypto/evp/pmeth_lib.c @@ -0,0 +1,628 @@ +/* $OpenBSD: pmeth_lib.c,v 1.14 2018/04/14 07:09:21 tb Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2006. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include +#include + +#include + +#include +#include +#include + +#ifndef OPENSSL_NO_ENGINE +#include +#endif + +#include "asn1_locl.h" +#include "evp_locl.h" + +typedef int sk_cmp_fn_type(const char * const *a, const char * const *b); + +DECLARE_STACK_OF(EVP_PKEY_METHOD) +STACK_OF(EVP_PKEY_METHOD) *app_pkey_methods = NULL; + +extern const EVP_PKEY_METHOD rsa_pkey_meth, dh_pkey_meth, dsa_pkey_meth; +extern const EVP_PKEY_METHOD ec_pkey_meth, hmac_pkey_meth, cmac_pkey_meth; +extern const EVP_PKEY_METHOD gostimit_pkey_meth, gostr01_pkey_meth; +extern const EVP_PKEY_METHOD sm2_pkey_meth; + +static const EVP_PKEY_METHOD *standard_methods[] = { +#ifndef OPENSSL_NO_RSA + &rsa_pkey_meth, +#endif +#ifndef OPENSSL_NO_DH + &dh_pkey_meth, +#endif +#ifndef OPENSSL_NO_DSA + &dsa_pkey_meth, +#endif +#ifndef OPENSSL_NO_EC + &ec_pkey_meth, +#endif +#ifndef OPENSSL_NO_GOST + &gostr01_pkey_meth, + &gostimit_pkey_meth, +#endif + &hmac_pkey_meth, + &cmac_pkey_meth, +#ifndef OPENSSL_NO_SM2 + &sm2_pkey_meth, +#endif +}; + +static int pmeth_cmp_BSEARCH_CMP_FN(const void *, const void *); +static int pmeth_cmp(const EVP_PKEY_METHOD * const *, const EVP_PKEY_METHOD * const *); +static const EVP_PKEY_METHOD * *OBJ_bsearch_pmeth(const EVP_PKEY_METHOD * *key, const EVP_PKEY_METHOD * const *base, int num); + +static int +pmeth_cmp(const EVP_PKEY_METHOD * const *a, const EVP_PKEY_METHOD * const *b) +{ + return ((*a)->pkey_id - (*b)->pkey_id); +} + + +static int +pmeth_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) +{ + const EVP_PKEY_METHOD * const *a = a_; + const EVP_PKEY_METHOD * const *b = b_; + return pmeth_cmp(a, b); +} + +static const EVP_PKEY_METHOD * * +OBJ_bsearch_pmeth(const EVP_PKEY_METHOD * *key, const EVP_PKEY_METHOD * const *base, int num) +{ + return (const EVP_PKEY_METHOD * *)OBJ_bsearch_(key, base, num, sizeof(const EVP_PKEY_METHOD *), + pmeth_cmp_BSEARCH_CMP_FN); +} + +const EVP_PKEY_METHOD * +EVP_PKEY_meth_find(int type) +{ + EVP_PKEY_METHOD tmp; + const EVP_PKEY_METHOD *t = &tmp, **ret; + + tmp.pkey_id = type; + if (app_pkey_methods) { + int idx; + idx = sk_EVP_PKEY_METHOD_find(app_pkey_methods, &tmp); + if (idx >= 0) + return sk_EVP_PKEY_METHOD_value(app_pkey_methods, idx); + } + ret = OBJ_bsearch_pmeth(&t, standard_methods, + sizeof(standard_methods)/sizeof(EVP_PKEY_METHOD *)); + if (!ret || !*ret) + return NULL; + return *ret; +} + +static EVP_PKEY_CTX * +int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id) +{ + EVP_PKEY_CTX *ret; + const EVP_PKEY_METHOD *pmeth; + + if (id == -1) { + id = pkey->type; + } +#ifndef OPENSSL_NO_ENGINE + if (pkey && pkey->engine) + e = pkey->engine; + /* Try to find an ENGINE which implements this method */ + if (e) { + if (!ENGINE_init(e)) { + EVPerror(ERR_R_ENGINE_LIB); + return NULL; + } + } else + e = ENGINE_get_pkey_meth_engine(id); + + /* If an ENGINE handled this method look it up. Othewise + * use internal tables. + */ + + if (e) + pmeth = ENGINE_get_pkey_meth(e, id); + else +#endif + pmeth = EVP_PKEY_meth_find(id); + + if (pmeth == NULL) { + EVPerror(EVP_R_UNSUPPORTED_ALGORITHM); + return NULL; + } + + ret = malloc(sizeof(EVP_PKEY_CTX)); + if (ret == NULL) { +#ifndef OPENSSL_NO_ENGINE + ENGINE_finish(e); +#endif + EVPerror(ERR_R_MALLOC_FAILURE); + return NULL; + } + ret->engine = e; + ret->pmeth = pmeth; + ret->operation = EVP_PKEY_OP_UNDEFINED; + ret->pkey = pkey; + ret->peerkey = NULL; + ret->pkey_gencb = 0; + if (pkey) + CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); + ret->data = NULL; + + if (pmeth->init) { + if (pmeth->init(ret) <= 0) { + EVP_PKEY_CTX_free(ret); + return NULL; + } + } + + return ret; +} + +EVP_PKEY_METHOD* +EVP_PKEY_meth_new(int id, int flags) +{ + EVP_PKEY_METHOD *pmeth; + + pmeth = calloc(1, sizeof(EVP_PKEY_METHOD)); + if (!pmeth) + return NULL; + + pmeth->pkey_id = id; + pmeth->flags = flags | EVP_PKEY_FLAG_DYNAMIC; + + pmeth->init = 0; + pmeth->copy = 0; + pmeth->cleanup = 0; + pmeth->paramgen_init = 0; + pmeth->paramgen = 0; + pmeth->keygen_init = 0; + pmeth->keygen = 0; + pmeth->sign_init = 0; + pmeth->sign = 0; + pmeth->verify_init = 0; + pmeth->verify = 0; + pmeth->verify_recover_init = 0; + pmeth->verify_recover = 0; + pmeth->signctx_init = 0; + pmeth->signctx = 0; + pmeth->verifyctx_init = 0; + pmeth->verifyctx = 0; + pmeth->encrypt_init = 0; + pmeth->encrypt = 0; + pmeth->decrypt_init = 0; + pmeth->decrypt = 0; + pmeth->derive_init = 0; + pmeth->derive = 0; + pmeth->ctrl = 0; + pmeth->ctrl_str = 0; + + return pmeth; +} + +void +EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags, const EVP_PKEY_METHOD *meth) +{ + if (ppkey_id) + *ppkey_id = meth->pkey_id; + if (pflags) + *pflags = meth->flags; +} + +void +EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src) +{ + dst->init = src->init; + dst->copy = src->copy; + dst->cleanup = src->cleanup; + + dst->paramgen_init = src->paramgen_init; + dst->paramgen = src->paramgen; + + dst->keygen_init = src->keygen_init; + dst->keygen = src->keygen; + + dst->sign_init = src->sign_init; + dst->sign = src->sign; + + dst->verify_init = src->verify_init; + dst->verify = src->verify; + + dst->verify_recover_init = src->verify_recover_init; + dst->verify_recover = src->verify_recover; + + dst->signctx_init = src->signctx_init; + dst->signctx = src->signctx; + + dst->verifyctx_init = src->verifyctx_init; + dst->verifyctx = src->verifyctx; + + dst->encrypt_init = src->encrypt_init; + dst->encrypt = src->encrypt; + + dst->decrypt_init = src->decrypt_init; + dst->decrypt = src->decrypt; + + dst->derive_init = src->derive_init; + dst->derive = src->derive; + + dst->ctrl = src->ctrl; + dst->ctrl_str = src->ctrl_str; +} + +void +EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth) +{ + if (pmeth && (pmeth->flags & EVP_PKEY_FLAG_DYNAMIC)) + free(pmeth); +} + +EVP_PKEY_CTX * +EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e) +{ + return int_ctx_new(pkey, e, -1); +} + +EVP_PKEY_CTX * +EVP_PKEY_CTX_new_id(int id, ENGINE *e) +{ + return int_ctx_new(NULL, e, id); +} + +EVP_PKEY_CTX * +EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx) +{ + EVP_PKEY_CTX *rctx; + + if (!pctx->pmeth || !pctx->pmeth->copy) + return NULL; +#ifndef OPENSSL_NO_ENGINE + /* Make sure it's safe to copy a pkey context using an ENGINE */ + if (pctx->engine && !ENGINE_init(pctx->engine)) { + EVPerror(ERR_R_ENGINE_LIB); + return 0; + } +#endif + rctx = malloc(sizeof(EVP_PKEY_CTX)); + if (!rctx) + return NULL; + + rctx->pmeth = pctx->pmeth; +#ifndef OPENSSL_NO_ENGINE + rctx->engine = pctx->engine; +#endif + + if (pctx->pkey) + CRYPTO_add(&pctx->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); + + rctx->pkey = pctx->pkey; + + if (pctx->peerkey) + CRYPTO_add(&pctx->peerkey->references, 1, CRYPTO_LOCK_EVP_PKEY); + + rctx->peerkey = pctx->peerkey; + + rctx->data = NULL; + rctx->app_data = NULL; + rctx->operation = pctx->operation; + + if (pctx->pmeth->copy(rctx, pctx) > 0) + return rctx; + + EVP_PKEY_CTX_free(rctx); + return NULL; +} + +int +EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth) +{ + if (app_pkey_methods == NULL) { + app_pkey_methods = sk_EVP_PKEY_METHOD_new(pmeth_cmp); + if (!app_pkey_methods) + return 0; + } + if (!sk_EVP_PKEY_METHOD_push(app_pkey_methods, pmeth)) + return 0; + sk_EVP_PKEY_METHOD_sort(app_pkey_methods); + return 1; +} + +void +EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx) +{ + if (ctx == NULL) + return; + if (ctx->pmeth && ctx->pmeth->cleanup) + ctx->pmeth->cleanup(ctx); + EVP_PKEY_free(ctx->pkey); + EVP_PKEY_free(ctx->peerkey); +#ifndef OPENSSL_NO_ENGINE + ENGINE_finish(ctx->engine); +#endif + free(ctx); +} + +int +EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, int cmd, + int p1, void *p2) +{ + int ret; + + if (!ctx || !ctx->pmeth || !ctx->pmeth->ctrl) { + EVPerror(EVP_R_COMMAND_NOT_SUPPORTED); + return -2; + } + if ((keytype != -1) && (ctx->pmeth->pkey_id != keytype)) + return -1; + + if (ctx->operation == EVP_PKEY_OP_UNDEFINED) { + EVPerror(EVP_R_NO_OPERATION_SET); + return -1; + } + + if ((optype != -1) && !(ctx->operation & optype)) { + EVPerror(EVP_R_INVALID_OPERATION); + return -1; + } + + ret = ctx->pmeth->ctrl(ctx, cmd, p1, p2); + + if (ret == -2) + EVPerror(EVP_R_COMMAND_NOT_SUPPORTED); + + return ret; + +} + +int +EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *name, const char *value) +{ + if (!ctx || !ctx->pmeth || !ctx->pmeth->ctrl_str) { + EVPerror(EVP_R_COMMAND_NOT_SUPPORTED); + return -2; + } + if (!strcmp(name, "digest")) { + const EVP_MD *md; + if (!value || !(md = EVP_get_digestbyname(value))) { + EVPerror(EVP_R_INVALID_DIGEST); + return 0; + } + return EVP_PKEY_CTX_set_signature_md(ctx, md); + } + return ctx->pmeth->ctrl_str(ctx, name, value); +} + +int +EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx) +{ + return ctx->operation; +} + +void +EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen) +{ + ctx->keygen_info = dat; + ctx->keygen_info_count = datlen; +} + +void +EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data) +{ + ctx->data = data; +} + +void * +EVP_PKEY_CTX_get_data(EVP_PKEY_CTX *ctx) +{ + return ctx->data; +} + +EVP_PKEY * +EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx) +{ + return ctx->pkey; +} + +EVP_PKEY * +EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX *ctx) +{ + return ctx->peerkey; +} + +void +EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data) +{ + ctx->app_data = data; +} + +void * +EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx) +{ + return ctx->app_data; +} + +void +EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth, + int (*init)(EVP_PKEY_CTX *ctx)) +{ + pmeth->init = init; +} + +void +EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth, + int (*copy)(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)) +{ + pmeth->copy = copy; +} + +void +EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth, + void (*cleanup)(EVP_PKEY_CTX *ctx)) +{ + pmeth->cleanup = cleanup; +} + +void +EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth, + int (*paramgen_init)(EVP_PKEY_CTX *ctx), + int (*paramgen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)) +{ + pmeth->paramgen_init = paramgen_init; + pmeth->paramgen = paramgen; +} + +void +EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth, + int (*keygen_init)(EVP_PKEY_CTX *ctx), + int (*keygen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)) +{ + pmeth->keygen_init = keygen_init; + pmeth->keygen = keygen; +} + +void +EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth, + int (*sign_init)(EVP_PKEY_CTX *ctx), + int (*sign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen)) +{ + pmeth->sign_init = sign_init; + pmeth->sign = sign; +} + +void +EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth, + int (*verify_init)(EVP_PKEY_CTX *ctx), + int (*verify)(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen)) +{ + pmeth->verify_init = verify_init; + pmeth->verify = verify; +} + +void +EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth, + int (*verify_recover_init)(EVP_PKEY_CTX *ctx), + int (*verify_recover)(EVP_PKEY_CTX *ctx, + unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen)) +{ + pmeth->verify_recover_init = verify_recover_init; + pmeth->verify_recover = verify_recover; +} + +void +EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth, + int (*signctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx), + int (*signctx)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + EVP_MD_CTX *mctx)) +{ + pmeth->signctx_init = signctx_init; + pmeth->signctx = signctx; +} + +void +EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth, + int (*verifyctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx), + int (*verifyctx)(EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen, + EVP_MD_CTX *mctx)) +{ + pmeth->verifyctx_init = verifyctx_init; + pmeth->verifyctx = verifyctx; +} + +void +EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth, + int (*encrypt_init)(EVP_PKEY_CTX *ctx), + int (*encryptfn)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen)) +{ + pmeth->encrypt_init = encrypt_init; + pmeth->encrypt = encryptfn; +} + +void +EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth, + int (*decrypt_init)(EVP_PKEY_CTX *ctx), + int (*decrypt)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen)) +{ + pmeth->decrypt_init = decrypt_init; + pmeth->decrypt = decrypt; +} + +void +EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth, + int (*derive_init)(EVP_PKEY_CTX *ctx), + int (*derive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)) +{ + pmeth->derive_init = derive_init; + pmeth->derive = derive; +} + +void +EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth, + int (*ctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2), + int (*ctrl_str)(EVP_PKEY_CTX *ctx, const char *type, const char *value)) +{ + pmeth->ctrl = ctrl; + pmeth->ctrl_str = ctrl_str; +} diff --git a/src/lib/libcrypto/ex_data.c b/src/lib/libcrypto/ex_data.c index 5b2e345c27b..b1e39136629 100644 --- a/src/lib/libcrypto/ex_data.c +++ b/src/lib/libcrypto/ex_data.c @@ -1,4 +1,4 @@ -/* crypto/ex_data.c */ +/* $OpenBSD: ex_data.c,v 1.20 2018/03/17 16:20:01 beck Exp $ */ /* * Overhaul notes; @@ -34,21 +34,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -63,10 +63,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -78,7 +78,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -92,7 +92,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -138,16 +138,11 @@ * */ -#include -#include -#include -#include +#include #include -#include "cryptlib.h" /* What an "implementation of ex_data functionality" looks like */ -struct st_CRYPTO_EX_DATA_IMPL - { +struct st_CRYPTO_EX_DATA_IMPL { /*********************/ /* GLOBAL OPERATIONS */ /* Return a new class index */ @@ -158,79 +153,83 @@ struct st_CRYPTO_EX_DATA_IMPL /* PER-CLASS OPERATIONS */ /* Get a new method index within a class */ int (*cb_get_new_index)(int class_index, long argl, void *argp, - CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func); + CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, + CRYPTO_EX_free *free_func); /* Initialise a new CRYPTO_EX_DATA of a given class */ int (*cb_new_ex_data)(int class_index, void *obj, - CRYPTO_EX_DATA *ad); + CRYPTO_EX_DATA *ad); /* Duplicate a CRYPTO_EX_DATA of a given class onto a copy */ int (*cb_dup_ex_data)(int class_index, CRYPTO_EX_DATA *to, - CRYPTO_EX_DATA *from); + CRYPTO_EX_DATA *from); /* Cleanup a CRYPTO_EX_DATA of a given class */ void (*cb_free_ex_data)(int class_index, void *obj, - CRYPTO_EX_DATA *ad); - }; + CRYPTO_EX_DATA *ad); +}; /* The implementation we use at run-time */ static const CRYPTO_EX_DATA_IMPL *impl = NULL; /* To call "impl" functions, use this macro rather than referring to 'impl' directly, eg. - * EX_IMPL(get_new_index)(...); */ + * EX_IMPL(get_new_index)(...); +*/ #define EX_IMPL(a) impl->cb_##a /* Predeclare the "default" ex_data implementation */ static int int_new_class(void); static void int_cleanup(void); static int int_get_new_index(int class_index, long argl, void *argp, - CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func); + CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, + CRYPTO_EX_free *free_func); static int int_new_ex_data(int class_index, void *obj, - CRYPTO_EX_DATA *ad); + CRYPTO_EX_DATA *ad); static int int_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, - CRYPTO_EX_DATA *from); + CRYPTO_EX_DATA *from); static void int_free_ex_data(int class_index, void *obj, - CRYPTO_EX_DATA *ad); -static CRYPTO_EX_DATA_IMPL impl_default = - { + CRYPTO_EX_DATA *ad); + +static CRYPTO_EX_DATA_IMPL impl_default = { int_new_class, int_cleanup, int_get_new_index, int_new_ex_data, int_dup_ex_data, int_free_ex_data - }; +}; /* Internal function that checks whether "impl" is set and if not, sets it to * the default. */ -static void impl_check(void) - { +static void +impl_check(void) +{ CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); - if(!impl) + if (!impl) impl = &impl_default; CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); - } +} /* A macro wrapper for impl_check that first uses a non-locked test before * invoking the function (which checks again inside a lock). */ #define IMPL_CHECK if(!impl) impl_check(); /* API functions to get/set the "ex_data" implementation */ -const CRYPTO_EX_DATA_IMPL *CRYPTO_get_ex_data_implementation(void) - { +const CRYPTO_EX_DATA_IMPL * +CRYPTO_get_ex_data_implementation(void) +{ IMPL_CHECK return impl; - } -int CRYPTO_set_ex_data_implementation(const CRYPTO_EX_DATA_IMPL *i) - { +} + +int +CRYPTO_set_ex_data_implementation(const CRYPTO_EX_DATA_IMPL *i) +{ int toret = 0; CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); - if(!impl) - { + if (!impl) { impl = i; toret = 1; - } + } CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); return toret; - } +} /****************************************************************************/ /* Interal (default) implementation of "ex_data" support. API functions are @@ -249,288 +248,292 @@ typedef struct st_ex_class_item { static int ex_class = CRYPTO_EX_INDEX_USER; /* The global hash table of EX_CLASS_ITEM items */ -static LHASH *ex_data = NULL; +DECLARE_LHASH_OF(EX_CLASS_ITEM); +static LHASH_OF(EX_CLASS_ITEM) *ex_data = NULL; /* The callbacks required in the "ex_data" hash table */ -static unsigned long ex_hash_cb(const void *a_void) - { - return ((const EX_CLASS_ITEM *)a_void)->class_index; - } -static int ex_cmp_cb(const void *a_void, const void *b_void) - { - return (((const EX_CLASS_ITEM *)a_void)->class_index - - ((const EX_CLASS_ITEM *)b_void)->class_index); - } +static unsigned long +ex_class_item_hash(const EX_CLASS_ITEM *a) +{ + return a->class_index; +} + +static IMPLEMENT_LHASH_HASH_FN(ex_class_item, EX_CLASS_ITEM) + +static int +ex_class_item_cmp(const EX_CLASS_ITEM *a, const EX_CLASS_ITEM *b) +{ + return a->class_index - b->class_index; +} + +static IMPLEMENT_LHASH_COMP_FN(ex_class_item, EX_CLASS_ITEM) /* Internal functions used by the "impl_default" implementation to access the * state */ -static int ex_data_check(void) - { +static int +ex_data_check(void) +{ int toret = 1; CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); - if(!ex_data && ((ex_data = lh_new(ex_hash_cb, ex_cmp_cb)) == NULL)) + if (!ex_data && + (ex_data = lh_EX_CLASS_ITEM_new()) == NULL) toret = 0; CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); return toret; - } +} /* This macros helps reduce the locking from repeated checks because the * ex_data_check() function checks ex_data again inside a lock. */ #define EX_DATA_CHECK(iffail) if(!ex_data && !ex_data_check()) {iffail} /* This "inner" callback is used by the callback function that follows it */ -static void def_cleanup_util_cb(CRYPTO_EX_DATA_FUNCS *funcs) - { - OPENSSL_free(funcs); - } +static void +def_cleanup_util_cb(CRYPTO_EX_DATA_FUNCS *funcs) +{ + free(funcs); +} /* This callback is used in lh_doall to destroy all EX_CLASS_ITEM values from * "ex_data" prior to the ex_data hash table being itself destroyed. Doesn't do * any locking. */ -static void def_cleanup_cb(const void *a_void) - { +static void +def_cleanup_cb(void *a_void) +{ EX_CLASS_ITEM *item = (EX_CLASS_ITEM *)a_void; sk_CRYPTO_EX_DATA_FUNCS_pop_free(item->meth, def_cleanup_util_cb); - OPENSSL_free(item); - } + free(item); +} /* Return the EX_CLASS_ITEM from the "ex_data" hash table that corresponds to a * given class. Handles locking. */ -static EX_CLASS_ITEM *def_get_class(int class_index) - { +static EX_CLASS_ITEM * +def_get_class(int class_index) +{ EX_CLASS_ITEM d, *p, *gen; EX_DATA_CHECK(return NULL;) d.class_index = class_index; + if (!OPENSSL_init_crypto(0, NULL)) + return NULL; CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); - p = lh_retrieve(ex_data, &d); - if(!p) - { - gen = OPENSSL_malloc(sizeof(EX_CLASS_ITEM)); - if(gen) - { + p = lh_EX_CLASS_ITEM_retrieve(ex_data, &d); + if (!p) { + gen = malloc(sizeof(EX_CLASS_ITEM)); + if (gen) { gen->class_index = class_index; gen->meth_num = 0; gen->meth = sk_CRYPTO_EX_DATA_FUNCS_new_null(); - if(!gen->meth) - OPENSSL_free(gen); - else - { + if (!gen->meth) + free(gen); + else { /* Because we're inside the ex_data lock, the * return value from the insert will be NULL */ - lh_insert(ex_data, gen); + (void)lh_EX_CLASS_ITEM_insert(ex_data, gen); p = gen; - } } } + } CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); - if(!p) - CRYPTOerr(CRYPTO_F_DEF_GET_CLASS,ERR_R_MALLOC_FAILURE); + if (!p) + CRYPTOerror(ERR_R_MALLOC_FAILURE); return p; - } +} /* Add a new method to the given EX_CLASS_ITEM and return the corresponding * index (or -1 for error). Handles locking. */ -static int def_add_index(EX_CLASS_ITEM *item, long argl, void *argp, - CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func) - { +static int +def_add_index(EX_CLASS_ITEM *item, long argl, void *argp, + CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) +{ int toret = -1; - CRYPTO_EX_DATA_FUNCS *a = (CRYPTO_EX_DATA_FUNCS *)OPENSSL_malloc( - sizeof(CRYPTO_EX_DATA_FUNCS)); - if(!a) - { - CRYPTOerr(CRYPTO_F_DEF_ADD_INDEX,ERR_R_MALLOC_FAILURE); + CRYPTO_EX_DATA_FUNCS *a = malloc(sizeof(CRYPTO_EX_DATA_FUNCS)); + + if (!a) { + CRYPTOerror(ERR_R_MALLOC_FAILURE); return -1; - } - a->argl=argl; - a->argp=argp; - a->new_func=new_func; - a->dup_func=dup_func; - a->free_func=free_func; + } + a->argl = argl; + a->argp = argp; + a->new_func = new_func; + a->dup_func = dup_func; + a->free_func = free_func; CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); - while (sk_CRYPTO_EX_DATA_FUNCS_num(item->meth) <= item->meth_num) - { - if (!sk_CRYPTO_EX_DATA_FUNCS_push(item->meth, NULL)) - { - CRYPTOerr(CRYPTO_F_DEF_ADD_INDEX,ERR_R_MALLOC_FAILURE); - OPENSSL_free(a); + while (sk_CRYPTO_EX_DATA_FUNCS_num(item->meth) <= item->meth_num) { + if (!sk_CRYPTO_EX_DATA_FUNCS_push(item->meth, NULL)) { + CRYPTOerror(ERR_R_MALLOC_FAILURE); + free(a); goto err; - } } + } toret = item->meth_num++; - sk_CRYPTO_EX_DATA_FUNCS_set(item->meth, toret, a); + (void)sk_CRYPTO_EX_DATA_FUNCS_set(item->meth, toret, a); err: CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); return toret; - } +} /**************************************************************/ /* The functions in the default CRYPTO_EX_DATA_IMPL structure */ -static int int_new_class(void) - { +static int +int_new_class(void) +{ int toret; + CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); toret = ex_class++; CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); return toret; - } +} -static void int_cleanup(void) - { +static void +int_cleanup(void) +{ EX_DATA_CHECK(return;) - lh_doall(ex_data, def_cleanup_cb); - lh_free(ex_data); + lh_EX_CLASS_ITEM_doall(ex_data, def_cleanup_cb); + lh_EX_CLASS_ITEM_free(ex_data); ex_data = NULL; impl = NULL; - } +} -static int int_get_new_index(int class_index, long argl, void *argp, - CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func) - { +static int +int_get_new_index(int class_index, long argl, void *argp, + CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, + CRYPTO_EX_free *free_func) +{ EX_CLASS_ITEM *item = def_get_class(class_index); - if(!item) + + if (!item) return -1; return def_add_index(item, argl, argp, new_func, dup_func, free_func); - } +} /* Thread-safe by copying a class's array of "CRYPTO_EX_DATA_FUNCS" entries in * the lock, then using them outside the lock. NB: Thread-safety only applies to * the global "ex_data" state (ie. class definitions), not thread-safe on 'ad' * itself. */ -static int int_new_ex_data(int class_index, void *obj, - CRYPTO_EX_DATA *ad) - { - int mx,i; +static int +int_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) +{ + int mx, i; void *ptr; CRYPTO_EX_DATA_FUNCS **storage = NULL; EX_CLASS_ITEM *item = def_get_class(class_index); - if(!item) + + if (!item) /* error is already set */ return 0; ad->sk = NULL; CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA); mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth); - if(mx > 0) - { - storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS*)); - if(!storage) + if (mx > 0) { + storage = reallocarray(NULL, mx, sizeof(CRYPTO_EX_DATA_FUNCS*)); + if (!storage) goto skip; - for(i = 0; i < mx; i++) - storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth,i); - } + for (i = 0; i < mx; i++) + storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value( + item->meth, i); + } skip: CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA); - if((mx > 0) && !storage) - { - CRYPTOerr(CRYPTO_F_INT_NEW_EX_DATA,ERR_R_MALLOC_FAILURE); + if ((mx > 0) && !storage) { + CRYPTOerror(ERR_R_MALLOC_FAILURE); return 0; - } - for(i = 0; i < mx; i++) - { - if(storage[i] && storage[i]->new_func) - { + } + for (i = 0; i < mx; i++) { + if (storage[i] && storage[i]->new_func) { ptr = CRYPTO_get_ex_data(ad, i); - storage[i]->new_func(obj,ptr,ad,i, - storage[i]->argl,storage[i]->argp); - } + storage[i]->new_func(obj, ptr, ad, i, + storage[i]->argl, storage[i]->argp); } - if(storage) - OPENSSL_free(storage); - return 1; } + free(storage); + return 1; +} /* Same thread-safety notes as for "int_new_ex_data" */ -static int int_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, - CRYPTO_EX_DATA *from) - { +static int +int_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from) +{ int mx, j, i; char *ptr; CRYPTO_EX_DATA_FUNCS **storage = NULL; EX_CLASS_ITEM *item; - if(!from->sk) + + if (!from->sk) /* 'to' should be "blank" which *is* just like 'from' */ return 1; - if((item = def_get_class(class_index)) == NULL) + if ((item = def_get_class(class_index)) == NULL) return 0; CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA); mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth); - j = sk_num(from->sk); - if(j < mx) + j = sk_void_num(from->sk); + if (j < mx) mx = j; - if(mx > 0) - { - storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS*)); - if(!storage) + if (mx > 0) { + storage = reallocarray(NULL, mx, sizeof(CRYPTO_EX_DATA_FUNCS*)); + if (!storage) goto skip; - for(i = 0; i < mx; i++) - storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth,i); - } + for (i = 0; i < mx; i++) + storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value( + item->meth, i); + } skip: CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA); - if((mx > 0) && !storage) - { - CRYPTOerr(CRYPTO_F_INT_DUP_EX_DATA,ERR_R_MALLOC_FAILURE); + if ((mx > 0) && !storage) { + CRYPTOerror(ERR_R_MALLOC_FAILURE); return 0; - } - for(i = 0; i < mx; i++) - { + } + for (i = 0; i < mx; i++) { ptr = CRYPTO_get_ex_data(from, i); - if(storage[i] && storage[i]->dup_func) - storage[i]->dup_func(to,from,&ptr,i, - storage[i]->argl,storage[i]->argp); - CRYPTO_set_ex_data(to,i,ptr); - } - if(storage) - OPENSSL_free(storage); - return 1; + if (storage[i] && storage[i]->dup_func) + storage[i]->dup_func(to, from, &ptr, i, + storage[i]->argl, storage[i]->argp); + CRYPTO_set_ex_data(to, i, ptr); } + free(storage); + return 1; +} /* Same thread-safety notes as for "int_new_ex_data" */ -static void int_free_ex_data(int class_index, void *obj, - CRYPTO_EX_DATA *ad) - { - int mx,i; +static void +int_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) +{ + int mx, i; EX_CLASS_ITEM *item; void *ptr; CRYPTO_EX_DATA_FUNCS **storage = NULL; - if((item = def_get_class(class_index)) == NULL) + + if ((item = def_get_class(class_index)) == NULL) return; CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA); mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth); - if(mx > 0) - { - storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS*)); - if(!storage) + if (mx > 0) { + storage = reallocarray(NULL, mx, sizeof(CRYPTO_EX_DATA_FUNCS*)); + if (!storage) goto skip; - for(i = 0; i < mx; i++) - storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth,i); - } + for (i = 0; i < mx; i++) + storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value( + item->meth, i); + } skip: CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA); - if((mx > 0) && !storage) - { - CRYPTOerr(CRYPTO_F_INT_FREE_EX_DATA,ERR_R_MALLOC_FAILURE); + if ((mx > 0) && !storage) { + CRYPTOerror(ERR_R_MALLOC_FAILURE); return; - } - for(i = 0; i < mx; i++) - { - if(storage[i] && storage[i]->free_func) - { - ptr = CRYPTO_get_ex_data(ad,i); - storage[i]->free_func(obj,ptr,ad,i, - storage[i]->argl,storage[i]->argp); - } - } - if(storage) - OPENSSL_free(storage); - if(ad->sk) - { - sk_free(ad->sk); - ad->sk=NULL; + } + for (i = 0; i < mx; i++) { + if (storage[i] && storage[i]->free_func) { + ptr = CRYPTO_get_ex_data(ad, i); + storage[i]->free_func(obj, ptr, ad, i, + storage[i]->argl, storage[i]->argp); } } + free(storage); + if (ad->sk) { + sk_void_free(ad->sk); + ad->sk = NULL; + } +} /********************************************************************/ /* API functions that defer all "state" operations to the "ex_data" @@ -538,99 +541,99 @@ static void int_free_ex_data(int class_index, void *obj, /* Obtain an index for a new class (not the same as getting a new index within * an existing class - this is actually getting a new *class*) */ -int CRYPTO_ex_data_new_class(void) - { +int +CRYPTO_ex_data_new_class(void) +{ IMPL_CHECK return EX_IMPL(new_class)(); - } +} /* Release all "ex_data" state to prevent memory leaks. This can't be made * thread-safe without overhauling a lot of stuff, and shouldn't really be * called under potential race-conditions anyway (it's for program shutdown * after all). */ -void CRYPTO_cleanup_all_ex_data(void) - { +void +CRYPTO_cleanup_all_ex_data(void) +{ IMPL_CHECK EX_IMPL(cleanup)(); - } +} /* Inside an existing class, get/register a new index. */ -int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, - CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, - CRYPTO_EX_free *free_func) - { +int +CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, + CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) +{ int ret = -1; IMPL_CHECK ret = EX_IMPL(get_new_index)(class_index, - argl, argp, new_func, dup_func, free_func); + argl, argp, new_func, dup_func, free_func); return ret; - } +} /* Initialise a new CRYPTO_EX_DATA for use in a particular class - including * calling new() callbacks for each index in the class used by this variable */ -int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) - { +int +CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) +{ IMPL_CHECK return EX_IMPL(new_ex_data)(class_index, obj, ad); - } +} /* Duplicate a CRYPTO_EX_DATA variable - including calling dup() callbacks for * each index in the class used by this variable */ -int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, - CRYPTO_EX_DATA *from) - { +int +CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from) +{ IMPL_CHECK return EX_IMPL(dup_ex_data)(class_index, to, from); - } +} /* Cleanup a CRYPTO_EX_DATA variable - including calling free() callbacks for * each index in the class used by this variable */ -void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) - { +void +CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) +{ IMPL_CHECK EX_IMPL(free_ex_data)(class_index, obj, ad); - } +} /* For a given CRYPTO_EX_DATA variable, set the value corresponding to a * particular index in the class used by this variable */ -int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val) - { +int +CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val) +{ int i; - if (ad->sk == NULL) - { - if ((ad->sk=sk_new_null()) == NULL) - { - CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA,ERR_R_MALLOC_FAILURE); - return(0); - } + if (ad->sk == NULL) { + if ((ad->sk = sk_void_new_null()) == NULL) { + CRYPTOerror(ERR_R_MALLOC_FAILURE); + return (0); } - i=sk_num(ad->sk); - - while (i <= idx) - { - if (!sk_push(ad->sk,NULL)) - { - CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA,ERR_R_MALLOC_FAILURE); - return(0); - } - i++; + } + i = sk_void_num(ad->sk); + + while (i <= idx) { + if (!sk_void_push(ad->sk, NULL)) { + CRYPTOerror(ERR_R_MALLOC_FAILURE); + return (0); } - sk_set(ad->sk,idx,val); - return(1); + i++; } + sk_void_set(ad->sk, idx, val); + return (1); +} /* For a given CRYPTO_EX_DATA_ variable, get the value corresponding to a * particular index in the class used by this variable */ -void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx) - { +void * +CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx) +{ if (ad->sk == NULL) - return(0); - else if (idx >= sk_num(ad->sk)) - return(0); + return (0); + else if (idx >= sk_void_num(ad->sk)) + return (0); else - return(sk_value(ad->sk,idx)); - } - -IMPLEMENT_STACK_OF(CRYPTO_EX_DATA_FUNCS) + return (sk_void_value(ad->sk, idx)); +} diff --git a/src/lib/libcrypto/format-pem.pl b/src/lib/libcrypto/format-pem.pl new file mode 100644 index 00000000000..eb2d2a4a3d8 --- /dev/null +++ b/src/lib/libcrypto/format-pem.pl @@ -0,0 +1,135 @@ +#!/usr/bin/perl +4 $OpenBSD: format-pem.pl,v 1.4 2019/03/13 11:49:42 sthen Exp $ +# +# Copyright (c) 2016 Stuart Henderson +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +# To update cert.pem from Mozilla NSS: +# - perl format-pem.pl < cert.pem > /dev/null 2> calist.old +# - cd /usr/ports/net/curl; make NO_DEPENDS=Yes patch; curldir=`make show=WRKSRC`; cd - +# - pkg_add curl; perl $curldir/lib/mk-ca-bundle.pl +# - perl format-pem.pl < ca-bundle.crt > certnew.pem 2> calist.new +# Summarize additions/removals for review: +# - diff calist.old calist.new + +use strict; +use warnings; + +use File::Temp qw/ :seekable /; +if (! eval {require Date::Parse;1;}) { + print STDERR "Date::Parse not available - install p5-Time-TimeDate to check cert dates.\n"; +} else { + use Date::Parse; +} + +my $tmp = File::Temp->new(TEMPLATE => '/tmp/splitcert.XXXXXXXX'); +my $t = $tmp->filename; + +my $certs = 0; +my $incert = 0; +my %ca; +my $rcsid = '# $'.'OpenBSD$'; + +while(<>) { + $rcsid = $_ if ($_ =~ m/^# \$[O]penBSD/); + $incert++ if ($_ =~ m/^-----BEGIN CERTIFICATE-----/); + print $tmp $_ if ($incert); + + if ($_ =~ m/^-----END CERTIFICATE-----/) { + $certs++; + + my $issuer = `openssl x509 -in $t -noout -issuer`; + $issuer =~ s/^issuer= (.*)\n/$1/; + my $subj = `openssl x509 -in $t -noout -subject`; + $subj =~ s/^subject= (.*)\n/$1/; + + my $o = `openssl x509 -in $t -noout -nameopt sep_multiline,use_quote,esc_msb -subject`; + if ($o =~ /O=/) { + $o =~ s/.*O=([^\n]*).*/$1/sm; + } else { + $o = $subj; + } + + if (defined $ca{$o}{$subj}) { + print STDERR "ERROR: '$subj': duplicate\n"; + $ca{$o}{$subj}{'valid'} = 0; + } + + $ca{$o}{$subj}{'valid'} = 1; + + if ($issuer ne $subj) { + print STDERR "ERROR: '$subj' not self-signed"; + $ca{$o}{$subj}{'valid'} = 0; + } + + if (eval {require Date::Parse;1;}) { + my $startdate = `openssl x509 -in $t -startdate -noout`; + my $enddate = `openssl x509 -in $t -enddate -noout`; + $startdate =~ s/notBefore=(.*)\n/$1/; + $enddate =~ s/notAfter=(.*)\n/$1/; + my $starttime = str2time($startdate); + my $endtime = str2time($enddate); + + if ($starttime > time) { + print STDERR "ERROR: '$subj' not valid yet\n"; + $ca{$o}{$subj}{'valid'} = 0; + } + if ($endtime < time) { + print STDERR "ERROR: '$subj' expired on $startdate\n"; + $ca{$o}{$subj}{'valid'} = 0; + } elsif ($endtime < time + 86400 * 365 * 2) { + print STDERR "WARNING: '$subj' expires on $enddate\n"; + } + } + + my $info = qx/openssl x509 -in $t -text -fingerprint -sha1 -certopt no_pubkey,no_sigdump,no_issuer -noout/; + $info .= qx/openssl x509 -in $t -fingerprint -sha256 -noout/; + my $cert = qx/openssl x509 -in $t/; + + my $verify = qx/openssl verify -CAfile $t $t 2>&1/; + if (not $verify =~ /^$t: OK$/) { + print STDERR "ERROR: '$subj' cannot be verified with libressl\n---\n$verify---\n"; + $ca{$o}{$subj}{'valid'} = 0; + } + + $ca{$o}{$subj}{'subj'} = $subj; + $ca{$o}{$subj}{'info'} = $info; + $ca{$o}{$subj}{'cert'} = $cert; + + $tmp->seek(0, SEEK_SET); + $incert = 0; + } +} + +close $tmp; +chomp $rcsid; +print $rcsid; +foreach my $o (sort{lc($a) cmp lc($b)} keys %ca) { + print "\n### $o\n\n"; + foreach my $subj (sort{lc($a) cmp lc($b)} keys %{ $ca{$o} }) { + if ($ca{$o}{$subj}{'valid'} == 1) { + print "=== $subj\n"; + print $ca{$o}{$subj}{'info'}; + print $ca{$o}{$subj}{'cert'}; + } + } +} + +# print a visual summary at the end +foreach my $o (sort{lc($a) cmp lc($b)} keys %ca) { + print STDERR "\n$o\n"; + foreach my $subj (sort{lc($a) cmp lc($b)} keys %{ $ca{$o} }) { + print STDERR " $subj\n"; + } +} diff --git a/src/lib/libcrypto/generate_pkgconfig.sh b/src/lib/libcrypto/generate_pkgconfig.sh new file mode 100644 index 00000000000..12dff506ff0 --- /dev/null +++ b/src/lib/libcrypto/generate_pkgconfig.sh @@ -0,0 +1,75 @@ +#!/bin/sh +# +# $OpenBSD: generate_pkgconfig.sh,v 1.2 2016/09/03 12:42:46 beck Exp $ +# +# Copyright (c) 2010,2011 Jasper Lievisse Adriaanse +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +# +# Generate pkg-config files for OpenSSL. + +usage() { + echo "usage: ${0##*/} -c current_directory -o obj_directory" + exit 1 +} + +curdir= +objdir= +while getopts "c:o:" flag; do + case "$flag" in + c) + curdir=$OPTARG + ;; + o) + objdir=$OPTARG + ;; + *) + usage + ;; + esac +done + +[ -n "${curdir}" ] || usage +if [ ! -d "${curdir}" ]; then + echo "${0##*/}: ${curdir}: not found" + exit 1 +fi +[ -n "${objdir}" ] || usage +if [ ! -w "${objdir}" ]; then + echo "${0##*/}: ${objdir}: not found or not writable" + exit 1 +fi + +version_re="s/^#define[[:blank:]]+SHLIB_VERSION_NUMBER[[:blank:]]+\"(.*)\".*/\1/p" +#version_file=${curdir}/src/crypto/opensslv.h +version_file=${curdir}/opensslv.h +lib_version=$(sed -nE ${version_re} ${version_file}) + +# Put -I${includedir} into Cflags so configure script tests like +# test -n "`pkg-config --cflags openssl`" +# don't assume that OpenSSL isn't available. + +pc_file="${objdir}/libcrypto.pc" +cat > ${pc_file} << __EOF__ +prefix=/usr +exec_prefix=\${prefix} +libdir=\${exec_prefix}/lib +includedir=\${prefix}/include + +Name: OpenSSL-libcrypto +Description: OpenSSL cryptography library +Version: ${lib_version} +Requires: +Libs: -L\${libdir} -lcrypto +Cflags: -I\${includedir} +__EOF__ diff --git a/src/lib/libcrypto/gost/gost.h b/src/lib/libcrypto/gost/gost.h new file mode 100644 index 00000000000..092f96fb60c --- /dev/null +++ b/src/lib/libcrypto/gost/gost.h @@ -0,0 +1,266 @@ +/* $OpenBSD: gost.h,v 1.3 2016/09/04 17:02:31 jsing Exp $ */ +/* + * Copyright (c) 2014 Dmitry Eremin-Solenikov + * Copyright (c) 2005-2006 Cryptocom LTD + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#ifndef HEADER_GOST_H +#define HEADER_GOST_H + +#include + +#ifdef OPENSSL_NO_GOST +#error GOST is disabled. +#endif + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct gost2814789_key_st { + unsigned int key[8]; + unsigned int k87[256],k65[256],k43[256],k21[256]; + unsigned int count; + unsigned key_meshing : 1; +} GOST2814789_KEY; + +int Gost2814789_set_sbox(GOST2814789_KEY *key, int nid); +int Gost2814789_set_key(GOST2814789_KEY *key, + const unsigned char *userKey, const int bits); +void Gost2814789_ecb_encrypt(const unsigned char *in, unsigned char *out, + GOST2814789_KEY *key, const int enc); +void Gost2814789_cfb64_encrypt(const unsigned char *in, unsigned char *out, + size_t length, GOST2814789_KEY *key, + unsigned char *ivec, int *num, const int enc); +void Gost2814789_cnt_encrypt(const unsigned char *in, unsigned char *out, + size_t length, GOST2814789_KEY *key, + unsigned char *ivec, unsigned char *cnt_buf, int *num); + +typedef struct { + ASN1_OCTET_STRING *iv; + ASN1_OBJECT *enc_param_set; +} GOST_CIPHER_PARAMS; + +GOST_CIPHER_PARAMS *GOST_CIPHER_PARAMS_new(void); +void GOST_CIPHER_PARAMS_free(GOST_CIPHER_PARAMS *a); +GOST_CIPHER_PARAMS *d2i_GOST_CIPHER_PARAMS(GOST_CIPHER_PARAMS **a, const unsigned char **in, long len); +int i2d_GOST_CIPHER_PARAMS(GOST_CIPHER_PARAMS *a, unsigned char **out); +extern const ASN1_ITEM GOST_CIPHER_PARAMS_it; + +#define GOST2814789IMIT_LENGTH 4 +#define GOST2814789IMIT_CBLOCK 8 +#define GOST2814789IMIT_LONG unsigned int + +typedef struct GOST2814789IMITstate_st { + GOST2814789IMIT_LONG Nl, Nh; + unsigned char data[GOST2814789IMIT_CBLOCK]; + unsigned int num; + + GOST2814789_KEY cipher; + unsigned char mac[GOST2814789IMIT_CBLOCK]; +} GOST2814789IMIT_CTX; + +/* Note, also removed second parameter and removed dctx->cipher setting */ +int GOST2814789IMIT_Init(GOST2814789IMIT_CTX *c, int nid); +int GOST2814789IMIT_Update(GOST2814789IMIT_CTX *c, const void *data, size_t len); +int GOST2814789IMIT_Final(unsigned char *md, GOST2814789IMIT_CTX *c); +void GOST2814789IMIT_Transform(GOST2814789IMIT_CTX *c, const unsigned char *data); +unsigned char *GOST2814789IMIT(const unsigned char *d, size_t n, + unsigned char *md, int nid, + const unsigned char *key, const unsigned char *iv); + +#define GOSTR341194_LONG unsigned int + +#define GOSTR341194_LENGTH 32 +#define GOSTR341194_CBLOCK 32 +#define GOSTR341194_LBLOCK (GOSTR341194_CBLOCK/4) + +typedef struct GOSTR341194state_st { + GOSTR341194_LONG Nl, Nh; + GOSTR341194_LONG data[GOSTR341194_LBLOCK]; + unsigned int num; + + GOST2814789_KEY cipher; + unsigned char H[GOSTR341194_CBLOCK]; + unsigned char S[GOSTR341194_CBLOCK]; +} GOSTR341194_CTX; + +/* Note, also removed second parameter and removed dctx->cipher setting */ +int GOSTR341194_Init(GOSTR341194_CTX *c, int nid); +int GOSTR341194_Update(GOSTR341194_CTX *c, const void *data, size_t len); +int GOSTR341194_Final(unsigned char *md, GOSTR341194_CTX *c); +void GOSTR341194_Transform(GOSTR341194_CTX *c, const unsigned char *data); +unsigned char *GOSTR341194(const unsigned char *d, size_t n,unsigned char *md, int nid); + +#if defined(_LP64) +#define STREEBOG_LONG64 unsigned long +#define U64(C) C##UL +#else +#define STREEBOG_LONG64 unsigned long long +#define U64(C) C##ULL +#endif + +#define STREEBOG_LBLOCK 8 +#define STREEBOG_CBLOCK 64 +#define STREEBOG256_LENGTH 32 +#define STREEBOG512_LENGTH 64 + +typedef struct STREEBOGstate_st { + STREEBOG_LONG64 data[STREEBOG_LBLOCK]; + unsigned int num; + unsigned int md_len; + STREEBOG_LONG64 h[STREEBOG_LBLOCK]; + STREEBOG_LONG64 N[STREEBOG_LBLOCK]; + STREEBOG_LONG64 Sigma[STREEBOG_LBLOCK]; +} STREEBOG_CTX; + +int STREEBOG256_Init(STREEBOG_CTX *c); +int STREEBOG256_Update(STREEBOG_CTX *c, const void *data, size_t len); +int STREEBOG256_Final(unsigned char *md, STREEBOG_CTX *c); +void STREEBOG256_Transform(STREEBOG_CTX *c, const unsigned char *data); +unsigned char *STREEBOG256(const unsigned char *d, size_t n,unsigned char *md); + +int STREEBOG512_Init(STREEBOG_CTX *c); +int STREEBOG512_Update(STREEBOG_CTX *c, const void *data, size_t len); +int STREEBOG512_Final(unsigned char *md, STREEBOG_CTX *c); +void STREEBOG512_Transform(STREEBOG_CTX *c, const unsigned char *data); +unsigned char *STREEBOG512(const unsigned char *d, size_t n,unsigned char *md); + +typedef struct gost_key_st GOST_KEY; +GOST_KEY *GOST_KEY_new(void); +void GOST_KEY_free(GOST_KEY * r); +int GOST_KEY_check_key(const GOST_KEY * eckey); +int GOST_KEY_set_public_key_affine_coordinates(GOST_KEY * key, BIGNUM * x, BIGNUM * y); +const EC_GROUP * GOST_KEY_get0_group(const GOST_KEY * key); +int GOST_KEY_set_group(GOST_KEY * key, const EC_GROUP * group); +int GOST_KEY_get_digest(const GOST_KEY * key); +int GOST_KEY_set_digest(GOST_KEY * key, int digest_nid); +const BIGNUM * GOST_KEY_get0_private_key(const GOST_KEY * key); +int GOST_KEY_set_private_key(GOST_KEY * key, const BIGNUM * priv_key); +const EC_POINT * GOST_KEY_get0_public_key(const GOST_KEY * key); +int GOST_KEY_set_public_key(GOST_KEY * key, const EC_POINT * pub_key); +size_t GOST_KEY_get_size(const GOST_KEY * r); + +/* Gost-specific pmeth control-function parameters */ +/* For GOST R34.10 parameters */ +#define EVP_PKEY_CTRL_GOST_PARAMSET (EVP_PKEY_ALG_CTRL+1) +#define EVP_PKEY_CTRL_GOST_SIG_FORMAT (EVP_PKEY_ALG_CTRL+2) +#define EVP_PKEY_CTRL_GOST_SET_DIGEST (EVP_PKEY_ALG_CTRL+3) +#define EVP_PKEY_CTRL_GOST_GET_DIGEST (EVP_PKEY_ALG_CTRL+4) + +#define GOST_SIG_FORMAT_SR_BE 0 +#define GOST_SIG_FORMAT_RS_LE 1 + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_GOST_strings(void); + +/* Error codes for the GOST functions. */ + +/* Function codes. */ +#define GOST_F_DECODE_GOST01_ALGOR_PARAMS 104 +#define GOST_F_ENCODE_GOST01_ALGOR_PARAMS 105 +#define GOST_F_GOST2001_COMPUTE_PUBLIC 106 +#define GOST_F_GOST2001_DO_SIGN 107 +#define GOST_F_GOST2001_DO_VERIFY 108 +#define GOST_F_GOST2001_KEYGEN 109 +#define GOST_F_GOST89_GET_ASN1_PARAMETERS 102 +#define GOST_F_GOST89_SET_ASN1_PARAMETERS 103 +#define GOST_F_GOST_KEY_CHECK_KEY 124 +#define GOST_F_GOST_KEY_NEW 125 +#define GOST_F_GOST_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES 126 +#define GOST_F_PARAM_COPY_GOST01 110 +#define GOST_F_PARAM_DECODE_GOST01 111 +#define GOST_F_PKEY_GOST01_CTRL 116 +#define GOST_F_PKEY_GOST01_DECRYPT 112 +#define GOST_F_PKEY_GOST01_DERIVE 113 +#define GOST_F_PKEY_GOST01_ENCRYPT 114 +#define GOST_F_PKEY_GOST01_PARAMGEN 115 +#define GOST_F_PKEY_GOST01_SIGN 123 +#define GOST_F_PKEY_GOST_MAC_CTRL 100 +#define GOST_F_PKEY_GOST_MAC_KEYGEN 101 +#define GOST_F_PRIV_DECODE_GOST01 117 +#define GOST_F_PUB_DECODE_GOST01 118 +#define GOST_F_PUB_ENCODE_GOST01 119 +#define GOST_F_PUB_PRINT_GOST01 120 +#define GOST_F_UNPACK_SIGNATURE_CP 121 +#define GOST_F_UNPACK_SIGNATURE_LE 122 + +/* Reason codes. */ +#define GOST_R_BAD_KEY_PARAMETERS_FORMAT 104 +#define GOST_R_BAD_PKEY_PARAMETERS_FORMAT 105 +#define GOST_R_CANNOT_PACK_EPHEMERAL_KEY 106 +#define GOST_R_CTRL_CALL_FAILED 107 +#define GOST_R_ERROR_COMPUTING_SHARED_KEY 108 +#define GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO 109 +#define GOST_R_INCOMPATIBLE_ALGORITHMS 110 +#define GOST_R_INCOMPATIBLE_PEER_KEY 111 +#define GOST_R_INVALID_DIGEST_TYPE 100 +#define GOST_R_INVALID_IV_LENGTH 103 +#define GOST_R_INVALID_MAC_KEY_LENGTH 101 +#define GOST_R_KEY_IS_NOT_INITIALIZED 112 +#define GOST_R_KEY_PARAMETERS_MISSING 113 +#define GOST_R_MAC_KEY_NOT_SET 102 +#define GOST_R_NO_PARAMETERS_SET 115 +#define GOST_R_NO_PEER_KEY 116 +#define GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR 117 +#define GOST_R_PUBLIC_KEY_UNDEFINED 118 +#define GOST_R_RANDOM_NUMBER_GENERATOR_FAILED 120 +#define GOST_R_SIGNATURE_MISMATCH 121 +#define GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q 122 +#define GOST_R_UKM_NOT_SET 123 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/src/lib/libcrypto/gost/gost2814789.c b/src/lib/libcrypto/gost/gost2814789.c new file mode 100644 index 00000000000..e285413ed46 --- /dev/null +++ b/src/lib/libcrypto/gost/gost2814789.c @@ -0,0 +1,471 @@ +/* $OpenBSD: gost2814789.c,v 1.5 2015/09/10 15:56:25 jsing Exp $ */ +/* + * Copyright (c) 2014 Dmitry Eremin-Solenikov + * Copyright (c) 2005-2006 Cryptocom LTD + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include + +#include + +#ifndef OPENSSL_NO_GOST +#include +#include + +#include "gost_locl.h" + +static inline unsigned int +f(const GOST2814789_KEY *c, unsigned int x) +{ + return c->k87[(x>>24) & 255] | c->k65[(x>>16) & 255]| + c->k43[(x>> 8) & 255] | c->k21[(x ) & 255]; +} + +void +Gost2814789_encrypt(const unsigned char *in, unsigned char *out, + const GOST2814789_KEY *key) +{ + unsigned int n1, n2; /* As named in the GOST */ + + c2l(in, n1); + c2l(in, n2); + + /* Instead of swapping halves, swap names each round */ + n2 ^= f(key, n1 + key->key[0]); n1 ^= f(key, n2 + key->key[1]); + n2 ^= f(key, n1 + key->key[2]); n1 ^= f(key, n2 + key->key[3]); + n2 ^= f(key, n1 + key->key[4]); n1 ^= f(key, n2 + key->key[5]); + n2 ^= f(key, n1 + key->key[6]); n1 ^= f(key, n2 + key->key[7]); + + n2 ^= f(key, n1 + key->key[0]); n1 ^= f(key, n2 + key->key[1]); + n2 ^= f(key, n1 + key->key[2]); n1 ^= f(key, n2 + key->key[3]); + n2 ^= f(key, n1 + key->key[4]); n1 ^= f(key, n2 + key->key[5]); + n2 ^= f(key, n1 + key->key[6]); n1 ^= f(key, n2 + key->key[7]); + + n2 ^= f(key, n1 + key->key[0]); n1 ^= f(key, n2 + key->key[1]); + n2 ^= f(key, n1 + key->key[2]); n1 ^= f(key, n2 + key->key[3]); + n2 ^= f(key, n1 + key->key[4]); n1 ^= f(key, n2 + key->key[5]); + n2 ^= f(key, n1 + key->key[6]); n1 ^= f(key, n2 + key->key[7]); + + n2 ^= f(key, n1 + key->key[7]); n1 ^= f(key, n2 + key->key[6]); + n2 ^= f(key, n1 + key->key[5]); n1 ^= f(key, n2 + key->key[4]); + n2 ^= f(key, n1 + key->key[3]); n1 ^= f(key, n2 + key->key[2]); + n2 ^= f(key, n1 + key->key[1]); n1 ^= f(key, n2 + key->key[0]); + + l2c(n2, out); + l2c(n1, out); +} + +void +Gost2814789_decrypt(const unsigned char *in, unsigned char *out, + const GOST2814789_KEY *key) +{ + unsigned int n1, n2; /* As named in the GOST */ + + c2l(in, n1); + c2l(in, n2); + + /* Instead of swapping halves, swap names each round */ + n2 ^= f(key, n1 + key->key[0]); n1 ^= f(key, n2 + key->key[1]); + n2 ^= f(key, n1 + key->key[2]); n1 ^= f(key, n2 + key->key[3]); + n2 ^= f(key, n1 + key->key[4]); n1 ^= f(key, n2 + key->key[5]); + n2 ^= f(key, n1 + key->key[6]); n1 ^= f(key, n2 + key->key[7]); + + n2 ^= f(key, n1 + key->key[7]); n1 ^= f(key, n2 + key->key[6]); + n2 ^= f(key, n1 + key->key[5]); n1 ^= f(key, n2 + key->key[4]); + n2 ^= f(key, n1 + key->key[3]); n1 ^= f(key, n2 + key->key[2]); + n2 ^= f(key, n1 + key->key[1]); n1 ^= f(key, n2 + key->key[0]); + + n2 ^= f(key, n1 + key->key[7]); n1 ^= f(key, n2 + key->key[6]); + n2 ^= f(key, n1 + key->key[5]); n1 ^= f(key, n2 + key->key[4]); + n2 ^= f(key, n1 + key->key[3]); n1 ^= f(key, n2 + key->key[2]); + n2 ^= f(key, n1 + key->key[1]); n1 ^= f(key, n2 + key->key[0]); + + n2 ^= f(key, n1 + key->key[7]); n1 ^= f(key, n2 + key->key[6]); + n2 ^= f(key, n1 + key->key[5]); n1 ^= f(key, n2 + key->key[4]); + n2 ^= f(key, n1 + key->key[3]); n1 ^= f(key, n2 + key->key[2]); + n2 ^= f(key, n1 + key->key[1]); n1 ^= f(key, n2 + key->key[0]); + + l2c(n2, out); + l2c(n1, out); +} + +static void +Gost2814789_mac(const unsigned char *in, unsigned char *mac, + GOST2814789_KEY *key) +{ + unsigned int n1, n2; /* As named in the GOST */ + unsigned char *p; + int i; + + for (i = 0; i < 8; i++) + mac[i] ^= in[i]; + + p = mac; + c2l(p, n1); + c2l(p, n2); + + /* Instead of swapping halves, swap names each round */ + n2 ^= f(key, n1 + key->key[0]); n1 ^= f(key, n2 + key->key[1]); + n2 ^= f(key, n1 + key->key[2]); n1 ^= f(key, n2 + key->key[3]); + n2 ^= f(key, n1 + key->key[4]); n1 ^= f(key, n2 + key->key[5]); + n2 ^= f(key, n1 + key->key[6]); n1 ^= f(key, n2 + key->key[7]); + + n2 ^= f(key, n1 + key->key[0]); n1 ^= f(key, n2 + key->key[1]); + n2 ^= f(key, n1 + key->key[2]); n1 ^= f(key, n2 + key->key[3]); + n2 ^= f(key, n1 + key->key[4]); n1 ^= f(key, n2 + key->key[5]); + n2 ^= f(key, n1 + key->key[6]); n1 ^= f(key, n2 + key->key[7]); + + p = mac; + l2c(n1, p); + l2c(n2, p); +} + +void +Gost2814789_ecb_encrypt(const unsigned char *in, unsigned char *out, + GOST2814789_KEY *key, const int enc) +{ + if (key->key_meshing && key->count == 1024) { + Gost2814789_cryptopro_key_mesh(key); + key->count = 0; + } + + if (enc) + Gost2814789_encrypt(in, out, key); + else + Gost2814789_decrypt(in, out, key); +} + +static inline void +Gost2814789_encrypt_mesh(unsigned char *iv, GOST2814789_KEY *key) +{ + if (key->key_meshing && key->count == 1024) { + Gost2814789_cryptopro_key_mesh(key); + Gost2814789_encrypt(iv, iv, key); + key->count = 0; + } + Gost2814789_encrypt(iv, iv, key); + key->count += 8; +} + +static inline void +Gost2814789_mac_mesh(const unsigned char *data, unsigned char *mac, + GOST2814789_KEY *key) +{ + if (key->key_meshing && key->count == 1024) { + Gost2814789_cryptopro_key_mesh(key); + key->count = 0; + } + Gost2814789_mac(data, mac, key); + key->count += 8; +} + +void +Gost2814789_cfb64_encrypt(const unsigned char *in, unsigned char *out, + size_t len, GOST2814789_KEY *key, unsigned char *ivec, int *num, + const int enc) +{ + unsigned int n; + size_t l = 0; + + n = *num; + + if (enc) { +#if !defined(OPENSSL_SMALL_FOOTPRINT) + if (8 % sizeof(size_t) == 0) do { /* always true actually */ + while (n && len) { + *(out++) = ivec[n] ^= *(in++); + --len; + n = (n + 1) % 8; + } +#ifdef __STRICT_ALIGNMENT + if (((size_t)in | (size_t)out | (size_t)ivec) % + sizeof(size_t) != 0) + break; +#endif + while (len >= 8) { + Gost2814789_encrypt_mesh(ivec, key); + for (; n < 8; n += sizeof(size_t)) { + *(size_t*)(out + n) = + *(size_t*)(ivec + n) ^= + *(size_t*)(in + n); + } + len -= 8; + out += 8; + in += 8; + n = 0; + } + if (len) { + Gost2814789_encrypt_mesh(ivec, key); + while (len--) { + out[n] = ivec[n] ^= in[n]; + ++n; + } + } + *num = n; + return; + } while (0); + /* the rest would be commonly eliminated by x86* compiler */ +#endif + while (l= 8) { + Gost2814789_encrypt_mesh(ivec, key); + for (; n < 8; n += sizeof(size_t)) { + size_t t = *(size_t*)(in + n); + *(size_t*)(out + n) = + *(size_t*)(ivec + n) ^ t; + *(size_t*)(ivec + n) = t; + } + len -= 8; + out += 8; + in += 8; + n = 0; + } + if (len) { + Gost2814789_encrypt_mesh(ivec, key); + while (len--) { + unsigned char c; + + out[n] = ivec[n] ^ (c = in[n]); + ivec[n] = c; + ++n; + } + } + *num = n; + return; + } while (0); + /* the rest would be commonly eliminated by x86* compiler */ +#endif + while (l < len) { + unsigned char c; + + if (n == 0) { + Gost2814789_encrypt_mesh(ivec, key); + } + out[l] = ivec[n] ^ (c = in[l]); ivec[n] = c; + ++l; + n = (n + 1) % 8; + } + *num = n; + } +} + +static inline void +Gost2814789_cnt_next(unsigned char *ivec, unsigned char *out, + GOST2814789_KEY *key) +{ + unsigned char *p = ivec, *p2 = ivec; + unsigned int val, val2; + + if (key->count == 0) + Gost2814789_encrypt(ivec, ivec, key); + + if (key->key_meshing && key->count == 1024) { + Gost2814789_cryptopro_key_mesh(key); + Gost2814789_encrypt(ivec, ivec, key); + key->count = 0; + } + + c2l(p, val); + val2 = val + 0x01010101; + l2c(val2, p2); + + c2l(p, val); + val2 = val + 0x01010104; + if (val > val2) /* overflow */ + val2++; + l2c(val2, p2); + + Gost2814789_encrypt(ivec, out, key); + key->count += 8; +} + +void +Gost2814789_cnt_encrypt(const unsigned char *in, unsigned char *out, size_t len, + GOST2814789_KEY *key, unsigned char *ivec, unsigned char *cnt_buf, int *num) +{ + unsigned int n; + size_t l = 0; + + n = *num; + +#if !defined(OPENSSL_SMALL_FOOTPRINT) + if (8 % sizeof(size_t) == 0) do { /* always true actually */ + while (n && len) { + *(out++) = *(in++) ^ cnt_buf[n]; + --len; + n = (n + 1) % 8; + } + +#ifdef __STRICT_ALIGNMENT + if (((size_t)in | (size_t)out | (size_t)ivec) % + sizeof(size_t) != 0) + break; +#endif + while (len >= 8) { + Gost2814789_cnt_next(ivec, cnt_buf, key); + for (; n < 8; n += sizeof(size_t)) + *(size_t *)(out + n) = *(size_t *)(in + n) ^ + *(size_t *)(cnt_buf + n); + len -= 8; + out += 8; + in += 8; + n = 0; + } + if (len) { + Gost2814789_cnt_next(ivec, cnt_buf, key); + while (len--) { + out[n] = in[n] ^ cnt_buf[n]; + ++n; + } + } + *num = n; + return; + } while(0); + /* the rest would be commonly eliminated by x86* compiler */ +#endif + while (l < len) { + if (n==0) + Gost2814789_cnt_next(ivec, cnt_buf, key); + out[l] = in[l] ^ cnt_buf[n]; + ++l; + n = (n + 1) % 8; + } + + *num=n; +} + +int +GOST2814789IMIT_Init(GOST2814789IMIT_CTX *c, int nid) +{ + c->Nl = c->Nh = c->num = 0; + memset(c->mac, 0, 8); + return Gost2814789_set_sbox(&c->cipher, nid); +} + +static void +GOST2814789IMIT_block_data_order(GOST2814789IMIT_CTX *ctx, + const unsigned char *p, size_t num) +{ + int i; + + for (i = 0; i < num; i++) { + Gost2814789_mac_mesh(p, ctx->mac, &ctx->cipher); + p += 8; + } +} + +#define DATA_ORDER_IS_LITTLE_ENDIAN + +#define HASH_CBLOCK GOST2814789IMIT_CBLOCK +#define HASH_LONG GOST2814789IMIT_LONG +#define HASH_CTX GOST2814789IMIT_CTX +#define HASH_UPDATE GOST2814789IMIT_Update +#define HASH_TRANSFORM GOST2814789IMIT_Transform +#define HASH_NO_FINAL 1 +#define HASH_BLOCK_DATA_ORDER GOST2814789IMIT_block_data_order + +#include "md32_common.h" + +int +GOST2814789IMIT_Final(unsigned char *md, GOST2814789IMIT_CTX *c) +{ + if (c->num) { + memset(c->data + c->num, 0, 8 - c->num); + Gost2814789_mac_mesh(c->data, c->mac, &c->cipher); + } + if (c->Nl <= 8 * 8 && c->Nl > 0 && c->Nh == 0) { + memset(c->data, 0, 8); + Gost2814789_mac_mesh(c->data, c->mac, &c->cipher); + } + memcpy(md, c->mac, 4); + return 1; +} + +unsigned char * +GOST2814789IMIT(const unsigned char *d, size_t n, unsigned char *md, int nid, + const unsigned char *key, const unsigned char *iv) +{ + GOST2814789IMIT_CTX c; + static unsigned char m[GOST2814789IMIT_LENGTH]; + + if (md == NULL) + md = m; + GOST2814789IMIT_Init(&c, nid); + memcpy(c.mac, iv, 8); + Gost2814789_set_key(&c.cipher, key, 256); + GOST2814789IMIT_Update(&c, d, n); + GOST2814789IMIT_Final(md, &c); + explicit_bzero(&c, sizeof(c)); + return (md); +} + +#endif diff --git a/src/lib/libcrypto/gost/gost89_keywrap.c b/src/lib/libcrypto/gost/gost89_keywrap.c new file mode 100644 index 00000000000..a754c4d56ea --- /dev/null +++ b/src/lib/libcrypto/gost/gost89_keywrap.c @@ -0,0 +1,138 @@ +/* $OpenBSD: gost89_keywrap.c,v 1.3 2014/11/09 19:28:44 miod Exp $ */ +/* + * Copyright (c) 2014 Dmitry Eremin-Solenikov + * Copyright (c) 2005-2006 Cryptocom LTD + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include + +#include + +#ifndef OPENSSL_NO_GOST + +#include + +#include "gost_locl.h" + +static void +key_diversify_crypto_pro(GOST2814789_KEY *ctx, const unsigned char *inputKey, + const unsigned char *ukm, unsigned char *outputKey) +{ + unsigned long k, s1, s2; + int i, mask; + unsigned char S[8]; + unsigned char *p; + + memcpy(outputKey, inputKey, 32); + for (i = 0; i < 8; i++) { + /* Make array of integers from key */ + /* Compute IV S */ + s1 = 0, s2 = 0; + p = outputKey; + for (mask = 1; mask < 256; mask <<= 1) { + c2l(p, k); + if (mask & ukm[i]) { + s1 += k; + } else { + s2 += k; + } + } + p = S; + l2c (s1, p); + l2c (s2, p); + Gost2814789_set_key(ctx, outputKey, 256); + mask = 0; + Gost2814789_cfb64_encrypt(outputKey, outputKey, 32, ctx, S, + &mask, 1); + } +} + +int +gost_key_wrap_crypto_pro(int nid, const unsigned char *keyExchangeKey, + const unsigned char *ukm, const unsigned char *sessionKey, + unsigned char *wrappedKey) +{ + GOST2814789_KEY ctx; + unsigned char kek_ukm[32]; + + Gost2814789_set_sbox(&ctx, nid); + key_diversify_crypto_pro(&ctx, keyExchangeKey, ukm, kek_ukm); + Gost2814789_set_key(&ctx, kek_ukm, 256); + memcpy(wrappedKey, ukm, 8); + Gost2814789_encrypt(sessionKey + 0, wrappedKey + 8 + 0, &ctx); + Gost2814789_encrypt(sessionKey + 8, wrappedKey + 8 + 8, &ctx); + Gost2814789_encrypt(sessionKey + 16, wrappedKey + 8 + 16, &ctx); + Gost2814789_encrypt(sessionKey + 24, wrappedKey + 8 + 24, &ctx); + GOST2814789IMIT(sessionKey, 32, wrappedKey + 40, nid, kek_ukm, ukm); + return 1; +} + +int +gost_key_unwrap_crypto_pro(int nid, const unsigned char *keyExchangeKey, + const unsigned char *wrappedKey, unsigned char *sessionKey) +{ + unsigned char kek_ukm[32], cek_mac[4]; + GOST2814789_KEY ctx; + + Gost2814789_set_sbox(&ctx, nid); + /* First 8 bytes of wrapped Key is ukm */ + key_diversify_crypto_pro(&ctx, keyExchangeKey, wrappedKey, kek_ukm); + Gost2814789_set_key(&ctx, kek_ukm, 256); + Gost2814789_decrypt(wrappedKey + 8 + 0, sessionKey + 0, &ctx); + Gost2814789_decrypt(wrappedKey + 8 + 8, sessionKey + 8, &ctx); + Gost2814789_decrypt(wrappedKey + 8 + 16, sessionKey + 16, &ctx); + Gost2814789_decrypt(wrappedKey + 8 + 24, sessionKey + 24, &ctx); + + GOST2814789IMIT(sessionKey, 32, cek_mac, nid, kek_ukm, wrappedKey); + if (memcmp(cek_mac, wrappedKey + 40, 4)) + return 0; + + return 1; +} + +#endif diff --git a/src/lib/libcrypto/gost/gost89_params.c b/src/lib/libcrypto/gost/gost89_params.c new file mode 100644 index 00000000000..35d8f62fe96 --- /dev/null +++ b/src/lib/libcrypto/gost/gost89_params.c @@ -0,0 +1,244 @@ +/* $OpenBSD: gost89_params.c,v 1.2 2014/11/09 23:06:52 miod Exp $ */ +/* + * Copyright (c) 2014 Dmitry Eremin-Solenikov + * Copyright (c) 2005-2006 Cryptocom LTD + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include + +#include + +#ifndef OPENSSL_NO_GOST +#include +#include + +#include "gost_locl.h" + +/* Substitution blocks from test examples for GOST R 34.11-94*/ +static const gost_subst_block GostR3411_94_TestParamSet = { + {0x1,0xF,0xD,0x0,0x5,0x7,0xA,0x4,0x9,0x2,0x3,0xE,0x6,0xB,0x8,0xC}, + {0xD,0xB,0x4,0x1,0x3,0xF,0x5,0x9,0x0,0xA,0xE,0x7,0x6,0x8,0x2,0xC}, + {0x4,0xB,0xA,0x0,0x7,0x2,0x1,0xD,0x3,0x6,0x8,0x5,0x9,0xC,0xF,0xE}, + {0x6,0xC,0x7,0x1,0x5,0xF,0xD,0x8,0x4,0xA,0x9,0xE,0x0,0x3,0xB,0x2}, + {0x7,0xD,0xA,0x1,0x0,0x8,0x9,0xF,0xE,0x4,0x6,0xC,0xB,0x2,0x5,0x3}, + {0x5,0x8,0x1,0xD,0xA,0x3,0x4,0x2,0xE,0xF,0xC,0x7,0x6,0x0,0x9,0xB}, + {0xE,0xB,0x4,0xC,0x6,0xD,0xF,0xA,0x2,0x3,0x8,0x1,0x0,0x7,0x5,0x9}, + {0x4,0xA,0x9,0x2,0xD,0x8,0x0,0xE,0x6,0xB,0x1,0xC,0x7,0xF,0x5,0x3} +}; + +/* Substitution blocks for hash function 1.2.643.2.9.1.6.1 */ +static const gost_subst_block GostR3411_94_CryptoProParamSet = { + {0x1,0x3,0xA,0x9,0x5,0xB,0x4,0xF,0x8,0x6,0x7,0xE,0xD,0x0,0x2,0xC}, + {0xD,0xE,0x4,0x1,0x7,0x0,0x5,0xA,0x3,0xC,0x8,0xF,0x6,0x2,0x9,0xB}, + {0x7,0x6,0x2,0x4,0xD,0x9,0xF,0x0,0xA,0x1,0x5,0xB,0x8,0xE,0xC,0x3}, + {0x7,0x6,0x4,0xB,0x9,0xC,0x2,0xA,0x1,0x8,0x0,0xE,0xF,0xD,0x3,0x5}, + {0x4,0xA,0x7,0xC,0x0,0xF,0x2,0x8,0xE,0x1,0x6,0x5,0xD,0xB,0x9,0x3}, + {0x7,0xF,0xC,0xE,0x9,0x4,0x1,0x0,0x3,0xB,0x5,0x2,0x6,0xA,0x8,0xD}, + {0x5,0xF,0x4,0x0,0x2,0xD,0xB,0x9,0x1,0x7,0x6,0x3,0xC,0xE,0xA,0x8}, + {0xA,0x4,0x5,0x6,0x8,0x1,0x3,0x7,0xD,0xC,0xE,0x0,0x9,0x2,0xB,0xF} +}; + +/* Test paramset from GOST 28147 */ +gost_subst_block Gost28147_TestParamSet = { + {0xC,0x6,0x5,0x2,0xB,0x0,0x9,0xD,0x3,0xE,0x7,0xA,0xF,0x4,0x1,0x8}, + {0x9,0xB,0xC,0x0,0x3,0x6,0x7,0x5,0x4,0x8,0xE,0xF,0x1,0xA,0x2,0xD}, + {0x8,0xF,0x6,0xB,0x1,0x9,0xC,0x5,0xD,0x3,0x7,0xA,0x0,0xE,0x2,0x4}, + {0x3,0xE,0x5,0x9,0x6,0x8,0x0,0xD,0xA,0xB,0x7,0xC,0x2,0x1,0xF,0x4}, + {0xE,0x9,0xB,0x2,0x5,0xF,0x7,0x1,0x0,0xD,0xC,0x6,0xA,0x4,0x3,0x8}, + {0xD,0x8,0xE,0xC,0x7,0x3,0x9,0xA,0x1,0x5,0x2,0x4,0x6,0xF,0x0,0xB}, + {0xC,0x9,0xF,0xE,0x8,0x1,0x3,0xA,0x2,0x7,0x4,0xD,0x6,0x0,0xB,0x5}, + {0x4,0x2,0xF,0x5,0x9,0x1,0x0,0x8,0xE,0x3,0xB,0xC,0xD,0x7,0xA,0x6} +}; + + +/* 1.2.643.2.2.31.1 */ +static const gost_subst_block Gost28147_CryptoProParamSetA = { + {0xB,0xA,0xF,0x5,0x0,0xC,0xE,0x8,0x6,0x2,0x3,0x9,0x1,0x7,0xD,0x4}, + {0x1,0xD,0x2,0x9,0x7,0xA,0x6,0x0,0x8,0xC,0x4,0x5,0xF,0x3,0xB,0xE}, + {0x3,0xA,0xD,0xC,0x1,0x2,0x0,0xB,0x7,0x5,0x9,0x4,0x8,0xF,0xE,0x6}, + {0xB,0x5,0x1,0x9,0x8,0xD,0xF,0x0,0xE,0x4,0x2,0x3,0xC,0x7,0xA,0x6}, + {0xE,0x7,0xA,0xC,0xD,0x1,0x3,0x9,0x0,0x2,0xB,0x4,0xF,0x8,0x5,0x6}, + {0xE,0x4,0x6,0x2,0xB,0x3,0xD,0x8,0xC,0xF,0x5,0xA,0x0,0x7,0x1,0x9}, + {0x3,0x7,0xE,0x9,0x8,0xA,0xF,0x0,0x5,0x2,0x6,0xC,0xB,0x4,0xD,0x1}, + {0x9,0x6,0x3,0x2,0x8,0xB,0x1,0x7,0xA,0x4,0xE,0xF,0xC,0x0,0xD,0x5} +}; + +/* 1.2.643.2.2.31.2 */ +static const gost_subst_block Gost28147_CryptoProParamSetB = { + {0x0,0x4,0xB,0xE,0x8,0x3,0x7,0x1,0xA,0x2,0x9,0x6,0xF,0xD,0x5,0xC}, + {0x5,0x2,0xA,0xB,0x9,0x1,0xC,0x3,0x7,0x4,0xD,0x0,0x6,0xF,0x8,0xE}, + {0x8,0x3,0x2,0x6,0x4,0xD,0xE,0xB,0xC,0x1,0x7,0xF,0xA,0x0,0x9,0x5}, + {0x2,0x7,0xC,0xF,0x9,0x5,0xA,0xB,0x1,0x4,0x0,0xD,0x6,0x8,0xE,0x3}, + {0x7,0x5,0x0,0xD,0xB,0x6,0x1,0x2,0x3,0xA,0xC,0xF,0x4,0xE,0x9,0x8}, + {0xE,0xC,0x0,0xA,0x9,0x2,0xD,0xB,0x7,0x5,0x8,0xF,0x3,0x6,0x1,0x4}, + {0x0,0x1,0x2,0xA,0x4,0xD,0x5,0xC,0x9,0x7,0x3,0xF,0xB,0x8,0x6,0xE}, + {0x8,0x4,0xB,0x1,0x3,0x5,0x0,0x9,0x2,0xE,0xA,0xC,0xD,0x6,0x7,0xF} +}; + +/* 1.2.643.2.2.31.3 */ +static const gost_subst_block Gost28147_CryptoProParamSetC = { + {0x7,0x4,0x0,0x5,0xA,0x2,0xF,0xE,0xC,0x6,0x1,0xB,0xD,0x9,0x3,0x8}, + {0xA,0x9,0x6,0x8,0xD,0xE,0x2,0x0,0xF,0x3,0x5,0xB,0x4,0x1,0xC,0x7}, + {0xC,0x9,0xB,0x1,0x8,0xE,0x2,0x4,0x7,0x3,0x6,0x5,0xA,0x0,0xF,0xD}, + {0x8,0xD,0xB,0x0,0x4,0x5,0x1,0x2,0x9,0x3,0xC,0xE,0x6,0xF,0xA,0x7}, + {0x3,0x6,0x0,0x1,0x5,0xD,0xA,0x8,0xB,0x2,0x9,0x7,0xE,0xF,0xC,0x4}, + {0x8,0x2,0x5,0x0,0x4,0x9,0xF,0xA,0x3,0x7,0xC,0xD,0x6,0xE,0x1,0xB}, + {0x0,0x1,0x7,0xD,0xB,0x4,0x5,0x2,0x8,0xE,0xF,0xC,0x9,0xA,0x6,0x3}, + {0x1,0xB,0xC,0x2,0x9,0xD,0x0,0xF,0x4,0x5,0x8,0xE,0xA,0x7,0x6,0x3} +}; + +/* 1.2.643.2.2.31.4 */ +static const gost_subst_block Gost28147_CryptoProParamSetD = { + {0x1,0xA,0x6,0x8,0xF,0xB,0x0,0x4,0xC,0x3,0x5,0x9,0x7,0xD,0x2,0xE}, + {0x3,0x0,0x6,0xF,0x1,0xE,0x9,0x2,0xD,0x8,0xC,0x4,0xB,0xA,0x5,0x7}, + {0x8,0x0,0xF,0x3,0x2,0x5,0xE,0xB,0x1,0xA,0x4,0x7,0xC,0x9,0xD,0x6}, + {0x0,0xC,0x8,0x9,0xD,0x2,0xA,0xB,0x7,0x3,0x6,0x5,0x4,0xE,0xF,0x1}, + {0x1,0x5,0xE,0xC,0xA,0x7,0x0,0xD,0x6,0x2,0xB,0x4,0x9,0x3,0xF,0x8}, + {0x1,0xC,0xB,0x0,0xF,0xE,0x6,0x5,0xA,0xD,0x4,0x8,0x9,0x3,0x7,0x2}, + {0xB,0x6,0x3,0x4,0xC,0xF,0xE,0x2,0x7,0xD,0x8,0x0,0x5,0xA,0x9,0x1}, + {0xF,0xC,0x2,0xA,0x6,0x4,0x5,0x0,0x7,0x9,0xE,0xD,0x1,0xB,0x8,0x3} +}; + +static const gost_subst_block Gost28147_TC26ParamSetZ = { + {0x1,0x7,0xe,0xd,0x0,0x5,0x8,0x3,0x4,0xf,0xa,0x6,0x9,0xc,0xb,0x2}, + {0x8,0xe,0x2,0x5,0x6,0x9,0x1,0xc,0xf,0x4,0xb,0x0,0xd,0xa,0x3,0x7}, + {0x5,0xd,0xf,0x6,0x9,0x2,0xc,0xa,0xb,0x7,0x8,0x1,0x4,0x3,0xe,0x0}, + {0x7,0xf,0x5,0xa,0x8,0x1,0x6,0xd,0x0,0x9,0x3,0xe,0xb,0x4,0x2,0xc}, + {0xc,0x8,0x2,0x1,0xd,0x4,0xf,0x6,0x7,0x0,0xa,0x5,0x3,0xe,0x9,0xb}, + {0xb,0x3,0x5,0x8,0x2,0xf,0xa,0xd,0xe,0x1,0x7,0x4,0xc,0x9,0x6,0x0}, + {0x6,0x8,0x2,0x3,0x9,0xa,0x5,0xc,0x1,0xe,0x4,0x7,0xb,0xd,0x0,0xf}, + {0xc,0x4,0x6,0x2,0xa,0x5,0xb,0x9,0xe,0x8,0xd,0x7,0x0,0x3,0xf,0x1} +}; + +static const unsigned char CryptoProKeyMeshingKey[] = { + 0x69, 0x00, 0x72, 0x22, 0x64, 0xC9, 0x04, 0x23, + 0x8D, 0x3A, 0xDB, 0x96, 0x46, 0xE9, 0x2A, 0xC4, + 0x18, 0xFE, 0xAC, 0x94, 0x00, 0xED, 0x07, 0x12, + 0xC0, 0x86, 0xDC, 0xC2, 0xEF, 0x4C, 0xA9, 0x2B +}; + +static const struct gost89_parameters_info { + int nid; + const gost_subst_block *sblock; + int key_meshing; +} gost_cipher_list[] = +{ + {NID_id_Gost28147_89_CryptoPro_A_ParamSet,&Gost28147_CryptoProParamSetA,1}, + {NID_id_Gost28147_89_CryptoPro_B_ParamSet,&Gost28147_CryptoProParamSetB,1}, + {NID_id_Gost28147_89_CryptoPro_C_ParamSet,&Gost28147_CryptoProParamSetC,1}, + {NID_id_Gost28147_89_CryptoPro_D_ParamSet,&Gost28147_CryptoProParamSetD,1}, + {NID_id_tc26_gost_28147_param_Z,&Gost28147_TC26ParamSetZ,1}, + {NID_id_Gost28147_89_TestParamSet,&Gost28147_TestParamSet,0}, + {NID_id_GostR3411_94_TestParamSet,&GostR3411_94_TestParamSet,0}, + {NID_id_GostR3411_94_CryptoProParamSet,&GostR3411_94_CryptoProParamSet,0}, + {NID_undef,NULL,0} +}; + +int +Gost2814789_set_sbox(GOST2814789_KEY *key, int nid) +{ + int i; + const gost_subst_block *b = NULL; + unsigned int t; + + for (i = 0; gost_cipher_list[i].nid != NID_undef; i++) { + if (gost_cipher_list[i].nid != nid) + continue; + + b = gost_cipher_list[i].sblock; + key->key_meshing = gost_cipher_list[i].key_meshing; + break; + } + + if (b == NULL) + return 0; + + for (i = 0; i < 256; i++) { + t = (unsigned int)(b->k8[i >> 4] <<4 | b->k7 [i & 15]) << 24; + key->k87[i] = (t << 11) | (t >> 21); + t = (unsigned int)(b->k6[i >> 4] <<4 | b->k5 [i & 15]) << 16; + key->k65[i] = (t << 11) | (t >> 21); + t = (unsigned int)(b->k4[i >> 4] <<4 | b->k3 [i & 15]) << 8; + key->k43[i] = (t << 11) | (t >> 21); + t = (unsigned int)(b->k2[i >> 4] <<4 | b->k1 [i & 15]) << 0; + key->k21[i] = (t << 11) | (t >> 21); + } + + return 1; +} + +int +Gost2814789_set_key(GOST2814789_KEY *key, const unsigned char *userKey, + const int bits) +{ + int i; + + if (bits != 256) + return 0; + + for (i = 0; i < 8; i++) + c2l(userKey, key->key[i]); + + key->count = 0; + + return 1; +} + +void +Gost2814789_cryptopro_key_mesh(GOST2814789_KEY *key) +{ + unsigned char newkey[32]; + + Gost2814789_decrypt(CryptoProKeyMeshingKey + 0, newkey + 0, key); + Gost2814789_decrypt(CryptoProKeyMeshingKey + 8, newkey + 8, key); + Gost2814789_decrypt(CryptoProKeyMeshingKey + 16, newkey + 16, key); + Gost2814789_decrypt(CryptoProKeyMeshingKey + 24, newkey + 24, key); + + Gost2814789_set_key(key, newkey, 256); +} +#endif diff --git a/src/lib/libcrypto/gost/gost89imit_ameth.c b/src/lib/libcrypto/gost/gost89imit_ameth.c new file mode 100644 index 00000000000..a2631d97f8a --- /dev/null +++ b/src/lib/libcrypto/gost/gost89imit_ameth.c @@ -0,0 +1,88 @@ +/* $OpenBSD: gost89imit_ameth.c,v 1.2 2014/11/09 23:06:52 miod Exp $ */ +/* + * Copyright (c) 2014 Dmitry Eremin-Solenikov + * Copyright (c) 2005-2006 Cryptocom LTD + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include + +#ifndef OPENSSL_NO_GOST +#include + +#include "asn1_locl.h" + +static void +mackey_free_gost(EVP_PKEY *pk) +{ + free(pk->pkey.ptr); +} + +static int +mac_ctrl_gost(EVP_PKEY *pkey, int op, long arg1, void *arg2) +{ + switch (op) { + case ASN1_PKEY_CTRL_DEFAULT_MD_NID: + *(int *)arg2 = NID_id_Gost28147_89_MAC; + return 2; + } + return -2; +} + +const EVP_PKEY_ASN1_METHOD gostimit_asn1_meth = { + .pkey_id = EVP_PKEY_GOSTIMIT, + .pkey_base_id = EVP_PKEY_GOSTIMIT, + .pkey_flags = ASN1_PKEY_SIGPARAM_NULL, + + .pem_str = "GOST-MAC", + .info = "GOST 28147-89 MAC", + + .pkey_free = mackey_free_gost, + .pkey_ctrl = mac_ctrl_gost, +}; + +#endif diff --git a/src/lib/libcrypto/gost/gost89imit_pmeth.c b/src/lib/libcrypto/gost/gost89imit_pmeth.c new file mode 100644 index 00000000000..1959b361635 --- /dev/null +++ b/src/lib/libcrypto/gost/gost89imit_pmeth.c @@ -0,0 +1,248 @@ +/* $OpenBSD: gost89imit_pmeth.c,v 1.4 2017/01/29 17:49:23 beck Exp $ */ +/* + * Copyright (c) 2014 Dmitry Eremin-Solenikov + * Copyright (c) 2005-2006 Cryptocom LTD + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include + +#include + +#ifndef OPENSSL_NO_GOST +#include +#include +#include +#include /* For string_to_hex */ + +#include "evp_locl.h" +#include "gost_locl.h" + +struct gost_mac_pmeth_data { + EVP_MD *md; + unsigned char key[32]; + unsigned key_set :1; +}; + +static int +pkey_gost_mac_init(EVP_PKEY_CTX *ctx) +{ + struct gost_mac_pmeth_data *data; + + data = calloc(1, sizeof(struct gost_mac_pmeth_data)); + if (data == NULL) + return 0; + EVP_PKEY_CTX_set_data(ctx, data); + return 1; +} + +static void +pkey_gost_mac_cleanup(EVP_PKEY_CTX *ctx) +{ + struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx); + free(data); +} + +static int +pkey_gost_mac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) +{ + struct gost_mac_pmeth_data *dst_data, *src_data; + + if (pkey_gost_mac_init(dst) == 0) + return 0; + + src_data = EVP_PKEY_CTX_get_data(src); + dst_data = EVP_PKEY_CTX_get_data(dst); + + *dst_data = *src_data; + + return 1; +} + +static int +pkey_gost_mac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) +{ + struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx); + unsigned char *keydata; + + if (!data->key_set) { + GOSTerror(GOST_R_MAC_KEY_NOT_SET); + return 0; + } + + keydata = malloc(32); + if (keydata == NULL) { + GOSTerror(ERR_R_MALLOC_FAILURE); + return 0; + } + memcpy(keydata, data->key, 32); + EVP_PKEY_assign(pkey, NID_id_Gost28147_89_MAC, keydata); + + return 1; +} + +static int +pkey_gost_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) +{ + struct gost_mac_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx); + + switch (type) { + case EVP_PKEY_CTRL_MD: + if (EVP_MD_type(p2) != NID_id_Gost28147_89_MAC) { + GOSTerror(GOST_R_INVALID_DIGEST_TYPE); + return 0; + } + data->md = p2; + return 1; + + case EVP_PKEY_CTRL_SET_MAC_KEY: + if (p1 != 32) { + GOSTerror(GOST_R_INVALID_MAC_KEY_LENGTH); + return 0; + } + + memcpy(data->key, p2, 32); + data->key_set = 1; + return 1; + + case EVP_PKEY_CTRL_DIGESTINIT: + { + EVP_MD_CTX *mctx = p2; + void *key; + + if (!data->key_set) { + EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx); + if (pkey == NULL) { + GOSTerror(GOST_R_MAC_KEY_NOT_SET); + return 0; + } + key = EVP_PKEY_get0(pkey); + if (key == NULL) { + GOSTerror(GOST_R_MAC_KEY_NOT_SET); + return 0; + } + } else { + key = &(data->key); + } + if (mctx->digest->md_ctrl == NULL) + return 0; + return mctx->digest->md_ctrl(mctx, EVP_MD_CTRL_SET_KEY, 32 * 8, + key); + } + + } + + return -2; +} + +static int +pkey_gost_mac_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value) +{ + if (value == NULL) + return 0; + if (strcmp(type, "key") == 0) { + void *p = (void *)value; + return pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, + strlen(value), p); + } + if (strcmp(type, "hexkey") == 0) { + unsigned char *key; + int r; + long keylen; + + key = string_to_hex(value, &keylen); + if (key == NULL) + return 0; + r = pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, keylen, + key); + free(key); + return r; + } + return -2; +} + +static int +pkey_gost_mac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) +{ + return 1; +} + +static int +pkey_gost_mac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + EVP_MD_CTX *mctx) +{ + /* for platforms where sizeof(int) != sizeof(size_t)*/ + unsigned int tmpsiglen = *siglen; + int ret; + + if (sig == NULL) { + *siglen = 4; + return 1; + } + + ret = EVP_DigestFinal_ex(mctx, sig, &tmpsiglen); + *siglen = tmpsiglen; + return ret; +} + +const EVP_PKEY_METHOD gostimit_pkey_meth = { + .pkey_id = EVP_PKEY_GOSTIMIT, + + .init = pkey_gost_mac_init, + .cleanup = pkey_gost_mac_cleanup, + .copy = pkey_gost_mac_copy, + + .keygen = pkey_gost_mac_keygen, + + .signctx_init = pkey_gost_mac_signctx_init, + .signctx = pkey_gost_mac_signctx, + + .ctrl = pkey_gost_mac_ctrl, + .ctrl_str = pkey_gost_mac_ctrl_str, +}; + +#endif diff --git a/src/lib/libcrypto/gost/gost_asn1.c b/src/lib/libcrypto/gost/gost_asn1.c new file mode 100644 index 00000000000..2652162777b --- /dev/null +++ b/src/lib/libcrypto/gost/gost_asn1.c @@ -0,0 +1,295 @@ +/********************************************************************** + * gost_keytrans.c * + * Copyright (c) 2005-2006 Cryptocom LTD * + * This file is distributed under the same license as OpenSSL * + * * + * ASN1 structure definition for GOST key transport * + * Requires OpenSSL 0.9.9 for compilation * + **********************************************************************/ + +#include + +#ifndef OPENSSL_NO_GOST +#include +#include +#include + +#include "gost_locl.h" +#include "gost_asn1.h" + +static const ASN1_TEMPLATE GOST_KEY_TRANSPORT_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(GOST_KEY_TRANSPORT, key_info), + .field_name = "key_info", + .item = &GOST_KEY_INFO_it, + }, + { + .flags = ASN1_TFLG_IMPLICIT, + .tag = 0, + .offset = offsetof(GOST_KEY_TRANSPORT, key_agreement_info), + .field_name = "key_agreement_info", + .item = &GOST_KEY_AGREEMENT_INFO_it, + }, +}; + +const ASN1_ITEM GOST_KEY_TRANSPORT_it = { + .itype = ASN1_ITYPE_NDEF_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = GOST_KEY_TRANSPORT_seq_tt, + .tcount = sizeof(GOST_KEY_TRANSPORT_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(GOST_KEY_TRANSPORT), + .sname = "GOST_KEY_TRANSPORT", +}; + +GOST_KEY_TRANSPORT * +d2i_GOST_KEY_TRANSPORT(GOST_KEY_TRANSPORT **a, const unsigned char **in, long len) +{ + return (GOST_KEY_TRANSPORT *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &GOST_KEY_TRANSPORT_it); +} + +int +i2d_GOST_KEY_TRANSPORT(GOST_KEY_TRANSPORT *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &GOST_KEY_TRANSPORT_it); +} + +GOST_KEY_TRANSPORT * +GOST_KEY_TRANSPORT_new(void) +{ + return (GOST_KEY_TRANSPORT *)ASN1_item_new(&GOST_KEY_TRANSPORT_it); +} + +void +GOST_KEY_TRANSPORT_free(GOST_KEY_TRANSPORT *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &GOST_KEY_TRANSPORT_it); +} + +static const ASN1_TEMPLATE GOST_KEY_INFO_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(GOST_KEY_INFO, encrypted_key), + .field_name = "encrypted_key", + .item = &ASN1_OCTET_STRING_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(GOST_KEY_INFO, imit), + .field_name = "imit", + .item = &ASN1_OCTET_STRING_it, + }, +}; + +const ASN1_ITEM GOST_KEY_INFO_it = { + .itype = ASN1_ITYPE_NDEF_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = GOST_KEY_INFO_seq_tt, + .tcount = sizeof(GOST_KEY_INFO_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(GOST_KEY_INFO), + .sname = "GOST_KEY_INFO", +}; + +GOST_KEY_INFO * +d2i_GOST_KEY_INFO(GOST_KEY_INFO **a, const unsigned char **in, long len) +{ + return (GOST_KEY_INFO *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &GOST_KEY_INFO_it); +} + +int +i2d_GOST_KEY_INFO(GOST_KEY_INFO *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &GOST_KEY_INFO_it); +} + +GOST_KEY_INFO * +GOST_KEY_INFO_new(void) +{ + return (GOST_KEY_INFO *)ASN1_item_new(&GOST_KEY_INFO_it); +} + +void +GOST_KEY_INFO_free(GOST_KEY_INFO *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &GOST_KEY_INFO_it); +} + +static const ASN1_TEMPLATE GOST_KEY_AGREEMENT_INFO_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(GOST_KEY_AGREEMENT_INFO, cipher), + .field_name = "cipher", + .item = &ASN1_OBJECT_it, + }, + { + .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(GOST_KEY_AGREEMENT_INFO, ephem_key), + .field_name = "ephem_key", + .item = &X509_PUBKEY_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(GOST_KEY_AGREEMENT_INFO, eph_iv), + .field_name = "eph_iv", + .item = &ASN1_OCTET_STRING_it, + }, +}; + +const ASN1_ITEM GOST_KEY_AGREEMENT_INFO_it = { + .itype = ASN1_ITYPE_NDEF_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = GOST_KEY_AGREEMENT_INFO_seq_tt, + .tcount = sizeof(GOST_KEY_AGREEMENT_INFO_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(GOST_KEY_AGREEMENT_INFO), + .sname = "GOST_KEY_AGREEMENT_INFO", +}; + +GOST_KEY_AGREEMENT_INFO * +d2i_GOST_KEY_AGREEMENT_INFO(GOST_KEY_AGREEMENT_INFO **a, const unsigned char **in, long len) +{ + return (GOST_KEY_AGREEMENT_INFO *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &GOST_KEY_AGREEMENT_INFO_it); +} + +int +i2d_GOST_KEY_AGREEMENT_INFO(GOST_KEY_AGREEMENT_INFO *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &GOST_KEY_AGREEMENT_INFO_it); +} + +GOST_KEY_AGREEMENT_INFO * +GOST_KEY_AGREEMENT_INFO_new(void) +{ + return (GOST_KEY_AGREEMENT_INFO *)ASN1_item_new(&GOST_KEY_AGREEMENT_INFO_it); +} + +void +GOST_KEY_AGREEMENT_INFO_free(GOST_KEY_AGREEMENT_INFO *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &GOST_KEY_AGREEMENT_INFO_it); +} + + +static const ASN1_TEMPLATE GOST_KEY_PARAMS_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(GOST_KEY_PARAMS, key_params), + .field_name = "key_params", + .item = &ASN1_OBJECT_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(GOST_KEY_PARAMS, hash_params), + .field_name = "hash_params", + .item = &ASN1_OBJECT_it, + }, + { + .flags = ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(GOST_KEY_PARAMS, cipher_params), + .field_name = "cipher_params", + .item = &ASN1_OBJECT_it, + }, +}; + +const ASN1_ITEM GOST_KEY_PARAMS_it = { + .itype = ASN1_ITYPE_NDEF_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = GOST_KEY_PARAMS_seq_tt, + .tcount = sizeof(GOST_KEY_PARAMS_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(GOST_KEY_PARAMS), + .sname = "GOST_KEY_PARAMS", +}; + +GOST_KEY_PARAMS * +d2i_GOST_KEY_PARAMS(GOST_KEY_PARAMS **a, const unsigned char **in, long len) +{ + return (GOST_KEY_PARAMS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &GOST_KEY_PARAMS_it); +} + +int +i2d_GOST_KEY_PARAMS(GOST_KEY_PARAMS *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &GOST_KEY_PARAMS_it); +} + +GOST_KEY_PARAMS * +GOST_KEY_PARAMS_new(void) +{ + return (GOST_KEY_PARAMS *)ASN1_item_new(&GOST_KEY_PARAMS_it); +} + +void +GOST_KEY_PARAMS_free(GOST_KEY_PARAMS *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &GOST_KEY_PARAMS_it); +} + +static const ASN1_TEMPLATE GOST_CIPHER_PARAMS_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(GOST_CIPHER_PARAMS, iv), + .field_name = "iv", + .item = &ASN1_OCTET_STRING_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(GOST_CIPHER_PARAMS, enc_param_set), + .field_name = "enc_param_set", + .item = &ASN1_OBJECT_it, + }, +}; + +const ASN1_ITEM GOST_CIPHER_PARAMS_it = { + .itype = ASN1_ITYPE_NDEF_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = GOST_CIPHER_PARAMS_seq_tt, + .tcount = sizeof(GOST_CIPHER_PARAMS_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(GOST_CIPHER_PARAMS), + .sname = "GOST_CIPHER_PARAMS", +}; + +GOST_CIPHER_PARAMS * +d2i_GOST_CIPHER_PARAMS(GOST_CIPHER_PARAMS **a, const unsigned char **in, long len) +{ + return (GOST_CIPHER_PARAMS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &GOST_CIPHER_PARAMS_it); +} + +int +i2d_GOST_CIPHER_PARAMS(GOST_CIPHER_PARAMS *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &GOST_CIPHER_PARAMS_it); +} + +GOST_CIPHER_PARAMS * +GOST_CIPHER_PARAMS_new(void) +{ + return (GOST_CIPHER_PARAMS *)ASN1_item_new(&GOST_CIPHER_PARAMS_it); +} + +void +GOST_CIPHER_PARAMS_free(GOST_CIPHER_PARAMS *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &GOST_CIPHER_PARAMS_it); +} + +#endif diff --git a/src/lib/libcrypto/gost/gost_asn1.h b/src/lib/libcrypto/gost/gost_asn1.h new file mode 100644 index 00000000000..7cabfc79c96 --- /dev/null +++ b/src/lib/libcrypto/gost/gost_asn1.h @@ -0,0 +1,107 @@ +/* $OpenBSD: gost_asn1.h,v 1.3 2016/12/21 15:49:29 jsing Exp $ */ +/* + * Copyright (c) 2014 Dmitry Eremin-Solenikov + * Copyright (c) 2005-2006 Cryptocom LTD + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#ifndef HEADER_GOST_ASN1_H +#define HEADER_GOST_ASN1_H + +#include + +__BEGIN_HIDDEN_DECLS + +typedef struct { + ASN1_OCTET_STRING *encrypted_key; + ASN1_OCTET_STRING *imit; +} GOST_KEY_INFO; + +GOST_KEY_INFO *GOST_KEY_INFO_new(void); +void GOST_KEY_INFO_free(GOST_KEY_INFO *a); +GOST_KEY_INFO *d2i_GOST_KEY_INFO(GOST_KEY_INFO **a, const unsigned char **in, long len); +int i2d_GOST_KEY_INFO(GOST_KEY_INFO *a, unsigned char **out); +extern const ASN1_ITEM GOST_KEY_INFO_it; + +typedef struct { + ASN1_OBJECT *cipher; + X509_PUBKEY *ephem_key; + ASN1_OCTET_STRING *eph_iv; +} GOST_KEY_AGREEMENT_INFO; + +GOST_KEY_AGREEMENT_INFO *GOST_KEY_AGREEMENT_INFO_new(void); +void GOST_KEY_AGREEMENT_INFO_free(GOST_KEY_AGREEMENT_INFO *a); +GOST_KEY_AGREEMENT_INFO *d2i_GOST_KEY_AGREEMENT_INFO(GOST_KEY_AGREEMENT_INFO **a, const unsigned char **in, long len); +int i2d_GOST_KEY_AGREEMENT_INFO(GOST_KEY_AGREEMENT_INFO *a, unsigned char **out); +extern const ASN1_ITEM GOST_KEY_AGREEMENT_INFO_it; + +typedef struct { + GOST_KEY_INFO *key_info; + GOST_KEY_AGREEMENT_INFO *key_agreement_info; +} GOST_KEY_TRANSPORT; + +GOST_KEY_TRANSPORT *GOST_KEY_TRANSPORT_new(void); +void GOST_KEY_TRANSPORT_free(GOST_KEY_TRANSPORT *a); +GOST_KEY_TRANSPORT *d2i_GOST_KEY_TRANSPORT(GOST_KEY_TRANSPORT **a, const unsigned char **in, long len); +int i2d_GOST_KEY_TRANSPORT(GOST_KEY_TRANSPORT *a, unsigned char **out); +extern const ASN1_ITEM GOST_KEY_TRANSPORT_it; + +typedef struct { + ASN1_OBJECT *key_params; + ASN1_OBJECT *hash_params; + ASN1_OBJECT *cipher_params; +} GOST_KEY_PARAMS; + +GOST_KEY_PARAMS *GOST_KEY_PARAMS_new(void); +void GOST_KEY_PARAMS_free(GOST_KEY_PARAMS *a); +GOST_KEY_PARAMS *d2i_GOST_KEY_PARAMS(GOST_KEY_PARAMS **a, const unsigned char **in, long len); +int i2d_GOST_KEY_PARAMS(GOST_KEY_PARAMS *a, unsigned char **out); +extern const ASN1_ITEM GOST_KEY_PARAMS_it; + +__END_HIDDEN_DECLS + +#endif diff --git a/src/lib/libcrypto/gost/gost_err.c b/src/lib/libcrypto/gost/gost_err.c new file mode 100644 index 00000000000..3bf60ff0639 --- /dev/null +++ b/src/lib/libcrypto/gost/gost_err.c @@ -0,0 +1,115 @@ +/* crypto/gost/gost_err.c */ +/* ==================================================================== + * Copyright (c) 1999-2014 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ + +#include +#include +#include + +/* BEGIN ERROR CODES */ +#ifndef OPENSSL_NO_ERR + +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_GOST,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_GOST,0,reason) + +static ERR_STRING_DATA GOST_str_functs[]= { + {ERR_FUNC(0xfff), "CRYPTO_internal"}, + {0, NULL} +}; + +static ERR_STRING_DATA GOST_str_reasons[]= + { +{ERR_REASON(GOST_R_BAD_KEY_PARAMETERS_FORMAT),"bad key parameters format"}, +{ERR_REASON(GOST_R_BAD_PKEY_PARAMETERS_FORMAT),"bad pkey parameters format"}, +{ERR_REASON(GOST_R_CANNOT_PACK_EPHEMERAL_KEY),"cannot pack ephemeral key"}, +{ERR_REASON(GOST_R_CTRL_CALL_FAILED) ,"ctrl call failed"}, +{ERR_REASON(GOST_R_ERROR_COMPUTING_SHARED_KEY),"error computing shared key"}, +{ERR_REASON(GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO),"error parsing key transport info"}, +{ERR_REASON(GOST_R_INCOMPATIBLE_ALGORITHMS),"incompatible algorithms"}, +{ERR_REASON(GOST_R_INCOMPATIBLE_PEER_KEY),"incompatible peer key"}, +{ERR_REASON(GOST_R_INVALID_DIGEST_TYPE) ,"invalid digest type"}, +{ERR_REASON(GOST_R_INVALID_IV_LENGTH) ,"invalid iv length"}, +{ERR_REASON(GOST_R_INVALID_MAC_KEY_LENGTH),"invalid mac key length"}, +{ERR_REASON(GOST_R_KEY_IS_NOT_INITIALIZED),"key is not initialized"}, +{ERR_REASON(GOST_R_KEY_PARAMETERS_MISSING),"key parameters missing"}, +{ERR_REASON(GOST_R_MAC_KEY_NOT_SET) ,"mac key not set"}, +{ERR_REASON(GOST_R_NO_PARAMETERS_SET) ,"no parameters set"}, +{ERR_REASON(GOST_R_NO_PEER_KEY) ,"no peer key"}, +{ERR_REASON(GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR),"no private part of non ephemeral keypair"}, +{ERR_REASON(GOST_R_PUBLIC_KEY_UNDEFINED) ,"public key undefined"}, +{ERR_REASON(GOST_R_RANDOM_NUMBER_GENERATOR_FAILED),"random number generator failed"}, +{ERR_REASON(GOST_R_SIGNATURE_MISMATCH) ,"signature mismatch"}, +{ERR_REASON(GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q),"signature parts greater than q"}, +{ERR_REASON(GOST_R_UKM_NOT_SET) ,"ukm not set"}, +{0,NULL} + }; + +#endif + +void ERR_load_GOST_strings(void) + { +#ifndef OPENSSL_NO_ERR + + if (ERR_func_error_string(GOST_str_functs[0].error) == NULL) + { + ERR_load_strings(0,GOST_str_functs); + ERR_load_strings(0,GOST_str_reasons); + } +#endif + } diff --git a/src/lib/libcrypto/gost/gost_locl.h b/src/lib/libcrypto/gost/gost_locl.h new file mode 100644 index 00000000000..b2e2c1362a0 --- /dev/null +++ b/src/lib/libcrypto/gost/gost_locl.h @@ -0,0 +1,117 @@ +/* $OpenBSD: gost_locl.h,v 1.4 2016/12/21 15:49:29 jsing Exp $ */ +/* + * Copyright (c) 2014 Dmitry Eremin-Solenikov + * Copyright (c) 2005-2006 Cryptocom LTD + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#ifndef HEADER_GOST_LOCL_H +#define HEADER_GOST_LOCL_H + +#include +#include + +__BEGIN_HIDDEN_DECLS + +/* Internal representation of GOST substitution blocks */ +typedef struct { + unsigned char k8[16]; + unsigned char k7[16]; + unsigned char k6[16]; + unsigned char k5[16]; + unsigned char k4[16]; + unsigned char k3[16]; + unsigned char k2[16]; + unsigned char k1[16]; +} gost_subst_block; + +#if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) +# define c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4) +# define l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4) +#else +#define c2l(c,l) (l =(((unsigned long)(*((c)++))) ), \ + l|=(((unsigned long)(*((c)++)))<< 8), \ + l|=(((unsigned long)(*((c)++)))<<16), \ + l|=(((unsigned long)(*((c)++)))<<24)) +#define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ + *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ + *((c)++)=(unsigned char)(((l)>>16)&0xff), \ + *((c)++)=(unsigned char)(((l)>>24)&0xff)) +#endif + +extern void Gost2814789_encrypt(const unsigned char *in, unsigned char *out, + const GOST2814789_KEY *key); +extern void Gost2814789_decrypt(const unsigned char *in, unsigned char *out, + const GOST2814789_KEY *key); +extern void Gost2814789_cryptopro_key_mesh(GOST2814789_KEY *key); + +/* GOST 28147-89 key wrapping */ +extern int gost_key_unwrap_crypto_pro(int nid, + const unsigned char *keyExchangeKey, const unsigned char *wrappedKey, + unsigned char *sessionKey); +extern int gost_key_wrap_crypto_pro(int nid, + const unsigned char *keyExchangeKey, const unsigned char *ukm, + const unsigned char *sessionKey, unsigned char *wrappedKey); +/* Pkey part */ +extern int gost2001_compute_public(GOST_KEY *ec); +extern ECDSA_SIG *gost2001_do_sign(BIGNUM *md, GOST_KEY *eckey); +extern int gost2001_do_verify(BIGNUM *md, ECDSA_SIG *sig, GOST_KEY *ec); +extern int gost2001_keygen(GOST_KEY *ec); +extern int VKO_compute_key(BIGNUM *X, BIGNUM *Y, const GOST_KEY *pkey, + GOST_KEY *priv_key, const BIGNUM *ukm); +extern BIGNUM *GOST_le2bn(const unsigned char *buf, size_t len, BIGNUM *bn); +extern int GOST_bn2le(BIGNUM *bn, unsigned char *buf, int len); + +/* GOST R 34.10 parameters */ +extern int GostR3410_get_md_digest(int nid); +extern int GostR3410_get_pk_digest(int nid); +extern int GostR3410_256_param_id(const char *value); +extern int GostR3410_512_param_id(const char *value); + +__END_HIDDEN_DECLS + +#endif diff --git a/src/lib/libcrypto/gost/gostr341001.c b/src/lib/libcrypto/gost/gostr341001.c new file mode 100644 index 00000000000..ba70d5f1fc3 --- /dev/null +++ b/src/lib/libcrypto/gost/gostr341001.c @@ -0,0 +1,398 @@ +/* $OpenBSD: gostr341001.c,v 1.7 2017/01/29 17:49:23 beck Exp $ */ +/* + * Copyright (c) 2014 Dmitry Eremin-Solenikov + * Copyright (c) 2005-2006 Cryptocom LTD + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include + +#include + +#ifndef OPENSSL_NO_GOST +#include +#include +#include + +#include "bn_lcl.h" +#include "gost_locl.h" + +/* Convert little-endian byte array into bignum */ +BIGNUM * +GOST_le2bn(const unsigned char *buf, size_t len, BIGNUM *bn) +{ + unsigned char temp[64]; + int i; + + if (len > 64) + return NULL; + + for (i = 0; i < len; i++) { + temp[len - 1 - i] = buf[i]; + } + + return BN_bin2bn(temp, len, bn); +} + +int +GOST_bn2le(BIGNUM *bn, unsigned char *buf, int len) +{ + unsigned char temp[64]; + int i, bytes; + + bytes = BN_num_bytes(bn); + if (len > 64 || bytes > len) + return 0; + + BN_bn2bin(bn, temp); + + for (i = 0; i < bytes; i++) { + buf[bytes - 1 - i] = temp[i]; + } + + memset(buf + bytes, 0, len - bytes); + + return 1; +} + +int +gost2001_compute_public(GOST_KEY *ec) +{ + const EC_GROUP *group = GOST_KEY_get0_group(ec); + EC_POINT *pub_key = NULL; + const BIGNUM *priv_key = NULL; + BN_CTX *ctx = NULL; + int ok = 0; + + if (group == NULL) { + GOSTerror(GOST_R_KEY_IS_NOT_INITIALIZED); + return 0; + } + ctx = BN_CTX_new(); + if (ctx == NULL) { + GOSTerror(ERR_R_MALLOC_FAILURE); + return 0; + } + BN_CTX_start(ctx); + if ((priv_key = GOST_KEY_get0_private_key(ec)) == NULL) + goto err; + + pub_key = EC_POINT_new(group); + if (pub_key == NULL) + goto err; + if (EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx) == 0) + goto err; + if (GOST_KEY_set_public_key(ec, pub_key) == 0) + goto err; + ok = 1; + + if (ok == 0) { +err: + GOSTerror(ERR_R_EC_LIB); + } + EC_POINT_free(pub_key); + if (ctx != NULL) { + BN_CTX_end(ctx); + BN_CTX_free(ctx); + } + return ok; +} + +ECDSA_SIG * +gost2001_do_sign(BIGNUM *md, GOST_KEY *eckey) +{ + ECDSA_SIG *newsig = NULL; + BIGNUM *order = NULL; + const EC_GROUP *group; + const BIGNUM *priv_key; + BIGNUM *r = NULL, *s = NULL, *X = NULL, *tmp = NULL, *tmp2 = NULL, *k = + NULL, *e = NULL; + EC_POINT *C = NULL; + BN_CTX *ctx = BN_CTX_new(); + int ok = 0; + + if (ctx == NULL) { + GOSTerror(ERR_R_MALLOC_FAILURE); + return NULL; + } + BN_CTX_start(ctx); + newsig = ECDSA_SIG_new(); + if (newsig == NULL) { + GOSTerror(ERR_R_MALLOC_FAILURE); + goto err; + } + s = newsig->s; + r = newsig->r; + group = GOST_KEY_get0_group(eckey); + if ((order = BN_CTX_get(ctx)) == NULL) + goto err; + if (EC_GROUP_get_order(group, order, ctx) == 0) + goto err; + priv_key = GOST_KEY_get0_private_key(eckey); + if ((e = BN_CTX_get(ctx)) == NULL) + goto err; + if (BN_mod_ct(e, md, order, ctx) == 0) + goto err; + if (BN_is_zero(e)) + BN_one(e); + if ((k = BN_CTX_get(ctx)) == NULL) + goto err; + if ((X = BN_CTX_get(ctx)) == NULL) + goto err; + if ((C = EC_POINT_new(group)) == NULL) + goto err; + do { + do { + if (!BN_rand_range(k, order)) { + GOSTerror(GOST_R_RANDOM_NUMBER_GENERATOR_FAILED); + goto err; + } + /* + * We do not want timing information to leak the length + * of k, so we compute G*k using an equivalent scalar + * of fixed bit-length. + */ + if (BN_add(k, k, order) == 0) + goto err; + if (BN_num_bits(k) <= BN_num_bits(order)) + if (BN_add(k, k, order) == 0) + goto err; + + if (EC_POINT_mul(group, C, k, NULL, NULL, ctx) == 0) { + GOSTerror(ERR_R_EC_LIB); + goto err; + } + if (EC_POINT_get_affine_coordinates_GFp(group, C, X, + NULL, ctx) == 0) { + GOSTerror(ERR_R_EC_LIB); + goto err; + } + if (BN_nnmod(r, X, order, ctx) == 0) + goto err; + } while (BN_is_zero(r)); + /* s = (r*priv_key+k*e) mod order */ + if (tmp == NULL) { + if ((tmp = BN_CTX_get(ctx)) == NULL) + goto err; + } + if (BN_mod_mul(tmp, priv_key, r, order, ctx) == 0) + goto err; + if (tmp2 == NULL) { + if ((tmp2 = BN_CTX_get(ctx)) == NULL) + goto err; + } + if (BN_mod_mul(tmp2, k, e, order, ctx) == 0) + goto err; + if (BN_mod_add(s, tmp, tmp2, order, ctx) == 0) + goto err; + } while (BN_is_zero(s)); + ok = 1; + +err: + EC_POINT_free(C); + if (ctx != NULL) { + BN_CTX_end(ctx); + BN_CTX_free(ctx); + } + if (ok == 0) { + ECDSA_SIG_free(newsig); + newsig = NULL; + } + return newsig; +} + +int +gost2001_do_verify(BIGNUM *md, ECDSA_SIG *sig, GOST_KEY *ec) +{ + BN_CTX *ctx = BN_CTX_new(); + const EC_GROUP *group = GOST_KEY_get0_group(ec); + BIGNUM *order; + BIGNUM *e = NULL, *R = NULL, *v = NULL, *z1 = NULL, *z2 = NULL; + BIGNUM *X = NULL, *tmp = NULL; + EC_POINT *C = NULL; + const EC_POINT *pub_key = NULL; + int ok = 0; + + if (ctx == NULL) + goto err; + BN_CTX_start(ctx); + if ((order = BN_CTX_get(ctx)) == NULL) + goto err; + if ((e = BN_CTX_get(ctx)) == NULL) + goto err; + if ((z1 = BN_CTX_get(ctx)) == NULL) + goto err; + if ((z2 = BN_CTX_get(ctx)) == NULL) + goto err; + if ((tmp = BN_CTX_get(ctx)) == NULL) + goto err; + if ((X = BN_CTX_get(ctx)) == NULL) + goto err; + if ((R = BN_CTX_get(ctx)) == NULL) + goto err; + if ((v = BN_CTX_get(ctx)) == NULL) + goto err; + + if (EC_GROUP_get_order(group, order, ctx) == 0) + goto err; + pub_key = GOST_KEY_get0_public_key(ec); + if (BN_is_zero(sig->s) || BN_is_zero(sig->r) || + BN_cmp(sig->s, order) >= 1 || BN_cmp(sig->r, order) >= 1) { + GOSTerror(GOST_R_SIGNATURE_PARTS_GREATER_THAN_Q); + goto err; + } + + if (BN_mod_ct(e, md, order, ctx) == 0) + goto err; + if (BN_is_zero(e)) + BN_one(e); + if ((v = BN_mod_inverse_ct(v, e, order, ctx)) == NULL) + goto err; + if (BN_mod_mul(z1, sig->s, v, order, ctx) == 0) + goto err; + if (BN_sub(tmp, order, sig->r) == 0) + goto err; + if (BN_mod_mul(z2, tmp, v, order, ctx) == 0) + goto err; + if ((C = EC_POINT_new(group)) == NULL) + goto err; + if (EC_POINT_mul(group, C, z1, pub_key, z2, ctx) == 0) { + GOSTerror(ERR_R_EC_LIB); + goto err; + } + if (EC_POINT_get_affine_coordinates_GFp(group, C, X, NULL, ctx) == 0) { + GOSTerror(ERR_R_EC_LIB); + goto err; + } + if (BN_mod_ct(R, X, order, ctx) == 0) + goto err; + if (BN_cmp(R, sig->r) != 0) { + GOSTerror(GOST_R_SIGNATURE_MISMATCH); + } else { + ok = 1; + } +err: + EC_POINT_free(C); + if (ctx != NULL) { + BN_CTX_end(ctx); + BN_CTX_free(ctx); + } + return ok; +} + +/* Implementation of CryptoPro VKO 34.10-2001 algorithm */ +int +VKO_compute_key(BIGNUM *X, BIGNUM *Y, const GOST_KEY *pkey, GOST_KEY *priv_key, + const BIGNUM *ukm) +{ + BIGNUM *p = NULL, *order = NULL; + const BIGNUM *key = GOST_KEY_get0_private_key(priv_key); + const EC_GROUP *group = GOST_KEY_get0_group(priv_key); + const EC_POINT *pub_key = GOST_KEY_get0_public_key(pkey); + EC_POINT *pnt; + BN_CTX *ctx = NULL; + int ok = 0; + + pnt = EC_POINT_new(group); + if (pnt == NULL) + goto err; + ctx = BN_CTX_new(); + if (ctx == NULL) + goto err; + BN_CTX_start(ctx); + if ((p = BN_CTX_get(ctx)) == NULL) + goto err; + if ((order = BN_CTX_get(ctx)) == NULL) + goto err; + if (EC_GROUP_get_order(group, order, ctx) == 0) + goto err; + if (BN_mod_mul(p, key, ukm, order, ctx) == 0) + goto err; + if (EC_POINT_mul(group, pnt, NULL, pub_key, p, ctx) == 0) + goto err; + if (EC_POINT_get_affine_coordinates_GFp(group, pnt, X, Y, ctx) == 0) + goto err; + ok = 1; + +err: + if (ctx != NULL) { + BN_CTX_end(ctx); + BN_CTX_free(ctx); + } + EC_POINT_free(pnt); + return ok; +} + +int +gost2001_keygen(GOST_KEY *ec) +{ + BIGNUM *order = BN_new(), *d = BN_new(); + const EC_GROUP *group = GOST_KEY_get0_group(ec); + int rc = 0; + + if (order == NULL || d == NULL) + goto err; + if (EC_GROUP_get_order(group, order, NULL) == 0) + goto err; + + do { + if (BN_rand_range(d, order) == 0) { + GOSTerror(GOST_R_RANDOM_NUMBER_GENERATOR_FAILED); + goto err; + } + } while (BN_is_zero(d)); + + if (GOST_KEY_set_private_key(ec, d) == 0) + goto err; + rc = gost2001_compute_public(ec); + +err: + BN_free(d); + BN_free(order); + return rc; +} +#endif diff --git a/src/lib/libcrypto/gost/gostr341001_ameth.c b/src/lib/libcrypto/gost/gostr341001_ameth.c new file mode 100644 index 00000000000..16295996dce --- /dev/null +++ b/src/lib/libcrypto/gost/gostr341001_ameth.c @@ -0,0 +1,710 @@ +/* $OpenBSD: gostr341001_ameth.c,v 1.15 2018/08/24 20:22:15 tb Exp $ */ +/* + * Copyright (c) 2014 Dmitry Eremin-Solenikov + * Copyright (c) 2005-2006 Cryptocom LTD + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include + +#include + +#ifndef OPENSSL_NO_GOST +#include +#include +#include +#include +#include +#include + + +#include "asn1_locl.h" +#include "gost_locl.h" +#include "gost_asn1.h" + +static void +pkey_free_gost01(EVP_PKEY *key) +{ + GOST_KEY_free(key->pkey.gost); +} + +/* + * Parses GOST algorithm parameters from X509_ALGOR and + * modifies pkey setting NID and parameters + */ +static int +decode_gost01_algor_params(EVP_PKEY *pkey, const unsigned char **p, int len) +{ + int param_nid = NID_undef, digest_nid = NID_undef; + GOST_KEY_PARAMS *gkp = NULL; + EC_GROUP *group; + GOST_KEY *ec; + + gkp = d2i_GOST_KEY_PARAMS(NULL, p, len); + if (gkp == NULL) { + GOSTerror(GOST_R_BAD_PKEY_PARAMETERS_FORMAT); + return 0; + } + param_nid = OBJ_obj2nid(gkp->key_params); + digest_nid = OBJ_obj2nid(gkp->hash_params); + GOST_KEY_PARAMS_free(gkp); + + ec = pkey->pkey.gost; + if (ec == NULL) { + ec = GOST_KEY_new(); + if (ec == NULL) + return 0; + if (EVP_PKEY_assign_GOST(pkey, ec) == 0) + return 0; + } + + group = EC_GROUP_new_by_curve_name(param_nid); + if (group == NULL) + return 0; + EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); + if (GOST_KEY_set_group(ec, group) == 0) { + EC_GROUP_free(group); + return 0; + } + EC_GROUP_free(group); + if (GOST_KEY_set_digest(ec, digest_nid) == 0) + return 0; + return 1; +} + +static ASN1_STRING * +encode_gost01_algor_params(const EVP_PKEY *key) +{ + ASN1_STRING *params = ASN1_STRING_new(); + GOST_KEY_PARAMS *gkp = GOST_KEY_PARAMS_new(); + int pkey_param_nid = NID_undef; + + if (params == NULL || gkp == NULL) { + GOSTerror(ERR_R_MALLOC_FAILURE); + ASN1_STRING_free(params); + params = NULL; + goto err; + } + + pkey_param_nid = + EC_GROUP_get_curve_name(GOST_KEY_get0_group(key->pkey.gost)); + gkp->key_params = OBJ_nid2obj(pkey_param_nid); + gkp->hash_params = OBJ_nid2obj(GOST_KEY_get_digest(key->pkey.gost)); + /*gkp->cipher_params = OBJ_nid2obj(cipher_param_nid); */ + params->length = i2d_GOST_KEY_PARAMS(gkp, ¶ms->data); + if (params->length <= 0) { + GOSTerror(ERR_R_MALLOC_FAILURE); + ASN1_STRING_free(params); + params = NULL; + goto err; + } + params->type = V_ASN1_SEQUENCE; +err: + GOST_KEY_PARAMS_free(gkp); + return params; +} + +static int +pub_cmp_gost01(const EVP_PKEY *a, const EVP_PKEY *b) +{ + const GOST_KEY *ea = a->pkey.gost; + const GOST_KEY *eb = b->pkey.gost; + const EC_POINT *ka, *kb; + int ret = 0; + + if (ea == NULL || eb == NULL) + return 0; + ka = GOST_KEY_get0_public_key(ea); + kb = GOST_KEY_get0_public_key(eb); + if (ka == NULL || kb == NULL) + return 0; + ret = (0 == EC_POINT_cmp(GOST_KEY_get0_group(ea), ka, kb, NULL)); + return ret; +} + +static int +pkey_size_gost01(const EVP_PKEY *pk) +{ + if (GOST_KEY_get_digest(pk->pkey.gost) == NID_id_tc26_gost3411_2012_512) + return 128; + return 64; +} + +static int +pkey_bits_gost01(const EVP_PKEY *pk) +{ + if (GOST_KEY_get_digest(pk->pkey.gost) == NID_id_tc26_gost3411_2012_512) + return 512; + return 256; +} + +static int +pub_decode_gost01(EVP_PKEY *pk, X509_PUBKEY *pub) +{ + X509_ALGOR *palg = NULL; + const unsigned char *pubkey_buf = NULL; + const unsigned char *p; + ASN1_OBJECT *palgobj = NULL; + int pub_len; + BIGNUM *X, *Y; + ASN1_OCTET_STRING *octet = NULL; + int len; + int ret; + int ptype = V_ASN1_UNDEF; + ASN1_STRING *pval = NULL; + + if (X509_PUBKEY_get0_param(&palgobj, &pubkey_buf, &pub_len, &palg, pub) + == 0) + return 0; + (void)EVP_PKEY_assign_GOST(pk, NULL); + X509_ALGOR_get0(NULL, &ptype, (const void **)&pval, palg); + if (ptype != V_ASN1_SEQUENCE) { + GOSTerror(GOST_R_BAD_KEY_PARAMETERS_FORMAT); + return 0; + } + p = pval->data; + if (decode_gost01_algor_params(pk, &p, pval->length) == 0) + return 0; + + octet = d2i_ASN1_OCTET_STRING(NULL, &pubkey_buf, pub_len); + if (octet == NULL) { + GOSTerror(ERR_R_MALLOC_FAILURE); + return 0; + } + len = octet->length / 2; + + X = GOST_le2bn(octet->data, len, NULL); + Y = GOST_le2bn(octet->data + len, len, NULL); + + ASN1_OCTET_STRING_free(octet); + + ret = GOST_KEY_set_public_key_affine_coordinates(pk->pkey.gost, X, Y); + if (ret == 0) + GOSTerror(ERR_R_EC_LIB); + + BN_free(X); + BN_free(Y); + + return ret; +} + +static int +pub_encode_gost01(X509_PUBKEY *pub, const EVP_PKEY *pk) +{ + ASN1_OBJECT *algobj = NULL; + ASN1_OCTET_STRING *octet = NULL; + ASN1_STRING *params = NULL; + void *pval = NULL; + unsigned char *buf = NULL, *sptr; + int key_size, ret = 0; + const EC_POINT *pub_key; + BIGNUM *X = NULL, *Y = NULL; + const GOST_KEY *ec = pk->pkey.gost; + int ptype = V_ASN1_UNDEF; + + algobj = OBJ_nid2obj(GostR3410_get_pk_digest(GOST_KEY_get_digest(ec))); + if (pk->save_parameters) { + params = encode_gost01_algor_params(pk); + if (params == NULL) + return 0; + pval = params; + ptype = V_ASN1_SEQUENCE; + } + + key_size = GOST_KEY_get_size(ec); + + pub_key = GOST_KEY_get0_public_key(ec); + if (pub_key == NULL) { + GOSTerror(GOST_R_PUBLIC_KEY_UNDEFINED); + goto err; + } + + octet = ASN1_OCTET_STRING_new(); + if (octet == NULL) { + GOSTerror(ERR_R_MALLOC_FAILURE); + goto err; + } + + ret = ASN1_STRING_set(octet, NULL, 2 * key_size); + if (ret == 0) { + GOSTerror(ERR_R_INTERNAL_ERROR); + goto err; + } + + sptr = ASN1_STRING_data(octet); + + X = BN_new(); + Y = BN_new(); + if (X == NULL || Y == NULL) { + GOSTerror(ERR_R_MALLOC_FAILURE); + goto err; + } + + if (EC_POINT_get_affine_coordinates_GFp(GOST_KEY_get0_group(ec), + pub_key, X, Y, NULL) == 0) { + GOSTerror(ERR_R_EC_LIB); + goto err; + } + + GOST_bn2le(X, sptr, key_size); + GOST_bn2le(Y, sptr + key_size, key_size); + + BN_free(Y); + BN_free(X); + + ret = i2d_ASN1_OCTET_STRING(octet, &buf); + ASN1_BIT_STRING_free(octet); + if (ret < 0) + return 0; + + return X509_PUBKEY_set0_param(pub, algobj, ptype, pval, buf, ret); + +err: + BN_free(Y); + BN_free(X); + ASN1_BIT_STRING_free(octet); + ASN1_STRING_free(params); + return 0; +} + +static int +param_print_gost01(BIO *out, const EVP_PKEY *pkey, int indent, ASN1_PCTX *pctx) +{ + int param_nid = + EC_GROUP_get_curve_name(GOST_KEY_get0_group(pkey->pkey.gost)); + + if (BIO_indent(out, indent, 128) == 0) + return 0; + BIO_printf(out, "Parameter set: %s\n", OBJ_nid2ln(param_nid)); + if (BIO_indent(out, indent, 128) == 0) + return 0; + BIO_printf(out, "Digest Algorithm: %s\n", + OBJ_nid2ln(GOST_KEY_get_digest(pkey->pkey.gost))); + return 1; +} + +static int +pub_print_gost01(BIO *out, const EVP_PKEY *pkey, int indent, ASN1_PCTX *pctx) +{ + BN_CTX *ctx = BN_CTX_new(); + BIGNUM *X, *Y; + const EC_POINT *pubkey; + const EC_GROUP *group; + + if (ctx == NULL) { + GOSTerror(ERR_R_MALLOC_FAILURE); + return 0; + } + BN_CTX_start(ctx); + if ((X = BN_CTX_get(ctx)) == NULL) + goto err; + if ((Y = BN_CTX_get(ctx)) == NULL) + goto err; + pubkey = GOST_KEY_get0_public_key(pkey->pkey.gost); + group = GOST_KEY_get0_group(pkey->pkey.gost); + if (EC_POINT_get_affine_coordinates_GFp(group, pubkey, X, Y, + ctx) == 0) { + GOSTerror(ERR_R_EC_LIB); + goto err; + } + if (BIO_indent(out, indent, 128) == 0) + goto err; + BIO_printf(out, "Public key:\n"); + if (BIO_indent(out, indent + 3, 128) == 0) + goto err; + BIO_printf(out, "X:"); + BN_print(out, X); + BIO_printf(out, "\n"); + BIO_indent(out, indent + 3, 128); + BIO_printf(out, "Y:"); + BN_print(out, Y); + BIO_printf(out, "\n"); + + BN_CTX_end(ctx); + BN_CTX_free(ctx); + + return param_print_gost01(out, pkey, indent, pctx); + +err: + BN_CTX_end(ctx); + BN_CTX_free(ctx); + return 0; +} + +static int +priv_print_gost01(BIO *out, const EVP_PKEY *pkey, int indent, ASN1_PCTX *pctx) +{ + const BIGNUM *key; + + if (BIO_indent(out, indent, 128) == 0) + return 0; + BIO_printf(out, "Private key: "); + key = GOST_KEY_get0_private_key(pkey->pkey.gost); + if (key == NULL) + BIO_printf(out, "data; + if (decode_gost01_algor_params(pk, &p, pval->length) == 0) + return 0; + p = pkey_buf; + if (V_ASN1_OCTET_STRING == *p) { + /* New format - Little endian octet string */ + ASN1_OCTET_STRING *s = + d2i_ASN1_OCTET_STRING(NULL, &p, priv_len); + + if (s == NULL) { + GOSTerror(EVP_R_DECODE_ERROR); + ASN1_STRING_free(s); + return 0; + } + + pk_num = GOST_le2bn(s->data, s->length, NULL); + ASN1_STRING_free(s); + } else { + priv_key = d2i_ASN1_INTEGER(NULL, &p, priv_len); + if (priv_key == NULL) + return 0; + ret = ((pk_num = ASN1_INTEGER_to_BN(priv_key, NULL)) != NULL); + ASN1_INTEGER_free(priv_key); + if (ret == 0) { + GOSTerror(EVP_R_DECODE_ERROR); + return 0; + } + } + + ec = pk->pkey.gost; + if (ec == NULL) { + ec = GOST_KEY_new(); + if (ec == NULL) { + BN_free(pk_num); + return 0; + } + if (EVP_PKEY_assign_GOST(pk, ec) == 0) { + BN_free(pk_num); + GOST_KEY_free(ec); + return 0; + } + } + if (GOST_KEY_set_private_key(ec, pk_num) == 0) { + BN_free(pk_num); + return 0; + } + ret = 0; + if (EVP_PKEY_missing_parameters(pk) == 0) + ret = gost2001_compute_public(ec) != 0; + BN_free(pk_num); + + return ret; +} + +static int +priv_encode_gost01(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk) +{ + ASN1_OBJECT *algobj = + OBJ_nid2obj(GostR3410_get_pk_digest(GOST_KEY_get_digest(pk->pkey.gost))); + ASN1_STRING *params = encode_gost01_algor_params(pk); + unsigned char *priv_buf = NULL; + int priv_len; + ASN1_INTEGER *asn1key = NULL; + + if (params == NULL) + return 0; + + asn1key = BN_to_ASN1_INTEGER(GOST_KEY_get0_private_key(pk->pkey.gost), + NULL); + if (asn1key == NULL) { + ASN1_STRING_free(params); + return 0; + } + priv_len = i2d_ASN1_INTEGER(asn1key, &priv_buf); + ASN1_INTEGER_free(asn1key); + return PKCS8_pkey_set0(p8, algobj, 0, V_ASN1_SEQUENCE, params, priv_buf, + priv_len); +} + +static int +param_encode_gost01(const EVP_PKEY *pkey, unsigned char **pder) +{ + ASN1_STRING *params = encode_gost01_algor_params(pkey); + int len; + + if (params == NULL) + return 0; + len = params->length; + if (pder != NULL) + memcpy(*pder, params->data, params->length); + ASN1_STRING_free(params); + return len; +} + +static int +param_decode_gost01(EVP_PKEY *pkey, const unsigned char **pder, int derlen) +{ + ASN1_OBJECT *obj = NULL; + int nid; + GOST_KEY *ec; + EC_GROUP *group; + int ret; + + /* New format */ + if ((V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED) == **pder) + return decode_gost01_algor_params(pkey, pder, derlen); + + /* Compatibility */ + if (d2i_ASN1_OBJECT(&obj, pder, derlen) == NULL) { + GOSTerror(ERR_R_MALLOC_FAILURE); + return 0; + } + nid = OBJ_obj2nid(obj); + ASN1_OBJECT_free(obj); + + ec = GOST_KEY_new(); + if (ec == NULL) { + GOSTerror(ERR_R_MALLOC_FAILURE); + return 0; + } + group = EC_GROUP_new_by_curve_name(nid); + if (group == NULL) { + GOSTerror(EC_R_EC_GROUP_NEW_BY_NAME_FAILURE); + GOST_KEY_free(ec); + return 0; + } + + EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); + if (GOST_KEY_set_group(ec, group) == 0) { + GOSTerror(ERR_R_EC_LIB); + EC_GROUP_free(group); + GOST_KEY_free(ec); + return 0; + } + EC_GROUP_free(group); + if (GOST_KEY_set_digest(ec, + NID_id_GostR3411_94_CryptoProParamSet) == 0) { + GOSTerror(GOST_R_INVALID_DIGEST_TYPE); + GOST_KEY_free(ec); + return 0; + } + ret = EVP_PKEY_assign_GOST(pkey, ec); + if (ret == 0) + GOST_KEY_free(ec); + return ret; +} + +static int +param_missing_gost01(const EVP_PKEY *pk) +{ + const GOST_KEY *ec = pk->pkey.gost; + + if (ec == NULL) + return 1; + if (GOST_KEY_get0_group(ec) == NULL) + return 1; + if (GOST_KEY_get_digest(ec) == NID_undef) + return 1; + return 0; +} + +static int +param_copy_gost01(EVP_PKEY *to, const EVP_PKEY *from) +{ + GOST_KEY *eto = to->pkey.gost; + const GOST_KEY *efrom = from->pkey.gost; + int ret = 1; + + if (EVP_PKEY_base_id(from) != EVP_PKEY_base_id(to)) { + GOSTerror(GOST_R_INCOMPATIBLE_ALGORITHMS); + return 0; + } + if (efrom == NULL) { + GOSTerror(GOST_R_KEY_PARAMETERS_MISSING); + return 0; + } + if (eto == NULL) { + eto = GOST_KEY_new(); + if (eto == NULL) { + GOSTerror(ERR_R_MALLOC_FAILURE); + return 0; + } + if (EVP_PKEY_assign(to, EVP_PKEY_base_id(from), eto) == 0) { + GOST_KEY_free(eto); + return 0; + } + } + GOST_KEY_set_group(eto, GOST_KEY_get0_group(efrom)); + GOST_KEY_set_digest(eto, GOST_KEY_get_digest(efrom)); + if (GOST_KEY_get0_private_key(eto) != NULL) + ret = gost2001_compute_public(eto); + + return ret; +} + +static int +param_cmp_gost01(const EVP_PKEY *a, const EVP_PKEY *b) +{ + if (EC_GROUP_get_curve_name(GOST_KEY_get0_group(a->pkey.gost)) != + EC_GROUP_get_curve_name(GOST_KEY_get0_group(b->pkey.gost))) + return 0; + + if (GOST_KEY_get_digest(a->pkey.gost) != + GOST_KEY_get_digest(b->pkey.gost)) + return 0; + + return 1; +} + +static int +pkey_ctrl_gost01(EVP_PKEY *pkey, int op, long arg1, void *arg2) +{ + X509_ALGOR *alg1 = NULL, *alg2 = NULL, *alg3 = NULL; + int digest = GOST_KEY_get_digest(pkey->pkey.gost); + + switch (op) { + case ASN1_PKEY_CTRL_PKCS7_SIGN: + if (arg1 == 0) + PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2); + break; + + case ASN1_PKEY_CTRL_PKCS7_ENCRYPT: + if (arg1 == 0) + PKCS7_RECIP_INFO_get0_alg(arg2, &alg3); + break; + case ASN1_PKEY_CTRL_DEFAULT_MD_NID: + *(int *)arg2 = GostR3410_get_md_digest(digest); + return 2; + + default: + return -2; + } + + if (alg1) + X509_ALGOR_set0(alg1, OBJ_nid2obj(GostR3410_get_md_digest(digest)), V_ASN1_NULL, 0); + if (alg2) + X509_ALGOR_set0(alg2, OBJ_nid2obj(GostR3410_get_pk_digest(digest)), V_ASN1_NULL, 0); + if (alg3) { + ASN1_STRING *params = encode_gost01_algor_params(pkey); + if (params == NULL) { + return -1; + } + X509_ALGOR_set0(alg3, + OBJ_nid2obj(GostR3410_get_pk_digest(digest)), + V_ASN1_SEQUENCE, params); + } + + return 1; +} + +const EVP_PKEY_ASN1_METHOD gostr01_asn1_meths[] = { + { + .pkey_id = EVP_PKEY_GOSTR01, + .pkey_base_id = EVP_PKEY_GOSTR01, + .pkey_flags = ASN1_PKEY_SIGPARAM_NULL, + + .pem_str = "GOST2001", + .info = "GOST R 34.10-2001", + + .pkey_free = pkey_free_gost01, + .pkey_ctrl = pkey_ctrl_gost01, + + .priv_decode = priv_decode_gost01, + .priv_encode = priv_encode_gost01, + .priv_print = priv_print_gost01, + + .param_decode = param_decode_gost01, + .param_encode = param_encode_gost01, + .param_missing = param_missing_gost01, + .param_copy = param_copy_gost01, + .param_cmp = param_cmp_gost01, + .param_print = param_print_gost01, + + .pub_decode = pub_decode_gost01, + .pub_encode = pub_encode_gost01, + .pub_cmp = pub_cmp_gost01, + .pub_print = pub_print_gost01, + .pkey_size = pkey_size_gost01, + .pkey_bits = pkey_bits_gost01, + }, + { + .pkey_id = EVP_PKEY_GOSTR12_256, + .pkey_base_id = EVP_PKEY_GOSTR01, + .pkey_flags = ASN1_PKEY_ALIAS + }, + { + .pkey_id = EVP_PKEY_GOSTR12_512, + .pkey_base_id = EVP_PKEY_GOSTR01, + .pkey_flags = ASN1_PKEY_ALIAS + }, +}; + +#endif diff --git a/src/lib/libcrypto/gost/gostr341001_key.c b/src/lib/libcrypto/gost/gostr341001_key.c new file mode 100644 index 00000000000..0af39f21bf3 --- /dev/null +++ b/src/lib/libcrypto/gost/gostr341001_key.c @@ -0,0 +1,318 @@ +/* $OpenBSD: gostr341001_key.c,v 1.8 2017/05/02 03:59:44 deraadt Exp $ */ +/* + * Copyright (c) 2014 Dmitry Eremin-Solenikov + * Copyright (c) 2005-2006 Cryptocom LTD + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include + +#include + +#ifndef OPENSSL_NO_GOST +#include +#include +#include +#include +#include "gost_locl.h" + +struct gost_key_st { + EC_GROUP *group; + + EC_POINT *pub_key; + BIGNUM *priv_key; + + int references; + + int digest_nid; +}; + +GOST_KEY * +GOST_KEY_new(void) +{ + GOST_KEY *ret; + + ret = malloc(sizeof(GOST_KEY)); + if (ret == NULL) { + GOSTerror(ERR_R_MALLOC_FAILURE); + return (NULL); + } + ret->group = NULL; + ret->pub_key = NULL; + ret->priv_key = NULL; + ret->references = 1; + ret->digest_nid = NID_undef; + return (ret); +} + +void +GOST_KEY_free(GOST_KEY *r) +{ + int i; + + if (r == NULL) + return; + + i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_EC); + if (i > 0) + return; + + EC_GROUP_free(r->group); + EC_POINT_free(r->pub_key); + BN_clear_free(r->priv_key); + + freezero(r, sizeof(GOST_KEY)); +} + +int +GOST_KEY_check_key(const GOST_KEY *key) +{ + int ok = 0; + BN_CTX *ctx = NULL; + BIGNUM *order = NULL; + EC_POINT *point = NULL; + + if (key == NULL || key->group == NULL || key->pub_key == NULL) { + GOSTerror(ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (EC_POINT_is_at_infinity(key->group, key->pub_key) != 0) { + GOSTerror(EC_R_POINT_AT_INFINITY); + goto err; + } + if ((ctx = BN_CTX_new()) == NULL) + goto err; + if ((point = EC_POINT_new(key->group)) == NULL) + goto err; + + /* testing whether the pub_key is on the elliptic curve */ + if (EC_POINT_is_on_curve(key->group, key->pub_key, ctx) == 0) { + GOSTerror(EC_R_POINT_IS_NOT_ON_CURVE); + goto err; + } + /* testing whether pub_key * order is the point at infinity */ + if ((order = BN_new()) == NULL) + goto err; + if (EC_GROUP_get_order(key->group, order, ctx) == 0) { + GOSTerror(EC_R_INVALID_GROUP_ORDER); + goto err; + } + if (EC_POINT_mul(key->group, point, NULL, key->pub_key, order, + ctx) == 0) { + GOSTerror(ERR_R_EC_LIB); + goto err; + } + if (EC_POINT_is_at_infinity(key->group, point) == 0) { + GOSTerror(EC_R_WRONG_ORDER); + goto err; + } + /* + * in case the priv_key is present : check if generator * priv_key == + * pub_key + */ + if (key->priv_key != NULL) { + if (BN_cmp(key->priv_key, order) >= 0) { + GOSTerror(EC_R_WRONG_ORDER); + goto err; + } + if (EC_POINT_mul(key->group, point, key->priv_key, NULL, NULL, + ctx) == 0) { + GOSTerror(ERR_R_EC_LIB); + goto err; + } + if (EC_POINT_cmp(key->group, point, key->pub_key, ctx) != 0) { + GOSTerror(EC_R_INVALID_PRIVATE_KEY); + goto err; + } + } + ok = 1; +err: + BN_free(order); + BN_CTX_free(ctx); + EC_POINT_free(point); + return (ok); +} + +int +GOST_KEY_set_public_key_affine_coordinates(GOST_KEY *key, BIGNUM *x, BIGNUM *y) +{ + BN_CTX *ctx = NULL; + BIGNUM *tx, *ty; + EC_POINT *point = NULL; + int ok = 0; + + if (key == NULL || key->group == NULL || x == NULL || y == NULL) { + GOSTerror(ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + ctx = BN_CTX_new(); + if (ctx == NULL) + goto err; + + point = EC_POINT_new(key->group); + if (point == NULL) + goto err; + + if ((tx = BN_CTX_get(ctx)) == NULL) + goto err; + if ((ty = BN_CTX_get(ctx)) == NULL) + goto err; + if (EC_POINT_set_affine_coordinates_GFp(key->group, point, x, y, + ctx) == 0) + goto err; + if (EC_POINT_get_affine_coordinates_GFp(key->group, point, tx, ty, + ctx) == 0) + goto err; + /* + * Check if retrieved coordinates match originals: if not, values are + * out of range. + */ + if (BN_cmp(x, tx) != 0 || BN_cmp(y, ty) != 0) { + GOSTerror(EC_R_COORDINATES_OUT_OF_RANGE); + goto err; + } + if (GOST_KEY_set_public_key(key, point) == 0) + goto err; + + if (GOST_KEY_check_key(key) == 0) + goto err; + + ok = 1; + +err: + EC_POINT_free(point); + BN_CTX_free(ctx); + return ok; + +} + +const EC_GROUP * +GOST_KEY_get0_group(const GOST_KEY *key) +{ + return key->group; +} + +int +GOST_KEY_set_group(GOST_KEY *key, const EC_GROUP *group) +{ + EC_GROUP_free(key->group); + key->group = EC_GROUP_dup(group); + return (key->group == NULL) ? 0 : 1; +} + +const BIGNUM * +GOST_KEY_get0_private_key(const GOST_KEY *key) +{ + return key->priv_key; +} + +int +GOST_KEY_set_private_key(GOST_KEY *key, const BIGNUM *priv_key) +{ + BN_clear_free(key->priv_key); + key->priv_key = BN_dup(priv_key); + return (key->priv_key == NULL) ? 0 : 1; +} + +const EC_POINT * +GOST_KEY_get0_public_key(const GOST_KEY *key) +{ + return key->pub_key; +} + +int +GOST_KEY_set_public_key(GOST_KEY *key, const EC_POINT *pub_key) +{ + EC_POINT_free(key->pub_key); + key->pub_key = EC_POINT_dup(pub_key, key->group); + return (key->pub_key == NULL) ? 0 : 1; +} + +int +GOST_KEY_get_digest(const GOST_KEY *key) +{ + return key->digest_nid; +} +int +GOST_KEY_set_digest(GOST_KEY *key, int digest_nid) +{ + if (digest_nid == NID_id_GostR3411_94_CryptoProParamSet || + digest_nid == NID_id_tc26_gost3411_2012_256 || + digest_nid == NID_id_tc26_gost3411_2012_512) { + key->digest_nid = digest_nid; + return 1; + } + + return 0; +} + +size_t +GOST_KEY_get_size(const GOST_KEY *r) +{ + int i; + BIGNUM *order = NULL; + const EC_GROUP *group; + + if (r == NULL) + return 0; + group = GOST_KEY_get0_group(r); + if (group == NULL) + return 0; + + if ((order = BN_new()) == NULL) + return 0; + + if (EC_GROUP_get_order(group, order, NULL) == 0) { + BN_clear_free(order); + return 0; + } + + i = BN_num_bytes(order); + BN_clear_free(order); + return (i); +} +#endif diff --git a/src/lib/libcrypto/gost/gostr341001_params.c b/src/lib/libcrypto/gost/gostr341001_params.c new file mode 100644 index 00000000000..6500c30f317 --- /dev/null +++ b/src/lib/libcrypto/gost/gostr341001_params.c @@ -0,0 +1,132 @@ +/* $OpenBSD: gostr341001_params.c,v 1.3 2015/07/20 22:42:56 bcook Exp $ */ +/* + * Copyright (c) 2014 Dmitry Eremin-Solenikov + * Copyright (c) 2005-2006 Cryptocom LTD + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include + +#include + +#ifndef OPENSSL_NO_GOST +#include +#include + +#include "gost_locl.h" + +int +GostR3410_get_md_digest(int nid) +{ + if (nid == NID_id_GostR3411_94_CryptoProParamSet) + return NID_id_GostR3411_94; + return nid; +} + +int +GostR3410_get_pk_digest(int nid) +{ + switch (nid) { + case NID_id_GostR3411_94_CryptoProParamSet: + return NID_id_GostR3410_2001; + case NID_id_tc26_gost3411_2012_256: + return NID_id_tc26_gost3410_2012_256; + case NID_id_tc26_gost3411_2012_512: + return NID_id_tc26_gost3410_2012_512; + default: + return NID_undef; + } +} + +typedef struct GostR3410_params { + const char *name; + int nid; +} GostR3410_params; + +static const GostR3410_params GostR3410_256_params[] = { + { "A", NID_id_GostR3410_2001_CryptoPro_A_ParamSet }, + { "B", NID_id_GostR3410_2001_CryptoPro_B_ParamSet }, + { "C", NID_id_GostR3410_2001_CryptoPro_C_ParamSet }, + { "0", NID_id_GostR3410_2001_TestParamSet }, + { "XA", NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet }, + { "XB", NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet }, + { NULL, NID_undef }, +}; + +static const GostR3410_params GostR3410_512_params[] = { + { "A", NID_id_tc26_gost_3410_2012_512_paramSetA }, + { "B", NID_id_tc26_gost_3410_2012_512_paramSetB }, + { NULL, NID_undef }, +}; + +int +GostR3410_256_param_id(const char *value) +{ + int i; + + for (i = 0; GostR3410_256_params[i].nid != NID_undef; i++) { + if (strcasecmp(GostR3410_256_params[i].name, value) == 0) + return GostR3410_256_params[i].nid; + } + + return NID_undef; +} + +int +GostR3410_512_param_id(const char *value) +{ + int i; + + for (i = 0; GostR3410_512_params[i].nid != NID_undef; i++) { + if (strcasecmp(GostR3410_512_params[i].name, value) == 0) + return GostR3410_512_params[i].nid; + } + + return NID_undef; +} + +#endif diff --git a/src/lib/libcrypto/gost/gostr341001_pmeth.c b/src/lib/libcrypto/gost/gostr341001_pmeth.c new file mode 100644 index 00000000000..0eb1d873dea --- /dev/null +++ b/src/lib/libcrypto/gost/gostr341001_pmeth.c @@ -0,0 +1,702 @@ +/* $OpenBSD: gostr341001_pmeth.c,v 1.14 2017/01/29 17:49:23 beck Exp $ */ +/* + * Copyright (c) 2014 Dmitry Eremin-Solenikov + * Copyright (c) 2005-2006 Cryptocom LTD + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include + +#include + +#ifndef OPENSSL_NO_GOST +#include +#include +#include +#include +#include +#include +#include + +#include "evp_locl.h" +#include "gost_locl.h" +#include "gost_asn1.h" + +static ECDSA_SIG * +unpack_signature_cp(const unsigned char *sig, size_t siglen) +{ + ECDSA_SIG *s; + + s = ECDSA_SIG_new(); + if (s == NULL) { + GOSTerror(ERR_R_MALLOC_FAILURE); + return NULL; + } + BN_bin2bn(sig, siglen / 2, s->s); + BN_bin2bn(sig + siglen / 2, siglen / 2, s->r); + return s; +} + +static int +pack_signature_cp(ECDSA_SIG *s, int order, unsigned char *sig, size_t *siglen) +{ + int r_len = BN_num_bytes(s->r); + int s_len = BN_num_bytes(s->s); + + if (r_len > order || s_len > order) + return 0; + + *siglen = 2 * order; + + memset(sig, 0, *siglen); + BN_bn2bin(s->s, sig + order - s_len); + BN_bn2bin(s->r, sig + 2 * order - r_len); + ECDSA_SIG_free(s); + return 1; +} + +static ECDSA_SIG * +unpack_signature_le(const unsigned char *sig, size_t siglen) +{ + ECDSA_SIG *s; + + s = ECDSA_SIG_new(); + if (s == NULL) { + GOSTerror(ERR_R_MALLOC_FAILURE); + return NULL; + } + GOST_le2bn(sig, siglen / 2, s->r); + GOST_le2bn(sig + siglen / 2, siglen / 2, s->s); + return s; +} + +static int +pack_signature_le(ECDSA_SIG *s, int order, unsigned char *sig, size_t *siglen) +{ + *siglen = 2 * order; + memset(sig, 0, *siglen); + GOST_bn2le(s->r, sig, order); + GOST_bn2le(s->s, sig + order, order); + ECDSA_SIG_free(s); + return 1; +} + +struct gost_pmeth_data { + int sign_param_nid; /* Should be set whenever parameters are filled */ + int digest_nid; + EVP_MD *md; + unsigned char *shared_ukm; + int peer_key_used; + int sig_format; +}; + +static int +pkey_gost01_init(EVP_PKEY_CTX *ctx) +{ + struct gost_pmeth_data *data; + EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx); + + data = calloc(1, sizeof(struct gost_pmeth_data)); + if (data == NULL) + return 0; + + if (pkey != NULL && pkey->pkey.gost != NULL) { + data->sign_param_nid = + EC_GROUP_get_curve_name(GOST_KEY_get0_group(pkey->pkey.gost)); + data->digest_nid = GOST_KEY_get_digest(pkey->pkey.gost); + } + EVP_PKEY_CTX_set_data(ctx, data); + return 1; +} + +/* Copies contents of gost_pmeth_data structure */ +static int +pkey_gost01_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) +{ + struct gost_pmeth_data *dst_data, *src_data; + + if (pkey_gost01_init(dst) == 0) + return 0; + + src_data = EVP_PKEY_CTX_get_data(src); + dst_data = EVP_PKEY_CTX_get_data(dst); + *dst_data = *src_data; + if (src_data->shared_ukm != NULL) + dst_data->shared_ukm = NULL; + return 1; +} + +/* Frees up gost_pmeth_data structure */ +static void +pkey_gost01_cleanup(EVP_PKEY_CTX *ctx) +{ + struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx); + + free(data->shared_ukm); + free(data); +} + +static int +pkey_gost01_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) +{ + struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx); + EC_GROUP *group = NULL; + GOST_KEY *gost = NULL; + int ret = 0; + + if (data->sign_param_nid == NID_undef || + data->digest_nid == NID_undef) { + GOSTerror(GOST_R_NO_PARAMETERS_SET); + return 0; + } + + group = EC_GROUP_new_by_curve_name(data->sign_param_nid); + if (group == NULL) + goto done; + + EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); + + gost = GOST_KEY_new(); + if (gost == NULL) + goto done; + + if (GOST_KEY_set_digest(gost, data->digest_nid) == 0) + goto done; + + if (GOST_KEY_set_group(gost, group) != 0) + ret = EVP_PKEY_assign_GOST(pkey, gost); + +done: + if (ret == 0) + GOST_KEY_free(gost); + EC_GROUP_free(group); + return ret; +} + +static int +pkey_gost01_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) +{ + if (pkey_gost01_paramgen(ctx, pkey) == 0) + return 0; + return gost2001_keygen(pkey->pkey.gost) != 0; +} + +static int +pkey_gost01_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbs_len) +{ + ECDSA_SIG *unpacked_sig = NULL; + EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx); + struct gost_pmeth_data *pctx = EVP_PKEY_CTX_get_data(ctx); + BIGNUM *md; + size_t size; + int ret; + + if (pkey == NULL || pkey->pkey.gost == NULL) + return 0; + size = GOST_KEY_get_size(pkey->pkey.gost); + + if (siglen == NULL) + return 0; + if (sig == NULL) { + *siglen = 2 * size; + return 1; + } else if (*siglen < 2 * size) { + GOSTerror(EC_R_BUFFER_TOO_SMALL); + return 0; + } + if (tbs_len != 32 && tbs_len != 64) { + GOSTerror(EVP_R_BAD_BLOCK_LENGTH); + return 0; + } + md = GOST_le2bn(tbs, tbs_len, NULL); + if (md == NULL) + return 0; + unpacked_sig = gost2001_do_sign(md, pkey->pkey.gost); + BN_free(md); + if (unpacked_sig == NULL) { + return 0; + } + switch (pctx->sig_format) { + case GOST_SIG_FORMAT_SR_BE: + ret = pack_signature_cp(unpacked_sig, size, sig, siglen); + break; + case GOST_SIG_FORMAT_RS_LE: + ret = pack_signature_le(unpacked_sig, size, sig, siglen); + break; + default: + ret = -1; + break; + } + if (ret <= 0) + ECDSA_SIG_free(unpacked_sig); + return ret; +} + +static int +pkey_gost01_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbs_len) +{ + int ok = 0; + EVP_PKEY *pub_key = EVP_PKEY_CTX_get0_pkey(ctx); + struct gost_pmeth_data *pctx = EVP_PKEY_CTX_get_data(ctx); + ECDSA_SIG *s = NULL; + BIGNUM *md; + + if (pub_key == NULL) + return 0; + switch (pctx->sig_format) { + case GOST_SIG_FORMAT_SR_BE: + s = unpack_signature_cp(sig, siglen); + break; + case GOST_SIG_FORMAT_RS_LE: + s = unpack_signature_le(sig, siglen); + break; + } + if (s == NULL) + return 0; + md = GOST_le2bn(tbs, tbs_len, NULL); + if (md == NULL) + goto err; + ok = gost2001_do_verify(md, s, pub_key->pkey.gost); + +err: + BN_free(md); + ECDSA_SIG_free(s); + return ok; +} + +static int +gost01_VKO_key(EVP_PKEY *pub_key, EVP_PKEY *priv_key, const unsigned char *ukm, + unsigned char *key) +{ + unsigned char hashbuf[128]; + int digest_nid; + int ret = 0; + BN_CTX *ctx = BN_CTX_new(); + BIGNUM *UKM, *X, *Y; + + if (ctx == NULL) + return 0; + + BN_CTX_start(ctx); + if ((UKM = BN_CTX_get(ctx)) == NULL) + goto err; + if ((X = BN_CTX_get(ctx)) == NULL) + goto err; + if ((Y = BN_CTX_get(ctx)) == NULL) + goto err; + + GOST_le2bn(ukm, 8, UKM); + + digest_nid = GOST_KEY_get_digest(priv_key->pkey.gost); + if (VKO_compute_key(X, Y, pub_key->pkey.gost, priv_key->pkey.gost, + UKM) == 0) + goto err; + + switch (digest_nid) { + case NID_id_GostR3411_94_CryptoProParamSet: + GOST_bn2le(X, hashbuf, 32); + GOST_bn2le(Y, hashbuf + 32, 32); + GOSTR341194(hashbuf, 64, key, digest_nid); + ret = 1; + break; + case NID_id_tc26_gost3411_2012_256: + GOST_bn2le(X, hashbuf, 32); + GOST_bn2le(Y, hashbuf + 32, 32); + STREEBOG256(hashbuf, 64, key); + ret = 1; + break; + case NID_id_tc26_gost3411_2012_512: + GOST_bn2le(X, hashbuf, 64); + GOST_bn2le(Y, hashbuf + 64, 64); + STREEBOG256(hashbuf, 128, key); + ret = 1; + break; + default: + ret = -2; + break; + } +err: + BN_CTX_end(ctx); + BN_CTX_free(ctx); + return ret; +} + +int +pkey_gost01_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, size_t *key_len, + const unsigned char *in, size_t in_len) +{ + const unsigned char *p = in; + EVP_PKEY *priv = EVP_PKEY_CTX_get0_pkey(pctx); + GOST_KEY_TRANSPORT *gkt = NULL; + int ret = 0; + unsigned char wrappedKey[44]; + unsigned char sharedKey[32]; + EVP_PKEY *eph_key = NULL, *peerkey = NULL; + int nid; + + if (key == NULL) { + *key_len = 32; + return 1; + } + gkt = d2i_GOST_KEY_TRANSPORT(NULL, (const unsigned char **)&p, in_len); + if (gkt == NULL) { + GOSTerror(GOST_R_ERROR_PARSING_KEY_TRANSPORT_INFO); + return -1; + } + + /* If key transport structure contains public key, use it */ + eph_key = X509_PUBKEY_get(gkt->key_agreement_info->ephem_key); + if (eph_key != NULL) { + if (EVP_PKEY_derive_set_peer(pctx, eph_key) <= 0) { + GOSTerror(GOST_R_INCOMPATIBLE_PEER_KEY); + goto err; + } + } else { + /* Set control "public key from client certificate used" */ + if (EVP_PKEY_CTX_ctrl(pctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, + NULL) <= 0) { + GOSTerror(GOST_R_CTRL_CALL_FAILED); + goto err; + } + } + peerkey = EVP_PKEY_CTX_get0_peerkey(pctx); + if (peerkey == NULL) { + GOSTerror(GOST_R_NO_PEER_KEY); + goto err; + } + + nid = OBJ_obj2nid(gkt->key_agreement_info->cipher); + + if (gkt->key_agreement_info->eph_iv->length != 8) { + GOSTerror(GOST_R_INVALID_IV_LENGTH); + goto err; + } + memcpy(wrappedKey, gkt->key_agreement_info->eph_iv->data, 8); + if (gkt->key_info->encrypted_key->length != 32) { + GOSTerror(EVP_R_BAD_KEY_LENGTH); + goto err; + } + memcpy(wrappedKey + 8, gkt->key_info->encrypted_key->data, 32); + if (gkt->key_info->imit->length != 4) { + GOSTerror(ERR_R_INTERNAL_ERROR); + goto err; + } + memcpy(wrappedKey + 40, gkt->key_info->imit->data, 4); + if (gost01_VKO_key(peerkey, priv, wrappedKey, sharedKey) <= 0) + goto err; + if (gost_key_unwrap_crypto_pro(nid, sharedKey, wrappedKey, key) == 0) { + GOSTerror(GOST_R_ERROR_COMPUTING_SHARED_KEY); + goto err; + } + + ret = 1; +err: + EVP_PKEY_free(eph_key); + GOST_KEY_TRANSPORT_free(gkt); + return ret; +} + +int +pkey_gost01_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen) +{ + /* + * Public key of peer in the ctx field peerkey + * Our private key in the ctx pkey + * ukm is in the algorithm specific context data + */ + EVP_PKEY *my_key = EVP_PKEY_CTX_get0_pkey(ctx); + EVP_PKEY *peer_key = EVP_PKEY_CTX_get0_peerkey(ctx); + struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx); + + if (data->shared_ukm == NULL) { + GOSTerror(GOST_R_UKM_NOT_SET); + return 0; + } + + if (key == NULL) { + *keylen = 32; + return 32; + } + + if (gost01_VKO_key(peer_key, my_key, data->shared_ukm, key) <= 0) + return 0; + + *keylen = 32; + return 1; +} + +int +pkey_gost01_encrypt(EVP_PKEY_CTX *pctx, unsigned char *out, size_t *out_len, + const unsigned char *key, size_t key_len) +{ + GOST_KEY_TRANSPORT *gkt = NULL; + EVP_PKEY *pubk = EVP_PKEY_CTX_get0_pkey(pctx); + struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(pctx); + unsigned char ukm[8], shared_key[32], crypted_key[44]; + int ret = 0; + int key_is_ephemeral; + EVP_PKEY *sec_key = EVP_PKEY_CTX_get0_peerkey(pctx); + int nid = NID_id_Gost28147_89_CryptoPro_A_ParamSet; + + if (data->shared_ukm != NULL) { + memcpy(ukm, data->shared_ukm, 8); + } else /* if (out != NULL) */ { + arc4random_buf(ukm, 8); + } + /* Check for private key in the peer_key of context */ + if (sec_key) { + key_is_ephemeral = 0; + if (GOST_KEY_get0_private_key(sec_key->pkey.gost) == 0) { + GOSTerror(GOST_R_NO_PRIVATE_PART_OF_NON_EPHEMERAL_KEYPAIR); + goto err; + } + } else { + key_is_ephemeral = 1; + if (out != NULL) { + GOST_KEY *tmp_key; + + sec_key = EVP_PKEY_new(); + if (sec_key == NULL) + goto err; + tmp_key = GOST_KEY_new(); + if (tmp_key == NULL) + goto err; + if (EVP_PKEY_assign(sec_key, EVP_PKEY_base_id(pubk), + tmp_key) == 0) { + GOST_KEY_free(tmp_key); + goto err; + } + if (EVP_PKEY_copy_parameters(sec_key, pubk) == 0) + goto err; + if (gost2001_keygen(sec_key->pkey.gost) == 0) { + goto err; + } + } + } + + if (out != NULL) { + if (gost01_VKO_key(pubk, sec_key, ukm, shared_key) <= 0) + goto err; + gost_key_wrap_crypto_pro(nid, shared_key, ukm, key, + crypted_key); + } + gkt = GOST_KEY_TRANSPORT_new(); + if (gkt == NULL) + goto err; + if (ASN1_OCTET_STRING_set(gkt->key_agreement_info->eph_iv, ukm, 8) == 0) + goto err; + if (ASN1_OCTET_STRING_set(gkt->key_info->imit, crypted_key + 40, + 4) == 0) + goto err; + if (ASN1_OCTET_STRING_set(gkt->key_info->encrypted_key, crypted_key + 8, + 32) == 0) + goto err; + if (key_is_ephemeral) { + if (X509_PUBKEY_set(&gkt->key_agreement_info->ephem_key, + out != NULL ? sec_key : pubk) == 0) { + GOSTerror(GOST_R_CANNOT_PACK_EPHEMERAL_KEY); + goto err; + } + } + ASN1_OBJECT_free(gkt->key_agreement_info->cipher); + gkt->key_agreement_info->cipher = OBJ_nid2obj(nid); + if (key_is_ephemeral) + EVP_PKEY_free(sec_key); + else { + /* Set control "public key from client certificate used" */ + if (EVP_PKEY_CTX_ctrl(pctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, + NULL) <= 0) { + GOSTerror(GOST_R_CTRL_CALL_FAILED); + goto err; + } + } + if ((*out_len = i2d_GOST_KEY_TRANSPORT(gkt, out ? &out : NULL)) > 0) + ret = 1; + GOST_KEY_TRANSPORT_free(gkt); + return ret; + +err: + if (key_is_ephemeral) + EVP_PKEY_free(sec_key); + GOST_KEY_TRANSPORT_free(gkt); + return -1; +} + + +static int +pkey_gost01_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) +{ + struct gost_pmeth_data *pctx = EVP_PKEY_CTX_get_data(ctx); + + switch (type) { + case EVP_PKEY_CTRL_MD: + if (EVP_MD_type(p2) != + GostR3410_get_md_digest(pctx->digest_nid)) { + GOSTerror(GOST_R_INVALID_DIGEST_TYPE); + return 0; + } + pctx->md = p2; + return 1; + case EVP_PKEY_CTRL_PKCS7_ENCRYPT: + case EVP_PKEY_CTRL_PKCS7_DECRYPT: + case EVP_PKEY_CTRL_PKCS7_SIGN: + case EVP_PKEY_CTRL_DIGESTINIT: + return 1; + + case EVP_PKEY_CTRL_GOST_PARAMSET: + pctx->sign_param_nid = (int)p1; + return 1; + + case EVP_PKEY_CTRL_SET_IV: + { + char *ukm = malloc(p1); + + if (ukm == NULL) { + GOSTerror(ERR_R_MALLOC_FAILURE); + return 0; + } + memcpy(ukm, p2, p1); + free(pctx->shared_ukm); + pctx->shared_ukm = ukm; + return 1; + } + + case EVP_PKEY_CTRL_PEER_KEY: + if (p1 == 0 || p1 == 1) /* call from EVP_PKEY_derive_set_peer */ + return 1; + if (p1 == 2) /* TLS: peer key used? */ + return pctx->peer_key_used; + if (p1 == 3) /* TLS: peer key used! */ + return (pctx->peer_key_used = 1); + return -2; + case EVP_PKEY_CTRL_GOST_SIG_FORMAT: + switch (p1) { + case GOST_SIG_FORMAT_SR_BE: + case GOST_SIG_FORMAT_RS_LE: + pctx->sig_format = p1; + return 1; + default: + return 0; + } + break; + case EVP_PKEY_CTRL_GOST_SET_DIGEST: + pctx->digest_nid = (int)p1; + return 1; + case EVP_PKEY_CTRL_GOST_GET_DIGEST: + *(int *)p2 = pctx->digest_nid; + return 1; + default: + return -2; + } +} + +static int +pkey_gost01_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value) +{ + int param_nid = NID_undef; + int digest_nid = NID_undef; + + if (strcmp(type, "paramset") == 0) { + if (value == NULL) + return 0; + if (pkey_gost01_ctrl(ctx, EVP_PKEY_CTRL_GOST_GET_DIGEST, 0, + &digest_nid) == 0) + return 0; + if (digest_nid == NID_id_tc26_gost3411_2012_512) + param_nid = GostR3410_512_param_id(value); + else + param_nid = GostR3410_256_param_id(value); + if (param_nid == NID_undef) + param_nid = OBJ_txt2nid(value); + if (param_nid == NID_undef) + return 0; + + return pkey_gost01_ctrl(ctx, EVP_PKEY_CTRL_GOST_PARAMSET, + param_nid, NULL); + } + if (strcmp(type, "dgst") == 0) { + if (value == NULL) + return 0; + else if (strcmp(value, "gost94") == 0 || + strcmp(value, "md_gost94") == 0) + digest_nid = NID_id_GostR3411_94_CryptoProParamSet; + else if (strcmp(value, "streebog256") == 0) + digest_nid = NID_id_tc26_gost3411_2012_256; + else if (strcmp(value, "streebog512") == 0) + digest_nid = NID_id_tc26_gost3411_2012_512; + + if (digest_nid == NID_undef) + return 0; + + return pkey_gost01_ctrl(ctx, EVP_PKEY_CTRL_GOST_SET_DIGEST, + digest_nid, NULL); + } + return -2; +} + +const EVP_PKEY_METHOD gostr01_pkey_meth = { + .pkey_id = EVP_PKEY_GOSTR01, + + .init = pkey_gost01_init, + .copy = pkey_gost01_copy, + .cleanup = pkey_gost01_cleanup, + + .paramgen = pkey_gost01_paramgen, + .keygen = pkey_gost01_keygen, + .sign = pkey_gost01_sign, + .verify = pkey_gost01_verify, + + .encrypt = pkey_gost01_encrypt, + .decrypt = pkey_gost01_decrypt, + .derive = pkey_gost01_derive, + + .ctrl = pkey_gost01_ctrl, + .ctrl_str = pkey_gost01_ctrl_str, +}; +#endif diff --git a/src/lib/libcrypto/gost/gostr341194.c b/src/lib/libcrypto/gost/gostr341194.c new file mode 100644 index 00000000000..2a462185aa4 --- /dev/null +++ b/src/lib/libcrypto/gost/gostr341194.c @@ -0,0 +1,273 @@ +/* $OpenBSD: gostr341194.c,v 1.5 2015/09/10 15:56:25 jsing Exp $ */ +/* + * Copyright (c) 2014 Dmitry Eremin-Solenikov + * Copyright (c) 2005-2006 Cryptocom LTD + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include + +#include + +#ifndef OPENSSL_NO_GOST +#include +#include +#include + +#include "gost_locl.h" + +/* Following functions are various bit meshing routines used in + * GOST R 34.11-94 algorithms */ +static void +swap_bytes(unsigned char *w, unsigned char *k) +{ + int i, j; + + for (i = 0; i < 4; i++) + for (j = 0; j < 8; j++) + k[i + 4 * j] = w[8 * i + j]; +} + +/* was A_A */ +static void +circle_xor8(const unsigned char *w, unsigned char *k) +{ + unsigned char buf[8]; + int i; + + memcpy(buf, w, 8); + memmove(k, w + 8, 24); + for (i = 0; i < 8; i++) + k[i + 24] = buf[i] ^ k[i]; +} + +/* was R_R */ +static void +transform_3(unsigned char *data) +{ + unsigned short int acc; + + acc = (data[0] ^ data[2] ^ data[4] ^ data[6] ^ data[24] ^ data[30]) | + ((data[1] ^ data[3] ^ data[5] ^ data[7] ^ data[25] ^ data[31]) << 8); + memmove(data, data + 2, 30); + data[30] = acc & 0xff; + data[31] = acc >> 8; +} + +/* Adds blocks of N bytes modulo 2**(8*n). Returns carry*/ +static int +add_blocks(int n, unsigned char *left, const unsigned char *right) +{ + int i; + int carry = 0; + int sum; + + for (i = 0; i < n; i++) { + sum = (int)left[i] + (int)right[i] + carry; + left[i] = sum & 0xff; + carry = sum >> 8; + } + return carry; +} + +/* Xor two sequences of bytes */ +static void +xor_blocks(unsigned char *result, const unsigned char *a, + const unsigned char *b, size_t len) +{ + size_t i; + + for (i = 0; i < len; i++) + result[i] = a[i] ^ b[i]; +} + +/* + * Calculate H(i+1) = Hash(Hi,Mi) + * Where H and M are 32 bytes long + */ +static int +hash_step(GOSTR341194_CTX *c, unsigned char *H, const unsigned char *M) +{ + unsigned char U[32], W[32], V[32], S[32], Key[32]; + int i; + + /* Compute first key */ + xor_blocks(W, H, M, 32); + swap_bytes(W, Key); + /* Encrypt first 8 bytes of H with first key */ + Gost2814789_set_key(&c->cipher, Key, 256); + Gost2814789_encrypt(H, S, &c->cipher); + + /* Compute second key */ + circle_xor8(H, U); + circle_xor8(M, V); + circle_xor8(V, V); + xor_blocks(W, U, V, 32); + swap_bytes(W, Key); + /* encrypt second 8 bytes of H with second key */ + Gost2814789_set_key(&c->cipher, Key, 256); + Gost2814789_encrypt(H+8, S+8, &c->cipher); + + /* compute third key */ + circle_xor8(U, U); + U[31] = ~U[31]; + U[29] = ~U[29]; + U[28] = ~U[28]; + U[24] = ~U[24]; + U[23] = ~U[23]; + U[20] = ~U[20]; + U[18] = ~U[18]; + U[17] = ~U[17]; + U[14] = ~U[14]; + U[12] = ~U[12]; + U[10] = ~U[10]; + U[8] = ~U[8]; + U[7] = ~U[7]; + U[5] = ~U[5]; + U[3] = ~U[3]; + U[1] = ~U[1]; + circle_xor8(V, V); + circle_xor8(V, V); + xor_blocks(W, U, V, 32); + swap_bytes(W, Key); + /* encrypt third 8 bytes of H with third key */ + Gost2814789_set_key(&c->cipher, Key, 256); + Gost2814789_encrypt(H+16, S+16, &c->cipher); + + /* Compute fourth key */ + circle_xor8(U, U); + circle_xor8(V, V); + circle_xor8(V, V); + xor_blocks(W, U, V, 32); + swap_bytes(W, Key); + /* Encrypt last 8 bytes with fourth key */ + Gost2814789_set_key(&c->cipher, Key, 256); + Gost2814789_encrypt(H+24, S+24, &c->cipher); + + for (i = 0; i < 12; i++) + transform_3(S); + xor_blocks(S, S, M, 32); + transform_3(S); + xor_blocks(S, S, H, 32); + for (i = 0; i < 61; i++) + transform_3(S); + memcpy(H, S, 32); + return 1; +} + +int +GOSTR341194_Init(GOSTR341194_CTX *c, int nid) +{ + memset(c, 0, sizeof(*c)); + return Gost2814789_set_sbox(&c->cipher, nid); +} + +static void +GOSTR341194_block_data_order(GOSTR341194_CTX *ctx, const unsigned char *p, + size_t num) +{ + int i; + + for (i = 0; i < num; i++) { + hash_step(ctx, ctx->H, p); + add_blocks(32, ctx->S, p); + p += 32; + } +} + +#define DATA_ORDER_IS_LITTLE_ENDIAN + +#define HASH_CBLOCK GOSTR341194_CBLOCK +#define HASH_LONG GOSTR341194_LONG +#define HASH_CTX GOSTR341194_CTX +#define HASH_UPDATE GOSTR341194_Update +#define HASH_TRANSFORM GOSTR341194_Transform +#define HASH_NO_FINAL 1 +#define HASH_BLOCK_DATA_ORDER GOSTR341194_block_data_order + +#include "md32_common.h" + +int +GOSTR341194_Final(unsigned char *md, GOSTR341194_CTX * c) +{ + unsigned char *p = (unsigned char *)c->data; + unsigned char T[32]; + + if (c->num > 0) { + memset(p + c->num, 0, 32 - c->num); + hash_step(c, c->H, p); + add_blocks(32, c->S, p); + } + + p = T; + HOST_l2c(c->Nl, p); + HOST_l2c(c->Nh, p); + memset(p, 0, 32 - 8); + hash_step(c, c->H, T); + hash_step(c, c->H, c->S); + + memcpy(md, c->H, 32); + + return 1; +} + +unsigned char * +GOSTR341194(const unsigned char *d, size_t n, unsigned char *md, int nid) +{ + GOSTR341194_CTX c; + static unsigned char m[GOSTR341194_LENGTH]; + + if (md == NULL) + md = m; + if (!GOSTR341194_Init(&c, nid)) + return 0; + GOSTR341194_Update(&c, d, n); + GOSTR341194_Final(md, &c); + explicit_bzero(&c, sizeof(c)); + return (md); +} +#endif diff --git a/src/lib/libcrypto/gost/streebog.c b/src/lib/libcrypto/gost/streebog.c new file mode 100644 index 00000000000..902472bd9e2 --- /dev/null +++ b/src/lib/libcrypto/gost/streebog.c @@ -0,0 +1,1477 @@ +/* $OpenBSD: streebog.c,v 1.5 2015/09/10 15:56:25 jsing Exp $ */ +/* + * Copyright (c) 2014 Dmitry Eremin-Solenikov + * Copyright (c) 2005-2006 Cryptocom LTD + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include + +#include +#include + +#include + +#ifndef OPENSSL_NO_GOST +#include +#include +#include + +#include "gost_locl.h" + +static const STREEBOG_LONG64 A_PI_table[8][256] = { + { /* 0 */ + U64(0xd01f715b5c7ef8e6), U64(0x16fa240980778325), + U64(0xa8a42e857ee049c8), U64(0x6ac1068fa186465b), + U64(0x6e417bd7a2e9320b), U64(0x665c8167a437daab), + U64(0x7666681aa89617f6), U64(0x4b959163700bdcf5), + U64(0xf14be6b78df36248), U64(0xc585bd689a625cff), + U64(0x9557d7fca67d82cb), U64(0x89f0b969af6dd366), + U64(0xb0833d48749f6c35), U64(0xa1998c23b1ecbc7c), + U64(0x8d70c431ac02a736), U64(0xd6dfbc2fd0a8b69e), + U64(0x37aeb3e551fa198b), U64(0x0b7d128a40b5cf9c), + U64(0x5a8f2008b5780cbc), U64(0xedec882284e333e5), + U64(0xd25fc177d3c7c2ce), U64(0x5e0f5d50b61778ec), + U64(0x1d873683c0c24cb9), U64(0xad040bcbb45d208c), + U64(0x2f89a0285b853c76), U64(0x5732fff6791b8d58), + U64(0x3e9311439ef6ec3f), U64(0xc9183a809fd3c00f), + U64(0x83adf3f5260a01ee), U64(0xa6791941f4e8ef10), + U64(0x103ae97d0ca1cd5d), U64(0x2ce948121dee1b4a), + U64(0x39738421dbf2bf53), U64(0x093da2a6cf0cf5b4), + U64(0xcd9847d89cbcb45f), U64(0xf9561c078b2d8ae8), + U64(0x9c6a755a6971777f), U64(0xbc1ebaa0712ef0c5), + U64(0x72e61542abf963a6), U64(0x78bb5fde229eb12e), + U64(0x14ba94250fceb90d), U64(0x844d6697630e5282), + U64(0x98ea08026a1e032f), U64(0xf06bbea144217f5c), + U64(0xdb6263d11ccb377a), U64(0x641c314b2b8ee083), + U64(0x320e96ab9b4770cf), U64(0x1ee7deb986a96b85), + U64(0xe96cf57a878c47b5), U64(0xfdd6615f8842feb8), + U64(0xc83862965601dd1b), U64(0x2ea9f83e92572162), + U64(0xf876441142ff97fc), U64(0xeb2c455608357d9d), + U64(0x5612a7e0b0c9904c), U64(0x6c01cbfb2d500823), + U64(0x4548a6a7fa037a2d), U64(0xabc4c6bf388b6ef4), + U64(0xbade77d4fdf8bebd), U64(0x799b07c8eb4cac3a), + U64(0x0c9d87e805b19cf0), U64(0xcb588aac106afa27), + U64(0xea0c1d40c1e76089), U64(0x2869354a1e816f1a), + U64(0xff96d17307fbc490), U64(0x9f0a9d602f1a5043), + U64(0x96373fc6e016a5f7), U64(0x5292dab8b3a6e41c), + U64(0x9b8ae0382c752413), U64(0x4f15ec3b7364a8a5), + U64(0x3fb349555724f12b), U64(0xc7c50d4415db66d7), + U64(0x92b7429ee379d1a7), U64(0xd37f99611a15dfda), + U64(0x231427c05e34a086), U64(0xa439a96d7b51d538), + U64(0xb403401077f01865), U64(0xdda2aea5901d7902), + U64(0x0a5d4a9c8967d288), U64(0xc265280adf660f93), + U64(0x8bb0094520d4e94e), U64(0x2a29856691385532), + U64(0x42a833c5bf072941), U64(0x73c64d54622b7eb2), + U64(0x07e095624504536c), U64(0x8a905153e906f45a), + U64(0x6f6123c16b3b2f1f), U64(0xc6e55552dc097bc3), + U64(0x4468feb133d16739), U64(0xe211e7f0c7398829), + U64(0xa2f96419f7879b40), U64(0x19074bdbc3ad38e9), + U64(0xf4ebc3f9474e0b0c), U64(0x43886bd376d53455), + U64(0xd8028beb5aa01046), U64(0x51f23282f5cdc320), + U64(0xe7b1c2be0d84e16d), U64(0x081dfab006dee8a0), + U64(0x3b33340d544b857b), U64(0x7f5bcabc679ae242), + U64(0x0edd37c48a08a6d8), U64(0x81ed43d9a9b33bc6), + U64(0xb1a3655ebd4d7121), U64(0x69a1eeb5e7ed6167), + U64(0xf6ab73d5c8f73124), U64(0x1a67a3e185c61fd5), + U64(0x2dc91004d43c065e), U64(0x0240b02c8fb93a28), + U64(0x90f7f2b26cc0eb8f), U64(0x3cd3a16f114fd617), + U64(0xaae49ea9f15973e0), U64(0x06c0cd748cd64e78), + U64(0xda423bc7d5192a6e), U64(0xc345701c16b41287), + U64(0x6d2193ede4821537), U64(0xfcf639494190e3ac), + U64(0x7c3b228621f1c57e), U64(0xfb16ac2b0494b0c0), + U64(0xbf7e529a3745d7f9), U64(0x6881b6a32e3f7c73), + U64(0xca78d2bad9b8e733), U64(0xbbfe2fc2342aa3a9), + U64(0x0dbddffecc6381e4), U64(0x70a6a56e2440598e), + U64(0xe4d12a844befc651), U64(0x8c509c2765d0ba22), + U64(0xee8c6018c28814d9), U64(0x17da7c1f49a59e31), + U64(0x609c4c1328e194d3), U64(0xb3e3d57232f44b09), + U64(0x91d7aaa4a512f69b), U64(0x0ffd6fd243dabbcc), + U64(0x50d26a943c1fde34), U64(0x6be15e9968545b4f), + U64(0x94778fea6faf9fdf), U64(0x2b09dd7058ea4826), + U64(0x677cd9716de5c7bf), U64(0x49d5214fffb2e6dd), + U64(0x0360e83a466b273c), U64(0x1fc786af4f7b7691), + U64(0xa0b9d435783ea168), U64(0xd49f0c035f118cb6), + U64(0x01205816c9d21d14), U64(0xac2453dd7d8f3d98), + U64(0x545217cc3f70aa64), U64(0x26b4028e9489c9c2), + U64(0xdec2469fd6765e3e), U64(0x04807d58036f7450), + U64(0xe5f17292823ddb45), U64(0xf30b569b024a5860), + U64(0x62dcfc3fa758aefb), U64(0xe84cad6c4e5e5aa1), + U64(0xccb81fce556ea94b), U64(0x53b282ae7a74f908), + U64(0x1b47fbf74c1402c1), U64(0x368eebf39828049f), + U64(0x7afbeff2ad278b06), U64(0xbe5e0a8cfe97caed), + U64(0xcfd8f7f413058e77), U64(0xf78b2bc301252c30), + U64(0x4d555c17fcdd928d), U64(0x5f2f05467fc565f8), + U64(0x24f4b2a21b30f3ea), U64(0x860dd6bbecb768aa), + U64(0x4c750401350f8f99), U64(0x0000000000000000), + U64(0xecccd0344d312ef1), U64(0xb5231806be220571), + U64(0xc105c030990d28af), U64(0x653c695de25cfd97), + U64(0x159acc33c61ca419), U64(0xb89ec7f872418495), + U64(0xa9847693b73254dc), U64(0x58cf90243ac13694), + U64(0x59efc832f3132b80), U64(0x5c4fed7c39ae42c4), + U64(0x828dabe3efd81cfa), U64(0xd13f294d95ace5f2), + U64(0x7d1b7a90e823d86a), U64(0xb643f03cf849224d), + U64(0x3df3f979d89dcb03), U64(0x7426d836272f2dde), + U64(0xdfe21e891fa4432a), U64(0x3a136c1b9d99986f), + U64(0xfa36f43dcd46add4), U64(0xc025982650df35bb), + U64(0x856d3e81aadc4f96), U64(0xc4a5e57e53b041eb), + U64(0x4708168b75ba4005), U64(0xaf44bbe73be41aa4), + U64(0x971767d029c4b8e3), U64(0xb9be9feebb939981), + U64(0x215497ecd18d9aae), U64(0x316e7e91dd2c57f3), + U64(0xcef8afe2dad79363), U64(0x3853dc371220a247), + U64(0x35ee03c9de4323a3), U64(0xe6919aa8c456fc79), + U64(0xe05157dc4880b201), U64(0x7bdbb7e464f59612), + U64(0x127a59518318f775), U64(0x332ecebd52956ddb), + U64(0x8f30741d23bb9d1e), U64(0xd922d3fd93720d52), + U64(0x7746300c61440ae2), U64(0x25d4eab4d2e2eefe), + U64(0x75068020eefd30ca), U64(0x135a01474acaea61), + U64(0x304e268714fe4ae7), U64(0xa519f17bb283c82c), + U64(0xdc82f6b359cf6416), U64(0x5baf781e7caa11a8), + U64(0xb2c38d64fb26561d), U64(0x34ce5bdf17913eb7), + U64(0x5d6fb56af07c5fd0), U64(0x182713cd0a7f25fd), + U64(0x9e2ac576e6c84d57), U64(0x9aaab82ee5a73907), + U64(0xa3d93c0f3e558654), U64(0x7e7b92aaae48ff56), + U64(0x872d8ead256575be), U64(0x41c8dbfff96c0e7d), + U64(0x99ca5014a3cc1e3b), U64(0x40e883e930be1369), + U64(0x1ca76e95091051ad), U64(0x4e35b42dbab6b5b1), + U64(0x05a0254ecabd6944), U64(0xe1710fca8152af15), + U64(0xf22b0e8dcb984574), U64(0xb763a82a319b3f59), + U64(0x63fca4296e8ab3ef), U64(0x9d4a2d4ca0a36a6b), + U64(0xe331bfe60eeb953d), U64(0xd5bf541596c391a2), + U64(0xf5cb9bef8e9c1618), U64(0x46284e9dbc685d11), + U64(0x2074cffa185f87ba), U64(0xbd3ee2b6b8fcedd1), + U64(0xae64e3f1f23607b0), U64(0xfeb68965ce29d984), + U64(0x55724fdaf6a2b770), U64(0x29496d5cd753720e), + U64(0xa75941573d3af204), U64(0x8e102c0bea69800a), + U64(0x111ab16bc573d049), U64(0xd7ffe439197aab8a), + U64(0xefac380e0b5a09cd), U64(0x48f579593660fbc9), + U64(0x22347fd697e6bd92), U64(0x61bc1405e13389c7), + U64(0x4ab5c975b9d9c1e1), U64(0x80cd1bcf606126d2), + U64(0x7186fd78ed92449a), U64(0x93971a882aabccb3), + U64(0x88d0e17f66bfce72), U64(0x27945a985d5bd4d6) + }, { /* 1 */ + U64(0xde553f8c05a811c8), U64(0x1906b59631b4f565), + U64(0x436e70d6b1964ff7), U64(0x36d343cb8b1e9d85), + U64(0x843dfacc858aab5a), U64(0xfdfc95c299bfc7f9), + U64(0x0f634bdea1d51fa2), U64(0x6d458b3b76efb3cd), + U64(0x85c3f77cf8593f80), U64(0x3c91315fbe737cb2), + U64(0x2148b03366ace398), U64(0x18f8b8264c6761bf), + U64(0xc830c1c495c9fb0f), U64(0x981a76102086a0aa), + U64(0xaa16012142f35760), U64(0x35cc54060c763cf6), + U64(0x42907d66cc45db2d), U64(0x8203d44b965af4bc), + U64(0x3d6f3cefc3a0e868), U64(0xbc73ff69d292bda7), + U64(0x8722ed0102e20a29), U64(0x8f8185e8cd34deb7), + U64(0x9b0561dda7ee01d9), U64(0x5335a0193227fad6), + U64(0xc9cecc74e81a6fd5), U64(0x54f5832e5c2431ea), + U64(0x99e47ba05d553470), U64(0xf7bee756acd226ce), + U64(0x384e05a5571816fd), U64(0xd1367452a47d0e6a), + U64(0xf29fde1c386ad85b), U64(0x320c77316275f7ca), + U64(0xd0c879e2d9ae9ab0), U64(0xdb7406c69110ef5d), + U64(0x45505e51a2461011), U64(0xfc029872e46c5323), + U64(0xfa3cb6f5f7bc0cc5), U64(0x031f17cd8768a173), + U64(0xbd8df2d9af41297d), U64(0x9d3b4f5ab43e5e3f), + U64(0x4071671b36feee84), U64(0x716207e7d3e3b83d), + U64(0x48d20ff2f9283a1a), U64(0x27769eb4757cbc7e), + U64(0x5c56ebc793f2e574), U64(0xa48b474f9ef5dc18), + U64(0x52cbada94ff46e0c), U64(0x60c7da982d8199c6), + U64(0x0e9d466edc068b78), U64(0x4eec2175eaf865fc), + U64(0x550b8e9e21f7a530), U64(0x6b7ba5bc653fec2b), + U64(0x5eb7f1ba6949d0dd), U64(0x57ea94e3db4c9099), + U64(0xf640eae6d101b214), U64(0xdd4a284182c0b0bb), + U64(0xff1d8fbf6304f250), U64(0xb8accb933bf9d7e8), + U64(0xe8867c478eb68c4d), U64(0x3f8e2692391bddc1), + U64(0xcb2fd60912a15a7c), U64(0xaec935dbab983d2f), + U64(0xf55ffd2b56691367), U64(0x80e2ce366ce1c115), + U64(0x179bf3f8edb27e1d), U64(0x01fe0db07dd394da), + U64(0xda8a0b76ecc37b87), U64(0x44ae53e1df9584cb), + U64(0xb310b4b77347a205), U64(0xdfab323c787b8512), + U64(0x3b511268d070b78e), U64(0x65e6e3d2b9396753), + U64(0x6864b271e2574d58), U64(0x259784c98fc789d7), + U64(0x02e11a7dfabb35a9), U64(0x8841a6dfa337158b), + U64(0x7ade78c39b5dcdd0), U64(0xb7cf804d9a2cc84a), + U64(0x20b6bd831b7f7742), U64(0x75bd331d3a88d272), + U64(0x418f6aab4b2d7a5e), U64(0xd9951cbb6babdaf4), + U64(0xb6318dfde7ff5c90), U64(0x1f389b112264aa83), + U64(0x492c024284fbaec0), U64(0xe33a0363c608f9a0), + U64(0x2688930408af28a4), U64(0xc7538a1a341ce4ad), + U64(0x5da8e677ee2171ae), U64(0x8c9e92254a5c7fc4), + U64(0x63d8cd55aae938b5), U64(0x29ebd8daa97a3706), + U64(0x959827b37be88aa1), U64(0x1484e4356adadf6e), + U64(0xa7945082199d7d6b), U64(0xbf6ce8a455fa1cd4), + U64(0x9cc542eac9edcae5), U64(0x79c16f0e1c356ca3), + U64(0x89bfab6fdee48151), U64(0xd4174d1830c5f0ff), + U64(0x9258048415eb419d), U64(0x6139d72850520d1c), + U64(0x6a85a80c18ec78f1), U64(0xcd11f88e0171059a), + U64(0xcceff53e7ca29140), U64(0xd229639f2315af19), + U64(0x90b91ef9ef507434), U64(0x5977d28d074a1be1), + U64(0x311360fce51d56b9), U64(0xc093a92d5a1f2f91), + U64(0x1a19a25bb6dc5416), U64(0xeb996b8a09de2d3e), + U64(0xfee3820f1ed7668a), U64(0xd7085ad5b7ad518c), + U64(0x7fff41890fe53345), U64(0xec5948bd67dde602), + U64(0x2fd5f65dbaaa68e0), U64(0xa5754affe32648c2), + U64(0xf8ddac880d07396c), U64(0x6fa491468c548664), + U64(0x0c7c5c1326bdbed1), U64(0x4a33158f03930fb3), + U64(0x699abfc19f84d982), U64(0xe4fa2054a80b329c), + U64(0x6707f9af438252fa), U64(0x08a368e9cfd6d49e), + U64(0x47b1442c58fd25b8), U64(0xbbb3dc5ebc91769b), + U64(0x1665fe489061eac7), U64(0x33f27a811fa66310), + U64(0x93a609346838d547), U64(0x30ed6d4c98cec263), + U64(0x1dd9816cd8df9f2a), U64(0x94662a03063b1e7b), + U64(0x83fdd9fbeb896066), U64(0x7b207573e68e590a), + U64(0x5f49fc0a149a4407), U64(0x343259b671a5a82c), + U64(0xfbc2bb458a6f981f), U64(0xc272b350a0a41a38), + U64(0x3aaf1fd8ada32354), U64(0x6cbb868b0b3c2717), + U64(0xa2b569c88d2583fe), U64(0xf180c9d1bf027928), + U64(0xaf37386bd64ba9f5), U64(0x12bacab2790a8088), + U64(0x4c0d3b0810435055), U64(0xb2eeb9070e9436df), + U64(0xc5b29067cea7d104), U64(0xdcb425f1ff132461), + U64(0x4f122cc5972bf126), U64(0xac282fa651230886), + U64(0xe7e537992f6393ef), U64(0xe61b3a2952b00735), + U64(0x709c0a57ae302ce7), U64(0xe02514ae416058d3), + U64(0xc44c9dd7b37445de), U64(0x5a68c5408022ba92), + U64(0x1c278cdca50c0bf0), U64(0x6e5a9cf6f18712be), + U64(0x86dce0b17f319ef3), U64(0x2d34ec2040115d49), + U64(0x4bcd183f7e409b69), U64(0x2815d56ad4a9a3dc), + U64(0x24698979f2141d0d), U64(0x0000000000000000), + U64(0x1ec696a15fb73e59), U64(0xd86b110b16784e2e), + U64(0x8e7f8858b0e74a6d), U64(0x063e2e8713d05fe6), + U64(0xe2c40ed3bbdb6d7a), U64(0xb1f1aeca89fc97ac), + U64(0xe1db191e3cb3cc09), U64(0x6418ee62c4eaf389), + U64(0xc6ad87aa49cf7077), U64(0xd6f65765ca7ec556), + U64(0x9afb6c6dda3d9503), U64(0x7ce05644888d9236), + U64(0x8d609f95378feb1e), U64(0x23a9aa4e9c17d631), + U64(0x6226c0e5d73aac6f), U64(0x56149953a69f0443), + U64(0xeeb852c09d66d3ab), U64(0x2b0ac2a753c102af), + U64(0x07c023376e03cb3c), U64(0x2ccae1903dc2c993), + U64(0xd3d76e2f5ec63bc3), U64(0x9e2458973356ff4c), + U64(0xa66a5d32644ee9b1), U64(0x0a427294356de137), + U64(0x783f62be61e6f879), U64(0x1344c70204d91452), + U64(0x5b96c8f0fdf12e48), U64(0xa90916ecc59bf613), + U64(0xbe92e5142829880e), U64(0x727d102a548b194e), + U64(0x1be7afebcb0fc0cc), U64(0x3e702b2244c8491b), + U64(0xd5e940a84d166425), U64(0x66f9f41f3e51c620), + U64(0xabe80c913f20c3ba), U64(0xf07ec461c2d1edf2), + U64(0xf361d3ac45b94c81), U64(0x0521394a94b8fe95), + U64(0xadd622162cf09c5c), U64(0xe97871f7f3651897), + U64(0xf4a1f09b2bba87bd), U64(0x095d6559b2054044), + U64(0x0bbc7f2448be75ed), U64(0x2af4cf172e129675), + U64(0x157ae98517094bb4), U64(0x9fda55274e856b96), + U64(0x914713499283e0ee), U64(0xb952c623462a4332), + U64(0x74433ead475b46a8), U64(0x8b5eb112245fb4f8), + U64(0xa34b6478f0f61724), U64(0x11a5dd7ffe6221fb), + U64(0xc16da49d27ccbb4b), U64(0x76a224d0bde07301), + U64(0x8aa0bca2598c2022), U64(0x4df336b86d90c48f), + U64(0xea67663a740db9e4), U64(0xef465f70e0b54771), + U64(0x39b008152acb8227), U64(0x7d1e5bf4f55e06ec), + U64(0x105bd0cf83b1b521), U64(0x775c2960c033e7db), + U64(0x7e014c397236a79f), U64(0x811cc386113255cf), + U64(0xeda7450d1a0e72d8), U64(0x5889df3d7a998f3b), + U64(0x2e2bfbedc779fc3a), U64(0xce0eef438619a4e9), + U64(0x372d4e7bf6cd095f), U64(0x04df34fae96b6a4f), + U64(0xf923a13870d4adb6), U64(0xa1aa7e050a4d228d), + U64(0xa8f71b5cb84862c9), U64(0xb52e9a306097fde3), + U64(0x0d8251a35b6e2a0b), U64(0x2257a7fee1c442eb), + U64(0x73831d9a29588d94), U64(0x51d4ba64c89ccf7f), + U64(0x502ab7d4b54f5ba5), U64(0x97793dce8153bf08), + U64(0xe5042de4d5d8a646), U64(0x9687307efc802bd2), + U64(0xa05473b5779eb657), U64(0xb4d097801d446939), + U64(0xcff0e2f3fbca3033), U64(0xc38cbee0dd778ee2), + U64(0x464f499c252eb162), U64(0xcad1dbb96f72cea6), + U64(0xba4dd1eec142e241), U64(0xb00fa37af42f0376) + }, { /* 2 */ + U64(0xcce4cd3aa968b245), U64(0x089d5484e80b7faf), + U64(0x638246c1b3548304), U64(0xd2fe0ec8c2355492), + U64(0xa7fbdf7ff2374eee), U64(0x4df1600c92337a16), + U64(0x84e503ea523b12fb), U64(0x0790bbfd53ab0c4a), + U64(0x198a780f38f6ea9d), U64(0x2ab30c8f55ec48cb), + U64(0xe0f7fed6b2c49db5), U64(0xb6ecf3f422cadbdc), + U64(0x409c9a541358df11), U64(0xd3ce8a56dfde3fe3), + U64(0xc3e9224312c8c1a0), U64(0x0d6dfa58816ba507), + U64(0xddf3e1b179952777), U64(0x04c02a42748bb1d9), + U64(0x94c2abff9f2decb8), U64(0x4f91752da8f8acf4), + U64(0x78682befb169bf7b), U64(0xe1c77a48af2ff6c4), + U64(0x0c5d7ec69c80ce76), U64(0x4cc1e4928fd81167), + U64(0xfeed3d24d9997b62), U64(0x518bb6dfc3a54a23), + U64(0x6dbf2d26151f9b90), U64(0xb5bc624b05ea664f), + U64(0xe86aaa525acfe21a), U64(0x4801ced0fb53a0be), + U64(0xc91463e6c00868ed), U64(0x1027a815cd16fe43), + U64(0xf67069a0319204cd), U64(0xb04ccc976c8abce7), + U64(0xc0b9b3fc35e87c33), U64(0xf380c77c58f2de65), + U64(0x50bb3241de4e2152), U64(0xdf93f490435ef195), + U64(0xf1e0d25d62390887), U64(0xaf668bfb1a3c3141), + U64(0xbc11b251f00a7291), U64(0x73a5eed47e427d47), + U64(0x25bee3f6ee4c3b2e), U64(0x43cc0beb34786282), + U64(0xc824e778dde3039c), U64(0xf97d86d98a327728), + U64(0xf2b043e24519b514), U64(0xe297ebf7880f4b57), + U64(0x3a94a49a98fab688), U64(0x868516cb68f0c419), + U64(0xeffa11af0964ee50), U64(0xa4ab4ec0d517f37d), + U64(0xa9c6b498547c567a), U64(0x8e18424f80fbbbb6), + U64(0x0bcdc53bcf2bc23c), U64(0x137739aaea3643d0), + U64(0x2c1333ec1bac2ff0), U64(0x8d48d3f0a7db0625), + U64(0x1e1ac3f26b5de6d7), U64(0xf520f81f16b2b95e), + U64(0x9f0f6ec450062e84), U64(0x0130849e1deb6b71), + U64(0xd45e31ab8c7533a9), U64(0x652279a2fd14e43f), + U64(0x3209f01e70f1c927), U64(0xbe71a770cac1a473), + U64(0x0e3d6be7a64b1894), U64(0x7ec8148cff29d840), + U64(0xcb7476c7fac3be0f), U64(0x72956a4a63a91636), + U64(0x37f95ec21991138f), U64(0x9e3fea5a4ded45f5), + U64(0x7b38ba50964902e8), U64(0x222e580bbde73764), + U64(0x61e253e0899f55e6), U64(0xfc8d2805e352ad80), + U64(0x35994be3235ac56d), U64(0x09add01af5e014de), + U64(0x5e8659a6780539c6), U64(0xb17c48097161d796), + U64(0x026015213acbd6e2), U64(0xd1ae9f77e515e901), + U64(0xb7dc776a3f21b0ad), U64(0xaba6a1b96eb78098), + U64(0x9bcf4486248d9f5d), U64(0x582666c536455efd), + U64(0xfdbdac9bfeb9c6f1), U64(0xc47999be4163cdea), + U64(0x765540081722a7ef), U64(0x3e548ed8ec710751), + U64(0x3d041f67cb51bac2), U64(0x7958af71ac82d40a), + U64(0x36c9da5c047a78fe), U64(0xed9a048e33af38b2), + U64(0x26ee7249c96c86bd), U64(0x900281bdeba65d61), + U64(0x11172c8bd0fd9532), U64(0xea0abf73600434f8), + U64(0x42fc8f75299309f3), U64(0x34a9cf7d3eb1ae1c), + U64(0x2b838811480723ba), U64(0x5ce64c8742ceef24), + U64(0x1adae9b01fd6570e), U64(0x3c349bf9d6bad1b3), + U64(0x82453c891c7b75c0), U64(0x97923a40b80d512b), + U64(0x4a61dbf1c198765c), U64(0xb48ce6d518010d3e), + U64(0xcfb45c858e480fd6), U64(0xd933cbf30d1e96ae), + U64(0xd70ea014ab558e3a), U64(0xc189376228031742), + U64(0x9262949cd16d8b83), U64(0xeb3a3bed7def5f89), + U64(0x49314a4ee6b8cbcf), U64(0xdcc3652f647e4c06), + U64(0xda635a4c2a3e2b3d), U64(0x470c21a940f3d35b), + U64(0x315961a157d174b4), U64(0x6672e81dda3459ac), + U64(0x5b76f77a1165e36e), U64(0x445cb01667d36ec8), + U64(0xc5491d205c88a69b), U64(0x456c34887a3805b9), + U64(0xffddb9bac4721013), U64(0x99af51a71e4649bf), + U64(0xa15be01cbc7729d5), U64(0x52db2760e485f7b0), + U64(0x8c78576eba306d54), U64(0xae560f6507d75a30), + U64(0x95f22f6182c687c9), U64(0x71c5fbf54489aba5), + U64(0xca44f259e728d57e), U64(0x88b87d2ccebbdc8d), + U64(0xbab18d32be4a15aa), U64(0x8be8ec93e99b611e), + U64(0x17b713e89ebdf209), U64(0xb31c5d284baa0174), + U64(0xeeca9531148f8521), U64(0xb8d198138481c348), + U64(0x8988f9b2d350b7fc), U64(0xb9e11c8d996aa839), + U64(0x5a4673e40c8e881f), U64(0x1687977683569978), + U64(0xbf4123eed72acf02), U64(0x4ea1f1b3b513c785), + U64(0xe767452be16f91ff), U64(0x7505d1b730021a7c), + U64(0xa59bca5ec8fc980c), U64(0xad069eda20f7e7a3), + U64(0x38f4b1bba231606a), U64(0x60d2d77e94743e97), + U64(0x9affc0183966f42c), U64(0x248e6768f3a7505f), + U64(0xcdd449a4b483d934), U64(0x87b59255751baf68), + U64(0x1bea6d2e023d3c7f), U64(0x6b1f12455b5ffcab), + U64(0x743555292de9710d), U64(0xd8034f6d10f5fddf), + U64(0xc6198c9f7ba81b08), U64(0xbb8109aca3a17edb), + U64(0xfa2d1766ad12cabb), U64(0xc729080166437079), + U64(0x9c5fff7b77269317), U64(0x0000000000000000), + U64(0x15d706c9a47624eb), U64(0x6fdf38072fd44d72), + U64(0x5fb6dd3865ee52b7), U64(0xa33bf53d86bcff37), + U64(0xe657c1b5fc84fa8e), U64(0xaa962527735cebe9), + U64(0x39c43525bfda0b1b), U64(0x204e4d2a872ce186), + U64(0x7a083ece8ba26999), U64(0x554b9c9db72efbfa), + U64(0xb22cd9b656416a05), U64(0x96a2bedea5e63a5a), + U64(0x802529a826b0a322), U64(0x8115ad363b5bc853), + U64(0x8375b81701901eb1), U64(0x3069e53f4a3a1fc5), + U64(0xbd2136cfede119e0), U64(0x18bafc91251d81ec), + U64(0x1d4a524d4c7d5b44), U64(0x05f0aedc6960daa8), + U64(0x29e39d3072ccf558), U64(0x70f57f6b5962c0d4), + U64(0x989fd53903ad22ce), U64(0xf84d024797d91c59), + U64(0x547b1803aac5908b), U64(0xf0d056c37fd263f6), + U64(0xd56eb535919e58d8), U64(0x1c7ad6d351963035), + U64(0x2e7326cd2167f912), U64(0xac361a443d1c8cd2), + U64(0x697f076461942a49), U64(0x4b515f6fdc731d2d), + U64(0x8ad8680df4700a6f), U64(0x41ac1eca0eb3b460), + U64(0x7d988533d80965d3), U64(0xa8f6300649973d0b), + U64(0x7765c4960ac9cc9e), U64(0x7ca801adc5e20ea2), + U64(0xdea3700e5eb59ae4), U64(0xa06b6482a19c42a4), + U64(0x6a2f96db46b497da), U64(0x27def6d7d487edcc), + U64(0x463ca5375d18b82a), U64(0xa6cb5be1efdc259f), + U64(0x53eba3fef96e9cc1), U64(0xce84d81b93a364a7), + U64(0xf4107c810b59d22f), U64(0x333974806d1aa256), + U64(0x0f0def79bba073e5), U64(0x231edc95a00c5c15), + U64(0xe437d494c64f2c6c), U64(0x91320523f64d3610), + U64(0x67426c83c7df32dd), U64(0x6eefbc99323f2603), + U64(0x9d6f7be56acdf866), U64(0x5916e25b2bae358c), + U64(0x7ff89012e2c2b331), U64(0x035091bf2720bd93), + U64(0x561b0d22900e4669), U64(0x28d319ae6f279e29), + U64(0x2f43a2533c8c9263), U64(0xd09e1be9f8fe8270), + U64(0xf740ed3e2c796fbc), U64(0xdb53ded237d5404c), + U64(0x62b2c25faebfe875), U64(0x0afd41a5d2c0a94d), + U64(0x6412fd3ce0ff8f4e), U64(0xe3a76f6995e42026), + U64(0x6c8fa9b808f4f0e1), U64(0xc2d9a6dd0f23aad1), + U64(0x8f28c6d19d10d0c7), U64(0x85d587744fd0798a), + U64(0xa20b71a39b579446), U64(0x684f83fa7c7f4138), + U64(0xe507500adba4471d), U64(0x3f640a46f19a6c20), + U64(0x1247bd34f7dd28a1), U64(0x2d23b77206474481), + U64(0x93521002cc86e0f2), U64(0x572b89bc8de52d18), + U64(0xfb1d93f8b0f9a1ca), U64(0xe95a2ecc4724896b), + U64(0x3ba420048511ddf9), U64(0xd63e248ab6bee54b), + U64(0x5dd6c8195f258455), U64(0x06a03f634e40673b), + U64(0x1f2a476c76b68da6), U64(0x217ec9b49ac78af7), + U64(0xecaa80102e4453c3), U64(0x14e78257b99d4f9a) + }, { /* 3 */ + U64(0x20329b2cc87bba05), U64(0x4f5eb6f86546a531), + U64(0xd4f44775f751b6b1), U64(0x8266a47b850dfa8b), + U64(0xbb986aa15a6ca985), U64(0xc979eb08f9ae0f99), + U64(0x2da6f447a2375ea1), U64(0x1e74275dcd7d8576), + U64(0xbc20180a800bc5f8), U64(0xb4a2f701b2dc65be), + U64(0xe726946f981b6d66), U64(0x48e6c453bf21c94c), + U64(0x42cad9930f0a4195), U64(0xefa47b64aacccd20), + U64(0x71180a8960409a42), U64(0x8bb3329bf6a44e0c), + U64(0xd34c35de2d36dacc), U64(0xa92f5b7cbc23dc96), + U64(0xb31a85aa68bb09c3), U64(0x13e04836a73161d2), + U64(0xb24dfc4129c51d02), U64(0x8ae44b70b7da5acd), + U64(0xe671ed84d96579a7), U64(0xa4bb3417d66f3832), + U64(0x4572ab38d56d2de8), U64(0xb1b47761ea47215c), + U64(0xe81c09cf70aba15d), U64(0xffbdb872ce7f90ac), + U64(0xa8782297fd5dc857), U64(0x0d946f6b6a4ce4a4), + U64(0xe4df1f4f5b995138), U64(0x9ebc71edca8c5762), + U64(0x0a2c1dc0b02b88d9), U64(0x3b503c115d9d7b91), + U64(0xc64376a8111ec3a2), U64(0xcec199a323c963e4), + U64(0xdc76a87ec58616f7), U64(0x09d596e073a9b487), + U64(0x14583a9d7d560daf), U64(0xf4c6dc593f2a0cb4), + U64(0xdd21d19584f80236), U64(0x4a4836983ddde1d3), + U64(0xe58866a41ae745f9), U64(0xf591a5b27e541875), + U64(0x891dc05074586693), U64(0x5b068c651810a89e), + U64(0xa30346bc0c08544f), U64(0x3dbf3751c684032d), + U64(0x2a1e86ec785032dc), U64(0xf73f5779fca830ea), + U64(0xb60c05ca30204d21), U64(0x0cc316802b32f065), + U64(0x8770241bdd96be69), U64(0xb861e18199ee95db), + U64(0xf805cad91418fcd1), U64(0x29e70dccbbd20e82), + U64(0xc7140f435060d763), U64(0x0f3a9da0e8b0cc3b), + U64(0xa2543f574d76408e), U64(0xbd7761e1c175d139), + U64(0x4b1f4f737ca3f512), U64(0x6dc2df1f2fc137ab), + U64(0xf1d05c3967b14856), U64(0xa742bf3715ed046c), + U64(0x654030141d1697ed), U64(0x07b872abda676c7d), + U64(0x3ce84eba87fa17ec), U64(0xc1fb0403cb79afdf), + U64(0x3e46bc7105063f73), U64(0x278ae987121cd678), + U64(0xa1adb4778ef47cd0), U64(0x26dd906c5362c2b9), + U64(0x05168060589b44e2), U64(0xfbfc41f9d79ac08f), + U64(0x0e6de44ba9ced8fa), U64(0x9feb08068bf243a3), + U64(0x7b341749d06b129b), U64(0x229c69e74a87929a), + U64(0xe09ee6c4427c011b), U64(0x5692e30e725c4c3a), + U64(0xda99a33e5e9f6e4b), U64(0x353dd85af453a36b), + U64(0x25241b4c90e0fee7), U64(0x5de987258309d022), + U64(0xe230140fc0802984), U64(0x93281e86a0c0b3c6), + U64(0xf229d719a4337408), U64(0x6f6c2dd4ad3d1f34), + U64(0x8ea5b2fbae3f0aee), U64(0x8331dd90c473ee4a), + U64(0x346aa1b1b52db7aa), U64(0xdf8f235e06042aa9), + U64(0xcc6f6b68a1354b7b), U64(0x6c95a6f46ebf236a), + U64(0x52d31a856bb91c19), U64(0x1a35ded6d498d555), + U64(0xf37eaef2e54d60c9), U64(0x72e181a9a3c2a61c), + U64(0x98537aad51952fde), U64(0x16f6c856ffaa2530), + U64(0xd960281e9d1d5215), U64(0x3a0745fa1ce36f50), + U64(0x0b7b642bf1559c18), U64(0x59a87eae9aec8001), + U64(0x5e100c05408bec7c), U64(0x0441f98b19e55023), + U64(0xd70dcc5534d38aef), U64(0x927f676de1bea707), + U64(0x9769e70db925e3e5), U64(0x7a636ea29115065a), + U64(0x468b201816ef11b6), U64(0xab81a9b73edff409), + U64(0xc0ac7de88a07bb1e), U64(0x1f235eb68c0391b7), + U64(0x6056b074458dd30f), U64(0xbe8eeac102f7ed67), + U64(0xcd381283e04b5fba), U64(0x5cbefecec277c4e3), + U64(0xd21b4c356c48ce0d), U64(0x1019c31664b35d8c), + U64(0x247362a7d19eea26), U64(0xebe582efb3299d03), + U64(0x02aef2cb82fc289f), U64(0x86275df09ce8aaa8), + U64(0x28b07427faac1a43), U64(0x38a9b7319e1f47cf), + U64(0xc82e92e3b8d01b58), U64(0x06ef0b409b1978bc), + U64(0x62f842bfc771fb90), U64(0x9904034610eb3b1f), + U64(0xded85ab5477a3e68), U64(0x90d195a663428f98), + U64(0x5384636e2ac708d8), U64(0xcbd719c37b522706), + U64(0xae9729d76644b0eb), U64(0x7c8c65e20a0c7ee6), + U64(0x80c856b007f1d214), U64(0x8c0b40302cc32271), + U64(0xdbcedad51fe17a8a), U64(0x740e8ae938dbdea0), + U64(0xa615c6dc549310ad), U64(0x19cc55f6171ae90b), + U64(0x49b1bdb8fe5fdd8d), U64(0xed0a89af2830e5bf), + U64(0x6a7aadb4f5a65bd6), U64(0x7e22972988f05679), + U64(0xf952b3325566e810), U64(0x39fecedadf61530e), + U64(0x6101c99f04f3c7ce), U64(0x2e5f7f6761b562ff), + U64(0xf08725d226cf5c97), U64(0x63af3b54860fef51), + U64(0x8ff2cb10ef411e2f), U64(0x884ab9bb35267252), + U64(0x4df04433e7ba8dae), U64(0x9afd8866d3690741), + U64(0x66b9bb34de94abb3), U64(0x9baaf18d92171380), + U64(0x543c11c5f0a064a5), U64(0x17a1b1bdbed431f1), + U64(0xb5f58eeaf3a2717f), U64(0xc355f6c849858740), + U64(0xec5df044694ef17e), U64(0xd83751f5dc6346d4), + U64(0xfc4433520dfdacf2), U64(0x0000000000000000), + U64(0x5a51f58e596ebc5f), U64(0x3285aaf12e34cf16), + U64(0x8d5c39db6dbd36b0), U64(0x12b731dde64f7513), + U64(0x94906c2d7aa7dfbb), U64(0x302b583aacc8e789), + U64(0x9d45facd090e6b3c), U64(0x2165e2c78905aec4), + U64(0x68d45f7f775a7349), U64(0x189b2c1d5664fdca), + U64(0xe1c99f2f030215da), U64(0x6983269436246788), + U64(0x8489af3b1e148237), U64(0xe94b702431d5b59c), + U64(0x33d2d31a6f4adbd7), U64(0xbfd9932a4389f9a6), + U64(0xb0e30e8aab39359d), U64(0xd1e2c715afcaf253), + U64(0x150f43763c28196e), U64(0xc4ed846393e2eb3d), + U64(0x03f98b20c3823c5e), U64(0xfd134ab94c83b833), + U64(0x556b682eb1de7064), U64(0x36c4537a37d19f35), + U64(0x7559f30279a5ca61), U64(0x799ae58252973a04), + U64(0x9c12832648707ffd), U64(0x78cd9c6913e92ec5), + U64(0x1d8dac7d0effb928), U64(0x439da0784e745554), + U64(0x413352b3cc887dcb), U64(0xbacf134a1b12bd44), + U64(0x114ebafd25cd494d), U64(0x2f08068c20cb763e), + U64(0x76a07822ba27f63f), U64(0xeab2fb04f25789c2), + U64(0xe3676de481fe3d45), U64(0x1b62a73d95e6c194), + U64(0x641749ff5c68832c), U64(0xa5ec4dfc97112cf3), + U64(0xf6682e92bdd6242b), U64(0x3f11c59a44782bb2), + U64(0x317c21d1edb6f348), U64(0xd65ab5be75ad9e2e), + U64(0x6b2dd45fb4d84f17), U64(0xfaab381296e4d44e), + U64(0xd0b5befeeeb4e692), U64(0x0882ef0b32d7a046), + U64(0x512a91a5a83b2047), U64(0x963e9ee6f85bf724), + U64(0x4e09cf132438b1f0), U64(0x77f701c9fb59e2fe), + U64(0x7ddb1c094b726a27), U64(0x5f4775ee01f5f8bd), + U64(0x9186ec4d223c9b59), U64(0xfeeac1998f01846d), + U64(0xac39db1ce4b89874), U64(0xb75b7c21715e59e0), + U64(0xafc0503c273aa42a), U64(0x6e3b543fec430bf5), + U64(0x704f7362213e8e83), U64(0x58ff0745db9294c0), + U64(0x67eec2df9feabf72), U64(0xa0facd9ccf8a6811), + U64(0xb936986ad890811a), U64(0x95c715c63bd9cb7a), + U64(0xca8060283a2c33c7), U64(0x507de84ee9453486), + U64(0x85ded6d05f6a96f6), U64(0x1cdad5964f81ade9), + U64(0xd5a33e9eb62fa270), U64(0x40642b588df6690a), + U64(0x7f75eec2c98e42b8), U64(0x2cf18dace3494a60), + U64(0x23cb100c0bf9865b), U64(0xeef3028febb2d9e1), + U64(0x4425d2d394133929), U64(0xaad6d05c7fa1e0c8), + U64(0xad6ea2f7a5c68cb5), U64(0xc2028f2308fb9381), + U64(0x819f2f5b468fc6d5), U64(0xc5bafd88d29cfffc), + U64(0x47dc59f357910577), U64(0x2b49ff07392e261d), + U64(0x57c59ae5332258fb), U64(0x73b6f842e2bcb2dd), + U64(0xcf96e04862b77725), U64(0x4ca73dd8a6c4996f), + U64(0x015779eb417e14c1), U64(0x37932a9176af8bf4) + }, { /* 4 */ + U64(0x190a2c9b249df23e), U64(0x2f62f8b62263e1e9), + U64(0x7a7f754740993655), U64(0x330b7ba4d5564d9f), + U64(0x4c17a16a46672582), U64(0xb22f08eb7d05f5b8), + U64(0x535f47f40bc148cc), U64(0x3aec5d27d4883037), + U64(0x10ed0a1825438f96), U64(0x516101f72c233d17), + U64(0x13cc6f949fd04eae), U64(0x739853c441474bfd), + U64(0x653793d90d3f5b1b), U64(0x5240647b96b0fc2f), + U64(0x0c84890ad27623e0), U64(0xd7189b32703aaea3), + U64(0x2685de3523bd9c41), U64(0x99317c5b11bffefa), + U64(0x0d9baa854f079703), U64(0x70b93648fbd48ac5), + U64(0xa80441fce30bc6be), U64(0x7287704bdc36ff1e), + U64(0xb65384ed33dc1f13), U64(0xd36417343ee34408), + U64(0x39cd38ab6e1bf10f), U64(0x5ab861770a1f3564), + U64(0x0ebacf09f594563b), U64(0xd04572b884708530), + U64(0x3cae9722bdb3af47), U64(0x4a556b6f2f5cbaf2), + U64(0xe1704f1f76c4bd74), U64(0x5ec4ed7144c6dfcf), + U64(0x16afc01d4c7810e6), U64(0x283f113cd629ca7a), + U64(0xaf59a8761741ed2d), U64(0xeed5a3991e215fac), + U64(0x3bf37ea849f984d4), U64(0xe413e096a56ce33c), + U64(0x2c439d3a98f020d1), U64(0x637559dc6404c46b), + U64(0x9e6c95d1e5f5d569), U64(0x24bb9836045fe99a), + U64(0x44efa466dac8ecc9), U64(0xc6eab2a5c80895d6), + U64(0x803b50c035220cc4), U64(0x0321658cba93c138), + U64(0x8f9ebc465dc7ee1c), U64(0xd15a5137190131d3), + U64(0x0fa5ec8668e5e2d8), U64(0x91c979578d1037b1), + U64(0x0642ca05693b9f70), U64(0xefca80168350eb4f), + U64(0x38d21b24f36a45ec), U64(0xbeab81e1af73d658), + U64(0x8cbfd9cae7542f24), U64(0xfd19cc0d81f11102), + U64(0x0ac6430fbb4dbc90), U64(0x1d76a09d6a441895), + U64(0x2a01573ff1cbbfa1), U64(0xb572e161894fde2b), + U64(0x8124734fa853b827), U64(0x614b1fdf43e6b1b0), + U64(0x68ac395c4238cc18), U64(0x21d837bfd7f7b7d2), + U64(0x20c714304a860331), U64(0x5cfaab726324aa14), + U64(0x74c5ba4eb50d606e), U64(0xf3a3030474654739), + U64(0x23e671bcf015c209), U64(0x45f087e947b9582a), + U64(0xd8bd77b418df4c7b), U64(0xe06f6c90ebb50997), + U64(0x0bd96080263c0873), U64(0x7e03f9410e40dcfe), + U64(0xb8e94be4c6484928), U64(0xfb5b0608e8ca8e72), + U64(0x1a2b49179e0e3306), U64(0x4e29e76961855059), + U64(0x4f36c4e6fcf4e4ba), U64(0x49740ee395cf7bca), + U64(0xc2963ea386d17f7d), U64(0x90d65ad810618352), + U64(0x12d34c1b02a1fa4d), U64(0xfa44258775bb3a91), + U64(0x18150f14b9ec46dd), U64(0x1491861e6b9a653d), + U64(0x9a1019d7ab2c3fc2), U64(0x3668d42d06fe13d7), + U64(0xdcc1fbb25606a6d0), U64(0x969490dd795a1c22), + U64(0x3549b1a1bc6dd2ef), U64(0xc94f5e23a0ed770e), + U64(0xb9f6686b5b39fdcb), U64(0xc4d4f4a6efeae00d), + U64(0xe732851a1fff2204), U64(0x94aad6de5eb869f9), + U64(0x3f8ff2ae07206e7f), U64(0xfe38a9813b62d03a), + U64(0xa7a1ad7a8bee2466), U64(0x7b6056c8dde882b6), + U64(0x302a1e286fc58ca7), U64(0x8da0fa457a259bc7), + U64(0xb3302b64e074415b), U64(0x5402ae7eff8b635f), + U64(0x08f8050c9cafc94b), U64(0xae468bf98a3059ce), + U64(0x88c355cca98dc58f), U64(0xb10e6d67c7963480), + U64(0xbad70de7e1aa3cf3), U64(0xbfb4a26e320262bb), + U64(0xcb711820870f02d5), U64(0xce12b7a954a75c9d), + U64(0x563ce87dd8691684), U64(0x9f73b65e7884618a), + U64(0x2b1e74b06cba0b42), U64(0x47cec1ea605b2df1), + U64(0x1c698312f735ac76), U64(0x5fdbcefed9b76b2c), + U64(0x831a354c8fb1cdfc), U64(0x820516c312c0791f), + U64(0xb74ca762aeadabf0), U64(0xfc06ef821c80a5e1), + U64(0x5723cbf24518a267), U64(0x9d4df05d5f661451), + U64(0x588627742dfd40bf), U64(0xda8331b73f3d39a0), + U64(0x17b0e392d109a405), U64(0xf965400bcf28fba9), + U64(0x7c3dbf4229a2a925), U64(0x023e460327e275db), + U64(0x6cd0b55a0ce126b3), U64(0xe62da695828e96e7), + U64(0x42ad6e63b3f373b9), U64(0xe50cc319381d57df), + U64(0xc5cbd729729b54ee), U64(0x46d1e265fd2a9912), + U64(0x6428b056904eeff8), U64(0x8be23040131e04b7), + U64(0x6709d5da2add2ec0), U64(0x075de98af44a2b93), + U64(0x8447dcc67bfbe66f), U64(0x6616f655b7ac9a23), + U64(0xd607b8bded4b1a40), U64(0x0563af89d3a85e48), + U64(0x3db1b4ad20c21ba4), U64(0x11f22997b8323b75), + U64(0x292032b34b587e99), U64(0x7f1cdace9331681d), + U64(0x8e819fc9c0b65aff), U64(0xa1e3677fe2d5bb16), + U64(0xcd33d225ee349da5), U64(0xd9a2543b85aef898), + U64(0x795e10cbfa0af76d), U64(0x25a4bbb9992e5d79), + U64(0x78413344677b438e), U64(0xf0826688cef68601), + U64(0xd27b34bba392f0eb), U64(0x551d8df162fad7bc), + U64(0x1e57c511d0d7d9ad), U64(0xdeffbdb171e4d30b), + U64(0xf4feea8e802f6caa), U64(0xa480c8f6317de55e), + U64(0xa0fc44f07fa40ff5), U64(0x95b5f551c3c9dd1a), + U64(0x22f952336d6476ea), U64(0x0000000000000000), + U64(0xa6be8ef5169f9085), U64(0xcc2cf1aa73452946), + U64(0x2e7ddb39bf12550a), U64(0xd526dd3157d8db78), + U64(0x486b2d6c08becf29), U64(0x9b0f3a58365d8b21), + U64(0xac78cdfaadd22c15), U64(0xbc95c7e28891a383), + U64(0x6a927f5f65dab9c3), U64(0xc3891d2c1ba0cb9e), + U64(0xeaa92f9f50f8b507), U64(0xcf0d9426c9d6e87e), + U64(0xca6e3baf1a7eb636), U64(0xab25247059980786), + U64(0x69b31ad3df4978fb), U64(0xe2512a93cc577c4c), + U64(0xff278a0ea61364d9), U64(0x71a615c766a53e26), + U64(0x89dc764334fc716c), U64(0xf87a638452594f4a), + U64(0xf2bc208be914f3da), U64(0x8766b94ac1682757), + U64(0xbbc82e687cdb8810), U64(0x626a7a53f9757088), + U64(0xa2c202f358467a2e), U64(0x4d0882e5db169161), + U64(0x09e7268301de7da8), U64(0xe897699c771ac0dc), + U64(0xc8507dac3d9cc3ed), U64(0xc0a878a0a1330aa6), + U64(0x978bb352e42ba8c1), U64(0xe9884a13ea6b743f), + U64(0x279afdbabecc28a2), U64(0x047c8c064ed9eaab), + U64(0x507e2278b15289f4), U64(0x599904fbb08cf45c), + U64(0xbd8ae46d15e01760), U64(0x31353da7f2b43844), + U64(0x8558ff49e68a528c), U64(0x76fbfc4d92ef15b5), + U64(0x3456922e211c660c), U64(0x86799ac55c1993b4), + U64(0x3e90d1219a51da9c), U64(0x2d5cbeb505819432), + U64(0x982e5fd48cce4a19), U64(0xdb9c1238a24c8d43), + U64(0xd439febecaa96f9b), U64(0x418c0bef0960b281), + U64(0x158ea591f6ebd1de), U64(0x1f48e69e4da66d4e), + U64(0x8afd13cf8e6fb054), U64(0xf5e1c9011d5ed849), + U64(0xe34e091c5126c8af), U64(0xad67ee7530a398f6), + U64(0x43b24dec2e82c75a), U64(0x75da99c1287cd48d), + U64(0x92e81cdb3783f689), U64(0xa3dd217cc537cecd), + U64(0x60543c50de970553), U64(0x93f73f54aaf2426a), + U64(0xa91b62737e7a725d), U64(0xf19d4507538732e2), + U64(0x77e4dfc20f9ea156), U64(0x7d229ccdb4d31dc6), + U64(0x1b346a98037f87e5), U64(0xedf4c615a4b29e94), + U64(0x4093286094110662), U64(0xb0114ee85ae78063), + U64(0x6ff1d0d6b672e78b), U64(0x6dcf96d591909250), + U64(0xdfe09e3eec9567e8), U64(0x3214582b4827f97c), + U64(0xb46dc2ee143e6ac8), U64(0xf6c0ac8da7cd1971), + U64(0xebb60c10cd8901e4), U64(0xf7df8f023abcad92), + U64(0x9c52d3d2c217a0b2), U64(0x6b8d5cd0f8ab0d20), + U64(0x3777f7a29b8fa734), U64(0x011f238f9d71b4e3), + U64(0xc1b75b2f3c42be45), U64(0x5de588fdfe551ef7), + U64(0x6eeef3592b035368), U64(0xaa3a07ffc4e9b365), + U64(0xecebe59a39c32a77), U64(0x5ba742f8976e8187), + U64(0x4b4a48e0b22d0e11), U64(0xddded83dcb771233), + U64(0xa59feb79ac0c51bd), U64(0xc7f5912a55792135) + }, { /* 5 */ + U64(0x6d6ae04668a9b08a), U64(0x3ab3f04b0be8c743), + U64(0xe51e166b54b3c908), U64(0xbe90a9eb35c2f139), + U64(0xb2c7066637f2bec1), U64(0xaa6945613392202c), + U64(0x9a28c36f3b5201eb), U64(0xddce5a93ab536994), + U64(0x0e34133ef6382827), U64(0x52a02ba1ec55048b), + U64(0xa2f88f97c4b2a177), U64(0x8640e513ca2251a5), + U64(0xcdf1d36258137622), U64(0xfe6cb708dedf8ddb), + U64(0x8a174a9ec8121e5d), U64(0x679896036b81560e), + U64(0x59ed033395795fee), U64(0x1dd778ab8b74edaf), + U64(0xee533ef92d9f926d), U64(0x2a8c79baf8a8d8f5), + U64(0x6bcf398e69b119f6), U64(0xe20491742fafdd95), + U64(0x276488e0809c2aec), U64(0xea955b82d88f5cce), + U64(0x7102c63a99d9e0c4), U64(0xf9763017a5c39946), + U64(0x429fa2501f151b3d), U64(0x4659c72bea05d59e), + U64(0x984b7fdccf5a6634), U64(0xf742232953fbb161), + U64(0x3041860e08c021c7), U64(0x747bfd9616cd9386), + U64(0x4bb1367192312787), U64(0x1b72a1638a6c44d3), + U64(0x4a0e68a6e8359a66), U64(0x169a5039f258b6ca), + U64(0xb98a2ef44edee5a4), U64(0xd9083fe85e43a737), + U64(0x967f6ce239624e13), U64(0x8874f62d3c1a7982), + U64(0x3c1629830af06e3f), U64(0x9165ebfd427e5a8e), + U64(0xb5dd81794ceeaa5c), U64(0x0de8f15a7834f219), + U64(0x70bd98ede3dd5d25), U64(0xaccc9ca9328a8950), + U64(0x56664eda1945ca28), U64(0x221db34c0f8859ae), + U64(0x26dbd637fa98970d), U64(0x1acdffb4f068f932), + U64(0x4585254f64090fa0), U64(0x72de245e17d53afa), + U64(0x1546b25d7c546cf4), U64(0x207e0ffffb803e71), + U64(0xfaaad2732bcf4378), U64(0xb462dfae36ea17bd), + U64(0xcf926fd1ac1b11fd), U64(0xe0672dc7dba7ba4a), + U64(0xd3fa49ad5d6b41b3), U64(0x8ba81449b216a3bc), + U64(0x14f9ec8a0650d115), U64(0x40fc1ee3eb1d7ce2), + U64(0x23a2ed9b758ce44f), U64(0x782c521b14fddc7e), + U64(0x1c68267cf170504e), U64(0xbcf31558c1ca96e6), + U64(0xa781b43b4ba6d235), U64(0xf6fd7dfe29ff0c80), + U64(0xb0a4bad5c3fad91e), U64(0xd199f51ea963266c), + U64(0x414340349119c103), U64(0x5405f269ed4dadf7), + U64(0xabd61bb649969dcd), U64(0x6813dbeae7bdc3c8), + U64(0x65fb2ab09f8931d1), U64(0xf1e7fae152e3181d), + U64(0xc1a67cef5a2339da), U64(0x7a4feea8e0f5bba1), + U64(0x1e0b9acf05783791), U64(0x5b8ebf8061713831), + U64(0x80e53cdbcb3af8d9), U64(0x7e898bd315e57502), + U64(0xc6bcfbf0213f2d47), U64(0x95a38e86b76e942d), + U64(0x092e94218d243cba), U64(0x8339debf453622e7), + U64(0xb11be402b9fe64ff), U64(0x57d9100d634177c9), + U64(0xcc4e8db52217cbc3), U64(0x3b0cae9c71ec7aa2), + U64(0xfb158ca451cbfe99), U64(0x2b33276d82ac6514), + U64(0x01bf5ed77a04bde1), U64(0xc5601994af33f779), + U64(0x75c4a3416cc92e67), U64(0xf3844652a6eb7fc2), + U64(0x3487e375fdd0ef64), U64(0x18ae430704609eed), + U64(0x4d14efb993298efb), U64(0x815a620cb13e4538), + U64(0x125c354207487869), U64(0x9eeea614ce42cf48), + U64(0xce2d3106d61fac1c), U64(0xbbe99247bad6827b), + U64(0x071a871f7b1c149d), U64(0x2e4a1cc10db81656), + U64(0x77a71ff298c149b8), U64(0x06a5d9c80118a97c), + U64(0xad73c27e488e34b1), U64(0x443a7b981e0db241), + U64(0xe3bbcfa355ab6074), U64(0x0af276450328e684), + U64(0x73617a896dd1871b), U64(0x58525de4ef7de20f), + U64(0xb7be3dcab8e6cd83), U64(0x19111dd07e64230c), + U64(0x842359a03e2a367a), U64(0x103f89f1f3401fb6), + U64(0xdc710444d157d475), U64(0xb835702334da5845), + U64(0x4320fc876511a6dc), U64(0xd026abc9d3679b8d), + U64(0x17250eee885c0b2b), U64(0x90dab52a387ae76f), + U64(0x31fed8d972c49c26), U64(0x89cba8fa461ec463), + U64(0x2ff5421677bcabb7), U64(0x396f122f85e41d7d), + U64(0xa09b332430bac6a8), U64(0xc888e8ced7070560), + U64(0xaeaf201ac682ee8f), U64(0x1180d7268944a257), + U64(0xf058a43628e7a5fc), U64(0xbd4c4b8fbbce2b07), + U64(0xa1246df34abe7b49), U64(0x7d5569b79be9af3c), + U64(0xa9b5a705bd9efa12), U64(0xdb6b835baa4bc0e8), + U64(0x05793bac8f147342), U64(0x21c1512881848390), + U64(0xfdb0556c50d357e5), U64(0x613d4fcb6a99ff72), + U64(0x03dce2648e0cda3e), U64(0xe949b9e6568386f0), + U64(0xfc0f0bbb2ad7ea04), U64(0x6a70675913b5a417), + U64(0x7f36d5046fe1c8e3), U64(0x0c57af8d02304ff8), + U64(0x32223abdfcc84618), U64(0x0891caf6f720815b), + U64(0xa63eeaec31a26fd4), U64(0x2507345374944d33), + U64(0x49d28ac266394058), U64(0xf5219f9aa7f3d6be), + U64(0x2d96fea583b4cc68), U64(0x5a31e1571b7585d0), + U64(0x8ed12fe53d02d0fe), U64(0xdfade6205f5b0e4b), + U64(0x4cabb16ee92d331a), U64(0x04c6657bf510cea3), + U64(0xd73c2cd6a87b8f10), U64(0xe1d87310a1a307ab), + U64(0x6cd5be9112ad0d6b), U64(0x97c032354366f3f2), + U64(0xd4e0ceb22677552e), U64(0x0000000000000000), + U64(0x29509bde76a402cb), U64(0xc27a9e8bd42fe3e4), + U64(0x5ef7842cee654b73), U64(0xaf107ecdbc86536e), + U64(0x3fcacbe784fcb401), U64(0xd55f90655c73e8cf), + U64(0xe6c2f40fdabf1336), U64(0xe8f6e7312c873b11), + U64(0xeb2a0555a28be12f), U64(0xe4a148bc2eb774e9), + U64(0x9b979db84156bc0a), U64(0x6eb60222e6a56ab4), + U64(0x87ffbbc4b026ec44), U64(0xc703a5275b3b90a6), + U64(0x47e699fc9001687f), U64(0x9c8d1aa73a4aa897), + U64(0x7cea3760e1ed12dd), U64(0x4ec80ddd1d2554c5), + U64(0x13e36b957d4cc588), U64(0x5d2b66486069914d), + U64(0x92b90999cc7280b0), U64(0x517cc9c56259deb5), + U64(0xc937b619ad03b881), U64(0xec30824ad997f5b2), + U64(0xa45d565fc5aa080b), U64(0xd6837201d27f32f1), + U64(0x635ef3789e9198ad), U64(0x531f75769651b96a), + U64(0x4f77530a6721e924), U64(0x486dd4151c3dfdb9), + U64(0x5f48dafb9461f692), U64(0x375b011173dc355a), + U64(0x3da9775470f4d3de), U64(0x8d0dcd81b30e0ac0), + U64(0x36e45fc609d888bb), U64(0x55baacbe97491016), + U64(0x8cb29356c90ab721), U64(0x76184125e2c5f459), + U64(0x99f4210bb55edbd5), U64(0x6f095cf59ca1d755), + U64(0x9f51f8c3b44672a9), U64(0x3538bda287d45285), + U64(0x50c39712185d6354), U64(0xf23b1885dcefc223), + U64(0x79930ccc6ef9619f), U64(0xed8fdc9da3934853), + U64(0xcb540aaa590bdf5e), U64(0x5c94389f1a6d2cac), + U64(0xe77daad8a0bbaed7), U64(0x28efc5090ca0bf2a), + U64(0xbf2ff73c4fc64cd8), U64(0xb37858b14df60320), + U64(0xf8c96ec0dfc724a7), U64(0x828680683f329f06), + U64(0x941cd051cd6a29cc), U64(0xc3c5c05cae2b5e05), + U64(0xb601631dc2e27062), U64(0xc01922382027843b), + U64(0x24b86a840e90f0d2), U64(0xd245177a276ffc52), + U64(0x0f8b4de98c3c95c6), U64(0x3e759530fef809e0), + U64(0x0b4d2892792c5b65), U64(0xc4df4743d5374a98), + U64(0xa5e20888bfaeb5ea), U64(0xba56cc90c0d23f9a), + U64(0x38d04cf8ffe0a09c), U64(0x62e1adafe495254c), + U64(0x0263bcb3f40867df), U64(0xcaeb547d230f62bf), + U64(0x6082111c109d4293), U64(0xdad4dd8cd04f7d09), + U64(0xefec602e579b2f8c), U64(0x1fb4c4187f7c8a70), + U64(0xffd3e9dfa4db303a), U64(0x7bf0b07f9af10640), + U64(0xf49ec14dddf76b5f), U64(0x8f6e713247066d1f), + U64(0x339d646a86ccfbf9), U64(0x64447467e58d8c30), + U64(0x2c29a072f9b07189), U64(0xd8b7613f24471ad6), + U64(0x6627c8d41185ebef), U64(0xa347d140beb61c96), + U64(0xde12b8f7255fb3aa), U64(0x9d324470404e1576), + U64(0x9306574eb6763d51), U64(0xa80af9d2c79a47f3), + U64(0x859c0777442e8b9b), U64(0x69ac853d9db97e29) + }, { /* 6 */ + U64(0xc3407dfc2de6377e), U64(0x5b9e93eea4256f77), + U64(0xadb58fdd50c845e0), U64(0x5219ff11a75bed86), + U64(0x356b61cfd90b1de9), U64(0xfb8f406e25abe037), + U64(0x7a5a0231c0f60796), U64(0x9d3cd216e1f5020b), + U64(0x0c6550fb6b48d8f3), U64(0xf57508c427ff1c62), + U64(0x4ad35ffa71cb407d), U64(0x6290a2da1666aa6d), + U64(0xe284ec2349355f9f), U64(0xb3c307c53d7c84ec), + U64(0x05e23c0468365a02), U64(0x190bac4d6c9ebfa8), + U64(0x94bbbee9e28b80fa), U64(0xa34fc777529cb9b5), + U64(0xcc7b39f095bcd978), U64(0x2426addb0ce532e3), + U64(0x7e79329312ce4fc7), U64(0xab09a72eebec2917), + U64(0xf8d15499f6b9d6c2), U64(0x1a55b8babf8c895d), + U64(0xdb8add17fb769a85), U64(0xb57f2f368658e81b), + U64(0x8acd36f18f3f41f6), U64(0x5ce3b7bba50f11d3), + U64(0x114dcc14d5ee2f0a), U64(0xb91a7fcded1030e8), + U64(0x81d5425fe55de7a1), U64(0xb6213bc1554adeee), + U64(0x80144ef95f53f5f2), U64(0x1e7688186db4c10c), + U64(0x3b912965db5fe1bc), U64(0xc281715a97e8252d), + U64(0x54a5d7e21c7f8171), U64(0x4b12535ccbc5522e), + U64(0x1d289cefbea6f7f9), U64(0x6ef5f2217d2e729e), + U64(0xe6a7dc819b0d17ce), U64(0x1b94b41c05829b0e), + U64(0x33d7493c622f711e), U64(0xdcf7f942fa5ce421), + U64(0x600fba8b7f7a8ecb), U64(0x46b60f011a83988e), + U64(0x235b898e0dcf4c47), U64(0x957ab24f588592a9), + U64(0x4354330572b5c28c), U64(0xa5f3ef84e9b8d542), + U64(0x8c711e02341b2d01), U64(0x0b1874ae6a62a657), + U64(0x1213d8e306fc19ff), U64(0xfe6d7c6a4d9dba35), + U64(0x65ed868f174cd4c9), U64(0x88522ea0e6236550), + U64(0x899322065c2d7703), U64(0xc01e690bfef4018b), + U64(0x915982ed8abddaf8), U64(0xbe675b98ec3a4e4c), + U64(0xa996bf7f82f00db1), U64(0xe1daf8d49a27696a), + U64(0x2effd5d3dc8986e7), U64(0xd153a51f2b1a2e81), + U64(0x18caa0ebd690adfb), U64(0x390e3134b243c51a), + U64(0x2778b92cdff70416), U64(0x029f1851691c24a6), + U64(0x5e7cafeacc133575), U64(0xfa4e4cc89fa5f264), + U64(0x5a5f9f481e2b7d24), U64(0x484c47ab18d764db), + U64(0x400a27f2a1a7f479), U64(0xaeeb9b2a83da7315), + U64(0x721c626879869734), U64(0x042330a2d2384851), + U64(0x85f672fd3765aff0), U64(0xba446b3a3e02061d), + U64(0x73dd6ecec3888567), U64(0xffac70ccf793a866), + U64(0xdfa9edb5294ed2d4), U64(0x6c6aea7014325638), + U64(0x834a5a0e8c41c307), U64(0xcdba35562fb2cb2b), + U64(0x0ad97808d06cb404), U64(0x0f3b440cb85aee06), + U64(0xe5f9c876481f213b), U64(0x98deee1289c35809), + U64(0x59018bbfcd394bd1), U64(0xe01bf47220297b39), + U64(0xde68e1139340c087), U64(0x9fa3ca4788e926ad), + U64(0xbb85679c840c144e), U64(0x53d8f3b71d55ffd5), + U64(0x0da45c5dd146caa0), U64(0x6f34fe87c72060cd), + U64(0x57fbc315cf6db784), U64(0xcee421a1fca0fdde), + U64(0x3d2d0196607b8d4b), U64(0x642c8a29ad42c69a), + U64(0x14aff010bdd87508), U64(0xac74837beac657b3), + U64(0x3216459ad821634d), U64(0x3fb219c70967a9ed), + U64(0x06bc28f3bb246cf7), U64(0xf2082c9126d562c6), + U64(0x66b39278c45ee23c), U64(0xbd394f6f3f2878b9), + U64(0xfd33689d9e8f8cc0), U64(0x37f4799eb017394f), + U64(0x108cc0b26fe03d59), U64(0xda4bd1b1417888d6), + U64(0xb09d1332ee6eb219), U64(0x2f3ed975668794b4), + U64(0x58c0871977375982), U64(0x7561463d78ace990), + U64(0x09876cff037e82f1), U64(0x7fb83e35a8c05d94), + U64(0x26b9b58a65f91645), U64(0xef20b07e9873953f), + U64(0x3148516d0b3355b8), U64(0x41cb2b541ba9e62a), + U64(0x790416c613e43163), U64(0xa011d380818e8f40), + U64(0x3a5025c36151f3ef), U64(0xd57095bdf92266d0), + U64(0x498d4b0da2d97688), U64(0x8b0c3a57353153a5), + U64(0x21c491df64d368e1), U64(0x8f2f0af5e7091bf4), + U64(0x2da1c1240f9bb012), U64(0xc43d59a92ccc49da), + U64(0xbfa6573e56345c1f), U64(0x828b56a8364fd154), + U64(0x9a41f643e0df7caf), U64(0xbcf843c985266aea), + U64(0x2b1de9d7b4bfdce5), U64(0x20059d79dedd7ab2), + U64(0x6dabe6d6ae3c446b), U64(0x45e81bf6c991ae7b), + U64(0x6351ae7cac68b83e), U64(0xa432e32253b6c711), + U64(0xd092a9b991143cd2), U64(0xcac711032e98b58f), + U64(0xd8d4c9e02864ac70), U64(0xc5fc550f96c25b89), + U64(0xd7ef8dec903e4276), U64(0x67729ede7e50f06f), + U64(0xeac28c7af045cf3d), U64(0xb15c1f945460a04a), + U64(0x9cfddeb05bfb1058), U64(0x93c69abce3a1fe5e), + U64(0xeb0380dc4a4bdd6e), U64(0xd20db1e8f8081874), + U64(0x229a8528b7c15e14), U64(0x44291750739fbc28), + U64(0xd3ccbd4e42060a27), U64(0xf62b1c33f4ed2a97), + U64(0x86a8660ae4779905), U64(0xd62e814a2a305025), + U64(0x477703a7a08d8add), U64(0x7b9b0e977af815c5), + U64(0x78c51a60a9ea2330), U64(0xa6adfb733aaae3b7), + U64(0x97e5aa1e3199b60f), U64(0x0000000000000000), + U64(0xf4b404629df10e31), U64(0x5564db44a6719322), + U64(0x9207961a59afec0d), U64(0x9624a6b88b97a45c), + U64(0x363575380a192b1c), U64(0x2c60cd82b595a241), + U64(0x7d272664c1dc7932), U64(0x7142769faa94a1c1), + U64(0xa1d0df263b809d13), U64(0x1630e841d4c451ae), + U64(0xc1df65ad44fa13d8), U64(0x13d2d445bcf20bac), + U64(0xd915c546926abe23), U64(0x38cf3d92084dd749), + U64(0xe766d0272103059d), U64(0xc7634d5effde7f2f), + U64(0x077d2455012a7ea4), U64(0xedbfa82ff16fb199), + U64(0xaf2a978c39d46146), U64(0x42953fa3c8bbd0df), + U64(0xcb061da59496a7dc), U64(0x25e7a17db6eb20b0), + U64(0x34aa6d6963050fba), U64(0xa76cf7d580a4f1e4), + U64(0xf7ea10954ee338c4), U64(0xfcf2643b24819e93), + U64(0xcf252d0746aeef8d), U64(0x4ef06f58a3f3082c), + U64(0x563acfb37563a5d7), U64(0x5086e740ce47c920), + U64(0x2982f186dda3f843), U64(0x87696aac5e798b56), + U64(0x5d22bb1d1f010380), U64(0x035e14f7d31236f5), + U64(0x3cec0d30da759f18), U64(0xf3c920379cdb7095), + U64(0xb8db736b571e22bb), U64(0xdd36f5e44052f672), + U64(0xaac8ab8851e23b44), U64(0xa857b3d938fe1fe2), + U64(0x17f1e4e76eca43fd), U64(0xec7ea4894b61a3ca), + U64(0x9e62c6e132e734fe), U64(0xd4b1991b432c7483), + U64(0x6ad6c283af163acf), U64(0x1ce9904904a8e5aa), + U64(0x5fbda34c761d2726), U64(0xf910583f4cb7c491), + U64(0xc6a241f845d06d7c), U64(0x4f3163fe19fd1a7f), + U64(0xe99c988d2357f9c8), U64(0x8eee06535d0709a7), + U64(0x0efa48aa0254fc55), U64(0xb4be23903c56fa48), + U64(0x763f52caabbedf65), U64(0xeee1bcd8227d876c), + U64(0xe345e085f33b4dcc), U64(0x3e731561b369bbbe), + U64(0x2843fd2067adea10), U64(0x2adce5710eb1ceb6), + U64(0xb7e03767ef44ccbd), U64(0x8db012a48e153f52), + U64(0x61ceb62dc5749c98), U64(0xe85d942b9959eb9b), + U64(0x4c6f7709caef2c8a), U64(0x84377e5b8d6bbda3), + U64(0x30895dcbb13d47eb), U64(0x74a04a9bc2a2fbc3), + U64(0x6b17ce251518289c), U64(0xe438c4d0f2113368), + U64(0x1fb784bed7bad35f), U64(0x9b80fae55ad16efc), + U64(0x77fe5e6c11b0cd36), U64(0xc858095247849129), + U64(0x08466059b97090a2), U64(0x01c10ca6ba0e1253), + U64(0x6988d6747c040c3a), U64(0x6849dad2c60a1e69), + U64(0x5147ebe67449db73), U64(0xc99905f4fd8a837a), + U64(0x991fe2b433cd4a5a), U64(0xf09734c04fc94660), + U64(0xa28ecbd1e892abe6), U64(0xf1563866f5c75433), + U64(0x4dae7baf70e13ed9), U64(0x7ce62ac27bd26b61), + U64(0x70837a39109ab392), U64(0x90988e4b30b3c8ab), + U64(0xb2020b63877296bf), U64(0x156efcb607d6675b) + }, { /* 7 */ + U64(0xe63f55ce97c331d0), U64(0x25b506b0015bba16), + U64(0xc8706e29e6ad9ba8), U64(0x5b43d3775d521f6a), + U64(0x0bfa3d577035106e), U64(0xab95fc172afb0e66), + U64(0xf64b63979e7a3276), U64(0xf58b4562649dad4b), + U64(0x48f7c3dbae0c83f1), U64(0xff31916642f5c8c5), + U64(0xcbb048dc1c4a0495), U64(0x66b8f83cdf622989), + U64(0x35c130e908e2b9b0), U64(0x7c761a61f0b34fa1), + U64(0x3601161cf205268d), U64(0x9e54ccfe2219b7d6), + U64(0x8b7d90a538940837), U64(0x9cd403588ea35d0b), + U64(0xbc3c6fea9ccc5b5a), U64(0xe5ff733b6d24aeed), + U64(0xceed22de0f7eb8d2), U64(0xec8581cab1ab545e), + U64(0xb96105e88ff8e71d), U64(0x8ca03501871a5ead), + U64(0x76ccce65d6db2a2f), U64(0x5883f582a7b58057), + U64(0x3f7be4ed2e8adc3e), U64(0x0fe7be06355cd9c9), + U64(0xee054e6c1d11be83), U64(0x1074365909b903a6), + U64(0x5dde9f80b4813c10), U64(0x4a770c7d02b6692c), + U64(0x5379c8d5d7809039), U64(0xb4067448161ed409), + U64(0x5f5e5026183bd6cd), U64(0xe898029bf4c29df9), + U64(0x7fb63c940a54d09c), U64(0xc5171f897f4ba8bc), + U64(0xa6f28db7b31d3d72), U64(0x2e4f3be7716eaa78), + U64(0x0d6771a099e63314), U64(0x82076254e41bf284), + U64(0x2f0fd2b42733df98), U64(0x5c9e76d3e2dc49f0), + U64(0x7aeb569619606cdb), U64(0x83478b07b2468764), + U64(0xcfadcb8d5923cd32), U64(0x85dac7f05b95a41e), + U64(0xb5469d1b4043a1e9), U64(0xb821ecbbd9a592fd), + U64(0x1b8e0b0e798c13c8), U64(0x62a57b6d9a0be02e), + U64(0xfcf1b793b81257f8), U64(0x9d94ea0bd8fe28eb), + U64(0x4cea408aeb654a56), U64(0x23284a47e888996c), + U64(0x2d8f1d128b893545), U64(0xf4cbac3132c0d8ab), + U64(0xbd7c86b9ca912eba), U64(0x3a268eef3dbe6079), + U64(0xf0d62f6077a9110c), U64(0x2735c916ade150cb), + U64(0x89fd5f03942ee2ea), U64(0x1acee25d2fd16628), + U64(0x90f39bab41181bff), U64(0x430dfe8cde39939f), + U64(0xf70b8ac4c8274796), U64(0x1c53aeaac6024552), + U64(0x13b410acf35e9c9b), U64(0xa532ab4249faa24f), + U64(0x2b1251e5625a163f), U64(0xd7e3e676da4841c7), + U64(0xa7b264e4e5404892), U64(0xda8497d643ae72d3), + U64(0x861ae105a1723b23), U64(0x38a6414991048aa4), + U64(0x6578dec92585b6b4), U64(0x0280cfa6acbaeadd), + U64(0x88bdb650c273970a), U64(0x9333bd5ebbff84c2), + U64(0x4e6a8f2c47dfa08b), U64(0x321c954db76cef2a), + U64(0x418d312a72837942), U64(0xb29b38bfffcdf773), + U64(0x6c022c38f90a4c07), U64(0x5a033a240b0f6a8a), + U64(0x1f93885f3ce5da6f), U64(0xc38a537e96988bc6), + U64(0x39e6a81ac759ff44), U64(0x29929e43cee0fce2), + U64(0x40cdd87924de0ca2), U64(0xe9d8ebc8a29fe819), + U64(0x0c2798f3cfbb46f4), U64(0x55e484223e53b343), + U64(0x4650948ecd0d2fd8), U64(0x20e86cb2126f0651), + U64(0x6d42c56baf5739e7), U64(0xa06fc1405ace1e08), + U64(0x7babbfc54f3d193b), U64(0x424d17df8864e67f), + U64(0xd8045870ef14980e), U64(0xc6d7397c85ac3781), + U64(0x21a885e1443273b1), U64(0x67f8116f893f5c69), + U64(0x24f5efe35706cff6), U64(0xd56329d076f2ab1a), + U64(0x5e1eb9754e66a32d), U64(0x28d2771098bd8902), + U64(0x8f6013f47dfdc190), U64(0x17a993fdb637553c), + U64(0xe0a219397e1012aa), U64(0x786b9930b5da8606), + U64(0x6e82e39e55b0a6da), U64(0x875a0856f72f4ec3), + U64(0x3741ff4fa458536d), U64(0xac4859b3957558fc), + U64(0x7ef6d5c75c09a57c), U64(0xc04a758b6c7f14fb), + U64(0xf9acdd91ab26ebbf), U64(0x7391a467c5ef9668), + U64(0x335c7c1ee1319aca), U64(0xa91533b18641e4bb), + U64(0xe4bf9a683b79db0d), U64(0x8e20faa72ba0b470), + U64(0x51f907737b3a7ae4), U64(0x2268a314bed5ec8c), + U64(0xd944b123b949edee), U64(0x31dcb3b84d8b7017), + U64(0xd3fe65279f218860), U64(0x097af2f1dc8ffab3), + U64(0x9b09a6fc312d0b91), U64(0xcc6ded78a3c4520f), + U64(0x3481d9ba5ebfcc50), U64(0x4f2a667f1182d56b), + U64(0xdfd9fdd4509ace94), U64(0x26752045fbbc252b), + U64(0xbffc491f662bc467), U64(0xdd593272fc202449), + U64(0x3cbbc218d46d4303), U64(0x91b372f817456e1f), + U64(0x681faf69bc6385a0), U64(0xb686bbeebaa43ed4), + U64(0x1469b5084cd0ca01), U64(0x98c98009cbca94ac), + U64(0x6438379a73d8c354), U64(0xc2caba2dc0c5fe26), + U64(0x3e3b0dbe78d7a9de), U64(0x50b9ee202d670f04), + U64(0x4590b27b37eab0e5), U64(0x6025b4cb36b10af3), + U64(0xfb2c1237079c0162), U64(0xa12f28130c936be8), + U64(0x4b37e52e54eb1ccc), U64(0x083a1ba28ad28f53), + U64(0xc10a9cd83a22611b), U64(0x9f1425ad7444c236), + U64(0x069d4cf7e9d3237a), U64(0xedc56899e7f621be), + U64(0x778c273680865fcf), U64(0x309c5aeb1bd605f7), + U64(0x8de0dc52d1472b4d), U64(0xf8ec34c2fd7b9e5f), + U64(0xea18cd3d58787724), U64(0xaad515447ca67b86), + U64(0x9989695a9d97e14c), U64(0x0000000000000000), + U64(0xf196c63321f464ec), U64(0x71116bc169557cb5), + U64(0xaf887f466f92c7c1), U64(0x972e3e0ffe964d65), + U64(0x190ec4a8d536f915), U64(0x95aef1a9522ca7b8), + U64(0xdc19db21aa7d51a9), U64(0x94ee18fa0471d258), + U64(0x8087adf248a11859), U64(0xc457f6da2916dd5c), + U64(0xfa6cfb6451c17482), U64(0xf256e0c6db13fbd1), + U64(0x6a9f60cf10d96f7d), U64(0x4daaa9d9bd383fb6), + U64(0x03c026f5fae79f3d), U64(0xde99148706c7bb74), + U64(0x2a52b8b6340763df), U64(0x6fc20acd03edd33a), + U64(0xd423c08320afdefa), U64(0xbbe1ca4e23420dc0), + U64(0x966ed75ca8cb3885), U64(0xeb58246e0e2502c4), + U64(0x055d6a021334bc47), U64(0xa47242111fa7d7af), + U64(0xe3623fcc84f78d97), U64(0x81c744a11efc6db9), + U64(0xaec8961539cfb221), U64(0xf31609958d4e8e31), + U64(0x63e5923ecc5695ce), U64(0x47107ddd9b505a38), + U64(0xa3afe7b5a0298135), U64(0x792b7063e387f3e6), + U64(0x0140e953565d75e0), U64(0x12f4f9ffa503e97b), + U64(0x750ce8902c3cb512), U64(0xdbc47e8515f30733), + U64(0x1ed3610c6ab8af8f), U64(0x5239218681dde5d9), + U64(0xe222d69fd2aaf877), U64(0xfe71783514a8bd25), + U64(0xcaf0a18f4a177175), U64(0x61655d9860ec7f13), + U64(0xe77fbc9dc19e4430), U64(0x2ccff441ddd440a5), + U64(0x16e97aaee06a20dc), U64(0xa855dae2d01c915b), + U64(0x1d1347f9905f30b2), U64(0xb7c652bdecf94b34), + U64(0xd03e43d265c6175d), U64(0xfdb15ec0ee4f2218), + U64(0x57644b8492e9599e), U64(0x07dda5a4bf8e569a), + U64(0x54a46d71680ec6a3), U64(0x5624a2d7c4b42c7e), + U64(0xbebca04c3076b187), U64(0x7d36f332a6ee3a41), + U64(0x3b6667bc6be31599), U64(0x695f463aea3ef040), + U64(0xad08b0e0c3282d1c), U64(0xb15b1e4a052a684e), + U64(0x44d05b2861b7c505), U64(0x15295c5b1a8dbfe1), + U64(0x744c01c37a61c0f2), U64(0x59c31cd1f1e8f5b7), + U64(0xef45a73f4b4ccb63), U64(0x6bdf899c46841a9d), + U64(0x3dfb2b4b823036e3), U64(0xa2ef0ee6f674f4d5), + U64(0x184e2dfb836b8cf5), U64(0x1134df0a5fe47646), + U64(0xbaa1231d751f7820), U64(0xd17eaa81339b62bd), + U64(0xb01bf71953771dae), U64(0x849a2ea30dc8d1fe), + U64(0x705182923f080955), U64(0x0ea757556301ac29), + U64(0x041d83514569c9a7), U64(0x0abad4042668658e), + U64(0x49b72a88f851f611), U64(0x8a3d79f66ec97dd7), + U64(0xcd2d042bf59927ef), U64(0xc930877ab0f0ee48), + U64(0x9273540deda2f122), U64(0xc797d02fd3f14261), + U64(0xe1e2f06a284d674a), U64(0xd2be8c74c97cfd80), + U64(0x9a494faf67707e71), U64(0xb3dbd1eca9908293), + U64(0x72d14d3493b2e388), U64(0xd6a30f258c153427) + }, +}; + +static const STREEBOG_LONG64 C16[12][8] = { + { + U64(0xdd806559f2a64507), U64(0x05767436cc744d23), + U64(0xa2422a08a460d315), U64(0x4b7ce09192676901), + U64(0x714eb88d7585c4fc), U64(0x2f6a76432e45d016), + U64(0xebcb2f81c0657c1f), U64(0xb1085bda1ecadae9) + }, { + U64(0xe679047021b19bb7), U64(0x55dda21bd7cbcd56), + U64(0x5cb561c2db0aa7ca), U64(0x9ab5176b12d69958), + U64(0x61d55e0f16b50131), U64(0xf3feea720a232b98), + U64(0x4fe39d460f70b5d7), U64(0x6fa3b58aa99d2f1a) + }, { + U64(0x991e96f50aba0ab2), U64(0xc2b6f443867adb31), + U64(0xc1c93a376062db09), U64(0xd3e20fe490359eb1), + U64(0xf2ea7514b1297b7b), U64(0x06f15e5f529c1f8b), + U64(0x0a39fc286a3d8435), U64(0xf574dcac2bce2fc7) + }, { + U64(0x220cbebc84e3d12e), U64(0x3453eaa193e837f1), + U64(0xd8b71333935203be), U64(0xa9d72c82ed03d675), + U64(0x9d721cad685e353f), U64(0x488e857e335c3c7d), + U64(0xf948e1a05d71e4dd), U64(0xef1fdfb3e81566d2) + }, { + U64(0x601758fd7c6cfe57), U64(0x7a56a27ea9ea63f5), + U64(0xdfff00b723271a16), U64(0xbfcd1747253af5a3), + U64(0x359e35d7800fffbd), U64(0x7f151c1f1686104a), + U64(0x9a3f410c6ca92363), U64(0x4bea6bacad474799) + }, { + U64(0xfa68407a46647d6e), U64(0xbf71c57236904f35), + U64(0x0af21f66c2bec6b6), U64(0xcffaa6b71c9ab7b4), + U64(0x187f9ab49af08ec6), U64(0x2d66c4f95142a46c), + U64(0x6fa4c33b7a3039c0), U64(0xae4faeae1d3ad3d9) + }, { + U64(0x8886564d3a14d493), U64(0x3517454ca23c4af3), + U64(0x06476983284a0504), U64(0x0992abc52d822c37), + U64(0xd3473e33197a93c9), U64(0x399ec6c7e6bf87c9), + U64(0x51ac86febf240954), U64(0xf4c70e16eeaac5ec) + }, { + U64(0xa47f0dd4bf02e71e), U64(0x36acc2355951a8d9), + U64(0x69d18d2bd1a5c42f), U64(0xf4892bcb929b0690), + U64(0x89b4443b4ddbc49a), U64(0x4eb7f8719c36de1e), + U64(0x03e7aa020c6e4141), U64(0x9b1f5b424d93c9a7) + }, { + U64(0x7261445183235adb), U64(0x0e38dc92cb1f2a60), + U64(0x7b2b8a9aa6079c54), U64(0x800a440bdbb2ceb1), + U64(0x3cd955b7e00d0984), U64(0x3a7d3a1b25894224), + U64(0x944c9ad8ec165fde), U64(0x378f5a541631229b) + }, { + U64(0x74b4c7fb98459ced), U64(0x3698fad1153bb6c3), + U64(0x7a1e6c303b7652f4), U64(0x9fe76702af69334b), + U64(0x1fffe18a1b336103), U64(0x8941e71cff8a78db), + U64(0x382ae548b2e4f3f3), U64(0xabbedea680056f52) + }, { + U64(0x6bcaa4cd81f32d1b), U64(0xdea2594ac06fd85d), + U64(0xefbacd1d7d476e98), U64(0x8a1d71efea48b9ca), + U64(0x2001802114846679), U64(0xd8fa6bbbebab0761), + U64(0x3002c6cd635afe94), U64(0x7bcd9ed0efc889fb) + }, { + U64(0x48bc924af11bd720), U64(0xfaf417d5d9b21b99), + U64(0xe71da4aa88e12852), U64(0x5d80ef9d1891cc86), + U64(0xf82012d430219f9b), U64(0xcda43c32bcdf1d77), + U64(0xd21380b00449b17a), U64(0x378ee767f11631ba) + }, +}; + +#define B(x,i,j) (((STREEBOG_LONG64)(*(((const unsigned char *)(&x))+i)))<<(j*8)) +#define PULL64(x) (B(x,0,0)|B(x,1,1)|B(x,2,2)|B(x,3,3)|B(x,4,4)|B(x,5,5)|B(x,6,6)|B(x,7,7)) +#define SWAB64(x) (B(x,0,7)|B(x,1,6)|B(x,2,5)|B(x,3,4)|B(x,4,3)|B(x,5,2)|B(x,6,1)|B(x,7,0)) + +static inline STREEBOG_LONG64 +multipermute(const STREEBOG_LONG64 *in, int i) +{ + STREEBOG_LONG64 t = 0; + + t ^= A_PI_table[0][(in[0] >> (i * 8)) & 0xff]; + t ^= A_PI_table[1][(in[1] >> (i * 8)) & 0xff]; + t ^= A_PI_table[2][(in[2] >> (i * 8)) & 0xff]; + t ^= A_PI_table[3][(in[3] >> (i * 8)) & 0xff]; + t ^= A_PI_table[4][(in[4] >> (i * 8)) & 0xff]; + t ^= A_PI_table[5][(in[5] >> (i * 8)) & 0xff]; + t ^= A_PI_table[6][(in[6] >> (i * 8)) & 0xff]; + t ^= A_PI_table[7][(in[7] >> (i * 8)) & 0xff]; + + return t; +} + +static void +transform(STREEBOG_LONG64 *out, const STREEBOG_LONG64 *a, + const STREEBOG_LONG64 *b) +{ + STREEBOG_LONG64 tmp[8]; + + tmp[0] = a[0] ^ b[0]; + tmp[1] = a[1] ^ b[1]; + tmp[2] = a[2] ^ b[2]; + tmp[3] = a[3] ^ b[3]; + tmp[4] = a[4] ^ b[4]; + tmp[5] = a[5] ^ b[5]; + tmp[6] = a[6] ^ b[6]; + tmp[7] = a[7] ^ b[7]; + + out[0] = multipermute(tmp, 0); + out[1] = multipermute(tmp, 1); + out[2] = multipermute(tmp, 2); + out[3] = multipermute(tmp, 3); + out[4] = multipermute(tmp, 4); + out[5] = multipermute(tmp, 5); + out[6] = multipermute(tmp, 6); + out[7] = multipermute(tmp, 7); +} + +static inline void +gN(STREEBOG_LONG64 *h, STREEBOG_LONG64 *m, STREEBOG_LONG64 *N) +{ + STREEBOG_LONG64 K[8]; + STREEBOG_LONG64 T[8]; + int i; + + transform(K, h, N); + + transform(T, K, m); + transform(K, K, C16[0]); + for (i = 1; i < 12; i++) { + transform(T, K, T); + transform(K, K, C16[i]); + } + + h[0] ^= T[0] ^ K[0] ^ m[0]; + h[1] ^= T[1] ^ K[1] ^ m[1]; + h[2] ^= T[2] ^ K[2] ^ m[2]; + h[3] ^= T[3] ^ K[3] ^ m[3]; + h[4] ^= T[4] ^ K[4] ^ m[4]; + h[5] ^= T[5] ^ K[5] ^ m[5]; + h[6] ^= T[6] ^ K[6] ^ m[6]; + h[7] ^= T[7] ^ K[7] ^ m[7]; +} + + +static void +streebog_single_block(STREEBOG_CTX *ctx, const unsigned char *in, size_t num) +{ + STREEBOG_LONG64 M[8], l; + int i; + + for (i = 0; i < 8; i++) + M[i] = PULL64(in[i*8]); + + gN(ctx->h, M, ctx->N); + + l = ctx->N[0]; + ctx->N[0] += num; + + if (ctx->N[0] < l || ctx->N[0] < num) { + for (i = 1; i < 8; i++) { + ctx->N[i]++; + if (ctx->N[i] != 0) + break; + } + } + + ctx->Sigma[0] += M[0]; + for (i = 1; i < 8; i++) + if (ctx->Sigma[i-1] < M[i-1]) + ctx->Sigma[i] += M[i] + 1; + else + ctx->Sigma[i] += M[i]; +} + + + +static void +streebog_block_data_order(STREEBOG_CTX *ctx, const unsigned char *in, + size_t num) +{ + int i; + + for (i = 0; i < num; i++) + streebog_single_block(ctx, in + i * STREEBOG_CBLOCK, 64 * 8); +} + +int +STREEBOG512_Final(unsigned char *md, STREEBOG_CTX *c) +{ + unsigned char *p = (unsigned char *)c->data; + STREEBOG_LONG64 Z[STREEBOG_LBLOCK] = {0}; + int n; + + if (c->num == STREEBOG_CBLOCK) { + streebog_block_data_order(c, p, 1); + c->num -= STREEBOG_CBLOCK; + } + + n = c->num; + p[n++] = 1; + memset(p + n, 0, STREEBOG_CBLOCK - n); + + streebog_single_block(c, p, c->num * 8); + + gN(c->h, c->N, Z); + gN(c->h, c->Sigma, Z); + + for (n = 0; n < STREEBOG_LBLOCK; n++) + c->h[n] = SWAB64(c->h[n]); + + if (md == NULL) + return 0; + + switch (c->md_len) { + /* Let compiler decide if it's appropriate to unroll... */ + case STREEBOG256_LENGTH: + for (n = 0; n < STREEBOG256_LENGTH / 8; n++) { + STREEBOG_LONG64 t = c->h[4+n]; + +#if BYTE_ORDER == BIG_ENDIAN + *(md++) = (unsigned char)(t); + *(md++) = (unsigned char)(t >> 8); + *(md++) = (unsigned char)(t >> 16); + *(md++) = (unsigned char)(t >> 24); + *(md++) = (unsigned char)(t >> 32); + *(md++) = (unsigned char)(t >> 40); + *(md++) = (unsigned char)(t >> 48); + *(md++) = (unsigned char)(t >> 56); +#else + *(md++) = (unsigned char)(t >> 56); + *(md++) = (unsigned char)(t >> 48); + *(md++) = (unsigned char)(t >> 40); + *(md++) = (unsigned char)(t >> 32); + *(md++) = (unsigned char)(t >> 24); + *(md++) = (unsigned char)(t >> 16); + *(md++) = (unsigned char)(t >> 8); + *(md++) = (unsigned char)(t); +#endif + } + break; + case STREEBOG512_LENGTH: + for (n = 0; n < STREEBOG512_LENGTH / 8; n++) { + STREEBOG_LONG64 t = c->h[n]; + +#if BYTE_ORDER == BIG_ENDIAN + *(md++) = (unsigned char)(t); + *(md++) = (unsigned char)(t >> 8); + *(md++) = (unsigned char)(t >> 16); + *(md++) = (unsigned char)(t >> 24); + *(md++) = (unsigned char)(t >> 32); + *(md++) = (unsigned char)(t >> 40); + *(md++) = (unsigned char)(t >> 48); + *(md++) = (unsigned char)(t >> 56); +#else + *(md++) = (unsigned char)(t >> 56); + *(md++) = (unsigned char)(t >> 48); + *(md++) = (unsigned char)(t >> 40); + *(md++) = (unsigned char)(t >> 32); + *(md++) = (unsigned char)(t >> 24); + *(md++) = (unsigned char)(t >> 16); + *(md++) = (unsigned char)(t >> 8); + *(md++) = (unsigned char)(t); +#endif + } + break; + /* ... as well as make sure md_len is not abused. */ + default: + return 0; + } + + return 1; +} + +int +STREEBOG256_Final(unsigned char *md, STREEBOG_CTX * c) +{ + return STREEBOG512_Final(md, c); +} + +int +STREEBOG512_Update(STREEBOG_CTX *c, const void *_data, size_t len) +{ + unsigned char *p = (unsigned char *)c->data; + const unsigned char *data = (const unsigned char *)_data; + + if (len == 0) + return 1; + + if (c->num != 0) { + size_t n = STREEBOG_CBLOCK - c->num; + + if (len < n) { + memcpy(p + c->num, data, len); + c->num += (unsigned int)len; + return 1; + } else { + memcpy(p + c->num, data, n); + c->num = 0; + len -= n; + data += n; + streebog_block_data_order(c, p, 1); + } + } + + if (len >= STREEBOG_CBLOCK) { + streebog_block_data_order(c, data, len / STREEBOG_CBLOCK); + data += len; + len %= STREEBOG_CBLOCK; + data -= len; + } + + if (len != 0) { + memcpy(p, data, len); + c->num = (int)len; + } + + return 1; +} + +int +STREEBOG256_Update(STREEBOG_CTX *c, const void *data, size_t len) +{ + return STREEBOG512_Update(c, data, len); +} + +void +STREEBOG512_Transform(STREEBOG_CTX *c, const unsigned char *data) +{ + streebog_block_data_order(c, data, 1); +} + +int +STREEBOG256_Init(STREEBOG_CTX *c) +{ + memset(c, 0, sizeof(*c)); + memset(c->h, 1, sizeof(c->h)); + + c->md_len = STREEBOG256_LENGTH; + return 1; +} + +int +STREEBOG512_Init(STREEBOG_CTX *c) +{ + memset(c, 0, sizeof(*c)); + memset(c->h, 0, sizeof(c->h)); + + c->num = 0; + c->md_len = STREEBOG512_LENGTH; + return 1; +} + +unsigned char * +STREEBOG256(const unsigned char *d, size_t n, unsigned char *md) +{ + STREEBOG_CTX c; + static unsigned char m[STREEBOG256_LENGTH]; + + if (md == NULL) + md = m; + STREEBOG256_Init(&c); + STREEBOG256_Update(&c, d, n); + STREEBOG256_Final(md, &c); + explicit_bzero(&c, sizeof(c)); + return (md); +} + +unsigned char * +STREEBOG512(const unsigned char *d, size_t n, unsigned char *md) +{ + STREEBOG_CTX c; + static unsigned char m[STREEBOG512_LENGTH]; + + if (md == NULL) + md = m; + STREEBOG512_Init(&c); + STREEBOG512_Update(&c, d, n); + STREEBOG512_Final(md, &c); + explicit_bzero(&c, sizeof(c)); + return (md); +} + +#endif diff --git a/src/lib/libcrypto/hkdf/hkdf.c b/src/lib/libcrypto/hkdf/hkdf.c new file mode 100644 index 00000000000..fa1dfeb067d --- /dev/null +++ b/src/lib/libcrypto/hkdf/hkdf.c @@ -0,0 +1,117 @@ +/* $OpenBSD: hkdf.c,v 1.2 2018/04/03 13:33:53 tb Exp $ */ +/* Copyright (c) 2014, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include +#include + +#include +#include + +/* https://tools.ietf.org/html/rfc5869#section-2 */ +int +HKDF(uint8_t *out_key, size_t out_len, const EVP_MD *digest, + const uint8_t *secret, size_t secret_len, const uint8_t *salt, + size_t salt_len, const uint8_t *info, size_t info_len) +{ + uint8_t prk[EVP_MAX_MD_SIZE]; + size_t prk_len; + + if (!HKDF_extract(prk, &prk_len, digest, secret, secret_len, salt, + salt_len)) + return 0; + if (!HKDF_expand(out_key, out_len, digest, prk, prk_len, info, + info_len)) + return 0; + + return 1; +} + +/* https://tools.ietf.org/html/rfc5869#section-2.2 */ +int +HKDF_extract(uint8_t *out_key, size_t *out_len, + const EVP_MD *digest, const uint8_t *secret, size_t secret_len, + const uint8_t *salt, size_t salt_len) +{ + unsigned int len; + + /* + * If salt is not given, HashLength zeros are used. However, HMAC does that + * internally already so we can ignore it. + */ + if (HMAC(digest, salt, salt_len, secret, secret_len, out_key, &len) == + NULL) { + CRYPTOerror(ERR_R_CRYPTO_LIB); + return 0; + } + *out_len = len; + return 1; +} + +/* https://tools.ietf.org/html/rfc5869#section-2.3 */ +int +HKDF_expand(uint8_t *out_key, size_t out_len, + const EVP_MD *digest, const uint8_t *prk, size_t prk_len, + const uint8_t *info, size_t info_len) +{ + const size_t digest_len = EVP_MD_size(digest); + uint8_t previous[EVP_MAX_MD_SIZE]; + size_t n, done = 0; + unsigned int i; + int ret = 0; + HMAC_CTX hmac; + + /* Expand key material to desired length. */ + n = (out_len + digest_len - 1) / digest_len; + if (out_len + digest_len < out_len || n > 255) { + CRYPTOerror(EVP_R_TOO_LARGE); + return 0; + } + + HMAC_CTX_init(&hmac); + if (!HMAC_Init_ex(&hmac, prk, prk_len, digest, NULL)) + goto out; + + for (i = 0; i < n; i++) { + uint8_t ctr = i + 1; + size_t todo; + + if (i != 0 && (!HMAC_Init_ex(&hmac, NULL, 0, NULL, NULL) || + !HMAC_Update(&hmac, previous, digest_len))) + goto out; + + if (!HMAC_Update(&hmac, info, info_len) || + !HMAC_Update(&hmac, &ctr, 1) || + !HMAC_Final(&hmac, previous, NULL)) + goto out; + + todo = digest_len; + if (done + todo > out_len) + todo = out_len - done; + + memcpy(out_key + done, previous, todo); + done += todo; + } + + ret = 1; + + out: + HMAC_CTX_cleanup(&hmac); + if (ret != 1) + CRYPTOerror(ERR_R_CRYPTO_LIB); + return ret; +} diff --git a/src/lib/libcrypto/hkdf/hkdf.h b/src/lib/libcrypto/hkdf/hkdf.h new file mode 100644 index 00000000000..34450f9dd7f --- /dev/null +++ b/src/lib/libcrypto/hkdf/hkdf.h @@ -0,0 +1,65 @@ +/* $OpenBSD: hkdf.h,v 1.2 2018/04/03 13:33:53 tb Exp $ */ +/* Copyright (c) 2014, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#ifndef OPENSSL_HEADER_HKDF_H +#define OPENSSL_HEADER_HKDF_H + +#include + +#if defined(__cplusplus) +extern "C" { +#endif + +/* + * HKDF computes HKDF (as specified by RFC 5869) of initial keying + * material |secret| with |salt| and |info| using |digest|, and + * outputs |out_len| bytes to |out_key|. It returns one on success and + * zero on error. + * + * HKDF is an Extract-and-Expand algorithm. It does not do any key + * stretching, and as such, is not suited to be used alone to generate + * a key from a password. + */ + +int HKDF(uint8_t *out_key, size_t out_len, const struct env_md_st *digest, + const uint8_t *secret, size_t secret_len, const uint8_t *salt, + size_t salt_len, const uint8_t *info, size_t info_len); + +/* + * HKDF_extract computes a HKDF PRK (as specified by RFC 5869) from + * initial keying material |secret| and salt |salt| using |digest|, + * and outputs |out_len| bytes to |out_key|. The maximum output size + * is |EVP_MAX_MD_SIZE|. It returns one on success and zero on error. + */ +int HKDF_extract(uint8_t *out_key, size_t *out_len, + const struct env_md_st *digest, const uint8_t *secret, + size_t secret_len, const uint8_t *salt, size_t salt_len); + +/* + * HKDF_expand computes a HKDF OKM (as specified by RFC 5869) of + * length |out_len| from the PRK |prk| and info |info| using |digest|, + * and outputs the result to |out_key|. It returns one on success and + * zero on error. + */ +int HKDF_expand(uint8_t *out_key, size_t out_len, + const EVP_MD *digest, const uint8_t *prk, size_t prk_len, + const uint8_t *info, size_t info_len); + + +#if defined(__cplusplus) +} /* extern C */ +#endif + +#endif /* OPENSSL_HEADER_HKDF_H */ diff --git a/src/lib/libcrypto/hmac/Makefile.ssl b/src/lib/libcrypto/hmac/Makefile.ssl deleted file mode 100644 index 93312d49181..00000000000 --- a/src/lib/libcrypto/hmac/Makefile.ssl +++ /dev/null @@ -1,89 +0,0 @@ -# -# SSLeay/crypto/md/Makefile -# - -DIR= hmac -TOP= ../.. -CC= cc -INCLUDES= -CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKE= make -f Makefile.ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) -MAKEFILE= Makefile.ssl -AR= ar r - -CFLAGS= $(INCLUDES) $(CFLAG) - -GENERAL=Makefile -TEST=hmactest.c -APPS= - -LIB=$(TOP)/libcrypto.a -LIBSRC=hmac.c -LIBOBJ=hmac.o - -SRC= $(LIBSRC) - -EXHEADER= hmac.h -HEADER= $(EXHEADER) - -ALL= $(GENERAL) $(SRC) $(HEADER) - -top: - (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) - -all: lib - -lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) || echo Never mind. - @touch lib - -files: - $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO - -links: - @sh $(TOP)/util/point.sh Makefile.ssl Makefile - @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) - @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) - @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) - -install: - @for i in $(EXHEADER) ; \ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; - -tags: - ctags $(SRC) - -tests: - -lint: - lint -DLINT $(INCLUDES) $(SRC)>fluff - -depend: - $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) - -dclean: - $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new - mv -f Makefile.new $(MAKEFILE) - -clean: - rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff - -# DO NOT DELETE THIS LINE -- make depend depends on it. - -hmac.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -hmac.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -hmac.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h -hmac.o: ../../include/openssl/hmac.h ../../include/openssl/obj_mac.h -hmac.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -hmac.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -hmac.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -hmac.o: ../../include/openssl/symhacks.h hmac.c diff --git a/src/lib/libcrypto/hmac/hm_ameth.c b/src/lib/libcrypto/hmac/hm_ameth.c new file mode 100644 index 00000000000..cfa02397051 --- /dev/null +++ b/src/lib/libcrypto/hmac/hm_ameth.c @@ -0,0 +1,169 @@ +/* $OpenBSD: hm_ameth.c,v 1.10 2015/09/10 15:56:25 jsing Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2007. + */ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include + +#include + +#include "asn1_locl.h" + +#define HMAC_TEST_PRIVATE_KEY_FORMAT + +/* HMAC "ASN1" method. This is just here to indicate the + * maximum HMAC output length and to free up an HMAC + * key. + */ + +static int +hmac_size(const EVP_PKEY *pkey) +{ + return EVP_MAX_MD_SIZE; +} + +static void +hmac_key_free(EVP_PKEY *pkey) +{ + ASN1_OCTET_STRING *os = (ASN1_OCTET_STRING *)pkey->pkey.ptr; + + if (os) { + if (os->data) + explicit_bzero(os->data, os->length); + ASN1_OCTET_STRING_free(os); + } +} + +static int +hmac_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) +{ + switch (op) { + case ASN1_PKEY_CTRL_DEFAULT_MD_NID: + *(int *)arg2 = NID_sha1; + return 1; + default: + return -2; + } +} + +#ifdef HMAC_TEST_PRIVATE_KEY_FORMAT +/* A bogus private key format for test purposes. This is simply the + * HMAC key with "HMAC PRIVATE KEY" in the headers. When enabled the + * genpkey utility can be used to "generate" HMAC keys. + */ + +static int +old_hmac_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen) +{ + ASN1_OCTET_STRING *os; + + os = ASN1_OCTET_STRING_new(); + if (os == NULL) + goto err; + if (ASN1_OCTET_STRING_set(os, *pder, derlen) == 0) + goto err; + if (EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, os) == 0) + goto err; + return 1; + +err: + ASN1_OCTET_STRING_free(os); + return 0; +} + +static int +old_hmac_encode(const EVP_PKEY *pkey, unsigned char **pder) +{ + int inc; + ASN1_OCTET_STRING *os = (ASN1_OCTET_STRING *)pkey->pkey.ptr; + + if (pder) { + if (!*pder) { + *pder = malloc(os->length); + if (*pder == NULL) + return -1; + inc = 0; + } else + inc = 1; + + memcpy(*pder, os->data, os->length); + + if (inc) + *pder += os->length; + } + + return os->length; +} + +#endif + +const EVP_PKEY_ASN1_METHOD hmac_asn1_meth = { + .pkey_id = EVP_PKEY_HMAC, + .pkey_base_id = EVP_PKEY_HMAC, + + .pem_str = "HMAC", + .info = "OpenSSL HMAC method", + + .pkey_size = hmac_size, + + .pkey_free = hmac_key_free, + .pkey_ctrl = hmac_pkey_ctrl, +#ifdef HMAC_TEST_PRIVATE_KEY_FORMAT + .old_priv_decode = old_hmac_decode, + .old_priv_encode = old_hmac_encode +#endif +}; diff --git a/src/lib/libcrypto/hmac/hm_pmeth.c b/src/lib/libcrypto/hmac/hm_pmeth.c new file mode 100644 index 00000000000..390725fa251 --- /dev/null +++ b/src/lib/libcrypto/hmac/hm_pmeth.c @@ -0,0 +1,254 @@ +/* $OpenBSD: hm_pmeth.c,v 1.10 2017/05/02 03:59:44 deraadt Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2007. + */ +/* ==================================================================== + * Copyright (c) 2007 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include + +#include +#include +#include +#include + +#include "evp_locl.h" + +/* HMAC pkey context structure */ + +typedef struct { + const EVP_MD *md; /* MD for HMAC use */ + ASN1_OCTET_STRING ktmp; /* Temp storage for key */ + HMAC_CTX ctx; +} HMAC_PKEY_CTX; + +static int +pkey_hmac_init(EVP_PKEY_CTX *ctx) +{ + HMAC_PKEY_CTX *hctx; + + hctx = malloc(sizeof(HMAC_PKEY_CTX)); + if (!hctx) + return 0; + hctx->md = NULL; + hctx->ktmp.data = NULL; + hctx->ktmp.length = 0; + hctx->ktmp.flags = 0; + hctx->ktmp.type = V_ASN1_OCTET_STRING; + HMAC_CTX_init(&hctx->ctx); + + ctx->data = hctx; + ctx->keygen_info_count = 0; + + return 1; +} + +static int +pkey_hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) +{ + HMAC_PKEY_CTX *sctx, *dctx; + + if (!pkey_hmac_init(dst)) + return 0; + sctx = src->data; + dctx = dst->data; + dctx->md = sctx->md; + HMAC_CTX_init(&dctx->ctx); + if (!HMAC_CTX_copy(&dctx->ctx, &sctx->ctx)) + return 0; + if (sctx->ktmp.data) { + if (!ASN1_OCTET_STRING_set(&dctx->ktmp, sctx->ktmp.data, + sctx->ktmp.length)) + return 0; + } + return 1; +} + +static void +pkey_hmac_cleanup(EVP_PKEY_CTX *ctx) +{ + HMAC_PKEY_CTX *hctx = ctx->data; + + HMAC_CTX_cleanup(&hctx->ctx); + freezero(hctx->ktmp.data, hctx->ktmp.length); + free(hctx); +} + +static int +pkey_hmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) +{ + ASN1_OCTET_STRING *hkey = NULL; + HMAC_PKEY_CTX *hctx = ctx->data; + + if (!hctx->ktmp.data) + return 0; + hkey = ASN1_OCTET_STRING_dup(&hctx->ktmp); + if (!hkey) + return 0; + EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, hkey); + + return 1; +} + +static int +int_update(EVP_MD_CTX *ctx, const void *data, size_t count) +{ + HMAC_PKEY_CTX *hctx = ctx->pctx->data; + + if (!HMAC_Update(&hctx->ctx, data, count)) + return 0; + return 1; +} + +static int +hmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) +{ + HMAC_PKEY_CTX *hctx = ctx->data; + + HMAC_CTX_set_flags(&hctx->ctx, mctx->flags & ~EVP_MD_CTX_FLAG_NO_INIT); + EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT); + mctx->update = int_update; + return 1; +} + +static int +hmac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + EVP_MD_CTX *mctx) +{ + unsigned int hlen; + HMAC_PKEY_CTX *hctx = ctx->data; + int l = EVP_MD_CTX_size(mctx); + + if (l < 0) + return 0; + *siglen = l; + if (!sig) + return 1; + + if (!HMAC_Final(&hctx->ctx, sig, &hlen)) + return 0; + *siglen = (size_t)hlen; + return 1; +} + +static int +pkey_hmac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) +{ + HMAC_PKEY_CTX *hctx = ctx->data; + ASN1_OCTET_STRING *key; + + switch (type) { + case EVP_PKEY_CTRL_SET_MAC_KEY: + if ((!p2 && p1 > 0) || (p1 < -1)) + return 0; + if (!ASN1_OCTET_STRING_set(&hctx->ktmp, p2, p1)) + return 0; + break; + + case EVP_PKEY_CTRL_MD: + hctx->md = p2; + break; + + case EVP_PKEY_CTRL_DIGESTINIT: + key = (ASN1_OCTET_STRING *)ctx->pkey->pkey.ptr; + if (!HMAC_Init_ex(&hctx->ctx, key->data, key->length, hctx->md, + ctx->engine)) + return 0; + break; + + default: + return -2; + } + return 1; +} + +static int +pkey_hmac_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value) +{ + if (!value) + return 0; + if (!strcmp(type, "key")) { + void *p = (void *)value; + return pkey_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, -1, p); + } + if (!strcmp(type, "hexkey")) { + unsigned char *key; + int r; + long keylen; + key = string_to_hex(value, &keylen); + if (!key) + return 0; + r = pkey_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, keylen, key); + free(key); + return r; + } + return -2; +} + +const EVP_PKEY_METHOD hmac_pkey_meth = { + .pkey_id = EVP_PKEY_HMAC, + + .init = pkey_hmac_init, + .copy = pkey_hmac_copy, + .cleanup = pkey_hmac_cleanup, + + .keygen = pkey_hmac_keygen, + + .signctx_init = hmac_signctx_init, + .signctx = hmac_signctx, + + .ctrl = pkey_hmac_ctrl, + .ctrl_str = pkey_hmac_ctrl_str +}; diff --git a/src/lib/libcrypto/hmac/hmac.c b/src/lib/libcrypto/hmac/hmac.c index 46480a4c955..7bf17eed965 100644 --- a/src/lib/libcrypto/hmac/hmac.c +++ b/src/lib/libcrypto/hmac/hmac.c @@ -1,25 +1,25 @@ -/* crypto/hmac/hmac.c */ +/* $OpenBSD: hmac.c,v 1.25 2018/02/17 14:53:58 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,123 +49,228 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ + #include #include #include + +#include #include -void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, - const EVP_MD *md, ENGINE *impl) - { - int i,j,reset=0; +int +HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md, + ENGINE *impl) +{ + int i, j, reset = 0; unsigned char pad[HMAC_MAX_MD_CBLOCK]; - if (md != NULL) - { - reset=1; - ctx->md=md; - EVP_MD_CTX_init(&ctx->md_ctx); - } + /* If we are changing MD then we must have a key */ + if (md != NULL && md != ctx->md && (key == NULL || len < 0)) + return 0; + + if (md != NULL) { + reset = 1; + ctx->md = md; + } else if (ctx->md != NULL) + md = ctx->md; else - md=ctx->md; - - if (key != NULL) - { - reset=1; - j=EVP_MD_block_size(md); - if (j < len) - { - EVP_DigestInit_ex(&ctx->md_ctx,md, impl); - EVP_DigestUpdate(&ctx->md_ctx,key,len); - EVP_DigestFinal_ex(&(ctx->md_ctx),ctx->key, - &ctx->key_length); - } - else - { - memcpy(ctx->key,key,len); - ctx->key_length=len; - } - if(ctx->key_length != HMAC_MAX_MD_CBLOCK) - memset(&ctx->key[ctx->key_length], 0, - HMAC_MAX_MD_CBLOCK - ctx->key_length); - } + return 0; - if (reset) - { - for (i=0; ikey[i]; - EVP_DigestInit_ex(&ctx->i_ctx,md, impl); - EVP_DigestUpdate(&ctx->i_ctx,pad,EVP_MD_block_size(md)); - - for (i=0; ikey[i]; - EVP_DigestInit_ex(&ctx->o_ctx,md, impl); - EVP_DigestUpdate(&ctx->o_ctx,pad,EVP_MD_block_size(md)); + if (key != NULL) { + reset = 1; + j = EVP_MD_block_size(md); + if ((size_t)j > sizeof(ctx->key)) { + EVPerror(EVP_R_BAD_BLOCK_LENGTH); + goto err; + } + if (j < len) { + if (!EVP_DigestInit_ex(&ctx->md_ctx, md, impl)) + goto err; + if (!EVP_DigestUpdate(&ctx->md_ctx, key, len)) + goto err; + if (!EVP_DigestFinal_ex(&(ctx->md_ctx), ctx->key, + &ctx->key_length)) + goto err; + } else { + if (len < 0 || (size_t)len > sizeof(ctx->key)) { + EVPerror(EVP_R_BAD_KEY_LENGTH); + goto err; + } + memcpy(ctx->key, key, len); + ctx->key_length = len; } - EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->i_ctx); + if (ctx->key_length != HMAC_MAX_MD_CBLOCK) + memset(&ctx->key[ctx->key_length], 0, + HMAC_MAX_MD_CBLOCK - ctx->key_length); } -void HMAC_Init(HMAC_CTX *ctx, const void *key, int len, - const EVP_MD *md) - { - if(key && md) - HMAC_CTX_init(ctx); - HMAC_Init_ex(ctx,key,len,md, NULL); - } + if (reset) { + for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++) + pad[i] = 0x36 ^ ctx->key[i]; + if (!EVP_DigestInit_ex(&ctx->i_ctx, md, impl)) + goto err; + if (!EVP_DigestUpdate(&ctx->i_ctx, pad, EVP_MD_block_size(md))) + goto err; -void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len) - { - EVP_DigestUpdate(&ctx->md_ctx,data,len); + for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++) + pad[i] = 0x5c ^ ctx->key[i]; + if (!EVP_DigestInit_ex(&ctx->o_ctx, md, impl)) + goto err; + if (!EVP_DigestUpdate(&ctx->o_ctx, pad, EVP_MD_block_size(md))) + goto err; } + if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->i_ctx)) + goto err; + return 1; +err: + return 0; +} + +int +HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md) +{ + if (key && md) + HMAC_CTX_init(ctx); + return HMAC_Init_ex(ctx, key, len, md, NULL); +} + +int +HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len) +{ + if (ctx->md == NULL) + return 0; -void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len) - { - int j; + return EVP_DigestUpdate(&ctx->md_ctx, data, len); +} + +int +HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len) +{ unsigned int i; unsigned char buf[EVP_MAX_MD_SIZE]; - j=EVP_MD_block_size(ctx->md); + if (ctx->md == NULL) + goto err; - EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i); - EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->o_ctx); - EVP_DigestUpdate(&ctx->md_ctx,buf,i); - EVP_DigestFinal_ex(&ctx->md_ctx,md,len); - } + if (!EVP_DigestFinal_ex(&ctx->md_ctx, buf, &i)) + goto err; + if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->o_ctx)) + goto err; + if (!EVP_DigestUpdate(&ctx->md_ctx, buf, i)) + goto err; + if (!EVP_DigestFinal_ex(&ctx->md_ctx, md, len)) + goto err; + return 1; +err: + return 0; +} + +HMAC_CTX * +HMAC_CTX_new(void) +{ + HMAC_CTX *ctx; + + if ((ctx = calloc(1, sizeof(*ctx))) == NULL) + return NULL; + + HMAC_CTX_init(ctx); + + return ctx; +} + +void +HMAC_CTX_free(HMAC_CTX *ctx) +{ + if (ctx == NULL) + return; + + HMAC_CTX_cleanup(ctx); + + free(ctx); +} -void HMAC_CTX_init(HMAC_CTX *ctx) - { +int +HMAC_CTX_reset(HMAC_CTX *ctx) +{ + HMAC_CTX_cleanup(ctx); + HMAC_CTX_init(ctx); + return 1; +} + +void +HMAC_CTX_init(HMAC_CTX *ctx) +{ EVP_MD_CTX_init(&ctx->i_ctx); EVP_MD_CTX_init(&ctx->o_ctx); EVP_MD_CTX_init(&ctx->md_ctx); - } + ctx->md = NULL; +} + +int +HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx) +{ + if (!EVP_MD_CTX_copy(&dctx->i_ctx, &sctx->i_ctx)) + goto err; + if (!EVP_MD_CTX_copy(&dctx->o_ctx, &sctx->o_ctx)) + goto err; + if (!EVP_MD_CTX_copy(&dctx->md_ctx, &sctx->md_ctx)) + goto err; + memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK); + dctx->key_length = sctx->key_length; + dctx->md = sctx->md; + return 1; +err: + return 0; +} -void HMAC_CTX_cleanup(HMAC_CTX *ctx) - { +void +HMAC_CTX_cleanup(HMAC_CTX *ctx) +{ EVP_MD_CTX_cleanup(&ctx->i_ctx); EVP_MD_CTX_cleanup(&ctx->o_ctx); EVP_MD_CTX_cleanup(&ctx->md_ctx); - memset(ctx,0,sizeof *ctx); - } + explicit_bzero(ctx, sizeof(*ctx)); +} + +void +HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags) +{ + EVP_MD_CTX_set_flags(&ctx->i_ctx, flags); + EVP_MD_CTX_set_flags(&ctx->o_ctx, flags); + EVP_MD_CTX_set_flags(&ctx->md_ctx, flags); +} -unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, - const unsigned char *d, int n, unsigned char *md, - unsigned int *md_len) - { +const EVP_MD * +HMAC_CTX_get_md(const HMAC_CTX *ctx) +{ + return ctx->md; +} + +unsigned char * +HMAC(const EVP_MD *evp_md, const void *key, int key_len, const unsigned char *d, + size_t n, unsigned char *md, unsigned int *md_len) +{ HMAC_CTX c; static unsigned char m[EVP_MAX_MD_SIZE]; - if (md == NULL) md=m; + if (md == NULL) + md = m; HMAC_CTX_init(&c); - HMAC_Init(&c,key,key_len,evp_md); - HMAC_Update(&c,d,n); - HMAC_Final(&c,md,md_len); + if (!HMAC_Init(&c, key, key_len, evp_md)) + goto err; + if (!HMAC_Update(&c, d, n)) + goto err; + if (!HMAC_Final(&c, md, md_len)) + goto err; HMAC_CTX_cleanup(&c); - return(md); - } - + return md; +err: + HMAC_CTX_cleanup(&c); + return NULL; +} diff --git a/src/lib/libcrypto/hmac/hmac.h b/src/lib/libcrypto/hmac/hmac.h index 0364a1fcbd9..e787c62ac89 100644 --- a/src/lib/libcrypto/hmac/hmac.h +++ b/src/lib/libcrypto/hmac/hmac.h @@ -1,25 +1,25 @@ -/* crypto/hmac/hmac.h */ +/* $OpenBSD: hmac.h,v 1.13 2018/02/17 14:53:59 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -58,46 +58,51 @@ #ifndef HEADER_HMAC_H #define HEADER_HMAC_H +#include + #ifdef OPENSSL_NO_HMAC #error HMAC is disabled. #endif #include -#define HMAC_MAX_MD_CBLOCK 64 +#define HMAC_MAX_MD_CBLOCK 128 /* largest known is SHA512 */ #ifdef __cplusplus extern "C" { #endif -typedef struct hmac_ctx_st - { +typedef struct hmac_ctx_st { const EVP_MD *md; EVP_MD_CTX md_ctx; EVP_MD_CTX i_ctx; EVP_MD_CTX o_ctx; unsigned int key_length; unsigned char key[HMAC_MAX_MD_CBLOCK]; - } HMAC_CTX; +} HMAC_CTX; #define HMAC_size(e) (EVP_MD_size((e)->md)) - +HMAC_CTX *HMAC_CTX_new(void); +void HMAC_CTX_free(HMAC_CTX *ctx); void HMAC_CTX_init(HMAC_CTX *ctx); +int HMAC_CTX_reset(HMAC_CTX *ctx); void HMAC_CTX_cleanup(HMAC_CTX *ctx); #define HMAC_cleanup(ctx) HMAC_CTX_cleanup(ctx) /* deprecated */ -void HMAC_Init(HMAC_CTX *ctx, const void *key, int len, - const EVP_MD *md); /* deprecated */ -void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, - const EVP_MD *md, ENGINE *impl); -void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len); -void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len); +int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, + const EVP_MD *md); /* deprecated */ +int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md, + ENGINE *impl); +int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len); +int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len); unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, - const unsigned char *d, int n, unsigned char *md, - unsigned int *md_len); + const unsigned char *d, size_t n, unsigned char *md, unsigned int *md_len); +int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx); +void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags); +const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx); #ifdef __cplusplus } diff --git a/src/lib/libcrypto/hmac/hmactest.c b/src/lib/libcrypto/hmac/hmactest.c deleted file mode 100644 index 96d3beb8e61..00000000000 --- a/src/lib/libcrypto/hmac/hmactest.c +++ /dev/null @@ -1,160 +0,0 @@ -/* crypto/hmac/hmactest.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include - -#ifdef OPENSSL_NO_HMAC -int main(int argc, char *argv[]) -{ - printf("No HMAC support\n"); - return(0); -} -#else -#include -#include - -#ifdef CHARSET_EBCDIC -#include -#endif - -static struct test_st - { - unsigned char key[16]; - int key_len; - unsigned char data[64]; - int data_len; - unsigned char *digest; - } test[4]={ - { "", - 0, - "More text test vectors to stuff up EBCDIC machines :-)", - 54, - (unsigned char *)"e9139d1e6ee064ef8cf514fc7dc83e86", - },{ {0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b, - 0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,}, - 16, - "Hi There", - 8, - (unsigned char *)"9294727a3638bb1c13f48ef8158bfc9d", - },{ "Jefe", - 4, - "what do ya want for nothing?", - 28, - (unsigned char *)"750c783e6ab0b503eaa86e310a5db738", - },{ - {0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa, - 0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,}, - 16, - {0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd, - 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd, - 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd, - 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd, - 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd, - 0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd, - 0xdd,0xdd}, - 50, - (unsigned char *)"56be34521d144c88dbb8c733f0e8b3f6", - }, - }; - - -static char *pt(unsigned char *md); -int main(int argc, char *argv[]) - { - int i,err=0; - char *p; - -#ifdef CHARSET_EBCDIC - ebcdic2ascii(test[0].data, test[0].data, test[0].data_len); - ebcdic2ascii(test[1].data, test[1].data, test[1].data_len); - ebcdic2ascii(test[2].key, test[2].key, test[2].key_len); - ebcdic2ascii(test[2].data, test[2].data, test[2].data_len); -#endif - - for (i=0; i<4; i++) - { - p=pt(HMAC(EVP_md5(), - test[i].key, test[i].key_len, - test[i].data, test[i].data_len, - NULL,NULL)); - - if (strcmp(p,(char *)test[i].digest) != 0) - { - printf("error calculating HMAC on %d entry'\n",i); - printf("got %s instead of %s\n",p,test[i].digest); - err++; - } - else - printf("test %d ok\n",i); - } - exit(err); - return(0); - } - -static char *pt(unsigned char *md) - { - int i; - static char buf[80]; - - for (i=0; i> $(TOP)/MINFO - -links: - @sh $(TOP)/util/point.sh Makefile.ssl Makefile - @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) - @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) - @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) - -install: - @for i in $(EXHEADER) ; \ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; - -tags: - ctags $(SRC) - -tests: - -lint: - lint -DLINT $(INCLUDES) $(SRC)>fluff - -depend: - $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) - -dclean: - $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new - mv -f Makefile.new $(MAKEFILE) - -clean: - rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff - -# DO NOT DELETE THIS LINE -- make depend depends on it. - -i_cbc.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h -i_cbc.o: i_cbc.c idea_lcl.h -i_cfb64.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h -i_cfb64.o: i_cfb64.c idea_lcl.h -i_ecb.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h -i_ecb.o: ../../include/openssl/opensslv.h i_ecb.c idea_lcl.h -i_ofb64.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h -i_ofb64.o: i_ofb64.c idea_lcl.h -i_skey.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h -i_skey.o: i_skey.c idea_lcl.h diff --git a/src/lib/libcrypto/idea/i_cbc.c b/src/lib/libcrypto/idea/i_cbc.c new file mode 100644 index 00000000000..5bb9640c340 --- /dev/null +++ b/src/lib/libcrypto/idea/i_cbc.c @@ -0,0 +1,168 @@ +/* $OpenBSD: i_cbc.c,v 1.3 2014/10/28 07:35:58 jsg Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "idea_lcl.h" + +void idea_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, + IDEA_KEY_SCHEDULE *ks, unsigned char *iv, int encrypt) + { + unsigned long tin0,tin1; + unsigned long tout0,tout1,xor0,xor1; + long l=length; + unsigned long tin[2]; + + if (encrypt) + { + n2l(iv,tout0); + n2l(iv,tout1); + iv-=8; + for (l-=8; l>=0; l-=8) + { + n2l(in,tin0); + n2l(in,tin1); + tin0^=tout0; + tin1^=tout1; + tin[0]=tin0; + tin[1]=tin1; + idea_encrypt(tin,ks); + tout0=tin[0]; l2n(tout0,out); + tout1=tin[1]; l2n(tout1,out); + } + if (l != -8) + { + n2ln(in,tin0,tin1,l+8); + tin0^=tout0; + tin1^=tout1; + tin[0]=tin0; + tin[1]=tin1; + idea_encrypt(tin,ks); + tout0=tin[0]; l2n(tout0,out); + tout1=tin[1]; l2n(tout1,out); + } + l2n(tout0,iv); + l2n(tout1,iv); + } + else + { + n2l(iv,xor0); + n2l(iv,xor1); + iv-=8; + for (l-=8; l>=0; l-=8) + { + n2l(in,tin0); tin[0]=tin0; + n2l(in,tin1); tin[1]=tin1; + idea_encrypt(tin,ks); + tout0=tin[0]^xor0; + tout1=tin[1]^xor1; + l2n(tout0,out); + l2n(tout1,out); + xor0=tin0; + xor1=tin1; + } + if (l != -8) + { + n2l(in,tin0); tin[0]=tin0; + n2l(in,tin1); tin[1]=tin1; + idea_encrypt(tin,ks); + tout0=tin[0]^xor0; + tout1=tin[1]^xor1; + l2nn(tout0,tout1,out,l+8); + xor0=tin0; + xor1=tin1; + } + l2n(xor0,iv); + l2n(xor1,iv); + } + tin0=tin1=tout0=tout1=xor0=xor1=0; + tin[0]=tin[1]=0; + } + +void idea_encrypt(unsigned long *d, IDEA_KEY_SCHEDULE *key) + { + IDEA_INT *p; + unsigned long x1,x2,x3,x4,t0,t1,ul; + + x2=d[0]; + x1=(x2>>16); + x4=d[1]; + x3=(x4>>16); + + p= &(key->data[0][0]); + + E_IDEA(0); + E_IDEA(1); + E_IDEA(2); + E_IDEA(3); + E_IDEA(4); + E_IDEA(5); + E_IDEA(6); + E_IDEA(7); + + x1&=0xffff; + idea_mul(x1,x1,*p,ul); p++; + + t0= x3+ *(p++); + t1= x2+ *(p++); + + x4&=0xffff; + idea_mul(x4,x4,*p,ul); + + d[0]=(t0&0xffff)|((x1&0xffff)<<16); + d[1]=(x4&0xffff)|((t1&0xffff)<<16); + } diff --git a/src/lib/libcrypto/idea/i_cfb64.c b/src/lib/libcrypto/idea/i_cfb64.c new file mode 100644 index 00000000000..b979aaef866 --- /dev/null +++ b/src/lib/libcrypto/idea/i_cfb64.c @@ -0,0 +1,122 @@ +/* $OpenBSD: i_cfb64.c,v 1.3 2014/10/28 07:35:58 jsg Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "idea_lcl.h" + +/* The input and output encrypted as though 64bit cfb mode is being + * used. The extra state information to record how much of the + * 64bit block we have used is contained in *num; + */ + +void idea_cfb64_encrypt(const unsigned char *in, unsigned char *out, + long length, IDEA_KEY_SCHEDULE *schedule, + unsigned char *ivec, int *num, int encrypt) + { + unsigned long v0,v1,t; + int n= *num; + long l=length; + unsigned long ti[2]; + unsigned char *iv,c,cc; + + iv=(unsigned char *)ivec; + if (encrypt) + { + while (l--) + { + if (n == 0) + { + n2l(iv,v0); ti[0]=v0; + n2l(iv,v1); ti[1]=v1; + idea_encrypt((unsigned long *)ti,schedule); + iv=(unsigned char *)ivec; + t=ti[0]; l2n(t,iv); + t=ti[1]; l2n(t,iv); + iv=(unsigned char *)ivec; + } + c= *(in++)^iv[n]; + *(out++)=c; + iv[n]=c; + n=(n+1)&0x07; + } + } + else + { + while (l--) + { + if (n == 0) + { + n2l(iv,v0); ti[0]=v0; + n2l(iv,v1); ti[1]=v1; + idea_encrypt((unsigned long *)ti,schedule); + iv=(unsigned char *)ivec; + t=ti[0]; l2n(t,iv); + t=ti[1]; l2n(t,iv); + iv=(unsigned char *)ivec; + } + cc= *(in++); + c=iv[n]; + iv[n]=cc; + *(out++)=c^cc; + n=(n+1)&0x07; + } + } + v0=v1=ti[0]=ti[1]=t=c=cc=0; + *num=n; + } + diff --git a/src/lib/libcrypto/idea/i_ecb.c b/src/lib/libcrypto/idea/i_ecb.c new file mode 100644 index 00000000000..dac456cdc59 --- /dev/null +++ b/src/lib/libcrypto/idea/i_ecb.c @@ -0,0 +1,83 @@ +/* $OpenBSD: i_ecb.c,v 1.3 2014/07/09 11:10:51 bcook Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "idea_lcl.h" +#include + +const char *idea_options(void) + { + if (sizeof(short) != sizeof(IDEA_INT)) + return("idea(int)"); + else + return("idea(short)"); + } + +void idea_ecb_encrypt(const unsigned char *in, unsigned char *out, + IDEA_KEY_SCHEDULE *ks) + { + unsigned long l0,l1,d[2]; + + n2l(in,l0); d[0]=l0; + n2l(in,l1); d[1]=l1; + idea_encrypt(d,ks); + l0=d[0]; l2n(l0,out); + l1=d[1]; l2n(l1,out); + l0=l1=d[0]=d[1]=0; + } + diff --git a/src/lib/libcrypto/idea/i_ofb64.c b/src/lib/libcrypto/idea/i_ofb64.c new file mode 100644 index 00000000000..376dad9f6d9 --- /dev/null +++ b/src/lib/libcrypto/idea/i_ofb64.c @@ -0,0 +1,111 @@ +/* $OpenBSD: i_ofb64.c,v 1.3 2014/10/28 07:35:58 jsg Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include "idea_lcl.h" + +/* The input and output encrypted as though 64bit ofb mode is being + * used. The extra state information to record how much of the + * 64bit block we have used is contained in *num; + */ +void idea_ofb64_encrypt(const unsigned char *in, unsigned char *out, + long length, IDEA_KEY_SCHEDULE *schedule, + unsigned char *ivec, int *num) + { + unsigned long v0,v1,t; + int n= *num; + long l=length; + unsigned char d[8]; + char *dp; + unsigned long ti[2]; + unsigned char *iv; + int save=0; + + iv=(unsigned char *)ivec; + n2l(iv,v0); + n2l(iv,v1); + ti[0]=v0; + ti[1]=v1; + dp=(char *)d; + l2n(v0,dp); + l2n(v1,dp); + while (l--) + { + if (n == 0) + { + idea_encrypt((unsigned long *)ti,schedule); + dp=(char *)d; + t=ti[0]; l2n(t,dp); + t=ti[1]; l2n(t,dp); + save++; + } + *(out++)= *(in++)^d[n]; + n=(n+1)&0x07; + } + if (save) + { + v0=ti[0]; + v1=ti[1]; + iv=(unsigned char *)ivec; + l2n(v0,iv); + l2n(v1,iv); + } + t=v0=v1=ti[0]=ti[1]=0; + *num=n; + } + diff --git a/src/lib/libcrypto/idea/i_skey.c b/src/lib/libcrypto/idea/i_skey.c new file mode 100644 index 00000000000..2824d2618e4 --- /dev/null +++ b/src/lib/libcrypto/idea/i_skey.c @@ -0,0 +1,157 @@ +/* $OpenBSD: i_skey.c,v 1.4 2014/10/28 07:35:58 jsg Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include "idea_lcl.h" + +static IDEA_INT inverse(unsigned int xin); +void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks) + { + int i; + IDEA_INT *kt,*kf,r0,r1,r2; + + kt= &(ks->data[0][0]); + n2s(key,kt[0]); n2s(key,kt[1]); n2s(key,kt[2]); n2s(key,kt[3]); + n2s(key,kt[4]); n2s(key,kt[5]); n2s(key,kt[6]); n2s(key,kt[7]); + + kf=kt; + kt+=8; + for (i=0; i<6; i++) + { + r2= kf[1]; + r1= kf[2]; + *(kt++)= ((r2<<9) | (r1>>7))&0xffff; + r0= kf[3]; + *(kt++)= ((r1<<9) | (r0>>7))&0xffff; + r1= kf[4]; + *(kt++)= ((r0<<9) | (r1>>7))&0xffff; + r0= kf[5]; + *(kt++)= ((r1<<9) | (r0>>7))&0xffff; + r1= kf[6]; + *(kt++)= ((r0<<9) | (r1>>7))&0xffff; + r0= kf[7]; + *(kt++)= ((r1<<9) | (r0>>7))&0xffff; + r1= kf[0]; + if (i >= 5) break; + *(kt++)= ((r0<<9) | (r1>>7))&0xffff; + *(kt++)= ((r1<<9) | (r2>>7))&0xffff; + kf+=8; + } + } + +void idea_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk) + { + int r; + IDEA_INT *fp,*tp,t; + + tp= &(dk->data[0][0]); + fp= &(ek->data[8][0]); + for (r=0; r<9; r++) + { + *(tp++)=inverse(fp[0]); + *(tp++)=((int)(0x10000L-fp[2])&0xffff); + *(tp++)=((int)(0x10000L-fp[1])&0xffff); + *(tp++)=inverse(fp[3]); + if (r == 8) break; + fp-=6; + *(tp++)=fp[4]; + *(tp++)=fp[5]; + } + + tp= &(dk->data[0][0]); + t=tp[1]; + tp[1]=tp[2]; + tp[2]=t; + + t=tp[49]; + tp[49]=tp[50]; + tp[50]=t; + } + +/* taken directly from the 'paper' I'll have a look at it later */ +static IDEA_INT inverse(unsigned int xin) + { + long n1,n2,q,r,b1,b2,t; + + if (xin == 0) + b2=0; + else + { + n1=0x10001; + n2=xin; + b2=1; + b1=0; + + do { + r=(n1%n2); + q=(n1-r)/n2; + if (r == 0) + { if (b2 < 0) b2=0x10001+b2; } + else + { + n1=n2; + n2=r; + t=b2; + b2=b1-q*b2; + b1=t; + } + } while (r != 0); + } + return((IDEA_INT)b2); + } diff --git a/src/lib/libcrypto/idea/idea.h b/src/lib/libcrypto/idea/idea.h index 67132414ee7..f76bcaeba58 100644 --- a/src/lib/libcrypto/idea/idea.h +++ b/src/lib/libcrypto/idea/idea.h @@ -1,4 +1,4 @@ -/* crypto/idea/idea.h */ +/* $OpenBSD: idea.h,v 1.10 2014/06/12 15:49:29 deraadt Exp $ */ /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -59,6 +59,8 @@ #ifndef HEADER_IDEA_H #define HEADER_IDEA_H +#include /* IDEA_INT, OPENSSL_NO_IDEA */ + #ifdef OPENSSL_NO_IDEA #error IDEA is disabled. #endif @@ -66,7 +68,6 @@ #define IDEA_ENCRYPT 1 #define IDEA_DECRYPT 0 -#include /* IDEA_INT */ #define IDEA_BLOCK 8 #define IDEA_KEY_LENGTH 16 diff --git a/src/lib/libcrypto/idea/idea_lcl.h b/src/lib/libcrypto/idea/idea_lcl.h new file mode 100644 index 00000000000..e46c960875c --- /dev/null +++ b/src/lib/libcrypto/idea/idea_lcl.h @@ -0,0 +1,150 @@ +/* $OpenBSD: idea_lcl.h,v 1.3 2015/02/07 13:19:15 doug Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +/* The new form of this macro (check if the a*b == 0) was suggested by + * Colin Plumb */ +/* Removal of the inner if from from Wei Dai 24/4/96 */ +#define idea_mul(r,a,b,ul) \ +ul=(unsigned long)a*b; \ +if (ul != 0) \ + { \ + r=(ul&0xffff)-(ul>>16); \ + r-=((r)>>16); \ + } \ +else \ + r=(-(int)a-b+1); /* assuming a or b is 0 and in range */ + +/* 7/12/95 - Many thanks to Rhys Weatherley + * for pointing out that I was assuming little endian + * byte order for all quantities what idea + * actually used bigendian. No where in the spec does it mention + * this, it is all in terms of 16 bit numbers and even the example + * does not use byte streams for the input example :-(. + * If you byte swap each pair of input, keys and iv, the functions + * would produce the output as the old version :-(. + */ + +/* NOTE - c is not incremented as per n2l */ +#define n2ln(c,l1,l2,n) { \ + c+=n; \ + l1=l2=0; \ + switch (n) { \ + case 8: l2 =((unsigned long)(*(--(c)))) ; \ + case 7: l2|=((unsigned long)(*(--(c))))<< 8; \ + case 6: l2|=((unsigned long)(*(--(c))))<<16; \ + case 5: l2|=((unsigned long)(*(--(c))))<<24; \ + case 4: l1 =((unsigned long)(*(--(c)))) ; \ + case 3: l1|=((unsigned long)(*(--(c))))<< 8; \ + case 2: l1|=((unsigned long)(*(--(c))))<<16; \ + case 1: l1|=((unsigned long)(*(--(c))))<<24; \ + } \ + } + +/* NOTE - c is not incremented as per l2n */ +#define l2nn(l1,l2,c,n) { \ + c+=n; \ + switch (n) { \ + case 8: *(--(c))=(unsigned char)(((l2) )&0xff); \ + case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ + case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ + case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ + case 4: *(--(c))=(unsigned char)(((l1) )&0xff); \ + case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ + case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ + case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ + } \ + } + +#undef n2l +#define n2l(c,l) (l =((unsigned long)(*((c)++)))<<24L, \ + l|=((unsigned long)(*((c)++)))<<16L, \ + l|=((unsigned long)(*((c)++)))<< 8L, \ + l|=((unsigned long)(*((c)++)))) + +#undef l2n +#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \ + *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ + *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ + *((c)++)=(unsigned char)(((l) )&0xff)) + +#undef s2n +#define s2n(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ + *((c)++)=(unsigned char)(((l)>> 8L)&0xff)) + +#undef n2s +#define n2s(c,l) (l =((IDEA_INT)(*((c)++)))<< 8L, \ + l|=((IDEA_INT)(*((c)++))) ) + +#define E_IDEA(num) \ + x1&=0xffff; \ + idea_mul(x1,x1,*p,ul); p++; \ + x2+= *(p++); \ + x3+= *(p++); \ + x4&=0xffff; \ + idea_mul(x4,x4,*p,ul); p++; \ + t0=(x1^x3)&0xffff; \ + idea_mul(t0,t0,*p,ul); p++; \ + t1=(t0+(x2^x4))&0xffff; \ + idea_mul(t1,t1,*p,ul); p++; \ + t0+=t1; \ + x1^=t1; \ + x4^=t0; \ + ul=x2^t0; /* do the swap to x3 */ \ + x2=x3^t1; \ + x3=ul; + diff --git a/src/lib/libcrypto/install.com b/src/lib/libcrypto/install.com deleted file mode 100644 index b3d155e9643..00000000000 --- a/src/lib/libcrypto/install.com +++ /dev/null @@ -1,138 +0,0 @@ -$! INSTALL.COM -- Installs the files in a given directory tree -$! -$! Author: Richard Levitte -$! Time of creation: 22-MAY-1998 10:13 -$! -$! P1 root of the directory tree -$! -$ IF P1 .EQS. "" -$ THEN -$ WRITE SYS$OUTPUT "First argument missing." -$ WRITE SYS$OUTPUT "Should be the directory where you want things installed." -$ EXIT -$ ENDIF -$ -$ ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0" -$ ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY") -$ ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") - - - "[000000." - "][" - "[" - "]" -$ ROOT = ROOT_DEV + "[" + ROOT_DIR -$ -$ DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC -$ DEFINE/NOLOG WRK_SSLVLIB WRK_SSLROOT:[VAX_LIB] -$ DEFINE/NOLOG WRK_SSLALIB WRK_SSLROOT:[ALPHA_LIB] -$ DEFINE/NOLOG WRK_SSLINCLUDE WRK_SSLROOT:[INCLUDE] -$ -$ IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN - - CREATE/DIR/LOG WRK_SSLROOT:[000000] -$ IF F$PARSE("WRK_SSLVLIB:") .EQS. "" THEN - - CREATE/DIR/LOG WRK_SSLVLIB: -$ IF F$PARSE("WRK_SSLALIB:") .EQS. "" THEN - - CREATE/DIR/LOG WRK_SSLALIB: -$ IF F$PARSE("WRK_SSLINCLUDE:") .EQS. "" THEN - - CREATE/DIR/LOG WRK_SSLINCLUDE: -$ -$ SDIRS := ,MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,- - DES,RC2,RC4,RC5,IDEA,BF,CAST,- - BN,EC,RSA,DSA,DH,DSO,ENGINE,AES,- - BUFFER,BIO,STACK,LHASH,RAND,ERR,OBJECTS,- - EVP,ASN1,PEM,X509,X509V3,CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,- - UI,KRB5 -$ EXHEADER_ := crypto.h,tmdiff.h,opensslv.h,opensslconf.h,ebcdic.h,- - symhacks.h,ossl_typ.h -$ EXHEADER_MD2 := md2.h -$ EXHEADER_MD4 := md4.h -$ EXHEADER_MD5 := md5.h -$ EXHEADER_SHA := sha.h -$ EXHEADER_MDC2 := mdc2.h -$ EXHEADER_HMAC := hmac.h -$ EXHEADER_RIPEMD := ripemd.h -$ EXHEADER_DES := des.h,des_old.h -$ EXHEADER_RC2 := rc2.h -$ EXHEADER_RC4 := rc4.h -$ EXHEADER_RC5 := rc5.h -$ EXHEADER_IDEA := idea.h -$ EXHEADER_BF := blowfish.h -$ EXHEADER_CAST := cast.h -$ EXHEADER_BN := bn.h -$ EXHEADER_EC := ec.h -$ EXHEADER_RSA := rsa.h -$ EXHEADER_DSA := dsa.h -$ EXHEADER_DH := dh.h -$ EXHEADER_DSO := dso.h -$ EXHEADER_ENGINE := engine.h -$ EXHEADER_AES := aes.h -$ EXHEADER_BUFFER := buffer.h -$ EXHEADER_BIO := bio.h -$ EXHEADER_STACK := stack.h,safestack.h -$ EXHEADER_LHASH := lhash.h -$ EXHEADER_RAND := rand.h -$ EXHEADER_ERR := err.h -$ EXHEADER_OBJECTS := objects.h,obj_mac.h -$ EXHEADER_EVP := evp.h -$ EXHEADER_ASN1 := asn1.h,asn1_mac.h,asn1t.h -$ EXHEADER_PEM := pem.h,pem2.h -$ EXHEADER_X509 := x509.h,x509_vfy.h -$ EXHEADER_X509V3 := x509v3.h -$ EXHEADER_CONF := conf.h,conf_api.h -$ EXHEADER_TXT_DB := txt_db.h -$ EXHEADER_PKCS7 := pkcs7.h -$ EXHEADER_PKCS12 := pkcs12.h -$ EXHEADER_COMP := comp.h -$ EXHEADER_OCSP := ocsp.h -$ EXHEADER_UI := ui.h,ui_compat.h -$ EXHEADER_KRB5 := krb5_asn.h -$ LIBS := LIBCRYPTO -$ -$ VEXE_DIR := [-.VAX.EXE.CRYPTO] -$ AEXE_DIR := [-.AXP.EXE.CRYPTO] -$ -$ I = 0 -$ LOOP_SDIRS: -$ D = F$EDIT(F$ELEMENT(I, ",", SDIRS),"TRIM") -$ I = I + 1 -$ IF D .EQS. "," THEN GOTO LOOP_SDIRS_END -$ tmp = EXHEADER_'D' -$ IF D .EQS. "" -$ THEN -$ COPY 'tmp' WRK_SSLINCLUDE: /LOG -$ ELSE -$ COPY [.'D']'tmp' WRK_SSLINCLUDE: /LOG -$ ENDIF -$ SET FILE/PROT=WORLD:RE WRK_SSLINCLUDE:'tmp' -$ GOTO LOOP_SDIRS -$ LOOP_SDIRS_END: -$ -$ I = 0 -$ LOOP_LIB: -$ E = F$EDIT(F$ELEMENT(I, ",", LIBS),"TRIM") -$ I = I + 1 -$ IF E .EQS. "," THEN GOTO LOOP_LIB_END -$ SET NOON -$ IF F$SEARCH(VEXE_DIR+E+".OLB") .NES. "" -$ THEN -$ COPY 'VEXE_DIR''E'.OLB WRK_SSLVLIB:'E'.OLB/log -$ SET FILE/PROT=W:RE WRK_SSLVLIB:'E'.OLB -$ ENDIF -$ ! Preparing for the time when we have shareable images -$ IF F$SEARCH(VEXE_DIR+E+".EXE") .NES. "" -$ THEN -$ COPY 'VEXE_DIR''E'.EXE WRK_SSLVLIB:'E'.EXE/log -$ SET FILE/PROT=W:RE WRK_SSLVLIB:'E'.EXE -$ ENDIF -$ IF F$SEARCH(AEXE_DIR+E+".OLB") .NES. "" -$ THEN -$ COPY 'AEXE_DIR''E'.OLB WRK_SSLALIB:'E'.OLB/log -$ SET FILE/PROT=W:RE WRK_SSLALIB:'E'.OLB -$ ENDIF -$ ! Preparing for the time when we have shareable images -$ IF F$SEARCH(AEXE_DIR+E+".EXE") .NES. "" -$ THEN -$ COPY 'AEXE_DIR''E'.EXE WRK_SSLALIB:'E'.EXE/log -$ SET FILE/PROT=W:RE WRK_SSLALIB:'E'.EXE -$ ENDIF -$ SET ON -$ GOTO LOOP_LIB -$ LOOP_LIB_END: -$ -$ EXIT diff --git a/src/lib/libcrypto/krb5/Makefile.ssl b/src/lib/libcrypto/krb5/Makefile.ssl deleted file mode 100644 index ab90580b469..00000000000 --- a/src/lib/libcrypto/krb5/Makefile.ssl +++ /dev/null @@ -1,90 +0,0 @@ -# -# OpenSSL/krb5/Makefile.ssl -# - -DIR= krb5 -TOP= ../.. -CC= cc -INCLUDES= -I.. -I$(TOP) -I../../include -CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKE= make -f Makefile.ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) -MAKEFILE= Makefile.ssl -AR= ar r - -CFLAGS= $(INCLUDES) $(CFLAG) - -GENERAL=Makefile README -TEST= -APPS= - -LIB=$(TOP)/libcrypto.a -LIBSRC= krb5_asn.c - -LIBOBJ= krb5_asn.o - -SRC= $(LIBSRC) - -EXHEADER= krb5_asn.h -HEADER= $(EXHEADER) - -ALL= $(GENERAL) $(SRC) $(HEADER) - -top: - (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) - -all: lib - -lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) - @touch lib - -files: - perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO - -links: - @sh $(TOP)/util/point.sh Makefile.ssl Makefile - $(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) - $(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) - $(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) - -install: - @for i in $(EXHEADER) ; \ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; - -tags: - ctags $(SRC) - -tests: - -lint: - lint -DLINT $(INCLUDES) $(SRC)>fluff - -depend: - $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC) - -dclean: - $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new - mv -f Makefile.new $(MAKEFILE) - -clean: - rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff - -# DO NOT DELETE THIS LINE -- make depend depends on it. - -krb5_asn.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -krb5_asn.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -krb5_asn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -krb5_asn.o: ../../include/openssl/krb5_asn.h -krb5_asn.o: ../../include/openssl/opensslconf.h -krb5_asn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -krb5_asn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -krb5_asn.o: ../../include/openssl/symhacks.h krb5_asn.c diff --git a/src/lib/libcrypto/krb5/krb5_asn.c b/src/lib/libcrypto/krb5/krb5_asn.c deleted file mode 100644 index 1fb741d2a0d..00000000000 --- a/src/lib/libcrypto/krb5/krb5_asn.c +++ /dev/null @@ -1,167 +0,0 @@ -/* krb5_asn.c */ -/* Written by Vern Staats for the OpenSSL project, -** using ocsp/{*.h,*asn*.c} as a starting point -*/ -/* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ -#include -#include -#include - - -ASN1_SEQUENCE(KRB5_ENCDATA) = { - ASN1_EXP(KRB5_ENCDATA, etype, ASN1_INTEGER, 0), - ASN1_EXP_OPT(KRB5_ENCDATA, kvno, ASN1_INTEGER, 1), - ASN1_EXP(KRB5_ENCDATA, cipher, ASN1_OCTET_STRING,2) -} ASN1_SEQUENCE_END(KRB5_ENCDATA) - -IMPLEMENT_ASN1_FUNCTIONS(KRB5_ENCDATA) - - -ASN1_SEQUENCE(KRB5_PRINCNAME) = { - ASN1_EXP(KRB5_PRINCNAME, nametype, ASN1_INTEGER, 0), - ASN1_EXP_SEQUENCE_OF(KRB5_PRINCNAME, namestring, ASN1_GENERALSTRING, 1) -} ASN1_SEQUENCE_END(KRB5_PRINCNAME) - -IMPLEMENT_ASN1_FUNCTIONS(KRB5_PRINCNAME) - - -/* [APPLICATION 1] = 0x61 */ -ASN1_SEQUENCE(KRB5_TKTBODY) = { - ASN1_EXP(KRB5_TKTBODY, tktvno, ASN1_INTEGER, 0), - ASN1_EXP(KRB5_TKTBODY, realm, ASN1_GENERALSTRING, 1), - ASN1_EXP(KRB5_TKTBODY, sname, KRB5_PRINCNAME, 2), - ASN1_EXP(KRB5_TKTBODY, encdata, KRB5_ENCDATA, 3) -} ASN1_SEQUENCE_END(KRB5_TKTBODY) - -IMPLEMENT_ASN1_FUNCTIONS(KRB5_TKTBODY) - - -ASN1_ITEM_TEMPLATE(KRB5_TICKET) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 1, - KRB5_TICKET, KRB5_TKTBODY) -ASN1_ITEM_TEMPLATE_END(KRB5_TICKET) - -IMPLEMENT_ASN1_FUNCTIONS(KRB5_TICKET) - - -/* [APPLICATION 14] = 0x6e */ -ASN1_SEQUENCE(KRB5_APREQBODY) = { - ASN1_EXP(KRB5_APREQBODY, pvno, ASN1_INTEGER, 0), - ASN1_EXP(KRB5_APREQBODY, msgtype, ASN1_INTEGER, 1), - ASN1_EXP(KRB5_APREQBODY, apoptions, ASN1_BIT_STRING, 2), - ASN1_EXP(KRB5_APREQBODY, ticket, KRB5_TICKET, 3), - ASN1_EXP(KRB5_APREQBODY, authenticator, KRB5_ENCDATA, 4), -} ASN1_SEQUENCE_END(KRB5_APREQBODY) - -IMPLEMENT_ASN1_FUNCTIONS(KRB5_APREQBODY) - -ASN1_ITEM_TEMPLATE(KRB5_APREQ) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 14, - KRB5_APREQ, KRB5_APREQBODY) -ASN1_ITEM_TEMPLATE_END(KRB5_APREQ) - -IMPLEMENT_ASN1_FUNCTIONS(KRB5_APREQ) - - -/* Authenticator stuff */ - -ASN1_SEQUENCE(KRB5_CHECKSUM) = { - ASN1_EXP(KRB5_CHECKSUM, ctype, ASN1_INTEGER, 0), - ASN1_EXP(KRB5_CHECKSUM, checksum, ASN1_OCTET_STRING,1) -} ASN1_SEQUENCE_END(KRB5_CHECKSUM) - -IMPLEMENT_ASN1_FUNCTIONS(KRB5_CHECKSUM) - - -ASN1_SEQUENCE(KRB5_ENCKEY) = { - ASN1_EXP(KRB5_ENCKEY, ktype, ASN1_INTEGER, 0), - ASN1_EXP(KRB5_ENCKEY, keyvalue, ASN1_OCTET_STRING,1) -} ASN1_SEQUENCE_END(KRB5_ENCKEY) - -IMPLEMENT_ASN1_FUNCTIONS(KRB5_ENCKEY) - - -/* SEQ OF SEQ; see ASN1_EXP_SEQUENCE_OF_OPT() below */ -ASN1_SEQUENCE(KRB5_AUTHDATA) = { - ASN1_EXP(KRB5_AUTHDATA, adtype, ASN1_INTEGER, 0), - ASN1_EXP(KRB5_AUTHDATA, addata, ASN1_OCTET_STRING,1) -} ASN1_SEQUENCE_END(KRB5_AUTHDATA) - -IMPLEMENT_ASN1_FUNCTIONS(KRB5_AUTHDATA) - - -/* [APPLICATION 2] = 0x62 */ -ASN1_SEQUENCE(KRB5_AUTHENTBODY) = { - ASN1_EXP(KRB5_AUTHENTBODY, avno, ASN1_INTEGER, 0), - ASN1_EXP(KRB5_AUTHENTBODY, crealm, ASN1_GENERALSTRING, 1), - ASN1_EXP(KRB5_AUTHENTBODY, cname, KRB5_PRINCNAME, 2), - ASN1_EXP_OPT(KRB5_AUTHENTBODY, cksum, KRB5_CHECKSUM, 3), - ASN1_EXP(KRB5_AUTHENTBODY, cusec, ASN1_INTEGER, 4), - ASN1_EXP(KRB5_AUTHENTBODY, ctime, ASN1_GENERALIZEDTIME, 5), - ASN1_EXP_OPT(KRB5_AUTHENTBODY, subkey, KRB5_ENCKEY, 6), - ASN1_EXP_OPT(KRB5_AUTHENTBODY, seqnum, ASN1_INTEGER, 7), - ASN1_EXP_SEQUENCE_OF_OPT - (KRB5_AUTHENTBODY, authorization, KRB5_AUTHDATA, 8), -} ASN1_SEQUENCE_END(KRB5_AUTHENTBODY) - -IMPLEMENT_ASN1_FUNCTIONS(KRB5_AUTHENTBODY) - -ASN1_ITEM_TEMPLATE(KRB5_AUTHENT) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 2, - KRB5_AUTHENT, KRB5_AUTHENTBODY) -ASN1_ITEM_TEMPLATE_END(KRB5_AUTHENT) - -IMPLEMENT_ASN1_FUNCTIONS(KRB5_AUTHENT) - diff --git a/src/lib/libcrypto/krb5/krb5_asn.h b/src/lib/libcrypto/krb5/krb5_asn.h deleted file mode 100644 index 3329477b071..00000000000 --- a/src/lib/libcrypto/krb5/krb5_asn.h +++ /dev/null @@ -1,256 +0,0 @@ -/* krb5_asn.h */ -/* Written by Vern Staats for the OpenSSL project, -** using ocsp/{*.h,*asn*.c} as a starting point -*/ - -/* ==================================================================== - * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#ifndef HEADER_KRB5_ASN_H -#define HEADER_KRB5_ASN_H - -/* -#include -*/ -#include - -#ifdef __cplusplus -extern "C" { -#endif - - -/* ASN.1 from Kerberos RFC 1510 -*/ - -/* EncryptedData ::= SEQUENCE { -** etype[0] INTEGER, -- EncryptionType -** kvno[1] INTEGER OPTIONAL, -** cipher[2] OCTET STRING -- ciphertext -** } -*/ -typedef struct krb5_encdata_st - { - ASN1_INTEGER *etype; - ASN1_INTEGER *kvno; - ASN1_OCTET_STRING *cipher; - } KRB5_ENCDATA; - -DECLARE_STACK_OF(KRB5_ENCDATA) - -/* PrincipalName ::= SEQUENCE { -** name-type[0] INTEGER, -** name-string[1] SEQUENCE OF GeneralString -** } -*/ -typedef struct krb5_princname_st - { - ASN1_INTEGER *nametype; - STACK_OF(ASN1_GENERALSTRING) *namestring; - } KRB5_PRINCNAME; - -DECLARE_STACK_OF(KRB5_PRINCNAME) - - -/* Ticket ::= [APPLICATION 1] SEQUENCE { -** tkt-vno[0] INTEGER, -** realm[1] Realm, -** sname[2] PrincipalName, -** enc-part[3] EncryptedData -** } -*/ -typedef struct krb5_tktbody_st - { - ASN1_INTEGER *tktvno; - ASN1_GENERALSTRING *realm; - KRB5_PRINCNAME *sname; - KRB5_ENCDATA *encdata; - } KRB5_TKTBODY; - -typedef STACK_OF(KRB5_TKTBODY) KRB5_TICKET; -DECLARE_STACK_OF(KRB5_TKTBODY) - - -/* AP-REQ ::= [APPLICATION 14] SEQUENCE { -** pvno[0] INTEGER, -** msg-type[1] INTEGER, -** ap-options[2] APOptions, -** ticket[3] Ticket, -** authenticator[4] EncryptedData -** } -** -** APOptions ::= BIT STRING { -** reserved(0), use-session-key(1), mutual-required(2) } -*/ -typedef struct krb5_ap_req_st - { - ASN1_INTEGER *pvno; - ASN1_INTEGER *msgtype; - ASN1_BIT_STRING *apoptions; - KRB5_TICKET *ticket; - KRB5_ENCDATA *authenticator; - } KRB5_APREQBODY; - -typedef STACK_OF(KRB5_APREQBODY) KRB5_APREQ; -DECLARE_STACK_OF(KRB5_APREQBODY) - - -/* Authenticator Stuff */ - - -/* Checksum ::= SEQUENCE { -** cksumtype[0] INTEGER, -** checksum[1] OCTET STRING -** } -*/ -typedef struct krb5_checksum_st - { - ASN1_INTEGER *ctype; - ASN1_OCTET_STRING *checksum; - } KRB5_CHECKSUM; - -DECLARE_STACK_OF(KRB5_CHECKSUM) - - -/* EncryptionKey ::= SEQUENCE { -** keytype[0] INTEGER, -** keyvalue[1] OCTET STRING -** } -*/ -typedef struct krb5_encryptionkey_st - { - ASN1_INTEGER *ktype; - ASN1_OCTET_STRING *keyvalue; - } KRB5_ENCKEY; - -DECLARE_STACK_OF(KRB5_ENCKEY) - - -/* AuthorizationData ::= SEQUENCE OF SEQUENCE { -** ad-type[0] INTEGER, -** ad-data[1] OCTET STRING -** } -*/ -typedef struct krb5_authorization_st - { - ASN1_INTEGER *adtype; - ASN1_OCTET_STRING *addata; - } KRB5_AUTHDATA; - -DECLARE_STACK_OF(KRB5_AUTHDATA) - - -/* -- Unencrypted authenticator -** Authenticator ::= [APPLICATION 2] SEQUENCE { -** authenticator-vno[0] INTEGER, -** crealm[1] Realm, -** cname[2] PrincipalName, -** cksum[3] Checksum OPTIONAL, -** cusec[4] INTEGER, -** ctime[5] KerberosTime, -** subkey[6] EncryptionKey OPTIONAL, -** seq-number[7] INTEGER OPTIONAL, -** authorization-data[8] AuthorizationData OPTIONAL -** } -*/ -typedef struct krb5_authenticator_st - { - ASN1_INTEGER *avno; - ASN1_GENERALSTRING *crealm; - KRB5_PRINCNAME *cname; - KRB5_CHECKSUM *cksum; - ASN1_INTEGER *cusec; - ASN1_GENERALIZEDTIME *ctime; - KRB5_ENCKEY *subkey; - ASN1_INTEGER *seqnum; - KRB5_AUTHDATA *authorization; - } KRB5_AUTHENTBODY; - -typedef STACK_OF(KRB5_AUTHENTBODY) KRB5_AUTHENT; -DECLARE_STACK_OF(KRB5_AUTHENTBODY) - - -/* DECLARE_ASN1_FUNCTIONS(type) = DECLARE_ASN1_FUNCTIONS_name(type, type) = -** type *name##_new(void); -** void name##_free(type *a); -** DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) = -** DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) = -** type *d2i_##name(type **a, unsigned char **in, long len); -** int i2d_##name(type *a, unsigned char **out); -** DECLARE_ASN1_ITEM(itname) = OPENSSL_EXTERN const ASN1_ITEM itname##_it -*/ - -DECLARE_ASN1_FUNCTIONS(KRB5_ENCDATA) -DECLARE_ASN1_FUNCTIONS(KRB5_PRINCNAME) -DECLARE_ASN1_FUNCTIONS(KRB5_TKTBODY) -DECLARE_ASN1_FUNCTIONS(KRB5_APREQBODY) -DECLARE_ASN1_FUNCTIONS(KRB5_TICKET) -DECLARE_ASN1_FUNCTIONS(KRB5_APREQ) - -DECLARE_ASN1_FUNCTIONS(KRB5_CHECKSUM) -DECLARE_ASN1_FUNCTIONS(KRB5_ENCKEY) -DECLARE_ASN1_FUNCTIONS(KRB5_AUTHDATA) -DECLARE_ASN1_FUNCTIONS(KRB5_AUTHENTBODY) -DECLARE_ASN1_FUNCTIONS(KRB5_AUTHENT) - - -/* BEGIN ERROR CODES */ -/* The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - -#ifdef __cplusplus -} -#endif -#endif - diff --git a/src/lib/libcrypto/lhash/Makefile.ssl b/src/lib/libcrypto/lhash/Makefile.ssl deleted file mode 100644 index 324e360143c..00000000000 --- a/src/lib/libcrypto/lhash/Makefile.ssl +++ /dev/null @@ -1,93 +0,0 @@ -# -# SSLeay/crypto/lhash/Makefile -# - -DIR= lhash -TOP= ../.. -CC= cc -INCLUDES= -CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKE= make -f Makefile.ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) -MAKEFILE= Makefile.ssl -AR= ar r - -CFLAGS= $(INCLUDES) $(CFLAG) - -GENERAL=Makefile -TEST= -APPS= - -LIB=$(TOP)/libcrypto.a -LIBSRC=lhash.c lh_stats.c -LIBOBJ=lhash.o lh_stats.o - -SRC= $(LIBSRC) - -EXHEADER= lhash.h -HEADER= $(EXHEADER) - -ALL= $(GENERAL) $(SRC) $(HEADER) - -top: - (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) - -all: lib - -lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) || echo Never mind. - @touch lib - -files: - $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO - -links: - @sh $(TOP)/util/point.sh Makefile.ssl Makefile - @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) - @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) - @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) - -install: - @for i in $(EXHEADER) ; \ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; - -tags: - ctags $(SRC) - -tests: - -lint: - lint -DLINT $(INCLUDES) $(SRC)>fluff - -depend: - $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) - -dclean: - $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new - mv -f Makefile.new $(MAKEFILE) - -clean: - rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff - -# DO NOT DELETE THIS LINE -- make depend depends on it. - -lh_stats.o: ../../e_os.h ../../include/openssl/bio.h -lh_stats.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -lh_stats.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -lh_stats.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -lh_stats.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -lh_stats.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -lh_stats.o: ../cryptlib.h lh_stats.c -lhash.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h -lhash.o: ../../include/openssl/e_os2.h ../../include/openssl/lhash.h -lhash.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -lhash.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -lhash.o: ../../include/openssl/symhacks.h lhash.c diff --git a/src/lib/libcrypto/lhash/lh_stats.c b/src/lib/libcrypto/lhash/lh_stats.c index 39ea2885f48..e7dde478065 100644 --- a/src/lib/libcrypto/lhash/lh_stats.c +++ b/src/lib/libcrypto/lhash/lh_stats.c @@ -1,25 +1,25 @@ -/* crypto/lhash/lh_stats.c */ +/* $OpenBSD: lh_stats.c,v 1.12 2014/07/11 08:44:48 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -59,9 +59,8 @@ #include #include #include -/* If you wish to build this outside of SSLeay, remove the following lines - * and things should work as expected */ -#include "cryptlib.h" + +#include #ifndef OPENSSL_NO_BIO #include @@ -70,205 +69,186 @@ #ifdef OPENSSL_NO_BIO -void lh_stats(LHASH *lh, FILE *out) - { - fprintf(out,"num_items = %lu\n",lh->num_items); - fprintf(out,"num_nodes = %u\n",lh->num_nodes); - fprintf(out,"num_alloc_nodes = %u\n",lh->num_alloc_nodes); - fprintf(out,"num_expands = %lu\n",lh->num_expands); - fprintf(out,"num_expand_reallocs = %lu\n",lh->num_expand_reallocs); - fprintf(out,"num_contracts = %lu\n",lh->num_contracts); - fprintf(out,"num_contract_reallocs = %lu\n",lh->num_contract_reallocs); - fprintf(out,"num_hash_calls = %lu\n",lh->num_hash_calls); - fprintf(out,"num_comp_calls = %lu\n",lh->num_comp_calls); - fprintf(out,"num_insert = %lu\n",lh->num_insert); - fprintf(out,"num_replace = %lu\n",lh->num_replace); - fprintf(out,"num_delete = %lu\n",lh->num_delete); - fprintf(out,"num_no_delete = %lu\n",lh->num_no_delete); - fprintf(out,"num_retrieve = %lu\n",lh->num_retrieve); - fprintf(out,"num_retrieve_miss = %lu\n",lh->num_retrieve_miss); - fprintf(out,"num_hash_comps = %lu\n",lh->num_hash_comps); +void +lh_stats(LHASH *lh, FILE *out) +{ + fprintf(out, "num_items = %lu\n", lh->num_items); + fprintf(out, "num_nodes = %u\n", lh->num_nodes); + fprintf(out, "num_alloc_nodes = %u\n", lh->num_alloc_nodes); + fprintf(out, "num_expands = %lu\n", lh->num_expands); + fprintf(out, "num_expand_reallocs = %lu\n", lh->num_expand_reallocs); + fprintf(out, "num_contracts = %lu\n", lh->num_contracts); + fprintf(out, "num_contract_reallocs = %lu\n", + lh->num_contract_reallocs); + fprintf(out, "num_hash_calls = %lu\n", lh->num_hash_calls); + fprintf(out, "num_comp_calls = %lu\n", lh->num_comp_calls); + fprintf(out, "num_insert = %lu\n", lh->num_insert); + fprintf(out, "num_replace = %lu\n", lh->num_replace); + fprintf(out, "num_delete = %lu\n", lh->num_delete); + fprintf(out, "num_no_delete = %lu\n", lh->num_no_delete); + fprintf(out, "num_retrieve = %lu\n", lh->num_retrieve); + fprintf(out, "num_retrieve_miss = %lu\n", lh->num_retrieve_miss); + fprintf(out, "num_hash_comps = %lu\n", lh->num_hash_comps); #if 0 - fprintf(out,"p = %u\n",lh->p); - fprintf(out,"pmax = %u\n",lh->pmax); - fprintf(out,"up_load = %lu\n",lh->up_load); - fprintf(out,"down_load = %lu\n",lh->down_load); + fprintf(out, "p = %u\n", lh->p); + fprintf(out, "pmax = %u\n", lh->pmax); + fprintf(out, "up_load = %lu\n", lh->up_load); + fprintf(out, "down_load = %lu\n", lh->down_load); #endif - } +} -void lh_node_stats(LHASH *lh, FILE *out) - { +void +lh_node_stats(LHASH *lh, FILE *out) +{ LHASH_NODE *n; - unsigned int i,num; + unsigned int i, num; - for (i=0; inum_nodes; i++) - { - for (n=lh->b[i],num=0; n != NULL; n=n->next) + for (i = 0; i < lh->num_nodes; i++) { + for (n = lh->b[i], num = 0; n != NULL; n = n->next) num++; - fprintf(out,"node %6u -> %3u\n",i,num); - } + fprintf(out, "node %6u -> %3u\n", i, num); } +} -void lh_node_usage_stats(LHASH *lh, FILE *out) - { +void +lh_node_usage_stats(LHASH *lh, FILE *out) +{ LHASH_NODE *n; unsigned long num; unsigned int i; - unsigned long total=0,n_used=0; + unsigned long total = 0, n_used = 0; - for (i=0; inum_nodes; i++) - { - for (n=lh->b[i],num=0; n != NULL; n=n->next) + for (i = 0; i < lh->num_nodes; i++) { + for (n = lh->b[i], num = 0; n != NULL; n = n->next) num++; - if (num != 0) - { + if (num != 0) { n_used++; - total+=num; - } + total += num; } - fprintf(out,"%lu nodes used out of %u\n",n_used,lh->num_nodes); - fprintf(out,"%lu items\n",total); - if (n_used == 0) return; - fprintf(out,"load %d.%02d actual load %d.%02d\n", - (int)(total/lh->num_nodes), - (int)((total%lh->num_nodes)*100/lh->num_nodes), - (int)(total/n_used), - (int)((total%n_used)*100/n_used)); } + fprintf(out, "%lu nodes used out of %u\n", n_used, lh->num_nodes); + fprintf(out, "%lu items\n", total); + if (n_used == 0) + return; + fprintf(out, "load %d.%02d actual load %d.%02d\n", + (int)(total / lh->num_nodes), + (int)((total % lh->num_nodes) * 100 / lh->num_nodes), + (int)(total / n_used), + (int)((total % n_used) * 100 / n_used)); +} #else -#ifndef OPENSSL_NO_FP_API -void lh_stats(const LHASH *lh, FILE *fp) - { +void +lh_stats(const _LHASH *lh, FILE *fp) +{ BIO *bp; - bp=BIO_new(BIO_s_file()); - if (bp == NULL) goto end; - BIO_set_fp(bp,fp,BIO_NOCLOSE); - lh_stats_bio(lh,bp); + bp = BIO_new(BIO_s_file()); + if (bp == NULL) + goto end; + BIO_set_fp(bp, fp, BIO_NOCLOSE); + lh_stats_bio(lh, bp); BIO_free(bp); end:; - } +} -void lh_node_stats(const LHASH *lh, FILE *fp) - { +void +lh_node_stats(const _LHASH *lh, FILE *fp) +{ BIO *bp; - bp=BIO_new(BIO_s_file()); - if (bp == NULL) goto end; - BIO_set_fp(bp,fp,BIO_NOCLOSE); - lh_node_stats_bio(lh,bp); + bp = BIO_new(BIO_s_file()); + if (bp == NULL) + goto end; + BIO_set_fp(bp, fp, BIO_NOCLOSE); + lh_node_stats_bio(lh, bp); BIO_free(bp); end:; - } +} -void lh_node_usage_stats(const LHASH *lh, FILE *fp) - { +void +lh_node_usage_stats(const _LHASH *lh, FILE *fp) +{ BIO *bp; - bp=BIO_new(BIO_s_file()); - if (bp == NULL) goto end; - BIO_set_fp(bp,fp,BIO_NOCLOSE); - lh_node_usage_stats_bio(lh,bp); + bp = BIO_new(BIO_s_file()); + if (bp == NULL) + goto end; + BIO_set_fp(bp, fp, BIO_NOCLOSE); + lh_node_usage_stats_bio(lh, bp); BIO_free(bp); end:; - } - -#endif - -void lh_stats_bio(const LHASH *lh, BIO *out) - { - char buf[128]; - - sprintf(buf,"num_items = %lu\n",lh->num_items); - BIO_puts(out,buf); - sprintf(buf,"num_nodes = %u\n",lh->num_nodes); - BIO_puts(out,buf); - sprintf(buf,"num_alloc_nodes = %u\n",lh->num_alloc_nodes); - BIO_puts(out,buf); - sprintf(buf,"num_expands = %lu\n",lh->num_expands); - BIO_puts(out,buf); - sprintf(buf,"num_expand_reallocs = %lu\n",lh->num_expand_reallocs); - BIO_puts(out,buf); - sprintf(buf,"num_contracts = %lu\n",lh->num_contracts); - BIO_puts(out,buf); - sprintf(buf,"num_contract_reallocs = %lu\n",lh->num_contract_reallocs); - BIO_puts(out,buf); - sprintf(buf,"num_hash_calls = %lu\n",lh->num_hash_calls); - BIO_puts(out,buf); - sprintf(buf,"num_comp_calls = %lu\n",lh->num_comp_calls); - BIO_puts(out,buf); - sprintf(buf,"num_insert = %lu\n",lh->num_insert); - BIO_puts(out,buf); - sprintf(buf,"num_replace = %lu\n",lh->num_replace); - BIO_puts(out,buf); - sprintf(buf,"num_delete = %lu\n",lh->num_delete); - BIO_puts(out,buf); - sprintf(buf,"num_no_delete = %lu\n",lh->num_no_delete); - BIO_puts(out,buf); - sprintf(buf,"num_retrieve = %lu\n",lh->num_retrieve); - BIO_puts(out,buf); - sprintf(buf,"num_retrieve_miss = %lu\n",lh->num_retrieve_miss); - BIO_puts(out,buf); - sprintf(buf,"num_hash_comps = %lu\n",lh->num_hash_comps); - BIO_puts(out,buf); +} + + +void +lh_stats_bio(const _LHASH *lh, BIO *out) +{ + BIO_printf(out, "num_items = %lu\n", lh->num_items); + BIO_printf(out, "num_nodes = %u\n", lh->num_nodes); + BIO_printf(out, "num_alloc_nodes = %u\n", lh->num_alloc_nodes); + BIO_printf(out, "num_expands = %lu\n", lh->num_expands); + BIO_printf(out, "num_expand_reallocs = %lu\n", + lh->num_expand_reallocs); + BIO_printf(out, "num_contracts = %lu\n", lh->num_contracts); + BIO_printf(out, "num_contract_reallocs = %lu\n", + lh->num_contract_reallocs); + BIO_printf(out, "num_hash_calls = %lu\n", lh->num_hash_calls); + BIO_printf(out, "num_comp_calls = %lu\n", lh->num_comp_calls); + BIO_printf(out, "num_insert = %lu\n", lh->num_insert); + BIO_printf(out, "num_replace = %lu\n", lh->num_replace); + BIO_printf(out, "num_delete = %lu\n", lh->num_delete); + BIO_printf(out, "num_no_delete = %lu\n", lh->num_no_delete); + BIO_printf(out, "num_retrieve = %lu\n", lh->num_retrieve); + BIO_printf(out, "num_retrieve_miss = %lu\n", lh->num_retrieve_miss); + BIO_printf(out, "num_hash_comps = %lu\n", lh->num_hash_comps); #if 0 - sprintf(buf,"p = %u\n",lh->p); - BIO_puts(out,buf); - sprintf(buf,"pmax = %u\n",lh->pmax); - BIO_puts(out,buf); - sprintf(buf,"up_load = %lu\n",lh->up_load); - BIO_puts(out,buf); - sprintf(buf,"down_load = %lu\n",lh->down_load); - BIO_puts(out,buf); + BIO_printf(out, "p = %u\n", lh->p); + BIO_printf(out, "pmax = %u\n", lh->pmax); + BIO_printf(out, "up_load = %lu\n", lh->up_load); + BIO_printf(out, "down_load = %lu\n", lh->down_load); #endif - } +} -void lh_node_stats_bio(const LHASH *lh, BIO *out) - { +void +lh_node_stats_bio(const _LHASH *lh, BIO *out) +{ LHASH_NODE *n; - unsigned int i,num; - char buf[128]; + unsigned int i, num; - for (i=0; inum_nodes; i++) - { - for (n=lh->b[i],num=0; n != NULL; n=n->next) + for (i = 0; i < lh->num_nodes; i++) { + for (n = lh->b[i], num = 0; n != NULL; n = n->next) num++; - sprintf(buf,"node %6u -> %3u\n",i,num); - BIO_puts(out,buf); - } + BIO_printf(out, "node %6u -> %3u\n", i, num); } +} -void lh_node_usage_stats_bio(const LHASH *lh, BIO *out) - { +void +lh_node_usage_stats_bio(const _LHASH *lh, BIO *out) +{ LHASH_NODE *n; unsigned long num; unsigned int i; - unsigned long total=0,n_used=0; - char buf[128]; + unsigned long total = 0, n_used = 0; - for (i=0; inum_nodes; i++) - { - for (n=lh->b[i],num=0; n != NULL; n=n->next) + for (i = 0; i < lh->num_nodes; i++) { + for (n = lh->b[i], num = 0; n != NULL; n = n->next) num++; - if (num != 0) - { + if (num != 0) { n_used++; - total+=num; - } + total += num; } - sprintf(buf,"%lu nodes used out of %u\n",n_used,lh->num_nodes); - BIO_puts(out,buf); - sprintf(buf,"%lu items\n",total); - BIO_puts(out,buf); - if (n_used == 0) return; - sprintf(buf,"load %d.%02d actual load %d.%02d\n", - (int)(total/lh->num_nodes), - (int)((total%lh->num_nodes)*100/lh->num_nodes), - (int)(total/n_used), - (int)((total%n_used)*100/n_used)); - BIO_puts(out,buf); } + BIO_printf(out, "%lu nodes used out of %u\n", n_used, lh->num_nodes); + BIO_printf(out, "%lu items\n", total); + if (n_used == 0) + return; + BIO_printf(out, "load %d.%02d actual load %d.%02d\n", + (int)(total / lh->num_nodes), + (int)((total % lh->num_nodes) * 100 / lh->num_nodes), + (int)(total / n_used), + (int)((total % n_used) * 100 / n_used)); +} #endif diff --git a/src/lib/libcrypto/lhash/lh_test.c b/src/lib/libcrypto/lhash/lh_test.c deleted file mode 100644 index 85700c859bf..00000000000 --- a/src/lib/libcrypto/lhash/lh_test.c +++ /dev/null @@ -1,88 +0,0 @@ -/* crypto/lhash/lh_test.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include -#include - -main() - { - LHASH *conf; - char buf[256]; - int i; - - conf=lh_new(lh_strhash,strcmp); - for (;;) - { - char *p; - - buf[0]='\0'; - fgets(buf,256,stdin); - if (buf[0] == '\0') break; - i=strlen(buf); - p=OPENSSL_malloc(i+1); - memcpy(p,buf,i+1); - lh_insert(conf,p); - } - - lh_node_stats(conf,stdout); - lh_stats(conf,stdout); - lh_node_usage_stats(conf,stdout); - exit(0); - } diff --git a/src/lib/libcrypto/lhash/lhash.c b/src/lib/libcrypto/lhash/lhash.c index 0a16fcf27d5..ac6cc43ea58 100644 --- a/src/lib/libcrypto/lhash/lhash.c +++ b/src/lib/libcrypto/lhash/lhash.c @@ -1,25 +1,25 @@ -/* crypto/lhash/lhash.c */ +/* $OpenBSD: lhash.c,v 1.18 2016/11/08 20:20:06 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -97,374 +97,361 @@ #include #include #include + +#include + #include #include -const char *lh_version="lhash" OPENSSL_VERSION_PTEXT; - -#undef MIN_NODES +#undef MIN_NODES #define MIN_NODES 16 #define UP_LOAD (2*LH_LOAD_MULT) /* load times 256 (default 2) */ #define DOWN_LOAD (LH_LOAD_MULT) /* load times 256 (default 1) */ -static void expand(LHASH *lh); -static void contract(LHASH *lh); -static LHASH_NODE **getrn(LHASH *lh, const void *data, unsigned long *rhash); +static void expand(_LHASH *lh); +static void contract(_LHASH *lh); +static LHASH_NODE **getrn(_LHASH *lh, const void *data, unsigned long *rhash); -LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c) - { - LHASH *ret; +_LHASH * +lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c) +{ + _LHASH *ret; int i; - if ((ret=(LHASH *)OPENSSL_malloc(sizeof(LHASH))) == NULL) + if ((ret = malloc(sizeof(_LHASH))) == NULL) goto err0; - if ((ret->b=(LHASH_NODE **)OPENSSL_malloc(sizeof(LHASH_NODE *)*MIN_NODES)) == NULL) + if ((ret->b = reallocarray(NULL, MIN_NODES, sizeof(LHASH_NODE *))) == NULL) goto err1; - for (i=0; ib[i]=NULL; - ret->comp=((c == NULL)?(LHASH_COMP_FN_TYPE)strcmp:c); - ret->hash=((h == NULL)?(LHASH_HASH_FN_TYPE)lh_strhash:h); - ret->num_nodes=MIN_NODES/2; - ret->num_alloc_nodes=MIN_NODES; - ret->p=0; - ret->pmax=MIN_NODES/2; - ret->up_load=UP_LOAD; - ret->down_load=DOWN_LOAD; - ret->num_items=0; - - ret->num_expands=0; - ret->num_expand_reallocs=0; - ret->num_contracts=0; - ret->num_contract_reallocs=0; - ret->num_hash_calls=0; - ret->num_comp_calls=0; - ret->num_insert=0; - ret->num_replace=0; - ret->num_delete=0; - ret->num_no_delete=0; - ret->num_retrieve=0; - ret->num_retrieve_miss=0; - ret->num_hash_comps=0; - - ret->error=0; - return(ret); + for (i = 0; i < MIN_NODES; i++) + ret->b[i] = NULL; + ret->comp = ((c == NULL) ? (LHASH_COMP_FN_TYPE)strcmp : c); + ret->hash = ((h == NULL) ? (LHASH_HASH_FN_TYPE)lh_strhash : h); + ret->num_nodes = MIN_NODES / 2; + ret->num_alloc_nodes = MIN_NODES; + ret->p = 0; + ret->pmax = MIN_NODES / 2; + ret->up_load = UP_LOAD; + ret->down_load = DOWN_LOAD; + ret->num_items = 0; + + ret->num_expands = 0; + ret->num_expand_reallocs = 0; + ret->num_contracts = 0; + ret->num_contract_reallocs = 0; + ret->num_hash_calls = 0; + ret->num_comp_calls = 0; + ret->num_insert = 0; + ret->num_replace = 0; + ret->num_delete = 0; + ret->num_no_delete = 0; + ret->num_retrieve = 0; + ret->num_retrieve_miss = 0; + ret->num_hash_comps = 0; + + ret->error = 0; + return (ret); + err1: - OPENSSL_free(ret); + free(ret); err0: - return(NULL); - } + return (NULL); +} -void lh_free(LHASH *lh) - { +void +lh_free(_LHASH *lh) +{ unsigned int i; - LHASH_NODE *n,*nn; + LHASH_NODE *n, *nn; if (lh == NULL) - return; - - for (i=0; inum_nodes; i++) - { - n=lh->b[i]; - while (n != NULL) - { - nn=n->next; - OPENSSL_free(n); - n=nn; - } + return; + + for (i = 0; i < lh->num_nodes; i++) { + n = lh->b[i]; + while (n != NULL) { + nn = n->next; + free(n); + n = nn; } - OPENSSL_free(lh->b); - OPENSSL_free(lh); } + free(lh->b); + free(lh); +} -void *lh_insert(LHASH *lh, const void *data) - { +void * +lh_insert(_LHASH *lh, void *data) +{ unsigned long hash; - LHASH_NODE *nn,**rn; - const void *ret; + LHASH_NODE *nn, **rn; + void *ret; - lh->error=0; - if (lh->up_load <= (lh->num_items*LH_LOAD_MULT/lh->num_nodes)) + lh->error = 0; + if (lh->up_load <= (lh->num_items * LH_LOAD_MULT / lh->num_nodes)) expand(lh); - rn=getrn(lh,data,&hash); + rn = getrn(lh, data, &hash); - if (*rn == NULL) - { - if ((nn=(LHASH_NODE *)OPENSSL_malloc(sizeof(LHASH_NODE))) == NULL) - { + if (*rn == NULL) { + if ((nn = malloc(sizeof(LHASH_NODE))) == NULL) { lh->error++; - return(NULL); - } - nn->data=data; - nn->next=NULL; + return (NULL); + } + nn->data = data; + nn->next = NULL; #ifndef OPENSSL_NO_HASH_COMP - nn->hash=hash; + nn->hash = hash; #endif - *rn=nn; - ret=NULL; + *rn = nn; + ret = NULL; lh->num_insert++; lh->num_items++; - } + } else /* replace same key */ - { - ret= (*rn)->data; - (*rn)->data=data; + { + ret = (*rn)->data; + (*rn)->data = data; lh->num_replace++; - } - return((void *)ret); } + return (ret); +} -void *lh_delete(LHASH *lh, const void *data) - { +void * +lh_delete(_LHASH *lh, const void *data) +{ unsigned long hash; - LHASH_NODE *nn,**rn; - const void *ret; + LHASH_NODE *nn, **rn; + void *ret; - lh->error=0; - rn=getrn(lh,data,&hash); + lh->error = 0; + rn = getrn(lh, data, &hash); - if (*rn == NULL) - { + if (*rn == NULL) { lh->num_no_delete++; - return(NULL); - } - else - { + return (NULL); + } else { nn= *rn; - *rn=nn->next; - ret=nn->data; - OPENSSL_free(nn); + *rn = nn->next; + ret = nn->data; + free(nn); lh->num_delete++; - } + } lh->num_items--; if ((lh->num_nodes > MIN_NODES) && - (lh->down_load >= (lh->num_items*LH_LOAD_MULT/lh->num_nodes))) + (lh->down_load >= (lh->num_items * LH_LOAD_MULT / lh->num_nodes))) contract(lh); - return((void *)ret); - } + return (ret); +} -void *lh_retrieve(LHASH *lh, const void *data) - { +void * +lh_retrieve(_LHASH *lh, const void *data) +{ unsigned long hash; LHASH_NODE **rn; - const void *ret; + void *ret; - lh->error=0; - rn=getrn(lh,data,&hash); + lh->error = 0; + rn = getrn(lh, data, &hash); - if (*rn == NULL) - { + if (*rn == NULL) { lh->num_retrieve_miss++; - return(NULL); - } - else - { - ret= (*rn)->data; + return (NULL); + } else { + ret = (*rn)->data; lh->num_retrieve++; - } - return((void *)ret); } + return (ret); +} -static void doall_util_fn(LHASH *lh, int use_arg, LHASH_DOALL_FN_TYPE func, - LHASH_DOALL_ARG_FN_TYPE func_arg, void *arg) - { +static void +doall_util_fn(_LHASH *lh, int use_arg, LHASH_DOALL_FN_TYPE func, + LHASH_DOALL_ARG_FN_TYPE func_arg, void *arg) +{ int i; - LHASH_NODE *a,*n; + LHASH_NODE *a, *n; + + if (lh == NULL) + return; /* reverse the order so we search from 'top to bottom' * We were having memory leaks otherwise */ - for (i=lh->num_nodes-1; i>=0; i--) - { - a=lh->b[i]; - while (a != NULL) - { + for (i = lh->num_nodes - 1; i >= 0; i--) { + a = lh->b[i]; + while (a != NULL) { /* 28/05/91 - eay - n added so items can be deleted * via lh_doall */ - n=a->next; - if(use_arg) - func_arg(a->data,arg); + /* 22/05/08 - ben - eh? since a is not passed, + * this should not be needed */ + n = a->next; + if (use_arg) + func_arg(a->data, arg); else func(a->data); - a=n; - } + a = n; } } +} -void lh_doall(LHASH *lh, LHASH_DOALL_FN_TYPE func) - { +void +lh_doall(_LHASH *lh, LHASH_DOALL_FN_TYPE func) +{ doall_util_fn(lh, 0, func, (LHASH_DOALL_ARG_FN_TYPE)0, NULL); - } +} -void lh_doall_arg(LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg) - { +void +lh_doall_arg(_LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg) +{ doall_util_fn(lh, 1, (LHASH_DOALL_FN_TYPE)0, func, arg); - } +} -static void expand(LHASH *lh) - { - LHASH_NODE **n,**n1,**n2,*np; - unsigned int p,i,j; - unsigned long hash,nni; +static void +expand(_LHASH *lh) +{ + LHASH_NODE **n, **n1, **n2, *np; + unsigned int p, i, j; + unsigned long hash, nni; lh->num_nodes++; lh->num_expands++; - p=(int)lh->p++; - n1= &(lh->b[p]); - n2= &(lh->b[p+(int)lh->pmax]); - *n2=NULL; /* 27/07/92 - eay - undefined pointer bug */ - nni=lh->num_alloc_nodes; - - for (np= *n1; np != NULL; ) - { + p = (int)lh->p++; + n1 = &(lh->b[p]); + n2 = &(lh->b[p + (int)lh->pmax]); + *n2 = NULL; /* 27/07/92 - eay - undefined pointer bug */ + nni = lh->num_alloc_nodes; + + for (np = *n1; np != NULL; ) { #ifndef OPENSSL_NO_HASH_COMP - hash=np->hash; + hash = np->hash; #else - hash=lh->hash(np->data); + hash = lh->hash(np->data); lh->num_hash_calls++; #endif - if ((hash%nni) != p) - { /* move it */ - *n1= (*n1)->next; + if ((hash % nni) != p) { /* move it */ + *n1 = (*n1)->next; np->next= *n2; - *n2=np; - } - else - n1= &((*n1)->next); + *n2 = np; + } else + n1 = &((*n1)->next); np= *n1; - } + } - if ((lh->p) >= lh->pmax) - { - j=(int)lh->num_alloc_nodes*2; - n=(LHASH_NODE **)OPENSSL_realloc(lh->b, - (unsigned int)sizeof(LHASH_NODE *)*j); - if (n == NULL) - { -/* fputs("realloc error in lhash",stderr); */ + if ((lh->p) >= lh->pmax) { + j = (int)lh->num_alloc_nodes * 2; + n = reallocarray(lh->b, j, sizeof(LHASH_NODE *)); + if (n == NULL) { +/* fputs("realloc error in lhash", stderr); */ lh->error++; - lh->p=0; + lh->p = 0; return; - } + } /* else */ - for (i=(int)lh->num_alloc_nodes; ipmax=lh->num_alloc_nodes; - lh->num_alloc_nodes=j; + for (i = (int)lh->num_alloc_nodes; i < j; i++)/* 26/02/92 eay */ + n[i] = NULL; /* 02/03/92 eay */ + lh->pmax = lh->num_alloc_nodes; + lh->num_alloc_nodes = j; lh->num_expand_reallocs++; - lh->p=0; - lh->b=n; - } + lh->p = 0; + lh->b = n; } - -static void contract(LHASH *lh) - { - LHASH_NODE **n,*n1,*np; - - np=lh->b[lh->p+lh->pmax-1]; - lh->b[lh->p+lh->pmax-1]=NULL; /* 24/07-92 - eay - weird but :-( */ - if (lh->p == 0) - { - n=(LHASH_NODE **)OPENSSL_realloc(lh->b, - (unsigned int)(sizeof(LHASH_NODE *)*lh->pmax)); - if (n == NULL) - { -/* fputs("realloc error in lhash",stderr); */ +} + +static void +contract(_LHASH *lh) +{ + LHASH_NODE **n, *n1, *np; + + np = lh->b[lh->p + lh->pmax - 1]; + lh->b[lh->p+lh->pmax - 1] = NULL; /* 24/07-92 - eay - weird but :-( */ + if (lh->p == 0) { + n = reallocarray(lh->b, lh->pmax, sizeof(LHASH_NODE *)); + if (n == NULL) { +/* fputs("realloc error in lhash", stderr); */ lh->error++; return; - } - lh->num_contract_reallocs++; - lh->num_alloc_nodes/=2; - lh->pmax/=2; - lh->p=lh->pmax-1; - lh->b=n; } - else + lh->num_contract_reallocs++; + lh->num_alloc_nodes /= 2; + lh->pmax /= 2; + lh->p = lh->pmax - 1; + lh->b = n; + } else lh->p--; lh->num_nodes--; lh->num_contracts++; - n1=lh->b[(int)lh->p]; + n1 = lh->b[(int)lh->p]; if (n1 == NULL) - lh->b[(int)lh->p]=np; - else - { + lh->b[(int)lh->p] = np; + else { while (n1->next != NULL) - n1=n1->next; - n1->next=np; - } + n1 = n1->next; + n1->next = np; } +} -static LHASH_NODE **getrn(LHASH *lh, const void *data, unsigned long *rhash) - { - LHASH_NODE **ret,*n1; - unsigned long hash,nn; - int (*cf)(); +static LHASH_NODE **getrn(_LHASH *lh, const void *data, unsigned long *rhash) +{ + LHASH_NODE **ret, *n1; + unsigned long hash, nn; + LHASH_COMP_FN_TYPE cf; - hash=(*(lh->hash))(data); + hash = (*(lh->hash))(data); lh->num_hash_calls++; - *rhash=hash; + *rhash = hash; - nn=hash%lh->pmax; + nn = hash % lh->pmax; if (nn < lh->p) - nn=hash%lh->num_alloc_nodes; + nn = hash % lh->num_alloc_nodes; - cf=lh->comp; - ret= &(lh->b[(int)nn]); - for (n1= *ret; n1 != NULL; n1=n1->next) - { + cf = lh->comp; + ret = &(lh->b[(int)nn]); + for (n1 = *ret; n1 != NULL; n1 = n1->next) { #ifndef OPENSSL_NO_HASH_COMP lh->num_hash_comps++; - if (n1->hash != hash) - { - ret= &(n1->next); + if (n1->hash != hash) { + ret = &(n1->next); continue; - } + } #endif lh->num_comp_calls++; - if(cf(n1->data,data) == 0) + if (cf(n1->data, data) == 0) break; - ret= &(n1->next); - } - return(ret); + ret = &(n1->next); } + return (ret); +} /* The following hash seems to work very well on normal text strings * no collisions on /usr/dict/words and it distributes on %2^n quite * well, not as good as MD5, but still good. */ -unsigned long lh_strhash(const char *c) - { - unsigned long ret=0; - long n; - unsigned long v; - int r; - - if ((c == NULL) || (*c == '\0')) - return(ret); -/* - unsigned char b[16]; - MD5(c,strlen(c),b); - return(b[0]|(b[1]<<8)|(b[2]<<16)|(b[3]<<24)); -*/ - - n=0x100; - while (*c) - { - v=n|(*c); - n+=0x100; - r= (int)((v>>2)^v)&0x0f; - ret=(ret<>(32-r)); - ret&=0xFFFFFFFFL; - ret^=v*v; +unsigned long +lh_strhash(const char *c) +{ + unsigned long ret = 0; + unsigned long n, v; + unsigned int r; + + if (c == NULL || *c == '\0') + return ret; + + n = 0x100; + while (*c) { + v = n | *c; + n += 0x100; + if ((r = ((v >> 2) ^ v) & 0x0f) != 0) + ret = (ret << r) | (ret >> (32 - r)); + ret &= 0xFFFFFFFFUL; + ret ^= v * v; c++; - } - return((ret>>16)^ret); } + return (ret >> 16) ^ ret; +} -unsigned long lh_num_items(const LHASH *lh) - { +unsigned long +lh_num_items(const _LHASH *lh) +{ return lh ? lh->num_items : 0; - } +} diff --git a/src/lib/libcrypto/lhash/lhash.h b/src/lib/libcrypto/lhash/lhash.h index dee8207333b..9c63657396b 100644 --- a/src/lib/libcrypto/lhash/lhash.h +++ b/src/lib/libcrypto/lhash/lhash.h @@ -1,25 +1,25 @@ -/* crypto/lhash/lhash.h */ +/* $OpenBSD: lhash.h,v 1.12 2014/06/12 15:49:29 deraadt Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -63,9 +63,9 @@ #ifndef HEADER_LHASH_H #define HEADER_LHASH_H -#ifndef OPENSSL_NO_FP_API +#include + #include -#endif #ifndef OPENSSL_NO_BIO #include @@ -75,19 +75,18 @@ extern "C" { #endif -typedef struct lhash_node_st - { - const void *data; +typedef struct lhash_node_st { + void *data; struct lhash_node_st *next; #ifndef OPENSSL_NO_HASH_COMP unsigned long hash; #endif - } LHASH_NODE; +} LHASH_NODE; typedef int (*LHASH_COMP_FN_TYPE)(const void *, const void *); typedef unsigned long (*LHASH_HASH_FN_TYPE)(const void *); -typedef void (*LHASH_DOALL_FN_TYPE)(const void *); -typedef void (*LHASH_DOALL_ARG_FN_TYPE)(const void *, void *); +typedef void (*LHASH_DOALL_FN_TYPE)(void *); +typedef void (*LHASH_DOALL_ARG_FN_TYPE)(void *, void *); /* Macros for declaring and implementing type-safe wrappers for LHASH callbacks. * This way, callbacks can be provided to LHASH structures without function @@ -97,45 +96,44 @@ typedef void (*LHASH_DOALL_ARG_FN_TYPE)(const void *, void *); * macros if the functions are strictly internal. */ /* First: "hash" functions */ -#define DECLARE_LHASH_HASH_FN(f_name,o_type) \ - unsigned long f_name##_LHASH_HASH(const void *); -#define IMPLEMENT_LHASH_HASH_FN(f_name,o_type) \ - unsigned long f_name##_LHASH_HASH(const void *arg) { \ - o_type a = (o_type)arg; \ - return f_name(a); } -#define LHASH_HASH_FN(f_name) f_name##_LHASH_HASH +#define DECLARE_LHASH_HASH_FN(name, o_type) \ + unsigned long name##_LHASH_HASH(const void *); +#define IMPLEMENT_LHASH_HASH_FN(name, o_type) \ + unsigned long name##_LHASH_HASH(const void *arg) { \ + const o_type *a = arg; \ + return name##_hash(a); } +#define LHASH_HASH_FN(name) name##_LHASH_HASH /* Second: "compare" functions */ -#define DECLARE_LHASH_COMP_FN(f_name,o_type) \ - int f_name##_LHASH_COMP(const void *, const void *); -#define IMPLEMENT_LHASH_COMP_FN(f_name,o_type) \ - int f_name##_LHASH_COMP(const void *arg1, const void *arg2) { \ - o_type a = (o_type)arg1; \ - o_type b = (o_type)arg2; \ - return f_name(a,b); } -#define LHASH_COMP_FN(f_name) f_name##_LHASH_COMP +#define DECLARE_LHASH_COMP_FN(name, o_type) \ + int name##_LHASH_COMP(const void *, const void *); +#define IMPLEMENT_LHASH_COMP_FN(name, o_type) \ + int name##_LHASH_COMP(const void *arg1, const void *arg2) { \ + const o_type *a = arg1; \ + const o_type *b = arg2; \ + return name##_cmp(a,b); } +#define LHASH_COMP_FN(name) name##_LHASH_COMP /* Third: "doall" functions */ -#define DECLARE_LHASH_DOALL_FN(f_name,o_type) \ - void f_name##_LHASH_DOALL(const void *); -#define IMPLEMENT_LHASH_DOALL_FN(f_name,o_type) \ - void f_name##_LHASH_DOALL(const void *arg) { \ - o_type a = (o_type)arg; \ - f_name(a); } -#define LHASH_DOALL_FN(f_name) f_name##_LHASH_DOALL +#define DECLARE_LHASH_DOALL_FN(name, o_type) \ + void name##_LHASH_DOALL(void *); +#define IMPLEMENT_LHASH_DOALL_FN(name, o_type) \ + void name##_LHASH_DOALL(void *arg) { \ + o_type *a = arg; \ + name##_doall(a); } +#define LHASH_DOALL_FN(name) name##_LHASH_DOALL /* Fourth: "doall_arg" functions */ -#define DECLARE_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \ - void f_name##_LHASH_DOALL_ARG(const void *, void *); -#define IMPLEMENT_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \ - void f_name##_LHASH_DOALL_ARG(const void *arg1, void *arg2) { \ - o_type a = (o_type)arg1; \ - a_type b = (a_type)arg2; \ - f_name(a,b); } -#define LHASH_DOALL_ARG_FN(f_name) f_name##_LHASH_DOALL_ARG - -typedef struct lhash_st - { +#define DECLARE_LHASH_DOALL_ARG_FN(name, o_type, a_type) \ + void name##_LHASH_DOALL_ARG(void *, void *); +#define IMPLEMENT_LHASH_DOALL_ARG_FN(name, o_type, a_type) \ + void name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \ + o_type *a = arg1; \ + a_type *b = arg2; \ + name##_doall_arg(a, b); } +#define LHASH_DOALL_ARG_FN(name) name##_LHASH_DOALL_ARG + +typedef struct lhash_st { LHASH_NODE **b; LHASH_COMP_FN_TYPE comp; LHASH_HASH_FN_TYPE hash; @@ -162,7 +160,8 @@ typedef struct lhash_st unsigned long num_hash_comps; int error; - } LHASH; +} _LHASH; /* Do not use _LHASH directly, use LHASH_OF + * and friends */ #define LH_LOAD_MULT 256 @@ -170,30 +169,67 @@ typedef struct lhash_st * in lh_insert(). */ #define lh_error(lh) ((lh)->error) -LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c); -void lh_free(LHASH *lh); -void *lh_insert(LHASH *lh, const void *data); -void *lh_delete(LHASH *lh, const void *data); -void *lh_retrieve(LHASH *lh, const void *data); -void lh_doall(LHASH *lh, LHASH_DOALL_FN_TYPE func); -void lh_doall_arg(LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg); +_LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c); +void lh_free(_LHASH *lh); +void *lh_insert(_LHASH *lh, void *data); +void *lh_delete(_LHASH *lh, const void *data); +void *lh_retrieve(_LHASH *lh, const void *data); +void lh_doall(_LHASH *lh, LHASH_DOALL_FN_TYPE func); +void lh_doall_arg(_LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg); unsigned long lh_strhash(const char *c); -unsigned long lh_num_items(const LHASH *lh); +unsigned long lh_num_items(const _LHASH *lh); -#ifndef OPENSSL_NO_FP_API -void lh_stats(const LHASH *lh, FILE *out); -void lh_node_stats(const LHASH *lh, FILE *out); -void lh_node_usage_stats(const LHASH *lh, FILE *out); -#endif +void lh_stats(const _LHASH *lh, FILE *out); +void lh_node_stats(const _LHASH *lh, FILE *out); +void lh_node_usage_stats(const _LHASH *lh, FILE *out); #ifndef OPENSSL_NO_BIO -void lh_stats_bio(const LHASH *lh, BIO *out); -void lh_node_stats_bio(const LHASH *lh, BIO *out); -void lh_node_usage_stats_bio(const LHASH *lh, BIO *out); +void lh_stats_bio(const _LHASH *lh, BIO *out); +void lh_node_stats_bio(const _LHASH *lh, BIO *out); +void lh_node_usage_stats_bio(const _LHASH *lh, BIO *out); #endif + +/* Type checking... */ + +#define LHASH_OF(type) struct lhash_st_##type + +#define DECLARE_LHASH_OF(type) LHASH_OF(type) { int dummy; } + +#define CHECKED_LHASH_OF(type,lh) \ + ((_LHASH *)CHECKED_PTR_OF(LHASH_OF(type),lh)) + +/* Define wrapper functions. */ +#define LHM_lh_new(type, name) \ + ((LHASH_OF(type) *)lh_new(LHASH_HASH_FN(name), LHASH_COMP_FN(name))) +#define LHM_lh_error(type, lh) \ + lh_error(CHECKED_LHASH_OF(type,lh)) +#define LHM_lh_insert(type, lh, inst) \ + ((type *)lh_insert(CHECKED_LHASH_OF(type, lh), \ + CHECKED_PTR_OF(type, inst))) +#define LHM_lh_retrieve(type, lh, inst) \ + ((type *)lh_retrieve(CHECKED_LHASH_OF(type, lh), \ + CHECKED_PTR_OF(type, inst))) +#define LHM_lh_delete(type, lh, inst) \ + ((type *)lh_delete(CHECKED_LHASH_OF(type, lh), \ + CHECKED_PTR_OF(type, inst))) +#define LHM_lh_doall(type, lh,fn) lh_doall(CHECKED_LHASH_OF(type, lh), fn) +#define LHM_lh_doall_arg(type, lh, fn, arg_type, arg) \ + lh_doall_arg(CHECKED_LHASH_OF(type, lh), fn, CHECKED_PTR_OF(arg_type, arg)) +#define LHM_lh_num_items(type, lh) lh_num_items(CHECKED_LHASH_OF(type, lh)) +#define LHM_lh_down_load(type, lh) (CHECKED_LHASH_OF(type, lh)->down_load) +#define LHM_lh_node_stats_bio(type, lh, out) \ + lh_node_stats_bio(CHECKED_LHASH_OF(type, lh), out) +#define LHM_lh_node_usage_stats_bio(type, lh, out) \ + lh_node_usage_stats_bio(CHECKED_LHASH_OF(type, lh), out) +#define LHM_lh_stats_bio(type, lh, out) \ + lh_stats_bio(CHECKED_LHASH_OF(type, lh), out) +#define LHM_lh_free(type, lh) lh_free(CHECKED_LHASH_OF(type, lh)) + +DECLARE_LHASH_OF(OPENSSL_STRING); +DECLARE_LHASH_OF(OPENSSL_CSTRING); + #ifdef __cplusplus } #endif #endif - diff --git a/src/lib/libcrypto/lhash/num.pl b/src/lib/libcrypto/lhash/num.pl deleted file mode 100644 index 30fedf9cd5a..00000000000 --- a/src/lib/libcrypto/lhash/num.pl +++ /dev/null @@ -1,17 +0,0 @@ -#!/usr/local/bin/perl - -#node 10 -> 4 - -while (<>) - { - next unless /^node/; - chop; - @a=split; - $num{$a[3]}++; - } - -@a=sort {$a <=> $b } keys %num; -foreach (0 .. $a[$#a]) - { - printf "%4d:%4d\n",$_,$num{$_}; - } diff --git a/src/lib/libcrypto/malloc-wrapper.c b/src/lib/libcrypto/malloc-wrapper.c new file mode 100644 index 00000000000..cb9a31186dd --- /dev/null +++ b/src/lib/libcrypto/malloc-wrapper.c @@ -0,0 +1,189 @@ +/* $OpenBSD: malloc-wrapper.c,v 1.7 2018/05/13 13:49:04 jsing Exp $ */ +/* + * Copyright (c) 2014 Bob Beck + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ +#include +#include +#include + +int +CRYPTO_set_mem_functions(void *(*m)(size_t), void *(*r)(void *, size_t), + void (*f)(void *)) +{ + return 0; +} + +int +CRYPTO_set_mem_ex_functions(void *(*m)(size_t, const char *, int), + void *(*r)(void *, size_t, const char *, int), void (*f)(void *)) +{ + return 0; +} + +int +CRYPTO_set_locked_mem_functions(void *(*m)(size_t), void (*f)(void *)) +{ + return 0; +} + +int +CRYPTO_set_locked_mem_ex_functions(void *(*m)(size_t, const char *, int), + void (*f)(void *)) +{ + return 0; +} + +int +CRYPTO_set_mem_debug_functions(void (*m)(void *, int, const char *, int, int), + void (*r)(void *, void *, int, const char *, int, int), + void (*f)(void *, int), void (*so)(long), long (*go)(void)) +{ + return 0; +} + + +void +CRYPTO_get_mem_functions(void *(**m)(size_t), void *(**r)(void *, size_t), + void (**f)(void *)) +{ + if (m != NULL) + *m = malloc; + if (r != NULL) + *r = realloc; + if (f != NULL) + *f = free; +} + +void +CRYPTO_get_mem_ex_functions(void *(**m)(size_t, const char *, int), + void *(**r)(void *, size_t, const char *, int), void (**f)(void *)) +{ + if (m != NULL) + *m = NULL; + if (r != NULL) + *r = NULL; + if (f != NULL) + *f = free; +} + +void +CRYPTO_get_locked_mem_functions(void *(**m)(size_t), void (**f)(void *)) +{ + if (m != NULL) + *m = malloc; + if (f != NULL) + *f = free; +} + +void +CRYPTO_get_locked_mem_ex_functions(void *(**m)(size_t, const char *, int), + void (**f)(void *)) +{ + if (m != NULL) + *m = NULL; + if (f != NULL) + *f = free; +} + +void +CRYPTO_get_mem_debug_functions(void (**m)(void *, int, const char *, int, int), + void (**r)(void *, void *, int, const char *, int, int), + void (**f)(void *, int), void (**so)(long), long (**go)(void)) +{ + if (m != NULL) + *m = NULL; + if (r != NULL) + *r = NULL; + if (f != NULL) + *f = NULL; + if (so != NULL) + *so = NULL; + if (go != NULL) + *go = NULL; +} + + +void * +CRYPTO_malloc_locked(int num, const char *file, int line) +{ + if (num <= 0) + return NULL; + return malloc(num); +} + +void +CRYPTO_free_locked(void *ptr) +{ + free(ptr); +} + +void * +CRYPTO_malloc(int num, const char *file, int line) +{ + if (num <= 0) + return NULL; + return malloc(num); +} + +char * +CRYPTO_strdup(const char *str, const char *file, int line) +{ + return strdup(str); +} + +void * +CRYPTO_realloc(void *ptr, int num, const char *file, int line) +{ + if (num <= 0) + return NULL; + return realloc(ptr, num); +} + +void * +CRYPTO_realloc_clean(void *ptr, int old_len, int num, const char *file, + int line) +{ + if (num <= 0) + return NULL; + /* Original does not support shrinking. */ + if (num < old_len) + return NULL; + return recallocarray(ptr, old_len, num, 1); +} + +void +CRYPTO_free(void *ptr) +{ + free(ptr); +} + +void * +CRYPTO_remalloc(void *a, int num, const char *file, int line) +{ + free(a); + return malloc(num); +} + +void +CRYPTO_set_mem_debug_options(long bits) +{ + return; +} + +long +CRYPTO_get_mem_debug_options(void) +{ + return 0; +} diff --git a/src/lib/libcrypto/man/ACCESS_DESCRIPTION_new.3 b/src/lib/libcrypto/man/ACCESS_DESCRIPTION_new.3 new file mode 100644 index 00000000000..2c0a67134cd --- /dev/null +++ b/src/lib/libcrypto/man/ACCESS_DESCRIPTION_new.3 @@ -0,0 +1,150 @@ +.\" $OpenBSD: ACCESS_DESCRIPTION_new.3,v 1.4 2018/03/22 16:06:33 schwarze Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 22 2018 $ +.Dt ACCESS_DESCRIPTION_NEW 3 +.Os +.Sh NAME +.Nm ACCESS_DESCRIPTION_new , +.Nm ACCESS_DESCRIPTION_free , +.Nm AUTHORITY_INFO_ACCESS_new , +.Nm AUTHORITY_INFO_ACCESS_free +.Nd X.509 information access extensions +.Sh SYNOPSIS +.In openssl/x509v3.h +.Ft ACCESS_DESCRIPTION * +.Fn ACCESS_DESCRIPTION_new void +.Ft void +.Fn ACCESS_DESCRIPTION_free "ACCESS_DESCRIPTION *ad" +.Ft AUTHORITY_INFO_ACCESS +.Fn AUTHORITY_INFO_ACCESS_new void +.Ft void +.Fn AUTHORITY_INFO_ACCESS_free "AUTHORITY_INFO_ACCESS *aia" +.Sh DESCRIPTION +Using the information access extensions, certificates and certificate +revocation lists can point to auxiliary information and services +available online, for example online validation services or CA +policy data. +.Pp +.Fn ACCESS_DESCRIPTION_new +allocates and initializes an empty +.Vt ACCESS_DESCRIPTION +object, representing an ASN.1 +.Vt AccessDescription +structure defined in RFC 5280 section 4.2.2.1. +It can hold a pointer to a +.Vt GENERAL_NAME +object documented in +.Xr GENERAL_NAME_new 3 +and an access method identifier. +.Fn ACCESS_DESCRIPTION_free +frees +.Fa ad . +.Pp +The access method identifier is somewhat misnamed; it identifies +the type and format of the information provided. +How to access that information is often obvious from the +.Vt GENERAL_NAME +which may for example include a uniform resource identifier. +.Pp +Four standard access method identifiers are defined in RFC 5280: +.Bl -bullet +.It +.Qq id-ad-caIssuers +can occur in the authority information access extension of certificates +and certificate revocation lists and provides access to certificates +issued to the CA that issued the certificate, or provides access +to certificates used for signing the CRL, in order to help constructing +a certification path. +.It +.Qq id-ad-ocsp +can occur in the authority information access extension of certificates +and provides access to revocation information via the Online +Certificate Status Protocol (OCSP) defined in RFC 6960. +.It +.Qq id-ad-caRepository +can occur in the subject information access extension of CA +certificates and provides access to an online repository of +certificates issued by the CA. +.It +.Qq id-ad-timeStamping +can occur in the subject information access extension of end entity +certificates and indicates that the subject offers timestamping +services using the Time Stamp Protocol defined in RFC 3161. +.El +.Pp +.Fn AUTHORITY_INFO_ACCESS_new +allocates and initializes an empty +.Vt AUTHORITY_INFO_ACCESS +object, which is a +.Vt STACK_OF(ACCESS_DESCRIPTION) +and represents an ASN.1 +.Vt AuthorityInfoAccessSyntax +structure defined in RFC 5280 section 4.2.2.1. +If can be used for the authority information access extension of +certificates and certificate revocation lists and for the subject +information access extension of certificates. +.Fn AUTHORITY_INFO_ACCESS_free +frees +.Fa aia . +.Sh RETURN VALUES +.Fn ACCESS_DESCRIPTION_new +and +.Fn AUTHORITY_INFO_ACCESS_new +return the new +.Vt ACCESS_DESCRIPTION +or +.Vt AUTHORITY_INFO_ACCESS +object, respectively, or +.Dv NULL +if an error occurs. +.Sh SEE ALSO +.Xr DIST_POINT_new 3 , +.Xr GENERAL_NAME_new 3 , +.Xr OCSP_REQUEST_new 3 , +.Xr TS_REQ_new 3 , +.Xr X509_CRL_new 3 , +.Xr X509_EXTENSION_new 3 , +.Xr X509_new 3 +.Sh STANDARDS +These extensions are only defined in the following RFC and not +specified in the underlying X.509 standard. +.Pp +RFC 5280: Internet X.509 Public Key Infrastructure Certificate and +Certificate Revocation List (CRL) Profile: +.Bl -dash -compact +.It +section 4.2.2.1: Certificate Extensions: Authority Information Access +.It +section 4.2.2.2: Certificate Extensions: Subject Information Access +.It +section 5.2.7: CRL Extensions: Authority Information Access +.El +.Pp +Regarding OCSP and TSP, see: +.Pp +RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate +Status Protocol +.Pp +RFC 3161: Internet X.509 Public Key Infrastructure Time-Stamp Protocol +.Sh HISTORY +.Fn ACCESS_DESCRIPTION_new , +.Fn ACCESS_DESCRIPTION_free , +.Fn AUTHORITY_INFO_ACCESS_new , +and +.Fn AUTHORITY_INFO_ACCESS_free +first appeared in OpenSSL 0.9.5 and have been available since +.Ox 2.7 . diff --git a/src/lib/libcrypto/man/ASN1_INTEGER_get.3 b/src/lib/libcrypto/man/ASN1_INTEGER_get.3 new file mode 100644 index 00000000000..e3585b40887 --- /dev/null +++ b/src/lib/libcrypto/man/ASN1_INTEGER_get.3 @@ -0,0 +1,238 @@ +.\" $OpenBSD: ASN1_INTEGER_get.3,v 1.1 2018/07/08 23:00:17 schwarze Exp $ +.\" selective merge up to: +.\" OpenSSL man3/ASN1_INTEGER_get_int64 eaf39a9f Jun 23 10:24:00 2018 +0200 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2015 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: July 8 2018 $ +.Dt ASN1_INTEGER_GET 3 +.Os +.Sh NAME +.Nm ASN1_INTEGER_get , +.Nm ASN1_INTEGER_set , +.Nm BN_to_ASN1_INTEGER , +.Nm ASN1_INTEGER_to_BN , +.Nm ASN1_ENUMERATED_get , +.Nm ASN1_ENUMERATED_set , +.Nm BN_to_ASN1_ENUMERATED , +.Nm ASN1_ENUMERATED_to_BN +.Nd ASN.1 INTEGER and ENUMERATED utilities +.Sh SYNOPSIS +.In openssl/asn1.h +.Ft long +.Fo ASN1_INTEGER_get +.Fa "const ASN1_INTEGER *a" +.Fc +.Ft int +.Fo ASN1_INTEGER_set +.Fa "ASN1_INTEGER *a" +.Fa "long v" +.Fc +.Ft ASN1_INTEGER * +.Fo BN_to_ASN1_INTEGER +.Fa "const BIGNUM *bn" +.Fa "ASN1_INTEGER *ai" +.Fc +.Ft BIGNUM * +.Fo ASN1_INTEGER_to_BN +.Fa "const ASN1_INTEGER *ai" +.Fa "BIGNUM *bn" +.Fc +.Ft long +.Fo ASN1_ENUMERATED_get +.Fa "const ASN1_ENUMERATED *a" +.Fc +.Ft int +.Fo ASN1_ENUMERATED_set +.Fa "ASN1_ENUMERATED *a" +.Fa "long v" +.Fc +.Ft ASN1_ENUMERATED * +.Fo BN_to_ASN1_ENUMERATED +.Fa "const BIGNUM *bn" +.Fa "ASN1_ENUMERATED *ai" +.Fc +.Ft BIGNUM * +.Fo ASN1_ENUMERATED_to_BN +.Fa "const ASN1_ENUMERATED *ai" +.Fa "BIGNUM *bn" +.Fc +.Sh DESCRIPTION +These functions convert to and from +.Vt ASN1_INTEGER +and +.Vt ASN1_ENUMERATED +objects. +.Pp +.Fn ASN1_INTEGER_get +converts +.Fa a +to the +.Vt long +type. +.Pp +.Fn ASN1_INTEGER_set +sets the value of +.Fa a +to +.Fa v . +.Pp +.Fn BN_to_ASN1_INTEGER +converts +.Fa bn +to an +.Vt ASN1_INTEGER . +If +.Fa ai +is +.Dv NULL , +a new +.Vt ASN1_INTEGER +object is returned. +Otherwise, the existing object +.Fa ai +is used instead. +.Pp +.Fn ASN1_INTEGER_to_BN +converts +.Fa ai +into a +.Vt BIGNUM . +If +.Fa bn +is +.Dv NULL , +a new +.Vt BIGNUM +object is returned. +Otherwise, the existing object +.Fa bn +is used instead. +.Pp +.Fn ASN1_ENUMERATED_get , +.Fn ASN1_ENUMERATED_set , +.Fn BN_to_ASN1_ENUMERATED , +and +.Fn ASN1_ENUMERATED_to_BN +behave like their +.Vt ASN1_INTEGER +counterparts except that they operate on an +.Vt ASN1_ENUMERATED +object. +.Sh RETURN VALUES +.Fn ASN1_INTEGER_get +and +.Fn ASN1_ENUMERATED_get +return the converted value, 0 if +.Fa a +is +.Dv NULL , +or \-1 on error, which is ambiguous because \-1 is a legitimate +value for an +.Vt ASN1_INTEGER . +.Pp +.Fn ASN1_INTEGER_set +and +.Fn ASN1_ENUMERATED_set +return 1 for success or 0 for failure. +They only fail if a memory allocation error occurs. +.Pp +.Fn BN_to_ASN1_INTEGER +and +.Fn BN_to_ASN1_ENUMERATED +return an +.Vt ASN1_INTEGER +or +.Vt ASN1_ENUMERATED +object, respectively, or +.Dv NULL +if an error occurs. +They only fail due to memory allocation errors. +.Pp +.Fn ASN1_INTEGER_to_BN +and +.Fn ASN1_ENUMERATED_to_BN +return a +.Vt BIGNUM +object of +.Dv NULL +if an error occurs. +They can fail if the passed type is incorrect (due to a programming error) +or due to memory allocation failures. +.Sh HISTORY +.Fn ASN1_INTEGER_set +first appeared in SSLeay 0.5.1. +.Fn ASN1_INTEGER_get , +.Fn BN_to_ASN1_INTEGER , +and +.Fn ASN1_INTEGER_to_BN +first appeared in SSLeay 0.6.0. +These functions have been available since +.Ox 2.3 . +.Pp +.Fn ASN1_ENUMERATED_get , +.Fn ASN1_ENUMERATED_set , +.Fn BN_to_ASN1_ENUMERATED , +and +.Fn ASN1_ENUMERATED_to_BN +first appeared in OpenSSL 0.9.2b and have been available since +.Ox 2.6 . +.Sh CAVEATS +In general an +.Vt ASN1_INTEGER +or +.Vt ASN1_ENUMERATED +type can contain an integer of almost arbitrary size +and so cannot always be represented by a C +.Vt long +type. +The ambiguous return values of +.Fn ASN1_INTEGER_get +and +.Fn ASN1_ENUMERATED_get +imply that these functions should be avoided if possible. diff --git a/src/lib/libcrypto/man/ASN1_OBJECT_new.3 b/src/lib/libcrypto/man/ASN1_OBJECT_new.3 new file mode 100644 index 00000000000..b661337ca02 --- /dev/null +++ b/src/lib/libcrypto/man/ASN1_OBJECT_new.3 @@ -0,0 +1,141 @@ +.\" $OpenBSD: ASN1_OBJECT_new.3,v 1.10 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL 99d63d4 Mar 19 12:28:58 2016 -0400 +.\" +.\" This file is a derived work. +.\" The changes are covered by the following Copyright and license: +.\" +.\" Copyright (c) 2017 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" The original file was written by Dr. Stephen Henson. +.\" Copyright (c) 2002, 2006 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt ASN1_OBJECT_NEW 3 +.Os +.Sh NAME +.Nm ASN1_OBJECT_new , +.Nm ASN1_OBJECT_free +.Nd ASN.1 object identifiers +.Sh SYNOPSIS +.In openssl/asn1.h +.Ft ASN1_OBJECT * +.Fo ASN1_OBJECT_new +.Fa void +.Fc +.Ft void +.Fo ASN1_OBJECT_free +.Fa "ASN1_OBJECT *a" +.Fc +.Sh DESCRIPTION +.Fn ASN1_OBJECT_new +allocates and initializes an empty +.Vt ASN1_OBJECT +object, representing an ASN.1 OBJECT IDENTIFIER. +It can hold a short name, a long name, a numeric identifier (NID), +and a sequence of integers identifying a node in the International +Object Identifier tree as specified in ITU-T recommendation X.660. +The new object is marked as dynamically allocated. +.Pp +Application programs normally use utility functions like +.Xr OBJ_nid2obj 3 +rather than using +.Fn ASN1_OBJECT_new +directly. +.Pp +.Fn ASN1_OBJECT_free +has the following effects: +.Pp +All data contained in +.Fa a +that is marked as dynamically allocated is freed, +and the respective fields of +.Fa a +become empty. +Contained data not marked as dynamically allocated remains intact. +.Pp +If the object +.Fa a +itself is marked as dynamically allocated, it is freed. +Otherwise, the pointer +.Fa a +remains valid. +.Pp +If +.Fa a +is a +.Dv NULL +pointer or if neither the object itself nor any of its content +is marked as dynamically allocated, no action occurs. +.Sh RETURN VALUES +If the allocation fails, +.Fn ASN1_OBJECT_new +returns +.Dv NULL +and sets an error code that can be obtained by +.Xr ERR_get_error 3 . +Otherwise it returns a pointer to the new object. +.Sh SEE ALSO +.Xr d2i_ASN1_OBJECT 3 , +.Xr OBJ_nid2obj 3 +.Sh HISTORY +.Fn ASN1_OBJECT_new +and +.Fn ASN1_OBJECT_free +first appeared in SSLeay 0.5.1 and have been available since +.Ox 2.4 . diff --git a/src/lib/libcrypto/man/ASN1_STRING_TABLE_add.3 b/src/lib/libcrypto/man/ASN1_STRING_TABLE_add.3 new file mode 100644 index 00000000000..cf5741e987b --- /dev/null +++ b/src/lib/libcrypto/man/ASN1_STRING_TABLE_add.3 @@ -0,0 +1,99 @@ +.\" $OpenBSD: ASN1_STRING_TABLE_add.3,v 1.3 2018/03/22 16:06:33 schwarze Exp $ +.\" OpenSSL ASN1_STRING_TABLE_add.pod 7b608d08 Jul 27 01:18:50 2017 +0800 +.\" +.\" Copyright (c) 2017 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 22 2018 $ +.Dt ASN1_STRING_TABLE_ADD 3 +.Os +.Sh NAME +.Nm ASN1_STRING_TABLE_add , +.Nm ASN1_STRING_TABLE_get , +.Nm ASN1_STRING_TABLE_cleanup +.Nd maintain the global ASN.1 string table +.Sh SYNOPSIS +.In openssl/asn1.h +.Ft int +.Fo ASN1_STRING_TABLE_add +.Fa "int nid" +.Fa "long minsize" +.Fa "long maxsize" +.Fa "unsigned long mask" +.Fa "unsigned long flags" +.Fc +.Ft ASN1_STRING_TABLE * +.Fo ASN1_STRING_TABLE_get +.Fa "int nid" +.Fc +.Ft void +.Fn ASN1_STRING_TABLE_cleanup void +.Sh DESCRIPTION +The ASN.1 string table is a unique global object. +Each entry is of the type +.Vt ASN1_STRING_TABLE +and contains information about one NID object. +Some entries are predefined according to RFC 3280 appendix A.1. +.Pp +The function +.Fn ASN1_STRING_TABLE_add +changes the existing entry for +.Fa nid +or, if there is none, allocates a new entry. +Each field of the entry is modified according to the function argument +of the same name. +The +.Fa minsize +and +.Fa maxsize +arguments overwrite the existing fields unless they are \-1. +The +.Fa mask +argument always overwrites the existing field. +The bits set in the +.Fa flags +argument are OR'ed into the existing field. +No useful flags are currently defined, so passing 0 is recommended. +.Pp +The function +.Fn ASN1_STRING_TABLE_get +retrieves the entry for +.Fa nid . +.Pp +The function +.Fn ASN1_STRING_TABLE_cleanup +removes and frees all entries except the predefined ones. +.Sh RETURN VALUES +.Fn ASN1_STRING_TABLE_add +returns 1 on success or 0 if an error occurred. +.Pp +.Fn ASN1_STRING_TABLE_get +returns a valid +.Vt ASN1_STRING_TABLE +structure or +.Dv NULL +if nothing is found. +.Sh SEE ALSO +.Xr ASN1_OBJECT_new 3 , +.Xr ERR_get_error 3 , +.Xr OBJ_nid2obj 3 +.Sh HISTORY +.Fn ASN1_STRING_TABLE_add , +.Fn ASN1_STRING_TABLE_get , +and +.Fn ASN1_STRING_TABLE_cleanup +first appeared in OpenSSL 0.9.5 and have been available since +.Ox 2.7 . +.Sh BUGS +Most aspects of the semantics considerably differ from OpenSSL. diff --git a/src/lib/libcrypto/man/ASN1_STRING_length.3 b/src/lib/libcrypto/man/ASN1_STRING_length.3 new file mode 100644 index 00000000000..65501acf31b --- /dev/null +++ b/src/lib/libcrypto/man/ASN1_STRING_length.3 @@ -0,0 +1,317 @@ +.\" $OpenBSD: ASN1_STRING_length.3,v 1.17 2018/05/19 22:55:17 schwarze Exp $ +.\" full merge up to: OpenSSL 4a56d2a3 Feb 25 16:49:27 2018 +0300 +.\" +.\" This file is a derived work. +.\" The changes are covered by the following Copyright and license: +.\" +.\" Copyright (c) 2018 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" The original file was written by Dr. Stephen Henson. +.\" Copyright (c) 2002, 2006, 2013, 2015, 2016, 2017 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: May 19 2018 $ +.Dt ASN1_STRING_LENGTH 3 +.Os +.Sh NAME +.Nm ASN1_STRING_cmp , +.Nm ASN1_STRING_data , +.Nm ASN1_STRING_dup , +.Nm ASN1_STRING_get0_data , +.Nm ASN1_STRING_length , +.Nm ASN1_STRING_length_set , +.Nm ASN1_STRING_set , +.Nm ASN1_STRING_to_UTF8 , +.Nm ASN1_STRING_type +.Nd ASN1_STRING utility functions +.Sh SYNOPSIS +.In openssl/asn1.h +.Ft int +.Fo ASN1_STRING_cmp +.Fa "const ASN1_STRING *a" +.Fa "const ASN1_STRING *b" +.Fc +.Ft unsigned char * +.Fo ASN1_STRING_data +.Fa "ASN1_STRING *x" +.Fc +.Ft ASN1_STRING * +.Fo ASN1_STRING_dup +.Fa "const ASN1_STRING *a" +.Fc +.Ft const unsigned char * +.Fo ASN1_STRING_get0_data +.Fa "const ASN1_STRING *x" +.Fc +.Ft int +.Fo ASN1_STRING_length +.Fa "const ASN1_STRING *x" +.Fc +.Ft void +.Fo ASN1_STRING_length_set +.Fa "ASN1_STRING *x" +.Fa "int len" +.Fc +.Ft int +.Fo ASN1_STRING_set +.Fa "ASN1_STRING *str" +.Fa "const void *data" +.Fa "int len" +.Fc +.Ft int +.Fo ASN1_STRING_to_UTF8 +.Fa "unsigned char **out" +.Fa "const ASN1_STRING *in" +.Fc +.Ft int +.Fo ASN1_STRING_type +.Fa "const ASN1_STRING *x" +.Fc +.Sh DESCRIPTION +These functions manipulate +.Vt ASN1_STRING +structures. +.Pp +.Fn ASN1_STRING_cmp +compares the type, the length, and the content of +.Fa a +and +.Fa b . +.Pp +.Fn ASN1_STRING_data +is similar to +.Fn ASN1_STRING_get0_data +except that the returned value is not constant. +This function is deprecated. +Applications should use +.Fn ASN1_STRING_get0_data +instead. +.Pp +.Fn ASN1_STRING_dup +copies +.Fa a . +.Pp +.Fn ASN1_STRING_get0_data +returns an internal pointer to the data of +.Fa x . +It should not be freed or modified in any way. +.Pp +.Fn ASN1_STRING_length +returns the length attribute of +.Fa x , +measured in bytes. +.Pp +.Fn ASN1_STRING_length_set +sets the length attribute of +.Fa x +to +.Fa len . +It may put +.Fa x +into an inconsistent internal state. +.Pp +.Fn ASN1_STRING_set +sets the length attribute of +.Fa str +to +.Fa len +and copies that number of bytes from +.Fa data +into +.Fa str . +If +.Fa len +is -1, then +.Fn strlen data +is used instead of +.Fa len . +If +.Fa data +is +.Dv NULL , +the content of +.Fa str +remains uninitialized; that is not considered an error unless +.Fa len +is negative. +.Pp +.Fn ASN1_STRING_to_UTF8 +converts the string +.Fa in +to UTF-8 format. +The converted data is copied into a newly allocated buffer +.Pf * Fa out . +The buffer +.Pf * Fa out +should be freed using +.Xr free 3 . +.Pp +.Fn ASN1_STRING_type +returns the type of +.Fa x . +.Pp +Almost all ASN.1 types are represented as +.Vt ASN1_STRING +structures. +Other types such as +.Vt ASN1_OCTET_STRING +are simply typedefed to +.Vt ASN1_STRING +and the functions call the +.Vt ASN1_STRING +equivalents. +.Vt ASN1_STRING +is also used for some CHOICE types which consist entirely of primitive +string types such as +.Vt DirectoryString +and +.Vt Time . +.Pp +These functions should +.Em not +be used to examine or modify +.Vt ASN1_INTEGER +or +.Vt ASN1_ENUMERATED +types: the relevant INTEGER or ENUMERATED utility functions should +be used instead. +.Pp +In general it cannot be assumed that the data returned by +.Fn ASN1_STRING_get0_data +and +.Fn ASN1_STRING_data +is NUL terminated, and it may contain embedded NUL characters. +The format of the data depends on the string type: +for example for an +.Vt IA5String +the data contains ASCII characters, for a +.Vt BMPString +two bytes per character in big endian format, and for a +.Vt UTF8String +UTF-8 characters. +.Pp +Similar care should be taken to ensure the data is in the correct format +when calling +.Fn ASN1_STRING_set . +.Sh RETURN VALUES +.Fn ASN1_STRING_cmp +returns 0 if the type, the length, and the content of +.Fa a +and +.Fa b +agree, or a non-zero value otherwise. +In contrast to +.Xr strcmp 3 , +the sign of the return value does not indicate lexicographical ordering. +.Pp +.Fn ASN1_STRING_data +and +.Fn ASN1_STRING_get0_data +return an internal pointer to the data of +.Fa x . +.Pp +.Fn ASN1_STRING_dup +returns a pointer to a newly allocated +.Vt ASN1_STRING +structure or +.Dv NULL +if an error occurred. +.Pp +.Fn ASN1_STRING_length +returns a number of bytes. +.Pp +.Fn ASN1_STRING_set +returns 1 on success or 0 on failure. +.Pp +.Fn ASN1_STRING_to_UTF8 +returns the number of bytes in the output buffer +.Pf * Fa out , +or a negative number if an error occurred. +.Pp +.Fn ASN1_STRING_type +returns an integer constant, for example +.Dv V_ASN1_OCTET_STRING . +.Sh SEE ALSO +.Xr ERR_get_error 3 +.Sh HISTORY +.Fn ASN1_STRING_cmp , +.Fn ASN1_STRING_dup , +and +.Fn ASN1_STRING_set +first appeared in SSLeay 0.6.5. +.Fn ASN1_STRING_data +and +.Fn ASN1_STRING_type +first appeared in SSLeay 0.8.0. +.Fn ASN1_STRING_length +first appeared in SSLeay 0.9.0. +All these functions have been available since +.Ox 2.4 . +.Pp +.Fn ASN1_STRING_length_set +first appeared in OpenSSL 0.9.5 and has been available since +.Ox 2.7 . +.Pp +.Fn ASN1_STRING_to_UTF8 +first appeared in OpenSSL 0.9.6 and has been available since +.Ox 2.9 . +.Pp +.Fn ASN1_STRING_get0_data +first appeared in OpenSSL 1.1.0 and has been available since +.Ox 6.3 . diff --git a/src/lib/libcrypto/man/ASN1_STRING_new.3 b/src/lib/libcrypto/man/ASN1_STRING_new.3 new file mode 100644 index 00000000000..07093eee514 --- /dev/null +++ b/src/lib/libcrypto/man/ASN1_STRING_new.3 @@ -0,0 +1,285 @@ +.\" $OpenBSD: ASN1_STRING_new.3,v 1.15 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL 99d63d46 Tue Mar 24 07:52:24 2015 -0400 +.\" +.\" Copyright (c) 2017 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt ASN1_STRING_NEW 3 +.Os +.Sh NAME +.Nm ASN1_STRING_new , +.Nm ASN1_STRING_type_new , +.Nm ASN1_STRING_free , +.Nm ASN1_OCTET_STRING_new , +.Nm ASN1_OCTET_STRING_free , +.Nm ASN1_BIT_STRING_new , +.Nm ASN1_BIT_STRING_free , +.Nm ASN1_INTEGER_new , +.Nm ASN1_INTEGER_free , +.Nm ASN1_ENUMERATED_new , +.Nm ASN1_ENUMERATED_free , +.Nm ASN1_UTF8STRING_new , +.Nm ASN1_UTF8STRING_free , +.Nm ASN1_IA5STRING_new , +.Nm ASN1_IA5STRING_free , +.Nm ASN1_UNIVERSALSTRING_new , +.Nm ASN1_UNIVERSALSTRING_free , +.Nm ASN1_BMPSTRING_new , +.Nm ASN1_BMPSTRING_free , +.Nm ASN1_GENERALSTRING_new , +.Nm ASN1_GENERALSTRING_free , +.Nm ASN1_T61STRING_new , +.Nm ASN1_T61STRING_free , +.Nm ASN1_VISIBLESTRING_new , +.Nm ASN1_VISIBLESTRING_free , +.Nm ASN1_PRINTABLESTRING_new , +.Nm ASN1_PRINTABLESTRING_free , +.Nm ASN1_PRINTABLE_new , +.Nm ASN1_PRINTABLE_free , +.Nm DIRECTORYSTRING_new , +.Nm DIRECTORYSTRING_free , +.Nm DISPLAYTEXT_new , +.Nm DISPLAYTEXT_free , +.Nm ASN1_GENERALIZEDTIME_new , +.Nm ASN1_GENERALIZEDTIME_free , +.Nm ASN1_UTCTIME_new , +.Nm ASN1_UTCTIME_free , +.Nm ASN1_TIME_new , +.Nm ASN1_TIME_free +.Nd allocate and free ASN1_STRING objects +.Sh SYNOPSIS +.In openssl/asn1.h +.Ft ASN1_STRING * +.Fn ASN1_STRING_new void +.Ft ASN1_STRING * +.Fn ASN1_STRING_type_new "int type" +.Ft void +.Fn ASN1_STRING_free "ASN1_STRING *a" +.Ft ASN1_OCTET_STRING * +.Fn ASN1_OCTET_STRING_new void +.Ft void +.Fn ASN1_OCTET_STRING_free "ASN1_OCTET_STRING *a" +.Ft ASN1_BIT_STRING * +.Fn ASN1_BIT_STRING_new void +.Ft void +.Fn ASN1_BIT_STRING_free "ASN1_BIT_STRING *a" +.Ft ASN1_INTEGER * +.Fn ASN1_INTEGER_new void +.Ft void +.Fn ASN1_INTEGER_free "ASN1_INTEGER *a" +.Ft ASN1_ENUMERATED * +.Fn ASN1_ENUMERATED_new void +.Ft void +.Fn ASN1_ENUMERATED_free "ASN1_ENUMERATED *a" +.Ft ASN1_UTF8STRING * +.Fn ASN1_UTF8STRING_new void +.Ft void +.Fn ASN1_UTF8STRING_free "ASN1_UTF8STRING *a" +.Ft ASN1_IA5STRING * +.Fn ASN1_IA5STRING_new void +.Ft void +.Fn ASN1_IA5STRING_free "ASN1_IA5STRING *a" +.Ft ASN1_UNIVERSALSTRING * +.Fn ASN1_UNIVERSALSTRING_new void +.Ft void +.Fn ASN1_UNIVERSALSTRING_free "ASN1_UNIVERSALSTRING *a" +.Ft ASN1_BMPSTRING * +.Fn ASN1_BMPSTRING_new void +.Ft void +.Fn ASN1_BMPSTRING_free "ASN1_BMPSTRING *a" +.Ft ASN1_GENERALSTRING * +.Fn ASN1_GENERALSTRING_new void +.Ft void +.Fn ASN1_GENERALSTRING_free "ASN1_GENERALSTRING *a" +.Ft ASN1_T61STRING * +.Fn ASN1_T61STRING_new void +.Ft void +.Fn ASN1_T61STRING_free "ASN1_T61STRING *a" +.Ft ASN1_VISIBLESTRING * +.Fn ASN1_VISIBLESTRING_new void +.Ft void +.Fn ASN1_VISIBLESTRING_free "ASN1_VISIBLESTRING *a" +.Ft ASN1_PRINTABLESTRING * +.Fn ASN1_PRINTABLESTRING_new void +.Ft void +.Fn ASN1_PRINTABLESTRING_free "ASN1_PRINTABLESTRING *a" +.Ft ASN1_STRING * +.Fn ASN1_PRINTABLE_new void +.Ft void +.Fn ASN1_PRINTABLE_free "ASN1_STRING *a" +.Ft ASN1_STRING * +.Fn DIRECTORYSTRING_new void +.Ft void +.Fn DIRECTORYSTRING_free "ASN1_STRING *a" +.Ft ASN1_STRING * +.Fn DISPLAYTEXT_new void +.Ft void +.Fn DISPLAYTEXT_free "ASN1_STRING *a" +.Ft ASN1_GENERALIZEDTIME * +.Fn ASN1_GENERALIZEDTIME_new void +.Ft void +.Fn ASN1_GENERALIZEDTIME_free "ASN1_GENERALIZEDTIME *a" +.Ft ASN1_UTCTIME * +.Fn ASN1_UTCTIME_new void +.Ft void +.Fn ASN1_UTCTIME_free "ASN1_UTCTIME *a" +.Ft ASN1_TIME * +.Fn ASN1_TIME_new void +.Ft void +.Fn ASN1_TIME_free "ASN1_TIME *a" +.Sh DESCRIPTION +The +.Vt ASN1_STRING +object can represent a variety of ASN.1 built-in types. +It can store a type and a value. +.Pp +All the +.Fn *_new +functions +allocate and initialize an empty +.Vt ASN1_STRING +object. +The following table shows the type assigned to the new object, +and which ASN.1 type it represents. +.Bl -column "ASN1_GENERALIZEDTIME_new()" "V_ASN1_GENERALIZEDTIME" +.It Em constructor function Ta Em OpenSSL type Ta Em ASN.1 type +.It Ta +.It Fn ASN1_STRING_new Ta Dv V_ASN1_OCTET_STRING +.It Fn ASN1_STRING_type_new Ta Fa type No argument +.It Ta +.It Fn ASN1_OCTET_STRING_new Ta Dv V_ASN1_OCTET_STRING Ta OCTET STRING +.It Fn ASN1_BIT_STRING_new Ta Dv V_ASN1_BIT_STRING Ta BIT STRING +.It Fn ASN1_INTEGER_new Ta Dv V_ASN1_INTEGER Ta INTEGER +.It Fn ASN1_ENUMERATED_new Ta Dv V_ASN1_ENUMERATED Ta ENUMERATED +.It Ta +.It Fn ASN1_UTF8STRING_new Ta Dv V_ASN1_UTF8STRING Ta UTF8String +.It Fn ASN1_IA5STRING_new Ta Dv V_ASN1_IA5STRING Ta IA5String +.It Ta +.It Fn ASN1_UNIVERSALSTRING_new Ta Dv V_ASN1_UNIVERSALSTRING Ta UniversalString +.It Fn ASN1_BMPSTRING_new Ta Dv V_ASN1_BMPSTRING Ta BMPString +.It Fn ASN1_GENERALSTRING_new Ta Dv V_ASN1_GENERALSTRING Ta GeneralString +.It Fn ASN1_T61STRING_new Ta Dv V_ASN1_T61STRING Ta T61String +.It Fn ASN1_VISIBLESTRING_new Ta Dv V_ASN1_VISIBLESTRING Ta VisibleString +.It Fn ASN1_PRINTABLESTRING_new Ta Dv V_ASN1_PRINTABLESTRING Ta PrintableString +.It Ta +.It Fn ASN1_PRINTABLE_new Ta Dv V_ASN1_UNDEF +.It Fn DIRECTORYSTRING_new Ta Dv V_ASN1_UNDEF +.It Fn DISPLAYTEXT_new Ta Dv V_ASN1_UNDEF +.It Ta +.It Fn ASN1_GENERALIZEDTIME_new Ta Dv V_ASN1_GENERALIZEDTIME Ta GeneralizedTime +.It Fn ASN1_UTCTIME_new Ta Dv V_ASN1_UTCTIME Ta UTCTime +.It Fn ASN1_TIME_new Ta Dv V_ASN1_UNDEF Ta TIME +.El +.Pp +All the +.Fa *_free +functions free +.Fa a +including any data contained in it. +If +.Fa a +is a +.Dv NULL +pointer, no action occurs. +.Sh RETURN VALUES +All the +.Fa *_new +functions return the new +.Vt ASN1_STRING +object or +.Dv NULL +if an error occurs. +.Sh SEE ALSO +.Xr ASN1_time_parse 3 , +.Xr ASN1_TIME_set 3 , +.Xr d2i_ASN1_OCTET_STRING 3 , +.Xr ERR_get_error 3 +.Sh HISTORY +.Fn ASN1_OCTET_STRING_new , +.Fn ASN1_OCTET_STRING_free , +.Fn ASN1_BIT_STRING_new , +.Fn ASN1_BIT_STRING_free , +.Fn ASN1_INTEGER_new , +.Fn ASN1_INTEGER_free , +.Fn ASN1_IA5STRING_new , +.Fn ASN1_IA5STRING_free , +.Fn ASN1_T61STRING_new , +.Fn ASN1_T61STRING_free , +.Fn ASN1_PRINTABLESTRING_new , +.Fn ASN1_PRINTABLESTRING_free , +.Fn ASN1_PRINTABLE_new , +.Fn ASN1_PRINTABLE_free , +.Fn ASN1_UTCTIME_new , +and +.Fn ASN1_UTCTIME_free +first appeared in SSLeay 0.5.1. +.Fn ASN1_STRING_new , +.Fn ASN1_STRING_type_new , +and +.Fn ASN1_STRING_free +first appeared in SSLeay 0.6.5. +.Fn ASN1_UNIVERSALSTRING_new , +.Fn ASN1_UNIVERSALSTRING_free , +.Fn ASN1_GENERALSTRING_new , +and +.Fn ASN1_GENERALSTRING_free +first appeared in SSLeay 0.8.0. +.Fn ASN1_BMPSTRING_new , +.Fn ASN1_BMPSTRING_free , +.Fn ASN1_GENERALIZEDTIME_new , +and +.Fn ASN1_GENERALIZEDTIME_free +first appeared in SSLeay 0.9.0. +All these functions have been available since +.Ox 2.4 . +.Pp +.Fn ASN1_ENUMERATED_new , +.Fn ASN1_ENUMERATED_free , +.Fn ASN1_TIME_new , +and +.Fn ASN1_TIME_free +first appeared in OpenSSL 0.9.2b. +.Fn ASN1_UTF8STRING_new , +.Fn ASN1_UTF8STRING_free , +.Fn ASN1_VISIBLESTRING_new , +.Fn ASN1_VISIBLESTRING_free , +.Fn DIRECTORYSTRING_new , +.Fn DIRECTORYSTRING_free , +.Fn DISPLAYTEXT_new , +and +.Fn DISPLAYTEXT_free +first appeared in OpenSSL 0.9.3. +These functions have been available since +.Ox 2.6 . +.Sh BUGS +.Vt ASN1_OCTET_STRING , +.Vt ASN1_BIT_STRING , +.Vt ASN1_INTEGER , +.Vt ASN1_ENUMERATED , +.Vt ASN1_UTF8STRING , +.Vt ASN1_IA5STRING , +.Vt ASN1_UNIVERSALSTRING , +.Vt ASN1_BMPSTRING , +.Vt ASN1_GENERALSTRING , +.Vt ASN1_T61STRING , +.Vt ASN1_VISIBLESTRING , +.Vt ASN1_PRINTABLESTRING , +.Vt ASN1_GENERALIZEDTIME , +.Vt ASN1_UTCTIME , +and +.Vt ASN1_TIME +are merely typedef aliases of +.Vt ASN1_STRING +and provide no type safety whatsoever. diff --git a/src/lib/libcrypto/man/ASN1_STRING_print_ex.3 b/src/lib/libcrypto/man/ASN1_STRING_print_ex.3 new file mode 100644 index 00000000000..03d210084f0 --- /dev/null +++ b/src/lib/libcrypto/man/ASN1_STRING_print_ex.3 @@ -0,0 +1,237 @@ +.\" $OpenBSD: ASN1_STRING_print_ex.3,v 1.14 2018/04/25 15:17:52 schwarze Exp $ +.\" full merge up to: OpenSSL bb9ad09e Jun 6 00:43:05 2016 -0400 +.\" selective merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800 +.\" +.\" This file was written by Dr. Stephen Henson. +.\" Copyright (c) 2002, 2004, 2007, 2013, 2016, 2017 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: April 25 2018 $ +.Dt ASN1_STRING_PRINT_EX 3 +.Os +.Sh NAME +.Nm ASN1_STRING_print_ex , +.Nm ASN1_STRING_print_ex_fp , +.Nm ASN1_STRING_print , +.Nm ASN1_tag2str +.Nd ASN1_STRING output routines +.Sh SYNOPSIS +.In openssl/asn1.h +.Ft int +.Fo ASN1_STRING_print_ex +.Fa "BIO *out" +.Fa "const ASN1_STRING *str" +.Fa "unsigned long flags" +.Fc +.Ft int +.Fo ASN1_STRING_print_ex_fp +.Fa "FILE *fp" +.Fa "const ASN1_STRING *str" +.Fa "unsigned long flags" +.Fc +.Ft int +.Fo ASN1_STRING_print +.Fa "BIO *out" +.Fa "const ASN1_STRING *str" +.Fc +.Ft const char * +.Fo ASN1_tag2str +.Fa "int tag" +.Fc +.Sh DESCRIPTION +These functions output an +.Vt ASN1_STRING +structure. +.Vt ASN1_STRING +is used to +represent all the ASN.1 string types. +.Pp +.Fn ASN1_STRING_print_ex +outputs +.Fa str +to +.Fa out , +the format being determined by the options +.Fa flags . +.Fn ASN1_STRING_print_ex_fp +is identical except it outputs to +.Fa fp +instead. +.Pp +.Fn ASN1_STRING_print +prints +.Fa str +to +.Fa out +but using a different format to +.Fn ASN1_STRING_print_ex . +It replaces unprintable characters (other than CR, LF) with +.Sq \&. . +.Pp +.Fn ASN1_tag2str +returns a human-readable name of the specified ASN.1 +.Fa tag . +.Pp +.Fn ASN1_STRING_print +is a deprecated function which should be avoided; use +.Fn ASN1_STRING_print_ex +instead. +.Pp +Although there are a large number of options, +.Dv ASN1_STRFLGS_RFC2253 +is often suitable, or on UTF-8 terminals +.Dv ASN1_STRFLGS_RFC2253 +and +.Pf ~ Dv ASN1_STRFLGS_ESC_MSB . +.Pp +The complete set of supported options for +.Fa flags +is listed below. +.Pp +Various characters can be escaped. +If +.Dv ASN1_STRFLGS_ESC_2253 +is set, the characters determined by RFC 2253 are escaped. +If +.Dv ASN1_STRFLGS_ESC_CTRL +is set, control characters are escaped. +If +.Dv ASN1_STRFLGS_ESC_MSB +is set, characters with the MSB set are escaped: this option should +.Em not +be used if the terminal correctly interprets UTF-8 sequences. +.Pp +Escaping takes several forms. +If the character being escaped is a 16-bit character then the form "\eUXXXX" +is used using exactly four characters for the hex representation. +If it is 32 bits then "\eWXXXXXXXX" is used using eight characters +of its hex representation. +These forms will only be used if UTF-8 conversion is not set (see below). +.Pp +Printable characters are normally escaped using the backslash +.Pq Sq \e +character. +If +.Dv ASN1_STRFLGS_ESC_QUOTE +is set, then the whole string is instead surrounded by double quote +characters: this is arguably more readable than the backslash notation. +Other characters use the "\eXX" using exactly two characters of the hex +representation. +.Pp +If +.Dv ASN1_STRFLGS_UTF8_CONVERT +is set, then characters are converted to UTF-8 format first. +If the terminal supports the display of UTF-8 sequences then this +option will correctly display multi-byte characters. +.Pp +If +.Dv ASN1_STRFLGS_IGNORE_TYPE +is set, then the string type is not interpreted at all: +everything is assumed to be one byte per character. +This is primarily for debugging purposes and can result +in confusing output in multi-character strings. +.Pp +If +.Dv ASN1_STRFLGS_SHOW_TYPE +is set, then the string type itself is printed before its value +(for example "BMPSTRING"), using +.Fn ASN1_tag2str . +.Pp +Instead of being interpreted the contents of a string can be "dumped": +this just outputs the value of the string using the form #XXXX +using hex format for each octet. +.Pp +If +.Dv ASN1_STRFLGS_DUMP_ALL +is set, then any type is dumped. +.Pp +Normally non-character string types (such as OCTET STRING) +are assumed to be one byte per character; if +.Dv ASN1_STRFLGS_DUMP_UNKNOWN +is set, then they will be dumped instead. +.Pp +When a type is dumped normally just the content octets are printed; if +.Dv ASN1_STRFLGS_DUMP_DER +is set, then the complete encoding is dumped +instead (including tag and length octets). +.Pp +.Dv ASN1_STRFLGS_RFC2253 +includes all the flags required by RFC 2253. +It is equivalent to +.Dv ASN1_STRFLGS_ESC_2253 | +.Dv ASN1_STRFLGS_ESC_CTRL | +.Dv ASN1_STRFLGS_ESC_MSB | +.Dv ASN1_STRFLGS_UTF8_CONVERT | +.Dv ASN1_STRFLGS_DUMP_UNKNOWN | +.Dv ASN1_STRFLGS_DUMP_DER . +.Sh RETURN VALUES +.Fn ASN1_STRING_print_ex +and +.Fn ASN1_STRING_print_ex_fp +return the number of characters written or \-1 if an error occurred. +.Pp +.Fn ASN1_STRING_print +returns 1 on success or 0 on error. +.Pp +.Fn ASN1_tag2str +returns a static string. +.Sh SEE ALSO +.Xr X509_NAME_print_ex 3 +.Sh HISTORY +.Fn ASN1_STRING_print +first appeared in SSLeay 0.6.5 and has been available since +.Ox 2.4 . +.Pp +.Fn ASN1_tag2str +first appeared in OpenSSL 0.9.5 and has been available since +.Ox 2.7 . +.Pp +.Fn ASN1_STRING_print_ex +and +.Fn ASN1_STRING_print_ex_fp +first appeared in OpenSSL 0.9.6 and have been available since +.Ox 2.9 . diff --git a/src/lib/libcrypto/man/ASN1_TIME_set.3 b/src/lib/libcrypto/man/ASN1_TIME_set.3 new file mode 100644 index 00000000000..7437224cc53 --- /dev/null +++ b/src/lib/libcrypto/man/ASN1_TIME_set.3 @@ -0,0 +1,461 @@ +.\" $OpenBSD: ASN1_TIME_set.3,v 1.13 2018/04/25 15:17:52 schwarze Exp $ +.\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100 +.\" selective merge up to: OpenSSL b0edda11 Mar 20 13:00:17 2018 +0000 +.\" +.\" This file was written by Dr. Stephen Henson +.\" and Todd Short . +.\" Copyright (c) 2015, 2017 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: April 25 2018 $ +.Dt ASN1_TIME_SET 3 +.Os +.Sh NAME +.Nm ASN1_TIME_set , +.Nm ASN1_UTCTIME_set , +.Nm ASN1_GENERALIZEDTIME_set , +.Nm ASN1_TIME_adj , +.Nm ASN1_UTCTIME_adj , +.Nm ASN1_GENERALIZEDTIME_adj , +.Nm ASN1_TIME_set_string , +.Nm ASN1_UTCTIME_set_string , +.Nm ASN1_GENERALIZEDTIME_set_string , +.Nm ASN1_TIME_check , +.Nm ASN1_UTCTIME_check , +.Nm ASN1_GENERALIZEDTIME_check , +.Nm ASN1_TIME_print , +.Nm ASN1_UTCTIME_print , +.Nm ASN1_GENERALIZEDTIME_print , +.Nm ASN1_UTCTIME_cmp_time_t , +.Nm ASN1_TIME_to_generalizedtime +.Nd ASN.1 Time functions +.Sh SYNOPSIS +.Ft ASN1_TIME * +.Fo ASN1_TIME_set +.Fa "ASN1_TIME *s" +.Fa "time_t t" +.Fc +.Ft ASN1_UTCTIME * +.Fo ASN1_UTCTIME_set +.Fa "ASN1_UTCTIME *s" +.Fa "time_t t" +.Fc +.Ft ASN1_GENERALIZEDTIME * +.Fo ASN1_GENERALIZEDTIME_set +.Fa "ASN1_GENERALIZEDTIME *s" +.Fa "time_t t" +.Fc +.Ft ASN1_TIME * +.Fo ASN1_TIME_adj +.Fa "ASN1_TIME *s" +.Fa "time_t t" +.Fa "int offset_day" +.Fa "long offset_sec" +.Fc +.Ft ASN1_UTCTIME * +.Fo ASN1_UTCTIME_adj +.Fa "ASN1_UTCTIME *s" +.Fa "time_t t" +.Fa "int offset_day" +.Fa "long offset_sec" +.Fc +.Ft ASN1_GENERALIZEDTIME * +.Fo ASN1_GENERALIZEDTIME_adj +.Fa "ASN1_GENERALIZEDTIME *s" +.Fa "time_t t" +.Fa "int offset_day" +.Fa "long offset_sec" +.Fc +.Ft int +.Fo ASN1_TIME_set_string +.Fa "ASN1_TIME *s" +.Fa "const char *str" +.Fc +.Ft int +.Fo ASN1_UTCTIME_set_string +.Fa "ASN1_UTCTIME *s" +.Fa "const char *str" +.Fc +.Ft int +.Fo ASN1_GENERALIZEDTIME_set_string +.Fa "ASN1_GENERALIZEDTIME *s" +.Fa "const char *str" +.Fc +.Ft int +.Fo ASN1_TIME_check +.Fa "const ASN1_TIME *t" +.Fc +.Ft int +.Fo ASN1_UTCTIME_check +.Fa "const ASN1_UTCTIME *t" +.Fc +.Ft int +.Fo ASN1_GENERALIZEDTIME_check +.Fa "const ASN1_GENERALIZEDTIME *t" +.Fc +.Ft int +.Fo ASN1_TIME_print +.Fa "BIO *b" +.Fa "const ASN1_TIME *s" +.Fc +.Ft int +.Fo ASN1_UTCTIME_print +.Fa "BIO *b" +.Fa "const ASN1_UTCTIME *s" +.Fc +.Ft int +.Fo ASN1_GENERALIZEDTIME_print +.Fa "BIO *b" +.Fa "const ASN1_GENERALIZEDTIME *s" +.Fc +.Ft int +.Fo ASN1_UTCTIME_cmp_time_t +.Fa "const ASN1_UTCTIME *s" +.Fa "time_t t" +.Fc +.Ft ASN1_GENERALIZEDTIME * +.Fo ASN1_TIME_to_generalizedtime +.Fa "const ASN1_TIME *t" +.Fa "ASN1_GENERALIZEDTIME **out" +.Fc +.Sh DESCRIPTION +The functions +.Fn ASN1_TIME_set , +.Fn ASN1_UTCTIME_set , +and +.Fn ASN1_GENERALIZEDTIME_set +set the time structure +.Fa s +to the time represented by the +.Vt time_t +value +.Fa t . +If +.Fa s +is +.Dv NULL , +a new time structure is allocated and returned. +.Pp +The functions +.Fn ASN1_TIME_adj , +.Fn ASN1_UTCTIME_adj , +and +.Fn ASN1_GENERALIZEDTIME_adj +set the time structure +.Fa s +to the time represented by the time +.Fa offset_day +and +.Fa offset_sec +after the +.Vt time_t +value +.Fa t . +The values of +.Fa offset_day +or +.Fa offset_sec +can be negative to set a time before +.Fa t . +The +.Fa offset_sec +value can also exceed the number of seconds in a day. +If +.Fa s +is +.Dv NULL , +a new time structure is allocated and returned. +.Pp +.Fn ASN1_TIME_adj +may change the type from +.Vt ASN1_GENERALIZEDTIME +to +.Vt ASN1_UTCTIME +or vice versa depending on the resulting year. +The functions +.Fn ASN1_UTCTIME_adj +and +.Fn ASN1_GENERALIZEDTIME_adj +do not modify the type of the return structure. +.Pp +The functions +.Fn ASN1_TIME_set_string , +.Fn ASN1_UTCTIME_set_string , +and +.Fn ASN1_GENERALIZEDTIME_set_string +set the time structure +.Fa s +to the time represented by the string +.Fa str , +which must be in appropriate ASN.1 time format (for example +YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ). +The string +.Fa str +is copied into +.Fa s . +If +.Fa s +is +.Dv NULL , +these functions only perform a format check on +.Fa str . +.Pp +The functions +.Fn ASN1_TIME_check , +.Fn ASN1_UTCTIME_check , +and +.Fn ASN1_GENERALIZEDTIME_check +check the syntax of the time structure +.Fa s . +.Pp +The functions +.Fn ASN1_TIME_print , +.Fn ASN1_UTCTIME_print , +and +.Fn ASN1_GENERALIZEDTIME_print +print out the time +.Fa s +to +.Vt BIO +.Fa b +in human readable format. +It will be of the format MMM DD HH:MM:SS YYYY [GMT], for example "Feb 3 +00:55:52 2015 GMT". +It does not include a newline. +If the time structure has an invalid format, +it prints out "Bad time value" and returns an error. +The output of +.Fn ASN1_GENERALIZEDTIME_print +may include a fractional part following the second. +.Pp +The function +.Fn ASN1_UTCTIME_cmp_time_t +compares the two times represented by +.Fa s +and +.Fa t . +.Pp +The function +.Fn ASN1_TIME_to_generalizedtime +converts the +.Vt ASN1_TIME +.Fa t +to an +.Vt ASN1_GENERALIZEDTIME , +regardless of year. +If either +.Fa out +or +.Pf * Fa out +is +.Dv NULL , +then a new object is allocated and must be freed after use. +.Pp +The +.Vt ASN1_TIME +structure corresponds to the ASN.1 structure +.Sy Time +defined in RFC 5280 et al. +The time setting functions obey the rules outlined in RFC 5280: if the +date can be represented by UTCTime it is used, otherwise GeneralizedTime is +used. +.Pp +The +.Vt ASN1_TIME , +.Vt ASN1_UTCTIME , +and +.Vt ASN1_GENERALIZEDTIME +structures are represented as +.Vt ASN1_STRING +structures internally and can be freed using +.Xr ASN1_STRING_free 3 . +.Pp +The +.Vt ASN1_TIME +structure can represent years from 0000 to 9999 but no attempt is +made to correct ancient calendar changes (for example from Julian +to Gregorian calendars). +.Pp +.Vt ASN1_UTCTIME +is limited to a year range of 1950 through 2049. +.Pp +It is recommended that +.Vt ASN1_TIME +functions be used instead of +.Vt ASN1_UTCTIME +or +.Vt ASN1_GENERALIZEDTIME +functions because the +.Vt ASN1_UTCTIME +and +.Vt ASN1_GENERALIZEDTIME +functions act only on that specific time format, while the +.Vt ASN1_TIME +functions operate on either format. +.Sh RETURN VALUES +.Fn ASN1_TIME_set , +.Fn ASN1_UTCTIME_set , +.Fn ASN1_GENERALIZEDTIME_set , +.Fn ASN1_TIME_adj , +.Fn ASN1_UTCTIME_adj , +.Fn ASN1_GENERALIZEDTIME_adj , +and +.Fn ASN1_TIME_to_generalizedtime +return a pointer to a time structure or +.Dv NULL +if an error occurred. +.Pp +.Fn ASN1_TIME_set_string , +.Fn ASN1_UTCTIME_set_string , +and +.Fn ASN1_GENERALIZEDTIME_set_string +return 1 if the time value is successfully set or 0 otherwise. +.Pp +.Fn ASN1_TIME_check , +.Fn ASN1_UTCTIME_check , +and +.Fn ASN1_GENERALIZEDTIME_check +return 1 if the time structure is syntactically correct or 0 otherwise. +.Pp +.Fn ASN1_TIME_print , +.Fn ASN1_UTCTIME_print , +and +.Fn ASN1_GENERALIZEDTIME_print +return 1 if the time is successfully printed or 0 if an error +occurred (I/O error or invalid time format). +.Pp +.Fn ASN1_UTCTIME_cmp_time_t +returns \-1 if +.Fa s +is earlier than +.Fa t , +0 if both are equal, 1 if +.Fa s +is later than +.Fa t , +or \-2 on error. +.Sh EXAMPLES +Set a time structure to one hour after the current time and print it +out: +.Bd -literal -offset indent +#include +#include + +ASN1_TIME *tm; +time_t t; +BIO *b; + +t = time(NULL); +tm = ASN1_TIME_adj(NULL, t, 0, 60 * 60); +b = BIO_new_fp(stdout, BIO_NOCLOSE); +ASN1_TIME_print(b, tm); +ASN1_STRING_free(tm); +BIO_free(b); +.Ed +.Sh HISTORY +.Fn ASN1_UTCTIME_check +and +.Fn ASN1_UTCTIME_print +first appeared in SSLeay 0.5.1. +.Fn ASN1_UTCTIME_set +first appeared in SSLeay 0.6.0. +.Fn ASN1_UTCTIME_set_string +first appeared in SSLeay 0.9.0. +All these functions have been available since +.Ox 2.4 . +.Pp +.Fn ASN1_TIME_set , +.Fn ASN1_GENERALIZEDTIME_set , +.Fn ASN1_GENERALIZEDTIME_set_string , +.Fn ASN1_GENERALIZEDTIME_check , +.Fn ASN1_TIME_print , +and +.Fn ASN1_GENERALIZEDTIME_print +first appeared in OpenSSL 0.9.2b and have been available since +.Ox 2.6 . +.Pp +.Fn ASN1_UTCTIME_cmp_time_t +first appeared in OpenSSL 0.9.6 and has been available since +.Ox 2.9 . +.Pp +.Fn ASN1_TIME_check +and +.Fn ASN1_TIME_to_generalizedtime +first appeared in OpenSSL 0.9.7 and have been available since +.Ox 3.2 . +.Pp +.Fn ASN1_TIME_adj , +.Fn ASN1_UTCTIME_adj , +.Fn ASN1_GENERALIZEDTIME_adj , +and +.Fn ASN1_TIME_set_string +first appeared in OpenSSL 1.0.0 and have been available since +.Ox 4.9 . +.Sh CAVEATS +Some applications add offset times directly to a +.Vt time_t +value and pass the results to +.Fn ASN1_TIME_set +(or equivalent). +This can cause problems as the +.Vt time_t +value can overflow on some systems resulting in unexpected results. +New applications should use +.Fn ASN1_TIME_adj +instead and pass the offset value in the +.Fa offset_sec +and +.Fa offset_day +parameters instead of directly manipulating a +.Vt time_t +value. +.Sh BUGS +.Fn ASN1_TIME_print , +.Fn ASN1_UTCTIME_print , +and +.Fn ASN1_GENERALIZEDTIME_print +do not print the time zone: they either print "GMT" or nothing. +But all certificates complying with RFC 5280 et al use GMT anyway. diff --git a/src/lib/libcrypto/man/ASN1_TYPE_get.3 b/src/lib/libcrypto/man/ASN1_TYPE_get.3 new file mode 100644 index 00000000000..b02c91580f1 --- /dev/null +++ b/src/lib/libcrypto/man/ASN1_TYPE_get.3 @@ -0,0 +1,300 @@ +.\" $OpenBSD: ASN1_TYPE_get.3,v 1.8 2018/04/25 15:17:52 schwarze Exp $ +.\" OpenSSL 99d63d46 Mon Jun 6 00:43:05 2016 -0400 +.\" +.\" This file is a derived work. +.\" The changes are covered by the following Copyright and license: +.\" +.\" Copyright (c) 2017 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" The original file was written by Dr. Stephen Henson . +.\" Copyright (c) 2015, 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: April 25 2018 $ +.Dt ASN1_TYPE_GET 3 +.Os +.Sh NAME +.Nm ASN1_TYPE_new , +.Nm ASN1_TYPE_free , +.Nm ASN1_TYPE_get , +.Nm ASN1_TYPE_set , +.Nm ASN1_TYPE_set1 , +.Nm ASN1_TYPE_cmp +.Nd ASN.1 objects of arbitrary type +.Sh SYNOPSIS +.In openssl/asn1.h +.Ft ASN1_TYPE * +.Fn ASN1_TYPE_new void +.Ft void +.Fn ASN1_TYPE_free "ASN1_TYPE *a" +.Ft int +.Fo ASN1_TYPE_get +.Fa "const ASN1_TYPE *a" +.Fc +.Ft void +.Fo ASN1_TYPE_set +.Fa "ASN1_TYPE *a" +.Fa "int type" +.Fa "void *value" +.Fc +.Ft int +.Fo ASN1_TYPE_set1 +.Fa "ASN1_TYPE *a" +.Fa "int type" +.Fa "const void *value" +.Fc +.Ft int +.Fo ASN1_TYPE_cmp +.Fa "const ASN1_TYPE *a" +.Fa "const ASN1_TYPE *b" +.Fc +.Sh DESCRIPTION +.Vt ASN1_TYPE +represents the ASN.1 ANY type. +An +.Vt ASN1_TYPE +object can store an ASN.1 value of arbitrary type, +including constructed types such as a SEQUENCE. +It also remembers internally which type it currently holds. +.Pp +.Fn ASN1_TYPE_new +allocates and initializes an empty +.Vt ASN1_TYPE +object of undefined type. +.Pp +.Fn ASN1_TYPE_free +frees +.Fa a +including the value stored in it, if any. +If +.Fa a +is a +.Dv NULL +pointer, no action occurs. +.Pp +.Fn ASN1_TYPE_get +returns the type of +.Fa a , +represented by one of the +.Dv V_ASN1_* +constants defined in +.In openssl/asn1.h . +.Pp +.Fn ASN1_TYPE_set +frees the value contained in +.Fa a , +if any, and sets +.Fa a +to +.Fa type +and +.Fa value . +This function uses the pointer +.Fa value +internally so it must +.Sy not +be freed up after the call. +.Pp +.Fn ASN1_TYPE_set1 +sets the type of +.Fa a +to +.Fa type +and its value to a copy of +.Fa value . +If copying succeeds, the previous value that was contained in +.Fa a +is freed. +If copying fails, +.Fa a +remains unchanged. +.Pp +The type and meaning of the +.Fa value +argument of +.Fn ASN1_TYPE_set +and +.Fn ASN1_TYPE_set1 +is determined by the +.Fa type +argument. +If +.Fa type +is +.Dv V_ASN1_NULL , +.Fa value +is ignored. +If +.Fa type +is +.Dv V_ASN1_BOOLEAN , +then the boolean is set to TRUE if +.Fa value +is not +.Dv NULL . +If +.Fa type +is +.Dv V_ASN1_OBJECT , +then +.Fa value +is an +.Vt ASN1_OBJECT +structure. +Otherwise +.Fa type +is an +.Vt ASN1_STRING +structure. +If +.Fa type +corresponds to a primitive type or a string type, then the contents +of the +.Vt ASN1_STRING +contains the content octets of the type. +If +.Fa type +corresponds to a constructed type or a tagged type +.Pq Dv V_ASN1_SEQUENCE , V_ASN1_SET , No or Dv V_ASN1_OTHER , +then the +.Vt ASN1_STRING +contains the entire ASN.1 encoding verbatim, including tag and +length octets. +.Pp +.Fn ASN1_TYPE_cmp +checks that +.Fa a +and +.Fa b +have the same type, the same value, and are encoded in the same way. +.Pp +If the types agree and the values have the same meaning but are +encoded differently, they are considered different. +For example, a boolean value is represented +using a single content octet. +Under BER, any non-zero octet represents the TRUE value, but +.Fn ASN1_TYPE_cmp +will only report a match if the content octet is the same. +.Pp +If either or both of the arguments passed to +.Fn ASN1_TYPE_cmp +is +.Dv NULL , +the result is a mismatch. +Technically, if both arguments are +.Dv NULL , +the two types could be absent OPTIONAL fields and so should match, +however passing +.Dv NULL +values could also indicate a programming error (for example an +unparseable type which returns +.Dv NULL ) +for types which do +.Sy not +match. +So applications should handle the case of two absent values separately. +.Sh RETURN VALUES +.Fn ASN1_TYPE_new +returns the new +.Vt ASN1_TYPE +object or +.Dv NULL +if an error occurs. +.Pp +.Fn ASN1_TYPE_get +returns the type of +.Fa a +or 0 if an error occurs. +The latter can happen if +.Fa a +does not contain a value even though its type is not +.Dv V_ASN1_NULL . +For example, it will always happen for empty objects +newly constructed with +.Fn ASN1_TYPE_new . +.Pp +.Fn ASN1_TYPE_set1 +returns 1 if the copying succeeds or 0 if it fails. +.Pp +.Fn ASN1_TYPE_cmp +returns 0 for a match or non-zero for a mismatch. +.Sh SEE ALSO +.Xr ASN1_item_free 3 , +.Xr ASN1_STRING_dup 3 , +.Xr d2i_ASN1_TYPE 3 , +.Xr OBJ_dup 3 +.Sh HISTORY +.Fn ASN1_TYPE_new +and +.Fn ASN1_TYPE_free +first appeared in SSLeay 0.5.1. +.Fn ASN1_TYPE_get +and +.Fn ASN1_TYPE_set +first appeared in SSLeay 0.8.0. +These functions have been available since +.Ox 2.4 . +.Pp +.Fn ASN1_TYPE_set1 +first appeared in OpenSSL 0.9.8h and has been available since +.Ox 4.5 . +.Pp +.Fn ASN1_TYPE_cmp +first appeared in OpenSSL 0.9.8zd, 1.0.0p, and 1.0.1k +and has been available since +.Ox 4.9 . diff --git a/src/lib/libcrypto/man/ASN1_generate_nconf.3 b/src/lib/libcrypto/man/ASN1_generate_nconf.3 new file mode 100644 index 00000000000..87ff769f18e --- /dev/null +++ b/src/lib/libcrypto/man/ASN1_generate_nconf.3 @@ -0,0 +1,393 @@ +.\" $OpenBSD: ASN1_generate_nconf.3,v 1.11 2018/04/25 15:17:52 schwarze Exp $ +.\" OpenSSL 05ea606a Fri May 20 20:52:46 2016 -0400 +.\" +.\" This file was written by Dr. Stephen Henson. +.\" Copyright (c) 2002, 2003, 2006-2009, 2013-2015 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: April 25 2018 $ +.Dt ASN1_GENERATE_NCONF 3 +.Os +.Sh NAME +.Nm ASN1_generate_nconf , +.Nm ASN1_generate_v3 +.Nd ASN.1 generation functions +.Sh SYNOPSIS +.In openssl/asn1.h +.Ft ASN1_TYPE * +.Fo ASN1_generate_nconf +.Fa "const char *str" +.Fa "CONF *nconf" +.Fc +.Ft ASN1_TYPE * +.Fo ASN1_generate_v3 +.Fa "const char *str" +.Fa "X509V3_CTX *cnf" +.Fc +.Sh DESCRIPTION +These functions generate the ASN.1 encoding of a string in an +.Vt ASN1_TYPE +structure. +.Pp +.Fa str +contains the string to encode +.Fa nconf +or +.Fa cnf +contains the optional configuration information +where additional strings will be read from. +.Fa nconf +will typically come from a config file whereas +.Fa cnf +is obtained from an +.Vt X509V3_CTX +structure which will typically be used +by X509 v3 certificate extension functions. +.Fa cnf +or +.Fa nconf +can be set to +.Dv NULL +if no additional configuration will be used. +.Sh GENERATION STRING FORMAT +The actual data encoded is determined by the string +.Fa str +and the configuration information. +The general format of the string is: +.Pp +.D1 Oo Ar modifier , Oc Ns Ar type Ns Op : Ns Ar value +.Pp +That is zero or more comma separated modifiers followed by a type +followed by an optional colon and a value. +The formats of +.Ar type , +.Ar value +and +.Ar modifier +are explained below. +.Ss Supported types +The supported types are listed below. +Unless otherwise specified, only the +.Cm ASCII +format is permissible. +.Bl -tag -width Ds +.It Cm BOOLEAN , BOOL +This encodes a boolean type. +The +.Ar value +string is mandatory and should be +.Cm TRUE +or +.Cm FALSE . +Additionally +.Cm true , +.Cm Y , +.Cm y , +.Cm YES , +.Cm yes , +.Cm false , +.Cm N , +.Cm n , +.Cm NO +and +.Cm no +are acceptable. +.It Cm NULL +Encode the NULL type. +The +.Ar value +string must not be present. +.It Cm INTEGER , INT +Encodes an ASN.1 INTEGER type. +The +.Ar value +string represents the value of the integer. +It can be prefaced by a minus sign +and is normally interpreted as a decimal value unless the prefix +.Cm 0x +is included. +.It Cm ENUMERATED , ENUM +Encodes the ASN.1 ENUMERATED type. +It is otherwise identical to +.Cm INTEGER . +.It Cm OBJECT , OID +Encodes an ASN.1 OBJECT IDENTIFIER. +The +.Ar value +string can be a short name, a long name, or numerical format. +.It Cm UTCTIME , UTC +Encodes an ASN.1 UTCTime structure. +The value should be in the format +.Ar YYMMDDHHMMSSZ . +.It Cm GENERALIZEDTIME , GENTIME +Encodes an ASN.1 GeneralizedTime structure. +The value should be in the format +.Ar YYYYMMDDHHMMSSZ . +.It Cm OCTETSTRING , OCT +Encodes an ASN.1 OCTET STRING. +.Ar value +represents the contents of this structure. +The format strings +.Cm ASCII +and +.Cm HEX +can be used to specify the format of +.Ar value . +.It Cm BITSTRING , BITSTR +Encodes an ASN.1 BIT STRING. +.Ar value +represents the contents of this structure. +The format strings +.Cm ASCII , +.Cm HEX , +and +.Cm BITLIST +can be used to specify the format of +.Ar value . +.Pp +If the format is anything other than +.Cm BITLIST , +the number of unused bits is set to zero. +.It Xo +.Cm BMPSTRING , BMP , +.Cm GeneralString , +.Cm IA5STRING , IA5 , +.Cm NUMERICSTRING , NUMERIC , +.Cm PRINTABLESTRING , PRINTABLE , +.Cm T61STRING , T61 , +.Cm TELETEXSTRING , +.Cm UNIVERSALSTRING , UNIV , +.Cm UTF8String , UTF8 , +.Cm VISIBLESTRING , VISIBLE +.Xc +These encode the corresponding string types. +.Ar value +represents the contents of this structure. +The format can be +.Cm ASCII +or +.Cm UTF8 . +.It Cm SEQUENCE , SEQ , SET +Formats the result as an ASN.1 SEQUENCE or SET type. +.Ar value +should be a section name which will contain the contents. +The field names in the section are ignored +and the values are in the generated string format. +If +.Ar value +is absent, then an empty SEQUENCE will be encoded. +.El +.Ss Modifiers +Modifiers affect the following structure. +They can be used to add EXPLICIT or IMPLICIT tagging, add wrappers, +or to change the string format of the final type and value. +The supported formats are: +.Bl -tag -width Ds +.It Cm EXPLICIT , EXP +Add an explicit tag to the following structure. +This string should be followed by a colon +and the tag value to use as a decimal value. +.Pp +By following the number with +.Cm U , +.Cm A , +.Cm P +or +.Cm C , +UNIVERSAL, APPLICATION, PRIVATE or CONTEXT SPECIFIC tagging can be used. +The default is CONTEXT SPECIFIC. +.It Cm IMPLICIT , IMP +This is the same as +.Cm EXPLICIT +except IMPLICIT tagging is used instead. +.It Cm OCTWRAP , SEQWRAP , SETWRAP , BITWRAP +The following structure is surrounded by +an OCTET STRING, a SEQUENCE, a SET, or a BIT STRING, respectively. +For a BIT STRING the number of unused bits is set to zero. +.It Cm FORMAT +This specifies the format of the ultimate value. +It should be followed by a colon and one of the strings +.Cm ASCII , +.Cm UTF8 , +.Cm HEX , +or +.Cm BITLIST . +.Pp +If no format specifier is included, then +.Cm ASCII +is used. +If +.Cm UTF8 +is specified, then the +.Ar value +string must be a valid UTF-8 string. +For +.Cm HEX , +the output must be a set of hex digits. +.Cm BITLIST +(which is only valid for a BIT STRING) is a comma separated list +of the indices of the set bits, all other bits are zero. +.El +.Sh RETURN VALUES +.Fn ASN1_generate_nconf +and +.Fn ASN1_generate_v3 +return the encoded data as an +.Vt ASN1_TYPE +structure or +.Dv NULL +if an error occurred. +.Pp +The error codes can be obtained by +.Xr ERR_get_error 3 . +.Sh EXAMPLES +A simple +.Vt IA5String : +.Pp +.Dl IA5STRING:Hello World +.Pp +An +.Vt IA5String +explicitly tagged: +.Pp +.Dl EXPLICIT:0,IA5STRING:Hello World +.Pp +An +.Vt IA5String +explicitly tagged using APPLICATION tagging: +.Pp +.Dl EXPLICIT:0A,IA5STRING:Hello World +.Pp +A BITSTRING with bits 1 and 5 set and all others zero: +.Pp +.Dl FORMAT:BITLIST,BITSTRING:1,5 +.Pp +A more complex example using a config file to produce a +SEQUENCE consisting of a BOOL an OID and a +.Vt UTF8String : +.Bd -literal -offset indent +asn1 = SEQUENCE:seq_section + +[seq_section] + +field1 = BOOLEAN:TRUE +field2 = OID:commonName +field3 = UTF8:Third field +.Ed +.Pp +This example produces an +.Vt RSAPrivateKey +structure. +This is the key contained in the file +.Pa client.pem +in all OpenSSL distributions. +Note that the field names such as +.Qq coeff +are ignored and are present just for clarity. +.Bd -literal -offset 2n +asn1=SEQUENCE:private_key +[private_key] +version=INTEGER:0 + +n=INTEGER:0xBB6FE79432CC6EA2D8F970675A5A87BFBE1AFF0BE63E879F2AFFB93644\e +D4D2C6D000430DEC66ABF47829E74B8C5108623A1C0EE8BE217B3AD8D36D5EB4FCA1D9 + +e=INTEGER:0x010001 + +d=INTEGER:0x6F05EAD2F27FFAEC84BEC360C4B928FD5F3A9865D0FCAAD291E2A52F4A\e +F810DC6373278C006A0ABBA27DC8C63BF97F7E666E27C5284D7D3B1FFFE16B7A87B51D + +p=INTEGER:0xF3929B9435608F8A22C208D86795271D54EBDFB09DDEF539AB083DA912\e +D4BD57 + +q=INTEGER:0xC50016F89DFF2561347ED1186A46E150E28BF2D0F539A1594BBD7FE467\e +46EC4F + +exp1=INTEGER:0x9E7D4326C924AFC1DEA40B45650134966D6F9DFA3A7F9D698CD4ABEA\e +9C0A39B9 + +exp2=INTEGER:0xBA84003BB95355AFB7C50DF140C60513D0BA51D637272E355E397779\e +E7B2458F + +coeff=INTEGER:0x30B9E4F2AFA5AC679F920FC83F1F2DF1BAF1779CF989447FABC2F5\e +628657053A +.Ed +.Pp +This example is the corresponding public key in an ASN.1 +.Vt SubjectPublicKeyInfo +structure: +.Bd -literal -offset 2n +# Start with a SEQUENCE +asn1=SEQUENCE:pubkeyinfo + +# pubkeyinfo contains an algorithm identifier and the public key +# wrapped in a BIT STRING +[pubkeyinfo] +algorithm=SEQUENCE:rsa_alg +pubkey=BITWRAP,SEQUENCE:rsapubkey + +# algorithm ID for RSA is just an OID and a NULL +[rsa_alg] +algorithm=OID:rsaEncryption +parameter=NULL + +# Actual public key: modulus and exponent +[rsapubkey] +n=INTEGER:0xBB6FE79432CC6EA2D8F970675A5A87BFBE1AFF0BE63E879F2AFFB93644\e +D4D2C6D000430DEC66ABF47829E74B8C5108623A1C0EE8BE217B3AD8D36D5EB4FCA1D9 + +e=INTEGER:0x010001 +.Ed +.Sh SEE ALSO +.Xr ERR_get_error 3 , +.Xr x509v3.cnf 5 +.Sh HISTORY +.Fn ASN1_generate_nconf +and +.Fn ASN1_generate_v3 +first appeared in OpenSSL 0.9.8 and have been available since +.Ox 4.5 . diff --git a/src/lib/libcrypto/man/ASN1_item_d2i.3 b/src/lib/libcrypto/man/ASN1_item_d2i.3 new file mode 100644 index 00000000000..705deedd554 --- /dev/null +++ b/src/lib/libcrypto/man/ASN1_item_d2i.3 @@ -0,0 +1,489 @@ +.\" $OpenBSD: ASN1_item_d2i.3,v 1.8 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL doc/man3/d2i_X509.pod b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file is a derived work. +.\" The changes are covered by the following Copyright and license: +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" The original file was written by Dr. Stephen Henson . +.\" Copyright (c) 2002, 2003, 2015 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt ASN1_ITEM_D2I 3 +.Os +.Sh NAME +.Nm ASN1_item_d2i , +.Nm ASN1_item_d2i_bio , +.Nm ASN1_item_d2i_fp , +.Nm d2i_ASN1_TYPE , +.Nm ASN1_item_i2d , +.Nm ASN1_item_i2d_bio , +.Nm ASN1_item_i2d_fp , +.Nm i2d_ASN1_TYPE , +.Nm ASN1_item_dup , +.Nm ASN1_item_print +.Nd decode and encode ASN.1 objects +.Sh SYNOPSIS +.In openssl/asn1.h +.Ft ASN1_VALUE * +.Fo ASN1_item_d2i +.Fa "ASN1_VALUE **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fa "const ASN1_ITEM *it" +.Fc +.Ft void * +.Fo ASN1_item_d2i_bio +.Fa "const ASN1_ITEM *it" +.Fa "BIO *in_bio" +.Fa "void *val_out" +.Fc +.Ft void * +.Fo ASN1_item_d2i_fp +.Fa "const ASN1_ITEM *it" +.Fa "FILE *in_fp" +.Fa "void *val_out" +.Fc +.Ft ASN1_TYPE * +.Fo d2i_ASN1_TYPE +.Fa "ASN1_TYPE **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo ASN1_item_i2d +.Fa "ASN1_VALUE *val_in" +.Fa "unsigned char **der_out" +.Fa "const ASN1_ITEM *it" +.Fc +.Ft int +.Fo ASN1_item_i2d_bio +.Fa "const ASN1_ITEM *it" +.Fa "BIO *out_bio" +.Fa "void *val_in" +.Fc +.Ft int +.Fo ASN1_item_i2d_fp +.Fa "const ASN1_ITEM *it" +.Fa "FILE *out_fp" +.Fa "void *val_in" +.Fc +.Ft int +.Fo i2d_ASN1_TYPE +.Fa "ASN1_TYPE *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft void * +.Fo ASN1_item_dup +.Fa "const ASN1_ITEM *it" +.Fa "void *val_in" +.Fc +.Ft int +.Fo ASN1_item_print +.Fa "BIO *out_bio" +.Fa "ASN1_VALUE *val_in" +.Fa "int indent" +.Fa "const ASN1_ITEM *it" +.Fa "const ASN1_PCTX *pctx" +.Fc +.Sh DESCRIPTION +These functions convert ASN.1 values from their BER encoding to +internal C structures +.Pq Dq d2i +and vice versa +.Pq Dq i2d . +Unlike the C structures which contain pointers to sub-objects, BER +is a serialized encoding, suitable for transfer over the network +and for storage in a file. +.Pp +.Fn ASN1_item_d2i +interpretes +.Pf * Fa der_in +as a DER- or BER-encoded byte array and decodes one value of type +.Fa it +represented by up to +.Fa length +bytes. +If successful, +.Pf * Fa der_in +is advanced to the byte following the parsed data. +.Pp +If decoding succeeds and +.Fa val_out +or +.Pf * Fa val_out +is +.Dv NULL , +a new object is allocated. +.Pp +If decoding succeeds and +.Pf * Fa val_out +is not +.Dv NULL , +it is assumed to point to a valid populated object and an attempt +is made to reuse it. +It must not be an empty structure such as one returned by +.Xr ASN1_item_new 3 +or by one of the various type-specific +.Fn *_new +functions. +This +.Dq reuse +capability is present for backward compatibility, but its use is +strongly discouraged; see the +.Sx BUGS +section below. +.Pp +.Fn ASN1_item_d2i_bio +and +.Fn ASN1_item_d2i_fp +are similar to +.Fn ASN1_item_d2i +except that they read from a +.Vt BIO +or +.Vt FILE , +respectively. +.Pp +.Fn d2i_ASN1_TYPE +is similar to +.Fn ASN1_item_d2i +except that it does not require a desired type to be specified by +the user, but instead returns an +.Vt ASN1_TYPE +wrapper object containing both the type and the value found in the input. +.Pp +.Fn ASN1_item_i2d +encodes the object pointed to by +.Fa val_in +into DER format. +.Pp +If +.Pf * Fa der_out +is not +.Dv NULL , +it writes the DER-encoded data to the buffer at +.Pf * Fa der_out +and increments it to point after the data just written. +In this case, it is the responsibility of the user to make sure +that the buffer pointed to by +.Pf * Fa der_out +is long enough, such that no buffer owerflow can occur. +.Pp +If +.Pf * Fa der_out +is +.Dv NULL , +memory is allocated for a buffer, and +.Pf * Fa der_out +is not incremented, but points to the start of the data just written. +.Pp +If +.Fa der_out +is +.Dv NULL , +the encoded bytes are not written anywhere but discarded. +For +.Fa val_in +objects of variable encoding size, this is sometimes used to first +find the number of bytes that will be written. +Then, a sufficient amount of memory is allocated before calling +.Fn ASN1_item_i2d +again. +This explicit double-call technique is often not needed because the +auto-allocation technique described in the previous paragraph can +be used. +.Pp +.Fn ASN1_item_i2d_bio +and +.Fn ASN1_item_i2d_fp +are similar to +.Fn ASN1_item_i2d +except that they write to a +.Vt BIO +or +.Vt FILE , +respectively. +.Pp +.Fn i2d_ASN1_TYPE +is similar to +.Fn ASN1_item_i2d +except that the type and the value are not provided separately, +but in the form of a single +.Vt ASN1_TYPE +object. +.Pp +.Fn ASN1_item_dup +creates a deep copy of +.Fa val_in +by calling +.Fn ASN1_item_i2d +and +.Fn ASN1_item_d2i . +.Sh RETURN VALUES +If successful, +.Fn ASN1_item_d2i , +.Fn ASN1_item_d2i_bio , +.Fn ASN1_item_d2i_fp , +and +.Fn d2i_ASN1_TYPE +return a pointer to the decoded ASN.1 value. +In addition, if +.Fa val_out +is not +.Dv NULL , +the pointer is also written to +.Pf * Fa val_out . +If an error occurs, +.Dv NULL +is returned. +.Pp +.Fn ASN1_item_i2d +and +.Fn i2d_ASN1_TYPE +return the number of bytes written +or a negative value if an error occurs. +.Pp +.Fn ASN1_item_i2d_bio +and +.Fn ASN1_item_i2d_fp +return 1 for success or 0 for failure. +.Pp +.Fn ASN1_item_dup +returns the new +.Vt ASN1_VALUE +object or +.Dv NULL +if an error occurs. +.Sh EXAMPLES +Many type-specific wrapper functions exist. +Using those wrappers is recommended in application code +because it restores part of the type safety that the low-level +interfaces using +.Vt ASN1_VALUE +lack. +.Pp +For example, to allocate a buffer and write the DER encoding of an +.Vt X509 +object into it: +.Bd -literal -offset indent +X509 *x; +unsigned char *buf; +int len; + +buf = NULL; +len = i2d_X509(x, &buf); +if (len < 0) + /* error */ +.Ed +.Pp +Attempt to decode a buffer: +.Bd -literal -offset indent +X509 *x; +unsigned char *buf, *p; +int len; + +/* Set up buf and len to point to the input buffer. */ +p = buf; +x = d2i_X509(NULL, &p, len); +if (x == NULL) + /* error */ +.Ed +.Pp +Equivalent technique: +.Bd -literal -offset indent +X509 *x; +unsigned char *buf, *p; +int len; + +/* Set up buf and len to point to the input buffer. */ +p = buf; +x = NULL; + +if (d2i_X509(&x, &p, len) == NULL) + /* error */ +.Ed +.Sh SEE ALSO +.Xr ASN1_item_new 3 , +.Xr ASN1_TYPE_new 3 +.Sh HISTORY +.Fn d2i_ASN1_TYPE +and +.Fn i2d_ASN1_TYPE +first appeared in SSLeay 0.5.1 and have been available since +.Ox 2.4 . +.Pp +.Fn ASN1_item_d2i , +.Fn ASN1_item_d2i_bio , +.Fn ASN1_item_d2i_fp , +.Fn ASN1_item_i2d , +.Fn ASN1_item_i2d_bio , +.Fn ASN1_item_i2d_fp , +and +.Fn ASN1_item_dup +first appeared in OpenSSL 0.9.7 and have been available since +.Ox 3.2 . +.Pp +.Fn ASN1_item_print +first appeared in OpenSSL 1.0.0 and has been available since +.Ox 4.9 . +.Sh CAVEATS +If the type described by +.Fa it +fails to match the true type of +.Fa val_in +or +.Pf * Fa val_out , +buffer overflows and segmentation faults are likely to occur. +For more details about why the type +.Vt ASN1_VALUE +constitutes dangerous user interface design, see +.Xr ASN1_item_new 3 . +.Pp +The encoded data is in binary form and may contain embedded NUL bytes. +Functions such as +.Xr strlen 3 +will not return the correct length of the encoded data. +.Pp +While the way that +.Pf * Fa der_in +and +.Pf * Fa der_out +are incremented after the operation supports the typical usage +patterns of reading or writing one object after another, this +behaviour can trap the unwary. +.Pp +Using a temporary pointer into the buffer is mandatory. +A common mistake is to attempt to use a buffer directly as follows: +.Bd -literal -offset indent +X509 *x; +unsigned char *buf; +int len; + +len = i2d_X509(x, NULL); +buf = malloc(len); +i2d_X509(x, &buf); +/* do something with buf[] */ +free(buf); +.Ed +.Pp +This code will result in +.Va buf +apparently containing garbage because it was incremented during +.Fn i2d_X509 +to point after the data just written. +Also +.Va buf +will no longer contain the pointer allocated by +.Xr malloc 3 +and the subsequent call to +.Xr free 3 +is likely to crash. +.Pp +Another trap to avoid is misuse of the +.Fa val_out +argument: +.Bd -literal -offset indent +X509 *x; + +if (d2i_X509(&x, &p, len) == NULL) + /* error */ +.Ed +.Pp +This will probably crash somewhere in +.Fn d2i_X509 +because +.Va x +is uninitialized and an attempt will be made to interpret its invalid +content as an +.Vt X509 +object, typically causing a segmentation violation. +If +.Va x +is set to +.Dv NULL +first, then this will not happen. +.Sh BUGS +If the +.Dq reuse +capability is used, a valid object is passed in via +.Pf * Fa val_out , +and an error occurs, then the object is not freed and may be left +in an invalid or inconsistent state. +.Pp +In some versions of OpenSSL, the +.Dq reuse +behaviour is broken such that some parts of the reused object may +persist if they are not present in the new one. +.Pp +In many versions of OpenSSL, +.Fn ASN1_item_i2d +will not return an error if mandatory fields are not initialized +due to a programming error. +In that case, the encoded structure may contain invalid data and +some fields may be missing entirely, such that trying to parse it +with +.Fn ASN1_item_d2i +may fail. +.Pp +Any function which encodes an object may return a stale encoding +if the object has been modified after deserialization or previous +serialization. +This is because some objects cache the encoding for efficiency reasons. diff --git a/src/lib/libcrypto/man/ASN1_item_new.3 b/src/lib/libcrypto/man/ASN1_item_new.3 new file mode 100644 index 00000000000..259deaca56b --- /dev/null +++ b/src/lib/libcrypto/man/ASN1_item_new.3 @@ -0,0 +1,120 @@ +.\" $OpenBSD: ASN1_item_new.3,v 1.4 2018/03/22 21:08:22 schwarze Exp $ +.\" +.\" Copyright (c) 2016, 2018 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 22 2018 $ +.Dt ASN1_ITEM_NEW 3 +.Os +.Sh NAME +.Nm ASN1_item_new , +.Nm ASN1_item_free +.Nd generic ASN.1 value constructor and destructor +.Sh SYNOPSIS +.In openssl/asn1.h +.Ft ASN1_VALUE * +.Fo ASN1_item_new +.Fa "const ASN1_ITEM *it" +.Fc +.Ft void +.Fo ASN1_item_free +.Fa "ASN1_VALUE *val_in" +.Fa "const ASN1_ITEM *it" +.Fc +.Sh DESCRIPTION +.Fn ASN1_item_new +allocates and initializes an empty ASN.1 value +of the type described by the global static object +.Fa it . +.Pp +If the item type described by +.Fa it +is reference counted, +.Fn ASN1_item_free +decrements the reference count of +.Fa val_in . +Otherwise, or if the reference count reaches 0, +.Fn ASN1_item_free +frees +.Fa val_in , +assuming that it is of the type described by +.Fa it . +If the true type of +.Fa val_in +fails to match the specified +.Fa it , +buffer overflows and segmentation faults are likely to occur. +It is not possible to recover the type of an +.Vt ASN1_VALUE +object by inspecting it; the type always needs to be remembered +separately. +.Pp +.Vt ASN1_VALUE +is an incomplete type, and pointers to it always require casting +to the correct complete type before they can be dereferenced. +For all practical purposes, a pointer to +.Vt ASN1_VALUE +is equivalent to a +.Vt void +pointer. +.Pp +Depending on +.Fa it , +there are more than 150 different types that +.Fn ASN1_item_new +may return. +Most of them are pointers to structures or pointers to arrays of +structures, but there are a few exceptions, for example: +If +.Fa it +is +.Dv ASN1_NULL_it , +.Fn ASN1_item_new +returns a specific invalid pointer representing the unique +.Vt ASN1_NULL +object. +If +.Fa it +is +.Dv ASN1_BOOLEAN_it +or +.Dv LONG_it , +.Fn ASN1_item_new +does not return a pointer at all, but a +.Vt long +value cast to +.Vt ASN1_VALUE * . +.Sh RETURN VALUES +.Fn ASN1_item_new +returns the new +.Vt ASN1_VALUE +object or +.Dv NULL +if an error occurs. +.Sh SEE ALSO +.Xr ASN1_item_d2i 3 , +.Xr ASN1_TYPE_new 3 , +.Xr d2i_ASN1_NULL 3 , +.Xr OBJ_nid2obj 3 +.Sh HISTORY +.Fn ASN1_item_new +and +.Fn ASN1_item_free +first appeared in OpenSSL 0.9.7 and have been available since +.Ox 3.2 . +.Sh BUGS +The +.Vt ASN1_VALUE +type compromises type safety and invites programming mistakes that +will typically have severe consequences. diff --git a/src/lib/libcrypto/man/ASN1_time_parse.3 b/src/lib/libcrypto/man/ASN1_time_parse.3 new file mode 100644 index 00000000000..8604e181230 --- /dev/null +++ b/src/lib/libcrypto/man/ASN1_time_parse.3 @@ -0,0 +1,137 @@ +.\" $OpenBSD: ASN1_time_parse.3,v 1.7 2018/03/23 23:18:17 schwarze Exp $ +.\" +.\" Copyright (c) 2016 Bob Beck +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt ASN1_TIME_PARSE 3 +.Os +.Sh NAME +.Nm ASN1_time_parse , +.Nm ASN1_time_tm_cmp , +.Nm ASN1_TIME_set_tm +.Nd LibreSSL utilities for ASN.1 time types +.Sh SYNOPSIS +.In openssl/asn1.h +.Ft int +.Fn ASN1_time_parse "const char *bytes" "size_t len" "struct tm *tm" "int mode" +.Ft int +.Fn ASN1_time_tm_cmp "struct tm *tm1" "struct tm *tm2" +.Ft ASN1_TIME * +.Fn ASN1_TIME_set_tm "ASN1_TIME *s" "struct tm *tm" +.Sh DESCRIPTION +The +.Fn ASN1_time_parse +function parses an ASN.1 time string of +.Ar len +bytes starting at +.Ar bytes . +The resulting time is stored in +.Ar tm +if +.Ar tm +is not +.Dv NULL . +.Pp +The +.Ar mode +parameter must be one of +.Bl -bullet -offset four +.It +0 to parse a time as specified in RFC 5280 for an X509 object, +which may be either a UTC time or a Generalized time. +.It +.Dv V_ASN1_UTCTIME +to parse an RFC 5280 format UTC time. +.It +.Dv V_ASN1_GENERALIZEDTIME +to parse an RFC 5280 format Generalized time. +.El +.Pp +The +.Fn ASN1_time_tm_cmp +function compares two times in +.Ar tm1 +and +.Ar tm2 . +.Pp +The function +.Fn ASN1_TIME_set_tm +sets the +.Vt ASN1_TIME +structure +.Fa s +to the time represented by the +.Vt struct tm +value pointed to by +.Fa tm . +If +.Fa s +is +.Dv NULL , +a new +.Vt ASN1_TIME +structure is allocated and returned. +.Sh RETURN VALUES +.Fn ASN1_parse_time +returns +.Bl -bullet -offset four +.It +-1 if the string was invalid for the +.Ar mode +specified. +.It +.Dv V_ASN1_UTCTIME +if the string parsed as a valid UTC time. +.It +.Dv V_ASN1_GENERALIZEDTIME +if the string parsed as a valid Generalized time. +.El +.Pp +.Fn ASN1_time_tm_cmp +returns +.Bl -bullet -offset four +.It +-1 if +.Ar tm1 +is less than +.Ar tm2 . +.It +1 if +.Ar tm1 +is greater than +.Ar tm2 . +.It +0 if +.Ar tm1 +is the same as +.Ar tm2 . +.El +.Pp +.Fn ASN1_TIME_set_tm +returns a pointer to an +.Vt ASN1_TIME +structure or +.Dv NULL +if an error occurred. +.Sh HISTORY +.Fn ASN1_time_parse +and +.Fn ASN1_time_tm_cmp +first appeared in +.Ox 6.1 +and +.Fn ASN1_TIME_set_tm +in +.Ox 6.2 . diff --git a/src/lib/libcrypto/man/AUTHORITY_KEYID_new.3 b/src/lib/libcrypto/man/AUTHORITY_KEYID_new.3 new file mode 100644 index 00000000000..846be074ece --- /dev/null +++ b/src/lib/libcrypto/man/AUTHORITY_KEYID_new.3 @@ -0,0 +1,72 @@ +.\" $OpenBSD: AUTHORITY_KEYID_new.3,v 1.3 2018/03/21 16:09:51 schwarze Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 21 2018 $ +.Dt AUTHORITY_KEYID_NEW 3 +.Os +.Sh NAME +.Nm AUTHORITY_KEYID_new , +.Nm AUTHORITY_KEYID_free +.Nd X.509 authority key identifier extension +.Sh SYNOPSIS +.In openssl/x509v3.h +.Ft AUTHORITY_KEYID * +.Fn AUTHORITY_KEYID_new void +.Ft void +.Fn AUTHORITY_KEYID_free "AUTHORITY_KEYID *id" +.Sh DESCRIPTION +Using the authority key identifier extension, an X.509 certificate +or certificate revocation list can specify which key pair was used +for signing it. +.Pp +.Fn AUTHORITY_KEYID_new +allocates and initializes an empty +.Vt AUTHORITY_KEYID +object, representing an ASN.1 +.Vt AuthorityKeyIdentifier +structure defined in RFC 5280 section 4.2.1.1. +It can hold an issuer name, a serial number, and a key identifier. +.Pp +.Fn AUTHORITY_KEYID_free +frees +.Fa id . +.Sh RETURN VALUES +.Fn AUTHORITY_KEYID_new +returns the new +.Vt AUTHORITY_KEYID +object or +.Dv NULL +if an error occurs. +.Sh SEE ALSO +.Xr GENERAL_NAMES_new 3 , +.Xr X509_CRL_new 3 , +.Xr X509_EXTENSION_new 3 , +.Xr X509_new 3 +.Sh STANDARDS +RFC 5280: Internet X.509 Public Key Infrastructure Certificate and +Certificate Revocation List (CRL) Profile: +.Bl -dash -compact +.It +section 4.2.1.1: Certificate Extensions: Authority Key Identifier +.It +section 5.2.1: CRL Extensions: Authority Key Identifier +.El +.Sh HISTORY +.Fn AUTHORITY_KEYID_new +and +.Fn AUTHORITY_KEYID_free +first appeared in OpenSSL 0.9.2b and have been available since +.Ox 2.6 . diff --git a/src/lib/libcrypto/man/BASIC_CONSTRAINTS_new.3 b/src/lib/libcrypto/man/BASIC_CONSTRAINTS_new.3 new file mode 100644 index 00000000000..edc3f544840 --- /dev/null +++ b/src/lib/libcrypto/man/BASIC_CONSTRAINTS_new.3 @@ -0,0 +1,86 @@ +.\" $OpenBSD: BASIC_CONSTRAINTS_new.3,v 1.3 2018/03/21 16:09:51 schwarze Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 21 2018 $ +.Dt BASIC_CONSTRAINTS_NEW 3 +.Os +.Sh NAME +.Nm BASIC_CONSTRAINTS_new , +.Nm BASIC_CONSTRAINTS_free +.Nd X.509 extension to mark CA certificates +.Sh SYNOPSIS +.In openssl/x509v3.h +.Ft BASIC_CONSTRAINTS * +.Fn BASIC_CONSTRAINTS_new void +.Ft void +.Fn BASIC_CONSTRAINTS_free "BASIC_CONSTRAINTS *bc" +.Sh DESCRIPTION +.Fn BASIC_CONSTRAINTS_new +allocates and initializes an empty +.Vt BASIC_CONSTRAINTS +object, representing an ASN.1 +.Vt BasicConstraints +structure defined in RFC 5280 section 4.2.1.9. +.Pp +This object contains two fields. +The field +.Fa "int ca" +is non-zero if the certificate is a CA certificate. +The field +.Fa "ASN1_INTEGER *pathlen" +specifies the maximum number of non-self-issued intermediate +certificates that may follow this certificate in a valid +certification path. +.Pp +If an X.509 version 3 certificate does not contain this extension +or if the +.Fa ca +field of the +.Vt BASIC_CONSTRAINTS +object is 0, or if the certificate contains a key usage extension +having the +.Dv KU_KEY_CERT_SIGN +bit unset, then it is not a CA certificate but an end entity +certificate. +.Pp +.Fn BASIC_CONSTRAINTS_free +frees +.Fa bc . +.Sh RETURN VALUES +.Fn BASIC_CONSTRAINTS_new +returns the new +.Vt BASIC_CONSTRAINTS +object or +.Dv NULL +if an error occurs. +.Sh SEE ALSO +.Xr X509_EXTENSION_new 3 , +.Xr X509_new 3 +.Sh STANDARDS +RFC 5280: Internet X.509 Public Key Infrastructure Certificate and +Certificate Revocation List (CRL) Profile: +.Bl -dash -compact +.It +section 4.2.1.9: Basic Constraints +.It +section 6.1: Basic Path Validation +.El +.Sh HISTORY +.Fn BASIC_CONSTRAINTS_new +and +.Fn BASIC_CONSTRAINTS_free +first appeared in OpenSSL 0.9.2b and have been available since +.Ox 2.6 . diff --git a/src/lib/libcrypto/man/BF_set_key.3 b/src/lib/libcrypto/man/BF_set_key.3 new file mode 100644 index 00000000000..b2c5fdc947f --- /dev/null +++ b/src/lib/libcrypto/man/BF_set_key.3 @@ -0,0 +1,273 @@ +.\" $OpenBSD: BF_set_key.3,v 1.9 2019/01/02 07:42:21 jmc Exp $ +.\" OpenSSL 99d63d46 Jul 19 09:27:53 2016 -0400 +.\" +.\" This file was written by Richard Levitte . +.\" Copyright (c) 2000, 2002, 2005, 2014, 2016 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: January 2 2019 $ +.Dt BF_SET_KEY 3 +.Os +.Sh NAME +.Nm BF_set_key , +.Nm BF_encrypt , +.Nm BF_decrypt , +.Nm BF_ecb_encrypt , +.Nm BF_cbc_encrypt , +.Nm BF_cfb64_encrypt , +.Nm BF_ofb64_encrypt , +.Nm BF_options +.Nd Blowfish encryption +.Sh SYNOPSIS +.In openssl/blowfish.h +.Ft void +.Fo BF_set_key +.Fa "BF_KEY *key" +.Fa "int len" +.Fa "const unsigned char *data" +.Fc +.Ft void +.Fo BF_encrypt +.Fa "BF_LONG *data" +.Fa "const BF_KEY *key" +.Fc +.Ft void +.Fo BF_decrypt +.Fa "BF_LONG *data" +.Fa "const BF_KEY *key" +.Fc +.Ft void +.Fo BF_ecb_encrypt +.Fa "const unsigned char *in" +.Fa "unsigned char *out" +.Fa "BF_KEY *key" +.Fa "int enc" +.Fc +.Ft void +.Fo BF_cbc_encrypt +.Fa "const unsigned char *in" +.Fa "unsigned char *out" +.Fa "long length" +.Fa "BF_KEY *schedule" +.Fa "unsigned char *ivec" +.Fa "int enc" +.Fc +.Ft void +.Fo BF_cfb64_encrypt +.Fa "const unsigned char *in" +.Fa "unsigned char *out" +.Fa "long length" +.Fa "BF_KEY *schedule" +.Fa "unsigned char *ivec" +.Fa "int *num" +.Fa "int enc" +.Fc +.Ft void +.Fo BF_ofb64_encrypt +.Fa "const unsigned char *in" +.Fa "unsigned char *out" +.Fa "long length" +.Fa "BF_KEY *schedule" +.Fa "unsigned char *ivec" +.Fa "int *num" +.Fc +.Ft const char * +.Fo BF_options +.Fa void +.Fc +.Sh DESCRIPTION +This library implements the Blowfish cipher, +which was invented and defined by +.An Counterpane . +Note that applications should use higher level functions such as +.Xr EVP_EncryptInit 3 +instead of calling the Blowfish functions directly. +.Pp +Blowfish is a block cipher that operates on 64-bit (8 byte) blocks of data. +It uses a variable size key, but typically, 128-bit (16 byte) keys +are considered good for strong encryption. +Blowfish can be used in the same modes as DES +and is currently one of the faster block ciphers. +It is quite a bit faster than DES, and much faster than IDEA or RC2. +.Pp +Blowfish consists of a key setup phase +and the actual encryption or decryption phase. +.Pp +.Fn BF_set_key +sets up the +.Vt BF_KEY +.Fa key +using the +.Fa len +bytes long key at +.Fa data . +.Pp +.Fn BF_ecb_encrypt +is the basic Blowfish encryption and decryption function. +It encrypts or decrypts the first 64 bits of +.Fa in +using the key +.Fa key , +putting the result in +.Fa out . +.Fa enc +decides if encryption +.Pq Dv BF_ENCRYPT +or decryption +.Pq Dv BF_DECRYPT +shall be performed. +The vector pointed at by +.Fa in +and +.Fa out +must be 64 bits in length, no less. +If they are larger, everything after the first 64 bits is ignored. +.Pp +The mode functions +.Fn BF_cbc_encrypt , +.Fn BF_cfb64_encrypt , +and +.Fn BF_ofb64_encrypt +all operate on variable length data. +They all take an initialization vector +.Fa ivec +which needs to be passed along into the next call of the same function +for the same message. +.Fa ivec +may be initialized with anything, but the recipient needs to know what +it was initialized with, or it won't be able to decrypt. +Some programs and protocols simplify this, like SSH, where +.Fa ivec +is simply initialized to zero. +.Fn BF_cbc_encrypt +operates on data that is a multiple of 8 bytes long, while +.Fn BF_cfb64_encrypt +and +.Fn BF_ofb64_encrypt +are used to encrypt a variable number of bytes (the amount +does not have to be an exact multiple of 8). +The purpose of the latter two is to simulate stream ciphers and, +therefore, they need the parameter +.Fa num , +which is a pointer to an integer where the current offset in +.Fa ivec +is stored between calls. +This integer must be initialized to zero when +.Fa ivec +is initialized. +.Pp +.Fn BF_cbc_encrypt +is the Cipher Block Chaining function for Blowfish. +It encrypts or decrypts the 64-bit chunks of +.Fa in +using the key +.Fa schedule , +putting the result in +.Fa out . +.Fa enc +decides if encryption +.Pq Dv BF_ENCRYPT +or decryption +.Pq Dv BF_DECRYPT +shall be performed. +.Fa ivec +must point at an 8-byte long initialization vector. +.Pp +.Fn BF_cfb64_encrypt +is the CFB mode for Blowfish with 64-bit feedback. +It encrypts or decrypts the bytes in +.Fa in +using the key +.Fa schedule , +putting the result in +.Fa out . +.Fa enc +decides if encryption +.Pq Dv BF_ENCRYPT +or decryption +.Pq Dv BF_DECRYPT +shall be performed. +.Fa ivec +must point at an +8-byte long initialization vector. +.Fa num +must point at an integer which must be initially zero. +.Pp +.Fn BF_ofb64_encrypt +is the OFB mode for Blowfish with 64-bit feedback. +It uses the same parameters as +.Fn BF_cfb64_encrypt , +which must be initialized the same way. +.Pp +.Fn BF_encrypt +and +.Fn BF_decrypt +are the lowest level functions for Blowfish encryption. +They encrypt/decrypt the first 64 bits of the vector pointed by +.Fa data , +using the key +.Fa key . +These functions should not be used unless implementing `modes' of Blowfish. +The alternative is to use +.Fn BF_ecb_encrypt . +Be aware that these functions take each 32-bit chunk in host-byte order, +which is little-endian on little-endian platforms +and big-endian on big-endian ones. +.Sh HISTORY +.Fn BF_set_key , +.Fn BF_encrypt , +.Fn BF_ecb_encrypt , +.Fn BF_cbc_encrypt , +.Fn BF_cfb64_encrypt , +.Fn BF_ofb64_encrypt , +and +.Fn BF_options +first appeared in SSLeay 0.6.6. +.Fn BF_decrypt +first appeared in SSLeay 0.9.0. +All these functions have been available since +.Ox 2.4 . diff --git a/src/lib/libcrypto/man/BIO_ctrl.3 b/src/lib/libcrypto/man/BIO_ctrl.3 new file mode 100644 index 00000000000..98c78be1344 --- /dev/null +++ b/src/lib/libcrypto/man/BIO_ctrl.3 @@ -0,0 +1,354 @@ +.\" $OpenBSD: BIO_ctrl.3,v 1.14 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b055fceb Thu Oct 20 09:56:18 2016 +0100 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2000, 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt BIO_CTRL 3 +.Os +.Sh NAME +.Nm BIO_ctrl , +.Nm BIO_callback_ctrl , +.Nm BIO_ptr_ctrl , +.Nm BIO_int_ctrl , +.Nm BIO_reset , +.Nm BIO_seek , +.Nm BIO_tell , +.Nm BIO_flush , +.Nm BIO_eof , +.Nm BIO_set_close , +.Nm BIO_get_close , +.Nm BIO_pending , +.Nm BIO_wpending , +.Nm BIO_ctrl_pending , +.Nm BIO_ctrl_wpending , +.Nm BIO_get_info_callback , +.Nm BIO_set_info_callback , +.Nm bio_info_cb +.Nd BIO control operations +.Sh SYNOPSIS +.In openssl/bio.h +.Ft long +.Fo BIO_ctrl +.Fa "BIO *bp" +.Fa "int cmd" +.Fa "long larg" +.Fa "void *parg" +.Fc +.Ft long +.Fo BIO_callback_ctrl +.Fa "BIO *b" +.Fa "int cmd" +.Fa "bio_info_cb cb" +.Fc +.Ft char * +.Fo BIO_ptr_ctrl +.Fa "BIO *bp" +.Fa "int cmd" +.Fa "long larg" +.Fc +.Ft long +.Fo BIO_int_ctrl +.Fa "BIO *bp" +.Fa "int cmd" +.Fa "long larg" +.Fa "int iarg" +.Fc +.Ft int +.Fo BIO_reset +.Fa "BIO *b" +.Fc +.Ft int +.Fo BIO_seek +.Fa "BIO *b" +.Fa "int ofs" +.Fc +.Ft int +.Fo BIO_tell +.Fa "BIO *b" +.Fc +.Ft int +.Fo BIO_flush +.Fa "BIO *b" +.Fc +.Ft int +.Fo BIO_eof +.Fa "BIO *b" +.Fc +.Ft int +.Fo BIO_set_close +.Fa "BIO *b" +.Fa "long flag" +.Fc +.Ft int +.Fo BIO_get_close +.Fa "BIO *b" +.Fc +.Ft int +.Fo BIO_pending +.Fa "BIO *b" +.Fc +.Ft int +.Fo BIO_wpending +.Fa "BIO *b" +.Fc +.Ft size_t +.Fo BIO_ctrl_pending +.Fa "BIO *b" +.Fc +.Ft size_t +.Fo BIO_ctrl_wpending +.Fa "BIO *b" +.Fc +.Ft int +.Fo BIO_get_info_callback +.Fa "BIO *b" +.Fa "bio_info_cb **cbp" +.Fc +.Ft int +.Fo BIO_set_info_callback +.Fa "BIO *b" +.Fa "bio_info_cb *cb" +.Fc +.Ft typedef void +.Fo bio_info_cb +.Fa "BIO *b" +.Fa "int oper" +.Fa "const char *ptr" +.Fa "int arg1" +.Fa "long arg2" +.Fa "long arg3" +.Fc +.Sh DESCRIPTION +.Fn BIO_ctrl , +.Fn BIO_callback_ctrl , +.Fn BIO_ptr_ctrl , +and +.Fn BIO_int_ctrl +are BIO "control" operations taking arguments of various types. +These functions are not normally called directly - +various macros are used instead. +The standard macros are described below. +Macros specific to a particular type of BIO +are described in the specific BIO's manual page +as well as any special features of the standard calls. +.Pp +.Fn BIO_reset +typically resets a BIO to some initial state. +In the case of file related BIOs, for example, +it rewinds the file pointer to the start of the file. +.Pp +.Fn BIO_seek +resets a file related BIO's (that is file descriptor and +FILE BIOs) file position pointer to +.Fa ofs +bytes from start of file. +.Pp +.Fn BIO_tell +returns the current file position of a file related BIO. +.Pp +.Fn BIO_flush +normally writes out any internally buffered data. +In some cases it is used to signal EOF and that no more data will be written. +.Pp +.Fn BIO_eof +returns 1 if the BIO has read EOF. +The precise meaning of "EOF" varies according to the BIO type. +.Pp +.Fn BIO_set_close +sets the BIO +.Fa b +close flag to +.Fa flag . +.Fa flag +can take the value +.Dv BIO_CLOSE +or +.Dv BIO_NOCLOSE . +Typically +.Dv BIO_CLOSE +is used in a source/sink BIO to indicate that the underlying I/O stream +should be closed when the BIO is freed. +.Pp +.Fn BIO_get_close +returns the BIO's close flag. +.Pp +.Fn BIO_pending , +.Fn BIO_ctrl_pending , +.Fn BIO_wpending , +and +.Fn BIO_ctrl_wpending +return the number of pending characters in the BIO's read and write buffers. +Not all BIOs support these calls. +.Fn BIO_ctrl_pending +and +.Fn BIO_ctrl_wpending +return a +.Vt size_t +type and are functions. +.Fn BIO_pending +and +.Fn BIO_wpending +are macros which call +.Fn BIO_ctrl . +.Sh RETURN VALUES +.Fn BIO_reset +normally returns 1 for success and 0 or -1 for failure. +File BIOs are an exception, returning 0 for success and -1 for failure. +.Pp +.Fn BIO_seek +and +.Fn BIO_tell +both return the current file position on success +and -1 for failure, except file BIOs which for +.Fn BIO_seek +always return 0 for success and -1 for failure. +.Pp +.Fn BIO_flush +returns 1 for success and 0 or -1 for failure. +.Pp +.Fn BIO_eof +returns 1 if EOF has been reached or 0 otherwise. +.Pp +.Fn BIO_set_close +always returns 1. +.Pp +.Fn BIO_get_close +returns the close flag value +.Dv BIO_CLOSE +or +.Dv BIO_NOCLOSE . +.Pp +.Fn BIO_pending , +.Fn BIO_ctrl_pending , +.Fn BIO_wpending , +and +.Fn BIO_ctrl_wpending +return the amount of pending data. +.Sh NOTES +Because it can write data, +.Fn BIO_flush +may return 0 or -1 indicating that the call should be retried later +in a similar manner to +.Xr BIO_write 3 . +The +.Xr BIO_should_retry 3 +call should be used and appropriate action taken if the call fails. +.Pp +The return values of +.Fn BIO_pending +and +.Fn BIO_wpending +may not reliably determine the amount of pending data in all cases. +For example in the case of a file BIO some data may be available in the +.Vt FILE +structure's internal buffers but it is not possible +to determine this in a portable way. +For other types of BIO they may not be supported. +.Pp +If they do not internally handle a particular +.Fn BIO_ctrl +operation, filter BIOs usually pass the operation +to the next BIO in the chain. +This often means there is no need to locate the required BIO for +a particular operation: it can be called on a chain and it will +be automatically passed to the relevant BIO. +However this can cause unexpected results. +For example no current filter BIOs implement +.Fn BIO_seek , +but this may still succeed if the chain ends +in a FILE or file descriptor BIO. +.Pp +Source/sink BIOs return an 0 if they do not recognize the +.Fn BIO_ctrl +operation. +.Sh SEE ALSO +.Xr BIO_meth_new 3 , +.Xr BIO_new 3 +.Sh HISTORY +.Fn BIO_ctrl , +.Fn BIO_reset , +.Fn BIO_flush , +.Fn BIO_eof , +.Fn BIO_set_close , +.Fn BIO_get_close , +and +.Fn BIO_pending +first appeared in SSLeay 0.6.0. +.Fn BIO_wpending +first appeared in SSLeay 0.8.1. +.Fn BIO_ptr_ctrl , +.Fn BIO_int_ctrl , +.Fn BIO_get_info_callback +and +.Fn BIO_set_info_callback +first appeared in SSLeay 0.9.0. +All these functions have been available since +.Ox 2.4 . +.Pp +.Fn BIO_seek +and +.Fn BIO_tell +first appeared in SSLeay 0.9.1. +.Fn BIO_ctrl_pending +and +.Fn BIO_ctrl_wpending +first appeared in OpenSSL 0.9.4. +These functions have been available since +.Ox 2.6 . +.Pp +.Fn BIO_callback_ctrl +first appeared in OpenSSL 0.9.5 and has been available since +.Ox 2.7 . +.Sh BUGS +Some of the return values are ambiguous and care should be taken. +In particular a return value of 0 can be returned if an operation +is not supported, if an error occurred, if EOF has not been reached +and in the case of +.Fn BIO_seek +on a file BIO for a successful operation. diff --git a/src/lib/libcrypto/man/BIO_f_base64.3 b/src/lib/libcrypto/man/BIO_f_base64.3 new file mode 100644 index 00000000000..291cabc5de6 --- /dev/null +++ b/src/lib/libcrypto/man/BIO_f_base64.3 @@ -0,0 +1,134 @@ +.\" $OpenBSD: BIO_f_base64.3,v 1.10 2018/05/02 16:04:35 schwarze Exp $ +.\" OpenSSL fc1d88f0 Wed Jul 2 22:42:40 2014 -0400 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2000, 2003, 2005, 2014 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: May 2 2018 $ +.Dt BIO_F_BASE64 3 +.Os +.Sh NAME +.Nm BIO_f_base64 +.Nd base64 BIO filter +.Sh SYNOPSIS +.In openssl/bio.h +.In openssl/evp.h +.Ft const BIO_METHOD * +.Fo BIO_f_base64 +.Fa void +.Fc +.Sh DESCRIPTION +.Fn BIO_f_base64 +returns the base64 BIO method. +This is a filter BIO that base64 encodes any data written through it +and decodes any data read through it. +.Pp +Base64 BIOs do not support +.Xr BIO_gets 3 +or +.Xr BIO_puts 3 . +.Pp +.Xr BIO_flush 3 +on a base64 BIO that is being written through +is used to signal that no more data is to be encoded: +this is used to flush the final block through the BIO. +.Pp +To encode the data all on one line and to expect the data to be all +on one line, initialize the base64 BIO as follows: +.Bd -literal -offset indent +BIO *b64 = BIO_new(BIO_f_base64()); +BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); +.Ed +.Sh RETURN VALUES +.Fn BIO_f_base64 +returns the base64 BIO method. +.Sh EXAMPLES +Base64 encode the string "Hello World\en" +and write the result to standard output: +.Bd -literal -offset indent +BIO *bio, *b64; +char message[] = "Hello World \en"; + +b64 = BIO_new(BIO_f_base64()); +bio = BIO_new_fp(stdout, BIO_NOCLOSE); +BIO_push(b64, bio); +BIO_write(b64, message, strlen(message)); +BIO_flush(b64); + +BIO_free_all(b64); +.Ed +.Pp +Read Base64-encoded data from standard input +and write the decoded data to standard output: +.Bd -literal -offset indent +BIO *bio, *b64, *bio_out; +char inbuf[512]; +int inlen; + +b64 = BIO_new(BIO_f_base64()); +bio = BIO_new_fp(stdin, BIO_NOCLOSE); +bio_out = BIO_new_fp(stdout, BIO_NOCLOSE); +BIO_push(b64, bio); +while((inlen = BIO_read(b64, inbuf, 512)) > 0) + BIO_write(bio_out, inbuf, inlen); + +BIO_flush(bio_out); +BIO_free_all(b64); +.Ed +.Sh SEE ALSO +.Xr BIO_new 3 +.Sh HISTORY +.Fn BIO_f_base64 +first appeared in SSLeay 0.6.5 and has been available since +.Ox 2.4 . +.Sh BUGS +The ambiguity of EOF in base64-encoded data can cause additional +data following the base64-encoded block to be misinterpreted. +.Pp +There should be some way of specifying a test that the BIO can perform +to reliably determine EOF (for example a MIME boundary). diff --git a/src/lib/libcrypto/man/BIO_f_buffer.3 b/src/lib/libcrypto/man/BIO_f_buffer.3 new file mode 100644 index 00000000000..21a6e9a5fe8 --- /dev/null +++ b/src/lib/libcrypto/man/BIO_f_buffer.3 @@ -0,0 +1,197 @@ +.\" $OpenBSD: BIO_f_buffer.3,v 1.10 2018/05/01 17:05:05 schwarze Exp $ +.\" OpenSSL 9b86974e Mar 19 12:32:14 2016 -0400 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2000, 2010, 2015, 2016 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: May 1 2018 $ +.Dt BIO_F_BUFFER 3 +.Os +.Sh NAME +.Nm BIO_f_buffer , +.Nm BIO_get_buffer_num_lines , +.Nm BIO_set_read_buffer_size , +.Nm BIO_set_write_buffer_size , +.Nm BIO_set_buffer_size , +.Nm BIO_set_buffer_read_data +.Nd buffering BIO +.Sh SYNOPSIS +.In openssl/bio.h +.Ft const BIO_METHOD * +.Fo BIO_f_buffer +.Fa void +.Fc +.Ft long +.Fo BIO_get_buffer_num_lines +.Fa "BIO *b" +.Fc +.Ft long +.Fo BIO_set_read_buffer_size +.Fa "BIO *b" +.Fa "long size" +.Fc +.Ft long +.Fo BIO_set_write_buffer_size +.Fa "BIO *b" +.Fa "long size" +.Fc +.Ft long +.Fo BIO_set_buffer_size +.Fa "BIO *b" +.Fa "long size" +.Fc +.Fo BIO_set_buffer_read_data +.Fa "BIO *b" +.Fa "void *buf" +.Fa "long num" +.Fc +.Sh DESCRIPTION +.Fn BIO_f_buffer +returns the buffering BIO method. +.Pp +Data written to a buffering BIO is buffered and periodically written +to the next BIO in the chain. +Data read from a buffering BIO comes from an internal buffer +which is filled from the next BIO in the chain. +Both +.Xr BIO_gets 3 +and +.Xr BIO_puts 3 +are supported. +.Pp +Calling +.Xr BIO_reset 3 +on a buffering BIO clears any buffered data. +.Pp +.Fn BIO_get_buffer_num_lines +returns the number of lines currently buffered. +.Pp +.Fn BIO_set_read_buffer_size , +.Fn BIO_set_write_buffer_size , +and +.Fn BIO_set_buffer_size +set the read, write or both read and write buffer sizes to +.Fa size . +The initial buffer size is +.Dv DEFAULT_BUFFER_SIZE , +currently 4096. +Any attempt to reduce the buffer size below +.Dv DEFAULT_BUFFER_SIZE +is ignored. +Any buffered data is cleared when the buffer is resized. +.Pp +.Fn BIO_set_buffer_read_data +clears the read buffer and fills it with +.Fa num +bytes of +.Fa buf . +If +.Fa num +is larger than the current buffer size the buffer is expanded. +.Pp +Except +.Fn BIO_f_buffer , +these functions are implemented as macros. +.Pp +Buffering BIOs implement +.Xr BIO_gets 3 +by using +.Xr BIO_read 3 +operations on the next BIO in the chain. +By prepending a buffering BIO to a chain +it is therefore possible to provide the functionality of +.Xr BIO_gets 3 +if the following BIOs do not support it (for example SSL BIOs). +.Pp +Data is only written to the next BIO in the chain +when the write buffer fills or when +.Xr BIO_flush 3 +is called. +It is therefore important to call +.Xr BIO_flush 3 +whenever any pending data should be written +such as when removing a buffering BIO using +.Xr BIO_pop 3 . +.Xr BIO_flush 3 +may need to be retried if the ultimate source/sink BIO is non-blocking. +.Sh RETURN VALUES +.Fn BIO_f_buffer +returns the buffering BIO method. +.Pp +.Fn BIO_get_buffer_num_lines +returns the number of lines buffered (may be 0). +.Pp +.Fn BIO_set_read_buffer_size , +.Fn BIO_set_write_buffer_size , +and +.Fn BIO_set_buffer_size +return 1 if the buffer was successfully resized or 0 for failure. +.Pp +.Fn BIO_set_buffer_read_data +returns 1 if the data was set correctly or 0 if there was an error. +.Sh SEE ALSO +.Xr BIO_ctrl 3 , +.Xr BIO_flush 3 , +.Xr BIO_new 3 , +.Xr BIO_pop 3 , +.Xr BIO_reset 3 +.Sh HISTORY +.Fn BIO_f_buffer +first appeared in SSLeay 0.6.0. +.Fn BIO_get_buffer_num_lines +and +.Fn BIO_set_buffer_size +first appeared in SSLeay 0.6.5. +.Fn BIO_set_read_buffer_size +and +.Fn BIO_set_write_buffer_size +first appeared in SSLeay 0.8.0. +.Fn BIO_set_buffer_read_data +first appeared in SSLeay 0.9.0. +All these functions have been available since +.Ox 2.4 . diff --git a/src/lib/libcrypto/man/BIO_f_cipher.3 b/src/lib/libcrypto/man/BIO_f_cipher.3 new file mode 100644 index 00000000000..ccd374681f6 --- /dev/null +++ b/src/lib/libcrypto/man/BIO_f_cipher.3 @@ -0,0 +1,177 @@ +.\" $OpenBSD: BIO_f_cipher.3,v 1.11 2018/08/24 19:32:26 tb Exp $ +.\" OpenSSL 186bb907 Apr 13 11:05:13 2015 -0700 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2000, 2003, 2015, 2016 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: August 24 2018 $ +.Dt BIO_F_CIPHER 3 +.Os +.Sh NAME +.Nm BIO_f_cipher , +.Nm BIO_set_cipher , +.Nm BIO_get_cipher_status , +.Nm BIO_get_cipher_ctx +.Nd cipher BIO filter +.Sh SYNOPSIS +.In openssl/bio.h +.In openssl/evp.h +.Ft const BIO_METHOD * +.Fo BIO_f_cipher +.Fa void +.Fc +.Ft int +.Fo BIO_set_cipher +.Fa "BIO *b" +.Fa "const EVP_CIPHER *cipher" +.Fa "unsigned char *key" +.Fa "unsigned char *iv" +.Fa "int enc" +.Fc +.Ft int +.Fo BIO_get_cipher_status +.Fa "BIO *b" +.Fc +.Ft int +.Fo BIO_get_cipher_ctx +.Fa "BIO *b" +.Fa "EVP_CIPHER_CTX **pctx" +.Fc +.Sh DESCRIPTION +.Fn BIO_f_cipher +returns the cipher BIO method. +This is a filter BIO that encrypts any data written through it, +and decrypts any data read from it. +It is a BIO wrapper for the cipher routines +.Xr EVP_CipherInit 3 , +.Xr EVP_CipherUpdate 3 , +and +.Xr EVP_CipherFinal 3 . +.Pp +Cipher BIOs do not support +.Xr BIO_gets 3 +or +.Xr BIO_puts 3 . +.Pp +.Xr BIO_flush 3 +on an encryption BIO that is being written through +is used to signal that no more data is to be encrypted: +this is used to flush and possibly pad the final block through the BIO. +.Pp +.Fn BIO_set_cipher +sets the cipher of BIO +.Fa b +to +.Fa cipher +using key +.Fa key +and IV +.Fa iv . +.Fa enc +should be set to 1 for encryption and zero for decryption. +.Pp +When reading from an encryption BIO, the final block is automatically +decrypted and checked when EOF is detected. +.Fn BIO_get_cipher_status +is a +.Xr BIO_ctrl 3 +macro which can be called to determine +whether the decryption operation was successful. +.Pp +.Fn BIO_get_cipher_ctx +is a +.Xr BIO_ctrl 3 +macro which retrieves the internal BIO cipher context. +The retrieved context can be used in conjunction +with the standard cipher routines to set it up. +This is useful when +.Fn BIO_set_cipher +is not flexible enough for the applications needs. +.Pp +When encrypting, +.Xr BIO_flush 3 +must be called to flush the final block through the BIO. +If it is not, then the final block will fail a subsequent decrypt. +.Pp +When decrypting, an error on the final block is signalled +by a zero return value from the read operation. +A successful decrypt followed by EOF +will also return zero for the final read. +.Fn BIO_get_cipher_status +should be called to determine if the decrypt was successful. +.Pp +As always, if +.Xr BIO_gets 3 +or +.Xr BIO_puts 3 +support is needed, then it can be achieved +by preceding the cipher BIO with a buffering BIO. +.Sh RETURN VALUES +.Fn BIO_f_cipher +returns the cipher BIO method. +.Fn BIO_set_cipher +returns 1 on success and 0 on error. +.Pp +.Fn BIO_get_cipher_status +returns 1 for a successful decrypt and 0 for failure. +.Pp +.Fn BIO_get_cipher_ctx +currently always returns 1. +.Sh SEE ALSO +.Xr BIO_new 3 +.Sh HISTORY +.Fn BIO_f_cipher , +.Fn BIO_set_cipher , +and +.Fn BIO_get_cipher_status +first appeared in SSLeay 0.6.5 and have been available since +.Ox 2.4 . +.Pp +.Fn BIO_get_cipher_ctx +first appeared in SSLeay 0.9.1 and has been available since +.Ox 2.6 . diff --git a/src/lib/libcrypto/man/BIO_f_md.3 b/src/lib/libcrypto/man/BIO_f_md.3 new file mode 100644 index 00000000000..792d64abce0 --- /dev/null +++ b/src/lib/libcrypto/man/BIO_f_md.3 @@ -0,0 +1,278 @@ +.\" $OpenBSD: BIO_f_md.3,v 1.10 2018/05/02 16:04:35 schwarze Exp $ +.\" OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2000, 2006, 2009, 2016 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: May 2 2018 $ +.Dt BIO_F_MD 3 +.Os +.Sh NAME +.Nm BIO_f_md , +.Nm BIO_set_md , +.Nm BIO_get_md , +.Nm BIO_get_md_ctx +.Nd message digest BIO filter +.Sh SYNOPSIS +.In openssl/bio.h +.In openssl/evp.h +.Ft const BIO_METHOD * +.Fo BIO_f_md +.Fa void +.Fc +.Ft int +.Fo BIO_set_md +.Fa "BIO *b" +.Fa "EVP_MD *md" +.Fc +.Ft int +.Fo BIO_get_md +.Fa "BIO *b" +.Fa "EVP_MD **mdp" +.Fc +.Ft int +.Fo BIO_get_md_ctx +.Fa "BIO *b" +.Fa "EVP_MD_CTX **mdcp" +.Fc +.Sh DESCRIPTION +.Fn BIO_f_md +returns the message digest BIO method. +This is a filter BIO that digests any data passed through it. +It is a BIO wrapper for the digest routines +.Xr EVP_DigestInit 3 , +.Xr EVP_DigestUpdate 3 , +and +.Xr EVP_DigestFinal 3 . +.Pp +Any data written or read through a digest BIO using +.Xr BIO_read 3 +and +.Xr BIO_write 3 +is digested. +.Pp +.Xr BIO_gets 3 , +if its +.Sy size +parameter is large enough, +finishes the digest calculation and returns the digest value. +.Xr BIO_puts 3 +is +not supported. +.Pp +.Xr BIO_reset 3 +reinitialises a digest BIO. +.Pp +.Fn BIO_set_md +sets the message digest of BIO +.Fa b +to +.Fa md : +this must be called to initialize a digest BIO +before any data is passed through it. +It is a +.Xr BIO_ctrl 3 +macro. +.Pp +.Fn BIO_get_md +places a pointer to the digest BIOs digest method in +.Fa mdp . +It is a +.Xr BIO_ctrl 3 +macro. +.Pp +.Fn BIO_get_md_ctx +returns the digest BIOs context in +.Fa mdcp . +.Pp +The context returned by +.Fn BIO_get_md_ctx +can be used in calls to +.Xr EVP_DigestFinal 3 +and also in the signature routines +.Xr EVP_SignFinal 3 +and +.Xr EVP_VerifyFinal 3 . +.Pp +The context returned by +.Fn BIO_get_md_ctx +is an internal context structure. +Changes made to this context will affect the digest BIO itself, and +the context pointer will become invalid when the digest BIO is freed. +.Pp +After the digest has been retrieved from a digest BIO, +it must be reinitialized by calling +.Xr BIO_reset 3 +or +.Fn BIO_set_md +before any more data is passed through it. +.Pp +If an application needs to call +.Xr BIO_gets 3 +or +.Xr BIO_puts 3 +through a chain containing digest BIOs, +then this can be done by prepending a buffering BIO. +.Pp +Calling +.Fn BIO_get_md_ctx +will return the context and initialize the +.Vt BIO +state. +This allows applications to initialize the context externally +if the standard calls such as +.Fn BIO_set_md +are not sufficiently flexible. +.Sh RETURN VALUES +.Fn BIO_f_md +returns the digest BIO method. +.Pp +.Fn BIO_set_md , +.Fn BIO_get_md , +and +.Fn BIO_get_md_ctx +return 1 for success and 0 for failure. +.Sh EXAMPLES +The following example creates a BIO chain containing a SHA-1 and MD5 +digest BIO and passes the string "Hello World" through it. +Error checking has been omitted for clarity. +.Bd -literal -offset 2n +BIO *bio, *mdtmp; +const char message[] = "Hello World"; +bio = BIO_new(BIO_s_null()); +mdtmp = BIO_new(BIO_f_md()); +BIO_set_md(mdtmp, EVP_sha1()); +/* + * For BIO_push() we want to append the sink BIO + * and keep a note of the start of the chain. + */ +bio = BIO_push(mdtmp, bio); +mdtmp = BIO_new(BIO_f_md()); +BIO_set_md(mdtmp, EVP_md5()); +bio = BIO_push(mdtmp, bio); +/* Note: mdtmp can now be discarded */ +BIO_write(bio, message, strlen(message)); +.Ed +.Pp +The next example digests data by reading through a chain instead: +.Bd -literal -offset 2n +BIO *bio, *mdtmp; +char buf[1024]; +int rdlen; + +bio = BIO_new_file(file, "rb"); +mdtmp = BIO_new(BIO_f_md()); +BIO_set_md(mdtmp, EVP_sha1()); +bio = BIO_push(mdtmp, bio); +mdtmp = BIO_new(BIO_f_md()); +BIO_set_md(mdtmp, EVP_md5()); +bio = BIO_push(mdtmp, bio); +do { + rdlen = BIO_read(bio, buf, sizeof(buf)); + /* Might want to do something with the data here */ +} while (rdlen > 0); +.Ed +.Pp +This next example retrieves the message digests from a BIO chain +and outputs them. +This could be used with the examples above. +.Bd -literal -offset 2n +BIO *mdtmp; +unsigned char mdbuf[EVP_MAX_MD_SIZE]; +int mdlen; +int i; + +mdtmp = bio; /* Assume bio has previously been set up */ +do { + EVP_MD *md; + mdtmp = BIO_find_type(mdtmp, BIO_TYPE_MD); + if (!mdtmp) + break; + BIO_get_md(mdtmp, &md); + printf("%s digest", OBJ_nid2sn(EVP_MD_type(md))); + mdlen = BIO_gets(mdtmp, mdbuf, EVP_MAX_MD_SIZE); + for(i = 0; i < mdlen; i++) + printf(":%02X", mdbuf[i]); + printf("\en"); + mdtmp = BIO_next(mdtmp); +} while(mdtmp); +BIO_free_all(bio); +.Ed +.Sh SEE ALSO +.Xr BIO_new 3 +.Sh HISTORY +.Fn BIO_f_md , +.Fn BIO_set_md , +and +.Fn BIO_get_md +first appeared in SSLeay 0.6.0. +.Fn BIO_get_md_ctx +first appeared in SSLeay 0.8.1. +These functions have been available since +.Ox 2.4 . +.Pp +Before OpenSSL 1.0.0, the call to +.Fn BIO_get_md_ctx +would only work if the +.Vt BIO +had been initialized, for example by calling +.Fn BIO_set_md . +.Sh BUGS +The lack of support for +.Xr BIO_puts 3 +and the non-standard behaviour of +.Xr BIO_gets 3 +could be regarded as anomalous. +It could be argued that +.Xr BIO_gets 3 +and +.Xr BIO_puts 3 +should be passed to the next BIO in the chain and digest the data +passed through and that digests should be retrieved using a separate +.Xr BIO_ctrl 3 +call. diff --git a/src/lib/libcrypto/man/BIO_f_null.3 b/src/lib/libcrypto/man/BIO_f_null.3 new file mode 100644 index 00000000000..755f37dae74 --- /dev/null +++ b/src/lib/libcrypto/man/BIO_f_null.3 @@ -0,0 +1,80 @@ +.\" $OpenBSD: BIO_f_null.3,v 1.9 2018/05/01 17:05:05 schwarze Exp $ +.\" OpenSSL e117a890 Sep 14 12:14:41 2000 +0000 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: May 1 2018 $ +.Dt BIO_F_NULL 3 +.Os +.Sh NAME +.Nm BIO_f_null +.Nd null filter +.Sh SYNOPSIS +.In openssl/bio.h +.Ft const BIO_METHOD * +.Fo BIO_f_null +.Fa void +.Fc +.Sh DESCRIPTION +.Fn BIO_f_null +returns the null filter BIO method. +This is a filter BIO that does nothing. +As may be apparent, a null filter BIO is not particularly useful. +.Pp +All requests to a null filter BIO are passed through to the next BIO +in the chain: this means that a BIO chain containing a null filter BIO +behaves just as though the BIO was not there. +.Sh RETURN VALUES +.Fn BIO_f_null +returns the null filter BIO method. +.Sh SEE ALSO +.Xr BIO_new 3 +.Sh HISTORY +.Fn BIO_f_null +first appeared in SSLeay 0.8.0 and has been available since +.Ox 2.4 . diff --git a/src/lib/libcrypto/man/BIO_find_type.3 b/src/lib/libcrypto/man/BIO_find_type.3 new file mode 100644 index 00000000000..99e93167a54 --- /dev/null +++ b/src/lib/libcrypto/man/BIO_find_type.3 @@ -0,0 +1,175 @@ +.\" $OpenBSD: BIO_find_type.3,v 1.9 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2000, 2013, 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt BIO_FIND_TYPE 3 +.Os +.Sh NAME +.Nm BIO_find_type , +.Nm BIO_next , +.Nm BIO_method_type +.Nd BIO chain traversal +.Sh SYNOPSIS +.In openssl/bio.h +.Ft BIO * +.Fo BIO_find_type +.Fa "BIO *b" +.Fa "int bio_type" +.Fc +.Ft BIO * +.Fo BIO_next +.Fa "BIO *b" +.Fc +.Ft int +.Fo BIO_method_type +.Fa "const BIO *b" +.Fc +.Fd #define BIO_TYPE_NONE 0 +.Fd #define BIO_TYPE_MEM (1|0x0400) +.Fd #define BIO_TYPE_FILE (2|0x0400) +.Fd #define BIO_TYPE_FD (4|0x0400|0x0100) +.Fd #define BIO_TYPE_SOCKET (5|0x0400|0x0100) +.Fd #define BIO_TYPE_NULL (6|0x0400) +.Fd #define BIO_TYPE_SSL (7|0x0200) +.Fd #define BIO_TYPE_MD (8|0x0200) +.Fd #define BIO_TYPE_BUFFER (9|0x0200) +.Fd #define BIO_TYPE_CIPHER (10|0x0200) +.Fd #define BIO_TYPE_BASE64 (11|0x0200) +.Fd #define BIO_TYPE_CONNECT (12|0x0400|0x0100) +.Fd #define BIO_TYPE_ACCEPT (13|0x0400|0x0100) +.Fd #define BIO_TYPE_PROXY_CLIENT (14|0x0200) +.Fd #define BIO_TYPE_PROXY_SERVER (15|0x0200) +.Fd #define BIO_TYPE_NBIO_TEST (16|0x0200) +.Fd #define BIO_TYPE_NULL_FILTER (17|0x0200) +.Fd #define BIO_TYPE_BER (18|0x0200) +.Fd #define BIO_TYPE_BIO (19|0x0400) +.Fd #define BIO_TYPE_DESCRIPTOR 0x0100 +.Fd #define BIO_TYPE_FILTER 0x0200 +.Fd #define BIO_TYPE_SOURCE_SINK 0x0400 +.Sh DESCRIPTION +The function +.Fn BIO_find_type +searches for a BIO of a given type in a chain, starting at BIO +.Fa b . +If +.Fa bio_type +is a specific type (such as +.Dv BIO_TYPE_MEM ) , +then a search is made for a BIO of that type. +If +.Fa bio_type +is a general type (such as +.Dv BIO_TYPE_SOURCE_SINK ) , +then the next matching BIO of the given general type is searched for. +.Fn BIO_find_type +returns the next matching BIO or +.Dv NULL +if none is found. +.Pp +Note: not all the +.Dv BIO_TYPE_* +types above have corresponding BIO implementations. +.Pp +.Fn BIO_next +returns the next BIO in a chain. +It can be used to traverse all BIOs in a chain or used in conjunction with +.Fn BIO_find_type +to find all BIOs of a certain type. +.Pp +.Fn BIO_method_type +returns the type of a BIO. +.Sh RETURN VALUES +.Fn BIO_find_type +returns a matching BIO or +.Dv NULL +for no match. +.Pp +.Fn BIO_next +returns the next BIO in a chain. +.Pp +.Fn BIO_method_type +returns the type of the BIO +.Fa b . +.Sh EXAMPLES +Traverse a chain looking for digest BIOs: +.Bd -literal -offset 2n +BIO *btmp; +btmp = in_bio; /* in_bio is chain to search through */ + +do { + btmp = BIO_find_type(btmp, BIO_TYPE_MD); + if (btmp == NULL) + break; /* Not found */ + /* btmp is a digest BIO, do something with it ...*/ + ... + + btmp = BIO_next(btmp); +} while(btmp); +.Ed +.Sh SEE ALSO +.Xr BIO_new 3 +.Sh HISTORY +.Fn BIO_method_type +first appeared in SSLeay 0.6.0. +.Fn BIO_find_type +first appeared in SSLeay 0.6.6. +Both functions have been available since +.Ox 2.4 . +.Pp +.Fn BIO_next +first appeared in OpenSSL 0.9.6 and has been available since +.Ox 2.9 . +.Sh BUGS +.Fn BIO_find_type +in OpenSSL 0.9.5a and earlier could not be safely passed a +.Dv NULL +pointer for the +.Fa b +argument. diff --git a/src/lib/libcrypto/man/BIO_get_data.3 b/src/lib/libcrypto/man/BIO_get_data.3 new file mode 100644 index 00000000000..70944255e44 --- /dev/null +++ b/src/lib/libcrypto/man/BIO_get_data.3 @@ -0,0 +1,176 @@ +.\" $OpenBSD: BIO_get_data.3,v 1.3 2018/03/23 23:18:17 schwarze Exp $ +.\" selective merge up to: OpenSSL e90fc053 Jul 15 09:39:45 2017 -0400 +.\" +.\" This file is a derived work. +.\" The changes are covered by the following Copyright and license: +.\" +.\" Copyright (c) 2018 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" The original file was written by Matt Caswell . +.\" Copyright (c) 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt BIO_GET_DATA 3 +.Os +.Sh NAME +.Nm BIO_set_data , +.Nm BIO_get_data , +.Nm BIO_set_init , +.Nm BIO_set_shutdown , +.Nm BIO_get_shutdown +.Nd manage BIO state information +.Sh SYNOPSIS +.In openssl/bio.h +.Ft void +.Fo BIO_set_data +.Fa "BIO *a" +.Fa "void *ptr" +.Fc +.Ft void * +.Fo BIO_get_data +.Fa "BIO *a" +.Fc +.Ft void +.Fo BIO_set_init +.Fa "BIO *a" +.Fa "int init" +.Fc +.Ft void +.Fo BIO_set_shutdown +.Fa "BIO *a" +.Fa "int shutdown" +.Fc +.Ft int +.Fo BIO_get_shutdown +.Fa "BIO *a" +.Fc +.Sh DESCRIPTION +These functions are mainly useful when implementing a custom BIO. +.Pp +The +.Fn BIO_set_data +function associates the custom data pointed to by +.Fa ptr +with the +.Fa "BIO a" . +This data can subsequently be retrieved via a call to +.Fn BIO_get_data . +This can be used by custom BIOs for storing implementation specific +information. +.Pp +The +.Fn BIO_set_init +function sets the +.Fa init +flag in +.Fa a +to the specified value. +A non-zero value indicates that initialisation is complete, +whilst zero indicates that it is not. +Often initialisation will complete +during initial construction of the BIO. +For some BIOs however, initialisation may not be complete until +additional steps have been taken, for example through calling custom +ctrls. +.Pp +The +.Fn BIO_set_shutdown +and +.Fn BIO_get_shutdown +functions are low-level interfaces to forcefully set and get the +.Fa shutdown +flag of +.Fa a , +circumventing type-dependent sanity checks, +exclusively intended for implementing a new BIO type. +The +.Fa shutdown +argument must be either +.Dv BIO_CLOSE +or +.Dv BIO_NOCLOSE . +When merely using a +.Vt BIO +object, call +.Xr BIO_set_close 3 +and +.Xr BIO_get_close 3 +instead. +.Sh RETURN VALUES +.Fn BIO_get_data +returns a pointer to the implementation specific custom data associated +with +.Fa a , +or +.Dv NULL +if none is set. +.Pp +.Fn BIO_get_shutdown +returns the value previously set with +.Fn BIO_set_shutdown +or with +.Xr BIO_set_close 3 . +.Sh SEE ALSO +.Xr BIO_meth_new 3 , +.Xr BIO_new 3 , +.Xr BIO_set_close 3 +.Sh HISTORY +These functions first appeared in OpenSSL 1.1.0 +and have been available since +.Ox 6.3 . diff --git a/src/lib/libcrypto/man/BIO_get_ex_new_index.3 b/src/lib/libcrypto/man/BIO_get_ex_new_index.3 new file mode 100644 index 00000000000..bf16e1c787e --- /dev/null +++ b/src/lib/libcrypto/man/BIO_get_ex_new_index.3 @@ -0,0 +1,170 @@ +.\" $OpenBSD: BIO_get_ex_new_index.3,v 1.9 2018/04/18 03:39:22 schwarze Exp $ +.\" full merge up to: OpenSSL a970b14f Jul 31 18:58:40 2017 -0400 +.\" selective merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800 +.\" +.\" This file was written by Rich Salz . +.\" Copyright (c) 2015, 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: April 18 2018 $ +.Dt BIO_GET_EX_NEW_INDEX 3 +.Os +.Sh NAME +.Nm BIO_get_ex_new_index , +.Nm BIO_set_ex_data , +.Nm BIO_get_ex_data , +.Nm ENGINE_get_ex_new_index , +.Nm ENGINE_set_ex_data , +.Nm ENGINE_get_ex_data , +.Nm UI_get_ex_new_index , +.Nm UI_set_ex_data , +.Nm UI_get_ex_data , +.Nm X509_get_ex_new_index , +.Nm X509_set_ex_data , +.Nm X509_get_ex_data , +.Nm ECDH_get_ex_new_index , +.Nm ECDH_set_ex_data , +.Nm ECDH_get_ex_data , +.Nm ECDSA_get_ex_new_index , +.Nm ECDSA_set_ex_data , +.Nm ECDSA_get_ex_data +.Nd application-specific data +.Sh SYNOPSIS +.In openssl/x509.h +.Ft int +.Fo TYPE_get_ex_new_index +.Fa "long argl" +.Fa "void *argp" +.Fa "CRYPTO_EX_new *new_func" +.Fa "CRYPTO_EX_dup *dup_func" +.Fa "CRYPTO_EX_free *free_func" +.Fc +.Ft int +.Fo TYPE_set_ex_data +.Fa "TYPE *d" +.Fa "int idx" +.Fa "void *arg" +.Fc +.Ft void * +.Fo TYPE_get_ex_data +.Fa "TYPE *d" +.Fa "int idx" +.Fc +.Sh DESCRIPTION +In the description here, +.Vt TYPE +is used a placeholder for any of the OpenSSL datatypes listed in +.Xr CRYPTO_get_ex_new_index 3 . +.Pp +These functions handle application-specific data for OpenSSL data +structures. +.Pp +.Fn TYPE_get_ex_new_index +is a macro that calls +.Xr CRYPTO_get_ex_new_index 3 +with the correct index value. +.Pp +.Fn TYPE_set_ex_data +is a function that calls +.Xr CRYPTO_set_ex_data 3 +with an offset into the opaque exdata part of the +.Vt TYPE +object. +.Pp +.Fn TYPE_get_ex_data +is a function that calls +.Xr CRYPTO_get_ex_data 3 +with an offset into the opaque exdata part of the +.Vt TYPE +object. +.Sh RETURN VALUES +.Fn TYPE_get_new_ex_index +returns a new index on success or \-1 on error. +.Pp +.Fn TYPE_set_ex_data +returns 1 on success or 0 on error. +.Pp +.Fn TYPE_get_ex_data +returns the application data or +.Dv NULL +if an error occurred. +.Sh SEE ALSO +.Xr CRYPTO_get_ex_new_index 3 , +.Xr RSA_get_ex_new_index 3 +.Sh HISTORY +.Fn BIO_get_ex_new_index , +.Fn BIO_set_ex_data , +and +.Fn BIO_get_ex_data +first appeared in SSLeay 0.9.0 and have been available since +.Ox 2.4 . +.Pp +.Fn X509_get_ex_new_index , +.Fn X509_set_ex_data , +and +.Fn X509_get_ex_data +first appeared in OpenSSL 0.9.5 and have been available since +.Ox 2.7 . +.Pp +.Fn ENGINE_get_ex_new_index , +.Fn ENGINE_set_ex_data , +.Fn ENGINE_get_ex_data , +.Fn UI_get_ex_new_index , +.Fn UI_set_ex_data , +and +.Fn UI_get_ex_data +first appeared in OpenSSL 0.9.7 and have been available since +.Ox 3.2 . +.Pp +.Fn ECDH_get_ex_new_index , +.Fn ECDH_set_ex_data , +.Fn ECDH_get_ex_data , +.Fn ECDSA_get_ex_new_index , +.Fn ECDSA_set_ex_data , +and +.Fn ECDSA_get_ex_data +first appeared in OpenSSL 0.9.8 and have been available since +.Ox 4.5 . diff --git a/src/lib/libcrypto/man/BIO_meth_new.3 b/src/lib/libcrypto/man/BIO_meth_new.3 new file mode 100644 index 00000000000..2159560596a --- /dev/null +++ b/src/lib/libcrypto/man/BIO_meth_new.3 @@ -0,0 +1,367 @@ +.\" $OpenBSD: BIO_meth_new.3,v 1.5 2018/07/09 09:52:18 tb Exp $ +.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" selective merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800 +.\" +.\" This file is a derived work. +.\" The changes are covered by the following Copyright and license: +.\" +.\" Copyright (c) 2018 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" The original file was written by Matt Caswell +.\" Copyright (c) 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: July 9 2018 $ +.Dt BIO_METH_NEW 3 +.Os +.Sh NAME +.Nm BIO_get_new_index , +.Nm BIO_meth_new , +.Nm BIO_meth_free , +.Nm BIO_meth_get_write , +.Nm BIO_meth_set_write , +.Nm BIO_meth_get_read , +.Nm BIO_meth_set_read , +.Nm BIO_meth_get_puts , +.Nm BIO_meth_set_puts , +.Nm BIO_meth_get_gets , +.Nm BIO_meth_set_gets , +.Nm BIO_meth_get_ctrl , +.Nm BIO_meth_set_ctrl , +.Nm BIO_meth_get_create , +.Nm BIO_meth_set_create , +.Nm BIO_meth_get_destroy , +.Nm BIO_meth_set_destroy , +.Nm BIO_meth_get_callback_ctrl , +.Nm BIO_meth_set_callback_ctrl +.Nd manipulate BIO_METHOD structures +.Sh SYNOPSIS +.In openssl/bio.h +.Ft int +.Fn BIO_get_new_index void +.Ft BIO_METHOD * +.Fo BIO_meth_new +.Fa "int type" +.Fa "const char *name" +.Fc +.Ft void +.Fo BIO_meth_free +.Fa "BIO_METHOD *biom" +.Fc +.Ft int +.Fn "(*BIO_meth_get_write(const BIO_METHOD *biom))" "BIO *" "const char *" int +.Ft int +.Fo BIO_meth_set_write +.Fa "BIO_METHOD *biom" +.Fa "int (*write)(BIO *, const char *, int)" +.Fc +.Ft int +.Fn "(*BIO_meth_get_read(const BIO_METHOD *biom))" "BIO *" "char *" int +.Ft int +.Fo BIO_meth_set_read +.Fa "BIO_METHOD *biom" +.Fa "int (*read)(BIO *, char *, int)" +.Fc +.Ft int +.Fn "(*BIO_meth_get_puts(const BIO_METHOD *biom))" "BIO *" "const char *" +.Ft int +.Fo BIO_meth_set_puts +.Fa "BIO_METHOD *biom" +.Fa "int (*puts)(BIO *, const char *)" +.Fc +.Ft int +.Fn "(*BIO_meth_get_gets(const BIO_METHOD *biom))" "BIO *" "char *" int +.Ft int +.Fo BIO_meth_set_gets +.Fa "BIO_METHOD *biom" +.Fa "int (*gets)(BIO *, char *, int)" +.Fc +.Ft long +.Fn "(*BIO_meth_get_ctrl(const BIO_METHOD *biom))" "BIO *" int long "void *" +.Ft int +.Fo BIO_meth_set_ctrl +.Fa "BIO_METHOD *biom" +.Fa "long (*ctrl)(BIO *, int, long, void *)" +.Fc +.Ft int +.Fn "(*BIO_meth_get_create(const BIO_METHOD *biom))" "BIO *" +.Ft int +.Fo BIO_meth_set_create +.Fa "BIO_METHOD *biom" +.Fa "int (*create)(BIO *)" +.Fc +.Ft int +.Fn "(*BIO_meth_get_destroy(const BIO_METHOD *biom))" "BIO *" +.Ft int +.Fo BIO_meth_set_destroy +.Fa "BIO_METHOD *biom" +.Fa "int (*destroy)(BIO *)" +.Fc +.Ft long +.Fo "(*BIO_meth_get_callback_ctrl(const BIO_METHOD *biom))" +.Fa "BIO *" +.Fa int +.Fa "BIO_info_cb *" +.Fc +.Ft int +.Fo BIO_meth_set_callback_ctrl +.Fa "BIO_METHOD *biom" +.Fa "long (*callback_ctrl)(BIO *, int, BIO_info_cb *)" +.Fc +.Sh DESCRIPTION +The +.Vt BIO_METHOD +structure stores function pointers implementing a +.Vt BIO +type. +See +.Xr BIO_new 3 +for more information about +.Vt BIO +objects. +.Pp +.Fn BIO_meth_new +creates a new +.Vt BIO_METHOD +structure. +It requires a unique integer +.Fa type ; +use +.Fn BIO_get_new_index +to get the value for +.Fa type . +Currently, the user can only create up to 127 different BIO types, and +.Fa type +is limited to the range 129\(en255. +The +.Fa name +pointer is stored in the structure and will not be freed by +.Fn BIO_meth_free . +.Pp +The standard BIO types are listed in +.In openssl/bio.h . +Some examples include +.Dv BIO_TYPE_BUFFER +and +.Dv BIO_TYPE_CIPHER . +The +.Fa type +of filter BIOs should have the +.Dv BIO_TYPE_FILTER +bit set. +Source/sink BIOs should have the +.Dv BIO_TYPE_SOURCE_SINK +bit set. +File descriptor based BIOs (e.g. socket, fd, connect, accept etc.\&) +should additionally have the +.Dv BIO_TYPE_DESCRIPTOR +bit set. +See +.Xr BIO_find_type 3 +for more information. +.Pp +.Fn BIO_meth_free +is an alias for +.Xr free 3 . +.Pp +.Fn BIO_meth_get_write , +.Fn BIO_meth_set_write , +.Fn BIO_meth_get_read , +and +.Fn BIO_meth_set_read +get and set the functions +.Fa write +and +.Fa read +used for writing and reading arbitrary length data to and from the +.Vt BIO . +These functions are called from +.Xr BIO_write 3 +and +.Xr BIO_read 3 , +respectively. +The parameters and return values of +.Fa write +and +.Fa read +have the same meaning as for +.Xr BIO_write 3 +and +.Xr BIO_read 3 . +.Pp +.Fn BIO_meth_get_puts +and +.Fn BIO_meth_set_puts +get and set the function +.Fa puts +used for writing a NUL-terminated string to the +.Vt BIO . +This function is called from +.Xr BIO_puts 3 . +The parameters and the return value of +.Fa puts +have the same meaning as for +.Xr BIO_puts 3 . +.Pp +.Fn BIO_meth_get_gets +and +.Fn BIO_meth_set_gets +get and set the function +.Fa gets +used for reading a line of data from the +.Vt BIO . +This function is called from +.Xr BIO_gets 3 . +The parameters and the return value of +.Fa gets +have the same meaning as for +.Xr BIO_gets 3 . +.Pp +.Fn BIO_meth_get_ctrl +and +.Fn BIO_meth_set_ctrl +get and set the function +.Fa ctrl +used for processing control messages in the +.Vt BIO . +This function is called from +.Xr BIO_ctrl 3 . +The parameters and return value of +.Fa ctrl +have the same meaning as for +.Xr BIO_ctrl 3 . +.Pp +.Fn BIO_meth_get_create +and +.Fn BIO_meth_set_create +get and set a function +.Fa create +used while initializing a new instance of the +.Vt BIO . +This function is called from +.Xr BIO_new 3 . +The +.Xr BIO_new 3 +function allocates the memory for the new +.Vt BIO , +and a pointer to this newly allocated structure is passed +as the parameter to +.Fa create . +.Pp +.Fn BIO_meth_get_destroy +and +.Fn BIO_meth_set_destroy +get and set a function +.Fa destroy +used while destroying an instance of a +.Vt BIO . +This function is called from +.Xr BIO_free 3 . +A pointer to the +.Vt BIO +to be destroyed is passed as the parameter. +The +.Fa destroy +function is intended to perform clean-up specific to the +.Vt BIO +.Fa type . +The memory for the +.Vt BIO +itself must not be freed by this function. +.Pp +.Fn BIO_meth_get_callback_ctrl +and +.Fn BIO_meth_set_callback_ctrl +get and set the function +.Fa callback_ctrl +used for processing callback control messages in the +.Vt BIO . +This function is called from +.Xr BIO_callback_ctrl 3 . +The parameters and return value of +.Fa callback_ctrl +have the same meaning as for +.Xr BIO_callback_ctrl 3 . +.Sh RETURN VALUES +.Fn BIO_get_new_index +returns the new BIO type value or \-1 if an error occurs. +.Pp +.Fn BIO_meth_new +returns the new +.Vt BIO_METHOD +structure or +.Dv NULL +if an error occurs. +.Pp +The +.Fn BIO_meth_set_* +functions return 1 on success or 0 on error. +Currently, they cannot fail. +.Pp +The +.Fn BIO_meth_get_* +functions return function pointers. +.Sh SEE ALSO +.Xr BIO_ctrl 3 , +.Xr BIO_find_type 3 , +.Xr BIO_new 3 , +.Xr BIO_read 3 +.Sh HISTORY +These functions first appeared in OpenSSL 1.1.0 +and have been available since +.Ox 6.3 . diff --git a/src/lib/libcrypto/man/BIO_new.3 b/src/lib/libcrypto/man/BIO_new.3 new file mode 100644 index 00000000000..2f8cf37e9fd --- /dev/null +++ b/src/lib/libcrypto/man/BIO_new.3 @@ -0,0 +1,271 @@ +.\" $OpenBSD: BIO_new.3,v 1.16 2018/05/01 17:05:05 schwarze Exp $ +.\" full merge up to: +.\" OpenSSL man3/BIO_new.pod fb46be03 Feb 26 11:51:31 2016 +0000 +.\" OpenSSL man7/bio.pod 631c37be Dec 12 16:56:50 2017 +0100 +.\" partial merge up to: +.\" OpenSSL man3/BIO_new.pod e9b77246 Jan 20 19:58:49 2017 +0100 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2000, 2015, 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: May 1 2018 $ +.Dt BIO_NEW 3 +.Os +.Sh NAME +.Nm BIO_new , +.Nm BIO_up_ref , +.Nm BIO_set , +.Nm BIO_free , +.Nm BIO_vfree , +.Nm BIO_free_all +.Nd construct and destruct I/O abstraction objects +.Sh SYNOPSIS +.In openssl/bio.h +.Ft BIO * +.Fo BIO_new +.Fa "const BIO_METHOD *type" +.Fc +.Ft int +.Fo BIO_up_ref +.Fa "BIO *a" +.Fc +.Ft int +.Fo BIO_set +.Fa "BIO *a" +.Fa "const BIO_METHOD *type" +.Fc +.Ft int +.Fo BIO_free +.Fa "BIO *a" +.Fc +.Ft void +.Fo BIO_vfree +.Fa "BIO *a" +.Fc +.Ft void +.Fo BIO_free_all +.Fa "BIO *a" +.Fc +.Sh DESCRIPTION +A +.Vt BIO +is an I/O abstraction object, hiding many of the underlying I/O +details from an application. +If an application uses BIOs for its I/O, it can transparently handle +SSL connections, unencrypted network connections, and file I/O. +.Pp +The +.Fn BIO_new +function constructs a new +.Vt BIO +using the method +.Fa type +and sets its reference count to 1. +There are two groups of BIO types, source/sink BIOs and filter BIOs. +.Pp +Source/sink BIOs provide input or consume output. +Examples include socket BIOs and file BIOs. +.Pp +Filter BIOs take data from one BIO and pass it through to another, +or to the application, forming a chain of BIOs. +The data may be left unmodified (for example by a message digest BIO) +or translated (for example by an encryption BIO). +The effect of a filter BIO may change according to the I/O operation +it is performing: for example an encryption BIO encrypts data +if it is written to and decrypts data if it is read from. +.Pp +Some BIOs (such as memory BIOs) can be used immediately after calling +.Fn BIO_new . +Others (such as file BIOs) need some additional initialization, and +utility functions exists to construct and initialize such BIOs. +.Pp +Normally the +.Fa type +argument is supplied by a function which returns a pointer to a +.Vt BIO_METHOD . +There is a naming convention for such functions: +the methods for source/sink BIOs are called +.Fn BIO_s_* +and those for filter BIOs +.Fn BIO_f_* . +.Pp +.Fn BIO_up_ref +increments the reference count of +.Fa a +by 1. +.Pp +.Fn BIO_set +is a deprecated function to initialize an unused +.Vt BIO +structure located in static memory or on the stack, +to set its method to +.Fa type , +and to set its reference count to 1. +It must not be called on +.Vt BIO +objects created with +.Fn BIO_new , +nor on objects that were already used. +.Pp +.Fn BIO_free +and +.Fn BIO_vfree +decrement the reference count of +.Fa a +by 1, and if the refenece count reaches 0, they destruct the single +.Vt BIO +.Fa a , +which may also have some effect on the +underlying I/O structure, for example it may close the file being +referred to under certain circumstances. +If +.Fa a +is a +.Dv NULL +pointer, no action occurs. +If +.Fn BIO_free +is called on a BIO chain, it destructs at most one BIO, +resulting in a memory leak. +.Pp +.Fn BIO_free_all +calls +.Fn BIO_free +on +.Fa a +and on all following +.Vt BIO +objects in the chain. +As soon as the reference count of a +.Vt BIO +is still non-zero after calling +.Fn BIO_free +on it, the function +.Fn BIO_free_all +returns right away and refrains from freeing the remaining +.Vt BIO +objects in the chain. +It does not halt if an error occurs +destructing an individual BIO in the chain. +If +.Fa a +is a +.Dv NULL +pointer, no action occurs. +Calling +.Fn BIO_free_all +on a single BIO has the same effect as +.Fn BIO_vfree . +.Pp +Common I/O functions are documented in +.Xr BIO_read 3 . +Forming chains is explained in +.Xr BIO_push 3 ; +inspecting them is explained in +.Xr BIO_find_type 3 . +For more details about the different kinds of BIOs, see the individual +.Vt BIO_METHOD +manual pages. +.Sh RETURN VALUES +.Fn BIO_new +returns a newly constructed +.Vt BIO +object or +.Dv NULL +on failure. +.Pp +.Fn BIO_up_ref , +.Fn BIO_set , +and +.Fn BIO_free +return 1 for success or 0 for failure. +.Sh EXAMPLES +Create a memory BIO: +.Pp +.Dl BIO *mem = BIO_new(BIO_s_mem()); +.Sh SEE ALSO +.Xr BIO_ctrl 3 , +.Xr BIO_f_base64 3 , +.Xr BIO_f_buffer 3 , +.Xr BIO_f_cipher 3 , +.Xr BIO_f_md 3 , +.Xr BIO_f_null 3 , +.Xr BIO_f_ssl 3 , +.Xr BIO_find_type 3 , +.Xr BIO_get_ex_new_index 3 , +.Xr BIO_meth_new 3 , +.Xr BIO_printf 3 , +.Xr BIO_push 3 , +.Xr BIO_read 3 , +.Xr BIO_s_accept 3 , +.Xr BIO_s_bio 3 , +.Xr BIO_s_connect 3 , +.Xr BIO_s_fd 3 , +.Xr BIO_s_file 3 , +.Xr BIO_s_mem 3 , +.Xr BIO_s_null 3 , +.Xr BIO_s_socket 3 , +.Xr BIO_set_callback 3 , +.Xr BIO_should_retry 3 +.Sh HISTORY +.Fn BIO_new , +.Fn BIO_set , +and +.Fn BIO_free +first appeared in SSLeay 0.6.0. +.Fn BIO_free_all +first appeared in SSLeay 0.6.6. +All these functions have been available since +.Ox 2.4 . +.Pp +.Fn BIO_vfree +first appeared in OpenSSL 0.9.6 and has been available since +.Ox 2.9 . +.Pp +.Fn BIO_up_ref +first appeared in OpenSSL 1.1.0 and has been available since +.Ox 6.3 . diff --git a/src/lib/libcrypto/man/BIO_printf.3 b/src/lib/libcrypto/man/BIO_printf.3 new file mode 100644 index 00000000000..838b771be7b --- /dev/null +++ b/src/lib/libcrypto/man/BIO_printf.3 @@ -0,0 +1,97 @@ +.\" $OpenBSD: BIO_printf.3,v 1.3 2018/03/22 17:11:04 schwarze Exp $ +.\" OpenSSL 2ca2e917 Mon Mar 20 16:25:22 2017 -0400 +.\" +.\" Copyright (c) 2017 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 22 2018 $ +.Dt BIO_PRINTF 3 +.Os +.Sh NAME +.Nm BIO_printf , +.Nm BIO_vprintf , +.Nm BIO_snprintf , +.Nm BIO_vsnprintf +.Nd formatted output to a BIO +.Sh SYNOPSIS +.In openssl/bio.h +.Ft int +.Fo BIO_printf +.Fa "BIO *bio" +.Fa "const char *format" +.Fa ... +.Fc +.Ft int +.Fo BIO_vprintf +.Fa "BIO *bio" +.Fa "const char *format" +.Fa "va_list args" +.Fc +.Ft int +.Fo BIO_snprintf +.Fa "char *buf" +.Fa "size_t n" +.Fa "const char *format" +.Fa ... +.Fc +.Ft int +.Fo BIO_vsnprintf +.Fa "char *buf" +.Fa "size_t n" +.Fa "const char *format" +.Fa "va_list args" +.Fc +.Sh DESCRIPTION +.Fn BIO_vprintf +is a wrapper around +.Xr vfprintf 3 , +sending the output to the specified +.Fa bio . +.Pp +.Fn BIO_printf +is a wrapper around +.Fn BIO_vprintf . +.Pp +.Fn BIO_snprintf +and +.Fn BIO_vsnprintf +are wrappers around +.Xr vsnprintf 3 . +.Sh RETURN VALUES +These functions return the number of bytes written, +or -1 if an error occurs. +.Pp +In contrast to +.Xr snprintf 3 +and +.Xr vsnprintf 3 , +.Fn BIO_snprintf +and +.Fn BIO_vsnprintf +also return -1 if +.Fa n +is too small to hold the complete output. +.Sh SEE ALSO +.Xr BIO_new 3 +.Sh HISTORY +.Fn BIO_printf +first appeared in SSLeay 0.6.5 and has been available since +.Ox 2.4 . +.Pp +.Fn BIO_vprintf , +.Fn BIO_snprintf , +and +.Fn BIO_vsnprintf +first appeared in OpenSSL 0.9.6 and have been available since +.Ox 2.9 . diff --git a/src/lib/libcrypto/man/BIO_push.3 b/src/lib/libcrypto/man/BIO_push.3 new file mode 100644 index 00000000000..768f4d8579d --- /dev/null +++ b/src/lib/libcrypto/man/BIO_push.3 @@ -0,0 +1,185 @@ +.\" $OpenBSD: BIO_push.3,v 1.7 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL doc/man3/BIO_push.pod 76ed5a42 Jun 29 13:38:55 2014 +0100 +.\" OpenSSL doc/man7/bio.pod a9c85cea Nov 11 09:33:55 2016 +0100 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2000, 2014 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt BIO_PUSH 3 +.Os +.Sh NAME +.Nm BIO_push , +.Nm BIO_pop +.Nd add and remove BIOs from a chain +.Sh SYNOPSIS +.In openssl/bio.h +.Ft BIO * +.Fo BIO_push +.Fa "BIO *b" +.Fa "BIO *append" +.Fc +.Ft BIO * +.Fo BIO_pop +.Fa "BIO *b" +.Fc +.Sh DESCRIPTION +BIOs can be joined together to form chains. +A chain normally consist of one or more filter BIOs +and one source/sink BIO at the end. +Data read from or written to the first BIO traverses the chain +to the end. +A single BIO can be regarded as a chain with one component. +.Pp +The +.Fn BIO_push +function appends the BIO +.Fa append +to +.Fa b +and returns +.Fa b . +.Pp +.Fn BIO_pop +removes the BIO +.Fa b +from a chain and returns the next BIO in the chain, or +.Dv NULL +if there is no next BIO. +The removed BIO then becomes a single BIO with no association with the +original chain. +it can thus be freed or attached to a different chain. +.Pp +The names of these functions are perhaps a little misleading. +.Fn BIO_push +joins two BIO chains whereas +.Fn BIO_pop +deletes a single BIO from a chain; +the deleted BIO does not need to be at the end of a chain. +.Pp +The process of calling +.Fn BIO_push +and +.Fn BIO_pop +on a BIO may have additional consequences: a +.Xr BIO_ctrl 3 +call is made to the affected BIOs. +Any effects will be noted in the descriptions of individual BIOs. +.Sh RETURN VALUES +.Fn BIO_push +returns the beginning of the chain, +.Fa b . +.Pp +.Fn BIO_pop +returns the next BIO in the chain, or +.Dv NULL +if there is no next BIO. +.Sh EXAMPLES +For these examples suppose +.Sy md1 +and +.Sy md2 +are digest BIOs, +.Sy b64 +is a Base64 BIO and +.Sy f +is a file BIO. +.Pp +If the call +.Pp +.Dl BIO_push(b64, f); +.Pp +is made then the new chain will be +.Sy b64-f . +After making the calls +.Bd -literal -offset indent +BIO_push(md2, b64); +BIO_push(md1, md2); +.Ed +.Pp +the new chain is +.Sy md1-md2-b64-f . +Data written to +.Sy md1 +will be digested +by +.Sy md1 +and +.Sy md2 , +Base64-encoded and written to +.Sy f . +.Pp +It should be noted that reading causes data to pass +in the reverse direction. +That is, data is read from +.Sy f , +Base64-decoded and digested by +.Sy md1 +and +.Sy md2 . +If this call is made: +.Pp +.Dl BIO_pop(md2); +.Pp +The call will return +.Sy b64 +and the new chain will be +.Sy md1-b64-f ; +data can be written to +.Sy md1 +as before. +.Sh SEE ALSO +.Xr BIO_find_type 3 , +.Xr BIO_new 3 , +.Xr BIO_read 3 +.Sh HISTORY +.Fn BIO_push +first appeared in SSLeay 0.6.0. +.Fn BIO_pop +first appeared in SSLeay 0.6.4. +Both functions have been available since +.Ox 2.4 . diff --git a/src/lib/libcrypto/man/BIO_read.3 b/src/lib/libcrypto/man/BIO_read.3 new file mode 100644 index 00000000000..97514a610a2 --- /dev/null +++ b/src/lib/libcrypto/man/BIO_read.3 @@ -0,0 +1,178 @@ +.\" $OpenBSD: BIO_read.3,v 1.8 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2000, 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt BIO_READ 3 +.Os +.Sh NAME +.Nm BIO_read , +.Nm BIO_gets , +.Nm BIO_write , +.Nm BIO_puts +.Nd BIO I/O functions +.Sh SYNOPSIS +.In openssl/bio.h +.Ft int +.Fo BIO_read +.Fa "BIO *b" +.Fa "void *buf" +.Fa "int len" +.Fc +.Ft int +.Fo BIO_gets +.Fa "BIO *b" +.Fa "char *buf" +.Fa "int size" +.Fc +.Ft int +.Fo BIO_write +.Fa "BIO *b" +.Fa "const void *buf" +.Fa "int len" +.Fc +.Ft int +.Fo BIO_puts +.Fa "BIO *b" +.Fa "const char *buf" +.Fc +.Sh DESCRIPTION +.Fn BIO_read +attempts to read +.Fa len +bytes from BIO +.Fa b +and places the data in +.Fa buf . +.Pp +.Fn BIO_gets +performs the BIOs "gets" operation and places the data in +.Fa buf . +Usually this operation will attempt to read a line of data +from the BIO of maximum length +.Fa len No - 1 . +There are exceptions to this however, for example +.Fn BIO_gets +on a digest BIO will calculate and return the digest +and other BIOs may not support +.Fn BIO_gets +at all. +The returned string is always NUL-terminated. +.Pp +.Fn BIO_write +attempts to write +.Fa len +bytes from +.Fa buf +to BIO +.Fa b . +.Pp +.Fn BIO_puts +attempts to write a null terminated string +.Fa buf +to BIO +.Fa b . +.Pp +One technique sometimes used with blocking sockets +is to use a system call (such as +.Xr select 2 , +.Xr poll 2 +or equivalent) to determine when data is available and then call +.Xr read 2 +to read the data. +The equivalent with BIOs (that is call +.Xr select 2 +on the underlying I/O structure and then call +.Fn BIO_read +to read the data) should +.Em not +be used because a single call to +.Fn BIO_read +can cause several reads (and writes in the case of SSL BIOs) +on the underlying I/O structure and may block as a result. +Instead +.Xr select 2 +(or equivalent) should be combined with non-blocking I/O +so successive reads will request a retry instead of blocking. +.Pp +See +.Xr BIO_should_retry 3 +for details of how to determine the cause of a retry and other I/O issues. +.Pp +If the +.Fn BIO_gets +function is not supported by a BIO then it is possible to +work around this by adding a buffering BIO +.Xr BIO_f_buffer 3 +to the chain. +.Sh RETURN VALUES +All these functions return either the amount of data successfully +read or written (if the return value is positive) or that no data +was successfully read or written if the result is 0 or -1. +If the return value is -2, then the operation is not implemented +in the specific BIO type. +The trailing NUL is not included in the length returned by +.Fn BIO_gets . +.Pp +A 0 or -1 return is not necessarily an indication of an error. +In particular when the source/sink is non-blocking or of a certain type +it may merely be an indication that no data is currently available and that +the application should retry the operation later. +.Sh SEE ALSO +.Xr BIO_meth_new 3 , +.Xr BIO_new 3 , +.Xr BIO_should_retry 3 +.Sh HISTORY +.Fn BIO_read , +.Fn BIO_gets , +.Fn BIO_write , +and +.Fn BIO_puts +first appeared in SSLeay 0.6.0 and have been available since +.Ox 2.4 . diff --git a/src/lib/libcrypto/man/BIO_s_accept.3 b/src/lib/libcrypto/man/BIO_s_accept.3 new file mode 100644 index 00000000000..4ead28b62f7 --- /dev/null +++ b/src/lib/libcrypto/man/BIO_s_accept.3 @@ -0,0 +1,376 @@ +.\" $OpenBSD: BIO_s_accept.3,v 1.11 2018/05/12 20:12:17 schwarze Exp $ +.\" OpenSSL c03726ca Thu Aug 27 12:28:08 2015 -0400 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2000, 2014, 2015 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: May 12 2018 $ +.Dt BIO_S_ACCEPT 3 +.Os +.Sh NAME +.Nm BIO_s_accept , +.Nm BIO_set_accept_port , +.Nm BIO_get_accept_port , +.Nm BIO_new_accept , +.Nm BIO_set_nbio_accept , +.Nm BIO_set_accept_bios , +.Nm BIO_set_bind_mode , +.Nm BIO_get_bind_mode , +.Nm BIO_do_accept +.Nd accept BIO +.Sh SYNOPSIS +.In openssl/bio.h +.Ft const BIO_METHOD * +.Fo BIO_s_accept +.Fa void +.Fc +.Ft long +.Fo BIO_set_accept_port +.Fa "BIO *b" +.Fa "char *name" +.Fc +.Ft char * +.Fo BIO_get_accept_port +.Fa "BIO *b" +.Fc +.Ft BIO * +.Fo BIO_new_accept +.Fa "const char *host_port" +.Fc +.Ft long +.Fo BIO_set_nbio_accept +.Fa "BIO *b" +.Fa "int n" +.Fc +.Ft long +.Fo BIO_set_accept_bios +.Fa "BIO *b" +.Fa "char *bio" +.Fc +.Ft long +.Fo BIO_set_bind_mode +.Fa "BIO *b" +.Fa "long mode" +.Fc +.Ft long +.Fo BIO_get_bind_mode +.Fa "BIO *b" +.Fa "long dummy" +.Fc +.Fd #define BIO_BIND_NORMAL 0 +.Fd #define BIO_BIND_REUSEADDR_IF_UNUSED 1 +.Fd #define BIO_BIND_REUSEADDR 2 +.Ft int +.Fo BIO_do_accept +.Fa "BIO *b" +.Fc +.Sh DESCRIPTION +.Fn BIO_s_accept +returns the accept BIO method. +This is a wrapper round the platform's TCP/IP socket +.Xr accept 2 +routines. +.Pp +Using accept BIOs, TCP/IP connections can be accepted +and data transferred using only BIO routines. +In this way any platform specific operations +are hidden by the BIO abstraction. +.Pp +Read and write operations on an accept BIO +will perform I/O on the underlying connection. +If no connection is established and the port (see below) is set up +properly then the BIO waits for an incoming connection. +.Pp +Accept BIOs support +.Xr BIO_puts 3 +but not +.Xr BIO_gets 3 . +.Pp +If the close flag is set on an accept BIO, then any active +connection on that chain is shut down and the socket closed when +the BIO is freed. +.Pp +Calling +.Xr BIO_reset 3 +on an accept BIO will close any active connection and reset the BIO +into a state where it awaits another incoming connection. +.Pp +.Xr BIO_get_fd 3 +and +.Xr BIO_set_fd 3 +can be called to retrieve or set the accept socket. +See +.Xr BIO_s_fd 3 . +.Pp +.Fn BIO_set_accept_port +uses the string +.Fa name +to set the accept port. +The port is represented as a string of the form +.Ar host : Ns Ar port , +where +.Ar host +is the interface to use and +.Ar port +is the port. +The host can be +.Qq * , +which is interpreted as meaning any interface; +.Ar port +has the same syntax as the port specified in +.Xr BIO_set_conn_port 3 +for connect BIOs. +It can be a numerical port string or a string to look up using +.Xr getservbyname 3 +and a string table. +.Pp +.Fn BIO_new_accept +combines +.Xr BIO_new 3 +and +.Fn BIO_set_accept_port +into a single call. +It creates a new accept BIO with port +.Fa host_port . +.Pp +.Fn BIO_set_nbio_accept +sets the accept socket to blocking mode (the default) if +.Fa n +is 0 or non-blocking mode if +.Fa n +is 1. +.Pp +.Fn BIO_set_accept_bios +can be used to set a chain of BIOs which will be duplicated +and prepended to the chain when an incoming connection is received. +This is useful if, for example, a buffering or SSL BIO +is required for each connection. +The chain of BIOs must not be freed after this call - +they will be automatically freed when the accept BIO is freed. +.Pp +.Fn BIO_set_bind_mode +and +.Fn BIO_get_bind_mode +set and retrieve the current bind mode. +If +.Dv BIO_BIND_NORMAL Pq the default +is set, then another socket cannot be bound to the same port. +If +.Dv BIO_BIND_REUSEADDR +is set, then other sockets can bind to the same port. +If +.Dv BIO_BIND_REUSEADDR_IF_UNUSED +is set, then an attempt is first made to use +.Dv BIO_BIN_NORMAL ; +if this fails and the port is not in use, +then a second attempt is made using +.Dv BIO_BIND_REUSEADDR . +.Pp +.Fn BIO_do_accept +serves two purposes. +When it is first called, after the accept BIO has been set up, +it will attempt to create the accept socket and bind an address to it. +Second and subsequent calls to +.Fn BIO_do_accept +will await an incoming connection, or request a retry in non-blocking mode. +.Sh NOTES +When an accept BIO is at the end of a chain, it will await an +incoming connection before processing I/O calls. +When an accept BIO is not at then end of a chain, +it passes I/O calls to the next BIO in the chain. +.Pp +When a connection is established a new socket BIO is created +for the connection and appended to the chain. +That is the chain is now accept->socket. +This effectively means that attempting I/O on an initial accept +socket will await an incoming connection then perform I/O on it. +.Pp +If any additional BIOs have been set using +.Fn BIO_set_accept_bios , +then they are placed between the socket and the accept BIO; +that is, the chain will be accept->otherbios->socket. +.Pp +If a server wishes to process multiple connections (as is normally +the case), then the accept BIO must be made available for further +incoming connections. +This can be done by waiting for a connection and then calling: +.Pp +.Dl connection = BIO_pop(accept); +.Pp +After this call, +.Sy connection +will contain a BIO for the recently established connection and +.Sy accept +will now be a single BIO again which can be used +to await further incoming connections. +If no further connections will be accepted, the +.Sy accept +can be freed using +.Xr BIO_free 3 . +.Pp +If only a single connection will be processed, +it is possible to perform I/O using the accept BIO itself. +This is often undesirable however because the accept BIO +will still accept additional incoming connections. +This can be resolved by using +.Xr BIO_pop 3 +(see above) and freeing up the accept BIO after the initial connection. +.Pp +If the underlying accept socket is non-blocking and +.Fn BIO_do_accept +is called to await an incoming connection, it is possible for +.Xr BIO_should_io_special 3 +with the reason +.Dv BIO_RR_ACCEPT . +If this happens, then it is an indication that an accept attempt +would block: the application should take appropriate action +to wait until the underlying socket has accepted a connection +and retry the call. +.Pp +.Fn BIO_set_accept_port , +.Fn BIO_get_accept_port , +.Fn BIO_set_nbio_accept , +.Fn BIO_set_accept_bios , +.Fn BIO_set_bind_mode , +.Fn BIO_get_bind_mode , +and +.Fn BIO_do_accept +are macros. +.Sh RETURN VALUES +.Fn BIO_do_accept , +.Fn BIO_set_accept_port , +.Fn BIO_set_nbio_accept , +.Fn BIO_set_accept_bios , +and +.Fn BIO_set_bind_mode +return 1 for success or 0 or -1 for failure. +.Pp +.Fn BIO_get_accept_port +returns the port as a string or +.Dv NULL +on error. +.Pp +.Fn BIO_get_bind_mode +returns the set of BIO_BIND flags or -1 on failure. +.Pp +.Fn BIO_new_accept +returns a +.Vt BIO +or +.Dv NULL +on error. +.Sh EXAMPLES +This example accepts two connections on port 4444, +sends messages down each and finally closes both down. +.Bd -literal -offset 2n +BIO *abio, *cbio, *cbio2; +ERR_load_crypto_strings(); +abio = BIO_new_accept("4444"); + +/* First call to BIO_accept() sets up accept BIO */ +if (BIO_do_accept(abio) <= 0) { + fprintf(stderr, "Error setting up accept\en"); + ERR_print_errors_fp(stderr); + exit(0); +} + +/* Wait for incoming connection */ +if (BIO_do_accept(abio) <= 0) { + fprintf(stderr, "Error accepting connection\en"); + ERR_print_errors_fp(stderr); + exit(0); +} +fprintf(stderr, "Connection 1 established\en"); + +/* Retrieve BIO for connection */ +cbio = BIO_pop(abio); + +BIO_puts(cbio, "Connection 1: Sending out Data on initial connection\en"); +fprintf(stderr, "Sent out data on connection 1\en"); + +/* Wait for another connection */ +if (BIO_do_accept(abio) <= 0) { + fprintf(stderr, "Error accepting connection\en"); + ERR_print_errors_fp(stderr); + exit(0); +} +fprintf(stderr, "Connection 2 established\en"); + +/* Close accept BIO to refuse further connections */ +cbio2 = BIO_pop(abio); +BIO_free(abio); + +BIO_puts(cbio2, "Connection 2: Sending out Data on second\en"); +fprintf(stderr, "Sent out data on connection 2\en"); +BIO_puts(cbio, "Connection 1: Second connection established\en"); + +/* Close the two established connections */ +BIO_free(cbio); +BIO_free(cbio2); +.Ed +.Sh SEE ALSO +.Xr BIO_new 3 +.Sh HISTORY +.Fn BIO_s_accept , +.Fn BIO_set_accept_port , +.Fn BIO_new_accept , +.Fn BIO_set_accept_bios , +and +.Fn BIO_do_accept +first appeared in SSLeay 0.8.0. +.Fn BIO_set_nbio_accept +and +.Fn BIO_get_accept_port +first appeared in SSLeay 0.9.0. +All these functions have been available since +.Ox 2.4 . +.Pp +.Fn BIO_set_bind_mode +and +.Fn BIO_get_bind_mode +first appeared in SSLeay 0.9.1 and have been available since +.Ox 2.6 . diff --git a/src/lib/libcrypto/man/BIO_s_bio.3 b/src/lib/libcrypto/man/BIO_s_bio.3 new file mode 100644 index 00000000000..171207dfe14 --- /dev/null +++ b/src/lib/libcrypto/man/BIO_s_bio.3 @@ -0,0 +1,392 @@ +.\" $OpenBSD: BIO_s_bio.3,v 1.13 2018/05/01 17:05:05 schwarze Exp $ +.\" OpenSSL c03726ca Aug 27 12:28:08 2015 -0400 +.\" +.\" This file was written by +.\" Lutz Jaenicke , +.\" Dr. Stephen Henson , +.\" Bodo Moeller , +.\" and Richard Levitte . +.\" Copyright (c) 2000, 2002, 2015, 2016 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: May 1 2018 $ +.Dt BIO_S_BIO 3 +.Os +.Sh NAME +.Nm BIO_s_bio , +.Nm BIO_make_bio_pair , +.Nm BIO_destroy_bio_pair , +.Nm BIO_shutdown_wr , +.Nm BIO_set_write_buf_size , +.Nm BIO_get_write_buf_size , +.Nm BIO_new_bio_pair , +.Nm BIO_get_write_guarantee , +.Nm BIO_ctrl_get_write_guarantee , +.Nm BIO_get_read_request , +.Nm BIO_ctrl_get_read_request , +.Nm BIO_ctrl_reset_read_request +.Nd BIO pair BIO +.Sh SYNOPSIS +.In openssl/bio.h +.Ft const BIO_METHOD * +.Fo BIO_s_bio +.Fa void +.Fc +.Ft int +.Fo BIO_make_bio_pair +.Fa "BIO *b1" +.Fa "BIO *b2" +.Fc +.Ft int +.Fo BIO_destroy_bio_pair +.Fa "BIO *b" +.Fc +.Ft int +.Fo BIO_shutdown_wr +.Fa "BIO *b" +.Fc +.Ft int +.Fo BIO_set_write_buf_size +.Fa "BIO *b" +.Fa "long size" +.Fc +.Ft size_t +.Fo BIO_get_write_buf_size +.Fa "BIO *b" +.Fa "long size" +.Fc +.Ft int +.Fo BIO_new_bio_pair +.Fa "BIO **bio1" +.Fa "size_t writebuf1" +.Fa "BIO **bio2" +.Fa "size_t writebuf2" +.Fc +.Ft size_t +.Fo BIO_get_write_guarantee +.Fa "BIO *b" +.Fc +.Ft size_t +.Fo BIO_ctrl_get_write_guarantee +.Fa "BIO *b" +.Fc +.Ft int +.Fo BIO_get_read_request +.Fa "BIO *b" +.Fc +.Ft size_t +.Fo BIO_ctrl_get_read_request +.Fa "BIO *b" +.Fc +.Ft int +.Fo BIO_ctrl_reset_read_request +.Fa "BIO *b" +.Fc +.Sh DESCRIPTION +.Fn BIO_s_bio +returns the method for a BIO pair. +A BIO pair is a pair of source/sink BIOs where data written to either +half of the pair is buffered and can be read from the other half. +Both halves must usually be handled by the same application thread +since no locking is done on the internal data structures. +.Pp +Since BIO chains typically end in a source/sink BIO, +it is possible to make this one half of a BIO pair and +have all the data processed by the chain under application control. +.Pp +One typical use of BIO pairs is +to place TLS/SSL I/O under application control. +This can be used when the application wishes to use a non-standard +transport for TLS/SSL or the normal socket routines are inappropriate. +.Pp +Calls to +.Xr BIO_read 3 +will read data from the buffer or request a retry if no data is available. +.Pp +Calls to +.Xr BIO_write 3 +will place data in the buffer or request a retry if the buffer is full. +.Pp +The standard calls +.Xr BIO_ctrl_pending 3 +and +.Xr BIO_ctrl_wpending 3 +can be used to determine the amount of pending data +in the read or write buffer. +.Pp +.Xr BIO_reset 3 +clears any data in the write buffer. +.Pp +.Fn BIO_make_bio_pair +joins two separate BIOs into a connected pair. +.Pp +.Fn BIO_destroy_pair +destroys the association between two connected BIOs. +Freeing up any half of the pair will automatically destroy the association. +.Pp +.Fn BIO_shutdown_wr +is used to close down a BIO +.Fa b . +After this call no further writes on BIO +.Fa b +are allowed; they will return an error. +Reads on the other half of the pair will return any pending data +or EOF when all pending data has been read. +.Pp +.Fn BIO_set_write_buf_size +sets the write buffer size of BIO +.Fa b +to +.Fa size . +If the size is not initialized a default value is used. +This is currently 17K, sufficient for a maximum size TLS record. +.Pp +.Fn BIO_get_write_buf_size +returns the size of the write buffer. +.Pp +.Fn BIO_new_bio_pair +combines the calls to +.Xr BIO_new 3 , +.Fn BIO_make_bio_pair +and +.Fn BIO_set_write_buf_size +to create a connected pair of BIOs +.Fa bio1 +and +.Fa bio2 +with write buffer sizes +.Fa writebuf1 +and +.Fa writebuf2 . +If either size is zero, then the default size is used. +.Fn BIO_new_bio_pair +does not check whether +.Fa bio1 +or +.Fa bio2 +point to some other BIO; the values are overwritten and +.Xr BIO_free 3 +is not called. +.Pp +.Fn BIO_get_write_guarantee +and +.Fn BIO_ctrl_get_write_guarantee +return the maximum length of data +that can be currently written to the BIO. +Writes larger than this value will return a value from +.Xr BIO_write 3 +less than the amount requested or if the buffer is full request a retry. +.Fn BIO_ctrl_get_write_guarantee +is a function whereas +.Fn BIO_get_write_guarantee +is a macro. +.Pp +.Fn BIO_get_read_request +and +.Fn BIO_ctrl_get_read_request +return the amount of data requested, or the buffer size if it is less, +if the last read attempt at the other half of the BIO pair failed +due to an empty buffer. +This can be used to determine how much data should be +written to the BIO so the next read will succeed: +this is most useful in TLS/SSL applications where the amount of +data read is usually meaningful rather than just a buffer size. +After a successful read this call will return zero. +It also will return zero once new data has been written +satisfying the read request or part of it. +Note that +.Fn BIO_get_read_request +never returns an amount larger than that returned by +.Fn BIO_get_write_guarantee . +.Pp +.Fn BIO_ctrl_reset_read_request +can also be used to reset the value returned by +.Fn BIO_get_read_request +to zero. +.Pp +Both halves of a BIO pair should be freed. +Even if one half is implicitly freed due to a +.Xr BIO_free_all 3 +or +.Xr SSL_free 3 +call, the other half still needs to be freed. +.Pp +When used in bidirectional applications (such as TLS/SSL) +care should be taken to flush any data in the write buffer. +This can be done by calling +.Xr BIO_pending 3 +on the other half of the pair and, if any data is pending, +reading it and sending it to the underlying transport. +This must be done before any normal processing (such as calling +.Xr select 2 ) +due to a request and +.Xr BIO_should_read 3 +being true. +.Pp +To see why this is important, +consider a case where a request is sent using +.Xr BIO_write 3 +and a response read with +.Xr BIO_read 3 , +this can occur during a TLS/SSL handshake for example. +.Xr BIO_write 3 +will succeed and place data in the write buffer. +.Xr BIO_read 3 +will initially fail and +.Xr BIO_should_read 3 +will be true. +If the application then waits for data to become available +on the underlying transport before flushing the write buffer, +it will never succeed because the request was never sent. +.Pp +.Xr BIO_eof 3 +is true if no data is in the peer BIO and the peer BIO has been shutdown. +.Pp +.Fn BIO_make_bio_pair , +.Fn BIO_destroy_bio_pair , +.Fn BIO_shutdown_wr , +.Fn BIO_set_write_buf_size , +.Fn BIO_get_write_buf_size , +.Fn BIO_get_write_guarantee , +and +.Fn BIO_get_read_request +are implemented as macros. +.Sh RETURN VALUES +.Fn BIO_new_bio_pair +returns 1 on success, with the new BIOs available in +.Fa bio1 +and +.Fa bio2 , +or 0 on failure, with NULL pointers stored into the locations for +.Fa bio1 +and +.Fa bio2 . +Check the error stack for more information. +.\" XXX More return values need to be added here. +.Sh EXAMPLES +The BIO pair can be used to have full control +over the network access of an application. +The application can call +.Xr select 2 +on the socket as required without having to go through the SSL interface. +.Bd -literal -offset 2n +BIO *internal_bio, *network_bio; +\&... +BIO_new_bio_pair(&internal_bio, 0, &network_bio, 0); +SSL_set_bio(ssl, internal_bio, internal_bio); +SSL_operations(); /* e.g. SSL_read() and SSL_write() */ +\&... + +application | TLS-engine + | | + +----------> SSL_operations() + | /\e || + | || \e/ + | BIO-pair (internal_bio) + | BIO-pair (network_bio) + | || /\e + | \e/ || + +-----------< BIO_operations() + | | + socket | + +\&... +SSL_free(ssl); /* implicitly frees internal_bio */ +BIO_free(network_bio); +\&... +.Ed +.Pp +As the BIO pair will only buffer the data and never directly access +the connection, it behaves non-blocking and will return as soon as +the write buffer is full or the read buffer is drained. +Then the application has to flush the write buffer +and/or fill the read buffer. +.Pp +Use +.Xr BIO_ctrl_pending 3 +to find out whether data is buffered in the BIO +and must be transferred to the network. +Use +.Fn BIO_ctrl_get_read_request +to find out how many bytes must be written into the buffer before the +SSL operations can successfully be continued. +.Sh SEE ALSO +.Xr BIO_new 3 , +.Xr BIO_read 3 , +.Xr BIO_should_retry 3 , +.Xr ssl 3 , +.Xr SSL_set_bio 3 +.Sh HISTORY +.Fn BIO_s_bio , +.Fn BIO_make_bio_pair , +.Fn BIO_destroy_bio_pair , +.Fn BIO_set_write_buf_size , +.Fn BIO_get_write_buf_size , +.Fn BIO_new_bio_pair , +.Fn BIO_get_write_guarantee , +.Fn BIO_ctrl_get_write_guarantee , +.Fn BIO_get_read_request , +and +.Fn BIO_ctrl_reset_read_request +first appeared in OpenSSL 0.9.4 and have been available since +.Ox 2.6 . +.Pp +.Fn BIO_ctrl_reset_read_request +first appeared in OpenSSL 0.9.5 and has been available since +.Ox 2.7 . +.Pp +.Fn BIO_shutdown_wr +first appeared in OpenSSL 0.9.6 and has been available since +.Ox 2.9 . +.Sh CAVEATS +As the data is buffered, SSL operations may return with an +.Dv ERROR_SSL_WANT_READ +condition, but there is still data in the write buffer. +An application must not rely on the error value of the SSL operation +but must assure that the write buffer is always flushed first. +Otherwise a deadlock may occur as the peer might be waiting +for the data before being able to continue. diff --git a/src/lib/libcrypto/man/BIO_s_connect.3 b/src/lib/libcrypto/man/BIO_s_connect.3 new file mode 100644 index 00000000000..7ddde85f539 --- /dev/null +++ b/src/lib/libcrypto/man/BIO_s_connect.3 @@ -0,0 +1,390 @@ +.\" $OpenBSD: BIO_s_connect.3,v 1.11 2018/05/12 20:12:17 schwarze Exp $ +.\" OpenSSL 186bb907 Apr 13 11:05:13 2015 -0700 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2000, 2015 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: May 12 2018 $ +.Dt BIO_S_CONNECT 3 +.Os +.Sh NAME +.Nm BIO_s_connect , +.Nm BIO_new_connect , +.Nm BIO_set_conn_hostname , +.Nm BIO_set_conn_port , +.Nm BIO_set_conn_ip , +.Nm BIO_set_conn_int_port , +.Nm BIO_get_conn_hostname , +.Nm BIO_get_conn_port , +.Nm BIO_get_conn_ip , +.Nm BIO_get_conn_int_port , +.Nm BIO_set_nbio , +.Nm BIO_do_connect +.Nd connect BIO +.Sh SYNOPSIS +.In openssl/bio.h +.Ft const BIO_METHOD * +.Fo BIO_s_connect +.Fa void +.Fc +.Ft BIO * +.Fo BIO_new_connect +.Fa "const char *name" +.Fc +.Ft long +.Fo BIO_set_conn_hostname +.Fa "BIO *b" +.Fa "char *name" +.Fc +.Ft long +.Fo BIO_set_conn_port +.Fa "BIO *b" +.Fa "char *port" +.Fc +.Ft long +.Fo BIO_set_conn_ip +.Fa "BIO *b" +.Fa "char *ip" +.Fc +.Ft long +.Fo BIO_set_conn_int_port +.Fa "BIO *b" +.Fa "char *port" +.Fc +.Ft char * +.Fo BIO_get_conn_hostname +.Fa "BIO *b" +.Fc +.Ft char * +.Fo BIO_get_conn_port +.Fa "BIO *b" +.Fc +.Ft char * +.Fo BIO_get_conn_ip +.Fa "BIO *b" +.Fa "dummy" +.Fc +.Ft long +.Fo BIO_get_conn_int_port +.Fa "BIO *b" +.Fa "int port" +.Fc +.Ft long +.Fo BIO_set_nbio +.Fa "BIO *b" +.Fa "long n" +.Fc +.Ft int +.Fo BIO_do_connect +.Fa "BIO *b" +.Fc +.Sh DESCRIPTION +.Fn BIO_s_connect +returns the connect BIO method. +This is a wrapper around the platform's TCP/IP socket connection routines. +.Pp +Using connect BIOs, TCP/IP connections can be made and data +transferred using only BIO routines. +In this way any platform specific operations +are hidden by the BIO abstraction. +.Pp +Read and write operations on a connect BIO will perform I/O +on the underlying connection. +If no connection is established and the port and hostname (see below) +is set up properly, then a connection is established first. +.Pp +Connect BIOs support +.Xr BIO_puts 3 +but not +.Xr BIO_gets 3 . +.Pp +If the close flag is set on a connect BIO, then any active connection +is shutdown and the socket closed when the BIO is freed. +.Pp +Calling +.Xr BIO_reset 3 +on a connect BIO will close any active connection and reset the BIO +into a state where it can connect to the same host again. +.Pp +.Xr BIO_get_fd 3 +places the underlying socket in +.Fa c +if it is not +.Dv NULL +and also returns the socket. +If +.Fa c +is not +.Dv NULL +it should be of type +.Vt "int *" . +.Pp +.Fn BIO_set_conn_hostname +uses the string +.Fa name +to set the hostname. +The hostname can be an IP address. +The hostname can also include the port in the form +.Ar hostname : Ns Ar port . +It is also acceptable to use the forms +.Ar hostname Ns / Ns Pa any/other/path +or +.Ar hostname : Ns Ar port Ns / Ns Pa any/other/path . +.Pp +.Fn BIO_set_conn_port +sets the port to +.Fa port . +.Fa port +is looked up as a service using +.Xr getaddrinfo 3 +.Pp +.Fn BIO_set_conn_ip +sets the IP address to +.Fa ip +using binary form i.e. four bytes specifying the IP address +in big-endian form. +.Pp +.Fn BIO_set_conn_int_port +sets the port using +.Fa port . +.Fa port +should +be of type +.Vt "int *" . +.Pp +.Fn BIO_get_conn_hostname +returns the hostname of the connect BIO or +.Dv NULL +if the BIO is initialized but no hostname is set. +This return value is an internal pointer which should not be modified. +.Pp +.Fn BIO_get_conn_port +returns the port as a string. +This return value is an internal pointer which should not be modified. +.Pp +.Fn BIO_get_conn_ip +returns the IP address in binary form. +.Pp +.Fn BIO_get_conn_int_port +returns the port as an +.Vt int . +.Pp +.Fn BIO_set_nbio +sets the non-blocking I/O flag to +.Fa n . +If +.Fa n +is zero then blocking I/O is set. +If +.Fa n +is 1 then non-blocking I/O is set. +Blocking I/O is the default. +The call to +.Fn BIO_set_nbio +should be made before the connection is established +because non-blocking I/O is set during the connect process. +.Pp +.Fn BIO_new_connect +combines +.Xr BIO_new 3 +and +.Fn BIO_set_conn_hostname +into a single call. +It creates a new connect BIO with +.Fa name . +.Pp +.Fn BIO_do_connect +attempts to connect the supplied BIO. +It returns 1 if the connection was established successfully. +A zero or negative value is returned if the connection +could not be established. +The call +.Xr BIO_should_retry 3 +should be used for non-blocking connect BIOs +to determine if the call should be retried. +.Pp +If blocking I/O is set then a non-positive return value from any +I/O call is caused by an error condition, although a zero return +will normally mean that the connection was closed. +.Pp +If the port name is supplied as part of the host name then this will +override any value set with +.Fn BIO_set_conn_port . +This may be undesirable if the application does not wish to allow +connection to arbitrary ports. +This can be avoided by checking for the presence of the +.Sq \&: +character in the passed hostname and either indicating an error +or truncating the string at that point. +.Pp +The values returned by +.Fn BIO_get_conn_hostname , +.Fn BIO_get_conn_port , +.Fn BIO_get_conn_ip , +and +.Fn BIO_get_conn_int_port +are updated when a connection attempt is made. +Before any connection attempt the values returned +are those set by the application itself. +.Pp +Applications do not have to call +.Fn BIO_do_connect +but may wish to do so to separate the connection process +from other I/O processing. +.Pp +If non-blocking I/O is set, +then retries will be requested as appropriate. +.Pp +In addition to +.Xr BIO_should_read 3 +and +.Xr BIO_should_write 3 +it is also possible for +.Xr BIO_should_io_special 3 +to be true during the initial connection process with the reason +.Dv BIO_RR_CONNECT . +If this is returned, it is an indication +that a connection attempt would block. +The application should then take appropriate action to wait +until the underlying socket has connected and retry the call. +.Pp +.Fn BIO_set_conn_hostname , +.Fn BIO_set_conn_port , +.Fn BIO_set_conn_ip , +.Fn BIO_set_conn_int_port , +.Fn BIO_get_conn_hostname , +.Fn BIO_get_conn_port , +.Fn BIO_get_conn_ip , +.Fn BIO_get_conn_int_port , +.Fn BIO_set_nbio , +and +.Fn BIO_do_connect +are macros. +.Sh RETURN VALUES +.Fn BIO_s_connect +returns the connect BIO method. +.Pp +.Xr BIO_get_fd 3 +returns the socket or -1 if the BIO has not been initialized. +.Pp +.Fn BIO_set_conn_hostname , +.Fn BIO_set_conn_port , +.Fn BIO_set_conn_ip , +and +.Fn BIO_set_conn_int_port +always return 1. +.Pp +.Fn BIO_get_conn_hostname +returns the connected hostname or +.Dv NULL +if none is set. +.Pp +.Fn BIO_get_conn_port +returns a string representing the connected port or +.Dv NULL +if not set. +.Pp +.Fn BIO_get_conn_ip +returns a pointer to the connected IP address in binary form +or all zeros if not set. +.Pp +.Fn BIO_get_conn_int_port +returns the connected port or 0 if none was set. +.Pp +.Fn BIO_set_nbio +always returns 1. +.Pp +.Fn BIO_do_connect +returns 1 if the connection was successfully +established and 0 or -1 if the connection failed. +.Sh EXAMPLES +This example connects to a webserver on the local host and attempts +to retrieve a page and copy the result to standard output. +.Bd -literal -offset 2n +BIO *cbio, *out; +int len; +char tmpbuf[1024]; + +ERR_load_crypto_strings(); +cbio = BIO_new_connect("localhost:http"); +out = BIO_new_fp(stdout, BIO_NOCLOSE); +if (BIO_do_connect(cbio) <= 0) { + fprintf(stderr, "Error connecting to server\en"); + ERR_print_errors_fp(stderr); + /* whatever ... */ +} +BIO_puts(cbio, "GET / HTTP/1.0\en\en"); +for(;;) { + len = BIO_read(cbio, tmpbuf, 1024); + if (len <= 0) + break; + BIO_write(out, tmpbuf, len); +} +BIO_free(cbio); +BIO_free(out); +.Ed +.Sh SEE ALSO +.Xr BIO_new 3 +.Sh HISTORY +.Fn BIO_s_connect , +.Fn BIO_new_connect , +.Fn BIO_set_nbio , +and +.Fn BIO_do_connect +first appeared in SSLeay 0.8.0. +.Fn BIO_set_conn_hostname , +.Fn BIO_set_conn_port , +.Fn BIO_set_conn_ip , +.Fn BIO_set_conn_int_port , +.Fn BIO_get_conn_hostname , +.Fn BIO_get_conn_port , +.Fn BIO_get_conn_ip , +and +.Fn BIO_get_conn_int_port +first appeared in SSLeay 0.9.0. +All these functions have been available since +.Ox 2.4 . diff --git a/src/lib/libcrypto/man/BIO_s_fd.3 b/src/lib/libcrypto/man/BIO_s_fd.3 new file mode 100644 index 00000000000..5ac33e77ee6 --- /dev/null +++ b/src/lib/libcrypto/man/BIO_s_fd.3 @@ -0,0 +1,206 @@ +.\" $OpenBSD: BIO_s_fd.3,v 1.9 2018/05/01 17:05:05 schwarze Exp $ +.\" OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: May 1 2018 $ +.Dt BIO_S_FD 3 +.Os +.Sh NAME +.Nm BIO_s_fd , +.Nm BIO_set_fd , +.Nm BIO_get_fd , +.Nm BIO_new_fd +.Nd file descriptor BIO +.Sh SYNOPSIS +.In openssl/bio.h +.Ft const BIO_METHOD * +.Fo BIO_s_fd +.Fa "void" +.Fc +.Ft long +.Fo BIO_set_fd +.Fa "BIO *b" +.Fa "int fd" +.Fa "long close_flag" +.Fc +.Ft long +.Fo BIO_get_fd +.Fa "BIO *b" +.Fa "int *c" +.Fc +.Ft BIO * +.Fo BIO_new_fd +.Fa "int fd" +.Fa "int close_flag" +.Fc +.Sh DESCRIPTION +.Fn BIO_s_fd +returns the file descriptor BIO method. +This is a wrapper around the platform's file descriptor routines such as +.Xr read 2 +and +.Xr write 2 . +.Pp +.Xr BIO_read 3 +and +.Xr BIO_write 3 +read or write the underlying descriptor. +.Xr BIO_puts 3 +is supported but +.Xr BIO_gets 3 +is not. +.Pp +If the close flag is set, +.Xr close 2 +is called on the underlying file descriptor when the +.Vt BIO +is freed. +.Pp +.Xr BIO_reset 3 +attempts to set the file pointer to the start of the file using +.Fn lseek fd 0 0 . +.Pp +.Xr BIO_seek 3 +sets the file pointer to position +.Fa ofs +from start of file using +.Fn lseek fd ofs 0 . +.Pp +.Xr BIO_tell 3 +returns the current file position by calling +.Fn lseek fd 0 1 . +.Pp +.Fn BIO_set_fd +sets the file descriptor of +.Vt BIO +.Fa b +to +.Fa fd +and the close flag to +.Fa close_flag . +It is currently implemented as a macro. +.Pp +.Fn BIO_get_fd +places the file descriptor in +.Fa c +if it is not +.Dv NULL +and also returns the file descriptor. +It is currently implemented as a macro. +.Pp +.Fn BIO_new_fd +returns a file descriptor BIO using +.Fa fd +and +.Fa close_flag . +.Pp +The behaviour of +.Xr BIO_read 3 +and +.Xr BIO_write 3 +depends on the behavior of the platform's +.Xr read 2 +and +.Xr write 2 +calls on the descriptor. +If the underlying file descriptor is in a non-blocking mode, +then the BIO will behave in the manner described in the +.Xr BIO_read 3 +and +.Xr BIO_should_retry 3 +manual pages. +.Pp +File descriptor BIOs should not be used for socket I/O. +Use socket BIOs instead. +.Pp +.Fn BIO_set_fd +and +.Fn BIO_get_fd +are implemented as macros. +.Sh RETURN VALUES +.Fn BIO_s_fd +returns the file descriptor BIO method. +.Pp +.Fn BIO_set_fd +always returns 1. +.Pp +.Fn BIO_get_fd +returns the file descriptor or -1 if the +.Vt BIO +has not been initialized. +.Pp +.Fn BIO_new_fd +returns the newly allocated +.Vt BIO +or +.Dv NULL +if an error occurred. +.Sh EXAMPLES +This is a file descriptor BIO version of "Hello World": +.Bd -literal -offset indent +BIO *out; +out = BIO_new_fd(fileno(stdout), BIO_NOCLOSE); +BIO_printf(out, "Hello World\en"); +BIO_free(out); +.Ed +.Sh SEE ALSO +.Xr BIO_new 3 , +.Xr BIO_read 3 , +.Xr BIO_s_socket 3 , +.Xr BIO_seek 3 +.Sh HISTORY +.Fn BIO_s_fd , +.Fn BIO_set_fd , +and +.Fn BIO_get_fd +first appeared in SSLeay 0.6.0. +.Fn BIO_new_fd +first appeared in SSLeay 0.8.0. +All these functions have been available since +.Ox 2.4 . diff --git a/src/lib/libcrypto/man/BIO_s_file.3 b/src/lib/libcrypto/man/BIO_s_file.3 new file mode 100644 index 00000000000..3b256dbcf79 --- /dev/null +++ b/src/lib/libcrypto/man/BIO_s_file.3 @@ -0,0 +1,319 @@ +.\" $OpenBSD: BIO_s_file.3,v 1.11 2018/12/19 20:30:09 schwarze Exp $ +.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" selective merge up to: OpenSSL 1212818e Sep 11 13:22:14 2018 +0100 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2000, 2010 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: December 19 2018 $ +.Dt BIO_S_FILE 3 +.Os +.Sh NAME +.Nm BIO_s_file , +.Nm BIO_new_file , +.Nm BIO_new_fp , +.Nm BIO_set_fp , +.Nm BIO_get_fp , +.Nm BIO_read_filename , +.Nm BIO_write_filename , +.Nm BIO_append_filename , +.Nm BIO_rw_filename +.Nd FILE BIO +.Sh SYNOPSIS +.In openssl/bio.h +.Ft const BIO_METHOD * +.Fo BIO_s_file +.Fa void +.Fc +.Ft BIO * +.Fo BIO_new_file +.Fa "const char *filename" +.Fa "const char *mode" +.Fc +.Ft BIO * +.Fo BIO_new_fp +.Fa "FILE *stream" +.Fa "int flags" +.Fc +.Ft long +.Fo BIO_set_fp +.Fa "BIO *b" +.Fa "FILE *fp" +.Fa "int flags" +.Fc +.Ft long +.Fo BIO_get_fp +.Fa "BIO *b" +.Fa "FILE **fpp" +.Fc +.Ft int +.Fo BIO_read_filename +.Fa "BIO *b" +.Fa "char *name" +.Fc +.Ft int +.Fo BIO_write_filename +.Fa "BIO *b" +.Fa "char *name" +.Fc +.Ft int +.Fo BIO_append_filename +.Fa "BIO *b" +.Fa "char *name" +.Fc +.Ft int +.Fo BIO_rw_filename +.Fa "BIO *b" +.Fa "char *name" +.Fc +.Sh DESCRIPTION +.Fn BIO_s_file +returns the BIO file method. +As its name implies, it is a wrapper around the stdio +.Vt FILE +structure and it is a source/sink BIO. +.Pp +Calls to +.Xr BIO_read 3 +and +.Xr BIO_write 3 +read and write data to the underlying stream. +.Xr BIO_gets 3 +and +.Xr BIO_puts 3 +are supported on file BIOs. +.Pp +.Xr BIO_flush 3 +on a file BIO calls the +.Xr fflush 3 +function on the wrapped stream. +.Pp +.Xr BIO_reset 3 +attempts to change the file pointer to the start of file using +.Fn fseek stream 0 0 . +.Pp +.Xr BIO_seek 3 +sets the file pointer to position +.Fa ofs +from the start of the file using +.Fn fseek stream ofs 0 . +.Pp +.Xr BIO_eof 3 +calls +.Xr feof 3 . +.Pp +Setting the +.Dv BIO_CLOSE +flag calls +.Xr fclose 3 +on the stream when the BIO is freed. +.Pp +.Fn BIO_new_file +creates a new file BIO with mode +.Fa mode . +The meaning of +.Fa mode +is the same as for the stdio function +.Xr fopen 3 . +The +.Dv BIO_CLOSE +flag is set on the returned BIO. +.Pp +.Fn BIO_new_fp +creates a file BIO wrapping +.Fa stream . +Flags can be: +.Dv BIO_CLOSE , BIO_NOCLOSE Pq the close flag , +.Dv BIO_FP_TEXT +(sets the underlying stream to text mode, default is binary: +this only has any effect under Win32). +.Pp +.Fn BIO_set_fp +sets the file pointer of a file BIO to +.Fa fp . +.Fa flags +has the same meaning as in +.Fn BIO_new_fp . +.Fn BIO_set_fp +is a macro. +.Pp +.Fn BIO_get_fp +retrieves the file pointer of a file BIO, it is a macro. +.Pp +.Xr BIO_seek 3 +is a macro that sets the position pointer to +.Fa offset +bytes from the start of file. +.Pp +.Xr BIO_tell 3 +returns the value of the position pointer. +.Pp +.Fn BIO_read_filename , +.Fn BIO_write_filename , +.Fn BIO_append_filename , +and +.Fn BIO_rw_filename +set the file BIO +.Fa b +to use file +.Fa name +for reading, writing, append or read write respectively. +.Pp +When wrapping stdout, stdin, or stderr, the underlying stream +should not normally be closed, so the +.Dv BIO_NOCLOSE +flag should be set. +.Pp +Because the file BIO calls the underlying stdio functions, any quirks +in stdio behaviour will be mirrored by the corresponding BIO. +.Pp +On Windows, +.Fn BIO_new_files +reserves for the filename argument to be UTF-8 encoded. +In other words, if you have to make it work in a multi-lingual +environment, encode file names in UTF-8. +.Sh RETURN VALUES +.Fn BIO_s_file +returns the file BIO method. +.Pp +.Fn BIO_new_file +and +.Fn BIO_new_fp +return a file BIO or +.Dv NULL +if an error occurred. +.Pp +.Fn BIO_set_fp +and +.Fn BIO_get_fp +return 1 for success or 0 for failure (although the current +implementation never returns 0). +.Pp +.Xr BIO_seek 3 +returns the same value as the underlying +.Xr fseek 3 +function: 0 for success or -1 for failure. +.Pp +.Xr BIO_tell 3 +returns the current file position. +.Pp +.Fn BIO_read_filename , +.Fn BIO_write_filename , +.Fn BIO_append_filename , +and +.Fn BIO_rw_filename +return 1 for success or 0 for failure. +.Sh EXAMPLES +File BIO "hello world": +.Bd -literal -offset indent +BIO *bio_out; +bio_out = BIO_new_fp(stdout, BIO_NOCLOSE); +BIO_printf(bio_out, "Hello World\en"); +.Ed +.Pp +Alternative technique: +.Bd -literal -offset indent +BIO *bio_out; +bio_out = BIO_new(BIO_s_file()); +if(bio_out == NULL) /* Error ... */ +if(!BIO_set_fp(bio_out, stdout, BIO_NOCLOSE)) /* Error ... */ +BIO_printf(bio_out, "Hello World\en"); +.Ed +.Pp +Write to a file: +.Bd -literal -offset indent +BIO *out; +out = BIO_new_file("filename.txt", "w"); +if(!out) /* Error occurred */ +BIO_printf(out, "Hello World\en"); +BIO_free(out); +.Ed +.Pp +Alternative technique: +.Bd -literal -offset indent +BIO *out; +out = BIO_new(BIO_s_file()); +if(out == NULL) /* Error ... */ +if(!BIO_write_filename(out, "filename.txt")) /* Error ... */ +BIO_printf(out, "Hello World\en"); +BIO_free(out); +.Ed +.Sh SEE ALSO +.Xr BIO_new 3 , +.Xr BIO_read 3 , +.Xr BIO_seek 3 +.Sh HISTORY +.Fn BIO_s_file , +.Fn BIO_set_fp , +.Fn BIO_get_fp , +.Fn BIO_read_filename , +.Fn BIO_write_filename , +and +.Fn BIO_append_filename +first appeared in SSLeay 0.6.0. +.Fn BIO_new_file +and +.Fn BIO_new_fp +first appeared in SSLeay 0.8.0. +All these functions have been available since +.Ox 2.4 . +.Pp +.Fn BIO_rw_filename +first appeared in SSLeay 0.9.1 and has been available since +.Ox 2.6 . +.Sh BUGS +.Xr BIO_reset 3 +and +.Xr BIO_seek 3 +are implemented using +.Xr fseek 3 +on the underlying stream. +The return value for +.Xr fseek 3 +is 0 for success or -1 if an error occurred. +This differs from other types of BIO which will typically return +1 for success and a non-positive value if an error occurred. diff --git a/src/lib/libcrypto/man/BIO_s_mem.3 b/src/lib/libcrypto/man/BIO_s_mem.3 new file mode 100644 index 00000000000..c27d38c45e3 --- /dev/null +++ b/src/lib/libcrypto/man/BIO_s_mem.3 @@ -0,0 +1,279 @@ +.\" $OpenBSD: BIO_s_mem.3,v 1.13 2018/05/12 20:12:17 schwarze Exp $ +.\" full merge up to: OpenSSL 8711efb4 Mon Apr 20 11:33:12 2009 +0000 +.\" selective merge up to: OpenSSL 36359cec Mar 7 14:37:23 2018 +0100 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: May 12 2018 $ +.Dt BIO_S_MEM 3 +.Os +.Sh NAME +.Nm BIO_s_mem , +.Nm BIO_set_mem_eof_return , +.Nm BIO_get_mem_data , +.Nm BIO_set_mem_buf , +.Nm BIO_get_mem_ptr , +.Nm BIO_new_mem_buf +.Nd memory BIO +.Sh SYNOPSIS +.In openssl/bio.h +.Ft const BIO_METHOD * +.Fo BIO_s_mem +.Fa "void" +.Fc +.Ft long +.Fo BIO_set_mem_eof_return +.Fa "BIO *b" +.Fa "int v" +.Fc +.Ft long +.Fo BIO_get_mem_data +.Fa "BIO *b" +.Fa "char **pp" +.Fc +.Ft long +.Fo BIO_set_mem_buf +.Fa "BIO *b" +.Fa "BUF_MEM *bm" +.Fa "int c" +.Fc +.Ft long +.Fo BIO_get_mem_ptr +.Fa "BIO *b" +.Fa "BUF_MEM **pp" +.Fc +.Ft BIO * +.Fo BIO_new_mem_buf +.Fa "const void *buf" +.Fa "int len" +.Fc +.Sh DESCRIPTION +.Fn BIO_s_mem +returns the memory BIO method function. +.Pp +A memory BIO is a source/sink BIO which uses memory for its I/O. +Data written to a memory BIO is stored in a +.Vt BUF_MEM +structure which is extended as appropriate to accommodate the stored data. +.Pp +Any data written to a memory BIO can be recalled by reading from it. +Unless the memory BIO is read only, +any data read from it is deleted from the BIO. +.Pp +Memory BIOs support +.Xr BIO_gets 3 +and +.Xr BIO_puts 3 . +.Pp +If the +.Dv BIO_CLOSE +flag is set when a memory BIO is freed, the underlying +.Dv BUF_MEM +structure is also freed. +.Pp +Calling +.Xr BIO_reset 3 +on a read/write memory BIO clears any data in it. +On a read only BIO it restores the BIO to its original state +and the read only data can be read again. +.Pp +.Xr BIO_eof 3 +is true if no data is in the BIO. +.Pp +.Xr BIO_ctrl_pending 3 +returns the number of bytes currently stored. +.Pp +.Fn BIO_set_mem_eof_return +sets the behaviour of memory BIO +.Fa b +when it is empty. +If +.Fa v +is zero, then an empty memory BIO will return EOF: +it will return zero and +.Fn BIO_should_retry +will be false. +If +.Fa v +is non-zero then it will return +.Fa v +when it is empty and it will set the read retry flag: +.Fn BIO_read_retry +is true. +To avoid ambiguity with a normal positive return value +.Fa v +should be set to a negative value, typically -1. +.Pp +.Fn BIO_get_mem_data +sets +.Pf * Fa pp +to a pointer to the start of the memory BIO's data +and returns the total amount of data available. +It is implemented as a macro. +.Pp +.Fn BIO_set_mem_buf +sets the internal BUF_MEM structure to +.Fa bm +and sets the close flag to +.Fa c . +That is, +.Fa c +should be either +.Dv BIO_CLOSE +or +.Dv BIO_NOCLOSE . +.Fn BIO_set_mem_buf +is a macro. +.Pp +.Fn BIO_get_mem_ptr +places the underlying +.Vt BUF_MEM +structure in +.Pf * Fa pp . +It is a macro. +.Pp +.Fn BIO_new_mem_buf +creates a memory BIO using +.Fa len +bytes of data at +.Fa buf . +If +.Fa len +is -1, then +.Fa buf +is assumed to be NUL terminated and its length is determined by +.Xr strlen 3 . +The BIO is set to a read only state and as a result cannot be written to. +This is useful when some data needs to be made available +from a static area of memory in the form of a BIO. +The supplied data is read directly from the supplied buffer: +it is +.Em not +copied first, so the supplied area of memory must be unchanged +until the BIO is freed. +.Pp +Writes to memory BIOs will always succeed if memory is available: +their size can grow indefinitely. +.Pp +Every read from a read/write memory BIO will remove the data just read +with an internal copy operation. +If a BIO contains a lot of data and it is read in small chunks, +the operation can be very slow. +The use of a read only memory BIO avoids this problem. +If the BIO must be read/write then adding a buffering BIO +to the chain will speed up the process. +.Sh RETURN VALUES +.Fn BIO_s_mem +returns a pointer to a static object. +.Pp +.Fn BIO_set_mem_eof_return , +.Fn BIO_get_mem_data , +.Fn BIO_set_mem_buf , +and +.Fn BIO_get_mem_ptr +return 1 on success or a value less than or equal to 0 if an error occurred. +.Pp +.Fn BIO_new_mem_buf +returns a newly allocated +.Vt BIO +object on success or +.Dv NULL +on error. +.Sh EXAMPLES +Create a memory BIO and write some data to it: +.Bd -literal -offset indent +BIO *mem = BIO_new(BIO_s_mem()); +BIO_puts(mem, "Hello World\en"); +.Ed +.Pp +Create a read only memory BIO: +.Bd -literal -offset indent +char data[] = "Hello World"; +BIO *mem; +mem = BIO_new_mem_buf(data, -1); +.Ed +.Pp +Extract the +.Vt BUF_MEM +structure from a memory BIO and then free up the BIO: +.Bd -literal -offset indent +BUF_MEM *bptr; +BIO_get_mem_ptr(mem, &bptr); +/* Make sure BIO_free() leaves BUF_MEM alone. */ +BIO_set_close(mem, BIO_NOCLOSE); +BIO_free(mem); +.Ed +.Sh SEE ALSO +.Xr BIO_new 3 +.Sh HISTORY +.Fn BIO_s_mem +first appeared in SSLeay 0.6.0. +.Fn BIO_set_mem_buf +and +.Fn BIO_get_mem_ptr +first appeared in SSLeay 0.6.5. +These functions have been available since +.Ox 2.4 . +.Pp +.Fn BIO_set_mem_eof_return +and +.Fn BIO_get_mem_data +first appeared in SSLeay 0.9.1 and have been available since +.Ox 2.6 . +.Pp +.Fn BIO_new_mem_buf +first appeared in OpenSSL 0.9.5 and has been available since +.Ox 2.7 . +.Sh BUGS +There should be an option to set the maximum size of a memory BIO. +.Pp +There should be a way to "rewind" a read/write BIO without destroying +its contents. +.Pp +The copying operation should not occur after every small read +of a large BIO to improve efficiency. diff --git a/src/lib/libcrypto/man/BIO_s_null.3 b/src/lib/libcrypto/man/BIO_s_null.3 new file mode 100644 index 00000000000..c991bd73570 --- /dev/null +++ b/src/lib/libcrypto/man/BIO_s_null.3 @@ -0,0 +1,88 @@ +.\" $OpenBSD: BIO_s_null.3,v 1.8 2018/05/01 17:05:05 schwarze Exp $ +.\" OpenSSL e117a890 Sep 14 12:14:41 2000 +0000 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: May 1 2018 $ +.Dt BIO_S_NULL 3 +.Os +.Sh NAME +.Nm BIO_s_null +.Nd null data sink +.Sh SYNOPSIS +.In openssl/bio.h +.Ft const BIO_METHOD * +.Fo BIO_s_null +.Fa void +.Fc +.Sh DESCRIPTION +.Fn BIO_s_null +returns the null sink BIO method. +Data written to the null sink is discarded, reads return EOF. +.Pp +A null sink BIO behaves in a similar manner to the +.Xr null 4 +device. +.Pp +A null BIO can be placed on the end of a chain to discard any data +passed through it. +.Pp +A null sink is useful if, for example, an application wishes +to digest some data by writing through a digest bio +but not send the digested data anywhere. +Since a BIO chain must normally include a source/sink BIO, +this can be achieved by adding a null sink BIO to the end of the chain. +.Sh RETURN VALUES +.Fn BIO_s_null +returns the null sink BIO method. +.Sh SEE ALSO +.Xr BIO_new 3 +.Sh HISTORY +.Fn BIO_s_null +first appeared in SSLeay 0.6.0 and has been available since +.Ox 2.4 . diff --git a/src/lib/libcrypto/man/BIO_s_socket.3 b/src/lib/libcrypto/man/BIO_s_socket.3 new file mode 100644 index 00000000000..63ab1deb4b7 --- /dev/null +++ b/src/lib/libcrypto/man/BIO_s_socket.3 @@ -0,0 +1,116 @@ +.\" $OpenBSD: BIO_s_socket.3,v 1.9 2018/05/01 17:05:05 schwarze Exp $ +.\" OpenSSL bbdc9c98 Oct 19 22:02:21 2000 +0000 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: May 1 2018 $ +.Dt BIO_S_SOCKET 3 +.Os +.Sh NAME +.Nm BIO_s_socket , +.Nm BIO_new_socket +.Nd socket BIO +.Sh SYNOPSIS +.In openssl/bio.h +.Ft const BIO_METHOD * +.Fo BIO_s_socket +.Fa void +.Fc +.Ft BIO * +.Fo BIO_new_socket +.Fa "int sock" +.Fa "int close_flag" +.Fc +.Sh DESCRIPTION +.Fn BIO_s_socket +returns the socket BIO method. +This is a wrapper around the platform's socket routines. +.Pp +.Xr BIO_read 3 +and +.Xr BIO_write 3 +read or write the underlying socket. +.Xr BIO_puts 3 +is supported but +.Xr BIO_gets 3 +is not. +.Pp +If the close flag is set, then the socket is shut down and closed +when the BIO is freed. +.Pp +.Fn BIO_new_socket +returns a socket BIO using +.Fa sock +and +.Fa close_flag . +.Pp +Socket BIOs also support any relevant functionality of file descriptor BIOs. +.Pp +The reason for having separate file descriptor and socket BIOs +is that on some platforms, sockets are not file descriptors +and use distinct I/O routines. +Windows is one such platform. +Any code mixing the two will not work on all platforms. +.Sh RETURN VALUES +.Fn BIO_s_socket +returns the socket BIO method. +.Pp +.Fn BIO_new_socket +returns the newly allocated BIO or +.Dv NULL +if an error occurred. +.Sh SEE ALSO +.Xr BIO_get_fd 3 , +.Xr BIO_new 3 +.Sh HISTORY +.Fn BIO_s_socket +first appeared in SSLeay 0.6.0. +.Fn BIO_new_socket +first appeared in SSLeay 0.8.0. +Both functions have been available since +.Ox 2.4 . diff --git a/src/lib/libcrypto/man/BIO_set_callback.3 b/src/lib/libcrypto/man/BIO_set_callback.3 new file mode 100644 index 00000000000..34b7c07a9f4 --- /dev/null +++ b/src/lib/libcrypto/man/BIO_set_callback.3 @@ -0,0 +1,269 @@ +.\" $OpenBSD: BIO_set_callback.3,v 1.9 2018/03/29 20:42:17 schwarze Exp $ +.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" selective merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800 +.\" +.\" This file is a derived work. +.\" The changes are covered by the following Copyright and license: +.\" +.\" Copyright (c) 2018 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" The original file was written by Dr. Stephen Henson . +.\" Copyright (c) 2000, 2016, 2017 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 29 2018 $ +.Dt BIO_SET_CALLBACK 3 +.Os +.Sh NAME +.Nm BIO_set_callback , +.Nm BIO_get_callback , +.Nm BIO_set_callback_arg , +.Nm BIO_get_callback_arg , +.Nm BIO_debug_callback +.Nd BIO callback functions +.Sh SYNOPSIS +.In openssl/bio.h +.Ft void +.Fo BIO_set_callback +.Fa "BIO *b" +.Fa "BIO_callback_fn cb" +.Fc +.Ft BIO_callback_fn +.Fo BIO_get_callback +.Fa "BIO *b" +.Fc +.Ft void +.Fo BIO_set_callback_arg +.Fa "BIO *b" +.Fa "char *arg" +.Fc +.Ft char * +.Fo BIO_get_callback_arg +.Fa "const BIO *b" +.Fc +.Ft long +.Fo BIO_debug_callback +.Fa "BIO *bio" +.Fa "int oper" +.Fa "const char *argp" +.Fa "int argi" +.Fa "long argl" +.Fa "long ret" +.Fc +.Ft typedef long +.Fo "(*BIO_callback_fn)" +.Fa "BIO *b" +.Fa "int oper" +.Fa "const char *argp" +.Fa "int argi" +.Fa "long argl" +.Fa "long ret" +.Fc +.Sh DESCRIPTION +.Fn BIO_set_callback +and +.Fn BIO_get_callback +set and retrieve the BIO callback. +The callback is called during most high level BIO operations. +It can be used for debugging purposes to trace operations on a BIO +or to modify its operation. +.Pp +.Fn BIO_set_callback_arg +and +.Fn BIO_get_callback_arg +set and retrieve an argument for use in the callback. +.Pp +.Fn BIO_debug_callback +is a standard debugging callback which prints +out information relating to each BIO operation. +If the callback argument is set, it is interpreted as a BIO +to send the information to, otherwise stderr is used. +.Pp +.Fn BIO_callback_fn +is the type of the callback function. +The meaning of each argument is described below. +.Pp +The BIO the callback is attached to is passed in +.Fa b . +.Pp +.Fa oper +is set to the operation being performed. +For some operations the callback is called twice, +once before and once after the actual operation. +The latter case has +.Fa oper +or'ed with +.Dv BIO_CB_RETURN . +.Pp +The meaning of the arguments +.Fa argp , +.Fa argi +and +.Fa argl +depends on the value of +.Fa oper +(i.e. the operation being performed). +.Pp +When +.Fa oper +does not include +.Dv BIO_CB_RETURN , +i.e. when the callback is invoked before an operation, +the value passed into the callback via +.Fa ret +is always 1. +In this case, if the callback returns a negative value, the library +aborts the requested operation and instead returns the negative +return value from the callback to the application. +If the callback returns a non-negative value, that return value is +ignored by the library, and the operation is performed normally. +.Pp +When +.Fa oper +includes +.Dv BIO_CB_RETURN , +i.e. when the callback is invoked after an operation, +the value passed into the callback via +.Fa ret +is the return value that the operation would return to the application +if no callback were present. +When a callback is present, the operation only passes this value +to the callback and instead of it returns the return value of the +callback to the application. +.Pp +The callback should normally simply return +.Fa ret +when it has finished processing, unless it specifically wishes to +abort the operation or to modify the value returned to the application. +.Ss Callback operations +.Bl -tag -width Ds +.It Fn BIO_free b +.Fn callback b BIO_CB_FREE NULL 0L 0L 1L +is called before the free operation. +.It Fn BIO_read b out outl +.Fn callback b BIO_CB_READ out outl 0L 1L +is called before the read and +.Fn callback b BIO_CB_READ|BIO_CB_RETURN out outl 0L ret +after. +.It Fn BIO_write b in inl +.Fn callback b BIO_CB_WRITE in inl 0L 1L +is called before the write and +.Fn callback b BIO_CB_WRITE|BIO_CB_RETURN in inl 0L ret +after. +.It Fn BIO_gets b out outl +.Fn callback b BIO_CB_GETS out outl 0L 1L +is called before the operation and +.Fn callback b BIO_CB_GETS|BIO_CB_RETURN out outl 0L ret +after. +.It Fn BIO_puts b in +.Fn callback b BIO_CB_PUTS in 0 0L 1L +is called before the operation and +.Fn callback b BIO_CB_PUTS|BIO_CB_RETURN in 0 0L ret +after. +.It Fn BIO_ctrl b oper larg parg +.Fn callback b BIO_CB_CTRL parg oper larg 1L +is called before the call and +.Fn callback b BIO_CB_CTRL|BIO_CB_RETURN parg oper larg ret +after. +.El +.Sh RETURN VALUES +.Fn BIO_get_callback +returns a pointer to the function +.Fa cb +previously installed with +.Fn BIO_set_callback , +or +.Dv NULL +if no callback was installed. +.Pp +.Fn BIO_get_callback_arg +returns a pointer to the +.Fa arg +previously set with +.Fn BIO_set_callback_arg , +or +.Dv NULL +if no such argument was set. +.Pp +.Fn BIO_debug_callback +returns +.Fa ret +if the bit +.Dv BIO_CB_RETURN +is set in +.Fa cmd , +or 1 otherwise. +.Sh EXAMPLES +The +.Fn BIO_debug_callback +function is a good example. +Its source is in the file +.Pa crypto/bio/bio_cb.c . +.Sh SEE ALSO +.Xr BIO_new 3 +.Sh HISTORY +.Fn BIO_set_callback , +.Fn BIO_get_callback , +.Fn BIO_set_callback_arg , +and +.Fn BIO_debug_callback +first appeared in SSLeay 0.6.0. +.Fn BIO_get_callback_arg +first appeared in SSLeay 0.8.0. +All these functions have been available since +.Ox 2.4 . diff --git a/src/lib/libcrypto/man/BIO_should_retry.3 b/src/lib/libcrypto/man/BIO_should_retry.3 new file mode 100644 index 00000000000..43b19b89e1c --- /dev/null +++ b/src/lib/libcrypto/man/BIO_should_retry.3 @@ -0,0 +1,236 @@ +.\" $OpenBSD: BIO_should_retry.3,v 1.9 2018/12/19 21:12:58 schwarze Exp $ +.\" full merge up to: OpenSSL 60e24554 Apr 6 14:45:18 2010 +0000 +.\" selective merge up to: OpenSSL 57fd5170 May 13 11:24:11 2018 +0200 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2000, 2010, 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: December 19 2018 $ +.Dt BIO_SHOULD_RETRY 3 +.Os +.Sh NAME +.Nm BIO_should_read , +.Nm BIO_should_write , +.Nm BIO_should_io_special , +.Nm BIO_retry_type , +.Nm BIO_should_retry , +.Nm BIO_get_retry_BIO , +.Nm BIO_get_retry_reason +.Nd BIO retry functions +.Sh SYNOPSIS +.In openssl/bio.h +.Ft int +.Fo BIO_should_read +.Fa "BIO *b" +.Fc +.Ft int +.Fo BIO_should_write +.Fa "BIO *b" +.Fc +.Ft int +.Fo BIO_should_io_special +.Fa "BIO *b" +.Fc +.Ft int +.Fo BIO_retry_type +.Fa "BIO *b" +.Fc +.Ft int +.Fo BIO_should_retry +.Fa "BIO *b" +.Fc +.Fd #define BIO_FLAGS_READ 0x01 +.Fd #define BIO_FLAGS_WRITE 0x02 +.Fd #define BIO_FLAGS_IO_SPECIAL 0x04 +.Fd #define BIO_FLAGS_RWS \e +.Fd \& (BIO_FLAGS_READ|BIO_FLAGS_WRITE|BIO_FLAGS_IO_SPECIAL) +.Fd #define BIO_FLAGS_SHOULD_RETRY 0x08 +.Ft BIO * +.Fo BIO_get_retry_BIO +.Fa "BIO *bio" +.Fa "int *reason" +.Fc +.Ft int +.Fo BIO_get_retry_reason +.Fa "BIO *bio" +.Fc +.Sh DESCRIPTION +These functions determine why a BIO is not able to read or write data. +They will typically be called after a failed +.Xr BIO_read 3 +or +.Xr BIO_write 3 +call. +.Pp +.Fn BIO_should_retry +returns 1 if the call that produced this condition should be retried +at a later time, or 0 if an error occurred. +.Pp +.Fn BIO_should_read +returns 1 if the cause of the retry condition is that a BIO needs +to read data, or 0 otherwise. +.Pp +.Fn BIO_should_write +returns 1 if the cause of the retry condition is that a BIO needs +to write data, or 0 otherwise. +.Pp +.Fn BIO_should_io_special +returns 1 if some special condition (i.e. a reason other than reading +or writing) is the cause of the retry condition, or 0 otherwise. +.Pp +.Fn BIO_retry_type +returns the bitwise OR of one or more of the flags +.Dv BIO_FLAGS_READ , +.Dv BIO_FLAGS_WRITE , +and +.Dv BIO_FLAGS_IO_SPECIAL +representing the cause of the current retry condition, +or 0 if there is no retry condition. +Current BIO types only set one of the flags at a time. +.Pp +.Fn BIO_get_retry_BIO +determines the precise reason for the special condition. +It returns the BIO that caused this condition and if +.Fa reason +is not +.Dv NULL +it contains the reason code. +The meaning of the reason code and the action that should be taken +depends on the type of BIO that resulted in this condition. +.Pp +.Fn BIO_get_retry_reason +returns the reason for a special condition +if passed the relevant BIO, for example as returned by +.Fn BIO_get_retry_BIO . +.Pp +.Fn BIO_should_retry , +.Fn BIO_should_read , +.Fn BIO_should_write , +.Fn BIO_should_io_special , +and +.Fn BIO_retry_type +are implemented as macros. +.Pp +If +.Fn BIO_should_retry +returns false, then the precise "error condition" depends on +the BIO type that caused it and the return code of the BIO operation. +For example if a call to +.Xr BIO_read 3 +on a socket BIO returns 0 and +.Fn BIO_should_retry +is false, then the cause will be that the connection closed. +A similar condition on a file BIO will mean that it has reached EOF. +Some BIO types may place additional information on the error queue. +For more details see the individual BIO type manual pages. +.Pp +If the underlying I/O structure is in a blocking mode, +almost all current BIO types will not request a retry, +because the underlying I/O calls will not. +If the application knows that the BIO type will never +signal a retry then it need not call +.Fn BIO_should_retry +after a failed BIO I/O call. +This is typically done with file BIOs. +.Pp +SSL BIOs are the only current exception to this rule: +they can request a retry even if the underlying I/O structure +is blocking, if a handshake occurs during a call to +.Xr BIO_read 3 . +An application can retry the failed call immediately +or avoid this situation by setting +.Dv SSL_MODE_AUTO_RETRY +on the underlying SSL structure. +.Pp +While an application may retry a failed non-blocking call immediately, +this is likely to be very inefficient because the call will fail +repeatedly until data can be processed or is available. +An application will normally wait until the necessary condition +is satisfied. +How this is done depends on the underlying I/O structure. +.Pp +For example if the cause is ultimately a socket and +.Fn BIO_should_read +is true then a call to +.Xr select 2 +may be made to wait until data is available +and then retry the BIO operation. +By combining the retry conditions of several non-blocking BIOs in a single +.Xr select 2 +call it is possible to service several BIOs in a single thread, +though the performance may be poor if SSL BIOs are present because +long delays can occur during the initial handshake process. +.Pp +It is possible for a BIO to block indefinitely if the underlying I/O +structure cannot process or return any data. +This depends on the behaviour of the platforms I/O functions. +This is often not desirable: one solution is to use non-blocking I/O +and use a timeout on the +.Xr select 2 +(or equivalent) call. +.Sh SEE ALSO +.Xr BIO_new 3 , +.Xr BIO_read 3 +.Sh HISTORY +.Fn BIO_should_read , +.Fn BIO_should_write , +.Fn BIO_retry_type , +and +.Fn BIO_should_retry +first appeared in SSLeay 0.6.0. +.Fn BIO_should_io_special , +.Fn BIO_get_retry_BIO , +and +.Fn BIO_get_retry_reason +first appeared in SSLeay 0.8.0. +All these functions have been available since +.Ox 2.4 . +.Sh BUGS +The OpenSSL ASN.1 functions cannot gracefully deal with non-blocking I/O: +they cannot retry after a partial read or write. +This is usually worked around by only passing the relevant data to ASN.1 +functions when the entire structure can be read or written. diff --git a/src/lib/libcrypto/man/BN_BLINDING_new.3 b/src/lib/libcrypto/man/BN_BLINDING_new.3 new file mode 100644 index 00000000000..04c5cfa351a --- /dev/null +++ b/src/lib/libcrypto/man/BN_BLINDING_new.3 @@ -0,0 +1,331 @@ +.\" $OpenBSD: BN_BLINDING_new.3,v 1.10 2018/03/23 23:18:17 schwarze Exp $ +.\" OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400 +.\" +.\" This file was written by Nils Larsch . +.\" Copyright (c) 2005, 2008, 2013, 2015 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt BN_BLINDING_NEW 3 +.Os +.Sh NAME +.Nm BN_BLINDING_new , +.Nm BN_BLINDING_free , +.Nm BN_BLINDING_update , +.Nm BN_BLINDING_convert , +.Nm BN_BLINDING_invert , +.Nm BN_BLINDING_convert_ex , +.Nm BN_BLINDING_invert_ex , +.Nm BN_BLINDING_get_thread_id , +.Nm BN_BLINDING_set_thread_id , +.Nm BN_BLINDING_thread_id , +.Nm BN_BLINDING_get_flags , +.Nm BN_BLINDING_set_flags , +.Nm BN_BLINDING_create_param +.Nd blinding related BIGNUM functions +.Sh SYNOPSIS +.In openssl/bn.h +.Ft BN_BLINDING * +.Fo BN_BLINDING_new +.Fa "const BIGNUM *A" +.Fa "const BIGNUM *Ai" +.Fa "BIGNUM *mod" +.Fc +.Ft void +.Fo BN_BLINDING_free +.Fa "BN_BLINDING *b" +.Fc +.Ft int +.Fo BN_BLINDING_update +.Fa "BN_BLINDING *b" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo BN_BLINDING_convert +.Fa "BIGNUM *n" +.Fa "BN_BLINDING *b" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo BN_BLINDING_invert +.Fa "BIGNUM *n" +.Fa "BN_BLINDING *b" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo BN_BLINDING_convert_ex +.Fa "BIGNUM *n" +.Fa "BIGNUM *r" +.Fa "BN_BLINDING *b" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo BN_BLINDING_invert_ex +.Fa "BIGNUM *n" +.Fa "const BIGNUM *r" +.Fa "BN_BLINDING *b" +.Fa "BN_CTX *ctx" +.Fc +.Fd #ifndef OPENSSL_NO_DEPRECATED +.Ft unsigned long +.Fo BN_BLINDING_get_thread_id +.Fa "const BN_BLINDING *" +.Fc +.Ft void +.Fo BN_BLINDING_set_thread_id +.Fa "BN_BLINDING *" +.Fa "unsigned long" +.Fc +.Fd #endif +.Ft CRYPTO_THREADID * +.Fo BN_BLINDING_thread_id +.Fa "BN_BLINDING *" +.Fc +.Ft unsigned long +.Fo BN_BLINDING_get_flags +.Fa "const BN_BLINDING *" +.Fc +.Ft void +.Fo BN_BLINDING_set_flags +.Fa "BN_BLINDING *" +.Fa "unsigned long" +.Fc +.Ft BN_BLINDING * +.Fo BN_BLINDING_create_param +.Fa "BN_BLINDING *b" +.Fa "const BIGNUM *e" +.Fa "BIGNUM *m" +.Fa "BN_CTX *ctx" +.Fa "int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,\ + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)" +.Fa "BN_MONT_CTX *m_ctx" +.Fc +.Sh DESCRIPTION +.Fn BN_BLINDING_new +allocates a new +.Vt BN_BLINDING +structure and copies the +.Fa A +and +.Fa \&Ai +values into the newly created +.Vt BN_BLINDING +object. +.Pp +.Fn BN_BLINDING_free +frees the +.Vt BN_BLINDING +structure. +If +.Fa b +is a +.Dv NULL +pointer, no action occurs. +.Pp +.Fn BN_BLINDING_update +updates the +.Vt BN_BLINDING +parameters by squaring the +.Fa A +and +.Fa \&Ai +or, after a specific number of uses and if the necessary parameters are +set, by re-creating the blinding parameters. +.Pp +.Fn BN_BLINDING_convert_ex +multiplies +.Fa n +with the blinding factor +.Fa A . +If +.Fa r +is not +.Dv NULL , +a copy of the inverse blinding factor +.Fa \&Ai +will be returned in +.Fa r +(this is useful if an +.Vt RSA +object is shared among several threads). +.Fn BN_BLINDING_invert_ex +multiplies +.Fa n +with the inverse blinding factor +.Fa \&Ai . +If +.Fa r +is not +.Dv NULL , +it will be used as the inverse blinding. +.Pp +.Fn BN_BLINDING_convert +and +.Fn BN_BLINDING_invert +are wrapper functions for +.Fn BN_BLINDING_convert_ex +and +.Fn BN_BLINDING_invert_ex +with +.Fa r +set to +.Dv NULL . +.Pp +.Fn BN_BLINDING_thread_id +provides access to the +.Vt CRYPTO_THREADID +object within the +.Vt BN_BLINDING +structure. +This is to help users provide proper locking if needed for +multi-threaded use. +The thread ID object of a newly allocated +.Vt BN_BLINDING +structure is initialised to the thread ID in which +.Fn BN_BLINDING_new +was called. +.Pp +.Fn BN_BLINDING_get_flags +returns the +.Dv BN_BLINDING_* +flags. +Currently there are two supported flags: +.Dv BN_BLINDING_NO_UPDATE +and +.Dv BN_BLINDING_NO_RECREATE . +.Dv BN_BLINDING_NO_UPDATE +inhibits the automatic update of the +.Vt BN_BLINDING +parameters after each use and +.Dv BN_BLINDING_NO_RECREATE +inhibits the automatic re-creation of the +.Vt BN_BLINDING +parameters after a fixed number of uses (currently 32). +In newly allocated +.Vt BN_BLINDING +objects no flags are set. +.Fn BN_BLINDING_set_flags +sets the +.Dv BN_BLINDING_* +parameters flags. +.Pp +.Fn BN_BLINDING_create_param +creates new +.Vt BN_BLINDING +parameters using the exponent +.Fa e +and the modulus +.Fa m . +.Fa bn_mod_exp +and +.Fa m_ctx +can be used to pass special functions for exponentiation (normally +.Xr BN_mod_exp 3 +and +.Vt BN_MONT_CTX ) . +.Sh RETURN VALUES +.Fn BN_BLINDING_new +returns the newly allocated +.Vt BN_BLINDING +structure or +.Dv NULL +in case of an error. +.Pp +.Fn BN_BLINDING_update , +.Fn BN_BLINDING_convert , +.Fn BN_BLINDING_invert , +.Fn BN_BLINDING_convert_ex +and +.Fn BN_BLINDING_invert_ex +return 1 on success and 0 if an error occurred. +.Pp +.Fn BN_BLINDING_thread_id +returns a pointer to the thread ID object within a +.Vt BN_BLINDING +object. +.Pp +.Fn BN_BLINDING_get_flags +returns the currently set +.Dv BN_BLINDING_* +flags (an +.Vt unsigned long +value). +.Pp +.Fn BN_BLINDING_create_param +returns the newly created +.Vt BN_BLINDING +parameters or +.Dv NULL +on error. +.Sh SEE ALSO +.Xr BN_new 3 +.Sh HISTORY +.Fn BN_BLINDING_new , +.Fn BN_BLINDING_free , +.Fn BN_BLINDING_update , +.Fn BN_BLINDING_convert , +and +.Fn BN_BLINDING_invert +first appeared in SSLeay 0.9.0 and have been available since +.Ox 2.4 . +.Pp +.Fn BN_BLINDING_convert_ex , +.Fn BN_BLINDIND_invert_ex , +.Fn BN_BLINDING_get_thread_id , +.Fn BN_BLINDING_set_thread_id , +.Fn BN_BLINDING_get_flags , +.Fn BN_BLINDING_set_flags , +and +.Fn BN_BLINDING_create_param +first appeared in OpenSSL 0.9.8 and have been available since +.Ox 4.5 . +.Pp +.Fn BN_BLINDING_thread_id +first appeared in OpenSSL 1.0.0 and has been available since +.Ox 4.9 . +.Sh AUTHORS +.An Nils Larsch Aq Mt nils@openssl.org diff --git a/src/lib/libcrypto/man/BN_CTX_new.3 b/src/lib/libcrypto/man/BN_CTX_new.3 new file mode 100644 index 00000000000..1d5fb0a3966 --- /dev/null +++ b/src/lib/libcrypto/man/BN_CTX_new.3 @@ -0,0 +1,144 @@ +.\" $OpenBSD: BN_CTX_new.3,v 1.8 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL aafbe1cc Jun 12 23:42:08 2013 +0100 +.\" +.\" This file was written by Ulf Moeller . +.\" Copyright (c) 2000, 2013 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt BN_CTX_NEW 3 +.Os +.Sh NAME +.Nm BN_CTX_new , +.Nm BN_CTX_free , +.Nm BN_CTX_init +.Nd allocate and free BN_CTX structures +.Sh SYNOPSIS +.In openssl/bn.h +.Ft BN_CTX * +.Fo BN_CTX_new +.Fa void +.Fc +.Ft void +.Fo BN_CTX_free +.Fa "BN_CTX *c" +.Fc +.Pp +Deprecated: +.Pp +.Ft void +.Fo BN_CTX_init +.Fa "BN_CTX *c" +.Fc +.Sh DESCRIPTION +A +.Vt BN_CTX +is a structure that holds +.Vt BIGNUM +temporary variables used by library functions. +Since dynamic memory allocation to create +.Vt BIGNUM Ns s +is rather expensive when used in conjunction with repeated subroutine +calls, the +.Vt BN_CTX +structure is used. +.Pp +.Fn BN_CTX_new +allocates and initializes a +.Vt BN_CTX +structure. +.Pp +.Fn BN_CTX_free +frees the components of the +.Vt BN_CTX +and, if it was created by +.Fn BN_CTX_new , +also the structure itself. +If +.Xr BN_CTX_start 3 +has been used on the +.Vt BN_CTX , +.Xr BN_CTX_end 3 +must be called before the +.Vt BN_CTX +may be freed by +.Fn BN_CTX_free . +If +.Fa c +is a +.Dv NULL +pointer, no action occurs. +.Pp +.Fn BN_CTX_init +(deprecated) initializes an existing uninitialized +.Vt BN_CTX . +This should not be used for new programs. +Use +.Fn BN_CTX_new +instead. +.Sh RETURN VALUES +.Fn BN_CTX_new +returns a pointer to the +.Vt BN_CTX . +If the allocation fails, it returns +.Dv NULL +and sets an error code that can be obtained by +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr BN_add 3 , +.Xr BN_CTX_start 3 , +.Xr BN_new 3 , +.Xr ERR_get_error 3 +.Sh HISTORY +.Fn BN_CTX_new +and +.Fn BN_CTX_free +first appeared in SSLeay 0.5.1 and have been available since +.Ox 2.4 . +.Pp +.Fn BN_CTX_init +first appeared in SSLeay 0.9.1 and has been available since +.Ox 2.6 . diff --git a/src/lib/libcrypto/man/BN_CTX_start.3 b/src/lib/libcrypto/man/BN_CTX_start.3 new file mode 100644 index 00000000000..f4f10b8b0cf --- /dev/null +++ b/src/lib/libcrypto/man/BN_CTX_start.3 @@ -0,0 +1,132 @@ +.\" $OpenBSD: BN_CTX_start.3,v 1.7 2018/03/22 16:06:33 schwarze Exp $ +.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" +.\" This file was written by Ulf Moeller . +.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 22 2018 $ +.Dt BN_CTX_START 3 +.Os +.Sh NAME +.Nm BN_CTX_start , +.Nm BN_CTX_get , +.Nm BN_CTX_end +.Nd use temporary BIGNUM variables +.Sh SYNOPSIS +.In openssl/bn.h +.Ft void +.Fo BN_CTX_start +.Fa "BN_CTX *ctx" +.Fc +.Ft BIGNUM * +.Fo BN_CTX_get +.Fa "BN_CTX *ctx" +.Fc +.Ft void +.Fo BN_CTX_end +.Fa "BN_CTX *ctx" +.Fc +.Sh DESCRIPTION +These functions are used to obtain temporary +.Vt BIGNUM +variables from a +.Vt BN_CTX +(which can be created using +.Xr BN_CTX_new 3 ) +in order to save the overhead of repeatedly creating and freeing +.Vt BIGNUM Ns s +in functions that are called from inside a loop. +.Pp +A function must call +.Fn BN_CTX_start +first. +Then, +.Fn BN_CTX_get +may be called repeatedly to obtain temporary +.Vt BIGNUM Ns s . +All +.Fn BN_CTX_get +calls must be made before calling any other functions that use the +.Fa ctx +as an argument. +.Pp +Finally, +.Fn BN_CTX_end +must be called before returning from the function. +When +.Fn BN_CTX_end +is called, the +.Vt BIGNUM +pointers obtained from +.Fn BN_CTX_get +become invalid. +.Sh RETURN VALUES +.Fn BN_CTX_get +returns a pointer to the +.Vt BIGNUM , +or +.Dv NULL +on error. +Once +.Fn BN_CTX_get +has failed, the subsequent calls will return +.Dv NULL +as well, so it is sufficient to check the return value of the last +.Fn BN_CTX_get +call. +In case of an error, an error code is set which can be obtained by +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr BN_CTX_new 3 , +.Xr BN_new 3 +.Sh HISTORY +.Fn BN_CTX_start , +.Fn BN_CTX_get , +and +.Fn BN_CTX_end +first appeared in OpenSSL 0.9.5 and have been available since +.Ox 2.7 . diff --git a/src/lib/libcrypto/man/BN_add.3 b/src/lib/libcrypto/man/BN_add.3 new file mode 100644 index 00000000000..8a11d7c0804 --- /dev/null +++ b/src/lib/libcrypto/man/BN_add.3 @@ -0,0 +1,466 @@ +.\" $OpenBSD: BN_add.3,v 1.13 2018/04/29 15:58:21 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Ulf Moeller +.\" and Bodo Moeller . +.\" Copyright (c) 2000, 2001, 2015 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: April 29 2018 $ +.Dt BN_ADD 3 +.Os +.Sh NAME +.Nm BN_add , +.Nm BN_sub , +.Nm BN_mul , +.Nm BN_sqr , +.Nm BN_div , +.Nm BN_mod , +.Nm BN_nnmod , +.Nm BN_mod_add , +.Nm BN_mod_sub , +.Nm BN_mod_mul , +.Nm BN_mod_sqr , +.Nm BN_exp , +.Nm BN_mod_exp , +.\" The following are public, but intentionally undocumented for now: +.\" .Nm BN_mod_exp_mont_consttime , +.\" .Nm BN_mod_exp_mont , +.\" .Nm BN_mod_exp_mont_word , +.\" .Nm BN_mod_exp_recp , +.\" .Nm BN_mod_exp_simple , +.\" Maybe they should be deleted from . +.Nm BN_gcd +.Nd arithmetic operations on BIGNUMs +.Sh SYNOPSIS +.In openssl/bn.h +.Ft int +.Fo BN_add +.Fa "BIGNUM *r" +.Fa "const BIGNUM *a" +.Fa "const BIGNUM *b" +.Fc +.Ft int +.Fo BN_sub +.Fa "BIGNUM *r" +.Fa "const BIGNUM *a" +.Fa "const BIGNUM *b" +.Fc +.Ft int +.Fo BN_mul +.Fa "BIGNUM *r" +.Fa "BIGNUM *a" +.Fa "BIGNUM *b" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo BN_sqr +.Fa "BIGNUM *r" +.Fa "BIGNUM *a" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo BN_div +.Fa "BIGNUM *dv" +.Fa "BIGNUM *rem" +.Fa "const BIGNUM *a" +.Fa "const BIGNUM *d" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo BN_mod +.Fa "BIGNUM *rem" +.Fa "const BIGNUM *a" +.Fa "const BIGNUM *m" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo BN_nnmod +.Fa "BIGNUM *r" +.Fa "const BIGNUM *a" +.Fa "const BIGNUM *m" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo BN_mod_add +.Fa "BIGNUM *r" +.Fa "BIGNUM *a" +.Fa "BIGNUM *b" +.Fa "const BIGNUM *m" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo BN_mod_sub +.Fa "BIGNUM *r" +.Fa "BIGNUM *a" +.Fa "BIGNUM *b" +.Fa "const BIGNUM *m" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo BN_mod_mul +.Fa "BIGNUM *r" +.Fa "BIGNUM *a" +.Fa "BIGNUM *b" +.Fa "const BIGNUM *m" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo BN_mod_sqr +.Fa "BIGNUM *r" +.Fa "BIGNUM *a" +.Fa "const BIGNUM *m" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo BN_exp +.Fa "BIGNUM *r" +.Fa "BIGNUM *a" +.Fa "BIGNUM *p" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo BN_mod_exp +.Fa "BIGNUM *r" +.Fa "BIGNUM *a" +.Fa "const BIGNUM *p" +.Fa "const BIGNUM *m" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo BN_gcd +.Fa "BIGNUM *r" +.Fa "BIGNUM *a" +.Fa "BIGNUM *b" +.Fa "BN_CTX *ctx" +.Fc +.Sh DESCRIPTION +.Fn BN_add +adds +.Fa a +and +.Fa b +and places the result in +.Fa r +.Pq Li r=a+b . +.Fa r +may be the same +.Vt BIGNUM +as +.Fa a +or +.Fa b . +.Pp +.Fn BN_sub +subtracts +.Fa b +from +.Fa a +and places the result in +.Fa r +.Pq Li r=a-b . +.Fa r +may be the same +.Vt BIGNUM +as +.Fa a +or +.Fa b . +.Pp +.Fn BN_mul +multiplies +.Fa a +and +.Fa b +and places the result in +.Fa r +.Pq Li r=a*b . +.Fa r +may be the same +.Vt BIGNUM +as +.Fa a +or +.Fa b . +For multiplication by powers of 2, use +.Xr BN_lshift 3 . +.Pp +.Fn BN_sqr +takes the square of +.Fa a +and places the result in +.Fa r +.Pq Li r=a^2 . +.Fa r +and +.Fa a +may be the same +.Vt BIGNUM . +This function is faster than +.Fn BN_mul r a a . +.Pp +.Fn BN_div +divides +.Fa a +by +.Fa d +and places the result in +.Fa dv +and the remainder in +.Fa rem +.Pq Li dv=a/d , rem=a%d . +If the flag +.Dv BN_FLG_CONSTTIME +is set on +.Fa a +or +.Fa d , +it operates in constant time. +Either of +.Fa dv +and +.Fa rem +may be +.Dv NULL , +in which case the respective value is not returned. +The result is rounded towards zero; thus if +.Fa a +is negative, the remainder will be zero or negative. +For division by powers of 2, use +.Fn BN_rshift 3 . +.Pp +.Fn BN_mod +corresponds to +.Fn BN_div +with +.Fa dv +set to +.Dv NULL . +It is implemented as a macro. +.Pp +.Fn BN_nnmod +reduces +.Fa a +modulo +.Fa m +and places the non-negative remainder in +.Fa r . +.Pp +.Fn BN_mod_add +adds +.Fa a +to +.Fa b +modulo +.Fa m +and places the non-negative result in +.Fa r . +.Pp +.Fn BN_mod_sub +subtracts +.Fa b +from +.Fa a +modulo +.Fa m +and places the non-negative result in +.Fa r . +.Pp +.Fn BN_mod_mul +multiplies +.Fa a +by +.Fa b +and finds the non-negative remainder respective to modulus +.Fa m +.Pq Li r=(a*b)%m . +.Fa r +may be the same +.Vt BIGNUM +as +.Fa a +or +.Fa b . +For more efficient algorithms for repeated computations using the same +modulus, see +.Xr BN_mod_mul_montgomery 3 +and +.Xr BN_mod_mul_reciprocal 3 . +.Pp +.Fn BN_mod_sqr +takes the square of +.Fa a +modulo +.Fa m +and places the result in +.Fa r . +.Pp +.Fn BN_exp +raises +.Fa a +to the +.Fa p Ns -th +power and places the result in +.Fa r +.Pq Li r=a^p . +This function is faster than repeated applications of +.Fn BN_mul . +.Pp +.Fn BN_mod_exp +computes +.Fa a +to the +.Fa p Ns -th +power modulo +.Fa m +.Pq Li r=(a^p)%m . +If the flag +.Dv BN_FLG_CONSTTIME +is set on +.Fa p , +it operates in constant time. +This function uses less time and space than +.Fn BN_exp . +.Pp +.Fn BN_gcd +computes the greatest common divisor of +.Fa a +and +.Fa b +and places the result in +.Fa r . +.Fa r +may be the same +.Vt BIGNUM +as +.Fa a +or +.Fa b . +.Pp +For all functions, +.Fa ctx +is a previously allocated +.Vt BN_CTX +used for temporary variables; see +.Xr BN_CTX_new 3 . +.Pp +Unless noted otherwise, the result +.Vt BIGNUM +must be different from the arguments. +.Sh RETURN VALUES +For all functions, 1 is returned for success, 0 on error. +The return value should always be checked, for example: +.Pp +.Dl if (!BN_add(r,a,b)) goto err; +.Pp +The error codes can be obtained by +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr BN_add_word 3 , +.Xr BN_CTX_new 3 , +.Xr BN_new 3 , +.Xr BN_set_bit 3 , +.Xr BN_set_flags 3 , +.Xr BN_set_negative 3 +.Sh HISTORY +.Fn BN_add , +.Fn BN_sub , +.Fn BN_mul , +.Fn BN_sqr , +.Fn BN_div , +.Fn BN_mod , +.Fn BN_mod_mul , +.Fn BN_mod_exp , +and +.Fn BN_gcd +first appeared in SSLeay 0.5.1. +.Fn BN_exp +first appeared in SSLeay 0.9.0. +All these functions have been available since +.Ox 2.4 . +.Pp +The +.Fa ctx +argument to +.Fn BN_mul +was added in SSLeay 0.9.1 and +.Ox 2.6 . +.Pp +.Fn BN_nnmod , +.Fn BN_mod_add , +.Fn BN_mod_sub , +and +.Fn BN_mod_sqr +first appeared in OpenSSL 0.9.7 and have been available since +.Ox 3.2 . +.Sh BUGS +Even if the +.Dv BN_FLG_CONSTTIME +flag is set on +.Fa a +or +.Fa b , +.Fn BN_gcd +neither fails nor operates in constant time, potentially allowing +timing side-channel attacks. +.Pp +Even if the +.Dv BN_FLG_CONSTTIME +flag is set on +.Fa p , +if the modulus +.Fa m +is even, +.Fn BN_mod_exp +does not operate in constant time, potentially allowing +timing side-channel attacks. +.Pp +If +.Dv BN_FLG_CONSTTIME +is set on +.Fa p , +.Fn BN_exp +fails instead of operating in constant time. diff --git a/src/lib/libcrypto/man/BN_add_word.3 b/src/lib/libcrypto/man/BN_add_word.3 new file mode 100644 index 00000000000..cc5c682a2c2 --- /dev/null +++ b/src/lib/libcrypto/man/BN_add_word.3 @@ -0,0 +1,174 @@ +.\" $OpenBSD: BN_add_word.3,v 1.8 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Ulf Moeller . +.\" Copyright (c) 2000, 2005 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt BN_ADD_WORD 3 +.Os +.Sh NAME +.Nm BN_add_word , +.Nm BN_sub_word , +.Nm BN_mul_word , +.Nm BN_div_word , +.Nm BN_mod_word +.Nd arithmetic functions on BIGNUMs with integers +.Sh SYNOPSIS +.In openssl/bn.h +.Ft int +.Fo BN_add_word +.Fa "BIGNUM *a" +.Fa "BN_ULONG w" +.Fc +.Ft int +.Fo BN_sub_word +.Fa "BIGNUM *a" +.Fa "BN_ULONG w" +.Fc +.Ft int +.Fo BN_mul_word +.Fa "BIGNUM *a" +.Fa "BN_ULONG w" +.Fc +.Ft BN_ULONG +.Fo BN_div_word +.Fa "BIGNUM *a" +.Fa "BN_ULONG w" +.Fc +.Ft BN_ULONG +.Fo BN_mod_word +.Fa "const BIGNUM *a" +.Fa "BN_ULONG w" +.Fc +.Sh DESCRIPTION +These functions perform arithmetic operations on BIGNUMs with unsigned +integers. +They are much more efficient than the normal BIGNUM arithmetic +operations. +.Pp +.Fn BN_add_word +adds +.Fa w +to +.Fa a +.Pq Li a+=w . +.Pp +.Fn BN_sub_word +subtracts +.Fa w +from +.Fa a +.Pq Li a-=w . +.Pp +.Fn BN_mul_word +multiplies +.Fa a +and +.Fa w +.Pq Li a*=w . +.Pp +.Fn BN_div_word +divides +.Fa a +by +.Fa w +.Pq Li a/=w +and returns the remainder. +.Pp +.Fn BN_mod_word +returns the remainder of +.Fa a +divided by +.Fa w +.Pq Li a%w . +.Pp +For +.Fn BN_div_word +and +.Fn BN_mod_word , +.Fa w +must not be 0. +.Sh RETURN VALUES +.Fn BN_add_word , +.Fn BN_sub_word , +and +.Fn BN_mul_word +return 1 for success or 0 on error. +The error codes can be obtained by +.Xr ERR_get_error 3 . +.Pp +.Fn BN_mod_word +and +.Fn BN_div_word +return +.Fa a Ns % Ns Fa w +on success and +.Po Vt BN_ULONG Pc Ns -1 +if an error occurred. +.Sh SEE ALSO +.Xr BN_add 3 , +.Xr BN_new 3 , +.Xr ERR_get_error 3 +.Sh HISTORY +.Fn BN_add_word , +.Fn BN_div_word , +and +.Fn BN_mod_word +first appeared in SSLeay 0.5.1. +.Fn BN_sub_word +and +.Fn BN_mul_word +first appeared in SSLeay 0.9.0. +All these functions have been available since +.Ox 2.4 . +.Pp +Before 0.9.8a, the return value for +.Fn BN_div_word +and +.Fn BN_mod_word +in case of an error was 0. diff --git a/src/lib/libcrypto/man/BN_bn2bin.3 b/src/lib/libcrypto/man/BN_bn2bin.3 new file mode 100644 index 00000000000..ee05b052f4c --- /dev/null +++ b/src/lib/libcrypto/man/BN_bn2bin.3 @@ -0,0 +1,325 @@ +.\" $OpenBSD: BN_bn2bin.3,v 1.12 2018/12/19 21:53:53 schwarze Exp $ +.\" full merge up to: OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400 +.\" selective merge up to: OpenSSL 1212818e Sep 11 13:22:14 2018 +0100 +.\" +.\" This file was written by Ulf Moeller . +.\" Copyright (c) 2000, 2002, 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: December 19 2018 $ +.Dt BN_BN2BIN 3 +.Os +.Sh NAME +.Nm BN_bn2bin , +.Nm BN_bin2bn , +.Nm BN_bn2hex , +.Nm BN_bn2dec , +.Nm BN_hex2bn , +.Nm BN_dec2bn , +.Nm BN_asc2bn , +.Nm BN_print , +.Nm BN_print_fp , +.Nm BN_bn2mpi , +.Nm BN_mpi2bn +.Nd format conversions +.Sh SYNOPSIS +.In openssl/bn.h +.Ft int +.Fo BN_bn2bin +.Fa "const BIGNUM *a" +.Fa "unsigned char *to" +.Fc +.Ft BIGNUM * +.Fo BN_bin2bn +.Fa "const unsigned char *s" +.Fa "int len" +.Fa "BIGNUM *ret" +.Fc +.Ft char * +.Fo BN_bn2hex +.Fa "const BIGNUM *a" +.Fc +.Ft char * +.Fo BN_bn2dec +.Fa "const BIGNUM *a" +.Fc +.Ft int +.Fo BN_hex2bn +.Fa "BIGNUM **a" +.Fa "const char *str" +.Fc +.Ft int +.Fo BN_dec2bn +.Fa "BIGNUM **a" +.Fa "const char *str" +.Fc +.Ft int +.Fo BN_asc2bn +.Fa "BIGNUM **a" +.Fa "const char *str" +.Fc +.Ft int +.Fo BN_print +.Fa "BIO *fp" +.Fa "const BIGNUM *a" +.Fc +.Ft int +.Fo BN_print_fp +.Fa "FILE *fp" +.Fa "const BIGNUM *a" +.Fc +.Ft int +.Fo BN_bn2mpi +.Fa "const BIGNUM *a" +.Fa "unsigned char *to" +.Fc +.Ft BIGNUM * +.Fo BN_mpi2bn +.Fa "unsigned char *s" +.Fa "int len" +.Fa "BIGNUM *ret" +.Fc +.Sh DESCRIPTION +.Fn BN_bn2bin +converts the absolute value of +.Fa a +into big-endian form and stores it at +.Fa to . +.Fa to +must point to +.Fn BN_num_bytes a +bytes of memory. +.Pp +.Fn BN_bin2bn +converts the positive integer in big-endian form of length +.Fa len +at +.Fa s +into a +.Vt BIGNUM +and places it in +.Fa ret . +If +.Fa ret +is +.Dv NULL , +a new +.Vt BIGNUM +is created. +.Pp +.Fn BN_bn2hex +and +.Fn BN_bn2dec +return printable strings containing the hexadecimal and decimal encoding of +.Fa a +respectively. +For negative numbers, the string is prefaced with a leading minus sign. +The string must be freed later using +.Xr free 3 . +.Pp +.Fn BN_hex2bn +interprets +.Fa str +as a hexadecimal number. +The string may start with a minus sign +.Pq Sq - . +Conversion stops at the first byte that is not a hexadecimal digit. +The number is converted to a +.Vt BIGNUM +and stored in +.Pf * Fa a . +If +.Pf * Fa a +is +.Dv NULL , +a new +.Vt BIGNUM +is created. +If +.Fa a +is +.Dv NULL , +it only computes the number's length in hexadecimal digits, +also counting the leading minus sign if there is one. +A "negative zero" is converted to zero. +.Fn BN_dec2bn +is the same using the decimal system. +.Fn BN_asc2bn +infers the number base from an optional prefix. +If +.Fa str +starts with +.Qq 0x +or +.Qq 0X , +it calls +.Fn BN_hex2bn , +otherwise +.Fn BN_dec2bn . +If the number is negative, the minus sign can be given before or +after the prefix. +.Pp +.Fn BN_print +and +.Fn BN_print_fp +write the hexadecimal encoding of +.Fa a , +with a leading minus sign for negative numbers, to the +.Vt BIO +or +.Vt FILE +.Fa fp . +.Pp +.Fn BN_bn2mpi +and +.Fn BN_mpi2bn +convert +.Vt BIGNUM Ns s +from and to a format that consists of the number's length in bytes +represented as a 4-byte big-endian number, and the number itself in +big-endian format, where the most significant bit signals a negative +number (the representation of numbers with the MSB set is prefixed with +a NUL byte). +.Pp +.Fn BN_bn2mpi +stores the representation of +.Fa a +at +.Fa to , +where +.Fa to +must be large enough to hold the result. +The size can be determined by calling +.Fn BN_bn2mpi a NULL . +.Pp +.Fn BN_mpi2bn +converts the +.Fa len +bytes long representation at +.Fa s +to a +.Vt BIGNUM +and stores it at +.Fa ret , +or in a newly allocated +.Vt BIGNUM +if +.Fa ret +is +.Dv NULL . +.Sh RETURN VALUES +.Fn BN_bn2bin +returns the length of the big-endian number placed at +.Fa to . +.Fn BN_bin2bn +returns the +.Vt BIGNUM , +or +.Dv NULL +on error. +.Pp +.Fn BN_bn2hex +and +.Fn BN_bn2dec +return a NUL-terminated string, or +.Dv NULL +on error. +.Fn BN_hex2bn +and +.Fn BN_dec2bn +return the number's length in hexadecimal or decimal digits, +also counting the leading minus sign if there is one, +or 0 on error, in which case no new +.Vt BIGNUM +is created. +.Fn BN_asc2bn +returns 1 on success or 0 on error, in which case no new +.Vt BIGNUM +is created. +.Pp +.Fn BN_print_fp +and +.Fn BN_print +return 1 on success, 0 on write errors. +.Pp +.Fn BN_bn2mpi +returns the length of the representation. +.Fn BN_mpi2bn +returns the +.Vt BIGNUM , +or +.Dv NULL +on error. +.Pp +The error codes can be obtained by +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr BN_new 3 , +.Xr BN_num_bytes 3 , +.Xr BN_zero 3 , +.Xr ERR_get_error 3 +.Sh HISTORY +.Fn BN_bn2bin , +.Fn BN_bin2bn , +and +.Fn BN_print +first appeared in SSLeay 0.5.1. +.Fn BN_print_fp +first appeared in SSLeay 0.6.0. +.Fn BN_bn2hex , +.Fn BN_bn2dec , +.Fn BN_hex2bn , +.Fn BN_dec2bn , +.Fn BN_bn2mpi , +and +.Fn BN_mpi2bn +first appeared in SSLeay 0.9.0. +All these functions have been available since +.Ox 2.4 . +.Pp +.Fn BN_asc2bin +first appeared in OpenSSL 1.0.0 and has been available since +.Ox 4.9 . diff --git a/src/lib/libcrypto/man/BN_cmp.3 b/src/lib/libcrypto/man/BN_cmp.3 new file mode 100644 index 00000000000..9e2baa24273 --- /dev/null +++ b/src/lib/libcrypto/man/BN_cmp.3 @@ -0,0 +1,151 @@ +.\" $OpenBSD: BN_cmp.3,v 1.6 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Ulf Moeller . +.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt BN_CMP 3 +.Os +.Sh NAME +.Nm BN_cmp , +.Nm BN_ucmp , +.Nm BN_is_zero , +.Nm BN_is_one , +.Nm BN_is_word , +.Nm BN_is_odd +.Nd BIGNUM comparison and test functions +.Sh SYNOPSIS +.In openssl/bn.h +.Ft int +.Fo BN_cmp +.Fa "BIGNUM *a" +.Fa "BIGNUM *b" +.Fc +.Ft int +.Fo BN_ucmp +.Fa "BIGNUM *a" +.Fa "BIGNUM *b" +.Fc +.Ft int +.Fo BN_is_zero +.Fa "BIGNUM *a" +.Fc +.Ft int +.Fo BN_is_one +.Fa "BIGNUM *a" +.Fc +.Ft int +.Fo BN_is_word +.Fa "BIGNUM *a" +.Fa "BN_ULONG w" +.Fc +.Ft int +.Fo BN_is_odd +.Fa "BIGNUM *a" +.Fc +.Sh DESCRIPTION +.Fn BN_cmp +compares the numbers +.Fa a +and +.Fa b . +.Fn BN_ucmp +compares their absolute values. +.Pp +.Fn BN_is_zero , +.Fn BN_is_one +and +.Fn BN_is_word +test if +.Fa a +equals 0, 1, or +.Fa w +respectively. +.Fn BN_is_odd +tests if a is odd. +.Pp +.Fn BN_is_zero , +.Fn BN_is_one , +.Fn BN_is_word , +and +.Fn BN_is_odd +are macros. +.Sh RETURN VALUES +.Fn BN_cmp +returns -1 if +.Fa a Ns < Ns Fa b , +0 if +.Fa a Ns == Ns Fa b , +and 1 if +.Fa a Ns > Ns Fa b . +.Fn BN_ucmp +is the same using the absolute values of +.Fa a +and +.Fa b . +.Pp +.Fn BN_is_zero , +.Fn BN_is_one , +.Fn BN_is_word , +and +.Fn BN_is_odd +return 1 if the condition is true, 0 otherwise. +.Sh SEE ALSO +.Xr BN_new 3 +.Sh HISTORY +.Fn BN_cmp , +.Fn BN_ucmp , +.Fn BN_is_zero , +.Fn BN_is_one , +and +.Fn BN_is_word +first appeared in SSLeay 0.5.1. +.Fn BN_is_odd +first appeared in SSLeay 0.8.0. +All these functions have been available since +.Ox 2.4 . diff --git a/src/lib/libcrypto/man/BN_copy.3 b/src/lib/libcrypto/man/BN_copy.3 new file mode 100644 index 00000000000..956b368dec4 --- /dev/null +++ b/src/lib/libcrypto/man/BN_copy.3 @@ -0,0 +1,165 @@ +.\" $OpenBSD: BN_copy.3,v 1.9 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Ulf Moeller +.\" and Matt Caswell . +.\" Copyright (c) 2000, 2015 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt BN_COPY 3 +.Os +.Sh NAME +.Nm BN_copy , +.Nm BN_dup , +.Nm BN_with_flags +.Nd copy BIGNUMs +.Sh SYNOPSIS +.In openssl/bn.h +.Ft BIGNUM * +.Fo BN_copy +.Fa "BIGNUM *to" +.Fa "const BIGNUM *from" +.Fc +.Ft BIGNUM * +.Fo BN_dup +.Fa "const BIGNUM *from" +.Fc +.Ft void +.Fo BN_with_flags +.Fa "BIGNUM *dest" +.Fa "const BIGNUM *b" +.Fa "int flags" +.Fc +.Sh DESCRIPTION +.Fn BN_copy +copies +.Fa from +to +.Fa to . +.Pp +.Fn BN_dup +creates a new +.Vt BIGNUM +containing the value +.Fa from . +.Pp +.Fn BN_with_flags +creates a +.Em temporary +shallow copy of +.Fa b +in +.Fa dest . +It places significant restrictions on the copied data. +Applications that do not adhere to these restrictions +may encounter unexpected side effects or crashes. +For that reason, use of this macro is discouraged. +.Pp +Any flags provided in +.Fa flags +will be set in +.Fa dest +in addition to any flags already set in +.Fa b . +For example, this can be used to create a temporary copy of a +.Vt BIGNUM +with the +.Dv BN_FLG_CONSTTIME +flag set for constant time operations. +.Pp +The temporary copy in +.Fa dest +will share some internal state with +.Fa b . +For this reason, the following restrictions apply to the use of +.Fa dest : +.Bl -bullet +.It +.Fa dest +should be a newly allocated +.Vt BIGNUM +obtained via a call to +.Xr BN_new 3 . +It should not have been used for other purposes or initialised in any way. +.It +.Fa dest +must only be used in "read-only" operations, i.e. typically those +functions where the relevant parameter is declared "const". +.It +.Fa dest +must be used and freed before any further subsequent use of +.Fa b . +.El +.Sh RETURN VALUES +.Fn BN_copy +returns +.Fa to +on success or +.Dv NULL +on error. +.Fn BN_dup +returns the new +.Vt BIGNUM +or +.Dv NULL +on error. +The error codes can be obtained by +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr BN_new 3 , +.Xr BN_set_flags 3 +.Sh HISTORY +.Fn BN_copy +and +.Fn BN_dup +first appeared in SSLeay 0.5.1 and have been available since +.Ox 2.4 . +.Pp +.Fn BN_with_flags +first appeared in OpenSSL 0.9.7h and 0.9.8a +and has been available since +.Ox 4.0 . diff --git a/src/lib/libcrypto/man/BN_generate_prime.3 b/src/lib/libcrypto/man/BN_generate_prime.3 new file mode 100644 index 00000000000..c767a8643bc --- /dev/null +++ b/src/lib/libcrypto/man/BN_generate_prime.3 @@ -0,0 +1,425 @@ +.\" $OpenBSD: BN_generate_prime.3,v 1.15 2018/12/21 19:30:19 schwarze Exp $ +.\" full merge up to: OpenSSL b3696a55 Sep 2 09:35:50 2017 -0400 +.\" selective merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100 +.\" +.\" This file was written by Ulf Moeller +.\" Bodo Moeller , and Matt Caswell . +.\" Copyright (c) 2000, 2003, 2013, 2014, 2018 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: December 21 2018 $ +.Dt BN_GENERATE_PRIME 3 +.Os +.Sh NAME +.Nm BN_generate_prime_ex , +.Nm BN_is_prime_ex , +.Nm BN_is_prime_fasttest_ex , +.Nm BN_GENCB_call , +.Nm BN_GENCB_new , +.Nm BN_GENCB_free , +.Nm BN_GENCB_set_old , +.Nm BN_GENCB_set , +.Nm BN_GENCB_get_arg , +.Nm BN_generate_prime , +.Nm BN_is_prime , +.Nm BN_is_prime_fasttest +.Nd generate primes and test for primality +.Sh SYNOPSIS +.In openssl/bn.h +.Ft int +.Fo BN_generate_prime_ex +.Fa "BIGNUM *ret" +.Fa "int bits" +.Fa "int safe" +.Fa "const BIGNUM *add" +.Fa "const BIGNUM *rem" +.Fa "BN_GENCB *cb" +.Fc +.Ft int +.Fo BN_is_prime_ex +.Fa "const BIGNUM *p" +.Fa "int nchecks" +.Fa "BN_CTX *ctx" +.Fa "BN_GENCB *cb" +.Fc +.Ft int +.Fo BN_is_prime_fasttest_ex +.Fa "const BIGNUM *p" +.Fa "int nchecks" +.Fa "BN_CTX *ctx" +.Fa "int do_trial_division" +.Fa "BN_GENCB *cb" +.Fc +.Ft int +.Fo BN_GENCB_call +.Fa "BN_GENCB *cb" +.Fa "int a" +.Fa "int b" +.Fc +.Ft BN_GENCB * +.Fn BN_GENCB_new void +.Ft void +.Fo BN_GENCB_free +.Fa "BN_GENCB *cb" +.Fc +.Ft void +.Fo BN_GENCB_set_old +.Fa "BN_GENCB *gencb" +.Fa "void (*callback)(int, int, void *)" +.Fa "void *cb_arg" +.Fc +.Ft void +.Fo BN_GENCB_set +.Fa "BN_GENCB *gencb" +.Fa "int (*callback)(int, int, BN_GENCB *)" +.Fa "void *cb_arg" +.Fc +.Ft void * +.Fo BN_GENCB_get_arg +.Fa "BN_GENCB *cb" +.Fc +.Pp +Deprecated: +.Pp +.Ft BIGNUM * +.Fo BN_generate_prime +.Fa "BIGNUM *ret" +.Fa "int num" +.Fa "int safe" +.Fa "BIGNUM *add" +.Fa "BIGNUM *rem" +.Fa "void (*callback)(int, int, void *)" +.Fa "void *cb_arg" +.Fc +.Ft int +.Fo BN_is_prime +.Fa "const BIGNUM *a" +.Fa "int checks" +.Fa "void (*callback)(int, int, void *)" +.Fa "BN_CTX *ctx" +.Fa "void *cb_arg" +.Fc +.Ft int +.Fo BN_is_prime_fasttest +.Fa "const BIGNUM *a" +.Fa "int checks" +.Fa "void (*callback)(int, int, void *)" +.Fa "BN_CTX *ctx" +.Fa "void *cb_arg" +.Fa "int do_trial_division" +.Fc +.Sh DESCRIPTION +.Fn BN_generate_prime_ex +generates a pseudo-random prime number of at least bit length +.Fa bits . +If +.Fa ret +is not +.Dv NULL , +it will be used to store the number. +.Pp +If +.Fa cb +is not +.Dv NULL , +it is used as follows: +.Bl -bullet +.It +.Fn BN_GENCB_call cb 0 i +is called after generating the i-th potential prime number. +.It +While the number is being tested for primality, +.Fn BN_GENCB_call cb 1 j +is called as described below. +.It +When a prime has been found, +.Fn BN_GENCB_call cb 2 i +is called. +.It +The callers of +.Fn BN_generate_prime_ex +may call +.Fn BN_GENCB_call +with other values as described in their respective manual pages; see +.Sx SEE ALSO . +.El +.Pp +The prime may have to fulfill additional requirements for use in +Diffie-Hellman key exchange: +.Pp +If +.Fa add +is not +.Dv NULL , +the prime will fulfill the condition p % +.Fa add +== +.Fa rem +(p % +.Fa add +== 1 if +.Fa rem +== +.Dv NULL ) +in order to suit a given generator. +.Pp +If +.Fa safe +is true, it will be a safe prime (i.e. a prime p so that (p-1)/2 +is also prime). +.Pp +The prime number generation has a negligible error probability. +.Pp +.Fn BN_is_prime_ex +and +.Fn BN_is_prime_fasttest_ex +test if the number +.Fa p +is prime. +The following tests are performed until one of them shows that +.Fa p +is composite; if +.Fa p +passes all these tests, it is considered prime. +.Pp +.Fn BN_is_prime_fasttest_ex , +when called with +.Fa do_trial_division +== 1, first attempts trial division by a number of small primes; +if no divisors are found by this test and +.Fa cb +is not +.Dv NULL , +.Sy BN_GENCB_call(cb, 1, -1) +is called. +If +.Fa do_trial_division +== 0, this test is skipped. +.Pp +Both +.Fn BN_is_prime_ex +and +.Fn BN_is_prime_fasttest_ex +perform a Miller-Rabin probabilistic primality test with +.Fa nchecks +iterations. +If +.Fa nchecks +== +.Dv BN_prime_checks , +a number of iterations is used that yields a false positive rate of at +most 2^-80 for random input. +.Pp +If +.Fa cb +is not +.Dv NULL , +.Fa BN_GENCB_call cb 1 j +is called after the j-th iteration (j = 0, 1, ...). +.Fa ctx +is a pre-allocated +.Vt BN_CTX +(to save the overhead of allocating and freeing the structure in a +loop), or +.Dv NULL . +.Pp +.Fn BN_GENCB_call +calls the callback function held in the +.Vt BN_GENCB +structure and passes the ints +.Fa a +and +.Fa b +as arguments. +There are two types of +.Vt BN_GENCB +structures that are supported: "new" style and "old" style. +New programs should prefer the "new" style, whilst the "old" style is +provided for backwards compatibility purposes. +.Pp +A +.Vt BN_GENCB +structure should be created through a call to +.Fn BN_GENCB_new +and freed through a call to +.Fn BN_GENCB_free . +.Pp +For "new" style callbacks a +.Vt BN_GENCB +structure should be initialised with a call to +.Fn BN_GENCB_set , +where +.Fa gencb +is a +.Vt BN_GENCB * , +.Fa callback +is of type +.Vt int (*callback)(int, int, BN_GENCB *) +and +.Fa cb_arg +is a +.Vt void * . +"Old" style callbacks are the same except they are initialised with a +call to +.Fn BN_GENCB_set_old +and +.Fa callback +is of type +.Vt void (*callback)(int, int, void *) . +.Pp +A callback is invoked through a call to +.Fn BN_GENCB_call . +This will check the type of the callback and will invoke +.Fn callback a b gencb +for new style callbacks or +.Fn callback a b cb_arg +for old style. +.Pp +It is possible to obtain the argument associated with a +.Vt BN_GENCB +structure (set via a call to +.Fn BN_GENCB_set +or +.Fn BN_GENCB_set_old ) +using +.Fn BN_GENCB_get_arg . +.Pp +.Fn BN_generate_prime +(deprecated) works in the same way as +.Fn BN_generate_prime_ex +but expects an old style callback function directly in the +.Fa callback +parameter, and an argument to pass to it in the +.Fa cb_arg . +Similarly +.Fn BN_is_prime +and +.Fn BN_is_prime_fasttest +are deprecated and can be compared to +.Fn BN_is_prime_ex +and +.Fn BN_is_prime_fasttest_ex +respectively. +.Sh RETURN VALUES +.Fn BN_generate_prime_ex +returns 1 on success or 0 on error. +.Pp +.Fn BN_is_prime_ex , +.Fn BN_is_prime_fasttest_ex , +.Fn BN_is_prime , +and +.Fn BN_is_prime_fasttest +return 0 if the number is composite, 1 if it is prime with an error +probability of less than +.Pf 0.25^ Fa nchecks , +and -1 on error. +.Pp +.Fn BN_generate_prime +returns the prime number on success, +.Dv NULL +otherwise. +.Pp +.Fn BN_GENCB_new +returns a pointer to a +.Vt BN_GENCB +structure on success, or +.Dv NULL +otherwise. +.Pp +.Fn BN_GENCB_get_arg +returns the argument previously associated with a +.Vt BN_GENCB +structure. +.Pp +Callback functions should return 1 on success or 0 on error. +.Pp +The error codes can be obtained by +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr BN_new 3 , +.Xr DH_generate_parameters 3 , +.Xr DSA_generate_parameters 3 , +.Xr ERR_get_error 3 , +.Xr RAND_bytes 3 , +.Xr RSA_generate_key 3 +.Sh HISTORY +.Fn BN_generate_prime +and +.Fn BN_is_prime +first appeared in SSLeay 0.5.1 and had their +.Fa cb_arg +argument added in SSLeay 0.9.0. +These two functions have been available since +.Ox 2.4 . +.Pp +The +.Fa ret +argument to +.Fn BN_generate_prime +was added in SSLeay 0.9.1 and +.Ox 2.6 . +.Pp +.Fn BN_is_prime_fasttest +first appeared in OpenSSL 0.9.5 and has been available since +.Ox 2.7 . +.Pp +.Fn BN_generate_prime_ex , +.Fn BN_is_prime_ex , +.Fn BN_is_prime_fasttest_ex , +.Fn BN_GENCB_call , +.Fn BN_GENCB_set_old , +and +.Fn BN_GENCB_set +first appeared in OpenSSL 0.9.8 and have been available since +.Ox 4.5 . +.Pp +.Fn BN_GENCB_new , +.Fn BN_GENCB_free , +and +.Fn BN_GENCB_get_arg +first appeared in OpenSSL 1.1.0 and have been available since +.Ox 6.3 . diff --git a/src/lib/libcrypto/man/BN_get0_nist_prime_521.3 b/src/lib/libcrypto/man/BN_get0_nist_prime_521.3 new file mode 100644 index 00000000000..eb95c422100 --- /dev/null +++ b/src/lib/libcrypto/man/BN_get0_nist_prime_521.3 @@ -0,0 +1,89 @@ +.\" $OpenBSD: BN_get0_nist_prime_521.3,v 1.5 2018/03/23 00:09:11 schwarze Exp $ +.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" +.\" This file was written by Rich Salz . +.\" Copyright (c) 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt BN_GET0_NIST_PRIME_521 3 +.Os +.Sh NAME +.Nm BN_get0_nist_prime_192 , +.Nm BN_get0_nist_prime_224 , +.Nm BN_get0_nist_prime_256 , +.Nm BN_get0_nist_prime_384 , +.Nm BN_get0_nist_prime_521 +.Nd create standardized public primes or DH pairs +.Sh SYNOPSIS +.In openssl/bn.h +.Ft const BIGNUM * +.Fn BN_get0_nist_prime_192 void +.Ft const BIGNUM * +.Fn BN_get0_nist_prime_224 void +.Ft const BIGNUM * +.Fn BN_get0_nist_prime_256 void +.Ft const BIGNUM * +.Fn BN_get0_nist_prime_384 void +.Ft const BIGNUM * +.Fn BN_get0_nist_prime_521 void +.Sh DESCRIPTION +The +.Fn BN_get0_nist_prime_192 , +.Fn BN_get0_nist_prime_224 , +.Fn BN_get0_nist_prime_256 , +.Fn BN_get0_nist_prime_384 , +and +.Fn BN_get0_nist_prime_521 +functions return a +.Vt BIGNUM +for the specific NIST prime curve (e.g. P-256). +.Sh SEE ALSO +.Xr BN_new 3 +.Sh HISTORY +These functions first appeared in OpenSSL 0.9.8 +and have been available since +.Ox 4.5 . diff --git a/src/lib/libcrypto/man/BN_mod_inverse.3 b/src/lib/libcrypto/man/BN_mod_inverse.3 new file mode 100644 index 00000000000..aa509b1ab60 --- /dev/null +++ b/src/lib/libcrypto/man/BN_mod_inverse.3 @@ -0,0 +1,123 @@ +.\" $OpenBSD: BN_mod_inverse.3,v 1.10 2018/04/29 15:58:21 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Ulf Moeller . +.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: April 29 2018 $ +.Dt BN_MOD_INVERSE 3 +.Os +.Sh NAME +.Nm BN_mod_inverse +.Nd compute inverse modulo n +.Sh SYNOPSIS +.In openssl/bn.h +.Ft BIGNUM * +.Fo BN_mod_inverse +.Fa "BIGNUM *r" +.Fa "BIGNUM *a" +.Fa "const BIGNUM *n" +.Fa "BN_CTX *ctx" +.Fc +.Sh DESCRIPTION +.Fn BN_mod_inverse +computes the inverse of +.Fa a +modulo +.Fa n +and places the result in +.Fa r +.Pq Li (a*r)%n==1 . +If +.Fa r +is +.Dv NULL , +a new +.Vt BIGNUM +is created. +.Pp +If the flag +.Dv BN_FLG_CONSTTIME +is set on +.Fa a +or +.Fa n , +it operates in constant time. +.Pp +.Fa ctx +is a previously allocated +.Vt BN_CTX +used for temporary variables. +.Fa r +may be the same +.Vt BIGNUM +as +.Fa a +or +.Fa n . +.Sh RETURN VALUES +.Fn BN_mod_inverse +returns the +.Vt BIGNUM +containing the inverse, or +.Dv NULL +on error. +The error codes can be obtained by +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr BN_add 3 , +.Xr BN_new 3 , +.Xr BN_set_flags 3 +.Sh HISTORY +.Fn BN_mod_inverse +first appeared in SSLeay 0.5.1 and has been available since +.Ox 2.4 . +.Pp +The +.Fa r +argument was added in SSLeay 0.9.1 and +.Ox 2.6 . diff --git a/src/lib/libcrypto/man/BN_mod_mul_montgomery.3 b/src/lib/libcrypto/man/BN_mod_mul_montgomery.3 new file mode 100644 index 00000000000..8feed711cd2 --- /dev/null +++ b/src/lib/libcrypto/man/BN_mod_mul_montgomery.3 @@ -0,0 +1,252 @@ +.\" $OpenBSD: BN_mod_mul_montgomery.3,v 1.11 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL 6859cf74 Sep 25 13:33:28 2002 +0000 +.\" +.\" This file was written by Ulf Moeller . +.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt BN_MOD_MUL_MONTGOMERY 3 +.Os +.Sh NAME +.Nm BN_MONT_CTX_new , +.Nm BN_MONT_CTX_init , +.Nm BN_MONT_CTX_free , +.Nm BN_MONT_CTX_set , +.Nm BN_MONT_CTX_copy , +.Nm BN_mod_mul_montgomery , +.Nm BN_from_montgomery , +.Nm BN_to_montgomery +.Nd Montgomery multiplication +.Sh SYNOPSIS +.In openssl/bn.h +.Ft BN_MONT_CTX * +.Fo BN_MONT_CTX_new +.Fa void +.Fc +.Ft void +.Fo BN_MONT_CTX_init +.Fa "BN_MONT_CTX *ctx" +.Fc +.Ft void +.Fo BN_MONT_CTX_free +.Fa "BN_MONT_CTX *mont" +.Fc +.Ft int +.Fo BN_MONT_CTX_set +.Fa "BN_MONT_CTX *mont" +.Fa "const BIGNUM *m" +.Fa "BN_CTX *ctx" +.Fc +.Ft BN_MONT_CTX * +.Fo BN_MONT_CTX_copy +.Fa "BN_MONT_CTX *to" +.Fa "BN_MONT_CTX *from" +.Fc +.Ft int +.Fo BN_mod_mul_montgomery +.Fa "BIGNUM *r" +.Fa "BIGNUM *a" +.Fa "BIGNUM *b" +.Fa "BN_MONT_CTX *mont" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo BN_from_montgomery +.Fa "BIGNUM *r" +.Fa "BIGNUM *a" +.Fa "BN_MONT_CTX *mont" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo BN_to_montgomery +.Fa "BIGNUM *r" +.Fa "BIGNUM *a" +.Fa "BN_MONT_CTX *mont" +.Fa "BN_CTX *ctx" +.Fc +.Sh DESCRIPTION +These functions implement Montgomery multiplication. +They are used automatically when +.Xr BN_mod_exp 3 +is called with suitable input, but they may be useful when several +operations are to be performed using the same modulus. +.Pp +.Fn BN_MONT_CTX_new +allocates and initializes a +.Vt BN_MONT_CTX +structure. +.Pp +.Fn BN_MONT_CTX_init +initializes an existing uninitialized +.Vt BN_MONT_CTX . +It is deprecated and dangerous: see +.Sx CAVEATS . +.Pp +.Fn BN_MONT_CTX_set +sets up the +.Fa mont +structure from the modulus +.Fa m +by precomputing its inverse and a value R. +.Pp +.Fn BN_MONT_CTX_copy +copies the +.Vt BN_MONT_CTX +.Fa from +to +.Fa to . +.Pp +.Fn BN_MONT_CTX_free +frees the components of the +.Vt BN_MONT_CTX , +and, if it was created by +.Fn BN_MONT_CTX_new , +also the structure itself. +If +.Fa mont +is a +.Dv NULL +pointer, no action occurs. +.Pp +.Fn BN_mod_mul_montgomery +computes +.Pp +.D1 Mont Ns Po Fa a , Fa b Pc := Fa a No * Fa b No * R^-1 +.Pp +and places the result in +.Fa r . +.Pp +.Fn BN_from_montgomery +performs the Montgomery reduction +.Pp +.D1 Fa r No = Fa a No * R^-1 +.Pp +.Fn BN_to_montgomery +computes +.Pp +.D1 Mont Ns Po Fa a , No R^2 Pc = Fa a No * R +.Pp +Note that +.Fa a +must be non-negative and smaller than the modulus. +.Pp +For all functions, +.Fa ctx +is a previously allocated +.Vt BN_CTX +used for temporary variables. +.Pp +The +.Vt BN_MONT_CTX +structure is defined as follows: +.Bd -literal +typedef struct bn_mont_ctx_st { + int ri; /* number of bits in R */ + BIGNUM RR; /* R^2 (used to convert to Montgomery form) */ + BIGNUM N; /* The modulus */ + BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 + * (Ni is only stored for bignum algorithm) */ + BN_ULONG n0; /* least significant word of Ni */ + int flags; +} BN_MONT_CTX; +.Ed +.Pp +.Fn BN_to_montgomery +is a macro. +.Pp +.Sy Warning : +The inputs must be reduced modulo +.Fa m , +otherwise the result will be outside the expected range. +.Sh RETURN VALUES +.Fn BN_MONT_CTX_new +returns the newly allocated +.Vt BN_MONT_CTX +or +.Dv NULL +on error. +.Pp +For the other functions, 1 is returned for success or 0 on error. +The error codes can be obtained by +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr BN_add 3 , +.Xr BN_CTX_new 3 , +.Xr BN_new 3 +.Sh HISTORY +.Fn BN_MONT_CTX_new , +.Fn BN_MONT_CTX_free , +.Fn BN_MONT_CTX_set , +.Fn BN_mod_mul_montgomery , +.Fn BN_from_montgomery , +and +.Fn BN_to_montgomery +first appeared in SSLeay 0.6.1 and have been available since +.Ox 2.4 . +.Pp +.Fn BN_MONT_CTX_init +and +.Fn BN_MONT_CTX_copy +first appeared in SSLeay 0.9.1 and have been available since +.Ox 2.6 . +.Sh CAVEATS +.Fn BN_MONT_CTX_init +must not be called on a context that was used previously, or +memory used by the embedded +.Vt BIGNUM +structures is leaked immediately. +Besides, it must not be called on a context created with +.Fn BN_MONT_CTX_new , +or the context itself will likely be leaked later. +It can only be used on a static +.Vt BN_MONT_CTX +structure, on one located on the stack, or on one +.Xr malloc 3 Ap ed +manually, but all these options are discouraged because they +will no longer work once +.Vt BN_MONT_CTX +is made opaque. diff --git a/src/lib/libcrypto/man/BN_mod_mul_reciprocal.3 b/src/lib/libcrypto/man/BN_mod_mul_reciprocal.3 new file mode 100644 index 00000000000..9ace3576521 --- /dev/null +++ b/src/lib/libcrypto/man/BN_mod_mul_reciprocal.3 @@ -0,0 +1,229 @@ +.\" $OpenBSD: BN_mod_mul_reciprocal.3,v 1.10 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL 6859cf74 Sep 25 13:33:28 2002 +0000 +.\" +.\" This file was written by Ulf Moeller . +.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt BN_MOD_MUL_RECIPROCAL 3 +.Os +.Sh NAME +.Nm BN_mod_mul_reciprocal , +.Nm BN_RECP_CTX_new , +.Nm BN_RECP_CTX_init , +.Nm BN_RECP_CTX_free , +.Nm BN_RECP_CTX_set , +.Nm BN_div_recp +.Nd modular multiplication using reciprocal +.Sh SYNOPSIS +.In openssl/bn.h +.Ft int +.Fo BN_mod_mul_reciprocal +.Fa "BIGNUM *r" +.Fa "BIGNUM *a" +.Fa "BIGNUM *b" +.Fa "BN_RECP_CTX *recp" +.Fa "BN_CTX *ctx" +.Fc +.Ft BN_RECP_CTX * +.Fo BN_RECP_CTX_new +.Fa void +.Fc +.Ft void +.Fo BN_RECP_CTX_init +.Fa "BN_RECP_CTX *recp" +.Fc +.Ft void +.Fo BN_RECP_CTX_free +.Fa "BN_RECP_CTX *recp" +.Fc +.Ft int +.Fo BN_RECP_CTX_set +.Fa "BN_RECP_CTX *recp" +.Fa "const BIGNUM *m" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo BN_div_recp +.Fa "BIGNUM *dv" +.Fa "BIGNUM *rem" +.Fa "BIGNUM *a" +.Fa "BN_RECP_CTX *recp" +.Fa "BN_CTX *ctx" +.Fc +.Sh DESCRIPTION +.Fn BN_mod_mul_reciprocal +can be used to perform an efficient +.Xr BN_mod_mul 3 +operation when the operation will be performed repeatedly with the same +modulus. +It computes +.Fa r Ns =( Ns Fa a Ns * Ns Fa b Ns )% Ns Fa m +using +.Fa recp Ns =1/ Ns Fa m , +which is set as described below. +.Fa ctx +is a previously allocated +.Vt BN_CTX +used for temporary variables. +.Pp +.Fn BN_RECP_CTX_new +allocates and initializes a +.Vt BN_RECP_CTX +structure. +.Pp +.Fn BN_RECP_CTX_init +initializes an existing uninitialized +.Vt BN_RECP_CTX . +It is deprecated and dangerous: see +.Sx CAVEATS . +.Pp +.Fn BN_RECP_CTX_free +frees the components of the +.Vt BN_RECP_CTX , +and, if it was created by +.Fn BN_RECP_CTX_new , +also the structure itself. +If +.Fa recp +is a +.Dv NULL +pointer, no action occurs. +.Pp +.Fn BN_RECP_CTX_set +stores +.Fa m +in +.Fa recp +and sets it up for computing +.Pf 1/ Fa m +and shifting it left by +.Fn BN_num_bits m Ns +1 +to make it an integer. +The result and the number of bits it was shifted left will later be +stored in +.Fa recp . +.Pp +.Fn BN_div_recp +divides +.Fa a +by +.Fa m +using +.Fa recp . +It places the quotient in +.Fa dv +and the remainder in +.Fa rem . +.Pp +The +.Vt BN_RECP_CTX +structure is defined as follows: +.Bd -literal +typedef struct bn_recp_ctx_st { + BIGNUM N; /* the divisor */ + BIGNUM Nr; /* the reciprocal */ + int num_bits; + int shift; + int flags; +} BN_RECP_CTX; +.Ed +.Pp +It cannot be shared between threads. +.Sh RETURN VALUES +.Fn BN_RECP_CTX_new +returns the newly allocated +.Vt BN_RECP_CTX +or +.Dv NULL +on error. +.Pp +For the other functions, 1 is returned for success or 0 on error. +The error codes can be obtained by +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr BN_add 3 , +.Xr BN_CTX_new 3 , +.Xr BN_new 3 +.Sh HISTORY +.Fn BN_mod_mul_reciprocal +first appeared in SSLeay 0.5.1 and has been available since +.Ox 2.4 . +.Pp +.Vt BN_RECP_CTX +was added in SSLeay 0.9.0. +Before that, a function +.Fn BN_reciprocal +was used instead, and the +.Fn BN_mod_mul_reciprocal +arguments were different. +.Pp +.Fn BN_RECP_CTX_new , +.Fn BN_RECP_CTX_init , +.Fn BN_RECP_CTX_free , +.Fn BN_RECP_CTX_set , +and +.Fn BN_div_recp +first appeared in SSLeay 0.9.1 and have been available since +.Ox 2.6 . +.Sh CAVEATS +.Fn BN_RECP_CTX_init +must not be called on a context that was used previously, or +memory used by the embedded +.Vt BIGNUM +structures is leaked immediately. +Besides, it must not be called on a context created with +.Fn BN_RECP_CTX_new , +or the context itself will likely be leaked later. +It can only be used on a static +.Vt BN_RECP_CTX +structure, on one located on the stack, or on one +.Xr malloc 3 Ap ed +manually, but all these options are discouraged because they +will no longer work once +.Vt BN_RECP_CTX +is made opaque. diff --git a/src/lib/libcrypto/man/BN_new.3 b/src/lib/libcrypto/man/BN_new.3 new file mode 100644 index 00000000000..ed2910e645f --- /dev/null +++ b/src/lib/libcrypto/man/BN_new.3 @@ -0,0 +1,201 @@ +.\" $OpenBSD: BN_new.3,v 1.14 2018/04/29 15:58:21 schwarze Exp $ +.\" full merge up to: OpenSSL man3/BN_new 2457c19d Mar 6 08:43:36 2004 +0000 +.\" selective merge up to: man3/BN_new 681acb31 Sep 29 13:10:34 2017 +0200 +.\" full merge up to: OpenSSL man7/bn 05ea606a May 20 20:52:46 2016 -0400 +.\" +.\" This file was written by Ulf Moeller . +.\" Copyright (c) 2000, 2004 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: April 29 2018 $ +.Dt BN_NEW 3 +.Os +.Sh NAME +.Nm BN_new , +.Nm BN_init , +.Nm BN_clear , +.Nm BN_free , +.Nm BN_clear_free +.Nd allocate and free BIGNUMs +.Sh SYNOPSIS +.In openssl/bn.h +.Ft BIGNUM * +.Fo BN_new +.Fa void +.Fc +.Ft void +.Fo BN_init +.Fa "BIGNUM *" +.Fc +.Ft void +.Fo BN_clear +.Fa "BIGNUM *a" +.Fc +.Ft void +.Fo BN_free +.Fa "BIGNUM *a" +.Fc +.Ft void +.Fo BN_clear_free +.Fa "BIGNUM *a" +.Fc +.Sh DESCRIPTION +The BN library performs arithmetic operations on integers of arbitrary +size. +It was written for use in public key cryptography, such as RSA and +Diffie-Hellman. +.Pp +It uses dynamic memory allocation for storing its data structures. +That means that there is no limit on the size of the numbers manipulated +by these functions, but return values must always be checked in case a +memory allocation error has occurred. +.Pp +The basic object in this library is a +.Vt BIGNUM . +It is used to hold a single large integer. +This type should be considered opaque and fields should not be modified +or accessed directly. +.Pp +.Fn BN_new +allocates and initializes a +.Vt BIGNUM +structure, in particular setting the value to zero and the flags to +.Dv BN_FLG_MALLOCED . +The security-relevant flag +.Dv BN_FLG_CONSTTIME +is not set by default. +.Pp +.Fn BN_init +initializes an existing uninitialized +.Vt BIGNUM . +It is deprecated and dangerous: see +.Sx CAVEATS . +.Pp +.Fn BN_clear +is used to destroy sensitive data such as keys when they are no longer +needed. +It erases the memory used by +.Fa a +and sets it to the value 0. +.Pp +.Fn BN_free +frees the components of the +.Vt BIGNUM +and, if it was created by +.Fn BN_new , +also the structure itself. +.Fn BN_clear_free +additionally overwrites the data before the memory is returned to the +system. +If +.Fa a +is a +.Dv NULL +pointer, no action occurs. +.Sh RETURN VALUES +.Fn BN_new +returns a pointer to the +.Vt BIGNUM . +If the allocation fails, it returns +.Dv NULL +and sets an error code that can be obtained by +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr BN_add 3 , +.Xr BN_add_word 3 , +.Xr BN_BLINDING_new 3 , +.Xr BN_bn2bin 3 , +.Xr BN_cmp 3 , +.Xr BN_copy 3 , +.Xr BN_CTX_new 3 , +.Xr BN_CTX_start 3 , +.Xr BN_generate_prime 3 , +.Xr BN_get0_nist_prime_521 3 , +.Xr BN_mod_inverse 3 , +.Xr BN_mod_mul_montgomery 3 , +.Xr BN_mod_mul_reciprocal 3 , +.Xr BN_num_bytes 3 , +.Xr BN_rand 3 , +.Xr BN_set_bit 3 , +.Xr BN_set_flags 3 , +.Xr BN_set_negative 3 , +.Xr BN_swap 3 , +.Xr BN_zero 3 +.Sh HISTORY +.Fn BN_new , +.Fn BN_clear , +.Fn BN_free , +and +.Fn BN_clear_free +first appeared in SSLeay 0.5.1 and have been available since +.Ox 2.4 . +.Pp +.Fn BN_init +first appeared in SSLeay 0.9.1 and has been available since +.Ox 2.6 . +.Sh CAVEATS +.Fn BN_init +must not be called on a +.Vt BIGNUM +that was used and contains an actual number, or the memory +used for storing the number is leaked immediately. +Besides, it must not be called on a number allocated with +.Fn BN_new , +or the +.Vt BIGNUM +structure itself will likely be leaked later on. +It can only be used on static +.Vt BIGNUM +structures, on +.Vt BIGNUM +structures on the stack, or on +.Vt BIGNUM +structures +.Xr malloc 3 Ap ed +manually, but all of these options are discouraged because they +will no longer work once the +.Vt BIGNUM +data type is made opaque. diff --git a/src/lib/libcrypto/man/BN_num_bytes.3 b/src/lib/libcrypto/man/BN_num_bytes.3 new file mode 100644 index 00000000000..ae32a8d8faa --- /dev/null +++ b/src/lib/libcrypto/man/BN_num_bytes.3 @@ -0,0 +1,130 @@ +.\" $OpenBSD: BN_num_bytes.3,v 1.7 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Ulf Moeller +.\" and Richard Levitte . +.\" Copyright (c) 2000, 2004 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt BN_NUM_BYTES 3 +.Os +.Sh NAME +.Nm BN_num_bytes , +.Nm BN_num_bits , +.Nm BN_num_bits_word +.Nd get BIGNUM size +.Sh SYNOPSIS +.In openssl/bn.h +.Ft int +.Fo BN_num_bytes +.Fa "const BIGNUM *a" +.Fc +.Ft int +.Fo BN_num_bits +.Fa "const BIGNUM *a" +.Fc +.Ft int +.Fo BN_num_bits_word +.Fa "BN_ULONG w" +.Fc +.Sh DESCRIPTION +.Fn BN_num_bytes +returns the size of a +.Vt BIGNUM +in bytes. +.Pp +.Fn BN_num_bits_word +returns the number of significant bits in a word. +As an example, 0x00000432 returns 11, not 16 or 32. +Basically, except for a zero, it returns +.Pp +.D1 floor(log2( Ns Fa w ) ) No + 1 . +.Pp +.Fn BN_num_bits +returns the number of significant bits in a +.Sy BIGNUM , +following the same principle as +.Fn BN_num_bits_word . +.Pp +.Fn BN_num_bytes +is a macro. +.Pp +Some have tried using +.Fn BN_num_bits +on individual numbers in RSA keys, DH keys and DSA keys, and found that +they don't always come up with the number of bits they expected +(something like 512, 1024, 2048, ...). This is because generating a +number with some specific number of bits doesn't always set the highest +bits, thereby making the number of +.Em significant +bits a little lower. +If you want to know the "key size" of such a key, either use functions +like +.Xr RSA_size 3 , +.Xr DH_size 3 , +and +.Xr DSA_size 3 , +or use +.Fn BN_num_bytes +and multiply with 8 (although there's no real guarantee that will match +the "key size", just a lot more probability). +.Sh RETURN VALUES +The size. +.Sh SEE ALSO +.Xr BN_new 3 , +.Xr DH_size 3 , +.Xr DSA_size 3 , +.Xr RSA_size 3 +.Sh HISTORY +.Fn BN_num_bytes +and +.Fn BN_num_bits +first appeared in SSLeay 0.5.1. +.Fn BN_num_bits_word +first appeared in SSLeay 0.5.2. +These functions have been available since +.Ox 2.4 . diff --git a/src/lib/libcrypto/man/BN_rand.3 b/src/lib/libcrypto/man/BN_rand.3 new file mode 100644 index 00000000000..b5966bcfa23 --- /dev/null +++ b/src/lib/libcrypto/man/BN_rand.3 @@ -0,0 +1,137 @@ +.\" $OpenBSD: BN_rand.3,v 1.14 2018/12/24 10:07:22 schwarze Exp $ +.\" full merge up to: OpenSSL 05ea606a May 20 20:52:46 2016 -0400 +.\" selective merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100 +.\" +.\" This file was written by Ulf Moeller . +.\" Copyright (c) 2000, 2001, 2002, 2013, 2015 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: December 24 2018 $ +.Dt BN_RAND 3 +.Os +.Sh NAME +.Nm BN_rand , +.Nm BN_rand_range , +.Nm BN_pseudo_rand , +.Nm BN_pseudo_rand_range +.Nd generate pseudo-random number +.Sh SYNOPSIS +.In openssl/bn.h +.Ft int +.Fo BN_rand +.Fa "BIGNUM *rnd" +.Fa "int bits" +.Fa "int top" +.Fa "int bottom" +.Fc +.Ft int +.Fo BN_rand_range +.Fa "BIGNUM *rnd" +.Fa "BIGNUM *range" +.Fc +.Sh DESCRIPTION +.Fn BN_rand +generates a cryptographically strong pseudo-random number of +.Fa bits +in length and stores it in +.Fa rnd . +If +.Fa top +is -1, the most significant bit of the random number can be zero. +If +.Fa top +is 0, it is set to 1, and if +.Fa top +is 1, the two most significant bits of the number will be set to 1, so +that the product of two such random numbers will always have +.Pf 2* Fa bits +length. +If +.Fa bottom +is true, the number will be odd. +The value of +.Fa bits +must be zero or greater. +If +.Fa bits +is +1 then +.Fa top +cannot also be 1. +.Pp +.Fn BN_rand_range +generates a cryptographically strong pseudo-random number +.Fa rnd +in the range 0 <= +.Fa rnd No < Fa range . +.Pp +.Fn BN_pseudo_rand +is a deprecated alias for +.Fn BN_rand , +and +.Fn BN_pseudo_rand_range +for +.Fn BN_rand_range . +.Sh RETURN VALUES +The functions return 1 on success, 0 on error. +The error codes can be obtained by +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr BN_new 3 , +.Xr ERR_get_error 3 , +.Xr RAND_add 3 , +.Xr RAND_bytes 3 +.Sh HISTORY +.Fn BN_rand +first appeared in SSLeay 0.5.1 and has been available since +.Ox 2.4 . +.Pp +The +.Fa top +== -1 case and the function +.Fn BN_rand_range +first appeared in OpenSSL 0.9.6a and have been available since +.Ox 3.0 . diff --git a/src/lib/libcrypto/man/BN_set_bit.3 b/src/lib/libcrypto/man/BN_set_bit.3 new file mode 100644 index 00000000000..93bfda6747e --- /dev/null +++ b/src/lib/libcrypto/man/BN_set_bit.3 @@ -0,0 +1,216 @@ +.\" $OpenBSD: BN_set_bit.3,v 1.7 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Ulf Moeller . +.\" Copyright (c) 2000, 2015 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt BN_SET_BIT 3 +.Os +.Sh NAME +.Nm BN_set_bit , +.Nm BN_clear_bit , +.Nm BN_is_bit_set , +.Nm BN_mask_bits , +.Nm BN_lshift , +.Nm BN_lshift1 , +.Nm BN_rshift , +.Nm BN_rshift1 +.Nd bit operations on BIGNUMs +.Sh SYNOPSIS +.In openssl/bn.h +.Ft int +.Fo BN_set_bit +.Fa "BIGNUM *a" +.Fa "int n" +.Fc +.Ft int +.Fo BN_clear_bit +.Fa "BIGNUM *a" +.Fa "int n" +.Fc +.Ft int +.Fo BN_is_bit_set +.Fa "const BIGNUM *a" +.Fa "int n" +.Fc +.Ft int +.Fo BN_mask_bits +.Fa "BIGNUM *a" +.Fa "int n" +.Fc +.Ft int +.Fo BN_lshift +.Fa "BIGNUM *r" +.Fa "const BIGNUM *a" +.Fa "int n" +.Fc +.Ft int +.Fo BN_lshift1 +.Fa "BIGNUM *r" +.Fa "BIGNUM *a" +.Fc +.Ft int +.Fo BN_rshift +.Fa "BIGNUM *r" +.Fa "BIGNUM *a" +.Fa "int n" +.Fc +.Ft int +.Fo BN_rshift1 +.Fa "BIGNUM *r" +.Fa "BIGNUM *a" +.Fc +.Sh DESCRIPTION +.Fn BN_set_bit +sets bit +.Fa n +in +.Fa a +to 1 +.Pq Li a|=(1<>n) . +An error occurs if +.Fa a +already is shorter than +.Fa n +bits. +.Pp +.Fn BN_lshift +shifts +.Fa a +left by +.Fa n +bits and places the result in +.Fa r +.Pq Li r=a*2^n . +Note that +.Fa n +must be non-negative. +.Fn BN_lshift1 +shifts +.Fa a +left by one and places the result in +.Fa r +.Pq Li r=2*a . +.Pp +.Fn BN_rshift +shifts +.Fa a +right by +.Fa n +bits and places the result in +.Fa r +.Pq Li r=a/2^n . +Note that +.Fa n +must be non-negative. +.Fn BN_rshift1 +shifts +.Fa a +right by one and places the result in +.Fa r +.Pq Li r=a/2 . +.Pp +For the shift functions, +.Fa r +and +.Fa a +may be the same variable. +.Sh RETURN VALUES +.Fn BN_is_bit_set +returns 1 if the bit is set, 0 otherwise. +.Pp +All other functions return 1 for success, 0 on error. +The error codes can be obtained by +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr BN_add 3 , +.Xr BN_new 3 , +.Xr BN_num_bytes 3 , +.Xr BN_set_negative 3 , +.Xr BN_zero 3 +.Sh HISTORY +.Fn BN_set_bit , +.Fn BN_clear_bit , +.Fn BN_is_bit_set , +.Fn BN_mask_bits , +.Fn BN_lshift , +.Fn BN_lshift1 , +.Fn BN_rshift , +and +.Fn BN_rshift1 +first appeared in SSLeay 0.5.1 and have been available since +.Ox 2.4 . diff --git a/src/lib/libcrypto/man/BN_set_flags.3 b/src/lib/libcrypto/man/BN_set_flags.3 new file mode 100644 index 00000000000..9b1647cd312 --- /dev/null +++ b/src/lib/libcrypto/man/BN_set_flags.3 @@ -0,0 +1,167 @@ +.\" $OpenBSD: BN_set_flags.3,v 1.3 2018/04/29 15:58:21 schwarze Exp $ +.\" +.\" Copyright (c) 2017 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: April 29 2018 $ +.Dt BN_SET_FLAGS 3 +.Os +.Sh NAME +.Nm BN_set_flags , +.Nm BN_get_flags +.Nd enable and inspect flags on BIGNUM objects +.Sh SYNOPSIS +.In openssl/bn.h +.Ft void +.Fo BN_set_flags +.Fa "BIGNUM *b" +.Fa "int flags" +.Fc +.Ft int +.Fo BN_get_flags +.Fa "const BIGNUM *b" +.Fa "int flags" +.Fc +.Sh DESCRIPTION +.Fn BN_set_flags +enables the given +.Fa flags +on +.Fa b . +The +.Fa flags +argument can contain zero or more of the following constants OR'ed +together: +.Bl -tag -width Ds +.It Dv BN_FLG_CONSTTIME +If this flag is set on the divident +.Fa a +or the divisor +.Fa d +in +.Xr BN_div 3 , +on the exponent +.Fa p +in +.Xr BN_mod_exp 3 , +or on the divisor +.Fa a +or the modulus +.Fa n +in +.Xr BN_mod_inverse 3 , +these functions select algorithms with an execution time independent +of the respective numbers, to avoid exposing sensitive information +to timing side-channel attacks. +.Pp +This flag is off by default for +.Vt BIGNUM +objects created with +.Xr BN_new 3 . +.It Dv BN_FLG_MALLOCED +If this flag is set, +.Xr BN_free 3 +and +.Xr BN_clear_free 3 +will not only clear and free the components of +.Fa b , +but also +.Fa b +itself. +This flag is set internally by +.Xr BN_new 3 . +Setting it manually on an existing +.Vt BIGNUM +object is usually a bad idea and can cause calls to +.Xr free 3 +with bogus arguments. +.It Dv BN_FLG_STATIC_DATA +If this flag is set, +.Xr BN_clear_free 3 +will neither clear nor free the memory used for storing the number. +Consequently, setting it manually on an existing +.Vt BIGNUM +object is usually a terrible idea that can cause both disclosure +of secret data and memory leaks. +This flag is automatically set on the constant +.Vt BIGNUM +objects returned by +.Xr BN_value_one 3 +and by the functions documented in +.Xr BN_get0_nist_prime_521 3 . +.El +.Pp +.Fn BN_get_flags +interpretes +.Fa flags +as a bitmask and returns those of the given flags that are set in +.Fa b , +OR'ed together, or 0 if none of the given +.Fa flags +is set. +The +.Fa flags +argument has the same syntax as for +.Fn BN_set_flags . +.Pp +These functions are currently implemented as macros, but they are +likely to become real functions in the future when the +.Vt BIGNUM +data type will be made opaque. +.Sh RETURN VALUES +.Fn BN_get_flags +returns zero or more of the above constants, OR'ed together. +.Sh SEE ALSO +.Xr BN_mod_exp 3 , +.Xr BN_mod_inverse 3 , +.Xr BN_new 3 , +.Xr BN_with_flags 3 +.Sh HISTORY +.Fn BN_set_flags +and +.Fn BN_get_flags +first appeared in SSLeay 0.9.1 and have been available since +.Ox 2.6 . +.Sh CAVEATS +No public interface exists to clear a flag once it is set. +So think twice before using +.Fn BN_set_flags . +.Sh BUGS +Even if the +.Dv BN_FLG_CONSTTIME +flag is set on +.Fa a +or +.Fa b , +.Fn BN_gcd +neither fails nor operates in constant time, potentially allowing +timing side-channel attacks. +.Pp +Even if the +.Dv BN_FLG_CONSTTIME +flag is set on +.Fa p , +if the modulus +.Fa m +is even, +.Xr BN_mod_exp 3 +does not operate in constant time, potentially allowing +timing side-channel attacks. +.Pp +If +.Dv BN_FLG_CONSTTIME +is set on +.Fa p , +.Fn BN_exp +fails instead of operating in constant time. diff --git a/src/lib/libcrypto/man/BN_set_negative.3 b/src/lib/libcrypto/man/BN_set_negative.3 new file mode 100644 index 00000000000..69927c1bb11 --- /dev/null +++ b/src/lib/libcrypto/man/BN_set_negative.3 @@ -0,0 +1,63 @@ +.\" $OpenBSD: BN_set_negative.3,v 1.4 2018/03/23 00:09:11 schwarze Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt BN_SET_NEGATIVE 3 +.Os +.Sh NAME +.Nm BN_set_negative , +.Nm BN_is_negative +.Nd change and inspect the sign of a BIGNUM +.Sh SYNOPSIS +.Ft void +.Fo BN_set_negative +.Fa "BIGNUM *b" +.Fa "int n" +.Fc +.Ft int +.Fo BN_is_negative +.Fa "const BIGNUM *b" +.Fc +.Sh DESCRIPTION +.Fn BN_set_negative +sets +.Fa b +to negative if both +.Fa b +and +.Fa n +are non-zero, otherwise it sets it to positive. +.Pp +.Fn BN_is_negative +tests the sign of +.Fa b . +It is currently implemented as a macro. +.Sh RETURN VALUES +.Fn BN_is_negative +returns 1 if +.Fa b +is negative or 0 otherwise. +.Sh SEE ALSO +.Xr BN_add 3 , +.Xr BN_new 3 , +.Xr BN_set_bit 3 , +.Xr BN_zero 3 +.Sh HISTORY +.Fn BN_set_negative +and +.Fn BN_is_negative +first appeared in OpenSSL 0.9.8 and have been available since +.Ox 4.5 . diff --git a/src/lib/libcrypto/man/BN_swap.3 b/src/lib/libcrypto/man/BN_swap.3 new file mode 100644 index 00000000000..db9082d7ef7 --- /dev/null +++ b/src/lib/libcrypto/man/BN_swap.3 @@ -0,0 +1,75 @@ +.\" $OpenBSD: BN_swap.3,v 1.5 2018/03/22 21:08:22 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Bodo Moeller . +.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 22 2018 $ +.Dt BN_SWAP 3 +.Os +.Sh NAME +.Nm BN_swap +.Nd exchange BIGNUMs +.Sh SYNOPSIS +.In openssl/bn.h +.Ft void +.Fo BN_swap +.Fa "BIGNUM *a" +.Fa "BIGNUM *b" +.Fc +.Sh DESCRIPTION +.Fn BN_swap +exchanges the values of +.Fa a +and +.Fa b . +.Sh SEE ALSO +.Xr BN_new 3 +.Sh HISTORY +.Fn BN_swap +first appeared in OpenSSL 0.9.7 and has been available since +.Ox 3.2 . diff --git a/src/lib/libcrypto/man/BN_zero.3 b/src/lib/libcrypto/man/BN_zero.3 new file mode 100644 index 00000000000..f3ca4cdfb16 --- /dev/null +++ b/src/lib/libcrypto/man/BN_zero.3 @@ -0,0 +1,154 @@ +.\" $OpenBSD: BN_zero.3,v 1.9 2018/03/27 17:35:50 schwarze Exp $ +.\" full merge up to: OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400 +.\" selective merge up to: OpenSSL b713c4ff Jan 22 14:41:09 2018 -0500 +.\" +.\" This file was written by Ulf Moeller . +.\" Copyright (c) 2000, 2001, 2002, 2018 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt BN_ZERO 3 +.Os +.Sh NAME +.Nm BN_zero , +.Nm BN_one , +.Nm BN_value_one , +.Nm BN_set_word , +.Nm BN_get_word +.Nd BIGNUM assignment operations +.Sh SYNOPSIS +.In openssl/bn.h +.Ft int +.Fo BN_zero +.Fa "BIGNUM *a" +.Fc +.Ft int +.Fo BN_one +.Fa "BIGNUM *a" +.Fc +.Ft const BIGNUM * +.Fo BN_value_one +.Fa void +.Fc +.Ft int +.Fo BN_set_word +.Fa "BIGNUM *a" +.Fa "BN_ULONG w" +.Fc +.Ft BN_ULONG +.Fo BN_get_word +.Fa "BIGNUM *a" +.Fc +.Sh DESCRIPTION +.Vt BN_ULONG +is a macro that expands to an unsigned integral type optimized +for the most efficient implementation on the local platform. +.Pp +.Fn BN_zero , +.Fn BN_one , +and +.Fn BN_set_word +set +.Fa a +to the values 0, 1 and +.Fa w +respectively. +.Fn BN_zero +and +.Fn BN_one +are macros. +.Pp +.Fn BN_value_one +returns a +.Vt BIGNUM +constant of value 1. +This constant is useful for comparisons and assignments. +.Sh RETURN VALUES +.Fn BN_get_word +returns the value +.Fa a , +or a number with all bits set if +.Fa a +cannot be represented as a +.Vt BN_ULONG . +.Pp +.Fn BN_zero , +.Fn BN_one , +and +.Fn BN_set_word +return 1 on success, 0 otherwise. +.Fn BN_value_one +returns the constant. +.Sh SEE ALSO +.Xr BN_bn2bin 3 , +.Xr BN_new 3 , +.Xr BN_set_bit 3 , +.Xr BN_set_negative 3 +.Sh HISTORY +.Fn BN_zero , +.Fn BN_one , +.Fn BN_value_one , +and +.Fn BN_set_word +first appeared in SSLeay 0.5.1. +.Fn BN_get_word +first appeared in SSLeay 0.6.0. +All these functions have been available since +.Ox 2.4 . +.Sh BUGS +Someone might change the constant. +.Pp +If the value of a +.Vt BIGNUM +is equal to a +.Vt BN_ULONG +with all bits set, the return value of +.Fn BN_get_word +collides with return value used to indicate errors. +.Pp +.Vt BN_ULONG +should probably be a typedef rather than a macro. diff --git a/src/lib/libcrypto/man/BUF_MEM_new.3 b/src/lib/libcrypto/man/BUF_MEM_new.3 new file mode 100644 index 00000000000..60e12c53b5c --- /dev/null +++ b/src/lib/libcrypto/man/BUF_MEM_new.3 @@ -0,0 +1,205 @@ +.\" $OpenBSD: BUF_MEM_new.3,v 1.15 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL doc/crypto/buffer.pod 18edda0f Sep 20 03:28:54 2000 +0000 +.\" not merged: 74924dcb, 58e3457a, 21b0fa91, 7644a9ae +.\" OpenSSL doc/crypto/BUF_MEM_new.pod 53934822 Jun 9 16:39:19 2016 -0400 +.\" not merged: c952780c, 91da5e77 +.\" OpenSSL doc/man3/BUF_MEM_new.pod 498180de Dec 12 15:35:09 2016 +0300 +.\" +.\" This file was written by Ralf S. Engelschall . +.\" Copyright (c) 1999, 2000, 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt BUF_MEM_NEW 3 +.Os +.Sh NAME +.Nm BUF_MEM_new , +.Nm BUF_MEM_free , +.Nm BUF_MEM_grow , +.Nm BUF_MEM_grow_clean , +.Nm BUF_reverse , +.Nm BUF_strdup +.Nd simple character arrays structure +.Sh SYNOPSIS +.In openssl/buffer.h +.Ft BUF_MEM * +.Fo BUF_MEM_new +.Fa void +.Fc +.Ft void +.Fo BUF_MEM_free +.Fa "BUF_MEM *a" +.Fc +.Ft int +.Fo BUF_MEM_grow +.Fa "BUF_MEM *str" +.Fa "size_t len" +.Fc +.Ft int +.Fo BUF_MEM_grow_clean +.Fa "BUF_MEM *str" +.Fa "size_t len" +.Fc +.Ft void +.Fo BUF_reverse +.Fa "unsigned char *out" +.Fa "const unsigned char *in" +.Fa "size_t len" +.Fc +.Ft char * +.Fo BUF_strdup +.Fa "const char *str" +.Fc +.Sh DESCRIPTION +The buffer library handles simple character arrays. +Buffers are used for various purposes in the library, most notably +memory BIOs. +.Pp +The library uses the +.Vt BUF_MEM +structure defined in buffer.h: +.Bd -literal +typedef struct buf_mem_st +{ + size_t length; /* current number of bytes */ + char *data; + size_t max; /* size of buffer */ +} BUF_MEM; +.Ed +.Pp +.Fa length +is the current size of the buffer in bytes; +.Fa max +is the amount of memory allocated to the buffer. +There are three functions which handle these and one miscellaneous function. +.Pp +.Fn BUF_MEM_new +allocates a new buffer of zero size. +.Pp +.Fn BUF_MEM_free +frees up an already existing buffer. +The data is zeroed before freeing up in case the buffer contains +sensitive data. +If +.Fa a +is a +.Dv NULL +pointer, no action occurs. +.Pp +.Fn BUF_MEM_grow +changes the size of an already existing buffer to +.Fa len . +Any data already in the buffer is preserved if it increases in size. +.Pp +.Fn BUF_MEM_grow_clean +is similar to +.Fn BUF_MEM_grow , +but it sets any freed or additionally allocated memory to zero. +.Pp +.Fn BUF_reverse +reverses +.Fa len +bytes at +.Fa in +into +.Fa out . +If +.Fa in +is +.Dv NULL , +.Fa out +is reversed in place. +.Pp +.Fn BUF_strdup +copies a NUL terminated string into a block of allocated memory and +returns a pointer to the allocated block. +Unlike the system +.Xr strdup 3 +function, +.Fn BUF_strdup +will accept a +.Dv NULL +argument and will return +.Dv NULL +in that case. +Its use in new programs is discouraged. +.Pp +The memory allocated from +.Fn BUF_strdup +should be freed up using the +.Xr free 3 +function. +.Sh RETURN VALUES +.Fn BUF_MEM_new +returns the buffer or +.Dv NULL +on error. +.Pp +.Fn BUF_MEM_grow +and +.Fn BUF_MEM_grow_clean +return zero on error or the new size (i.e.\& +.Fa len ) . +.Sh SEE ALSO +.Xr BIO_new 3 +.Sh HISTORY +.Fn BUF_MEM_new , +.Fn BUF_MEM_free , +and +.Fn BUF_MEM_grow +first appeared in SSLeay 0.6.0. +.Fn BUF_strdup +first appeared in SSLeay 0.8.0. +All these functions have been available since +.Ox 2.4 . +.Pp +.Fn BUF_MEM_grow_clean +first appeared in OpenSSL 0.9.7 and has been available since +.Ox 3.2 . +.Pp +.Fn BUF_reverse +first appeared in OpenSSL 1.0.0 and has been available since +.Ox 4.9 . diff --git a/src/lib/libcrypto/man/CONF_modules_free.3 b/src/lib/libcrypto/man/CONF_modules_free.3 new file mode 100644 index 00000000000..be5f64d1e10 --- /dev/null +++ b/src/lib/libcrypto/man/CONF_modules_free.3 @@ -0,0 +1,103 @@ +.\" $OpenBSD: CONF_modules_free.3,v 1.5 2018/03/22 21:08:22 schwarze Exp $ +.\" OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2004, 2006 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 22 2018 $ +.Dt CONF_MODULES_FREE 3 +.Os +.Sh NAME +.Nm CONF_modules_free , +.Nm CONF_modules_finish , +.Nm CONF_modules_unload +.Nd OpenSSL configuration cleanup functions +.Sh SYNOPSIS +.In openssl/conf.h +.Ft void +.Fo CONF_modules_free +.Fa void +.Fc +.Ft void +.Fo CONF_modules_finish +.Fa void +.Fc +.Ft void +.Fo CONF_modules_unload +.Fa "int all" +.Fc +.Sh DESCRIPTION +.Fn CONF_modules_free +closes down and frees up all memory allocated by all configuration +modules. +Normally applications will only call this function +at application exit to tidy up any configuration performed. +.Pp +.Fn CONF_modules_finish +calls the configuration +.Sy finish +handler of each configuration module to free up any configuration +that module may have performed. +.Pp +.Fn CONF_modules_unload +finishes and unloads configuration modules. +If +.Fa all +is set to 0, only modules loaded from DSOs will be unloaded. +If +.Fa all +is 1, all modules, including builtin modules, will be unloaded. +.Sh SEE ALSO +.Xr CONF_modules_load_file 3 , +.Xr OPENSSL_config 3 +.Sh HISTORY +.Fn CONF_modules_free , +.Fn CONF_modules_finish , +and +.Fn CONF_modules_unload +first appeared in OpenSSL 0.9.7 and have been available since +.Ox 3.2 . diff --git a/src/lib/libcrypto/man/CONF_modules_load_file.3 b/src/lib/libcrypto/man/CONF_modules_load_file.3 new file mode 100644 index 00000000000..d0401d520ba --- /dev/null +++ b/src/lib/libcrypto/man/CONF_modules_load_file.3 @@ -0,0 +1,229 @@ +.\" $OpenBSD: CONF_modules_load_file.3,v 1.8 2019/03/20 04:02:07 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2000, 2015 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 20 2019 $ +.Dt CONF_MODULES_LOAD_FILE 3 +.Os +.Sh NAME +.Nm CONF_modules_load_file , +.Nm CONF_modules_load +.Nd OpenSSL configuration functions +.Sh SYNOPSIS +.In openssl/conf.h +.Ft int +.Fo CONF_modules_load_file +.Fa "const char *filename" +.Fa "const char *appname" +.Fa "unsigned long flags" +.Fc +.Ft int +.Fo CONF_modules_load +.Fa "const CONF *cnf" +.Fa "const char *appname" +.Fa "unsigned long flags" +.Fc +.Sh DESCRIPTION +The function +.Fn CONF_modules_load_file +configures OpenSSL using the file +.Fa filename +in +.Xr openssl.cnf 5 +format and the application name +.Fa appname . +If +.Fa filename +is +.Dv NULL , +the standard OpenSSL configuration file +.Pa /etc/ssl/openssl.cnf +is used. +If +.Fa appname +is +.Dv NULL , +the standard OpenSSL application name +.Qq openssl_conf +is used. +The behaviour can be customized using +.Fa flags . +.Pp +.Fn CONF_modules_load +is identical to +.Fn CONF_modules_load_file +except it reads configuration information from +.Fa cnf . +.Pp +The following +.Fa flags +are currently recognized: +.Bl -tag -width Ds +.It Dv CONF_MFLAGS_IGNORE_ERRORS +Ignore errors returned by individual configuration modules. +By default, the first module error is considered fatal and no further +modules are loaded. +.It Dv CONF_MFLAGS_SILENT +Do not add any error information. +By default, all module errors add error information to the error queue. +.It Dv CONF_MFLAGS_NO_DSO +Disable loading of configuration modules from DSOs. +.It Dv CONF_MFLAGS_IGNORE_MISSING_FILE +Let +.Fn CONF_modules_load_file +ignore missing configuration files. +By default, a missing configuration file returns an error. +.It CONF_MFLAGS_DEFAULT_SECTION +If +.Fa appname +is not +.Dv NULL +but does not exist, fall back to the default section +.Qq openssl_conf . +.El +.Pp +By using +.Fn CONF_modules_load_file +with appropriate flags, an application can customise application +configuration to best suit its needs. +In some cases the use of a configuration file is optional and its +absence is not an error: in this case +.Dv CONF_MFLAGS_IGNORE_MISSING_FILE +would be set. +.Pp +Errors during configuration may also be handled differently by +different applications. +For example in some cases an error may simply print out a warning +message and the application may continue. +In other cases an application might consider a configuration file +error fatal and exit immediately. +.Pp +Applications can use the +.Fn CONF_modules_load +function if they wish to load a configuration file themselves and +have finer control over how errors are treated. +.Sh RETURN VALUES +These functions return 1 for success and zero or a negative value for +failure. +If module errors are not ignored, the return code will reflect the return +value of the failing module (this will always be zero or negative). +.Sh FILES +.Bl -tag -width /etc/ssl/openssl.cnf -compact +.It Pa /etc/ssl/openssl.cnf +standard configuration file +.El +.Sh EXAMPLES +Load a configuration file and print out any errors and exit (missing +file considered fatal): +.Bd -literal +if (CONF_modules_load_file(NULL, NULL, 0) <= 0) { + fprintf(stderr, "FATAL: error loading configuration file\en"); + ERR_print_errors_fp(stderr); + exit(1); +} +.Ed +.Pp +Load default configuration file using the section indicated +by "myapp", tolerate missing files, but exit on other errors: +.Bd -literal +if (CONF_modules_load_file(NULL, "myapp", + CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) { + fprintf(stderr, "FATAL: error loading configuration file\en"); + ERR_print_errors_fp(stderr); + exit(1); +} +.Ed +.Pp +Load custom configuration file and section, only print warnings on +error, missing configuration file ignored: +.Bd -literal +if (CONF_modules_load_file("/something/app.cnf", "myapp", + CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) { + fprintf(stderr, "WARNING: error loading configuration file\en"); + ERR_print_errors_fp(stderr); +} +.Ed +.Pp +Load and parse configuration file manually, custom error handling: +.Bd -literal +FILE *fp; +CONF *cnf = NULL; +long eline; + +fp = fopen("/somepath/app.cnf", "r"); +if (fp == NULL) { + fprintf(stderr, "Error opening configuration file\en"); + /* Other missing configuration file behaviour */ +} else { + cnf = NCONF_new(NULL); + if (NCONF_load_fp(cnf, fp, &eline) == 0) { + fprintf(stderr, "Error on line %ld of configuration file\en", + eline); + ERR_print_errors_fp(stderr); + /* Other malformed configuration file behaviour */ + } else if (CONF_modules_load(cnf, "appname", 0) <= 0) { + fprintf(stderr, "Error configuring application\en"); + ERR_print_errors_fp(stderr); + /* Other configuration error behaviour */ + } + fclose(fp); + NCONF_free(cnf); +} +.Ed +.Sh SEE ALSO +.Xr CONF_modules_free 3 , +.Xr ERR 3 , +.Xr OPENSSL_config 3 , +.Xr OPENSSL_init_crypto 3 +.Sh HISTORY +.Fn CONF_modules_load_file +and +.Fn CONF_modules_load +first appeared in OpenSSL 0.9.7 and have been available since +.Ox 3.2 . diff --git a/src/lib/libcrypto/man/CRYPTO_get_mem_functions.3 b/src/lib/libcrypto/man/CRYPTO_get_mem_functions.3 new file mode 100644 index 00000000000..f02ec8fbb01 --- /dev/null +++ b/src/lib/libcrypto/man/CRYPTO_get_mem_functions.3 @@ -0,0 +1,112 @@ +.\" $OpenBSD: CRYPTO_get_mem_functions.3,v 1.6 2018/08/24 19:17:38 tb Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: August 24 2018 $ +.Dt CRYPTO_GET_MEM_FUNCTIONS 3 +.Os +.Sh NAME +.Nm CRYPTO_get_mem_functions , +.Nm CRYPTO_set_mem_functions , +.Nm CRYPTO_mem_ctrl , +.Nm CRYPTO_mem_leaks , +.Nm CRYPTO_mem_leaks_fp , +.Nm CRYPTO_mem_leaks_cb +.Nd legacy OpenSSL memory allocation control +.Sh SYNOPSIS +.In openssl/crypto.h +.Ft void +.Fo CRYPTO_get_mem_functions +.Fa "void *(**m)(size_t)" +.Fa "void *(**r)(void *, size_t)" +.Fa "void (**f)(void *)" +.Fc +.Ft int +.Fo CRYPTO_set_mem_functions +.Fa "void *(*m)(size_t)" +.Fa "void *(*r)(void *, size_t)" +.Fa "void (*f)(void *)" +.Fc +.Ft int +.Fo CRYPTO_mem_ctrl +.Fa "int mode" +.Fc +.Ft int +.Fo CRYPTO_mem_leaks +.Fa "BIO *b" +.Fc +.Ft int +.Fo CRYPTO_mem_leaks_fp +.Fa "FILE *fp" +.Fc +.Ft typedef int * +.Fo CRYPTO_MEM_LEAK_CB +.Fa "unsigned long" +.Fa "const char *" +.Fa int +.Fa int +.Fa "void *" +.Fc +.Ft int +.Fo CRYPTO_mem_leaks_cb +.Fa "CRYPTO_MEM_LEAK_CB *cb" +.Fc +.Sh DESCRIPTION +Do not use any of the interfaces documented here. +They are provided purely for compatibility with legacy application code. +.Pp +.Fn CRYPTO_get_mem_functions +assigns pointers to the C library functions +.Xr malloc 3 , +.Xr realloc 3 , +and +.Xr free 3 +to those of its arguments that are not +.Dv NULL . +.Pp +.Fn CRYPTO_set_mem_functions , +.Fn CRYPTO_mem_ctrl , +.Fn CRYPTO_mem_leaks , +.Fn CRYPTO_mem_leaks_fp , +and +.Fn CRYPTO_mem_leaks_cb +have no effect. +.Sh RETURN VALUES +.Fn CRYPTO_set_mem_functions +always returns 0. +.Pp +.Fn CRYPTO_mem_ctrl +always returns +.Dv CRYPTO_MEM_CHECK_OFF . +.Pp +.Fn CRYPTO_mem_leaks , +.Fn CRYPTO_mem_leaks_fp , +and +.Fn CRYPTO_mem_leaks_cb +always return -1. +.Sh HISTORY +.Fn CRYPTO_mem_ctrl , +.Fn CRYPTO_mem_leaks , +and +.Fn CRYPTO_mem_leaks_fp +first appeared in SSLeay 0.6.4. +.Fn CRYPTO_get_mem_functions +and +.Fn CRYPTO_set_mem_functions +first appeared in SSLeay 0.6.5. +.Fn CRYPTO_mem_leaks_cb +first appeared in SSLeay 0.6.6. +All these functions have all been available since +.Ox 2.4 . diff --git a/src/lib/libcrypto/man/CRYPTO_lock.3 b/src/lib/libcrypto/man/CRYPTO_lock.3 new file mode 100644 index 00000000000..cb6224a7002 --- /dev/null +++ b/src/lib/libcrypto/man/CRYPTO_lock.3 @@ -0,0 +1,176 @@ +.\" $OpenBSD: CRYPTO_lock.3,v 1.1 2019/03/10 15:00:34 schwarze Exp $ +.\" OpenSSL doc/crypto/threads.pod fb552ac6 Sep 30 23:43:01 2009 +0000 +.\" +.\" Copyright (c) 2019 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 10 2019 $ +.Dt CRYPTO_LOCK 3 +.Os +.Sh NAME +.Nm CRYPTO_THREADID_current , +.Nm CRYPTO_THREADID_cmp , +.Nm CRYPTO_THREADID_cpy , +.Nm CRYPTO_THREADID_hash , +.Nm CRYPTO_lock , +.Nm CRYPTO_w_lock , +.Nm CRYPTO_w_unlock , +.Nm CRYPTO_r_lock , +.Nm CRYPTO_r_unlock , +.Nm CRYPTO_add +.Nd thread support +.Sh SYNOPSIS +.In openssl/crypto.h +.Ft void +.Fo CRYPTO_THREADID_current +.Fa "CRYPTO_THREADID *id" +.Fc +.Ft int +.Fo CRYPTO_THREADID_cmp +.Fa "const CRYPTO_THREADID *a" +.Fa "const CRYPTO_THREADID *b" +.Fc +.Ft void +.Fo CRYPTO_THREADID_cpy +.Fa "CRYPTO_THREADID *dest" +.Fa "const CRYPTO_THREADID *src" +.Fc +.Ft unsigned long +.Fo CRYPTO_THREADID_hash +.Fa "const CRYPTO_THREADID *id" +.Fc +.Ft void +.Fo CRYPTO_lock +.Fa "int mode" +.Fa "int type" +.Fa "const char *file" +.Fa "int line" +.Fc +.Ft int +.Fo CRYPTO_add +.Fa "int *p" +.Fa "int amount" +.Fa "int type" +.Fc +.Bd -literal +#define CRYPTO_w_lock(type) \e + CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE, type, __FILE__, __LINE__) +#define CRYPTO_w_unlock(type) \e + CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE, type, __FILE__, __LINE__) +#define CRYPTO_r_lock(type) \e + CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ, type, __FILE__, __LINE__) +#define CRYPTO_r_unlock(type) \e + CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ, type, __FILE__, __LINE__) +.Ed +.Sh DESCRIPTION +These functions are obsolete. +.Pp +.Fn CRYPTO_THREADID_current +stores a unique identifier of the currently executing thread +into the opaque object +.Fa id . +.Pp +.Fn CRYPTO_THREADID_cpy +copies the contents of +.Fa src +to +.Fa dest . +.Pp +.Fn CRYPTO_lock +locks or unlocks a mutex lock. +.Pp +.Fa mode +is a bitfield describing what should be done with the lock. +For each call, either +.Dv CRYPTO_LOCK +or +.Dv CRYPTO_UNLOCK +must be included. +In the LibreSSL implementation, +.Dv CRYPTO_READ +and +.Dv CRYPTO_WRITE +are ignored. +.Pp +.Fa type +is a number in the range 0 <= +.Fa type No < Dv CRYPTO_NUM_LOCKS +identifying a particular lock. +Currently, the value of +.Dv CRYPTO_NUM_LOCKS +is 41. +.Pp +The +.Ar file +and +.Ar line +arguments are ignored. +.Pp +In the LibreSSL implementation, +.Fn CRYPTO_lock +is a wrapper around +.Xr pthread_mutex_lock 3 +and +.Xr pthread_mutex_unlock 3 . +.Pp +.Fn CRYPTO_add +locks the lock number +.Fa type , +adds +.Fa amount +to +.Pf * Fa p , +and unlocks the lock number +.Fa type +again. +.Sh RETURN VALUES +.Fn CRYPTO_THREADID_cmp +returns 0 if +.Fa a +and +.Fa b +refer to the same thread or a non-zero value otherwise. +.Pp +.Fn CRYPTO_THREADID_hash +returns a numeric value usable as a hash-table key. +In the LibreSSL implementation, it is the value returned from +.Xr pthread_self 3 +for the thread +.Fa id . +.Pp +.Fn CRYPTO_add +returns the new value of +.Pf * Fa p . +.Sh SEE ALSO +.Xr crypto 3 +.Sh HISTORY +.Fn CRYPTO_lock , +.Fn CRYPTO_w_lock , +.Fn CRYPTO_w_unlock , +.Fn CRYPTO_r_lock , +and +.Fn CRYPTO_r_unlock +first appeared in SSLeay 0.6.0. +.Fn CRYPTO_add +first appeared in SSLeay 0.6.2. +These functions have been available since +.Ox 2.4 . +.Pp +.Fn CRYPTO_THREADID_current , +.Fn CRYPTO_THREADID_cmp , +.Fn CRYPTO_THREADID_cpy , +and +.Fn CRYPTO_THREADID_hash +first appeared in OpenSSL 1.0.0 and have been available since +.Ox 4.9 . diff --git a/src/lib/libcrypto/man/CRYPTO_set_ex_data.3 b/src/lib/libcrypto/man/CRYPTO_set_ex_data.3 new file mode 100644 index 00000000000..ca5080dfb91 --- /dev/null +++ b/src/lib/libcrypto/man/CRYPTO_set_ex_data.3 @@ -0,0 +1,364 @@ +.\" $OpenBSD: CRYPTO_set_ex_data.3,v 1.10 2018/04/08 01:00:15 schwarze Exp $ +.\" full merge up to: +.\" OpenSSL CRYPTO_get_ex_new_index 9e183d22 Mar 11 08:56:44 2017 -0500 +.\" selective merge up to: a73d990e Feb 27 19:02:24 2018 +0100 +.\" +.\" This file was written by Dr. Stephen Henson +.\" and by Rich Salz . +.\" Copyright (c) 2000, 2006, 2015, 2016 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: April 8 2018 $ +.Dt CRYPTO_SET_EX_DATA 3 +.Os +.Sh NAME +.Nm CRYPTO_EX_new , +.Nm CRYPTO_EX_free , +.Nm CRYPTO_EX_dup , +.Nm CRYPTO_get_ex_new_index , +.Nm CRYPTO_set_ex_data , +.Nm CRYPTO_get_ex_data , +.Nm CRYPTO_free_ex_data , +.Nm CRYPTO_new_ex_data +.Nd functions supporting application-specific data +.Sh SYNOPSIS +.In openssl/crypto.h +.Ft int +.Fo CRYPTO_get_ex_new_index +.Fa "int class_index" +.Fa "long argl" +.Fa "void *argp" +.Fa "CRYPTO_EX_new *new_func" +.Fa "CRYPTO_EX_dup *dup_func" +.Fa "CRYPTO_EX_free *free_func" +.Fc +.Ft typedef int +.Fo CRYPTO_EX_new +.Fa "void *parent" +.Fa "void *ptr" +.Fa "CRYPTO_EX_DATA *ad" +.Fa "int idx" +.Fa "long argl" +.Fa "void *argp" +.Fc +.Ft typedef void +.Fo CRYPTO_EX_free +.Fa "void *parent" +.Fa "void *ptr" +.Fa "CRYPTO_EX_DATA *ad" +.Fa "int idx" +.Fa "long argl" +.Fa "void *argp" +.Fc +.Ft typedef int +.Fo CRYPTO_EX_dup +.Fa "CRYPTO_EX_DATA *to" +.Fa "const CRYPTO_EX_DATA *from" +.Fa "void *from_d" +.Fa "int idx" +.Fa "long argl" +.Fa "void *argp" +.Fc +.Ft int +.Fo CRYPTO_new_ex_data +.Fa "int class_index" +.Fa "void *obj" +.Fa "CRYPTO_EX_DATA *ad" +.Fc +.Ft int +.Fo CRYPTO_set_ex_data +.Fa "CRYPTO_EX_DATA *r" +.Fa "int idx" +.Fa "void *arg" +.Fc +.Ft void * +.Fo CRYPTO_get_ex_data +.Fa "CRYPTO_EX_DATA *r" +.Fa "int idx" +.Fc +.Ft void +.Fo CRYPTO_free_ex_data +.Fa "int class_index" +.Fa "void *obj" +.Fa "CRYPTO_EX_DATA *r" +.Fc +.Sh DESCRIPTION +Several OpenSSL structures can have application specific data attached +to them, known as "exdata". +The specific structures are: +.Bd -literal + BIO + DH + DSA + ECDH + ECDSA + ENGINE + RSA + SSL + SSL_CTX + SSL_SESSION + UI + X509 + X509_STORE + X509_STORE_CTX +.Ed +.Pp +Each is identified by a +.Dv CRYPTO_EX_INDEX_* +constant defined in the +.In openssl/crypto.h +header file. +.Pp +The API described here is used by OpenSSL to manipulate exdata for +specific structures. +Since the application data can be anything at all it is passed and +retrieved as a +.Vt void * +type. +.Pp +The +.Vt CRYPTO_EX_DATA +type is opaque. +To initialize the exdata part of a structure, call +.Fn CRYPTO_new_ex_data . +.Pp +Exdata types are identified by an index, an integer guaranteed to +be unique within structures for the lifetime of the program. +Applications using exdata typically call +.Fn CRYPTO_get_ex_new_index +at startup and store the result in a global variable, or write a +wrapper function to provide lazy evaluation. +The +.Fa class_index +should be one of the +.Dv CRYPTO_EX_INDEX_* +values. +The +.Fa argl +and +.Fa argp +parameters are saved to be passed to the callbacks but are otherwise not +used. +In order to transparently manipulate exdata, three callbacks must be +provided. +The semantics of those callbacks are described below. +.Pp +When copying or releasing objects with exdata, the callback functions +are called in increasing order of their index value. +.Pp +To set or get the exdata on an object, the appropriate type-specific +routine must be used. +This is because the containing structure is opaque and the +.Vt CRYPTO_EX_DATA +field is not accessible. +In both APIs, the +.Fa idx +parameter should be an already-created index value. +.Pp +When setting exdata, the pointer specified with a particular index is +saved, and returned on a subsequent "get" call. +If the application is going to release the data, it must make sure to +set a +.Dv NULL +value at the index, to avoid likely double-free crashes. +.Pp +The function +.Fn CRYPTO_free_ex_data +is used to free all exdata attached to a structure. +The appropriate type-specific routine must be used. +The +.Fa class_index +identifies the structure type, the +.Fa obj +is be the pointer to the actual structure, and +.Fa r +is a pointer to the structure's exdata field. +.Pp +The callback functions are used as follows. +.Pp +When a structure is initially allocated (such as by +.Xr RSA_new 3 ) , +then +.Fa new_func +is called for every defined index. +There is no requirement that the entire parent, or containing, structure +has been set up. +The +.Fa new_func +is typically used only to allocate memory to store the +exdata, and perhaps an "initialized" flag within that memory. +The exdata value should be set by calling +.Fn CRYPTO_set_ex_data . +.Pp +When a structure is free'd (such as by +.Xr SSL_CTX_free 3 ) , +then the +.Fa free_func +is called for every defined index. +Again, the state of the parent structure is not guaranteed. +The +.Fa free_func +may be called with a +.Dv NULL +pointer. +.Pp +Both +.Fa new_func +and +.Fa free_func +take the same parameters. +The +.Fa parent +is the pointer to the structure that contains the exdata. +The +.Fa ptr +is the current exdata item; for +.Fa new_func +this will typically be +.Dv NULL . +The +.Fa r +parameter is a pointer to the exdata field of the object. +The +.Fa idx +is the index and is the value returned when the callbacks were initially +registered via +.Fn CRYPTO_get_ex_new_index +and can be used if the same callback handles different types of exdata. +.Pp +.Fa dup_func +is called when a structure is being copied. +This is only done for +.Vt SSL +and +.Vt SSL_SESSION +objects. +The +.Fa to +and +.Fa from +parameters are pointers to the destination and source +.Vt CRYPTO_EX_DATA +structures, respectively. +The +.Fa from_d +parameter is a pointer to the source exdata. +When +.Fa dup_func +returns, the value in +.Fa from_d +is copied to the destination ex_data. +If the pointer contained in +.Fa from_d +is not modified by the +.Fa dup_func , +then both +.Fa to +and +.Fa from +will point to the same data. +The +.Fa idx , +.Fa argl +and +.Fa argp +parameters are as described for the other two callbacks. +.Pp +.Fn CRYPTO_set_ex_data +is used to set application specific data. +The data is supplied in the +.Fa arg +parameter and its precise meaning is up to the application. +.Pp +.Fn CRYPTO_get_ex_data +is used to retrieve application specific data. +The data is returned to the application; this will be the same value as +supplied to a previous +.Fn CRYPTO_set_ex_data +call. +.Sh RETURN VALUES +.Fn CRYPTO_get_ex_new_index +returns a new index or -1 on failure; the value 0 is reserved for +the legacy "app_data" APIs. +.Pp +.Fn CRYPTO_set_ex_data +returns 1 on success or 0 on failure. +.Pp +.Fn CRYPTO_get_ex_data +returns the application data or +.Dv NULL +on failure; note that +.Dv NULL +may be a valid value. +.Pp +.Fa dup_func +should return 0 for failure and 1 for success. +.Pp +On failure an error code can be obtained from +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr BIO_get_ex_new_index 3 , +.Xr DH_get_ex_new_index 3 , +.Xr DSA_get_ex_new_index 3 , +.Xr RSA_get_ex_new_index 3 , +.Xr X509_STORE_CTX_get_ex_new_index 3 +.Sh HISTORY +.Fn CRYPTO_get_ex_new_index , +.Fn CRYPTO_set_ex_data , +.Fn CRYPTO_get_ex_data , +.Fn CRYPTO_free_ex_data , +and +.Fn CRYPTO_new_ex_data +first appeared in SSLeay 0.9.0 and have been available since +.Ox 2.4 . +.Pp +.Fn CRYPTO_EX_new , +.Fn CRYPTO_EX_free , +and +.Fn CRYPTO_EX_dup +first appeared in OpenSSL 0.9.5 and have been available since +.Ox 2.7 . diff --git a/src/lib/libcrypto/man/DES_set_key.3 b/src/lib/libcrypto/man/DES_set_key.3 new file mode 100644 index 00000000000..700b39a9714 --- /dev/null +++ b/src/lib/libcrypto/man/DES_set_key.3 @@ -0,0 +1,873 @@ +.\" $OpenBSD: DES_set_key.3,v 1.13 2018/12/21 21:36:21 schwarze Exp $ +.\" full merge up to: +.\" OpenSSL man3/DES_random_key 521738e9 Oct 5 14:58:30 2018 -0400 +.\" +.\" -------------------------------------------------------------------------- +.\" Major patches to this file were contributed by +.\" Ulf Moeller , Ben Laurie , +.\" and Richard Levitte . +.\" -------------------------------------------------------------------------- +.\" Copyright (c) 2000, 2001, 2017 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.\" -------------------------------------------------------------------------- +.\" Parts of this file are derived from SSLeay documentation, +.\" which is covered by the following Copyright and license: +.\" -------------------------------------------------------------------------- +.\" +.\" Copyright (C) 1995-1998 Tim Hudson (tjh@cryptsoft.com) +.\" All rights reserved. +.\" +.\" This package is an SSL implementation written +.\" by Eric Young (eay@cryptsoft.com). +.\" The implementation was written so as to conform with Netscapes SSL. +.\" +.\" This library is free for commercial and non-commercial use as long as +.\" the following conditions are aheared to. The following conditions +.\" apply to all code found in this distribution, be it the RC4, RSA, +.\" lhash, DES, etc., code; not just the SSL code. The SSL documentation +.\" included with this distribution is covered by the same copyright terms +.\" except that the holder is Tim Hudson (tjh@cryptsoft.com). +.\" +.\" Copyright remains Eric Young's, and as such any Copyright notices in +.\" the code are not to be removed. +.\" If this package is used in a product, Eric Young should be given +.\" attribution as the author of the parts of the library used. +.\" This can be in the form of a textual message at program startup or +.\" in documentation (online or textual) provided with the package. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. All advertising materials mentioning features or use of this software +.\" must display the following acknowledgement: +.\" "This product includes cryptographic software written by +.\" Eric Young (eay@cryptsoft.com)" +.\" The word 'cryptographic' can be left out if the rouines from the +.\" library being used are not cryptographic related :-). +.\" 4. If you include any Windows specific code (or a derivative thereof) +.\" from the apps directory (application code) you must include an +.\" acknowledgement: "This product includes software written by +.\" Tim Hudson (tjh@cryptsoft.com)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" The licence and distribution terms for any publically available version or +.\" derivative of this code cannot be changed. i.e. this code cannot simply be +.\" copied and put under another distribution licence +.\" [including the GNU Public Licence.] +.\" +.Dd $Mdocdate: December 21 2018 $ +.Dt DES_SET_KEY 3 +.Os +.Sh NAME +.Nm DES_random_key , +.Nm DES_set_key , +.Nm DES_key_sched , +.Nm DES_set_key_checked , +.Nm DES_set_key_unchecked , +.Nm DES_set_odd_parity , +.Nm DES_is_weak_key , +.Nm DES_ecb_encrypt , +.Nm DES_ecb2_encrypt , +.Nm DES_ecb3_encrypt , +.Nm DES_ncbc_encrypt , +.Nm DES_cfb_encrypt , +.Nm DES_ofb_encrypt , +.Nm DES_pcbc_encrypt , +.Nm DES_cfb64_encrypt , +.Nm DES_ofb64_encrypt , +.Nm DES_xcbc_encrypt , +.Nm DES_ede2_cbc_encrypt , +.Nm DES_ede2_cfb64_encrypt , +.Nm DES_ede2_ofb64_encrypt , +.Nm DES_ede3_cbc_encrypt , +.Nm DES_ede3_cbcm_encrypt , +.Nm DES_ede3_cfb64_encrypt , +.Nm DES_ede3_ofb64_encrypt , +.Nm DES_cbc_cksum , +.Nm DES_quad_cksum , +.Nm DES_string_to_key , +.Nm DES_string_to_2keys , +.Nm DES_fcrypt , +.Nm DES_crypt , +.Nm DES_enc_read , +.Nm DES_enc_write +.Nd DES encryption +.Sh SYNOPSIS +.In openssl/des.h +.Ft void +.Fo DES_random_key +.Fa "DES_cblock *ret" +.Fc +.Ft int +.Fo DES_set_key +.Fa "const_DES_cblock *key" +.Fa "DES_key_schedule *schedule" +.Fc +.Ft int +.Fo DES_key_sched +.Fa "const_DES_cblock *key" +.Fa "DES_key_schedule *schedule" +.Fc +.Ft int +.Fo DES_set_key_checked +.Fa "const_DES_cblock *key" +.Fa "DES_key_schedule *schedule" +.Fc +.Ft void +.Fo DES_set_key_unchecked +.Fa "const_DES_cblock *key" +.Fa "DES_key_schedule *schedule" +.Fc +.Ft void +.Fo DES_set_odd_parity +.Fa "DES_cblock *key" +.Fc +.Ft int +.Fo DES_is_weak_key +.Fa "const_DES_cblock *key" +.Fc +.Ft void +.Fo DES_ecb_encrypt +.Fa "const_DES_cblock *input" +.Fa "DES_cblock *output" +.Fa "DES_key_schedule *ks" +.Fa "int enc" +.Fc +.Ft void +.Fo DES_ecb2_encrypt +.Fa "const_DES_cblock *input" +.Fa "DES_cblock *output" +.Fa "DES_key_schedule *ks1" +.Fa "DES_key_schedule *ks2" +.Fa "int enc" +.Fc +.Ft void +.Fo DES_ecb3_encrypt +.Fa "const_DES_cblock *input" +.Fa "DES_cblock *output" +.Fa "DES_key_schedule *ks1" +.Fa "DES_key_schedule *ks2" +.Fa "DES_key_schedule *ks3" +.Fa "int enc" +.Fc +.Ft void +.Fo DES_ncbc_encrypt +.Fa "const unsigned char *input" +.Fa "unsigned char *output" +.Fa "long length" +.Fa "DES_key_schedule *schedule" +.Fa "DES_cblock *ivec" +.Fa "int enc" +.Fc +.Ft void +.Fo DES_cfb_encrypt +.Fa "const unsigned char *in" +.Fa "unsigned char *out" +.Fa "int numbits" +.Fa "long length" +.Fa "DES_key_schedule *schedule" +.Fa "DES_cblock *ivec" +.Fa "int enc" +.Fc +.Ft void +.Fo DES_ofb_encrypt +.Fa "const unsigned char *in" +.Fa "unsigned char *out" +.Fa "int numbits" +.Fa "long length" +.Fa "DES_key_schedule *schedule" +.Fa "DES_cblock *ivec" +.Fc +.Ft void +.Fo DES_pcbc_encrypt +.Fa "const unsigned char *input" +.Fa "unsigned char *output" +.Fa "long length" +.Fa "DES_key_schedule *schedule" +.Fa "DES_cblock *ivec" +.Fa "int enc" +.Fc +.Ft void +.Fo DES_cfb64_encrypt +.Fa "const unsigned char *in" +.Fa "unsigned char *out" +.Fa "long length" +.Fa "DES_key_schedule *schedule" +.Fa "DES_cblock *ivec" +.Fa "int *num" +.Fa "int enc" +.Fc +.Ft void +.Fo DES_ofb64_encrypt +.Fa "const unsigned char *in" +.Fa "unsigned char *out" +.Fa "long length" +.Fa "DES_key_schedule *schedule" +.Fa "DES_cblock *ivec" +.Fa "int *num" +.Fc +.Ft void +.Fo DES_xcbc_encrypt +.Fa "const unsigned char *input" +.Fa "unsigned char *output" +.Fa "long length" +.Fa "DES_key_schedule *schedule" +.Fa "DES_cblock *ivec" +.Fa "const_DES_cblock *inw" +.Fa "const_DES_cblock *outw" +.Fa "int enc" +.Fc +.Ft void +.Fo DES_ede2_cbc_encrypt +.Fa "const unsigned char *input" +.Fa "unsigned char *output" +.Fa "long length" +.Fa "DES_key_schedule *ks1" +.Fa "DES_key_schedule *ks2" +.Fa "DES_cblock *ivec" +.Fa "int enc" +.Fc +.Ft void +.Fo DES_ede2_cfb64_encrypt +.Fa "const unsigned char *in" +.Fa "unsigned char *out" +.Fa "long length" +.Fa "DES_key_schedule *ks1" +.Fa "DES_key_schedule *ks2" +.Fa "DES_cblock *ivec" +.Fa "int *num" +.Fa "int enc" +.Fc +.Ft void +.Fo DES_ede2_ofb64_encrypt +.Fa "const unsigned char *in" +.Fa "unsigned char *out" +.Fa "long length" +.Fa "DES_key_schedule *ks1" +.Fa "DES_key_schedule *ks2" +.Fa "DES_cblock *ivec" +.Fa "int *num" +.Fc +.Ft void +.Fo DES_ede3_cbc_encrypt +.Fa "const unsigned char *input" +.Fa "unsigned char *output" +.Fa "long length" +.Fa "DES_key_schedule *ks1" +.Fa "DES_key_schedule *ks2" +.Fa "DES_key_schedule *ks3" +.Fa "DES_cblock *ivec" +.Fa "int enc" +.Fc +.Ft void +.Fo DES_ede3_cbcm_encrypt +.Fa "const unsigned char *in" +.Fa "unsigned char *out" +.Fa "long length" +.Fa "DES_key_schedule *ks1" +.Fa "DES_key_schedule *ks2" +.Fa "DES_key_schedule *ks3" +.Fa "DES_cblock *ivec1" +.Fa "DES_cblock *ivec2" +.Fa "int enc" +.Fc +.Ft void +.Fo DES_ede3_cfb64_encrypt +.Fa "const unsigned char *in" +.Fa "unsigned char *out" +.Fa "long length" +.Fa "DES_key_schedule *ks1" +.Fa "DES_key_schedule *ks2" +.Fa "DES_key_schedule *ks3" +.Fa "DES_cblock *ivec" +.Fa "int *num" +.Fa "int enc" +.Fc +.Ft void +.Fo DES_ede3_ofb64_encrypt +.Fa "const unsigned char *in" +.Fa "unsigned char *out" +.Fa "long length" +.Fa "DES_key_schedule *ks1" +.Fa "DES_key_schedule *ks2" +.Fa "DES_key_schedule *ks3" +.Fa "DES_cblock *ivec" +.Fa "int *num" +.Fc +.Ft DES_LONG +.Fo DES_cbc_cksum +.Fa "const unsigned char *input" +.Fa "DES_cblock *output" +.Fa "long length" +.Fa "DES_key_schedule *schedule" +.Fa "const_DES_cblock *ivec" +.Fc +.Ft DES_LONG +.Fo DES_quad_cksum +.Fa "const unsigned char *input" +.Fa "DES_cblock output[]" +.Fa "long length" +.Fa "int out_count" +.Fa "DES_cblock *seed" +.Fc +.Ft void +.Fo DES_string_to_key +.Fa "const char *str" +.Fa "DES_cblock *key" +.Fc +.Ft void +.Fo DES_string_to_2keys +.Fa "const char *str" +.Fa "DES_cblock *key1" +.Fa "DES_cblock *key2" +.Fc +.Ft char * +.Fo DES_fcrypt +.Fa "const char *buf" +.Fa "const char *salt" +.Fa "char *ret" +.Fc +.Ft char * +.Fo DES_crypt +.Fa "const char *buf" +.Fa "const char *salt" +.Fc +.Ft int +.Fo DES_enc_read +.Fa "int fd" +.Fa "void *buf" +.Fa "int len" +.Fa "DES_key_schedule *sched" +.Fa "DES_cblock *iv" +.Fc +.Ft int +.Fo DES_enc_write +.Fa "int fd" +.Fa "const void *buf" +.Fa "int len" +.Fa "DES_key_schedule *sched" +.Fa "DES_cblock *iv" +.Fc +.Sh DESCRIPTION +This library contains a fast implementation of the DES encryption +algorithm. +.Pp +There are two phases to the use of DES encryption. +The first is the generation of a +.Vt DES_key_schedule +from a key, and the second is the actual encryption. +A DES key is of type +.Vt DES_cblock . +This type consists of 8 bytes with odd parity. +The least significant bit in each byte is the parity bit. +The key schedule is an expanded form of the key; it is used to speed the +encryption process. +.Pp +.Fn DES_random_key +generates a random key in odd parity. +.Pp +Before a DES key can be used, it must be converted into the architecture +dependent +.Vt DES_key_schedule +via the +.Fn DES_set_key_checked +or +.Fn DES_set_key_unchecked +function. +.Pp +.Fn DES_set_key_checked +will check that the key passed is of odd parity and is not a weak or +semi-weak key. +If the parity is wrong, then -1 is returned. +If the key is a weak key, then -2 is returned. +If an error is returned, the key schedule is not generated. +.Pp +.Fn DES_set_key +works like +.Fn DES_set_key_checked +if the +.Em DES_check_key +flag is non-zero, otherwise like +.Fn DES_set_key_unchecked . +These functions are available for compatibility; it is recommended to +use a function that does not depend on a global variable. +.Pp +.Fn DES_set_odd_parity +sets the parity of the passed +.Fa key +to odd. +.Pp +The following routines mostly operate on an input and output stream of +.Vt DES_cblock Ns s . +.Pp +.Fn DES_ecb_encrypt +is the basic DES encryption routine that encrypts or decrypts a single +8-byte +.Vt DES_cblock +in electronic code book (ECB) mode. +It always transforms the input data, pointed to by +.Fa input , +into the output data, pointed to by the +.Fa output +argument. +If the +.Fa enc +argument is non-zero +.Pq Dv DES_ENCRYPT , +the +.Fa input +(cleartext) is encrypted into the +.Fa output +(ciphertext) using the key_schedule specified by the +.Fa schedule +argument, previously set via +.Fn DES_set_key . +If +.Fa enc +is zero +.Pq Dv DES_DECRYPT , +the +.Fa input +(now ciphertext) is decrypted into the +.Fa output +(now cleartext). +Input and output may overlap. +.Fn DES_ecb_encrypt +does not return a value. +.Pp +.Fn DES_ecb3_encrypt +encrypts/decrypts the +.Fa input +block by using three-key Triple-DES encryption in ECB mode. +This involves encrypting the input with +.Fa ks1 , +decrypting with the key schedule +.Fa ks2 , +and then encrypting with +.Fa ks3 . +This routine greatly reduces the chances of brute force breaking of DES +and has the advantage of if +.Fa ks1 , +.Fa ks2 , +and +.Fa ks3 +are the same, it is equivalent to just encryption using ECB mode and +.Fa ks1 +as the key. +.Pp +The macro +.Fn DES_ecb2_encrypt +is provided to perform two-key Triple-DES encryption by using +.Fa ks1 +for the final encryption. +.Pp +.Fn DES_ncbc_encrypt +encrypts/decrypts using the cipher-block-chaining (CBC) mode of DES. +If the +.Fa enc +argument is non-zero, the routine cipher-block-chain encrypts the +cleartext data pointed to by the +.Fa input +argument into the ciphertext pointed to by the +.Fa output +argument, using the key schedule provided by the +.Fa schedule +argument, and initialization vector provided by the +.Fa ivec +argument. +If the +.Fa length +argument is not an integral multiple of eight bytes, the last block is +copied to a temporary area and zero filled. +The output is always an integral multiple of eight bytes. +.Pp +.Fn DES_xcbc_encrypt +is RSA's DESX mode of DES. +It uses +.Fa inw +and +.Fa outw +to "whiten" the encryption. +.Fa inw +and +.Fa outw +are secret (unlike the iv) and are as such, part of the key. +So the key is sort of 24 bytes. +This is much better than CBC DES. +.Pp +.Fn DES_ede3_cbc_encrypt +implements outer triple CBC DES encryption with three keys. +This means that each DES operation inside the CBC mode is +.Qq Li C=E(ks3,D(ks2,E(ks1,M))) . +This mode is used by SSL. +.Pp +The +.Fn DES_ede2_cbc_encrypt +macro implements two-key Triple-DES by reusing +.Fa ks1 +for the final encryption. +.Qq Li C=E(ks1,D(ks2,E(ks1,M))) . +This form of Triple-DES is used by the RSAREF library. +.Pp +.Fn DES_pcbc_encrypt +encrypts/decrypts using the propagating cipher block chaining mode used +by Kerberos v4. +Its parameters are the same as +.Fn DES_ncbc_encrypt . +.Pp +.Fn DES_cfb_encrypt +encrypts/decrypts using cipher feedback mode. +This method takes an array of characters as input and outputs an array +of characters. +It does not require any padding to 8 character groups. +Note: the +.Fa ivec +variable is changed and the new changed value needs to be passed to the +next call to this function. +Since this function runs a complete DES ECB encryption per +.Fa numbits , +this function is only suggested for use when sending a small number of +characters. +.Pp +.Fn DES_cfb64_encrypt +implements CFB mode of DES with 64-bit feedback. +Why is this useful you ask? +Because this routine will allow you to encrypt an arbitrary number of +bytes, without 8 byte padding. +Each call to this routine will encrypt the input bytes to output and +then update ivec and num. +num contains "how far" we are though ivec. +If this does not make much sense, read more about CFB mode of DES. +.Pp +.Fn DES_ede3_cfb64_encrypt +and +.Fn DES_ede2_cfb64_encrypt +is the same as +.Fn DES_cfb64_encrypt +except that Triple-DES is used. +.Pp +.Fn DES_ofb_encrypt +encrypts using output feedback mode. +This method takes an array of characters as input and outputs an array +of characters. +It does not require any padding to 8 character groups. +Note: the +.Fa ivec +variable is changed and the new changed value needs to be passed to the +next call to this function. +Since this function runs a complete DES ECB encryption per +.Fa numbits , +this function is only suggested for use when sending a small number +of characters. +.Pp +.Fn DES_ofb64_encrypt +is the same as +.Fn DES_cfb64_encrypt +using Output Feed Back mode. +.Pp +.Fn DES_ede3_ofb64_encrypt +and +.Fn DES_ede2_ofb64_encrypt +is the same as +.Fn DES_ofb64_encrypt , +using Triple-DES. +.Pp +The following functions are included in the DES library for +compatibility with the MIT Kerberos library. +.Pp +.Fn DES_cbc_cksum +produces an 8-byte checksum based on the input stream (via CBC +encryption). +The last 4 bytes of the checksum are returned and the complete 8 bytes +are placed in +.Fa output . +This function is used by Kerberos v4. +Other applications should use +.Xr EVP_DigestInit 3 +etc. instead. +.Pp +.Fn DES_quad_cksum +is a Kerberos v4 function. +It returns a 4-byte checksum from the input bytes. +The algorithm can be iterated over the input, depending on +.Fa out_count , +1, 2, 3 or 4 times. +If +.Fa output +is +.Pf non- Dv NULL , +the 8 bytes generated by each pass are written into +.Fa output . +.Pp +The following are DES-based transformations: +.Pp +.Fn DES_fcrypt +is a fast version of the Unix +.Xr crypt 3 +function. +The +.Fa salt +must be two ASCII characters. +This version is different from the normal crypt in that the third +parameter is the buffer that the return value is written into. +It needs to be at least 14 bytes long. +The fourteenth byte is set to NUL. +This version takes only a small amount of space relative to other +fast crypt implementations. +It is thread safe, unlike the normal crypt. +.Pp +.Fn DES_crypt +is a faster replacement for the normal system +.Xr crypt 3 . +This function calls +.Fn DES_fcrypt +with a static array passed as the third parameter. +This emulates the normal non-thread safe semantics of +.Xr crypt 3 . +.Pp +.Fn DES_enc_write +writes +.Fa len +bytes to file descriptor +.Fa fd +from buffer +.Fa buf . +The data is encrypted via +.Em pcbc_encrypt +(default) using +.Fa sched +for the key and +.Fa iv +as a starting vector. +The actual data send down +.Fa fd +consists of 4 bytes (in network byte order) containing the length of the +following encrypted data. +The encrypted data then follows, padded with random data out to a +multiple of 8 bytes. +.Pp +.Fn DES_enc_read +is used to read +.Fa len +bytes from file descriptor +.Fa fd +into buffer +.Fa buf . +The data being read from +.Fa fd +is assumed to have come from +.Fn DES_enc_write +and is decrypted using +.Fa sched +for the key schedule and +.Fa iv +for the initial vector. +.Pp +.Sy Warning : +The data format used by +.Fn DES_enc_write +and +.Fn DES_enc_read +has a cryptographic weakness: when asked to write more than +.Dv MAXWRITE +bytes, +.Fn DES_enc_write +will split the data into several chunks that are all encrypted using the +same IV. +So don't use these functions unless you are sure you know what +you do (in which case you might not want to use them anyway). +They cannot handle non-blocking sockets. +.Fn DES_enc_read +uses an internal state and thus cannot be used on multiple files. +.Pp +.Em DES_rw_mode +is used to specify the encryption mode to use with +.Fn DES_enc_read . +If set to +.Dv DES_PCBC_MODE +(the default), DES_pcbc_encrypt is used. +If set to +.Dv DES_CBC_MODE +DES_cbc_encrypt is used. +.Sh RETURN VALUES +.Fn DES_set_key , +.Fn DES_key_sched , +and +.Fn DES_set_key_checked +return 0 on success or a negative value on error. +.Pp +.Fn DES_is_weak_key +returns 1 if the passed key is a weak key or 0 if it is ok. +.Pp +.Fn DES_cbc_cksum +and +.Fn DES_quad_cksum +return a 4-byte integer representing the last 4 bytes of the checksum +of the input. +.Pp +.Fn DES_fcrypt +returns a pointer to the caller-provided buffer +.Fa ret , +and +.Fn DES_crypt +returns a pointer to a static buffer. +Both are allowed to return +.Dv NULL +to indicate failure, but currently, they cannot fail. +.Sh SEE ALSO +.Xr crypt 3 , +.Xr RAND_bytes 3 +.Pp +The +.Xr evp 3 +library provides higher-level encryption functions. +.Sh STANDARDS +ANSI X3.106 +.Pp +The DES library was initially written to be source code compatible +with the MIT Kerberos library. +.Sh HISTORY +.Fn DES_random_key , +.Fn DES_set_key , +.Fn DES_key_sched , +.Fn DES_set_odd_parity , +.Fn DES_is_weak_key , +.Fn DES_ecb_encrypt , +.Fn DES_cfb_encrypt , +.Fn DES_ofb_encrypt , +.Fn DES_pcbc_encrypt , +.Fn DES_cfb64_encrypt , +.Fn DES_ofb64_encrypt , +.Fn DES_ede3_cbc_encrypt , +.Fn DES_cbc_cksum , +.Fn DES_quad_cksum , +.Fn DES_string_to_key , +.Fn DES_string_to_2keys , +.Fn DES_crypt , +.Fn DES_enc_read , +and +.Fn DES_enc_write +appeared in SSLeay 0.4 or earlier. +.Fn DES_ncbc_encrypt +first appeared in SSLeay 0.4.2. +.Fn DES_ede2_cbc_encrypt +first appeared in SSLeay 0.4.4. +.Fn DES_ecb2_encrypt , +.Fn DES_ecb3_encrypt , +.Fn DES_ede2_cfb64_encrypt , +.Fn DES_ede2_ofb64_encrypt , +.Fn DES_ede3_cfb64_encrypt , +and +.Fn DES_ede3_ofb64_encrypt +first appeared in SSLeay 0.5.1. +.Fn DES_xcbc_encrypt +first appeared in SSLeay 0.6.2. +.Fn DES_fcrypt +first appeared in SSLeay 0.6.5. +These functions have been available since +.Ox 2.4 . +.Pp +.Fn DES_set_key_checked +and +.Fn DES_set_key_unchecked +first appeared in OpenSSL 0.9.5 and have been available since +.Ox 2.7 . +.Pp +In OpenSSL 0.9.7 and +.Ox 3.2 , +all +.Sy des_ +functions were renamed to +.Sy DES_ +to avoid clashes with older versions of libdes. +.Sh AUTHORS +.An Eric Young Aq Mt eay@cryptsoft.com +.Sh CAVEATS +Single-key DES is insecure due to its short key size. +ECB mode is not suitable for most applications. +.Sh BUGS +DES_cbc_encrypt does not modify +.Fa ivec ; +use +.Fn DES_ncbc_encrypt +instead. +.Pp +.Fn DES_cfb_encrypt +and +.Fn DES_ofb_encrypt +operates on input of 8 bits. +What this means is that if you set numbits to 12, and length to 2, the +first 12 bits will come from the 1st input byte and the low half of the +second input byte. +The second 12 bits will have the low 8 bits taken from the 3rd input +byte and the top 4 bits taken from the 4th input byte. +The same holds for output. +This function has been implemented this way because most people will be +using a multiple of 8 and because once you get into pulling input +bytes apart things get ugly! +.Pp +.Fn DES_string_to_key +is available for backward compatibility with the MIT library. +New applications should use a cryptographic hash function. +The same applies for +.Fn DES_string_to_2key . diff --git a/src/lib/libcrypto/man/DH_generate_key.3 b/src/lib/libcrypto/man/DH_generate_key.3 new file mode 100644 index 00000000000..2c44cf986fa --- /dev/null +++ b/src/lib/libcrypto/man/DH_generate_key.3 @@ -0,0 +1,123 @@ +.\" $OpenBSD: DH_generate_key.3,v 1.9 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Ulf Moeller . +.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt DH_GENERATE_KEY 3 +.Os +.Sh NAME +.Nm DH_generate_key , +.Nm DH_compute_key +.Nd perform Diffie-Hellman key exchange +.Sh SYNOPSIS +.In openssl/dh.h +.Ft int +.Fo DH_generate_key +.Fa "DH *dh" +.Fc +.Ft int +.Fo DH_compute_key +.Fa "unsigned char *key" +.Fa "BIGNUM *pub_key" +.Fa "DH *dh" +.Fc +.Sh DESCRIPTION +.Fn DH_generate_key +performs the first step of a Diffie-Hellman key exchange by generating +private and public DH values. +By calling +.Fn DH_compute_key , +these are combined with the other party's public value to compute the +shared key. +.Pp +.Fn DH_generate_key +expects +.Fa dh +to contain the shared parameters +.Sy dh->p +and +.Sy dh->g . +It generates a random private DH value unless +.Sy dh->priv_key +is already set, and computes the corresponding public value +.Sy dh->pub_key , +which can then be published. +.Pp +.Fn DH_compute_key +computes the shared secret from the private DH value in +.Fa dh +and the other party's public value in +.Fa pub_key +and stores it in +.Fa key . +.Fa key +must point to +.Fn DH_size dh +bytes of memory. +.Sh RETURN VALUES +.Fn DH_generate_key +returns 1 on success, or 0 otherwise. +.Pp +.Fn DH_compute_key +returns the size of the shared secret on success, or -1 on error. +.Pp +The error codes can be obtained by +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr DH_get0_key 3 , +.Xr DH_new 3 , +.Xr DH_size 3 , +.Xr ERR_get_error 3 , +.Xr RAND_bytes 3 +.Sh HISTORY +.Fn DH_generate_key +and +.Fn DH_compute_key +first appeared in SSLeay 0.5.1 and have been available since +.Ox 2.4 . diff --git a/src/lib/libcrypto/man/DH_generate_parameters.3 b/src/lib/libcrypto/man/DH_generate_parameters.3 new file mode 100644 index 00000000000..190ff098e08 --- /dev/null +++ b/src/lib/libcrypto/man/DH_generate_parameters.3 @@ -0,0 +1,190 @@ +.\" $OpenBSD: DH_generate_parameters.3,v 1.11 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL 05ea606a May 20 20:52:46 2016 -0400 +.\" +.\" This file was written by Ulf Moeller . +.\" Copyright (c) 2000, 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt DH_GENERATE_PARAMETERS 3 +.Os +.Sh NAME +.Nm DH_generate_parameters_ex , +.Nm DH_check , +.Nm DH_generate_parameters +.Nd generate and check Diffie-Hellman parameters +.Sh SYNOPSIS +.In openssl/dh.h +.Ft int +.Fo DH_generate_parameters_ex +.Fa "DH *dh" +.Fa "int prime_len" +.Fa "int generator" +.Fa "BN_GENCB *cb" +.Fc +.Ft int +.Fo DH_check +.Fa "DH *dh" +.Fa "int *codes" +.Fc +.Pp +Deprecated: +.Pp +.Ft DH * +.Fo DH_generate_parameters +.Fa "int prime_len" +.Fa "int generator" +.Fa "void (*callback)(int, int, void *)" +.Fa "void *cb_arg" +.Fc +.Sh DESCRIPTION +.Fn DH_generate_parameters_ex +generates Diffie-Hellman parameters that can be shared among a group of +users, and stores them in the provided +.Vt DH +structure. +.Pp +.Fa prime_len +is the length in bits of the safe prime to be generated. +.Fa generator +is a small number > 1, typically 2 or 5. +.Pp +A callback function may be used to provide feedback about the progress +of the key generation. +If +.Fa cb +is not +.Dv NULL , +it will be called as described in +.Xr BN_generate_prime 3 +while a random prime number is generated, and when a prime has been +found, +.Fn BN_GENCB_call cb 3 0 +is called; see +.Xr BN_GENCB_call 3 . +.Pp +.Fn DH_check +validates Diffie-Hellman parameters. +If no problems are found, +.Pf * Ar codes +is set to zero. +Otherwise, one or more of the following bits are set: +.Bl -tag -width Ds +.It Dv DH_CHECK_P_NOT_PRIME +The parameter +.Fa dh->p +is not prime. +.It Dv DH_CHECK_P_NOT_SAFE_PRIME +The parameter +.Fa dh->p +is not a safe prime. +.It Dv DH_UNABLE_TO_CHECK_GENERATOR +The generator +.Fa dh->g +cannot be checked for suitability: it is neither 2 nor 5. +.It Dv DH_NOT_SUITABLE_GENERATOR +The generator +.Fa dh->g +is not suitable. +.El +.Sh RETURN VALUES +.Fn DH_generate_parameters_ex +and +.Fn DH_check +return 1 if the check could be performed, or 0 otherwise. +.Pp +.Fn DH_generate_parameters +(deprecated) returns a pointer to the +.Vt DH +structure, or +.Dv NULL +if the parameter generation fails. +.Pp +The error codes can be obtained by +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr DH_get0_pqg 3 , +.Xr DH_new 3 , +.Xr ERR_get_error 3 , +.Xr RAND_bytes 3 +.Sh HISTORY +.Fn DH_check +and +.Fn DH_generate_parameters +first appeared in SSLeay 0.5.1 and have been available since +.Ox 2.4 . +.Pp +The +.Fa cb_arg +argument to +.Fn DH_generate_parameters +was added in SSLeay 0.9.0. +.Pp +In versions before OpenSSL 0.9.5, +.Dv DH_CHECK_P_NOT_STRONG_PRIME +is used instead of +.Dv DH_CHECK_P_NOT_SAFE_PRIME . +.Pp +.Fn DH_generate_parameters_ex +first appeared in OpenSSL 0.9.8 and has been available since +.Ox 4.5 . +.Sh CAVEATS +.Fn DH_generate_parameters_ex +and +.Fn DH_generate_parameters +may run for several hours before finding a suitable prime. +.Pp +The parameters generated by +.Fn DH_generate_parameters_ex +and +.Fn DH_generate_parameters +are not to be used in signature schemes. +.Sh BUGS +If +.Fa generator +is not 2 or 5, +.Fa dh->g Ns = Ns Fa generator +is not a usable generator. diff --git a/src/lib/libcrypto/man/DH_get0_pqg.3 b/src/lib/libcrypto/man/DH_get0_pqg.3 new file mode 100644 index 00000000000..5a115b71d01 --- /dev/null +++ b/src/lib/libcrypto/man/DH_get0_pqg.3 @@ -0,0 +1,273 @@ +.\" $OpenBSD: DH_get0_pqg.3,v 1.5 2018/12/21 21:54:48 schwarze Exp $ +.\" selective merge up to: OpenSSL 83cf7abf May 29 13:07:08 2018 +0100 +.\" +.\" This file was written by Matt Caswell . +.\" Copyright (c) 2016, 2018 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: December 21 2018 $ +.Dt DH_GET0_PQG 3 +.Os +.Sh NAME +.Nm DH_get0_pqg , +.Nm DH_set0_pqg , +.Nm DH_get0_key , +.Nm DH_set0_key , +.Nm DH_clear_flags , +.Nm DH_test_flags , +.Nm DH_set_flags , +.Nm DH_get0_engine , +.Nm DH_set_length +.Nd get data from and set data in a DH object +.Sh SYNOPSIS +.In openssl/dh.h +.Ft void +.Fo DH_get0_pqg +.Fa "const DH *dh" +.Fa "const BIGNUM **p" +.Fa "const BIGNUM **q" +.Fa "const BIGNUM **g" +.Fc +.Ft int +.Fo DH_set0_pqg +.Fa "DH *dh" +.Fa "BIGNUM *p" +.Fa "BIGNUM *q" +.Fa "BIGNUM *g" +.Fc +.Ft void +.Fo DH_get0_key +.Fa "const DH *dh" +.Fa "const BIGNUM **pub_key" +.Fa "const BIGNUM **priv_key" +.Fc +.Ft int +.Fo DH_set0_key +.Fa "DH *dh" +.Fa "BIGNUM *pub_key" +.Fa "BIGNUM *priv_key" +.Fc +.Ft void +.Fo DH_clear_flags +.Fa "DH *dh" +.Fa "int flags" +.Fc +.Ft int +.Fo DH_test_flags +.Fa "const DH *dh" +.Fa "int flags" +.Fc +.Ft void +.Fo DH_set_flags +.Fa "DH *dh" +.Fa "int flags" +.Fc +.Ft ENGINE * +.Fo DH_get0_engine +.Fa "DH *d" +.Fc +.Ft int +.Fo DH_set_length +.Fa "DH *dh" +.Fa "long length" +.Fc +.Sh DESCRIPTION +A +.Vt DH +object contains the parameters +.Fa p , +.Fa g , +and optionally +.Fa q . +It also contains a public key +.Fa pub_key +and an optional private key +.Fa priv_key . +.Pp +The +.Fa p , +.Fa q , +and +.Fa g +parameters can be obtained by calling +.Fn DH_get0_pqg . +If the parameters have not yet been set, then +.Pf * Fa p , +.Pf * Fa q , +and +.Pf * Fa g +are set to +.Dv NULL . +Otherwise, they are set to pointers to the internal representations +of the values that should not be freed by the application. +Any of the out parameters +.Fa p , +.Fa q , +and +.Fa g +can be +.Dv NULL , +in which case no value is returned for that parameter. +.Pp +The +.Fa p , +.Fa q , +and +.Fa g +values can be set by calling +.Fn DH_set0_pqg . +Calling this function transfers the memory management of the values to +.Fa dh , +and therefore they should not be freed by the caller. +The +.Fa q +argument may be +.Dv NULL . +.Pp +The +.Fn DH_get0_key +function stores pointers to the internal representations +of the public key in +.Pf * Fa pub_key +and to the private key in +.Pf * Fa priv_key . +Either may be +.Dv NULL +if it has not yet been set. +If the private key has been set, then the public key must be. +Any of the out parameters +.Fa pub_key +and +.Fa priv_key +can be +.Dv NULL , +in which case no value is returned for that parameter. +.Pp +The public and private key values can be set using +.Fn DH_set0_key . +Either parameter may be +.Dv NULL , +which means the corresponding +.Vt DH +field is left untouched. +This function transfers the memory management of the key values to +.Fa dh , +and therefore they should not be freed by the caller. +.Pp +Values retrieved with +.Fn DH_get0_pqg +and +.Fn DH_get0_key +are owned by the +.Vt DH +object and may therefore not be passed to +.Fn DH_set0_pqg +or +.Fn DH_set0_key . +If needed, duplicate the received values using +.Xr BN_dup 3 +and pass the duplicates. +.Pp +.Fn DH_clear_flags +clears the specified +.Fa flags +in +.Fa dh . +.Fn DH_test_flags +tests the +.Fa flags +in +.Fa dh . +.Fn DH_set_flags +sets the +.Fa flags +in +.Fa dh ; +any flags already set remain set. +For all three functions, multiple flags can be passed in one call, +OR'ed together bitwise. +.Pp +.Fn DH_set_length +sets the optional length attribute of +.Fa dh , +indicating the length of the secret exponent (private key) in bits. +If the length attribute is non-zero, it is used, otherwise it is ignored. +.Sh RETURN VALUES +.Fn DH_set0_pqg , +.Fn DH_set0_key , +and +.Fn DH_set_length +return 1 on success or 0 on failure. +.Pp +.Fn DH_test_flags +return those of the given +.Fa flags +currently set in +.Fa dh +or 0 if none of the given +.Fa flags +are set. +.Pp +.Fn DH_get0_engine +returns a pointer to the +.Vt ENGINE +used by the +.Vt DH +object +.Fa dh , +or +.Dv NULL +if no engine was set for this object. +.Sh SEE ALSO +.Xr DH_generate_key 3 , +.Xr DH_generate_parameters 3 , +.Xr DH_new 3 , +.Xr DH_size 3 , +.Xr DHparams_print 3 +.Sh HISTORY +These functions first appeared in OpenSSL 1.1.0 +and have been available since +.Ox 6.3 . diff --git a/src/lib/libcrypto/man/DH_get_ex_new_index.3 b/src/lib/libcrypto/man/DH_get_ex_new_index.3 new file mode 100644 index 00000000000..81a0aff8ecc --- /dev/null +++ b/src/lib/libcrypto/man/DH_get_ex_new_index.3 @@ -0,0 +1,99 @@ +.\" $OpenBSD: DH_get_ex_new_index.3,v 1.5 2018/03/23 23:18:17 schwarze Exp $ +.\" OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400 +.\" +.\" This file was written by Ulf Moeller . +.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt DH_GET_EX_NEW_INDEX 3 +.Os +.Sh NAME +.Nm DH_get_ex_new_index , +.Nm DH_set_ex_data , +.Nm DH_get_ex_data +.Nd add application specific data to DH structures +.Sh SYNOPSIS +.In openssl/dh.h +.Ft int +.Fo DH_get_ex_new_index +.Fa "long argl" +.Fa "void *argp" +.Fa "CRYPTO_EX_new *new_func" +.Fa "CRYPTO_EX_dup *dup_func" +.Fa "CRYPTO_EX_free *free_func" +.Fc +.Ft int +.Fo DH_set_ex_data +.Fa "DH *d" +.Fa "int idx" +.Fa "void *arg" +.Fc +.Ft char * +.Fo DH_get_ex_data +.Fa "DH *d" +.Fa "int idx" +.Fc +.Sh DESCRIPTION +These functions handle application specific data in +.Vt DH +structures. +Their usage is identical to that of +.Xr RSA_get_ex_new_index 3 , +.Xr RSA_set_ex_data 3 , +and +.Xr RSA_get_ex_data 3 . +.Sh SEE ALSO +.Xr DH_new 3 , +.Xr RSA_get_ex_new_index 3 +.Sh HISTORY +.Fn DH_get_ex_new_index , +.Fn DH_set_ex_data , +and +.Fn DH_get_ex_data +first appeared in OpenSSL 0.9.5 +and have been available since +.Ox 2.7 . diff --git a/src/lib/libcrypto/man/DH_new.3 b/src/lib/libcrypto/man/DH_new.3 new file mode 100644 index 00000000000..3208e767013 --- /dev/null +++ b/src/lib/libcrypto/man/DH_new.3 @@ -0,0 +1,131 @@ +.\" $OpenBSD: DH_new.3,v 1.8 2018/04/18 01:11:45 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Ulf Moeller . +.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: April 18 2018 $ +.Dt DH_NEW 3 +.Os +.Sh NAME +.Nm DH_new , +.Nm DH_up_ref , +.Nm DH_free +.Nd allocate and free DH objects +.Sh SYNOPSIS +.In openssl/dh.h +.Ft DH* +.Fn DH_new void +.Ft int +.Fo DH_up_ref +.Fa "DH *dh" +.Fc +.Ft void +.Fo DH_free +.Fa "DH *dh" +.Fc +.Sh DESCRIPTION +The DH functions implement the Diffie-Hellman key agreement protocol. +.Pp +.Fn DH_new +allocates and initializes a +.Vt DH +structure, setting the reference count to 1. +It is equivalent to +.Xr DH_new_method 3 +with a +.Dv NULL +argument. +.Pp +.Fn DH_up_ref +increments the reference count by 1. +.Pp +.Fn DH_free +decrements the reference count by 1. +If it reaches 0, it frees the +.Vt DH +structure and its components. +The values are erased before the memory is returned to the system. +If +.Fa dh +is a +.Dv NULL +pointer, no action occurs. +.Sh RETURN VALUES +If the allocation fails, +.Fn DH_new +returns +.Dv NULL +and sets an error code that can be obtained by +.Xr ERR_get_error 3 . +Otherwise it returns a pointer to the newly allocated structure. +.Pp +.Fn DH_up_ref +returns 1 for success or 0 for failure. +.Sh SEE ALSO +.Xr BN_new 3 , +.Xr d2i_DHparams 3 , +.Xr DH_generate_key 3 , +.Xr DH_generate_parameters 3 , +.Xr DH_get0_pqg 3 , +.Xr DH_get_ex_new_index 3 , +.Xr DH_set_method 3 , +.Xr DH_size 3 , +.Xr DHparams_print 3 , +.Xr DSA_dup_DH 3 , +.Xr ERR_get_error 3 , +.Xr EVP_PKEY_set1_DH 3 +.Sh HISTORY +.Fn DH_new +and +.Fn DH_free +first appeared in SSLeay 0.5.1 and have been available since +.Ox 2.4 . +.Pp +.Fn DH_up_ref +first appeared in OpenSSL 0.9.7 and has been available since +.Ox 3.2 . diff --git a/src/lib/libcrypto/man/DH_set_method.3 b/src/lib/libcrypto/man/DH_set_method.3 new file mode 100644 index 00000000000..9863cbaca9c --- /dev/null +++ b/src/lib/libcrypto/man/DH_set_method.3 @@ -0,0 +1,217 @@ +.\" $OpenBSD: DH_set_method.3,v 1.7 2018/04/18 01:09:01 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Ulf Moeller . +.\" Copyright (c) 2000, 2002, 2007 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: April 18 2018 $ +.Dt DH_SET_METHOD 3 +.Os +.Sh NAME +.Nm DH_set_default_method , +.Nm DH_get_default_method , +.Nm DH_set_method , +.Nm DH_new_method , +.Nm DH_OpenSSL +.Nd select DH method +.Sh SYNOPSIS +.In openssl/dh.h +.Ft void +.Fo DH_set_default_method +.Fa "const DH_METHOD *meth" +.Fc +.Ft const DH_METHOD * +.Fo DH_get_default_method +.Fa void +.Fc +.Ft int +.Fo DH_set_method +.Fa "DH *dh" +.Fa "const DH_METHOD *meth" +.Fc +.Ft DH * +.Fo DH_new_method +.Fa "ENGINE *engine" +.Fc +.Ft const DH_METHOD * +.Fo DH_OpenSSL +.Fa void +.Fc +.Sh DESCRIPTION +A +.Vt DH_METHOD +object contains pointers to the functions +used for Diffie-Hellman operations. +By default, the internal implementation returned by +.Fn DH_OpenSSL +is used. +By selecting another method, alternative implementations +such as hardware accelerators may be used. +.Pp +.Fn DH_set_default_method +selects +.Fa meth +as the default method for all +.Vt DH +structures created later. +If any +.Vt ENGINE +was registered with +.Xr ENGINE_register_DH 3 +that can be successfully initialized, it overrides the default. +.Pp +.Fn DH_get_default_method +returns a pointer to the current default method, +even if it is actually overridded by an +.Vt ENGINE . +.Pp +.Fn DH_set_method +selects +.Fa meth +to perform all operations using the key +.Fa dh . +This replaces the +.Vt DH_METHOD +used by the +.Fa dh +key and if the previous method was supplied by an +.Vt ENGINE , +.Xr ENGINE_finish 3 +is called on it. +It is possible to have +.Vt DH +keys that only work with certain +.Vt DH_METHOD +implementations (e.g. from an +.Vt ENGINE +module that supports embedded hardware-protected keys), +and in such cases attempting to change the +.Vt DH_METHOD +for the key can have unexpected results. +.Pp +.Fn DH_new_method +allocates and initializes a +.Vt DH +structure so that +.Fa engine +is used for the DH operations. +If +.Fa engine +is +.Dv NULL , +.Xr ENGINE_get_default_DH 3 +is used. +If that returns +.Dv NULL , +the default method controlled by +.Fn DH_set_default_method +is used. +.Pp +The +.Vt DH_METHOD +structure is defined as follows: +.Bd -literal +typedef struct dh_meth_st +{ + /* name of the implementation */ + const char *name; + + /* generate private and public DH values for key agreement */ + int (*generate_key)(DH *dh); + + /* compute shared secret */ + int (*compute_key)(unsigned char *key, BIGNUM *pub_key, DH *dh); + + /* compute r = a ^ p mod m (May be NULL for some implementations) */ + int (*bn_mod_exp)(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *m_ctx); + + /* called at DH_new */ + int (*init)(DH *dh); + + /* called at DH_free */ + int (*finish)(DH *dh); + + int flags; + + char *app_data; /* ?? */ + +} DH_METHOD; +.Ed +.Sh RETURN VALUES +.Fn DH_OpenSSL +and +.Fn DH_get_default_method +return pointers to the respective +.Vt DH_METHOD . +.Pp +.Fn DH_set_method +returns 1 on success or 0 on failure. +Currently, it cannot fail. +.Pp +.Fn DH_new_method +returns +.Dv NULL +and sets an error code that can be obtained by +.Xr ERR_get_error 3 +if the allocation fails. +Otherwise it returns a pointer to the newly allocated structure. +.Sh SEE ALSO +.Xr DH_new 3 , +.Xr ENGINE_get_default_DH 3 , +.Xr ENGINE_register_DH 3 , +.Xr ENGINE_set_default_DH 3 +.Sh HISTORY +.Fn DH_set_default_method , +.Fn DH_get_default_method , +.Fn DH_set_method , +.Fn DH_new_method +and +.Fn DH_OpenSSL +first appeared in OpenSSL 0.9.5 and have been available since +.Ox 2.7 . diff --git a/src/lib/libcrypto/man/DH_size.3 b/src/lib/libcrypto/man/DH_size.3 new file mode 100644 index 00000000000..be1f50990be --- /dev/null +++ b/src/lib/libcrypto/man/DH_size.3 @@ -0,0 +1,96 @@ +.\" $OpenBSD: DH_size.3,v 1.9 2018/03/27 17:35:50 schwarze Exp $ +.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Ulf Moeller +.\" and Kurt Roeckx . +.\" Copyright (c) 2000, 2015 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt DH_SIZE 3 +.Os +.Sh NAME +.Nm DH_size , +.Nm DH_bits +.Nd get Diffie-Hellman prime size +.Sh SYNOPSIS +.In openssl/dh.h +.Ft int +.Fo DH_size +.Fa "const DH *dh" +.Fc +.Ft int +.Fo DH_bits +.Fa "const DH *dh" +.Fc +.Sh DESCRIPTION +.Fn DH_size +returns the Diffie-Hellman prime size in bytes. +It can be used to determine how much memory must be allocated for the +shared secret computed by +.Xr DH_compute_key 3 . +.Pp +.Fn DH_bits +returns the number of significant bits in the key. +.Pp +.Fa dh +and +.Fa dh->p +must not be +.Dv NULL . +.Sh SEE ALSO +.Xr BN_num_bytes 3 , +.Xr DH_generate_key 3 , +.Xr DH_get0_key 3 , +.Xr DH_new 3 +.Sh HISTORY +.Fn DH_size +first appeared in SSLeay 0.5.1 and has been available since +.Ox 2.4 . +.Pp +.Fn DH_bits +first appeared in OpenSSL 1.1.0 and has been available since +.Ox 6.3 . diff --git a/src/lib/libcrypto/man/DIST_POINT_new.3 b/src/lib/libcrypto/man/DIST_POINT_new.3 new file mode 100644 index 00000000000..f97b6d5b55d --- /dev/null +++ b/src/lib/libcrypto/man/DIST_POINT_new.3 @@ -0,0 +1,153 @@ +.\" $OpenBSD: DIST_POINT_new.3,v 1.4 2018/03/23 04:34:23 schwarze Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt DIST_POINT_NEW 3 +.Os +.Sh NAME +.Nm DIST_POINT_new , +.Nm DIST_POINT_free , +.Nm CRL_DIST_POINTS_new , +.Nm CRL_DIST_POINTS_free , +.Nm DIST_POINT_NAME_new , +.Nm DIST_POINT_NAME_free , +.Nm ISSUING_DIST_POINT_new , +.Nm ISSUING_DIST_POINT_free +.Nd X.509 CRL distribution point extensions +.Sh SYNOPSIS +.In openssl/x509v3.h +.Ft DIST_POINT * +.Fn DIST_POINT_new void +.Ft void +.Fn DIST_POINT_free "DIST_POINT *dp" +.Ft CRL_DIST_POINTS * +.Fn CRL_DIST_POINTS_new void +.Ft void +.Fn CRL_DIST_POINTS_free "CRL_DIST_POINTS *dps" +.Ft DIST_POINT_NAME * +.Fn DIST_POINT_NAME_new void +.Ft void +.Fn DIST_POINT_NAME_free "DIST_POINT_NAME *name" +.Ft ISSUING_DIST_POINT * +.Fn ISSUING_DIST_POINT_new void +.Ft void +.Fn ISSUING_DIST_POINT_free "ISSUING_DIST_POINT *dp" +.Sh DESCRIPTION +Using the CRL distribution point extension, a certificate can specify +where to obtain certificate revocation lists that might later revoke it. +.Pp +.Fn DIST_POINT_new +allocates and initializes an empty +.Vt DIST_POINT +object, representing an ASN.1 +.Vt DistributionPoint +structure defined in RFC 5280 section 4.2.1.13. +It can hold issuer names, distribution point names, and reason flags. +.Fn DIST_POINT_free +frees +.Fa dp . +.Pp +.Fn CRL_DIST_POINTS_new +allocates and initializes an empty +.Vt CRL_DIST_POINTS +object, which is a +.Vt STACK_OF(DIST_POINT) +and represents the ASN.1 +.Vt CRLDistributionPoints +structure defined in RFC 5280 section 4.2.1.13. +It can be used as an extension in +.Vt X509 +and in +.Vt X509_CRL +objects. +.Fn CRL_DIST_POINTS_free +frees +.Fa dps . +.Pp +.Fn DIST_POINT_NAME_new +allocates and initializes an empty +.Vt DIST_POINT_NAME +object, representing an ASN.1 +.Vt DistributionPointName +structure defined in RFC 5280 section 4.2.1.13. +It is used by the +.Vt DIST_POINT +and +.Vt ISSUING_DIST_POINT +objects and can hold multiple names, each representing a different +way to obtain the same CRL. +.Fn DIST_POINT_NAME_free +frees +.Fa name . +.Pp +.Fn ISSUING_DIST_POINT_new +allocates and initializes an empty +.Vt ISSUING_DIST_POINT +object, representing an ASN.1 +.Vt IssuingDistributionPoint +structure defined in RFC 5280 section 5.2.5. +Using this extension, a CRL can specify which distribution point +it was issued from and which kinds of certificates and revocation +reasons it covers. +.Fn ISSUING_DIST_POINT_free +frees +.Fa dp . +.Sh RETURN VALUES +.Fn DIST_POINT_new , +.Fn CRL_DIST_POINTS_new , +.Fn DIST_POINT_NAME_new , +and +.Fn ISSUING_DIST_POINT_new +return the new +.Vt DIST_POINT , +.Vt CRL_DIST_POINTS , +.Vt DIST_POINT_NAME , +or +.Vt ISSUING_DIST_POINT +object, respectively, or +.Dv NULL +if an error occurs. +.Sh SEE ALSO +.Xr GENERAL_NAMES_new 3 , +.Xr X509_CRL_new 3 , +.Xr X509_EXTENSION_new 3 , +.Xr X509_NAME_new 3 , +.Xr X509_new 3 +.Sh STANDARDS +RFC 5280: Internet X.509 Public Key Infrastructure Certificate and +Certificate Revocation List (CRL) Profile: +.Bl -dash -compact +.It +section 4.2.1.13: CRL Distribution Points +.It +section 5.2.5: Issuing Distribution Point +.El +.Sh HISTORY +.Fn DIST_POINT_new , +.Fn DIST_POINT_free , +.Fn CRL_DIST_POINTS_new , +.Fn CRL_DIST_POINTS_free , +.Fn DIST_POINT_NAME_new , +and +.Fn DIST_POINT_NAME_free +first appeared in OpenSSL 0.9.3 and have been available since +.Ox 2.6 . +.Pp +.Fn ISSUING_DIST_POINT_new +and +.Fn ISSUING_DIST_POINT_free +first appeared in OpenSSL 1.0.0 and have been available since +.Ox 4.9 . diff --git a/src/lib/libcrypto/man/DSA_SIG_new.3 b/src/lib/libcrypto/man/DSA_SIG_new.3 new file mode 100644 index 00000000000..33f2586bc49 --- /dev/null +++ b/src/lib/libcrypto/man/DSA_SIG_new.3 @@ -0,0 +1,142 @@ +.\" $OpenBSD: DSA_SIG_new.3,v 1.7 2018/03/23 23:18:17 schwarze Exp $ +.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Ulf Moeller , +.\" Dr. Stephen Henson , and +.\" TJ Saunders . +.\" Copyright (c) 2000, 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt DSA_SIG_NEW 3 +.Os +.Sh NAME +.Nm DSA_SIG_new , +.Nm DSA_SIG_free , +.Nm DSA_SIG_get0 , +.Nm DSA_SIG_set0 +.Nd manipulate DSA signature objects +.Sh SYNOPSIS +.In openssl/dsa.h +.Ft DSA_SIG * +.Fn DSA_SIG_new void +.Ft void +.Fo DSA_SIG_free +.Fa "DSA_SIG *sig" +.Fc +.Ft void +.Fo DSA_SIG_get0 +.Fa "const DSA_SIG *sig" +.Fa "const BIGNUM **r" +.Fa "const BIGNUM **s" +.Fc +.Ft int +.Fo DSA_SIG_set0 +.Fa "DSA_SIG *sig" +.Fa "BIGNUM *r" +.Fa "BIGNUM *s" +.Fc +.Sh DESCRIPTION +.Fn DSA_SIG_new +allocates an empty +.Vt DSA_SIG +structure. +.Pp +.Fn DSA_SIG_free +frees the +.Vt DSA_SIG +structure and its components. +The values are erased before the memory is returned to the system. +If +.Fa sig +is a +.Dv NULL +pointer, no action occurs. +.Pp +.Fn DSA_SIG_get0 +retrieves internal pointers to the +.Fa r +and +.Fa s +values contained in +.Fa sig . +.Pp +The +.Fa r +and +.Fa s +values can be set by calling +.Fn DSA_SIG_set0 . +Calling this function transfers the memory management of the values to +.Fa sig , +and therefore they should not be freed by the caller. +.Sh RETURN VALUES +If the allocation fails, +.Fn DSA_SIG_new +returns +.Dv NULL +and sets an error code that can be obtained by +.Xr ERR_get_error 3 . +Otherwise it returns a pointer to the newly allocated structure. +.Pp +.Fn DSA_SIG_set0 +returns 1 on success or 0 on failure. +.Sh SEE ALSO +.Xr DSA_do_sign 3 , +.Xr DSA_new 3 , +.Xr ERR_get_error 3 +.Sh HISTORY +.Fn DSA_SIG_new +and +.Fn DSA_SIG_free +first appeared in OpenSSL 0.9.3 and have been available since +.Ox 2.6 . +.Pp +.Fn DSA_SIG_get0 +and +.Fn DSA_SIG_set0 +first appeared in OpenSSL 1.1.0 and have been available since +.Ox 6.3 . diff --git a/src/lib/libcrypto/man/DSA_do_sign.3 b/src/lib/libcrypto/man/DSA_do_sign.3 new file mode 100644 index 00000000000..454cb444782 --- /dev/null +++ b/src/lib/libcrypto/man/DSA_do_sign.3 @@ -0,0 +1,121 @@ +.\" $OpenBSD: DSA_do_sign.3,v 1.8 2018/03/21 17:57:48 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Ulf Moeller . +.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 21 2018 $ +.Dt DSA_DO_SIGN 3 +.Os +.Sh NAME +.Nm DSA_do_sign , +.Nm DSA_do_verify +.Nd raw DSA signature operations +.Sh SYNOPSIS +.In openssl/dsa.h +.Ft DSA_SIG * +.Fo DSA_do_sign +.Fa "const unsigned char *dgst" +.Fa "int dlen" +.Fa "DSA *dsa" +.Fc +.Ft int +.Fo DSA_do_verify +.Fa "const unsigned char *dgst" +.Fa "int dgst_len" +.Fa "DSA_SIG *sig" +.Fa "DSA *dsa" +.Fc +.Sh DESCRIPTION +.Fn DSA_do_sign +computes a digital signature on the +.Fa dlen +byte message digest +.Fa dgst +using the private key +.Fa dsa +and returns it in a newly allocated +.Vt DSA_SIG +structure. +.Pp +.Xr DSA_sign_setup 3 +may be used to precompute part of the signing operation in case +signature generation is time-critical. +.Pp +.Fn DSA_do_verify +verifies that the signature +.Fa sig +matches a given message digest +.Fa dgst +of size +.Fa dgst_len . +.Fa dsa +is the signer's public key. +.Sh RETURN VALUES +.Fn DSA_do_sign +returns the signature or +.Dv NULL +on error. +.Fn DSA_do_verify +returns 1 for a valid signature, 0 for an incorrect signature, +and -1 on error. +The error codes can be obtained by +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr DSA_get0_key 3 , +.Xr DSA_meth_set_sign 3 , +.Xr DSA_new 3 , +.Xr DSA_SIG_new 3 , +.Xr DSA_sign 3 , +.Xr ERR_get_error 3 , +.Xr RAND_bytes 3 +.Sh HISTORY +.Fn DSA_do_sign +and +.Fn DSA_do_verify +first appeared in OpenSSL 0.9.3 and have been available since +.Ox 2.6 . diff --git a/src/lib/libcrypto/man/DSA_dup_DH.3 b/src/lib/libcrypto/man/DSA_dup_DH.3 new file mode 100644 index 00000000000..a7b4f3ec6d2 --- /dev/null +++ b/src/lib/libcrypto/man/DSA_dup_DH.3 @@ -0,0 +1,93 @@ +.\" $OpenBSD: DSA_dup_DH.3,v 1.7 2018/03/21 21:18:08 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Ulf Moeller . +.\" Copyright (c) 2000, 2002 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 21 2018 $ +.Dt DSA_DUP_DH 3 +.Os +.Sh NAME +.Nm DSA_dup_DH +.Nd create a DH structure out of DSA structure +.Sh SYNOPSIS +.In openssl/dsa.h +.Ft DH * +.Fo DSA_dup_DH +.Fa "const DSA *r" +.Fc +.Sh DESCRIPTION +.Fn DSA_dup_DH +duplicates +.Vt DSA +parameters/keys as +.Vt DH +parameters/keys. +.Fa r->q +is lost during that conversion, but the resulting +.Vt DH +parameters contain its length. +.Sh RETURN VALUES +.Fn DSA_dup_DH +returns the new +.Vt DH +structure or +.Dv NULL +on error. +The error codes can be obtained by +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr DH_new 3 , +.Xr DSA_get0_pqg 3 , +.Xr DSA_new 3 , +.Xr ERR_get_error 3 +.Sh HISTORY +.Fn DSA_dup_DH +first appeared in OpenSSL 0.9.4 and has been available since +.Ox 2.6 . +.Sh CAVEATS +Be careful to avoid small subgroup attacks when using this. diff --git a/src/lib/libcrypto/man/DSA_generate_key.3 b/src/lib/libcrypto/man/DSA_generate_key.3 new file mode 100644 index 00000000000..9e565e05a56 --- /dev/null +++ b/src/lib/libcrypto/man/DSA_generate_key.3 @@ -0,0 +1,86 @@ +.\" $OpenBSD: DSA_generate_key.3,v 1.8 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Ulf Moeller . +.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt DSA_GENERATE_KEY 3 +.Os +.Sh NAME +.Nm DSA_generate_key +.Nd generate DSA key pair +.Sh SYNOPSIS +.In openssl/dsa.h +.Ft int +.Fo DSA_generate_key +.Fa "DSA *a" +.Fc +.Sh DESCRIPTION +.Fn DSA_generate_key +expects +.Fa a +to contain DSA parameters. +It generates a new key pair and stores it in +.Fa a->pub_key +and +.Fa a->priv_key . +.Sh RETURN VALUES +.Fn DSA_generate_key +returns 1 on success or 0 otherwise. +The error codes can be obtained by +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr DSA_generate_parameters 3 , +.Xr DSA_get0_key 3 , +.Xr DSA_new 3 , +.Xr ERR_get_error 3 , +.Xr RAND_bytes 3 +.Sh HISTORY +.Fn DSA_generate_key +first appeared in SSLeay 0.6.0 and has been available since +.Ox 2.4 . diff --git a/src/lib/libcrypto/man/DSA_generate_parameters.3 b/src/lib/libcrypto/man/DSA_generate_parameters.3 new file mode 100644 index 00000000000..d942f7b3840 --- /dev/null +++ b/src/lib/libcrypto/man/DSA_generate_parameters.3 @@ -0,0 +1,228 @@ +.\" $OpenBSD: DSA_generate_parameters.3,v 1.10 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL 9b86974e Aug 7 22:14:47 2015 -0400 +.\" +.\" This file was written by Ulf Moeller , +.\" Bodo Moeller , and Matt Caswell . +.\" Copyright (c) 2000, 2013 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt DSA_GENERATE_PARAMETERS 3 +.Os +.Sh NAME +.Nm DSA_generate_parameters_ex , +.Nm DSA_generate_parameters +.Nd generate DSA parameters +.Sh SYNOPSIS +.In openssl/dsa.h +.Ft int +.Fo DSA_generate_parameters_ex +.Fa "DSA *dsa" +.Fa "int bits" +.Fa "const unsigned char *seed" +.Fa "int seed_len" +.Fa "int *counter_ret" +.Fa "unsigned long *h_ret" +.Fa "BN_GENCB *cb" +.Fc +.Pp +Deprecated: +.Pp +.Ft DSA * +.Fo DSA_generate_parameters +.Fa "int bits" +.Fa "unsigned char *seed" +.Fa "int seed_len" +.Fa "int *counter_ret" +.Fa "unsigned long *h_ret" +.Fa "void (*callback)(int, int, void *)" +.Fa "void *cb_arg" +.Fc +.Sh DESCRIPTION +.Fn DSA_generate_parameters_ex +generates primes p and q and a generator g for use in the DSA and stores +the result in +.Fa dsa . +.Pp +.Fa bits +is the length of the prime to be generated; the DSS allows a maximum of +1024 bits. +.Pp +If +.Fa seed +is +.Dv NULL +or +.Fa seed_len +< 20, the primes will be generated at random. +Otherwise, the seed is used to generate them. +If the given seed does not yield a prime q, a new random seed is chosen +and placed at +.Fa seed . +.Pp +.Fn DSA_generate_parameters_ex +places the iteration count in +.Pf * Fa counter_ret +and a counter used for finding a generator in +.Pf * Fa h_ret , +unless these are +.Dv NULL . +.Pp +A callback function may be used to provide feedback about the progress +of the key generation. +If +.Fa cb +is not +.Dv NULL , +it will be called as shown below. +For information on the +.Vt BN_GENCB +structure, refer to +.Xr BN_GENCB_call 3 . +.Bl -bullet +.It +When a candidate for q is generated, +.Fn BN_GENCB_call cb 0 m++ +is called +.Pf ( Fa m +is 0 for the first candidate). +.It +When a candidate for q has passed a test by trial division, +.Fn BN_GENCB_call cb 1 -1 +is called. +While a candidate for q is tested by Miller-Rabin primality tests, +.Fn BN_GENCB_call cb 1 i +is called in the outer loop (once for each witness that confirms that +the candidate may be prime); +.Fa i +is the loop counter (starting at 0). +.It +When a prime q has been found, +.Fn BN_GENCB_call cb 2 0 +and +.Fn BN_GENCB_call cb 3 0 +are called. +.It +Before a candidate for p (other than the first) is generated and tested, +.Fn BN_GENCB_call cb 0 counter +is called. +.It +When a candidate for p has passed the test by trial division, +.Fn BN_GENCB_call cb 1 -1 +is called. +While it is tested by the Miller-Rabin primality test, +.Fn BN_GENCB_call cb 1 i +is called in the outer loop (once for each witness that confirms that +the candidate may be prime). +.Fa i +is the loop counter (starting at 0). +.It +When p has been found, +.Fn BN_GENCB_call cb 2 1 +is called. +.It +When the generator has been found, +.Fn BN_GENCB_call cb 3 1 +is called. +.El +.Pp +.Fn DSA_generate_parameters +(deprecated) works in much the same way as for +.Fn DSA_generate_parameters_ex , +except that no +.Fa dsa +parameter is passed and instead a newly allocated +.Vt DSA +structure is returned. +Additionally "old style" callbacks are used instead of the newer +.Vt BN_GENCB +based approach. +Refer to +.Xr BN_generate_prime 3 +for further information. +.Sh RETURN VALUES +.Fn DSA_generate_parameters_ex +returns a 1 on success, or 0 otherwise. +.Pp +.Fn DSA_generate_parameters +returns a pointer to the +.Vt DSA +structure, or +.Dv NULL +if the parameter generation fails. +.Pp +The error codes can be obtained by +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr BN_generate_prime 3 , +.Xr DSA_get0_pqg 3 , +.Xr DSA_new 3 , +.Xr ERR_get_error 3 , +.Xr RAND_bytes 3 +.Sh HISTORY +.Fn DSA_generate_parameters +first appeared in SSLeay 0.8.0 and had its +.Fa cb_arg +argument added in SSLeay 0.9.0. +It has been available since +.Ox 2.4 . +.Pp +In versions up to OpenSSL 0.9.4, +.Fn callback 1 ...\& +was called in the inner loop of the Miller-Rabin test whenever it +reached the squaring step (the parameters to +.Fn callback +did not reveal how many witnesses had been tested); since OpenSSL 0.9.5, +.Fn callback 1 ...\& +is called as in +.Xr BN_is_prime 3 , +i.e. once for each witness. +.Pp +.Fn DSA_generate_parameters_ex +first appeared in OpenSSL 0.9.8 and has been available since +.Ox 4.5 . +.Sh BUGS +Seed lengths > 20 are not supported. diff --git a/src/lib/libcrypto/man/DSA_get0_pqg.3 b/src/lib/libcrypto/man/DSA_get0_pqg.3 new file mode 100644 index 00000000000..56d57066bed --- /dev/null +++ b/src/lib/libcrypto/man/DSA_get0_pqg.3 @@ -0,0 +1,252 @@ +.\" $OpenBSD: DSA_get0_pqg.3,v 1.4 2018/03/23 23:18:17 schwarze Exp $ +.\" full merge up to: OpenSSL e90fc053 Jul 15 09:39:45 2017 -0400 +.\" +.\" This file was written by Matt Caswell . +.\" Copyright (c) 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt DSA_GET0_PQG 3 +.Os +.Sh NAME +.Nm DSA_get0_pqg , +.Nm DSA_set0_pqg , +.Nm DSA_get0_key , +.Nm DSA_set0_key , +.Nm DSA_clear_flags , +.Nm DSA_test_flags , +.Nm DSA_set_flags , +.Nm DSA_get0_engine +.Nd get data from and set data in a DSA object +.Sh SYNOPSIS +.In openssl/dsa.h +.Ft void +.Fo DSA_get0_pqg +.Fa "const DSA *d" +.Fa "const BIGNUM **p" +.Fa "const BIGNUM **q" +.Fa "const BIGNUM **g" +.Fc +.Ft int +.Fo DSA_set0_pqg +.Fa "DSA *d" +.Fa "BIGNUM *p" +.Fa "BIGNUM *q" +.Fa "BIGNUM *g" +.Fc +.Ft void +.Fo DSA_get0_key +.Fa "const DSA *d" +.Fa "const BIGNUM **pub_key" +.Fa "const BIGNUM **priv_key" +.Fc +.Ft int +.Fo DSA_set0_key +.Fa "DSA *d" +.Fa "BIGNUM *pub_key" +.Fa "BIGNUM *priv_key" +.Fc +.Ft void +.Fo DSA_clear_flags +.Fa "DSA *d" +.Fa "int flags" +.Fc +.Ft int +.Fo DSA_test_flags +.Fa "const DSA *d" +.Fa "int flags" +.Fc +.Ft void +.Fo DSA_set_flags +.Fa "DSA *d" +.Fa "int flags" +.Fc +.Ft ENGINE * +.Fo DSA_get0_engine +.Fa "DSA *d" +.Fc +.Sh DESCRIPTION +A +.Vt DSA +object contains the parameters +.Fa p , +.Fa q , +and +.Fa g . +It also contains a public key +.Fa pub_key +and an optional private key +.Fa priv_key . +.Pp +The +.Fa p , +.Fa q , +and +.Fa g +parameters can be obtained by calling +.Fn DSA_get0_pqg . +If the parameters have not yet been set, then +.Pf * Fa p , +.Pf * Fa q , +and +.Pf * Fa g +are set to +.Dv NULL . +Otherwise, they are set to pointers to the internal representations +of the values that should not be freed by the application. +.Pp +The +.Fa p , +.Fa q , +and +.Fa g +values can be set by calling +.Fn DSA_set0_pqg . +Calling this function transfers the memory management of the values to +.Fa d , +and therefore they should not be freed by the caller. +.Pp +The +.Fn DSA_get0_key +function stores pointers to the internal representations +of the public key in +.Pf * Fa pub_key +and to the private key in +.Pf * Fa priv_key . +Either may be +.Dv NULL +if it has not yet been set. +If the private key has been set, then the public key must be. +.Pp +The public and private key values can be set using +.Fn DSA_set0_key . +The public key must be +.Pf non- Dv NULL +the first time this function is called on a given +.Vt DSA +object. +The private key may be +.Dv NULL . +On subsequent calls, either may be +.Dv NULL , +which means the corresponding +.Vt DSA +field is left untouched. +.Fn DSA_set0_key +transfers the memory management of the key values to +.Fa d , +and therefore they should not be freed by the caller. +.Pp +Values retrieved with +.Fn DSA_get0_pqg +and +.Fn DSA_get0_key +are owned by the +.Vt DSA +object and may therefore not be passed to +.Fn DSA_set0_pqg +or +.Fn DSA_set0_key . +If needed, duplicate the received values using +.Xr BN_dup 3 +and pass the duplicates. +.Pp +.Fn DSA_clear_flags +clears the specified +.Fa flags +in +.Fa d . +.Fn DSA_test_flags +tests the +.Fa flags +in +.Fa d . +.Fn DSA_set_flags +sets the +.Fa flags +in +.Fa d ; +any flags already set remain set. +For all three functions, multiple flags can be passed in one call, +OR'ed together bitwise. +.Sh RETURN VALUES +.Fn DSA_set0_pqg +and +.Fn DSA_set0_key +return 1 on success or 0 on failure. +.Pp +.Fn DSA_test_flags +returns those of the given +.Fa flags +currently set in +.Fa d +or 0 if none of the given +.Fa flags +are set. +.Pp +.Fn DSA_get0_engine +returns a pointer to the +.Vt ENGINE +used by the +.Vt DSA +object +Fa d , +or +.Dv NULL +if no engine was set for this object. +.Sh SEE ALSO +.Xr DSA_do_sign 3 , +.Xr DSA_dup_DH 3 , +.Xr DSA_generate_key 3 , +.Xr DSA_generate_parameters 3 , +.Xr DSA_new 3 , +.Xr DSA_print 3 , +.Xr DSA_sign 3 , +.Xr DSA_size 3 +.Sh HISTORY +These functions first appeared in OpenSSL 1.1.0 +and have been available since +.Ox 6.3 . diff --git a/src/lib/libcrypto/man/DSA_get_ex_new_index.3 b/src/lib/libcrypto/man/DSA_get_ex_new_index.3 new file mode 100644 index 00000000000..8fe055f3373 --- /dev/null +++ b/src/lib/libcrypto/man/DSA_get_ex_new_index.3 @@ -0,0 +1,98 @@ +.\" $OpenBSD: DSA_get_ex_new_index.3,v 1.5 2018/03/22 16:06:33 schwarze Exp $ +.\" OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400 +.\" +.\" This file was written by Ulf Moeller . +.\" Copyright (c) 2000, 2009 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 22 2018 $ +.Dt DSA_GET_EX_NEW_INDEX 3 +.Os +.Sh NAME +.Nm DSA_get_ex_new_index , +.Nm DSA_set_ex_data , +.Nm DSA_get_ex_data +.Nd add application specific data to DSA structures +.Sh SYNOPSIS +.In openssl/dsa.h +.Ft int +.Fo DSA_get_ex_new_index +.Fa "long argl" +.Fa "void *argp" +.Fa "CRYPTO_EX_new *new_func" +.Fa "CRYPTO_EX_dup *dup_func" +.Fa "CRYPTO_EX_free *free_func" +.Fc +.Ft int +.Fo DSA_set_ex_data +.Fa "DSA *d" +.Fa "int idx" +.Fa "void *arg" +.Fc +.Ft char * +.Fo DSA_get_ex_data +.Fa "DSA *d" +.Fa "int idx" +.Fc +.Sh DESCRIPTION +These functions handle application specific data in +.Vt DSA +structures. +Their usage is identical to that of +.Xr RSA_get_ex_new_index 3 , +.Xr RSA_set_ex_data 3 , +and +.Xr RSA_get_ex_data 3 . +.Sh SEE ALSO +.Xr DSA_new 3 , +.Xr RSA_get_ex_new_index 3 +.Sh HISTORY +.Fn DSA_get_ex_new_index , +.Fn DSA_set_ex_data , +and +.Fn DSA_get_ex_data +first appeared in OpenSSL 0.9.5 and have been available since +.Ox 2.7 . diff --git a/src/lib/libcrypto/man/DSA_meth_new.3 b/src/lib/libcrypto/man/DSA_meth_new.3 new file mode 100644 index 00000000000..41f4382422d --- /dev/null +++ b/src/lib/libcrypto/man/DSA_meth_new.3 @@ -0,0 +1,183 @@ +.\" $OpenBSD: DSA_meth_new.3,v 1.1 2018/03/18 13:06:36 schwarze Exp $ +.\" selective merge up to: OpenSSL a970b14f Jul 31 18:58:40 2017 -0400 +.\" +.\" This file is a derived work. +.\" The changes are covered by the following Copyright and license: +.\" +.\" Copyright (c) 2018 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" The original file was written by Matt Caswell . +.\" Copyright (c) 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 18 2018 $ +.Dt DSA_METH_NEW 3 +.Os +.Sh NAME +.Nm DSA_meth_new , +.Nm DSA_meth_free , +.Nm DSA_meth_dup , +.Nm DSA_meth_set_sign , +.Nm DSA_meth_set_finish +.Nd build up DSA methods +.Sh SYNOPSIS +.In openssl/dsa.h +.Ft DSA_METHOD * +.Fo DSA_meth_new +.Fa "const char *name" +.Fa "int flags" +.Fc +.Ft void +.Fo DSA_meth_free +.Fa "DSA_METHOD *meth" +.Fc +.Ft DSA_METHOD * +.Fo DSA_meth_dup +.Fa "const DSA_METHOD *meth" +.Fc +.Ft int +.Fo DSA_meth_set_sign +.Fa "DSA_METHOD *meth" +.Fa "DSA_SIG *(*sign)(const unsigned char *, int, DSA *)" +.Fc +.Ft int +.Fo DSA_meth_set_finish +.Fa "DSA_METHOD *meth" +.Fa "int (*finish)(DSA *)" +.Fc +.Sh DESCRIPTION +The +.Vt DSA_METHOD +structure holds function pinters for custom DSA implementations. +.Pp +.Fn DSA_meth_new +creates a new +.Vt DSA_METHOD +structure. +A copy of the NUL-terminated +.Fa name +is stored in the new +.Vt DSA_METHOD +object. +Any new +.Vt DSA +object constructed from this +.Vt DSA_METHOD +will have the given +.Fa flags +set by default. +.Pp +.Fn DSA_meth_dup +creates a deep copy of +.Fa meth . +This might be useful for creating a new +.Vt DSA_METHOD +based on an existing one, but with some differences. +.Pp +.Fn DSA_meth_free +destroys +.Fa meth +and frees any memory associated with it. +.Pp +.Fn DSA_meth_set_sign +sets the function used for creating a DSA signature. +This function will be called from +.Xr DSA_do_sign 3 +and indirectly from +.Xr DSA_sign 3 . +The parameters of +.Fa sign +have the same meaning as for +.Xr DSA_do_sign 3 . +.Pp +.Fn DSA_meth_set_finish +sets an optional function for destroying a +.Vt DSA +object. +Unless +.Fa finish +is +.Dv NULL , +it will be called from +.Xr DSA_free 3 . +It takes the same argument +and is intended to do DSA implementation specific cleanup. +The memory used by the +.Vt DSA +object itself should not be freed by the +.Fa finish +function. +.Sh RETURN VALUES +.Fn DSA_meth_new +and +.Fn DSA_meth_dup +return the newly allocated DSA_METHOD object or NULL on failure. +.Pp +All +.Fn DSA_meth_set_* +functions return 1 on success or 0 on failure. +.Sh SEE ALSO +.Xr DSA_do_sign 3 , +.Xr DSA_new 3 , +.Xr DSA_set_method 3 , +.Xr DSA_SIG_new 3 , +.Xr DSA_sign 3 +.Sh HISTORY +These functions first appeared in OpenSSL 1.1.0 +and have been available since +.Ox 6.3 . diff --git a/src/lib/libcrypto/man/DSA_new.3 b/src/lib/libcrypto/man/DSA_new.3 new file mode 100644 index 00000000000..357b113b0ad --- /dev/null +++ b/src/lib/libcrypto/man/DSA_new.3 @@ -0,0 +1,140 @@ +.\" $OpenBSD: DSA_new.3,v 1.10 2018/04/18 01:11:45 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Ulf Moeller . +.\" Copyright (c) 2000, 2002 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: April 18 2018 $ +.Dt DSA_NEW 3 +.Os +.Sh NAME +.Nm DSA_new , +.Nm DSA_up_ref , +.Nm DSA_free +.Nd allocate and free DSA objects +.Sh SYNOPSIS +.In openssl/dsa.h +.Ft DSA* +.Fn DSA_new void +.Ft int +.Fo DSA_up_ref +.Fa "DSA *dsa" +.Fc +.Ft void +.Fo DSA_free +.Fa "DSA *dsa" +.Fc +.Sh DESCRIPTION +The DSA functions implement the Digital Signature Algorithm. +.Pp +.Fn DSA_new +allocates and initializes a +.Vt DSA +structure, setting the reference count to 1. +It is equivalent to calling +.Xr DSA_new_method 3 +with a +.Dv NULL +argument. +.Pp +.Fn DSA_up_ref +increments the reference count by 1. +.Pp +.Fn DSA_free +decrements the reference count by 1. +If it reaches 0, it frees the +.Vt DSA +structure and its components. +The values are erased before the memory is returned to the system. +If +.Fa dsa +is a +.Dv NULL +pointer, no action occurs. +.Sh RETURN VALUES +If the allocation fails, +.Fn DSA_new +returns +.Dv NULL +and sets an error code that can be obtained by +.Xr ERR_get_error 3 . +Otherwise it returns a pointer to the newly allocated structure. +.Pp +.Fn DSA_up_ref +returns 1 for success or 0 for failure. +.Sh SEE ALSO +.Xr BN_new 3 , +.Xr d2i_DSAPublicKey 3 , +.Xr DH_new 3 , +.Xr DSA_do_sign 3 , +.Xr DSA_dup_DH 3 , +.Xr DSA_generate_key 3 , +.Xr DSA_generate_parameters 3 , +.Xr DSA_get0_pqg 3 , +.Xr DSA_get_ex_new_index 3 , +.Xr DSA_meth_new 3 , +.Xr DSA_print 3 , +.Xr DSA_set_method 3 , +.Xr DSA_SIG_new 3 , +.Xr DSA_sign 3 , +.Xr DSA_size 3 , +.Xr ERR_get_error 3 , +.Xr EVP_PKEY_set1_DSA 3 , +.Xr RSA_new 3 +.Sh STANDARDS +US Federal Information Processing Standard FIPS 186 (Digital Signature +Standard, DSS), ANSI X9.30 +.Sh HISTORY +.Fn DSA_new +and +.Fn DSA_free +first appeared in SSLeay 0.6.0 and have been available since +.Ox 2.4 . +.Pp +.Fn DSA_up_ref +first appeared in OpenSSL 0.9.7 and has been available since +.Ox 3.2 . diff --git a/src/lib/libcrypto/man/DSA_set_method.3 b/src/lib/libcrypto/man/DSA_set_method.3 new file mode 100644 index 00000000000..8221f856be5 --- /dev/null +++ b/src/lib/libcrypto/man/DSA_set_method.3 @@ -0,0 +1,221 @@ +.\" $OpenBSD: DSA_set_method.3,v 1.9 2018/04/18 01:09:01 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Ulf Moeller . +.\" Copyright (c) 2000, 2002, 2007 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: April 18 2018 $ +.Dt DSA_SET_METHOD 3 +.Os +.Sh NAME +.Nm DSA_set_default_method , +.Nm DSA_get_default_method , +.Nm DSA_set_method , +.Nm DSA_new_method , +.Nm DSA_OpenSSL +.Nd select DSA method +.Sh SYNOPSIS +.In openssl/dsa.h +.Ft void +.Fo DSA_set_default_method +.Fa "const DSA_METHOD *meth" +.Fc +.Ft const DSA_METHOD * +.Fn DSA_get_default_method void +.Ft int +.Fo DSA_set_method +.Fa "DSA *dsa" +.Fa "const DSA_METHOD *meth" +.Fc +.Ft DSA * +.Fo DSA_new_method +.Fa "ENGINE *engine" +.Fc +.Ft DSA_METHOD * +.Fn DSA_OpenSSL void +.Sh DESCRIPTION +A +.Vt DSA_METHOD +object contains pointers to the functions used for DSA operations. +By default, the internal implementation returned by +.Fn DSA_OpenSSL +is used. +By selecting another method, alternative implementations +such as hardware accelerators may be used. +.Pp +.Fn DSA_set_default_method +selects +.Fa meth +as the default method for all +.Vt DSA +structures created later. +If any +.Vt ENGINE +was registered with +.Xr ENGINE_register_DSA 3 +that can be successfully initialized, it overrides the default. +.Pp +.Fn DSA_get_default_method +returns a pointer to the current default method, +even if it is actually overridded by an +.Vt ENGINE . +.Pp +.Fn DSA_set_method +selects +.Fa meth +to perform all operations using the key +.Fa dsa . +This replaces the +.Vt DSA_METHOD +used by the DSA key and if the previous method was supplied by an +.Vt ENGINE , +.Xr ENGINE_finish 3 +is called on it. +It is possible to have DSA keys that only work with certain +.Vt DSA_METHOD +implementations (e.g. from an +.Vt ENGINE +module that supports embedded hardware-protected keys), +and in such cases attempting to change the +.Vt DSA_METHOD +for the key can have unexpected results. +.Pp +.Fn DSA_new_method +allocates and initializes a +.Vt DSA +structure so that +.Fa engine +is used for the DSA operations. +If +.Fa engine +is +.Dv NULL , +.Xr ENGINE_get_default_DSA 3 +is used. +If that returns +.Dv NULL , +the default method controlled by +.Fn DSA_set_default_method +is used. +.Pp +The +.Vt DSA_METHOD +structure is defined as follows: +.Bd -literal +struct +{ + /* name of the implementation */ + const char *name; + + /* sign */ + DSA_SIG *(*dsa_do_sign)(const unsigned char *dgst, int dlen, + DSA *dsa); + + /* pre-compute k^-1 and r */ + int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, + BIGNUM **rp); + + /* verify */ + int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len, + DSA_SIG *sig, DSA *dsa); + + /* compute rr = a1^p1 * a2^p2 mod m (May be NULL for some + implementations) */ + int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, + BIGNUM *a2, BIGNUM *p2, BIGNUM *m, + BN_CTX *ctx, BN_MONT_CTX *in_mont); + + /* compute r = a ^ p mod m (May be NULL for some implementations) */ + int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a, + const BIGNUM *p, const BIGNUM *m, + BN_CTX *ctx, BN_MONT_CTX *m_ctx); + + /* called at DSA_new */ + int (*init)(DSA *DSA); + + /* called at DSA_free */ + int (*finish)(DSA *DSA); + + int flags; + + char *app_data; /* ?? */ + +} DSA_METHOD; +.Ed +.Sh RETURN VALUES +.Fn DSA_OpenSSL +and +.Fn DSA_get_default_method +return pointers to the respective +.Vt DSA_METHOD . +.Pp +.Fn DSA_set_method +returns 1 on success or 0 on failure. +Currently, it cannot fail. +.Pp +.Fn DSA_new_method +returns +.Dv NULL +and sets an error code that can be obtained by +.Xr ERR_get_error 3 +if the allocation fails. +Otherwise it returns a pointer to the newly allocated structure. +.Sh SEE ALSO +.Xr DSA_meth_new 3 , +.Xr DSA_new 3 , +.Xr ENGINE_get_default_DSA 3 , +.Xr ENGINE_register_DSA 3 , +.Xr ENGINE_set_default_DSA 3 +.Sh HISTORY +.Fn DSA_set_default_method , +.Fn DSA_get_default_method , +.Fn DSA_set_method , +.Fn DSA_new_method , +and +.Fn DSA_OpenSSL +first appeared in OpenSSL 0.9.5 and have been available since +.Ox 2.7 . diff --git a/src/lib/libcrypto/man/DSA_sign.3 b/src/lib/libcrypto/man/DSA_sign.3 new file mode 100644 index 00000000000..460fb595cde --- /dev/null +++ b/src/lib/libcrypto/man/DSA_sign.3 @@ -0,0 +1,175 @@ +.\" $OpenBSD: DSA_sign.3,v 1.8 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Ulf Moeller . +.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt DSA_SIGN 3 +.Os +.Sh NAME +.Nm DSA_sign , +.Nm DSA_sign_setup , +.Nm DSA_verify +.Nd DSA signatures +.Sh SYNOPSIS +.In openssl/dsa.h +.Ft int +.Fo DSA_sign +.Fa "int type" +.Fa "const unsigned char *dgst" +.Fa "int len" +.Fa "unsigned char *sigret" +.Fa "unsigned int *siglen" +.Fa "DSA *dsa" +.Fc +.Ft int +.Fo DSA_sign_setup +.Fa "DSA *dsa" +.Fa "BN_CTX *ctx" +.Fa "BIGNUM **kinvp" +.Fa "BIGNUM **rp" +.Fc +.Ft int +.Fo DSA_verify +.Fa "int type" +.Fa "const unsigned char *dgst" +.Fa "int len" +.Fa "unsigned char *sigbuf" +.Fa "int siglen" +.Fa "DSA *dsa" +.Fc +.Sh DESCRIPTION +.Fn DSA_sign +computes a digital signature on the +.Fa len +byte message digest +.Fa dgst +using the private key +.Fa dsa +and places its ASN.1 DER encoding at +.Fa sigret . +The length of the signature is placed in +.Pf * Fa siglen . +.Fa sigret +must point to +.Fn DSA_size dsa +bytes of memory. +.Pp +.Fn DSA_sign_setup +may be used to precompute part of the signing operation in case +signature generation is time-critical. +It expects +.Fa dsa +to contain DSA parameters. +It places the precomputed values in newly allocated +.Vt BIGNUM Ns s +at +.Pf * Fa kinvp +and +.Pf * Fa rp , +after freeing the old ones unless +.Fa kinvp +and +.Fa rp +are +.Dv NULL . +These values may be passed to +.Fn DSA_sign +in +.Fa dsa->kinv +and +.Sy dsa->r . +.Fa ctx +is a pre-allocated +.Vt BN_CTX +or +.Dv NULL . +.Pp +.Fn DSA_verify +verifies that the signature +.Fa sigbuf +of size +.Fa siglen +matches a given message digest +.Fa dgst +of size +.Fa len . +.Fa dsa +is the signer's public key. +.Pp +The +.Fa type +parameter is ignored. +.Sh RETURN VALUES +.Fn DSA_sign +and +.Fn DSA_sign_setup +return 1 on success or 0 on error. +.Fn DSA_verify +returns 1 for a valid signature, 0 for an incorrect signature, +and -1 on error. +The error codes can be obtained by +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr DSA_do_sign 3 , +.Xr DSA_get0_key 3 , +.Xr DSA_new 3 , +.Xr ERR_get_error 3 , +.Xr RAND_bytes 3 +.Sh STANDARDS +US Federal Information Processing Standard FIPS 186 (Digital Signature +Standard, DSS), ANSI X9.30 +.Sh HISTORY +.Fn DSA_sign +and +.Fn DSA_verify +first appeared in SSLeay 0.6.0. +.Fn DSA_sign_setup +first appeared in SSLeay 0.8.0. +All these functions have been available since +.Ox 2.4 . diff --git a/src/lib/libcrypto/man/DSA_size.3 b/src/lib/libcrypto/man/DSA_size.3 new file mode 100644 index 00000000000..7e935e3a42a --- /dev/null +++ b/src/lib/libcrypto/man/DSA_size.3 @@ -0,0 +1,81 @@ +.\" $OpenBSD: DSA_size.3,v 1.7 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL 05ea606a May 20 20:52:46 2016 -0400 +.\" +.\" This file was written by Ulf Moeller . +.\" Copyright (c) 2000, 2002 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt DSA_SIZE 3 +.Os +.Sh NAME +.Nm DSA_size +.Nd get DSA signature size +.Sh SYNOPSIS +.In openssl/dsa.h +.Ft int +.Fo DSA_size +.Fa "const DSA *dsa" +.Fc +.Sh DESCRIPTION +This function returns the size of an ASN.1 encoded DSA signature in +bytes. +It can be used to determine how much memory must be allocated for a DSA +signature. +.Pp +.Fa dsa->q +must not be +.Dv NULL . +.Sh RETURN VALUES +The size in bytes. +.Sh SEE ALSO +.Xr DSA_get0_pqg 3 , +.Xr DSA_new 3 , +.Xr DSA_sign 3 +.Sh HISTORY +.Fn DSA_size +first appeared in SSLeay 0.6.0 and has been available since +.Ox 2.4 . diff --git a/src/lib/libcrypto/man/ECDSA_SIG_new.3 b/src/lib/libcrypto/man/ECDSA_SIG_new.3 new file mode 100644 index 00000000000..9a9d5ed1674 --- /dev/null +++ b/src/lib/libcrypto/man/ECDSA_SIG_new.3 @@ -0,0 +1,521 @@ +.\" $OpenBSD: ECDSA_SIG_new.3,v 1.12 2018/12/21 22:13:28 schwarze Exp $ +.\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100 +.\" selective merge up to: OpenSSL 6da34cfb Jun 2 16:17:32 2018 -0400 +.\" +.\" This file was written by Nils Larsch . +.\" Copyright (c) 2004, 2005, 2013, 2016 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: December 21 2018 $ +.Dt ECDSA_SIG_NEW 3 +.Os +.Sh NAME +.Nm ECDSA_SIG_new , +.Nm ECDSA_SIG_free , +.Nm ECDSA_SIG_get0 , +.Nm ECDSA_SIG_set0 , +.Nm i2d_ECDSA_SIG , +.Nm d2i_ECDSA_SIG , +.Nm ECDSA_size , +.Nm ECDSA_sign_setup , +.Nm ECDSA_sign , +.Nm ECDSA_sign_ex , +.Nm ECDSA_verify , +.Nm ECDSA_do_sign , +.Nm ECDSA_do_sign_ex , +.Nm ECDSA_do_verify , +.Nm ECDSA_OpenSSL , +.Nm ECDSA_get_default_method , +.Nm ECDSA_set_default_method , +.Nm ECDSA_set_method +.Nd Elliptic Curve Digital Signature Algorithm +.Sh SYNOPSIS +.In openssl/ecdsa.h +.Ft ECDSA_SIG* +.Fo ECDSA_SIG_new +.Fa void +.Fc +.Ft void +.Fo ECDSA_SIG_free +.Fa "ECDSA_SIG *sig" +.Fc +.Ft void +.Fo ECDSA_SIG_get0 +.Fa "const ECDSA_SIG *sig" +.Fa "const BIGNUM **r" +.Fa "const BIGNUM **s" +.Fc +.Ft int +.Fo ECDSA_SIG_set0 +.Fa "ECDSA_SIG *sig" +.Fa "BIGNUM *r" +.Fa "BIGNUM *s" +.Fc +.Ft int +.Fo i2d_ECDSA_SIG +.Fa "const ECDSA_SIG *sig" +.Fa "unsigned char **pp" +.Fc +.Ft ECDSA_SIG* +.Fo d2i_ECDSA_SIG +.Fa "ECDSA_SIG **sig" +.Fa "const unsigned char **pp" +.Fa "long len" +.Fc +.Ft int +.Fo ECDSA_size +.Fa "const EC_KEY *eckey" +.Fc +.Ft int +.Fo ECDSA_sign_setup +.Fa "EC_KEY *eckey" +.Fa "BN_CTX *ctx" +.Fa "BIGNUM **kinv" +.Fa "BIGNUM **rp" +.Fc +.Ft int +.Fo ECDSA_sign +.Fa "int type" +.Fa "const unsigned char *dgst" +.Fa "int dgstlen" +.Fa "unsigned char *sig" +.Fa "unsigned int *siglen" +.Fa "EC_KEY *eckey" +.Fc +.Ft int +.Fo ECDSA_sign_ex +.Fa "int type" +.Fa "const unsigned char *dgst" +.Fa "int dgstlen" +.Fa "unsigned char *sig" +.Fa "unsigned int *siglen" +.Fa "const BIGNUM *kinv" +.Fa "const BIGNUM *rp" +.Fa "EC_KEY *eckey" +.Fc +.Ft int +.Fo ECDSA_verify +.Fa "int type" +.Fa "const unsigned char *dgst" +.Fa "int dgstlen" +.Fa "const unsigned char *sig" +.Fa "int siglen" +.Fa "EC_KEY *eckey" +.Fc +.Ft ECDSA_SIG* +.Fo ECDSA_do_sign +.Fa "const unsigned char *dgst" +.Fa "int dgst_len" +.Fa "EC_KEY *eckey" +.Fc +.Ft ECDSA_SIG* +.Fo ECDSA_do_sign_ex +.Fa "const unsigned char *dgst" +.Fa "int dgstlen" +.Fa "const BIGNUM *kinv" +.Fa "const BIGNUM *rp" +.Fa "EC_KEY *eckey" +.Fc +.Ft int +.Fo ECDSA_do_verify +.Fa "const unsigned char *dgst" +.Fa "int dgst_len" +.Fa "const ECDSA_SIG *sig" +.Fa "EC_KEY* eckey" +.Fc +.Ft const ECDSA_METHOD* +.Fo ECDSA_OpenSSL +.Fa void +.Fc +.Ft const ECDSA_METHOD* +.Fo ECDSA_get_default_method +.Fa void +.Fc +.Ft void +.Fo ECDSA_set_default_method +.Fa "const ECDSA_METHOD *meth" +.Fc +.Ft int +.Fo ECDSA_set_method +.Fa "EC_KEY *eckey" +.Fa "const ECDSA_METHOD *meth" +.Fc +.Sh DESCRIPTION +These functions provide a low level interface to ECDSA. +Most applications should use the higher level EVP interface such as +.Xr EVP_DigestSignInit 3 +or +.Xr EVP_DigestVerifyInit 3 +instead. +Creation of the required +.Vt EC_KEY +objects is described in +.Xr EC_KEY_new 3 . +.Pp +The +.Vt ECDSA_SIG +structure consists of two +.Vt BIGNUM Ns s +for the +.Fa r +and +.Fa s +value of an ECDSA signature (see X9.62 or FIPS 186-2). +.Bd -literal -offset indent +struct { + BIGNUM *r; + BIGNUM *s; +} ECDSA_SIG; +.Ed +.Pp +.Fn ECDSA_SIG_new +allocates a new +.Vt ECDSA_SIG +structure (note: this function also allocates the +.Vt BIGNUM Ns s ) +and initializes it. +.Pp +.Fn ECDSA_SIG_free +frees the +.Vt ECDSA_SIG +structure +.Fa sig . +.Pp +.Fn ECDSA_SIG_get0 +retrieves internal pointers the +.Fa r +and +.Fa s +values contained in +.Fa sig . +.Pp +.Fn ECDSA_SIG_set0 +sets the +.Fa r +and +.Fa s +values in +.Fa sig . +Calling this function transfers the memory management of the values to +.Fa sig . +Therefore, the values that have been passed in +should not be freed by the caller. +.Pp +.Fn i2d_ECDSA_SIG +creates the DER encoding of the ECDSA signature +.Fa sig +and writes the encoded signature to +.Fa *pp +(note: if +.Fa pp +is +.Dv NULL , +.Fn i2d_ECDSA_SIG +returns the expected length in bytes of the DER-encoded signature). +.Fn i2d_ECDSA_SIG +returns the length of the DER-encoded signature (or 0 on error). +.Pp +.Fn d2i_ECDSA_SIG +decodes a DER-encoded ECDSA signature and returns the decoded signature +in a newly allocated +.Vt ECDSA_SIG +structure. +.Fa *sig +points to the buffer containing the DER-encoded signature of size +.Fa len . +.Pp +.Fn ECDSA_size +returns the maximum length of a DER-encoded ECDSA signature created with +the private EC key +.Fa eckey . +.Pp +.Fn ECDSA_sign_setup +may be used to precompute parts of the signing operation. +.Fa eckey +is the private EC key and +.Fa ctx +is a pointer to a +.Vt BN_CTX +structure (or +.Dv NULL ) . +The precomputed values are returned in +.Fa kinv +and +.Fa rp +and can be used in a later call to +.Fa ECDSA_sign_ex +or +.Fa ECDSA_do_sign_ex . +.Pp +.Fn ECDSA_sign +is a wrapper function for +.Fa ECDSA_sign_ex +with +.Fa kinv +and +.Fa rp +set to +.Dv NULL . +.Pp +.Fn ECDSA_sign_ex +computes a digital signature of the +.Fa dgstlen +bytes hash value +.Fa dgst +using the private EC key +.Fa eckey +and the optional pre-computed values +.Fa kinv +and +.Fa rp . +The DER-encoded signature is stored in +.Fa sig +and its length is returned in +.Fa siglen . +Note: +.Fa sig +must point to +.Fn ECDSA_size +bytes of memory. +The parameter +.Fa type +is ignored. +.Pp +.Fn ECDSA_verify +verifies that the signature in +.Fa sig +of size +.Fa siglen +is a valid ECDSA signature of the hash value +.Fa dgst +of size +.Fa dgstlen +using the public key +.Fa eckey . +The parameter +.Fa type +is ignored. +.Pp +.Fn ECDSA_do_sign +is a wrapper function for +.Fn ECDSA_do_sign_ex +with +.Fa kinv +and +.Fa rp +set to +.Dv NULL . +.Pp +.Fn ECDSA_do_sign_ex +computes a digital signature of the +.Fa dgst_len +bytes hash value +.Fa dgst +using the private key +.Fa eckey +and the optional pre-computed values +.Fa kinv +and +.Fa rp . +The signature is returned in a newly allocated +.Vt ECDSA_SIG +structure (or +.Dv NULL +on error). +.Pp +.Fn ECDSA_do_verify +verifies that the signature +.Fa sig +is a valid ECDSA signature of the hash value +.Fa dgst +of size +.Fa dgst_len +using the public key +.Fa eckey . +.Sh RETURN VALUES +.Fn ECDSA_SIG_new +returns the new +.Vt ECDSA_SIG +object or +.Dv NULL +if an error occurs. +.Pp +.Fn ECDSA_size +returns the maximum length signature or 0 on error. +.Pp +.Fn ECDSA_SIG_set0 , +.Fn ECDSA_sign , +.Fn ECDSA_sign_ex , +and +.Fn ECDSA_sign_setup +return 1 if successful or 0 on error. +.Pp +.Fn ECDSA_do_sign +and +.Fn ECDSA_do_sign_ex +return a pointer to an allocated +.Vt ECDSA_SIG +structure or +.Dv NULL +on error. +.Pp +.Fn ECDSA_verify +and +.Fn ECDSA_do_verify +return 1 for a valid signature, 0 for an invalid signature and -1 on +error. +The error codes can be obtained by +.Xr ERR_get_error 3 . +.Sh EXAMPLES +Creating an ECDSA signature of given SHA-1 hash value using the named +curve secp192k1. +.Pp +First step: create an +.Vt EC_KEY +object. +This part is +.Em not +ECDSA specific. +.Bd -literal -offset indent +int ret; +ECDSA_SIG *sig; +EC_KEY *eckey; + +eckey = EC_KEY_new_by_curve_name(NID_secp192k1); +if (eckey == NULL) { + /* error */ +} +if (!EC_KEY_generate_key(eckey)) { + /* error */ +} +.Ed +.Pp +Second step: compute the ECDSA signature of a SHA-1 hash value using +.Fn ECDSA_do_sign +.Bd -literal -offset indent +sig = ECDSA_do_sign(digest, 20, eckey); +if (sig == NULL) { + /* error */ +} +.Ed +.Pp +or using +.Fn ECDSA_sign +.Bd -literal -offset indent +unsigned char *buffer, *pp; +int buf_len; + +buf_len = ECDSA_size(eckey); +buffer = malloc(buf_len); +pp = buffer; +if (!ECDSA_sign(0, dgst, dgstlen, pp, &buf_len, eckey) { + /* error */ +} +.Ed +.Pp +Third step: verify the created ECDSA signature using +.Fn ECDSA_do_verify +.Pp +.Dl ret = ECDSA_do_verify(digest, 20, sig, eckey); +.Pp +or using +.Fn ECDSA_verify +.Pp +.Dl ret = ECDSA_verify(0, digest, 20, buffer, buf_len, eckey); +.Pp +and finally evaluate the return value: +.Bd -literal -offset indent +if (ret == -1) { + /* error */ +} else if (ret == 0) { + /* incorrect signature */ +} else { + /* ret == 1 */ + /* signature ok */ +} +.Ed +.Sh SEE ALSO +.Xr d2i_ECPKParameters 3 , +.Xr DSA_new 3 , +.Xr EC_GROUP_new 3 , +.Xr EC_KEY_new 3 , +.Xr ECDSA_set_ex_data 3 , +.Xr EVP_DigestSignInit 3 , +.Xr EVP_DigestVerifyInit 3 , +.Xr RSA_new 3 +.Sh STANDARDS +ANSI X9.62, US Federal Information Processing Standard FIPS 186-2 +(Digital Signature Standard, DSS) +.Sh HISTORY +.Fn ECDSA_SIG_new , +.Fn ECDSA_SIG_free , +.Fn i2d_ECDSA_SIG , +.Fn d2i_ECDSA_SIG , +.Fn ECDSA_size , +.Fn ECDSA_sign_setup , +.Fn ECDSA_sign , +.Fn ECDSA_sign_ex , +.Fn ECDSA_verify , +.Fn ECDSA_do_sign , +.Fn ECDSA_do_sign_ex , +.Fn ECDSA_do_verify , +.Fn ECDSA_OpenSSL , +.Fn ECDSA_get_default_method , +.Fn ECDSA_set_default_method , +and +.Fn ECDSA_set_method +first appeared in OpenSSL 0.9.8 and have been available since +.Ox 4.5 . +.Pp +.Fn ECDSA_SIG_get0 +and +.Fn ECDSA_SIG_set0 +first appeared in OpenSSL 1.1.0 and have been available since +.Ox 6.3 . +.Sh AUTHORS +.An Nils Larsch +for the OpenSSL project. diff --git a/src/lib/libcrypto/man/EC_GFp_simple_method.3 b/src/lib/libcrypto/man/EC_GFp_simple_method.3 new file mode 100644 index 00000000000..ad5268fa92e --- /dev/null +++ b/src/lib/libcrypto/man/EC_GFp_simple_method.3 @@ -0,0 +1,181 @@ +.\" $OpenBSD: EC_GFp_simple_method.3,v 1.9 2018/03/23 05:48:56 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Matt Caswell . +.\" Copyright (c) 2013 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt EC_GFP_SIMPLE_METHOD 3 +.Os +.Sh NAME +.Nm EC_GFp_simple_method , +.Nm EC_GFp_mont_method , +.Nm EC_GFp_nist_method , +.Nm EC_GFp_nistp224_method , +.Nm EC_GFp_nistp256_method , +.Nm EC_GFp_nistp521_method , +.Nm EC_GF2m_simple_method , +.Nm EC_METHOD_get_field_type +.Nd obtain EC_METHOD objects +.Sh SYNOPSIS +.In openssl/ec.h +.Ft const EC_METHOD * +.Fn EC_GFp_simple_method void +.Ft const EC_METHOD * +.Fn EC_GFp_mont_method void +.Ft const EC_METHOD * +.Fn EC_GFp_nist_method void +.Ft const EC_METHOD * +.Fn EC_GFp_nistp224_method void +.Ft const EC_METHOD * +.Fn EC_GFp_nistp256_method void +.Ft const EC_METHOD * +.Fn EC_GFp_nistp521_method void +.Ft const EC_METHOD * +.Fn EC_GF2m_simple_method void +.Ft int +.Fo EC_METHOD_get_field_type +.Fa "const EC_METHOD *meth" +.Fc +.Sh DESCRIPTION +The elliptic curve library provides a number of different +implementations through a single common interface. +Each implementation is optimised for different scenarios. +An implementation is represented by an +.Vt EC_METHOD +structure. +.Pp +When constructing a curve using +.Xr EC_GROUP_new 3 , +an implementation method must be provided. +The functions described here all return a const pointer to an +.Sy EC_METHOD +structure that can be passed to +.Xr EC_GROUP_new 3 . +It is important that the correct implementation type for the form +of curve selected is used. +.Pp +For F2^m curves there is only one implementation choice, +.Fn EC_GF2_simple_method . +.Pp +For Fp curves the lowest common denominator implementation is the +.Fn EC_GFp_simple_method +implementation. +All other implementations are based on this one. +.Fn EC_GFp_mont_method +adds the use of Montgomery multiplication (see +.Xr BN_mod_mul_montgomery 3 ) . +.Fn EC_GFp_nist_method +offers an implementation optimised for use with NIST recommended +curves. +NIST curves are available through +.Xr EC_GROUP_new_by_curve_name 3 . +.Pp +The functions +.Fn EC_GFp_nistp224_method , +.Fn EC_GFp_nistp256_method , +and +.Fn EC_GFp_nistp521_method +offer 64-bit optimised implementations for the NIST P224, P256 and +P521 curves respectively. +Note, however, that these implementations are not available on all +platforms. +.Pp +.Fn EC_METHOD_get_field_type +identifies what type of field the +.Vt EC_METHOD +structure supports, which will be either F2^m or Fp. +If the field type is Fp, then the value +.Dv NID_X9_62_prime_field +is returned. +If the field type is F2^m, then the value +.Dv NID_X9_62_characteristic_two_field +is returned. +These values are defined in the +.In openssl/obj_mac.h +header file. +.Sh RETURN VALUES +All +.Fn EC_GFp* +functions and +.Fn EC_GF2m_simple_method +always return a const pointer to an +.Vt EC_METHOD +structure. +.Pp +.Fn EC_METHOD_get_field_type +returns an integer that identifies the type of field the +.Vt EC_METHOD +structure supports. +.Sh SEE ALSO +.Xr BN_mod_mul_montgomery 3 , +.Xr d2i_ECPKParameters 3 , +.Xr EC_GROUP_copy 3 , +.Xr EC_GROUP_new 3 , +.Xr EC_KEY_new 3 , +.Xr EC_POINT_add 3 , +.Xr EC_POINT_new 3 +.Sh HISTORY +.Fn EC_GFp_simple_method +and +.Fn EC_GFp_mont_method +first appeared in OpenSSL 0.9.7 and have been available since +.Ox 3.2 . +.Pp +.Fn EC_GFp_nist_method , +.Fn EC_GF2m_simple_method , +and +.Fn EC_METHOD_get_field_type +first appeared in OpenSSL 0.9.8 and have been available since +.Ox 4.5 . +.Pp +.Fn EC_GFp_nistp224_method , +.Fn EC_GFp_nistp256_method , +and +.Fn EC_GFp_nistp521_method +first appeared in OpenSSL 1.0.1 and have been available since +.Ox 5.3 . diff --git a/src/lib/libcrypto/man/EC_GROUP_copy.3 b/src/lib/libcrypto/man/EC_GROUP_copy.3 new file mode 100644 index 00000000000..bdbd72c2cc2 --- /dev/null +++ b/src/lib/libcrypto/man/EC_GROUP_copy.3 @@ -0,0 +1,518 @@ +.\" $OpenBSD: EC_GROUP_copy.3,v 1.10 2018/03/23 23:18:17 schwarze Exp $ +.\" OpenSSL aafbe1cc Jun 12 23:42:08 2013 +0100 +.\" +.\" This file was written by Matt Caswell . +.\" Copyright (c) 2013, 2015 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt EC_GROUP_COPY 3 +.Os +.Sh NAME +.Nm EC_GROUP_copy , +.Nm EC_GROUP_dup , +.Nm EC_GROUP_method_of , +.Nm EC_GROUP_set_generator , +.Nm EC_GROUP_get0_generator , +.Nm EC_GROUP_get_order , +.Nm EC_GROUP_get_cofactor , +.Nm EC_GROUP_set_curve_name , +.Nm EC_GROUP_get_curve_name , +.Nm EC_GROUP_set_asn1_flag , +.Nm EC_GROUP_get_asn1_flag , +.Nm EC_GROUP_set_point_conversion_form , +.Nm EC_GROUP_get_point_conversion_form , +.Nm EC_GROUP_get0_seed , +.Nm EC_GROUP_get_seed_len , +.Nm EC_GROUP_set_seed , +.Nm EC_GROUP_get_degree , +.Nm EC_GROUP_check , +.Nm EC_GROUP_check_discriminant , +.Nm EC_GROUP_cmp , +.Nm EC_GROUP_get_basis_type , +.Nm EC_GROUP_get_trinomial_basis , +.Nm EC_GROUP_get_pentanomial_basis +.Nd manipulate EC_GROUP objects +.Sh SYNOPSIS +.In openssl/ec.h +.In openssl/bn.h +.Ft int +.Fo EC_GROUP_copy +.Fa "EC_GROUP *dst" +.Fa "const EC_GROUP *src" +.Fc +.Ft EC_GROUP * +.Fo EC_GROUP_dup +.Fa "const EC_GROUP *src" +.Fc +.Ft const EC_METHOD * +.Fo EC_GROUP_method_of +.Fa "const EC_GROUP *group" +.Fc +.Ft int +.Fo EC_GROUP_set_generator +.Fa "EC_GROUP *group" +.Fa "const EC_POINT *generator" +.Fa "const BIGNUM *order" +.Fa "const BIGNUM *cofactor" +.Fc +.Ft const EC_POINT * +.Fo EC_GROUP_get0_generator +.Fa "const EC_GROUP *group" +.Fc +.Ft int +.Fo EC_GROUP_get_order +.Fa "const EC_GROUP *group" +.Fa "BIGNUM *order" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo EC_GROUP_get_cofactor +.Fa "const EC_GROUP *group" +.Fa "BIGNUM *cofactor" +.Fa "BN_CTX *ctx" +.Fc +.Ft void +.Fo EC_GROUP_set_curve_name +.Fa "EC_GROUP *group" +.Fa "int nid" +.Fc +.Ft int +.Fo EC_GROUP_get_curve_name +.Fa "const EC_GROUP *group" +.Fc +.Ft void +.Fo EC_GROUP_set_asn1_flag +.Fa "EC_GROUP *group" +.Fa "int flag" +.Fc +.Ft int +.Fo EC_GROUP_get_asn1_flag +.Fa "const EC_GROUP *group" +.Fc +.Ft void +.Fo EC_GROUP_set_point_conversion_form +.Fa "EC_GROUP *group" +.Fa "point_conversion_form_t form" +.Fc +.Ft point_conversion_form_t +.Fo EC_GROUP_get_point_conversion_form +.Fa "const EC_GROUP *" +.Fc +.Ft unsigned char * +.Fo EC_GROUP_get0_seed +.Fa "const EC_GROUP *x" +.Fc +.Ft size_t +.Fo EC_GROUP_get_seed_len +.Fa "const EC_GROUP *" +.Fc +.Ft size_t +.Fo EC_GROUP_set_seed +.Fa "EC_GROUP *" +.Fa "const unsigned char *" +.Fa "size_t len" +.Fc +.Ft int +.Fo EC_GROUP_get_degree +.Fa "const EC_GROUP *group" +.Fc +.Ft int +.Fo EC_GROUP_check +.Fa "const EC_GROUP *group" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo EC_GROUP_check_discriminant +.Fa "const EC_GROUP *group" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo EC_GROUP_cmp +.Fa "const EC_GROUP *a" +.Fa "const EC_GROUP *b" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo EC_GROUP_get_basis_type +.Fa "const EC_GROUP *" +.Fc +.Ft int +.Fo EC_GROUP_get_trinomial_basis +.Fa "const EC_GROUP *" +.Fa "unsigned int *k" +.Fc +.Ft int +.Fo EC_GROUP_get_pentanomial_basis +.Fa "const EC_GROUP *" +.Fa "unsigned int *k1" +.Fa "unsigned int *k2" +.Fa "unsigned int *k3" +.Fc +.Sh DESCRIPTION +These functions operate on +.Vt EC_GROUP +objects created by the functions described in +.Xr EC_GROUP_new 3 . +.Pp +.Fn EC_GROUP_copy +copies the curve +.Fa src +into +.Fa dst . +Both +.Fa src +and +.Fa dst +must use the same +.Vt EC_METHOD . +.Pp +.Fn EC_GROUP_dup +creates a new +.Vt EC_GROUP +object and copies the content from +.Fa src +to the newly created +.Vt EC_GROUP +object. +.Pp +.Fn EC_GROUP_method_of +obtains the +.Vt EC_METHOD +of +.Fa group . +.Pp +.Fn EC_GROUP_set_generator +sets curve parameters that must be agreed by all participants using +the curve. +These parameters include the +.Fa generator , +the +.Fa order +and the +.Fa cofactor . +The +.Fa generator +is a well defined point on the curve chosen for cryptographic +operations. +Integers used for point multiplications will be between 0 and +.Fa order No - 1 . +The +.Fa order +multiplied by the +.Fa cofactor +gives the number of points on the curve. +.Pp +.Fn EC_GROUP_get0_generator +returns the generator for the identified +.Fa group . +.Pp +The functions +.Fn EC_GROUP_get_order +and +.Fn EC_GROUP_get_cofactor +populate the provided +.Fa order +and +.Fa cofactor +parameters with the respective order and cofactors for the +.Fa group . +.Pp +The functions +.Fn EC_GROUP_set_curve_name +and +.Fn EC_GROUP_get_curve_name +set and get the NID for the curve, respectively (see +.Xr EC_GROUP_new 3 ) . +If a curve does not have a NID associated with it, then +.Fn EC_GROUP_get_curve_name +will return 0. +.Pp +The asn1_flag value on a curve is used to determine whether there is a +specific ASN.1 OID to describe the curve or not. +If the asn1_flag is 1 then this is a named curve with an associated ASN.1 OID. +If not then asn1_flag is 0. +The functions +.Fn EC_GROUP_get_asn1_flag +and +.Fn EC_GROUP_set_asn1_flag +get and set the status of the asn1_flag for the curve. +If set, then the curve_name must also be set. +.Pp +The point_conversion_form for a curve controls how +.Vt EC_POINT +data is encoded as ASN.1 as defined in X9.62 (ECDSA). +.Vt point_conversion_form_t +is an enum defined as follows: +.Bd -literal +typedef enum { + /** the point is encoded as z||x, where the octet z specifies + * which solution of the quadratic equation y is */ + POINT_CONVERSION_COMPRESSED = 2, + /** the point is encoded as z||x||y, where z is the octet 0x02 */ + POINT_CONVERSION_UNCOMPRESSED = 4, + /** the point is encoded as z||x||y, where the octet z specifies + * which solution of the quadratic equation y is */ + POINT_CONVERSION_HYBRID = 6 +} point_conversion_form_t; +.Ed +.Pp +For +.Dv POINT_CONVERSION_UNCOMPRESSED +the point is encoded as an octet signifying the UNCOMPRESSED form +has been used followed by the octets for x, followed by the octets +for y. +.Pp +For any given x coordinate for a point on a curve it is possible to +derive two possible y values. +For +.Dv POINT_CONVERSION_COMPRESSED +the point is encoded as an octet signifying that the COMPRESSED +form has been used AND which of the two possible solutions for y +has been used, followed by the octets for x. +.Pp +For +.Dv POINT_CONVERSION_HYBRID +the point is encoded as an octet signifying the HYBRID form has +been used AND which of the two possible solutions for y has been +used, followed by the octets for x, followed by the octets for y. +.Pp +The functions +.Fn EC_GROUP_set_point_conversion_form +and +.Fn EC_GROUP_get_point_conversion_form +set and get the point_conversion_form for the curve, respectively. +.Pp +ANSI X9.62 (ECDSA standard) defines a method of generating the curve +parameter b from a random number. +This provides advantages in that a parameter obtained in this way is +highly unlikely to be susceptible to special purpose attacks, or have +any trapdoors in it. +If the seed is present for a curve then the b parameter was generated in +a verifiable fashion using that seed. +The OpenSSL EC library does not use this seed value but does enable you +to inspect it using +.Fn EC_GROUP_get0_seed . +This returns a pointer to a memory block containing the seed that was +used. +The length of the memory block can be obtained using +.Fn EC_GROUP_get_seed_len . +A number of the builtin curves within the library provide seed values +that can be obtained. +It is also possible to set a custom seed using +.Fn EC_GROUP_set_seed +and passing a pointer to a memory block, along with the length of +the seed. +Again, the EC library will not use this seed value, although it will be +preserved in any ASN.1 based communications. +.Pp +.Fn EC_GROUP_get_degree +gets the degree of the field. +For Fp fields this will be the number of bits in p. +For F2^m fields this will be the value m. +.Pp +The function +.Fn EC_GROUP_check_discriminant +calculates the discriminant for the curve and verifies that it is +valid. +For a curve defined over Fp the discriminant is given by the formula +4*a^3 + 27*b^2 whilst for F2^m curves the discriminant is simply b. +In either case for the curve to be valid the discriminant must be +non-zero. +.Pp +The function +.Fn EC_GROUP_check +performs a number of checks on a curve to verify that it is valid. +Checks performed include verifying that the discriminant is non-zero; +that a generator has been defined; that the generator is on the curve +and has the correct order. +.Pp +.Fn EC_GROUP_cmp +compares +.Fa a +and +.Fa b +to determine whether they represent the same curve or not. +.Pp +The functions +.Fn EC_GROUP_get_basis_type , +.Fn EC_GROUP_get_trinomial_basis , +and +.Fn EC_GROUP_get_pentanomial_basis +should only be called for curves defined over an F2^m field. +Addition and multiplication operations within an F2^m field are +performed using an irreducible polynomial function f(x). +This function is either a trinomial of the form: +.Pp +.Dl f(x) = x^m + x^k + 1 with m > k >= 1 +.Pp +or a pentanomial of the form: +.Pp +.Dl f(x) = x^m + x^k3 + x^k2 + x^k1 + 1 with m > k3 > k2 > k1 >= 1 +.Pp +The function +.Fn EC_GROUP_get_basis_type +returns a NID identifying whether a trinomial or pentanomial is in +use for the field. +The function +.Fn EC_GROUP_get_trinomial_basis +must only be called where f(x) is of the trinomial form, and returns +the value of +.Fa k . +Similarly, the function +.Fn EC_GROUP_get_pentanomial_basis +must only be called where f(x) is of the pentanomial form, and +returns the values of +.Fa k1 , +.Fa k2 , +and +.Fa k3 . +.Sh RETURN VALUES +The following functions return 1 on success or 0 on error: +.Fn EC_GROUP_copy , +.Fn EC_GROUP_set_generator , +.Fn EC_GROUP_check , +.Fn EC_GROUP_check_discriminant , +.Fn EC_GROUP_get_trinomial_basis , +and +.Fn EC_GROUP_get_pentanomial_basis . +.Pp +.Fn EC_GROUP_dup +returns a pointer to the duplicated curve or +.Dv NULL +on error. +.Pp +.Fn EC_GROUP_method_of +returns the +.Vt EC_METHOD +implementation in use for the given curve or +.Dv NULL +on error. +.Pp +.Fn EC_GROUP_get0_generator +returns the generator for the given curve or +.Dv NULL +on error. +.Pp +.Fn EC_GROUP_get_order , +.Fn EC_GROUP_get_cofactor , +.Fn EC_GROUP_get_curve_name , +.Fn EC_GROUP_get_asn1_flag , +.Fn EC_GROUP_get_point_conversion_form , +and +.Fn EC_GROUP_get_degree +return the order, cofactor, curve name (NID), ASN.1 flag, +point_conversion_form and degree for the specified curve, respectively. +If there is no curve name associated with a curve then +.Fn EC_GROUP_get_curve_name +returns 0. +.Pp +.Fn EC_GROUP_get0_seed +returns a pointer to the seed that was used to generate the parameter +b, or +.Dv NULL +if the seed is not specified. +.Fn EC_GROUP_get_seed_len +returns the length of the seed or 0 if the seed is not specified. +.Pp +.Fn EC_GROUP_set_seed +returns the length of the seed that has been set. +If the supplied seed is +.Dv NULL +or the supplied seed length is 0, the return value will be 1. +On error 0 is returned. +.Pp +.Fn EC_GROUP_cmp +returns 0 if the curves are equal, 1 if they are not equal, +or -1 on error. +.Pp +.Fn EC_GROUP_get_basis_type +returns the values +.Dv NID_X9_62_tpBasis +or +.Dv NID_X9_62_ppBasis +as defined in +.In openssl/obj_mac.h +for a trinomial or pentanomial, respectively. +Alternatively in the event of an error a 0 is returned. +.Sh SEE ALSO +.Xr d2i_ECPKParameters 3 , +.Xr EC_GFp_simple_method 3 , +.Xr EC_GROUP_new 3 , +.Xr EC_KEY_new 3 , +.Xr EC_POINT_add 3 , +.Xr EC_POINT_new 3 +.Sh HISTORY +.Fn EC_GROUP_copy , +.Fn EC_GROUP_method_of , +.Fn EC_GROUP_set_generator , +.Fn EC_GROUP_get0_generator , +.Fn EC_GROUP_get_order , +and +.Fn EC_GROUP_get_cofactor +first appeared in OpenSSL 0.9.7 and have been available since +.Ox 3.2 . +.Pp +.Fn EC_GROUP_dup , +.Fn EC_GROUP_set_curve_name , +.Fn EC_GROUP_get_curve_name , +.Fn EC_GROUP_set_asn1_flag , +.Fn EC_GROUP_get_asn1_flag , +.Fn EC_GROUP_set_point_conversion_form , +.Fn EC_GROUP_get_point_conversion_form , +.Fn EC_GROUP_get0_seed , +.Fn EC_GROUP_get_seed_len , +.Fn EC_GROUP_set_seed , +.Fn EC_GROUP_get_degree , +.Fn EC_GROUP_check , +.Fn EC_GROUP_check_discriminant , +.Fn EC_GROUP_cmp , +.Fn EC_GROUP_get_basis_type , +.Fn EC_GROUP_get_trinomial_basis , +and +.Fn EC_GROUP_get_pentanomial_basis +first appeared in OpenSSL 0.9.8 and has been available since +.Ox 4.5 . diff --git a/src/lib/libcrypto/man/EC_GROUP_new.3 b/src/lib/libcrypto/man/EC_GROUP_new.3 new file mode 100644 index 00000000000..beba8ce72ac --- /dev/null +++ b/src/lib/libcrypto/man/EC_GROUP_new.3 @@ -0,0 +1,327 @@ +.\" $OpenBSD: EC_GROUP_new.3,v 1.8 2018/03/23 00:09:11 schwarze Exp $ +.\" OpenSSL 9b86974e Mon Aug 17 15:21:33 2015 -0400 +.\" +.\" This file was written by Matt Caswell . +.\" Copyright (c) 2013 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt EC_GROUP_NEW 3 +.Os +.Sh NAME +.Nm EC_GROUP_new , +.Nm EC_GROUP_free , +.Nm EC_GROUP_clear_free , +.Nm EC_GROUP_new_curve_GFp , +.Nm EC_GROUP_new_curve_GF2m , +.Nm EC_GROUP_new_by_curve_name , +.Nm EC_GROUP_set_curve_GFp , +.Nm EC_GROUP_get_curve_GFp , +.Nm EC_GROUP_set_curve_GF2m , +.Nm EC_GROUP_get_curve_GF2m , +.Nm EC_get_builtin_curves +.Nd create and destroy EC_GROUP objects +.Sh SYNOPSIS +.In openssl/ec.h +.In openssl/bn.h +.Ft EC_GROUP * +.Fo EC_GROUP_new +.Fa "const EC_METHOD *meth" +.Fc +.Ft void +.Fo EC_GROUP_free +.Fa "EC_GROUP *group" +.Fc +.Ft void +.Fo EC_GROUP_clear_free +.Fa "EC_GROUP *group" +.Fc +.Ft EC_GROUP * +.Fo EC_GROUP_new_curve_GFp +.Fa "const BIGNUM *p" +.Fa "const BIGNUM *a" +.Fa "const BIGNUM *b" +.Fa "BN_CTX *ctx" +.Fc +.Ft EC_GROUP * +.Fo EC_GROUP_new_curve_GF2m +.Fa "const BIGNUM *p" +.Fa "const BIGNUM *a" +.Fa "const BIGNUM *b" +.Fa "BN_CTX *ctx" +.Fc +.Ft EC_GROUP * +.Fo EC_GROUP_new_by_curve_name +.Fa "int nid" +.Fc +.Ft int +.Fo EC_GROUP_set_curve_GFp +.Fa "EC_GROUP *group" +.Fa "const BIGNUM *p" +.Fa "const BIGNUM *a" +.Fa "const BIGNUM *b" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo EC_GROUP_get_curve_GFp +.Fa "const EC_GROUP *group" +.Fa "BIGNUM *p" +.Fa "BIGNUM *a" +.Fa "BIGNUM *b" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo EC_GROUP_set_curve_GF2m +.Fa "EC_GROUP *group" +.Fa "const BIGNUM *p" +.Fa "const BIGNUM *a" +.Fa "const BIGNUM *b" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo EC_GROUP_get_curve_GF2m +.Fa "const EC_GROUP *group" +.Fa "BIGNUM *p" +.Fa "BIGNUM *a" +.Fa "BIGNUM *b" +.Fa "BN_CTX *ctx" +.Fc +.Ft size_t +.Fo EC_get_builtin_curves +.Fa "EC_builtin_curve *r" +.Fa "size_t nitems" +.Fc +.Sh DESCRIPTION +The EC library provides functions for performing operations on +elliptic curves over finite fields. +In general, an elliptic curve satisfies an equation of the form: +.Pp +.Dl y^2 = x^3 + ax + b +.Pp +Within the library there are two forms of elliptic curves that are of +interest. +The first form is those defined over the prime field Fp. +The elements of Fp are the integers 0 to p-1, where +.Fa p +is a prime number. +This gives us a revised elliptic curve equation as follows: +.Pp +.Dl y^2 mod p = x^3 + ax + b mod p +.Pp +The second form is those defined over a binary field F2^m where the +elements of the field are integers of length at most m bits. +For this form the elliptic curve equation is modified to: +.Pp +.Dl y^2 + xy = x^3 + ax^2 + b (where b != 0) +.Pp +Operations in a binary field are performed relative to an irreducible +polynomial. +All such curves with OpenSSL use a trinomial or a pentanomial for this +parameter. +.Pp +An +.Vt EC_GROUP +structure is used to represent the definition of an elliptic curve. +A new curve can be constructed by calling +.Fn EC_GROUP_new , +using the implementation provided by +.Fa meth +(see +.Xr EC_GFp_simple_method 3 ) . +It is then necessary to call either +.Fn EC_GROUP_set_curve_GFp +or +.Fn EC_GROUP_set_curve_GF2m +as appropriate to create a curve defined over Fp or over F2^m, respectively. +.Pp +.Fn EC_GROUP_set_curve_GFp +sets the curve parameters +.Fa p , +.Fa a , +and +.Fa b +for a curve over Fp stored in +.Fa group . +.Fn EC_group_get_curve_GFp +obtains the previously set curve parameters. +.Pp +.Fn EC_GROUP_set_curve_GF2m +sets the equivalent curve parameters for a curve over F2^m. +In this case +.Fa p +represents the irreducible polynomial - each bit represents a term in +the polynomial. +Therefore there will either be three or five bits set dependent on +whether the polynomial is a trinomial or a pentanomial. +.Fn EC_group_get_curve_GF2m +obtains the previously set curve parameters. +.Pp +The functions +.Fn EC_GROUP_new_curve_GFp +and +.Fn EC_GROUP_new_curve_GF2m +are shortcuts for calling +.Fn EC_GROUP_new +and the appropriate +.Fn EC_GROUP_set_curve_* +function. +An appropriate default implementation method will be used. +.Pp +Whilst the library can be used to create any curve using the functions +described above, there are also a number of predefined curves that are +available. +In order to obtain a list of all of the predefined curves, call the +function +.Fn EC_get_builtin_curves . +The parameter +.Fa r +should be an array of +.Vt EC_builtin_cure +structures of size +.Fa nitems . +The function will populate the +.Fa r +array with information about the builtin curves. +If +.Fa nitems +is less than the total number of curves available, then the first +.Fa nitems +curves will be returned. +Otherwise the total number of curves will be provided. +The return value is the total number of curves available (whether that +number has been populated in +.Fa r +or not). +Passing a +.Dv NULL +.Fa r , +or setting +.Fa nitems +to 0, will do nothing other than return the total number of curves +available. +The +.Vt EC_builtin_curve +structure is defined as follows: +.Bd -literal +typedef struct { + int nid; + const char *comment; +} EC_builtin_curve; +.Ed +.Pp +Each +.Vt EC_builtin_curve +item has a unique integer ID +.Pq Fa nid +and a human readable comment string describing the curve. +.Pp +In order to construct a builtin curve use the function +.Fn EC_GROUP_new_by_curve_name +and provide the +.Fa nid +of the curve to be constructed. +.Pp +.Fn EC_GROUP_free +frees the memory associated with the +.Vt EC_GROUP . +If +.Fa group +is a +.Dv NULL +pointer, no action occurs. +.Pp +.Fn EC_GROUP_clear_free +destroys any sensitive data held within the +.Vt EC_GROUP +and then frees its memory. +If +.Fa group +is a +.Dv NULL +pointer, no action occurs. +.Sh RETURN VALUES +All +.Fn EC_GROUP_new* +functions return a pointer to the newly constructed group or +.Dv NULL +on error. +.Pp +.Fn EC_get_builtin_curves +returns the number of builtin curves that are available. +.Pp +.Fn EC_GROUP_set_curve_GFp , +.Fn EC_GROUP_get_curve_GFp , +.Fn EC_GROUP_set_curve_GF2m , +and +.Fn EC_GROUP_get_curve_GF2m +return 1 on success or 0 on error. +.Sh SEE ALSO +.Xr d2i_ECPKParameters 3 , +.Xr EC_GFp_simple_method 3 , +.Xr EC_GROUP_copy 3 , +.Xr EC_KEY_new 3 , +.Xr EC_POINT_add 3 , +.Xr EC_POINT_new 3 , +.Xr ECDSA_SIG_new 3 +.Sh HISTORY +.Fn EC_GROUP_new , +.Fn EC_GROUP_free , +.Fn EC_GROUP_clear_free , +.Fn EC_GROUP_new_curve_GFp , +.Fn EC_GROUP_set_curve_GFp , +and +.Fn EC_GROUP_get_curve_GFp +first appeared in OpenSSL 0.9.7 and have been available since +.Ox 3.2 . +.Pp +.Fn EC_GROUP_new_curve_GF2m , +.Fn EC_GROUP_new_by_curve_name , +.Fn EC_GROUP_set_curve_GF2m , +.Fn EC_GROUP_get_curve_GF2m , +and +.Fn EC_get_builtin_curves +first appeared in OpenSSL 0.9.8 and have been available since +.Ox 4.5 . diff --git a/src/lib/libcrypto/man/EC_KEY_new.3 b/src/lib/libcrypto/man/EC_KEY_new.3 new file mode 100644 index 00000000000..c77233b4ee8 --- /dev/null +++ b/src/lib/libcrypto/man/EC_KEY_new.3 @@ -0,0 +1,564 @@ +.\" $OpenBSD: EC_KEY_new.3,v 1.13 2018/03/23 23:18:17 schwarze Exp $ +.\" OpenSSL d900a015 Oct 8 14:40:42 2015 +0200 +.\" +.\" This file was written by Matt Caswell . +.\" Copyright (c) 2013, 2014 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt EC_KEY_NEW 3 +.Os +.Sh NAME +.Nm EC_KEY_new , +.Nm EC_KEY_get_flags , +.Nm EC_KEY_set_flags , +.Nm EC_KEY_clear_flags , +.Nm EC_KEY_new_by_curve_name , +.Nm EC_KEY_free , +.Nm EC_KEY_copy , +.Nm EC_KEY_dup , +.Nm EC_KEY_up_ref , +.Nm EC_KEY_get0_group , +.Nm EC_KEY_set_group , +.Nm EC_KEY_get0_private_key , +.Nm EC_KEY_set_private_key , +.Nm EC_KEY_get0_public_key , +.Nm EC_KEY_set_public_key , +.Nm EC_KEY_get_enc_flags , +.Nm EC_KEY_set_enc_flags , +.Nm EC_KEY_get_conv_form , +.Nm EC_KEY_set_conv_form , +.Nm EC_KEY_get_key_method_data , +.Nm EC_KEY_insert_key_method_data , +.Nm EC_KEY_set_asn1_flag , +.Nm EC_KEY_precompute_mult , +.Nm EC_KEY_generate_key , +.Nm EC_KEY_check_key , +.Nm EC_KEY_set_public_key_affine_coordinates , +.Nm EC_KEY_print , +.Nm EC_KEY_print_fp +.Nd create, destroy and manipulate EC_KEY objects +.Sh SYNOPSIS +.In openssl/ec.h +.In openssl/bn.h +.Ft EC_KEY * +.Fn EC_KEY_new void +.Ft int +.Fo EC_KEY_get_flags +.Fa "const EC_KEY *key" +.Fc +.Ft void +.Fo EC_KEY_set_flags +.Fa "EC_KEY *key" +.Fa "int flags" +.Fc +.Ft void +.Fo EC_KEY_clear_flags +.Fa "EC_KEY *key" +.Fa "int flags" +.Fc +.Ft EC_KEY * +.Fo EC_KEY_new_by_curve_name +.Fa "int nid" +.Fc +.Ft void +.Fo EC_KEY_free +.Fa "EC_KEY *key" +.Fc +.Ft EC_KEY * +.Fo EC_KEY_copy +.Fa "EC_KEY *dst" +.Fa "const EC_KEY *src" +.Fc +.Ft EC_KEY * +.Fo EC_KEY_dup +.Fa "const EC_KEY *src" +.Fc +.Ft int +.Fo EC_KEY_up_ref +.Fa "EC_KEY *key" +.Fc +.Ft const EC_GROUP * +.Fo EC_KEY_get0_group +.Fa "const EC_KEY *key" +.Fc +.Ft int +.Fo EC_KEY_set_group +.Fa "EC_KEY *key" +.Fa "const EC_GROUP *group" +.Fc +.Ft const BIGNUM * +.Fo EC_KEY_get0_private_key +.Fa "const EC_KEY *key" +.Fc +.Ft int +.Fo EC_KEY_set_private_key +.Fa "EC_KEY *key" +.Fa "const BIGNUM *prv" +.Fc +.Ft const EC_POINT * +.Fo EC_KEY_get0_public_key +.Fa "const EC_KEY *key" +.Fc +.Ft int +.Fo EC_KEY_set_public_key +.Fa "EC_KEY *key" +.Fa "const EC_POINT *pub" +.Fc +.Ft unsigned int +.Fo EC_KEY_get_enc_flags +.Fa "const EC_KEY *key" +.Fc +.Ft void +.Fo EC_KEY_set_enc_flags +.Fa "EC_KEY *key" +.Fa "unsigned int flags" +.Fc +.Ft point_conversion_form_t +.Fo EC_KEY_get_conv_form +.Fa "const EC_KEY *key" +.Fc +.Ft void +.Fo EC_KEY_set_conv_form +.Fa "EC_KEY *key" +.Fa "point_conversion_form_t cform" +.Fc +.Ft void * +.Fo EC_KEY_get_key_method_data +.Fa "EC_KEY *key" +.Fa "void *(*dup_func)(void *)" +.Fa "void (*free_func)(void *)" +.Fa "void (*clear_free_func)(void *)" +.Fc +.Ft void +.Fo EC_KEY_insert_key_method_data +.Fa "EC_KEY *key" +.Fa "void *data" +.Fa "void *(*dup_func)(void *)" +.Fa "void (*free_func)(void *)" +.Fa "void (*clear_free_func)(void *)" +.Fc +.Ft void +.Fo EC_KEY_set_asn1_flag +.Fa "EC_KEY *key" +.Fa "int asn1_flag" +.Fc +.Ft int +.Fo EC_KEY_precompute_mult +.Fa "EC_KEY *key" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo EC_KEY_generate_key +.Fa "EC_KEY *key" +.Fc +.Ft int +.Fo EC_KEY_check_key +.Fa "const EC_KEY *key" +.Fc +.Ft int +.Fo EC_KEY_set_public_key_affine_coordinates +.Fa "EC_KEY *key" +.Fa "BIGNUM *x" +.Fa "BIGNUM *y" +.Fc +.Ft int +.Fo EC_KEY_print +.Fa "BIO *bp" +.Fa "const EC_KEY *key" +.Fa "int off" +.Fc +.Ft int +.Fo EC_KEY_print_fp +.Fa "FILE *fp" +.Fa "const EC_KEY *key" +.Fa "int off" +.Fc +.Sh DESCRIPTION +An +.Vt EC_KEY +represents a public key and (optionally) an associated private key. +The public key is a point on a curve represented by an +.Vt EC_POINT , +see +.Xr EC_POINT_new 3 . +The private key is simply a +.Vt BIGNUM , +see +.Xr BN_new 3 . +.Pp +A new +.Vt EC_KEY +(with no associated curve) can be constructed by calling +.Fn EC_KEY_new . +The reference count for the newly created +.Vt EC_KEY +is initially set to 1. +A curve can be associated with the +.Vt EC_KEY +by calling +.Fn EC_KEY_set_group . +.Pp +Alternatively a new +.Vt EC_KEY +can be constructed by calling +.Fn EC_KEY_new_by_curve_name +and supplying the +.Fa nid +of the associated curve. +Refer to +.Xr EC_GROUP_new 3 +for a description of curve names. +This function simply wraps calls to +.Fn EC_KEY_new +and +.Fn EC_GROUP_new_by_curve_name . +.Pp +Calling +.Fn EC_KEY_free +decrements the reference count for the +.Vt EC_KEY +object and, if it has dropped to zero, then frees the memory associated +with it. +If +.Fa key +is a +.Dv NULL +pointer, no action occurs. +.Pp +.Fn EC_KEY_copy +copies the contents of the +.Vt EC_KEY +in +.Fa src +into +.Fa dst . +.Pp +.Fn EC_KEY_dup +creates a new +.Vt EC_KEY +object and copies +.Fa src +into it. +.Pp +.Fn EC_KEY_up_ref +increments the reference count associated with the +.Vt EC_KEY +object. +.Pp +.Fn EC_KEY_generate_key +generates a new public and private key for the supplied +.Fa key +object. +.Fa key +must have an +.Vt EC_GROUP +object associated with it before calling this function. +The private key is a random integer (0 < priv_key < order, where order +is the order of the +.Vt EC_GROUP +object). +The public key is an +.Vt EC_POINT +on the curve calculated by multiplying the generator for the curve +by the private key. +.Pp +.Fn EC_KEY_check_key +performs various sanity checks on the +.Vt EC_KEY +object to confirm that it is valid. +.Pp +.Fn EC_KEY_set_public_key_affine_coordinates +sets the public key for +.Fa key +based on its affine coordinates, i.e. it constructs an +.Vt EC_POINT +object based on the supplied +.Fa x +and +.Fa y +values and sets the public key to be this +.Vt EC_POINT . +It also performs certain sanity checks on the key to confirm that +it is valid. +.Pp +The functions +.Fn EC_KEY_get0_group , +.Fn EC_KEY_set_group , +.Fn EC_KEY_get0_private_key , +.Fn EC_KEY_set_private_key , +.Fn EC_KEY_get0_public_key , +and +.Fn EC_KEY_set_public_key +get and set the +.Vt EC_GROUP +object, the private key and the +.Vt EC_POINT +public key for the +.Fa key , +respectively. +.Pp +The functions +.Fn EC_KEY_get_enc_flags +and +.Fn EC_KEY_set_enc_flags +get and set the value of the encoding flags for the +.Fa key . +There are two encoding flags currently defined: +.Dv EC_PKEY_NO_PARAMETERS +and +.Dv EC_PKEY_NO_PUBKEY . +These flags define the behaviour of how the +.Fa key +is converted into ASN.1 in a call to +.Fn i2d_ECPrivateKey . +If +.Dv EC_PKEY_NO_PARAMETERS +is set then the public parameters for the curve +are not encoded along with the private key. +If +.Dv EC_PKEY_NO_PUBKEY +is set then the public key is not encoded along with the private +key. +.Pp +The format of the external representation of the public key written by +.Xr i2d_ECPrivateKey 3 , +such as whether it is stored in a compressed form or not, +is described by the point_conversion_form. +See +.Xr EC_GROUP_copy 3 +for a description of point_conversion_form. +.Pp +When reading a private key encoded without an associated public key, +for example if +.Dv EC_PKEY_NO_PUBKEY +was used, +.Xr d2i_ECPrivateKey 3 +generates the missing public key automatically. +Private keys encoded without parameters, for example if +.Dv EC_PKEY_NO_PARAMETERS +was used, cannot be loaded using +.Xr d2i_ECPrivateKey 3 . +.Pp +The functions +.Fn EC_KEY_get_conv_form +and +.Fn EC_KEY_set_conv_form +get and set the point_conversion_form for the +.Fa key . +For a description of point_conversion_form please refer to +.Xr EC_GROUP_copy 3 . +.Pp +.Fn EC_KEY_insert_key_method_data +and +.Fn EC_KEY_get_key_method_data +enable the caller to associate arbitrary additional data specific +to the elliptic curve scheme being used with the +.Vt EC_KEY +object. +This data is treated as a "black box" by the EC library. +The data to be stored by +.Fn EC_KEY_insert_key_method_data +is provided in the +.Fa data +parameter, which must have associated functions for duplicating, freeing +and "clear_freeing" the data item. +If a subsequent +.Fn EC_KEY_get_key_method_data +call is issued, the functions for duplicating, freeing and +"clear_freeing" the data item must be provided again, and they must +be the same as they were when the data item was inserted. +.Pp +.Fn EC_KEY_set_flags +sets the flags in the +.Fa flags +parameter on the +.Vt EC_KEY +object. +Any flags that are already set are left set. +The currently defined standard flags are +.Dv EC_FLAG_NON_FIPS_ALLOW +and +.Dv EC_FLAG_FIPS_CHECKED . +In addition there is the flag +.Dv EC_FLAG_COFACTOR_ECDH +which is specific to ECDH and is defined in +.In openssl/ecdh.h . +.Fn EC_KEY_get_flags +returns the current flags that are set for this +.Vt EC_KEY . +.Fn EC_KEY_clear_flags +clears the flags indicated by the +.Fa flags +parameter. +All other flags are left in their existing state. +.Pp +.Fn EC_KEY_set_asn1_flag +sets the asn1_flag on the underlying +.Vt EC_GROUP +object (if set). +Refer to +.Xr EC_GROUP_copy 3 +for further information on the asn1_flag. +.Pp +.Fn EC_KEY_precompute_mult +stores multiples of the underlying +.Vt EC_GROUP +generator for faster point multiplication. +See also +.Xr EC_POINT_add 3 . +.Pp +.Fn EC_KEY_print +and +.Fn EC_KEY_print_fp +print out the content of +.Fa key +to the +.Vt BIO +.Fa bp +or to the +.Vt FILE +pointer +.Fa fp , +respectively. +Each line is indented by +.Fa indent +spaces. +.Sh RETURN VALUES +.Fn EC_KEY_new , +.Fn EC_KEY_new_by_curve_name , +and +.Fn EC_KEY_dup +return a pointer to the newly created +.Vt EC_KEY object +or +.Dv NULL +on error. +.Pp +.Fn EC_KEY_get_flags +returns the flags associated with the +.Vt EC_KEY object . +.Pp +.Fn EC_KEY_copy +returns a pointer to the destination key or +.Dv NULL +on error. +.Pp +.Fn EC_KEY_up_ref , +.Fn EC_KEY_set_group , +.Fn EC_KEY_set_private_key , +.Fn EC_KEY_set_public_key , +.Fn EC_KEY_precompute_mult , +.Fn EC_KEY_generate_key , +.Fn EC_KEY_check_key , +.Fn EC_KEY_set_public_key_affine_coordinates , +.Fn EC_KEY_print , +and +.Fn EC_KEY_print_fp +return 1 on success or 0 on error. +.Pp +.Fn EC_KEY_get0_group +returns the +.Vt EC_GROUP +associated with the +.Vt EC_KEY . +.Pp +.Fn EC_KEY_get0_private_key +returns the private key associated with the +.Vt EC_KEY . +.Pp +.Fn EC_KEY_get_enc_flags +returns the value of the current encoding flags for the +.Vt EC_KEY . +.Pp +.Fn EC_KEY_get_conv_form +returns the point_conversion_form for the +.Vt EC_KEY . +.Sh SEE ALSO +.Xr d2i_ECPKParameters 3 , +.Xr EC_GFp_simple_method 3 , +.Xr EC_GROUP_copy 3 , +.Xr EC_GROUP_new 3 , +.Xr EC_POINT_add 3 , +.Xr EC_POINT_new 3 , +.Xr ECDSA_SIG_new 3 , +.Xr EVP_PKEY_set1_EC_KEY 3 +.Sh HISTORY +.Fn EC_KEY_new , +.Fn EC_KEY_new_by_curve_name , +.Fn EC_KEY_free , +.Fn EC_KEY_copy , +.Fn EC_KEY_dup , +.Fn EC_KEY_up_ref , +.Fn EC_KEY_get0_group , +.Fn EC_KEY_set_group , +.Fn EC_KEY_get0_private_key , +.Fn EC_KEY_set_private_key , +.Fn EC_KEY_get0_public_key , +.Fn EC_KEY_set_public_key , +.Fn EC_KEY_get_enc_flags , +.Fn EC_KEY_set_enc_flags , +.Fn EC_KEY_get_conv_form , +.Fn EC_KEY_set_conv_form , +.Fn EC_KEY_get_key_method_data , +.Fn EC_KEY_insert_key_method_data , +.Fn EC_KEY_set_asn1_flag , +.Fn EC_KEY_precompute_mult , +.Fn EC_KEY_generate_key , +.Fn EC_KEY_check_key , +.Fn EC_KEY_print , +and +.Fn EC_KEY_print_fp +first appeared in OpenSSL 0.9.8 and have been available since +.Ox 4.5 . +.Pp +.Fn EC_KEY_get_flags , +.Fn EC_KEY_set_flags , +.Fn EC_KEY_clear_flags , +and +.Fn EC_KEY_set_public_key_affine_coordinates +first appeared in OpenSSL 1.0.1 and have been available since +.Ox 5.3 . diff --git a/src/lib/libcrypto/man/EC_POINT_add.3 b/src/lib/libcrypto/man/EC_POINT_add.3 new file mode 100644 index 00000000000..7c3ecbb1ad3 --- /dev/null +++ b/src/lib/libcrypto/man/EC_POINT_add.3 @@ -0,0 +1,310 @@ +.\" $OpenBSD: EC_POINT_add.3,v 1.11 2018/07/16 17:37:25 tb Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Matt Caswell . +.\" Copyright (c) 2013 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: July 16 2018 $ +.Dt EC_POINT_ADD 3 +.Os +.Sh NAME +.Nm EC_POINT_add , +.Nm EC_POINT_dbl , +.Nm EC_POINT_invert , +.Nm EC_POINT_is_at_infinity , +.Nm EC_POINT_is_on_curve , +.Nm EC_POINT_cmp , +.Nm EC_POINT_make_affine , +.Nm EC_POINTs_make_affine , +.Nm EC_POINTs_mul , +.Nm EC_POINT_mul , +.Nm EC_GROUP_precompute_mult , +.Nm EC_GROUP_have_precompute_mult +.Nd perform mathematical operations and tests on EC_POINT objects +.Sh SYNOPSIS +.In openssl/ec.h +.In openssl/bn.h +.Ft int +.Fo EC_POINT_add +.Fa "const EC_GROUP *group" +.Fa "EC_POINT *r" +.Fa "const EC_POINT *a" +.Fa "const EC_POINT *b" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo EC_POINT_dbl +.Fa "const EC_GROUP *group" +.Fa "EC_POINT *r" +.Fa "const EC_POINT *a" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo EC_POINT_invert +.Fa "const EC_GROUP *group" +.Fa "EC_POINT *a" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo EC_POINT_is_at_infinity +.Fa "const EC_GROUP *group" +.Fa "const EC_POINT *p" +.Fc +.Ft int +.Fo EC_POINT_is_on_curve +.Fa "const EC_GROUP *group" +.Fa "const EC_POINT *point" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo EC_POINT_cmp +.Fa "const EC_GROUP *group" +.Fa "const EC_POINT *a" +.Fa "const EC_POINT *b" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo EC_POINT_make_affine +.Fa "const EC_GROUP *group" +.Fa "EC_POINT *point" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo EC_POINTs_make_affine +.Fa "const EC_GROUP *group" +.Fa "size_t num" +.Fa "EC_POINT *points[]" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo EC_POINTs_mul +.Fa "const EC_GROUP *group" +.Fa "EC_POINT *r" +.Fa "const BIGNUM *n" +.Fa "size_t num" +.Fa "const EC_POINT *p[]" +.Fa "const BIGNUM *m[]" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo EC_POINT_mul +.Fa "const EC_GROUP *group" +.Fa "EC_POINT *r" +.Fa "const BIGNUM *n" +.Fa "const EC_POINT *q" +.Fa "const BIGNUM *m" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo EC_GROUP_precompute_mult +.Fa "EC_GROUP *group" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo EC_GROUP_have_precompute_mult +.Fa "const EC_GROUP *group" +.Fc +.Sh DESCRIPTION +These functions operate on +.Vt EC_POINT +objects created by +.Xr EC_POINT_new 3 . +.Pp +.Fn EC_POINT_add +adds the two points +.Fa a +and +.Fa b +and places the result in +.Fa r . +Similarly +.Fn EC_POINT_dbl +doubles the point +.Fa a +and places the result in +.Fa r . +In both cases it is valid for +.Fa r +to be one of +.Fa a +or +.Fa b . +.Pp +.Fn EC_POINT_invert +calculates the inverse of the supplied point +.Fa a . +The result is placed back in +.Fa a . +.Pp +The function +.Fn EC_POINT_is_at_infinity +tests whether the supplied point is at infinity or not. +.Pp +.Fn EC_POINT_is_on_curve +tests whether the supplied point is on the curve or not. +.Pp +.Fn EC_POINT_cmp +compares the two supplied points and tests whether or not they are +equal. +.Pp +The functions +.Fn EC_POINT_make_affine +and +.Fn EC_POINTs_make_affine +force the internal representation of the +.Vt EC_POINT Ns s +into the affine coordinate system. +In the case of +.Fn EC_POINTs_make_affine , +the value +.Fa num +provides the number of points in the array +.Fa points +to be forced. +.Pp +.Fn EC_POINT_mul +calculates the value +.Pp +.D1 generator * n + q * m +.Pp +and stores the result in +.Fa r . +The value +.Fa n +may be +.Dv NULL , +in which case the result is just +.Pp +.Dl q * m. +.Pp +.Fn EC_POINTs_mul +only supports the values 0 and 1 for +.Fa num . +If it is 1, then +.Fn EC_POINTs_mul +calculates the value +.Pp +.Dl generator * n + q[0] * m[0]. +.Pp +If +.Fa num +is 0 then +.Fa q +and +.Fa m +must be +.Dv NULL , +and the result is just +.Pp +.Dl generator * n . +.Pp +As for +.Fn EC_POINT_mul , +the value +.Fa n +may be +.Dv NULL . +.Pp +The function +.Fn EC_GROUP_precompute_mult +stores multiples of the generator for faster point multiplication, +whilst +.Fn EC_GROUP_have_precompute_mult +tests whether precomputation has already been done. +See +.Xr EC_GROUP_copy 3 +for information about the generator. +.Sh RETURN VALUES +The following functions return 1 on success or 0 on error: +.Fn EC_POINT_add , +.Fn EC_POINT_dbl , +.Fn EC_POINT_invert , +.Fn EC_POINT_make_affine , +.Fn EC_POINTs_make_affine , +.Fn EC_POINTs_make_affine , +.Fn EC_POINT_mul , +.Fn EC_POINTs_mul , +and +.Fn EC_GROUP_precompute_mult . +.Pp +.Fn EC_POINT_is_at_infinity +returns 1 if the point is at infinity or 0 otherwise. +.Pp +.Fn EC_POINT_is_on_curve +returns 1 if the point is on the curve, 0 if not, or -1 on error. +.Pp +.Fn EC_POINT_cmp +returns 1 if the points are not equal, 0 if they are, or -1 on error. +.Pp +.Fn EC_GROUP_have_precompute_mult +returns 1 if a precomputation has been done or 0 if not. +.Sh SEE ALSO +.Xr d2i_ECPKParameters 3 , +.Xr EC_GFp_simple_method 3 , +.Xr EC_GROUP_copy 3 , +.Xr EC_GROUP_new 3 , +.Xr EC_KEY_new 3 , +.Xr EC_POINT_new 3 +.Sh HISTORY +.Fn EC_POINT_add , +.Fn EC_POINT_dbl , +.Fn EC_POINT_invert , +.Fn EC_POINT_is_at_infinity , +.Fn EC_POINT_is_on_curve , +.Fn EC_POINT_cmp , +.Fn EC_POINT_make_affine , +.Fn EC_POINTs_make_affine , +.Fn EC_POINTs_mul , +.Fn EC_POINT_mul , +and +.Fn EC_GROUP_precompute_mult +first appeared in OpenSSL 0.9.7 and have been available since +.Ox 3.2 . +.Pp +.Fn EC_GROUP_have_precompute_mult +first appeared in OpenSSL 0.9.8 and has been available since +.Ox 4.5 . diff --git a/src/lib/libcrypto/man/EC_POINT_new.3 b/src/lib/libcrypto/man/EC_POINT_new.3 new file mode 100644 index 00000000000..06a15fb62ad --- /dev/null +++ b/src/lib/libcrypto/man/EC_POINT_new.3 @@ -0,0 +1,514 @@ +.\" $OpenBSD: EC_POINT_new.3,v 1.10 2019/03/18 12:58:00 schwarze Exp $ +.\" full merge up to: OpenSSL ddc1caac Mar 6 14:00:24 2018 -0500 +.\" +.\" This file was written by Matt Caswell . +.\" Copyright (c) 2013, 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 18 2019 $ +.Dt EC_POINT_NEW 3 +.Os +.Sh NAME +.Nm EC_POINT_new , +.Nm EC_POINT_free , +.Nm EC_POINT_clear_free , +.Nm EC_POINT_copy , +.Nm EC_POINT_dup , +.Nm EC_POINT_method_of , +.Nm EC_POINT_set_to_infinity , +.Nm EC_POINT_set_affine_coordinates_GFp , +.Nm EC_POINT_set_affine_coordinates_GF2m , +.Nm EC_POINT_get_affine_coordinates_GFp , +.Nm EC_POINT_get_affine_coordinates_GF2m , +.Nm EC_POINT_set_Jprojective_coordinates_GFp , +.Nm EC_POINT_get_Jprojective_coordinates_GFp , +.Nm EC_POINT_set_compressed_coordinates_GFp , +.Nm EC_POINT_set_compressed_coordinates_GF2m , +.Nm EC_POINT_point2oct , +.Nm EC_POINT_oct2point , +.Nm EC_POINT_point2bn , +.Nm EC_POINT_bn2point , +.Nm EC_POINT_point2hex , +.Nm EC_POINT_hex2point +.Nd create, destroy, and manipulate EC_POINT objects +.Sh SYNOPSIS +.In openssl/ec.h +.In openssl/bn.h +.Ft EC_POINT * +.Fo EC_POINT_new +.Fa "const EC_GROUP *group" +.Fc +.Ft void +.Fo EC_POINT_free +.Fa "EC_POINT *point" +.Fc +.Ft void +.Fo EC_POINT_clear_free +.Fa "EC_POINT *point" +.Fc +.Ft int +.Fo EC_POINT_copy +.Fa "EC_POINT *dst" +.Fa "const EC_POINT *src" +.Fc +.Ft EC_POINT * +.Fo EC_POINT_dup +.Fa "const EC_POINT *src" +.Fa "const EC_GROUP *group" +.Fc +.Ft const EC_METHOD * +.Fo EC_POINT_method_of +.Fa "const EC_POINT *point" +.Fc +.Ft int +.Fo EC_POINT_set_to_infinity +.Fa "const EC_GROUP *group" +.Fa "EC_POINT *point" +.Fc +.Ft int +.Fo EC_POINT_set_affine_coordinates_GFp +.Fa "const EC_GROUP *group" +.Fa "EC_POINT *p" +.Fa "const BIGNUM *x" +.Fa "const BIGNUM *y" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo EC_POINT_set_affine_coordinates_GF2m +.Fa "const EC_GROUP *group" +.Fa "EC_POINT *p" +.Fa "const BIGNUM *x" +.Fa "const BIGNUM *y" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo EC_POINT_get_affine_coordinates_GFp +.Fa "const EC_GROUP *group" +.Fa "const EC_POINT *p" +.Fa "BIGNUM *x" +.Fa "BIGNUM *y" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo EC_POINT_get_affine_coordinates_GF2m +.Fa "const EC_GROUP *group" +.Fa "const EC_POINT *p" +.Fa "BIGNUM *x" +.Fa "BIGNUM *y" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo EC_POINT_set_Jprojective_coordinates_GFp +.Fa "const EC_GROUP *group" +.Fa "EC_POINT *p" +.Fa "const BIGNUM *x" +.Fa "const BIGNUM *y" +.Fa "const BIGNUM *z" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo EC_POINT_get_Jprojective_coordinates_GFp +.Fa "const EC_GROUP *group" +.Fa "const EC_POINT *p" +.Fa "BIGNUM *x" +.Fa "BIGNUM *y" +.Fa "BIGNUM *z" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo EC_POINT_set_compressed_coordinates_GFp +.Fa "const EC_GROUP *group" +.Fa "EC_POINT *p" +.Fa "const BIGNUM *x" +.Fa "int y_bit" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo EC_POINT_set_compressed_coordinates_GF2m +.Fa "const EC_GROUP *group" +.Fa "EC_POINT *p" +.Fa "const BIGNUM *x" +.Fa "int y_bit" +.Fa "BN_CTX *ctx" +.Fc +.Ft size_t +.Fo EC_POINT_point2oct +.Fa "const EC_GROUP *group" +.Fa "const EC_POINT *p" +.Fa "point_conversion_form_t form" +.Fa "unsigned char *buf" +.Fa "size_t len" +.Fa "BN_CTX *ctx" +.Fc +.Ft int +.Fo EC_POINT_oct2point +.Fa "const EC_GROUP *group" +.Fa "EC_POINT *p" +.Fa "const unsigned char *buf" +.Fa "size_t len" +.Fa "BN_CTX *ctx" +.Fc +.Ft BIGNUM * +.Fo EC_POINT_point2bn +.Fa "const EC_GROUP *" +.Fa "const EC_POINT *" +.Fa "point_conversion_form_t form" +.Fa "BIGNUM *" +.Fa "BN_CTX *" +.Fc +.Ft EC_POINT * +.Fo EC_POINT_bn2point +.Fa "const EC_GROUP *" +.Fa "const BIGNUM *" +.Fa "EC_POINT *" +.Fa "BN_CTX *" +.Fc +.Ft char * +.Fo EC_POINT_point2hex +.Fa "const EC_GROUP *" +.Fa "const EC_POINT *" +.Fa "point_conversion_form_t form" +.Fa "BN_CTX *" +.Fc +.Ft EC_POINT * +.Fo EC_POINT_hex2point +.Fa "const EC_GROUP *" +.Fa "const char *" +.Fa "EC_POINT *" +.Fa "BN_CTX *" +.Fc +.Sh DESCRIPTION +An +.Vt EC_POINT +represents a point on a curve. +A curve is represented by an +.Vt EC_GROUP +object created by the functions described in +.Xr EC_GROUP_new 3 . +.Pp +A new point is constructed by calling the function +.Fn EC_POINT_new +and providing the +.Fa group +object that the point relates to. +.Pp +.Fn EC_POINT_free +frees the memory associated with the +.Vt EC_POINT . +If +.Fa point +is a +.Dv NULL +pointer, no action occurs. +.Pp +.Fn EC_POINT_clear_free +destroys any sensitive data held within the +.Vt EC_POINT +and then frees its memory. +If +.Fa point +is a +.Dv NULL +pointer, no action occurs. +.Pp +.Fn EC_POINT_copy +copies the point +.Fa src +into +.Fa dst . +Both +.Fa src +and +.Fa dst +must use the same +.Vt EC_METHOD . +.Pp +.Fn EC_POINT_dup +creates a new +.Vt EC_POINT +object and copies the content from +.Fa src +to the newly created +.Vt EC_POINT +object. +.Pp +.Fn EC_POINT_method_of +obtains the +.Vt EC_METHOD +associated with +.Fa point . +.Pp +A valid point on a curve is the special point at infinity. +A point is set to be at infinity by calling +.Fn EC_POINT_set_to_infinity . +.Pp +The affine coordinates for a point describe a point in terms of its +.Fa x +and +.Fa y +position. +The functions +.Fn EC_POINT_set_affine_coordinates_GFp +and +.Fn EC_POINT_set_affine_coordinates_GF2m +set the +.Fa x +and +.Fa y +coordinates for the point +.Fa p +defined over the curve given in +.Fa group . +The functions +.Fn EC_POINT_get_affine_coordinates_GFp +and +.Fn EC_POINT_get_affine_coordinates_GF2m +set +.Fa x +and +.Fa y , +either of which may be +.Dv NULL , +to the corresponding coordinates of +.Fa p . +.Pp +As well as the affine coordinates, a point can alternatively be +described in terms of its Jacobian projective coordinates (for Fp +curves only). +Jacobian projective coordinates are expressed as three values +.Fa x , +.Fa y , +and +.Fa z . +Working in this coordinate system provides more efficient point +multiplication operations. +A mapping exists between Jacobian projective coordinates and affine +coordinates. +A Jacobian projective coordinate +.Pq Fa x , y , z +can be written as an affine coordinate as +.Pp +.Dl (x/(z^2), y/(z^3)) . +.Pp +Conversion to Jacobian projective from affine coordinates is simple. +The coordinate +.Pq Fa x , y +is mapped to +.Pq Fa x , y , No 1 . +To set or get the projective coordinates use +.Fn EC_POINT_set_Jprojective_coordinates_GFp +and +.Fn EC_POINT_get_Jprojective_coordinates_GFp , +respectively. +.Pp +Points can also be described in terms of their compressed coordinates. +For a point +.Pq Fa x , y , +for any given value for +.Fa x +such that the point is on the curve, there will only ever be two +possible values for +.Fa y . +Therefore a point can be set using the +.Fn EC_POINT_set_compressed_coordinates_GFp +and +.Fn EC_POINT_set_compressed_coordinates_GF2m +functions where +.Fa x +is the x coordinate and +.Fa y_bit +is a value 0 or 1 to identify which of the two possible values for y +should be used. +.Pp +In addition +.Vt EC_POINT Ns s +can be converted to and from various external representations. +Supported representations are octet strings, +.Vt BIGNUM Ns s , +and hexadecimal. +The format of the external representation is described by the +point_conversion_form. +See +.Xr EC_GROUP_copy 3 +for a description of point_conversion_form. +Octet strings are stored in a buffer along with an associated buffer +length. +A point held in a +.Vt BIGNUM +is calculated by converting the point to an octet string and then +converting that octet string into a +.Vt BIGNUM +integer. +Points in hexadecimal format are stored in a NUL terminated character +string where each character is one of the printable values 0-9 or A-F +(or a-f). +.Pp +The functions +.Fn EC_POINT_point2oct , +.Fn EC_POINT_oct2point , +.Fn EC_POINT_point2bn , +.Fn EC_POINT_bn2point , +.Fn EC_POINT_point2hex , +and +.Fn EC_POINT_hex2point +convert from and to +.Vt EC_POINT Ns s +for the formats octet string, +.Vt BIGNUM , +and hexadecimal, respectively. +.Pp +The function +.Fn EC_POINT_point2oct +must be supplied with a +.Fa buf +long enough to store the octet string. +The return value provides the number of octets stored. +Calling the function with a +.Dv NULL +.Fa buf +will not perform the conversion but will still return the required +buffer length. +.Pp +The function +.Fn EC_POINT_point2hex +will allocate sufficient memory to store the hexadecimal string. +It is the caller's responsibility to free this memory with a subsequent +call to +.Xr free 3 . +.Sh RETURN VALUES +.Fn EC_POINT_new +and +.Fn EC_POINT_dup +return the newly allocated +.Vt EC_POINT +or +.Dv NULL +on error. +.Pp +The following functions return 1 on success or 0 on error: +.Fn EC_POINT_copy , +.Fn EC_POINT_set_to_infinity , +.Fn EC_POINT_set_Jprojective_coordinates_GFp , +.Fn EC_POINT_get_Jprojective_coordinates_GFp , +.Fn EC_POINT_set_affine_coordinates_GFp , +.Fn EC_POINT_get_affine_coordinates_GFp , +.Fn EC_POINT_set_compressed_coordinates_GFp , +.Fn EC_POINT_set_affine_coordinates_GF2m , +.Fn EC_POINT_get_affine_coordinates_GF2m , +.Fn EC_POINT_set_compressed_coordinates_GF2m , +and +.Fn EC_POINT_oct2point . +.Pp +.Fn EC_POINT_method_of +returns the +.Vt EC_METHOD +associated with the supplied +.Vt EC_POINT . +.Pp +.Fn EC_POINT_point2oct +returns the length of the required buffer, or 0 on error. +.Pp +.Fn EC_POINT_point2bn +returns the pointer to the +.Vt BIGNUM +supplied or +.Dv NULL +on error. +.Pp +.Fn EC_POINT_bn2point +returns the pointer to the +.Vt EC_POINT +supplied or +.Dv NULL +on error. +.Pp +.Fn EC_POINT_point2hex +returns a pointer to the hex string or +.Dv NULL +on error. +.Pp +.Fn EC_POINT_hex2point +returns the pointer to the +.Vt EC_POINT +supplied or +.Dv NULL +on error. +.Sh SEE ALSO +.Xr d2i_ECPKParameters 3 , +.Xr EC_GFp_simple_method 3 , +.Xr EC_GROUP_copy 3 , +.Xr EC_GROUP_new 3 , +.Xr EC_KEY_new 3 , +.Xr EC_POINT_add 3 +.Sh HISTORY +.Fn EC_POINT_new , +.Fn EC_POINT_free , +.Fn EC_POINT_clear_free , +.Fn EC_POINT_copy , +.Fn EC_POINT_method_of , +.Fn EC_POINT_set_to_infinity , +.Fn EC_POINT_set_affine_coordinates_GFp , +.Fn EC_POINT_get_affine_coordinates_GFp , +.Fn EC_POINT_set_Jprojective_coordinates_GFp , +.Fn EC_POINT_get_Jprojective_coordinates_GFp , +.Fn EC_POINT_set_compressed_coordinates_GFp , +.Fn EC_POINT_point2oct , +and +.Fn EC_POINT_oct2point +first appeared in OpenSSL 0.9.7 and have been available since +.Ox 3.2 . +.Pp +.Fn EC_POINT_dup , +.Fn EC_POINT_set_affine_coordinates_GF2m , +.Fn EC_POINT_get_affine_coordinates_GF2m , +.Fn EC_POINT_set_compressed_coordinates_GF2m , +.Fn EC_POINT_point2bn , +.Fn EC_POINT_bn2point , +.Fn EC_POINT_point2hex , +and +.Fn EC_POINT_hex2point +first appeared in OpenSSL 0.9.8 and have been available since +.Ox 4.5 . diff --git a/src/lib/libcrypto/man/ENGINE_add.3 b/src/lib/libcrypto/man/ENGINE_add.3 new file mode 100644 index 00000000000..4ae878b4f59 --- /dev/null +++ b/src/lib/libcrypto/man/ENGINE_add.3 @@ -0,0 +1,243 @@ +.\" $OpenBSD: ENGINE_add.3,v 1.3 2018/04/18 03:39:22 schwarze Exp $ +.\" content checked up to: OpenSSL 1f13ad31 Dec 25 17:50:39 2017 +0800 +.\" +.\" Copyright (c) 2018 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: April 18 2018 $ +.Dt ENGINE_ADD 3 +.Os +.Sh NAME +.Nm ENGINE_add , +.Nm ENGINE_set_id , +.Nm ENGINE_get_id , +.Nm ENGINE_set_name , +.Nm ENGINE_get_name , +.Nm ENGINE_remove , +.Nm ENGINE_cleanup , +.Nm ENGINE_get_first , +.Nm ENGINE_get_last , +.Nm ENGINE_get_next , +.Nm ENGINE_get_prev , +.Nm ENGINE_by_id +.Nd maintain a global list of ENGINE objects +.Sh SYNOPSIS +.In openssl/engine.h +.Ft int +.Fo ENGINE_add +.Fa "ENGINE *e" +.Fc +.Ft int +.Fo ENGINE_set_id +.Fa "ENGINE *e" +.Fa "const char *id" +.Fc +.Ft const char * +.Fo ENGINE_get_id +.Fa "const ENGINE *e" +.Fc +.Ft int +.Fo ENGINE_set_name +.Fa "ENGINE *e" +.Fa "const char *name" +.Fc +.Ft const char * +.Fo ENGINE_get_name +.Fa "const ENGINE *e" +.Fc +.Ft int +.Fo ENGINE_remove +.Fa "ENGINE *e" +.Fc +.Ft void +.Fn ENGINE_cleanup void +.Ft ENGINE * +.Fn ENGINE_get_first void +.Ft ENGINE * +.Fn ENGINE_get_last void +.Ft ENGINE * +.Fo ENGINE_get_next +.Fa "ENGINE *e" +.Fc +.Ft ENGINE * +.Fo ENGINE_get_prev +.Fa "ENGINE *e" +.Fc +.Ft ENGINE * +.Fo ENGINE_by_id +.Fa "const char *id" +.Fc +.Sh DESCRIPTION +The crypto library maintains a global list of +.Vt ENGINE +objects. +.Pp +.Fn ENGINE_add +appends +.Fa e +to the end of the list +and increments its structural reference count by 1. +A unique identifier and a name of +.Fa e +have to be set with +.Fn ENGINE_set_id +and +.Fn ENGINE_set_name +before calling this function. +.Fn ENGINE_add +fails if the list already contains an +.Vt ENGINE +with the same identifier. +.Pp +.Fn ENGINE_remove +removes +.Fa e +from the list. +If successful, it calls +.Xr ENGINE_free 3 +on +.Fa e . +.Pp +.Fn ENGINE_cleanup +calls +.Xr ENGINE_finish 3 +on all +.Vt ENGINE +objects that were selected as default engines, for example using the +functions documented in the +.Xr ENGINE_set_default 3 +and +.Xr ENGINE_get_default_RSA 3 +manual pages, and it calls +.Fn ENGINE_remove +on all +.Vt ENGINE +objects that were added to the global list with +.Fn ENGINE_add . +Calling this function is required at the end of each program using +.Fn ENGINE_add , +even if no engines are explicitly registered or used. +.Pp +.Fn ENGINE_get_first +and +.Fn ENGINE_get_last +provide access to the first and last +.Vt ENGINE +object on the list, respectively. +Unless the list is empty, they increment the structural reference +count of the retrieved object by 1. +.Pp +.Fn ENGINE_get_next +and +.Fn ENGINE_get_prev +support iteration of the list. +They always call +.Xr ENGINE_free 3 +on +.Fa e . +Unless the end of the list is reached, they increment the structural +reference count of the retrieved object by 1. +.Pp +.Fn ENGINE_by_id +searches the list for an +.Vt ENGINE +object with a matching +.Fa id . +If found, it increments the structural reference count of the +retrieved object by 1. +If +.Dv ENGINE_FLAGS_BY_ID_COPY +was set on +.Fa e +with +.Xr ENGINE_set_flags 3 , +it returns a shallow copy of the object rather than incrementing +the reference count and returning a pointer to the original. +.Sh RETURN VALUES +.Fn ENGINE_add , +.Fn ENGINE_set_id , +.Fn ENGINE_set_name , +and +.Fn ENGINE_remove +return 1 on success or 0 on error. +.Fn ENGINE_set_id +and +.Fn ENGINE_set_name +can only fail if the supplied +.Fa id +or +.Fa name +is +.Dv NULL . +.Pp +.Fn ENGINE_get_id +and +.Fn ENGINE_get_name +return a pointer to an internal string +representing the identifier and the name of +.Fa e , +respectively. +.Pp +.Fn ENGINE_get_first +and +.Fn ENGINE_get_last +return an +.Vt ENGINE +object or +.Dv NULL +if the list is empty. +.Pp +.Fn ENGINE_get_next +and +.Fn ENGINE_get_prev +return an +.Vt ENGINE +object or +.Dv NULL +when the end of the list is reached. +.Pp +.Fn ENGINE_by_id +returns an +.Vt ENGINE +object or +.Dv NULL +if no matching object is found. +.Sh SEE ALSO +.Xr ENGINE_get_default_RSA 3 , +.Xr ENGINE_init 3 , +.Xr ENGINE_new 3 , +.Xr ENGINE_register_all_RSA 3 , +.Xr ENGINE_register_RSA 3 , +.Xr ENGINE_set_default 3 , +.Xr ENGINE_set_flags 3 , +.Xr ENGINE_unregister_RSA 3 +.Sh HISTORY +.Fn ENGINE_add , +.Fn ENGINE_set_id , +.Fn ENGINE_get_id , +.Fn ENGINE_set_name , +.Fn ENGINE_get_name , +.Fn ENGINE_remove , +.Fn ENGINE_get_first , +.Fn ENGINE_get_last , +.Fn ENGINE_get_next , +.Fn ENGINE_get_prev , +and +.Fn ENGINE_by_id +first appeared in OpenSSL 0.9.7 and have been available since +.Ox 2.9 . +.Pp +.Fn ENGINE_cleanup +first appeared in OpenSSL 0.9.7 and has been available since +.Ox 3.2 . diff --git a/src/lib/libcrypto/man/ENGINE_ctrl.3 b/src/lib/libcrypto/man/ENGINE_ctrl.3 new file mode 100644 index 00000000000..c02e9b5a94e --- /dev/null +++ b/src/lib/libcrypto/man/ENGINE_ctrl.3 @@ -0,0 +1,470 @@ +.\" $OpenBSD: ENGINE_ctrl.3,v 1.4 2018/04/19 18:43:58 schwarze Exp $ +.\" content checked up to: +.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800 +.\" +.\" Copyright (c) 2018 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: April 19 2018 $ +.Dt ENGINE_CTRL 3 +.Os +.Sh NAME +.Nm ENGINE_ctrl , +.Nm ENGINE_cmd_is_executable , +.Nm ENGINE_ctrl_cmd , +.Nm ENGINE_ctrl_cmd_string , +.Nm ENGINE_set_ctrl_function , +.Nm ENGINE_get_ctrl_function , +.Nm ENGINE_set_cmd_defns , +.Nm ENGINE_get_cmd_defns +.Nd control commands for ENGINE objects +.Sh SYNOPSIS +.In openssl/engine.h +.Ft int +.Fo ENGINE_ctrl +.Fa "ENGINE *e" +.Fa "int cmd" +.Fa "long i" +.Fa "void *p" +.Fa "void (*f)(void)" +.Fc +.Ft int +.Fo ENGINE_cmd_is_executable +.Fa "ENGINE *e" +.Fa "int cmd" +.Fc +.Ft int +.Fo ENGINE_ctrl_cmd +.Fa "ENGINE *e" +.Fa "const char *cmd_name" +.Fa "long i" +.Fa "void *p" +.Fa "void (*f)(void)" +.Fa "int cmd_optional" +.Fc +.Ft int +.Fo ENGINE_ctrl_cmd_string +.Fa "ENGINE *e" +.Fa "const char *cmd_name" +.Fa "const char *arg" +.Fa "int cmd_optional" +.Fc +.Ft typedef int +.Fo (*ENGINE_CTRL_FUNC_PTR) +.Fa "ENGINE *e" +.Fa "int cmd" +.Fa "long i" +.Fa "void *p" +.Fa "void (*f)(void)" +.Fc +.Ft int +.Fo ENGINE_set_ctrl_function +.Fa "ENGINE *e" +.Fa "ENGINE_CTRL_FUNC_PTR ctrl_f" +.Fc +.Ft ENGINE_CTRL_FUNC_PTR +.Fo ENGINE_get_ctrl_function +.Fa "const ENGINE *e" +.Fc +.Ft int +.Fo ENGINE_set_cmd_defns +.Fa "ENGINE *e" +.Fa "const ENGINE_CMD_DEFN *defns" +.Fc +.Ft const ENGINE_CMD_DEFN * +.Fo ENGINE_get_cmd_defns +.Fa "const ENGINE *e" +.Fc +.Sh DESCRIPTION +.Fn ENGINE_ctrl +calls the built-in or user-defined +.Fa cmd +for the engine +.Fa e , +passing the arguments +.Fa i +and +.Fa p . +.Pp +User-defined commands can be used before +.Xr ENGINE_init 3 +to provide data required for initialization +or at any time to modify the behaviour of an engine. +.Pp +Most built-in commands operate on user-defined commands installed with +.Fn ENGINE_set_cmd_defns , +either using the +.Fa p +argument to indicate the user-defined command with the command name +.Fa cmd_name +or using the +.Fa i +argument to indicate the user-defined command with the command number +.Fa cmd_num . +The +.Fa cmd +arguments to call the built-in commands are as follows: +.Bl -tag -width Ds +.It Dv ENGINE_CTRL_GET_CMD_FLAGS +Return the +.Fa cmd_flags +of the user-defined command with the number +.Fa i , +or a number less than or equal to 0 if an error occurs or +the command number does not exist. +A return value of 0 indicates failure if +.Fa e +is +.Dv NULL +or has a reference count of 0, or success if +.Fa e +is valid. +.It Dv ENGINE_CTRL_GET_CMD_FROM_NAME +Return the positive command number +of the user-defined command with the name +.Fa p , +or a number less than or equal to 0 if an error occurs or no +matching name is found. +.It Dv ENGINE_CTRL_GET_DESC_FROM_CMD +Copy the description of the user-defined command with the number +.Fa i +into the buffer +.Fa p +and NUL-terminate it. +It is the reponsability of the caller to make sure that the buffer +.Fa p +is large enough, either by calling +.Dv ENGINE_CTRL_GET_DESC_LEN_FROM_CMD +first or using knowledge about the array passed to +.Fn ENGINE_set_cmd_defns . +The return value is the number of bytes written +.Em including +the terminating NUL byte, or a number less than or equal to 0 +if an error occurs. +.It Dv ENGINE_CTRL_GET_DESC_LEN_FROM_CMD +Return the length in bytes +.Em excluding +the terminating NUL byte +of the description of the user-defined command with the number +.Fa i , +or a number less than or equal to 0 if an error occurs. +A return value of 0 indicates failure if +.Fa e +is +.Dv NULL +or has a reference count of 0, or success if +.Fa e +is valid. +.It Dv ENGINE_CTRL_GET_FIRST_CMD_TYPE +Return the positive command number +of the first user-defined command installed with +.Fn ENGINE_set_cmd_defns +or a number less than or equal to 0 if an error occurs or no +user-defined command has been installed. +.It Dv ENGINE_CTRL_GET_NAME_FROM_CMD +Copy the name of the user-defined command with the number +.Fa i +into the buffer +.Fa p +and NUL-terminate it. +It is the reponsability of the caller to make sure that the buffer +.Fa p +is large enough, either by calling +.Dv ENGINE_CTRL_GET_NAME_LEN_FROM_CMD +first or using knowledge about the array passed to +.Fn ENGINE_set_cmd_defns . +The return value is the number of bytes written +.Em including +the terminating NUL byte, or a number less than or equal to 0 +if an error occurs. +.It Dv ENGINE_CTRL_GET_NAME_LEN_FROM_CMD +Return the length in bytes +.Em excluding +the terminating NULL byte +of the name of the user-defined command with the number +.Fa i , +or a number less than or equal to 0 if an error occurs. +A return value of 0 indicates failure if +.Fa e +is +.Dv NULL +or has a reference count of 0, or success if +.Fa e +is valid. +.It Dv ENGINE_CTRL_GET_NEXT_CMD_TYPE +Return the positive command number of the next user-defined command +after the user-defined command with the number +.Fa i , +or a number less than or equal to 0 if an error occurs or if +.Fa i +is the last user-defined command. +Together with +.Dv ENGINE_CTRL_GET_FIRST_CMD_TYPE , +this can be used to iterate the user-defined commands installed with +.Fn ENGINE_set_cmd_defns . +.It Dv ENGINE_CTRL_HAS_CTRL_FUNCTION +Return 1 if +.Fa e +has its own +.Fa ctrl_f +installed with +.Fn ENGINE_set_ctrl_function +or 0 otherwise. +.El +.Pp +.Fn ENGINE_ctrl_cmd +translates the +.Fa cmd_name +of a user-defined command to a +.Fa cmd +number and calls +.Fn ENGINE_ctrl +on it. +If +.Fa cmd_optional +is non-zero, lack of a +.Fa ctrl_f +in +.Fa e +and translation failure with +.Dv ENGINE_CTRL_GET_CMD_FROM_NAME +are considered success, and the command has no effect. +Otherwise, these problems cause +.Fn ENGINE_ctrl_cmd +to fail. +.Pp +Neither +.Fn ENGINE_ctrl +nor +.Fn ENGINE_ctrl_cmd +ever call the +.Fa f +callback, but merely pass it on as an argument to the engine-specific +.Fa ctrl_f +control function. +It is up to +.Fa ctrl_f +how to use it, or alternatively to ignore it as well. +.Pp +.Fn ENGINE_ctrl_cmd_string +translates the +.Fa cmd_name +of a user-defined command to a +.Fa cmd +number. +If that command has the +.Dv ENGINE_CMD_FLAG_NO_INPUT +flag set, +.Fa arg +must be +.Dv NULL +and +.Fn ENGINE_ctrl +is called with +.Fa i +set to 0 and +.Fa p +set to +.Dv NULL . +Otherwise, +.Fa arg +must not be +.Dv NULL . +If the command accepts string input, +.Fa i +is set to 0 and +.Fa arg +is passed as the +.Fa p +argument to +.Fn ENGINE_ctrl . +Otherwise, +.Fa arg +is converted with +.Xr strtol 3 +and passed as the +.Fa i +argument to +.Fn ENGINE_ctrl , +setting +.Fa p +to +.Dv NULL . +.Pp +.Fn ENGINE_set_ctrl_function +installs +.Fa ctrl_f +as the engine-specific control function for +.Fa e . +Future calls to +.Fn ENGINE_ctrl +will call that function, passing on their arguments unchanged, if the +.Fa cmd +is not built-in to the library or if the +.Dv ENGINE_FLAGS_MANUAL_CMD_CTRL +flag is set in +.Fa e . +Let the +.Fa ctrl_f +return positive values on success or negative values on failure. +Avoid return values of 0 because they cause dangerous ambiguity. +In particular, +.Fn ENGINE_ctrl_cmd +and +.Fn ENGINE_ctrl_cmd_string +cannot be used with user-defined commands +that may return 0 on success. +.Pp +.Fn ENGINE_set_cmd_defns +install an array of command definitions in +.Fa e . +.Pp +The structure +.Vt ENGINE_CMD_DEFN +has the following fields: +.Bl -tag -width Ds +.It Fa "unsigned int cmd_num" +A positive, unique, monotonically increasing command number. +Avoid using numbers below +.Dv ENGINE_CMD_BASE . +.It Fa "const char *cmd_name" +The unique name of the command. +.It Fa "const char *cmd_desc" +A short description of the command. +.It Fa "unsigned int cmd_flags" +The bitwise OR of zero or more of the following flags: +.Bl -tag -width Ds +.It Dv ENGINE_CMD_FLAG_NUMERIC +The command uses +.Fa i . +.It Dv ENGINE_CMD_FLAG_STRING +The command uses +.Fa p . +.It Dv ENGINE_CMD_FLAG_NO_INPUT +The command neither uses +.Fa i +nor +.Fa p . +.It Dv ENGINE_CMD_FLAG_INTERNAL +This flag has no effect and is only provided for compatibility. +.El +.El +.Pp +The last element of +.Fa defns +does not specify a command, but must have a +.Fa cmd_num +of 0 and a +.Fa cmd_name +of +.Dv NULL +to indicate the end of the array. +.Sh RETURN VALUES +For +.Fn ENGINE_ctrl , +positive return values indicate success and negative return values +indicate failure. +The meaning of a zero return value depends on the particular +.Fa cmd +and may indicate both success and failure, which is pathetic. +.Pp +Regardless of the +.Fa cmd , +.Fn ENGINE_ctrl +returns 0 if +.Fa e +is +.Dv NULL +or has a reference count of 0. +This is quite unfortunate for commands like +.Dv ENGINE_CTRL_GET_CMD_FLAGS +where 0 may indicate success, so make sure +.Fa e +is valid before issuing a control command. +.Pp +For built-in commands except +.Dv ENGINE_CTRL_HAS_CTRL_FUNCTION , +.Fn ENGINE_ctrl +returns \-1 if +.Dv ENGINE_FLAGS_MANUAL_CMD_CTRL +is set but no +.Fa ctrl_f +has been installed with +.Fn ENGINE_set_ctrl_function . +.Pp +For commands that are not built in, +.Fn ENGINE_ctrl +returns 0 if no +.Fa ctrl_f +has been installed with +.Fn ENGINE_set_ctrl_function . +.Pp +.Fn ENGINE_cmd_is_executable +returns 1 if the user-defined +.Fa cmd +is executable and has at least one of the flags +.Dv ENGINE_CMD_FLAG_NUMERIC , +.Dv ENGINE_CMD_FLAG_STRING , +and +.Dv ENGINE_CMD_FLAG_NO_INPUT +set, or 0 otherwise. +.Pp +.Fn ENGINE_ctrl_cmd +and +.Fn ENGINE_ctrl_cmd_string +return 1 on success or 0 on error. +.Pp +.Fn ENGINE_set_ctrl_function +and +.Fn ENGINE_set_cmd_defns +always return 1. +.Pp +.Fn ENGINE_get_ctrl_function +returns a pointer to the function +.Fa ctrl_f +installed with +.Fn ENGINE_set_ctrl_function , +or +.Dv NULL +if none has been installed. +.Pp +.Fn ENGINE_get_cmd_defns +returns the array of command definitions installed in +.Fa e +or +.Dv NULL +if none is installed. +.Sh SEE ALSO +.Xr ENGINE_add 3 , +.Xr ENGINE_init 3 , +.Xr ENGINE_new 3 , +.Xr ENGINE_register_RSA 3 , +.Xr ENGINE_set_flags 3 , +.Xr ENGINE_set_RSA 3 +.Sh HISTORY +.Fn ENGINE_ctrl , +.Fn ENGINE_set_ctrl_function , +and +.Fn ENGINE_get_ctrl_function +first appeared in OpenSSL 0.9.7 and have been available since +.Ox 2.9 . +.Pp +.Fn ENGINE_cmd_is_executable , +.Fn ENGINE_ctrl_cmd , +.Fn ENGINE_ctrl_cmd_string , +.Fn ENGINE_set_cmd_defns , +and +.Fn ENGINE_get_cmd_defns +first appeared in OpenSSL 0.9.7 and have been available since +.Ox 3.2 . diff --git a/src/lib/libcrypto/man/ENGINE_get_default_RSA.3 b/src/lib/libcrypto/man/ENGINE_get_default_RSA.3 new file mode 100644 index 00000000000..b04d42c18ff --- /dev/null +++ b/src/lib/libcrypto/man/ENGINE_get_default_RSA.3 @@ -0,0 +1,160 @@ +.\" $OpenBSD: ENGINE_get_default_RSA.3,v 1.2 2018/04/18 03:39:22 schwarze Exp $ +.\" content checked up to: +.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800 +.\" +.\" Copyright (c) 2018 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: April 18 2018 $ +.Dt ENGINE_GET_DEFAULT_RSA 3 +.Os +.Sh NAME +.Nm ENGINE_get_default_RSA , +.Nm ENGINE_get_default_DSA , +.Nm ENGINE_get_default_ECDH , +.Nm ENGINE_get_default_ECDSA , +.Nm ENGINE_get_default_DH , +.Nm ENGINE_get_default_RAND , +.Nm ENGINE_get_cipher_engine , +.Nm ENGINE_get_digest_engine , +.Nm ENGINE_set_table_flags , +.Nm ENGINE_get_table_flags +.Nd retrieve the default ENGINE for an algorithm +.Sh SYNOPSIS +.In openssl/engine.h +.Ft ENGINE * +.Fn ENGINE_get_default_RSA void +.Ft ENGINE * +.Fn ENGINE_get_default_DSA void +.Ft ENGINE * +.Fn ENGINE_get_default_ECDH void +.Ft ENGINE * +.Fn ENGINE_get_default_ECDSA void +.Ft ENGINE * +.Fn ENGINE_get_default_DH void +.Ft ENGINE * +.Fn ENGINE_get_default_RAND void +.Ft ENGINE * +.Fo ENGINE_get_cipher_engine +.Fa "int nid" +.Fc +.Ft ENGINE * +.Fo ENGINE_get_digest_engine +.Fa "int nid" +.Fc +.Ft void +.Fo ENGINE_set_table_flags +.Fa "unsigned int flags" +.Fc +.Ft unsigned int +.Fn ENGINE_get_table_flags void +.Sh DESCRIPTION +These functions retrieve the current default +.Vt ENGINE +implementing the respective algorithm. +.Pp +If a default engine was previously selected, +.Xr ENGINE_init 3 +is called on it again and it is used. +Otherwise, these functions inspect the engines registered +with the functions documented in +.Xr ENGINE_register_RSA 3 +in the order of the table for the respective algorithm. +If an inspected engine is already successfully initialized, +.Xr ENGINE_init 3 +is called on it again and it is used as the new default. +Otherwise, unless the global flag +.Dv ENGINE_TABLE_FLAG_NOINIT +is set, +.Xr ENGINE_init 3 +is tried on it. +If it succeeds, that engine is used as the new default. +If it fails or if +.Dv ENGINE_TABLE_FLAG_NOINIT +is set, inspection continues with the next engine. +.Pp +The global flag can be set by calling +.Fn ENGINE_set_table_flags +with an argument of +.Dv ENGINE_TABLE_FLAG_NOINIT +or cleared by calling it with an argument of 0. +By default, the flag is not set. +.Pp +While all the other functions operate on exactly one algorithm, +.Fn ENGINE_get_cipher_engine +and +.Fn ENGINE_get_digest_engine +are special in so far as they can handle multiple algorithms, +identified by the given +.Fa nid . +The default engine is remembered separately for each algorithm. +.Pp +Application programs rarely need to call these functions because +they are called automatically when needed, in particular from +.Xr RSA_new 3 , +.Xr DSA_new 3 , +.Fn ECDH_set_method , +.Fn ECDH_compute_key , +.Xr ECDSA_set_method 3 , +.Xr ECDSA_do_sign_ex 3 , +.Xr ECDSA_do_verify 3 , +.Xr DH_new 3 , +.Xr EVP_CipherInit_ex 3 , +and +.Xr EVP_DigestInit_ex 3 . +.Sh RETURN VALUES +These functions return a functional reference to an +.Vt ENGINE +object or +.Dv NULL +on failure, in particular when no engine implementing the algorithm +is available, when +.Xr ENGINE_init 3 +fails for all implementations, +or when insufficient memory is available. +Even when these functions fail, the application may still be able +to use the algorithm in question because the built-in implementation +is used in that case, if one is available. +.Pp +.Fn ENGINE_get_table_flags +returns +.Dv ENGINE_TABLE_FLAG_NOINIT +if the global flag is set or 0 otherwise. +.Sh SEE ALSO +.Xr ENGINE_init 3 , +.Xr ENGINE_new 3 , +.Xr ENGINE_register_RSA 3 , +.Xr ENGINE_set_default 3 +.Sh HISTORY +.Fn ENGINE_get_default_RSA , +.Fn ENGINE_get_default_DSA , +.Fn ENGINE_get_default_DH , +and +.Fn ENGINE_get_default_RAND +first appeared in OpenSSL 0.9.7 and have been available since +.Ox 2.9 . +.Pp +.Fn ENGINE_get_cipher_engine , +.Fn ENGINE_get_digest_engine , +.Fn ENGINE_set_table_flags , +and +.Fn ENGINE_get_table_flags +first appeared in OpenSSL 0.9.7 and have been available since +.Ox 3.2 . +.Pp +.Fn ENGINE_get_default_ECDH +and +.Fn ENGINE_get_default_ECDSA +first appeared in OpenSSL 0.9.8 and have been available since +.Ox 4.5 . diff --git a/src/lib/libcrypto/man/ENGINE_init.3 b/src/lib/libcrypto/man/ENGINE_init.3 new file mode 100644 index 00000000000..d41d98a2f1b --- /dev/null +++ b/src/lib/libcrypto/man/ENGINE_init.3 @@ -0,0 +1,134 @@ +.\" $OpenBSD: ENGINE_init.3,v 1.2 2018/04/18 03:39:22 schwarze Exp $ +.\" Copyright (c) 2018 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: April 18 2018 $ +.Dt ENGINE_INIT 3 +.Os +.Sh NAME +.Nm ENGINE_init , +.Nm ENGINE_finish , +.Nm ENGINE_set_init_function , +.Nm ENGINE_set_finish_function , +.Nm ENGINE_get_init_function , +.Nm ENGINE_get_finish_function +.Nd initialize ENGINE objects +.Sh SYNOPSIS +.In openssl/engine.h +.Ft int +.Fo ENGINE_init +.Fa "ENGINE *e" +.Fc +.Ft int +.Fo ENGINE_finish +.Fa "ENGINE *e" +.Fc +.Ft typedef int +.Fo (*ENGINE_GEN_INT_FUNC_PTR) +.Fa "ENGINE *e" +.Fc +.Ft int +.Fo ENGINE_set_init_function +.Fa "ENGINE *e" +.Fa "ENGINE_GEN_INT_FUNC_PTR init_f" +.Fc +.Ft int +.Fo ENGINE_set_finish_function +.Fa "ENGINE *e" +.Fa "ENGINE_GEN_INT_FUNC_PTR finish_f" +.Fc +.Ft ENGINE_GEN_INT_FUNC_PTR +.Fo ENGINE_get_init_function +.Fa "const ENGINE *e" +.Fc +.Ft ENGINE_GEN_INT_FUNC_PTR +.Fo ENGINE_get_finish_function +.Fa "const ENGINE *e" +.Fc +.Sh DESCRIPTION +.Fn ENGINE_init +initializes +.Fa e +by calling the +.Fa init_f +previously installed with +.Fn ENGINE_set_init_function , +if any. +In case of success, it also increments both the structural +and the functional reference count by 1. +If no +.Fa init_f +was installed, +.Fn ENGINE_init +always succeeds. +Calling +.Fn ENGINE_init +again after it already succeeded always succeeds, but has no effect +except that it increments both the structural and the functional +reference count by 1. +.Pp +.Fn ENGINE_finish +decrements the functional reference count by 1. +When it reaches 0, it calls the +.Fa finish_f +previously installed with +.Fn ENGINE_set_finish_function , +if any. +If no +.Fa finish_f +was installed, +.Fn ENGINE_finish +always succeeds. +Unless +.Fa finish_f +fails, +.Fn ENGINE_finish +also calls +.Xr ENGINE_free 3 . +.Pp +.Fn ENGINE_init +is internally called by the functions documented in the +.Xr ENGINE_get_default_RSA 3 +manual page. +.Sh RETURN VALUES +.Fn ENGINE_init +and +.Fn ENGINE_finish +return 1 on success or 0 on error. +.Pp +.Fn ENGINE_set_init_function +and +.Fn ENGINE_set_finish_function +always return 1. +.Pp +.Fn ENGINE_get_init_function +and +.Fn ENGINE_get_finish_function +return a function pointer to the respective callback, or +.Dv NULL +if none is installed. +.Sh SEE ALSO +.Xr ENGINE_add 3 , +.Xr ENGINE_ctrl 3 , +.Xr ENGINE_get_default_RSA 3 , +.Xr ENGINE_new 3 , +.Xr ENGINE_register_RSA 3 , +.Xr ENGINE_set_default 3 , +.Xr ENGINE_set_flags 3 , +.Xr ENGINE_set_RSA 3 , +.Xr ENGINE_unregister_RSA 3 +.Sh HISTORY +These functions first appeared in OpenSSL 0.9.7 +and have been available since +.Ox 2.9 . diff --git a/src/lib/libcrypto/man/ENGINE_new.3 b/src/lib/libcrypto/man/ENGINE_new.3 new file mode 100644 index 00000000000..f1218b17080 --- /dev/null +++ b/src/lib/libcrypto/man/ENGINE_new.3 @@ -0,0 +1,189 @@ +.\" $OpenBSD: ENGINE_new.3,v 1.3 2018/04/18 03:39:22 schwarze Exp $ +.\" content checked up to: +.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800 +.\" +.\" Copyright (c) 2018 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: April 18 2018 $ +.Dt ENGINE_NEW 3 +.Os +.Sh NAME +.Nm ENGINE_new , +.Nm ENGINE_up_ref , +.Nm ENGINE_free , +.Nm ENGINE_set_destroy_function , +.Nm ENGINE_get_destroy_function +.Nd create and destroy ENGINE objects +.Sh SYNOPSIS +.In openssl/engine.h +.Ft ENGINE * +.Fn ENGINE_new void +.Ft int +.Fo ENGINE_up_ref +.Fa "ENGINE *e" +.Fc +.Ft int +.Fo ENGINE_free +.Fa "ENGINE *e" +.Fc +.Ft typedef int +.Fo (*ENGINE_GEN_INT_FUNC_PTR) +.Fa "ENGINE *e" +.Fc +.Ft int +.Fo ENGINE_set_destroy_function +.Fa "ENGINE *e" +.Fa "ENGINE_GEN_INT_FUNC_PTR destroy_f" +.Fc +.Ft ENGINE_GEN_INT_FUNC_PTR +.Fo ENGINE_get_destroy_function +.Fa "const ENGINE *e" +.Fc +.Sh DESCRIPTION +.Vt ENGINE +objects can be used to provide alternative implementations of +cryptographic algorithms, to support additional algorithms, to +support cryptographic hardware, and to switch among alternative +implementations of algorithms at run time. +LibreSSL generally avoids engines and prefers providing +cryptographic functionality in the crypto library itself. +.Pp +.Fn ENGINE_new +allocates and initializes an empty +.Vt ENGINE +object and sets its structural reference count to 1 +and its functional reference count to 0. +For more information about the functional reference count, see the +.Xr ENGINE_init 3 +manual page. +.Pp +Many functions increment the structural reference count by 1 +when successful. +Some of them, including +.Xr ENGINE_get_first 3 , +.Xr ENGINE_get_last 3 , +.Xr ENGINE_get_next 3 , +.Xr ENGINE_get_prev 3 , +and +.Xr ENGINE_by_id 3 , +do so because they return a structural reference to the user. +Other functions, including +.Xr ENGINE_add 3 , +.Xr ENGINE_init 3 , +.Xr ENGINE_get_cipher_engine 3 , +.Xr ENGINE_get_digest_engine 3 , +and the +.Xr ENGINE_get_default_RSA 3 +and +.Xr ENGINE_set_default 3 +families of functions +do so when they store a structural refence internally. +.Pp +.Fn ENGINE_up_ref +explicitly increment the structural reference count by 1. +.Pp +.Fn ENGINE_free +decrements the structural reference count by 1, +and if it reaches 0, the optional +.Fa destroy_f +previously installed with +.Fn ENGINE_set_destroy_function +is called, if one is installed, and both the memory used internally by +.Fa e +and +.Fa e +itself are freed. +If +.Fa e +is a +.Dv NULL +pointer, no action occurs. +.Pp +Many functions internally call the equivalent of +.Fn ENGINE_free . +Some of them, including +.Xr ENGINE_get_next 3 +and +.Xr ENGINE_get_prev 3 , +thus invalidate the structural reference passed in by the user. +Other functions, including +.Xr ENGINE_finish 3 , +.Xr ENGINE_remove 3 , +and the +.Xr ENGINE_set_default 3 +family of functions +do so when an internally stored structural reference is no longer needed. +.Pp +.Fn ENGINE_set_destroy_function +installs a callback function that will be called by +.Fn ENGINE_free , +but only when +.Fa e +actually gets destroyed, +not when only its reference count gets decremented. +The value returned from the +.Fa destroy_f +will be ignored. +.Sh RETURN VALUES +.Fn ENGINE_new +returns a structural reference to the new +.Vt ENGINE +object or +.Dv NULL +if an error occurs. +.Pp +.Fn ENGINE_up_ref +returns 0 if +.Fa e +is +.Dv NULL +and 1 otherwise. +.Pp +.Fn ENGINE_free +and +.Fn ENGINE_set_destroy_function +always return 1. +.Pp +.Fn ENGINE_get_destroy_function +returns a function pointer to the callback, or +.Dv NULL +if none is installed. +.Sh SEE ALSO +.Xr ENGINE_add 3 , +.Xr ENGINE_ctrl 3 , +.Xr ENGINE_get_default_RSA 3 , +.Xr ENGINE_init 3 , +.Xr ENGINE_register_all_RSA 3 , +.Xr ENGINE_register_RSA 3 , +.Xr ENGINE_set_default 3 , +.Xr ENGINE_set_flags 3 , +.Xr ENGINE_set_RSA 3 , +.Xr ENGINE_unregister_RSA 3 +.Sh HISTORY +.Fn ENGINE_new +and +.Fn ENGINE_free +first appeared in OpenSSL 0.9.7 and have been available since +.Ox 2.9 . +.Pp +.Fn ENGINE_set_destroy_function +and +.Fn ENGINE_get_destroy_function +first appeared in OpenSSL 0.9.7 and have been available since +.Ox 3.2 . +.Pp +.Fn ENGINE_up_ref +first appeared in OpenSSL 0.9.7 and has been available since +.Ox 3.4 . diff --git a/src/lib/libcrypto/man/ENGINE_register_RSA.3 b/src/lib/libcrypto/man/ENGINE_register_RSA.3 new file mode 100644 index 00000000000..5c63729cfc8 --- /dev/null +++ b/src/lib/libcrypto/man/ENGINE_register_RSA.3 @@ -0,0 +1,142 @@ +.\" $OpenBSD: ENGINE_register_RSA.3,v 1.2 2018/04/18 03:39:22 schwarze Exp $ +.\" content checked up to: +.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800 +.\" +.\" Copyright (c) 2018 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: April 18 2018 $ +.Dt ENGINE_REGISTER_RSA 3 +.Os +.Sh NAME +.Nm ENGINE_register_RSA , +.Nm ENGINE_register_DSA , +.Nm ENGINE_register_ECDH , +.Nm ENGINE_register_ECDSA , +.Nm ENGINE_register_DH , +.Nm ENGINE_register_RAND , +.Nm ENGINE_register_STORE , +.Nm ENGINE_register_ciphers , +.Nm ENGINE_register_digests , +.Nm ENGINE_register_complete +.Nd register an ENGINE as implementing an algorithm +.Sh SYNOPSIS +.In openssl/engine.h +.Ft int +.Fo ENGINE_register_RSA +.Fa "ENGINE *e" +.Fc +.Ft int +.Fo ENGINE_register_DSA +.Fa "ENGINE *e" +.Fc +.Ft int +.Fo ENGINE_register_ECDH +.Fa "ENGINE *e" +.Fc +.Ft int +.Fo ENGINE_register_ECDSA +.Fa "ENGINE *e" +.Fc +.Ft int +.Fo ENGINE_register_DH +.Fa "ENGINE *e" +.Fc +.Ft int +.Fo ENGINE_register_RAND +.Fa "ENGINE *e" +.Fc +.Ft int +.Fo ENGINE_register_STORE +.Fa "ENGINE *e" +.Fc +.Ft int +.Fo ENGINE_register_ciphers +.Fa "ENGINE *e" +.Fc +.Ft int +.Fo ENGINE_register_digests +.Fa "ENGINE *e" +.Fc +.Ft int +.Fo ENGINE_register_complete +.Fa "ENGINE *e" +.Fc +.Sh DESCRIPTION +In addition to the global table described in +.Xr ENGINE_add 3 , +the crypto library maintains several tables containing references to +.Vt ENGINE +objects implementing one specific cryptographic algorithm. +.Pp +The functions listed in the present manual page append +.Fa e +to the end of the table for the respective algorithm. +.Pp +If +.Fa e +does not contain a method for the requested algorithm, +these functions succeed without having any effect. +.Pp +If +.Fa e +is already registered for the given algorithm, +they move it to the end of the respective table. +.Pp +.Fn ENGINE_register_ciphers +and +.Fn ENGINE_register_digests +are special in so far as an engine may implement +more than one cipher or more than one digest. +In that case, +.Fa e +is registered for all the ciphers or digests it implements. +.Pp +.Fn ENGINE_register_complete +registers +.Fa e +for all algorithms it implements by calling all the other functions. +.Sh RETURN VALUES +These functions return 1 on success or 0 on error. +They only fail if insufficient memory is available. +.Sh SEE ALSO +.Xr ENGINE_add 3 , +.Xr ENGINE_get_default_RSA 3 , +.Xr ENGINE_init 3 , +.Xr ENGINE_new 3 , +.Xr ENGINE_register_all_RSA 3 , +.Xr ENGINE_set_default 3 , +.Xr ENGINE_set_RSA 3 , +.Xr ENGINE_unregister_RSA 3 +.Sh HISTORY +.Fn ENGINE_register_RSA , +.Fn ENGINE_register_DSA , +.Fn ENGINE_register_DH , +.Fn ENGINE_register_RAND , +.Fn ENGINE_register_ciphers , +.Fn ENGINE_register_digests , +and +.Fn ENGINE_register_complete +first appeared in OpenSSL 0.9.7 and have been available since +.Ox 3.2 . +.Pp +.Fn ENGINE_register_ECDH , +.Fn ENGINE_register_ECDSA , +and +.Fn ENGINE_register_STORE +first appeared in OpenSSL 0.9.8 and have been available since +.Ox 4.5 . +.Sh BUGS +.Fn ENGINE_register_complete +ignores all errors, even memory allocation failure, and always returns 1. diff --git a/src/lib/libcrypto/man/ENGINE_register_all_RSA.3 b/src/lib/libcrypto/man/ENGINE_register_all_RSA.3 new file mode 100644 index 00000000000..3016eec3d4e --- /dev/null +++ b/src/lib/libcrypto/man/ENGINE_register_all_RSA.3 @@ -0,0 +1,123 @@ +.\" $OpenBSD: ENGINE_register_all_RSA.3,v 1.3 2018/04/18 03:39:22 schwarze Exp $ +.\" content checked up to: +.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800 +.\" +.\" Copyright (c) 2018 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: April 18 2018 $ +.Dt ENGINE_REGISTER_ALL_RSA 3 +.Os +.Sh NAME +.Nm ENGINE_register_all_RSA , +.Nm ENGINE_register_all_DSA , +.Nm ENGINE_register_all_ECDH , +.Nm ENGINE_register_all_ECDSA , +.Nm ENGINE_register_all_DH , +.Nm ENGINE_register_all_RAND , +.Nm ENGINE_register_all_STORE , +.Nm ENGINE_register_all_ciphers , +.Nm ENGINE_register_all_digests , +.Nm ENGINE_register_all_complete , +.Nm ENGINE_load_builtin_engines , +.Nm ENGINE_load_dynamic +.Nd register all engines as implementing an algorithm +.Sh SYNOPSIS +.In openssl/engine.h +.Ft void +.Fn ENGINE_register_all_RSA void +.Ft void +.Fn ENGINE_register_all_DSA void +.Ft void +.Fn ENGINE_register_all_ECDH void +.Ft void +.Fn ENGINE_register_all_ECDSA void +.Ft void +.Fn ENGINE_register_all_DH void +.Ft void +.Fn ENGINE_register_all_RAND void +.Ft void +.Fn ENGINE_register_all_STORE void +.Ft void +.Fn ENGINE_register_all_ciphers void +.Ft void +.Fn ENGINE_register_all_digests void +.Ft int +.Fn ENGINE_register_all_complete void +.Ft void +.Fn ENGINE_load_builtin_engines void +.Ft void +.Fn ENGINE_load_dynamic void +.Sh DESCRIPTION +These functions loop over all the +.Vt ENGINE +objects contained in the global table described in the +.Xr ENGINE_add 3 +manual page. +They register each object for the respective algorithm +by calling the corresponding function described in +.Xr ENGINE_register_RSA 3 . +.Pp +.Fn ENGINE_register_all_complete +calls +.Fn ENGINE_register_complete +in this way, except that it skips those +.Vt ENGINE +objects that have the +.Dv ENGINE_FLAGS_NO_REGISTER_ALL +flag set with +.Xr ENGINE_set_flags 3 . +.Pp +.Fn ENGINE_load_builtin_engines +calls +.Xr OPENSSL_init_crypto 3 +with no options, loads any built-in engines +that are enabled by default, and calls +.Fn ENGINE_register_all_complete . +Currently, LibreSSL does not provide any engines. +.Sy GOST +and +.Sy aesni +support is provided by the crypto library itself +and does not require any engines, not even built-in ones. +.Pp +.Fn ENGINE_load_dynamic +has no effect and is only provided for compatibility. +.Sh SEE ALSO +.Xr ENGINE_add 3 , +.Xr ENGINE_new 3 , +.Xr ENGINE_register_RSA 3 , +.Xr ENGINE_set_flags 3 , +.Xr OPENSSL_config 3 , +.Xr OPENSSL_init_crypto 3 +.Sh HISTORY +.Fn ENGINE_register_all_RSA , +.Fn ENGINE_register_all_DSA , +.Fn ENGINE_register_all_DH , +.Fn ENGINE_register_all_RAND , +.Fn ENGINE_register_all_ciphers , +.Fn ENGINE_register_all_digests , +.Fn ENGINE_register_all_complete , +.Fn ENGINE_load_builtin_engines , +and +.Fn ENGINE_load_dynamic +first appeared in OpenSSL 0.9.7 and have been available since +.Ox 3.2 . +.Pp +.Fn ENGINE_register_all_ECDH , +.Fn ENGINE_register_all_ECDSA , +and +.Fn ENGINE_register_all_STORE +first appeared in OpenSSL 0.9.8 and have been available since +.Ox 4.5 . diff --git a/src/lib/libcrypto/man/ENGINE_set_RSA.3 b/src/lib/libcrypto/man/ENGINE_set_RSA.3 new file mode 100644 index 00000000000..acf4285e540 --- /dev/null +++ b/src/lib/libcrypto/man/ENGINE_set_RSA.3 @@ -0,0 +1,325 @@ +.\" $OpenBSD: ENGINE_set_RSA.3,v 1.3 2018/05/17 07:21:32 jmc Exp $ +.\" content checked up to: +.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800 +.\" +.\" Copyright (c) 2018 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: May 17 2018 $ +.Dt ENGINE_SET_RSA 3 +.Os +.Sh NAME +.Nm ENGINE_set_RSA , +.Nm ENGINE_get_RSA , +.Nm ENGINE_set_DSA , +.Nm ENGINE_get_DSA , +.Nm ENGINE_set_ECDH , +.Nm ENGINE_get_ECDH , +.Nm ENGINE_set_ECDSA , +.Nm ENGINE_get_ECDSA , +.Nm ENGINE_set_DH , +.Nm ENGINE_get_DH , +.Nm ENGINE_set_RAND , +.Nm ENGINE_get_RAND , +.Nm ENGINE_set_STORE , +.Nm ENGINE_get_STORE , +.Nm ENGINE_set_ciphers , +.Nm ENGINE_get_ciphers , +.Nm ENGINE_get_cipher , +.Nm ENGINE_set_digests , +.Nm ENGINE_get_digests , +.Nm ENGINE_get_digest +.Nd install and retrieve function tables of crypto engines +.Sh SYNOPSIS +.In openssl/engine.h +.Ft int +.Fo ENGINE_set_RSA +.Fa "ENGINE *e" +.Fa "const RSA_METHOD *rsa_meth" +.Fc +.Ft const RSA_METHOD * +.Fo ENGINE_get_RSA +.Fa "const ENGINE *e" +.Fc +.Ft int +.Fo ENGINE_set_DSA +.Fa "ENGINE *e" +.Fa "const DSA_METHOD *dsa_meth" +.Fc +.Ft const DSA_METHOD * +.Fo ENGINE_get_DSA +.Fa "const ENGINE *e" +.Fc +.Ft int +.Fo ENGINE_set_ECDH +.Fa "ENGINE *e" +.Fa "const ECDH_METHOD *dh_meth" +.Fc +.Ft const ECDH_METHOD * +.Fo ENGINE_get_ECDH +.Fa "const ENGINE *e" +.Fc +.Ft int +.Fo ENGINE_set_ECDSA +.Fa "ENGINE *e" +.Fa "const ECDSA_METHOD *dh_meth" +.Fc +.Ft const ECDSA_METHOD * +.Fo ENGINE_get_ECDSA +.Fa "const ENGINE *e" +.Fc +.Ft int +.Fo ENGINE_set_DH +.Fa "ENGINE *e" +.Fa "const DH_METHOD *dh_meth" +.Fc +.Ft const DH_METHOD * +.Fo ENGINE_get_DH +.Fa "const ENGINE *e" +.Fc +.Ft int +.Fo ENGINE_set_RAND +.Fa "ENGINE *e" +.Fa "const RAND_METHOD *rand_meth" +.Fc +.Ft const RAND_METHOD * +.Fo ENGINE_get_RAND +.Fa "const ENGINE *e" +.Fc +.Ft int +.Fo ENGINE_set_STORE +.Fa "ENGINE *e" +.Fa "const STORE_METHOD *rand_meth" +.Fc +.Ft const STORE_METHOD * +.Fo ENGINE_get_STORE +.Fa "const ENGINE *e" +.Fc +.Ft typedef int +.Fo (*ENGINE_CIPHERS_PTR) +.Fa "ENGINE *e" +.Fa "const EVP_CIPHER **impl" +.Fa "const int **nids" +.Fa "int nid" +.Fc +.Ft int +.Fo ENGINE_set_ciphers +.Fa "ENGINE *e" +.Fa "ENGINE_CIPHERS_PTR f" +.Fc +.Ft ENGINE_CIPHERS_PTR +.Fo ENGINE_get_ciphers +.Fa "const ENGINE *e" +.Fc +.Ft const EVP_CIPHER * +.Fo ENGINE_get_cipher +.Fa "ENGINE *e" +.Fa "int nid" +.Fc +.Ft typedef int +.Fo (*ENGINE_DIGESTS_PTR) +.Fa "ENGINE *e" +.Fa "const EVP_MD **impl" +.Fa "const int **nids" +.Fa "int nid" +.Fc +.Ft int +.Fo ENGINE_set_digests +.Fa "ENGINE *e" +.Fa "ENGINE_DIGESTS_PTR f" +.Fc +.Ft ENGINE_DIGESTS_PTR +.Fo ENGINE_get_digests +.Fa "const ENGINE *e" +.Fc +.Ft const EVP_MD * +.Fo ENGINE_get_digest +.Fa "ENGINE *e" +.Fa "int nid" +.Fc +.Sh DESCRIPTION +The +.Fn ENGINE_set_* +functions install a table of function pointers +implementing the respective algorithm in +.Fa e . +Partial information about the various method objects is available from +.Xr RSA_meth_new 3 , +.Xr RSA_get_default_method 3 , +.Xr DSA_meth_new 3 , +.Xr DSA_get_default_method 3 , +.Fn ECDH_get_default_method , +.Xr ECDSA_get_default_method 3 , +.Xr DH_get_default_method 3 , +.Xr RAND_get_rand_method 3 , +.Xr EVP_get_cipherbynid 3 , +and +.Xr EVP_get_digestbynid 3 . +.Vt STORE_METHOD +is an incomplete type, and the pointers to it are not used for anything. +For complete descriptions of these types, +refer to the respective header files. +.Pp +The functions described in the +.Xr ENGINE_register_RSA 3 +and +.Xr ENGINE_set_default 3 +manual pages only have an effect after function pointers +were installed using the functions described here. +.Pp +.Fn ENGINE_set_ciphers +and +.Fn ENGINE_set_digests +are special in so far as the +.Vt ENGINE +structure does not provide fields to store function pointers +implementing ciphers or digests. +Instead, these two functions only install a callback to +retrieve implementations. +Where the pointers to the implementations are stored internally, +how they get initialized, and how the +.Vt ENGINE_CIPHERS_PTR +and +.Vt ENGINE_DIGESTS_PTR +callbacks retrieve them +is up to the implementation of each individual engine. +.Pp +If the +.Vt ENGINE_CIPHERS_PTR +and +.Vt ENGINE_DIGESTS_PTR +callbacks are called with a non-zero +.Fa nid , +they retrieve the implementation of that cipher or digest, +respectively. +In this case, a +.Dv NULL +pointer can be passed as the +.Fa nids +argument. +.Fn ENGINE_get_cipher +and +.Fn ENGINE_get_digest +call the callbacks installed in +.Fa e +in this way. +.Pp +If 0 is passed as the +.Fa nid +argument, an internal pointer +to the array of implementations available in +.Fa e +is returned in +.Pf * Fa impl , +and an internal pointer +to the array of corresponding identifiers in +.Pf * Fa nids . +The return value of the callback indicates +the number of implementations returned. +.Pp +The +.Fn ENGINE_get_* +functions retrieve the previously installed function tables. +They are used when constructing basic cryptographic objects +as shown in the following table: +.Bl -column "ENGINE_get_digestMM" +.It Accessor: Ta Called by: +.It Fn ENGINE_get_RSA Ta Xr RSA_new_method 3 , Xr RSA_new 3 +.It Fn ENGINE_get_DSA Ta Xr DSA_new_method 3 , Xr DSA_new 3 +.It Fn ENGINE_get_ECDH Ta Fn ECDH_set_method , Fn ECDH_compute_key +.It Fn ENGINE_get_ECDSA Ta Xr ECDSA_set_method 3 , Xr ECDSA_sign_setup 3 , +.Xr ECDSA_do_sign_ex 3 , Xr ECDSA_do_verify 3 +.It Fn ENGINE_get_DH Ta Xr DH_new_method 3 , Xr DH_new 3 +.It Fn ENGINE_get_RAND Ta unused +.It Fn ENGINE_get_STORE Ta unused +.It Fn ENGINE_get_cipher Ta Xr EVP_CipherInit_ex 3 +.It Fn ENGINE_get_digest Ta Xr EVP_DigestInit_ex 3 +.El +.Sh RETURN VALUES +The +.Fn ENGINE_set_* +functions return 1 on success or 0 on error. +Currently, they cannot fail. +.Pp +The +.Fn ENGINE_get_* +functions return a method object for the respective algorithm, or +.Dv NULL +if none is installed. +.Pp +.Fn ENGINE_get_ciphers +and +.Fn ENGINE_get_digests +return a function pointer to the respective callback, or +.Dv NULL +if none is installed. +.Pp +.Fn ENGINE_get_cipher +returns an +.Vt EVP_CIPHER +object implementing the cipher +.Fa nid +or +.Dv NULL +if +.Fa e +does not implement that cipher. +.Pp +.Fn ENGINE_get_digest +returns an +.Vt EVP_MD +object implementing the digest +.Fa nid +or +.Dv NULL +if +.Fa e +does not implement that digest. +.Sh SEE ALSO +.Xr ENGINE_ctrl 3 , +.Xr ENGINE_new 3 , +.Xr ENGINE_register_RSA 3 , +.Xr ENGINE_set_default 3 , +.Xr ENGINE_set_flags 3 +.Sh HISTORY +.Fn ENGINE_set_RSA , +.Fn ENGINE_get_RSA , +.Fn ENGINE_set_DSA , +.Fn ENGINE_get_DSA , +.Fn ENGINE_set_DH , +.Fn ENGINE_get_DH , +.Fn ENGINE_set_RAND , +.Fn ENGINE_get_RAND , +first appeared in OpenSSL 0.9.7 and have been available since +.Ox 2.9 . +.Pp +.Fn ENGINE_set_ciphers , +.Fn ENGINE_get_ciphers , +.Fn ENGINE_get_cipher , +.Fn ENGINE_set_digests , +.Fn ENGINE_get_digests , +and +.Fn ENGINE_get_digest +first appeared in OpenSSL 0.9.7 and have been available since +.Ox 3.2 . +.Pp +.Fn ENGINE_set_ECDH , +.Fn ENGINE_get_ECDH , +.Fn ENGINE_set_ECDSA , +.Fn ENGINE_get_ECDSA , +.Fn ENGINE_set_STORE , +and +.Fn ENGINE_get_STORE +first appeared in OpenSSL 0.9.8 and have been available since +.Ox 4.5 . diff --git a/src/lib/libcrypto/man/ENGINE_set_default.3 b/src/lib/libcrypto/man/ENGINE_set_default.3 new file mode 100644 index 00000000000..d63dc2f390f --- /dev/null +++ b/src/lib/libcrypto/man/ENGINE_set_default.3 @@ -0,0 +1,185 @@ +.\" $OpenBSD: ENGINE_set_default.3,v 1.3 2018/04/18 12:56:50 jmc Exp $ +.\" content checked up to: +.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800 +.\" +.\" Copyright (c) 2018 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: April 18 2018 $ +.Dt ENGINE 3 +.Os +.Sh NAME +.Nm ENGINE_set_default , +.Nm ENGINE_set_default_string , +.Nm ENGINE_set_default_RSA , +.Nm ENGINE_set_default_DSA , +.Nm ENGINE_set_default_ECDH , +.Nm ENGINE_set_default_ECDSA , +.Nm ENGINE_set_default_DH , +.Nm ENGINE_set_default_RAND , +.Nm ENGINE_set_default_ciphers , +.Nm ENGINE_set_default_digests +.Nd register an ENGINE as the default for an algorithm +.Sh SYNOPSIS +.Ft int +.Fo ENGINE_set_default_RSA +.Fa "ENGINE *e" +.Fc +.Ft int +.Fo ENGINE_set_default_DSA +.Fa "ENGINE *e" +.Fc +.Ft int +.Fo ENGINE_set_default_ECDH +.Fa "ENGINE *e" +.Fc +.Ft int +.Fo ENGINE_set_default_ECDSA +.Fa "ENGINE *e" +.Fc +.Ft int +.Fo ENGINE_set_default_DH +.Fa "ENGINE *e" +.Fc +.Ft int +.Fo ENGINE_set_default_RAND +.Fa "ENGINE *e" +.Fc +.Ft int +.Fo ENGINE_set_default_ciphers +.Fa "ENGINE *e" +.Fc +.Ft int +.Fo ENGINE_set_default_digests +.Fa "ENGINE *e" +.Fc +.Ft int +.Fo ENGINE_set_default +.Fa "ENGINE *e" +.Fa "unsigned int flags" +.Fc +.Ft int +.Fo ENGINE_set_default_string +.Fa "ENGINE *e" +.Fa "const char *list" +.Fc +.Sh DESCRIPTION +These functions register +.Fa e +as implementing the respective algorithm +like the functions described in the +.Xr ENGINE_register_RSA 3 +manual page do it. +In addition, they call +.Xr ENGINE_init 3 +on +.Fa e +and select +.Fa e +as the default implementation of the respective algorithm to be +returned by the functions described in +.Xr ENGINE_get_default_RSA 3 +in the future. +If another engine was previously selected +as the default implementation of the respective algorithm, +.Xr ENGINE_finish 3 +is called on that previous engine. +.Pp +If +.Fa e +implements more than one cipher or digest, +.Fn ENGINE_set_default_ciphers +and +.Fn ENGINE_set_default_digests +register and select it for all these ciphers and digests, respectively. +.Pp +.Fn ENGINE_set_default +registers +.Fa e +as the default implementation of all algorithms specified by the +.Fa flags +by calling the appropriate ones among the other functions. +Algorithms can be selected by combining any number of the +following constants with bitwise OR: +.Dv ENGINE_METHOD_ALL , +.Dv ENGINE_METHOD_RSA , +.Dv ENGINE_METHOD_DSA , +.Dv ENGINE_METHOD_ECDH , +.Dv ENGINE_METHOD_ECDSA , +.Dv ENGINE_METHOD_DH , +.Dv ENGINE_METHOD_RAND , +.Dv ENGINE_METHOD_CIPHERS , +.Dv ENGINE_METHOD_DIGESTS , +.Dv ENGINE_METHOD_PKEY_METHS , +and +.Dv ENGINE_METHOD_PKEY_ASN1_METHS . +.Pp +.Fn ENGINE_set_default_string +is similar except that it selects the algorithms according to the string +.Fa def_list , +which contains an arbitrary number of comma-separated keywords from +the following list: ALL, RSA, DSA, ECDH, ECDSA, DH, RAND, CIPHERS, +DIGESTS, PKEY_CRYPTO, PKEY_ASN1, and PKEY. +PKEY_CRYPTO corresponds to +.Dv ENGINE_METHOD_PKEY_METHS , +PKEY_ASN1 to +.Dv ENGINE_METHOD_PKEY_ASN1_METHS , +and PKEY selects both. +.Sh RETURN VALUES +These functions return 1 on success or 0 on error. +They fail if +.Xr ENGINE_init 3 +fails or if insufficient memory is available. +.Sh SEE ALSO +.Xr ENGINE_get_default_RSA 3 , +.Xr ENGINE_init 3 , +.Xr ENGINE_new 3 , +.Xr ENGINE_register_RSA 3 , +.Xr ENGINE_set_RSA 3 , +.Xr ENGINE_unregister_RSA 3 +.Sh HISTORY +.Fn ENGINE_set_default , +.Fn ENGINE_set_default_RSA , +.Fn ENGINE_set_default_DSA , +.Fn ENGINE_set_default_DH , +and +.Fn ENGINE_set_default_RAND +first appeared in OpenSSL 0.9.7 and have been available since +.Ox 2.9 . +.Pp +.Fn ENGINE_set_default_string , +.Fn ENGINE_set_default_ciphers , +and +.Fn ENGINE_set_default_digests +first appeared in OpenSSL 0.9.7 and have been available since +.Ox 3.2 . +.Pp +.Fn ENGINE_set_default_ECDH +and +.Fn ENGINE_set_default_ECDSA +first appeared in OpenSSL 0.9.8 and have been available since +.Ox 4.5 . +.Sh CAVEATS +Failure of +.Xr ENGINE_finish 3 +is ignored. +.Sh BUGS +Even when +.Fn ENGINE_set_default +or +.Fn ENGINE_set_default_string +fail, they typically still register +.Fa e +for some algorithms, but usually not for all it could be registered +for by calling the individual functions. diff --git a/src/lib/libcrypto/man/ENGINE_set_flags.3 b/src/lib/libcrypto/man/ENGINE_set_flags.3 new file mode 100644 index 00000000000..33e8f333cef --- /dev/null +++ b/src/lib/libcrypto/man/ENGINE_set_flags.3 @@ -0,0 +1,92 @@ +.\" $OpenBSD: ENGINE_set_flags.3,v 1.2 2018/04/18 03:39:22 schwarze Exp $ +.\" content checked up to: +.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800 +.\" +.\" Copyright (c) 2018 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: April 18 2018 $ +.Dt ENGINE_SET_FLAGS 3 +.Os +.Sh NAME +.Nm ENGINE_set_flags , +.Nm ENGINE_get_flags +.Nd modify the behaviour of an ENGINE object +.Sh SYNOPSIS +.In openssl/engine.h +.Ft int +.Fo ENGINE_set_flags +.Fa "ENGINE *e" +.Fa "int flags" +.Fc +.Ft int +.Fo ENGINE_get_flags +.Fa "const ENGINE *e" +.Fc +.Sh DESCRIPTION +.Fn ENGINE_set_flags +sets the flags attribute of +.Fa e +to the new +.Fa flags . +The previous state of the flags attribute is overwritten. +Flags that were previously set are cleared +unless they are also present in the new +.Fa flags . +.Pp +The +.Fa flags +argument can be the bitwise OR of zero or more +of the following constants: +.Bl -tag -width Ds +.It Dv ENGINE_FLAGS_BY_ID_COPY +.Xr ENGINE_by_id 3 +returns a shallow copy of the +.Vt ENGINE +object it found rather than incrementing the reference count +and returning a pointer to the original. +.It Dv ENGINE_FLAGS_MANUAL_CMD_CTRL +.Xr ENGINE_ctrl 3 +lets the function installed with +.Xr ENGINE_set_ctrl_function 3 +handle all commands except +.Dv ENGINE_CTRL_HAS_CTRL_FUNCTION , +even the builtin commands. +.It Dv ENGINE_FLAGS_NO_REGISTER_ALL +.Xr ENGINE_register_all_complete 3 +skips +.Fa e . +.El +.Sh RETURN VALUES +.Fn ENGINE_set_flags +always returns 1. +.Pp +.Fn ENGINE_get_flags +returns the +.Fa flags +attribute of +.Fa e . +.Sh SEE ALSO +.Xr ENGINE_by_id 3 , +.Xr ENGINE_ctrl 3 , +.Xr ENGINE_init 3 , +.Xr ENGINE_new 3 , +.Xr ENGINE_register_all_complete 3 , +.Xr ENGINE_set_RSA 3 +.Sh HISTORY +.Fn ENGINE_set_flags +and +.Fn ENGINE_get_flags +first appeared in OpenSSL 0.9.7 and have been available since +.Ox 3.2 . diff --git a/src/lib/libcrypto/man/ENGINE_unregister_RSA.3 b/src/lib/libcrypto/man/ENGINE_unregister_RSA.3 new file mode 100644 index 00000000000..d0373063825 --- /dev/null +++ b/src/lib/libcrypto/man/ENGINE_unregister_RSA.3 @@ -0,0 +1,119 @@ +.\" $OpenBSD: ENGINE_unregister_RSA.3,v 1.3 2018/04/18 03:39:22 schwarze Exp $ +.\" content checked up to: +.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800 +.\" +.\" Copyright (c) 2018 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: April 18 2018 $ +.Dt ENGINE_UNREGISTER_RSA 3 +.Os +.Sh NAME +.Nm ENGINE_unregister_RSA , +.Nm ENGINE_unregister_DSA , +.Nm ENGINE_unregister_ECDH , +.Nm ENGINE_unregister_ECDSA , +.Nm ENGINE_unregister_DH , +.Nm ENGINE_unregister_RAND , +.Nm ENGINE_unregister_STORE , +.Nm ENGINE_unregister_ciphers , +.Nm ENGINE_unregister_digests +.Nd revoke the registration of an ENGINE object +.Sh SYNOPSIS +.In openssl/engine.h +.Ft void +.Fo ENGINE_unregister_RSA +.Fa "ENGINE *e" +.Fc +.Ft void +.Fo ENGINE_unregister_DSA +.Fa "ENGINE *e" +.Fc +.Ft void +.Fo ENGINE_unregister_ECDH +.Fa "ENGINE *e" +.Fc +.Ft void +.Fo ENGINE_unregister_ECDSA +.Fa "ENGINE *e" +.Fc +.Ft void +.Fo ENGINE_unregister_DH +.Fa "ENGINE *e" +.Fc +.Ft void +.Fo ENGINE_unregister_RAND +.Fa "ENGINE *e" +.Fc +.Ft void +.Fo ENGINE_unregister_STORE +.Fa "ENGINE *e" +.Fc +.Ft void +.Fo ENGINE_unregister_ciphers +.Fa "ENGINE *e" +.Fc +.Ft void +.Fo ENGINE_unregister_digests +.Fa "ENGINE *e" +.Fc +.Sh DESCRIPTION +These functions remove +.Fa e +from the list of +.Vt ENGINE +objects that were previously registered for the respective algorithm +with the functions described in +.Xr ENGINE_register_RSA 3 . +.Pp +If +.Fa e +is currently used as the default engine for the algorithm +as described in the +.Fn ENGINE_set_default 3 +and +.Fn ENGINE_get_default_RSA 3 +manual pages, +.Xr ENGINE_finish 3 +is also called. +.Pp +.Fn ENGINE_unregister_ciphers +and +.Fn ENGINE_unregister_digests +unregister +.Fa e +for all ciphers or digests, respectively. +.Sh SEE ALSO +.Xr ENGINE_cleanup 3 , +.Xr ENGINE_finish 3 , +.Xr ENGINE_new 3 , +.Xr ENGINE_register_RSA 3 , +.Xr ENGINE_set_default 3 +.Sh HISTORY +.Fn ENGINE_unregister_RSA , +.Fn ENGINE_unregister_DSA , +.Fn ENGINE_unregister_DH , +.Fn ENGINE_unregister_RAND , +.Fn ENGINE_unregister_ciphers , +and +.Fn ENGINE_unregister_digests +first appeared in OpenSSL 0.9.7 and have been available since +.Ox 3.2 . +.Pp +.Fn ENGINE_unregister_ECDH , +.Fn ENGINE_unregister_ECDSA , +and +.Fn ENGINE_unregister_STORE +first appeared in OpenSSL 0.9.8 and have been available since +.Ox 4.5 . diff --git a/src/lib/libcrypto/man/ERR.3 b/src/lib/libcrypto/man/ERR.3 new file mode 100644 index 00000000000..63787f1fa59 --- /dev/null +++ b/src/lib/libcrypto/man/ERR.3 @@ -0,0 +1,213 @@ +.\" $OpenBSD: ERR.3,v 1.6 2019/03/10 14:50:05 schwarze Exp $ +.\" OpenSSL 186bb907 Apr 13 11:05:13 2015 -0700 +.\" +.\" This file was written by Ulf Moeller and +.\" Dr. Stephen Henson . +.\" Copyright (c) 2000, 2015 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 10 2019 $ +.Dt ERR 3 +.Os +.Sh NAME +.Nm ERR +.Nd OpenSSL error codes +.Sh SYNOPSIS +.In openssl/err.h +.Sh DESCRIPTION +When a call to the OpenSSL library fails, this is usually signaled by +the return value, and an error code is stored in an error queue +associated with the current thread. +The +.Nm +library provides functions to obtain these error codes and textual error +messages. +The +.Xr ERR_get_error 3 +manpage describes how to access error codes. +.Pp +Error codes contain information about where the error occurred, and what +went wrong. +.Xr ERR_GET_LIB 3 +describes how to extract this information. +A method to obtain human-readable error messages is described in +.Xr ERR_error_string 3 . +.Pp +.Xr ERR_clear_error 3 +can be used to clear the error queue. +.Pp +Note that +.Xr ERR_remove_state 3 +should be used to avoid memory leaks when threads are terminated. +.Sh ADDING NEW ERROR CODES TO OPENSSL +See +.Xr ERR_put_error 3 +if you want to record error codes in the OpenSSL error system from +within your application. +.Pp +The remainder of this section is of interest only if you want to add new +error codes to OpenSSL or add error codes from external libraries. +.Pp +When you are using new function or reason codes, run +.Sy make errors . +The necessary +.Sy #define Ns s +will then automatically be added to the sub-library's header file. +.Ss Adding new libraries +When adding a new sub-library to OpenSSL, assign it a library number +.Dv ERR_LIB_XXX , +define a macro +.Fn XXXerr +(both in +.In openssl/err.h ) , +add its name to +.Va ERR_str_libraries[] +(in +.Pa /usr/src/lib/libcrypto/err/err.c ) , +and add +.Fn ERR_load_XXX_strings +to the +.Fn ERR_load_crypto_strings +function (in +.Sy /usr/src/lib/libcrypto/err/err_all.c ) . +Finally, add an entry +.Pp +.Dl L XXX xxx.h xxx_err.c +.Pp +to +.Sy /usr/src/lib/libcrypto/err/openssl.ec , +and add +.Pa xxx_err.c +to the +.Pa Makefile . +Running +.Sy make errors +will then generate a file +.Pa xxx_err.c , +and add all error codes used in the library to +.Pa xxx.h . +.Pp +Additionally the library include file must have a certain form. +Typically it will initially look like this: +.Bd -literal -offset indent +#ifndef HEADER_XXX_H +#define HEADER_XXX_H + +#ifdef __cplusplus +extern "C" { +#endif + +/* Include files */ + +#include +#include + +/* Macros, structures and function prototypes */ + +/* BEGIN ERROR CODES */ +.Ed +.Pp +The +.Sy BEGIN ERROR CODES +sequence is used by the error code generation script as the point to +place new error codes. +Any text after this point will be overwritten when +.Sy make errors +is run. +The closing #endif etc. will be automatically added by the script. +.Pp +The generated C error code file +.Pa xxx_err.c +will load the header files +.In stdio.h , +.In openssl/err.h +and +.In openssl/xxx.h +so the header file must load any additional header files containing any +definitions it uses. +.Sh USING ERROR CODES IN EXTERNAL LIBRARIES +It is also possible to use OpenSSL's error code scheme in external +libraries. +The library needs to load its own codes and call the OpenSSL error code +insertion script +.Pa mkerr.pl +explicitly to add codes to the header file and generate the C error code +file. +This will normally be done if the external library needs to generate new +ASN.1 structures but it can also be used to add more general purpose +error code handling. +.Sh INTERNALS +The error queues are stored in a hash table with one +.Vt ERR_STATE +entry for each PID. +.Fn ERR_get_state +returns the current thread's +.Vt ERR_STATE . +An +.Vt ERR_STATE +can hold up to +.Dv ERR_NUM_ERRORS +error codes. +When more error codes are added, the old ones are overwritten, on the +assumption that the most recent errors are most important. +.Pp +Error strings are also stored in a hash table. +The hash tables can be obtained by calling +.Fn ERR_get_err_state_table +and +.Fn ERR_get_string_table . +.Sh SEE ALSO +.Xr ERR_clear_error 3 , +.Xr ERR_error_string 3 , +.Xr ERR_get_error 3 , +.Xr ERR_GET_LIB 3 , +.Xr ERR_load_crypto_strings 3 , +.Xr ERR_load_strings 3 , +.Xr ERR_print_errors 3 , +.Xr ERR_put_error 3 , +.Xr ERR_remove_state 3 , +.Xr ERR_set_mark 3 , +.Xr SSL_get_error 3 diff --git a/src/lib/libcrypto/man/ERR_GET_LIB.3 b/src/lib/libcrypto/man/ERR_GET_LIB.3 new file mode 100644 index 00000000000..bc14f0e2ac8 --- /dev/null +++ b/src/lib/libcrypto/man/ERR_GET_LIB.3 @@ -0,0 +1,126 @@ +.\" $OpenBSD: ERR_GET_LIB.3,v 1.7 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL doc/man3/ERR_GET_LIB.pod 3dfda1a6 Dec 12 11:14:40 2016 -0500 +.\" +.\" This file was written by Ulf Moeller . +.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt ERR_GET_LIB 3 +.Os +.Sh NAME +.Nm ERR_GET_LIB , +.Nm ERR_GET_FUNC , +.Nm ERR_GET_REASON , +.Nm ERR_FATAL_ERROR +.Nd get library, function and reason codes for OpenSSL errors +.Sh SYNOPSIS +.In openssl/err.h +.Ft int +.Fo ERR_GET_LIB +.Fa "unsigned long e" +.Fc +.Ft int +.Fo ERR_GET_FUNC +.Fa "unsigned long e" +.Fc +.Ft int +.Fo ERR_GET_REASON +.Fa "unsigned long e" +.Fc +.Ft int +.Fo ERR_FATAL_ERROR +.Fa "unsigned long e" +.Fc +.Sh DESCRIPTION +The error code returned by +.Xr ERR_get_error 3 +consists of a library number, function code, and reason code. +.Fn ERR_GET_LIB , +.Fn ERR_GET_FUNC , +and +.Fn ERR_GET_REASON +can be used to extract these. +.Pp +The library number and function code describe where the error occurred, +whereas the reason code is the information about what went wrong. +.Pp +Each sub-library of OpenSSL has a unique library number; function and +reason codes are unique within each sub-library. +Note that different libraries may use the same value to signal different +functions and reasons. +.Pp +.Dv ERR_R_* +reason codes such as +.Dv ERR_R_MALLOC_FAILURE +are globally unique. +However, when checking for sub-library specific reason codes, be sure to +also compare the library number. +.Pp +.Fn ERR_FATAL_ERROR +indicates whether a given error code is a fatal error. +.Pp +These functions are implemented as macros. +.Sh RETURN VALUES +.Fn ERR_GET_LIB , +.Fn ERR_GET_FUNC , +and +.Fn ERR_GET_REASON +return the library number, function code, and reason code, respectively. +.Pp +.Fn ERR_FATAL_ERROR +returns non-zero if the error is fatal or 0 otherwise. +.Sh SEE ALSO +.Xr ERR 3 , +.Xr ERR_get_error 3 +.Sh HISTORY +.Fn ERR_GET_LIB , +.Fn ERR_GET_FUNC , +.Fn ERR_GET_REASON , +and +.Fn ERR_FATAL_ERROR +first appeared in SSLeay 0.4.4 and have been available since +.Ox 2.4 . diff --git a/src/lib/libcrypto/man/ERR_asprintf_error_data.3 b/src/lib/libcrypto/man/ERR_asprintf_error_data.3 new file mode 100644 index 00000000000..67999e9cb08 --- /dev/null +++ b/src/lib/libcrypto/man/ERR_asprintf_error_data.3 @@ -0,0 +1,55 @@ +.\" $OpenBSD: ERR_asprintf_error_data.3,v 1.2 2017/02/21 07:15:21 jmc Exp $ +.\" +.\" Copyright (c) 2017 Bob Beck +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.Dd $Mdocdate: February 21 2017 $ +.Dt ERR_ASPRINTF_ERROR_DATA 3 +.Os +.Sh NAME +.Nm ERR_asprintf_error_data +.Nd record a LibreSSL error using a formatted string +.Sh SYNOPSIS +.In openssl/err.h +.Ft void +.Fo ERR_asprintf_error_data +.Fa "char * format" +.Fa ... +.Fc +.Sh DESCRIPTION +.Nm +builds a string using +.Xr asprintf 3 +called with the provided +.Ar format +and arguments. +The resulting string is then associated with the error code that was most +recently added. +If +.Xr asprintf 3 +fails, the string "malloc failed" is associated instead. +.Pp +.Nm +is intended to be used instead of the OpenSSL functions +.Xr ERR_add_error_data 3 +and +.Xr ERR_add_error_vdata 3 . +.Sh SEE ALSO +.Xr ERR 3 , +.Xr ERR_put_error 3 , +.Xr printf 3 +.Sh HISTORY +.Nm +appeared in +.Ox 5.6 +and is available in all versions of LibreSSL. diff --git a/src/lib/libcrypto/man/ERR_clear_error.3 b/src/lib/libcrypto/man/ERR_clear_error.3 new file mode 100644 index 00000000000..54f563e1662 --- /dev/null +++ b/src/lib/libcrypto/man/ERR_clear_error.3 @@ -0,0 +1,70 @@ +.\" $OpenBSD: ERR_clear_error.3,v 1.5 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Ulf Moeller . +.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt ERR_CLEAR_ERROR 3 +.Os +.Sh NAME +.Nm ERR_clear_error +.Nd clear the OpenSSL error queue +.Sh SYNOPSIS +.In openssl/err.h +.Ft void +.Fn ERR_clear_error void +.Sh DESCRIPTION +.Fn ERR_clear_error +empties the current thread's error queue. +.Sh SEE ALSO +.Xr ERR 3 , +.Xr ERR_get_error 3 +.Sh HISTORY +.Fn ERR_clear_error +first appeared in SSLeay 0.4.4 and has been available since +.Ox 2.4 . diff --git a/src/lib/libcrypto/man/ERR_error_string.3 b/src/lib/libcrypto/man/ERR_error_string.3 new file mode 100644 index 00000000000..60f91328598 --- /dev/null +++ b/src/lib/libcrypto/man/ERR_error_string.3 @@ -0,0 +1,176 @@ +.\" $OpenBSD: ERR_error_string.3,v 1.7 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Ulf Moeller . +.\" Copyright (c) 2000, 2004 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt ERR_ERROR_STRING 3 +.Os +.Sh NAME +.Nm ERR_error_string , +.Nm ERR_error_string_n , +.Nm ERR_lib_error_string , +.Nm ERR_func_error_string , +.Nm ERR_reason_error_string +.Nd obtain human-readable OpenSSL error messages +.Sh SYNOPSIS +.In openssl/err.h +.Ft char * +.Fo ERR_error_string +.Fa "unsigned long e" +.Fa "char *buf" +.Fc +.Ft void +.Fo ERR_error_string_n +.Fa "unsigned long e" +.Fa "char *buf" +.Fa "size_t len" +.Fc +.Ft const char * +.Fo ERR_lib_error_string +.Fa "unsigned long e" +.Fc +.Ft const char * +.Fo ERR_func_error_string +.Fa "unsigned long e" +.Fc +.Ft const char * +.Fo ERR_reason_error_string +.Fa "unsigned long e" +.Fc +.Sh DESCRIPTION +.Fn ERR_error_string +generates a human-readable string representing the error code +.Fa e +and places it in +.Fa buf . +.Fa buf +must be at least 256 bytes long. +If +.Fa buf +is +.Dv NULL , +the error string is placed in a static buffer. +Note that this function is not thread-safe and does no checks on +the size of the buffer; use +.Fn ERR_error_string_n +instead. +.Pp +.Fn ERR_error_string_n +is a variant of +.Fn ERR_error_string +that writes at most +.Fa len +characters (including the terminating NUL) and truncates the string +if necessary. +For +.Fn ERR_error_string_n , +.Fa buf +may not be +.Dv NULL . +.Pp +The string will have the following format: +.Pp +.Dl error:[error code]:[library name]:[function name]:[reason string] +.Pp +The error code is an 8-digit hexadecimal number. +The library name, the function name, and the reason string are ASCII +text. +.Pp +.Fn ERR_lib_error_string , +.Fn ERR_func_error_string , +and +.Fn ERR_reason_error_string +return the library name, the function name, and the reason string, +respectively. +.Pp +The OpenSSL error strings should be loaded by calling +.Xr ERR_load_crypto_strings 3 +or, for SSL applications, +.Xr SSL_load_error_strings 3 +first. +If there is no text string registered for the given error code, the +error string will contain the numeric code. +.Pp +.Xr ERR_print_errors 3 +can be used to print all error codes currently in the queue. +.Sh RETURN VALUES +.Fn ERR_error_string +returns a pointer to a static buffer containing the string if +.Fa buf +is +.Dv NULL , +or +.Fa buf +otherwise. +.Pp +.Fn ERR_lib_error_string , +.Fn ERR_func_error_string , +and +.Fn ERR_reason_error_string +return the strings, or +.Dv NULL +if none is registered for the error code. +.Sh SEE ALSO +.Xr ERR 3 , +.Xr ERR_get_error 3 , +.Xr ERR_load_crypto_strings 3 , +.Xr ERR_print_errors 3 , +.Xr SSL_load_error_strings 3 +.Sh HISTORY +.Fn ERR_error_string , +.Fn ERR_lib_error_string , +.Fn ERR_func_error_string , +and +.Fn ERR_reason_error_string +first appeared in SSLeay 0.4.4 and have been available since +.Ox 2.4 . +.Pp +.Fn ERR_error_string_n +first appeared in OpenSSL 0.9.6 and has been available since +.Ox 2.9 . diff --git a/src/lib/libcrypto/man/ERR_get_error.3 b/src/lib/libcrypto/man/ERR_get_error.3 new file mode 100644 index 00000000000..f3bcc09cbca --- /dev/null +++ b/src/lib/libcrypto/man/ERR_get_error.3 @@ -0,0 +1,191 @@ +.\" $OpenBSD: ERR_get_error.3,v 1.8 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Ulf Moeller . +.\" Copyright (c) 2000, 2002, 2014 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt ERR_GET_ERROR 3 +.Os +.Sh NAME +.Nm ERR_get_error , +.Nm ERR_peek_error , +.Nm ERR_peek_last_error , +.Nm ERR_get_error_line , +.Nm ERR_peek_error_line , +.Nm ERR_peek_last_error_line , +.Nm ERR_get_error_line_data , +.Nm ERR_peek_error_line_data , +.Nm ERR_peek_last_error_line_data +.Nd obtain OpenSSL error code and data +.Sh SYNOPSIS +.In openssl/err.h +.Ft unsigned long +.Fn ERR_get_error void +.Ft unsigned long +.Fn ERR_peek_error void +.Ft unsigned long +.Fn ERR_peek_last_error void +.Ft unsigned long +.Fo ERR_get_error_line +.Fa "const char **file" +.Fa "int *line" +.Fc +.Ft unsigned long +.Fo ERR_peek_error_line +.Fa "const char **file" +.Fa "int *line" +.Fc +.Ft unsigned long +.Fo ERR_peek_last_error_line +.Fa "const char **file" +.Fa "int *line" +.Fc +.Ft unsigned long +.Fo ERR_get_error_line_data +.Fa "const char **file" +.Fa "int *line" +.Fa "const char **data" +.Fa "int *flags" +.Fc +.Ft unsigned long +.Fo ERR_peek_error_line_data +.Fa "const char **file" +.Fa "int *line" +.Fa "const char **data" +.Fa "int *flags" +.Fc +.Ft unsigned long +.Fo ERR_peek_last_error_line_data +.Fa "const char **file" +.Fa "int *line" +.Fa "const char **data" +.Fa "int *flags" +.Fc +.Sh DESCRIPTION +.Fn ERR_get_error +returns the earliest error code from the thread's error queue and +removes the entry. +This function can be called repeatedly until there are no more error +codes to return. +.Pp +.Fn ERR_peek_error +returns the earliest error code from the thread's error queue without +modifying it. +.Pp +.Fn ERR_peek_last_error +returns the latest error code from the thread's error queue without +modifying it. +.Pp +See +.Xr ERR_GET_LIB 3 +for obtaining information about the location and reason for the error, and +.Xr ERR_error_string 3 +for human-readable error messages. +.Pp +.Fn ERR_get_error_line , +.Fn ERR_peek_error_line , +and +.Fn ERR_peek_last_error_line +are the same as the above, but they additionally store the file name and +line number where the error occurred in +.Pf * Fa file +and +.Pf * Fa line , +unless these are +.Dv NULL . +.Pp +.Fn ERR_get_error_line_data , +.Fn ERR_peek_error_line_data , +and +.Fn ERR_peek_last_error_line_data +store additional data and flags associated with the error code in +.Pf * Fa data +and +.Pf * Fa flags , +unless these are +.Dv NULL . +.Pf * Fa data +contains a string if +.Pf * Fa flags Ns & Ns Dv ERR_TXT_STRING +is true. +.Pp +An application +.Sy MUST NOT +free the +.Pf * Fa data +pointer (or any other pointers returned by these functions) with +.Xr free 3 +as freeing is handled automatically by the error library. +.Sh RETURN VALUES +The error code, or 0 if there is no error in the queue. +.Sh SEE ALSO +.Xr ERR 3 , +.Xr ERR_error_string 3 , +.Xr ERR_GET_LIB 3 +.Sh HISTORY +.Fn ERR_get_error +and +.Fn ERR_peek_error +first appeared in SSLeay 0.4.4. +.Fn ERR_get_error_line +and +.Fn ERR_peek_error_line +first appeared in SSLeay 0.6.0. +.Fn ERR_get_error_line_data +and +.Fn ERR_peek_error_line_data +first appeared in SSLeay 0.9.0. +All these functions have been available since +.Ox 2.4 . +.Pp +.Fn ERR_peek_last_error , +.Fn ERR_peek_last_error_line , +and +.Fn ERR_peek_last_error_line_data +first appeared in OpenSSL 0.9.7 and have been available since +.Ox 3.2 . diff --git a/src/lib/libcrypto/man/ERR_load_crypto_strings.3 b/src/lib/libcrypto/man/ERR_load_crypto_strings.3 new file mode 100644 index 00000000000..5421781bcce --- /dev/null +++ b/src/lib/libcrypto/man/ERR_load_crypto_strings.3 @@ -0,0 +1,139 @@ +.\" $OpenBSD: ERR_load_crypto_strings.3,v 1.7 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400 +.\" +.\" This file is a derived work. +.\" The changes are covered by the following Copyright and license: +.\" +.\" Copyright (c) 2017 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" The original file was written by Ulf Moeller . +.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt ERR_LOAD_CRYPTO_STRINGS 3 +.Os +.Sh NAME +.Nm ERR_load_crypto_strings , +.Nm ERR_free_strings , +.Nm ERR_load_BN_strings , +.Nm SSL_load_error_strings +.Nd load and free OpenSSL error strings +.Sh SYNOPSIS +.In openssl/err.h +.Ft void +.Fn ERR_load_crypto_strings void +.Ft void +.Fn ERR_free_strings void +.In openssl/bn.h +.Ft void +.Fn ERR_load_BN_strings void +.In openssl/ssl.h +.Ft void +.Fn SSL_load_error_strings void +.Sh DESCRIPTION +.Fn ERR_load_crypto_strings +registers the error strings for all +.Xr crypto 3 +functions. +.Fn SSL_load_error_strings +does the same, but also registers the +.Xr ssl 3 +error strings. +.Pp +.Fn ERR_load_BN_strings +only registers the error strings for the +.Vt BIGNUM +part of the library, i.e. the functions documented in +.Xr BN_new 3 +and in the manual pages referenced from there. +That may be useful if no other parts of the crypto library +are used by the program. +Similar functions exist for other parts of the crypto library, +but they are not yet documented. +.Pp +If the error strings were already loaded before, no action occurs. +.Pp +One of these functions should be called before generating textual error +messages. +However, this is not required when memory usage is an issue. +.Pp +.Fn ERR_free_strings +frees all previously loaded error strings. +.Sh SEE ALSO +.Xr ERR 3 , +.Xr ERR_error_string 3 +.Sh HISTORY +.Fn ERR_load_crypto_strings +and +.Fn SSL_load_error_strings +first appeared in SSLeay 0.4.4. +.Fn ERR_free_strings +and +.Fn ERR_load_BN_strings +first appeared in SSLeay 0.5.1. +These functions been available since +.Ox 2.4 . +.Sh BUGS +Even though the error strings are already compiled into the object +code of the library as static strings, these functions store them +again using dynamically allocated memory on the heap. +That may fail if insufficient memory is available, +but these functions do not report such errors. +Instead, they fail silently, possibly having registered none or only +a part of the strings requested. diff --git a/src/lib/libcrypto/man/ERR_load_strings.3 b/src/lib/libcrypto/man/ERR_load_strings.3 new file mode 100644 index 00000000000..44fde08c90f --- /dev/null +++ b/src/lib/libcrypto/man/ERR_load_strings.3 @@ -0,0 +1,117 @@ +.\" $OpenBSD: ERR_load_strings.3,v 1.7 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL 05ea606a May 20 20:52:46 2016 -0400 +.\" +.\" This file was written by Ulf Moeller . +.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt ERR_LOAD_STRINGS 3 +.Os +.Sh NAME +.Nm ERR_load_strings , +.Nm ERR_PACK , +.Nm ERR_get_next_error_library +.Nd load arbitrary OpenSSL error strings +.Sh SYNOPSIS +.In openssl/err.h +.Ft void +.Fo ERR_load_strings +.Fa "int lib" +.Fa "ERR_STRING_DATA str[]" +.Fc +.Ft unsigned long +.Fo ERR_PACK +.Fa "int lib" +.Fa "int func" +.Fa "int reason" +.Fc +.Ft int +.Fn ERR_get_next_error_library void +.Sh DESCRIPTION +.Fn ERR_load_strings +registers error strings for library number +.Fa lib . +.Pp +.Fa str +is an array of error string data: +.Bd -literal -offset indent +typedef struct ERR_string_data_st +{ + unsigned long error; + char *string; +} ERR_STRING_DATA; +.Ed +.Pp +The error code is generated from the library number and a function and +reason code: +.Pp +.Dl error = ERR_PACK(lib, func, reason) +.Pp +.Fn ERR_PACK +is a macro. +.Pp +The last entry in the array is +.Brq 0 , Dv NULL . +.Pp +.Fn ERR_get_next_error_library +can be used to assign library numbers to user libraries at runtime. +.Sh RETURN VALUES +.Fn ERR_PACK +returns the error code. +.Fn ERR_get_next_error_library +returns a new library number. +.Sh SEE ALSO +.Xr ERR 3 +.Sh HISTORY +.Fn ERR_load_strings +and +.Fn ERR_PACK +first appeared in SSLeay 0.4.4. +.Fn ERR_get_next_error_library +first appeared in SSLeay 0.9.0. +These functions have been available since +.Ox 2.4 . diff --git a/src/lib/libcrypto/man/ERR_print_errors.3 b/src/lib/libcrypto/man/ERR_print_errors.3 new file mode 100644 index 00000000000..a6fdbc0cdb8 --- /dev/null +++ b/src/lib/libcrypto/man/ERR_print_errors.3 @@ -0,0 +1,127 @@ +.\" $OpenBSD: ERR_print_errors.3,v 1.7 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Ulf Moeller , +.\" with additions by Rich Salz . +.\" Copyright (c) 2000, 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt ERR_PRINT_ERRORS 3 +.Os +.Sh NAME +.Nm ERR_print_errors , +.Nm ERR_print_errors_fp , +.Nm ERR_print_errors_cb +.Nd print OpenSSL error messages +.Sh SYNOPSIS +.In openssl/err.h +.Ft void +.Fo ERR_print_errors +.Fa "BIO *bp" +.Fc +.Ft void +.Fo ERR_print_errors_fp +.Fa "FILE *fp" +.Fc +.Ft void +.Fo ERR_print_errors_cb +.Fa "int (*cb)(const char *str, size_t len, void *u)" +.Fa "void *u" +.Fc +.Sh DESCRIPTION +.Fn ERR_print_errors +is a convenience function that prints the error strings for all errors +that OpenSSL has recorded to +.Fa bp , +thus emptying the error queue. +.Pp +.Fn ERR_print_errors_fp +is the same, except that the output goes to a +.Vt FILE . +.Pp +.Fn ERR_print_errors_cb +is the same, except that the callback function, +.Fa cb , +is called for each error line with the string, length, and userdata +.Fa u +as the callback parameters. +.Pp +The error strings have the following format: +.Bd -literal +[pid]:error:[error code]:[library name]:[function name]:[reason string]: +[file name]:[line]:[optional text message] +.Ed +.Pp +The error code is an 8-digit hexadecimal number. +The library name, the function name, and the reason string are ASCII +text, as is the optional text message if one was set for the +respective error code. +.Pp +If there is no text string registered for the given error code, the +error string will contain the numeric code. +.Sh RETURN VALUES +.Fn ERR_print_errors +and +.Fn ERR_print_errors_fp +return no values. +.Sh SEE ALSO +.Xr ERR 3 , +.Xr ERR_error_string 3 , +.Xr ERR_get_error 3 , +.Xr ERR_load_crypto_strings 3 , +.Xr SSL_load_error_strings 3 +.Sh HISTORY +.Fn ERR_print_errors +first appeared in SSLeay 0.4.5. +.Fn ERR_print_errors_fp +first appeared in SSLeay 0.6.0. +Both functions have been available since +.Ox 2.4 . +.Pp +.Fn ERR_print_errors_cb +first appeared in OpenSSL 0.9.7 and has been available since +.Ox 3.2 . diff --git a/src/lib/libcrypto/man/ERR_put_error.3 b/src/lib/libcrypto/man/ERR_put_error.3 new file mode 100644 index 00000000000..142d2eb2bdd --- /dev/null +++ b/src/lib/libcrypto/man/ERR_put_error.3 @@ -0,0 +1,158 @@ +.\" $OpenBSD: ERR_put_error.3,v 1.9 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Ulf Moeller . +.\" Copyright (c) 2000, 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt ERR_PUT_ERROR 3 +.Os +.Sh NAME +.Nm ERR_put_error , +.Nm ERR_add_error_data , +.Nm ERR_add_error_vdata +.Nd record an OpenSSL error +.Sh SYNOPSIS +.In openssl/err.h +.Ft void +.Fo ERR_put_error +.Fa "int lib" +.Fa "int func" +.Fa "int reason" +.Fa "const char *file" +.Fa "int line" +.Fc +.Ft void +.Fo ERR_add_error_data +.Fa "int num" +.Fa ... +.Fc +.Ft void +.Fo ERR_add_error_vdata +.Fa "int num" +.Fa "va_list arg" +.Fc +.Sh DESCRIPTION +.Fn ERR_put_error +adds an error code to the thread's error queue. +It signals that the error of reason code +.Fa reason +occurred in function +.Fa func +of library +.Fa lib , +in line number +.Fa line +of +.Fa file . +This function is usually called by a macro. +.Pp +.Fn ERR_add_error_data +associates the concatenation of its +.Fa num +string arguments with the error code added last. +.Fn ERR_add_error_vdata +is similar except the argument is a +.Vt va_list . +Use of +.Fn ERR_add_error_data +and +.Fn ERR_add_error_vdata +is deprecated inside of LibreSSL in favour of +.Xr ERR_asprintf_error_data 3 . +.Pp +.Xr ERR_load_strings 3 +can be used to register error strings so that the application can +generate human-readable error messages for the error code. +.Pp +Each sub-library has a specific macro +.Fn XXXerr f r +that is used to report errors. +Its first argument is a function code +.Dv XXX_F_* ; +the second argument is a reason code +.Dv XXX_R_* . +Function codes are derived from the function names +whereas reason codes consist of textual error descriptions. +For example, the function +.Fn ssl23_read +reports a "handshake failure" as follows: +.Pp +.Dl SSLerr(SSL_F_SSL23_READ, SSL_R_SSL_HANDSHAKE_FAILURE); +.Pp +Function and reason codes should consist of upper case characters, +numbers and underscores only. +The error file generation script translates function codes into function +names by looking in the header files for an appropriate function name. +If none is found it just uses the capitalized form such as "SSL23_READ" +in the above example. +.Pp +The trailing section of a reason code (after the "_R_") is translated +into lower case and underscores changed to spaces. +.Pp +Although a library will normally report errors using its own specific +.Fn XXXerr +macro, another library's macro can be used. +This is normally only done when a library wants to include ASN.1 code +which must use the +.Fn ASN1err +macro. +.Sh SEE ALSO +.Xr ERR 3 , +.Xr ERR_asprintf_error_data 3 , +.Xr ERR_load_strings 3 +.Sh HISTORY +.Fn ERR_put_error +first appeared in SSLeay 0.4.4. +.Fn ERR_add_error_data +first appeared in SSLeay 0.9.0. +Both functions have been available since +.Ox 2.4 . +.Pp +.Fn ERR_add_error_vdata +first appeared in OpenSSL 1.0.1 and has been available since +.Ox 5.3 . diff --git a/src/lib/libcrypto/man/ERR_remove_state.3 b/src/lib/libcrypto/man/ERR_remove_state.3 new file mode 100644 index 00000000000..0a879782278 --- /dev/null +++ b/src/lib/libcrypto/man/ERR_remove_state.3 @@ -0,0 +1,113 @@ +.\" $OpenBSD: ERR_remove_state.3,v 1.6 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400 +.\" +.\" This file was written by Ulf Moeller and +.\" Matt Caswell . +.\" Copyright (c) 2000, 2013 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt ERR_REMOVE_STATE 3 +.Os +.Sh NAME +.Nm ERR_remove_thread_state , +.Nm ERR_remove_state +.Nd free a thread's OpenSSL error queue +.Sh SYNOPSIS +.In openssl/err.h +.Ft void +.Fo ERR_remove_thread_state +.Fa "const CRYPTO_THREADID *tid" +.Fc +.Pp +Deprecated: +.Pp +.Ft void +.Fo ERR_remove_state +.Fa "unsigned long pid" +.Fc +.Sh DESCRIPTION +.Fn ERR_remove_thread_state +frees the error queue associated with thread +.Fa tid . +If +.Fa tid +is +.Dv NULL , +the current thread will have its error queue removed. +.Pp +Since error queue data structures are allocated automatically for new +threads, they must be freed when threads are terminated in order to +avoid memory leaks. +.Pp +.Fn ERR_remove_state +is deprecated and has been replaced by +.Fn ERR_remove_thread_state . +Since threads in OpenSSL are no longer identified by unsigned long +values, any argument to this function is ignored. +Calling +.Fn ERR_remove_state +is equivalent to +.Fn ERR_remove_thread_state NULL . +.Sh RETURN VALUES +.Fn ERR_remove_thread_state +and +.Fn ERR_remove_state +return no value. +.Sh SEE ALSO +.Xr ERR 3 +.Sh HISTORY +.Fn ERR_remove_state +first appeared in SSLeay 0.6.1 and has been available since +.Ox 2.4 . +.Pp +It was deprecated in OpenSSL 1.0.0 and +.Ox 4.9 +when +.Fn ERR_remove_thread_state +was introduced and thread IDs were introduced to identify threads +instead of +.Vt unsigned long . diff --git a/src/lib/libcrypto/man/ERR_set_mark.3 b/src/lib/libcrypto/man/ERR_set_mark.3 new file mode 100644 index 00000000000..2f3486d8c05 --- /dev/null +++ b/src/lib/libcrypto/man/ERR_set_mark.3 @@ -0,0 +1,86 @@ +.\" $OpenBSD: ERR_set_mark.3,v 1.4 2018/03/23 00:09:11 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Richard Levitte . +.\" Copyright (c) 2003 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt ERR_SET_MARK 3 +.Os +.Sh NAME +.Nm ERR_set_mark , +.Nm ERR_pop_to_mark +.Nd set marks and pop OpenSSL errors until mark +.Sh SYNOPSIS +.In openssl/err.h +.Ft int +.Fn ERR_set_mark void +.Ft int +.Fn ERR_pop_to_mark void +.Sh DESCRIPTION +.Fn ERR_set_mark +sets a mark on the current topmost error record if there is one. +.Pp +.Fn ERR_pop_to_mark +will pop the top of the error stack until a mark is found. +The mark is then removed. +If there is no mark, the whole stack is removed. +.Sh RETURN VALUES +.Fn ERR_set_mark +returns 0 if the error stack is empty, otherwise 1. +.Pp +.Fn ERR_pop_to_mark +returns 0 if there was no mark in the error stack, which implies that +the stack became empty, otherwise 1. +.Sh SEE ALSO +.Xr ERR 3 +.Sh HISTORY +.Fn ERR_set_mark +and +.Fn ERR_pop_to_mark +first appeared in OpenSSL 0.9.8 and have been available since +.Ox 4.5 . diff --git a/src/lib/libcrypto/man/ESS_SIGNING_CERT_new.3 b/src/lib/libcrypto/man/ESS_SIGNING_CERT_new.3 new file mode 100644 index 00000000000..6b5199dce14 --- /dev/null +++ b/src/lib/libcrypto/man/ESS_SIGNING_CERT_new.3 @@ -0,0 +1,115 @@ +.\" $OpenBSD: ESS_SIGNING_CERT_new.3,v 1.4 2018/03/23 04:34:23 schwarze Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt ESS_SIGNING_CERT_NEW 3 +.Os +.Sh NAME +.Nm ESS_SIGNING_CERT_new , +.Nm ESS_SIGNING_CERT_free , +.Nm ESS_CERT_ID_new , +.Nm ESS_CERT_ID_free , +.Nm ESS_ISSUER_SERIAL_new , +.Nm ESS_ISSUER_SERIAL_free +.Nd signing certificates for S/MIME +.Sh SYNOPSIS +.In openssl/ts.h +.Ft ESS_SIGNING_CERT * +.Fn ESS_SIGNING_CERT_new void +.Ft void +.Fn ESS_SIGNING_CERT_free "ESS_SIGNING_CERT *signing_cert" +.Ft ESS_CERT_ID * +.Fn ESS_CERT_ID_new void +.Ft void +.Fn ESS_CERT_ID_free "ESS_CERT_ID *cert_id" +.Ft ESS_ISSUER_SERIAL * +.Fn ESS_ISSUER_SERIAL_new void +.Ft void +.Fn ESS_ISSUER_SERIAL_free "ESS_ISSUER_SERIAL *issuer_serial" +.Sh DESCRIPTION +The signing certificate may be included in the signedAttributes +field of a +.Vt SignerInfo +structure to mitigate simple substitution and re-issue attacks. +.Pp +.Fn ESS_SIGNING_CERT_new +allocates and initializes an empty +.Vt ESS_SIGNING_CERT +object, representing an ASN.1 +.Vt SigningCertificate +structure defined in RFC 2634 section 5.4. +It can hold the certificate used for signing the data, +additional authorization certificates that can be used during +validation, and policies applying to the certificate. +.Fn ESS_SIGNING_CERT_free +frees +.Fa signing_cert . +.Pp +.Fn ESS_CERT_ID_new +allocates and initializes an empty +.Vt ESS_CERT_ID +object, representing an ASN.1 +.Vt ESSCertID +structure defined in RFC 2634 section 5.4.1. +Such objects can be used inside +.Vt ESS_SIGNING_CERT +objects, and each one can hold a SHA1 hash of one certificate. +.Fn ESS_CERT_ID_free +frees +.Fa cert_id . +.Pp +.Fn ESS_ISSUER_SERIAL_new +allocates and initializes an empty +.Vt ESS_ISSUER_SERIAL +object, representing an ASN.1 +.Vt IssuerSerial +structure defined in RFC 2634 section 5.4.1. +It can hold an issuer name and a serial number and can be included in an +.Vt ESS_CERT_ID +object, which is useful for additional authorization certificates, +but redundant for the signing certificate itself. +.Fn ESS_ISSUER_SERIAL_free +frees +.Fa issuer_serial . +.Sh RETURN VALUES +.Fn ESS_SIGNING_CERT_new , +.Fn ESS_CERT_ID_new , +and +.Fn ESS_ISSUER_SERIAL_new +return the new +.Vt ESS_SIGNING_CERT , +.Vt ESS_CERT_ID , +or +.Vt ESS_ISSUER_SERIAL +object, respectively, or +.Dv NULL +if an error occurred. +.Sh STANDARDS +RFC 2634: Enhanced Security Services for S/MIME, +section 5: Signing Certificate Attribute +.Pp +Note that RFC 2634 has been updated by RFC 5035: +Enhanced Security Services (ESS) Update: +Adding CertID Algorithm Agility. +But the current implementation only supports the +Signing Certificate Attribute Definition Version 1 +according to RFC 2634, not the +Signing Certificate Attribute Definition Version 2 +according to RFC 5035. +.Sh HISTORY +These functions first appeared in OpenSSL 1.0.0 +and have been available since +.Ox 4.9 . diff --git a/src/lib/libcrypto/man/EVP_AEAD_CTX_init.3 b/src/lib/libcrypto/man/EVP_AEAD_CTX_init.3 new file mode 100644 index 00000000000..33103d3962e --- /dev/null +++ b/src/lib/libcrypto/man/EVP_AEAD_CTX_init.3 @@ -0,0 +1,306 @@ +.\" $OpenBSD: EVP_AEAD_CTX_init.3,v 1.8 2019/03/21 14:12:48 jmc Exp $ +.\" +.\" Copyright (c) 2014, Google Inc. +.\" Parts of the text were written by Adam Langley and David Benjamin. +.\" Copyright (c) 2015 Reyk Floeter +.\" +.\" Permission to use, copy, modify, and/or distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 21 2019 $ +.Dt EVP_AEAD_CTX_INIT 3 +.Os +.Sh NAME +.Nm EVP_AEAD_CTX_init , +.Nm EVP_AEAD_CTX_cleanup , +.Nm EVP_AEAD_CTX_open , +.Nm EVP_AEAD_CTX_seal , +.Nm EVP_AEAD_key_length , +.Nm EVP_AEAD_max_overhead , +.Nm EVP_AEAD_max_tag_len , +.Nm EVP_AEAD_nonce_length , +.Nm EVP_aead_aes_128_gcm , +.Nm EVP_aead_aes_256_gcm , +.Nm EVP_aead_chacha20_poly1305 , +.Nm EVP_aead_xchacha20_poly1305 +.Nd authenticated encryption with additional data +.Sh SYNOPSIS +.In openssl/evp.h +.Ft int +.Fo EVP_AEAD_CTX_init +.Fa "EVP_AEAD_CTX *ctx" +.Fa "const EVP_AEAD *aead" +.Fa "const unsigned char *key" +.Fa "size_t key_len" +.Fa "size_t tag_len" +.Fa "ENGINE *impl" +.Fc +.Ft void +.Fo EVP_AEAD_CTX_cleanup +.Fa "EVP_AEAD_CTX *ctx" +.Fc +.Ft int +.Fo EVP_AEAD_CTX_open +.Fa "const EVP_AEAD_CTX *ctx" +.Fa "unsigned char *out" +.Fa "size_t *out_len" +.Fa "size_t max_out_len" +.Fa "const unsigned char *nonce" +.Fa "size_t nonce_len" +.Fa "const unsigned char *in" +.Fa "size_t in_len" +.Fa "const unsigned char *ad" +.Fa "size_t ad_len" +.Fc +.Ft int +.Fo EVP_AEAD_CTX_seal +.Fa "const EVP_AEAD_CTX *ctx" +.Fa "unsigned char *out" +.Fa "size_t *out_len" +.Fa "size_t max_out_len" +.Fa "const unsigned char *nonce" +.Fa "size_t nonce_len" +.Fa "const unsigned char *in" +.Fa "size_t in_len" +.Fa "const unsigned char *ad" +.Fa "size_t ad_len" +.Fc +.Ft size_t +.Fo EVP_AEAD_key_length +.Fa "const EVP_AEAD *aead" +.Fc +.Ft size_t +.Fo EVP_AEAD_max_overhead +.Fa "const EVP_AEAD *aead" +.Fc +.Ft size_t +.Fo EVP_AEAD_max_tag_len +.Fa "const EVP_AEAD *aead" +.Fc +.Ft size_t +.Fo EVP_AEAD_nonce_length +.Fa "const EVP_AEAD *aead" +.Fc +.Ft const EVP_AEAD * +.Fo EVP_aead_aes_128_gcm +.Fa void +.Fc +.Ft const EVP_AEAD * +.Fo EVP_aead_aes_256_gcm +.Fa void +.Fc +.Ft const EVP_AEAD * +.Fo EVP_aead_chacha20_poly1305 +.Fa void +.Fc +.Ft const EVP_AEAD * +.Fo EVP_aead_xchacha20_poly1305 +.Fa void +.Fc +.Sh DESCRIPTION +AEAD (Authenticated Encryption with Additional Data) couples +confidentiality and integrity in a single primitive. +AEAD algorithms take a key and can then seal and open individual +messages. +Each message has a unique, per-message nonce and, optionally, additional +data which is authenticated but not included in the output. +.Pp +.Fn EVP_AEAD_CTX_init +initializes the context +.Fa ctx +for the given AEAD algorithm +.Fa aead . +The +.Fa impl +argument must be +.Dv NULL +for the default implementation; +other values are currently not supported. +Authentication tags may be truncated by passing a tag length. +A tag length of zero indicates the default tag length should be used. +.Pp +.Fn EVP_AEAD_CTX_cleanup +frees any data allocated for the context +.Fa ctx . +.Pp +.Fn EVP_AEAD_CTX_open +authenticates the input +.Fa in +and optional additional data +.Fa ad , +decrypting the input and writing it as output +.Fa out . +This function may be called (with the same +.Vt EVP_AEAD_CTX ) +concurrently with itself or with +.Fn EVP_AEAD_CTX_seal . +At most the number of input bytes are written as output. +In order to ensure success, +.Fa max_out_len +should be at least the same as the input length +.Fa in_len . +On successful return +.Fa out_len +is set to the actual number of bytes written. +The length of the +.Fa nonce +specified with +.Fa nonce_len +must be equal to the result of EVP_AEAD_nonce_length for this AEAD. +.Fn EVP_AEAD_CTX_open +never results in partial output. +If +.Fa max_out_len +is insufficient, zero will be returned and +.Fa out_len +will be set to zero. +If the input and output are aliased then +.Fa out +must be <= +.Fa in . +.Pp +.Fn EVP_AEAD_CTX_seal +encrypts and authenticates the input and authenticates any additional +data provided in +.Fa ad , +the encrypted input and authentication tag being written as output +.Fa out . +This function may be called (with the same +.Vt EVP_AEAD_CTX ) +concurrently with itself or with +.Fn EVP_AEAD_CTX_open . +At most +.Fa max_out_len +bytes are written as output and, in order to ensure success, this value +should be the +.Fa in_len +plus the result of +.Fn EVP_AEAD_max_overhead . +On successful return, +.Fa out_len +is set to the actual number of bytes written. +The length of the +.Fa nonce +specified with +.Fa nonce_len +must be equal to the result of +.Fn EVP_AEAD_nonce_length +for this AEAD. +.Fn EVP_AEAD_CTX_seal +never results in a partial output. +If +.Fa max_out_len +is insufficient, zero will be returned and +.Fa out_len +will be set to zero. +If the input and output are aliased then +.Fa out +must be <= +.Fa in . +.Pp +.Fn EVP_AEAD_key_length , +.Fn EVP_AEAD_max_overhead , +.Fn EVP_AEAD_max_tag_len , +and +.Fn EVP_AEAD_nonce_length +provide information about the AEAD algorithm +.Fa aead . +.Pp +All cipher algorithms have a fixed key length unless otherwise stated. +The following ciphers are available: +.Bl -tag -width Ds -offset indent +.It Fn EVP_aead_aes_128_gcm +AES-128 in Galois Counter Mode. +.It Fn EVP_aead_aes_256_gcm +AES-256 in Galois Counter Mode. +.It Fn EVP_aead_chacha20_poly1305 +ChaCha20 with a Poly1305 authenticator. +.It Fn EVP_aead_xchacha20_poly1305 +XChaCha20 with a Poly1305 authenticator. +.El +.Pp +Where possible the +.Sy EVP_AEAD +interface to AEAD ciphers should be used in preference to the older +.Sy EVP +variants or to the low level interfaces. +This is because the code then becomes transparent to the AEAD cipher +used and much more flexible. +It is also safer to use as it prevents common mistakes with the native APIs. +.Sh RETURN VALUES +.Fn EVP_AEAD_CTX_init , +.Fn EVP_AEAD_CTX_open , +and +.Fn EVP_AEAD_CTX_seal +return 1 for success or zero for failure. +.Pp +.Fn EVP_AEAD_key_length +returns the length of the key used for this AEAD. +.Pp +.Fn EVP_AEAD_max_overhead +returns the maximum number of additional bytes added by the act of +sealing data with the AEAD. +.Pp +.Fn EVP_AEAD_max_tag_len +returns the maximum tag length when using this AEAD. +This is the largest value that can be passed as a tag length to +.Fn EVP_AEAD_CTX_init . +.Pp +.Fn EVP_AEAD_nonce_length +returns the length of the per-message nonce. +.Sh EXAMPLES +Encrypt a string using ChaCha20-Poly1305: +.Bd -literal -offset indent +const EVP_AEAD *aead = EVP_aead_chacha20_poly1305(); +static const unsigned char nonce[32] = {0}; +size_t buf_len, nonce_len; +EVP_AEAD_CTX ctx; + +EVP_AEAD_CTX_init(&ctx, aead, key32, EVP_AEAD_key_length(aead), + EVP_AEAD_DEFAULT_TAG_LENGTH, NULL); +nonce_len = EVP_AEAD_nonce_length(aead); + +EVP_AEAD_CTX_seal(&ctx, out, &out_len, BUFSIZE, nonce, + nonce_len, in, in_len, NULL, 0); + +EVP_AEAD_CTX_cleanup(&ctx); +.Ed +.Sh SEE ALSO +.Xr evp 3 +.Sh STANDARDS +.Rs +.%A A. Langley +.%A W. Chang +.%D November 2013 +.%R draft-agl-tls-chacha20poly1305-04 +.%T ChaCha20 and Poly1305 based Cipher Suites for TLS +.Re +.Pp +.Rs +.%A Y. Nir +.%A A. Langley +.%D May 2015 +.%R RFC 7539 +.%T ChaCha20 and Poly1305 for IETF Protocols +.Re +.Pp +.Rs +.%A S. Arciszewski +.%D October 2018 +.%R draft-arciszewski-xchacha-02 +.%T XChaCha: eXtended-nonce ChaCha and AEAD_XChaCha20_Poly1305 +.Re +.Sh HISTORY +AEAD is based on the implementation by +.An Adam Langley +for Chromium/BoringSSL and first appeared in +.Ox 5.6 . diff --git a/src/lib/libcrypto/man/EVP_BytesToKey.3 b/src/lib/libcrypto/man/EVP_BytesToKey.3 new file mode 100644 index 00000000000..1178c77ad89 --- /dev/null +++ b/src/lib/libcrypto/man/EVP_BytesToKey.3 @@ -0,0 +1,144 @@ +.\" $OpenBSD: EVP_BytesToKey.3,v 1.7 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2001, 2011, 2013, 2014, 2015 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt EVP_BYTESTOKEY 3 +.Os +.Sh NAME +.Nm EVP_BytesToKey +.Nd password based encryption routine +.Sh SYNOPSIS +.In openssl/evp.h +.Ft int +.Fo EVP_BytesToKey +.Fa "const EVP_CIPHER *type" +.Fa "const EVP_MD *md" +.Fa "const unsigned char *salt" +.Fa "const unsigned char *data" +.Fa "int datal" +.Fa "int count" +.Fa "unsigned char *key" +.Fa "unsigned char *iv" +.Fc +.Sh DESCRIPTION +.Fn EVP_BytesToKey +derives a key and IV from various parameters. +.Fa type +is the cipher to derive the key and IV for. +.Fa md +is the message digest to use. +The +.Fa salt +parameter is used as a salt in the derivation: +it should point to an 8-byte buffer or +.Dv NULL +if no salt is used. +.Fa data +is a buffer containing +.Fa datal +bytes which is used to derive the keying data. +.Fa count +is the iteration count to use. +The derived key and IV will be written to +.Fa key +and +.Fa iv , +respectively. +.Pp +A typical application of this function is to derive keying material for +an encryption algorithm from a password in the +.Fa data +parameter. +.Pp +Increasing the +.Fa count +parameter slows down the algorithm, which makes it harder for an attacker +to perform a brute force attack using a large number of candidate +passwords. +.Pp +If the total key and IV length is less than the digest length and MD5 +is used, then the derivation algorithm is compatible with PKCS#5 v1.5. +Otherwise, a non-standard extension is used to derive the extra data. +.Pp +Newer applications should use more standard algorithms such as PBKDF2 as +defined in PKCS#5v2.1 for key derivation. +.Sh KEY DERIVATION ALGORITHM +The key and IV is derived by concatenating D_1, D_2, etc. until enough +data is available for the key and IV. +D_i is defined recursively as: +.Pp +.Dl D_i = HASH^count(D_(i-1) || data || salt) +.Pp +where || denotes concatenation, D_0 is empty, HASH is the digest +algorithm in use, HASH^1(data) is simply HASH(data), HASH^2(data) is +HASH(HASH(data)) and so on. +.Pp +The initial bytes are used for the key and the subsequent bytes for the +IV. +.Sh RETURN VALUES +If +.Fa data +is +.Dv NULL , +.Fn EVP_BytesToKey +returns the number of bytes needed to store the derived key. +Otherwise, +.Fn EVP_BytesToKey +returns the size of the derived key in bytes or 0 on error. +.Sh SEE ALSO +.Xr evp 3 , +.Xr EVP_EncryptInit 3 , +.Xr PKCS5_PBKDF2_HMAC 3 , +.Xr RAND_bytes 3 +.Sh HISTORY +.Fn EVP_BytesToKey +first appeared in SSLeay 0.5.1 and has been available since +.Ox 2.4 . diff --git a/src/lib/libcrypto/man/EVP_DigestInit.3 b/src/lib/libcrypto/man/EVP_DigestInit.3 new file mode 100644 index 00000000000..5ed639e51f4 --- /dev/null +++ b/src/lib/libcrypto/man/EVP_DigestInit.3 @@ -0,0 +1,704 @@ +.\" $OpenBSD: EVP_DigestInit.3,v 1.15 2018/03/27 17:35:50 schwarze Exp $ +.\" full merge up to: OpenSSL 7f572e95 Dec 2 13:57:04 2015 +0000 +.\" selective merge up to: OpenSSL a95d7574 Jul 2 12:16:38 2017 -0400 +.\" +.\" This file was written by Dr. Stephen Henson +.\" and Richard Levitte . +.\" Copyright (c) 2000-2004, 2009, 2012-2016 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt EVP_DIGESTINIT 3 +.Os +.Sh NAME +.Nm EVP_MD_CTX_new , +.Nm EVP_MD_CTX_reset , +.Nm EVP_MD_CTX_free , +.Nm EVP_MD_CTX_init , +.Nm EVP_MD_CTX_create , +.Nm EVP_MD_CTX_cleanup , +.Nm EVP_MD_CTX_destroy , +.Nm EVP_MD_CTX_ctrl , +.Nm EVP_DigestInit_ex , +.Nm EVP_DigestUpdate , +.Nm EVP_DigestFinal_ex , +.Nm EVP_MD_CTX_copy_ex , +.Nm EVP_DigestInit , +.Nm EVP_DigestFinal , +.Nm EVP_MD_CTX_copy , +.Nm EVP_MAX_MD_SIZE , +.Nm EVP_MD_type , +.Nm EVP_MD_pkey_type , +.Nm EVP_MD_size , +.Nm EVP_MD_block_size , +.Nm EVP_MD_CTX_md , +.Nm EVP_MD_CTX_size , +.Nm EVP_MD_CTX_block_size , +.Nm EVP_MD_CTX_type , +.Nm EVP_md_null , +.Nm EVP_md5 , +.Nm EVP_md5_sha1 , +.Nm EVP_sha1 , +.Nm EVP_sha224 , +.Nm EVP_sha256 , +.Nm EVP_sha384 , +.Nm EVP_sha512 , +.Nm EVP_dss , +.Nm EVP_dss1 , +.Nm EVP_ripemd160 , +.Nm EVP_get_digestbyname , +.Nm EVP_get_digestbynid , +.Nm EVP_get_digestbyobj +.Nd EVP digest routines +.Sh SYNOPSIS +.In openssl/evp.h +.Ft EVP_MD_CTX * +.Fn EVP_MD_CTX_new void +.Ft int +.Fo EVP_MD_CTX_reset +.Fa "EVP_MD_CTX *ctx" +.Fc +.Ft void +.Fo EVP_MD_CTX_free +.Fa "EVP_MD_CTX *ctx" +.Fc +.Ft void +.Fo EVP_MD_CTX_init +.Fa "EVP_MD_CTX *ctx" +.Fc +.Ft EVP_MD_CTX * +.Fn EVP_MD_CTX_create void +.Ft int +.Fo EVP_MD_CTX_cleanup +.Fa "EVP_MD_CTX *ctx" +.Fc +.Ft void +.Fo EVP_MD_CTX_destroy +.Fa "EVP_MD_CTX *ctx" +.Fc +.Ft int +.Fo EVP_MD_CTX_ctrl +.Fa "EVP_MD_CTX *ctx" +.Fa "int cmd" +.Fa "int p1" +.Fa "void* p2" +.Fc +.Ft int +.Fo EVP_DigestInit_ex +.Fa "EVP_MD_CTX *ctx" +.Fa "const EVP_MD *type" +.Fa "ENGINE *impl" +.Fc +.Ft int +.Fo EVP_DigestUpdate +.Fa "EVP_MD_CTX *ctx" +.Fa "const void *d" +.Fa "size_t cnt" +.Fc +.Ft int +.Fo EVP_DigestFinal_ex +.Fa "EVP_MD_CTX *ctx" +.Fa "unsigned char *md" +.Fa "unsigned int *s" +.Fc +.Ft int +.Fo EVP_MD_CTX_copy_ex +.Fa "EVP_MD_CTX *out" +.Fa "const EVP_MD_CTX *in" +.Fc +.Ft int +.Fo EVP_DigestInit +.Fa "EVP_MD_CTX *ctx" +.Fa "const EVP_MD *type" +.Fc +.Ft int +.Fo EVP_DigestFinal +.Fa "EVP_MD_CTX *ctx" +.Fa "unsigned char *md" +.Fa "unsigned int *s" +.Fc +.Ft int +.Fo EVP_MD_CTX_copy +.Fa "EVP_MD_CTX *out" +.Fa "EVP_MD_CTX *in" +.Fc +.Fd #define EVP_MAX_MD_SIZE 64 /* SHA512 */ +.Ft int +.Fo EVP_MD_type +.Fa "const EVP_MD *md" +.Fc +.Ft int +.Fo EVP_MD_pkey_type +.Fa "const EVP_MD *md" +.Fc +.Ft int +.Fo EVP_MD_size +.Fa "const EVP_MD *md" +.Fc +.Ft int +.Fo EVP_MD_block_size +.Fa "const EVP_MD *md" +.Fc +.Ft const EVP_MD * +.Fo EVP_MD_CTX_md +.Fa "const EVP_MD_CTX *ctx" +.Fc +.Ft int +.Fo EVP_MD_CTX_size +.Fa "const EVP_MD *ctx" +.Fc +.Ft int +.Fo EVP_MD_CTX_block_size +.Fa "const EVP_MD *ctx" +.Fc +.Ft int +.Fo EVP_MD_CTX_type +.Fa "const EVP_MD *ctx" +.Fc +.Ft const EVP_MD * +.Fn EVP_md_null void +.Ft const EVP_MD * +.Fn EVP_md5 void +.Ft const EVP_MD * +.Fn EVP_md5_sha1 void +.Ft const EVP_MD * +.Fn EVP_sha1 void +.Ft const EVP_MD * +.Fn EVP_sha224 void +.Ft const EVP_MD * +.Fn EVP_sha256 void +.Ft const EVP_MD * +.Fn EVP_sha384 void +.Ft const EVP_MD * +.Fn EVP_sha512 void +.Ft const EVP_MD * +.Fn EVP_dss void +.Ft const EVP_MD * +.Fn EVP_dss1 void +.Ft const EVP_MD * +.Fn EVP_ripemd160 void +.Ft const EVP_MD * +.Fo EVP_get_digestbyname +.Fa "const char *name" +.Fc +.Ft const EVP_MD * +.Fo EVP_get_digestbynid +.Fa "int type" +.Fc +.Ft const EVP_MD * +.Fo EVP_get_digestbyobj +.Fa "const ASN1_OBJECT *o" +.Fc +.Sh DESCRIPTION +The EVP digest routines are a high level interface to message digests +and should be used instead of the cipher-specific functions. +.Pp +.Fn EVP_MD_CTX_new +allocates a new, empty digest context. +.Pp +.Fn EVP_MD_CTX_reset +cleans up +.Fa ctx +and resets it to the state it had after +.Fn EVP_MD_CTX_new , +such that it can be reused. +It is also suitable for digest contexts on the stack that were +used and are no longer needed. +.Pp +.Fn EVP_MD_CTX_free +cleans up +.Fa ctx +and frees the space allocated to it. +.Pp +.Fn EVP_MD_CTX_init +is a deprecated function to clear a digest context on the stack +before use. +Do not use it on a digest context returned from +.Fn EVP_MD_CTX_new +or one one that was already used. +.Pp +.Fn EVP_MD_CTX_create , +.Fn EVP_MD_CTX_cleanup , +and +.Fn EVP_MD_CTX_destroy +are deprecated aliases for +.Fn EVP_MD_CTX_new , +.Fn EVP_MD_CTX_reset , +and +.Fn EVP_MD_CTX_free , +respectively. +.Pp +.Fn EVP_MD_CTX_ctrl +performs digest-specific control actions on the context +.Fa ctx . +.Pp +.Fn EVP_DigestInit_ex +sets up the digest context +.Fa ctx +to use a digest +.Fa type +from +.Vt ENGINE +.Fa impl . +The +.Fa type +will typically be supplied by a function such as +.Fn EVP_sha1 . +If +.Fa impl +is +.Dv NULL , +then the default implementation of digest +.Fa type +is used. +If +.Fa ctx +points to an unused object on the stack, it must be initialized with +.Fn EVP_MD_CTX_init +before calling this function. +.Pp +.Fn EVP_DigestUpdate +hashes +.Fa cnt +bytes of data at +.Fa d +into the digest context +.Fa ctx . +This function can be called several times on the same +.Fa ctx +to hash additional data. +.Pp +.Fn EVP_DigestFinal_ex +retrieves the digest value from +.Fa ctx +and places it in +.Fa md . +If the +.Fa s +parameter is not +.Dv NULL , +then the number of bytes of data written (i.e. the length of the +digest) will be written to the integer at +.Fa s ; +at most +.Dv EVP_MAX_MD_SIZE +bytes will be written. +After calling +.Fn EVP_DigestFinal_ex , +no additional calls to +.Fn EVP_DigestUpdate +can be made, but +.Fn EVP_DigestInit_ex +can be called to initialize a new digest operation. +.Pp +.Fn EVP_MD_CTX_copy_ex +can be used to copy the message digest state from +.Fa in +to +.Fa out . +This is useful if large amounts of data are to be hashed which only +differ in the last few bytes. +If +.Fa out +points to an unused object on the stack, it must be initialized with +.Fn EVP_MD_CTX_init +before calling this function. +.Pp +.Fn EVP_DigestInit +is a deprecated function behaving like +.Fn EVP_DigestInit_ex +except that it always uses the default digest implementation +and that it requires +.Fn EVP_MD_CTX_reset +before it can be used on a context that was already used. +.Pp +.Fn EVP_DigestFinal +is a deprecated function behaving like +.Fn EVP_DigestFinal_ex +except that the digest context +.Fa ctx +is automatically cleaned up after use by calling +.Fn EVP_MD_CTX_reset +internally. +.Pp +.Fn EVP_MD_CTX_copy +is a deprecated function behaving like +.Fn EVP_MD_CTX_copy_ex +except that it requires +.Fn EVP_MD_CTX_reset +before a context that was already used can be passed as +.Fa out . +.Pp +.Fn EVP_MD_size +and +.Fn EVP_MD_CTX_size +return the size of the message digest when passed an +.Vt EVP_MD +or an +.Vt EVP_MD_CTX +structure, i.e. the size of the hash. +.Pp +.Fn EVP_MD_block_size +and +.Fn EVP_MD_CTX_block_size +return the block size of the message digest when passed an +.Vt EVP_MD +or an +.Vt EVP_MD_CTX +structure. +.Pp +.Fn EVP_MD_type +and +.Fn EVP_MD_CTX_type +return the NID of the OBJECT IDENTIFIER representing the given message +digest when passed an +.Vt EVP_MD +structure. +For example +.Fn EVP_MD_type EVP_sha1() +returns +.Dv NID_sha1 . +This function is normally used when setting ASN.1 OIDs. +.Pp +.Fn EVP_MD_pkey_type +returns the NID of the public key signing algorithm associated with this +digest. +For example +.Fn EVP_sha1 +is associated with RSA so this will return +.Dv NID_sha1WithRSAEncryption . +Since digests and signature algorithms are no longer linked this +function is only retained for compatibility reasons. +.Pp +.Fn EVP_md5 , +.Fn EVP_sha1 , +.Fn EVP_sha224 , +.Fn EVP_sha256 , +.Fn EVP_sha384 , +.Fn EVP_sha512 , +and +.Fn EVP_ripemd160 +return +.Vt EVP_MD +structures for the MD5, SHA1, SHA224, SHA256, SHA384, SHA512 and +RIPEMD160 digest algorithms respectively. +.Pp +.Fn EVP_md5_sha1 +returns an +.Vt EVP_MD +structure that provides concatenated MD5 and SHA1 message digests. +.Pp +.Fn EVP_dss +and +.Fn EVP_dss1 +return +.Vt EVP_MD +structures for SHA1 digest algorithms but using DSS (DSA) for the +signature algorithm. +Note: there is no need to use these pseudo-digests in OpenSSL 1.0.0 and +later; they are however retained for compatibility. +.Pp +.Fn EVP_md_null +is a "null" message digest that does nothing: +i.e. the hash it returns is of zero length. +.Pp +.Fn EVP_get_digestbyname , +.Fn EVP_get_digestbynid , +and +.Fn EVP_get_digestbyobj +return an +.Vt EVP_MD +structure when passed a digest name, a digest NID, or an ASN1_OBJECT +structure respectively. +The digest table must be initialized using, for example, +.Xr OpenSSL_add_all_digests 3 +for these functions to work. +.Pp +.Fn EVP_MD_CTX_size , +.Fn EVP_MD_CTX_block_size , +.Fn EVP_MD_CTX_type , +.Fn EVP_get_digestbynid , +and +.Fn EVP_get_digestbyobj +are implemented as macros. +.Pp +The EVP interface to message digests should almost always be used +in preference to the low level interfaces. +This is because the code then becomes transparent to the digest used and +much more flexible. +.Pp +New applications should use the SHA2 digest algorithms such as SHA256. +The other digest algorithms are still in common use. +.Pp +For most applications the +.Fa impl +parameter to +.Fn EVP_DigestInit_ex +will be set to NULL to use the default digest implementation. +.Pp +The functions +.Fn EVP_DigestInit , +.Fn EVP_DigestFinal , +and +.Fn EVP_MD_CTX_copy +are obsolete but are retained to maintain compatibility with existing +code. +New applications should use +.Fn EVP_DigestInit_ex , +.Fn EVP_DigestFinal_ex , +and +.Fn EVP_MD_CTX_copy_ex +because they can efficiently reuse a digest context instead of +initializing and cleaning it up on each call and allow non-default +implementations of digests to be specified. +.Pp +If digest contexts are not cleaned up after use, memory leaks will occur. +.Sh RETURN VALUES +.Fn EVP_MD_CTX_new +and +.Fn EVP_MD_CTX_create +return the new +.Vt EVP_MD_CTX +object or +.Dv NULL +for failure. +.Pp +.Fn EVP_MD_CTX_reset +and +.Fn EVP_MD_CTX_cleanup +always return 1. +.Pp +.Fn EVP_MD_CTX_ctrl , +.Fn EVP_DigestInit_ex , +.Fn EVP_DigestUpdate , +.Fn EVP_DigestFinal_ex , +.Fn EVP_MD_CTX_copy_ex , +.Fn EVP_DigestInit , +.Fn EVP_DigestFinal , +and +.Fn EVP_MD_CTX_copy +return 1 for success or 0 for failure. +.Pp +.Fn EVP_MD_type , +.Fn EVP_MD_pkey_type , +and +.Fn EVP_MD_CTX_type +return the NID of the corresponding OBJECT IDENTIFIER or +.Dv NID_undef +if none exists. +.Pp +.Fn EVP_MD_size , +.Fn EVP_MD_block_size , +.Fn EVP_MD_CTX_size , +and +.Fn EVP_MD_CTX_block_size +return the digest or block size in bytes. +.Pp +.Fn EVP_MD_CTX_md +returns the +.Vt EVP_MD +object used by +.Fa ctx , +or +.Dv NULL +if +.Fa ctx +is +.Dv NULL . +.Pp +.Fn EVP_md_null , +.Fn EVP_md5 , +.Fn EVP_md5_sha1 , +.Fn EVP_sha1 , +.Fn EVP_dss , +.Fn EVP_dss1 , +and +.Fn EVP_ripemd160 +return pointers to the corresponding +.Vt EVP_MD +structures. +.Pp +.Fn EVP_get_digestbyname , +.Fn EVP_get_digestbynid , +and +.Fn EVP_get_digestbyobj +return either an +.Vt EVP_MD +structure or +.Dv NULL +if an error occurs. +.Sh EXAMPLES +This example digests the data "Test Message\en" and "Hello World\en", +using the digest name passed on the command line. +.Bd -literal -offset indent +#include +#include + +int +main(int argc, char *argv[]) +{ + EVP_MD_CTX *mdctx; + const EVP_MD *md; + const char mess1[] = "Test Message\en"; + const char mess2[] = "Hello World\en"; + unsigned char md_value[EVP_MAX_MD_SIZE]; + int md_len, i; + + OpenSSL_add_all_digests(); + + if (argc <= 1) { + printf("Usage: mdtest digestname\en"); + exit(1); + } + + md = EVP_get_digestbyname(argv[1]); + if (md == NULL) { + printf("Unknown message digest %s\en", argv[1]); + exit(1); + } + + mdctx = EVP_MD_CTX_new(); + EVP_DigestInit_ex(mdctx, md, NULL); + EVP_DigestUpdate(mdctx, mess1, strlen(mess1)); + EVP_DigestUpdate(mdctx, mess2, strlen(mess2)); + EVP_DigestFinal_ex(mdctx, md_value, &md_len); + EVP_MD_CTX_free(mdctx); + + printf("Digest is: "); + for(i = 0; i < md_len; i++) + printf("%02x", md_value[i]); + printf("\en"); + + return 0; +} +.Ed +.Sh SEE ALSO +.Xr evp 3 +.Sh HISTORY +.Fn EVP_DigestInit , +.Fn EVP_DigestUpdate , +.Fn EVP_DigestFinal , +.Dv EVP_MAX_MD_SIZE , +.Fn EVP_md5 , +and +.Fn EVP_sha1 +first appeared in SSLeay 0.5.1. +.Fn EVP_dss +and +.Fn EVP_dss1 +first appeared in SSLeay 0.6.0. +.Fn EVP_MD_size +first appeared in SSLeay 0.6.6. +.Fn EVP_MD_CTX_size , +.Fn EVP_MD_CTX_type , +.Fn EVP_md_null , +and +.Fn EVP_get_digestbyname +first appeared in SSLeay 0.8.0. +.Fn EVP_MD_type , +.Fn EVP_MD_pkey_type , +.Fn EVP_get_digestbynid , +and +.Fn EVP_get_digestbyobj +first appeared in SSLeay 0.8.1. +.Fn EVP_MD_block_size , +.Fn EVP_MD_CTX_size , +.Fn EVP_MD_CTX_block_size , +.Fn EVP_rc4_40 , +.Fn EVP_rc2_40_cbc , +and +.Fn EVP_ripemd160 +first appeared in SSLeay 0.9.0. +All these functions have been available since +.Ox 2.4 . +.Pp +.Fn EVP_MD_CTX_copy +first appeared in OpenSSL 0.9.2b and has been available since +.Ox 2.6 . +.Pp +.Fn EVP_MD_CTX_md +first appeared in OpenSSL 0.9.5 and has been available since +.Ox 2.7 . +.Pp +.Fn EVP_MD_CTX_init , +.Fn EVP_MD_CTX_create , +.Fn EVP_MD_CTX_cleanup , +.Fn EVP_MD_CTX_destroy , +.Fn EVP_DigestInit_ex , +.Fn EVP_DigestFinal_ex , +and +.Fn EVP_MD_CTX_copy_ex +first appeared in OpenSSL 0.9.7 and have been available since +.Ox 3.2 . +.Pp +.Fn EVP_sha224 , +.Fn EVP_sha256 , +.Fn EVP_sha384 , +and +.Fn EVP_sha512 +first appeared in OpenSSL 0.9.7h and 0.9.8a +and have been available since +.Ox 4.0 . +.Pp +.Fn EVP_MD_CTX_ctrl +first appeared in OpenSSL 1.1.0 and has been available since +.Ox 5.7 . +.Pp +.Fn EVP_MD_CTX_new , +.Fn EVP_MD_CTX_reset , +.Fn EVP_MD_CTX_free , +and +.Fn EVP_md5_sha1 +first appeared in OpenSSL 1.1.0 and have been available since +.Ox 6.3 . +.Pp +The link between digests and signing algorithms was fixed in OpenSSL 1.0 +and later, so now +.Fn EVP_sha1 +can be used with RSA and DSA; there is no need to use +.Fn EVP_dss1 +any more. diff --git a/src/lib/libcrypto/man/EVP_DigestSignInit.3 b/src/lib/libcrypto/man/EVP_DigestSignInit.3 new file mode 100644 index 00000000000..c8988971144 --- /dev/null +++ b/src/lib/libcrypto/man/EVP_DigestSignInit.3 @@ -0,0 +1,205 @@ +.\" $OpenBSD: EVP_DigestSignInit.3,v 1.6 2018/12/23 08:35:14 tb Exp $ +.\" OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2006, 2009, 2015, 2016 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: December 23 2018 $ +.Dt EVP_DIGESTSIGNINIT 3 +.Os +.Sh NAME +.Nm EVP_DigestSignInit , +.Nm EVP_DigestSignUpdate , +.Nm EVP_DigestSignFinal +.Nd EVP signing functions +.Sh SYNOPSIS +.In openssl/evp.h +.Ft int +.Fo EVP_DigestSignInit +.Fa "EVP_MD_CTX *ctx" +.Fa "EVP_PKEY_CTX **pctx" +.Fa "const EVP_MD *type" +.Fa "ENGINE *e" +.Fa "EVP_PKEY *pkey" +.Fc +.Ft int +.Fo EVP_DigestSignUpdate +.Fa "EVP_MD_CTX *ctx" +.Fa "const void *d" +.Fa "size_t cnt" +.Fc +.Ft int +.Fo EVP_DigestSignFinal +.Fa "EVP_MD_CTX *ctx" +.Fa "unsigned char *sig" +.Fa "size_t *siglen" +.Fc +.Sh DESCRIPTION +The EVP signature routines are a high level interface to digital +signatures. +.Pp +.Fn EVP_DigestSignInit +sets up the signing context +.Fa ctx +to use the digest +.Fa type +from +.Vt ENGINE +.Fa e +and private key +.Fa pkey . +.Fa ctx +must be initialized with +.Xr EVP_MD_CTX_init 3 +before calling this function. +If +.Fa pctx +is not +.Dv NULL , +the +.Vt EVP_PKEY_CTX +of the signing operation will be written to +.Pf * Fa pctx : +this can be used to set alternative signing options. +.Pp +.Fn EVP_DigestSignUpdate +hashes +.Fa cnt +bytes of data at +.Fa d +into the signature context +.Fa ctx . +This function can be called several times on the same +.Fa ctx +to include additional data. +This function is currently implemented using a macro. +.Pp +.Fn EVP_DigestSignFinal +signs the data in +.Fa ctx +and places the signature in +.Fa sig . +If +.Fa sig +is +.Dv NULL , +then the maximum size of the output buffer is written to +.Pf * Fa siglen . +If +.Fa sig +is not +.Dv NULL , +then before the call +.Fa siglen +should contain the length of the +.Fa sig +buffer. +If the call is successful, the signature is written to +.Fa sig +and the amount of data written to +.Fa siglen . +.Pp +The EVP interface to digital signatures should almost always be +used in preference to the low level interfaces. +This is because the code then becomes transparent to the algorithm used +and much more flexible. +.Pp +In previous versions of OpenSSL, there was a link between message digest +types and public key algorithms. +This meant that "clone" digests such as +.Xr EVP_dss1 3 +needed to be used to sign using SHA1 and DSA. +This is no longer necessary and the use of clone digest is now +discouraged. +.Pp +The call to +.Fn EVP_DigestSignFinal +internally finalizes a copy of the digest context. +This means that +.Fn EVP_DigestSignUpdate +and +.Fn EVP_DigestSignFinal +can be called later to digest and sign additional data. +.Pp +Since only a copy of the digest context is ever finalized, the context +must be cleaned up after use by calling +.Xr EVP_MD_CTX_free 3 , +or a memory leak will occur. +.Pp +The use of +.Xr EVP_PKEY_size 3 +with these functions is discouraged because some signature operations +may have a signature length which depends on the parameters set. +As a result, +.Xr EVP_PKEY_size 3 +would have to return a value which indicates the maximum possible +signature for any set of parameters. +.Sh RETURN VALUES +.Fn EVP_DigestSignInit , +.Fn EVP_DigestSignUpdate , +and +.Fn EVP_DigestSignFinal +return 1 for success and 0 or a negative value for failure. +In particular, a return value of -2 indicates the operation is not +supported by the public key algorithm. +.Pp +The error codes can be obtained from +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr ERR 3 , +.Xr evp 3 , +.Xr EVP_DigestInit 3 , +.Xr EVP_DigestVerifyInit 3 , +.Xr EVP_PKEY_meth_set_signctx 3 +.Sh HISTORY +.Fn EVP_DigestSignInit , +.Fn EVP_DigestSignUpdate , +and +.Fn EVP_DigestSignFinal +first appeared in OpenSSL 1.0.0 and have been available since +.Ox 4.9 . diff --git a/src/lib/libcrypto/man/EVP_DigestVerifyInit.3 b/src/lib/libcrypto/man/EVP_DigestVerifyInit.3 new file mode 100644 index 00000000000..3904e20afa1 --- /dev/null +++ b/src/lib/libcrypto/man/EVP_DigestVerifyInit.3 @@ -0,0 +1,186 @@ +.\" $OpenBSD: EVP_DigestVerifyInit.3,v 1.7 2018/12/23 08:35:14 tb Exp $ +.\" OpenSSL fb552ac6 Sep 30 23:43:01 2009 +0000 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2006, 2009, 2014, 2015, 2016 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: December 23 2018 $ +.Dt EVP_DIGESTVERIFYINIT 3 +.Os +.Sh NAME +.Nm EVP_DigestVerifyInit , +.Nm EVP_DigestVerifyUpdate , +.Nm EVP_DigestVerifyFinal +.Nd EVP signature verification functions +.Sh SYNOPSIS +.In openssl/evp.h +.Ft int +.Fo EVP_DigestVerifyInit +.Fa "EVP_MD_CTX *ctx" +.Fa "EVP_PKEY_CTX **pctx" +.Fa "const EVP_MD *type" +.Fa "ENGINE *e" +.Fa "EVP_PKEY *pkey" +.Fc +.Ft int +.Fo EVP_DigestVerifyUpdate +.Fa "EVP_MD_CTX *ctx" +.Fa "const void *d" +.Fa "size_t cnt" +.Fc +.Ft int +.Fo EVP_DigestVerifyFinal +.Fa "EVP_MD_CTX *ctx" +.Fa "const unsigned char *sig" +.Fa "size_t siglen" +.Fc +.Sh DESCRIPTION +The EVP signature routines are a high level interface to digital +signatures. +.Pp +.Fn EVP_DigestVerifyInit +sets up verification context +.Fa ctx +to use digest +.Fa type +from +.Vt ENGINE +.Fa e +and public key +.Fa pkey . +.Fa ctx +must be initialized with +.Xr EVP_MD_CTX_init 3 +before calling this function. +If +.Fa pctx +is not +.Dv NULL , +the +.Vt EVP_PKEY_CTX +of the verification operation will be written to +.Pf * Fa pctx : +this can be used to set alternative verification options. +.Pp +.Fn EVP_DigestVerifyUpdate +hashes +.Fa cnt +bytes of data at +.Fa d +into the verification context +.Fa ctx . +This function can be called several times on the same +.Fa ctx +to include additional data. +This function is currently implemented using a macro. +.Pp +.Fn EVP_DigestVerifyFinal +verifies the data in +.Fa ctx +against the signature in +.Fa sig +of length +.Fa siglen . +.Pp +The EVP interface to digital signatures should almost always be +used in preference to the low level interfaces. +This is because the code then becomes transparent to the algorithm used +and much more flexible. +.Pp +In previous versions of OpenSSL, there was a link between message digest +types and public key algorithms. +This meant that "clone" digests such as +.Xr EVP_dss1 3 +needed to be used to sign using SHA1 and DSA. +This is no longer necessary and the use of clone digest is now +discouraged. +.Pp +The call to +.Fn EVP_DigestVerifyFinal +internally finalizes a copy of the digest context. +This means that +.Xr EVP_VerifyUpdate 3 +and +.Xr EVP_VerifyFinal 3 +can be called later to digest and verify additional data. +.Pp +Since only a copy of the digest context is ever finalized, the context +must be cleaned up after use by calling +.Xr EVP_MD_CTX_free 3 +or a memory leak will occur. +.Sh RETURN VALUES +.Fn EVP_DigestVerifyInit +and +.Fn EVP_DigestVerifyUpdate +return 1 for success and 0 or a negative value for failure. +In particular a return value of -2 indicates the operation is not +supported by the public key algorithm. +.Pp +.Fn EVP_DigestVerifyFinal +returns 1 for success; any other value indicates failure. +A return value of 0 indicates that the signature did not verify +successfully (that is, the signature did not match the original +data or the signature had an invalid form), while other values +indicate a more serious error (and sometimes also indicate an invalid +signature form). +.Pp +The error codes can be obtained from +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr ERR 3 , +.Xr evp 3 , +.Xr EVP_DigestInit 3 , +.Xr EVP_DigestSignInit 3 , +.Xr EVP_PKEY_meth_set_verifyctx 3 +.Sh HISTORY +.Fn EVP_DigestVerifyInit , +.Fn EVP_DigestVerifyUpdate , +and +.Fn EVP_DigestVerifyFinal +first appeared in OpenSSL 1.0.0 and have been available since +.Ox 4.9 . diff --git a/src/lib/libcrypto/man/EVP_EncodeInit.3 b/src/lib/libcrypto/man/EVP_EncodeInit.3 new file mode 100644 index 00000000000..c38ed95e43f --- /dev/null +++ b/src/lib/libcrypto/man/EVP_EncodeInit.3 @@ -0,0 +1,333 @@ +.\" $OpenBSD: EVP_EncodeInit.3,v 1.6 2019/01/19 19:09:22 jmc Exp $ +.\" full merge up to: OpenSSL f430ba31 Jun 19 19:39:01 2016 +0200 +.\" selective merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100 +.\" +.\" This file was written by Matt Caswell . +.\" Copyright (c) 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: January 19 2019 $ +.Dt EVP_ENCODEINIT 3 +.Os +.Sh NAME +.Nm EVP_ENCODE_CTX_new , +.Nm EVP_ENCODE_CTX_free , +.Nm EVP_EncodeInit , +.Nm EVP_EncodeUpdate , +.Nm EVP_EncodeFinal , +.Nm EVP_EncodeBlock , +.Nm EVP_DecodeInit , +.Nm EVP_DecodeUpdate , +.Nm EVP_DecodeFinal , +.Nm EVP_DecodeBlock +.Nd EVP base64 encode/decode routines +.Sh SYNOPSIS +.In openssl/evp.h +.Ft EVP_ENCODE_CTX * +.Fn EVP_ENCODE_CTX_new void +.Ft void +.Fo EVP_ENCODE_CTX_free +.Fa "EVP_ENCODE_CTX *ctx" +.Fc +.Ft void +.Fo EVP_EncodeInit +.Fa "EVP_ENCODE_CTX *ctx" +.Fc +.Ft int +.Fo EVP_EncodeUpdate +.Fa "EVP_ENCODE_CTX *ctx" +.Fa "unsigned char *out" +.Fa "int *outl" +.Fa "const unsigned char *in" +.Fa "int inl" +.Fc +.Ft void +.Fo EVP_EncodeFinal +.Fa "EVP_ENCODE_CTX *ctx" +.Fa "unsigned char *out" +.Fa "int *outl" +.Fc +.Ft int +.Fo EVP_EncodeBlock +.Fa "unsigned char *t" +.Fa "const unsigned char *f" +.Fa "int n" +.Fc +.Ft void +.Fo EVP_DecodeInit +.Fa "EVP_ENCODE_CTX *ctx" +.Fc +.Ft int +.Fo EVP_DecodeUpdate +.Fa "EVP_ENCODE_CTX *ctx" +.Fa "unsigned char *out" +.Fa "int *outl" +.Fa "const unsigned char *in" +.Fa "int inl" +.Fc +.Ft int +.Fo EVP_DecodeFinal +.Fa "EVP_ENCODE_CTX *ctx" +.Fa "unsigned char *out" +.Fa "int *outl" +.Fc +.Ft int +.Fo EVP_DecodeBlock +.Fa "unsigned char *t" +.Fa "const unsigned char *f" +.Fa "int n" +.Fc +.Sh DESCRIPTION +The EVP encode routines provide a high level interface to base64 +encoding and decoding. +Base64 encoding converts binary data into a printable form that uses +the characters A-Z, a-z, 0-9, "+" and "/" to represent the data. +For every 3 bytes of binary data provided, 4 bytes of base64-encoded +data will be produced, plus some occasional newlines. +If the input data length is not a multiple of 3, then the output data +will be padded at the end using the "=" character. +.Pp +.Fn EVP_ENCODE_CTX_new +allocates, initializes and returns a context to be used for the encode +and decode functions. +.Pp +.Fn EVP_ENCODE_CTX_free +frees +.Fa ctx . +.Pp +Encoding of binary data is performed in blocks of 48 input bytes (or +less for the final block). +For each 48-byte input block encoded, 64 bytes of base64 data is output, +plus an additional newline character, i.e. 65 bytes in total. +The final block, which may be less than 48 bytes, will output 4 bytes +for every 3 bytes of input. +If the data length is not divisible by 3, then a full 4 bytes is still +output for the final 1 or 2 bytes of input. +Similarly a newline character will also be output. +.Pp +.Fn EVP_EncodeInit +initialises +.Fa ctx +for the start of a new encoding operation. +.Pp +.Fn EVP_EncodeUpdate +encodes +.Fa inl +bytes of data found in the buffer pointed to by +.Fa in . +The output is stored in the buffer +.Fa out +and the number of bytes output is stored in +.Pf * Fa outl . +It is the caller's responsibility to ensure that the buffer at +.Fa out +is sufficiently large to accommodate the output data. +Only full blocks of data (48 bytes) will be immediately processed and +output by this function. +Any remainder is held in the +.Fa ctx +object and will be processed by a subsequent call to +.Fn EVP_EncodeUpdate +or +.Fn EVP_EncodeFinal . +To calculate the required size of the output buffer, add together the +value of +.Fa inl +with the amount of unprocessed data held in +.Fa ctx +and divide the result by 48 (ignore any remainder). +This gives the number of blocks of data that will be processed. +Ensure the output buffer contains 65 bytes of storage for each block, +plus an additional byte for a NUL terminator. +.Fn EVP_EncodeUpdate +may be called repeatedly to process large amounts of input data. +In the event of an error , +.Fn EVP_EncodeUpdate +will set +.Pf * Fa outl +to 0 and return 0. +On success 1 will be returned. +.Pp +.Fn EVP_EncodeFinal +must be called at the end of an encoding operation. +It will process any partial block of data remaining in the +.Fa ctx +object. +The output data will be stored in +.Fa out +and the length of the data written will be stored in +.Pf * Fa outl . +It is the caller's responsibility to ensure that +.Fa out +is sufficiently large to accommodate the output data, which will +never be more than 65 bytes plus an additional NUL terminator, i.e. +66 bytes in total. +.Pp +.Fn EVP_EncodeBlock +encodes a full block of input data in +.Fa f +and of length +.Fa n +and stores it in +.Fa t . +For every 3 bytes of input provided, 4 bytes of output data will be +produced. +If +.Sy n +is not divisible by 3, then the block is encoded as a final block +of data and the output is padded such that it is always divisible +by 4. +Additionally a NUL terminator character will be added. +For example, if 16 bytes of input data are provided, then 24 bytes +of encoded data is created plus 1 byte for a NUL terminator, +i.e. 25 bytes in total. +The length of the data generated +.Em without +the NUL terminator is returned from the function. +.Pp +.Fn EVP_DecodeInit +initialises +.Fa ctx +for the start of a new decoding operation. +.Pp +.Fn EVP_DecodeUpdate +decodes +.Fa inl +characters of data found in the buffer pointed to by +.Fa in . +The output is stored in the buffer +.Fa out +and the number of bytes output is stored in +.Pf * Fa outl . +It is the caller's responsibility to ensure that the buffer at +.Fa out +is sufficiently large to accommodate the output data. +This function will attempt to decode as much data as possible in 4-byte +chunks. +Any whitespace, newline or carriage return characters are ignored. +Any partial chunk of unprocessed data (1, 2 or 3 bytes) that remains at +the end will be held in the +.Fa ctx +object and processed by a subsequent call to +.Fn EVP_DecodeUpdate . +If any illegal base64 characters are encountered or if the base64 +padding character "=" is encountered in the middle of the data, +then the function returns -1 to indicate an error. +A return value of 0 or 1 indicates successful processing of the data. +A return value of 0 additionally indicates that the last input data +characters processed included the base64 padding character "=" and +therefore no more non-padding character data is expected to be +processed. +For every 4 valid base64 bytes processed \(em ignoring whitespace, +carriage returns and line feeds \(em 3 bytes of binary output data +will be produced, or less at the end of the data where the padding +character "=" has been used. +.Pp +.Fn EVP_DecodeFinal +must be called at the end of a decoding operation. +If there is any unprocessed data still in +.Fa ctx , +then the input data must not have been a multiple of 4 and therefore an +error has occurred. +The function will return -1 in this case. +Otherwise the function returns 1 on success. +.Pp +.Fn EVP_DecodeBlock +will decode the block of +.Fa n +characters of base64 data contained in +.Fa f +and store the result in +.Fa t . +Any leading whitespace will be trimmed as will any trailing whitespace, +newlines, carriage returns or EOF characters. +After such trimming the length of the data in +.Fa f +must be divisible by 4. +For every 4 input bytes, exactly 3 output bytes will be produced. +The output will be padded with 0 bits if necessary to ensure that the +output is always 3 bytes for every 4 input bytes. +This function will return the length of the data decoded or -1 on error. +.Sh RETURN VALUES +.Fn EVP_ENCODE_CTX_new +returns a pointer to the newly allocated +.Vt EVP_ENCODE_CTX +object or +.Dv NULL +on error. +.Pp +.Fn EVP_EncodeUpdate +returns 0 on error or 1 on success. +.Pp +.Fn EVP_EncodeBlock +returns the number of bytes encoded excluding the NUL terminator. +.Pp +.Fn EVP_DecodeUpdate +returns -1 on error and 0 or 1 on success. +If 0 is returned, then no more non-padding base64 characters are +expected. +.Pp +.Fn EVP_DecodeFinal +returns -1 on error or 1 on success. +.Pp +.Fn EVP_DecodeBlock +returns the length of the data decoded or -1 on error. +.Sh SEE ALSO +.Xr evp 3 +.Sh HISTORY +The +.Fn EVP_Encode* +and +.Fn EVP_Decode* +functions first appeared in SSLeay 0.5.1 +and have been available since +.Ox 2.4 . +.Pp +.Fn EVP_ENCODE_CTX_new +and +.Fn EVP_ENCODE_CTX_free +first appeared in OpenSSL 1.1.0 and have been available since +.Ox 6.5 . diff --git a/src/lib/libcrypto/man/EVP_EncryptInit.3 b/src/lib/libcrypto/man/EVP_EncryptInit.3 new file mode 100644 index 00000000000..5109e2e50ed --- /dev/null +++ b/src/lib/libcrypto/man/EVP_EncryptInit.3 @@ -0,0 +1,1330 @@ +.\" $OpenBSD: EVP_EncryptInit.3,v 1.34 2019/03/21 14:15:13 schwarze Exp $ +.\" full merge up to: OpenSSL 5211e094 Nov 11 14:39:11 2014 -0800 +.\" EVP_bf_cbc.pod EVP_cast5_cbc.pod EVP_idea_cbc.pod EVP_rc2_cbc.pod +.\" 7c6d372a Nov 20 13:20:01 2018 +0000 +.\" selective merge up to: OpenSSL 16cfc2c9 Mar 8 22:30:28 2018 +0100 +.\" EVP_chacha20.pod 8fa4d95e Oct 21 11:59:09 2017 +0900 +.\" +.\" This file was written by Dr. Stephen Henson +.\" and Richard Levitte . +.\" Copyright (c) 2000-2002, 2005, 2012-2016 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 21 2019 $ +.Dt EVP_ENCRYPTINIT 3 +.Os +.Sh NAME +.Nm EVP_CIPHER_CTX_new , +.Nm EVP_CIPHER_CTX_reset , +.Nm EVP_CIPHER_CTX_cleanup , +.Nm EVP_CIPHER_CTX_init , +.Nm EVP_CIPHER_CTX_free , +.Nm EVP_EncryptInit_ex , +.Nm EVP_EncryptUpdate , +.Nm EVP_EncryptFinal_ex , +.Nm EVP_DecryptInit_ex , +.Nm EVP_DecryptUpdate , +.Nm EVP_DecryptFinal_ex , +.Nm EVP_CipherInit_ex , +.Nm EVP_CipherUpdate , +.Nm EVP_CipherFinal_ex , +.Nm EVP_EncryptInit , +.Nm EVP_EncryptFinal , +.Nm EVP_DecryptInit , +.Nm EVP_DecryptFinal , +.Nm EVP_CipherInit , +.Nm EVP_CipherFinal , +.Nm EVP_CIPHER_CTX_set_flags , +.Nm EVP_CIPHER_CTX_clear_flags , +.Nm EVP_CIPHER_CTX_test_flags , +.Nm EVP_CIPHER_CTX_set_padding , +.Nm EVP_CIPHER_CTX_set_key_length , +.Nm EVP_CIPHER_CTX_ctrl , +.Nm EVP_CIPHER_CTX_rand_key , +.Nm EVP_get_cipherbyname , +.Nm EVP_get_cipherbynid , +.Nm EVP_get_cipherbyobj , +.Nm EVP_CIPHER_nid , +.Nm EVP_CIPHER_block_size , +.Nm EVP_CIPHER_key_length , +.Nm EVP_CIPHER_iv_length , +.Nm EVP_CIPHER_flags , +.Nm EVP_CIPHER_mode , +.Nm EVP_CIPHER_type , +.Nm EVP_CIPHER_CTX_cipher , +.Nm EVP_CIPHER_CTX_nid , +.Nm EVP_CIPHER_CTX_block_size , +.Nm EVP_CIPHER_CTX_key_length , +.Nm EVP_CIPHER_CTX_iv_length , +.Nm EVP_CIPHER_CTX_get_iv , +.Nm EVP_CIPHER_CTX_set_iv , +.Nm EVP_CIPHER_CTX_get_app_data , +.Nm EVP_CIPHER_CTX_set_app_data , +.Nm EVP_CIPHER_CTX_type , +.Nm EVP_CIPHER_CTX_flags , +.Nm EVP_CIPHER_CTX_mode , +.Nm EVP_CIPHER_param_to_asn1 , +.Nm EVP_CIPHER_asn1_to_param , +.Nm EVP_enc_null , +.Nm EVP_idea_cbc , +.Nm EVP_idea_ecb , +.Nm EVP_idea_cfb64 , +.Nm EVP_idea_cfb , +.Nm EVP_idea_ofb , +.Nm EVP_rc2_cbc , +.Nm EVP_rc2_ecb , +.Nm EVP_rc2_cfb64 , +.Nm EVP_rc2_cfb , +.Nm EVP_rc2_ofb , +.Nm EVP_rc2_40_cbc , +.Nm EVP_rc2_64_cbc , +.Nm EVP_bf_cbc , +.Nm EVP_bf_ecb , +.Nm EVP_bf_cfb64 , +.Nm EVP_bf_cfb , +.Nm EVP_bf_ofb , +.Nm EVP_cast5_cbc , +.Nm EVP_cast5_ecb , +.Nm EVP_cast5_cfb64 , +.Nm EVP_cast5_cfb , +.Nm EVP_cast5_ofb , +.Nm EVP_chacha20 +.Nd EVP cipher routines +.Sh SYNOPSIS +.In openssl/evp.h +.Ft EVP_CIPHER_CTX * +.Fn EVP_CIPHER_CTX_new void +.Ft int +.Fo EVP_CIPHER_CTX_reset +.Fa "EVP_CIPHER_CTX *ctx" +.Fc +.Ft int +.Fo EVP_CIPHER_CTX_cleanup +.Fa "EVP_CIPHER_CTX *ctx" +.Fc +.Ft void +.Fo EVP_CIPHER_CTX_init +.Fa "EVP_CIPHER_CTX *ctx" +.Fc +.Ft void +.Fo EVP_CIPHER_CTX_free +.Fa "EVP_CIPHER_CTX *ctx" +.Fc +.Ft int +.Fo EVP_EncryptInit_ex +.Fa "EVP_CIPHER_CTX *ctx" +.Fa "const EVP_CIPHER *type" +.Fa "ENGINE *impl" +.Fa "const unsigned char *key" +.Fa "const unsigned char *iv" +.Fc +.Ft int +.Fo EVP_EncryptUpdate +.Fa "EVP_CIPHER_CTX *ctx" +.Fa "unsigned char *out" +.Fa "int *outl" +.Fa "const unsigned char *in" +.Fa "int inl" +.Fc +.Ft int +.Fo EVP_EncryptFinal_ex +.Fa "EVP_CIPHER_CTX *ctx" +.Fa "unsigned char *out" +.Fa "int *outl" +.Fc +.Ft int +.Fo EVP_DecryptInit_ex +.Fa "EVP_CIPHER_CTX *ctx" +.Fa "const EVP_CIPHER *type" +.Fa "ENGINE *impl" +.Fa "const unsigned char *key" +.Fa "const unsigned char *iv" +.Fc +.Ft int +.Fo EVP_DecryptUpdate +.Fa "EVP_CIPHER_CTX *ctx" +.Fa "unsigned char *out" +.Fa "int *outl" +.Fa "const unsigned char *in" +.Fa "int inl" +.Fc +.Ft int +.Fo EVP_DecryptFinal_ex +.Fa "EVP_CIPHER_CTX *ctx" +.Fa "unsigned char *outm" +.Fa "int *outl" +.Fc +.Ft int +.Fo EVP_CipherInit_ex +.Fa "EVP_CIPHER_CTX *ctx" +.Fa "const EVP_CIPHER *type" +.Fa "ENGINE *impl" +.Fa "const unsigned char *key" +.Fa "const unsigned char *iv" +.Fa "int enc" +.Fc +.Ft int +.Fo EVP_CipherUpdate +.Fa "EVP_CIPHER_CTX *ctx" +.Fa "unsigned char *out" +.Fa "int *outl" +.Fa "const unsigned char *in" +.Fa "int inl" +.Fc +.Ft int +.Fo EVP_CipherFinal_ex +.Fa "EVP_CIPHER_CTX *ctx" +.Fa "unsigned char *outm" +.Fa "int *outl" +.Fc +.Ft int +.Fo EVP_EncryptInit +.Fa "EVP_CIPHER_CTX *ctx" +.Fa "const EVP_CIPHER *type" +.Fa "const unsigned char *key" +.Fa "const unsigned char *iv" +.Fc +.Ft int +.Fo EVP_EncryptFinal +.Fa "EVP_CIPHER_CTX *ctx" +.Fa "unsigned char *out" +.Fa "int *outl" +.Fc +.Ft int +.Fo EVP_DecryptInit +.Fa "EVP_CIPHER_CTX *ctx" +.Fa "const EVP_CIPHER *type" +.Fa "const unsigned char *key" +.Fa "const unsigned char *iv" +.Fc +.Ft int +.Fo EVP_DecryptFinal +.Fa "EVP_CIPHER_CTX *ctx" +.Fa "unsigned char *outm" +.Fa "int *outl" +.Fc +.Ft int +.Fo EVP_CipherInit +.Fa "EVP_CIPHER_CTX *ctx" +.Fa "const EVP_CIPHER *type" +.Fa "const unsigned char *key" +.Fa "const unsigned char *iv" +.Fa "int enc" +.Fc +.Ft int +.Fo EVP_CipherFinal +.Fa "EVP_CIPHER_CTX *ctx" +.Fa "unsigned char *outm" +.Fa "int *outl" +.Fc +.Ft void +.Fo EVP_CIPHER_CTX_set_flags +.Fa "EVP_CIPHER_CTX *ctx" +.Fa "int flags" +.Fc +.Ft void +.Fo EVP_CIPHER_CTX_clear_flags +.Fa "EVP_CIPHER_CTX *ctx" +.Fa "int flags" +.Fc +.Ft int +.Fo EVP_CIPHER_CTX_test_flags +.Fa "EVP_CIPHER_CTX *ctx" +.Fa "int flags" +.Fc +.Ft int +.Fo EVP_CIPHER_CTX_set_padding +.Fa "EVP_CIPHER_CTX *x" +.Fa "int padding" +.Fc +.Ft int +.Fo EVP_CIPHER_CTX_set_key_length +.Fa "EVP_CIPHER_CTX *x" +.Fa "int keylen" +.Fc +.Ft int +.Fo EVP_CIPHER_CTX_ctrl +.Fa "EVP_CIPHER_CTX *ctx" +.Fa "int type" +.Fa "int arg" +.Fa "void *ptr" +.Fc +.Ft int +.Fo EVP_CIPHER_CTX_rand_key +.Fa "EVP_CIPHER_CTX *ctx" +.Fa "unsigned char *key" +.Fc +.Ft const EVP_CIPHER * +.Fo EVP_get_cipherbyname +.Fa "const char *name" +.Fc +.Ft const EVP_CIPHER * +.Fo EVP_get_cipherbynid +.Fa "int nid" +.Fc +.Ft const EVP_CIPHER * +.Fo EVP_get_cipherbyobj +.Fa "const ASN1_OBJECT *a" +.Fc +.Ft int +.Fo EVP_CIPHER_nid +.Fa "const EVP_CIPHER *e" +.Fc +.Ft int +.Fo EVP_CIPHER_block_size +.Fa "const EVP_CIPHER *e" +.Fc +.Ft int +.Fo EVP_CIPHER_key_length +.Fa "const EVP_CIPHER *e" +.Fc +.Ft int +.Fo EVP_CIPHER_iv_length +.Fa "const EVP_CIPHER *e" +.Fc +.Ft unsigned long +.Fo EVP_CIPHER_flags +.Fa "const EVP_CIPHER *e" +.Fc +.Ft unsigned long +.Fo EVP_CIPHER_mode +.Fa "const EVP_CIPHER *e" +.Fc +.Ft int +.Fo EVP_CIPHER_type +.Fa "const EVP_CIPHER *ctx" +.Fc +.Ft const EVP_CIPHER * +.Fo EVP_CIPHER_CTX_cipher +.Fa "const EVP_CIPHER_CTX *ctx" +.Fc +.Ft int +.Fo EVP_CIPHER_CTX_nid +.Fa "const EVP_CIPHER_CTX *ctx" +.Fc +.Ft int +.Fo EVP_CIPHER_CTX_block_size +.Fa "const EVP_CIPHER_CTX *ctx" +.Fc +.Ft int +.Fo EVP_CIPHER_CTX_key_length +.Fa "const EVP_CIPHER_CTX *ctx" +.Fc +.Ft int +.Fo EVP_CIPHER_CTX_iv_length +.Fa "const EVP_CIPHER_CTX *ctx" +.Fc +.Ft int +.Fo EVP_CIPHER_CTX_get_iv +.Fa "const EVP_CIPHER_CTX *ctx" +.Fa "u_char *iv" +.Fa "size_t len" +.Fc +.Ft int +.Fo EVP_CIPHER_CTX_set_iv +.Fa "EVP_CIPHER_CTX *ctx" +.Fa "const u_char *iv" +.Fa "size_t len" +.Fc +.Ft void * +.Fo EVP_CIPHER_CTX_get_app_data +.Fa "const EVP_CIPHER_CTX *ctx" +.Fc +.Ft void +.Fo EVP_CIPHER_CTX_set_app_data +.Fa "const EVP_CIPHER_CTX *ctx" +.Fa "void *data" +.Fc +.Ft int +.Fo EVP_CIPHER_CTX_type +.Fa "const EVP_CIPHER_CTX *ctx" +.Fc +.Ft unsigned long +.Fo EVP_CIPHER_CTX_flags +.Fa "const EVP_CIPHER_CTX *ctx" +.Fc +.Ft unsigned long +.Fo EVP_CIPHER_CTX_mode +.Fa "const EVP_CIPHER_CTX *ctx" +.Fc +.Ft int +.Fo EVP_CIPHER_param_to_asn1 +.Fa "EVP_CIPHER_CTX *c" +.Fa "ASN1_TYPE *type" +.Fc +.Ft int +.Fo EVP_CIPHER_asn1_to_param +.Fa "EVP_CIPHER_CTX *c" +.Fa "ASN1_TYPE *type" +.Fc +.Sh DESCRIPTION +The EVP cipher routines are a high level interface to certain symmetric +ciphers. +.Pp +.Fn EVP_CIPHER_CTX_new +creates a new, empty cipher context. +.Pp +.Fn EVP_CIPHER_CTX_reset +clears all information from +.Fa ctx +and frees all allocated memory associated with it, except the +.Fa ctx +object itself, such that it can be reused for another series of calls to +.Fn EVP_CipherInit , +.Fn EVP_CipherUpdate , +and +.Fn EVP_CipherFinal . +It is also suitable for cipher contexts on the stack that were used +and are no longer needed. +.Fn EVP_CIPHER_CTX_cleanup +is a deprecated alias for +.Fn EVP_CIPHER_CTX_reset . +.Pp +.Fn EVP_CIPHER_CTX_init +is a deprecated function to clear a cipher context on the stack +before use. +Do not use it on a cipher context returned from +.Fn EVP_CIPHER_CTX_new +or one one that was already used. +.Pp +.Fn EVP_CIPHER_CTX_free +clears all information from +.Fa ctx +and frees all allocated memory associated with it, including +.Fa ctx +itself. +This function should be called after all operations using a cipher +are complete, so sensitive information does not remain in memory. +If +.Fa ctx +is a +.Dv NULL +pointer, no action occurs. +.Pp +.Fn EVP_EncryptInit_ex +sets up the cipher context +.Fa ctx +for encryption with cipher +.Fa type +from +.Vt ENGINE +.Fa impl . +If +.Fa ctx +points to an unused object on the stack, it must be initialized with +.Fn EVP_MD_CTX_init +before calling this function. +.Fa type +is normally supplied by a function such as +.Xr EVP_aes_256_cbc 3 . +If +.Fa impl +is +.Dv NULL , +then the default implementation is used. +.Fa key +is the symmetric key to use and +.Fa iv +is the IV to use (if necessary). +The actual number of bytes used for the +key and IV depends on the cipher. +It is possible to set all parameters to +.Dv NULL +except +.Fa type +in an initial call and supply the remaining parameters in subsequent +calls, all of which have +.Fa type +set to +.Dv NULL . +This is done when the default cipher parameters are not appropriate. +.Pp +.Fn EVP_EncryptUpdate +encrypts +.Fa inl +bytes from the buffer +.Fa in +and writes the encrypted version to +.Fa out . +This function can be called multiple times to encrypt successive blocks +of data. +The amount of data written depends on the block alignment of the +encrypted data: as a result the amount of data written may be anything +from zero bytes to (inl + cipher_block_size - 1) so +.Fa out +should contain sufficient room. +The actual number of bytes written is placed in +.Fa outl . +.Pp +If padding is enabled (the default) then +.Fn EVP_EncryptFinal_ex +encrypts the "final" data, that is any data that remains in a partial +block. +It uses NOTES (aka PKCS padding). +The encrypted final data is written to +.Fa out +which should have sufficient space for one cipher block. +The number of bytes written is placed in +.Fa outl . +After this function is called the encryption operation is finished and +no further calls to +.Fn EVP_EncryptUpdate +should be made. +.Pp +If padding is disabled then +.Fn EVP_EncryptFinal_ex +will not encrypt any more data and it will return an error if any data +remains in a partial block: that is if the total data length is not a +multiple of the block size. +.Pp +.Fn EVP_DecryptInit_ex , +.Fn EVP_DecryptUpdate , +and +.Fn EVP_DecryptFinal_ex +are the corresponding decryption operations. +.Fn EVP_DecryptFinal +will return an error code if padding is enabled and the final block is +not correctly formatted. +The parameters and restrictions are identical to the encryption +operations except that if padding is enabled the decrypted data buffer +.Fa out +passed to +.Fn EVP_DecryptUpdate +should have sufficient room for (inl + cipher_block_size) bytes +unless the cipher block size is 1 in which case +.Fa inl +bytes is sufficient. +.Pp +.Fn EVP_CipherInit_ex , +.Fn EVP_CipherUpdate , +and +.Fn EVP_CipherFinal_ex +are functions that can be used for decryption or encryption. +The operation performed depends on the value of the +.Fa enc +parameter. +It should be set to 1 for encryption, 0 for decryption and -1 to leave +the value unchanged (the actual value of +.Fa enc +being supplied in a previous call). +.Pp +.Fn EVP_EncryptInit , +.Fn EVP_DecryptInit , +and +.Fn EVP_CipherInit +are deprecated functions behaving like +.Fn EVP_EncryptInit_ex , +.Fn EVP_DecryptInit_ex , +and +.Fn EVP_CipherInit_ex +except that they always use the default cipher implementation +and that they require +.Fn EVP_CIPHER_CTX_reset +before they can be used on a context that was already used. +.Pp +.Fn EVP_EncryptFinal , +.Fn EVP_DecryptFinal , +and +.Fn EVP_CipherFinal +are identical to +.Fn EVP_EncryptFinal_ex , +.Fn EVP_DecryptFinal_ex , +and +.Fn EVP_CipherFinal_ex . +In previous releases of OpenSSL, they also used to clean up the +.Fa ctx , +but this is no longer done and +.Fn EVP_CIPHER_CTX_reset +or +.Fn EVP_CIPHER_CTX_free +must be called to free any context resources. +.Pp +.Fn EVP_get_cipherbyname , +.Fn EVP_get_cipherbynid , +and +.Fn EVP_get_cipherbyobj +return an +.Vt EVP_CIPHER +structure when passed a cipher name, a NID or an +.Vt ASN1_OBJECT +structure. +.Pp +.Fn EVP_CIPHER_nid +and +.Fn EVP_CIPHER_CTX_nid +return the NID of a cipher when passed an +.Vt EVP_CIPHER +or +.Vt EVP_CIPHER_CTX +structure. +The actual NID value is an internal value which may not have a +corresponding OBJECT IDENTIFIER. +.Pp +.Fn EVP_CIPHER_CTX_set_flags +enables the given +.Fa flags +in +.Fa ctx . +.Fn EVP_CIPHER_CTX_clear_flags +disables the given +.Fa flags +in +.Fa ctx . +.Fn EVP_CIPHER_CTX_test_flags +checks whether any of the given +.Fa flags +are currently set in +.Fa ctx , +returning the subset of the +.Fa flags +that are set, or 0 if none of them are set. +Currently, the only supported cipher context flag is +.Dv EVP_CIPHER_CTX_FLAG_WRAP_ALLOW ; +see +.Xr EVP_aes_128_wrap 3 +for details. +.Pp +.Fn EVP_CIPHER_CTX_set_padding +enables or disables padding. +This function should be called after the context is set up for +encryption or decryption with +.Fn EVP_EncryptInit_ex , +.Fn EVP_DecryptInit_ex , +or +.Fn EVP_CipherInit_ex . +By default encryption operations are padded using standard block padding +and the padding is checked and removed when decrypting. +If the +.Fa padding +parameter is zero, then no padding is performed, the total amount of data +encrypted or decrypted must then be a multiple of the block size or an +error will occur. +.Pp +.Fn EVP_CIPHER_key_length +and +.Fn EVP_CIPHER_CTX_key_length +return the key length of a cipher when passed an +.Vt EVP_CIPHER +or +.Vt EVP_CIPHER_CTX +structure. +The constant +.Dv EVP_MAX_KEY_LENGTH +is the maximum key length for all ciphers. +Note: although +.Fn EVP_CIPHER_key_length +is fixed for a given cipher, the value of +.Fn EVP_CIPHER_CTX_key_length +may be different for variable key length ciphers. +.Pp +.Fn EVP_CIPHER_CTX_set_key_length +sets the key length of the cipher ctx. +If the cipher is a fixed length cipher, then attempting to set the key +length to any value other than the fixed value is an error. +.Pp +.Fn EVP_CIPHER_iv_length +and +.Fn EVP_CIPHER_CTX_iv_length +return the IV length of a cipher when passed an +.Vt EVP_CIPHER +or +.Vt EVP_CIPHER_CTX . +It will return zero if the cipher does not use an IV. +The constant +.Dv EVP_MAX_IV_LENGTH +is the maximum IV length for all ciphers. +.Pp +.Fn EVP_CIPHER_CTX_get_iv +and +.Fn EVP_CIPHER_CTX_set_iv +will respectively retrieve and set the IV for an +.Vt EVP_CIPHER_CTX . +In both cases, the specified IV length must exactly equal the expected +IV length for the context as returned by +.Fn EVP_CIPHER_CTX_iv_length . +.Pp +.Fn EVP_CIPHER_block_size +and +.Fn EVP_CIPHER_CTX_block_size +return the block size of a cipher when passed an +.Vt EVP_CIPHER +or +.Vt EVP_CIPHER_CTX +structure. +The constant +.Dv EVP_MAX_BLOCK_LENGTH +is also the maximum block length for all ciphers. +.Pp +.Fn EVP_CIPHER_type +and +.Fn EVP_CIPHER_CTX_type +return the type of the passed cipher or context. +This "type" is the actual NID of the cipher OBJECT IDENTIFIER as such it +ignores the cipher parameters and 40-bit RC2 and 128-bit RC2 have the +same NID. +If the cipher does not have an object identifier or does not +have ASN.1 support this function will return +.Dv NID_undef . +.Pp +.Fn EVP_CIPHER_CTX_cipher +returns the +.Vt EVP_CIPHER +structure when passed an +.Vt EVP_CIPHER_CTX +structure. +.Pp +.Fn EVP_CIPHER_mode +and +.Fn EVP_CIPHER_CTX_mode +return the block cipher mode: +.Dv EVP_CIPH_ECB_MODE , +.Dv EVP_CIPH_CBC_MODE , +.Dv EVP_CIPH_CFB_MODE , +.Dv EVP_CIPH_OFB_MODE , +.Dv EVP_CIPH_CTR_MODE , +or +.Dv EVP_CIPH_XTS_MODE . +If the cipher is a stream cipher then +.Dv EVP_CIPH_STREAM_CIPHER +is returned. +.Pp +.Fn EVP_CIPHER_param_to_asn1 +sets the ASN.1 +.Vt AlgorithmIdentifier +parameter based on the passed cipher. +This will typically include any parameters and an IV. +The cipher IV (if any) must be set when this call is made. +This call should be made before the cipher is actually "used" (before any +.Fn EVP_EncryptUpdate +or +.Fn EVP_DecryptUpdate +calls, for example). +This function may fail if the cipher does not have any ASN.1 support. +.Pp +.Fn EVP_CIPHER_asn1_to_param +sets the cipher parameters based on an ASN.1 +.Vt AlgorithmIdentifier +parameter. +The precise effect depends on the cipher. +In the case of RC2, for example, it will set the IV and effective +key length. +This function should be called after the base cipher type is set but +before the key is set. +For example +.Fn EVP_CipherInit +will be called with the IV and key set to +.Dv NULL , +.Fn EVP_CIPHER_asn1_to_param +will be called and finally +.Fn EVP_CipherInit +again with all parameters except the key set to +.Dv NULL . +It is possible for this function to fail if the cipher does not +have any ASN.1 support or the parameters cannot be set (for example +the RC2 effective key length is not supported). +.Pp +.Fn EVP_CIPHER_CTX_ctrl +allows various cipher specific parameters to be determined and set. +Currently only the RC2 effective key length can be set. +.Pp +.Fn EVP_CIPHER_CTX_rand_key +generates a random key of the appropriate length based on the cipher +context. +The +.Vt EVP_CIPHER +can provide its own random key generation routine to support keys +of a specific form. +The +.Fa key +argument must point to a buffer at least as big as the value returned by +.Fn EVP_CIPHER_CTX_key_length . +.Pp +Where possible the EVP interface to symmetric ciphers should be +used in preference to the low level interfaces. +This is because the code then becomes transparent to the cipher used and +much more flexible. +.Pp +PKCS padding works by adding n padding bytes of value n to make the +total length of the encrypted data a multiple of the block size. +Padding is always added so if the data is already a multiple of the +block size n will equal the block size. +For example if the block size is 8 and 11 bytes are to be encrypted then +5 padding bytes of value 5 will be added. +.Pp +When decrypting the final block is checked to see if it has the correct +form. +.Pp +Although the decryption operation can produce an error if padding is +enabled, it is not a strong test that the input data or key is correct. +A random block has better than 1 in 256 chance of being of the correct +format and problems with the input data earlier on will not produce a +final decrypt error. +.Pp +If padding is disabled then the decryption operation will always succeed +if the total amount of data decrypted is a multiple of the block size. +.Pp +The functions +.Fn EVP_EncryptInit , +.Fn EVP_EncryptFinal , +.Fn EVP_DecryptInit , +.Fn EVP_CipherInit , +and +.Fn EVP_CipherFinal +are obsolete but are retained for compatibility with existing code. +New code should use +.Fn EVP_EncryptInit_ex , +.Fn EVP_EncryptFinal_ex , +.Fn EVP_DecryptInit_ex , +.Fn EVP_DecryptFinal_ex , +.Fn EVP_CipherInit_ex , +and +.Fn EVP_CipherFinal_ex +because they can reuse an existing context without allocating and +freeing it up on each call. +.Pp +.Fn EVP_get_cipherbynid +and +.Fn EVP_get_cipherbyobj +are implemented as macros. +.Sh RETURN VALUES +.Fn EVP_CIPHER_CTX_new +returns a pointer to a newly created +.Vt EVP_CIPHER_CTX +for success or +.Dv NULL +for failure. +.Pp +.Fn EVP_CIPHER_CTX_reset , +.Fn EVP_CIPHER_CTX_cleanup , +.Fn EVP_CIPHER_CTX_get_iv , +.Fn EVP_CIPHER_CTX_set_iv , +.Fn EVP_EncryptInit_ex , +.Fn EVP_EncryptUpdate , +.Fn EVP_EncryptFinal_ex , +.Fn EVP_DecryptInit_ex , +.Fn EVP_DecryptUpdate , +.Fn EVP_DecryptFinal_ex , +.Fn EVP_CipherInit_ex , +.Fn EVP_CipherUpdate , +.Fn EVP_CipherFinal_ex , +.Fn EVP_EncryptInit , +.Fn EVP_EncryptFinal , +.Fn EVP_DecryptInit , +.Fn EVP_DecryptFinal , +.Fn EVP_CipherInit , +.Fn EVP_CipherFinal , +.Fn EVP_CIPHER_CTX_set_key_length , +and +.Fn EVP_CIPHER_CTX_rand_key +return 1 for success or 0 for failure. +.Pp +.Fn EVP_CIPHER_CTX_set_padding +always returns 1. +.Pp +.Fn EVP_get_cipherbyname , +.Fn EVP_get_cipherbynid , +and +.Fn EVP_get_cipherbyobj +return an +.Vt EVP_CIPHER +structure or +.Dv NULL +on error. +.Pp +.Fn EVP_CIPHER_nid +and +.Fn EVP_CIPHER_CTX_nid +return a NID. +.Pp +.Fn EVP_CIPHER_block_size +and +.Fn EVP_CIPHER_CTX_block_size +return the block size. +.Pp +.Fn EVP_CIPHER_key_length +and +.Fn EVP_CIPHER_CTX_key_length +return the key length. +.Pp +.Fn EVP_CIPHER_iv_length +and +.Fn EVP_CIPHER_CTX_iv_length +return the IV length or zero if the cipher does not use an IV. +.Pp +.Fn EVP_CIPHER_type +and +.Fn EVP_CIPHER_CTX_type +return the NID of the cipher's OBJECT IDENTIFIER or +.Dv NID_undef +if it has no defined OBJECT IDENTIFIER. +.Pp +.Fn EVP_CIPHER_CTX_cipher +returns an +.Vt EVP_CIPHER +structure. +.Pp +.Fn EVP_CIPHER_param_to_asn1 +and +.Fn EVP_CIPHER_asn1_to_param +return greater than zero for success and zero or a negative number +for failure. +.Sh CIPHER LISTING +All algorithms have a fixed key length unless otherwise stated. +.Bl -tag -width Ds +.It Fn EVP_enc_null +Null cipher: does nothing. +.It Xo +.Fn EVP_idea_cbc , +.Fn EVP_idea_ecb , +.Fn EVP_idea_cfb64 , +.Fn EVP_idea_ofb +.Xc +IDEA encryption algorithm in CBC, ECB, CFB and OFB modes respectively. +.Fn EVP_idea_cfb +is an alias for +.Fn EVP_idea_cfb64 , +implemented as a macro. +.It Xo +.Fn EVP_rc2_cbc , +.Fn EVP_rc2_ecb , +.Fn EVP_rc2_cfb64 , +.Fn EVP_rc2_ofb +.Xc +RC2 encryption algorithm in CBC, ECB, CFB and OFB modes respectively. +This is a variable key length cipher with an additional parameter called +"effective key bits" or "effective key length". +By default both are set to 128 bits. +.Fn EVP_rc2_cfb +is an alias for +.Fn EVP_rc2_cfb64 , +implemented as a macro. +.It Xo +.Fn EVP_rc2_40_cbc , +.Fn EVP_rc2_64_cbc +.Xc +RC2 algorithm in CBC mode with a default key length and effective key +length of 40 and 64 bits. +These are obsolete and new code should use +.Fn EVP_rc2_cbc , +.Fn EVP_CIPHER_CTX_set_key_length , +and +.Fn EVP_CIPHER_CTX_ctrl +to set the key length and effective key length. +.It Xo +.Fn EVP_bf_cbc , +.Fn EVP_bf_ecb , +.Fn EVP_bf_cfb64 , +.Fn EVP_bf_ofb +.Xc +Blowfish encryption algorithm in CBC, ECB, CFB and OFB modes +respectively. +This is a variable key length cipher. +.Fn EVP_bf_cfb +is an alias for +.Fn EVP_bf_cfb64 , +implemented as a macro. +.It Xo +.Fn EVP_cast5_cbc , +.Fn EVP_cast5_ecb , +.Fn EVP_cast5_cfb64 , +.Fn EVP_cast5_ofb +.Xc +CAST encryption algorithm in CBC, ECB, CFB and OFB modes respectively. +This is a variable key length cipher. +.Fn EVP_cast5_cfb +is an alias for +.Fn EVP_cast5_cfb64 , +implemented as a macro. +.It Fn EVP_chacha20 +The ChaCha20 stream cipher. +The key length is 256 bits, the IV is 96 bits long. +.El +.Pp +See also +.Xr EVP_aes_128_cbc 3 , +.Xr EVP_camellia_128_cbc 3 , +.Xr EVP_des_cbc 3 , +.Xr EVP_rc4 3 , +and +.Xr EVP_sm4_cbc 3 . +.Ss GCM mode +For GCM mode ciphers, the behaviour of the EVP interface +is subtly altered and several additional ctrl operations are +supported. +.Pp +To specify any additional authenticated data (AAD), a call to +.Fn EVP_CipherUpdate , +.Fn EVP_EncryptUpdate , +or +.Fn EVP_DecryptUpdate +should be made with the output parameter out set to +.Dv NULL . +.Pp +When decrypting, the return value of +.Fn EVP_DecryptFinal +or +.Fn EVP_CipherFinal +indicates if the operation was successful. +If it does not indicate success, the authentication operation has +failed and any output data MUST NOT be used as it is corrupted. +.Pp +The following ctrls are supported in GCM mode: +.Bl -tag -width Ds +.It Fn EVP_CIPHER_CTX_ctrl ctx EVP_CTRL_GCM_SET_IVLEN ivlen NULL +Sets the IV length: this call can only be made before specifying an IV. +If not called, a default IV length is used. +For GCM AES the default is 12, i.e. 96 bits. +.It Fn EVP_CIPHER_CTX_ctrl ctx EVP_CTRL_GCM_GET_TAG taglen tag +Writes +.Fa taglen +bytes of the tag value to the buffer indicated by +.Fa tag . +This call can only be made when encrypting data and after all data has +been processed, e.g. after an +.Fn EVP_EncryptFinal +call. +.It Fn EVP_CIPHER_CTX_ctrl ctx EVP_CTRL_GCM_SET_TAG taglen tag +Sets the expected tag to +.Fa taglen +bytes from +.Fa tag . +This call is only legal when decrypting data and must be made before +any data is processed, e.g. before any +.Fa EVP_DecryptUpdate +call. +.El +.Ss CCM mode +The behaviour of CCM mode ciphers is similar to GCM mode, but with +a few additional requirements and different ctrl values. +.Pp +Like GCM mode any additional authenticated data (AAD) is passed +by calling +.Fn EVP_CipherUpdate , +.Fn EVP_EncryptUpdate , +or +.Fn EVP_DecryptUpdate +with the output parameter out set to +.Dv NULL . +Additionally, the total +plaintext or ciphertext length MUST be passed to +.Fn EVP_CipherUpdate , +.Fn EVP_EncryptUpdate , +or +.Fn EVP_DecryptUpdate +with the output and input +parameters +.Pq Fa in No and Fa out +set to +.Dv NULL +and the length passed in the +.Fa inl +parameter. +.Pp +The following ctrls are supported in CCM mode: +.Bl -tag -width Ds +.It Fn EVP_CIPHER_CTX_ctrl ctx EVP_CTRL_CCM_SET_TAG taglen tag +This call is made to set the expected CCM tag value when decrypting or +the length of the tag (with the +.Fa tag +parameter set to +.Dv NULL ) +when encrypting. +The tag length is often referred to as M. +If not set, a default value is used (12 for AES). +.It Fn EVP_CIPHER_CTX_ctrl ctx EVP_CTRL_CCM_SET_L ivlen NULL +Sets the CCM L value. +If not set, a default is used (8 for AES). +.It Fn EVP_CIPHER_CTX_ctrl ctx EVP_CTRL_CCM_SET_IVLEN ivlen NULL +Sets the CCM nonce (IV) length: this call can only be made before +specifying a nonce value. +The nonce length is given by 15 - L so it is 7 by default for AES. +.El +.Sh EXAMPLES +Encrypt a string using blowfish: +.Bd -literal -offset 3n +int +do_crypt(char *outfile) +{ + unsigned char outbuf[1024]; + int outlen, tmplen; + /* + * Bogus key and IV: we'd normally set these from + * another source. + */ + unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15}; + unsigned char iv[] = {1,2,3,4,5,6,7,8}; + const char intext[] = "Some Crypto Text"; + EVP_CIPHER_CTX *ctx; + FILE *out; + + ctx = EVP_CIPHER_CTX_new(); + EVP_EncryptInit_ex(ctx, EVP_bf_cbc(), NULL, key, iv); + + if (!EVP_EncryptUpdate(ctx, outbuf, &outlen, intext, + strlen(intext))) { + /* Error */ + EVP_CIPHER_CTX_free(ctx); + return 0; + } + /* + * Buffer passed to EVP_EncryptFinal() must be after data just + * encrypted to avoid overwriting it. + */ + if (!EVP_EncryptFinal_ex(ctx, outbuf + outlen, &tmplen)) { + /* Error */ + EVP_CIPHER_CTX_free(ctx); + return 0; + } + outlen += tmplen; + EVP_CIPHER_CTX_free(ctx); + /* + * Need binary mode for fopen because encrypted data is + * binary data. Also cannot use strlen() on it because + * it won't be NUL terminated and may contain embedded + * NULs. + */ + out = fopen(outfile, "wb"); + if (out == NULL) { + /* Error */ + return 0; + } + fwrite(outbuf, 1, outlen, out); + fclose(out); + return 1; +} +.Ed +.Pp +The ciphertext from the above example can be decrypted using the +.Xr openssl 1 +utility with the command line: +.Bd -literal -offset indent +openssl bf -in cipher.bin -K 000102030405060708090A0B0C0D0E0F \e + -iv 0102030405060708 -d +.Ed +.Pp +General encryption, decryption function example using FILE I/O and AES128 +with an 128-bit key: +.Bd -literal +int +do_crypt(FILE *in, FILE *out, int do_encrypt) +{ + /* Allow enough space in output buffer for additional block */ + unsigned char inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH]; + int inlen, outlen; + EVP_CIPHER_CTX *ctx; + + /* + * Bogus key and IV: we'd normally set these from + * another source. + */ + unsigned char key[] = "0123456789abcdeF"; + unsigned char iv[] = "1234567887654321"; + + ctx = EVP_CIPHER_CTX_new(); + EVP_CipherInit_ex(ctx, EVP_aes_128_cbc(), NULL, NULL, NULL, + do_encrypt); + EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, do_encrypt); + + for (;;) { + inlen = fread(inbuf, 1, 1024, in); + if (inlen <= 0) + break; + if (!EVP_CipherUpdate(ctx, outbuf, &outlen, inbuf, + inlen)) { + /* Error */ + EVP_CIPHER_CTX_free(ctx); + return 0; + } + fwrite(outbuf, 1, outlen, out); + } + if (!EVP_CipherFinal_ex(ctx, outbuf, &outlen)) { + /* Error */ + EVP_CIPHER_CTX_free(ctx); + return 0; + } + fwrite(outbuf, 1, outlen, out); + + EVP_CIPHER_CTX_free(ctx); + return 1; +} +.Ed +.Sh SEE ALSO +.Xr evp 3 , +.Xr EVP_aes_128_cbc 3 , +.Xr EVP_camellia_128_cbc 3 , +.Xr EVP_des_cbc 3 , +.Xr EVP_rc4 3 , +.Xr EVP_sm4_cbc 3 +.Sh HISTORY +.Fn EVP_EncryptInit , +.Fn EVP_EncryptUpdate , +.Fn EVP_EncryptFinal , +.Fn EVP_DecryptInit , +.Fn EVP_DecryptUpdate , +.Fn EVP_DecryptFinal , +.Fn EVP_CipherInit , +.Fn EVP_CipherUpdate , +.Fn EVP_CipherFinal , +.Fn EVP_get_cipherbyname , +.Fn EVP_idea_cbc , +.Fn EVP_idea_ecb , +.Fn EVP_idea_cfb , +and +.Fn EVP_idea_ofb +first appeared in SSLeay 0.5.1. +.Fn EVP_rc2_cbc , +.Fn EVP_rc2_ecb , +.Fn EVP_rc2_cfb , +and +.Fn EVP_rc2_ofb +first appeared in SSLeay 0.5.2. +.Fn EVP_CIPHER_block_size , +.Fn EVP_CIPHER_key_length , +.Fn EVP_CIPHER_iv_length , +.Fn EVP_CIPHER_type , +.Fn EVP_CIPHER_CTX_block_size , +.Fn EVP_CIPHER_CTX_key_length , +.Fn EVP_CIPHER_CTX_iv_length , +and +.Fn EVP_CIPHER_CTX_type +first appeared in SSLeay 0.6.5. +.Fn EVP_bf_cbc , +.Fn EVP_bf_ecb , +.Fn EVP_bf_cfb , +and +.Fn EVP_bf_ofb +first appeared in SSLeay 0.6.6. +.Fn EVP_CIPHER_CTX_cleanup , +.Fn EVP_get_cipherbyobj , +.Fn EVP_CIPHER_nid , +.Fn EVP_CIPHER_CTX_cipher , +.Fn EVP_CIPHER_CTX_nid , +.Fn EVP_CIPHER_CTX_get_app_data , +.Fn EVP_CIPHER_CTX_set_app_data , +and +.Fn EVP_enc_null +first appeared in SSLeay 0.8.0. +.Fn EVP_get_cipherbynid +first appeared in SSLeay 0.8.1. +.Fn EVP_CIPHER_CTX_init , +.Fn EVP_CIPHER_param_to_asn1 , +and +.Fn EVP_CIPHER_asn1_to_param +first appeared in SSLeay 0.9.0. +All these functions have been available since +.Ox 2.4 . +.Pp +.Fn EVP_rc2_40_cbc +and +.Fn EVP_rc2_64_cbc +first appeared in SSL_eay 0.9.1. +.Fn EVP_CIPHER_CTX_type +first appeared in OpenSSL 0.9.3. +These functions have been available since +.Ox 2.6 . +.Pp +.Fn EVP_CIPHER_CTX_set_key_length , +.Fn EVP_CIPHER_CTX_ctrl , +.Fn EVP_CIPHER_flags , +.Fn EVP_CIPHER_mode , +.Fn EVP_CIPHER_CTX_flags , +and +.Fn EVP_CIPHER_CTX_mode +first appeared in OpenSSL 0.9.6 and have been available since +.Ox 2.9 . +.Pp +.Fn EVP_EncryptInit_ex , +.Fn EVP_EncryptFinal_ex , +.Fn EVP_DecryptInit_ex , +.Fn EVP_DecryptFinal_ex , +.Fn EVP_CipherInit_ex , +.Fn EVP_CipherFinal_ex , +and +.Fn EVP_CIPHER_CTX_set_padding +first appeared in OpenSSL 0.9.7 and have been available since +.Ox 3.2 . +.Pp +.Fn EVP_bf_cfb64 , +.Fn EVP_cast5_cfb64 , +.Fn EVP_idea_cfb64 , +and +.Fn EVP_rc2_cfb64 +first appeared in OpenSSL 0.9.7e and have been available since +.Ox 3.8 . +.Pp +.Fn EVP_CIPHER_CTX_rand_key +first appeared in OpenSSL 0.9.8. +.Fn EVP_CIPHER_CTX_new +and +.Fn EVP_CIPHER_CTX_free +first appeared in OpenSSL 0.9.8b. +These functions have been available since +.Ox 4.5 . +.Pp +.Fn EVP_CIPHER_CTX_reset +first appeared in OpenSSL 1.1.0 and has been available since +.Ox 6.3 . +.Pp +.Fn EVP_CIPHER_CTX_get_iv +and +.Fn EVP_CIPHER_CTX_set_iv +first appeared in LibreSSL 2.8.1 and has been available since +.Ox 6.4 . +.Sh BUGS +.Dv EVP_MAX_KEY_LENGTH +and +.Dv EVP_MAX_IV_LENGTH +only refer to the internal ciphers with default key lengths. +If custom ciphers exceed these values the results are unpredictable. +This is because it has become standard practice to define a generic key +as a fixed unsigned char array containing +.Dv EVP_MAX_KEY_LENGTH +bytes. +.Pp +The ASN.1 code is incomplete (and sometimes inaccurate). +It has only been tested for certain common S/MIME ciphers +(RC2, DES, triple DES) in CBC mode. diff --git a/src/lib/libcrypto/man/EVP_OpenInit.3 b/src/lib/libcrypto/man/EVP_OpenInit.3 new file mode 100644 index 00000000000..d2a723abb60 --- /dev/null +++ b/src/lib/libcrypto/man/EVP_OpenInit.3 @@ -0,0 +1,155 @@ +.\" $OpenBSD: EVP_OpenInit.3,v 1.7 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt EVP_OPENINIT 3 +.Os +.Sh NAME +.Nm EVP_OpenInit , +.Nm EVP_OpenUpdate , +.Nm EVP_OpenFinal +.Nd EVP envelope decryption +.Sh SYNOPSIS +.In openssl/evp.h +.Ft int +.Fo EVP_OpenInit +.Fa "EVP_CIPHER_CTX *ctx" +.Fa "EVP_CIPHER *type" +.Fa "unsigned char *ek" +.Fa "int ekl" +.Fa "unsigned char *iv" +.Fa "EVP_PKEY *priv" +.Fc +.Ft int +.Fo EVP_OpenUpdate +.Fa "EVP_CIPHER_CTX *ctx" +.Fa "unsigned char *out" +.Fa "int *outl" +.Fa "unsigned char *in" +.Fa "int inl" +.Fc +.Ft int +.Fo EVP_OpenFinal +.Fa "EVP_CIPHER_CTX *ctx" +.Fa "unsigned char *out" +.Fa "int *outl" +.Fc +.Sh DESCRIPTION +The EVP envelope routines are a high level interface to envelope +decryption. +They decrypt a public key encrypted symmetric key and then decrypt data +using it. +.Pp +.Fn EVP_OpenInit +initializes a cipher context +.Fa ctx +for decryption with cipher +.Fa type . +It decrypts the encrypted symmetric key of length +.Fa ekl +bytes passed in the +.Fa ek +parameter using the private key +.Fa priv . +The IV is supplied in the +.Fa iv +parameter. +.Pp +.Fn EVP_OpenUpdate +and +.Fn EVP_OpenFinal +have exactly the same properties as the +.Xr EVP_DecryptUpdate 3 +and +.Xr EVP_DecryptFinal 3 +routines. +.Pp +It is possible to call +.Fn EVP_OpenInit +twice in the same way as +.Xr EVP_DecryptInit 3 . +The first call should have +.Fa priv +set to +.Dv NULL +and (after setting any cipher parameters) it should be +called again with +.Fa type +set to +.Dv NULL . +.Pp +If the cipher passed in the +.Fa type +parameter is a variable length cipher then the key length will be set to +the value of the recovered key length. +If the cipher is a fixed length cipher then the recovered key length +must match the fixed cipher length. +.Sh RETURN VALUES +.Fn EVP_OpenInit +returns 0 on error or a non-zero integer (actually the recovered secret +key size) if successful. +.Pp +.Fn EVP_OpenUpdate +returns 1 for success or 0 for failure. +.Pp +.Fn EVP_OpenFinal +returns 0 if the decrypt failed or 1 for success. +.Sh SEE ALSO +.Xr evp 3 , +.Xr EVP_EncryptInit 3 , +.Xr EVP_SealInit 3 , +.Xr RAND_bytes 3 +.Sh HISTORY +.Fn EVP_OpenInit , +.Fn EVP_OpenUpdate , +and +.Fn EVP_OpenFinal +first appeared in SSLeay 0.5.1 and have been available since +.Ox 2.4 . diff --git a/src/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 b/src/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 new file mode 100644 index 00000000000..cb615559925 --- /dev/null +++ b/src/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 @@ -0,0 +1,392 @@ +.\" $OpenBSD: EVP_PKEY_CTX_ctrl.3,v 1.12 2018/12/21 23:51:42 schwarze Exp $ +.\" full merge up to: OpenSSL e03af178 Dec 11 17:05:57 2014 -0500 +.\" selective merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2006, 2009, 2013, 2014, 2015, 2018 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: December 21 2018 $ +.Dt EVP_PKEY_CTX_CTRL 3 +.Os +.Sh NAME +.Nm EVP_PKEY_CTX_ctrl , +.Nm EVP_PKEY_CTX_ctrl_str , +.Nm EVP_PKEY_CTX_set_signature_md , +.Nm EVP_PKEY_CTX_set_rsa_padding , +.Nm EVP_PKEY_CTX_get_rsa_padding , +.Nm EVP_PKEY_CTX_set_rsa_pss_saltlen , +.Nm EVP_PKEY_CTX_get_rsa_pss_saltlen , +.Nm EVP_PKEY_CTX_set_rsa_keygen_bits , +.Nm EVP_PKEY_CTX_set_rsa_keygen_pubexp , +.Nm EVP_PKEY_CTX_set_rsa_mgf1_md , +.Nm EVP_PKEY_CTX_get_rsa_mgf1_md , +.Nm EVP_PKEY_CTX_set_dsa_paramgen_bits , +.Nm EVP_PKEY_CTX_set_dh_paramgen_prime_len , +.Nm EVP_PKEY_CTX_set_dh_paramgen_generator , +.Nm EVP_PKEY_CTX_set_ec_paramgen_curve_nid , +.Nm EVP_PKEY_CTX_get_sm2_uid_len, +.Nm EVP_PKEY_CTX_get_sm2_uid, +.Nm EVP_PKEY_CTX_set_sm2_uid, +.Nm EVP_PKEY_CTX_hash_sm2_uid +.Nd algorithm specific control operations +.Sh SYNOPSIS +.In openssl/evp.h +.Ft int +.Fo EVP_PKEY_CTX_ctrl +.Fa "EVP_PKEY_CTX *ctx" +.Fa "int keytype" +.Fa "int optype" +.Fa "int cmd" +.Fa "int p1" +.Fa "void *p2" +.Fc +.Ft int +.Fo EVP_PKEY_CTX_ctrl_str +.Fa "EVP_PKEY_CTX *ctx" +.Fa "const char *type" +.Fa "const char *value" +.Fc +.Ft int +.Fo EVP_PKEY_CTX_set_signature_md +.Fa "EVP_PKEY_CTX *ctx" +.Fa "const EVP_MD *md" +.Fc +.In openssl/rsa.h +.Ft int +.Fo EVP_PKEY_CTX_set_rsa_padding +.Fa "EVP_PKEY_CTX *ctx" +.Fa "int pad" +.Fc +.Ft int +.Fo EVP_PKEY_CTX_get_rsa_padding +.Fa "EVP_PKEY_CTX *ctx" +.Fa "int *ppad" +.Fc +.Ft int +.Fo EVP_PKEY_CTX_set_rsa_pss_saltlen +.Fa "EVP_PKEY_CTX *ctx" +.Fa "int len" +.Fc +.Ft int +.Fo EVP_PKEY_CTX_get_rsa_pss_saltlen +.Fa "EVP_PKEY_CTX *ctx" +.Fa "int *plen" +.Fc +.Ft int +.Fo EVP_PKEY_CTX_set_rsa_keygen_bits +.Fa "EVP_PKEY_CTX *ctx" +.Fa "int mbits" +.Fc +.Ft int +.Fo EVP_PKEY_CTX_set_rsa_keygen_pubexp +.Fa "EVP_PKEY_CTX *ctx" +.Fa "BIGNUM *pubexp" +.Fc +.Ft int +.Fo EVP_PKEY_CTX_set_rsa_mgf1_md +.Fa "EVP_PKEY_CTX *ctx" +.Fa "const EVP_MD *md" +.Fc +.Ft int +.Fo EVP_PKEY_CTX_get_rsa_mgf1_md +.Fa "EVP_PKEY_CTX *ctx" +.Fa "const EVP_MD **pmd" +.Fc +.In openssl/dsa.h +.Ft int +.Fo EVP_PKEY_CTX_set_dsa_paramgen_bits +.Fa "EVP_PKEY_CTX *ctx" +.Fa "int nbits" +.Fc +.In openssl/dh.h +.Ft int +.Fo EVP_PKEY_CTX_set_dh_paramgen_prime_len +.Fa "EVP_PKEY_CTX *ctx" +.Fa "int len" +.Fc +.Ft int +.Fo EVP_PKEY_CTX_set_dh_paramgen_generator +.Fa "EVP_PKEY_CTX *ctx" +.Fa "int gen" +.Fc +.In openssl/ec.h +.Ft int +.Fo EVP_PKEY_CTX_set_ec_paramgen_curve_nid +.Fa "EVP_PKEY_CTX *ctx" +.Fa "int nid" +.Fc +.Ft int +.Fo EVP_PKEY_CTX_get_sm2_uid_len +.Fa "EVP_PKEY_CTX *ctx" +.Fa "size_t *len" +.Fc +.Ft int +.Fo EVP_PKEY_CTX_get_sm2_uid +.Fa "EVP_PKEY_CTX *ctx" +.Fa "uint8_t *uid" +.Fc +.Ft int +.Fo EVP_PKEY_CTX_set_sm2_uid +.Fa "EVP_PKEY_CTX *ctx" +.Fa "const uint8_t *uid" +.Fa "int len" +.Fc +.Ft int +.Fo EVP_PKEY_CTX_hash_sm2_uid +.Fa "EVP_PKEY_CTX *ctx" +.Fc +.Sh DESCRIPTION +The function +.Fn EVP_PKEY_CTX_ctrl +sends a control operation to the context +.Fa ctx . +The key type used must match +.Fa keytype +if it is not -1. +The parameter +.Fa optype +is a mask indicating which operations the control can be applied to. +The control command is indicated in +.Fa cmd +and any additional arguments in +.Fa p1 +and +.Fa p2 . +.Pp +Applications will not normally call +.Fn EVP_PKEY_CTX_ctrl +directly but will instead call one of the algorithm specific macros +below. +.Pp +The function +.Fn EVP_PKEY_CTX_ctrl_str +allows an application to send an algorithm specific control operation to +a context +.Fa ctx +in string form. +This is intended to be used for options specified on the command line or +in text files. +The commands supported are documented in the +.Xr openssl 1 +utility command line pages for the option +.Fl pkeyopt +which is supported by the +.Cm pkeyutl , +.Cm genpkey , +and +.Cm req +commands. +.Pp +All the remaining "functions" are implemented as macros. +.Pp +The +.Fn EVP_PKEY_CTX_set_signature_md +macro sets the message digest type used in a signature. +It can be used with the RSA, DSA, and ECDSA algorithms. +.Ss RSA parameters +The +.Fn EVP_PKEY_CTX_set_rsa_padding +macro sets the RSA padding mode for +.Fa ctx . +The +.Fa pad +parameter can take the value +.Dv RSA_PKCS1_PADDING +for PKCS#1 padding, +.Dv RSA_NO_PADDING +for no padding, +.Dv RSA_PKCS1_OAEP_PADDING +for OAEP padding (encrypt and decrypt only), +.Dv RSA_X931_PADDING +for X9.31 padding (signature operations only) and +.Dv RSA_PKCS1_PSS_PADDING +(sign and verify only). +.Pp +Two RSA padding modes behave differently if +.Fn EVP_PKEY_CTX_set_signature_md +is used. +If this macro is called for PKCS#1 padding, the plaintext buffer is an +actual digest value and is encapsulated in a +.Vt DigestInfo +structure according to PKCS#1 when signing and this structure is +expected (and stripped off) when verifying. +If this control is not used with RSA and PKCS#1 padding then the +supplied data is used directly and not encapsulated. +In the case of X9.31 padding for RSA the algorithm identifier byte is +added or checked and removed if this control is called. +If it is not called then the first byte of the plaintext buffer is +expected to be the algorithm identifier byte. +.Pp +The +.Fn EVP_PKEY_CTX_get_rsa_padding +macro retrieves the RSA padding mode for +.Fa ctx . +.Pp +The +.Fn EVP_PKEY_CTX_set_rsa_pss_saltlen +macro sets the RSA PSS salt length to +.Fa len . +As its name implies, it is only supported for PSS padding. +Two special values are supported: -1 sets the salt length to the digest +length. +When signing -2 sets the salt length to the maximum permissible value. +When verifying -2 causes the salt length to be automatically determined +based on the PSS block structure. +If this macro is not called a salt length value of -2 is used by +default. +.Pp +The +.Fn EVP_PKEY_CTX_get_rsa_pss_saltlen +macro retrieves the RSA PSS salt length for +.Fa ctx . +The padding mode must have been set to +.Dv RSA_PKCS1_PSS_PADDING . +.Pp +The +.Fn EVP_PKEY_CTX_set_rsa_keygen_bits +macro sets the RSA key length for RSA key generation to +.Fa mbits . +If not specified, 1024 bits is used. +.Pp +The +.Fn EVP_PKEY_CTX_set_rsa_keygen_pubexp +macro sets the public exponent value for RSA key generation to +.Fa pubexp . +Currently, it should be an odd integer. +The +.Fa pubexp +pointer is used internally by this function, so it should not be modified +or freed after the call. +If this macro is not called, then 65537 is used. +.Pp +The +.Fn EVP_PKEY_CTX_set_rsa_mgf1_md +macro sets the MGF1 digest for RSA padding schemes to +.Fa md . +Unless explicitly specified, the signing digest is used. +The padding mode must have been set to +.Dv RSA_PKCS1_OAEP_PADDING +or +.Dv RSA_PKCS1_PSS_PADDING . +.Pp +The +.Fn EVP_PKEY_CTX_get_rsa_mgf1_md +macro retrieves the MGF1 digest for +.Fa ctx . +Unless explicitly specified, the signing digest is used. +The padding mode must have been set to +.Dv RSA_PKCS1_OAEP_PADDING +or +.Dv RSA_PKCS1_PSS_PADDING . +.Ss DSA parameters +The macro +.Fn EVP_PKEY_CTX_set_dsa_paramgen_bits +sets the number of bits used for DSA parameter generation to +.Fa nbits . +If not specified, 1024 is used. +.Ss DH parameters +The macro +.Fn EVP_PKEY_CTX_set_dh_paramgen_prime_len +sets the length of the DH prime parameter +.Fa len +for DH parameter generation. +It only accepts lengths greater than or equal to 256. +If this macro is not called, then 1024 is used. +.Pp +The +.Fn EVP_PKEY_CTX_set_dh_paramgen_generator +macro sets DH generator to +.Fa gen +for DH parameter generation. +If not specified, 2 is used. +.Ss EC parameters +The +.Fn EVP_PKEY_CTX_set_ec_paramgen_curve_nid +sets the EC curve for EC parameter generation to +.Fa nid . +For EC parameter generation, this macro must be called or an error occurs +because there is no default curve. +.Pp +The +.Fn EVP_PKEY_CTX_set_sm2_uid +macro sets the user identifier, which is used +for the SM2 signature scheme. Data from the uid buffer is copied. +If set, the SM2 UID data can be retrieved with +.Fn EVP_PKEY_CTX_get_sm2_uid_len +and +.Fn EVP_PKEY_CTX_get_sm2_uid . +First function returns the length of the UID (or 0 if the UID has not been set), +second - copies the UID to preallocated buffer. +.Pp +To make use of the UID string you should call +.Fn EVP_PKEY_CTX_hash_sm2_uid +after it is set and before populating digest with data via +.Fn EVP_DigestSignUpdate +or +.Fn EVP_DigestVerifyUpdate . +.Sh RETURN VALUES +.Fn EVP_PKEY_CTX_ctrl +and its macros return a positive value for success and 0 or a negative +value for failure. +In particular, a return value of -2 indicates the operation is not +supported by the public key algorithm. +.Sh SEE ALSO +.Xr EVP_PKEY_CTX_new 3 , +.Xr EVP_PKEY_decrypt 3 , +.Xr EVP_PKEY_derive 3 , +.Xr EVP_PKEY_encrypt 3 , +.Xr EVP_PKEY_get_default_digest_nid 3 , +.Xr EVP_PKEY_keygen 3 , +.Xr EVP_PKEY_meth_set_ctrl 3 , +.Xr EVP_PKEY_sign 3 , +.Xr EVP_PKEY_verify 3 , +.Xr EVP_PKEY_verify_recover 3 +.Sh HISTORY +These functions first appeared in OpenSSL 1.0.0 +and have been available since +.Ox 4.9 . diff --git a/src/lib/libcrypto/man/EVP_PKEY_CTX_new.3 b/src/lib/libcrypto/man/EVP_PKEY_CTX_new.3 new file mode 100644 index 00000000000..1cb7242027a --- /dev/null +++ b/src/lib/libcrypto/man/EVP_PKEY_CTX_new.3 @@ -0,0 +1,142 @@ +.\" $OpenBSD: EVP_PKEY_CTX_new.3,v 1.7 2018/03/23 04:34:23 schwarze Exp $ +.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2006, 2009, 2015 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt EVP_PKEY_CTX_NEW 3 +.Os +.Sh NAME +.Nm EVP_PKEY_CTX_new , +.Nm EVP_PKEY_CTX_new_id , +.Nm EVP_PKEY_CTX_dup , +.Nm EVP_PKEY_CTX_free +.Nd public key algorithm context functions +.Sh SYNOPSIS +.In openssl/evp.h +.Ft EVP_PKEY_CTX * +.Fo EVP_PKEY_CTX_new +.Fa "EVP_PKEY *pkey" +.Fa "ENGINE *e" +.Fc +.Ft EVP_PKEY_CTX * +.Fo EVP_PKEY_CTX_new_id +.Fa "int id" +.Fa "ENGINE *e" +.Fc +.Ft EVP_PKEY_CTX * +.Fo EVP_PKEY_CTX_dup +.Fa "EVP_PKEY_CTX *ctx" +.Fc +.Ft void +.Fo EVP_PKEY_CTX_free +.Fa "EVP_PKEY_CTX *ctx" +.Fc +.Sh DESCRIPTION +The +.Fn EVP_PKEY_CTX_new +function allocates a public key algorithm context using the algorithm +specified in +.Fa pkey +and the +.Vt ENGINE +.Fa e . +.Pp +The +.Fn EVP_PKEY_CTX_new_id +function allocates a public key algorithm context using the algorithm +specified by +.Fa id +and +.Vt ENGINE +.Fa e . +It is normally used when no +.Vt EVP_PKEY +structure is associated with the operations, for example during +parameter generation of key generation for some algorithms. +.Pp +.Fn EVP_PKEY_CTX_dup +duplicates the context +.Fa ctx . +.Pp +.Fn EVP_PKEY_CTX_free +frees up the context +.Fa ctx . +If +.Fa ctx +is a +.Dv NULL +pointer, no action occurs. +.Sh RETURN VALUES +.Fn EVP_PKEY_CTX_new , +.Fn EVP_PKEY_CTX_new_id , +and +.Fn EVP_PKEY_CTX_dup +return either the newly allocated +.Vt EVP_PKEY_CTX +structure or +.Dv NULL +if an error occurred. +.Sh SEE ALSO +.Xr EVP_PKEY_meth_set_init 3 , +.Xr EVP_PKEY_new 3 , +.Xr X25519 3 +.Sh HISTORY +These functions first appeared in OpenSSL 1.0.0 +and have been available since +.Ox 4.9 . +.Sh CAVEATS +The +.Vt EVP_PKEY_CTX +structure is an opaque public key algorithm context used by the OpenSSL +high level public key API. +Contexts +.Sy MUST NOT +be shared between threads. +It is not permissible to use the same context simultaneously in two +threads. diff --git a/src/lib/libcrypto/man/EVP_PKEY_asn1_get_count.3 b/src/lib/libcrypto/man/EVP_PKEY_asn1_get_count.3 new file mode 100644 index 00000000000..576a2935cba --- /dev/null +++ b/src/lib/libcrypto/man/EVP_PKEY_asn1_get_count.3 @@ -0,0 +1,172 @@ +.\" $OpenBSD: EVP_PKEY_asn1_get_count.3,v 1.3 2018/05/13 16:42:21 schwarze Exp $ +.\" full merge up to: OpenSSL 751148e2 Oct 27 00:11:11 2017 +0200 +.\" +.\" This file was written by Richard Levitte . +.\" Copyright (c) 2017 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: May 13 2018 $ +.Dt EVP_PKEY_ASN1_GET_COUNT 3 +.Os +.Sh NAME +.Nm EVP_PKEY_asn1_get_count , +.Nm EVP_PKEY_asn1_get0 , +.Nm EVP_PKEY_get0_asn1 , +.Nm EVP_PKEY_asn1_find , +.Nm EVP_PKEY_asn1_find_str , +.Nm EVP_PKEY_asn1_get0_info +.Nd enumerate public key ASN.1 methods +.Sh SYNOPSIS +.In openssl/evp.h +.Ft int +.Fn EVP_PKEY_asn1_get_count void +.Ft const EVP_PKEY_ASN1_METHOD * +.Fo EVP_PKEY_asn1_get0 +.Fa "int idx" +.Fc +.Ft const EVP_PKEY_ASN1_METHOD * +.Fo EVP_PKEY_get0_asn1 +.Fa "const EVP_PKEY *pkey" +.Fc +.Ft const EVP_PKEY_ASN1_METHOD * +.Fo EVP_PKEY_asn1_find +.Fa "ENGINE **pe" +.Fa "int type" +.Fc +.Ft const EVP_PKEY_ASN1_METHOD * +.Fo EVP_PKEY_asn1_find_str +.Fa "ENGINE **pe" +.Fa "const char *str" +.Fa "int len" +.Fc +.Ft int +.Fo EVP_PKEY_asn1_get0_info +.Fa "int *ppkey_id" +.Fa "int *pkey_base_id" +.Fa "int *ppkey_flags" +.Fa "const char **pinfo" +.Fa "const char **ppem_str" +.Fa "const EVP_PKEY_ASN1_METHOD *ameth" +.Fc +.Sh DESCRIPTION +.Fn EVP_PKEY_asn1_get_count +returns a count of the number of public key ASN.1 methods available. +It includes standard methods and any methods added by the application. +.Pp +.Fn EVP_PKEY_asn1_get0 +returns the public key ASN.1 method +.Fa idx . +The value of +.Fa idx +must be in the range from zero to +.Fn EVP_PKEY_asn1_get_count +\- 1. +.Pp +.Fn EVP_PKEY_asn1_find +looks up the method with NID +.Fa type . +If +.Fa pe +is not +.Dv NULL , +it first looks for an engine implementing a method for the NID +.Fa type . +If one is found, +.Pf * Fa pe +is set to that engine and the method from that engine is returned instead. +.Pp +.Fn EVP_PKEY_asn1_find_str +looks up the method with PEM type string +.Fa str . +Just like +.Fn EVP_PKEY_asn1_find , +if +.Fa pe +is not +.Dv NULL , +methods from engines are preferred. +.Pp +.Fn EVP_PKEY_asn1_get0_info +retrieves the public key ID, the base public key ID (both NIDs), any flags, +the method description and the PEM type string associated with the public +key ASN.1 method +.Sy *ameth . +.Pp +.Fn EVP_PKEY_asn1_get_count , +.Fn EVP_PKEY_asn1_get0 , +.Fn EVP_PKEY_asn1_find +and +.Fn EVP_PKEY_asn1_find_str +are not thread safe, but as long as all +.Vt EVP_PKEY_ASN1_METHOD +objects are added before the application gets threaded, using them is +safe. +See +.Xr EVP_PKEY_asn1_add0 3 . +.Sh RETURN VALUES +.Fn EVP_PKEY_asn1_get_count +returns the number of available public key methods. +.Pp +.Fn EVP_PKEY_asn1_get0 +returns a public key method or +.Dv NULL +if +.Fa idx +is out of range. +.Pp +.Fn EVP_PKEY_get0_asn1 +returns the public key method used by +.Fa pkey . +.Pp +.Fn EVP_PKEY_asn1_get0_info +returns 1 on success or 0 on failure. +.Sh SEE ALSO +.Xr EVP_PKEY_asn1_new 3 , +.Xr EVP_PKEY_base_id 3 +.Sh HISTORY +These functions first appeared in OpenSSL 1.0.0 +and have been available since +.Ox 4.9 . diff --git a/src/lib/libcrypto/man/EVP_PKEY_asn1_new.3 b/src/lib/libcrypto/man/EVP_PKEY_asn1_new.3 new file mode 100644 index 00000000000..2af7a8248fd --- /dev/null +++ b/src/lib/libcrypto/man/EVP_PKEY_asn1_new.3 @@ -0,0 +1,459 @@ +.\" $OpenBSD: EVP_PKEY_asn1_new.3,v 1.3 2018/05/13 15:53:30 schwarze Exp $ +.\" selective merge up to: +.\" OpenSSL man3/EVP_PKEY_ASN1_METHOD b0004708 Nov 1 00:45:24 2017 +0800 +.\" +.\" This file was written by Richard Levitte +.\" Copyright (c) 2017 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: May 13 2018 $ +.Dt EVP_PKEY_ASN1_METHOD 3 +.Os +.Sh NAME +.Nm EVP_PKEY_asn1_new , +.Nm EVP_PKEY_asn1_copy , +.Nm EVP_PKEY_asn1_free , +.Nm EVP_PKEY_asn1_add0 , +.Nm EVP_PKEY_asn1_add_alias , +.Nm EVP_PKEY_asn1_set_public , +.Nm EVP_PKEY_asn1_set_private , +.Nm EVP_PKEY_asn1_set_param , +.Nm EVP_PKEY_asn1_set_free , +.Nm EVP_PKEY_asn1_set_ctrl +.Nd manipulating and registering an EVP_PKEY_ASN1_METHOD structure +.Sh SYNOPSIS +.In openssl/evp.h +.Ft EVP_PKEY_ASN1_METHOD * +.Fo EVP_PKEY_asn1_new +.Fa "int id" +.Fa "int flags" +.Fa "const char *pem_str" +.Fa "const char *info" +.Fc +.Ft void +.Fo EVP_PKEY_asn1_copy +.Fa "EVP_PKEY_ASN1_METHOD *dst" +.Fa "const EVP_PKEY_ASN1_METHOD *src" +.Fc +.Ft void +.Fo EVP_PKEY_asn1_free +.Fa "EVP_PKEY_ASN1_METHOD *ameth" +.Fc +.Ft int +.Fo EVP_PKEY_asn1_add0 +.Fa "const EVP_PKEY_ASN1_METHOD *ameth" +.Fc +.Ft int +.Fo EVP_PKEY_asn1_add_alias +.Fa "int to" +.Fa "int from" +.Fc +.Ft void +.Fo EVP_PKEY_asn1_set_public +.Fa "EVP_PKEY_ASN1_METHOD *ameth" +.Fa "int (*pub_decode)(EVP_PKEY *pk, X509_PUBKEY *pub)" +.Fa "int (*pub_encode)(X509_PUBKEY *pub, const EVP_PKEY *pk)" +.Fa "int (*pub_cmp)(const EVP_PKEY *a, const EVP_PKEY *b)" +.Fa "int (*pub_print)(BIO *out, const EVP_PKEY *pkey, int indent,\ + ASN1_PCTX *pctx)" +.Fa "int (*pkey_size)(const EVP_PKEY *pk)" +.Fa "int (*pkey_bits)(const EVP_PKEY *pk)" +.Fc +.Ft void +.Fo EVP_PKEY_asn1_set_private +.Fa "EVP_PKEY_ASN1_METHOD *ameth" +.Fa "int (*priv_decode)(EVP_PKEY *pk, const PKCS8_PRIV_KEY_INFO *p8inf)" +.Fa "int (*priv_encode)(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk)" +.Fa "int (*priv_print)(BIO *out, const EVP_PKEY *pkey, int indent,\ + ASN1_PCTX *pctx)" +.Fc +.Ft void +.Fo EVP_PKEY_asn1_set_param +.Fa "EVP_PKEY_ASN1_METHOD *ameth" +.Fa "int (*param_decode)(EVP_PKEY *pkey, const unsigned char **pder,\ + int derlen)" +.Fa "int (*param_encode)(const EVP_PKEY *pkey, unsigned char **pder)" +.Fa "int (*param_missing)(const EVP_PKEY *pk)" +.Fa "int (*param_copy)(EVP_PKEY *to, const EVP_PKEY *from)" +.Fa "int (*param_cmp)(const EVP_PKEY *a, const EVP_PKEY *b)" +.Fa "int (*param_print)(BIO *out, const EVP_PKEY *pkey, int indent,\ + ASN1_PCTX *pctx)" +.Fc +.Ft void +.Fo EVP_PKEY_asn1_set_free +.Fa "EVP_PKEY_ASN1_METHOD *ameth" +.Fa "void (*pkey_free)(EVP_PKEY *pkey)" +.Fc +.Ft void +.Fo EVP_PKEY_asn1_set_ctrl +.Fa "EVP_PKEY_ASN1_METHOD *ameth" +.Fa "int (*pkey_ctrl)(EVP_PKEY *pkey, int op, long arg1, void *arg2)" +.Fc +.Sh DESCRIPTION +.Vt EVP_PKEY_ASN1_METHOD +is a structure which holds a set of ASN.1 conversion, printing and +information methods for a specific public key algorithm. +.Pp +There are two places where the +.Vt EVP_PKEY_ASN1_METHOD +objects are stored: one is a built-in array representing the standard +methods for different algorithms, and the other one is a stack of +user-defined application-specific methods, which can be manipulated by +using +.Fn EVP_PKEY_asn1_add0 . +.Ss Methods +The methods are the underlying implementations of a particular public +key algorithm present by the +.Vt EVP_PKEY +object. +.Bd -unfilled +.Ft int Fo (*pub_decode) +.Fa "EVP_PKEY *pk" +.Fa "X509_PUBKEY *pub" +.Fc +.Ft int Fo (*pub_encode) +.Fa "X509_PUBKEY *pub" +.Fa "const EVP_PKEY *pk" +.Fc +.Ft int Fo (*pub_cmp) +.Fa "const EVP_PKEY *a" +.Fa "const EVP_PKEY *b" +.Fc +.Ft int Fo (*pub_print) +.Fa "BIO *out" +.Fa "const EVP_PKEY *pkey" +.Fa "int indent" +.Fa "ASN1_PCTX *pctx" +.Fc +.Ed +.Pp +The +.Fn pub_decode +and +.Fn pub_encode +methods are called to decode and encode +.Vt X509_PUBKEY +ASN.1 parameters to and from +.Fa pk . +They must return 0 on error and 1 on success. +They are called by +.Xr X509_PUBKEY_get 3 +and +.Xr X509_PUBKEY_set 3 . +.Pp +The +.Fn pub_cmp +method is called when two public keys are compared. +It must return 1 when the keys are equal and 0 otherwise. +It is called by +.Xr EVP_PKEY_cmp 3 . +.Pp +The +.Fn pub_print +method is called to print a public key in humanly readable text to +.Fa out , +indented +.Fa indent +spaces. +It must return 0 on error and 1 on success. +It is called by +.Xr EVP_PKEY_print_public 3 . +.Bd -unfilled +.Ft int Fo (*priv_decode) +.Fa "EVP_PKEY *pk" +.Fa "const PKCS8_PRIV_KEY_INFO *p8inf" +.Fc +.Ft int Fo (*priv_encode) +.Fa "PKCS8_PRIV_KEY_INFO *p8" +.Fa "const EVP_PKEY *pk" +.Fc +.Ft int Fo (*priv_print) +.Fa "BIO *out" +.Fa "const EVP_PKEY *pkey" +.Fa "int indent" +.Fa "ASN1_PCTX *pctx" +.Fc +.Ed +.Pp +The +.Fn priv_decode +and +.Fn priv_encode +methods are called to decode and encode +.Vt PKCS8_PRIV_KEY_INFO +form private key to and from +.Fa pk . +They must return 0 on error, 1 on success. +They are called by +.Fn EVP_PKCS82PKEY +and +.Fn EVP_PKEY2PKCS8 . +.Pp +The +.Fn priv_print +method is called to print a private key in humanly readable text to +.Fa out , +indented +.Fa indent +spaces. +It must return 0 on error and 1 on success. +It is called by +.Xr EVP_PKEY_print_private 3 . +.Bd -unfilled +.Ft int Fn (*pkey_size) "const EVP_PKEY *pk" +.Ft int Fn (*pkey_bits) "const EVP_PKEY *pk"; +.Ed +.Pp +The +.Fn pkey_size +method returns the key size in bytes. +It is called by +.Xr EVP_PKEY_size 3 . +.Pp +The +.Fn pkey_bits +method returns the key size in bits. +It is called by +.Xr EVP_PKEY_bits 3 . +.Bd -unfilled +.Ft int Fo (*param_decode) +.Fa "EVP_PKEY *pkey" +.Fa "const unsigned char **pder" +.Fa "int derlen" +.Fc +.Ft int Fo (*param_encode) +.Fa "const EVP_PKEY *pkey" +.Fa "unsigned char **pder" +.Fc +.Ft int Fo (*param_missing) +.Fa "const EVP_PKEY *pk" +.Fc +.Ft int Fo (*param_copy) +.Fa "EVP_PKEY *to" +.Fa "const EVP_PKEY *from" +.Fc +.Ft int Fo (*param_cmp) +.Fa "const EVP_PKEY *a" +.Fa "const EVP_PKEY *b" +.Fc +.Ft int Fo (*param_print) +.Fa "BIO *out" +.Fa "const EVP_PKEY *pkey" +.Fa "int indent" +.Fa "ASN1_PCTX *pctx" +.Fc +.Ed +.Pp +The +.Fn param_decode +and +.Fn param_encode +methods are called to decode and encode DER formatted parameters to and from +.Fa pk . +They must return 0 on error and 1 on success. +They are called by +.Fn PEM_read_bio_Parameters . +.Pp +The +.Fn param_missing +method returns 0 if a key parameter is missing or otherwise 1. +It is called by +.Xr EVP_PKEY_missing_parameters 3 . +.Pp +The +.Fn param_copy +method copies key parameters from +.Fa from +to +.Fa to . +It must return 0 on error and 1 on success. +It is called by +.Xr EVP_PKEY_copy_parameters 3 . +.Pp +The +.Fn param_cmp +method compares the parameters of the keys +.Fa a +and +.Fa b . +It must return 1 when the keys are equal, 0 when not equal, and a +negative number on error. +It is called by +.Xr EVP_PKEY_cmp_parameters 3 . +.Pp +The +.Fn param_print +method prints the private key parameters in humanly readable text to +.Fa out , +indented +.Fa indent +spaces. +It must return 0 on error and 1 on success. +It is called by +.Xr EVP_PKEY_print_params 3 . +.Bd -unfilled +.Ft void Fn (*pkey_free) "EVP_PKEY *pkey" +.Ed +.Pp +The +.Fn pkey_free +method helps freeing the internals of +.Fa pkey . +It is called by +.Xr EVP_PKEY_free 3 , +.Fn EVP_PKEY_set_type , +.Fn EVP_PKEY_set_type_str , +and +.Fn EVP_PKEY_assign . +.Bd -unfilled +.Ft int Fo (*pkey_ctrl) +.Fa "EVP_PKEY *pkey" +.Fa "int op" +.Fa "long arg1" +.Fa "void *arg2" +.Fc +.Ed +.Pp +The +.Fn pkey_ctrl +method adds extra algorithm specific control. +It is called by +.Xr EVP_PKEY_get_default_digest_nid 3 , +.Fn PKCS7_SIGNER_INFO_set , +.Fn PKCS7_RECIP_INFO_set , +and other functions. +.Ss Functions +.Fn EVP_PKEY_asn1_new +creates and returns a new +.Vt EVP_PKEY_ASN1_METHOD +object, and associates the given +.Fa id , +.Fa flags , +.Fa pem_str +and +.Fa info . +.Fa id +is a NID, +.Fa pem_str +is the PEM type string, +.Fa info +is a descriptive string. +If +.Dv ASN1_PKEY_SIGPARAM_NULL +is set in +.Fa flags , +the signature algorithm parameters are given the type +.Dv V_ASN1_NULL +by default, otherwise they will be given the type +.Dv V_ASN1_UNDEF +(i.e. the parameter is omitted). +See +.Xr X509_ALGOR_set0 3 +for more information. +.Pp +.Fn EVP_PKEY_asn1_copy +copies an +.Vt EVP_PKEY_ASN1_METHOD +object from +.Fa src +to +.Fa dst . +This function is not thread safe, it is recommended to only use this when +initializing the application. +.Pp +.Fn EVP_PKEY_asn1_free +frees an existing +.Vt EVP_PKEY_ASN1_METHOD +pointed by +.Fa ameth . +.Pp +.Fn EVP_PKEY_asn1_add0 +adds +.Fa ameth +to the user defined stack of methods unless another +.Vt EVP_PKEY_ASN1_METHOD +with the same NID is already there. +This function is not thread safe, it is recommended to only use this when +initializing the application. +.Pp +.Fn EVP_PKEY_asn1_add_alias +creates an alias with the NID +.Fa to +for the +.Vt EVP_PKEY_ASN1_METHOD +with NID +.Fa from +unless another +.Vt EVP_PKEY_ASN1_METHOD +with the same NID is already added. +This function is not thread safe, it's recommended to only use this when +initializing the application. +.Pp +.Fn EVP_PKEY_asn1_set_public , +.Fn EVP_PKEY_asn1_set_private , +.Fn EVP_PKEY_asn1_set_param , +.Fn EVP_PKEY_asn1_set_free , +and +.Fn EVP_PKEY_asn1_set_ctrl +set the diverse methods of the given +.Vt EVP_PKEY_ASN1_METHOD +object. +.Sh RETURN VALUES +.Fn EVP_PKEY_asn1_new +returns a pointer to an +.Vt EVP_PKEY_ASN1_METHOD +object or +.Dv NULL +on error. +.Pp +.Fn EVP_PKEY_asn1_add0 +and +.Fn EVP_PKEY_asn1_add_alias +return 0 on error or 1 on success. +.Sh HISTORY +These functions first appeared in OpenSSL 1.0.0 +and have been available since +.Ox 4.9 . diff --git a/src/lib/libcrypto/man/EVP_PKEY_cmp.3 b/src/lib/libcrypto/man/EVP_PKEY_cmp.3 new file mode 100644 index 00000000000..f4a7d8ea9fe --- /dev/null +++ b/src/lib/libcrypto/man/EVP_PKEY_cmp.3 @@ -0,0 +1,159 @@ +.\" $OpenBSD: EVP_PKEY_cmp.3,v 1.9 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL 05ea606a May 20 20:52:46 2016 -0400 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2006, 2013, 2014, 2016 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt EVP_PKEY_CMP 3 +.Os +.Sh NAME +.Nm EVP_PKEY_missing_parameters , +.Nm EVP_PKEY_copy_parameters , +.Nm EVP_PKEY_cmp_parameters , +.Nm EVP_PKEY_cmp +.Nd public key parameter and comparison functions +.Sh SYNOPSIS +.In openssl/evp.h +.Ft int +.Fo EVP_PKEY_missing_parameters +.Fa "const EVP_PKEY *pkey" +.Fc +.Ft int +.Fo EVP_PKEY_copy_parameters +.Fa "EVP_PKEY *to" +.Fa "const EVP_PKEY *from" +.Fc +.Ft int +.Fo EVP_PKEY_cmp_parameters +.Fa "const EVP_PKEY *a" +.Fa "const EVP_PKEY *b" +.Fc +.Ft int +.Fo EVP_PKEY_cmp +.Fa "const EVP_PKEY *a" +.Fa "const EVP_PKEY *b" +.Fc +.Sh DESCRIPTION +The function +.Fn EVP_PKEY_missing_parameters +returns 1 if the public key parameters of +.Fa pkey +are missing and 0 if they are present or the algorithm doesn't use +parameters. +.Pp +The function +.Fn EVP_PKEY_copy_parameters +copies the parameters from key +.Fa from +to key +.Fa to . +An error is returned if the parameters are missing in +.Fa from . +.Pp +The function +.Fn EVP_PKEY_cmp_parameters +compares the parameters of keys +.Fa a +and +.Fa b . +.Pp +The function +.Fn EVP_PKEY_cmp +compares the public key components and parameters (if present) of keys +.Fa a +and +.Fa b . +.Pp +The main purpose of the functions +.Fn EVP_PKEY_missing_parameters +and +.Fn EVP_PKEY_copy_parameters +is to handle public keys in certificates where the parameters are +sometimes omitted from a public key if they are inherited from the CA +that signed it. +.Pp +Since OpenSSL private keys contain public key components too, the +function +.Fn EVP_PKEY_cmp +can also be used to determine if a private key matches a public key. +.Sh RETURN VALUES +The function +.Fn EVP_PKEY_missing_parameters +returns 1 if the public key parameters of +.Fa pkey +are missing and 0 if they are present or the algorithm doesn't use +parameters. +.Pp +The function +.Fn EVP_PKEY_copy_parameters +returns 1 for success and 0 for failure. +.Pp +The functions +.Fn EVP_PKEY_cmp_parameters +and +.Fn EVP_PKEY_cmp +return 1 if the keys match, 0 if they don't match, -1 if the key types +are different and -2 if the operation is not supported. +.Sh SEE ALSO +.Xr EVP_PKEY_asn1_set_public 3 , +.Xr EVP_PKEY_CTX_new 3 , +.Xr EVP_PKEY_keygen 3 +.Sh HISTORY +.Fn EVP_PKEY_missing_parameters +and +.Fn EVP_PKEY_copy_parameters +first appeared in SSLeay 0.8.0. +.Fn EVP_PKEY_cmp_parameters +first appeared in SSLeay 0.9.0. +These functions have been available since +.Ox 2.4 . +.Pp +.Fn EVP_PKEY_cmp +first appeared in OpenSSL 0.9.8 and has been available since +.Ox 4.5 . diff --git a/src/lib/libcrypto/man/EVP_PKEY_decrypt.3 b/src/lib/libcrypto/man/EVP_PKEY_decrypt.3 new file mode 100644 index 00000000000..cdae726c427 --- /dev/null +++ b/src/lib/libcrypto/man/EVP_PKEY_decrypt.3 @@ -0,0 +1,177 @@ +.\" $OpenBSD: EVP_PKEY_decrypt.3,v 1.7 2018/03/23 04:34:23 schwarze Exp $ +.\" full merge up to: OpenSSL 48e5119a Jan 19 10:49:22 2018 +0100 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2006, 2009, 2013, 2018 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt EVP_PKEY_DECRYPT 3 +.Os +.Sh NAME +.Nm EVP_PKEY_decrypt_init , +.Nm EVP_PKEY_decrypt +.Nd decrypt using a public key algorithm +.Sh SYNOPSIS +.In openssl/evp.h +.Ft int +.Fo EVP_PKEY_decrypt_init +.Fa "EVP_PKEY_CTX *ctx" +.Fc +.Ft int +.Fo EVP_PKEY_decrypt +.Fa "EVP_PKEY_CTX *ctx" +.Fa "unsigned char *out" +.Fa "size_t *outlen" +.Fa "const unsigned char *in" +.Fa "size_t inlen" +.Fc +.Sh DESCRIPTION +The +.Fn EVP_PKEY_decrypt_init +function initializes a public key algorithm context using key +.Fa ctx->pkey +for a decryption operation. +.Pp +The +.Fn EVP_PKEY_decrypt +function performs a public key decryption operation using +.Fa ctx . +The data to be decrypted is specified using the +.Fa in +and +.Fa inlen +parameters. +If +.Fa out +is +.Dv NULL +then the maximum size of the output buffer is written to the +.Fa outlen +parameter. +If +.Fa out +is not +.Dv NULL +then before the call the +.Fa outlen +parameter should contain the length of the +.Fa out +buffer. +If the call is successful the decrypted data is written to +.Fa out +and the amount of data written to +.Fa outlen . +.Pp +After the call to +.Fn EVP_PKEY_decrypt_init , +algorithm specific control operations can be performed to set any +appropriate parameters for the operation. +.Pp +The function +.Fn EVP_PKEY_decrypt +can be called more than once on the same context if several operations +are performed using the same parameters. +.Sh RETURN VALUES +.Fn EVP_PKEY_decrypt_init +and +.Fn EVP_PKEY_decrypt +return 1 for success and 0 or a negative value for failure. +In particular, a return value of -2 indicates the operation is not +supported by the public key algorithm. +.Sh EXAMPLES +Decrypt data using OAEP (for RSA keys): +.Bd -literal -offset indent +#include +#include + +EVP_PKEY_CTX *ctx; +ENGINE *eng; +unsigned char *out, *in; +size_t outlen, inlen; +EVP_PKEY *key; + +/* + * Assumes that key, eng, in, and inlen are already set up + * and that key is an RSA private key. + */ +ctx = EVP_PKEY_CTX_new(key, eng); +if (!ctx) + /* Error occurred */ +if (EVP_PKEY_decrypt_init(ctx) <= 0) + /* Error */ +if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_OAEP_PADDING) <= 0) + /* Error */ + +/* Determine buffer length */ +if (EVP_PKEY_decrypt(ctx, NULL, &outlen, in, inlen) <= 0) + /* Error */ + +out = malloc(outlen); + +if (!out) + /* malloc failure */ + +if (EVP_PKEY_decrypt(ctx, out, &outlen, in, inlen) <= 0) + /* Error */ + +/* Decrypted data is outlen bytes written to buffer out */ +.Ed +.Sh SEE ALSO +.Xr EVP_PKEY_CTX_new 3 , +.Xr EVP_PKEY_derive 3 , +.Xr EVP_PKEY_encrypt 3 , +.Xr EVP_PKEY_meth_set_decrypt 3 , +.Xr EVP_PKEY_sign 3 , +.Xr EVP_PKEY_verify 3 , +.Xr EVP_PKEY_verify_recover 3 +.Sh HISTORY +.Fn EVP_PKEY_decrypt_init +and +.Fn EVP_PKEY_decrypt +first appeared in OpenSSL 1.0.0 and have been available since +.Ox 4.9 . diff --git a/src/lib/libcrypto/man/EVP_PKEY_derive.3 b/src/lib/libcrypto/man/EVP_PKEY_derive.3 new file mode 100644 index 00000000000..574b6b9b9d1 --- /dev/null +++ b/src/lib/libcrypto/man/EVP_PKEY_derive.3 @@ -0,0 +1,179 @@ +.\" $OpenBSD: EVP_PKEY_derive.3,v 1.8 2018/03/23 04:34:23 schwarze Exp $ +.\" full merge up to: OpenSSL 48e5119a Jan 19 10:49:22 2018 +0100 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2006, 2009, 2013, 2018 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt EVP_PKEY_DERIVE 3 +.Os +.Sh NAME +.Nm EVP_PKEY_derive_init , +.Nm EVP_PKEY_derive_set_peer , +.Nm EVP_PKEY_derive +.Nd derive public key algorithm shared secret +.Sh SYNOPSIS +.In openssl/evp.h +.Ft int +.Fo EVP_PKEY_derive_init +.Fa "EVP_PKEY_CTX *ctx" +.Fc +.Ft int +.Fo EVP_PKEY_derive_set_peer +.Fa "EVP_PKEY_CTX *ctx" +.Fa "EVP_PKEY *peer" +.Fc +.Ft int +.Fo EVP_PKEY_derive +.Fa "EVP_PKEY_CTX *ctx" +.Fa "unsigned char *key" +.Fa "size_t *keylen" +.Fc +.Sh DESCRIPTION +The +.Fn EVP_PKEY_derive_init +function initializes a public key algorithm context using key +.Fa ctx->pkey +for shared secret derivation. +.Pp +The +.Fn EVP_PKEY_derive_set_peer +function sets the peer key: this will normally be a public key. +.Pp +The +.Fn EVP_PKEY_derive +function derives a shared secret using +.Fa ctx . +If +.Fa key +is +.Dv NULL , +then the maximum size of the output buffer is written to the +.Fa keylen +parameter. +If +.Fa key +is not +.Dv NULL +then before the call the +.Fa keylen +parameter should contain the length of the +.Fa key +buffer. +If the call is successful, the shared secret is written to +.Fa key +and the amount of data written to +.Fa keylen . +.Pp +After the call to +.Fn EVP_PKEY_derive_init , +algorithm specific control operations can be performed to set any +appropriate parameters for the operation. +.Pp +The function +.Fn EVP_PKEY_derive +can be called more than once on the same context if several operations +are performed using the same parameters. +.Sh RETURN VALUES +.Fn EVP_PKEY_derive_init +and +.Fn EVP_PKEY_derive +return 1 for success and 0 or a negative value for failure. +In particular, a return value of -2 indicates the operation is not +supported by the public key algorithm. +.Sh EXAMPLES +Derive shared secret (for example DH or EC keys): +.Bd -literal -offset indent +#include +#include + +EVP_PKEY_CTX *ctx; +ENGINE *eng; +unsigned char *skey; +size_t skeylen; +EVP_PKEY *pkey, *peerkey; + +/* Assumes that pkey, eng, and peerkey have already been set up. */ +ctx = EVP_PKEY_CTX_new(pkey, eng); +if (!ctx) + /* Error occurred */ +if (EVP_PKEY_derive_init(ctx) <= 0) + /* Error */ +if (EVP_PKEY_derive_set_peer(ctx, peerkey) <= 0) + /* Error */ + +/* Determine buffer length */ +if (EVP_PKEY_derive(ctx, NULL, &skeylen) <= 0) + /* Error */ + +skey = malloc(skeylen); + +if (!skey) + /* malloc failure */ + +if (EVP_PKEY_derive(ctx, skey, &skeylen) <= 0) + /* Error */ + +/* Shared secret is skey bytes written to buffer skey */ +.Ed +.Sh SEE ALSO +.Xr EVP_PKEY_CTX_new 3 , +.Xr EVP_PKEY_decrypt 3 , +.Xr EVP_PKEY_encrypt 3 , +.Xr EVP_PKEY_meth_set_derive 3 , +.Xr EVP_PKEY_sign 3 , +.Xr EVP_PKEY_verify 3 , +.Xr EVP_PKEY_verify_recover 3 , +.Xr X25519 3 +.Sh HISTORY +.Fn EVP_PKEY_derive_init , +.Fn EVP_PKEY_derive_set_peer , +and +.Fn EVP_PKEY_derive +first appeared in OpenSSL 1.0.0 and have been available since +.Ox 4.9 . diff --git a/src/lib/libcrypto/man/EVP_PKEY_encrypt.3 b/src/lib/libcrypto/man/EVP_PKEY_encrypt.3 new file mode 100644 index 00000000000..a627c2abb69 --- /dev/null +++ b/src/lib/libcrypto/man/EVP_PKEY_encrypt.3 @@ -0,0 +1,184 @@ +.\" $OpenBSD: EVP_PKEY_encrypt.3,v 1.6 2018/03/23 04:34:23 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2006, 2009, 2013, 2014, 2016 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt EVP_PKEY_ENCRYPT 3 +.Os +.Sh NAME +.Nm EVP_PKEY_encrypt_init , +.Nm EVP_PKEY_encrypt +.Nd encrypt using a public key algorithm +.Sh SYNOPSIS +.In openssl/evp.h +.Ft int +.Fo EVP_PKEY_encrypt_init +.Fa "EVP_PKEY_CTX *ctx" +.Fc +.Ft int +.Fo EVP_PKEY_encrypt +.Fa "EVP_PKEY_CTX *ctx" +.Fa "unsigned char *out" +.Fa "size_t *outlen" +.Fa "const unsigned char *in" +.Fa "size_t inlen" +.Fc +.Sh DESCRIPTION +The +.Fn EVP_PKEY_encrypt_init +function initializes a public key algorithm context using key +.Fa ctx->pkey +for an encryption operation. +.Pp +The +.Fn EVP_PKEY_encrypt +function performs a public key encryption operation using +.Fa ctx . +The data to be encrypted is specified using the +.Fa in +and +.Fa inlen +parameters. +If +.Fa out +is +.Dv NULL , +then the maximum size of the output buffer is written to the +.Fa outlen +parameter. +If +.Fa out +is not +.Dv NULL , +then before the call the +.Fa outlen +parameter should contain the length of the +.Fa out +buffer. +If the call is successful the encrypted data is written to +.Fa out +and the amount of data written to +.Fa outlen . +.Pp +After the call to +.Fn EVP_PKEY_encrypt_init , +algorithm specific control operations can be performed to set any +appropriate parameters for the operation. +.Pp +The function +.Fn EVP_PKEY_encrypt +can be called more than once on the same context if several operations +are performed using the same parameters. +.Sh RETURN VALUES +.Fn EVP_PKEY_encrypt_init +and +.Fn EVP_PKEY_encrypt +return 1 for success and 0 or a negative value for failure. +In particular, a return value of -2 indicates the operation is not +supported by the public key algorithm. +.Sh EXAMPLES +Encrypt data using OAEP (for RSA keys). +See also +.Xr PEM_read_PUBKEY 3 +and +.Xr d2i_X509 3 +for means to load a public key. +You may also simply set +.Ql eng = NULL; +to start with the default OpenSSL RSA implementation: +.Bd -literal -offset indent +#include +#include +#include + +EVP_PKEY_CTX *ctx; +ENGINE *eng; +unsigned char *out, *in; +size_t outlen, inlen; +EVP_PKEY *key; +/* NB: assumes eng, key in, inlen are already set up + * and that key is an RSA public key + */ +ctx = EVP_PKEY_CTX_new(key, eng); +if (!ctx) + /* Error occurred */ +if (EVP_PKEY_encrypt_init(ctx) <= 0) + /* Error */ +if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_OAEP_PADDING) <= 0) + /* Error */ + +/* Determine buffer length */ +if (EVP_PKEY_encrypt(ctx, NULL, &outlen, in, inlen) <= 0) + /* Error */ + +out = malloc(outlen); + +if (!out) + /* malloc failure */ + +if (EVP_PKEY_encrypt(ctx, out, &outlen, in, inlen) <= 0) + /* Error */ + +/* Encrypted data is outlen bytes written to buffer out */ +.Ed +.Sh SEE ALSO +.Xr EVP_PKEY_CTX_new 3 , +.Xr EVP_PKEY_decrypt 3 , +.Xr EVP_PKEY_derive 3 , +.Xr EVP_PKEY_meth_set_encrypt 3 , +.Xr EVP_PKEY_sign 3 , +.Xr EVP_PKEY_verify 3 , +.Xr EVP_PKEY_verify_recover 3 +.Sh HISTORY +.Fn EVP_PKEY_encrypt_init +and +.Fn EVP_PKEY_encrypt +first appeared in OpenSSL 1.0.0 and have been available since +.Ox 4.9 . diff --git a/src/lib/libcrypto/man/EVP_PKEY_get_default_digest_nid.3 b/src/lib/libcrypto/man/EVP_PKEY_get_default_digest_nid.3 new file mode 100644 index 00000000000..9b0c30108ed --- /dev/null +++ b/src/lib/libcrypto/man/EVP_PKEY_get_default_digest_nid.3 @@ -0,0 +1,93 @@ +.\" $OpenBSD: EVP_PKEY_get_default_digest_nid.3,v 1.4 2018/03/23 04:34:23 schwarze Exp $ +.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2006, 2009, 2013 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt EVP_PKEY_GET_DEFAULT_DIGEST_NID 3 +.Os +.Sh NAME +.Nm EVP_PKEY_get_default_digest_nid +.Nd get default signature digest +.Sh SYNOPSIS +.In openssl/evp.h +.Ft int +.Fo EVP_PKEY_get_default_digest_nid +.Fa "EVP_PKEY *pkey" +.Fa "int *pnid" +.Fc +.Sh DESCRIPTION +The +.Fn EVP_PKEY_get_default_digest_nid +function sets +.Fa pnid +to the default message digest NID for the public key signature +operations associated with key +.Fa pkey . +.Pp +For all current standard OpenSSL public key algorithms, SHA1 is returned. +.Sh RETURN VALUES +The +.Fn EVP_PKEY_get_default_digest_nid +function returns 1 if the message digest is advisory (that is other +digests can be used) and 2 if it is mandatory (other digests cannot be +used). +It returns 0 or a negative value for failure. +In particular, a return value of -2 indicates the operation is not +supported by the public key algorithm. +.Sh SEE ALSO +.Xr EVP_PKEY_asn1_set_ctrl 3 , +.Xr EVP_PKEY_CTX_ctrl 3 , +.Xr EVP_PKEY_CTX_new 3 , +.Xr EVP_PKEY_sign 3 , +.Xr EVP_PKEY_verify 3 , +.Xr EVP_PKEY_verify_recover 3 +.Sh HISTORY +.Fn EVP_PKEY_get_default_digest_nid +first appeared in OpenSSL 1.0.0 and has been available since +.Ox 4.9 . diff --git a/src/lib/libcrypto/man/EVP_PKEY_keygen.3 b/src/lib/libcrypto/man/EVP_PKEY_keygen.3 new file mode 100644 index 00000000000..6173a1c438e --- /dev/null +++ b/src/lib/libcrypto/man/EVP_PKEY_keygen.3 @@ -0,0 +1,295 @@ +.\" $OpenBSD: EVP_PKEY_keygen.3,v 1.9 2018/03/23 04:34:23 schwarze Exp $ +.\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100 +.\" selective merge up to: OpenSSL 48e5119a Jan 19 10:49:22 2018 +0100 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2006, 2009, 2013, 2015, 2016, 2018 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt EVP_PKEY_KEYGEN 3 +.Os +.Sh NAME +.Nm EVP_PKEY_keygen_init , +.Nm EVP_PKEY_keygen , +.Nm EVP_PKEY_paramgen_init , +.Nm EVP_PKEY_paramgen , +.Nm EVP_PKEY_gen_cb , +.Nm EVP_PKEY_CTX_set_cb , +.Nm EVP_PKEY_CTX_get_cb , +.Nm EVP_PKEY_CTX_get_keygen_info , +.Nm EVP_PKEY_CTX_set_app_data , +.Nm EVP_PKEY_CTX_get_app_data +.Nd key and parameter generation functions +.Sh SYNOPSIS +.In openssl/evp.h +.Ft int +.Fo EVP_PKEY_keygen_init +.Fa "EVP_PKEY_CTX *ctx" +.Fc +.Ft int +.Fo EVP_PKEY_keygen +.Fa "EVP_PKEY_CTX *ctx" +.Fa "EVP_PKEY **ppkey" +.Fc +.Ft int +.Fo EVP_PKEY_paramgen_init +.Fa "EVP_PKEY_CTX *ctx" +.Fc +.Ft int +.Fo EVP_PKEY_paramgen +.Fa "EVP_PKEY_CTX *ctx" +.Fa "EVP_PKEY **ppkey" +.Fc +.Ft typedef int +.Fo EVP_PKEY_gen_cb +.Fa "EVP_PKEY_CTX *ctx" +.Fc +.Ft void +.Fo EVP_PKEY_CTX_set_cb +.Fa "EVP_PKEY_CTX *ctx" +.Fa "EVP_PKEY_gen_cb *cb" +.Fc +.Ft EVP_PKEY_gen_cb * +.Fo EVP_PKEY_CTX_get_cb +.Fa "EVP_PKEY_CTX *ctx" +.Fc +.Ft int +.Fo EVP_PKEY_CTX_get_keygen_info +.Fa "EVP_PKEY_CTX *ctx" +.Fa "int idx" +.Fc +.Ft void +.Fo EVP_PKEY_CTX_set_app_data +.Fa "EVP_PKEY_CTX *ctx" +.Fa "void *data" +.Fc +.Ft void * +.Fo EVP_PKEY_CTX_get_app_data +.Fa "EVP_PKEY_CTX *ctx" +.Fc +.Sh DESCRIPTION +The +.Fn EVP_PKEY_keygen_init +function initializes a public key algorithm context using key +.Fa ctx->pkey +for a key generation operation. +.Pp +The +.Fn EVP_PKEY_keygen +function performs a key generation operation. +The generated key is written to +.Fa ppkey . +.Pp +The functions +.Fn EVP_PKEY_paramgen_init +and +.Fn EVP_PKEY_paramgen +are similar except parameters are generated. +.Pp +The function +.Fn EVP_PKEY_CTX_set_cb +sets the key or parameter generation callback to +.Fa cb . +The function +.Fn EVP_PKEY_CTX_get_cb +returns the key or parameter generation callback. +.Pp +The function +.Fn EVP_PKEY_CTX_get_keygen_info +returns parameters associated with the generation operation. +If +.Fa idx +is -1, the total number of parameters available is returned. +Any non-negative value returns the value of that parameter. +.Fn EVP_PKEY_CTX_get_keygen_info +with a non-negative value for +.Fa idx +should only be called within the generation callback. +.Pp +If the callback returns 0, then the key generation operation is aborted +and an error occurs. +This might occur during a time consuming operation where a user clicks +on a "cancel" button. +.Pp +The functions +.Fn EVP_PKEY_CTX_set_app_data +and +.Fn EVP_PKEY_CTX_get_app_data +set and retrieve an opaque pointer. +This can be used to set some application defined value which can be +retrieved in the callback: for example a handle which is used to update +a "progress dialog". +.Pp +After the call to +.Fn EVP_PKEY_keygen_init +or +.Fn EVP_PKEY_paramgen_init , +algorithm specific control operations can be performed to set any +appropriate parameters for the operation. +.Pp +The functions +.Fn EVP_PKEY_keygen +and +.Fn EVP_PKEY_paramgen +can be called more than once on the same context if several operations +are performed using the same parameters. +.Pp +The meaning of the parameters passed to the callback will depend on the +algorithm and the specific implementation of the algorithm. +Some might not give any useful information at all during key or +parameter generation. +Others might not even call the callback. +.Pp +The operation performed by key or parameter generation depends on the +algorithm used. +In some cases (e.g. EC with a supplied named curve) the "generation" +option merely sets the appropriate fields in an +.Vt EVP_PKEY +structure. +.Pp +In OpenSSL, an +.Vt EVP_PKEY +structure containing a private key also contains the public key +components and parameters (if any). +An OpenSSL private key is equivalent to what some libraries call a "key +pair". +A private key can be used in functions which require the use of a public +key or parameters. +.Sh RETURN VALUES +.Fn EVP_PKEY_keygen_init , +.Fn EVP_PKEY_paramgen_init , +.Fn EVP_PKEY_keygen , +and +.Fn EVP_PKEY_paramgen +return 1 for success and 0 or a negative value for failure. +In particular, a return value of -2 indicates the operation is not +supported by the public key algorithm. +.Sh EXAMPLES +Generate a 2048-bit RSA key: +.Bd -literal -offset indent +#include +#include + +EVP_PKEY_CTX *ctx; +EVP_PKEY *pkey = NULL; + +ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL); +if (!ctx) + /* Error occurred */ +if (EVP_PKEY_keygen_init(ctx) <= 0) + /* Error */ +if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0) + /* Error */ + +/* Generate key */ +if (EVP_PKEY_keygen(ctx, &pkey) <= 0) + /* Error */ +.Ed +.Pp +Generate a key from a set of parameters: +.Bd -literal -offset indent +#include +#include + +EVP_PKEY_CTX *ctx; +ENGINE *eng; +EVP_PKEY *pkey = NULL, *param; + +/* Assumes that param and eng are already set up. */ +ctx = EVP_PKEY_CTX_new(param, eng); +if (!ctx) + /* Error occurred */ +if (EVP_PKEY_keygen_init(ctx) <= 0) + /* Error */ + +/* Generate key */ +if (EVP_PKEY_keygen(ctx, &pkey) <= 0) + /* Error */ +.Ed +.Pp +Example of generation callback for OpenSSL public key implementations: +.Bd -literal -offset indent +/* Application data is a BIO to output status to */ + +EVP_PKEY_CTX_set_app_data(ctx, status_bio); + +static int +genpkey_cb(EVP_PKEY_CTX *ctx) +{ + char c = '*'; + BIO *b = EVP_PKEY_CTX_get_app_data(ctx); + int p; + + p = EVP_PKEY_CTX_get_keygen_info(ctx, 0); + if (p == 0) + c = '.'; + if (p == 1) + c = '+'; + if (p == 2) + c = '*'; + if (p == 3) + c = '\en'; + BIO_write(b, &c, 1); + (void)BIO_flush(b); + return 1; +} +.Ed +.Sh SEE ALSO +.Xr EVP_PKEY_CTX_new 3 , +.Xr EVP_PKEY_decrypt 3 , +.Xr EVP_PKEY_derive 3 , +.Xr EVP_PKEY_encrypt 3 , +.Xr EVP_PKEY_meth_set_keygen 3 , +.Xr EVP_PKEY_sign 3 , +.Xr EVP_PKEY_verify 3 , +.Xr EVP_PKEY_verify_recover 3 , +.Xr X25519 3 +.Sh HISTORY +These functions first appeared in OpenSSL 1.0.0 +and have been available since +.Ox 4.9 . diff --git a/src/lib/libcrypto/man/EVP_PKEY_meth_get0_info.3 b/src/lib/libcrypto/man/EVP_PKEY_meth_get0_info.3 new file mode 100644 index 00000000000..eef35fad5cc --- /dev/null +++ b/src/lib/libcrypto/man/EVP_PKEY_meth_get0_info.3 @@ -0,0 +1,77 @@ +.\" $OpenBSD: EVP_PKEY_meth_get0_info.3,v 1.2 2018/03/23 05:48:56 schwarze Exp $ +.\" OpenSSL EVP_PKEY_meth_get_count.pod 6a2da303 Aug 9 11:25:19 2017 -0400 +.\" OpenSSL EVP_PKEY_meth_get_count.pod 48ed9c23 Jul 25 17:48:26 2017 +0100 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2017 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt EVP_PKEY_METH_GET0_INFO 3 +.Os +.Sh NAME +.Nm EVP_PKEY_meth_get0_info +.Nd enumerate public key methods +.Sh SYNOPSIS +.In openssl/evp.h +.Ft void +.Fo EVP_PKEY_meth_get0_info +.Fa "int *ppkey_id" +.Fa "int *pflags" +.Fa "const EVP_PKEY_METHOD *meth" +.Fc +.Sh DESCRIPTION +The function +.Fn EVP_PKEY_meth_get0_info +retrieves the public key ID (a NID) and any flags associated with the +public key method +.Pf * Fa meth . +.Sh SEE ALSO +.Xr EVP_PKEY_new 3 +.Sh HISTORY +.Fn EVP_PKEY_meth_get0_info +first appeared in OpenSSL 1.0.1 and has been available since +.Ox 5.3 . diff --git a/src/lib/libcrypto/man/EVP_PKEY_meth_new.3 b/src/lib/libcrypto/man/EVP_PKEY_meth_new.3 new file mode 100644 index 00000000000..a3c58844886 --- /dev/null +++ b/src/lib/libcrypto/man/EVP_PKEY_meth_new.3 @@ -0,0 +1,551 @@ +.\" $OpenBSD: EVP_PKEY_meth_new.3,v 1.3 2018/03/23 05:48:56 schwarze Exp $ +.\" selective merge up to: OpenSSL 43f985fd Aug 21 11:47:17 2017 -0400 +.\" +.\" This file was written by Paul Yang +.\" Copyright (c) 2017 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt EVP_PKEY_METH_NEW 3 +.Os +.Sh NAME +.Nm EVP_PKEY_meth_new , +.Nm EVP_PKEY_meth_free , +.Nm EVP_PKEY_meth_copy , +.Nm EVP_PKEY_meth_find , +.Nm EVP_PKEY_meth_add0 , +.Nm EVP_PKEY_meth_set_init , +.Nm EVP_PKEY_meth_set_copy , +.Nm EVP_PKEY_meth_set_cleanup , +.Nm EVP_PKEY_meth_set_paramgen , +.Nm EVP_PKEY_meth_set_keygen , +.Nm EVP_PKEY_meth_set_sign , +.Nm EVP_PKEY_meth_set_verify , +.Nm EVP_PKEY_meth_set_verify_recover , +.Nm EVP_PKEY_meth_set_signctx , +.Nm EVP_PKEY_meth_set_verifyctx , +.Nm EVP_PKEY_meth_set_encrypt , +.Nm EVP_PKEY_meth_set_decrypt , +.Nm EVP_PKEY_meth_set_derive , +.Nm EVP_PKEY_meth_set_ctrl +.Nd manipulate an EVP_PKEY_METHOD structure +.Sh SYNOPSIS +.In openssl/evp.h +.Ft EVP_PKEY_METHOD * +.Fo EVP_PKEY_meth_new +.Fa "int id" +.Fa "int flags" +.Fc +.Ft void +.Fo EVP_PKEY_meth_free +.Fa "EVP_PKEY_METHOD *pmeth" +.Fc +.Ft void +.Fo EVP_PKEY_meth_copy +.Fa "EVP_PKEY_METHOD *dst" +.Fa "const EVP_PKEY_METHOD *src" +.Fc +.Ft const EVP_PKEY_METHOD * +.Fo EVP_PKEY_meth_find +.Fa "int type" +.Fc +.Ft int +.Fo EVP_PKEY_meth_add0 +.Fa "const EVP_PKEY_METHOD *pmeth" +.Fc +.Ft void +.Fo EVP_PKEY_meth_set_init +.Fa "EVP_PKEY_METHOD *pmeth" +.Fa "int (*init)(EVP_PKEY_CTX *ctx)" +.Fc +.Ft void +.Fo EVP_PKEY_meth_set_copy +.Fa "EVP_PKEY_METHOD *pmeth" +.Fa "int (*copy)(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)" +.Fc +.Ft void +.Fo EVP_PKEY_meth_set_cleanup +.Fa "EVP_PKEY_METHOD *pmeth" +.Fa "void (*cleanup)(EVP_PKEY_CTX *ctx)" +.Fc +.Ft void +.Fo EVP_PKEY_meth_set_paramgen +.Fa "EVP_PKEY_METHOD *pmeth" +.Fa "int (*paramgen_init)(EVP_PKEY_CTX *ctx)" +.Fa "int (*paramgen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)" +.Fc +.Ft void +.Fo EVP_PKEY_meth_set_keygen +.Fa "EVP_PKEY_METHOD *pmeth" +.Fa "int (*keygen_init)(EVP_PKEY_CTX *ctx)" +.Fa "int (*keygen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)" +.Fc +.Ft void +.Fo EVP_PKEY_meth_set_sign +.Fa "EVP_PKEY_METHOD *pmeth" +.Fa "int (*sign_init)(EVP_PKEY_CTX *ctx)" +.Fa "int (*sign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,\ + const unsigned char *tbs, size_t tbslen)" +.Fc +.Ft void +.Fo EVP_PKEY_meth_set_verify +.Fa "EVP_PKEY_METHOD *pmeth" +.Fa "int (*verify_init)(EVP_PKEY_CTX *ctx)" +.Fa "int (*verify)(EVP_PKEY_CTX *ctx, const unsigned char *sig,\ + size_t siglen, const unsigned char *tbs, size_t tbslen)" +.Fc +.Ft void +.Fo EVP_PKEY_meth_set_verify_recover +.Fa "EVP_PKEY_METHOD *pmeth" +.Fa "int (*verify_recover_init)(EVP_PKEY_CTX *ctx)" +.Fa "int (*verify_recover)(EVP_PKEY_CTX *ctx, unsigned char *sig,\ + size_t *siglen, const unsigned char *tbs, size_t tbslen)" +.Fc +.Ft void +.Fo EVP_PKEY_meth_set_signctx +.Fa "EVP_PKEY_METHOD *pmeth" +.Fa "int (*signctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)" +.Fa "int (*signctx)(EVP_PKEY_CTX *ctx, unsigned char *sig,\ + size_t *siglen, EVP_MD_CTX *mctx)" +.Fc +.Ft void +.Fo EVP_PKEY_meth_set_verifyctx +.Fa "EVP_PKEY_METHOD *pmeth" +.Fa "int (*verifyctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)" +.Fa "int (*verifyctx)(EVP_PKEY_CTX *ctx, const unsigned char *sig,\ + int siglen, EVP_MD_CTX *mctx)" +.Fc +.Ft void +.Fo EVP_PKEY_meth_set_encrypt +.Fa "EVP_PKEY_METHOD *pmeth" +.Fa "int (*encrypt_init)(EVP_PKEY_CTX *ctx)" +.Fa "int (*encryptfn)(EVP_PKEY_CTX *ctx, unsigned char *out,\ + size_t *outlen, const unsigned char *in, size_t inlen)" +.Fc +.Ft void +.Fo EVP_PKEY_meth_set_decrypt +.Fa "EVP_PKEY_METHOD *pmeth" +.Fa "int (*decrypt_init)(EVP_PKEY_CTX *ctx)" +.Fa "int (*decrypt)(EVP_PKEY_CTX *ctx, unsigned char *out,\ + size_t *outlen, const unsigned char *in, size_t inlen)" +.Fc +.Ft void +.Fo EVP_PKEY_meth_set_derive +.Fa "EVP_PKEY_METHOD *pmeth" +.Fa "int (*derive_init)(EVP_PKEY_CTX *ctx)" +.Fa "int (*derive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)" +.Fc +.Ft void +.Fo EVP_PKEY_meth_set_ctrl +.Fa "EVP_PKEY_METHOD *pmeth" +.Fa "int (*ctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)" +.Fa "int (*ctrl_str)(EVP_PKEY_CTX *ctx, const char *type, const char *value)" +.Fc +.Sh DESCRIPTION +The +.Vt EVP_PKEY_METHOD +structure holds a set of methods +for a specific public key cryptographic algorithm. +Those methods perform tasks such as generating keys, signing, verifying, +encrypting, decrypting, and so on. +.Pp +There are two places where the +.Vt EVP_PKEY_METHOD +objects are stored: one is a built-in static array representing the +standard methods for different algorithms, and the other one is a stack +of user-defined application-specific methods, which can be manipulated +with +.Fn EVP_PKEY_meth_add0 . +.Pp +The +.Vt EVP_PKEY_METHOD +objects are usually referenced by +.Vt EVP_PKEY_CTX +objects. +.Ss Methods +The methods implement the particular public key algorithm represented by the +.Vt EVP_PKEY_CTX +object. +.Bd -unfilled +.Ft int Fn (*init) "EVP_PKEY_CTX *ctx" +.Ft int Fn (*copy) "EVP_PKEY_CTX *dst" "EVP_PKEY_CTX *src" +.Ft void Fn (*cleanup) "EVP_PKEY_CTX *ctx" +.Ed +.Pp +The +.Fn init +method is called by +.Xr EVP_PKEY_CTX_new 3 +and +.Xr EVP_PKEY_CTX_new_id 3 +to initialize the algorithm-specific data when a new +.Vt EVP_PKEY_CTX +is created. +The +.Fn cleanup +method is called by +.Xr EVP_PKEY_CTX_free 3 +when an +.Vt EVP_PKEY_CTX +is freed. +The +.Fn copy +method is called by +.Xr EVP_PKEY_CTX_dup 3 +when an +.Vt EVP_PKEY_CTX +is duplicated. +.Bd -unfilled +.Ft int Fn (*paramgen_init) "EVP_PKEY_CTX *ctx" +.Ft int Fn (*paramgen) "EVP_PKEY_CTX *ctx" "EVP_PKEY *pkey" +.Ed +.Pp +The +.Fn paramgen_init +and +.Fn paramgen +methods deal with key parameter generation. +They are called by +.Xr EVP_PKEY_paramgen_init 3 +and +.Xr EVP_PKEY_paramgen 3 +to handle the parameter generation process. +.Bd -unfilled +.Ft int Fn (*keygen_init) "EVP_PKEY_CTX *ctx" +.Ft int Fn (*keygen) "EVP_PKEY_CTX *ctx" "EVP_PKEY *pkey" +.Ed +.Pp +The +.Fn keygen_init +and +.Fn keygen +methods are used to generate a key for the specified algorithm. +They are called by +.Xr EVP_PKEY_keygen_init 3 +and +.Xr EVP_PKEY_keygen 3 . +.Bd -unfilled +.Ft int Fn (*sign_init) "EVP_PKEY_CTX *ctx" +.Ft int Fo (*sign) +.Fa "EVP_PKEY_CTX *ctx" +.Fa "unsigned char *sig" +.Fa "size_t *siglen" +.Fa "const unsigned char *tbs" +.Fa "size_t tbslen" +.Fc +.Ed +.Pp +The +.Fn sign_init +and +.Fn sign +methods are used to generate the signature of a piece of data using a +private key. +They are called by +.Xr EVP_PKEY_sign_init 3 +and +.Xr EVP_PKEY_sign 3 . +.Bd -unfilled +.Ft int Fn (*verify_init) "EVP_PKEY_CTX *ctx" +.Ft int Fo (*verify) +.Fa "EVP_PKEY_CTX *ctx" +.Fa "const unsigned char *sig" +.Fa "size_t siglen" +.Fa "const unsigned char *tbs" +.Fa "size_t tbslen" +.Fc +.Ed +.Pp +The +.Fn verify_init +and +.Fn verify +methods are used to verify whether a signature is valid. +They are called by +.Xr EVP_PKEY_verify_init 3 +and +.Xr EVP_PKEY_verify 3 . +.Bd -unfilled +.Ft int Fn (*verify_recover_init) "EVP_PKEY_CTX *ctx" +.Ft int Fo (*verify_recover) +.Fa "EVP_PKEY_CTX *ctx" +.Fa "unsigned char *rout" +.Fa "size_t *routlen" +.Fa "const unsigned char *sig" +.Fa "size_t siglen" +.Fc +.Ed +.Pp +The +.Fn verify_recover_init +and +.Fn verify_recover +methods are used to verify a signature and then recover the digest from +the signature (for instance, a signature that was generated by the RSA +signing algorithm). +They are called by +.Xr EVP_PKEY_verify_recover_init 3 +and +.Xr EVP_PKEY_verify_recover 3 . +.Bd -unfilled +.Ft int Fn (*signctx_init) "EVP_PKEY_CTX *ctx" "EVP_MD_CTX *mctx" +.Ft int Fo (*signctx) +.Fa "EVP_PKEY_CTX *ctx" +.Fa "unsigned char *sig" +.Fa "size_t *siglen" +.Fa "EVP_MD_CTX *mctx" +.Fc +.Ed +.Pp +The +.Fn signctx_init +and +.Fn signctx +methods are used to sign a digest represented by an +.Vt EVP_MD_CTX +object. +They are called by the +.Xr EVP_DigestSignInit 3 +functions. +.Bd -unfilled +.Ft int Fn (*verifyctx_init) "EVP_PKEY_CTX *ctx" "EVP_MD_CTX *mctx" +.Ft int Fo (*verifyctx) +.Fa "EVP_PKEY_CTX *ctx" +.Fa "const unsigned char *sig" +.Fa "int siglen" +.Fa "EVP_MD_CTX *mctx" +.Fc +.Ed +.Pp +The +.Fn verifyctx_init +and +.Fn verifyctx +methods are used to verify a signature against the data in an +.Vt EVP_MD_CTX +object. +They are called by the +.Xr EVP_DigestVerifyInit 3 +functions. +.Bd -unfilled +.Ft int Fn (*encrypt_init) "EVP_PKEY_CTX *ctx" +.Ft int Fo (*encrypt) +.Fa "EVP_PKEY_CTX *ctx" +.Fa "unsigned char *out" +.Fa "size_t *outlen" +.Fa "const unsigned char *in" +.Fa "size_t inlen" +.Fc +.Ed +.Pp +The +.Fn encrypt_init +and +.Fn encrypt +methods are used to encrypt a piece of data. +They are called by +.Xr EVP_PKEY_encrypt_init 3 +and +.Xr EVP_PKEY_encrypt 3 . +.Bd -unfilled +.Ft int Fn (*decrypt_init) "EVP_PKEY_CTX *ctx" +.Ft int Fo (*decrypt) +.Fa "EVP_PKEY_CTX *ctx" +.Fa "unsigned char *out" +.Fa "size_t *outlen" +.Fa "const unsigned char *in" +.Fa "size_t inlen" +.Fc +.Ed +.Pp +The +.Fn decrypt_init +and +.Fn decrypt +methods are used to decrypt a piece of data. +They are called by +.Xr EVP_PKEY_decrypt_init 3 +and +.Xr EVP_PKEY_decrypt 3 . +.Bd -unfilled +.Ft int Fn (*derive_init) "EVP_PKEY_CTX *ctx" +.Ft int Fo (*derive) +.Fa "EVP_PKEY_CTX *ctx" +.Fa "unsigned char *key" +.Fa "size_t *keylen" +.Fc +.Ed +.Pp +The +.Fn derive_init +and +.Fn derive +methods are used to derive the shared secret from a public key algorithm +(for instance, the DH algorithm). +They are called by +.Xr EVP_PKEY_derive_init 3 +and +.Xr EVP_PKEY_derive 3 . +.Bd -unfilled +.Ft int Fo (*ctrl) +.Fa "EVP_PKEY_CTX *ctx" +.Fa "int type" +.Fa "int p1" +.Fa "void *p2" +.Fc +.Ft int Fo (*ctrl_str) +.Fa "EVP_PKEY_CTX *ctx" +.Fa "const char *type" +.Fa "const char *value" +.Fc +.Ed +.Pp +The +.Fn ctrl +and +.Fn ctrl_str +methods are used to adjust algorithm-specific settings. +See +.Xr EVP_PKEY_CTX_ctrl 3 +for details. +.Ss Functions +.Fn EVP_PKEY_meth_new +creates a new +.Vt EVP_PKEY_METHOD +object with the given +.Fa id +and +.Fa flags . +The following flags are supported: +.Bl -tag -width Ds +.It Dv EVP_PKEY_FLAG_AUTOARGLEN +Automatically calculate the maximum size of the output buffer +in corresponding EVP methods by the EVP framework. +Thus the implementations of these methods don't need to care about +handling the case of returning output buffer size by themselves. +For details on the output buffer size, refer to +.Xr EVP_PKEY_sign 3 . +.It Dv EVP_PKEY_FLAG_SIGCTX_CUSTOM +Indicate that the +.Fn signctx +method of an +.Vt EVP_PKEY_METHOD +is always called by the EVP framework while doing a digest signing +operation by calling +.Xr EVP_DigestSignFinal 3 . +.El +.Pp +.Fn EVP_PKEY_meth_free +frees +.Fa pmeth . +.Pp +.Fn EVP_PKEY_meth_copy +copies +.Fa src +to +.Fa dst . +.Pp +.Fn EVP_PKEY_meth_find +finds an +.Vt EVP_PKEY_METHOD +object with the given +.Fa id . +This function first searches through the user-defined method objects and +then through the built-in objects. +.Pp +.Fn EVP_PKEY_meth_add0 +adds +.Fa pmeth +to the stack of user defined methods. +.Pp +The +.Fn EVP_PKEY_meth_set_* +functions set the corresponding fields of +.Fa pmeth +to the arguments passed. +.Sh RETURN VALUES +.Fn EVP_PKEY_meth_new +returns a pointer to a new +.Vt EVP_PKEY_METHOD +object or +.Dv NULL +on error. +.Pp +.Fn EVP_PKEY_meth_find +returns a pointer to the found +.Vt EVP_PKEY_METHOD +object or +.Dv NULL +if no matching object is found. +.Pp +.Fn EVP_PKEY_meth_add0 +returns 1 if the method is added successfully or 0 if an error occurred. +.Sh HISTORY +.Fn EVP_PKEY_meth_new , +.Fn EVP_PKEY_meth_free , +.Fn EVP_PKEY_meth_find , +.Fn EVP_PKEY_meth_add0 , +.Fn EVP_PKEY_meth_set_init , +.Fn EVP_PKEY_meth_set_copy , +.Fn EVP_PKEY_meth_set_cleanup , +.Fn EVP_PKEY_meth_set_paramgen , +.Fn EVP_PKEY_meth_set_keygen , +.Fn EVP_PKEY_meth_set_sign , +.Fn EVP_PKEY_meth_set_verify , +.Fn EVP_PKEY_meth_set_verify_recover , +.Fn EVP_PKEY_meth_set_signctx , +.Fn EVP_PKEY_meth_set_verifyctx , +.Fn EVP_PKEY_meth_set_encrypt , +.Fn EVP_PKEY_meth_set_decrypt , +.Fn EVP_PKEY_meth_set_derive , +and +.Fn EVP_PKEY_meth_set_ctrl +first appeared in OpenSSL 1.0.0 and have been available since +.Ox 4.9 . +.Pp +.Fn EVP_PKEY_meth_copy +first appeared in OpenSSL 1.0.1 and has been available since +.Ox 5.3 . diff --git a/src/lib/libcrypto/man/EVP_PKEY_new.3 b/src/lib/libcrypto/man/EVP_PKEY_new.3 new file mode 100644 index 00000000000..777c108d833 --- /dev/null +++ b/src/lib/libcrypto/man/EVP_PKEY_new.3 @@ -0,0 +1,164 @@ +.\" $OpenBSD: EVP_PKEY_new.3,v 1.9 2018/12/22 23:19:53 schwarze Exp $ +.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" selective merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100 +.\" +.\" This file was written by Dr. Stephen Henson +.\" and Matt Caswell . +.\" Copyright (c) 2002, 2018 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: December 22 2018 $ +.Dt EVP_PKEY_NEW 3 +.Os +.Sh NAME +.Nm EVP_PKEY_new , +.Nm EVP_PKEY_up_ref , +.Nm EVP_PKEY_free , +.Nm EVP_PKEY_new_mac_key +.Nd private key allocation functions +.Sh SYNOPSIS +.In openssl/evp.h +.Ft EVP_PKEY * +.Fn EVP_PKEY_new void +.Ft int +.Fo EVP_PKEY_up_ref +.Fa "EVP_PKEY *key" +.Fc +.Ft void +.Fo EVP_PKEY_free +.Fa "EVP_PKEY *key" +.Fc +.Ft EVP_PKEY * +.Fo EVP_PKEY_new_mac_key +.Fa "int type" +.Fa "ENGINE *e" +.Fa "const unsigned char *key" +.Fa "int keylen" +.Fc +.Sh DESCRIPTION +The +.Vt EVP_PKEY +structure is used by various OpenSSL functions which require a general +private key without reference to any particular algorithm. +.Pp +The +.Fn EVP_PKEY_new +function allocates an empty +.Vt EVP_PKEY +structure. +The reference count is set to 1. +To add a private or public key to it, use the functions described in +.Xr EVP_PKEY_set1_RSA 3 . +.Pp +.Fn EVP_PKEY_up_ref +increments the reference count of +.Fa key +by 1. +.Pp +.Fn EVP_PKEY_free +decrements the reference count of +.Fa key +by 1, and if the reference count reaches zero, frees it up. +If +.Fa key +is a +.Dv NULL +pointer, no action occurs. +.Pp +.Fn EVP_PKEY_new_mac_key +allocates a new +.Vt EVP_PKEY . +If +.Fa e +is +.Pf non- Dv NULL , +then the new +.Vt EVP_PKEY +structure is associated with the engine +.Fa e . +The +.Fa type +argument indicates what kind of key this is. +The value should be a NID for a public key algorithm that supports +raw private keys, for example +.Dv EVP_PKEY_HMAC . +.Fa key +points to the raw private key data for this +.Vt EVP_PKEY +which should be of length +.Fa keylen . +The length should be appropriate for the type of the key. +The public key data will be automatically derived from the given +private key data (if appropriate for the algorithm type). +.Sh RETURN VALUES +.Fn EVP_PKEY_new +and +.Fn EVP_PKEY_new_mac_key +return either the newly allocated +.Vt EVP_PKEY +structure or +.Dv NULL +if an error occurred. +.Pp +.Fn EVP_PKEY_up_ref +returns 1 for success or 0 for failure. +.Sh SEE ALSO +.Xr EVP_PKEY_asn1_set_free 3 , +.Xr EVP_PKEY_set1_RSA 3 +.Sh HISTORY +.Fn EVP_PKEY_new +and +.Fn EVP_PKEY_free +first appeared in SSLeay 0.6.0 and have been available since +.Ox 2.4 . +.Pp +.Fn EVP_PKEY_new_mac_key +first appeared in OpenSSL 1.0.0 and has been available since +.Ox 4.9 . +.Pp +.Fn EVP_PKEY_up_ref +first appeared in OpenSSL 1.1.0 and has been available since +.Ox 6.3 . diff --git a/src/lib/libcrypto/man/EVP_PKEY_print_private.3 b/src/lib/libcrypto/man/EVP_PKEY_print_private.3 new file mode 100644 index 00000000000..48e0c55e5e8 --- /dev/null +++ b/src/lib/libcrypto/man/EVP_PKEY_print_private.3 @@ -0,0 +1,129 @@ +.\" $OpenBSD: EVP_PKEY_print_private.3,v 1.6 2018/03/23 04:34:23 schwarze Exp $ +.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2006, 2009 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt EVP_PKEY_PRINT_PRIVATE 3 +.Os +.Sh NAME +.Nm EVP_PKEY_print_public , +.Nm EVP_PKEY_print_private , +.Nm EVP_PKEY_print_params +.Nd public key algorithm printing routines +.Sh SYNOPSIS +.In openssl/evp.h +.Ft int +.Fo EVP_PKEY_print_public +.Fa "BIO *out" +.Fa "const EVP_PKEY *pkey" +.Fa "int indent" +.Fa "ASN1_PCTX *pctx" +.Fc +.Ft int +.Fo EVP_PKEY_print_private +.Fa "BIO *out" +.Fa "const EVP_PKEY *pkey" +.Fa "int indent" +.Fa "ASN1_PCTX *pctx" +.Fc +.Ft int +.Fo EVP_PKEY_print_params +.Fa "BIO *out" +.Fa "const EVP_PKEY *pkey" +.Fa "int indent" +.Fa "ASN1_PCTX *pctx" +.Fc +.Sh DESCRIPTION +The functions +.Fn EVP_PKEY_print_public , +.Fn EVP_PKEY_print_private , +and +.Fn EVP_PKEY_print_params +print out the public, private or parameter components of key +.Fa pkey , +respectively. +The key is sent to +.Vt BIO +.Fa out +in human readable form. +The parameter +.Fa indent +indicates how far the printout should be indented. +.Pp +The +.Fa pctx +parameter allows the print output to be finely tuned by using ASN.1 +printing options. +If +.Fa pctx +is set to +.Dv NULL , +then default values will be used. +Currently, no public key algorithms include any options in the +.Fa pctx +parameter. +.Pp +If the key does not include all the components indicated by the function, +then only those contained in the key will be printed. +For example, passing a public key to +.Fn EVP_PKEY_print_private +will only print the public components. +.Sh RETURN VALUES +These functions all return 1 for success and 0 or a negative value for +failure. +In particular, a return value of -2 indicates the operation is not +supported by the public key algorithm. +.Sh SEE ALSO +.Xr EVP_PKEY_asn1_set_public 3 , +.Xr EVP_PKEY_CTX_new 3 , +.Xr EVP_PKEY_keygen 3 +.Sh HISTORY +These functions first appeared in OpenSSL 1.0.0 +and have been available since +.Ox 4.9 . diff --git a/src/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 b/src/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 new file mode 100644 index 00000000000..9662965fbdb --- /dev/null +++ b/src/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 @@ -0,0 +1,385 @@ +.\" $OpenBSD: EVP_PKEY_set1_RSA.3,v 1.15 2019/03/18 04:01:53 schwarze Exp $ +.\" full merge up to: OpenSSL bb9ad09e Jun 6 00:43:05 2016 -0400 +.\" selective merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2002, 2015, 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 18 2019 $ +.Dt EVP_PKEY_SET1_RSA 3 +.Os +.Sh NAME +.Nm EVP_PKEY_set1_RSA , +.Nm EVP_PKEY_set1_DSA , +.Nm EVP_PKEY_set1_DH , +.Nm EVP_PKEY_set1_EC_KEY , +.Nm EVP_PKEY_get1_RSA , +.Nm EVP_PKEY_get1_DSA , +.Nm EVP_PKEY_get1_DH , +.Nm EVP_PKEY_get1_EC_KEY , +.Nm EVP_PKEY_get0_RSA , +.Nm EVP_PKEY_get0_DSA , +.Nm EVP_PKEY_get0_DH , +.Nm EVP_PKEY_get0_EC_KEY , +.Nm EVP_PKEY_get0_hmac , +.Nm EVP_PKEY_assign_RSA , +.Nm EVP_PKEY_assign_DSA , +.Nm EVP_PKEY_assign_DH , +.Nm EVP_PKEY_assign_EC_KEY , +.Nm EVP_PKEY_base_id , +.Nm EVP_PKEY_id , +.Nm EVP_PKEY_type , +.Nm EVP_PKEY_set_alias_type +.Nd EVP_PKEY assignment functions +.Sh SYNOPSIS +.In openssl/evp.h +.Ft int +.Fo EVP_PKEY_set1_RSA +.Fa "EVP_PKEY *pkey" +.Fa "RSA *key" +.Fc +.Ft int +.Fo EVP_PKEY_set1_DSA +.Fa "EVP_PKEY *pkey" +.Fa "DSA *key" +.Fc +.Ft int +.Fo EVP_PKEY_set1_DH +.Fa "EVP_PKEY *pkey" +.Fa "DH *key" +.Fc +.Ft int +.Fo EVP_PKEY_set1_EC_KEY +.Fa "EVP_PKEY *pkey" +.Fa "EC_KEY *key" +.Fc +.Ft RSA * +.Fo EVP_PKEY_get1_RSA +.Fa "EVP_PKEY *pkey" +.Fc +.Ft DSA * +.Fo EVP_PKEY_get1_DSA +.Fa "EVP_PKEY *pkey" +.Fc +.Ft DH * +.Fo EVP_PKEY_get1_DH +.Fa "EVP_PKEY *pkey" +.Fc +.Ft EC_KEY * +.Fo EVP_PKEY_get1_EC_KEY +.Fa "EVP_PKEY *pkey" +.Fc +.Ft RSA * +.Fo EVP_PKEY_get0_RSA +.Fa "EVP_PKEY *pkey" +.Fc +.Ft DSA * +.Fo EVP_PKEY_get0_DSA +.Fa "EVP_PKEY *pkey" +.Fc +.Ft DH * +.Fo EVP_PKEY_get0_DH +.Fa "EVP_PKEY *pkey" +.Fc +.Ft EC_KEY * +.Fo EVP_PKEY_get0_EC_KEY +.Fa "EVP_PKEY *pkey" +.Fc +.Ft const unsigned char * +.Fo EVP_PKEY_get0_hmac +.Fa "const EVP_PKEY *pkey" +.Fa "size_t *len" +.Fc +.Ft int +.Fo EVP_PKEY_assign_RSA +.Fa "EVP_PKEY *pkey" +.Fa "RSA *key" +.Fc +.Ft int +.Fo EVP_PKEY_assign_DSA +.Fa "EVP_PKEY *pkey" +.Fa "DSA *key" +.Fc +.Ft int +.Fo EVP_PKEY_assign_DH +.Fa "EVP_PKEY *pkey" +.Fa "DH *key" +.Fc +.Ft int +.Fo EVP_PKEY_assign_EC_KEY +.Fa "EVP_PKEY *pkey" +.Fa "EC_KEY *key" +.Fc +.Ft int +.Fo EVP_PKEY_base_id +.Fa "EVP_PKEY *pkey" +.Fc +.Ft int +.Fo EVP_PKEY_id +.Fa "EVP_PKEY *pkey" +.Fc +.Ft int +.Fo EVP_PKEY_type +.Fa "int type" +.Fc +.Ft int +.Fo EVP_PKEY_set_alias_type +.Fa "EVP_PKEY *pkey" +.Fa "int type" +.Fc +.Sh DESCRIPTION +.Fn EVP_PKEY_set1_RSA , +.Fn EVP_PKEY_set1_DSA , +.Fn EVP_PKEY_set1_DH , +and +.Fn EVP_PKEY_set1_EC_KEY +set the key referenced by +.Fa pkey +to +.Fa key . +.Pp +.Fn EVP_PKEY_get1_RSA , +.Fn EVP_PKEY_get1_DSA , +.Fn EVP_PKEY_get1_DH , +and +.Fn EVP_PKEY_get1_EC_KEY +return the key referenced in +.Fa pkey , +incrementing its reference count by 1, or +.Dv NULL +if the key is not of the correct type. +.Pp +.Fn EVP_PKEY_get0_RSA , +.Fn EVP_PKEY_get0_DSA , +.Fn EVP_PKEY_get0_DH , +and +.Fn EVP_PKEY_get0_EC_KEY +are identical except that they do not increment the reference count. +Consequently, the returned key must not be freed by the caller. +.Pp +.Fn EVP_PKEY_get0_hmac +returns an internal pointer to the key referenced in +.Fa pkey +and sets +.Pf * Fa len +to its length in bytes. +The returned pointer must not be freed by the caller. +If +.Fa pkey +is not of the correct type, +.Dv NULL +is returned and the content of +.Pf * Fa len +becomes unspecified. +.Pp +.Fn EVP_PKEY_assign_RSA , +.Fn EVP_PKEY_assign_DSA , +.Fn EVP_PKEY_assign_DH , +and +.Fn EVP_PKEY_assign_EC_KEY +also set the referenced key to +.Fa key ; +however these use the supplied +.Fa key +internally and so +.Fa key +will be freed when the parent +.Fa pkey +is freed. +.Pp +.Fn EVP_PKEY_base_id +returns the type of +.Fa pkey . +For example, an RSA key will return +.Dv EVP_PKEY_RSA . +.Pp +.Fn EVP_PKEY_id +returns the actual OID associated with +.Fa pkey . +Historically keys using the same algorithm could use different OIDs. +For example, an RSA key could use the OIDs corresponding to the NIDs +.Dv NID_rsaEncryption +(equivalent to +.Dv EVP_PKEY_RSA ) +or +.Dv NID_rsa +(equivalent to +.Dv EVP_PKEY_RSA2 ) . +The use of alternative non-standard OIDs is now rare, so +.Dv EVP_PKEY_RSA2 +et al. are not often seen in practice. +.Pp +.Fn EVP_PKEY_type +returns the underlying type of the NID +.Fa type . +For example, +.Fn EVP_PKEY_type EVP_PKEY_RSA2 +will return +.Dv EVP_PKEY_RSA . +.Pp +Most applications wishing to know a key type will simply call +.Fn EVP_PKEY_base_id +and will not care about the actual type, +which will be identical in almost all cases. +.Pp +.Fn EVP_PKEY_set_alias_type +allows modifying a +.Dv EVP_PKEY +to use a different set of algorithms than the default. +This is currently used to support SM2 keys, which use an +identical encoding to ECDSA. +.Pp +In accordance with the OpenSSL naming convention, the key obtained from +or assigned to +.Fa pkey +using the +.Sy 1 +functions must be freed as well as +.Fa pkey . +.Pp +.Fn EVP_PKEY_assign_RSA , +.Fn EVP_PKEY_assign_DSA , +.Fn EVP_PKEY_assign_DH , +and +.Fn EVP_PKEY_assign_EC_KEY +are implemented as macros. +.Sh EXAMPLES +After loading an ECC key, it is possible to convert it to using SM2 +algorithms with +.Fn EVP_PKEY_set_alias_type : +.Fn EVP_PKEY_set_alias_type pkey EVP_PKEY_SM2 ; +.Sh RETURN VALUES +.Fn EVP_PKEY_set1_RSA , +.Fn EVP_PKEY_set1_DSA , +.Fn EVP_PKEY_set1_DH , +and +.Fn EVP_PKEY_set1_EC_KEY +return 1 for success or 0 for failure. +.Pp +.Fn EVP_PKEY_get1_RSA , +.Fn EVP_PKEY_get1_DSA , +.Fn EVP_PKEY_get1_DH , +.Fn EVP_PKEY_get1_EC_KEY , +.Fn EVP_PKEY_get0_RSA , +.Fn EVP_PKEY_get0_DSA , +.Fn EVP_PKEY_get0_DH , +.Fn EVP_PKEY_get0_EC_KEY , +and +.Fn EVP_PKEY_get0_hmac +return the referenced key or +.Dv NULL +if an error occurred. +.Pp +.Fn EVP_PKEY_assign_RSA , +.Fn EVP_PKEY_assign_DSA , +.Fn EVP_PKEY_assign_DH , +and +.Fn EVP_PKEY_assign_EC_KEY +return 1 for success and 0 for failure. +.Pp +.Fn EVP_PKEY_base_id , +.Fn EVP_PKEY_id , +and +.Fn EVP_PKEY_type +return a key type or +.Dv NID_undef +(equivalently +.Dv EVP_PKEY_NONE ) +on error. +.Pp +.Fn EVP_PKEY_set_alias_type +returns 1 for success and 0 for error. +.Sh SEE ALSO +.Xr DH_new 3 , +.Xr DSA_new 3 , +.Xr EC_KEY_new 3 , +.Xr EVP_PKEY_get0_asn1 3 , +.Xr EVP_PKEY_new 3 , +.Xr RSA_new 3 +.Sh HISTORY +.Fn EVP_PKEY_assign_RSA , +.Fn EVP_PKEY_assign_DSA , +.Fn EVP_PKEY_assign_DH , +and +.Fn EVP_PKEY_type +first appeared in SSLeay 0.8.0 and have been available since +.Ox 2.4 . +.Pp +.Fn EVP_PKEY_set1_RSA , +.Fn EVP_PKEY_set1_DSA , +.Fn EVP_PKEY_set1_DH , +.Fn EVP_PKEY_get1_RSA , +.Fn EVP_PKEY_get1_DSA , +and +.Fn EVP_PKEY_get1_DH +first appeared in OpenSSL 0.9.5 and have been available since +.Ox 2.7 . +.Pp +.Fn EVP_PKEY_set1_EC_KEY , +.Fn EVP_PKEY_get1_EC_KEY , +and +.Fn EVP_PKEY_assign_EC_KEY +first appeared in OpenSSL 0.9.8 and have been available since +.Ox 4.5 . +.Pp +.Fn EVP_PKEY_id +and +.Fn EVP_PKEY_base_id +first appeared in OpenSSL 1.0.0 and have been available since +.Ox 4.9 . +.Pp +.Fn EVP_PKEY_get0_RSA , +.Fn EVP_PKEY_get0_DSA , +.Fn EVP_PKEY_get0_DH , +and +.Fn EVP_PKEY_get0_EC_KEY +first appeared in OpenSSL 1.1.0 and have been available since +.Ox 6.3 . +.Pp +.Fn EVP_PKEY_get0_hmac +first appeared in OpenSSL 1.1.0 and has been available since +.Ox 6.5 . diff --git a/src/lib/libcrypto/man/EVP_PKEY_sign.3 b/src/lib/libcrypto/man/EVP_PKEY_sign.3 new file mode 100644 index 00000000000..efbea950c94 --- /dev/null +++ b/src/lib/libcrypto/man/EVP_PKEY_sign.3 @@ -0,0 +1,191 @@ +.\" $OpenBSD: EVP_PKEY_sign.3,v 1.7 2018/03/23 04:34:23 schwarze Exp $ +.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2006, 2009, 2013, 2014 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt EVP_PKEY_SIGN 3 +.Os +.Sh NAME +.Nm EVP_PKEY_sign_init , +.Nm EVP_PKEY_sign +.Nd sign using a public key algorithm +.Sh SYNOPSIS +.In openssl/evp.h +.Ft int +.Fo EVP_PKEY_sign_init +.Fa "EVP_PKEY_CTX *ctx" +.Fc +.Ft int +.Fo EVP_PKEY_sign +.Fa "EVP_PKEY_CTX *ctx" +.Fa "unsigned char *sig" +.Fa "size_t *siglen" +.Fa "const unsigned char *tbs" +.Fa "size_t tbslen" +.Fc +.Sh DESCRIPTION +The +.Fn EVP_PKEY_sign_init +function initializes a public key algorithm context using the key +.Fa ctx->pkey +for a signing operation. +.Pp +The +.Fn EVP_PKEY_sign +function performs a public key signing operation using +.Fa ctx . +The data to be signed is specified using the +.Fa tbs +and +.Fa tbslen +parameters. +If +.Fa sig +is +.Dv NULL , +then the maximum size of the output buffer is written to the +.Fa siglen +parameter. +If +.Fa sig +is not +.Dv NULL , +then before the call the +.Fa siglen +parameter should contain the length of the +.Fa sig +buffer. +If the call is successful the signature is written to +.Fa sig +and the amount of data written to +.Fa siglen . +.Pp +.Fn EVP_PKEY_sign +does not hash the data to be signed, and therefore is normally used +to sign digests. +For signing arbitrary messages, see the +.Xr EVP_DigestSignInit 3 +and +.Xr EVP_SignInit 3 +signing interfaces instead. +.Pp +After the call to +.Fn EVP_PKEY_sign_init , +algorithm specific control operations can be performed to set any +appropriate parameters for the operation; see +.Xr EVP_PKEY_CTX_ctrl 3 . +.Pp +The function +.Fn EVP_PKEY_sign +can be called more than once on the same context if several operations +are performed using the same parameters. +.Sh RETURN VALUES +.Fn EVP_PKEY_sign_init +and +.Fn EVP_PKEY_sign +return 1 for success and 0 or a negative value for failure. +In particular, a return value of -2 indicates the operation is not +supported by the public key algorithm. +.Sh EXAMPLES +Sign data using RSA with PKCS#1 padding and SHA256 digest: +.Bd -literal -offset indent +#include +#include + +EVP_PKEY_CTX *ctx; +/* md is a SHA-256 digest in this example. */ +unsigned char *md, *sig; +size_t mdlen = 32, siglen; +EVP_PKEY *signing_key; + +/* + * NB: assumes signing_key and md are set up before the next + * step. signing_key must be an RSA private key and md must + * point to the SHA-256 digest to be signed. + */ +ctx = EVP_PKEY_CTX_new(signing_key, NULL /* no engine */); +if (!ctx) + /* Error occurred */ +if (EVP_PKEY_sign_init(ctx) <= 0) + /* Error */ +if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) + /* Error */ +if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0) + /* Error */ + +/* Determine buffer length */ +if (EVP_PKEY_sign(ctx, NULL, &siglen, md, mdlen) <= 0) + /* Error */ + +sig = malloc(siglen); + +if (!sig) + /* malloc failure */ + +if (EVP_PKEY_sign(ctx, sig, &siglen, md, mdlen) <= 0) + /* Error */ + +/* Signature is siglen bytes written to buffer sig */ +.Ed +.Sh SEE ALSO +.Xr EVP_PKEY_CTX_ctrl 3 , +.Xr EVP_PKEY_CTX_new 3 , +.Xr EVP_PKEY_decrypt 3 , +.Xr EVP_PKEY_derive 3 , +.Xr EVP_PKEY_encrypt 3 , +.Xr EVP_PKEY_meth_set_sign 3 , +.Xr EVP_PKEY_verify 3 , +.Xr EVP_PKEY_verify_recover 3 +.Sh HISTORY +.Fn EVP_PKEY_sign_init +and +.Fn EVP_PKEY_sign +first appeared in OpenSSL 1.0.0 and have been available since +.Ox 4.9 . diff --git a/src/lib/libcrypto/man/EVP_PKEY_verify.3 b/src/lib/libcrypto/man/EVP_PKEY_verify.3 new file mode 100644 index 00000000000..c4d983320a9 --- /dev/null +++ b/src/lib/libcrypto/man/EVP_PKEY_verify.3 @@ -0,0 +1,168 @@ +.\" $OpenBSD: EVP_PKEY_verify.3,v 1.7 2018/03/23 04:34:23 schwarze Exp $ +.\" full merge up to: OpenSSL 48e5119a Jan 19 10:49:22 2018 +0100 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2006, 2009, 2010, 2013, 2018 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt EVP_PKEY_VERIFY 3 +.Os +.Sh NAME +.Nm EVP_PKEY_verify_init , +.Nm EVP_PKEY_verify +.Nd signature verification using a public key algorithm +.Sh SYNOPSIS +.In openssl/evp.h +.Ft int +.Fo EVP_PKEY_verify_init +.Fa "EVP_PKEY_CTX *ctx" +.Fc +.Ft int +.Fo EVP_PKEY_verify +.Fa "EVP_PKEY_CTX *ctx" +.Fa "const unsigned char *sig" +.Fa "size_t siglen" +.Fa "const unsigned char *tbs" +.Fa "size_t tbslen" +.Fc +.Sh DESCRIPTION +The +.Fn EVP_PKEY_verify_init +function initializes a public key algorithm context using key +.Fa ctx->pkey +for a signature verification operation. +.Pp +The +.Fn EVP_PKEY_verify +function performs a public key verification operation using +.Fa ctx . +The signature is specified using the +.Fa sig +and +.Fa siglen +parameters. +The verified data (i.e. the data believed originally signed) is +specified using the +.Fa tbs +and +.Fa tbslen +parameters. +.Pp +After the call to +.Fn EVP_PKEY_verify_init , +algorithm specific control operations can be performed to set any +appropriate parameters for the operation. +.Pp +The function +.Fn EVP_PKEY_verify +can be called more than once on the same context if several operations +are performed using the same parameters. +.Sh RETURN VALUES +.Fn EVP_PKEY_verify_init +and +.Fn EVP_PKEY_verify +return 1 if the verification was successful and 0 if it failed. +Unlike other functions the return value 0 from +.Fn EVP_PKEY_verify +only indicates that the signature did not verify successfully. +That is, +.Fa tbs +did not match the original data or the signature was of invalid form. +It is not an indication of a more serious error. +.Pp +A negative value indicates an error other that signature verification +failure. +In particular, a return value of -2 indicates the operation is not +supported by the public key algorithm. +.Sh EXAMPLES +Verify signature using PKCS#1 and SHA256 digest: +.Bd -literal -offset 3n +#include +#include + +EVP_PKEY_CTX *ctx; +unsigned char *md, *sig; +size_t mdlen, siglen; +EVP_PKEY *verify_key; + +/* + * Assumes that verify_key, sig, siglen, md, and mdlen are already set up + * and that verify_key is an RSA public key. + */ +ctx = EVP_PKEY_CTX_new(verify_key, NULL); +if (!ctx) + /* Error occurred */ +if (EVP_PKEY_verify_init(ctx) <= 0) + /* Error */ +if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) + /* Error */ +if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0) + /* Error */ + +/* Perform operation */ +ret = EVP_PKEY_verify(ctx, sig, siglen, md, mdlen); + +/* + * ret == 1 indicates success, 0 verify failure, + * and < 0 some other error. + */ +.Ed +.Sh SEE ALSO +.Xr EVP_PKEY_CTX_new 3 , +.Xr EVP_PKEY_decrypt 3 , +.Xr EVP_PKEY_derive 3 , +.Xr EVP_PKEY_encrypt 3 , +.Xr EVP_PKEY_meth_set_verify 3 , +.Xr EVP_PKEY_sign 3 , +.Xr EVP_PKEY_verify_recover 3 +.Sh HISTORY +.Fn EVP_PKEY_verify_init +and +.Fn EVP_PKEY_verify +first appeared in OpenSSL 1.0.0 and have been available since +.Ox 4.9 . diff --git a/src/lib/libcrypto/man/EVP_PKEY_verify_recover.3 b/src/lib/libcrypto/man/EVP_PKEY_verify_recover.3 new file mode 100644 index 00000000000..3a55faccd2b --- /dev/null +++ b/src/lib/libcrypto/man/EVP_PKEY_verify_recover.3 @@ -0,0 +1,189 @@ +.\" $OpenBSD: EVP_PKEY_verify_recover.3,v 1.9 2018/03/23 04:34:23 schwarze Exp $ +.\" full merge up to: OpenSSL 48e5119a Jan 19 10:49:22 2018 +0100 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2006, 2009, 2010, 2013, 2018 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt EVP_PKEY_VERIFY_RECOVER 3 +.Os +.Sh NAME +.Nm EVP_PKEY_verify_recover_init , +.Nm EVP_PKEY_verify_recover +.Nd recover signature using a public key algorithm +.Sh SYNOPSIS +.In openssl/evp.h +.Ft int +.Fo EVP_PKEY_verify_recover_init +.Fa "EVP_PKEY_CTX *ctx" +.Fc +.Ft int +.Fo EVP_PKEY_verify_recover +.Fa "EVP_PKEY_CTX *ctx" +.Fa "unsigned char *rout" +.Fa "size_t *routlen" +.Fa "const unsigned char *sig" +.Fa "size_t siglen" +.Fc +.Sh DESCRIPTION +The +.Fn EVP_PKEY_verify_recover_init +function initializes a public key algorithm context using key +.Fa ctx->pkey +for a verify recover operation. +.Pp +The +.Fn EVP_PKEY_verify_recover +function recovers signed data using +.Fa ctx . +The signature is specified using the +.Fa sig +and +.Fa siglen +parameters. +If +.Fa rout +is +.Dv NULL , +then the maximum size of the output buffer is written to the +.Fa routlen +parameter. +If +.Fa rout +is not +.Dv NULL , +then before the call the +.Fa routlen +parameter should contain the length of the +.Fa rout +buffer. +If the call is successful, recovered data is written to +.Fa rout +and the amount of data written to +.Fa routlen . +.Pp +Normally an application is only interested in whether a signature +verification operation is successful. +In those cases, the +.Xr EVP_PKEY_verify 3 +function should be used. +.Pp +Sometimes however it is useful to obtain the data originally signed +using a signing operation. +Only certain public key algorithms can recover a signature in this way +(for example RSA in PKCS padding mode). +.Pp +After the call to +.Fn EVP_PKEY_verify_recover_init , +algorithm specific control operations can be performed to set any +appropriate parameters for the operation. +.Pp +The function +.Fn EVP_PKEY_verify_recover +can be called more than once on the same context if several operations +are performed using the same parameters. +.Sh RETURN VALUES +.Fn EVP_PKEY_verify_recover_init +and +.Fn EVP_PKEY_verify_recover +return 1 for success and 0 or a negative value for failure. +In particular, a return value of -2 indicates the operation is not +supported by the public key algorithm. +.Sh EXAMPLES +Recover digest originally signed using PKCS#1 and SHA256 digest: +.Bd -literal -offset indent +#include +#include + +EVP_PKEY_CTX *ctx; +unsigned char *rout, *sig; +size_t routlen, siglen; +EVP_PKEY *verify_key; + +/* + * Assumes that verify_key, sig, and siglen are already set up + * and that verify_key is an RSA public key. + */ +ctx = EVP_PKEY_CTX_new(verify_key, NULL); +if (!ctx) + /* Error occurred */ +if (EVP_PKEY_verify_recover_init(ctx) <= 0) + /* Error */ +if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) + /* Error */ +if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0) + /* Error */ + +/* Determine buffer length */ +if (EVP_PKEY_verify_recover(ctx, NULL, &routlen, sig, siglen) <= 0) + /* Error */ + +rout = malloc(routlen); + +if (!rout) + /* malloc failure */ + +if (EVP_PKEY_verify_recover(ctx, rout, &routlen, sig, siglen) <= 0) + /* Error */ + +/* Recovered data is routlen bytes written to buffer rout */ +.Ed +.Sh SEE ALSO +.Xr EVP_PKEY_CTX_new 3 , +.Xr EVP_PKEY_decrypt 3 , +.Xr EVP_PKEY_derive 3 , +.Xr EVP_PKEY_encrypt 3 , +.Xr EVP_PKEY_meth_set_verify_recover 3 , +.Xr EVP_PKEY_sign 3 , +.Xr EVP_PKEY_verify 3 +.Sh HISTORY +.Fn EVP_PKEY_verify_recover_init +and +.Fn EVP_PKEY_verify_recover +first appeared in OpenSSL 1.0.0 and have been available since +.Ox 4.9 . diff --git a/src/lib/libcrypto/man/EVP_SealInit.3 b/src/lib/libcrypto/man/EVP_SealInit.3 new file mode 100644 index 00000000000..11db2294555 --- /dev/null +++ b/src/lib/libcrypto/man/EVP_SealInit.3 @@ -0,0 +1,189 @@ +.\" $OpenBSD: EVP_SealInit.3,v 1.7 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2000, 2002, 2003, 2005, 2015 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt EVP_SEALINIT 3 +.Os +.Sh NAME +.Nm EVP_SealInit , +.Nm EVP_SealUpdate , +.Nm EVP_SealFinal +.Nd EVP envelope encryption +.Sh SYNOPSIS +.In openssl/evp.h +.Ft int +.Fo EVP_SealInit +.Fa "EVP_CIPHER_CTX *ctx" +.Fa "const EVP_CIPHER *type" +.Fa "unsigned char **ek" +.Fa "int *ekl" +.Fa "unsigned char *iv" +.Fa "EVP_PKEY **pubk" +.Fa "int npubk" +.Fc +.Ft int +.Fo EVP_SealUpdate +.Fa "EVP_CIPHER_CTX *ctx" +.Fa "unsigned char *out" +.Fa "int *outl" +.Fa "unsigned char *in" +.Fa "int inl" +.Fc +.Ft int +.Fo EVP_SealFinal +.Fa "EVP_CIPHER_CTX *ctx" +.Fa "unsigned char *out" +.Fa "int *outl" +.Fc +.Sh DESCRIPTION +The EVP envelope routines are a high level interface to envelope +encryption. +They generate a random key and IV (if required) then "envelope" it by +using public key encryption. +Data can then be encrypted using this key. +.Pp +.Fn EVP_SealInit +initializes a cipher context +.Fa ctx +for encryption with cipher +.Fa type +using a random secret key and IV. +.Fa type +is normally supplied by a function such as +.Xr EVP_aes_256_cbc 3 ; +see +.Xr EVP_EncryptInit 3 +for details. +The secret key is encrypted using one or more public keys. +This allows the same encrypted data to be decrypted using any of +the corresponding private keys. +.Fa ek +is an array of buffers where the public key encrypted secret key will be +written. +Each buffer must contain enough room for the corresponding encrypted +key: that is +.Fa ek[i] +must have room for +.Fn EVP_PKEY_size pubk[i] +bytes. +The actual size of each encrypted secret key is written to the array +.Fa ekl . +.Fa pubk +is an array of +.Fa npubk +public keys. +.Pp +The +.Fa iv +parameter is a buffer where the generated IV is written to. +It must contain enough room for the corresponding cipher's IV, as +determined by (for example) +.Fn EVP_CIPHER_iv_length type . +.Pp +If the cipher does not require an IV then the +.Fa iv +parameter is ignored and can be +.Dv NULL . +.Pp +.Fn EVP_SealUpdate +and +.Fn EVP_SealFinal +have exactly the same properties as the +.Xr EVP_EncryptUpdate 3 +and +.Xr EVP_EncryptFinal 3 +routines. +.Pp +The public key must be RSA because it is the only OpenSSL public key +algorithm that supports key transport. +.Pp +Envelope encryption is the usual method of using public key encryption +on large amounts of data. +This is because public key encryption is slow but symmetric encryption +is fast. +So symmetric encryption is used for bulk encryption and the small random +symmetric key used is transferred using public key encryption. +.Pp +It is possible to call +.Fn EVP_SealInit +twice in the same way as +.Xr EVP_EncryptInit 3 . +The first call should have +.Fa npubk +set to 0 and (after setting any cipher parameters) it should be called +again with +.Fa type +set to NULL. +.Sh RETURN VALUES +.Fn EVP_SealInit +returns 0 on error or +.Fa npubk +if successful. +.Pp +.Fn EVP_SealUpdate +and +.Fn EVP_SealFinal +return 1 for success and 0 for failure. +.Sh SEE ALSO +.Xr evp 3 , +.Xr EVP_EncryptInit 3 , +.Xr EVP_OpenInit 3 , +.Xr RAND_bytes 3 +.Sh HISTORY +.Fn EVP_SealInit , +.Fn EVP_SealUpdate , +and +.Fn EVP_SealFinal +first appeared in SSLeay 0.5.1 and have been available since +.Ox 2.4 . +.Pp +.Fn EVP_SealFinal +did not return a value before OpenSSL 0.9.7. diff --git a/src/lib/libcrypto/man/EVP_SignInit.3 b/src/lib/libcrypto/man/EVP_SignInit.3 new file mode 100644 index 00000000000..d9e62972a68 --- /dev/null +++ b/src/lib/libcrypto/man/EVP_SignInit.3 @@ -0,0 +1,230 @@ +.\" $OpenBSD: EVP_SignInit.3,v 1.12 2018/12/23 08:35:14 tb Exp $ +.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" selective merge up to: OpenSSL 79b49fb0 Mar 20 10:03:10 2018 +1000 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2000-2002, 2005, 2006, 2014-2016 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: December 23 2018 $ +.Dt EVP_SIGNINIT 3 +.Os +.Sh NAME +.Nm EVP_SignInit_ex , +.Nm EVP_SignUpdate , +.Nm EVP_SignFinal , +.Nm EVP_SignInit , +.Nm EVP_PKEY_size , +.Nm EVP_PKEY_bits +.Nd EVP signing functions +.Sh SYNOPSIS +.In openssl/evp.h +.Ft int +.Fo EVP_SignInit_ex +.Fa "EVP_MD_CTX *ctx" +.Fa "const EVP_MD *type" +.Fa "ENGINE *impl" +.Fc +.Ft int +.Fo EVP_SignUpdate +.Fa "EVP_MD_CTX *ctx" +.Fa "const void *d" +.Fa "unsigned int cnt" +.Fc +.Ft int +.Fo EVP_SignFinal +.Fa "EVP_MD_CTX *ctx" +.Fa "unsigned char *sig" +.Fa "unsigned int *s" +.Fa "EVP_PKEY *pkey" +.Fc +.Ft void +.Fo EVP_SignInit +.Fa "EVP_MD_CTX *ctx" +.Fa "const EVP_MD *type" +.Fc +.Ft int +.Fo EVP_PKEY_size +.Fa "const EVP_PKEY *pkey" +.Fc +.Ft int +.Fo EVP_PKEY_bits +.Fa "const EVP_PKEY *pkey" +.Fc +.Sh DESCRIPTION +The EVP signature routines are a high level interface to digital +signatures. +.Pp +.Fn EVP_SignInit_ex +sets up a signing context +.Fa ctx +to use the digest +.Fa type +from +.Vt ENGINE +.Fa impl . +.Fa ctx +must be initialized with +.Xr EVP_MD_CTX_init 3 +before calling this function. +.Pp +.Fn EVP_SignUpdate +hashes +.Fa cnt +bytes of data at +.Fa d +into the signature context +.Fa ctx . +This function can be called several times on the same +.Fa ctx +to include additional data. +.Pp +.Fn EVP_SignFinal +signs the data in +.Fa ctx +using the private key +.Fa pkey +and places the signature in +.Fa sig . +.Fa sig +must be at least +.Fn EVP_PKEY_size pkey +bytes in size. +.Fa s +is an OUT parameter, and not used as an IN parameter. +The number of bytes of data written (i.e.\& +the length of the signature) will be written to the integer at +.Fa s . +At most +.Fn EVP_PKEY_size pkey +bytes will be written. +.Pp +.Fn EVP_SignInit +initializes a signing context +.Fa ctx +to use the default implementation of digest +.Fa type . +.Pp +.Fn EVP_PKEY_size +returns the maximum size of a signature in bytes. +The actual signature returned by +.Fn EVP_SignFinal +may be smaller. +.Pp +The EVP interface to digital signatures should almost always be +used in preference to the low level interfaces. +This is because the code then becomes transparent to the algorithm used +and much more flexible. +.Pp +The call to +.Fn EVP_SignFinal +internally finalizes a copy of the digest context. +This means that calls to +.Fn EVP_SignUpdate +and +.Fn EVP_SignFinal +can be called later to digest and sign additional data. +.Pp +Since only a copy of the digest context is ever finalized, the context +must be cleaned up after use by calling +.Xr EVP_MD_CTX_free 3 +or a memory leak will occur. +.Sh RETURN VALUES +.Fn EVP_SignInit_ex , +.Fn EVP_SignUpdate , +and +.Fn EVP_SignFinal +return 1 for success and 0 for failure. +.Pp +.Fn EVP_PKEY_size +returns the maximum size of a signature in bytes. +.Pp +.Fn EVP_PKEY_bits +returns the number of significant bits in the key +or 0 if an error occurs. +.Pp +The error codes can be obtained by +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr ERR 3 , +.Xr evp 3 , +.Xr EVP_DigestInit 3 , +.Xr EVP_PKEY_asn1_set_public 3 , +.Xr EVP_VerifyInit 3 +.Sh HISTORY +.Fn EVP_SignInit , +.Fn EVP_SignUpdate , +and +.Fn EVP_SignFinal +first appeared in SSLeay 0.5.1. +.Fn EVP_PKEY_size +first appeared in SSLeay 0.6.0. +.Fn EVP_PKEY_bits +first appeared in SSLeay 0.9.0. +These functions have been available since +.Ox 2.4 . +.Pp +.Fn EVP_SignInit_ex +first appeared in OpenSSL 0.9.7 and has been available since +.Ox 3.2 . +.Sh BUGS +Older versions of this documentation wrongly stated that calls to +.Fn EVP_SignUpdate +could not be made after calling +.Fn EVP_SignFinal . +.Pp +Since the private key is passed in the call to +.Fn EVP_SignFinal +any error relating to the private key (for example an unsuitable key and +digest combination) will not be indicated until after potentially large +amounts of data have been passed through +.Fn EVP_SignUpdate . +.Pp +It is not possible to change the signing parameters using these +function. +.Pp +The previous two bugs are fixed in the newer EVP_SignDigest* function. diff --git a/src/lib/libcrypto/man/EVP_VerifyInit.3 b/src/lib/libcrypto/man/EVP_VerifyInit.3 new file mode 100644 index 00000000000..899bbc04096 --- /dev/null +++ b/src/lib/libcrypto/man/EVP_VerifyInit.3 @@ -0,0 +1,196 @@ +.\" $OpenBSD: EVP_VerifyInit.3,v 1.9 2018/12/23 08:35:14 tb Exp $ +.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" selective merge up to: OpenSSL 79b49fb0 Mar 20 10:03:10 2018 +1000 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2000, 2001, 2006, 2016 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: December 23 2018 $ +.Dt EVP_VERIFYINIT 3 +.Os +.Sh NAME +.Nm EVP_VerifyInit_ex , +.Nm EVP_VerifyUpdate , +.Nm EVP_VerifyFinal , +.Nm EVP_VerifyInit +.Nd EVP signature verification functions +.Sh SYNOPSIS +.In openssl/evp.h +.Ft int +.Fo EVP_VerifyInit_ex +.Fa "EVP_MD_CTX *ctx" +.Fa "const EVP_MD *type" +.Fa "ENGINE *impl" +.Fc +.Ft int +.Fo EVP_VerifyUpdate +.Fa "EVP_MD_CTX *ctx" +.Fa "const void *d" +.Fa "unsigned int cnt" +.Fc +.Ft int +.Fo EVP_VerifyFinal +.Fa "EVP_MD_CTX *ctx" +.Fa "unsigned char *sigbuf" +.Fa "unsigned int siglen" +.Fa "EVP_PKEY *pkey" +.Fc +.Ft int +.Fo EVP_VerifyInit +.Fa "EVP_MD_CTX *ctx" +.Fa "const EVP_MD *type" +.Fc +.Sh DESCRIPTION +The EVP signature verification routines are a high level interface to +digital signatures. +.Pp +.Fn EVP_VerifyInit_ex +sets up a verification context +.Fa ctx +to use the digest +.Fa type +from +.Vt ENGINE +.Fa impl . +.Fa ctx +must be initialized by calling +.Xr EVP_MD_CTX_init 3 +before calling this function. +.Pp +.Fn EVP_VerifyUpdate +hashes +.Fa cnt +bytes of data at +.Fa d +into the verification context +.Fa ctx . +This function can be called several times on the same +.Fa ctx +to include additional data. +.Pp +.Fn EVP_VerifyFinal +verifies the data in +.Fa ctx +using the public key +.Fa pkey +and against the +.Fa siglen +bytes at +.Fa sigbuf . +.Pp +.Fn EVP_VerifyInit +initializes a verification context +.Fa ctx +to use the default implementation of digest +.Fa type . +.Pp +The EVP interface to digital signatures should almost always be +used in preference to the low level interfaces. +This is because the code then becomes transparent to the algorithm used +and much more flexible. +.Pp +The call to +.Fn EVP_VerifyFinal +internally finalizes a copy of the digest context. +This means that calls to +.Fn EVP_VerifyUpdate +and +.Fn EVP_VerifyFinal +can be called later to digest and verify additional data. +.Pp +Since only a copy of the digest context is ever finalized, the context +must be cleaned up after use by calling +.Xr EVP_MD_CTX_free 3 , +or a memory leak will occur. +.Sh RETURN VALUES +.Fn EVP_VerifyInit_ex +and +.Fn EVP_VerifyUpdate +return 1 for success and 0 for failure. +.Pp +.Fn EVP_VerifyFinal +returns 1 for a correct signature, 0 for failure, and -1 if some other +error occurred. +.Pp +The error codes can be obtained by +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr ERR 3 , +.Xr evp 3 , +.Xr EVP_DigestInit 3 , +.Xr EVP_SignInit 3 +.Sh HISTORY +.Fn EVP_VerifyInit , +.Fn EVP_VerifyUpdate , +and +.Fn EVP_VerifyFinal +first appeared in SSLeay 0.5.1 and have been available since +.Ox 2.4 . +.Pp +.Fn EVP_VerifyInit_ex +first appeared in OpenSSL 0.9.7 and has been available since +.Ox 3.2 . +.Sh BUGS +Older versions of this documentation wrongly stated that calls to +.Fn EVP_VerifyUpdate +could not be made after calling +.Fn EVP_VerifyFinal . +.Pp +Since the public key is passed in the call to +.Xr EVP_SignFinal 3 , +any error relating to the private key (for example an unsuitable key and +digest combination) will not be indicated until after potentially large +amounts of data have been passed through +.Xr EVP_SignUpdate 3 . +.Pp +It is not possible to change the signing parameters using these +functions. +.Pp +The previous two bugs are fixed in the newer functions of the +.Xr EVP_DigestVerifyInit 3 +family. diff --git a/src/lib/libcrypto/man/EVP_aes_128_cbc.3 b/src/lib/libcrypto/man/EVP_aes_128_cbc.3 new file mode 100644 index 00000000000..be8e5ff75bf --- /dev/null +++ b/src/lib/libcrypto/man/EVP_aes_128_cbc.3 @@ -0,0 +1,336 @@ +.\" $OpenBSD: EVP_aes_128_cbc.3,v 1.2 2019/03/19 19:50:03 schwarze Exp $ +.\" selective merge up to: OpenSSL 7c6d372a Nov 20 13:20:01 2018 +0000 +.\" +.\" This file was written by Ronald Tse +.\" Copyright (c) 2017 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 19 2019 $ +.Dt EVP_AES_128_CBC 3 +.Os +.Sh NAME +.Nm EVP_aes_128_cbc , +.Nm EVP_aes_192_cbc , +.Nm EVP_aes_256_cbc , +.Nm EVP_aes_128_cfb1 , +.Nm EVP_aes_192_cfb1 , +.Nm EVP_aes_256_cfb1 , +.Nm EVP_aes_128_cfb8 , +.Nm EVP_aes_192_cfb8 , +.Nm EVP_aes_256_cfb8 , +.Nm EVP_aes_128_cfb128 , +.Nm EVP_aes_192_cfb128 , +.Nm EVP_aes_256_cfb128 , +.Nm EVP_aes_128_cfb , +.Nm EVP_aes_192_cfb , +.Nm EVP_aes_256_cfb , +.Nm EVP_aes_128_ctr , +.Nm EVP_aes_192_ctr , +.Nm EVP_aes_256_ctr , +.Nm EVP_aes_128_ecb , +.Nm EVP_aes_192_ecb , +.Nm EVP_aes_256_ecb , +.Nm EVP_aes_128_ofb , +.Nm EVP_aes_192_ofb , +.Nm EVP_aes_256_ofb , +.Nm EVP_aes_128_cbc_hmac_sha1 , +.Nm EVP_aes_256_cbc_hmac_sha1 , +.Nm EVP_aes_128_ccm , +.Nm EVP_aes_192_ccm , +.Nm EVP_aes_256_ccm , +.Nm EVP_aes_128_gcm , +.Nm EVP_aes_192_gcm , +.Nm EVP_aes_256_gcm , +.Nm EVP_aes_128_wrap , +.Nm EVP_aes_192_wrap , +.Nm EVP_aes_256_wrap , +.Nm EVP_aes_128_xts , +.Nm EVP_aes_256_xts +.Nd EVP AES cipher +.Sh SYNOPSIS +.In openssl/evp.h +.Ft const EVP_CIPHER * +.Fn EVP_aes_128_cbc void +.Ft const EVP_CIPHER * +.Fn EVP_aes_192_cbc void +.Ft const EVP_CIPHER * +.Fn EVP_aes_256_cbc void +.Ft const EVP_CIPHER * +.Fn EVP_aes_128_cfb1 void +.Ft const EVP_CIPHER * +.Fn EVP_aes_192_cfb1 void +.Ft const EVP_CIPHER * +.Fn EVP_aes_256_cfb1 void +.Ft const EVP_CIPHER * +.Fn EVP_aes_128_cfb8 void +.Ft const EVP_CIPHER * +.Fn EVP_aes_192_cfb8 void +.Ft const EVP_CIPHER * +.Fn EVP_aes_256_cfb8 void +.Ft const EVP_CIPHER * +.Fn EVP_aes_128_cfb128 void +.Ft const EVP_CIPHER * +.Fn EVP_aes_192_cfb128 void +.Ft const EVP_CIPHER * +.Fn EVP_aes_256_cfb128 void +.Ft const EVP_CIPHER * +.Fn EVP_aes_128_cfb void +.Ft const EVP_CIPHER * +.Fn EVP_aes_192_cfb void +.Ft const EVP_CIPHER * +.Fn EVP_aes_256_cfb void +.Ft const EVP_CIPHER * +.Fn EVP_aes_128_ctr void +.Ft const EVP_CIPHER * +.Fn EVP_aes_192_ctr void +.Ft const EVP_CIPHER * +.Fn EVP_aes_256_ctr void +.Ft const EVP_CIPHER * +.Fn EVP_aes_128_ecb void +.Ft const EVP_CIPHER * +.Fn EVP_aes_192_ecb void +.Ft const EVP_CIPHER * +.Fn EVP_aes_256_ecb void +.Ft const EVP_CIPHER * +.Fn EVP_aes_128_ofb void +.Ft const EVP_CIPHER * +.Fn EVP_aes_192_ofb void +.Ft const EVP_CIPHER * +.Fn EVP_aes_256_ofb void +.Ft const EVP_CIPHER * +.Fn EVP_aes_128_cbc_hmac_sha1 void +.Ft const EVP_CIPHER * +.Fn EVP_aes_256_cbc_hmac_sha1 void +.Ft const EVP_CIPHER * +.Fn EVP_aes_128_ccm void +.Ft const EVP_CIPHER * +.Fn EVP_aes_192_ccm void +.Ft const EVP_CIPHER * +.Fn EVP_aes_256_ccm void +.Ft const EVP_CIPHER * +.Fn EVP_aes_128_gcm void +.Ft const EVP_CIPHER * +.Fn EVP_aes_192_gcm void +.Ft const EVP_CIPHER * +.Fn EVP_aes_256_gcm void +.Ft const EVP_CIPHER * +.Fn EVP_aes_128_wrap void +.Ft const EVP_CIPHER * +.Fn EVP_aes_192_wrap void +.Ft const EVP_CIPHER * +.Fn EVP_aes_256_wrap void +.Ft const EVP_CIPHER * +.Fn EVP_aes_128_xts void +.Ft const EVP_CIPHER * +.Fn EVP_aes_256_xts void +.Sh DESCRIPTION +These functions provide the AES encryption algorithm in the +.Xr evp 3 +framework. +.Pp +.Fn EVP_aes_128_cbc , +.Fn EVP_aes_192_cbc , +.Fn EVP_aes_256_cbc , +.Fn EVP_aes_128_cfb1 , +.Fn EVP_aes_192_cfb1 , +.Fn EVP_aes_256_cfb1 , +.Fn EVP_aes_128_cfb8 , +.Fn EVP_aes_192_cfb8 , +.Fn EVP_aes_256_cfb8 , +.Fn EVP_aes_128_cfb128 , +.Fn EVP_aes_192_cfb128 , +.Fn EVP_aes_256_cfb128 , +.Fn EVP_aes_128_ctr , +.Fn EVP_aes_192_ctr , +.Fn EVP_aes_256_ctr , +.Fn EVP_aes_128_ecb , +.Fn EVP_aes_192_ecb , +.Fn EVP_aes_256_ecb , +.Fn EVP_aes_128_ofb , +.Fn EVP_aes_192_ofb , +and +.Fn EVP_aes_256_ofb +provide AES for 128, 192, and 256 bit keys in the following modes: +CBC, CFB with 1-bit shift, CFB with 8-bit shift, CFB with 128-bit shift, +CTR, ECB, and OFB. +.Pp +.Fn EVP_aes_128_cfb , +.Fn EVP_aes_192_cfb , +and +.Fn EVP_aes_256_cfb +are aliases for +.Fn EVP_aes_128_cfb128 , +.Fn EVP_aes_192_cfb128 , +and +.Fn EVP_aes_256_cfb128 . +.Pp +.Fn EVP_aes_128_cbc_hmac_sha1 +and +.Fn EVP_aes_256_cbc_hmac_sha1 +provide authenticated encryption with AES in CBC mode using SHA-1 as HMAC, +with keys of 128 and 256 bits length respectively. +The authentication tag is 160 bits long. +This is not intended for usage outside of TLS and requires +calling of some undocumented control functions. +These ciphers do not conform to the EVP AEAD interface. +.Pp +.Fn EVP_aes_128_ccm , +.Fn EVP_aes_192_ccm , +.Fn EVP_aes_256_ccm , +.Fn EVP_aes_128_gcm , +.Fn EVP_aes_192_gcm , +and +.Fn EVP_aes_256_gcm +provide AES for 128, 192 and 256 bit keys in CBC-MAC Mode (CCM) +and Galois Counter Mode (GCM), respectively. +These ciphers require additional control operations to function +correctly; see +.Xr EVP_EncryptInit 3 +for details. +.Pp +.Fn EVP_aes_128_wrap , +.Fn EVP_aes_192_wrap , +and +.Fn EVP_aes_256_wrap +provide AES key wrap with 128, 192 and 256 bit keys +according to RFC 3394 section 2.2.1 ("wrap"). +When the returned +.Vt EVP_CIPHER +object is later passed to +.Xr EVP_CipherInit_ex 3 , +.Xr EVP_EncryptInit_ex 3 , +or +.Xr EVP_DecryptInit_ex 3 +together with an +.Vt EVP_CIPHER_CTX +object, the flag +.Dv EVP_CIPHER_CTX_FLAG_WRAP_ALLOW +must have been set in the +.Vt EVP_CIPHER_CTX +using +.Xr EVP_CIPHER_CTX_set_flags 3 . +Otherwise, or when passing the returned +.Vt EVP_CIPHER +object to +.Xr EVP_CipherInit 3 , +.Xr EVP_EncryptInit 3 , +or +.Xr EVP_DecryptInit 3 , +initialization fails with a +.Dq wrap not allowed +error. +.Pp +.Fn EVP_aes_128_xts +and +.Fn EVP_aes_256_xts +provide XEX-based tweaked-codebook mode with ciphertext stealing (XTS-AES) +as specified in IEEE Std. 1619-2007 and described in NIST SP 800-38E. +It was designed for encrypting data on a storage device, +provides confidentiality but not authentication of data, +and requires a key of double length for protection of a certain key size. +In particular, XTS-AES-128 takes input of a 256-bit key to achieve +AES 128-bit security, and XTS-AES-256 takes input of a 512-bit key +to achieve AES 256-bit security. +.Sh RETURN VALUES +These functions return an +.Vt EVP_CIPHER +structure that provides the implementation of the symmetric cipher. +.Sh SEE ALSO +.Xr evp 3 , +.Xr EVP_EncryptInit 3 +.Sh HISTORY +.Fn EVP_aes_128_cbc , +.Fn EVP_aes_192_cbc , +.Fn EVP_aes_256_cbc , +.Fn EVP_aes_128_cfb , +.Fn EVP_aes_192_cfb , +.Fn EVP_aes_256_cfb , +.Fn EVP_aes_128_ebc , +.Fn EVP_aes_192_ebc , +.Fn EVP_aes_256_ebc , +.Fn EVP_aes_128_ofb , +.Fn EVP_aes_192_ofb , +and +.Fn EVP_aes_256_ofb +first appeared in OpenSSL 0.9.7 and have been available since +.Ox 3.2 . +.Pp +.Fn EVP_aes_128_cfb1 , +.Fn EVP_aes_192_cfb1 , +.Fn EVP_aes_256_cfb1 , +.Fn EVP_aes_128_cfb8 , +.Fn EVP_aes_192_cfb8 , +.Fn EVP_aes_256_cfb8 , +.Fn EVP_aes_128_cfb128 , +.Fn EVP_aes_192_cfb128 , +and +.Fn EVP_aes_256_cfb128 +first appeared in OpenSSL 0.9.7e and have been available since +.Ox 3.8 . +.Pp +.Fn EVP_aes_128_ctr , +.Fn EVP_aes_192_ctr , +.Fn EVP_aes_256_ctr , +.Fn EVP_aes_128_cbc_hmac_sha1 , +.Fn EVP_aes_256_cbc_hmac_sha1 , +.Fn EVP_aes_128_ccm , +.Fn EVP_aes_192_ccm , +.Fn EVP_aes_256_ccm , +.Fn EVP_aes_128_gcm , +.Fn EVP_aes_192_gcm , +.Fn EVP_aes_256_gcm , +.Fn EVP_aes_128_xts , +and +.Fn EVP_aes_256_xts +first appeared in OpenSSL 1.0.1 and have been available since +.Ox 5.3 . +.Pp +.Fn EVP_aes_128_wrap , +.Fn EVP_aes_192_wrap , +and +.Fn EVP_aes_256_wrap +first appeared in OpenSSL 1.0.2 and have been available since +.Ox 6.5 . diff --git a/src/lib/libcrypto/man/EVP_camellia_128_cbc.3 b/src/lib/libcrypto/man/EVP_camellia_128_cbc.3 new file mode 100644 index 00000000000..dd7f15d86c5 --- /dev/null +++ b/src/lib/libcrypto/man/EVP_camellia_128_cbc.3 @@ -0,0 +1,149 @@ +.\" $OpenBSD: EVP_camellia_128_cbc.3,v 1.1 2019/03/21 14:15:13 schwarze Exp $ +.\" selective merge up to: OpenSSL 7c6d372a Nov 20 13:20:01 2018 +0000 +.\" +.\" This file was written by Ronald Tse +.\" Copyright (c) 2017 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 21 2019 $ +.Dt EVP_CAMELLIA_128_CBC 3 +.Os +.Sh NAME +.Nm EVP_camellia_128_cbc , +.Nm EVP_camellia_192_cbc , +.Nm EVP_camellia_256_cbc , +.Nm EVP_camellia_128_cfb , +.Nm EVP_camellia_192_cfb , +.Nm EVP_camellia_256_cfb , +.Nm EVP_camellia_128_cfb1 , +.Nm EVP_camellia_192_cfb1 , +.Nm EVP_camellia_256_cfb1 , +.Nm EVP_camellia_128_cfb8 , +.Nm EVP_camellia_192_cfb8 , +.Nm EVP_camellia_256_cfb8 , +.Nm EVP_camellia_128_cfb128 , +.Nm EVP_camellia_192_cfb128 , +.Nm EVP_camellia_256_cfb128 , +.Nm EVP_camellia_128_ecb , +.Nm EVP_camellia_192_ecb , +.Nm EVP_camellia_256_ecb , +.Nm EVP_camellia_128_ofb , +.Nm EVP_camellia_192_ofb , +.Nm EVP_camellia_256_ofb +.Nd EVP Camellia cipher +.Sh SYNOPSIS +.In openssl/evp.h +.Ft const EVP_CIPHER * +.Fn EVP_camellia_128_cbc void +.Ft const EVP_CIPHER * +.Fn EVP_camellia_192_cbc void +.Ft const EVP_CIPHER * +.Fn EVP_camellia_256_cbc void +.Ft const EVP_CIPHER * +.Fn EVP_camellia_128_cfb void +.Ft const EVP_CIPHER * +.Fn EVP_camellia_192_cfb void +.Ft const EVP_CIPHER * +.Fn EVP_camellia_256_cfb void +.Ft const EVP_CIPHER * +.Fn EVP_camellia_128_cfb1 void +.Ft const EVP_CIPHER * +.Fn EVP_camellia_192_cfb1 void +.Ft const EVP_CIPHER * +.Fn EVP_camellia_256_cfb1 void +.Ft const EVP_CIPHER * +.Fn EVP_camellia_128_cfb8 void +.Ft const EVP_CIPHER * +.Fn EVP_camellia_192_cfb8 void +.Ft const EVP_CIPHER * +.Fn EVP_camellia_256_cfb8 void +.Ft const EVP_CIPHER * +.Fn EVP_camellia_128_cfb128 void +.Ft const EVP_CIPHER * +.Fn EVP_camellia_192_cfb128 void +.Ft const EVP_CIPHER * +.Fn EVP_camellia_256_cfb128 void +.Ft const EVP_CIPHER * +.Fn EVP_camellia_128_ecb void +.Ft const EVP_CIPHER * +.Fn EVP_camellia_192_ecb void +.Ft const EVP_CIPHER * +.Fn EVP_camellia_256_ecb void +.Ft const EVP_CIPHER * +.Fn EVP_camellia_128_ofb void +.Ft const EVP_CIPHER * +.Fn EVP_camellia_192_ofb void +.Ft const EVP_CIPHER * +.Fn EVP_camellia_256_ofb void +.Sh DESCRIPTION +These functions provide the Camellia encryption algorithm in the +.Xr evp 3 +framework. +They use 128, 192, and 256 bit keys in the following modes, respectively: +CBC, CFB with 1-bit shift, CFB with 8-bit shift, CFB with 128-bit shift, +ECB, and OFB. +.Pp +.Fn EVP_camellia_128_cfb , +.Fn EVP_camellia_192_cfb , +and +.Fn EVP_camellia_256_cfb +are aliases for +.Fn EVP_camellia_128_cfb128 , +.Fn EVP_camellia_192_cfb128 , +and +.Fn EVP_camellia_256_cfb128 , +implemented as macros. +.Sh RETURN VALUES +These functions return an +.Vt EVP_CIPHER +structure that provides the implementation of the symmetric cipher. +.Sh SEE ALSO +.Xr evp 3 , +.Xr EVP_EncryptInit 3 +.Sh HISTORY +These functions first appeared in OpenSSL 0.9.8c +and have been available since +.Ox 4.5 . diff --git a/src/lib/libcrypto/man/EVP_des_cbc.3 b/src/lib/libcrypto/man/EVP_des_cbc.3 new file mode 100644 index 00000000000..759e03fac0b --- /dev/null +++ b/src/lib/libcrypto/man/EVP_des_cbc.3 @@ -0,0 +1,221 @@ +.\" $OpenBSD: EVP_des_cbc.3,v 1.1 2019/03/21 12:54:37 schwarze Exp $ +.\" full merge up to: +.\" OpenSSL EVP_desx_cbc.pod 8fa4d95e Oct 21 11:59:09 2017 +0900 +.\" selective merge up to: +.\" OpenSSL EVP_des.pod 7c6d372a Nov 20 13:20:01 2018 +0000 +.\" +.\" This file was written by Ronald Tse +.\" Copyright (c) 2017 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 21 2019 $ +.Dt EVP_DES_CBC 3 +.Os +.Sh NAME +.Nm EVP_des_cbc , +.Nm EVP_des_cfb , +.Nm EVP_des_cfb1 , +.Nm EVP_des_cfb8 , +.Nm EVP_des_cfb64 , +.Nm EVP_des_ecb , +.Nm EVP_des_ofb , +.Nm EVP_des_ede , +.Nm EVP_des_ede_cbc , +.Nm EVP_des_ede_cfb , +.Nm EVP_des_ede_cfb64 , +.Nm EVP_des_ede_ecb , +.Nm EVP_des_ede_ofb , +.Nm EVP_des_ede3 , +.Nm EVP_des_ede3_cbc , +.Nm EVP_des_ede3_cfb , +.Nm EVP_des_ede3_cfb1 , +.Nm EVP_des_ede3_cfb8 , +.Nm EVP_des_ede3_cfb64 , +.Nm EVP_des_ede3_ecb , +.Nm EVP_des_ede3_ofb , +.Nm EVP_desx_cbc +.Nd EVP DES cipher +.Sh SYNOPSIS +.In openssl/evp.h +.Ft const EVP_CIPHER * +.Fn EVP_des_cbc void +.Ft const EVP_CIPHER * +.Fn EVP_des_cfb void +.Ft const EVP_CIPHER * +.Fn EVP_des_cfb1 void +.Ft const EVP_CIPHER * +.Fn EVP_des_cfb8 void +.Ft const EVP_CIPHER * +.Fn EVP_des_cfb64 void +.Ft const EVP_CIPHER * +.Fn EVP_des_ecb void +.Ft const EVP_CIPHER * +.Fn EVP_des_ofb void +.Ft const EVP_CIPHER * +.Fn EVP_des_ede void +.Ft const EVP_CIPHER * +.Fn EVP_des_ede_cbc void +.Ft const EVP_CIPHER * +.Fn EVP_des_ede_cfb void +.Ft const EVP_CIPHER * +.Fn EVP_des_ede_cfb64 void +.Ft const EVP_CIPHER * +.Fn EVP_des_ede_ecb void +.Ft const EVP_CIPHER * +.Fn EVP_des_ede_ofb void +.Ft const EVP_CIPHER * +.Fn EVP_des_ede3 void +.Ft const EVP_CIPHER * +.Fn EVP_des_ede3_cbc void +.Ft const EVP_CIPHER * +.Fn EVP_des_ede3_cfb void +.Ft const EVP_CIPHER * +.Fn EVP_des_ede3_cfb1 void +.Ft const EVP_CIPHER * +.Fn EVP_des_ede3_cfb8 void +.Ft const EVP_CIPHER * +.Fn EVP_des_ede3_cfb64 void +.Ft const EVP_CIPHER * +.Fn EVP_des_ede3_ecb void +.Ft const EVP_CIPHER * +.Fn EVP_des_ede3_ofb void +.Ft const EVP_CIPHER * +.Fn EVP_desx_cbc void +.Sh DESCRIPTION +These functions provide the DES encryption algorithm in the +.Xr evp 3 +framework. +.Pp +.Fn EVP_des_cbc , +.Fn EVP_des_cfb1 , +.Fn EVP_des_cfb8 , +.Fn EVP_des_cfb64 , +.Fn EVP_des_ecb , +and +.Fn EVP_des_ofb +provide DES in CBC, CFB with 1-bit shift, CFB with 8-bit shift, +CFB with 64-bit shift, ECB, and OFB modes. +.Fn EVP_des_cfb +is an alias for +.Fn EVP_des_cfb64 , +implemented as a macro. +.Pp +.Fn EVP_des_ede_cbc , +.Fn EVP_des_ede_cfb64 , +.Fn EVP_des_ede_ecb , +and +.Fn EVP_des_ede_ofb +provide two key triple DES in CBC, CFB with 64-bit shift, ECB, and OFB modes. +.Fn EVP_des_ede_cfb +is an alias for +.Fn EVP_des_ede_cfb64 , +implemented as a macro. +.Fn EVP_des_ede +is an alias for +.Fn EVP_des_ede_ecb . +.Pp +.Fn EVP_des_ede3_cbc , +.Fn EVP_des_ede3_cfb1 , +.Fn EVP_des_ede3_cfb8 , +.Fn EVP_des_ede3_cfb64 , +.Fn EVP_des_ede3_ecb , +.Fn EVP_des_ede3_ofb +provide three key triple DES in CBC, CFB with 1-bit shift, CFB with 8-bit +shift, CFB with 64-bit shift, ECB, and OFB modes. +.Fn EVP_des_ede3_cfb +is an alias for +.Fn EVP_des_ede3_cfb64 , +implemented as a macro. +.Fn EVP_des_ede3 +is an alias for +.Fn EVP_des_ede3_ecb . +.Pp +.Fn EVP_desx_cbc +provides the DES-X encryption algorithm in CBC mode. +It uses a key length of 128 bits and acts on blocks of 128 bits. +.Sh RETURN VALUES +These functions return an +.Vt EVP_CIPHER +structure that provides the implementation of the symmetric cipher. +.Sh SEE ALSO +.Xr evp 3 , +.Xr EVP_EncryptInit 3 +.Sh HISTORY +.Fn EVP_des_cbc , +.Fn EVP_des_cfb , +.Fn EVP_des_ecb , +.Fn EVP_des_ofb , +.Fn EVP_des_ede , +.Fn EVP_des_ede_cbc , +.Fn EVP_des_ede_cfb , +.Fn EVP_des_ede_ofb , +.Fn EVP_des_ede3 , +.Fn EVP_des_ede3_cbc , +.Fn EVP_des_ede3_cfb , +and +.Fn EVP_des_ede3_ofb +first appeared in SSLeay 0.5.1. +.Fn EVP_desx_cbc +first appeared in SSLeay 0.6.2. +These functions have been available since +.Ox 2.4 . +.Pp +.Fn EVP_des_ede_ecb +and +.Fn EVP_des_ede3_ecb +first appeared in OpenSSL 0.9.7 and have been available since +.Ox 3.2 . +.Pp +.Fn EVP_des_cfb1 , +.Fn EVP_des_cfb8 , +.Fn EVP_des_cfb64 , +.Fn EVP_des_ede_cfb64 , +.Fn EVP_des_ede3_cfb1 , +.Fn EVP_des_ede3_cfb8 , +and +.Fn EVP_des_ede3_cfb64 +first appeared in OpenSSL 0.9.7e and have been available since +.Ox 3.8 . diff --git a/src/lib/libcrypto/man/EVP_rc4.3 b/src/lib/libcrypto/man/EVP_rc4.3 new file mode 100644 index 00000000000..fda041113c3 --- /dev/null +++ b/src/lib/libcrypto/man/EVP_rc4.3 @@ -0,0 +1,109 @@ +.\" $OpenBSD: EVP_rc4.3,v 1.1 2019/03/21 13:37:25 schwarze Exp $ +.\" full merge up to: OpenSSL 8fa4d95e Oct 21 11:59:09 2017 +0900 +.\" +.\" This file was written by Ronald Tse +.\" Copyright (c) 2017 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 21 2019 $ +.Dt EVP_RC4 3 +.Os +.Sh NAME +.Nm EVP_rc4 , +.Nm EVP_rc4_40 , +.Nm EVP_rc4_hmac_md5 +.Nd EVP RC4 stream cipher +.Sh SYNOPSIS +.In openssl/evp.h +.Ft const EVP_CIPHER * +.Fn EVP_rc4 void +.Ft const EVP_CIPHER * +.Fn EVP_rc4_40 void +.Ft const EVP_CIPHER * +.Fn EVP_rc4_hmac_md5 void +.Sh DESCRIPTION +These functions provide the RC4 stream cipher in the +.Xr evp 3 +framework. +It is a variable key length cipher. +.Pp +.Fn EVP_rc4 +uses a default key length of 128 bits. +.Pp +.Fn EVP_rc4_40 +uses a key length of 40 bits instead. +This function is deprecated. +Use +.Fn EVP_rc4 +and +.Xr EVP_CIPHER_CTX_set_key_length 3 +instead. +.Pp +.Fn EVP_rc4_hmac_md5 +provides authenticated encryption with the RC4 stream cipher +with MD5 as HMAC. +This function is not intended for usage outside of TLS +and requires calling of some undocumented control functions. +It does not conform to the EVP AEAD interface. +.Sh RETURN VALUES +These functions return an +.Vt EVP_CIPHER +structure that provides the implementation of the symmetric cipher. +.Sh SEE ALSO +.Xr evp 3 , +.Xr EVP_EncryptInit 3 +.Sh HISTORY +.Fn EVP_rc4 +first appeared in SSLeay 0.5.1 +and +.Fn EVP_rc4_40 +in OpenSSL 0.9.1. +These functions have been available since +.Ox 2.4 . +.Pp +.Fn EVP_rc4_hmac_md5 +first appeared in OpenSSL 1.0.1 and has been available since +.Ox 5.3 . diff --git a/src/lib/libcrypto/man/EVP_sm4_cbc.3 b/src/lib/libcrypto/man/EVP_sm4_cbc.3 new file mode 100644 index 00000000000..85ff88f54e3 --- /dev/null +++ b/src/lib/libcrypto/man/EVP_sm4_cbc.3 @@ -0,0 +1,81 @@ +.\" $OpenBSD: EVP_sm4_cbc.3,v 1.1 2019/03/18 05:56:24 schwarze Exp $ +.\" full merge up to: OpenSSL 87103969 Oct 1 14:11:57 2018 -0700 +.\" +.\" Copyright (c) 2017 Ribose Inc +.\" Copyright (c) 2019 Ingo Schwarze +.\" The original version of this file +.\" was written by Ronald Tse . +.\" +.\" Permission to use, copy, modify, and/or distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 18 2019 $ +.Dt EVP_SM4_CBC 3 +.Os +.Sh NAME +.Nm EVP_sm4_cbc , +.Nm EVP_sm4_ecb , +.Nm EVP_sm4_cfb , +.Nm EVP_sm4_cfb128 , +.Nm EVP_sm4_ofb , +.Nm EVP_sm4_ctr +.Nd EVP SM4 cipher +.Sh SYNOPSIS +.In openssl/evp.h +.Ft const EVP_CIPHER * +.Fn EVP_sm4_cbc void +.Ft const EVP_CIPHER * +.Fn EVP_sm4_ecb void +.Ft const EVP_CIPHER * +.Fn EVP_sm4_cfb void +.Ft const EVP_CIPHER * +.Fn EVP_sm4_cfb128 void +.Ft const EVP_CIPHER * +.Fn EVP_sm4_ofb void +.Ft const EVP_CIPHER * +.Fn EVP_sm4_ctr void +.Sh DESCRIPTION +These functions provide the SM4 blockcipher in the +.Xr evp 3 +framework. +.Pp +All modes use a key length of 128 bits and act on blocks of 128 +bits. +.Pp +.Fn EVP_sm4_cfb +is an alias for +.Fn EVP_sm4_cfb128 . +.Pp +With an argument of +.Qq sm4 +or +.Qq SM4 , +.Xr EVP_get_cipherbyname 3 +returns +.Fn EVP_sm4_cbc . +.Sh RETURN VALUES +These functions return an +.Vt EVP_CIPHER +structure that provides the implementation of the symmetric cipher. +.Sh SEE ALSO +.Xr evp 3 , +.Xr EVP_EncryptInit 3 +.Sh STANDARDS +.Rs +.%T Information security technology - SM4 block cipher algorithm +.%I National Standards of People's Republic of China +.%N GB/T 32907-2016 +.%D August 29, 2016 +.Re +.Sh HISTORY +These functions appeared in OpenSSL 1.1.1 and have been available since +.Ox 6.5 . diff --git a/src/lib/libcrypto/man/EXTENDED_KEY_USAGE_new.3 b/src/lib/libcrypto/man/EXTENDED_KEY_USAGE_new.3 new file mode 100644 index 00000000000..d06c76c5dd2 --- /dev/null +++ b/src/lib/libcrypto/man/EXTENDED_KEY_USAGE_new.3 @@ -0,0 +1,81 @@ +.\" $OpenBSD: EXTENDED_KEY_USAGE_new.3,v 1.3 2018/03/22 21:08:22 schwarze Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 22 2018 $ +.Dt EXTENDED_KEY_USAGE_NEW 3 +.Os +.Sh NAME +.Nm EXTENDED_KEY_USAGE_new , +.Nm EXTENDED_KEY_USAGE_free +.Nd X.509 key usage restrictions +.Sh SYNOPSIS +.In openssl/x509v3.h +.Ft EXTENDED_KEY_USAGE +.Fn EXTENDED_KEY_USAGE_new void +.Ft void +.Fn EXTENDED_KEY_USAGE_free "EXTENDED_KEY_USAGE *eku" +.Sh DESCRIPTION +By using the key usage extension, the extended key usage extension, +or both of them, +.Vt X509 +end entity certificates may indicate that the key contained in them +is only intended to be used for the specified purposes. +If both extensions are present, only uses compatible with both +extensions are intended. +.Pp +.Fn EXTENDED_KEY_USAGE_new +allocates and initializes an empty +.Vt EXTENDED_KEY_USAGE +object, which is a +.Vt STACK_OF(ASN1_OBJECT) +and represents an ASN.1 +.Vt ExtKeyUsageSyntax +structure defined in RFC 5280 section 4.2.1.12. +It can hold key purpose identifiers. +.Pp +.Fn EXTENDED_KEY_USAGE_free +frees +.Fa eku . +.Pp +The key usage extension uses the ASN.1 BIT STRING data type +and doesn't require any dedicated object. +.Sh RETURN VALUES +.Fn EXTENDED_KEY_USAGE_new +returns the new +.Vt EXTENDED_KEY_USAGE +object or +.Dv NULL +if an error occurs. +.Sh SEE ALSO +.Xr BASIC_CONSTRAINTS_new 3 , +.Xr POLICYINFO_new 3 , +.Xr X509_EXTENSION_new 3 , +.Xr X509_new 3 +.Sh STANDARDS +RFC 5280: Internet X.509 Public Key Infrastructure Certificate and +Certificate Revocation List (CRL) Profile: +.Bl -dash -compact +.It +section 4.2.1.3: Key Usage +.It +section 4.2.1.12: Extended Key Usage +.El +.Sh HISTORY +.Fn EXTENDED_KEY_USAGE_new +and +.Fn EXTENDED_KEY_USAGE_free +first appeared in OpenSSL 0.9.7 and have been available since +.Ox 3.2 . diff --git a/src/lib/libcrypto/man/GENERAL_NAME_new.3 b/src/lib/libcrypto/man/GENERAL_NAME_new.3 new file mode 100644 index 00000000000..671b5440f96 --- /dev/null +++ b/src/lib/libcrypto/man/GENERAL_NAME_new.3 @@ -0,0 +1,164 @@ +.\" $OpenBSD: GENERAL_NAME_new.3,v 1.5 2018/03/22 21:08:22 schwarze Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 22 2018 $ +.Dt GENERAL_NAME_NEW 3 +.Os +.Sh NAME +.Nm GENERAL_NAME_new , +.Nm GENERAL_NAME_free , +.Nm GENERAL_NAMES_new , +.Nm GENERAL_NAMES_free , +.Nm EDIPARTYNAME_new , +.Nm EDIPARTYNAME_free , +.Nm OTHERNAME_new , +.Nm OTHERNAME_free +.Nd names for use in X.509 extensions +.Sh SYNOPSIS +.In openssl/x509v3.h +.Ft GENERAL_NAME * +.Fn GENERAL_NAME_new void +.Ft void +.Fn GENERAL_NAME_free "GENERAL_NAME *name" +.Ft GENERAL_NAMES * +.Fn GENERAL_NAMES_new void +.Ft void +.Fn GENERAL_NAMES_free "GENERAL_NAMES *names" +.Ft EDIPARTYNAME * +.Fn EDIPARTYNAME_new void +.Ft void +.Fn EDIPARTYNAME_free "EDIPARTYNAME *name" +.Ft OTHERNAME * +.Fn OTHERNAME_new void +.Ft void +.Fn OTHERNAME_free "OTHERNAME *name" +.Sh DESCRIPTION +Even though the X.501 +.Vt Name +documented in +.Xr X509_NAME_new 3 +is a complicated multi-layered structure, it is very rigid and not +flexible enough to represent various entities that many people want +to use as names in certificates. +For that reason, X.509 extensions use the X.509 +.Vt GeneralName +wrapper structure rather than using the X.501 +.Vt Name +structure directly, at the expense of adding one or two additional +layers of indirection. +.Pp +.Fn GENERAL_NAME_new +allocates and initializes an empty +.Vt GENERAL_NAME +object, representing the ASN.1 +.Vt GeneralName +structure defined in RFC 5280 section 4.2.1.6. +It can for example hold an +.Vt X509_name +object, an IP address, a DNS host name, a uniform resource identifier, +an email address, or an +.Vt EDIPARTYNAME +or +.Vt OTHERNAME +object described below. +.Fn GENERAL_NAME_free +frees +.Fa name . +.Pp +.Fn GENERAL_NAMES_new +allocates and initializes an empty +.Vt GENERAL_NAMES +object, which is a +.Vt STACK_OF(GENERAL_NAME) +and represents the ASN.1 +.Vt GeneralNames +structure defined in RFC 5280 section 4.2.1.6. +It is used by extension structures that can contain multiple names, +for example key identifier, alternative name, and distribution point +extensions. +.Fn GENERAL_NAMES_free +frees +.Fa names . +.Pp +.Fn EDIPARTYNAME_new +allocates and initializes an empty +.Vt EDIPARTYNAME +object, representing the ASN.1 +.Vt EDIPartyName +structure defined in RFC 5280 section 4.2.1.6, where +.Dq EDI +stands for +.Dq electronic data identifier . +It can hold two strings, the name itself and the name of the authority +that assigned that name. +.Fn EDIPARTYNAME_free +frees +.Fa name . +.Pp +.Fn OTHERNAME_new +allocates and initializes an empty +.Vt OTHERNAME +object, representing the ASN.1 +.Vt OtherName +structure defined in RFC 5280 section 4.2.1.6. +It can hold data of any +.Vt ASN1_TYPE +together with a type identifier. +.Fn OTHERNAME_free +frees +.Fa name . +.Sh RETURN VALUES +.Fn GENERAL_NAME_new , +.Fn GENERAL_NAMES_new , +.Fn EDIPARTYNAME_new , +and +.Fn OTHERNAME_new +return a new +.Vt GENERAL_NAME , +.Vt GENERAL_NAMES , +.Vt EDIPARTYNAME , +or +.Vt OTHERNAME +object or +.Dv NULL +if an error occurs. +.Sh SEE ALSO +.Xr X509_EXTENSION_new 3 , +.Xr X509_NAME_new 3 +.Sh STANDARDS +RFC 5280: Internet X.509 Public Key Infrastructure Certificate and +Certificate Revocation List (CRL) Profile, +section 4.2: Certificate Extensions +.Sh HISTORY +.Fn GENERAL_NAME_new , +.Fn GENERAL_NAME_free , +.Fn GENERAL_NAMES_new , +and +.Fn GENERAL_NAMES_free +first appeared in OpenSSL 0.9.2b and have been available since +.Ox 2.6 . +.Pp +.Fn OTHERNAME_new +and +.Fn OTHERNAME_free +first appeared in OpenSSL 0.9.5 and have been available since +.Ox 2.7 . +.Pp +.Fn EDIPARTYNAME_new +and +.Fn EDIPARTYNAME_free +first appeared in OpenSSL 0.9.7 and have been available since +.Ox 3.2 . diff --git a/src/lib/libcrypto/man/HMAC.3 b/src/lib/libcrypto/man/HMAC.3 new file mode 100644 index 00000000000..1f855dc17d0 --- /dev/null +++ b/src/lib/libcrypto/man/HMAC.3 @@ -0,0 +1,403 @@ +.\" $OpenBSD: HMAC.3,v 1.13 2018/03/23 23:18:17 schwarze Exp $ +.\" full merge up to: OpenSSL crypto/hmac a528d4f0 Oct 27 13:40:11 2015 -0400 +.\" selective merge up to: OpenSSL man3/HMAC b3696a55 Sep 2 09:35:50 2017 -0400 +.\" +.\" This file was written by Ulf Moeller , +.\" Richard Levitte , and +.\" Matt Caswell . +.\" Copyright (c) 2000-2002, 2006, 2008, 2009, 2013, 2015, 2016 +.\" The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt HMAC 3 +.Os +.Sh NAME +.Nm HMAC , +.Nm HMAC_CTX_new , +.Nm HMAC_CTX_reset , +.Nm HMAC_CTX_free , +.Nm HMAC_CTX_init , +.Nm HMAC_CTX_cleanup , +.Nm HMAC_cleanup , +.Nm HMAC_Init_ex , +.Nm HMAC_Init , +.Nm HMAC_Update , +.Nm HMAC_Final , +.Nm HMAC_CTX_copy , +.Nm HMAC_CTX_set_flags , +.Nm HMAC_CTX_get_md , +.Nm HMAC_size +.Nd HMAC message authentication code +.Sh SYNOPSIS +.In openssl/hmac.h +.Ft unsigned char * +.Fo HMAC +.Fa "const EVP_MD *evp_md" +.Fa "const void *key" +.Fa "int key_len" +.Fa "const unsigned char *d" +.Fa "int n" +.Fa "unsigned char *md" +.Fa "unsigned int *md_len" +.Fc +.Ft HMAC_CTX * +.Fn HMAC_CTX_new void +.Ft int +.Fo HMAC_CTX_reset +.Fa "HMAC_CTX *ctx" +.Fc +.Ft void +.Fo HMAC_CTX_free +.Fa "HMAC_CTX *ctx" +.Fc +.Ft void +.Fo HMAC_CTX_init +.Fa "HMAC_CTX *ctx" +.Fc +.Ft void +.Fo HMAC_CTX_cleanup +.Fa "HMAC_CTX *ctx" +.Fc +.Ft void +.Fo HMAC_cleanup +.Fa "HMAC_CTX *ctx" +.Fc +.Ft int +.Fo HMAC_Init_ex +.Fa "HMAC_CTX *ctx" +.Fa "const void *key" +.Fa "int key_len" +.Fa "const EVP_MD *md" +.Fa "ENGINE *impl" +.Fc +.Ft int +.Fo HMAC_Init +.Fa "HMAC_CTX *ctx" +.Fa "const void *key" +.Fa "int key_len" +.Fa "const EVP_MD *md" +.Fc +.Ft int +.Fo HMAC_Update +.Fa "HMAC_CTX *ctx" +.Fa "const unsigned char *data" +.Fa "int len" +.Fc +.Ft int +.Fo HMAC_Final +.Fa "HMAC_CTX *ctx" +.Fa "unsigned char *md" +.Fa "unsigned int *len" +.Fc +.Ft int +.Fo HMAC_CTX_copy +.Fa "HMAC_CTX *dctx" +.Fa "HMAC_CTX *sctx" +.Fc +.Ft void +.Fo HMAC_CTX_set_flags +.Fa "HMAC_CTX *ctx" +.Fa "unsigned long flags" +.Fc +.Ft const EVP_MD * +.Fo HMAC_CTX_get_md +.Fa "const HMAC_CTX *ctx" +.Fc +.Ft size_t +.Fo HMAC_size +.Fa "const HMAC_CTX *e" +.Fc +.Sh DESCRIPTION +HMAC is a MAC (message authentication code), i.e. a keyed hash +function used for message authentication, which is based on a hash +function. +.Pp +.Fn HMAC +computes the message authentication code of the +.Fa n +bytes at +.Fa d +using the hash function +.Fa evp_md +and the key +.Fa key +which is +.Fa key_len +bytes long. +.Pp +It places the result in +.Fa md , +which must have space for the output of the hash function, which is no +more than +.Dv EVP_MAX_MD_SIZE +bytes. +If +.Fa md +is +.Dv NULL , +the digest is placed in a static array, which is not thread safe. +The size of the output is placed in +.Fa md_len , +unless it is +.Dv NULL . +.Pp +.Fa evp_md +can be +.Xr EVP_sha1 3 , +.Xr EVP_ripemd160 3 , +etc. +.Pp +.Fn HMAC_CTX_new +allocates and initializes a new +.Vt HMAC_CTX +object. +.Pp +.Fn HMAC_CTX_reset +zeroes and re-initializes +.Fa ctx +and associated resources, making it suitable for new computations +as if it was deleted with +.Fn HMAC_CTX_free +and newly created with +.Fn HMAC_CTX_new . +.Pp +.Fn HMAC_CTX_free +erases the key and other data from +.Fa ctx , +releases any associated resources, and finally frees +.Fa ctx +itself. +.Pp +.Fn HMAC_CTX_init +is a deprecated function to initialize an empty +.Vt HMAC_CTX +object, similar to +.Fn CTX_new +but without the allocation. +Calling it is required for static objects and objects on the stack +before using them. +.Pp +.Fn HMAC_CTX_cleanup +is a deprecated function to erase the key and other data from +.Fa ctx +and release any associated resources, similar to +.Fn HMAC_CTX_free +but without freeing +.Fa ctx +itself. +Calling it is required for static objects and objects on the stack +that were initialized with +.Fn HMAC_CTX_init +and are no longer needed. +.Pp +.Fn HMAC_cleanup +is an alias for +.Fn HMAC_CTX_cleanup +included for backward compatibility with 0.9.6b. +It is deprecated and implemented as a macro. +.Pp +The following functions may be used if the message is not completely +stored in memory: +.Pp +.Fn HMAC_Init_ex +sets up or reuses +.Fa ctx +to use the hash function +.Fa evp_md +and the key +.Fa key . +Either can be +.Dv NULL , +in which case the existing one is reused. +The +.Fa ctx +must have been created with +.Fn HMAC_CTX_new +or initialized with +.Fn HMAC_CTX_init +before the first use in this function. +If +.Fn HMAC_Init_ex +is called with a +.Dv NULL +.Fa key +but +.Fa evp_md +is neither +.Dv NULL +nor the same as the previous digest used by +.Fa ctx , +then an error is returned because reuse of an existing key with a +different digest is not supported. +.Pp +.Fn HMAC_Init +is a deprecated wrapper around +.Fn HMAC_Init_ex . +If called with both +.Fa key +and +.Fa md , +it calls +.Fn HMAC_CTX_init +first, which only makes sense for an empty, uninitialized +.Fa ctx , +but not for one already initialized with +.Fn HMAC_CTX_new +or +.Fn HMAC_CTX_init . +If +.Fa key +or +.Fa md +is +.Dv NULL , +it does not call +.Fn HMAC_CTX_init ; +so in this case, +.Fa ctx +already needs to be initialized with +.Fn HMAC_CTX_new +or +.Fn HMAC_CTX_init . +.Pp +.Fn HMAC_Update +can be called repeatedly with chunks of the message to be authenticated +.Pq Fa len No bytes at Fa data . +.Pp +.Fn HMAC_Final +places the message authentication code in +.Fa md , +which must have space for the hash function output. +.Pp +.Fn HMAC_CTX_copy +copies all of the internal state from +.Fa sctx +into +.Fa dctx . +.Pp +.Fn HMAC_CTX_set_flags +applies the specified flags to the internal +.Vt EVP_MD_CTX +objects. +Possible flag values +.Dv EVP_MD_CTX_FLAG_* +are defined in +.In openssl/evp.h . +.Pp +.Fn HMAC_size +returns the length in bytes of the underlying hash function output. +It is implemented as a macro. +.Sh RETURN VALUES +.Fn HMAC +returns a pointer to the message authentication code or +.Dv NULL +if an error occurred. +.Pp +.Fn HMAC_CTX_new +returns a pointer to the new +.Vt HMAC_CTX +object or +.Dv NULL +if an error occurred. +.Pp +.Fn HMAC_CTX_reset , +.Fn HMAC_Init_ex , +.Fn HMAC_Update , +.Fn HMAC_Final , +and +.Fn HMAC_CTX_copy +return 1 for success or 0 if an error occurred. +.Pp +.Fn HMAC_CTX_get_md +returns the message digest that was previously set for +.Fa ctx +with +.Fn HMAC_Init_ex , +or +.Dv NULL +if none was set. +.Pp +.Fn HMAC_size +returns the length in bytes of the underlying hash function output +or 0 on error. +.Sh SEE ALSO +.Xr evp 3 +.Sh STANDARDS +RFC 2104 +.Sh HISTORY +.Fn HMAC , +.Fn HMAC_cleanup , +.Fn HMAC_Init , +.Fn HMAC_Update , +.Fn HMAC_Final , +and +.Fn HMAC_size +first appeared in SSLeay 0.9.0 and have been available since +.Ox 2.4 . +.Pp +.Fn HMAC_CTX_init , +.Fn HMAC_CTX_cleanup , +and +.Fn HMAC_Init_ex +first appeared in OpenSSL 0.9.7 and have been available since +.Ox 3.2 . +.Pp +.Fn HMAC_CTX_set_flags +first appeared in OpenSSL 0.9.7f and have been available since +.Ox 3.8 . +.Pp +.Fn HMAC_CTX_copy +first appeared in OpenSSL 1.0.0 and has been available since +.Ox 4.9 . +.Pp +.Fn HMAC_CTX_new , +.Fn HMAC_CTX_reset , +.Fn HMAC_CTX_free , +and +.Fn HMAC_CTX_get_md +first appeared in OpenSSL 1.1.0 and have been available since +.Ox 6.3 . diff --git a/src/lib/libcrypto/man/MD5.3 b/src/lib/libcrypto/man/MD5.3 new file mode 100644 index 00000000000..1e4a628591f --- /dev/null +++ b/src/lib/libcrypto/man/MD5.3 @@ -0,0 +1,196 @@ +.\" $OpenBSD: MD5.3,v 1.8 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" +.\" This file was written by Ulf Moeller and +.\" Richard Levitte . +.\" Copyright (c) 2000, 2006 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt MD5 3 +.Os +.Sh NAME +.Nm MD4 , +.Nm MD5 , +.Nm MD4_Init , +.Nm MD4_Update , +.Nm MD4_Final , +.Nm MD5_Init , +.Nm MD5_Update , +.Nm MD5_Final +.Nd MD4 and MD5 hash functions +.Sh SYNOPSIS +.In openssl/md4.h +.Ft unsigned char * +.Fo MD4 +.Fa "const unsigned char *d" +.Fa "unsigned long n" +.Fa "unsigned char *md" +.Fc +.Ft int +.Fo MD4_Init +.Fa "MD4_CTX *c" +.Fc +.Ft int +.Fo MD4_Update +.Fa "MD4_CTX *c" +.Fa "const void *data" +.Fa "unsigned long len" +.Fc +.Ft int +.Fo MD4_Final +.Fa "unsigned char *md" +.Fa "MD4_CTX *c" +.Fc +.In openssl/md5.h +.Ft unsigned char * +.Fo MD5 +.Fa "const unsigned char *d" +.Fa "unsigned long n" +.Fa "unsigned char *md" +.Fc +.Ft int +.Fo MD5_Init +.Fa "MD5_CTX *c" +.Fc +.Ft int +.Fo MD5_Update +.Fa "MD5_CTX *c" +.Fa "const void *data" +.Fa "unsigned long len" +.Fc +.Ft int +.Fo MD5_Final +.Fa "unsigned char *md" +.Fa "MD5_CTX *c" +.Fc +.Sh DESCRIPTION +MD4 and MD5 are cryptographic hash functions with a 128-bit +output. +.Pp +.Fn MD4 +and +.Fn MD5 +compute the MD4 and MD5 message digest of the +.Fa n +bytes at +.Fa d +and place it in +.Fa md , +which must have space for +.Dv MD4_DIGEST_LENGTH No == Dv MD5_DIGEST_LENGTH No == 16 +bytes of output. +If +.Fa md +is +.Dv NULL , +the digest is placed in a static array. +.Pp +The following functions may be used if the message is not completely +stored in memory: +.Pp +.Fn MD5_Init +initializes a +.Vt MD5_CTX +structure. +.Pp +.Fn MD5_Update +can be called repeatedly with chunks of the message to be hashed +.Pq Fa len No bytes at Fa data . +.Pp +.Fn MD5_Final +places the message digest in +.Fa md , +which must have space for +.Dv MD5_DIGEST_LENGTH No == 16 +bytes of output, and erases the +.Vt MD5_CTX . +.Pp +.Fn MD4_Init , +.Fn MD4_Update , +and +.Fn MD4_Final +are analogous using an +.Vt MD4_CTX +structure. +.Pp +Applications should use the higher level functions +.Xr EVP_DigestInit 3 +etc. instead of calling these hash functions directly. +.Sh RETURN VALUES +.Fn MD4 +and +.Fn MD5 +return pointers to the hash value. +.Pp +.Fn MD4_Init , +.Fn MD4_Update , +.Fn MD4_Final , +.Fn MD5_Init , +.Fn MD5_Update , +and +.Fn MD5_Final +return 1 for success or 0 otherwise. +.Sh SEE ALSO +.Xr EVP_DigestInit 3 +.Sh STANDARDS +RFC 1320, RFC 1321 +.Sh HISTORY +.Fn MD5 , +.Fn MD5_Init , +.Fn MD5_Update , +and +.Fn MD5_Final +appeared in SSLeay 0.4 or earlier and have been available since +.Ox 2.4 . +.Pp +.Fn MD4 , +.Fn MD4_Init , +.Fn MD4_Update , +and +.Fn MD4_Final +first appeared in OpenSSL 0.9.6 and have been available since +.Ox 2.9 . diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile new file mode 100644 index 00000000000..a9adb07f27d --- /dev/null +++ b/src/lib/libcrypto/man/Makefile @@ -0,0 +1,323 @@ +# $OpenBSD: Makefile,v 1.148 2019/03/21 14:15:13 schwarze Exp $ + +.include + +MAN= \ + ACCESS_DESCRIPTION_new.3 \ + ASN1_INTEGER_get.3 \ + ASN1_OBJECT_new.3 \ + ASN1_STRING_length.3 \ + ASN1_STRING_new.3 \ + ASN1_STRING_print_ex.3 \ + ASN1_STRING_TABLE_add.3 \ + ASN1_TIME_set.3 \ + ASN1_TYPE_get.3 \ + ASN1_generate_nconf.3 \ + ASN1_item_d2i.3 \ + ASN1_item_new.3 \ + ASN1_time_parse.3 \ + AUTHORITY_KEYID_new.3 \ + BASIC_CONSTRAINTS_new.3 \ + BF_set_key.3 \ + BIO_ctrl.3 \ + BIO_f_base64.3 \ + BIO_f_buffer.3 \ + BIO_f_cipher.3 \ + BIO_f_md.3 \ + BIO_f_null.3 \ + BIO_find_type.3 \ + BIO_get_data.3 \ + BIO_get_ex_new_index.3 \ + BIO_meth_new.3 \ + BIO_new.3 \ + BIO_printf.3 \ + BIO_push.3 \ + BIO_read.3 \ + BIO_s_accept.3 \ + BIO_s_bio.3 \ + BIO_s_connect.3 \ + BIO_s_fd.3 \ + BIO_s_file.3 \ + BIO_s_mem.3 \ + BIO_s_null.3 \ + BIO_s_socket.3 \ + BIO_set_callback.3 \ + BIO_should_retry.3 \ + BN_BLINDING_new.3 \ + BN_CTX_new.3 \ + BN_CTX_start.3 \ + BN_add.3 \ + BN_add_word.3 \ + BN_bn2bin.3 \ + BN_cmp.3 \ + BN_copy.3 \ + BN_generate_prime.3 \ + BN_get0_nist_prime_521.3 \ + BN_mod_inverse.3 \ + BN_mod_mul_montgomery.3 \ + BN_mod_mul_reciprocal.3 \ + BN_new.3 \ + BN_num_bytes.3 \ + BN_rand.3 \ + BN_set_bit.3 \ + BN_set_flags.3 \ + BN_set_negative.3 \ + BN_swap.3 \ + BN_zero.3 \ + BUF_MEM_new.3 \ + CONF_modules_free.3 \ + CONF_modules_load_file.3 \ + CRYPTO_get_mem_functions.3 \ + CRYPTO_lock.3 \ + CRYPTO_set_ex_data.3 \ + DES_set_key.3 \ + DH_generate_key.3 \ + DH_generate_parameters.3 \ + DH_get_ex_new_index.3 \ + DH_get0_pqg.3 \ + DH_new.3 \ + DH_set_method.3 \ + DH_size.3 \ + DIST_POINT_new.3 \ + DSA_SIG_new.3 \ + DSA_do_sign.3 \ + DSA_dup_DH.3 \ + DSA_generate_key.3 \ + DSA_generate_parameters.3 \ + DSA_get_ex_new_index.3 \ + DSA_get0_pqg.3 \ + DSA_meth_new.3 \ + DSA_new.3 \ + DSA_set_method.3 \ + DSA_sign.3 \ + DSA_size.3 \ + ECDSA_SIG_new.3 \ + EC_GFp_simple_method.3 \ + EC_GROUP_copy.3 \ + EC_GROUP_new.3 \ + EC_KEY_new.3 \ + EC_POINT_add.3 \ + EC_POINT_new.3 \ + ENGINE_add.3 \ + ENGINE_ctrl.3 \ + ENGINE_get_default_RSA.3 \ + ENGINE_init.3 \ + ENGINE_new.3 \ + ENGINE_register_RSA.3 \ + ENGINE_register_all_RSA.3 \ + ENGINE_set_RSA.3 \ + ENGINE_set_default.3 \ + ENGINE_set_flags.3 \ + ENGINE_unregister_RSA.3 \ + ERR.3 \ + ERR_GET_LIB.3 \ + ERR_asprintf_error_data.3 \ + ERR_clear_error.3 \ + ERR_error_string.3 \ + ERR_get_error.3 \ + ERR_load_crypto_strings.3 \ + ERR_load_strings.3 \ + ERR_print_errors.3 \ + ERR_put_error.3 \ + ERR_remove_state.3 \ + ERR_set_mark.3 \ + ESS_SIGNING_CERT_new.3 \ + EVP_AEAD_CTX_init.3 \ + EVP_BytesToKey.3 \ + EVP_DigestInit.3 \ + EVP_DigestSignInit.3 \ + EVP_DigestVerifyInit.3 \ + EVP_EncodeInit.3 \ + EVP_EncryptInit.3 \ + EVP_OpenInit.3 \ + EVP_PKEY_asn1_new.3 \ + EVP_PKEY_asn1_get_count.3 \ + EVP_PKEY_CTX_ctrl.3 \ + EVP_PKEY_CTX_new.3 \ + EVP_PKEY_cmp.3 \ + EVP_PKEY_decrypt.3 \ + EVP_PKEY_derive.3 \ + EVP_PKEY_encrypt.3 \ + EVP_PKEY_get_default_digest_nid.3 \ + EVP_PKEY_keygen.3 \ + EVP_PKEY_meth_get0_info.3 \ + EVP_PKEY_meth_new.3 \ + EVP_PKEY_new.3 \ + EVP_PKEY_print_private.3 \ + EVP_PKEY_set1_RSA.3 \ + EVP_PKEY_sign.3 \ + EVP_PKEY_verify.3 \ + EVP_PKEY_verify_recover.3 \ + EVP_SealInit.3 \ + EVP_SignInit.3 \ + EVP_VerifyInit.3 \ + EVP_aes_128_cbc.3 \ + EVP_camellia_128_cbc.3 \ + EVP_des_cbc.3 \ + EVP_rc4.3 \ + EVP_sm4_cbc.3 \ + EXTENDED_KEY_USAGE_new.3 \ + GENERAL_NAME_new.3 \ + HMAC.3 \ + MD5.3 \ + NAME_CONSTRAINTS_new.3 \ + OBJ_nid2obj.3 \ + OCSP_CRLID_new.3 \ + OCSP_REQUEST_new.3 \ + OCSP_SERVICELOC_new.3 \ + OCSP_cert_to_id.3 \ + OCSP_request_add1_nonce.3 \ + OCSP_resp_find_status.3 \ + OCSP_response_status.3 \ + OCSP_sendreq_new.3 \ + OPENSSL_VERSION_NUMBER.3 \ + OPENSSL_cleanse.3 \ + OPENSSL_config.3 \ + OPENSSL_init_crypto.3 \ + OPENSSL_load_builtin_modules.3 \ + OPENSSL_malloc.3 \ + OPENSSL_sk_new.3 \ + OpenSSL_add_all_algorithms.3 \ + PEM_bytes_read_bio.3 \ + PEM_read.3 \ + PEM_read_bio_PrivateKey.3 \ + PEM_write_bio_PKCS7_stream.3 \ + PKCS12_create.3 \ + PKCS12_new.3 \ + PKCS12_newpass.3 \ + PKCS12_parse.3 \ + PKCS12_SAFEBAG_new.3 \ + PKCS5_PBKDF2_HMAC.3 \ + PKCS7_decrypt.3 \ + PKCS7_encrypt.3 \ + PKCS7_new.3 \ + PKCS7_sign.3 \ + PKCS7_sign_add_signer.3 \ + PKCS7_verify.3 \ + PKCS8_PRIV_KEY_INFO_new.3 \ + PKEY_USAGE_PERIOD_new.3 \ + POLICYINFO_new.3 \ + PROXY_POLICY_new.3 \ + RAND_add.3 \ + RAND_bytes.3 \ + RAND_load_file.3 \ + RAND_set_rand_method.3 \ + RC4.3 \ + RIPEMD160.3 \ + RSA_PSS_PARAMS_new.3 \ + RSA_blinding_on.3 \ + RSA_check_key.3 \ + RSA_generate_key.3 \ + RSA_get_ex_new_index.3 \ + RSA_get0_key.3 \ + RSA_meth_new.3 \ + RSA_new.3 \ + RSA_padding_add_PKCS1_type_1.3 \ + RSA_print.3 \ + RSA_private_encrypt.3 \ + RSA_public_encrypt.3 \ + RSA_set_method.3 \ + RSA_sign.3 \ + RSA_sign_ASN1_OCTET_STRING.3 \ + RSA_size.3 \ + SHA1.3 \ + SMIME_read_PKCS7.3 \ + SMIME_write_PKCS7.3 \ + STACK_OF.3 \ + SXNET_new.3 \ + TS_REQ_new.3 \ + UI_UTIL_read_pw.3 \ + UI_create_method.3 \ + UI_get_string_type.3 \ + UI_new.3 \ + X25519.3 \ + X509V3_get_d2i.3 \ + X509_ALGOR_dup.3 \ + X509_ATTRIBUTE_new.3 \ + X509_CINF_new.3 \ + X509_CRL_get0_by_serial.3 \ + X509_CRL_new.3 \ + X509_EXTENSION_set_object.3 \ + X509_LOOKUP_hash_dir.3 \ + X509_NAME_ENTRY_get_object.3 \ + X509_NAME_add_entry_by_txt.3 \ + X509_NAME_get_index_by_NID.3 \ + X509_NAME_new.3 \ + X509_NAME_print_ex.3 \ + X509_OBJECT_get0_X509.3 \ + X509_PUBKEY_new.3 \ + X509_REQ_new.3 \ + X509_REVOKED_new.3 \ + X509_SIG_new.3 \ + X509_STORE_CTX_get_error.3 \ + X509_STORE_CTX_get_ex_new_index.3 \ + X509_STORE_CTX_new.3 \ + X509_STORE_CTX_set_verify_cb.3 \ + X509_STORE_load_locations.3 \ + X509_STORE_new.3 \ + X509_STORE_set_verify_cb_func.3 \ + X509_STORE_set1_param.3 \ + X509_VERIFY_PARAM_set_flags.3 \ + X509_check_ca.3 \ + X509_check_host.3 \ + X509_check_issued.3 \ + X509_check_private_key.3 \ + X509_cmp_time.3 \ + X509_digest.3 \ + X509_get_pubkey.3 \ + X509_get_serialNumber.3 \ + X509_get_subject_name.3 \ + X509_get_version.3 \ + X509_get0_notBefore.3 \ + X509_get0_signature.3 \ + X509_new.3 \ + X509_sign.3 \ + X509_verify_cert.3 \ + X509v3_get_ext_by_NID.3 \ + crypto.3 \ + d2i_ASN1_NULL.3 \ + d2i_ASN1_OBJECT.3 \ + d2i_ASN1_OCTET_STRING.3 \ + d2i_ASN1_SEQUENCE_ANY.3 \ + d2i_AUTHORITY_KEYID.3 \ + d2i_BASIC_CONSTRAINTS.3 \ + d2i_DHparams.3 \ + d2i_DIST_POINT.3 \ + d2i_DSAPublicKey.3 \ + d2i_ECPKParameters.3 \ + d2i_ESS_SIGNING_CERT.3 \ + d2i_GENERAL_NAME.3 \ + d2i_OCSP_REQUEST.3 \ + d2i_OCSP_RESPONSE.3 \ + d2i_PKCS12.3 \ + d2i_PKCS7.3 \ + d2i_PKCS8_PRIV_KEY_INFO.3 \ + d2i_PKCS8PrivateKey_bio.3 \ + d2i_PKEY_USAGE_PERIOD.3 \ + d2i_POLICYINFO.3 \ + d2i_PROXY_POLICY.3 \ + d2i_PrivateKey.3 \ + d2i_RSAPublicKey.3 \ + d2i_TS_REQ.3 \ + d2i_X509.3 \ + d2i_X509_ALGOR.3 \ + d2i_X509_ATTRIBUTE.3 \ + d2i_X509_CRL.3 \ + d2i_X509_EXTENSION.3 \ + d2i_X509_NAME.3 \ + d2i_X509_REQ.3 \ + d2i_X509_SIG.3 \ + des_read_pw.3 \ + evp.3 \ + get_rfc3526_prime_8192.3 \ + i2d_PKCS7_bio_stream.3 \ + lh_new.3 \ + lh_stats.3 \ + openssl.cnf.5 \ + x509v3.cnf.5 + +all clean cleandir depend includes obj tags: + +install: maninstall + +.include diff --git a/src/lib/libcrypto/man/NAME_CONSTRAINTS_new.3 b/src/lib/libcrypto/man/NAME_CONSTRAINTS_new.3 new file mode 100644 index 00000000000..db64e14ce4d --- /dev/null +++ b/src/lib/libcrypto/man/NAME_CONSTRAINTS_new.3 @@ -0,0 +1,97 @@ +.\" $OpenBSD: NAME_CONSTRAINTS_new.3,v 1.3 2018/03/23 00:09:11 schwarze Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt NAME_CONSTRAINTS_NEW 3 +.Os +.Sh NAME +.Nm NAME_CONSTRAINTS_new , +.Nm NAME_CONSTRAINTS_free , +.Nm GENERAL_SUBTREE_new , +.Nm GENERAL_SUBTREE_free +.Nd X.509 CA name constraints extension +.Sh SYNOPSIS +.In openssl/x509v3.h +.Ft NAME_CONSTRAINTS * +.Fn NAME_CONSTRAINTS_new void +.Ft void +.Fn NAME_CONSTRAINTS_free "NAME_CONSTRAINTS *names" +.Ft GENERAL_SUBTREE * +.Fn GENERAL_SUBTREE_new void +.Ft void +.Fn GENERAL_SUBTREE_free "GENERAL_SUBTREE *name" +.Sh DESCRIPTION +X.509 CA certificates can use the name constraints extension +to restrict the subject names of subsequent certificates in a +certification path. +.Pp +.Fn NAME_CONSTRAINTS_new +allocates and initializes an empty +.Vt NAME_CONSTRAINTS +object, representing an ASN.1 +.Vt NameConstraints +structure defined in RFC 5280 section 4.2.1.10. +It consists of two +.Vt STACK_OF(GENERAL_SUBTREE) +objects, one specifying permitted names, the other excluded names. +.Fn NAME_CONSTRAINTS_free +frees +.Fa names . +.Pp +.Fn GENERAL_SUBTREE_new +allocates and initializes an empty +.Vt GENERAL_SUBTREE +object, representing an ASN.1 +.Vt GeneralSubtree +structure defined in RFC 5280 section 4.2.1.10. +It is a trivial wrapper around the +.Vt GENERAL_NAME +object documented in +.Xr GENERAL_NAME_new 3 . +The standard requires the other fields of +.Vt GENERAL_SUBTREE +to be ignored. +.Fn GENERAL_SUBTREE_free +frees +.Fa name . +.Sh RETURN VALUES +.Fn NAME_CONSTRAINTS_new +and +.Fn GENERAL_SUBTREE_new +return the new +.Vt NAME_CONSTRAINTS +or +.Vt GENERAL_SUBTREE +object, respectively, or +.Dv NULL +if an error occurs. +.Sh SEE ALSO +.Xr BASIC_CONSTRAINTS_new 3 , +.Xr GENERAL_NAMES_new 3 , +.Xr X509_EXTENSION_new 3 , +.Xr X509_new 3 +.Sh STANDARDS +RFC 5280: Internet X.509 Public Key Infrastructure Certificate and +Certificate Revocation List (CRL) Profile, +section 4.2.1.10: Name Constraints +.Sh HISTORY +.Fn NAME_CONSTRAINTS_new , +.Fn NAME_CONSTRAINTS_free , +.Fn GENERAL_SUBTREE_new , +and +.Fn GENERAL_SUBTREE_free +first appeared in OpenSSL 0.9.8 and have been available since +.Ox 4.5 . diff --git a/src/lib/libcrypto/man/OBJ_nid2obj.3 b/src/lib/libcrypto/man/OBJ_nid2obj.3 new file mode 100644 index 00000000000..f8c395baf91 --- /dev/null +++ b/src/lib/libcrypto/man/OBJ_nid2obj.3 @@ -0,0 +1,411 @@ +.\" $OpenBSD: OBJ_nid2obj.3,v 1.12 2018/04/25 15:17:52 schwarze Exp $ +.\" OpenSSL c264592d May 14 11:28:00 2006 +0000 +.\" +.\" This file is a derived work. +.\" The changes are covered by the following Copyright and license: +.\" +.\" Copyright (c) 2017 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" The original file was written by Dr. Stephen Henson . +.\" Copyright (c) 2002, 2006, 2015, 2016 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: April 25 2018 $ +.Dt OBJ_NID2OBJ 3 +.Os +.Sh NAME +.Nm OBJ_nid2obj , +.Nm OBJ_nid2ln , +.Nm OBJ_nid2sn , +.Nm OBJ_obj2nid , +.Nm OBJ_ln2nid , +.Nm OBJ_sn2nid , +.Nm OBJ_txt2nid , +.Nm OBJ_txt2obj , +.Nm OBJ_obj2txt , +.Nm OBJ_cmp , +.Nm OBJ_dup , +.Nm OBJ_create , +.Nm OBJ_cleanup , +.Nm i2t_ASN1_OBJECT +.Nd inspect and create ASN.1 object identifiers +.Sh SYNOPSIS +.In openssl/objects.h +.Ft ASN1_OBJECT * +.Fo OBJ_nid2obj +.Fa "int n" +.Fc +.Ft const char * +.Fo OBJ_nid2ln +.Fa "int n" +.Fc +.Ft const char * +.Fo OBJ_nid2sn +.Fa "int n" +.Fc +.Ft int +.Fo OBJ_obj2nid +.Fa "const ASN1_OBJECT *o" +.Fc +.Ft int +.Fo OBJ_ln2nid +.Fa "const char *ln" +.Fc +.Ft int +.Fo OBJ_sn2nid +.Fa "const char *sn" +.Fc +.Ft int +.Fo OBJ_txt2nid +.Fa "const char *s" +.Fc +.Ft ASN1_OBJECT * +.Fo OBJ_txt2obj +.Fa "const char *s" +.Fa "int no_name" +.Fc +.Ft int +.Fo OBJ_obj2txt +.Fa "char *buf" +.Fa "int buf_len" +.Fa "const ASN1_OBJECT *a" +.Fa "int no_name" +.Fc +.Ft int +.Fo OBJ_cmp +.Fa "const ASN1_OBJECT *a" +.Fa "const ASN1_OBJECT *b" +.Fc +.Ft ASN1_OBJECT * +.Fo OBJ_dup +.Fa "const ASN1_OBJECT *o" +.Fc +.Ft int +.Fo OBJ_create +.Fa "const char *oid" +.Fa "const char *sn" +.Fa "const char *ln" +.Fc +.Ft void +.Fn OBJ_cleanup void +.In openssl/asn1.h +.Ft int +.Fo i2t_ASN1_OBJECT +.Fa "char *buf" +.Fa "int buf_len" +.Fa "const ASN1_OBJECT *a" +.Fc +.Sh DESCRIPTION +The ASN.1 object utility functions process +.Vt ASN1_OBJECT +structures which are a representation of the ASN.1 OBJECT IDENTIFIER +(OID) type. +For convenience, OIDs are usually represented in source code as +numeric identifiers, or NIDs. +OpenSSL has an internal table of OIDs that are generated when the +library is built, and their corresponding NIDs are available as +defined constants. +For the functions below, application code should treat all returned +values \(em OIDs, NIDs, or names \(em as constants. +.Pp +.Fn OBJ_nid2obj , +.Fn OBJ_nid2ln , +and +.Fn OBJ_nid2sn +convert the NID +.Fa n +to an +.Vt ASN1_OBJECT +structure, its long name, and its short name, respectively, or return +.Dv NULL +if an error occurred. +.Pp +.Fn OBJ_obj2nid , +.Fn OBJ_ln2nid , +and +.Fn OBJ_sn2nid +return the corresponding NID for the object +.Fa o , +the long name +.Fa ln , +or the short name +.Fa sn , +respectively, or +.Dv NID_undef +if an error occurred. +.Pp +.Fn OBJ_txt2nid +returns the NID corresponding to text string +.Fa s . +.Fa s +can be a long name, a short name, or the numerical representation +of an object. +.Pp +.Fn OBJ_txt2obj +converts the text string +.Fa s +into an +.Vt ASN1_OBJECT +structure. +If +.Fa no_name +is 0 then long names and short names will be interpreted as well as +numerical forms. +If +.Fa no_name +is 1 only the numerical form is acceptable. +.Pp +.Fn OBJ_obj2txt +converts the +.Vt ASN1_OBJECT +.Fa a +into a textual representation. +The representation is written as a NUL terminated string to +.Fa buf . +At most +.Fa buf_len +bytes are written, truncating the result if necessary. +The total amount of space required is returned. +If +.Fa no_name +is 0 and the object has a long or short name, then that will be used, +otherwise the numerical form will be used. +.Pp +.Fn i2t_ASN1_OBJECT +is the same as +.Fn OBJ_obj2txt +with +.Fa no_name +set to 0. +.Pp +.Fn OBJ_cmp +compares +.Fa a +to +.Fa b . +If the two are identical, 0 is returned. +.Pp +.Fn OBJ_dup +returns a deep copy of +.Fa o +if +.Fa o +is marked as dynamically allocated. +The new object and all data contained in it is marked as dynamically +allocated. +If +.Fa o +is not marked as dynamically allocated, +.Fn OBJ_dup +just returns +.Fa o +itself. +.Pp +.Fn OBJ_create +adds a new object to the internal table. +.Fa oid +is the numerical form of the object, +.Fa sn +the short name and +.Fa ln +the long name. +A new NID is returned for the created object. +.Pp +The new object added to the internal table and all the data +contained in it is marked as not dynamically allocated. +Consequently, retrieving it with +.Fn OBJ_nid2obj +or a similar function and then calling +.Xr ASN1_OBJECT_free 3 +on the returned pointer will have no effect. +.Pp +.Fn OBJ_cleanup +cleans up the internal object table: this should be called before +an application exits if any new objects were added using +.Fn OBJ_create . +.Pp +Objects can have a short name, a long name, and a numerical +identifier (NID) associated with them. +A standard set of objects is represented in an internal table. +The appropriate values are defined in the header file +.In openssl/objects.h . +.Pp +For example, the OID for commonName has the following definitions: +.Bd -literal +#define SN_commonName "CN" +#define LN_commonName "commonName" +#define NID_commonName 13 +.Ed +.Pp +New objects can be added by calling +.Fn OBJ_create . +.Pp +Table objects have certain advantages over other objects: for example +their NIDs can be used in a C language switch statement. +They are also static constant structures which are shared: that is there +is only a single constant structure for each table object. +.Pp +Objects which are not in the table have the NID value +.Dv NID_undef . +.Pp +Objects do not need to be in the internal tables to be processed: +the functions +.Fn OBJ_txt2obj +and +.Fn OBJ_obj2txt +can process the numerical form of an OID. +.Sh RETURN VALUES +.Fn OBJ_nid2obj +and +.Fn OBJ_dup +return an +.Vt ASN1_OBJECT +object or +.Dv NULL +if an error occurs. +.Pp +.Fn OBJ_nid2ln +and +.Fn OBJ_nid2sn +return a valid string or +.Dv NULL +on error. +.Pp +.Fn OBJ_obj2nid , +.Fn OBJ_ln2nid , +.Fn OBJ_sn2nid , +and +.Fn OBJ_txt2nid +return a NID or +.Dv NID_undef +on error. +.Pp +.Fn OBJ_create +returns the new NID or +.Dv NID_undef +if an error occurs. +.Sh EXAMPLES +Create an object for +.Sy commonName : +.Bd -literal -offset indent +ASN1_OBJECT *o; +o = OBJ_nid2obj(NID_commonName); +.Ed +.Pp +Check if an object is +.Sy commonName : +.Bd -literal -offset indent +if (OBJ_obj2nid(obj) == NID_commonName) + /* Do something */ +.Ed +.Pp +Create a new NID and initialize an object from it: +.Bd -literal -offset indent +int new_nid; +ASN1_OBJECT *obj; +new_nid = OBJ_create("1.2.3.4", "NewOID", "New Object Identifier"); +obj = OBJ_nid2obj(new_nid); +.Ed +.Pp +Create a new object directly: +.Bd -literal -offset indent +obj = OBJ_txt2obj("1.2.3.4", 1); +.Ed +.Sh SEE ALSO +.Xr ERR_get_error 3 +.Sh HISTORY +.Fn OBJ_nid2obj , +.Fn OBJ_nid2ln , +.Fn OBJ_nid2sn , +.Fn OBJ_obj2nid , +.Fn OBJ_ln2nid , +.Fn OBJ_sn2nid , +.Fn OBJ_txt2nid , +.Fn OBJ_cmp , +and +.Fn OBJ_dup +first appeared in SSLeay 0.5.1. +.Fn OBJ_cleanup +first appeared in SSLeay 0.8.0. +.Fn OBJ_create +and +.Fn i2t_ASN1_OBJECT +first appeared in SSLeay 0.9.0. +All these functions have been available since +.Ox 2.4 . +.Pp +.Fn OBJ_txt2obj +first appeared in OpenSSL 0.9.2b. +.Fn OBJ_obj2txt +first appeared in OpenSSL 0.9.4. +Both functions have been available since +.Ox 2.6 . +.Sh BUGS +.Fn OBJ_obj2txt +is awkward and messy to use: it doesn't follow the convention of other +OpenSSL functions where the buffer can be set to +.Dv NULL +to determine the amount of data that should be written. +Instead +.Fa buf +must point to a valid buffer and +.Fa buf_len +should be set to a positive value. +A buffer length of 80 should be more than enough to handle any OID +encountered in practice. diff --git a/src/lib/libcrypto/man/OCSP_CRLID_new.3 b/src/lib/libcrypto/man/OCSP_CRLID_new.3 new file mode 100644 index 00000000000..ff0819166e0 --- /dev/null +++ b/src/lib/libcrypto/man/OCSP_CRLID_new.3 @@ -0,0 +1,112 @@ +.\" $OpenBSD: OCSP_CRLID_new.3,v 1.6 2018/05/13 14:36:05 schwarze Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: May 13 2018 $ +.Dt OCSP_CRLID_NEW 3 +.Os +.Sh NAME +.Nm OCSP_CRLID_new , +.Nm OCSP_CRLID_free , +.Nm OCSP_crlID_new +.Nd OCSP CRL extension +.Sh SYNOPSIS +.In opsenssl/ocsp.h +.Ft OCSP_CRLID * +.Fn OCSP_CRLID_new void +.Ft void +.Fn OCSP_CRLID_free "OCSP_CRLID *crlid" +.Ft X509_EXTENSION * +.Fo OCSP_crlID_new +.Fa "const char *url" +.Fa "long *number" +.Fa "char *time" +.Fc +.Sh DESCRIPTION +If a client asks about the validity of a certificate and it turns +out to be invalid, the responder may optionally communicate which +certificate revocation list the certificate was found on. +The required data is stored as an ASN.1 +.Vt CrlID +structure in the singleExtensions field of the +.Vt SingleResponse +structure. +The +.Vt CrlID +is represented by an +.Vt OCSP_CRLID +object, which will be stored inside the +.Vt OCSP_SINGLERESP +object documented in +.Xr OCSP_SINGLERESP_new 3 . +.Pp +.Fn OCSP_CRLID_new +allocates and initializes an empty +.Vt OCSP_CRLID +object. +.Fn OCSP_CRLID_free +frees +.Fa crlid . +.Pp +.Fn OCSP_crlID_new +accepts the +.Fa url +at which the CRL is available, the CRL +.Fa number , +and/or the +.Fa time +at which the CRL was created. +Each argument can be +.Dv NULL , +in which case the respective field is omitted. +The resulting +.Vt CrlID +structure is encoded in ASN.1 using +.Xr X509V3_EXT_i2d 3 +with criticality 0. +.Sh RETURN VALUES +.Fn OCSP_CRLID_new +returns a new +.Vt OCSP_CRLID +object or +.Dv NULL +if an error occurred. +.Pp +.Fn OCSP_crlID_new +returns a new +.Vt X509_EXTENSION +object or +.Dv NULL +if an error occurred. +.Sh SEE ALSO +.Xr OCSP_resp_find_status 3 , +.Xr OCSP_response_status 3 , +.Xr X509_EXTENSION_new 3 +.Sh STANDARDS +RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate +Status Protocol, section 4.4.2: CRL References +.Sh HISTORY +.Fn OCSP_CRLID_new , +.Fn OCSP_CRLID_free , +and +.Fn OCSP_crlID_new +first appeared in OpenSSL 0.9.7 and have been available since +.Ox 3.2 . +.Sh CAVEATS +The function names +.Fn OCSP_CRLID_new +and +.Fn OCSP_crlID_new +only differ in case. diff --git a/src/lib/libcrypto/man/OCSP_REQUEST_new.3 b/src/lib/libcrypto/man/OCSP_REQUEST_new.3 new file mode 100644 index 00000000000..8f3f56b6c46 --- /dev/null +++ b/src/lib/libcrypto/man/OCSP_REQUEST_new.3 @@ -0,0 +1,323 @@ +.\" $OpenBSD: OCSP_REQUEST_new.3,v 1.8 2018/03/22 21:08:22 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file is a derived work. +.\" The changes are covered by the following Copyright and license: +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" The original file was written by Dr. Stephen Henson . +.\" Copyright (c) 2014, 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 22 2018 $ +.Dt OCSP_REQUEST_NEW 3 +.Os +.Sh NAME +.Nm OCSP_REQUEST_new , +.Nm OCSP_REQUEST_free , +.Nm OCSP_SIGNATURE_new , +.Nm OCSP_SIGNATURE_free , +.Nm OCSP_REQINFO_new , +.Nm OCSP_REQINFO_free , +.Nm OCSP_ONEREQ_new , +.Nm OCSP_ONEREQ_free , +.Nm OCSP_request_add0_id , +.Nm OCSP_request_sign , +.Nm OCSP_request_add1_cert , +.Nm OCSP_request_onereq_count , +.Nm OCSP_request_onereq_get0 +.Nd OCSP request functions +.Sh SYNOPSIS +.In openssl/ocsp.h +.Ft OCSP_REQUEST * +.Fn OCSP_REQUEST_new void +.Ft void +.Fn OCSP_REQUEST_free "OCSP_REQUEST *req" +.Ft OCSP_SIGNATURE * +.Fn OCSP_SIGNATURE_new void +.Ft void +.Fn OCSP_SIGNATURE_free "OCSP_SIGNATURE *signature" +.Ft OCSP_REQINFO * +.Fn OCSP_REQINFO_new void +.Ft void +.Fn OCSP_REQINFO_free "OCSP_REQINFO *reqinfo" +.Ft OCSP_ONEREQ * +.Fn OCSP_ONEREQ_new void +.Ft void +.Fn OCSP_ONEREQ_free "OCSP_ONEREQ *onereq" +.Ft OCSP_ONEREQ * +.Fo OCSP_request_add0_id +.Fa "OCSP_REQUEST *req" +.Fa "OCSP_CERTID *cid" +.Fc +.Ft int +.Fo OCSP_request_sign +.Fa "OCSP_REQUEST *req" +.Fa "X509 *signer" +.Fa "EVP_PKEY *key" +.Fa "const EVP_MD *dgst" +.Fa "STACK_OF(X509) *certs" +.Fa "unsigned long flags" +.Fc +.Ft int +.Fo OCSP_request_add1_cert +.Fa "OCSP_REQUEST *req" +.Fa "X509 *cert" +.Fc +.Ft int +.Fo OCSP_request_onereq_count +.Fa "OCSP_REQUEST *req" +.Fc +.Ft OCSP_ONEREQ * +.Fo OCSP_request_onereq_get0 +.Fa "OCSP_REQUEST *req" +.Fa "int i" +.Fc +.Sh DESCRIPTION +.Fn OCSP_REQUEST_new +allocates and initializes an empty +.Vt OCSP_REQUEST +object, representing an ASN.1 +.Vt OCSPRequest +structure defined in RFC 6960. +.Fn OCSP_REQUEST_free +frees +.Fa req . +.Pp +.Fn OCSP_SIGNATURE_new +allocates and initializes an empty +.Vt OCSP_SIGNATURE +object, representing an ASN.1 +.Vt Signature +structure defined in RFC 6960. +Such an object is used inside +.Vt OCSP_REQUEST . +.Fn OCSP_SIGNATURE_free +frees +.Fa signature . +.Pp +.Fn OCSP_REQINFO_new +allocates and initializes an empty +.Vt OCSP_REQINFO +object, representing an ASN.1 +.Vt TBSRequest +structure defined in RFC 6960. +Such an object is used inside +.Vt OCSP_REQUEST . +It asks about the validity of one or more certificates. +.Fn OCSP_REQINFO_free +frees +.Fa reqinfo . +.Pp +.Fn OCSP_ONEREQ_new +allocates and initializes an empty +.Vt OCSP_ONEREQ +object, representing an ASN.1 +.Vt Request +structure defined in RFC 6960. +Such objects are used inside +.Vt OCSP_REQINFO . +Each one asks about the validity of one certificiate. +.Fn OCSP_ONEREQ_free +frees +.Fa onereq . +.Pp +.Fn OCSP_request_add0_id +adds certificate ID +.Fa cid +to +.Fa req . +It returns the +.Vt OCSP_ONEREQ +object added so an application can add additional extensions to the +request. +The +.Fa cid +parameter must not be freed up after the operation. +.Pp +.Fn OCSP_request_sign +signs OCSP request +.Fa req +using certificate +.Fa signer , +private key +.Fa key , +digest +.Fa dgst , +and additional certificates +.Fa certs . +If the +.Fa flags +option +.Dv OCSP_NOCERTS +is set, then no certificates will be included in the request. +.Pp +.Fn OCSP_request_add1_cert +adds certificate +.Fa cert +to request +.Fa req . +The application is responsible for freeing up +.Fa cert +after use. +.Pp +.Fn OCSP_request_onereq_count +returns the total number of +.Vt OCSP_ONEREQ +objects in +.Fa req . +.Pp +.Fn OCSP_request_onereq_get0 +returns an internal pointer to the +.Vt OCSP_ONEREQ +contained in +.Fa req +of index +.Fa i . +The index value +.Fa i +runs from 0 to +.Fn OCSP_request_onereq_count req No - 1 . +.Pp +.Fn OCSP_request_onereq_count +and +.Fn OCSP_request_onereq_get0 +are mainly used by OCSP responders. +.Sh RETURN VALUES +.Fn OCSP_REQUEST_new , +.Fn OCSP_SIGNATURE_new , +.Fn OCSP_REQINFO_new , +and +.Fn OCSP_ONEREQ_new +return an empty +.Vt OCSP_REQUEST , +.Vt OCSP_SIGNATURE , +.Vt OCSP_REQINFO , +or +.Vt OCSP_ONEREQ +object, respectively, or +.Dv NULL +if an error occurred. +.Pp +.Fn OCSP_request_add0_id +returns the +.Vt OCSP_ONEREQ +object containing +.Fa cid +or +.Dv NULL +if an error occurred. +.Pp +.Fn OCSP_request_sign +and +.Fn OCSP_request_add1_cert +return 1 for success or 0 for failure. +.Pp +.Fn OCSP_request_onereq_count +returns the total number of +.Vt OCSP_ONEREQ +objects in +.Fa req . +.Pp +.Fn OCSP_request_onereq_get0 +returns a pointer to an +.Vt OCSP_ONEREQ +object or +.Dv NULL +if the index value is out of range. +.Sh EXAMPLES +Create an +.Vt OCSP_REQUEST +object for certificate +.Fa cert +with issuer +.Fa issuer : +.Bd -literal -offset indent +OCSP_REQUEST *req; +OCSP_ID *cid; + +req = OCSP_REQUEST_new(); +if (req == NULL) + /* error */ +cid = OCSP_cert_to_id(EVP_sha1(), cert, issuer); +if (cid == NULL) + /* error */ + +if (OCSP_REQUEST_add0_id(req, cid) == NULL) + /* error */ + + /* Do something with req, e.g. query responder */ + +OCSP_REQUEST_free(req); +.Ed +.Sh SEE ALSO +.Xr ACCESS_DESCRIPTION_new 3 , +.Xr OCSP_cert_to_id 3 , +.Xr OCSP_request_add1_nonce 3 , +.Xr OCSP_resp_find_status 3 , +.Xr OCSP_response_status 3 , +.Xr OCSP_sendreq_new 3 , +.Xr OCSP_SERVICELOC_new 3 +.Sh STANDARDS +RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate +Status Protocol, section 4.1: Request Syntax +.Sh HISTORY +These functions first appeared in OpenSSL 0.9.7 +and have been available since +.Ox 3.2 . diff --git a/src/lib/libcrypto/man/OCSP_SERVICELOC_new.3 b/src/lib/libcrypto/man/OCSP_SERVICELOC_new.3 new file mode 100644 index 00000000000..febd71699bb --- /dev/null +++ b/src/lib/libcrypto/man/OCSP_SERVICELOC_new.3 @@ -0,0 +1,108 @@ +.\" $OpenBSD: OCSP_SERVICELOC_new.3,v 1.7 2018/05/13 14:36:05 schwarze Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: May 13 2018 $ +.Dt OCSP_SERVICELOC_NEW 3 +.Os +.Sh NAME +.Nm OCSP_SERVICELOC_new , +.Nm OCSP_SERVICELOC_free , +.Nm OCSP_url_svcloc_new +.Nd OCSP service locator extension +.Sh SYNOPSIS +.In openssl/ocsp.h +.Ft OCSP_SERVICELOC * +.Fn OCSP_SERVICELOC_new void +.Ft void +.Fn OCSP_SERVICELOC_free "OCSP_SERVICELOC *sloc" +.Ft X509_EXTENSION * +.Fo OCSP_url_svcloc_new +.Fa "X509_NAME *issuer" +.Fa "const char **urls" +.Fc +.Sh DESCRIPTION +Due to restrictions of network routing, a client may be unable to +directly contact the authoritative OCSP server for a certificate +that needs to be checked. +In that case, the request can be sent via a proxy server. +An ASN.1 +.Vt ServiceLocator +structure is included in the singleRequestExtensions field of the +.Vt Request +structure to indicate where to forward the request. +The +.Vt ServiceLocator +is represented by a +.Vt OCSP_SERVICELOC +object, which will be stored inside the +.Vt OCSP_ONEREQ +object documented in +.Xr OCSP_ONEREQ_new 3 . +.Pp +.Fn OCSP_SERVICELOC_new +allocates and initializes an empty +.Vt OCSP_SERVICELOC +object. +.Fn OCSP_SERVICELOC_free +frees +.Fa sloc . +.Pp +.Fn OCSP_url_svcloc_new +requires an +.Fa issuer +name and optionally accepts an array of +.Fa urls . +If +.Fa urls +or its first element is +.Dv NULL , +the locator field is omitted from the +.Vt ServiceLocator +structure and only the issuer is included. +The resulting +.Vt ServiceLocator +structure is encoded in ASN.1 using +.Xr X509V3_EXT_i2d 3 +with criticality 0. +.Sh RETURN VALUES +.Fn OCSP_SERVICELOC_new +returns a new +.Vt OCSP_SERVICELOC +object or +.Dv NULL +if an error occurred. +.Pp +.Fn OCSP_url_svcloc_new +returns a new +.Vt X509_EXTENSION +object or +.Dv NULL +if an error occurred. +.Sh SEE ALSO +.Xr OCSP_REQUEST_new 3 , +.Xr X509_EXTENSION_new 3 , +.Xr X509_get_issuer_name 3 , +.Xr X509_NAME_new 3 +.Sh STANDARDS +RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate +Status Protocol, section 4.4.6: Service Locator +.Sh HISTORY +.Fn OCSP_SERVICELOC_new , +.Fn OCSP_SERVICELOC_free , +and +.Fn OCSP_url_svcloc_new +first appeared in OpenSSL 0.9.7 and have been available since +.Ox 3.2 . diff --git a/src/lib/libcrypto/man/OCSP_cert_to_id.3 b/src/lib/libcrypto/man/OCSP_cert_to_id.3 new file mode 100644 index 00000000000..2b8c23715f4 --- /dev/null +++ b/src/lib/libcrypto/man/OCSP_cert_to_id.3 @@ -0,0 +1,230 @@ +.\" $OpenBSD: OCSP_cert_to_id.3,v 1.9 2018/08/24 20:04:10 tb Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file is a derived work. +.\" The changes are covered by the following Copyright and license: +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" The original file was written by Dr. Stephen Henson . +.\" Copyright (c) 2014, 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: August 24 2018 $ +.Dt OCSP_CERT_TO_ID 3 +.Os +.Sh NAME +.Nm OCSP_CERTID_new , +.Nm OCSP_CERTID_free , +.Nm OCSP_cert_to_id , +.Nm OCSP_cert_id_new , +.Nm OCSP_id_issuer_cmp , +.Nm OCSP_id_cmp , +.Nm OCSP_id_get0_info +.Nd OCSP certificate ID utility functions +.Sh SYNOPSIS +.In openssl/ocsp.h +.Ft OCSP_CERTID * +.Fn OCSP_CERTID_new void +.Ft void +.Fn OCSP_CERTID_free "OCSP_CERTID *id" +.Ft OCSP_CERTID * +.Fo OCSP_cert_to_id +.Fa "const EVP_MD *dgst" +.Fa "const X509 *subject" +.Fa "const X509 *issuer" +.Fc +.Ft OCSP_CERTID * +.Fo OCSP_cert_id_new +.Fa "const EVP_MD *dgst" +.Fa "const X509_NAME *issuerName" +.Fa "const ASN1_BIT_STRING *issuerKey" +.Fa "const ASN1_INTEGER *serialNumber" +.Fc +.Ft int +.Fo OCSP_id_issuer_cmp +.Fa "OCSP_CERTID *a" +.Fa "OCSP_CERTID *b" +.Fc +.Ft int +.Fo OCSP_id_cmp +.Fa "OCSP_CERTID *a" +.Fa "OCSP_CERTID *b" +.Fc +.Ft int +.Fo OCSP_id_get0_info +.Fa "ASN1_OCTET_STRING **piNameHash" +.Fa "ASN1_OBJECT **pmd" +.Fa "ASN1_OCTET_STRING **pikeyHash" +.Fa "ASN1_INTEGER **pserial" +.Fa "OCSP_CERTID *cid" +.Fc +.Sh DESCRIPTION +.Fn OCSP_CERTID_new +allocates and initializes an empty +.Vt OCSP_CERTID +object, representing an ASN.1 +.Vt CertID +structure defined in RFC 6960. +It can store hashes of an issuer's distinguished name and public +key together with a serial number of a certificate. +It is used by the +.Vt OCSP_ONEREQ +object described in +.Xr OCSP_ONEREQ_new 3 +and by the +.Vt OCSP_SINGLERESP +object described in +.Xr OCSP_SINGLERESP_new 3 . +.Fn OCSP_CERTID_free +frees +.Fa id . +.Pp +.Fn OCSP_cert_to_id +creates and returns a new +.Vt OCSP_CERTID +object using message digest +.Fa dgst +for certificate +.Fa subject +with issuer +.Fa issuer . +If +.Fa dgst +is +.Dv NULL +then SHA1 is used. +.Pp +.Fn OCSP_cert_id_new +creates and returns a new +.Vt OCSP_CERTID +using +.Fa dgst +and issuer name +.Fa issuerName , +issuer key hash +.Fa issuerKey +and serial number +.Fa serialNumber . +.Pp +.Fn OCSP_id_cmp +compares +.Vt OCSP_CERTID +.Fa a +and +.Fa b . +.Pp +.Fn OCSP_id_issuer_cmp +compares only the issuer name of +.Vt OCSP_CERTID +.Fa a +and +.Fa b . +.Pp +.Fn OCSP_id_get0_info +returns the issuer name hash, hash OID, issuer key hash and serial +number contained in +.Fa cid . +If any of the values are not required the corresponding parameter can be +set to +.Dv NULL . +The values returned by +.Fn OCSP_id_get0_info +are internal pointers and must not be freed up by an application: +they will be freed when the corresponding +.Vt OCSP_CERTID +object is freed. +.Pp +OCSP clients will typically only use +.Fn OCSP_cert_to_id +or +.Fn OCSP_cert_id_new : +the other functions are used by responder applications. +.Sh RETURN VALUES +.Fn OCSP_CERTID_new , +.Fn OCSP_cert_to_id , +and +.Fn OCSP_cert_id_new +return either a pointer to a valid +.Vt OCSP_CERTID +object or +.Dv NULL +if an error occurred. +.Pp +.Fn OCSP_id_cmp +and +.Fn OCSP_id_issuer_cmp +return 0 for a match or non-zero otherwise. +.Pp +.Fn OCSP_id_get0_info +returns 1 for success or 0 for failure. +.Sh SEE ALSO +.Xr OCSP_request_add1_nonce 3 , +.Xr OCSP_REQUEST_new 3 , +.Xr OCSP_resp_find_status 3 , +.Xr OCSP_response_status 3 , +.Xr OCSP_sendreq_new 3 , +.Xr X509_get_issuer_name 3 , +.Xr X509_NAME_new 3 +.Sh STANDARDS +RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate +Status Protocol, section 4: Details of the Protocol +.Sh HISTORY +These functions first appeared in OpenSSL 0.9.7 +and have been available since +.Ox 3.2 . diff --git a/src/lib/libcrypto/man/OCSP_request_add1_nonce.3 b/src/lib/libcrypto/man/OCSP_request_add1_nonce.3 new file mode 100644 index 00000000000..036c937c611 --- /dev/null +++ b/src/lib/libcrypto/man/OCSP_request_add1_nonce.3 @@ -0,0 +1,163 @@ +.\" $OpenBSD: OCSP_request_add1_nonce.3,v 1.4 2018/03/22 21:08:22 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2014, 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 22 2018 $ +.Dt OCSP_REQUEST_ADD1_NONCE 3 +.Os +.Sh NAME +.Nm OCSP_request_add1_nonce , +.Nm OCSP_basic_add1_nonce , +.Nm OCSP_check_nonce , +.Nm OCSP_copy_nonce +.Nd OCSP nonce functions +.Sh SYNOPSIS +.In openssl/ocsp.h +.Ft int +.Fo OCSP_request_add1_nonce +.Fa "OCSP_REQUEST *req" +.Fa "unsigned char *val" +.Fa "int len" +.Fc +.Ft int +.Fo OCSP_basic_add1_nonce +.Fa "OCSP_BASICRESP *resp" +.Fa "unsigned char *val" +.Fa "int len" +.Fc +.Ft int +.Fo OCSP_check_nonce +.Fa "OCSP_REQUEST *req" +.Fa "OCSP_BASICRESP *resp" +.Fc +.Ft int +.Fo OCSP_copy_nonce +.Fa "OCSP_BASICRESP *resp" +.Fa "OCSP_REQUEST *req" +.Fc +.Sh DESCRIPTION +An OCSP nonce is typically added to an OCSP request to thwart replay +attacks by checking the same nonce value appears in the response. +.Pp +.Fn OCSP_request_add1_nonce +adds a nonce of value +.Fa val +and length +.Fa len +to OCSP request +.Fa req . +If +.Fa val +is +.Dv NULL , +a random nonce is used. +If +.Fa len +is zero or negative, a default length will be used (currently 16 bytes). +For most purposes the nonce value in a request is set to a random value +so the +.Fa val +parameter in +.Fn OCSP_request_add1_nonce +is usually NULL. +.Pp +.Fn OCSP_basic_add1_nonce +is identical to +.Fn OCSP_request_add1_nonce +except it adds a nonce to OCSP basic response +.Fa resp . +.Pp +.Fn OCSP_check_nonce +compares the nonce value in +.Fa req +and +.Fa resp . +.Pp +.Fn OCSP_copy_nonce +copies any nonce value present in +.Fa req +to +.Fa resp . +.Pp +Some responders may include a nonce in all responses even if one is not +supplied. +.Pp +Some responders cache OCSP responses and do not sign each response for +performance reasons. +As a result they do not support nonces. +.Sh RETURN VALUES +.Fn OCSP_request_add1_nonce +and +.Fn OCSP_basic_add1_nonce +return 1 for success or 0 for failure. +.Pp +.Fn OCSP_copy_nonce +returns 1 if a nonce was successfully copied, 2 if no nonce was +present in +.Fa req , +or 0 if an error occurred. +.Pp +.Fn OCSP_check_nonce +returns positive values for success: 1 if nonces are present and +equal, 2 if both nonces are absent, or 3 if a nonce is present in +the response only. +A zero return value indicates that both nonces are present but +mismatch: this should be treated as an error condition. +A return value of -1 indicates that a nonce is present in the request +only: this will happen if the responder doesn't support nonces. +.Sh SEE ALSO +.Xr OCSP_cert_to_id 3 , +.Xr OCSP_REQUEST_new 3 , +.Xr OCSP_resp_find_status 3 , +.Xr OCSP_response_status 3 , +.Xr OCSP_sendreq_new 3 +.Sh HISTORY +These functions first appeared in OpenSSL 0.9.7 +and have been available since +.Ox 3.2 . diff --git a/src/lib/libcrypto/man/OCSP_resp_find_status.3 b/src/lib/libcrypto/man/OCSP_resp_find_status.3 new file mode 100644 index 00000000000..a32019c4d6d --- /dev/null +++ b/src/lib/libcrypto/man/OCSP_resp_find_status.3 @@ -0,0 +1,478 @@ +.\" $OpenBSD: OCSP_resp_find_status.3,v 1.9 2019/03/15 11:15:33 schwarze Exp $ +.\" full merge up to: OpenSSL c952780c Jun 21 07:03:34 2016 -0400 +.\" selective merge up to: OpenSSL 1212818e Sep 11 13:22:14 2018 +0100 +.\" +.\" This file is a derived work. +.\" The changes are covered by the following Copyright and license: +.\" +.\" Copyright (c) 2016, 2018 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" The original file was written by Dr. Stephen Henson +.\" and David von Oheimb . +.\" Copyright (c) 2014, 2018 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 15 2019 $ +.Dt OCSP_RESP_FIND_STATUS 3 +.Os +.Sh NAME +.Nm OCSP_SINGLERESP_new , +.Nm OCSP_SINGLERESP_free , +.Nm OCSP_CERTSTATUS_new , +.Nm OCSP_CERTSTATUS_free , +.Nm OCSP_REVOKEDINFO_new , +.Nm OCSP_REVOKEDINFO_free , +.Nm OCSP_resp_find_status , +.Nm OCSP_resp_count , +.Nm OCSP_resp_get0 , +.Nm OCSP_resp_find , +.Nm OCSP_SINGLERESP_get0_id , +.Nm OCSP_single_get0_status , +.Nm OCSP_check_validity , +.Nm OCSP_basic_verify +.Nd OCSP response utility functions +.Sh SYNOPSIS +.In openssl/ocsp.h +.Ft OCSP_SINGLERESP * +.Fn OCSP_SINGLERESP_new void +.Ft void +.Fn OCSP_SINGLERESP_free "OCSP_SINGLERESP *single" +.Ft OCSP_CERTSTATUS * +.Fn OCSP_CERTSTATUS_new void +.Ft void +.Fn OCSP_CERTSTATUS_free "OCSP_CERTSTATUS *certstatus" +.Ft OCSP_REVOKEDINFO * +.Fn OCSP_REVOKEDINFO_new void +.Ft void +.Fn OCSP_REVOKEDINFO_free "OCSP_REVOKEDINFO *revokedinfo" +.Ft int +.Fo OCSP_resp_find_status +.Fa "OCSP_BASICRESP *bs" +.Fa "OCSP_CERTID *id" +.Fa "int *status" +.Fa "int *reason" +.Fa "ASN1_GENERALIZEDTIME **revtime" +.Fa "ASN1_GENERALIZEDTIME **thisupd" +.Fa "ASN1_GENERALIZEDTIME **nextupd" +.Fc +.Ft int +.Fo OCSP_resp_count +.Fa "OCSP_BASICRESP *bs" +.Fc +.Ft OCSP_SINGLERESP * +.Fo OCSP_resp_get0 +.Fa "OCSP_BASICRESP *bs" +.Fa "int idx" +.Fc +.Ft int +.Fo OCSP_resp_find +.Fa "OCSP_BASICRESP *bs" +.Fa "OCSP_CERTID *id" +.Fa "int last" +.Fc +.Ft const OCSP_CERTID * +.Fo OCSP_SINGLERESP_get0_id +.Fa "const OCSP_SINGLERESP *single" +.Fc +.Ft int +.Fo OCSP_single_get0_status +.Fa "OCSP_SINGLERESP *single" +.Fa "int *reason" +.Fa "ASN1_GENERALIZEDTIME **revtime" +.Fa "ASN1_GENERALIZEDTIME **thisupd" +.Fa "ASN1_GENERALIZEDTIME **nextupd" +.Fc +.Ft int +.Fo OCSP_check_validity +.Fa "ASN1_GENERALIZEDTIME *thisupd" +.Fa "ASN1_GENERALIZEDTIME *nextupd" +.Fa "long sec" +.Fa "long maxsec" +.Fc +.Ft int +.Fo OCSP_basic_verify +.Fa "OCSP_BASICRESP *bs" +.Fa "STACK_OF(X509) *certs" +.Fa "X509_STORE *st" +.Fa "unsigned long flags" +.Fc +.Sh DESCRIPTION +.Fn OCSP_SINGLERESP_new +allocates and initializes an empty +.Vt OCSP_SINGLERESP +object, representing an ASN.1 +.Vt SingleResponse +structure defined in RFC 6960. +Each such object can store the server's answer regarding the validity +of one individual certificate. +Such objects are used inside the +.Vt OCSP_RESPDATA +of +.Vt OCSP_BASICRESP +objects, which are described in +.Xr OCSP_BASICRESP_new 3 . +.Fn OCSP_SINGLERESP_free +frees +.Fa single . +.Pp +.Fn OCSP_CERTSTATUS_new +allocates and initializes an empty +.Vt OCSP_CERTSTATUS +object, representing an ASN.1 +.Vt CertStatus +structure defined in RFC 6960. +Such an object is used inside +.Vt OCSP_SINGLERESP . +.Fn OCSP_CERTSTATUS_free +frees +.Fa certstatus . +.Pp +.Fn OCSP_REVOKEDINFO_new +allocates and initializes an empty +.Vt OCSP_REVOKEDINFO +object, representing an ASN.1 +.Vt RevokedInfo +structure defined in RFC 6960. +Such an object is used inside +.Vt OCSP_CERTSTATUS . +.Fn OCSP_REVOKEDINFO_free +frees +.Fa revokedinfo . +.Pp +.Fn OCSP_resp_find_status +searches +.Fa bs +for an OCSP response for +.Fa id . +If it is successful, the fields of the response are returned in +.Pf * Fa status , +.Pf * Fa reason , +.Pf * Fa revtime , +.Pf * Fa thisupd +and +.Pf * Fa nextupd . +The +.Pf * Fa status +value will be one of +.Dv V_OCSP_CERTSTATUS_GOOD , +.Dv V_OCSP_CERTSTATUS_REVOKED , +or +.Dv V_OCSP_CERTSTATUS_UNKNOWN . +The +.Pf * Fa reason +and +.Pf * Fa revtime +fields are only set if the status is +.Dv V_OCSP_CERTSTATUS_REVOKED . +If set, the +.Pf * Fa reason +field will be set to the revocation reason which will be one of +.Dv OCSP_REVOKED_STATUS_NOSTATUS , +.Dv OCSP_REVOKED_STATUS_UNSPECIFIED , +.Dv OCSP_REVOKED_STATUS_KEYCOMPROMISE , +.Dv OCSP_REVOKED_STATUS_CACOMPROMISE , +.Dv OCSP_REVOKED_STATUS_AFFILIATIONCHANGED , +.Dv OCSP_REVOKED_STATUS_SUPERSEDED , +.Dv OCSP_REVOKED_STATUS_CESSATIONOFOPERATION , +.Dv OCSP_REVOKED_STATUS_CERTIFICATEHOLD +or +.Dv OCSP_REVOKED_STATUS_REMOVEFROMCRL . +.Pp +.Fn OCSP_resp_count +returns the number of +.Vt OCSP_SINGLERESP +structures in +.Fa bs . +.Pp +.Fn OCSP_resp_get0 +returns the +.Vt OCSP_SINGLERESP +structure in +.Fa bs +corresponding to index +.Fa idx , +where +.Fa idx +runs from 0 to +.Fn OCSP_resp_count bs No - 1 . +.Pp +.Fn OCSP_resp_find +searches +.Fa bs +for +.Fa id +and returns the index of the first matching entry after +.Fa last +or starting from the beginning if +.Fa last +is -1. +.Pp +.Fn OCSP_single_get0_status +extracts the fields of +.Fa single +in +.Pf * Fa reason , +.Pf * Fa revtime , +.Pf * Fa thisupd , +and +.Pf * Fa nextupd . +.Pp +.Fn OCSP_check_validity +checks the validity of +.Fa thisupd +and +.Fa nextupd +values which will be typically obtained from +.Fn OCSP_resp_find_status +or +.Fn OCSP_single_get0_status . +If +.Fa sec +is non-zero it indicates how many seconds leeway should be allowed in +the check. +If +.Fa maxsec +is positive it indicates the maximum age of +.Fa thisupd +in seconds. +.Pp +Applications will typically call +.Fn OCSP_resp_find_status +using the certificate ID of interest and then check its validity using +.Fn OCSP_check_validity . +They can then take appropriate action based on the status of the +certificate. +.Pp +An OCSP response for a certificate contains +.Sy thisUpdate +and +.Sy nextUpdate +fields. +Normally the current time should be between these two values. +To account for clock skew, the +.Fa maxsec +field can be set to non-zero in +.Fn OCSP_check_validity . +Some responders do not set the +.Sy nextUpdate +field. +This would otherwise mean an ancient response would be considered +valid: the +.Fa maxsec +parameter to +.Fn OCSP_check_validity +can be used to limit the permitted age of responses. +.Pp +The values written to +.Pf * Fa revtime , +.Pf * Fa thisupd , +and +.Pf * Fa nextupd +by +.Fn OCSP_resp_find_status +and +.Fn OCSP_single_get0_status +are internal pointers which must not be freed up by the calling +application. +Any or all of these parameters can be set to +.Dv NULL +if their value is not required. +.Pp +.Fn OCSP_basic_verify +checks that the basic response message +.Fa bs +is correctly signed and that the signer certificate can be validated. +It takes +.Fa st +as the trusted store and +.Fa certs +as a set of untrusted intermediate certificates. +The function first tries to find the signer certificate of the response in +.Fa certs . +It also searches the certificates the responder may have included in +.Fa bs +unless the +.Fa flags +contain +.Dv OCSP_NOINTERN . +It fails if the signer certificate cannot be found. +Next, the function checks the signature of +.Fa bs +and fails on error unless the +.Fa flags +contain +.Dv OCSP_NOSIGS . +Then the function already returns +success if the +.Fa flags +contain +.Dv OCSP_NOVERIFY +or if the signer certificate was found in +.Fa certs +and the +.Fa flags +contain +.Dv OCSP_TRUSTOTHER . +Otherwise the function continues by validating the signer certificate. +To this end, all certificates in +.Fa certs +and in +.Fa bs +are considered as untrusted certificates for the construction of +the validation path for the signer certificate unless the +.Dv OCSP_NOCHAIN +flag is set. +After successful path +validation, the function returns success if the +.Dv OCSP_NOCHECKS +flag is set. +Otherwise it verifies that the signer certificate meets the OCSP issuer +criteria including potential delegation. +If this does not succeed and the +.Fa flags +do not contain +.Dv OCSP_NOEXPLICIT , +the function checks for explicit trust for OCSP signing +in the root CA certificate. +.Sh RETURN VALUES +.Fn OCSP_SINGLERESP_new , +.Fn OCSP_CERTSTATUS_new , +and +.Fn OCSP_REVOKEDINFO_new +return a pointer to an empty +.Vt OCSP_SINGLERESP , +.Vt OCSP_CERTSTATUS , +or +.Vt OCSP_REVOKEDINFO +object, respectively, or +.Dv NULL +if an error occurred. +.Pp +.Fn OCSP_resp_find_status +returns 1 if +.Fa id +is found in +.Fa bs +or 0 otherwise. +.Pp +.Fn OCSP_resp_count +returns the total number of +.Vt OCSP_SINGLERESP +fields in +.Fa bs . +.Pp +.Fn OCSP_resp_get0 +returns a pointer to an +.Vt OCSP_SINGLERESP +structure or +.Dv NULL +if +.Fa idx +is out of range. +.Pp +.Fn OCSP_resp_find +returns the index of +.Fa id +in +.Fa bs +(which may be 0) or -1 if +.Fa id +was not found. +.Pp +.Fn OCSP_SINGLERESP_get0_id +returns an internal pointer to the certificate ID object used by +.Fa single ; +the returned pointer should not be freed by the caller. +.Pp +.Fn OCSP_single_get0_status +returns the status of +.Fa single +or -1 if an error occurred. +.Pp +.Fn OCSP_basic_verify +returns 1 on success, 0 on error, or -1 on fatal error such as malloc failure. +.Sh SEE ALSO +.Xr OCSP_cert_to_id 3 , +.Xr OCSP_CRLID_new 3 , +.Xr OCSP_request_add1_nonce 3 , +.Xr OCSP_REQUEST_new 3 , +.Xr OCSP_response_status 3 , +.Xr OCSP_sendreq_new 3 +.Sh STANDARDS +RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate +Status Protocol, section 4.2: Response Syntax +.Sh HISTORY +.Fn OCSP_SINGLERESP_new , +.Fn OCSP_SINGLERESP_free , +.Fn OCSP_CERTSTATUS_new , +.Fn OCSP_CERTSTATUS_free , +.Fn OCSP_REVOKEDINFO_new , +.Fn OCSP_REVOKEDINFO_free , +.Fn OCSP_resp_find_status , +.Fn OCSP_resp_count , +.Fn OCSP_resp_get0 , +.Fn OCSP_resp_find , +.Fn OCSP_single_get0_status , +and +.Fn OCSP_check_validity +first appeared in OpenSSL 0.9.7 and have been available since +.Ox 3.2 . +.Pp +.Fn OCSP_SINGLERESP_get0_id +first appeared in OpenSSL 1.1.0 and has been available since +.Ox 6.3 . diff --git a/src/lib/libcrypto/man/OCSP_response_status.3 b/src/lib/libcrypto/man/OCSP_response_status.3 new file mode 100644 index 00000000000..d720500f610 --- /dev/null +++ b/src/lib/libcrypto/man/OCSP_response_status.3 @@ -0,0 +1,292 @@ +.\" $OpenBSD: OCSP_response_status.3,v 1.6 2018/03/22 21:08:22 schwarze Exp $ +.\" full merge up to: OpenSSL bb9ad09e Jun 6 00:43:05 2016 -0400 +.\" selective merge up to: OpenSSL e23ac625 Jan 24 12:27:19 2018 -0500 +.\" +.\" This file is a derived work. +.\" The changes are covered by the following Copyright and license: +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" The original file was written by Dr. Stephen Henson . +.\" Copyright (c) 2014, 2016, 2018 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 22 2018 $ +.Dt OCSP_RESPONSE_STATUS 3 +.Os +.Sh NAME +.Nm OCSP_RESPONSE_new , +.Nm OCSP_RESPONSE_free , +.Nm OCSP_RESPBYTES_new , +.Nm OCSP_RESPBYTES_free , +.Nm OCSP_BASICRESP_new , +.Nm OCSP_BASICRESP_free , +.Nm OCSP_RESPDATA_new , +.Nm OCSP_RESPDATA_free , +.Nm OCSP_RESPID_new , +.Nm OCSP_RESPID_free , +.Nm OCSP_response_create , +.Nm OCSP_response_status , +.Nm OCSP_response_get1_basic , +.Nm OCSP_basic_sign +.Nd OCSP response functions +.Sh SYNOPSIS +.In openssl/ocsp.h +.Ft OCSP_RESPONSE * +.Fn OCSP_RESPONSE_new void +.Ft void +.Fn OCSP_RESPONSE_free "OCSP_RESPONSE *resp" +.Ft OCSP_RESPBYTES * +.Fn OCSP_RESPBYTES_new void +.Ft void +.Fn OCSP_RESPBYTES_free "OCSP_RESPBYTES *respbytes" +.Ft OCSP_BASICRESP * +.Fn OCSP_BASICRESP_new void +.Ft void +.Fn OCSP_BASICRESP_free "OCSP_BASICRESP *bs" +.Ft OCSP_RESPDATA * +.Fn OCSP_RESPDATA_new void +.Ft void +.Fn OCSP_RESPDATA_free "OCSP_RESPDATA *respdata" +.Ft OCSP_RESPID * +.Fn OCSP_RESPID_new void +.Ft void +.Fn OCSP_RESPID_free "OCSP_RESPID *respid" +.Ft OCSP_RESPONSE * +.Fo OCSP_response_create +.Fa "int status" +.Fa "OCSP_BASICRESP *bs" +.Fc +.Ft int +.Fo OCSP_response_status +.Fa "OCSP_RESPONSE *resp" +.Fc +.Ft OCSP_BASICRESP * +.Fo OCSP_response_get1_basic +.Fa "OCSP_RESPONSE *resp" +.Fc +.Ft int +.Fo OCSP_basic_sign +.Fa "OCSP_BASICRESP *bs" +.Fa "X509 *signer" +.Fa "EVP_PKEY *key" +.Fa "const EVP_MD *dgst" +.Fa "STACK_OF(X509) *certs" +.Fa "unsigned long flags" +.Fc +.Sh DESCRIPTION +.Fn OCSP_RESPONSE_new +allocates and initializes an empty +.Vt OCSP_RESPONSE +object, representing an ASN.1 +.Vt OCSPResponse +structure defined in RFC 6960. +.Fn OCSP_RESPONSE_free +frees +.Fa resp . +.Pp +.Fn OCSP_RESPBYTES_new +allocates and initializes an empty +.Vt OCSP_RESPBYTES +object, representing an ASN.1 +.Vt ResponseBytes +structure defined in RFC 6960. +Such an object is used inside +.Vt OCSP_RESPONSE . +.Fn OCSP_RESPBYTES_free +frees +.Fa respbytes . +.Pp +.Fn OCSP_BASICRESP_new +allocates and initializes an empty +.Vt OCSP_BASICRESP +object, representing an ASN.1 +.Vt BasicOCSPResponse +structure defined in RFC 6960. +.Vt OCSP_RESPBYTES +contains the DER-encoded form of an +.Vt OCSP_BASICRESP +object. +.Fn OCSP_BASICRESP_free +frees +.Fa bs . +.Pp +.Fn OCSP_RESPDATA_new +allocates and initializes an empty +.Vt OCSP_RESPDATA +object, representing an ASN.1 +.Vt ResponseData +structure defined in RFC 6960. +Such an object is used inside +.Vt OCSP_BASICRESP . +.Fn OCSP_RESPDATA_free +frees +.Fa respdata . +.Pp +.Fn OCSP_RESPID_new +allocates and initializes an empty +.Vt OCSP_RESPID +object, representing an ASN.1 +.Vt ResponderID +structure defined in RFC 6960. +Such an object is used inside +.Vt OCSP_RESPDATA . +.Fn OCSP_RESPID_free +frees +.Fa respid . +.Pp +.Fn OCSP_response_create +creates an +.Vt OCSP_RESPONSE +object for +.Fa status +and optionally including the basic response +.Fa bs . +.Pp +.Fn OCSP_response_status +returns the OCSP response status of +.Fa resp . +It returns one of the values +.Dv OCSP_RESPONSE_STATUS_SUCCESSFUL , +.Dv OCSP_RESPONSE_STATUS_MALFORMEDREQUEST , +.Dv OCSP_RESPONSE_STATUS_INTERNALERROR , +.Dv OCSP_RESPONSE_STATUS_TRYLATER , +.Dv OCSP_RESPONSE_STATUS_SIGREQUIRED , +or +.Dv OCSP_RESPONSE_STATUS_UNAUTHORIZED . +.Pp +.Fn OCSP_response_get1_basic +decodes and returns the +.Vt OCSP_BASICRESP +object contained in +.Fa resp . +It is only called if the status of a response is +.Dv OCSP_RESPONSE_STATUS_SUCCESSFUL . +.Pp +.Fn OCSP_basic_sign +signs the OCSP response +.Fa bs +using the certificate +.Fa signer , +the private key +.Fa key , +the digest +.Fa dgst , +and the additional certificates +.Fa certs . +If the +.Fa flags +option +.Dv OCSP_NOCERTS +is set, then no certificates will be included in the request. +If the +.Fa flags +option +.Dv OCSP_RESPID_KEY +is set, then the responder is identified by key ID +rather than by name. +.Sh RETURN VALUES +.Fn OCSP_RESPONSE_new +and +.Fn OCSP_response_create +return a pointer to an +.Vt OCSP_RESPONSE +object or +.Dv NULL +if an error occurred. +.Pp +.Fn OCSP_BASICRESP_new +and +.Fn OCSP_response_get1_basic +return a pointer to an +.Vt OCSP_BASICRESP +object or +.Dv NULL +if an error occurred. +.Pp +.Fn OCSP_RESPBYTES_new , +.Fn OCSP_RESPDATA_new , +and +.Fn OCSP_RESPID_new +return a pointer to an empty +.Vt OCSP_RESPBYTES , +.Vt OCSP_RESPDATA , +or +.Vt OCSP_RESPID +object, respectively, or +.Dv NULL +if an error occurred. +.Pp +.Fn OCSP_response_status +returns a status value. +.Pp +.Fn OCSP_basic_sign +return 1 on success or 0 on failure. +.Sh SEE ALSO +.Xr OCSP_cert_to_id 3 , +.Xr OCSP_request_add1_nonce 3 , +.Xr OCSP_REQUEST_new 3 , +.Xr OCSP_resp_find_status 3 , +.Xr OCSP_sendreq_new 3 +.Sh STANDARDS +RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate +Status Protocol, section 4.2: Response Syntax +.Sh HISTORY +These functions first appeared in OpenSSL 0.9.7 +and have been available since +.Ox 3.2 . diff --git a/src/lib/libcrypto/man/OCSP_sendreq_new.3 b/src/lib/libcrypto/man/OCSP_sendreq_new.3 new file mode 100644 index 00000000000..42cb4159df0 --- /dev/null +++ b/src/lib/libcrypto/man/OCSP_sendreq_new.3 @@ -0,0 +1,253 @@ +.\" $OpenBSD: OCSP_sendreq_new.3,v 1.7 2018/03/23 04:34:23 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2014, 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt OCSP_SENDREQ_NEW 3 +.Os +.Sh NAME +.Nm OCSP_sendreq_new , +.Nm OCSP_sendreq_nbio , +.Nm OCSP_REQ_CTX_free , +.Nm OCSP_REQ_CTX_add1_header , +.Nm OCSP_REQ_CTX_set1_req , +.Nm OCSP_sendreq_bio +.Nd OCSP responder query functions +.Sh SYNOPSIS +.In openssl/ocsp.h +.Ft OCSP_REQ_CTX * +.Fo OCSP_sendreq_new +.Fa "BIO *io" +.Fa "const char *path" +.Fa "OCSP_REQUEST *req" +.Fa "int maxline" +.Fc +.Ft int +.Fo OCSP_sendreq_nbio +.Fa "OCSP_RESPONSE **presp" +.Fa "OCSP_REQ_CTX *rctx" +.Fc +.Ft void +.Fo OCSP_REQ_CTX_free +.Fa "OCSP_REQ_CTX *rctx" +.Fc +.Ft int +.Fo OCSP_REQ_CTX_add1_header +.Fa "OCSP_REQ_CTX *rctx" +.Fa "const char *name" +.Fa "const char *value" +.Fc +.Ft int +.Fo OCSP_REQ_CTX_set1_req +.Fa "OCSP_REQ_CTX *rctx" +.Fa "OCSP_REQUEST *req" +.Fc +.Ft OCSP_RESPONSE * +.Fo OCSP_sendreq_bio +.Fa "BIO *io" +.Fa "const char *path" +.Fa "OCSP_REQUEST *req" +.Fc +.Sh DESCRIPTION +The function +.Fn OCSP_sendreq_new +returns an +.Vt OCSP_REQ_CTX +structure using the responder +.Fa io , +the URI path +.Fa path , +the OCSP request +.Fa req +and with a response header maximum line length of +.Fa maxline . +If +.Fa maxline +is zero, a default value of 4k is used. +The OCSP request +.Fa req +may be set to +.Dv NULL +and provided later if required. +.Pp +The arguments to +.Fn OCSP_sendreq_new +correspond to the components of the URI. +For example, if the responder URI is +.Pa http://ocsp.com/ocspreq , +the BIO +.Fa io +should be connected to host +.Pa ocsp.com +on port 80 and +.Fa path +should be set to +.Qq /ocspreq . +.Pp +.Fn OCSP_sendreq_nbio +performs non-blocking I/O on the OCSP request context +.Fa rctx . +When the operation is complete it returns the response in +.Pf * Fa presp . +If +.Fn OCSP_sendreq_nbio +indicates an operation should be retried, the corresponding BIO can +be examined to determine which operation (read or write) should be +retried and appropriate action can be taken, for example a +.Xr select 2 +call on the underlying socket. +.Pp +.Fn OCSP_REQ_CTX_free +frees up the OCSP context +.Fa rctx . +.Pp +.Fn OCSP_REQ_CTX_add1_header +adds header +.Fa name +with value +.Fa value +to the context +.Fa rctx . +The added headers are of the form +.Qq Fa name : value +or just +.Qq Fa name +if +.Fa value +is +.Dv NULL . +.Fn OCSP_REQ_CTX_add1_header +can be called more than once to add multiple headers. +It must be called before any calls to +.Fn OCSP_sendreq_nbio . +The +.Fa req +parameter in the initial to +.Fn OCSP_sendreq_new +call must be set to +.Dv NULL +if additional headers are set. +.Pp +.Fn OCSP_REQ_CTX_set1_req +sets the OCSP request in +.Fa rctx +to +.Fa req . +This function should be called after any calls to +.Fn OCSP_REQ_CTX_add1_header . +.Pp +.Fn OCSP_sendreq_bio +performs an OCSP request using the responder +.Fa io , +the URI path +.Fa path , +the OCSP request +.Fa req . +It does not support retries and so cannot handle non-blocking I/O +efficiently. +It is retained for compatibility and its use in new applications +is not recommended. +.Sh RETURN VALUES +.Fn OCSP_sendreq_new +returns a valid +.Vt OCSP_REQ_CTX +structure or +.Dv NULL +if an error occurred. +.Pp +.Fn OCSP_sendreq_nbio +returns 1 if the operation was completed successfully, +-1 if the operation should be retried, +or 0 if an error occurred. +.Pp +.Fn OCSP_REQ_CTX_add1_header +and +.Fn OCSP_REQ_CTX_set1_req +return 1 for success or 0 for failure. +.Pp +.Fn OCSP_sendreq_bio +returns the +.Vt OCSP_RESPONSE +structure sent by the responder or +.Dv NULL +if an error occurred. +.Sh EXAMPLES +Add a Host header for +.Pa ocsp.com : +.Pp +.Dl OCSP_REQ_CTX_add1_header(ctx, "Host", "ocsp.com"); +.Sh SEE ALSO +.Xr OCSP_cert_to_id 3 , +.Xr OCSP_request_add1_nonce 3 , +.Xr OCSP_REQUEST_new 3 , +.Xr OCSP_resp_find_status 3 , +.Xr OCSP_response_status 3 +.Sh HISTORY +.Fn OCSP_sendreq_bio +first appeared in OpenSSL 0.9.7 and has been available since +.Ox 3.2 . +.Pp +.Fn OCSP_sendreq_new , +.Fn OCSP_sendreq_nbio , +and +.Fn OCSP_REQ_CTX_free +first appeared in OpenSSL 0.9.8h and have been available since +.Ox 4.5 . +.Pp +.Fn OCSP_REQ_CTX_add1_header +and +.Fn OCSP_REQ_CTX_set1_req +first appeared in OpenSSL 1.0.0 and have been available since +.Ox 4.9 . +.Sh CAVEATS +These functions only perform a minimal HTTP query to a responder. +If an application wishes to support more advanced features, it +should use an alternative, more complete, HTTP library. +.Pp +Currently only HTTP POST queries to responders are supported. diff --git a/src/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 b/src/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 new file mode 100644 index 00000000000..4f37962c9df --- /dev/null +++ b/src/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 @@ -0,0 +1,280 @@ +.\" $OpenBSD: OPENSSL_VERSION_NUMBER.3,v 1.11 2019/03/15 12:32:15 schwarze Exp $ +.\" full merge up to: OpenSSL 1f13ad31 Dec 25 17:50:39 2017 +0800 +.\" +.\" This file is a derived work. +.\" The changes are covered by the following Copyright and license: +.\" +.\" Copyright (c) 2017, 2018 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" The original file was written by Ulf Moeller , +.\" Richard Levitte , and +.\" Bodo Moeller . +.\" Copyright (c) 2000, 2002, 2015, 2016, 2017 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 15 2019 $ +.Dt OPENSSL_VERSION_NUMBER 3 +.Os +.Sh NAME +.Nm OPENSSL_VERSION_NUMBER , +.Nm LIBRESSL_VERSION_NUMBER , +.Nm LIBRESSL_VERSION_TEXT , +.Nm OPENSSL_VERSION_TEXT , +.Nm OpenSSL_version_num , +.Nm OpenSSL_version , +.Nm SSLeay , +.Nm SSLeay_version +.Nd get OpenSSL version number +.Sh SYNOPSIS +.In openssl/opensslv.h +.Fd #define OPENSSL_VERSION_NUMBER 0x020000000L +.Fd #define LIBRESSL_VERSION_NUMBER 0x02nnnn00fL +.Fd #define LIBRESSL_VERSION_TEXT \(dqLibreSSL 2.n.n\(dq +.Fd #define OPENSSL_VERSION_TEXT LIBRESSL_VERSION_TEXT +.In openssl/crypto.h +.Ft unsigned long +.Fn OpenSSL_version_num void +.Ft const char * +.Fo OpenSSL_version +.Fa "int t" +.Fc +.Ft long +.Fn SSLeay void +.Ft const char * +.Fo SSLeay_version +.Fa "int t" +.Fc +.Sh DESCRIPTION +.Dv OPENSSL_VERSION_NUMBER +and +.Dv LIBRESSL_VERSION_NUMBER +are numeric release version identifiers. +The first two digits contain the major release number, +the third and fourth digits the minor release number, +and the fifth and sixth digits the fix release number. +For OpenSSL, the seventh and eight digits contain the patch release number +and the final digit is 0 for development, 1 to e for betas 1 to 14, or f +for release. +For LibreSSL, +.Dv OPENSSL_VERSION_NUMBER +is always 0x020000000, +and +.Dv LIBRESSL_VERSION_NUMBER +always ends with 00f. +.Pp +For example: +.Bd -literal -offset indent +OPENSSL_VERSION_NUMBER: +0x000906000 == 0.9.6 dev +0x000906023 == 0.9.6b beta 3 +0x00090605f == 0.9.6e release +0x020000000 == 2.0.0 for any version of LibreSSL + +LIBRESSL_VERSION_NUMBER: +0x02070000f == LibreSSL 2.7.0 +.Ed +.Pp +OpenSSL versions prior to 0.9.3 had identifiers < 0x0930. +For versions between 0.9.3 and 0.9.5, +the seventh digit was 1 for release and 0 otherwise, +and the eighth and ninth digits were the patch release number. +.Pp +For example: +.Bd -literal +0x000904100 == 0.9.4 release +0x000905000 == 0.9.5 dev +.Ed +.Pp +OpenSSL version 0.9.5a had an interim interpretation that is like the current +one, except the patch level got the highest bit set, to keep continuity. +The number was therefore 0x0090581f. +.Pp +.Fn OpenSSL_version_num +returns +.Dv OPENSSL_VERSION_NUMBER . +.Pp +.Fn OpenSSL_version +returns different strings depending on +.Fa t : +.Bl -tag -width Ds +.It Dv OPENSSL_VERSION +The text variant of the version number, +.Dv OPENSSL_VERSION_TEXT . +For OpenSSL, it includes the release date, for example +.Qq OpenSSL 0.9.5a 1 Apr 2000 . +For LibreSSL, +.Dv LIBRESSL_VERSION_TEXT +is returned. +.It Dv OPENSSL_CFLAGS +The compiler flags set for the compilation process in the form +.Qq compiler: ... +if available or +.Qq compiler: information not available +otherwise. +LibreSSL never provides compiler information. +.It Dv OPENSSL_BUILT_ON +The date of the build process in the form +.Qq built on: ... +if available or +.Qq built on: date not available +otherwise. +LibreSSL never provides information on the build date. +.It Dv OPENSSL_PLATFORM +The Configure target of the library build in the form +.Qq platform: ... +if available or +.Qq platform: information not available +otherwise. +LibreSSL never provides platform information. +.It Dv OPENSSL_DIR +The +.Dv OPENSSLDIR +setting of the library build in the form +.Qq OPENSSLDIR: Qq ... +if available or +.Qq OPENSSLDIR: N/A +otherwise. +For LibreSSL, the default is +.Qq OPENSSLDIR: Qq /etc/ssl . +.It Dv OPENSSL_ENGINES_DIR +The +.Dv ENGINESDIR +setting of the library build in the form +.Qq ENGINESDIR: Qq ... +if available or +.Qq ENGINESDIR: N/A +otherwise. +LibreSSL never provides or uses an +.Dv ENGINESDIR . +.El +.Pp +For an unknown +.Fa t , +the text +.Qq not available +is returned. +.Pp +For backward compatibility, +.Dv SSLEAY_VERSION_NUMBER +is an alias for +.Dv OPENSSL_VERSION_NUMBER +and +.Fn SSLeay +for +.Dv OpenSSL_version_num . +The legacy function +.Fn SSLeay_version +is similar to +.Fn OpenSSL_version +except that it takes arguments +.Dv SSLEAY_VERSION , +.Dv SSLEAY_CFLAGS , +.Dv SSLEAY_BUILT_ON , +.Dv SSLEAY_PLATFORM , +and +.Dv SSLEAY_DIR +which expand to +.Em other +numerical values than the corresponding +.Dv OPENSSL_* +macros. +.Sh RETURN VALUES +.Fn OpenSSL_version_num +and +.Fn SSLeay +return a constant version number. +.Pp +.Fn OpenSSL_version +and +.Fn SSLeay_version +return pointers to static strings. +.Sh SEE ALSO +.Xr crypto 3 +.Sh HISTORY +.Fn SSLeay , +.Fn SSLeay_version , +and +.Dv SSLEAY_VERSION_NUMBER +first appeared in SSLeay 0.6.0 and have been available since +.Ox 2.4 . +.Pp +.Dv OPENSSL_VERSION_NUMBER +first appeared in the first OpenSSL release, OpenSSL 0.9.1c, +and has been available since +.Ox 2.6 . +.Pp +.Dv SSLEAY_DIR +first appeared in OpenSSL 0.9.7 and have been available since +.Ox 3.2 . +.Pp +.Dv LIBRESSL_VERSION_NUMBER +first appeared in LibreSSL 2.0.0 and +.Ox 5.6 +and got its final format in LibreSSL 2.3.2 and +.Ox 5.9 . +.Dv LIBRESSL_VERSION_TEXT +first appeared in LibreSSL 2.2.2 and +.Ox 5.8 . +.Pp +.Fn OpenSSL_version_num +and +.Fn OpenSSL_version +first appeared in OpenSSL 1.1.0 +and have been available since LibreSSL 2.7.1 and +.Ox 6.3 . diff --git a/src/lib/libcrypto/man/OPENSSL_cleanse.3 b/src/lib/libcrypto/man/OPENSSL_cleanse.3 new file mode 100644 index 00000000000..87da3fb96dd --- /dev/null +++ b/src/lib/libcrypto/man/OPENSSL_cleanse.3 @@ -0,0 +1,40 @@ +.\" $OpenBSD: OPENSSL_cleanse.3,v 1.3 2018/03/22 18:05:00 schwarze Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 22 2018 $ +.Dt OPENSSL_CLEANSE 3 +.Os +.Sh NAME +.Nm OPENSSL_cleanse +.Nd OpenSSL memory cleaning operation +.Sh SYNOPSIS +.In openssl/crypto.h +.Ft void +.Fo OPENSSL_cleanse +.Fa "void *ptr" +.Fa "size_t len" +.Fc +.Sh DESCRIPTION +Do not use the interface documented here. +It is provided purely for compatibility with legacy application code. +.Pp +.Fn OPENSSL_cleanse +has the same semantics as, and is a wrapper around, +.Xr explicit_bzero 3 . +.Sh HISTORY +.Fn OPENSSL_cleanse +first appeared in OpenSSL 0.9.6h and has been available since +.Ox 3.4 . diff --git a/src/lib/libcrypto/man/OPENSSL_config.3 b/src/lib/libcrypto/man/OPENSSL_config.3 new file mode 100644 index 00000000000..c2b5b38e114 --- /dev/null +++ b/src/lib/libcrypto/man/OPENSSL_config.3 @@ -0,0 +1,145 @@ +.\" $OpenBSD: OPENSSL_config.3,v 1.12 2018/04/07 20:47:40 jmc Exp $ +.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file is a derived work. +.\" The changes are covered by the following Copyright and license: +.\" +.\" Copyright (c) 2018 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" The original file was written by Dr. Stephen Henson . +.\" Copyright (c) 2004 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: April 7 2018 $ +.Dt OPENSSL_CONFIG 3 +.Os +.Sh NAME +.Nm OPENSSL_config , +.Nm OPENSSL_no_config +.Nd simple crypto and ssl library configuration +.Sh SYNOPSIS +.In openssl/conf.h +.Ft void +.Fo OPENSSL_config +.Fa "const char *appname" +.Fc +.Ft void +.Fn OPENSSL_no_config void +.Sh DESCRIPTION +.Fn OPENSSL_config +initializes the crypto library with +.Xr OPENSSL_init_crypto 3 +and then calls +.Xr OPENSSL_load_builtin_modules 3 , +.Xr ENGINE_load_builtin_engines 3 , +and +.Xr CONF_modules_load_file 3 +with the standard configuration file and the given +.Fa appname . +If +.Fa appname +is +.Dv NULL , +then the default name +.Sy openssl_conf +is used. +Any errors are ignored. +Further calls to +.Fn OPENSSL_config +have no effect. +.Pp +.Fn OPENSSL_no_config +suppresses the loading of any configuration file, so that any +future calls to +.Fn OPENSSL_config +or to +.Xr OPENSSL_init_crypto 3 +will ensure the library is initialized but no configuration +file will be loaded. +.Pp +Calling these functions is optional. +All required initialization of the crypto libraries happens +automatically when needed. +.Pp +If an application is compiled with the preprocessor symbol +.Dv OPENSSL_LOAD_CONF +#define'd, +.Xr OpenSSL_add_all_algorithms 3 +automatically calls +.Fn OPENSSL_config . +.Pp +Applications should free up configuration at application closedown by +calling +.Xr CONF_modules_free 3 . +.Sh FILES +.Bl -tag -width /etc/ssl/openssl.cnf -compact +.It Pa /etc/ssl/openssl.cnf +standard configuration file +.El +.Sh SEE ALSO +.Xr CONF_modules_free 3 , +.Xr CONF_modules_load_file 3 , +.Xr OPENSSL_init_crypto 3 , +.Xr OPENSSL_load_builtin_modules 3 , +.Xr openssl.cnf 5 +.Sh HISTORY +.Fn OPENSSL_config +and +.Fn OPENSSL_no_config +first appeared in OpenSSL 0.9.7 and have been available since +.Ox 3.2 . diff --git a/src/lib/libcrypto/man/OPENSSL_init_crypto.3 b/src/lib/libcrypto/man/OPENSSL_init_crypto.3 new file mode 100644 index 00000000000..3a532550ae2 --- /dev/null +++ b/src/lib/libcrypto/man/OPENSSL_init_crypto.3 @@ -0,0 +1,87 @@ +.\" $OpenBSD: OPENSSL_init_crypto.3,v 1.3 2018/03/23 23:18:17 schwarze Exp $ +.\" Copyright (c) 2018 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt OPENSSL_INIT_CRYPTO 3 +.Os +.Sh NAME +.Nm OPENSSL_init_crypto +.Nd initialise the crypto library +.Sh SYNOPSIS +.In openssl/crypto.h +.Ft int +.Fo OPENSSL_init_crypto +.Fa "uint64_t options" +.Fa "const void *dummy" +.Fc +.Sh DESCRIPTION +If +.Fn OPENSSL_init_crypto +is called before any other crypto or ssl functions, the crypto +library is initialised by allocating various internal resources. +.Pp +The following +.Fa options +are supported: +.Bl -tag -width Ds +.It Dv OPENSSL_INIT_LOAD_CONFIG +At the end of the initialization, call +.Xr OPENSSL_config 3 +with a +.Dv NULL +argument, loading the default configuration file. +.It Dv OPENSSL_INIT_NO_LOAD_CONFIG +Ignore any later calls to +.Xr OPENSSL_config 3 . +.El +.Pp +The other +.Fa options +flags defined by OpenSSL are all ignored by LibreSSL. +The +.Fa dummy +argument has no effect. +.Pp +Calling this function is almost never useful because it is internally +called with an +.Fa options +argument of 0 by those functions in the crypto and ssl libraries +that require it. +It is safest to assume that any function may do so. +.Pp +If this function is called more than once, none of the calls except +the first one have any effect. +.Sh RETURN VALUES +.Fn OPENSSL_init_crypto +is intended to return 1 on success or 0 on error. +.Sh SEE ALSO +.Xr CONF_modules_load_file 3 , +.Xr OPENSSL_config 3 , +.Xr OPENSSL_init_ssl 3 , +.Xr OPENSSL_load_builtin_modules 3 , +.Xr openssl.cnf 5 +.Sh HISTORY +.Fn OPENSSL_init_crypto +first appeared in OpenSSL 1.1.0 and has been available since +.Ox 6.3 . +.Sh BUGS +.Fn OPENSSL_init_crypto +silently ignores almost all kinds of errors. +In particular, if memory allocation fails, initialisation is likely +to remain incomplete, the library may be in an inconsistent internal +state, but the return value will usually indicate success anyway. +There is no way for the application program to find out whether +library initialisation is actually complete, nor to get back to a +consistent state if it isn't. diff --git a/src/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 b/src/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 new file mode 100644 index 00000000000..fd9e656bce5 --- /dev/null +++ b/src/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 @@ -0,0 +1,103 @@ +.\" $OpenBSD: OPENSSL_load_builtin_modules.3,v 1.5 2018/03/22 21:08:22 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2004, 2013 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 22 2018 $ +.Dt OPENSSL_LOAD_BUILTIN_MODULES 3 +.Os +.Sh NAME +.Nm OPENSSL_load_builtin_modules , +.Nm ASN1_add_oid_module , +.Nm ENGINE_add_conf_module +.Nd add standard configuration modules +.Sh SYNOPSIS +.In openssl/conf.h +.Ft void +.Fn OPENSSL_load_builtin_modules void +.Ft void +.Fn ASN1_add_oid_module void +.Ft void +.Fn ENGINE_add_conf_module void +.Sh DESCRIPTION +The function +.Fn OPENSSL_load_builtin_modules +adds all the standard OpenSSL configuration modules to the internal +list. +They can then be used by the OpenSSL configuration code. +.Pp +.Fn ASN1_add_oid_module +adds just the ASN.1 OBJECT module. +.Pp +.Fn ENGINE_add_conf_module +adds just the ENGINE configuration module. +.Pp +If the simple configuration function +.Xr OPENSSL_config 3 +is called then +.Fn OPENSSL_load_builtin_modules +is called automatically. +.Pp +Applications which use the configuration functions directly will need to +call +.Fn OPENSSL_load_builtin_modules +themselves +.Em before +any other configuration code. +.Pp +Applications should call +.Fn OPENSSL_load_builtin_modules +to load all configuration modules instead of adding modules selectively: +otherwise functionality may be missing from the application when +new modules are added. +.Sh SEE ALSO +.Xr OPENSSL_config 3 +.Sh HISTORY +These functions first appeared in OpenSSL 0.9.7 +and have been available since +.Ox 3.2 . diff --git a/src/lib/libcrypto/man/OPENSSL_malloc.3 b/src/lib/libcrypto/man/OPENSSL_malloc.3 new file mode 100644 index 00000000000..1b2ec55cf3c --- /dev/null +++ b/src/lib/libcrypto/man/OPENSSL_malloc.3 @@ -0,0 +1,108 @@ +.\" $OpenBSD: OPENSSL_malloc.3,v 1.8 2018/03/27 17:35:50 schwarze Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt OPENSSL_MALLOC 3 +.Os +.Sh NAME +.Nm OPENSSL_malloc , +.Nm OPENSSL_realloc , +.Nm OPENSSL_free , +.Nm OPENSSL_strdup , +.Nm CRYPTO_malloc , +.Nm CRYPTO_realloc , +.Nm CRYPTO_free , +.Nm CRYPTO_strdup +.Nd legacy OpenSSL memory allocation wrappers +.Sh SYNOPSIS +.In openssl/crypto.h +.Ft void * +.Fo OPENSSL_malloc +.Fa "size_t num" +.Fc +.Ft void * +.Fo OPENSSL_realloc +.Fa "void *addr" +.Fa "size_t num" +.Fc +.Ft void +.Fo OPENSSL_free +.Fa "void *addr" +.Fc +.Ft char * +.Fo OPENSSL_strdup +.Fa "const char *str" +.Fc +.Ft void * +.Fo CRYPTO_malloc +.Fa "size_t num" +.Fa "const char *file" +.Fa "int line" +.Fc +.Ft void * +.Fo CRYPTO_realloc +.Fa "void *p" +.Fa "size_t num" +.Fa "const char *file" +.Fa "int line" +.Fc +.Ft void +.Fo CRYPTO_free +.Fa "void *str" +.Fa "const char *" +.Fa int +.Fc +.Ft char * +.Fo CRYPTO_strdup +.Fa "const char *p" +.Fa "const char *file" +.Fa "int line" +.Fc +.Sh DESCRIPTION +Do not use any of the interfaces documented here in new code. +They are provided purely for compatibility with legacy application code. +.Pp +All 8 of these functions are wrappers around the corresponding +standard +.Xr malloc 3 , +.Xr realloc 3 , +.Xr free 3 , +and +.Xr strdup 3 +functions. +.Sh RETURN VALUES +These functions return the same type and value as the corresponding +standard functions. +.Sh HISTORY +.Fn CRYPTO_malloc , +.Fn CRYPTO_realloc , +and +.Fn CRYPTO_free +first appeared in SSLeay 0.6.4 and have been available since +.Ox 2.4 . +.Pp +.Fn OPENSSL_malloc , +.Fn OPENSSL_realloc , +and +.Fn OPENSSL_free +first appeared in OpenSSL 0.9.6 and have been available since +.Ox 2.9 . +.Pp +.Fn CRYPTO_strdup +and +.Fn OPENSSL_strdup +first appeared in OpenSSL 0.9.8j and have been available since +.Ox 4.5 . diff --git a/src/lib/libcrypto/man/OPENSSL_sk_new.3 b/src/lib/libcrypto/man/OPENSSL_sk_new.3 new file mode 100644 index 00000000000..ff199d4ab25 --- /dev/null +++ b/src/lib/libcrypto/man/OPENSSL_sk_new.3 @@ -0,0 +1,595 @@ +.\" $OpenBSD: OPENSSL_sk_new.3,v 1.10 2018/08/08 18:21:02 tb Exp $ +.\" +.\" Copyright (c) 2018 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: August 8 2018 $ +.Dt OPENSSL_SK_NEW 3 +.Os +.Sh NAME +.Nm sk_new_null , +.Nm sk_new , +.Nm sk_set_cmp_func , +.Nm sk_dup , +.Nm sk_free , +.Nm sk_pop_free , +.Nm sk_num , +.Nm sk_value , +.Nm sk_find , +.Nm sk_find_ex , +.Nm sk_sort , +.Nm sk_is_sorted , +.Nm sk_push , +.Nm sk_unshift , +.Nm sk_insert , +.Nm sk_set , +.Nm sk_pop , +.Nm sk_shift , +.Nm sk_delete , +.Nm sk_delete_ptr , +.Nm sk_zero +.Nd variable-sized arrays of void pointers, called OpenSSL stacks +.Sh SYNOPSIS +.In openssl/stack.h +.Ft _STACK * +.Fn sk_new_null void +.Ft _STACK * +.Fo sk_new +.Fa "int (*compfunc)(const void *, const void *)" +.Fc +.Ft old_function_pointer +.Fo sk_set_cmp_func +.Fa "_STACK *stack" +.Fa "int (*compfunc)(const void *, const void *)" +.Fc +.Ft _STACK * +.Fo sk_dup +.Fa "_STACK *stack" +.Fc +.Ft void +.Fo sk_free +.Fa "_STACK *stack" +.Fc +.Ft void +.Fo sk_pop_free +.Fa "_STACK *stack" +.Fa "void (*freefunc)(void *)" +.Fc +.Ft int +.Fo sk_num +.Fa "const _STACK *stack" +.Fc +.Ft void * +.Fo sk_value +.Fa "const _STACK *stack" +.Fa "int index" +.Fc +.Ft int +.Fo sk_find +.Fa "_STACK *stack" +.Fa "void *wanted" +.Fc +.Ft int +.Fo sk_find_ex +.Fa "_STACK *stack" +.Fa "void *wanted" +.Fc +.Ft void +.Fo sk_sort +.Fa "_STACK *stack" +.Fc +.Ft int +.Fo sk_is_sorted +.Fa "const _STACK *stack" +.Fc +.Ft int +.Fo sk_push +.Fa "_STACK *stack" +.Fa "void *new_item" +.Fc +.Ft int +.Fo sk_unshift +.Fa "_STACK *stack" +.Fa "void *new_item" +.Fc +.Ft int +.Fo sk_insert +.Fa "_STACK *stack" +.Fa "void *new_item" +.Fa "int index" +.Fc +.Ft void * +.Fo sk_set +.Fa "_STACK *stack" +.Fa "int index" +.Fa "void *new_item" +.Fc +.Ft void * +.Fo sk_pop +.Fa "_STACK *stack" +.Fc +.Ft void * +.Fo sk_shift +.Fa "_STACK *stack" +.Fc +.Ft void * +.Fo sk_delete +.Fa "_STACK *stack" +.Fa "int index" +.Fc +.Ft void * +.Fo sk_delete_ptr +.Fa "_STACK *stack" +.Fa "void *wanted" +.Fc +.Ft void +.Fo sk_zero +.Fa "_STACK *stack" +.Fc +.Sh DESCRIPTION +OpenSSL introduced an idiosyncratic concept of variable sized arrays +of pointers and somewhat misleadingly called such an array a +.Dq stack . +Intrinsically, and as documented in this manual page, OpenSSL stacks +are not type safe but only handle +.Vt void * +function arguments and return values. +.Pp +OpenSSL also provides a fragile, unusually complicated system of +macro-generated wrappers that offers superficial type safety at the +expense of extensive obfuscation, implemented using large amounts +of autogenerated code involving exceedingly ugly, nested +.Xr cpp 1 +macros; see the +.Xr STACK_OF 3 +manual page for details. +.Pp +The fundamental data type is the +.Vt _STACK +structure. +It stores a variable number of void pointers +and remembers the number of pointers currently stored. +It can optionally hold a pointer to a comparison function. +As long as no comparison function is installed, the order of pointers +is meaningful; as soon as a comparison function is installed, it +becomes ill-defined. +.Pp +.Fn sk_new_null +allocates and initializes a new, empty stack. +.Fn sk_new +is identical except that it also installs +.Fa compfunc +as the comparison function for the new stack object. +.Fn sk_set_cmp_func +installs +.Fa compfunc +for the existing +.Fa stack . +The +.Fa compfunc +is allowed to be +.Dv NULL , +but the +.Fa stack +is not. +.Pp +.Fn sk_dup +creates a shallow copy of the given +.Fa stack , +which must not be a +.Dv NULL +pointer. +It neither copies the objects pointed to from the stack nor +increases their reference counts, but merely copies the pointers. +Extreme care must be taken in order to avoid freeing the memory twice, +for example by calling +.Fn sk_free +on one copy and only calling +.Fn sk_pop_free +on the other. +.Pp +.Fn sk_free +frees the given +.Fa stack . +It does not free any of the pointers stored on the stack. +Unless these pointers are merely copies of pointers owned by +other objects, they must be freed before calling +.Fn sk_free , +in order to avoid leaking memory. +If +.Fa stack +is a +.Dv NULL +pointer, no action occurs. +.Pp +.Fn sk_pop_free +is severely misnamed. +It does not at all do what one would expect from a function called +.Dq pop . +Instead, it does the same as +.Fn sk_free , +except that it also calls the function +.Fa freefunc +on each of the pointers contained in the +.Fa stack . +If the calls to +.Fa freefunc +are intended to free the memory in use by the objects on the stack, +ensure that no other pointers to the same objects remain elsewhere. +.Pp +.Fn sk_find +searches the +.Fa stack +for the +.Fa wanted +pointer. +If the +.Fa stack +contains more than one copy of the +.Fa wanted +pointer, only the first match is found. +If a comparison function is installed for the stack, the stack is +first sorted with +.Fn sk_sort , +and instead of comparing pointers, two pointers are considered to match +if the comparison function returns 0. +.Pp +.Fn sk_find_ex +is identical to +.Fn sk_find +except that if the +.Fa stack +is not empty but no match is found, +the index of some pointer considered closest to +.Fa wanted +is returned. +.Pp +.Fn sk_sort +sorts the +.Fa stack +using +.Xr qsort 3 +and the installed comparison function. +If +.Fa stack +is a +.Dv NULL +pointer or already considered sorted, no action occurs. +This function can only be called if a comparison function is installed. +.Pp +.Fn sk_is_sorted +reports whether the +.Fa stack +is considered sorted. +Calling +.Fn sk_new_null +or +.Fn sk_new , +successfuly calling +.Fn sk_push , +.Fn sk_unshift , +.Fn sk_insert , +or +.Fn sk_set , +or changing the comparison function sets the state to unsorted. +If a comparison function is installed, calling +.Fn sk_sort , +.Fn sk_find , +or +.Fn sk_find_ex +sets the state to sorted. +.Pp +.Fn sk_push +pushes +.Fa new_item +onto the end of the +.Fa stack , +increasing the number of pointers by 1. +If +.Fa stack +is a +.Dv NULL +pointer, no action occurs. +.Pp +.Fn sk_unshift +inserts +.Fa new_item +at the beginning of the +.Fa stack , +such that it gets the index 0. +The number of pointers increases by 1. +If +.Fa stack +is a +.Dv NULL +pointer, no action occurs. +.Pp +.Fn sk_insert +inserts the +.Fa new_item +into the +.Fa stack +such that it gets the given +.Fa index . +If +.Fa index +is less than 0 or greater than or equal to +.Fn sk_num stack , +the effect is the same as for +.Fn sk_push . +If +.Fa stack +is a +.Dv NULL +pointer, no action occurs. +.Pp +.Fn sk_set +replaces the pointer with the given +.Fa index +on the +.Fa stack +with the +.Fa new_item . +The old pointer is not freed, +which may leak memory if no copy of it exists elsewhere. +If +.Fa stack +is a +.Dv NULL +pointer or if +.Fa index +is less than 0 or greater than or equal to +.Fn sk_num stack , +no action occurs. +.Pp +.Fn sk_pop +and +.Fn sk_shift +remove the pointer with the highest or lowest index from the +.Fa stack , +respectively, reducing the number of pointers by 1. +If +.Fa stack +is a +.Dv NULL +pointer or if it is empty, no action occurs. +.Pp +.Fn sk_delete +removes the pointer with the given +.Fa index +from the +.Fa stack , +reducing the number of pointers by 1. +If +.Fa stack +is a +.Dv NULL +pointer or the +.Fa index +is less than 0 or greater than or equal to +.Fn sk_num stack , +no action occurs. +.Pp +.Fn sk_delete_ptr +removes the +.Fa wanted +pointer from the +.Fa stack , +reducing the number of pointers by 1 if it is found. +It never uses a comparison function +but only compares pointers themselves. +The +.Fa stack +pointer must not be +.Dv NULL . +.Pp +.Fn sk_zero +removes all pointers from the +.Fa stack . +It does not free any of the pointers. +Unless these pointers are merely copies of pointers owned by other +objects, they must be freed before calling +.Fn sk_zero , +in order to avoid leaking memory. +If +.Fa stack +is a +.Dv NULL +pointer, no action occurs. +.Sh RETURN VALUES +.Fn sk_new_null , +.Fn sk_new , +and +.Fn sk_dup +return a pointer to the newly allocated stack object or +.Dv NULL +if insufficient memory is available. +.Pp +.Fn sk_set_cmp_func +returns a pointer to the comparison function +that was previously installed for the +.Fa stack +or +.Dv NULL +if none was installed. +.Pp +.Fn sk_num +returns the number of pointers currently stored on the +.Fa stack , +or \-1 if +.Fa stack +is a +.Dv NULL +pointer. +.Pp +.Fn sk_value +returns the pointer with the given +.Fa index +from the +.Fa stack , +or +.Dv NULL +if +.Fa stack +is a +.Dv NULL +pointer or if the +.Fa index +is less than 0 or greater than or equal to +.Fn sk_num stack . +.Pp +.Fn sk_find +returns the lowest index considered to match or \-1 if +.Fa stack +is a +.Dv NULL +pointer or if no match is found. +.Pp +.Fn sk_find_ex +returns some index or \-1 if +.Fa stack +is a +.Dv NULL +pointer or empty. +.Pp +.Fn sk_is_sorted +returns 1 if the +.Fa stack +is considered sorted or if it is a +.Dv NULL +pointer, or 0 otherwise. +.Pp +.Fn sk_push , +.Fn sk_unshift , +and +.Fn sk_insert +return the new number of pointers on the +.Fa stack +or 0 if +.Fa stack +is a +.Dv NULL +pointer or if memory allocation fails. +.Pp +.Fn sk_set +returns +.Fa new_item +or +.Dv NULL +if +.Fa stack +is a +.Dv NULL +pointer or if the +.Fa index +is less than 0 or greater than or equal to +.Fn sk_num stack . +.Pp +.Fn sk_pop +and +.Fn sk_shift +return the deleted pointer or +.Dv NULL +if +.Fa stack +is a +.Dv NULL +pointer or if it is empty. +.Pp +.Fn sk_delete +returns the deleted pointer or +.Dv NULL +if +.Fa stack +is a +.Dv NULL +pointer or if the +.Fa index +is less than 0 or greater than or equal to +.Fn sk_num stack . +.Pp +.Fn sk_delete_ptr +returns +.Fa wanted +or +.Dv NULL +if it is not found. +.Sh HISTORY +.Fn sk_new_null , +.Fn sk_new , +.Fn sk_free , +.Fn sk_pop_free , +.Fn sk_num , +.Fn sk_value , +.Fn sk_find , +.Fn sk_push , +.Fn sk_unshift , +.Fn sk_insert , +.Fn sk_pop , +.Fn sk_shift , +.Fn sk_delete , +and +.Fn sk_delete_ptr +first appeared in SSLeay 0.5.1. +.Fn sk_set_cmp_func , +.Fn sk_dup , +and +.Fn sk_zero +first appeared in SSLeay 0.8.0. +These functions have been available since +.Ox 2.4 . +.Pp +.Fn sk_set +first appeared in OpenSSL 0.9.3. +.Fn sk_sort +first appeared in OpenSSL 0.9.4. +Both functions have been available since +.Ox 2.6 . +.Pp +.Fn sk_is_sorted +first appeared in OpenSSL 0.9.7e and has been available since +.Ox 3.8 . +.Pp +.Fn sk_find_ex +first appeared in OpenSSL 0.9.8 and has been available since +.Ox 4.5 . +.Sh BUGS +Even if a comparison function is installed, empty stacks and +stacks containing a single pointer are sometimes considered +sorted and sometimes considered unsorted. +.Pp +If a comparison function is installed, the concept of +.Dq first match +in +.Fn sk_find +and +.Fn sk_find_ex +is ill-defined because +.Xr qsort 3 +is not a stable sorting function. +It is probably best to only assume that they return an arbitrary match. +.Pp +The concept of +.Dq closest +for +.Fn sk_find_ex +is even less clearly defined. +The match may sometimes be smaller and sometimes larger than +.Fa wanted , +even if both smaller and larger pointers exist in the +.Fa stack . +Besides, it is again ill-defined +which of several pointers that compare equal is selected. +It is probably best to not assume anything about the selection +for cases where there is no match. diff --git a/src/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 b/src/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 new file mode 100644 index 00000000000..aa884d8eff7 --- /dev/null +++ b/src/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 @@ -0,0 +1,121 @@ +.\" $OpenBSD: OpenSSL_add_all_algorithms.3,v 1.7 2018/03/27 17:35:50 schwarze Exp $ +.\" full merge up to: OpenSSL b3696a55 Sep 2 09:35:50 2017 -0400 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2000, 2003, 2013 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt OPENSSL_ADD_ALL_ALGORITHMS 3 +.Os +.Sh NAME +.Nm OpenSSL_add_all_algorithms , +.Nm OpenSSL_add_all_ciphers , +.Nm OpenSSL_add_all_digests , +.Nm EVP_cleanup +.Nd add algorithms to internal table +.Sh SYNOPSIS +.In openssl/evp.h +.Ft void +.Fn OpenSSL_add_all_algorithms void +.Ft void +.Fn OpenSSL_add_all_ciphers void +.Ft void +.Fn OpenSSL_add_all_digests void +.Ft void +.Fn EVP_cleanup void +.Sh DESCRIPTION +These functions are deprecated. +It is never useful for any application program +to call any of them explicitly. +The library automatically calls them internally whenever needed. +.Pp +OpenSSL keeps an internal table of digest algorithms and ciphers. +It uses this table to look up ciphers via functions such as +.Xr EVP_get_cipherbyname 3 . +.Pp +.Fn OpenSSL_add_all_algorithms +adds all algorithms to the table (digests and ciphers). +.Pp +.Fn OpenSSL_add_all_digests +adds all digest algorithms to the table. +.Pp +.Fn OpenSSL_add_all_ciphers +adds all encryption algorithms to the table including password based +encryption algorithms. +.Pp +If any of the above functions is called more than once, +only the first call has an effect. +.Pp +.Fn EVP_cleanup +removes all ciphers and digests from the table. +.Sh SEE ALSO +.Xr evp 3 , +.Xr EVP_DigestInit 3 , +.Xr EVP_EncryptInit 3 , +.Xr OPENSSL_config 3 , +.Xr OPENSSL_init_crypto 3 +.Sh HISTORY +.Fn EVP_cleanup +and precursor functions +.Fn SSLeay_add_all_algorithms , +.Fn SSLeay_add_all_ciphers , +and +.Fn SSLeay_add_all_digests +first appeared in SSLeay 0.8.0 and have been available since +.Ox 2.4 . +.Pp +.Fn OpenSSL_add_all_algorithms , +.Fn OpenSSL_add_all_ciphers , +and +.Fn OpenSSL_add_all_digests +first appeared in OpenSSL 0.9.5 and have been available since +.Ox 2.7 . +.Sh BUGS +Although the functions do not return error codes, it is possible for them +to fail. +This will only happen as a result of a memory allocation failure so this +is not too much of a problem in practice. diff --git a/src/lib/libcrypto/man/PEM_bytes_read_bio.3 b/src/lib/libcrypto/man/PEM_bytes_read_bio.3 new file mode 100644 index 00000000000..b3cb143cf63 --- /dev/null +++ b/src/lib/libcrypto/man/PEM_bytes_read_bio.3 @@ -0,0 +1,116 @@ +.\" $OpenBSD: PEM_bytes_read_bio.3,v 1.2 2018/03/22 21:08:22 schwarze Exp $ +.\" OpenSSL PEM_bytes_read_bio.pod 7671342e Feb 29 15:47:12 2016 -0600 +.\" +.\" This file was written by Benjamin Kaduk . +.\" Copyright (c) 2017 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 22 2018 $ +.Dt PEM_BYTES_READ_BIO 3 +.Os +.Sh NAME +.Nm PEM_bytes_read_bio +.Nd read a PEM-encoded data structure from a BIO +.Sh SYNOPSIS +.In openssl/pem.h +.Ft int +.Fo PEM_bytes_read_bio +.Fa "unsigned char **pdata" +.Fa "long *plen" +.Fa "char **pnm" +.Fa "const char *name" +.Fa "BIO *bp" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Sh DESCRIPTION +.Fn PEM_bytes_read_bio +reads PEM-formatted (RFC 1421) data from the BIO +.Fa bp +for the data type given in +.Fa name +(RSA PRIVATE KEY, CERTIFICATE, etc.). +If multiple PEM-encoded data structures are present in the same stream, +.Fn PEM_bytes_read_bio +will skip non-matching data types and continue reading. +Non-PEM data present in the stream may cause an error. +.Pp +The PEM header may indicate that the following data is encrypted; if so, +the data will be decrypted, waiting on user input to supply a passphrase +if needed. +The password callback +.Fa cb +and rock +.Fa u +are used to obtain the decryption passphrase, if applicable. +.Pp +Some data types have compatibility aliases, such as a file containing +X509 CERTIFICATE matching a request for the deprecated type CERTIFICATE. +The actual type indicated by the file is returned in +.Em *pnm +if +.Fa pnm +is +.Pf non- Dv NULL . +The caller must free the storage pointed to by +.Em *pnm . +.Pp +The returned data is the DER-encoded form of the requested type, in +.Em *pdata +with length +.Em *plen . +The caller must free the storage pointed to by +.Em *pdata . +.Sh RETURN VALUES +.Fn PEM_bytes_read_bio +returns 1 for success or 0 for failure. +.Sh SEE ALSO +.Xr PEM_read 3 , +.Xr PEM_read_bio_PrivateKey 3 +.Sh HISTORY +.Fn PEM_bytes_read_bio +first appeared in OpenSSL 0.9.7 and has been available since +.Ox 3.2 . diff --git a/src/lib/libcrypto/man/PEM_read.3 b/src/lib/libcrypto/man/PEM_read.3 new file mode 100644 index 00000000000..48ff4157c76 --- /dev/null +++ b/src/lib/libcrypto/man/PEM_read.3 @@ -0,0 +1,298 @@ +.\" $OpenBSD: PEM_read.3,v 1.6 2018/05/13 14:44:14 schwarze Exp $ +.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" +.\" This file was written by Viktor Dukhovni +.\" and by Rich Salz . +.\" Copyright (c) 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: May 13 2018 $ +.Dt PEM_READ 3 +.Os +.Sh NAME +.Nm PEM_write , +.Nm PEM_write_bio , +.Nm PEM_read , +.Nm PEM_read_bio , +.Nm PEM_do_header , +.Nm PEM_get_EVP_CIPHER_INFO +.Nd PEM encoding routines +.Sh SYNOPSIS +.In openssl/pem.h +.Ft int +.Fo PEM_write +.Fa "FILE *fp" +.Fa "const char *name" +.Fa "const char *header" +.Fa "const unsigned char *data" +.Fa "long len" +.Fc +.Ft int +.Fo PEM_write_bio +.Fa "BIO *bp" +.Fa "const char *name" +.Fa "const char *header" +.Fa "ocnst unsigned char *data" +.Fa "long len" +.Fc +.Ft int +.Fo PEM_read +.Fa "FILE *fp" +.Fa "char **name" +.Fa "char **header" +.Fa "unsigned char **data" +.Fa "long *len" +.Fc +.Ft int +.Fo PEM_read_bio +.Fa "BIO *bp" +.Fa "char **name" +.Fa "char **header" +.Fa "unsigned char **data" +.Fa "long *len" +.Fc +.Ft int +.Fo PEM_get_EVP_CIPHER_INFO +.Fa "char *header" +.Fa "EVP_CIPHER_INFO *cinfo" +.Fc +.Ft int +.Fo PEM_do_header +.Fa "EVP_CIPHER_INFO *cinfo" +.Fa "unsigned char *data" +.Fa "long *len" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Sh DESCRIPTION +These functions read and write PEM-encoded objects, using the PEM type +.Fa name , +any additional +.Fa header +information, and the raw +.Fa data +of length +.Fa len . +.Pp +PEM is the binary content encoding first defined in IETF RFC 1421. +The content is a series of base64-encoded lines, surrounded by +begin/end markers each on their own line. +For example: +.Bd -literal -offset indent +-----BEGIN PRIVATE KEY----- +MIICdg.... +\&... bhTQ== +-----END PRIVATE KEY----- +.Ed +.Pp +Optional header line(s) may appear after the begin line, and their +existence depends on the type of object being written or read. +.Pp +.Fn PEM_write +writes to the file +.Fa fp , +while +.Fn PEM_write_bio +writes to the BIO +.Fa bp . +The +.Fa name +is the name to use in the marker, the +.Fa header +is the header value or +.Dv NULL , +and +.Fa data +and +.Fa len +specify the data and its length. +.Pp +The final +.Fa data +buffer is typically an ASN.1 object which can be decoded with the +.Fn d2i_* +function appropriate to the type +.Fa name ; +see +.Xr d2i_X509 3 +for examples. +.Pp +.Fn PEM_read +reads from the file +.Fa fp , +while +.Fn PEM_read_bio +reads from the BIO +.Fa bp . +Both skip any non-PEM data that precedes the start of the next PEM +object. +When an object is successfully retrieved, the type name from the +"----BEGIN -----" is returned via the +.Fa name +argument, any encapsulation headers are returned in +.Fa header , +and the base64-decoded content and its length are returned via +.Fa data +and +.Fa len , +respectively. +The +.Fa name , +.Fa header , +and +.Fa data +pointers should be freed by the caller when no longer needed. +.Pp +The remaining functions are deprecated because the underlying PEM +encryption format is obsolete and should be avoided. +It uses an encryption format with an OpenSSL-specific key-derivation +function, which employs MD5 with an iteration count of 1. +Instead, private keys should be stored in PKCS#8 form, with a strong +PKCS#5 v2.0 PBE; see +.Xr PEM_write_PrivateKey 3 +and +.Xr d2i_PKCS8PrivateKey_bio 3 . +.Pp +.Fn PEM_get_EVP_CIPHER_INFO +can be used to determine the +.Fa data +returned by +.Fn PEM_read +or +.Fn PEM_read_bio +is encrypted and to retrieve the associated cipher and IV. +The caller passes a pointer to a structure of type +.Vt EVP_CIPHER_INFO +via the +.Fa cinfo +argument and the +.Fa header +returned via +.Fn PEM_read +or +.Fn PEM_read_bio . +If the call is successful, 1 is returned and the cipher and IV are +stored at the address pointed to by +.Fa cinfo . +When the header is malformed or not supported or when the cipher is +unknown or some internal error happens, 0 is returned. +.Pp +.Fn PEM_do_header +can then be used to decrypt the data if the header indicates encryption. +The +.Fa cinfo +argument is a pointer to the structure initialized by the previous call +to +.Fn PEM_get_EVP_CIPHER_INFO . +The +.Fa data +and +.Fa len +arguments are those returned by the previous call to +.Fn PEM_read +or +.Fn PEM_read_bio . +The +.Fa cb +and +.Fa u +arguments make it possible to override the default password prompt +function as described in +.Xr PEM_read_PrivateKey 3 . +On successful completion, the +.Fa data +is decrypted in place, and +.Fa len +is updated to indicate the plaintext length. +.Pp +If the data is a priori known to not be encrypted, then neither +.Fn PEM_do_header +nor +.Fn PEM_get_EVP_CIPHER_INFO +need to be called. +.Sh RETURN VALUES +.Fn PEM_read +and +.Fn PEM_read_bio +return 1 on success or 0 on failure. +The latter includes the case when no more PEM objects remain in the +input file. +To distinguish end of file from more serious errors, the caller +must peek at the error stack and check for +.Dv PEM_R_NO_START_LINE , +which indicates that no more PEM objects were found. +See +.Xr ERR_peek_last_error 3 +and +.Xr ERR_GET_REASON 3 . +.Pp +.Fn PEM_get_EVP_CIPHER_INFO +and +.Fn PEM_do_header +return 1 on success or 0 on failure. +The +.Fa data +is likely meaningless if these functions fail. +.Sh SEE ALSO +.Xr d2i_PKCS8PrivateKey_bio 3 , +.Xr ERR_GET_LIB 3 , +.Xr ERR_peek_last_error 3 , +.Xr PEM_bytes_read_bio 3 , +.Xr PEM_read_bio_PrivateKey 3 +.Sh HISTORY +.Fn PEM_write , +.Fn PEM_read , +and +.Fn PEM_do_header +appeared in SSLeay 0.4 or earlier. +.Fn PEM_get_EVP_CIPHER_INFO +first appeared in SSLeay 0.5.1. +.Fn PEM_write_bio +and +.Fn PEM_read_bio +first appeared in SSLeay 0.6.0. +These functions have been available since +.Ox 2.4 . diff --git a/src/lib/libcrypto/man/PEM_read_bio_PrivateKey.3 b/src/lib/libcrypto/man/PEM_read_bio_PrivateKey.3 new file mode 100644 index 00000000000..1fa4d75ead3 --- /dev/null +++ b/src/lib/libcrypto/man/PEM_read_bio_PrivateKey.3 @@ -0,0 +1,1358 @@ +.\" $OpenBSD: PEM_read_bio_PrivateKey.3,v 1.13 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2001-2004, 2009, 2013-2016 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt PEM_READ_BIO_PRIVATEKEY 3 +.Os +.Sh NAME +.Nm PEM_read_bio_PrivateKey , +.Nm PEM_read_PrivateKey , +.Nm PEM_write_bio_PrivateKey , +.Nm PEM_write_PrivateKey , +.Nm PEM_write_bio_PKCS8PrivateKey , +.Nm PEM_write_PKCS8PrivateKey , +.Nm PEM_write_bio_PKCS8PrivateKey_nid , +.Nm PEM_write_PKCS8PrivateKey_nid , +.Nm PEM_read_bio_PKCS8 , +.Nm PEM_read_PKCS8 , +.Nm PEM_write_bio_PKCS8 , +.Nm PEM_write_PKCS8 , +.Nm PEM_read_bio_PKCS8_PRIV_KEY_INFO , +.Nm PEM_read_PKCS8_PRIV_KEY_INFO , +.Nm PEM_write_bio_PKCS8_PRIV_KEY_INFO , +.Nm PEM_write_PKCS8_PRIV_KEY_INFO , +.Nm PEM_read_bio_PUBKEY , +.Nm PEM_read_PUBKEY , +.Nm PEM_write_bio_PUBKEY , +.Nm PEM_write_PUBKEY , +.Nm PEM_read_bio_RSAPrivateKey , +.Nm PEM_read_RSAPrivateKey , +.Nm PEM_write_bio_RSAPrivateKey , +.Nm PEM_write_RSAPrivateKey , +.Nm PEM_read_bio_RSAPublicKey , +.Nm PEM_read_RSAPublicKey , +.Nm PEM_write_bio_RSAPublicKey , +.Nm PEM_write_RSAPublicKey , +.Nm PEM_read_bio_RSA_PUBKEY , +.Nm PEM_read_RSA_PUBKEY , +.Nm PEM_write_bio_RSA_PUBKEY , +.Nm PEM_write_RSA_PUBKEY , +.Nm PEM_read_bio_DSAPrivateKey , +.Nm PEM_read_DSAPrivateKey , +.Nm PEM_write_bio_DSAPrivateKey , +.Nm PEM_write_DSAPrivateKey , +.Nm PEM_read_bio_DSA_PUBKEY , +.Nm PEM_read_DSA_PUBKEY , +.Nm PEM_write_bio_DSA_PUBKEY , +.Nm PEM_write_DSA_PUBKEY , +.Nm PEM_read_bio_DSAparams , +.Nm PEM_read_DSAparams , +.Nm PEM_write_bio_DSAparams , +.Nm PEM_write_DSAparams , +.Nm PEM_read_bio_DHparams , +.Nm PEM_read_DHparams , +.Nm PEM_write_bio_DHparams , +.Nm PEM_write_DHparams , +.Nm PEM_read_bio_ECPKParameters , +.Nm PEM_read_ECPKParameters , +.Nm PEM_write_bio_ECPKParameters , +.Nm PEM_write_ECPKParameters , +.Nm PEM_read_bio_ECPrivateKey , +.Nm PEM_read_ECPrivateKey , +.Nm PEM_write_bio_ECPrivateKey , +.Nm PEM_write_ECPrivateKey , +.Nm PEM_read_bio_EC_PUBKEY , +.Nm PEM_read_EC_PUBKEY , +.Nm PEM_write_bio_EC_PUBKEY , +.Nm PEM_write_EC_PUBKEY , +.Nm PEM_read_bio_X509 , +.Nm PEM_read_X509 , +.Nm PEM_write_bio_X509 , +.Nm PEM_write_X509 , +.Nm PEM_read_bio_X509_AUX , +.Nm PEM_read_X509_AUX , +.Nm PEM_write_bio_X509_AUX , +.Nm PEM_write_X509_AUX , +.Nm PEM_read_bio_X509_REQ , +.Nm PEM_read_X509_REQ , +.Nm PEM_write_bio_X509_REQ , +.Nm PEM_write_X509_REQ , +.Nm PEM_write_bio_X509_REQ_NEW , +.Nm PEM_write_X509_REQ_NEW , +.Nm PEM_read_bio_X509_CRL , +.Nm PEM_read_X509_CRL , +.Nm PEM_write_bio_X509_CRL , +.Nm PEM_write_X509_CRL , +.Nm PEM_read_bio_PKCS7 , +.Nm PEM_read_PKCS7 , +.Nm PEM_write_bio_PKCS7 , +.Nm PEM_write_PKCS7 , +.Nm PEM_read_bio_NETSCAPE_CERT_SEQUENCE , +.Nm PEM_read_NETSCAPE_CERT_SEQUENCE , +.Nm PEM_write_bio_NETSCAPE_CERT_SEQUENCE , +.Nm PEM_write_NETSCAPE_CERT_SEQUENCE +.Nd PEM routines +.Sh SYNOPSIS +.In openssl/pem.h +.Ft EVP_PKEY * +.Fo PEM_read_bio_PrivateKey +.Fa "BIO *bp" +.Fa "EVP_PKEY **x" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft EVP_PKEY * +.Fo PEM_read_PrivateKey +.Fa "FILE *fp" +.Fa "EVP_PKEY **x" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft int +.Fo PEM_write_bio_PrivateKey +.Fa "BIO *bp" +.Fa "EVP_PKEY *x" +.Fa "const EVP_CIPHER *enc" +.Fa "unsigned char *kstr" +.Fa "int klen" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft int +.Fo PEM_write_PrivateKey +.Fa "FILE *fp" +.Fa "EVP_PKEY *x" +.Fa "const EVP_CIPHER *enc" +.Fa "unsigned char *kstr" +.Fa "int klen" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft int +.Fo PEM_write_bio_PKCS8PrivateKey +.Fa "BIO *bp" +.Fa "EVP_PKEY *x" +.Fa "const EVP_CIPHER *enc" +.Fa "char *kstr" +.Fa "int klen" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft int +.Fo PEM_write_PKCS8PrivateKey +.Fa "FILE *fp" +.Fa "EVP_PKEY *x" +.Fa "const EVP_CIPHER *enc" +.Fa "char *kstr" +.Fa "int klen" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft int +.Fo PEM_write_bio_PKCS8PrivateKey_nid +.Fa "BIO *bp" +.Fa "EVP_PKEY *x" +.Fa "int nid" +.Fa "char *kstr" +.Fa "int klen" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft int +.Fo PEM_write_PKCS8PrivateKey_nid +.Fa "FILE *fp" +.Fa "EVP_PKEY *x" +.Fa "int nid" +.Fa "char *kstr" +.Fa "int klen" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft X509_SIG * +.Fo PEM_read_bio_PKCS8 +.Fa "BIO *bp" +.Fa "X509_SIG **x" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft X509_SIG * +.Fo PEM_read_PKCS8 +.Fa "FILE *fp" +.Fa "X509_SIG **x" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft int +.Fo PEM_write_bio_PKCS8 +.Fa "BIO *bp" +.Fa "X509_SIG *x" +.Fc +.Ft int +.Fo PEM_write_PKCS8 +.Fa "FILE *fp" +.Fa "X509_SIG *x" +.Fc +.Ft PKCS8_PRIV_KEY_INFO * +.Fo PEM_read_bio_PKCS8_PRIV_KEY_INFO +.Fa "BIO *bp" +.Fa "PKCS8_PRIV_KEY_INFO **x" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft PKCS8_PRIV_KEY_INFO * +.Fo PEM_read_PKCS8_PRIV_KEY_INFO +.Fa "FILE *fp" +.Fa "PKCS8_PRIV_KEY_INFO **x" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft int +.Fo PEM_write_bio_PKCS8_PRIV_KEY_INFO +.Fa "BIO *bp" +.Fa "PKCS8_PRIV_KEY_INFO *x" +.Fc +.Ft int +.Fo PEM_write_PKCS8_PRIV_KEY_INFO +.Fa "FILE *fp" +.Fa "PKCS8_PRIV_KEY_INFO *x" +.Fc +.Ft EVP_PKEY * +.Fo PEM_read_bio_PUBKEY +.Fa "BIO *bp" +.Fa "EVP_PKEY **x" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft EVP_PKEY * +.Fo PEM_read_PUBKEY +.Fa "FILE *fp" +.Fa "EVP_PKEY **x" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft int +.Fo PEM_write_bio_PUBKEY +.Fa "BIO *bp" +.Fa "EVP_PKEY *x" +.Fc +.Ft int +.Fo PEM_write_PUBKEY +.Fa "FILE *fp" +.Fa "EVP_PKEY *x" +.Fc +.Ft RSA * +.Fo PEM_read_bio_RSAPrivateKey +.Fa "BIO *bp" +.Fa "RSA **x" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft RSA * +.Fo PEM_read_RSAPrivateKey +.Fa "FILE *fp" +.Fa "RSA **x" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft int +.Fo PEM_write_bio_RSAPrivateKey +.Fa "BIO *bp" +.Fa "RSA *x" +.Fa "const EVP_CIPHER *enc" +.Fa "unsigned char *kstr" +.Fa "int klen" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft int +.Fo PEM_write_RSAPrivateKey +.Fa "FILE *fp" +.Fa "RSA *x" +.Fa "const EVP_CIPHER *enc" +.Fa "unsigned char *kstr" +.Fa "int klen" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft RSA * +.Fo PEM_read_bio_RSAPublicKey +.Fa "BIO *bp" +.Fa "RSA **x" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft RSA * +.Fo PEM_read_RSAPublicKey +.Fa "FILE *fp" +.Fa "RSA **x" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft int +.Fo PEM_write_bio_RSAPublicKey +.Fa "BIO *bp" +.Fa "RSA *x" +.Fc +.Ft int +.Fo PEM_write_RSAPublicKey +.Fa "FILE *fp" +.Fa "RSA *x" +.Fc +.Ft RSA * +.Fo PEM_read_bio_RSA_PUBKEY +.Fa "BIO *bp" +.Fa "RSA **x" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft RSA * +.Fo PEM_read_RSA_PUBKEY +.Fa "FILE *fp" +.Fa "RSA **x" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft int +.Fo PEM_write_bio_RSA_PUBKEY +.Fa "BIO *bp" +.Fa "RSA *x" +.Fc +.Ft int +.Fo PEM_write_RSA_PUBKEY +.Fa "FILE *fp" +.Fa "RSA *x" +.Fc +.Ft DSA * +.Fo PEM_read_bio_DSAPrivateKey +.Fa "BIO *bp" +.Fa "DSA **x" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft DSA * +.Fo PEM_read_DSAPrivateKey +.Fa "FILE *fp" +.Fa "DSA **x" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft int +.Fo PEM_write_bio_DSAPrivateKey +.Fa "BIO *bp" +.Fa "DSA *x" +.Fa "const EVP_CIPHER *enc" +.Fa "unsigned char *kstr" +.Fa "int klen" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft int +.Fo PEM_write_DSAPrivateKey +.Fa "FILE *fp" +.Fa "DSA *x" +.Fa "const EVP_CIPHER *enc" +.Fa "unsigned char *kstr" +.Fa "int klen" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft DSA * +.Fo PEM_read_bio_DSA_PUBKEY +.Fa "BIO *bp" +.Fa "DSA **x" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft DSA * +.Fo PEM_read_DSA_PUBKEY +.Fa "FILE *fp" +.Fa "DSA **x" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft int +.Fo PEM_write_bio_DSA_PUBKEY +.Fa "BIO *bp" +.Fa "DSA *x" +.Fc +.Ft int +.Fo PEM_write_DSA_PUBKEY +.Fa "FILE *fp" +.Fa "DSA *x" +.Fc +.Ft DSA * +.Fo PEM_read_bio_DSAparams +.Fa "BIO *bp" +.Fa "DSA **x" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft DSA * +.Fo PEM_read_DSAparams +.Fa "FILE *fp" +.Fa "DSA **x" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft int +.Fo PEM_write_bio_DSAparams +.Fa "BIO *bp" +.Fa "DSA *x" +.Fc +.Ft int +.Fo PEM_write_DSAparams +.Fa "FILE *fp" +.Fa "DSA *x" +.Fc +.Ft DH * +.Fo PEM_read_bio_DHparams +.Fa "BIO *bp" +.Fa "DH **x" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft DH * +.Fo PEM_read_DHparams +.Fa "FILE *fp" +.Fa "DH **x" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft int +.Fo PEM_write_bio_DHparams +.Fa "BIO *bp" +.Fa "DH *x" +.Fc +.Ft int +.Fo PEM_write_DHparams +.Fa "FILE *fp" +.Fa "DH *x" +.Fc +.Ft EC_GROUP * +.Fo PEM_read_bio_ECPKParameters +.Fa "BIO *bp" +.Fa "EC_GROUP **x" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft EC_GROUP * +.Fo PEM_read_ECPKParameters +.Fa "FILE *fp" +.Fa "EC_GROUP **x" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft int +.Fo PEM_write_bio_ECPKParameters +.Fa "BIO *bp" +.Fa "const EC_GROUP *x" +.Fc +.Ft int +.Fo PEM_write_ECPKParameters +.Fa "FILE *fp" +.Fa "const EC_GROUP *x" +.Fc +.Ft EC_KEY * +.Fo PEM_read_bio_ECPrivateKey +.Fa "BIO *bp" +.Fa "EC_KEY **key" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft EC_KEY * +.Fo PEM_read_ECPrivateKey +.Fa "FILE *fp" +.Fa "EC_KEY **eckey" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft int +.Fo PEM_write_bio_ECPrivateKey +.Fa "BIO *bp" +.Fa "EC_KEY *x" +.Fa "const EVP_CIPHER *enc" +.Fa "unsigned char *kstr" +.Fa "int klen" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft int +.Fo PEM_write_ECPrivateKey +.Fa "FILE *fp" +.Fa "EC_KEY *x" +.Fa "const EVP_CIPHER *enc" +.Fa "unsigned char *kstr" +.Fa "int klen" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft EC_KEY * +.Fo PEM_read_bio_EC_PUBKEY +.Fa "BIO *bp" +.Fa "EC_KEY **x" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft EC_KEY * +.Fo PEM_read_EC_PUBKEY +.Fa "FILE *fp" +.Fa "EC_KEY **x" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft int +.Fo PEM_write_bio_EC_PUBKEY +.Fa "BIO *bp" +.Fa "EC_KEY *x" +.Fc +.Ft int +.Fo PEM_write_EC_PUBKEY +.Fa "FILE *fp" +.Fa "EC_KEY *x" +.Fc +.Ft X509 * +.Fo PEM_read_bio_X509 +.Fa "BIO *bp" +.Fa "X509 **x" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft X509 * +.Fo PEM_read_X509 +.Fa "FILE *fp" +.Fa "X509 **x" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft int +.Fo PEM_write_bio_X509 +.Fa "BIO *bp" +.Fa "X509 *x" +.Fc +.Ft int +.Fo PEM_write_X509 +.Fa "FILE *fp" +.Fa "X509 *x" +.Fc +.Ft X509 * +.Fo PEM_read_bio_X509_AUX +.Fa "BIO *bp" +.Fa "X509 **x" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft X509 * +.Fo PEM_read_X509_AUX +.Fa "FILE *fp" +.Fa "X509 **x" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft int +.Fo PEM_write_bio_X509_AUX +.Fa "BIO *bp" +.Fa "X509 *x" +.Fc +.Ft int +.Fo PEM_write_X509_AUX +.Fa "FILE *fp" +.Fa "X509 *x" +.Fc +.Ft X509_REQ * +.Fo PEM_read_bio_X509_REQ +.Fa "BIO *bp" +.Fa "X509_REQ **x" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft X509_REQ * +.Fo PEM_read_X509_REQ +.Fa "FILE *fp" +.Fa "X509_REQ **x" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft int +.Fo PEM_write_bio_X509_REQ +.Fa "BIO *bp" +.Fa "X509_REQ *x" +.Fc +.Ft int +.Fo PEM_write_X509_REQ +.Fa "FILE *fp" +.Fa "X509_REQ *x" +.Fc +.Ft int +.Fo PEM_write_bio_X509_REQ_NEW +.Fa "BIO *bp" +.Fa "X509_REQ *x" +.Fc +.Ft int +.Fo PEM_write_X509_REQ_NEW +.Fa "FILE *fp" +.Fa "X509_REQ *x" +.Fc +.Ft X509_CRL * +.Fo PEM_read_bio_X509_CRL +.Fa "BIO *bp" +.Fa "X509_CRL **x" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft X509_CRL * +.Fo PEM_read_X509_CRL +.Fa "FILE *fp" +.Fa "X509_CRL **x" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft int +.Fo PEM_write_bio_X509_CRL +.Fa "BIO *bp" +.Fa "X509_CRL *x" +.Fc +.Ft int +.Fo PEM_write_X509_CRL +.Fa "FILE *fp" +.Fa "X509_CRL *x" +.Fc +.Ft PKCS7 * +.Fo PEM_read_bio_PKCS7 +.Fa "BIO *bp" +.Fa "PKCS7 **x" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft PKCS7 * +.Fo PEM_read_PKCS7 +.Fa "FILE *fp" +.Fa "PKCS7 **x" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft int +.Fo PEM_write_bio_PKCS7 +.Fa "BIO *bp" +.Fa "PKCS7 *x" +.Fc +.Ft int +.Fo PEM_write_PKCS7 +.Fa "FILE *fp" +.Fa "PKCS7 *x" +.Fc +.Ft NETSCAPE_CERT_SEQUENCE * +.Fo PEM_read_bio_NETSCAPE_CERT_SEQUENCE +.Fa "BIO *bp" +.Fa "NETSCAPE_CERT_SEQUENCE **x" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft NETSCAPE_CERT_SEQUENCE * +.Fo PEM_read_NETSCAPE_CERT_SEQUENCE +.Fa "FILE *fp" +.Fa "NETSCAPE_CERT_SEQUENCE **x" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft int +.Fo PEM_write_bio_NETSCAPE_CERT_SEQUENCE +.Fa "BIO *bp" +.Fa "NETSCAPE_CERT_SEQUENCE *x" +.Fc +.Ft int +.Fo PEM_write_NETSCAPE_CERT_SEQUENCE +.Fa "FILE *fp" +.Fa "NETSCAPE_CERT_SEQUENCE *x" +.Fc +.Sh DESCRIPTION +The PEM functions read or write structures in PEM format. +In this sense PEM format is simply base64-encoded data surrounded by +header lines. +.Pp +For more details about the meaning of arguments see the +.Sx PEM function arguments +section. +.Pp +Each operation has four functions associated with it. +For clarity the term +.Dq Sy foobar No functions +will be used to collectively refer to the +.Fn PEM_read_bio_foobar , +.Fn PEM_read_foobar , +.Fn PEM_write_bio_foobar , +and +.Fn PEM_write_foobar +functions. +.Pp +The +.Sy PrivateKey +functions read or write a private key in PEM format using an +.Vt EVP_PKEY +structure. +The write routines use "traditional" private key format and can handle +both RSA and DSA private keys. +The read functions can additionally transparently handle PKCS#8 format +encrypted and unencrypted keys too. +.Pp +.Fn PEM_write_bio_PKCS8PrivateKey +and +.Fn PEM_write_PKCS8PrivateKey +write a private key in an +.Vt EVP_PKEY +structure in PKCS#8 +.Vt EncryptedPrivateKeyInfo +format using PKCS#5 v2.0 password based encryption algorithms. +The +.Fa enc +argument specifies the encryption algorithm to use: unlike all other PEM +routines, the encryption is applied at the PKCS#8 level and not in the +PEM headers. +If +.Fa enc +is +.Dv NULL , +then no encryption is used and a PKCS#8 +.Vt PrivateKeyInfo +structure is used instead. +.Pp +.Fn PEM_write_bio_PKCS8PrivateKey_nid +and +.Fn PEM_write_PKCS8PrivateKey_nid +also write out a private key as a PKCS#8 +.Vt EncryptedPrivateKeyInfo . +However they use PKCS#5 v1.5 or PKCS#12 encryption algorithms instead. +The algorithm to use is specified in the +.Fa nid +parameter and should be the NID of the corresponding OBJECT IDENTIFIER. +.Pp +The +.Sy PKCS8 +functions process an encrypted private key using an +.Vt X509_SIG +structure and the +.Xr d2i_X509_SIG 3 +function. +.Pp +The +.Sy PKCS8_PRIV_KEY_INFO +functions process a private key using a +.Vt PKCS8_PRIV_KEY_INFO +structure. +.Pp +The +.Sy PUBKEY +functions process a public key using an +.Vt EVP_PKEY +structure. +The public key is encoded as an ASN.1 +.Vt SubjectPublicKeyInfo +structure. +.Pp +The +.Sy RSAPrivateKey +functions process an RSA private key using an +.Vt RSA +structure. +They handle the same formats as the +.Sy PrivateKey +functions, but an error occurs if the private key is not RSA. +.Pp +The +.Sy RSAPublicKey +functions process an RSA public key using an +.Vt RSA +structure. +The public key is encoded using a PKCS#1 +.Vt RSAPublicKey +structure. +.Pp +The +.Sy RSA_PUBKEY +functions also process an RSA public key using an +.Vt RSA +structure. +However the public key is encoded using an ASN.1 +.Vt SubjectPublicKeyInfo +structure and an error occurs if the public key is not RSA. +.Pp +The +.Sy DSAPrivateKey +functions process a DSA private key using a +.Vt DSA +structure. +They handle the same formats as the +.Sy PrivateKey +functions but an error occurs if the private key is not DSA. +.Pp +The +.Sy DSA_PUBKEY +functions process a DSA public key using a +.Vt DSA +structure. +The public key is encoded using an ASN.1 +.Vt SubjectPublicKeyInfo +structure and an error occurs if the public key is not DSA. +.Pp +The +.Sy DSAparams +functions process DSA parameters using a +.Vt DSA +structure. +The parameters are encoded using a Dss-Parms structure as defined in RFC 2459. +.Pp +The +.Sy DHparams +functions process DH parameters using a +.Vt DH +structure. +The parameters are encoded using a PKCS#3 DHparameter structure. +.Pp +The +.Sy ECPKParameters +functions process EC parameters using an +.Vt EC_GROUP +structure and the +.Xr d2i_ECPKParameters 3 +function. +.Pp +The +.Sy ECPrivateKey +functions process an EC private key using an +.Vt EC_KEY +structure. +.Pp +The +.Sy EC_PUBKEY +functions process an EC public key using an +.Vt EC_KEY +structure. +.Pp +The +.Sy X509 +functions process an X509 certificate using an +.Vt X509 +structure. +They will also process a trusted X509 certificate but any trust settings +are discarded. +.Pp +The +.Sy X509_AUX +functions process a trusted X509 certificate using an +.Vt X509 +structure. +.Pp +The +.Sy X509_REQ +and +.Sy X509_REQ_NEW +functions process a PKCS#10 certificate request using an +.Vt X509_REQ +structure. +The +.Sy X509_REQ +write functions use CERTIFICATE REQUEST in the header whereas the +.Sy X509_REQ_NEW +functions use NEW CERTIFICATE REQUEST (as required by some CAs). +The +.Sy X509_REQ +read functions will handle either form so there are no +.Sy X509_REQ_NEW +read functions. +.Pp +The +.Sy X509_CRL +functions process an X509 CRL using an +.Vt X509_CRL +structure. +.Pp +The +.Sy PKCS7 +functions process a PKCS#7 +.Vt ContentInfo +using a +.Vt PKCS7 +structure. +.Pp +The +.Sy NETSCAPE_CERT_SEQUENCE +functions process a Netscape Certificate Sequence using a +.Vt NETSCAPE_CERT_SEQUENCE +structure. +.Pp +The old +.Sy PrivateKey +write routines are retained for compatibility. +New applications should write private keys using the +.Fn PEM_write_bio_PKCS8PrivateKey +or +.Fn PEM_write_PKCS8PrivateKey +routines because they are more secure (they use an iteration count of +2048 whereas the traditional routines use a count of 1) unless +compatibility with older versions of OpenSSL is important. +.Pp +The +.Sy PrivateKey +read routines can be used in all applications because they handle all +formats transparently. +.Ss PEM function arguments +The PEM functions have many common arguments. +.Pp +The +.Fa bp +parameter specifies the +.Vt BIO +to read from or write to. +.Pp +The +.Fa fp +parameter specifies the +.Vt FILE +pointer to read from or write to. +.Pp +The PEM read functions all take a pointer to pointer argument +.Fa x +and return a pointer of the same type. +If +.Fa x +is +.Dv NULL , +then the parameter is ignored. +If +.Fa x +is not +.Dv NULL +but +.Pf * Fa x +is +.Dv NULL , +then the structure returned will be written to +.Pf * Fa x . +If neither +.Fa x +nor +.Pf * Fa x +are +.Dv NULL , +then an attempt is made to reuse the structure at +.Pf * Fa x , +but see the +.Sx BUGS +and +.Sx EXAMPLES +sections. +Irrespective of the value of +.Fa x , +a pointer to the structure is always returned, or +.Dv NULL +if an error occurred. +.Pp +The PEM functions which write private keys take an +.Fa enc +parameter, which specifies the encryption algorithm to use. +Encryption is done at the PEM level. +If this parameter is set to +.Dv NULL , +then the private key is written in unencrypted form. +.Pp +The +.Fa cb +argument is the callback to use when querying for the passphrase used +for encrypted PEM structures (normally only private keys). +.Pp +For the PEM write routines, if the +.Fa kstr +parameter is not +.Dv NULL , +then +.Fa klen +bytes at +.Fa kstr +are used as the passphrase and +.Fa cb +is ignored. +.Pp +If the +.Fa cb +parameter is set to +.Dv NULL +and the +.Fa u +parameter is not +.Dv NULL , +then the +.Fa u +parameter is interpreted as a null terminated string to use as the +passphrase. +If both +.Fa cb +and +.Fa u +are +.Dv NULL , +then the default callback routine is used, which will typically +prompt for the passphrase on the current terminal with echoing +turned off. +.Pp +The default passphrase callback is sometimes inappropriate (for example +in a GUI application) so an alternative can be supplied. +The callback routine has the following form: +.Bd -filled -offset inset +.Ft int +.Fo cb +.Fa "char *buf" +.Fa "int size" +.Fa "int rwflag" +.Fa "void *u" +.Fc +.Ed +.Pp +.Fa buf +is the buffer to write the passphrase to. +.Fa size +is the maximum length of the passphrase, i.e. the size of +.Fa buf . +.Fa rwflag +is a flag which is set to 0 when reading and 1 when writing. +A typical routine will ask the user to verify the passphrase (for +example by prompting for it twice) if +.Fa rwflag +is 1. +The +.Fa u +parameter has the same value as the +.Fa u +parameter passed to the PEM routine. +It allows arbitrary data to be passed to the callback by the application +(for example a window handle in a GUI application). +The callback must return the number of characters in the passphrase +or 0 if an error occurred. +.Ss PEM encryption format +This old +.Sy PrivateKey +routines use a non-standard technique for encryption. +.Pp +The private key (or other data) takes the following form: +.Bd -literal -offset indent +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,3F17F5316E2BAC89 + +\&...base64 encoded data... +-----END RSA PRIVATE KEY----- +.Ed +.Pp +The line beginning with +.Dq DEK-Info +contains two comma separated pieces of information: +the encryption algorithm name as used by +.Xr EVP_get_cipherbyname 3 +and an 8-byte salt encoded as a set of hexadecimal digits. +.Pp +After this is the base64-encoded encrypted data. +.Pp +The encryption key is determined using +.Xr EVP_BytesToKey 3 , +using the salt and an iteration count of 1. +The IV used is the value of the salt and *not* the IV returned by +.Xr EVP_BytesToKey 3 . +.Sh RETURN VALUES +The read routines return either a pointer to the structure read or +.Dv NULL +if an error occurred. +.Pp +The write routines return 1 for success or 0 for failure. +.Sh EXAMPLES +Although the PEM routines take several arguments, in almost all +applications most of them are set to 0 or +.Dv NULL . +.Pp +Read a certificate in PEM format from a +.Vt BIO : +.Bd -literal -offset indent +X509 *x; +x = PEM_read_bio_X509(bp, NULL, 0, NULL); +if (x == NULL) { + /* Error */ +} +.Ed +.Pp +Alternative method: +.Bd -literal -offset indent +X509 *x = NULL; +if (!PEM_read_bio_X509(bp, &x, 0, NULL)) { + /* Error */ +} +.Ed +.Pp +Write a certificate to a +.Vt BIO : +.Bd -literal -offset indent +if (!PEM_write_bio_X509(bp, x)) { + /* Error */ +} +.Ed +.Pp +Write an unencrypted private key to a +.Vt FILE : +.Bd -literal -offset indent +if (!PEM_write_PrivateKey(fp, key, NULL, NULL, 0, 0, NULL)) { + /* Error */ +} +.Ed +.Pp +Write a private key (using traditional format) to a +.Vt BIO +using triple DES encryption; the pass phrase is prompted for: +.Bd -literal -offset indent +if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(), + NULL, 0, 0, NULL)) { + /* Error */ +} +.Ed +.Pp +Write a private key (using PKCS#8 format) to a +.Vt BIO +using triple DES encryption, using the pass phrase "hello": +.Bd -literal -offset indent +if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(), + NULL, 0, 0, "hello")) { + /* Error */ +} +.Ed +.Pp +Read a private key from a +.Vt BIO +using the pass phrase "hello": +.Bd -literal -offset indent +key = PEM_read_bio_PrivateKey(bp, NULL, 0, "hello"); +if (key == NULL) { + /* Error */ +} +.Ed +.Pp +Read a private key from a +.Vt BIO +using a pass phrase callback: +.Bd -literal -offset indent +key = PEM_read_bio_PrivateKey(bp, NULL, pass_cb, "My Private Key"); +if (key == NULL) { + /* Error */ +} +.Ed +.Pp +Skeleton pass phrase callback: +.Bd -literal -offset indent +int +pass_cb(char *buf, int size, int rwflag, void *u) +{ + int len; + char *tmp; + + /* We'd probably do something else if 'rwflag' is 1 */ + printf("Enter pass phrase for \e"%s\e"\en", u); + + /* get pass phrase, length 'len' into 'tmp' */ + tmp = "hello"; + len = strlen(tmp); + + if (len == 0) + return 0; + /* if too long, truncate */ + if (len > size) + len = size; + memcpy(buf, tmp, len); + return len; +} +.Ed +.Sh SEE ALSO +.Xr BIO_new 3 , +.Xr PEM_bytes_read_bio 3 , +.Xr PEM_read 3 +.Sh HISTORY +.Fn PEM_read_X509 +and +.Fn PEM_write_X509 +appeared in SSLeay 0.4 or earlier. +.Fn PEM_read_X509_REQ , +.Fn PEM_write_X509_REQ , +.Fn PEM_read_X509_CRL , +and +.Fn PEM_write_X509_CRL +first appeared in SSLeay 0.4.4. +.Fn PEM_read_RSAPrivateKey , +.Fn PEM_write_RSAPrivateKey , +.Fn PEM_read_DHparams , +.Fn PEM_write_DHparams , +.Fn PEM_read_PKCS7 , +and +.Fn PEM_write_PKCS7 +first appeared in SSLeay 0.5.1. +.Fn PEM_read_bio_PrivateKey , +.Fn PEM_read_PrivateKey , +.Fn PEM_read_bio_RSAPrivateKey , +.Fn PEM_write_bio_RSAPrivateKey , +.Fn PEM_read_bio_DSAPrivateKey , +.Fn PEM_read_DSAPrivateKey , +.Fn PEM_write_bio_DSAPrivateKey , +.Fn PEM_write_DSAPrivateKey , +.Fn PEM_read_bio_DHparams , +.Fn PEM_write_bio_DHparams , +.Fn PEM_read_bio_X509 , +.Fn PEM_write_bio_X509 , +.Fn PEM_read_bio_X509_REQ , +.Fn PEM_write_bio_X509_REQ , +.Fn PEM_read_bio_X509_CRL , +.Fn PEM_write_bio_X509_CRL , +.Fn PEM_read_bio_PKCS7 , +and +.Fn PEM_write_bio_PKCS7 +first appeared in SSLeay 0.6.0. +.Fn PEM_write_bio_PrivateKey , +.Fn PEM_write_PrivateKey , +.Fn PEM_read_bio_DSAparams , +.Fn PEM_read_DSAparams , +.Fn PEM_write_bio_DSAparams , +and +.Fn PEM_write_DSAparams +first appeared in SSLeay 0.8.0. +.Fn PEM_read_bio_RSAPublicKey , +.Fn PEM_read_RSAPublicKey , +.Fn PEM_write_bio_RSAPublicKey , +and +.Fn PEM_write_RSAPublicKey +first appeared in SSLeay 0.8.1. +All these functions have been available since +.Ox 2.4 . +.Pp +.Fn PEM_write_bio_PKCS8PrivateKey , +.Fn PEM_write_PKCS8PrivateKey , +.Fn PEM_read_bio_PKCS8 , +.Fn PEM_read_PKCS8 , +.Fn PEM_write_bio_PKCS8 , +.Fn PEM_write_PKCS8 , +.Fn PEM_read_bio_PKCS8_PRIV_KEY_INFO , +.Fn PEM_read_PKCS8_PRIV_KEY_INFO , +.Fn PEM_write_bio_PKCS8_PRIV_KEY_INFO , +.Fn PEM_write_PKCS8_PRIV_KEY_INFO , +.Fn PEM_read_bio_NETSCAPE_CERT_SEQUENCE , +.Fn PEM_read_NETSCAPE_CERT_SEQUENCE , +.Fn PEM_write_bio_NETSCAPE_CERT_SEQUENCE , +and +.Fn PEM_write_NETSCAPE_CERT_SEQUENCE +first appeared in OpenSSL 0.9.4 and have been available since +.Ox 2.6 . +.Pp +.Fn PEM_write_bio_PKCS8PrivateKey_nid , +.Fn PEM_write_PKCS8PrivateKey_nid , +.Fn PEM_read_bio_PUBKEY , +.Fn PEM_read_PUBKEY , +.Fn PEM_write_bio_PUBKEY , +.Fn PEM_write_PUBKEY , +.Fn PEM_read_bio_RSA_PUBKEY , +.Fn PEM_read_RSA_PUBKEY , +.Fn PEM_write_bio_RSA_PUBKEY , +.Fn PEM_write_RSA_PUBKEY , +.Fn PEM_read_bio_DSA_PUBKEY , +.Fn PEM_read_DSA_PUBKEY , +.Fn PEM_write_bio_DSA_PUBKEY , +.Fn PEM_write_DSA_PUBKEY , +.Fn PEM_write_bio_X509_REQ_NEW , +.Fn PEM_write_X509_REQ_NEW , +.Fn PEM_read_bio_X509_AUX , +.Fn PEM_read_X509_AUX , +.Fn PEM_write_bio_X509_AUX , +and +.Fn PEM_write_X509_AUX +first appeared in OpenSSL 0.9.5 and have been available since +.Ox 2.7 . +.Pp +.Fn PEM_read_bio_ECPKParameters , +.Fn PEM_read_ECPKParameters , +.Fn PEM_write_bio_ECPKParameters , +.Fn PEM_write_ECPKParameters , +.Fn PEM_read_bio_ECPrivateKey , +.Fn PEM_read_ECPrivateKey , +.Fn PEM_write_bio_ECPrivateKey , +.Fn PEM_write_ECPrivateKey , +.Fn PEM_read_bio_EC_PUBKEY , +.Fn PEM_read_EC_PUBKEY , +.Fn PEM_write_bio_EC_PUBKEY , +and +.Fn PEM_write_EC_PUBKEY +first appeared in OpenSSL 0.9.8 and have been available since +.Ox 4.5 . +.Sh CAVEATS +A frequent cause of problems is attempting to use the PEM routines like +this: +.Bd -literal -offset indent +X509 *x; +PEM_read_bio_X509(bp, &x, 0, NULL); +.Ed +.Pp +This is a bug because an attempt will be made to reuse the data at +.Fa x , +which is an uninitialised pointer. +.Sh BUGS +The PEM read routines in some versions of OpenSSL will not correctly +reuse an existing structure. +Therefore +.Pp +.Dl PEM_read_bio_X509(bp, &x, 0, NULL); +.Pp +where +.Fa x +already contains a valid certificate may not work, whereas +.Bd -literal -offset indent +X509_free(x); +x = PEM_read_bio_X509(bp, NULL, 0, NULL); +.Ed +.Pp +is guaranteed to work. diff --git a/src/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 b/src/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 new file mode 100644 index 00000000000..30bab9f0f71 --- /dev/null +++ b/src/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 @@ -0,0 +1,89 @@ +.\" $OpenBSD: PEM_write_bio_PKCS7_stream.3,v 1.8 2018/03/23 04:34:23 schwarze Exp $ +.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2007, 2009, 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt PEM_WRITE_BIO_PKCS7_STREAM 3 +.Os +.Sh NAME +.Nm PEM_write_bio_PKCS7_stream +.Nd output PKCS7 structure in PEM format +.Sh SYNOPSIS +.In openssl/pkcs7.h +.Ft int +.Fo PEM_write_bio_PKCS7_stream +.Fa "BIO *out" +.Fa "PKCS7 *p7" +.Fa "BIO *data" +.Fa "int flags" +.Fc +.Sh DESCRIPTION +.Fn PEM_write_bio_PKCS7_stream +outputs a PKCS7 structure in PEM format. +.Pp +It is otherwise identical to the function +.Xr SMIME_write_PKCS7 3 . +.Pp +This function is effectively a version of +.Xr PEM_write_bio_PKCS7 3 +supporting streaming. +.Sh RETURN VALUES +.Fn PEM_write_bio_PKCS7_stream +returns 1 for success or 0 for failure. +.Sh SEE ALSO +.Xr BIO_new 3 , +.Xr ERR_get_error 3 , +.Xr i2d_PKCS7_bio_stream 3 , +.Xr PEM_write_PKCS7 3 , +.Xr PKCS7_new 3 , +.Xr SMIME_write_PKCS7 3 +.Sh HISTORY +.Fn PEM_write_bio_PKCS7_stream +first appeared in OpenSSL 1.0.0 and has been available since +.Ox 4.9 . diff --git a/src/lib/libcrypto/man/PKCS12_SAFEBAG_new.3 b/src/lib/libcrypto/man/PKCS12_SAFEBAG_new.3 new file mode 100644 index 00000000000..d174babddb0 --- /dev/null +++ b/src/lib/libcrypto/man/PKCS12_SAFEBAG_new.3 @@ -0,0 +1,103 @@ +.\" $OpenBSD: PKCS12_SAFEBAG_new.3,v 1.3 2018/03/21 17:57:48 schwarze Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 21 2018 $ +.Dt PKCS12_SAFEBAG_NEW 3 +.Os +.Sh NAME +.Nm PKCS12_SAFEBAG_new , +.Nm PKCS12_SAFEBAG_free , +.Nm PKCS12_BAGS_new , +.Nm PKCS12_BAGS_free +.Nd PKCS#12 container for one piece of information +.Sh SYNOPSIS +.In openssl/pkcs12.h +.Ft PKCS12_SAFEBAG * +.Fn PKCS12_SAFEBAG_new void +.Ft void +.Fn PKCS12_SAFEBAG_free "PKCS12_SAFEBAG *safebag" +.Ft PKCS12_BAGS * +.Fn PKCS12_BAGS_new void +.Ft void +.Fn PKCS12_BAGS_free "PKCS12_BAGS *bag" +.Sh DESCRIPTION +.Fn PKCS12_SAFEBAG_new +allocates and initializes an empty +.Vt PKCS12_SAFEBAG +object, representing an ASN.1 +.Vt SafeBag +structure defined in RFC 7292 section 4.2. +It can hold a pointer to a +.Vt PKCS12_BAGS +object together with a type identifier and optional attributes. +.Fn PKCS12_SAFEBAG_free +frees +.Fa safebag . +.Pp +.Fn PKCS12_BAGS_new +allocates and initializes an empty +.Vt PKCS12_BAGS +object, representing the bagValue field of an ASN.1 +.Vt SafeBag +structure. +It is used in +.Vt PKCS12_SAFEBAG +and can hold a DER-encoded X.509 certificate, +a base64-encoded SDSI certificate, +a DER-encoded X.509 CRL, +or other user-defined information. +.Pp +If an instance of +.Vt PKCS12_SAFEBAG +contains +.Vt PKCS8_PRIV_KEY_INFO , +.Vt X509_SIG , +or nested +.Vt PKCS12_SAFEBAG +objects, the respective pointers are stored directly in the +.Vt PKCS12_SAFEBAG +object rather than in the contained +.Vt PKCS12_BAGS +object as required by RFC 7292. +.Sh RETURN VALUES +.Fn PKCS12_SAFEBAG_new +and +.Fn PKCS12_BAGS_new +return the new +.Vt PKCS12_SAFEBAG +or +.Vt PKCS12_BAGS +object, respectively, or +.Dv NULL +if an error occurs. +.Sh SEE ALSO +.Xr PKCS12_new 3 , +.Xr PKCS8_PRIV_KEY_INFO_new 3 , +.Xr X509_ATTRIBUTE_new 3 , +.Xr X509_CRL_new 3 , +.Xr X509_new 3 , +.Xr X509_SIG_new 3 +.Sh STANDARDS +RFC 7292: PKCS #12: Personal Information Exchange Syntax, +section 4.2: The SafeBag Type +.Sh HISTORY +.Fn PKCS12_SAFEBAG_new , +.Fn PKCS12_SAFEBAG_free , +.Fn PKCS12_BAGS_new , +and +.Fn PKCS12_BAGS_free +first appeared in OpenSSL 0.9.3 and have been available since +.Ox 2.6 . diff --git a/src/lib/libcrypto/man/PKCS12_create.3 b/src/lib/libcrypto/man/PKCS12_create.3 new file mode 100644 index 00000000000..67c814182c5 --- /dev/null +++ b/src/lib/libcrypto/man/PKCS12_create.3 @@ -0,0 +1,182 @@ +.\" $OpenBSD: PKCS12_create.3,v 1.7 2018/05/13 14:52:23 schwarze Exp $ +.\" full merge up to: OpenSSL 05ea606a May 20 20:52:46 2016 -0400 +.\" selective merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2002, 2015 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: May 13 2018 $ +.Dt PKCS12_CREATE 3 +.Os +.Sh NAME +.Nm PKCS12_create +.Nd create a PKCS#12 structure +.Sh SYNOPSIS +.In openssl/pkcs12.h +.Ft PKCS12 * +.Fo PKCS12_create +.Fa "const char *pass" +.Fa "const char *name" +.Fa "EVP_PKEY *pkey" +.Fa "X509 *cert" +.Fa "STACK_OF(X509) *ca" +.Fa "int nid_key" +.Fa "int nid_cert" +.Fa "int iter" +.Fa "int mac_iter" +.Fa "int keytype" +.Fc +.Sh DESCRIPTION +.Fn PKCS12_create +creates a PKCS#12 structure. +.Pp +.Fa pass +is the passphrase to use. +.Fa name +is the +.Sy friendlyName +to use for the supplied certificate and key. +.Fa pkey +is the private key to include in the structure and +.Fa cert +its corresponding certificates. +.Fa ca +is an optional set of certificates to also include in the structure. +.Fa pkey , +.Fa cert , +or both can be +.Dv NULL +to indicate that no key or certificate is required. +.Pp +.Fa nid_key +and +.Fa nid_cert +are the encryption algorithms that should be used for the key and +certificate, respectively. +If either +.Fa nid_key +or +.Fa nid_cert +is set to -1, no encryption will be used. +.Pp +.Fa iter +is the encryption algorithm iteration count to use and +.Fa mac_iter +is the MAC iteration count to use. +If +.Fa mac_iter +is set to -1, the MAC will be omitted entirely. +.Pp +.Fa keytype +is the type of key. +.Pp +The parameters +.Fa nid_key , +.Fa nid_cert , +.Fa iter , +.Fa mac_iter , +and +.Fa keytype +can all be set to zero and sensible defaults will be used. +.Pp +These defaults are: 40-bit RC2 encryption for certificates, triple DES +encryption for private keys, a key iteration count of +PKCS12_DEFAULT_ITER (currently 2048) and a MAC iteration count of 1. +.Pp +The default MAC iteration count is 1 in order to retain compatibility +with old software which did not interpret MAC iteration counts. +If such compatibility is not required then +.Fa mac_iter +should be set to PKCS12_DEFAULT_ITER. +.Pp +.Fa keytype +adds a flag to the store private key. +This is a non-standard extension that is only currently interpreted by +MSIE. +If set to zero the flag is omitted; if set to +.Dv KEY_SIG +the key can be used for signing only; and if set to +.Dv KEY_EX +it can be used for signing and encryption. +This option was useful for old export grade software which could use +signing only keys of arbitrary size but had restrictions on the +permissible sizes of keys which could be used for encryption. +.Pp +If a certificate contains an +.Sy alias +or +.Sy keyid +then this will be used for the corresponding +.Sy friendlyName +or +.Sy localKeyID +in the PKCS12 structure. +.Sh RETURN VALUES +.Fn PKCS12_create +returns a valid +.Vt PKCS12 +structure or +.Dv NULL +if an error occurred. +.Sh SEE ALSO +.Xr d2i_PKCS12 3 +.Sh HISTORY +.Fn PKCS12_create +first appeared in OpenSSL 0.9.3 and has been available since +.Ox 2.6 . +.Pp +Before OpenSSL 0.9.8, neither +.Fa pkey +nor +.Fa cert +were allowed to be +.Dv NULL , +and a value of -1 was not allowed for +.Fa nid_key , +.Fa nid_cert , +and +.Fa mac_iter . diff --git a/src/lib/libcrypto/man/PKCS12_new.3 b/src/lib/libcrypto/man/PKCS12_new.3 new file mode 100644 index 00000000000..29080b672f3 --- /dev/null +++ b/src/lib/libcrypto/man/PKCS12_new.3 @@ -0,0 +1,98 @@ +.\" $OpenBSD: PKCS12_new.3,v 1.3 2018/03/21 17:57:48 schwarze Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 21 2018 $ +.Dt PKCS12_NEW 3 +.Os +.Sh NAME +.Nm PKCS12_new , +.Nm PKCS12_free , +.Nm PKCS12_MAC_DATA_new , +.Nm PKCS12_MAC_DATA_free +.Nd PKCS#12 personal information exchange (PFX) +.Sh SYNOPSIS +.In openssl/pkcs12.h +.Ft PKCS12 * +.Fn PKCS12_new void +.Ft void +.Fn PKCS12_free "PKCS12 *pfx" +.Ft PKCS12_MAC_DATA * +.Fn PKCS12_MAC_DATA_new void +.Ft void +.Fn PKCS12_MAC_DATA_free "PKCS12_MAC_DATA *mac_data" +.Sh DESCRIPTION +.Fn PKCS12_new +allocates and initializes an empty +.Vt PKCS12 +object, representing an ASN.1 +.Vt PFX +.Pq personal information exchange +structure defined in RFC 7292 section 4. +It can hold a pointer to a +.Vt PKCS7 +object described in +.Xr PKCS7_new 3 +and optionally an instance of +.Vt PKCS12_MAC_DATA +described below. +.Fn PKCS12_free +frees +.Fa pfx . +.Pp +.Fn PKCS12_MAC_DATA_new +allocates and initializes an empty +.Vt PKCS12_MAC_DATA +object, representing an ASN.1 +.Vt MacData +structure defined in RFC 7292 section 4. +It is used inside +.Vt PKCS12 +and can hold a pointer to an +.Vt X509_SIG +object described in +.Xr X509_SIG_new 3 +together with a salt value and an iteration count. +.Fn PKCS12_MAC_DATA_free +frees +.Fa mac_data . +.Sh RETURN VALUES +.Fn PKCS12_new +and +.Fn PKCS12_MAC_DATA_new +return the new +.Vt PKCS12 +or +.Vt PKCS12_MAC_DATA +object, respectively, or +.Dv NULL +if an error occurs. +.Sh SEE ALSO +.Xr d2i_PKCS12 3 , +.Xr PKCS12_create 3 , +.Xr PKCS12_newpass 3 , +.Xr PKCS12_SAFEBAG_new 3 , +.Xr PKCS7_new 3 , +.Xr X509_SIG_new 3 +.Sh STANDARDS +RFC 7292: PKCS #12: Personal Information Exchange Syntax +.Sh HISTORY +.Fn PKCS12_new , +.Fn PKCS12_free , +.Fn PKCS12_MAC_DATA_new , +and +.Fn PKCS12_MAC_DATA_free +first appeared in OpenSSL 0.9.3 and have been available since +.Ox 2.6 . diff --git a/src/lib/libcrypto/man/PKCS12_newpass.3 b/src/lib/libcrypto/man/PKCS12_newpass.3 new file mode 100644 index 00000000000..48e4060c917 --- /dev/null +++ b/src/lib/libcrypto/man/PKCS12_newpass.3 @@ -0,0 +1,159 @@ +.\" $OpenBSD: PKCS12_newpass.3,v 1.2 2018/03/22 16:06:33 schwarze Exp $ +.\" OpenSSL c95a8b4e May 5 14:26:26 2016 +0100 +.\" +.\" This file was written by Jeffrey Walton . +.\" Copyright (c) 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 22 2018 $ +.Dt PKCS12_NEWPASS 3 +.Os +.Sh NAME +.Nm PKCS12_newpass +.Nd change the password of a PKCS#12 structure +.Sh SYNOPSIS +.In openssl/pkcs12.h +.Ft int +.Fo PKCS12_newpass +.Fa "PKCS12 *p12" +.Fa "const char *oldpass" +.Fa "const char *newpass" +.Fc +.Sh DESCRIPTION +.Fn PKCS12_newpass +changes the password of a PKCS#12 structure. +.Pp +.Fa p12 +is a pointer to a PKCS#12 structure. +.Fa oldpass +is the existing password and +.Fa newpass +is the new password. +.Pp +If the PKCS#12 structure does not have a password, use the empty +string +.Qq \& +for +.Fa oldpass . +Passing +.Dv NULL +for +.Fa oldpass +results in a +.Fn PKCS12_newpass +failure. +.Pp +If the wrong password is used for +.Fa oldpass , +the function will fail with a MAC verification error. +In rare cases, the PKCS#12 structure does not contain a MAC: +in this case it will usually fail with a decryption padding error. +.Sh RETURN VALUES +.Fn PKCS12_newpass +returns 1 on success or 0 on failure. +.Pp +Applications can retrieve the most recent error from +.Fn PKCS12_newpass +with +.Xr ERR_get_error 3 . +.Sh EXAMPLES +This example loads a PKCS#12 file, changes its password, +and writes out the result to a new file. +.Bd -literal +#include +#include +#include +#include +#include + +int main(int argc, char **argv) +{ + FILE *fp; + PKCS12 *p12; + if (argc != 5) { + fprintf(stderr, + "Usage: pkread p12file password newpass opfile\en"); + return 1; + } + if ((fp = fopen(argv[1], "rb")) == NULL) { + fprintf(stderr, "Error opening file %s\en", argv[1]); + return 1; + } + p12 = d2i_PKCS12_fp(fp, NULL); + fclose(fp); + if (p12 == NULL) { + fprintf(stderr, "Error reading PKCS#12 file\en"); + ERR_print_errors_fp(stderr); + return 1; + } + if (PKCS12_newpass(p12, argv[2], argv[3]) == 0) { + fprintf(stderr, "Error changing password\en"); + ERR_print_errors_fp(stderr); + PKCS12_free(p12); + return 1; + } + if ((fp = fopen(argv[4], "wb")) == NULL) { + fprintf(stderr, "Error opening file %s\en", argv[4]); + PKCS12_free(p12); + return 1; + } + i2d_PKCS12_fp(fp, p12); + PKCS12_free(p12); + fclose(fp); + return 0; +} +.Ed +.Sh SEE ALSO +.Xr ERR_get_error 3 , +.Xr PKCS12_create 3 +.Sh HISTORY +.Fn PKCS12_newpass +first appeared in OpenSSL 0.9.5 and has been available since +.Ox 2.7 . +.Sh BUGS +The password format is a NUL terminated ASCII string which is +converted to Unicode form internally. +As a result, some passwords cannot be supplied to this function. diff --git a/src/lib/libcrypto/man/PKCS12_parse.3 b/src/lib/libcrypto/man/PKCS12_parse.3 new file mode 100644 index 00000000000..51e78d9430d --- /dev/null +++ b/src/lib/libcrypto/man/PKCS12_parse.3 @@ -0,0 +1,142 @@ +.\" $OpenBSD: PKCS12_parse.3,v 1.5 2018/03/21 17:57:48 schwarze Exp $ +.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2002, 2009 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 21 2018 $ +.Dt PKCS12_PARSE 3 +.Os +.Sh NAME +.Nm PKCS12_parse +.Nd parse a PKCS#12 structure +.Sh SYNOPSIS +.In openssl/pkcs12.h +.Ft int +.Fo PKCS12_parse +.Fa "PKCS12 *p12" +.Fa "const char *pass" +.Fa "EVP_PKEY **pkey" +.Fa "X509 **cert" +.Fa "STACK_OF(X509) **ca" +.Fc +.Sh DESCRIPTION +.Fn PKCS12_parse +parses a PKCS12 structure. +.Pp +.Fa p12 +is the +.Vt PKCS12 +structure to parse. +.Fa pass +is the passphrase to use. +If successful, the private key will be written to +.Pf * Fa pkey , +the corresponding certificate to +.Pf * Fa cert , +and any additional certificates to +.Pf * Fa ca . +.Pp +The parameters +.Fa pkey +and +.Fa cert +cannot be +.Dv NULL . +.Fa ca +can be +.Dv NULL , +in which case additional certificates will be discarded. +.Pf * Fa ca +can also be a valid STACK, in which case additional certificates are +appended to +.Pf * Fa ca . +If +.Pf * Fa ca +is +.Dv NULL , +a new STACK will be allocated. +.Pp +The +.Sy friendlyName +and +.Sy localKeyID +attributes (if present) of each certificate will be stored in the +.Fa alias +and +.Fa keyid +attributes of the +.Vt X509 +structure. +.Sh RETURN VALUES +.Fn PKCS12_parse +returns 1 for success and 0 if an error occurred. +.Pp +The error can be obtained from +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr d2i_PKCS12 3 +.Sh HISTORY +.Fn PKCS12_parse +first appeared in OpenSSL 0.9.3 and has been available since +.Ox 2.6 . +.Sh BUGS +Only a single private key and corresponding certificate is returned by +this function. +More complex PKCS#12 files with multiple private keys will only return +the first match. +.Pp +Only +.Sy friendlyName +and +.Sy localKeyID +attributes are currently stored in certificates. +Other attributes are discarded. +.Pp +Attributes currently cannot be stored in the private key +.Vt EVP_PKEY +structure. diff --git a/src/lib/libcrypto/man/PKCS5_PBKDF2_HMAC.3 b/src/lib/libcrypto/man/PKCS5_PBKDF2_HMAC.3 new file mode 100644 index 00000000000..b6dc6396827 --- /dev/null +++ b/src/lib/libcrypto/man/PKCS5_PBKDF2_HMAC.3 @@ -0,0 +1,164 @@ +.\" $OpenBSD: PKCS5_PBKDF2_HMAC.3,v 1.6 2018/03/23 04:34:23 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Jeffrey Walton . +.\" Copyright (c) 2014, 2015 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt PKCS5_PBKDF2_HMAC 3 +.Os +.Sh NAME +.Nm PKCS5_PBKDF2_HMAC , +.Nm PKCS5_PBKDF2_HMAC_SHA1 +.Nd password based derivation routines with salt and iteration count +.Sh SYNOPSIS +.In openssl/evp.h +.Ft int +.Fo PKCS5_PBKDF2_HMAC +.Fa "const char *pass" +.Fa "int passlen" +.Fa "const unsigned char *salt" +.Fa "int saltlen" +.Fa "int iter" +.Fa "const EVP_MD *digest" +.Fa "int keylen" +.Fa "unsigned char *out" +.Fc +.Ft int +.Fo PKCS5_PBKDF2_HMAC_SHA1 +.Fa "const char *pass" +.Fa "int passlen" +.Fa "const unsigned char *salt" +.Fa "int saltlen" +.Fa "int iter" +.Fa "int keylen" +.Fa "unsigned char *out" +.Fc +.Sh DESCRIPTION +.Fn PKCS5_PBKDF2_HMAC +derives a key from a password using a salt and iteration count as +specified in RFC 2898. +.Pp +.Fa pass +is the password used in the derivation of length +.Fa passlen . +.Fa pass +is an optional parameter and can be +.Dv NULL . +If +.Fa passlen +is -1, then the function will calculate the length of +.Fa pass +using +.Xr strlen 3 . +.Pp +.Fa salt +is the salt used in the derivation of length +.Fa saltlen . +If the +.Fa salt +is +.Dv NULL , +then +.Fa saltlen +must be 0. +The function will not attempt to calculate the length of the +.Fa salt +because it is not assumed to be NUL terminated. +.Pp +.Fa iter +is the iteration count and its value should be greater than or equal to 1. +RFC 2898 suggests an iteration count of at least 1000. +Any +.Fa iter +less than 1 is treated as a single iteration. +.Pp +.Fa digest +is the message digest function used in the derivation. +Values include any of the EVP_* message digests. +.Fn PKCS5_PBKDF2_HMAC_SHA1 +calls +.Fn PKCS5_PBKDF2_HMAC +with +.Xr EVP_sha1 3 . +.Pp +The derived key will be written to +.Fa out . +The size of the +.Fa out +buffer is specified via +.Fa keylen . +.Pp +A typical application of this function is to derive keying material for +an encryption algorithm from a password in the +.Fa pass , +a salt in +.Fa salt , +and an iteration count. +.Pp +Increasing the +.Fa iter +parameter slows down the algorithm which makes it harder for an attacker +to perform a brute force attack using a large number of candidate +passwords. +.Sh RETURN VALUES +.Fn PKCS5_PBKDF2_HMAC +and +.Fn PBKCS5_PBKDF2_HMAC_SHA1 +return 1 on success or 0 on error. +.Sh SEE ALSO +.Xr evp 3 , +.Xr EVP_BytesToKey 3 , +.Xr RAND_bytes 3 +.Sh HISTORY +.Fn PKCS5_PBKDF2_HMAC_SHA1 +first appeared in OpenSSL 0.9.4 and has been available since +.Ox 2.6 . +.Pp +.Fn PKCS5_PBKDF2_HMAC +first appeared in OpenSSL 1.0.0 and has been available since +.Ox 4.9 . diff --git a/src/lib/libcrypto/man/PKCS7_decrypt.3 b/src/lib/libcrypto/man/PKCS7_decrypt.3 new file mode 100644 index 00000000000..1a3ba7c67d2 --- /dev/null +++ b/src/lib/libcrypto/man/PKCS7_decrypt.3 @@ -0,0 +1,122 @@ +.\" $OpenBSD: PKCS7_decrypt.3,v 1.7 2018/03/22 16:06:33 schwarze Exp $ +.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2002, 2006 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 22 2018 $ +.Dt PKCS7_DECRYPT 3 +.Os +.Sh NAME +.Nm PKCS7_decrypt +.Nd decrypt content from a PKCS#7 envelopedData structure +.Sh SYNOPSIS +.In openssl/pkcs7.h +.Ft int +.Fo PKCS7_decrypt +.Fa "PKCS7 *p7" +.Fa "EVP_PKEY *pkey" +.Fa "X509 *cert" +.Fa "BIO *data" +.Fa "int flags" +.Fc +.Sh DESCRIPTION +.Fn PKCS7_decrypt +extracts and decrypts the content from a PKCS#7 envelopedData structure. +.Fa pkey +is the private key of the recipient, +.Fa cert +is the recipient's certificate, +.Fa data +is a +.Vt BIO +to write the content to and +.Fa flags +is an optional set of flags. +.Pp +.Xr OpenSSL_add_all_algorithms 3 +(or equivalent) should be called before using this function or errors +about unknown algorithms will occur. +.Pp +Although the recipient's certificate is not needed to decrypt the data, +it is needed to locate the appropriate recipients +in the PKCS#7 structure. +.Pp +If the +.Dv PKCS7_TEXT +.Fa flag +is set, MIME headers for type +.Sy text/plain +are deleted from the content. +If the content is not of type +.Sy text/plain , +an error is returned. +.Sh RETURN VALUES +.Fn PKCS7_decrypt +returns 1 for success or 0 for failure. +.Pp +The error can be obtained from +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr ERR_get_error 3 , +.Xr PKCS7_encrypt 3 , +.Xr PKCS7_new 3 +.Sh HISTORY +.Fn PKCS7_decrypt +first appeared in OpenSSL 0.9.5 and has been available since +.Ox 2.7 . +.Sh BUGS +.Fn PKCS7_decrypt +must be passed the correct recipient key and certificate. +It would be better if it could look up the correct key and certificate +from a database. +.Pp +The lack of single pass processing and need to hold all data in memory +as mentioned in +.Xr PKCS7_sign 3 +also applies to +.Fn PKCS7_decrypt . diff --git a/src/lib/libcrypto/man/PKCS7_encrypt.3 b/src/lib/libcrypto/man/PKCS7_encrypt.3 new file mode 100644 index 00000000000..a8717d31041 --- /dev/null +++ b/src/lib/libcrypto/man/PKCS7_encrypt.3 @@ -0,0 +1,167 @@ +.\" $OpenBSD: PKCS7_encrypt.3,v 1.8 2018/03/23 23:18:17 schwarze Exp $ +.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2002, 2006, 2007, 2008, 2009 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt PKCS7_ENCRYPT 3 +.Os +.Sh NAME +.Nm PKCS7_encrypt +.Nd create a PKCS#7 envelopedData structure +.Sh SYNOPSIS +.In openssl/pkcs7.h +.Ft PKCS7 * +.Fo PKCS7_encrypt +.Fa "STACK_OF(X509) *certs" +.Fa "BIO *in" +.Fa "const EVP_CIPHER *cipher" +.Fa "int flags" +.Fc +.Sh DESCRIPTION +.Fn PKCS7_encrypt +creates and returns a PKCS#7 envelopedData structure. +.Fa certs +is a list of recipient certificates. +.Fa in +is the content to be encrypted. +.Fa cipher +is the symmetric cipher to use. +.Fa flags +is an optional set of flags. +.Pp +Only RSA keys are supported in PKCS#7 and envelopedData so the recipient +certificates supplied to this function must all contain RSA public keys, +though they do not have to be signed using the RSA algorithm. +.Pp +The algorithm passed in the +.Fa cipher +parameter must support ASN.1 encoding of its parameters. +.Pp +Many browsers implement a "sign and encrypt" option which is simply an +S/MIME envelopedData containing an S/MIME signed message. +This can be readily produced by storing the S/MIME signed message in a +memory +.Vt BIO +and passing it to +.Fn PKCS7_encrypt . +.Pp +The following flags can be passed in the +.Fa flags +parameter. +.Pp +If the +.Dv PKCS7_TEXT +flag is set, MIME headers for type +.Sy text/plain +are prepended to the data. +.Pp +Normally the supplied content is translated into MIME canonical format +(as required by the S/MIME specifications). +If +.Dv PKCS7_BINARY +is set, no translation occurs. +This option should be used if the supplied data is in binary format; +otherwise, the translation will corrupt it. +If +.Dv PKCS7_BINARY +is set, then +.Dv PKCS7_TEXT +is ignored. +.Pp +If the +.Dv PKCS7_STREAM +flag is set, a partial +.Vt PKCS7 +structure is output suitable for streaming I/O: no data is read from +.Fa in . +.Pp +If the flag +.Dv PKCS7_STREAM +is set, the returned +.Vt PKCS7 +structure is +.Sy not +complete and outputting its contents via a function that does not +properly finalize the +.Vt PKCS7 +structure will give unpredictable results. +.Pp +Several functions, including +.Xr SMIME_write_PKCS7 3 , +.Xr i2d_PKCS7_bio_stream 3 , +and +.Xr PEM_write_bio_PKCS7_stream 3 , +finalize the structure. +Alternatively finalization can be performed by obtaining the streaming +ASN.1 +.Vt BIO +directly using +.Fn BIO_new_PKCS7 . +.Sh RETURN VALUES +.Fn PKCS7_encrypt +returns either a +.Vt PKCS7 +structure or +.Dv NULL +if an error occurred. +The error can be obtained from +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr ERR_get_error 3 , +.Xr PKCS7_decrypt 3 , +.Xr PKCS7_new 3 +.Sh HISTORY +.Fn PKCS7_encrypt +first appeared in OpenSSL 0.9.5 and has been available since +.Ox 2.7 . +.Pp +The +.Dv PKCS7_STREAM +flag was first supported in OpenSSL 1.0.0. diff --git a/src/lib/libcrypto/man/PKCS7_new.3 b/src/lib/libcrypto/man/PKCS7_new.3 new file mode 100644 index 00000000000..8d1c01edcd6 --- /dev/null +++ b/src/lib/libcrypto/man/PKCS7_new.3 @@ -0,0 +1,259 @@ +.\" $OpenBSD: PKCS7_new.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt PKCS7_NEW 3 +.Os +.Sh NAME +.Nm PKCS7_new , +.Nm PKCS7_free , +.Nm PKCS7_SIGNED_new , +.Nm PKCS7_SIGNED_free , +.Nm PKCS7_ENVELOPE_new , +.Nm PKCS7_ENVELOPE_free , +.Nm PKCS7_SIGN_ENVELOPE_new , +.Nm PKCS7_SIGN_ENVELOPE_free , +.Nm PKCS7_DIGEST_new , +.Nm PKCS7_DIGEST_free , +.Nm PKCS7_ENCRYPT_new , +.Nm PKCS7_ENCRYPT_free , +.Nm PKCS7_ENC_CONTENT_new , +.Nm PKCS7_ENC_CONTENT_free , +.Nm PKCS7_SIGNER_INFO_new , +.Nm PKCS7_SIGNER_INFO_free , +.Nm PKCS7_RECIP_INFO_new , +.Nm PKCS7_RECIP_INFO_free , +.Nm PKCS7_ISSUER_AND_SERIAL_new , +.Nm PKCS7_ISSUER_AND_SERIAL_free +.Nd PKCS#7 data structures +.Sh SYNOPSIS +.In openssl/pkcs7.h +.Ft PKCS7 * +.Fn PKCS7_new void +.Ft void +.Fn PKCS7_free "PKCS7 *p7" +.Ft PKCS7_SIGNED * +.Fn PKCS7_SIGNED_new void +.Ft void +.Fn PKCS7_SIGNED_free "PKCS7_SIGNED *signed" +.Ft PKCS7_ENVELOPE * +.Fn PKCS7_ENVELOPE_new void +.Ft void +.Fn PKCS7_ENVELOPE_free "PKCS7_ENVELOPE *envelope" +.Ft PKCS7_SIGN_ENVELOPE * +.Fn PKCS7_SIGN_ENVELOPE_new void +.Ft void +.Fn PKCS7_SIGN_ENVELOPE_free "PKCS7_SIGN_ENVELOPE *signed_envelope" +.Ft PKCS7_DIGEST * +.Fn PKCS7_DIGEST_new void +.Ft void +.Fn PKCS7_DIGEST_free "PKCS7_DIGEST *digested" +.Ft PKCS7_ENCRYPT * +.Fn PKCS7_ENCRYPT_new void +.Ft void +.Fn PKCS7_ENCRYPT_free "PKCS7_ENCRYPT *encrypted" +.Ft PKCS7_ENC_CONTENT * +.Fn PKCS7_ENC_CONTENT_new void +.Ft void +.Fn PKCS7_ENC_CONTENT_free "PKCS7_ENC_CONTENT *content" +.Ft PKCS7_SIGNER_INFO * +.Fn PKCS7_SIGNER_INFO_new void +.Ft void +.Fn PKCS7_SIGNER_INFO_free "PKCS7_SIGNER_INFO *signer" +.Ft PKCS7_RECIP_INFO * +.Fn PKCS7_RECIP_INFO_new void +.Ft void +.Fn PKCS7_RECIP_INFO_free "PKCS7_RECIP_INFO *recip" +.Ft PKCS7_ISSUER_AND_SERIAL * +.Fn PKCS7_ISSUER_AND_SERIAL_new void +.Ft void +.Fn PKCS7_ISSUER_AND_SERIAL_free "PKCS7_ISSUER_AND_SERIAL *cert" +.Sh DESCRIPTION +PKCS#7 is an ASN.1-based format for transmitting data that has +cryptography applied to it, in particular signed and encrypted data. +.Pp +.Fn PKCS7_new +allocates and initializes an empty +.Vt PKCS7 +object, representing an ASN.1 +.Vt ContentInfo +structure defined in RFC 2315 section 7. +It is the top-level data structure able to hold any kind of content +that can be transmitted using PKCS#7. +It can be used recursively in +.Vt PKCS7_SIGNED +and +.Vt PKCS7_DIGEST +objects. +.Fn PKCS7_free +frees +.Fa p7 . +.Pp +.Fn PKCS7_SIGNED_new +allocates and initializes an empty +.Vt PKCS7_SIGNED +object, representing an ASN.1 +.Vt SignedData +structure defined in RFC 2315 section 9. +It can be used inside +.Vt PKCS7 +objects and holds any kind of content together with signatures by +zero or more signers and information about the signing algorithm +and certificates used. +.Fn PKCS7_SIGNED_free +frees +.Fa signed . +.Pp +.Fn PKCS7_ENVELOPE_new +allocates and initializes an empty +.Vt PKCS7_ENVELOPE +object, representing an ASN.1 +.Vt EnvelopedData +structure defined in RFC 2315 section 10. +It can be used inside +.Vt PKCS7 +objects and holds any kind of encrypted content together with +content-encryption keys for one or more recipients. +.Fn PKCS7_ENVELOPE_free +frees +.Fa envelope . +.Pp +.Fn PKCS7_SIGN_ENVELOPE_new +allocates and initializes an empty +.Vt PKCS7_SIGN_ENVELOPE +object, representing an ASN.1 +.Vt SignedAndEnvelopedData +structure defined in RFC 2315 section 11. +It can be used inside +.Vt PKCS7 +objects and holds any kind of encrypted content together with +signatures by one or more signers, information about the signing +algorithm and certificates used, and content-encryption keys for +one or more recipients. +.Fn PKCS7_SIGN_ENVELOPE_free +frees +.Fa signed_envelope . +.Pp +.Fn PKCS7_DIGEST_new +allocates and initializes an empty +.Vt PKCS7_DIGEST +object, representing an ASN.1 +.Vt DigestedData +structure defined in RFC 2315 section 12. +It can be used inside +.Vt PKCS7 +objects and holds any kind of content together with a message digest +for checking its integrity and information about the algorithm used. +.Fn PKCS7_DIGEST_free +frees +.Fa digested . +.Pp +.Fn PKCS7_ENCRYPT_new +allocates and initializes an empty +.Vt PKCS7_ENCRYPT +object, representing an ASN.1 +.Vt EncryptedData +structure defined in RFC 2315 section 13. +It can be used inside +.Vt PKCS7 +objects and holds any kind of encrypted content. +Keys are not included and need to be communicated separately. +.Fn PKCS7_ENCRYPT_free +frees +.Fa encrypted . +.Pp +.Fn PKCS7_ENC_CONTENT_new +allocates and initializes an empty +.Vt PKCS7_ENC_CONTENT +object, representing an ASN.1 +.Vt EncryptedContentInfo +structure defined in RFC 2315 section 10.1. +It can be used inside +.Vt PKCS7_ENVELOPE , +.Vt PKCS7_SIGN_ENVELOPE , +and +.Vt PKCS7_ENCRYPT +objects and holds encrypted content together with information about +the encryption algorithm used. +.Fn PKCS7_ENC_CONTENT_free +frees +.Fa content . +.Pp +.Fn PKCS7_SIGNER_INFO_new +allocates and initializes an empty +.Vt PKCS7_SIGNER_INFO +object, representing an ASN.1 +.Vt SignerInfo +structure defined in RFC 2315 section 9.2. +It can be used inside +.Vt PKCS7_SIGNED +and +.Vt PKCS7_SIGN_ENVELOPE +objects and holds a signature together with information about the +signer and the algorithms used. +.Fn PKCS7_SIGNER_INFO_free +frees +.Fa signer . +.Pp +.Fn PKCS7_RECIP_INFO_new +allocates and initializes an empty +.Vt PKCS7_RECIP_INFO +object, representing an ASN.1 +.Vt RecipientInfo +structure defined in RFC 2315 section 10.2. +It can be used inside +.Vt PKCS7_ENVELOPE +and +.Vt PKCS7_SIGN_ENVELOPE +objects and holds a content-encryption key together with information +about the intended recipient and the key encryption algorithm used. +.Fn PKCS7_RECIP_INFO_free +frees +.Fa recip . +.Pp +.Fn PKCS7_ISSUER_AND_SERIAL_new +allocates and initializes an empty +.Vt PKCS7_ISSUER_AND_SERIAL +object, representing an ASN.1 +.Vt IssuerAndSerialNumber +structure defined in RFC 2315 section 6.7. +It can be used inside +.Vt PKCS7_SIGNER_INFO +and +.Vt PKCS7_RECIP_INFO +objects and identifies a certificate by holding the distinguished +name of the certificate issuer and an issuer-specific certificate +serial number. +.Fn PKCS7_ISSUER_AND_SERIAL_free +frees +.Fa cert . +.Sh SEE ALSO +.Xr i2d_PKCS7_bio_stream 3 , +.Xr PEM_read_PKCS7 3 , +.Xr PEM_write_bio_PKCS7_stream 3 , +.Xr PKCS7_decrypt 3 , +.Xr PKCS7_encrypt 3 , +.Xr PKCS7_sign 3 , +.Xr PKCS7_sign_add_signer 3 , +.Xr PKCS7_verify 3 , +.Xr SMIME_read_PKCS7 3 , +.Xr SMIME_write_PKCS7 3 +.Sh STANDARDS +RFC 2315: PKCS #7: Cryptographic Message Syntax Version 1.5 +.Sh HISTORY +These functions first appeared in SSLeay 0.5.1 +and have been available since +.Ox 2.4 . diff --git a/src/lib/libcrypto/man/PKCS7_sign.3 b/src/lib/libcrypto/man/PKCS7_sign.3 new file mode 100644 index 00000000000..aea1a265c2d --- /dev/null +++ b/src/lib/libcrypto/man/PKCS7_sign.3 @@ -0,0 +1,244 @@ +.\" $OpenBSD: PKCS7_sign.3,v 1.8 2018/03/22 16:06:33 schwarze Exp $ +.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2002, 2003, 2006-2009, 2015 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 22 2018 $ +.Dt PKCS7_SIGN 3 +.Os +.Sh NAME +.Nm PKCS7_sign +.Nd create a PKCS#7 signedData structure +.Sh SYNOPSIS +.In openssl/pkcs7.h +.Ft PKCS7 * +.Fo PKCS7_sign +.Fa "X509 *signcert" +.Fa "EVP_PKEY *pkey" +.Fa "STACK_OF(X509) *certs" +.Fa "BIO *data" +.Fa "int flags" +.Fc +.Sh DESCRIPTION +.Fn PKCS7_sign +creates and returns a PKCS#7 signedData structure. +.Fa signcert +is the certificate to sign with, +.Fa pkey +is the corresponding private key. +.Fa certs +is an optional additional set of certificates to include in the PKCS#7 +structure (for example any intermediate CAs in the chain). +.Pp +The data to be signed is read from +.Vt BIO +.Fa data . +.Pp +.Fa flags +is an optional set of flags. +.Pp +Any of the following flags (OR'ed together) can be passed in the +.Fa flags +parameter. +.Pp +Many S/MIME clients expect the signed content to include valid MIME +headers. +If the +.Dv PKCS7_TEXT +flag is set, MIME headers for type +.Sy text/plain +are prepended to the data. +.Pp +If +.Dv PKCS7_NOCERTS +is set, the signer's certificate will not be included in the PKCS7 +structure, though the signer's certificate must still be supplied in the +.Fa signcert +parameter. +This can reduce the size of the signature if the signer's certificate can +be obtained by other means: for example a previously signed message. +.Pp +The data being signed is included in the +.Vt PKCS7 +structure, unless +.Dv PKCS7_DETACHED +is set, in which case it is omitted. +This is used for PKCS7 detached signatures which are used in S/MIME +plaintext signed messages for example. +.Pp +Normally the supplied content is translated into MIME canonical format +(as required by the S/MIME specifications). +If +.Dv PKCS7_BINARY +is set, no translation occurs. +This option should be used if the supplied data is in binary format; +otherwise, the translation will corrupt it. +.Pp +The signedData structure includes several PKCS#7 authenticatedAttributes +including the signing time, the PKCS#7 content type and the supported +list of ciphers in an SMIMECapabilities attribute. +If +.Dv PKCS7_NOATTR +is set, then no authenticatedAttributes will be used. +If +.Dv PKCS7_NOSMIMECAP +is set, then just the SMIMECapabilities are omitted. +.Pp +If present, the SMIMECapabilities attribute indicates support for the +following algorithms: triple DES, 128-bit RC2, 64-bit RC2, DES +and 40-bit RC2. +If any of these algorithms is disabled then it will not be included. +.Pp +If the flags +.Dv PKCS7_STREAM +is set, then the returned +.Vt PKCS7 +structure is just initialized ready to perform the signing operation. +The signing is however +.Sy not +performed and the data to be signed is not read from the +.Fa data +parameter. +Signing is deferred until after the data has been written. +In this way data can be signed in a single pass. +.Pp +If the +.Dv PKCS7_PARTIAL +flag is set, a partial +.Vt PKCS7 +structure is output to which additional signers and capabilities can be +added before finalization. +.Pp +If the flag +.Dv PKCS7_STREAM +is set, the returned +.Vt PKCS7 +structure is +.Sy not +complete and outputting its contents via a function that does not +properly finalize the +.Vt PKCS7 +structure will give unpredictable results. +.Pp +Several functions, including +.Xr SMIME_write_PKCS7 3 , +.Xr i2d_PKCS7_bio_stream 3 , +and +.Xr PEM_write_bio_PKCS7_stream 3 , +finalize the structure. +Alternatively finalization can be performed by obtaining the streaming +ASN.1 +.Vt BIO +directly using +.Fn BIO_new_PKCS7 . +.Pp +If a signer is specified, it will use the default digest for the +signing algorithm. +This is +.Sy SHA1 +for both RSA and DSA keys. +.Pp +In OpenSSL 1.0.0, the +.Fa certs , +.Fa signcert , +and +.Fa pkey +parameters can all be +.Dv NULL +if the +.Dv PKCS7_PARTIAL +flag is set. +One or more signers can be added using the function +.Xr PKCS7_sign_add_signer 3 . +.Fn PKCS7_final +must also be called to finalize the structure if streaming is not +enabled. +Alternative signing digests can also be specified using this method. +.Pp +In OpenSSL 1.0.0, if +.Fa signcert +and +.Fa pkey +are +.Dv NULL , +then a certificate-only PKCS#7 structure is output. +.Pp +In versions of OpenSSL before 1.0.0 the +.Fa signcert +and +.Fa pkey +parameters must +.Sy NOT +be +.Dv NULL . +.Sh RETURN VALUES +.Fn PKCS7_sign +returns either a valid +.Vt PKCS7 +structure or +.Dv NULL +if an error occurred. +The error can be obtained from +.Fn ERR_get_error 3 . +.Sh SEE ALSO +.Xr ERR_get_error 3 , +.Xr PKCS7_new 3 , +.Xr PKCS7_verify 3 +.Sh HISTORY +.Fn PKCS7_sign +first appeared in OpenSSL 0.9.5 and have been available since +.Ox 2.7 . +.Pp +The +.Dv PKCS7_PARTIAL +and +.Dv PKCS7_STREAM +flags were added in OpenSSL 1.0.0. +.Sh BUGS +Some advanced attributes such as counter signatures are not supported. diff --git a/src/lib/libcrypto/man/PKCS7_sign_add_signer.3 b/src/lib/libcrypto/man/PKCS7_sign_add_signer.3 new file mode 100644 index 00000000000..72c82c8ae11 --- /dev/null +++ b/src/lib/libcrypto/man/PKCS7_sign_add_signer.3 @@ -0,0 +1,180 @@ +.\" $OpenBSD: PKCS7_sign_add_signer.3,v 1.8 2018/03/23 04:34:23 schwarze Exp $ +.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2007, 2008, 2009, 2015 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt PKCS7_SIGN_ADD_SIGNER 3 +.Os +.Sh NAME +.Nm PKCS7_sign_add_signer +.Nd add a signer PKCS7 signed data structure +.Sh SYNOPSIS +.In openssl/pkcs7.h +.Ft PKCS7_SIGNER_INFO * +.Fo PKCS7_sign_add_signer +.Fa "PKCS7 *p7" +.Fa "X509 *signcert" +.Fa "EVP_PKEY *pkey" +.Fa "const EVP_MD *md" +.Fa "int flags" +.Fc +.Sh DESCRIPTION +.Fn PKCS7_sign_add_signer +adds a signer with certificate +.Fa signcert +and private key +.Fa pkey +using message digest +.Fa md +to a +.Vt PKCS7 +signed data structure +.Fa p7 . +.Pp +The +.Vt PKCS7 +structure should be obtained from an initial call to +.Xr PKCS7_sign 3 +with the flag +.Dv PKCS7_PARTIAL +set or, in the case or re-signing, a valid +.Vt PKCS7 +signed data structure. +.Pp +If the +.Fa md +parameter is +.Dv NULL , +then the default digest for the public key algorithm will be used. +.Pp +Unless the +.Dv PKCS7_REUSE_DIGEST +flag is set, the returned +.Dv PKCS7 +structure is not complete and must be +finalized either by streaming (if applicable) or by a call to +.Fn PKCS7_final . +.Pp +The main purpose of this function is to provide finer control over a +PKCS#7 signed data structure where the simpler +.Xr PKCS7_sign 3 +function defaults are not appropriate, for example if multiple +signers or non default digest algorithms are needed. +.Pp +Any of the following flags (OR'ed together) can be passed in the +.Fa flags +parameter. +.Pp +If +.Dv PKCS7_REUSE_DIGEST +is set, then an attempt is made to copy the content digest value from the +.Vt PKCS7 +structure: to add a signer to an existing structure. +An error occurs if a matching digest value cannot be found to copy. +The returned +.Vt PKCS7 +structure will be valid and finalized when this flag is set. +.Pp +If +.Dv PKCS7_PARTIAL +is set in addition to +.Dv PKCS7_REUSE_DIGEST , +then the +.Dv PKCS7_SIGNER_INO +structure will not be finalized, so additional attributes can be added. +In this case an explicit call to +.Fn PKCS7_SIGNER_INFO_sign +is needed to finalize it. +.Pp +If +.Dv PKCS7_NOCERTS +is set, the signer's certificate will not be included in the +.Vt PKCS7 +structure, though the signer's certificate must still be supplied in the +.Fa signcert +parameter. +This can reduce the size of the signature if the signers certificate can +be obtained by other means: for example a previously signed message. +.Pp +The signedData structure includes several PKCS#7 authenticatedAttributes +including the signing time, the PKCS#7 content type and the supported +list of ciphers in an SMIMECapabilities attribute. +If +.Dv PKCS7_NOATTR +is set, then no authenticatedAttributes will be used. +If +.Dv PKCS7_NOSMIMECAP +is set, then just the SMIMECapabilities are omitted. +.Pp +If present, the SMIMECapabilities attribute indicates support for the +following algorithms: triple DES, 128-bit RC2, 64-bit RC2, DES +and 40-bit RC2. +If any of these algorithms is disabled, then it will not be included. +.Pp +.Fn PKCS7_sign_add_signer +returns an internal pointer to the +.Vt PKCS7_SIGNER_INFO +structure just added, which can be used to set additional attributes +before it is finalized. +.Sh RETURN VALUES +.Fn PKCS7_sign_add_signer +returns an internal pointer to the +.Vt PKCS7_SIGNER_INFO +structure just added or +.Dv NULL +if an error occurs. +.Sh SEE ALSO +.Xr ERR_get_error 3 , +.Xr PKCS7_new 3 , +.Xr PKCS7_sign 3 +.Sh HISTORY +.Fn PKCS7_sign_add_signer +first appeared in OpenSSL 1.0.0 and has been available since +.Ox 4.9 . diff --git a/src/lib/libcrypto/man/PKCS7_verify.3 b/src/lib/libcrypto/man/PKCS7_verify.3 new file mode 100644 index 00000000000..e800c90c540 --- /dev/null +++ b/src/lib/libcrypto/man/PKCS7_verify.3 @@ -0,0 +1,248 @@ +.\" $OpenBSD: PKCS7_verify.3,v 1.7 2018/03/22 16:06:33 schwarze Exp $ +.\" OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2002, 2006, 2013, 2014, 2015 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 22 2018 $ +.Dt PKCS7_VERIFY 3 +.Os +.Sh NAME +.Nm PKCS7_verify , +.Nm PKCS7_get0_signers +.Nd verify a PKCS#7 signedData structure +.Sh SYNOPSIS +.In openssl/pkcs7.h +.Ft int +.Fo PKCS7_verify +.Fa "PKCS7 *p7" +.Fa "STACK_OF(X509) *certs" +.Fa "X509_STORE *store" +.Fa "BIO *indata" +.Fa "BIO *out" +.Fa "int flags" +.Fc +.Ft STACK_OF(X509) * +.Fo PKCS7_get0_signers +.Fa "PKCS7 *p7" +.Fa "STACK_OF(X509) *certs" +.Fa "int flags" +.Fc +.Sh DESCRIPTION +.Fn PKCS7_verify +verifies a PKCS#7 signedData structure. +.Fa p7 +is the +.Vt PKCS7 +structure to verify. +.Fa certs +is a set of certificates in which to search for the signer's +certificate. +.Fa store +is a trusted certificate store (used for chain verification). +.Fa indata +is the signed data if the content is not present in +.Fa p7 , +that is if it is detached. +The content is written to +.Fa out +if it is not +.Dv NULL . +.Pp +.Fa flags +is an optional set of flags, which can be used to modify the verify +operation. +.Pp +.Fn PKCS7_get0_signers +retrieves the signer's certificates from +.Fa p7 . +It does +.Sy not +check their validity or whether any signatures are valid. +The +.Fa certs +and +.Fa flags +parameters have the same meanings as in +.Fn PKCS7_verify . +.Pp +Normally the verify process proceeds as follows. +.Pp +Initially some sanity checks are performed on +.Fa p7 . +The type of +.Fa p7 +must be signedData. +There must be at least one signature on the data and if the content +is detached, +.Fa indata +cannot be +.Dv NULL . +.Pp +An attempt is made to locate all the signer's certificates, first +looking in the +.Fa certs +parameter (if it is not +.Dv NULL ) +and then looking in any certificates contained in the +.Fa p7 +structure itself. +If any signer's certificates cannot be located the operation fails. +.Pp +Each signer's certificate is chain verified using the +.Sy smimesign +purpose and the supplied trusted certificate store. +Any internal certificates in the message are used as untrusted CAs. +If any chain verify fails an error code is returned. +.Pp +Finally, the signed content is read (and written to +.Fa out +if it is not +.Dv NULL ) +and the signature's checked. +.Pp +If all signature's verify correctly then the function is successful. +.Pp +Any of the following flags (OR'ed together) can be passed in the +.Fa flags +parameter to change the default verify behaviour. +Only the flag +.Dv PKCS7_NOINTERN +is meaningful to +.Fn PKCS7_get0_signers . +.Pp +If +.Dv PKCS7_NOINTERN +is set, the certificates in the message itself are not searched when +locating the signer's certificate. +This means that all the signer's certificates must be in the +.Fa certs +parameter. +.Pp +If the +.Dv PKCS7_TEXT +flag is set, MIME headers for type +.Sy text/plain +are deleted from the content. +If the content is not of type +.Sy text/plain , +then an error is returned. +.Pp +If +.Dv PKCS7_NOVERIFY +is set, the signer's certificates are not chain verified. +.Pp +If +.Dv PKCS7_NOCHAIN +is set, then the certificates contained in the message are not used as +untrusted CAs. +This means that the whole verify chain (apart from the signer's +certificate) must be contained in the trusted store. +.Pp +If +.Dv PKCS7_NOSIGS +is set, then the signatures on the data are not checked. +.Pp +One application of +.Dv PKCS7_NOINTERN +is to only accept messages signed by a small number of certificates. +The acceptable certificates would be passed in the +.Fa certs +parameter. +In this case, if the signer is not one of the certificates supplied in +.Fa certs , +then the verify will fail because the signer cannot be found. +.Pp +Care should be taken when modifying the default verify behaviour, for +example setting +.Dv PKCS7_NOVERIFY | PKCS7_NOSIGS +will totally disable all verification and any signed message will be +considered valid. +This combination is however useful if one merely wishes to write the +content to +.Fa out +and its validity is not considered important. +.Pp +Chain verification should arguably be performed using the signing time +rather than the current time. +However since the signing time is supplied by the signer, it cannot be +trusted without additional evidence (such as a trusted timestamp). +.Sh RETURN VALUES +.Fn PKCS7_verify +returns 1 for a successful verification and 0 or a negative value if +an error occurs. +.Pp +.Fn PKCS7_get0_signers +returns all signers or +.Dv NULL +if an error occurred. +.Pp +The error can be obtained from +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr ERR_get_error 3 , +.Xr PKCS7_new 3 , +.Xr PKCS7_sign 3 , +.Xr X509_STORE_new 3 +.Sh HISTORY +.Fn PKCS7_verify +and +.Fn PKCS7_get0_signers +first appeared in OpenSSL 0.9.5 and have been available since +.Ox 2.7 . +.Sh BUGS +The trusted certificate store is not searched for the signer's +certificate. +This is primarily due to the inadequacies of the current +.Vt X509_STORE +functionality. +.Pp +The lack of single pass processing and the need to hold all data +in memory as mentioned in +.Xr PKCS7_sign 3 +also applies to +.Fn PKCS7_verify . diff --git a/src/lib/libcrypto/man/PKCS8_PRIV_KEY_INFO_new.3 b/src/lib/libcrypto/man/PKCS8_PRIV_KEY_INFO_new.3 new file mode 100644 index 00000000000..030799271a9 --- /dev/null +++ b/src/lib/libcrypto/man/PKCS8_PRIV_KEY_INFO_new.3 @@ -0,0 +1,62 @@ +.\" $OpenBSD: PKCS8_PRIV_KEY_INFO_new.3,v 1.3 2018/03/21 17:57:48 schwarze Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 21 2018 $ +.Dt PKCS8_PRIV_KEY_INFO_NEW 3 +.Os +.Sh NAME +.Nm PKCS8_PRIV_KEY_INFO_new , +.Nm PKCS8_PRIV_KEY_INFO_free +.Nd PKCS#8 private key information +.Sh SYNOPSIS +.In openssl/x509.h +.Ft PKCS8_PRIV_KEY_INFO * +.Fn PKCS8_PRIV_KEY_INFO_new void +.Ft void +.Fn PKCS8_PRIV_KEY_INFO_free "PKCS8_PRIV_KEY_INFO *key" +.Sh DESCRIPTION +.Fn PKCS8_PRIV_KEY_INFO_new +allocates and initializes an empty +.Vt PKCS8_PRIV_KEY_INFO +object, representing an ASN.1 +.Vt PrivateKeyInfo +structure defined in RFC 5208 section 5. +It can hold a private key together with information about the +algorithm to be used with it and optional attributes. +.Pp +.Fn PKCS8_PRIV_KEY_INFO_free +frees +.Fa key . +.Sh RETURN VALUES +.Fn PKCS8_PRIV_KEY_INFO_new +returns the new +.Vt PKCS8_PRIV_KEY_INFO +object or +.Dv NULL +if an error occurs. +.Sh SEE ALSO +.Xr d2i_PKCS8PrivateKey_bio 3 , +.Xr PEM_read_PKCS8_PRIV_KEY_INFO 3 , +.Xr PKCS12_parse 3 , +.Xr X509_ATTRIBUTE_new 3 +.Sh STANDARDS +RFC 5208: PKCS#8: Private-Key Information Syntax Specification +.Sh HISTORY +.Fn PKCS8_PRIV_KEY_INFO_new +and +.Fn PKCS8_PRIV_KEY_INFO_free +first appeared in OpenSSL 0.9.3 and have been available since +.Ox 2.6 . diff --git a/src/lib/libcrypto/man/PKEY_USAGE_PERIOD_new.3 b/src/lib/libcrypto/man/PKEY_USAGE_PERIOD_new.3 new file mode 100644 index 00000000000..2c32bdae555 --- /dev/null +++ b/src/lib/libcrypto/man/PKEY_USAGE_PERIOD_new.3 @@ -0,0 +1,73 @@ +.\" $OpenBSD: PKEY_USAGE_PERIOD_new.3,v 1.4 2018/03/21 16:09:51 schwarze Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 21 2018 $ +.Dt PKEY_USAGE_PERIOD_NEW 3 +.Os +.Sh NAME +.Nm PKEY_USAGE_PERIOD_new , +.Nm PKEY_USAGE_PERIOD_free +.Nd X.509 certificate private key usage period extension +.Sh SYNOPSIS +.In openssl/x509v3.h +.Ft PKEY_USAGE_PERIOD * +.Fn PKEY_USAGE_PERIOD_new void +.Ft void +.Fn PKEY_USAGE_PERIOD_free "PKEY_USAGE_PERIOD *period" +.Sh DESCRIPTION +.Fn PKEY_USAGE_PERIOD_new +allocates and initializes an empty +.Vt PKEY_USAGE_PERIOD +object, representing an ASN.1 +.Vt PrivateKeyUsagePeriod +structure defined in RFC 3280 section 4.2.1.4. +It could be used in +.Vt X509 +certificates to specify a validity period for the private key +that differed from the validity period of the certificate. +.Pp +.Fn PKEY_USAGE_PERIOD_free +frees +.Fa period . +.Sh RETURN VALUES +.Fn PKEY_USAGE_PERIOD_new +returns the new +.Vt PKEY_USAGE_PERIOD +object or +.Dv NULL +if an error occurs. +.Sh SEE ALSO +.Xr EXTENDED_KEY_USAGE_new 3 , +.Xr X509_CINF_new 3 , +.Xr X509_EXTENSION_new 3 , +.Xr X509_new 3 +.Sh STANDARDS +RFC 3280: Internet X.509 Public Key Infrastructure Certificate and +Certificate Revocation List (CRL) Profile, +section 4.2.1.4: Private Key Usage Period +.Pp +RFC 3280 was obsoleted by RFC 5280, which says: "Section 4.2.1.4 +in RFC 3280, which specified the +.Vt PrivateKeyUsagePeriod +certificate extension but deprecated its use, was removed. +Use of this ISO standard extension is neither deprecated +nor recommended for use in the Internet PKI." +.Sh HISTORY +.Fn PKEY_USAGE_PERIOD_new +and +.Fn PKEY_USAGE_PERIOD_free +first appeared in OpenSSL 0.9.2b and have been available since +.Ox 2.6 . diff --git a/src/lib/libcrypto/man/POLICYINFO_new.3 b/src/lib/libcrypto/man/POLICYINFO_new.3 new file mode 100644 index 00000000000..7dab0a5621e --- /dev/null +++ b/src/lib/libcrypto/man/POLICYINFO_new.3 @@ -0,0 +1,216 @@ +.\" $OpenBSD: POLICYINFO_new.3,v 1.5 2018/03/23 00:09:11 schwarze Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt POLICYINFO_NEW 3 +.Os +.Sh NAME +.Nm POLICYINFO_new , +.Nm POLICYINFO_free , +.Nm CERTIFICATEPOLICIES_new , +.Nm CERTIFICATEPOLICIES_free , +.Nm POLICYQUALINFO_new , +.Nm POLICYQUALINFO_free , +.Nm USERNOTICE_new , +.Nm USERNOTICE_free , +.Nm NOTICEREF_new , +.Nm NOTICEREF_free , +.Nm POLICY_MAPPING_new , +.Nm POLICY_MAPPING_free , +.Nm POLICY_CONSTRAINTS_new , +.Nm POLICY_CONSTRAINTS_free +.Nd X.509 certificate policies +.Sh SYNOPSIS +.In openssl/x509v3.h +.Ft POLICYINFO * +.Fn POLICYINFO_new void +.Ft void +.Fn POLICYINFO_free "POLICYINFO *pi" +.Ft CERTIFICATEPOLICIES * +.Fn CERTIFICATEPOLICIES_new void +.Ft void +.Fn CERTIFICATEPOLICIES_free "CERTIFICATEPOLICIES *pis" +.Ft POLICYQUALINFO * +.Fn POLICYQUALINFO_new void +.Ft void +.Fn POLICYQUALINFO_free "POLICYQUALINFO *pqi" +.Ft USERNOTICE * +.Fn USERNOTICE_new void +.Ft void +.Fn USERNOTICE_free "USERNOTICE *usernotice" +.Ft NOTICEREF * +.Fn NOTICEREF_new void +.Ft void +.Fn NOTICEREF_free "NOTICEREF *noticeref" +.Ft POLICY_MAPPING * +.Fn POLICY_MAPPING_new void +.Ft void +.Fn POLICY_MAPPING_free "POLICY_MAPPING *pm" +.Ft POLICY_CONSTRAINTS * +.Fn POLICY_CONSTRAINTS_new void +.Ft void +.Fn POLICY_CONSTRAINTS_free "POLICY_CONSTRAINTS *pc" +.Sh DESCRIPTION +X.509 CA and end entity certificates can optionally indicate +restrictions on their intended use. +.Pp +.Fn POLICYINFO_new +allocates and initializes an empty +.Vt POLICYINFO +object, representing an ASN.1 +.Vt PolicyInformation +structure defined in RFC 5280 section 4.2.1.4. +It can hold a policy identifier and optional advisory qualifiers. +.Fn POLICYINFO_free +frees +.Fa pi . +.Pp +.Fn CERTIFICATEPOLICIES_new +allocates and initializes an empty +.Vt CERTIFICATEPOLICIES +object, which is a +.Vt STACK_OF(POLICYINFO) +and represents an ASN.1 +.Vt CertificatePolicies +structure defined in RFC 5280 section 4.2.1.4. +It can be used by +.Vt X509 +objects, both by CA certificates and end entity certificates. +.Fn CERTIFICATEPOLICIES_free +frees +.Fa pis . +.Pp +.Fn POLICYQUALINFO_new +allocates and initializes an empty +.Vt POLICYQUALINFO +object, representing an ASN.1 +.Vt PolicyQualifierInfo +structure defined in RFC 5280 section 4.2.1.4. +It can be used in +.Vt POLICYINFO +and it can hold either a uniform resource identifier of a certification +practice statement published by the CA, or a pointer to a +.Vt USERNOTICE +object, or arbitrary other information. +.Fn POLICYQUALINFO_free +frees +.Fa pqi . +.Pp +.Fn USERNOTICE_new +allocates and initializes an empty +.Vt USERNOTICE +object, representing an ASN.1 +.Vt UserNotice +structure defined in RFC 5280 section 4.2.1.4. +It can be used in +.Vt POLICYQUALINFO +and it can hold either an +.Vt ASN1_STRING +intended for display to the user or a pointer to a +.Vt NOTICEREF +object. +.Fn NOTICEREF_free +frees +.Fa usernotice . +.Pp +.Fn NOTICEREF_new +allocates and initializes an empty +.Vt NOTICEREF +object, representing an ASN.1 +.Vt NoticeReference +structure defined in RFC 5280 section 4.2.1.4. +It can be used in +.Vt USERNOTICE +and can hold an organization name and a stack of notice numbers. +.Fn NOTICEREF_free +frees +.Fa noticeref . +.Pp +.Fn POLICY_MAPPING_new +allocates and initializes an empty +.Vt POLICY_MAPPING +object, representing an ASN.1 +.Vt PolicyMappings +structure defined in RFC 5280 section 4.2.1.5. +It can be used in +.Vt X509 +CA certificates and can hold a list of pairs of policy identifiers, +declaring one of the policies in each pair as equivalent to the +other. +.Fn POLICY_MAPPING_free +frees +.Fa pm . +.Pp +.Fn POLICY_CONSTRAINTS_new +allocates and initializes an empty +.Vt POLICY_CONSTRAINTS +object, representing an ASN.1 +.Vt PolicyConstraints +structure defined in RFC 5280 section 4.2.1.11. +It can be used in +.Vt X509 +CA certificates to restrict policy mapping and/or to require explicit +certificate policies in subsequent intermediate certificates in the +certification path. +.Fn POLICY_CONSTRAINTS_free +frees +.Fa pc . +.Sh RETURN VALUES +The constructor functions return a new object of the respective +type or +.Dv NULL +if an error occurs. +.Sh SEE ALSO +.Xr BASIC_CONSTRAINTS_new 3 , +.Xr NAME_CONSTRAINTS_new 3 , +.Xr X509_EXTENSION_new 3 , +.Xr X509_new 3 +.Sh STANDARDS +RFC 5280: Internet X.509 Public Key Infrastructure Certificate and +Certificate Revocation List (CRL) Profile: +.Bl -dash -compact +.It +section 4.2.1.4: Certificate Policies +.It +section 4.2.1.5: Policy Mappings +.It +section 4.2.1.11: Policy Constraints +.El +.Sh HISTORY +.Fn POLICYINFO_new , +.Fn POLICYINFO_free , +.Fn CERTIFICATEPOLICIES_new , +.Fn CERTIFICATEPOLICIES_free , +.Fn POLICYQUALINFO_new , +.Fn POLICYQUALINFO_free , +.Fn USERNOTICE_new , +.Fn USERNOTICE_free , +.Fn NOTICEREF_new , +and +.Fn NOTICEREF_free +first appeared in OpenSSL 0.9.3 and have been available since +.Ox 2.6 . +.Pp +.Fn POLICY_MAPPING_new , +.Fn POLICY_MAPPING_free , +.Fn POLICY_CONSTRAINTS_new , +and +.Fn POLICY_CONSTRAINTS_free +first appeared in OpenSSL 0.9.8 and have been available since +.Ox 4.5 . +.Sh BUGS +This is a lot of nested data structures, but most of them are +designed to have almost no effect. diff --git a/src/lib/libcrypto/man/PROXY_POLICY_new.3 b/src/lib/libcrypto/man/PROXY_POLICY_new.3 new file mode 100644 index 00000000000..c35537164a2 --- /dev/null +++ b/src/lib/libcrypto/man/PROXY_POLICY_new.3 @@ -0,0 +1,95 @@ +.\" $OpenBSD: PROXY_POLICY_new.3,v 1.3 2018/03/22 22:07:12 schwarze Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 22 2018 $ +.Dt PROXY_POLICY_NEW 3 +.Os +.Sh NAME +.Nm PROXY_POLICY_new , +.Nm PROXY_POLICY_free , +.Nm PROXY_CERT_INFO_EXTENSION_new , +.Nm PROXY_CERT_INFO_EXTENSION_free +.Nd X.509 proxy certificate extension +.Sh SYNOPSIS +.In openssl/x509v3.h +.Ft PROXY_POLICY * +.Fn PROXY_POLICY_new void +.Ft void +.Fn PROXY_POLICY_free "PROXY_POLICY *pp" +.Ft PROXY_CERT_INFO_EXTENSION * +.Fn PROXY_CERT_INFO_EXTENSION_new void +.Ft void +.Fn PROXY_CERT_INFO_EXTENSION_free "PROXY_CERT_INFO_EXTENSION *pcie" +.Sh DESCRIPTION +If a given non-CA certificate grants any privileges, using that +certificate to issue a proxy certificate and handing that proxy +certificate over to another person, organization, or service allows +the bearer of the proxy certificate to exercise some or all of the +privileges on behalf of the subject of the original certificate. +.Pp +.Fn PROXY_POLICY_new +allocates and initializes an empty +.Vt PROXY_POLICY +object, representing an ASN.1 +.Vt ProxyPolicy +structure defined in RFC 3820 section 3.8. +It defines which privileges are to be delegated. +.Fn PROXY_POLICY_free +frees +.Fa pp . +.Pp +.Fn PROXY_CERT_INFO_EXTENSION_new +allocates and initializes an empty +.Vt PROXY_CERT_INFO_EXTENSION +object, representing an ASN.1 +.Vt ProxyCertInfo +structure defined in RFC 3820 section 3.8. +It can contain a +.Vt PROXY_POLICY +object, and it can additionally restrict the maximum depth of the +path of proxy certificates that can be signed by this proxy +certificate. +.Fn PROXY_CERT_INFO_EXTENSION_free +frees +.Fa pcie . +.Pp +If a non-CA certificate contains a +.Vt PROXY_CERT_INFO_EXTENSION , +it is a proxy certificate; otherwise, it is an end entity certificate. +.Sh RETURN VALUES +.Fn PROXY_POLICY_new +and +.Fn PROXY_CERT_INFO_EXTENSION_new +return the new +.Vt PROXY_POLICY +or +.Vt PROXY_CERT_INFO_EXTENSION +object, respectively, or +.Dv NULL +if an error occurs. +.Sh SEE ALSO +.Xr BASIC_CONSTRAINTS_new 3 , +.Xr EXTENDED_KEY_USAGE_new 3 , +.Xr POLICYINFO_new 3 , +.Xr X509_EXTENSION_new 3 , +.Xr X509_new 3 +.Sh STANDARDS +RFC 3820: Internet X.509 Public Key Infrastructure (PKI) Proxy +Certificate Profile +.Sh HISTORY +These functions first appeared in OpenSSL 0.9.7g +and have been available since +.Ox 3.8 . diff --git a/src/lib/libcrypto/man/RAND_add.3 b/src/lib/libcrypto/man/RAND_add.3 new file mode 100644 index 00000000000..5404f696a3e --- /dev/null +++ b/src/lib/libcrypto/man/RAND_add.3 @@ -0,0 +1,73 @@ +.\" $OpenBSD: RAND_add.3,v 1.10 2018/03/27 17:35:50 schwarze Exp $ +.\" content checked up to: OpenSSL c16de9d8 Aug 31 23:16:22 2017 +0200 +.\" +.\" Copyright (c) 2014 Miod Vallat +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt RAND_ADD 3 +.Os +.Sh NAME +.Nm RAND_add , +.Nm RAND_cleanup , +.Nm RAND_poll , +.Nm RAND_seed , +.Nm RAND_status +.Nd manipulate the PRNG state +.Sh SYNOPSIS +.In openssl/rand.h +.Ft void +.Fo RAND_add +.Fa "const void *buf" +.Fa "int num" +.Fa "double entropy" +.Fc +.Ft void +.Fn RAND_cleanup void +.Ft int +.Fn RAND_poll void +.Ft void +.Fo RAND_seed +.Fa "const void *buf" +.Fa "int num" +.Fc +.Ft int +.Fn RAND_status void +.Sh DESCRIPTION +These functions used to allow for the state of the random number +generator to be controlled by external sources. +.Pp +They are kept for ABI compatibility but are no longer functional, and +should not be used in new programs. +.Sh RETURN VALUES +.Fn RAND_poll +and +.Fn RAND_status +always return 1. +.Sh HISTORY +.Fn RAND_cleanup +and +.Fn RAND_seed +first appeared in SSLeay 0.5.1 and have been available since +.Ox 2.4 . +.Pp +.Fn RAND_add +and +.Fn RAND_status +first appeared in OpenSSL 0.9.5 and have been available since +.Ox 2.7 . +.Pp +.Fn RAND_poll +first appeared in OpenSSL 0.9.6 and has been available since +.Ox 2.9 . diff --git a/src/lib/libcrypto/man/RAND_bytes.3 b/src/lib/libcrypto/man/RAND_bytes.3 new file mode 100644 index 00000000000..19427a82df7 --- /dev/null +++ b/src/lib/libcrypto/man/RAND_bytes.3 @@ -0,0 +1,108 @@ +.\" $OpenBSD: RAND_bytes.3,v 1.6 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Ulf Moeller . +.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt RAND_BYTES 3 +.Os +.Sh NAME +.Nm RAND_bytes , +.Nm RAND_pseudo_bytes +.Nd generate random data +.Sh SYNOPSIS +.In openssl/rand.h +.Ft int +.Fo RAND_bytes +.Fa "unsigned char *buf" +.Fa "int num" +.Fc +.Ft int +.Fo RAND_pseudo_bytes +.Fa "unsigned char *buf" +.Fa "int num" +.Fc +.Sh DESCRIPTION +These functions are deprecated and only retained for compatibility +with legacy application programs. +Use +.Xr arc4random_buf 3 +instead. +.Pp +.Fn RAND_bytes +puts +.Fa num +cryptographically strong pseudo-random bytes into +.Fa buf . +.Pp +.Fn RAND_pseudo_bytes +puts +.Fa num +pseudo-random bytes into +.Fa buf . +Pseudo-random byte sequences generated by +.Fn RAND_pseudo_bytes +will be unique if they are of sufficient length, but are not necessarily +unpredictable. +They can be used for non-cryptographic purposes and for certain purposes +in cryptographic protocols, but usually not for key generation etc. +.Sh RETURN VALUES +.Fn RAND_bytes +returns 1. +.Fn RAND_pseudo_bytes +returns 1. +.Sh HISTORY +.Fn RAND_bytes +first appeared in SSLeay 0.5.1 and has been available since +.Ox 2.4 . +It has a return value since OpenSSL 0.9.5 and +.Ox 2.7 . +.Pp +.Fn RAND_pseudo_bytes +first appeared in OpenSSL 0.9.5 and has been available since +.Ox 2.7 . diff --git a/src/lib/libcrypto/man/RAND_load_file.3 b/src/lib/libcrypto/man/RAND_load_file.3 new file mode 100644 index 00000000000..9227e2721b8 --- /dev/null +++ b/src/lib/libcrypto/man/RAND_load_file.3 @@ -0,0 +1,119 @@ +.\" $OpenBSD: RAND_load_file.3,v 1.6 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Ulf Moeller . +.\" Copyright (c) 2000, 2001 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt RAND_LOAD_FILE 3 +.Os +.Sh NAME +.Nm RAND_file_name , +.Nm RAND_load_file , +.Nm RAND_write_file +.Nd PRNG seed file +.Sh SYNOPSIS +.In openssl/rand.h +.Ft const char * +.Fo RAND_file_name +.Fa "char *buf" +.Fa "size_t num" +.Fc +.Ft int +.Fo RAND_load_file +.Fa "const char *filename" +.Fa "long max_bytes" +.Fc +.Ft int +.Fo RAND_write_file +.Fa "const char *filename" +.Fc +.Sh DESCRIPTION +.Fn RAND_file_name +returns a default path for the random seed file. +.Fa buf +points to a buffer of size +.Fa num +in which to store the filename. +If +.Fa num +is too small for the path name, an error occurs. +.Pp +.Fn RAND_load_file +used to allow for the state of the random number generator to be +controlled by external sources. +It is kept for ABI compatibility but is no longer functional, and should +not be used in new programs. +.Pp +.Fn RAND_write_file +writes a number of random bytes (currently 1024) to file +.Fa filename . +.Sh RETURN VALUES +.Fn RAND_load_file +returns +.Fa max_bytes , +or a bogus positive value if +.Fa max_bytes +is -1. +.Pp +.Fn RAND_write_file +returns the number of bytes written, or a number less than or equal +to 1 if an error occurs. +.Pp +.Fn RAND_file_name +returns a pointer to +.Fa buf +on success or +.Dv NULL +on error. +.Sh HISTORY +.Fn RAND_load_file , +.Fn RAND_write_file , +and +.Fn RAND_file_name +first appeared in SSLeay 0.5.1 and have been available since +.Ox 2.4 . diff --git a/src/lib/libcrypto/man/RAND_set_rand_method.3 b/src/lib/libcrypto/man/RAND_set_rand_method.3 new file mode 100644 index 00000000000..d94d794dafa --- /dev/null +++ b/src/lib/libcrypto/man/RAND_set_rand_method.3 @@ -0,0 +1,55 @@ +.\" $OpenBSD: RAND_set_rand_method.3,v 1.4 2018/03/21 09:03:49 schwarze Exp $ +.\" +.\" Copyright (c) 2014 Miod Vallat +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 21 2018 $ +.Dt RAND_SET_RAND_METHOD 3 +.Os +.Sh NAME +.Nm RAND_set_rand_method , +.Nm RAND_get_rand_method , +.Nm RAND_SSLeay +.Nd select RAND method +.Sh SYNOPSIS +.In openssl/rand.h +.Ft int +.Fo RAND_set_rand_method +.Fa "const RAND_METHOD *meth" +.Fc +.Ft const RAND_METHOD * +.Fn RAND_get_rand_method void +.Ft RAND_METHOD * +.Fn RAND_SSLeay void +.Sh DESCRIPTION +These functions used to allow for the random number generator functions +to be replaced by arbitrary code. +.Pp +They are kept for ABI compatibility but are no longer functional, and +should not be used in new programs. +.Sh RETURN VALUES +.Fn RAND_set_rand_method +always returns 1. +.Fn RAND_get_rand_method +and +.Fn RAND_SSLeay +always return +.Dv NULL . +.Sh HISTORY +.Fn RAND_set_rand_method , +.Fn RAND_get_rand_method , +and +.Fn RAND_SSLeay +first appeared in SSLeay 0.9.1 and have been available since +.Ox 2.6 . diff --git a/src/lib/libcrypto/man/RC4.3 b/src/lib/libcrypto/man/RC4.3 new file mode 100644 index 00000000000..b8a5cc21206 --- /dev/null +++ b/src/lib/libcrypto/man/RC4.3 @@ -0,0 +1,130 @@ +.\" $OpenBSD: RC4.3,v 1.6 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" +.\" This file was written by Ulf Moeller . +.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt RC4 3 +.Os +.Sh NAME +.Nm RC4_set_key , +.Nm RC4 +.Nd RC4 encryption +.Sh SYNOPSIS +.In openssl/rc4.h +.Ft void +.Fo RC4_set_key +.Fa "RC4_KEY *key" +.Fa "int len" +.Fa "const unsigned char *data" +.Fc +.Ft void +.Fo RC4 +.Fa "RC4_KEY *key" +.Fa "unsigned long len" +.Fa "const unsigned char *indata" +.Fa "unsigned char *outdata" +.Fc +.Sh DESCRIPTION +This library implements the alleged RC4 cipher, which is described for +example in +.Qq Applied Cryptography . +It is believed to be compatible with RC4[TM], a proprietary cipher of +RSA Security Inc. +.Pp +RC4 is a stream cipher with variable key length. +Typically, 128-bit (16-byte) keys are used for strong encryption, but +shorter insecure key sizes have been widely used due to export +restrictions. +.Pp +RC4 consists of a key setup phase and the actual encryption or +decryption phase. +.Pp +.Fn RC4_set_key +sets up the +.Vt RC4_KEY +.Fa key +using the +.Fa len +bytes long key at +.Fa data . +.Pp +.Fn RC4 +encrypts or decrypts the +.Fa len +bytes of data at +.Fa indata +using +.Fa key +and places the result at +.Fa outdata . +Repeated +.Fn RC4 +calls with the same +.Fa key +yield a continuous key stream. +.Pp +Since RC4 is a stream cipher (the input is XOR'ed with a pseudo-random +key stream to produce the output), decryption uses the same function +calls as encryption. +.Sh RETURN VALUES +.Fn RC4_set_key +and +.Fn RC4 +do not return values. +.Sh SEE ALSO +.Xr blowfish 3 , +.Xr EVP_EncryptInit 3 +.Sh HISTORY +.Fn RC4_set_key +and +.Fn RC4 +appeared in SSLeay 0.4 or earlier and have been available since +.Ox 2.4 . +.Sh BUGS +This cipher is broken and should no longer be used. diff --git a/src/lib/libcrypto/man/RIPEMD160.3 b/src/lib/libcrypto/man/RIPEMD160.3 new file mode 100644 index 00000000000..46c84e59416 --- /dev/null +++ b/src/lib/libcrypto/man/RIPEMD160.3 @@ -0,0 +1,151 @@ +.\" $OpenBSD: RIPEMD160.3,v 1.6 2018/03/21 07:16:31 schwarze Exp $ +.\" full merge up to: OpenSSL bbda8ce9 Oct 31 15:43:01 2017 +0800 +.\" +.\" This file was written by Ulf Moeller . +.\" Copyright (c) 2000, 2006, 2014 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 21 2018 $ +.Dt RIPEMD160 3 +.Os +.Sh NAME +.Nm RIPEMD160 , +.Nm RIPEMD160_Init , +.Nm RIPEMD160_Update , +.Nm RIPEMD160_Final +.Nd RIPEMD-160 hash function +.Sh SYNOPSIS +.In openssl/ripemd.h +.Ft unsigned char * +.Fo RIPEMD160 +.Fa "const unsigned char *d" +.Fa "unsigned long n" +.Fa "unsigned char *md" +.Fc +.Ft int +.Fo RIPEMD160_Init +.Fa "RIPEMD160_CTX *c" +.Fc +.Ft int +.Fo RIPEMD160_Update +.Fa "RIPEMD_CTX *c" +.Fa "const void *data" +.Fa "unsigned long len" +.Fc +.Ft int +.Fo RIPEMD160_Final +.Fa "unsigned char *md" +.Fa "RIPEMD160_CTX *c" +.Fc +.Sh DESCRIPTION +RIPEMD-160 is a cryptographic hash function with a 160-bit output. +.Pp +.Fn RIPEMD160 +computes the RIPEMD-160 message digest of the +.Fa n +bytes at +.Fa d +and places it in +.Fa md , +which must have space for +.Dv RIPEMD160_DIGEST_LENGTH +== 20 bytes of output. +If +.Fa md +is +.Dv NULL , +the digest is placed in a static array. +.Pp +The following functions may be used if the message is not completely +stored in memory: +.Pp +.Fn RIPEMD160_Init +initializes a +.Vt RIPEMD160_CTX +structure. +.Pp +.Fn RIPEMD160_Update +can be called repeatedly with chunks of the message to be hashed +.Pq Fa len No bytes at Fa data . +.Pp +.Fn RIPEMD160_Final +places the message digest in +.Fa md , +which must have space for +.Dv RIPEMD160_DIGEST_LENGTH +== 20 bytes of output, +and erases the +.Vt RIPEMD160_CTX . +.Pp +Applications should use the higher level functions +.Xr EVP_DigestInit 3 +etc. instead of calling the hash functions directly. +.Sh RETURN VALUES +.Fn RIPEMD160 +returns a pointer to the hash value. +.Pp +.Fn RIPEMD160_Init , +.Fn RIPEMD160_Update , +and +.Fn RIPEMD160_Final +return 1 for success or 0 otherwise. +.Sh SEE ALSO +.Xr EVP_DigestInit 3 , +.Xr HMAC 3 +.Sh STANDARDS +.Bd -unfilled +ISO/IEC 10118-3:2004/Cor 1:2011 +Hash-functions \(em Part 3: Dedicated hash-functions +Clause 7: RIPEMD-160 +.Ed +.Sh HISTORY +.Fn RIPEMD160 , +.Fn RIPEMD160_Init , +.Fn RIPEMD160_Update , +and +.Fn RIPEMD160_Final +first appeared in SSLeay 0.9.0 and have been available since +.Ox 2.4 . diff --git a/src/lib/libcrypto/man/RSA_PSS_PARAMS_new.3 b/src/lib/libcrypto/man/RSA_PSS_PARAMS_new.3 new file mode 100644 index 00000000000..c0a88dd2a07 --- /dev/null +++ b/src/lib/libcrypto/man/RSA_PSS_PARAMS_new.3 @@ -0,0 +1,59 @@ +.\" $OpenBSD: RSA_PSS_PARAMS_new.3,v 1.3 2018/03/23 05:48:56 schwarze Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt RSA_PSS_PARAMS_NEW 3 +.Os +.Sh NAME +.Nm RSA_PSS_PARAMS_new , +.Nm RSA_PSS_PARAMS_free +.Nd probabilistic signature scheme with RSA hashing +.Sh SYNOPSIS +.In openssl/rsa.h +.Ft RSA_PSS_PARAMS * +.Fn RSA_PSS_PARAMS_new void +.Ft void +.Fn RSA_PSS_PARAMS_free "RSA_PSS_PARAMS *params" +.Sh DESCRIPTION +.Fn RSA_PSS_PARAMS_new +allocates and initializes an empty +.Vt RSA_PSS_PARAMS +object, representing an ASN.1 +.Vt RSASSA-PSS-params +structure defined in RFC 8017 appendix A.2.3. +It references the hash function and the mask generation function +and stores the length of the salt and the trailer field number. +.Fn RSA_PSS_PARAMS_free +frees +.Fa params . +.Sh RETURN VALUES +.Fn RSA_PSS_PARAMS_new +returns the new +.Vt RSA_PSS_PARAMS +object or +.Dv NULL +if an error occurs. +.Sh SEE ALSO +.Xr RSA_padding_add_PKCS1_type_1 3 , +.Xr X509_sign 3 +.Sh STANDARDS +RFC 8017: PKCS#1: RSA Cryptography Specifications Version 2.2 +.Sh HISTORY +.Fn RSA_PSS_PARAMS_new +and +.Fn RSA_PSS_PARAMS_free +first appeared in OpenSSL 1.0.1 and have been available since +.Ox 5.3 . diff --git a/src/lib/libcrypto/man/RSA_blinding_on.3 b/src/lib/libcrypto/man/RSA_blinding_on.3 new file mode 100644 index 00000000000..75b5cace061 --- /dev/null +++ b/src/lib/libcrypto/man/RSA_blinding_on.3 @@ -0,0 +1,97 @@ +.\" $OpenBSD: RSA_blinding_on.3,v 1.5 2018/03/21 07:25:59 schwarze Exp $ +.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" +.\" This file was written by Ulf Moeller . +.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 21 2018 $ +.Dt RSA_BLINDING_ON 3 +.Os +.Sh NAME +.Nm RSA_blinding_on , +.Nm RSA_blinding_off +.Nd protect the RSA operation from timing attacks +.Sh SYNOPSIS +.In openssl/rsa.h +.Ft int +.Fo RSA_blinding_on +.Fa "RSA *rsa" +.Fa "BN_CTX *ctx" +.Fc +.Ft void +.Fo RSA_blinding_off +.Fa "RSA *rsa" +.Fc +.Sh DESCRIPTION +RSA is vulnerable to timing attacks. +In a setup where attackers can measure the time of RSA decryption or +signature operations, blinding must be used to protect the RSA operation +from that attack. +.Pp +.Fn RSA_blinding_on +turns blinding on for key +.Fa rsa +and generates a random blinding factor. +.Fa ctx +is +.Dv NULL +or a pre-allocated and initialized +.Vt BN_CTX . +.Pp +.Fn RSA_blinding_off +turns blinding off and frees the memory used for the blinding factor. +.Sh RETURN VALUES +.Fn RSA_blinding_on +returns 1 on success, and 0 if an error occurred. +.Sh SEE ALSO +.Xr RSA_new 3 +.Sh HISTORY +.Fn RSA_blinding_on +and +.Fn RSA_blinding_off +first appeared in SSLeay 0.9.0 and have been available since +.Ox 2.4 . diff --git a/src/lib/libcrypto/man/RSA_check_key.3 b/src/lib/libcrypto/man/RSA_check_key.3 new file mode 100644 index 00000000000..8426b6f3cc8 --- /dev/null +++ b/src/lib/libcrypto/man/RSA_check_key.3 @@ -0,0 +1,150 @@ +.\" $OpenBSD: RSA_check_key.3,v 1.6 2018/03/21 21:18:08 schwarze Exp $ +.\" OpenSSL 6859cf74 Sep 25 13:33:28 2002 +0000 +.\" +.\" This file was written by Ulf Moeller and +.\" Geoff Thorpe . +.\" Copyright (c) 2000, 2002 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 21 2018 $ +.Dt RSA_CHECK_KEY 3 +.Os +.Sh NAME +.Nm RSA_check_key +.Nd validate private RSA keys +.Sh SYNOPSIS +.In openssl/rsa.h +.Ft int +.Fo RSA_check_key +.Fa "RSA *rsa" +.Fc +.Sh DESCRIPTION +This function validates RSA keys. +It checks that +.Fa rsa->p +and +.Fa rsa->q +are in fact prime, and that +.Fa rsa->n +satifies n = p*q. +.Pp +It also checks that +.Fa rsa->d +and +.Fa rsa->e +satisfy d*e = 1 mod ((p-1)*(q-1)), +and that +.Fa rsa->dmp1 , +.Fa rsa->dmq1 , +and +.Fa resa->iqmp +are set correctly or are +.Dv NULL . +.Pp +This function does not work on RSA public keys that have only the +modulus and public exponent elements populated. +It performs integrity checks on all the RSA key material, so the +.Vt RSA +key structure must contain all the private key data too. +Therefore, it cannot be used with any arbitrary +.Vt RSA +key object, even if it is otherwise fit for regular RSA operation. +.Pp +Unlike most other RSA functions, this function does +.Sy not +work transparently with any underlying +.Vt ENGINE +implementation because it uses the key data in the +.Vt RSA +structure directly. +An +.Vt ENGINE +implementation can override the way key data is stored and handled, +and can even provide support for HSM keys - in which case the +.Vt RSA +structure may contain +.Sy no +key data at all! +If the +.Vt ENGINE +in question is only being used for acceleration or analysis purposes, +then in all likelihood the RSA key data is complete and untouched, +but this can't be assumed in the general case. +.Sh RETURN VALUES +.Fn RSA_check_key +returns 1 if +.Fa rsa +is a valid RSA key, and 0 otherwise. +-1 is returned if an error occurs while checking the key. +.Pp +If the key is invalid or an error occurred, the reason code can be +obtained using +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr BN_is_prime_ex 3 , +.Xr ERR_get_error 3 , +.Xr RSA_get0_key 3 , +.Xr RSA_new 3 +.Sh HISTORY +.Fn RSA_check_key +first appeared in OpenSSL 0.9.4 and has been available since +.Ox 2.6 . +.Sh BUGS +A method of verifying the RSA key using opaque RSA API functions might +need to be considered. +Right now +.Fn RSA_check_key +simply uses the +.Vt RSA +structure elements directly, bypassing the +.Vt RSA_METHOD +table altogether (and completely violating encapsulation and +object-orientation in the process). +The best fix will probably be to introduce a check_key() handler +to the +.Vt RSA_METHOD +function table so that alternative implementations can also provide +their own verifiers. diff --git a/src/lib/libcrypto/man/RSA_generate_key.3 b/src/lib/libcrypto/man/RSA_generate_key.3 new file mode 100644 index 00000000000..3ac3885f13d --- /dev/null +++ b/src/lib/libcrypto/man/RSA_generate_key.3 @@ -0,0 +1,164 @@ +.\" $OpenBSD: RSA_generate_key.3,v 1.11 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL RSA_generate_key.pod bb6c5e7f Feb 5 10:29:22 2017 -0500 +.\" +.\" This file was written by Ulf Moeller . +.\" Copyright (c) 2000, 2002, 2013 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt RSA_GENERATE_KEY 3 +.Os +.Sh NAME +.Nm RSA_generate_key_ex , +.Nm RSA_generate_key +.Nd generate RSA key pair +.Sh SYNOPSIS +.In openssl/rsa.h +.Ft int +.Fo RSA_generate_key_ex +.Fa "RSA *rsa" +.Fa "int bits" +.Fa "BIGNUM *e" +.Fa "BN_GENCB *cb" +.Fc +.Pp +Deprecated: +.Pp +.Ft RSA * +.Fo RSA_generate_key +.Fa "int num" +.Fa "unsigned long e" +.Fa "void (*callback)(int, int, void *)" +.Fa "void *cb_arg" +.Fc +.Sh DESCRIPTION +.Fn RSA_generate_key_ex +generates a key pair and stores it in +.Fa rsa . +.Pp +The modulus size will be of length +.Fa bits , +and the public exponent will be +.Fa e . +Key sizes with +.Fa num +< 1024 should be considered insecure. +The exponent is an odd number, typically 3, 17 or 65537. +.Pp +A callback function may be used to provide feedback about the progress +of the key generation. +If +.Fa cb +is not +.Dv NULL , +it will be called as follows using the +.Xr BN_GENCB_call 3 +function: +.Bl -bullet +.It +While a random prime number is generated, it is called as described in +.Xr BN_generate_prime 3 . +.It +When the +.Fa n Ns -th +randomly generated prime is rejected as not suitable for +the key, +.Fn BN_GENCB_call cb 2 n +is called. +.It +When a random p has been found with p-1 relatively prime to +.Fa e , +it is called as +.Fn BN_GENCB_call cb 3 0 . +.El +.Pp +The process is then repeated for prime q with +.Fn BN_GENCB_call cb 3 1 . +.Pp +.Fn RSA_generate_key +is deprecated. +New applications should use +.Fn RSA_generate_key_ex +instead. +.Fn RSA_generate_key +works in the same way as +.Fn RSA_generate_key_ex +except it uses "old style" call backs. +See +.Xr BN_generate_prime 3 +for further details. +.Sh RETURN VALUES +.Fn RSA_generate_key_ex +returns 1 on success or 0 on error. +.Fn RSA_generate_key +returns the key on success or +.Dv NULL +on error. +.Pp +The error codes can be obtained by +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr BN_generate_prime 3 , +.Xr ERR_get_error 3 , +.Xr RSA_get0_key 3 , +.Xr RSA_new 3 +.Sh HISTORY +.Fn RSA_generate_key +appeared in SSLeay 0.4 or earlier and had its +.Fa cb_arg +argument added in SSLeay 0.9.0. +It has been available since +.Ox 2.4 . +.Pp +.Fn RSA_generate_key_ex +first appeared in OpenSSL 0.9.8 and has been available since +.Ox 4.5 . +.Sh BUGS +.Fn BN_GENCB_call cb 2 x +is used with two different meanings. +.Pp +.Fn RSA_generate_key +goes into an infinite loop for illegal input values. diff --git a/src/lib/libcrypto/man/RSA_get0_key.3 b/src/lib/libcrypto/man/RSA_get0_key.3 new file mode 100644 index 00000000000..3e6f75a906a --- /dev/null +++ b/src/lib/libcrypto/man/RSA_get0_key.3 @@ -0,0 +1,290 @@ +.\" $OpenBSD: RSA_get0_key.3,v 1.4 2018/03/23 23:18:17 schwarze Exp $ +.\" selective merge up to: OpenSSL 665d899f Aug 2 02:19:43 2017 +0800 +.\" +.\" This file was written by Richard Levitte +.\" Copyright (c) 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt RSA_GET0_KEY 3 +.Os +.Sh NAME +.Nm RSA_get0_key , +.Nm RSA_set0_key , +.Nm RSA_get0_factors , +.Nm RSA_set0_factors , +.Nm RSA_get0_crt_params , +.Nm RSA_set0_crt_params , +.Nm RSA_clear_flags , +.Nm RSA_test_flags , +.Nm RSA_set_flags +.Nd get and set data in an RSA object +.Sh SYNOPSIS +.In openssl/rsa.h +.Ft void +.Fo RSA_get0_key +.Fa "const RSA *r" +.Fa "const BIGNUM **n" +.Fa "const BIGNUM **e" +.Fa "const BIGNUM **d" +.Fc +.Ft int +.Fo RSA_set0_key +.Fa "RSA *r" +.Fa "BIGNUM *n" +.Fa "BIGNUM *e" +.Fa "BIGNUM *d" +.Fc +.Ft void +.Fo RSA_get0_factors +.Fa "const RSA *r" +.Fa "const BIGNUM **p" +.Fa "const BIGNUM **q" +.Fc +.Ft int +.Fo RSA_set0_factors +.Fa "RSA *r" +.Fa "BIGNUM *p" +.Fa "BIGNUM *q" +.Fc +.Ft void +.Fo RSA_get0_crt_params +.Fa "const RSA *r" +.Fa "const BIGNUM **dmp1" +.Fa "const BIGNUM **dmq1" +.Fa "const BIGNUM **iqmp" +.Fc +.Ft int +.Fo RSA_set0_crt_params +.Fa "RSA *r" +.Fa "BIGNUM *dmp1" +.Fa "BIGNUM *dmq1" +.Fa "BIGNUM *iqmp" +.Fc +.Ft void +.Fo RSA_clear_flags +.Fa "RSA *r" +.Fa "int flags" +.Fc +.Ft int +.Fo RSA_test_flags +.Fa "const RSA *r" +.Fa "int flags" +.Fc +.Ft void +.Fo RSA_set_flags +.Fa "RSA *r" +.Fa "int flags" +.Fc +.Sh DESCRIPTION +An +.Vt RSA +object contains the components for the public and private key. +.Fa n +is the modulus common to both public and private key, +.Fa e +is the public exponent and +.Fa d +is the private exponent. +.Fa p , +.Fa q , +.Fa dmp1 , +.Fa dmq1 , +and +.Fa iqmp +are the factors for the second representation of a private key +(see PKCS#1 section 3 Key Types), where +.Fa p +and +.Fa q +are the first and second factor of +.Fa n . +.Fa dmp1 , +.Fa dmq1 , +and +.Fa iqmp +are the exponents and coefficient for CRT calculations. +.Pp +The +.Fa n , +.Fa e , +and +.Fa d +parameters can be obtained by calling +.Fn RSA_get0_key . +If they have not been set yet, then +.Pf * Fa n , +.Pf * Fa e , +and +.Pf * Fa d +are set to +.Dv NULL . +Otherwise, they are set to pointers to the internal representations +of the values that should not be freed by the caller. +.Pp +The +.Fa n , +.Fa e , +and +.Fa d +parameter values can be set by calling +.Fn RSA_set0_key . +The values +.Fa n +and +.Fa e +must be +.Pf non- Dv NULL +the first time this function is called on a given +.Vt RSA +object. +The value +.Fa d +may be +.Dv NULL . +On subsequent calls, any of these values may be +.Dv NULL , +which means that the corresponding field is left untouched. +Calling this function transfers the memory management of the values to +the RSA object. +Therefore, the values that have been passed in +should not be freed by the caller. +.Pp +In a similar fashion, the +.Fa p +and +.Fa q +parameters can be obtained and set with +.Fn RSA_get0_factors +and +.Fn RSA_set0_factors , +and the +.Fa dmp1 , +.Fa dmq1 , +and +.Fa iqmp +parameters can be obtained and set with +.Fn RSA_get0_crt_params +and +.Fn RSA_set0_crt_params . +.Pp +For +.Fn RSA_get0_key , +.Fn RSA_get0_factors , +and +.Fn RSA_get0_crt_params , +.Dv NULL +value +.Vt BIGNUM ** +output arguments are permitted. +The functions +ignore +.Dv NULL +arguments but return values for other, +.Pf non- Dv NULL , +arguments. +.Pp +Values retrieved with +.Fn RSA_get0_key , +.Fn RSA_get0_factors , +and +.Fn RSA_get0_crt_params +are owned by the +.Vt RSA +object used in the call and may therefore +.Em not +be passed to +.Fn RSA_set0_key , +.Fn RSA_set0_factors , +or +.Fn RSA_set0_crt_params . +If needed, duplicate the received value using +.Xr BN_dup 3 +and pass the duplicate. +.Pp +.Fn RSA_clear_flags +clears the specified +.Fa flags +in +.Fa r . +.Fn RSA_test_flags +tests the +.Fa flags +in +.Fa r . +.Fn RSA_set_flags +sets the +.Fa flags +in +.Fa r ; +any flags already set remain set. +For all three functions, multiple flags can be passed in one call, +OR'ed together bitwise. +.Sh RETURN VALUES +.Fn RSA_set0_key , +.Fn RSA_set0_factors , +and +.Fn RSA_set0_crt_params +return 1 on success or 0 on failure. +.Pp +.Fn RSA_test_flags +returns those of the given +.Fa flags +currently set in +.Fa r +or 0 if none of the given +.Fa flags +are set. +.Sh SEE ALSO +.Xr RSA_check_key 3 , +.Xr RSA_generate_key 3 , +.Xr RSA_new 3 , +.Xr RSA_print 3 , +.Xr RSA_size 3 +.Sh HISTORY +These functions first appeared in OpenSSL 1.1.0 +and have been available since +.Ox 6.3 . diff --git a/src/lib/libcrypto/man/RSA_get_ex_new_index.3 b/src/lib/libcrypto/man/RSA_get_ex_new_index.3 new file mode 100644 index 00000000000..cf3d3f6fd7a --- /dev/null +++ b/src/lib/libcrypto/man/RSA_get_ex_new_index.3 @@ -0,0 +1,289 @@ +.\" $OpenBSD: RSA_get_ex_new_index.3,v 1.10 2018/03/23 23:18:17 schwarze Exp $ +.\" OpenSSL 35cb565a Nov 19 15:49:30 2015 -0500 +.\" +.\" This file was written by Ulf Moeller and +.\" Dr. Stephen Henson . +.\" Copyright (c) 2000, 2006 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt RSA_GET_EX_NEW_INDEX 3 +.Os +.Sh NAME +.Nm RSA_get_ex_new_index , +.Nm RSA_set_ex_data , +.Nm RSA_get_ex_data , +.Nm CRYPTO_EX_new , +.Nm CRYPTO_EX_dup , +.Nm CRYPTO_EX_free +.Nd add application specific data to RSA structures +.Sh SYNOPSIS +.In openssl/rsa.h +.Ft int +.Fo RSA_get_ex_new_index +.Fa "long argl" +.Fa "void *argp" +.Fa "CRYPTO_EX_new *new_func" +.Fa "CRYPTO_EX_dup *dup_func" +.Fa "CRYPTO_EX_free *free_func" +.Fc +.Ft int +.Fo RSA_set_ex_data +.Fa "RSA *r" +.Fa "int idx" +.Fa "void *arg" +.Fc +.Ft void * +.Fo RSA_get_ex_data +.Fa "RSA *r" +.Fa "int idx" +.Fc +.In openssl/crypto.h +.Ft typedef int +.Fo CRYPTO_EX_new +.Fa "void *parent" +.Fa "void *ptr" +.Fa "CRYPTO_EX_DATA *ad" +.Fa "int idx" +.Fa "long argl" +.Fa "void *argp" +.Fc +.Ft typedef void +.Fo CRYPTO_EX_free +.Fa "void *parent" +.Fa "void *ptr" +.Fa "CRYPTO_EX_DATA *ad" +.Fa "int idx" +.Fa "long argl" +.Fa "void *argp" +.Fc +.Ft typedef int +.Fo CRYPTO_EX_dup +.Fa "CRYPTO_EX_DATA *to" +.Fa "CRYPTO_EX_DATA *from" +.Fa "void *from_d" +.Fa "int idx" +.Fa "long argl" +.Fa "void *argp" +.Fc +.Sh DESCRIPTION +Several OpenSSL structures can have application specific data attached +to them. +This has several potential uses: it can be used to cache data associated +with a structure (for example the hash of some part of the structure) or +some additional data (for example a handle to the data in an external +library). +.Pp +Since the application data can be anything at all it is passed and +retrieved as a +.Vt void * +type. +.Pp +The +.Fn RSA_get_ex_new_index +function is initially called to "register" some new application specific +data. +It takes three optional function pointers which are called when the +parent structure (in this case an RSA structure) is initially created, +when it is copied and when it is freed up. +If any or all of these function pointer arguments are not used, they +should be set to +.Dv NULL . +The precise manner in which these function pointers are called is +described in more detail below. +.Fn RSA_get_ex_new_index +also takes additional long and pointer parameters which will be passed +to the supplied functions but which otherwise have no special meaning. +It returns an index which should be stored (typically in a static +variable) and passed as the +.Fa idx +parameter in the remaining functions. +Each successful call to +.Fn RSA_get_ex_new_index +will return an index greater than any previously returned. +This is +important because the optional functions are called in order of +increasing index value. +.Pp +.Fn RSA_set_ex_data +is used to set application specific data. +The data is supplied in the +.Fa arg +parameter and its precise meaning is up to the application. +.Pp +.Fn RSA_get_ex_data +is used to retrieve application specific data. +The data is returned to the application, which will be the same value as +supplied to a previous +.Fn RSA_set_ex_data +call. +.Pp +.Fa new_func +is called when a structure is initially allocated (for example with +.Xr RSA_new 3 . +The parent structure members will not have any meaningful values at this +point. +This function will typically be used to allocate any application +specific structure. +.Pp +.Fa free_func +is called when a structure is being freed up. +The dynamic parent structure members should not be accessed because they +will be freed up when this function is called. +.Pp +.Fa new_func +and +.Fa free_func +take the same parameters. +.Fa parent +is a pointer to the parent +.Vt RSA +structure. +.Fa ptr +is the application specific data (this won't be of much use in +.Fa new_func ) . +.Fa ad +is a pointer to the +.Vt CRYPTO_EX_DATA +structure from the parent +.Vt RSA +structure: the functions +.Fn CRYPTO_get_ex_data +and +.Fn CRYPTO_set_ex_data +can be called to manipulate it. +The +.Fa idx +parameter is the index: this will be the same value returned by +.Fn RSA_get_ex_new_index +when the functions were initially registered. +Finally the +.Fa argl +and +.Fa argp +parameters are the values originally passed to the same corresponding +parameters when +.Fn RSA_get_ex_new_index +was called. +.Pp +.Fa dup_func +is called when a structure is being copied. +Pointers to the destination and source +.Vt CRYPTO_EX_DATA +structures are passed in the +.Fa to +and +.Fa from +parameters, respectively. +The +.Fa from_d +parameter is passed a pointer to the source application data when the +function is called. +When the function returns, the value is copied to the destination: +the application can thus modify the data pointed to by +.Fa from_d +and have different values in the source and destination. +The +.Fa idx , +.Fa argl , +and +.Fa argp +parameters are the same as those in +.Fa new_func +and +.Fa free_func . +.Sh RETURN VALUES +.Fn RSA_get_ex_new_index +returns a new index or -1 on failure. +Note that 0 is a valid index value. +.Pp +.Fn RSA_set_ex_data +returns 1 on success or 0 on failure. +.Pp +.Fn RSA_get_ex_data +returns the application data or +.Dv NULL +on failure. +.Dv NULL +may also be valid application data, but currently it can only fail if +given an invalid +.Fa idx +parameter. +.Pp +.Fa new_func +and +.Fa dup_func +should return 0 for failure and 1 for success. +.Pp +On failure an error code can be obtained from +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr BIO_set_ex_data 3 , +.Xr CRYPTO_set_ex_data 3 , +.Xr DH_set_ex_data 3 , +.Xr DSA_set_ex_data 3 , +.Xr RSA_new 3 , +.Xr SSL_CTX_set_ex_data 3 , +.Xr SSL_SESSION_set_ex_data 3 , +.Xr SSL_set_ex_data 3 , +.Xr X509_STORE_CTX_set_ex_data 3 , +.Xr X509_STORE_set_ex_data 3 +.Sh HISTORY +These functions first appeared in SSLeay 0.9.0 +and have been available since +.Ox 2.4 . +.Sh BUGS +.Fa dup_func +is currently never called. +.Pp +The return value of +.Fa new_func +is ignored. +.Pp +The +.Fa new_func +function isn't very useful because no meaningful values are present in +the parent RSA structure when it is called. diff --git a/src/lib/libcrypto/man/RSA_meth_new.3 b/src/lib/libcrypto/man/RSA_meth_new.3 new file mode 100644 index 00000000000..137e0cad87f --- /dev/null +++ b/src/lib/libcrypto/man/RSA_meth_new.3 @@ -0,0 +1,217 @@ +.\" $OpenBSD: RSA_meth_new.3,v 1.3 2018/09/12 15:09:22 jmc Exp $ +.\" selective merge up to: OpenSSL a970b14f Jul 31 18:58:40 2017 -0400 +.\" +.\" This file is a derived work. +.\" The changes are covered by the following Copyright and license: +.\" +.\" Copyright (c) 2018 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" The original file was written by Richard Levitte . +.\" Copyright (c) 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: September 12 2018 $ +.Dt RSA_METH_NEW 3 +.Os +.Sh NAME +.Nm RSA_meth_new , +.Nm RSA_meth_dup , +.Nm RSA_meth_free , +.Nm RSA_meth_get_finish , +.Nm RSA_meth_set1_name , +.Nm RSA_meth_set_finish , +.Nm RSA_meth_set_priv_enc , +.Nm RSA_meth_set_priv_dec +.Nd build up RSA methods +.Sh SYNOPSIS +.In openssl/rsa.h +.Ft RSA_METHOD * +.Fo RSA_meth_new +.Fa "const char *name" +.Fa "int flags" +.Fc +.Ft RSA_METHOD * +.Fo RSA_meth_dup +.Fa "const RSA_METHOD *meth" +.Fc +.Ft void +.Fo RSA_meth_free +.Fa "RSA_METHOD *meth" +.Fc +.Ft int +.Fo RSA_meth_set1_name +.Fa "RSA_METHOD *meth" +.Fa "const char *name" +.Fc +.Ft int +.Fn "(*RSA_meth_get_finish(const RSA_METHOD *meth))" "RSA *rsa" +.Ft int +.Fo RSA_meth_set_finish +.Fa "RSA_METHOD *meth" +.Fa "int (*finish)(RSA *rsa)" +.Fc +.Ft int +.Fo RSA_meth_set_priv_enc +.Fa "RSA_METHOD *meth" +.Fa "int (*priv_enc)(int flen, const unsigned char *from,\ + unsigned char *to, RSA *rsa, int padding)" +.Fc +.Ft int +.Fo RSA_meth_set_priv_dec +.Fa "RSA_METHOD *meth" +.Fa "int (*priv_dec)(int flen, const unsigned char *from,\ + unsigned char *to, RSA *rsa, int padding)" +.Fc +.Sh DESCRIPTION +The +.Vt RSA_METHOD +structure holds function pointers for custom RSA implementations. +.Pp +.Fn RSA_meth_new +creates a new +.Vt RSA_METHOD +structure. +A copy of the NUL-terminated +.Fa name +is stored in the new +.Vt RSA_METHOD +object. +Any new +.Vt RSA +object constructed from this +.Vt RSA_METHOD +will have the given +.Fa flags +set by default. +.Pp +.Fn RSA_meth_dup +creates a deep copy of +.Fa meth . +This might be useful for creating a new +.Vt RSA_METHOD +based on an existing one, but with some differences. +.Pp +.Fn RSA_meth_free +destroys +.Fa meth +and frees any memory associated with it. +.Pp +.Fn RSA_meth_set1_name +Stores a copy of the NUL-terminated +.Fa name +in the +.Vt RSA_METHOD +object after freeing the previously stored +.Fa name . +.Pp +.Fn RSA_meth_get_finish +and +.Fn RSA_meth_set_finish +get and set an optional function for destroying an +.Vt RSA +object. +Unless +.Fa finish +is +.Dv NULL , +it will be called from +.Xr RSA_free 3 . +It takes the same argument +and is intended to do RSA implementation specific cleanup. +The memory used by the +.Vt RSA +object itself should not be freed by the +.Fa finish +function. +.Pp +.Fn RSA_meth_set_priv_enc +and +.Fn RSA_meth_set_priv_dec +set the functions used for private key encryption and decryption. +These functions will be called from +.Xr RSA_private_decrypt 3 +and +.Xr RSA_private_encrypt 3 +and take the same parameters as those. +.Sh RETURN VALUES +.Fn RSA_meth_new +and +.Fn RSA_meth_dup +return the newly allocated +.Vt RSA_METHOD +object or +.Dv NULL +on failure. +.Pp +All +.Fn RSA_meth_set* +functions return 1 on success or 0 on failure. +.Sh SEE ALSO +.Xr RSA_new 3 , +.Xr RSA_private_decrypt 3 , +.Xr RSA_private_encrypt 3 , +.Xr RSA_set_method 3 +.Sh HISTORY +These functions first appeared in OpenSSL 1.1.0. +.Fn RSA_meth_get_finish +and +.Fn RSA_meth_set1_name +have been available since +.Ox 6.4 , +all the other functions since +.Ox 6.3 . diff --git a/src/lib/libcrypto/man/RSA_new.3 b/src/lib/libcrypto/man/RSA_new.3 new file mode 100644 index 00000000000..0b6bcf97407 --- /dev/null +++ b/src/lib/libcrypto/man/RSA_new.3 @@ -0,0 +1,201 @@ +.\" $OpenBSD: RSA_new.3,v 1.10 2018/04/18 01:11:45 schwarze Exp $ +.\" OpenSSL doc/man3/RSA_new.pod 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" OpenSSL doc/crypto/rsa.pod 35d2e327 Jun 3 16:19:49 2016 -0400 +.\" +.\" This file was written by Ulf Moeller . +.\" Copyright (c) 2000, 2002, 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: April 18 2018 $ +.Dt RSA_NEW 3 +.Os +.Sh NAME +.Nm RSA_new , +.Nm RSA_up_ref , +.Nm RSA_free +.Nd allocate and free RSA objects +.Sh SYNOPSIS +.In openssl/rsa.h +.Ft RSA * +.Fn RSA_new void +.Ft int +.Fo RSA_up_ref +.Fa "RSA *rsa" +.Fc +.Ft void +.Fo RSA_free +.Fa "RSA *rsa" +.Fc +.Sh DESCRIPTION +The RSA functions implement RSA public key encryption and signatures +as defined in PKCS #1 v2.0 (RFC 2437). +.Pp +.Fn RSA_new +allocates and initializes an +.Vt RSA +structure, setting the reference count to 1. +It is equivalent to calling +.Xr RSA_new_method 3 +with a +.Dv NULL +argument. +.Pp +.Fn RSA_up_ref +increments the reference count by 1. +.Pp +.Fn RSA_free +decrements the reference count by 1. +If it reaches 0, it frees the +.Vt RSA +structure and its components. +The key is erased before the memory is returned to the system. +If +.Fa rsa +is a +.Dv NULL +pointer, no action occurs. +.Pp +The +.Vt RSA +structure consists of several +.Vt BIGNUM +components. +It can contain public as well as private RSA keys: +.Bd -literal +typedef struct { + BIGNUM *n; // public modulus + BIGNUM *e; // public exponent + BIGNUM *d; // private exponent + BIGNUM *p; // secret prime factor + BIGNUM *q; // secret prime factor + BIGNUM *dmp1; // d mod (p-1) + BIGNUM *dmq1; // d mod (q-1) + BIGNUM *iqmp; // q^-1 mod p + // ... +} RSA; +.Ed +.Pp +In public keys, the private exponent +.Fa d +and the related secret values +.Fa p , q , dmp1 , dmp2 , +and +.Fa iqmp +are +.Dv NULL . +.Pp +.Fa p , +.Fa q , +.Fa dmp1 , +.Fa dmq1 , +and +.Fa iqmp +may be +.Dv NULL +in private keys, but the RSA operations are much faster when these +values are available. +.Pp +Note that RSA keys may use non-standard +.Vt RSA_METHOD +implementations, either directly or by the use of +.Vt ENGINE +modules. +In some cases (e.g. an +.Vt ENGINE +providing support for hardware-embedded keys), these +.Vt BIGNUM +values will not be used by the implementation or may be used for +alternative data storage. +For this reason, applications should generally avoid using +.Vt RSA +structure elements directly and instead use API functions to query +or modify keys. +.Sh RETURN VALUES +If the allocation fails, +.Fn RSA_new +returns +.Dv NULL +and sets an error code that can be obtained by +.Xr ERR_get_error 3 . +Otherwise it returns a pointer to the newly allocated structure. +.Pp +.Fn RSA_up_ref +returns 1 for success or 0 for failure. +.Sh SEE ALSO +.Xr BN_new 3 , +.Xr d2i_RSAPublicKey 3 , +.Xr DH_new 3 , +.Xr DSA_new 3 , +.Xr ERR_get_error 3 , +.Xr EVP_PKEY_set1_RSA 3 , +.Xr RSA_blinding_on 3 , +.Xr RSA_check_key 3 , +.Xr RSA_generate_key 3 , +.Xr RSA_get0_key 3 , +.Xr RSA_get_ex_new_index 3 , +.Xr RSA_meth_new 3 , +.Xr RSA_padding_add_PKCS1_type_1 3 , +.Xr RSA_print 3 , +.Xr RSA_private_encrypt 3 , +.Xr RSA_public_encrypt 3 , +.Xr RSA_set_method 3 , +.Xr RSA_sign 3 , +.Xr RSA_sign_ASN1_OCTET_STRING 3 , +.Xr RSA_size 3 +.Sh STANDARDS +SSL, PKCS #1 v2.0 +.Pp +RSA was covered by a US patent which expired in September 2000. +.Sh HISTORY +.Fn RSA_new +and +.Fn RSA_free +appeared in SSLeay 0.4 or earlier and have been available since +.Ox 2.4 . +.Pp +.Fn RSA_up_ref +first appeared in OpenSSL 0.9.7 and has been available since +.Ox 3.2 . diff --git a/src/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 b/src/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 new file mode 100644 index 00000000000..e7c3a2a6246 --- /dev/null +++ b/src/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 @@ -0,0 +1,236 @@ +.\" $OpenBSD: RSA_padding_add_PKCS1_type_1.3,v 1.8 2018/03/21 16:09:51 schwarze Exp $ +.\" OpenSSL 1e3f62a3 Jul 17 16:47:13 2017 +0200 +.\" +.\" This file was written by Ulf Moeller . +.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 21 2018 $ +.Dt RSA_PADDING_ADD_PKCS1_TYPE_1 3 +.Os +.Sh NAME +.Nm RSA_padding_add_PKCS1_type_1 , +.Nm RSA_padding_check_PKCS1_type_1 , +.Nm RSA_padding_add_PKCS1_type_2 , +.Nm RSA_padding_check_PKCS1_type_2 , +.Nm RSA_padding_add_PKCS1_OAEP , +.Nm RSA_padding_check_PKCS1_OAEP , +.Nm RSA_padding_add_none , +.Nm RSA_padding_check_none +.Nd asymmetric encryption padding +.Sh SYNOPSIS +.In openssl/rsa.h +.Ft int +.Fo RSA_padding_add_PKCS1_type_1 +.Fa "unsigned char *to" +.Fa "int tlen" +.Fa "unsigned char *f" +.Fa "int fl" +.Fc +.Ft int +.Fo RSA_padding_check_PKCS1_type_1 +.Fa "unsigned char *to" +.Fa "int tlen" +.Fa "unsigned char *f" +.Fa "int fl" +.Fa "int rsa_len" +.Fc +.Ft int +.Fo RSA_padding_add_PKCS1_type_2 +.Fa "unsigned char *to" +.Fa "int tlen" +.Fa "unsigned char *f" +.Fa "int fl" +.Fc +.Ft int +.Fo RSA_padding_check_PKCS1_type_2 +.Fa "unsigned char *to" +.Fa "int tlen" +.Fa "unsigned char *f" +.Fa "int fl" +.Fa "int rsa_len" +.Fc +.Ft int +.Fo RSA_padding_add_PKCS1_OAEP +.Fa "unsigned char *to" +.Fa "int tlen" +.Fa "unsigned char *f" +.Fa "int fl" +.Fa "unsigned char *p" +.Fa "int pl" +.Fc +.Ft int +.Fo RSA_padding_check_PKCS1_OAEP +.Fa "unsigned char *to" +.Fa "int tlen" +.Fa "unsigned char *f" +.Fa "int fl" +.Fa "int rsa_len" +.Fa "unsigned char *p" +.Fa "int pl" +.Fc +.Ft int +.Fo RSA_padding_add_none +.Fa "unsigned char *to" +.Fa "int tlen" +.Fa "unsigned char *f" +.Fa "int fl" +.Fc +.Ft int +.Fo RSA_padding_check_none +.Fa "unsigned char *to" +.Fa "int tlen" +.Fa "unsigned char *f" +.Fa "int fl" +.Fa "int rsa_len" +.Fc +.Sh DESCRIPTION +These functions are called from the RSA encrypt, decrypt, sign, and +verify functions. +Normally they should not be called from application programs. +.Pp +However, they can also be called directly to implement padding for other +asymmetric ciphers. +.Fn RSA_padding_add_PKCS1_OAEP +and +.Fn RSA_padding_check_PKCS1_OAEP +may be used in an application combined with +.Dv RSA_NO_PADDING +in order to implement OAEP with an encoding parameter. +.Pp +.Fn RSA_padding_add_* +encodes +.Fa fl +bytes from +.Fa f +so as to fit into +.Fa tlen +bytes and stores the result at +.Fa to . +An error occurs if +.Fa fl +does not meet the size requirements of the encoding method. +.Pp +The following encoding methods are implemented: +.Pp +.Bl -tag -width PKCS1_type_2 -compact +.It PKCS1_type_1 +PKCS #1 v2.0 EMSA-PKCS1-v1_5 (PKCS #1 v1.5 block type 1); +used for signatures +.It PKCS1_type_2 +PKCS #1 v2.0 EME-PKCS1-v1_5 (PKCS #1 v1.5 block type 2) +.It PKCS1_OAEP +PKCS #1 v2.0 EME-OAEP +.It none +simply copy the data +.El +.Pp +.Fn RSA_padding_check_* +verifies that the +.Fa fl +bytes at +.Fa f +contain a valid encoding for a +.Fa rsa_len +byte RSA key in the respective encoding method and stores the recovered +data of at most +.Fa tlen +bytes (for +.Dv RSA_NO_PADDING : +of size +.Fa tlen ) +at +.Fa to . +.Pp +For +.Fn RSA_padding_*_OAEP , +.Fa p +points to the encoding parameter of length +.Fa pl . +.Fa p +may be +.Dv NULL +if +.Fa pl +is 0. +.Sh RETURN VALUES +The +.Fn RSA_padding_add_* +functions return 1 on success or 0 on error. +The +.Fn RSA_padding_check_* +functions return the length of the recovered data or -1 on error. +Error codes can be obtained by calling +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr RSA_new 3 , +.Xr RSA_private_decrypt 3 , +.Xr RSA_public_encrypt 3 , +.Xr RSA_sign 3 , +.Xr RSA_verify 3 +.Sh HISTORY +.Fn RSA_padding_add_PKCS1_type_1 , +.Fn RSA_padding_check_PKCS1_type_1 , +.Fn RSA_padding_add_PKCS1_type_2 , +.Fn RSA_padding_check_PKCS1_type_2 , +.Fn RSA_padding_add_none , +and +.Fn RSA_padding_check_none +first appeared in SSLeay 0.9.0 and have been available since +.Ox 2.4 . +.Pp +.Fn RSA_padding_add_PKCS1_OAEP +and +.Fn RSA_padding_check_PKCS1_OAEP +first appeared in OpenSSL 0.9.2b and have been available since +.Ox 2.6 . +.Sh BUGS +The +.Fn RSA_padding_check_PKCS1_type_2 +padding check leaks timing information which can potentially be +used to mount a Bleichenbacher padding oracle attack. +This is an inherent weakness in the PKCS #1 v1.5 padding design. +Prefer PKCS1_OAEP padding. diff --git a/src/lib/libcrypto/man/RSA_print.3 b/src/lib/libcrypto/man/RSA_print.3 new file mode 100644 index 00000000000..1a8dc86f0cb --- /dev/null +++ b/src/lib/libcrypto/man/RSA_print.3 @@ -0,0 +1,143 @@ +.\" $OpenBSD: RSA_print.3,v 1.8 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" +.\" This file was written by Ulf Moeller . +.\" Copyright (c) 2000, 2002, 2003 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt RSA_PRINT 3 +.Os +.Sh NAME +.Nm RSA_print , +.Nm RSA_print_fp , +.Nm DSAparams_print , +.Nm DSAparams_print_fp , +.Nm DSA_print , +.Nm DSA_print_fp , +.Nm DHparams_print , +.Nm DHparams_print_fp +.Nd print cryptographic parameters +.Sh SYNOPSIS +.In openssl/rsa.h +.Ft int +.Fo RSA_print +.Fa "BIO *bp" +.Fa "RSA *x" +.Fa "int offset" +.Fc +.Ft int +.Fo RSA_print_fp +.Fa "FILE *fp" +.Fa "RSA *x" +.Fa "int offset" +.Fc +.In openssl/dsa.h +.Ft int +.Fo DSAparams_print +.Fa "BIO *bp" +.Fa "DSA *x" +.Fc +.Ft int +.Fo DSAparams_print_fp +.Fa "FILE *fp" +.Fa "DSA *x" +.Fc +.Ft int +.Fo DSA_print +.Fa "BIO *bp" +.Fa "DSA *x" +.Fa "int offset" +.Fc +.Ft int +.Fo DSA_print_fp +.Fa "FILE *fp" +.Fa "DSA *x" +.Fa "int offset" +.Fc +.In openssl/dh.h +.Ft int +.Fo DHparams_print +.Fa "BIO *bp" +.Fa "DH *x" +.Fc +.Ft int +.Fo DHparams_print_fp +.Fa "FILE *fp" +.Fa "DH *x" +.Fc +.Sh DESCRIPTION +A human-readable hexadecimal output of the components of the RSA key, +DSA parameters or key or DH parameters is printed to +.Fa bp +or +.Fa fp . +.Pp +The output lines are indented by +.Fa offset +spaces. +.Sh RETURN VALUES +These functions return 1 on success or 0 on error. +.Sh SEE ALSO +.Xr BN_bn2bin 3 , +.Xr DH_get0_pqg 3 , +.Xr DSA_get0_pqg 3 , +.Xr RSA_get0_key 3 , +.Xr RSA_new 3 +.Sh HISTORY +.Fn RSA_print +and +.Fn DHparams_print +first appeared in SSLeay 0.5.1. +.Fn RSA_print_fp , +.Fn DSA_print , +and +.Fn DHparams_print_fp +first appeared in SSLeay 0.6.0. +.Fn DSA_print_fp +first appeared in SSLeay 0.8.0. +All these functions have been available since +.Ox 2.4 . diff --git a/src/lib/libcrypto/man/RSA_private_encrypt.3 b/src/lib/libcrypto/man/RSA_private_encrypt.3 new file mode 100644 index 00000000000..524986b03fd --- /dev/null +++ b/src/lib/libcrypto/man/RSA_private_encrypt.3 @@ -0,0 +1,151 @@ +.\" $OpenBSD: RSA_private_encrypt.3,v 1.9 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL RSA_private_encrypt.pod b41f6b64 Mar 10 15:49:04 2017 +0000 +.\" +.\" This file was written by Ulf Moeller . +.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt RSA_PRIVATE_ENCRYPT 3 +.Os +.Sh NAME +.Nm RSA_private_encrypt , +.Nm RSA_public_decrypt +.Nd low level signature operations +.Sh SYNOPSIS +.In openssl/rsa.h +.Ft int +.Fo RSA_private_encrypt +.Fa "int flen" +.Fa "const unsigned char *from" +.Fa "unsigned char *to" +.Fa "RSA *rsa" +.Fa "int padding" +.Fc +.Ft int +.Fo RSA_public_decrypt +.Fa "int flen" +.Fa "const unsigned char *from" +.Fa "unsigned char *to" +.Fa "RSA *rsa" +.Fa "int padding" +.Fc +.Sh DESCRIPTION +These functions handle RSA signatures at a low level. +.Pp +.Fn RSA_private_encrypt +signs the +.Fa flen +bytes at +.Fa from +(usually a message digest with an algorithm identifier) using the +private key +.Fa rsa +and stores the signature in +.Fa to . +.Fa to +must point to +.Fn RSA_size rsa +bytes of memory. +.Pp +.Fa padding +denotes one of the following modes: +.Bl -tag -width Ds +.It Dv RSA_PKCS1_PADDING +PKCS #1 v1.5 padding. +This function does not handle the +.Sy algorithmIdentifier +specified in PKCS #1. +When generating or verifying PKCS #1 signatures, +.Xr RSA_sign 3 +and +.Xr RSA_verify 3 +should be used. +.It Dv RSA_NO_PADDING +Raw RSA signature. +This mode should only be used to implement cryptographically sound +padding modes in the application code. +Signing user data directly with RSA is insecure. +.El +.Pp +.Fn RSA_public_decrypt +recovers the message digest from the +.Fa flen +bytes long signature at +.Fa from +using the signer's public key +.Fa rsa . +.Fa to +must point to a memory section large enough to hold the message digest +(which is smaller than +.Fn RSA_size rsa +- 11). +.Fa padding +is the padding mode that was used to sign the data. +.Sh RETURN VALUES +.Fn RSA_private_encrypt +returns the size of the signature (i.e.\& +.Fn RSA_size rsa ) . +.Fn RSA_public_decrypt +returns the size of the recovered message digest. +.Pp +On error, -1 is returned; the error codes can be obtained by +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr ERR_get_error 3 , +.Xr RSA_meth_set_priv_enc 3 , +.Xr RSA_new 3 , +.Xr RSA_sign 3 , +.Xr RSA_verify 3 +.Sh HISTORY +.Fn RSA_private_encrypt +and +.Fn RSA_public_decrypt +appeared in SSLeay 0.4 or earlier and have been available since +.Ox 2.4 . +.Pp +.Dv RSA_NO_PADDING +is available since SSLeay 0.9.0. diff --git a/src/lib/libcrypto/man/RSA_public_encrypt.3 b/src/lib/libcrypto/man/RSA_public_encrypt.3 new file mode 100644 index 00000000000..97d325ff294 --- /dev/null +++ b/src/lib/libcrypto/man/RSA_public_encrypt.3 @@ -0,0 +1,168 @@ +.\" $OpenBSD: RSA_public_encrypt.3,v 1.11 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL RSA_public_encrypt.pod 1e3f62a3 Jul 17 16:47:13 2017 +0200 +.\" +.\" This file was written by Ulf Moeller . +.\" Copyright (c) 2000, 2004 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt RSA_PUBLIC_ENCRYPT 3 +.Os +.Sh NAME +.Nm RSA_public_encrypt , +.Nm RSA_private_decrypt +.Nd RSA public key cryptography +.Sh SYNOPSIS +.In openssl/rsa.h +.Ft int +.Fo RSA_public_encrypt +.Fa "int flen" +.Fa "const unsigned char *from" +.Fa "unsigned char *to" +.Fa "RSA *rsa" +.Fa "int padding" +.Fc +.Ft int +.Fo RSA_private_decrypt +.Fa "int flen" +.Fa "const unsigned char *from" +.Fa "unsigned char *to" +.Fa "RSA *rsa" +.Fa "int padding" +.Fc +.Sh DESCRIPTION +.Fn RSA_public_encrypt +encrypts the +.Fa flen +bytes at +.Fa from +(usually a session key) using the public key +.Fa rsa +and stores the ciphertext in +.Fa to . +.Fa to +must point to +.Fn RSA_size rsa +bytes of memory. +.Pp +.Fa padding +denotes one of the following modes: +.Bl -tag -width Ds +.It Dv RSA_PKCS1_PADDING +PKCS #1 v1.5 padding. +This currently is the most widely used mode. +.It Dv RSA_PKCS1_OAEP_PADDING +EME-OAEP as defined in PKCS #1 v2.0 with SHA-1, MGF1 and an empty +encoding parameter. +This mode is recommended for all new applications. +.It Dv RSA_NO_PADDING +Raw RSA encryption. +This mode should only be used to implement cryptographically sound +padding modes in the application code. +Encrypting user data directly with RSA is insecure. +.El +.Pp +.Fa flen +must be less than +.Fn RSA_size rsa +- 11 for the PKCS #1 v1.5 based padding modes, less than +.Fn RSA_size rsa +- 41 for +.Dv RSA_PKCS1_OAEP_PADDING +and exactly +.Fn RSA_size rsa +for +.Dv RSA_NO_PADDING . +.Pp +.Fn RSA_private_decrypt +decrypts the +.Fa flen +bytes at +.Fa from +using the private key +.Fa rsa +and stores the plaintext in +.Fa to . +.Fa to +must point to a memory section large enough to hold the decrypted data +(which is smaller than +.Fn RSA_size rsa ) . +.Fa padding +is the padding mode that was used to encrypt the data. +.Sh RETURN VALUES +.Fn RSA_public_encrypt +returns the size of the encrypted data (i.e.\& +.Fn RSA_size rsa ) . +.Fn RSA_private_decrypt +returns the size of the recovered plaintext. +.Pp +On error, -1 is returned; the error codes can be obtained by +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr ERR_get_error 3 , +.Xr RSA_meth_set_priv_dec 3 , +.Xr RSA_new 3 , +.Xr RSA_size 3 +.Sh STANDARDS +SSL, PKCS #1 v2.0 +.Sh HISTORY +.Fn RSA_public_encrypt +and +.Fn RSA_private_decrypt +appeared in SSLeay 0.4 or earlier and have been available since +.Ox 2.4 . +.Pp +.Dv RSA_NO_PADDING +is available since SSLeay 0.9.0. +OAEP was added in OpenSSL 0.9.2b. +.Sh BUGS +Decryption failures in the +.Dv RSA_PKCS1_PADDING +mode leak information which can potentially be used to mount a +Bleichenbacher padding oracle attack. +This is an inherent weakness in the PKCS #1 v1.5 padding design. +Prefer +.Dv RSA_PKCS1_OAEP_PADDING . diff --git a/src/lib/libcrypto/man/RSA_set_method.3 b/src/lib/libcrypto/man/RSA_set_method.3 new file mode 100644 index 00000000000..b4724e3e6da --- /dev/null +++ b/src/lib/libcrypto/man/RSA_set_method.3 @@ -0,0 +1,312 @@ +.\" $OpenBSD: RSA_set_method.3,v 1.12 2018/04/18 01:07:38 schwarze Exp $ +.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" +.\" This file was written by Ulf Moeller +.\" and Geoff Thorpe . +.\" Copyright (c) 2000, 2002, 2007, 2014 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: April 18 2018 $ +.Dt RSA_SET_METHOD 3 +.Os +.Sh NAME +.Nm RSA_set_default_method , +.Nm RSA_get_default_method , +.Nm RSA_set_method , +.Nm RSA_get_method , +.Nm RSA_PKCS1_SSLeay , +.Nm RSA_flags , +.Nm RSA_new_method +.Nd select RSA method +.Sh SYNOPSIS +.In openssl/rsa.h +.Ft void +.Fo RSA_set_default_method +.Fa "const RSA_METHOD *meth" +.Fc +.Ft const RSA_METHOD * +.Fn RSA_get_default_method void +.Ft int +.Fo RSA_set_method +.Fa "RSA *rsa" +.Fa "const RSA_METHOD *meth" +.Fc +.Ft const RSA_METHOD * +.Fo RSA_get_method +.Fa "const RSA *rsa" +.Fc +.Ft const RSA_METHOD * +.Fn RSA_PKCS1_SSLeay void +.Ft int +.Fo RSA_flags +.Fa "const RSA *rsa" +.Fc +.Ft RSA * +.Fo RSA_new_method +.Fa "ENGINE *engine" +.Fc +.Sh DESCRIPTION +An +.Vt RSA_METHOD +object contains pointers to the functions used for RSA operations. +By default, the internal implementation returned by +.Fn RSA_PKCS1_SSLeay +is used. +By selecting another method, alternative implementations +such as hardware accelerators may be used. +.Pp +.Fn RSA_set_default_method +selects +.Fa meth +as the default method for all +.Vt RSA +structures created later. +If any +.Vt ENGINE +was registered with +.Xr ENGINE_register_RSA 3 +that can be successfully initialized, it overrides the default. +.Pp +.Fn RSA_get_default_method +returns a pointer to the current default method, +even if it is actually overridded by an +.Vt ENGINE . +.Pp +.Fn RSA_set_method +selects +.Fa meth +to perform all operations using the key +.Fa rsa . +This replaces the +.Vt RSA_METHOD +used by the RSA key, and if the previous method was supplied by an +.Vt ENGINE , +.Xr ENGINE_finish 3 +is called on it. +It is possible to have RSA keys that only work with certain +.Vt RSA_METHOD +implementations (e.g. from an +.Vt ENGINE +module that supports embedded hardware-protected keys), +and in such cases attempting to change the +.Vt RSA_METHOD +for the key can have unexpected results. +.Pp +.Fn RSA_get_method +returns a pointer to the +.Vt RSA_METHOD +being used by +.Fa rsa . +This method may or may not be supplied by an +.Vt ENGINE +implementation but if it is, the return value can only be guaranteed +to be valid as long as the RSA key itself is valid and does not +have its implementation changed by +.Fn RSA_set_method . +.Pp +.Fn RSA_flags +returns the flags that are set for the current +.Vt RSA_METHOD +of +.Fa rsa . +See the +.Sx BUGS +section. +.Pp +.Fn RSA_new_method +allocates and initializes an +.Vt RSA +structure so that +.Fa engine +is used for the RSA operations. +If +.Fa engine +is +.Dv NULL , +.Xr ENGINE_get_default_RSA 3 +is used. +If that returns +.Dv NULL , +the default method controlled by +.Fn RSA_set_default_method +is used. +.Pp +The +.Dv RSA_METHOD +structure is defined as follows: +.Bd -literal +typedef struct rsa_meth_st +{ + /* name of the implementation */ + const char *name; + + /* encrypt */ + int (*rsa_pub_enc)(int flen, unsigned char *from, + unsigned char *to, RSA *rsa, int padding); + + /* verify arbitrary data */ + int (*rsa_pub_dec)(int flen, unsigned char *from, + unsigned char *to, RSA *rsa, int padding); + + /* sign arbitrary data */ + int (*rsa_priv_enc)(int flen, unsigned char *from, + unsigned char *to, RSA *rsa, int padding); + + /* decrypt */ + int (*rsa_priv_dec)(int flen, unsigned char *from, + unsigned char *to, RSA *rsa, int padding); + + /* compute r0 = r0 ^ I mod rsa->n (May be NULL for some + implementations) */ + int (*rsa_mod_exp)(BIGNUM *r0, BIGNUM *I, RSA *rsa); + + /* compute r = a ^ p mod m (May be NULL for some implementations) */ + int (*bn_mod_exp)(BIGNUM *r, BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); + + /* called at RSA_new */ + int (*init)(RSA *rsa); + + /* called at RSA_free */ + int (*finish)(RSA *rsa); + + /* RSA_FLAG_EXT_PKEY - rsa_mod_exp is called for private key + * operations, even if p,q,dmp1,dmq1,iqmp + * are NULL + * RSA_FLAG_SIGN_VER - enable rsa_sign and rsa_verify + * RSA_METHOD_FLAG_NO_CHECK - don't check pub/private match + */ + int flags; + + char *app_data; /* ?? */ + + /* sign. For backward compatibility, this is used only + * if (flags & RSA_FLAG_SIGN_VER) + */ + int (*rsa_sign)(int type, unsigned char *m, unsigned int m_len, + unsigned char *sigret, unsigned int *siglen, RSA *rsa); + + /* verify. For backward compatibility, this is used only + * if (flags & RSA_FLAG_SIGN_VER) + */ + int (*rsa_verify)(int type, unsigned char *m, unsigned int m_len, + unsigned char *sigbuf, unsigned int siglen, RSA *rsa); + +} RSA_METHOD; +.Ed +.Sh RETURN VALUES +.Fn RSA_PKCS1_SSLeay , +.Fn RSA_get_default_method , +and +.Fn RSA_get_method +return pointers to the respective +.Vt RSA_METHOD . +.Pp +.Fn RSA_set_method +returns 1 on success or 0 on failure. +Currently, it cannot fail. +.Pp +.Fn RSA_new_method +returns +.Dv NULL +and sets an error code that can be obtained by +.Xr ERR_get_error 3 +if the allocation fails. +Otherwise it returns a pointer to the newly allocated structure. +.Sh SEE ALSO +.Xr ENGINE_get_default_RSA 3 , +.Xr ENGINE_register_RSA 3 , +.Xr ENGINE_set_default_RSA 3 , +.Xr RSA_meth_new 3 , +.Xr RSA_new 3 +.Sh HISTORY +.Fn RSA_set_default_method , +.Fn RSA_PKCS1_SSLeay , +and +.Fn RSA_new_method +first appeared in SSLeay 0.8.0. +.Fn RSA_flags +first appeared in SSLeay 0.9.0. +These functions have been available since +.Ox 2.4 . +.Pp +.Fn RSA_get_default_method , +.Fn RSA_set_method , +and +.Fn RSA_get_method +as well as the +.Fa rsa_sign +and +.Fa rsa_verify +components of +.Vt RSA_METHOD +first appeared in OpenSSL 0.9.4 and have been available since +.Ox 2.6 . +.Sh BUGS +The behaviour of +.Fn RSA_flags +is a misfeature that is left as-is for now to avoid creating +compatibility problems. +RSA functionality, such as the encryption functions, are controlled by +the +.Fa flags +value in the +.Vt RSA +key itself, not by the +.Fa flags +value in the +.Vt RSA_METHOD +attached to the RSA key (which is what this function returns). +If the flags element of an +.Vt RSA +key is changed, the changes will be honoured by RSA functionality +but will not be reflected in the return value of the +.Fn RSA_flags +function - in effect +.Fn RSA_flags +behaves more like a RSA_default_flags() function, which does not +currently exist. diff --git a/src/lib/libcrypto/man/RSA_sign.3 b/src/lib/libcrypto/man/RSA_sign.3 new file mode 100644 index 00000000000..80e0b0e9577 --- /dev/null +++ b/src/lib/libcrypto/man/RSA_sign.3 @@ -0,0 +1,147 @@ +.\" $OpenBSD: RSA_sign.3,v 1.6 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL aa90ca11 Aug 20 15:48:56 2016 -0400 +.\" +.\" This file was written by Ulf Moeller . +.\" Copyright (c) 2000, 2005, 2014, 2015, 2016 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt RSA_SIGN 3 +.Os +.Sh NAME +.Nm RSA_sign , +.Nm RSA_verify +.Nd RSA signatures +.Sh SYNOPSIS +.In openssl/rsa.h +.Ft int +.Fo RSA_sign +.Fa "int type" +.Fa "const unsigned char *m" +.Fa "unsigned int m_len" +.Fa "unsigned char *sigret" +.Fa "unsigned int *siglen" +.Fa "RSA *rsa" +.Fc +.Ft int +.Fo RSA_verify +.Fa "int type" +.Fa "const unsigned char *m" +.Fa "unsigned int m_len" +.Fa "unsigned char *sigbuf" +.Fa "unsigned int siglen" +.Fa "RSA *rsa" +.Fc +.Sh DESCRIPTION +.Fn RSA_sign +signs the message digest +.Fa m +of size +.Fa m_len +using the private key +.Fa rsa +using RSASSA-PKCS1-v1_5 as specified in RFC 3447. +It stores the signature in +.Fa sigret +and the signature size in +.Fa siglen . +.Fa sigret +must point to +.Fn RSA_size rsa +bytes of memory. +Note that PKCS #1 adds meta-data, placing limits on the size of the key +that can be used. +See +.Xr RSA_private_encrypt 3 +for lower-level operations. +.Pp +.Fa type +denotes the message digest algorithm that was used to generate +.Fa m . +If +.Fa type +is +.Sy NID_md5_sha1 , +an SSL signature (MD5 and SHA1 message digests with PKCS #1 padding and +no algorithm identifier) is created. +.Pp +.Fn RSA_verify +verifies that the signature +.Fa sigbuf +of size +.Fa siglen +matches a given message digest +.Fa m +of size +.Fa m_len . +.Fa type +denotes the message digest algorithm that was used to generate the +signature. +.Fa rsa +is the signer's public key. +.Sh RETURN VALUES +.Fn RSA_sign +returns 1 on success. +.Fn RSA_verify +returns 1 on successful verification. +.Pp +The error codes can be obtained by +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr ERR_get_error 3 , +.Xr RSA_new 3 , +.Xr RSA_private_encrypt 3 , +.Xr RSA_public_decrypt 3 +.Sh STANDARDS +SSL, PKCS #1 v2.0 +.Sh HISTORY +.Fn RSA_sign +first appeared in SSLeay 0.4.4. +.Fn RSA_verify +first appeared in SSLeay 0.6.0. +Both functions have been available since +.Ox 2.4 . diff --git a/src/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 b/src/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 new file mode 100644 index 00000000000..215bb954016 --- /dev/null +++ b/src/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 @@ -0,0 +1,132 @@ +.\" $OpenBSD: RSA_sign_ASN1_OCTET_STRING.3,v 1.6 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Ulf Moeller . +.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt RSA_SIGN_ASN1_OCTET_STRING 3 +.Os +.Sh NAME +.Nm RSA_sign_ASN1_OCTET_STRING , +.Nm RSA_verify_ASN1_OCTET_STRING +.Nd RSA signatures +.Sh SYNOPSIS +.In openssl/rsa.h +.Ft int +.Fo RSA_sign_ASN1_OCTET_STRING +.Fa "int dummy" +.Fa "unsigned char *m" +.Fa "unsigned int m_len" +.Fa "unsigned char *sigret" +.Fa "unsigned int *siglen" +.Fa "RSA *rsa" +.Fc +.Ft int +.Fo RSA_verify_ASN1_OCTET_STRING +.Fa "int dummy" +.Fa "unsigned char *m" +.Fa "unsigned int m_len" +.Fa "unsigned char *sigbuf" +.Fa "unsigned int siglen" +.Fa "RSA *rsa" +.Fc +.Sh DESCRIPTION +.Fn RSA_sign_ASN1_OCTET_STRING +signs the octet string +.Fa m +of size +.Fa m_len +using the private key +.Fa rsa +represented in DER using PKCS #1 padding. +It stores the signature in +.Fa sigret +and the signature size in +.Fa siglen . +.Fa sigret +must point to +.Fn RSA_size rsa +bytes of memory. +.Pp +.Fa dummy +is ignored. +.Pp +.Fn RSA_verify_ASN1_OCTET_STRING +verifies that the signature +.Fa sigbuf +of size +.Fa siglen +is the DER representation of a given octet string +.Fa m +of size +.Fa m_len . +.Fa dummy +is ignored. +.Fa rsa +is the signer's public key. +.Sh RETURN VALUES +.Fn RSA_sign_ASN1_OCTET_STRING +returns 1 on success or 0 otherwise. +.Fn RSA_verify_ASN1_OCTET_STRING +returns 1 on successful verification or 0 otherwise. +.Pp +The error codes can be obtained by +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr ERR_get_error 3 , +.Xr RSA_new 3 , +.Xr RSA_sign 3 , +.Xr RSA_verify 3 +.Sh HISTORY +.Fn RSA_sign_ASN1_OCTET_STRING +and +.Fn RSA_verify_ASN1_OCTET_STRING +first appeared in SSLeay 0.8.0 and have been available since +.Ox 2.4 . +.Sh BUGS +These functions serve no recognizable purpose. diff --git a/src/lib/libcrypto/man/RSA_size.3 b/src/lib/libcrypto/man/RSA_size.3 new file mode 100644 index 00000000000..7218c2e1f8c --- /dev/null +++ b/src/lib/libcrypto/man/RSA_size.3 @@ -0,0 +1,96 @@ +.\" $OpenBSD: RSA_size.3,v 1.9 2018/03/27 17:35:50 schwarze Exp $ +.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" +.\" This file was written by Ulf Moeller and +.\" Kurt Roeckx . +.\" Copyright (c) 2000, 2002, 2015 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt RSA_SIZE 3 +.Os +.Sh NAME +.Nm RSA_size , +.Nm RSA_bits +.Nd get the RSA modulus size +.Sh SYNOPSIS +.In openssl/rsa.h +.Ft int +.Fo RSA_size +.Fa "const RSA *rsa" +.Fc +.Ft int +.Fo RSA_bits +.Fa "const RSA *rsa" +.Fc +.Sh DESCRIPTION +.Fn RSA_size +returns the RSA modulus size in bytes. +It can be used to determine how much memory must be allocated for +an RSA encrypted value. +.Pp +.Fn RSA_bits +returns the number of significant bits. +.Pp +.Fa rsa +and +.Fa rsa->n +must not be +.Dv NULL . +.Sh RETURN VALUES +The size. +.Sh SEE ALSO +.Xr BN_num_bits 3 , +.Xr RSA_get0_key 3 , +.Xr RSA_new 3 +.Sh HISTORY +.Fn RSA_size +first appeared in SSLeay 0.4.4 and has been available since +.Ox 2.4 . +.Pp +.Fn RSA_bits +first appeared in OpenSSL 1.1.0 and has been available since +.Ox 6.3 . diff --git a/src/lib/libcrypto/man/SHA1.3 b/src/lib/libcrypto/man/SHA1.3 new file mode 100644 index 00000000000..f5061e56e62 --- /dev/null +++ b/src/lib/libcrypto/man/SHA1.3 @@ -0,0 +1,276 @@ +.\" $OpenBSD: SHA1.3,v 1.7 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" +.\" This file was written by Ulf Moeller and +.\" Matt Caswell . +.\" Copyright (c) 2000, 2006, 2015 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SHA1 3 +.Os +.Sh NAME +.Nm SHA1 , +.Nm SHA1_Init , +.Nm SHA1_Update , +.Nm SHA1_Final , +.Nm SHA224 , +.Nm SHA224_Init , +.Nm SHA224_Update , +.Nm SHA224_Final , +.Nm SHA256 , +.Nm SHA256_Init , +.Nm SHA256_Update , +.Nm SHA256_Final , +.Nm SHA384 , +.Nm SHA384_Init , +.Nm SHA384_Update , +.Nm SHA384_Final , +.Nm SHA512 , +.Nm SHA512_Init , +.Nm SHA512_Update , +.Nm SHA512_Final +.Nd Secure Hash Algorithm +.Sh SYNOPSIS +.In openssl/sha.h +.Ft unsigned char * +.Fo SHA1 +.Fa "const unsigned char *d" +.Fa "size_t n" +.Fa "unsigned char *md" +.Fc +.Ft int +.Fo SHA1_Init +.Fa "SHA_CTX *c" +.Fc +.Ft int +.Fo SHA1_Update +.Fa "SHA_CTX *c" +.Fa "const void *data" +.Fa "size_t len" +.Fc +.Ft int +.Fo SHA1_Final +.Fa "unsigned char *md" +.Fa "SHA_CTX *c" +.Fc +.Ft unsigned char * +.Fo SHA224 +.Fa "const unsigned char *d" +.Fa "size_t n" +.Fa "unsigned char *md" +.Fc +.Ft int +.Fo SHA224_Init +.Fa "SHA256_CTX *c" +.Fc +.Ft int +.Fo SHA224_Update +.Fa "SHA256_CTX *c" +.Fa "const void *data" +.Fa "size_t len" +.Fc +.Ft int +.Fo SHA224_Final +.Fa "unsigned char *md" +.Fa "SHA256_CTX *c" +.Fc +.Ft unsigned char * +.Fo SHA256 +.Fa "const unsigned char *d" +.Fa "size_t n" +.Fa "unsigned char *md" +.Fc +.Ft int +.Fo SHA256_Init +.Fa "SHA256_CTX *c" +.Fc +.Ft int +.Fo SHA256_Update +.Fa "SHA256_CTX *c" +.Fa "const void *data" +.Fa "size_t len" +.Fc +.Ft int +.Fo SHA256_Final +.Fa "unsigned char *md" +.Fa "SHA256_CTX *c" +.Fc +.Ft unsigned char * +.Fo SHA384 +.Fa "const unsigned char *d" +.Fa "size_t n" +.Fa "unsigned char *md" +.Fc +.Ft int +.Fo SHA384_Init +.Fa "SHA512_CTX *c" +.Fc +.Ft int +.Fo SHA384_Update +.Fa "SHA512_CTX *c" +.Fa "const void *data" +.Fa "size_t len" +.Fc +.Ft int +.Fo SHA384_Final +.Fa "unsigned char *md" +.Fa "SHA512_CTX *c" +.Fc +.Ft unsigned char * +.Fo SHA512 +.Fa "const unsigned char *d" +.Fa "size_t n" +.Fa "unsigned char *md" +.Fc +.Ft int +.Fo SHA512_Init +.Fa "SHA512_CTX *c" +.Fc +.Ft int +.Fo SHA512_Update +.Fa "SHA512_CTX *c" +.Fa "const void *data" +.Fa "size_t len" +.Fc +.Ft int +.Fo SHA512_Final +.Fa "unsigned char *md" +.Fa "SHA512_CTX *c" +.Fc +.Sh DESCRIPTION +SHA-1 (Secure Hash Algorithm) is a cryptographic hash function with a +160-bit output. +.Pp +.Fn SHA1 +computes the SHA-1 message digest of the +.Fa n +bytes at +.Fa d +and places it in +.Fa md , +which must have space for +.Dv SHA_DIGEST_LENGTH +== 20 bytes of output. +If +.Fa md +is +.Dv NULL , +the digest is placed in a static array, which is not thread safe. +.Pp +The following functions may be used if the message is not completely +stored in memory: +.Pp +.Fn SHA1_Init +initializes a +.Vt SHA_CTX +structure. +.Pp +.Fn SHA1_Update +can be called repeatedly with chunks of the message to be hashed +.Pq Fa len No bytes at Fa data . +.Pp +.Fn SHA1_Final +places the message digest in +.Fa md , +which must have space for +.Dv SHA_DIGEST_LENGTH +== 20 bytes of output, and erases the +.Vt SHA_CTX . +.Pp +The SHA224, SHA256, SHA384, and SHA512 families of functions operate +in the same way as the SHA1 functions. +Note that SHA224 and SHA256 use a +.Vt SHA256_CTX +object instead of +.Vt SHA_CTX , +and SHA384 and SHA512 use +.Vt SHA512_CTX . +The buffer +.Fa md +must have space for the output from the SHA variant being used: +.Dv SHA224_DIGEST_LENGTH , +.Dv SHA256_DIGEST_LENGTH , +.Dv SHA384_DIGEST_LENGTH , +or +.Dv SHA512_DIGEST_LENGTH +bytes. +.Pp +Applications should use the higher level functions +.Xr EVP_DigestInit 3 +etc. instead of calling the hash functions directly. +.Pp +The predecessor of SHA-1, SHA, is also implemented, but it should be +used only when backward compatibility is required. +.Sh RETURN VALUES +.Fn SHA1 , +.Fn SHA224 , +.Fn SHA256 , +.Fn SHA384 , +and +.Fn SHA512 +return a pointer to the hash value. +The other functions return 1 for success or 0 otherwise. +.Sh SEE ALSO +.Xr EVP_DigestInit 3 , +.Xr HMAC 3 , +.Xr RIPEMD160 3 +.Sh STANDARDS +SHA: US Federal Information Processing Standard FIPS PUB 180 (Secure +Hash Standard), SHA-1: US Federal Information Processing Standard FIPS +PUB 180-1 (Secure Hash Standard), ANSI X9.30 +.Sh HISTORY +.Fn SHA1 , +.Fn SHA1_Init , +.Fn SHA1_Update , +and +.Fn SHA1_Final +first appeared in SSLeay 0.5.1 and have been available since +.Ox 2.4 . +.Pp +The other functions first appeared in OpenSSL 0.9.8 +and have been available since +.Ox 4.5 . diff --git a/src/lib/libcrypto/man/SMIME_read_PKCS7.3 b/src/lib/libcrypto/man/SMIME_read_PKCS7.3 new file mode 100644 index 00000000000..417d97bef3a --- /dev/null +++ b/src/lib/libcrypto/man/SMIME_read_PKCS7.3 @@ -0,0 +1,150 @@ +.\" $OpenBSD: SMIME_read_PKCS7.3,v 1.6 2018/03/22 16:06:33 schwarze Exp $ +.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2002, 2006 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 22 2018 $ +.Dt SMIME_READ_PKCS7 3 +.Os +.Sh NAME +.Nm SMIME_read_PKCS7 +.Nd parse S/MIME message +.Sh SYNOPSIS +.In openssl/pkcs7.h +.Ft PKCS7 * +.Fo SMIME_read_PKCS7 +.Fa "BIO *in" +.Fa "BIO **bcont" +.Fc +.Sh DESCRIPTION +.Fn SMIME_read_PKCS7 +parses a message in S/MIME format. +.Pp +.Fa in +is a +.Vt BIO +to read the message from. +.Pp +If cleartext signing is used, then the content is saved in a memory +.Vt BIO +which is written to +.Pf * Fa bcont , +otherwise +.Pf * Fa bcont +is set to +.Dv NULL . +.Pp +The parsed PKCS#7 structure is returned, or +.Dv NULL +if an error occurred. +.Pp +If +.Pf * Fa bcont +is not +.Dv NULL , +then the message is clear text signed. +.Pf * Fa bcont +can then be passed to +.Xr PKCS7_verify 3 +with the +.Dv PKCS7_DETACHED +flag set. +.Pp +Otherwise the type of the returned structure can be determined using the +.Fn PKCS7_type_is_* +macros defined in +.In openssl/pkcs7.h . +.Pp +To support future functionality, if +.Fa bcont +is not +.Dv NULL , +.Pf * Fa bcont +should be initialized to +.Dv NULL . +For example: +.Bd -literal -offset indent +BIO *cont = NULL; +PKCS7 *p7; + +p7 = SMIME_read_PKCS7(in, &cont); +.Ed +.Sh RETURN VALUES +.Fn SMIME_read_PKCS7 +returns a valid +.Vt PKCS7 +structure or +.Dv NULL +if an error occurred. +The error can be obtained from +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr ERR_get_error 3 , +.Xr PKCS7_new 3 , +.Xr SMIME_write_PKCS7 3 +.Sh HISTORY +.Fn SMIME_read_PKCS7 +first appeared in OpenSSL 0.9.5 and has been available since +.Ox 2.7 . +.Sh BUGS +The MIME parser used by +.Fn SMIME_read_PKCS7 +is somewhat primitive. +While it will handle most S/MIME messages, more complex compound +formats may not work. +.Pp +The parser assumes that the +.Vt PKCS7 +structure is always base64 encoded, and it will not handle the case +where it is in binary format or uses quoted printable format. +.Pp +The use of a memory +.Vt BIO +to hold the signed content limits the size of the message which can +be processed due to memory restraints: a streaming single pass +option should be available. diff --git a/src/lib/libcrypto/man/SMIME_write_PKCS7.3 b/src/lib/libcrypto/man/SMIME_write_PKCS7.3 new file mode 100644 index 00000000000..a0a15763a1b --- /dev/null +++ b/src/lib/libcrypto/man/SMIME_write_PKCS7.3 @@ -0,0 +1,145 @@ +.\" $OpenBSD: SMIME_write_PKCS7.3,v 1.5 2018/03/22 16:06:33 schwarze Exp $ +.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2002, 2003, 2006, 2007, 2015 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 22 2018 $ +.Dt SMIME_WRITE_PKCS7 3 +.Os +.Sh NAME +.Nm SMIME_write_PKCS7 +.Nd convert PKCS#7 structure to S/MIME format +.Sh SYNOPSIS +.In openssl/pkcs7.h +.Ft int +.Fo SMIME_write_PKCS7 +.Fa "BIO *out" +.Fa "PKCS7 *p7" +.Fa "BIO *data" +.Fa "int flags" +.Fc +.Sh DESCRIPTION +.Fn SMIME_write_PKCS7 +adds the appropriate MIME headers to a PKCS#7 structure to produce an +S/MIME message. +.Pp +.Fa out +is the +.Vt BIO +to write the data to. +.Fa p7 +is the appropriate +.Vt PKCS7 +structure. +If streaming is enabled, then the content must be supplied in the +.Fa data +argument. +.Fa flags +is an optional set of flags. +.Pp +The following flags can be passed in the +.Fa flags +parameter. +.Pp +If +.Dv PKCS7_DETACHED +is set, then cleartext signing will be used. +This option only makes sense for signedData where +.Dv PKCS7_DETACHED +is also set when +.Xr PKCS7_sign 3 +is also called. +.Pp +If the +.Dv PKCS7_TEXT +flag is set, MIME headers for type +.Sy text/plain +are added to the content. +This only makes sense if +.Dv PKCS7_DETACHED +is also set. +.Pp +If the +.Dv PKCS7_STREAM +flag is set, streaming is performed. +This flag should only be set if +.Dv PKCS7_STREAM +was also set in the previous call to +.Xr PKCS7_sign 3 +or +.Xr PKCS7_encrypt 3 . +.Pp +If cleartext signing is being used and +.Dv PKCS7_STREAM +is not set, then the data must be read twice: once to compute the +signature in +.Xr PKCS7_sign 3 +and once to output the S/MIME message. +.Pp +If streaming is performed, the content is output in BER format using +indefinite length constructed encoding except in the case of signed +data with detached content where the content is absent and DER +format is used. +.Sh RETURN VALUES +.Fn SMIME_write_PKCS7 +returns 1 for success or 0 for failure. +.Sh SEE ALSO +.Xr ERR_get_error 3 , +.Xr i2d_PKCS7_bio_stream 3 , +.Xr PEM_write_PKCS7 3 , +.Xr PKCS7_new 3 , +.Xr SMIME_read_PKCS7 3 +.Sh HISTORY +.Fn SMIME_write_PKCS7 +first appeared in OpenSSL 0.9.5 and has been available since +.Ox 2.7 . +.Sh BUGS +.Fn SMIME_write_PKCS7 +always base64 encodes PKCS#7 structures. +There should be an option to disable this. diff --git a/src/lib/libcrypto/man/STACK_OF.3 b/src/lib/libcrypto/man/STACK_OF.3 new file mode 100644 index 00000000000..4cea8248ed4 --- /dev/null +++ b/src/lib/libcrypto/man/STACK_OF.3 @@ -0,0 +1,188 @@ +.\" $OpenBSD: STACK_OF.3,v 1.2 2018/03/21 17:57:48 schwarze Exp $ +.\" +.\" Copyright (c) 2018 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 21 2018 $ +.Dt STACK_OF 3 +.Os +.Sh NAME +.Nm STACK_OF +.Nd variable-sized arrays of pointers, called OpenSSL stacks +.Sh SYNOPSIS +.In openssl/safestack.h +.Fn STACK_OF type +.Sh DESCRIPTION +The +.In openssl/safestack.h +header provides a fragile, unusually complicated system of +macro-generated wrappers around the functions described in the +.Xr OPENSSL_sk_new 3 +manual page. +It is intended to implement superficially type-safe variable-sized +arrays of pointers, somewhat misleadingly called +.Dq stacks +by OpenSSL. +Due to the excessive number of API functions, it is impossible to +properly document this system. +In particular, calling +.Xr man 1 +for any of the functions operating on stacks cannot yield any result. +.Pp +Unfortunately, application programs can hardly avoid using the concept +because several important OpenSSL APIs rely on it; see the +.Sx SEE ALSO +section for examples. +Even though both pages are more complicated than any manual page +ought to be, using the concept safely requires a complete understanding +of all the details in both this manual page and in +.Xr OPENSSL_sk_new 3 . +.Pp +The +.Fn STACK_OF +macro takes a +.Fa type +name as its argument, typically the name of a type +that has been defined as an alias for a specific +.Vt struct +type using a +.Sy typedef +declaration. +It expands to an incomplete +.Vt struct +type which is intended to represent a +.Dq stack +of objects of the given +.Fa type . +That type does not actually exist, so it is not possible to define, +for example, an automatic variable +.Ql STACK_OF(X509) my_certificates ; +it is only possible to define pointers to stacks, for example +.Ql STACK_OF(X509) *my_certificates . +The only way such pointers can ever be used is by wrapper functions +casting them to the type +.Vt _STACK * +described in +.Xr OPENSSL_sk_new 3 . +.Pp +For a considerable number of types, OpenSSL provides one wrapper +function for each function described in +.Xr OPENSSL_sk_new 3 . +The names of these wrapper functions are usually constructed by +inserting the name of the type and an underscore after the +.Sq sk_ +prefix of the function name. +Usually, where the real functions take +.Vt void * +arguments, the wrappers take pointers to the +.Fa type +in questions, and where the real functions take +.Vt _STACK * +arguments, the wrappers take pointers to +.Fn STACK_OF type . +The same applies to return values. +Various exceptions to all this exist, but the above applies to +all the types listed below. +.Pp +Using the above may make sense for the following types because +public API functions exist that take stacks of these types as +arguments or return them: +.Vt ACCESS_DESCRIPTION , +.Vt ASN1_INTEGER , +.Vt ASN1_OBJECT , +.Vt ASN1_TYPE , +.Vt ASN1_UTF8STRING , +.Vt CONF_VALUE , +.Vt DIST_POINT , +.Vt GENERAL_NAME , +.Vt GENERAL_SUBTREE , +.Vt PKCS12_SAFEBAG , +.Vt PKCS7 , +.Vt PKCS7_RECIP_INFO , +.Vt PKCS7_SIGNER_INFO , +.Vt POLICY_MAPPING , +.Vt POLICYINFO , +.Vt POLICYQUALINFO , +.Vt X509 , +.Vt X509_ALGOR , +.Vt X509_ATTRIBUTE , +.Vt X509_CRL , +.Vt X509_EXTENSION , +.Vt X509_INFO , +.Vt X509_OBJECT , +.Vt X509_POLICY_NODE , +.Vt X509_PURPOSE , +.Vt X509_REVOKED . +.Pp +Even though the OpenSSL headers declare wrapper functions for many +more types and even though the OpenSSL documentation says that users +can declare their own stack types, using +.Fn STACK_OF +with any type not listed here is strongly discouraged. +For other types, there may be subtle, undocumented differences +in syntax and semantics, and attempting to declare custom stack +types is very error prone; using plain C arrays of pointers to +the desired type is much simpler and less dangerous. +.Sh EXAMPLES +The following program creates a certificate object, puts two +pointers to it on a stack, and uses +.Xr X509_free 3 +to clean up properly: +.Bd -literal +#include +#include +#include + +int +main(void) +{ + STACK_OF(X509) *stack; + X509 *x; + + if ((stack = sk_X509_new_null()) == NULL) + err(1, NULL); + if ((x = X509_new()) == NULL) + err(1, NULL); + if (sk_X509_push(stack, x) == 0) + err(1, NULL); + if (X509_up_ref(x) == 0) + errx(1, "X509_up_ref failed"); + if (sk_X509_push(stack, x) == 0) + err(1, NULL); + printf("%d pointers: %p, %p\en", sk_X509_num(stack), + sk_X509_value(stack, 0), sk_X509_value(stack, 1)); + sk_X509_pop_free(stack, X509_free); + + return 0; +} +.Ed +.Pp +The output looks similar to: +.Pp +.Dl 2 pointers: 0x4693ff24c00, 0x4693ff24c00 +.Sh SEE ALSO +.Xr OCSP_request_sign 3 , +.Xr PKCS12_parse 3 , +.Xr PKCS7_encrypt 3 , +.Xr SSL_CTX_set_client_CA_list 3 , +.Xr SSL_get_ciphers 3 , +.Xr SSL_get_peer_cert_chain 3 , +.Xr SSL_load_client_CA_file 3 , +.Xr X509_CRL_get_REVOKED 3 , +.Xr X509_STORE_CTX_get0_chain 3 +.Sh HISTORY +The +.Fn STACK_OF +macro first appeared in OpenSSL 0.9.3 and has been available since +.Ox 2.6 . diff --git a/src/lib/libcrypto/man/SXNET_new.3 b/src/lib/libcrypto/man/SXNET_new.3 new file mode 100644 index 00000000000..9a723be2032 --- /dev/null +++ b/src/lib/libcrypto/man/SXNET_new.3 @@ -0,0 +1,139 @@ +.\" $OpenBSD: SXNET_new.3,v 1.3 2018/03/21 17:57:48 schwarze Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 21 2018 $ +.Dt SXNET_NEW 3 +.Os +.Sh NAME +.Nm SXNET_new , +.Nm SXNET_free , +.Nm SXNETID_new , +.Nm SXNETID_free , +.Nm d2i_SXNET , +.Nm i2d_SXNET , +.Nm d2i_SXNETID , +.Nm i2d_SXNETID +.Nd Thawte strong extranet X.509 extension +.Sh SYNOPSIS +.In openssl/x509v3.h +.Ft SXNET * +.Fn SXNET_new void +.Ft void +.Fn SXNET_free "SXNET *sxnet" +.Ft SXNETID * +.Fn SXNETID_new void +.Ft void +.Fn SXNETID_free "SXNETID *sxnetid" +.Ft SXNET * +.Fo d2i_SXNET +.Fa "SXNET **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_SXNET +.Fa "SXNET *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft SXNETID * +.Fo d2i_SXNETID +.Fa "SXNETID **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_SXNETID +.Fa "SXNETID *val_in" +.Fa "unsigned char **der_out" +.Fc +.Sh DESCRIPTION +.Fn SXNET_new +allocates and initializes an empty +.Vt SXNET +object representing a non-standard proprietary Thawte strong extranet +X.509 extension. +.Fn SXNET_free +frees +.Fa sxnet . +.Pp +.Fn SXNETID_new +allocates and initializes an empty +.Vt SXNETID +object. +It is used inside +.Vt SXNET . +.Fn SXNETID_free +frees +.Fa sxnetid . +.Pp +The remaining functions decode and encode these objects +using DER format. +For details about the semantics, examples, caveats, and bugs, see +.Xr ASN1_item_d2i 3 . +.Sh RETURN VALUES +.Fn SXNET_new +and +.Fn d2i_SXNET +return an +.Vt SXNET +object or +.Dv NULL +if an error occurs. +.Pp +.Fn SXNETID_new +and +.Fn d2i_SXNETID +return an +.Vt SXNETID +object or +.Dv NULL +if an error occurs. +.Pp +.Fn i2d_SXNET +and +.Fn i2d_SXNETID +return the number of bytes successfully encoded or a negative value +if an error occurs. +.Sh SEE ALSO +.Xr X509_EXTENSION_new 3 , +.Xr X509_new 3 +.Rs +.%A M. Shuttleworth +.%R The Strong Extranet: real-world personal certification +.%Q Thawte Consulting +.%C South Africa +.%D 1998 +.Re +.Sh HISTORY +These functions first appeared in OpenSSL 0.9.3 +and have been available since +.Ox 2.6 . +.Sh BUGS +This manual page does not explain what the extension actually does +because no authoritative information was found online so far. +.Pp +The only hint was found in an ancient white paper "Securing IBM +Applications with Public Key Infrastructure" on the IBM website, +dated June 13, 2001: "Thawte also has a technology called Strong +Extranet that allows institutions to encode customer information +in the extensions to their customer's certificates. +Because multiple institutions can add information, the user needs +only one certificate, making renewal and revocation simpler, although +the issue of modifying an extension to an existing certificate is +not addressed." +.Pp +It is unclear whether that explanation is accurate, but in any case, +it is not very specific. diff --git a/src/lib/libcrypto/man/TS_REQ_new.3 b/src/lib/libcrypto/man/TS_REQ_new.3 new file mode 100644 index 00000000000..0bd1c4ede68 --- /dev/null +++ b/src/lib/libcrypto/man/TS_REQ_new.3 @@ -0,0 +1,181 @@ +.\" $OpenBSD: TS_REQ_new.3,v 1.5 2018/03/23 04:34:23 schwarze Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt TS_REQ_NEW 3 +.Os +.Sh NAME +.Nm TS_REQ_new , +.Nm TS_REQ_free , +.Nm TS_RESP_new , +.Nm TS_RESP_free , +.Nm TS_STATUS_INFO_new , +.Nm TS_STATUS_INFO_free , +.Nm TS_TST_INFO_new , +.Nm TS_TST_INFO_free , +.Nm TS_ACCURACY_new , +.Nm TS_ACCURACY_free , +.Nm TS_MSG_IMPRINT_new , +.Nm TS_MSG_IMPRINT_free +.Nd X.509 time-stamp protocol +.Sh SYNOPSIS +.In openssl/ts.h +.Ft TS_REQ * +.Fn TS_REQ_new void +.Ft void +.Fn TS_REQ_free "TS_REQ *req" +.Ft TS_RESP * +.Fn TS_RESP_new void +.Ft void +.Fn TS_RESP_free "TS_RESP *resp" +.Ft TS_STATUS_INFO * +.Fn TS_STATUS_INFO_new void +.Ft void +.Fn TS_STATUS_INFO_free "TS_STATUS_INFO *status" +.Ft TS_TST_INFO * +.Fn TS_TST_INFO_new void +.Ft void +.Fn TS_TST_INFO_free "TS_TST_INFO *token" +.Ft TS_ACCURACY * +.Fn TS_ACCURACY_new void +.Ft void +.Fn TS_ACCURACY_free "TS_ACCURACY *accuracy" +.Ft TS_MSG_IMPRINT * +.Fn TS_MSG_IMPRINT_new void +.Ft void +.Fn TS_MSG_IMPRINT_free "TS_MSG_IMPRINT *imprint" +.Sh DESCRIPTION +A time-stamping authority is a trusted third party which allows its +clients to prove that specific data existed at a particular point +in time. +Clients send time-stamping requests to the time-stamping server, +which returns time-stamp tokens to the clients. +.Pp +.Fn TS_REQ_new +allocates and initializes an empty +.Vt TS_REQ +object, representing an ASN.1 +.Vt TimeStampReq +structure defined in RFC 3161 section 2.4.1. +It can hold a hash of the datum to be time-stamped and some +auxiliary, optional information. +.Fn TS_REQ_free +frees +.Fa req . +.Pp +.Fn TS_RESP_new +allocates and initializes an empty +.Vt TS_RESP +object, representing an ASN.1 +.Vt TimeStampResp +structure defined in RFC 3161 section 2.4.2. +It can hold status information and a time-stamp token. +.Fn TS_RESP_free +frees +.Fa resp . +.Pp +.Fn TS_STATUS_INFO_new +allocates and initializes an empty +.Vt TS_STATUS_INFO +object, representing an ASN.1 +.Vt PKIStatusInfo +structure defined in RFC 3161 section 2.4.2. +It is used inside +.Vt TS_RESP +and describes the outcome of one time-stamp request. +.Fn TS_STATUS_INFO_free +frees +.Fa status . +.Pp +.Fn TS_TST_INFO_new +allocates and initializes an empty +.Vt TS_TST_INFO +object, representing an ASN.1 +.Vt TSTInfo +structure defined in RFC 3161 section 2.4.2. +It is the time-stamp token included in a +.Vt TS_RESP +object in case of success, and it can hold the hash of the datum +copied from a request, the time of generation, and some auxiliary +information. +.Fn TS_TST_INFO_free +frees +.Fa token . +.Pp +.Fn TS_ACCURACY_new +allocates and initializes an empty +.Vt TS_ACCURACY +object, representing an ASN.1 +.Vt Accuracy +structure defined in RFC 3161 section 2.4.2. +It can be used inside a +.Vt TS_TST_INFO +object and indicates the maximum error of the time stated in the token. +.Fn TS_ACCURACY_free +frees +.Fa accuracy . +.Pp +.Fn TS_MSG_IMPRINT_new +allocates and initializes an empty +.Vt TS_MSG_IMPRINT +object, representing an ASN.1 +.Vt MessageImprint +structure defined in RFC 3161 section 2.4.1. +It is used inside +.Vt TS_REQ +and +.Vt TS_RESP +objects. +It specifies a hash algorithm and stores the hash value of the datum. +.Fn TS_MSG_IMPRINT_free +frees +.Fa imprint . +.Sh RETURN VALUES +.Fn TS_REQ_new , +.Fn TS_RESP_new , +.Fn TS_STATUS_INFO_new , +.Fn TS_TST_INFO_new , +.Fn TS_ACCURACY_new , +and +.Fn TS_MSG_IMPRINT_new +return the new +.Vt TS_REQ , +.Vt TS_RESP , +.Vt TS_STATUS_INFO , +.Vt TS_TST_INFO , +.Vt TS_ACCURACY , +or +.Vt TS_MSG_IMPRINT +object, respectively, or +.Dv NULL +if an error occurred. +.Sh SEE ALSO +.Xr ACCESS_DESCRIPTION_new 3 , +.Xr ESS_SIGNING_CERT_new 3 +.Sh STANDARDS +RFC 3161: Internet X.509 Public Key Infrastructure Time-Stamp Protocol +.Pp +Note that RFC 3161 has been updated +by RFC 5816: ESSCertIDv2 Update for RFC 3161. +That update allows using the Signing Certificate Attribute Definition +Version 2 according to RFC 5035, but the current implementation +only supports the Signing Certificate Attribute Definition Version +1 according to RFC 2634, and hence only supports RFC 3161, but not +RFC 5816 functionality. +.Sh HISTORY +These functions first appeared in OpenSSL 1.0.0 +and have been available since +.Ox 4.9 . diff --git a/src/lib/libcrypto/man/UI_UTIL_read_pw.3 b/src/lib/libcrypto/man/UI_UTIL_read_pw.3 new file mode 100644 index 00000000000..aa3cefe8dd7 --- /dev/null +++ b/src/lib/libcrypto/man/UI_UTIL_read_pw.3 @@ -0,0 +1,107 @@ +.\" $OpenBSD: UI_UTIL_read_pw.3,v 1.3 2018/03/22 21:08:22 schwarze Exp $ +.\" full merge up to: OpenSSL 23103a52 Jan 12 15:17:42 2017 +0100 +.\" selective merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800 +.\" +.\" This file was written by Richard Levitte . +.\" Copyright (c) 2017 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 22 2018 $ +.Dt UI_UTIL_READ_PW 3 +.Os +.Sh NAME +.Nm UI_UTIL_read_pw , +.Nm UI_UTIL_read_pw_string +.Nd get a password from the user +.Sh SYNOPSIS +.In openssl/ui.h +.Ft int +.Fo UI_UTIL_read_pw_string +.Fa "char *buf" +.Fa "int length" +.Fa "const char *prompt" +.Fa "int verify" +.Fc +.Ft int +.Fo UI_UTIL_read_pw +.Fa "char *buf" +.Fa "char *buff" +.Fa "int size" +.Fa "const char *prompt" +.Fa "int verify" +.Fc +.Sh DESCRIPTION +.Fn UI_UTIL_read_pw_string +asks for a passphrase, using +.Fa prompt +as a prompt, and stores it in +.Fa buf . +The maximum allowed size is given with +.Fa length , +including the terminating NUL byte. +If +.Fa verify +is non-zero, the password will be verified as well. +.Pp +.Fn UI_UTIL_read_pw +does the same as +.Fn UI_UTIL_read_pw_string , +but takes an external buffer +.Fa buff +for the verification passphrase. +.Sh RETURN VALUES +.Fn UI_UTIL_read_pw_string +and +.Fn UI_UTIL_read_pw +return 0 on success or a negative value on error. +.Sh SEE ALSO +.Xr UI_new 3 +.Sh HISTORY +.Fn UI_UTIL_read_pw +and +.Fn UI_UTIL_read_pw_string +first appeared in OpenSSL 0.9.7 and have been available since +.Ox 3.2 . diff --git a/src/lib/libcrypto/man/UI_create_method.3 b/src/lib/libcrypto/man/UI_create_method.3 new file mode 100644 index 00000000000..0c23e24e0ed --- /dev/null +++ b/src/lib/libcrypto/man/UI_create_method.3 @@ -0,0 +1,284 @@ +.\" $OpenBSD: UI_create_method.3,v 1.5 2018/05/19 23:06:33 schwarze Exp $ +.\" OpenSSL UI_create_method.pod 8e3d46e5 Mar 11 10:51:04 2017 +0100 +.\" +.\" This file was written by Richard Levitte . +.\" Copyright (c) 2017 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: May 19 2018 $ +.Dt UI_CREATE_METHOD 3 +.Os +.Sh NAME +.Nm UI_create_method , +.Nm UI_destroy_method , +.Nm UI_method_set_opener , +.Nm UI_method_set_writer , +.Nm UI_method_set_flusher , +.Nm UI_method_set_reader , +.Nm UI_method_set_closer , +.Nm UI_method_set_prompt_constructor , +.Nm UI_method_get_opener , +.Nm UI_method_get_writer , +.Nm UI_method_get_flusher , +.Nm UI_method_get_reader , +.Nm UI_method_get_closer , +.Nm UI_method_get_prompt_constructor +.Nd user interface method creation and destruction +.Sh SYNOPSIS +.In openssl/ui.h +.Ft UI_METHOD * +.Fo UI_create_method +.Fa "const char *name" +.Fc +.Ft void +.Fo UI_destroy_method +.Fa "UI_METHOD *ui_method" +.Fc +.Ft int +.Fo UI_method_set_opener +.Fa "UI_METHOD *method" +.Fa "int (*opener)(UI *ui)" +.Fc +.Ft int +.Fo UI_method_set_writer +.Fa "UI_METHOD *method" +.Fa "int (*writer)(UI *ui, UI_STRING *uis)" +.Fc +.Ft int +.Fo UI_method_set_flusher +.Fa "UI_METHOD *method" +.Fa "int (*flusher)(UI *ui)" +.Fc +.Ft int +.Fo UI_method_set_reader +.Fa "UI_METHOD *method" +.Fa "int (*reader)(UI *ui, UI_STRING *uis)" +.Fc +.Ft int +.Fo UI_method_set_closer +.Fa "UI_METHOD *method" +.Fa "int (*closer)(UI *ui)" +.Fc +.Ft int +.Fo UI_method_set_prompt_constructor +.Fa "UI_METHOD *method" +.Fa "char *(*prompt_constructor)(UI *ui, const char *object_desc,\ + const char *object_name)" +.Fc +.Ft int +.Fo "(*UI_method_get_opener(const UI_METHOD *method))" +.Fa "UI *"; +.Fc +.Ft int +.Fo "(*UI_method_get_writer(const UI_METHOD *method))" +.Fa "UI *" +.Fa "UI_STRING *" +.Fc +.Ft int +.Fo "(*UI_method_get_flusher(const UI_METHOD *method))" +.Fa "UI *" +.Fc +.Ft int +.Fo "(*UI_method_get_reader(const UI_METHOD *method))" +.Fa "UI *" +.Fa "UI_STRING *" +.Fc +.Ft int +.Fo "(*UI_method_get_closer(const UI_METHOD *method))" +.Fa "UI *" +.Fc +.Ft char * +.Fo "(*UI_method_get_prompt_constructor(UI_METHOD *method))" +.Fa "UI *" +.Fa "const char *" +.Fa "const char *" +.Fc +.Sh DESCRIPTION +A method contains a few functions that implement the low level of the +User Interface. +These functions are: +.Bl -tag -width Ds +.It an opener +This function takes a reference to a UI and starts a session, for +example by opening a channel to a tty, or by creating a dialog box. +.It a writer +This function takes a reference to a UI and a UI String, and writes the +string where appropriate, maybe to the tty, maybe added as a field label +in a dialog box. +Note that this gets fed all strings associated with a UI, one after the +other, so care must be taken which ones it actually uses. +.It a flusher +This function takes a reference to a UI, and flushes everything that has +been output so far. +For example, if the method builds up a dialog box, this can be used to +actually display it and accepting input ended with a pressed button. +.It a reader +This function takes a reference to a UI and a UI string and reads off +the given prompt, maybe from the tty, maybe from a field in a dialog +box. +Note that this gets fed all strings associated with a UI, one after the +other, so care must be taken which ones it actually uses. +.It a closer +This function takes a reference to a UI, and closes the session, maybe +by closing the channel to the tty, maybe by destroying a dialog box. +.El +.Pp +All of these functions are expected to return 0 on error, 1 on success, +or -1 on out-off-band events, for example if some prompting has been +cancelled (by pressing Ctrl-C, for example). +Only the flusher or the reader are expected to return -1. +If returned by another of the functions, it's treated as if 0 was returned. +.Pp +Regarding the writer and the reader, don't assume the former should only +write and don't assume the latter should only read. +This depends on the needs of the method. +.Pp +For example, a typical tty reader wouldn't write the prompts in the +write, but would rather do so in the reader, because of the sequential +nature of prompting on a tty. +This is how the +.Xr UI_OpenSSL 3 +method does it. +.Pp +In contrast, a method that builds up a dialog box would add all prompt +text in the writer, have all input read in the flusher and store the +results in some temporary buffer, and finally have the reader just fetch +those results. +.Pp +The central function that uses these method functions is +.Xr UI_process 3 , +and it does it in five steps: +.Bl -enum +.It +Open the session using the opener function if that one is defined. +If an error occurs, jump to 5. +.It +For every UI String associated with the UI, call the writer function if +that one is defined. +If an error occurs, jump to 5. +.It +Flush everything using the flusher function if that one is defined. +If an error occurs, jump to 5. +.It +For every UI String associated with the UI, call the reader function if +that one is defined. +If an error occurs, jump to 5. +.It +Close the session using the closer function if that one is defined. +.El +.Pp +.Fn UI_create_method +creates a new UI method with a given +.Fa name . +.Pp +.Fn UI_destroy_method +destroys the given +.Fa ui_method . +.Pp +.Fn UI_method_set_opener , +.Fn UI_method_set_writer , +.Fn UI_method_set_flusher , +.Fn UI_method_set_reader +and +.Fn UI_method_set_closer +set one of the five main methods to the given function pointer. +.Pp +.Fn UI_method_set_prompt_constructor +sets the prompt constructor, see +.Xr UI_construct_prompt 3 . +.Sh RETURN VALUES +.Fn UI_create_method +returns a +.Vt UI_METHOD +pointer on success or +.Dv NULL +on error. +.Pp +.Fn UI_method_set_opener , +.Fn UI_method_set_writer , +.Fn UI_method_set_flusher , +.Fn UI_method_set_reader , +.Fn UI_method_set_closer , +and +.Fn UI_method_set_prompt_constructor +return 0 on success or -1 if the given method is +.Dv NULL . +.Pp +.Fn UI_method_get_opener , +.Fn UI_method_get_writer , +.Fn UI_method_get_flusher , +.Fn UI_method_get_reader , +.Fn UI_method_get_closer , +and +.Fn UI_method_get_prompt_constructor +return the requested function pointer if it is set in the method, +or otherwise +.Dv NULL . +.Sh SEE ALSO +.Xr UI_get_string_type 3 , +.Xr UI_new 3 +.Sh HISTORY +.Fn UI_create_method , +.Fn UI_destroy_method , +.Fn UI_method_set_opener , +.Fn UI_method_set_writer , +.Fn UI_method_set_flusher , +.Fn UI_method_set_reader , +.Fn UI_method_set_closer , +.Fn UI_method_get_opener , +.Fn UI_method_get_writer , +.Fn UI_method_get_flusher , +.Fn UI_method_get_reader , +and +.Fn UI_method_get_closer +first appeared in OpenSSL 0.9.7 and have been available since +.Ox 3.2 . +.Pp +.Fn UI_method_set_prompt_constructor +and +.Fn UI_method_get_prompt_constructor +first appeared in OpenSSL 1.0.0 and have been available since +.Ox 4.9 . diff --git a/src/lib/libcrypto/man/UI_get_string_type.3 b/src/lib/libcrypto/man/UI_get_string_type.3 new file mode 100644 index 00000000000..bc0449a90e5 --- /dev/null +++ b/src/lib/libcrypto/man/UI_get_string_type.3 @@ -0,0 +1,281 @@ +.\" $OpenBSD: UI_get_string_type.3,v 1.4 2018/03/22 21:08:22 schwarze Exp $ +.\" OpenSSL UI_STRING.pod e9c9971b Jul 1 18:28:50 2017 +0200 +.\" +.\" This file was written by Richard Levitte +.\" Copyright (c) 2017 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 22 2018 $ +.Dt UI_GET_STRING_TYPE 3 +.Os +.Sh NAME +.Nm UI_get_string_type , +.Nm UI_get_input_flags , +.Nm UI_get0_output_string , +.Nm UI_get0_action_string , +.Nm UI_get0_result_string , +.Nm UI_get0_test_string , +.Nm UI_get_result_minsize , +.Nm UI_get_result_maxsize , +.Nm UI_set_result +.Nd OpenSSL user interface string parsing +.Sh SYNOPSIS +.In openssl/ui.h +.Bd -literal +enum UI_string_types { + UIT_NONE = 0, + UIT_PROMPT, /* Prompt for a string */ + UIT_VERIFY, /* Prompt for a string and verify */ + UIT_BOOLEAN, /* Prompt for a yes/no response */ + UIT_INFO, /* Send info to the user */ + UIT_ERROR /* Send an error message to the user */ +}; +.Ed +.Pp +.Ft enum UI_string_types +.Fo UI_get_string_type +.Fa "UI_STRING *uis" +.Fc +.Ft int +.Fo UI_get_input_flags +.Fa "UI_STRING *uis" +.Fc +.Ft const char * +.Fo UI_get0_output_string +.Fa "UI_STRING *uis" +.Fc +.Ft const char * +.Fo UI_get0_action_string +.Fa "UI_STRING *uis" +.Fc +.Ft const char * +.Fo UI_get0_result_string +.Fa "UI_STRING *uis" +.Fc +.Ft const char * +.Fo UI_get0_test_string +.Fa "UI_STRING *uis" +.Fc +.Ft int +.Fo UI_get_result_minsize +.Fa "UI_STRING *uis" +.Fc +.Ft int +.Fo UI_get_result_maxsize +.Fa "UI_STRING *uis" +.Fc +.Ft int +.Fo UI_set_result +.Fa "UI *ui" +.Fa "UI_STRING *uis" +.Fa "const char *result" +.Fc +.Sh DESCRIPTION +A +.Vt UI_STRING +gets created internally and added to a +.Vt UI +object whenever one of the functions +.Xr UI_add_input_string 3 , +.Xr UI_dup_input_string 3 , +.Xr UI_add_verify_string 3 , +.Xr UI_dup_verify_string 3 , +.Xr UI_add_input_boolean 3 , +.Xr UI_dup_input_boolean 3 , +.Xr UI_add_info_string 3 , +.Xr UI_dup_info_string 3 , +.Xr UI_add_error_string 3 +or +.Xr UI_dup_error_string 3 +is called. +For a +.Vt UI_METHOD +user, there's no need to know more. +For a +.Vt UI_METHOD +creator, it is of interest to fetch text from these +.Vt UI_STRING +objects as well as adding results to some of them. +.Pp +.Fn UI_get_string_type +is used to retrieve the type of the given +.Vt UI_STRING . +.Pp +.Fn UI_get_input_flags +is used to retrieve the flags associated with the given +.Vt UI_STRING . +.Pp +.Fn UI_get0_output_string +is used to retrieve the actual string to output (prompt, info, error, ...). +.Pp +.Fn UI_get0_action_string +is used to retrieve the action description associated with a +.Dv UIT_BOOLEAN +type +.Vt UI_STRING . +See +.Xr UI_add_input_boolean 3 . +.Pp +.Fn UI_get0_result_string +is used to retrieve the result of a prompt. +This is only useful for +.Dv UIT_PROMPT +and +.Dv UIT_VERIFY +type strings. +.Pp +.Fn UI_get0_test_string +is used to retrieve the string to compare the prompt result with. +This is only useful for +.Dv UIT_VERIFY +type strings. +.Pp +.Fn UI_get_result_minsize +and +.Fn UI_get_result_maxsize +are used to retrieve the minimum and maximum required size of the +result. +This is only useful for +.Dv UIT_PROMPT +and +.Dv UIT_VERIFY +type strings. +.Pp +.Fn UI_set_result +is used to set the result value of a prompt. +For +.Sy UIT_PROMPT +and +.Sy UIT_VERIFY +type UI strings, this sets the result retrievable with +.Fn UI_get0_result_string +by copying the contents of +.Fa result +if its length fits the minimum and maximum size requirements. +For +.Dv UIT_BOOLEAN +type UI strings, this sets the first character of the result retrievable +with +.Fn UI_get0_result_string +to the first of the +.Fa ok_chars +given with +.Xr UI_add_input_boolean 3 +or +.Xr UI_dup_input_boolean 3 +if the +.Fa result +matched any of them, or the first of the +.Fa cancel_chars +if the +.Fa result +matched any of them, otherwise it's set to the NUL char. +See +.Xr UI_add_input_boolean 3 +for more information on +.Fa ok_chars +and +.Fa cancel_chars . +.Sh RETURN VALUES +.Fn UI_get_string_type +returns the UI string type. +.Pp +.Fn UI_get_input_flags +returns the UI string flags. +.Pp +.Fn UI_get0_output_string +returns the UI string output string. +.Pp +.Fn UI_get0_action_string +returns the UI string action description string for +.Dv UIT_BOOLEAN +type UI strings, or +.Dv NULL +for any other type. +.Pp +.Fn UI_get0_result_string +returns the UI string result buffer for +.Dv UIT_PROMPT +and +.Dv UIT_VERIFY +type UI strings, or +.Dv NULL +for any other type. +.Pp +.Fn UI_get0_test_string +returns the UI string action description string for +.Dv UIT_VERIFY +type UI strings, or +.Dv NULL +for any other type. +.Pp +.Fn UI_get_result_minsize +returns the minimum allowed result size for the UI string for +.Dv UIT_PROMPT +and +.Dv UIT_VERIFY +type strings, or -1 for any other type. +.Pp +.Fn UI_get_result_maxsize +returns the minimum allowed result size for the UI string for +.Dv UIT_PROMPT +and +.Dv UIT_VERIFY +type strings, or -1 for any other type. +.Pp +.Fn UI_set_result +returns 0 on success or when the UI string is of any type other than +.Dv UIT_PROMPT , +.Dv UIT_VERIFY , +or +.Dv UIT_BOOLEAN , +or -1 on error. +.Sh SEE ALSO +.Xr UI_new 3 +.Sh HISTORY +These functions first appeared in OpenSSL 0.9.7 +and have been available since +.Ox 3.2 . diff --git a/src/lib/libcrypto/man/UI_new.3 b/src/lib/libcrypto/man/UI_new.3 new file mode 100644 index 00000000000..86a2581c99e --- /dev/null +++ b/src/lib/libcrypto/man/UI_new.3 @@ -0,0 +1,514 @@ +.\" $OpenBSD: UI_new.3,v 1.8 2018/03/22 21:08:22 schwarze Exp $ +.\" full merge up to: OpenSSL 78b19e90 Jan 11 00:12:01 2017 +0100 +.\" selective merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800 +.\" +.\" This file was written by Richard Levitte . +.\" Copyright (c) 2001, 2016, 2017 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 22 2018 $ +.Dt UI_NEW 3 +.Os +.Sh NAME +.Nm UI_new , +.Nm UI_new_method , +.Nm UI_free , +.Nm UI_add_input_string , +.Nm UI_dup_input_string , +.Nm UI_add_verify_string , +.Nm UI_dup_verify_string , +.Nm UI_add_input_boolean , +.Nm UI_dup_input_boolean , +.Nm UI_add_info_string , +.Nm UI_dup_info_string , +.Nm UI_add_error_string , +.Nm UI_dup_error_string , +.Nm UI_construct_prompt , +.Nm UI_add_user_data , +.Nm UI_get0_user_data , +.Nm UI_get0_result , +.Nm UI_process , +.Nm UI_ctrl , +.Nm UI_set_default_method , +.Nm UI_get_default_method , +.Nm UI_get_method , +.Nm UI_set_method , +.Nm UI_OpenSSL +.Nd New User Interface +.Sh SYNOPSIS +.In openssl/ui.h +.Ft UI * +.Fn UI_new void +.Ft UI * +.Fo UI_new_method +.Fa "const UI_METHOD *method" +.Fc +.Ft void +.Fo UI_free +.Fa "UI *ui" +.Fc +.Ft int +.Fo UI_add_input_string +.Fa "UI *ui" +.Fa "const char *prompt" +.Fa "int flags" +.Fa "char *result_buf" +.Fa "int minsize" +.Fa "int maxsize" +.Fc +.Ft int +.Fo UI_dup_input_string +.Fa "UI *ui" +.Fa "const char *prompt" +.Fa "int flags" +.Fa "char *result_buf" +.Fa "int minsize" +.Fa "int maxsize" +.Fc +.Ft int +.Fo UI_add_verify_string +.Fa "UI *ui" +.Fa "const char *prompt" +.Fa "int flags" +.Fa "char *result_buf" +.Fa "int minsize" +.Fa "int maxsize" +.Fa "const char *test_buf" +.Fc +.Ft int +.Fo UI_dup_verify_string +.Fa "UI *ui" +.Fa "const char *prompt" +.Fa "int flags" +.Fa "char *result_buf" +.Fa "int minsize" +.Fa "int maxsize" +.Fa "const char *test_buf" +.Fc +.Ft int +.Fo UI_add_input_boolean +.Fa "UI *ui" +.Fa "const char *prompt" +.Fa "const char *action_desc" +.Fa "const char *ok_chars" +.Fa "const char *cancel_chars" +.Fa "int flags" +.Fa "char *result_buf" +.Fc +.Ft int +.Fo UI_dup_input_boolean +.Fa "UI *ui" +.Fa "const char *prompt" +.Fa "const char *action_desc" +.Fa "const char *ok_chars" +.Fa "const char *cancel_chars" +.Fa "int flags" +.Fa "char *result_buf" +.Fc +.Ft int +.Fo UI_add_info_string +.Fa "UI *ui" +.Fa "const char *text" +.Fc +.Ft int +.Fo UI_dup_info_string +.Fa "UI *ui" +.Fa "const char *text" +.Fc +.Ft int +.Fo UI_add_error_string +.Fa "UI *ui" +.Fa "const char *text" +.Fc +.Ft int +.Fo UI_dup_error_string +.Fa "UI *ui" +.Fa "const char *text" +.Fc +.Fd /* These are the possible flags. They can be OR'ed together. */ +.Fd #define UI_INPUT_FLAG_ECHO 0x01 +.Fd #define UI_INPUT_FLAG_DEFAULT_PWD 0x02 +.Ft char * +.Fo UI_construct_prompt +.Fa "UI *ui_method" +.Fa "const char *object_desc" +.Fa "const char *object_name" +.Fc +.Ft void * +.Fo UI_add_user_data +.Fa "UI *ui" +.Fa "void *user_data" +.Fc +.Ft void * +.Fo UI_get0_user_data +.Fa "UI *ui" +.Fc +.Ft const char * +.Fo UI_get0_result +.Fa "UI *ui" +.Fa "int i" +.Fc +.Ft int +.Fo UI_process +.Fa "UI *ui" +.Fc +.Ft int +.Fo UI_ctrl +.Fa "UI *ui" +.Fa "int cmd" +.Fa "long i" +.Fa "void *p" +.Fa "void (*f)()" +.Fc +.Fd #define UI_CTRL_PRINT_ERRORS 1 +.Fd #define UI_CTRL_IS_REDOABLE 2 +.Ft void +.Fo UI_set_default_method +.Fa "const UI_METHOD *meth" +.Fc +.Ft const UI_METHOD * +.Fo UI_get_default_method +.Fa void +.Fc +.Ft const UI_METHOD * +.Fo UI_get_method +.Fa "UI *ui" +.Fc +.Ft const UI_METHOD * +.Fo UI_set_method +.Fa "UI *ui" +.Fa "const UI_METHOD *meth" +.Fc +.Ft UI_METHOD * +.Fo UI_OpenSSL +.Fa void +.Fc +.Sh DESCRIPTION +UI stands for User Interface, and is a general purpose set of routines +to prompt the user for text-based information. +Through user-written methods (see +.Xr UI_create_method 3 ) , +prompting can be done in any way imaginable, be it plain text prompting, +through dialog boxes or from a cell phone. +.Pp +All the functions work through a context of the type +.Vt UI . +This context contains all the information needed to prompt correctly +as well as a reference to a +.Vt UI_METHOD , +which is an ordered vector of functions that carry out the actual +prompting. +.Pp +The first thing to do is to create a +.Vt UI +with +.Fn UI_new +or +.Fn UI_new_method , +then add information to it with the +.Fn UI_add_* +or +.Fn UI_dup_* +functions. +Also, user-defined random data can be passed down to the underlying +method through calls to +.Fn UI_add_user_data . +The default UI method doesn't care about these data, but other methods +might. +Finally, use +.Fn UI_process +to actually perform the prompting and +.Fn UI_get0_result +to find the result to the prompt. +.Pp +A +.Vt UI +can contain more than one prompt, which are performed in the given +sequence. +Each prompt gets an index number which is returned by the +.Fn UI_add_* +and +.Fn UI_dup_* +functions, and has to be used to get the corresponding result with +.Fn UI_get0_result . +.Pp +The functions are as follows: +.Pp +.Fn UI_new +creates a new +.Vt UI +using the default UI method. +When done with this UI, it should be freed using +.Fn UI_free . +.Pp +.Fn UI_new_method +creates a new +.Vt UI +using the given UI method. +When done with this UI, it should be freed using +.Fn UI_free . +.Pp +.Fn UI_OpenSSL +returns the built-in UI method (note: not necessarily the default one, +since the default can be changed. +See further on). +This method is the most machine/OS dependent part of OpenSSL and +normally generates the most problems when porting. +.Pp +.Fn UI_free +removes +.Fa ui +from memory, along with all other pieces of memory that are connected +to it, like duplicated input strings, results and others. +If +.Fa ui +is a +.Dv NULL +pointer, no action occurs. +.Pp +.Fn UI_add_input_string +and +.Fn UI_add_verify_string +add a prompt to +.Fa ui , +as well as flags and a result buffer and the desired minimum and +maximum sizes of the result, not counting the final NUL character. +The given information is used to prompt for information, for example +a password, and to verify a password (i.e. having the user enter +it twice and check that the same string was entered twice). +.Fn UI_add_verify_string +takes an extra argument that should be a pointer to the result buffer +of the input string that it's supposed to verify, or verification will +fail. +.Pp +.Fn UI_add_input_boolean +adds a prompt to +.Fa ui +that's supposed to be answered in a boolean way, with a single +character for yes and a different character for no. +A set of characters that can be used to cancel the prompt is given as +well. +The prompt itself is really divided in two, one part being the +descriptive text (given through the +.Fa prompt +argument) and one describing the possible answers (given through the +.Fa action_desc +argument). +.Pp +.Fn UI_add_info_string +and +.Fn UI_add_error_string +add strings that are shown at the same time as the prompt for extra +information or to show an error string. +The difference between the two is only conceptual. +With the builtin method, there's no technical difference between them. +Other methods may make a difference between them, however. +.Pp +The flags currently supported are +.Dv UI_INPUT_FLAG_ECHO , +which is relevant for +.Fn UI_add_input_string +and will have the users response be echoed (when prompting for a +password, this flag should obviously not be used), and +.Dv UI_INPUT_FLAG_DEFAULT_PWD , +which means that a default password of some sort will be used +(completely depending on the application and the UI method). +.Pp +.Fn UI_dup_input_string , +.Fn UI_dup_verify_string , +.Fn UI_dup_input_boolean , +.Fn UI_dup_info_string , +and +.Fn UI_dup_error_string +are basically the same as their +.Fn UI_add_* +counterparts, except that they make their own copies of all strings. +.Pp +.Fn UI_construct_prompt +is a helper function that can be used to create a prompt from two pieces +of information: a description and a name. +The default constructor (if there is none provided by the method used) +creates a string "Enter +.Em description +for +.Em name Ns :". +With the description "pass phrase" and the file name "foo.key", that +becomes "Enter pass phrase for foo.key:". Other methods may create +whatever string and may include encodings that will be processed by the +other method functions. +.Pp +.Fn UI_add_user_data +adds a user data pointer for the method to use at any time. +The builtin UI method doesn't care about this info. +Note that several calls to this function doesn't add data - +the previous blob is replaced with the one given as argument. +.Pp +.Fn UI_get0_user_data +retrieves the data that has last been given to the +.Fa ui +with +.Fn UI_add_user_data . +.Pp +.Fn UI_get0_result +returns a pointer to the result buffer associated with the information +indexed by +.Fa i . +.Pp +.Fn UI_process +goes through the information given so far, does all the printing and +prompting and returns the final status, which is -2 on out-of-band +events (Interrupt, Cancel, ...), -1 on error, or 0 on success. +.Pp +.Fn UI_ctrl +adds extra control for the application author. +For now, it understands two commands: +.Dv UI_CTRL_PRINT_ERRORS , +which makes +.Fn UI_process +print the OpenSSL error stack as part of processing the +.Fa ui , +and +.Dv UI_CTRL_IS_REDOABLE , +which returns a flag saying if the used +.Fa ui +can be used again or not. +.Pp +.Fn UI_set_default_method +changes the default UI method to the one given. +This function is not thread-safe and should not be called at the +same time as other OpenSSL functions. +.Pp +.Fn UI_get_default_method +returns a pointer to the current default UI method. +.Pp +.Fn UI_get_method +returns the UI method associated with a given +.Fa ui . +.Pp +.Fn UI_set_method +changes the UI method associated with a given +.Fa ui . +.Sh RETURN VALUES +.Fn UI_new +and +.Fn UI_new_method +return a valid +.Vt UI +structure or +.Dv NULL +if an error occurred. +.Pp +.Fn UI_add_input_string , +.Fn UI_dup_input_string , +.Fn UI_add_verify_string , +.Fn UI_dup_verify_string , +.Fn UI_add_input_boolean , +.Fn UI_dup_input_boolean , +.Fn UI_add_info_string , +.Fn UI_dup_info_string , +.Fn UI_add_error_string , +and +.Fn UI_dup_error_string +return a positive number on success or a number +less than or equal to zero otherwise. +.Pp +.Fn UI_construct_prompt +and +.Fn UI_get0_result +return a string or +.Dv NULL +if an error occurred. +.Pp +.Fn UI_add_user_data +and +.Fn UI_get0_user_data +return a pointer to the user data that was contained in +.Fa ui +before the call. +In particular, +.Dv NULL +is a valid return value. +.Pp +.Fn UI_process +returns 0 on success or a negative value on error. +.Pp +.Fn UI_ctrl +returns a mask on success or \-1 on error. +.Pp +.Fn UI_get_default_method +and +.Fn UI_OpenSSL +always return a pointer to a valid +.Vt UI_METHOD +structure. +.Pp +.Fn UI_get_method +and +.Fn UI_set_method +return a pointer to the +.Vt UI_METHOD +structure that is installed in +.Fa ui +after the call. +The OpenSSL documentation says that they can fail and return +.Dv NULL , +but currently, this can only happen when and after +.Fn UI_set_method +is called with an explicit +.Dv NULL +argument. +.Sh SEE ALSO +.Xr des_read_pw 3 , +.Xr UI_create_method 3 , +.Xr UI_get_string_type 3 , +.Xr UI_UTIL_read_pw 3 +.Sh HISTORY +These functions first appeared in OpenSSL 0.9.7 +and have been available since +.Ox 3.2 . +.Sh AUTHORS +.An Richard Levitte Aq Mt richard@levitte.org +for the OpenSSL project. diff --git a/src/lib/libcrypto/man/X25519.3 b/src/lib/libcrypto/man/X25519.3 new file mode 100644 index 00000000000..13f013e8a26 --- /dev/null +++ b/src/lib/libcrypto/man/X25519.3 @@ -0,0 +1,100 @@ +.\" $OpenBSD: X25519.3,v 1.4 2018/08/10 17:28:48 jsing Exp $ +.\" contains some text from: BoringSSL curve25519.h, curve25519.c +.\" content also checked up to: OpenSSL f929439f Mar 15 12:19:16 2018 +0000 +.\" +.\" Copyright (c) 2015 Google Inc. +.\" Copyright (c) 2018 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and/or distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: August 10 2018 $ +.Dt X25519 3 +.Os +.Sh NAME +.Nm X25519 , +.Nm X25519_keypair +.Nd Elliptic Curve Diffie-Hellman primitive based on Curve25519 +.Sh SYNOPSIS +.In openssl/curve25519.h +.Ft int +.Fo X25519 +.Fa "uint8_t out_shared_key[X25519_KEY_LENGTH]" +.Fa "const uint8_t private_key[X25519_KEY_LENGTH]" +.Fa "const uint8_t peer_public_value[X25519_KEY_LENGTH]" +.Fc +.Ft void +.Fo X25519_keypair +.Fa "uint8_t out_public_value[X25519_KEY_LENGTH]" +.Fa "uint8_t out_private_key[X25519_KEY_LENGTH]" +.Fc +.Sh DESCRIPTION +Curve25519 is an elliptic curve over a prime field specified in RFC 7748. +The prime field is defined by the prime number 2^255 - 19. +.Pp +.Fn X25519 +is the Diffie-Hellman primitive built from Curve25519 as described +in RFC 7748 section 5. +Section 6.1 describes the intended use in an Elliptic Curve Diffie-Hellman +(ECDH) protocol. +.Pp +.Fn X25519 +writes a shared key to +.Fa out_shared_key +that is calculated from the given +.Fa private_key +and the +.Fa peer_public_value +by scalar multiplication. +Do not use the shared key directly, rather use a key derivation +function and also include the two public values as inputs. +.Pp +.Fn X25519_keypair +sets +.Fa out_public_value +and +.Fa out_private_key +to a freshly generated public/private key pair. +First, the +.Fa out_private_key +is generated with +.Xr arc4random_buf 3 . +Then, the opposite of the masking described in RFC 7748 section 5 +is applied to it to make sure that the generated private key is never +correctly masked. +The purpose is to cause incorrect implementations on the peer side +to consistently fail. +Correct implementations will decode the key correctly even when it is +not correctly masked. +Finally, the +.Fa out_public_value +is calculated from the +.Fa out_private_key +by multiplying it with the Montgomery base point +.Vt uint8_t u[32] No = Brq 9 . +.Pp +The size of a public and private key is +.Dv X25519_KEY_LENGTH No = 32 +bytes each. +.Sh RETURN VALUES +.Fn X25519 +returns 1 on success or 0 on error. +Failure can occur when the input is a point of small order. +.Sh SEE ALSO +.Rs +.%A D. J. Bernstein +.%R A state-of-the-art Diffie-Hellman function:\ + How do I use Curve25519 in my own software? +.%U http://cr.yp.to/ecdh.html +.Re +.Sh STANDARDS +RFC 7748: Elliptic Curves for Security diff --git a/src/lib/libcrypto/man/X509V3_get_d2i.3 b/src/lib/libcrypto/man/X509V3_get_d2i.3 new file mode 100644 index 00000000000..91883669d81 --- /dev/null +++ b/src/lib/libcrypto/man/X509V3_get_d2i.3 @@ -0,0 +1,437 @@ +.\" $OpenBSD: X509V3_get_d2i.3,v 1.14 2018/03/23 23:18:17 schwarze Exp $ +.\" full merge up to: OpenSSL ff7fbfd5 Nov 2 11:52:01 2015 +0000 +.\" selective merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2014, 2015, 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt X509V3_GET_D2I 3 +.Os +.Sh NAME +.Nm X509V3_get_d2i , +.Nm X509V3_add1_i2d , +.Nm X509V3_EXT_d2i , +.Nm X509V3_EXT_i2d , +.Nm X509_get_ext_d2i , +.Nm X509_add1_ext_i2d , +.Nm X509_CRL_get_ext_d2i , +.Nm X509_CRL_add1_ext_i2d , +.Nm X509_REVOKED_get_ext_d2i , +.Nm X509_REVOKED_add1_ext_i2d , +.Nm X509_get0_extensions , +.Nm X509_CRL_get0_extensions , +.Nm X509_REVOKED_get0_extensions +.Nd X509 extension decode and encode functions +.Sh SYNOPSIS +.In openssl/x509v3.h +.Ft void * +.Fo X509V3_get_d2i +.Fa "const STACK_OF(X509_EXTENSION) *x" +.Fa "int nid" +.Fa "int *crit" +.Fa "int *idx" +.Fc +.Ft int +.Fo X509V3_add1_i2d +.Fa "STACK_OF(X509_EXTENSION) **x" +.Fa "int nid" +.Fa "void *value" +.Fa "int crit" +.Fa "unsigned long flags" +.Fc +.Ft void * +.Fo X509V3_EXT_d2i +.Fa "X509_EXTENSION *ext" +.Fc +.Ft X509_EXTENSION * +.Fo X509V3_EXT_i2d +.Fa "int ext_nid" +.Fa "int crit" +.Fa "void *ext" +.Fc +.Ft void * +.Fo X509_get_ext_d2i +.Fa "const X509 *x" +.Fa "int nid" +.Fa "int *crit" +.Fa "int *idx" +.Fc +.Ft int +.Fo X509_add1_ext_i2d +.Fa "X509 *x" +.Fa "int nid" +.Fa "void *value" +.Fa "int crit" +.Fa "unsigned long flags" +.Fc +.Ft void * +.Fo X509_CRL_get_ext_d2i +.Fa "const X509_CRL *crl" +.Fa "int nid" +.Fa "int *crit" +.Fa "int *idx" +.Fc +.Ft int +.Fo X509_CRL_add1_ext_i2d +.Fa "X509_CRL *crl" +.Fa "int nid" +.Fa "void *value" +.Fa "int crit" +.Fa "unsigned long flags" +.Fc +.Ft void * +.Fo X509_REVOKED_get_ext_d2i +.Fa "const X509_REVOKED *r" +.Fa "int nid" +.Fa "int *crit" +.Fa "int *idx" +.Fc +.Ft int +.Fo X509_REVOKED_add1_ext_i2d +.Fa "X509_REVOKED *r" +.Fa "int nid" +.Fa "void *value" +.Fa "int crit" +.Fa "unsigned long flags" +.Fc +.Ft const STACK_OF(X509_EXTENSION) * +.Fo X509_get0_extensions +.Fa "const X509 *x" +.Fc +.Ft const STACK_OF(X509_EXTENSION) * +.Fo X509_CRL_get0_extensions +.Fa "const X509_CRL *crl" +.Fc +.Ft const STACK_OF(X509_EXTENSION) * +.Fo X509_REVOKED_get0_extensions +.Fa "const X509_REVOKED *r" +.Fc +.Sh DESCRIPTION +.Fn X509V3_get_d2i +looks for an extension with OID +.Fa nid +in the extensions +.Fa x +and, if found, decodes it. +If +.Fa idx +is +.Dv NULL , +then only one occurrence of an extension is permissible. +Otherwise the first extension after index +.Pf * Fa idx +is returned and +.Pf * Fa idx +is updated to the location of the extension. +If +.Fa crit +is not +.Dv NULL , +then +.Pf * Fa crit +is set to a status value: -2 if the extension occurs multiple times +(this is only returned if +.Fa idx +is +.Dv NULL ) , +-1 if the extension could not be found, 0 if the extension is found +and is not critical, and 1 if it is critical. +A pointer to an extension specific structure or +.Dv NULL +is returned. +.Pp +.Fn X509V3_add1_i2d +adds extension +.Fa value +to STACK +.Pf * Fa x +(allocating a new STACK if necessary) using OID +.Fa nid +and criticality +.Fa crit +according to +.Fa flags . +.Pp +.Fn X509V3_EXT_d2i +attempts to decode the ASN.1 data contained in extension +.Fa ext +and returns a pointer to an extension specific structure or +.Dv NULL +if the extension could not be decoded (invalid syntax or not supported). +.Pp +.Fn X509V3_EXT_i2d +encodes the extension specific structure +.Fa ext +with OID +.Fa ext_nid +and criticality +.Fa crit . +.Pp +.Fn X509_get_ext_d2i +and +.Fn X509_add1_ext_i2d +operate on the extensions of certificate +.Fa x , +and are otherwise identical to +.Fn X509V3_get_d2i +and +.Fn X509V3_add1_i2d . +.Pp +.Fn X509_CRL_get_ext_d2i +and +.Fn X509_CRL_add1_ext_i2d +operate on the extensions of CRL +.Fa crl , +and are otherwise identical to +.Fn X509V3_get_d2i +and +.Fn X509V3_add1_i2d . +.Pp +.Fn X509_REVOKED_get_ext_d2i +and +.Fn X509_REVOKED_add1_ext_i2d +operate on the extensions of the +.Vt X509_REVOKED +structure +.Fa r +(i.e. for CRL entry extensions), and are otherwise identical to +.Fn X509V3_get_d2i +and +.Fn X509V3_add1_i2d . +.Pp +.Fn X509_get0_extensions , +.Fn X509_CRL_get0_extensions , +and +.Fn X509_REVOKED_get0_extensions +return a stack of all the extensions of a certificate, a CRL, +or a CRL entry, respectively. +.Pp +In almost all cases an extension can occur at most once and multiple +occurrences is an error. +Therefore the +.Fa idx +parameter is usually +.Dv NULL . +.Pp +The +.Fa flags +parameter may be one of the following values. +.Pp +.Dv X509V3_ADD_DEFAULT +appends a new extension only if the extension does not already exist. +An error is returned if the extension does already exist. +.Pp +.Dv X509V3_ADD_APPEND +appends a new extension, ignoring whether the extension already exists. +.Pp +.Dv X509V3_ADD_REPLACE +replaces an extension if it exists otherwise appends a new extension. +.Pp +.Dv X509V3_ADD_REPLACE_EXISTING +replaces an existing extension if it exists otherwise returns an error. +.Pp +.Dv X509V3_ADD_KEEP_EXISTING +appends a new extension only if the extension does not already exist. +An error +.Sy is not +returned if the extension does already exist. +.Pp +.Dv X509V3_ADD_DELETE +deletes extension +.Fa nid . +No new extension is added. +.Pp +If +.Dv X509V3_ADD_SILENT +is OR'd with +.Fa flags , +any error returned will not be added to the error queue. +.Pp +The function +.Fn X509V3_get_d2i +will return +.Dv NULL +if the extension is not found, occurs multiple times or cannot be +decoded. +It is possible to determine the precise reason by checking the value of +.Pf * Fa crit . +.Sh SUPPORTED EXTENSIONS +The following sections contain a list of all supported extensions +including their name and NID. +.Ss PKIX Certificate Extensions +The following certificate extensions are defined in PKIX standards such +as RFC 5280. +.Bl -column 30n 30n +.It Basic Constraints Ta Dv NID_basic_constraints +.It Key Usage Ta Dv NID_key_usage +.It Extended Key Usage Ta Dv NID_ext_key_usage +.It Subject Key Identifier Ta Dv NID_subject_key_identifier +.It Authority Key Identifier Ta Dv NID_authority_key_identifier +.It Private Key Usage Period Ta Dv NID_private_key_usage_period +.It Subject Alternative Name Ta Dv NID_subject_alt_name +.It Issuer Alternative Name Ta Dv NID_issuer_alt_name +.It Authority Information Access Ta Dv NID_info_access +.It Subject Information Access Ta Dv NID_sinfo_access +.It Name Constraints Ta Dv NID_name_constraints +.It Certificate Policies Ta Dv NID_certificate_policies +.It Policy Mappings Ta Dv NID_policy_mappings +.It Policy Constraints Ta Dv NID_policy_constraints +.It Inhibit Any Policy Ta Dv NID_inhibit_any_policy +.El +.Ss Netscape Certificate Extensions +The following are (largely obsolete) Netscape certificate extensions. +.Bl -column 30n 30n +.It Netscape Cert Type Ta Dv NID_netscape_cert_type +.It Netscape Base Url Ta Dv NID_netscape_base_url +.It Netscape Revocation Url Ta Dv NID_netscape_revocation_url +.It Netscape CA Revocation Url Ta Dv NID_netscape_ca_revocation_url +.It Netscape Renewal Url Ta Dv NID_netscape_renewal_url +.It Netscape CA Policy Url Ta Dv NID_netscape_ca_policy_url +.It Netscape SSL Server Name Ta Dv NID_netscape_ssl_server_name +.It Netscape Comment Ta Dv NID_netscape_comment +.El +.Ss Miscellaneous Certificate Extensions +.Bl -column 30n 30n +.It Strong Extranet ID Ta Dv NID_sxnet +.It Proxy Certificate Information Ta Dv NID_proxyCertInfo +.El +.Ss PKIX CRL Extensions +The following are CRL extensions from PKIX standards such as RFC 5280. +.Bl -column 30n 30n +.It CRL Number Ta Dv NID_crl_number +.It CRL Distribution Points Ta Dv NID_crl_distribution_points +.It Delta CRL Indicator Ta Dv NID_delta_crl +.It Freshest CRL Ta Dv NID_freshest_crl +.It Invalidity Date Ta Dv NID_invalidity_date +.It Issuing Distribution Point Ta Dv NID_issuing_distribution_point +.El +.Pp +The following are CRL entry extensions from PKIX standards such as +RFC 5280. +.Bl -column 30n 30n +.It CRL Reason Code Ta Dv NID_crl_reason +.It Certificate Issuer Ta Dv NID_certificate_issuer +.El +.Ss OCSP Extensions +.Bl -column 30n 30n +.It OCSP Nonce Ta Dv NID_id_pkix_OCSP_Nonce +.It OCSP CRL ID Ta Dv NID_id_pkix_OCSP_CrlID +.It Acceptable OCSP Responses Ta Dv NID_id_pkix_OCSP_acceptableResponses +.It OCSP No Check Ta Dv NID_id_pkix_OCSP_noCheck +.It OCSP Archive Cutoff Ta Dv NID_id_pkix_OCSP_archiveCutoff +.It OCSP Service Locator Ta Dv NID_id_pkix_OCSP_serviceLocator +.It Hold Instruction Code Ta Dv NID_hold_instruction_code +.El +.Sh RETURN VALUES +.Fn X509V3_get_d2i +and +.Fn X509V3_EXT_d2i +return a pointer to an extension specific structure or +.Dv NULL +if an error occurs. +.Pp +.Fn X509V3_EXT_i2d +returns a pointer to an +.Vt X509_EXTENSION +structure or +.Dv NULL +if an error occurs. +.Pp +.Fn X509V3_add1_i2d +returns 1 if the operation is successful, 0 if it fails due to a +non-fatal error (extension not found, already exists, cannot be encoded), +or -1 due to a fatal error such as a memory allocation failure. +.Pp +.Fn X509_get0_extensions , +.Fn X509_CRL_get0_extensions , +and +.Fn X509_REVOKED_get0_extensions +return a stack of extensions, or +.Dv NULL +if no extensions are present. +.Sh SEE ALSO +.Xr d2i_X509 3 , +.Xr d2i_X509_EXTENSION 3 , +.Xr ERR_get_error 3 , +.Xr X509_CRL_get0_by_serial 3 , +.Xr X509_EXTENSION_new 3 , +.Xr X509_get_pubkey 3 , +.Xr X509_get_subject_name 3 , +.Xr X509_get_version 3 , +.Xr X509_new 3 , +.Xr X509_REVOKED_new 3 +.Sh HISTORY +.Fn X509V3_EXT_d2i +first appeared in OpenSSL 0.9.2b. +.Fn X509V3_EXT_i2d +first appeared in OpenSSL 0.9.3. +Both functions have been available since +.Ox 2.6 . +.Pp +.Fn X509V3_get_d2i , +.Fn X509_get_ext_d2i , +.Fn X509_CRL_get_ext_d2i , +and +.Fn X509_REVOKED_get_ext_d2i +first appeared in OpenSSL 0.9.5 and have been available since +.Ox 2.7 . +.Pp +.Fn X509V3_add1_i2d , +.Fn X509_add1_ext_i2d , +.Fn X509_CRL_add1_ext_i2d , +and +.Fn X509_REVOKED_add1_ext_i2d +first appeared in OpenSSL 0.9.7 and have been available since +.Ox 3.2 . +.Pp +.Fn X509_get0_extensions , +.Fn X509_CRL_get0_extensions , +and +.Fn X509_REVOKED_get0_extensions +first appeared in OpenSSL 1.1.0 and have been available since +.Ox 6.3 . diff --git a/src/lib/libcrypto/man/X509_ALGOR_dup.3 b/src/lib/libcrypto/man/X509_ALGOR_dup.3 new file mode 100644 index 00000000000..5a2b7a46041 --- /dev/null +++ b/src/lib/libcrypto/man/X509_ALGOR_dup.3 @@ -0,0 +1,239 @@ +.\" $OpenBSD: X509_ALGOR_dup.3,v 1.13 2018/05/01 19:42:58 schwarze Exp $ +.\" OpenSSL 4692340e Jun 7 15:49:08 2016 -0400 +.\" +.\" This file is a derived work. +.\" The changes are covered by the following Copyright and license: +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" The original file was written by Dr. Stephen Henson . +.\" Copyright (c) 2002, 2015 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: May 1 2018 $ +.Dt X509_ALGOR_DUP 3 +.Os +.Sh NAME +.Nm X509_ALGOR_new , +.Nm X509_ALGOR_free , +.Nm X509_ALGOR_dup , +.Nm X509_ALGOR_set0 , +.Nm X509_ALGOR_get0 , +.Nm X509_ALGOR_set_md , +.Nm X509_ALGOR_cmp +.Nd create, change, and inspect algorithm identifiers +.Sh SYNOPSIS +.In openssl/x509.h +.Ft X509_ALGOR * +.Fn X509_ALGOR_new void +.Ft void +.Fn X509_ALGOR_free "X509_ALGOR *alg" +.Ft X509_ALGOR * +.Fo X509_ALGOR_dup +.Fa "X509_ALGOR *alg" +.Fc +.Ft int +.Fo X509_ALGOR_set0 +.Fa "X509_ALGOR *alg" +.Fa "ASN1_OBJECT *aobj" +.Fa "int ptype" +.Fa "void *pval" +.Fc +.Ft void +.Fo X509_ALGOR_get0 +.Fa "const ASN1_OBJECT **paobj" +.Fa "int *pptype" +.Fa "const void **ppval" +.Fa "const X509_ALGOR *alg" +.Fc +.Ft void +.Fo X509_ALGOR_set_md +.Fa "X509_ALGOR *alg" +.Fa "const EVP_MD *md" +.Fc +.Ft int +.Fo X509_ALGOR_cmp +.Fa "const X509_ALGOR *a" +.Fa "const X509_ALGOR *b" +.Fc +.Sh DESCRIPTION +.Fn X509_ALGOR_new +allocates and initializes an empty +.Vt X509_ALGOR +object, representing an ASN.1 +.Vt AlgorithmIdentifier +structure defined in RFC 5280 section 4.1.1.2. +Such objects can specify a cryptographic algorithm together +with algorithm-specific parameters. +They are used by many other objects, for example certificates, +certificate revocation lists, and certificate requests. +.Pp +.Fn X509_ALGOR_free +frees +.Fa alg . +.Pp +.Fn X509_ALGOR_dup +copies +.Fa alg +by calling +.Xr i2d_X509_ALGOR 3 +and +.Xr d2i_X509_ALGOR 3 . +.Pp +.Fn X509_ALGOR_set0 +sets the algorithm OID of +.Fa alg +to +.Fa aobj +and the associated parameter type to +.Fa ptype +with value +.Fa pval . +If +.Fa ptype +is +.Dv V_ASN1_UNDEF +the parameter is omitted, otherwise +.Fa ptype +and +.Fa pval +have the same meaning as the +.Fa type +and +.Fa value +parameters to +.Xr ASN1_TYPE_set 3 . +All the supplied parameters are used internally so must +.Sy NOT +be freed after this call. +.Pp +.Fn X509_ALGOR_get0 +is the inverse of +.Fn X509_ALGOR_set0 : +it returns the algorithm OID in +.Pf * Fa paobj +and the associated parameter in +.Pf * Fa pptype +and +.Pf * Fa ppval +from +.Fa alg . +.Pp +.Fn X509_ALGOR_set_md +sets +.Fa alg +to appropriate values for the message digest +.Fa md . +.Pp +.Fn X509_ALGOR_cmp +compares +.Fa a +and +.Fa b . +.Sh RETURN VALUES +.Fn X509_ALGOR_new +and +.Fn X509_ALGOR_dup +return a new +.Vt X509_ALGOR +object or +.Dv NULL +if an error occurs. +.Pp +.Fn X509_ALGOR_set0 +returns 1 for success or 0 for failure. +.Pp +.Fn X509_ALGOR_cmp +returns 0 if +.Fa a +and +.Fa b +have identical encodings or non-zero otherwise. +.Sh SEE ALSO +.Xr ASN1_TYPE_set 3 , +.Xr d2i_X509_ALGOR 3 , +.Xr X509_get0_signature 3 , +.Xr X509_PUBKEY_get0_param 3 +.Sh STANDARDS +RFC 5280: Internet X.509 Public Key Infrastructure Certificate and +Certificate Revocation List (CRL) Profile +.Sh HISTORY +.Fn X509_ALGOR_new +and +.Fn X509_ALGOR_free +appeared in SSLeay 0.4 or earlier and have been available since +.Ox 2.4 . +.Pp +.Fn X509_ALGOR_dup +first appeared in SSLeay 0.9.1 and has been avialable since +.Ox 2.6 . +.Pp +.Fn X509_ALGOR_set0 +and +.Fn X509_ALGOR_get0 +first appeared in OpenSSL 0.9.8h and have been available since +.Ox 4.5 . +.Pp +.Fn X509_ALGOR_cmp +first appeared in OpenSSL 0.9.8zd, 1.0.0p, and 1.0.1k +and has been available since +.Ox 4.9 . +.Pp +.Fn X509_ALGOR_set_md +first appeared in OpenSSL 1.0.1 and has been available since +.Ox 5.3 . diff --git a/src/lib/libcrypto/man/X509_ATTRIBUTE_new.3 b/src/lib/libcrypto/man/X509_ATTRIBUTE_new.3 new file mode 100644 index 00000000000..cf978867f11 --- /dev/null +++ b/src/lib/libcrypto/man/X509_ATTRIBUTE_new.3 @@ -0,0 +1,120 @@ +.\" $OpenBSD: X509_ATTRIBUTE_new.3,v 1.6 2018/03/27 17:35:50 schwarze Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt X509_ATTRIBUTE_NEW 3 +.Os +.Sh NAME +.Nm X509_ATTRIBUTE_new , +.Nm X509_ATTRIBUTE_free +.\" In the following line, "X.501" and "Attribute" are not typos. +.\" The "Attribute" type is defined in X.501, not in X.509. +.\" The type in called "Attribute" with capital "A", not "attribute". +.Nd generic X.501 Attribute +.Sh SYNOPSIS +.In openssl/x509.h +.Ft X509_ATTRIBUTE * +.Fn X509_ATTRIBUTE_new void +.Ft void +.Fn X509_ATTRIBUTE_free "X509_ATTRIBUTE *attr" +.Sh DESCRIPTION +In the X.501 standard, an +.Vt Attribute +is the fundamental ASN.1 data type used to represent any kind of +property of any kind of directory entry. +In OpenSSL, very few objects use it directly, most notably the +.Vt X509_REQ_INFO +object used for PKCS#10 certification requests described in +.Xr X509_REQ_new 3 , +the +.Vt PKCS8_PRIV_KEY_INFO +object used for PKCS#8 private key information described in +.Xr PKCS8_PRIV_KEY_INFO_new 3 , +and the +.Vt PKCS12_SAFEBAG +container object described in +.Xr PKCS12_SAFEBAG_new 3 . +.Pp +.Fn X509_ATTRIBUTE_new +allocates and initializes an empty +.Vt X509_ATTRIBUTE +object. +.Fn X509_ATTRIBUTE_free +frees +.Fa attr . +.Sh RETURN VALUES +.Fn X509_ATTRIBUTE_new +returns the new +.Vt X509_ATTRIBUTE +object or +.Dv NULL +if an error occurs. +.Sh SEE ALSO +.Xr d2i_X509_ATTRIBUTE 3 , +.Xr PKCS12_SAFEBAG_new 3 , +.Xr PKCS8_PRIV_KEY_INFO_new 3 , +.Xr X509_EXTENSION_new 3 , +.Xr X509_REQ_new 3 +.Sh STANDARDS +.Bl -ohang +.It Xo +For the general definition of the +.Vt Attribute +data type: +.Xc +ITU-T Recommendation X.501, also known as ISO/IEC 9594-2: +Information Technology \(en Open Systems Interconnection \(en +The Directory: Models, section 8.2: Overall structure +.It For the specific definition in the context of certification requests: +RFC 2986: PKCS #10: Certification Request Syntax Specification, +section 4.1: CertificationRequestInfo +.It For the specific use in the context of private key information: +RFC 5208: Public-Key Cryptography Standards (PKCS) #8: +Private-Key Information Syntax Specification +.It For the specific definition in the context of PFX: +RFC 7292: PKCS #12: Personal Information Exchange Syntax, +section 4.2: The SafeBag Type +.El +.Sh HISTORY +.Fn X509_ATTRIBUTE_new +and +.Fn X509_ATTRIBUTE_free +first appeared in SSLeay 0.5.1 and have been available since +.Ox 2.4 . +.Sh BUGS +A data type designed to hold arbitrary data is an oxymoron. +.Pp +While it may occasionally be useful for abstract syntax specification +or for generic container objects, using it for the representation +of specific data in a specific data structure feels like dubious +design. +.Pp +Having two distinct data types to hold arbitrary data \(en +in this case, +.Vt X509_ATTRIBUTE +on the X.501 language level and +.Vt X509_EXTENSION +as described in +.Xr X509_EXTENSION_new 3 +on the X.509 language level \(en feels even more questionable, +in particular considering that Attributes in certification requests +can be used to ask for Extensions in certificates. +.Pp +At the very least, the direct use of the low-level generic +.Vt X509_ATTRIBUTE +type in specific data types like certification requests or private +key information looks like a layering violation and appears to put +type safety into jeopardy. diff --git a/src/lib/libcrypto/man/X509_CINF_new.3 b/src/lib/libcrypto/man/X509_CINF_new.3 new file mode 100644 index 00000000000..29d2371ffd2 --- /dev/null +++ b/src/lib/libcrypto/man/X509_CINF_new.3 @@ -0,0 +1,113 @@ +.\" $OpenBSD: X509_CINF_new.3,v 1.5 2018/03/27 17:35:50 schwarze Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt X509_CINF_NEW 3 +.Os +.Sh NAME +.Nm X509_CINF_new , +.Nm X509_CINF_free , +.Nm X509_VAL_new , +.Nm X509_VAL_free , +.Nm X509_CERT_AUX_new , +.Nm X509_CERT_AUX_free +.Nd X.509 certificate information objects +.Sh SYNOPSIS +.In openssl/x509.h +.Ft X509_CINF * +.Fn X509_CINF_new void +.Ft void +.Fn X509_CINF_free "X509_CINF *inf" +.Ft X509_VAL * +.Fn X509_VAL_new void +.Ft void +.Fn X509_VAL_free "X509_VAL *val" +.Ft X509_CERT_AUX * +.Fn X509_CERT_AUX_new void +.Ft void +.Fn X509_CERT_AUX_free "X509_CERT_AUX *aux" +.Sh DESCRIPTION +.Fn X509_CINF_new +allocates and initializes an empty +.Vt X509_CINF +object, representing an ASN.1 +.Vt TBSCertificate +structure defined in RFC 5280 section 4.1. +It is used inside the +.Vt X509 +object and holds the main information contained in the X.509 +certificate including subject, public key, issuer, serial number, +validity period, and extensions. +.Fn X509_CINF_free +frees +.Fa inf . +.Pp +.Fn X509_VAL_new +allocates and initializes an empty +.Vt X509_VAL +object, representing an ASN.1 +.Vt Validity +structure defined in RFC 5280 section 4.1. +It is used inside the +.Vt X509_CINF +object and holds the validity period of the certificate. +.Fn X509_VAL_free +frees +.Fa val . +.Pp +.Fn X509_CERT_AUX_new +allocates and initializes an empty +.Vt X509_CERT_AUX +structure. +It can be used inside an +.Vt X509 +object to hold optional non-standard auxiliary data appended to a +certificate, for example friendly alias names and trust data. +.Fn X509_CERT_AUX_free +frees +.Fa aux . +.Sh RETURN VALUES +.Fn X509_CINF_new , +.Fn X509_VAL_new , +and +.Fn X509_CERT_AUX_new +return the new +.Vt X509_CINF , +.Vt X509_VAL , +or +.Vt X509_CERT_AUX +object, respectively, or +.Dv NULL +if an error occurs. +.Sh SEE ALSO +.Xr X509_new 3 +.Sh STANDARDS +RFC 5280: Internet X.509 Public Key Infrastructure Certificate and +Certificate Revocation List (CRL) Profile +.Sh HISTORY +.Fn X509_CINF_new , +.Fn X509_CINF_free , +.Fn X509_VAL_new , +and +.Fn X509_VAL_free +appeared in SSLeay 0.4 or earlier and have been available since +.Ox 2.4 . +.Pp +.Fn X509_CERT_AUX_new +and +.Fn X509_CERT_AUX_free +first appeared in OpenSSL 0.9.5 and have been available since +.Ox 2.7 . diff --git a/src/lib/libcrypto/man/X509_CRL_get0_by_serial.3 b/src/lib/libcrypto/man/X509_CRL_get0_by_serial.3 new file mode 100644 index 00000000000..d1580e1d5b7 --- /dev/null +++ b/src/lib/libcrypto/man/X509_CRL_get0_by_serial.3 @@ -0,0 +1,175 @@ +.\" $OpenBSD: X509_CRL_get0_by_serial.3,v 1.8 2018/03/23 04:34:23 schwarze Exp $ +.\" OpenSSL X509_CRL_get0_by_serial.pod cdd6c8c5 Mar 20 12:29:37 2017 +0100 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2015, 2017 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt X509_CRL_GET0_BY_SERIAL 3 +.Os +.Sh NAME +.Nm X509_CRL_get0_by_serial , +.Nm X509_CRL_get0_by_cert , +.Nm X509_CRL_get_REVOKED , +.Nm X509_CRL_add0_revoked , +.Nm X509_CRL_sort +.Nd add, sort, and retrieve CRL entries +.Sh SYNOPSIS +.In openssl/x509.h +.Ft int +.Fo X509_CRL_get0_by_serial +.Fa "X509_CRL *crl" +.Fa "X509_REVOKED **ret" +.Fa "ASN1_INTEGER *serial" +.Fc +.Ft int +.Fo X509_CRL_get0_by_cert +.Fa "X509_CRL *crl" +.Fa "X509_REVOKED **ret" +.Fa "X509 *x" +.Fc +.Ft STACK_OF(X509_REVOKED) * +.Fo X509_CRL_get_REVOKED +.Fa "X509_CRL *crl" +.Fc +.Ft int +.Fo X509_CRL_add0_revoked +.Fa "X509_CRL *crl" +.Fa "X509_REVOKED *rev" +.Fc +.Ft int +.Fo X509_CRL_sort +.Fa "X509_CRL *crl" +.Fc +.Sh DESCRIPTION +.Fn X509_CRL_get0_by_serial +attempts to find a revoked entry in +.Fa crl +for serial number +.Fa serial . +If it is successful, it sets +.Pf * Fa ret +to the internal pointer of the matching entry. +Consequently, +.Pf * Fa ret +must not be freed up after the call. +.Pp +.Fn X509_CRL_get0_by_cert +is similar to +.Fn X509_CRL_get0_by_serial +except that it looks for a revoked entry using the serial number +of certificate +.Fa x . +.Pp +.Fn X509_CRL_get_REVOKED +returns an internal pointer to a stack of all revoked entries for +.Fa crl . +It is implemented as a macro. +.Pp +.Fn X509_CRL_add0_revoked +appends revoked entry +.Fa rev +to CRL +.Fa crl . +The pointer +.Fa rev +is used internally so it must not be freed up after the call: it is +freed when the parent CRL is freed. +.Pp +.Fn X509_CRL_sort +sorts the revoked entries of +.Fa crl +into ascending serial number order. +.Pp +Applications can determine the number of revoked entries returned by +.Fn X509_CRL_get_revoked +using +.Fn sk_X509_REVOKED_num +and examine each one in turn using +.Fn sk_X509_REVOKED_value , +both defined in +.In openssl/safestack.h . +.Sh RETURN VALUES +.Fn X509_CRL_get0_by_serial +and +.Fn X509_CRL_get0_by_cert +return 0 for failure or 1 for success, except if the revoked entry +has the reason +.Qq removeFromCRL , +in which case 2 is returned. +.Pp +.Fn X509_CRL_add0_revoked +and +.Fn X509_CRL_sort +return 1 for success or 0 for failure. +.Pp +.Fn X509_CRL_get_REVOKED +returns a STACK of revoked entries. +.Sh SEE ALSO +.Xr d2i_X509_CRL 3 , +.Xr ERR_get_error 3 , +.Xr X509_CRL_get_ext 3 , +.Xr X509_CRL_get_issuer 3 , +.Xr X509_CRL_get_version 3 , +.Xr X509_REVOKED_new 3 , +.Xr X509V3_get_d2i 3 +.Sh HISTORY +.Fn X509_CRL_get_REVOKED +first appeared in OpenSSL 0.9.2b and has been available since +.Ox 2.6 . +.Pp +.Fn X509_CRL_add0_revoked +and +.Fn X509_CRL_sort +first appeared in OpenSSL 0.9.7 and have been available since +.Ox 3.2 . +.Pp +.Fn X509_CRL_get0_by_serial +and +.Fn X509_CRL_get0_by_cert +first appeared in OpenSSL 1.0.0 and have been available since +.Ox 4.9 . diff --git a/src/lib/libcrypto/man/X509_CRL_new.3 b/src/lib/libcrypto/man/X509_CRL_new.3 new file mode 100644 index 00000000000..47b3d54940d --- /dev/null +++ b/src/lib/libcrypto/man/X509_CRL_new.3 @@ -0,0 +1,135 @@ +.\" $OpenBSD: X509_CRL_new.3,v 1.7 2018/03/27 17:35:50 schwarze Exp $ +.\" +.\" Copyright (c) 2016, 2018 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt X509_CRL_NEW 3 +.Os +.Sh NAME +.Nm X509_CRL_new , +.Nm X509_CRL_dup , +.Nm X509_CRL_up_ref , +.Nm X509_CRL_free , +.Nm X509_CRL_INFO_new , +.Nm X509_CRL_INFO_free +.Nd X.509 certificate revocation lists +.Sh SYNOPSIS +.In openssl/x509.h +.Ft X509_CRL * +.Fn X509_CRL_new void +.Ft X509_CRL * +.Fn X509_CRL_dup "X509_CRL *crl" +.Ft int +.Fn X509_CRL_up_ref "X509_CRL *crl" +.Ft void +.Fn X509_CRL_free "X509_CRL *crl" +.Ft X509_CRL_INFO * +.Fn X509_CRL_INFO_new void +.Ft void +.Fn X509_CRL_INFO_free "X509_CRL_INFO *crl_info" +.Sh DESCRIPTION +.Fn X509_CRL_new +allocates and initializes an empty +.Vt X509_CRL +object, representing an ASN.1 +.Vt CertificateList +structure defined in RFC 5280 section 5.1. +It can hold a pointer to an +.Vt X509_CRL_INFO +object discussed below together with a cryptographic signature +and information about the signature algorithm used. +The reference count is set to 1. +.Pp +.Fn X509_CRL_dup +creates a deep copy of +.Fa crl . +.Pp +.Fn X509_CRL_up_ref +increments the reference count of +.Fa crl +by 1. +.Pp +.Fn X509_CRL_free +decrements the reference count of +.Fa crl +by 1. +If the reference count reaches 0, it frees +.Fa crl . +.Pp +.Fn X509_CRL_INFO_new +allocates and initializes an empty +.Vt X509_CRL_INFO +object, representing an ASN.1 +.Vt TBSCertList +structure defined in RFC 5280 section 5.1. +It is used inside the +.Vt X509_CRL +object and can hold a list of revoked certificates, an issuer name, +the time the list was issued, the time when the next update of the +list is due, and optional extensions. +.Fn X509_CRL_INFO_free +frees +.Fa crl_info . +.Sh RETURN VALUES +.Fn X509_CRL_new , +.Fn X509_CRL_dup , +and +.Fn X509_CRL_INFO_new +return the new +.Vt X509_CRL +or +.Vt X509_CRL_INFO +object, respectively, or +.Dv NULL +if an error occurs. +.Pp +.Fn X509_CRL_up_ref +returns 1 on success or 0 on error. +.Sh SEE ALSO +.Xr ACCESS_DESCRIPTION_new 3 , +.Xr AUTHORITY_KEYID_new 3 , +.Xr d2i_X509_CRL 3 , +.Xr DIST_POINT_new 3 , +.Xr PEM_read_X509_CRL 3 , +.Xr X509_CRL_get0_by_serial 3 , +.Xr X509_CRL_get_ext 3 , +.Xr X509_CRL_get_ext_d2i 3 , +.Xr X509_CRL_get_issuer 3 , +.Xr X509_CRL_get_version 3 , +.Xr X509_CRL_sign 3 , +.Xr X509_EXTENSION_new 3 , +.Xr X509_load_crl_file 3 , +.Xr X509_new 3 , +.Xr X509_REVOKED_new 3 , +.Xr X509_STORE_CTX_set0_crls 3 +.Sh STANDARDS +RFC 5280: Internet X.509 Public Key Infrastructure Certificate and +Certificate Revocation List (CRL) Profile, section 5: CRL and CRL +Extensions Profile +.Sh HISTORY +.Fn X509_CRL_new , +.Fn X509_CRL_free , +.Fn X509_CRL_INFO_new , +and +.Fn X509_CRL_INFO_free +first appeared in SSLeay 0.4.4. +.Fn X509_CRL_dup +first appeared in SSLeay 0.5.1. +These functions have been available since +.Ox 2.4 . +.Pp +.Fn X509_CRL_up_ref +first appeared in OpenSSL 1.1.0 and has been available since +.Ox 6.3 . diff --git a/src/lib/libcrypto/man/X509_EXTENSION_set_object.3 b/src/lib/libcrypto/man/X509_EXTENSION_set_object.3 new file mode 100644 index 00000000000..414dfe6a550 --- /dev/null +++ b/src/lib/libcrypto/man/X509_EXTENSION_set_object.3 @@ -0,0 +1,305 @@ +.\" $OpenBSD: X509_EXTENSION_set_object.3,v 1.9 2018/05/19 21:09:19 schwarze Exp $ +.\" OpenSSL bb9ad09e Jun 6 00:43:05 2016 -0400 +.\" +.\" This file is a derived work. +.\" The changes are covered by the following Copyright and license: +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" The original file was written by Dr. Stephen Henson . +.\" Copyright (c) 2015 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: May 19 2018 $ +.Dt X509_EXTENSION_SET_OBJECT 3 +.Os +.Sh NAME +.Nm X509_EXTENSION_new , +.Nm X509_EXTENSION_free , +.Nm X509_EXTENSION_create_by_NID , +.Nm X509_EXTENSION_create_by_OBJ , +.Nm X509_EXTENSION_set_object , +.Nm X509_EXTENSION_set_critical , +.Nm X509_EXTENSION_set_data , +.Nm X509_EXTENSION_get_object , +.Nm X509_EXTENSION_get_critical , +.Nm X509_EXTENSION_get_data +.\" In the next line, the capital "E" is not a typo. +.\" The ASN.1 structure is called "Extension", not "extension". +.Nd create, change, and inspect X.509 Extension objects +.Sh SYNOPSIS +.In openssl/x509.h +.Ft X509_EXTENSION * +.Fn X509_EXTENSION_new void +.Ft void +.Fn X509_EXTENSION_free "X509_EXTENSION *ex" +.Ft X509_EXTENSION * +.Fo X509_EXTENSION_create_by_NID +.Fa "X509_EXTENSION **ex" +.Fa "int nid" +.Fa "int crit" +.Fa "ASN1_OCTET_STRING *data" +.Fc +.Ft X509_EXTENSION * +.Fo X509_EXTENSION_create_by_OBJ +.Fa "X509_EXTENSION **ex" +.Fa "ASN1_OBJECT *obj" +.Fa "int crit" +.Fa "ASN1_OCTET_STRING *data" +.Fc +.Ft int +.Fo X509_EXTENSION_set_object +.Fa "X509_EXTENSION *ex" +.Fa "const ASN1_OBJECT *obj" +.Fc +.Ft int +.Fo X509_EXTENSION_set_critical +.Fa "X509_EXTENSION *ex" +.Fa "int crit" +.Fc +.Ft int +.Fo X509_EXTENSION_set_data +.Fa "X509_EXTENSION *ex" +.Fa "ASN1_OCTET_STRING *data" +.Fc +.Ft ASN1_OBJECT * +.Fo X509_EXTENSION_get_object +.Fa "X509_EXTENSION *ex" +.Fc +.Ft int +.Fo X509_EXTENSION_get_critical +.Fa "const X509_EXTENSION *ex" +.Fc +.Ft ASN1_OCTET_STRING * +.Fo X509_EXTENSION_get_data +.Fa "X509_EXTENSION *ne" +.Fc +.Sh DESCRIPTION +.Fn X509_EXTENSION_new +allocates and initializes an empty +.Vt X509_EXTENSION +object, representing an ASN.1 +.Vt Extension +structure defined in RFC 5280 section 4.1. +It is a wrapper object around specific extension objects of different +types and stores an extension type identifier and a criticality +flag in addition to the DER-encoded form of the wrapped object. +.Vt X509_EXTENSION +objects can be used for X.509 v3 certificates inside +.Vt X509_CINF +objects and for X.509 v2 certificate revocation lists inside +.Vt X509_CRL_INFO +and +.Vt X509_REVOKED +objects. +.Pp +.Fn X509_EXTENSION_free +frees +.Fa ex +and all objects it is using. +.Pp +.Fn X509_EXTENSION_create_by_NID +creates an extension of type +.Fa nid +and criticality +.Fa crit +using data +.Fa data . +The created extension is returned and written to +.Pf * Fa ex +reusing or allocating a new extension if necessary, so +.Pf * Fa ex +should either be +.Dv NULL +or a valid +.Vt X509_EXTENSION +structure. +It must not be an uninitialised pointer. +.Pp +.Fn X509_EXTENSION_create_by_OBJ +is identical to +.Fn X509_EXTENSION_create_by_NID +except that it creates an extension using +.Fa obj +instead of a NID. +.Pp +.Fn X509_EXTENSION_set_object +sets the extension type of +.Fa ex +to +.Fa obj . +The +.Fa obj +pointer is duplicated internally so +.Fa obj +should be freed up after use. +.Pp +.Fn X509_EXTENSION_set_critical +sets the criticality of +.Fa ex +to +.Fa crit . +If +.Fa crit +is zero, the extension in non-critical, otherwise it is critical. +.Pp +.Fn X509_EXTENSION_set_data +sets the data in extension +.Fa ex +to +.Fa data . +The +.Fa data +pointer is duplicated internally. +.Pp +.Fn X509_EXTENSION_get_object +returns the extension type of +.Fa ex +as an +.Vt ASN1_OBJECT +pointer. +The returned pointer is an internal value which must not be freed up. +.Pp +.Fn X509_EXTENSION_get_critical +returns the criticality of extension +.Fa ex +it returns 1 for critical and 0 for non-critical. +.Pp +.Fn X509_EXTENSION_get_data +returns the data of extension +.Fa ex . +The returned pointer is an internal value which must not be freed up. +.Pp +These functions manipulate the contents of an extension directly. +Most applications will want to parse or encode and add an extension: +they should use the extension encode and decode functions instead +such as +.Xr X509_add1_ext_i2d 3 +and +.Xr X509_get_ext_d2i 3 . +.Pp +The +.Fa data +associated with an extension is the extension encoding in an +.Vt ASN1_OCTET_STRING +structure. +.Sh RETURN VALUES +.Fn X509_EXTENSION_new , +.Fn X509_EXTENSION_create_by_NID , +and +.Fn X509_EXTENSION_create_by_OBJ +return an +.Vt X509_EXTENSION +pointer or +.Dv NULL +if an error occurs. +.Pp +.Fn X509_EXTENSION_set_object , +.Fn X509_EXTENSION_set_critical , +and +.Fn X509_EXTENSION_set_data +return 1 for success or 0 for failure. +.Pp +.Fn X509_EXTENSION_get_object +returns an +.Vt ASN1_OBJECT +pointer. +.Pp +.Fn X509_EXTENSION_get_critical +returns 0 for non-critical or 1 for critical. +.Pp +.Fn X509_EXTENSION_get_data +returns an +.Vt ASN1_OCTET_STRING +pointer. +.Sh SEE ALSO +.Xr ACCESS_DESCRIPTION_new 3 , +.Xr AUTHORITY_KEYID_new 3 , +.Xr BASIC_CONSTRAINTS_new 3 , +.Xr d2i_X509_EXTENSION 3 , +.Xr DIST_POINT_new 3 , +.Xr EXTENDED_KEY_USAGE_new 3 , +.Xr NAME_CONSTRAINTS_new 3 , +.Xr OCSP_CRLID_new 3 , +.Xr OCSP_SERVICELOC_new 3 , +.Xr PKEY_USAGE_PERIOD_new 3 , +.Xr POLICYINFO_new 3 , +.Xr PROXY_POLICY_new 3 , +.Xr SXNET_new 3 , +.Xr X509V3_get_d2i 3 , +.Xr X509v3_get_ext_by_NID 3 +.Sh STANDARDS +RFC 5280: Internet X.509 Public Key Infrastructure Certificate and +Certificate Revocation List (CRL) Profile +.Sh HISTORY +.Fn X509_EXTENSION_new +and +.Fn X509_EXTENSION_free +first appeared in SSLeay 0.6.2. +.Fn X509_EXTENSION_create_by_NID , +.Fn X509_EXTENSION_create_by_OBJ , +.Fn X509_EXTENSION_set_object , +.Fn X509_EXTENSION_set_critical , +.Fn X509_EXTENSION_set_data , +.Fn X509_EXTENSION_get_object , +.Fn X509_EXTENSION_get_critical , +and +.Fn X509_EXTENSION_get_data +first appeared in SSLeay 0.8.0. +These functions have been available since +.Ox 2.4 . diff --git a/src/lib/libcrypto/man/X509_LOOKUP_hash_dir.3 b/src/lib/libcrypto/man/X509_LOOKUP_hash_dir.3 new file mode 100644 index 00000000000..1f8520ce049 --- /dev/null +++ b/src/lib/libcrypto/man/X509_LOOKUP_hash_dir.3 @@ -0,0 +1,244 @@ +.\" $OpenBSD: X509_LOOKUP_hash_dir.3,v 1.8 2018/03/27 17:35:50 schwarze Exp $ +.\" full merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800 +.\" +.\" This file was written by Victor B. Wagner +.\" and Claus Assmann. +.\" Copyright (c) 2015, 2016, 2017 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt X509_LOOKUP_HASH_DIR 3 +.Os +.Sh NAME +.Nm X509_LOOKUP_hash_dir , +.Nm X509_LOOKUP_file , +.Nm X509_load_cert_file , +.Nm X509_load_crl_file , +.Nm X509_load_cert_crl_file +.Nd default OpenSSL certificate lookup methods +.Sh SYNOPSIS +.In openssl/x509_vfy.h +.Ft X509_LOOKUP_METHOD * +.Fn X509_LOOKUP_hash_dir void +.Ft X509_LOOKUP_METHOD * +.Fn X509_LOOKUP_file void +.Ft int +.Fo X509_load_cert_file +.Fa "X509_LOOKUP *ctx" +.Fa "const char *file" +.Fa "int type" +.Fc +.Ft int +.Fo X509_load_crl_file +.Fa "X509_LOOKUP *ctx" +.Fa "const char *file" +.Fa "int type" +.Fc +.Ft int +.Fo X509_load_cert_crl_file +.Fa "X509_LOOKUP *ctx" +.Fa "const char *file" +.Fa "int type" +.Fc +.Sh DESCRIPTION +.Fn X509_LOOKUP_hash_dir +and +.Fn X509_LOOKUP_file +are two certificate lookup methods to use with +.Vt X509_STORE , +provided by the OpenSSL library. +.Pp +Users of the library typically do not need to create instances of these +methods manually. +They are created automatically by the +.Xr X509_STORE_load_locations 3 +or +.Xr SSL_CTX_load_verify_locations 3 +functions. +.Pp +Internally, loading of certificates and CRLs is implemented via the functions +.Fn X509_load_cert_crl_file , +.Fn X509_load_cert_file +and +.Fn X509_load_crl_file . +These functions support a parameter +.Fa type , +which can be one of the constants +.Dv FILETYPE_PEM , +.Dv FILETYPE_ASN1 , +and +.Dv FILETYPE_DEFAULT . +They load certificates and/or CRLs from the specified file into a +memory cache of +.Vt X509_STORE +objects which the given +.Fa ctx +parameter is associated with. +.Pp +The functions +.Fn X509_load_cert_file +and +.Fn X509_load_crl_file +can load both PEM and DER formats depending on the +.Fa type +value. +Because DER format cannot contain more than one certificate or CRL +object (while PEM can contain several concatenated PEM objects), +.Fn X509_load_cert_crl_file +with +.Dv FILETYPE_ASN1 +is equivalent to +.Fn X509_load_cert_file . +.Pp +The constant +.Dv FILETYPE_DEFAULT +with +.Dv NULL +filename causes these functions to load the default certificate +store file (see +.Xr X509_STORE_set_default_paths 3 ) . +.Pp +Both methods support adding several certificate locations into one +.Sy X509_STORE . +.Pp +This page documents certificate store formats used by these methods and +caching policy. +.Ss File Method +The +.Fn X509_LOOKUP_file +method loads all the certificates or CRLs present in a file into memory +at the time the file is added as a lookup source. +.Pp +The file format is ASCII text which contains concatenated PEM +certificates and CRLs. +.Pp +This method should be used by applications which work with a small set +of CAs. +.Ss Hashed Directory Method +.Fa X509_LOOKUP_hash_dir +is a more advanced method which loads certificates and CRLs on demand, +and caches them in memory once they are loaded. +As of OpenSSL 1.0.0, it also checks for newer CRLs upon each lookup, so +that newer CRLs are used as soon as they appear in the directory. +.Pp +The directory should contain one certificate or CRL per file in PEM +format, with a file name of the form +.Ar hash . Ns Ar N +for a certificate, or +.Ar hash . Ns Sy r Ns Ar N +for a CRL. +The +.Ar hash +is the value returned by the +.Xr X509_NAME_hash 3 +function applied to the subject name for certificates or issuer +name for CRLs. +The hash can also be obtained via the +.Fl hash +option of the +.Xr openssl 1 +.Cm x509 +or +.Cm crl +commands. +.Pp +The +.Ar N +suffix is a sequence number that starts at zero and is incremented +consecutively for each certificate or CRL with the same +.Ar hash +value. +Gaps in the sequence numbers are not supported. +It is assumed that there are no more objects with the same hash +beyond the first missing number in the sequence. +.Pp +Sequence numbers make it possible for the directory to contain multiple +certificates with the same subject name hash value. +For example, it is possible to have in the store several certificates +with the same subject or several CRLs with the same issuer (and, for +example, a different validity period). +.Pp +When checking for new CRLs, once one CRL for a given hash value is +loaded, hash_dir lookup method checks only for certificates with +sequence number greater than that of the already cached CRL. +.Pp +Note that the hash algorithm used for subject name hashing changed in +OpenSSL 1.0.0, and all certificate stores have to be rehashed when +moving from OpenSSL 0.9.8 to 1.0.0. +.Sh RETURN VALUES +.Fn X509_LOOKUP_hash_dir +and +.Fn X509_LOOKUP_file +always return a pointer to a static +.Vt X509_LOOKUP_METHOD +structure. +.Pp +.Fn X509_load_cert_file , +.Fn X509_load_crl_file , +and +.Fn X509_load_cert_crl_file +return the number of objects loaded from the +.Fa file +or 0 on error. +.Sh SEE ALSO +.Xr d2i_X509_bio 3 , +.Xr PEM_read_PrivateKey 3 , +.Xr SSL_CTX_load_verify_locations 3 , +.Xr X509_STORE_load_locations 3 +.Sh HISTORY +.Fn X509_LOOKUP_hash_dir , +.Fn X509_LOOKUP_file , +and +.Fn X509_load_cert_file +first appeared in SSLeay 0.8.0. +.Fn X509_load_crl_file +first appeared in SSLeay 0.9.0. +These functions have been available since +.Ox 2.4 . +.Pp +.Fn X509_load_cert_crl_file +first appeared in OpenSSL 0.9.5 and has been available since +.Ox 2.7 . diff --git a/src/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 b/src/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 new file mode 100644 index 00000000000..d2cb9baa3c1 --- /dev/null +++ b/src/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 @@ -0,0 +1,286 @@ +.\" $OpenBSD: X509_NAME_ENTRY_get_object.3,v 1.12 2018/05/19 21:25:51 schwarze Exp $ +.\" full merge up to: OpenSSL aebb9aac Jul 19 09:27:53 2016 -0400 +.\" selective merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800 +.\" +.\" This file is a derived work. +.\" The changes are covered by the following Copyright and license: +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" The original file was written by Dr. Stephen Henson . +.\" Copyright (c) 2002, 2005, 2006, 2017 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: May 19 2018 $ +.Dt X509_NAME_ENTRY_GET_OBJECT 3 +.Os +.Sh NAME +.Nm X509_NAME_ENTRY_new , +.Nm X509_NAME_ENTRY_free , +.Nm X509_NAME_ENTRY_get_object , +.Nm X509_NAME_ENTRY_get_data , +.Nm X509_NAME_ENTRY_set_object , +.Nm X509_NAME_ENTRY_set_data , +.Nm X509_NAME_ENTRY_create_by_txt , +.Nm X509_NAME_ENTRY_create_by_NID , +.Nm X509_NAME_ENTRY_create_by_OBJ +.\" In the following line, "X.501" is not a typo. +.\" This object defined in X.501, not in X.509. +.Nd X.501 relative distinguished name +.Sh SYNOPSIS +.In openssl/x509.h +.Ft X509_NAME_ENTRY * +.Fn X509_NAME_ENTRY_new void +.Ft void +.Fo X509_NAME_ENTRY_free +.Fa "X509_NAME_ENTRY* ne" +.Fc +.Ft ASN1_OBJECT * +.Fo X509_NAME_ENTRY_get_object +.Fa "const X509_NAME_ENTRY *ne" +.Fc +.Ft ASN1_STRING * +.Fo X509_NAME_ENTRY_get_data +.Fa "const X509_NAME_ENTRY *ne" +.Fc +.Ft int +.Fo X509_NAME_ENTRY_set_object +.Fa "X509_NAME_ENTRY *ne" +.Fa "const ASN1_OBJECT *obj" +.Fc +.Ft int +.Fo X509_NAME_ENTRY_set_data +.Fa "X509_NAME_ENTRY *ne" +.Fa "int type" +.Fa "const unsigned char *bytes" +.Fa "int len" +.Fc +.Ft X509_NAME_ENTRY * +.Fo X509_NAME_ENTRY_create_by_txt +.Fa "X509_NAME_ENTRY **ne" +.Fa "const char *field" +.Fa "int type" +.Fa "const unsigned char *bytes" +.Fa "int len" +.Fc +.Ft X509_NAME_ENTRY * +.Fo X509_NAME_ENTRY_create_by_NID +.Fa "X509_NAME_ENTRY **ne" +.Fa "int nid" +.Fa "int type" +.Fa "const unsigned char *bytes" +.Fa "int len" +.Fc +.Ft X509_NAME_ENTRY * +.Fo X509_NAME_ENTRY_create_by_OBJ +.Fa "X509_NAME_ENTRY **ne" +.Fa "const ASN1_OBJECT *obj" +.Fa "int type" +.Fa "const unsigned char *bytes" +.Fa "int len" +.Fc +.Sh DESCRIPTION +An X.501 +.Vt RelativeDistinguishedName +is a set of field type and value pairs. +It is the building block for constructing X.501 +.Vt Name +objects. +This implementation only supports sets with one element, so an +.Vt X509_NAME_ENTRY +object contains only one field type and one value. +.Pp +.Fn X509_NAME_ENTRY_new +allocates and initializes an empty +.Vt X509_NAME_ENTRY +object, representing an ASN.1 +.Vt RelativeDistinguishedName +structure defined in RFC 5280 section 4.1.2.4. +.Pp +.Fn X509_NAME_ENTRY_free +frees +.Fa ne +and the type and value contained in it. +.Pp +.Fn X509_NAME_ENTRY_get_object +retrieves the field type of +.Fa ne +in an +.Vt ASN1_OBJECT +structure. +.Fn X509_NAME_ENTRY_get_data +retrieves the field value of +.Fa ne +in an +.Vt ASN1_STRING +structure. +These two functions can be used to examine an +.Vt X509_NAME_ENTRY +object as returned by +.Xr X509_NAME_get_entry 3 . +.Pp +.Fn X509_NAME_ENTRY_set_object +sets the field type of +.Fa ne +to +.Fa obj . +.Pp +.Fn X509_NAME_ENTRY_set_data +sets the field value of +.Fa ne +to string type +.Fa type +and the value determined by +.Fa bytes +and +.Fa len . +.Pp +.Fn X509_NAME_ENTRY_create_by_txt , +.Fn X509_NAME_ENTRY_create_by_NID , +and +.Fn X509_NAME_ENTRY_create_by_OBJ +create and return an +.Vt X509_NAME_ENTRY +structure. +.Pp +Except for +.Fn X509_NAME_ENTRY_get_object +and +.Fn X509_NAME_ENTRY_get_data , +these functions are rarely used because +.Vt X509_NAME_ENTRY +structures are almost always part of +.Vt X509_NAME +structures and the functions described in +.Xr X509_NAME_add_entry_by_txt 3 +are typically used to create and add new entries in a single operation. +.Pp +The arguments of these functions support similar options to the +similarly named ones described in +.Xr X509_NAME_add_entry_by_txt 3 . +So for example +.Fa type +can be set to +.Dv MBSTRING_ASC , +but in the case of +.Fn X509_NAME_ENTRY_set_data +the field type must be set first so the relevant field information +can be looked up internally. +.Sh RETURN VALUES +.Fn X509_NAME_ENTRY_new , +.Fn X509_NAME_ENTRY_create_by_txt , +.Fn X509_NAME_ENTRY_create_by_NID , +and +.Fn X509_NAME_ENTRY_create_by_OBJ +return a valid +.Vt X509_NAME_ENTRY +structure on success or +.Dv NULL +if an error occurred. +.Pp +.Fn X509_NAME_ENTRY_get_object +returns a valid +.Vt ASN1_OBJECT +structure if it is set or +.Dv NULL +if an error occurred. +.Pp +.Fn X509_NAME_ENTRY_get_data +returns a valid +.Vt ASN1_STRING +structure if it is set or +.Dv NULL +if an error occurred. +.Pp +.Fn X509_NAME_ENTRY_set_object +and +.Fn X509_NAME_ENTRY_set_data +return 1 on success or 0 on error. +.Sh SEE ALSO +.Xr ERR_get_error 3 , +.Xr OBJ_nid2obj 3 , +.Xr X509_NAME_add_entry 3 , +.Xr X509_NAME_get_entry 3 , +.Xr X509_NAME_new 3 +.Sh STANDARDS +RFC 5280: Internet X.509 Public Key Infrastructure Certificate and +Certificate Revocation List (CRL) Profile +.Pp +ITU-T Recommendation X.501, also known as ISO/IEC 9594-2: Information +Technology Open Systems Interconnection The Directory: Models, +section 9.3: Relative distinguished name +.Sh HISTORY +.Fn X509_NAME_ENTRY_new +and +.Fn X509_NAME_ENTRY_free +first appeared in SSLeay 0.5.1. +.Fn X509_NAME_ENTRY_get_object , +.Fn X509_NAME_ENTRY_get_data , +.Fn X509_NAME_ENTRY_set_object , +.Fn X509_NAME_ENTRY_set_data , +.Fn X509_NAME_ENTRY_create_by_NID , +and +.Fn X509_NAME_ENTRY_create_by_OBJ +first appeared in SSLeay 0.8.0. +These functions have been available since +.Ox 2.4 . +.Pp +.Fn X509_NAME_ENTRY_create_by_txt +first appeared in OpenSSL 0.9.5 and has been available since +.Ox 2.7 . diff --git a/src/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 b/src/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 new file mode 100644 index 00000000000..1f094140394 --- /dev/null +++ b/src/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 @@ -0,0 +1,278 @@ +.\" $OpenBSD: X509_NAME_add_entry_by_txt.3,v 1.12 2018/05/19 23:02:00 schwarze Exp $ +.\" OpenSSL aebb9aac Jul 19 09:27:53 2016 -0400 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2002, 2005, 2006, 2013, 2014 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: May 19 2018 $ +.Dt X509_NAME_ADD_ENTRY_BY_TXT 3 +.Os +.Sh NAME +.Nm X509_NAME_add_entry_by_txt , +.Nm X509_NAME_add_entry_by_OBJ , +.Nm X509_NAME_add_entry_by_NID , +.Nm X509_NAME_add_entry , +.Nm X509_NAME_delete_entry +.Nd X509_NAME modification functions +.Sh SYNOPSIS +.In openssl/x509.h +.Ft int +.Fo X509_NAME_add_entry_by_txt +.Fa "X509_NAME *name" +.Fa "const char *field" +.Fa "int type" +.Fa "const unsigned char *bytes" +.Fa "int len" +.Fa "int loc" +.Fa "int set" +.Fc +.Ft int +.Fo X509_NAME_add_entry_by_OBJ +.Fa "X509_NAME *name" +.Fa "const ASN1_OBJECT *obj" +.Fa "int type" +.Fa "const unsigned char *bytes" +.Fa "int len" +.Fa "int loc" +.Fa "int set" +.Fc +.Ft int +.Fo X509_NAME_add_entry_by_NID +.Fa "X509_NAME *name" +.Fa "int nid" +.Fa "int type" +.Fa "const unsigned char *bytes" +.Fa "int len" +.Fa "int loc" +.Fa "int set" +.Fc +.Ft int +.Fo X509_NAME_add_entry +.Fa "X509_NAME *name" +.Fa "const X509_NAME_ENTRY *ne" +.Fa "int loc" +.Fa "int set" +.Fc +.Ft X509_NAME_ENTRY * +.Fo X509_NAME_delete_entry +.Fa "X509_NAME *name" +.Fa "int loc" +.Fc +.Sh DESCRIPTION +.Fn X509_NAME_add_entry_by_txt , +.Fn X509_NAME_add_entry_by_OBJ , +and +.Fn X509_NAME_add_entry_by_NID +add a field whose name is defined by a string +.Fa field , +an object +.Fa obj +or a NID +.Fa nid , +respectively. +The field value to be added is in +.Fa bytes +of length +.Fa len . +If +.Fa len +is -1 then the field length is calculated internally using +.Fn strlen bytes . +.Pp +The type of field is determined by +.Fa type +which can either be a definition of the type of +.Fa bytes +(such as +.Dv MBSTRING_ASC ) +or a standard ASN.1 type (such as +.Dv V_ASN1_IA5STRING ) . +The new entry is added to a position determined by +.Fa loc +and +.Fa set . +.Pp +.Fn X509_NAME_add_entry +adds a copy of an +.Vt X509_NAME_ENTRY +structure +.Fa ne +to +.Fa name . +The new entry is added to a position determined by +.Fa loc +and +.Fa set . +Since a copy of +.Fa ne +is added, +.Fa ne +must be freed up after the call. +.Pp +.Fn X509_NAME_delete_entry +deletes an entry from +.Fa name +at position +.Fa loc . +The deleted entry is returned and must be freed up. +.Pp +The use of string types such as +.Dv MBSTRING_ASC +or +.Dv MBSTRING_UTF8 +is strongly recommended for the +.Fa type +parameter. +This allows the internal code to correctly determine the type of the +field and to apply length checks according to the relevant standards. +.Pp +If instead an ASN.1 type is used, no checks are performed and the supplied +data in +.Fa bytes +is used directly. +.Pp +In +.Fn X509_NAME_add_entry_by_txt +the +.Fa field +string represents the field name using +.Fn OBJ_txt2obj field 0 . +.Pp +The +.Fa loc +and +.Fa set +parameters determine where a new entry should be added. +For almost all applications, +.Fa loc +can be set to -1 and +.Fa set +to 0. +This adds a new entry to the end of +.Fa name +as a single valued +.Vt RelativeDistinguishedName +(RDN). +.Pp +.Fa loc +actually determines the index where the new entry is inserted: +if it is -1 it is appended. +.Pp +.Fa set +determines how the new type is added. +If it is zero a new RDN is created. +.Pp +If +.Fa set +is -1 or 1 it is added to the previous or next RDN structure +respectively. +This will then be a multivalued RDN: since multivalue RDNs are very +seldom used, +.Fa set +is almost always set to zero. +.Sh RETURN VALUES +.Fn X509_NAME_add_entry_by_txt , +.Fn X509_NAME_add_entry_by_OBJ , +.Fn X509_NAME_add_entry_by_NID , +and +.Fn X509_NAME_add_entry +return 1 for success or 0 if an error occurred. +.Pp +.Fn X509_NAME_delete_entry +returns either the deleted +.Vt X509_NAME_ENTRY +structure or +.Dv NULL +if an error occurred. +.Sh EXAMPLES +Create an +.Vt X509_NAME +structure: +.Bd -literal -offset indent +C=UK, O=Disorganized Organization, CN=Joe Bloggs + +X509_NAME *nm; +nm = X509_NAME_new(); +if (nm == NULL) + /* Some error */ +if (!X509_NAME_add_entry_by_txt(nm, "C", MBSTRING_ASC, + "UK", -1, -1, 0)) + /* Error */ +if (!X509_NAME_add_entry_by_txt(nm, "O", MBSTRING_ASC, + "Disorganized Organization", -1, -1, 0)) + /* Error */ +if (!X509_NAME_add_entry_by_txt(nm, "CN", MBSTRING_ASC, + "Joe Bloggs", -1, -1, 0)) + /* Error */ +.Ed +.Sh SEE ALSO +.Xr d2i_X509_NAME 3 , +.Xr ERR_get_error 3 , +.Xr X509_NAME_get_index_by_NID 3 , +.Xr X509_NAME_new 3 +.Sh HISTORY +.Fn X509_NAME_add_entry +and +.Fn X509_NAME_delete_entry +first appeared in SSLeay 0.8.0 and have been available since +.Ox 2.4 . +.Pp +.Fn X509_NAME_add_entry_by_txt , +.Fn X509_NAME_add_entry_by_OBJ , +and +.Fn X509_NAME_add_entry_by_NID +first appeared in OpenSSL 0.9.5 and have been available since +.Ox 2.7 . +.Sh BUGS +.Fa type +can still be set to +.Dv V_ASN1_APP_CHOOSE +to use a different algorithm to determine field types. +Since this form does not understand multicharacter types, performs +no length checks, and can result in invalid field types, its use +is strongly discouraged. diff --git a/src/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 b/src/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 new file mode 100644 index 00000000000..70202fed00c --- /dev/null +++ b/src/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 @@ -0,0 +1,255 @@ +.\" $OpenBSD: X509_NAME_get_index_by_NID.3,v 1.10 2018/07/09 09:57:41 tb Exp $ +.\" OpenSSL aebb9aac Jul 19 09:27:53 2016 -0400 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2002, 2006, 2014, 2015, 2016 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: July 9 2018 $ +.Dt X509_NAME_GET_INDEX_BY_NID 3 +.Os +.Sh NAME +.Nm X509_NAME_get_index_by_NID , +.Nm X509_NAME_get_index_by_OBJ , +.Nm X509_NAME_entry_count , +.Nm X509_NAME_get_entry , +.Nm X509_NAME_get_text_by_NID , +.Nm X509_NAME_get_text_by_OBJ +.Nd X509_NAME lookup and enumeration functions +.Sh SYNOPSIS +.In openssl/x509.h +.Ft int +.Fo X509_NAME_get_index_by_NID +.Fa "const X509_NAME *name" +.Fa "int nid" +.Fa "int lastpos" +.Fc +.Ft int +.Fo X509_NAME_get_index_by_OBJ +.Fa "const X509_NAME *name" +.Fa "const ASN1_OBJECT *obj" +.Fa "int lastpos" +.Fc +.Ft int +.Fo X509_NAME_entry_count +.Fa "const X509_NAME *name" +.Fc +.Ft X509_NAME_ENTRY * +.Fo X509_NAME_get_entry +.Fa "const X509_NAME *name" +.Fa "int loc" +.Fc +.Ft int +.Fo X509_NAME_get_text_by_NID +.Fa "X509_NAME *name" +.Fa "int nid" +.Fa "char *buf" +.Fa "int len" +.Fc +.Ft int +.Fo X509_NAME_get_text_by_OBJ +.Fa "X509_NAME *name" +.Fa "const ASN1_OBJECT *obj" +.Fa "char *buf" +.Fa "int len" +.Fc +.Sh DESCRIPTION +These functions allow an +.Vt X509_NAME +structure to be examined. +The +.Vt X509_NAME +structure is the same as the ASN.1 +.Vt Name +type defined in RFC 2459 (and elsewhere) and used, for example, +in certificate subject and issuer names. +.Pp +.Fn X509_NAME_get_index_by_NID +and +.Fn X509_NAME_get_index_by_OBJ +retrieve the next index matching +.Fa nid +or +.Fa obj +after +.Fa lastpos . +.Fa lastpos +should initially be set to -1. +If there are no more entries, -1 is returned. +If +.Fa nid +is invalid (doesn't correspond to a valid OID), -2 is returned. +.Pp +.Fn X509_NAME_entry_count +returns the total number of entries in +.Fa name . +.Pp +.Fn X509_NAME_get_entry +retrieves the +.Vt X509_NAME_ENTRY +from +.Fa name +corresponding to index +.Fa loc . +Acceptable values for +.Fa loc +run from 0 to +.Fn X509_NAME_entry_count name +- 1. +The value returned is an internal pointer which must not be freed. +.Pp +.Fn X509_NAME_get_text_by_NID +and +.Fn X509_NAME_get_text_by_OBJ +retrieve the "text" from the first entry in +.Fa name +which matches +.Fa nid +or +.Fa obj . +If no such entry exists, -1 is returned. +At most +.Fa len +bytes will be written and the text written to +.Fa buf +will be NUL terminated. +The length of the output string written is returned excluding the +terminating NUL. +If +.Fa buf +is +.Dv NULL +then the amount of space needed in +.Fa buf +(excluding the final NUL) is returned. +.Pp +All relevant +.Dv NID_* +and +.Dv OBJ_* +codes can be found in the header files +.In openssl/obj_mac.h +and +.In openssl/objects.h . +.Pp +Applications which could pass invalid NIDs to +.Fn X509_NAME_get_index_by_NID +should check for the return value of -2. +Alternatively the NID validity can be determined first by checking that +.Fn OBJ_nid2obj nid +is not +.Dv NULL . +.Sh RETURN VALUES +.Fn X509_NAME_get_index_by_NID +and +.Fn X509_NAME_get_index_by_OBJ +return the index of the next matching entry or -1 if not found. +.Pp +.Fn X509_NAME_entry_count +returns the total number of entries. +.Pp +.Fn X509_NAME_get_entry +returns an +.Vt X509_NAME +pointer to the requested entry or +.Dv NULL +if the index is invalid. +.Sh EXAMPLES +Process all entries: +.Bd -literal +int i; +X509_NAME_ENTRY *e; + +for (i = 0; i < X509_NAME_entry_count(nm); i++) { + e = X509_NAME_get_entry(nm, i); + /* Do something with e */ +} +.Ed +.Pp +Process all commonName entries: +.Bd -literal +int lastpos = -1; +X509_NAME_ENTRY *e; + +for (;;) { + lastpos = X509_NAME_get_index_by_NID(nm, NID_commonName, lastpos); + if (lastpos == -1) + break; + e = X509_NAME_get_entry(nm, lastpos); + /* Do something with e */ +} +.Ed +.Sh SEE ALSO +.Xr d2i_X509_NAME 3 , +.Xr ERR_get_error 3 , +.Xr X509_NAME_new 3 +.Sh HISTORY +These functions first appeared in SSLeay 0.8.0 +and have been available since +.Ox 2.4 . +.Sh CAVEATS +.Fn X509_NAME_get_text_by_NID +and +.Fn X509_NAME_get_text_by_OBJ +are legacy functions which have various limitations which make them of +minimal use in practice. +They can only find the first matching entry and will copy the contents +of the field verbatim: this can be highly confusing if the target is a +multicharacter string type like a +.Vt BMPString +or a +.Vt UTF8String . +.Pp +For a more general solution, +.Fn X509_NAME_get_index_by_NID +or +.Fn X509_NAME_get_index_by_OBJ +should be used, followed by +.Fn X509_NAME_get_entry +on any matching indices and then the various +.Vt X509_NAME_ENTRY +utility functions on the result. diff --git a/src/lib/libcrypto/man/X509_NAME_new.3 b/src/lib/libcrypto/man/X509_NAME_new.3 new file mode 100644 index 00000000000..527e22272c2 --- /dev/null +++ b/src/lib/libcrypto/man/X509_NAME_new.3 @@ -0,0 +1,99 @@ +.\" $OpenBSD: X509_NAME_new.3,v 1.6 2018/07/29 20:29:32 tb Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: July 29 2018 $ +.Dt X509_NAME_NEW 3 +.Os +.Sh NAME +.Nm X509_NAME_new , +.Nm X509_NAME_free +.\" In the following line, "X.501" and "Name" are not typos. +.\" The "Name" type is defined in X.501, not in X.509. +.\" The type in called "Name" with capital "N", not "name". +.Nd X.501 Name object +.Sh SYNOPSIS +.In openssl/x509.h +.Ft X509_NAME * +.Fn X509_NAME_new void +.Ft void +.Fn X509_NAME_free "X509_NAME *name" +.Sh DESCRIPTION +An X.501 +.Vt Name +is an ordered sequence of relative distinguished names. +A relative distinguished name is a set of key-value pairs; see +.Xr X509_NAME_ENTRY_new 3 +for details. +.Pp +Various X.509 structures contain X.501 +.Vt Name +substructures. +They are for example used for the issuers of certificates and +certificate revocation lists and for the subjects of certificates +and certificate requests. +.Pp +.Fn X509_NAME_new +allocates and initializes an empty +.Vt X509_NAME +object, representing an ASN.1 +.Vt Name +structure defined in RFC 5280 section 4.1.2.4. +Data can be added to such objects with the functions described in +.Xr X509_NAME_add_entry_by_txt 3 , +and they can be inspected with the functions described in +.Xr X509_NAME_get_index_by_NID 3 . +.Pp +.Fn X509_NAME_free +frees +.Fa name +and all the +.Vt X509_NAME_ENTRY +objects contained in it. +If +.Fa name +is a +.Dv NULL +pointer, no action occurs. +.Sh RETURN VALUES +.Fn X509_NAME_new +returns a new +.Vt X509_NAME +object or +.Dv NULL +if an error occurred. +.Sh SEE ALSO +.Xr d2i_X509_NAME 3 , +.Xr GENERAL_NAME_new 3 , +.Xr NAME_CONSTRAINTS_new 3 , +.Xr SSL_load_client_CA_file 3 , +.Xr X509_get_subject_name 3 , +.Xr X509_NAME_add_entry_by_txt 3 , +.Xr X509_NAME_ENTRY_new 3 , +.Xr X509_NAME_get_index_by_NID 3 , +.Xr X509_NAME_print_ex 3 +.Sh STANDARDS +RFC 5280: Internet X.509 Public Key Infrastructure Certificate and +Certificate Revocation List (CRL) Profile +.Pp +ITU-T Recommendation X.501, also known as ISO/IEC 9594-2: +Information Technology \(en Open Systems Interconnection \(en +The Directory: Models, section 9: Names +.Sh HISTORY +.Fn X509_NAME_new +and +.Fn X509_NAME_free +appeared in SSLeay 0.4 or earlier and have been available since +.Ox 2.4 . diff --git a/src/lib/libcrypto/man/X509_NAME_print_ex.3 b/src/lib/libcrypto/man/X509_NAME_print_ex.3 new file mode 100644 index 00000000000..494066ff9cf --- /dev/null +++ b/src/lib/libcrypto/man/X509_NAME_print_ex.3 @@ -0,0 +1,286 @@ +.\" $OpenBSD: X509_NAME_print_ex.3,v 1.11 2018/05/19 22:05:58 schwarze Exp $ +.\" full merge up to: OpenSSL aebb9aac Jul 19 09:27:53 2016 -0400 +.\" selective merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2002, 2004, 2007, 2016, 2017 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: May 19 2018 $ +.Dt X509_NAME_PRINT_EX 3 +.Os +.Sh NAME +.Nm X509_NAME_print_ex , +.Nm X509_NAME_print_ex_fp , +.Nm X509_NAME_oneline , +.Nm X509_NAME_print +.Nd X509_NAME printing routines +.Sh SYNOPSIS +.In openssl/x509.h +.Ft int +.Fo X509_NAME_print_ex +.Fa "BIO *out" +.Fa "const X509_NAME *nm" +.Fa "int indent" +.Fa "unsigned long flags" +.Fc +.Ft int +.Fo X509_NAME_print_ex_fp +.Fa "FILE *fp" +.Fa "const X509_NAME *nm" +.Fa "int indent" +.Fa "unsigned long flags" +.Fc +.Ft char * +.Fo X509_NAME_oneline +.Fa "const X509_NAME *a" +.Fa "char *buf" +.Fa "int size" +.Fc +.Ft int +.Fo X509_NAME_print +.Fa "BIO *bp" +.Fa "const X509_NAME *name" +.Fa "int obase" +.Fc +.Sh DESCRIPTION +.Fn X509_NAME_print_ex +prints a human readable version of +.Fa nm +to +.Vt BIO +.Fa out . +Each line (for multiline formats) is indented by +.Fa indent +spaces. +The output format can be extensively customised by use of the +.Fa flags +parameter. +.Pp +.Fn X509_NAME_print_ex_fp +is identical to +.Fn X509_NAME_print_ex +except the output is written to the +.Vt FILE +pointer +.Fa fp . +.Pp +.Fn X509_NAME_oneline +prints an ASCII version of +.Fa a +to +.Fa buf . +If +.Fa buf +is +.Dv NULL , +then a buffer is dynamically allocated and returned, and +.Fa size +is ignored. +Otherwise, at most +.Fa size +bytes will be written, including the ending NUL, and +.Fa buf +is returned. +.Pp +.Fn X509_NAME_print +prints out +.Fa name +to +.Fa bp +indenting each line by +.Fa obase +characters. +Multiple lines are used if the output (including indent) exceeds 80 +characters. +.Pp +The functions +.Fn X509_NAME_oneline +and +.Fn X509_NAME_print +are legacy functions which produce a non-standard output form. +They don't handle multi-character fields and have various quirks +and inconsistencies. +Their use is strongly discouraged in new applications. +.Pp +Although there are a large number of possible flags, for most purposes +.Dv XN_FLAG_ONELINE , +.Dv XN_FLAG_MULTILINE , +or +.Dv XN_FLAG_RFC2253 +will suffice. +As noted on the +.Xr ASN1_STRING_print_ex 3 +manual page, for UTF-8 terminals the +.Dv ASN1_STRFLGS_ESC_MSB +should be unset: so for example +.Dv XN_FLAG_ONELINE No & Pf ~ Dv ASN1_STRFLGS_ESC_MSB +would be used. +.Pp +The complete set of the flags supported by +.Dv X509_NAME_print_ex +is listed below. +.Pp +Several options can be OR'ed together. +.Pp +The options +.Dv XN_FLAG_SEP_COMMA_PLUS , +.Dv XN_FLAG_SEP_CPLUS_SPC , +.Dv XN_FLAG_SEP_SPLUS_SPC , +and +.Dv XN_FLAG_SEP_MULTILINE +determine the field separators to use. +Two distinct separators are used between distinct +.Vt RelativeDistinguishedName +components and separate values in the same RDN for a multi-valued RDN. +Multi-valued RDNs are currently very rare so the second separator +will hardly ever be used. +.Pp +.Dv XN_FLAG_SEP_COMMA_PLUS +uses comma and plus as separators. +.Dv XN_FLAG_SEP_CPLUS_SPC +uses comma and plus with spaces: +this is more readable that plain comma and plus. +.Dv XN_FLAG_SEP_SPLUS_SPC +uses spaced semicolon and plus. +.Dv XN_FLAG_SEP_MULTILINE +uses spaced newline and plus respectively. +.Pp +If +.Dv XN_FLAG_DN_REV +is set, the whole DN is printed in reversed order. +.Pp +The fields +.Dv XN_FLAG_FN_SN , +.Dv XN_FLAG_FN_LN , +.Dv XN_FLAG_FN_OID , +and +.Dv XN_FLAG_FN_NONE +determine how a field name is displayed. +It will use the short name (e.g. CN), the long name (e.g. commonName), +always use OID numerical form (normally OIDs are only used if the +field name is not recognised) and no field name, respectively. +.Pp +If +.Dv XN_FLAG_SPC_EQ +is set, then spaces will be placed around the +.Ql = +character separating field names and values. +.Pp +If +.Dv XN_FLAG_DUMP_UNKNOWN_FIELDS +is set, then the encoding of unknown fields is printed instead of the +values. +.Pp +If +.Dv XN_FLAG_FN_ALIGN +is set, then field names are padded to 20 characters: +this is only of use for multiline format. +.Pp +Additionally, all the options supported by +.Xr ASN1_STRING_print_ex 3 +can be used to control how each field value is displayed. +.Pp +In addition a number of options can be set for commonly used formats. +.Pp +.Dv XN_FLAG_RFC2253 +sets options which produce an output compatible with RFC 2253. +It is equivalent to +.Dv ASN1_STRFLGS_RFC2253 | XN_FLAG_SEP_COMMA_PLUS | XN_FLAG_DN_REV | +.Dv XN_FLAG_FN_SN | XN_FLAG_DUMP_UNKNOWN_FIELDS . +.Pp +.Dv XN_FLAG_ONELINE +is a more readable one line format which is the same as: +.Dv ASN1_STRFLGS_RFC2253 | ASN1_STRFLGS_ESC_QUOTE | XN_FLAG_SEP_CPLUS_SPC | +.Dv XN_FLAG_SPC_EQ | XN_FLAG_FN_SN . +.Pp +.Dv XN_FLAG_MULTILINE +is a multiline format which is the same as: +.Dv ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB | XN_FLAG_SEP_MULTILINE | +.Dv XN_FLAG_SPC_EQ | XN_FLAG_FN_LN | XN_FLAG_FN_ALIGN . +.Pp +.Dv XN_FLAG_COMPAT +uses a format identical to +.Fn X509_NAME_print : +in fact it calls +.Fn X509_NAME_print +internally. +.Sh RETURN VALUES +.Fn X509_NAME_print_ex +and +.Fn X509_NAME_print_ex_fp +return 1 on success or 0 on error if +.Dv XN_FLAG_COMPAT +is set in +.Fa flags . +Otherwise, they return the number of printed bytes including the +indentation or \-1 on error. +.Pp +.Fn X509_NAME_oneline +returns a valid string on success or +.Dv NULL +on error. +.Pp +.Fn X509_NAME_print +returns 1 on success or 0 on error. +.Sh SEE ALSO +.Xr ASN1_STRING_print_ex 3 , +.Xr d2i_X509_NAME 3 , +.Xr X509_NAME_get_index_by_NID 3 , +.Xr X509_NAME_new 3 +.Sh HISTORY +.Fn X509_NAME_oneline +and +.Fn X509_NAME_print +first appeared in SSLeay 0.5.1 and have been available since +.Ox 2.4 . +.Pp +.Fn X509_NAME_print_ex +and +.Fn X509_NAME_print_ex_fp +first appeared in OpenSSL 0.9.6 and have been available since +.Ox 2.9 . diff --git a/src/lib/libcrypto/man/X509_OBJECT_get0_X509.3 b/src/lib/libcrypto/man/X509_OBJECT_get0_X509.3 new file mode 100644 index 00000000000..905146b38f0 --- /dev/null +++ b/src/lib/libcrypto/man/X509_OBJECT_get0_X509.3 @@ -0,0 +1,256 @@ +.\" $OpenBSD: X509_OBJECT_get0_X509.3,v 1.8 2018/08/24 19:23:07 tb Exp $ +.\" Copyright (c) 2018 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: August 24 2018 $ +.Dt X509_OBJECT_GET0_X509 3 +.Os +.Sh NAME +.Nm X509_OBJECT_get_type , +.Nm X509_OBJECT_up_ref_count , +.Nm X509_OBJECT_free_contents , +.Nm X509_OBJECT_get0_X509 , +.Nm X509_OBJECT_get0_X509_CRL , +.Nm X509_OBJECT_idx_by_subject , +.Nm X509_OBJECT_retrieve_by_subject , +.Nm X509_OBJECT_retrieve_match +.Nd certificate, CRL, private key, and string wrapper for certificate stores +.Sh SYNOPSIS +.In openssl/x509_vfy.h +.Ft int +.Fo X509_OBJECT_get_type +.Fa "const X509_OBJECT *obj" +.Fc +.Ft int +.Fo X509_OBJECT_up_ref_count +.Fa "X509_OBJECT *obj" +.Fc +.Ft void +.Fo X509_OBJECT_free_contents +.Fa "X509_OBJECT *obj" +.Fc +.Ft X509 * +.Fo X509_OBJECT_get0_X509 +.Fa "const X509_OBJECT *obj" +.Fc +.Ft X509_CRL * +.Fo X509_OBJECT_get0_X509_CRL +.Fa "X509_OBJECT *obj" +.Fc +.Ft int +.Fo X509_OBJECT_idx_by_subject +.Fa "STACK_OF(X509_OBJECT) *stack" +.Fa "int type" +.Fa "X509_NAME *name" +.Fc +.Ft X509_OBJECT * +.Fo X509_OBJECT_retrieve_by_subject +.Fa "STACK_OF(X509_OBJECT) *stack" +.Fa "int type" +.Fa "X509_NAME *name" +.Fc +.Ft X509_OBJECT * +.Fo X509_OBJECT_retrieve_match +.Fa "STACK_OF(X509_OBJECT) *stack" +.Fa "X509_OBJECT *obj" +.Fc +.Sh DESCRIPTION +The +.Vt X509_OBJECT +structure is a shallow wrapper around one +.Vt X509 +certificate object, one +.Vt X509_CRL +certificate revocation list object, one +.Vt EVP_PKEY +private key object, or one +.Vt char * +string. +The type of object stored at any given time can be inspected with +.Fn X509_OBJECT_get_type . +.Pp +Each +.Vt X509_STORE +object uses one stack of +.Vt X509_OBJECT +structures as its main storage area. +.Pp +If +.Fa obj +contains an +.Vt X509 +certificate or an +.Vt X509_CRL +certificate revocation list, +.Fn X509_OBJECT_up_ref_count +increments the reference count of that inner object by 1. +Otherwise, no action occurs. +.Pp +If +.Fa obj +contains an +.Vt X509 +certificate, +.Fn X509_OBJECT_free_contents +calls +.Xr X509_free 3 +on that inner object. +If +.Fa obj +contains an +.Vt X509_CRL +certificate revocation list, it calls +.Xr X509_CRL_free 3 +on that inner list. +Otherwise, no action occurs. +.Fn X509_OBJECT_free_contents +does not free +.Fa obj +itself. +.Pp +If +.Fa type +is +.Dv X509_LU_X509 , +.Fn X509_OBJECT_idx_by_subject +and +.Fn X509_OBJECT_retrieve_by_subject +search the given +.Fa stack +for a certificate with the subject +.Fa name . +If +.Fa type +is +.Dv X509_LU_CRL , +they search for a certificate revocation list with the issuer +.Fa name +instead. +.Pp +If +.Fa obj +contains a certificate, +.Fn X509_OBJECT_retrieve_match +searches the given +.Fa stack +for a certificate with a matching subject name; +if it contains a certificate revocation list, it searches for a +certificate revocation list with a matching issuer name instead; +otherwise, it searches for an +.Vt X509_OBJECT +with a matching type. +.Sh RETURN VALUES +.Fn X509_OBJECT_get_type +returns +.Dv X509_LU_X509 +if +.Fa obj +contains a certificate, +.Dv X509_LU_CRL +if it contains a certificate revocation list, +or 0 if an error occurs. +.Pp +.Fn X509_OBJECT_up_ref_count +returns 1 on success and 0 on failure. +.Pp +.Fn X509_OBJECT_get0_X509 +returns an internal pointer to the certificate contained in +.Fa obj +or +.Dv NULL +if +.Fa obj +is +.Dv NULL +or contains no certificate. +.Pp +.Fn X509_OBJECT_get0_X509_CRL +returns an internal pointer to the certificate revocation list contained in +.Fa obj +or +.Dv NULL +if +.Fa obj +is +.Dv NULL +or contains no certificate revocation list. +.Pp +.Fn X509_OBJECT_idx_by_subject +returns the zero-based index of the first matching certificate +or revocation list in the +.Fa stack +or \-1 if +.Fa type +is neither +.Dv X509_LU_X509 +nor +.Dv X509_LU_CRL +or if no match is found. +.Pp +.Fn X509_OBJECT_retrieve_by_subject +returns the first matching certificate or revocation list in the +.Fa stack +or +.Dv NULL +if +.Fa type +is neither +.Dv X509_LU_X509 +nor +.Dv X509_LU_CRL +or if no match is found. +.Pp +.Fn X509_OBJECT_retrieve_match +returns the first mathching +.Vt X509_OBJECT +or +.Dv NULL +if +.Fa stack +or +.Fa obj +is +.Dv NULL +or no match is found. +.Sh SEE ALSO +.Xr X509_STORE_get0_objects 3 , +.Xr X509_STORE_load_locations 3 , +.Xr X509_STORE_new 3 +.\" The type X509_OBJECT is also used +.\" by the following undocumented public functions: +.\" X509_STORE_get_by_subject +.\" X509_LOOKUP_by_subject +.\" X509_LOOKUP_by_issuer_serial +.\" X509_LOOKUP_by_fingerprint +.\" X509_LOOKUP_by_alias +.Sh HISTORY +.Fn X509_OBJECT_up_ref_count +and +.Fn X509_OBJECT_free_contents +first appeared in SSLeay 0.8.0 and have been available since +.Ox 2.4 . +.Pp +.Fn X509_OBJECT_idx_by_subject , +.Fn X509_OBJECT_retrieve_by_subject , +and +.Fn X509_OBJECT_retrieve_match +first appeared in OpenSSL 0.9.6 and have been available since +.Ox 2.9 . +.Pp +.Fn X509_OBJECT_get_type , +.Fn X509_OBJECT_get0_X509 , +and +.Fn X509_OBJECT_get0_X509_CRL +first appeared in OpenSSL 1.1.0 and have been available since +.Ox 6.3 . diff --git a/src/lib/libcrypto/man/X509_PUBKEY_new.3 b/src/lib/libcrypto/man/X509_PUBKEY_new.3 new file mode 100644 index 00000000000..d5af722e429 --- /dev/null +++ b/src/lib/libcrypto/man/X509_PUBKEY_new.3 @@ -0,0 +1,319 @@ +.\" $OpenBSD: X509_PUBKEY_new.3,v 1.13 2018/03/27 17:35:50 schwarze Exp $ +.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt X509_PUBKEY_NEW 3 +.Os +.Sh NAME +.Nm X509_PUBKEY_new , +.Nm X509_PUBKEY_free , +.Nm X509_PUBKEY_set , +.Nm X509_PUBKEY_get0 , +.Nm X509_PUBKEY_get , +.Nm d2i_PUBKEY , +.Nm i2d_PUBKEY , +.Nm d2i_PUBKEY_bio , +.Nm d2i_PUBKEY_fp , +.Nm i2d_PUBKEY_fp , +.Nm i2d_PUBKEY_bio , +.Nm X509_PUBKEY_set0_param , +.Nm X509_PUBKEY_get0_param +.Nd X.509 SubjectPublicKeyInfo structure +.Sh SYNOPSIS +.In openssl/x509.h +.Ft X509_PUBKEY * +.Fn X509_PUBKEY_new void +.Ft void +.Fo X509_PUBKEY_free +.Fa "X509_PUBKEY *a" +.Fc +.Ft int +.Fo X509_PUBKEY_set +.Fa "X509_PUBKEY **x" +.Fa "EVP_PKEY *pkey" +.Fc +.Ft EVP_PKEY * +.Fo X509_PUBKEY_get0 +.Fa "X509_PUBKEY *key" +.Fc +.Ft EVP_PKEY * +.Fo X509_PUBKEY_get +.Fa "X509_PUBKEY *key" +.Fc +.Ft EVP_PKEY * +.Fo d2i_PUBKEY +.Fa "EVP_PKEY **a" +.Fa "const unsigned char **pp" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_PUBKEY +.Fa "EVP_PKEY *a" +.Fa "unsigned char **pp" +.Fc +.Ft EVP_PKEY * +.Fo d2i_PUBKEY_bio +.Fa "BIO *bp" +.Fa "EVP_PKEY **a" +.Fc +.Ft EVP_PKEY * +.Fo d2i_PUBKEY_fp +.Fa "FILE *fp" +.Fa "EVP_PKEY **a" +.Fc +.Ft int +.Fo i2d_PUBKEY_fp +.Fa "FILE *fp" +.Fa "EVP_PKEY *pkey" +.Fc +.Ft int +.Fo i2d_PUBKEY_bio +.Fa "BIO *bp" +.Fa "EVP_PKEY *pkey" +.Fc +.Ft int +.Fo X509_PUBKEY_set0_param +.Fa "X509_PUBKEY *pub" +.Fa "ASN1_OBJECT *aobj" +.Fa "int ptype" +.Fa "void *pval" +.Fa "unsigned char *penc" +.Fa "int penclen" +.Fc +.Ft int +.Fo X509_PUBKEY_get0_param +.Fa "ASN1_OBJECT **ppkalg" +.Fa "const unsigned char **pk" +.Fa "int *ppklen" +.Fa "X509_ALGOR **pa" +.Fa "X509_PUBKEY *pub" +.Fc +.Sh DESCRIPTION +The +.Vt X509_PUBKEY +structure represents the ASN.1 +.Vt SubjectPublicKeyInfo +structure defined in RFC 5280 section 4.1 and used in certificates +and certificate requests. +.Pp +.Fn X509_PUBKEY_new +allocates and initializes an +.Vt X509_PUBKEY +structure. +.Pp +.Fn X509_PUBKEY_free +frees up the +.Vt X509_PUBKEY +structure +.Fa a . +If +.Fa a +is a +.Dv NULL +pointer, no action occurs. +.Pp +.Fn X509_PUBKEY_set +sets the public key in +.Pf * Fa x +to the public key contained in the +.Vt EVP_PKEY +structure +.Fa pkey . +If +.Pf * Fa x +is not +.Dv NULL , +any existing public key structure will be freed. +.Pp +.Fn X509_PUBKEY_get0 +returns the public key contained in +.Fa key . +The returned value is an internal pointer which must not be freed after use. +.Pp +.Fn X509_PUBKEY_get +is similar to +.Fn X509_PUBKEY_get0 +except that the reference +count on the returned key is incremented so it must be freed using +.Xr EVP_PKEY_free 3 +after use. +.Pp +.Fn d2i_PUBKEY +and +.Fn i2d_PUBKEY +decode and encode an +.Vt EVP_PKEY +structure using +.Vt SubjectPublicKeyInfo +format. +For details about the semantics, examples, caveats, and bugs, see +.Xr ASN1_item_d2i 3 . +.Fn d2i_PUBKEY_bio , +.Fn d2i_PUBKEY_fp , +.Fn i2d_PUBKEY_bio +and +.Fn i2d_PUBKEY_fp +are similar except they decode or encode using a +.Vt BIO +or +.Vt FILE +pointer. +.Pp +.Fn X509_PUBKEY_set0_param +sets the public key parameters of +.Fa pub . +The OID associated with the algorithm is set to +.Fa aobj . +The type of the algorithm parameters is set to +.Fa ptype +using the structure +.Fa pval . +The encoding of the public key itself is set to the +.Fa penclen +bytes contained in buffer +.Fa penc . +On success ownership of all the supplied parameters is passed to +.Fa pub +so they must not be freed after the call. +.Pp +.Fn X509_PUBKEY_get0_param +retrieves the public key parameters from +.Fa pub , +.Pf * Fa ppkalg +is set to the associated OID and the encoding consists of +.Pf * Fa ppklen +bytes at +.Pf * Fa pk , +and +.Pf * Fa pa +is set to the associated +.Vt AlgorithmIdentifier +for the public key. +If the value of any of these parameters is not required, +it can be set to +.Dv NULL . +All of the retrieved pointers are internal and must not be freed after +the call. +.Sh RETURN VALUES +If the allocation fails, +.Fn X509_PUBKEY_new +returns +.Dv NULL +and sets an error code that can be obtained by +.Xr ERR_get_error 3 . +Otherwise it returns a pointer to the newly allocated structure. +.Pp +.Fn X509_PUBKEY_get0 , +.Fn X509_PUBKEY_get , +.Fn d2i_PUBKEY , +.Fn d2i_PUBKEY_bio , +and +.Fn d2i_PUBKEY_fp +return a pointer to an +.Vt EVP_PKEY +structure or +.Dv NULL +if an error occurs. +.Pp +.Fn i2d_PUBKEY +returns the number of bytes successfully encoded or a negative value +if an error occurs. +.Pp +.Fn X509_PUBKEY_set , +.Fn X509_PUBKEY_set0_param , +.Fn X509_PUBKEY_get0_param , +.Fn i2d_PUBKEY_fp , +and +.Fn i2d_PUBKEY_bio +return 1 for success and 0 if an error occurred. +.Sh SEE ALSO +.Xr d2i_X509 3 , +.Xr ERR_get_error 3 , +.Xr EVP_PKEY_asn1_set_public 3 , +.Xr X509_ALGOR_new 3 , +.Xr X509_get_pubkey 3 +.Sh STANDARDS +RFC 5280: Internet X.509 Public Key Infrastructure Certificate and +Certificate Revocation List (CRL) Profile +.Sh HISTORY +.Fn X509_PUBKEY_new +and +.Fn X509_PUBKEY_free +appeared in SSLeay 0.4 or earlier. +.Fn X509_PUBKEY_set +and +.Fn X509_PUBKEY_get +first appeared in SSLeay 0.8.0. +These functions have been available since +.Ox 2.4 . +.Pp +.Fn d2i_PUBKEY +and +.Fn i2d_PUBKEY +first appeared in OpenSSL 0.9.5 and have been available since +.Ox 2.7 . +.Pp +.Fn d2i_PUBKEY_bio , +.Fn d2i_PUBKEY_fp , +.Fn i2d_PUBKEY_fp , +and +.Fn i2d_PUBKEY_bio +first appeared in OpenSSL 0.9.6 and have been available since +.Ox 2.9 . +.Pp +.Fn X509_PUBKEY_set0_param +and +.Fn X509_PUBKEY_get0_param +first appeared in OpenSSL 1.0.0 and have been available since +.Ox 4.9 . +.Pp +.Fn X509_PUBKEY_get0 +first appeared in OpenSSL 1.1.0 and has been available since +.Ox 6.3 . diff --git a/src/lib/libcrypto/man/X509_REQ_new.3 b/src/lib/libcrypto/man/X509_REQ_new.3 new file mode 100644 index 00000000000..8d000328f65 --- /dev/null +++ b/src/lib/libcrypto/man/X509_REQ_new.3 @@ -0,0 +1,102 @@ +.\" $OpenBSD: X509_REQ_new.3,v 1.5 2018/07/29 20:29:32 tb Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: July 29 2018 $ +.Dt X509_REQ_NEW 3 +.Os +.Sh NAME +.Nm X509_REQ_new , +.Nm X509_REQ_free , +.Nm X509_REQ_INFO_new , +.Nm X509_REQ_INFO_free +.Nd PKCS#10 certification requests +.Sh SYNOPSIS +.In openssl/x509.h +.Ft X509_REQ * +.Fn X509_REQ_new void +.Ft void +.Fn X509_REQ_free "X509_REQ *req" +.Ft X509_REQ_INFO * +.Fn X509_REQ_INFO_new void +.Ft void +.Fn X509_REQ_INFO_free "X509_REQ_INFO *req_info" +.Sh DESCRIPTION +.Fn X509_REQ_new +allocates and initializes an empty +.Vt X509_REQ +object, representing an ASN.1 +.Vt CertificationRequest +structure defined in RFC 2986 section 4.2. +It can hold a pointer to an +.Vt X509_REQ_INFO +object discussed below together with a cryptographic signature and +information about the signature algorithm used. +.Fn X509_REQ_free +frees +.Fa req . +If +.Fa req +is a +.Dv NULL +pointer, no action occurs. +.Pp +.Fn X509_REQ_INFO_new +allocates and initializes an empty +.Vt X509_REQ_INFO +object, representing an ASN.1 +.Vt CertificationRequestInfo +structure defined in RFC 2986 section 4.1. +It is used inside the +.Vt X509_REQ +object and can hold the subject and the public key of the requested +certificate and additional attributes. +.Fn X509_REQ_INFO_free +frees +.Fa req_info . +If +.Fa req_info +is a +.Dv NULL +pointer, no action occurs. +.Sh RETURN VALUES +.Fn X509_REQ_new +and +.Fn X509_REQ_INFO_new +return the new +.Vt X509_REQ +or +.Vt X509_REQ_INFO +object, respectively, or +.Dv NULL +if an error occurs. +.Sh SEE ALSO +.Xr d2i_X509_REQ 3 , +.Xr PEM_read_X509_REQ 3 , +.Xr X509_new 3 , +.Xr X509_REQ_get_pubkey 3 , +.Xr X509_REQ_get_subject_name 3 , +.Xr X509_REQ_get_version 3 , +.Xr X509_REQ_sign 3 +.Sh STANDARDS +RFC 2986: PKCS #10: Certification Request Syntax Specification +.Sh HISTORY +.Fn X509_REQ_new , +.Fn X509_REQ_free , +.Fn X509_REQ_INFO_new , +and +.Fn X509_REQ_INFO_free +first appeared in SSLeay 0.4.4 and have been available since +.Ox 2.4 . diff --git a/src/lib/libcrypto/man/X509_REVOKED_new.3 b/src/lib/libcrypto/man/X509_REVOKED_new.3 new file mode 100644 index 00000000000..03f45b166ed --- /dev/null +++ b/src/lib/libcrypto/man/X509_REVOKED_new.3 @@ -0,0 +1,201 @@ +.\" $OpenBSD: X509_REVOKED_new.3,v 1.9 2018/03/27 17:35:50 schwarze Exp $ +.\" full merge up to: +.\" OpenSSL man3/X509_CRL_get0_by_serial cdd6c8c5 Mar 20 12:29:37 2017 +0100 +.\" +.\" This file is a derived work. +.\" The changes are covered by the following Copyright and license: +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" The original file was written by Dr. Stephen Henson . +.\" Copyright (c) 2015 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt X509_REVOKED_NEW 3 +.Os +.Sh NAME +.Nm X509_REVOKED_new , +.Nm X509_REVOKED_dup , +.Nm X509_REVOKED_free , +.Nm X509_REVOKED_get0_serialNumber , +.Nm X509_REVOKED_get0_revocationDate , +.Nm X509_REVOKED_set_serialNumber , +.Nm X509_REVOKED_set_revocationDate +.Nd create, change, and inspect an X.509 CRL revoked entry +.Sh SYNOPSIS +.In openssl/x509.h +.Ft X509_REVOKED * +.Fn X509_REVOKED_new void +.Ft X509_REVOKED * +.Fo X509_REVOKED_dup +.Fa "X509_REVOKED *r" +.Fc +.Ft void +.Fn X509_REVOKED_free "X509_REVOKED *r" +.Ft const ASN1_INTEGER * +.Fo X509_REVOKED_get0_serialNumber +.Fa "const X509_REVOKED *r" +.Fc +.Ft const ASN1_TIME * +.Fo X509_REVOKED_get0_revocationDate +.Fa "const X509_REVOKED *r" +.Fc +.Ft int +.Fo X509_REVOKED_set_serialNumber +.Fa "X509_REVOKED *r" +.Fa "ASN1_INTEGER *serial" +.Fc +.Ft int +.Fo X509_REVOKED_set_revocationDate +.Fa "X509_REVOKED *r" +.Fa "ASN1_TIME *tm" +.Fc +.Sh DESCRIPTION +.Fn X509_REVOKED_new +allocates and initializes an empty +.Vt X509_REVOKED +object, representing one of the elements of +the revokedCertificates field of the ASN.1 +.Vt TBSCertList +structure defined in RFC 5280 section 5.1. +It is used by +.Vt X509_CRL +objects and can hold information about one revoked certificate +including issuer names, serial number, revocation date, and revocation +reason. +.Pp +.Fn X509_REVOKED_dup +creates a deep copy of +.Fa r . +.Pp +.Fn X509_REVOKED_free +frees +.Fa r . +.Pp +.Fn X509_REVOKED_set_serialNumber +sets the serial number of +.Fa r +to +.Fa serial . +The supplied +.Fa serial +pointer is not used internally so it should be freed up after use. +.Pp +.Fn X509_REVOKED_set_revocationDate +sets the revocation date of +.Fa r +to +.Fa tm . +The supplied +.Fa tm +pointer is not used internally so it should be freed up after use. +.Sh RETURN VALUES +.Fn X509_REVOKED_new +and +.Fn X509_REVOKED_dup +return the new +.Vt X509_REVOKED +object or +.Dv NULL +if an error occurs. +.Pp +.Fn X509_REVOKED_get0_serialNumber +returns an internal pointer to the serial number of +.Fa r . +.Pp +.Fn X509_REVOKED_get0_revocationDate +returns an internal pointer to the revocation date of +.Fa r . +.Pp +.Fn X509_REVOKED_set_serialNumber +and +.Fn X509_REVOKED_set_revocationDate +return 1 for success or 0 for failure. +.Sh SEE ALSO +.Xr d2i_X509_CRL 3 , +.Xr ERR_get_error 3 , +.Xr PEM_read_X509_CRL 3 , +.Xr X509_CRL_get0_by_serial 3 , +.Xr X509_EXTENSION_new 3 , +.Xr X509_REVOKED_get_ext 3 , +.Xr X509_REVOKED_get_ext_d2i 3 +.Sh STANDARDS +RFC 5280: Internet X.509 Public Key Infrastructure Certificate and +Certificate Revocation List (CRL) Profile, section 5.1: CRL Fields +.Sh HISTORY +.Fn X509_REVOKED_new +and +.Fn X509_REVOKED_free +first appeared in SSLeay 0.4.4 and have been available since +.Ox 2.4 . +.Pp +.Fn X509_REVOKED_set_serialNumber +and +.Fn X509_REVOKED_set_revocationDate +first appeared in OpenSSL 0.9.7 and have been available since +.Ox 3.2 . +.Pp +.Fn X509_REVOKED_dup +first appeared in OpenSSL 1.0.2. +.Fn X509_REVOKED_get0_serialNumber +and +.Fn X509_REVOKED_get0_revocationDate +first appeared in OpenSSL 1.1.0. +These functions have been available since +.Ox 6.3 . diff --git a/src/lib/libcrypto/man/X509_SIG_new.3 b/src/lib/libcrypto/man/X509_SIG_new.3 new file mode 100644 index 00000000000..79a7125202c --- /dev/null +++ b/src/lib/libcrypto/man/X509_SIG_new.3 @@ -0,0 +1,67 @@ +.\" $OpenBSD: X509_SIG_new.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt X509_SIG_NEW 3 +.Os +.Sh NAME +.Nm X509_SIG_new , +.Nm X509_SIG_free +.Nd PKCS#7 digest information +.Sh SYNOPSIS +.In openssl/x509.h +.Ft X509_SIG * +.Fn X509_SIG_new void +.Ft void +.Fn X509_SIG_free "X509_SIG *sig" +.Sh DESCRIPTION +.Fn X509_SIG_new +allocates and initializes an empty +.Vt X509_SIG +object, representing an ASN.1 +.Vt DigestInfo +structure defined in RFC 2315 section 9.4 +and equivalently in RFC 8017 section 9.2. +It can hold a message digest together with information about +the algorithm used. +.Pp +.Fn X509_SIG_free +frees +.Fa sig . +.Sh RETURN VALUES +.Fn X509_SIG_new +returns the new +.Vt X509_SIG +object or +.Dv NULL +if an error occurs. +.Sh SEE ALSO +.Xr d2i_X509_SIG 3 , +.Xr PEM_read_PKCS8 3 , +.Xr RSA_sign 3 , +.Xr X509_new 3 +.Sh STANDARDS +RFC 2315: PKCS #7: Cryptographic Message Syntax, +section 9: Signed-data content type +.Pp +RFC 8017: PKCS #1: RSA Cryptography Specifications, +section 9: Encoding Methods for Signatures +.Sh HISTORY +.Fn X509_SIG_new +and +.Fn X509_SIG_free +appeared in SSLeay 0.4 or earlier and have been available since +.Ox 2.4 . diff --git a/src/lib/libcrypto/man/X509_STORE_CTX_get_error.3 b/src/lib/libcrypto/man/X509_STORE_CTX_get_error.3 new file mode 100644 index 00000000000..06021bb5c4a --- /dev/null +++ b/src/lib/libcrypto/man/X509_STORE_CTX_get_error.3 @@ -0,0 +1,395 @@ +.\" $OpenBSD: X509_STORE_CTX_get_error.3,v 1.11 2018/03/27 17:35:50 schwarze Exp $ +.\" full merge up to: +.\" OpenSSL crypto/X509_STORE_CTX_get_error f0e0fd51 Apr 14 23:59:26 2016 -0400 +.\" selective merge up to: +.\" OpenSSL man3/X509_STORE_CTX_get_error 2947af32 Nov 19 00:10:05 2016 +0100 +.\" OpenSSL man3/X509_STORE_CTX_new 7643a172 Apr 21 13:35:51 2017 +0200 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2009, 2013, 2015, 2016 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt X509_STORE_CTX_GET_ERROR 3 +.Os +.Sh NAME +.Nm X509_STORE_CTX_get_error , +.Nm X509_STORE_CTX_set_error , +.Nm X509_STORE_CTX_get_error_depth , +.Nm X509_STORE_CTX_get_current_cert , +.Nm X509_STORE_CTX_get0_cert , +.Nm X509_STORE_CTX_get0_chain , +.Nm X509_STORE_CTX_get1_chain , +.Nm X509_verify_cert_error_string +.Nd get or set certificate verification status information +.Sh SYNOPSIS +.In openssl/x509.h +.Ft int +.Fo X509_STORE_CTX_get_error +.Fa "X509_STORE_CTX *ctx" +.Fc +.Ft void +.Fo X509_STORE_CTX_set_error +.Fa "X509_STORE_CTX *ctx" +.Fa "int s" +.Fc +.Ft int +.Fo X509_STORE_CTX_get_error_depth +.Fa "X509_STORE_CTX *ctx" +.Fc +.Ft X509 * +.Fo X509_STORE_CTX_get_current_cert +.Fa "X509_STORE_CTX *ctx" +.Fc +.Ft X509 * +.Fo X509_STORE_CTX_get0_cert +.Fa "X509_STORE_CTX *ctx" +.Fc +.Ft STACK_OF(X509) * +.Fo X509_STORE_CTX_get0_chain +.Fa "X509_STORE_CTX *ctx" +.Fc +.Ft STACK_OF(X509) * +.Fo X509_STORE_CTX_get1_chain +.Fa "X509_STORE_CTX *ctx" +.Fc +.Ft const char * +.Fo X509_verify_cert_error_string +.Fa "long n" +.Fc +.Sh DESCRIPTION +These functions are typically called after +.Xr X509_verify_cert 3 +has indicated an error or in a verification callback to determine the +nature of an error. +.Pp +.Fn X509_STORE_CTX_get_error +returns the error code of +.Fa ctx . +See the +.Sy ERROR CODES +section for a full description of all error codes. +.Pp +.Fn X509_STORE_CTX_set_error +sets the error code of +.Fa ctx +to +.Fa s . +For example it might be used in a verification callback to set an error +based on additional checks. +.Pp +.Fn X509_STORE_CTX_get_error_depth +returns the depth of the error. +This is a non-negative integer representing where in the certificate +chain the error occurred. +If it is zero, it occurred in the end entity certificate, one if it is +the certificate which signed the end entity certificate, and so on. +.Pp +.Fn X509_STORE_CTX_get_current_cert +returns the certificate in +.Fa ctx +which caused the error or +.Dv NULL +if no certificate is relevant. +.Pp +.Fn X509_STORE_CTX_get0_chain +returns an internal pointer to a complete validate chain +if a previous call to +.Xr X509_verify_cert 3 +was successful. +If the call to +.Xr X509_verify_cert 3 +was not successful, the returned chain may be incomplete or invalid. +.Fn X509_STORE_CTX_get1_chain +returns a deep copy of the same chain which persists even after the +.Fa ctx +structure is freed. +When it is no longer needed, it should be freed using +.Fn sk_X509_pop_free chain X509_free . +.Pp +.Fn X509_verify_cert_error_string +returns a human readable error string for verification error +.Fa n . +.Pp +The above functions should be used instead of directly referencing the +fields in the +.Sy X509_VERIFY_CTX +structure. +.Pp +In versions of OpenSSL before 1.0, the current certificate returned by +.Fn X509_STORE_CTX_get_current_cert +was never +.Dv NULL . +Applications should check the return value before printing out any +debugging information relating to the current certificate. +.Pp +If an unrecognised error code is passed to +.Fn X509_verify_cert_error_string , +the numerical value of the unknown code is returned in a static buffer. +This is not thread safe but will never happen unless an invalid code is +passed. +.Sh RETURN VALUES +.Fn X509_STORE_CTX_get_error +returns +.Dv X509_V_OK +or an error code. +.Pp +.Fn X509_STORE_CTX_get_error_depth +returns a non-negative error depth. +.Pp +.Fn X509_STORE_CTX_get_current_cert +returns the certificate which caused the error or +.Dv NULL +if no certificate is relevant to the error. +.Pp +.Fn X509_STORE_CTX_get0_cert +retrieves an internal pointer to the certificate being verified by +.Fa ctx . +.Pp +.Fn X509_STORE_CTX_get0_chain +and +.Fn X509_STORE_CTX_get1_chain +return a pointer to a stack of certificates or +.Dv NULL +if an error occurs. +.Pp +.Fn X509_verify_cert_error_string +returns a human readable error string for verification error +.Fa n . +.Sh ERROR CODES +A list of error codes and messages is shown below. +Some of the error codes are defined but currently never returned: +these are described as "unused". +.Bl -tag -width Ds +.It Dv X509_V_OK : No ok +The operation was successful. +.It Dv X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT : \ + No unable to get issuer certificate +The issuer certificate could not be found: this occurs if the issuer +certificate of an untrusted certificate cannot be found. +.It Dv X509_V_ERR_UNABLE_TO_GET_CRL : No unable to get certificate CRL +The CRL of a certificate could not be found. +.It Dv X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE : \ + No unable to decrypt certificate's signature +The certificate signature could not be decrypted. +This means that the actual signature value could not be determined +rather than it not matching the expected value. +This is only meaningful for RSA keys. +.It Dv X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE : \ + No unable to decrypt CRL's signature +The CRL signature could not be decrypted: this means that the actual +signature value could not be determined rather than it not matching the +expected value. +Unused. +.It Dv X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY : \ + No unable to decode issuer public key +The public key in the certificate +.Vt SubjectPublicKeyInfo +could not be read. +.It Dv X509_V_ERR_CERT_SIGNATURE_FAILURE : No certificate signature failure +The signature of the certificate is invalid. +.It Dv X509_V_ERR_CRL_SIGNATURE_FAILURE : No CRL signature failure +The signature of the certificate is invalid. +.It Dv X509_V_ERR_CERT_NOT_YET_VALID : No certificate is not yet valid +The certificate is not yet valid: the notBefore date is after the +current time. +.It Dv X509_V_ERR_CERT_HAS_EXPIRED : No certificate has expired +The certificate has expired: that is the notAfter date is before the +current time. +.It Dv X509_V_ERR_CRL_NOT_YET_VALID : No CRL is not yet valid +The CRL is not yet valid. +.It Dv X509_V_ERR_CRL_HAS_EXPIRED : No CRL has expired +The CRL has expired. +.It Dv X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD : \ + No format error in certificate's notBefore field +The certificate notBefore field contains an invalid time. +.It Dv X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD : \ + No format error in certificate's notAfter field +The certificate notAfter field contains an invalid time. +.It Dv X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD : \ + No format error in CRL's lastUpdate field +The CRL lastUpdate field contains an invalid time. +.It Dv X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD : \ + No format error in CRL's nextUpdate field +The CRL nextUpdate field contains an invalid time. +.It Dv X509_V_ERR_OUT_OF_MEM : No out of memory +An error occurred trying to allocate memory. +This should never happen. +.It Dv X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT : No self signed certificate +The passed certificate is self signed and the same certificate cannot be +found in the list of trusted certificates. +.It Dv X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN : \ + No self signed certificate in certificate chain +The certificate chain could be built up using the untrusted certificates +but the root could not be found locally. +.It Dv X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY : \ + No unable to get local issuer certificate +The issuer certificate of a locally looked up certificate could not be found. +This normally means the list of trusted certificates is not complete. +.It Dv X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE : \ + No unable to verify the first certificate +No signatures could be verified because the chain contains only one +certificate and it is not self signed. +.It Dv X509_V_ERR_CERT_CHAIN_TOO_LONG : No certificate chain too long +The certificate chain length is greater than the supplied maximum depth. +Unused. +.It Dv X509_V_ERR_CERT_REVOKED : No certificate revoked +The certificate has been revoked. +.It Dv X509_V_ERR_INVALID_CA : No invalid CA certificate +A CA certificate is invalid. +Either it is not a CA or its extensions are not consistent with the +supplied purpose. +.It Dv X509_V_ERR_PATH_LENGTH_EXCEEDED : No path length constraint exceeded +The basicConstraints path-length parameter has been exceeded. +.It Dv X509_V_ERR_INVALID_PURPOSE : No unsupported certificate purpose +The supplied certificate cannot be used for the specified purpose. +.It Dv X509_V_ERR_CERT_UNTRUSTED : No certificate not trusted +The root CA is not marked as trusted for the specified purpose. +.It Dv X509_V_ERR_CERT_REJECTED : No certificate rejected +The root CA is marked to reject the specified purpose. +.It Dv X509_V_ERR_SUBJECT_ISSUER_MISMATCH : No subject issuer mismatch +The current candidate issuer certificate was rejected because its +subject name did not match the issuer name of the current certificate. +This is only set if issuer check debugging is enabled; it is used for +status notification and is +.Sy not +in itself an error. +.It Dv X509_V_ERR_AKID_SKID_MISMATCH : \ + No authority and subject key identifier mismatch +The current candidate issuer certificate was rejected because its +subject key identifier was present and did not match the authority key +identifier current certificate. +This is only set if issuer check debugging is enabled; it is used for +status notification and is +.Sy not +in itself an error. +.It Dv X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH : \ + Noauthority and issuer serial number mismatch +The current candidate issuer certificate was rejected because its issuer +name and serial number was present and did not match the authority key +identifier of the current certificate. +This is only set if issuer check debugging is enabled; it is used for +status notification and is +.Sy not +in itself an error. +.It Dv X509_V_ERR_KEYUSAGE_NO_CERTSIGN : \ + No key usage does not include certificate signing +The current candidate issuer certificate was rejected because its +keyUsage extension does not permit certificate signing. +This is only set if issuer check debugging is enabled it is used for +status notification and is +.Sy not +in itself an error. +.It Dv X509_V_ERR_INVALID_EXTENSION : \ + No invalid or inconsistent certificate extension +A certificate extension had an invalid value (for example an incorrect +encoding) or some value inconsistent with other extensions. +.It Dv X509_V_ERR_INVALID_POLICY_EXTENSION : \ + No invalid or inconsistent certificate policy extension +A certificate policies extension had an invalid value (for example an +incorrect encoding) or some value inconsistent with other extensions. +This error only occurs if policy processing is enabled. +.It Dv X509_V_ERR_NO_EXPLICIT_POLICY : No no explicit policy +The verification flags were set to require an explicit policy but none +was present. +.It Dv X509_V_ERR_DIFFERENT_CRL_SCOPE : No different CRL scope +The only CRLs that could be found did not match the scope of the +certificate. +.It Dv X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE : \ + No unsupported extension feature +Some feature of a certificate extension is not supported. +Unused. +.It Dv X509_V_ERR_PERMITTED_VIOLATION : No permitted subtree violation +A name constraint violation occurred in the permitted subtrees. +.It Dv X509_V_ERR_EXCLUDED_VIOLATION : No excluded subtree violation +A name constraint violation occurred in the excluded subtrees. +.It Dv X509_V_ERR_SUBTREE_MINMAX : \ + No name constraints minimum and maximum not supported +A certificate name constraints extension included a minimum or maximum +field: this is not supported. +.It Dv X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE : \ + No unsupported name constraint type +An unsupported name constraint type was encountered. +OpenSSL currently only supports directory name, DNS name, email and URI +types. +.It Dv X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX : \ + No unsupported or invalid name constraint syntax +The format of the name constraint is not recognised: for example an +email address format of a form not mentioned in RFC 3280. +This could be caused by a garbage extension or some new feature not +currently supported. +.It Dv X509_V_ERR_CRL_PATH_VALIDATION_ERROR : No CRL path validation error +An error occurred when attempting to verify the CRL path. +This error can only happen if extended CRL checking is enabled. +.It Dv X509_V_ERR_APPLICATION_VERIFICATION : \ + No application verification failure +An application specific error. +This will never be returned unless explicitly set by an application. +.El +.Sh SEE ALSO +.Xr X509_STORE_CTX_new 3 , +.Xr X509_up_ref 3 , +.Xr X509_verify_cert 3 +.Sh HISTORY +.Fn X509_STORE_CTX_get_error , +.Fn X509_STORE_CTX_set_error , +.Fn X509_STORE_CTX_get_error_depth , +.Fn X509_STORE_CTX_get_current_cert , +and +.Fn X509_verify_cert_error_string +first appeared in SSLeay 0.8.0 and have been available since +.Ox 2.4 . +.Pp +.Fn X509_STORE_CTX_get1_chain +first appeared in OpenSSL 0.9.5 and has been available since +.Ox 2.7 . +.Pp +.Fn X509_STORE_CTX_get0_cert +and +.Fn X509_STORE_CTX_get0_chain +first appeared in OpenSSL 1.1.0 and have been available since +.Ox 6.3 . diff --git a/src/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3 b/src/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3 new file mode 100644 index 00000000000..658bc97097b --- /dev/null +++ b/src/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3 @@ -0,0 +1,105 @@ +.\" $OpenBSD: X509_STORE_CTX_get_ex_new_index.3,v 1.4 2018/03/21 07:41:44 schwarze Exp $ +.\" OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2009, 2014 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 21 2018 $ +.Dt X509_STORE_CTX_GET_EX_NEW_INDEX 3 +.Os +.Sh NAME +.Nm X509_STORE_CTX_get_ex_new_index , +.Nm X509_STORE_CTX_set_ex_data , +.Nm X509_STORE_CTX_get_ex_data +.Nd add application specific data to X509_STORE_CTX structures +.Sh SYNOPSIS +.In openssl/x509_vfy.h +.Ft int +.Fo X509_STORE_CTX_get_ex_new_index +.Fa "long argl" +.Fa "void *argp" +.Fa "CRYPTO_EX_new *new_func" +.Fa "CRYPTO_EX_dup *dup_func" +.Fa "CRYPTO_EX_free *free_func" +.Fc +.Ft int +.Fo X509_STORE_CTX_set_ex_data +.Fa "X509_STORE_CTX *d" +.Fa "int idx" +.Fa "void *arg" +.Fc +.Ft void * +.Fo X509_STORE_CTX_get_ex_data +.Fa "X509_STORE_CTX *d" +.Fa "int idx" +.Fc +.Sh DESCRIPTION +These functions handle application specific data in +.Vt X509_STORE_CTX +structures. +Their usage is identical to that of +.Xr RSA_get_ex_new_index 3 , +.Xr RSA_set_ex_data 3 , +and +.Xr RSA_get_ex_data 3 . +.Pp +This mechanism is used internally by the +.Xr ssl 3 +library to store the +.Vt SSL +structure associated with a verification operation in an +.Vt X509_STORE_CTX +structure. +.Sh SEE ALSO +.Xr RSA_get_ex_new_index 3 +.Sh HISTORY +.Fn X509_STORE_CTX_get_ex_new_index , +.Fn X509_STORE_CTX_set_ex_data , +and +.Fn X509_STORE_CTX_get_ex_data +first appeared in SSLeay 0.9.0 and have been available since +.Ox 2.4 . diff --git a/src/lib/libcrypto/man/X509_STORE_CTX_new.3 b/src/lib/libcrypto/man/X509_STORE_CTX_new.3 new file mode 100644 index 00000000000..581c6b2f245 --- /dev/null +++ b/src/lib/libcrypto/man/X509_STORE_CTX_new.3 @@ -0,0 +1,366 @@ +.\" $OpenBSD: X509_STORE_CTX_new.3,v 1.18 2018/03/27 17:35:50 schwarze Exp $ +.\" full merge up to: OpenSSL 186bb907 Apr 13 11:05:13 2015 -0700 +.\" selective merge up to: OpenSSL 7643a172 Apr 21 13:35:51 2017 +0200 +.\" +.\" This file was written by Dr. Stephen Henson +.\" and Rich Salz . +.\" Copyright (c) 2009, 2015, 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt X509_STORE_CTX_NEW 3 +.Os +.Sh NAME +.Nm X509_STORE_CTX_new , +.Nm X509_STORE_CTX_cleanup , +.Nm X509_STORE_CTX_free , +.Nm X509_STORE_CTX_init , +.Nm X509_STORE_CTX_get0_store , +.Nm X509_STORE_CTX_set0_trusted_stack , +.Nm X509_STORE_CTX_trusted_stack , +.Nm X509_STORE_CTX_set_cert , +.\" X509_STORE_CTX_get0_chain moved to X509_STORE_CTX_get_error(3) +.Nm X509_STORE_CTX_set_chain , +.Nm X509_STORE_CTX_set0_crls , +.Nm X509_STORE_CTX_get0_param , +.Nm X509_STORE_CTX_set0_param , +.Nm X509_STORE_CTX_get0_untrusted , +.Nm X509_STORE_CTX_set0_untrusted , +.Nm X509_STORE_CTX_set_default +.Nd X509_STORE_CTX initialisation +.Sh SYNOPSIS +.In openssl/x509_vfy.h +.Ft X509_STORE_CTX * +.Fn X509_STORE_CTX_new void +.Ft void +.Fo X509_STORE_CTX_cleanup +.Fa "X509_STORE_CTX *ctx" +.Fc +.Ft void +.Fo X509_STORE_CTX_free +.Fa "X509_STORE_CTX *ctx" +.Fc +.Ft int +.Fo X509_STORE_CTX_init +.Fa "X509_STORE_CTX *ctx" +.Fa "X509_STORE *store" +.Fa "X509 *x509" +.Fa "STACK_OF(X509) *chain" +.Fc +.Ft X509_STORE * +.Fo X509_STORE_CTX_get0_store +.Fa "X509_STORE_CTX *ctx" +.Fc +.Ft void +.Fo X509_STORE_CTX_set0_trusted_stack +.Fa "X509_STORE_CTX *ctx" +.Fa "STACK_OF(X509) *sk" +.Fc +.Ft void +.Fo X509_STORE_CTX_trusted_stack +.Fa "X509_STORE_CTX *ctx" +.Fa "STACK_OF(X509) *sk" +.Fc +.Ft void +.Fo X509_STORE_CTX_set_cert +.Fa "X509_STORE_CTX *ctx" +.Fa "X509 *x" +.Fc +.Ft void +.Fo X509_STORE_CTX_set_chain +.Fa "X509_STORE_CTX *ctx" +.Fa "STACK_OF(X509) *sk" +.Fc +.Ft void +.Fo X509_STORE_CTX_set0_crls +.Fa "X509_STORE_CTX *ctx" +.Fa "STACK_OF(X509_CRL) *sk" +.Fc +.Ft X509_VERIFY_PARAM * +.Fo X509_STORE_CTX_get0_param +.Fa "X509_STORE_CTX *ctx" +.Fc +.Ft void +.Fo X509_STORE_CTX_set0_param +.Fa "X509_STORE_CTX *ctx" +.Fa "X509_VERIFY_PARAM *param" +.Fc +.Ft int +.Fo X509_STORE_CTX_set_default +.Fa "X509_STORE_CTX *ctx" +.Fa "const char *name" +.Fc +.Ft STACK_OF(X509)* +.Fo X509_STORE_CTX_get0_untrusted +.Fa "X509_STORE_CTX *ctx" +.Fc +.Ft void +.Fo X509_STORE_CTX_set0_untrusted +.Fa "X509_STORE_CTX *ctx" +.Fa "STACK_OF(X509) *sk" +.Fc +.Sh DESCRIPTION +These functions initialise an +.Vt X509_STORE_CTX +structure for subsequent use by +.Xr X509_verify_cert 3 . +.Pp +.Fn X509_STORE_CTX_new +returns a newly initialised +.Vt X509_STORE_CTX +structure. +.Pp +.Fn X509_STORE_CTX_cleanup +internally cleans up an +.Vt X509_STORE_CTX +structure. +The context can then be reused with a new call to +.Fn X509_STORE_CTX_init . +.Pp +.Fn X509_STORE_CTX_free +completely frees up +.Fa ctx . +After this call +.Fa ctx +is no longer valid. +If +.Fa ctx +is a +.Dv NULL +pointer, no action occurs. +.Pp +.Fn X509_STORE_CTX_init +sets up +.Fa ctx +for a subsequent verification operation. +The trusted certificate store is set to +.Fa store , +the end entity certificate to be verified is set to +.Fa x509 +and a set of additional certificates (which will be untrusted but may be +used to build the chain) in +.Fa chain . +Any or all of the +.Fa store , +.Fa x509 , +and +.Fa chain +parameters can be +.Dv NULL . +.Pp +.Fn X509_STORE_CTX_get0_store +returns an internal pointer to the trusted certificate +.Fa store +that was set with +.Fn X509_STORE_CTX_init . +.Pp +.Fn X509_STORE_CTX_set0_trusted_stack +sets the set of trusted certificates of +.Fa ctx +to +.Fa sk . +This is an alternative way of specifying trusted certificates instead of +using an +.Vt X509_STORE . +.Fn X509_STORE_CTX_trusted_stack +is a deprecated alias for +.Fn X509_STORE_CTX_set0_trusted_stack . +.Pp +.Fn X509_STORE_CTX_set_cert +sets the certificate to be verified in +.Fa ctx +to +.Fa x . +.Pp +.Fn X509_STORE_CTX_set_chain +sets the additional certificate chain used by +.Fa ctx +to +.Fa sk . +.Pp +.Fn X509_STORE_CTX_set0_crls +sets a set of CRLs to use to aid certificate verification to +.Fa sk . +These CRLs will only be used if CRL verification is enabled in the +associated +.Vt X509_VERIFY_PARAM +structure. +This might be used where additional "useful" CRLs are supplied as part +of a protocol, for example in a PKCS#7 structure. +.Pp +.Fn X509_STORE_CTX_get0_param +retrieves an internal pointer to the verification parameters associated +with +.Fa ctx . +.Pp +.Fn X509_STORE_CTX_set0_param +sets the internal verification parameter pointer to +.Fa param . +After this call +.Fa param +should not be used. +.Pp +.Fn X509_STORE_CTX_set_default +looks up and sets the default verification method to +.Fa name . +This uses the function +.Xr X509_VERIFY_PARAM_lookup 3 +to find an appropriate set of parameters from +.Fa name . +.Pp +.Fn X509_STORE_CTX_get0_untrusted +retrieves an internal pointer +to the stack of untrusted certificates associated with +.Fa ctx . +.Pp +.Fn X509_STORE_CTX_set0_untrusted +sets the internal pointer +to the stack of untrusted certificates associated with +.Fa ctx +to +.Fa sk . +.Pp +The certificates and CRLs in a store are used internally and should +.Sy not +be freed up until after the associated +.Vt X509_STORE_CTX +is freed. +Legacy applications might implicitly use an +.Vt X509_STORE_CTX +like this: +.Bd -literal -offset indent +X509_STORE_CTX ctx; +X509_STORE_CTX_init(&ctx, store, cert, chain); +.Ed +.Pp +This is +.Sy not +recommended in new applications. +They should instead do: +.Bd -literal -offset indent +X509_STORE_CTX *ctx; +ctx = X509_STORE_CTX_new(); +if (ctx == NULL) + /* Bad error */ +X509_STORE_CTX_init(ctx, store, cert, chain); +.Ed +.Sh RETURN VALUES +.Fn X509_STORE_CTX_new +returns a newly allocated context or +.Dv NULL +if an error occurred. +.Pp +.Fn X509_STORE_CTX_init +returns 1 for success or 0 if an error occurred. +.Pp +.Fn X509_STORE_CTX_get0_store +returns a pointer to the trusted certificate store or +.Dv NULL +if +.Fa ctx +was not initialised. +.Pp +.Fn X509_STORE_CTX_get0_param +returns a pointer to an +.Vt X509_VERIFY_PARAM +structure or +.Dv NULL +if an error occurred. +.Pp +.Fn X509_STORE_CTX_set_default +returns 1 for success or 0 if an error occurred. +.Pp +.Fn X509_STORE_CTX_get0_untrusted +returns an internal pointer. +.Sh SEE ALSO +.Xr X509_STORE_CTX_get_error 3 , +.Xr X509_STORE_new 3 , +.Xr X509_STORE_set1_param 3 , +.Xr X509_verify_cert 3 , +.Xr X509_VERIFY_PARAM_set_flags 3 +.Sh HISTORY +.Fn X509_STORE_CTX_cleanup , +.Fn X509_STORE_CTX_init , +.Fn X509_STORE_CTX_set_cert , +and +.Fn X509_STORE_CTX_set_chain +first appeared in SSLeay 0.8.0 and have been available since +.Ox 2.4 . +.Pp +.Fn X509_STORE_CTX_new +and +.Fn X509_STORE_CTX_free +first appeared in OpenSSL 0.9.5 and have been available since +.Ox 2.7 . +.Pp +.Fn X509_STORE_CTX_trusted_stack +first appeared in OpenSSL 0.9.6 and has been available since +.Ox 2.9 . +.Pp +.Fn X509_STORE_CTX_set0_crls , +.Fn X509_STORE_CTX_get0_param , +.Fn X509_STORE_CTX_set0_param , +and +.Fn X509_STORE_CTX_set_default +first appeared in OpenSSL 0.9.8 and have been available since +.Ox 4.5 . +.Pp +.Fn X509_STORE_CTX_get0_store +first appeared in OpenSSL 1.0.2. +.Fn X509_STORE_CTX_set0_trusted_stack , +.Fn X509_STORE_CTX_get0_untrusted , +and +.Fn X509_STORE_CTX_set0_untrusted +first appeared in OpenSSL 1.1.0. +These functions have been available since +.Ox 6.3 . +.Sh BUGS +The certificates and CRLs in a context are used internally and should +.Sy not +be freed up until after the associated +.Vt X509_STORE_CTX +is freed. +Copies should be made or reference counts increased instead. diff --git a/src/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 b/src/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 new file mode 100644 index 00000000000..0af222fbea4 --- /dev/null +++ b/src/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 @@ -0,0 +1,236 @@ +.\" $OpenBSD: X509_STORE_CTX_set_verify_cb.3,v 1.4 2018/03/22 17:38:08 schwarze Exp $ +.\" OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2009, 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 22 2018 $ +.Dt X509_STORE_CTX_SET_VERIFY_CB 3 +.Os +.Sh NAME +.Nm X509_STORE_CTX_set_verify_cb +.Nd set verification callback +.Sh SYNOPSIS +.In openssl/x509_vfy.h +.Ft void +.Fo X509_STORE_CTX_set_verify_cb +.Fa "X509_STORE_CTX *ctx" +.Fa "int (*verify_cb)(int ok, X509_STORE_CTX *ctx)" +.Fc +.Sh DESCRIPTION +.Fn X509_STORE_CTX_set_verify_cb +sets the verification callback of +.Fa ctx +to +.Fa verify_cb +overwriting any existing callback. +.Pp +The verification callback can be used to customise the operation of +certificate verification, either by overriding error conditions or +logging errors for debugging purposes. +.Pp +However a verification callback is +.Sy not +essential and the default operation is often sufficient. +.Pp +The +.Fa ok +parameter to the callback indicates the value the callback should return +to retain the default behaviour. +If it is zero then an error condition is indicated. +If it is 1 then no error occurred. +If the flag +.Dv X509_V_FLAG_NOTIFY_POLICY +is set, then +.Fa ok +is set to 2 to indicate the policy checking is complete. +.Pp +The +.Fa ctx +parameter to the callback is the +.Vt X509_STORE_CTX +structure that is performing the verification operation. +A callback can examine this structure and receive additional information +about the error, for example by calling +.Xr X509_STORE_CTX_get_current_cert 3 . +Additional application data can be passed to the callback via the +.Sy ex_data +mechanism. +.Pp +The verification callback can be set and inherited from the parent +structure performing the operation. +In some cases (such as S/MIME verification) the +.Vt X509_STORE_CTX +structure is created and destroyed internally and the only way to set a +custom verification callback is by inheriting it from the associated +.Vt X509_STORE . +.Sh RETURN VALUES +.Fn X509_STORE_CTX_set_verify_cb +does not return a value. +.Sh EXAMPLES +Default callback operation: +.Bd -literal +int +verify_callback(int ok, X509_STORE_CTX *ctx) + { + return ok; +} +.Ed +.Pp +Simple example, suppose a certificate in the chain is expired and we +wish to continue after this error: +.Bd -literal +int +verify_callback(int ok, X509_STORE_CTX *ctx) +{ + /* Tolerate certificate expiration */ + if (X509_STORE_CTX_get_error(ctx) == X509_V_ERR_CERT_HAS_EXPIRED) + return 1; + /* Otherwise don't override */ + return ok; +} +.Ed +.Pp +More complex example, we don't wish to continue after +.Sy any +certificate has expired just one specific case: +.Bd -literal +int +verify_callback(int ok, X509_STORE_CTX *ctx) +{ + int err = X509_STORE_CTX_get_error(ctx); + X509 *err_cert = X509_STORE_CTX_get_current_cert(ctx); + + if (err == X509_V_ERR_CERT_HAS_EXPIRED) { + if (check_is_acceptable_expired_cert(err_cert) + return 1; + } + return ok; +} +.Ed +.Pp +Full featured logging callback. +In this case the +.Fa bio_err +is assumed to be a global logging +.Vt BIO , +an alternative would to store a +.Vt BIO +in +.Fa ctx +using +.Sy ex_data . +.Bd -literal +int +verify_callback(int ok, X509_STORE_CTX *ctx) +{ + X509 *err_cert; + int err,depth; + + err_cert = X509_STORE_CTX_get_current_cert(ctx); + err = X509_STORE_CTX_get_error(ctx); + depth = X509_STORE_CTX_get_error_depth(ctx); + + BIO_printf(bio_err,"depth=%d ",depth); + if (err_cert) { + X509_NAME_print_ex(bio_err, + X509_get_subject_name(err_cert), 0, + XN_FLAG_ONELINE); + BIO_puts(bio_err, "\en"); + } else + BIO_puts(bio_err, "\en"); + if (!ok) + BIO_printf(bio_err, "verify error:num=%d:%s\en", + err, X509_verify_cert_error_string(err)); + switch (err) { + case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: + BIO_puts(bio_err, "issuer= "); + X509_NAME_print_ex(bio_err, + X509_get_issuer_name(err_cert), 0, + XN_FLAG_ONELINE); + BIO_puts(bio_err, "\en"); + break; + case X509_V_ERR_CERT_NOT_YET_VALID: + case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: + BIO_printf(bio_err, "notBefore="); + ASN1_TIME_print(bio_err, + X509_get_notBefore(err_cert)); + BIO_printf(bio_err, "\en"); + break; + case X509_V_ERR_CERT_HAS_EXPIRED: + case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: + BIO_printf(bio_err, "notAfter="); + ASN1_TIME_print(bio_err, X509_get_notAfter(err_cert)); + BIO_printf(bio_err, "\en"); + break; + case X509_V_ERR_NO_EXPLICIT_POLICY: + policies_print(bio_err, ctx); + break; + } + if (err == X509_V_OK && ok == 2) + /* print out policies */ + + BIO_printf(bio_err,"verify return:%d\en",ok); + return(ok); +} +.Ed +.Sh SEE ALSO +.Xr X509_STORE_CTX_get_error 3 , +.Xr X509_STORE_CTX_get_ex_new_index 3 , +.Xr X509_STORE_set_verify_cb_func 3 +.Sh HISTORY +.Fn X509_STORE_CTX_set_verify_cb +first appeared in OpenSSL 0.9.6c and has been available since +.Ox 3.2 . +.Sh CAVEATS +In general a verification callback should +.Sy NOT +unconditionally return 1 in all circumstances because this will allow +verification to succeed no matter what the error. +This effectively removes all security from the application because +.Sy any +certificate (including untrusted generated ones) will be accepted. diff --git a/src/lib/libcrypto/man/X509_STORE_load_locations.3 b/src/lib/libcrypto/man/X509_STORE_load_locations.3 new file mode 100644 index 00000000000..ad64bd0316e --- /dev/null +++ b/src/lib/libcrypto/man/X509_STORE_load_locations.3 @@ -0,0 +1,128 @@ +.\" $OpenBSD: X509_STORE_load_locations.3,v 1.6 2018/03/30 00:44:24 schwarze Exp $ +.\" full merge up to: +.\" OpenSSL X509_STORE_add_cert b0edda11 Mar 20 13:00:17 2018 +0000 +.\" +.\" Copyright (c) 2017 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 30 2018 $ +.Dt X509_STORE_LOAD_LOCATIONS 3 +.Os +.Sh NAME +.Nm X509_STORE_load_locations , +.Nm X509_STORE_set_default_paths +.Nd configure files and directories used by a certificate store +.Sh SYNOPSIS +.In openssl/x509_vfy.h +.Ft int +.Fo X509_STORE_load_locations +.Fa "X509_STORE *store" +.Fa "const char *file" +.Fa "const char *dirs" +.Fc +.Ft int +.Fo X509_STORE_set_default_paths +.Fa "X509_STORE *store" +.Fc +.Sh DESCRIPTION +.Fn X509_STORE_load_locations +instructs the +.Fa store +to use the PEM file +.Fa file +and all the PEM files in the directories +contained in the colon-separated list +.Fa dirs +for looking up certificates, in addition to files and directories +that are already configured. +The certificates in the directores must be in hashed form, as documented in +.Xr X509_LOOKUP_hash_dir 3 . +Directories already in use are not added again. +If +.Dv NULL +is passed for +.Fa file +or +.Fa dirs , +no new file or no new directories are added, respectively. +.Pp +.Fn X509_STORE_load_locations +is identical to +.Xr SSL_CTX_load_verify_locations 3 +except that it operates directly on an +.Vt X509_STORE +object, rather than on the store used by an SSL context. +See that manual page for more information. +.Pp +.Fn X509_STORE_set_default_paths +is similar except that it instructs the +.Fa store +to use the default PEM file and directory +(as documented in +.Sx FILES ) +in addition to what is already configured. +It ignores errors that occur while trying to load the file or to +add the directory, but it may still fail for other reasons, for +example when out of memory while trying to allocate the required +.Vt X509_LOOKUP +objects. +.Pp +.Fn X509_STORE_set_default_paths +is identical to +.Xr SSL_CTX_set_default_verify_paths 3 +except that it operates directly on an +.Vt X509_STORE +object, rather than on the store used by an SSL context. +See that manual page for more information. +.Sh RETURN VALUES +.Fn X509_STORE_load_locations +returns 1 if all files and directories specified were successfully +added. +It returns 0 for failure. +That can happen if adding the file failed, if adding any of the +directories failed, or if both arguments were +.Dv NULL . +.Pp +.Fn X509_STORE_set_default_paths +returns 0 for some error conditions and 1 otherwise, not just for +success, but also for various cases of failure. +.Sh FILES +.Bl -tag -width Ds +.It Pa /etc/ssl/cert.pem +default PEM file for +.Fn X509_STORE_set_default_paths +.It Pa /etc/ssl/certs/ +default directory for +.Fn X509_STORE_set_default_paths +.El +.Sh SEE ALSO +.Xr SSL_CTX_load_verify_locations 3 , +.Xr X509_LOOKUP_hash_dir 3 , +.Xr X509_STORE_new 3 , +.Xr X509_STORE_set1_param 3 , +.Xr X509_STORE_set_verify_cb 3 +.Sh HISTORY +.Fn X509_STORE_load_locations +and +.Fn X509_STORE_set_default_paths +first appeared in SSLeay 0.8.0 and have been available since +.Ox 2.4 . +.Sh BUGS +By the time that adding a directory is found to have failed, +the file and some other directories may already have been successfully loaded, +so these functions may change the state of the store even when they fail. +.Pp +.Fn X509_STORE_set_default_paths +clears the error queue, deleting even error information that was +already present when it was called. diff --git a/src/lib/libcrypto/man/X509_STORE_new.3 b/src/lib/libcrypto/man/X509_STORE_new.3 new file mode 100644 index 00000000000..814e5cfcbaf --- /dev/null +++ b/src/lib/libcrypto/man/X509_STORE_new.3 @@ -0,0 +1,140 @@ +.\" $OpenBSD: X509_STORE_new.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $ +.\" full merge up to: OpenSSL 05ea606a May 20 20:52:46 2016 -0400 +.\" selective merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" +.\" This file is a derived work. +.\" The changes are covered by the following Copyright and license: +.\" +.\" Copyright (c) 2018 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" The original file was written by +.\" Alessandro Ghedini . +.\" Copyright (c) 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt X509_STORE_NEW 3 +.Os +.Sh NAME +.Nm X509_STORE_new , +.Nm X509_STORE_up_ref , +.Nm X509_STORE_free +.Nd allocate and free X.509 certificate stores +.Sh SYNOPSIS +.In openssl/x509_vfy.h +.Ft X509_STORE * +.Fn X509_STORE_new void +.Ft int +.Fo X509_STORE_up_ref +.Fa "X509_STORE *store" +.Fc +.Ft void +.Fo X509_STORE_free +.Fa "X509_STORE *store" +.Fc +.Sh DESCRIPTION +.Fn X509_STORE_new +allocates and initializes an empty X.509 certificate store +and sets its reference count to 1. +.Pp +.Fn X509_STORE_up_ref +increments the reference count of +.Fa store +by 1. +.Pp +.Fn X509_STORE_free +decrements the reference count of +.Fa store +by 1. +If the reference count reaches 0, +all resources used by the store, including all certificates +contained in it, are released and +.Fa store +itself is freed. +If +.Fa store +is a +.Dv NULL +pointer, no action occurs. +.Sh RETURN VALUES +.Fn X509_STORE_new +returns a newly created +.Vt X509_STORE +object or +.Dv NULL +if an error occurs. +.Pp +.Fn X509_STORE_up_ref +returns 1 for success and 0 for failure. +.Sh SEE ALSO +.Xr PKCS7_verify 3 , +.Xr SSL_CTX_set_cert_store 3 , +.Xr X509_STORE_CTX_new 3 , +.Xr X509_STORE_load_locations 3 , +.Xr X509_STORE_set1_param 3 , +.Xr X509_STORE_set_verify_cb 3 +.Sh HISTORY +.Fn X509_STORE_new +and +.Fn X509_STORE_free +first appeared in SSLeay 0.8.0 and have been available since +.Ox 2.4 . +.Pp +.Fn X509_STORE_up_ref +first appeared in OpenSSL 1.1.0 and has been available since +.Ox 6.3 . diff --git a/src/lib/libcrypto/man/X509_STORE_set1_param.3 b/src/lib/libcrypto/man/X509_STORE_set1_param.3 new file mode 100644 index 00000000000..ea6e399e540 --- /dev/null +++ b/src/lib/libcrypto/man/X509_STORE_set1_param.3 @@ -0,0 +1,227 @@ +.\" $OpenBSD: X509_STORE_set1_param.3,v 1.15 2018/04/02 01:35:37 schwarze Exp $ +.\" content checked up to: +.\" OpenSSL man3/X509_STORE_add_cert b0edda11 Mar 20 13:00:17 2018 +0000 +.\" OpenSSL man3/X509_STORE_get0_param e90fc053 Jul 15 09:39:45 2017 -0400 +.\" +.\" Copyright (c) 2018 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: April 2 2018 $ +.Dt X509_STORE_SET1_PARAM 3 +.Os +.Sh NAME +.Nm X509_STORE_set1_param , +.Nm X509_STORE_set_flags , +.Nm X509_STORE_set_purpose , +.Nm X509_STORE_set_trust , +.Nm X509_STORE_set_depth , +.Nm X509_STORE_add_cert , +.Nm X509_STORE_add_crl , +.Nm X509_STORE_get0_param , +.Nm X509_STORE_get0_objects , +.Nm X509_STORE_get_ex_new_index , +.Nm X509_STORE_set_ex_data , +.Nm X509_STORE_get_ex_data +.Nd get and set X509_STORE data +.Sh SYNOPSIS +.In openssl/x509_vfy.h +.Ft int +.Fo X509_STORE_set1_param +.Fa "X509_STORE *store" +.Fa "X509_VERIFY_PARAM *pm" +.Fc +.Ft int +.Fo X509_STORE_set_flags +.Fa "X509_STORE *store" +.Fa "unsigned long flags" +.Fc +.Ft int +.Fo X509_STORE_set_purpose +.Fa "X509_STORE *store" +.Fa "int purpose" +.Fc +.Ft int +.Fo X509_STORE_set_trust +.Fa "X509_STORE *store" +.Fa "int trust" +.Fc +.Ft int +.Fo X509_STORE_set_depth +.Fa "X509_STORE *store" +.Fa "int depth" +.Fc +.Ft int +.Fo X509_STORE_add_cert +.Fa "X509_STORE *store" +.Fa "X509 *x" +.Fc +.Ft int +.Fo X509_STORE_add_crl +.Fa "X509_STORE *store" +.Fa "X509_CRL *crl" +.Fc +.Ft X509_VERIFY_PARAM * +.Fo X509_STORE_get0_param +.Fa "X509_STORE *store" +.Fc +.Ft STACK_OF(X509_OBJECT) * +.Fo X509_STORE_get0_objects +.Fa "X509_STORE *store" +.Fc +.Ft int +.Fo X509_STORE_get_ex_new_index +.Fa "long argl" +.Fa "void *argp" +.Fa "CRYPTO_EX_new *new_func" +.Fa "CRYPTO_EX_dup *dup_func" +.Fa "CRYPTO_EX_free *free_func" +.Fc +.Ft int +.Fo X509_STORE_set_ex_data +.Fa "X509_STORE *store" +.Fa "int idx" +.Fa "void *arg" +.Fc +.Ft void * +.Fo X509_STORE_get_ex_data +.Fa "X509_STORE *store" +.Fa "int idx" +.Fc +.Sh DESCRIPTION +.Fn X509_STORE_set1_param +copies the verification parameters from +.Fa pm +into the verification parameter object contained in the +.Fa store . +.Pp +.Fn X509_VERIFY_PARAM_set_flags , +.Fn X509_STORE_set_purpose , +.Fn X509_STORE_set_trust , +and +.Fn X509_STORE_set_depth +call +.Fn X509_VERIFY_PARAM_set_flags , +.Fn X509_VERIFY_PARAM_set_purpose , +.Fn X509_VERIFY_PARAM_set_trust , +and +.Fn X509_VERIFY_PARAM_set_depth +on the verification parameter object contained in the +.Fa store . +.Pp +.Fn X509_STORE_add_cert +and +.Fn X509_STORE_add_crl +add the certificate +.Fa x +or the certificate revocation list +.Fa crl +to the +.Fa store , +increasing its reference count by 1 in case of success. +Untrusted objects should not be added in this way. +.Pp +.Fn X509_STORE_get_ex_new_index , +.Fn X509_STORE_set_ex_data , +and +.Fn X509_STORE_get_ex_data +handle application specific data in +.Vt X509_STORE +objects. +Their usage is identical to that of +.Xr RSA_get_ex_new_index 3 , +.Xr RSA_set_ex_data 3 , +and +.Xr RSA_get_ex_data 3 . +.Sh RETURN VALUES +.Fn X509_STORE_set1_param , +.Fn X509_STORE_set_purpose , +.Fn X509_STORE_set_trust , +and +.Fn X509_STORE_set_ex_data +return 1 for success or 0 for failure. +.Pp +.Fn X509_STORE_set_flags +and +.Fn X509_STORE_set_depth +always return 1, indicating success. +.Pp +.Fn X509_STORE_add_cert +and +.Fn X509_STORE_add_crl +return 1 for success or 0 for failure. +For example, they fail if +.Fa x +or +.Fa crl +is a +.Dv NULL +pointer, if a certificate with the same subject name as +.Fa x +or a revocation list with the same issuer name as +.Fa crl +are already contained in the +.Fa store , +or if memory allocation fails. +.Pp +.Fn X509_STORE_get0_param +returns an internal pointer to the verification parameter object +contained in the +.Fa store , +.Fn X509_STORE_get0_objects +to the stack of certificates, revocation lists, and private keys. +The returned pointers must not be freed by the calling application. +.Pp +.Fn X509_STORE_get_ex_new_index +returns a new index or \-1 on failure. +.Pp +.Fn X509_STORE_get_ex_data +returns the application data or +.Dv NULL +on failure. +.Sh SEE ALSO +.Xr SSL_set1_param 3 , +.Xr X509_OBJECT_get0_X509 3 , +.Xr X509_STORE_CTX_set0_param 3 , +.Xr X509_STORE_load_locations 3 , +.Xr X509_STORE_new 3 , +.Xr X509_VERIFY_PARAM_set_flags 3 +.Sh HISTORY +.Fn X509_STORE_add_cert +first appeared in SSLeay 0.8.0. +.Fn X509_STORE_add_crl +first appeared in SSLeay 0.9.0. +These functions have been available since +.Ox 2.4 . +.Pp +.Fn X509_STORE_set_flags , +.Fn X509_STORE_set_purpose , +and +.Fn X509_STORE_set_trust +first appeared in OpenSSL 0.9.7 and have been available since +.Ox 3.2 . +.Pp +.Fn X509_STORE_set1_param +and +.Fn X509_STORE_set_depth +first appeared in OpenSSL 0.9.8 and have been available since +.Ox 4.5 . +.Pp +.Fn X509_STORE_get0_param , +.Fn X509_STORE_get0_objects , +.Fn X509_STORE_get_ex_new_index , +.Fn X509_STORE_set_ex_data , +and +.Fn X509_STORE_get_ex_data +first appeared in OpenSSL 1.1.0 and have been available since +.Ox 6.3 . diff --git a/src/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 b/src/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 new file mode 100644 index 00000000000..16f1fac2ec9 --- /dev/null +++ b/src/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 @@ -0,0 +1,107 @@ +.\" $OpenBSD: X509_STORE_set_verify_cb_func.3,v 1.8 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL 05ea606a May 20 20:52:46 2016 -0400 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2009 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt X509_STORE_SET_VERIFY_CB_FUNC 3 +.Os +.Sh NAME +.Nm X509_STORE_set_verify_cb , +.Nm X509_STORE_set_verify_cb_func +.Nd set verification callback +.Sh SYNOPSIS +.In openssl/x509_vfy.h +.Ft void +.Fo X509_STORE_set_verify_cb +.Fa "X509_STORE *st" +.Fa "int (*verify_cb)(int ok, X509_STORE_CTX *ctx)" +.Fc +.Ft void +.Fo X509_STORE_set_verify_cb_func +.Fa "X509_STORE *st" +.Fa "int (*verify_cb)(int ok, X509_STORE_CTX *ctx)" +.Fc +.Sh DESCRIPTION +.Fn X509_STORE_set_verify_cb +sets the verification callback of +.Sy ctx +to +.Sy verify_cb , +overwriting any existing callback. +.Pp +.Fn X509_STORE_set_verify_cb_func +also sets the verification callback but it is implemented as a macro. +.Pp +The verification callback from an +.Vt X509_STORE +is inherited by the corresponding +.Vt X509_STORE_CTX +structure when it is initialized. +This can be used to set the verification callback when the +.Vt X509_STORE_CTX +is otherwise inaccessible (for example during S/MIME verification). +.Sh RETURN VALUES +.Fn X509_STORE_set_verify_cb +and +.Fn X509_STORE_set_verify_cb_func +do not return a value. +.Sh SEE ALSO +.Xr X509_STORE_CTX_set_verify_cb 3 , +.Xr X509_STORE_new 3 +.Sh HISTORY +.Fn X509_STORE_set_verify_cb_func +first appeared in SSLeay 0.8.0 and has been available since +.Ox 2.4 . +.Pp +.Fn X509_STORE_set_verify_cb +first appeared in OpenSSL 1.0.0 and has been available since +.Ox 4.9 . +.Sh BUGS +The macro version of this function was the only one available before +OpenSSL 1.0.0. diff --git a/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 b/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 new file mode 100644 index 00000000000..5e45278604c --- /dev/null +++ b/src/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 @@ -0,0 +1,749 @@ +.\" $OpenBSD: X509_VERIFY_PARAM_set_flags.3,v 1.14 2018/04/07 13:57:43 jmc Exp $ +.\" full merge up to: OpenSSL d33def66 Feb 9 14:17:13 2016 -0500 +.\" selective merge up to: OpenSSL 48e5119a Jan 19 10:49:22 2018 +0100 +.\" +.\" This file is a derived work. +.\" The changes are covered by the following Copyright and license: +.\" +.\" Copyright (c) 2018 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" The original file was written by Dr. Stephen Henson +.\" and Viktor Dukhovni . +.\" Copyright (c) 2009, 2013, 2014, 2015, 2016, 2017 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: April 7 2018 $ +.Dt X509_VERIFY_PARAM_SET_FLAGS 3 +.Os +.Sh NAME +.Nm X509_VERIFY_PARAM_new , +.Nm X509_VERIFY_PARAM_free , +.Nm X509_VERIFY_PARAM_get0_name , +.Nm X509_VERIFY_PARAM_set1_name , +.Nm X509_VERIFY_PARAM_set_flags , +.Nm X509_VERIFY_PARAM_clear_flags , +.Nm X509_VERIFY_PARAM_get_flags , +.Nm X509_VERIFY_PARAM_set_purpose , +.Nm X509_VERIFY_PARAM_set_trust , +.Nm X509_VERIFY_PARAM_set_time , +.Nm X509_VERIFY_PARAM_add0_policy , +.Nm X509_VERIFY_PARAM_set1_policies , +.Nm X509_VERIFY_PARAM_set_depth , +.Nm X509_VERIFY_PARAM_get_depth , +.Nm X509_VERIFY_PARAM_set1_host , +.Nm X509_VERIFY_PARAM_add1_host , +.Nm X509_VERIFY_PARAM_set_hostflags , +.Nm X509_VERIFY_PARAM_get0_peername , +.Nm X509_VERIFY_PARAM_set1_email , +.Nm X509_VERIFY_PARAM_set1_ip , +.Nm X509_VERIFY_PARAM_set1_ip_asc , +.Nm X509_VERIFY_PARAM_add0_table , +.Nm X509_VERIFY_PARAM_lookup , +.Nm X509_VERIFY_PARAM_get_count , +.Nm X509_VERIFY_PARAM_get0 , +.Nm X509_VERIFY_PARAM_table_cleanup +.Nd X509 verification parameters +.Sh SYNOPSIS +.In openssl/x509_vfy.h +.Ft X509_VERIFY_PARAM * +.Fo X509_VERIFY_PARAM_new +.Fa void +.Fc +.Ft void +.Fo X509_VERIFY_PARAM_free +.Fa "X509_VERIFY_PARAM *param" +.Fc +.Ft const char * +.Fo X509_VERIFY_PARAM_get0_name +.Fa "const X509_VERIFY_PARAM *param" +.Fc +.Ft int +.Fo X509_VERIFY_PARAM_set1_name +.Fa "X509_VERIFY_PARAM *param" +.Fa "const char *name" +.Fc +.Ft int +.Fo X509_VERIFY_PARAM_set_flags +.Fa "X509_VERIFY_PARAM *param" +.Fa "unsigned long flags" +.Fc +.Ft int +.Fo X509_VERIFY_PARAM_clear_flags +.Fa "X509_VERIFY_PARAM *param" +.Fa "unsigned long flags" +.Fc +.Ft unsigned long +.Fo X509_VERIFY_PARAM_get_flags +.Fa "X509_VERIFY_PARAM *param" +.Fc +.Ft int +.Fo X509_VERIFY_PARAM_set_purpose +.Fa "X509_VERIFY_PARAM *param" +.Fa "int purpose" +.Fc +.Ft int +.Fo X509_VERIFY_PARAM_set_trust +.Fa "X509_VERIFY_PARAM *param" +.Fa "int trust" +.Fc +.Ft void +.Fo X509_VERIFY_PARAM_set_time +.Fa "X509_VERIFY_PARAM *param" +.Fa "time_t t" +.Fc +.Ft int +.Fo X509_VERIFY_PARAM_add0_policy +.Fa "X509_VERIFY_PARAM *param" +.Fa "ASN1_OBJECT *policy" +.Fc +.Ft int +.Fo X509_VERIFY_PARAM_set1_policies +.Fa "X509_VERIFY_PARAM *param" +.Fa "STACK_OF(ASN1_OBJECT) *policies" +.Fc +.Ft void +.Fo X509_VERIFY_PARAM_set_depth +.Fa "X509_VERIFY_PARAM *param" +.Fa "int depth" +.Fc +.Ft int +.Fo X509_VERIFY_PARAM_get_depth +.Fa "const X509_VERIFY_PARAM *param" +.Fc +.Ft int +.Fo X509_VERIFY_PARAM_set1_host +.Fa "X509_VERIFY_PARAM *param" +.Fa "const char *name" +.Fa "size_t namelen" +.Fc +.Ft int +.Fo X509_VERIFY_PARAM_add1_host +.Fa "X509_VERIFY_PARAM *param" +.Fa "const char *name" +.Fa "size_t namelen" +.Fc +.Ft void +.Fo X509_VERIFY_PARAM_set_hostflags +.Fa "X509_VERIFY_PARAM *param" +.Fa "unsigned int flags" +.Fc +.Ft char * +.Fo X509_VERIFY_PARAM_get0_peername +.Fa "X509_VERIFY_PARAM *param" +.Fc +.Ft int +.Fo X509_VERIFY_PARAM_set1_email +.Fa "X509_VERIFY_PARAM *param" +.Fa "const char *email" +.Fa "size_t emaillen" +.Fc +.Ft int +.Fo X509_VERIFY_PARAM_set1_ip +.Fa "X509_VERIFY_PARAM *param" +.Fa "const unsigned char *ip" +.Fa "size_t iplen" +.Fc +.Ft int +.Fo X509_VERIFY_PARAM_set1_ip_asc +.Fa "X509_VERIFY_PARAM *param" +.Fa "const char *ipasc" +.Fc +.Ft int +.Fo X509_VERIFY_PARAM_add0_table +.Fa "X509_VERIFY_PARAM *param" +.Fc +.Ft const X509_VERIFY_PARAM * +.Fo X509_VERIFY_PARAM_lookup +.Fa "const char *name" +.Fc +.Ft int +.Fo X509_VERIFY_PARAM_get_count +.Fa void +.Fc +.Ft const X509_VERIFY_PARAM * +.Fo X509_VERIFY_PARAM_get0 +.Fa "int id" +.Fc +.Ft void +.Fo X509_VERIFY_PARAM_table_cleanup +.Fa void +.Fc +.Sh DESCRIPTION +These functions manipulate an +.Vt X509_VERIFY_PARAM +object associated with a certificate verification operation. +.Pp +.Fn X509_VERIFY_PARAM_new +allocates and initializes an empty +.Vt X509_VERIFY_PARAM +object. +.Pp +.Fn X509_VERIFY_PARAM_free +clears all data contained in +.Fa param +and releases all memory used by it. +If +.Fa param +is a +.Dv NULL +pointer, no action occurs. +.Pp +.Fn X509_VERIFY_PARAM_get0_name +returns the name of the given +.Fa param +object, usually describing its purpose, for example +.Qq default , +.Qq pkcs7 , +.Qq smime_sign , +.Qq ssl_client , +or +.Qq ssl_server . +For user-defined objects, the returned pointer may be +.Dv NULL +even if the object is otherwise valid. +.Pp +.Fn X509_VERIFY_PARAM_set1_name +sets the name of +.Fa param +to a copy of +.Fa name , +or to +.Dv NULL +if +.Fa name +is +.Dv NULL . +.Pp +.Fn X509_VERIFY_PARAM_set_flags +sets the flags in +.Fa param +by OR'ing it with +.Fa flags . +See the +.Sx VERIFICATION FLAGS +section for a complete description of values the +.Fa flags +parameter can take. +.Pp +.Fn X509_VERIFY_PARAM_get_flags +returns the flags in +.Fa param . +.Pp +.Fn X509_VERIFY_PARAM_clear_flags +clears the flags +.Fa flags +in +.Fa param . +.Pp +.Fn X509_VERIFY_PARAM_set_purpose +sets the verification purpose in +.Fa param +to +.Fa purpose . +This determines the acceptable purpose of the certificate chain, for +example SSL client or SSL server. +.Pp +.Fn X509_VERIFY_PARAM_set_trust +sets the trust setting in +.Fa param +to +.Fa trust . +.Pp +.Fn X509_VERIFY_PARAM_set_time +sets the verification time in +.Fa param +to +.Fa t . +Normally the current time is used. +.Pp +.Fn X509_VERIFY_PARAM_add0_policy +enables policy checking (it is disabled by default) and adds +.Fa policy +to the acceptable policy set. +.Pp +.Fn X509_VERIFY_PARAM_set1_policies +enables policy checking (it is disabled by default) and sets the +acceptable policy set to +.Fa policies . +Any existing policy set is cleared. +The +.Fa policies +parameter can be +.Dv NULL +to clear an existing policy set. +.Pp +.Fn X509_VERIFY_PARAM_set_depth +sets the maximum verification depth to +.Fa depth . +That is the maximum number of untrusted CA certificates that can appear +in a chain. +.Pp +.Fn X509_VERIFY_PARAM_set1_host +sets the expected DNS hostname to +.Fa name +clearing any previously specified host name or names. +If +.Fa name +is +.Dv NULL +or empty, the list of hostnames is cleared, and name checks are not +performed on the peer certificate. +.Fa namelen +should be set to the length of +.Fa name . +For historical compatibility, if +.Fa name +is NUL-terminated, +.Fa namelen +may be specified as zero. +When a hostname is specified, certificate verification automatically +invokes +.Xr X509_check_host 3 +with flags equal to the +.Fa flags +argument given to +.Fn X509_VERIFY_PARAM_set_hostflags +(default zero). +.Fn X509_VERIFY_PARAM_set1_host +will fail if +.Fa name +contains any embedded 0 bytes. +.Pp +.Fn X509_VERIFY_PARAM_add1_host +adds +.Fa name +as an additional reference identifier that can match the peer's +certificate. +Any previous names set via +.Fn X509_VERIFY_PARAM_set1_host +and +.Fn X509_VERIFY_PARAM_add1_host +are retained. +No change is made if +.Fa name +is +.Dv NULL +or empty. +.Fa namelen +should be set to the length of +.Fa name . +For historical compatibility, if +.Fa name +is NUL-terminated, +.Fa namelen +may be specified as zero. +.Fn X509_VERIFY_PARAM_add1_host +will fail if +.Fa name +contains any embedded 0 bytes. +When multiple names are configured, the peer is considered verified when +any name matches. +.Pp +.Fn X509_VERIFY_PARAM_get0_peername +returns the DNS hostname or subject CommonName from the peer certificate +that matched one of the reference identifiers. +When wildcard matching is not disabled, or when a reference identifier +specifies a parent domain (starts with ".") rather than a hostname, the +peer name may be a wildcard name or a sub-domain of the reference +identifier respectively. +.Pp +.Fn X509_VERIFY_PARAM_set1_email +sets the expected RFC822 email address to +.Fa email . +.Fa emaillen +should be set to the length of +.Fa email . +For historical compatibility, if +.Fa email +is NUL-terminated, +.Fa emaillen +may be specified as zero, +.Fn X509_VERIFY_PARAM_set1_email +will fail if +.Fa email +is NULL, an empty string, or contains embedded 0 bytes. +When an email address is specified, certificate verification +automatically invokes +.Xr X509_check_email 3 . +.Pp +.Fn X509_VERIFY_PARAM_set1_ip +sets the expected IP address to +.Fa ip . +The +.Fa ip +argument is in binary format, in network byte-order, and +.Fa iplen +must be set to 4 for IPv4 and 16 for IPv6. +.Fn X509_VERIFY_PARAM_set1_ip +will fail if +.Fa ip +is NULL or if +.Fa iplen +is not 4 or 16. +When an IP address is specified, +certificate verification automatically invokes +.Xr X509_check_ip 3 . +.Pp +.Fn X509_VERIFY_PARAM_set1_ip_asc +sets the expected IP address to +.Fa ipasc . +The +.Fa ipasc +argument is a NUL-terminal ASCII string: +dotted decimal quad for IPv4 and colon-separated hexadecimal for IPv6. +The condensed "::" notation is supported for IPv6 addresses. +.Fn X509_VERIFY_PARAM_set1_ip_asc +will fail if +.Fa ipasc +is unparsable. +.Pp +.Fn X509_VERIFY_PARAM_add0_table +adds +.Fa param +to a static list of +.Vt X509_VERIFY_PARAM +objects maintained by the library. +This function is extremely dangerous because contrary to the name +of the function, if the list already contains an object that happens +to have the same name, that old object is not only silently removed +from the list, but also silently freed, which may silently invalidate +various pointers existing elsewhere in the program. +.Pp +.Fn X509_VERIFY_PARAM_lookup +searches this list for an object of the given +.Fa name . +If no match is found, the predefined objects built-in to the library +are also inspected. +.Pp +.Fn X509_VERIFY_PARAM_get_count +returns the sum of the number of objects on this list and the number +of predefined objects built-in to the library. +Note that this is not necessarily the total number of +.Vt X509_VERIFY_PARAM +objects existing in the program because there may be additional such +objects that were never added to the list. +.Pp +.Fn X509_VERIFY_PARAM_get0 +accesses predefined and user-defined objects using +.Fa id +as an index, useful for looping over objects without knowing their names. +An argument less than the number of predefined objects selects +one of the predefined objects; a higher argument selects an object +from the list. +.Pp +.Fn X509_VERIFY_PARAM_table_cleanup +deletes all objects from this list. +It is extremely dangerous because it also invalidates all data that +was contained in all objects that were on the list and because it +frees all these objects, which may invalidate various pointers +existing elsewhere in the program. +.Sh RETURN VALUES +.Fn X509_VERIFY_PARAM_new +returns a pointer to the new object, or +.Dv NULL +on allocation failure. +.Pp +.Fn X509_VERIFY_PARAM_set1_name , +.Fn X509_VERIFY_PARAM_set_flags , +.Fn X509_VERIFY_PARAM_clear_flags , +.Fn X509_VERIFY_PARAM_set_purpose , +.Fn X509_VERIFY_PARAM_set_trust , +.Fn X509_VERIFY_PARAM_add0_policy , +.Fn X509_VERIFY_PARAM_set1_policies , +and +.Fn X509_VERIFY_PARAM_add0_table +return 1 for success or 0 for failure. +.Pp +.Fn X509_VERIFY_PARAM_set1_host , +.Fn X509_VERIFY_PARAM_add1_host , +.Fn X509_VERIFY_PARAM_set1_email , +.Fn X509_VERIFY_PARAM_set1_ip , +and +.Fn X509_VERIFY_PARAM_set1_ip_asc , +return 1 for success or 0 for failure. +A failure from these routines will poison +the +.Vt X509_VERIFY_PARAM +object so that future calls to +.Xr X509_verify_cert 3 +using the poisoned object will fail. +.Pp +.Fn X509_VERIFY_PARAM_get_flags +returns the current verification flags. +.Pp +.Fn X509_VERIFY_PARAM_get_depth +returns the current verification depth. +.Pp +.Fn X509_VERIFY_PARAM_get0_name +and +.Fn X509_VERIFY_PARAM_get0_peername +return pointers to strings that are only valid +during the lifetime of the given +.Fa param +object and that must not be freed by the application program. +.Pp +.Fn X509_VERIFY_PARAM_lookup +and +.Fn X509_VERIFY_PARAM_get0 +return a pointer to an existing built-in or user-defined object, or +.Dv NULL +if no object with the given +.Fa name +is found, or if +.Fa id +is at least +.Fn X509_VERIFY_PARAM_get_count . +.Pp +.Fn X509_VERIFY_PARAM_get_count +returns a number of objects. +.Sh VERIFICATION FLAGS +The verification flags consists of zero or more of the following +flags OR'ed together. +.Pp +.Dv X509_V_FLAG_CRL_CHECK +enables CRL checking for the certificate chain leaf certificate. +An error occurs if a suitable CRL cannot be found. +.Pp +.Dv X509_V_FLAG_CRL_CHECK_ALL +enables CRL checking for the entire certificate chain. +.Pp +.Dv X509_V_FLAG_IGNORE_CRITICAL +disables critical extension checking. +By default any unhandled critical extensions in certificates or (if +checked) CRLs results in a fatal error. +If this flag is set unhandled critical extensions are ignored. +.Sy WARNING : +setting this option for anything other than debugging purposes can be a +security risk. +Finer control over which extensions are supported can be performed in +the verification callback. +.Pp +The +.Dv X509_V_FLAG_X509_STRICT +flag disables workarounds for some broken certificates and makes the +verification strictly apply X509 rules. +.Pp +.Dv X509_V_FLAG_ALLOW_PROXY_CERTS +enables proxy certificate verification. +.Pp +.Dv X509_V_FLAG_POLICY_CHECK +enables certificate policy checking; by default no policy checking is +performed. +Additional information is sent to the verification callback relating to +policy checking. +.Pp +.Dv X509_V_FLAG_EXPLICIT_POLICY , +.Dv X509_V_FLAG_INHIBIT_ANY , +and +.Dv X509_V_FLAG_INHIBIT_MAP +set the +.Dq require explicit policy , +.Dq inhibit any policy , +and +.Dq inhibit policy mapping +flags, respectively, as defined in RFC 3280. +Policy checking is automatically enabled if any of these flags are set. +.Pp +If +.Dv X509_V_FLAG_NOTIFY_POLICY +is set and the policy checking is successful a special status code is +set to the verification callback. +This permits it to examine the valid policy tree and perform additional +checks or simply log it for debugging purposes. +.Pp +By default some additional features such as indirect CRLs and CRLs +signed by different keys are disabled. +If +.Dv X509_V_FLAG_EXTENDED_CRL_SUPPORT +is set they are enabled. +.Pp +If +.Dv X509_V_FLAG_USE_DELTAS +is set, delta CRLs (if present) are used to determine certificate +status. +If not set, deltas are ignored. +.Pp +.Dv X509_V_FLAG_CHECK_SS_SIGNATURE +enables checking of the root CA self signed certificate signature. +By default this check is disabled because it doesn't add any additional +security but in some cases applications might want to check the +signature anyway. +A side effect of not checking the root CA signature is that disabled or +unsupported message digests on the root CA are not treated as fatal +errors. +.Pp +The +.Dv X509_V_FLAG_CB_ISSUER_CHECK +flag enables debugging of certificate issuer checks. +It is +.Sy not +needed unless you are logging certificate verification. +If this flag is set then additional status codes will be sent to the +verification callback and it +.Sy must +be prepared to handle such cases without assuming they are hard errors. +.Pp +When +.Dv X509_V_FLAG_TRUSTED_FIRST +is set, construction of the certificate chain in +.Xr X509_verify_cert 3 +will search the trust store for issuer certificates before searching the +provided untrusted certificates. +Local issuer certificates are often more likely to satisfy local +security requirements and lead to a locally trusted root. +This is especially important when some certificates in the trust store +have explicit trust settings; see the trust settings options of the +.Cm x509 +command in +.Xr openssl 1 . +.Pp +The +.Dv X509_V_FLAG_NO_ALT_CHAINS +flag suppresses checking for alternative chains. +By default, unless +.Dv X509_V_FLAG_TRUSTED_FIRST +is set, when building a certificate chain, if the first certificate +chain found is not trusted, then OpenSSL will attempt to replace +untrusted certificates supplied by the peer with certificates from the +trust store to see if an alternative chain can be found that is trusted. +.Pp +The +.Dv X509_V_FLAG_PARTIAL_CHAIN +flag causes intermediate certificates in the trust store to be treated +as trust-anchors, in the same way as the self-signed root CA +certificates. +This makes it possible to trust certificates issued by an intermediate +CA without having to trust its ancestor root CA. +.Pp +The +.Dv X509_V_FLAG_NO_CHECK_TIME +flag suppresses checking the validity period of certificates and CRLs +against the current time. +If +.Fn X509_VERIFY_PARAM_set_time +is used to specify a verification time, the check is not suppressed. +.Sh EXAMPLES +Enable CRL checking when performing certificate verification during +SSL connections associated with an +.Vt SSL_CTX +structure +.Fa ctx : +.Bd -literal -offset indent +X509_VERIFY_PARAM *param; + +param = X509_VERIFY_PARAM_new(); +X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK); +SSL_CTX_set1_param(ctx, param); +X509_VERIFY_PARAM_free(param); +.Ed +.Sh SEE ALSO +.Xr SSL_set1_param 3 , +.Xr X509_check_host 3 , +.Xr X509_STORE_CTX_set0_param 3 , +.Xr X509_STORE_set1_param 3 , +.Xr X509_verify_cert 3 +.Sh HISTORY +.Fn X509_VERIFY_PARAM_new , +.Fn X509_VERIFY_PARAM_free , +.Fn X509_VERIFY_PARAM_set1_name , +.Fn X509_VERIFY_PARAM_set_flags , +.Fn X509_VERIFY_PARAM_set_purpose , +.Fn X509_VERIFY_PARAM_set_trust , +.Fn X509_VERIFY_PARAM_set_time , +.Fn X509_VERIFY_PARAM_add0_policy , +.Fn X509_VERIFY_PARAM_set1_policies , +.Fn X509_VERIFY_PARAM_set_depth , +.Fn X509_VERIFY_PARAM_get_depth , +.Fn X509_VERIFY_PARAM_add0_table , +.Fn X509_VERIFY_PARAM_lookup , +and +.Fn X509_VERIFY_PARAM_table_cleanup +first appeared in OpenSSL 0.9.8. +.Fn X509_VERIFY_PARAM_clear_flags +and +.Fn X509_VERIFY_PARAM_get_flags +first appeared in OpenSSL 0.9.8a. +All these functions have been available since +.Ox 4.5 . +.Pp +.Fn X509_VERIFY_PARAM_get0_name +.Fn X509_VERIFY_PARAM_set1_host , +.Fn X509_VERIFY_PARAM_add1_host , +.Fn X509_VERIFY_PARAM_set_hostflags , +.Fn X509_VERIFY_PARAM_get0_peername , +.Fn X509_VERIFY_PARAM_set1_email , +.Fn X509_VERIFY_PARAM_set1_ip , +.Fn X509_VERIFY_PARAM_set1_ip_asc , +.Fn X509_VERIFY_PARAM_get_count , +and +.Fn X509_VERIFY_PARAM_get0 +first appeared in OpenSSL 1.0.2 and have been available since +.Ox 6.3 . +.Sh BUGS +Delta CRL checking is currently primitive. +Only a single delta can be used and (partly due to limitations of +.Vt X509_STORE ) +constructed CRLs are not maintained. +.Pp +If CRLs checking is enabled, CRLs are expected to be available in +the corresponding +.Vt X509_STORE +structure. +No attempt is made to download CRLs from the CRL distribution points +extension. diff --git a/src/lib/libcrypto/man/X509_check_ca.3 b/src/lib/libcrypto/man/X509_check_ca.3 new file mode 100644 index 00000000000..0e7b7662b72 --- /dev/null +++ b/src/lib/libcrypto/man/X509_check_ca.3 @@ -0,0 +1,96 @@ +.\" $OpenBSD: X509_check_ca.3,v 1.4 2018/03/22 22:07:12 schwarze Exp $ +.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" +.\" This file was written by Victor B. Wagner . +.\" Copyright (c) 2015, 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 22 2018 $ +.Dt X509_CHECK_CA 3 +.Os +.Sh NAME +.Nm X509_check_ca +.Nd check whether a certificate is a CA certificate +.Sh SYNOPSIS +.In openssl/x509v3.h +.Ft int +.Fo X509_check_ca +.Fa "X509 *cert" +.Fc +.Sh DESCRIPTION +This function checks whether the given certificate is a CA certificate, +that is, whether it can be used to sign other certificates. +.Sh RETURN VALUES +This functions returns non-zero if +.Fa cert +is a CA certificate or 0 otherwise. +.Pp +The following return values identify specific kinds of CA certificates: +.Bl -tag -width 2n +.It 1 +an X.509 v3 CA certificate with +.Sy basicConstraints +extension CA:TRUE +.It 3 +a self-signed X.509 v1 certificate +.It 4 +a certificate with +.Sy keyUsage +extension with bit +.Sy keyCertSign +set, but without +.Sy basicConstraints +.It 5 +a certificate with an outdated Netscape Certificate Type extension telling +that it is a CA certificate +.El +.Sh SEE ALSO +.Xr X509_check_issued 3 , +.Xr X509_verify_cert 3 +.Sh HISTORY +.Fn X509_check_ca +first appeared in OpenSSL 0.9.7f and has been available since +.Ox 3.8 . diff --git a/src/lib/libcrypto/man/X509_check_host.3 b/src/lib/libcrypto/man/X509_check_host.3 new file mode 100644 index 00000000000..f811f218849 --- /dev/null +++ b/src/lib/libcrypto/man/X509_check_host.3 @@ -0,0 +1,238 @@ +.\" $OpenBSD: X509_check_host.3,v 1.3 2018/03/23 14:26:40 schwarze Exp $ +.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" +.\" This file was written by Florian Weimer and +.\" Viktor Dukhovni . +.\" Copyright (c) 2012, 2014, 2015, 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt X509_CHECK_HOST 3 +.Os +.Sh NAME +.Nm X509_check_host , +.Nm X509_check_email , +.Nm X509_check_ip , +.Nm X509_check_ip_asc +.Nd X.509 certificate matching +.Sh SYNOPSIS +.In openssl/x509v3.h +.Ft int +.Fo X509_check_host +.Fa "X509 *x" +.Fa "const char *name" +.Fa "size_t namelen" +.Fa "unsigned int flags" +.Fa "char **peername" +.Fc +.Ft int +.Fo X509_check_email +.Fa "X509 *x" +.Fa "const char *address" +.Fa "size_t addresslen" +.Fa "unsigned int flags" +.Fc +.Ft int +.Fo X509_check_ip +.Fa "X509 *x" +.Fa "const unsigned char *address" +.Fa "size_t addresslen" +.Fa "unsigned int flags" +.Fc +.Ft int +.Fo X509_check_ip_asc +.Fa "X509 *x" +.Fa "const char *address" +.Fa "unsigned int flags" +.Fc +.Sh DESCRIPTION +The certificate matching functions are used to check whether a +certificate matches a given host name, email address, or IP address. +The validity of the certificate and its trust level has to be checked by +other means. +.Pp +.Fn X509_check_host +checks if the certificate Subject Alternative Name (SAN) or Subject +CommonName (CN) matches the specified host name, which must be encoded +in the preferred name syntax described in section 3.5 of RFC 1034. +By default, wildcards are supported and they match only in the +left-most label; they may match part of that label with an +explicit prefix or suffix. +For example, by default, the host +.Fa name +.Qq www.example.com +would match a certificate with a SAN or CN value of +.Qq *.example.com , +.Qq w*.example.com +or +.Qq *w.example.com . +.Pp +Per section 6.4.2 of RFC 6125, +.Fa name +values representing international domain names must be given in A-label +form. +The +.Fa namelen +argument must be the number of characters in the name string or zero, in +which case the length is calculated with +.Fn strlen name . +When +.Fa name +starts with a dot (e.g.\& +.Qq .example.com ) , +it will be matched by a certificate valid for any sub-domain of +.Fa name ; +see also +.Fa X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS +below. +.Pp +When the certificate is matched and +.Fa peername +is not +.Dv NULL , +a pointer to a copy of the matching SAN or CN from the peer +certificate is stored at the address passed in +.Fa peername . +The application is responsible for freeing the peername via +.Xr free 3 +when it is no longer needed. +.Pp +.Fn X509_check_email +checks if the certificate matches the specified email +.Fa address . +Only the mailbox syntax of RFC 822 is supported. +Comments are not allowed, +and no attempt is made to normalize quoted characters. +The +.Fa addresslen +argument must be the number of characters in the address string or zero, +in which case the length is calculated with +.Fn strlen address . +.Pp +.Fn X509_check_ip +checks if the certificate matches a specified IPv4 or IPv6 address. +The +.Fa address +array is in binary format, in network byte order. +The length is either 4 (IPv4) or 16 (IPv6). +Only explicitly marked addresses in the certificates are considered; +IP addresses stored in DNS names and Common Names are ignored. +.Pp +.Fn X509_check_ip_asc +is similar, except that the NUL-terminated string +.Fa address +is first converted to the internal representation. +.Pp +The +.Fa flags +argument is usually 0, but it can be the bitwise OR of the following +flags. +.Pp +The +.Dv X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT +flag causes the function to consider the subject DN even if the +certificate contains at least one subject alternative name of the right +type (DNS name or email address as appropriate); the default is to +ignore the subject DN when at least one corresponding subject +alternative names is present. +.Pp +The remaining flags are only meaningful for +.Fn X509_check_host . +.Pp +The +.Dv X509_CHECK_FLAG_NO_WILDCARDS +flag disables wildcard expansion. +.Pp +The +.Dv X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS +flag suppresses support for +.Qq * +as a wildcard pattern in labels that have a +prefix or suffix, such as +.Qq www* +or +.Qq *www . +.Pp +The +.Dv X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS +flag allows a +.Qq * +that constitutes the complete label of a DNS name (e.g.\& +.Qq *.example.com ) +to match more than one label in +.Fa name . +.Pp +The +.Dv X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS +flag restricts +.Fa name +values which start with +.Qq \&. , +that would otherwise match any sub-domain in the peer certificate, +to only match direct child sub-domains. +Thus, for instance, with this flag set a +.Fa name +of +.Qq .example.com +would match a peer certificate with a DNS name of +.Qq www.example.com , +but would not match a peer certificate with a DNS name of +.Qq www.sub.example.com . +.Sh RETURN VALUES +The functions return 1 for a successful match, 0 for a failed match and +-1 for an internal error: typically a memory allocation failure or an +ASN.1 decoding error. +.Pp +All functions can also return -2 if the input is malformed. +For example, +.Fn X509_check_host +returns -2 if the provided +.Fa name +contains embedded NUL bytes. +.Sh HISTORY +These functions first appeared in OpenSSL 1.0.2 +and have been available since +.Ox 6.1 . diff --git a/src/lib/libcrypto/man/X509_check_issued.3 b/src/lib/libcrypto/man/X509_check_issued.3 new file mode 100644 index 00000000000..393f3949b54 --- /dev/null +++ b/src/lib/libcrypto/man/X509_check_issued.3 @@ -0,0 +1,108 @@ +.\" $OpenBSD: X509_check_issued.3,v 1.3 2018/03/22 17:11:04 schwarze Exp $ +.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" +.\" This file was written by Victor B. Wagner . +.\" Copyright (c) 2015 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 22 2018 $ +.Dt X509_CHECK_ISSUED 3 +.Os +.Sh NAME +.Nm X509_check_issued +.Nd check whether a certificate was issued using a given CA certificate +.Sh SYNOPSIS +.In openssl/x509v3.h +.Ft int +.Fo X509_check_issued +.Fa "X509 *issuer" +.Fa "X509 *subject" +.Fc +.Sh DESCRIPTION +This function checks whether the certificate +.Fa subject +was issued using the CA certificate +.Fa issuer . +It does the following checks: +.Bl -bullet +.It +match the issuer field of +.Fa subject +against the subject field of +.Fa issuer +.It +if +.Sy authorityKeyIdentifier +is present in the +.Fa subject +certificate, +compare it to the +.Sy subjectKeyIdentifier +of +.Fa issuer +.It +check the +.Sy keyUsage +field of +.Fa issuer . +.El +.Sh RETURN VALUES +This function returns +.Dv X509_V_OK +if the certificate +.Fa subject +is issued by +.Fa issuer , +or some +.Dv X509_V_ERR* +constant to indicate an error. +.Sh SEE ALSO +.Xr X509_check_ca 3 , +.Xr X509_verify_cert 3 +.Sh HISTORY +.Fn X509_check_issued +first appeared in OpenSSL 0.9.6 and has been available since +.Ox 2.9 . diff --git a/src/lib/libcrypto/man/X509_check_private_key.3 b/src/lib/libcrypto/man/X509_check_private_key.3 new file mode 100644 index 00000000000..38e297d54c7 --- /dev/null +++ b/src/lib/libcrypto/man/X509_check_private_key.3 @@ -0,0 +1,71 @@ +.\" $OpenBSD: X509_check_private_key.3,v 1.5 2018/05/19 22:40:34 schwarze Exp $ +.\" OpenSSL X509_check_private_key.pod 09ddb878 Jun 5 03:56:07 2017 +0800 +.\" +.\" Copyright (c) 2017 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: May 19 2018 $ +.Dt X509_CHECK_PRIVATE_KEY 3 +.Os +.Sh NAME +.Nm X509_check_private_key , +.Nm X509_REQ_check_private_key +.Nd compare public key components +.Sh SYNOPSIS +.In openssl/x509.h +.Ft int +.Fo X509_check_private_key +.Fa "const X509 *x" +.Fa "const EVP_PKEY *k" +.Fc +.Ft int +.Fo X509_REQ_check_private_key +.Fa "X509_REQ *x" +.Fa "EVP_PKEY *k" +.Fc +.Sh DESCRIPTION +These functions are seriously misnamed. +.Fn X509_check_private_key +compares the +.Em public +key components (e.g. exponent and modulus of an RSA key) +and parameters (e.g. EC params of an EC key) of +.Fa k +with the corresponding properties of +.Fa x . +Despite the name, it neither checks whether +.Fa k +contains private key components at all, nor, if any are present, +whether they are consistent with the public key components. +.Pp +.Fn X509_REQ_check_private_key +is equivalent to +.Fn X509_check_private_key +except that it compares to the public key +contained in a certificate request. +.Sh RETURN VALUES +These functions return 1 if the public key components and parameters +match, or 0 if they do not or if an error occurs. +On error or mismatch, a reason code can be obtained using +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr SSL_check_private_key 3 +.Sh HISTORY +.Fn X509_check_private_key +first appeared in SSLeay 0.6.5 and has been available since +.Ox 2.4 . +.Pp +.Fn X509_REQ_check_private_key +first appeared in OpenSSL 0.9.8 and has been available since +.Ox 4.5 . diff --git a/src/lib/libcrypto/man/X509_cmp_time.3 b/src/lib/libcrypto/man/X509_cmp_time.3 new file mode 100644 index 00000000000..d7a55653ae0 --- /dev/null +++ b/src/lib/libcrypto/man/X509_cmp_time.3 @@ -0,0 +1,153 @@ +.\" $OpenBSD: X509_cmp_time.3,v 1.8 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL X509_cmp_time.pod 24053693 Mar 28 14:27:37 2017 +0200 +.\" +.\" This file was written by Emilia Kasper +.\" Copyright (c) 2017 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt X509_CMP_TIME 3 +.Os +.Sh NAME +.Nm X509_cmp_time , +.Nm X509_cmp_current_time , +.Nm X509_time_adj_ex , +.Nm X509_time_adj +.Nd ASN.1 Time utilities +.Sh SYNOPSIS +.In openssl/x509.h +.Ft int +.Fo X509_cmp_time +.Fa "const ASN1_TIME *asn1_time" +.Fa "time_t *cmp_time" +.Fc +.Ft int +.Fo X509_cmp_current_time +.Fa "const ASN1_TIME *asn1_time" +.Fc +.Ft ASN1_TIME * +.Fo X509_time_adj_ex +.Fa "ASN1_TIME *asn1_time" +.Fa "int offset_day" +.Fa "long offset_sec" +.Fa "time_t *in_tm" +.Fc +.Ft ASN1_TIME * +.Fo X509_time_adj +.Fa "ASN1_TIME *asn1_time" +.Fa "long offset_sec" +.Fa "time_t *in_tm" +.Fc +.Sh DESCRIPTION +.Fn X509_cmp_time +parses +.Fa asn1_time +with +.Xr ASN1_time_parse 3 +and compares it to +.Fa cmp_time . +.Fn X509_cmp_current_time +compares it to the current time. +.Pp +.Fn X509_time_adj_ex +sets +.Fa asn1_time +to a time +.Fa offset_day +and +.Fa offset_sec +later than +.Fa in_tm . +.Fn X509_time_adj +does the same with a 0 day offset. +If +.Fa asn1_time +is +.Dv NULL , +a new +.Vt ASN1_TIME +structure is allocated and returned. +.Pp +In all functions, if +.Fa in_tm +is +.Dv NULL , +the current time is used. +.Sh RETURN VALUES +.Fn X509_cmp_time +and +.Fn X509_cmp_current_time +return -1 if +.Fa asn1_time +is earlier than or equal to +.Fa cmp_time , +1 if it is later, or 0 on error. +.Pp +.Fn X509_time_adj_ex +and +.Fn X509_time_adj +return a pointer to the updated +.Vt ASN1_TIME +structure or +.Dv NULL +on error. +.Sh SEE ALSO +.Xr ASN1_time_parse 3 , +.Xr time 3 +.Sh HISTORY +.Fn X509_cmp_current_time +first appeared in SSLeay 0.6.0 and has been available since +.Ox 2.4 . +.Pp +.Fn X509_cmp_time +and +.Fn X509_time_adj +first appeared in OpenSSL 0.9.6 and have been available since +.Ox 2.9 . +.Pp +.Fn X509_time_adj_ex +first appeared in OpenSSL 1.0.0 and has been available since +.Ox 4.9 . diff --git a/src/lib/libcrypto/man/X509_digest.3 b/src/lib/libcrypto/man/X509_digest.3 new file mode 100644 index 00000000000..e29160d50c6 --- /dev/null +++ b/src/lib/libcrypto/man/X509_digest.3 @@ -0,0 +1,150 @@ +.\" $OpenBSD: X509_digest.3,v 1.6 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL X509_digest.pod 3ba4dac6 Mar 23 13:04:52 2017 -0400 +.\" +.\" This file was written by Rich Salz +.\" Copyright (c) 2017 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt X509_DIGEST 3 +.Os +.Sh NAME +.Nm X509_digest , +.Nm X509_CRL_digest , +.Nm X509_pubkey_digest , +.Nm X509_NAME_digest , +.Nm X509_REQ_digest , +.Nm PKCS7_ISSUER_AND_SERIAL_digest +.Nd get digests of various objects +.Sh SYNOPSIS +.In openssl/x509.h +.Ft int +.Fo X509_digest +.Fa "const X509 *data" +.Fa "const EVP_MD *type" +.Fa "unsigned char *md" +.Fa "unsigned int *len" +.Fc +.Ft int +.Fo X509_CRL_digest +.Fa "const X509_CRL *data" +.Fa "const EVP_MD *type" +.Fa "unsigned char *md" +.Fa "unsigned int *len" +.Fc +.Ft int +.Fo X509_pubkey_digest +.Fa "const X509 *data" +.Fa "const EVP_MD *type" +.Fa "unsigned char *md" +.Fa "unsigned int *len" +.Fc +.Ft int +.Fo X509_REQ_digest +.Fa "const X509_REQ *data" +.Fa "const EVP_MD *type" +.Fa "unsigned char *md" +.Fa "unsigned int *len" +.Fc +.Ft int +.Fo X509_NAME_digest +.Fa "const X509_NAME *data" +.Fa "const EVP_MD *type" +.Fa "unsigned char *md" +.Fa "unsigned int *len" +.Fc +.In openssl/pkcs7.h +.Ft int +.Fo PKCS7_ISSUER_AND_SERIAL_digest +.Fa "PKCS7_ISSUER_AND_SERIAL *data" +.Fa "const EVP_MD *type" +.Fa "unsigned char *md" +.Fa "unsigned int *len" +.Fc +.Sh DESCRIPTION +.Fn X509_pubkey_digest +returns a digest of the DER representation of the public key contained in +.Fa data . +All other functions described here return a digest of the DER +representation of their entire +.Fa data +object. +.Pp +The +.Fa type +parameter specifies the digest to be used, such as +.Xr EVP_sha1 3 . +.Fa md +is a pointer to the buffer where the digest will be copied and is +assumed to be large enough; a size of at least +.Dv EVP_MAX_MD_SIZE +bytes is suggested. +The +.Fa len +parameter, if not +.Dv NULL , +points to a place where the digest size will be stored. +.Sh RETURN VALUES +These functions return 1 for success or 0 for failure. +.Sh SEE ALSO +.Xr EVP_get_digestbyname 3 +.Sh HISTORY +.Fn X509_digest , +.Fn X509_NAME_digest , +and +.Fn PKCS7_ISSUER_AND_SERIAL_digest +first appeared in SSLeay 0.6.5 and have been available since +.Ox 2.4 . +.Pp +.Fn X509_CRL_digest +and +.Fn X509_REQ_digest +first appeared in OpenSSL 0.9.6 and have been available since +.Ox 2.9 . +.Pp +.Fn X509_pubkey_digest +first appeared in OpenSSL 0.9.7 and has been available since +.Ox 3.2 . diff --git a/src/lib/libcrypto/man/X509_get0_notBefore.3 b/src/lib/libcrypto/man/X509_get0_notBefore.3 new file mode 100644 index 00000000000..334f70e5996 --- /dev/null +++ b/src/lib/libcrypto/man/X509_get0_notBefore.3 @@ -0,0 +1,158 @@ +.\" $OpenBSD: X509_get0_notBefore.3,v 1.4 2018/03/23 23:18:17 schwarze Exp $ +.\" content checked up to: OpenSSL 27b138e9 May 19 00:16:38 2017 +0000 +.\" +.\" Copyright (c) 2018 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt X509_GET0_NOTBEFORE 3 +.Os +.Sh NAME +.Nm X509_get0_notBefore , +.Nm X509_get0_notAfter , +.Nm X509_getm_notBefore , +.Nm X509_getm_notAfter , +.Nm X509_CRL_get0_lastUpdate , +.Nm X509_CRL_get0_nextUpdate , +.Nm X509_set1_notBefore , +.Nm X509_set1_notAfter , +.Nm X509_CRL_set1_lastUpdate , +.Nm X509_CRL_set1_nextUpdate +.Nd get and set certificate and CRL validity dates +.Sh SYNOPSIS +.In openssl/x509.h +.Ft const ASN1_TIME * +.Fo X509_get0_notBefore +.Fa "const X509 *x" +.Fc +.Ft const ASN1_TIME * +.Fo X509_get0_notAfter +.Fa "const X509 *x" +.Fc +.Ft ASN1_TIME * +.Fo X509_getm_notBefore +.Fa "const X509 *x" +.Fc +.Ft ASN1_TIME * +.Fo X509_getm_notAfter +.Fa "const X509 *x" +.Fc +.Ft ASN1_TIME * +.Fo X509_CRL_get0_lastUpdate +.Fa "const X509_CRL *crl" +.Fc +.Ft ASN1_TIME * +.Fo X509_CRL_get0_nextUpdate +.Fa "const X509_CRL *crl" +.Fc +.Ft int +.Fo X509_set1_notBefore +.Fa "X509 *x" +.Fa "const ASN1_TIME *tm" +.Fc +.Ft int +.Fo X509_set1_notAfter +.Fa "X509 *x" +.Fa "const ASN1_TIME *tm" +.Fc +.Ft int +.Fo X509_CRL_set1_lastUpdate +.Fa "X509_CRL *crl" +.Fa "const ASN1_TIME *tm" +.Fc +.Ft int +.Fo X509_CRL_set1_nextUpdate +.Fa "X509_CRL *crl" +.Fa "const ASN1_TIME *tm" +.Fc +.Sh DESCRIPTION +.Fn X509_getm_notBefore +and +.Fn X509_getm_notAfter +return pointers to the +.Fa notBefore +and +.Fa notAfter +fields of the validity period of the certificate +.Fa x , +respectively. +.Pp +.Fn X509_get0_notBefore +and +.Fn X509_get0_notAfter +are identical except for the const qualifier on the return type. +.Pp +.Fn X509_CRL_get0_lastUpdate +and +.Fn X509_CRL_get0_nextUpdate +return pointers to the +.Fa lastUpdate +and +.Fa nextUpdate +fields of +.Fa crl . +.Pp +.Fn X509_set1_notBefore , +.Fn X509_set1_notAfter , +.Fn X509_CRL_set1_lastUpdate , +and +.Fn X509_CRL_set1_nextUpdate +set the +.Fa notBefore , +.Fa notAfter , +.Fa lastUpdate , +or +.Fa nextUpdate +field of +.Fa x +or +.Fa crl , +respectively, to a deep copy of +.Fa tm +and free the +.Vt ASN1_TIME +value that they replace. +.Sh RETURN VALUES +.Fn X509_get0_notBefore , +.Fn X509_get0_notAfter , +.Fn X509_getm_notBefore , +.Fn X509_getm_notAfter , +.Fn X509_CRL_get0_lastUpdate , +and +.Fn X509_CRL_get0_nextUpdate +return internal pointers which must not be freed by the application, or +.Dv NULL +if the requested fields are not available. +.Pp +.Fn X509_set1_notBefore , +.Fn X509_set1_notAfter , +.Fn X509_CRL_set1_lastUpdate , +and +.Fn X509_CRL_set1_nextUpdate +return 1 on success or 0 on failure. +.Sh SEE ALSO +.Xr ASN1_TIME_set 3 , +.Xr ASN1_TIME_set_tm 3 , +.Xr X509_cmp_time 3 , +.Xr X509_CRL_get0_by_serial 3 , +.Xr X509_CRL_new 3 , +.Xr X509_get_subject_name 3 , +.Xr X509_new 3 , +.Xr X509_sign 3 , +.Xr X509_VAL_new 3 , +.Xr X509_verify_cert 3 +.Sh HISTORY +These functions first appeared in OpenSSL 1.1.0 +and have been available since +.Ox 6.3 . diff --git a/src/lib/libcrypto/man/X509_get0_signature.3 b/src/lib/libcrypto/man/X509_get0_signature.3 new file mode 100644 index 00000000000..a0982f2193a --- /dev/null +++ b/src/lib/libcrypto/man/X509_get0_signature.3 @@ -0,0 +1,162 @@ +.\" $OpenBSD: X509_get0_signature.3,v 1.5 2018/03/23 23:18:17 schwarze Exp $ +.\" selective merge up to: +.\" OpenSSL man3/X509_get0_signature 2f7a2520 Apr 25 17:28:08 2017 +0100 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2015 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt X509_GET0_SIGNATURE 3 +.Os +.Sh NAME +.Nm X509_get0_signature , +.Nm X509_REQ_get0_signature , +.Nm X509_CRL_get0_signature , +.Nm X509_get0_tbs_sigalg , +.Nm X509_get_signature_nid , +.Nm X509_REQ_get_signature_nid , +.Nm X509_CRL_get_signature_nid +.Nd signature information +.Sh SYNOPSIS +.In openssl/x509.h +.Ft void +.Fo X509_get0_signature +.Fa "const ASN1_BIT_STRING **psig" +.Fa "const X509_ALGOR **palg" +.Fa "const X509 *x" +.Fc +.Ft void +.Fo X509_REQ_get0_signature +.Fa "const X509_REQ *req" +.Fa "const ASN1_BIT_STRING **psig" +.Fa "const X509_ALGOR **palg" +.Fc +.Ft void +.Fo X509_CRL_get0_signature +.Fa "const X509_CRL *crl" +.Fa "const ASN1_BIT_STRING **psig" +.Fa "const X509_ALGOR **palg" +.Fc +.Ft const X509_ALGOR * +.Fo X509_get0_tbs_sigalg +.Fa "const X509 *x" +.Fc +.Ft int +.Fo X509_get_signature_nid +.Fa "const X509 *x" +.Fc +.Ft int +.Fo X509_REQ_get_signature_nid +.Fa "const X509_REQ *req" +.Fc +.Ft int +.Fo X509_CRL_get_signature_nid +.Fa "const X509_CRL *crl" +.Fc +.Sh DESCRIPTION +.Fn X509_get0_signature , +.Fn X509_REQ_get0_signature , +and +.Fn X509_CRL_get0_signature +set +.Pf * Fa psig +to the signature and +.Pf * Fa palg +to the signature algorithm of +.Fa x , +.Fa req , +or +.Fa crl , +respectively. +.Fn X509_get0_tbs_sigalg +returns the signature algorithm in the signed portion of +.Fa x . +The values returned are internal pointers +that must not be freed by the caller. +.Pp +.Fn X509_get_signature_nid , +.Fn X509_REQ_get_signature_nid , +and +.Fn X509_CRL_get_signature_nid +return the NID corresponding to the signature algorithm of +.Fa x , +.Fa req , +or +.Fa crl , +respectively. +.Pp +These functions provide lower level access to the signature +for cases where an application wishes to analyse or generate a +signature in a form where +.Xr X509_sign 3 +is not appropriate, for example in a non-standard or unsupported format. +.Sh SEE ALSO +.Xr OBJ_obj2nid 3 , +.Xr X509_ALGOR_new 3 , +.Xr X509_CRL_get0_by_serial 3 , +.Xr X509_CRL_new 3 , +.Xr X509_get_pubkey 3 , +.Xr X509_get_subject_name 3 , +.Xr X509_get_version 3 , +.Xr X509_new 3 , +.Xr X509_REQ_new 3 , +.Xr X509_sign 3 , +.Xr X509_verify_cert 3 +.Sh HISTORY +.Fn X509_get0_signature +and +.Fn X509_get_signature_nid +first appeared in OpenSSL 1.0.2. +.Fn X509_REQ_get0_signature , +.Fn X509_CRL_get0_signature , +.Fn X509_get0_tbs_sigalg , +.Fn X509_REQ_get_signature_nid , +and +.Fn X509_CRL_get_signature_nid +first appeared in OpenSSL 1.1.0. +All these functions have been available since +.Ox 6.3 . diff --git a/src/lib/libcrypto/man/X509_get_pubkey.3 b/src/lib/libcrypto/man/X509_get_pubkey.3 new file mode 100644 index 00000000000..49a57447e8d --- /dev/null +++ b/src/lib/libcrypto/man/X509_get_pubkey.3 @@ -0,0 +1,173 @@ +.\" $OpenBSD: X509_get_pubkey.3,v 1.5 2018/03/27 17:35:50 schwarze Exp $ +.\" selective merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2015 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt X509_GET_PUBKEY 3 +.Os +.Sh NAME +.Nm X509_get_pubkey , +.Nm X509_get0_pubkey , +.Nm X509_set_pubkey , +.Nm X509_get_X509_PUBKEY , +.Nm X509_REQ_get_pubkey , +.Nm X509_REQ_set_pubkey +.Nd get or set certificate or certificate request public key +.Sh SYNOPSIS +.In openssl/x509.h +.Ft EVP_PKEY * +.Fo X509_get_pubkey +.Fa "X509 *x" +.Fc +.Ft EVP_PKEY * +.Fo X509_get0_pubkey +.Fa "const X509 *x" +.Fc +.Ft int +.Fo X509_set_pubkey +.Fa "X509 *x" +.Fa "EVP_PKEY *pkey" +.Fc +.Ft X509_PUBKEY * +.Fo X509_get_X509_PUBKEY +.Fa "X509 *x" +.Fc +.Ft EVP_PKEY * +.Fo X509_REQ_get_pubkey +.Fa "X509_REQ *req" +.Fc +.Ft int +.Fo X509_REQ_set_pubkey +.Fa "X509_REQ *x" +.Fa "EVP_PKEY *pkey" +.Fc +.Sh DESCRIPTION +.Fn X509_get_pubkey +attempts to decode the public key for certificate +.Fa x . +If successful it returns the public key as an +.Vt EVP_PKEY +pointer with its reference count incremented: this means the returned +key must be freed up after use. +.Fn X509_get0_pubkey +is similar except that it does not increment the reference count +of the returned +.Vt EVP_PKEY , +so it must not be freed up after use. +.Pp +.Fn X509_get_X509_PUBKEY +returns an internal pointer to the +.Vt X509_PUBKEY +structure which encodes the certificate of +.Fa x . +The returned value must not be freed up after use. +.Fn X509_get_X509_PUBKEY +is implemented as a macro. +.Pp +.Fn X509_set_pubkey +attempts to set the public key for certificate +.Fa x +to +.Fa pkey . +The key +.Fa pkey +should be freed up after use. +.Pp +.Fn X509_REQ_get_pubkey +and +.Fn X509_REQ_set_pubkey +are similar but operate on certificate request +.Fa req . +.Pp +The first time a public key is decoded, the +.Vt EVP_PKEY +structure is cached in the certificate or certificate request itself. +Subsequent calls return the cached structure with its reference count +incremented to improve performance. +.Sh RETURN VALUES +.Fn X509_get_pubkey , +.Fn X509_get0_pubkey , +.Fn X509_get_X509_PUBKEY , +and +.Fn X509_REQ_get_pubkey +return a public key or +.Dv NULL +if an error occurred. +.Pp +.Fn X509_set_pubkey +and +.Fn X509_REQ_set_pubkey +return 1 for success or 0 for failure. +.Sh SEE ALSO +.Xr d2i_X509 3 , +.Xr ERR_get_error 3 , +.Xr X509_CRL_get0_by_serial 3 , +.Xr X509_NAME_add_entry_by_txt 3 , +.Xr X509_NAME_ENTRY_get_object 3 , +.Xr X509_NAME_get_index_by_NID 3 , +.Xr X509_NAME_print_ex 3 , +.Xr X509_new 3 , +.Xr X509_sign 3 , +.Xr X509_verify_cert 3 , +.Xr X509V3_get_d2i 3 +.Sh HISTORY +.Fn X509_get_pubkey , +.Fn X509_set_pubkey , +.Fn X509_REQ_get_pubkey , +and +.Fn X509_REQ_set_pubkey +first appeared in SSLeay 0.6.5. +.Fn X509_get_X509_PUBKEY +first appeared in SSLeay 0.8.0. +These functions have been available since +.Ox 2.4 . +.Pp +.Fn X509_get0_pubkey +first appeared in OpenSSL 1.1.0 and has been available since +.Ox 6.3 . diff --git a/src/lib/libcrypto/man/X509_get_serialNumber.3 b/src/lib/libcrypto/man/X509_get_serialNumber.3 new file mode 100644 index 00000000000..b8d540dcf26 --- /dev/null +++ b/src/lib/libcrypto/man/X509_get_serialNumber.3 @@ -0,0 +1,113 @@ +.\" $OpenBSD: X509_get_serialNumber.3,v 1.3 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL bb9ad09e Jun 6 00:43:05 2016 -0400 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt X509_GET_SERIALNUMBER 3 +.Os +.Sh NAME +.Nm X509_get_serialNumber , +.Nm X509_set_serialNumber +.Nd get or set certificate serial number +.Sh SYNOPSIS +.In openssl/x509.h +.Ft ASN1_INTEGER * +.Fo X509_get_serialNumber +.Fa "X509 *x" +.Fc +.Ft int +.Fo X509_set_serialNumber +.Fa "X509 *x" +.Fa "ASN1_INTEGER *serial" +.Fc +.Sh DESCRIPTION +.Fn X509_get_serialNumber +returns the serial number of certificate +.Fa x +as an +.Vt ASN1_INTEGER +structure which can be examined or initialised. +The value returned is an internal pointer which must not be freed +up after the call. +.Pp +.Fn X509_set_serialNumber +sets the serial number of certificate +.Fa x +to +.Fa serial . +A copy of the serial number is used internally so +.Fa serial +should be freed up after use. +.Sh RETURN VALUES +.Fn X509_get_serialNumber +returns an +.Vt ASN1_INTEGER +structure. +.Pp +.Fn X509_set_serialNumber +returns 1 for success and 0 for failure. +.Sh SEE ALSO +.Xr d2i_X509 3 , +.Xr ERR_get_error 3 , +.Xr X509_CRL_get0_by_serial 3 , +.Xr X509_get_pubkey 3 , +.Xr X509_NAME_add_entry_by_txt 3 , +.Xr X509_NAME_ENTRY_get_object 3 , +.Xr X509_NAME_get_index_by_NID 3 , +.Xr X509_NAME_print_ex 3 , +.Xr X509_new 3 , +.Xr X509_sign 3 , +.Xr X509_verify_cert 3 , +.Xr X509V3_get_d2i 3 +.Sh HISTORY +.Fn X509_get_serialNumber +and +.Fn X509_set_serialNumber +first appeared in SSLeay 0.6.5 and have been available since +.Ox 2.4 . diff --git a/src/lib/libcrypto/man/X509_get_subject_name.3 b/src/lib/libcrypto/man/X509_get_subject_name.3 new file mode 100644 index 00000000000..06b554eff3c --- /dev/null +++ b/src/lib/libcrypto/man/X509_get_subject_name.3 @@ -0,0 +1,191 @@ +.\" $OpenBSD: X509_get_subject_name.3,v 1.7 2018/05/13 14:25:40 schwarze Exp $ +.\" OpenSSL 0ad69cd6 Jun 14 23:02:16 2016 +0200 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2015 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: May 13 2018 $ +.Dt X509_GET_SUBJECT_NAME 3 +.Os +.Sh NAME +.Nm X509_get_subject_name , +.Nm X509_set_subject_name , +.Nm X509_get_issuer_name , +.Nm X509_set_issuer_name , +.Nm X509_REQ_get_subject_name , +.Nm X509_REQ_set_subject_name , +.Nm X509_CRL_get_issuer , +.Nm X509_CRL_set_issuer_name +.Nd get and set issuer or subject names +.Sh SYNOPSIS +.In openssl/x509.h +.Ft X509_NAME * +.Fo X509_get_subject_name +.Fa "const X509 *x" +.Fc +.Ft int +.Fo X509_set_subject_name +.Fa "X509 *x" +.Fa "X509_NAME *name" +.Fc +.Ft X509_NAME * +.Fo X509_get_issuer_name +.Fa "const X509 *x" +.Fc +.Ft int +.Fo X509_set_issuer_name +.Fa "X509 *x" +.Fa "X509_NAME *name" +.Fc +.Ft X509_NAME * +.Fo X509_REQ_get_subject_name +.Fa "const X509_REQ *req" +.Fc +.Ft int +.Fo X509_REQ_set_subject_name +.Fa "X509_REQ *req" +.Fa "X509_NAME *name" +.Fc +.Ft X509_NAME * +.Fo X509_CRL_get_issuer +.Fa "const X509_CRL *crl" +.Fc +.Ft int +.Fo X509_CRL_set_issuer_name +.Fa "X509_CRL *x" +.Fa "X509_NAME *name" +.Fc +.Sh DESCRIPTION +.Fn X509_get_subject_name +returns the subject name of certificate +.Fa x . +The returned value is an internal pointer which must not be freed. +.Pp +.Fn X509_set_subject_name +sets the issuer name of certificate +.Fa x +to +.Fa name . +The +.Fa name +parameter is copied internally and should be freed up when it is no +longer needed. +.Pp +.Fn X509_get_issuer_name +and +.Fn X509_set_issuer_name +are identical to +.Fn X509_get_subject_name +and +.Fn X509_set_subject_name +except that they get and set the issuer name of +.Fa x . +.Pp +Similarly +.Fn X509_REQ_get_subject_name , +.Fn X509_REQ_set_subject_name , +.Fn X509_CRL_get_issuer , +and +.Fn X509_CRL_set_issuer_name +get or set the subject or issuer names of certificate requests +of CRLs, respectively. +.Pp +.Fn X509_REQ_get_subject_name +and +.Fn X509_CRL_get_issuer +are implemented as macros. +.Sh RETURN VALUES +.Fn X509_get_subject_name , +.Fn X509_get_issuer_name , +.Fn X509_REQ_get_subject_name , +and +.Fn X509_CRL_get_issuer +return a pointer to an +.Vt X509_NAME +object. +.Pp +.Fn X509_set_subject_name , +.Fn X509_set_issuer_name , +.Fn X509_REQ_set_subject_name , +and +.Fn X509_CRL_set_issuer_name +return 1 for success or 0 for failure. +.Sh SEE ALSO +.Xr d2i_X509_NAME 3 , +.Xr ERR_get_error 3 , +.Xr X509_CRL_get0_by_serial 3 , +.Xr X509_get_pubkey 3 , +.Xr X509_NAME_add_entry_by_txt 3 , +.Xr X509_NAME_ENTRY_get_object 3 , +.Xr X509_NAME_get_index_by_NID 3 , +.Xr X509_NAME_new 3 , +.Xr X509_NAME_print_ex 3 , +.Xr X509_new 3 , +.Xr X509_sign 3 , +.Xr X509_verify_cert 3 , +.Xr X509V3_get_d2i 3 +.Sh HISTORY +.Fn X509_get_subject_name +and +.Fn X509_get_issuer_name +appeared in SSLeay 0.4 or earlier. +.Fn X509_set_subject_name , +.Fn X509_set_issuer_name , +.Fn X509_REQ_get_subject_name , +and +.Fn X509_REQ_set_subject_name +first appeared in SSLeay 0.6.5. +These functions have been available since +.Ox 2.4 . +.Pp +.Fn X509_CRL_get_issuer +first appeared in OpenSSL 0.9.2b and has been available since +.Ox 2.6 . +.Pp +.Fn X509_CRL_set_issuer_name +first appeared in OpenSSL 0.9.7 and has been available since +.Ox 3.2 . diff --git a/src/lib/libcrypto/man/X509_get_version.3 b/src/lib/libcrypto/man/X509_get_version.3 new file mode 100644 index 00000000000..395502fa07c --- /dev/null +++ b/src/lib/libcrypto/man/X509_get_version.3 @@ -0,0 +1,165 @@ +.\" $OpenBSD: X509_get_version.3,v 1.5 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2015, 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt X509_GET_VERSION 3 +.Os +.Sh NAME +.Nm X509_get_version , +.Nm X509_set_version , +.Nm X509_REQ_get_version , +.Nm X509_REQ_set_version , +.Nm X509_CRL_get_version , +.Nm X509_CRL_set_version +.Nd get or set certificate, certificate request, or CRL version +.Sh SYNOPSIS +.In openssl/x509.h +.Ft long +.Fo X509_get_version +.Fa "const X509 *x" +.Fc +.Ft int +.Fo X509_set_version +.Fa "X509 *x" +.Fa "long version" +.Fc +.Ft long +.Fo X509_REQ_get_version +.Fa "const X509_REQ *req" +.Fc +.Ft int +.Fo X509_REQ_set_version +.Fa "X509_REQ *x" +.Fa "long version" +.Fc +.Ft long +.Fo X509_CRL_get_version +.Fa "const X509_CRL *crl" +.Fc +.Ft int +.Fo X509_CRL_set_version +.Fa "X509_CRL *x" +.Fa "long version" +.Fc +.Sh DESCRIPTION +.Fn X509_get_version +returns the numerical value of the version field of certificate +.Fa x . +Note: this is defined by standards (X.509 et al.) to be one less +than the certificate version. +So a version 3 certificate will return 2 and a version 1 certificate +will return 0. +.Pp +.Fn X509_set_version +sets the numerical value of the version field of certificate +.Fa x +to +.Fa version . +.Pp +Similarly +.Fn X509_REQ_get_version , +.Fn X509_REQ_set_version , +.Fn X509_CRL_get_version , +and +.Fn X509_CRL_set_version +get and set the version number of certificate requests and CRLs. +.Pp +The version field of certificates, certificate requests, and CRLs +has a DEFAULT value of v1(0) meaning the field should be omitted +for version 1. +This is handled transparently by these functions. +.Pp +.Fn X509_get_version , +.Fn X509_REQ_get_version +and +.Fn X509_CRL_get_version +are implemented as macros. +.Sh RETURN VALUES +.Fn X509_get_version , +.Fn X509_REQ_get_version , +and +.Fn X509_CRL_get_version +return the numerical value of the version field. +.Pp +.Fn X509_set_version , +.Fn X509_REQ_set_version , +and +.Fn X509_CRL_set_version +return 1 for success or 0 for failure. +.Sh SEE ALSO +.Xr d2i_X509 3 , +.Xr ERR_get_error 3 , +.Xr X509_CRL_get0_by_serial 3 , +.Xr X509_get_pubkey 3 , +.Xr X509_get_subject_name 3 , +.Xr X509_NAME_add_entry_by_txt 3 , +.Xr X509_NAME_ENTRY_get_object 3 , +.Xr X509_NAME_get_index_by_NID 3 , +.Xr X509_NAME_print_ex 3 , +.Xr X509_new 3 , +.Xr X509_sign 3 , +.Xr X509_verify_cert 3 , +.Xr X509V3_get_d2i 3 +.Sh HISTORY +.Fn X509_get_version , +.Fn X509_set_version , +.Fn X509_REQ_get_version , +and +.Fn X509_REQ_set_version +first appeared in SSLeay 0.6.5 and have been available since +.Ox 2.4 . +.Pp +.Fn X509_CRL_get_version +first appeared in OpenSSL 0.9.2b and has been available since +.Ox 2.6 . +.Pp +.Fn X509_CRL_set_version +first appeared in OpenSSL 0.9.7 and has been available since +.Ox 3.2 . diff --git a/src/lib/libcrypto/man/X509_new.3 b/src/lib/libcrypto/man/X509_new.3 new file mode 100644 index 00000000000..1d0f6023415 --- /dev/null +++ b/src/lib/libcrypto/man/X509_new.3 @@ -0,0 +1,179 @@ +.\" $OpenBSD: X509_new.3,v 1.15 2018/03/27 17:35:50 schwarze Exp $ +.\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2002, 2006, 2015, 2016 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt X509_NEW 3 +.Os +.Sh NAME +.Nm X509_new , +.Nm X509_free , +.Nm X509_up_ref , +.Nm X509_chain_up_ref +.Nd X.509 certificate object +.Sh SYNOPSIS +.In openssl/x509.h +.Ft X509 * +.Fn X509_new void +.Ft void +.Fo X509_free +.Fa "X509 *a" +.Fc +.Ft int +.Fo X509_up_ref +.Fa "X509 *a" +.Fc +.Ft STACK_OF(X509) * +.Fo X509_chain_up_ref +.Fa "STACK_OF(X509) *chain" +.Fc +.Sh DESCRIPTION +.Fn X509_new +allocates and initializes an empty +.Vt X509 +object with reference count 1. +It represents an ASN.1 +.Vt Certificate +structure defined in RFC 5280 section 4.1. +It can hold a public key together with information about the person, +organization, device, or function the associated private key belongs to. +.Pp +.Fn X509_free +decrements the reference count of the +.Vt X509 +structure +.Fa a +and frees it up if the reference count reaches 0. +If +.Fa a +is a +.Dv NULL +pointer, no action occurs. +.Pp +.Fn X509_up_ref +increments the reference count of +.Fa a +by 1. +This function is useful if a certificate structure is being used +by several different operations each of which will free it up after +use: this avoids the need to duplicate the entire certificate +structure. +.Pp +.Fn X509_chain_up_ref +performs a shallow copy of the given +.Fa chain +using +.Fn sk_X509_dup +and increments the reference count of each contained certificate +by 1. +Its purpose is similar to +.Fn X509_up_ref : +The returned chain persists after the original is freed. +.Pp +The object +.Vt X509_INFO , +which can hold a certificate, the corresponding private key, +and a certificate revocation list, is not yet documented. +.Sh RETURN VALUES +If the allocation fails, +.Fn X509_new +returns +.Dv NULL +and sets an error code that can be obtained by +.Xr ERR_get_error 3 . +Otherwise it returns a pointer to the newly allocated structure. +.Pp +.Fn X509_up_ref +returns 1 for success or 0 for failure. +.Pp +.Fn X509_chain_up_ref +returns the copy of the +.Fa chain +or +.Dv NULL +if an error occurs. +.Sh SEE ALSO +.Xr AUTHORITY_KEYID_new 3 , +.Xr BASIC_CONSTRAINTS_new 3 , +.Xr crypto 3 , +.Xr d2i_X509 3 , +.Xr ERR_get_error 3 , +.Xr X509_ALGOR_new 3 , +.Xr X509_CRL_new 3 , +.Xr X509_EXTENSION_new 3 , +.Xr X509_NAME_new 3 , +.Xr X509_REQ_new 3 , +.Xr X509_SIG_new 3 +.Sh STANDARDS +RFC 5280: Internet X.509 Public Key Infrastructure Certificate and +Certificate Revocation List (CRL) Profile +.Sh HISTORY +.Fn X509_new +and +.Fn X509_free +appeared in SSLeay 0.4 or earlier and have been available since +.Ox 2.4 . +.Pp +.Fn X509_up_ref +first appeared in OpenSSL 1.1.0 and has been available since +.Ox 6.1 . +.Pp +.Fn X509_chain_up_ref +first appeared in OpenSSL 1.0.2 and has been available since +.Ox 6.3 . +.Sh BUGS +The X.509 public key infrastructure and its data types contain too +many design bugs to list them. +For lots of examples, see the classic +.Lk https://www.cs.auckland.ac.nz/~pgut001/pubs/x509guide.txt\ + "X.509 Style Guide" +that +.An Peter Gutmann +published in 2000. diff --git a/src/lib/libcrypto/man/X509_sign.3 b/src/lib/libcrypto/man/X509_sign.3 new file mode 100644 index 00000000000..cc3c7ab8b8f --- /dev/null +++ b/src/lib/libcrypto/man/X509_sign.3 @@ -0,0 +1,212 @@ +.\" $OpenBSD: X509_sign.3,v 1.5 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2015, 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt X509_SIGN 3 +.Os +.Sh NAME +.Nm X509_sign , +.Nm X509_sign_ctx , +.Nm X509_verify , +.Nm X509_REQ_sign , +.Nm X509_REQ_sign_ctx , +.Nm X509_REQ_verify , +.Nm X509_CRL_sign , +.Nm X509_CRL_sign_ctx , +.Nm X509_CRL_verify +.Nd sign or verify certificate, certificate request, or CRL signature +.Sh SYNOPSIS +.In openssl/x509.h +.Ft int +.Fo X509_sign +.Fa "X509 *x" +.Fa "EVP_PKEY *pkey" +.Fa "const EVP_MD *md" +.Fc +.Ft int +.Fo X509_sign_ctx +.Fa "X509 *x" +.Fa "EVP_MD_CTX *ctx" +.Fc +.Ft int +.Fo X509_verify +.Fa "X509 *a" +.Fa "EVP_PKEY *r" +.Fc +.Ft int +.Fo X509_REQ_sign +.Fa "X509_REQ *x" +.Fa "EVP_PKEY *pkey" +.Fa "const EVP_MD *md" +.Fc +.Ft int +.Fo X509_REQ_sign_ctx +.Fa "X509_REQ *x" +.Fa "EVP_MD_CTX *ctx" +.Fc +.Ft int +.Fo X509_REQ_verify +.Fa "X509_REQ *a" +.Fa "EVP_PKEY *r" +.Fc +.Ft int +.Fo X509_CRL_sign +.Fa "X509_CRL *x" +.Fa "EVP_PKEY *pkey" +.Fa "const EVP_MD *md" +.Fc +.Ft int +.Fo X509_CRL_sign_ctx +.Fa "X509_CRL *x" +.Fa "EVP_MD_CTX *ctx" +.Fc +.Ft int +.Fo X509_CRL_verify +.Fa "X509_CRL *a" +.Fa "EVP_PKEY *r" +.Fc +.Sh DESCRIPTION +.Fn X509_sign +signs the certificate +.Fa x +using the private key +.Fa pkey +and the message digest +.Fa md +and sets the signature in +.Fa x . +.Fn X509_sign_ctx +also signs the certificate +.Fa x +but uses the parameters contained in digest context +.Fa ctx . +.Pp +.Fn X509_verify +verifies the signature of certificate +.Fa x +using the public key +.Fa pkey . +Only the signature is checked: no other checks (such as certificate +chain validity) are performed. +.Pp +.Fn X509_REQ_sign , +.Fn X509_REQ_sign_ctx , +.Fn X509_REQ_verify , +.Fn X509_CRL_sign , +.Fn X509_CRL_sign_ctx , +and +.Fn X509_CRL_verify +sign and verify certificate requests and CRLs, respectively. +.Pp +.Fn X509_sign_ctx +is used where the default parameters for the corresponding public key +and digest are not suitable. +It can be used to sign keys using RSA-PSS for example. +.Pp +For efficiency reasons and to work around ASN.1 encoding issues, the +encoding of the signed portion of a certificate, certificate request, +and CRL is cached internally. +If the signed portion of the structure is modified, the encoding is not +always updated, meaning a stale version is sometimes used. +This is not normally a problem because modifying the signed portion will +invalidate the signature and signing will always update the encoding. +.Sh RETURN VALUES +.Fn X509_sign , +.Fn X509_sign_ctx , +.Fn X509_REQ_sign , +.Fn X509_REQ_sign_ctx , +.Fn X509_CRL_sign , +and +.Fn X509_CRL_sign_ctx +return the size of the signature in bytes for success or 0 for failure. +.Pp +.Fn X509_verify , +.Fn X509_REQ_verify , +and +.Fn X509_CRL_verify +return 1 if the signature is valid or 0 if the signature check fails. +If the signature could not be checked at all because it was invalid or +some other error occurred, then -1 is returned. +.Sh SEE ALSO +.Xr d2i_X509 3 , +.Xr ERR_get_error 3 , +.Xr X509_CRL_get0_by_serial 3 , +.Xr X509_get_pubkey 3 , +.Xr X509_get_subject_name 3 , +.Xr X509_get_version 3 , +.Xr X509_NAME_add_entry_by_txt 3 , +.Xr X509_NAME_ENTRY_get_object 3 , +.Xr X509_NAME_get_index_by_NID 3 , +.Xr X509_NAME_print_ex 3 , +.Xr X509_new 3 , +.Xr X509_verify_cert 3 , +.Xr X509V3_get_d2i 3 +.Sh HISTORY +.Fn X509_verify +appeared in SSLeay 0.4 or earlier. +.Fn X509_sign +and +.Fn X509_REQ_sign +first appeared in SSLeay 0.4.4. +.Fn X509_REQ_verify +and +.Fn X509_CRL_verify +first appeared in SSLeay 0.4.5b. +.Fn X509_CRL_sign +first appeared in SSLeay 0.5.1. +These functions have been available since +.Ox 2.4 . +.Pp +.Fn X509_sign_ctx , +.Fn X509_REQ_sign_ctx , +and +.Fn X509_CRL_sign_ctx +first appeared in OpenSSL 1.0.1 and have been available since +.Ox 5.3 . diff --git a/src/lib/libcrypto/man/X509_verify_cert.3 b/src/lib/libcrypto/man/X509_verify_cert.3 new file mode 100644 index 00000000000..604d3bd5da5 --- /dev/null +++ b/src/lib/libcrypto/man/X509_verify_cert.3 @@ -0,0 +1,92 @@ +.\" $OpenBSD: X509_verify_cert.3,v 1.7 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2009, 2015 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt X509_VERIFY_CERT 3 +.Os +.Sh NAME +.Nm X509_verify_cert +.Nd discover and verify X509 certificate chain +.Sh SYNOPSIS +.In openssl/x509.h +.Ft int +.Fo X509_verify_cert +.Fa "X509_STORE_CTX *ctx" +.Fc +.Sh DESCRIPTION +The +.Fn X509_verify_cert +function attempts to discover and validate a certificate chain based on +parameters in +.Fa ctx . +.Pp +Applications rarely call this function directly, but it is used by +OpenSSL internally for certificate validation, in both the S/MIME and +SSL/TLS code. +.Sh RETURN VALUES +If a complete chain can be built and validated this function returns 1, +otherwise it returns a value <= 0 indicating failure. +.Pp +Additional error information can be obtained by examining +.Fa ctx , +using +.Xr X509_STORE_CTX_get_error 3 . +.Sh SEE ALSO +.Xr openssl 1 , +.Xr X509_STORE_CTX_get_error 3 +.Sh HISTORY +.Fn X509_verify_cert +first appeared in SSLeay 0.8.0 and has been available since +.Ox 2.4 . +.Sh BUGS +This function uses the header +.In openssl/x509.h +as opposed to most chain verification functions which use +.In openssl/x509_vfy.h . diff --git a/src/lib/libcrypto/man/X509v3_get_ext_by_NID.3 b/src/lib/libcrypto/man/X509v3_get_ext_by_NID.3 new file mode 100644 index 00000000000..d82a29730ee --- /dev/null +++ b/src/lib/libcrypto/man/X509v3_get_ext_by_NID.3 @@ -0,0 +1,397 @@ +.\" $OpenBSD: X509v3_get_ext_by_NID.3,v 1.10 2019/03/15 13:33:30 schwarze Exp $ +.\" full merge up to: OpenSSL fd38836b Jun 20 15:25:43 2018 +0100 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2015 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 15 2019 $ +.Dt X509V3_GET_EXT_BY_NID 3 +.Os +.Sh NAME +.Nm X509v3_get_ext_count , +.Nm X509v3_get_ext , +.Nm X509v3_get_ext_by_NID , +.Nm X509v3_get_ext_by_OBJ , +.Nm X509v3_get_ext_by_critical , +.Nm X509v3_delete_ext , +.Nm X509v3_add_ext , +.Nm X509_get_ext_count , +.Nm X509_get_ext , +.Nm X509_get_ext_by_NID , +.Nm X509_get_ext_by_OBJ , +.Nm X509_get_ext_by_critical , +.Nm X509_delete_ext , +.Nm X509_add_ext , +.Nm X509_CRL_get_ext_count , +.Nm X509_CRL_get_ext , +.Nm X509_CRL_get_ext_by_NID , +.Nm X509_CRL_get_ext_by_OBJ , +.Nm X509_CRL_get_ext_by_critical , +.Nm X509_CRL_delete_ext , +.Nm X509_CRL_add_ext , +.Nm X509_REVOKED_get_ext_count , +.Nm X509_REVOKED_get_ext , +.Nm X509_REVOKED_get_ext_by_NID , +.Nm X509_REVOKED_get_ext_by_OBJ , +.Nm X509_REVOKED_get_ext_by_critical , +.Nm X509_REVOKED_delete_ext , +.Nm X509_REVOKED_add_ext +.Nd extension stack utility functions +.Sh SYNOPSIS +.In openssl/x509.h +.Ft int +.Fo X509v3_get_ext_count +.Fa "const STACK_OF(X509_EXTENSION) *x" +.Fc +.Ft X509_EXTENSION * +.Fo X509v3_get_ext +.Fa "const STACK_OF(X509_EXTENSION) *x" +.Fa "int loc" +.Fc +.Ft int +.Fo X509v3_get_ext_by_NID +.Fa "const STACK_OF(X509_EXTENSION) *x" +.Fa "int nid" +.Fa "int lastpos" +.Fc +.Ft int +.Fo X509v3_get_ext_by_OBJ +.Fa "const STACK_OF(X509_EXTENSION) *x" +.Fa "const ASN1_OBJECT *obj" +.Fa "int lastpos" +.Fc +.Ft int +.Fo X509v3_get_ext_by_critical +.Fa "const STACK_OF(X509_EXTENSION) *x" +.Fa "int crit" +.Fa "int lastpos" +.Fc +.Ft X509_EXTENSION * +.Fo X509v3_delete_ext +.Fa "STACK_OF(X509_EXTENSION) *x" +.Fa "int loc" +.Fc +.Ft STACK_OF(X509_EXTENSION) * +.Fo X509v3_add_ext +.Fa "STACK_OF(X509_EXTENSION) **x" +.Fa "X509_EXTENSION *ex" +.Fa "int loc" +.Fc +.Ft int +.Fo X509_get_ext_count +.Fa "const X509 *x" +.Fc +.Ft X509_EXTENSION * +.Fo X509_get_ext +.Fa "const X509 *x" +.Fa "int loc" +.Fc +.Ft int +.Fo X509_get_ext_by_NID +.Fa "const X509 *x" +.Fa "int nid" +.Fa "int lastpos" +.Fc +.Ft int +.Fo X509_get_ext_by_OBJ +.Fa "const X509 *x" +.Fa "const ASN1_OBJECT *obj" +.Fa "int lastpos" +.Fc +.Ft int +.Fo X509_get_ext_by_critical +.Fa "const X509 *x" +.Fa "int crit" +.Fa "int lastpos" +.Fc +.Ft X509_EXTENSION * +.Fo X509_delete_ext +.Fa "X509 *x" +.Fa "int loc" +.Fc +.Ft int +.Fo X509_add_ext +.Fa "X509 *x" +.Fa "X509_EXTENSION *ex" +.Fa "int loc" +.Fc +.Ft int +.Fo X509_CRL_get_ext_count +.Fa "const X509_CRL *x" +.Fc +.Ft X509_EXTENSION * +.Fo X509_CRL_get_ext +.Fa "const X509_CRL *x" +.Fa "int loc" +.Fc +.Ft int +.Fo X509_CRL_get_ext_by_NID +.Fa "const X509_CRL *x" +.Fa "int nid" +.Fa "int lastpos" +.Fc +.Ft int +.Fo X509_CRL_get_ext_by_OBJ +.Fa "const X509_CRL *x" +.Fa "const ASN1_OBJECT *obj" +.Fa "int lastpos" +.Fc +.Ft int +.Fo X509_CRL_get_ext_by_critical +.Fa "const X509_CRL *x" +.Fa "int crit" +.Fa "int lastpos" +.Fc +.Ft X509_EXTENSION * +.Fo X509_CRL_delete_ext +.Fa "X509_CRL *x" +.Fa "int loc" +.Fc +.Ft int +.Fo X509_CRL_add_ext +.Fa "X509_CRL *x" +.Fa "X509_EXTENSION *ex" +.Fa "int loc" +.Fc +.Ft int +.Fo X509_REVOKED_get_ext_count +.Fa "const X509_REVOKED *x" +.Fc +.Ft X509_EXTENSION * +.Fo X509_REVOKED_get_ext +.Fa "const X509_REVOKED *x" +.Fa "int loc" +.Fc +.Ft int +.Fo X509_REVOKED_get_ext_by_NID +.Fa "const X509_REVOKED *x" +.Fa "int nid" +.Fa "int lastpos" +.Fc +.Ft int +.Fo X509_REVOKED_get_ext_by_OBJ +.Fa "const X509_REVOKED *x" +.Fa "const ASN1_OBJECT *obj" +.Fa "int lastpos" +.Fc +.Ft int +.Fo X509_REVOKED_get_ext_by_critical +.Fa "const X509_REVOKED *x" +.Fa "int crit" +.Fa "int lastpos" +.Fc +.Ft X509_EXTENSION * +.Fo X509_REVOKED_delete_ext +.Fa "X509_REVOKED *x" +.Fa "int loc" +.Fc +.Ft int +.Fo X509_REVOKED_add_ext +.Fa "X509_REVOKED *x" +.Fa "X509_EXTENSION *ex" +.Fa "int loc" +.Fc +.Sh DESCRIPTION +.Fn X509v3_get_ext_count +retrieves the number of extensions in +.Fa x . +.Pp +.Fn X509v3_get_ext +retrieves extension +.Fa loc +from +.Fa x . +The index +.Fa loc +can take any value from 0 to +.Fn X509_get_ext_count x No - 1 . +The returned extension is an internal pointer which must not be +freed up by the application. +.Pp +.Fn X509v3_get_ext_by_NID +and +.Fn X509v3_get_ext_by_OBJ +look for an extension with +.Fa nid +or +.Fa obj +from extension stack +.Fa x . +The search starts from the extension after +.Fa lastpos +or from the beginning if +.Fa lastpos +is -1. +If the extension is found, its index is returned; otherwise, -1 is +returned. +.Pp +.Fn X509v3_get_ext_by_critical +is similar to +.Fn X509v3_get_ext_by_NID +except that it looks for an extension of criticality +.Fa crit . +A zero value for +.Fa crit +looks for a non-critical extension; a non-zero value looks for a +critical extension. +.Pp +.Fn X509v3_delete_ext +deletes the extension with index +.Fa loc +from +.Fa x . +The deleted extension is returned and must be freed by the caller. +If +.Fa loc +is an invalid index value, +.Dv NULL +is returned. +.Pp +.Fn X509v3_add_ext +adds the extension +.Fa ex +to the stack +.Pf * Fa x +at position +.Fa loc . +If +.Fa loc +is -1, the new extension is added to the end. +If +.Pf * Fa x +is +.Dv NULL , +a new stack will be allocated. +The passed extension +.Fa ex +is duplicated internally so it must be freed after use. +.Pp +.Fn X509_get_ext_count , +.Fn X509_get_ext , +.Fn X509_get_ext_by_NID , +.Fn X509_get_ext_by_OBJ , +.Fn X509_get_ext_by_critical , +.Fn X509_delete_ext , +and +.Fn X509_add_ext +operate on the extensions of certificate +.Fa x . +They are otherwise identical to the X509v3 functions. +.Pp +.Fn X509_CRL_get_ext_count , +.Fn X509_CRL_get_ext , +.Fn X509_CRL_get_ext_by_NID , +.Fn X509_CRL_get_ext_by_OBJ , +.Fn X509_CRL_get_ext_by_critical , +.Fn X509_CRL_delete_ext , +and +.Fn X509_CRL_add_ext +operate on the extensions of the CRL +.Fa x . +They are otherwise identical to the X509v3 functions. +.Pp +.Fn X509_REVOKED_get_ext_count , +.Fn X509_REVOKED_get_ext , +.Fn X509_REVOKED_get_ext_by_NID , +.Fn X509_REVOKED_get_ext_by_OBJ , +.Fn X509_REVOKED_get_ext_by_critical , +.Fn X509_REVOKED_delete_ext , +and +.Fn X509_REVOKED_add_ext +operate on the extensions of the CRL entry +.Fa x . +They are otherwise identical to the X509v3 functions. +.Pp +These functions are used to examine stacks of extensions directly. +Many applications will want to parse or encode and add an extension: +they should use the extension encode and decode functions instead +such as +.Xr X509_get_ext_d2i 3 . +.Pp +Extension indices start from zero, so a zero index return value is +not an error. +These search functions start from the extension +.Em after +the +.Fa lastpos +parameter, so it should initially be set to -1. +If it is set to 0, the initial extension will not be checked. +.Sh RETURN VALUES +.Fn X509v3_get_ext_count +returns the extension count. +.Pp +.Fn X509v3_get_ext , +.Fn X509v3_delete_ext , +and +.Fn X509_delete_ext +return an +.Vt X509_EXTENSION +pointer or +.Dv NULL +if an error occurs. +.Pp +.Fn X509v3_get_ext_by_NID , +.Fn X509v3_get_ext_by_OBJ , +and +.Fn X509v3_get_ext_by_critical +return the extension index or -1 if an error occurs. +.Pp +.Fn X509v3_add_ext +returns a stack of extensions or +.Dv NULL +on error. +.Pp +.Fn X509_add_ext +returns 1 on success or 0 on error. +.Sh SEE ALSO +.Xr X509_EXTENSION_new 3 , +.Xr X509_REVOKED_new 3 , +.Xr X509V3_get_d2i 3 +.Sh HISTORY +These functions first appeared in SSLeay 0.8.0 +and have been available since +.Ox 2.4 . diff --git a/src/lib/libcrypto/man/bn_dump.3 b/src/lib/libcrypto/man/bn_dump.3 new file mode 100644 index 00000000000..6deac4db25c --- /dev/null +++ b/src/lib/libcrypto/man/bn_dump.3 @@ -0,0 +1,766 @@ +.\" $OpenBSD: bn_dump.3,v 1.6 2016/12/10 21:32:14 schwarze Exp $ +.\" OpenSSL crypto/bn/README.pod aebb9aac Jul 19 09:27:53 2016 -0400 +.\" +.\" This file was written by Ulf Moeller . +.\" Copyright (c) 2000, 2003, 2006, 2009 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: December 10 2016 $ +.Dt BN_DUMP 3 +.Os +.Sh NAME +.Nm bn_mul_words , +.Nm bn_mul_add_words , +.Nm bn_sqr_words , +.Nm bn_div_words , +.Nm bn_add_words , +.Nm bn_sub_words , +.Nm bn_mul_comba4 , +.Nm bn_mul_comba8 , +.Nm bn_sqr_comba4 , +.Nm bn_sqr_comba8 , +.Nm bn_cmp_words , +.Nm bn_mul_normal , +.Nm bn_mul_low_normal , +.Nm bn_mul_recursive , +.Nm bn_mul_part_recursive , +.Nm bn_mul_low_recursive , +.Nm bn_mul_high , +.Nm bn_sqr_normal , +.Nm bn_sqr_recursive , +.Nm bn_expand , +.Nm bn_wexpand , +.Nm bn_expand2 , +.Nm bn_fix_top , +.Nm bn_check_top , +.Nm bn_print , +.Nm bn_dump , +.Nm bn_set_max , +.Nm bn_set_high , +.Nm bn_set_low , +.Nm mul , +.Nm mul_add , +.Nm sqr +.Nd BIGNUM library internal functions +.Sh SYNOPSIS +.In openssl/bn.h +.Ft BN_ULONG +.Fo bn_mul_words +.Fa "BN_ULONG *rp" +.Fa "BN_ULONG *ap" +.Fa "int num" +.Fa "BN_ULONG w" +.Fc +.Ft BN_ULONG +.Fo bn_mul_add_words +.Fa "BN_ULONG *rp" +.Fa "BN_ULONG *ap" +.Fa "int num" +.Fa "BN_ULONG w" +.Fc +.Ft void +.Fo bn_sqr_words +.Fa "BN_ULONG *rp" +.Fa "BN_ULONG *ap" +.Fa "int num" +.Fc +.Ft BN_ULONG +.Fo bn_div_words +.Fa "BN_ULONG h" +.Fa "BN_ULONG l" +.Fa "BN_ULONG d" +.Fc +.Ft BN_ULONG +.Fo bn_add_words +.Fa "BN_ULONG *rp" +.Fa "BN_ULONG *ap" +.Fa "BN_ULONG *bp" +.Fa "int num" +.Fc +.Ft BN_ULONG +.Fo bn_sub_words +.Fa "BN_ULONG *rp" +.Fa "BN_ULONG *ap" +.Fa "BN_ULONG *bp" +.Fa "int num" +.Fc +.Ft void +.Fo bn_mul_comba4 +.Fa "BN_ULONG *r" +.Fa "BN_ULONG *a" +.Fa "BN_ULONG *b" +.Fc +.Ft void +.Fo bn_mul_comba8 +.Fa "BN_ULONG *r" +.Fa "BN_ULONG *a" +.Fa "BN_ULONG *b" +.Fc +.Ft void +.Fo bn_sqr_comba4 +.Fa "BN_ULONG *r" +.Fa "BN_ULONG *a" +.Fc +.Ft void +.Fo bn_sqr_comba8 +.Fa "BN_ULONG *r" +.Fa "BN_ULONG *a" +.Fc +.Ft int +.Fo bn_cmp_words +.Fa "BN_ULONG *a" +.Fa "BN_ULONG *b" +.Fa "int n" +.Fc +.Ft void +.Fo bn_mul_normal +.Fa "BN_ULONG *r" +.Fa "BN_ULONG *a" +.Fa "int na" +.Fa "BN_ULONG *b" +.Fa "int nb" +.Fc +.Ft void +.Fo bn_mul_low_normal +.Fa "BN_ULONG *r" +.Fa "BN_ULONG *a" +.Fa "BN_ULONG *b" +.Fa "int n" +.Fc +.Ft void +.Fo bn_mul_recursive +.Fa "BN_ULONG *r" +.Fa "BN_ULONG *a" +.Fa "BN_ULONG *b" +.Fa "int n2" +.Fa "int dna" +.Fa "int dnb" +.Fa "BN_ULONG *tmp" +.Fc +.Ft void +.Fo bn_mul_part_recursive +.Fa "BN_ULONG *r" +.Fa "BN_ULONG *a" +.Fa "BN_ULONG *b" +.Fa "int n" +.Fa "int tna" +.Fa "int tnb" +.Fa "BN_ULONG *tmp" +.Fc +.Ft void +.Fo bn_mul_low_recursive +.Fa "BN_ULONG *r" +.Fa "BN_ULONG *a" +.Fa "BN_ULONG *b" +.Fa "int n2" +.Fa "BN_ULONG *tmp" +.Fc +.Ft void +.Fo bn_mul_high +.Fa "BN_ULONG *r" +.Fa "BN_ULONG *a" +.Fa "BN_ULONG *b" +.Fa "BN_ULONG *l" +.Fa "int n2" +.Fa "BN_ULONG *tmp" +.Fc +.Ft void +.Fo bn_sqr_normal +.Fa "BN_ULONG *r" +.Fa "BN_ULONG *a" +.Fa "int n" +.Fa "BN_ULONG *tmp" +.Fc +.Ft void +.Fo bn_sqr_recursive +.Fa "BN_ULONG *r" +.Fa "BN_ULONG *a" +.Fa "int n2" +.Fa "BN_ULONG *tmp" +.Fc +.Ft void +.Fo mul +.Fa "BN_ULONG r" +.Fa "BN_ULONG a" +.Fa "BN_ULONG w" +.Fa "BN_ULONG c" +.Fc +.Ft void +.Fo mul_add +.Fa "BN_ULONG r" +.Fa "BN_ULONG a" +.Fa "BN_ULONG w" +.Fa "BN_ULONG c" +.Fc +.Ft void +.Fo sqr +.Fa "BN_ULONG r0" +.Fa "BN_ULONG r1" +.Fa "BN_ULONG a" +.Fc +.Ft BIGNUM * +.Fo bn_expand +.Fa "BIGNUM *a" +.Fa "int bits" +.Fc +.Ft BIGNUM * +.Fo bn_wexpand +.Fa "BIGNUM *a" +.Fa "int n" +.Fc +.Ft BIGNUM * +.Fo bn_expand2 +.Fa "BIGNUM *a" +.Fa "int n" +.Fc +.Ft void +.Fo bn_fix_top +.Fa "BIGNUM *a" +.Fc +.Ft void +.Fo bn_check_top +.Fa "BIGNUM *a" +.Fc +.Ft void +.Fo bn_print +.Fa "BIGNUM *a" +.Fc +.Ft void +.Fo bn_dump +.Fa "BN_ULONG *d" +.Fa "int n" +.Fc +.Ft void +.Fo bn_set_max +.Fa "BIGNUM *a" +.Fc +.Ft void +.Fo bn_set_high +.Fa "BIGNUM *r" +.Fa "BIGNUM *a" +.Fa "int n" +.Fc +.Ft void +.Fo bn_set_low +.Fa "BIGNUM *r" +.Fa "BIGNUM *a" +.Fa "int n" +.Fc +.Sh DESCRIPTION +This page documents the internal functions used by the OpenSSL +.Vt BIGNUM +implementation. +They are described here to facilitate debugging and extending the +library. +They are +.Em not +to be used by applications. +.Ss The BIGNUM structure +.Bd -literal +typedef struct bignum_st BIGNUM; + +struct bignum_st { + BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit chunks. */ + int top; /* Index of last used d +1. */ + /* The next are internal book keeping for bn_expand. */ + int dmax; /* Size of the d array. */ + int neg; /* one if the number is negative */ + int flags; +}; +.Ed +.Pp +The integer value is stored in +.Fa d , +a +.Xr malloc 3 Ap ed +array of words +.Pq Vt BN_ULONG , +least significant word first. +A +.Vt BN_ULONG +can be either 16, 32 or 64 bits in size, depending on the 'number of +bits' +.Pq Dv BITS2 +specified in +.In openssl/bn.h . +.Pp +.Fa dmax +is the size of the +.Fa d +array that has been allocated. +.Fa top +is the number of words being used, so for a value of 4, bn.d[0]=4 and +bn.top=1. +.Fa neg +is 1 if the number is negative. +When a +.Vt BIGNUM +is 0, the +.Fa d +field can be +.Dv NULL +and +.Fa top +== 0. +.Pp +.Fa flags +is a bit field of flags which are defined in +.In openssl/bn.h . +The flags begin with +.Dv BN_FLG_ . +The macros +.Fn BN_set_flags b n +and +.Fn BN_get_flags b n +exist to enable or fetch flag(s) +.Fa n +from a +.Vt BIGNUM +structure +.Fa b . +.Pp +Various routines in this library require the use of temporary +.Vt BIGNUM +variables during their execution. +Since dynamic memory allocation to create +.Vt BIGNUM Ns s +is rather expensive when used in conjunction with repeated subroutine +calls, the +.Vt BN_CTX +structure is used. +This structure contains BN_CTX_NUM +.Vt BIGNUM Ns s ; +see +.Xr BN_CTX_start 3 . +.Ss Low level arithmetic operations +These functions are implemented in C and for several platforms in +assembly language: +.Pp +.Fn bn_mul_words rp ap num w +operates on the +.Fa num +word arrays +.Fa rp +and +.Fa ap . +It computes +.Fa ap +* +.Fa w , +places the result in +.Fa rp , +and returns the high word (carry). +.Pp +.Fn bn_mul_add_words rp ap num w +operates on the +.Fa num +word arrays +.Fa rp +and +.Fa ap . +It computes +.Fa ap +* +.Fa w ++ +.Fa rp , +places the result in +.Fa rp , +and returns the high word (carry). +.Pp +.Fn bn_sqr_words rp ap num +operates on the +.Fa num +word array +.Fa ap +and the +.Pf 2* Fa num +word array +.Fa ap . +It computes +.Fa ap +* +.Fa ap +word-wise, and places the low and high bytes of the result in +.Fa rp . +.Pp +.Fn bn_div_words h l d +divides the two word number +.Pq Fa h , Fa l +by +.Fa d +and returns the result. +.Pp +.Fn bn_add_words rp ap bp num +operates on the +.Fa num +word arrays +.Fa ap , +.Fa bp +and +.Fa rp . +It computes +.Fa ap ++ +.Fa bp , +places the result in +.Fa rp , +and returns the high word (carry). +.Pp +.Fn bn_sub_words rp ap bp num +operates on the +.Fa num +word arrays +.Fa ap , +.Fa bp +and +.Fa rp . +It computes +.Fa ap +- +.Fa bp , +places the result in +.Fa rp , +and returns the carry (1 if +.Fa bp +\(ra +.Fa ap , +0 otherwise). +.Pp +.Fn bn_mul_comba4 r a b +operates on the 4 word arrays +.Fa a +and +.Fa b +and the 8-word array +.Fa r . +It computes +.Fa a Ns * Ns Fa b +and places the result in +.Fa r . +.Pp +.Fn bn_mul_comba8 r a b +operates on the 8-word arrays +.Fa a +and +.Fa b +and the 16-word array +.Fa r . +It computes +.Fa a Ns * Ns Fa b +and places the result in +.Fa r . +.Pp +.Fn bn_sqr_comba4 r a b +operates on the 4-word arrays +.Fa a +and +.Fa b +and the 8-word array +.Fa r . +.Pp +.Fn bn_sqr_comba8 r a b +operates on the 8-word arrays +.Fa a +and +.Fa b +and the 16 word array +.Fa r . +.Pp +The following functions are implemented in C: +.Pp +.Fn bn_cmp_words a b n +operates on the +.Fa n +word arrays +.Fa a +and +.Fa b . +It returns 1, 0 and -1 if +.Fa a +is greater than, equal and less than +.Fa b . +.Pp +.Fn bn_mul_normal r a na b nb +operates on the +.Fa na +word array +.Fa a , +the +.Fa nb +word array +.Fa b +and the +.Fa na Ns + Ns Fa nb +word array +.Fa r . +It computes +.Fa a Ns * Ns Fa b +and places the result in +.Fa r . +.Pp +.Fn bn_mul_low_normal r a b n +operates on the +.Fa n +word arrays +.Fa r , +.Fa a +and +.Fa b . +It computes the +.Fa n +low words of +.Fa a Ns * Ns Fa b +and places the result in +.Fa r . +.Pp +.Fn bn_mul_recursive r a b n2 dna dnb t +operates on the word arrays +.Fa a +and +.Fa b +of length +.Fa n2 Ns + Ns Fa dna +and +.Fa n2 Ns + Ns Fa dnb +.Pf ( Fa dna +and +.Fa dnb +are currently allowed to be 0 or negative) and the +.Pf 2* Fa n2 +word arrays +.Fa r +and +.Sy t . +.Fa n2 +must be a power of 2. +It computes +.Fa a Ns * Ns Fa b +and places the result in +.Fa r . +.Pp +.Fn bn_mul_part_recursive r a b n tna tnb tmp +operates on the word arrays +.Fa a +and +.Fa b +of length +.Fa n Ns + Ns Fa tna +and +.Fa n Ns + Ns Fa tnb +and the +.Pf 4* Fa n +word arrays +.Fa r +and +.Fa tmp . +.Pp +.Fn bn_mul_low_recursive r a b n2 tmp +operates on the +.Fa n2 +word arrays +.Fa r +and +.Fa tmp +and the +.Fa n2 Ns /2 +word arrays +.Fa a +and +.Fa b . +.Pp +.Fn bn_mul_high r a b l n2 tmp +operates on the +.Fa n2 +word arrays +.Fa r , +.Fa a , +.Fa b +and +.Fa l +(?) and the +.Pf 3* Fa n2 +word array +.Fa tmp . +.Pp +.Xr BN_mul 3 +calls +.Fn bn_mul_normal , +or an optimized implementation if the factors have the same size: +.Fn bn_mul_comba8 +is used if they are 8 words long, +.Fn bn_mul_recursive +if they are larger than +.Dv BN_MULL_SIZE_NORMAL +and the size is an exact multiple of the word size, and +.Fn bn_mul_part_recursive +for others that are larger than +.Dv BN_MULL_SIZE_NORMAL . +.Pp +.Fn bn_sqr_normal r a n tmp +operates on the +.Fa n +word array +.Fa a +and the +.Pf 2* Fa n +word arrays +.Fa tmp +and +.Fa r . +.Pp +The implementations use the following macros which, depending on the +architecture, may use +.Vt long long +C operations or inline assembler. +They are defined in +.Pa bn_lcl.h . +.Pp +.Fn mul r a w c +computes +.Fa w Ns * Ns Fa a Ns + Ns Fa c +and places the low word of the result in +.Fa r +and the high word in +.Fa c . +.Pp +.Fn mul_add r a w c +computes +.Fa w Ns * Ns Fa a Ns + Ns Fa r Ns + Ns Fa c +and places the low word of the result in +.Fa r +and the high word in +.Fa c . +.Pp +.Fn sqr r0 r1 a +computes +.Fa a Ns * Ns Fa a +and places the low word of the result in +.Fa r0 +and the high word in +.Fa r1 . +.Ss Size changes +.Fn bn_expand +ensures that +.Fa b +has enough space for a +.Fa bits +bit number. +.Fn bn_wexpand +ensures that +.Fa b +has enough space for an +.Fa n +word number. +If the number has to be expanded, both macros call +.Fn bn_expand2 , +which allocates a new +.Fa d +array and copies the data. +They return +.Dv NULL +on error, +.Fa b +otherwise. +.Pp +The +.Fn bn_fix_top +macro reduces +.Fa a Ns -> Ns Fa top +to point to the most significant non-zero word plus one when +.Fa a +has shrunk. +.Ss Debugging +.Fn bn_check_top +verifies that +.Ql ((a)-\(ratop \(ra= 0 && (a)-\(ratop \(la= (a)-\(radmax) . +A violation will cause the program to abort. +.Pp +.Fn bn_print +prints +.Fa a +to +.Dv stderr . +.Fn bn_dump +prints +.Fa n +words at +.Fa d +(in reverse order, i.e.\& +most significant word first) to +.Dv stderr . +.Pp +.Fn bn_set_max +makes +.Fa a +a static number with a +.Fa dmax +of its current size. +This is used by +.Fn bn_set_low +and +.Fn bn_set_high +to make +.Fa r +a read-only +.Vt BIGNUM +that contains the +.Fa n +low or high words of +.Fa a . +.Pp +If +.Dv BN_DEBUG +is not defined, +.Fn bn_check_top , +.Fn bn_print , +.Fn bn_dump +and +.Fn bn_set_max +are defined as empty macros. +.Sh SEE ALSO +.Xr BN_new 3 diff --git a/src/lib/libcrypto/man/crypto.3 b/src/lib/libcrypto/man/crypto.3 new file mode 100644 index 00000000000..3a009ed32c5 --- /dev/null +++ b/src/lib/libcrypto/man/crypto.3 @@ -0,0 +1,167 @@ +.\" $OpenBSD: crypto.3,v 1.19 2019/03/10 14:50:05 schwarze Exp $ +.\" OpenSSL a9c85cea Nov 11 09:33:55 2016 +0100 +.\" +.\" This file was written by Ulf Moeller and +.\" Dr. Stephen Henson . +.\" Copyright (c) 2000, 2002 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 10 2019 $ +.Dt CRYPTO 3 +.Os +.Sh NAME +.Nm crypto +.Nd OpenSSL cryptographic library +.Sh DESCRIPTION +The OpenSSL crypto library implements a wide range of cryptographic +algorithms used in various Internet standards. +The services provided by this library are used by the OpenSSL +implementations of TLS and S/MIME, and they have also been used to +implement SSH, OpenPGP, and other cryptographic standards. +.Pp +.Sy Symmetric ciphers +including AES, Blowfish, CAST, Chacha20, IDEA, DES, RC2, and RC4 +are provided by the generic interface +.Xr EVP_EncryptInit 3 . +Low-level stand-alone interfaces include +.Xr BF_set_key 3 , +.Xr DES_set_key 3 , +and +.Xr RC4 3 . +.Pp +.Sy Public key cryptography and key agreement +are provided by +.Xr DH_new 3 , +.Xr DSA_new 3 , +.Xr ECDSA_SIG_new 3 , +and +.Xr RSA_new 3 . +.Pp +.Sy Certificates +are handled by +.Xr X509_new 3 +and +.Xr X509v3_add_ext 3 . +.Pp +.Sy Authentication codes and hash functions +offered include +.Xr HMAC 3 , +.Xr MD4 3 , +.Xr MD5 3 , +.Xr RIPEMD160 3 , +.Xr SHA1 3 , +and +.Xr SHA256 3 . +.Pp +.Sy Input, output, and data encoding +facilities include ASN.1, +.Xr BIO_new 3 , +.Xr evp 3 , +.Xr PEM_read 3 , +.Xr PKCS7_encrypt 3 , +.Xr PKCS7_sign 3 , +.Xr PKCS12_create 3 , +and +.Xr SMIME_write_PKCS7 3 . +.Pp +.Sy Auxiliary features include: +.Bl -dash -compact +.It +configuration file handling: see +.Xr OPENSSL_config 3 +.It +error reporting: see +.Xr ERR 3 +.It +.Xr OCSP_REQUEST_new 3 +.El +.Pp +.Sy Internal utilities +include +.Xr BIO_f_buffer 3 , +.Xr BN_new 3 , +.Xr EC_GROUP_new 3 , +.Xr lh_new 3 . +.Pp +Some of the newer functions follow a naming convention using the numbers +.Sq 0 +and +.Sq 1 . +For example consider the names of these functions: +.Pp +.Ft int +.Fo X509_CRL_add0_revoked +.Fa "X509_CRL *crl" +.Fa "X509_REVOKED *rev" +.Fc +.br +.Ft int +.Fo X509_add1_trust_object +.Fa "X509 *x" +.Fa "ASN1_OBJECT *obj" +.Fc +.Pp +The +.Sq 0 +version uses the supplied structure pointer directly in the parent and +it will be freed up when the parent is freed. +In the above example +.Fa crl +would be freed but +.Fa rev +would not. +.Pp +The +.Sq 1 +function uses a copy of the supplied structure pointer (or in some cases +increases its link count) in the parent and so both +.Pf ( Fa x +and +.Fa obj +above) should be freed up. +.Sh SEE ALSO +.Xr openssl 1 , +.Xr ssl 3 diff --git a/src/lib/libcrypto/man/d2i_ASN1_NULL.3 b/src/lib/libcrypto/man/d2i_ASN1_NULL.3 new file mode 100644 index 00000000000..498f191a95a --- /dev/null +++ b/src/lib/libcrypto/man/d2i_ASN1_NULL.3 @@ -0,0 +1,90 @@ +.\" $OpenBSD: d2i_ASN1_NULL.3,v 1.2 2018/03/22 16:06:33 schwarze Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 22 2018 $ +.Dt D2I_ASN1_NULL 3 +.Os +.Sh NAME +.Nm d2i_ASN1_NULL , +.Nm i2d_ASN1_NULL +.Nd decode and encode an ASN.1 NULL type +.Sh SYNOPSIS +.In openssl/asn1.h +.Ft ASN1_NULL * +.Fo d2i_ASN1_NULL +.Fa "ASN1_NULL **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_ASN1_NULL +.Fa "ASN1_NULL *val_in" +.Fa "unsigned char **der_out" +.Fc +.Sh DESCRIPTION +These functions decode and encode the ASN.1 value NULL of type NULL. +For details about the semantics, examples, caveats, and bugs, see +.Xr ASN1_item_d2i 3 . +.Pp +.Fn d2i_ASN1_NULL +verifies that the BER-encoded value at +.Pf * Fa der_in +is NULL and of type NULL. +It fails if +.Fa length +is less than 2 or if the first two bytes of +.Pf * Fa der_in +differ from 0x05 and 0x00. +In case of success, +.Pf * Fa der_in +is advanced by two bytes and +.Pf * Fa val_out +is set to a specific invalid pointer representing the unique +.Vt ASN1_NULL +object. +.Pp +.Fn i2d_ASN1_NULL +ignores +.Fa val_in +and encodes the ASN.1 value NULL of type NULL using DER. +Specifically, it writes the identifier octet for the type NULL, +0x05, followed by the length octet 0x00, and no content or +end-of-content octets. +.Sh RETURN VALUES +.Fn d2i_ASN1_NULL +returns a specific invalid pointer representing the unique +.Vt ASN1_NULL +object or +.Dv NULL +if an error occurs. +.Pp +.Fn i2d_ASN1_NULL +returns 2 if successful or 0 if an error occurs. +.Sh SEE ALSO +.Xr ASN1_item_d2i 3 , +.Xr ASN1_item_new 3 +.Sh STANDARDS +ITU-T Recommendation X.690, also known as ISO/IEC 8825-1: +Information technology - ASN.1 encoding rules: +Specification of Basic Encoding Rules (BER), Canonical Encoding +Rules (CER) and Distinguished Encoding Rules (DER), +section 8.8: Encoding of null value +.Sh HISTORY +.Fn d2i_ASN1_NULL +and +.Fn i2d_ASN1_NULL +first appeared in OpenSSL 0.9.5 and have been available since +.Ox 2.7 . diff --git a/src/lib/libcrypto/man/d2i_ASN1_OBJECT.3 b/src/lib/libcrypto/man/d2i_ASN1_OBJECT.3 new file mode 100644 index 00000000000..09a17ced7cf --- /dev/null +++ b/src/lib/libcrypto/man/d2i_ASN1_OBJECT.3 @@ -0,0 +1,98 @@ +.\" $OpenBSD: d2i_ASN1_OBJECT.3,v 1.9 2018/04/25 15:17:52 schwarze Exp $ +.\" OpenSSL 05ea606a May 20 20:52:46 2016 -0400 +.\" +.\" Copyright (c) 2017 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: April 25 2018 $ +.Dt D2I_ASN1_OBJECT 3 +.Os +.Sh NAME +.Nm d2i_ASN1_OBJECT , +.Nm i2d_ASN1_OBJECT +.Nd decode and encode ASN.1 object identifiers +.Sh SYNOPSIS +.In openssl/asn1.h +.Ft ASN1_OBJECT * +.Fo d2i_ASN1_OBJECT +.Fa "ASN1_OBJECT **val_out" +.Fa "unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_ASN1_OBJECT +.Fa "const ASN1_OBJECT *val_in" +.Fa "unsigned char **der_out" +.Fc +.Sh DESCRIPTION +These functions decode and encode ASN.1 object identifiers. +For details about the semantics, examples, caveats, and bugs, see +.Xr ASN1_item_d2i 3 . +.Pp +The objects returned from +.Fn d2i_ASN1_OBJECT +and the data contained in them are always marked as dynamically +allocated, so when they are no longer needed, +.Xr ASN1_OBJECT_free 3 +can be called on them. +.Pp +If reusing an existing object is attempted but the +.Pf * Fa val_out +passed in points to an object that is not marked as dynamically +allocated, then the existing object is left untouched and +.Fn d2i_ASN1_OBJECT +behaves as if +.Pf * Fa val_out +would have been +.Dv NULL : +A new object is allocated and a pointer to it is both stored in +.Pf * Fa val_out +and returned. +.Sh RETURN VALUES +.Fn d2i_ASN1_OBJECT +returns an +.Vt ASN1_OBJECT +object or +.Dv NULL +if an error occurs. +.Pp +.Fn i2d_ASN1_OBJECT +returns the number of bytes successfully encoded +or a value <= 0 if an error occurs. +.Sh SEE ALSO +.Xr ASN1_item_d2i 3 , +.Xr ASN1_OBJECT_new 3 , +.Xr OBJ_nid2obj 3 +.Sh HISTORY +.Fn d2i_ASN1_OBJECT +and +.Fn i2d_ASN1_OBJECT +first appeared in SSLeay 0.5.1 and have been available since +.Ox 2.4 . +.Sh CAVEATS +.Fn d2i_ASN1_OBJECT +never sets the long and short names of the object, not even if the +object identifier matches one that is built into the library. +To find the names of an object identifier parsed from DER or BER +input, call +.Xr OBJ_obj2nid 3 +on the returned object, and then +.Xr OBJ_nid2sn 3 +and +.Xr OBJ_nid2ln 3 +on the result. +.Sh BUGS +When reusing a dynamically allocated object that contains dynamically +allocated names, the old names are not freed and the memory containing +them is leaked. diff --git a/src/lib/libcrypto/man/d2i_ASN1_OCTET_STRING.3 b/src/lib/libcrypto/man/d2i_ASN1_OCTET_STRING.3 new file mode 100644 index 00000000000..c985bc8b68f --- /dev/null +++ b/src/lib/libcrypto/man/d2i_ASN1_OCTET_STRING.3 @@ -0,0 +1,440 @@ +.\" $OpenBSD: d2i_ASN1_OCTET_STRING.3,v 1.12 2018/03/27 17:35:50 schwarze Exp $ +.\" +.\" Copyright (c) 2017 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt D2I_ASN1_OCTET_STRING 3 +.Os +.Sh NAME +.Nm d2i_ASN1_OCTET_STRING , +.Nm i2d_ASN1_OCTET_STRING , +.Nm d2i_ASN1_BIT_STRING , +.Nm i2d_ASN1_BIT_STRING , +.Nm d2i_ASN1_INTEGER , +.Nm i2d_ASN1_INTEGER , +.Nm d2i_ASN1_UINTEGER , +.Nm d2i_ASN1_ENUMERATED , +.Nm i2d_ASN1_ENUMERATED , +.Nm d2i_ASN1_UTF8STRING , +.Nm i2d_ASN1_UTF8STRING , +.Nm d2i_ASN1_IA5STRING , +.Nm i2d_ASN1_IA5STRING , +.Nm d2i_ASN1_UNIVERSALSTRING , +.Nm i2d_ASN1_UNIVERSALSTRING , +.Nm d2i_ASN1_BMPSTRING , +.Nm i2d_ASN1_BMPSTRING , +.Nm d2i_ASN1_GENERALSTRING , +.Nm i2d_ASN1_GENERALSTRING , +.Nm d2i_ASN1_T61STRING , +.Nm i2d_ASN1_T61STRING , +.Nm d2i_ASN1_VISIBLESTRING , +.Nm i2d_ASN1_VISIBLESTRING , +.Nm d2i_ASN1_PRINTABLESTRING , +.Nm i2d_ASN1_PRINTABLESTRING , +.Nm d2i_ASN1_PRINTABLE , +.Nm i2d_ASN1_PRINTABLE , +.Nm d2i_DIRECTORYSTRING , +.Nm i2d_DIRECTORYSTRING , +.Nm d2i_DISPLAYTEXT , +.Nm i2d_DISPLAYTEXT , +.Nm d2i_ASN1_GENERALIZEDTIME , +.Nm i2d_ASN1_GENERALIZEDTIME , +.Nm d2i_ASN1_UTCTIME , +.Nm i2d_ASN1_UTCTIME , +.Nm d2i_ASN1_TIME , +.Nm i2d_ASN1_TIME +.Nd decode and encode ASN1_STRING objects +.Sh SYNOPSIS +.In openssl/asn1.h +.Ft ASN1_OCTET_STRING * +.Fo d2i_ASN1_OCTET_STRING +.Fa "ASN1_OCTET_STRING **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_ASN1_OCTET_STRING +.Fa "ASN1_OCTET_STRING *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft ASN1_BIT_STRING * +.Fo d2i_ASN1_BIT_STRING +.Fa "ASN1_BIT_STRING **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_ASN1_BIT_STRING +.Fa "ASN1_BIT_STRING *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft ASN1_INTEGER * +.Fo d2i_ASN1_INTEGER +.Fa "ASN1_INTEGER **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_ASN1_INTEGER +.Fa "ASN1_INTEGER *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft ASN1_INTEGER * +.Fo d2i_ASN1_UINTEGER +.Fa "ASN1_INTEGER **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft ASN1_ENUMERATED * +.Fo d2i_ASN1_ENUMERATED +.Fa "ASN1_ENUMERATED **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_ASN1_ENUMERATED +.Fa "ASN1_ENUMERATED *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft ASN1_UTF8STRING * +.Fo d2i_ASN1_UTF8STRING +.Fa "ASN1_UTF8STRING **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_ASN1_UTF8STRING +.Fa "ASN1_UTF8STRING *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft ASN1_IA5STRING * +.Fo d2i_ASN1_IA5STRING +.Fa "ASN1_IA5STRING **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_ASN1_IA5STRING +.Fa "ASN1_IA5STRING *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft ASN1_UNIVERSALSTRING * +.Fo d2i_ASN1_UNIVERSALSTRING +.Fa "ASN1_UNIVERSALSTRING **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_ASN1_UNIVERSALSTRING +.Fa "ASN1_UNIVERSALSTRING *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft ASN1_BMPSTRING * +.Fo d2i_ASN1_BMPSTRING +.Fa "ASN1_BMPSTRING **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_ASN1_BMPSTRING +.Fa "ASN1_BMPSTRING *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft ASN1_GENERALSTRING * +.Fo d2i_ASN1_GENERALSTRING +.Fa "ASN1_GENERALSTRING **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_ASN1_GENERALSTRING +.Fa "ASN1_GENERALSTRING *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft ASN1_T61STRING * +.Fo d2i_ASN1_T61STRING +.Fa "ASN1_T61STRING **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_ASN1_T61STRING +.Fa "ASN1_T61STRING *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft ASN1_VISIBLESTRING * +.Fo d2i_ASN1_VISIBLESTRING +.Fa "ASN1_VISIBLESTRING **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_ASN1_VISIBLESTRING +.Fa "ASN1_VISIBLESTRING *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft ASN1_PRINTABLESTRING * +.Fo d2i_ASN1_PRINTABLESTRING +.Fa "ASN1_PRINTABLESTRING **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_ASN1_PRINTABLESTRING +.Fa "ASN1_PRINTABLESTRING *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft ASN1_STRING * +.Fo d2i_ASN1_PRINTABLE +.Fa "ASN1_STRING **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_ASN1_PRINTABLE +.Fa "ASN1_STRING *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft ASN1_STRING * +.Fo d2i_DIRECTORYSTRING +.Fa "ASN1_STRING **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_DIRECTORYSTRING +.Fa "ASN1_STRING *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft ASN1_STRING * +.Fo d2i_DISPLAYTEXT +.Fa "ASN1_STRING **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_DISPLAYTEXT +.Fa "ASN1_STRING *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft ASN1_GENERALIZEDTIME * +.Fo d2i_ASN1_GENERALIZEDTIME +.Fa "ASN1_GENERALIZEDTIME **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_ASN1_GENERALIZEDTIME +.Fa "ASN1_GENERALIZEDTIME *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft ASN1_UTCTIME * +.Fo d2i_ASN1_UTCTIME +.Fa "ASN1_UTCTIME **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_ASN1_UTCTIME +.Fa "ASN1_UTCTIME *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft ASN1_TIME * +.Fo d2i_ASN1_TIME +.Fa "ASN1_TIME **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_ASN1_TIME +.Fa "ASN1_TIME *val_in" +.Fa "unsigned char **der_out" +.Fc +.Sh DESCRIPTION +These functions decode and encode various ASN.1 built-in types +that can be represented by +.Vt ASN1_STRING +objects. +For details about the semantics, examples, caveats, and bugs, see +.Xr ASN1_item_d2i 3 . +.Pp +The format consists of one identifier octet, +one or more length octets, +and one or more content octets. +The identifier octets and corresponding ASN.1 types are as follows: +.Bl -column ASN1_GENERALIZEDTIME identifier +.It Em OpenSSL type Ta Em identifier Ta Em ASN.1 type +.It Ta +.It Vt ASN1_OCTET_STRING Ta 0x04 Ta OCTET STRING +.It Vt ASN1_BIT_STRING Ta 0x03 Ta BIT STRING +.It Vt ASN1_INTEGER Ta 0x02 Ta INTEGER +.It Vt ASN1_ENUMERATED Ta 0x0a Ta ENUMERATED +.It Vt ASN1_UTF8STRING Ta 0x0c Ta UTF8String +.It Vt ASN1_IA5STRING Ta 0x16 Ta IA5String +.It Vt ASN1_UNIVERSALSTRING Ta 0x1c Ta UniversalString +.It Vt ASN1_BMPSTRING Ta 0x1e Ta BMPString +.It Vt ASN1_GENERALSTRING Ta 0x1b Ta GeneralString +.It Vt ASN1_T61STRING Ta 0x14 Ta T61String +.It Vt ASN1_VISIBLESTRING Ta 0x1a Ta VisibleString +.It Vt ASN1_PRINTABLESTRING Ta 0x13 Ta PrintableString +.It Vt ASN1_GENERALIZEDTIME Ta 0x18 Ta GeneralizedTime +.It Vt ASN1_UTCTIME Ta 0x17 Ta UTCTime +.El +.Pp +.Fn d2i_DIRECTORYSTRING +and +.Fn i2d_DIRECTORYSTRING +decode and encode an ASN.1 +.Vt DirectoryString +structure defined in RFC 5280 section 4.1.2.4 +and used for ASN.1 +.Vt EDIPartyName +structures; see +.Xr EDIPARTYNAME_new 3 . +When decoding, it accepts any of the types UTF8String, UniversalString, +BMPString, T61String, or PrintableString. +When encoding, +it writes out the character string type that is actually passed in. +.Pp +.Fn d2i_ASN1_PRINTABLE +and +.Fn i2d_ASN1_PRINTABLE +are non-standard variants of +.Fn d2i_DIRECTORYSTRING +and +.Fn i2d_DIRECTORYSTRING +that also accept IA5String, NumericString, BIT STRING, and SEQUENCE +ASN.1 values as well as ASN.1 values with unknown identifier +octets (0x07, 0x08, 0x09, 0x0b, 0x0d, 0x0e, 0x0f, 0x1d, and 0x1f). +Even though the standard requires the use of +.Vt DirectoryString +in the relative distinguished names described in +.Xr X509_NAME_ENTRY_new 3 , +the library accepts this wider range of choices. +.Pp +.Fn d2i_DISPLAYTEXT +and +.Fn i2d_DISPLAYTEXT +decode and encode an ASN.1 +.Vt DisplayText +structure defined in RFC 5280 section 4.2.1.4 +and used for ASN.1 +.Vt UserNotice +structures in certificate policies; see +.Xr USERNOTICE_new 3 . +When decoding, it accepts any of the types UTF8String, IA5String, +BMPString, or VisibleString. +When encoding, +it writes out the character string type that is actually passed in. +.Pp +.Fn d2i_ASN1_TIME +and +.Fn i2d_ASN1_TIME +decode and encode an ASN.1 +.Vt Time +structure defined in RFC 5280 section 4.1 +and used for ASN.1 +.Vt Validity +structures in certificates; see +.Xr X509_VAL_new 3 . +They are also used for certificate revocation lists; see +.Xr X509_CRL_INFO_new 3 . +When decoding, it accepts either GeneralizedTime or UTCTime. +When encoding, it writes out the time type that is actually passed in. +.Pp +.Fn d2i_ASN1_UINTEGER +is similar to +.Fn d2i_ASN1_INTEGER +except that it ignores the sign bit in the BER encoding and treats +all integers as positive. +It helps to process BER input produced by broken software +that neglects adding a leading NUL content byte where required. +.Sh RETURN VALUES +The +.Fn d2i_* +decoding functions return an +.Vt ASN1_STRING +object or +.Dv NULL +if an error occurs. +.Pp +The +.Fn i2d_* +encoding functions return the number of bytes successfully encoded +or a negative value if an error occurs. +.Sh SEE ALSO +.Xr ASN1_item_d2i 3 , +.Xr ASN1_STRING_new 3 +.Sh STANDARDS +ITU-T Recommendation X.680, also known as ISO/IEC 8824-1: +Information technology - Abstract Syntax Notation One (ASN.1): +Specification of basic notation +.Pp +RFC 5280: Internet X.509 Public Key Infrastructure Certificate and +Certificate Revocation List (CRL) Profile +.Sh HISTORY +.Fn d2i_ASN1_OCTET_STRING , +.Fn i2d_ASN1_OCTET_STRING , +.Fn d2i_ASN1_BIT_STRING , +.Fn i2d_ASN1_BIT_STRING , +.Fn d2i_ASN1_INTEGER , +.Fn i2d_ASN1_INTEGER , +.Fn d2i_ASN1_IA5STRING , +.Fn i2d_ASN1_IA5STRING , +.Fn d2i_ASN1_T61STRING , +.Fn i2d_ASN1_T61STRING , +.Fn d2i_ASN1_PRINTABLESTRING , +.Fn i2d_ASN1_PRINTABLESTRING +.Fn d2i_ASN1_PRINTABLE , +.Fn i2d_ASN1_PRINTABLE , +.Fn d2i_ASN1_UTCTIME , +and +.Fn i2d_ASN1_UTCTIME +first appeared in SSLeay 0.5.1 and have been available since +.Ox 2.4 . +.Pp +.Fn d2i_ASN1_BMPSTRING +and +.Fn i2d_ASN1_BMPSTRING +first appeared in SSLeay 0.9.1. +.Fn d2i_ASN1_ENUMERATED , +.Fn i2d_ASN1_ENUMERATED , +.Fn d2i_ASN1_GENERALIZEDTIME , +.Fn i2d_ASN1_GENERALIZEDTIME , +.Fn d2i_ASN1_TIME , +and +.Fn i2d_ASN1_TIME +first appeared in OpenSSL 0.9.2b. +.Fn d2i_ASN1_UINTEGER , +.Fn d2i_ASN1_UTF8STRING , +.Fn i2d_ASN1_UTF8STRING , +.Fn d2i_ASN1_VISIBLESTRING , +.Fn i2d_ASN1_VISIBLESTRING , +.Fn d2i_DIRECTORYSTRING , +.Fn i2d_DIRECTORYSTRING , +.Fn d2i_DISPLAYTEXT +and +.Fn i2d_DISPLAYTEXT +first appeared in OpenSSL 0.9.3. +These functions have been available since +.Ox 2.6 . +.Pp +.Fn d2i_ASN1_UNIVERSALSTRING , +.Fn i2d_ASN1_UNIVERSALSTRING , +.Fn d2i_ASN1_GENERALSTRING , +and +.Fn i2d_ASN1_GENERALSTRING +first appeared in OpenSSL 0.9.7 and have been available since +.Ox 3.2 . diff --git a/src/lib/libcrypto/man/d2i_ASN1_SEQUENCE_ANY.3 b/src/lib/libcrypto/man/d2i_ASN1_SEQUENCE_ANY.3 new file mode 100644 index 00000000000..0c4b6d728c3 --- /dev/null +++ b/src/lib/libcrypto/man/d2i_ASN1_SEQUENCE_ANY.3 @@ -0,0 +1,93 @@ +.\" $OpenBSD: d2i_ASN1_SEQUENCE_ANY.3,v 1.2 2018/03/23 04:34:23 schwarze Exp $ +.\" +.\" Copyright (c) 2017 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt D2I_ASN1_SEQUENCE_ANY 3 +.Os +.Sh NAME +.Nm d2i_ASN1_SEQUENCE_ANY , +.Nm i2d_ASN1_SEQUENCE_ANY , +.Nm d2i_ASN1_SET_ANY , +.Nm i2d_ASN1_SET_ANY +.Nd decode and encode ASN.1 sequences and sets +.Sh SYNOPSIS +.In openssl/asn1.h +.Ft ASN1_SEQUENCE_ANY * +.Fo d2i_ASN1_SEQUENCE_ANY +.Fa "ASN1_SEQUENCE_ANY **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_ASN1_SEQUENCE_ANY +.Fa "const ASN1_SEQUENCE_ANY *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft ASN1_SEQUENCE_ANY * +.Fo d2i_ASN1_SET_ANY +.Fa "ASN1_SEQUENCE_ANY **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_ASN1_SET_ANY +.Fa "const ASN1_SEQUENCE_ANY *val_in" +.Fa "unsigned char **der_out" +.Fc +.Sh DESCRIPTION +These functions decode and encode ASN.1 sequences and sets. +For details about the semantics, examples, caveats, and bugs, see +.Xr ASN1_item_d2i 3 . +.Pp +The type +.Vt ASN1_SEQUENCE_ANY +is defined as +.Vt STACK_OF(ASN1_TYPE) . +Whether such an object represents a sequence or a set is not stored +in the object itself but needs to be remembered separately. +.Pp +Like for +.Xr d2i_ASN1_TYPE 3 +and +.Xr i2d_ASN1_TYPE 3 , +the type of the individual values contained in the sequence or set +is not specified when calling the functions. +It might vary among the members, and it is stored together with +each value in each +.Vt ASN1_TYPE +object contained in the sequence or set. +.Sh RETURN VALUES +.Fn d2i_ASN1_SEQUENCE_ANY +returns an +.Vt ASN1_SEQUENCE_ANY +object or +.Dv NULL +if an error occurs. +.Pp +.Fn i2d_ASN1_SEQUENCE_ANY +returns the number of bytes written or a negative value if an error +occurs. +.Sh SEE ALSO +.Xr ASN1_item_d2i 3 , +.Xr ASN1_TYPE_new 3 +.Sh HISTORY +.Fn d2i_ASN1_SEQUENCE_ANY , +.Fn i2d_ASN1_SEQUENCE_ANY , +.Fn d2i_ASN1_SET_ANY , +and +.Fn i2d_ASN1_SET_ANY +first appeared in OpenSSL 1.0.0 and have been available since +.Ox 4.9 . diff --git a/src/lib/libcrypto/man/d2i_AUTHORITY_KEYID.3 b/src/lib/libcrypto/man/d2i_AUTHORITY_KEYID.3 new file mode 100644 index 00000000000..413f41e1794 --- /dev/null +++ b/src/lib/libcrypto/man/d2i_AUTHORITY_KEYID.3 @@ -0,0 +1,75 @@ +.\" $OpenBSD: d2i_AUTHORITY_KEYID.3,v 1.2 2018/03/21 16:09:51 schwarze Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 21 2018 $ +.Dt D2I_AUTHORITY_KEYID 3 +.Os +.Sh NAME +.Nm d2i_AUTHORITY_KEYID , +.Nm i2d_AUTHORITY_KEYID +.Nd decode and encode X.509 authority key identifiers +.Sh SYNOPSIS +.In openssl/x509v3.h +.Ft AUTHORITY_KEYID * +.Fo d2i_AUTHORITY_KEYID +.Fa "AUTHORITY_KEYID **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_AUTHORITY_KEYID +.Fa "AUTHORITY_KEYID *val_in" +.Fa "unsigned char **der_out" +.Fc +.Sh DESCRIPTION +.Fn d2i_AUTHORITY_KEYID +and +.Fn i2d_AUTHORITY_KEYID +decode and encode an ASN.1 +.Vt AuthorityKeyIdentifier +structure defined in RFC 5280 section 4.2.1.1. +For details about the semantics, examples, caveats, and bugs, see +.Xr ASN1_item_d2i 3 . +.Sh RETURN VALUES +.Fn d2i_AUTHORITY_KEYID +returns an +.Vt AUTHORITY_KEYID +object or +.Dv NULL +if an error occurs. +.Pp +.Fn i2d_AUTHORITY_KEYID +returns the number of bytes successfully encoded or a negative value +if an error occurs. +.Sh SEE ALSO +.Xr ASN1_item_d2i 3 , +.Xr AUTHORITY_KEYID_new 3 , +.Xr X509_EXTENSION_new 3 +.Sh STANDARDS +RFC 5280: Internet X.509 Public Key Infrastructure Certificate and +Certificate Revocation List (CRL) Profile: +.Bl -dash -compact +.It +section 4.2.1.1: Certificate Extensions: Authority Key Identifier +.It +section 5.2.1: CRL Extensions: Authority Key Identifier +.El +.Sh HISTORY +.Fn d2i_AUTHORITY_KEYID +and +.Fn i2d_AUTHORITY_KEYID +first appeared in OpenSSL 0.9.2b and have been available since +.Ox 2.6 . diff --git a/src/lib/libcrypto/man/d2i_BASIC_CONSTRAINTS.3 b/src/lib/libcrypto/man/d2i_BASIC_CONSTRAINTS.3 new file mode 100644 index 00000000000..2964a1f90e5 --- /dev/null +++ b/src/lib/libcrypto/man/d2i_BASIC_CONSTRAINTS.3 @@ -0,0 +1,106 @@ +.\" $OpenBSD: d2i_BASIC_CONSTRAINTS.3,v 1.3 2018/03/22 21:08:22 schwarze Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 22 2018 $ +.Dt D2I_BASIC_CONSTRAINTS 3 +.Os +.Sh NAME +.Nm d2i_BASIC_CONSTRAINTS , +.Nm i2d_BASIC_CONSTRAINTS , +.Nm d2i_EXTENDED_KEY_USAGE , +.Nm i2d_EXTENDED_KEY_USAGE +.Nd decode and encode X.509 key usage purposes +.Sh SYNOPSIS +.In openssl/x509v3.h +.Ft BASIC_CONSTRAINTS * +.Fo d2i_BASIC_CONSTRAINTS +.Fa "BASIC_CONSTRAINTS **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_BASIC_CONSTRAINTS +.Fa "BASIC_CONSTRAINTS *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft EXTENDED_KEY_USAGE * +.Fo d2i_EXTENDED_KEY_USAGE +.Fa "EXTENDED_KEY_USAGE **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_EXTENDED_KEY_USAGE +.Fa "EXTENDED_KEY_USAGE *val_in" +.Fa "unsigned char **der_out" +.Fc +.Sh DESCRIPTION +These functions decode and encode data structures describing the +intended purposes that the key contained in an X.509 certificate +is to be used for. +For details about the semantics, examples, caveats, and bugs, see +.Xr ASN1_item_d2i 3 . +.Pp +.Fn d2i_BASIC_CONSTRAINTS +and +.Fn i2d_BASIC_CONSTRAINTS +decode and encode an ASN.1 +.Vt BasicConstraints +structure defined in RFC 5280 section 4.2.1.9. +.Pp +.Fn d2i_EXTENDED_KEY_USAGE +and +.Fn i2d_EXTENDED_KEY_USAGE +decode and encode an ASN.1 +.Vt ExtKeyUsageSyntax +structure defined in RFC 5280 section 4.2.1.12. +.Sh RETURN VALUES +.Fn d2i_BASIC_CONSTRAINTS +and +.Fn d2i_EXTENDED_KEY_USAGE +return a +.Vt BASIC_CONSTRAINTS +or +.Vt EXTENDED_KEY_USAGE +object, respectively, or +.Dv NULL +if an error occurs. +.Pp +.Fn i2d_BASIC_CONSTRAINTS +and +.Fn i2d_EXTENDED_KEY_USAGE +return the number of bytes successfully encoded or a negative value +if an error occurs. +.Sh SEE ALSO +.Xr ASN1_item_d2i 3 , +.Xr BASIC_CONSTRAINTS_new 3 , +.Xr EXTENDED_KEY_USAGE_new 3 , +.Xr X509_EXTENSION_new 3 +.Sh STANDARDS +RFC 5280: Internet X.509 Public Key Infrastructure Certificate and +Certificate Revocation List (CRL) Profile +.Sh HISTORY +.Fn d2i_BASIC_CONSTRAINTS +and +.Fn i2d_BASIC_CONSTRAINTS +first appeared in OpenSSL 0.9.2b and have been available since +.Ox 2.6 . +.Pp +.Fn d2i_EXTENDED_KEY_USAGE +and +.Fn i2d_EXTENDED_KEY_USAGE +first appeared in OpenSSL 0.9.7 and have been available since +.Ox 3.2 . diff --git a/src/lib/libcrypto/man/d2i_DHparams.3 b/src/lib/libcrypto/man/d2i_DHparams.3 new file mode 100644 index 00000000000..7fd9878dc05 --- /dev/null +++ b/src/lib/libcrypto/man/d2i_DHparams.3 @@ -0,0 +1,99 @@ +.\" $OpenBSD: d2i_DHparams.3,v 1.8 2018/03/27 17:35:50 schwarze Exp $ +.\" full merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800 +.\" +.\" This file was written by Ulf Moeller and +.\" Dr. Stephen Henson . +.\" Copyright (c) 2000, 2002, 2015, 2017 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt D2I_DHPARAMS 3 +.Os +.Sh NAME +.Nm d2i_DHparams , +.Nm i2d_DHparams +.Nd PKCS#3 DH parameter functions +.Sh SYNOPSIS +.In openssl/dh.h +.Ft DH * +.Fo d2i_DHparams +.Fa "DH **a" +.Fa "unsigned char **pp" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_DHparams +.Fa "DH *a" +.Fa "unsigned char **pp" +.Fc +.Sh DESCRIPTION +These functions decode and encode PKCS#3 DH parameters using the +DHparameter structure described in PKCS#3. +They otherwise behave in a way similar to +.Xr d2i_X509 3 +and +.Xr i2d_X509 3 . +.Sh RETURN VALUES +.Fn d2i_DHparams +returns a +.Vt DH +object or +.Dv NULL +if an error occurs. +.Pp +.Fn i2d_DHparams +returns the number of bytes successfully encoded or a value <= 0 +if an error occurs. +.Sh SEE ALSO +.Xr d2i_X509 3 , +.Xr DH_new 3 +.Sh HISTORY +.Fn d2i_DHparams +and +.Fn i2d_DHparams +first appeared in SSLeay 0.5.1 and have been available since +.Ox 2.4 . diff --git a/src/lib/libcrypto/man/d2i_DIST_POINT.3 b/src/lib/libcrypto/man/d2i_DIST_POINT.3 new file mode 100644 index 00000000000..34bdb26fb43 --- /dev/null +++ b/src/lib/libcrypto/man/d2i_DIST_POINT.3 @@ -0,0 +1,201 @@ +.\" $OpenBSD: d2i_DIST_POINT.3,v 1.4 2018/03/23 04:34:23 schwarze Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt D2I_DIST_POINT 3 +.Os +.Sh NAME +.Nm d2i_DIST_POINT , +.Nm i2d_DIST_POINT , +.Nm d2i_CRL_DIST_POINTS , +.Nm i2d_CRL_DIST_POINTS , +.Nm d2i_DIST_POINT_NAME , +.Nm i2d_DIST_POINT_NAME , +.Nm d2i_ISSUING_DIST_POINT , +.Nm i2d_ISSUING_DIST_POINT , +.Nm d2i_ACCESS_DESCRIPTION , +.Nm i2d_ACCESS_DESCRIPTION , +.Nm d2i_AUTHORITY_INFO_ACCESS , +.Nm i2d_AUTHORITY_INFO_ACCESS +.Nd decode and encode X.509 data access extensions +.Sh SYNOPSIS +.In openssl/x509v3.h +.Ft DIST_POINT * +.Fo d2i_DIST_POINT +.Fa "DIST_POINT_NAME **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_DIST_POINT +.Fa "DIST_POINT *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft CRL_DIST_POINTS * +.Fo d2i_CRL_DIST_POINTS +.Fa "CRL_DIST_POINTS_NAME **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_CRL_DIST_POINTS +.Fa "CRL_DIST_POINTS *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft DIST_POINT_NAME * +.Fo d2i_DIST_POINT_NAME +.Fa "DIST_POINT_NAME_NAME **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_DIST_POINT_NAME +.Fa "DIST_POINT_NAME *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft ISSUING_DIST_POINT * +.Fo d2i_ISSUING_DIST_POINT +.Fa "ISSUING_DIST_POINT_NAME **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_ISSUING_DIST_POINT +.Fa "ISSUING_DIST_POINT *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft ACCESS_DESCRIPTION * +.Fo d2i_ACCESS_DESCRIPTION +.Fa "ACCESS_DESCRIPTION_NAME **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_ACCESS_DESCRIPTION +.Fa "ACCESS_DESCRIPTION *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft AUTHORITY_INFO_ACCESS * +.Fo d2i_AUTHORITY_INFO_ACCESS +.Fa "AUTHORITY_INFO_ACCESS_NAME **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_AUTHORITY_INFO_ACCESS +.Fa "AUTHORITY_INFO_ACCESS *val_in" +.Fa "unsigned char **der_out" +.Fc +.Sh DESCRIPTION +These functions decode and encode X.509 extensions that communicate +where to retrieve additional information online. +For details about the semantics, examples, caveats, and bugs, see +.Xr ASN1_item_d2i 3 . +.Pp +.Fn d2i_DIST_POINT +and +.Fn i2d_DIST_POINT +decode and encode an ASN.1 +.Vt DistributionPoint +structure defined in RFC 5280 section 4.2.1.13. +.Pp +.Fn d2i_CRL_DIST_POINTS +and +.Fn i2d_CRL_DIST_POINTS +decode and encode an ASN.1 +.Vt CRLDistributionPoints +structure defined in RFC 5280 section 4.2.1.13. +.Pp +.Fn d2i_DIST_POINT_NAME +and +.Fn i2d_DIST_POINT_NAME +decode and encode an ASN.1 +.Vt DistributionPointName +structure defined in RFC 5280 section 4.2.1.13. +.Pp +.Fn d2i_ISSUING_DIST_POINT +and +.Fn i2d_ISSUING_DIST_POINT +decode and encode an ASN.1 +.Vt IssuingDistributionPoint +structure defined in RFC 5280 section 5.2.5. +.Pp +.Fn d2i_ACCESS_DESCRIPTION +and +.Fn i2d_ACCESS_DESCRIPTION +decode and encode an ASN.1 +.Vt AccessDescription +structure defined in RFC 5280 section 4.2.2.1. +.Pp +.Fn d2i_AUTHORITY_INFO_ACCESS +and +.Fn i2d_AUTHORITY_INFO_ACCESS +decode and encode an ASN.1 +.Vt AuthorityInfoAccessSyntax +structure defined in RFC 5280 section 4.2.2.1. +.Sh RETURN VALUES +.Fn d2i_DIST_POINT , +.Fn d2i_CRL_DIST_POINTS , +.Fn d2i_DIST_POINT_NAME , +.Fn d2i_ISSUING_DIST_POINT , +.Fn d2i_ACCESS_DESCRIPTION , +and +.Fn d2i_AUTHORITY_INFO_ACCESS +return an object of the respective type or +.Dv NULL +if an error occurs. +.Pp +.Fn i2d_DIST_POINT , +.Fn i2d_CRL_DIST_POINTS , +.Fn i2d_DIST_POINT_NAME , +.Fn i2d_ISSUING_DIST_POINT , +.Fn i2d_ACCESS_DESCRIPTION , +and +.Fn i2d_AUTHORITY_INFO_ACCESS +return the number of bytes successfully encoded or a negative value +if an error occurs. +.Sh SEE ALSO +.Xr ACCESS_DESCRIPTION_new 3 , +.Xr ASN1_item_d2i 3 , +.Xr DIST_POINT_new 3 , +.Xr X509_EXTENSION_new 3 +.Sh STANDARDS +RFC 5280: Internet X.509 Public Key Infrastructure Certificate and +Certificate Revocation List (CRL) Profile +.Sh HISTORY +.Fn d2i_DIST_POINT , +.Fn i2d_DIST_POINT , +.Fn d2i_CRL_DIST_POINTS , +.Fn i2d_CRL_DIST_POINTS , +.Fn d2i_DIST_POINT_NAME , +and +.Fn i2d_DIST_POINT_NAME +first appeared in OpenSSL 0.9.3 and have been available since +.Ox 2.6 . +.Pp +.Fn d2i_ACCESS_DESCRIPTION , +.Fn i2d_ACCESS_DESCRIPTION , +.Fn d2i_AUTHORITY_INFO_ACCESS , +and +.Fn i2d_AUTHORITY_INFO_ACCESS +first appeared in OpenSSL 0.9.5 and have been available since +.Ox 2.7 . +.Pp +.Fn d2i_ISSUING_DIST_POINT +and +.Fn i2d_ISSUING_DIST_POINT +first appeared in OpenSSL 1.0.0 and have been available since +.Ox 4.9 . diff --git a/src/lib/libcrypto/man/d2i_DSAPublicKey.3 b/src/lib/libcrypto/man/d2i_DSAPublicKey.3 new file mode 100644 index 00000000000..37ef22e1b91 --- /dev/null +++ b/src/lib/libcrypto/man/d2i_DSAPublicKey.3 @@ -0,0 +1,412 @@ +.\" $OpenBSD: d2i_DSAPublicKey.3,v 1.14 2018/08/26 17:03:32 tb Exp $ +.\" OpenSSL bb9ad09e Jun 6 00:43:05 2016 -0400 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2002, 2003, 2013, 2015, 2016 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: August 26 2018 $ +.Dt D2I_DSAPUBLICKEY 3 +.Os +.Sh NAME +.Nm d2i_DSAPublicKey , +.Nm i2d_DSAPublicKey , +.Nm d2i_DSA_PUBKEY , +.Nm i2d_DSA_PUBKEY , +.Nm d2i_DSA_PUBKEY_bio , +.Nm d2i_DSA_PUBKEY_fp , +.Nm i2d_DSA_PUBKEY_bio , +.Nm i2d_DSA_PUBKEY_fp , +.Nm d2i_DSAPrivateKey , +.Nm i2d_DSAPrivateKey , +.Nm d2i_DSAPrivateKey_bio , +.Nm d2i_DSAPrivateKey_fp , +.Nm i2d_DSAPrivateKey_bio , +.Nm i2d_DSAPrivateKey_fp , +.Nm d2i_DSAparams , +.Nm i2d_DSAparams , +.Nm d2i_DSAparams_bio , +.Nm i2d_DSAparams_bio , +.Nm d2i_DSAparams_fp , +.Nm i2d_DSAparams_fp , +.Nm DSAparams_dup , +.Nm d2i_DSA_SIG , +.Nm i2d_DSA_SIG +.Nd decode and encode DSA keys +.Sh SYNOPSIS +.In openssl/dsa.h +.Ft DSA * +.Fo d2i_DSAPublicKey +.Fa "DSA **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_DSAPublicKey +.Fa "const DSA *val_in" +.Fa "unsigned char **der_out" +.Fc +.In openssl/x509.h +.Ft DSA * +.Fo d2i_DSA_PUBKEY +.Fa "DSA **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_DSA_PUBKEY +.Fa "const DSA *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft DSA * +.Fo d2i_DSA_PUBKEY_bio +.Fa "BIO *in_bio" +.Fa "DSA **val_out" +.Fc +.Ft DSA * +.Fo d2i_DSA_PUBKEY_fp +.Fa "FILE *in_fp" +.Fa "DSA **val_out" +.Fc +.Ft int +.Fo i2d_DSA_PUBKEY_bio +.Fa "BIO *out_bio" +.Fa "DSA *val_in" +.Fc +.Ft int +.Fo i2d_DSA_PUBKEY_fp +.Fa "FILE *out_fp" +.Fa "DSA *val_in" +.Fc +.In openssl/dsa.h +.Ft DSA * +.Fo d2i_DSAPrivateKey +.Fa "DSA **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_DSAPrivateKey +.Fa "const DSA *val_in" +.Fa "unsigned char **der_out" +.Fc +.In openssl/x509.h +.Ft DSA * +.Fo d2i_DSAPrivateKey_bio +.Fa "BIO *in_bio" +.Fa "DSA **val_out" +.Fc +.Ft DSA * +.Fo d2i_DSAPrivateKey_fp +.Fa "FILE *in_fp" +.Fa "DSA **val_out" +.Fc +.Ft int +.Fo i2d_DSAPrivateKey_bio +.Fa "BIO *out_bio" +.Fa "DSA *val_in" +.Fc +.Ft int +.Fo i2d_DSAPrivateKey_fp +.Fa "FILE *out_fp" +.Fa "DSA *val_in" +.Fc +.In openssl/dsa.h +.Ft DSA * +.Fo d2i_DSAparams +.Fa "DSA **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_DSAparams +.Fa "const DSA *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft DSA * +.Fo d2i_DSAparams_bio +.Fa "BIO *in_bio" +.Fa "DSA **val_out" +.Fc +.Ft int +.Fo i2d_DSAparams_bio +.Fa "BIO *out_bio" +.Fa "DSA *val_in" +.Fc +.Ft DSA * +.Fo d2i_DSAparams_fp +.Fa "FILE *in_fp" +.Fa "DSA **val_out" +.Fc +.Ft int +.Fo i2d_DSAparams_fp +.Fa FILE *out_fp +.Fa "DSA *val_in" +.Fc +.Ft DSA * +.Fo DSAparams_dup +.Fa "DSA *val_in" +.Fc +.Ft DSA_SIG * +.Fo d2i_DSA_SIG +.Fa "DSA_SIG **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_DSA_SIG +.Fa "const DSA_SIG *val_in" +.Fa "unsigned char **der_out" +.Fc +.Sh DESCRIPTION +These functions decode and encode DSA keys and parameters. +For details about the semantics, examples, caveats, and bugs, see +.Xr ASN1_item_d2i 3 . +.Pp +.Fn d2i_DSAPublicKey +and +.Fn i2d_DSAPublicKey +decode and encode the DSA public key components using a non-standard +format, so consider using +.Fn d2i_DSA_PUBKEY +and +.Fn i2d_DSA_PUBKEY +instead. +The actual data encoded depends on the value of +.Fa val_in->write_params . +If +.Fa val_in->write_params +is zero, only the +.Fa val_in->pub_key +field is encoded as an ASN.1 INTEGER. +If +.Fa val_in->write_params +is 1, then a SEQUENCE consisting of the +.Fa val_in->p , +.Fa val_in->q , +.Fa val_in->g , +and +.Fa val_in->pub_key +fields is encoded. +.Pp +.Fn d2i_DSA_PUBKEY +and +.Fn i2d_DSA_PUBKEY +decode and encode a DSA public key using an ASN.1 +.Vt SubjectPublicKeyInfo +structure defined in RFC 5280 section 4.1 +and documented in +.Xr X509_PUBKEY_new 3 . +.Fn d2i_DSA_PUBKEY_bio , +.Fn d2i_DSA_PUBKEY_fp , +.Fn i2d_DSA_PUBKEY_bio , +and +.Fn i2d_DSA_PUBKEY_fp +are similar except that they decode or encode using a +.Vt BIO +or +.Vt FILE +pointer. +.Pp +.Fn d2i_DSAPrivateKey +and +.Fn i2d_DSAPrivateKey +decode and encode the DSA private key components. +The +.Vt DSA +object passed to the private key encoding functions should have all +the private key components present. +These functions use a non-standard structure consisting of a +SEQUENCE containing the +.Fa val_in->p , +.Fa val_in->q , +.Fa val_in->g , +.Fa val_in->pub_key , +and +.Fa val_in->priv_key +fields. +This data format is unencrypted. +For private key security when writing private keys to files, +consider using +.Xr PEM_write_DSAPrivateKey 3 +instead. +.Fn d2i_DSAPrivateKey_bio , +.Fn d2i_DSAPrivateKey_fp , +.Fn i2d_DSAPrivateKey_bio , +and +.Fn i2d_DSAPrivateKey_fp +are similar except that they decode or encode using a +.Vt BIO +or +.Vt FILE +pointer. +.Pp +.Fn d2i_DSAparams +and +.Fn i2d_DSAparams +decode and encode the DSA parameters using an ASN.1 +.Vt Dss-Parms +structure defined in RFC 3279 section 2.3.2 +and used for the parameters field of the ASN.1 +.Vt AlgorithmIdentifier +structure defined in RFC 5280 section 4.1.1.2. +.Fn d2i_DSAparams_bio , +.Fn i2d_DSAparams_bio , +.Fn d2i_DSAparams_fp , +.Fn i2d_DSAparams_fp +are similar except that they decode or encode using a +.Vt BIO +or +.Vt FILE +pointer. +.Pp +.Fn DSAparams_dup +allocates and initializes an empty +.Vt DSA +object and copies the DSA parameters from +.Fa val_in +to it by calling +.Fn i2d_DSAparams +and +.Fn d2i_DSAparams . +If a private or public key are present in +.Fa val_in , +they are not copied. +.Pp +.Fn d2i_DSA_SIG +and +.Fn i2d_DSA_SIG +decode and encode a DSA signature using an ASN.1 +.Vt Dss-Sig-Value +structure as defined in RFC 3279 section 2.2.2 +and used for the signatureValue field of the ASN.1 +.Vt Certificate +structure described in RFC 5280 sections 4.1.1.3 and 5.1.1.3. +.Sh RETURN VALUES +.Fn d2i_DSAPublicKey , +.Fn d2i_DSA_PUBKEY , +.Fn d2i_DSA_PUBKEY_bio , +.Fn d2i_DSA_PUBKEY_fp , +.Fn d2i_DSAPrivateKey , +.Fn d2i_DSAPrivateKey_bio , +.Fn d2i_DSAPrivateKey_fp , +.Fn d2i_DSAparams , +.Fn d2i_DSAparams_bio , +.Fn d2i_DSAparams_fp , +and +.Fn DSAparams_dup +return a valid +.Vt DSA +object or +.Dv NULL +if an error occurs. +.Pp +.Fn d2i_DSA_SIG +returns a valid +.Vt DSA_SIG +object or +.Dv NULL +if an error occurs. +.Sh SEE ALSO +.Xr ASN1_item_d2i 3 , +.Xr DSA_new 3 , +.Xr DSA_SIG_new 3 , +.Xr EVP_PKEY_set1_DSA 3 , +.Xr PEM_write_DSAPrivateKey 3 , +.Xr X509_PUBKEY_new 3 +.Sh STANDARDS +RFC 5280: Internet X.509 Public Key Infrastructure Certificate and +Certificate Revocation List (CRL) Profile, +section 4.1: Basic Certificate Fields +.Pp +RFC 3279: Algorithms and Identifiers for the Internet X.509 Public +Key Infrastructure Certificate and Certificate Revocation List (CRL) +Profile: +.Bl -dash -compact +.It +section 2.2.2: DSA Signature Algorithm +.It +section 2.3.2: DSA Signature Keys +.El +.Sh HISTORY +.Fn d2i_DSAPublicKey , +.Fn i2d_DSAPublicKey , +.Fn d2i_DSAPrivateKey , +and +.Fn i2d_DSAPrivateKey +first appeared in SSLeay 0.6.0. +.Fn d2i_DSAPrivateKey_bio , +.Fn d2i_DSAPrivateKey_fp , +.Fn i2d_DSAPrivateKey_bio , +.Fn i2d_DSAPrivateKey_fp , +.Fn d2i_DSAparams , +.Fn i2d_DSAparams , +.Fn d2i_DSAparams_bio , +.Fn i2d_DSAparams_bio , +.Fn d2i_DSAparams_fp , +.Fn i2d_DSAparams_fp , +and +.Fn DSAparams_dup +first appeared in SSLeay 0.8.0. +These functions have been available since +.Ox 2.4 . +.Pp +.Fn d2i_DSA_SIG +and +.Fn i2d_DSA_SIG +first appeared in OpenSSL 0.9.3 and have been available since +.Ox 2.6 . +.Pp +.Fn d2i_DSA_PUBKEY , +.Fn i2d_DSA_PUBKEY , +.Fn d2i_DSA_PUBKEY_bio , +.Fn d2i_DSA_PUBKEY_fp , +.Fn i2d_DSA_PUBKEY_bio , +and +.Fn i2d_DSA_PUBKEY_fp +first appeared in OpenSSL 0.9.5 and have been available since +.Ox 2.7 . diff --git a/src/lib/libcrypto/man/d2i_ECPKParameters.3 b/src/lib/libcrypto/man/d2i_ECPKParameters.3 new file mode 100644 index 00000000000..e82e7911dd9 --- /dev/null +++ b/src/lib/libcrypto/man/d2i_ECPKParameters.3 @@ -0,0 +1,467 @@ +.\" $OpenBSD: d2i_ECPKParameters.3,v 1.12 2018/05/19 22:51:40 schwarze Exp $ +.\" OpenSSL 05ea606a May 20 20:52:46 2016 -0400 +.\" +.\" This file is a derived work. +.\" The changes are covered by the following Copyright and license: +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" The original file was written by Matt Caswell . +.\" Copyright (c) 2013, 2015 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: May 19 2018 $ +.Dt D2I_ECPKPARAMETERS 3 +.Os +.Sh NAME +.Nm d2i_ECPKParameters , +.Nm i2d_ECPKParameters , +.Nm d2i_ECPKParameters_bio , +.Nm i2d_ECPKParameters_bio , +.Nm d2i_ECPKParameters_fp , +.Nm i2d_ECPKParameters_fp , +.Nm d2i_ECParameters , +.Nm i2d_ECParameters , +.Nm ECParameters_dup , +.Nm d2i_ECPrivateKey , +.Nm i2d_ECPrivateKey , +.Nm d2i_ECPrivateKey_bio , +.Nm i2d_ECPrivateKey_bio , +.Nm d2i_ECPrivateKey_fp , +.Nm i2d_ECPrivateKey_fp , +.Nm o2i_ECPublicKey , +.Nm i2o_ECPublicKey , +.Nm ECPKParameters_print , +.Nm ECPKParameters_print_fp , +.Nm ECParameters_print , +.Nm ECParameters_print_fp , +.Nm d2i_EC_PUBKEY , +.Nm i2d_EC_PUBKEY , +.Nm d2i_EC_PUBKEY_bio , +.Nm i2d_EC_PUBKEY_bio , +.Nm d2i_EC_PUBKEY_fp , +.Nm i2d_EC_PUBKEY_fp +.Nd decode and encode ASN.1 representations of elliptic curve entities +.Sh SYNOPSIS +.In openssl/ec.h +.Ft EC_GROUP * +.Fo d2i_ECPKParameters +.Fa "EC_GROUP **val_out" +.Fa "const unsigned char **des_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_ECPKParameters +.Fa "const EC_GROUP *val_in" +.Fa "unsigned char **des_out" +.Fc +.Ft EC_GROUP * +.Fo d2i_ECPKParameters_bio +.Fa "BIO *in_bio" +.Fa "EC_GROUP **val_out" +.Fc +.Ft int +.Fo i2d_ECPKParameters_bio +.Fa "BIO *out_bio" +.Fa "EC_GROUP *val_in" +.Fc +.Ft EC_GROUP * +.Fo d2i_ECPKParameters_fp +.Fa "FILE *in_fp" +.Fa "EC_GROUP **val_out" +.Fc +.Ft int +.Fo i2d_ECPKParameters_fp +.Fa "FILE *out_fp" +.Fa "EC_GROUP *val_in" +.Fc +.Ft EC_KEY * +.Fo d2i_ECParameters +.Fa "EC_KEY **val_out" +.Fa "const unsigned char **des_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_ECParameters +.Fa "EC_KEY *val_in" +.Fa "unsigned char **des_out" +.Fc +.Ft EC_KEY * +.Fo ECParameters_dup +.Fa "EC_KEY *val_in" +.Fc +.Ft EC_KEY * +.Fo d2i_ECPrivateKey +.Fa "EC_KEY **val_out" +.Fa "const unsigned char **des_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_ECPrivateKey +.Fa "EC_KEY *val_in" +.Fa "unsigned char **des_out" +.Fc +.Ft EC_KEY * +.Fo d2i_ECPrivateKey_bio +.Fa "BIO *in_bio" +.Fa "EC_KEY **val_out" +.Fc +.Ft int +.Fo i2d_ECPrivateKey_bio +.Fa "BIO *out_bio" +.Fa "EC_KEY *val_in" +.Fc +.Ft EC_KEY * +.Fo d2i_ECPrivateKey_fp +.Fa "FILE *in_fp" +.Fa "EC_KEY **val_out" +.Fc +.Ft int +.Fo i2d_ECPrivateKey_fp +.Fa "FILE *out_fp" +.Fa "EC_KEY *val_in" +.Fc +.Ft EC_KEY * +.Fo o2i_ECPublicKey +.Fa "EC_KEY **val_out" +.Fa "const unsigned char **des_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2o_ECPublicKey +.Fa "const EC_KEY *val_in" +.Fa "unsigned char **des_out" +.Fc +.Ft int +.Fo ECPKParameters_print +.Fa "BIO *out_bio" +.Fa "const EC_GROUP *val_in" +.Fa "int indent" +.Fc +.Ft int +.Fo ECPKParameters_print_fp +.Fa "FILE *out_fp" +.Fa "const EC_GROUP *val_in" +.Fa "int indent" +.Fc +.Ft int +.Fo ECParameters_print +.Fa "BIO *out_bio" +.Fa "const EC_KEY *val_in" +.Fc +.Ft int +.Fo ECParameters_print_fp +.Fa "FILE *out_fp" +.Fa "const EC_KEY *val_in" +.Fc +.In openssl/x509.h +.Ft EC_KEY * +.Fo d2i_EC_PUBKEY +.Fa "EC_KEY **val_out" +.Fa "const unsigned char **des_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_EC_PUBKEY +.Fa "EC_KEY *val_in" +.Fa "unsigned char **des_out" +.Fc +.Ft EC_KEY * +.Fo d2i_EC_PUBKEY_bio +.Fa "BIO *in_bio" +.Fa "EC_KEY **val_out" +.Fc +.Ft int +.Fo i2d_EC_PUBKEY_bio +.Fa "BIO *out_bio" +.Fa "EC_KEY *val_in" +.Fc +.Ft EC_KEY * +.Fo d2i_EC_PUBKEY_fp +.Fa "FILE *in_fp" +.Fa "EC_KEY **val_out" +.Fc +.Ft int +.Fo i2d_EC_PUBKEY_fp +.Fa "FILE *out_fp" +.Fa "EC_KEY *val_in" +.Fc +.Sh DESCRIPTION +These functions decode and encode elliptic curve keys and parameters. +For details about the semantics, examples, caveats, and bugs, see +.Xr ASN1_item_d2i 3 . +.Pp +.Fn d2i_ECPKParameters +and +.Fn i2d_ECPKParameters +decode and encode the parameters of an elliptic curve. +.Fn d2i_ECPKParameters_bio , +.Fn i2d_ECPKParameters_bio , +.Fn d2i_ECPKParameters_fp , +and +.Fn i2d_ECPKParameters_fp +are similar except that they decode or encode using a +.Vt BIO +or +.Vt FILE +pointer. +These four functions are currently implemented as macros. +.Pp +.Fn d2i_ECParameters +does the same parsing as +.Fn d2i_ECPKParameters +but saves the result in the +.Fa group +field of an +.Vt EC_KEY +structure. +.Pp +.Fn i2d_ECParameters +produces the same output as +.Fn i2d_ECPKParameters +but uses +.Fa val_in->group +for input instead of +.Fa val_in . +.Pp +.Fn ECParameters_dup +allocates and initializes an empty +.Vt EC_KEY +object and copies the EC parameters from +.Fa val_in +to it by calling +.Fn i2d_ECParameters +and +.Fn d2i_ECParameters . +If a private or public key or any flags are present in +.Fa val_in , +they are not copied. +.Pp +.Fn d2i_ECPrivateKey +and +.Fn i2d_ECPrivateKey +decode and encode an EC private key using an ASN.1 +.Vt ECPrivateKey +structure defined in RFC 5915 section 3 and used for the privateKey +field of the ASN.1 +.Vt PrivateKeyInfo +structure defined in RFC 5208 section 5, see +.Xr PKCS8_PRIV_KEY_INFO_new 3 . +.Fn d2i_ECPrivateKey_bio , +.Fn i2d_ECPrivateKey_bio , +.Fn d2i_ECPrivateKey_fp , +and +.Fn i2d_ECPrivateKey_fp +are similar except that they decode or encode using a +.Vt BIO +or +.Vt FILE +pointer. +.Pp +.Fn o2i_ECPublicKey +and +.Fn i2o_ECPublicKey +decode and encode an EC public key. +In contrast to +.Xr ASN1_item_d2i 3 , +.Fn o2i_ECPublicKey +requires +.Fa val_out , +.Pf * Fa val_out , +and +.Po Pf * Fa val_out Pc Ns -> Ns Fa group +to be +.Pf non- Dv NULL . +.Pp +.Fn ECPKParameters_print +and +.Fn ECPKParameters_print_fp +print human-readable output of the public parameters of the +.Vt EC_GROUP +to +.Fa out_bio +or +.Fa out_fp . +The output lines are indented by +.Fa indent +spaces. +.Pp +.Fn ECParameters_print +and +.Fn ECParameters_print_fp +print the parameter components of +.Fa val_in +to +.Fa out_bio +or +.Fa out_fp . +.Pp +.Fn d2i_EC_PUBKEY +and +.Fn i2d_EC_PUBKEY +decode and encode an EC public key using an ASN.1 +.Vt SubjectPublicKeyInfo +structure defined in RFC 5280 section 4.1 and documented in +.Xr X509_PUBKEY_new 3 . +.Fn d2i_EC_PUBKEY_bio , +.Fn i2d_EC_PUBKEY_bio , +.Fn d2i_EC_PUBKEY_fp , +and +.Fn i2d_EC_PUBKEY_fp +are similar except that they decode or encode using a +.Vt BIO +or +.Vt FILE +pointer. +.Sh RETURN VALUES +.Fn d2i_ECPKParameters , +.Fn d2i_ECPKParameters_bio , +and +.Fn d2i_ECPKParameters_fp +return a valid +.Vt EC_GROUP +structure or +.Dv NULL +if an error occurs. +.Pp +.Fn d2i_ECParameters , +.Fn ECParameters_dup , +.Fn d2i_ECPrivateKey , +.Fn d2i_ECPrivateKey_bio , +.Fn d2i_ECPrivateKey_fp , +.Fn o2i_ECPublicKey , +.Fn d2i_EC_PUBKEY , +.Fn d2i_EC_PUBKEY_bio , +and +.Fn d2i_EC_PUBKEY_fp +return a valid +.Vt EC_KEY +structure or +.Dv NULL +if an error occurs. +.Pp +.Fn i2d_ECPKParameters , +.Fn i2d_ECParameters , +.Fn i2d_ECPrivateKey , +.Fn i2o_ECPublicKey , +and +.Fn i2d_EC_PUBKEY +return the number of bytes successfully encoded or a negative value if +an error occurs. +.Pp +.Fn i2d_ECPKParameters_bio , +.Fn i2d_ECPKParameters_fp , +.Fn i2d_ECPrivateKey_bio , +.Fn i2d_ECPrivateKey_fp , +.Fn ECPKParameters_print , +.Fn ECPKParameters_print_fp , +.Fn ECParameters_print , +.Fn ECParameters_print_fp , +.Fn i2d_EC_PUBKEY_bio , +and +.Fn i2d_EC_PUBKEY_fp +return 1 for success or 0 if an error occurs. +.Sh SEE ALSO +.Xr ASN1_item_d2i 3 , +.Xr EC_GROUP_copy 3 , +.Xr EC_GROUP_new 3 , +.Xr EC_KEY_new 3 , +.Xr EVP_PKEY_set1_EC_KEY 3 , +.Xr PEM_write_ECPrivateKey 3 , +.Xr PKCS8_PRIV_KEY_INFO_new 3 , +.Xr X509_PUBKEY_new 3 +.Sh STANDARDS +RFC 5915: Elliptic Curve Private Key Structure +.Pp +RFC 5208: Public-Key Cryptography Standards (PKCS) #8: +Private-Key Information Syntax Specification +.Pp +RFC 5280: Internet X.509 Public Key Infrastructure Certificate and +Certificate Revocation List (CRL) Profile, +section 4.1: Basic Certificate Fields +.Sh HISTORY +.Fn d2i_ECPKParameters , +.Fn i2d_ECPKParameters , +.Fn d2i_ECPKParameters_bio , +.Fn i2d_ECPKParameters_bio , +.Fn d2i_ECPKParameters_fP , +.Fn i2d_ECPKParameters_fp , +.Fn d2i_ECParameters , +.Fn i2d_ECParameters , +.Fn ECParameters_dup , +.Fn d2i_ECPrivateKey , +.Fn i2d_ECPrivateKey , +.Fn d2i_ECPrivateKey_bio , +.Fn i2d_ECPrivateKey_bio , +.Fn d2i_ECPrivateKey_fp , +.Fn i2d_ECPrivateKey_fp , +.Fn o2i_ECPublicKey , +.Fn i2o_ECPublicKey , +.Fn ECPKParameters_print , +.Fn ECPKParameters_print_fp , +.Fn ECParameters_print , +.Fn ECParameters_print_fp , +.Fn d2i_EC_PUBKEY , +.Fn i2d_EC_PUBKEY , +.Fn d2i_EC_PUBKEY_bio , +.Fn i2d_EC_PUBKEY_bio , +.Fn d2i_EC_PUBKEY_fp , +and +.Fn i2d_EC_PUBKEY_fp +first appeared in OpenSSL 0.9.8 and have been available since +.Ox 4.5 . diff --git a/src/lib/libcrypto/man/d2i_ESS_SIGNING_CERT.3 b/src/lib/libcrypto/man/d2i_ESS_SIGNING_CERT.3 new file mode 100644 index 00000000000..c1d61d3b5e7 --- /dev/null +++ b/src/lib/libcrypto/man/d2i_ESS_SIGNING_CERT.3 @@ -0,0 +1,118 @@ +.\" $OpenBSD: d2i_ESS_SIGNING_CERT.3,v 1.2 2018/03/23 04:34:23 schwarze Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt D2I_ESS_SIGNING_CERT 3 +.Os +.Sh NAME +.Nm d2i_ESS_SIGNING_CERT , +.Nm i2d_ESS_SIGNING_CERT , +.Nm d2i_ESS_CERT_ID , +.Nm i2d_ESS_CERT_ID , +.Nm d2i_ESS_ISSUER_SERIAL , +.Nm i2d_ESS_ISSUER_SERIAL +.Nd decode and encode signing certificates for S/MIME +.Sh SYNOPSIS +.In openssl/ts.h +.Ft ESS_SIGNING_CERT * +.Fo d2i_ESS_SIGNING_CERT +.Fa "ESS_SIGNING_CERT **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_ESS_SIGNING_CERT +.Fa "const ESS_SIGNING_CERT *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft ESS_CERT_ID * +.Fo d2i_ESS_CERT_ID +.Fa "ESS_CERT_ID **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_ESS_CERT_ID +.Fa "const ESS_CERT_ID *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft ESS_ISSUER_SERIAL * +.Fo d2i_ESS_ISSUER_SERIAL +.Fa "ESS_ISSUER_SERIAL **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_ESS_ISSUER_SERIAL +.Fa "const ESS_ISSUER_SERIAL *val_in" +.Fa "unsigned char **der_out" +.Fc +.Sh DESCRIPTION +These functions decode and encode signing certificate attribute +structures. +For details about the semantics, examples, caveats, and bugs, see +.Xr ASN1_item_d2i 3 . +.Pp +.Fn d2i_ESS_SIGNING_CERT +and +.Fn i2d_ESS_SIGNING_CERT +decode and encode an ASN.1 +.Vt SigningCertificate +structure defined in RFC 2634 section 5.4. +.Pp +.Fn d2i_ESS_CERT_ID +and +.Fn i2d_ESS_CERT_ID +decode and encode an ASN.1 +.Vt ESSCertID +structure defined in RFC 2634 section 5.4.1. +.Pp +.Fn d2i_ESS_ISSUER_SERIAL +and +.Fn i2d_ESS_ISSUER_SERIAL +decode and encode an ASN.1 +.Vt IssuerSerial +structure defined in RFC 2634 section 5.4.1. +.Sh RETURN VALUES +.Fn d2i_ESS_SIGNING_CERT , +.Fn d2i_ESS_CERT_ID , +and +.Fn d2i_ESS_ISSUER_SERIAL +return an +.Vt ESS_SIGNING_CERT , +.Vt ESS_CERT_ID , +or +.Vt ESS_ISSUER_SERIAL +object, respectively, or +.Dv NULL +if an error occurs. +.Pp +.Fn i2d_ESS_SIGNING_CERT , +.Fn i2d_ESS_CERT_ID , +and +.Fn i2d_ESS_ISSUER_SERIAL +return the number of bytes successfully encoded or a negative value +if an error occurs. +.Sh SEE ALSO +.Xr ASN1_item_d2i 3 , +.Xr ESS_SIGNING_CERT_new 3 +.Sh STANDARDS +RFC 2634: Enhanced Security Services for S/MIME, +section 5: Signing Certificate Attribute +.Sh HISTORY +These functions first appeared in OpenSSL 1.0.0 +and have been available since +.Ox 4.9 . diff --git a/src/lib/libcrypto/man/d2i_GENERAL_NAME.3 b/src/lib/libcrypto/man/d2i_GENERAL_NAME.3 new file mode 100644 index 00000000000..bfdcc6c67c7 --- /dev/null +++ b/src/lib/libcrypto/man/d2i_GENERAL_NAME.3 @@ -0,0 +1,160 @@ +.\" $OpenBSD: d2i_GENERAL_NAME.3,v 1.4 2018/03/22 21:08:22 schwarze Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 22 2018 $ +.Dt D2I_GENERAL_NAME 3 +.Os +.Sh NAME +.Nm d2i_GENERAL_NAME , +.Nm i2d_GENERAL_NAME , +.Nm d2i_GENERAL_NAMES , +.Nm i2d_GENERAL_NAMES , +.Nm d2i_EDIPARTYNAME , +.Nm i2d_EDIPARTYNAME , +.Nm d2i_OTHERNAME , +.Nm i2d_OTHERNAME +.Nd decode and encode names for use in X.509 extensions +.Sh SYNOPSIS +.In openssl/x509v3.h +.Ft GENERAL_NAME * +.Fo d2i_GENERAL_NAME +.Fa "GENERAL_NAME **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_GENERAL_NAME +.Fa "GENERAL_NAME *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft GENERAL_NAMES * +.Fo d2i_GENERAL_NAMES +.Fa "GENERAL_NAMES **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_GENERAL_NAMES +.Fa "GENERAL_NAMES *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft EDIPARTYNAME * +.Fo d2i_EDIPARTYNAME +.Fa "EDIPARTYNAME **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_EDIPARTYNAME +.Fa "EDIPARTYNAME *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft OTHERNAME * +.Fo d2i_OTHERNAME +.Fa "OTHERNAME **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_OTHERNAME +.Fa "OTHERNAME *val_in" +.Fa "unsigned char **der_out" +.Fc +.Sh DESCRIPTION +These functions decode and encode names that can be used in X.509 +extensions. +For details about the semantics, examples, caveats, and bugs, see +.Xr ASN1_item_d2i 3 . +.Pp +.Fn d2i_GENERAL_NAME +and +.Fn i2d_GENERAL_NAME +decode and encode an ASN.1 +.Vt GeneralName +structure defined in RFC 5280 section 4.2.1.6. +.Pp +.Fn d2i_GENERAL_NAMES +and +.Fn i2d_GENERAL_NAMES +decode and encode an ASN.1 +.Vt GeneralNames +structure defined in RFC 5280 section 4.2.1.6. +.Pp +.Fn d2i_EDIPARTYNAME +and +.Fn i2d_EDIPARTYNAME +decode and encode an ASN.1 +.Vt EDIPartyName +structure defined in RFC 5280 section 4.2.1.6. +.Pp +.Fn d2i_OTHERNAME +and +.Fn i2d_OTHERNAME +decode and encode an ASN.1 +.Vt OtherName +structure defined in RFC 5280 section 4.2.1.6. +.Sh RETURN VALUES +.Fn d2i_GENERAL_NAME , +.Fn d2i_GENERAL_NAMES , +.Fn d2i_EDIPARTYNAME , +and +.Fn d2i_OTHERNAME +return a +.Vt GENERAL_NAME , +.Vt GENERAL_NAMES , +.Vt EDIPARTYNAME , +or +.Vt OTHERNAME +object, respectively, or +.Dv NULL +if an error occurs. +.Pp +.Fn i2d_GENERAL_NAME , +.Fn i2d_GENERAL_NAMES , +.Fn i2d_EDIPARTYNAME , +and +.Fn i2d_OTHERNAME +return the number of bytes successfully encoded or a negative value +if an error occurs. +.Sh SEE ALSO +.Xr ASN1_item_d2i 3 , +.Xr d2i_X509_NAME 3 , +.Xr GENERAL_NAME_new 3 , +.Xr X509_EXTENSION_new 3 +.Sh STANDARDS +RFC 5280: Internet X.509 Public Key Infrastructure Certificate and +Certificate Revocation List (CRL) Profile, +section 4.2: Certificate Extensions +.Sh HISTORY +.Fn d2i_GENERAL_NAME , +.Fn i2d_GENERAL_NAME , +.Fn d2i_GENERAL_NAMES , +and +.Fn i2d_GENERAL_NAMES +first appeared in OpenSSL 0.9.2b and have been available since +.Ox 2.6 . +.Pp +.Fn d2i_OTHERNAME +and +.Fn i2d_OTHERNAME +first appeared in OpenSSL 0.9.5 and have been available since +.Ox 2.7 . +.Pp +.Fn d2i_EDIPARTYNAME +and +.Fn i2d_EDIPARTYNAME +first appeared in OpenSSL 0.9.7 and have been available since +.Ox 3.2 . diff --git a/src/lib/libcrypto/man/d2i_OCSP_REQUEST.3 b/src/lib/libcrypto/man/d2i_OCSP_REQUEST.3 new file mode 100644 index 00000000000..cc07bd7d616 --- /dev/null +++ b/src/lib/libcrypto/man/d2i_OCSP_REQUEST.3 @@ -0,0 +1,181 @@ +.\" $OpenBSD: d2i_OCSP_REQUEST.3,v 1.2 2018/03/22 21:08:22 schwarze Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 22 2018 $ +.Dt D2I_OCSP_REQUEST 3 +.Os +.Sh NAME +.Nm d2i_OCSP_REQUEST , +.Nm i2d_OCSP_REQUEST , +.Nm d2i_OCSP_SIGNATURE , +.Nm i2d_OCSP_SIGNATURE , +.Nm d2i_OCSP_REQINFO , +.Nm i2d_OCSP_REQINFO , +.Nm d2i_OCSP_ONEREQ , +.Nm i2d_OCSP_ONEREQ , +.Nm d2i_OCSP_CERTID , +.Nm i2d_OCSP_CERTID , +.Nm d2i_OCSP_SERVICELOC , +.Nm i2d_OCSP_SERVICELOC +.Nd decode and encode OCSP requests +.Sh SYNOPSIS +.In openssl/ocsp.h +.Ft OCSP_REQUEST * +.Fo d2i_OCSP_REQUEST +.Fa "OCSP_REQUEST **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_OCSP_REQUEST +.Fa "OCSP_REQUEST *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft OCSP_SIGNATURE * +.Fo d2i_OCSP_SIGNATURE +.Fa "OCSP_SIGNATURE **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_OCSP_SIGNATURE +.Fa "OCSP_SIGNATURE *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft OCSP_REQINFO * +.Fo d2i_OCSP_REQINFO +.Fa "OCSP_REQINFO **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_OCSP_REQINFO +.Fa "OCSP_REQINFO *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft OCSP_ONEREQ * +.Fo d2i_OCSP_ONEREQ +.Fa "OCSP_ONEREQ **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_OCSP_ONEREQ +.Fa "OCSP_ONEREQ *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft OCSP_CERTID * +.Fo d2i_OCSP_CERTID +.Fa "OCSP_CERTID **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_OCSP_CERTID +.Fa "OCSP_CERTID *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft OCSP_SERVICELOC * +.Fo d2i_OCSP_SERVICELOC +.Fa "OCSP_SERVICELOC **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_OCSP_SERVICELOC +.Fa "OCSP_SERVICELOC *val_in" +.Fa "unsigned char **der_out" +.Fc +.Sh DESCRIPTION +Theses functions decode and encode ASN.1 structures used for OCSP +requests. +For details about the semantics, examples, caveats, and bugs, see +.Xr ASN1_item_d2i 3 . +.Pp +.Fn d2i_OCSP_REQUEST +and +.Fn i2d_OCSP_REQUEST +decode and encode an ASN.1 +.Vt OCSPRequest +structure defined in RFC 6960 section 4.1.1. +.Pp +.Fn d2i_OCSP_SIGNATURE +and +.Fn i2d_OCSP_SIGNATURE +decode and encode an ASN.1 +.Vt Signature +structure defined in RFC 6960 section 4.1.1. +.Pp +.Fn d2i_OCSP_REQINFO +and +.Fn i2d_OCSP_REQINFO +decode and encode an ASN.1 +.Vt TBSRequest +structure defined in RFC 6960 section 4.1.1. +.Pp +.Fn d2i_OCSP_ONEREQ +and +.Fn i2d_OCSP_ONEREQ +decode and encode an ASN.1 +.Vt Request +structure defined in RFC 6960 section 4.1.1. +.Pp +.Fn d2i_OCSP_CERTID +and +.Fn i2d_OCSP_CERTID +decode and encode an ASN.1 +.Vt CertID +structure defined in RFC 6960 section 4.1.1. +.Pp +.Fn d2i_OCSP_SERVICELOC +and +.Fn i2d_OCSP_SERVICELOC +decode and encode an ASN.1 +.Vt ServiceLocator +structure defined in RFC 6960 section 4.4.6. +.Sh RETURN VALUES +.Fn d2i_OCSP_REQUEST , +.Fn d2i_OCSP_SIGNATURE , +.Fn d2i_OCSP_REQINFO , +.Fn d2i_OCSP_ONEREQ , +.Fn d2i_OCSP_CERTID , +and +.Fn d2i_OCSP_SERVICELOC +return an object of the respective type or +.Dv NULL +if an error occurs. +.Pp +.Fn i2d_OCSP_REQUEST , +.Fn i2d_OCSP_SIGNATURE , +.Fn i2d_OCSP_REQINFO , +.Fn i2d_OCSP_ONEREQ , +.Fn i2d_OCSP_CERTID , +and +.Fn i2d_OCSP_SERVICELOC +return the number of bytes successfully encoded or a negative value +if an error occurs. +.Sh SEE ALSO +.Xr ASN1_item_d2i 3 , +.Xr OCSP_CERTID_new 3 , +.Xr OCSP_REQUEST_new 3 , +.Xr OCSP_SERVICELOC_new 3 +.Sh STANDARDS +RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate +Status Protocol, section 4.1: Request Syntax +.Sh HISTORY +These functions first appeared in OpenSSL 0.9.7 +and have been available since +.Ox 3.2 . diff --git a/src/lib/libcrypto/man/d2i_OCSP_RESPONSE.3 b/src/lib/libcrypto/man/d2i_OCSP_RESPONSE.3 new file mode 100644 index 00000000000..72db8ab063e --- /dev/null +++ b/src/lib/libcrypto/man/d2i_OCSP_RESPONSE.3 @@ -0,0 +1,247 @@ +.\" $OpenBSD: d2i_OCSP_RESPONSE.3,v 1.2 2018/03/22 21:08:22 schwarze Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 22 2018 $ +.Dt D2I_OCSP_RESPONSE 3 +.Os +.Sh NAME +.Nm d2i_OCSP_RESPONSE , +.Nm i2d_OCSP_RESPONSE , +.Nm d2i_OCSP_RESPBYTES , +.Nm i2d_OCSP_RESPBYTES , +.Nm d2i_OCSP_BASICRESP , +.Nm i2d_OCSP_BASICRESP , +.Nm d2i_OCSP_RESPDATA , +.Nm i2d_OCSP_RESPDATA , +.Nm d2i_OCSP_RESPID , +.Nm i2d_OCSP_RESPID , +.Nm d2i_OCSP_SINGLERESP , +.Nm i2d_OCSP_SINGLERESP , +.Nm d2i_OCSP_CERTSTATUS , +.Nm i2d_OCSP_CERTSTATUS , +.Nm d2i_OCSP_REVOKEDINFO , +.Nm i2d_OCSP_REVOKEDINFO , +.Nm d2i_OCSP_CRLID , +.Nm i2d_OCSP_CRLID +.Nd decode and encode OCSP responses +.Sh SYNOPSIS +.In openssl/ocsp.h +.Ft OCSP_RESPONSE * +.Fo d2i_OCSP_RESPONSE +.Fa "OCSP_RESPONSE **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_OCSP_RESPONSE +.Fa "OCSP_RESPONSE *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft OCSP_RESPBYTES * +.Fo d2i_OCSP_RESPBYTES +.Fa "OCSP_RESPBYTES **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_OCSP_RESPBYTES +.Fa "OCSP_RESPBYTES *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft OCSP_BASICRESP * +.Fo d2i_OCSP_BASICRESP +.Fa "OCSP_BASICRESP **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_OCSP_BASICRESP +.Fa "OCSP_BASICRESP *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft OCSP_RESPDATA * +.Fo d2i_OCSP_RESPDATA +.Fa "OCSP_RESPDATA **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_OCSP_RESPDATA +.Fa "OCSP_RESPDATA *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft OCSP_RESPID * +.Fo d2i_OCSP_RESPID +.Fa "OCSP_RESPID **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_OCSP_RESPID +.Fa "OCSP_RESPID *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft OCSP_SINGLERESP * +.Fo d2i_OCSP_SINGLERESP +.Fa "OCSP_SINGLERESP **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_OCSP_SINGLERESP +.Fa "OCSP_SINGLERESP *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft OCSP_CERTSTATUS * +.Fo d2i_OCSP_CERTSTATUS +.Fa "OCSP_CERTSTATUS **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_OCSP_CERTSTATUS +.Fa "OCSP_CERTSTATUS *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft OCSP_REVOKEDINFO * +.Fo d2i_OCSP_REVOKEDINFO +.Fa "OCSP_REVOKEDINFO **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_OCSP_REVOKEDINFO +.Fa "OCSP_REVOKEDINFO *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft OCSP_CRLID * +.Fo d2i_OCSP_CRLID +.Fa "OCSP_CRLID **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_OCSP_CRLID +.Fa "OCSP_CRLID *val_in" +.Fa "unsigned char **der_out" +.Fc +.Sh DESCRIPTION +Theses functions decode and encode ASN.1 structures used for OCSP +responses. +For details about the semantics, examples, caveats, and bugs, see +.Xr ASN1_item_d2i 3 . +.Pp +.Fn d2i_OCSP_RESPONSE +and +.Fn i2d_OCSP_RESPONSE +decode and encode an ASN.1 +.Vt OCSPResponse +structure defined in RFC 6960 section 4.2.1. +.Pp +.Fn d2i_OCSP_RESPBYTES +and +.Fn i2d_OCSP_RESPBYTES +decode and encode an ASN.1 +.Vt ResponseBytes +structure defined in RFC 6960 section 4.2.1. +.Pp +.Fn d2i_OCSP_BASICRESP +and +.Fn i2d_OCSP_BASICRESP +decode and encode an ASN.1 +.Vt BasicOCSPResponse +structure defined in RFC 6960 section 4.2.1. +.Pp +.Fn d2i_OCSP_RESPDATA +and +.Fn i2d_OCSP_RESPDATA +decode and encode an ASN.1 +.Vt ResponseData +structure defined in RFC 6960 section 4.2.1. +.Pp +.Fn d2i_OCSP_RESPID +and +.Fn i2d_OCSP_RESPID +decode and encode an ASN.1 +.Vt ResponderID +structure defined in RFC 6960 section 4.2.1. +.Pp +.Fn d2i_OCSP_SINGLERESP +and +.Fn i2d_OCSP_SINGLERESP +decode and encode an ASN.1 +.Vt SingleResponse +structure defined in RFC 6960 section 4.2.1. +.Pp +.Fn d2i_OCSP_CERTSTATUS +and +.Fn i2d_OCSP_CERTSTATUS +decode and encode an ASN.1 +.Vt CertStatus +structure defined in RFC 6960 section 4.2.1. +.Pp +.Fn d2i_OCSP_REVOKEDINFO +and +.Fn i2d_OCSP_REVOKEDINFO +decode and encode an ASN.1 +.Vt RevokedInfo +structure defined in RFC 6960 section 4.2.1. +.Pp +.Fn d2i_OCSP_CRLID +and +.Fn i2d_OCSP_CRLID +decode and encode an ASN.1 +.Vt CrlID +structure defined in RFC 6960 section 4.4.2. +.Sh RETURN VALUES +.Fn d2i_OCSP_RESPONSE , +.Fn d2i_OCSP_RESPBYTES , +.Fn d2i_OCSP_BASICRESP , +.Fn d2i_OCSP_RESPDATA , +.Fn d2i_OCSP_RESPID , +.Fn d2i_OCSP_SINGLERESP , +.Fn d2i_OCSP_CERTSTATUS , +.Fn d2i_OCSP_REVOKEDINFO , +and +.Fn d2i_OCSP_CRLID +return an object of the respective type or +.Dv NULL +if an error occurs. +.Pp +.Fn i2d_OCSP_RESPONSE , +.Fn i2d_OCSP_RESPBYTES , +.Fn i2d_OCSP_BASICRESP , +.Fn i2d_OCSP_RESPDATA , +.Fn i2d_OCSP_RESPID , +.Fn i2d_OCSP_SINGLERESP , +.Fn i2d_OCSP_CERTSTATUS , +.Fn i2d_OCSP_REVOKEDINFO , +and +.Fn i2d_OCSP_CRLID +return the number of bytes successfully encoded or a negative value +if an error occurs. +.Sh SEE ALSO +.Xr ASN1_item_d2i 3 , +.Xr OCSP_CRLID_new 3 , +.Xr OCSP_RESPONSE_new 3 , +.Xr OCSP_SINGLERESP_new 3 +.Sh STANDARDS +RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate +Status Protocol, section 4.2: Response Syntax +.Sh HISTORY +These functions first appeared in OpenSSL 0.9.7 +and have been available since +.Ox 3.2 . diff --git a/src/lib/libcrypto/man/d2i_PKCS12.3 b/src/lib/libcrypto/man/d2i_PKCS12.3 new file mode 100644 index 00000000000..55272d1f363 --- /dev/null +++ b/src/lib/libcrypto/man/d2i_PKCS12.3 @@ -0,0 +1,202 @@ +.\" $OpenBSD: d2i_PKCS12.3,v 1.2 2018/03/21 17:57:48 schwarze Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 21 2018 $ +.Dt D2I_PKCS12 3 +.Os +.Sh NAME +.Nm d2i_PKCS12 , +.Nm i2d_PKCS12 , +.Nm d2i_PKCS12_bio , +.Nm i2d_PKCS12_bio , +.Nm d2i_PKCS12_fp , +.Nm i2d_PKCS12_fp , +.Nm d2i_PKCS12_MAC_DATA , +.Nm i2d_PKCS12_MAC_DATA , +.Nm d2i_PKCS12_SAFEBAG , +.Nm i2d_PKCS12_SAFEBAG , +.Nm d2i_PKCS12_BAGS , +.Nm i2d_PKCS12_BAGS +.Nd decode and encode PKCS#12 structures +.Sh SYNOPSIS +.In openssl/pkcs12.h +.Ft PKCS12 * +.Fo d2i_PKCS12 +.Fa "PKCS12 **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_PKCS12 +.Fa "PKCS12 *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft PKCS12 * +.Fo d2i_PKCS12_bio +.Fa "BIO *in_bio" +.Fa "PKCS12 **val_out" +.Fc +.Ft int +.Fo i2d_PKCS12_bio +.Fa "BIO *out_bio" +.Fa "PKCS12 *val_in" +.Fc +.Ft PKCS12 * +.Fo d2i_PKCS12_fp +.Fa "FILE *in_fp" +.Fa "PKCS12 **val_out" +.Fc +.Ft int +.Fo i2d_PKCS12_fp +.Fa "FILE *out_fp" +.Fa "PKCS12 *val_in" +.Fc +.Ft PKCS12_MAC_DATA * +.Fo d2i_PKCS12_MAC_DATA +.Fa "PKCS12_MAC_DATA **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_PKCS12_MAC_DATA +.Fa "PKCS12_MAC_DATA *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft PKCS12_SAFEBAG * +.Fo d2i_PKCS12_SAFEBAG +.Fa "PKCS12_SAFEBAG **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_PKCS12_SAFEBAG +.Fa "PKCS12_SAFEBAG *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft PKCS12_BAGS * +.Fo d2i_PKCS12_BAGS +.Fa "PKCS12_BAGS **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_PKCS12_BAGS +.Fa "PKCS12_BAGS *val_in" +.Fa "unsigned char **der_out" +.Fc +.Sh DESCRIPTION +These functions decode and encode PKCS#12 structures. +For details about the semantics, examples, caveats, and bugs, see +.Xr ASN1_item_d2i 3 . +.Pp +.Fn d2i_PKCS12 +and +.Fn i2d_PKCS12 +decode and encode an ASN.1 +.Vt PFX +.Pq personal information exchange +structure defined in RFC 7292 section 4. +.Fn d2i_PKCS12_bio , +.Fn i2d_PKCS12_bio , +.Fn d2i_PKCS12_fp , +and +.Fn i2d_PKCS12_fp +are similar except that they decode or encode using a +.Vt BIO +or +.Vt FILE +pointer. +.Pp +.Fn d2i_PKCS12_MAC_DATA +and +.Fn i2d_PKCS12_MAC_DATA +decode and encode an ASN.1 +.Vt MacData +structure defined in RFC 7292 section 4. +.Pp +.Fn d2i_PKCS12_SAFEBAG +and +.Fn i2d_PKCS12_SAFEBAG +decode and encode an ASN.1 +.Vt SafeBag +structure defined in RFC 7292 section 4.2. +.Pp +.Fn d2i_PKCS12_BAGS +and +.Fn i2d_PKCS12_BAGS +decode and encode the bagValue field of an ASN.1 +.Vt SafeBag +structure. +.Sh RETURN VALUES +.Fn d2i_PKCS12 , +.Fn d2i_PKCS12_bio , +and +.Fn d2i_PKCS12_fp +return a +.Vt PKCS12 +object or +.Dv NULL +if an error occurs. +.Pp +.Fn d2i_PKCS12_MAC_DATA , +.Fn d2i_PKCS12_SAFEBAG , +and +.Fn d2i_PKCS12_BAGS +return a +.Vt PKCS12_MAC_DATA , +.Vt PKCS12_SAFEBAG , +or +.Vt PKCS12_BAGS +object, respectively, or +.Dv NULL +if an error occurs. +.Pp +.Fn i2d_PKCS12 , +.Fn i2d_PKCS12_MAC_DATA , +.Fn i2d_PKCS12_SAFEBAG , +and +.Fn i2d_PKCS12_BAGS +return the number of bytes successfully encoded or a negative value +if an error occurs. +.Pp +.Fn i2d_PKCS12_bio +and +.Fn i2d_PKCS12_fp +return 1 for success or 0 if an error occurs. +.Sh SEE ALSO +.Xr ASN1_item_d2i 3 , +.Xr PKCS12_create 3 , +.Xr PKCS12_new 3 , +.Xr PKCS12_parse 3 , +.Xr PKCS12_SAFEBAG_new 3 +.Sh STANDARDS +RFC 7292: PKCS #12: Personal Information Exchange Syntax +.Sh HISTORY +.Fn d2i_PKCS12 , +.Fn i2d_PKCS12 , +.Fn d2i_PKCS12_bio , +.Fn i2d_PKCS12_bio , +.Fn d2i_PKCS12_fp , +.Fn i2d_PKCS12_fp , +.Fn d2i_PKCS12_MAC_DATA , +.Fn i2d_PKCS12_MAC_DATA , +.Fn d2i_PKCS12_SAFEBAG , +.Fn i2d_PKCS12_SAFEBAG , +.Fn d2i_PKCS12_BAGS , +and +.Fn i2d_PKCS12_BAGS +first appeared in OpenSSL 0.9.3 and have been available since +.Ox 2.6 . diff --git a/src/lib/libcrypto/man/d2i_PKCS7.3 b/src/lib/libcrypto/man/d2i_PKCS7.3 new file mode 100644 index 00000000000..0581583fc7d --- /dev/null +++ b/src/lib/libcrypto/man/d2i_PKCS7.3 @@ -0,0 +1,354 @@ +.\" $OpenBSD: d2i_PKCS7.3,v 1.6 2018/03/27 17:35:50 schwarze Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt D2I_PKCS7 3 +.Os +.Sh NAME +.Nm d2i_PKCS7 , +.Nm i2d_PKCS7 , +.Nm d2i_PKCS7_bio , +.Nm i2d_PKCS7_bio , +.Nm d2i_PKCS7_fp , +.Nm i2d_PKCS7_fp , +.Nm i2d_PKCS7_NDEF , +.Nm d2i_PKCS7_DIGEST , +.Nm i2d_PKCS7_DIGEST , +.Nm d2i_PKCS7_ENCRYPT , +.Nm i2d_PKCS7_ENCRYPT , +.Nm d2i_PKCS7_ENC_CONTENT , +.Nm i2d_PKCS7_ENC_CONTENT , +.Nm d2i_PKCS7_ENVELOPE , +.Nm i2d_PKCS7_ENVELOPE , +.Nm d2i_PKCS7_ISSUER_AND_SERIAL , +.Nm i2d_PKCS7_ISSUER_AND_SERIAL , +.Nm d2i_PKCS7_RECIP_INFO , +.Nm i2d_PKCS7_RECIP_INFO , +.Nm d2i_PKCS7_SIGNED , +.Nm i2d_PKCS7_SIGNED , +.Nm d2i_PKCS7_SIGNER_INFO , +.Nm i2d_PKCS7_SIGNER_INFO , +.Nm d2i_PKCS7_SIGN_ENVELOPE , +.Nm i2d_PKCS7_SIGN_ENVELOPE +.Nd decode and encode PKCS#7 data structures +.Sh SYNOPSIS +.In openssl/pkcs7.h +.Ft PKCS7 * +.Fo d2i_PKCS7 +.Fa "PKCS7 **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_PKCS7 +.Fa "PKCS7 *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft PKCS7 * +.Fo d2i_PKCS7_bio +.Fa "BIO *in_bio" +.Fa "PKCS7 **val_out" +.Fc +.Ft int +.Fo i2d_PKCS7_bio +.Fa "BIO *out_bio" +.Fa "PKCS7 *val_in" +.Fc +.Ft PKCS7 * +.Fo d2i_PKCS7_fp +.Fa "FILE *in_fp" +.Fa "PKCS7 **val_out" +.Fc +.Ft int +.Fo i2d_PKCS7_fp +.Fa "FILE *out_fp" +.Fa "PKCS7 *val_in" +.Fc +.Ft int +.Fo i2d_PKCS7_NDEF +.Fa "PKCS7 *val_in" +.Fa "unsigned char **ber_out" +.Fc +.Ft PKCS7_DIGEST * +.Fo d2i_PKCS7_DIGEST +.Fa "PKCS7_DIGEST **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_PKCS7_DIGEST +.Fa "PKCS7_DIGEST *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft PKCS7_ENCRYPT * +.Fo d2i_PKCS7_ENCRYPT +.Fa "PKCS7_ENCRYPT **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_PKCS7_ENCRYPT +.Fa "PKCS7_ENCRYPT *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft PKCS7_ENC_CONTENT * +.Fo d2i_PKCS7_ENC_CONTENT +.Fa "PKCS7_ENC_CONTENT **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_PKCS7_ENC_CONTENT +.Fa "PKCS7_ENC_CONTENT *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft PKCS7_ENVELOPE * +.Fo d2i_PKCS7_ENVELOPE +.Fa "PKCS7_ENVELOPE **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_PKCS7_ENVELOPE +.Fa "PKCS7_ENVELOPE *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft PKCS7_ISSUER_AND_SERIAL * +.Fo d2i_PKCS7_ISSUER_AND_SERIAL +.Fa "PKCS7_ISSUER_AND_SERIAL **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_PKCS7_ISSUER_AND_SERIAL +.Fa "PKCS7_ISSUER_AND_SERIAL *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft PKCS7_RECIP_INFO * +.Fo d2i_PKCS7_RECIP_INFO +.Fa "PKCS7_RECIP_INFO **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_PKCS7_RECIP_INFO +.Fa "PKCS7_RECIP_INFO *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft PKCS7_SIGNED * +.Fo d2i_PKCS7_SIGNED +.Fa "PKCS7_SIGNED **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_PKCS7_SIGNED +.Fa "PKCS7_SIGNED *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft PKCS7_SIGNER_INFO * +.Fo d2i_PKCS7_SIGNER_INFO +.Fa "PKCS7_SIGNER_INFO **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_PKCS7_SIGNER_INFO +.Fa "PKCS7_SIGNER_INFO *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft PKCS7_SIGN_ENVELOPE * +.Fo d2i_PKCS7_SIGN_ENVELOPE +.Fa "PKCS7_SIGN_ENVELOPE **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_PKCS7_SIGN_ENVELOPE +.Fa "PKCS7_SIGN_ENVELOPE *val_in" +.Fa "unsigned char **der_out" +.Fc +.Sh DESCRIPTION +These functions decode and encode PKCS#7 data structures. +For details about the semantics, examples, caveats, and bugs, see +.Xr ASN1_item_d2i 3 . +.Pp +.Fn d2i_PKCS7 +and +.Fn i2d_PKCS7 +decode and encode an ASN.1 +.Vt ContentInfo +structure defined in RFC 2315 section 7. +.Fn d2i_PKCS7_bio , +.Fn i2d_PKCS7_bio , +.Fn d2i_PKCS7_fp , +and +.Fn i2d_PKCS7_fp +are similar except that they decode or encode using a +.Vt BIO +or +.Vt FILE +pointer. +.Pp +.Fn i2d_PKCS7_NDEF +is similar to +.Fn i2d_PKCS7 +except that it encodes using BER rather than DER, using the indefinite +length form where appropriate. +.Pp +.Fn d2i_PKCS7_DIGEST +and +.Fn i2d_PKCS7_DIGEST +decode and encode an ASN.1 +.Vt DigestedData +structure defined in RFC 2315 section 12. +.Pp +.Fn d2i_PKCS7_ENCRYPT +and +.Fn i2d_PKCS7_ENCRYPT +decode and encode an ASN.1 +.Vt EncryptedData +structure defined in RFC 2315 section 13. +.Pp +.Fn d2i_PKCS7_ENC_CONTENT +and +.Fn i2d_PKCS7_ENC_CONTENT +decode and encode an ASN.1 +.Vt EncryptedContentInfo +structure defined in RFC 2315 section 10.1. +.Pp +.Fn d2i_PKCS7_ENVELOPE +and +.Fn i2d_PKCS7_ENVELOPE +decode and encode an ASN.1 +.Vt EnvelopedData +structure defined in RFC 2315 section 10. +.Pp +.Fn d2i_PKCS7_ISSUER_AND_SERIAL +and +.Fn i2d_PKCS7_ISSUER_AND_SERIAL +decode and encode an ASN.1 +.Vt IssuerAndSerialNumber +structure defined in RFC 2315 section 6.7. +.Pp +.Fn d2i_PKCS7_RECIP_INFO +and +.Fn i2d_PKCS7_RECIP_INFO +decode and encode an ASN.1 +.Vt RecipientInfo +structure defined in RFC 2315 section 10.2. +.Pp +.Fn d2i_PKCS7_SIGNED +and +.Fn i2d_PKCS7_SIGNED +decode and encode an ASN.1 +.Vt SignedData +structure defined in RFC 2315 section 9. +.Pp +.Fn d2i_PKCS7_SIGNER_INFO +and +.Fn i2d_PKCS7_SIGNER_INFO +decode and encode an ASN.1 +.Vt SignerInfo +structure defined in RFC 2315 section 9.2. +.Pp +.Fn d2i_PKCS7_SIGN_ENVELOPE +and +.Fn i2d_PKCS7_SIGN_ENVELOPE +decode and encode an ASN.1 +.Vt SignedAndEnvelopedData +structure defined in RFC 2315 section 11. +.Sh RETURN VALUES +.Fn d2i_PKCS7 , +.Fn d2i_PKCS7_bio , +and +.Fn d2i_PKCS7_fp +return a +.Vt PKCS7 +object or +.Dv NULL +if an error occurs. +.Pp +.Fn d2i_PKCS7_DIGEST , +.Fn d2i_PKCS7_ENCRYPT , +.Fn d2i_PKCS7_ENC_CONTENT , +.Fn d2i_PKCS7_ENVELOPE , +.Fn d2i_PKCS7_ISSUER_AND_SERIAL , +.Fn d2i_PKCS7_RECIP_INFO , +.Fn d2i_PKCS7_SIGNED , +.Fn d2i_PKCS7_SIGNER_INFO , +and +.Fn d2i_PKCS7_SIGN_ENVELOPE +return an object of the respective type or +.Dv NULL +if an error occurs. +.Pp +.Fn i2d_PKCS7 , +.Fn i2d_PKCS7_NDEF , +.Fn i2d_PKCS7_DIGEST , +.Fn i2d_PKCS7_ENCRYPT , +.Fn i2d_PKCS7_ENC_CONTENT , +.Fn i2d_PKCS7_ENVELOPE , +.Fn i2d_PKCS7_ISSUER_AND_SERIAL , +.Fn i2d_PKCS7_RECIP_INFO , +.Fn i2d_PKCS7_SIGNED , +.Fn i2d_PKCS7_SIGNER_INFO , +and +.Fn i2d_PKCS7_SIGN_ENVELOPE +return the number of bytes successfully encoded or a negative value +if an error occurs. +.Pp +.Fn i2d_PKCS7_bio +and +.Fn i2d_PKCS7_fp +return 1 for success or 0 if an error occurs. +.Sh SEE ALSO +.Xr ASN1_item_d2i 3 , +.Xr i2d_PKCS7_bio_stream 3 , +.Xr PEM_write_bio_PKCS7_stream 3 , +.Xr PEM_write_PKCS7 3 , +.Xr PKCS7_new 3 , +.Xr SMIME_write_PKCS7 3 +.Sh STANDARDS +RFC 2315: PKCS #7: Cryptographic Message Syntax Version 1.5 +.Sh HISTORY +.Fn d2i_PKCS7 , +.Fn i2d_PKCS7 , +.Fn d2i_PKCS7_bio , +.Fn i2d_PKCS7_bio , +.Fn d2i_PKCS7_fp , +.Fn i2d_PKCS7_fp , +.Fn d2i_PKCS7_DIGEST , +.Fn i2d_PKCS7_DIGEST , +.Fn d2i_PKCS7_ENCRYPT , +.Fn i2d_PKCS7_ENCRYPT , +.Fn d2i_PKCS7_ENC_CONTENT , +.Fn i2d_PKCS7_ENC_CONTENT , +.Fn d2i_PKCS7_ENVELOPE , +.Fn i2d_PKCS7_ENVELOPE , +.Fn d2i_PKCS7_ISSUER_AND_SERIAL , +.Fn i2d_PKCS7_ISSUER_AND_SERIAL , +.Fn d2i_PKCS7_RECIP_INFO , +.Fn i2d_PKCS7_RECIP_INFO , +.Fn d2i_PKCS7_SIGNED , +.Fn i2d_PKCS7_SIGNED , +.Fn d2i_PKCS7_SIGNER_INFO , +.Fn i2d_PKCS7_SIGNER_INFO , +.Fn d2i_PKCS7_SIGN_ENVELOPE , +and +.Fn i2d_PKCS7_SIGN_ENVELOPE +first appeared in SSLeay 0.5.1 and have been available since +.Ox 2.4 . diff --git a/src/lib/libcrypto/man/d2i_PKCS8PrivateKey_bio.3 b/src/lib/libcrypto/man/d2i_PKCS8PrivateKey_bio.3 new file mode 100644 index 00000000000..9ac275e2a60 --- /dev/null +++ b/src/lib/libcrypto/man/d2i_PKCS8PrivateKey_bio.3 @@ -0,0 +1,178 @@ +.\" $OpenBSD: d2i_PKCS8PrivateKey_bio.3,v 1.10 2018/03/22 16:06:33 schwarze Exp $ +.\" full merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2002, 2016, 2017 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 22 2018 $ +.Dt D2I_PKCS8PRIVATEKEY_BIO 3 +.Os +.Sh NAME +.Nm d2i_PKCS8PrivateKey_bio , +.Nm d2i_PKCS8PrivateKey_fp , +.Nm i2d_PKCS8PrivateKey_bio , +.Nm i2d_PKCS8PrivateKey_fp , +.Nm i2d_PKCS8PrivateKey_nid_bio , +.Nm i2d_PKCS8PrivateKey_nid_fp +.Nd PKCS#8 format private key functions +.Sh SYNOPSIS +.In openssl/evp.h +.Ft EVP_PKEY * +.Fo d2i_PKCS8PrivateKey_bio +.Fa "BIO *bp" +.Fa "EVP_PKEY **x" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft EVP_PKEY * +.Fo d2i_PKCS8PrivateKey_fp +.Fa "FILE *fp" +.Fa "EVP_PKEY **x" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft int +.Fo i2d_PKCS8PrivateKey_bio +.Fa "BIO *bp" +.Fa "EVP_PKEY *x" +.Fa "const EVP_CIPHER *enc" +.Fa "char *kstr" +.Fa "int klen" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft int +.Fo i2d_PKCS8PrivateKey_fp +.Fa "FILE *fp" +.Fa "EVP_PKEY *x" +.Fa "const EVP_CIPHER *enc" +.Fa "char *kstr" +.Fa "int klen" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft int +.Fo i2d_PKCS8PrivateKey_nid_bio +.Fa "BIO *bp" +.Fa "EVP_PKEY *x" +.Fa "int nid" +.Fa "char *kstr" +.Fa "int klen" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft int +.Fo i2d_PKCS8PrivateKey_nid_fp +.Fa "FILE *fp" +.Fa "EVP_PKEY *x" +.Fa "int nid" +.Fa "char *kstr" +.Fa "int klen" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Sh DESCRIPTION +The PKCS#8 functions encode and decode private keys in PKCS#8 format +using both PKCS#5 v1.5 and PKCS#5 v2.0 password based encryption +algorithms. +.Pp +Other than the use of DER as opposed to PEM these functions are +identical to the corresponding functions described in +.Xr PEM_read_PrivateKey 3 . +.Pp +Before using these functions, +.Xr OpenSSL_add_all_algorithms 3 +should be called to initialize the internal algorithm lookup tables. +Otherwise errors about unknown algorithms will occur if an attempt is +made to decrypt a private key. +.Pp +These functions are currently the only way to store encrypted private +keys using DER format. +.Pp +Currently all the functions use +.Vt BIO +or +.Vt FILE +pointers. +There are no functions which work directly on memory, +though this can be readily worked around +by converting the buffers to memory BIOs; +see +.Xr BIO_s_mem 3 +for details. +.Sh RETURN VALUES +.Fn d2i_PKCS8PrivateKey_bio +and +.Fn d2i_PKCS8PrivateKey_fp +return a +.Vt EVP_PKEY +object or +.Dv NULL +if an error occurs. +.Pp +.Fn i2d_PKCS8PrivateKey_bio , +.Fn i2d_PKCS8PrivateKey_fp , +.Fn i2d_PKCS8PrivateKey_nid_bio , +and +.Fn i2d_PKCS8PrivateKey_nid_fp +return 1 on success or 0 on error. +.Sh SEE ALSO +.Xr d2i_X509_SIG 3 , +.Xr PEM_write_PKCS8PrivateKey 3 , +.Xr PKCS8_PRIV_KEY_INFO_new 3 +.Sh HISTORY +These functions first appeared in OpenSSL 0.9.5 +and have been available since +.Ox 2.7 . +.Sh CAVEATS +Do not confuse these functions with +.Xr i2d_PKCS8PrivateKeyInfo_bio 3 +and +.Xr i2d_PKCS8PrivateKeyInfo_fp 3 , +which write out private keys in +.Sy unencrypted +DER format. diff --git a/src/lib/libcrypto/man/d2i_PKCS8_PRIV_KEY_INFO.3 b/src/lib/libcrypto/man/d2i_PKCS8_PRIV_KEY_INFO.3 new file mode 100644 index 00000000000..1ac0f2c3084 --- /dev/null +++ b/src/lib/libcrypto/man/d2i_PKCS8_PRIV_KEY_INFO.3 @@ -0,0 +1,127 @@ +.\" $OpenBSD: d2i_PKCS8_PRIV_KEY_INFO.3,v 1.3 2018/03/21 21:18:08 schwarze Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 21 2018 $ +.Dt D2I_PKCS8_PRIV_KEY_INFO 3 +.Os +.Sh NAME +.Nm d2i_PKCS8_PRIV_KEY_INFO , +.Nm i2d_PKCS8_PRIV_KEY_INFO , +.Nm d2i_PKCS8_PRIV_KEY_INFO_bio , +.Nm i2d_PKCS8_PRIV_KEY_INFO_bio , +.Nm d2i_PKCS8_PRIV_KEY_INFO_fp , +.Nm i2d_PKCS8_PRIV_KEY_INFO_fp +.Nd decode and encode PKCS#8 private key +.Sh SYNOPSIS +.In openssl/x509.h +.Ft PKCS8_PRIV_KEY_INFO * +.Fo d2i_PKCS8_PRIV_KEY_INFO +.Fa "PKCS8_PRIV_KEY_INFO **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_PKCS8_PRIV_KEY_INFO +.Fa "PKCS8_PRIV_KEY_INFO *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft PKCS8_PRIV_KEY_INFO * +.Fo d2i_PKCS8_PRIV_KEY_INFO_bio +.Fa "BIO *in_bio" +.Fa "PKCS8_PRIV_KEY_INFO **val_out" +.Fc +.Ft int +.Fo i2d_PKCS8_PRIV_KEY_INFO_bio +.Fa "BIO *out_bio" +.Fa "PKCS8_PRIV_KEY_INFO *val_in" +.Fc +.Ft PKCS8_PRIV_KEY_INFO * +.Fo d2i_PKCS8_PRIV_KEY_INFO_fp +.Fa "FILE *in_fp" +.Fa "PKCS8_PRIV_KEY_INFO **val_out" +.Fc +.Ft int +.Fo i2d_PKCS8_PRIV_KEY_INFO_fp +.Fa "BIO *out_fp" +.Fa "PKCS8_PRIV_KEY_INFO *val_in" +.Fc +.Sh DESCRIPTION +.Fn d2i_PKCS8_PRIV_KEY_INFO +and +.Fn i2d_PKCS8_PRIV_KEY_INFO +decode and encode an ASN.1 +.Vt PrivateKeyInfo +structure defined in RFC 5208 section 5. +.Pp +.Fn d2i_PKCS8_PRIV_KEY_INFO_bio , +.Fn i2d_PKCS8_PRIV_KEY_INFO_bio , +.Fn d2i_PKCS8_PRIV_KEY_INFO_fp , +and +.Fn i2d_PKCS8_PRIV_KEY_INFO_fp +are similar except that they decode or encode using a +.Vt BIO +or +.Vt FILE +pointer. +.Pp +For details about the semantics, examples, caveats, and bugs, see +.Xr ASN1_item_d2i 3 . +.Pp +These functions all use unencrypted DER format. +To store private keys in encrypted form, consider +.Xr d2i_PKCS8PrivateKey_bio 3 +or +.Xr PEM_write_PKCS8PrivateKey 3 . +.Sh RETURN VALUES +.Fn d2i_PKCS8_PRIV_KEY_INFO , +.Fn d2i_PKCS8_PRIV_KEY_INFO_bio , +and +.Fn d2i_PKCS8_PRIV_KEY_INFO_fp +return a +.Vt PKCS8_PRIV_KEY_INFO +object or +.Dv NULL +if an error occurs. +.Pp +.Fn i2d_PKCS8_PRIV_KEY_INFO +returns the number of bytes successfully encoded or a negative value +if an error occurs. +.Pp +.Fn i2d_PKCS8_PRIV_KEY_INFO_bio +and +.Fn i2d_PKCS8_PRIV_KEY_INFO_fp +return 1 for success or 0 if an error occurs. +.Sh SEE ALSO +.Xr ASN1_item_d2i 3 , +.Xr d2i_PKCS8PrivateKey_bio 3 , +.Xr d2i_PrivateKey 3 , +.Xr PEM_write_PKCS8_PRIV_KEY_INFO 3 , +.Xr PKCS8_PRIV_KEY_INFO_new 3 +.Sh STANDARDS +RFC 5208: PKCS#8: Private-Key Information Syntax Specification +.Sh HISTORY +.Fn d2i_PKCS8_PRIV_KEY_INFO +and +.Fn i2d_PKCS8_PRIV_KEY_INFO +first appeared in OpenSSL 0.9.3. +.Fn d2i_PKCS8_PRIV_KEY_INFO_bio , +.Fn i2d_PKCS8_PRIV_KEY_INFO_bio , +.Fn d2i_PKCS8_PRIV_KEY_INFO_fp , +and +.Fn i2d_PKCS8_PRIV_KEY_INFO_fp +first appeared in OpenSSL 0.9.4. +All these functions have been available since +.Ox 2.6 . diff --git a/src/lib/libcrypto/man/d2i_PKEY_USAGE_PERIOD.3 b/src/lib/libcrypto/man/d2i_PKEY_USAGE_PERIOD.3 new file mode 100644 index 00000000000..df8639264cd --- /dev/null +++ b/src/lib/libcrypto/man/d2i_PKEY_USAGE_PERIOD.3 @@ -0,0 +1,74 @@ +.\" $OpenBSD: d2i_PKEY_USAGE_PERIOD.3,v 1.2 2018/03/21 16:09:51 schwarze Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 21 2018 $ +.Dt D2I_PKEY_USAGE_PERIOD 3 +.Os +.Sh NAME +.Nm d2i_PKEY_USAGE_PERIOD , +.Nm i2d_PKEY_USAGE_PERIOD +.Nd decode and encode X.509 key usage period extensions +.Sh SYNOPSIS +.In openssl/x509v3.h +.Ft PKEY_USAGE_PERIOD * +.Fo d2i_PKEY_USAGE_PERIOD +.Fa "PKEY_USAGE_PERIOD **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_PKEY_USAGE_PERIOD +.Fa "PKEY_USAGE_PERIOD *val_in" +.Fa "unsigned char **der_out" +.Fc +.Sh DESCRIPTION +.Fn d2i_PKEY_USAGE_PERIOD +and +.Fn i2d_PKEY_USAGE_PERIOD +decode and encode an ASN.1 +.Vt PrivateKeyUsagePeriod +structure defined in RFC 3280 section 4.2.1.4. +For details about the semantics, examples, caveats, and bugs, see +.Xr ASN1_item_d2i 3 . +.Sh RETURN VALUES +.Fn d2i_PKEY_USAGE_PERIOD +returns a +.Vt PKEY_USAGE_PERIOD +object or +.Dv NULL +if an error occurs. +.Pp +.Fn i2d_PKEY_USAGE_PERIOD +returns the number of bytes successfully encoded or a negative value +if an error occurs. +.Sh SEE ALSO +.Xr ASN1_item_d2i 3 , +.Xr PKEY_USAGE_PERIOD_new 3 , +.Xr X509_EXTENSION_new 3 +.Sh STANDARDS +RFC 3280: Internet X.509 Public Key Infrastructure Certificate and +Certificate Revocation List (CRL) Profile, +section 4.2.1.4: Private Key Usage Period +.Pp +RFC 3280 was obsoleted by RFC 5280; see +.Xr PKEY_USAGE_PERIOD_new 3 +for details. +.Sh HISTORY +.Fn d2i_PKEY_USAGE_PERIOD +and +.Fn i2d_PKEY_USAGE_PERIOD +first appeared in OpenSSL 0.9.2b and have been available since +.Ox 2.6 . diff --git a/src/lib/libcrypto/man/d2i_POLICYINFO.3 b/src/lib/libcrypto/man/d2i_POLICYINFO.3 new file mode 100644 index 00000000000..bae78b17c7e --- /dev/null +++ b/src/lib/libcrypto/man/d2i_POLICYINFO.3 @@ -0,0 +1,165 @@ +.\" $OpenBSD: d2i_POLICYINFO.3,v 1.2 2018/03/21 17:57:48 schwarze Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 21 2018 $ +.Dt D2I_POLICYINFO 3 +.Os +.Sh NAME +.Nm d2i_POLICYINFO , +.Nm i2d_POLICYINFO , +.Nm d2i_CERTIFICATEPOLICIES , +.Nm i2d_CERTIFICATEPOLICIES , +.Nm d2i_POLICYQUALINFO , +.Nm i2d_POLICYQUALINFO , +.Nm d2i_USERNOTICE , +.Nm i2d_USERNOTICE , +.Nm d2i_NOTICEREF , +.Nm i2d_NOTICEREF +.Nd decode and encode X.509 certificate policies +.Sh SYNOPSIS +.In openssl/x509v3.h +.Ft POLICYINFO * +.Fo d2i_POLICYINFO +.Fa "POLICYINFO **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_POLICYINFO +.Fa "POLICYINFO *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft CERTIFICATEPOLICIES * +.Fo d2i_CERTIFICATEPOLICIES +.Fa "CERTIFICATEPOLICIES **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_CERTIFICATEPOLICIES +.Fa "CERTIFICATEPOLICIES *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft POLICYQUALINFO * +.Fo d2i_POLICYQUALINFO +.Fa "POLICYQUALINFO **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_POLICYQUALINFO +.Fa "POLICYQUALINFO *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft USERNOTICE * +.Fo d2i_USERNOTICE +.Fa "USERNOTICE **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_USERNOTICE +.Fa "USERNOTICE *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft NOTICEREF * +.Fo d2i_NOTICEREF +.Fa "NOTICEREF **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_NOTICEREF +.Fa "NOTICEREF *val_in" +.Fa "unsigned char **der_out" +.Fc +.Sh DESCRIPTION +These functions decode and encode X.509 certificate policies. +For details about the semantics, examples, caveats, and bugs, see +.Xr ASN1_item_d2i 3 . +.Pp +.Fn d2i_POLICYINFO +and +.Fn i2d_POLICYINFO +decode and encode an ASN.1 +.Vt PolicyInformation +structure defined in RFC 5280 section 4.2.1.4. +.Pp +.Fn d2i_CERTIFICATEPOLICIES +and +.Fn i2d_CERTIFICATEPOLICIES +decode and encode an ASN.1 +.Vt CertificatePolicies +structure defined in RFC 5280 section 4.2.1.4. +.Pp +.Fn d2i_POLICYQUALINFO +and +.Fn i2d_POLICYQUALINFO +decode and encode an ASN.1 +.Vt PolicyQualifierInfo +structure defined in RFC 5280 section 4.2.1.4. +.Pp +.Fn d2i_USERNOTICE +and +.Fn i2d_USERNOTICE +decode and encode an ASN.1 +.Vt UserNotice +structure defined in RFC 5280 section 4.2.1.4. +.Pp +.Fn d2i_NOTICEREF +and +.Fn i2d_NOTICEREF +decode and encode an ASN.1 +.Vt NoticeReference +structure defined in RFC 5280 section 4.2.1.4. +.Sh RETURN VALUES +.Fn d2i_POLICYINFO , +.Fn d2i_CERTIFICATEPOLICIES , +.Fn d2i_POLICYQUALINFO , +.Fn d2i_USERNOTICE , +and +.Fn d2i_NOTICEREF +return a +.Vt POLICYINFO , +.Vt CERTIFICATEPOLICIES , +.Vt POLICYQUALINFO , +.Vt USERNOTICE , +or +.Vt NOTICEREF +object, respectively, or +.Dv NULL +if an error occurs. +.Pp +.Fn i2d_POLICYINFO , +.Fn i2d_CERTIFICATEPOLICIES , +.Fn i2d_POLICYQUALINFO , +.Fn i2d_USERNOTICE , +and +.Fn i2d_NOTICEREF +return the number of bytes successfully encoded or a negative value +if an error occurs. +.Sh SEE ALSO +.Xr ASN1_item_d2i 3 , +.Xr POLICYINFO_new 3 , +.Xr X509_EXTENSION_new 3 +.Sh STANDARDS +RFC 5280: Internet X.509 Public Key Infrastructure Certificate and +Certificate Revocation List (CRL) Profile, +section 4.2.1.4: Certificate Policies +.Sh HISTORY +These functions first appeared in OpenSSL 0.9.3 +and have been available since +.Ox 2.6 . diff --git a/src/lib/libcrypto/man/d2i_PROXY_POLICY.3 b/src/lib/libcrypto/man/d2i_PROXY_POLICY.3 new file mode 100644 index 00000000000..794c6edcecd --- /dev/null +++ b/src/lib/libcrypto/man/d2i_PROXY_POLICY.3 @@ -0,0 +1,97 @@ +.\" $OpenBSD: d2i_PROXY_POLICY.3,v 1.2 2018/03/22 22:07:12 schwarze Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 22 2018 $ +.Dt D2I_PROXY_POLICY 3 +.Os +.Sh NAME +.Nm d2i_PROXY_POLICY , +.Nm i2d_PROXY_POLICY , +.Nm d2i_PROXY_CERT_INFO_EXTENSION , +.Nm i2d_PROXY_CERT_INFO_EXTENSION +.Nd decode and encode X.509 proxy certificate extensions +.Sh SYNOPSIS +.In openssl/x509v3.h +.Ft PROXY_POLICY * +.Fo d2i_PROXY_POLICY +.Fa "PROXY_POLICY **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_PROXY_POLICY +.Fa "PROXY_POLICY *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft PROXY_CERT_INFO_EXTENSION * +.Fo d2i_PROXY_CERT_INFO_EXTENSION +.Fa "PROXY_CERT_INFO_EXTENSION **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_PROXY_CERT_INFO_EXTENSION +.Fa "PROXY_CERT_INFO_EXTENSION *val_in" +.Fa "unsigned char **der_out" +.Fc +.Sh DESCRIPTION +These functions encode and decode X.509 extensions that decide +whether a certificate is a proxy certificate, and which policies +apply to it. +For details about the semantics, examples, caveats, and bugs, see +.Xr ASN1_item_d2i 3 . +.Pp +.Fn d2i_PROXY_POLICY +and +.Fn i2d_PROXY_POLICY +decode and encode an ASN.1 +.Vt ProxyPolicy +structure defined in RFC 3820 section 3.8. +.Pp +.Fn d2i_PROXY_CERT_INFO_EXTENSION +and +.Fn i2d_PROXY_CERT_INFO_EXTENSION +decode and encode an ASN.1 +.Vt ProxyCertInfo +structure defined in RFC 3820 section 3.8. +.Sh RETURN VALUES +.Fn d2i_PROXY_POLICY +and +.Fn d2i_PROXY_CERT_INFO_EXTENSION +return a +.Vt PROXY_POLICY +or +.Vt PROXY_CERT_INFO_EXTENSION +object, respectively, or +.Dv NULL +if an error occurs. +.Pp +.Fn i2d_PROXY_POLICY +and +.Fn i2d_PROXY_CERT_INFO_EXTENSION +return the number of bytes successfully encoded or a negative value +if an error occurs. +.Sh SEE ALSO +.Xr ASN1_item_d2i 3 , +.Xr PROXY_POLICY_new 3 , +.Xr X509_EXTENSION_new 3 +.Sh STANDARDS +RFC 3820: Internet X.509 Public Key Infrastructure (PKI) Proxy +Certificate Profile +.Sh HISTORY +These functions first appeared in OpenSSL 0.9.7g +and have been available since +.Ox 3.8 . diff --git a/src/lib/libcrypto/man/d2i_PrivateKey.3 b/src/lib/libcrypto/man/d2i_PrivateKey.3 new file mode 100644 index 00000000000..85b46d44a08 --- /dev/null +++ b/src/lib/libcrypto/man/d2i_PrivateKey.3 @@ -0,0 +1,286 @@ +.\" $OpenBSD: d2i_PrivateKey.3,v 1.8 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file is a derived work. +.\" The changes are covered by the following Copyright and license: +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" The original file was written by Dr. Stephen Henson . +.\" Copyright (c) 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt D2I_PRIVATEKEY 3 +.Os +.Sh NAME +.Nm d2i_PrivateKey , +.Nm d2i_AutoPrivateKey , +.Nm i2d_PrivateKey , +.Nm d2i_PrivateKey_bio , +.Nm d2i_PrivateKey_fp , +.Nm i2d_PKCS8PrivateKeyInfo_bio , +.Nm i2d_PKCS8PrivateKeyInfo_fp , +.Nm d2i_PublicKey , +.Nm i2d_PublicKey +.Nd decode and encode EVP_PKEY objects +.Sh SYNOPSIS +.In openssl/evp.h +.Ft EVP_PKEY * +.Fo d2i_PrivateKey +.Fa "int type" +.Fa "EVP_PKEY **val_out" +.Fa "const unsigned char **des_in" +.Fa "long length" +.Fc +.Ft EVP_PKEY * +.Fo d2i_AutoPrivateKey +.Fa "EVP_PKEY **val_out" +.Fa "const unsigned char **des_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_PrivateKey +.Fa "EVP_PKEY *val_in" +.Fa "unsigned char **des_out" +.Fc +.Ft EVP_PKEY * +.Fo d2i_PrivateKey_bio +.Fa "BIO *in_bio" +.Fa "EVP_PKEY **val_out" +.Fc +.Ft EVP_PKEY * +.Fo d2i_PrivateKey_fp +.Fa "FILE *in_fp" +.Fa "EVP_PKEY **val_out" +.Fc +.Ft int +.Fo i2d_PKCS8PrivateKeyInfo_bio +.Fa "BIO *out_bio" +.Fa "EVP_PKEY *val_in" +.Fc +.Ft int +.Fo i2d_PKCS8PrivateKeyInfo_fp +.Fa "FILE *out_fp" +.Fa "EVP_PKEY *val_in" +.Fc +.Ft EVP_PKEY * +.Fo d2i_PublicKey +.Fa "int type" +.Fa "EVP_PKEY **val_out" +.Fa "const unsigned char **des_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_PublicKey +.Fa "EVP_PKEY *val_in" +.Fa "unsigned char **des_out" +.Fc +.Sh DESCRIPTION +These are algorithm-independent interfaces to decode and encode +private and public keys. +For details about the semantics, examples, caveats, and bugs, see +.Xr ASN1_item_d2i 3 . +.Pp +.Fn d2i_PrivateKey +decodes a private key using algorithm +.Fa type . +It attempts to use any algorithm specific format or the PKCS#8 unencrypted +.Vt PrivateKeyInfo +format defined in RFC 5208 section 5. +The +.Fa type +parameter should be a public key algorithm constant such as +.Dv EVP_PKEY_RSA . +An error occurs if the decoded key does not match +.Fa type . +.Pp +.Fn d2i_AutoPrivateKey +is similar to +.Fn d2i_PrivateKey +except that it attempts to automatically detect the algorithm. +.Pp +.Fn d2i_PrivateKey_bio +and +.Fn d2i_PrivateKey_fp +are similar to +.Fn d2i_PrivateKey +except that they read from a +.Vt BIO +or +.Vt FILE +pointer. +.Pp +.Fn i2d_PrivateKey +encodes +.Fa val_in . +It uses an algorithm specific format or, if none is defined for +that key type, the PKCS#8 unencrypted +.Vt PrivateKeyInfo +format. +.Pp +.Fn i2d_PKCS8PrivateKeyInfo_bio +and +.Fn i2d_PKCS8PrivateKeyInfo_fp +encode +.Fa val_in +in PKCS#8 unencrypted +.Vt PrivateKeyInfo +format. +They are similar to +.Fn i2d_PrivateKey +except that they don't use any algorithm-specific formats +and that they write to a +.Vt BIO +or +.Vt FILE +pointer rather than to a buffer. +.Pp +All these functions use DER format and unencrypted keys. +Applications wishing to encrypt or decrypt private keys should use other +functions such as +.Xr d2i_PKCS8PrivateKey_bio 3 +instead. +.Pp +If +.Pf * Fa val_out +is not +.Dv NULL +when calling +.Fn d2i_PrivateKey +or +.Fn d2i_AutoPrivateKey +(i.e. an existing structure is being reused) and the key format is +PKCS#8, then +.Pf * Fa val_out +will be freed and replaced on a successful call. +.Pp +.Fn d2i_PublicKey +calls +.Xr d2i_DSAPublicKey 3 , +.Xr o2i_ECPublicKey 3 , +or +.Xr d2i_RSAPublicKey 3 +depending on +.Fa type +and stores the result in the returned +.Vt EVP_PKEY +object. +.Pp +.Fn i2d_PublicKey +calls +.Xr i2d_DSAPublicKey 3 , +.Xr i2o_ECPublicKey 3 , +or +.Xr i2d_RSAPublicKey 3 +depending on the algorithm used by +.Fa val_in . +.Sh RETURN VALUES +.Fn d2i_PrivateKey , +.Fn d2i_AutoPrivateKey , +.Fn d2i_PrivateKey_bio , +.Fn d2i_PrivateKey_fp , +and +.Fn d2i_PublicKey +return a valid +.Vt EVP_PKEY +structure or +.Dv NULL +if an error occurs. +.Pp +.Fn i2d_PrivateKey +and +.Fn i2d_PublicKey +return the number of bytes successfully encoded or a negative value if +an error occurs. +.Pp +.Fn i2d_PKCS8PrivateKeyInfo_bio +and +.Fn i2d_PKCS8PrivateKeyInfo_fp +return 1 for success or 0 if an error occurs. +.Pp +For all functions, the error code can be obtained by calling +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr d2i_PKCS8_PRIV_KEY_INFO 3 , +.Xr d2i_PKCS8PrivateKey_bio 3 , +.Xr EVP_PKEY_type 3 , +.Xr PEM_write_PrivateKey 3 , +.Xr PKCS8_PRIV_KEY_INFO_new 3 +.Sh STANDARDS +RFC 5208: Public-Key Cryptography Standards (PKCS) #8: Private-Key +Information Syntax Specification +.Sh HISTORY +.Fn d2i_PrivateKey , +.Fn i2d_PrivateKey , +.Fn d2i_PublicKey , +and +.Fn i2d_PublicKey +first appeared in SSLeay 0.6.0 and have been available since +.Ox 2.4 . +.Pp +.Fn d2i_AutoPrivateKey , +.Fn d2i_PrivateKey_bio , +.Fn i2d_PrivateKey_bio , +.Fn d2i_PrivateKey_fp , +.Fn i2d_PrivateKey_fp , +.Fn i2d_PKCS8PrivateKeyInfo_bio , +and +.Fn i2d_PKCS8PrivateKeyInfo_fp +first appeared in OpenSSL 0.9.5 and have been available since +.Ox 2.7 . diff --git a/src/lib/libcrypto/man/d2i_RSAPublicKey.3 b/src/lib/libcrypto/man/d2i_RSAPublicKey.3 new file mode 100644 index 00000000000..d6c376d84bb --- /dev/null +++ b/src/lib/libcrypto/man/d2i_RSAPublicKey.3 @@ -0,0 +1,389 @@ +.\" $OpenBSD: d2i_RSAPublicKey.3,v 1.13 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL bb9ad09e Jun 6 00:43:05 2016 -0400 +.\" +.\" This file is a derived work. +.\" The changes are covered by the following Copyright and license: +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" The original file was written by Ulf Moeller and +.\" Dr. Stephen Henson . +.\" Copyright (c) 2000, 2002, 2003, 2009, 2016 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt D2I_RSAPUBLICKEY 3 +.Os +.Sh NAME +.Nm d2i_RSAPublicKey , +.Nm i2d_RSAPublicKey , +.Nm d2i_RSAPrivateKey , +.Nm i2d_RSAPrivateKey , +.Nm d2i_Netscape_RSA , +.Nm i2d_Netscape_RSA , +.Nm d2i_RSA_PSS_PARAMS , +.Nm i2d_RSA_PSS_PARAMS , +.Nm d2i_RSAPublicKey_bio , +.Nm d2i_RSAPublicKey_fp , +.Nm i2d_RSAPublicKey_bio , +.Nm i2d_RSAPublicKey_fp , +.Nm d2i_RSAPrivateKey_bio , +.Nm d2i_RSAPrivateKey_fp , +.Nm i2d_RSAPrivateKey_bio , +.Nm i2d_RSAPrivateKey_fp , +.Nm d2i_RSA_PUBKEY , +.Nm i2d_RSA_PUBKEY , +.Nm d2i_RSA_PUBKEY_bio , +.Nm d2i_RSA_PUBKEY_fp , +.Nm i2d_RSA_PUBKEY_bio , +.Nm i2d_RSA_PUBKEY_fp +.Nd decode and encode RSA keys and parameters +.Sh SYNOPSIS +.In openssl/rsa.h +.Ft RSA * +.Fo d2i_RSAPublicKey +.Fa "RSA **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_RSAPublicKey +.Fa "RSA *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft RSA * +.Fo d2i_RSAPrivateKey +.Fa "RSA **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_RSAPrivateKey +.Fa "RSA *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft RSA * +.Fo d2i_Netscape_RSA +.Fa "RSA **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fa "int (*cb)()" +.Fc +.Ft int +.Fo i2d_Netscape_RSA +.Fa "RSA *val_in" +.Fa "unsigned char **der_out" +.Fa "int (*cb)()" +.Fc +.Ft RSA_PSS_PARAMS * +.Fo d2i_RSA_PSS_PARAMS +.Fa "RSA_PSS_PARAMS **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_RSA_PSS_PARAMS +.Fa "RSA_PSS_PARAMS *val_in" +.Fa "unsigned char **der_out" +.Fc +.In openssl/x509.h +.Ft RSA * +.Fo d2i_RSAPublicKey_bio +.Fa "BIO *in_bio" +.Fa "RSA **val_out" +.Fc +.Ft RSA * +.Fo d2i_RSAPublicKey_fp +.Fa "FILE *in_fp" +.Fa "RSA **val_out" +.Fc +.Ft int +.Fo i2d_RSAPublicKey_bio +.Fa "BIO *out_bio" +.Fa "RSA *val_in" +.Fc +.Ft int +.Fo i2d_RSAPublicKey_fp +.Fa "FILE *out_fp" +.Fa "RSA *val_in" +.Fc +.Ft RSA * +.Fo d2i_RSAPrivateKey_bio +.Fa "BIO *in_bio" +.Fa "RSA **val_out" +.Fc +.Ft RSA * +.Fo d2i_RSAPrivateKey_fp +.Fa "FILE *in_fp" +.Fa "RSA **val_out" +.Fc +.Ft int +.Fo i2d_RSAPrivateKey_bio +.Fa "BIO *out_bio" +.Fa "RSA *val_in" +.Fc +.Ft int +.Fo i2d_RSAPrivateKey_fp +.Fa "FILE *out_fp" +.Fa "RSA *val_in" +.Fc +.Ft RSA * +.Fo d2i_RSA_PUBKEY +.Fa "RSA **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_RSA_PUBKEY +.Fa "RSA *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft RSA * +.Fo d2i_RSA_PUBKEY_bio +.Fa "BIO *in_bio" +.Fa "RSA **val_out" +.Fc +.Ft RSA * +.Fo d2i_RSA_PUBKEY_fp +.Fa "FILE *in_fp" +.Fa "RSA **val_out" +.Fc +.Ft int +.Fo i2d_RSA_PUBKEY_bio +.Fa "BIO *out_bio" +.Fa "RSA *val_in" +.Fc +.Ft int +.Fo i2d_RSA_PUBKEY_fp +.Fa "FILE *out_fp" +.Fa "RSA *val_in" +.Fc +.Sh DESCRIPTION +These functions decode and encode RSA private and public keys. +For details about the semantics, examples, caveats, and bugs, see +.Xr ASN1_item_d2i 3 . +.Pp +.Fn d2i_RSAPublicKey +and +.Fn i2d_RSAPublicKey +decode and encode a PKCS#1 +.Vt RSAPublicKey +structure defined in RFC 8017 appendix A.1.1. +.Fn d2i_RSAPublicKey_bio , +.Fn d2i_RSAPublicKey_fp , +.Fn i2d_RSAPublicKey_bio , +and +.Fn i2d_RSAPublicKey_fp +are similar except that they decode or encode using a +.Vt BIO +or +.Vt FILE +pointer. +.Pp +.Fn d2i_RSAPrivateKey +and +.Fn i2d_RSAPrivateKey +decode and encode a PKCS#1 +.Vt RSAPrivateKey +structure defined in RFC 8017 appendix A.1.2. +The +.Vt RSA +structure passed to the private key encoding functions should have +all the PKCS#1 private key components present. +The data encoded by the private key functions is unencrypted and +therefore offers no private key security. +.Fn d2i_RSAPrivateKey_bio , +.Fn d2i_RSAPrivateKey_fp , +.Fn i2d_RSAPrivateKey_bio , +and +.Fn i2d_RSAPrivateKey_fp +are similar except that they decode or encode using a +.Vt BIO +or +.Vt FILE +pointer. +.Pp +.Fn d2i_Netscape_RSA +and +.Fn i2d_Netscape_RSA +decode and encode an RSA private key in NET format. +These functions are present to provide compatibility with +certain very old software. +The NET format has some severe security weaknesses and should be +avoided if possible. +.Pp +.Fn d2i_RSA_PSS_PARAMS +and +.Fn i2d_RSA_PSS_PARAMS +decode and encode a PKCS#1 +.Vt RSASSA-PSS-params +structure defined in RFC 8017 appendix A.2.3 and documented in +.Xr RSA_PSS_PARAMS_new 3 . +.Pp +.Fn d2i_RSA_PUBKEY +and +.Fn i2d_RSA_PUBKEY +decode and encode an RSA public key using an ASN.1 +.Vt SubjectPublicKeyInfo +structure defined in RFC 5280 section 4.1 and documented in +.Xr X509_PUBKEY_new 3 . +.Fn d2i_RSA_PUBKEY_bio , +.Fn d2i_RSA_PUBKEY_fp , +.Fn i2d_RSA_PUBKEY_bio , +and +.Fn i2d_RSA_PUBKEY_fp +are similar except that they decode or encode using a +.Vt BIO +or +.Vt FILE +pointer. +.Sh RETURN VALUES +.Fn d2i_RSAPublicKey , +.Fn d2i_RSAPublicKey_bio , +.Fn d2i_RSAPublicKey_fp , +.Fn d2i_RSAPrivateKey , +.Fn d2i_RSAPrivateKey_bio , +.Fn d2i_RSAPrivateKey_fp , +.Fn d2i_Netscape_RSA , +.Fn d2i_RSA_PUBKEY , +.Fn d2i_RSA_PUBKEY_bio , +and +.Fn d2i_RSA_PUBKEY_fp +return a valid +.Vt RSA +object or +.Dv NULL +if an error occurs. +.Pp +.Fn d2i_RSA_PSS_PARAMS +returns a valid +.Vt RSA_PSS_PARAMS +object or +.Dv NULL +if an error occurs. +.Pp +.Fn i2d_RSAPublicKey , +.Fn i2d_RSAPrivateKey , +.Fn i2d_Netscape_RSA , +.Fn i2d_RSA_PSS_PARAMS , +and +.Fn i2d_RSA_PUBKEY +return the number of bytes successfully encoded or a negative value +if an error occurs. +.Pp +.Fn i2d_RSAPublicKey_bio , +.Fn i2d_RSAPublicKey_fp , +.Fn i2d_RSAPrivateKey_bio , +.Fn i2d_RSAPrivateKey_fp , +.Fn i2d_RSA_PUBKEY_bio , +and +.Fn i2d_RSA_PUBKEY_fp +return 1 for success or 0 if an error occurs. +.Sh SEE ALSO +.Xr ASN1_item_d2i 3 , +.Xr EVP_PKEY_set1_RSA 3 , +.Xr PEM_write_RSAPrivateKey 3 , +.Xr RSA_new 3 , +.Xr RSA_PSS_PARAMS_new 3 , +.Xr X509_PUBKEY_new 3 +.Sh STANDARDS +RFC 8017: PKCS #1: RSA Cryptography Specifications +.Pp +RFC 5280: Internet X.509 Public Key Infrastructure Certificate and +Certificate Revocation List (CRL) Profile, +section 4.1: Basic Certificate Fields +.Sh HISTORY +.Fn d2i_RSAPublicKey , +.Fn i2d_RSAPublicKey , +.Fn d2i_RSAPrivateKey , +.Fn i2d_RSAPrivateKey , +.Fn d2i_RSAPrivateKey_fp , +.Fn i2d_RSAPrivateKey_fp , +.Fn d2i_Netscape_RSA , +and +.Fn i2d_Netscape_RSA +first appeared in SSLeay 0.5.1. +.Fn d2i_RSAPrivateKey_bio +and +.Fn i2d_RSAPrivateKey_bio +first appeared in SSLeay 0.6.0. +.Fn d2i_RSAPublicKey_bio , +.Fn d2i_RSAPublicKey_fp , +.Fn i2d_RSAPublicKey_bio , +and +.Fn i2d_RSAPublicKey_fp +first appeared in SSLeay 0.8.1. +These functions have been available since +.Ox 2.4 . +.Pp +.Fn d2i_RSA_PUBKEY , +.Fn i2d_RSA_PUBKEY , +.Fn d2i_RSA_PUBKEY_bio , +.Fn d2i_RSA_PUBKEY_fp , +.Fn i2d_RSA_PUBKEY_bio , +and +.Fn i2d_RSA_PUBKEY_fp +first appeared in OpenSSL 0.9.5 and have been available since +.Ox 2.7 . +.Pp +.Fn d2i_RSA_PSS_PARAMS +and +.Fn i2d_RSA_PSS_PARAMS +first appeared in OpenSSL 1.0.1 and have been available since +.Ox 5.3 . diff --git a/src/lib/libcrypto/man/d2i_TS_REQ.3 b/src/lib/libcrypto/man/d2i_TS_REQ.3 new file mode 100644 index 00000000000..9f7c860fa1f --- /dev/null +++ b/src/lib/libcrypto/man/d2i_TS_REQ.3 @@ -0,0 +1,333 @@ +.\" $OpenBSD: d2i_TS_REQ.3,v 1.2 2018/03/23 04:34:23 schwarze Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt D2I_TS_REQ 3 +.Os +.Sh NAME +.Nm d2i_TS_REQ , +.Nm i2d_TS_REQ , +.Nm d2i_TS_REQ_bio , +.Nm i2d_TS_REQ_bio , +.Nm d2i_TS_REQ_fp , +.Nm i2d_TS_REQ_fp , +.Nm d2i_TS_RESP , +.Nm i2d_TS_RESP , +.Nm d2i_TS_RESP_bio , +.Nm i2d_TS_RESP_bio , +.Nm d2i_TS_RESP_fp , +.Nm i2d_TS_RESP_fp , +.Nm d2i_TS_STATUS_INFO , +.Nm i2d_TS_STATUS_INFO , +.Nm d2i_TS_TST_INFO , +.Nm i2d_TS_TST_INFO , +.Nm d2i_TS_TST_INFO_bio , +.Nm i2d_TS_TST_INFO_bio , +.Nm d2i_TS_TST_INFO_fp , +.Nm i2d_TS_TST_INFO_fp , +.Nm d2i_TS_ACCURACY , +.Nm i2d_TS_ACCURACY , +.Nm d2i_TS_MSG_IMPRINT , +.Nm i2d_TS_MSG_IMPRINT , +.Nm d2i_TS_MSG_IMPRINT_bio , +.Nm i2d_TS_MSG_IMPRINT_bio , +.Nm d2i_TS_MSG_IMPRINT_fp , +.Nm i2d_TS_MSG_IMPRINT_fp +.Nd decode and encode X.509 time-stamp protocol structures +.Sh SYNOPSIS +.In openssl/ts.h +.Ft TS_REQ * +.Fo d2i_TS_REQ +.Fa "TS_REQ **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_TS_REQ +.Fa "const TS_REQ *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft TS_REQ * +.Fo d2i_TS_REQ_bio +.Fa "BIO *in_bio" +.Fa "TS_REQ **val_out" +.Fc +.Ft int +.Fo i2d_TS_REQ_bio +.Fa "BIO *out_bio" +.Fa "TS_REQ *val_in" +.Fc +.Ft TS_REQ * +.Fo d2i_TS_REQ_fp +.Fa "FILE *in_fp" +.Fa "TS_REQ **val_out" +.Fc +.Ft int +.Fo i2d_TS_REQ_fp +.Fa "FILE *out_fp" +.Fa "TS_REQ *val_in" +.Fc +.Ft TS_RESP * +.Fo d2i_TS_RESP +.Fa "TS_RESP **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_TS_RESP +.Fa "const TS_RESP *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft TS_RESP * +.Fo d2i_TS_RESP_bio +.Fa "BIO *in_bio" +.Fa "TS_RESP **val_out" +.Fc +.Ft int +.Fo i2d_TS_RESP_bio +.Fa "BIO *out_bio" +.Fa "TS_RESP *val_in" +.Fc +.Ft TS_RESP * +.Fo d2i_TS_RESP_fp +.Fa "FILE *in_fp" +.Fa "TS_RESP **val_out" +.Fc +.Ft int +.Fo i2d_TS_RESP_fp +.Fa "FILE *out_fp" +.Fa "TS_RESP *val_in" +.Fc +.Ft TS_STATUS_INFO * +.Fo d2i_TS_STATUS_INFO +.Fa "TS_STATUS_INFO **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_TS_STATUS_INFO +.Fa "const TS_STATUS_INFO *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft TS_TST_INFO * +.Fo d2i_TS_TST_INFO +.Fa "TS_TST_INFO **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_TS_TST_INFO +.Fa "const TS_TST_INFO *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft TS_TST_INFO * +.Fo d2i_TS_TST_INFO_bio +.Fa "BIO *in_bio" +.Fa "TS_TST_INFO **val_out" +.Fc +.Ft int +.Fo i2d_TS_TST_INFO_bio +.Fa "BIO *out_bio" +.Fa "TS_TST_INFO *val_in" +.Fc +.Ft TS_TST_INFO * +.Fo d2i_TS_TST_INFO_fp +.Fa "FILE *in_fp" +.Fa "TS_TST_INFO **val_out" +.Fc +.Ft int +.Fo i2d_TS_TST_INFO_fp +.Fa "FILE *out_fp" +.Fa "TS_TST_INFO *val_in" +.Fc +.Ft TS_ACCURACY * +.Fo d2i_TS_ACCURACY +.Fa "TS_ACCURACY **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_TS_ACCURACY +.Fa "const TS_ACCURACY *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft TS_MSG_IMPRINT * +.Fo d2i_TS_MSG_IMPRINT +.Fa "TS_MSG_IMPRINT **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_TS_MSG_IMPRINT +.Fa "const TS_MSG_IMPRINT *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft TS_MSG_IMPRINT * +.Fo d2i_TS_MSG_IMPRINT_bio +.Fa "BIO *in_bio" +.Fa "TS_MSG_IMPRINT **val_out" +.Fc +.Ft int +.Fo i2d_TS_MSG_IMPRINT_bio +.Fa "BIO *out_bio" +.Fa "TS_MSG_IMPRINT *val_in" +.Fc +.Ft TS_MSG_IMPRINT * +.Fo d2i_TS_MSG_IMPRINT_fp +.Fa "FILE *in_fp" +.Fa "TS_MSG_IMPRINT **val_out" +.Fc +.Ft int +.Fo i2d_TS_MSG_IMPRINT_fp +.Fa "FILE *out_fp" +.Fa "TS_MSG_IMPRINT *val_in" +.Fc +.Sh DESCRIPTION +These functions decode and encode X.509 structures used for the +time-stamp protocol. +For details about the semantics, examples, caveats, and bugs, see +.Xr ASN1_item_d2i 3 . +.Pp +.Fn d2i_TS_REQ +and +.Fn i2d_TS_REQ +decode and encode an ASN.1 +.Vt TimeStampReq +structure defined in RFC 3161 section 2.4.1. +.Fn d2i_TS_REQ_bio , +.Fn i2d_TS_REQ_bio , +.Fn d2i_TS_REQ_fp , +and +.Fn i2d_TS_REQ_fp +are similar except that they decode or encode using a +.Vt BIO +or +.Vt FILE +pointer. +.Pp +.Fn d2i_TS_RESP +and +.Fn i2d_TS_RESP +decode and encode an ASN.1 +.Vt TimeStampResp +structure defined in RFC 3161 section 2.4.2. +.Fn d2i_TS_RESP_bio , +.Fn i2d_TS_RESP_bio , +.Fn d2i_TS_RESP_fp , +and +.Fn i2d_TS_RESP_fp +are similar except that they decode or encode using a +.Vt BIO +or +.Vt FILE +pointer. +.Pp +.Fn d2i_TS_STATUS_INFO +and +.Fn i2d_TS_STATUS_INFO +decode and encode an ASN.1 +.Vt PKIStatusInfo +structure defined in RFC 3161 section 2.4.2. +.Pp +.Fn d2i_TS_TST_INFO +and +.Fn i2d_TS_TST_INFO +decode and encode an ASN.1 +.Vt TSTInfo +structure defined in RFC 3161 section 2.4.2. +.Fn d2i_TS_TST_INFO_bio , +.Fn i2d_TS_TST_INFO_bio , +.Fn d2i_TS_TST_INFO_fp , +and +.Fn i2d_TS_TST_INFO_fp +are similar except that they decode or encode using a +.Vt BIO +or +.Vt FILE +pointer. +.Pp +.Fn d2i_TS_ACCURACY +and +.Fn i2d_TS_ACCURACY +decode and encode an ASN.1 +.Vt Accuracy +structure defined in RFC 3161 section 2.4.2. +.Pp +.Fn d2i_TS_MSG_IMPRINT +and +.Fn i2d_TS_MSG_IMPRINT +decode and encode an ASN.1 +.Vt MessageImprint +structure defined in RFC 3161 section 2.4.1. +.Fn d2i_TS_MSG_IMPRINT_bio , +.Fn i2d_TS_MSG_IMPRINT_bio , +.Fn d2i_TS_MSG_IMPRINT_fp , +and +.Fn i2d_TS_MSG_IMPRINT_fp +are similar except that they decode or encode using a +.Vt BIO +or +.Vt FILE +pointer. +.Sh RETURN VALUES +.Fn d2i_TS_REQ , +.Fn d2i_TS_REQ_bio , +.Fn d2i_TS_REQ_fp , +.Fn d2i_TS_RESP , +.Fn d2i_TS_RESP_bio , +.Fn d2i_TS_RESP_fp , +.Fn d2i_TS_STATUS_INFO , +.Fn d2i_TS_TST_INFO , +.Fn d2i_TS_TST_INFO_bio , +.Fn d2i_TS_TST_INFO_fp , +.Fn d2i_TS_ACCURACY , +.Fn d2i_TS_MSG_IMPRINT , +.Fn d2i_TS_MSG_IMPRINT_bio , +and +.Fn d2i_TS_MSG_IMPRINT_fp +return an object of the respective type or +.Dv NULL +if an error occurs. +.Pp +.Fn i2d_TS_REQ , +.Fn i2d_TS_RESP , +.Fn i2d_TS_STATUS_INFO , +.Fn i2d_TS_TST_INFO , +.Fn i2d_TS_ACCURACY , +and +.Fn i2d_TS_MSG_IMPRINT +return the number of bytes successfully encoded or a negative value +if an error occurs. +.Pp +.Fn i2d_TS_REQ_bio , +.Fn i2d_TS_REQ_fp , +.Fn i2d_TS_RESP_bio , +.Fn i2d_TS_RESP_fp , +.Fn i2d_TS_TST_INFO_bio , +.Fn i2d_TS_TST_INFO_fp , +.Fn i2d_TS_MSG_IMPRINT_bio , +and +.Fn i2d_TS_MSG_IMPRINT_fp +return 1 for success or 0 if an error occurs. +.Sh SEE ALSO +.Xr ASN1_item_d2i 3 , +.Xr TS_REQ_new 3 +.Sh STANDARDS +RFC 3161: Internet X.509 Public Key Infrastructure Time-Stamp Protocol +.Sh HISTORY +These functions first appeared in OpenSSL 1.0.0 +and have been available since +.Ox 4.9 . diff --git a/src/lib/libcrypto/man/d2i_X509.3 b/src/lib/libcrypto/man/d2i_X509.3 new file mode 100644 index 00000000000..94b136a0ced --- /dev/null +++ b/src/lib/libcrypto/man/d2i_X509.3 @@ -0,0 +1,296 @@ +.\" $OpenBSD: d2i_X509.3,v 1.9 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL 94480b57 Sep 12 23:34:41 2009 +0000 +.\" +.\" This file is a derived work. +.\" The changes are covered by the following Copyright and license: +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" The original file was written by Dr. Stephen Henson . +.\" Copyright (c) 2002, 2003, 2005, 2009, 2016 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt D2I_X509 3 +.Os +.Sh NAME +.Nm d2i_X509 , +.Nm i2d_X509 , +.Nm d2i_X509_bio , +.Nm d2i_X509_fp , +.Nm i2d_X509_bio , +.Nm i2d_X509_fp , +.Nm d2i_X509_AUX , +.Nm i2d_X509_AUX , +.Nm d2i_X509_CERT_AUX , +.Nm i2d_X509_CERT_AUX , +.Nm d2i_X509_CINF , +.Nm i2d_X509_CINF , +.Nm d2i_X509_VAL , +.Nm i2d_X509_VAL +.Nd decode and encode X.509 certificates +.Sh SYNOPSIS +.In openssl/x509.h +.Ft X509 * +.Fo d2i_X509 +.Fa "X509 **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_X509 +.Fa "X509 *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft X509 * +.Fo d2i_X509_bio +.Fa "BIO *in_bio" +.Fa "X509 **val_out" +.Fc +.Ft X509 * +.Fo d2i_X509_fp +.Fa "FILE *in_fp" +.Fa "X509 **val_out" +.Fc +.Ft int +.Fo i2d_X509_bio +.Fa "BIO *out_bio" +.Fa "X509 *val_in" +.Fc +.Ft int +.Fo i2d_X509_fp +.Fa "FILE *out_fp" +.Fa "X509 *val_in" +.Fc +.Ft X509 * +.Fo d2i_X509_AUX +.Fa "X509 **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_X509_AUX +.Fa "X509 *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft X509_CERT_AUX * +.Fo d2i_X509_CERT_AUX +.Fa "X509_CERT_AUX **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_X509_CERT_AUX +.Fa "X509_CERT_AUX *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft X509_CINF * +.Fo d2i_X509_CINF +.Fa "X509_CINF **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_X509_CINF +.Fa "X509_CINF *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft X509_VAL * +.Fo d2i_X509_VAL +.Fa "X509_VAL **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_X509_VAL +.Fa "X509_VAL *val_in" +.Fa "unsigned char **der_out" +.Fc +.Sh DESCRIPTION +These functions decode and encode X.509 certificates +and some of their substructures. +For details about the semantics, examples, caveats, and bugs, see +.Xr ASN1_item_d2i 3 . +.Pp +.Fn d2i_X509 +and +.Fn i2d_X509 +decode and encode an ASN.1 +.Vt Certificate +structure defined in RFC 5280 section 4.1. +.Pp +.Fn d2i_X509_bio , +.Fn d2i_X509_fp , +.Fn i2d_X509_bio , +and +.Fn i2d_X509_fp +are similar except that they decode or encode using a +.Vt BIO +or +.Vt FILE +pointer. +.Pp +.Fn d2i_X509_AUX +is similar to +.Fn d2i_X509 , +but the input is expected to consist of an X.509 certificate followed +by auxiliary trust information. +This is used by the PEM routines to read TRUSTED CERTIFICATE objects. +This function should not be called on untrusted input. +.Pp +.Fn i2d_X509_AUX +is similar to +.Fn i2d_X509 , +but the encoded output contains both the certificate and any auxiliary +trust information. +This is used by the PEM routines to write TRUSTED CERTIFICATE objects. +Note that this is a non-standard OpenSSL-specific data format. +.Pp +.Fn d2i_X509_CERT_AUX +and +.Fn i2d_X509_CERT_AUX +decode and encode optional non-standard auxiliary data appended to +a certificate, for example friendly alias names and trust data. +.Pp +.Fn d2i_X509_CINF +and +.Fn i2d_X509_CINF +decode and encode an ASN.1 +.Vt TBSCertificate +structure defined in RFC 5280 section 4.1. +.Pp +.Fn d2i_X509_VAL +and +.Fn i2d_X509_VAL +decode and encode an ASN.1 +.Vt Validity +structure defined in RFC 5280 section 4.1. +.Sh RETURN VALUES +.Fn d2i_X509 , +.Fn d2i_X509_bio , +.Fn d2i_X509_fp , +and +.Fn d2i_X509_AUX +return a valid +.Vt X509 +structure or +.Dv NULL +if an error occurs. +.Pp +.Fn d2i_X509_CERT_AUX , +.Fn d2i_X509_CINF , +and +.Fn d2i_X509_VAL +return an +.Vt X509_CERT_AUX , +.Vt X509_CINF , +or +.Vt X509_VAL +object, respectively, or +.Dv NULL +if an error occurs. +.Pp +.Fn i2d_X509 , +.Fn i2d_X509_AUX , +.Fn i2d_X509_CERT_AUX , +.Fn i2d_X509_CINF , +and +.Fn i2d_X509_VAL +return the number of bytes successfully encoded or a negative value +if an error occurs. +.Pp +.Fn i2d_X509_bio +and +.Fn i2d_X509_fp +return 1 for success or 0 if an error occurs. +.Pp +For all functions, the error code can be obtained by +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr ASN1_item_d2i 3 , +.Xr X509_CINF_new 3 , +.Xr X509_new 3 +.Sh STANDARDS +RFC 5280: Internet X.509 Public Key Infrastructure Certificate and +Certificate Revocation List (CRL) Profile +.Sh HISTORY +.Fn d2i_X509 , +.Fn i2d_X509 , +.Fn d2i_X509_fp , +.Fn i2d_X509_fp , +.Fn d2i_X509_CINF , +.Fn i2d_X509_CINF , +.Fn d2i_X509_VAL , +and +.Fn i2d_X509_VAL +first appeared in SSLeay 0.5.1. +.Fn d2i_X509_bio +and +.Fn i2d_X509_bio +first appeared in SSLeay 0.6.0. +These functions have been available since +.Ox 2.4 . +.Pp +.Fn d2i_X509_AUX , +.Fn i2d_X509_AUX , +.Fn d2i_X509_CERT_AUX , +and +.Fn i2d_X509_CERT_AUX +first appeared in OpenSSL 0.9.5 and have been available since +.Ox 2.7 . diff --git a/src/lib/libcrypto/man/d2i_X509_ALGOR.3 b/src/lib/libcrypto/man/d2i_X509_ALGOR.3 new file mode 100644 index 00000000000..530ae86cf44 --- /dev/null +++ b/src/lib/libcrypto/man/d2i_X509_ALGOR.3 @@ -0,0 +1,58 @@ +.\" $OpenBSD: d2i_X509_ALGOR.3,v 1.9 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL 186bb907 Apr 13 11:05:13 2015 -0700 +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt D2I_X509_ALGOR 3 +.Os +.Sh NAME +.Nm d2i_X509_ALGOR , +.Nm i2d_X509_ALGOR +.Nd decode and encode algorithm identifiers +.Sh SYNOPSIS +.In openssl/x509.h +.Ft X509_ALGOR * +.Fo d2i_X509_ALGOR +.Fa "X509_ALGOR **val_out" +.Fa "unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_X509_ALGOR +.Fa "X509_ALGOR *val_in" +.Fa "unsigned char **der_out" +.Fc +.Sh DESCRIPTION +.Fn d2i_X509_ALGOR +and +.Fn i2d_X509_ALGOR +decode and encode an ASN.1 +.Vt AlgorithmIdentifier +structure defined in RFC 5280 section 4.1.1.2. +For details about the semantics, examples, caveats, and bugs, see +.Xr ASN1_item_d2i 3 . +.Sh SEE ALSO +.Xr ASN1_item_d2i 3 , +.Xr X509_ALGOR_new 3 +.Sh STANDARDS +RFC 5280: Internet X.509 Public Key Infrastructure Certificate and +Certificate Revocation List (CRL) Profile +.Sh HISTORY +.Fn d2i_X509_ALGOR +and +.Fn i2d_X509_ALGOR +first appeared in SSLeay 0.5.1 and have been available since +.Ox 2.4 . diff --git a/src/lib/libcrypto/man/d2i_X509_ATTRIBUTE.3 b/src/lib/libcrypto/man/d2i_X509_ATTRIBUTE.3 new file mode 100644 index 00000000000..6b070e5e51e --- /dev/null +++ b/src/lib/libcrypto/man/d2i_X509_ATTRIBUTE.3 @@ -0,0 +1,76 @@ +.\" $OpenBSD: d2i_X509_ATTRIBUTE.3,v 1.3 2018/03/27 17:35:50 schwarze Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt D2I_X509_ATTRIBUTE 3 +.Os +.Sh NAME +.Nm d2i_X509_ATTRIBUTE , +.Nm i2d_X509_ATTRIBUTE +.\" In the following line, "X.501" and "Attribute" are not typos. +.\" The "Attribute" type is defined in X.501, not in X.509. +.\" The type in called "Attribute" with capital "A", not "attribute". +.Nd decode and encode generic X.501 Attribute +.Sh SYNOPSIS +.In openssl/x509.h +.Ft X509_ATTRIBUTE * +.Fo d2i_X509_ATTRIBUTE +.Fa "X509_ATTRIBUTE **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_X509_ATTRIBUTE +.Fa "X509_ATTRIBUTE *val_in" +.Fa "unsigned char **der_out" +.Fc +.Sh DESCRIPTION +.Fn d2i_X509_ATTRIBUTE +and +.Fn i2d_X509_ATTRIBUTE +decode and encode a generic ASN.1 +.Vt Attribute +structure defined in X.501 section 8.2. +For details about the semantics, examples, caveats, and bugs, see +.Xr ASN1_item_d2i 3 . +.Sh RETURN VALUES +.Fn d2i_X509_ATTRIBUTE +returns an +.Vt X509_ATTRIBUTE +object or +.Dv NULL +if an error occurs. +.Pp +.Fn i2d_X509_ATTRIBUTE +returns the number of bytes successfully encoded or a negative value +if an error occurs. +.Sh SEE ALSO +.Xr ASN1_item_d2i 3 , +.Xr d2i_PKCS12 3 , +.Xr d2i_PKCS8_PRIV_KEY_INFO 3 , +.Xr d2i_X509_EXTENSION 3 , +.Xr d2i_X509_REQ 3 , +.Xr X509_ATTRIBUTE_new 3 +.Sh STANDARDS +ITU-T Recommendation X.501, also known as ISO/IEC 9594-2: Information +Technology Open Systems Interconnection The Directory: Models, +section 8.2: Overall structure +.Sh HISTORY +.Fn d2i_X509_ATTRIBUTE +and +.Fn i2d_X509_ATTRIBUTE +first appeared in SSLeay 0.5.1 and have been available since +.Ox 2.4 . diff --git a/src/lib/libcrypto/man/d2i_X509_CRL.3 b/src/lib/libcrypto/man/d2i_X509_CRL.3 new file mode 100644 index 00000000000..920be4aa891 --- /dev/null +++ b/src/lib/libcrypto/man/d2i_X509_CRL.3 @@ -0,0 +1,148 @@ +.\" $OpenBSD: d2i_X509_CRL.3,v 1.7 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL bb9ad09e Jun 6 00:43:05 2016 -0400 +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt D2I_X509_CRL 3 +.Os +.Sh NAME +.Nm d2i_X509_CRL , +.Nm i2d_X509_CRL , +.Nm d2i_X509_CRL_bio , +.Nm d2i_X509_CRL_fp , +.Nm i2d_X509_CRL_bio , +.Nm i2d_X509_CRL_fp , +.Nm d2i_X509_CRL_INFO , +.Nm i2d_X509_CRL_INFO , +.Nm d2i_X509_REVOKED , +.Nm i2d_X509_REVOKED +.Nd decode and encode X.509 certificate revocation lists +.Sh SYNOPSIS +.In openssl/x509.h +.Ft X509_CRL * +.Fo d2i_X509_CRL +.Fa "X509_CRL **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_X509_CRL +.Fa "X509_CRL *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft X509_CRL * +.Fo d2i_X509_CRL_bio +.Fa "BIO *in_bio" +.Fa "X509_CRL **der_out" +.Fc +.Ft X509_CRL * +.Fo d2i_X509_CRL_fp +.Fa "FILE *in_fp" +.Fa "X509_CRL **der_out" +.Fc +.Ft int +.Fo i2d_X509_CRL_bio +.Fa "BIO *out_bio" +.Fa "X509_CRL *der_in" +.Fc +.Ft int +.Fo i2d_X509_CRL_fp +.Fa "FILE *out_fp" +.Fa "X509_CRL *der_in" +.Fc +.Ft X509_CRL_INFO * +.Fo d2i_X509_CRL_INFO +.Fa "X509_CRL_INFO **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_X509_CRL_INFO +.Fa "X509_CRL_INFO *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft X509_REVOKED * +.Fo d2i_X509_REVOKED +.Fa "X509_REVOKED **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_X509_REVOKED +.Fa "X509_REVOKED *val_in" +.Fa "unsigned char **der_out" +.Fc +.Sh DESCRIPTION +These functions decode and encode X.509 certificate revocation lists. +For details about the semantics, examples, caveats, and bugs, see +.Xr ASN1_item_d2i 3 . +.Pp +.Fn d2i_X509_CRL +and +.Fn i2d_X509_CRL +decode and encode an ASN.1 +.Vt CertificateList +structure defined in RFC 5280 section 5.1. +.Fn d2i_X509_CRL_bio , +.Fn d2i_X509_CRL_fp , +.Fn i2d_X509_CRL_bio , +and +.Fn i2d_X509_CRL_fp +are similar except that they decode or encode using a +.Vt BIO +or +.Vt FILE +pointer. +.Pp +.Fn d2i_X509_CRL_INFO +and +.Fn i2d_X509_CRL_INFO +decode and encode an ASN.1 +.Vt TBSCertList +structure defined in RFC 5280 section 5.1. +.Pp +.Fn d2i_X509_REVOKED +and +.Fn i2d_X509_REVOKED +decode and encode an ASN.1 structure representing one element of +the revokedCertificates field of the ASN.1 +.Vt TBSCertList +structure. +.Sh SEE ALSO +.Xr ASN1_item_d2i 3 , +.Xr X509_CRL_new 3 , +.Xr X509_REVOKED_new 3 +.Sh STANDARDS +RFC 5280: Internet X.509 Public Key Infrastructure Certificate and +Certificate Revocation List (CRL) Profile, +section 5: CRL and CRL Extensions Profile +.Sh HISTORY +.Fn d2i_X509_CRL , +.Fn i2d_X509_CRL , +.Fn d2i_X509_CRL_fp , +.Fn i2d_X509_CRL_fp , +.Fn d2i_X509_CRL_INFO , +.Fn i2d_X509_CRL_INFO , +.Fn d2i_X509_REVOKED , +and +.Fn i2d_X509_REVOKED +first appeared in SSLeay 0.5.1. +.Fn d2i_X509_CRL_bio +and +.Fn i2d_X509_CRL_bio +first appeared in SSLeay 0.6.0. +These functions have been available since +.Ox 2.4 . diff --git a/src/lib/libcrypto/man/d2i_X509_EXTENSION.3 b/src/lib/libcrypto/man/d2i_X509_EXTENSION.3 new file mode 100644 index 00000000000..46a680c1bac --- /dev/null +++ b/src/lib/libcrypto/man/d2i_X509_EXTENSION.3 @@ -0,0 +1,104 @@ +.\" $OpenBSD: d2i_X509_EXTENSION.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt D2I_X509_EXTENSION 3 +.Os +.Sh NAME +.Nm d2i_X509_EXTENSION , +.Nm i2d_X509_EXTENSION , +.Nm d2i_X509_EXTENSIONS , +.Nm i2d_X509_EXTENSIONS +.\" In the next line, the capital "E" is not a typo. +.\" The ASN.1 structure is called "Extensions", not "extensions". +.Nd decode and encode X.509 Extensions +.Sh SYNOPSIS +.In openssl/x509.h +.Ft X509_EXTENSION * +.Fo d2i_X509_EXTENSION +.Fa "X509_EXTENSION **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_X509_EXTENSION +.Fa "X509_EXTENSION *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft X509_EXTENSIONS * +.Fo d2i_X509_EXTENSIONS +.Fa "X509_EXTENSIONS **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_X509_EXTENSIONS +.Fa "X509_EXTENSIONS *val_in" +.Fa "unsigned char **der_out" +.Fc +.Sh DESCRIPTION +.Fn d2i_X509_EXTENSION +and +.Fn i2d_X509_EXTENSION +decode and encode an ASN.1 +.Vt Extension +structure defined in RFC 5280 section 4.1. +.Pp +.Fn d2i_X509_EXTENSIONS +and +.Fn i2d_X509_EXTENSIONS +decode and encode an ASN.1 +.Vt Extensions +structure defined in RFC 5280 section 4.1, +which is a SEQUENCE OF +.Vt Extension . +.Sh RETURN VALUES +.Fn d2i_X509_EXTENSION +and +.Fn d2i_X509_EXTENSIONS +return an +.Vt X509_EXTENSION +or +.Vt X509_EXTENSIONS +object, respectively, or +.Dv NULL +if an error occurs. +.Pp +.Fn i2d_X509_EXTENSION +and +.Fn i2d_X509_EXTENSIONS +return the number of bytes successfully encoded or a negative value +if an error occurs. +.Sh SEE ALSO +.Xr ASN1_item_d2i 3 , +.Xr X509_EXTENSION_new 3 , +.Xr X509V3_get_d2i 3 , +.Xr X509v3_get_ext_by_NID 3 +.Sh STANDARDS +RFC 5280: Internet X.509 Public Key Infrastructure Certificate and +Certificate Revocation List (CRL) Profile +.Sh HISTORY +.Fn d2i_X509_EXTENSION +and +.Fn i2d_X509_EXTENSION +first appeared in SSLeay 0.6.2 and have been available since +.Ox 2.4 . +.Pp +.Fn d2i_X509_EXTENSIONS +and +.Fn i2d_X509_EXTENSIONS +first appeared in OpenSSL 0.9.8h and have been available since +.Ox 4.5 . diff --git a/src/lib/libcrypto/man/d2i_X509_NAME.3 b/src/lib/libcrypto/man/d2i_X509_NAME.3 new file mode 100644 index 00000000000..3289ccb134e --- /dev/null +++ b/src/lib/libcrypto/man/d2i_X509_NAME.3 @@ -0,0 +1,194 @@ +.\" $OpenBSD: d2i_X509_NAME.3,v 1.14 2018/03/27 17:35:50 schwarze Exp $ +.\" checked up to: +.\" OpenSSL crypto/d2i_X509_NAME 4692340e Jun 7 15:49:08 2016 -0400 and +.\" OpenSSL man3/X509_NAME_get0_der 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" +.\" Copyright (c) 2016, 2017, 2018 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt D2I_X509_NAME 3 +.Os +.Sh NAME +.Nm d2i_X509_NAME , +.Nm i2d_X509_NAME , +.Nm X509_NAME_get0_der , +.Nm X509_NAME_dup , +.Nm X509_NAME_hash , +.Nm d2i_X509_NAME_ENTRY , +.Nm i2d_X509_NAME_ENTRY , +.Nm X509_NAME_ENTRY_dup +.\" In the following line, "X.501" and "Name" are not typos. +.\" The "Name" type is defined in X.501, not in X.509. +.\" The type is called "Name" with capital "N", not "name". +.Nd decode and encode X.501 Name objects +.Sh SYNOPSIS +.In openssl/x509.h +.Ft X509_NAME * +.Fo d2i_X509_NAME +.Fa "X509_NAME **val_out" +.Fa "unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_X509_NAME +.Fa "X509_NAME *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft int +.Fo X509_NAME_get0_der +.Fa "X509_NAME *val_in" +.Fa "const unsigned char **der_out" +.Fa "size_t *out_len" +.Fc +.Ft X509_NAME * +.Fo X509_NAME_dup +.Fa "X509_NAME *val_in" +.Fc +.Ft unsigned long +.Fo X509_NAME_hash +.Fa "X509_NAME *val_in" +.Fc +.Ft X509_NAME_ENTRY * +.Fo d2i_X509_NAME_ENTRY +.Fa "X509_NAME_ENTRY **val_out" +.Fa "unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_X509_NAME_ENTRY +.Fa "X509_NAME_ENTRY *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft X509_NAME_ENTRY * +.Fo X509_NAME_ENTRY_dup +.Fa "X509_NAME_ENTRY *val_in" +.Fc +.Sh DESCRIPTION +These functions decode and encode X.501 +.Vt Name +objects using DER format. +For details about the semantics, examples, caveats, and bugs, see +.Xr ASN1_item_d2i 3 . +.Pp +.Fn d2i_X509_NAME +and +.Fn i2d_X509_NAME +decode and encode an ASN.1 +.Vt Name +structure defined in RFC 5280 section 4.1.2.4. +.Pp +.Fn X509_NAME_get0_der +is a variant of +.Fn i2d_X509_NAME +that does not copy the encoded output but instead returns a pointer +to the internally cached DER-encoded version of the name. +Also, it does not return the length of the output in bytes, +but instead stores it in +.Fa out_len . +If the cached encoded form happens to be out of date, both functions +update it before copying it or returning a pointer to it. +.Pp +.Fn X509_NAME_dup +copies +.Fa val_in +by calling +.Fn i2d_X509_NAME +and +.Fn d2i_X509_NAME . +.Pp +.Fn X509_NAME_hash +calculates a +.Xr SHA1 3 +hash of the DER-encoded form of the name +.Pf * Fa val_in . +It is for example used by +.Xr X509_LOOKUP_hash_dir 3 +to locate certificate files in the file system. +.Pp +.Fn d2i_X509_NAME_ENTRY +and +.Fn i2d_X509_NAME_ENTRY +decode and encode an ASN.1 +.Vt RelativeDistinguishedName +structure defined in RFC 5280 section 4.1.2.4. +.Pp +.Fn X509_NAME_ENTRY_dup +copies +.Fa val_in +by calling +.Fn i2d_X509_NAME_ENTRY +and +.Fn d2i_X509_NAME_ENTRY . +.Sh RETURN VALUES +.Fn d2i_X509_NAME +and +.Fn X509_NAME_dup +return the new +.Vt X509_NAME +object or +.Dv NULL +if an error occurs. +.Pp +.Fn X509_NAME_get0_der +returns 1 on success or 0 if an error occurs. +.Pp +.Fn X509_NAME_hash +returns the hash value or 0 if an error occurs. +.Pp +.Fn d2i_X509_NAME_ENTRY +and +.Fn X509_NAME_ENTRY_dup +return the new +.Vt X509_NAME_ENTRY +object or +.Dv NULL +if an error occurs. +.Pp +.Fn i2d_X509_NAME +and +.Fn i2d_X509_NAME_ENTRY +return the number of bytes successfully encoded or a negative value +if an error occurs. +.Sh SEE ALSO +.Xr ASN1_item_d2i 3 , +.Xr X509_NAME_ENTRY_new 3 , +.Xr X509_NAME_new 3 , +.Xr X509_NAME_print_ex 3 +.Sh STANDARDS +RFC 5280: Internet X.509 Public Key Infrastructure Certificate and +Certificate Revocation List (CRL) Profile +.Pp +ITU-T Recommendation X.690, also known as ISO/IEC 8825-1: +Information technology - ASN.1 encoding rules: +Specification of Basic Encoding Rules (BER), Canonical Encoding +Rules (CER) and Distinguished Encoding Rules (DER). +.Sh HISTORY +.Fn X509_NAME_dup +first appeared in SSLeay 0.4.4. +.Fn d2i_X509_NAME , +.Fn i2d_X509_NAME , +.Fn d2i_X509_NAME_ENTRY , +.Fn i2d_X509_NAME_ENTRY , +and +.Fn X509_NAME_ENTRY_dup +first appeared in SSLeay 0.5.1. +.Fn X509_NAME_hash +first appeared in SSLeay 0.8.0. +These functions have been available since +.Ox 2.4 . +.Pp +.Fn X509_NAME_get0_der +first appeared in OpenSSL 1.1.0 and has been available since +.Ox 6.3 . diff --git a/src/lib/libcrypto/man/d2i_X509_REQ.3 b/src/lib/libcrypto/man/d2i_X509_REQ.3 new file mode 100644 index 00000000000..95785a2d256 --- /dev/null +++ b/src/lib/libcrypto/man/d2i_X509_REQ.3 @@ -0,0 +1,151 @@ +.\" $OpenBSD: d2i_X509_REQ.3,v 1.7 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL bb9ad09e Jun 6 00:43:05 2016 -0400 +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt D2I_X509_REQ 3 +.Os +.Sh NAME +.Nm d2i_X509_REQ , +.Nm i2d_X509_REQ , +.Nm d2i_X509_REQ_bio , +.Nm d2i_X509_REQ_fp , +.Nm i2d_X509_REQ_bio , +.Nm i2d_X509_REQ_fp , +.Nm d2i_X509_REQ_INFO , +.Nm i2d_X509_REQ_INFO +.Nd decode and encode PKCS#10 certification requests +.Sh SYNOPSIS +.In openssl/x509.h +.Ft X509_REQ * +.Fo d2i_X509_REQ +.Fa "X509_REQ **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_X509_REQ +.Fa "X509_REQ *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft X509_REQ * +.Fo d2i_X509_REQ_bio +.Fa "BIO *in_bio" +.Fa "X509_REQ **val_out" +.Fc +.Ft X509_REQ * +.Fo d2i_X509_REQ_fp +.Fa "FILE *in_fp" +.Fa "X509_REQ **val_out" +.Fc +.Ft int +.Fo i2d_X509_REQ_bio +.Fa "BIO *out_bio" +.Fa "X509_REQ *val_in" +.Fc +.Ft int +.Fo i2d_X509_REQ_fp +.Fa "FILE *out_fp" +.Fa "X509_REQ *val_in" +.Fc +.Ft X509_REQ_INFO * +.Fo d2i_X509_REQ_INFO +.Fa "X509_REQ_INFO **val_out" +.Fa "const unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_X509_REQ_INFO +.Fa "X509_REQ_INFO *val_in" +.Fa "unsigned char **der_out" +.Fc +.Sh DESCRIPTION +These functions decode and encode PKCS#10 certification requests. +For details about the semantics, examples, caveats, and bugs, see +.Xr ASN1_item_d2i 3 . +.Pp +.Fn d2i_X509_REQ +and +.Fn i2d_X509_REQ +decode and encode an ASN.1 +.Vt CertificationRequest +structure defined in RFC 2986 section 4.2. +.Fn d2i_X509_REQ_bio , +.Fn d2i_X509_REQ_fp , +.Fn i2d_X509_REQ_bio , +and +.Fn i2d_X509_REQ_fp +are similar except that they decode or encode using a +.Vt BIO +or +.Vt FILE +pointer. +.Pp +.Fn d2i_X509_REQ_INFO +and +.Fn i2d_X509_REQ_INFO +decode and encode an ASN.1 +.Vt CertificationRequestInfo +structure defined in RFC 2986 section 4.1. +.Sh RETURN VALUES +.Fn d2i_X509_REQ , +.Fn d2i_X509_REQ_bio , +and +.Fn d2i_X509_REQ_fp +return an +.Vt X509_REQ +object or +.Dv NULL +if an error occurs. +.Pp +.Fn d2i_X509_REQ_INFO +returns an +.Vt X509_REQ_INFO +object or +.Dv NULL +if an error occurs. +.Pp +.Fn i2d_X509_REQ +and +.Fn i2d_X509_REQ_INFO +return the number of bytes successfully encoded or a negative value +if an error occurs. +.Pp +.Fn i2d_X509_REQ_bio +and +.Fn i2d_X509_REQ_fp +return 1 for success or 0 if an error occurs. +.Sh SEE ALSO +.Xr ASN1_item_d2i 3 , +.Xr PEM_read_X509_REQ 3 , +.Xr X509_REQ_new 3 +.Sh STANDARDS +RFC 2986: PKCS #10: Certification Request Syntax Specification +.Sh HISTORY +.Fn d2i_X509_REQ , +.Fn i2d_X509_REQ , +.Fn d2i_X509_REQ_fp , +.Fn i2d_X509_REQ_fp , +.Fn d2i_X509_REQ_INFO , +and +.Fn i2d_X509_REQ_INFO +first appeared in SSLeay 0.5.1. +.Fn d2i_X509_REQ_bio +and +.Fn i2d_X509_REQ_bio +first appeared in SSLeay 0.6.0. +These functions have been available since +.Ox 2.4 . diff --git a/src/lib/libcrypto/man/d2i_X509_SIG.3 b/src/lib/libcrypto/man/d2i_X509_SIG.3 new file mode 100644 index 00000000000..fddeed79b3f --- /dev/null +++ b/src/lib/libcrypto/man/d2i_X509_SIG.3 @@ -0,0 +1,159 @@ +.\" $OpenBSD: d2i_X509_SIG.3,v 1.9 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400 +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt D2I_X509_SIG 3 +.Os +.Sh NAME +.Nm d2i_X509_SIG , +.Nm i2d_X509_SIG , +.Nm d2i_PKCS8_bio , +.Nm i2d_PKCS8_bio , +.Nm d2i_PKCS8_fp , +.Nm i2d_PKCS8_fp +.\" In the next line, the number "7" is not a typo. +.\" These functions are misnamed. +.Nd decode and encode PKCS#7 digest information +.Sh SYNOPSIS +.In openssl/x509.h +.Ft X509_SIG * +.Fo d2i_X509_SIG +.Fa "X509_SIG **val_out" +.Fa "unsigned char **der_in" +.Fa "long length" +.Fc +.Ft int +.Fo i2d_X509_SIG +.Fa "X509_SIG *val_in" +.Fa "unsigned char **der_out" +.Fc +.Ft X509_SIG * +.Fo d2i_PKCS8_bio +.Fa "BIO *in_bio" +.Fa "X509_SIG **val_out" +.Fc +.Ft int +.Fo i2d_PKCS8_bio +.Fa "BIO *out_bio" +.Fa "X509_SIG *val_in" +.Fc +.Ft X509_SIG * +.Fo d2i_PKCS8_fp +.Fa "FILE *in_fp" +.Fa "X509_SIG **val_out" +.Fc +.Ft int +.Fo i2d_PKCS8_fp +.Fa "FILE *out_fp" +.Fa "X509_SIG *val_in" +.Fc +.Sh DESCRIPTION +.Fn d2i_X509_SIG +and +.Fn i2d_X509_SIG +decode and encode an ASN.1 +.Vt DigestInfo +structure defined in RFC 2315 section 9.4 +and equivalently in RFC 8017 section 9.2. +For details about the semantics, examples, caveats, and bugs, see +.Xr ASN1_item_d2i 3 . +.Pp +.Fn d2i_PKCS8_bio +and +.Fn d2i_PKCS8_fp +are similar to +.Fn d2i_X509_SIG +except that they read from a +.Vt BIO +or +.Vt FILE +pointer. +.Pp +.Fn i2d_PKCS8_bio +and +.Fn i2d_PKCS8_fp +are similar to +.Fn i2d_X509_SIG +except that they write to a +.Vt BIO +or +.Vt FILE +pointer. +.Sh RETURN VALUES +.Fn d2i_X509_SIG , +.Fn d2i_PKCS8_bio , +and +.Fn d2i_PKCS8_fp +return a +.Vt X509_SIG +object or +.Dv NULL +if an error occurs. +.Pp +.Fn i2d_X509_SIG +returns the number of bytes successfully encoded or a negative value +if an error occurs. +.Pp +.Fn i2d_PKCS8_bio +and +.Fn i2d_PKCS8_fp +return 1 for success or 0 if an error occurs. +.Sh SEE ALSO +.Xr ASN1_item_d2i 3 , +.Xr PKCS7_new 3 , +.Xr RSA_sign 3 , +.Xr X509_SIG_new 3 +.Sh STANDARDS +RFC 2315: PKCS #7: Cryptographic Message Syntax, +section 9: Signed-data content type +.Pp +RFC 8017: PKCS #1: RSA Cryptography Specifications, +section 9: Encoding Methods for Signatures +.Sh HISTORY +.Fn d2i_X509_SIG +and +.Fn i2d_X509_SIG +first appeared in SSLeay 0.5.1 and have been available since +.Ox 2.4 . +.Pp +.Fn d2i_PKCS8_bio , +.Fn i2d_PKCS8_bio , +.Fn d2i_PKCS8_fp , +and +.Fn i2d_PKCS8_fp +first appeared in OpenSSL 0.9.4 and have been available since +.Ox 2.6 . +.Sh BUGS +.Fn d2i_PKCS8_bio , +.Fn i2d_PKCS8_bio , +.Fn d2i_PKCS8_fp , +and +.Fn i2d_PKCS8_fp +are severely misnamed and should have been called +.Dq d2i_X509_SIG_bio +and so on. +.Pp +Or arguably, the +.Vt X509_SIG +object is misnamed itself, considering that it represents +.Vt DigestInfo +from PKCS#7 and PKCS#1. +Then again, calling it +.Dq PKCS8 +instead clearly isn't an improvement. +.Pp +Either way, these names just don't fit. diff --git a/src/lib/libcrypto/man/des_read_pw.3 b/src/lib/libcrypto/man/des_read_pw.3 new file mode 100644 index 00000000000..8c63a65fd2f --- /dev/null +++ b/src/lib/libcrypto/man/des_read_pw.3 @@ -0,0 +1,144 @@ +.\" $OpenBSD: des_read_pw.3,v 1.8 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL doc/crypto/ui_compat.pod May 14 11:28:00 2006 +0000 +.\" OpenSSL doc/crypto/des.pod 2a9aca32 Oct 25 08:44:10 2001 +0000 +.\" +.\" This file was written by Ulf Moeller and +.\" Richard Levitte . +.\" Copyright (c) 2000, 2001 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt DES_READ_PW 3 +.Os +.Sh NAME +.Nm des_read_pw , +.Nm des_read_pw_string , +.Nm EVP_read_pw_string +.Nd compatibility user interface functions +.Sh SYNOPSIS +.In openssl/ui_compat.h +.Ft int +.Fo des_read_pw +.Fa "char *buf" +.Fa "char *buff" +.Fa "int length" +.Fa "const char *prompt" +.Fa "int verify" +.Fc +.Ft int +.Fo des_read_pw_string +.Fa "char *buf" +.Fa "int length" +.Fa "const char *prompt" +.Fa "int verify" +.Fc +.In openssl/evp.h +.Ft int +.Fo EVP_read_pw_string +.Fa "char *buf" +.Fa "int length" +.Fa "const char *prompt" +.Fa "int verify" +.Fc +.Sh DESCRIPTION +The DES library contained a few routines to prompt for passwords. +These aren't necessarily dependent on DES, and have therefore become +part of the UI compatibility library. +.Pp +.Fn des_read_pw +writes the string specified by +.Fa prompt +to standard output, turns echo off, and reads an input string from the +terminal. +The string is returned in +.Fa buf , +which must have space for at least +.Fa length +bytes. +If +.Fa verify +is set, the user is asked for the password twice and unless the two +copies match, an error is returned. +The second password is stored in +.Fa buff , +which must therefore also be at least +.Fa length +bytes. +A return code of -1 indicates a system error, 1 failure due to use +interaction, and 0 is success. +.Pp +.Fn des_read_pw_string +is a variant of +.Fn des_read_pw +that provides a buffer if +.Fa verify +is set. +It is available in the MIT Kerberos library as well. +If +.Fa length +exceeds +.Dv BUFSIZ , +.Fn des_read_pw_string +uses +.Dv BUFSIZ . +.Pp +.Fn EVP_read_pw_string +is functionally similar to +.Fn des_read_pw_string . +.Sh SEE ALSO +.Xr UI_new 3 +.Sh HISTORY +.Fn des_read_pw_string +appeared in SSLeay 0.4 or earlier. +.Fn EVP_read_pw_string +first appeared in SSLeay 0.5.1. +.Fn des_read_pw +first appeared in SSLeay 0.8.0. +These functions have been available since +.Ox 2.4 . +.Sh AUTHORS +.An Richard Levitte Aq Mt richard@levitte.org +for the OpenSSL project. diff --git a/src/lib/libcrypto/man/evp.3 b/src/lib/libcrypto/man/evp.3 new file mode 100644 index 00000000000..8ea9c78de03 --- /dev/null +++ b/src/lib/libcrypto/man/evp.3 @@ -0,0 +1,208 @@ +.\" $OpenBSD: evp.3,v 1.10 2019/03/21 14:15:13 schwarze Exp $ +.\" OpenSSL a9c85cea Nov 11 09:33:55 2016 +0100 +.\" +.\" This file was written by Ulf Moeller , +.\" Matt Caswell , Geoff Thorpe , +.\" and Dr. Stephen Henson . +.\" Copyright (c) 2000, 2002, 2006, 2013, 2016 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 21 2019 $ +.Dt EVP 3 +.Os +.Sh NAME +.Nm evp +.Nd high level cryptographic functions +.Sh SYNOPSIS +.In openssl/evp.h +.Sh DESCRIPTION +The EVP library provides a high level interface to cryptographic +functions. +.Pp +.Xr EVP_SealInit 3 +and +.Xr EVP_OpenInit 3 +provide public key encryption and decryption to implement digital +"envelopes". +.Pp +The +.Xr EVP_DigestSignInit 3 +and +.Xr EVP_DigestVerifyInit 3 +functions implement digital signatures and Message Authentication Codes +(MACs). +Also see the older +.Xr EVP_SignInit 3 +and +.Xr EVP_VerifyInit 3 +functions. +.Pp +Symmetric encryption is available with the +.Xr EVP_EncryptInit 3 +functions. +The +.Xr EVP_DigestInit 3 +functions provide message digests. +.Pp +Authenticated encryption with additional data (AEAD) is available with +the +.Xr EVP_AEAD_CTX_init 3 +functions. +.Pp +The +.Fn EVP_PKEY_* +functions provide a high level interface to asymmetric algorithms. +To create a new +.Vt EVP_PKEY , +see +.Xr EVP_PKEY_new 3 . +.Vt EVP_PKEY Ns s +can be associated with a private key of a particular algorithm +by using the functions described in the +.Xr EVP_PKEY_set1_RSA 3 +page, or new keys can be generated using +.Xr EVP_PKEY_keygen 3 . +.Vt EVP_PKEY Ns s +can be compared using +.Xr EVP_PKEY_cmp 3 +or printed using +.Xr EVP_PKEY_print_private 3 . +.Pp +The +.Fn EVP_PKEY_* +functions support the full range of asymmetric algorithm operations: +.Bl -bullet +.It +For key agreement, see +.Xr EVP_PKEY_derive 3 . +.It +For signing and verifying, see +.Xr EVP_PKEY_sign 3 , +.Xr EVP_PKEY_verify 3 , +and +.Xr EVP_PKEY_verify_recover 3 . +However, note that these functions do not perform a digest of the +data to be signed. +Therefore normally you would use the +.Xr EVP_DigestSignInit 3 +functions for this purpose. +.It +For encryption and decryption see +.Xr EVP_PKEY_encrypt 3 +and +.Xr EVP_PKEY_decrypt 3 , +respectively. +However, note that these functions perform encryption and decryption only. +As public key encryption is an expensive operation, normally you +would wrap an encrypted message in a digital envelope using the +.Xr EVP_SealInit 3 +and +.Xr EVP_OpenInit 3 +functions. +.El +.Pp +The +.Xr EVP_BytesToKey 3 +function provides some limited support for password based encryption. +Careful selection of the parameters will provide a PKCS#5 PBKDF1 +compatible implementation. +However, new applications should typically not use this (preferring, for +example, PBKDF2 from PCKS#5). +.Pp +Algorithms are loaded with +.Xr OpenSSL_add_all_algorithms 3 . +.Pp +All the symmetric algorithms (ciphers), digests and asymmetric +algorithms (public key algorithms) can be replaced by +.Vt ENGINE +modules providing alternative implementations; see +.Xr ENGINE_register_RSA 3 +and the related manual pages for more information. +If +.Vt ENGINE +implementations of ciphers or digests are registered as defaults, +then the various EVP functions will automatically use those +implementations in preference to built in software implementations. +.Pp +Although low level algorithm specific functions exist for many +algorithms, their use is discouraged. +They cannot be used with an +.Vt ENGINE , +and +.Vt ENGINE +versions of new algorithms cannot be accessed using the low level +functions. +Using them also makes code harder to adapt to new algorithms, some +options are not cleanly supported at the low level, and some +operations are more efficient using the high level interfaces. +.Sh SEE ALSO +.Xr ENGINE_register_RSA 3 , +.Xr EVP_AEAD_CTX_init 3 , +.Xr EVP_aes_128_cbc 3 , +.Xr EVP_BytesToKey 3 , +.Xr EVP_camellia_128_cbc 3 , +.Xr EVP_des_cbc 3 , +.Xr EVP_DigestInit 3 , +.Xr EVP_DigestSignInit 3 , +.Xr EVP_EncryptInit 3 , +.Xr EVP_OpenInit 3 , +.Xr EVP_PKEY_decrypt 3 , +.Xr EVP_PKEY_derive 3 , +.Xr EVP_PKEY_encrypt 3 , +.Xr EVP_PKEY_keygen 3 , +.Xr EVP_PKEY_new 3 , +.Xr EVP_PKEY_print_private 3 , +.Xr EVP_PKEY_set1_RSA 3 , +.Xr EVP_PKEY_sign 3 , +.Xr EVP_PKEY_verify 3 , +.Xr EVP_PKEY_verify_recover 3 , +.Xr EVP_rc4 3 , +.Xr EVP_SealInit 3 , +.Xr EVP_SignInit 3 , +.Xr EVP_sm4_cbc 3 , +.Xr EVP_VerifyInit 3 , +.Xr OpenSSL_add_all_algorithms 3 diff --git a/src/lib/libcrypto/man/get_rfc3526_prime_8192.3 b/src/lib/libcrypto/man/get_rfc3526_prime_8192.3 new file mode 100644 index 00000000000..b26e28be9af --- /dev/null +++ b/src/lib/libcrypto/man/get_rfc3526_prime_8192.3 @@ -0,0 +1,178 @@ +.\" $OpenBSD: get_rfc3526_prime_8192.3,v 1.4 2018/03/23 23:18:17 schwarze Exp $ +.\" checked up to: OpenSSL DH_get_1024_160 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" +.\" Copyright (c) 2017 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt GET_RFC3526_PRIME_8192 3 +.Os +.Sh NAME +.Nm get_rfc2409_prime_768 , +.Nm get_rfc2409_prime_1024 , +.Nm get_rfc3526_prime_1536 , +.Nm get_rfc3526_prime_2048 , +.Nm get_rfc3526_prime_3072 , +.Nm get_rfc3526_prime_4096 , +.Nm get_rfc3526_prime_6144 , +.Nm get_rfc3526_prime_8192 , +.Nm BN_get_rfc2409_prime_768 , +.Nm BN_get_rfc2409_prime_1024 , +.Nm BN_get_rfc3526_prime_2048 , +.Nm BN_get_rfc3526_prime_3072 , +.Nm BN_get_rfc3526_prime_4096 , +.Nm BN_get_rfc3526_prime_6144 , +.Nm BN_get_rfc3526_prime_8192 +.Nd standard moduli for Diffie-Hellmann key exchange +.Sh SYNOPSIS +.In openssl/bn.h +.Ft BIGNUM * +.Fn get_rfc2409_prime_768 "BIGNUM *bn" +.Ft BIGNUM * +.Fn get_rfc2409_prime_1024 "BIGNUM *bn" +.Ft BIGNUM * +.Fn get_rfc3526_prime_1536 "BIGNUM *bn" +.Ft BIGNUM * +.Fn get_rfc3526_prime_2048 "BIGNUM *bn" +.Ft BIGNUM * +.Fn get_rfc3526_prime_3072 "BIGNUM *bn" +.Ft BIGNUM * +.Fn get_rfc3526_prime_4096 "BIGNUM *bn" +.Ft BIGNUM * +.Fn get_rfc3526_prime_6144 "BIGNUM *bn" +.Ft BIGNUM * +.Fn get_rfc3526_prime_8192 "BIGNUM *bn" +.Ft BIGNUM * +.Fn BN_get_rfc2409_prime_768 "BIGNUM *bn" +.Ft BIGNUM * +.Fn BN_get_rfc2409_prime_1024 "BIGNUM *bn" +.Ft BIGNUM * +.Fn BN_get_rfc3526_prime_1536 "BIGNUM *bn" +.Ft BIGNUM * +.Fn BN_get_rfc3526_prime_2048 "BIGNUM *bn" +.Ft BIGNUM * +.Fn BN_get_rfc3526_prime_3072 "BIGNUM *bn" +.Ft BIGNUM * +.Fn BN_get_rfc3526_prime_4096 "BIGNUM *bn" +.Ft BIGNUM * +.Fn BN_get_rfc3526_prime_6144 "BIGNUM *bn" +.Ft BIGNUM * +.Fn BN_get_rfc3526_prime_8192 "BIGNUM *bn" +.Sh DESCRIPTION +Each of these functions returns one specific constant Sophie Germain +prime number +.Fa p . +The names with the prefix +.Sq BN_ +are aliases for the names without that prefix. +.Pp +If +.Fa bn +is +.Dv NULL , +a new +.Vt BIGNUM +object is created and returned. +Otherwise, the number is stored in +.Pf * Fa bn +and +.Fa bn +is returned. +.Pp +All these numbers are of the form +.Pp +.EQ +p = 2 sup s - 2 sup left ( s - 64 right ) - 1 + 2 sup 64 * +left { left [ 2 sup left ( s - 130 right ) pi right ] + offset right } +delim $$ +.EN +.Pp +where +.Ar s +is the size of the binary representation of the number in bits +and appears at the end of the function names. +As long as the offset is sufficiently small, the above form assures +that the top and bottom 64 bits of each number are all 1. +.Pp +The offsets are defined in the standards as follows: +.Bl -column 16n 8n -offset indent +.It size Ar s Ta Ar offset +.It Ta +.It \ 768 = 3 * 2^8 Ta 149686 +.It 1024 = 2 * 2^9 Ta 129093 +.It 1536 = 3 * 2^9 Ta 741804 +.It 2048 = 2 * 2^10 Ta 124476 +.It 3072 = 3 * 2^10 Ta 1690314 +.It 4096 = 2 * 2^11 Ta 240904 +.It 6144 = 3 * 2^11 Ta 929484 +.It 8192 = 2 * 2^12 Ta 4743158 +.El +.Pp +For each of these prime numbers, the finite group of natural numbers +smaller than +.Fa p , +where the group operation is defined as multiplication modulo +.Fa p , +is used for Diffie-Hellmann key exchange. +The first two of these groups are called the First Oakley Group and +the Second Oakley Group. +Obiviously, all these groups are cyclic groups of order +.Fa p , +respectively, and the numbers returned by these functions are not +secrets. +.Sh RETURN VALUES +If memory allocation fails, these functions return +.Dv NULL . +That can happen even if +.Fa bn +is not +.Dv NULL . +.Sh SEE ALSO +.Xr BN_mod_exp 3 , +.Xr BN_new 3 , +.Xr BN_set_flags 3 , +.Xr DH_new 3 +.Sh STANDARDS +RFC 2409, "The Internet Key Exchange (IKE)", defines the Oakley Groups. +.Pp +RFC 2412, "The OAKLEY Key Determination Protocol", contains additional +information about these numbers. +.Pp +RFC 3526, "More Modular Exponential (MODP) Diffie-Hellman groups +for Internet Key Exchange (IKE)", defines the other six numbers. +.Sh HISTORY +.Fn get_rfc2409_prime_768 , +.Fn get_rfc2409_prime_1024 , +.Fn get_rfc3526_prime_1536 , +.Fn get_rfc3526_prime_2048 , +.Fn get_rfc3526_prime_3072 , +.Fn get_rfc3526_prime_4096 , +.Fn get_rfc3526_prime_6144 , +and +.Fn get_rfc3526_prime_8192 +first appeared in OpenSSL 0.9.8a and have been available since +.Ox 4.5 . +.Pp +The +.Sy BN_ +aliases first appeared in OpenSSL 1.1.0 and have been available since +.Ox 6.3 . +.Sh CAVEATS +As all the memory needed for storing the numbers is dynamically +allocated, the +.Dv BN_FLG_STATIC_DATA +flag is not set on the returned +.Vt BIGNUM +objects. +So be careful to not change the returned numbers. diff --git a/src/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 b/src/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 new file mode 100644 index 00000000000..463d861becd --- /dev/null +++ b/src/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 @@ -0,0 +1,93 @@ +.\" $OpenBSD: i2d_PKCS7_bio_stream.3,v 1.7 2018/03/23 04:34:23 schwarze Exp $ +.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2007, 2008, 2009, 2013 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt I2D_PKCS7_BIO_STREAM 3 +.Os +.Sh NAME +.Nm i2d_PKCS7_bio_stream +.Nd output PKCS7 structure in BER format +.Sh SYNOPSIS +.In openssl/pkcs7.h +.Ft int +.Fo i2d_PKCS7_bio_stream +.Fa "BIO *out" +.Fa "PKCS7 *p7" +.Fa "BIO *data" +.Fa "int flags" +.Fc +.Sh DESCRIPTION +.Fn i2d_PKCS7_bio_stream +outputs a +.Vt PKCS7 +structure in BER format. +It is otherwise identical to the function +.Xr SMIME_write_PKCS7 3 . +This function is effectively a version of +.Xr d2i_PKCS7_bio 3 +supporting streaming. +.Sh RETURN VALUES +.Fn i2d_PKCS7_bio_stream +returns 1 for success or 0 for failure. +.Sh SEE ALSO +.Xr BIO_new 3 , +.Xr ERR_get_error 3 , +.Xr PEM_write_bio_PKCS7_stream 3 , +.Xr PEM_write_PKCS7 3 , +.Xr PKCS7_new 3 , +.Xr SMIME_write_PKCS7 3 +.Sh HISTORY +.Fn i2d_PKCS7_bio_stream +first appeared in OpenSSL 1.0.0 and has been available since +.Ox 4.9 . +.Sh BUGS +The prefix "i2d" is arguably wrong because the function outputs BER +format. diff --git a/src/lib/libcrypto/man/lh_new.3 b/src/lib/libcrypto/man/lh_new.3 new file mode 100644 index 00000000000..3be32cf675a --- /dev/null +++ b/src/lib/libcrypto/man/lh_new.3 @@ -0,0 +1,559 @@ +.\" $OpenBSD: lh_new.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL 1bc74519 May 20 08:11:46 2016 -0400 +.\" +.\" -------------------------------------------------------------------------- +.\" Major patches to this file were contributed by +.\" Ulf Moeller , Geoff Thorpe , +.\" and Ben Laurie . +.\" -------------------------------------------------------------------------- +.\" Copyright (c) 2000, 2001, 2002, 2008, 2009 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.\" -------------------------------------------------------------------------- +.\" Parts of this file are derived from SSLeay documentation, +.\" which is covered by the following Copyright and license: +.\" -------------------------------------------------------------------------- +.\" +.\" Copyright (C) 1995-1998 Tim Hudson (tjh@cryptsoft.com) +.\" All rights reserved. +.\" +.\" This package is an SSL implementation written +.\" by Eric Young (eay@cryptsoft.com). +.\" The implementation was written so as to conform with Netscapes SSL. +.\" +.\" This library is free for commercial and non-commercial use as long as +.\" the following conditions are aheared to. The following conditions +.\" apply to all code found in this distribution, be it the RC4, RSA, +.\" lhash, DES, etc., code; not just the SSL code. The SSL documentation +.\" included with this distribution is covered by the same copyright terms +.\" except that the holder is Tim Hudson (tjh@cryptsoft.com). +.\" +.\" Copyright remains Eric Young's, and as such any Copyright notices in +.\" the code are not to be removed. +.\" If this package is used in a product, Eric Young should be given +.\" attribution as the author of the parts of the library used. +.\" This can be in the form of a textual message at program startup or +.\" in documentation (online or textual) provided with the package. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. All advertising materials mentioning features or use of this software +.\" must display the following acknowledgement: +.\" "This product includes cryptographic software written by +.\" Eric Young (eay@cryptsoft.com)" +.\" The word 'cryptographic' can be left out if the rouines from the +.\" library being used are not cryptographic related :-). +.\" 4. If you include any Windows specific code (or a derivative thereof) +.\" from the apps directory (application code) you must include an +.\" acknowledgement: "This product includes software written by +.\" Tim Hudson (tjh@cryptsoft.com)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" The licence and distribution terms for any publically available version or +.\" derivative of this code cannot be changed. i.e. this code cannot simply be +.\" copied and put under another distribution licence +.\" [including the GNU Public Licence.] +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt LH_NEW 3 +.Os +.Sh NAME +.Nm lh_new , +.Nm lh_free , +.Nm lh_insert , +.Nm lh_delete , +.Nm lh_retrieve , +.Nm lh_doall , +.Nm lh_doall_arg , +.Nm lh_error +.Nd dynamic hash table +.Sh SYNOPSIS +.In openssl/lhash.h +.Fn DECLARE_LHASH_OF +.Ft LHASH * +.Fn lh__new void +.Ft void +.Fo lh__free +.Fa "LHASH_OF() *table" +.Fc +.Ft * +.Fo lh__insert +.Fa "LHASH_OF() *table" +.Fa " *data" +.Fc +.Ft * +.Fo lh__delete +.Fa "LHASH_OF() *table" +.Fa " *data" +.Fc +.Ft * +.Fo lh__retrieve +.Fa "LHASH_OF) *table" +.Fa " *data" +.Fc +.Ft void +.Fo lh__doall +.Fa "LHASH_OF() *table" +.Fa "LHASH_DOALL_FN_TYPE func" +.Fc +.Ft void +.Fo lh__doall_arg +.Fa "LHASH_OF() *table" +.Fa "LHASH_DOALL_ARG_FN_TYPE func" +.Fa "" +.Fa " *arg" +.Fc +.Ft int +.Fo lh__error +.Fa "LHASH_OF() *table" +.Fc +.Ft typedef int +.Fo (*LHASH_COMP_FN_TYPE) +.Fa "const void *" +.Fa "const void *" +.Fc +.Ft typedef unsigned long +.Fo (*LHASH_HASH_FN_TYPE) +.Fa "const void *" +.Fc +.Ft typedef void +.Fo (*LHASH_DOALL_FN_TYPE) +.Fa "const void *" +.Fc +.Ft typedef void +.Fo (*LHASH_DOALL_ARG_FN_TYPE) +.Fa "const void *" +.Fa "const void *" +.Fc +.Sh DESCRIPTION +This library implements type-checked dynamic hash tables. +The hash table entries can be arbitrary structures. +Usually they consist of key and value fields. +.Pp +.Fn lh__new +creates a new +.Vt LHASH_OF() +structure to store arbitrary data entries, and provides the hash and +compare callbacks to be used in organising the table's entries. +The hash callback takes a pointer to a table entry as its argument +and returns an unsigned long hash value for its key field. +The hash value is normally truncated to a power of 2, so make sure that +your hash function returns well mixed low order bits. +The compare callback takes two arguments (pointers to two hash table +entries), and returns 0 if their keys are equal, non-zero otherwise. +If your hash table will contain items of some particular type and the +hash and compare callbacks hash and compare these types, then the +.Fn DECLARE_LHASH_HASH_FN +and +.Fn IMPLEMENT_LHASH_COMP_FN +macros can be used to create callback wrappers of the prototypes +required by +.Fn lh__new . +These provide per-variable casts before calling the type-specific +callbacks written by the application author. +These macros, as well as those used for the doall callbacks, are +defined as; +.Bd -literal -offset 2n +#define DECLARE_LHASH_HASH_FN(name, o_type) \e + unsigned long name##_LHASH_HASH(const void *); +#define IMPLEMENT_LHASH_HASH_FN(name, o_type) \e + unsigned long name##_LHASH_HASH(const void *arg) { \e + const o_type *a = arg; \e + return name##_hash(a); } +#define LHASH_HASH_FN(name) name##_LHASH_HASH + +#define DECLARE_LHASH_COMP_FN(name, o_type) \e + int name##_LHASH_COMP(const void *, const void *); +#define IMPLEMENT_LHASH_COMP_FN(name, o_type) \e + int name##_LHASH_COMP(const void *arg1, const void *arg2) { \e + const o_type *a = arg1; \e + const o_type *b = arg2; \e + return name##_cmp(a,b); } +#define LHASH_COMP_FN(name) name##_LHASH_COMP + +#define DECLARE_LHASH_DOALL_FN(name, o_type) \e + void name##_LHASH_DOALL(void *); +#define IMPLEMENT_LHASH_DOALL_FN(name, o_type) \e + void name##_LHASH_DOALL(void *arg) { \e + o_type *a = arg; \e + name##_doall(a); } +#define LHASH_DOALL_FN(name) name##_LHASH_DOALL + +#define DECLARE_LHASH_DOALL_ARG_FN(name, o_type, a_type) \e + void name##_LHASH_DOALL_ARG(void *, void *); +#define IMPLEMENT_LHASH_DOALL_ARG_FN(name, o_type, a_type) \e + void name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \e + o_type *a = arg1; \e + a_type *b = arg2; \e + name##_doall_arg(a, b); } +#define LHASH_DOALL_ARG_FN(name) name##_LHASH_DOALL_ARG +.Ed +.Pp +An example of a hash table storing (pointers to) structures of type +\&'STUFF' could be defined as follows; +.Bd -literal -offset 2n +/* Calculate the hash value of 'tohash' (implemented elsewhere) */ +unsigned long STUFF_hash(const STUFF *tohash); +/* Order 'arg1' and 'arg2' (implemented elsewhere) */ +int stuff_cmp(const STUFF *arg1, const STUFF *arg2); +/* Create type-safe wrapper functions for use in the LHASH internals */ +static IMPLEMENT_LHASH_HASH_FN(stuff, STUFF); +static IMPLEMENT_LHASH_COMP_FN(stuff, STUFF); +/* ... */ +int main(int argc, char *argv[]) { + /* Create the new hash table using the hash/compare wrappers */ + LHASH_OF(STUFF) *hashtable = + lh_STUFF_new(LHASH_HASH_FN(STUFF_hash), + LHASH_COMP_FN(STUFF_cmp)); + /* ... */ +} +.Ed +.Pp +.Fn lh__free +frees the +.Vt LHASH_OF() +structure +.Fa table . +Allocated hash table entries will not be freed; consider using +.Fn lh__doall +to deallocate any remaining entries in the hash table (see below). +.Pp +.Fn lh__insert +inserts the structure pointed to by +.Fa data +into +.Fa table . +If there already is an entry with the same key, the old value is +replaced. +Note that +.Fn lh__insert +stores pointers, the data are not copied. +.Pp +.Fn lh__delete +deletes an entry from +.Fa table . +.Pp +.Fn lh__retrieve +looks up an entry in +.Fa table . +Normally, +.Fa data +is a structure with the key field(s) set; the function will return a +pointer to a fully populated structure. +.Pp +.Fn lh__doall +will, for every entry in the hash table, call +.Fa func +with the data item as its parameter. +For +.Fn lh__doall +and +.Fn lh__doall_arg , +function pointer casting should be avoided in the callbacks (see +.Sx NOTES ) +\(em instead use the declare/implement macros to create type-checked +wrappers that cast variables prior to calling your type-specific +callbacks. +An example of this is illustrated here where the callback is used to +cleanup resources for items in the hash table prior to the hashtable +itself being deallocated: +.Bd -literal -offset 2n +/* Clean up resources belonging to 'a' (this is implemented elsewhere) */ +void STUFF_cleanup_doall(STUFF *a); +/* Implement a prototype-compatible wrapper for "STUFF_cleanup" */ +IMPLEMENT_LHASH_DOALL_FN(STUFF_cleanup, STUFF) + /* ... then later in the code ... */ +/* So to run "STUFF_cleanup" against all items in a hash table ... */ +lh_STUFF_doall(hashtable, LHASH_DOALL_FN(STUFF_cleanup)); +/* Then the hash table itself can be deallocated */ +lh_STUFF_free(hashtable); +.Ed +.Pp +When doing this, be careful if you delete entries from the hash table in +your callbacks: the table may decrease in size, moving the item that you +are currently on down lower in the hash table \(em this could cause some +entries to be skipped during the iteration. +The second best solution to this problem is to set hash->down_load=0 +before you start (which will stop the hash table ever decreasing in +size). +The best solution is probably to avoid deleting items from the hash +table inside a doall callback! +.Pp +.Fn lh__doall_arg +is the same as +.Fn lh__doall +except that +.Fa func +will be called with +.Fa arg +as the second argument and +.Fa func +should be of type +.Vt LHASH_DOALL_ARG_FN_TYPE +(a callback prototype that is passed both the table entry and an extra +argument). +As with +.Fn lh__doall , +you can instead choose to declare your callback with a prototype +matching the types you are dealing with and use the declare/implement +macros to create compatible wrappers that cast variables before calling +your type-specific callbacks. +An example of this is demonstrated here (printing all hash table entries +to a BIO that is provided by the caller): +.Bd -literal -offset 2n +/* Print item 'a' to 'output_bio' (this is implemented elsewhere) */ +void STUFF_print_doall_arg(const STUFF *a, BIO *output_bio); +/* Implement a prototype-compatible wrapper for "STUFF_print" */ +static IMPLEMENT_LHASH_DOALL_ARG_FN(STUFF, const STUFF, BIO) + /* ... then later in the code ... */ +/* Print out the entire hashtable to a particular BIO */ +lh_STUFF_doall_arg(hashtable, LHASH_DOALL_ARG_FN(STUFF_print), BIO, + logging_bio); +.Ed +.Pp +.Fn lh__error +can be used to determine if an error occurred in the last operation. +.Fn lh__error +is a macro. +.Sh RETURN VALUES +.Fn lh__new +returns +.Dv NULL +on error, otherwise a pointer to the new +.Vt LHASH +structure. +.Pp +When a hash table entry is replaced, +.Fn lh__insert +returns the value being replaced. +.Dv NULL +is returned on normal operation and on error. +.Pp +.Fn lh__delete +returns the entry being deleted. +.Dv NULL +is returned if there is no such value in the hash table. +.Pp +.Fn lh__retrieve +returns the hash table entry if it has been found, or +.Dv NULL +otherwise. +.Pp +.Fn lh__error +returns 1 if an error occurred in the last operation, or 0 otherwise. +.Pp +.Fn lh__free , +.Fn lh__doall , +and +.Fn lh__doall_arg +return no values. +.Sh NOTES +The various LHASH macros and callback types exist to make it possible to +write type-checked code without resorting to function-prototype casting +\(em an evil that makes application code much harder to audit/verify and +also opens the window of opportunity for stack corruption and other +hard-to-find bugs. +It also, apparently, violates ANSI-C. +.Pp +The LHASH code regards table entries as constant data. +As such, it internally represents +.Fn lh__insert Ap ed +items with a +.Vt const void * +pointer type. +This is why callbacks such as those used by +.Fn lh__doall +and +.Fn lh__doall_arg +declare their prototypes with "const", even for the parameters that pass +back the table items' data pointers \(em for consistency, user-provided +data is "const" at all times as far as the LHASH code is concerned. +However, as callers are themselves providing these pointers, they can +choose whether they too should be treating all such parameters as +constant. +.Pp +As an example, a hash table may be maintained by code that, for +reasons of encapsulation, has only "const" access to the data being +indexed in the hash table (i.e. it is returned as "const" from +elsewhere in their code) \(em in this case the LHASH prototypes are +appropriate as-is. +Conversely, if the caller is responsible for the life-time of the data +in question, then they may well wish to make modifications to table item +passed back in the +.Fn lh__doall +or +.Fn lh__doall_arg +callbacks (see the "STUFF_cleanup" example above). +If so, the caller can either cast the "const" away (if they're providing +the raw callbacks themselves) or use the macros to declare/implement the +wrapper functions without "const" types. +.Pp +Callers that only have "const" access to data they are indexing in a +table, yet declare callbacks without constant types (or cast the "const" +away themselves), are therefore creating their own risks/bugs without +being encouraged to do so by the API. +On a related note, those auditing code should pay special attention +to any instances of DECLARE/IMPLEMENT_LHASH_DOALL_[ARG_]_FN macros +that provide types without any "const" qualifiers. +.Sh INTERNALS +The following description is based on the SSLeay documentation: +.Pp +The lhash library implements a hash table described in the +.Em Communications of the ACM +in 1991. +What makes this hash table different is that as the table fills, +the hash table is increased (or decreased) in size via +.Xr OPENSSL_realloc 3 . +When a 'resize' is done, instead of all hashes being redistributed over +twice as many 'buckets', one bucket is split. +So when an 'expand' is done, there is only a minimal cost to +redistribute some values. +Subsequent inserts will cause more single 'bucket' redistributions but +there will never be a sudden large cost due to redistributing all the +\&'buckets'. +.Pp +The state for a particular hash table is kept in the +.Vt LHASH +structure. +The decision to increase or decrease the hash table size is made +depending on the 'load' of the hash table. +The load is the number of items in the hash table divided by the size of +the hash table. +The default values are as follows. +If (hash->up_load < load) => expand. +if (hash->down_load > load) => contract. +The +.Fa up_load +has a default value of 1 and +.Fa down_load +has a default value of 2. +These numbers can be modified by the application by just playing +with the +.Fa up_load +and +.Fa down_load +variables. +The 'load' is kept in a form which is multiplied by 256. +So hash->up_load=8*256 will cause a load of 8 to be set. +.Pp +If you are interested in performance the field to watch is +.Fa num_comp_calls . +The hash library keeps track of the 'hash' value for each item so when a +lookup is done, the 'hashes' are compared, if there is a match, then a +full compare is done, and hash->num_comp_calls is incremented. +If num_comp_calls is not equal to num_delete plus num_retrieve it means +that your hash function is generating hashes that are the same for +different values. +It is probably worth changing your hash function if this is the case +because even if your hash table has 10 items in a 'bucket', it can be +searched with 10 +.Vt unsigned long +compares and 10 linked list traverses. +This will be much less expensive that 10 calls to your compare function. +.Pp +.Fn lh_strhash +is a demo string hashing function: +.Pp +.Dl unsigned long lh_strhash(const char *c); +.Pp +Since the LHASH routines would normally be passed structures, this +routine would not normally be passed to +.Fn lh__new , +rather it would be used in the function passed to +.Fn lh__new . +.Sh SEE ALSO +.Xr lh_stats 3 +.Sh HISTORY +.Fn lh_new , +.Fn lh_free , +.Fn lh_insert , +.Fn lh_delete , +.Fn lh_retrieve , +and +.Fn lh_doall +appeared in SSLeay 0.4 or earlier. +.Fn lh_doall_arg +first appeared in SSLeay 0.5.1. +These functions have been available since +.Ox 2.4 . +.Pp +.Fn lh__error +was added in SSLeay 0.9.1b. +.Pp +In OpenSSL 0.9.7, all lhash functions that were passed function pointers +were changed for better type safety, and the function types +.Vt LHASH_COMP_FN_TYPE , +.Vt LHASH_HASH_FN_TYPE , +.Vt LHASH_DOALL_FN_TYPE , +and +.Vt LHASH_DOALL_ARG_FN_TYPE +became available. +.Pp +In OpenSSL 1.0.0, the lhash interface was revamped for even better type +checking. +.Sh BUGS +.Fn lh__insert +returns +.Dv NULL +both for success and error. diff --git a/src/lib/libcrypto/man/lh_stats.3 b/src/lib/libcrypto/man/lh_stats.3 new file mode 100644 index 00000000000..e057d7d65e5 --- /dev/null +++ b/src/lib/libcrypto/man/lh_stats.3 @@ -0,0 +1,208 @@ +.\" $OpenBSD: lh_stats.3,v 1.6 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL e2f92610 May 18 11:44:05 2016 -0400 +.\" +.\" -------------------------------------------------------------------------- +.\" Major patches to this file were contributed by +.\" Ulf Moeller . +.\" -------------------------------------------------------------------------- +.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.\" -------------------------------------------------------------------------- +.\" Parts of this file are derived from SSLeay documentation, +.\" which is covered by the following Copyright and license: +.\" -------------------------------------------------------------------------- +.\" +.\" Copyright (C) 1995-1998 Tim Hudson (tjh@cryptsoft.com) +.\" All rights reserved. +.\" +.\" This package is an SSL implementation written +.\" by Eric Young (eay@cryptsoft.com). +.\" The implementation was written so as to conform with Netscapes SSL. +.\" +.\" This library is free for commercial and non-commercial use as long as +.\" the following conditions are aheared to. The following conditions +.\" apply to all code found in this distribution, be it the RC4, RSA, +.\" lhash, DES, etc., code; not just the SSL code. The SSL documentation +.\" included with this distribution is covered by the same copyright terms +.\" except that the holder is Tim Hudson (tjh@cryptsoft.com). +.\" +.\" Copyright remains Eric Young's, and as such any Copyright notices in +.\" the code are not to be removed. +.\" If this package is used in a product, Eric Young should be given +.\" attribution as the author of the parts of the library used. +.\" This can be in the form of a textual message at program startup or +.\" in documentation (online or textual) provided with the package. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. All advertising materials mentioning features or use of this software +.\" must display the following acknowledgement: +.\" "This product includes cryptographic software written by +.\" Eric Young (eay@cryptsoft.com)" +.\" The word 'cryptographic' can be left out if the rouines from the +.\" library being used are not cryptographic related :-). +.\" 4. If you include any Windows specific code (or a derivative thereof) +.\" from the apps directory (application code) you must include an +.\" acknowledgement: "This product includes software written by +.\" Tim Hudson (tjh@cryptsoft.com)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" The licence and distribution terms for any publically available version or +.\" derivative of this code cannot be changed. i.e. this code cannot simply be +.\" copied and put under another distribution licence +.\" [including the GNU Public Licence.] +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt LH_STATS 3 +.Os +.Sh NAME +.Nm lh_stats , +.Nm lh_node_stats , +.Nm lh_node_usage_stats , +.Nm lh_stats_bio , +.Nm lh_node_stats_bio , +.Nm lh_node_usage_stats_bio +.Nd LHASH statistics +.Sh SYNOPSIS +.In openssl/lhash.h +.Ft void +.Fo lh_stats +.Fa "LHASH *table" +.Fa "FILE *out" +.Fc +.Ft void +.Fo lh_node_stats +.Fa "LHASH *table" +.Fa "FILE *out" +.Fc +.Ft void +.Fo lh_node_usage_stats +.Fa "LHASH *table" +.Fa "FILE *out" +.Fc +.Ft void +.Fo lh_stats_bio +.Fa "LHASH *table" +.Fa "BIO *out" +.Fc +.Ft void +.Fo lh_node_stats_bio +.Fa "LHASH *table" +.Fa "BIO *out" +.Fc +.Ft void +.Fo lh_node_usage_stats_bio +.Fa "LHASH *table" +.Fa "BIO *out" +.Fc +.Sh DESCRIPTION +The +.Vt LHASH +structure records statistics about most aspects of accessing the hash +table. +.Pp +.Fn lh_stats +prints out statistics on the size of the hash table, how many entries +are in it, and the number and result of calls to the routines in this +library. +.Pp +.Fn lh_node_stats +prints the number of entries for each 'bucket' in the hash table. +.Pp +.Fn lh_node_usage_stats +prints out a short summary of the state of the hash table. +It prints the 'load' and the 'actual load'. +The load is the average number of data items per 'bucket' in the hash +table. +The 'actual load' is the average number of items per 'bucket', but only +for buckets which contain entries. +So the 'actual load' is the average number of searches that will need to +find an item in the hash table, while the 'load' is the average number +that will be done to record a miss. +.Pp +.Fn lh_stats_bio , +.Fn lh_node_stats_bio , +and +.Fn lh_node_usage_stats_bio +are the same as the above, except that the output goes to a +.Vt BIO . +.Sh RETURN VALUES +These functions do not return values. +.Sh SEE ALSO +.Xr BIO_new 3 , +.Xr lh_new 3 +.Sh HISTORY +.Fn lh_stats , +.Fn lh_node_stats , +.Fn lh_node_usage_stats +appeared in SSLeay 0.4. +.Fn lh_stats_bio , +.Fn lh_node_stats_bio , +and +.Fn lh_node_usage_stats_bio +first appeared in SSLeay 0.6.0. +These functions have been available since +.Ox 2.4 . +.Sh AUTHORS +.An Eric Young diff --git a/src/lib/libcrypto/man/openssl.cnf.5 b/src/lib/libcrypto/man/openssl.cnf.5 new file mode 100644 index 00000000000..49b6c39514d --- /dev/null +++ b/src/lib/libcrypto/man/openssl.cnf.5 @@ -0,0 +1,465 @@ +.\" $OpenBSD: openssl.cnf.5,v 1.5 2019/01/02 07:42:21 jmc Exp $ +.\" full merge up to: OpenSSL man5/config b53338cb Feb 28 12:30:28 2017 +0100 +.\" selective merge up to: OpenSSL a8c5ed81 Jul 18 13:57:25 2017 -0400 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 1999, 2000, 2004, 2013, 2015, 2016, 2017 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: January 2 2019 $ +.Dt OPENSSL.CNF 5 +.Os +.Sh NAME +.Nm openssl.cnf +.Nd OpenSSL configuration files +.Sh DESCRIPTION +The OpenSSL CONF library can be used to read configuration files; see +.Xr CONF_modules_load_file 3 . +It is used for the OpenSSL master configuration file +.Pa /etc/ssl/openssl.cnf +and in a few other places like +.Sy SPKAC +files and certificate extension files for the +.Xr openssl 1 +.Cm x509 +utility. +OpenSSL applications can also use the CONF library for their own +purposes. +.Pp +A configuration file is divided into a number of sections. +Each section starts with a line +.Bq Ar section_name +and ends when a new section is started or the end of the file is reached. +A section name can consist of alphanumeric characters and underscores. +.Pp +The first section of a configuration file is special and is referred to +as the +.Dq default section . +It is usually unnamed and extends from the start of file to the +first named section. +When a name is being looked up, it is first looked up in a named +section (if any) and then in the default section. +.Pp +The environment is mapped onto a section called +.Ic ENV . +.Pp +Comments can be included by preceding them with the +.Ql # +character. +.Pp +Each section in a configuration file consists of a number of name and +value pairs of the form +.Ar name Ns = Ns Ar value . +.Pp +The +.Ar name +string can contain any alphanumeric characters as well as a few +punctuation symbols such as +.Ql \&. +.Ql \&, +.Ql \&; +and +.Ql _ . +.Pp +The +.Ar value +string consists of the string following the +.Ql = +character until the end of the line with any leading and trailing +whitespace removed. +.Pp +The value string undergoes variable expansion. +This can be done by including substrings of the form +.Pf $ Ar name +or +.Pf $ Brq Ar name : +this will substitute the value of the named variable in the current +section. +It is also possible to substitute a value from another section using the +syntax +.Pf $ Ar section Ns :: Ns Ar name +or +.Pf $ Brq Ar section Ns :: Ns Ar name . +By using the form +.Pf $ Ic ENV Ns :: Ns Ar name , +environment variables can be substituted. +It is also possible to assign values to environment variables by using +the name +.Ic ENV Ns :: Ns Ar name . +This will work if the program looks up environment variables using +the CONF library instead of calling +.Xr getenv 3 +directly. +.Pp +It is possible to escape certain characters by using any kind of quote +or the +.Ql \e +character. +By making the last character of a line a +.Ql \e , +a +.Ar value +string can be spread across multiple lines. +In addition the sequences +.Ql \en , +.Ql \er , +.Ql \eb , +and +.Ql \et +are recognized. +.Sh OPENSSL LIBRARY CONFIGURATION +Applications can automatically configure certain aspects of OpenSSL +using the master OpenSSL configuration file, or optionally an +alternative configuration file. +The +.Xr openssl 1 +utility includes this functionality: any sub command uses the master +OpenSSL configuration file unless an option is used in the sub command +to use an alternative configuration file. +.Pp +To enable library configuration, the default section needs to contain +an appropriate line which points to the main configuration section. +The default name is +.Ic openssl_conf , +which is used by the +.Xr openssl 1 +utility. +Other applications may use an alternative name such as +.Sy myapplication_conf . +All library configuration lines appear in the default section +at the start of the configuration file. +.Pp +The configuration section should consist of a set of name value pairs +which contain specific module configuration information. +The +.Ar name +represents the name of the configuration module. +The meaning of the +.Ar value +is module specific: it may, for example, represent a further +configuration section containing configuration module specific +information. +For example: +.Bd -literal -offset indent +# The following line must be in the default section. +openssl_conf = openssl_init + +[openssl_init] +oid_section = new_oids +engines = engine_section + +[new_oids] +\&... new oids here ... + +[engine_section] +\&... engine stuff here ... +.Ed +.Pp +The features of each configuration module are described below. +.Ss ASN1 Object Configuration Module +This module has the name +.Ic oid_section . +The value of this variable points to a section containing name value +pairs of OIDs: the name is the OID short and long name, and the value is the +numerical form of the OID. +Although some of the +.Xr openssl 1 +utility subcommands already have their own ASN1 OBJECT section +functionality, not all do. +By using the ASN1 OBJECT configuration module, all the +.Xr openssl 1 +utility subcommands can see the new objects as well as any compliant +applications. +For example: +.Bd -literal -offset indent +[new_oids] +some_new_oid = 1.2.3.4 +some_other_oid = 1.2.3.5 +.Ed +.Pp +It is also possible to set the value to the long name followed by a +comma and the numerical OID form. +For example: +.Pp +.Dl shortName = some object long name, 1.2.3.4 +.Ss Engine Configuration Module +This ENGINE configuration module has the name +.Ic engines . +The value of this variable points to a section containing further ENGINE +configuration information. +.Pp +The section pointed to by +.Ic engines +is a table of engine names (though see +.Ic engine_id +below) and further sections containing configuration information +specific to each ENGINE. +.Pp +Each ENGINE specific section is used to set default algorithms, load +dynamic ENGINEs, perform initialization and send ctrls. +The actual operation performed depends on the command +name which is the name of the name value pair. +The currently supported commands are listed below. +.Pp +For example: +.Bd -literal -offset indent +[engine_section] +# Configure ENGINE named "foo" +foo = foo_section +# Configure ENGINE named "bar" +bar = bar_section + +[foo_section] +\&... foo ENGINE specific commands ... + +[bar_section] +\&... "bar" ENGINE specific commands ... +.Ed +.Pp +The command +.Ic engine_id +is used to give the ENGINE name. +If used this command must be first. +For example: +.Bd -literal -offset indent +[engine_section] +# This would normally handle an ENGINE named "foo" +foo = foo_section + +[foo_section] +# Override default name and use "myfoo" instead. +engine_id = myfoo +.Ed +.Pp +The command +.Ic dynamic_path +loads and adds an ENGINE from the given path. +It is equivalent to sending the ctrls +.Sy SO_PATH +with the path argument followed by +.Sy LIST_ADD +with value 2 and +.Sy LOAD +to the dynamic ENGINE. +If this is not the required behaviour then alternative ctrls can be sent +directly to the dynamic ENGINE using ctrl commands. +.Pp +The command +.Ic init +determines whether to initialize the ENGINE. +If the value is 0, the ENGINE will not be initialized. +If it is 1, an attempt is made to initialized the ENGINE immediately. +If the +.Ic init +command is not present, then an attempt will be made to initialize +the ENGINE after all commands in its section have been processed. +.Pp +The command +.Ic default_algorithms +sets the default algorithms an ENGINE will supply using the functions +.Xr ENGINE_set_default_string 3 . +.Pp +If the name matches none of the above command names it is assumed +to be a ctrl command which is sent to the ENGINE. +The value of the command is the argument to the ctrl command. +If the value is the string +.Cm EMPTY , +then no value is sent to the command. +.Pp +For example: +.Bd -literal -offset indent +[engine_section] +# Configure ENGINE named "foo" +foo = foo_section + +[foo_section] +# Load engine from DSO +dynamic_path = /some/path/fooengine.so +# A foo specific ctrl. +some_ctrl = some_value +# Another ctrl that doesn't take a value. +other_ctrl = EMPTY +# Supply all default algorithms +default_algorithms = ALL +.Ed +.Sh FILES +.Bl -tag -width /etc/ssl/openssl.cnf -compact +.It Pa /etc/ssl/openssl.cnf +standard configuration file +.El +.Sh EXAMPLES +Here is a sample configuration file using some of the features +mentioned above: +.Bd -literal -offset indent +# This is the default section. +HOME=/temp +RANDFILE= ${ENV::HOME}/.rnd +configdir=$ENV::HOME/config + +[ section_one ] +# We are now in section one. + +# Quotes permit leading and trailing whitespace +any = " any variable name " + +other = A string that can \e +cover several lines \e +by including \e\e characters + +message = Hello World\en + +[ section_two ] +greeting = $section_one::message +.Ed +.Pp +This next example shows how to expand environment variables safely. +.Pp +Suppose you want a variable called +.Sy tmpfile +to refer to a temporary filename. +The directory it is placed in can determined by the +.Ev TEMP +or +.Ev TMP +environment variables but they may not be set to any value at all. +If you just include the environment variable names and the variable +doesn't exist then this will cause an error when an attempt is made to +load the configuration file. +By making use of the default section both values can be looked up with +.Ev TEMP +taking priority and +.Pa /tmp +used if neither is defined: +.Bd -literal -offset indent +TMP=/tmp +# The above value is used if TMP isn't in the environment +TEMP=$ENV::TMP +# The above value is used if TEMP isn't in the environment +tmpfile=${ENV::TEMP}/tmp.filename +.Ed +.Pp +More complex OpenSSL library configuration. +Add OID: +.Bd -literal -offset indent +# Default appname: should match "appname" parameter (if any) +# supplied to CONF_modules_load_file et al. +openssl_conf = openssl_conf_section + +[openssl_conf_section] +# Configuration module list +alg_section = evp_sect +oid_section = new_oids + +[new_oids] +# New OID, just short name +newoid1 = 1.2.3.4.1 +# New OID shortname and long name +newoid2 = New OID 2 long name, 1.2.3.4.2 +.Ed +.Pp +The above examples can be used with any application supporting library +configuration if "openssl_conf" is modified to match the appropriate +"appname". +.Pp +For example if the second sample file above is saved to "example.cnf" +then the command line: +.Pp +.Dl OPENSSL_CONF=example.cnf openssl asn1parse -genstr OID:1.2.3.4.1 +.Pp +will output: +.Dl 0:d=0 hl=2 l= 4 prim: OBJECT :newoid1 +.Pp +showing that the OID "newoid1" has been added as "1.2.3.4.1". +.Sh SEE ALSO +.Xr openssl 1 , +.Xr CONF_modules_load_file 3 , +.Xr x509v3.cnf 5 +.Sh CAVEATS +If a configuration file attempts to expand a variable that doesn't +exist, then an error is flagged and the file will not load. +This can also happen if an attempt is made to expand an environment +variable that doesn't exist. +For example, in a previous version of OpenSSL the default OpenSSL +master configuration file used the value of +.Ev HOME +which may not be defined on non Unix systems and would cause an error. +.Pp +This can be worked around by including a default section to provide +a default value: then if the environment lookup fails, the default +value will be used instead. +For this to work properly, the default value must be defined earlier +in the configuration file than the expansion. +See the +.Sx EXAMPLES +section for an example of how to do this. +.Pp +If the same variable is defined more than once in the same section, +then all but the last value will be silently ignored. +In certain circumstances such as with DNs, the same field may occur +multiple times. +This is usually worked around by ignoring any characters before an +initial +.Ql \&. , +for example: +.Bd -literal -offset indent +1.OU="My first OU" +2.OU="My Second OU" +.Ed +.Sh BUGS +Currently there is no way to include characters using the octal +.Pf \e Ar nnn +form. +Strings are all NUL terminated, so NUL bytes cannot form part of +the value. +.Pp +The escaping isn't quite right: if you want to use sequences like +.Ql \en , +you can't use any quote escaping on the same line. +.Pp +Files are loaded in a single pass. +This means that a variable expansion will only work if the variables +referenced are defined earlier in the file. diff --git a/src/lib/libcrypto/man/x509v3.cnf.5 b/src/lib/libcrypto/man/x509v3.cnf.5 new file mode 100644 index 00000000000..d307e6a1d09 --- /dev/null +++ b/src/lib/libcrypto/man/x509v3.cnf.5 @@ -0,0 +1,737 @@ +.\" $OpenBSD: x509v3.cnf.5,v 1.5 2018/08/26 18:04:54 jmc Exp $ +.\" full merge up to: +.\" OpenSSL man5/x509v3_config a41815f0 Mar 17 18:43:53 2017 -0700 +.\" selective merge up to: OpenSSL 36cf10cf Oct 4 02:11:08 2017 -0400 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2004, 2006, 2013, 2014, 2015, 2016 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: August 26 2018 $ +.Dt X509V3.CNF 5 +.Os +.Sh NAME +.Nm x509v3.cnf +.Nd X.509 V3 certificate extension configuration format +.Sh DESCRIPTION +Several of the OpenSSL utilities can add extensions to a certificate or +certificate request based on the contents of a configuration file. +The file format is based on the +.Xr openssl.cnf 5 +format. +.Pp +Typically the application will contain an option to point to an +extension section. +Each line of the extension section takes the form: +.Pp +.D1 Ar extension_name Ns = Ns Oo Cm critical , Oc Ar extension_options +.Pp +If +.Cm critical +is present, then the extension will be critical. +.Pp +The format of +.Ar extension_options +depends on the value of +.Ar extension_name . +.Pp +There are four main types of extension: string extensions, multi-valued +extensions, raw extensions, and arbitrary extensions. +.Pp +String extensions simply have a string which contains either the value +itself or how it is obtained. +For example: +.Pp +.Dl nsComment="This is a Comment" +.Pp +Multi-valued extensions have a short form and a long form. +The short form is a list of names and values: +.Pp +.Dl basicConstraints=critical,CA:true,pathlen:1 +.Pp +The long form allows the values to be placed in a separate section: +.Bd -literal -offset indent +basicConstraints=critical,@bs_section + +[bs_section] +CA=true +pathlen=1 +.Ed +.Pp +Both forms are equivalent. +.Pp +The syntax of raw extensions is governed by the extension code: +it can for example contain data in multiple sections. +The correct syntax to use is defined by the extension code itself: +check out the certificate policies extension for an example. +.Pp +If an extension type is unsupported, then the arbitrary extension +syntax must be used; see the +.Sx ARBITRARY EXTENSIONS +section for more details. +.Sh STANDARD EXTENSIONS +The following sections describe each supported extension in detail. +.Ss Basic constraints +This is a multi-valued extension which indicates whether a certificate +is a CA certificate. +The first (mandatory) name is +.Ic CA +followed by +.Cm TRUE +or +.Cm FALSE . +If +.Ic CA +is +.Cm TRUE , +then an optional +.Ic pathlen +name followed by a non-negative value can be included. +For example: +.Bd -literal -offset indent +basicConstraints=CA:TRUE +basicConstraints=CA:FALSE +basicConstraints=critical,CA:TRUE, pathlen:0 +.Ed +.Pp +A CA certificate must include the +.Ic basicConstraints +value with the +.Ic CA +field set to +.Cm TRUE . +An end user certificate must either set +.Ic CA +to +.Cm FALSE +or exclude the extension entirely. +Some software may require the inclusion of +.Ic basicConstraints +with +.Ic CA +set to +.Cm FALSE +for end entity certificates. +.Pp +The +.Ic pathlen +parameter indicates the maximum number of CAs that can appear below +this one in a chain. +So if you have a CA with a +.Ic pathlen +of zero it can only be used to sign end user certificates and not +further CAs. +.Ss Key usage +Key usage is a multi-valued extension consisting of a list of names of +the permitted key usages. +.Pp +The supported names are: +.Ic digitalSignature , +.Ic nonRepudiation , +.Ic keyEncipherment , +.Ic dataEncipherment , +.Ic keyAgreement , +.Ic keyCertSign , +.Ic cRLSign , +.Ic encipherOnly , +and +.Ic decipherOnly . +Examples: +.Bd -literal -offset indent +keyUsage=digitalSignature, nonRepudiation +keyUsage=critical, keyCertSign +.Ed +.Ss Extended key usage +This extensions consists of a list of usages indicating purposes for +which the certificate public key can be used for. +.Pp +These can either be object short names or the dotted numerical form of OIDs. +While any OID can be used, only certain values make sense. +In particular the following PKIX, NS and MS values are meaningful: +.Bl -column emailProtection +.It Em value Ta Em meaning +.It Ic serverAuth Ta SSL/TLS web server authentication +.It Ic clientAuth Ta SSL/TLS web client authentication +.It Ic codeSigning Ta code signing +.It Ic emailProtection Ta E-mail protection (S/MIME) +.It Ic timeStamping Ta trusted timestamping +.It Ic OCSPSigning Ta OCSP signing +.It Ic ipsecIKE Ta IPsec internet key exchange +.It Ic msCodeInd Ta Microsoft individual code signing (authenticode) +.It Ic msCodeCom Ta Microsoft commercial code signing (authenticode) +.It Ic msCTLSign Ta Microsoft trust list signing +.It Ic msEFS Ta Microsoft encrypted file system +.El +.Pp +Examples: +.Bd -literal -offset indent +extendedKeyUsage=critical,codeSigning,1.2.3.4 +extendedKeyUsage=serverAuth,clientAuth +.Ed +.Ss Subject key identifier +This is really a string extension and can take two possible values. +Either the word +.Cm hash +which will automatically follow the guidelines in RFC 3280 +or a hex string giving the extension value to include. +The use of the hex string is strongly discouraged. +Example: +.Pp +.Dl subjectKeyIdentifier=hash +.Ss Authority key identifier +The authority key identifier extension permits two options, +.Cm keyid +and +.Cm issuer : +both can take the optional value +.Cm always . +.Pp +If the +.Cm keyid +option is present, an attempt is made to copy the subject +key identifier from the parent certificate. +If the value +.Cm always +is present, then an error is returned if the option fails. +.Pp +The +.Cm issuer +option copies the issuer and serial number from the issuer certificate. +This will only be done if the +.Cm keyid +option fails or is not included unless the +.Cm always +flag will always include the value. +Example: +.Pp +.Dl authorityKeyIdentifier=keyid,issuer +.Ss Subject alternative name +The subject alternative name extension allows various literal values to +be included in the configuration file. +These include +.Ic email +(an email address), +.Ic URI +(a uniform resource indicator), +.Ic DNS +(a DNS domain name), +.Ic RID +(a registered ID: OBJECT IDENTIFIER), +.Ic IP +(an IP address), +.Ic dirName +(a distinguished name), and +.Ic otherName . +.Pp +The +.Ic email +option can include a special +.Cm copy +value. +This will automatically include any email addresses contained in the +certificate subject name in the extension. +.Pp +The IP address used in the +.Ic IP +options can be in either IPv4 or IPv6 format. +.Pp +The value of +.Ic dirName +should point to a section containing the distinguished name to use as a +set of name value pairs. +Multi values AVAs can be formed by prefacing the name with a +.Ql + +character. +.Pp +.Ic otherName +can include arbitrary data associated with an OID: the value should +be the OID followed by a semicolon and the content in standard +.Xr ASN1_generate_nconf 3 +format. +Examples: +.Bd -literal -offset 2n +subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/ +subjectAltName=IP:192.168.7.1 +subjectAltName=IP:13::17 +subjectAltName=email:my@other.address,RID:1.2.3.4 +subjectAltName=otherName:1.2.3.4;UTF8:some other identifier + +subjectAltName=dirName:dir_sect + +[dir_sect] +C=UK +O=My Organization +OU=My Unit +CN=My Name +.Ed +.Ss Issuer alternative name +The issuer alternative name option supports all the literal options of +subject alternative name. +It does not support the +.Ic email : Ns Cm copy +option because that would not make sense. +It does support an additional +.Ic issuer : Ns Cm copy +option that will copy all the subject alternative name values from +the issuer certificate (if possible). +Example: +.Pp +.Dl issuerAltName = issuer:copy +.Ss Authority info access +The authority information access extension gives details about how to +access certain information relating to the CA. +Its syntax is +.Ar accessOID ; location +where +.Ar location +has the same syntax as subject alternative name (except that +.Ic email : Ns Cm copy +is not supported). +.Ar accessOID +can be any valid OID but only certain values are meaningful, +for example +.Cm OCSP +and +.Cm caIssuers . +Example: +.Bd -literal -offset indent +authorityInfoAccess = OCSP;URI:http://ocsp.my.host/ +authorityInfoAccess = caIssuers;URI:http://my.ca/ca.html +.Ed +.Ss CRL distribution points +This is a multi-valued extension whose options can be either in +.Ar name : Ns Ar value +pair form using the same form as subject alternative name or a +single value representing a section name containing all the +distribution point fields. +.Pp +For a +.Ar name : Ns Ar value +pair a new DistributionPoint with the fullName field set to the +given value, both the cRLissuer and reasons fields are omitted in +this case. +.Pp +In the single option case, the section indicated contains values +for each field. +In this section: +.Pp +If the name is +.Ic fullname , +the value field should contain the full name of the distribution +point in the same format as subject alternative name. +.Pp +If the name is +.Ic relativename , +then the value field should contain a section name whose contents +represent a DN fragment to be placed in this field. +.Pp +The name +.Ic CRLIssuer , +if present, should contain a value for this field in subject +alternative name format. +.Pp +If the name is +.Ic reasons , +the value field should consist of a comma separated field containing +the reasons. +Valid reasons are: +.Cm keyCompromise , +.Cm CACompromise , +.Cm affiliationChanged , +.Cm superseded , +.Cm cessationOfOperation , +.Cm certificateHold , +.Cm privilegeWithdrawn , +and +.Cm AACompromise . +.Pp +Simple examples: +.Bd -literal -offset indent +crlDistributionPoints=URI:http://myhost.com/myca.crl +crlDistributionPoints=URI:http://my.com/my.crl,URI:http://oth.com/my.crl +.Ed +.Pp +Full distribution point example: +.Bd -literal -offset indent +crlDistributionPoints=crldp1_section + +[crldp1_section] +fullname=URI:http://myhost.com/myca.crl +CRLissuer=dirName:issuer_sect +reasons=keyCompromise, CACompromise + +[issuer_sect] +C=UK +O=Organisation +CN=Some Name +.Ed +.Ss Issuing distribution point +This extension should only appear in CRLs. +It is a multi-valued extension whose syntax is similar to the "section" +pointed to by the CRL distribution points extension with a few +differences. +.Pp +The names +.Ic reasons +and +.Ic CRLissuer +are not recognized. +.Pp +The name +.Ic onlysomereasons +is accepted, which sets this field. +The value is in the same format as the CRL distribution point +.Ic reasons +field. +.Pp +The names +.Ic onlyuser , +.Ic onlyCA , +.Ic onlyAA , +and +.Ic indirectCRL +are also accepted. +The values should be a boolean values +.Cm ( TRUE +or +.Cm FALSE ) +to indicate the value of the corresponding field. +Example: +.Bd -literal -offset indent +issuingDistributionPoint=critical, @idp_section + +[idp_section] +fullname=URI:http://myhost.com/myca.crl +indirectCRL=TRUE +onlysomereasons=keyCompromise, CACompromise + +[issuer_sect] +C=UK +O=Organisation +CN=Some Name +.Ed +.Ss Certificate policies +This is a raw extension. +All the fields of this extension can be set by using the appropriate +syntax. +.Pp +If you follow the PKIX recommendations and just use one OID, then you +just include the value of that OID. +Multiple OIDs can be set separated by commas, for example: +.Pp +.Dl certificatePolicies= 1.2.4.5, 1.1.3.4 +.Pp +If you wish to include qualifiers, then the policy OID and qualifiers +need to be specified in a separate section: this is done by using the +.Pf @ Ar section +syntax instead of a literal OID value. +.Pp +The section referred to must include the policy OID using the name +.Ic policyIdentifier . +.Ic CPSuri +qualifiers can be included using the syntax: +.Pp +.D1 Ic CPS . Ns Ar nnn Ns = Ns Ar value +.Pp +.Ic userNotice +qualifiers can be set using the syntax: +.Pp +.D1 Ic userNotice . Ns Ar nnn Ns =@ Ns Ar notice +.Pp +The value of the +.Ic userNotice +qualifier is specified in the relevant section. +This section can include +.Ic explicitText , +.Ic organization , +and +.Ic noticeNumbers +options. +.Ic explicitText +and +.Ic organization +are text strings, +and +.Ic noticeNumbers +is a comma separated list of numbers. +The +.Ic organization +and +.Ic noticeNumbers +options (if included) must +.Em both +be present. +If you use the +.Ic userNotice +option with IE5 then you need the +.Ic ia5org +option at the top level to modify the encoding: otherwise it will +not be interpreted properly. +Example: +.Bd -literal -offset indent +certificatePolicies=ia5org,1.2.3.4,1.5.6.7.8,@polsect + +[polsect] +policyIdentifier = 1.3.5.8 +CPS.1="http://my.host.name/" +CPS.2="http://my.your.name/" +userNotice.1=@notice + +[notice] +explicitText="Explicit Text Here" +organization="Organisation Name" +noticeNumbers=1,2,3,4 +.Ed +.Pp +The +.Ic ia5org +option changes the type of the +.Ic organization +field. +In RFC 2459, it can only be of type +.Vt DisplayText . +In RFC 3280, +.Vt IA5String +is also permissible. +Some software (for example some versions of MSIE) may require +.Ic ia5org . +.Ss Policy constraints +This is a multi-valued extension which consists of the names +.Ic requireExplicitPolicy +or +.Ic inhibitPolicyMapping +and a non-negative integer value. +At least one component must be present. +Example: +.Pp +.Dl policyConstraints = requireExplicitPolicy:3 +.Ss Inhibit any policy +This is a string extension whose value must be a non-negative integer. +Example: +.Pp +.Dl inhibitAnyPolicy = 2 +.Ss Name constraints +The name constraints extension is a multi-valued extension. +The name should begin with the word +.Cm permitted +or +.Cm excluded , +followed by a semicolon. +The rest of the name and the value follows the syntax of subjectAltName +except +.Ic email : Ns Cm copy +is not supported and the +.Ic IP +form should consist of an IP addresses and subnet mask separated +by a slash. +Examples: +.Bd -literal -offset indent +nameConstraints=permitted;IP:192.168.0.0/255.255.0.0 +nameConstraints=permitted;email:.somedomain.com +nameConstraints=excluded;email:.com +.Ed +.Ss OCSP no check +The OCSP no check extension is a string extension, +but its value is ignored. +Example: +.Pp +.Dl noCheck = ignored +.Ss TLS Feature (aka must staple) +This is a multi-valued extension consisting of a list of TLS extension +identifiers. +Each identifier may be a number in the range from 0 to 65535 or a +supported name. +When a TLS client sends a listed extension, the TLS server is expected +to include that extension in its reply. +.Pp +The supported names are: +.Cm status_request +and +.Cm status_request_v2 . +Example: +.Pp +.Dl tlsfeature = status_request +.Sh DEPRECATED EXTENSIONS +The following extensions are non-standard, Netscape specific and largely +obsolete. +Their use in new applications is discouraged. +.Ss Netscape string extensions +Netscape comment +.Ic ( nsComment ) +is a string extension containing a comment which will be displayed when +the certificate is viewed in some browsers. +Example: +.Pp +.Dl nsComment = "Some Random Comment" +.Pp +Other supported extensions in this category are: +.Ic nsBaseUrl , +.Ic nsRevocationUrl , +.Ic nsCaRevocationUrl , +.Ic nsRenewalUrl , +.Ic nsCaPolicyUrl , +and +.Ic nsSslServerName . +.Ss Netscape certificate type +This is a multi-valued extensions which consists of a list of flags to +be included. +It was used to indicate the purposes for which a certificate could be +used. +The +.Ic basicConstraints , +.Ic keyUsage , +and extended key usage extensions are now used instead. +.Pp +Acceptable values for +.Ic nsCertType +are: +.Cm client , +.Cm server , +.Cm email , +.Cm objsign , +.Cm reserved , +.Cm sslCA , +.Cm emailCA , +.Cm objCA . +.Sh ARBITRARY EXTENSIONS +If an extension is not supported by the OpenSSL code, then it must +be encoded using the arbitrary extension format. +It is also possible to use the arbitrary format for supported +extensions. +Extreme care should be taken to ensure that the data is formatted +correctly for the given extension type. +.Pp +There are two ways to encode arbitrary extensions. +.Pp +The first way is to use the word +.Cm ASN1 +followed by the extension content using the same syntax as +.Xr ASN1_generate_nconf 3 . +For example: +.Bd -literal -offset indent +1.2.3.4=critical,ASN1:UTF8String:Some random data +1.2.3.4=ASN1:SEQUENCE:seq_sect + +[seq_sect] +field1 = UTF8:field1 +field2 = UTF8:field2 +.Ed +.Pp +It is also possible to use the word +.Cm DER +to include the raw encoded data in any extension. +.Bd -literal -offset indent +1.2.3.4=critical,DER:01:02:03:04 +1.2.3.4=DER:01020304 +.Ed +.Pp +The value following +.Cm DER +is a hex dump of the DER encoding of the extension. +Any extension can be placed in this form to override the default behaviour. +For example: +.Pp +.Dl basicConstraints=critical,DER:00:01:02:03 +.Sh FILES +.Bl -tag -width /etc/ssl/x509v3.cnf -compact +.It Pa /etc/ssl/x509v3.cnf +standard configuration file +.El +.Sh SEE ALSO +.Xr openssl 1 , +.Xr ASN1_generate_nconf 3 , +.Xr openssl.cnf 5 +.Sh HISTORY +X509v3 extension code was first added to OpenSSL 0.9.2. +.Sh CAVEATS +There is no guarantee that a specific implementation will process a +given extension. +It may therefore sometimes be possible to use certificates for purposes +prohibited by their extensions because a specific application does not +recognize or honour the values of the relevant extensions. +.Pp +The +.Cm DER +and +.Cm ASN1 +options should be used with caution. +It is possible to create totally invalid extensions if they are not used +carefully. +.Pp +If an extension is multi-value and a field value must contain a comma, +the long form must be used. +Otherwise the comma would be misinterpreted as a field separator. +For example, +.Pp +.Dl subjectAltName=URI:ldap://somehost.com/CN=foo,OU=bar +.Pp +will produce an error, but the following form is valid: +.Bd -literal -offset indent +subjectAltName=@subject_alt_section + +[subject_alt_section] +subjectAltName=URI:ldap://somehost.com/CN=foo,OU=bar +.Ed +.Pp +Due to the behaviour of the OpenSSL CONF library, the same field +name can only occur once in a section. +That means that +.Bd -literal -offset indent +subjectAltName=@alt_section + +[alt_section] +email=steve@here +email=steve@there +.Ed +.Pp +will only use the last value. +This can be worked around by using the form: +.Bd -literal -offset indent +[alt_section] +email.1=steve@here +email.2=steve@there +.Ed diff --git a/src/lib/libcrypto/md2/Makefile.ssl b/src/lib/libcrypto/md2/Makefile.ssl deleted file mode 100644 index 62a7fe61981..00000000000 --- a/src/lib/libcrypto/md2/Makefile.ssl +++ /dev/null @@ -1,90 +0,0 @@ -# -# SSLeay/crypto/md/Makefile -# - -DIR= md2 -TOP= ../.. -CC= cc -INCLUDES= -CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKE= make -f Makefile.ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) -MAKEFILE= Makefile.ssl -AR= ar r - -CFLAGS= $(INCLUDES) $(CFLAG) - -GENERAL=Makefile -TEST=md2test.c -APPS= - -LIB=$(TOP)/libcrypto.a -LIBSRC=md2_dgst.c md2_one.c -LIBOBJ=md2_dgst.o md2_one.o - -SRC= $(LIBSRC) - -EXHEADER= md2.h -HEADER= $(EXHEADER) - -ALL= $(GENERAL) $(SRC) $(HEADER) - -top: - (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) - -all: lib - -lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) || echo Never mind. - @touch lib - -files: - $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO - -links: - @sh $(TOP)/util/point.sh Makefile.ssl Makefile - @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) - @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) - @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) - -install: - @for i in $(EXHEADER) ; \ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; - -tags: - ctags $(SRC) - -tests: - -lint: - lint -DLINT $(INCLUDES) $(SRC)>fluff - -depend: - $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) - -dclean: - $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new - mv -f Makefile.new $(MAKEFILE) - -clean: - rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff - -# DO NOT DELETE THIS LINE -- make depend depends on it. - -md2_dgst.o: ../../include/openssl/md2.h ../../include/openssl/opensslconf.h -md2_dgst.o: ../../include/openssl/opensslv.h md2_dgst.c -md2_one.o: ../../e_os.h ../../include/openssl/bio.h -md2_one.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -md2_one.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -md2_one.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h -md2_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -md2_one.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -md2_one.o: ../../include/openssl/symhacks.h ../cryptlib.h md2_one.c diff --git a/src/lib/libcrypto/md2/md2.c b/src/lib/libcrypto/md2/md2.c deleted file mode 100644 index f4d6f62264b..00000000000 --- a/src/lib/libcrypto/md2/md2.c +++ /dev/null @@ -1,124 +0,0 @@ -/* crypto/md2/md2.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include - -#define BUFSIZE 1024*16 - -void do_fp(FILE *f); -void pt(unsigned char *md); -int read(int, void *, unsigned int); -void exit(int); -int main(int argc, char *argv[]) - { - int i,err=0; - FILE *IN; - - if (argc == 1) - { - do_fp(stdin); - } - else - { - for (i=1; i /* MD2_INT */ - -#ifdef __cplusplus -extern "C" { -#endif - -typedef struct MD2state_st - { - int num; - unsigned char data[MD2_BLOCK]; - MD2_INT cksm[MD2_BLOCK]; - MD2_INT state[MD2_BLOCK]; - } MD2_CTX; - -const char *MD2_options(void); -int MD2_Init(MD2_CTX *c); -int MD2_Update(MD2_CTX *c, const unsigned char *data, unsigned long len); -int MD2_Final(unsigned char *md, MD2_CTX *c); -unsigned char *MD2(const unsigned char *d, unsigned long n,unsigned char *md); -#ifdef __cplusplus -} -#endif - -#endif diff --git a/src/lib/libcrypto/md2/md2_dgst.c b/src/lib/libcrypto/md2/md2_dgst.c deleted file mode 100644 index e25dd00e026..00000000000 --- a/src/lib/libcrypto/md2/md2_dgst.c +++ /dev/null @@ -1,226 +0,0 @@ -/* crypto/md2/md2_dgst.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include -#include -#include - -const char *MD2_version="MD2" OPENSSL_VERSION_PTEXT; - -/* Implemented from RFC1319 The MD2 Message-Digest Algorithm - */ - -#define UCHAR unsigned char - -static void md2_block(MD2_CTX *c, const unsigned char *d); -/* The magic S table - I have converted it to hex since it is - * basically just a random byte string. */ -static MD2_INT S[256]={ - 0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01, - 0x3D, 0x36, 0x54, 0xA1, 0xEC, 0xF0, 0x06, 0x13, - 0x62, 0xA7, 0x05, 0xF3, 0xC0, 0xC7, 0x73, 0x8C, - 0x98, 0x93, 0x2B, 0xD9, 0xBC, 0x4C, 0x82, 0xCA, - 0x1E, 0x9B, 0x57, 0x3C, 0xFD, 0xD4, 0xE0, 0x16, - 0x67, 0x42, 0x6F, 0x18, 0x8A, 0x17, 0xE5, 0x12, - 0xBE, 0x4E, 0xC4, 0xD6, 0xDA, 0x9E, 0xDE, 0x49, - 0xA0, 0xFB, 0xF5, 0x8E, 0xBB, 0x2F, 0xEE, 0x7A, - 0xA9, 0x68, 0x79, 0x91, 0x15, 0xB2, 0x07, 0x3F, - 0x94, 0xC2, 0x10, 0x89, 0x0B, 0x22, 0x5F, 0x21, - 0x80, 0x7F, 0x5D, 0x9A, 0x5A, 0x90, 0x32, 0x27, - 0x35, 0x3E, 0xCC, 0xE7, 0xBF, 0xF7, 0x97, 0x03, - 0xFF, 0x19, 0x30, 0xB3, 0x48, 0xA5, 0xB5, 0xD1, - 0xD7, 0x5E, 0x92, 0x2A, 0xAC, 0x56, 0xAA, 0xC6, - 0x4F, 0xB8, 0x38, 0xD2, 0x96, 0xA4, 0x7D, 0xB6, - 0x76, 0xFC, 0x6B, 0xE2, 0x9C, 0x74, 0x04, 0xF1, - 0x45, 0x9D, 0x70, 0x59, 0x64, 0x71, 0x87, 0x20, - 0x86, 0x5B, 0xCF, 0x65, 0xE6, 0x2D, 0xA8, 0x02, - 0x1B, 0x60, 0x25, 0xAD, 0xAE, 0xB0, 0xB9, 0xF6, - 0x1C, 0x46, 0x61, 0x69, 0x34, 0x40, 0x7E, 0x0F, - 0x55, 0x47, 0xA3, 0x23, 0xDD, 0x51, 0xAF, 0x3A, - 0xC3, 0x5C, 0xF9, 0xCE, 0xBA, 0xC5, 0xEA, 0x26, - 0x2C, 0x53, 0x0D, 0x6E, 0x85, 0x28, 0x84, 0x09, - 0xD3, 0xDF, 0xCD, 0xF4, 0x41, 0x81, 0x4D, 0x52, - 0x6A, 0xDC, 0x37, 0xC8, 0x6C, 0xC1, 0xAB, 0xFA, - 0x24, 0xE1, 0x7B, 0x08, 0x0C, 0xBD, 0xB1, 0x4A, - 0x78, 0x88, 0x95, 0x8B, 0xE3, 0x63, 0xE8, 0x6D, - 0xE9, 0xCB, 0xD5, 0xFE, 0x3B, 0x00, 0x1D, 0x39, - 0xF2, 0xEF, 0xB7, 0x0E, 0x66, 0x58, 0xD0, 0xE4, - 0xA6, 0x77, 0x72, 0xF8, 0xEB, 0x75, 0x4B, 0x0A, - 0x31, 0x44, 0x50, 0xB4, 0x8F, 0xED, 0x1F, 0x1A, - 0xDB, 0x99, 0x8D, 0x33, 0x9F, 0x11, 0x83, 0x14, - }; - -const char *MD2_options(void) - { - if (sizeof(MD2_INT) == 1) - return("md2(char)"); - else - return("md2(int)"); - } - -int MD2_Init(MD2_CTX *c) - { - c->num=0; - memset(c->state,0,MD2_BLOCK*sizeof(MD2_INT)); - memset(c->cksm,0,MD2_BLOCK*sizeof(MD2_INT)); - memset(c->data,0,MD2_BLOCK); - return 1; - } - -int MD2_Update(MD2_CTX *c, const unsigned char *data, unsigned long len) - { - register UCHAR *p; - - if (len == 0) return 1; - - p=c->data; - if (c->num != 0) - { - if ((c->num+len) >= MD2_BLOCK) - { - memcpy(&(p[c->num]),data,MD2_BLOCK-c->num); - md2_block(c,c->data); - data+=(MD2_BLOCK - c->num); - len-=(MD2_BLOCK - c->num); - c->num=0; - /* drop through and do the rest */ - } - else - { - memcpy(&(p[c->num]),data,(int)len); - /* data+=len; */ - c->num+=(int)len; - return 1; - } - } - /* we now can process the input data in blocks of MD2_BLOCK - * chars and save the leftovers to c->data. */ - while (len >= MD2_BLOCK) - { - md2_block(c,data); - data+=MD2_BLOCK; - len-=MD2_BLOCK; - } - memcpy(p,data,(int)len); - c->num=(int)len; - return 1; - } - -static void md2_block(MD2_CTX *c, const unsigned char *d) - { - register MD2_INT t,*sp1,*sp2; - register int i,j; - MD2_INT state[48]; - - sp1=c->state; - sp2=c->cksm; - j=sp2[MD2_BLOCK-1]; - for (i=0; i<16; i++) - { - state[i]=sp1[i]; - state[i+16]=t=d[i]; - state[i+32]=(t^sp1[i]); - j=sp2[i]^=S[t^j]; - } - t=0; - for (i=0; i<18; i++) - { - for (j=0; j<48; j+=8) - { - t= state[j+ 0]^=S[t]; - t= state[j+ 1]^=S[t]; - t= state[j+ 2]^=S[t]; - t= state[j+ 3]^=S[t]; - t= state[j+ 4]^=S[t]; - t= state[j+ 5]^=S[t]; - t= state[j+ 6]^=S[t]; - t= state[j+ 7]^=S[t]; - } - t=(t+i)&0xff; - } - memcpy(sp1,state,16*sizeof(MD2_INT)); - memset(state,0,48*sizeof(MD2_INT)); - } - -int MD2_Final(unsigned char *md, MD2_CTX *c) - { - int i,v; - register UCHAR *cp; - register MD2_INT *p1,*p2; - - cp=c->data; - p1=c->state; - p2=c->cksm; - v=MD2_BLOCK-c->num; - for (i=c->num; i -#include "cryptlib.h" -#include - -/* This is a separate file so that #defines in cryptlib.h can - * map my MD functions to different names */ - -unsigned char *MD2(const unsigned char *d, unsigned long n, unsigned char *md) - { - MD2_CTX c; - static unsigned char m[MD2_DIGEST_LENGTH]; - - if (md == NULL) md=m; - MD2_Init(&c); -#ifndef CHARSET_EBCDIC - MD2_Update(&c,d,n); -#else - { - char temp[1024]; - unsigned long chunk; - - while (n > 0) - { - chunk = (n > sizeof(temp)) ? sizeof(temp) : n; - ebcdic2ascii(temp, d, chunk); - MD2_Update(&c,temp,chunk); - n -= chunk; - d += chunk; - } - } -#endif - MD2_Final(md,&c); - memset(&c,0,sizeof(c)); /* Security consideration */ - return(md); - } diff --git a/src/lib/libcrypto/md2/md2test.c b/src/lib/libcrypto/md2/md2test.c deleted file mode 100644 index 7d3664faf59..00000000000 --- a/src/lib/libcrypto/md2/md2test.c +++ /dev/null @@ -1,138 +0,0 @@ -/* crypto/md2/md2test.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include -#include - -#ifdef OPENSSL_NO_MD2 -int main(int argc, char *argv[]) -{ - printf("No MD2 support\n"); - return(0); -} -#else -#include - -#ifdef CHARSET_EBCDIC -#include -#endif - -static char *test[]={ - "", - "a", - "abc", - "message digest", - "abcdefghijklmnopqrstuvwxyz", - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", - "12345678901234567890123456789012345678901234567890123456789012345678901234567890", - NULL, - }; - -static char *ret[]={ - "8350e5a3e24c153df2275c9f80692773", - "32ec01ec4a6dac72c0ab96fb34c0b5d1", - "da853b0d3f88d99b30283a69e6ded6bb", - "ab4f496bfb2a530b219ff33031fe06b0", - "4e8ddff3650292ab5a4108c3aa47940b", - "da33def2a42df13975352846c30338cd", - "d5976f79d83d3a0dc9806c3c66f3efd8", - }; - -static char *pt(unsigned char *md); -int main(int argc, char *argv[]) - { - int i,err=0; - char **P,**R; - char *p; - unsigned char md[MD2_DIGEST_LENGTH]; - - P=test; - R=ret; - i=1; - while (*P != NULL) - { - EVP_Digest((unsigned char *)*P,(unsigned long)strlen(*P),md,NULL,EVP_md2(), NULL); - p=pt(md); - if (strcmp(p,*R) != 0) - { - printf("error calculating MD2 on '%s'\n",*P); - printf("got %s instead of %s\n",p,*R); - err++; - } - else - printf("test %d ok\n",i); - i++; - R++; - P++; - } - exit(err); - return(0); - } - -static char *pt(unsigned char *md) - { - int i; - static char buf[80]; - - for (i=0; i */ +#include + +#include + #if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN) #error "DATA_ORDER must be defined!" #endif @@ -148,462 +131,215 @@ #ifndef HASH_TRANSFORM #error "HASH_TRANSFORM must be defined!" #endif -#ifndef HASH_FINAL -#error "HASH_FINAL must be defined!" +#if !defined(HASH_FINAL) && !defined(HASH_NO_FINAL) +#error "HASH_FINAL or HASH_NO_FINAL must be defined!" #endif -#ifndef HASH_BLOCK_HOST_ORDER -#error "HASH_BLOCK_HOST_ORDER must be defined!" -#endif - -#if 0 -/* - * Moved below as it's required only if HASH_BLOCK_DATA_ORDER_ALIGNED - * isn't defined. - */ #ifndef HASH_BLOCK_DATA_ORDER #error "HASH_BLOCK_DATA_ORDER must be defined!" #endif -#endif - -#ifndef HASH_LBLOCK -#define HASH_LBLOCK (HASH_CBLOCK/4) -#endif - -#ifndef HASH_LONG_LOG2 -#define HASH_LONG_LOG2 2 -#endif /* - * Engage compiler specific rotate intrinsic function if available. + * This common idiom is recognized by the compiler and turned into a + * CPU-specific intrinsic as appropriate. + * e.g. GCC optimizes to roll on amd64 at -O0 */ -#undef ROTATE -#ifndef PEDANTIC -# if 0 /* defined(_MSC_VER) */ -# define ROTATE(a,n) _lrotl(a,n) -# elif defined(__MWERKS__) -# if defined(__POWERPC__) -# define ROTATE(a,n) __rlwinm(a,n,0,31) -# elif defined(__MC68K__) - /* Motorola specific tweak. */ -# define ROTATE(a,n) ( n<24 ? __rol(a,n) : __ror(a,32-n) ) -# else -# define ROTATE(a,n) __rol(a,n) -# endif -# elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) - /* - * Some GNU C inline assembler templates. Note that these are - * rotates by *constant* number of bits! But that's exactly - * what we need here... - * - * - */ -# if defined(__i386) || defined(__i386__) -# define ROTATE(a,n) ({ register unsigned int ret; \ - asm ( \ - "roll %1,%0" \ - : "=r"(ret) \ - : "I"(n), "0"(a) \ - : "cc"); \ - ret; \ - }) -# elif defined(__powerpc) || defined(__ppc) -# define ROTATE(a,n) ({ register unsigned int ret; \ - asm ( \ - "rlwinm %0,%1,%2,0,31" \ - : "=r"(ret) \ - : "r"(a), "I"(n)); \ - ret; \ - }) -# endif -# endif +static inline uint32_t ROTATE(uint32_t a, uint32_t n) +{ + return (a<>(32-n)); +} -/* - * Engage compiler specific "fetch in reverse byte order" - * intrinsic function if available. - */ -# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) - /* some GNU C inline assembler templates by */ -# if (defined(__i386) || defined(__i386__)) && !defined(I386_ONLY) -# define BE_FETCH32(a) ({ register unsigned int l=(a);\ - asm ( \ - "bswapl %0" \ - : "=r"(l) : "0"(l)); \ - l; \ - }) -# elif defined(__powerpc) -# define LE_FETCH32(a) ({ register unsigned int l; \ - asm ( \ - "lwbrx %0,0,%1" \ - : "=r"(l) \ - : "r"(a)); \ - l; \ - }) - -# elif defined(__sparc) && defined(OPENSSL_SYS_ULTRASPARC) -# define LE_FETCH32(a) ({ register unsigned int l; \ - asm ( \ - "lda [%1]#ASI_PRIMARY_LITTLE,%0"\ - : "=r"(l) \ - : "r"(a)); \ - l; \ - }) -# endif +#if defined(DATA_ORDER_IS_BIG_ENDIAN) + +#if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) +# if (defined(__i386) || defined(__i386__) || \ + defined(__x86_64) || defined(__x86_64__)) + /* + * This gives ~30-40% performance improvement in SHA-256 compiled + * with gcc [on P4]. Well, first macro to be frank. We can pull + * this trick on x86* platforms only, because these CPUs can fetch + * unaligned data without raising an exception. + */ +# define HOST_c2l(c,l) ({ unsigned int r=*((const unsigned int *)(c)); \ + asm ("bswapl %0":"=r"(r):"0"(r)); \ + (c)+=4; (l)=r; }) +# define HOST_l2c(l,c) ({ unsigned int r=(l); \ + asm ("bswapl %0":"=r"(r):"0"(r)); \ + *((unsigned int *)(c))=r; (c)+=4; }) # endif -#endif /* PEDANTIC */ - -#if HASH_LONG_LOG2==2 /* Engage only if sizeof(HASH_LONG)== 4 */ -/* A nice byte order reversal from Wei Dai */ -#ifdef ROTATE -/* 5 instructions with rotate instruction, else 9 */ -#define REVERSE_FETCH32(a,l) ( \ - l=*(const HASH_LONG *)(a), \ - ((ROTATE(l,8)&0x00FF00FF)|(ROTATE((l&0x00FF00FF),24))) \ - ) -#else -/* 6 instructions with rotate instruction, else 8 */ -#define REVERSE_FETCH32(a,l) ( \ - l=*(const HASH_LONG *)(a), \ - l=(((l>>8)&0x00FF00FF)|((l&0x00FF00FF)<<8)), \ - ROTATE(l,16) \ - ) -/* - * Originally the middle line started with l=(((l&0xFF00FF00)>>8)|... - * It's rewritten as above for two reasons: - * - RISCs aren't good at long constants and have to explicitely - * compose 'em with several (well, usually 2) instructions in a - * register before performing the actual operation and (as you - * already realized:-) having same constant should inspire the - * compiler to permanently allocate the only register for it; - * - most modern CPUs have two ALUs, but usually only one has - * circuitry for shifts:-( this minor tweak inspires compiler - * to schedule shift instructions in a better way... - * - * - */ -#endif #endif -#ifndef ROTATE -#define ROTATE(a,n) (((a)<<(n))|(((a)&0xffffffff)>>(32-(n)))) +#ifndef HOST_c2l +#define HOST_c2l(c,l) do {l =(((unsigned long)(*((c)++)))<<24); \ + l|=(((unsigned long)(*((c)++)))<<16); \ + l|=(((unsigned long)(*((c)++)))<< 8); \ + l|=(((unsigned long)(*((c)++))) ); \ + } while (0) +#endif +#ifndef HOST_l2c +#define HOST_l2c(l,c) do {*((c)++)=(unsigned char)(((l)>>24)&0xff); \ + *((c)++)=(unsigned char)(((l)>>16)&0xff); \ + *((c)++)=(unsigned char)(((l)>> 8)&0xff); \ + *((c)++)=(unsigned char)(((l) )&0xff); \ + } while (0) #endif -/* - * Make some obvious choices. E.g., HASH_BLOCK_DATA_ORDER_ALIGNED - * and HASH_BLOCK_HOST_ORDER ought to be the same if input data - * and host are of the same "endianess". It's possible to mask - * this with blank #define HASH_BLOCK_DATA_ORDER though... - * - * - */ -#if defined(B_ENDIAN) -# if defined(DATA_ORDER_IS_BIG_ENDIAN) -# if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED) && HASH_LONG_LOG2==2 -# define HASH_BLOCK_DATA_ORDER_ALIGNED HASH_BLOCK_HOST_ORDER -# endif -# elif defined(DATA_ORDER_IS_LITTLE_ENDIAN) -# ifndef HOST_FETCH32 -# ifdef LE_FETCH32 -# define HOST_FETCH32(p,l) LE_FETCH32(p) -# elif defined(REVERSE_FETCH32) -# define HOST_FETCH32(p,l) REVERSE_FETCH32(p,l) -# endif -# endif -# endif -#elif defined(L_ENDIAN) -# if defined(DATA_ORDER_IS_LITTLE_ENDIAN) -# if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED) && HASH_LONG_LOG2==2 -# define HASH_BLOCK_DATA_ORDER_ALIGNED HASH_BLOCK_HOST_ORDER -# endif -# elif defined(DATA_ORDER_IS_BIG_ENDIAN) -# ifndef HOST_FETCH32 -# ifdef BE_FETCH32 -# define HOST_FETCH32(p,l) BE_FETCH32(p) -# elif defined(REVERSE_FETCH32) -# define HOST_FETCH32(p,l) REVERSE_FETCH32(p,l) -# endif -# endif -# endif +#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN) + +#if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) +# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4) +# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4) #endif -#if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED) -#ifndef HASH_BLOCK_DATA_ORDER -#error "HASH_BLOCK_DATA_ORDER must be defined!" +#ifndef HOST_c2l +#define HOST_c2l(c,l) do {l =(((unsigned long)(*((c)++))) ); \ + l|=(((unsigned long)(*((c)++)))<< 8); \ + l|=(((unsigned long)(*((c)++)))<<16); \ + l|=(((unsigned long)(*((c)++)))<<24); \ + } while (0) #endif +#ifndef HOST_l2c +#define HOST_l2c(l,c) do {*((c)++)=(unsigned char)(((l) )&0xff); \ + *((c)++)=(unsigned char)(((l)>> 8)&0xff); \ + *((c)++)=(unsigned char)(((l)>>16)&0xff); \ + *((c)++)=(unsigned char)(((l)>>24)&0xff); \ + } while (0) #endif -#if defined(DATA_ORDER_IS_BIG_ENDIAN) - -#define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++)))<<24), \ - l|=(((unsigned long)(*((c)++)))<<16), \ - l|=(((unsigned long)(*((c)++)))<< 8), \ - l|=(((unsigned long)(*((c)++))) ), \ - l) -#define HOST_p_c2l(c,l,n) { \ - switch (n) { \ - case 0: l =((unsigned long)(*((c)++)))<<24; \ - case 1: l|=((unsigned long)(*((c)++)))<<16; \ - case 2: l|=((unsigned long)(*((c)++)))<< 8; \ - case 3: l|=((unsigned long)(*((c)++))); \ - } } -#define HOST_p_c2l_p(c,l,sc,len) { \ - switch (sc) { \ - case 0: l =((unsigned long)(*((c)++)))<<24; \ - if (--len == 0) break; \ - case 1: l|=((unsigned long)(*((c)++)))<<16; \ - if (--len == 0) break; \ - case 2: l|=((unsigned long)(*((c)++)))<< 8; \ - } } -/* NOTE the pointer is not incremented at the end of this */ -#define HOST_c2l_p(c,l,n) { \ - l=0; (c)+=n; \ - switch (n) { \ - case 3: l =((unsigned long)(*(--(c))))<< 8; \ - case 2: l|=((unsigned long)(*(--(c))))<<16; \ - case 1: l|=((unsigned long)(*(--(c))))<<24; \ - } } -#define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16)&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff), \ - l) - -#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN) - -#define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++))) ), \ - l|=(((unsigned long)(*((c)++)))<< 8), \ - l|=(((unsigned long)(*((c)++)))<<16), \ - l|=(((unsigned long)(*((c)++)))<<24), \ - l) -#define HOST_p_c2l(c,l,n) { \ - switch (n) { \ - case 0: l =((unsigned long)(*((c)++))); \ - case 1: l|=((unsigned long)(*((c)++)))<< 8; \ - case 2: l|=((unsigned long)(*((c)++)))<<16; \ - case 3: l|=((unsigned long)(*((c)++)))<<24; \ - } } -#define HOST_p_c2l_p(c,l,sc,len) { \ - switch (sc) { \ - case 0: l =((unsigned long)(*((c)++))); \ - if (--len == 0) break; \ - case 1: l|=((unsigned long)(*((c)++)))<< 8; \ - if (--len == 0) break; \ - case 2: l|=((unsigned long)(*((c)++)))<<16; \ - } } -/* NOTE the pointer is not incremented at the end of this */ -#define HOST_c2l_p(c,l,n) { \ - l=0; (c)+=n; \ - switch (n) { \ - case 3: l =((unsigned long)(*(--(c))))<<16; \ - case 2: l|=((unsigned long)(*(--(c))))<< 8; \ - case 1: l|=((unsigned long)(*(--(c)))); \ - } } -#define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16)&0xff), \ - *((c)++)=(unsigned char)(((l)>>24)&0xff), \ - l) - #endif /* * Time for some action:-) */ -int HASH_UPDATE (HASH_CTX *c, const void *data_, unsigned long len) - { - const unsigned char *data=data_; - register HASH_LONG * p; - register unsigned long l; - int sw,sc,ew,ec; +int +HASH_UPDATE(HASH_CTX *c, const void *data_, size_t len) +{ + const unsigned char *data = data_; + unsigned char *p; + HASH_LONG l; + size_t n; - if (len==0) return 1; + if (len == 0) + return 1; - l=(c->Nl+(len<<3))&0xffffffffL; + l = (c->Nl + (((HASH_LONG)len) << 3))&0xffffffffUL; /* 95-05-24 eay Fixed a bug with the overflow handling, thanks to * Wei Dai for pointing it out. */ if (l < c->Nl) /* overflow */ c->Nh++; - c->Nh+=(len>>29); - c->Nl=l; - - if (c->num != 0) - { - p=c->data; - sw=c->num>>2; - sc=c->num&0x03; - - if ((c->num+len) >= HASH_CBLOCK) - { - l=p[sw]; HOST_p_c2l(data,l,sc); p[sw++]=l; - for (; swnum); - c->num=0; - /* drop through and do the rest */ - } - else - { - c->num+=len; - if ((sc+len) < 4) /* ugly, add char's to a word */ - { - l=p[sw]; HOST_p_c2l_p(data,l,sc,len); p[sw]=l; - } - else - { - ew=(c->num>>2); - ec=(c->num&0x03); - l=p[sw]; HOST_p_c2l(data,l,sc); p[sw++]=l; - for (; sw < ew; sw++) - { - HOST_c2l(data,l); p[sw]=l; - } - if (ec) - { - HOST_c2l_p(data,l,ec); p[sw]=l; - } - } + c->Nh+=(HASH_LONG)(len>>29); /* might cause compiler warning on 16-bit */ + c->Nl = l; + + n = c->num; + if (n != 0) { + p = (unsigned char *)c->data; + + if (len >= HASH_CBLOCK || len + n >= HASH_CBLOCK) { + memcpy (p + n, data, HASH_CBLOCK - n); + HASH_BLOCK_DATA_ORDER (c, p, 1); + n = HASH_CBLOCK - n; + data += n; + len -= n; + c->num = 0; + memset (p,0,HASH_CBLOCK); /* keep it zeroed */ + } else { + memcpy (p + n, data, len); + c->num += (unsigned int)len; return 1; - } } + } - sw=len/HASH_CBLOCK; - if (sw > 0) - { -#if defined(HASH_BLOCK_DATA_ORDER_ALIGNED) - /* - * Note that HASH_BLOCK_DATA_ORDER_ALIGNED gets defined - * only if sizeof(HASH_LONG)==4. - */ - if ((((unsigned long)data)%4) == 0) - { - /* data is properly aligned so that we can cast it: */ - HASH_BLOCK_DATA_ORDER_ALIGNED (c,(HASH_LONG *)data,sw); - sw*=HASH_CBLOCK; - data+=sw; - len-=sw; - } - else -#if !defined(HASH_BLOCK_DATA_ORDER) - while (sw--) - { - memcpy (p=c->data,data,HASH_CBLOCK); - HASH_BLOCK_DATA_ORDER_ALIGNED(c,p,1); - data+=HASH_CBLOCK; - len-=HASH_CBLOCK; - } -#endif -#endif -#if defined(HASH_BLOCK_DATA_ORDER) - { - HASH_BLOCK_DATA_ORDER(c,data,sw); - sw*=HASH_CBLOCK; - data+=sw; - len-=sw; - } -#endif - } + n = len/HASH_CBLOCK; + if (n > 0) { + HASH_BLOCK_DATA_ORDER (c, data, n); + n *= HASH_CBLOCK; + data += n; + len -= n; + } - if (len!=0) - { - p = c->data; - c->num = len; - ew=len>>2; /* words to copy */ - ec=len&0x03; - for (; ew; ew--,p++) - { - HOST_c2l(data,l); *p=l; - } - HOST_c2l_p(data,l,ec); - *p=l; - } - return 1; + if (len != 0) { + p = (unsigned char *)c->data; + c->num = (unsigned int)len; + memcpy (p, data, len); } + return 1; +} void HASH_TRANSFORM (HASH_CTX *c, const unsigned char *data) - { -#if defined(HASH_BLOCK_DATA_ORDER_ALIGNED) - if ((((unsigned long)data)%4) == 0) - /* data is properly aligned so that we can cast it: */ - HASH_BLOCK_DATA_ORDER_ALIGNED (c,(HASH_LONG *)data,1); - else -#if !defined(HASH_BLOCK_DATA_ORDER) - { - memcpy (c->data,data,HASH_CBLOCK); - HASH_BLOCK_DATA_ORDER_ALIGNED (c,c->data,1); - } -#endif -#endif -#if defined(HASH_BLOCK_DATA_ORDER) - HASH_BLOCK_DATA_ORDER (c,data,1); -#endif - } +{ + HASH_BLOCK_DATA_ORDER (c, data, 1); +} +#ifndef HASH_NO_FINAL int HASH_FINAL (unsigned char *md, HASH_CTX *c) - { - register HASH_LONG *p; - register unsigned long l; - register int i,j; - static const unsigned char end[4]={0x80,0x00,0x00,0x00}; - const unsigned char *cp=end; - - /* c->num should definitly have room for at least one more byte. */ - p=c->data; - i=c->num>>2; - j=c->num&0x03; - -#if 0 - /* purify often complains about the following line as an - * Uninitialized Memory Read. While this can be true, the - * following p_c2l macro will reset l when that case is true. - * This is because j&0x03 contains the number of 'valid' bytes - * already in p[i]. If and only if j&0x03 == 0, the UMR will - * occur but this is also the only time p_c2l will do - * l= *(cp++) instead of l|= *(cp++) - * Many thanks to Alex Tang for pickup this - * 'potential bug' */ -#ifdef PURIFY - if (j==0) p[i]=0; /* Yeah, but that's not the way to fix it:-) */ -#endif - l=p[i]; -#else - l = (j==0) ? 0 : p[i]; -#endif - HOST_p_c2l(cp,l,j); p[i++]=l; /* i is the next 'undefined word' */ +{ + unsigned char *p = (unsigned char *)c->data; + size_t n = c->num; - if (i>(HASH_LBLOCK-2)) /* save room for Nl and Nh */ - { - if (i (HASH_CBLOCK - 8)) { + memset (p + n, 0, HASH_CBLOCK - n); + n = 0; + HASH_BLOCK_DATA_ORDER (c, p, 1); + } + memset (p + n, 0, HASH_CBLOCK - 8 - n); + p += HASH_CBLOCK - 8; #if defined(DATA_ORDER_IS_BIG_ENDIAN) - p[HASH_LBLOCK-2]=c->Nh; - p[HASH_LBLOCK-1]=c->Nl; + HOST_l2c(c->Nh, p); + HOST_l2c(c->Nl, p); #elif defined(DATA_ORDER_IS_LITTLE_ENDIAN) - p[HASH_LBLOCK-2]=c->Nl; - p[HASH_LBLOCK-1]=c->Nh; + HOST_l2c(c->Nl, p); + HOST_l2c(c->Nh, p); #endif - HASH_BLOCK_HOST_ORDER (c,p,1); + p -= HASH_CBLOCK; + HASH_BLOCK_DATA_ORDER (c, p, 1); + c->num = 0; + memset (p, 0, HASH_CBLOCK); #ifndef HASH_MAKE_STRING #error "HASH_MAKE_STRING must be defined!" #else - HASH_MAKE_STRING(c,md); + HASH_MAKE_STRING(c, md); #endif - c->num=0; - /* clear stuff, HASH_BLOCK may be leaving some stuff on the stack - * but I'm not worried :-) - memset((void *)c,0,sizeof(HASH_CTX)); - */ return 1; - } +} +#endif + +#ifndef MD32_REG_T +#if defined(__alpha) || defined(__sparcv9) || defined(__mips) +#define MD32_REG_T long +/* + * This comment was originaly written for MD5, which is why it + * discusses A-D. But it basically applies to all 32-bit digests, + * which is why it was moved to common header file. + * + * In case you wonder why A-D are declared as long and not + * as MD5_LONG. Doing so results in slight performance + * boost on LP64 architectures. The catch is we don't + * really care if 32 MSBs of a 64-bit register get polluted + * with eventual overflows as we *save* only 32 LSBs in + * *either* case. Now declaring 'em long excuses the compiler + * from keeping 32 MSBs zeroed resulting in 13% performance + * improvement under SPARC Solaris7/64 and 5% under AlphaLinux. + * Well, to be honest it should say that this *prevents* + * performance degradation. + * + */ +#else +/* + * Above is not absolute and there are LP64 compilers that + * generate better code if MD32_REG_T is defined int. The above + * pre-processor condition reflects the circumstances under which + * the conclusion was made and is subject to further extension. + * + */ +#define MD32_REG_T int +#endif +#endif diff --git a/src/lib/libcrypto/md4/Makefile.ssl b/src/lib/libcrypto/md4/Makefile.ssl deleted file mode 100644 index 9e38bf607f0..00000000000 --- a/src/lib/libcrypto/md4/Makefile.ssl +++ /dev/null @@ -1,88 +0,0 @@ -# -# SSLeay/crypto/md4/Makefile -# - -DIR= md4 -TOP= ../.. -CC= cc -CPP= $(CC) -E -INCLUDES= -CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKE= make -f Makefile.ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) -MAKEFILE= Makefile.ssl -AR= ar r - -CFLAGS= $(INCLUDES) $(CFLAG) - -GENERAL=Makefile -TEST=md4test.c -APPS=md4.c - -LIB=$(TOP)/libcrypto.a -LIBSRC=md4_dgst.c md4_one.c -LIBOBJ=md4_dgst.o md4_one.o - -SRC= $(LIBSRC) - -EXHEADER= md4.h -HEADER= md4_locl.h $(EXHEADER) - -ALL= $(GENERAL) $(SRC) $(HEADER) - -top: - (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) - -all: lib - -lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) || echo Never mind. - @touch lib - -files: - $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO - -links: - @sh $(TOP)/util/point.sh Makefile.ssl Makefile - @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) - @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) - @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) - -install: - @for i in $(EXHEADER) ; \ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; - -tags: - ctags $(SRC) - -tests: - -lint: - lint -DLINT $(INCLUDES) $(SRC)>fluff - -depend: - $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) - -dclean: - $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new - mv -f Makefile.new $(MAKEFILE) - -clean: - rm -f asm/mx86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff - -# DO NOT DELETE THIS LINE -- make depend depends on it. - -md4_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/md4.h -md4_dgst.o: ../../include/openssl/opensslconf.h -md4_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md4_dgst.c -md4_dgst.o: md4_locl.h -md4_one.o: ../../include/openssl/e_os2.h ../../include/openssl/md4.h -md4_one.o: ../../include/openssl/opensslconf.h md4_one.c diff --git a/src/lib/libcrypto/md4/md4.c b/src/lib/libcrypto/md4/md4.c deleted file mode 100644 index e4b0aac0117..00000000000 --- a/src/lib/libcrypto/md4/md4.c +++ /dev/null @@ -1,127 +0,0 @@ -/* crypto/md4/md4.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include - -#define BUFSIZE 1024*16 - -void do_fp(FILE *f); -void pt(unsigned char *md); -#ifndef _OSD_POSIX -int read(int, void *, unsigned int); -#endif - -int main(int argc, char **argv) - { - int i,err=0; - FILE *IN; - - if (argc == 1) - { - do_fp(stdin); - } - else - { - for (i=1; i + #ifndef HEADER_MD4_H #define HEADER_MD4_H -#include +#include #ifdef __cplusplus extern "C" { @@ -71,26 +73,11 @@ extern "C" { /* * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! - * ! MD4_LONG has to be at least 32 bits wide. If it's wider, then ! - * ! MD4_LONG_LOG2 has to be defined along. ! + * ! MD4_LONG has to be at least 32 bits wide. ! * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! */ -#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__) -#define MD4_LONG unsigned long -#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) -#define MD4_LONG unsigned long -#define MD4_LONG_LOG2 3 -/* - * _CRAY note. I could declare short, but I have no idea what impact - * does it have on performance on none-T3E machines. I could declare - * int, but at least on C90 sizeof(int) can be chosen at compile time. - * So I've chosen long... - * - */ -#else #define MD4_LONG unsigned int -#endif #define MD4_CBLOCK 64 #define MD4_LBLOCK (MD4_CBLOCK/4) @@ -101,13 +88,13 @@ typedef struct MD4state_st MD4_LONG A,B,C,D; MD4_LONG Nl,Nh; MD4_LONG data[MD4_LBLOCK]; - int num; + unsigned int num; } MD4_CTX; int MD4_Init(MD4_CTX *c); -int MD4_Update(MD4_CTX *c, const void *data, unsigned long len); +int MD4_Update(MD4_CTX *c, const void *data, size_t len); int MD4_Final(unsigned char *md, MD4_CTX *c); -unsigned char *MD4(const unsigned char *d, unsigned long n, unsigned char *md); +unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md); void MD4_Transform(MD4_CTX *c, const unsigned char *b); #ifdef __cplusplus } diff --git a/src/lib/libcrypto/md4/md4_dgst.c b/src/lib/libcrypto/md4/md4_dgst.c index 6446f5f5e7e..4d3801fc26e 100644 --- a/src/lib/libcrypto/md4/md4_dgst.c +++ b/src/lib/libcrypto/md4/md4_dgst.c @@ -1,4 +1,4 @@ -/* crypto/md4/md4_dgst.c */ +/* $OpenBSD: md4_dgst.c,v 1.16 2015/09/14 01:45:03 doug Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -57,10 +57,9 @@ */ #include -#include "md4_locl.h" #include - -const char *MD4_version="MD4" OPENSSL_VERSION_PTEXT; +#include +#include "md4_locl.h" /* Implemented from RFC1186 The MD4 Message-Digest Algorithm */ @@ -72,129 +71,26 @@ const char *MD4_version="MD4" OPENSSL_VERSION_PTEXT; int MD4_Init(MD4_CTX *c) { + memset (c,0,sizeof(*c)); c->A=INIT_DATA_A; c->B=INIT_DATA_B; c->C=INIT_DATA_C; c->D=INIT_DATA_D; - c->Nl=0; - c->Nh=0; - c->num=0; return 1; } -#ifndef md4_block_host_order -void md4_block_host_order (MD4_CTX *c, const void *data, int num) - { - const MD4_LONG *X=data; - register unsigned long A,B,C,D; - /* - * In case you wonder why A-D are declared as long and not - * as MD4_LONG. Doing so results in slight performance - * boost on LP64 architectures. The catch is we don't - * really care if 32 MSBs of a 64-bit register get polluted - * with eventual overflows as we *save* only 32 LSBs in - * *either* case. Now declaring 'em long excuses the compiler - * from keeping 32 MSBs zeroed resulting in 13% performance - * improvement under SPARC Solaris7/64 and 5% under AlphaLinux. - * Well, to be honest it should say that this *prevents* - * performance degradation. - * - * - */ - - A=c->A; - B=c->B; - C=c->C; - D=c->D; - - for (;num--;X+=HASH_LBLOCK) - { - /* Round 0 */ - R0(A,B,C,D,X[ 0], 3,0); - R0(D,A,B,C,X[ 1], 7,0); - R0(C,D,A,B,X[ 2],11,0); - R0(B,C,D,A,X[ 3],19,0); - R0(A,B,C,D,X[ 4], 3,0); - R0(D,A,B,C,X[ 5], 7,0); - R0(C,D,A,B,X[ 6],11,0); - R0(B,C,D,A,X[ 7],19,0); - R0(A,B,C,D,X[ 8], 3,0); - R0(D,A,B,C,X[ 9], 7,0); - R0(C,D,A,B,X[10],11,0); - R0(B,C,D,A,X[11],19,0); - R0(A,B,C,D,X[12], 3,0); - R0(D,A,B,C,X[13], 7,0); - R0(C,D,A,B,X[14],11,0); - R0(B,C,D,A,X[15],19,0); - /* Round 1 */ - R1(A,B,C,D,X[ 0], 3,0x5A827999L); - R1(D,A,B,C,X[ 4], 5,0x5A827999L); - R1(C,D,A,B,X[ 8], 9,0x5A827999L); - R1(B,C,D,A,X[12],13,0x5A827999L); - R1(A,B,C,D,X[ 1], 3,0x5A827999L); - R1(D,A,B,C,X[ 5], 5,0x5A827999L); - R1(C,D,A,B,X[ 9], 9,0x5A827999L); - R1(B,C,D,A,X[13],13,0x5A827999L); - R1(A,B,C,D,X[ 2], 3,0x5A827999L); - R1(D,A,B,C,X[ 6], 5,0x5A827999L); - R1(C,D,A,B,X[10], 9,0x5A827999L); - R1(B,C,D,A,X[14],13,0x5A827999L); - R1(A,B,C,D,X[ 3], 3,0x5A827999L); - R1(D,A,B,C,X[ 7], 5,0x5A827999L); - R1(C,D,A,B,X[11], 9,0x5A827999L); - R1(B,C,D,A,X[15],13,0x5A827999L); - /* Round 2 */ - R2(A,B,C,D,X[ 0], 3,0x6ED9EBA1); - R2(D,A,B,C,X[ 8], 9,0x6ED9EBA1); - R2(C,D,A,B,X[ 4],11,0x6ED9EBA1); - R2(B,C,D,A,X[12],15,0x6ED9EBA1); - R2(A,B,C,D,X[ 2], 3,0x6ED9EBA1); - R2(D,A,B,C,X[10], 9,0x6ED9EBA1); - R2(C,D,A,B,X[ 6],11,0x6ED9EBA1); - R2(B,C,D,A,X[14],15,0x6ED9EBA1); - R2(A,B,C,D,X[ 1], 3,0x6ED9EBA1); - R2(D,A,B,C,X[ 9], 9,0x6ED9EBA1); - R2(C,D,A,B,X[ 5],11,0x6ED9EBA1); - R2(B,C,D,A,X[13],15,0x6ED9EBA1); - R2(A,B,C,D,X[ 3], 3,0x6ED9EBA1); - R2(D,A,B,C,X[11], 9,0x6ED9EBA1); - R2(C,D,A,B,X[ 7],11,0x6ED9EBA1); - R2(B,C,D,A,X[15],15,0x6ED9EBA1); - - A = c->A += A; - B = c->B += B; - C = c->C += C; - D = c->D += D; - } - } -#endif - #ifndef md4_block_data_order #ifdef X #undef X #endif -void md4_block_data_order (MD4_CTX *c, const void *data_, int num) +void md4_block_data_order (MD4_CTX *c, const void *data_, size_t num) { const unsigned char *data=data_; - register unsigned long A,B,C,D,l; - /* - * In case you wonder why A-D are declared as long and not - * as MD4_LONG. Doing so results in slight performance - * boost on LP64 architectures. The catch is we don't - * really care if 32 MSBs of a 64-bit register get polluted - * with eventual overflows as we *save* only 32 LSBs in - * *either* case. Now declaring 'em long excuses the compiler - * from keeping 32 MSBs zeroed resulting in 13% performance - * improvement under SPARC Solaris7/64 and 5% under AlphaLinux. - * Well, to be honest it should say that this *prevents* - * performance degradation. - * - * - */ + unsigned MD32_REG_T A,B,C,D,l; #ifndef MD32_XARRAY /* See comment in crypto/sha/sha_locl.h for details. */ - unsigned long XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, - XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15; + unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, + XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15; # define X(i) XX##i #else MD4_LONG XX[MD4_LBLOCK]; @@ -208,7 +104,8 @@ void md4_block_data_order (MD4_CTX *c, const void *data_, int num) for (;num--;) { - HOST_c2l(data,l); X( 0)=l; HOST_c2l(data,l); X( 1)=l; + HOST_c2l(data,l); X( 0)=l; + HOST_c2l(data,l); X( 1)=l; /* Round 0 */ R0(A,B,C,D,X( 0), 3,0); HOST_c2l(data,l); X( 2)=l; R0(D,A,B,C,X( 1), 7,0); HOST_c2l(data,l); X( 3)=l; @@ -268,19 +165,3 @@ void md4_block_data_order (MD4_CTX *c, const void *data_, int num) } } #endif - -#ifdef undef -int printit(unsigned long *l) - { - int i,ii; - - for (i=0; i<2; i++) - { - for (ii=0; ii<8; ii++) - { - fprintf(stderr,"%08lx ",l[i*8+ii]); - } - fprintf(stderr,"\n"); - } - } -#endif diff --git a/src/lib/libcrypto/md4/md4_locl.h b/src/lib/libcrypto/md4/md4_locl.h index a8d31d7a73f..6cf69ded822 100644 --- a/src/lib/libcrypto/md4/md4_locl.h +++ b/src/lib/libcrypto/md4/md4_locl.h @@ -1,4 +1,4 @@ -/* crypto/md4/md4_locl.h */ +/* $OpenBSD: md4_locl.h,v 1.10 2016/12/21 15:49:29 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -61,45 +61,17 @@ #include #include -#ifndef MD4_LONG_LOG2 -#define MD4_LONG_LOG2 2 /* default to 32 bits */ -#endif +__BEGIN_HIDDEN_DECLS -void md4_block_host_order (MD4_CTX *c, const void *p,int num); -void md4_block_data_order (MD4_CTX *c, const void *p,int num); +void md4_block_data_order (MD4_CTX *c, const void *p,size_t num); -#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) -/* - * *_block_host_order is expected to handle aligned data while - * *_block_data_order - unaligned. As algorithm and host (x86) - * are in this case of the same "endianness" these two are - * otherwise indistinguishable. But normally you don't want to - * call the same function because unaligned access in places - * where alignment is expected is usually a "Bad Thing". Indeed, - * on RISCs you get punished with BUS ERROR signal or *severe* - * performance degradation. Intel CPUs are in turn perfectly - * capable of loading unaligned data without such drastic side - * effect. Yes, they say it's slower than aligned load, but no - * exception is generated and therefore performance degradation - * is *incomparable* with RISCs. What we should weight here is - * costs of unaligned access against costs of aligning data. - * According to my measurements allowing unaligned access results - * in ~9% performance improvement on Pentium II operating at - * 266MHz. I won't be surprised if the difference will be higher - * on faster systems:-) - * - * - */ -#define md4_block_data_order md4_block_host_order -#endif +__END_HIDDEN_DECLS #define DATA_ORDER_IS_LITTLE_ENDIAN #define HASH_LONG MD4_LONG -#define HASH_LONG_LOG2 MD4_LONG_LOG2 #define HASH_CTX MD4_CTX #define HASH_CBLOCK MD4_CBLOCK -#define HASH_LBLOCK MD4_LBLOCK #define HASH_UPDATE MD4_Update #define HASH_TRANSFORM MD4_Transform #define HASH_FINAL MD4_Final @@ -110,21 +82,7 @@ void md4_block_data_order (MD4_CTX *c, const void *p,int num); ll=(c)->C; HOST_l2c(ll,(s)); \ ll=(c)->D; HOST_l2c(ll,(s)); \ } while (0) -#define HASH_BLOCK_HOST_ORDER md4_block_host_order -#if !defined(L_ENDIAN) || defined(md4_block_data_order) #define HASH_BLOCK_DATA_ORDER md4_block_data_order -/* - * Little-endians (Intel and Alpha) feel better without this. - * It looks like memcpy does better job than generic - * md4_block_data_order on copying-n-aligning input data. - * But frankly speaking I didn't expect such result on Alpha. - * On the other hand I've got this with egcs-1.0.2 and if - * program is compiled with another (better?) compiler it - * might turn out other way around. - * - * - */ -#endif #include "md32_common.h" diff --git a/src/lib/libcrypto/md4/md4_one.c b/src/lib/libcrypto/md4/md4_one.c index 87a995d38d4..c1fd6f3e521 100644 --- a/src/lib/libcrypto/md4/md4_one.c +++ b/src/lib/libcrypto/md4/md4_one.c @@ -1,4 +1,4 @@ -/* crypto/md4/md4_one.c */ +/* $OpenBSD: md4_one.c,v 1.10 2015/09/14 01:45:03 doug Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -59,37 +59,19 @@ #include #include #include +#include -#ifdef CHARSET_EBCDIC -#include -#endif - -unsigned char *MD4(const unsigned char *d, unsigned long n, unsigned char *md) +unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md) { MD4_CTX c; static unsigned char m[MD4_DIGEST_LENGTH]; if (md == NULL) md=m; - MD4_Init(&c); -#ifndef CHARSET_EBCDIC + if (!MD4_Init(&c)) + return NULL; MD4_Update(&c,d,n); -#else - { - char temp[1024]; - unsigned long chunk; - - while (n > 0) - { - chunk = (n > sizeof(temp)) ? sizeof(temp) : n; - ebcdic2ascii(temp, d, chunk); - MD4_Update(&c,temp,chunk); - n -= chunk; - d += chunk; - } - } -#endif MD4_Final(md,&c); - memset(&c,0,sizeof(c)); /* security consideration */ + explicit_bzero(&c,sizeof(c)); return(md); } diff --git a/src/lib/libcrypto/md4/md4s.cpp b/src/lib/libcrypto/md4/md4s.cpp deleted file mode 100644 index c0ec97fc9f9..00000000000 --- a/src/lib/libcrypto/md4/md4s.cpp +++ /dev/null @@ -1,78 +0,0 @@ -// -// gettsc.inl -// -// gives access to the Pentium's (secret) cycle counter -// -// This software was written by Leonard Janke (janke@unixg.ubc.ca) -// in 1996-7 and is entered, by him, into the public domain. - -#if defined(__WATCOMC__) -void GetTSC(unsigned long&); -#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax]; -#elif defined(__GNUC__) -inline -void GetTSC(unsigned long& tsc) -{ - asm volatile(".byte 15, 49\n\t" - : "=eax" (tsc) - : - : "%edx", "%eax"); -} -#elif defined(_MSC_VER) -inline -void GetTSC(unsigned long& tsc) -{ - unsigned long a; - __asm _emit 0fh - __asm _emit 31h - __asm mov a, eax; - tsc=a; -} -#endif - -#include -#include -#include - -extern "C" { -void md4_block_x86(MD4_CTX *ctx, unsigned char *buffer,int num); -} - -void main(int argc,char *argv[]) - { - unsigned char buffer[64*256]; - MD4_CTX ctx; - unsigned long s1,s2,e1,e2; - unsigned char k[16]; - unsigned long data[2]; - unsigned char iv[8]; - int i,num=0,numm; - int j=0; - - if (argc >= 2) - num=atoi(argv[1]); - - if (num == 0) num=16; - if (num > 250) num=16; - numm=num+2; - num*=64; - numm*=64; - - for (j=0; j<6; j++) - { - for (i=0; i<10; i++) /**/ - { - md4_block_x86(&ctx,buffer,numm); - GetTSC(s1); - md4_block_x86(&ctx,buffer,numm); - GetTSC(e1); - GetTSC(s2); - md4_block_x86(&ctx,buffer,num); - GetTSC(e2); - md4_block_x86(&ctx,buffer,num); - } - printf("md4 (%d bytes) %d %d (%.2f)\n",num, - e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2); - } - } - diff --git a/src/lib/libcrypto/md4/md4test.c b/src/lib/libcrypto/md4/md4test.c deleted file mode 100644 index e0fdc42282d..00000000000 --- a/src/lib/libcrypto/md4/md4test.c +++ /dev/null @@ -1,134 +0,0 @@ -/* crypto/md4/md4test.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include - -#ifdef OPENSSL_NO_MD4 -int main(int argc, char *argv[]) -{ - printf("No MD4 support\n"); - return(0); -} -#else -#include -#include - -static char *test[]={ - "", - "a", - "abc", - "message digest", - "abcdefghijklmnopqrstuvwxyz", - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", - "12345678901234567890123456789012345678901234567890123456789012345678901234567890", - NULL, - }; - -static char *ret[]={ -"31d6cfe0d16ae931b73c59d7e0c089c0", -"bde52cb31de33e46245e05fbdbd6fb24", -"a448017aaf21d8525fc10ae87aa6729d", -"d9130a8164549fe818874806e1c7014b", -"d79e1c308aa5bbcdeea8ed63df412da9", -"043f8582f241db351ce627e153e7f0e4", -"e33b4ddc9c38f2199c3e7b164fcc0536", -}; - -static char *pt(unsigned char *md); -int main(int argc, char *argv[]) - { - int i,err=0; - unsigned char **P,**R; - char *p; - unsigned char md[MD4_DIGEST_LENGTH]; - - P=(unsigned char **)test; - R=(unsigned char **)ret; - i=1; - while (*P != NULL) - { - EVP_Digest(&(P[0][0]),(unsigned long)strlen((char *)*P),md,NULL,EVP_md4(), NULL); - p=pt(md); - if (strcmp(p,(char *)*R) != 0) - { - printf("error calculating MD4 on '%s'\n",*P); - printf("got %s instead of %s\n",p,*R); - err++; - } - else - printf("test %d ok\n",i); - i++; - R++; - P++; - } - exit(err); - return(0); - } - -static char *pt(unsigned char *md) - { - int i; - static char buf[80]; - - for (i=0; i asm/mx86-sol.s - as -o asm/mx86-sol.o asm/mx86-sol.s - rm -f asm/mx86-sol.s - -# a.out -asm/mx86-out.o: asm/mx86unix.cpp - $(CPP) -DOUT asm/mx86unix.cpp | as -o asm/mx86-out.o - -# bsdi -asm/mx86bsdi.o: asm/mx86unix.cpp - $(CPP) -DBSDI asm/mx86unix.cpp | sed 's/ :/:/' | as -o asm/mx86bsdi.o - -asm/mx86unix.cpp: asm/md5-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) md5-586.pl cpp >mx86unix.cpp) - -asm/md5-sparcv8plus.o: asm/md5-sparcv9.S - $(CC) $(ASFLAGS) -DMD5_BLOCK_DATA_ORDER -c \ - -o asm/md5-sparcv8plus.o asm/md5-sparcv9.S - -# Old GNU assembler doesn't understand V9 instructions, so we -# hire /usr/ccs/bin/as to do the job. Note that option is called -# *-gcc27, but even gcc 2>=8 users may experience similar problem -# if they didn't bother to upgrade GNU assembler. Such users should -# not choose this option, but be adviced to *remove* GNU assembler -# or upgrade it. -asm/md5-sparcv8plus-gcc27.o: asm/md5-sparcv9.S - $(CC) $(ASFLAGS) -DMD5_BLOCK_DATA_ORDER -E asm/md5-sparcv9.S | \ - /usr/ccs/bin/as -xarch=v8plus - -o asm/md5-sparcv8plus-gcc27.o - -asm/md5-sparcv9.o: asm/md5-sparcv9.S - $(CC) $(ASFLAGS) -DMD5_BLOCK_DATA_ORDER -c \ - -o asm/md5-sparcv9.o asm/md5-sparcv9.S - -files: - $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO - -links: - @sh $(TOP)/util/point.sh Makefile.ssl Makefile - @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) - @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) - @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) - -install: - @for i in $(EXHEADER) ; \ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; - -tags: - ctags $(SRC) - -tests: - -lint: - lint -DLINT $(INCLUDES) $(SRC)>fluff - -depend: - $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) - -dclean: - $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new - mv -f Makefile.new $(MAKEFILE) - -clean: - rm -f asm/mx86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff - -# DO NOT DELETE THIS LINE -- make depend depends on it. - -md5_dgst.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h -md5_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md5_dgst.c -md5_dgst.o: md5_locl.h -md5_one.o: ../../include/openssl/md5.h md5_one.c diff --git a/src/lib/libcrypto/md5/asm/md5-586.pl b/src/lib/libcrypto/md5/asm/md5-586.pl index 5fc6a205ce0..6cb66bb4999 100644 --- a/src/lib/libcrypto/md5/asm/md5-586.pl +++ b/src/lib/libcrypto/md5/asm/md5-586.pl @@ -7,7 +7,8 @@ $normal=0; -push(@INC,"perlasm","../../perlasm"); +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +push(@INC,"${dir}","${dir}../../perlasm"); require "x86asm.pl"; &asm_init($ARGV[0],$0); @@ -29,7 +30,7 @@ 0, 7, 14, 5, 12, 3, 10, 1, 8, 15, 6, 13, 4, 11, 2, 9, # R3 ); -&md5_block("md5_block_asm_host_order"); +&md5_block("md5_block_asm_data_order"); &asm_finish(); sub Np @@ -293,7 +294,7 @@ sub md5_block &mov(&DWP(12,$tmp2,"",0),$D); &cmp($tmp1,$X) unless $normal; # check count - &jge(&label("start")) unless $normal; + &jae(&label("start")) unless $normal; &pop("eax"); # pop the temp variable off the stack &pop("ebx"); diff --git a/src/lib/libcrypto/md5/asm/md5-sparcv9.S b/src/lib/libcrypto/md5/asm/md5-sparcv9.S deleted file mode 100644 index a599ed5660b..00000000000 --- a/src/lib/libcrypto/md5/asm/md5-sparcv9.S +++ /dev/null @@ -1,1029 +0,0 @@ -.ident "md5-sparcv9.S, Version 1.0" -.ident "SPARC V9 ISA artwork by Andy Polyakov " -.file "md5-sparcv9.S" - -/* - * ==================================================================== - * Copyright (c) 1999 Andy Polyakov . - * - * Rights for redistribution and usage in source and binary forms are - * granted as long as above copyright notices are retained. Warranty - * of any kind is (of course:-) disclaimed. - * ==================================================================== - */ - -/* - * This is my modest contribution to OpenSSL project (see - * http://www.openssl.org/ for more information about it) and is an - * assembler implementation of MD5 block hash function. I've hand-coded - * this for the sole reason to reach UltraSPARC-specific "load in - * little-endian byte order" instruction. This gives up to 15% - * performance improvement for cases when input message is aligned at - * 32 bits boundary. The module was tested under both 32 *and* 64 bit - * kernels. For updates see http://fy.chalmers.se/~appro/hpe/. - * - * To compile with SC4.x/SC5.x: - * - * cc -xarch=v[9|8plus] -DOPENSSL_SYSNAME_ULTRASPARC -DMD5_BLOCK_DATA_ORDER \ - * -c md5-sparcv9.S - * - * and with gcc: - * - * gcc -mcpu=ultrasparc -DOPENSSL_SYSNAME_ULTRASPARC -DMD5_BLOCK_DATA_ORDER \ - * -c md5-sparcv9.S - * - * or if above fails (it does if you have gas): - * - * gcc -E -DULTRASPARC -DMD5_BLOCK_DATA_ORDER md5_block.sparc.S | \ - * as -xarch=v8plus /dev/fd/0 -o md5-sparcv9.o - */ - -#define A %o0 -#define B %o1 -#define C %o2 -#define D %o3 -#define T1 %o4 -#define T2 %o5 - -#define R0 %l0 -#define R1 %l1 -#define R2 %l2 -#define R3 %l3 -#define R4 %l4 -#define R5 %l5 -#define R6 %l6 -#define R7 %l7 -#define R8 %i3 -#define R9 %i4 -#define R10 %i5 -#define R11 %g1 -#define R12 %g2 -#define R13 %g3 -#define RX %g4 - -#define Aptr %i0+0 -#define Bptr %i0+4 -#define Cptr %i0+8 -#define Dptr %i0+12 - -#define Aval R5 /* those not used at the end of the last round */ -#define Bval R6 -#define Cval R7 -#define Dval R8 - -#if defined(MD5_BLOCK_DATA_ORDER) -# if defined(OPENSSL_SYSNAME_ULTRASPARC) -# define LOAD lda -# define X(i) [%i1+i*4]%asi -# define md5_block md5_block_asm_data_order_aligned -# define ASI_PRIMARY_LITTLE 0x88 -# else -# error "MD5_BLOCK_DATA_ORDER is supported only on UltraSPARC!" -# endif -#else -# define LOAD ld -# define X(i) [%i1+i*4] -# define md5_block md5_block_asm_host_order -#endif - -.section ".text",#alloc,#execinstr - -#if defined(__SUNPRO_C) && defined(__sparcv9) - /* They've said -xarch=v9 at command line */ - .register %g2,#scratch - .register %g3,#scratch -# define FRAME -192 -#elif defined(__GNUC__) && defined(__arch64__) - /* They've said -m64 at command line */ - .register %g2,#scratch - .register %g3,#scratch -# define FRAME -192 -#else -# define FRAME -96 -#endif - -.align 32 - -.global md5_block -md5_block: - save %sp,FRAME,%sp - - ld [Dptr],D - ld [Cptr],C - ld [Bptr],B - ld [Aptr],A -#ifdef ASI_PRIMARY_LITTLE - rd %asi,%o7 ! How dare I? Well, I just do:-) - wr %g0,ASI_PRIMARY_LITTLE,%asi -#endif - LOAD X(0),R0 - -.Lmd5_block_loop: - -!!!!!!!!Round 0 - - xor C,D,T1 - sethi %hi(0xd76aa478),T2 - and T1,B,T1 - or T2,%lo(0xd76aa478),T2 != - xor T1,D,T1 - add T1,R0,T1 - LOAD X(1),R1 - add T1,T2,T1 != - add A,T1,A - sll A,7,T2 - srl A,32-7,A - or A,T2,A != - xor B,C,T1 - add A,B,A - - sethi %hi(0xe8c7b756),T2 - and T1,A,T1 != - or T2,%lo(0xe8c7b756),T2 - xor T1,C,T1 - LOAD X(2),R2 - add T1,R1,T1 != - add T1,T2,T1 - add D,T1,D - sll D,12,T2 - srl D,32-12,D != - or D,T2,D - xor A,B,T1 - add D,A,D - - sethi %hi(0x242070db),T2 != - and T1,D,T1 - or T2,%lo(0x242070db),T2 - xor T1,B,T1 - add T1,R2,T1 != - LOAD X(3),R3 - add T1,T2,T1 - add C,T1,C - sll C,17,T2 != - srl C,32-17,C - or C,T2,C - xor D,A,T1 - add C,D,C != - - sethi %hi(0xc1bdceee),T2 - and T1,C,T1 - or T2,%lo(0xc1bdceee),T2 - xor T1,A,T1 != - add T1,R3,T1 - LOAD X(4),R4 - add T1,T2,T1 - add B,T1,B != - sll B,22,T2 - srl B,32-22,B - or B,T2,B - xor C,D,T1 != - add B,C,B - - sethi %hi(0xf57c0faf),T2 - and T1,B,T1 - or T2,%lo(0xf57c0faf),T2 != - xor T1,D,T1 - add T1,R4,T1 - LOAD X(5),R5 - add T1,T2,T1 != - add A,T1,A - sll A,7,T2 - srl A,32-7,A - or A,T2,A != - xor B,C,T1 - add A,B,A - - sethi %hi(0x4787c62a),T2 - and T1,A,T1 != - or T2,%lo(0x4787c62a),T2 - xor T1,C,T1 - LOAD X(6),R6 - add T1,R5,T1 != - add T1,T2,T1 - add D,T1,D - sll D,12,T2 - srl D,32-12,D != - or D,T2,D - xor A,B,T1 - add D,A,D - - sethi %hi(0xa8304613),T2 != - and T1,D,T1 - or T2,%lo(0xa8304613),T2 - xor T1,B,T1 - add T1,R6,T1 != - LOAD X(7),R7 - add T1,T2,T1 - add C,T1,C - sll C,17,T2 != - srl C,32-17,C - or C,T2,C - xor D,A,T1 - add C,D,C != - - sethi %hi(0xfd469501),T2 - and T1,C,T1 - or T2,%lo(0xfd469501),T2 - xor T1,A,T1 != - add T1,R7,T1 - LOAD X(8),R8 - add T1,T2,T1 - add B,T1,B != - sll B,22,T2 - srl B,32-22,B - or B,T2,B - xor C,D,T1 != - add B,C,B - - sethi %hi(0x698098d8),T2 - and T1,B,T1 - or T2,%lo(0x698098d8),T2 != - xor T1,D,T1 - add T1,R8,T1 - LOAD X(9),R9 - add T1,T2,T1 != - add A,T1,A - sll A,7,T2 - srl A,32-7,A - or A,T2,A != - xor B,C,T1 - add A,B,A - - sethi %hi(0x8b44f7af),T2 - and T1,A,T1 != - or T2,%lo(0x8b44f7af),T2 - xor T1,C,T1 - LOAD X(10),R10 - add T1,R9,T1 != - add T1,T2,T1 - add D,T1,D - sll D,12,T2 - srl D,32-12,D != - or D,T2,D - xor A,B,T1 - add D,A,D - - sethi %hi(0xffff5bb1),T2 != - and T1,D,T1 - or T2,%lo(0xffff5bb1),T2 - xor T1,B,T1 - add T1,R10,T1 != - LOAD X(11),R11 - add T1,T2,T1 - add C,T1,C - sll C,17,T2 != - srl C,32-17,C - or C,T2,C - xor D,A,T1 - add C,D,C != - - sethi %hi(0x895cd7be),T2 - and T1,C,T1 - or T2,%lo(0x895cd7be),T2 - xor T1,A,T1 != - add T1,R11,T1 - LOAD X(12),R12 - add T1,T2,T1 - add B,T1,B != - sll B,22,T2 - srl B,32-22,B - or B,T2,B - xor C,D,T1 != - add B,C,B - - sethi %hi(0x6b901122),T2 - and T1,B,T1 - or T2,%lo(0x6b901122),T2 != - xor T1,D,T1 - add T1,R12,T1 - LOAD X(13),R13 - add T1,T2,T1 != - add A,T1,A - sll A,7,T2 - srl A,32-7,A - or A,T2,A != - xor B,C,T1 - add A,B,A - - sethi %hi(0xfd987193),T2 - and T1,A,T1 != - or T2,%lo(0xfd987193),T2 - xor T1,C,T1 - LOAD X(14),RX - add T1,R13,T1 != - add T1,T2,T1 - add D,T1,D - sll D,12,T2 - srl D,32-12,D != - or D,T2,D - xor A,B,T1 - add D,A,D - - sethi %hi(0xa679438e),T2 != - and T1,D,T1 - or T2,%lo(0xa679438e),T2 - xor T1,B,T1 - add T1,RX,T1 != - LOAD X(15),RX - add T1,T2,T1 - add C,T1,C - sll C,17,T2 != - srl C,32-17,C - or C,T2,C - xor D,A,T1 - add C,D,C != - - sethi %hi(0x49b40821),T2 - and T1,C,T1 - or T2,%lo(0x49b40821),T2 - xor T1,A,T1 != - add T1,RX,T1 - !pre-LOADed X(1),R1 - add T1,T2,T1 - add B,T1,B - sll B,22,T2 != - srl B,32-22,B - or B,T2,B - add B,C,B - -!!!!!!!!Round 1 - - xor B,C,T1 != - sethi %hi(0xf61e2562),T2 - and T1,D,T1 - or T2,%lo(0xf61e2562),T2 - xor T1,C,T1 != - add T1,R1,T1 - !pre-LOADed X(6),R6 - add T1,T2,T1 - add A,T1,A - sll A,5,T2 != - srl A,32-5,A - or A,T2,A - add A,B,A - - xor A,B,T1 != - sethi %hi(0xc040b340),T2 - and T1,C,T1 - or T2,%lo(0xc040b340),T2 - xor T1,B,T1 != - add T1,R6,T1 - !pre-LOADed X(11),R11 - add T1,T2,T1 - add D,T1,D - sll D,9,T2 != - srl D,32-9,D - or D,T2,D - add D,A,D - - xor D,A,T1 != - sethi %hi(0x265e5a51),T2 - and T1,B,T1 - or T2,%lo(0x265e5a51),T2 - xor T1,A,T1 != - add T1,R11,T1 - !pre-LOADed X(0),R0 - add T1,T2,T1 - add C,T1,C - sll C,14,T2 != - srl C,32-14,C - or C,T2,C - add C,D,C - - xor C,D,T1 != - sethi %hi(0xe9b6c7aa),T2 - and T1,A,T1 - or T2,%lo(0xe9b6c7aa),T2 - xor T1,D,T1 != - add T1,R0,T1 - !pre-LOADed X(5),R5 - add T1,T2,T1 - add B,T1,B - sll B,20,T2 != - srl B,32-20,B - or B,T2,B - add B,C,B - - xor B,C,T1 != - sethi %hi(0xd62f105d),T2 - and T1,D,T1 - or T2,%lo(0xd62f105d),T2 - xor T1,C,T1 != - add T1,R5,T1 - !pre-LOADed X(10),R10 - add T1,T2,T1 - add A,T1,A - sll A,5,T2 != - srl A,32-5,A - or A,T2,A - add A,B,A - - xor A,B,T1 != - sethi %hi(0x02441453),T2 - and T1,C,T1 - or T2,%lo(0x02441453),T2 - xor T1,B,T1 != - add T1,R10,T1 - LOAD X(15),RX - add T1,T2,T1 - add D,T1,D != - sll D,9,T2 - srl D,32-9,D - or D,T2,D - add D,A,D != - - xor D,A,T1 - sethi %hi(0xd8a1e681),T2 - and T1,B,T1 - or T2,%lo(0xd8a1e681),T2 != - xor T1,A,T1 - add T1,RX,T1 - !pre-LOADed X(4),R4 - add T1,T2,T1 - add C,T1,C != - sll C,14,T2 - srl C,32-14,C - or C,T2,C - add C,D,C != - - xor C,D,T1 - sethi %hi(0xe7d3fbc8),T2 - and T1,A,T1 - or T2,%lo(0xe7d3fbc8),T2 != - xor T1,D,T1 - add T1,R4,T1 - !pre-LOADed X(9),R9 - add T1,T2,T1 - add B,T1,B != - sll B,20,T2 - srl B,32-20,B - or B,T2,B - add B,C,B != - - xor B,C,T1 - sethi %hi(0x21e1cde6),T2 - and T1,D,T1 - or T2,%lo(0x21e1cde6),T2 != - xor T1,C,T1 - add T1,R9,T1 - LOAD X(14),RX - add T1,T2,T1 != - add A,T1,A - sll A,5,T2 - srl A,32-5,A - or A,T2,A != - add A,B,A - - xor A,B,T1 - sethi %hi(0xc33707d6),T2 - and T1,C,T1 != - or T2,%lo(0xc33707d6),T2 - xor T1,B,T1 - add T1,RX,T1 - !pre-LOADed X(3),R3 - add T1,T2,T1 != - add D,T1,D - sll D,9,T2 - srl D,32-9,D - or D,T2,D != - add D,A,D - - xor D,A,T1 - sethi %hi(0xf4d50d87),T2 - and T1,B,T1 != - or T2,%lo(0xf4d50d87),T2 - xor T1,A,T1 - add T1,R3,T1 - !pre-LOADed X(8),R8 - add T1,T2,T1 != - add C,T1,C - sll C,14,T2 - srl C,32-14,C - or C,T2,C != - add C,D,C - - xor C,D,T1 - sethi %hi(0x455a14ed),T2 - and T1,A,T1 != - or T2,%lo(0x455a14ed),T2 - xor T1,D,T1 - add T1,R8,T1 - !pre-LOADed X(13),R13 - add T1,T2,T1 != - add B,T1,B - sll B,20,T2 - srl B,32-20,B - or B,T2,B != - add B,C,B - - xor B,C,T1 - sethi %hi(0xa9e3e905),T2 - and T1,D,T1 != - or T2,%lo(0xa9e3e905),T2 - xor T1,C,T1 - add T1,R13,T1 - !pre-LOADed X(2),R2 - add T1,T2,T1 != - add A,T1,A - sll A,5,T2 - srl A,32-5,A - or A,T2,A != - add A,B,A - - xor A,B,T1 - sethi %hi(0xfcefa3f8),T2 - and T1,C,T1 != - or T2,%lo(0xfcefa3f8),T2 - xor T1,B,T1 - add T1,R2,T1 - !pre-LOADed X(7),R7 - add T1,T2,T1 != - add D,T1,D - sll D,9,T2 - srl D,32-9,D - or D,T2,D != - add D,A,D - - xor D,A,T1 - sethi %hi(0x676f02d9),T2 - and T1,B,T1 != - or T2,%lo(0x676f02d9),T2 - xor T1,A,T1 - add T1,R7,T1 - !pre-LOADed X(12),R12 - add T1,T2,T1 != - add C,T1,C - sll C,14,T2 - srl C,32-14,C - or C,T2,C != - add C,D,C - - xor C,D,T1 - sethi %hi(0x8d2a4c8a),T2 - and T1,A,T1 != - or T2,%lo(0x8d2a4c8a),T2 - xor T1,D,T1 - add T1,R12,T1 - !pre-LOADed X(5),R5 - add T1,T2,T1 != - add B,T1,B - sll B,20,T2 - srl B,32-20,B - or B,T2,B != - add B,C,B - -!!!!!!!!Round 2 - - xor B,C,T1 - sethi %hi(0xfffa3942),T2 - xor T1,D,T1 != - or T2,%lo(0xfffa3942),T2 - add T1,R5,T1 - !pre-LOADed X(8),R8 - add T1,T2,T1 - add A,T1,A != - sll A,4,T2 - srl A,32-4,A - or A,T2,A - add A,B,A != - - xor A,B,T1 - sethi %hi(0x8771f681),T2 - xor T1,C,T1 - or T2,%lo(0x8771f681),T2 != - add T1,R8,T1 - !pre-LOADed X(11),R11 - add T1,T2,T1 - add D,T1,D - sll D,11,T2 != - srl D,32-11,D - or D,T2,D - add D,A,D - - xor D,A,T1 != - sethi %hi(0x6d9d6122),T2 - xor T1,B,T1 - or T2,%lo(0x6d9d6122),T2 - add T1,R11,T1 != - LOAD X(14),RX - add T1,T2,T1 - add C,T1,C - sll C,16,T2 != - srl C,32-16,C - or C,T2,C - add C,D,C - - xor C,D,T1 != - sethi %hi(0xfde5380c),T2 - xor T1,A,T1 - or T2,%lo(0xfde5380c),T2 - add T1,RX,T1 != - !pre-LOADed X(1),R1 - add T1,T2,T1 - add B,T1,B - sll B,23,T2 - srl B,32-23,B != - or B,T2,B - add B,C,B - - xor B,C,T1 - sethi %hi(0xa4beea44),T2 != - xor T1,D,T1 - or T2,%lo(0xa4beea44),T2 - add T1,R1,T1 - !pre-LOADed X(4),R4 - add T1,T2,T1 != - add A,T1,A - sll A,4,T2 - srl A,32-4,A - or A,T2,A != - add A,B,A - - xor A,B,T1 - sethi %hi(0x4bdecfa9),T2 - xor T1,C,T1 != - or T2,%lo(0x4bdecfa9),T2 - add T1,R4,T1 - !pre-LOADed X(7),R7 - add T1,T2,T1 - add D,T1,D != - sll D,11,T2 - srl D,32-11,D - or D,T2,D - add D,A,D != - - xor D,A,T1 - sethi %hi(0xf6bb4b60),T2 - xor T1,B,T1 - or T2,%lo(0xf6bb4b60),T2 != - add T1,R7,T1 - !pre-LOADed X(10),R10 - add T1,T2,T1 - add C,T1,C - sll C,16,T2 != - srl C,32-16,C - or C,T2,C - add C,D,C - - xor C,D,T1 != - sethi %hi(0xbebfbc70),T2 - xor T1,A,T1 - or T2,%lo(0xbebfbc70),T2 - add T1,R10,T1 != - !pre-LOADed X(13),R13 - add T1,T2,T1 - add B,T1,B - sll B,23,T2 - srl B,32-23,B != - or B,T2,B - add B,C,B - - xor B,C,T1 - sethi %hi(0x289b7ec6),T2 != - xor T1,D,T1 - or T2,%lo(0x289b7ec6),T2 - add T1,R13,T1 - !pre-LOADed X(0),R0 - add T1,T2,T1 != - add A,T1,A - sll A,4,T2 - srl A,32-4,A - or A,T2,A != - add A,B,A - - xor A,B,T1 - sethi %hi(0xeaa127fa),T2 - xor T1,C,T1 != - or T2,%lo(0xeaa127fa),T2 - add T1,R0,T1 - !pre-LOADed X(3),R3 - add T1,T2,T1 - add D,T1,D != - sll D,11,T2 - srl D,32-11,D - or D,T2,D - add D,A,D != - - xor D,A,T1 - sethi %hi(0xd4ef3085),T2 - xor T1,B,T1 - or T2,%lo(0xd4ef3085),T2 != - add T1,R3,T1 - !pre-LOADed X(6),R6 - add T1,T2,T1 - add C,T1,C - sll C,16,T2 != - srl C,32-16,C - or C,T2,C - add C,D,C - - xor C,D,T1 != - sethi %hi(0x04881d05),T2 - xor T1,A,T1 - or T2,%lo(0x04881d05),T2 - add T1,R6,T1 != - !pre-LOADed X(9),R9 - add T1,T2,T1 - add B,T1,B - sll B,23,T2 - srl B,32-23,B != - or B,T2,B - add B,C,B - - xor B,C,T1 - sethi %hi(0xd9d4d039),T2 != - xor T1,D,T1 - or T2,%lo(0xd9d4d039),T2 - add T1,R9,T1 - !pre-LOADed X(12),R12 - add T1,T2,T1 != - add A,T1,A - sll A,4,T2 - srl A,32-4,A - or A,T2,A != - add A,B,A - - xor A,B,T1 - sethi %hi(0xe6db99e5),T2 - xor T1,C,T1 != - or T2,%lo(0xe6db99e5),T2 - add T1,R12,T1 - LOAD X(15),RX - add T1,T2,T1 != - add D,T1,D - sll D,11,T2 - srl D,32-11,D - or D,T2,D != - add D,A,D - - xor D,A,T1 - sethi %hi(0x1fa27cf8),T2 - xor T1,B,T1 != - or T2,%lo(0x1fa27cf8),T2 - add T1,RX,T1 - !pre-LOADed X(2),R2 - add T1,T2,T1 - add C,T1,C != - sll C,16,T2 - srl C,32-16,C - or C,T2,C - add C,D,C != - - xor C,D,T1 - sethi %hi(0xc4ac5665),T2 - xor T1,A,T1 - or T2,%lo(0xc4ac5665),T2 != - add T1,R2,T1 - !pre-LOADed X(0),R0 - add T1,T2,T1 - add B,T1,B - sll B,23,T2 != - srl B,32-23,B - or B,T2,B - add B,C,B - -!!!!!!!!Round 3 - - orn B,D,T1 != - sethi %hi(0xf4292244),T2 - xor T1,C,T1 - or T2,%lo(0xf4292244),T2 - add T1,R0,T1 != - !pre-LOADed X(7),R7 - add T1,T2,T1 - add A,T1,A - sll A,6,T2 - srl A,32-6,A != - or A,T2,A - add A,B,A - - orn A,C,T1 - sethi %hi(0x432aff97),T2 != - xor T1,B,T1 - or T2,%lo(0x432aff97),T2 - LOAD X(14),RX - add T1,R7,T1 != - add T1,T2,T1 - add D,T1,D - sll D,10,T2 - srl D,32-10,D != - or D,T2,D - add D,A,D - - orn D,B,T1 - sethi %hi(0xab9423a7),T2 != - xor T1,A,T1 - or T2,%lo(0xab9423a7),T2 - add T1,RX,T1 - !pre-LOADed X(5),R5 - add T1,T2,T1 != - add C,T1,C - sll C,15,T2 - srl C,32-15,C - or C,T2,C != - add C,D,C - - orn C,A,T1 - sethi %hi(0xfc93a039),T2 - xor T1,D,T1 != - or T2,%lo(0xfc93a039),T2 - add T1,R5,T1 - !pre-LOADed X(12),R12 - add T1,T2,T1 - add B,T1,B != - sll B,21,T2 - srl B,32-21,B - or B,T2,B - add B,C,B != - - orn B,D,T1 - sethi %hi(0x655b59c3),T2 - xor T1,C,T1 - or T2,%lo(0x655b59c3),T2 != - add T1,R12,T1 - !pre-LOADed X(3),R3 - add T1,T2,T1 - add A,T1,A - sll A,6,T2 != - srl A,32-6,A - or A,T2,A - add A,B,A - - orn A,C,T1 != - sethi %hi(0x8f0ccc92),T2 - xor T1,B,T1 - or T2,%lo(0x8f0ccc92),T2 - add T1,R3,T1 != - !pre-LOADed X(10),R10 - add T1,T2,T1 - add D,T1,D - sll D,10,T2 - srl D,32-10,D != - or D,T2,D - add D,A,D - - orn D,B,T1 - sethi %hi(0xffeff47d),T2 != - xor T1,A,T1 - or T2,%lo(0xffeff47d),T2 - add T1,R10,T1 - !pre-LOADed X(1),R1 - add T1,T2,T1 != - add C,T1,C - sll C,15,T2 - srl C,32-15,C - or C,T2,C != - add C,D,C - - orn C,A,T1 - sethi %hi(0x85845dd1),T2 - xor T1,D,T1 != - or T2,%lo(0x85845dd1),T2 - add T1,R1,T1 - !pre-LOADed X(8),R8 - add T1,T2,T1 - add B,T1,B != - sll B,21,T2 - srl B,32-21,B - or B,T2,B - add B,C,B != - - orn B,D,T1 - sethi %hi(0x6fa87e4f),T2 - xor T1,C,T1 - or T2,%lo(0x6fa87e4f),T2 != - add T1,R8,T1 - LOAD X(15),RX - add T1,T2,T1 - add A,T1,A != - sll A,6,T2 - srl A,32-6,A - or A,T2,A - add A,B,A != - - orn A,C,T1 - sethi %hi(0xfe2ce6e0),T2 - xor T1,B,T1 - or T2,%lo(0xfe2ce6e0),T2 != - add T1,RX,T1 - !pre-LOADed X(6),R6 - add T1,T2,T1 - add D,T1,D - sll D,10,T2 != - srl D,32-10,D - or D,T2,D - add D,A,D - - orn D,B,T1 != - sethi %hi(0xa3014314),T2 - xor T1,A,T1 - or T2,%lo(0xa3014314),T2 - add T1,R6,T1 != - !pre-LOADed X(13),R13 - add T1,T2,T1 - add C,T1,C - sll C,15,T2 - srl C,32-15,C != - or C,T2,C - add C,D,C - - orn C,A,T1 - sethi %hi(0x4e0811a1),T2 != - xor T1,D,T1 - or T2,%lo(0x4e0811a1),T2 - !pre-LOADed X(4),R4 - ld [Aptr],Aval - add T1,R13,T1 != - add T1,T2,T1 - add B,T1,B - sll B,21,T2 - srl B,32-21,B != - or B,T2,B - add B,C,B - - orn B,D,T1 - sethi %hi(0xf7537e82),T2 != - xor T1,C,T1 - or T2,%lo(0xf7537e82),T2 - !pre-LOADed X(11),R11 - ld [Dptr],Dval - add T1,R4,T1 != - add T1,T2,T1 - add A,T1,A - sll A,6,T2 - srl A,32-6,A != - or A,T2,A - add A,B,A - - orn A,C,T1 - sethi %hi(0xbd3af235),T2 != - xor T1,B,T1 - or T2,%lo(0xbd3af235),T2 - !pre-LOADed X(2),R2 - ld [Cptr],Cval - add T1,R11,T1 != - add T1,T2,T1 - add D,T1,D - sll D,10,T2 - srl D,32-10,D != - or D,T2,D - add D,A,D - - orn D,B,T1 - sethi %hi(0x2ad7d2bb),T2 != - xor T1,A,T1 - or T2,%lo(0x2ad7d2bb),T2 - !pre-LOADed X(9),R9 - ld [Bptr],Bval - add T1,R2,T1 != - add Aval,A,Aval - add T1,T2,T1 - st Aval,[Aptr] - add C,T1,C != - sll C,15,T2 - add Dval,D,Dval - srl C,32-15,C - or C,T2,C != - st Dval,[Dptr] - add C,D,C - - orn C,A,T1 - sethi %hi(0xeb86d391),T2 != - xor T1,D,T1 - or T2,%lo(0xeb86d391),T2 - add T1,R9,T1 - !pre-LOADed X(0),R0 - mov Aval,A != - add T1,T2,T1 - mov Dval,D - add B,T1,B - sll B,21,T2 != - add Cval,C,Cval - srl B,32-21,B - st Cval,[Cptr] - or B,T2,B != - add B,C,B - - deccc %i2 - mov Cval,C - add B,Bval,B != - inc 64,%i1 - nop - st B,[Bptr] - nop != - -#ifdef OPENSSL_SYSNAME_ULTRASPARC - bg,a,pt %icc,.Lmd5_block_loop -#else - bg,a .Lmd5_block_loop -#endif - LOAD X(0),R0 - -#ifdef ASI_PRIMARY_LITTLE - wr %g0,%o7,%asi -#endif - ret - restore %g0,0,%o0 - -.type md5_block,#function -.size md5_block,(.-md5_block) diff --git a/src/lib/libcrypto/md5/asm/md5-x86_64.pl b/src/lib/libcrypto/md5/asm/md5-x86_64.pl new file mode 100755 index 00000000000..c902a1b532f --- /dev/null +++ b/src/lib/libcrypto/md5/asm/md5-x86_64.pl @@ -0,0 +1,264 @@ +#!/usr/bin/perl -w +# +# MD5 optimized for AMD64. +# +# Author: Marc Bevand +# Licence: I hereby disclaim the copyright on this code and place it +# in the public domain. +# + +use strict; + +my $code; + +# round1_step() does: +# dst = x + ((dst + F(x,y,z) + X[k] + T_i) <<< s) +# %r10d = X[k_next] +# %r11d = z' (copy of z for the next step) +# Each round1_step() takes about 5.3 clocks (9 instructions, 1.7 IPC) +sub round1_step +{ + my ($pos, $dst, $x, $y, $z, $k_next, $T_i, $s) = @_; + $code .= " mov 0*4(%rsi), %r10d /* (NEXT STEP) X[0] */\n" if ($pos == -1); + $code .= " mov %edx, %r11d /* (NEXT STEP) z' = %edx */\n" if ($pos == -1); + $code .= <A + mov 1*4(%rbp), %ebx # ebx = ctx->B + mov 2*4(%rbp), %ecx # ecx = ctx->C + mov 3*4(%rbp), %edx # edx = ctx->D + # end is 'rdi' + # ptr is 'rsi' + # A is 'eax' + # B is 'ebx' + # C is 'ecx' + # D is 'edx' + + cmp %rdi, %rsi # cmp end with ptr + je .Lend # jmp if ptr == end + + # BEGIN of loop over 16-word blocks +.Lloop: # save old values of A, B, C, D + mov %eax, %r8d + mov %ebx, %r9d + mov %ecx, %r14d + mov %edx, %r15d +EOF +round1_step(-1,'%eax','%ebx','%ecx','%edx', '1','0xd76aa478', '7'); +round1_step( 0,'%edx','%eax','%ebx','%ecx', '2','0xe8c7b756','12'); +round1_step( 0,'%ecx','%edx','%eax','%ebx', '3','0x242070db','17'); +round1_step( 0,'%ebx','%ecx','%edx','%eax', '4','0xc1bdceee','22'); +round1_step( 0,'%eax','%ebx','%ecx','%edx', '5','0xf57c0faf', '7'); +round1_step( 0,'%edx','%eax','%ebx','%ecx', '6','0x4787c62a','12'); +round1_step( 0,'%ecx','%edx','%eax','%ebx', '7','0xa8304613','17'); +round1_step( 0,'%ebx','%ecx','%edx','%eax', '8','0xfd469501','22'); +round1_step( 0,'%eax','%ebx','%ecx','%edx', '9','0x698098d8', '7'); +round1_step( 0,'%edx','%eax','%ebx','%ecx','10','0x8b44f7af','12'); +round1_step( 0,'%ecx','%edx','%eax','%ebx','11','0xffff5bb1','17'); +round1_step( 0,'%ebx','%ecx','%edx','%eax','12','0x895cd7be','22'); +round1_step( 0,'%eax','%ebx','%ecx','%edx','13','0x6b901122', '7'); +round1_step( 0,'%edx','%eax','%ebx','%ecx','14','0xfd987193','12'); +round1_step( 0,'%ecx','%edx','%eax','%ebx','15','0xa679438e','17'); +round1_step( 1,'%ebx','%ecx','%edx','%eax', '0','0x49b40821','22'); + +round2_step(-1,'%eax','%ebx','%ecx','%edx', '6','0xf61e2562', '5'); +round2_step( 0,'%edx','%eax','%ebx','%ecx','11','0xc040b340', '9'); +round2_step( 0,'%ecx','%edx','%eax','%ebx', '0','0x265e5a51','14'); +round2_step( 0,'%ebx','%ecx','%edx','%eax', '5','0xe9b6c7aa','20'); +round2_step( 0,'%eax','%ebx','%ecx','%edx','10','0xd62f105d', '5'); +round2_step( 0,'%edx','%eax','%ebx','%ecx','15', '0x2441453', '9'); +round2_step( 0,'%ecx','%edx','%eax','%ebx', '4','0xd8a1e681','14'); +round2_step( 0,'%ebx','%ecx','%edx','%eax', '9','0xe7d3fbc8','20'); +round2_step( 0,'%eax','%ebx','%ecx','%edx','14','0x21e1cde6', '5'); +round2_step( 0,'%edx','%eax','%ebx','%ecx', '3','0xc33707d6', '9'); +round2_step( 0,'%ecx','%edx','%eax','%ebx', '8','0xf4d50d87','14'); +round2_step( 0,'%ebx','%ecx','%edx','%eax','13','0x455a14ed','20'); +round2_step( 0,'%eax','%ebx','%ecx','%edx', '2','0xa9e3e905', '5'); +round2_step( 0,'%edx','%eax','%ebx','%ecx', '7','0xfcefa3f8', '9'); +round2_step( 0,'%ecx','%edx','%eax','%ebx','12','0x676f02d9','14'); +round2_step( 1,'%ebx','%ecx','%edx','%eax', '0','0x8d2a4c8a','20'); + +round3_step(-1,'%eax','%ebx','%ecx','%edx', '8','0xfffa3942', '4'); +round3_step( 0,'%edx','%eax','%ebx','%ecx','11','0x8771f681','11'); +round3_step( 0,'%ecx','%edx','%eax','%ebx','14','0x6d9d6122','16'); +round3_step( 0,'%ebx','%ecx','%edx','%eax', '1','0xfde5380c','23'); +round3_step( 0,'%eax','%ebx','%ecx','%edx', '4','0xa4beea44', '4'); +round3_step( 0,'%edx','%eax','%ebx','%ecx', '7','0x4bdecfa9','11'); +round3_step( 0,'%ecx','%edx','%eax','%ebx','10','0xf6bb4b60','16'); +round3_step( 0,'%ebx','%ecx','%edx','%eax','13','0xbebfbc70','23'); +round3_step( 0,'%eax','%ebx','%ecx','%edx', '0','0x289b7ec6', '4'); +round3_step( 0,'%edx','%eax','%ebx','%ecx', '3','0xeaa127fa','11'); +round3_step( 0,'%ecx','%edx','%eax','%ebx', '6','0xd4ef3085','16'); +round3_step( 0,'%ebx','%ecx','%edx','%eax', '9', '0x4881d05','23'); +round3_step( 0,'%eax','%ebx','%ecx','%edx','12','0xd9d4d039', '4'); +round3_step( 0,'%edx','%eax','%ebx','%ecx','15','0xe6db99e5','11'); +round3_step( 0,'%ecx','%edx','%eax','%ebx', '2','0x1fa27cf8','16'); +round3_step( 1,'%ebx','%ecx','%edx','%eax', '0','0xc4ac5665','23'); + +round4_step(-1,'%eax','%ebx','%ecx','%edx', '7','0xf4292244', '6'); +round4_step( 0,'%edx','%eax','%ebx','%ecx','14','0x432aff97','10'); +round4_step( 0,'%ecx','%edx','%eax','%ebx', '5','0xab9423a7','15'); +round4_step( 0,'%ebx','%ecx','%edx','%eax','12','0xfc93a039','21'); +round4_step( 0,'%eax','%ebx','%ecx','%edx', '3','0x655b59c3', '6'); +round4_step( 0,'%edx','%eax','%ebx','%ecx','10','0x8f0ccc92','10'); +round4_step( 0,'%ecx','%edx','%eax','%ebx', '1','0xffeff47d','15'); +round4_step( 0,'%ebx','%ecx','%edx','%eax', '8','0x85845dd1','21'); +round4_step( 0,'%eax','%ebx','%ecx','%edx','15','0x6fa87e4f', '6'); +round4_step( 0,'%edx','%eax','%ebx','%ecx', '6','0xfe2ce6e0','10'); +round4_step( 0,'%ecx','%edx','%eax','%ebx','13','0xa3014314','15'); +round4_step( 0,'%ebx','%ecx','%edx','%eax', '4','0x4e0811a1','21'); +round4_step( 0,'%eax','%ebx','%ecx','%edx','11','0xf7537e82', '6'); +round4_step( 0,'%edx','%eax','%ebx','%ecx', '2','0xbd3af235','10'); +round4_step( 0,'%ecx','%edx','%eax','%ebx', '9','0x2ad7d2bb','15'); +round4_step( 1,'%ebx','%ecx','%edx','%eax', '0','0xeb86d391','21'); +$code .= <A = A + mov %ebx, 1*4(%rbp) # ctx->B = B + mov %ecx, 2*4(%rbp) # ctx->C = C + mov %edx, 3*4(%rbp) # ctx->D = D + + mov (%rsp),%r15 + mov 8(%rsp),%r14 + mov 16(%rsp),%r12 + mov 24(%rsp),%rbx + mov 32(%rsp),%rbp + add \$40,%rsp +.Lepilogue: + ret +.size md5_block_asm_data_order,.-md5_block_asm_data_order +EOF + +print $code; + +close STDOUT; diff --git a/src/lib/libcrypto/md5/md5.c b/src/lib/libcrypto/md5/md5.c deleted file mode 100644 index 7ed0024ae19..00000000000 --- a/src/lib/libcrypto/md5/md5.c +++ /dev/null @@ -1,127 +0,0 @@ -/* crypto/md5/md5.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include - -#define BUFSIZE 1024*16 - -void do_fp(FILE *f); -void pt(unsigned char *md); -#ifndef _OSD_POSIX -int read(int, void *, unsigned int); -#endif - -int main(int argc, char **argv) - { - int i,err=0; - FILE *IN; - - if (argc == 1) - { - do_fp(stdin); - } - else - { - for (i=1; i + #ifndef HEADER_MD5_H #define HEADER_MD5_H +#if !defined(HAVE_ATTRIBUTE__BOUNDED__) && !defined(__OpenBSD__) +#define __bounded__(x, y, z) +#endif + +#include #ifdef __cplusplus extern "C" { @@ -69,26 +76,11 @@ extern "C" { /* * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! - * ! MD5_LONG has to be at least 32 bits wide. If it's wider, then ! - * ! MD5_LONG_LOG2 has to be defined along. ! + * ! MD5_LONG has to be at least 32 bits wide. ! * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! */ -#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__) -#define MD5_LONG unsigned long -#elif defined(OENSSL_SYS_CRAY) || defined(__ILP64__) -#define MD5_LONG unsigned long -#define MD5_LONG_LOG2 3 -/* - * _CRAY note. I could declare short, but I have no idea what impact - * does it have on performance on none-T3E machines. I could declare - * int, but at least on C90 sizeof(int) can be chosen at compile time. - * So I've chosen long... - * - */ -#else #define MD5_LONG unsigned int -#endif #define MD5_CBLOCK 64 #define MD5_LBLOCK (MD5_CBLOCK/4) @@ -99,13 +91,15 @@ typedef struct MD5state_st MD5_LONG A,B,C,D; MD5_LONG Nl,Nh; MD5_LONG data[MD5_LBLOCK]; - int num; + unsigned int num; } MD5_CTX; int MD5_Init(MD5_CTX *c); -int MD5_Update(MD5_CTX *c, const void *data, unsigned long len); +int MD5_Update(MD5_CTX *c, const void *data, size_t len) + __attribute__ ((__bounded__(__buffer__,2,3))); int MD5_Final(unsigned char *md, MD5_CTX *c); -unsigned char *MD5(const unsigned char *d, unsigned long n, unsigned char *md); +unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md) + __attribute__ ((__bounded__(__buffer__,1,2))); void MD5_Transform(MD5_CTX *c, const unsigned char *b); #ifdef __cplusplus } diff --git a/src/lib/libcrypto/md5/md5_dgst.c b/src/lib/libcrypto/md5/md5_dgst.c index c38a3f021e9..f55113727ae 100644 --- a/src/lib/libcrypto/md5/md5_dgst.c +++ b/src/lib/libcrypto/md5/md5_dgst.c @@ -1,4 +1,4 @@ -/* crypto/md5/md5_dgst.c */ +/* $OpenBSD: md5_dgst.c,v 1.14 2014/10/28 07:35:59 jsg Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -59,8 +59,7 @@ #include #include "md5_locl.h" #include - -const char *MD5_version="MD5" OPENSSL_VERSION_PTEXT; +#include /* Implemented from RFC1321 The MD5 Message-Digest Algorithm */ @@ -72,146 +71,26 @@ const char *MD5_version="MD5" OPENSSL_VERSION_PTEXT; int MD5_Init(MD5_CTX *c) { + memset (c,0,sizeof(*c)); c->A=INIT_DATA_A; c->B=INIT_DATA_B; c->C=INIT_DATA_C; c->D=INIT_DATA_D; - c->Nl=0; - c->Nh=0; - c->num=0; return 1; } -#ifndef md5_block_host_order -void md5_block_host_order (MD5_CTX *c, const void *data, int num) - { - const MD5_LONG *X=data; - register unsigned long A,B,C,D; - /* - * In case you wonder why A-D are declared as long and not - * as MD5_LONG. Doing so results in slight performance - * boost on LP64 architectures. The catch is we don't - * really care if 32 MSBs of a 64-bit register get polluted - * with eventual overflows as we *save* only 32 LSBs in - * *either* case. Now declaring 'em long excuses the compiler - * from keeping 32 MSBs zeroed resulting in 13% performance - * improvement under SPARC Solaris7/64 and 5% under AlphaLinux. - * Well, to be honest it should say that this *prevents* - * performance degradation. - * - * - */ - - A=c->A; - B=c->B; - C=c->C; - D=c->D; - - for (;num--;X+=HASH_LBLOCK) - { - /* Round 0 */ - R0(A,B,C,D,X[ 0], 7,0xd76aa478L); - R0(D,A,B,C,X[ 1],12,0xe8c7b756L); - R0(C,D,A,B,X[ 2],17,0x242070dbL); - R0(B,C,D,A,X[ 3],22,0xc1bdceeeL); - R0(A,B,C,D,X[ 4], 7,0xf57c0fafL); - R0(D,A,B,C,X[ 5],12,0x4787c62aL); - R0(C,D,A,B,X[ 6],17,0xa8304613L); - R0(B,C,D,A,X[ 7],22,0xfd469501L); - R0(A,B,C,D,X[ 8], 7,0x698098d8L); - R0(D,A,B,C,X[ 9],12,0x8b44f7afL); - R0(C,D,A,B,X[10],17,0xffff5bb1L); - R0(B,C,D,A,X[11],22,0x895cd7beL); - R0(A,B,C,D,X[12], 7,0x6b901122L); - R0(D,A,B,C,X[13],12,0xfd987193L); - R0(C,D,A,B,X[14],17,0xa679438eL); - R0(B,C,D,A,X[15],22,0x49b40821L); - /* Round 1 */ - R1(A,B,C,D,X[ 1], 5,0xf61e2562L); - R1(D,A,B,C,X[ 6], 9,0xc040b340L); - R1(C,D,A,B,X[11],14,0x265e5a51L); - R1(B,C,D,A,X[ 0],20,0xe9b6c7aaL); - R1(A,B,C,D,X[ 5], 5,0xd62f105dL); - R1(D,A,B,C,X[10], 9,0x02441453L); - R1(C,D,A,B,X[15],14,0xd8a1e681L); - R1(B,C,D,A,X[ 4],20,0xe7d3fbc8L); - R1(A,B,C,D,X[ 9], 5,0x21e1cde6L); - R1(D,A,B,C,X[14], 9,0xc33707d6L); - R1(C,D,A,B,X[ 3],14,0xf4d50d87L); - R1(B,C,D,A,X[ 8],20,0x455a14edL); - R1(A,B,C,D,X[13], 5,0xa9e3e905L); - R1(D,A,B,C,X[ 2], 9,0xfcefa3f8L); - R1(C,D,A,B,X[ 7],14,0x676f02d9L); - R1(B,C,D,A,X[12],20,0x8d2a4c8aL); - /* Round 2 */ - R2(A,B,C,D,X[ 5], 4,0xfffa3942L); - R2(D,A,B,C,X[ 8],11,0x8771f681L); - R2(C,D,A,B,X[11],16,0x6d9d6122L); - R2(B,C,D,A,X[14],23,0xfde5380cL); - R2(A,B,C,D,X[ 1], 4,0xa4beea44L); - R2(D,A,B,C,X[ 4],11,0x4bdecfa9L); - R2(C,D,A,B,X[ 7],16,0xf6bb4b60L); - R2(B,C,D,A,X[10],23,0xbebfbc70L); - R2(A,B,C,D,X[13], 4,0x289b7ec6L); - R2(D,A,B,C,X[ 0],11,0xeaa127faL); - R2(C,D,A,B,X[ 3],16,0xd4ef3085L); - R2(B,C,D,A,X[ 6],23,0x04881d05L); - R2(A,B,C,D,X[ 9], 4,0xd9d4d039L); - R2(D,A,B,C,X[12],11,0xe6db99e5L); - R2(C,D,A,B,X[15],16,0x1fa27cf8L); - R2(B,C,D,A,X[ 2],23,0xc4ac5665L); - /* Round 3 */ - R3(A,B,C,D,X[ 0], 6,0xf4292244L); - R3(D,A,B,C,X[ 7],10,0x432aff97L); - R3(C,D,A,B,X[14],15,0xab9423a7L); - R3(B,C,D,A,X[ 5],21,0xfc93a039L); - R3(A,B,C,D,X[12], 6,0x655b59c3L); - R3(D,A,B,C,X[ 3],10,0x8f0ccc92L); - R3(C,D,A,B,X[10],15,0xffeff47dL); - R3(B,C,D,A,X[ 1],21,0x85845dd1L); - R3(A,B,C,D,X[ 8], 6,0x6fa87e4fL); - R3(D,A,B,C,X[15],10,0xfe2ce6e0L); - R3(C,D,A,B,X[ 6],15,0xa3014314L); - R3(B,C,D,A,X[13],21,0x4e0811a1L); - R3(A,B,C,D,X[ 4], 6,0xf7537e82L); - R3(D,A,B,C,X[11],10,0xbd3af235L); - R3(C,D,A,B,X[ 2],15,0x2ad7d2bbL); - R3(B,C,D,A,X[ 9],21,0xeb86d391L); - - A = c->A += A; - B = c->B += B; - C = c->C += C; - D = c->D += D; - } - } -#endif - #ifndef md5_block_data_order #ifdef X #undef X #endif -void md5_block_data_order (MD5_CTX *c, const void *data_, int num) +void md5_block_data_order (MD5_CTX *c, const void *data_, size_t num) { const unsigned char *data=data_; - register unsigned long A,B,C,D,l; - /* - * In case you wonder why A-D are declared as long and not - * as MD5_LONG. Doing so results in slight performance - * boost on LP64 architectures. The catch is we don't - * really care if 32 MSBs of a 64-bit register get polluted - * with eventual overflows as we *save* only 32 LSBs in - * *either* case. Now declaring 'em long excuses the compiler - * from keeping 32 MSBs zeroed resulting in 13% performance - * improvement under SPARC Solaris7/64 and 5% under AlphaLinux. - * Well, to be honest it should say that this *prevents* - * performance degradation. - * - * - */ + unsigned MD32_REG_T A,B,C,D,l; #ifndef MD32_XARRAY /* See comment in crypto/sha/sha_locl.h for details. */ - unsigned long XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, - XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15; + unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, + XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15; # define X(i) XX##i #else MD5_LONG XX[MD5_LBLOCK]; @@ -302,19 +181,3 @@ void md5_block_data_order (MD5_CTX *c, const void *data_, int num) } } #endif - -#ifdef undef -int printit(unsigned long *l) - { - int i,ii; - - for (i=0; i<2; i++) - { - for (ii=0; ii<8; ii++) - { - fprintf(stderr,"%08lx ",l[i*8+ii]); - } - fprintf(stderr,"\n"); - } - } -#endif diff --git a/src/lib/libcrypto/md5/md5_locl.h b/src/lib/libcrypto/md5/md5_locl.h index 34c5257306d..325c5314205 100644 --- a/src/lib/libcrypto/md5/md5_locl.h +++ b/src/lib/libcrypto/md5/md5_locl.h @@ -1,4 +1,4 @@ -/* crypto/md5/md5_locl.h */ +/* $OpenBSD: md5_locl.h,v 1.14 2016/12/21 15:49:29 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -58,57 +58,31 @@ #include #include + #include -#include -#ifndef MD5_LONG_LOG2 -#define MD5_LONG_LOG2 2 /* default to 32 bits */ -#endif +#include #ifdef MD5_ASM -# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) -# define md5_block_host_order md5_block_asm_host_order -# elif defined(__sparc) && defined(OPENSSL_SYS_ULTRASPARC) - void md5_block_asm_data_order_aligned (MD5_CTX *c, const MD5_LONG *p,int num); -# define HASH_BLOCK_DATA_ORDER_ALIGNED md5_block_asm_data_order_aligned +# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) || \ + defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64) +# define md5_block_data_order md5_block_asm_data_order +# elif defined(__ia64) || defined(__ia64__) || defined(_M_IA64) +# define md5_block_data_order md5_block_asm_data_order # endif #endif -void md5_block_host_order (MD5_CTX *c, const void *p,int num); -void md5_block_data_order (MD5_CTX *c, const void *p,int num); +__BEGIN_HIDDEN_DECLS -#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) -/* - * *_block_host_order is expected to handle aligned data while - * *_block_data_order - unaligned. As algorithm and host (x86) - * are in this case of the same "endianness" these two are - * otherwise indistinguishable. But normally you don't want to - * call the same function because unaligned access in places - * where alignment is expected is usually a "Bad Thing". Indeed, - * on RISCs you get punished with BUS ERROR signal or *severe* - * performance degradation. Intel CPUs are in turn perfectly - * capable of loading unaligned data without such drastic side - * effect. Yes, they say it's slower than aligned load, but no - * exception is generated and therefore performance degradation - * is *incomparable* with RISCs. What we should weight here is - * costs of unaligned access against costs of aligning data. - * According to my measurements allowing unaligned access results - * in ~9% performance improvement on Pentium II operating at - * 266MHz. I won't be surprised if the difference will be higher - * on faster systems:-) - * - * - */ -#define md5_block_data_order md5_block_host_order -#endif +void md5_block_data_order (MD5_CTX *c, const void *p,size_t num); + +__END_HIDDEN_DECLS #define DATA_ORDER_IS_LITTLE_ENDIAN #define HASH_LONG MD5_LONG -#define HASH_LONG_LOG2 MD5_LONG_LOG2 #define HASH_CTX MD5_CTX #define HASH_CBLOCK MD5_CBLOCK -#define HASH_LBLOCK MD5_LBLOCK #define HASH_UPDATE MD5_Update #define HASH_TRANSFORM MD5_Transform #define HASH_FINAL MD5_Final @@ -119,21 +93,7 @@ void md5_block_data_order (MD5_CTX *c, const void *p,int num); ll=(c)->C; HOST_l2c(ll,(s)); \ ll=(c)->D; HOST_l2c(ll,(s)); \ } while (0) -#define HASH_BLOCK_HOST_ORDER md5_block_host_order -#if !defined(L_ENDIAN) || defined(md5_block_data_order) #define HASH_BLOCK_DATA_ORDER md5_block_data_order -/* - * Little-endians (Intel and Alpha) feel better without this. - * It looks like memcpy does better job than generic - * md5_block_data_order on copying-n-aligning input data. - * But frankly speaking I didn't expect such result on Alpha. - * On the other hand I've got this with egcs-1.0.2 and if - * program is compiled with another (better?) compiler it - * might turn out other way around. - * - * - */ -#endif #include "md32_common.h" diff --git a/src/lib/libcrypto/md5/md5_one.c b/src/lib/libcrypto/md5/md5_one.c index b89dec850d2..3fb05de30c3 100644 --- a/src/lib/libcrypto/md5/md5_one.c +++ b/src/lib/libcrypto/md5/md5_one.c @@ -1,4 +1,4 @@ -/* crypto/md5/md5_one.c */ +/* $OpenBSD: md5_one.c,v 1.10 2015/09/10 15:56:25 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -59,37 +59,19 @@ #include #include #include +#include -#ifdef CHARSET_EBCDIC -#include -#endif - -unsigned char *MD5(const unsigned char *d, unsigned long n, unsigned char *md) +unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md) { MD5_CTX c; static unsigned char m[MD5_DIGEST_LENGTH]; if (md == NULL) md=m; - MD5_Init(&c); -#ifndef CHARSET_EBCDIC + if (!MD5_Init(&c)) + return NULL; MD5_Update(&c,d,n); -#else - { - char temp[1024]; - unsigned long chunk; - - while (n > 0) - { - chunk = (n > sizeof(temp)) ? sizeof(temp) : n; - ebcdic2ascii(temp, d, chunk); - MD5_Update(&c,temp,chunk); - n -= chunk; - d += chunk; - } - } -#endif MD5_Final(md,&c); - memset(&c,0,sizeof(c)); /* security consideration */ + explicit_bzero(&c,sizeof(c)); return(md); } diff --git a/src/lib/libcrypto/md5/md5s.cpp b/src/lib/libcrypto/md5/md5s.cpp deleted file mode 100644 index dd343fd4e6e..00000000000 --- a/src/lib/libcrypto/md5/md5s.cpp +++ /dev/null @@ -1,78 +0,0 @@ -// -// gettsc.inl -// -// gives access to the Pentium's (secret) cycle counter -// -// This software was written by Leonard Janke (janke@unixg.ubc.ca) -// in 1996-7 and is entered, by him, into the public domain. - -#if defined(__WATCOMC__) -void GetTSC(unsigned long&); -#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax]; -#elif defined(__GNUC__) -inline -void GetTSC(unsigned long& tsc) -{ - asm volatile(".byte 15, 49\n\t" - : "=eax" (tsc) - : - : "%edx", "%eax"); -} -#elif defined(_MSC_VER) -inline -void GetTSC(unsigned long& tsc) -{ - unsigned long a; - __asm _emit 0fh - __asm _emit 31h - __asm mov a, eax; - tsc=a; -} -#endif - -#include -#include -#include - -extern "C" { -void md5_block_x86(MD5_CTX *ctx, unsigned char *buffer,int num); -} - -void main(int argc,char *argv[]) - { - unsigned char buffer[64*256]; - MD5_CTX ctx; - unsigned long s1,s2,e1,e2; - unsigned char k[16]; - unsigned long data[2]; - unsigned char iv[8]; - int i,num=0,numm; - int j=0; - - if (argc >= 2) - num=atoi(argv[1]); - - if (num == 0) num=16; - if (num > 250) num=16; - numm=num+2; - num*=64; - numm*=64; - - for (j=0; j<6; j++) - { - for (i=0; i<10; i++) /**/ - { - md5_block_x86(&ctx,buffer,numm); - GetTSC(s1); - md5_block_x86(&ctx,buffer,numm); - GetTSC(e1); - GetTSC(s2); - md5_block_x86(&ctx,buffer,num); - GetTSC(e2); - md5_block_x86(&ctx,buffer,num); - } - printf("md5 (%d bytes) %d %d (%.2f)\n",num, - e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2); - } - } - diff --git a/src/lib/libcrypto/md5/md5test.c b/src/lib/libcrypto/md5/md5test.c deleted file mode 100644 index 862b89658aa..00000000000 --- a/src/lib/libcrypto/md5/md5test.c +++ /dev/null @@ -1,134 +0,0 @@ -/* crypto/md5/md5test.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include - -#ifdef OPENSSL_NO_MD5 -int main(int argc, char *argv[]) -{ - printf("No MD5 support\n"); - return(0); -} -#else -#include -#include - -static char *test[]={ - "", - "a", - "abc", - "message digest", - "abcdefghijklmnopqrstuvwxyz", - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", - "12345678901234567890123456789012345678901234567890123456789012345678901234567890", - NULL, - }; - -static char *ret[]={ - "d41d8cd98f00b204e9800998ecf8427e", - "0cc175b9c0f1b6a831c399e269772661", - "900150983cd24fb0d6963f7d28e17f72", - "f96b697d7cb7938d525a2f31aaf161d0", - "c3fcd3d76192e4007dfb496cca67e13b", - "d174ab98d277d9f5a5611c2c9f419d9f", - "57edf4a22be3c955ac49da2e2107b67a", - }; - -static char *pt(unsigned char *md); -int main(int argc, char *argv[]) - { - int i,err=0; - unsigned char **P,**R; - char *p; - unsigned char md[MD5_DIGEST_LENGTH]; - - P=(unsigned char **)test; - R=(unsigned char **)ret; - i=1; - while (*P != NULL) - { - EVP_Digest(&(P[0][0]),(unsigned long)strlen((char *)*P),md,NULL,EVP_md5(), NULL); - p=pt(md); - if (strcmp(p,(char *)*R) != 0) - { - printf("error calculating MD5 on '%s'\n",*P); - printf("got %s instead of %s\n",p,*R); - err++; - } - else - printf("test %d ok\n",i); - i++; - R++; - P++; - } - exit(err); - return(0); - } - -static char *pt(unsigned char *md) - { - int i; - static char buf[80]; - - for (i=0; i> $(TOP)/MINFO - -links: - @sh $(TOP)/util/point.sh Makefile.ssl Makefile - @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) - @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) - @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) - -install: - @for i in $(EXHEADER) ; \ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; - -tags: - ctags $(SRC) - -tests: - -lint: - lint -DLINT $(INCLUDES) $(SRC)>fluff - -depend: - $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) - -dclean: - $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new - mv -f Makefile.new $(MAKEFILE) - -clean: - rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff - -# DO NOT DELETE THIS LINE -- make depend depends on it. - -mdc2_one.o: ../../e_os.h ../../include/openssl/bio.h -mdc2_one.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -mdc2_one.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -mdc2_one.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -mdc2_one.o: ../../include/openssl/lhash.h ../../include/openssl/mdc2.h -mdc2_one.o: ../../include/openssl/opensslconf.h -mdc2_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -mdc2_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -mdc2_one.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -mdc2_one.o: ../cryptlib.h mdc2_one.c -mdc2dgst.o: ../../include/openssl/crypto.h ../../include/openssl/des.h -mdc2dgst.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h -mdc2dgst.o: ../../include/openssl/mdc2.h ../../include/openssl/opensslconf.h -mdc2dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -mdc2dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -mdc2dgst.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -mdc2dgst.o: mdc2dgst.c diff --git a/src/lib/libcrypto/mdc2/mdc2.h b/src/lib/libcrypto/mdc2/mdc2.h deleted file mode 100644 index 793a8a0f13f..00000000000 --- a/src/lib/libcrypto/mdc2/mdc2.h +++ /dev/null @@ -1,95 +0,0 @@ -/* crypto/mdc2/mdc2.h */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#ifndef HEADER_MDC2_H -#define HEADER_MDC2_H - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -#ifdef OPENSSL_NO_MDC2 -#error MDC2 is disabled. -#endif - -#define MDC2_BLOCK 8 -#define MDC2_DIGEST_LENGTH 16 - -typedef struct mdc2_ctx_st - { - int num; - unsigned char data[MDC2_BLOCK]; - DES_cblock h,hh; - int pad_type; /* either 1 or 2, default 1 */ - } MDC2_CTX; - - -int MDC2_Init(MDC2_CTX *c); -int MDC2_Update(MDC2_CTX *c, const unsigned char *data, unsigned long len); -int MDC2_Final(unsigned char *md, MDC2_CTX *c); -unsigned char *MDC2(const unsigned char *d, unsigned long n, - unsigned char *md); - -#ifdef __cplusplus -} -#endif - -#endif - diff --git a/src/lib/libcrypto/mem.c b/src/lib/libcrypto/mem.c deleted file mode 100644 index effec714e82..00000000000 --- a/src/lib/libcrypto/mem.c +++ /dev/null @@ -1,349 +0,0 @@ -/* crypto/mem.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include -#include "cryptlib.h" - - -static int allow_customize = 1; /* we provide flexible functions for */ -static int allow_customize_debug = 1;/* exchanging memory-related functions at - * run-time, but this must be done - * before any blocks are actually - * allocated; or we'll run into huge - * problems when malloc/free pairs - * don't match etc. */ - - - -/* the following pointers may be changed as long as 'allow_customize' is set */ - -static void *(*malloc_func)(size_t) = malloc; -static void *default_malloc_ex(size_t num, const char *file, int line) - { return malloc_func(num); } -static void *(*malloc_ex_func)(size_t, const char *file, int line) - = default_malloc_ex; - -static void *(*realloc_func)(void *, size_t)= realloc; -static void *default_realloc_ex(void *str, size_t num, - const char *file, int line) - { return realloc_func(str,num); } -static void *(*realloc_ex_func)(void *, size_t, const char *file, int line) - = default_realloc_ex; - -static void (*free_func)(void *) = free; - -static void *(*malloc_locked_func)(size_t) = malloc; -static void *default_malloc_locked_ex(size_t num, const char *file, int line) - { return malloc_locked_func(num); } -static void *(*malloc_locked_ex_func)(size_t, const char *file, int line) - = default_malloc_locked_ex; - -static void (*free_locked_func)(void *) = free; - - - -/* may be changed as long as 'allow_customize_debug' is set */ -/* XXX use correct function pointer types */ -#ifdef CRYPTO_MDEBUG -/* use default functions from mem_dbg.c */ -static void (*malloc_debug_func)(void *,int,const char *,int,int) - = CRYPTO_dbg_malloc; -static void (*realloc_debug_func)(void *,void *,int,const char *,int,int) - = CRYPTO_dbg_realloc; -static void (*free_debug_func)(void *,int) = CRYPTO_dbg_free; -static void (*set_debug_options_func)(long) = CRYPTO_dbg_set_options; -static long (*get_debug_options_func)(void) = CRYPTO_dbg_get_options; -#else -/* applications can use CRYPTO_malloc_debug_init() to select above case - * at run-time */ -static void (*malloc_debug_func)(void *,int,const char *,int,int) = NULL; -static void (*realloc_debug_func)(void *,void *,int,const char *,int,int) - = NULL; -static void (*free_debug_func)(void *,int) = NULL; -static void (*set_debug_options_func)(long) = NULL; -static long (*get_debug_options_func)(void) = NULL; -#endif - - -int CRYPTO_set_mem_functions(void *(*m)(size_t), void *(*r)(void *, size_t), - void (*f)(void *)) - { - if (!allow_customize) - return 0; - if ((m == 0) || (r == 0) || (f == 0)) - return 0; - malloc_func=m; malloc_ex_func=default_malloc_ex; - realloc_func=r; realloc_ex_func=default_realloc_ex; - free_func=f; - malloc_locked_func=m; malloc_locked_ex_func=default_malloc_locked_ex; - free_locked_func=f; - return 1; - } - -int CRYPTO_set_mem_ex_functions( - void *(*m)(size_t,const char *,int), - void *(*r)(void *, size_t,const char *,int), - void (*f)(void *)) - { - if (!allow_customize) - return 0; - if ((m == 0) || (r == 0) || (f == 0)) - return 0; - malloc_func=0; malloc_ex_func=m; - realloc_func=0; realloc_ex_func=r; - free_func=f; - malloc_locked_func=0; malloc_locked_ex_func=m; - free_locked_func=f; - return 1; - } - -int CRYPTO_set_locked_mem_functions(void *(*m)(size_t), void (*f)(void *)) - { - if (!allow_customize) - return 0; - if ((m == NULL) || (f == NULL)) - return 0; - malloc_locked_func=m; malloc_locked_ex_func=default_malloc_locked_ex; - free_locked_func=f; - return 1; - } - -int CRYPTO_set_locked_mem_ex_functions( - void *(*m)(size_t,const char *,int), - void (*f)(void *)) - { - if (!allow_customize) - return 0; - if ((m == NULL) || (f == NULL)) - return 0; - malloc_locked_func=0; malloc_locked_ex_func=m; - free_func=f; - return 1; - } - -int CRYPTO_set_mem_debug_functions(void (*m)(void *,int,const char *,int,int), - void (*r)(void *,void *,int,const char *,int,int), - void (*f)(void *,int), - void (*so)(long), - long (*go)(void)) - { - if (!allow_customize_debug) - return 0; - malloc_debug_func=m; - realloc_debug_func=r; - free_debug_func=f; - set_debug_options_func=so; - get_debug_options_func=go; - return 1; - } - - -void CRYPTO_get_mem_functions(void *(**m)(size_t), void *(**r)(void *, size_t), - void (**f)(void *)) - { - if (m != NULL) *m = (malloc_ex_func == default_malloc_ex) ? - malloc_func : 0; - if (r != NULL) *r = (realloc_ex_func == default_realloc_ex) ? - realloc_func : 0; - if (f != NULL) *f=free_func; - } - -void CRYPTO_get_mem_ex_functions( - void *(**m)(size_t,const char *,int), - void *(**r)(void *, size_t,const char *,int), - void (**f)(void *)) - { - if (m != NULL) *m = (malloc_ex_func != default_malloc_ex) ? - malloc_ex_func : 0; - if (r != NULL) *r = (realloc_ex_func != default_realloc_ex) ? - realloc_ex_func : 0; - if (f != NULL) *f=free_func; - } - -void CRYPTO_get_locked_mem_functions(void *(**m)(size_t), void (**f)(void *)) - { - if (m != NULL) *m = (malloc_locked_ex_func == default_malloc_locked_ex) ? - malloc_locked_func : 0; - if (f != NULL) *f=free_locked_func; - } - -void CRYPTO_get_locked_mem_ex_functions( - void *(**m)(size_t,const char *,int), - void (**f)(void *)) - { - if (m != NULL) *m = (malloc_locked_ex_func != default_malloc_locked_ex) ? - malloc_locked_ex_func : 0; - if (f != NULL) *f=free_locked_func; - } - -void CRYPTO_get_mem_debug_functions(void (**m)(void *,int,const char *,int,int), - void (**r)(void *,void *,int,const char *,int,int), - void (**f)(void *,int), - void (**so)(long), - long (**go)(void)) - { - if (m != NULL) *m=malloc_debug_func; - if (r != NULL) *r=realloc_debug_func; - if (f != NULL) *f=free_debug_func; - if (so != NULL) *so=set_debug_options_func; - if (go != NULL) *go=get_debug_options_func; - } - - -void *CRYPTO_malloc_locked(int num, const char *file, int line) - { - void *ret = NULL; - - allow_customize = 0; - if (malloc_debug_func != NULL) - { - allow_customize_debug = 0; - malloc_debug_func(NULL, num, file, line, 0); - } - ret = malloc_locked_ex_func(num,file,line); -#ifdef LEVITTE_DEBUG_MEM - fprintf(stderr, "LEVITTE_DEBUG_MEM: > 0x%p (%d)\n", ret, num); -#endif - if (malloc_debug_func != NULL) - malloc_debug_func(ret, num, file, line, 1); - - return ret; - } - -void CRYPTO_free_locked(void *str) - { - if (free_debug_func != NULL) - free_debug_func(str, 0); -#ifdef LEVITTE_DEBUG_MEM - fprintf(stderr, "LEVITTE_DEBUG_MEM: < 0x%p\n", str); -#endif - free_locked_func(str); - if (free_debug_func != NULL) - free_debug_func(NULL, 1); - } - -void *CRYPTO_malloc(int num, const char *file, int line) - { - void *ret = NULL; - - allow_customize = 0; - if (malloc_debug_func != NULL) - { - allow_customize_debug = 0; - malloc_debug_func(NULL, num, file, line, 0); - } - ret = malloc_ex_func(num,file,line); -#ifdef LEVITTE_DEBUG_MEM - fprintf(stderr, "LEVITTE_DEBUG_MEM: > 0x%p (%d)\n", ret, num); -#endif - if (malloc_debug_func != NULL) - malloc_debug_func(ret, num, file, line, 1); - - return ret; - } - -void *CRYPTO_realloc(void *str, int num, const char *file, int line) - { - void *ret = NULL; - - if (realloc_debug_func != NULL) - realloc_debug_func(str, NULL, num, file, line, 0); - ret = realloc_ex_func(str,num,file,line); -#ifdef LEVITTE_DEBUG_MEM - fprintf(stderr, "LEVITTE_DEBUG_MEM: | 0x%p -> 0x%p (%d)\n", str, ret, num); -#endif - if (realloc_debug_func != NULL) - realloc_debug_func(str, ret, num, file, line, 1); - - return ret; - } - -void CRYPTO_free(void *str) - { - if (free_debug_func != NULL) - free_debug_func(str, 0); -#ifdef LEVITTE_DEBUG_MEM - fprintf(stderr, "LEVITTE_DEBUG_MEM: < 0x%p\n", str); -#endif - free_func(str); - if (free_debug_func != NULL) - free_debug_func(NULL, 1); - } - -void *CRYPTO_remalloc(void *a, int num, const char *file, int line) - { - if (a != NULL) OPENSSL_free(a); - a=(char *)OPENSSL_malloc(num); - return(a); - } - - -void CRYPTO_set_mem_debug_options(long bits) - { - if (set_debug_options_func != NULL) - set_debug_options_func(bits); - } - -long CRYPTO_get_mem_debug_options(void) - { - if (get_debug_options_func != NULL) - return get_debug_options_func(); - return 0; - } diff --git a/src/lib/libcrypto/mem_clr.c b/src/lib/libcrypto/mem_clr.c new file mode 100644 index 00000000000..9ee5e65a2e6 --- /dev/null +++ b/src/lib/libcrypto/mem_clr.c @@ -0,0 +1,11 @@ +/* $OpenBSD: mem_clr.c,v 1.4 2014/06/12 15:49:27 deraadt Exp $ */ + +/* Ted Unangst places this file in the public domain. */ +#include +#include + +void +OPENSSL_cleanse(void *ptr, size_t len) +{ + explicit_bzero(ptr, len); +} diff --git a/src/lib/libcrypto/mem_dbg.c b/src/lib/libcrypto/mem_dbg.c index 1c4e04f51fc..602b139d1cc 100644 --- a/src/lib/libcrypto/mem_dbg.c +++ b/src/lib/libcrypto/mem_dbg.c @@ -1,25 +1,25 @@ -/* crypto/mem_dbg.c */ +/* $OpenBSD: mem_dbg.c,v 1.24 2019/01/29 14:40:54 deraadt Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,726 +49,150 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ #include #include -#include #include -#include #include #include -#include "cryptlib.h" - -static int mh_mode=CRYPTO_MEM_CHECK_OFF; -/* The state changes to CRYPTO_MEM_CHECK_ON | CRYPTO_MEM_CHECK_ENABLE - * when the application asks for it (usually after library initialisation - * for which no book-keeping is desired). - * - * State CRYPTO_MEM_CHECK_ON exists only temporarily when the library - * thinks that certain allocations should not be checked (e.g. the data - * structures used for memory checking). It is not suitable as an initial - * state: the library will unexpectedly enable memory checking when it - * executes one of those sections that want to disable checking - * temporarily. - * - * State CRYPTO_MEM_CHECK_ENABLE without ..._ON makes no sense whatsoever. - */ - -static unsigned long order = 0; /* number of memory requests */ -static LHASH *mh=NULL; /* hash-table of memory requests (address as key); - * access requires MALLOC2 lock */ - - -typedef struct app_mem_info_st -/* For application-defined information (static C-string `info') - * to be displayed in memory leak list. - * Each thread has its own stack. For applications, there is - * CRYPTO_push_info("...") to push an entry, - * CRYPTO_pop_info() to pop an entry, - * CRYPTO_remove_all_info() to pop all entries. - */ - { - unsigned long thread; - const char *file; - int line; - const char *info; - struct app_mem_info_st *next; /* tail of thread's stack */ - int references; - } APP_INFO; - -static LHASH *amih=NULL; /* hash-table with those app_mem_info_st's - * that are at the top of their thread's stack - * (with `thread' as key); - * access requires MALLOC2 lock */ - -typedef struct mem_st -/* memory-block description */ - { - void *addr; - int num; - const char *file; - int line; - unsigned long thread; - unsigned long order; - time_t time; - APP_INFO *app_info; - } MEM; - -static long options = /* extra information to be recorded */ -#if defined(CRYPTO_MDEBUG_TIME) || defined(CRYPTO_MDEBUG_ALL) - V_CRYPTO_MDEBUG_TIME | -#endif -#if defined(CRYPTO_MDEBUG_THREAD) || defined(CRYPTO_MDEBUG_ALL) - V_CRYPTO_MDEBUG_THREAD | -#endif - 0; - - -static unsigned int num_disable = 0; /* num_disable > 0 - * iff - * mh_mode == CRYPTO_MEM_CHECK_ON (w/o ..._ENABLE) - */ -static unsigned long disabling_thread = 0; /* Valid iff num_disable > 0. - * CRYPTO_LOCK_MALLOC2 is locked - * exactly in this case (by the - * thread named in disabling_thread). - */ - -int CRYPTO_mem_ctrl(int mode) - { - int ret=mh_mode; - - CRYPTO_w_lock(CRYPTO_LOCK_MALLOC); - switch (mode) - { - /* for applications (not to be called while multiple threads - * use the library): */ - case CRYPTO_MEM_CHECK_ON: /* aka MemCheck_start() */ - mh_mode = CRYPTO_MEM_CHECK_ON|CRYPTO_MEM_CHECK_ENABLE; - num_disable = 0; - break; - case CRYPTO_MEM_CHECK_OFF: /* aka MemCheck_stop() */ - mh_mode = 0; - num_disable = 0; /* should be true *before* MemCheck_stop is used, - or there'll be a lot of confusion */ - break; - - /* switch off temporarily (for library-internal use): */ - case CRYPTO_MEM_CHECK_DISABLE: /* aka MemCheck_off() */ - if (mh_mode & CRYPTO_MEM_CHECK_ON) - { - if (!num_disable || (disabling_thread != CRYPTO_thread_id())) /* otherwise we already have the MALLOC2 lock */ - { - /* Long-time lock CRYPTO_LOCK_MALLOC2 must not be claimed while - * we're holding CRYPTO_LOCK_MALLOC, or we'll deadlock if - * somebody else holds CRYPTO_LOCK_MALLOC2 (and cannot release - * it because we block entry to this function). - * Give them a chance, first, and then claim the locks in - * appropriate order (long-time lock first). - */ - CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC); - /* Note that after we have waited for CRYPTO_LOCK_MALLOC2 - * and CRYPTO_LOCK_MALLOC, we'll still be in the right - * "case" and "if" branch because MemCheck_start and - * MemCheck_stop may never be used while there are multiple - * OpenSSL threads. */ - CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2); - CRYPTO_w_lock(CRYPTO_LOCK_MALLOC); - mh_mode &= ~CRYPTO_MEM_CHECK_ENABLE; - disabling_thread=CRYPTO_thread_id(); - } - num_disable++; - } - break; - case CRYPTO_MEM_CHECK_ENABLE: /* aka MemCheck_on() */ - if (mh_mode & CRYPTO_MEM_CHECK_ON) - { - if (num_disable) /* always true, or something is going wrong */ - { - num_disable--; - if (num_disable == 0) - { - mh_mode|=CRYPTO_MEM_CHECK_ENABLE; - CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2); - } - } - } - break; - - default: - break; - } - CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC); - return(ret); - } - -int CRYPTO_is_mem_check_on(void) - { - int ret = 0; - - if (mh_mode & CRYPTO_MEM_CHECK_ON) - { - CRYPTO_r_lock(CRYPTO_LOCK_MALLOC); - - ret = (mh_mode & CRYPTO_MEM_CHECK_ENABLE) - || (disabling_thread != CRYPTO_thread_id()); - - CRYPTO_r_unlock(CRYPTO_LOCK_MALLOC); - } - return(ret); - } - - -void CRYPTO_dbg_set_options(long bits) - { - options = bits; - } - -long CRYPTO_dbg_get_options(void) - { - return options; - } - -/* static int mem_cmp(MEM *a, MEM *b) */ -static int mem_cmp(const void *a_void, const void *b_void) - { - return((const char *)((const MEM *)a_void)->addr - - (const char *)((const MEM *)b_void)->addr); - } - -/* static unsigned long mem_hash(MEM *a) */ -static unsigned long mem_hash(const void *a_void) - { - unsigned long ret; - - ret=(unsigned long)((const MEM *)a_void)->addr; - - ret=ret*17851+(ret>>14)*7+(ret>>4)*251; - return(ret); - } - -/* static int app_info_cmp(APP_INFO *a, APP_INFO *b) */ -static int app_info_cmp(const void *a_void, const void *b_void) - { - return(((const APP_INFO *)a_void)->thread - != ((const APP_INFO *)b_void)->thread); - } - -/* static unsigned long app_info_hash(APP_INFO *a) */ -static unsigned long app_info_hash(const void *a_void) - { - unsigned long ret; - - ret=(unsigned long)((const APP_INFO *)a_void)->thread; - - ret=ret*17851+(ret>>14)*7+(ret>>4)*251; - return(ret); - } - -static APP_INFO *pop_info(void) - { - APP_INFO tmp; - APP_INFO *ret = NULL; - - if (amih != NULL) - { - tmp.thread=CRYPTO_thread_id(); - if ((ret=(APP_INFO *)lh_delete(amih,&tmp)) != NULL) - { - APP_INFO *next=ret->next; - - if (next != NULL) - { - next->references++; - lh_insert(amih,(char *)next); - } -#ifdef LEVITTE_DEBUG_MEM - if (ret->thread != tmp.thread) - { - fprintf(stderr, "pop_info(): deleted info has other thread ID (%lu) than the current thread (%lu)!!!!\n", - ret->thread, tmp.thread); - abort(); - } -#endif - if (--(ret->references) <= 0) - { - ret->next = NULL; - if (next != NULL) - next->references--; - OPENSSL_free(ret); - } - } - } - return(ret); - } - -int CRYPTO_push_info_(const char *info, const char *file, int line) - { - APP_INFO *ami, *amim; - int ret=0; - - if (is_MemCheck_on()) - { - MemCheck_off(); /* obtain MALLOC2 lock */ - if ((ami = (APP_INFO *)OPENSSL_malloc(sizeof(APP_INFO))) == NULL) - { - ret=0; - goto err; - } - if (amih == NULL) - { - if ((amih=lh_new(app_info_hash, app_info_cmp)) == NULL) - { - OPENSSL_free(ami); - ret=0; - goto err; - } - } +int +CRYPTO_mem_ctrl(int mode) +{ + return (CRYPTO_MEM_CHECK_OFF); +} - ami->thread=CRYPTO_thread_id(); - ami->file=file; - ami->line=line; - ami->info=info; - ami->references=1; - ami->next=NULL; +int +CRYPTO_is_mem_check_on(void) +{ + return (0); +} - if ((amim=(APP_INFO *)lh_insert(amih,(char *)ami)) != NULL) - { -#ifdef LEVITTE_DEBUG_MEM - if (ami->thread != amim->thread) - { - fprintf(stderr, "CRYPTO_push_info(): previous info has other thread ID (%lu) than the current thread (%lu)!!!!\n", - amim->thread, ami->thread); - abort(); - } -#endif - ami->next=amim; - } - err: - MemCheck_on(); /* release MALLOC2 lock */ - } - return(ret); - } - -int CRYPTO_pop_info(void) - { - int ret=0; - - if (is_MemCheck_on()) /* _must_ be true, or something went severely wrong */ - { - MemCheck_off(); /* obtain MALLOC2 lock */ - - ret=(pop_info() != NULL); - - MemCheck_on(); /* release MALLOC2 lock */ - } - return(ret); - } - -int CRYPTO_remove_all_info(void) - { - int ret=0; - - if (is_MemCheck_on()) /* _must_ be true */ - { - MemCheck_off(); /* obtain MALLOC2 lock */ - - while(pop_info() != NULL) - ret++; - - MemCheck_on(); /* release MALLOC2 lock */ - } - return(ret); - } - - -static unsigned long break_order_num=0; -void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line, - int before_p) - { - MEM *m,*mm; - APP_INFO tmp,*amim; - - switch(before_p & 127) - { - case 0: - break; - case 1: - if (addr == NULL) - break; - - if (is_MemCheck_on()) - { - MemCheck_off(); /* make sure we hold MALLOC2 lock */ - if ((m=(MEM *)OPENSSL_malloc(sizeof(MEM))) == NULL) - { - OPENSSL_free(addr); - MemCheck_on(); /* release MALLOC2 lock - * if num_disabled drops to 0 */ - return; - } - if (mh == NULL) - { - if ((mh=lh_new(mem_hash, mem_cmp)) == NULL) - { - OPENSSL_free(addr); - OPENSSL_free(m); - addr=NULL; - goto err; - } - } - - m->addr=addr; - m->file=file; - m->line=line; - m->num=num; - if (options & V_CRYPTO_MDEBUG_THREAD) - m->thread=CRYPTO_thread_id(); - else - m->thread=0; - - if (order == break_order_num) - { - /* BREAK HERE */ - m->order=order; - } - m->order=order++; -#ifdef LEVITTE_DEBUG_MEM - fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5d] %c 0x%p (%d)\n", - m->order, - (before_p & 128) ? '*' : '+', - m->addr, m->num); -#endif - if (options & V_CRYPTO_MDEBUG_TIME) - m->time=time(NULL); - else - m->time=0; - - tmp.thread=CRYPTO_thread_id(); - m->app_info=NULL; - if (amih != NULL - && (amim=(APP_INFO *)lh_retrieve(amih,(char *)&tmp)) != NULL) - { - m->app_info = amim; - amim->references++; - } - - if ((mm=(MEM *)lh_insert(mh,(char *)m)) != NULL) - { - /* Not good, but don't sweat it */ - if (mm->app_info != NULL) - { - mm->app_info->references--; - } - OPENSSL_free(mm); - } - err: - MemCheck_on(); /* release MALLOC2 lock - * if num_disabled drops to 0 */ - } - break; - } - return; - } - -void CRYPTO_dbg_free(void *addr, int before_p) - { - MEM m,*mp; - - switch(before_p) - { - case 0: - if (addr == NULL) - break; - - if (is_MemCheck_on() && (mh != NULL)) - { - MemCheck_off(); /* make sure we hold MALLOC2 lock */ - - m.addr=addr; - mp=(MEM *)lh_delete(mh,(char *)&m); - if (mp != NULL) - { -#ifdef LEVITTE_DEBUG_MEM - fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5d] - 0x%p (%d)\n", - mp->order, mp->addr, mp->num); -#endif - if (mp->app_info != NULL) - { - mp->app_info->references--; - } - OPENSSL_free(mp); - } - - MemCheck_on(); /* release MALLOC2 lock - * if num_disabled drops to 0 */ - } - break; - case 1: - break; - } - } - -void CRYPTO_dbg_realloc(void *addr1, void *addr2, int num, - const char *file, int line, int before_p) - { - MEM m,*mp; - -#ifdef LEVITTE_DEBUG_MEM - fprintf(stderr, "LEVITTE_DEBUG_MEM: --> CRYPTO_dbg_malloc(addr1 = %p, addr2 = %p, num = %d, file = \"%s\", line = %d, before_p = %d)\n", - addr1, addr2, num, file, line, before_p); -#endif - - switch(before_p) - { - case 0: - break; - case 1: - if (addr2 == NULL) - break; - - if (addr1 == NULL) - { - CRYPTO_dbg_malloc(addr2, num, file, line, 128 | before_p); - break; - } - - if (is_MemCheck_on()) - { - MemCheck_off(); /* make sure we hold MALLOC2 lock */ - - m.addr=addr1; - mp=(MEM *)lh_delete(mh,(char *)&m); - if (mp != NULL) - { -#ifdef LEVITTE_DEBUG_MEM - fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5d] * 0x%p (%d) -> 0x%p (%d)\n", - mp->order, - mp->addr, mp->num, - addr2, num); -#endif - mp->addr=addr2; - mp->num=num; - lh_insert(mh,(char *)mp); - } - - MemCheck_on(); /* release MALLOC2 lock - * if num_disabled drops to 0 */ - } - break; - } +void +CRYPTO_dbg_set_options(long bits) +{ return; - } - - -typedef struct mem_leak_st - { - BIO *bio; - int chunks; - long bytes; - } MEM_LEAK; - -static void print_leak(const MEM *m, MEM_LEAK *l) - { - char buf[1024]; - char *bufp = buf; - APP_INFO *amip; - int ami_cnt; - struct tm *lcl = NULL; - unsigned long ti; - - if(m->addr == (char *)l->bio) - return; - - if (options & V_CRYPTO_MDEBUG_TIME) - { - lcl = localtime(&m->time); - - sprintf(bufp, "[%02d:%02d:%02d] ", - lcl->tm_hour,lcl->tm_min,lcl->tm_sec); - bufp += strlen(bufp); - } - - sprintf(bufp, "%5lu file=%s, line=%d, ", - m->order,m->file,m->line); - bufp += strlen(bufp); - - if (options & V_CRYPTO_MDEBUG_THREAD) - { - sprintf(bufp, "thread=%lu, ", m->thread); - bufp += strlen(bufp); - } - - sprintf(bufp, "number=%d, address=%08lX\n", - m->num,(unsigned long)m->addr); - bufp += strlen(bufp); - - BIO_puts(l->bio,buf); - - l->chunks++; - l->bytes+=m->num; - - amip=m->app_info; - ami_cnt=0; - if (!amip) - return; - ti=amip->thread; - - do - { - int buf_len; - int info_len; - - ami_cnt++; - memset(buf,'>',ami_cnt); - sprintf(buf + ami_cnt, - " thread=%lu, file=%s, line=%d, info=\"", - amip->thread, amip->file, amip->line); - buf_len=strlen(buf); - info_len=strlen(amip->info); - if (128 - buf_len - 3 < info_len) - { - memcpy(buf + buf_len, amip->info, 128 - buf_len - 3); - buf_len = 128 - 3; - } - else - { - strcpy(buf + buf_len, amip->info); - buf_len = strlen(buf); - } - sprintf(buf + buf_len, "\"\n"); - - BIO_puts(l->bio,buf); - - amip = amip->next; - } - while(amip && amip->thread == ti); - -#ifdef LEVITTE_DEBUG_MEM - if (amip) - { - fprintf(stderr, "Thread switch detected in backtrace!!!!\n"); - abort(); - } -#endif - } - -static IMPLEMENT_LHASH_DOALL_ARG_FN(print_leak, const MEM *, MEM_LEAK *) - -void CRYPTO_mem_leaks(BIO *b) - { - MEM_LEAK ml; - char buf[80]; - - if (mh == NULL && amih == NULL) - return; - - MemCheck_off(); /* obtain MALLOC2 lock */ - - ml.bio=b; - ml.bytes=0; - ml.chunks=0; - if (mh != NULL) - lh_doall_arg(mh, LHASH_DOALL_ARG_FN(print_leak), - (char *)&ml); - if (ml.chunks != 0) - { - sprintf(buf,"%ld bytes leaked in %d chunks\n", - ml.bytes,ml.chunks); - BIO_puts(b,buf); - } - else - { - /* Make sure that, if we found no leaks, memory-leak debugging itself - * does not introduce memory leaks (which might irritate - * external debugging tools). - * (When someone enables leak checking, but does not call - * this function, we declare it to be their fault.) - * - * XXX This should be in CRYPTO_mem_leaks_cb, - * and CRYPTO_mem_leaks should be implemented by - * using CRYPTO_mem_leaks_cb. - * (Also their should be a variant of lh_doall_arg - * that takes a function pointer instead of a void *; - * this would obviate the ugly and illegal - * void_fn_to_char kludge in CRYPTO_mem_leaks_cb. - * Otherwise the code police will come and get us.) - */ - int old_mh_mode; - - CRYPTO_w_lock(CRYPTO_LOCK_MALLOC); - - /* avoid deadlock when lh_free() uses CRYPTO_dbg_free(), - * which uses CRYPTO_is_mem_check_on */ - old_mh_mode = mh_mode; - mh_mode = CRYPTO_MEM_CHECK_OFF; - - if (mh != NULL) - { - lh_free(mh); - mh = NULL; - } - if (amih != NULL) - { - if (lh_num_items(amih) == 0) - { - lh_free(amih); - amih = NULL; - } - } - - mh_mode = old_mh_mode; - CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC); - } - MemCheck_on(); /* release MALLOC2 lock */ - } - -#ifndef OPENSSL_NO_FP_API -void CRYPTO_mem_leaks_fp(FILE *fp) - { - BIO *b; - - if (mh == NULL) return; - /* Need to turn off memory checking when allocated BIOs ... especially - * as we're creating them at a time when we're trying to check we've not - * left anything un-free()'d!! */ - MemCheck_off(); - b = BIO_new(BIO_s_file()); - MemCheck_on(); - if(!b) return; - BIO_set_fp(b,fp,BIO_NOCLOSE); - CRYPTO_mem_leaks(b); - BIO_free(b); - } -#endif - - - -/* FIXME: We really don't allow much to the callback. For example, it has - no chance of reaching the info stack for the item it processes. Should - it really be this way? -- Richard Levitte */ -/* NB: The prototypes have been typedef'd to CRYPTO_MEM_LEAK_CB inside crypto.h - * If this code is restructured, remove the callback type if it is no longer - * needed. -- Geoff Thorpe */ -static void cb_leak(const MEM *m, CRYPTO_MEM_LEAK_CB **cb) - { - (**cb)(m->order,m->file,m->line,m->num,m->addr); - } - -static IMPLEMENT_LHASH_DOALL_ARG_FN(cb_leak, const MEM *, CRYPTO_MEM_LEAK_CB **) - -void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb) - { - if (mh == NULL) return; - CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2); - lh_doall_arg(mh, LHASH_DOALL_ARG_FN(cb_leak), &cb); - CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2); - } +} + +long +CRYPTO_dbg_get_options(void) +{ + return (0); +} + +int +CRYPTO_push_info_(const char *info, const char *file, int line) +{ + return (0); +} + +int +CRYPTO_pop_info(void) +{ + return (0); +} + +int +CRYPTO_remove_all_info(void) +{ + return (0); +} + +void +CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line, + int before_p) +{ + OPENSSL_assert("CRYPTO_dbg_malloc is no longer permitted"); +} + +void +CRYPTO_dbg_free(void *addr, int before_p) +{ + OPENSSL_assert("CRYPTO_dbg_free is no longer permitted"); +} + +void +CRYPTO_dbg_realloc(void *addr1, void *addr2, int num, + const char *file, int line, int before_p) +{ + OPENSSL_assert("CRYPTO_dbg_realloc is no longer permitted"); +} + +int +CRYPTO_mem_leaks(BIO *b) +{ + return -1; +} + +int +CRYPTO_mem_leaks_fp(FILE *fp) +{ + return -1; +} + + +int +CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb) +{ + return -1; +} diff --git a/src/lib/libcrypto/modes/asm/ghash-alpha.pl b/src/lib/libcrypto/modes/asm/ghash-alpha.pl new file mode 100644 index 00000000000..b6d6ea5a62a --- /dev/null +++ b/src/lib/libcrypto/modes/asm/ghash-alpha.pl @@ -0,0 +1,455 @@ +#!/usr/bin/env perl +# +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== +# +# March 2010 +# +# The module implements "4-bit" GCM GHASH function and underlying +# single multiplication operation in GF(2^128). "4-bit" means that it +# uses 256 bytes per-key table [+128 bytes shared table]. Even though +# loops are aggressively modulo-scheduled in respect to references to +# Htbl and Z.hi updates for 8 cycles per byte, measured performance is +# ~12 cycles per processed byte on 21264 CPU. It seems to be a dynamic +# scheduling "glitch," because uprofile(1) indicates uniform sample +# distribution, as if all instruction bundles execute in 1.5 cycles. +# Meaning that it could have been even faster, yet 12 cycles is ~60% +# better than gcc-generated code and ~80% than code generated by vendor +# compiler. + +$cnt="v0"; # $0 +$t0="t0"; +$t1="t1"; +$t2="t2"; +$Thi0="t3"; # $4 +$Tlo0="t4"; +$Thi1="t5"; +$Tlo1="t6"; +$rem="t7"; # $8 +################# +$Xi="a0"; # $16, input argument block +$Htbl="a1"; +$inp="a2"; +$len="a3"; +$nlo="a4"; # $20 +$nhi="a5"; +$Zhi="t8"; +$Zlo="t9"; +$Xhi="t10"; # $24 +$Xlo="t11"; +$remp="t12"; +$rem_4bit="AT"; # $28 + +{ my $N; + sub loop() { + + $N++; +$code.=<<___; +.align 4 + extbl $Xlo,7,$nlo + and $nlo,0xf0,$nhi + sll $nlo,4,$nlo + and $nlo,0xf0,$nlo + + addq $nlo,$Htbl,$nlo + ldq $Zlo,8($nlo) + addq $nhi,$Htbl,$nhi + ldq $Zhi,0($nlo) + + and $Zlo,0x0f,$remp + sll $Zhi,60,$t0 + lda $cnt,6(zero) + extbl $Xlo,6,$nlo + + ldq $Tlo1,8($nhi) + s8addq $remp,$rem_4bit,$remp + ldq $Thi1,0($nhi) + srl $Zlo,4,$Zlo + + ldq $rem,0($remp) + srl $Zhi,4,$Zhi + xor $t0,$Zlo,$Zlo + and $nlo,0xf0,$nhi + + xor $Tlo1,$Zlo,$Zlo + sll $nlo,4,$nlo + xor $Thi1,$Zhi,$Zhi + and $nlo,0xf0,$nlo + + addq $nlo,$Htbl,$nlo + ldq $Tlo0,8($nlo) + addq $nhi,$Htbl,$nhi + ldq $Thi0,0($nlo) + +.Looplo$N: + and $Zlo,0x0f,$remp + sll $Zhi,60,$t0 + subq $cnt,1,$cnt + srl $Zlo,4,$Zlo + + ldq $Tlo1,8($nhi) + xor $rem,$Zhi,$Zhi + ldq $Thi1,0($nhi) + s8addq $remp,$rem_4bit,$remp + + ldq $rem,0($remp) + srl $Zhi,4,$Zhi + xor $t0,$Zlo,$Zlo + extbl $Xlo,$cnt,$nlo + + and $nlo,0xf0,$nhi + xor $Thi0,$Zhi,$Zhi + xor $Tlo0,$Zlo,$Zlo + sll $nlo,4,$nlo + + + and $Zlo,0x0f,$remp + sll $Zhi,60,$t0 + and $nlo,0xf0,$nlo + srl $Zlo,4,$Zlo + + s8addq $remp,$rem_4bit,$remp + xor $rem,$Zhi,$Zhi + addq $nlo,$Htbl,$nlo + addq $nhi,$Htbl,$nhi + + ldq $rem,0($remp) + srl $Zhi,4,$Zhi + ldq $Tlo0,8($nlo) + xor $t0,$Zlo,$Zlo + + xor $Tlo1,$Zlo,$Zlo + xor $Thi1,$Zhi,$Zhi + ldq $Thi0,0($nlo) + bne $cnt,.Looplo$N + + + and $Zlo,0x0f,$remp + sll $Zhi,60,$t0 + lda $cnt,7(zero) + srl $Zlo,4,$Zlo + + ldq $Tlo1,8($nhi) + xor $rem,$Zhi,$Zhi + ldq $Thi1,0($nhi) + s8addq $remp,$rem_4bit,$remp + + ldq $rem,0($remp) + srl $Zhi,4,$Zhi + xor $t0,$Zlo,$Zlo + extbl $Xhi,$cnt,$nlo + + and $nlo,0xf0,$nhi + xor $Thi0,$Zhi,$Zhi + xor $Tlo0,$Zlo,$Zlo + sll $nlo,4,$nlo + + and $Zlo,0x0f,$remp + sll $Zhi,60,$t0 + and $nlo,0xf0,$nlo + srl $Zlo,4,$Zlo + + s8addq $remp,$rem_4bit,$remp + xor $rem,$Zhi,$Zhi + addq $nlo,$Htbl,$nlo + addq $nhi,$Htbl,$nhi + + ldq $rem,0($remp) + srl $Zhi,4,$Zhi + ldq $Tlo0,8($nlo) + xor $t0,$Zlo,$Zlo + + xor $Tlo1,$Zlo,$Zlo + xor $Thi1,$Zhi,$Zhi + ldq $Thi0,0($nlo) + unop + + +.Loophi$N: + and $Zlo,0x0f,$remp + sll $Zhi,60,$t0 + subq $cnt,1,$cnt + srl $Zlo,4,$Zlo + + ldq $Tlo1,8($nhi) + xor $rem,$Zhi,$Zhi + ldq $Thi1,0($nhi) + s8addq $remp,$rem_4bit,$remp + + ldq $rem,0($remp) + srl $Zhi,4,$Zhi + xor $t0,$Zlo,$Zlo + extbl $Xhi,$cnt,$nlo + + and $nlo,0xf0,$nhi + xor $Thi0,$Zhi,$Zhi + xor $Tlo0,$Zlo,$Zlo + sll $nlo,4,$nlo + + + and $Zlo,0x0f,$remp + sll $Zhi,60,$t0 + and $nlo,0xf0,$nlo + srl $Zlo,4,$Zlo + + s8addq $remp,$rem_4bit,$remp + xor $rem,$Zhi,$Zhi + addq $nlo,$Htbl,$nlo + addq $nhi,$Htbl,$nhi + + ldq $rem,0($remp) + srl $Zhi,4,$Zhi + ldq $Tlo0,8($nlo) + xor $t0,$Zlo,$Zlo + + xor $Tlo1,$Zlo,$Zlo + xor $Thi1,$Zhi,$Zhi + ldq $Thi0,0($nlo) + bne $cnt,.Loophi$N + + + and $Zlo,0x0f,$remp + sll $Zhi,60,$t0 + srl $Zlo,4,$Zlo + + ldq $Tlo1,8($nhi) + xor $rem,$Zhi,$Zhi + ldq $Thi1,0($nhi) + s8addq $remp,$rem_4bit,$remp + + ldq $rem,0($remp) + srl $Zhi,4,$Zhi + xor $t0,$Zlo,$Zlo + + xor $Tlo0,$Zlo,$Zlo + xor $Thi0,$Zhi,$Zhi + + and $Zlo,0x0f,$remp + sll $Zhi,60,$t0 + srl $Zlo,4,$Zlo + + s8addq $remp,$rem_4bit,$remp + xor $rem,$Zhi,$Zhi + + ldq $rem,0($remp) + srl $Zhi,4,$Zhi + xor $Tlo1,$Zlo,$Zlo + xor $Thi1,$Zhi,$Zhi + xor $t0,$Zlo,$Zlo + xor $rem,$Zhi,$Zhi +___ +}} + +$code=<<___; +#include + +.text + +.set noat +.set noreorder +.globl gcm_gmult_4bit +.align 4 +.ent gcm_gmult_4bit +gcm_gmult_4bit: + .frame sp,0,ra + .prologue 0 + + ldq $Xlo,8($Xi) + ldq $Xhi,0($Xi) + + bsr $t0,picmeup + nop +___ + + &loop(); + +$code.=<<___; + srl $Zlo,24,$t0 # byte swap + srl $Zlo,8,$t1 + + sll $Zlo,8,$t2 + sll $Zlo,24,$Zlo + zapnot $t0,0x11,$t0 + zapnot $t1,0x22,$t1 + + zapnot $Zlo,0x88,$Zlo + or $t0,$t1,$t0 + zapnot $t2,0x44,$t2 + + or $Zlo,$t0,$Zlo + srl $Zhi,24,$t0 + srl $Zhi,8,$t1 + + or $Zlo,$t2,$Zlo + sll $Zhi,8,$t2 + sll $Zhi,24,$Zhi + + srl $Zlo,32,$Xlo + sll $Zlo,32,$Zlo + + zapnot $t0,0x11,$t0 + zapnot $t1,0x22,$t1 + or $Zlo,$Xlo,$Xlo + + zapnot $Zhi,0x88,$Zhi + or $t0,$t1,$t0 + zapnot $t2,0x44,$t2 + + or $Zhi,$t0,$Zhi + or $Zhi,$t2,$Zhi + + srl $Zhi,32,$Xhi + sll $Zhi,32,$Zhi + + or $Zhi,$Xhi,$Xhi + stq $Xlo,8($Xi) + stq $Xhi,0($Xi) + + ret (ra) +.end gcm_gmult_4bit +___ + +$inhi="s0"; +$inlo="s1"; + +$code.=<<___; +.globl gcm_ghash_4bit +.align 4 +.ent gcm_ghash_4bit +gcm_ghash_4bit: + lda sp,-32(sp) + stq ra,0(sp) + stq s0,8(sp) + stq s1,16(sp) + .mask 0x04000600,-32 + .frame sp,32,ra + .prologue 0 + + ldq_u $inhi,0($inp) + ldq_u $Thi0,7($inp) + ldq_u $inlo,8($inp) + ldq_u $Tlo0,15($inp) + ldq $Xhi,0($Xi) + ldq $Xlo,8($Xi) + + bsr $t0,picmeup + nop + +.Louter: + extql $inhi,$inp,$inhi + extqh $Thi0,$inp,$Thi0 + or $inhi,$Thi0,$inhi + lda $inp,16($inp) + + extql $inlo,$inp,$inlo + extqh $Tlo0,$inp,$Tlo0 + or $inlo,$Tlo0,$inlo + subq $len,16,$len + + xor $Xlo,$inlo,$Xlo + xor $Xhi,$inhi,$Xhi +___ + + &loop(); + +$code.=<<___; + srl $Zlo,24,$t0 # byte swap + srl $Zlo,8,$t1 + + sll $Zlo,8,$t2 + sll $Zlo,24,$Zlo + zapnot $t0,0x11,$t0 + zapnot $t1,0x22,$t1 + + zapnot $Zlo,0x88,$Zlo + or $t0,$t1,$t0 + zapnot $t2,0x44,$t2 + + or $Zlo,$t0,$Zlo + srl $Zhi,24,$t0 + srl $Zhi,8,$t1 + + or $Zlo,$t2,$Zlo + sll $Zhi,8,$t2 + sll $Zhi,24,$Zhi + + srl $Zlo,32,$Xlo + sll $Zlo,32,$Zlo + beq $len,.Ldone + + zapnot $t0,0x11,$t0 + zapnot $t1,0x22,$t1 + or $Zlo,$Xlo,$Xlo + ldq_u $inhi,0($inp) + + zapnot $Zhi,0x88,$Zhi + or $t0,$t1,$t0 + zapnot $t2,0x44,$t2 + ldq_u $Thi0,7($inp) + + or $Zhi,$t0,$Zhi + or $Zhi,$t2,$Zhi + ldq_u $inlo,8($inp) + ldq_u $Tlo0,15($inp) + + srl $Zhi,32,$Xhi + sll $Zhi,32,$Zhi + + or $Zhi,$Xhi,$Xhi + br zero,.Louter + +.Ldone: + zapnot $t0,0x11,$t0 + zapnot $t1,0x22,$t1 + or $Zlo,$Xlo,$Xlo + + zapnot $Zhi,0x88,$Zhi + or $t0,$t1,$t0 + zapnot $t2,0x44,$t2 + + or $Zhi,$t0,$Zhi + or $Zhi,$t2,$Zhi + + srl $Zhi,32,$Xhi + sll $Zhi,32,$Zhi + + or $Zhi,$Xhi,$Xhi + + stq $Xlo,8($Xi) + stq $Xhi,0($Xi) + + .set noreorder + /*ldq ra,0(sp)*/ + ldq s0,8(sp) + ldq s1,16(sp) + lda sp,32(sp) + ret (ra) +.end gcm_ghash_4bit + +.align 4 +.ent picmeup +picmeup: + .frame sp,0,$t0 + .prologue 0 + br $rem_4bit,.Lpic +.Lpic: lda $rem_4bit,12($rem_4bit) + ret ($t0) +.end picmeup + nop +rem_4bit: + .long 0,0x0000<<16, 0,0x1C20<<16, 0,0x3840<<16, 0,0x2460<<16 + .long 0,0x7080<<16, 0,0x6CA0<<16, 0,0x48C0<<16, 0,0x54E0<<16 + .long 0,0xE100<<16, 0,0xFD20<<16, 0,0xD940<<16, 0,0xC560<<16 + .long 0,0x9180<<16, 0,0x8DA0<<16, 0,0xA9C0<<16, 0,0xB5E0<<16 +.ascii "GHASH for Alpha, CRYPTOGAMS by " +.align 4 + +___ +$output=shift and open STDOUT,">$output"; +print $code; +close STDOUT; + diff --git a/src/lib/libcrypto/modes/asm/ghash-armv4.pl b/src/lib/libcrypto/modes/asm/ghash-armv4.pl new file mode 100644 index 00000000000..2d57806b466 --- /dev/null +++ b/src/lib/libcrypto/modes/asm/ghash-armv4.pl @@ -0,0 +1,430 @@ +#!/usr/bin/env perl +# +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== +# +# April 2010 +# +# The module implements "4-bit" GCM GHASH function and underlying +# single multiplication operation in GF(2^128). "4-bit" means that it +# uses 256 bytes per-key table [+32 bytes shared table]. There is no +# experimental performance data available yet. The only approximation +# that can be made at this point is based on code size. Inner loop is +# 32 instructions long and on single-issue core should execute in <40 +# cycles. Having verified that gcc 3.4 didn't unroll corresponding +# loop, this assembler loop body was found to be ~3x smaller than +# compiler-generated one... +# +# July 2010 +# +# Rescheduling for dual-issue pipeline resulted in 8.5% improvement on +# Cortex A8 core and ~25 cycles per processed byte (which was observed +# to be ~3 times faster than gcc-generated code:-) +# +# February 2011 +# +# Profiler-assisted and platform-specific optimization resulted in 7% +# improvement on Cortex A8 core and ~23.5 cycles per byte. +# +# March 2011 +# +# Add NEON implementation featuring polynomial multiplication, i.e. no +# lookup tables involved. On Cortex A8 it was measured to process one +# byte in 15 cycles or 55% faster than integer-only code. + +# ==================================================================== +# Note about "528B" variant. In ARM case it makes lesser sense to +# implement it for following reasons: +# +# - performance improvement won't be anywhere near 50%, because 128- +# bit shift operation is neatly fused with 128-bit xor here, and +# "538B" variant would eliminate only 4-5 instructions out of 32 +# in the inner loop (meaning that estimated improvement is ~15%); +# - ARM-based systems are often embedded ones and extra memory +# consumption might be unappreciated (for so little improvement); +# +# Byte order [in]dependence. ========================================= +# +# Caller is expected to maintain specific *dword* order in Htable, +# namely with *least* significant dword of 128-bit value at *lower* +# address. This differs completely from C code and has everything to +# do with ldm instruction and order in which dwords are "consumed" by +# algorithm. *Byte* order within these dwords in turn is whatever +# *native* byte order on current platform. See gcm128.c for working +# example... + +while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} +open STDOUT,">$output"; + +$Xi="r0"; # argument block +$Htbl="r1"; +$inp="r2"; +$len="r3"; + +$Zll="r4"; # variables +$Zlh="r5"; +$Zhl="r6"; +$Zhh="r7"; +$Tll="r8"; +$Tlh="r9"; +$Thl="r10"; +$Thh="r11"; +$nlo="r12"; +################# r13 is stack pointer +$nhi="r14"; +################# r15 is program counter + +$rem_4bit=$inp; # used in gcm_gmult_4bit +$cnt=$len; + +sub Zsmash() { + my $i=12; + my @args=@_; + for ($Zll,$Zlh,$Zhl,$Zhh) { + $code.=<<___; +#if __ARM_ARCH__>=7 && defined(__ARMEL__) + rev $_,$_ + str $_,[$Xi,#$i] +#elif defined(__ARMEB__) + str $_,[$Xi,#$i] +#else + mov $Tlh,$_,lsr#8 + strb $_,[$Xi,#$i+3] + mov $Thl,$_,lsr#16 + strb $Tlh,[$Xi,#$i+2] + mov $Thh,$_,lsr#24 + strb $Thl,[$Xi,#$i+1] + strb $Thh,[$Xi,#$i] +#endif +___ + $code.="\t".shift(@args)."\n"; + $i-=4; + } +} + +$code=<<___; +#include "arm_arch.h" + +.text +.syntax unified +.code 32 + +.type rem_4bit,%object +.align 5 +rem_4bit: +.short 0x0000,0x1C20,0x3840,0x2460 +.short 0x7080,0x6CA0,0x48C0,0x54E0 +.short 0xE100,0xFD20,0xD940,0xC560 +.short 0x9180,0x8DA0,0xA9C0,0xB5E0 +.size rem_4bit,.-rem_4bit + +.type rem_4bit_get,%function +rem_4bit_get: + sub $rem_4bit,pc,#8 + sub $rem_4bit,$rem_4bit,#32 @ &rem_4bit + b .Lrem_4bit_got + nop +.size rem_4bit_get,.-rem_4bit_get + +.global gcm_ghash_4bit +.type gcm_ghash_4bit,%function +gcm_ghash_4bit: + sub r12,pc,#8 + add $len,$inp,$len @ $len to point at the end + stmdb sp!,{r3-r11,lr} @ save $len/end too + sub r12,r12,#48 @ &rem_4bit + + ldmia r12,{r4-r11} @ copy rem_4bit ... + stmdb sp!,{r4-r11} @ ... to stack + + ldrb $nlo,[$inp,#15] + ldrb $nhi,[$Xi,#15] +.Louter: + eor $nlo,$nlo,$nhi + and $nhi,$nlo,#0xf0 + and $nlo,$nlo,#0x0f + mov $cnt,#14 + + add $Zhh,$Htbl,$nlo,lsl#4 + ldmia $Zhh,{$Zll-$Zhh} @ load Htbl[nlo] + add $Thh,$Htbl,$nhi + ldrb $nlo,[$inp,#14] + + and $nhi,$Zll,#0xf @ rem + ldmia $Thh,{$Tll-$Thh} @ load Htbl[nhi] + add $nhi,$nhi,$nhi + eor $Zll,$Tll,$Zll,lsr#4 + ldrh $Tll,[sp,$nhi] @ rem_4bit[rem] + eor $Zll,$Zll,$Zlh,lsl#28 + ldrb $nhi,[$Xi,#14] + eor $Zlh,$Tlh,$Zlh,lsr#4 + eor $Zlh,$Zlh,$Zhl,lsl#28 + eor $Zhl,$Thl,$Zhl,lsr#4 + eor $Zhl,$Zhl,$Zhh,lsl#28 + eor $Zhh,$Thh,$Zhh,lsr#4 + eor $nlo,$nlo,$nhi + and $nhi,$nlo,#0xf0 + and $nlo,$nlo,#0x0f + eor $Zhh,$Zhh,$Tll,lsl#16 + +.Linner: + add $Thh,$Htbl,$nlo,lsl#4 + and $nlo,$Zll,#0xf @ rem + subs $cnt,$cnt,#1 + add $nlo,$nlo,$nlo + ldmia $Thh,{$Tll-$Thh} @ load Htbl[nlo] + eor $Zll,$Tll,$Zll,lsr#4 + eor $Zll,$Zll,$Zlh,lsl#28 + eor $Zlh,$Tlh,$Zlh,lsr#4 + eor $Zlh,$Zlh,$Zhl,lsl#28 + ldrh $Tll,[sp,$nlo] @ rem_4bit[rem] + eor $Zhl,$Thl,$Zhl,lsr#4 + ldrbpl $nlo,[$inp,$cnt] + eor $Zhl,$Zhl,$Zhh,lsl#28 + eor $Zhh,$Thh,$Zhh,lsr#4 + + add $Thh,$Htbl,$nhi + and $nhi,$Zll,#0xf @ rem + eor $Zhh,$Zhh,$Tll,lsl#16 @ ^= rem_4bit[rem] + add $nhi,$nhi,$nhi + ldmia $Thh,{$Tll-$Thh} @ load Htbl[nhi] + eor $Zll,$Tll,$Zll,lsr#4 + ldrbpl $Tll,[$Xi,$cnt] + eor $Zll,$Zll,$Zlh,lsl#28 + eor $Zlh,$Tlh,$Zlh,lsr#4 + ldrh $Tlh,[sp,$nhi] + eor $Zlh,$Zlh,$Zhl,lsl#28 + eor $Zhl,$Thl,$Zhl,lsr#4 + eor $Zhl,$Zhl,$Zhh,lsl#28 + eorpl $nlo,$nlo,$Tll + eor $Zhh,$Thh,$Zhh,lsr#4 + andpl $nhi,$nlo,#0xf0 + andpl $nlo,$nlo,#0x0f + eor $Zhh,$Zhh,$Tlh,lsl#16 @ ^= rem_4bit[rem] + bpl .Linner + + ldr $len,[sp,#32] @ re-load $len/end + add $inp,$inp,#16 + mov $nhi,$Zll +___ + &Zsmash("cmp\t$inp,$len","ldrbne\t$nlo,[$inp,#15]"); +$code.=<<___; + bne .Louter + + add sp,sp,#36 +#if __ARM_ARCH__>=5 + ldmia sp!,{r4-r11,pc} +#else + ldmia sp!,{r4-r11,lr} + tst lr,#1 + moveq pc,lr @ be binary compatible with V4, yet + bx lr @ interoperable with Thumb ISA:-) +#endif +.size gcm_ghash_4bit,.-gcm_ghash_4bit + +.global gcm_gmult_4bit +.type gcm_gmult_4bit,%function +gcm_gmult_4bit: + stmdb sp!,{r4-r11,lr} + ldrb $nlo,[$Xi,#15] + b rem_4bit_get +.Lrem_4bit_got: + and $nhi,$nlo,#0xf0 + and $nlo,$nlo,#0x0f + mov $cnt,#14 + + add $Zhh,$Htbl,$nlo,lsl#4 + ldmia $Zhh,{$Zll-$Zhh} @ load Htbl[nlo] + ldrb $nlo,[$Xi,#14] + + add $Thh,$Htbl,$nhi + and $nhi,$Zll,#0xf @ rem + ldmia $Thh,{$Tll-$Thh} @ load Htbl[nhi] + add $nhi,$nhi,$nhi + eor $Zll,$Tll,$Zll,lsr#4 + ldrh $Tll,[$rem_4bit,$nhi] @ rem_4bit[rem] + eor $Zll,$Zll,$Zlh,lsl#28 + eor $Zlh,$Tlh,$Zlh,lsr#4 + eor $Zlh,$Zlh,$Zhl,lsl#28 + eor $Zhl,$Thl,$Zhl,lsr#4 + eor $Zhl,$Zhl,$Zhh,lsl#28 + eor $Zhh,$Thh,$Zhh,lsr#4 + and $nhi,$nlo,#0xf0 + eor $Zhh,$Zhh,$Tll,lsl#16 + and $nlo,$nlo,#0x0f + +.Loop: + add $Thh,$Htbl,$nlo,lsl#4 + and $nlo,$Zll,#0xf @ rem + subs $cnt,$cnt,#1 + add $nlo,$nlo,$nlo + ldmia $Thh,{$Tll-$Thh} @ load Htbl[nlo] + eor $Zll,$Tll,$Zll,lsr#4 + eor $Zll,$Zll,$Zlh,lsl#28 + eor $Zlh,$Tlh,$Zlh,lsr#4 + eor $Zlh,$Zlh,$Zhl,lsl#28 + ldrh $Tll,[$rem_4bit,$nlo] @ rem_4bit[rem] + eor $Zhl,$Thl,$Zhl,lsr#4 + ldrbpl $nlo,[$Xi,$cnt] + eor $Zhl,$Zhl,$Zhh,lsl#28 + eor $Zhh,$Thh,$Zhh,lsr#4 + + add $Thh,$Htbl,$nhi + and $nhi,$Zll,#0xf @ rem + eor $Zhh,$Zhh,$Tll,lsl#16 @ ^= rem_4bit[rem] + add $nhi,$nhi,$nhi + ldmia $Thh,{$Tll-$Thh} @ load Htbl[nhi] + eor $Zll,$Tll,$Zll,lsr#4 + eor $Zll,$Zll,$Zlh,lsl#28 + eor $Zlh,$Tlh,$Zlh,lsr#4 + ldrh $Tll,[$rem_4bit,$nhi] @ rem_4bit[rem] + eor $Zlh,$Zlh,$Zhl,lsl#28 + eor $Zhl,$Thl,$Zhl,lsr#4 + eor $Zhl,$Zhl,$Zhh,lsl#28 + eor $Zhh,$Thh,$Zhh,lsr#4 + andpl $nhi,$nlo,#0xf0 + andpl $nlo,$nlo,#0x0f + eor $Zhh,$Zhh,$Tll,lsl#16 @ ^= rem_4bit[rem] + bpl .Loop +___ + &Zsmash(); +$code.=<<___; +#if __ARM_ARCH__>=5 + ldmia sp!,{r4-r11,pc} +#else + ldmia sp!,{r4-r11,lr} + tst lr,#1 + moveq pc,lr @ be binary compatible with V4, yet + bx lr @ interoperable with Thumb ISA:-) +#endif +.size gcm_gmult_4bit,.-gcm_gmult_4bit +___ +{ +my $cnt=$Htbl; # $Htbl is used once in the very beginning + +my ($Hhi, $Hlo, $Zo, $T, $xi, $mod) = map("d$_",(0..7)); +my ($Qhi, $Qlo, $Z, $R, $zero, $Qpost, $IN) = map("q$_",(8..15)); + +# Z:Zo keeps 128-bit result shifted by 1 to the right, with bottom bit +# in Zo. Or should I say "top bit", because GHASH is specified in +# reverse bit order? Otherwise straightforward 128-bt H by one input +# byte multiplication and modulo-reduction, times 16. + +sub Dlo() { shift=~m|q([1]?[0-9])|?"d".($1*2):""; } +sub Dhi() { shift=~m|q([1]?[0-9])|?"d".($1*2+1):""; } +sub Q() { shift=~m|d([1-3]?[02468])|?"q".($1/2):""; } + +$code.=<<___; +#if __ARM_ARCH__>=7 && !defined(__STRICT_ALIGNMENT) +.fpu neon + +.global gcm_gmult_neon +.type gcm_gmult_neon,%function +.align 4 +gcm_gmult_neon: + sub $Htbl,#16 @ point at H in GCM128_CTX + vld1.64 `&Dhi("$IN")`,[$Xi,:64]!@ load Xi + vmov.i32 $mod,#0xe1 @ our irreducible polynomial + vld1.64 `&Dlo("$IN")`,[$Xi,:64]! + vshr.u64 $mod,#32 + vldmia $Htbl,{$Hhi-$Hlo} @ load H + veor $zero,$zero +#ifdef __ARMEL__ + vrev64.8 $IN,$IN +#endif + veor $Qpost,$Qpost + veor $R,$R + mov $cnt,#16 + veor $Z,$Z + mov $len,#16 + veor $Zo,$Zo + vdup.8 $xi,`&Dlo("$IN")`[0] @ broadcast lowest byte + b .Linner_neon +.size gcm_gmult_neon,.-gcm_gmult_neon + +.global gcm_ghash_neon +.type gcm_ghash_neon,%function +.align 4 +gcm_ghash_neon: + vld1.64 `&Dhi("$Z")`,[$Xi,:64]! @ load Xi + vmov.i32 $mod,#0xe1 @ our irreducible polynomial + vld1.64 `&Dlo("$Z")`,[$Xi,:64]! + vshr.u64 $mod,#32 + vldmia $Xi,{$Hhi-$Hlo} @ load H + veor $zero,$zero + nop +#ifdef __ARMEL__ + vrev64.8 $Z,$Z +#endif +.Louter_neon: + vld1.64 `&Dhi($IN)`,[$inp]! @ load inp + veor $Qpost,$Qpost + vld1.64 `&Dlo($IN)`,[$inp]! + veor $R,$R + mov $cnt,#16 +#ifdef __ARMEL__ + vrev64.8 $IN,$IN +#endif + veor $Zo,$Zo + veor $IN,$Z @ inp^=Xi + veor $Z,$Z + vdup.8 $xi,`&Dlo("$IN")`[0] @ broadcast lowest byte +.Linner_neon: + subs $cnt,$cnt,#1 + vmull.p8 $Qlo,$Hlo,$xi @ H.lo·Xi[i] + vmull.p8 $Qhi,$Hhi,$xi @ H.hi·Xi[i] + vext.8 $IN,$zero,#1 @ IN>>=8 + + veor $Z,$Qpost @ modulo-scheduled part + vshl.i64 `&Dlo("$R")`,#48 + vdup.8 $xi,`&Dlo("$IN")`[0] @ broadcast lowest byte + veor $T,`&Dlo("$Qlo")`,`&Dlo("$Z")` + + veor `&Dhi("$Z")`,`&Dlo("$R")` + vuzp.8 $Qlo,$Qhi + vsli.8 $Zo,$T,#1 @ compose the "carry" byte + vext.8 $Z,$zero,#1 @ Z>>=8 + + vmull.p8 $R,$Zo,$mod @ "carry"·0xe1 + vshr.u8 $Zo,$T,#7 @ save Z's bottom bit + vext.8 $Qpost,$Qlo,$zero,#1 @ Qlo>>=8 + veor $Z,$Qhi + bne .Linner_neon + + veor $Z,$Qpost @ modulo-scheduled artefact + vshl.i64 `&Dlo("$R")`,#48 + veor `&Dhi("$Z")`,`&Dlo("$R")` + + @ finalization, normalize Z:Zo + vand $Zo,$mod @ suffices to mask the bit + vshr.u64 `&Dhi(&Q("$Zo"))`,`&Dlo("$Z")`,#63 + vshl.i64 $Z,#1 + subs $len,#16 + vorr $Z,`&Q("$Zo")` @ Z=Z:Zo<<1 + bne .Louter_neon + +#ifdef __ARMEL__ + vrev64.8 $Z,$Z +#endif + sub $Xi,#16 + vst1.64 `&Dhi("$Z")`,[$Xi,:64]! @ write out Xi + vst1.64 `&Dlo("$Z")`,[$Xi,:64] + + bx lr +.size gcm_ghash_neon,.-gcm_ghash_neon +#endif +___ +} +$code.=<<___; +.asciz "GHASH for ARMv4/NEON, CRYPTOGAMS by " +.align 2 +___ + +$code =~ s/\`([^\`]*)\`/eval $1/gem; +$code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm; # make it possible to compile with -march=armv4 +print $code; +close STDOUT; # enforce flush diff --git a/src/lib/libcrypto/modes/asm/ghash-parisc.pl b/src/lib/libcrypto/modes/asm/ghash-parisc.pl new file mode 100644 index 00000000000..965802d3fae --- /dev/null +++ b/src/lib/libcrypto/modes/asm/ghash-parisc.pl @@ -0,0 +1,741 @@ +#!/usr/bin/env perl +# +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== +# +# April 2010 +# +# The module implements "4-bit" GCM GHASH function and underlying +# single multiplication operation in GF(2^128). "4-bit" means that it +# uses 256 bytes per-key table [+128 bytes shared table]. On PA-7100LC +# it processes one byte in 19.6 cycles, which is more than twice as +# fast as code generated by gcc 3.2. PA-RISC 2.0 loop is scheduled for +# 8 cycles, but measured performance on PA-8600 system is ~9 cycles per +# processed byte. This is ~2.2x faster than 64-bit code generated by +# vendor compiler (which used to be very hard to beat:-). +# +# Special thanks to polarhome.com for providing HP-UX account. + +$flavour = shift; +$output = shift; +open STDOUT,">$output"; + +if ($flavour =~ /64/) { + $LEVEL ="2.0W"; + $SIZE_T =8; + $FRAME_MARKER =80; + $SAVED_RP =16; + $PUSH ="std"; + $PUSHMA ="std,ma"; + $POP ="ldd"; + $POPMB ="ldd,mb"; + $NREGS =6; +} else { + $LEVEL ="1.0"; #"\n\t.ALLOW\t2.0"; + $SIZE_T =4; + $FRAME_MARKER =48; + $SAVED_RP =20; + $PUSH ="stw"; + $PUSHMA ="stwm"; + $POP ="ldw"; + $POPMB ="ldwm"; + $NREGS =11; +} + +$FRAME=10*$SIZE_T+$FRAME_MARKER;# NREGS saved regs + frame marker + # [+ argument transfer] + +################# volatile registers +$Xi="%r26"; # argument block +$Htbl="%r25"; +$inp="%r24"; +$len="%r23"; +$Hhh=$Htbl; # variables +$Hll="%r22"; +$Zhh="%r21"; +$Zll="%r20"; +$cnt="%r19"; +$rem_4bit="%r28"; +$rem="%r29"; +$mask0xf0="%r31"; + +################# preserved registers +$Thh="%r1"; +$Tll="%r2"; +$nlo="%r3"; +$nhi="%r4"; +$byte="%r5"; +if ($SIZE_T==4) { + $Zhl="%r6"; + $Zlh="%r7"; + $Hhl="%r8"; + $Hlh="%r9"; + $Thl="%r10"; + $Tlh="%r11"; +} +$rem2="%r6"; # used in PA-RISC 2.0 code + +$code.=<<___; + .LEVEL $LEVEL +#if 0 + .SPACE \$TEXT\$ + .SUBSPA \$CODE\$,QUAD=0,ALIGN=8,ACCESS=0x2C,CODE_ONLY +#else + .text +#endif + + .EXPORT gcm_gmult_4bit,ENTRY,ARGW0=GR,ARGW1=GR + .ALIGN 64 +gcm_gmult_4bit + .PROC + .CALLINFO FRAME=`$FRAME-10*$SIZE_T`,NO_CALLS,SAVE_RP,ENTRY_GR=$NREGS + .ENTRY + $PUSH %r2,-$SAVED_RP(%sp) ; standard prologue + $PUSHMA %r3,$FRAME(%sp) + $PUSH %r4,`-$FRAME+1*$SIZE_T`(%sp) + $PUSH %r5,`-$FRAME+2*$SIZE_T`(%sp) + $PUSH %r6,`-$FRAME+3*$SIZE_T`(%sp) +___ +$code.=<<___ if ($SIZE_T==4); + $PUSH %r7,`-$FRAME+4*$SIZE_T`(%sp) + $PUSH %r8,`-$FRAME+5*$SIZE_T`(%sp) + $PUSH %r9,`-$FRAME+6*$SIZE_T`(%sp) + $PUSH %r10,`-$FRAME+7*$SIZE_T`(%sp) + $PUSH %r11,`-$FRAME+8*$SIZE_T`(%sp) +___ +$code.=<<___; + blr %r0,$rem_4bit + ldi 3,$rem +L\$pic_gmult + andcm $rem_4bit,$rem,$rem_4bit + addl $inp,$len,$len + ldo L\$rem_4bit-L\$pic_gmult($rem_4bit),$rem_4bit + ldi 0xf0,$mask0xf0 +___ +$code.=<<___ if ($SIZE_T==4); +#ifndef __OpenBSD__ + ldi 31,$rem + mtctl $rem,%cr11 + extrd,u,*= $rem,%sar,1,$rem ; executes on PA-RISC 1.0 + b L\$parisc1_gmult + nop +___ + +$code.=<<___; + ldb 15($Xi),$nlo + ldo 8($Htbl),$Hll + + and $mask0xf0,$nlo,$nhi + depd,z $nlo,59,4,$nlo + + ldd $nlo($Hll),$Zll + ldd $nlo($Hhh),$Zhh + + depd,z $Zll,60,4,$rem + shrpd $Zhh,$Zll,4,$Zll + extrd,u $Zhh,59,60,$Zhh + ldb 14($Xi),$nlo + + ldd $nhi($Hll),$Tll + ldd $nhi($Hhh),$Thh + and $mask0xf0,$nlo,$nhi + depd,z $nlo,59,4,$nlo + + xor $Tll,$Zll,$Zll + xor $Thh,$Zhh,$Zhh + ldd $rem($rem_4bit),$rem + b L\$oop_gmult_pa2 + ldi 13,$cnt + + .ALIGN 8 +L\$oop_gmult_pa2 + xor $rem,$Zhh,$Zhh ; moved here to work around gas bug + depd,z $Zll,60,4,$rem + + shrpd $Zhh,$Zll,4,$Zll + extrd,u $Zhh,59,60,$Zhh + ldd $nlo($Hll),$Tll + ldd $nlo($Hhh),$Thh + + xor $Tll,$Zll,$Zll + xor $Thh,$Zhh,$Zhh + ldd $rem($rem_4bit),$rem + + xor $rem,$Zhh,$Zhh + depd,z $Zll,60,4,$rem + ldbx $cnt($Xi),$nlo + + shrpd $Zhh,$Zll,4,$Zll + extrd,u $Zhh,59,60,$Zhh + ldd $nhi($Hll),$Tll + ldd $nhi($Hhh),$Thh + + and $mask0xf0,$nlo,$nhi + depd,z $nlo,59,4,$nlo + ldd $rem($rem_4bit),$rem + + xor $Tll,$Zll,$Zll + addib,uv -1,$cnt,L\$oop_gmult_pa2 + xor $Thh,$Zhh,$Zhh + + xor $rem,$Zhh,$Zhh + depd,z $Zll,60,4,$rem + + shrpd $Zhh,$Zll,4,$Zll + extrd,u $Zhh,59,60,$Zhh + ldd $nlo($Hll),$Tll + ldd $nlo($Hhh),$Thh + + xor $Tll,$Zll,$Zll + xor $Thh,$Zhh,$Zhh + ldd $rem($rem_4bit),$rem + + xor $rem,$Zhh,$Zhh + depd,z $Zll,60,4,$rem + + shrpd $Zhh,$Zll,4,$Zll + extrd,u $Zhh,59,60,$Zhh + ldd $nhi($Hll),$Tll + ldd $nhi($Hhh),$Thh + + xor $Tll,$Zll,$Zll + xor $Thh,$Zhh,$Zhh + ldd $rem($rem_4bit),$rem + + xor $rem,$Zhh,$Zhh + std $Zll,8($Xi) + std $Zhh,0($Xi) +___ + +$code.=<<___ if ($SIZE_T==4); + b L\$done_gmult + nop + +L\$parisc1_gmult +#endif + ldb 15($Xi),$nlo + ldo 12($Htbl),$Hll + ldo 8($Htbl),$Hlh + ldo 4($Htbl),$Hhl + + and $mask0xf0,$nlo,$nhi + zdep $nlo,27,4,$nlo + + ldwx $nlo($Hll),$Zll + ldwx $nlo($Hlh),$Zlh + ldwx $nlo($Hhl),$Zhl + ldwx $nlo($Hhh),$Zhh + zdep $Zll,28,4,$rem + ldb 14($Xi),$nlo + ldwx $rem($rem_4bit),$rem + shrpw $Zlh,$Zll,4,$Zll + ldwx $nhi($Hll),$Tll + shrpw $Zhl,$Zlh,4,$Zlh + ldwx $nhi($Hlh),$Tlh + shrpw $Zhh,$Zhl,4,$Zhl + ldwx $nhi($Hhl),$Thl + extru $Zhh,27,28,$Zhh + ldwx $nhi($Hhh),$Thh + xor $rem,$Zhh,$Zhh + and $mask0xf0,$nlo,$nhi + zdep $nlo,27,4,$nlo + + xor $Tll,$Zll,$Zll + ldwx $nlo($Hll),$Tll + xor $Tlh,$Zlh,$Zlh + ldwx $nlo($Hlh),$Tlh + xor $Thl,$Zhl,$Zhl + b L\$oop_gmult_pa1 + ldi 13,$cnt + + .ALIGN 8 +L\$oop_gmult_pa1 + zdep $Zll,28,4,$rem + ldwx $nlo($Hhl),$Thl + xor $Thh,$Zhh,$Zhh + ldwx $rem($rem_4bit),$rem + shrpw $Zlh,$Zll,4,$Zll + ldwx $nlo($Hhh),$Thh + shrpw $Zhl,$Zlh,4,$Zlh + ldbx $cnt($Xi),$nlo + xor $Tll,$Zll,$Zll + ldwx $nhi($Hll),$Tll + shrpw $Zhh,$Zhl,4,$Zhl + xor $Tlh,$Zlh,$Zlh + ldwx $nhi($Hlh),$Tlh + extru $Zhh,27,28,$Zhh + xor $Thl,$Zhl,$Zhl + ldwx $nhi($Hhl),$Thl + xor $rem,$Zhh,$Zhh + zdep $Zll,28,4,$rem + xor $Thh,$Zhh,$Zhh + ldwx $nhi($Hhh),$Thh + shrpw $Zlh,$Zll,4,$Zll + ldwx $rem($rem_4bit),$rem + shrpw $Zhl,$Zlh,4,$Zlh + shrpw $Zhh,$Zhl,4,$Zhl + and $mask0xf0,$nlo,$nhi + extru $Zhh,27,28,$Zhh + zdep $nlo,27,4,$nlo + xor $Tll,$Zll,$Zll + ldwx $nlo($Hll),$Tll + xor $Tlh,$Zlh,$Zlh + ldwx $nlo($Hlh),$Tlh + xor $rem,$Zhh,$Zhh + addib,uv -1,$cnt,L\$oop_gmult_pa1 + xor $Thl,$Zhl,$Zhl + + zdep $Zll,28,4,$rem + ldwx $nlo($Hhl),$Thl + xor $Thh,$Zhh,$Zhh + ldwx $rem($rem_4bit),$rem + shrpw $Zlh,$Zll,4,$Zll + ldwx $nlo($Hhh),$Thh + shrpw $Zhl,$Zlh,4,$Zlh + xor $Tll,$Zll,$Zll + ldwx $nhi($Hll),$Tll + shrpw $Zhh,$Zhl,4,$Zhl + xor $Tlh,$Zlh,$Zlh + ldwx $nhi($Hlh),$Tlh + extru $Zhh,27,28,$Zhh + xor $rem,$Zhh,$Zhh + xor $Thl,$Zhl,$Zhl + ldwx $nhi($Hhl),$Thl + xor $Thh,$Zhh,$Zhh + ldwx $nhi($Hhh),$Thh + zdep $Zll,28,4,$rem + ldwx $rem($rem_4bit),$rem + shrpw $Zlh,$Zll,4,$Zll + shrpw $Zhl,$Zlh,4,$Zlh + shrpw $Zhh,$Zhl,4,$Zhl + extru $Zhh,27,28,$Zhh + xor $Tll,$Zll,$Zll + xor $Tlh,$Zlh,$Zlh + xor $rem,$Zhh,$Zhh + stw $Zll,12($Xi) + xor $Thl,$Zhl,$Zhl + stw $Zlh,8($Xi) + xor $Thh,$Zhh,$Zhh + stw $Zhl,4($Xi) + stw $Zhh,0($Xi) +___ +$code.=<<___; +L\$done_gmult + $POP `-$FRAME-$SAVED_RP`(%sp),%r2 ; standard epilogue + $POP `-$FRAME+1*$SIZE_T`(%sp),%r4 + $POP `-$FRAME+2*$SIZE_T`(%sp),%r5 + $POP `-$FRAME+3*$SIZE_T`(%sp),%r6 +___ +$code.=<<___ if ($SIZE_T==4); + $POP `-$FRAME+4*$SIZE_T`(%sp),%r7 + $POP `-$FRAME+5*$SIZE_T`(%sp),%r8 + $POP `-$FRAME+6*$SIZE_T`(%sp),%r9 + $POP `-$FRAME+7*$SIZE_T`(%sp),%r10 + $POP `-$FRAME+8*$SIZE_T`(%sp),%r11 +___ +$code.=<<___; + bv (%r2) + .EXIT + $POPMB -$FRAME(%sp),%r3 + .PROCEND + + .EXPORT gcm_ghash_4bit,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR + .ALIGN 64 +gcm_ghash_4bit + .PROC + .CALLINFO FRAME=`$FRAME-10*$SIZE_T`,NO_CALLS,SAVE_RP,ENTRY_GR=11 + .ENTRY + $PUSH %r2,-$SAVED_RP(%sp) ; standard prologue + $PUSHMA %r3,$FRAME(%sp) + $PUSH %r4,`-$FRAME+1*$SIZE_T`(%sp) + $PUSH %r5,`-$FRAME+2*$SIZE_T`(%sp) + $PUSH %r6,`-$FRAME+3*$SIZE_T`(%sp) +___ +$code.=<<___ if ($SIZE_T==4); + $PUSH %r7,`-$FRAME+4*$SIZE_T`(%sp) + $PUSH %r8,`-$FRAME+5*$SIZE_T`(%sp) + $PUSH %r9,`-$FRAME+6*$SIZE_T`(%sp) + $PUSH %r10,`-$FRAME+7*$SIZE_T`(%sp) + $PUSH %r11,`-$FRAME+8*$SIZE_T`(%sp) +___ +$code.=<<___; + blr %r0,$rem_4bit + ldi 3,$rem +L\$pic_ghash + andcm $rem_4bit,$rem,$rem_4bit + addl $inp,$len,$len + ldo L\$rem_4bit-L\$pic_ghash($rem_4bit),$rem_4bit + ldi 0xf0,$mask0xf0 +___ +$code.=<<___ if ($SIZE_T==4); +#ifndef __OpenBSD__ + ldi 31,$rem + mtctl $rem,%cr11 + extrd,u,*= $rem,%sar,1,$rem ; executes on PA-RISC 1.0 + b L\$parisc1_ghash + nop +___ + +$code.=<<___; + ldb 15($Xi),$nlo + ldo 8($Htbl),$Hll + +L\$outer_ghash_pa2 + ldb 15($inp),$nhi + xor $nhi,$nlo,$nlo + and $mask0xf0,$nlo,$nhi + depd,z $nlo,59,4,$nlo + + ldd $nlo($Hll),$Zll + ldd $nlo($Hhh),$Zhh + + depd,z $Zll,60,4,$rem + shrpd $Zhh,$Zll,4,$Zll + extrd,u $Zhh,59,60,$Zhh + ldb 14($Xi),$nlo + ldb 14($inp),$byte + + ldd $nhi($Hll),$Tll + ldd $nhi($Hhh),$Thh + xor $byte,$nlo,$nlo + and $mask0xf0,$nlo,$nhi + depd,z $nlo,59,4,$nlo + + xor $Tll,$Zll,$Zll + xor $Thh,$Zhh,$Zhh + ldd $rem($rem_4bit),$rem + b L\$oop_ghash_pa2 + ldi 13,$cnt + + .ALIGN 8 +L\$oop_ghash_pa2 + xor $rem,$Zhh,$Zhh ; moved here to work around gas bug + depd,z $Zll,60,4,$rem2 + + shrpd $Zhh,$Zll,4,$Zll + extrd,u $Zhh,59,60,$Zhh + ldd $nlo($Hll),$Tll + ldd $nlo($Hhh),$Thh + + xor $Tll,$Zll,$Zll + xor $Thh,$Zhh,$Zhh + ldbx $cnt($Xi),$nlo + ldbx $cnt($inp),$byte + + depd,z $Zll,60,4,$rem + shrpd $Zhh,$Zll,4,$Zll + ldd $rem2($rem_4bit),$rem2 + + xor $rem2,$Zhh,$Zhh + xor $byte,$nlo,$nlo + ldd $nhi($Hll),$Tll + ldd $nhi($Hhh),$Thh + + and $mask0xf0,$nlo,$nhi + depd,z $nlo,59,4,$nlo + + extrd,u $Zhh,59,60,$Zhh + xor $Tll,$Zll,$Zll + + ldd $rem($rem_4bit),$rem + addib,uv -1,$cnt,L\$oop_ghash_pa2 + xor $Thh,$Zhh,$Zhh + + xor $rem,$Zhh,$Zhh + depd,z $Zll,60,4,$rem2 + + shrpd $Zhh,$Zll,4,$Zll + extrd,u $Zhh,59,60,$Zhh + ldd $nlo($Hll),$Tll + ldd $nlo($Hhh),$Thh + + xor $Tll,$Zll,$Zll + xor $Thh,$Zhh,$Zhh + + depd,z $Zll,60,4,$rem + shrpd $Zhh,$Zll,4,$Zll + ldd $rem2($rem_4bit),$rem2 + + xor $rem2,$Zhh,$Zhh + ldd $nhi($Hll),$Tll + ldd $nhi($Hhh),$Thh + + extrd,u $Zhh,59,60,$Zhh + xor $Tll,$Zll,$Zll + xor $Thh,$Zhh,$Zhh + ldd $rem($rem_4bit),$rem + + xor $rem,$Zhh,$Zhh + std $Zll,8($Xi) + ldo 16($inp),$inp + std $Zhh,0($Xi) + cmpb,*<> $inp,$len,L\$outer_ghash_pa2 + copy $Zll,$nlo +___ + +$code.=<<___ if ($SIZE_T==4); + b L\$done_ghash + nop + +L\$parisc1_ghash +#endif + ldb 15($Xi),$nlo + ldo 12($Htbl),$Hll + ldo 8($Htbl),$Hlh + ldo 4($Htbl),$Hhl + +L\$outer_ghash_pa1 + ldb 15($inp),$byte + xor $byte,$nlo,$nlo + and $mask0xf0,$nlo,$nhi + zdep $nlo,27,4,$nlo + + ldwx $nlo($Hll),$Zll + ldwx $nlo($Hlh),$Zlh + ldwx $nlo($Hhl),$Zhl + ldwx $nlo($Hhh),$Zhh + zdep $Zll,28,4,$rem + ldb 14($Xi),$nlo + ldb 14($inp),$byte + ldwx $rem($rem_4bit),$rem + shrpw $Zlh,$Zll,4,$Zll + ldwx $nhi($Hll),$Tll + shrpw $Zhl,$Zlh,4,$Zlh + ldwx $nhi($Hlh),$Tlh + shrpw $Zhh,$Zhl,4,$Zhl + ldwx $nhi($Hhl),$Thl + extru $Zhh,27,28,$Zhh + ldwx $nhi($Hhh),$Thh + xor $byte,$nlo,$nlo + xor $rem,$Zhh,$Zhh + and $mask0xf0,$nlo,$nhi + zdep $nlo,27,4,$nlo + + xor $Tll,$Zll,$Zll + ldwx $nlo($Hll),$Tll + xor $Tlh,$Zlh,$Zlh + ldwx $nlo($Hlh),$Tlh + xor $Thl,$Zhl,$Zhl + b L\$oop_ghash_pa1 + ldi 13,$cnt + + .ALIGN 8 +L\$oop_ghash_pa1 + zdep $Zll,28,4,$rem + ldwx $nlo($Hhl),$Thl + xor $Thh,$Zhh,$Zhh + ldwx $rem($rem_4bit),$rem + shrpw $Zlh,$Zll,4,$Zll + ldwx $nlo($Hhh),$Thh + shrpw $Zhl,$Zlh,4,$Zlh + ldbx $cnt($Xi),$nlo + xor $Tll,$Zll,$Zll + ldwx $nhi($Hll),$Tll + shrpw $Zhh,$Zhl,4,$Zhl + ldbx $cnt($inp),$byte + xor $Tlh,$Zlh,$Zlh + ldwx $nhi($Hlh),$Tlh + extru $Zhh,27,28,$Zhh + xor $Thl,$Zhl,$Zhl + ldwx $nhi($Hhl),$Thl + xor $rem,$Zhh,$Zhh + zdep $Zll,28,4,$rem + xor $Thh,$Zhh,$Zhh + ldwx $nhi($Hhh),$Thh + shrpw $Zlh,$Zll,4,$Zll + ldwx $rem($rem_4bit),$rem + shrpw $Zhl,$Zlh,4,$Zlh + xor $byte,$nlo,$nlo + shrpw $Zhh,$Zhl,4,$Zhl + and $mask0xf0,$nlo,$nhi + extru $Zhh,27,28,$Zhh + zdep $nlo,27,4,$nlo + xor $Tll,$Zll,$Zll + ldwx $nlo($Hll),$Tll + xor $Tlh,$Zlh,$Zlh + ldwx $nlo($Hlh),$Tlh + xor $rem,$Zhh,$Zhh + addib,uv -1,$cnt,L\$oop_ghash_pa1 + xor $Thl,$Zhl,$Zhl + + zdep $Zll,28,4,$rem + ldwx $nlo($Hhl),$Thl + xor $Thh,$Zhh,$Zhh + ldwx $rem($rem_4bit),$rem + shrpw $Zlh,$Zll,4,$Zll + ldwx $nlo($Hhh),$Thh + shrpw $Zhl,$Zlh,4,$Zlh + xor $Tll,$Zll,$Zll + ldwx $nhi($Hll),$Tll + shrpw $Zhh,$Zhl,4,$Zhl + xor $Tlh,$Zlh,$Zlh + ldwx $nhi($Hlh),$Tlh + extru $Zhh,27,28,$Zhh + xor $rem,$Zhh,$Zhh + xor $Thl,$Zhl,$Zhl + ldwx $nhi($Hhl),$Thl + xor $Thh,$Zhh,$Zhh + ldwx $nhi($Hhh),$Thh + zdep $Zll,28,4,$rem + ldwx $rem($rem_4bit),$rem + shrpw $Zlh,$Zll,4,$Zll + shrpw $Zhl,$Zlh,4,$Zlh + shrpw $Zhh,$Zhl,4,$Zhl + extru $Zhh,27,28,$Zhh + xor $Tll,$Zll,$Zll + xor $Tlh,$Zlh,$Zlh + xor $rem,$Zhh,$Zhh + stw $Zll,12($Xi) + xor $Thl,$Zhl,$Zhl + stw $Zlh,8($Xi) + xor $Thh,$Zhh,$Zhh + stw $Zhl,4($Xi) + ldo 16($inp),$inp + stw $Zhh,0($Xi) + comb,<> $inp,$len,L\$outer_ghash_pa1 + copy $Zll,$nlo +___ +$code.=<<___; +L\$done_ghash + $POP `-$FRAME-$SAVED_RP`(%sp),%r2 ; standard epilogue + $POP `-$FRAME+1*$SIZE_T`(%sp),%r4 + $POP `-$FRAME+2*$SIZE_T`(%sp),%r5 + $POP `-$FRAME+3*$SIZE_T`(%sp),%r6 +___ +$code.=<<___ if ($SIZE_T==4); + $POP `-$FRAME+4*$SIZE_T`(%sp),%r7 + $POP `-$FRAME+5*$SIZE_T`(%sp),%r8 + $POP `-$FRAME+6*$SIZE_T`(%sp),%r9 + $POP `-$FRAME+7*$SIZE_T`(%sp),%r10 + $POP `-$FRAME+8*$SIZE_T`(%sp),%r11 +___ +$code.=<<___; + bv (%r2) + .EXIT + $POPMB -$FRAME(%sp),%r3 + .PROCEND + + .ALIGN 64 +L\$rem_4bit + .WORD `0x0000<<16`,0,`0x1C20<<16`,0,`0x3840<<16`,0,`0x2460<<16`,0 + .WORD `0x7080<<16`,0,`0x6CA0<<16`,0,`0x48C0<<16`,0,`0x54E0<<16`,0 + .WORD `0xE100<<16`,0,`0xFD20<<16`,0,`0xD940<<16`,0,`0xC560<<16`,0 + .WORD `0x9180<<16`,0,`0x8DA0<<16`,0,`0xA9C0<<16`,0,`0xB5E0<<16`,0 + + .data + .STRINGZ "GHASH for PA-RISC, GRYPTOGAMS by " + .ALIGN 64 +___ + +# Explicitly encode PA-RISC 2.0 instructions used in this module, so +# that it can be compiled with .LEVEL 1.0. It should be noted that I +# wouldn't have to do this, if GNU assembler understood .ALLOW 2.0 +# directive... + +my $ldd = sub { + my ($mod,$args) = @_; + my $orig = "ldd$mod\t$args"; + + if ($args =~ /%r([0-9]+)\(%r([0-9]+)\),%r([0-9]+)/) # format 4 + { my $opcode=(0x03<<26)|($2<<21)|($1<<16)|(3<<6)|$3; + sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig; + } + elsif ($args =~ /(\-?[0-9]+)\(%r([0-9]+)\),%r([0-9]+)/) # format 5 + { my $opcode=(0x03<<26)|($2<<21)|(1<<12)|(3<<6)|$3; + $opcode|=(($1&0xF)<<17)|(($1&0x10)<<12); # encode offset + $opcode|=(1<<5) if ($mod =~ /^,m/); + $opcode|=(1<<13) if ($mod =~ /^,mb/); + sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig; + } + else { "\t".$orig; } +}; + +my $std = sub { + my ($mod,$args) = @_; + my $orig = "std$mod\t$args"; + + if ($args =~ /%r([0-9]+),(\-?[0-9]+)\(%r([0-9]+)\)/) # format 3 suffices + { my $opcode=(0x1c<<26)|($3<<21)|($1<<16)|(($2&0x1FF8)<<1)|(($2>>13)&1); + sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig; + } + else { "\t".$orig; } +}; + +my $extrd = sub { + my ($mod,$args) = @_; + my $orig = "extrd$mod\t$args"; + + # I only have ",u" completer, it's implicitly encoded... + if ($args =~ /%r([0-9]+),([0-9]+),([0-9]+),%r([0-9]+)/) # format 15 + { my $opcode=(0x36<<26)|($1<<21)|($4<<16); + my $len=32-$3; + $opcode |= (($2&0x20)<<6)|(($2&0x1f)<<5); # encode pos + $opcode |= (($len&0x20)<<7)|($len&0x1f); # encode len + sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig; + } + elsif ($args =~ /%r([0-9]+),%sar,([0-9]+),%r([0-9]+)/) # format 12 + { my $opcode=(0x34<<26)|($1<<21)|($3<<16)|(2<<11)|(1<<9); + my $len=32-$2; + $opcode |= (($len&0x20)<<3)|($len&0x1f); # encode len + $opcode |= (1<<13) if ($mod =~ /,\**=/); + sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig; + } + else { "\t".$orig; } +}; + +my $shrpd = sub { + my ($mod,$args) = @_; + my $orig = "shrpd$mod\t$args"; + + if ($args =~ /%r([0-9]+),%r([0-9]+),([0-9]+),%r([0-9]+)/) # format 14 + { my $opcode=(0x34<<26)|($2<<21)|($1<<16)|(1<<10)|$4; + my $cpos=63-$3; + $opcode |= (($cpos&0x20)<<6)|(($cpos&0x1f)<<5); # encode sa + sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig; + } + elsif ($args =~ /%r([0-9]+),%r([0-9]+),%sar,%r([0-9]+)/) # format 11 + { sprintf "\t.WORD\t0x%08x\t; %s", + (0x34<<26)|($2<<21)|($1<<16)|(1<<9)|$3,$orig; + } + else { "\t".$orig; } +}; + +my $depd = sub { + my ($mod,$args) = @_; + my $orig = "depd$mod\t$args"; + + # I only have ",z" completer, it's implicitly encoded... + if ($args =~ /%r([0-9]+),([0-9]+),([0-9]+),%r([0-9]+)/) # format 16 + { my $opcode=(0x3c<<26)|($4<<21)|($1<<16); + my $cpos=63-$2; + my $len=32-$3; + $opcode |= (($cpos&0x20)<<6)|(($cpos&0x1f)<<5); # encode pos + $opcode |= (($len&0x20)<<7)|($len&0x1f); # encode len + sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig; + } + else { "\t".$orig; } +}; + +sub assemble { + my ($mnemonic,$mod,$args)=@_; + my $opcode = eval("\$$mnemonic"); + + ref($opcode) eq 'CODE' ? &$opcode($mod,$args) : "\t$mnemonic$mod\t$args"; +} + +foreach (split("\n",$code)) { + s/\`([^\`]*)\`/eval $1/ge; + if ($SIZE_T==4) { + s/^\s+([a-z]+)([\S]*)\s+([\S]*)/&assemble($1,$2,$3)/e; + s/cmpb,\*/comb,/; + s/,\*/,/; + } + s/\bbv\b/bve/ if ($SIZE_T==8); + print $_,"\n"; +} + +close STDOUT; diff --git a/src/lib/libcrypto/modes/asm/ghash-sparcv9.pl b/src/lib/libcrypto/modes/asm/ghash-sparcv9.pl new file mode 100644 index 00000000000..70e7b044a3e --- /dev/null +++ b/src/lib/libcrypto/modes/asm/ghash-sparcv9.pl @@ -0,0 +1,330 @@ +#!/usr/bin/env perl + +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# March 2010 +# +# The module implements "4-bit" GCM GHASH function and underlying +# single multiplication operation in GF(2^128). "4-bit" means that it +# uses 256 bytes per-key table [+128 bytes shared table]. Performance +# results are for streamed GHASH subroutine on UltraSPARC pre-Tx CPU +# and are expressed in cycles per processed byte, less is better: +# +# gcc 3.3.x cc 5.2 this assembler +# +# 32-bit build 81.4 43.3 12.6 (+546%/+244%) +# 64-bit build 20.2 21.2 12.6 (+60%/+68%) +# +# Here is data collected on UltraSPARC T1 system running Linux: +# +# gcc 4.4.1 this assembler +# +# 32-bit build 566 50 (+1000%) +# 64-bit build 56 50 (+12%) +# +# I don't quite understand why difference between 32-bit and 64-bit +# compiler-generated code is so big. Compilers *were* instructed to +# generate code for UltraSPARC and should have used 64-bit registers +# for Z vector (see C code) even in 32-bit build... Oh well, it only +# means more impressive improvement coefficients for this assembler +# module;-) Loops are aggressively modulo-scheduled in respect to +# references to input data and Z.hi updates to achieve 12 cycles +# timing. To anchor to something else, sha1-sparcv9.pl spends 11.6 +# cycles to process one byte on UltraSPARC pre-Tx CPU and ~24 on T1. + +$bits=32; +for (@ARGV) { $bits=64 if (/\-m64/ || /\-xarch\=v9/); } +if ($bits==64) { $bias=2047; $frame=192; } +else { $bias=0; $frame=112; } + +$output=shift; +open STDOUT,">$output"; + +$Zhi="%o0"; # 64-bit values +$Zlo="%o1"; +$Thi="%o2"; +$Tlo="%o3"; +$rem="%o4"; +$tmp="%o5"; + +$nhi="%l0"; # small values and pointers +$nlo="%l1"; +$xi0="%l2"; +$xi1="%l3"; +$rem_4bit="%l4"; +$remi="%l5"; +$Htblo="%l6"; +$cnt="%l7"; + +$Xi="%i0"; # input argument block +$Htbl="%i1"; +$inp="%i2"; +$len="%i3"; + +$code.=<<___; +.section ".text",#alloc,#execinstr + +.align 64 +rem_4bit: + .long `0x0000<<16`,0,`0x1C20<<16`,0,`0x3840<<16`,0,`0x2460<<16`,0 + .long `0x7080<<16`,0,`0x6CA0<<16`,0,`0x48C0<<16`,0,`0x54E0<<16`,0 + .long `0xE100<<16`,0,`0xFD20<<16`,0,`0xD940<<16`,0,`0xC560<<16`,0 + .long `0x9180<<16`,0,`0x8DA0<<16`,0,`0xA9C0<<16`,0,`0xB5E0<<16`,0 +.type rem_4bit,#object +.size rem_4bit,(.-rem_4bit) + +.globl gcm_ghash_4bit +.align 32 +gcm_ghash_4bit: + save %sp,-$frame,%sp + ldub [$inp+15],$nlo + ldub [$Xi+15],$xi0 + ldub [$Xi+14],$xi1 + add $len,$inp,$len + add $Htbl,8,$Htblo + +1: call .+8 + add %o7,rem_4bit-1b,$rem_4bit + +.Louter: + xor $xi0,$nlo,$nlo + and $nlo,0xf0,$nhi + and $nlo,0x0f,$nlo + sll $nlo,4,$nlo + ldx [$Htblo+$nlo],$Zlo + ldx [$Htbl+$nlo],$Zhi + + ldub [$inp+14],$nlo + + ldx [$Htblo+$nhi],$Tlo + and $Zlo,0xf,$remi + ldx [$Htbl+$nhi],$Thi + sll $remi,3,$remi + ldx [$rem_4bit+$remi],$rem + srlx $Zlo,4,$Zlo + mov 13,$cnt + sllx $Zhi,60,$tmp + xor $Tlo,$Zlo,$Zlo + srlx $Zhi,4,$Zhi + xor $Zlo,$tmp,$Zlo + + xor $xi1,$nlo,$nlo + and $Zlo,0xf,$remi + and $nlo,0xf0,$nhi + and $nlo,0x0f,$nlo + ba .Lghash_inner + sll $nlo,4,$nlo +.align 32 +.Lghash_inner: + ldx [$Htblo+$nlo],$Tlo + sll $remi,3,$remi + xor $Thi,$Zhi,$Zhi + ldx [$Htbl+$nlo],$Thi + srlx $Zlo,4,$Zlo + xor $rem,$Zhi,$Zhi + ldx [$rem_4bit+$remi],$rem + sllx $Zhi,60,$tmp + xor $Tlo,$Zlo,$Zlo + ldub [$inp+$cnt],$nlo + srlx $Zhi,4,$Zhi + xor $Zlo,$tmp,$Zlo + ldub [$Xi+$cnt],$xi1 + xor $Thi,$Zhi,$Zhi + and $Zlo,0xf,$remi + + ldx [$Htblo+$nhi],$Tlo + sll $remi,3,$remi + xor $rem,$Zhi,$Zhi + ldx [$Htbl+$nhi],$Thi + srlx $Zlo,4,$Zlo + ldx [$rem_4bit+$remi],$rem + sllx $Zhi,60,$tmp + xor $xi1,$nlo,$nlo + srlx $Zhi,4,$Zhi + and $nlo,0xf0,$nhi + addcc $cnt,-1,$cnt + xor $Zlo,$tmp,$Zlo + and $nlo,0x0f,$nlo + xor $Tlo,$Zlo,$Zlo + sll $nlo,4,$nlo + blu .Lghash_inner + and $Zlo,0xf,$remi + + ldx [$Htblo+$nlo],$Tlo + sll $remi,3,$remi + xor $Thi,$Zhi,$Zhi + ldx [$Htbl+$nlo],$Thi + srlx $Zlo,4,$Zlo + xor $rem,$Zhi,$Zhi + ldx [$rem_4bit+$remi],$rem + sllx $Zhi,60,$tmp + xor $Tlo,$Zlo,$Zlo + srlx $Zhi,4,$Zhi + xor $Zlo,$tmp,$Zlo + xor $Thi,$Zhi,$Zhi + + add $inp,16,$inp + cmp $inp,$len + be,pn `$bits==64?"%xcc":"%icc"`,.Ldone + and $Zlo,0xf,$remi + + ldx [$Htblo+$nhi],$Tlo + sll $remi,3,$remi + xor $rem,$Zhi,$Zhi + ldx [$Htbl+$nhi],$Thi + srlx $Zlo,4,$Zlo + ldx [$rem_4bit+$remi],$rem + sllx $Zhi,60,$tmp + xor $Tlo,$Zlo,$Zlo + ldub [$inp+15],$nlo + srlx $Zhi,4,$Zhi + xor $Zlo,$tmp,$Zlo + xor $Thi,$Zhi,$Zhi + stx $Zlo,[$Xi+8] + xor $rem,$Zhi,$Zhi + stx $Zhi,[$Xi] + srl $Zlo,8,$xi1 + and $Zlo,0xff,$xi0 + ba .Louter + and $xi1,0xff,$xi1 +.align 32 +.Ldone: + ldx [$Htblo+$nhi],$Tlo + sll $remi,3,$remi + xor $rem,$Zhi,$Zhi + ldx [$Htbl+$nhi],$Thi + srlx $Zlo,4,$Zlo + ldx [$rem_4bit+$remi],$rem + sllx $Zhi,60,$tmp + xor $Tlo,$Zlo,$Zlo + srlx $Zhi,4,$Zhi + xor $Zlo,$tmp,$Zlo + xor $Thi,$Zhi,$Zhi + stx $Zlo,[$Xi+8] + xor $rem,$Zhi,$Zhi + stx $Zhi,[$Xi] + + ret + restore +.type gcm_ghash_4bit,#function +.size gcm_ghash_4bit,(.-gcm_ghash_4bit) +___ + +undef $inp; +undef $len; + +$code.=<<___; +.globl gcm_gmult_4bit +.align 32 +gcm_gmult_4bit: + save %sp,-$frame,%sp + ldub [$Xi+15],$nlo + add $Htbl,8,$Htblo + +1: call .+8 + add %o7,rem_4bit-1b,$rem_4bit + + and $nlo,0xf0,$nhi + and $nlo,0x0f,$nlo + sll $nlo,4,$nlo + ldx [$Htblo+$nlo],$Zlo + ldx [$Htbl+$nlo],$Zhi + + ldub [$Xi+14],$nlo + + ldx [$Htblo+$nhi],$Tlo + and $Zlo,0xf,$remi + ldx [$Htbl+$nhi],$Thi + sll $remi,3,$remi + ldx [$rem_4bit+$remi],$rem + srlx $Zlo,4,$Zlo + mov 13,$cnt + sllx $Zhi,60,$tmp + xor $Tlo,$Zlo,$Zlo + srlx $Zhi,4,$Zhi + xor $Zlo,$tmp,$Zlo + + and $Zlo,0xf,$remi + and $nlo,0xf0,$nhi + and $nlo,0x0f,$nlo + ba .Lgmult_inner + sll $nlo,4,$nlo +.align 32 +.Lgmult_inner: + ldx [$Htblo+$nlo],$Tlo + sll $remi,3,$remi + xor $Thi,$Zhi,$Zhi + ldx [$Htbl+$nlo],$Thi + srlx $Zlo,4,$Zlo + xor $rem,$Zhi,$Zhi + ldx [$rem_4bit+$remi],$rem + sllx $Zhi,60,$tmp + xor $Tlo,$Zlo,$Zlo + ldub [$Xi+$cnt],$nlo + srlx $Zhi,4,$Zhi + xor $Zlo,$tmp,$Zlo + xor $Thi,$Zhi,$Zhi + and $Zlo,0xf,$remi + + ldx [$Htblo+$nhi],$Tlo + sll $remi,3,$remi + xor $rem,$Zhi,$Zhi + ldx [$Htbl+$nhi],$Thi + srlx $Zlo,4,$Zlo + ldx [$rem_4bit+$remi],$rem + sllx $Zhi,60,$tmp + srlx $Zhi,4,$Zhi + and $nlo,0xf0,$nhi + addcc $cnt,-1,$cnt + xor $Zlo,$tmp,$Zlo + and $nlo,0x0f,$nlo + xor $Tlo,$Zlo,$Zlo + sll $nlo,4,$nlo + blu .Lgmult_inner + and $Zlo,0xf,$remi + + ldx [$Htblo+$nlo],$Tlo + sll $remi,3,$remi + xor $Thi,$Zhi,$Zhi + ldx [$Htbl+$nlo],$Thi + srlx $Zlo,4,$Zlo + xor $rem,$Zhi,$Zhi + ldx [$rem_4bit+$remi],$rem + sllx $Zhi,60,$tmp + xor $Tlo,$Zlo,$Zlo + srlx $Zhi,4,$Zhi + xor $Zlo,$tmp,$Zlo + xor $Thi,$Zhi,$Zhi + and $Zlo,0xf,$remi + + ldx [$Htblo+$nhi],$Tlo + sll $remi,3,$remi + xor $rem,$Zhi,$Zhi + ldx [$Htbl+$nhi],$Thi + srlx $Zlo,4,$Zlo + ldx [$rem_4bit+$remi],$rem + sllx $Zhi,60,$tmp + xor $Tlo,$Zlo,$Zlo + srlx $Zhi,4,$Zhi + xor $Zlo,$tmp,$Zlo + xor $Thi,$Zhi,$Zhi + stx $Zlo,[$Xi+8] + xor $rem,$Zhi,$Zhi + stx $Zhi,[$Xi] + + ret + restore +.type gcm_gmult_4bit,#function +.size gcm_gmult_4bit,(.-gcm_gmult_4bit) +.asciz "GHASH for SPARCv9, CRYPTOGAMS by " +.align 4 +___ + +$code =~ s/\`([^\`]*)\`/eval $1/gem; +print $code; +close STDOUT; diff --git a/src/lib/libcrypto/modes/asm/ghash-x86.pl b/src/lib/libcrypto/modes/asm/ghash-x86.pl new file mode 100644 index 00000000000..83c727e07f9 --- /dev/null +++ b/src/lib/libcrypto/modes/asm/ghash-x86.pl @@ -0,0 +1,1342 @@ +#!/usr/bin/env perl +# +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== +# +# March, May, June 2010 +# +# The module implements "4-bit" GCM GHASH function and underlying +# single multiplication operation in GF(2^128). "4-bit" means that it +# uses 256 bytes per-key table [+64/128 bytes fixed table]. It has two +# code paths: vanilla x86 and vanilla MMX. Former will be executed on +# 486 and Pentium, latter on all others. MMX GHASH features so called +# "528B" variant of "4-bit" method utilizing additional 256+16 bytes +# of per-key storage [+512 bytes shared table]. Performance results +# are for streamed GHASH subroutine and are expressed in cycles per +# processed byte, less is better: +# +# gcc 2.95.3(*) MMX assembler x86 assembler +# +# Pentium 105/111(**) - 50 +# PIII 68 /75 12.2 24 +# P4 125/125 17.8 84(***) +# Opteron 66 /70 10.1 30 +# Core2 54 /67 8.4 18 +# +# (*) gcc 3.4.x was observed to generate few percent slower code, +# which is one of reasons why 2.95.3 results were chosen, +# another reason is lack of 3.4.x results for older CPUs; +# comparison with MMX results is not completely fair, because C +# results are for vanilla "256B" implementation, while +# assembler results are for "528B";-) +# (**) second number is result for code compiled with -fPIC flag, +# which is actually more relevant, because assembler code is +# position-independent; +# (***) see comment in non-MMX routine for further details; +# +# To summarize, it's >2-5 times faster than gcc-generated code. To +# anchor it to something else SHA1 assembler processes one byte in +# 11-13 cycles on contemporary x86 cores. As for choice of MMX in +# particular, see comment at the end of the file... + +# May 2010 +# +# Add PCLMULQDQ version performing at 2.10 cycles per processed byte. +# The question is how close is it to theoretical limit? The pclmulqdq +# instruction latency appears to be 14 cycles and there can't be more +# than 2 of them executing at any given time. This means that single +# Karatsuba multiplication would take 28 cycles *plus* few cycles for +# pre- and post-processing. Then multiplication has to be followed by +# modulo-reduction. Given that aggregated reduction method [see +# "Carry-less Multiplication and Its Usage for Computing the GCM Mode" +# white paper by Intel] allows you to perform reduction only once in +# a while we can assume that asymptotic performance can be estimated +# as (28+Tmod/Naggr)/16, where Tmod is time to perform reduction +# and Naggr is the aggregation factor. +# +# Before we proceed to this implementation let's have closer look at +# the best-performing code suggested by Intel in their white paper. +# By tracing inter-register dependencies Tmod is estimated as ~19 +# cycles and Naggr chosen by Intel is 4, resulting in 2.05 cycles per +# processed byte. As implied, this is quite optimistic estimate, +# because it does not account for Karatsuba pre- and post-processing, +# which for a single multiplication is ~5 cycles. Unfortunately Intel +# does not provide performance data for GHASH alone. But benchmarking +# AES_GCM_encrypt ripped out of Fig. 15 of the white paper with aadt +# alone resulted in 2.46 cycles per byte of out 16KB buffer. Note that +# the result accounts even for pre-computing of degrees of the hash +# key H, but its portion is negligible at 16KB buffer size. +# +# Moving on to the implementation in question. Tmod is estimated as +# ~13 cycles and Naggr is 2, giving asymptotic performance of ... +# 2.16. How is it possible that measured performance is better than +# optimistic theoretical estimate? There is one thing Intel failed +# to recognize. By serializing GHASH with CTR in same subroutine +# former's performance is really limited to above (Tmul + Tmod/Naggr) +# equation. But if GHASH procedure is detached, the modulo-reduction +# can be interleaved with Naggr-1 multiplications at instruction level +# and under ideal conditions even disappear from the equation. So that +# optimistic theoretical estimate for this implementation is ... +# 28/16=1.75, and not 2.16. Well, it's probably way too optimistic, +# at least for such small Naggr. I'd argue that (28+Tproc/Naggr), +# where Tproc is time required for Karatsuba pre- and post-processing, +# is more realistic estimate. In this case it gives ... 1.91 cycles. +# Or in other words, depending on how well we can interleave reduction +# and one of the two multiplications the performance should be betwen +# 1.91 and 2.16. As already mentioned, this implementation processes +# one byte out of 8KB buffer in 2.10 cycles, while x86_64 counterpart +# - in 2.02. x86_64 performance is better, because larger register +# bank allows to interleave reduction and multiplication better. +# +# Does it make sense to increase Naggr? To start with it's virtually +# impossible in 32-bit mode, because of limited register bank +# capacity. Otherwise improvement has to be weighed agiainst slower +# setup, as well as code size and complexity increase. As even +# optimistic estimate doesn't promise 30% performance improvement, +# there are currently no plans to increase Naggr. +# +# Special thanks to David Woodhouse for +# providing access to a Westmere-based system on behalf of Intel +# Open Source Technology Centre. + +# January 2010 +# +# Tweaked to optimize transitions between integer and FP operations +# on same XMM register, PCLMULQDQ subroutine was measured to process +# one byte in 2.07 cycles on Sandy Bridge, and in 2.12 - on Westmere. +# The minor regression on Westmere is outweighed by ~15% improvement +# on Sandy Bridge. Strangely enough attempt to modify 64-bit code in +# similar manner resulted in almost 20% degradation on Sandy Bridge, +# where original 64-bit code processes one byte in 1.95 cycles. + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +push(@INC,"${dir}","${dir}../../perlasm"); +require "x86asm.pl"; + +&asm_init($ARGV[0],"ghash-x86.pl",$x86only = $ARGV[$#ARGV] eq "386"); + +$sse2=0; +for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } + +($Zhh,$Zhl,$Zlh,$Zll) = ("ebp","edx","ecx","ebx"); +$inp = "edi"; +$Htbl = "esi"; + +$unroll = 0; # Affects x86 loop. Folded loop performs ~7% worse + # than unrolled, which has to be weighted against + # 2.5x x86-specific code size reduction. + +sub x86_loop { + my $off = shift; + my $rem = "eax"; + + &mov ($Zhh,&DWP(4,$Htbl,$Zll)); + &mov ($Zhl,&DWP(0,$Htbl,$Zll)); + &mov ($Zlh,&DWP(12,$Htbl,$Zll)); + &mov ($Zll,&DWP(8,$Htbl,$Zll)); + &xor ($rem,$rem); # avoid partial register stalls on PIII + + # shrd practically kills P4, 2.5x deterioration, but P4 has + # MMX code-path to execute. shrd runs tad faster [than twice + # the shifts, move's and or's] on pre-MMX Pentium (as well as + # PIII and Core2), *but* minimizes code size, spares register + # and thus allows to fold the loop... + if (!$unroll) { + my $cnt = $inp; + &mov ($cnt,15); + &jmp (&label("x86_loop")); + &set_label("x86_loop",16); + for($i=1;$i<=2;$i++) { + &mov (&LB($rem),&LB($Zll)); + &shrd ($Zll,$Zlh,4); + &and (&LB($rem),0xf); + &shrd ($Zlh,$Zhl,4); + &shrd ($Zhl,$Zhh,4); + &shr ($Zhh,4); + &xor ($Zhh,&DWP($off+16,"esp",$rem,4)); + + &mov (&LB($rem),&BP($off,"esp",$cnt)); + if ($i&1) { + &and (&LB($rem),0xf0); + } else { + &shl (&LB($rem),4); + } + + &xor ($Zll,&DWP(8,$Htbl,$rem)); + &xor ($Zlh,&DWP(12,$Htbl,$rem)); + &xor ($Zhl,&DWP(0,$Htbl,$rem)); + &xor ($Zhh,&DWP(4,$Htbl,$rem)); + + if ($i&1) { + &dec ($cnt); + &js (&label("x86_break")); + } else { + &jmp (&label("x86_loop")); + } + } + &set_label("x86_break",16); + } else { + for($i=1;$i<32;$i++) { + &comment($i); + &mov (&LB($rem),&LB($Zll)); + &shrd ($Zll,$Zlh,4); + &and (&LB($rem),0xf); + &shrd ($Zlh,$Zhl,4); + &shrd ($Zhl,$Zhh,4); + &shr ($Zhh,4); + &xor ($Zhh,&DWP($off+16,"esp",$rem,4)); + + if ($i&1) { + &mov (&LB($rem),&BP($off+15-($i>>1),"esp")); + &and (&LB($rem),0xf0); + } else { + &mov (&LB($rem),&BP($off+15-($i>>1),"esp")); + &shl (&LB($rem),4); + } + + &xor ($Zll,&DWP(8,$Htbl,$rem)); + &xor ($Zlh,&DWP(12,$Htbl,$rem)); + &xor ($Zhl,&DWP(0,$Htbl,$rem)); + &xor ($Zhh,&DWP(4,$Htbl,$rem)); + } + } + &bswap ($Zll); + &bswap ($Zlh); + &bswap ($Zhl); + if (!$x86only) { + &bswap ($Zhh); + } else { + &mov ("eax",$Zhh); + &bswap ("eax"); + &mov ($Zhh,"eax"); + } +} + +if ($unroll) { + &function_begin_B("_x86_gmult_4bit_inner"); + &x86_loop(4); + &ret (); + &function_end_B("_x86_gmult_4bit_inner"); +} + +sub deposit_rem_4bit { + my $bias = shift; + + &mov (&DWP($bias+0, "esp"),0x0000<<16); + &mov (&DWP($bias+4, "esp"),0x1C20<<16); + &mov (&DWP($bias+8, "esp"),0x3840<<16); + &mov (&DWP($bias+12,"esp"),0x2460<<16); + &mov (&DWP($bias+16,"esp"),0x7080<<16); + &mov (&DWP($bias+20,"esp"),0x6CA0<<16); + &mov (&DWP($bias+24,"esp"),0x48C0<<16); + &mov (&DWP($bias+28,"esp"),0x54E0<<16); + &mov (&DWP($bias+32,"esp"),0xE100<<16); + &mov (&DWP($bias+36,"esp"),0xFD20<<16); + &mov (&DWP($bias+40,"esp"),0xD940<<16); + &mov (&DWP($bias+44,"esp"),0xC560<<16); + &mov (&DWP($bias+48,"esp"),0x9180<<16); + &mov (&DWP($bias+52,"esp"),0x8DA0<<16); + &mov (&DWP($bias+56,"esp"),0xA9C0<<16); + &mov (&DWP($bias+60,"esp"),0xB5E0<<16); +} + +$suffix = $x86only ? "" : "_x86"; + +&function_begin("gcm_gmult_4bit".$suffix); + &stack_push(16+4+1); # +1 for stack alignment + &mov ($inp,&wparam(0)); # load Xi + &mov ($Htbl,&wparam(1)); # load Htable + + &mov ($Zhh,&DWP(0,$inp)); # load Xi[16] + &mov ($Zhl,&DWP(4,$inp)); + &mov ($Zlh,&DWP(8,$inp)); + &mov ($Zll,&DWP(12,$inp)); + + &deposit_rem_4bit(16); + + &mov (&DWP(0,"esp"),$Zhh); # copy Xi[16] on stack + &mov (&DWP(4,"esp"),$Zhl); + &mov (&DWP(8,"esp"),$Zlh); + &mov (&DWP(12,"esp"),$Zll); + &shr ($Zll,20); + &and ($Zll,0xf0); + + if ($unroll) { + &call ("_x86_gmult_4bit_inner"); + } else { + &x86_loop(0); + &mov ($inp,&wparam(0)); + } + + &mov (&DWP(12,$inp),$Zll); + &mov (&DWP(8,$inp),$Zlh); + &mov (&DWP(4,$inp),$Zhl); + &mov (&DWP(0,$inp),$Zhh); + &stack_pop(16+4+1); +&function_end("gcm_gmult_4bit".$suffix); + +&function_begin("gcm_ghash_4bit".$suffix); + &stack_push(16+4+1); # +1 for 64-bit alignment + &mov ($Zll,&wparam(0)); # load Xi + &mov ($Htbl,&wparam(1)); # load Htable + &mov ($inp,&wparam(2)); # load in + &mov ("ecx",&wparam(3)); # load len + &add ("ecx",$inp); + &mov (&wparam(3),"ecx"); + + &mov ($Zhh,&DWP(0,$Zll)); # load Xi[16] + &mov ($Zhl,&DWP(4,$Zll)); + &mov ($Zlh,&DWP(8,$Zll)); + &mov ($Zll,&DWP(12,$Zll)); + + &deposit_rem_4bit(16); + + &set_label("x86_outer_loop",16); + &xor ($Zll,&DWP(12,$inp)); # xor with input + &xor ($Zlh,&DWP(8,$inp)); + &xor ($Zhl,&DWP(4,$inp)); + &xor ($Zhh,&DWP(0,$inp)); + &mov (&DWP(12,"esp"),$Zll); # dump it on stack + &mov (&DWP(8,"esp"),$Zlh); + &mov (&DWP(4,"esp"),$Zhl); + &mov (&DWP(0,"esp"),$Zhh); + + &shr ($Zll,20); + &and ($Zll,0xf0); + + if ($unroll) { + &call ("_x86_gmult_4bit_inner"); + } else { + &x86_loop(0); + &mov ($inp,&wparam(2)); + } + &lea ($inp,&DWP(16,$inp)); + &cmp ($inp,&wparam(3)); + &mov (&wparam(2),$inp) if (!$unroll); + &jb (&label("x86_outer_loop")); + + &mov ($inp,&wparam(0)); # load Xi + &mov (&DWP(12,$inp),$Zll); + &mov (&DWP(8,$inp),$Zlh); + &mov (&DWP(4,$inp),$Zhl); + &mov (&DWP(0,$inp),$Zhh); + &stack_pop(16+4+1); +&function_end("gcm_ghash_4bit".$suffix); + +if (!$x86only) {{{ + +&static_label("rem_4bit"); + +if (!$sse2) {{ # pure-MMX "May" version... + +$S=12; # shift factor for rem_4bit + +&function_begin_B("_mmx_gmult_4bit_inner"); +# MMX version performs 3.5 times better on P4 (see comment in non-MMX +# routine for further details), 100% better on Opteron, ~70% better +# on Core2 and PIII... In other words effort is considered to be well +# spent... Since initial release the loop was unrolled in order to +# "liberate" register previously used as loop counter. Instead it's +# used to optimize critical path in 'Z.hi ^= rem_4bit[Z.lo&0xf]'. +# The path involves move of Z.lo from MMX to integer register, +# effective address calculation and finally merge of value to Z.hi. +# Reference to rem_4bit is scheduled so late that I had to >>4 +# rem_4bit elements. This resulted in 20-45% procent improvement +# on contemporary µ-archs. +{ + my $cnt; + my $rem_4bit = "eax"; + my @rem = ($Zhh,$Zll); + my $nhi = $Zhl; + my $nlo = $Zlh; + + my ($Zlo,$Zhi) = ("mm0","mm1"); + my $tmp = "mm2"; + + &xor ($nlo,$nlo); # avoid partial register stalls on PIII + &mov ($nhi,$Zll); + &mov (&LB($nlo),&LB($nhi)); + &shl (&LB($nlo),4); + &and ($nhi,0xf0); + &movq ($Zlo,&QWP(8,$Htbl,$nlo)); + &movq ($Zhi,&QWP(0,$Htbl,$nlo)); + &movd ($rem[0],$Zlo); + + for ($cnt=28;$cnt>=-2;$cnt--) { + my $odd = $cnt&1; + my $nix = $odd ? $nlo : $nhi; + + &shl (&LB($nlo),4) if ($odd); + &psrlq ($Zlo,4); + &movq ($tmp,$Zhi); + &psrlq ($Zhi,4); + &pxor ($Zlo,&QWP(8,$Htbl,$nix)); + &mov (&LB($nlo),&BP($cnt/2,$inp)) if (!$odd && $cnt>=0); + &psllq ($tmp,60); + &and ($nhi,0xf0) if ($odd); + &pxor ($Zhi,&QWP(0,$rem_4bit,$rem[1],8)) if ($cnt<28); + &and ($rem[0],0xf); + &pxor ($Zhi,&QWP(0,$Htbl,$nix)); + &mov ($nhi,$nlo) if (!$odd && $cnt>=0); + &movd ($rem[1],$Zlo); + &pxor ($Zlo,$tmp); + + push (@rem,shift(@rem)); # "rotate" registers + } + + &mov ($inp,&DWP(4,$rem_4bit,$rem[1],8)); # last rem_4bit[rem] + + &psrlq ($Zlo,32); # lower part of Zlo is already there + &movd ($Zhl,$Zhi); + &psrlq ($Zhi,32); + &movd ($Zlh,$Zlo); + &movd ($Zhh,$Zhi); + &shl ($inp,4); # compensate for rem_4bit[i] being >>4 + + &bswap ($Zll); + &bswap ($Zhl); + &bswap ($Zlh); + &xor ($Zhh,$inp); + &bswap ($Zhh); + + &ret (); +} +&function_end_B("_mmx_gmult_4bit_inner"); + +&function_begin("gcm_gmult_4bit_mmx"); + &mov ($inp,&wparam(0)); # load Xi + &mov ($Htbl,&wparam(1)); # load Htable + + &call (&label("pic_point")); + &set_label("pic_point"); + &blindpop("eax"); + &lea ("eax",&DWP(&label("rem_4bit")."-".&label("pic_point"),"eax")); + + &movz ($Zll,&BP(15,$inp)); + + &call ("_mmx_gmult_4bit_inner"); + + &mov ($inp,&wparam(0)); # load Xi + &emms (); + &mov (&DWP(12,$inp),$Zll); + &mov (&DWP(4,$inp),$Zhl); + &mov (&DWP(8,$inp),$Zlh); + &mov (&DWP(0,$inp),$Zhh); +&function_end("gcm_gmult_4bit_mmx"); + +# Streamed version performs 20% better on P4, 7% on Opteron, +# 10% on Core2 and PIII... +&function_begin("gcm_ghash_4bit_mmx"); + &mov ($Zhh,&wparam(0)); # load Xi + &mov ($Htbl,&wparam(1)); # load Htable + &mov ($inp,&wparam(2)); # load in + &mov ($Zlh,&wparam(3)); # load len + + &call (&label("pic_point")); + &set_label("pic_point"); + &blindpop("eax"); + &lea ("eax",&DWP(&label("rem_4bit")."-".&label("pic_point"),"eax")); + + &add ($Zlh,$inp); + &mov (&wparam(3),$Zlh); # len to point at the end of input + &stack_push(4+1); # +1 for stack alignment + + &mov ($Zll,&DWP(12,$Zhh)); # load Xi[16] + &mov ($Zhl,&DWP(4,$Zhh)); + &mov ($Zlh,&DWP(8,$Zhh)); + &mov ($Zhh,&DWP(0,$Zhh)); + &jmp (&label("mmx_outer_loop")); + + &set_label("mmx_outer_loop",16); + &xor ($Zll,&DWP(12,$inp)); + &xor ($Zhl,&DWP(4,$inp)); + &xor ($Zlh,&DWP(8,$inp)); + &xor ($Zhh,&DWP(0,$inp)); + &mov (&wparam(2),$inp); + &mov (&DWP(12,"esp"),$Zll); + &mov (&DWP(4,"esp"),$Zhl); + &mov (&DWP(8,"esp"),$Zlh); + &mov (&DWP(0,"esp"),$Zhh); + + &mov ($inp,"esp"); + &shr ($Zll,24); + + &call ("_mmx_gmult_4bit_inner"); + + &mov ($inp,&wparam(2)); + &lea ($inp,&DWP(16,$inp)); + &cmp ($inp,&wparam(3)); + &jb (&label("mmx_outer_loop")); + + &mov ($inp,&wparam(0)); # load Xi + &emms (); + &mov (&DWP(12,$inp),$Zll); + &mov (&DWP(4,$inp),$Zhl); + &mov (&DWP(8,$inp),$Zlh); + &mov (&DWP(0,$inp),$Zhh); + + &stack_pop(4+1); +&function_end("gcm_ghash_4bit_mmx"); + +}} else {{ # "June" MMX version... + # ... has slower "April" gcm_gmult_4bit_mmx with folded + # loop. This is done to conserve code size... +$S=16; # shift factor for rem_4bit + +sub mmx_loop() { +# MMX version performs 2.8 times better on P4 (see comment in non-MMX +# routine for further details), 40% better on Opteron and Core2, 50% +# better on PIII... In other words effort is considered to be well +# spent... + my $inp = shift; + my $rem_4bit = shift; + my $cnt = $Zhh; + my $nhi = $Zhl; + my $nlo = $Zlh; + my $rem = $Zll; + + my ($Zlo,$Zhi) = ("mm0","mm1"); + my $tmp = "mm2"; + + &xor ($nlo,$nlo); # avoid partial register stalls on PIII + &mov ($nhi,$Zll); + &mov (&LB($nlo),&LB($nhi)); + &mov ($cnt,14); + &shl (&LB($nlo),4); + &and ($nhi,0xf0); + &movq ($Zlo,&QWP(8,$Htbl,$nlo)); + &movq ($Zhi,&QWP(0,$Htbl,$nlo)); + &movd ($rem,$Zlo); + &jmp (&label("mmx_loop")); + + &set_label("mmx_loop",16); + &psrlq ($Zlo,4); + &and ($rem,0xf); + &movq ($tmp,$Zhi); + &psrlq ($Zhi,4); + &pxor ($Zlo,&QWP(8,$Htbl,$nhi)); + &mov (&LB($nlo),&BP(0,$inp,$cnt)); + &psllq ($tmp,60); + &pxor ($Zhi,&QWP(0,$rem_4bit,$rem,8)); + &dec ($cnt); + &movd ($rem,$Zlo); + &pxor ($Zhi,&QWP(0,$Htbl,$nhi)); + &mov ($nhi,$nlo); + &pxor ($Zlo,$tmp); + &js (&label("mmx_break")); + + &shl (&LB($nlo),4); + &and ($rem,0xf); + &psrlq ($Zlo,4); + &and ($nhi,0xf0); + &movq ($tmp,$Zhi); + &psrlq ($Zhi,4); + &pxor ($Zlo,&QWP(8,$Htbl,$nlo)); + &psllq ($tmp,60); + &pxor ($Zhi,&QWP(0,$rem_4bit,$rem,8)); + &movd ($rem,$Zlo); + &pxor ($Zhi,&QWP(0,$Htbl,$nlo)); + &pxor ($Zlo,$tmp); + &jmp (&label("mmx_loop")); + + &set_label("mmx_break",16); + &shl (&LB($nlo),4); + &and ($rem,0xf); + &psrlq ($Zlo,4); + &and ($nhi,0xf0); + &movq ($tmp,$Zhi); + &psrlq ($Zhi,4); + &pxor ($Zlo,&QWP(8,$Htbl,$nlo)); + &psllq ($tmp,60); + &pxor ($Zhi,&QWP(0,$rem_4bit,$rem,8)); + &movd ($rem,$Zlo); + &pxor ($Zhi,&QWP(0,$Htbl,$nlo)); + &pxor ($Zlo,$tmp); + + &psrlq ($Zlo,4); + &and ($rem,0xf); + &movq ($tmp,$Zhi); + &psrlq ($Zhi,4); + &pxor ($Zlo,&QWP(8,$Htbl,$nhi)); + &psllq ($tmp,60); + &pxor ($Zhi,&QWP(0,$rem_4bit,$rem,8)); + &movd ($rem,$Zlo); + &pxor ($Zhi,&QWP(0,$Htbl,$nhi)); + &pxor ($Zlo,$tmp); + + &psrlq ($Zlo,32); # lower part of Zlo is already there + &movd ($Zhl,$Zhi); + &psrlq ($Zhi,32); + &movd ($Zlh,$Zlo); + &movd ($Zhh,$Zhi); + + &bswap ($Zll); + &bswap ($Zhl); + &bswap ($Zlh); + &bswap ($Zhh); +} + +&function_begin("gcm_gmult_4bit_mmx"); + &mov ($inp,&wparam(0)); # load Xi + &mov ($Htbl,&wparam(1)); # load Htable + + &call (&label("pic_point")); + &set_label("pic_point"); + &blindpop("eax"); + &lea ("eax",&DWP(&label("rem_4bit")."-".&label("pic_point"),"eax")); + + &movz ($Zll,&BP(15,$inp)); + + &mmx_loop($inp,"eax"); + + &emms (); + &mov (&DWP(12,$inp),$Zll); + &mov (&DWP(4,$inp),$Zhl); + &mov (&DWP(8,$inp),$Zlh); + &mov (&DWP(0,$inp),$Zhh); +&function_end("gcm_gmult_4bit_mmx"); + +###################################################################### +# Below subroutine is "528B" variant of "4-bit" GCM GHASH function +# (see gcm128.c for details). It provides further 20-40% performance +# improvement over above mentioned "May" version. + +&static_label("rem_8bit"); + +&function_begin("gcm_ghash_4bit_mmx"); +{ my ($Zlo,$Zhi) = ("mm7","mm6"); + my $rem_8bit = "esi"; + my $Htbl = "ebx"; + + # parameter block + &mov ("eax",&wparam(0)); # Xi + &mov ("ebx",&wparam(1)); # Htable + &mov ("ecx",&wparam(2)); # inp + &mov ("edx",&wparam(3)); # len + &mov ("ebp","esp"); # original %esp + &call (&label("pic_point")); + &set_label ("pic_point"); + &blindpop ($rem_8bit); + &lea ($rem_8bit,&DWP(&label("rem_8bit")."-".&label("pic_point"),$rem_8bit)); + + &sub ("esp",512+16+16); # allocate stack frame... + &and ("esp",-64); # ...and align it + &sub ("esp",16); # place for (u8)(H[]<<4) + + &add ("edx","ecx"); # pointer to the end of input + &mov (&DWP(528+16+0,"esp"),"eax"); # save Xi + &mov (&DWP(528+16+8,"esp"),"edx"); # save inp+len + &mov (&DWP(528+16+12,"esp"),"ebp"); # save original %esp + + { my @lo = ("mm0","mm1","mm2"); + my @hi = ("mm3","mm4","mm5"); + my @tmp = ("mm6","mm7"); + my ($off1,$off2,$i) = (0,0,); + + &add ($Htbl,128); # optimize for size + &lea ("edi",&DWP(16+128,"esp")); + &lea ("ebp",&DWP(16+256+128,"esp")); + + # decompose Htable (low and high parts are kept separately), + # generate Htable[]>>4, (u8)(Htable[]<<4), save to stack... + for ($i=0;$i<18;$i++) { + + &mov ("edx",&DWP(16*$i+8-128,$Htbl)) if ($i<16); + &movq ($lo[0],&QWP(16*$i+8-128,$Htbl)) if ($i<16); + &psllq ($tmp[1],60) if ($i>1); + &movq ($hi[0],&QWP(16*$i+0-128,$Htbl)) if ($i<16); + &por ($lo[2],$tmp[1]) if ($i>1); + &movq (&QWP($off1-128,"edi"),$lo[1]) if ($i>0 && $i<17); + &psrlq ($lo[1],4) if ($i>0 && $i<17); + &movq (&QWP($off1,"edi"),$hi[1]) if ($i>0 && $i<17); + &movq ($tmp[0],$hi[1]) if ($i>0 && $i<17); + &movq (&QWP($off2-128,"ebp"),$lo[2]) if ($i>1); + &psrlq ($hi[1],4) if ($i>0 && $i<17); + &movq (&QWP($off2,"ebp"),$hi[2]) if ($i>1); + &shl ("edx",4) if ($i<16); + &mov (&BP($i,"esp"),&LB("edx")) if ($i<16); + + unshift (@lo,pop(@lo)); # "rotate" registers + unshift (@hi,pop(@hi)); + unshift (@tmp,pop(@tmp)); + $off1 += 8 if ($i>0); + $off2 += 8 if ($i>1); + } + } + + &movq ($Zhi,&QWP(0,"eax")); + &mov ("ebx",&DWP(8,"eax")); + &mov ("edx",&DWP(12,"eax")); # load Xi + +&set_label("outer",16); + { my $nlo = "eax"; + my $dat = "edx"; + my @nhi = ("edi","ebp"); + my @rem = ("ebx","ecx"); + my @red = ("mm0","mm1","mm2"); + my $tmp = "mm3"; + + &xor ($dat,&DWP(12,"ecx")); # merge input data + &xor ("ebx",&DWP(8,"ecx")); + &pxor ($Zhi,&QWP(0,"ecx")); + &lea ("ecx",&DWP(16,"ecx")); # inp+=16 + #&mov (&DWP(528+12,"esp"),$dat); # save inp^Xi + &mov (&DWP(528+8,"esp"),"ebx"); + &movq (&QWP(528+0,"esp"),$Zhi); + &mov (&DWP(528+16+4,"esp"),"ecx"); # save inp + + &xor ($nlo,$nlo); + &rol ($dat,8); + &mov (&LB($nlo),&LB($dat)); + &mov ($nhi[1],$nlo); + &and (&LB($nlo),0x0f); + &shr ($nhi[1],4); + &pxor ($red[0],$red[0]); + &rol ($dat,8); # next byte + &pxor ($red[1],$red[1]); + &pxor ($red[2],$red[2]); + + # Just like in "May" verson modulo-schedule for critical path in + # 'Z.hi ^= rem_8bit[Z.lo&0xff^((u8)H[nhi]<<4)]<<48'. Final 'pxor' + # is scheduled so late that rem_8bit[] has to be shifted *right* + # by 16, which is why last argument to pinsrw is 2, which + # corresponds to <<32=<<48>>16... + for ($j=11,$i=0;$i<15;$i++) { + + if ($i>0) { + &pxor ($Zlo,&QWP(16,"esp",$nlo,8)); # Z^=H[nlo] + &rol ($dat,8); # next byte + &pxor ($Zhi,&QWP(16+128,"esp",$nlo,8)); + + &pxor ($Zlo,$tmp); + &pxor ($Zhi,&QWP(16+256+128,"esp",$nhi[0],8)); + &xor (&LB($rem[1]),&BP(0,"esp",$nhi[0])); # rem^(H[nhi]<<4) + } else { + &movq ($Zlo,&QWP(16,"esp",$nlo,8)); + &movq ($Zhi,&QWP(16+128,"esp",$nlo,8)); + } + + &mov (&LB($nlo),&LB($dat)); + &mov ($dat,&DWP(528+$j,"esp")) if (--$j%4==0); + + &movd ($rem[0],$Zlo); + &movz ($rem[1],&LB($rem[1])) if ($i>0); + &psrlq ($Zlo,8); # Z>>=8 + + &movq ($tmp,$Zhi); + &mov ($nhi[0],$nlo); + &psrlq ($Zhi,8); + + &pxor ($Zlo,&QWP(16+256+0,"esp",$nhi[1],8)); # Z^=H[nhi]>>4 + &and (&LB($nlo),0x0f); + &psllq ($tmp,56); + + &pxor ($Zhi,$red[1]) if ($i>1); + &shr ($nhi[0],4); + &pinsrw ($red[0],&WP(0,$rem_8bit,$rem[1],2),2) if ($i>0); + + unshift (@red,pop(@red)); # "rotate" registers + unshift (@rem,pop(@rem)); + unshift (@nhi,pop(@nhi)); + } + + &pxor ($Zlo,&QWP(16,"esp",$nlo,8)); # Z^=H[nlo] + &pxor ($Zhi,&QWP(16+128,"esp",$nlo,8)); + &xor (&LB($rem[1]),&BP(0,"esp",$nhi[0])); # rem^(H[nhi]<<4) + + &pxor ($Zlo,$tmp); + &pxor ($Zhi,&QWP(16+256+128,"esp",$nhi[0],8)); + &movz ($rem[1],&LB($rem[1])); + + &pxor ($red[2],$red[2]); # clear 2nd word + &psllq ($red[1],4); + + &movd ($rem[0],$Zlo); + &psrlq ($Zlo,4); # Z>>=4 + + &movq ($tmp,$Zhi); + &psrlq ($Zhi,4); + &shl ($rem[0],4); # rem<<4 + + &pxor ($Zlo,&QWP(16,"esp",$nhi[1],8)); # Z^=H[nhi] + &psllq ($tmp,60); + &movz ($rem[0],&LB($rem[0])); + + &pxor ($Zlo,$tmp); + &pxor ($Zhi,&QWP(16+128,"esp",$nhi[1],8)); + + &pinsrw ($red[0],&WP(0,$rem_8bit,$rem[1],2),2); + &pxor ($Zhi,$red[1]); + + &movd ($dat,$Zlo); + &pinsrw ($red[2],&WP(0,$rem_8bit,$rem[0],2),3); # last is <<48 + + &psllq ($red[0],12); # correct by <<16>>4 + &pxor ($Zhi,$red[0]); + &psrlq ($Zlo,32); + &pxor ($Zhi,$red[2]); + + &mov ("ecx",&DWP(528+16+4,"esp")); # restore inp + &movd ("ebx",$Zlo); + &movq ($tmp,$Zhi); # 01234567 + &psllw ($Zhi,8); # 1.3.5.7. + &psrlw ($tmp,8); # .0.2.4.6 + &por ($Zhi,$tmp); # 10325476 + &bswap ($dat); + &pshufw ($Zhi,$Zhi,0b00011011); # 76543210 + &bswap ("ebx"); + + &cmp ("ecx",&DWP(528+16+8,"esp")); # are we done? + &jne (&label("outer")); + } + + &mov ("eax",&DWP(528+16+0,"esp")); # restore Xi + &mov (&DWP(12,"eax"),"edx"); + &mov (&DWP(8,"eax"),"ebx"); + &movq (&QWP(0,"eax"),$Zhi); + + &mov ("esp",&DWP(528+16+12,"esp")); # restore original %esp + &emms (); +} +&function_end("gcm_ghash_4bit_mmx"); +}} + +if ($sse2) {{ +###################################################################### +# PCLMULQDQ version. + +$Xip="eax"; +$Htbl="edx"; +$const="ecx"; +$inp="esi"; +$len="ebx"; + +($Xi,$Xhi)=("xmm0","xmm1"); $Hkey="xmm2"; +($T1,$T2,$T3)=("xmm3","xmm4","xmm5"); +($Xn,$Xhn)=("xmm6","xmm7"); + +&static_label("bswap"); + +sub clmul64x64_T2 { # minimal "register" pressure +my ($Xhi,$Xi,$Hkey)=@_; + + &movdqa ($Xhi,$Xi); # + &pshufd ($T1,$Xi,0b01001110); + &pshufd ($T2,$Hkey,0b01001110); + &pxor ($T1,$Xi); # + &pxor ($T2,$Hkey); + + &pclmulqdq ($Xi,$Hkey,0x00); ####### + &pclmulqdq ($Xhi,$Hkey,0x11); ####### + &pclmulqdq ($T1,$T2,0x00); ####### + &xorps ($T1,$Xi); # + &xorps ($T1,$Xhi); # + + &movdqa ($T2,$T1); # + &psrldq ($T1,8); + &pslldq ($T2,8); # + &pxor ($Xhi,$T1); + &pxor ($Xi,$T2); # +} + +sub clmul64x64_T3 { +# Even though this subroutine offers visually better ILP, it +# was empirically found to be a tad slower than above version. +# At least in gcm_ghash_clmul context. But it's just as well, +# because loop modulo-scheduling is possible only thanks to +# minimized "register" pressure... +my ($Xhi,$Xi,$Hkey)=@_; + + &movdqa ($T1,$Xi); # + &movdqa ($Xhi,$Xi); + &pclmulqdq ($Xi,$Hkey,0x00); ####### + &pclmulqdq ($Xhi,$Hkey,0x11); ####### + &pshufd ($T2,$T1,0b01001110); # + &pshufd ($T3,$Hkey,0b01001110); + &pxor ($T2,$T1); # + &pxor ($T3,$Hkey); + &pclmulqdq ($T2,$T3,0x00); ####### + &pxor ($T2,$Xi); # + &pxor ($T2,$Xhi); # + + &movdqa ($T3,$T2); # + &psrldq ($T2,8); + &pslldq ($T3,8); # + &pxor ($Xhi,$T2); + &pxor ($Xi,$T3); # +} + +if (1) { # Algorithm 9 with <<1 twist. + # Reduction is shorter and uses only two + # temporary registers, which makes it better + # candidate for interleaving with 64x64 + # multiplication. Pre-modulo-scheduled loop + # was found to be ~20% faster than Algorithm 5 + # below. Algorithm 9 was therefore chosen for + # further optimization... + +sub reduction_alg9 { # 17/13 times faster than Intel version +my ($Xhi,$Xi) = @_; + + # 1st phase + &movdqa ($T1,$Xi); # + &psllq ($Xi,1); + &pxor ($Xi,$T1); # + &psllq ($Xi,5); # + &pxor ($Xi,$T1); # + &psllq ($Xi,57); # + &movdqa ($T2,$Xi); # + &pslldq ($Xi,8); + &psrldq ($T2,8); # + &pxor ($Xi,$T1); + &pxor ($Xhi,$T2); # + + # 2nd phase + &movdqa ($T2,$Xi); + &psrlq ($Xi,5); + &pxor ($Xi,$T2); # + &psrlq ($Xi,1); # + &pxor ($Xi,$T2); # + &pxor ($T2,$Xhi); + &psrlq ($Xi,1); # + &pxor ($Xi,$T2); # +} + +&function_begin_B("gcm_init_clmul"); + &mov ($Htbl,&wparam(0)); + &mov ($Xip,&wparam(1)); + + &call (&label("pic")); +&set_label("pic"); + &blindpop ($const); + &lea ($const,&DWP(&label("bswap")."-".&label("pic"),$const)); + + &movdqu ($Hkey,&QWP(0,$Xip)); + &pshufd ($Hkey,$Hkey,0b01001110);# dword swap + + # <<1 twist + &pshufd ($T2,$Hkey,0b11111111); # broadcast uppermost dword + &movdqa ($T1,$Hkey); + &psllq ($Hkey,1); + &pxor ($T3,$T3); # + &psrlq ($T1,63); + &pcmpgtd ($T3,$T2); # broadcast carry bit + &pslldq ($T1,8); + &por ($Hkey,$T1); # H<<=1 + + # magic reduction + &pand ($T3,&QWP(16,$const)); # 0x1c2_polynomial + &pxor ($Hkey,$T3); # if(carry) H^=0x1c2_polynomial + + # calculate H^2 + &movdqa ($Xi,$Hkey); + &clmul64x64_T2 ($Xhi,$Xi,$Hkey); + &reduction_alg9 ($Xhi,$Xi); + + &movdqu (&QWP(0,$Htbl),$Hkey); # save H + &movdqu (&QWP(16,$Htbl),$Xi); # save H^2 + + &ret (); +&function_end_B("gcm_init_clmul"); + +&function_begin_B("gcm_gmult_clmul"); + &mov ($Xip,&wparam(0)); + &mov ($Htbl,&wparam(1)); + + &call (&label("pic")); +&set_label("pic"); + &blindpop ($const); + &lea ($const,&DWP(&label("bswap")."-".&label("pic"),$const)); + + &movdqu ($Xi,&QWP(0,$Xip)); + &movdqa ($T3,&QWP(0,$const)); + &movups ($Hkey,&QWP(0,$Htbl)); + &pshufb ($Xi,$T3); + + &clmul64x64_T2 ($Xhi,$Xi,$Hkey); + &reduction_alg9 ($Xhi,$Xi); + + &pshufb ($Xi,$T3); + &movdqu (&QWP(0,$Xip),$Xi); + + &ret (); +&function_end_B("gcm_gmult_clmul"); + +&function_begin("gcm_ghash_clmul"); + &mov ($Xip,&wparam(0)); + &mov ($Htbl,&wparam(1)); + &mov ($inp,&wparam(2)); + &mov ($len,&wparam(3)); + + &call (&label("pic")); +&set_label("pic"); + &blindpop ($const); + &lea ($const,&DWP(&label("bswap")."-".&label("pic"),$const)); + + &movdqu ($Xi,&QWP(0,$Xip)); + &movdqa ($T3,&QWP(0,$const)); + &movdqu ($Hkey,&QWP(0,$Htbl)); + &pshufb ($Xi,$T3); + + &sub ($len,0x10); + &jz (&label("odd_tail")); + + ####### + # Xi+2 =[H*(Ii+1 + Xi+1)] mod P = + # [(H*Ii+1) + (H*Xi+1)] mod P = + # [(H*Ii+1) + H^2*(Ii+Xi)] mod P + # + &movdqu ($T1,&QWP(0,$inp)); # Ii + &movdqu ($Xn,&QWP(16,$inp)); # Ii+1 + &pshufb ($T1,$T3); + &pshufb ($Xn,$T3); + &pxor ($Xi,$T1); # Ii+Xi + + &clmul64x64_T2 ($Xhn,$Xn,$Hkey); # H*Ii+1 + &movups ($Hkey,&QWP(16,$Htbl)); # load H^2 + + &lea ($inp,&DWP(32,$inp)); # i+=2 + &sub ($len,0x20); + &jbe (&label("even_tail")); + +&set_label("mod_loop"); + &clmul64x64_T2 ($Xhi,$Xi,$Hkey); # H^2*(Ii+Xi) + &movdqu ($T1,&QWP(0,$inp)); # Ii + &movups ($Hkey,&QWP(0,$Htbl)); # load H + + &pxor ($Xi,$Xn); # (H*Ii+1) + H^2*(Ii+Xi) + &pxor ($Xhi,$Xhn); + + &movdqu ($Xn,&QWP(16,$inp)); # Ii+1 + &pshufb ($T1,$T3); + &pshufb ($Xn,$T3); + + &movdqa ($T3,$Xn); #&clmul64x64_TX ($Xhn,$Xn,$Hkey); H*Ii+1 + &movdqa ($Xhn,$Xn); + &pxor ($Xhi,$T1); # "Ii+Xi", consume early + + &movdqa ($T1,$Xi); #&reduction_alg9($Xhi,$Xi); 1st phase + &psllq ($Xi,1); + &pxor ($Xi,$T1); # + &psllq ($Xi,5); # + &pxor ($Xi,$T1); # + &pclmulqdq ($Xn,$Hkey,0x00); ####### + &psllq ($Xi,57); # + &movdqa ($T2,$Xi); # + &pslldq ($Xi,8); + &psrldq ($T2,8); # + &pxor ($Xi,$T1); + &pshufd ($T1,$T3,0b01001110); + &pxor ($Xhi,$T2); # + &pxor ($T1,$T3); + &pshufd ($T3,$Hkey,0b01001110); + &pxor ($T3,$Hkey); # + + &pclmulqdq ($Xhn,$Hkey,0x11); ####### + &movdqa ($T2,$Xi); # 2nd phase + &psrlq ($Xi,5); + &pxor ($Xi,$T2); # + &psrlq ($Xi,1); # + &pxor ($Xi,$T2); # + &pxor ($T2,$Xhi); + &psrlq ($Xi,1); # + &pxor ($Xi,$T2); # + + &pclmulqdq ($T1,$T3,0x00); ####### + &movups ($Hkey,&QWP(16,$Htbl)); # load H^2 + &xorps ($T1,$Xn); # + &xorps ($T1,$Xhn); # + + &movdqa ($T3,$T1); # + &psrldq ($T1,8); + &pslldq ($T3,8); # + &pxor ($Xhn,$T1); + &pxor ($Xn,$T3); # + &movdqa ($T3,&QWP(0,$const)); + + &lea ($inp,&DWP(32,$inp)); + &sub ($len,0x20); + &ja (&label("mod_loop")); + +&set_label("even_tail"); + &clmul64x64_T2 ($Xhi,$Xi,$Hkey); # H^2*(Ii+Xi) + + &pxor ($Xi,$Xn); # (H*Ii+1) + H^2*(Ii+Xi) + &pxor ($Xhi,$Xhn); + + &reduction_alg9 ($Xhi,$Xi); + + &test ($len,$len); + &jnz (&label("done")); + + &movups ($Hkey,&QWP(0,$Htbl)); # load H +&set_label("odd_tail"); + &movdqu ($T1,&QWP(0,$inp)); # Ii + &pshufb ($T1,$T3); + &pxor ($Xi,$T1); # Ii+Xi + + &clmul64x64_T2 ($Xhi,$Xi,$Hkey); # H*(Ii+Xi) + &reduction_alg9 ($Xhi,$Xi); + +&set_label("done"); + &pshufb ($Xi,$T3); + &movdqu (&QWP(0,$Xip),$Xi); +&function_end("gcm_ghash_clmul"); + +} else { # Algorith 5. Kept for reference purposes. + +sub reduction_alg5 { # 19/16 times faster than Intel version +my ($Xhi,$Xi)=@_; + + # <<1 + &movdqa ($T1,$Xi); # + &movdqa ($T2,$Xhi); + &pslld ($Xi,1); + &pslld ($Xhi,1); # + &psrld ($T1,31); + &psrld ($T2,31); # + &movdqa ($T3,$T1); + &pslldq ($T1,4); + &psrldq ($T3,12); # + &pslldq ($T2,4); + &por ($Xhi,$T3); # + &por ($Xi,$T1); + &por ($Xhi,$T2); # + + # 1st phase + &movdqa ($T1,$Xi); + &movdqa ($T2,$Xi); + &movdqa ($T3,$Xi); # + &pslld ($T1,31); + &pslld ($T2,30); + &pslld ($Xi,25); # + &pxor ($T1,$T2); + &pxor ($T1,$Xi); # + &movdqa ($T2,$T1); # + &pslldq ($T1,12); + &psrldq ($T2,4); # + &pxor ($T3,$T1); + + # 2nd phase + &pxor ($Xhi,$T3); # + &movdqa ($Xi,$T3); + &movdqa ($T1,$T3); + &psrld ($Xi,1); # + &psrld ($T1,2); + &psrld ($T3,7); # + &pxor ($Xi,$T1); + &pxor ($Xhi,$T2); + &pxor ($Xi,$T3); # + &pxor ($Xi,$Xhi); # +} + +&function_begin_B("gcm_init_clmul"); + &mov ($Htbl,&wparam(0)); + &mov ($Xip,&wparam(1)); + + &call (&label("pic")); +&set_label("pic"); + &blindpop ($const); + &lea ($const,&DWP(&label("bswap")."-".&label("pic"),$const)); + + &movdqu ($Hkey,&QWP(0,$Xip)); + &pshufd ($Hkey,$Hkey,0b01001110);# dword swap + + # calculate H^2 + &movdqa ($Xi,$Hkey); + &clmul64x64_T3 ($Xhi,$Xi,$Hkey); + &reduction_alg5 ($Xhi,$Xi); + + &movdqu (&QWP(0,$Htbl),$Hkey); # save H + &movdqu (&QWP(16,$Htbl),$Xi); # save H^2 + + &ret (); +&function_end_B("gcm_init_clmul"); + +&function_begin_B("gcm_gmult_clmul"); + &mov ($Xip,&wparam(0)); + &mov ($Htbl,&wparam(1)); + + &call (&label("pic")); +&set_label("pic"); + &blindpop ($const); + &lea ($const,&DWP(&label("bswap")."-".&label("pic"),$const)); + + &movdqu ($Xi,&QWP(0,$Xip)); + &movdqa ($Xn,&QWP(0,$const)); + &movdqu ($Hkey,&QWP(0,$Htbl)); + &pshufb ($Xi,$Xn); + + &clmul64x64_T3 ($Xhi,$Xi,$Hkey); + &reduction_alg5 ($Xhi,$Xi); + + &pshufb ($Xi,$Xn); + &movdqu (&QWP(0,$Xip),$Xi); + + &ret (); +&function_end_B("gcm_gmult_clmul"); + +&function_begin("gcm_ghash_clmul"); + &mov ($Xip,&wparam(0)); + &mov ($Htbl,&wparam(1)); + &mov ($inp,&wparam(2)); + &mov ($len,&wparam(3)); + + &call (&label("pic")); +&set_label("pic"); + &blindpop ($const); + &lea ($const,&DWP(&label("bswap")."-".&label("pic"),$const)); + + &movdqu ($Xi,&QWP(0,$Xip)); + &movdqa ($T3,&QWP(0,$const)); + &movdqu ($Hkey,&QWP(0,$Htbl)); + &pshufb ($Xi,$T3); + + &sub ($len,0x10); + &jz (&label("odd_tail")); + + ####### + # Xi+2 =[H*(Ii+1 + Xi+1)] mod P = + # [(H*Ii+1) + (H*Xi+1)] mod P = + # [(H*Ii+1) + H^2*(Ii+Xi)] mod P + # + &movdqu ($T1,&QWP(0,$inp)); # Ii + &movdqu ($Xn,&QWP(16,$inp)); # Ii+1 + &pshufb ($T1,$T3); + &pshufb ($Xn,$T3); + &pxor ($Xi,$T1); # Ii+Xi + + &clmul64x64_T3 ($Xhn,$Xn,$Hkey); # H*Ii+1 + &movdqu ($Hkey,&QWP(16,$Htbl)); # load H^2 + + &sub ($len,0x20); + &lea ($inp,&DWP(32,$inp)); # i+=2 + &jbe (&label("even_tail")); + +&set_label("mod_loop"); + &clmul64x64_T3 ($Xhi,$Xi,$Hkey); # H^2*(Ii+Xi) + &movdqu ($Hkey,&QWP(0,$Htbl)); # load H + + &pxor ($Xi,$Xn); # (H*Ii+1) + H^2*(Ii+Xi) + &pxor ($Xhi,$Xhn); + + &reduction_alg5 ($Xhi,$Xi); + + ####### + &movdqa ($T3,&QWP(0,$const)); + &movdqu ($T1,&QWP(0,$inp)); # Ii + &movdqu ($Xn,&QWP(16,$inp)); # Ii+1 + &pshufb ($T1,$T3); + &pshufb ($Xn,$T3); + &pxor ($Xi,$T1); # Ii+Xi + + &clmul64x64_T3 ($Xhn,$Xn,$Hkey); # H*Ii+1 + &movdqu ($Hkey,&QWP(16,$Htbl)); # load H^2 + + &sub ($len,0x20); + &lea ($inp,&DWP(32,$inp)); + &ja (&label("mod_loop")); + +&set_label("even_tail"); + &clmul64x64_T3 ($Xhi,$Xi,$Hkey); # H^2*(Ii+Xi) + + &pxor ($Xi,$Xn); # (H*Ii+1) + H^2*(Ii+Xi) + &pxor ($Xhi,$Xhn); + + &reduction_alg5 ($Xhi,$Xi); + + &movdqa ($T3,&QWP(0,$const)); + &test ($len,$len); + &jnz (&label("done")); + + &movdqu ($Hkey,&QWP(0,$Htbl)); # load H +&set_label("odd_tail"); + &movdqu ($T1,&QWP(0,$inp)); # Ii + &pshufb ($T1,$T3); + &pxor ($Xi,$T1); # Ii+Xi + + &clmul64x64_T3 ($Xhi,$Xi,$Hkey); # H*(Ii+Xi) + &reduction_alg5 ($Xhi,$Xi); + + &movdqa ($T3,&QWP(0,$const)); +&set_label("done"); + &pshufb ($Xi,$T3); + &movdqu (&QWP(0,$Xip),$Xi); +&function_end("gcm_ghash_clmul"); + +} + +&set_label("bswap",64); + &data_byte(15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0); + &data_byte(1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0xc2); # 0x1c2_polynomial +}} # $sse2 + +&set_label("rem_4bit",64); + &data_word(0,0x0000<<$S,0,0x1C20<<$S,0,0x3840<<$S,0,0x2460<<$S); + &data_word(0,0x7080<<$S,0,0x6CA0<<$S,0,0x48C0<<$S,0,0x54E0<<$S); + &data_word(0,0xE100<<$S,0,0xFD20<<$S,0,0xD940<<$S,0,0xC560<<$S); + &data_word(0,0x9180<<$S,0,0x8DA0<<$S,0,0xA9C0<<$S,0,0xB5E0<<$S); +&set_label("rem_8bit",64); + &data_short(0x0000,0x01C2,0x0384,0x0246,0x0708,0x06CA,0x048C,0x054E); + &data_short(0x0E10,0x0FD2,0x0D94,0x0C56,0x0918,0x08DA,0x0A9C,0x0B5E); + &data_short(0x1C20,0x1DE2,0x1FA4,0x1E66,0x1B28,0x1AEA,0x18AC,0x196E); + &data_short(0x1230,0x13F2,0x11B4,0x1076,0x1538,0x14FA,0x16BC,0x177E); + &data_short(0x3840,0x3982,0x3BC4,0x3A06,0x3F48,0x3E8A,0x3CCC,0x3D0E); + &data_short(0x3650,0x3792,0x35D4,0x3416,0x3158,0x309A,0x32DC,0x331E); + &data_short(0x2460,0x25A2,0x27E4,0x2626,0x2368,0x22AA,0x20EC,0x212E); + &data_short(0x2A70,0x2BB2,0x29F4,0x2836,0x2D78,0x2CBA,0x2EFC,0x2F3E); + &data_short(0x7080,0x7142,0x7304,0x72C6,0x7788,0x764A,0x740C,0x75CE); + &data_short(0x7E90,0x7F52,0x7D14,0x7CD6,0x7998,0x785A,0x7A1C,0x7BDE); + &data_short(0x6CA0,0x6D62,0x6F24,0x6EE6,0x6BA8,0x6A6A,0x682C,0x69EE); + &data_short(0x62B0,0x6372,0x6134,0x60F6,0x65B8,0x647A,0x663C,0x67FE); + &data_short(0x48C0,0x4902,0x4B44,0x4A86,0x4FC8,0x4E0A,0x4C4C,0x4D8E); + &data_short(0x46D0,0x4712,0x4554,0x4496,0x41D8,0x401A,0x425C,0x439E); + &data_short(0x54E0,0x5522,0x5764,0x56A6,0x53E8,0x522A,0x506C,0x51AE); + &data_short(0x5AF0,0x5B32,0x5974,0x58B6,0x5DF8,0x5C3A,0x5E7C,0x5FBE); + &data_short(0xE100,0xE0C2,0xE284,0xE346,0xE608,0xE7CA,0xE58C,0xE44E); + &data_short(0xEF10,0xEED2,0xEC94,0xED56,0xE818,0xE9DA,0xEB9C,0xEA5E); + &data_short(0xFD20,0xFCE2,0xFEA4,0xFF66,0xFA28,0xFBEA,0xF9AC,0xF86E); + &data_short(0xF330,0xF2F2,0xF0B4,0xF176,0xF438,0xF5FA,0xF7BC,0xF67E); + &data_short(0xD940,0xD882,0xDAC4,0xDB06,0xDE48,0xDF8A,0xDDCC,0xDC0E); + &data_short(0xD750,0xD692,0xD4D4,0xD516,0xD058,0xD19A,0xD3DC,0xD21E); + &data_short(0xC560,0xC4A2,0xC6E4,0xC726,0xC268,0xC3AA,0xC1EC,0xC02E); + &data_short(0xCB70,0xCAB2,0xC8F4,0xC936,0xCC78,0xCDBA,0xCFFC,0xCE3E); + &data_short(0x9180,0x9042,0x9204,0x93C6,0x9688,0x974A,0x950C,0x94CE); + &data_short(0x9F90,0x9E52,0x9C14,0x9DD6,0x9898,0x995A,0x9B1C,0x9ADE); + &data_short(0x8DA0,0x8C62,0x8E24,0x8FE6,0x8AA8,0x8B6A,0x892C,0x88EE); + &data_short(0x83B0,0x8272,0x8034,0x81F6,0x84B8,0x857A,0x873C,0x86FE); + &data_short(0xA9C0,0xA802,0xAA44,0xAB86,0xAEC8,0xAF0A,0xAD4C,0xAC8E); + &data_short(0xA7D0,0xA612,0xA454,0xA596,0xA0D8,0xA11A,0xA35C,0xA29E); + &data_short(0xB5E0,0xB422,0xB664,0xB7A6,0xB2E8,0xB32A,0xB16C,0xB0AE); + &data_short(0xBBF0,0xBA32,0xB874,0xB9B6,0xBCF8,0xBD3A,0xBF7C,0xBEBE); +}}} # !$x86only + +&asciz("GHASH for x86, CRYPTOGAMS by "); +&asm_finish(); + +# A question was risen about choice of vanilla MMX. Or rather why wasn't +# SSE2 chosen instead? In addition to the fact that MMX runs on legacy +# CPUs such as PIII, "4-bit" MMX version was observed to provide better +# performance than *corresponding* SSE2 one even on contemporary CPUs. +# SSE2 results were provided by Peter-Michael Hager. He maintains SSE2 +# implementation featuring full range of lookup-table sizes, but with +# per-invocation lookup table setup. Latter means that table size is +# chosen depending on how much data is to be hashed in every given call, +# more data - larger table. Best reported result for Core2 is ~4 cycles +# per processed byte out of 64KB block. This number accounts even for +# 64KB table setup overhead. As discussed in gcm128.c we choose to be +# more conservative in respect to lookup table sizes, but how do the +# results compare? Minimalistic "256B" MMX version delivers ~11 cycles +# on same platform. As also discussed in gcm128.c, next in line "8-bit +# Shoup's" or "4KB" method should deliver twice the performance of +# "256B" one, in other words not worse than ~6 cycles per byte. It +# should be also be noted that in SSE2 case improvement can be "super- +# linear," i.e. more than twice, mostly because >>8 maps to single +# instruction on SSE2 register. This is unlike "4-bit" case when >>4 +# maps to same amount of instructions in both MMX and SSE2 cases. +# Bottom line is that switch to SSE2 is considered to be justifiable +# only in case we choose to implement "8-bit" method... diff --git a/src/lib/libcrypto/modes/asm/ghash-x86_64.pl b/src/lib/libcrypto/modes/asm/ghash-x86_64.pl new file mode 100644 index 00000000000..38d779edbcf --- /dev/null +++ b/src/lib/libcrypto/modes/asm/ghash-x86_64.pl @@ -0,0 +1,806 @@ +#!/usr/bin/env perl +# +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== +# +# March, June 2010 +# +# The module implements "4-bit" GCM GHASH function and underlying +# single multiplication operation in GF(2^128). "4-bit" means that +# it uses 256 bytes per-key table [+128 bytes shared table]. GHASH +# function features so called "528B" variant utilizing additional +# 256+16 bytes of per-key storage [+512 bytes shared table]. +# Performance results are for this streamed GHASH subroutine and are +# expressed in cycles per processed byte, less is better: +# +# gcc 3.4.x(*) assembler +# +# P4 28.6 14.0 +100% +# Opteron 19.3 7.7 +150% +# Core2 17.8 8.1(**) +120% +# +# (*) comparison is not completely fair, because C results are +# for vanilla "256B" implementation, while assembler results +# are for "528B";-) +# (**) it's mystery [to me] why Core2 result is not same as for +# Opteron; + +# May 2010 +# +# Add PCLMULQDQ version performing at 2.02 cycles per processed byte. +# See ghash-x86.pl for background information and details about coding +# techniques. +# +# Special thanks to David Woodhouse for +# providing access to a Westmere-based system on behalf of Intel +# Open Source Technology Centre. + +$flavour = shift; +$output = shift; +if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } + +$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or +die "can't locate x86_64-xlate.pl"; + +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; + +# common register layout +$nlo="%rax"; +$nhi="%rbx"; +$Zlo="%r8"; +$Zhi="%r9"; +$tmp="%r10"; +$rem_4bit = "%r11"; + +$Xi="%rdi"; +$Htbl="%rsi"; + +# per-function register layout +$cnt="%rcx"; +$rem="%rdx"; + +sub LB() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1l/ or + $r =~ s/%[er]([sd]i)/%\1l/ or + $r =~ s/%[er](bp)/%\1l/ or + $r =~ s/%(r[0-9]+)[d]?/%\1b/; $r; } + +sub AUTOLOAD() # thunk [simplified] 32-bit style perlasm +{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://; + my $arg = pop; + $arg = "\$$arg" if ($arg*1 eq $arg); + $code .= "\t$opcode\t".join(',',$arg,reverse @_)."\n"; +} + +{ my $N; + sub loop() { + my $inp = shift; + + $N++; +$code.=<<___; + xor $nlo,$nlo + xor $nhi,$nhi + mov `&LB("$Zlo")`,`&LB("$nlo")` + mov `&LB("$Zlo")`,`&LB("$nhi")` + shl \$4,`&LB("$nlo")` + mov \$14,$cnt + mov 8($Htbl,$nlo),$Zlo + mov ($Htbl,$nlo),$Zhi + and \$0xf0,`&LB("$nhi")` + mov $Zlo,$rem + jmp .Loop$N + +.align 16 +.Loop$N: + shr \$4,$Zlo + and \$0xf,$rem + mov $Zhi,$tmp + mov ($inp,$cnt),`&LB("$nlo")` + shr \$4,$Zhi + xor 8($Htbl,$nhi),$Zlo + shl \$60,$tmp + xor ($Htbl,$nhi),$Zhi + mov `&LB("$nlo")`,`&LB("$nhi")` + xor ($rem_4bit,$rem,8),$Zhi + mov $Zlo,$rem + shl \$4,`&LB("$nlo")` + xor $tmp,$Zlo + dec $cnt + js .Lbreak$N + + shr \$4,$Zlo + and \$0xf,$rem + mov $Zhi,$tmp + shr \$4,$Zhi + xor 8($Htbl,$nlo),$Zlo + shl \$60,$tmp + xor ($Htbl,$nlo),$Zhi + and \$0xf0,`&LB("$nhi")` + xor ($rem_4bit,$rem,8),$Zhi + mov $Zlo,$rem + xor $tmp,$Zlo + jmp .Loop$N + +.align 16 +.Lbreak$N: + shr \$4,$Zlo + and \$0xf,$rem + mov $Zhi,$tmp + shr \$4,$Zhi + xor 8($Htbl,$nlo),$Zlo + shl \$60,$tmp + xor ($Htbl,$nlo),$Zhi + and \$0xf0,`&LB("$nhi")` + xor ($rem_4bit,$rem,8),$Zhi + mov $Zlo,$rem + xor $tmp,$Zlo + + shr \$4,$Zlo + and \$0xf,$rem + mov $Zhi,$tmp + shr \$4,$Zhi + xor 8($Htbl,$nhi),$Zlo + shl \$60,$tmp + xor ($Htbl,$nhi),$Zhi + xor $tmp,$Zlo + xor ($rem_4bit,$rem,8),$Zhi + + bswap $Zlo + bswap $Zhi +___ +}} + +$code=<<___; +.text + +.globl gcm_gmult_4bit +.type gcm_gmult_4bit,\@function,2 +.align 16 +gcm_gmult_4bit: + push %rbx + push %rbp # %rbp and %r12 are pushed exclusively in + push %r12 # order to reuse Win64 exception handler... +.Lgmult_prologue: + + movzb 15($Xi),$Zlo + lea .Lrem_4bit(%rip),$rem_4bit +___ + &loop ($Xi); +$code.=<<___; + mov $Zlo,8($Xi) + mov $Zhi,($Xi) + + mov 16(%rsp),%rbx + lea 24(%rsp),%rsp +.Lgmult_epilogue: + ret +.size gcm_gmult_4bit,.-gcm_gmult_4bit +___ + +# per-function register layout +$inp="%rdx"; +$len="%rcx"; +$rem_8bit=$rem_4bit; + +$code.=<<___; +.globl gcm_ghash_4bit +.type gcm_ghash_4bit,\@function,4 +.align 16 +gcm_ghash_4bit: + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + sub \$280,%rsp +.Lghash_prologue: + mov $inp,%r14 # reassign couple of args + mov $len,%r15 +___ +{ my $inp="%r14"; + my $dat="%edx"; + my $len="%r15"; + my @nhi=("%ebx","%ecx"); + my @rem=("%r12","%r13"); + my $Hshr4="%rbp"; + + &sub ($Htbl,-128); # size optimization + &lea ($Hshr4,"16+128(%rsp)"); + { my @lo =($nlo,$nhi); + my @hi =($Zlo,$Zhi); + + &xor ($dat,$dat); + for ($i=0,$j=-2;$i<18;$i++,$j++) { + &mov ("$j(%rsp)",&LB($dat)) if ($i>1); + &or ($lo[0],$tmp) if ($i>1); + &mov (&LB($dat),&LB($lo[1])) if ($i>0 && $i<17); + &shr ($lo[1],4) if ($i>0 && $i<17); + &mov ($tmp,$hi[1]) if ($i>0 && $i<17); + &shr ($hi[1],4) if ($i>0 && $i<17); + &mov ("8*$j($Hshr4)",$hi[0]) if ($i>1); + &mov ($hi[0],"16*$i+0-128($Htbl)") if ($i<16); + &shl (&LB($dat),4) if ($i>0 && $i<17); + &mov ("8*$j-128($Hshr4)",$lo[0]) if ($i>1); + &mov ($lo[0],"16*$i+8-128($Htbl)") if ($i<16); + &shl ($tmp,60) if ($i>0 && $i<17); + + push (@lo,shift(@lo)); + push (@hi,shift(@hi)); + } + } + &add ($Htbl,-128); + &mov ($Zlo,"8($Xi)"); + &mov ($Zhi,"0($Xi)"); + &add ($len,$inp); # pointer to the end of data + &lea ($rem_8bit,".Lrem_8bit(%rip)"); + &jmp (".Louter_loop"); + +$code.=".align 16\n.Louter_loop:\n"; + &xor ($Zhi,"($inp)"); + &mov ("%rdx","8($inp)"); + &lea ($inp,"16($inp)"); + &xor ("%rdx",$Zlo); + &mov ("($Xi)",$Zhi); + &mov ("8($Xi)","%rdx"); + &shr ("%rdx",32); + + &xor ($nlo,$nlo); + &rol ($dat,8); + &mov (&LB($nlo),&LB($dat)); + &movz ($nhi[0],&LB($dat)); + &shl (&LB($nlo),4); + &shr ($nhi[0],4); + + for ($j=11,$i=0;$i<15;$i++) { + &rol ($dat,8); + &xor ($Zlo,"8($Htbl,$nlo)") if ($i>0); + &xor ($Zhi,"($Htbl,$nlo)") if ($i>0); + &mov ($Zlo,"8($Htbl,$nlo)") if ($i==0); + &mov ($Zhi,"($Htbl,$nlo)") if ($i==0); + + &mov (&LB($nlo),&LB($dat)); + &xor ($Zlo,$tmp) if ($i>0); + &movzw ($rem[1],"($rem_8bit,$rem[1],2)") if ($i>0); + + &movz ($nhi[1],&LB($dat)); + &shl (&LB($nlo),4); + &movzb ($rem[0],"(%rsp,$nhi[0])"); + + &shr ($nhi[1],4) if ($i<14); + &and ($nhi[1],0xf0) if ($i==14); + &shl ($rem[1],48) if ($i>0); + &xor ($rem[0],$Zlo); + + &mov ($tmp,$Zhi); + &xor ($Zhi,$rem[1]) if ($i>0); + &shr ($Zlo,8); + + &movz ($rem[0],&LB($rem[0])); + &mov ($dat,"$j($Xi)") if (--$j%4==0); + &shr ($Zhi,8); + + &xor ($Zlo,"-128($Hshr4,$nhi[0],8)"); + &shl ($tmp,56); + &xor ($Zhi,"($Hshr4,$nhi[0],8)"); + + unshift (@nhi,pop(@nhi)); # "rotate" registers + unshift (@rem,pop(@rem)); + } + &movzw ($rem[1],"($rem_8bit,$rem[1],2)"); + &xor ($Zlo,"8($Htbl,$nlo)"); + &xor ($Zhi,"($Htbl,$nlo)"); + + &shl ($rem[1],48); + &xor ($Zlo,$tmp); + + &xor ($Zhi,$rem[1]); + &movz ($rem[0],&LB($Zlo)); + &shr ($Zlo,4); + + &mov ($tmp,$Zhi); + &shl (&LB($rem[0]),4); + &shr ($Zhi,4); + + &xor ($Zlo,"8($Htbl,$nhi[0])"); + &movzw ($rem[0],"($rem_8bit,$rem[0],2)"); + &shl ($tmp,60); + + &xor ($Zhi,"($Htbl,$nhi[0])"); + &xor ($Zlo,$tmp); + &shl ($rem[0],48); + + &bswap ($Zlo); + &xor ($Zhi,$rem[0]); + + &bswap ($Zhi); + &cmp ($inp,$len); + &jb (".Louter_loop"); +} +$code.=<<___; + mov $Zlo,8($Xi) + mov $Zhi,($Xi) + + lea 280(%rsp),%rsi + mov 0(%rsi),%r15 + mov 8(%rsi),%r14 + mov 16(%rsi),%r13 + mov 24(%rsi),%r12 + mov 32(%rsi),%rbp + mov 40(%rsi),%rbx + lea 48(%rsi),%rsp +.Lghash_epilogue: + ret +.size gcm_ghash_4bit,.-gcm_ghash_4bit +___ + +###################################################################### +# PCLMULQDQ version. + +@_4args=$win64? ("%rcx","%rdx","%r8", "%r9") : # Win64 order + ("%rdi","%rsi","%rdx","%rcx"); # Unix order + +($Xi,$Xhi)=("%xmm0","%xmm1"); $Hkey="%xmm2"; +($T1,$T2,$T3)=("%xmm3","%xmm4","%xmm5"); + +sub clmul64x64_T2 { # minimal register pressure +my ($Xhi,$Xi,$Hkey,$modulo)=@_; + +$code.=<<___ if (!defined($modulo)); + movdqa $Xi,$Xhi # + pshufd \$0b01001110,$Xi,$T1 + pshufd \$0b01001110,$Hkey,$T2 + pxor $Xi,$T1 # + pxor $Hkey,$T2 +___ +$code.=<<___; + pclmulqdq \$0x00,$Hkey,$Xi ####### + pclmulqdq \$0x11,$Hkey,$Xhi ####### + pclmulqdq \$0x00,$T2,$T1 ####### + pxor $Xi,$T1 # + pxor $Xhi,$T1 # + + movdqa $T1,$T2 # + psrldq \$8,$T1 + pslldq \$8,$T2 # + pxor $T1,$Xhi + pxor $T2,$Xi # +___ +} + +sub reduction_alg9 { # 17/13 times faster than Intel version +my ($Xhi,$Xi) = @_; + +$code.=<<___; + # 1st phase + movdqa $Xi,$T1 # + psllq \$1,$Xi + pxor $T1,$Xi # + psllq \$5,$Xi # + pxor $T1,$Xi # + psllq \$57,$Xi # + movdqa $Xi,$T2 # + pslldq \$8,$Xi + psrldq \$8,$T2 # + pxor $T1,$Xi + pxor $T2,$Xhi # + + # 2nd phase + movdqa $Xi,$T2 + psrlq \$5,$Xi + pxor $T2,$Xi # + psrlq \$1,$Xi # + pxor $T2,$Xi # + pxor $Xhi,$T2 + psrlq \$1,$Xi # + pxor $T2,$Xi # +___ +} + +{ my ($Htbl,$Xip)=@_4args; + +$code.=<<___; +.globl gcm_init_clmul +.type gcm_init_clmul,\@abi-omnipotent +.align 16 +gcm_init_clmul: + movdqu ($Xip),$Hkey + pshufd \$0b01001110,$Hkey,$Hkey # dword swap + + # <<1 twist + pshufd \$0b11111111,$Hkey,$T2 # broadcast uppermost dword + movdqa $Hkey,$T1 + psllq \$1,$Hkey + pxor $T3,$T3 # + psrlq \$63,$T1 + pcmpgtd $T2,$T3 # broadcast carry bit + pslldq \$8,$T1 + por $T1,$Hkey # H<<=1 + + # magic reduction + pand .L0x1c2_polynomial(%rip),$T3 + pxor $T3,$Hkey # if(carry) H^=0x1c2_polynomial + + # calculate H^2 + movdqa $Hkey,$Xi +___ + &clmul64x64_T2 ($Xhi,$Xi,$Hkey); + &reduction_alg9 ($Xhi,$Xi); +$code.=<<___; + movdqu $Hkey,($Htbl) # save H + movdqu $Xi,16($Htbl) # save H^2 + ret +.size gcm_init_clmul,.-gcm_init_clmul +___ +} + +{ my ($Xip,$Htbl)=@_4args; + +$code.=<<___; +.globl gcm_gmult_clmul +.type gcm_gmult_clmul,\@abi-omnipotent +.align 16 +gcm_gmult_clmul: + movdqu ($Xip),$Xi + movdqa .Lbswap_mask(%rip),$T3 + movdqu ($Htbl),$Hkey + pshufb $T3,$Xi +___ + &clmul64x64_T2 ($Xhi,$Xi,$Hkey); + &reduction_alg9 ($Xhi,$Xi); +$code.=<<___; + pshufb $T3,$Xi + movdqu $Xi,($Xip) + ret +.size gcm_gmult_clmul,.-gcm_gmult_clmul +___ +} + +{ my ($Xip,$Htbl,$inp,$len)=@_4args; + my $Xn="%xmm6"; + my $Xhn="%xmm7"; + my $Hkey2="%xmm8"; + my $T1n="%xmm9"; + my $T2n="%xmm10"; + +$code.=<<___; +.globl gcm_ghash_clmul +.type gcm_ghash_clmul,\@abi-omnipotent +.align 16 +gcm_ghash_clmul: +___ +$code.=<<___ if ($win64); +.LSEH_begin_gcm_ghash_clmul: + # I can't trust assembler to use specific encoding:-( + .byte 0x48,0x83,0xec,0x58 #sub \$0x58,%rsp + .byte 0x0f,0x29,0x34,0x24 #movaps %xmm6,(%rsp) + .byte 0x0f,0x29,0x7c,0x24,0x10 #movdqa %xmm7,0x10(%rsp) + .byte 0x44,0x0f,0x29,0x44,0x24,0x20 #movaps %xmm8,0x20(%rsp) + .byte 0x44,0x0f,0x29,0x4c,0x24,0x30 #movaps %xmm9,0x30(%rsp) + .byte 0x44,0x0f,0x29,0x54,0x24,0x40 #movaps %xmm10,0x40(%rsp) +___ +$code.=<<___; + movdqa .Lbswap_mask(%rip),$T3 + + movdqu ($Xip),$Xi + movdqu ($Htbl),$Hkey + pshufb $T3,$Xi + + sub \$0x10,$len + jz .Lodd_tail + + movdqu 16($Htbl),$Hkey2 + ####### + # Xi+2 =[H*(Ii+1 + Xi+1)] mod P = + # [(H*Ii+1) + (H*Xi+1)] mod P = + # [(H*Ii+1) + H^2*(Ii+Xi)] mod P + # + movdqu ($inp),$T1 # Ii + movdqu 16($inp),$Xn # Ii+1 + pshufb $T3,$T1 + pshufb $T3,$Xn + pxor $T1,$Xi # Ii+Xi +___ + &clmul64x64_T2 ($Xhn,$Xn,$Hkey); # H*Ii+1 +$code.=<<___; + movdqa $Xi,$Xhi # + pshufd \$0b01001110,$Xi,$T1 + pshufd \$0b01001110,$Hkey2,$T2 + pxor $Xi,$T1 # + pxor $Hkey2,$T2 + + lea 32($inp),$inp # i+=2 + sub \$0x20,$len + jbe .Leven_tail + +.Lmod_loop: +___ + &clmul64x64_T2 ($Xhi,$Xi,$Hkey2,1); # H^2*(Ii+Xi) +$code.=<<___; + movdqu ($inp),$T1 # Ii + pxor $Xn,$Xi # (H*Ii+1) + H^2*(Ii+Xi) + pxor $Xhn,$Xhi + + movdqu 16($inp),$Xn # Ii+1 + pshufb $T3,$T1 + pshufb $T3,$Xn + + movdqa $Xn,$Xhn # + pshufd \$0b01001110,$Xn,$T1n + pshufd \$0b01001110,$Hkey,$T2n + pxor $Xn,$T1n # + pxor $Hkey,$T2n + pxor $T1,$Xhi # "Ii+Xi", consume early + + movdqa $Xi,$T1 # 1st phase + psllq \$1,$Xi + pxor $T1,$Xi # + psllq \$5,$Xi # + pxor $T1,$Xi # + pclmulqdq \$0x00,$Hkey,$Xn ####### + psllq \$57,$Xi # + movdqa $Xi,$T2 # + pslldq \$8,$Xi + psrldq \$8,$T2 # + pxor $T1,$Xi + pxor $T2,$Xhi # + + pclmulqdq \$0x11,$Hkey,$Xhn ####### + movdqa $Xi,$T2 # 2nd phase + psrlq \$5,$Xi + pxor $T2,$Xi # + psrlq \$1,$Xi # + pxor $T2,$Xi # + pxor $Xhi,$T2 + psrlq \$1,$Xi # + pxor $T2,$Xi # + + pclmulqdq \$0x00,$T2n,$T1n ####### + movdqa $Xi,$Xhi # + pshufd \$0b01001110,$Xi,$T1 + pshufd \$0b01001110,$Hkey2,$T2 + pxor $Xi,$T1 # + pxor $Hkey2,$T2 + + pxor $Xn,$T1n # + pxor $Xhn,$T1n # + movdqa $T1n,$T2n # + psrldq \$8,$T1n + pslldq \$8,$T2n # + pxor $T1n,$Xhn + pxor $T2n,$Xn # + + lea 32($inp),$inp + sub \$0x20,$len + ja .Lmod_loop + +.Leven_tail: +___ + &clmul64x64_T2 ($Xhi,$Xi,$Hkey2,1); # H^2*(Ii+Xi) +$code.=<<___; + pxor $Xn,$Xi # (H*Ii+1) + H^2*(Ii+Xi) + pxor $Xhn,$Xhi +___ + &reduction_alg9 ($Xhi,$Xi); +$code.=<<___; + test $len,$len + jnz .Ldone + +.Lodd_tail: + movdqu ($inp),$T1 # Ii + pshufb $T3,$T1 + pxor $T1,$Xi # Ii+Xi +___ + &clmul64x64_T2 ($Xhi,$Xi,$Hkey); # H*(Ii+Xi) + &reduction_alg9 ($Xhi,$Xi); +$code.=<<___; +.Ldone: + pshufb $T3,$Xi + movdqu $Xi,($Xip) +___ +$code.=<<___ if ($win64); + movaps (%rsp),%xmm6 + movaps 0x10(%rsp),%xmm7 + movaps 0x20(%rsp),%xmm8 + movaps 0x30(%rsp),%xmm9 + movaps 0x40(%rsp),%xmm10 + add \$0x58,%rsp +___ +$code.=<<___; + ret +.LSEH_end_gcm_ghash_clmul: +.size gcm_ghash_clmul,.-gcm_ghash_clmul +___ +} + +$code.=<<___; +.align 64 +.Lbswap_mask: + .byte 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0 +.L0x1c2_polynomial: + .byte 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0xc2 +.align 64 +.type .Lrem_4bit,\@object +.Lrem_4bit: + .long 0,`0x0000<<16`,0,`0x1C20<<16`,0,`0x3840<<16`,0,`0x2460<<16` + .long 0,`0x7080<<16`,0,`0x6CA0<<16`,0,`0x48C0<<16`,0,`0x54E0<<16` + .long 0,`0xE100<<16`,0,`0xFD20<<16`,0,`0xD940<<16`,0,`0xC560<<16` + .long 0,`0x9180<<16`,0,`0x8DA0<<16`,0,`0xA9C0<<16`,0,`0xB5E0<<16` +.type .Lrem_8bit,\@object +.Lrem_8bit: + .value 0x0000,0x01C2,0x0384,0x0246,0x0708,0x06CA,0x048C,0x054E + .value 0x0E10,0x0FD2,0x0D94,0x0C56,0x0918,0x08DA,0x0A9C,0x0B5E + .value 0x1C20,0x1DE2,0x1FA4,0x1E66,0x1B28,0x1AEA,0x18AC,0x196E + .value 0x1230,0x13F2,0x11B4,0x1076,0x1538,0x14FA,0x16BC,0x177E + .value 0x3840,0x3982,0x3BC4,0x3A06,0x3F48,0x3E8A,0x3CCC,0x3D0E + .value 0x3650,0x3792,0x35D4,0x3416,0x3158,0x309A,0x32DC,0x331E + .value 0x2460,0x25A2,0x27E4,0x2626,0x2368,0x22AA,0x20EC,0x212E + .value 0x2A70,0x2BB2,0x29F4,0x2836,0x2D78,0x2CBA,0x2EFC,0x2F3E + .value 0x7080,0x7142,0x7304,0x72C6,0x7788,0x764A,0x740C,0x75CE + .value 0x7E90,0x7F52,0x7D14,0x7CD6,0x7998,0x785A,0x7A1C,0x7BDE + .value 0x6CA0,0x6D62,0x6F24,0x6EE6,0x6BA8,0x6A6A,0x682C,0x69EE + .value 0x62B0,0x6372,0x6134,0x60F6,0x65B8,0x647A,0x663C,0x67FE + .value 0x48C0,0x4902,0x4B44,0x4A86,0x4FC8,0x4E0A,0x4C4C,0x4D8E + .value 0x46D0,0x4712,0x4554,0x4496,0x41D8,0x401A,0x425C,0x439E + .value 0x54E0,0x5522,0x5764,0x56A6,0x53E8,0x522A,0x506C,0x51AE + .value 0x5AF0,0x5B32,0x5974,0x58B6,0x5DF8,0x5C3A,0x5E7C,0x5FBE + .value 0xE100,0xE0C2,0xE284,0xE346,0xE608,0xE7CA,0xE58C,0xE44E + .value 0xEF10,0xEED2,0xEC94,0xED56,0xE818,0xE9DA,0xEB9C,0xEA5E + .value 0xFD20,0xFCE2,0xFEA4,0xFF66,0xFA28,0xFBEA,0xF9AC,0xF86E + .value 0xF330,0xF2F2,0xF0B4,0xF176,0xF438,0xF5FA,0xF7BC,0xF67E + .value 0xD940,0xD882,0xDAC4,0xDB06,0xDE48,0xDF8A,0xDDCC,0xDC0E + .value 0xD750,0xD692,0xD4D4,0xD516,0xD058,0xD19A,0xD3DC,0xD21E + .value 0xC560,0xC4A2,0xC6E4,0xC726,0xC268,0xC3AA,0xC1EC,0xC02E + .value 0xCB70,0xCAB2,0xC8F4,0xC936,0xCC78,0xCDBA,0xCFFC,0xCE3E + .value 0x9180,0x9042,0x9204,0x93C6,0x9688,0x974A,0x950C,0x94CE + .value 0x9F90,0x9E52,0x9C14,0x9DD6,0x9898,0x995A,0x9B1C,0x9ADE + .value 0x8DA0,0x8C62,0x8E24,0x8FE6,0x8AA8,0x8B6A,0x892C,0x88EE + .value 0x83B0,0x8272,0x8034,0x81F6,0x84B8,0x857A,0x873C,0x86FE + .value 0xA9C0,0xA802,0xAA44,0xAB86,0xAEC8,0xAF0A,0xAD4C,0xAC8E + .value 0xA7D0,0xA612,0xA454,0xA596,0xA0D8,0xA11A,0xA35C,0xA29E + .value 0xB5E0,0xB422,0xB664,0xB7A6,0xB2E8,0xB32A,0xB16C,0xB0AE + .value 0xBBF0,0xBA32,0xB874,0xB9B6,0xBCF8,0xBD3A,0xBF7C,0xBEBE + +.asciz "GHASH for x86_64, CRYPTOGAMS by " +.align 64 +___ + +# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, +# CONTEXT *context,DISPATCHER_CONTEXT *disp) +if ($win64) { +$rec="%rcx"; +$frame="%rdx"; +$context="%r8"; +$disp="%r9"; + +$code.=<<___; +.extern __imp_RtlVirtualUnwind +.type se_handler,\@abi-omnipotent +.align 16 +se_handler: + push %rsi + push %rdi + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + pushfq + sub \$64,%rsp + + mov 120($context),%rax # pull context->Rax + mov 248($context),%rbx # pull context->Rip + + mov 8($disp),%rsi # disp->ImageBase + mov 56($disp),%r11 # disp->HandlerData + + mov 0(%r11),%r10d # HandlerData[0] + lea (%rsi,%r10),%r10 # prologue label + cmp %r10,%rbx # context->RipRsp + + mov 4(%r11),%r10d # HandlerData[1] + lea (%rsi,%r10),%r10 # epilogue label + cmp %r10,%rbx # context->Rip>=epilogue label + jae .Lin_prologue + + lea 24(%rax),%rax # adjust "rsp" + + mov -8(%rax),%rbx + mov -16(%rax),%rbp + mov -24(%rax),%r12 + mov %rbx,144($context) # restore context->Rbx + mov %rbp,160($context) # restore context->Rbp + mov %r12,216($context) # restore context->R12 + +.Lin_prologue: + mov 8(%rax),%rdi + mov 16(%rax),%rsi + mov %rax,152($context) # restore context->Rsp + mov %rsi,168($context) # restore context->Rsi + mov %rdi,176($context) # restore context->Rdi + + mov 40($disp),%rdi # disp->ContextRecord + mov $context,%rsi # context + mov \$`1232/8`,%ecx # sizeof(CONTEXT) + .long 0xa548f3fc # cld; rep movsq + + mov $disp,%rsi + xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER + mov 8(%rsi),%rdx # arg2, disp->ImageBase + mov 0(%rsi),%r8 # arg3, disp->ControlPc + mov 16(%rsi),%r9 # arg4, disp->FunctionEntry + mov 40(%rsi),%r10 # disp->ContextRecord + lea 56(%rsi),%r11 # &disp->HandlerData + lea 24(%rsi),%r12 # &disp->EstablisherFrame + mov %r10,32(%rsp) # arg5 + mov %r11,40(%rsp) # arg6 + mov %r12,48(%rsp) # arg7 + mov %rcx,56(%rsp) # arg8, (NULL) + call *__imp_RtlVirtualUnwind(%rip) + + mov \$1,%eax # ExceptionContinueSearch + add \$64,%rsp + popfq + pop %r15 + pop %r14 + pop %r13 + pop %r12 + pop %rbp + pop %rbx + pop %rdi + pop %rsi + ret +.size se_handler,.-se_handler + +.section .pdata +.align 4 + .rva .LSEH_begin_gcm_gmult_4bit + .rva .LSEH_end_gcm_gmult_4bit + .rva .LSEH_info_gcm_gmult_4bit + + .rva .LSEH_begin_gcm_ghash_4bit + .rva .LSEH_end_gcm_ghash_4bit + .rva .LSEH_info_gcm_ghash_4bit + + .rva .LSEH_begin_gcm_ghash_clmul + .rva .LSEH_end_gcm_ghash_clmul + .rva .LSEH_info_gcm_ghash_clmul + +.section .xdata +.align 8 +.LSEH_info_gcm_gmult_4bit: + .byte 9,0,0,0 + .rva se_handler + .rva .Lgmult_prologue,.Lgmult_epilogue # HandlerData +.LSEH_info_gcm_ghash_4bit: + .byte 9,0,0,0 + .rva se_handler + .rva .Lghash_prologue,.Lghash_epilogue # HandlerData +.LSEH_info_gcm_ghash_clmul: + .byte 0x01,0x1f,0x0b,0x00 + .byte 0x1f,0xa8,0x04,0x00 #movaps 0x40(rsp),xmm10 + .byte 0x19,0x98,0x03,0x00 #movaps 0x30(rsp),xmm9 + .byte 0x13,0x88,0x02,0x00 #movaps 0x20(rsp),xmm8 + .byte 0x0d,0x78,0x01,0x00 #movaps 0x10(rsp),xmm7 + .byte 0x08,0x68,0x00,0x00 #movaps (rsp),xmm6 + .byte 0x04,0xa2,0x00,0x00 #sub rsp,0x58 +___ +} + +$code =~ s/\`([^\`]*)\`/eval($1)/gem; + +print $code; + +close STDOUT; diff --git a/src/lib/libcrypto/modes/cbc128.c b/src/lib/libcrypto/modes/cbc128.c new file mode 100644 index 00000000000..fe45103b0ca --- /dev/null +++ b/src/lib/libcrypto/modes/cbc128.c @@ -0,0 +1,202 @@ +/* $OpenBSD: cbc128.c,v 1.4 2015/02/10 09:46:30 miod Exp $ */ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ + +#include +#include "modes_lcl.h" +#include + +#ifndef MODES_DEBUG +# ifndef NDEBUG +# define NDEBUG +# endif +#endif + +#undef STRICT_ALIGNMENT +#ifdef __STRICT_ALIGNMENT +#define STRICT_ALIGNMENT 1 +#else +#define STRICT_ALIGNMENT 0 +#endif + +void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], block128_f block) +{ + size_t n; + const unsigned char *iv = ivec; + +#if !defined(OPENSSL_SMALL_FOOTPRINT) + if (STRICT_ALIGNMENT && + ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0) { + while (len>=16) { + for(n=0; n<16; ++n) + out[n] = in[n] ^ iv[n]; + (*block)(out, out, key); + iv = out; + len -= 16; + in += 16; + out += 16; + } + } else { + while (len>=16) { + for(n=0; n<16; n+=sizeof(size_t)) + *(size_t*)(out+n) = + *(size_t*)(in+n) ^ *(size_t*)(iv+n); + (*block)(out, out, key); + iv = out; + len -= 16; + in += 16; + out += 16; + } + } +#endif + while (len) { + for(n=0; n<16 && n=16) { + (*block)(in, out, key); + for(n=0; n<16; ++n) + out[n] ^= iv[n]; + iv = in; + len -= 16; + in += 16; + out += 16; + } + } else if (16%sizeof(size_t) == 0) { /* always true */ + while (len>=16) { + size_t *out_t=(size_t *)out, *iv_t=(size_t *)iv; + + (*block)(in, out, key); + for(n=0; n<16/sizeof(size_t); n++) + out_t[n] ^= iv_t[n]; + iv = in; + len -= 16; + in += 16; + out += 16; + } + } + memcpy(ivec,iv,16); + } else { + if (STRICT_ALIGNMENT && + ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0) { + unsigned char c; + while (len>=16) { + (*block)(in, tmp.c, key); + for(n=0; n<16; ++n) { + c = in[n]; + out[n] = tmp.c[n] ^ ivec[n]; + ivec[n] = c; + } + len -= 16; + in += 16; + out += 16; + } + } else if (16%sizeof(size_t) == 0) { /* always true */ + while (len>=16) { + size_t c, *out_t=(size_t *)out, *ivec_t=(size_t *)ivec; + const size_t *in_t=(const size_t *)in; + + (*block)(in, tmp.c, key); + for(n=0; n<16/sizeof(size_t); n++) { + c = in_t[n]; + out_t[n] = tmp.t[n] ^ ivec_t[n]; + ivec_t[n] = c; + } + len -= 16; + in += 16; + out += 16; + } + } + } +#endif + while (len) { + unsigned char c; + (*block)(in, tmp.c, key); + for(n=0; n<16 && n +#include "modes_lcl.h" +#include + +#ifndef MODES_DEBUG +# ifndef NDEBUG +# define NDEBUG +# endif +#endif + +/* First you setup M and L parameters and pass the key schedule. + * This is called once per session setup... */ +void CRYPTO_ccm128_init(CCM128_CONTEXT *ctx, + unsigned int M,unsigned int L,void *key,block128_f block) +{ + memset(ctx->nonce.c,0,sizeof(ctx->nonce.c)); + ctx->nonce.c[0] = ((u8)(L-1)&7) | (u8)(((M-2)/2)&7)<<3; + ctx->blocks = 0; + ctx->block = block; + ctx->key = key; +} + +/* !!! Following interfaces are to be called *once* per packet !!! */ + +/* Then you setup per-message nonce and pass the length of the message */ +int CRYPTO_ccm128_setiv(CCM128_CONTEXT *ctx, + const unsigned char *nonce,size_t nlen,size_t mlen) +{ + unsigned int L = ctx->nonce.c[0]&7; /* the L parameter */ + + if (nlen<(14-L)) return -1; /* nonce is too short */ + + if (sizeof(mlen)==8 && L>=3) { + ctx->nonce.c[8] = (u8)(mlen>>(56%(sizeof(mlen)*8))); + ctx->nonce.c[9] = (u8)(mlen>>(48%(sizeof(mlen)*8))); + ctx->nonce.c[10] = (u8)(mlen>>(40%(sizeof(mlen)*8))); + ctx->nonce.c[11] = (u8)(mlen>>(32%(sizeof(mlen)*8))); + } + else + ctx->nonce.u[1] = 0; + + ctx->nonce.c[12] = (u8)(mlen>>24); + ctx->nonce.c[13] = (u8)(mlen>>16); + ctx->nonce.c[14] = (u8)(mlen>>8); + ctx->nonce.c[15] = (u8)mlen; + + ctx->nonce.c[0] &= ~0x40; /* clear Adata flag */ + memcpy(&ctx->nonce.c[1],nonce,14-L); + + return 0; +} + +/* Then you pass additional authentication data, this is optional */ +void CRYPTO_ccm128_aad(CCM128_CONTEXT *ctx, + const unsigned char *aad,size_t alen) +{ unsigned int i; + block128_f block = ctx->block; + + if (alen==0) return; + + ctx->nonce.c[0] |= 0x40; /* set Adata flag */ + (*block)(ctx->nonce.c,ctx->cmac.c,ctx->key), + ctx->blocks++; + + if (alen<(0x10000-0x100)) { + ctx->cmac.c[0] ^= (u8)(alen>>8); + ctx->cmac.c[1] ^= (u8)alen; + i=2; + } + else if (sizeof(alen)==8 && alen>=(size_t)1<<(32%(sizeof(alen)*8))) { + ctx->cmac.c[0] ^= 0xFF; + ctx->cmac.c[1] ^= 0xFF; + ctx->cmac.c[2] ^= (u8)(alen>>(56%(sizeof(alen)*8))); + ctx->cmac.c[3] ^= (u8)(alen>>(48%(sizeof(alen)*8))); + ctx->cmac.c[4] ^= (u8)(alen>>(40%(sizeof(alen)*8))); + ctx->cmac.c[5] ^= (u8)(alen>>(32%(sizeof(alen)*8))); + ctx->cmac.c[6] ^= (u8)(alen>>24); + ctx->cmac.c[7] ^= (u8)(alen>>16); + ctx->cmac.c[8] ^= (u8)(alen>>8); + ctx->cmac.c[9] ^= (u8)alen; + i=10; + } + else { + ctx->cmac.c[0] ^= 0xFF; + ctx->cmac.c[1] ^= 0xFE; + ctx->cmac.c[2] ^= (u8)(alen>>24); + ctx->cmac.c[3] ^= (u8)(alen>>16); + ctx->cmac.c[4] ^= (u8)(alen>>8); + ctx->cmac.c[5] ^= (u8)alen; + i=6; + } + + do { + for(;i<16 && alen;++i,++aad,--alen) + ctx->cmac.c[i] ^= *aad; + (*block)(ctx->cmac.c,ctx->cmac.c,ctx->key), + ctx->blocks++; + i=0; + } while (alen); +} + +/* Finally you encrypt or decrypt the message */ + +/* counter part of nonce may not be larger than L*8 bits, + * L is not larger than 8, therefore 64-bit counter... */ +static void ctr64_inc(unsigned char *counter) { + unsigned int n=8; + u8 c; + + counter += 8; + do { + --n; + c = counter[n]; + ++c; + counter[n] = c; + if (c) return; + } while (n); +} + +int CRYPTO_ccm128_encrypt(CCM128_CONTEXT *ctx, + const unsigned char *inp, unsigned char *out, + size_t len) +{ + size_t n; + unsigned int i,L; + unsigned char flags0 = ctx->nonce.c[0]; + block128_f block = ctx->block; + void * key = ctx->key; + union { u64 u[2]; u8 c[16]; } scratch; + + if (!(flags0&0x40)) + (*block)(ctx->nonce.c,ctx->cmac.c,key), + ctx->blocks++; + + ctx->nonce.c[0] = L = flags0&7; + for (n=0,i=15-L;i<15;++i) { + n |= ctx->nonce.c[i]; + ctx->nonce.c[i]=0; + n <<= 8; + } + n |= ctx->nonce.c[15]; /* reconstructed length */ + ctx->nonce.c[15]=1; + + if (n!=len) return -1; /* length mismatch */ + + ctx->blocks += ((len+15)>>3)|1; + if (ctx->blocks > (U64(1)<<61)) return -2; /* too much data */ + + while (len>=16) { +#ifdef __STRICT_ALIGNMENT + union { u64 u[2]; u8 c[16]; } temp; + + memcpy (temp.c,inp,16); + ctx->cmac.u[0] ^= temp.u[0]; + ctx->cmac.u[1] ^= temp.u[1]; +#else + ctx->cmac.u[0] ^= ((u64*)inp)[0]; + ctx->cmac.u[1] ^= ((u64*)inp)[1]; +#endif + (*block)(ctx->cmac.c,ctx->cmac.c,key); + (*block)(ctx->nonce.c,scratch.c,key); + ctr64_inc(ctx->nonce.c); +#ifdef __STRICT_ALIGNMENT + temp.u[0] ^= scratch.u[0]; + temp.u[1] ^= scratch.u[1]; + memcpy(out,temp.c,16); +#else + ((u64*)out)[0] = scratch.u[0]^((u64*)inp)[0]; + ((u64*)out)[1] = scratch.u[1]^((u64*)inp)[1]; +#endif + inp += 16; + out += 16; + len -= 16; + } + + if (len) { + for (i=0; icmac.c[i] ^= inp[i]; + (*block)(ctx->cmac.c,ctx->cmac.c,key); + (*block)(ctx->nonce.c,scratch.c,key); + for (i=0; inonce.c[i]=0; + + (*block)(ctx->nonce.c,scratch.c,key); + ctx->cmac.u[0] ^= scratch.u[0]; + ctx->cmac.u[1] ^= scratch.u[1]; + + ctx->nonce.c[0] = flags0; + + return 0; +} + +int CRYPTO_ccm128_decrypt(CCM128_CONTEXT *ctx, + const unsigned char *inp, unsigned char *out, + size_t len) +{ + size_t n; + unsigned int i,L; + unsigned char flags0 = ctx->nonce.c[0]; + block128_f block = ctx->block; + void * key = ctx->key; + union { u64 u[2]; u8 c[16]; } scratch; + + if (!(flags0&0x40)) + (*block)(ctx->nonce.c,ctx->cmac.c,key); + + ctx->nonce.c[0] = L = flags0&7; + for (n=0,i=15-L;i<15;++i) { + n |= ctx->nonce.c[i]; + ctx->nonce.c[i]=0; + n <<= 8; + } + n |= ctx->nonce.c[15]; /* reconstructed length */ + ctx->nonce.c[15]=1; + + if (n!=len) return -1; + + while (len>=16) { +#ifdef __STRICT_ALIGNMENT + union { u64 u[2]; u8 c[16]; } temp; +#endif + (*block)(ctx->nonce.c,scratch.c,key); + ctr64_inc(ctx->nonce.c); +#ifdef __STRICT_ALIGNMENT + memcpy (temp.c,inp,16); + ctx->cmac.u[0] ^= (scratch.u[0] ^= temp.u[0]); + ctx->cmac.u[1] ^= (scratch.u[1] ^= temp.u[1]); + memcpy (out,scratch.c,16); +#else + ctx->cmac.u[0] ^= (((u64*)out)[0] = scratch.u[0]^((u64*)inp)[0]); + ctx->cmac.u[1] ^= (((u64*)out)[1] = scratch.u[1]^((u64*)inp)[1]); +#endif + (*block)(ctx->cmac.c,ctx->cmac.c,key); + + inp += 16; + out += 16; + len -= 16; + } + + if (len) { + (*block)(ctx->nonce.c,scratch.c,key); + for (i=0; icmac.c[i] ^= (out[i] = scratch.c[i]^inp[i]); + (*block)(ctx->cmac.c,ctx->cmac.c,key); + } + + for (i=15-L;i<16;++i) + ctx->nonce.c[i]=0; + + (*block)(ctx->nonce.c,scratch.c,key); + ctx->cmac.u[0] ^= scratch.u[0]; + ctx->cmac.u[1] ^= scratch.u[1]; + + ctx->nonce.c[0] = flags0; + + return 0; +} + +static void ctr64_add (unsigned char *counter,size_t inc) +{ size_t n=8, val=0; + + counter += 8; + do { + --n; + val += counter[n] + (inc&0xff); + counter[n] = (unsigned char)val; + val >>= 8; /* carry bit */ + inc >>= 8; + } while(n && (inc || val)); +} + +int CRYPTO_ccm128_encrypt_ccm64(CCM128_CONTEXT *ctx, + const unsigned char *inp, unsigned char *out, + size_t len,ccm128_f stream) +{ + size_t n; + unsigned int i,L; + unsigned char flags0 = ctx->nonce.c[0]; + block128_f block = ctx->block; + void * key = ctx->key; + union { u64 u[2]; u8 c[16]; } scratch; + + if (!(flags0&0x40)) + (*block)(ctx->nonce.c,ctx->cmac.c,key), + ctx->blocks++; + + ctx->nonce.c[0] = L = flags0&7; + for (n=0,i=15-L;i<15;++i) { + n |= ctx->nonce.c[i]; + ctx->nonce.c[i]=0; + n <<= 8; + } + n |= ctx->nonce.c[15]; /* reconstructed length */ + ctx->nonce.c[15]=1; + + if (n!=len) return -1; /* length mismatch */ + + ctx->blocks += ((len+15)>>3)|1; + if (ctx->blocks > (U64(1)<<61)) return -2; /* too much data */ + + if ((n=len/16)) { + (*stream)(inp,out,n,key,ctx->nonce.c,ctx->cmac.c); + n *= 16; + inp += n; + out += n; + len -= n; + if (len) ctr64_add(ctx->nonce.c,n/16); + } + + if (len) { + for (i=0; icmac.c[i] ^= inp[i]; + (*block)(ctx->cmac.c,ctx->cmac.c,key); + (*block)(ctx->nonce.c,scratch.c,key); + for (i=0; inonce.c[i]=0; + + (*block)(ctx->nonce.c,scratch.c,key); + ctx->cmac.u[0] ^= scratch.u[0]; + ctx->cmac.u[1] ^= scratch.u[1]; + + ctx->nonce.c[0] = flags0; + + return 0; +} + +int CRYPTO_ccm128_decrypt_ccm64(CCM128_CONTEXT *ctx, + const unsigned char *inp, unsigned char *out, + size_t len,ccm128_f stream) +{ + size_t n; + unsigned int i,L; + unsigned char flags0 = ctx->nonce.c[0]; + block128_f block = ctx->block; + void * key = ctx->key; + union { u64 u[2]; u8 c[16]; } scratch; + + if (!(flags0&0x40)) + (*block)(ctx->nonce.c,ctx->cmac.c,key); + + ctx->nonce.c[0] = L = flags0&7; + for (n=0,i=15-L;i<15;++i) { + n |= ctx->nonce.c[i]; + ctx->nonce.c[i]=0; + n <<= 8; + } + n |= ctx->nonce.c[15]; /* reconstructed length */ + ctx->nonce.c[15]=1; + + if (n!=len) return -1; + + if ((n=len/16)) { + (*stream)(inp,out,n,key,ctx->nonce.c,ctx->cmac.c); + n *= 16; + inp += n; + out += n; + len -= n; + if (len) ctr64_add(ctx->nonce.c,n/16); + } + + if (len) { + (*block)(ctx->nonce.c,scratch.c,key); + for (i=0; icmac.c[i] ^= (out[i] = scratch.c[i]^inp[i]); + (*block)(ctx->cmac.c,ctx->cmac.c,key); + } + + for (i=15-L;i<16;++i) + ctx->nonce.c[i]=0; + + (*block)(ctx->nonce.c,scratch.c,key); + ctx->cmac.u[0] ^= scratch.u[0]; + ctx->cmac.u[1] ^= scratch.u[1]; + + ctx->nonce.c[0] = flags0; + + return 0; +} + +size_t CRYPTO_ccm128_tag(CCM128_CONTEXT *ctx,unsigned char *tag,size_t len) +{ unsigned int M = (ctx->nonce.c[0]>>3)&7; /* the M parameter */ + + M *= 2; M += 2; + if (lencmac.c,M); + return M; +} diff --git a/src/lib/libcrypto/modes/cfb128.c b/src/lib/libcrypto/modes/cfb128.c new file mode 100644 index 00000000000..8399f0c5be0 --- /dev/null +++ b/src/lib/libcrypto/modes/cfb128.c @@ -0,0 +1,234 @@ +/* $OpenBSD: cfb128.c,v 1.4 2015/02/10 09:46:30 miod Exp $ */ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ + +#include +#include "modes_lcl.h" +#include + +#ifndef MODES_DEBUG +# ifndef NDEBUG +# define NDEBUG +# endif +#endif + +/* The input and output encrypted as though 128bit cfb mode is being + * used. The extra state information to record how much of the + * 128bit block we have used is contained in *num; + */ +void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block) +{ + unsigned int n; + size_t l = 0; + + n = *num; + + if (enc) { +#if !defined(OPENSSL_SMALL_FOOTPRINT) + if (16%sizeof(size_t) == 0) do { /* always true actually */ + while (n && len) { + *(out++) = ivec[n] ^= *(in++); + --len; + n = (n+1) % 16; + } +#ifdef __STRICT_ALIGNMENT + if (((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0) + break; +#endif + while (len>=16) { + (*block)(ivec, ivec, key); + for (; n<16; n+=sizeof(size_t)) { + *(size_t*)(out+n) = + *(size_t*)(ivec+n) ^= *(size_t*)(in+n); + } + len -= 16; + out += 16; + in += 16; + n = 0; + } + if (len) { + (*block)(ivec, ivec, key); + while (len--) { + out[n] = ivec[n] ^= in[n]; + ++n; + } + } + *num = n; + return; + } while (0); + /* the rest would be commonly eliminated by x86* compiler */ +#endif + while (l=16) { + (*block)(ivec, ivec, key); + for (; n<16; n+=sizeof(size_t)) { + size_t t = *(size_t*)(in+n); + *(size_t*)(out+n) = *(size_t*)(ivec+n) ^ t; + *(size_t*)(ivec+n) = t; + } + len -= 16; + out += 16; + in += 16; + n = 0; + } + if (len) { + (*block)(ivec, ivec, key); + while (len--) { + unsigned char c; + out[n] = ivec[n] ^ (c = in[n]); ivec[n] = c; + ++n; + } + } + *num = n; + return; + } while (0); + /* the rest would be commonly eliminated by x86* compiler */ +#endif + while (l128) return; + + /* fill in the first half of the new IV with the current IV */ + memcpy(ovec,ivec,16); + /* construct the new IV */ + (*block)(ivec,ivec,key); + num = (nbits+7)/8; + if (enc) /* encrypt the input */ + for(n=0 ; n < num ; ++n) + out[n] = (ovec[16+n] = in[n] ^ ivec[n]); + else /* decrypt the input */ + for(n=0 ; n < num ; ++n) + out[n] = (ovec[16+n] = in[n]) ^ ivec[n]; + /* shift ovec left... */ + rem = nbits%8; + num = nbits/8; + if(rem==0) + memcpy(ivec,ovec+num,16); + else + for(n=0 ; n < 16 ; ++n) + ivec[n] = ovec[n+num]<>(8-rem); + + /* it is not necessary to cleanse ovec, since the IV is not secret */ +} + +/* N.B. This expects the input to be packed, MS bit first */ +void CRYPTO_cfb128_1_encrypt(const unsigned char *in, unsigned char *out, + size_t bits, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block) +{ + size_t n; + unsigned char c[1],d[1]; + + for(n=0 ; n> (unsigned int)(n%8)); + } +} + +void CRYPTO_cfb128_8_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block) +{ + size_t n; + + for(n=0 ; n +#include "modes_lcl.h" +#include + +#ifndef MODES_DEBUG +# ifndef NDEBUG +# define NDEBUG +# endif +#endif +#include + +/* NOTE: the IV/counter CTR mode is big-endian. The code itself + * is endian-neutral. */ + +/* increment counter (128-bit int) by 1 */ +static void ctr128_inc(unsigned char *counter) { + u32 n=16; + u8 c; + + do { + --n; + c = counter[n]; + ++c; + counter[n] = c; + if (c) return; + } while (n); +} + +#if !defined(OPENSSL_SMALL_FOOTPRINT) +static void +ctr128_inc_aligned(unsigned char *counter) +{ +#if BYTE_ORDER == LITTLE_ENDIAN + ctr128_inc(counter); +#else + size_t *data, c, n; + data = (size_t *)counter; + n = 16 / sizeof(size_t); + do { + --n; + c = data[n]; + ++c; + data[n] = c; + if (c) + return; + } while (n); +#endif +} +#endif + +/* The input encrypted as though 128bit counter mode is being + * used. The extra state information to record how much of the + * 128bit block we have used is contained in *num, and the + * encrypted counter is kept in ecount_buf. Both *num and + * ecount_buf must be initialised with zeros before the first + * call to CRYPTO_ctr128_encrypt(). + * + * This algorithm assumes that the counter is in the x lower bits + * of the IV (ivec), and that the application has full control over + * overflow and the rest of the IV. This implementation takes NO + * responsability for checking that the counter doesn't overflow + * into the rest of the IV when incremented. + */ +void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], unsigned char ecount_buf[16], + unsigned int *num, block128_f block) +{ + unsigned int n; + size_t l=0; + + assert(*num < 16); + + n = *num; + +#if !defined(OPENSSL_SMALL_FOOTPRINT) + if (16%sizeof(size_t) == 0) do { /* always true actually */ + while (n && len) { + *(out++) = *(in++) ^ ecount_buf[n]; + --len; + n = (n+1) % 16; + } + +#ifdef __STRICT_ALIGNMENT + if (((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0) + break; +#endif + while (len>=16) { + (*block)(ivec, ecount_buf, key); + ctr128_inc_aligned(ivec); + for (; n<16; n+=sizeof(size_t)) + *(size_t *)(out+n) = + *(size_t *)(in+n) ^ *(size_t *)(ecount_buf+n); + len -= 16; + out += 16; + in += 16; + n = 0; + } + if (len) { + (*block)(ivec, ecount_buf, key); + ctr128_inc_aligned(ivec); + while (len--) { + out[n] = in[n] ^ ecount_buf[n]; + ++n; + } + } + *num = n; + return; + } while(0); + /* the rest would be commonly eliminated by x86* compiler */ +#endif + while (l=16) { + size_t blocks = len/16; + /* + * 1<<28 is just a not-so-small yet not-so-large number... + * Below condition is practically never met, but it has to + * be checked for code correctness. + */ + if (sizeof(size_t)>sizeof(unsigned int) && blocks>(1U<<28)) + blocks = (1U<<28); + /* + * As (*func) operates on 32-bit counter, caller + * has to handle overflow. 'if' below detects the + * overflow, which is then handled by limiting the + * amount of blocks to the exact overflow point... + */ + ctr32 += (u32)blocks; + if (ctr32 < blocks) { + blocks -= ctr32; + ctr32 = 0; + } + (*func)(in,out,blocks,key,ivec); + /* (*ctr) does not update ivec, caller does: */ + PUTU32(ivec+12,ctr32); + /* ... overflow was detected, propogate carry. */ + if (ctr32 == 0) ctr96_inc(ivec); + blocks *= 16; + len -= blocks; + out += blocks; + in += blocks; + } + if (len) { + memset(ecount_buf,0,16); + (*func)(ecount_buf,ecount_buf,1,key,ivec); + ++ctr32; + PUTU32(ivec+12,ctr32); + if (ctr32 == 0) ctr96_inc(ivec); + while (len--) { + out[n] = in[n] ^ ecount_buf[n]; + ++n; + } + } + + *num=n; +} diff --git a/src/lib/libcrypto/modes/cts128.c b/src/lib/libcrypto/modes/cts128.c new file mode 100644 index 00000000000..802aa77cd56 --- /dev/null +++ b/src/lib/libcrypto/modes/cts128.c @@ -0,0 +1,267 @@ +/* $OpenBSD: cts128.c,v 1.5 2015/07/19 18:27:26 miod Exp $ */ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Rights for redistribution and usage in source and binary + * forms are granted according to the OpenSSL license. + */ + +#include +#include "modes_lcl.h" +#include + +#ifndef MODES_DEBUG +# ifndef NDEBUG +# define NDEBUG +# endif +#endif + +/* + * Trouble with Ciphertext Stealing, CTS, mode is that there is no + * common official specification, but couple of cipher/application + * specific ones: RFC2040 and RFC3962. Then there is 'Proposal to + * Extend CBC Mode By "Ciphertext Stealing"' at NIST site, which + * deviates from mentioned RFCs. Most notably it allows input to be + * of block length and it doesn't flip the order of the last two + * blocks. CTS is being discussed even in ECB context, but it's not + * adopted for any known application. This implementation provides + * two interfaces: one compliant with above mentioned RFCs and one + * compliant with the NIST proposal, both extending CBC mode. + */ + +size_t CRYPTO_cts128_encrypt_block(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], block128_f block) +{ size_t residue, n; + + if (len <= 16) return 0; + + if ((residue=len%16) == 0) residue = 16; + + len -= residue; + + CRYPTO_cbc128_encrypt(in,out,len,key,ivec,block); + + in += len; + out += len; + + for (n=0; n +#include "modes_lcl.h" +#include + +#ifndef MODES_DEBUG +# ifndef NDEBUG +# define NDEBUG +# endif +#endif + +#if defined(BSWAP4) && defined(__STRICT_ALIGNMENT) +/* redefine, because alignment is ensured */ +#undef GETU32 +#define GETU32(p) BSWAP4(*(const u32 *)(p)) +#undef PUTU32 +#define PUTU32(p,v) *(u32 *)(p) = BSWAP4(v) +#endif + +#define PACK(s) ((size_t)(s)<<(sizeof(size_t)*8-16)) +#define REDUCE1BIT(V) \ + do { \ + if (sizeof(size_t)==8) { \ + u64 T = U64(0xe100000000000000) & (0-(V.lo&1)); \ + V.lo = (V.hi<<63)|(V.lo>>1); \ + V.hi = (V.hi>>1 )^T; \ + } else { \ + u32 T = 0xe1000000U & (0-(u32)(V.lo&1)); \ + V.lo = (V.hi<<63)|(V.lo>>1); \ + V.hi = (V.hi>>1 )^((u64)T<<32); \ + } \ + } while(0) + +/* + * Even though permitted values for TABLE_BITS are 8, 4 and 1, it should + * never be set to 8. 8 is effectively reserved for testing purposes. + * TABLE_BITS>1 are lookup-table-driven implementations referred to as + * "Shoup's" in GCM specification. In other words OpenSSL does not cover + * whole spectrum of possible table driven implementations. Why? In + * non-"Shoup's" case memory access pattern is segmented in such manner, + * that it's trivial to see that cache timing information can reveal + * fair portion of intermediate hash value. Given that ciphertext is + * always available to attacker, it's possible for him to attempt to + * deduce secret parameter H and if successful, tamper with messages + * [which is nothing but trivial in CTR mode]. In "Shoup's" case it's + * not as trivial, but there is no reason to believe that it's resistant + * to cache-timing attack. And the thing about "8-bit" implementation is + * that it consumes 16 (sixteen) times more memory, 4KB per individual + * key + 1KB shared. Well, on pros side it should be twice as fast as + * "4-bit" version. And for gcc-generated x86[_64] code, "8-bit" version + * was observed to run ~75% faster, closer to 100% for commercial + * compilers... Yet "4-bit" procedure is preferred, because it's + * believed to provide better security-performance balance and adequate + * all-round performance. "All-round" refers to things like: + * + * - shorter setup time effectively improves overall timing for + * handling short messages; + * - larger table allocation can become unbearable because of VM + * subsystem penalties (for example on Windows large enough free + * results in VM working set trimming, meaning that consequent + * malloc would immediately incur working set expansion); + * - larger table has larger cache footprint, which can affect + * performance of other code paths (not necessarily even from same + * thread in Hyper-Threading world); + * + * Value of 1 is not appropriate for performance reasons. + */ +#if TABLE_BITS==8 + +static void gcm_init_8bit(u128 Htable[256], u64 H[2]) +{ + int i, j; + u128 V; + + Htable[0].hi = 0; + Htable[0].lo = 0; + V.hi = H[0]; + V.lo = H[1]; + + for (Htable[128]=V, i=64; i>0; i>>=1) { + REDUCE1BIT(V); + Htable[i] = V; + } + + for (i=2; i<256; i<<=1) { + u128 *Hi = Htable+i, H0 = *Hi; + for (j=1; j>8); + Z.hi = (Z.hi>>8); +#if SIZE_MAX == 0xffffffffffffffff + Z.hi ^= rem_8bit[rem]; +#else + Z.hi ^= (u64)rem_8bit[rem]<<32; +#endif + } + +#if BYTE_ORDER == LITTLE_ENDIAN +#ifdef BSWAP8 + Xi[0] = BSWAP8(Z.hi); + Xi[1] = BSWAP8(Z.lo); +#else + u8 *p = (u8 *)Xi; + u32 v; + v = (u32)(Z.hi>>32); PUTU32(p,v); + v = (u32)(Z.hi); PUTU32(p+4,v); + v = (u32)(Z.lo>>32); PUTU32(p+8,v); + v = (u32)(Z.lo); PUTU32(p+12,v); +#endif +#else /* BIG_ENDIAN */ + Xi[0] = Z.hi; + Xi[1] = Z.lo; +#endif +} +#define GCM_MUL(ctx,Xi) gcm_gmult_8bit(ctx->Xi.u,ctx->Htable) + +#elif TABLE_BITS==4 + +static void gcm_init_4bit(u128 Htable[16], u64 H[2]) +{ + u128 V; +#if defined(OPENSSL_SMALL_FOOTPRINT) + int i; +#endif + + Htable[0].hi = 0; + Htable[0].lo = 0; + V.hi = H[0]; + V.lo = H[1]; + +#if defined(OPENSSL_SMALL_FOOTPRINT) + for (Htable[8]=V, i=4; i>0; i>>=1) { + REDUCE1BIT(V); + Htable[i] = V; + } + + for (i=2; i<16; i<<=1) { + u128 *Hi = Htable+i; + int j; + for (V=*Hi, j=1; j>32; + Htable[j].lo = V.hi<<32|V.hi>>32; + } +#endif + } +#endif +} + +#ifndef GHASH_ASM +static const size_t rem_4bit[16] = { + PACK(0x0000), PACK(0x1C20), PACK(0x3840), PACK(0x2460), + PACK(0x7080), PACK(0x6CA0), PACK(0x48C0), PACK(0x54E0), + PACK(0xE100), PACK(0xFD20), PACK(0xD940), PACK(0xC560), + PACK(0x9180), PACK(0x8DA0), PACK(0xA9C0), PACK(0xB5E0) }; + +static void gcm_gmult_4bit(u64 Xi[2], const u128 Htable[16]) +{ + u128 Z; + int cnt = 15; + size_t rem, nlo, nhi; + + nlo = ((const u8 *)Xi)[15]; + nhi = nlo>>4; + nlo &= 0xf; + + Z.hi = Htable[nlo].hi; + Z.lo = Htable[nlo].lo; + + while (1) { + rem = (size_t)Z.lo&0xf; + Z.lo = (Z.hi<<60)|(Z.lo>>4); + Z.hi = (Z.hi>>4); +#if SIZE_MAX == 0xffffffffffffffff + Z.hi ^= rem_4bit[rem]; +#else + Z.hi ^= (u64)rem_4bit[rem]<<32; +#endif + Z.hi ^= Htable[nhi].hi; + Z.lo ^= Htable[nhi].lo; + + if (--cnt<0) break; + + nlo = ((const u8 *)Xi)[cnt]; + nhi = nlo>>4; + nlo &= 0xf; + + rem = (size_t)Z.lo&0xf; + Z.lo = (Z.hi<<60)|(Z.lo>>4); + Z.hi = (Z.hi>>4); +#if SIZE_MAX == 0xffffffffffffffff + Z.hi ^= rem_4bit[rem]; +#else + Z.hi ^= (u64)rem_4bit[rem]<<32; +#endif + Z.hi ^= Htable[nlo].hi; + Z.lo ^= Htable[nlo].lo; + } + +#if BYTE_ORDER == LITTLE_ENDIAN +#ifdef BSWAP8 + Xi[0] = BSWAP8(Z.hi); + Xi[1] = BSWAP8(Z.lo); +#else + u8 *p = (u8 *)Xi; + u32 v; + v = (u32)(Z.hi>>32); PUTU32(p,v); + v = (u32)(Z.hi); PUTU32(p+4,v); + v = (u32)(Z.lo>>32); PUTU32(p+8,v); + v = (u32)(Z.lo); PUTU32(p+12,v); +#endif +#else /* BIG_ENDIAN */ + Xi[0] = Z.hi; + Xi[1] = Z.lo; +#endif +} + +#if !defined(OPENSSL_SMALL_FOOTPRINT) +/* + * Streamed gcm_mult_4bit, see CRYPTO_gcm128_[en|de]crypt for + * details... Compiler-generated code doesn't seem to give any + * performance improvement, at least not on x86[_64]. It's here + * mostly as reference and a placeholder for possible future + * non-trivial optimization[s]... + */ +static void gcm_ghash_4bit(u64 Xi[2],const u128 Htable[16], + const u8 *inp,size_t len) +{ + u128 Z; + int cnt; + size_t rem, nlo, nhi; + +#if 1 + do { + cnt = 15; + nlo = ((const u8 *)Xi)[15]; + nlo ^= inp[15]; + nhi = nlo>>4; + nlo &= 0xf; + + Z.hi = Htable[nlo].hi; + Z.lo = Htable[nlo].lo; + + while (1) { + rem = (size_t)Z.lo&0xf; + Z.lo = (Z.hi<<60)|(Z.lo>>4); + Z.hi = (Z.hi>>4); +#if SIZE_MAX == 0xffffffffffffffff + Z.hi ^= rem_4bit[rem]; +#else + Z.hi ^= (u64)rem_4bit[rem]<<32; +#endif + Z.hi ^= Htable[nhi].hi; + Z.lo ^= Htable[nhi].lo; + + if (--cnt<0) break; + + nlo = ((const u8 *)Xi)[cnt]; + nlo ^= inp[cnt]; + nhi = nlo>>4; + nlo &= 0xf; + + rem = (size_t)Z.lo&0xf; + Z.lo = (Z.hi<<60)|(Z.lo>>4); + Z.hi = (Z.hi>>4); +#if SIZE_MAX == 0xffffffffffffffff + Z.hi ^= rem_4bit[rem]; +#else + Z.hi ^= (u64)rem_4bit[rem]<<32; +#endif + Z.hi ^= Htable[nlo].hi; + Z.lo ^= Htable[nlo].lo; + } +#else + /* + * Extra 256+16 bytes per-key plus 512 bytes shared tables + * [should] give ~50% improvement... One could have PACK()-ed + * the rem_8bit even here, but the priority is to minimize + * cache footprint... + */ + u128 Hshr4[16]; /* Htable shifted right by 4 bits */ + u8 Hshl4[16]; /* Htable shifted left by 4 bits */ + static const unsigned short rem_8bit[256] = { + 0x0000, 0x01C2, 0x0384, 0x0246, 0x0708, 0x06CA, 0x048C, 0x054E, + 0x0E10, 0x0FD2, 0x0D94, 0x0C56, 0x0918, 0x08DA, 0x0A9C, 0x0B5E, + 0x1C20, 0x1DE2, 0x1FA4, 0x1E66, 0x1B28, 0x1AEA, 0x18AC, 0x196E, + 0x1230, 0x13F2, 0x11B4, 0x1076, 0x1538, 0x14FA, 0x16BC, 0x177E, + 0x3840, 0x3982, 0x3BC4, 0x3A06, 0x3F48, 0x3E8A, 0x3CCC, 0x3D0E, + 0x3650, 0x3792, 0x35D4, 0x3416, 0x3158, 0x309A, 0x32DC, 0x331E, + 0x2460, 0x25A2, 0x27E4, 0x2626, 0x2368, 0x22AA, 0x20EC, 0x212E, + 0x2A70, 0x2BB2, 0x29F4, 0x2836, 0x2D78, 0x2CBA, 0x2EFC, 0x2F3E, + 0x7080, 0x7142, 0x7304, 0x72C6, 0x7788, 0x764A, 0x740C, 0x75CE, + 0x7E90, 0x7F52, 0x7D14, 0x7CD6, 0x7998, 0x785A, 0x7A1C, 0x7BDE, + 0x6CA0, 0x6D62, 0x6F24, 0x6EE6, 0x6BA8, 0x6A6A, 0x682C, 0x69EE, + 0x62B0, 0x6372, 0x6134, 0x60F6, 0x65B8, 0x647A, 0x663C, 0x67FE, + 0x48C0, 0x4902, 0x4B44, 0x4A86, 0x4FC8, 0x4E0A, 0x4C4C, 0x4D8E, + 0x46D0, 0x4712, 0x4554, 0x4496, 0x41D8, 0x401A, 0x425C, 0x439E, + 0x54E0, 0x5522, 0x5764, 0x56A6, 0x53E8, 0x522A, 0x506C, 0x51AE, + 0x5AF0, 0x5B32, 0x5974, 0x58B6, 0x5DF8, 0x5C3A, 0x5E7C, 0x5FBE, + 0xE100, 0xE0C2, 0xE284, 0xE346, 0xE608, 0xE7CA, 0xE58C, 0xE44E, + 0xEF10, 0xEED2, 0xEC94, 0xED56, 0xE818, 0xE9DA, 0xEB9C, 0xEA5E, + 0xFD20, 0xFCE2, 0xFEA4, 0xFF66, 0xFA28, 0xFBEA, 0xF9AC, 0xF86E, + 0xF330, 0xF2F2, 0xF0B4, 0xF176, 0xF438, 0xF5FA, 0xF7BC, 0xF67E, + 0xD940, 0xD882, 0xDAC4, 0xDB06, 0xDE48, 0xDF8A, 0xDDCC, 0xDC0E, + 0xD750, 0xD692, 0xD4D4, 0xD516, 0xD058, 0xD19A, 0xD3DC, 0xD21E, + 0xC560, 0xC4A2, 0xC6E4, 0xC726, 0xC268, 0xC3AA, 0xC1EC, 0xC02E, + 0xCB70, 0xCAB2, 0xC8F4, 0xC936, 0xCC78, 0xCDBA, 0xCFFC, 0xCE3E, + 0x9180, 0x9042, 0x9204, 0x93C6, 0x9688, 0x974A, 0x950C, 0x94CE, + 0x9F90, 0x9E52, 0x9C14, 0x9DD6, 0x9898, 0x995A, 0x9B1C, 0x9ADE, + 0x8DA0, 0x8C62, 0x8E24, 0x8FE6, 0x8AA8, 0x8B6A, 0x892C, 0x88EE, + 0x83B0, 0x8272, 0x8034, 0x81F6, 0x84B8, 0x857A, 0x873C, 0x86FE, + 0xA9C0, 0xA802, 0xAA44, 0xAB86, 0xAEC8, 0xAF0A, 0xAD4C, 0xAC8E, + 0xA7D0, 0xA612, 0xA454, 0xA596, 0xA0D8, 0xA11A, 0xA35C, 0xA29E, + 0xB5E0, 0xB422, 0xB664, 0xB7A6, 0xB2E8, 0xB32A, 0xB16C, 0xB0AE, + 0xBBF0, 0xBA32, 0xB874, 0xB9B6, 0xBCF8, 0xBD3A, 0xBF7C, 0xBEBE }; + /* + * This pre-processing phase slows down procedure by approximately + * same time as it makes each loop spin faster. In other words + * single block performance is approximately same as straightforward + * "4-bit" implementation, and then it goes only faster... + */ + for (cnt=0; cnt<16; ++cnt) { + Z.hi = Htable[cnt].hi; + Z.lo = Htable[cnt].lo; + Hshr4[cnt].lo = (Z.hi<<60)|(Z.lo>>4); + Hshr4[cnt].hi = (Z.hi>>4); + Hshl4[cnt] = (u8)(Z.lo<<4); + } + + do { + for (Z.lo=0, Z.hi=0, cnt=15; cnt; --cnt) { + nlo = ((const u8 *)Xi)[cnt]; + nlo ^= inp[cnt]; + nhi = nlo>>4; + nlo &= 0xf; + + Z.hi ^= Htable[nlo].hi; + Z.lo ^= Htable[nlo].lo; + + rem = (size_t)Z.lo&0xff; + + Z.lo = (Z.hi<<56)|(Z.lo>>8); + Z.hi = (Z.hi>>8); + + Z.hi ^= Hshr4[nhi].hi; + Z.lo ^= Hshr4[nhi].lo; + Z.hi ^= (u64)rem_8bit[rem^Hshl4[nhi]]<<48; + } + + nlo = ((const u8 *)Xi)[0]; + nlo ^= inp[0]; + nhi = nlo>>4; + nlo &= 0xf; + + Z.hi ^= Htable[nlo].hi; + Z.lo ^= Htable[nlo].lo; + + rem = (size_t)Z.lo&0xf; + + Z.lo = (Z.hi<<60)|(Z.lo>>4); + Z.hi = (Z.hi>>4); + + Z.hi ^= Htable[nhi].hi; + Z.lo ^= Htable[nhi].lo; + Z.hi ^= ((u64)rem_8bit[rem<<4])<<48; +#endif + +#if BYTE_ORDER == LITTLE_ENDIAN +#ifdef BSWAP8 + Xi[0] = BSWAP8(Z.hi); + Xi[1] = BSWAP8(Z.lo); +#else + u8 *p = (u8 *)Xi; + u32 v; + v = (u32)(Z.hi>>32); PUTU32(p,v); + v = (u32)(Z.hi); PUTU32(p+4,v); + v = (u32)(Z.lo>>32); PUTU32(p+8,v); + v = (u32)(Z.lo); PUTU32(p+12,v); +#endif +#else /* BIG_ENDIAN */ + Xi[0] = Z.hi; + Xi[1] = Z.lo; +#endif + } while (inp+=16, len-=16); +} +#endif +#else +void gcm_gmult_4bit(u64 Xi[2],const u128 Htable[16]); +void gcm_ghash_4bit(u64 Xi[2],const u128 Htable[16],const u8 *inp,size_t len); +#endif + +#define GCM_MUL(ctx,Xi) gcm_gmult_4bit(ctx->Xi.u,ctx->Htable) +#if defined(GHASH_ASM) || !defined(OPENSSL_SMALL_FOOTPRINT) +#define GHASH(ctx,in,len) gcm_ghash_4bit((ctx)->Xi.u,(ctx)->Htable,in,len) +/* GHASH_CHUNK is "stride parameter" missioned to mitigate cache + * trashing effect. In other words idea is to hash data while it's + * still in L1 cache after encryption pass... */ +#define GHASH_CHUNK (3*1024) +#endif + +#else /* TABLE_BITS */ + +static void gcm_gmult_1bit(u64 Xi[2],const u64 H[2]) +{ + u128 V,Z = { 0,0 }; + long X; + int i,j; + const long *xi = (const long *)Xi; + + V.hi = H[0]; /* H is in host byte order, no byte swapping */ + V.lo = H[1]; + + for (j=0; j<16/sizeof(long); ++j) { +#if BYTE_ORDER == LITTLE_ENDIAN +#if SIZE_MAX == 0xffffffffffffffff +#ifdef BSWAP8 + X = (long)(BSWAP8(xi[j])); +#else + const u8 *p = (const u8 *)(xi+j); + X = (long)((u64)GETU32(p)<<32|GETU32(p+4)); +#endif +#else + const u8 *p = (const u8 *)(xi+j); + X = (long)GETU32(p); +#endif +#else /* BIG_ENDIAN */ + X = xi[j]; +#endif + + for (i=0; i<8*sizeof(long); ++i, X<<=1) { + u64 M = (u64)(X>>(8*sizeof(long)-1)); + Z.hi ^= V.hi&M; + Z.lo ^= V.lo&M; + + REDUCE1BIT(V); + } + } + +#if BYTE_ORDER == LITTLE_ENDIAN +#ifdef BSWAP8 + Xi[0] = BSWAP8(Z.hi); + Xi[1] = BSWAP8(Z.lo); +#else + u8 *p = (u8 *)Xi; + u32 v; + v = (u32)(Z.hi>>32); PUTU32(p,v); + v = (u32)(Z.hi); PUTU32(p+4,v); + v = (u32)(Z.lo>>32); PUTU32(p+8,v); + v = (u32)(Z.lo); PUTU32(p+12,v); +#endif +#else /* BIG_ENDIAN */ + Xi[0] = Z.hi; + Xi[1] = Z.lo; +#endif +} +#define GCM_MUL(ctx,Xi) gcm_gmult_1bit(ctx->Xi.u,ctx->H.u) + +#endif + +#if defined(GHASH_ASM) && \ + (defined(__i386) || defined(__i386__) || \ + defined(__x86_64) || defined(__x86_64__) || \ + defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64)) +#include "x86_arch.h" +#endif + +#if TABLE_BITS==4 && defined(GHASH_ASM) +# if (defined(__i386) || defined(__i386__) || \ + defined(__x86_64) || defined(__x86_64__) || \ + defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64)) +# define GHASH_ASM_X86_OR_64 +# define GCM_FUNCREF_4BIT + +void gcm_init_clmul(u128 Htable[16],const u64 Xi[2]); +void gcm_gmult_clmul(u64 Xi[2],const u128 Htable[16]); +void gcm_ghash_clmul(u64 Xi[2],const u128 Htable[16],const u8 *inp,size_t len); + +# if defined(__i386) || defined(__i386__) || defined(_M_IX86) +# define GHASH_ASM_X86 +void gcm_gmult_4bit_mmx(u64 Xi[2],const u128 Htable[16]); +void gcm_ghash_4bit_mmx(u64 Xi[2],const u128 Htable[16],const u8 *inp,size_t len); + +void gcm_gmult_4bit_x86(u64 Xi[2],const u128 Htable[16]); +void gcm_ghash_4bit_x86(u64 Xi[2],const u128 Htable[16],const u8 *inp,size_t len); +# endif +# elif defined(__arm__) || defined(__arm) +# include "arm_arch.h" +# if __ARM_ARCH__>=7 && !defined(__STRICT_ALIGNMENT) +# define GHASH_ASM_ARM +# define GCM_FUNCREF_4BIT +void gcm_gmult_neon(u64 Xi[2],const u128 Htable[16]); +void gcm_ghash_neon(u64 Xi[2],const u128 Htable[16],const u8 *inp,size_t len); +# endif +# endif +#endif + +#ifdef GCM_FUNCREF_4BIT +# undef GCM_MUL +# define GCM_MUL(ctx,Xi) (*gcm_gmult_p)(ctx->Xi.u,ctx->Htable) +# ifdef GHASH +# undef GHASH +# define GHASH(ctx,in,len) (*gcm_ghash_p)(ctx->Xi.u,ctx->Htable,in,len) +# endif +#endif + +void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx,void *key,block128_f block) +{ + memset(ctx,0,sizeof(*ctx)); + ctx->block = block; + ctx->key = key; + + (*block)(ctx->H.c,ctx->H.c,key); + +#if BYTE_ORDER == LITTLE_ENDIAN + /* H is stored in host byte order */ +#ifdef BSWAP8 + ctx->H.u[0] = BSWAP8(ctx->H.u[0]); + ctx->H.u[1] = BSWAP8(ctx->H.u[1]); +#else + u8 *p = ctx->H.c; + u64 hi,lo; + hi = (u64)GETU32(p) <<32|GETU32(p+4); + lo = (u64)GETU32(p+8)<<32|GETU32(p+12); + ctx->H.u[0] = hi; + ctx->H.u[1] = lo; +#endif +#endif + +#if TABLE_BITS==8 + gcm_init_8bit(ctx->Htable,ctx->H.u); +#elif TABLE_BITS==4 +# if defined(GHASH_ASM_X86_OR_64) +# if !defined(GHASH_ASM_X86) || defined(OPENSSL_IA32_SSE2) + /* check FXSR and PCLMULQDQ bits */ + if ((OPENSSL_cpu_caps() & (CPUCAP_MASK_FXSR | CPUCAP_MASK_PCLMUL)) == + (CPUCAP_MASK_FXSR | CPUCAP_MASK_PCLMUL)) { + gcm_init_clmul(ctx->Htable,ctx->H.u); + ctx->gmult = gcm_gmult_clmul; + ctx->ghash = gcm_ghash_clmul; + return; + } +# endif + gcm_init_4bit(ctx->Htable,ctx->H.u); +# if defined(GHASH_ASM_X86) /* x86 only */ +# if defined(OPENSSL_IA32_SSE2) + if (OPENSSL_cpu_caps() & CPUCAP_MASK_SSE) { /* check SSE bit */ +# else + if (OPENSSL_cpu_caps() & CPUCAP_MASK_MMX) { /* check MMX bit */ +# endif + ctx->gmult = gcm_gmult_4bit_mmx; + ctx->ghash = gcm_ghash_4bit_mmx; + } else { + ctx->gmult = gcm_gmult_4bit_x86; + ctx->ghash = gcm_ghash_4bit_x86; + } +# else + ctx->gmult = gcm_gmult_4bit; + ctx->ghash = gcm_ghash_4bit; +# endif +# elif defined(GHASH_ASM_ARM) + if (OPENSSL_armcap_P & ARMV7_NEON) { + ctx->gmult = gcm_gmult_neon; + ctx->ghash = gcm_ghash_neon; + } else { + gcm_init_4bit(ctx->Htable,ctx->H.u); + ctx->gmult = gcm_gmult_4bit; + ctx->ghash = gcm_ghash_4bit; + } +# else + gcm_init_4bit(ctx->Htable,ctx->H.u); +# endif +#endif +} + +void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx,const unsigned char *iv,size_t len) +{ + unsigned int ctr; +#ifdef GCM_FUNCREF_4BIT + void (*gcm_gmult_p)(u64 Xi[2],const u128 Htable[16]) = ctx->gmult; +#endif + + ctx->Yi.u[0] = 0; + ctx->Yi.u[1] = 0; + ctx->Xi.u[0] = 0; + ctx->Xi.u[1] = 0; + ctx->len.u[0] = 0; /* AAD length */ + ctx->len.u[1] = 0; /* message length */ + ctx->ares = 0; + ctx->mres = 0; + + if (len==12) { + memcpy(ctx->Yi.c,iv,12); + ctx->Yi.c[15]=1; + ctr=1; + } + else { + size_t i; + u64 len0 = len; + + while (len>=16) { + for (i=0; i<16; ++i) ctx->Yi.c[i] ^= iv[i]; + GCM_MUL(ctx,Yi); + iv += 16; + len -= 16; + } + if (len) { + for (i=0; iYi.c[i] ^= iv[i]; + GCM_MUL(ctx,Yi); + } + len0 <<= 3; +#if BYTE_ORDER == LITTLE_ENDIAN +#ifdef BSWAP8 + ctx->Yi.u[1] ^= BSWAP8(len0); +#else + ctx->Yi.c[8] ^= (u8)(len0>>56); + ctx->Yi.c[9] ^= (u8)(len0>>48); + ctx->Yi.c[10] ^= (u8)(len0>>40); + ctx->Yi.c[11] ^= (u8)(len0>>32); + ctx->Yi.c[12] ^= (u8)(len0>>24); + ctx->Yi.c[13] ^= (u8)(len0>>16); + ctx->Yi.c[14] ^= (u8)(len0>>8); + ctx->Yi.c[15] ^= (u8)(len0); +#endif +#else /* BIG_ENDIAN */ + ctx->Yi.u[1] ^= len0; +#endif + + GCM_MUL(ctx,Yi); + +#if BYTE_ORDER == LITTLE_ENDIAN +#ifdef BSWAP4 + ctr = BSWAP4(ctx->Yi.d[3]); +#else + ctr = GETU32(ctx->Yi.c+12); +#endif +#else /* BIG_ENDIAN */ + ctr = ctx->Yi.d[3]; +#endif + } + + (*ctx->block)(ctx->Yi.c,ctx->EK0.c,ctx->key); + ++ctr; +#if BYTE_ORDER == LITTLE_ENDIAN +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else + PUTU32(ctx->Yi.c+12,ctr); +#endif +#else /* BIG_ENDIAN */ + ctx->Yi.d[3] = ctr; +#endif +} + +int CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx,const unsigned char *aad,size_t len) +{ + size_t i; + unsigned int n; + u64 alen = ctx->len.u[0]; +#ifdef GCM_FUNCREF_4BIT + void (*gcm_gmult_p)(u64 Xi[2],const u128 Htable[16]) = ctx->gmult; +# ifdef GHASH + void (*gcm_ghash_p)(u64 Xi[2],const u128 Htable[16], + const u8 *inp,size_t len) = ctx->ghash; +# endif +#endif + + if (ctx->len.u[1]) return -2; + + alen += len; + if (alen>(U64(1)<<61) || (sizeof(len)==8 && alenlen.u[0] = alen; + + n = ctx->ares; + if (n) { + while (n && len) { + ctx->Xi.c[n] ^= *(aad++); + --len; + n = (n+1)%16; + } + if (n==0) GCM_MUL(ctx,Xi); + else { + ctx->ares = n; + return 0; + } + } + +#ifdef GHASH + if ((i = (len&(size_t)-16))) { + GHASH(ctx,aad,i); + aad += i; + len -= i; + } +#else + while (len>=16) { + for (i=0; i<16; ++i) ctx->Xi.c[i] ^= aad[i]; + GCM_MUL(ctx,Xi); + aad += 16; + len -= 16; + } +#endif + if (len) { + n = (unsigned int)len; + for (i=0; iXi.c[i] ^= aad[i]; + } + + ctx->ares = n; + return 0; +} + +int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len) +{ + unsigned int n, ctr; + size_t i; + u64 mlen = ctx->len.u[1]; + block128_f block = ctx->block; + void *key = ctx->key; +#ifdef GCM_FUNCREF_4BIT + void (*gcm_gmult_p)(u64 Xi[2],const u128 Htable[16]) = ctx->gmult; +# ifdef GHASH + void (*gcm_ghash_p)(u64 Xi[2],const u128 Htable[16], + const u8 *inp,size_t len) = ctx->ghash; +# endif +#endif + + mlen += len; + if (mlen>((U64(1)<<36)-32) || (sizeof(len)==8 && mlenlen.u[1] = mlen; + + if (ctx->ares) { + /* First call to encrypt finalizes GHASH(AAD) */ + GCM_MUL(ctx,Xi); + ctx->ares = 0; + } + +#if BYTE_ORDER == LITTLE_ENDIAN +#ifdef BSWAP4 + ctr = BSWAP4(ctx->Yi.d[3]); +#else + ctr = GETU32(ctx->Yi.c+12); +#endif +#else /* BIG_ENDIAN */ + ctr = ctx->Yi.d[3]; +#endif + + n = ctx->mres; +#if !defined(OPENSSL_SMALL_FOOTPRINT) + if (16%sizeof(size_t) == 0) do { /* always true actually */ + if (n) { + while (n && len) { + ctx->Xi.c[n] ^= *(out++) = *(in++)^ctx->EKi.c[n]; + --len; + n = (n+1)%16; + } + if (n==0) GCM_MUL(ctx,Xi); + else { + ctx->mres = n; + return 0; + } + } +#ifdef __STRICT_ALIGNMENT + if (((size_t)in|(size_t)out)%sizeof(size_t) != 0) + break; +#endif +#if defined(GHASH) && defined(GHASH_CHUNK) + while (len>=GHASH_CHUNK) { + size_t j=GHASH_CHUNK; + + while (j) { + size_t *out_t=(size_t *)out; + const size_t *in_t=(const size_t *)in; + + (*block)(ctx->Yi.c,ctx->EKi.c,key); + ++ctr; +#if BYTE_ORDER == LITTLE_ENDIAN +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else + PUTU32(ctx->Yi.c+12,ctr); +#endif +#else /* BIG_ENDIAN */ + ctx->Yi.d[3] = ctr; +#endif + for (i=0; i<16/sizeof(size_t); ++i) + out_t[i] = in_t[i] ^ ctx->EKi.t[i]; + out += 16; + in += 16; + j -= 16; + } + GHASH(ctx,out-GHASH_CHUNK,GHASH_CHUNK); + len -= GHASH_CHUNK; + } + if ((i = (len&(size_t)-16))) { + size_t j=i; + + while (len>=16) { + size_t *out_t=(size_t *)out; + const size_t *in_t=(const size_t *)in; + + (*block)(ctx->Yi.c,ctx->EKi.c,key); + ++ctr; +#if BYTE_ORDER == LITTLE_ENDIAN +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else + PUTU32(ctx->Yi.c+12,ctr); +#endif +#else /* BIG_ENDIAN */ + ctx->Yi.d[3] = ctr; +#endif + for (i=0; i<16/sizeof(size_t); ++i) + out_t[i] = in_t[i] ^ ctx->EKi.t[i]; + out += 16; + in += 16; + len -= 16; + } + GHASH(ctx,out-j,j); + } +#else + while (len>=16) { + size_t *out_t=(size_t *)out; + const size_t *in_t=(const size_t *)in; + + (*block)(ctx->Yi.c,ctx->EKi.c,key); + ++ctr; +#if BYTE_ORDER == LITTLE_ENDIAN +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else + PUTU32(ctx->Yi.c+12,ctr); +#endif +#else /* BIG_ENDIAN */ + ctx->Yi.d[3] = ctr; +#endif + for (i=0; i<16/sizeof(size_t); ++i) + ctx->Xi.t[i] ^= + out_t[i] = in_t[i]^ctx->EKi.t[i]; + GCM_MUL(ctx,Xi); + out += 16; + in += 16; + len -= 16; + } +#endif + if (len) { + (*block)(ctx->Yi.c,ctx->EKi.c,key); + ++ctr; +#if BYTE_ORDER == LITTLE_ENDIAN +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else + PUTU32(ctx->Yi.c+12,ctr); +#endif +#else /* BIG_ENDIAN */ + ctx->Yi.d[3] = ctr; +#endif + while (len--) { + ctx->Xi.c[n] ^= out[n] = in[n]^ctx->EKi.c[n]; + ++n; + } + } + + ctx->mres = n; + return 0; + } while(0); +#endif + for (i=0;iYi.c,ctx->EKi.c,key); + ++ctr; +#if BYTE_ORDER == LITTLE_ENDIAN +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else + PUTU32(ctx->Yi.c+12,ctr); +#endif +#else /* BIG_ENDIAN */ + ctx->Yi.d[3] = ctr; +#endif + } + ctx->Xi.c[n] ^= out[i] = in[i]^ctx->EKi.c[n]; + n = (n+1)%16; + if (n==0) + GCM_MUL(ctx,Xi); + } + + ctx->mres = n; + return 0; +} + +int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len) +{ + unsigned int n, ctr; + size_t i; + u64 mlen = ctx->len.u[1]; + block128_f block = ctx->block; + void *key = ctx->key; +#ifdef GCM_FUNCREF_4BIT + void (*gcm_gmult_p)(u64 Xi[2],const u128 Htable[16]) = ctx->gmult; +# ifdef GHASH + void (*gcm_ghash_p)(u64 Xi[2],const u128 Htable[16], + const u8 *inp,size_t len) = ctx->ghash; +# endif +#endif + + mlen += len; + if (mlen>((U64(1)<<36)-32) || (sizeof(len)==8 && mlenlen.u[1] = mlen; + + if (ctx->ares) { + /* First call to decrypt finalizes GHASH(AAD) */ + GCM_MUL(ctx,Xi); + ctx->ares = 0; + } + +#if BYTE_ORDER == LITTLE_ENDIAN +#ifdef BSWAP4 + ctr = BSWAP4(ctx->Yi.d[3]); +#else + ctr = GETU32(ctx->Yi.c+12); +#endif +#else /* BIG_ENDIAN */ + ctr = ctx->Yi.d[3]; +#endif + + n = ctx->mres; +#if !defined(OPENSSL_SMALL_FOOTPRINT) + if (16%sizeof(size_t) == 0) do { /* always true actually */ + if (n) { + while (n && len) { + u8 c = *(in++); + *(out++) = c^ctx->EKi.c[n]; + ctx->Xi.c[n] ^= c; + --len; + n = (n+1)%16; + } + if (n==0) GCM_MUL (ctx,Xi); + else { + ctx->mres = n; + return 0; + } + } +#ifdef __STRICT_ALIGNMENT + if (((size_t)in|(size_t)out)%sizeof(size_t) != 0) + break; +#endif +#if defined(GHASH) && defined(GHASH_CHUNK) + while (len>=GHASH_CHUNK) { + size_t j=GHASH_CHUNK; + + GHASH(ctx,in,GHASH_CHUNK); + while (j) { + size_t *out_t=(size_t *)out; + const size_t *in_t=(const size_t *)in; + + (*block)(ctx->Yi.c,ctx->EKi.c,key); + ++ctr; +#if BYTE_ORDER == LITTLE_ENDIAN +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else + PUTU32(ctx->Yi.c+12,ctr); +#endif +#else /* BIG_ENDIAN */ + ctx->Yi.d[3] = ctr; +#endif + for (i=0; i<16/sizeof(size_t); ++i) + out_t[i] = in_t[i]^ctx->EKi.t[i]; + out += 16; + in += 16; + j -= 16; + } + len -= GHASH_CHUNK; + } + if ((i = (len&(size_t)-16))) { + GHASH(ctx,in,i); + while (len>=16) { + size_t *out_t=(size_t *)out; + const size_t *in_t=(const size_t *)in; + + (*block)(ctx->Yi.c,ctx->EKi.c,key); + ++ctr; +#if BYTE_ORDER == LITTLE_ENDIAN +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else + PUTU32(ctx->Yi.c+12,ctr); +#endif +#else /* BIG_ENDIAN */ + ctx->Yi.d[3] = ctr; +#endif + for (i=0; i<16/sizeof(size_t); ++i) + out_t[i] = in_t[i]^ctx->EKi.t[i]; + out += 16; + in += 16; + len -= 16; + } + } +#else + while (len>=16) { + size_t *out_t=(size_t *)out; + const size_t *in_t=(const size_t *)in; + + (*block)(ctx->Yi.c,ctx->EKi.c,key); + ++ctr; +#if BYTE_ORDER == LITTLE_ENDIAN +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else + PUTU32(ctx->Yi.c+12,ctr); +#endif +#else /* BIG_ENDIAN */ + ctx->Yi.d[3] = ctr; +#endif + for (i=0; i<16/sizeof(size_t); ++i) { + size_t c = in[i]; + out[i] = c^ctx->EKi.t[i]; + ctx->Xi.t[i] ^= c; + } + GCM_MUL(ctx,Xi); + out += 16; + in += 16; + len -= 16; + } +#endif + if (len) { + (*block)(ctx->Yi.c,ctx->EKi.c,key); + ++ctr; +#if BYTE_ORDER == LITTLE_ENDIAN +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else + PUTU32(ctx->Yi.c+12,ctr); +#endif +#else /* BIG_ENDIAN */ + ctx->Yi.d[3] = ctr; +#endif + while (len--) { + u8 c = in[n]; + ctx->Xi.c[n] ^= c; + out[n] = c^ctx->EKi.c[n]; + ++n; + } + } + + ctx->mres = n; + return 0; + } while(0); +#endif + for (i=0;iYi.c,ctx->EKi.c,key); + ++ctr; +#if BYTE_ORDER == LITTLE_ENDIAN +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else + PUTU32(ctx->Yi.c+12,ctr); +#endif +#else /* BIG_ENDIAN */ + ctx->Yi.d[3] = ctr; +#endif + } + c = in[i]; + out[i] = c^ctx->EKi.c[n]; + ctx->Xi.c[n] ^= c; + n = (n+1)%16; + if (n==0) + GCM_MUL(ctx,Xi); + } + + ctx->mres = n; + return 0; +} + +int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len, ctr128_f stream) +{ + unsigned int n, ctr; + size_t i; + u64 mlen = ctx->len.u[1]; + void *key = ctx->key; +#ifdef GCM_FUNCREF_4BIT + void (*gcm_gmult_p)(u64 Xi[2],const u128 Htable[16]) = ctx->gmult; +# ifdef GHASH + void (*gcm_ghash_p)(u64 Xi[2],const u128 Htable[16], + const u8 *inp,size_t len) = ctx->ghash; +# endif +#endif + + mlen += len; + if (mlen>((U64(1)<<36)-32) || (sizeof(len)==8 && mlenlen.u[1] = mlen; + + if (ctx->ares) { + /* First call to encrypt finalizes GHASH(AAD) */ + GCM_MUL(ctx,Xi); + ctx->ares = 0; + } + +#if BYTE_ORDER == LITTLE_ENDIAN +#ifdef BSWAP4 + ctr = BSWAP4(ctx->Yi.d[3]); +#else + ctr = GETU32(ctx->Yi.c+12); +#endif +#else /* BIG_ENDIAN */ + ctr = ctx->Yi.d[3]; +#endif + + n = ctx->mres; + if (n) { + while (n && len) { + ctx->Xi.c[n] ^= *(out++) = *(in++)^ctx->EKi.c[n]; + --len; + n = (n+1)%16; + } + if (n==0) GCM_MUL(ctx,Xi); + else { + ctx->mres = n; + return 0; + } + } +#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT) + while (len>=GHASH_CHUNK) { + (*stream)(in,out,GHASH_CHUNK/16,key,ctx->Yi.c); + ctr += GHASH_CHUNK/16; +#if BYTE_ORDER == LITTLE_ENDIAN +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else + PUTU32(ctx->Yi.c+12,ctr); +#endif +#else /* BIG_ENDIAN */ + ctx->Yi.d[3] = ctr; +#endif + GHASH(ctx,out,GHASH_CHUNK); + out += GHASH_CHUNK; + in += GHASH_CHUNK; + len -= GHASH_CHUNK; + } +#endif + if ((i = (len&(size_t)-16))) { + size_t j=i/16; + + (*stream)(in,out,j,key,ctx->Yi.c); + ctr += (unsigned int)j; +#if BYTE_ORDER == LITTLE_ENDIAN +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else + PUTU32(ctx->Yi.c+12,ctr); +#endif +#else /* BIG_ENDIAN */ + ctx->Yi.d[3] = ctr; +#endif + in += i; + len -= i; +#if defined(GHASH) + GHASH(ctx,out,i); + out += i; +#else + while (j--) { + for (i=0;i<16;++i) ctx->Xi.c[i] ^= out[i]; + GCM_MUL(ctx,Xi); + out += 16; + } +#endif + } + if (len) { + (*ctx->block)(ctx->Yi.c,ctx->EKi.c,key); + ++ctr; +#if BYTE_ORDER == LITTLE_ENDIAN +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else + PUTU32(ctx->Yi.c+12,ctr); +#endif +#else /* BIG_ENDIAN */ + ctx->Yi.d[3] = ctr; +#endif + while (len--) { + ctx->Xi.c[n] ^= out[n] = in[n]^ctx->EKi.c[n]; + ++n; + } + } + + ctx->mres = n; + return 0; +} + +int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len,ctr128_f stream) +{ + unsigned int n, ctr; + size_t i; + u64 mlen = ctx->len.u[1]; + void *key = ctx->key; +#ifdef GCM_FUNCREF_4BIT + void (*gcm_gmult_p)(u64 Xi[2],const u128 Htable[16]) = ctx->gmult; +# ifdef GHASH + void (*gcm_ghash_p)(u64 Xi[2],const u128 Htable[16], + const u8 *inp,size_t len) = ctx->ghash; +# endif +#endif + + mlen += len; + if (mlen>((U64(1)<<36)-32) || (sizeof(len)==8 && mlenlen.u[1] = mlen; + + if (ctx->ares) { + /* First call to decrypt finalizes GHASH(AAD) */ + GCM_MUL(ctx,Xi); + ctx->ares = 0; + } + +#if BYTE_ORDER == LITTLE_ENDIAN +#ifdef BSWAP4 + ctr = BSWAP4(ctx->Yi.d[3]); +#else + ctr = GETU32(ctx->Yi.c+12); +#endif +#else /* BIG_ENDIAN */ + ctr = ctx->Yi.d[3]; +#endif + + n = ctx->mres; + if (n) { + while (n && len) { + u8 c = *(in++); + *(out++) = c^ctx->EKi.c[n]; + ctx->Xi.c[n] ^= c; + --len; + n = (n+1)%16; + } + if (n==0) GCM_MUL (ctx,Xi); + else { + ctx->mres = n; + return 0; + } + } +#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT) + while (len>=GHASH_CHUNK) { + GHASH(ctx,in,GHASH_CHUNK); + (*stream)(in,out,GHASH_CHUNK/16,key,ctx->Yi.c); + ctr += GHASH_CHUNK/16; +#if BYTE_ORDER == LITTLE_ENDIAN +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else + PUTU32(ctx->Yi.c+12,ctr); +#endif +#else /* BIG_ENDIAN */ + ctx->Yi.d[3] = ctr; +#endif + out += GHASH_CHUNK; + in += GHASH_CHUNK; + len -= GHASH_CHUNK; + } +#endif + if ((i = (len&(size_t)-16))) { + size_t j=i/16; + +#if defined(GHASH) + GHASH(ctx,in,i); +#else + while (j--) { + size_t k; + for (k=0;k<16;++k) ctx->Xi.c[k] ^= in[k]; + GCM_MUL(ctx,Xi); + in += 16; + } + j = i/16; + in -= i; +#endif + (*stream)(in,out,j,key,ctx->Yi.c); + ctr += (unsigned int)j; +#if BYTE_ORDER == LITTLE_ENDIAN +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else + PUTU32(ctx->Yi.c+12,ctr); +#endif +#else /* BIG_ENDIAN */ + ctx->Yi.d[3] = ctr; +#endif + out += i; + in += i; + len -= i; + } + if (len) { + (*ctx->block)(ctx->Yi.c,ctx->EKi.c,key); + ++ctr; +#if BYTE_ORDER == LITTLE_ENDIAN +#ifdef BSWAP4 + ctx->Yi.d[3] = BSWAP4(ctr); +#else + PUTU32(ctx->Yi.c+12,ctr); +#endif +#else /* BIG_ENDIAN */ + ctx->Yi.d[3] = ctr; +#endif + while (len--) { + u8 c = in[n]; + ctx->Xi.c[n] ^= c; + out[n] = c^ctx->EKi.c[n]; + ++n; + } + } + + ctx->mres = n; + return 0; +} + +int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx,const unsigned char *tag, + size_t len) +{ + u64 alen = ctx->len.u[0]<<3; + u64 clen = ctx->len.u[1]<<3; +#ifdef GCM_FUNCREF_4BIT + void (*gcm_gmult_p)(u64 Xi[2],const u128 Htable[16]) = ctx->gmult; +#endif + + if (ctx->mres || ctx->ares) + GCM_MUL(ctx,Xi); + +#if BYTE_ORDER == LITTLE_ENDIAN +#ifdef BSWAP8 + alen = BSWAP8(alen); + clen = BSWAP8(clen); +#else + { + u8 *p = ctx->len.c; + + ctx->len.u[0] = alen; + ctx->len.u[1] = clen; + + alen = (u64)GETU32(p) <<32|GETU32(p+4); + clen = (u64)GETU32(p+8)<<32|GETU32(p+12); + } +#endif +#endif + + ctx->Xi.u[0] ^= alen; + ctx->Xi.u[1] ^= clen; + GCM_MUL(ctx,Xi); + + ctx->Xi.u[0] ^= ctx->EK0.u[0]; + ctx->Xi.u[1] ^= ctx->EK0.u[1]; + + if (tag && len<=sizeof(ctx->Xi)) + return memcmp(ctx->Xi.c,tag,len); + else + return -1; +} + +void CRYPTO_gcm128_tag(GCM128_CONTEXT *ctx, unsigned char *tag, size_t len) +{ + CRYPTO_gcm128_finish(ctx, NULL, 0); + memcpy(tag, ctx->Xi.c, len<=sizeof(ctx->Xi.c)?len:sizeof(ctx->Xi.c)); +} + +GCM128_CONTEXT *CRYPTO_gcm128_new(void *key, block128_f block) +{ + GCM128_CONTEXT *ret; + + if ((ret = malloc(sizeof(GCM128_CONTEXT)))) + CRYPTO_gcm128_init(ret,key,block); + + return ret; +} + +void CRYPTO_gcm128_release(GCM128_CONTEXT *ctx) +{ + freezero(ctx, sizeof(*ctx)); +} diff --git a/src/lib/libcrypto/modes/modes.h b/src/lib/libcrypto/modes/modes.h new file mode 100644 index 00000000000..67ec7518d62 --- /dev/null +++ b/src/lib/libcrypto/modes/modes.h @@ -0,0 +1,144 @@ +/* $OpenBSD: modes.h,v 1.3 2018/07/24 10:47:19 bcook Exp $ */ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Rights for redistribution and usage in source and binary + * forms are granted according to the OpenSSL license. + */ + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +typedef void (*block128_f)(const unsigned char in[16], + unsigned char out[16], + const void *key); + +typedef void (*cbc128_f)(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], int enc); + +typedef void (*ctr128_f)(const unsigned char *in, unsigned char *out, + size_t blocks, const void *key, + const unsigned char ivec[16]); + +typedef void (*ccm128_f)(const unsigned char *in, unsigned char *out, + size_t blocks, const void *key, + const unsigned char ivec[16],unsigned char cmac[16]); + +void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], block128_f block); +void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], block128_f block); + +void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], unsigned char ecount_buf[16], + unsigned int *num, block128_f block); + +void CRYPTO_ctr128_encrypt_ctr32(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], unsigned char ecount_buf[16], + unsigned int *num, ctr128_f ctr); + +void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], int *num, + block128_f block); + +void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block); +void CRYPTO_cfb128_8_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block); +void CRYPTO_cfb128_1_encrypt(const unsigned char *in, unsigned char *out, + size_t bits, const void *key, + unsigned char ivec[16], int *num, + int enc, block128_f block); + +size_t CRYPTO_cts128_encrypt_block(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], block128_f block); +size_t CRYPTO_cts128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); +size_t CRYPTO_cts128_decrypt_block(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], block128_f block); +size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); + +size_t CRYPTO_nistcts128_encrypt_block(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], block128_f block); +size_t CRYPTO_nistcts128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); +size_t CRYPTO_nistcts128_decrypt_block(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], block128_f block); +size_t CRYPTO_nistcts128_decrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], cbc128_f cbc); + +typedef struct gcm128_context GCM128_CONTEXT; + +GCM128_CONTEXT *CRYPTO_gcm128_new(void *key, block128_f block); +void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx,void *key,block128_f block); +void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const unsigned char *iv, + size_t len); +int CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx, const unsigned char *aad, + size_t len); +int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len); +int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len); +int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len, ctr128_f stream); +int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, + const unsigned char *in, unsigned char *out, + size_t len, ctr128_f stream); +int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx,const unsigned char *tag, + size_t len); +void CRYPTO_gcm128_tag(GCM128_CONTEXT *ctx, unsigned char *tag, size_t len); +void CRYPTO_gcm128_release(GCM128_CONTEXT *ctx); + +typedef struct ccm128_context CCM128_CONTEXT; + +void CRYPTO_ccm128_init(CCM128_CONTEXT *ctx, + unsigned int M, unsigned int L, void *key,block128_f block); +int CRYPTO_ccm128_setiv(CCM128_CONTEXT *ctx, + const unsigned char *nonce, size_t nlen, size_t mlen); +void CRYPTO_ccm128_aad(CCM128_CONTEXT *ctx, + const unsigned char *aad, size_t alen); +int CRYPTO_ccm128_encrypt(CCM128_CONTEXT *ctx, + const unsigned char *inp, unsigned char *out, size_t len); +int CRYPTO_ccm128_decrypt(CCM128_CONTEXT *ctx, + const unsigned char *inp, unsigned char *out, size_t len); +int CRYPTO_ccm128_encrypt_ccm64(CCM128_CONTEXT *ctx, + const unsigned char *inp, unsigned char *out, size_t len, + ccm128_f stream); +int CRYPTO_ccm128_decrypt_ccm64(CCM128_CONTEXT *ctx, + const unsigned char *inp, unsigned char *out, size_t len, + ccm128_f stream); +size_t CRYPTO_ccm128_tag(CCM128_CONTEXT *ctx, unsigned char *tag, size_t len); + +typedef struct xts128_context XTS128_CONTEXT; + +int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, const unsigned char iv[16], + const unsigned char *inp, unsigned char *out, size_t len, int enc); + +#ifdef __cplusplus +} +#endif diff --git a/src/lib/libcrypto/modes/modes_lcl.h b/src/lib/libcrypto/modes/modes_lcl.h new file mode 100644 index 00000000000..f8830e4deba --- /dev/null +++ b/src/lib/libcrypto/modes/modes_lcl.h @@ -0,0 +1,111 @@ +/* $OpenBSD: modes_lcl.h,v 1.10 2016/12/21 15:49:29 jsing Exp $ */ +/* ==================================================================== + * Copyright (c) 2010 The OpenSSL Project. All rights reserved. + * + * Redistribution and use is governed by OpenSSL license. + * ==================================================================== + */ + +#include + +#include + +#include + +__BEGIN_HIDDEN_DECLS + +#if defined(_LP64) +typedef long i64; +typedef unsigned long u64; +#define U64(C) C##UL +#else +typedef long long i64; +typedef unsigned long long u64; +#define U64(C) C##ULL +#endif + +typedef unsigned int u32; +typedef unsigned char u8; + +#if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) +#if defined(__GNUC__) && __GNUC__>=2 +# if defined(__x86_64) || defined(__x86_64__) +# define BSWAP8(x) ({ u64 ret=(x); \ + asm ("bswapq %0" \ + : "+r"(ret)); ret; }) +# define BSWAP4(x) ({ u32 ret=(x); \ + asm ("bswapl %0" \ + : "+r"(ret)); ret; }) +# elif (defined(__i386) || defined(__i386__)) +# define BSWAP8(x) ({ u32 lo=(u64)(x)>>32,hi=(x); \ + asm ("bswapl %0; bswapl %1" \ + : "+r"(hi),"+r"(lo)); \ + (u64)hi<<32|lo; }) +# define BSWAP4(x) ({ u32 ret=(x); \ + asm ("bswapl %0" \ + : "+r"(ret)); ret; }) +# elif (defined(__arm__) || defined(__arm)) && !defined(__STRICT_ALIGNMENT) +# define BSWAP8(x) ({ u32 lo=(u64)(x)>>32,hi=(x); \ + asm ("rev %0,%0; rev %1,%1" \ + : "+r"(hi),"+r"(lo)); \ + (u64)hi<<32|lo; }) +# define BSWAP4(x) ({ u32 ret; \ + asm ("rev %0,%1" \ + : "=r"(ret) : "r"((u32)(x))); \ + ret; }) +# endif +#endif +#endif + +#if defined(BSWAP4) && !defined(__STRICT_ALIGNMENT) +#define GETU32(p) BSWAP4(*(const u32 *)(p)) +#define PUTU32(p,v) *(u32 *)(p) = BSWAP4(v) +#else +#define GETU32(p) ((u32)(p)[0]<<24|(u32)(p)[1]<<16|(u32)(p)[2]<<8|(u32)(p)[3]) +#define PUTU32(p,v) ((p)[0]=(u8)((v)>>24),(p)[1]=(u8)((v)>>16),(p)[2]=(u8)((v)>>8),(p)[3]=(u8)(v)) +#endif + +/* GCM definitions */ + +typedef struct { u64 hi,lo; } u128; + +#ifdef TABLE_BITS +#undef TABLE_BITS +#endif +/* + * Even though permitted values for TABLE_BITS are 8, 4 and 1, it should + * never be set to 8 [or 1]. For further information see gcm128.c. + */ +#define TABLE_BITS 4 + +struct gcm128_context { + /* Following 6 names follow names in GCM specification */ + union { u64 u[2]; u32 d[4]; u8 c[16]; size_t t[16/sizeof(size_t)]; } + Yi,EKi,EK0,len,Xi,H; + /* Relative position of Xi, H and pre-computed Htable is used + * in some assembler modules, i.e. don't change the order! */ +#if TABLE_BITS==8 + u128 Htable[256]; +#else + u128 Htable[16]; + void (*gmult)(u64 Xi[2],const u128 Htable[16]); + void (*ghash)(u64 Xi[2],const u128 Htable[16],const u8 *inp,size_t len); +#endif + unsigned int mres, ares; + block128_f block; + void *key; +}; + +struct xts128_context { + void *key1, *key2; + block128_f block1,block2; +}; + +struct ccm128_context { + union { u64 u[2]; u8 c[16]; } nonce, cmac; + u64 blocks; + block128_f block; + void *key; +}; + +__END_HIDDEN_DECLS diff --git a/src/lib/libcrypto/modes/ofb128.c b/src/lib/libcrypto/modes/ofb128.c new file mode 100644 index 00000000000..1b8a6fd500d --- /dev/null +++ b/src/lib/libcrypto/modes/ofb128.c @@ -0,0 +1,119 @@ +/* $OpenBSD: ofb128.c,v 1.4 2015/02/10 09:46:30 miod Exp $ */ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ + +#include +#include "modes_lcl.h" +#include + +#ifndef MODES_DEBUG +# ifndef NDEBUG +# define NDEBUG +# endif +#endif + +/* The input and output encrypted as though 128bit ofb mode is being + * used. The extra state information to record how much of the + * 128bit block we have used is contained in *num; + */ +void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out, + size_t len, const void *key, + unsigned char ivec[16], int *num, + block128_f block) +{ + unsigned int n; + size_t l=0; + + n = *num; + +#if !defined(OPENSSL_SMALL_FOOTPRINT) + if (16%sizeof(size_t) == 0) do { /* always true actually */ + while (n && len) { + *(out++) = *(in++) ^ ivec[n]; + --len; + n = (n+1) % 16; + } +#ifdef __STRICT_ALIGNMENT + if (((size_t)in|(size_t)out|(size_t)ivec)%sizeof(size_t) != 0) + break; +#endif + while (len>=16) { + (*block)(ivec, ivec, key); + for (; n<16; n+=sizeof(size_t)) + *(size_t*)(out+n) = + *(size_t*)(in+n) ^ *(size_t*)(ivec+n); + len -= 16; + out += 16; + in += 16; + n = 0; + } + if (len) { + (*block)(ivec, ivec, key); + while (len--) { + out[n] = in[n] ^ ivec[n]; + ++n; + } + } + *num = n; + return; + } while(0); + /* the rest would be commonly eliminated by x86* compiler */ +#endif + while (l +#include +#include "modes_lcl.h" +#include + +#ifndef MODES_DEBUG +# ifndef NDEBUG +# define NDEBUG +# endif +#endif + +int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, const unsigned char iv[16], + const unsigned char *inp, unsigned char *out, + size_t len, int enc) +{ + union { u64 u[2]; u32 d[4]; u8 c[16]; } tweak, scratch; + unsigned int i; + + if (len<16) return -1; + + memcpy(tweak.c, iv, 16); + + (*ctx->block2)(tweak.c,tweak.c,ctx->key2); + + if (!enc && (len%16)) len-=16; + + while (len>=16) { +#ifdef __STRICT_ALIGNMENT + memcpy(scratch.c,inp,16); + scratch.u[0] ^= tweak.u[0]; + scratch.u[1] ^= tweak.u[1]; +#else + scratch.u[0] = ((u64*)inp)[0]^tweak.u[0]; + scratch.u[1] = ((u64*)inp)[1]^tweak.u[1]; +#endif + (*ctx->block1)(scratch.c,scratch.c,ctx->key1); +#ifdef __STRICT_ALIGNMENT + scratch.u[0] ^= tweak.u[0]; + scratch.u[1] ^= tweak.u[1]; + memcpy(out,scratch.c,16); +#else + ((u64*)out)[0] = scratch.u[0]^=tweak.u[0]; + ((u64*)out)[1] = scratch.u[1]^=tweak.u[1]; +#endif + inp += 16; + out += 16; + len -= 16; + + if (len==0) return 0; + +#if BYTE_ORDER == LITTLE_ENDIAN + unsigned int carry,res; + + res = 0x87&(((int)tweak.d[3])>>31); + carry = (unsigned int)(tweak.u[0]>>63); + tweak.u[0] = (tweak.u[0]<<1)^res; + tweak.u[1] = (tweak.u[1]<<1)|carry; +#else /* BIG_ENDIAN */ + size_t c; + + for (c=0,i=0;i<16;++i) { + /*+ substitutes for |, because c is 1 bit */ + c += ((size_t)tweak.c[i])<<1; + tweak.c[i] = (u8)c; + c = c>>8; + } + tweak.c[0] ^= (u8)(0x87&(0-c)); +#endif + } + if (enc) { + for (i=0;iblock1)(scratch.c,scratch.c,ctx->key1); + scratch.u[0] ^= tweak.u[0]; + scratch.u[1] ^= tweak.u[1]; + memcpy(out-16,scratch.c,16); + } + else { + union { u64 u[2]; u8 c[16]; } tweak1; + +#if BYTE_ORDER == LITTLE_ENDIAN + unsigned int carry,res; + + res = 0x87&(((int)tweak.d[3])>>31); + carry = (unsigned int)(tweak.u[0]>>63); + tweak1.u[0] = (tweak.u[0]<<1)^res; + tweak1.u[1] = (tweak.u[1]<<1)|carry; +#else + size_t c; + + for (c=0,i=0;i<16;++i) { + /*+ substitutes for |, because c is 1 bit */ + c += ((size_t)tweak.c[i])<<1; + tweak1.c[i] = (u8)c; + c = c>>8; + } + tweak1.c[0] ^= (u8)(0x87&(0-c)); +#endif +#ifdef __STRICT_ALIGNMENT + memcpy(scratch.c,inp,16); + scratch.u[0] ^= tweak1.u[0]; + scratch.u[1] ^= tweak1.u[1]; +#else + scratch.u[0] = ((u64*)inp)[0]^tweak1.u[0]; + scratch.u[1] = ((u64*)inp)[1]^tweak1.u[1]; +#endif + (*ctx->block1)(scratch.c,scratch.c,ctx->key1); + scratch.u[0] ^= tweak1.u[0]; + scratch.u[1] ^= tweak1.u[1]; + + for (i=0;iblock1)(scratch.c,scratch.c,ctx->key1); +#ifdef __STRICT_ALIGNMENT + scratch.u[0] ^= tweak.u[0]; + scratch.u[1] ^= tweak.u[1]; + memcpy (out,scratch.c,16); +#else + ((u64*)out)[0] = scratch.u[0]^tweak.u[0]; + ((u64*)out)[1] = scratch.u[1]^tweak.u[1]; +#endif + } + + return 0; +} diff --git a/src/lib/libcrypto/o_init.c b/src/lib/libcrypto/o_init.c new file mode 100644 index 00000000000..2f819eac958 --- /dev/null +++ b/src/lib/libcrypto/o_init.c @@ -0,0 +1,10 @@ +/* $OpenBSD: o_init.c,v 1.8 2014/06/12 15:49:27 deraadt Exp $ */ +/* Ted Unangst places this file in the public domain. */ + +#include + +void +OPENSSL_init(void) +{ + +} diff --git a/src/lib/libcrypto/o_str.c b/src/lib/libcrypto/o_str.c new file mode 100644 index 00000000000..f05889e4c87 --- /dev/null +++ b/src/lib/libcrypto/o_str.c @@ -0,0 +1,21 @@ +/* $OpenBSD: o_str.c,v 1.9 2014/07/09 20:22:14 tedu Exp $ */ +/* + * Written by Theo de Raadt. Public domain. + */ + +#include + +int OPENSSL_strcasecmp(const char *str1, const char *str2); +int OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n); + +int +OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n) +{ + return strncasecmp(str1, str2, n); +} + +int +OPENSSL_strcasecmp(const char *str1, const char *str2) +{ + return strcasecmp(str1, str2); +} diff --git a/src/lib/libcrypto/o_time.c b/src/lib/libcrypto/o_time.c index 1bc0297b365..9b2e7e5b5e5 100644 --- a/src/lib/libcrypto/o_time.c +++ b/src/lib/libcrypto/o_time.c @@ -1,7 +1,10 @@ -/* crypto/o_time.c -*- mode:C; c-file-style: "eay" -*- */ +/* $OpenBSD: o_time.c,v 1.15 2014/06/12 15:49:27 deraadt Exp $ */ /* Written by Richard Levitte (richard@levitte.org) for the OpenSSL * project 2001. */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2008. + */ /* ==================================================================== * Copyright (c) 2001 The OpenSSL Project. All rights reserved. * @@ -10,7 +13,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -56,148 +59,103 @@ * */ -#include #include + #include "o_time.h" -#ifdef OPENSSL_SYS_VMS -# include -# include -# include -# include -# include -# include -#endif - -struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result) - { - struct tm *ts = NULL; - -#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_OS2) && !defined(__CYGWIN32__) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_MACOSX) - /* should return &data, but doesn't on some systems, - so we don't even look at the return value */ - gmtime_r(timer,result); - ts = result; -#elif !defined(OPENSSL_SYS_VMS) - ts = gmtime(timer); - memcpy(result, ts, sizeof(struct tm)); - ts = result; -#endif -#ifdef OPENSSL_SYS_VMS - if (ts == NULL) - { - static $DESCRIPTOR(tabnam,"LNM$DCL_LOGICAL"); - static $DESCRIPTOR(lognam,"SYS$TIMEZONE_DIFFERENTIAL"); - char logvalue[256]; - unsigned int reslen = 0; - struct { - short buflen; - short code; - void *bufaddr; - unsigned int *reslen; - } itemlist[] = { - { 0, LNM$_STRING, 0, 0 }, - { 0, 0, 0, 0 }, - }; - int status; - time_t t; - - /* Get the value for SYS$TIMEZONE_DIFFERENTIAL */ - itemlist[0].buflen = sizeof(logvalue); - itemlist[0].bufaddr = logvalue; - itemlist[0].reslen = &reslen; - status = sys$trnlnm(0, &tabnam, &lognam, 0, itemlist); - if (!(status & 1)) - return NULL; - logvalue[reslen] = '\0'; - - /* Get the numerical value of the equivalence string */ - status = atoi(logvalue); - - /* and use it to move time to GMT */ - t = *timer - status; - - /* then convert the result to the time structure */ -#ifndef OPENSSL_THREADS - ts=(struct tm *)localtime(&t); -#else - /* Since there was no gmtime_r() to do this stuff for us, - we have to do it the hard way. */ - { - /* The VMS epoch is the astronomical Smithsonian date, - if I remember correctly, which is November 17, 1858. - Furthermore, time is measure in thenths of microseconds - and stored in quadwords (64 bit integers). unix_epoch - below is January 1st 1970 expressed as a VMS time. The - following code was used to get this number: - - #include - #include - #include - #include - - main() - { - unsigned long systime[2]; - unsigned short epoch_values[7] = - { 1970, 1, 1, 0, 0, 0, 0 }; - - lib$cvt_vectim(epoch_values, systime); - - printf("%u %u", systime[0], systime[1]); - } - */ - unsigned long unix_epoch[2] = { 1273708544, 8164711 }; - unsigned long deltatime[2]; - unsigned long systime[2]; - struct vms_vectime - { - short year, month, day, hour, minute, second, - centi_second; - } time_values; - long operation; - - /* Turn the number of seconds since January 1st 1970 to - an internal delta time. - Note that lib$cvt_to_internal_time() will assume - that t is signed, and will therefore break on 32-bit - systems some time in 2038. - */ - operation = LIB$K_DELTA_SECONDS; - status = lib$cvt_to_internal_time(&operation, - &t, deltatime); - - /* Add the delta time with the Unix epoch and we have - the current UTC time in internal format */ - status = lib$add_times(unix_epoch, deltatime, systime); - - /* Turn the internal time into a time vector */ - status = sys$numtim(&time_values, systime); - - /* Fill in the struct tm with the result */ - result->tm_sec = time_values.second; - result->tm_min = time_values.minute; - result->tm_hour = time_values.hour; - result->tm_mday = time_values.day; - result->tm_mon = time_values.month - 1; - result->tm_year = time_values.year - 1900; - - operation = LIB$K_DAY_OF_WEEK; - status = lib$cvt_from_internal_time(&operation, - &result->tm_wday, systime); - result->tm_wday %= 7; - - operation = LIB$K_DAY_OF_YEAR; - status = lib$cvt_from_internal_time(&operation, - &result->tm_yday, systime); - result->tm_yday--; - - result->tm_isdst = 0; /* There's no way to know... */ - - ts = result; -#endif - } - } -#endif - return ts; - } +/* Take a tm structure and add an offset to it. This avoids any OS issues + * with restricted date types and overflows which cause the year 2038 + * problem. + */ + +#define SECS_PER_DAY (24 * 60 * 60) + +static long date_to_julian(int y, int m, int d); +static void julian_to_date(long jd, int *y, int *m, int *d); + +int +OPENSSL_gmtime_adj(struct tm *tm, int off_day, long offset_sec) +{ + int offset_hms, offset_day; + long time_jd; + int time_year, time_month, time_day; + /* split offset into days and day seconds */ + offset_day = offset_sec / SECS_PER_DAY; + /* Avoid sign issues with % operator */ + offset_hms = offset_sec - (offset_day * SECS_PER_DAY); + offset_day += off_day; + /* Add current time seconds to offset */ + offset_hms += tm->tm_hour * 3600 + tm->tm_min * 60 + tm->tm_sec; + /* Adjust day seconds if overflow */ + if (offset_hms >= SECS_PER_DAY) { + offset_day++; + offset_hms -= SECS_PER_DAY; + } else if (offset_hms < 0) { + offset_day--; + offset_hms += SECS_PER_DAY; + } + + /* Convert date of time structure into a Julian day number. + */ + + time_year = tm->tm_year + 1900; + time_month = tm->tm_mon + 1; + time_day = tm->tm_mday; + + time_jd = date_to_julian(time_year, time_month, time_day); + + /* Work out Julian day of new date */ + time_jd += offset_day; + + if (time_jd < 0) + return 0; + + /* Convert Julian day back to date */ + + julian_to_date(time_jd, &time_year, &time_month, &time_day); + + if (time_year < 1900 || time_year > 9999) + return 0; + + /* Update tm structure */ + + tm->tm_year = time_year - 1900; + tm->tm_mon = time_month - 1; + tm->tm_mday = time_day; + + tm->tm_hour = offset_hms / 3600; + tm->tm_min = (offset_hms / 60) % 60; + tm->tm_sec = offset_hms % 60; + + return 1; + +} + +/* Convert date to and from julian day + * Uses Fliegel & Van Flandern algorithm + */ +static long +date_to_julian(int y, int m, int d) +{ + return (1461 * (y + 4800 + (m - 14) / 12)) / 4 + + (367 * (m - 2 - 12 * ((m - 14) / 12))) / 12 - + (3 * ((y + 4900 + (m - 14) / 12) / 100)) / 4 + + d - 32075; +} + +static void +julian_to_date(long jd, int *y, int *m, int *d) +{ + long L = jd + 68569; + long n = (4 * L) / 146097; + long i, j; + + L = L - (146097 * n + 3) / 4; + i = (4000 * (L + 1)) / 1461001; + L = L - (1461 * i) / 4 + 31; + j = (80 * L) / 2447; + *d = L - (2447 * j) / 80; + L = j / 11; + *m = j + 2 - (12 * L); + *y = 100 * (n - 49) + i + L; +} diff --git a/src/lib/libcrypto/o_time.h b/src/lib/libcrypto/o_time.h index e66044626d1..8c6301db31d 100644 --- a/src/lib/libcrypto/o_time.h +++ b/src/lib/libcrypto/o_time.h @@ -1,4 +1,4 @@ -/* crypto/o_time.h -*- mode:C; c-file-style: "eay" -*- */ +/* $OpenBSD: o_time.h,v 1.7 2016/12/21 15:49:29 jsing Exp $ */ /* Written by Richard Levitte (richard@levitte.org) for the OpenSSL * project 2001. */ @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -61,6 +61,10 @@ #include -struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result); +__BEGIN_HIDDEN_DECLS + +int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, long offset_sec); + +__END_HIDDEN_DECLS #endif diff --git a/src/lib/libcrypto/objects/Makefile.ssl b/src/lib/libcrypto/objects/Makefile.ssl deleted file mode 100644 index 1e990107d32..00000000000 --- a/src/lib/libcrypto/objects/Makefile.ssl +++ /dev/null @@ -1,122 +0,0 @@ -# -# SSLeay/crypto/objects/Makefile -# - -DIR= objects -TOP= ../.. -CC= cc -INCLUDES= -I.. -I$(TOP) -I../../include -CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKE= make -f Makefile.ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) -MAKEFILE= Makefile.ssl -AR= ar r - -CFLAGS= $(INCLUDES) $(CFLAG) - -GENERAL=Makefile README -TEST= -APPS= - -LIB=$(TOP)/libcrypto.a -LIBSRC= o_names.c obj_dat.c obj_lib.c obj_err.c -LIBOBJ= o_names.o obj_dat.o obj_lib.o obj_err.o - -SRC= $(LIBSRC) - -EXHEADER= objects.h obj_mac.h -HEADER= $(EXHEADER) obj_dat.h - -ALL= $(GENERAL) $(SRC) $(HEADER) - -top: - (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) - -all: obj_dat.h lib - -lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) || echo Never mind. - @touch lib - -obj_dat.h: obj_dat.pl obj_mac.h - $(PERL) obj_dat.pl obj_mac.h obj_dat.h - -# objects.pl both reads and writes obj_mac.num -obj_mac.h: objects.pl objects.txt obj_mac.num - $(PERL) objects.pl objects.txt obj_mac.num obj_mac.h - -files: - $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO - -links: - @sh $(TOP)/util/point.sh Makefile.ssl Makefile - @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) - @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) - @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) - -install: - @for i in $(EXHEADER) ; \ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; - -tags: - ctags $(SRC) - -tests: - -lint: - lint -DLINT $(INCLUDES) $(SRC)>fluff - -depend: - $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) - -dclean: - $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new - mv -f Makefile.new $(MAKEFILE) - -clean: - rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff - -# DO NOT DELETE THIS LINE -- make depend depends on it. - -o_names.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -o_names.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -o_names.o: ../../include/openssl/e_os2.h ../../include/openssl/lhash.h -o_names.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -o_names.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -o_names.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -o_names.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -o_names.o: o_names.c -obj_dat.o: ../../e_os.h ../../include/openssl/asn1.h -obj_dat.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -obj_dat.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -obj_dat.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -obj_dat.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -obj_dat.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -obj_dat.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -obj_dat.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -obj_dat.o: ../../include/openssl/symhacks.h ../cryptlib.h obj_dat.c obj_dat.h -obj_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -obj_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -obj_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -obj_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -obj_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -obj_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -obj_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -obj_err.o: ../../include/openssl/symhacks.h obj_err.c -obj_lib.o: ../../e_os.h ../../include/openssl/asn1.h -obj_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -obj_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -obj_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -obj_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -obj_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -obj_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -obj_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -obj_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h obj_lib.c diff --git a/src/lib/libcrypto/objects/o_names.c b/src/lib/libcrypto/objects/o_names.c index b4453b4a987..a9e5f859d57 100644 --- a/src/lib/libcrypto/objects/o_names.c +++ b/src/lib/libcrypto/objects/o_names.c @@ -1,38 +1,29 @@ +/* $OpenBSD: o_names.c,v 1.22 2017/01/29 17:49:23 beck Exp $ */ #include #include #include +#include + +#include #include #include #include -#include - -/* Later versions of DEC C has started to add lnkage information to certain - * functions, which makes it tricky to use them as values to regular function - * pointers. One way is to define a macro that takes care of casting them - * correctly. - */ -#ifdef OPENSSL_SYS_VMS_DECC -# define OPENSSL_strcmp (int (*)(const char *,const char *))strcmp -#else -# define OPENSSL_strcmp strcmp -#endif /* I use the ex_data stuff to manage the identifiers for the obj_name_types * that applications may define. I only really use the free function field. */ -static LHASH *names_lh=NULL; -static int names_type_num=OBJ_NAME_TYPE_NUM; +DECLARE_LHASH_OF(OBJ_NAME); +static LHASH_OF(OBJ_NAME) *names_lh = NULL; +static int names_type_num = OBJ_NAME_TYPE_NUM; -typedef struct name_funcs_st - { +typedef struct name_funcs_st { unsigned long (*hash_func)(const char *name); - int (*cmp_func)(const char *a,const char *b); + int (*cmp_func)(const char *a, const char *b); void (*free_func)(const char *, int, const char *); - } NAME_FUNCS; +} NAME_FUNCS; DECLARE_STACK_OF(NAME_FUNCS) -IMPLEMENT_STACK_OF(NAME_FUNCS) static STACK_OF(NAME_FUNCS) *name_funcs_stack; @@ -43,55 +34,51 @@ static STACK_OF(NAME_FUNCS) *name_funcs_stack; /* static unsigned long obj_name_hash(OBJ_NAME *a); */ static unsigned long obj_name_hash(const void *a_void); /* static int obj_name_cmp(OBJ_NAME *a,OBJ_NAME *b); */ -static int obj_name_cmp(const void *a_void,const void *b_void); - -int OBJ_NAME_init(void) - { - if (names_lh != NULL) return(1); - MemCheck_off(); - names_lh=lh_new(obj_name_hash, obj_name_cmp); - MemCheck_on(); - return(names_lh != NULL); - } +static int obj_name_cmp(const void *a_void, const void *b_void); -int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *), - int (*cmp_func)(const char *, const char *), - void (*free_func)(const char *, int, const char *)) - { +static IMPLEMENT_LHASH_HASH_FN(obj_name, OBJ_NAME) +static IMPLEMENT_LHASH_COMP_FN(obj_name, OBJ_NAME) + +int +OBJ_NAME_init(void) +{ + if (names_lh != NULL) + return (1); + names_lh = lh_OBJ_NAME_new(); + return (names_lh != NULL); +} + +int +OBJ_NAME_new_index(unsigned long (*hash_func)(const char *), + int (*cmp_func)(const char *, const char *), + void (*free_func)(const char *, int, const char *)) +{ int ret; int i; NAME_FUNCS *name_funcs; if (name_funcs_stack == NULL) - { - MemCheck_off(); - name_funcs_stack=sk_NAME_FUNCS_new_null(); - MemCheck_on(); - } - if ((name_funcs_stack == NULL)) - { - /* ERROR */ - return(0); - } - ret=names_type_num; + name_funcs_stack = sk_NAME_FUNCS_new_null(); + if (name_funcs_stack == NULL) + return (0); + + ret = names_type_num; names_type_num++; - for (i=sk_NAME_FUNCS_num(name_funcs_stack); ihash_func = lh_strhash; - name_funcs->cmp_func = OPENSSL_strcmp; - name_funcs->free_func = 0; /* NULL is often declared to - * ((void *)0), which according - * to Compaq C is not really - * compatible with a function - * pointer. -- Richard Levitte*/ - MemCheck_off(); - sk_NAME_FUNCS_push(name_funcs_stack,name_funcs); - MemCheck_on(); + name_funcs->cmp_func = strcmp; + name_funcs->free_func = NULL; + if (sk_NAME_FUNCS_push(name_funcs_stack, name_funcs) == 0) { + free(name_funcs); + OBJerror(ERR_R_MALLOC_FAILURE); + return (0); } + } name_funcs = sk_NAME_FUNCS_value(name_funcs_stack, ret); if (hash_func != NULL) name_funcs->hash_func = hash_func; @@ -99,266 +86,269 @@ int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *), name_funcs->cmp_func = cmp_func; if (free_func != NULL) name_funcs->free_func = free_func; - return(ret); - } + return (ret); +} /* static int obj_name_cmp(OBJ_NAME *a, OBJ_NAME *b) */ -static int obj_name_cmp(const void *a_void, const void *b_void) - { +static int +obj_name_cmp(const void *a_void, const void *b_void) +{ int ret; - OBJ_NAME *a = (OBJ_NAME *)a_void; - OBJ_NAME *b = (OBJ_NAME *)b_void; - - ret=a->type-b->type; - if (ret == 0) - { - if ((name_funcs_stack != NULL) - && (sk_NAME_FUNCS_num(name_funcs_stack) > a->type)) - { - ret=sk_NAME_FUNCS_value(name_funcs_stack, - a->type)->cmp_func(a->name,b->name); - } - else - ret=strcmp(a->name,b->name); - } - return(ret); + const OBJ_NAME *a = (const OBJ_NAME *)a_void; + const OBJ_NAME *b = (const OBJ_NAME *)b_void; + + ret = a->type - b->type; + if (ret == 0) { + if ((name_funcs_stack != NULL) && + (sk_NAME_FUNCS_num(name_funcs_stack) > a->type)) { + ret = sk_NAME_FUNCS_value(name_funcs_stack, + a->type)->cmp_func(a->name, b->name); + } else + ret = strcmp(a->name, b->name); } + return (ret); +} /* static unsigned long obj_name_hash(OBJ_NAME *a) */ -static unsigned long obj_name_hash(const void *a_void) - { +static unsigned long +obj_name_hash(const void *a_void) +{ unsigned long ret; - OBJ_NAME *a = (OBJ_NAME *)a_void; - - if ((name_funcs_stack != NULL) && (sk_NAME_FUNCS_num(name_funcs_stack) > a->type)) - { - ret=sk_NAME_FUNCS_value(name_funcs_stack, - a->type)->hash_func(a->name); - } - else - { - ret=lh_strhash(a->name); - } - ret^=a->type; - return(ret); + const OBJ_NAME *a = (const OBJ_NAME *)a_void; + + if ((name_funcs_stack != NULL) && + (sk_NAME_FUNCS_num(name_funcs_stack) > a->type)) { + ret = sk_NAME_FUNCS_value(name_funcs_stack, + a->type)->hash_func(a->name); + } else { + ret = lh_strhash(a->name); } + ret ^= a->type; + return (ret); +} -const char *OBJ_NAME_get(const char *name, int type) - { - OBJ_NAME on,*ret; - int num=0,alias; +const char * +OBJ_NAME_get(const char *name, int type) +{ + OBJ_NAME on, *ret; + int num = 0, alias; - if (name == NULL) return(NULL); - if ((names_lh == NULL) && !OBJ_NAME_init()) return(NULL); + if (name == NULL) + return (NULL); + if ((names_lh == NULL) && !OBJ_NAME_init()) + return (NULL); - alias=type&OBJ_NAME_ALIAS; + alias = type&OBJ_NAME_ALIAS; type&= ~OBJ_NAME_ALIAS; - on.name=name; - on.type=type; - - for (;;) - { - ret=(OBJ_NAME *)lh_retrieve(names_lh,&on); - if (ret == NULL) return(NULL); - if ((ret->alias) && !alias) - { - if (++num > 10) return(NULL); - on.name=ret->data; - } - else - { - return(ret->data); - } + on.name = name; + on.type = type; + + for (;;) { + ret = lh_OBJ_NAME_retrieve(names_lh, &on); + if (ret == NULL) + return (NULL); + if ((ret->alias) && !alias) { + if (++num > 10) + return (NULL); + on.name = ret->data; + } else { + return (ret->data); } } +} -int OBJ_NAME_add(const char *name, int type, const char *data) - { - OBJ_NAME *onp,*ret; +int +OBJ_NAME_add(const char *name, int type, const char *data) +{ + OBJ_NAME *onp, *ret; int alias; - if ((names_lh == NULL) && !OBJ_NAME_init()) return(0); + if ((names_lh == NULL) && !OBJ_NAME_init()) + return (0); - alias=type&OBJ_NAME_ALIAS; - type&= ~OBJ_NAME_ALIAS; + alias = type & OBJ_NAME_ALIAS; + type &= ~OBJ_NAME_ALIAS; - onp=(OBJ_NAME *)OPENSSL_malloc(sizeof(OBJ_NAME)); - if (onp == NULL) - { + onp = malloc(sizeof(OBJ_NAME)); + if (onp == NULL) { /* ERROR */ - return(0); - } + return (0); + } - onp->name=name; - onp->alias=alias; - onp->type=type; - onp->data=data; + onp->name = name; + onp->alias = alias; + onp->type = type; + onp->data = data; - ret=(OBJ_NAME *)lh_insert(names_lh,onp); - if (ret != NULL) - { + ret = lh_OBJ_NAME_insert(names_lh, onp); + if (ret != NULL) { /* free things */ - if ((name_funcs_stack != NULL) && (sk_NAME_FUNCS_num(name_funcs_stack) > ret->type)) - { + if ((name_funcs_stack != NULL) && + (sk_NAME_FUNCS_num(name_funcs_stack) > ret->type)) { /* XXX: I'm not sure I understand why the free * function should get three arguments... * -- Richard Levitte */ - sk_NAME_FUNCS_value(name_funcs_stack, - ret->type)->free_func(ret->name,ret->type,ret->data); - } - OPENSSL_free(ret); + sk_NAME_FUNCS_value( + name_funcs_stack, ret->type)->free_func( + ret->name, ret->type, ret->data); } - else - { - if (lh_error(names_lh)) - { + free(ret); + } else { + if (lh_OBJ_NAME_error(names_lh)) { /* ERROR */ - return(0); - } + return (0); } - return(1); } + return (1); +} -int OBJ_NAME_remove(const char *name, int type) - { - OBJ_NAME on,*ret; +int +OBJ_NAME_remove(const char *name, int type) +{ + OBJ_NAME on, *ret; - if (names_lh == NULL) return(0); + if (names_lh == NULL) + return (0); - type&= ~OBJ_NAME_ALIAS; - on.name=name; - on.type=type; - ret=(OBJ_NAME *)lh_delete(names_lh,&on); - if (ret != NULL) - { + type &= ~OBJ_NAME_ALIAS; + on.name = name; + on.type = type; + ret = lh_OBJ_NAME_delete(names_lh, &on); + if (ret != NULL) { /* free things */ - if ((name_funcs_stack != NULL) && (sk_NAME_FUNCS_num(name_funcs_stack) > ret->type)) - { + if ((name_funcs_stack != NULL) && + (sk_NAME_FUNCS_num(name_funcs_stack) > ret->type)) { /* XXX: I'm not sure I understand why the free * function should get three arguments... * -- Richard Levitte */ - sk_NAME_FUNCS_value(name_funcs_stack, - ret->type)->free_func(ret->name,ret->type,ret->data); - } - OPENSSL_free(ret); - return(1); + sk_NAME_FUNCS_value( + name_funcs_stack, ret->type)->free_func( + ret->name, ret->type, ret->data); } - else - return(0); - } + free(ret); + return (1); + } else + return (0); +} -struct doall - { +struct doall { int type; - void (*fn)(const OBJ_NAME *,void *arg); + void (*fn)(const OBJ_NAME *, void *arg); void *arg; - }; +}; -static void do_all_fn(const OBJ_NAME *name,struct doall *d) - { - if(name->type == d->type) - d->fn(name,d->arg); - } +static void +do_all_fn_doall_arg(const OBJ_NAME *name, struct doall *d) +{ + if (name->type == d->type) + d->fn(name, d->arg); +} -static IMPLEMENT_LHASH_DOALL_ARG_FN(do_all_fn, const OBJ_NAME *, struct doall *) +static IMPLEMENT_LHASH_DOALL_ARG_FN(do_all_fn, const OBJ_NAME, struct doall) -void OBJ_NAME_do_all(int type,void (*fn)(const OBJ_NAME *,void *arg),void *arg) - { +void +OBJ_NAME_do_all(int type, void (*fn)(const OBJ_NAME *, void *arg), void *arg) +{ struct doall d; - d.type=type; - d.fn=fn; - d.arg=arg; + d.type = type; + d.fn = fn; + d.arg = arg; - lh_doall_arg(names_lh,LHASH_DOALL_ARG_FN(do_all_fn),&d); - } + lh_OBJ_NAME_doall_arg(names_lh, LHASH_DOALL_ARG_FN(do_all_fn), + struct doall, &d); +} -struct doall_sorted - { +struct doall_sorted { int type; int n; const OBJ_NAME **names; - }; +}; -static void do_all_sorted_fn(const OBJ_NAME *name,void *d_) - { - struct doall_sorted *d=d_; +static void +do_all_sorted_fn(const OBJ_NAME *name, void *d_) +{ + struct doall_sorted *d = d_; - if(name->type != d->type) + if (name->type != d->type) return; - d->names[d->n++]=name; - } + d->names[d->n++] = name; +} -static int do_all_sorted_cmp(const void *n1_,const void *n2_) - { - const OBJ_NAME * const *n1=n1_; - const OBJ_NAME * const *n2=n2_; +static int +do_all_sorted_cmp(const void *n1_, const void *n2_) +{ + const OBJ_NAME * const *n1 = n1_; + const OBJ_NAME * const *n2 = n2_; - return strcmp((*n1)->name,(*n2)->name); - } + return strcmp((*n1)->name, (*n2)->name); +} -void OBJ_NAME_do_all_sorted(int type,void (*fn)(const OBJ_NAME *,void *arg), - void *arg) - { +void +OBJ_NAME_do_all_sorted(int type, void (*fn)(const OBJ_NAME *, void *arg), + void *arg) +{ struct doall_sorted d; int n; - d.type=type; - d.names=OPENSSL_malloc(lh_num_items(names_lh)*sizeof *d.names); - d.n=0; - OBJ_NAME_do_all(type,do_all_sorted_fn,&d); + d.type = type; + d.names = reallocarray(NULL, lh_OBJ_NAME_num_items(names_lh), + sizeof *d.names); + d.n = 0; + if (d.names != NULL) { + OBJ_NAME_do_all(type, do_all_sorted_fn, &d); - qsort((void *)d.names,d.n,sizeof *d.names,do_all_sorted_cmp); + qsort((void *)d.names, d.n, sizeof *d.names, do_all_sorted_cmp); - for(n=0 ; n < d.n ; ++n) - fn(d.names[n],arg); + for (n = 0; n < d.n; ++n) + fn(d.names[n], arg); - OPENSSL_free((void *)d.names); + free(d.names); } +} static int free_type; -static void names_lh_free(OBJ_NAME *onp) +static void +names_lh_free_doall(OBJ_NAME *onp) { - if(onp == NULL) + if (onp == NULL) return; - if ((free_type < 0) || (free_type == onp->type)) - { - OBJ_NAME_remove(onp->name,onp->type); - } - } + if (free_type < 0 || free_type == onp->type) + OBJ_NAME_remove(onp->name, onp->type); +} -static IMPLEMENT_LHASH_DOALL_FN(names_lh_free, OBJ_NAME *) +static IMPLEMENT_LHASH_DOALL_FN(names_lh_free, OBJ_NAME) -static void name_funcs_free(NAME_FUNCS *ptr) - { - OPENSSL_free(ptr); - } +static void +name_funcs_free(NAME_FUNCS *ptr) +{ + free(ptr); +} -void OBJ_NAME_cleanup(int type) - { +void +OBJ_NAME_cleanup(int type) +{ unsigned long down_load; - if (names_lh == NULL) return; + if (names_lh == NULL) + return; - free_type=type; - down_load=names_lh->down_load; - names_lh->down_load=0; + free_type = type; + down_load = lh_OBJ_NAME_down_load(names_lh); + lh_OBJ_NAME_down_load(names_lh) = 0; - lh_doall(names_lh,LHASH_DOALL_FN(names_lh_free)); - if (type < 0) - { - lh_free(names_lh); - sk_NAME_FUNCS_pop_free(name_funcs_stack,name_funcs_free); - names_lh=NULL; + lh_OBJ_NAME_doall(names_lh, LHASH_DOALL_FN(names_lh_free)); + if (type < 0) { + lh_OBJ_NAME_free(names_lh); + sk_NAME_FUNCS_pop_free(name_funcs_stack, name_funcs_free); + names_lh = NULL; name_funcs_stack = NULL; - } - else - names_lh->down_load=down_load; - } - + } else + lh_OBJ_NAME_down_load(names_lh) = down_load; +} diff --git a/src/lib/libcrypto/objects/obj_dat.c b/src/lib/libcrypto/objects/obj_dat.c index 02c3719f04e..6c50aa980aa 100644 --- a/src/lib/libcrypto/objects/obj_dat.c +++ b/src/lib/libcrypto/objects/obj_dat.c @@ -1,25 +1,25 @@ -/* crypto/objects/obj_dat.c */ +/* $OpenBSD: obj_dat.c,v 1.41 2018/09/08 13:49:26 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,343 +49,430 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ -#include #include -#include "cryptlib.h" -#include +#include +#include +#include + +#include + #include +#include +#include +#include #include /* obj_dat.h is generated from objects.h by obj_dat.pl */ -#ifndef OPENSSL_NO_OBJECT #include "obj_dat.h" -#else -/* You will have to load all the objects needed manually in the application */ -#define NUM_NID 0 -#define NUM_SN 0 -#define NUM_LN 0 -#define NUM_OBJ 0 -static unsigned char lvalues[1]; -static ASN1_OBJECT nid_objs[1]; -static ASN1_OBJECT *sn_objs[1]; -static ASN1_OBJECT *ln_objs[1]; -static ASN1_OBJECT *obj_objs[1]; -#endif - -static int sn_cmp(const void *a, const void *b); -static int ln_cmp(const void *a, const void *b); -static int obj_cmp(const void *a, const void *b); + +static int sn_cmp_BSEARCH_CMP_FN(const void *, const void *); +static int sn_cmp(const ASN1_OBJECT * const *, unsigned int const *); +static unsigned int *OBJ_bsearch_sn(const ASN1_OBJECT * *key, unsigned int const *base, int num); +static int ln_cmp_BSEARCH_CMP_FN(const void *, const void *); +static int ln_cmp(const ASN1_OBJECT * const *, unsigned int const *); +static unsigned int *OBJ_bsearch_ln(const ASN1_OBJECT * *key, unsigned int const *base, int num); +static int obj_cmp_BSEARCH_CMP_FN(const void *, const void *); +static int obj_cmp(const ASN1_OBJECT * const *, unsigned int const *); +static unsigned int *OBJ_bsearch_obj(const ASN1_OBJECT * *key, unsigned int const *base, int num); + #define ADDED_DATA 0 #define ADDED_SNAME 1 #define ADDED_LNAME 2 #define ADDED_NID 3 -typedef struct added_obj_st - { +typedef struct added_obj_st { int type; ASN1_OBJECT *obj; - } ADDED_OBJ; +} ADDED_OBJ; +DECLARE_LHASH_OF(ADDED_OBJ); -static int new_nid=NUM_NID; -static LHASH *added=NULL; +static int new_nid = NUM_NID; +static LHASH_OF(ADDED_OBJ) *added = NULL; -static int sn_cmp(const void *a, const void *b) - { - const ASN1_OBJECT * const *ap = a, * const *bp = b; - return(strcmp((*ap)->sn,(*bp)->sn)); - } +static int sn_cmp(const ASN1_OBJECT * const *a, const unsigned int *b) +{ + return (strcmp((*a)->sn, nid_objs[*b].sn)); +} -static int ln_cmp(const void *a, const void *b) - { - const ASN1_OBJECT * const *ap = a, * const *bp = b; - return(strcmp((*ap)->ln,(*bp)->ln)); - } -/* static unsigned long add_hash(ADDED_OBJ *ca) */ -static unsigned long add_hash(const void *ca_void) - { +static int +sn_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) +{ + const ASN1_OBJECT * const *a = a_; + unsigned int const *b = b_; + return sn_cmp(a, b); +} + +static unsigned int * +OBJ_bsearch_sn(const ASN1_OBJECT * *key, unsigned int const *base, int num) +{ + return (unsigned int *)OBJ_bsearch_(key, base, num, sizeof(unsigned int), + sn_cmp_BSEARCH_CMP_FN); +} + +static int ln_cmp(const ASN1_OBJECT * const *a, const unsigned int *b) +{ + return (strcmp((*a)->ln, nid_objs[*b].ln)); +} + + +static int +ln_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) +{ + const ASN1_OBJECT * const *a = a_; + unsigned int const *b = b_; + return ln_cmp(a, b); +} + +static unsigned int * +OBJ_bsearch_ln(const ASN1_OBJECT * *key, unsigned int const *base, int num) +{ + return (unsigned int *)OBJ_bsearch_(key, base, num, sizeof(unsigned int), + ln_cmp_BSEARCH_CMP_FN); +} + +static unsigned long +added_obj_hash(const ADDED_OBJ *ca) +{ const ASN1_OBJECT *a; int i; - unsigned long ret=0; + unsigned long ret = 0; unsigned char *p; - ADDED_OBJ *ca = (ADDED_OBJ *)ca_void; - a=ca->obj; - switch (ca->type) - { + a = ca->obj; + switch (ca->type) { case ADDED_DATA: - ret=a->length<<20L; - p=(unsigned char *)a->data; - for (i=0; ilength; i++) - ret^=p[i]<<((i*3)%24); + ret = a->length << 20L; + p = (unsigned char *)a->data; + for (i = 0; i < a->length; i++) + ret ^= p[i] << ((i * 3) % 24); break; case ADDED_SNAME: - ret=lh_strhash(a->sn); + ret = lh_strhash(a->sn); break; case ADDED_LNAME: - ret=lh_strhash(a->ln); + ret = lh_strhash(a->ln); break; case ADDED_NID: - ret=a->nid; + ret = a->nid; break; default: /* abort(); */ return 0; - } - ret&=0x3fffffffL; - ret|=ca->type<<30L; - return(ret); } + ret &= 0x3fffffffL; + ret |= ca->type << 30L; + return (ret); +} +static IMPLEMENT_LHASH_HASH_FN(added_obj, ADDED_OBJ) -/* static int add_cmp(ADDED_OBJ *ca, ADDED_OBJ *cb) */ -static int add_cmp(const void *ca_void, const void *cb_void) - { - ASN1_OBJECT *a,*b; +static int +added_obj_cmp(const ADDED_OBJ *ca, const ADDED_OBJ *cb) +{ + ASN1_OBJECT *a, *b; int i; - ADDED_OBJ *ca = (ADDED_OBJ *)ca_void; - ADDED_OBJ *cb = (ADDED_OBJ *)cb_void; - - i=ca->type-cb->type; - if (i) return(i); - a=ca->obj; - b=cb->obj; - switch (ca->type) - { + + i = ca->type - cb->type; + if (i) + return (i); + a = ca->obj; + b = cb->obj; + switch (ca->type) { case ADDED_DATA: - i=(a->length - b->length); - if (i) return(i); - return(memcmp(a->data,b->data,a->length)); + i = (a->length - b->length); + if (i) + return (i); + return (memcmp(a->data, b->data, (size_t)a->length)); case ADDED_SNAME: - if (a->sn == NULL) return(-1); - else if (b->sn == NULL) return(1); - else return(strcmp(a->sn,b->sn)); + if (a->sn == NULL) + return (-1); + else if (b->sn == NULL) + return (1); + else + return (strcmp(a->sn, b->sn)); case ADDED_LNAME: - if (a->ln == NULL) return(-1); - else if (b->ln == NULL) return(1); - else return(strcmp(a->ln,b->ln)); + if (a->ln == NULL) + return (-1); + else if (b->ln == NULL) + return (1); + else + return (strcmp(a->ln, b->ln)); case ADDED_NID: - return(a->nid-b->nid); + return (a->nid - b->nid); default: /* abort(); */ return 0; - } } +} +static IMPLEMENT_LHASH_COMP_FN(added_obj, ADDED_OBJ) -static int init_added(void) - { - if (added != NULL) return(1); - added=lh_new(add_hash,add_cmp); - return(added != NULL); - } +static int +init_added(void) +{ + if (added != NULL) + return (1); + added = lh_ADDED_OBJ_new(); + return (added != NULL); +} -static void cleanup1(ADDED_OBJ *a) - { - a->obj->nid=0; - a->obj->flags|=ASN1_OBJECT_FLAG_DYNAMIC| - ASN1_OBJECT_FLAG_DYNAMIC_STRINGS| - ASN1_OBJECT_FLAG_DYNAMIC_DATA; - } +static void +cleanup1_doall(ADDED_OBJ *a) +{ + a->obj->nid = 0; + a->obj->flags |= ASN1_OBJECT_FLAG_DYNAMIC | + ASN1_OBJECT_FLAG_DYNAMIC_STRINGS | + ASN1_OBJECT_FLAG_DYNAMIC_DATA; +} -static void cleanup2(ADDED_OBJ *a) - { a->obj->nid++; } +static void cleanup2_doall(ADDED_OBJ *a) +{ + a->obj->nid++; +} -static void cleanup3(ADDED_OBJ *a) - { +static void +cleanup3_doall(ADDED_OBJ *a) +{ if (--a->obj->nid == 0) ASN1_OBJECT_free(a->obj); - OPENSSL_free(a); - } + free(a); +} + +static IMPLEMENT_LHASH_DOALL_FN(cleanup1, ADDED_OBJ) +static IMPLEMENT_LHASH_DOALL_FN(cleanup2, ADDED_OBJ) +static IMPLEMENT_LHASH_DOALL_FN(cleanup3, ADDED_OBJ) + +/* The purpose of obj_cleanup_defer is to avoid EVP_cleanup() attempting + * to use freed up OIDs. If neccessary the actual freeing up of OIDs is + * delayed. + */ -static IMPLEMENT_LHASH_DOALL_FN(cleanup1, ADDED_OBJ *) -static IMPLEMENT_LHASH_DOALL_FN(cleanup2, ADDED_OBJ *) -static IMPLEMENT_LHASH_DOALL_FN(cleanup3, ADDED_OBJ *) - -void OBJ_cleanup(void) - { - if (added == NULL) return; - added->down_load=0; - lh_doall(added,LHASH_DOALL_FN(cleanup1)); /* zero counters */ - lh_doall(added,LHASH_DOALL_FN(cleanup2)); /* set counters */ - lh_doall(added,LHASH_DOALL_FN(cleanup3)); /* free objects */ - lh_free(added); - added=NULL; +int obj_cleanup_defer = 0; + +void +check_defer(int nid) +{ + if (!obj_cleanup_defer && nid >= NUM_NID) + obj_cleanup_defer = 1; +} + +void +OBJ_cleanup(void) +{ + if (obj_cleanup_defer) { + obj_cleanup_defer = 2; + return; } + if (added == NULL) + return; + lh_ADDED_OBJ_down_load(added) = 0; + lh_ADDED_OBJ_doall(added, LHASH_DOALL_FN(cleanup1)); /* zero counters */ + lh_ADDED_OBJ_doall(added, LHASH_DOALL_FN(cleanup2)); /* set counters */ + lh_ADDED_OBJ_doall(added, LHASH_DOALL_FN(cleanup3)); /* free objects */ + lh_ADDED_OBJ_free(added); + added = NULL; +} -int OBJ_new_nid(int num) - { +int +OBJ_new_nid(int num) +{ int i; - i=new_nid; - new_nid+=num; - return(i); - } + i = new_nid; + new_nid += num; + return (i); +} -int OBJ_add_object(const ASN1_OBJECT *obj) - { +int +OBJ_add_object(const ASN1_OBJECT *obj) +{ ASN1_OBJECT *o; - ADDED_OBJ *ao[4]={NULL,NULL,NULL,NULL},*aop; + ADDED_OBJ *ao[4] = {NULL, NULL, NULL, NULL}, *aop; int i; if (added == NULL) - if (!init_added()) return(0); - if ((o=OBJ_dup(obj)) == NULL) goto err; - if (!(ao[ADDED_NID]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err; + if (!init_added()) + return (0); + if ((o = OBJ_dup(obj)) == NULL) + goto err; + if (!(ao[ADDED_NID] = malloc(sizeof(ADDED_OBJ)))) + goto err2; if ((o->length != 0) && (obj->data != NULL)) - ao[ADDED_DATA]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)); + if (!(ao[ADDED_DATA] = malloc(sizeof(ADDED_OBJ)))) + goto err2; if (o->sn != NULL) - ao[ADDED_SNAME]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)); + if (!(ao[ADDED_SNAME] = malloc(sizeof(ADDED_OBJ)))) + goto err2; if (o->ln != NULL) - ao[ADDED_LNAME]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)); - - for (i=ADDED_DATA; i<=ADDED_NID; i++) - { - if (ao[i] != NULL) - { - ao[i]->type=i; - ao[i]->obj=o; - aop=(ADDED_OBJ *)lh_insert(added,ao[i]); + if (!(ao[ADDED_LNAME] = malloc(sizeof(ADDED_OBJ)))) + goto err2; + + for (i = ADDED_DATA; i <= ADDED_NID; i++) { + if (ao[i] != NULL) { + ao[i]->type = i; + ao[i]->obj = o; + aop = lh_ADDED_OBJ_insert(added, ao[i]); /* memory leak, buit should not normally matter */ - if (aop != NULL) - OPENSSL_free(aop); - } + free(aop); } - o->flags&= ~(ASN1_OBJECT_FLAG_DYNAMIC|ASN1_OBJECT_FLAG_DYNAMIC_STRINGS| - ASN1_OBJECT_FLAG_DYNAMIC_DATA); - - return(o->nid); -err: - for (i=ADDED_DATA; i<=ADDED_NID; i++) - if (ao[i] != NULL) OPENSSL_free(ao[i]); - if (o != NULL) OPENSSL_free(o); - return(NID_undef); } + o->flags &= ~(ASN1_OBJECT_FLAG_DYNAMIC | + ASN1_OBJECT_FLAG_DYNAMIC_STRINGS | + ASN1_OBJECT_FLAG_DYNAMIC_DATA); + + return (o->nid); + + err2: + OBJerror(ERR_R_MALLOC_FAILURE); + err: + for (i = ADDED_DATA; i <= ADDED_NID; i++) + free(ao[i]); + ASN1_OBJECT_free(o); + return (NID_undef); +} -ASN1_OBJECT *OBJ_nid2obj(int n) - { - ADDED_OBJ ad,*adp; +ASN1_OBJECT * +OBJ_nid2obj(int n) +{ + ADDED_OBJ ad, *adp; ASN1_OBJECT ob; - if ((n >= 0) && (n < NUM_NID)) - { - if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) - { - OBJerr(OBJ_F_OBJ_NID2OBJ,OBJ_R_UNKNOWN_NID); - return(NULL); - } - return((ASN1_OBJECT *)&(nid_objs[n])); + if ((n >= 0) && (n < NUM_NID)) { + if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) { + OBJerror(OBJ_R_UNKNOWN_NID); + return (NULL); } - else if (added == NULL) - return(NULL); - else - { - ad.type=ADDED_NID; - ad.obj= &ob; - ob.nid=n; - adp=(ADDED_OBJ *)lh_retrieve(added,&ad); + return ((ASN1_OBJECT *)&(nid_objs[n])); + } else if (added == NULL) + return (NULL); + else { + ad.type = ADDED_NID; + ad.obj = &ob; + ob.nid = n; + adp = lh_ADDED_OBJ_retrieve(added, &ad); if (adp != NULL) - return(adp->obj); - else - { - OBJerr(OBJ_F_OBJ_NID2OBJ,OBJ_R_UNKNOWN_NID); - return(NULL); - } + return (adp->obj); + else { + OBJerror(OBJ_R_UNKNOWN_NID); + return (NULL); } } +} -const char *OBJ_nid2sn(int n) - { - ADDED_OBJ ad,*adp; +const char * +OBJ_nid2sn(int n) +{ + ADDED_OBJ ad, *adp; ASN1_OBJECT ob; - if ((n >= 0) && (n < NUM_NID)) - { - if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) - { - OBJerr(OBJ_F_OBJ_NID2SN,OBJ_R_UNKNOWN_NID); - return(NULL); - } - return(nid_objs[n].sn); + if ((n >= 0) && (n < NUM_NID)) { + if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) { + OBJerror(OBJ_R_UNKNOWN_NID); + return (NULL); } - else if (added == NULL) - return(NULL); - else - { - ad.type=ADDED_NID; - ad.obj= &ob; - ob.nid=n; - adp=(ADDED_OBJ *)lh_retrieve(added,&ad); + return (nid_objs[n].sn); + } else if (added == NULL) + return (NULL); + else { + ad.type = ADDED_NID; + ad.obj = &ob; + ob.nid = n; + adp = lh_ADDED_OBJ_retrieve(added, &ad); if (adp != NULL) - return(adp->obj->sn); - else - { - OBJerr(OBJ_F_OBJ_NID2SN,OBJ_R_UNKNOWN_NID); - return(NULL); - } + return (adp->obj->sn); + else { + OBJerror(OBJ_R_UNKNOWN_NID); + return (NULL); } } +} -const char *OBJ_nid2ln(int n) - { - ADDED_OBJ ad,*adp; +const char * +OBJ_nid2ln(int n) +{ + ADDED_OBJ ad, *adp; ASN1_OBJECT ob; - if ((n >= 0) && (n < NUM_NID)) - { - if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) - { - OBJerr(OBJ_F_OBJ_NID2LN,OBJ_R_UNKNOWN_NID); - return(NULL); - } - return(nid_objs[n].ln); + if ((n >= 0) && (n < NUM_NID)) { + if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) { + OBJerror(OBJ_R_UNKNOWN_NID); + return (NULL); } - else if (added == NULL) - return(NULL); - else - { - ad.type=ADDED_NID; - ad.obj= &ob; - ob.nid=n; - adp=(ADDED_OBJ *)lh_retrieve(added,&ad); + return (nid_objs[n].ln); + } else if (added == NULL) + return (NULL); + else { + ad.type = ADDED_NID; + ad.obj = &ob; + ob.nid = n; + adp = lh_ADDED_OBJ_retrieve(added, &ad); if (adp != NULL) - return(adp->obj->ln); - else - { - OBJerr(OBJ_F_OBJ_NID2LN,OBJ_R_UNKNOWN_NID); - return(NULL); - } + return (adp->obj->ln); + else { + OBJerror(OBJ_R_UNKNOWN_NID); + return (NULL); } } +} -int OBJ_obj2nid(const ASN1_OBJECT *a) - { - ASN1_OBJECT **op; - ADDED_OBJ ad,*adp; +static int +obj_cmp(const ASN1_OBJECT * const *ap, const unsigned int *bp) +{ + int j; + const ASN1_OBJECT *a= *ap; + const ASN1_OBJECT *b = &nid_objs[*bp]; + + j = (a->length - b->length); + if (j) + return (j); + return (memcmp(a->data, b->data, a->length)); +} + + +static int +obj_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) +{ + const ASN1_OBJECT * const *a = a_; + unsigned int const *b = b_; + return obj_cmp(a, b); +} + +static unsigned int * +OBJ_bsearch_obj(const ASN1_OBJECT * *key, unsigned int const *base, int num) +{ + return (unsigned int *)OBJ_bsearch_(key, base, num, sizeof(unsigned int), + obj_cmp_BSEARCH_CMP_FN); +} + +int +OBJ_obj2nid(const ASN1_OBJECT *a) +{ + const unsigned int *op; + ADDED_OBJ ad, *adp; if (a == NULL) - return(NID_undef); + return (NID_undef); if (a->nid != 0) - return(a->nid); + return (a->nid); - if (added != NULL) - { - ad.type=ADDED_DATA; + if (added != NULL) { + ad.type = ADDED_DATA; ad.obj=(ASN1_OBJECT *)a; /* XXX: ugly but harmless */ - adp=(ADDED_OBJ *)lh_retrieve(added,&ad); - if (adp != NULL) return (adp->obj->nid); - } - op=(ASN1_OBJECT **)OBJ_bsearch((char *)&a,(char *)obj_objs,NUM_OBJ, - sizeof(ASN1_OBJECT *),obj_cmp); - if (op == NULL) - return(NID_undef); - return((*op)->nid); + adp = lh_ADDED_OBJ_retrieve(added, &ad); + if (adp != NULL) + return (adp->obj->nid); } + op = OBJ_bsearch_obj(&a, obj_objs, NUM_OBJ); + if (op == NULL) + return (NID_undef); + return (nid_objs[*op].nid); +} /* Convert an object name into an ASN1_OBJECT * if "noname" is not set then search for short and long names first. @@ -393,275 +480,338 @@ int OBJ_obj2nid(const ASN1_OBJECT *a) * it can be used with any objects, not just registered ones. */ -ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name) - { +ASN1_OBJECT * +OBJ_txt2obj(const char *s, int no_name) +{ int nid = NID_undef; - ASN1_OBJECT *op=NULL; - unsigned char *buf,*p; + ASN1_OBJECT *op = NULL; + unsigned char *buf; + unsigned char *p; + const unsigned char *cp; int i, j; - if(!no_name) { - if( ((nid = OBJ_sn2nid(s)) != NID_undef) || - ((nid = OBJ_ln2nid(s)) != NID_undef) ) - return OBJ_nid2obj(nid); + if (!no_name) { + if (((nid = OBJ_sn2nid(s)) != NID_undef) || + ((nid = OBJ_ln2nid(s)) != NID_undef) ) + return OBJ_nid2obj(nid); } /* Work out size of content octets */ - i=a2d_ASN1_OBJECT(NULL,0,s,-1); + i = a2d_ASN1_OBJECT(NULL, 0, s, -1); if (i <= 0) { - /* Clear the error */ - ERR_get_error(); + /* Don't clear the error */ + /*ERR_clear_error();*/ return NULL; } /* Work out total size */ - j = ASN1_object_size(0,i,V_ASN1_OBJECT); + j = ASN1_object_size(0, i, V_ASN1_OBJECT); - if((buf=(unsigned char *)OPENSSL_malloc(j)) == NULL) return NULL; + if ((buf = malloc(j)) == NULL) + return NULL; p = buf; /* Write out tag+length */ - ASN1_put_object(&p,0,i,V_ASN1_OBJECT,V_ASN1_UNIVERSAL); + ASN1_put_object(&p, 0, i, V_ASN1_OBJECT, V_ASN1_UNIVERSAL); /* Write out contents */ - a2d_ASN1_OBJECT(p,i,s,-1); - - p=buf; - op=d2i_ASN1_OBJECT(NULL,&p,i); - OPENSSL_free(buf); + a2d_ASN1_OBJECT(p, i, s, -1); + + cp = buf; + op = d2i_ASN1_OBJECT(NULL, &cp, j); + free(buf); return op; - } +} -int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) +int +OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) { - int i,idx=0,n=0,len,nid; + int i, ret = 0, len, nid, first = 1, use_bn; + BIGNUM *bl = NULL; unsigned long l; - unsigned char *p; - const char *s; - char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2]; + const unsigned char *p; - if (buf_len <= 0) return(0); + /* Ensure that, at every state, |buf| is NUL-terminated. */ + if (buf_len > 0) + buf[0] = '\0'; - if ((a == NULL) || (a->data == NULL)) { - buf[0]='\0'; - return(0); + if ((a == NULL) || (a->data == NULL)) + goto err; + + if (!no_name && (nid = OBJ_obj2nid(a)) != NID_undef) { + const char *s; + s = OBJ_nid2ln(nid); + if (s == NULL) + s = OBJ_nid2sn(nid); + if (s) { + ret = strlcpy(buf, s, buf_len); + goto out; + } } - if (no_name || (nid=OBJ_obj2nid(a)) == NID_undef) { - len=a->length; - p=a->data; - - idx=0; - l=0; - while (idx < a->length) { - l|=(p[idx]&0x7f); - if (!(p[idx] & 0x80)) break; - l<<=7L; - idx++; + len = a->length; + p = a->data; + + while (len > 0) { + l = 0; + use_bn = 0; + for (;;) { + unsigned char c = *p++; + len--; + if ((len == 0) && (c & 0x80)) + goto err; + if (use_bn) { + if (!BN_add_word(bl, c & 0x7f)) + goto err; + } else + l |= c & 0x7f; + if (!(c & 0x80)) + break; + if (!use_bn && (l > (ULONG_MAX >> 7L))) { + if (!bl && !(bl = BN_new())) + goto err; + if (!BN_set_word(bl, l)) + goto err; + use_bn = 1; + } + if (use_bn) { + if (!BN_lshift(bl, bl, 7)) + goto err; + } else + l <<= 7L; } - idx++; - i=(int)(l/40); - if (i > 2) i=2; - l-=(long)(i*40); - - sprintf(tbuf,"%d.%lu",i,l); - i=strlen(tbuf); - strncpy(buf,tbuf,buf_len); - buf_len-=i; - buf+=i; - n+=i; - - l=0; - for (; idx 0) - strncpy(buf,tbuf,buf_len); - buf_len-=i; - buf+=i; - n+=i; - l=0; + + if (first) { + first = 0; + if (l >= 80) { + i = 2; + if (use_bn) { + if (!BN_sub_word(bl, 80)) + goto err; + } else + l -= 80; + } else { + i = (int)(l / 40); + l -= (long)(i * 40); + } + if (buf_len > 1) { + *buf++ = i + '0'; + *buf = '\0'; + buf_len--; } - l<<=7L; + ret++; + } + + if (use_bn) { + char *bndec; + + bndec = BN_bn2dec(bl); + if (!bndec) + goto err; + i = snprintf(buf, buf_len, ".%s", bndec); + free(bndec); + if (i == -1) + goto err; + if (i >= buf_len) { + buf_len = 0; + } else { + buf += i; + buf_len -= i; + } + ret += i; + } else { + i = snprintf(buf, buf_len, ".%lu", l); + if (i == -1) + goto err; + if (i >= buf_len) { + buf_len = 0; + } else { + buf += i; + buf_len -= i; + } + ret += i; + l = 0; } - } else { - s=OBJ_nid2ln(nid); - if (s == NULL) - s=OBJ_nid2sn(nid); - strncpy(buf,s,buf_len); - n=strlen(s); } - buf[buf_len-1]='\0'; - return(n); + + out: + BN_free(bl); + return ret; + + err: + ret = 0; + goto out; } -int OBJ_txt2nid(const char *s) +int +OBJ_txt2nid(const char *s) { ASN1_OBJECT *obj; int nid; + obj = OBJ_txt2obj(s, 0); nid = OBJ_obj2nid(obj); ASN1_OBJECT_free(obj); return nid; } -int OBJ_ln2nid(const char *s) - { - ASN1_OBJECT o,*oo= &o,**op; - ADDED_OBJ ad,*adp; - - o.ln=s; - if (added != NULL) - { - ad.type=ADDED_LNAME; - ad.obj= &o; - adp=(ADDED_OBJ *)lh_retrieve(added,&ad); - if (adp != NULL) return (adp->obj->nid); - } - op=(ASN1_OBJECT **)OBJ_bsearch((char *)&oo,(char *)ln_objs,NUM_LN, - sizeof(ASN1_OBJECT *),ln_cmp); - if (op == NULL) return(NID_undef); - return((*op)->nid); +int +OBJ_ln2nid(const char *s) +{ + ASN1_OBJECT o; + const ASN1_OBJECT *oo = &o; + ADDED_OBJ ad, *adp; + const unsigned int *op; + + o.ln = s; + if (added != NULL) { + ad.type = ADDED_LNAME; + ad.obj = &o; + adp = lh_ADDED_OBJ_retrieve(added, &ad); + if (adp != NULL) + return (adp->obj->nid); } + op = OBJ_bsearch_ln(&oo, ln_objs, NUM_LN); + if (op == NULL) + return (NID_undef); + return (nid_objs[*op].nid); +} -int OBJ_sn2nid(const char *s) - { - ASN1_OBJECT o,*oo= &o,**op; - ADDED_OBJ ad,*adp; - - o.sn=s; - if (added != NULL) - { - ad.type=ADDED_SNAME; - ad.obj= &o; - adp=(ADDED_OBJ *)lh_retrieve(added,&ad); - if (adp != NULL) return (adp->obj->nid); - } - op=(ASN1_OBJECT **)OBJ_bsearch((char *)&oo,(char *)sn_objs,NUM_SN, - sizeof(ASN1_OBJECT *),sn_cmp); - if (op == NULL) return(NID_undef); - return((*op)->nid); +int +OBJ_sn2nid(const char *s) +{ + ASN1_OBJECT o; + const ASN1_OBJECT *oo = &o; + ADDED_OBJ ad, *adp; + const unsigned int *op; + + o.sn = s; + if (added != NULL) { + ad.type = ADDED_SNAME; + ad.obj = &o; + adp = lh_ADDED_OBJ_retrieve(added, &ad); + if (adp != NULL) + return (adp->obj->nid); } + op = OBJ_bsearch_sn(&oo, sn_objs, NUM_SN); + if (op == NULL) + return (NID_undef); + return (nid_objs[*op].nid); +} -static int obj_cmp(const void *ap, const void *bp) - { - int j; - ASN1_OBJECT *a= *(ASN1_OBJECT **)ap; - ASN1_OBJECT *b= *(ASN1_OBJECT **)bp; - - j=(a->length - b->length); - if (j) return(j); - return(memcmp(a->data,b->data,a->length)); - } - -const char *OBJ_bsearch(const char *key, const char *base, int num, int size, - int (*cmp)(const void *, const void *)) - { - int l,h,i,c; - const char *p; - - if (num == 0) return(NULL); - l=0; - h=num; - while (l < h) - { - i=(l+h)/2; - p= &(base[i*size]); - c=(*cmp)(key,p); +const void * +OBJ_bsearch_(const void *key, const void *base, int num, int size, + int (*cmp)(const void *, const void *)) +{ + return OBJ_bsearch_ex_(key, base, num, size, cmp, 0); +} + +const void * +OBJ_bsearch_ex_(const void *key, const void *base_, int num, int size, + int (*cmp)(const void *, const void *), int flags) +{ + const char *base = base_; + int l, h, i = 0, c = 0; + const char *p = NULL; + + if (num == 0) + return (NULL); + l = 0; + h = num; + while (l < h) { + i = (l + h) / 2; + p = &(base[i * size]); + c = (*cmp)(key, p); if (c < 0) - h=i; + h = i; else if (c > 0) - l=i+1; + l = i + 1; else - return(p); - } -#ifdef CHARSET_EBCDIC -/* THIS IS A KLUDGE - Because the *_obj is sorted in ASCII order, and - * I don't have perl (yet), we revert to a *LINEAR* search - * when the object wasn't found in the binary search. - */ - for (i=0; i 0 && (*cmp)(key, &(base[(i - 1) * size])) == 0) + i--; + p = &(base[i * size]); } + return (p); +} -int OBJ_create_objects(BIO *in) - { - MS_STATIC char buf[512]; - int i,num=0; - char *o,*s,*l=NULL; - - for (;;) - { - s=o=NULL; - i=BIO_gets(in,buf,512); - if (i <= 0) return(num); - buf[i-1]='\0'; - if (!isalnum((unsigned char)buf[0])) return(num); - o=s=buf; +int +OBJ_create_objects(BIO *in) +{ + char buf[512]; + int i, num = 0; + char *o, *s, *l = NULL; + + for (;;) { + s = o = NULL; + i = BIO_gets(in, buf, 512); + if (i <= 0) + return (num); + buf[i - 1] = '\0'; + if (!isalnum((unsigned char)buf[0])) + return (num); + o = s=buf; while (isdigit((unsigned char)*s) || (*s == '.')) s++; - if (*s != '\0') - { - *(s++)='\0'; + if (*s != '\0') { + *(s++) = '\0'; while (isspace((unsigned char)*s)) s++; if (*s == '\0') - s=NULL; - else - { - l=s; - while ((*l != '\0') && !isspace((unsigned char)*l)) + s = NULL; + else { + l = s; + while ((*l != '\0') && + !isspace((unsigned char)*l)) l++; - if (*l != '\0') - { - *(l++)='\0'; + if (*l != '\0') { + *(l++) = '\0'; while (isspace((unsigned char)*l)) l++; - if (*l == '\0') l=NULL; - } - else - l=NULL; - } + if (*l == '\0') + l = NULL; + } else + l = NULL; } - else - s=NULL; - if ((o == NULL) || (*o == '\0')) return(num); - if (!OBJ_create(o,s,l)) return(num); + } else + s = NULL; + if ((o == NULL) || (*o == '\0')) + return (num); + if (!OBJ_create(o, s, l)) + return (num); num++; - } - /* return(num); */ } + /* return(num); */ +} -int OBJ_create(const char *oid, const char *sn, const char *ln) - { - int ok=0; - ASN1_OBJECT *op=NULL; +int +OBJ_create(const char *oid, const char *sn, const char *ln) +{ + int ok = 0; + ASN1_OBJECT *op = NULL; unsigned char *buf; int i; - i=a2d_ASN1_OBJECT(NULL,0,oid,-1); - if (i <= 0) return(0); + i = a2d_ASN1_OBJECT(NULL, 0, oid, -1); + if (i <= 0) + return (0); - if ((buf=(unsigned char *)OPENSSL_malloc(i)) == NULL) - { - OBJerr(OBJ_F_OBJ_CREATE,OBJ_R_MALLOC_FAILURE); - return(0); - } - i=a2d_ASN1_OBJECT(buf,i,oid,-1); + if ((buf = malloc(i)) == NULL) { + OBJerror(ERR_R_MALLOC_FAILURE); + return (0); + } + i = a2d_ASN1_OBJECT(buf, i, oid, -1); if (i == 0) goto err; - op=(ASN1_OBJECT *)ASN1_OBJECT_create(OBJ_new_nid(1),buf,i,sn,ln); - if (op == NULL) + op = (ASN1_OBJECT *)ASN1_OBJECT_create(OBJ_new_nid(1), buf, i, sn, ln); + if (op == NULL) goto err; - ok=OBJ_add_object(op); -err: - ASN1_OBJECT_free(op); - OPENSSL_free(buf); - return(ok); - } + ok = OBJ_add_object(op); + err: + ASN1_OBJECT_free(op); + free(buf); + return (ok); +} diff --git a/src/lib/libcrypto/objects/obj_dat.pl b/src/lib/libcrypto/objects/obj_dat.pl index 85ab2098097..86bcefb97af 100644 --- a/src/lib/libcrypto/objects/obj_dat.pl +++ b/src/lib/libcrypto/objects/obj_dat.pl @@ -1,4 +1,7 @@ #!/usr/local/bin/perl + +# fixes bug in floating point emulation on sparc64 when +# this script produces off-by-one output on sparc64 use integer; sub obj_cmp @@ -91,7 +94,7 @@ sub expand_obj { if (!defined($nid{$i})) { - push(@out,"{NULL,NULL,NID_undef,0,NULL},\n"); + push(@out,"{NULL,NULL,NID_undef,0,NULL,0},\n"); } else { @@ -112,7 +115,7 @@ sub expand_obj $out.="\"$sn\""; $out.=","."\"$ln\""; $out.=",NID_$nid{$i},"; - if (defined($obj{$nid{$i}})) + if (defined($obj{$nid{$i}}) && $objd{$obj{$nid{$i}}} =~ /,/) { $v=$objd{$obj{$nid{$i}}}; $v =~ s/L//g; @@ -135,7 +138,7 @@ sub expand_obj } else { - $out.="0,NULL"; + $out.="0,NULL,0"; } $out.="},\n"; push(@out,$out); @@ -145,13 +148,13 @@ sub expand_obj @a=grep(defined($sn{$nid{$_}}),0 .. $n); foreach (sort { $sn{$nid{$a}} cmp $sn{$nid{$b}} } @a) { - push(@sn,sprintf("&(nid_objs[%2d]),/* \"$sn{$nid{$_}}\" */\n",$_)); + push(@sn,sprintf("%2d,\t/* \"$sn{$nid{$_}}\" */\n",$_)); } @a=grep(defined($ln{$nid{$_}}),0 .. $n); foreach (sort { $ln{$nid{$a}} cmp $ln{$nid{$b}} } @a) { - push(@ln,sprintf("&(nid_objs[%2d]),/* \"$ln{$nid{$_}}\" */\n",$_)); + push(@ln,sprintf("%2d,\t/* \"$ln{$nid{$_}}\" */\n",$_)); } @a=grep(defined($obj{$nid{$_}}),0 .. $n); @@ -161,7 +164,7 @@ sub expand_obj $v=$objd{$m}; $v =~ s/L//g; $v =~ s/,/ /g; - push(@ob,sprintf("&(nid_objs[%2d]),/* %-32s %s */\n",$_,$m,$v)); + push(@ob,sprintf("%2d,\t/* %-32s %s */\n",$_,$m,$v)); } print OUT <<'EOF'; @@ -236,11 +239,11 @@ sub expand_obj printf OUT "#define NUM_LN %d\n",$#ln+1; printf OUT "#define NUM_OBJ %d\n\n",$#ob+1; -printf OUT "static unsigned char lvalues[%d]={\n",$lvalues+1; +printf OUT "static const unsigned char lvalues[%d]={\n",$lvalues+1; print OUT @lvalues; print OUT "};\n\n"; -printf OUT "static ASN1_OBJECT nid_objs[NUM_NID]={\n"; +printf OUT "static const ASN1_OBJECT nid_objs[NUM_NID]={\n"; foreach (@out) { if (length($_) > 75) @@ -264,15 +267,15 @@ sub expand_obj } print OUT "};\n\n"; -printf OUT "static ASN1_OBJECT *sn_objs[NUM_SN]={\n"; +printf OUT "static const unsigned int sn_objs[NUM_SN]={\n"; print OUT @sn; print OUT "};\n\n"; -printf OUT "static ASN1_OBJECT *ln_objs[NUM_LN]={\n"; +printf OUT "static const unsigned int ln_objs[NUM_LN]={\n"; print OUT @ln; print OUT "};\n\n"; -printf OUT "static ASN1_OBJECT *obj_objs[NUM_OBJ]={\n"; +printf OUT "static const unsigned int obj_objs[NUM_OBJ]={\n"; print OUT @ob; print OUT "};\n\n"; diff --git a/src/lib/libcrypto/objects/obj_err.c b/src/lib/libcrypto/objects/obj_err.c index 80ab6855af3..e1413190eb1 100644 --- a/src/lib/libcrypto/objects/obj_err.c +++ b/src/lib/libcrypto/objects/obj_err.c @@ -1,13 +1,13 @@ -/* crypto/objects/obj_err.c */ +/* $OpenBSD: obj_err.c,v 1.12 2017/01/29 17:49:23 beck Exp $ */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -59,41 +59,38 @@ */ #include + +#include + #include #include /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -static ERR_STRING_DATA OBJ_str_functs[]= - { -{ERR_PACK(0,OBJ_F_OBJ_CREATE,0), "OBJ_create"}, -{ERR_PACK(0,OBJ_F_OBJ_DUP,0), "OBJ_dup"}, -{ERR_PACK(0,OBJ_F_OBJ_NID2LN,0), "OBJ_nid2ln"}, -{ERR_PACK(0,OBJ_F_OBJ_NID2OBJ,0), "OBJ_nid2obj"}, -{ERR_PACK(0,OBJ_F_OBJ_NID2SN,0), "OBJ_nid2sn"}, -{0,NULL} - }; -static ERR_STRING_DATA OBJ_str_reasons[]= - { -{OBJ_R_MALLOC_FAILURE ,"malloc failure"}, -{OBJ_R_UNKNOWN_NID ,"unknown nid"}, -{0,NULL} - }; +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_OBJ,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_OBJ,0,reason) -#endif +static ERR_STRING_DATA OBJ_str_functs[] = { + {ERR_FUNC(0xfff), "CRYPTO_internal"}, + {0, NULL} +}; -void ERR_load_OBJ_strings(void) - { - static int init=1; +static ERR_STRING_DATA OBJ_str_reasons[] = { + {ERR_REASON(OBJ_R_MALLOC_FAILURE) , "malloc failure"}, + {ERR_REASON(OBJ_R_UNKNOWN_NID) , "unknown nid"}, + {0, NULL} +}; - if (init) - { - init=0; -#ifndef OPENSSL_NO_ERR - ERR_load_strings(ERR_LIB_OBJ,OBJ_str_functs); - ERR_load_strings(ERR_LIB_OBJ,OBJ_str_reasons); #endif - } +void +ERR_load_OBJ_strings(void) +{ +#ifndef OPENSSL_NO_ERR + if (ERR_func_error_string(OBJ_str_functs[0].error) == NULL) { + ERR_load_strings(0, OBJ_str_functs); + ERR_load_strings(0, OBJ_str_reasons); } +#endif +} diff --git a/src/lib/libcrypto/objects/obj_lib.c b/src/lib/libcrypto/objects/obj_lib.c index b0b0f2ff24b..5327a0cb983 100644 --- a/src/lib/libcrypto/objects/obj_lib.c +++ b/src/lib/libcrypto/objects/obj_lib.c @@ -1,25 +1,25 @@ -/* crypto/objects/obj_lib.c */ +/* $OpenBSD: obj_lib.c,v 1.15 2018/09/08 10:31:24 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,71 +57,74 @@ */ #include -#include "cryptlib.h" +#include + +#include +#include #include #include -#include -ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o) - { +ASN1_OBJECT * +OBJ_dup(const ASN1_OBJECT *o) +{ ASN1_OBJECT *r; - int i; - char *ln=NULL; + char *ln = NULL, *sn = NULL; + unsigned char *data = NULL; - if (o == NULL) return(NULL); + if (o == NULL) + return (NULL); if (!(o->flags & ASN1_OBJECT_FLAG_DYNAMIC)) return((ASN1_OBJECT *)o); /* XXX: ugh! Why? What kind of duplication is this??? */ - r=ASN1_OBJECT_new(); - if (r == NULL) - { - OBJerr(OBJ_F_OBJ_DUP,ERR_R_ASN1_LIB); - return(NULL); - } - r->data=OPENSSL_malloc(o->length); - if (r->data == NULL) + r = ASN1_OBJECT_new(); + if (r == NULL) { + OBJerror(ERR_R_ASN1_LIB); + return (NULL); + } + data = malloc(o->length); + if (data == NULL) goto err; - memcpy(r->data,o->data,o->length); - r->length=o->length; - r->nid=o->nid; - r->ln=r->sn=NULL; - if (o->ln != NULL) - { - i=strlen(o->ln)+1; - r->ln=ln=OPENSSL_malloc(i); - if (r->ln == NULL) goto err; - memcpy(ln,o->ln,i); - } - - if (o->sn != NULL) - { - char *s; + if (o->data != NULL) + memcpy(data, o->data, o->length); + /* once data attached to object it remains const */ + r->data = data; + r->length = o->length; + r->nid = o->nid; + r->ln = r->sn = NULL; + if (o->ln != NULL) { + ln = strdup(o->ln); + if (ln == NULL) + goto err; + r->ln = ln; + } - i=strlen(o->sn)+1; - r->sn=s=OPENSSL_malloc(i); - if (r->sn == NULL) goto err; - memcpy(s,o->sn,i); - } - r->flags=o->flags|(ASN1_OBJECT_FLAG_DYNAMIC| - ASN1_OBJECT_FLAG_DYNAMIC_STRINGS|ASN1_OBJECT_FLAG_DYNAMIC_DATA); - return(r); -err: - OBJerr(OBJ_F_OBJ_DUP,ERR_R_MALLOC_FAILURE); - if (r != NULL) - { - if (ln != NULL) OPENSSL_free(ln); - if (r->data != NULL) OPENSSL_free(r->data); - OPENSSL_free(r); - } - return(NULL); + if (o->sn != NULL) { + sn = strdup(o->sn); + if (sn == NULL) + goto err; + r->sn = sn; } + r->flags = o->flags | (ASN1_OBJECT_FLAG_DYNAMIC | + ASN1_OBJECT_FLAG_DYNAMIC_STRINGS | ASN1_OBJECT_FLAG_DYNAMIC_DATA); + return (r); + + err: + OBJerror(ERR_R_MALLOC_FAILURE); + free(ln); + free(sn); + free(data); + free(r); + return (NULL); +} -int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b) - { +int +OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b) +{ int ret; - ret=(a->length-b->length); - if (ret) return(ret); - return(memcmp(a->data,b->data,a->length)); - } + ret = (a->length - b->length); + if (ret) + return (ret); + return (memcmp(a->data, b->data, a->length)); +} diff --git a/src/lib/libcrypto/objects/obj_mac.num b/src/lib/libcrypto/objects/obj_mac.num index 02b39062fee..8efb2333088 100644 --- a/src/lib/libcrypto/objects/obj_mac.num +++ b/src/lib/libcrypto/objects/obj_mac.num @@ -287,9 +287,9 @@ qcStatements 286 ac_auditEntity 287 ac_targeting 288 aaControls 289 -sbqp_ipAddrBlock 290 -sbqp_autonomousSysNum 291 -sbqp_routerIdentifier 292 +sbgp_ipAddrBlock 290 +sbgp_autonomousSysNum 291 +sbgp_routerIdentifier 292 textNotice 293 ipsecEndSystem 294 ipsecTunnel 295 @@ -507,3 +507,461 @@ mime_mhs_bodies 506 id_hex_partial_message 507 id_hex_multipart_message 508 generationQualifier 509 +pseudonym 510 +InternationalRA 511 +id_set 512 +set_ctype 513 +set_msgExt 514 +set_attr 515 +set_policy 516 +set_certExt 517 +set_brand 518 +setct_PANData 519 +setct_PANToken 520 +setct_PANOnly 521 +setct_OIData 522 +setct_PI 523 +setct_PIData 524 +setct_PIDataUnsigned 525 +setct_HODInput 526 +setct_AuthResBaggage 527 +setct_AuthRevReqBaggage 528 +setct_AuthRevResBaggage 529 +setct_CapTokenSeq 530 +setct_PInitResData 531 +setct_PI_TBS 532 +setct_PResData 533 +setct_AuthReqTBS 534 +setct_AuthResTBS 535 +setct_AuthResTBSX 536 +setct_AuthTokenTBS 537 +setct_CapTokenData 538 +setct_CapTokenTBS 539 +setct_AcqCardCodeMsg 540 +setct_AuthRevReqTBS 541 +setct_AuthRevResData 542 +setct_AuthRevResTBS 543 +setct_CapReqTBS 544 +setct_CapReqTBSX 545 +setct_CapResData 546 +setct_CapRevReqTBS 547 +setct_CapRevReqTBSX 548 +setct_CapRevResData 549 +setct_CredReqTBS 550 +setct_CredReqTBSX 551 +setct_CredResData 552 +setct_CredRevReqTBS 553 +setct_CredRevReqTBSX 554 +setct_CredRevResData 555 +setct_PCertReqData 556 +setct_PCertResTBS 557 +setct_BatchAdminReqData 558 +setct_BatchAdminResData 559 +setct_CardCInitResTBS 560 +setct_MeAqCInitResTBS 561 +setct_RegFormResTBS 562 +setct_CertReqData 563 +setct_CertReqTBS 564 +setct_CertResData 565 +setct_CertInqReqTBS 566 +setct_ErrorTBS 567 +setct_PIDualSignedTBE 568 +setct_PIUnsignedTBE 569 +setct_AuthReqTBE 570 +setct_AuthResTBE 571 +setct_AuthResTBEX 572 +setct_AuthTokenTBE 573 +setct_CapTokenTBE 574 +setct_CapTokenTBEX 575 +setct_AcqCardCodeMsgTBE 576 +setct_AuthRevReqTBE 577 +setct_AuthRevResTBE 578 +setct_AuthRevResTBEB 579 +setct_CapReqTBE 580 +setct_CapReqTBEX 581 +setct_CapResTBE 582 +setct_CapRevReqTBE 583 +setct_CapRevReqTBEX 584 +setct_CapRevResTBE 585 +setct_CredReqTBE 586 +setct_CredReqTBEX 587 +setct_CredResTBE 588 +setct_CredRevReqTBE 589 +setct_CredRevReqTBEX 590 +setct_CredRevResTBE 591 +setct_BatchAdminReqTBE 592 +setct_BatchAdminResTBE 593 +setct_RegFormReqTBE 594 +setct_CertReqTBE 595 +setct_CertReqTBEX 596 +setct_CertResTBE 597 +setct_CRLNotificationTBS 598 +setct_CRLNotificationResTBS 599 +setct_BCIDistributionTBS 600 +setext_genCrypt 601 +setext_miAuth 602 +setext_pinSecure 603 +setext_pinAny 604 +setext_track2 605 +setext_cv 606 +set_policy_root 607 +setCext_hashedRoot 608 +setCext_certType 609 +setCext_merchData 610 +setCext_cCertRequired 611 +setCext_tunneling 612 +setCext_setExt 613 +setCext_setQualf 614 +setCext_PGWYcapabilities 615 +setCext_TokenIdentifier 616 +setCext_Track2Data 617 +setCext_TokenType 618 +setCext_IssuerCapabilities 619 +setAttr_Cert 620 +setAttr_PGWYcap 621 +setAttr_TokenType 622 +setAttr_IssCap 623 +set_rootKeyThumb 624 +set_addPolicy 625 +setAttr_Token_EMV 626 +setAttr_Token_B0Prime 627 +setAttr_IssCap_CVM 628 +setAttr_IssCap_T2 629 +setAttr_IssCap_Sig 630 +setAttr_GenCryptgrm 631 +setAttr_T2Enc 632 +setAttr_T2cleartxt 633 +setAttr_TokICCsig 634 +setAttr_SecDevSig 635 +set_brand_IATA_ATA 636 +set_brand_Diners 637 +set_brand_AmericanExpress 638 +set_brand_JCB 639 +set_brand_Visa 640 +set_brand_MasterCard 641 +set_brand_Novus 642 +des_cdmf 643 +rsaOAEPEncryptionSET 644 +itu_t 645 +joint_iso_itu_t 646 +international_organizations 647 +ms_smartcard_login 648 +ms_upn 649 +aes_128_cfb1 650 +aes_192_cfb1 651 +aes_256_cfb1 652 +aes_128_cfb8 653 +aes_192_cfb8 654 +aes_256_cfb8 655 +des_cfb1 656 +des_cfb8 657 +des_ede3_cfb1 658 +des_ede3_cfb8 659 +streetAddress 660 +postalCode 661 +id_ppl 662 +proxyCertInfo 663 +id_ppl_anyLanguage 664 +id_ppl_inheritAll 665 +name_constraints 666 +Independent 667 +sha256WithRSAEncryption 668 +sha384WithRSAEncryption 669 +sha512WithRSAEncryption 670 +sha224WithRSAEncryption 671 +sha256 672 +sha384 673 +sha512 674 +sha224 675 +identified_organization 676 +certicom_arc 677 +wap 678 +wap_wsg 679 +X9_62_id_characteristic_two_basis 680 +X9_62_onBasis 681 +X9_62_tpBasis 682 +X9_62_ppBasis 683 +X9_62_c2pnb163v1 684 +X9_62_c2pnb163v2 685 +X9_62_c2pnb163v3 686 +X9_62_c2pnb176v1 687 +X9_62_c2tnb191v1 688 +X9_62_c2tnb191v2 689 +X9_62_c2tnb191v3 690 +X9_62_c2onb191v4 691 +X9_62_c2onb191v5 692 +X9_62_c2pnb208w1 693 +X9_62_c2tnb239v1 694 +X9_62_c2tnb239v2 695 +X9_62_c2tnb239v3 696 +X9_62_c2onb239v4 697 +X9_62_c2onb239v5 698 +X9_62_c2pnb272w1 699 +X9_62_c2pnb304w1 700 +X9_62_c2tnb359v1 701 +X9_62_c2pnb368w1 702 +X9_62_c2tnb431r1 703 +secp112r1 704 +secp112r2 705 +secp128r1 706 +secp128r2 707 +secp160k1 708 +secp160r1 709 +secp160r2 710 +secp192k1 711 +secp224k1 712 +secp224r1 713 +secp256k1 714 +secp384r1 715 +secp521r1 716 +sect113r1 717 +sect113r2 718 +sect131r1 719 +sect131r2 720 +sect163k1 721 +sect163r1 722 +sect163r2 723 +sect193r1 724 +sect193r2 725 +sect233k1 726 +sect233r1 727 +sect239k1 728 +sect283k1 729 +sect283r1 730 +sect409k1 731 +sect409r1 732 +sect571k1 733 +sect571r1 734 +wap_wsg_idm_ecid_wtls1 735 +wap_wsg_idm_ecid_wtls3 736 +wap_wsg_idm_ecid_wtls4 737 +wap_wsg_idm_ecid_wtls5 738 +wap_wsg_idm_ecid_wtls6 739 +wap_wsg_idm_ecid_wtls7 740 +wap_wsg_idm_ecid_wtls8 741 +wap_wsg_idm_ecid_wtls9 742 +wap_wsg_idm_ecid_wtls10 743 +wap_wsg_idm_ecid_wtls11 744 +wap_wsg_idm_ecid_wtls12 745 +any_policy 746 +policy_mappings 747 +inhibit_any_policy 748 +ipsec3 749 +ipsec4 750 +camellia_128_cbc 751 +camellia_192_cbc 752 +camellia_256_cbc 753 +camellia_128_ecb 754 +camellia_192_ecb 755 +camellia_256_ecb 756 +camellia_128_cfb128 757 +camellia_192_cfb128 758 +camellia_256_cfb128 759 +camellia_128_cfb1 760 +camellia_192_cfb1 761 +camellia_256_cfb1 762 +camellia_128_cfb8 763 +camellia_192_cfb8 764 +camellia_256_cfb8 765 +camellia_128_ofb128 766 +camellia_192_ofb128 767 +camellia_256_ofb128 768 +subject_directory_attributes 769 +issuing_distribution_point 770 +certificate_issuer 771 +korea 772 +kisa 773 +kftc 774 +npki_alg 775 +seed_ecb 776 +seed_cbc 777 +seed_ofb128 778 +seed_cfb128 779 +hmac_md5 780 +hmac_sha1 781 +id_PasswordBasedMAC 782 +id_DHBasedMac 783 +id_it_suppLangTags 784 +caRepository 785 +id_smime_ct_compressedData 786 +id_ct_asciiTextWithCRLF 787 +id_aes128_wrap 788 +id_aes192_wrap 789 +id_aes256_wrap 790 +ecdsa_with_Recommended 791 +ecdsa_with_Specified 792 +ecdsa_with_SHA224 793 +ecdsa_with_SHA256 794 +ecdsa_with_SHA384 795 +ecdsa_with_SHA512 796 +hmacWithMD5 797 +hmacWithSHA224 798 +hmacWithSHA256 799 +hmacWithSHA384 800 +hmacWithSHA512 801 +dsa_with_SHA224 802 +dsa_with_SHA256 803 +whirlpool 804 +cryptopro 805 +cryptocom 806 +id_GostR3411_94_with_GostR3410_2001 807 +id_GostR3411_94_with_GostR3410_94 808 +id_GostR3411_94 809 +id_HMACGostR3411_94 810 +id_GostR3410_2001 811 +id_GostR3410_94 812 +id_Gost28147_89 813 +gost89_cnt 814 +id_Gost28147_89_MAC 815 +id_GostR3411_94_prf 816 +id_GostR3410_2001DH 817 +id_GostR3410_94DH 818 +id_Gost28147_89_CryptoPro_KeyMeshing 819 +id_Gost28147_89_None_KeyMeshing 820 +id_GostR3411_94_TestParamSet 821 +id_GostR3411_94_CryptoProParamSet 822 +id_Gost28147_89_TestParamSet 823 +id_Gost28147_89_CryptoPro_A_ParamSet 824 +id_Gost28147_89_CryptoPro_B_ParamSet 825 +id_Gost28147_89_CryptoPro_C_ParamSet 826 +id_Gost28147_89_CryptoPro_D_ParamSet 827 +id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet 828 +id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet 829 +id_Gost28147_89_CryptoPro_RIC_1_ParamSet 830 +id_GostR3410_94_TestParamSet 831 +id_GostR3410_94_CryptoPro_A_ParamSet 832 +id_GostR3410_94_CryptoPro_B_ParamSet 833 +id_GostR3410_94_CryptoPro_C_ParamSet 834 +id_GostR3410_94_CryptoPro_D_ParamSet 835 +id_GostR3410_94_CryptoPro_XchA_ParamSet 836 +id_GostR3410_94_CryptoPro_XchB_ParamSet 837 +id_GostR3410_94_CryptoPro_XchC_ParamSet 838 +id_GostR3410_2001_TestParamSet 839 +id_GostR3410_2001_CryptoPro_A_ParamSet 840 +id_GostR3410_2001_CryptoPro_B_ParamSet 841 +id_GostR3410_2001_CryptoPro_C_ParamSet 842 +id_GostR3410_2001_CryptoPro_XchA_ParamSet 843 +id_GostR3410_2001_CryptoPro_XchB_ParamSet 844 +id_GostR3410_94_a 845 +id_GostR3410_94_aBis 846 +id_GostR3410_94_b 847 +id_GostR3410_94_bBis 848 +id_Gost28147_89_cc 849 +id_GostR3410_94_cc 850 +id_GostR3410_2001_cc 851 +id_GostR3411_94_with_GostR3410_94_cc 852 +id_GostR3411_94_with_GostR3410_2001_cc 853 +id_GostR3410_2001_ParamSet_cc 854 +hmac 855 +LocalKeySet 856 +freshest_crl 857 +id_on_permanentIdentifier 858 +searchGuide 859 +businessCategory 860 +postalAddress 861 +postOfficeBox 862 +physicalDeliveryOfficeName 863 +telephoneNumber 864 +telexNumber 865 +teletexTerminalIdentifier 866 +facsimileTelephoneNumber 867 +x121Address 868 +internationaliSDNNumber 869 +registeredAddress 870 +destinationIndicator 871 +preferredDeliveryMethod 872 +presentationAddress 873 +supportedApplicationContext 874 +member 875 +owner 876 +roleOccupant 877 +seeAlso 878 +userPassword 879 +userCertificate 880 +cACertificate 881 +authorityRevocationList 882 +certificateRevocationList 883 +crossCertificatePair 884 +enhancedSearchGuide 885 +protocolInformation 886 +distinguishedName 887 +uniqueMember 888 +houseIdentifier 889 +supportedAlgorithms 890 +deltaRevocationList 891 +dmdName 892 +id_alg_PWRI_KEK 893 +cmac 894 +aes_128_gcm 895 +aes_128_ccm 896 +id_aes128_wrap_pad 897 +aes_192_gcm 898 +aes_192_ccm 899 +id_aes192_wrap_pad 900 +aes_256_gcm 901 +aes_256_ccm 902 +id_aes256_wrap_pad 903 +aes_128_ctr 904 +aes_192_ctr 905 +aes_256_ctr 906 +id_camellia128_wrap 907 +id_camellia192_wrap 908 +id_camellia256_wrap 909 +anyExtendedKeyUsage 910 +mgf1 911 +rsassaPss 912 +aes_128_xts 913 +aes_256_xts 914 +rc4_hmac_md5 915 +aes_128_cbc_hmac_sha1 916 +aes_192_cbc_hmac_sha1 917 +aes_256_cbc_hmac_sha1 918 +rsaesOaep 919 +teletrust 920 +brainpool 921 +brainpoolP160r1 922 +brainpoolP160t1 923 +brainpoolP192r1 924 +brainpoolP192t1 925 +brainpoolP224r1 926 +brainpoolP224t1 927 +brainpoolP256r1 928 +brainpoolP256t1 929 +brainpoolP320r1 930 +brainpoolP320t1 931 +brainpoolP384r1 932 +brainpoolP384t1 933 +brainpoolP512r1 934 +brainpoolP512t1 935 +FRP256v1 936 +chacha20 937 +gost89_ecb 938 +gost89_cbc 939 +tc26 940 +id_tc26_gost3411_2012_256 941 +id_tc26_gost3411_2012_512 942 +id_tc26_gost_3410_2012_512_paramSetA 943 +id_tc26_gost_3410_2012_512_paramSetB 944 +id_tc26_gost_28147_param_Z 945 +id_tc26_gost3410_2012_256 946 +id_tc26_gost3410_2012_512 947 +id_tc26_signwithdigest_gost3410_2012_256 948 +id_tc26_signwithdigest_gost3410_2012_512 949 +X25519 950 +X448 951 +Ed25519 952 +Ed448 953 +Ed25519ph 954 +Ed448ph 955 +jurisdictionLocalityName 956 +jurisdictionStateOrProvinceName 957 +jurisdictionCountryName 958 +kx_rsa 959 +kx_ecdhe 960 +kx_dhe 961 +kx_gost 962 +auth_rsa 963 +auth_ecdsa 964 +auth_gost01 965 +auth_null 966 +chacha20_poly1305 967 diff --git a/src/lib/libcrypto/objects/obj_xref.c b/src/lib/libcrypto/objects/obj_xref.c new file mode 100644 index 00000000000..3e8730d1c6b --- /dev/null +++ b/src/lib/libcrypto/objects/obj_xref.c @@ -0,0 +1,237 @@ +/* $OpenBSD: obj_xref.c,v 1.8 2017/01/21 04:44:43 jsing Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2006. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include "obj_xref.h" + +DECLARE_STACK_OF(nid_triple) +STACK_OF(nid_triple) *sig_app, *sigx_app; + +static int +sig_cmp(const nid_triple *a, const nid_triple *b) +{ + return a->sign_id - b->sign_id; +} + +static int sig_cmp_BSEARCH_CMP_FN(const void *, const void *); +static int sig_cmp(nid_triple const *, nid_triple const *); +static nid_triple *OBJ_bsearch_sig(nid_triple *key, nid_triple const *base, int num); + +static int +sig_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) +{ + nid_triple const *a = a_; + nid_triple const *b = b_; + return sig_cmp(a, b); +} + +static nid_triple * +OBJ_bsearch_sig(nid_triple *key, nid_triple const *base, int num) +{ + return (nid_triple *)OBJ_bsearch_(key, base, num, sizeof(nid_triple), + sig_cmp_BSEARCH_CMP_FN); +} + +static int +sig_sk_cmp(const nid_triple * const *a, const nid_triple * const *b) +{ + return (*a)->sign_id - (*b)->sign_id; +} + +static int sigx_cmp_BSEARCH_CMP_FN(const void *, const void *); +static int sigx_cmp(const nid_triple * const *, const nid_triple * const *); +static const nid_triple * *OBJ_bsearch_sigx(const nid_triple * *key, const nid_triple * const *base, int num); + +static int +sigx_cmp(const nid_triple * const *a, const nid_triple * const *b) +{ + int ret; + + ret = (*a)->hash_id - (*b)->hash_id; + if (ret) + return ret; + return (*a)->pkey_id - (*b)->pkey_id; +} + + +static int +sigx_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) +{ + const nid_triple * const *a = a_; + const nid_triple * const *b = b_; + return sigx_cmp(a, b); +} + +static const nid_triple * * +OBJ_bsearch_sigx(const nid_triple * *key, const nid_triple * const *base, int num) +{ + return (const nid_triple * *)OBJ_bsearch_(key, base, num, sizeof(const nid_triple *), + sigx_cmp_BSEARCH_CMP_FN); +} + +int +OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid) +{ + nid_triple tmp; + const nid_triple *rv = NULL; + tmp.sign_id = signid; + + if (sig_app) { + int idx = sk_nid_triple_find(sig_app, &tmp); + if (idx >= 0) + rv = sk_nid_triple_value(sig_app, idx); + } + +#ifndef OBJ_XREF_TEST2 + if (rv == NULL) { + rv = OBJ_bsearch_sig(&tmp, sigoid_srt, + sizeof(sigoid_srt) / sizeof(nid_triple)); + } +#endif + if (rv == NULL) + return 0; + if (pdig_nid) + *pdig_nid = rv->hash_id; + if (ppkey_nid) + *ppkey_nid = rv->pkey_id; + return 1; +} + +int +OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid) +{ + nid_triple tmp; + const nid_triple *t = &tmp; + const nid_triple **rv = NULL; + + tmp.hash_id = dig_nid; + tmp.pkey_id = pkey_nid; + + if (sigx_app) { + int idx = sk_nid_triple_find(sigx_app, &tmp); + if (idx >= 0) { + t = sk_nid_triple_value(sigx_app, idx); + rv = &t; + } + } + +#ifndef OBJ_XREF_TEST2 + if (rv == NULL) { + rv = OBJ_bsearch_sigx(&t, sigoid_srt_xref, + sizeof(sigoid_srt_xref) / sizeof(nid_triple *)); + } +#endif + if (rv == NULL) + return 0; + if (psignid) + *psignid = (*rv)->sign_id; + return 1; +} + +int +OBJ_add_sigid(int signid, int dig_id, int pkey_id) +{ + nid_triple *ntr; + + if (!sig_app) + sig_app = sk_nid_triple_new(sig_sk_cmp); + if (!sig_app) + return 0; + if (!sigx_app) + sigx_app = sk_nid_triple_new(sigx_cmp); + if (!sigx_app) + return 0; + ntr = reallocarray(NULL, 3, sizeof(int)); + if (!ntr) + return 0; + ntr->sign_id = signid; + ntr->hash_id = dig_id; + ntr->pkey_id = pkey_id; + + if (!sk_nid_triple_push(sig_app, ntr)) { + free(ntr); + return 0; + } + + if (!sk_nid_triple_push(sigx_app, ntr)) + return 0; + + sk_nid_triple_sort(sig_app); + sk_nid_triple_sort(sigx_app); + + return 1; +} + +static void +sid_free(nid_triple *tt) +{ + free(tt); +} + +void +OBJ_sigid_free(void) +{ + if (sig_app) { + sk_nid_triple_pop_free(sig_app, sid_free); + sig_app = NULL; + } + if (sigx_app) { + sk_nid_triple_free(sigx_app); + sigx_app = NULL; + } +} diff --git a/src/lib/libcrypto/objects/obj_xref.h b/src/lib/libcrypto/objects/obj_xref.h new file mode 100644 index 00000000000..59c597ce41b --- /dev/null +++ b/src/lib/libcrypto/objects/obj_xref.h @@ -0,0 +1,85 @@ +/* $OpenBSD: obj_xref.h,v 1.4 2016/12/21 15:49:29 jsing Exp $ */ +/* AUTOGENERATED BY objxref.pl, DO NOT EDIT */ + +__BEGIN_HIDDEN_DECLS + +typedef struct + { + int sign_id; + int hash_id; + int pkey_id; + } nid_triple; + +static const nid_triple sigoid_srt[] = + { + {NID_md2WithRSAEncryption, NID_md2, NID_rsaEncryption}, + {NID_md5WithRSAEncryption, NID_md5, NID_rsaEncryption}, + {NID_shaWithRSAEncryption, NID_sha, NID_rsaEncryption}, + {NID_sha1WithRSAEncryption, NID_sha1, NID_rsaEncryption}, + {NID_dsaWithSHA, NID_sha, NID_dsa}, + {NID_dsaWithSHA1_2, NID_sha1, NID_dsa_2}, + {NID_mdc2WithRSA, NID_mdc2, NID_rsaEncryption}, + {NID_md5WithRSA, NID_md5, NID_rsa}, + {NID_dsaWithSHA1, NID_sha1, NID_dsa}, + {NID_sha1WithRSA, NID_sha1, NID_rsa}, + {NID_ripemd160WithRSA, NID_ripemd160, NID_rsaEncryption}, + {NID_md4WithRSAEncryption, NID_md4, NID_rsaEncryption}, + {NID_ecdsa_with_SHA1, NID_sha1, NID_X9_62_id_ecPublicKey}, + {NID_sha256WithRSAEncryption, NID_sha256, NID_rsaEncryption}, + {NID_sha384WithRSAEncryption, NID_sha384, NID_rsaEncryption}, + {NID_sha512WithRSAEncryption, NID_sha512, NID_rsaEncryption}, + {NID_sha224WithRSAEncryption, NID_sha224, NID_rsaEncryption}, + {NID_ecdsa_with_Recommended, NID_undef, NID_X9_62_id_ecPublicKey}, + {NID_ecdsa_with_Specified, NID_undef, NID_X9_62_id_ecPublicKey}, + {NID_ecdsa_with_SHA224, NID_sha224, NID_X9_62_id_ecPublicKey}, + {NID_ecdsa_with_SHA256, NID_sha256, NID_X9_62_id_ecPublicKey}, + {NID_ecdsa_with_SHA384, NID_sha384, NID_X9_62_id_ecPublicKey}, + {NID_ecdsa_with_SHA512, NID_sha512, NID_X9_62_id_ecPublicKey}, + {NID_dsa_with_SHA224, NID_sha224, NID_dsa}, + {NID_dsa_with_SHA256, NID_sha256, NID_dsa}, + {NID_id_GostR3411_94_with_GostR3410_2001, NID_id_GostR3411_94, NID_id_GostR3410_2001}, + {NID_id_GostR3411_94_with_GostR3410_94, NID_id_GostR3411_94, NID_id_GostR3410_94}, + {NID_id_GostR3411_94_with_GostR3410_94_cc, NID_id_GostR3411_94, NID_id_GostR3410_94_cc}, + {NID_id_GostR3411_94_with_GostR3410_2001_cc, NID_id_GostR3411_94, NID_id_GostR3410_2001_cc}, + {NID_rsassaPss, NID_undef, NID_rsaEncryption}, + {NID_id_tc26_signwithdigest_gost3410_2012_256, NID_id_tc26_gost3411_2012_256, NID_id_GostR3410_2001}, + {NID_id_tc26_signwithdigest_gost3410_2012_512, NID_id_tc26_gost3411_2012_512, NID_id_GostR3410_2001}, + }; + +static const nid_triple * const sigoid_srt_xref[] = + { + &sigoid_srt[29], + &sigoid_srt[17], + &sigoid_srt[18], + &sigoid_srt[0], + &sigoid_srt[1], + &sigoid_srt[7], + &sigoid_srt[2], + &sigoid_srt[4], + &sigoid_srt[3], + &sigoid_srt[9], + &sigoid_srt[5], + &sigoid_srt[8], + &sigoid_srt[12], + &sigoid_srt[6], + &sigoid_srt[10], + &sigoid_srt[11], + &sigoid_srt[13], + &sigoid_srt[24], + &sigoid_srt[20], + &sigoid_srt[14], + &sigoid_srt[21], + &sigoid_srt[15], + &sigoid_srt[22], + &sigoid_srt[16], + &sigoid_srt[23], + &sigoid_srt[19], + &sigoid_srt[25], + &sigoid_srt[26], + &sigoid_srt[27], + &sigoid_srt[28], + &sigoid_srt[30], + &sigoid_srt[31], + }; + +__END_HIDDEN_DECLS diff --git a/src/lib/libcrypto/objects/obj_xref.txt b/src/lib/libcrypto/objects/obj_xref.txt new file mode 100644 index 00000000000..dde52d8143e --- /dev/null +++ b/src/lib/libcrypto/objects/obj_xref.txt @@ -0,0 +1,48 @@ +# OID cross reference table. +# Links signatures OIDs to their corresponding public key algorithms +# and digests. + +md2WithRSAEncryption md2 rsaEncryption +md5WithRSAEncryption md5 rsaEncryption +shaWithRSAEncryption sha rsaEncryption +sha1WithRSAEncryption sha1 rsaEncryption +md4WithRSAEncryption md4 rsaEncryption +sha256WithRSAEncryption sha256 rsaEncryption +sha384WithRSAEncryption sha384 rsaEncryption +sha512WithRSAEncryption sha512 rsaEncryption +sha224WithRSAEncryption sha224 rsaEncryption +mdc2WithRSA mdc2 rsaEncryption +ripemd160WithRSA ripemd160 rsaEncryption +# For PSS the digest algorithm can vary and depends on the included +# AlgorithmIdentifier. The digest "undef" indicates the public key +# method should handle this explicitly. +rsassaPss undef rsaEncryption + +# Alternative deprecated OIDs. By using the older "rsa" OID this +# type will be recognized by not normally used. + +md5WithRSA md5 rsa +sha1WithRSA sha1 rsa + +dsaWithSHA sha dsa +dsaWithSHA1 sha1 dsa + +dsaWithSHA1_2 sha1 dsa_2 + +ecdsa_with_SHA1 sha1 X9_62_id_ecPublicKey +ecdsa_with_SHA224 sha224 X9_62_id_ecPublicKey +ecdsa_with_SHA256 sha256 X9_62_id_ecPublicKey +ecdsa_with_SHA384 sha384 X9_62_id_ecPublicKey +ecdsa_with_SHA512 sha512 X9_62_id_ecPublicKey +ecdsa_with_Recommended undef X9_62_id_ecPublicKey +ecdsa_with_Specified undef X9_62_id_ecPublicKey + +dsa_with_SHA224 sha224 dsa +dsa_with_SHA256 sha256 dsa + +id_GostR3411_94_with_GostR3410_2001 id_GostR3411_94 id_GostR3410_2001 +id_GostR3411_94_with_GostR3410_94 id_GostR3411_94 id_GostR3410_94 +id_GostR3411_94_with_GostR3410_94_cc id_GostR3411_94 id_GostR3410_94_cc +id_GostR3411_94_with_GostR3410_2001_cc id_GostR3411_94 id_GostR3410_2001_cc +id_tc26_signwithdigest_gost3410_2012_256 id_tc26_gost3411_2012_256 id_tc26_gost3410_2012_256 +id_tc26_signwithdigest_gost3410_2012_512 id_tc26_gost3411_2012_512 id_tc26_gost3410_2012_512 diff --git a/src/lib/libcrypto/objects/objects.README b/src/lib/libcrypto/objects/objects.README index 4d745508d83..c49e93d6799 100644 --- a/src/lib/libcrypto/objects/objects.README +++ b/src/lib/libcrypto/objects/objects.README @@ -1,7 +1,7 @@ objects.txt syntax ------------------ -To cover all the naming hacks that were previously in objects.h needed some +To cover all the naming hacks that were previously in objects.h, we needed some kind of hacks in objects.txt. The basic syntax for adding an object is as follows: @@ -16,13 +16,13 @@ The basic syntax for adding an object is as follows: create the C macros SN_base, LN_base, NID_base and OBJ_base. Note that if the base name contains spaces, dashes or periods, - those will be converte to underscore. + those will be converted to underscore. Then there are some extra commands: !Alias foo 1 2 3 4 - This juts makes a name foo for an OID. The C macro + This just makes a name foo for an OID. The C macro OBJ_foo will be created as a result. !Cname foo diff --git a/src/lib/libcrypto/objects/objects.h b/src/lib/libcrypto/objects/objects.h index de105328136..c40991b5e34 100644 --- a/src/lib/libcrypto/objects/objects.h +++ b/src/lib/libcrypto/objects/objects.h @@ -1,25 +1,25 @@ -/* crypto/objects/objects.h */ +/* $OpenBSD: objects.h,v 1.12 2017/01/21 04:53:22 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -387,7 +387,7 @@ #define SN_pbeWithSHA1AndRC2_CBC "PBE-SHA1-RC2-64" #define LN_pbeWithSHA1AndRC2_CBC "pbeWithSHA1AndRC2-CBC" #define NID_pbeWithSHA1AndRC2_CBC 68 -#define OBJ_pbeWithSHA1AndRC2_CBC OBJ_pkcs,5L,11L +#define OBJ_pbeWithSHA1AndRC2_CBC OBJ_pkcs,5L,11L /* proposed by microsoft to RSA as pbeWithSHA1AndRC4: it is now * defined explicitly in PKCS#5 v2.0 as id-PBKDF2 which is something @@ -395,7 +395,7 @@ */ #define LN_id_pbkdf2 "PBKDF2" #define NID_id_pbkdf2 69 -#define OBJ_id_pbkdf2 OBJ_pkcs,5L,12L +#define OBJ_id_pbkdf2 OBJ_pkcs,5L,12L #define SN_dsaWithSHA1_2 "DSA-SHA1-old" #define LN_dsaWithSHA1_2 "dsaWithSHA1-old" @@ -966,36 +966,38 @@ #define OBJ_NAME_TYPE_COMP_METH 0x04 #define OBJ_NAME_TYPE_NUM 0x05 -#define OBJ_NAME_ALIAS 0x8000 +#define OBJ_NAME_ALIAS 0x8000 + +#define OBJ_BSEARCH_VALUE_ON_NOMATCH 0x01 +#define OBJ_BSEARCH_FIRST_VALUE_ON_MATCH 0x02 #ifdef __cplusplus extern "C" { #endif -typedef struct obj_name_st - { +typedef struct obj_name_st { int type; int alias; const char *name; const char *data; - } OBJ_NAME; +} OBJ_NAME; #define OBJ_create_and_add_object(a,b,c) OBJ_create(a,b,c) int OBJ_NAME_init(void); int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *), - int (*cmp_func)(const char *, const char *), - void (*free_func)(const char *, int, const char *)); -const char *OBJ_NAME_get(const char *name,int type); -int OBJ_NAME_add(const char *name,int type,const char *data); -int OBJ_NAME_remove(const char *name,int type); + int (*cmp_func)(const char *, const char *), + void (*free_func)(const char *, int, const char *)); +const char *OBJ_NAME_get(const char *name, int type); +int OBJ_NAME_add(const char *name, int type, const char *data); +int OBJ_NAME_remove(const char *name, int type); void OBJ_NAME_cleanup(int type); /* -1 for everything */ -void OBJ_NAME_do_all(int type,void (*fn)(const OBJ_NAME *,void *arg), - void *arg); -void OBJ_NAME_do_all_sorted(int type,void (*fn)(const OBJ_NAME *,void *arg), - void *arg); +void OBJ_NAME_do_all(int type, void (*fn)(const OBJ_NAME *, void *arg), + void *arg); +void OBJ_NAME_do_all_sorted(int type, void (*fn)(const OBJ_NAME *, void *arg), + void *arg); ASN1_OBJECT * OBJ_dup(const ASN1_OBJECT *o); ASN1_OBJECT * OBJ_nid2obj(int n); @@ -1007,16 +1009,110 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name); int OBJ_txt2nid(const char *s); int OBJ_ln2nid(const char *s); int OBJ_sn2nid(const char *s); -int OBJ_cmp(const ASN1_OBJECT *a,const ASN1_OBJECT *b); -const char * OBJ_bsearch(const char *key,const char *base,int num,int size, - int (*cmp)(const void *, const void *)); +int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b); +const void * OBJ_bsearch_(const void *key, const void *base, int num, + int size, int (*cmp)(const void *, const void *)); +const void * OBJ_bsearch_ex_(const void *key, const void *base, int num, + int size, int (*cmp)(const void *, const void *), + int flags); + +#ifndef LIBRESSL_INTERNAL + +#define _DECLARE_OBJ_BSEARCH_CMP_FN(scope, type1, type2, nm) \ + static int nm##_cmp_BSEARCH_CMP_FN(const void *, const void *); \ + static int nm##_cmp(type1 const *, type2 const *); \ + scope type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) + +#define DECLARE_OBJ_BSEARCH_CMP_FN(type1, type2, cmp) \ + _DECLARE_OBJ_BSEARCH_CMP_FN(static, type1, type2, cmp) +#define DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm) \ + type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) + +/* + * Unsolved problem: if a type is actually a pointer type, like + * nid_triple is, then its impossible to get a const where you need + * it. Consider: + * + * typedef int nid_triple[3]; + * const void *a_; + * const nid_triple const *a = a_; + * + * The assignement discards a const because what you really want is: + * + * const int const * const *a = a_; + * + * But if you do that, you lose the fact that a is an array of 3 ints, + * which breaks comparison functions. + * + * Thus we end up having to cast, sadly, or unpack the + * declarations. Or, as I finally did in this case, delcare nid_triple + * to be a struct, which it should have been in the first place. + * + * Ben, August 2008. + * + * Also, strictly speaking not all types need be const, but handling + * the non-constness means a lot of complication, and in practice + * comparison routines do always not touch their arguments. + */ + +#define IMPLEMENT_OBJ_BSEARCH_CMP_FN(type1, type2, nm) \ + static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) \ + { \ + type1 const *a = a_; \ + type2 const *b = b_; \ + return nm##_cmp(a,b); \ + } \ + static type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \ + { \ + return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \ + nm##_cmp_BSEARCH_CMP_FN); \ + } \ + extern void dummy_prototype(void) + +#define IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm) \ + static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) \ + { \ + type1 const *a = a_; \ + type2 const *b = b_; \ + return nm##_cmp(a,b); \ + } \ + type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \ + { \ + return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \ + nm##_cmp_BSEARCH_CMP_FN); \ + } \ + extern void dummy_prototype(void) + +#define OBJ_bsearch(type1,key,type2,base,num,cmp) \ + ((type2 *)OBJ_bsearch_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \ + num,sizeof(type2), \ + ((void)CHECKED_PTR_OF(type1,cmp##_type_1), \ + (void)CHECKED_PTR_OF(type2,cmp##_type_2), \ + cmp##_BSEARCH_CMP_FN))) + +#define OBJ_bsearch_ex(type1,key,type2,base,num,cmp,flags) \ + ((type2 *)OBJ_bsearch_ex_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \ + num,sizeof(type2), \ + ((void)CHECKED_PTR_OF(type1,cmp##_type_1), \ + (void)type_2=CHECKED_PTR_OF(type2,cmp##_type_2), \ + cmp##_BSEARCH_CMP_FN)),flags) + +#endif /* !LIBRESSL_INTERNAL */ int OBJ_new_nid(int num); int OBJ_add_object(const ASN1_OBJECT *obj); -int OBJ_create(const char *oid,const char *sn,const char *ln); +int OBJ_create(const char *oid, const char *sn, const char *ln); void OBJ_cleanup(void ); int OBJ_create_objects(BIO *in); +int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid); +int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid); +int OBJ_add_sigid(int signid, int dig_id, int pkey_id); +void OBJ_sigid_free(void); + +extern int obj_cleanup_defer; +void check_defer(int nid); + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. @@ -1026,8 +1122,10 @@ void ERR_load_OBJ_strings(void); /* Error codes for the OBJ functions. */ /* Function codes. */ +#define OBJ_F_OBJ_ADD_OBJECT 105 #define OBJ_F_OBJ_CREATE 100 #define OBJ_F_OBJ_DUP 101 +#define OBJ_F_OBJ_NAME_NEW_INDEX 106 #define OBJ_F_OBJ_NID2LN 102 #define OBJ_F_OBJ_NID2OBJ 103 #define OBJ_F_OBJ_NID2SN 104 diff --git a/src/lib/libcrypto/objects/objects.pl b/src/lib/libcrypto/objects/objects.pl index 76bb8da677b..d2bf659d888 100644 --- a/src/lib/libcrypto/objects/objects.pl +++ b/src/lib/libcrypto/objects/objects.pl @@ -14,6 +14,8 @@ $Cname =~ s/^X//; if (defined($nidn{$mynum})) { die "$ARGV[1]:$o:There's already an object with NID ",$mynum," on line ",$order{$mynum},"\n"; } + if (defined($nid{$Cname})) + { die "$ARGV[1]:$o:There's already an object with name ",$Cname," on line ",$order{$nid{$Cname}},"\n"; } $nid{$Cname} = $mynum; $nidn{$mynum} = $Cname; $order{$mynum} = $o; @@ -102,6 +104,7 @@ $max_nid++; $nid{$Cname} = $max_nid; $nidn{$max_nid} = $Cname; +print STDERR "Added OID $Cname\n"; } $Cname=""; } diff --git a/src/lib/libcrypto/objects/objects.txt b/src/lib/libcrypto/objects/objects.txt index 65d0b156296..3489682463a 100644 --- a/src/lib/libcrypto/objects/objects.txt +++ b/src/lib/libcrypto/objects/objects.txt @@ -1,12 +1,28 @@ -0 : CCITT : ccitt +# CCITT was renamed to ITU-T quite some time ago +0 : ITU-T : itu-t +!Alias ccitt itu-t 1 : ISO : iso -2 : JOINT-ISO-CCITT : joint-iso-ccitt +2 : JOINT-ISO-ITU-T : joint-iso-itu-t +!Alias joint-iso-ccitt joint-iso-itu-t iso 2 : member-body : ISO Member Body -joint-iso-ccitt 5 1 5 : selected-attribute-types : Selected Attribute Types +iso 3 : identified-organization + +# HMAC OIDs +identified-organization 6 1 5 5 8 1 1 : HMAC-MD5 : hmac-md5 +identified-organization 6 1 5 5 8 1 2 : HMAC-SHA1 : hmac-sha1 + +identified-organization 132 : certicom-arc + +joint-iso-itu-t 23 : international-organizations : International Organizations + +international-organizations 43 : wap +wap 1 : wap-wsg + +joint-iso-itu-t 5 1 5 : selected-attribute-types : Selected Attribute Types selected-attribute-types 55 : clearance @@ -24,12 +40,34 @@ ISO-US 10045 : ansi-X9-62 : ANSI X9.62 !Alias id-fieldType ansi-X9-62 1 X9-62_id-fieldType 1 : prime-field X9-62_id-fieldType 2 : characteristic-two-field -# ... characteristic-two-field OID subtree +X9-62_characteristic-two-field 3 : id-characteristic-two-basis +X9-62_id-characteristic-two-basis 1 : onBasis +X9-62_id-characteristic-two-basis 2 : tpBasis +X9-62_id-characteristic-two-basis 3 : ppBasis !Alias id-publicKeyType ansi-X9-62 2 X9-62_id-publicKeyType 1 : id-ecPublicKey !Alias ellipticCurve ansi-X9-62 3 !Alias c-TwoCurve X9-62_ellipticCurve 0 -# ... characteristic 2 curve OIDs +X9-62_c-TwoCurve 1 : c2pnb163v1 +X9-62_c-TwoCurve 2 : c2pnb163v2 +X9-62_c-TwoCurve 3 : c2pnb163v3 +X9-62_c-TwoCurve 4 : c2pnb176v1 +X9-62_c-TwoCurve 5 : c2tnb191v1 +X9-62_c-TwoCurve 6 : c2tnb191v2 +X9-62_c-TwoCurve 7 : c2tnb191v3 +X9-62_c-TwoCurve 8 : c2onb191v4 +X9-62_c-TwoCurve 9 : c2onb191v5 +X9-62_c-TwoCurve 10 : c2pnb208w1 +X9-62_c-TwoCurve 11 : c2tnb239v1 +X9-62_c-TwoCurve 12 : c2tnb239v2 +X9-62_c-TwoCurve 13 : c2tnb239v3 +X9-62_c-TwoCurve 14 : c2onb239v4 +X9-62_c-TwoCurve 15 : c2onb239v5 +X9-62_c-TwoCurve 16 : c2pnb272w1 +X9-62_c-TwoCurve 17 : c2pnb304w1 +X9-62_c-TwoCurve 18 : c2tnb359v1 +X9-62_c-TwoCurve 19 : c2pnb368w1 +X9-62_c-TwoCurve 20 : c2tnb431r1 !Alias primeCurve X9-62_ellipticCurve 1 X9-62_primeCurve 1 : prime192v1 X9-62_primeCurve 2 : prime192v2 @@ -41,7 +79,67 @@ X9-62_primeCurve 7 : prime256v1 !Alias id-ecSigType ansi-X9-62 4 !global X9-62_id-ecSigType 1 : ecdsa-with-SHA1 - +X9-62_id-ecSigType 2 : ecdsa-with-Recommended +X9-62_id-ecSigType 3 : ecdsa-with-Specified +ecdsa-with-Specified 1 : ecdsa-with-SHA224 +ecdsa-with-Specified 2 : ecdsa-with-SHA256 +ecdsa-with-Specified 3 : ecdsa-with-SHA384 +ecdsa-with-Specified 4 : ecdsa-with-SHA512 + +# SECG curve OIDs from "SEC 2: Recommended Elliptic Curve Domain Parameters" +# (http://www.secg.org/) +!Alias secg_ellipticCurve certicom-arc 0 +# SECG prime curves OIDs +secg-ellipticCurve 6 : secp112r1 +secg-ellipticCurve 7 : secp112r2 +secg-ellipticCurve 28 : secp128r1 +secg-ellipticCurve 29 : secp128r2 +secg-ellipticCurve 9 : secp160k1 +secg-ellipticCurve 8 : secp160r1 +secg-ellipticCurve 30 : secp160r2 +secg-ellipticCurve 31 : secp192k1 +# NOTE: the curve secp192r1 is the same as prime192v1 defined above +# and is therefore omitted +secg-ellipticCurve 32 : secp224k1 +secg-ellipticCurve 33 : secp224r1 +secg-ellipticCurve 10 : secp256k1 +# NOTE: the curve secp256r1 is the same as prime256v1 defined above +# and is therefore omitted +secg-ellipticCurve 34 : secp384r1 +secg-ellipticCurve 35 : secp521r1 +# SECG characteristic two curves OIDs +secg-ellipticCurve 4 : sect113r1 +secg-ellipticCurve 5 : sect113r2 +secg-ellipticCurve 22 : sect131r1 +secg-ellipticCurve 23 : sect131r2 +secg-ellipticCurve 1 : sect163k1 +secg-ellipticCurve 2 : sect163r1 +secg-ellipticCurve 15 : sect163r2 +secg-ellipticCurve 24 : sect193r1 +secg-ellipticCurve 25 : sect193r2 +secg-ellipticCurve 26 : sect233k1 +secg-ellipticCurve 27 : sect233r1 +secg-ellipticCurve 3 : sect239k1 +secg-ellipticCurve 16 : sect283k1 +secg-ellipticCurve 17 : sect283r1 +secg-ellipticCurve 36 : sect409k1 +secg-ellipticCurve 37 : sect409r1 +secg-ellipticCurve 38 : sect571k1 +secg-ellipticCurve 39 : sect571r1 + +# WAP/TLS curve OIDs (http://www.wapforum.org/) +!Alias wap-wsg-idm-ecid wap-wsg 4 +wap-wsg-idm-ecid 1 : wap-wsg-idm-ecid-wtls1 +wap-wsg-idm-ecid 3 : wap-wsg-idm-ecid-wtls3 +wap-wsg-idm-ecid 4 : wap-wsg-idm-ecid-wtls4 +wap-wsg-idm-ecid 5 : wap-wsg-idm-ecid-wtls5 +wap-wsg-idm-ecid 6 : wap-wsg-idm-ecid-wtls6 +wap-wsg-idm-ecid 7 : wap-wsg-idm-ecid-wtls7 +wap-wsg-idm-ecid 8 : wap-wsg-idm-ecid-wtls8 +wap-wsg-idm-ecid 9 : wap-wsg-idm-ecid-wtls9 +wap-wsg-idm-ecid 10 : wap-wsg-idm-ecid-wtls10 +wap-wsg-idm-ecid 11 : wap-wsg-idm-ecid-wtls11 +wap-wsg-idm-ecid 12 : wap-wsg-idm-ecid-wtls12 ISO-US 113533 7 66 10 : CAST5-CBC : cast5-cbc @@ -53,6 +151,10 @@ ISO-US 113533 7 66 10 : CAST5-CBC : cast5-cbc !Cname pbeWithMD5AndCast5-CBC ISO-US 113533 7 66 12 : : pbeWithMD5AndCast5CBC +# Macs for CMP and CRMF +ISO-US 113533 7 66 13 : id-PasswordBasedMAC : password based MAC +ISO-US 113533 7 66 30 : id-DHBasedMac : Diffie-Hellman based MAC + ISO-US 113549 : rsadsi : RSA Data Security, Inc. rsadsi 1 : pkcs : RSA Data Security, Inc. PKCS @@ -63,6 +165,15 @@ pkcs1 2 : RSA-MD2 : md2WithRSAEncryption pkcs1 3 : RSA-MD4 : md4WithRSAEncryption pkcs1 4 : RSA-MD5 : md5WithRSAEncryption pkcs1 5 : RSA-SHA1 : sha1WithRSAEncryption +# According to PKCS #1 version 2.1 +pkcs1 7 : RSAES-OAEP : rsaesOaep +pkcs1 8 : MGF1 : mgf1 +pkcs1 10 : RSASSA-PSS : rsassaPss + +pkcs1 11 : RSA-SHA256 : sha256WithRSAEncryption +pkcs1 12 : RSA-SHA384 : sha384WithRSAEncryption +pkcs1 13 : RSA-SHA512 : sha512WithRSAEncryption +pkcs1 14 : RSA-SHA224 : sha224WithRSAEncryption pkcs 3 : pkcs3 pkcs3 1 : : dhKeyAgreement @@ -144,6 +255,8 @@ id-smime-ct 5 : id-smime-ct-TDTInfo id-smime-ct 6 : id-smime-ct-contentInfo id-smime-ct 7 : id-smime-ct-DVCSRequestData id-smime-ct 8 : id-smime-ct-DVCSResponseData +id-smime-ct 9 : id-smime-ct-compressedData +id-smime-ct 27 : id-ct-asciiTextWithCRLF # S/MIME Attributes id-smime-aa 1 : id-smime-aa-receiptRequest @@ -190,6 +303,7 @@ id-smime-alg 4 : id-smime-alg-RC2wrap id-smime-alg 5 : id-smime-alg-ESDH id-smime-alg 6 : id-smime-alg-CMS3DESwrap id-smime-alg 7 : id-smime-alg-CMSRC2wrap +id-smime-alg 9 : id-alg-PWRI-KEK # S/MIME Certificate Distribution id-smime-cd 1 : id-smime-cd-ldap @@ -210,6 +324,7 @@ pkcs9 20 : : friendlyName pkcs9 21 : : localKeyID !Cname ms-csp-name 1 3 6 1 4 1 311 17 1 : CSPName : Microsoft CSP Name +1 3 6 1 4 1 311 17 2 : LocalKeySet : Microsoft Local Key set !Alias certTypes pkcs9 22 certTypes 1 : : x509Certificate certTypes 2 : : sdsiCertificate @@ -245,7 +360,15 @@ rsadsi 2 2 : MD2 : md2 rsadsi 2 4 : MD4 : md4 rsadsi 2 5 : MD5 : md5 : MD5-SHA1 : md5-sha1 +rsadsi 2 6 : : hmacWithMD5 rsadsi 2 7 : : hmacWithSHA1 + +# From RFC4231 +rsadsi 2 8 : : hmacWithSHA224 +rsadsi 2 9 : : hmacWithSHA256 +rsadsi 2 10 : : hmacWithSHA384 +rsadsi 2 11 : : hmacWithSHA512 + rsadsi 3 2 : RC2-CBC : rc2-cbc : RC2-ECB : rc2-ecb !Cname rc2-cfb64 @@ -276,6 +399,10 @@ rsadsi 3 8 : RC5-CBC : rc5-cbc 1 3 6 1 4 1 311 10 3 3 : msSGC : Microsoft Server Gated Crypto !Cname ms-efs 1 3 6 1 4 1 311 10 3 4 : msEFS : Microsoft Encrypted File System +!Cname ms-smartcard-login +1 3 6 1 4 1 311 20 2 2 : msSmartcardLogin : Microsoft Smartcardlogin +!Cname ms-upn +1 3 6 1 4 1 311 20 2 3 : msUPN : Microsoft Universal Principal Name 1 3 6 1 4 1 188 7 1 1 2 : IDEA-CBC : idea-cbc : IDEA-ECB : idea-ecb @@ -308,6 +435,7 @@ id-pkix 9 : id-pda id-pkix 10 : id-aca id-pkix 11 : id-qcs id-pkix 12 : id-cct +id-pkix 21 : id-ppl id-pkix 48 : id-ad # PKIX Modules @@ -336,12 +464,13 @@ id-pe 3 : qcStatements id-pe 4 : ac-auditEntity id-pe 5 : ac-targeting id-pe 6 : aaControls -id-pe 7 : sbqp-ipAddrBlock -id-pe 8 : sbqp-autonomousSysNum -id-pe 9 : sbqp-routerIdentifier +id-pe 7 : sbgp-ipAddrBlock +id-pe 8 : sbgp-autonomousSysNum +id-pe 9 : sbgp-routerIdentifier id-pe 10 : ac-proxying !Cname sinfo-access id-pe 11 : subjectInfoAccess : Subject Information Access +id-pe 14 : proxyCertInfo : Proxy Certificate Information # PKIX policyQualifiers for Internet policy qualifiers id-qt 1 : id-qt-cps : Policy Qualifier CPS @@ -385,6 +514,7 @@ id-it 12 : id-it-revPassphrase id-it 13 : id-it-implicitConfirm id-it 14 : id-it-confirmWaitTime id-it 15 : id-it-origPKIMessage +id-it 16 : id-it-suppLangTags # CRMF registration id-pkip 1 : id-regCtrl @@ -432,6 +562,7 @@ id-cmc 24 : id-cmc-confirmCertAcceptance # other names id-on 1 : id-on-personalData +id-on 3 : id-on-permanentIdentifier : Permanent Identifier # personal data attributes id-pda 1 : id-pda-dateOfBirth @@ -457,6 +588,11 @@ id-cct 1 : id-cct-crs id-cct 2 : id-cct-PKIData id-cct 3 : id-cct-PKIResponse +# Predefined Proxy Certificate policy languages +id-ppl 0 : id-ppl-anyLanguage : Any language +id-ppl 1 : id-ppl-inheritAll : Inherit all +id-ppl 2 : id-ppl-independent : Independent + # access descriptors for authority info access extension !Cname ad-OCSP id-ad 1 : OCSP : OCSP @@ -466,6 +602,7 @@ id-ad 2 : caIssuers : CA Issuers id-ad 3 : ad_timestamping : AD Time Stamping !Cname ad-dvcs id-ad 4 : AD_DVCS : ad dvcs +id-ad 5 : caRepository : CA Repository !Alias id-pkix-OCSP ad-OCSP @@ -532,16 +669,53 @@ X509 5 : : serialNumber X509 6 : C : countryName X509 7 : L : localityName X509 8 : ST : stateOrProvinceName +X509 9 : street : streetAddress X509 10 : O : organizationName X509 11 : OU : organizationalUnitName -X509 12 : : title +X509 12 : title : title X509 13 : : description +X509 14 : : searchGuide +X509 15 : : businessCategory +X509 16 : : postalAddress +X509 17 : : postalCode +X509 18 : : postOfficeBox +X509 19 : : physicalDeliveryOfficeName +X509 20 : : telephoneNumber +X509 21 : : telexNumber +X509 22 : : teletexTerminalIdentifier +X509 23 : : facsimileTelephoneNumber +X509 24 : : x121Address +X509 25 : : internationaliSDNNumber +X509 26 : : registeredAddress +X509 27 : : destinationIndicator +X509 28 : : preferredDeliveryMethod +X509 29 : : presentationAddress +X509 30 : : supportedApplicationContext +X509 31 : member : +X509 32 : owner : +X509 33 : : roleOccupant +X509 34 : seeAlso : +X509 35 : : userPassword +X509 36 : : userCertificate +X509 37 : : cACertificate +X509 38 : : authorityRevocationList +X509 39 : : certificateRevocationList +X509 40 : : crossCertificatePair X509 41 : name : name -X509 42 : gn : givenName -X509 43 : : initials +X509 42 : GN : givenName +X509 43 : initials : initials X509 44 : : generationQualifier X509 45 : : x500UniqueIdentifier X509 46 : dnQualifier : dnQualifier +X509 47 : : enhancedSearchGuide +X509 48 : : protocolInformation +X509 49 : : distinguishedName +X509 50 : : uniqueMember +X509 51 : : houseIdentifier +X509 52 : : supportedAlgorithms +X509 53 : : deltaRevocationList +X509 54 : dmdName : +X509 65 : : pseudonym X509 72 : role : role X500 8 : X500algorithms : directory services - algorithms @@ -550,6 +724,8 @@ X500algorithms 3 100 : RSA-MDC2 : mdc2WithRSA X500algorithms 3 101 : MDC2 : mdc2 X500 29 : id-ce +!Cname subject-directory-attributes +id-ce 9 : subjectDirectoryAttributes : X509v3 Subject Directory Attributes !Cname subject-key-identifier id-ce 14 : subjectKeyIdentifier : X509v3 Subject Key Identifier !Cname key-usage @@ -570,21 +746,39 @@ id-ce 21 : CRLReason : X509v3 CRL Reason Code id-ce 24 : invalidityDate : Invalidity Date !Cname delta-crl id-ce 27 : deltaCRL : X509v3 Delta CRL Indicator +!Cname issuing-distribution-point +id-ce 28 : issuingDistributionPoint : X509v3 Issuing Distribution Point +!Cname certificate-issuer +id-ce 29 : certificateIssuer : X509v3 Certificate Issuer +!Cname name-constraints +id-ce 30 : nameConstraints : X509v3 Name Constraints !Cname crl-distribution-points id-ce 31 : crlDistributionPoints : X509v3 CRL Distribution Points !Cname certificate-policies id-ce 32 : certificatePolicies : X509v3 Certificate Policies +!Cname any-policy +certificate-policies 0 : anyPolicy : X509v3 Any Policy +!Cname policy-mappings +id-ce 33 : policyMappings : X509v3 Policy Mappings !Cname authority-key-identifier id-ce 35 : authorityKeyIdentifier : X509v3 Authority Key Identifier !Cname policy-constraints id-ce 36 : policyConstraints : X509v3 Policy Constraints !Cname ext-key-usage id-ce 37 : extendedKeyUsage : X509v3 Extended Key Usage +!Cname freshest-crl +id-ce 46 : freshestCRL : X509v3 Freshest CRL +!Cname inhibit-any-policy +id-ce 54 : inhibitAnyPolicy : X509v3 Inhibit Any Policy !Cname target-information id-ce 55 : targetInformation : X509v3 AC Targeting !Cname no-rev-avail id-ce 56 : noRevAvail : X509v3 No Revocation Available +# From RFC5280 +ext-key-usage 0 : anyExtendedKeyUsage : Any Extended Key Usage + + !Cname netscape 2 16 840 1 113730 : Netscape : Netscape Communications Corp. !Cname netscape-cert-extension @@ -636,6 +830,12 @@ Private 1 : enterprises : Enterprises # RFC 2247 Enterprises 1466 344 : dcobject : dcObject +# Extended Validation +!Alias extendedValidation Enterprises 311 60 +extendedValidation 2 1 1 : : jurisdictionLocalityName +extendedValidation 2 1 2 : : jurisdictionStateOrProvinceName +extendedValidation 2 1 3 : : jurisdictionCountryName + # RFC 1495 Mail 1 : mime-mhs : MIME MHS mime-mhs 1 : mime-mhs-headings : mime-mhs-headings @@ -647,7 +847,7 @@ mime-mhs-headings 2 : id-hex-multipart-message : id-hex-multipart-message !Cname rle-compression 1 1 1 1 666 1 : RLE : run length compression !Cname zlib-compression -1 1 1 1 666 2 : ZLIB : zlib compression +id-smime-alg 8 : ZLIB : zlib compression # AES aka Rijndael @@ -661,6 +861,10 @@ aes 2 : AES-128-CBC : aes-128-cbc aes 3 : AES-128-OFB : aes-128-ofb !Cname aes-128-cfb128 aes 4 : AES-128-CFB : aes-128-cfb +aes 5 : id-aes128-wrap +aes 6 : id-aes128-GCM : aes-128-gcm +aes 7 : id-aes128-CCM : aes-128-ccm +aes 8 : id-aes128-wrap-pad aes 21 : AES-192-ECB : aes-192-ecb aes 22 : AES-192-CBC : aes-192-cbc @@ -668,6 +872,10 @@ aes 22 : AES-192-CBC : aes-192-cbc aes 23 : AES-192-OFB : aes-192-ofb !Cname aes-192-cfb128 aes 24 : AES-192-CFB : aes-192-cfb +aes 25 : id-aes192-wrap +aes 26 : id-aes192-GCM : aes-192-gcm +aes 27 : id-aes192-CCM : aes-192-ccm +aes 28 : id-aes192-wrap-pad aes 41 : AES-256-ECB : aes-256-ecb aes 42 : AES-256-CBC : aes-256-cbc @@ -675,6 +883,40 @@ aes 42 : AES-256-CBC : aes-256-cbc aes 43 : AES-256-OFB : aes-256-ofb !Cname aes-256-cfb128 aes 44 : AES-256-CFB : aes-256-cfb +aes 45 : id-aes256-wrap +aes 46 : id-aes256-GCM : aes-256-gcm +aes 47 : id-aes256-CCM : aes-256-ccm +aes 48 : id-aes256-wrap-pad + +# There are no OIDs for these modes... + + : AES-128-CFB1 : aes-128-cfb1 + : AES-192-CFB1 : aes-192-cfb1 + : AES-256-CFB1 : aes-256-cfb1 + : AES-128-CFB8 : aes-128-cfb8 + : AES-192-CFB8 : aes-192-cfb8 + : AES-256-CFB8 : aes-256-cfb8 + : AES-128-CTR : aes-128-ctr + : AES-192-CTR : aes-192-ctr + : AES-256-CTR : aes-256-ctr + : AES-128-XTS : aes-128-xts + : AES-256-XTS : aes-256-xts + : DES-CFB1 : des-cfb1 + : DES-CFB8 : des-cfb8 + : DES-EDE3-CFB1 : des-ede3-cfb1 + : DES-EDE3-CFB8 : des-ede3-cfb8 + +# OIDs for SHA224, SHA256, SHA385 and SHA512, according to x9.84. +!Alias nist_hashalgs nistAlgorithms 2 +nist_hashalgs 1 : SHA256 : sha256 +nist_hashalgs 2 : SHA384 : sha384 +nist_hashalgs 3 : SHA512 : sha512 +nist_hashalgs 4 : SHA224 : sha224 + +# OIDs for dsa-with-sha224 and dsa-with-sha256 +!Alias dsa_with_sha2 nistAlgorithms 3 +dsa_with_sha2 1 : dsa_with_SHA224 +dsa_with_sha2 2 : dsa_with_SHA256 # Hold instruction CRL entry extension !Cname hold-instruction-code @@ -687,9 +929,9 @@ holdInstruction 2 : holdInstructionCallIssuer : Hold Instruction Call Issuer !Cname hold-instruction-reject holdInstruction 3 : holdInstructionReject : Hold Instruction Reject -# OID's from CCITT. Most of this is defined in RFC 1274. A couple of +# OID's from ITU-T. Most of this is defined in RFC 1274. A couple of # them are also mentioned in RFC 2247 -ccitt 9 : data +itu-t 9 : data data 2342 : pss pss 19200300 : ucl ucl 100 : pilot @@ -762,3 +1004,381 @@ pilotAttributeType 53 : : personalSignature pilotAttributeType 54 : : dITRedirect pilotAttributeType 55 : audio pilotAttributeType 56 : : documentPublisher + +international-organizations 42 : id-set : Secure Electronic Transactions + +id-set 0 : set-ctype : content types +id-set 1 : set-msgExt : message extensions +id-set 3 : set-attr +id-set 5 : set-policy +id-set 7 : set-certExt : certificate extensions +id-set 8 : set-brand + +set-ctype 0 : setct-PANData +set-ctype 1 : setct-PANToken +set-ctype 2 : setct-PANOnly +set-ctype 3 : setct-OIData +set-ctype 4 : setct-PI +set-ctype 5 : setct-PIData +set-ctype 6 : setct-PIDataUnsigned +set-ctype 7 : setct-HODInput +set-ctype 8 : setct-AuthResBaggage +set-ctype 9 : setct-AuthRevReqBaggage +set-ctype 10 : setct-AuthRevResBaggage +set-ctype 11 : setct-CapTokenSeq +set-ctype 12 : setct-PInitResData +set-ctype 13 : setct-PI-TBS +set-ctype 14 : setct-PResData +set-ctype 16 : setct-AuthReqTBS +set-ctype 17 : setct-AuthResTBS +set-ctype 18 : setct-AuthResTBSX +set-ctype 19 : setct-AuthTokenTBS +set-ctype 20 : setct-CapTokenData +set-ctype 21 : setct-CapTokenTBS +set-ctype 22 : setct-AcqCardCodeMsg +set-ctype 23 : setct-AuthRevReqTBS +set-ctype 24 : setct-AuthRevResData +set-ctype 25 : setct-AuthRevResTBS +set-ctype 26 : setct-CapReqTBS +set-ctype 27 : setct-CapReqTBSX +set-ctype 28 : setct-CapResData +set-ctype 29 : setct-CapRevReqTBS +set-ctype 30 : setct-CapRevReqTBSX +set-ctype 31 : setct-CapRevResData +set-ctype 32 : setct-CredReqTBS +set-ctype 33 : setct-CredReqTBSX +set-ctype 34 : setct-CredResData +set-ctype 35 : setct-CredRevReqTBS +set-ctype 36 : setct-CredRevReqTBSX +set-ctype 37 : setct-CredRevResData +set-ctype 38 : setct-PCertReqData +set-ctype 39 : setct-PCertResTBS +set-ctype 40 : setct-BatchAdminReqData +set-ctype 41 : setct-BatchAdminResData +set-ctype 42 : setct-CardCInitResTBS +set-ctype 43 : setct-MeAqCInitResTBS +set-ctype 44 : setct-RegFormResTBS +set-ctype 45 : setct-CertReqData +set-ctype 46 : setct-CertReqTBS +set-ctype 47 : setct-CertResData +set-ctype 48 : setct-CertInqReqTBS +set-ctype 49 : setct-ErrorTBS +set-ctype 50 : setct-PIDualSignedTBE +set-ctype 51 : setct-PIUnsignedTBE +set-ctype 52 : setct-AuthReqTBE +set-ctype 53 : setct-AuthResTBE +set-ctype 54 : setct-AuthResTBEX +set-ctype 55 : setct-AuthTokenTBE +set-ctype 56 : setct-CapTokenTBE +set-ctype 57 : setct-CapTokenTBEX +set-ctype 58 : setct-AcqCardCodeMsgTBE +set-ctype 59 : setct-AuthRevReqTBE +set-ctype 60 : setct-AuthRevResTBE +set-ctype 61 : setct-AuthRevResTBEB +set-ctype 62 : setct-CapReqTBE +set-ctype 63 : setct-CapReqTBEX +set-ctype 64 : setct-CapResTBE +set-ctype 65 : setct-CapRevReqTBE +set-ctype 66 : setct-CapRevReqTBEX +set-ctype 67 : setct-CapRevResTBE +set-ctype 68 : setct-CredReqTBE +set-ctype 69 : setct-CredReqTBEX +set-ctype 70 : setct-CredResTBE +set-ctype 71 : setct-CredRevReqTBE +set-ctype 72 : setct-CredRevReqTBEX +set-ctype 73 : setct-CredRevResTBE +set-ctype 74 : setct-BatchAdminReqTBE +set-ctype 75 : setct-BatchAdminResTBE +set-ctype 76 : setct-RegFormReqTBE +set-ctype 77 : setct-CertReqTBE +set-ctype 78 : setct-CertReqTBEX +set-ctype 79 : setct-CertResTBE +set-ctype 80 : setct-CRLNotificationTBS +set-ctype 81 : setct-CRLNotificationResTBS +set-ctype 82 : setct-BCIDistributionTBS + +set-msgExt 1 : setext-genCrypt : generic cryptogram +set-msgExt 3 : setext-miAuth : merchant initiated auth +set-msgExt 4 : setext-pinSecure +set-msgExt 5 : setext-pinAny +set-msgExt 7 : setext-track2 +set-msgExt 8 : setext-cv : additional verification + +set-policy 0 : set-policy-root + +set-certExt 0 : setCext-hashedRoot +set-certExt 1 : setCext-certType +set-certExt 2 : setCext-merchData +set-certExt 3 : setCext-cCertRequired +set-certExt 4 : setCext-tunneling +set-certExt 5 : setCext-setExt +set-certExt 6 : setCext-setQualf +set-certExt 7 : setCext-PGWYcapabilities +set-certExt 8 : setCext-TokenIdentifier +set-certExt 9 : setCext-Track2Data +set-certExt 10 : setCext-TokenType +set-certExt 11 : setCext-IssuerCapabilities + +set-attr 0 : setAttr-Cert +set-attr 1 : setAttr-PGWYcap : payment gateway capabilities +set-attr 2 : setAttr-TokenType +set-attr 3 : setAttr-IssCap : issuer capabilities + +setAttr-Cert 0 : set-rootKeyThumb +setAttr-Cert 1 : set-addPolicy + +setAttr-TokenType 1 : setAttr-Token-EMV +setAttr-TokenType 2 : setAttr-Token-B0Prime + +setAttr-IssCap 3 : setAttr-IssCap-CVM +setAttr-IssCap 4 : setAttr-IssCap-T2 +setAttr-IssCap 5 : setAttr-IssCap-Sig + +setAttr-IssCap-CVM 1 : setAttr-GenCryptgrm : generate cryptogram +setAttr-IssCap-T2 1 : setAttr-T2Enc : encrypted track 2 +setAttr-IssCap-T2 2 : setAttr-T2cleartxt : cleartext track 2 + +setAttr-IssCap-Sig 1 : setAttr-TokICCsig : ICC or token signature +setAttr-IssCap-Sig 2 : setAttr-SecDevSig : secure device signature + +set-brand 1 : set-brand-IATA-ATA +set-brand 30 : set-brand-Diners +set-brand 34 : set-brand-AmericanExpress +set-brand 35 : set-brand-JCB +set-brand 4 : set-brand-Visa +set-brand 5 : set-brand-MasterCard +set-brand 6011 : set-brand-Novus + +rsadsi 3 10 : DES-CDMF : des-cdmf +rsadsi 1 1 6 : rsaOAEPEncryptionSET + + : Oakley-EC2N-3 : ipsec3 + : Oakley-EC2N-4 : ipsec4 + +iso 0 10118 3 0 55 : whirlpool + +# GOST OIDs + +member-body 643 2 2 : cryptopro +member-body 643 2 9 : cryptocom + +cryptopro 3 : id-GostR3411-94-with-GostR3410-2001 : GOST R 34.11-94 with GOST R 34.10-2001 +cryptopro 4 : id-GostR3411-94-with-GostR3410-94 : GOST R 34.11-94 with GOST R 34.10-94 +!Cname id-GostR3411-94 +cryptopro 9 : md_gost94 : GOST R 34.11-94 +cryptopro 10 : id-HMACGostR3411-94 : HMAC GOST 34.11-94 +!Cname id-GostR3410-2001 +cryptopro 19 : gost2001 : GOST R 34.10-2001 +!Cname id-GostR3410-94 +cryptopro 20 : gost94 : GOST R 34.10-94 +!Cname id-Gost28147-89 +cryptopro 21 : gost89 : GOST 28147-89 + : gost89-cnt +!Cname id-Gost28147-89-MAC +cryptopro 22 : gost-mac : GOST 28147-89 MAC +!Cname id-GostR3411-94-prf +cryptopro 23 : prf-gostr3411-94 : GOST R 34.11-94 PRF +cryptopro 98 : id-GostR3410-2001DH : GOST R 34.10-2001 DH +cryptopro 99 : id-GostR3410-94DH : GOST R 34.10-94 DH + +cryptopro 14 1 : id-Gost28147-89-CryptoPro-KeyMeshing +cryptopro 14 0 : id-Gost28147-89-None-KeyMeshing + +# GOST parameter set OIDs + +cryptopro 30 0 : id-GostR3411-94-TestParamSet +cryptopro 30 1 : id-GostR3411-94-CryptoProParamSet + +cryptopro 31 0 : id-Gost28147-89-TestParamSet +cryptopro 31 1 : id-Gost28147-89-CryptoPro-A-ParamSet +cryptopro 31 2 : id-Gost28147-89-CryptoPro-B-ParamSet +cryptopro 31 3 : id-Gost28147-89-CryptoPro-C-ParamSet +cryptopro 31 4 : id-Gost28147-89-CryptoPro-D-ParamSet +cryptopro 31 5 : id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet +cryptopro 31 6 : id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet +cryptopro 31 7 : id-Gost28147-89-CryptoPro-RIC-1-ParamSet + +cryptopro 32 0 : id-GostR3410-94-TestParamSet +cryptopro 32 2 : id-GostR3410-94-CryptoPro-A-ParamSet +cryptopro 32 3 : id-GostR3410-94-CryptoPro-B-ParamSet +cryptopro 32 4 : id-GostR3410-94-CryptoPro-C-ParamSet +cryptopro 32 5 : id-GostR3410-94-CryptoPro-D-ParamSet + +cryptopro 33 1 : id-GostR3410-94-CryptoPro-XchA-ParamSet +cryptopro 33 2 : id-GostR3410-94-CryptoPro-XchB-ParamSet +cryptopro 33 3 : id-GostR3410-94-CryptoPro-XchC-ParamSet + +cryptopro 35 0 : id-GostR3410-2001-TestParamSet +cryptopro 35 1 : id-GostR3410-2001-CryptoPro-A-ParamSet +cryptopro 35 2 : id-GostR3410-2001-CryptoPro-B-ParamSet +cryptopro 35 3 : id-GostR3410-2001-CryptoPro-C-ParamSet + +cryptopro 36 0 : id-GostR3410-2001-CryptoPro-XchA-ParamSet +cryptopro 36 1 : id-GostR3410-2001-CryptoPro-XchB-ParamSet + +id-GostR3410-94 1 : id-GostR3410-94-a +id-GostR3410-94 2 : id-GostR3410-94-aBis +id-GostR3410-94 3 : id-GostR3410-94-b +id-GostR3410-94 4 : id-GostR3410-94-bBis + +# Cryptocom LTD GOST OIDs + +cryptocom 1 6 1 : id-Gost28147-89-cc : GOST 28147-89 Cryptocom ParamSet +!Cname id-GostR3410-94-cc +cryptocom 1 5 3 : gost94cc : GOST 34.10-94 Cryptocom +!Cname id-GostR3410-2001-cc +cryptocom 1 5 4 : gost2001cc : GOST 34.10-2001 Cryptocom + +cryptocom 1 3 3 : id-GostR3411-94-with-GostR3410-94-cc : GOST R 34.11-94 with GOST R 34.10-94 Cryptocom +cryptocom 1 3 4 : id-GostR3411-94-with-GostR3410-2001-cc : GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom + +cryptocom 1 8 1 : id-GostR3410-2001-ParamSet-cc : GOST R 3410-2001 Parameter Set Cryptocom + +# Definitions for SM3 + +1 2 156 10197 1 401 : SM3 : sm3 +1 2 156 10197 1 504 : RSA-SM3 : sm3WithRSAEncryption + +# Definitions for Camellia cipher - CBC MODE + +1 2 392 200011 61 1 1 1 2 : CAMELLIA-128-CBC : camellia-128-cbc +1 2 392 200011 61 1 1 1 3 : CAMELLIA-192-CBC : camellia-192-cbc +1 2 392 200011 61 1 1 1 4 : CAMELLIA-256-CBC : camellia-256-cbc +1 2 392 200011 61 1 1 3 2 : id-camellia128-wrap +1 2 392 200011 61 1 1 3 3 : id-camellia192-wrap +1 2 392 200011 61 1 1 3 4 : id-camellia256-wrap + +# Definitions for Camellia cipher - ECB, CFB, OFB MODE + +!Alias ntt-ds 0 3 4401 5 +!Alias camellia ntt-ds 3 1 9 + +camellia 1 : CAMELLIA-128-ECB : camellia-128-ecb +!Cname camellia-128-ofb128 +camellia 3 : CAMELLIA-128-OFB : camellia-128-ofb +!Cname camellia-128-cfb128 +camellia 4 : CAMELLIA-128-CFB : camellia-128-cfb + +camellia 21 : CAMELLIA-192-ECB : camellia-192-ecb +!Cname camellia-192-ofb128 +camellia 23 : CAMELLIA-192-OFB : camellia-192-ofb +!Cname camellia-192-cfb128 +camellia 24 : CAMELLIA-192-CFB : camellia-192-cfb + +camellia 41 : CAMELLIA-256-ECB : camellia-256-ecb +!Cname camellia-256-ofb128 +camellia 43 : CAMELLIA-256-OFB : camellia-256-ofb +!Cname camellia-256-cfb128 +camellia 44 : CAMELLIA-256-CFB : camellia-256-cfb + +# There are no OIDs for these modes... + + : CAMELLIA-128-CFB1 : camellia-128-cfb1 + : CAMELLIA-192-CFB1 : camellia-192-cfb1 + : CAMELLIA-256-CFB1 : camellia-256-cfb1 + : CAMELLIA-128-CFB8 : camellia-128-cfb8 + : CAMELLIA-192-CFB8 : camellia-192-cfb8 + : CAMELLIA-256-CFB8 : camellia-256-cfb8 + +# Definitions for SEED cipher - ECB, CBC, OFB mode + +member-body 410 200004 : KISA : kisa +kisa 1 3 : SEED-ECB : seed-ecb +kisa 1 4 : SEED-CBC : seed-cbc +!Cname seed-cfb128 +kisa 1 5 : SEED-CFB : seed-cfb +!Cname seed-ofb128 +kisa 1 6 : SEED-OFB : seed-ofb + +# Definitions for SM4 cipher + +member-body 156 : ISO-CN : ISO CN Member Body +ISO-CN 10197 : oscca +oscca 1 : sm-scheme + +sm-scheme 104 1 : SM4-ECB : sm4-ecb +sm-scheme 104 2 : SM4-CBC : sm4-cbc +!Cname sm4-ofb128 +sm-scheme 104 3 : SM4-OFB : sm4-ofb +!Cname sm4-cfb128 +sm-scheme 104 4 : SM4-CFB : sm4-cfb +sm-scheme 104 5 : SM4-CFB1 : sm4-cfb1 +sm-scheme 104 6 : SM4-CFB8 : sm4-cfb8 +sm-scheme 104 7 : SM4-CTR : sm4-ctr + +# Definitions for SM2 + +sm-scheme 301 : SM2 : sm2 + +# There is no OID that just denotes "HMAC" oddly enough... + + : HMAC : hmac +# Nor CMAC either + : CMAC : cmac + +# Synthetic composite ciphersuites + : RC4-HMAC-MD5 : rc4-hmac-md5 + : AES-128-CBC-HMAC-SHA1 : aes-128-cbc-hmac-sha1 + : AES-192-CBC-HMAC-SHA1 : aes-192-cbc-hmac-sha1 + : AES-256-CBC-HMAC-SHA1 : aes-256-cbc-hmac-sha1 + +identified-organization 36 : teletrust +teletrust 3 3 2 8 1 : brainpool +brainpool 1 1 : brainpoolP160r1 +brainpool 1 2 : brainpoolP160t1 +brainpool 1 3 : brainpoolP192r1 +brainpool 1 4 : brainpoolP192t1 +brainpool 1 5 : brainpoolP224r1 +brainpool 1 6 : brainpoolP224t1 +brainpool 1 7 : brainpoolP256r1 +brainpool 1 8 : brainpoolP256t1 +brainpool 1 9 : brainpoolP320r1 +brainpool 1 10 : brainpoolP320t1 +brainpool 1 11 : brainpoolP384r1 +brainpool 1 12 : brainpoolP384t1 +brainpool 1 13 : brainpoolP512r1 +brainpool 1 14 : brainpoolP512t1 + +1 2 250 1 223 101 256 1 : FRP256v1 + +# ChaCha Stream Cipher +!Cname chacha20 + : ChaCha : chacha + + : ChaCha20-Poly1305 : chacha20-poly1305 + + : gost89-ecb + : gost89-cbc + +member-body 643 7 1 : tc26 +!Cname id-tc26-gost3411-2012-256 +tc26 1 2 2 : streebog256 : GOST R 34.11-2012 (256 bit) +!Cname id-tc26-gost3411-2012-512 +tc26 1 2 3 : streebog512 : GOST R 34-11-2012 (512 bit) +tc26 2 1 2 1 : id-tc26-gost-3410-2012-512-paramSetA +tc26 2 1 2 2 : id-tc26-gost-3410-2012-512-paramSetB +tc26 2 5 1 1 : id-tc26-gost-28147-param-Z +tc26 1 1 1 : id-tc26-gost3410-2012-256 : GOST R 34.10-2012 (256 bit) +tc26 1 1 2 : id-tc26-gost3410-2012-512 : GOST R 34.10-2012 (512 bit) +tc26 1 3 2 : id-tc26-signwithdigest-gost3410-2012-256 : GOST R 34.11-2012 with GOST R 34.10-2012 (256 bit) +tc26 1 3 3 : id-tc26-signwithdigest-gost3410-2012-512 : GOST R 34.11-2012 with GOST R 34.10-2012 (512 bit) + +# Curves from draft-ietf-curdle-pkix-02 +1 3 101 110 : X25519 +1 3 101 111 : X448 +1 3 101 112 : Ed25519 +1 3 101 113 : Ed448 +1 3 101 114 : Ed25519ph +1 3 101 115 : Ed448ph + +# TLS cipher suite key exchange + : KxRSA : kx-rsa + : KxECDHE : kx-ecdhe + : KxDHE : kx-dhe + : KxGOST : kx-gost + +# TLS cipher suite authentication + : AuthRSA : auth-rsa + : AuthECDSA : auth-ecdsa + : AuthGOST01 : auth-gost01 + : AuthNULL : auth-null diff --git a/src/lib/libcrypto/objects/objxref.pl b/src/lib/libcrypto/objects/objxref.pl new file mode 100644 index 00000000000..731d3ae22c2 --- /dev/null +++ b/src/lib/libcrypto/objects/objxref.pl @@ -0,0 +1,107 @@ +#!/usr/local/bin/perl + +use strict; + +my %xref_tbl; +my %oid_tbl; + +my ($mac_file, $xref_file) = @ARGV; + +open(IN, $mac_file) || die "Can't open $mac_file"; + +# Read in OID nid values for a lookup table. + +while () + { + chomp; + my ($name, $num) = /^(\S+)\s+(\S+)$/; + $oid_tbl{$name} = $num; + } +close IN; + +open(IN, $xref_file) || die "Can't open $xref_file"; + +my $ln = 1; + +while () + { + chomp; + s/#.*$//; + next if (/^\S*$/); + my ($xr, $p1, $p2) = /^(\S+)\s+(\S+)\s+(\S+)/; + check_oid($xr); + check_oid($p1); + check_oid($p2); + $xref_tbl{$xr} = [$p1, $p2, $ln]; + } + +my @xrkeys = keys %xref_tbl; + +my @srt1 = sort { $oid_tbl{$a} <=> $oid_tbl{$b}} @xrkeys; + +for(my $i = 0; $i <= $#srt1; $i++) + { + $xref_tbl{$srt1[$i]}[2] = $i; + } + +my @srt2 = sort + { + my$ap1 = $oid_tbl{$xref_tbl{$a}[0]}; + my$bp1 = $oid_tbl{$xref_tbl{$b}[0]}; + return $ap1 - $bp1 if ($ap1 != $bp1); + my$ap2 = $oid_tbl{$xref_tbl{$a}[1]}; + my$bp2 = $oid_tbl{$xref_tbl{$b}[1]}; + + return $ap2 - $bp2; + } @xrkeys; + +my $pname = $0; + +$pname =~ s|^.[^/]/||; + +print <> $(TOP)/MINFO - -links: - @sh $(TOP)/util/point.sh Makefile.ssl Makefile - $(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) - $(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) - $(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) - -install: - @for i in $(EXHEADER) ; \ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; - -tags: - ctags $(SRC) - -tests: - -lint: - lint -DLINT $(INCLUDES) $(SRC)>fluff - -depend: - $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC) - -dclean: - $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new - mv -f Makefile.new $(MAKEFILE) - -clean: - rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff - -# DO NOT DELETE THIS LINE -- make depend depends on it. - -ocsp_asn.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -ocsp_asn.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -ocsp_asn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h -ocsp_asn.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -ocsp_asn.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -ocsp_asn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -ocsp_asn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -ocsp_asn.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h -ocsp_asn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ocsp_asn.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -ocsp_asn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -ocsp_asn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -ocsp_asn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -ocsp_asn.o: ../../include/openssl/x509v3.h ocsp_asn.c -ocsp_cl.o: ../../e_os.h ../../include/openssl/asn1.h -ocsp_cl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -ocsp_cl.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h -ocsp_cl.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -ocsp_cl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -ocsp_cl.o: ../../include/openssl/err.h ../../include/openssl/evp.h -ocsp_cl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -ocsp_cl.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h -ocsp_cl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -ocsp_cl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h -ocsp_cl.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h -ocsp_cl.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -ocsp_cl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -ocsp_cl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -ocsp_cl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -ocsp_cl.o: ../../include/openssl/x509v3.h ../cryptlib.h ocsp_cl.c -ocsp_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ocsp_err.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -ocsp_err.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -ocsp_err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -ocsp_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -ocsp_err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -ocsp_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -ocsp_err.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h -ocsp_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ocsp_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -ocsp_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -ocsp_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -ocsp_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -ocsp_err.o: ../../include/openssl/x509v3.h ocsp_err.c -ocsp_ext.o: ../../e_os.h ../../include/openssl/asn1.h -ocsp_ext.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -ocsp_ext.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h -ocsp_ext.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -ocsp_ext.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -ocsp_ext.o: ../../include/openssl/err.h ../../include/openssl/evp.h -ocsp_ext.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -ocsp_ext.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h -ocsp_ext.o: ../../include/openssl/opensslconf.h -ocsp_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ocsp_ext.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -ocsp_ext.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -ocsp_ext.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -ocsp_ext.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -ocsp_ext.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -ocsp_ext.o: ../cryptlib.h ocsp_ext.c -ocsp_ht.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ocsp_ht.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -ocsp_ht.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -ocsp_ht.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -ocsp_ht.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -ocsp_ht.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -ocsp_ht.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -ocsp_ht.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h -ocsp_ht.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ocsp_ht.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -ocsp_ht.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -ocsp_ht.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -ocsp_ht.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -ocsp_ht.o: ../../include/openssl/x509v3.h ocsp_ht.c -ocsp_lib.o: ../../e_os.h ../../include/openssl/asn1.h -ocsp_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -ocsp_lib.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h -ocsp_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -ocsp_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -ocsp_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h -ocsp_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -ocsp_lib.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h -ocsp_lib.o: ../../include/openssl/opensslconf.h -ocsp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ocsp_lib.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h -ocsp_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -ocsp_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -ocsp_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -ocsp_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -ocsp_lib.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -ocsp_lib.o: ../cryptlib.h ocsp_lib.c -ocsp_prn.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ocsp_prn.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -ocsp_prn.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -ocsp_prn.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -ocsp_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -ocsp_prn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -ocsp_prn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -ocsp_prn.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h -ocsp_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ocsp_prn.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h -ocsp_prn.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -ocsp_prn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -ocsp_prn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -ocsp_prn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -ocsp_prn.o: ../../include/openssl/x509v3.h ocsp_prn.c -ocsp_srv.o: ../../e_os.h ../../include/openssl/asn1.h -ocsp_srv.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -ocsp_srv.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h -ocsp_srv.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -ocsp_srv.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -ocsp_srv.o: ../../include/openssl/err.h ../../include/openssl/evp.h -ocsp_srv.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -ocsp_srv.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h -ocsp_srv.o: ../../include/openssl/opensslconf.h -ocsp_srv.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ocsp_srv.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h -ocsp_srv.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -ocsp_srv.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -ocsp_srv.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -ocsp_srv.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -ocsp_srv.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -ocsp_srv.o: ../cryptlib.h ocsp_srv.c -ocsp_vfy.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ocsp_vfy.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -ocsp_vfy.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -ocsp_vfy.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -ocsp_vfy.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -ocsp_vfy.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -ocsp_vfy.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -ocsp_vfy.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h -ocsp_vfy.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -ocsp_vfy.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -ocsp_vfy.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -ocsp_vfy.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -ocsp_vfy.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -ocsp_vfy.o: ../../include/openssl/x509v3.h ocsp_vfy.c diff --git a/src/lib/libcrypto/ocsp/ocsp.h b/src/lib/libcrypto/ocsp/ocsp.h index fab3c031821..316fb8ed937 100644 --- a/src/lib/libcrypto/ocsp/ocsp.h +++ b/src/lib/libcrypto/ocsp/ocsp.h @@ -1,4 +1,4 @@ -/* ocsp.h */ +/* $OpenBSD: ocsp.h,v 1.16 2018/08/24 20:03:21 tb Exp $ */ /* Written by Tom Titchener for the OpenSSL * project. */ @@ -15,7 +15,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -64,6 +64,7 @@ #ifndef HEADER_OCSP_H #define HEADER_OCSP_H +#include #include #include #include @@ -95,13 +96,12 @@ extern "C" { * issuerKeyHash OCTET STRING, -- Hash of Issuers public key (excluding the tag & length fields) * serialNumber CertificateSerialNumber } */ -typedef struct ocsp_cert_id_st - { +typedef struct ocsp_cert_id_st { X509_ALGOR *hashAlgorithm; ASN1_OCTET_STRING *issuerNameHash; ASN1_OCTET_STRING *issuerKeyHash; ASN1_INTEGER *serialNumber; - } OCSP_CERTID; +} OCSP_CERTID; DECLARE_STACK_OF(OCSP_CERTID) @@ -109,14 +109,12 @@ DECLARE_STACK_OF(OCSP_CERTID) * reqCert CertID, * singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL } */ -typedef struct ocsp_one_request_st - { +typedef struct ocsp_one_request_st { OCSP_CERTID *reqCert; STACK_OF(X509_EXTENSION) *singleRequestExtensions; - } OCSP_ONEREQ; +} OCSP_ONEREQ; DECLARE_STACK_OF(OCSP_ONEREQ) -DECLARE_ASN1_SET_OF(OCSP_ONEREQ) /* TBSRequest ::= SEQUENCE { @@ -125,35 +123,32 @@ DECLARE_ASN1_SET_OF(OCSP_ONEREQ) * requestList SEQUENCE OF Request, * requestExtensions [2] EXPLICIT Extensions OPTIONAL } */ -typedef struct ocsp_req_info_st - { +typedef struct ocsp_req_info_st { ASN1_INTEGER *version; GENERAL_NAME *requestorName; STACK_OF(OCSP_ONEREQ) *requestList; STACK_OF(X509_EXTENSION) *requestExtensions; - } OCSP_REQINFO; +} OCSP_REQINFO; /* Signature ::= SEQUENCE { * signatureAlgorithm AlgorithmIdentifier, * signature BIT STRING, * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } */ -typedef struct ocsp_signature_st - { +typedef struct ocsp_signature_st { X509_ALGOR *signatureAlgorithm; ASN1_BIT_STRING *signature; STACK_OF(X509) *certs; - } OCSP_SIGNATURE; +} OCSP_SIGNATURE; /* OCSPRequest ::= SEQUENCE { * tbsRequest TBSRequest, * optionalSignature [0] EXPLICIT Signature OPTIONAL } */ -typedef struct ocsp_request_st - { +typedef struct ocsp_request_st { OCSP_REQINFO *tbsRequest; OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */ - } OCSP_REQUEST; +} OCSP_REQUEST; /* OCSPResponseStatus ::= ENUMERATED { * successful (0), --Response has valid confirmations @@ -165,32 +160,30 @@ typedef struct ocsp_request_st * unauthorized (6) --Request unauthorized * } */ -#define OCSP_RESPONSE_STATUS_SUCCESSFUL 0 -#define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST 1 -#define OCSP_RESPONSE_STATUS_INTERNALERROR 2 -#define OCSP_RESPONSE_STATUS_TRYLATER 3 -#define OCSP_RESPONSE_STATUS_SIGREQUIRED 5 -#define OCSP_RESPONSE_STATUS_UNAUTHORIZED 6 +#define OCSP_RESPONSE_STATUS_SUCCESSFUL 0 +#define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST 1 +#define OCSP_RESPONSE_STATUS_INTERNALERROR 2 +#define OCSP_RESPONSE_STATUS_TRYLATER 3 +#define OCSP_RESPONSE_STATUS_SIGREQUIRED 5 +#define OCSP_RESPONSE_STATUS_UNAUTHORIZED 6 /* ResponseBytes ::= SEQUENCE { * responseType OBJECT IDENTIFIER, * response OCTET STRING } */ -typedef struct ocsp_resp_bytes_st - { +typedef struct ocsp_resp_bytes_st { ASN1_OBJECT *responseType; ASN1_OCTET_STRING *response; - } OCSP_RESPBYTES; +} OCSP_RESPBYTES; /* OCSPResponse ::= SEQUENCE { * responseStatus OCSPResponseStatus, * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL } */ -typedef struct ocsp_response_st - { +struct ocsp_response_st { ASN1_ENUMERATED *responseStatus; OCSP_RESPBYTES *responseBytes; - } OCSP_RESPONSE; +}; /* ResponderID ::= CHOICE { * byName [1] Name, @@ -198,14 +191,21 @@ typedef struct ocsp_response_st */ #define V_OCSP_RESPID_NAME 0 #define V_OCSP_RESPID_KEY 1 -typedef struct ocsp_responder_id_st - { +struct ocsp_responder_id_st { int type; - union { + union { X509_NAME* byName; - ASN1_OCTET_STRING *byKey; - } value; - } OCSP_RESPID; + ASN1_OCTET_STRING *byKey; + } value; +}; + +DECLARE_STACK_OF(OCSP_RESPID) +OCSP_RESPID *OCSP_RESPID_new(void); +void OCSP_RESPID_free(OCSP_RESPID *a); +OCSP_RESPID *d2i_OCSP_RESPID(OCSP_RESPID **a, const unsigned char **in, long len); +int i2d_OCSP_RESPID(OCSP_RESPID *a, unsigned char **out); +extern const ASN1_ITEM OCSP_RESPID_it; + /* KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key * --(excluding the tag and length fields) */ @@ -214,11 +214,10 @@ typedef struct ocsp_responder_id_st * revocationTime GeneralizedTime, * revocationReason [0] EXPLICIT CRLReason OPTIONAL } */ -typedef struct ocsp_revoked_info_st - { +typedef struct ocsp_revoked_info_st { ASN1_GENERALIZEDTIME *revocationTime; ASN1_ENUMERATED *revocationReason; - } OCSP_REVOKEDINFO; +} OCSP_REVOKEDINFO; /* CertStatus ::= CHOICE { * good [0] IMPLICIT NULL, @@ -228,15 +227,14 @@ typedef struct ocsp_revoked_info_st #define V_OCSP_CERTSTATUS_GOOD 0 #define V_OCSP_CERTSTATUS_REVOKED 1 #define V_OCSP_CERTSTATUS_UNKNOWN 2 -typedef struct ocsp_cert_status_st - { +typedef struct ocsp_cert_status_st { int type; - union { + union { ASN1_NULL *good; OCSP_REVOKEDINFO *revoked; ASN1_NULL *unknown; - } value; - } OCSP_CERTSTATUS; + } value; +} OCSP_CERTSTATUS; /* SingleResponse ::= SEQUENCE { * certID CertID, @@ -245,17 +243,15 @@ typedef struct ocsp_cert_status_st * nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, * singleExtensions [1] EXPLICIT Extensions OPTIONAL } */ -typedef struct ocsp_single_response_st - { +typedef struct ocsp_single_response_st { OCSP_CERTID *certId; OCSP_CERTSTATUS *certStatus; ASN1_GENERALIZEDTIME *thisUpdate; ASN1_GENERALIZEDTIME *nextUpdate; STACK_OF(X509_EXTENSION) *singleExtensions; - } OCSP_SINGLERESP; +} OCSP_SINGLERESP; DECLARE_STACK_OF(OCSP_SINGLERESP) -DECLARE_ASN1_SET_OF(OCSP_SINGLERESP) /* ResponseData ::= SEQUENCE { * version [0] EXPLICIT Version DEFAULT v1, @@ -264,14 +260,13 @@ DECLARE_ASN1_SET_OF(OCSP_SINGLERESP) * responses SEQUENCE OF SingleResponse, * responseExtensions [1] EXPLICIT Extensions OPTIONAL } */ -typedef struct ocsp_response_data_st - { +typedef struct ocsp_response_data_st { ASN1_INTEGER *version; OCSP_RESPID *responderId; ASN1_GENERALIZEDTIME *producedAt; STACK_OF(OCSP_SINGLERESP) *responses; STACK_OF(X509_EXTENSION) *responseExtensions; - } OCSP_RESPDATA; +} OCSP_RESPDATA; /* BasicOCSPResponse ::= SEQUENCE { * tbsResponseData ResponseData, @@ -295,13 +290,12 @@ typedef struct ocsp_response_data_st that it doesn't do the double hashing that the RFC seems to say one should. Therefore, all relevant functions take a flag saying which variant should be used. -- Richard Levitte, OpenSSL team and CeloCom */ -typedef struct ocsp_basic_response_st - { +typedef struct ocsp_basic_response_st { OCSP_RESPDATA *tbsResponseData; X509_ALGOR *signatureAlgorithm; ASN1_BIT_STRING *signature; STACK_OF(X509) *certs; - } OCSP_BASICRESP; +} OCSP_BASICRESP; /* * CRLReason ::= ENUMERATED { @@ -314,245 +308,301 @@ typedef struct ocsp_basic_response_st * certificateHold (6), * removeFromCRL (8) } */ -#define OCSP_REVOKED_STATUS_NOSTATUS -1 -#define OCSP_REVOKED_STATUS_UNSPECIFIED 0 -#define OCSP_REVOKED_STATUS_KEYCOMPROMISE 1 -#define OCSP_REVOKED_STATUS_CACOMPROMISE 2 -#define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED 3 -#define OCSP_REVOKED_STATUS_SUPERSEDED 4 -#define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION 5 -#define OCSP_REVOKED_STATUS_CERTIFICATEHOLD 6 -#define OCSP_REVOKED_STATUS_REMOVEFROMCRL 8 +#define OCSP_REVOKED_STATUS_NOSTATUS -1 +#define OCSP_REVOKED_STATUS_UNSPECIFIED 0 +#define OCSP_REVOKED_STATUS_KEYCOMPROMISE 1 +#define OCSP_REVOKED_STATUS_CACOMPROMISE 2 +#define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED 3 +#define OCSP_REVOKED_STATUS_SUPERSEDED 4 +#define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION 5 +#define OCSP_REVOKED_STATUS_CERTIFICATEHOLD 6 +#define OCSP_REVOKED_STATUS_REMOVEFROMCRL 8 /* CrlID ::= SEQUENCE { * crlUrl [0] EXPLICIT IA5String OPTIONAL, * crlNum [1] EXPLICIT INTEGER OPTIONAL, * crlTime [2] EXPLICIT GeneralizedTime OPTIONAL } */ -typedef struct ocsp_crl_id_st - { +typedef struct ocsp_crl_id_st { ASN1_IA5STRING *crlUrl; ASN1_INTEGER *crlNum; ASN1_GENERALIZEDTIME *crlTime; - } OCSP_CRLID; +} OCSP_CRLID; /* ServiceLocator ::= SEQUENCE { * issuer Name, * locator AuthorityInfoAccessSyntax OPTIONAL } */ -typedef struct ocsp_service_locator_st - { +typedef struct ocsp_service_locator_st { X509_NAME* issuer; STACK_OF(ACCESS_DESCRIPTION) *locator; - } OCSP_SERVICELOC; - +} OCSP_SERVICELOC; + #define PEM_STRING_OCSP_REQUEST "OCSP REQUEST" #define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE" -#define d2i_OCSP_REQUEST_bio(bp,p) (OCSP_REQUEST*)ASN1_d2i_bio((char*(*)()) \ - OCSP_REQUEST_new,(char *(*)())d2i_OCSP_REQUEST, (bp),\ - (unsigned char **)(p)) - -#define d2i_OCSP_RESPONSE_bio(bp,p) (OCSP_RESPONSE*)ASN1_d2i_bio((char*(*)())\ - OCSP_REQUEST_new,(char *(*)())d2i_OCSP_RESPONSE, (bp),\ - (unsigned char **)(p)) +#define PEM_read_bio_OCSP_REQUEST(bp,x,cb) \ + (OCSP_REQUEST *)PEM_ASN1_read_bio((char *(*)())d2i_OCSP_REQUEST, \ + PEM_STRING_OCSP_REQUEST,bp,(char **)x,cb,NULL) -#define PEM_read_bio_OCSP_REQUEST(bp,x,cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \ - (char *(*)())d2i_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,bp,(char **)x,cb,NULL) - -#define PEM_read_bio_OCSP_RESPONSE(bp,x,cb)(OCSP_RESPONSE *)PEM_ASN1_read_bio(\ - (char *(*)())d2i_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,bp,(char **)x,cb,NULL) +#define PEM_read_bio_OCSP_RESPONSE(bp,x,cb) \ + (OCSP_RESPONSE *)PEM_ASN1_read_bio((char *(*)())d2i_OCSP_RESPONSE, \ + PEM_STRING_OCSP_RESPONSE,bp,(char **)x,cb,NULL) #define PEM_write_bio_OCSP_REQUEST(bp,o) \ PEM_ASN1_write_bio((int (*)())i2d_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,\ - bp,(char *)o, NULL,NULL,0,NULL,NULL) + bp,(char *)o, NULL,NULL,0,NULL,NULL) #define PEM_write_bio_OCSP_RESPONSE(bp,o) \ PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\ - bp,(char *)o, NULL,NULL,0,NULL,NULL) - -#define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio(i2d_OCSP_RESPONSE,bp,\ - (unsigned char *)o) - -#define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio(i2d_OCSP_REQUEST,bp,\ - (unsigned char *)o) + bp,(char *)o, NULL,NULL,0,NULL,NULL) #define OCSP_REQUEST_sign(o,pkey,md) \ - ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\ - o->optionalSignature->signatureAlgorithm,NULL,\ - o->optionalSignature->signature,o->tbsRequest,pkey,md) + ASN1_item_sign(&OCSP_REQINFO_it, \ + o->optionalSignature->signatureAlgorithm,NULL, \ + o->optionalSignature->signature,o->tbsRequest,pkey,md) #define OCSP_BASICRESP_sign(o,pkey,md,d) \ - ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),o->signatureAlgorithm,NULL,\ - o->signature,o->tbsResponseData,pkey,md) + ASN1_item_sign(&OCSP_RESPDATA_it,o->signatureAlgorithm,NULL, \ + o->signature,o->tbsResponseData,pkey,md) -#define OCSP_REQUEST_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO),\ - a->optionalSignature->signatureAlgorithm,\ +#define OCSP_REQUEST_verify(a,r) \ + ASN1_item_verify(&OCSP_REQINFO_it, \ + a->optionalSignature->signatureAlgorithm, \ a->optionalSignature->signature,a->tbsRequest,r) -#define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_RESPDATA),\ +#define OCSP_BASICRESP_verify(a,r,d) \ + ASN1_item_verify(&OCSP_RESPDATA_it, \ a->signatureAlgorithm,a->signature,a->tbsResponseData,r) #define ASN1_BIT_STRING_digest(data,type,md,len) \ - ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len) + ASN1_item_digest(&ASN1_BIT_STRING_it,type,data,md,len) -#define OCSP_CERTID_dup(cid) (OCSP_CERTID*)ASN1_dup((int(*)())i2d_OCSP_CERTID,\ - (char *(*)())d2i_OCSP_CERTID,(char *)(cid)) +#define OCSP_CERTSTATUS_dup(cs) \ + ASN1_item_dup(&OCSP_CERTSTATUS_it, cs) -#define OCSP_CERTSTATUS_dup(cs)\ - (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\ - (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs)) +OCSP_CERTID *OCSP_CERTID_dup(OCSP_CERTID *id); -OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req); +OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, const char *path, OCSP_REQUEST *req); +OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req, + int maxline); +int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx); +void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx); +int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req); +int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx, const char *name, + const char *value); -OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer); +OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject, + const X509 *issuer); -OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, - X509_NAME *issuerName, - ASN1_BIT_STRING* issuerKey, - ASN1_INTEGER *serialNumber); +OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, const X509_NAME *issuerName, + const ASN1_BIT_STRING *issuerKey, const ASN1_INTEGER *serialNumber); OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid); -int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len); -int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len); -int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs); -int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req); +int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len); +int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len); +int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs); +int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req); -int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm); -int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert); +int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm); +int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert); -int OCSP_request_sign(OCSP_REQUEST *req, - X509 *signer, - EVP_PKEY *key, - const EVP_MD *dgst, - STACK_OF(X509) *certs, - unsigned long flags); +int OCSP_request_sign(OCSP_REQUEST *req, X509 *signer, EVP_PKEY *key, + const EVP_MD *dgst, STACK_OF(X509) *certs, unsigned long flags); -int OCSP_response_status(OCSP_RESPONSE *resp); +int OCSP_response_status(OCSP_RESPONSE *resp); OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp); -int OCSP_resp_count(OCSP_BASICRESP *bs); +int OCSP_resp_count(OCSP_BASICRESP *bs); OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx); -int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last); -int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason, - ASN1_GENERALIZEDTIME **revtime, - ASN1_GENERALIZEDTIME **thisupd, - ASN1_GENERALIZEDTIME **nextupd); -int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status, - int *reason, - ASN1_GENERALIZEDTIME **revtime, - ASN1_GENERALIZEDTIME **thisupd, - ASN1_GENERALIZEDTIME **nextupd); -int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, - ASN1_GENERALIZEDTIME *nextupd, - long sec, long maxsec); - -int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store, unsigned long flags); - -int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pssl); - -int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b); -int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b); - -int OCSP_request_onereq_count(OCSP_REQUEST *req); +int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last); +int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason, + ASN1_GENERALIZEDTIME **revtime, ASN1_GENERALIZEDTIME **thisupd, + ASN1_GENERALIZEDTIME **nextupd); +int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status, + int *reason, ASN1_GENERALIZEDTIME **revtime, + ASN1_GENERALIZEDTIME **thisupd, ASN1_GENERALIZEDTIME **nextupd); +int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, + ASN1_GENERALIZEDTIME *nextupd, long sec, long maxsec); + +int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, + X509_STORE *store, unsigned long flags); + +int OCSP_parse_url(const char *url, char **phost, char **pport, + char **ppath, int *pssl); + +int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b); +int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b); + +int OCSP_request_onereq_count(OCSP_REQUEST *req); OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i); OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one); -int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd, - ASN1_OCTET_STRING **pikeyHash, - ASN1_INTEGER **pserial, OCSP_CERTID *cid); -int OCSP_request_is_signed(OCSP_REQUEST *req); +int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd, + ASN1_OCTET_STRING **pikeyHash, ASN1_INTEGER **pserial, + OCSP_CERTID *cid); +int OCSP_request_is_signed(OCSP_REQUEST *req); OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs); -OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, - OCSP_CERTID *cid, - int status, int reason, - ASN1_TIME *revtime, - ASN1_TIME *thisupd, ASN1_TIME *nextupd); -int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert); -int OCSP_basic_sign(OCSP_BASICRESP *brsp, - X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, - STACK_OF(X509) *certs, unsigned long flags); - -ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, int (*i2d)(), - char *data, STACK_OF(ASN1_OBJECT) *sk); +OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, OCSP_CERTID *cid, + int status, int reason, ASN1_TIME *revtime, ASN1_TIME *thisupd, + ASN1_TIME *nextupd); +int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert); +int OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key, + const EVP_MD *dgst, STACK_OF(X509) *certs, unsigned long flags); -X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim); +X509_EXTENSION *OCSP_crlID_new(const char *url, long *n, char *tim); X509_EXTENSION *OCSP_accept_responses_new(char **oids); X509_EXTENSION *OCSP_archive_cutoff_new(char* tim); -X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls); +X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, const char **urls); -int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x); -int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos); -int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj, int lastpos); -int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos); +int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x); +int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos); +int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, const ASN1_OBJECT *obj, + int lastpos); +int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, + int lastpos); X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc); X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc); void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, int *idx); -int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit, - unsigned long flags); -int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc); - -int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x); -int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos); -int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, ASN1_OBJECT *obj, int lastpos); -int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos); +int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, + int crit, unsigned long flags); +int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc); + +int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x); +int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos); +int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, const ASN1_OBJECT *obj, + int lastpos); +int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos); X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc); X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc); void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx); -int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit, - unsigned long flags); -int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc); - -int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x); -int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos); -int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj, int lastpos); -int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, int lastpos); +int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit, + unsigned long flags); +int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc); + +int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x); +int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos); +int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, const ASN1_OBJECT *obj, + int lastpos); +int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, + int lastpos); X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc); X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc); -void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit, int *idx); -int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value, int crit, - unsigned long flags); -int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc); - -int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x); -int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos); -int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, ASN1_OBJECT *obj, int lastpos); -int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, int lastpos); +void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit, + int *idx); +int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value, + int crit, unsigned long flags); +int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc); + +int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x); +int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, + int lastpos); +int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, + const ASN1_OBJECT *obj, int lastpos); +int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, + int lastpos); X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc); X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc); -void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit, int *idx); -int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, int crit, - unsigned long flags); -int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc); - -DECLARE_ASN1_FUNCTIONS(OCSP_SINGLERESP) -DECLARE_ASN1_FUNCTIONS(OCSP_CERTSTATUS) -DECLARE_ASN1_FUNCTIONS(OCSP_REVOKEDINFO) -DECLARE_ASN1_FUNCTIONS(OCSP_BASICRESP) -DECLARE_ASN1_FUNCTIONS(OCSP_RESPDATA) -DECLARE_ASN1_FUNCTIONS(OCSP_RESPID) -DECLARE_ASN1_FUNCTIONS(OCSP_RESPONSE) -DECLARE_ASN1_FUNCTIONS(OCSP_RESPBYTES) -DECLARE_ASN1_FUNCTIONS(OCSP_ONEREQ) -DECLARE_ASN1_FUNCTIONS(OCSP_CERTID) -DECLARE_ASN1_FUNCTIONS(OCSP_REQUEST) -DECLARE_ASN1_FUNCTIONS(OCSP_SIGNATURE) -DECLARE_ASN1_FUNCTIONS(OCSP_REQINFO) -DECLARE_ASN1_FUNCTIONS(OCSP_CRLID) -DECLARE_ASN1_FUNCTIONS(OCSP_SERVICELOC) - -char *OCSP_response_status_str(long s); -char *OCSP_cert_status_str(long s); -char *OCSP_crl_reason_str(long s); - -int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* a, unsigned long flags); -int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags); - -int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, - X509_STORE *st, unsigned long flags); +void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit, + int *idx); +int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, + int crit, unsigned long flags); +int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, + int loc); +const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *x); + +OCSP_SINGLERESP *OCSP_SINGLERESP_new(void); +void OCSP_SINGLERESP_free(OCSP_SINGLERESP *a); +OCSP_SINGLERESP *d2i_OCSP_SINGLERESP(OCSP_SINGLERESP **a, const unsigned char **in, long len); +int i2d_OCSP_SINGLERESP(OCSP_SINGLERESP *a, unsigned char **out); +extern const ASN1_ITEM OCSP_SINGLERESP_it; +OCSP_CERTSTATUS *OCSP_CERTSTATUS_new(void); +void OCSP_CERTSTATUS_free(OCSP_CERTSTATUS *a); +OCSP_CERTSTATUS *d2i_OCSP_CERTSTATUS(OCSP_CERTSTATUS **a, const unsigned char **in, long len); +int i2d_OCSP_CERTSTATUS(OCSP_CERTSTATUS *a, unsigned char **out); +extern const ASN1_ITEM OCSP_CERTSTATUS_it; +OCSP_REVOKEDINFO *OCSP_REVOKEDINFO_new(void); +void OCSP_REVOKEDINFO_free(OCSP_REVOKEDINFO *a); +OCSP_REVOKEDINFO *d2i_OCSP_REVOKEDINFO(OCSP_REVOKEDINFO **a, const unsigned char **in, long len); +int i2d_OCSP_REVOKEDINFO(OCSP_REVOKEDINFO *a, unsigned char **out); +extern const ASN1_ITEM OCSP_REVOKEDINFO_it; +OCSP_BASICRESP *OCSP_BASICRESP_new(void); +void OCSP_BASICRESP_free(OCSP_BASICRESP *a); +OCSP_BASICRESP *d2i_OCSP_BASICRESP(OCSP_BASICRESP **a, const unsigned char **in, long len); +int i2d_OCSP_BASICRESP(OCSP_BASICRESP *a, unsigned char **out); +extern const ASN1_ITEM OCSP_BASICRESP_it; +OCSP_RESPDATA *OCSP_RESPDATA_new(void); +void OCSP_RESPDATA_free(OCSP_RESPDATA *a); +OCSP_RESPDATA *d2i_OCSP_RESPDATA(OCSP_RESPDATA **a, const unsigned char **in, long len); +int i2d_OCSP_RESPDATA(OCSP_RESPDATA *a, unsigned char **out); +extern const ASN1_ITEM OCSP_RESPDATA_it; +OCSP_RESPID *OCSP_RESPID_new(void); +void OCSP_RESPID_free(OCSP_RESPID *a); +OCSP_RESPID *d2i_OCSP_RESPID(OCSP_RESPID **a, const unsigned char **in, long len); +int i2d_OCSP_RESPID(OCSP_RESPID *a, unsigned char **out); +extern const ASN1_ITEM OCSP_RESPID_it; +OCSP_RESPONSE *OCSP_RESPONSE_new(void); +void OCSP_RESPONSE_free(OCSP_RESPONSE *a); +OCSP_RESPONSE *d2i_OCSP_RESPONSE(OCSP_RESPONSE **a, const unsigned char **in, long len); +int i2d_OCSP_RESPONSE(OCSP_RESPONSE *a, unsigned char **out); +OCSP_RESPONSE *d2i_OCSP_RESPONSE_bio(BIO *bp, OCSP_RESPONSE **a); +int i2d_OCSP_RESPONSE_bio(BIO *bp, OCSP_RESPONSE *a); +extern const ASN1_ITEM OCSP_RESPONSE_it; +OCSP_RESPBYTES *OCSP_RESPBYTES_new(void); +void OCSP_RESPBYTES_free(OCSP_RESPBYTES *a); +OCSP_RESPBYTES *d2i_OCSP_RESPBYTES(OCSP_RESPBYTES **a, const unsigned char **in, long len); +int i2d_OCSP_RESPBYTES(OCSP_RESPBYTES *a, unsigned char **out); +extern const ASN1_ITEM OCSP_RESPBYTES_it; +OCSP_ONEREQ *OCSP_ONEREQ_new(void); +void OCSP_ONEREQ_free(OCSP_ONEREQ *a); +OCSP_ONEREQ *d2i_OCSP_ONEREQ(OCSP_ONEREQ **a, const unsigned char **in, long len); +int i2d_OCSP_ONEREQ(OCSP_ONEREQ *a, unsigned char **out); +extern const ASN1_ITEM OCSP_ONEREQ_it; +OCSP_CERTID *OCSP_CERTID_new(void); +void OCSP_CERTID_free(OCSP_CERTID *a); +OCSP_CERTID *d2i_OCSP_CERTID(OCSP_CERTID **a, const unsigned char **in, long len); +int i2d_OCSP_CERTID(OCSP_CERTID *a, unsigned char **out); +extern const ASN1_ITEM OCSP_CERTID_it; +OCSP_REQUEST *OCSP_REQUEST_new(void); +void OCSP_REQUEST_free(OCSP_REQUEST *a); +OCSP_REQUEST *d2i_OCSP_REQUEST(OCSP_REQUEST **a, const unsigned char **in, long len); +int i2d_OCSP_REQUEST(OCSP_REQUEST *a, unsigned char **out); +OCSP_REQUEST *d2i_OCSP_REQUEST_bio(BIO *bp, OCSP_REQUEST **a); +int i2d_OCSP_REQUEST_bio(BIO *bp, OCSP_REQUEST *a); +extern const ASN1_ITEM OCSP_REQUEST_it; +OCSP_SIGNATURE *OCSP_SIGNATURE_new(void); +void OCSP_SIGNATURE_free(OCSP_SIGNATURE *a); +OCSP_SIGNATURE *d2i_OCSP_SIGNATURE(OCSP_SIGNATURE **a, const unsigned char **in, long len); +int i2d_OCSP_SIGNATURE(OCSP_SIGNATURE *a, unsigned char **out); +extern const ASN1_ITEM OCSP_SIGNATURE_it; +OCSP_REQINFO *OCSP_REQINFO_new(void); +void OCSP_REQINFO_free(OCSP_REQINFO *a); +OCSP_REQINFO *d2i_OCSP_REQINFO(OCSP_REQINFO **a, const unsigned char **in, long len); +int i2d_OCSP_REQINFO(OCSP_REQINFO *a, unsigned char **out); +extern const ASN1_ITEM OCSP_REQINFO_it; +OCSP_CRLID *OCSP_CRLID_new(void); +void OCSP_CRLID_free(OCSP_CRLID *a); +OCSP_CRLID *d2i_OCSP_CRLID(OCSP_CRLID **a, const unsigned char **in, long len); +int i2d_OCSP_CRLID(OCSP_CRLID *a, unsigned char **out); +extern const ASN1_ITEM OCSP_CRLID_it; +OCSP_SERVICELOC *OCSP_SERVICELOC_new(void); +void OCSP_SERVICELOC_free(OCSP_SERVICELOC *a); +OCSP_SERVICELOC *d2i_OCSP_SERVICELOC(OCSP_SERVICELOC **a, const unsigned char **in, long len); +int i2d_OCSP_SERVICELOC(OCSP_SERVICELOC *a, unsigned char **out); +extern const ASN1_ITEM OCSP_SERVICELOC_it; + +const char *OCSP_response_status_str(long s); +const char *OCSP_cert_status_str(long s); +const char *OCSP_crl_reason_str(long s); + +int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* a, unsigned long flags); +int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags); + +int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, + X509_STORE *st, unsigned long flags); /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes @@ -564,11 +614,11 @@ void ERR_load_OCSP_strings(void); /* Function codes. */ #define OCSP_F_ASN1_STRING_ENCODE 100 -#define OCSP_F_CERT_ID_NEW 101 #define OCSP_F_D2I_OCSP_NONCE 102 #define OCSP_F_OCSP_BASIC_ADD1_STATUS 103 #define OCSP_F_OCSP_BASIC_SIGN 104 #define OCSP_F_OCSP_BASIC_VERIFY 105 +#define OCSP_F_OCSP_CERT_ID_NEW 101 #define OCSP_F_OCSP_CHECK_DELEGATED 106 #define OCSP_F_OCSP_CHECK_IDS 107 #define OCSP_F_OCSP_CHECK_ISSUER 108 @@ -579,6 +629,8 @@ void ERR_load_OCSP_strings(void); #define OCSP_F_OCSP_REQUEST_VERIFY 116 #define OCSP_F_OCSP_RESPONSE_GET1_BASIC 111 #define OCSP_F_OCSP_SENDREQ_BIO 112 +#define OCSP_F_OCSP_SENDREQ_NBIO 117 +#define OCSP_F_PARSE_HTTP_LINE1 118 #define OCSP_F_REQUEST_VERIFY 113 /* Reason codes. */ diff --git a/src/lib/libcrypto/ocsp/ocsp_asn.c b/src/lib/libcrypto/ocsp/ocsp_asn.c index 8c148cda6a8..bb58ca79abf 100644 --- a/src/lib/libcrypto/ocsp/ocsp_asn.c +++ b/src/lib/libcrypto/ocsp/ocsp_asn.c @@ -1,5 +1,5 @@ -/* ocsp_asn.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: ocsp_asn.c,v 1.9 2016/11/04 18:35:30 jsing Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -59,124 +59,927 @@ #include #include -ASN1_SEQUENCE(OCSP_SIGNATURE) = { - ASN1_SIMPLE(OCSP_SIGNATURE, signatureAlgorithm, X509_ALGOR), - ASN1_SIMPLE(OCSP_SIGNATURE, signature, ASN1_BIT_STRING), - ASN1_EXP_SEQUENCE_OF(OCSP_SIGNATURE, certs, X509, 0) -} ASN1_SEQUENCE_END(OCSP_SIGNATURE) +static const ASN1_TEMPLATE OCSP_SIGNATURE_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(OCSP_SIGNATURE, signatureAlgorithm), + .field_name = "signatureAlgorithm", + .item = &X509_ALGOR_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(OCSP_SIGNATURE, signature), + .field_name = "signature", + .item = &ASN1_BIT_STRING_it, + }, + { + .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(OCSP_SIGNATURE, certs), + .field_name = "certs", + .item = &X509_it, + }, +}; -IMPLEMENT_ASN1_FUNCTIONS(OCSP_SIGNATURE) +const ASN1_ITEM OCSP_SIGNATURE_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = OCSP_SIGNATURE_seq_tt, + .tcount = sizeof(OCSP_SIGNATURE_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(OCSP_SIGNATURE), + .sname = "OCSP_SIGNATURE", +}; -ASN1_SEQUENCE(OCSP_CERTID) = { - ASN1_SIMPLE(OCSP_CERTID, hashAlgorithm, X509_ALGOR), - ASN1_SIMPLE(OCSP_CERTID, issuerNameHash, ASN1_OCTET_STRING), - ASN1_SIMPLE(OCSP_CERTID, issuerKeyHash, ASN1_OCTET_STRING), - ASN1_SIMPLE(OCSP_CERTID, serialNumber, ASN1_INTEGER) -} ASN1_SEQUENCE_END(OCSP_CERTID) -IMPLEMENT_ASN1_FUNCTIONS(OCSP_CERTID) +OCSP_SIGNATURE * +d2i_OCSP_SIGNATURE(OCSP_SIGNATURE **a, const unsigned char **in, long len) +{ + return (OCSP_SIGNATURE *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &OCSP_SIGNATURE_it); +} -ASN1_SEQUENCE(OCSP_ONEREQ) = { - ASN1_SIMPLE(OCSP_ONEREQ, reqCert, OCSP_CERTID), - ASN1_EXP_SEQUENCE_OF_OPT(OCSP_ONEREQ, singleRequestExtensions, X509_EXTENSION, 0) -} ASN1_SEQUENCE_END(OCSP_ONEREQ) +int +i2d_OCSP_SIGNATURE(OCSP_SIGNATURE *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &OCSP_SIGNATURE_it); +} -IMPLEMENT_ASN1_FUNCTIONS(OCSP_ONEREQ) +OCSP_SIGNATURE * +OCSP_SIGNATURE_new(void) +{ + return (OCSP_SIGNATURE *)ASN1_item_new(&OCSP_SIGNATURE_it); +} -ASN1_SEQUENCE(OCSP_REQINFO) = { - ASN1_EXP_OPT(OCSP_REQINFO, version, ASN1_INTEGER, 0), - ASN1_EXP_OPT(OCSP_REQINFO, requestorName, GENERAL_NAME, 1), - ASN1_SEQUENCE_OF(OCSP_REQINFO, requestList, OCSP_ONEREQ), - ASN1_EXP_SEQUENCE_OF_OPT(OCSP_REQINFO, requestExtensions, X509_EXTENSION, 2) -} ASN1_SEQUENCE_END(OCSP_REQINFO) +void +OCSP_SIGNATURE_free(OCSP_SIGNATURE *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &OCSP_SIGNATURE_it); +} -IMPLEMENT_ASN1_FUNCTIONS(OCSP_REQINFO) +static const ASN1_TEMPLATE OCSP_CERTID_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(OCSP_CERTID, hashAlgorithm), + .field_name = "hashAlgorithm", + .item = &X509_ALGOR_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(OCSP_CERTID, issuerNameHash), + .field_name = "issuerNameHash", + .item = &ASN1_OCTET_STRING_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(OCSP_CERTID, issuerKeyHash), + .field_name = "issuerKeyHash", + .item = &ASN1_OCTET_STRING_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(OCSP_CERTID, serialNumber), + .field_name = "serialNumber", + .item = &ASN1_INTEGER_it, + }, +}; -ASN1_SEQUENCE(OCSP_REQUEST) = { - ASN1_SIMPLE(OCSP_REQUEST, tbsRequest, OCSP_REQINFO), - ASN1_EXP_OPT(OCSP_REQUEST, optionalSignature, OCSP_SIGNATURE, 0) -} ASN1_SEQUENCE_END(OCSP_REQUEST) +const ASN1_ITEM OCSP_CERTID_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = OCSP_CERTID_seq_tt, + .tcount = sizeof(OCSP_CERTID_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(OCSP_CERTID), + .sname = "OCSP_CERTID", +}; -IMPLEMENT_ASN1_FUNCTIONS(OCSP_REQUEST) + +OCSP_CERTID * +d2i_OCSP_CERTID(OCSP_CERTID **a, const unsigned char **in, long len) +{ + return (OCSP_CERTID *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &OCSP_CERTID_it); +} + +int +i2d_OCSP_CERTID(OCSP_CERTID *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &OCSP_CERTID_it); +} + +OCSP_CERTID * +OCSP_CERTID_new(void) +{ + return (OCSP_CERTID *)ASN1_item_new(&OCSP_CERTID_it); +} + +void +OCSP_CERTID_free(OCSP_CERTID *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &OCSP_CERTID_it); +} + +static const ASN1_TEMPLATE OCSP_ONEREQ_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(OCSP_ONEREQ, reqCert), + .field_name = "reqCert", + .item = &OCSP_CERTID_it, + }, + { + .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(OCSP_ONEREQ, singleRequestExtensions), + .field_name = "singleRequestExtensions", + .item = &X509_EXTENSION_it, + }, +}; + +const ASN1_ITEM OCSP_ONEREQ_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = OCSP_ONEREQ_seq_tt, + .tcount = sizeof(OCSP_ONEREQ_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(OCSP_ONEREQ), + .sname = "OCSP_ONEREQ", +}; + + +OCSP_ONEREQ * +d2i_OCSP_ONEREQ(OCSP_ONEREQ **a, const unsigned char **in, long len) +{ + return (OCSP_ONEREQ *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &OCSP_ONEREQ_it); +} + +int +i2d_OCSP_ONEREQ(OCSP_ONEREQ *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &OCSP_ONEREQ_it); +} + +OCSP_ONEREQ * +OCSP_ONEREQ_new(void) +{ + return (OCSP_ONEREQ *)ASN1_item_new(&OCSP_ONEREQ_it); +} + +void +OCSP_ONEREQ_free(OCSP_ONEREQ *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &OCSP_ONEREQ_it); +} + +static const ASN1_TEMPLATE OCSP_REQINFO_seq_tt[] = { + { + .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(OCSP_REQINFO, version), + .field_name = "version", + .item = &ASN1_INTEGER_it, + }, + { + .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL, + .tag = 1, + .offset = offsetof(OCSP_REQINFO, requestorName), + .field_name = "requestorName", + .item = &GENERAL_NAME_it, + }, + { + .flags = ASN1_TFLG_SEQUENCE_OF, + .tag = 0, + .offset = offsetof(OCSP_REQINFO, requestList), + .field_name = "requestList", + .item = &OCSP_ONEREQ_it, + }, + { + .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL, + .tag = 2, + .offset = offsetof(OCSP_REQINFO, requestExtensions), + .field_name = "requestExtensions", + .item = &X509_EXTENSION_it, + }, +}; + +const ASN1_ITEM OCSP_REQINFO_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = OCSP_REQINFO_seq_tt, + .tcount = sizeof(OCSP_REQINFO_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(OCSP_REQINFO), + .sname = "OCSP_REQINFO", +}; + + +OCSP_REQINFO * +d2i_OCSP_REQINFO(OCSP_REQINFO **a, const unsigned char **in, long len) +{ + return (OCSP_REQINFO *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &OCSP_REQINFO_it); +} + +int +i2d_OCSP_REQINFO(OCSP_REQINFO *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &OCSP_REQINFO_it); +} + +OCSP_REQINFO * +OCSP_REQINFO_new(void) +{ + return (OCSP_REQINFO *)ASN1_item_new(&OCSP_REQINFO_it); +} + +void +OCSP_REQINFO_free(OCSP_REQINFO *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &OCSP_REQINFO_it); +} + +static const ASN1_TEMPLATE OCSP_REQUEST_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(OCSP_REQUEST, tbsRequest), + .field_name = "tbsRequest", + .item = &OCSP_REQINFO_it, + }, + { + .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(OCSP_REQUEST, optionalSignature), + .field_name = "optionalSignature", + .item = &OCSP_SIGNATURE_it, + }, +}; + +const ASN1_ITEM OCSP_REQUEST_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = OCSP_REQUEST_seq_tt, + .tcount = sizeof(OCSP_REQUEST_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(OCSP_REQUEST), + .sname = "OCSP_REQUEST", +}; + +OCSP_REQUEST * +d2i_OCSP_REQUEST(OCSP_REQUEST **a, const unsigned char **in, long len) +{ + return (OCSP_REQUEST *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &OCSP_REQUEST_it); +} + +int +i2d_OCSP_REQUEST(OCSP_REQUEST *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &OCSP_REQUEST_it); +} + +OCSP_REQUEST * +d2i_OCSP_REQUEST_bio(BIO *bp, OCSP_REQUEST **a) +{ + return ASN1_item_d2i_bio(&OCSP_REQUEST_it, bp, a); +} + +int +i2d_OCSP_REQUEST_bio(BIO *bp, OCSP_REQUEST *a) +{ + return ASN1_item_i2d_bio(&OCSP_REQUEST_it, bp, a); +} + +OCSP_REQUEST * +OCSP_REQUEST_new(void) +{ + return (OCSP_REQUEST *)ASN1_item_new(&OCSP_REQUEST_it); +} + +void +OCSP_REQUEST_free(OCSP_REQUEST *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &OCSP_REQUEST_it); +} /* OCSP_RESPONSE templates */ -ASN1_SEQUENCE(OCSP_RESPBYTES) = { - ASN1_SIMPLE(OCSP_RESPBYTES, responseType, ASN1_OBJECT), - ASN1_SIMPLE(OCSP_RESPBYTES, response, ASN1_OCTET_STRING) -} ASN1_SEQUENCE_END(OCSP_RESPBYTES) +static const ASN1_TEMPLATE OCSP_RESPBYTES_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(OCSP_RESPBYTES, responseType), + .field_name = "responseType", + .item = &ASN1_OBJECT_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(OCSP_RESPBYTES, response), + .field_name = "response", + .item = &ASN1_OCTET_STRING_it, + }, +}; + +const ASN1_ITEM OCSP_RESPBYTES_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = OCSP_RESPBYTES_seq_tt, + .tcount = sizeof(OCSP_RESPBYTES_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(OCSP_RESPBYTES), + .sname = "OCSP_RESPBYTES", +}; + + +OCSP_RESPBYTES * +d2i_OCSP_RESPBYTES(OCSP_RESPBYTES **a, const unsigned char **in, long len) +{ + return (OCSP_RESPBYTES *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &OCSP_RESPBYTES_it); +} + +int +i2d_OCSP_RESPBYTES(OCSP_RESPBYTES *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &OCSP_RESPBYTES_it); +} + +OCSP_RESPBYTES * +OCSP_RESPBYTES_new(void) +{ + return (OCSP_RESPBYTES *)ASN1_item_new(&OCSP_RESPBYTES_it); +} + +void +OCSP_RESPBYTES_free(OCSP_RESPBYTES *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &OCSP_RESPBYTES_it); +} + +static const ASN1_TEMPLATE OCSP_RESPONSE_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(OCSP_RESPONSE, responseStatus), + .field_name = "responseStatus", + .item = &ASN1_ENUMERATED_it, + }, + { + .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(OCSP_RESPONSE, responseBytes), + .field_name = "responseBytes", + .item = &OCSP_RESPBYTES_it, + }, +}; + +const ASN1_ITEM OCSP_RESPONSE_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = OCSP_RESPONSE_seq_tt, + .tcount = sizeof(OCSP_RESPONSE_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(OCSP_RESPONSE), + .sname = "OCSP_RESPONSE", +}; + + +OCSP_RESPONSE * +d2i_OCSP_RESPONSE(OCSP_RESPONSE **a, const unsigned char **in, long len) +{ + return (OCSP_RESPONSE *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &OCSP_RESPONSE_it); +} + +int +i2d_OCSP_RESPONSE(OCSP_RESPONSE *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &OCSP_RESPONSE_it); +} + +OCSP_RESPONSE * +d2i_OCSP_RESPONSE_bio(BIO *bp, OCSP_RESPONSE **a) +{ + return ASN1_item_d2i_bio(&OCSP_RESPONSE_it, bp, a); +} + +int +i2d_OCSP_RESPONSE_bio(BIO *bp, OCSP_RESPONSE *a) +{ + return ASN1_item_i2d_bio(&OCSP_RESPONSE_it, bp, a); +} + +OCSP_RESPONSE * +OCSP_RESPONSE_new(void) +{ + return (OCSP_RESPONSE *)ASN1_item_new(&OCSP_RESPONSE_it); +} + +void +OCSP_RESPONSE_free(OCSP_RESPONSE *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &OCSP_RESPONSE_it); +} + +static const ASN1_TEMPLATE OCSP_RESPID_ch_tt[] = { + { + .flags = ASN1_TFLG_EXPLICIT, + .tag = 1, + .offset = offsetof(OCSP_RESPID, value.byName), + .field_name = "value.byName", + .item = &X509_NAME_it, + }, + { + .flags = ASN1_TFLG_EXPLICIT, + .tag = 2, + .offset = offsetof(OCSP_RESPID, value.byKey), + .field_name = "value.byKey", + .item = &ASN1_OCTET_STRING_it, + }, +}; + +const ASN1_ITEM OCSP_RESPID_it = { + .itype = ASN1_ITYPE_CHOICE, + .utype = offsetof(OCSP_RESPID, type), + .templates = OCSP_RESPID_ch_tt, + .tcount = sizeof(OCSP_RESPID_ch_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(OCSP_RESPID), + .sname = "OCSP_RESPID", +}; + + +OCSP_RESPID * +d2i_OCSP_RESPID(OCSP_RESPID **a, const unsigned char **in, long len) +{ + return (OCSP_RESPID *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &OCSP_RESPID_it); +} + +int +i2d_OCSP_RESPID(OCSP_RESPID *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &OCSP_RESPID_it); +} + +OCSP_RESPID * +OCSP_RESPID_new(void) +{ + return (OCSP_RESPID *)ASN1_item_new(&OCSP_RESPID_it); +} + +void +OCSP_RESPID_free(OCSP_RESPID *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &OCSP_RESPID_it); +} + +static const ASN1_TEMPLATE OCSP_REVOKEDINFO_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(OCSP_REVOKEDINFO, revocationTime), + .field_name = "revocationTime", + .item = &ASN1_GENERALIZEDTIME_it, + }, + { + .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(OCSP_REVOKEDINFO, revocationReason), + .field_name = "revocationReason", + .item = &ASN1_ENUMERATED_it, + }, +}; + +const ASN1_ITEM OCSP_REVOKEDINFO_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = OCSP_REVOKEDINFO_seq_tt, + .tcount = sizeof(OCSP_REVOKEDINFO_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(OCSP_REVOKEDINFO), + .sname = "OCSP_REVOKEDINFO", +}; + + +OCSP_REVOKEDINFO * +d2i_OCSP_REVOKEDINFO(OCSP_REVOKEDINFO **a, const unsigned char **in, long len) +{ + return (OCSP_REVOKEDINFO *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &OCSP_REVOKEDINFO_it); +} + +int +i2d_OCSP_REVOKEDINFO(OCSP_REVOKEDINFO *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &OCSP_REVOKEDINFO_it); +} + +OCSP_REVOKEDINFO * +OCSP_REVOKEDINFO_new(void) +{ + return (OCSP_REVOKEDINFO *)ASN1_item_new(&OCSP_REVOKEDINFO_it); +} + +void +OCSP_REVOKEDINFO_free(OCSP_REVOKEDINFO *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &OCSP_REVOKEDINFO_it); +} + +static const ASN1_TEMPLATE OCSP_CERTSTATUS_ch_tt[] = { + { + .flags = ASN1_TFLG_IMPLICIT, + .tag = 0, + .offset = offsetof(OCSP_CERTSTATUS, value.good), + .field_name = "value.good", + .item = &ASN1_NULL_it, + }, + { + .flags = ASN1_TFLG_IMPLICIT, + .tag = 1, + .offset = offsetof(OCSP_CERTSTATUS, value.revoked), + .field_name = "value.revoked", + .item = &OCSP_REVOKEDINFO_it, + }, + { + .flags = ASN1_TFLG_IMPLICIT, + .tag = 2, + .offset = offsetof(OCSP_CERTSTATUS, value.unknown), + .field_name = "value.unknown", + .item = &ASN1_NULL_it, + }, +}; + +const ASN1_ITEM OCSP_CERTSTATUS_it = { + .itype = ASN1_ITYPE_CHOICE, + .utype = offsetof(OCSP_CERTSTATUS, type), + .templates = OCSP_CERTSTATUS_ch_tt, + .tcount = sizeof(OCSP_CERTSTATUS_ch_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(OCSP_CERTSTATUS), + .sname = "OCSP_CERTSTATUS", +}; + + +OCSP_CERTSTATUS * +d2i_OCSP_CERTSTATUS(OCSP_CERTSTATUS **a, const unsigned char **in, long len) +{ + return (OCSP_CERTSTATUS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &OCSP_CERTSTATUS_it); +} + +int +i2d_OCSP_CERTSTATUS(OCSP_CERTSTATUS *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &OCSP_CERTSTATUS_it); +} + +OCSP_CERTSTATUS * +OCSP_CERTSTATUS_new(void) +{ + return (OCSP_CERTSTATUS *)ASN1_item_new(&OCSP_CERTSTATUS_it); +} + +void +OCSP_CERTSTATUS_free(OCSP_CERTSTATUS *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &OCSP_CERTSTATUS_it); +} + +static const ASN1_TEMPLATE OCSP_SINGLERESP_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(OCSP_SINGLERESP, certId), + .field_name = "certId", + .item = &OCSP_CERTID_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(OCSP_SINGLERESP, certStatus), + .field_name = "certStatus", + .item = &OCSP_CERTSTATUS_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(OCSP_SINGLERESP, thisUpdate), + .field_name = "thisUpdate", + .item = &ASN1_GENERALIZEDTIME_it, + }, + { + .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(OCSP_SINGLERESP, nextUpdate), + .field_name = "nextUpdate", + .item = &ASN1_GENERALIZEDTIME_it, + }, + { + .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL, + .tag = 1, + .offset = offsetof(OCSP_SINGLERESP, singleExtensions), + .field_name = "singleExtensions", + .item = &X509_EXTENSION_it, + }, +}; + +const ASN1_ITEM OCSP_SINGLERESP_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = OCSP_SINGLERESP_seq_tt, + .tcount = sizeof(OCSP_SINGLERESP_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(OCSP_SINGLERESP), + .sname = "OCSP_SINGLERESP", +}; + + +OCSP_SINGLERESP * +d2i_OCSP_SINGLERESP(OCSP_SINGLERESP **a, const unsigned char **in, long len) +{ + return (OCSP_SINGLERESP *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &OCSP_SINGLERESP_it); +} + +int +i2d_OCSP_SINGLERESP(OCSP_SINGLERESP *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &OCSP_SINGLERESP_it); +} + +OCSP_SINGLERESP * +OCSP_SINGLERESP_new(void) +{ + return (OCSP_SINGLERESP *)ASN1_item_new(&OCSP_SINGLERESP_it); +} + +void +OCSP_SINGLERESP_free(OCSP_SINGLERESP *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &OCSP_SINGLERESP_it); +} + +static const ASN1_TEMPLATE OCSP_RESPDATA_seq_tt[] = { + { + .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(OCSP_RESPDATA, version), + .field_name = "version", + .item = &ASN1_INTEGER_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(OCSP_RESPDATA, responderId), + .field_name = "responderId", + .item = &OCSP_RESPID_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(OCSP_RESPDATA, producedAt), + .field_name = "producedAt", + .item = &ASN1_GENERALIZEDTIME_it, + }, + { + .flags = ASN1_TFLG_SEQUENCE_OF, + .tag = 0, + .offset = offsetof(OCSP_RESPDATA, responses), + .field_name = "responses", + .item = &OCSP_SINGLERESP_it, + }, + { + .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL, + .tag = 1, + .offset = offsetof(OCSP_RESPDATA, responseExtensions), + .field_name = "responseExtensions", + .item = &X509_EXTENSION_it, + }, +}; + +const ASN1_ITEM OCSP_RESPDATA_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = OCSP_RESPDATA_seq_tt, + .tcount = sizeof(OCSP_RESPDATA_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(OCSP_RESPDATA), + .sname = "OCSP_RESPDATA", +}; + + +OCSP_RESPDATA * +d2i_OCSP_RESPDATA(OCSP_RESPDATA **a, const unsigned char **in, long len) +{ + return (OCSP_RESPDATA *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &OCSP_RESPDATA_it); +} + +int +i2d_OCSP_RESPDATA(OCSP_RESPDATA *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &OCSP_RESPDATA_it); +} + +OCSP_RESPDATA * +OCSP_RESPDATA_new(void) +{ + return (OCSP_RESPDATA *)ASN1_item_new(&OCSP_RESPDATA_it); +} + +void +OCSP_RESPDATA_free(OCSP_RESPDATA *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &OCSP_RESPDATA_it); +} + +static const ASN1_TEMPLATE OCSP_BASICRESP_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(OCSP_BASICRESP, tbsResponseData), + .field_name = "tbsResponseData", + .item = &OCSP_RESPDATA_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(OCSP_BASICRESP, signatureAlgorithm), + .field_name = "signatureAlgorithm", + .item = &X509_ALGOR_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(OCSP_BASICRESP, signature), + .field_name = "signature", + .item = &ASN1_BIT_STRING_it, + }, + { + .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(OCSP_BASICRESP, certs), + .field_name = "certs", + .item = &X509_it, + }, +}; + +const ASN1_ITEM OCSP_BASICRESP_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = OCSP_BASICRESP_seq_tt, + .tcount = sizeof(OCSP_BASICRESP_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(OCSP_BASICRESP), + .sname = "OCSP_BASICRESP", +}; -IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPBYTES) -ASN1_SEQUENCE(OCSP_RESPONSE) = { - ASN1_SIMPLE(OCSP_RESPONSE, responseStatus, ASN1_ENUMERATED), - ASN1_EXP_OPT(OCSP_RESPONSE, responseBytes, OCSP_RESPBYTES, 0) -} ASN1_SEQUENCE_END(OCSP_RESPONSE) +OCSP_BASICRESP * +d2i_OCSP_BASICRESP(OCSP_BASICRESP **a, const unsigned char **in, long len) +{ + return (OCSP_BASICRESP *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &OCSP_BASICRESP_it); +} -IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPONSE) +int +i2d_OCSP_BASICRESP(OCSP_BASICRESP *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &OCSP_BASICRESP_it); +} -ASN1_CHOICE(OCSP_RESPID) = { - ASN1_EXP(OCSP_RESPID, value.byName, X509_NAME, 1), - ASN1_IMP(OCSP_RESPID, value.byKey, ASN1_OCTET_STRING, 2) -} ASN1_CHOICE_END(OCSP_RESPID) +OCSP_BASICRESP * +OCSP_BASICRESP_new(void) +{ + return (OCSP_BASICRESP *)ASN1_item_new(&OCSP_BASICRESP_it); +} -IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPID) +void +OCSP_BASICRESP_free(OCSP_BASICRESP *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &OCSP_BASICRESP_it); +} -ASN1_SEQUENCE(OCSP_REVOKEDINFO) = { - ASN1_SIMPLE(OCSP_REVOKEDINFO, revocationTime, ASN1_GENERALIZEDTIME), - ASN1_EXP_OPT(OCSP_REVOKEDINFO, revocationReason, ASN1_ENUMERATED, 0) -} ASN1_SEQUENCE_END(OCSP_REVOKEDINFO) +static const ASN1_TEMPLATE OCSP_CRLID_seq_tt[] = { + { + .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(OCSP_CRLID, crlUrl), + .field_name = "crlUrl", + .item = &ASN1_IA5STRING_it, + }, + { + .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL, + .tag = 1, + .offset = offsetof(OCSP_CRLID, crlNum), + .field_name = "crlNum", + .item = &ASN1_INTEGER_it, + }, + { + .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL, + .tag = 2, + .offset = offsetof(OCSP_CRLID, crlTime), + .field_name = "crlTime", + .item = &ASN1_GENERALIZEDTIME_it, + }, +}; -IMPLEMENT_ASN1_FUNCTIONS(OCSP_REVOKEDINFO) +const ASN1_ITEM OCSP_CRLID_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = OCSP_CRLID_seq_tt, + .tcount = sizeof(OCSP_CRLID_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(OCSP_CRLID), + .sname = "OCSP_CRLID", +}; -ASN1_CHOICE(OCSP_CERTSTATUS) = { - ASN1_IMP(OCSP_CERTSTATUS, value.good, ASN1_NULL, 0), - ASN1_IMP(OCSP_CERTSTATUS, value.revoked, OCSP_REVOKEDINFO, 1), - ASN1_IMP(OCSP_CERTSTATUS, value.unknown, ASN1_NULL, 2) -} ASN1_CHOICE_END(OCSP_CERTSTATUS) -IMPLEMENT_ASN1_FUNCTIONS(OCSP_CERTSTATUS) +OCSP_CRLID * +d2i_OCSP_CRLID(OCSP_CRLID **a, const unsigned char **in, long len) +{ + return (OCSP_CRLID *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &OCSP_CRLID_it); +} -ASN1_SEQUENCE(OCSP_SINGLERESP) = { - ASN1_SIMPLE(OCSP_SINGLERESP, certId, OCSP_CERTID), - ASN1_SIMPLE(OCSP_SINGLERESP, certStatus, OCSP_CERTSTATUS), - ASN1_SIMPLE(OCSP_SINGLERESP, thisUpdate, ASN1_GENERALIZEDTIME), - ASN1_EXP_OPT(OCSP_SINGLERESP, nextUpdate, ASN1_GENERALIZEDTIME, 0), - ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SINGLERESP, singleExtensions, X509_EXTENSION, 1) -} ASN1_SEQUENCE_END(OCSP_SINGLERESP) +int +i2d_OCSP_CRLID(OCSP_CRLID *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &OCSP_CRLID_it); +} -IMPLEMENT_ASN1_FUNCTIONS(OCSP_SINGLERESP) +OCSP_CRLID * +OCSP_CRLID_new(void) +{ + return (OCSP_CRLID *)ASN1_item_new(&OCSP_CRLID_it); +} -ASN1_SEQUENCE(OCSP_RESPDATA) = { - ASN1_EXP_OPT(OCSP_RESPDATA, version, ASN1_INTEGER, 0), - ASN1_SIMPLE(OCSP_RESPDATA, responderId, OCSP_RESPID), - ASN1_SIMPLE(OCSP_RESPDATA, producedAt, ASN1_GENERALIZEDTIME), - ASN1_SEQUENCE_OF(OCSP_RESPDATA, responses, OCSP_SINGLERESP), - ASN1_EXP_SEQUENCE_OF_OPT(OCSP_RESPDATA, responseExtensions, X509_EXTENSION, 1) -} ASN1_SEQUENCE_END(OCSP_RESPDATA) +void +OCSP_CRLID_free(OCSP_CRLID *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &OCSP_CRLID_it); +} -IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPDATA) +static const ASN1_TEMPLATE OCSP_SERVICELOC_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(OCSP_SERVICELOC, issuer), + .field_name = "issuer", + .item = &X509_NAME_it, + }, + { + .flags = ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(OCSP_SERVICELOC, locator), + .field_name = "locator", + .item = &ACCESS_DESCRIPTION_it, + }, +}; -ASN1_SEQUENCE(OCSP_BASICRESP) = { - ASN1_SIMPLE(OCSP_BASICRESP, tbsResponseData, OCSP_RESPDATA), - ASN1_SIMPLE(OCSP_BASICRESP, signatureAlgorithm, X509_ALGOR), - ASN1_SIMPLE(OCSP_BASICRESP, signature, ASN1_BIT_STRING), - ASN1_EXP_SEQUENCE_OF_OPT(OCSP_BASICRESP, certs, X509, 0) -} ASN1_SEQUENCE_END(OCSP_BASICRESP) +const ASN1_ITEM OCSP_SERVICELOC_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = OCSP_SERVICELOC_seq_tt, + .tcount = sizeof(OCSP_SERVICELOC_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(OCSP_SERVICELOC), + .sname = "OCSP_SERVICELOC", +}; -IMPLEMENT_ASN1_FUNCTIONS(OCSP_BASICRESP) -ASN1_SEQUENCE(OCSP_CRLID) = { - ASN1_EXP_OPT(OCSP_CRLID, crlUrl, ASN1_IA5STRING, 0), - ASN1_EXP_OPT(OCSP_CRLID, crlNum, ASN1_INTEGER, 1), - ASN1_EXP_OPT(OCSP_CRLID, crlTime, ASN1_GENERALIZEDTIME, 2) -} ASN1_SEQUENCE_END(OCSP_CRLID) +OCSP_SERVICELOC * +d2i_OCSP_SERVICELOC(OCSP_SERVICELOC **a, const unsigned char **in, long len) +{ + return (OCSP_SERVICELOC *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &OCSP_SERVICELOC_it); +} -IMPLEMENT_ASN1_FUNCTIONS(OCSP_CRLID) +int +i2d_OCSP_SERVICELOC(OCSP_SERVICELOC *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &OCSP_SERVICELOC_it); +} -ASN1_SEQUENCE(OCSP_SERVICELOC) = { - ASN1_SIMPLE(OCSP_SERVICELOC, issuer, X509_NAME), - ASN1_SEQUENCE_OF_OPT(OCSP_SERVICELOC, locator, ACCESS_DESCRIPTION) -} ASN1_SEQUENCE_END(OCSP_SERVICELOC) +OCSP_SERVICELOC * +OCSP_SERVICELOC_new(void) +{ + return (OCSP_SERVICELOC *)ASN1_item_new(&OCSP_SERVICELOC_it); +} -IMPLEMENT_ASN1_FUNCTIONS(OCSP_SERVICELOC) +void +OCSP_SERVICELOC_free(OCSP_SERVICELOC *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &OCSP_SERVICELOC_it); +} diff --git a/src/lib/libcrypto/ocsp/ocsp_cl.c b/src/lib/libcrypto/ocsp/ocsp_cl.c index 9b3e6dd8ca2..0ed816cdc31 100644 --- a/src/lib/libcrypto/ocsp/ocsp_cl.c +++ b/src/lib/libcrypto/ocsp/ocsp_cl.c @@ -1,4 +1,4 @@ -/* ocsp_cl.c */ +/* $OpenBSD: ocsp_cl.c,v 1.16 2018/11/25 19:48:43 jmc Exp $ */ /* Written by Tom Titchener for the OpenSSL * project. */ @@ -15,7 +15,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -63,243 +63,256 @@ #include #include -#include + +#include +#include #include -#include -#include #include +#include #include -#include /* Utility functions related to sending OCSP requests and extracting * relevant information from the response. */ -/* Add an OCSP_CERTID to an OCSP request. Return new OCSP_ONEREQ +/* Add an OCSP_CERTID to an OCSP request. Return new OCSP_ONEREQ * pointer: useful if we want to add extensions. */ - -OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid) - { +OCSP_ONEREQ * +OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid) +{ OCSP_ONEREQ *one = NULL; - if (!(one = OCSP_ONEREQ_new())) goto err; - if (one->reqCert) OCSP_CERTID_free(one->reqCert); + if (!(one = OCSP_ONEREQ_new())) + goto err; + if (one->reqCert) + OCSP_CERTID_free(one->reqCert); one->reqCert = cid; - if (req && - !sk_OCSP_ONEREQ_push(req->tbsRequest->requestList, one)) - goto err; + if (req && !sk_OCSP_ONEREQ_push(req->tbsRequest->requestList, one)) + goto err; return one; + err: OCSP_ONEREQ_free(one); return NULL; - } +} /* Set requestorName from an X509_NAME structure */ - -int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm) - { +int +OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm) +{ GENERAL_NAME *gen; + gen = GENERAL_NAME_new(); - if (!X509_NAME_set(&gen->d.directoryName, nm)) - { + if (gen == NULL) + return 0; + if (!X509_NAME_set(&gen->d.directoryName, nm)) { GENERAL_NAME_free(gen); return 0; - } + } gen->type = GEN_DIRNAME; if (req->tbsRequest->requestorName) GENERAL_NAME_free(req->tbsRequest->requestorName); req->tbsRequest->requestorName = gen; return 1; - } - +} /* Add a certificate to an OCSP request */ - -int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert) - { +int +OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert) +{ OCSP_SIGNATURE *sig; + if (!req->optionalSignature) req->optionalSignature = OCSP_SIGNATURE_new(); sig = req->optionalSignature; - if (!sig) return 0; - if (!cert) return 1; + if (!sig) + return 0; + if (!cert) + return 1; if (!sig->certs && !(sig->certs = sk_X509_new_null())) return 0; - if(!sk_X509_push(sig->certs, cert)) return 0; + if (!sk_X509_push(sig->certs, cert)) + return 0; CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509); return 1; - } +} -/* Sign an OCSP request set the requestorName to the subjec +/* Sign an OCSP request set the requestorName to the subject * name of an optional signers certificate and include one * or more optional certificates in the request. Behaves * like PKCS7_sign(). */ - -int OCSP_request_sign(OCSP_REQUEST *req, - X509 *signer, - EVP_PKEY *key, - const EVP_MD *dgst, - STACK_OF(X509) *certs, - unsigned long flags) - { +int +OCSP_request_sign(OCSP_REQUEST *req, X509 *signer, EVP_PKEY *key, + const EVP_MD *dgst, STACK_OF(X509) *certs, unsigned long flags) +{ int i; OCSP_SIGNATURE *sig; X509 *x; if (!OCSP_request_set1_name(req, X509_get_subject_name(signer))) - goto err; + goto err; - if (!(req->optionalSignature = sig = OCSP_SIGNATURE_new())) goto err; - if (!dgst) dgst = EVP_sha1(); - if (key) - { - if (!X509_check_private_key(signer, key)) - { - OCSPerr(OCSP_F_OCSP_REQUEST_SIGN, OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); + if (!(req->optionalSignature = sig = OCSP_SIGNATURE_new())) + goto err; + if (key) { + if (!X509_check_private_key(signer, key)) { + OCSPerror(OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); goto err; - } - if (!OCSP_REQUEST_sign(req, key, dgst)) goto err; } + if (!OCSP_REQUEST_sign(req, key, dgst)) + goto err; + } - if (!(flags & OCSP_NOCERTS)) - { - if(!OCSP_request_add1_cert(req, signer)) goto err; - for (i = 0; i < sk_X509_num(certs); i++) - { + if (!(flags & OCSP_NOCERTS)) { + if (!OCSP_request_add1_cert(req, signer)) + goto err; + for (i = 0; i < sk_X509_num(certs); i++) { x = sk_X509_value(certs, i); - if (!OCSP_request_add1_cert(req, x)) goto err; - } + if (!OCSP_request_add1_cert(req, x)) + goto err; } + } return 1; + err: OCSP_SIGNATURE_free(req->optionalSignature); req->optionalSignature = NULL; return 0; - } +} /* Get response status */ - -int OCSP_response_status(OCSP_RESPONSE *resp) - { +int +OCSP_response_status(OCSP_RESPONSE *resp) +{ return ASN1_ENUMERATED_get(resp->responseStatus); - } +} /* Extract basic response from OCSP_RESPONSE or NULL if * no basic response present. */ - - -OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp) - { +OCSP_BASICRESP * +OCSP_response_get1_basic(OCSP_RESPONSE *resp) +{ OCSP_RESPBYTES *rb; + rb = resp->responseBytes; - if (!rb) - { - OCSPerr(OCSP_F_OCSP_RESPONSE_GET1_BASIC, OCSP_R_NO_RESPONSE_DATA); + if (!rb) { + OCSPerror(OCSP_R_NO_RESPONSE_DATA); return NULL; - } - if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic) - { - OCSPerr(OCSP_F_OCSP_RESPONSE_GET1_BASIC, OCSP_R_NOT_BASIC_RESPONSE); + } + if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic) { + OCSPerror(OCSP_R_NOT_BASIC_RESPONSE); return NULL; - } - - return ASN1_item_unpack(rb->response, ASN1_ITEM_rptr(OCSP_BASICRESP)); } + return ASN1_item_unpack(rb->response, &OCSP_BASICRESP_it); +} + /* Return number of OCSP_SINGLERESP reponses present in * a basic response. */ - -int OCSP_resp_count(OCSP_BASICRESP *bs) - { - if (!bs) return -1; +int +OCSP_resp_count(OCSP_BASICRESP *bs) +{ + if (!bs) + return -1; return sk_OCSP_SINGLERESP_num(bs->tbsResponseData->responses); - } +} /* Extract an OCSP_SINGLERESP response with a given index */ - -OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx) - { - if (!bs) return NULL; +OCSP_SINGLERESP * +OCSP_resp_get0(OCSP_BASICRESP *bs, int idx) +{ + if (!bs) + return NULL; return sk_OCSP_SINGLERESP_value(bs->tbsResponseData->responses, idx); - } +} /* Look single response matching a given certificate ID */ - -int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last) - { +int +OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last) +{ int i; STACK_OF(OCSP_SINGLERESP) *sresp; OCSP_SINGLERESP *single; - if (!bs) return -1; - if (last < 0) last = 0; - else last++; + + if (!bs) + return -1; + if (last < 0) + last = 0; + else + last++; sresp = bs->tbsResponseData->responses; - for (i = last; i < sk_OCSP_SINGLERESP_num(sresp); i++) - { + for (i = last; i < sk_OCSP_SINGLERESP_num(sresp); i++) { single = sk_OCSP_SINGLERESP_value(sresp, i); - if (!OCSP_id_cmp(id, single->certId)) return i; - } - return -1; + if (!OCSP_id_cmp(id, single->certId)) + return i; } + return -1; +} /* Extract status information from an OCSP_SINGLERESP structure. - * Note: the revtime and reason values are only set if the + * Note: the revtime and reason values are only set if the * certificate status is revoked. Returns numerical value of * status. */ - -int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason, - ASN1_GENERALIZEDTIME **revtime, - ASN1_GENERALIZEDTIME **thisupd, - ASN1_GENERALIZEDTIME **nextupd) - { +int +OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason, + ASN1_GENERALIZEDTIME **revtime, ASN1_GENERALIZEDTIME **thisupd, + ASN1_GENERALIZEDTIME **nextupd) +{ int ret; OCSP_CERTSTATUS *cst; - if(!single) return -1; + + if (!single) + return -1; cst = single->certStatus; ret = cst->type; - if (ret == V_OCSP_CERTSTATUS_REVOKED) - { + if (ret == V_OCSP_CERTSTATUS_REVOKED) { OCSP_REVOKEDINFO *rev = cst->value.revoked; - if (revtime) *revtime = rev->revocationTime; - if (reason) - { - if(rev->revocationReason) - *reason = ASN1_ENUMERATED_get(rev->revocationReason); - else *reason = -1; - } + + if (revtime) + *revtime = rev->revocationTime; + if (reason) { + if (rev->revocationReason) + *reason = ASN1_ENUMERATED_get( + rev->revocationReason); + else + *reason = -1; } - if(thisupd) *thisupd = single->thisUpdate; - if(nextupd) *nextupd = single->nextUpdate; - return ret; } + if (thisupd) + *thisupd = single->thisUpdate; + if (nextupd) + *nextupd = single->nextUpdate; + return ret; +} /* This function combines the previous ones: look up a certificate ID and * if found extract status information. Return 0 is successful. */ - -int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status, - int *reason, - ASN1_GENERALIZEDTIME **revtime, - ASN1_GENERALIZEDTIME **thisupd, - ASN1_GENERALIZEDTIME **nextupd) - { +int +OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status, + int *reason, ASN1_GENERALIZEDTIME **revtime, ASN1_GENERALIZEDTIME **thisupd, + ASN1_GENERALIZEDTIME **nextupd) +{ int i; OCSP_SINGLERESP *single; + i = OCSP_resp_find(bs, id, -1); /* Maybe check for multiple responses and give an error? */ - if(i < 0) return 0; + if (i < 0) + return 0; single = OCSP_resp_get0(bs, i); i = OCSP_single_get0_status(single, reason, revtime, thisupd, nextupd); - if(status) *status = i; + if (status) + *status = i; return 1; - } +} /* Check validity of thisUpdate and nextUpdate fields. It is possible that the request will * take a few seconds to process and/or the time wont be totally accurate. Therefore to avoid @@ -307,64 +320,79 @@ int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status, * Also to avoid accepting very old responses without a nextUpdate field an optional maxage * parameter specifies the maximum age the thisUpdate field can be. */ - -int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, ASN1_GENERALIZEDTIME *nextupd, long nsec, long maxsec) - { - int ret = 1; +int +OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, + ASN1_GENERALIZEDTIME *nextupd, long nsec, long maxsec) +{ time_t t_now, t_tmp; + struct tm tm_this, tm_next, tm_tmp; + time(&t_now); + + /* + * Times must explicitly be a GENERALIZEDTIME as per section + * 4.2.2.1 of RFC 6960 - It is invalid to accept other times + * (such as UTCTIME permitted/required by RFC 5280 for certificates) + */ + /* Check thisUpdate is valid and not more than nsec in the future */ - if (!ASN1_GENERALIZEDTIME_check(thisupd)) - { - OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_ERROR_IN_THISUPDATE_FIELD); - ret = 0; + if (ASN1_time_parse(thisupd->data, thisupd->length, &tm_this, + V_ASN1_GENERALIZEDTIME) != V_ASN1_GENERALIZEDTIME) { + OCSPerror(OCSP_R_ERROR_IN_THISUPDATE_FIELD); + return 0; + } else { + t_tmp = t_now + nsec; + if (gmtime_r(&t_tmp, &tm_tmp) == NULL) + return 0; + if (ASN1_time_tm_cmp(&tm_this, &tm_tmp) > 0) { + OCSPerror(OCSP_R_STATUS_NOT_YET_VALID); + return 0; } - else - { - t_tmp = t_now + nsec; - if (X509_cmp_time(thisupd, &t_tmp) > 0) - { - OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_NOT_YET_VALID); - ret = 0; - } - /* If maxsec specified check thisUpdate is not more than maxsec in the past */ - if (maxsec >= 0) - { + /* + * If maxsec specified check thisUpdate is not more than maxsec + * in the past + */ + if (maxsec >= 0) { t_tmp = t_now - maxsec; - if (X509_cmp_time(thisupd, &t_tmp) < 0) - { - OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_TOO_OLD); - ret = 0; - } + if (gmtime_r(&t_tmp, &tm_tmp) == NULL) + return 0; + if (ASN1_time_tm_cmp(&tm_this, &tm_tmp) < 0) { + OCSPerror(OCSP_R_STATUS_TOO_OLD); + return 0; } } - + } - if (!nextupd) return ret; + if (!nextupd) + return 1; /* Check nextUpdate is valid and not more than nsec in the past */ - if (!ASN1_GENERALIZEDTIME_check(nextupd)) - { - OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_ERROR_IN_NEXTUPDATE_FIELD); - ret = 0; - } - else - { + if (ASN1_time_parse(nextupd->data, nextupd->length, &tm_next, + V_ASN1_GENERALIZEDTIME) != V_ASN1_GENERALIZEDTIME) { + OCSPerror(OCSP_R_ERROR_IN_NEXTUPDATE_FIELD); + return 0; + } else { t_tmp = t_now - nsec; - if (X509_cmp_time(nextupd, &t_tmp) < 0) - { - OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_EXPIRED); - ret = 0; - } + if (gmtime_r(&t_tmp, &tm_tmp) == NULL) + return 0; + if (ASN1_time_tm_cmp(&tm_next, &tm_tmp) < 0) { + OCSPerror(OCSP_R_STATUS_EXPIRED); + return 0; } + } /* Also don't allow nextUpdate to precede thisUpdate */ - if (ASN1_STRING_cmp(nextupd, thisupd) < 0) - { - OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE); - ret = 0; - } - - return ret; + if (ASN1_time_tm_cmp(&tm_next, &tm_this) < 0) { + OCSPerror(OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE); + return 0; } + + return 1; +} + +const OCSP_CERTID * +OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *single) +{ + return single->certId; +} diff --git a/src/lib/libcrypto/ocsp/ocsp_err.c b/src/lib/libcrypto/ocsp/ocsp_err.c index 4c4d8306f8a..9e3237f6a4c 100644 --- a/src/lib/libcrypto/ocsp/ocsp_err.c +++ b/src/lib/libcrypto/ocsp/ocsp_err.c @@ -1,13 +1,13 @@ -/* crypto/ocsp/ocsp_err.c */ +/* $OpenBSD: ocsp_err.c,v 1.8 2017/01/29 17:49:23 beck Exp $ */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -59,81 +59,66 @@ */ #include + +#include + #include #include /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -static ERR_STRING_DATA OCSP_str_functs[]= - { -{ERR_PACK(0,OCSP_F_ASN1_STRING_ENCODE,0), "ASN1_STRING_encode"}, -{ERR_PACK(0,OCSP_F_CERT_ID_NEW,0), "CERT_ID_NEW"}, -{ERR_PACK(0,OCSP_F_D2I_OCSP_NONCE,0), "D2I_OCSP_NONCE"}, -{ERR_PACK(0,OCSP_F_OCSP_BASIC_ADD1_STATUS,0), "OCSP_basic_add1_status"}, -{ERR_PACK(0,OCSP_F_OCSP_BASIC_SIGN,0), "OCSP_basic_sign"}, -{ERR_PACK(0,OCSP_F_OCSP_BASIC_VERIFY,0), "OCSP_basic_verify"}, -{ERR_PACK(0,OCSP_F_OCSP_CHECK_DELEGATED,0), "OCSP_CHECK_DELEGATED"}, -{ERR_PACK(0,OCSP_F_OCSP_CHECK_IDS,0), "OCSP_CHECK_IDS"}, -{ERR_PACK(0,OCSP_F_OCSP_CHECK_ISSUER,0), "OCSP_CHECK_ISSUER"}, -{ERR_PACK(0,OCSP_F_OCSP_CHECK_VALIDITY,0), "OCSP_check_validity"}, -{ERR_PACK(0,OCSP_F_OCSP_MATCH_ISSUERID,0), "OCSP_MATCH_ISSUERID"}, -{ERR_PACK(0,OCSP_F_OCSP_PARSE_URL,0), "OCSP_parse_url"}, -{ERR_PACK(0,OCSP_F_OCSP_REQUEST_SIGN,0), "OCSP_request_sign"}, -{ERR_PACK(0,OCSP_F_OCSP_REQUEST_VERIFY,0), "OCSP_request_verify"}, -{ERR_PACK(0,OCSP_F_OCSP_RESPONSE_GET1_BASIC,0), "OCSP_response_get1_basic"}, -{ERR_PACK(0,OCSP_F_OCSP_SENDREQ_BIO,0), "OCSP_sendreq_bio"}, -{ERR_PACK(0,OCSP_F_REQUEST_VERIFY,0), "REQUEST_VERIFY"}, -{0,NULL} - }; -static ERR_STRING_DATA OCSP_str_reasons[]= - { -{OCSP_R_BAD_DATA ,"bad data"}, -{OCSP_R_CERTIFICATE_VERIFY_ERROR ,"certificate verify error"}, -{OCSP_R_DIGEST_ERR ,"digest err"}, -{OCSP_R_ERROR_IN_NEXTUPDATE_FIELD ,"error in nextupdate field"}, -{OCSP_R_ERROR_IN_THISUPDATE_FIELD ,"error in thisupdate field"}, -{OCSP_R_ERROR_PARSING_URL ,"error parsing url"}, -{OCSP_R_MISSING_OCSPSIGNING_USAGE ,"missing ocspsigning usage"}, -{OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE ,"nextupdate before thisupdate"}, -{OCSP_R_NOT_BASIC_RESPONSE ,"not basic response"}, -{OCSP_R_NO_CERTIFICATES_IN_CHAIN ,"no certificates in chain"}, -{OCSP_R_NO_CONTENT ,"no content"}, -{OCSP_R_NO_PUBLIC_KEY ,"no public key"}, -{OCSP_R_NO_RESPONSE_DATA ,"no response data"}, -{OCSP_R_NO_REVOKED_TIME ,"no revoked time"}, -{OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE,"private key does not match certificate"}, -{OCSP_R_REQUEST_NOT_SIGNED ,"request not signed"}, -{OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA,"response contains no revocation data"}, -{OCSP_R_ROOT_CA_NOT_TRUSTED ,"root ca not trusted"}, -{OCSP_R_SERVER_READ_ERROR ,"server read error"}, -{OCSP_R_SERVER_RESPONSE_ERROR ,"server response error"}, -{OCSP_R_SERVER_RESPONSE_PARSE_ERROR ,"server response parse error"}, -{OCSP_R_SERVER_WRITE_ERROR ,"server write error"}, -{OCSP_R_SIGNATURE_FAILURE ,"signature failure"}, -{OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND ,"signer certificate not found"}, -{OCSP_R_STATUS_EXPIRED ,"status expired"}, -{OCSP_R_STATUS_NOT_YET_VALID ,"status not yet valid"}, -{OCSP_R_STATUS_TOO_OLD ,"status too old"}, -{OCSP_R_UNKNOWN_MESSAGE_DIGEST ,"unknown message digest"}, -{OCSP_R_UNKNOWN_NID ,"unknown nid"}, -{OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE ,"unsupported requestorname type"}, -{0,NULL} - }; +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_OCSP,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_OCSP,0,reason) -#endif +static ERR_STRING_DATA OCSP_str_functs[]= { + {ERR_FUNC(0xfff), "CRYPTO_internal"}, + {0, NULL} +}; -void ERR_load_OCSP_strings(void) - { - static int init=1; +static ERR_STRING_DATA OCSP_str_reasons[]= { + {ERR_REASON(OCSP_R_BAD_DATA) , "bad data"}, + {ERR_REASON(OCSP_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"}, + {ERR_REASON(OCSP_R_DIGEST_ERR) , "digest err"}, + {ERR_REASON(OCSP_R_ERROR_IN_NEXTUPDATE_FIELD), "error in nextupdate field"}, + {ERR_REASON(OCSP_R_ERROR_IN_THISUPDATE_FIELD), "error in thisupdate field"}, + {ERR_REASON(OCSP_R_ERROR_PARSING_URL) , "error parsing url"}, + {ERR_REASON(OCSP_R_MISSING_OCSPSIGNING_USAGE), "missing ocspsigning usage"}, + {ERR_REASON(OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE), "nextupdate before thisupdate"}, + {ERR_REASON(OCSP_R_NOT_BASIC_RESPONSE) , "not basic response"}, + {ERR_REASON(OCSP_R_NO_CERTIFICATES_IN_CHAIN), "no certificates in chain"}, + {ERR_REASON(OCSP_R_NO_CONTENT) , "no content"}, + {ERR_REASON(OCSP_R_NO_PUBLIC_KEY) , "no public key"}, + {ERR_REASON(OCSP_R_NO_RESPONSE_DATA) , "no response data"}, + {ERR_REASON(OCSP_R_NO_REVOKED_TIME) , "no revoked time"}, + {ERR_REASON(OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE), "private key does not match certificate"}, + {ERR_REASON(OCSP_R_REQUEST_NOT_SIGNED) , "request not signed"}, + {ERR_REASON(OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA), "response contains no revocation data"}, + {ERR_REASON(OCSP_R_ROOT_CA_NOT_TRUSTED) , "root ca not trusted"}, + {ERR_REASON(OCSP_R_SERVER_READ_ERROR) , "server read error"}, + {ERR_REASON(OCSP_R_SERVER_RESPONSE_ERROR), "server response error"}, + {ERR_REASON(OCSP_R_SERVER_RESPONSE_PARSE_ERROR), "server response parse error"}, + {ERR_REASON(OCSP_R_SERVER_WRITE_ERROR) , "server write error"}, + {ERR_REASON(OCSP_R_SIGNATURE_FAILURE) , "signature failure"}, + {ERR_REASON(OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND), "signer certificate not found"}, + {ERR_REASON(OCSP_R_STATUS_EXPIRED) , "status expired"}, + {ERR_REASON(OCSP_R_STATUS_NOT_YET_VALID) , "status not yet valid"}, + {ERR_REASON(OCSP_R_STATUS_TOO_OLD) , "status too old"}, + {ERR_REASON(OCSP_R_UNKNOWN_MESSAGE_DIGEST), "unknown message digest"}, + {ERR_REASON(OCSP_R_UNKNOWN_NID) , "unknown nid"}, + {ERR_REASON(OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE), "unsupported requestorname type"}, + {0, NULL} +}; - if (init) - { - init=0; -#ifndef OPENSSL_NO_ERR - ERR_load_strings(ERR_LIB_OCSP,OCSP_str_functs); - ERR_load_strings(ERR_LIB_OCSP,OCSP_str_reasons); #endif - } +void +ERR_load_OCSP_strings(void) +{ +#ifndef OPENSSL_NO_ERR + if (ERR_func_error_string(OCSP_str_functs[0].error) == NULL) { + ERR_load_strings(0, OCSP_str_functs); + ERR_load_strings(0, OCSP_str_reasons); } +#endif +} diff --git a/src/lib/libcrypto/ocsp/ocsp_ext.c b/src/lib/libcrypto/ocsp/ocsp_ext.c index d6c8899f58e..eb51cfbff5a 100644 --- a/src/lib/libcrypto/ocsp/ocsp_ext.c +++ b/src/lib/libcrypto/ocsp/ocsp_ext.c @@ -1,4 +1,4 @@ -/* ocsp_ext.c */ +/* $OpenBSD: ocsp_ext.c,v 1.18 2018/05/14 23:47:10 tb Exp $ */ /* Written by Tom Titchener for the OpenSSL * project. */ @@ -15,7 +15,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -62,288 +62,316 @@ */ #include -#include +#include +#include + #include -#include #include -#include +#include #include /* Standard wrapper functions for extensions */ /* OCSP request extensions */ -int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x) - { - return(X509v3_get_ext_count(x->tbsRequest->requestExtensions)); - } - -int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos) - { - return(X509v3_get_ext_by_NID(x->tbsRequest->requestExtensions,nid,lastpos)); - } - -int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj, int lastpos) - { - return(X509v3_get_ext_by_OBJ(x->tbsRequest->requestExtensions,obj,lastpos)); - } - -int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos) - { - return(X509v3_get_ext_by_critical(x->tbsRequest->requestExtensions,crit,lastpos)); - } - -X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc) - { - return(X509v3_get_ext(x->tbsRequest->requestExtensions,loc)); - } - -X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc) - { - return(X509v3_delete_ext(x->tbsRequest->requestExtensions,loc)); - } - -void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, int *idx) - { +int +OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x) +{ + return X509v3_get_ext_count(x->tbsRequest->requestExtensions); +} + +int +OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos) +{ + return X509v3_get_ext_by_NID(x->tbsRequest->requestExtensions, nid, + lastpos); +} + +int +OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, const ASN1_OBJECT *obj, + int lastpos) +{ + return X509v3_get_ext_by_OBJ(x->tbsRequest->requestExtensions, obj, + lastpos); +} + +int +OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos) +{ + return X509v3_get_ext_by_critical(x->tbsRequest->requestExtensions, + crit, lastpos); +} + +X509_EXTENSION * +OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc) +{ + return X509v3_get_ext(x->tbsRequest->requestExtensions, loc); +} + +X509_EXTENSION * +OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc) +{ + return X509v3_delete_ext(x->tbsRequest->requestExtensions, loc); +} + +void * +OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, int *idx) +{ return X509V3_get_d2i(x->tbsRequest->requestExtensions, nid, crit, idx); - } - -int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit, - unsigned long flags) - { - return X509V3_add1_i2d(&x->tbsRequest->requestExtensions, nid, value, crit, flags); - } - -int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc) - { - return(X509v3_add_ext(&(x->tbsRequest->requestExtensions),ex,loc) != NULL); - } +} + +int +OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit, + unsigned long flags) +{ + return X509V3_add1_i2d(&x->tbsRequest->requestExtensions, nid, value, + crit, flags); +} + +int +OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc) +{ + return X509v3_add_ext(&(x->tbsRequest->requestExtensions), ex, + loc) != NULL; +} /* Single extensions */ -int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x) - { - return(X509v3_get_ext_count(x->singleRequestExtensions)); - } - -int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos) - { - return(X509v3_get_ext_by_NID(x->singleRequestExtensions,nid,lastpos)); - } - -int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, ASN1_OBJECT *obj, int lastpos) - { - return(X509v3_get_ext_by_OBJ(x->singleRequestExtensions,obj,lastpos)); - } - -int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos) - { - return(X509v3_get_ext_by_critical(x->singleRequestExtensions,crit,lastpos)); - } - -X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc) - { - return(X509v3_get_ext(x->singleRequestExtensions,loc)); - } - -X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc) - { - return(X509v3_delete_ext(x->singleRequestExtensions,loc)); - } - -void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx) - { +int +OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x) +{ + return X509v3_get_ext_count(x->singleRequestExtensions); +} + +int +OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos) +{ + return X509v3_get_ext_by_NID(x->singleRequestExtensions, nid, lastpos); +} + +int +OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, const ASN1_OBJECT *obj, int lastpos) +{ + return X509v3_get_ext_by_OBJ(x->singleRequestExtensions, obj, lastpos); +} + +int +OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos) +{ + return X509v3_get_ext_by_critical(x->singleRequestExtensions, crit, + lastpos); +} + +X509_EXTENSION * +OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc) +{ + return X509v3_get_ext(x->singleRequestExtensions, loc); +} + +X509_EXTENSION * +OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc) +{ + return X509v3_delete_ext(x->singleRequestExtensions, loc); +} + +void * +OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx) +{ return X509V3_get_d2i(x->singleRequestExtensions, nid, crit, idx); - } - -int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit, - unsigned long flags) - { - return X509V3_add1_i2d(&x->singleRequestExtensions, nid, value, crit, flags); - } - -int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc) - { - return(X509v3_add_ext(&(x->singleRequestExtensions),ex,loc) != NULL); - } +} + +int +OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit, + unsigned long flags) +{ + return X509V3_add1_i2d(&x->singleRequestExtensions, nid, value, crit, + flags); +} + +int +OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc) +{ + return X509v3_add_ext(&(x->singleRequestExtensions), ex, loc) != NULL; +} /* OCSP Basic response */ -int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x) - { - return(X509v3_get_ext_count(x->tbsResponseData->responseExtensions)); - } - -int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos) - { - return(X509v3_get_ext_by_NID(x->tbsResponseData->responseExtensions,nid,lastpos)); - } - -int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj, int lastpos) - { - return(X509v3_get_ext_by_OBJ(x->tbsResponseData->responseExtensions,obj,lastpos)); - } - -int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, int lastpos) - { - return(X509v3_get_ext_by_critical(x->tbsResponseData->responseExtensions,crit,lastpos)); - } - -X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc) - { - return(X509v3_get_ext(x->tbsResponseData->responseExtensions,loc)); - } - -X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc) - { - return(X509v3_delete_ext(x->tbsResponseData->responseExtensions,loc)); - } - -void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit, int *idx) - { - return X509V3_get_d2i(x->tbsResponseData->responseExtensions, nid, crit, idx); - } - -int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value, int crit, - unsigned long flags) - { - return X509V3_add1_i2d(&x->tbsResponseData->responseExtensions, nid, value, crit, flags); - } - -int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc) - { - return(X509v3_add_ext(&(x->tbsResponseData->responseExtensions),ex,loc) != NULL); - } +int +OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x) +{ + return X509v3_get_ext_count(x->tbsResponseData->responseExtensions); +} + +int +OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos) +{ + return X509v3_get_ext_by_NID(x->tbsResponseData->responseExtensions, + nid, lastpos); +} + +int +OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, const ASN1_OBJECT *obj, + int lastpos) +{ + return X509v3_get_ext_by_OBJ(x->tbsResponseData->responseExtensions, + obj, lastpos); +} + +int +OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, int lastpos) +{ + return X509v3_get_ext_by_critical( + x->tbsResponseData->responseExtensions, crit, lastpos); +} + +X509_EXTENSION * +OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc) +{ + return X509v3_get_ext(x->tbsResponseData->responseExtensions, loc); +} + +X509_EXTENSION * +OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc) +{ + return X509v3_delete_ext(x->tbsResponseData->responseExtensions, loc); +} + +void * +OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit, int *idx) +{ + return X509V3_get_d2i(x->tbsResponseData->responseExtensions, nid, + crit, idx); +} + +int +OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value, int crit, + unsigned long flags) +{ + return X509V3_add1_i2d(&x->tbsResponseData->responseExtensions, nid, + value, crit, flags); +} + +int +OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc) +{ + return X509v3_add_ext(&(x->tbsResponseData->responseExtensions), ex, + loc) != NULL; +} /* OCSP single response extensions */ -int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x) - { - return(X509v3_get_ext_count(x->singleExtensions)); - } - -int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos) - { - return(X509v3_get_ext_by_NID(x->singleExtensions,nid,lastpos)); - } - -int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, ASN1_OBJECT *obj, int lastpos) - { - return(X509v3_get_ext_by_OBJ(x->singleExtensions,obj,lastpos)); - } - -int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, int lastpos) - { - return(X509v3_get_ext_by_critical(x->singleExtensions,crit,lastpos)); - } - -X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc) - { - return(X509v3_get_ext(x->singleExtensions,loc)); - } - -X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc) - { - return(X509v3_delete_ext(x->singleExtensions,loc)); - } - -void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit, int *idx) - { +int +OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x) +{ + return X509v3_get_ext_count(x->singleExtensions); +} + +int +OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos) +{ + return X509v3_get_ext_by_NID(x->singleExtensions, nid, lastpos); +} + +int +OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, const ASN1_OBJECT *obj, + int lastpos) +{ + return X509v3_get_ext_by_OBJ(x->singleExtensions, obj, lastpos); +} + +int +OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, int lastpos) +{ + return X509v3_get_ext_by_critical(x->singleExtensions, crit, lastpos); +} + +X509_EXTENSION * +OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc) +{ + return X509v3_get_ext(x->singleExtensions, loc); +} + +X509_EXTENSION * +OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc) +{ + return X509v3_delete_ext(x->singleExtensions, loc); +} + +void * +OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit, int *idx) +{ return X509V3_get_d2i(x->singleExtensions, nid, crit, idx); - } +} -int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, int crit, - unsigned long flags) - { +int +OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, int crit, + unsigned long flags) +{ return X509V3_add1_i2d(&x->singleExtensions, nid, value, crit, flags); - } +} -int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc) - { - return(X509v3_add_ext(&(x->singleExtensions),ex,loc) != NULL); - } - -/* also CRL Entry Extensions */ - -ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, int (*i2d)(), - char *data, STACK_OF(ASN1_OBJECT) *sk) - { - int i; - unsigned char *p, *b = NULL; - - if (data) - { - if ((i=i2d(data,NULL)) <= 0) goto err; - if (!(b=p=(unsigned char*)OPENSSL_malloc((unsigned int)i))) - goto err; - if (i2d(data, &p) <= 0) goto err; - } - else if (sk) - { - if ((i=i2d_ASN1_SET_OF_ASN1_OBJECT(sk,NULL,i2d,V_ASN1_SEQUENCE, - V_ASN1_UNIVERSAL,IS_SEQUENCE))<=0) goto err; - if (!(b=p=(unsigned char*)OPENSSL_malloc((unsigned int)i))) - goto err; - if (i2d_ASN1_SET_OF_ASN1_OBJECT(sk,&p,i2d,V_ASN1_SEQUENCE, - V_ASN1_UNIVERSAL,IS_SEQUENCE)<=0) goto err; - } - else - { - OCSPerr(OCSP_F_ASN1_STRING_ENCODE,OCSP_R_BAD_DATA); - goto err; - } - if (!s && !(s = ASN1_STRING_new())) goto err; - if (!(ASN1_STRING_set(s, b, i))) goto err; - OPENSSL_free(b); - return s; -err: - if (b) OPENSSL_free(b); - return NULL; - } +int +OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc) +{ + return X509v3_add_ext(&(x->singleExtensions), ex, loc) != NULL; +} /* Nonce handling functions */ /* Add a nonce to an extension stack. A nonce can be specificed or if NULL * a random nonce will be generated. + * Note: OpenSSL 0.9.7d and later create an OCTET STRING containing the + * nonce, previous versions used the raw nonce. */ -static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, unsigned char *val, int len) - { +static int +ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, unsigned char *val, int len) +{ unsigned char *tmpval; ASN1_OCTET_STRING os; int ret = 0; - if (len <= 0) len = OCSP_DEFAULT_NONCE_LENGTH; - if (val) tmpval = val; + + if (len <= 0) + len = OCSP_DEFAULT_NONCE_LENGTH; + /* Create the OCTET STRING manually by writing out the header and + * appending the content octets. This avoids an extra memory allocation + * operation in some cases. Applications should *NOT* do this because + * it relies on library internals. + */ + os.length = ASN1_object_size(0, len, V_ASN1_OCTET_STRING); + os.data = malloc(os.length); + if (os.data == NULL) + goto err; + tmpval = os.data; + ASN1_put_object(&tmpval, 0, len, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL); + if (val) + memcpy(tmpval, val, len); else - { - if (!(tmpval = OPENSSL_malloc(len))) goto err; - RAND_pseudo_bytes(tmpval, len); - } - os.data = tmpval; - os.length = len; - if(!X509V3_add1_i2d(exts, NID_id_pkix_OCSP_Nonce, - &os, 0, X509V3_ADD_REPLACE)) - goto err; + arc4random_buf(tmpval, len); + if (!X509V3_add1_i2d(exts, NID_id_pkix_OCSP_Nonce, &os, 0, + X509V3_ADD_REPLACE)) + goto err; ret = 1; - err: - if(!val) OPENSSL_free(tmpval); - return ret; - } +err: + free(os.data); + return ret; +} /* Add nonce to an OCSP request */ - -int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len) - { +int +OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len) +{ return ocsp_add1_nonce(&req->tbsRequest->requestExtensions, val, len); - } +} /* Same as above but for a response */ - -int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len) - { - return ocsp_add1_nonce(&resp->tbsResponseData->responseExtensions, val, len); - } +int +OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len) +{ + return ocsp_add1_nonce(&resp->tbsResponseData->responseExtensions, val, + len); +} /* Check nonce validity in a request and response. * Return value reflects result: @@ -357,9 +385,9 @@ int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len) * If responder doesn't handle nonces return != 0 may be * necessary. return == 0 is always an error. */ - -int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs) - { +int +OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs) +{ /* * Since we are only interested in the presence or absence of * the nonce and comparing its value there is no need to use @@ -367,162 +395,171 @@ int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs) * ASN1_OCTET_STRING structure for the value which would be * freed immediately anyway. */ - int req_idx, resp_idx; X509_EXTENSION *req_ext, *resp_ext; + req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1); - resp_idx = OCSP_BASICRESP_get_ext_by_NID(bs, NID_id_pkix_OCSP_Nonce, -1); + resp_idx = OCSP_BASICRESP_get_ext_by_NID(bs, + NID_id_pkix_OCSP_Nonce, -1); /* Check both absent */ - if((req_idx < 0) && (resp_idx < 0)) + if (req_idx < 0 && resp_idx < 0) return 2; /* Check in request only */ - if((req_idx >= 0) && (resp_idx < 0)) + if (req_idx >= 0 && resp_idx < 0) return -1; /* Check in response but not request */ - if((req_idx < 0) && (resp_idx >= 0)) + if (req_idx < 0 && resp_idx >= 0) return 3; /* Otherwise nonce in request and response so retrieve the extensions */ req_ext = OCSP_REQUEST_get_ext(req, req_idx); resp_ext = OCSP_BASICRESP_get_ext(bs, resp_idx); - if(ASN1_OCTET_STRING_cmp(req_ext->value, resp_ext->value)) + if (ASN1_OCTET_STRING_cmp(req_ext->value, resp_ext->value)) return 0; return 1; - } +} -/* Copy the nonce value (if any) from an OCSP request to +/* Copy the nonce value (if any) from an OCSP request to * a response. */ - -int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req) - { +int +OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req) +{ X509_EXTENSION *req_ext; int req_idx; + /* Check for nonce in request */ req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1); /* If no nonce that's OK */ - if (req_idx < 0) return 2; + if (req_idx < 0) + return 2; req_ext = OCSP_REQUEST_get_ext(req, req_idx); return OCSP_BASICRESP_add_ext(resp, req_ext, -1); - } +} -X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim) - { +X509_EXTENSION * +OCSP_crlID_new(const char *url, long *n, char *tim) +{ X509_EXTENSION *x = NULL; OCSP_CRLID *cid = NULL; - - if (!(cid = OCSP_CRLID_new())) goto err; - if (url) - { - if (!(cid->crlUrl = ASN1_IA5STRING_new())) goto err; - if (!(ASN1_STRING_set(cid->crlUrl, url, -1))) goto err; - } - if (n) - { - if (!(cid->crlNum = ASN1_INTEGER_new())) goto err; - if (!(ASN1_INTEGER_set(cid->crlNum, *n))) goto err; - } - if (tim) - { - if (!(cid->crlTime = ASN1_GENERALIZEDTIME_new())) goto err; - if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim))) - goto err; - } - if (!(x = X509_EXTENSION_new())) goto err; - if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_CrlID))) goto err; - if (!(ASN1_STRING_encode(x->value,i2d_OCSP_CRLID,(char*)cid,NULL))) - goto err; - OCSP_CRLID_free(cid); - return x; -err: - if (x) X509_EXTENSION_free(x); - if (cid) OCSP_CRLID_free(cid); - return NULL; + + if (!(cid = OCSP_CRLID_new())) + goto err; + if (url) { + if (!(cid->crlUrl = ASN1_IA5STRING_new())) + goto err; + if (!(ASN1_STRING_set(cid->crlUrl, url, -1))) + goto err; } + if (n) { + if (!(cid->crlNum = ASN1_INTEGER_new())) + goto err; + if (!(ASN1_INTEGER_set(cid->crlNum, *n))) + goto err; + } + if (tim) { + if (!(cid->crlTime = ASN1_GENERALIZEDTIME_new())) + goto err; + if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim))) + goto err; + } + x = X509V3_EXT_i2d(NID_id_pkix_OCSP_CrlID, 0, cid); + +err: + if (cid) + OCSP_CRLID_free(cid); + return x; +} /* AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER */ -X509_EXTENSION *OCSP_accept_responses_new(char **oids) - { +X509_EXTENSION * +OCSP_accept_responses_new(char **oids) +{ int nid; STACK_OF(ASN1_OBJECT) *sk = NULL; ASN1_OBJECT *o = NULL; - X509_EXTENSION *x = NULL; + X509_EXTENSION *x = NULL; - if (!(sk = sk_ASN1_OBJECT_new_null())) goto err; - while (oids && *oids) - { - if ((nid=OBJ_txt2nid(*oids))!=NID_undef&&(o=OBJ_nid2obj(nid))) - sk_ASN1_OBJECT_push(sk, o); + if (!(sk = sk_ASN1_OBJECT_new_null())) + return NULL; + while (oids && *oids) { + if ((nid = OBJ_txt2nid(*oids)) != NID_undef && + (o = OBJ_nid2obj(nid))) + if (sk_ASN1_OBJECT_push(sk, o) == 0) { + sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free); + return NULL; + } oids++; - } - if (!(x = X509_EXTENSION_new())) goto err; - if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_acceptableResponses))) - goto err; - if (!(ASN1_STRING_encode(x->value,i2d_ASN1_OBJECT,NULL,sk))) - goto err; + } + x = X509V3_EXT_i2d(NID_id_pkix_OCSP_acceptableResponses, 0, sk); sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free); return x; -err: - if (x) X509_EXTENSION_free(x); - if (sk) sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free); - return NULL; - } +} /* ArchiveCutoff ::= GeneralizedTime */ -X509_EXTENSION *OCSP_archive_cutoff_new(char* tim) - { - X509_EXTENSION *x=NULL; +X509_EXTENSION * +OCSP_archive_cutoff_new(char* tim) +{ + X509_EXTENSION *x = NULL; ASN1_GENERALIZEDTIME *gt = NULL; - if (!(gt = ASN1_GENERALIZEDTIME_new())) goto err; - if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim))) goto err; - if (!(x = X509_EXTENSION_new())) goto err; - if (!(x->object=OBJ_nid2obj(NID_id_pkix_OCSP_archiveCutoff)))goto err; - if (!(ASN1_STRING_encode(x->value,i2d_ASN1_GENERALIZEDTIME, - (char*)gt,NULL))) goto err; - ASN1_GENERALIZEDTIME_free(gt); - return x; + if (!(gt = ASN1_GENERALIZEDTIME_new())) + return NULL; + if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim))) + goto err; + x = X509V3_EXT_i2d(NID_id_pkix_OCSP_archiveCutoff, 0, gt); + err: - if (gt) ASN1_GENERALIZEDTIME_free(gt); - if (x) X509_EXTENSION_free(x); - return NULL; - } + if (gt) + ASN1_GENERALIZEDTIME_free(gt); + return x; +} /* per ACCESS_DESCRIPTION parameter are oids, of which there are currently * two--NID_ad_ocsp, NID_id_ad_caIssuers--and GeneralName value. This * method forces NID_ad_ocsp and uniformResourceLocator [6] IA5String. */ -X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls) - { +X509_EXTENSION * +OCSP_url_svcloc_new(X509_NAME* issuer, const char **urls) +{ X509_EXTENSION *x = NULL; ASN1_IA5STRING *ia5 = NULL; OCSP_SERVICELOC *sloc = NULL; ACCESS_DESCRIPTION *ad = NULL; - - if (!(sloc = OCSP_SERVICELOC_new())) goto err; - if (!(sloc->issuer = X509_NAME_dup(issuer))) goto err; - if (urls && *urls && !(sloc->locator = sk_ACCESS_DESCRIPTION_new_null())) goto err; - while (urls && *urls) - { - if (!(ad = ACCESS_DESCRIPTION_new())) goto err; - if (!(ad->method=OBJ_nid2obj(NID_ad_OCSP))) goto err; - if (!(ad->location = GENERAL_NAME_new())) goto err; - if (!(ia5 = ASN1_IA5STRING_new())) goto err; - if (!ASN1_STRING_set((ASN1_STRING*)ia5, *urls, -1)) goto err; + + if (!(sloc = OCSP_SERVICELOC_new())) + goto err; + if (!(sloc->issuer = X509_NAME_dup(issuer))) + goto err; + if (urls && *urls && + !(sloc->locator = sk_ACCESS_DESCRIPTION_new_null())) + goto err; + while (urls && *urls) { + if (!(ad = ACCESS_DESCRIPTION_new())) + goto err; + if (!(ad->method = OBJ_nid2obj(NID_ad_OCSP))) + goto err; + if (!(ad->location = GENERAL_NAME_new())) + goto err; + if (!(ia5 = ASN1_IA5STRING_new())) + goto err; + if (!ASN1_STRING_set((ASN1_STRING*)ia5, *urls, -1)) + goto err; ad->location->type = GEN_URI; ad->location->d.ia5 = ia5; - if (!sk_ACCESS_DESCRIPTION_push(sloc->locator, ad)) goto err; + ia5 = NULL; + if (!sk_ACCESS_DESCRIPTION_push(sloc->locator, ad)) + goto err; + ad = NULL; urls++; - } - if (!(x = X509_EXTENSION_new())) goto err; - if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_serviceLocator))) - goto err; - if (!(ASN1_STRING_encode(x->value, i2d_OCSP_SERVICELOC, - (char*)sloc, NULL))) goto err; - OCSP_SERVICELOC_free(sloc); - return x; -err: - if (x) X509_EXTENSION_free(x); - if (sloc) OCSP_SERVICELOC_free(sloc); - return NULL; } + x = X509V3_EXT_i2d(NID_id_pkix_OCSP_serviceLocator, 0, sloc); +err: + if (ia5) + ASN1_IA5STRING_free(ia5); + if (ad) + ACCESS_DESCRIPTION_free(ad); + if (sloc) + OCSP_SERVICELOC_free(sloc); + return x; +} diff --git a/src/lib/libcrypto/ocsp/ocsp_ht.c b/src/lib/libcrypto/ocsp/ocsp_ht.c index b78cd370921..255f8903977 100644 --- a/src/lib/libcrypto/ocsp/ocsp_ht.c +++ b/src/lib/libcrypto/ocsp/ocsp_ht.c @@ -1,16 +1,16 @@ -/* ocsp_ht.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 2000. +/* $OpenBSD: ocsp_ht.c,v 1.25 2018/05/13 10:42:03 tb Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2006. */ /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -56,109 +56,408 @@ * */ -#include #include #include #include #include +#include #include #include #include -/* Quick and dirty HTTP OCSP request handler. - * Could make this a bit cleverer by adding - * support for non blocking BIOs and a few - * other refinements. - */ +/* Stateful OCSP request code, supporting non-blocking I/O */ + +/* Opaque OCSP request status structure */ + +struct ocsp_req_ctx_st { + int state; /* Current I/O state */ + unsigned char *iobuf; /* Line buffer */ + int iobuflen; /* Line buffer length */ + BIO *io; /* BIO to perform I/O with */ + BIO *mem; /* Memory BIO response is built into */ + unsigned long asn1_len; /* ASN1 length of response */ +}; + +#define OCSP_MAX_REQUEST_LENGTH (100 * 1024) +#define OCSP_MAX_LINE_LEN 4096; -OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req) +/* OCSP states */ + +/* If set no reading should be performed */ +#define OHS_NOREAD 0x1000 +/* Error condition */ +#define OHS_ERROR (0 | OHS_NOREAD) +/* First line being read */ +#define OHS_FIRSTLINE 1 +/* MIME headers being read */ +#define OHS_HEADERS 2 +/* OCSP initial header (tag + length) being read */ +#define OHS_ASN1_HEADER 3 +/* OCSP content octets being read */ +#define OHS_ASN1_CONTENT 4 +/* Request being sent */ +#define OHS_ASN1_WRITE (6 | OHS_NOREAD) +/* Request being flushed */ +#define OHS_ASN1_FLUSH (7 | OHS_NOREAD) +/* Completed */ +#define OHS_DONE (8 | OHS_NOREAD) + + +static int parse_http_line1(char *line); + +void +OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx) { - BIO *mem = NULL; - char tmpbuf[1024]; - OCSP_RESPONSE *resp = NULL; - char *p, *q, *r; - int len, retcode; - static char req_txt[] = -"POST %s HTTP/1.0\r\n\ -Content-Type: application/ocsp-request\r\n\ -Content-Length: %d\r\n\r\n"; - - len = i2d_OCSP_REQUEST(req, NULL); - if(BIO_printf(b, req_txt, path, len) < 0) { - OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_WRITE_ERROR); - goto err; + if (rctx == NULL) + return; + + BIO_free(rctx->mem); + free(rctx->iobuf); + free(rctx); +} + +int +OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req) +{ + if (BIO_printf(rctx->mem, "Content-Type: application/ocsp-request\r\n" + "Content-Length: %d\r\n\r\n", i2d_OCSP_REQUEST(req, NULL)) <= 0) + return 0; + if (i2d_OCSP_REQUEST_bio(rctx->mem, req) <= 0) + return 0; + rctx->state = OHS_ASN1_WRITE; + rctx->asn1_len = BIO_get_mem_data(rctx->mem, NULL); + return 1; +} + +int +OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx, const char *name, + const char *value) +{ + if (!name) + return 0; + if (BIO_puts(rctx->mem, name) <= 0) + return 0; + if (value) { + if (BIO_write(rctx->mem, ": ", 2) != 2) + return 0; + if (BIO_puts(rctx->mem, value) <= 0) + return 0; } - if(i2d_OCSP_REQUEST_bio(b, req) <= 0) { - OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_WRITE_ERROR); - goto err; + if (BIO_write(rctx->mem, "\r\n", 2) != 2) + return 0; + return 1; +} + +OCSP_REQ_CTX * +OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req, int maxline) +{ + OCSP_REQ_CTX *rctx; + + rctx = malloc(sizeof(OCSP_REQ_CTX)); + if (rctx == NULL) + return NULL; + rctx->state = OHS_ERROR; + if ((rctx->mem = BIO_new(BIO_s_mem())) == NULL) { + free(rctx); + return NULL; } - if(!(mem = BIO_new(BIO_s_mem()))) goto err; - /* Copy response to a memory BIO: socket bios can't do gets! */ - while ((len = BIO_read(b, tmpbuf, 1024))) { - if(len < 0) { - OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_READ_ERROR); - goto err; - } - BIO_write(mem, tmpbuf, len); + rctx->io = io; + rctx->asn1_len = 0; + if (maxline > 0) + rctx->iobuflen = maxline; + else + rctx->iobuflen = OCSP_MAX_LINE_LEN; + rctx->iobuf = malloc(rctx->iobuflen); + if (!rctx->iobuf) { + BIO_free(rctx->mem); + free(rctx); + return NULL; + } + if (!path) + path = "/"; + + if (BIO_printf(rctx->mem, "POST %s HTTP/1.0\r\n", path) <= 0) { + free(rctx->iobuf); + BIO_free(rctx->mem); + free(rctx); + return NULL; } - if(BIO_gets(mem, tmpbuf, 512) <= 0) { - OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_PARSE_ERROR); - goto err; + + if (req && !OCSP_REQ_CTX_set1_req(rctx, req)) { + free(rctx->iobuf); + BIO_free(rctx->mem); + free(rctx); + return NULL; } - /* Parse the HTTP response. This will look like this: - * "HTTP/1.0 200 OK". We need to obtain the numeric code and - * informational message. - */ + + return rctx; +} + +/* Parse the HTTP response. This will look like this: + * "HTTP/1.0 200 OK". We need to obtain the numeric code and + * (optional) informational message. + */ +static int +parse_http_line1(char *line) +{ + int retcode; + char *p, *q, *r; /* Skip to first white space (passed protocol info) */ - for(p = tmpbuf; *p && !isspace((unsigned char)*p); p++) continue; - if(!*p) { - OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_PARSE_ERROR); - goto err; + for (p = line; *p && !isspace((unsigned char)*p); p++) + continue; + if (!*p) { + OCSPerror(OCSP_R_SERVER_RESPONSE_PARSE_ERROR); + return 0; } + /* Skip past white space to start of response code */ - while(*p && isspace((unsigned char)*p)) p++; - if(!*p) { - OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_PARSE_ERROR); - goto err; + while (*p && isspace((unsigned char)*p)) + p++; + if (!*p) { + OCSPerror(OCSP_R_SERVER_RESPONSE_PARSE_ERROR); + return 0; } + /* Find end of response code: first whitespace after start of code */ - for(q = p; *q && !isspace((unsigned char)*q); q++) continue; - if(!*q) { - OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_PARSE_ERROR); - goto err; + for (q = p; *q && !isspace((unsigned char)*q); q++) + continue; + if (!*q) { + OCSPerror(OCSP_R_SERVER_RESPONSE_PARSE_ERROR); + return 0; } - /* Set end of response code and start of message */ + + /* Set end of response code and start of message */ *q++ = 0; + /* Attempt to parse numeric code */ retcode = strtoul(p, &r, 10); - if(*r) goto err; + + if (*r) + return 0; + /* Skip over any leading white space in message */ - while(*q && isspace((unsigned char)*q)) q++; - if(!*q) goto err; - /* Finally zap any trailing white space in message (include CRLF) */ - /* We know q has a non white space character so this is OK */ - for(r = q + strlen(q) - 1; isspace((unsigned char)*r); r--) *r = 0; - if(retcode != 200) { - OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_ERROR); - ERR_add_error_data(4, "Code=", p, ",Reason=", q); - goto err; + while (*q && isspace((unsigned char)*q)) + q++; + if (*q) { + /* Finally zap any trailing white space in message (include + * CRLF) */ + + /* We know q has a non white space character so this is OK */ + for (r = q + strlen(q) - 1; isspace((unsigned char)*r); r--) + *r = 0; } - /* Find blank line marking beginning of content */ - while(BIO_gets(mem, tmpbuf, 512) > 0) - { - for(p = tmpbuf; *p && isspace((unsigned char)*p); p++) continue; - if(!*p) break; + if (retcode != 200) { + OCSPerror(OCSP_R_SERVER_RESPONSE_ERROR); + if (!*q) + ERR_asprintf_error_data("Code=%s", p); + else + ERR_asprintf_error_data("Code=%s,Reason=%s", p, q); + return 0; } - if(*p) { - OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_NO_CONTENT); - goto err; + + return 1; +} + +int +OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx) +{ + int i, n; + const unsigned char *p; + +next_io: + if (!(rctx->state & OHS_NOREAD)) { + n = BIO_read(rctx->io, rctx->iobuf, rctx->iobuflen); + + if (n <= 0) { + if (BIO_should_retry(rctx->io)) + return -1; + return 0; + } + + /* Write data to memory BIO */ + if (BIO_write(rctx->mem, rctx->iobuf, n) != n) + return 0; } - if(!(resp = d2i_OCSP_RESPONSE_bio(mem, NULL))) { - OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,ERR_R_NESTED_ASN1_ERROR); - goto err; + + switch (rctx->state) { + case OHS_ASN1_WRITE: + n = BIO_get_mem_data(rctx->mem, &p); + i = BIO_write(rctx->io, + p + (n - rctx->asn1_len), rctx->asn1_len); + if (i <= 0) { + if (BIO_should_retry(rctx->io)) + return -1; + rctx->state = OHS_ERROR; + return 0; + } + + rctx->asn1_len -= i; + if (rctx->asn1_len > 0) + goto next_io; + + rctx->state = OHS_ASN1_FLUSH; + + (void)BIO_reset(rctx->mem); + /* FALLTHROUGH */ + + case OHS_ASN1_FLUSH: + i = BIO_flush(rctx->io); + if (i > 0) { + rctx->state = OHS_FIRSTLINE; + goto next_io; + } + + if (BIO_should_retry(rctx->io)) + return -1; + + rctx->state = OHS_ERROR; + return 0; + + case OHS_ERROR: + return 0; + + case OHS_FIRSTLINE: + case OHS_HEADERS: + /* Attempt to read a line in */ +next_line: + /* Due to &%^*$" memory BIO behaviour with BIO_gets we + * have to check there's a complete line in there before + * calling BIO_gets or we'll just get a partial read. + */ + n = BIO_get_mem_data(rctx->mem, &p); + if ((n <= 0) || !memchr(p, '\n', n)) { + if (n >= rctx->iobuflen) { + rctx->state = OHS_ERROR; + return 0; + } + goto next_io; + } + n = BIO_gets(rctx->mem, (char *)rctx->iobuf, rctx->iobuflen); + if (n <= 0) { + if (BIO_should_retry(rctx->mem)) + goto next_io; + rctx->state = OHS_ERROR; + return 0; + } + + /* Don't allow excessive lines */ + if (n == rctx->iobuflen) { + rctx->state = OHS_ERROR; + return 0; + } + + /* First line */ + if (rctx->state == OHS_FIRSTLINE) { + if (parse_http_line1((char *)rctx->iobuf)) { + rctx->state = OHS_HEADERS; + goto next_line; + } else { + rctx->state = OHS_ERROR; + return 0; + } + } else { + /* Look for blank line: end of headers */ + for (p = rctx->iobuf; *p; p++) { + if ((*p != '\r') && (*p != '\n')) + break; + } + if (*p) + goto next_line; + + rctx->state = OHS_ASN1_HEADER; + } + /* FALLTRHOUGH */ + + case OHS_ASN1_HEADER: + /* Now reading ASN1 header: can read at least 2 bytes which + * is enough for ASN1 SEQUENCE header and either length field + * or at least the length of the length field. + */ + n = BIO_get_mem_data(rctx->mem, &p); + if (n < 2) + goto next_io; + + /* Check it is an ASN1 SEQUENCE */ + if (*p++ != (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) { + rctx->state = OHS_ERROR; + return 0; + } + + /* Check out length field */ + if (*p & 0x80) { + /* If MSB set on initial length octet we can now + * always read 6 octets: make sure we have them. + */ + if (n < 6) + goto next_io; + n = *p & 0x7F; + /* Not NDEF or excessive length */ + if (!n || (n > 4)) { + rctx->state = OHS_ERROR; + return 0; + } + p++; + rctx->asn1_len = 0; + for (i = 0; i < n; i++) { + rctx->asn1_len <<= 8; + rctx->asn1_len |= *p++; + } + + if (rctx->asn1_len > OCSP_MAX_REQUEST_LENGTH) { + rctx->state = OHS_ERROR; + return 0; + } + + rctx->asn1_len += n + 2; + } else + rctx->asn1_len = *p + 2; + + rctx->state = OHS_ASN1_CONTENT; + + /* FALLTHROUGH */ + + case OHS_ASN1_CONTENT: + n = BIO_get_mem_data(rctx->mem, &p); + if (n < (int)rctx->asn1_len) + goto next_io; + + *presp = d2i_OCSP_RESPONSE(NULL, &p, rctx->asn1_len); + if (*presp) { + rctx->state = OHS_DONE; + return 1; + } + + rctx->state = OHS_ERROR; + return 0; + + case OHS_DONE: + return 1; } - err: - BIO_free(mem); - return resp; + + return 0; +} + +/* Blocking OCSP request handler: now a special case of non-blocking I/O */ +OCSP_RESPONSE * +OCSP_sendreq_bio(BIO *b, const char *path, OCSP_REQUEST *req) +{ + OCSP_RESPONSE *resp = NULL; + OCSP_REQ_CTX *ctx; + int rv; + + ctx = OCSP_sendreq_new(b, path, req, -1); + if (ctx == NULL) + return NULL; + + do { + rv = OCSP_sendreq_nbio(&resp, ctx); + } while ((rv == -1) && BIO_should_retry(b)); + + OCSP_REQ_CTX_free(ctx); + + if (rv) + return resp; + + return NULL; } diff --git a/src/lib/libcrypto/ocsp/ocsp_lib.c b/src/lib/libcrypto/ocsp/ocsp_lib.c index 3875af165c7..53d516020da 100644 --- a/src/lib/libcrypto/ocsp/ocsp_lib.c +++ b/src/lib/libcrypto/ocsp/ocsp_lib.c @@ -1,4 +1,4 @@ -/* ocsp_lib.c */ +/* $OpenBSD: ocsp_lib.c,v 1.23 2018/08/24 20:03:21 tb Exp $ */ /* Written by Tom Titchener for the OpenSSL * project. */ @@ -15,7 +15,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -62,200 +62,178 @@ */ #include -#include +#include + +#include + +#include +#include #include -#include -#include +#include #include +#include #include -#include /* Convert a certificate and its issuer to an OCSP_CERTID */ -OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer) +OCSP_CERTID * +OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject, const X509 *issuer) { X509_NAME *iname; - ASN1_INTEGER *serial; + const ASN1_INTEGER *serial; ASN1_BIT_STRING *ikey; + #ifndef OPENSSL_NO_SHA1 - if(!dgst) dgst = EVP_sha1(); + if (!dgst) + dgst = EVP_sha1(); #endif - if (subject) - { + if (subject) { iname = X509_get_issuer_name(subject); - serial = X509_get_serialNumber(subject); - } - else - { + serial = X509_get0_serialNumber(subject); + } else { iname = X509_get_subject_name(issuer); serial = NULL; - } + } ikey = X509_get0_pubkey_bitstr(issuer); return OCSP_cert_id_new(dgst, iname, ikey, serial); } - -OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, - X509_NAME *issuerName, - ASN1_BIT_STRING* issuerKey, - ASN1_INTEGER *serialNumber) - { +OCSP_CERTID * +OCSP_cert_id_new(const EVP_MD *dgst, const X509_NAME *issuerName, + const ASN1_BIT_STRING *issuerKey, const ASN1_INTEGER *serialNumber) +{ int nid; - unsigned int i; + unsigned int i; X509_ALGOR *alg; OCSP_CERTID *cid = NULL; unsigned char md[EVP_MAX_MD_SIZE]; - if (!(cid = OCSP_CERTID_new())) goto err; + if (!(cid = OCSP_CERTID_new())) + goto err; alg = cid->hashAlgorithm; - if (alg->algorithm != NULL) ASN1_OBJECT_free(alg->algorithm); - if ((nid = EVP_MD_type(dgst)) == NID_undef) - { - OCSPerr(OCSP_F_CERT_ID_NEW,OCSP_R_UNKNOWN_NID); + if (alg->algorithm != NULL) + ASN1_OBJECT_free(alg->algorithm); + if ((nid = EVP_MD_type(dgst)) == NID_undef) { + OCSPerror(OCSP_R_UNKNOWN_NID); goto err; - } - if (!(alg->algorithm=OBJ_nid2obj(nid))) goto err; - if ((alg->parameter=ASN1_TYPE_new()) == NULL) goto err; - alg->parameter->type=V_ASN1_NULL; + } + if (!(alg->algorithm = OBJ_nid2obj(nid))) + goto err; + if ((alg->parameter = ASN1_TYPE_new()) == NULL) + goto err; + alg->parameter->type = V_ASN1_NULL; - if (!X509_NAME_digest(issuerName, dgst, md, &i)) goto digerr; - if (!(ASN1_OCTET_STRING_set(cid->issuerNameHash, md, i))) goto err; + if (!X509_NAME_digest(issuerName, dgst, md, &i)) + goto digerr; + if (!(ASN1_OCTET_STRING_set(cid->issuerNameHash, md, i))) + goto err; /* Calculate the issuerKey hash, excluding tag and length */ - EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst, NULL); + if (!EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst, NULL)) + goto err; - if (!(ASN1_OCTET_STRING_set(cid->issuerKeyHash, md, i))) goto err; + if (!(ASN1_OCTET_STRING_set(cid->issuerKeyHash, md, i))) + goto err; - if (serialNumber) - { + if (serialNumber) { ASN1_INTEGER_free(cid->serialNumber); - if (!(cid->serialNumber = ASN1_INTEGER_dup(serialNumber))) goto err; - } + if (!(cid->serialNumber = ASN1_INTEGER_dup(serialNumber))) + goto err; + } return cid; + digerr: - OCSPerr(OCSP_F_CERT_ID_NEW,OCSP_R_DIGEST_ERR); + OCSPerror(OCSP_R_DIGEST_ERR); err: - if (cid) OCSP_CERTID_free(cid); + if (cid) + OCSP_CERTID_free(cid); return NULL; - } +} -int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b) - { +int +OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b) +{ int ret; + ret = OBJ_cmp(a->hashAlgorithm->algorithm, b->hashAlgorithm->algorithm); - if (ret) return ret; + if (ret) + return ret; ret = ASN1_OCTET_STRING_cmp(a->issuerNameHash, b->issuerNameHash); - if (ret) return ret; + if (ret) + return ret; return ASN1_OCTET_STRING_cmp(a->issuerKeyHash, b->issuerKeyHash); - } +} -int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b) - { +int +OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b) +{ int ret; + ret = OCSP_id_issuer_cmp(a, b); - if (ret) return ret; + if (ret) + return ret; return ASN1_INTEGER_cmp(a->serialNumber, b->serialNumber); - } - +} /* Parse a URL and split it up into host, port and path components and whether * it is SSL. */ +int +OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath, + int *pssl) +{ + char *host, *path, *port, *tmp; -int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pssl) - { - char *p, *buf; - - char *host, *port; - - /* dup the buffer since we are going to mess with it */ - buf = BUF_strdup(url); - if (!buf) goto mem_err; - - *phost = NULL; - *pport = NULL; - *ppath = NULL; - - /* Check for initial colon */ - p = strchr(buf, ':'); - - if (!p) goto parse_err; - - *(p++) = '\0'; + *phost = *pport = *ppath = NULL; + *pssl = 0; - if (!strcmp(buf, "http")) - { - *pssl = 0; - port = "80"; - } - else if (!strcmp(buf, "https")) - { + if (strncmp(url, "https://", 8) == 0) { *pssl = 1; - port = "443"; - } - else - goto parse_err; - - /* Check for double slash */ - if ((p[0] != '/') || (p[1] != '/')) - goto parse_err; - - p += 2; - - host = p; - - /* Check for trailing part of path */ - - p = strchr(p, '/'); - - if (!p) - *ppath = BUF_strdup("/"); - else - { - *ppath = BUF_strdup(p); - /* Set start of path to 0 so hostname is valid */ - *p = '\0'; - } - - if (!*ppath) goto mem_err; - - /* Look for optional ':' for port number */ - if ((p = strchr(host, ':'))) - { - *p = 0; - port = p + 1; - } - else - { - /* Not found: set default port */ - if (*pssl) port = "443"; - else port = "80"; - } - - *pport = BUF_strdup(port); - if (!*pport) goto mem_err; - - *phost = BUF_strdup(host); + host = strdup(url + 8); + } else if (strncmp(url, "http://", 7) == 0) + host = strdup(url + 7); + else { + OCSPerror(OCSP_R_ERROR_PARSING_URL); + return 0; + } + if (host == NULL) { + OCSPerror(ERR_R_MALLOC_FAILURE); + return 0; + } - if (!*phost) goto mem_err; + if ((tmp = strchr(host, '/')) != NULL) { + path = strdup(tmp); + *tmp = '\0'; + } else + path = strdup("/"); + + if ((tmp = strchr(host, ':')) != NULL ) { + port = strdup(tmp + 1); + *tmp = '\0'; + } else { + if (*pssl) + port = strdup("443"); + else + port = strdup("80"); + } - OPENSSL_free(buf); + if (path == NULL || port == NULL) { + free(host); + free(path); + free(port); + OCSPerror(ERR_R_MALLOC_FAILURE); + return 0; + } + *phost = host; + *ppath = path; + *pport = port; return 1; +} - mem_err: - OCSPerr(OCSP_F_OCSP_PARSE_URL, ERR_R_MALLOC_FAILURE); - goto err; - - parse_err: - OCSPerr(OCSP_F_OCSP_PARSE_URL, OCSP_R_ERROR_PARSING_URL); - - - err: - if (*ppath) OPENSSL_free(*ppath); - if (*pport) OPENSSL_free(*pport); - if (*phost) OPENSSL_free(*phost); - return 0; - - } +OCSP_CERTID * +OCSP_CERTID_dup(OCSP_CERTID *x) +{ + return ASN1_item_dup(&OCSP_CERTID_it, x); +} diff --git a/src/lib/libcrypto/ocsp/ocsp_prn.c b/src/lib/libcrypto/ocsp/ocsp_prn.c index 4b7bc287695..37d033adb66 100644 --- a/src/lib/libcrypto/ocsp/ocsp_prn.c +++ b/src/lib/libcrypto/ocsp/ocsp_prn.c @@ -1,4 +1,4 @@ -/* ocsp_prn.c */ +/* $OpenBSD: ocsp_prn.c,v 1.8 2015/07/16 02:16:19 miod Exp $ */ /* Written by Tom Titchener for the OpenSSL * project. */ @@ -15,7 +15,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -66,8 +66,9 @@ #include #include -static int ocsp_certid_print(BIO *bp, OCSP_CERTID* a, int indent) - { +static int +ocsp_certid_print(BIO *bp, OCSP_CERTID* a, int indent) +{ BIO_printf(bp, "%*sCertificate ID:\n", indent, ""); indent += 2; BIO_printf(bp, "%*sHash Algorithm: ", indent, ""); @@ -80,60 +81,68 @@ static int ocsp_certid_print(BIO *bp, OCSP_CERTID* a, int indent) i2a_ASN1_INTEGER(bp, a->serialNumber); BIO_printf(bp, "\n"); return 1; - } +} -typedef struct - { +typedef struct { long t; - char *m; - } OCSP_TBLSTR; + const char *m; +} OCSP_TBLSTR; -static char *table2string(long s, OCSP_TBLSTR *ts, int len) +static const char * +table2string(long s, const OCSP_TBLSTR *ts, int len) { - OCSP_TBLSTR *p; - for (p=ts; p < ts + len; p++) - if (p->t == s) - return p->m; + const OCSP_TBLSTR *p; + + for (p = ts; p < ts + len; p++) + if (p->t == s) + return p->m; return "(UNKNOWN)"; } -char *OCSP_response_status_str(long s) - { - static OCSP_TBLSTR rstat_tbl[] = { - { OCSP_RESPONSE_STATUS_SUCCESSFUL, "successful" }, - { OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, "malformedrequest" }, - { OCSP_RESPONSE_STATUS_INTERNALERROR, "internalerror" }, - { OCSP_RESPONSE_STATUS_TRYLATER, "trylater" }, - { OCSP_RESPONSE_STATUS_SIGREQUIRED, "sigrequired" }, - { OCSP_RESPONSE_STATUS_UNAUTHORIZED, "unauthorized" } }; +const char * +OCSP_response_status_str(long s) +{ + static const OCSP_TBLSTR rstat_tbl[] = { + { OCSP_RESPONSE_STATUS_SUCCESSFUL, "successful" }, + { OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, "malformedrequest" }, + { OCSP_RESPONSE_STATUS_INTERNALERROR, "internalerror" }, + { OCSP_RESPONSE_STATUS_TRYLATER, "trylater" }, + { OCSP_RESPONSE_STATUS_SIGREQUIRED, "sigrequired" }, + { OCSP_RESPONSE_STATUS_UNAUTHORIZED, "unauthorized" } + }; return table2string(s, rstat_tbl, 6); - } +} -char *OCSP_cert_status_str(long s) - { - static OCSP_TBLSTR cstat_tbl[] = { - { V_OCSP_CERTSTATUS_GOOD, "good" }, - { V_OCSP_CERTSTATUS_REVOKED, "revoked" }, - { V_OCSP_CERTSTATUS_UNKNOWN, "unknown" } }; +const char * +OCSP_cert_status_str(long s) +{ + static const OCSP_TBLSTR cstat_tbl[] = { + { V_OCSP_CERTSTATUS_GOOD, "good" }, + { V_OCSP_CERTSTATUS_REVOKED, "revoked" }, + { V_OCSP_CERTSTATUS_UNKNOWN, "unknown" } + }; return table2string(s, cstat_tbl, 3); - } +} -char *OCSP_crl_reason_str(long s) - { - OCSP_TBLSTR reason_tbl[] = { - { OCSP_REVOKED_STATUS_UNSPECIFIED, "unspecified" }, - { OCSP_REVOKED_STATUS_KEYCOMPROMISE, "keyCompromise" }, - { OCSP_REVOKED_STATUS_CACOMPROMISE, "cACompromise" }, - { OCSP_REVOKED_STATUS_AFFILIATIONCHANGED, "affiliationChanged" }, - { OCSP_REVOKED_STATUS_SUPERSEDED, "superseded" }, - { OCSP_REVOKED_STATUS_CESSATIONOFOPERATION, "cessationOfOperation" }, - { OCSP_REVOKED_STATUS_CERTIFICATEHOLD, "certificateHold" }, - { OCSP_REVOKED_STATUS_REMOVEFROMCRL, "removeFromCRL" } }; +const char * +OCSP_crl_reason_str(long s) +{ + static const OCSP_TBLSTR reason_tbl[] = { + { OCSP_REVOKED_STATUS_UNSPECIFIED, "unspecified" }, + { OCSP_REVOKED_STATUS_KEYCOMPROMISE, "keyCompromise" }, + { OCSP_REVOKED_STATUS_CACOMPROMISE, "cACompromise" }, + { OCSP_REVOKED_STATUS_AFFILIATIONCHANGED, "affiliationChanged" }, + { OCSP_REVOKED_STATUS_SUPERSEDED, "superseded" }, + { OCSP_REVOKED_STATUS_CESSATIONOFOPERATION, "cessationOfOperation" }, + { OCSP_REVOKED_STATUS_CERTIFICATEHOLD, "certificateHold" }, + { OCSP_REVOKED_STATUS_REMOVEFROMCRL, "removeFromCRL" } + }; return table2string(s, reason_tbl, 8); - } +} -int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* o, unsigned long flags) - { +int +OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* o, unsigned long flags) +{ int i; long l; OCSP_CERTID* cid = NULL; @@ -141,48 +150,52 @@ int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* o, unsigned long flags) OCSP_REQINFO *inf = o->tbsRequest; OCSP_SIGNATURE *sig = o->optionalSignature; - if (BIO_write(bp,"OCSP Request Data:\n",19) <= 0) goto err; - l=ASN1_INTEGER_get(inf->version); - if (BIO_printf(bp," Version: %lu (0x%lx)",l+1,l) <= 0) goto err; - if (inf->requestorName != NULL) - { - if (BIO_write(bp,"\n Requestor Name: ",21) <= 0) - goto err; + if (BIO_write(bp, "OCSP Request Data:\n", 19) <= 0) + goto err; + l = ASN1_INTEGER_get(inf->version); + if (BIO_printf(bp, " Version: %lu (0x%lx)", l+1, l) <= 0) + goto err; + if (inf->requestorName != NULL) { + if (BIO_write(bp, "\n Requestor Name: ", 21) <= 0) + goto err; GENERAL_NAME_print(bp, inf->requestorName); - } - if (BIO_write(bp,"\n Requestor List:\n",21) <= 0) goto err; - for (i = 0; i < sk_OCSP_ONEREQ_num(inf->requestList); i++) - { + } + if (BIO_write(bp, "\n Requestor List:\n", 21) <= 0) + goto err; + for (i = 0; i < sk_OCSP_ONEREQ_num(inf->requestList); i++) { one = sk_OCSP_ONEREQ_value(inf->requestList, i); cid = one->reqCert; ocsp_certid_print(bp, cid, 8); - if (!X509V3_extensions_print(bp, - "Request Single Extensions", - one->singleRequestExtensions, flags, 8)) - goto err; - } + if (!X509V3_extensions_print(bp, "Request Single Extensions", + one->singleRequestExtensions, flags, 8)) + goto err; + } if (!X509V3_extensions_print(bp, "Request Extensions", - inf->requestExtensions, flags, 4)) - goto err; - if (sig) - { - X509_signature_print(bp, sig->signatureAlgorithm, sig->signature); - for (i=0; icerts); i++) - { - X509_print(bp, sk_X509_value(sig->certs,i)); - PEM_write_bio_X509(bp,sk_X509_value(sig->certs,i)); - } + inf->requestExtensions, flags, 4)) + goto err; + if (sig) { + if (X509_signature_print(bp, sig->signatureAlgorithm, + sig->signature) == 0) + goto err; + for (i = 0; i < sk_X509_num(sig->certs); i++) { + if (X509_print(bp, sk_X509_value(sig->certs, i)) == 0) + goto err; + if (PEM_write_bio_X509(bp, + sk_X509_value(sig->certs, i)) == 0) + goto err; } + } return 1; + err: return 0; - } +} -int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) - { +int +OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) +{ int i, ret = 0; long l; - unsigned char *p; OCSP_CERTID *cid = NULL; OCSP_BASICRESP *br = NULL; OCSP_RESPID *rid = NULL; @@ -192,100 +205,108 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) OCSP_SINGLERESP *single = NULL; OCSP_RESPBYTES *rb = o->responseBytes; - if (BIO_puts(bp,"OCSP Response Data:\n") <= 0) goto err; - l=ASN1_ENUMERATED_get(o->responseStatus); - if (BIO_printf(bp," OCSP Response Status: %s (0x%x)\n", - OCSP_response_status_str(l), l) <= 0) goto err; - if (rb == NULL) return 1; - if (BIO_puts(bp," Response Type: ") <= 0) - goto err; - if(i2a_ASN1_OBJECT(bp, rb->responseType) <= 0) - goto err; - if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic) - { - BIO_puts(bp," (unknown response type)\n"); + if (BIO_puts(bp, "OCSP Response Data:\n") <= 0) + goto err; + l = ASN1_ENUMERATED_get(o->responseStatus); + if (BIO_printf(bp, " OCSP Response Status: %s (0x%lx)\n", + OCSP_response_status_str(l), l) <= 0) + goto err; + if (rb == NULL) return 1; - } + if (BIO_puts(bp, " Response Type: ") <= 0) + goto err; + if (i2a_ASN1_OBJECT(bp, rb->responseType) <= 0) + goto err; + if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic) { + BIO_puts(bp, " (unknown response type)\n"); + return 1; + } - p = ASN1_STRING_data(rb->response); i = ASN1_STRING_length(rb->response); - if (!(br = OCSP_response_get1_basic(o))) goto err; + if (!(br = OCSP_response_get1_basic(o))) + goto err; rd = br->tbsResponseData; - l=ASN1_INTEGER_get(rd->version); - if (BIO_printf(bp,"\n Version: %lu (0x%lx)\n", - l+1,l) <= 0) goto err; - if (BIO_puts(bp," Responder Id: ") <= 0) goto err; + l = ASN1_INTEGER_get(rd->version); + if (BIO_printf(bp, "\n Version: %lu (0x%lx)\n", l+1, l) <= 0) + goto err; + if (BIO_puts(bp, " Responder Id: ") <= 0) + goto err; - rid = rd->responderId; - switch (rid->type) - { - case V_OCSP_RESPID_NAME: - X509_NAME_print_ex(bp, rid->value.byName, 0, XN_FLAG_ONELINE); - break; - case V_OCSP_RESPID_KEY: - i2a_ASN1_STRING(bp, rid->value.byKey, V_ASN1_OCTET_STRING); - break; - } + rid = rd->responderId; + switch (rid->type) { + case V_OCSP_RESPID_NAME: + X509_NAME_print_ex(bp, rid->value.byName, 0, XN_FLAG_ONELINE); + break; + case V_OCSP_RESPID_KEY: + i2a_ASN1_STRING(bp, rid->value.byKey, V_ASN1_OCTET_STRING); + break; + } - if (BIO_printf(bp,"\n Produced At: ")<=0) goto err; - if (!ASN1_GENERALIZEDTIME_print(bp, rd->producedAt)) goto err; - if (BIO_printf(bp,"\n Responses:\n") <= 0) goto err; - for (i = 0; i < sk_OCSP_SINGLERESP_num(rd->responses); i++) - { - if (! sk_OCSP_SINGLERESP_value(rd->responses, i)) continue; + if (BIO_printf(bp, "\n Produced At: ")<=0) + goto err; + if (!ASN1_GENERALIZEDTIME_print(bp, rd->producedAt)) + goto err; + if (BIO_printf(bp, "\n Responses:\n") <= 0) + goto err; + for (i = 0; i < sk_OCSP_SINGLERESP_num(rd->responses); i++) { + if (! sk_OCSP_SINGLERESP_value(rd->responses, i)) + continue; single = sk_OCSP_SINGLERESP_value(rd->responses, i); cid = single->certId; - if(ocsp_certid_print(bp, cid, 4) <= 0) goto err; + if (ocsp_certid_print(bp, cid, 4) <= 0) + goto err; cst = single->certStatus; - if (BIO_printf(bp," Cert Status: %s", - OCSP_cert_status_str(cst->type)) <= 0) - goto err; - if (cst->type == V_OCSP_CERTSTATUS_REVOKED) - { - rev = cst->value.revoked; - if (BIO_printf(bp, "\n Revocation Time: ") <= 0) - goto err; - if (!ASN1_GENERALIZEDTIME_print(bp, - rev->revocationTime)) + if (BIO_printf(bp, " Cert Status: %s", + OCSP_cert_status_str(cst->type)) <= 0) + goto err; + if (cst->type == V_OCSP_CERTSTATUS_REVOKED) { + rev = cst->value.revoked; + if (BIO_printf(bp, "\n Revocation Time: ") <= 0) goto err; - if (rev->revocationReason) - { - l=ASN1_ENUMERATED_get(rev->revocationReason); - if (BIO_printf(bp, - "\n Revocation Reason: %s (0x%x)", - OCSP_crl_reason_str(l), l) <= 0) - goto err; - } + if (!ASN1_GENERALIZEDTIME_print(bp, + rev->revocationTime)) + goto err; + if (rev->revocationReason) { + l = ASN1_ENUMERATED_get(rev->revocationReason); + if (BIO_printf(bp, + "\n Revocation Reason: %s (0x%lx)", + OCSP_crl_reason_str(l), l) <= 0) + goto err; } - if (BIO_printf(bp,"\n This Update: ") <= 0) goto err; - if (!ASN1_GENERALIZEDTIME_print(bp, single->thisUpdate)) + } + if (BIO_printf(bp, "\n This Update: ") <= 0) + goto err; + if (!ASN1_GENERALIZEDTIME_print(bp, single->thisUpdate)) goto err; - if (single->nextUpdate) - { - if (BIO_printf(bp,"\n Next Update: ") <= 0)goto err; - if (!ASN1_GENERALIZEDTIME_print(bp,single->nextUpdate)) + if (single->nextUpdate) { + if (BIO_printf(bp, "\n Next Update: ") <= 0) + goto err; + if (!ASN1_GENERALIZEDTIME_print(bp, single->nextUpdate)) goto err; - } - if (!BIO_write(bp,"\n",1)) goto err; - if (!X509V3_extensions_print(bp, - "Response Single Extensions", - single->singleExtensions, flags, 8)) - goto err; - if (!BIO_write(bp,"\n",1)) goto err; } + if (BIO_write(bp, "\n", 1) <= 0) + goto err; + if (!X509V3_extensions_print(bp, "Response Single Extensions", + single->singleExtensions, flags, 8)) + goto err; + if (BIO_write(bp, "\n", 1) <= 0) + goto err; + } if (!X509V3_extensions_print(bp, "Response Extensions", - rd->responseExtensions, flags, 4)) - if(X509_signature_print(bp, br->signatureAlgorithm, br->signature) <= 0) - goto err; + rd->responseExtensions, flags, 4)) + goto err; + if (X509_signature_print(bp, br->signatureAlgorithm, br->signature) <= + 0) + goto err; - for (i=0; icerts); i++) - { - X509_print(bp, sk_X509_value(br->certs,i)); - PEM_write_bio_X509(bp,sk_X509_value(br->certs,i)); - } + for (i = 0; i < sk_X509_num(br->certs); i++) { + X509_print(bp, sk_X509_value(br->certs, i)); + PEM_write_bio_X509(bp, sk_X509_value(br->certs, i)); + } ret = 1; + err: OCSP_BASICRESP_free(br); return ret; - } +} diff --git a/src/lib/libcrypto/ocsp/ocsp_srv.c b/src/lib/libcrypto/ocsp/ocsp_srv.c index fffa134e754..a9e0aaab2f1 100644 --- a/src/lib/libcrypto/ocsp/ocsp_srv.c +++ b/src/lib/libcrypto/ocsp/ocsp_srv.c @@ -1,5 +1,5 @@ -/* ocsp_srv.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: ocsp_srv.c,v 1.10 2017/01/29 17:49:23 beck Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2001. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,120 +57,131 @@ */ #include -#include + +#include #include -#include -#include +#include #include +#include #include -#include /* Utility functions related to sending OCSP responses and extracting * relevant information from the request. */ -int OCSP_request_onereq_count(OCSP_REQUEST *req) - { +int +OCSP_request_onereq_count(OCSP_REQUEST *req) +{ return sk_OCSP_ONEREQ_num(req->tbsRequest->requestList); - } +} -OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i) - { +OCSP_ONEREQ * +OCSP_request_onereq_get0(OCSP_REQUEST *req, int i) +{ return sk_OCSP_ONEREQ_value(req->tbsRequest->requestList, i); - } +} -OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one) - { +OCSP_CERTID * +OCSP_onereq_get0_id(OCSP_ONEREQ *one) +{ return one->reqCert; - } +} -int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd, - ASN1_OCTET_STRING **pikeyHash, - ASN1_INTEGER **pserial, OCSP_CERTID *cid) - { - if (!cid) return 0; - if (pmd) *pmd = cid->hashAlgorithm->algorithm; - if(piNameHash) *piNameHash = cid->issuerNameHash; - if (pikeyHash) *pikeyHash = cid->issuerKeyHash; - if (pserial) *pserial = cid->serialNumber; +int +OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd, + ASN1_OCTET_STRING **pikeyHash, ASN1_INTEGER **pserial, OCSP_CERTID *cid) +{ + if (!cid) + return 0; + if (pmd) + *pmd = cid->hashAlgorithm->algorithm; + if (piNameHash) + *piNameHash = cid->issuerNameHash; + if (pikeyHash) + *pikeyHash = cid->issuerKeyHash; + if (pserial) + *pserial = cid->serialNumber; return 1; - } +} -int OCSP_request_is_signed(OCSP_REQUEST *req) - { - if(req->optionalSignature) return 1; +int +OCSP_request_is_signed(OCSP_REQUEST *req) +{ + if (req->optionalSignature) + return 1; return 0; - } +} /* Create an OCSP response and encode an optional basic response */ -OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs) - { - OCSP_RESPONSE *rsp = NULL; - - if (!(rsp = OCSP_RESPONSE_new())) goto err; - if (!(ASN1_ENUMERATED_set(rsp->responseStatus, status))) goto err; - if (!bs) return rsp; - if (!(rsp->responseBytes = OCSP_RESPBYTES_new())) goto err; +OCSP_RESPONSE * +OCSP_response_create(int status, OCSP_BASICRESP *bs) +{ + OCSP_RESPONSE *rsp = NULL; + + if (!(rsp = OCSP_RESPONSE_new())) + goto err; + if (!(ASN1_ENUMERATED_set(rsp->responseStatus, status))) + goto err; + if (!bs) + return rsp; + if (!(rsp->responseBytes = OCSP_RESPBYTES_new())) + goto err; rsp->responseBytes->responseType = OBJ_nid2obj(NID_id_pkix_OCSP_basic); - if (!ASN1_item_pack(bs, ASN1_ITEM_rptr(OCSP_BASICRESP), &rsp->responseBytes->response)) - goto err; + if (!ASN1_item_pack(bs, &OCSP_BASICRESP_it, + &rsp->responseBytes->response)) + goto err; return rsp; + err: - if (rsp) OCSP_RESPONSE_free(rsp); + if (rsp) + OCSP_RESPONSE_free(rsp); return NULL; - } +} - -OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, - OCSP_CERTID *cid, - int status, int reason, - ASN1_TIME *revtime, - ASN1_TIME *thisupd, ASN1_TIME *nextupd) - { +OCSP_SINGLERESP * +OCSP_basic_add1_status(OCSP_BASICRESP *rsp, OCSP_CERTID *cid, int status, + int reason, ASN1_TIME *revtime, ASN1_TIME *thisupd, ASN1_TIME *nextupd) +{ OCSP_SINGLERESP *single = NULL; OCSP_CERTSTATUS *cs; OCSP_REVOKEDINFO *ri; - if(!rsp->tbsResponseData->responses && + if (!rsp->tbsResponseData->responses && !(rsp->tbsResponseData->responses = sk_OCSP_SINGLERESP_new_null())) goto err; if (!(single = OCSP_SINGLERESP_new())) goto err; - - if (!ASN1_TIME_to_generalizedtime(thisupd, &single->thisUpdate)) goto err; if (nextupd && - !ASN1_TIME_to_generalizedtime(nextupd, &single->nextUpdate)) + !ASN1_TIME_to_generalizedtime(nextupd, &single->nextUpdate)) goto err; OCSP_CERTID_free(single->certId); - if(!(single->certId = OCSP_CERTID_dup(cid))) + if (!(single->certId = OCSP_CERTID_dup(cid))) goto err; cs = single->certStatus; - switch(cs->type = status) - { + switch (cs->type = status) { case V_OCSP_CERTSTATUS_REVOKED: - if (!revtime) - { - OCSPerr(OCSP_F_OCSP_BASIC_ADD1_STATUS,OCSP_R_NO_REVOKED_TIME); + if (!revtime) { + OCSPerror(OCSP_R_NO_REVOKED_TIME); + goto err; + } + if (!(cs->value.revoked = ri = OCSP_REVOKEDINFO_new())) goto err; - } - if (!(cs->value.revoked = ri = OCSP_REVOKEDINFO_new())) goto err; if (!ASN1_TIME_to_generalizedtime(revtime, &ri->revocationTime)) - goto err; - if (reason != OCSP_REVOKED_STATUS_NOSTATUS) - { - if (!(ri->revocationReason = ASN1_ENUMERATED_new())) - goto err; - if (!(ASN1_ENUMERATED_set(ri->revocationReason, - reason))) - goto err; - } + goto err; + if (reason != OCSP_REVOKED_STATUS_NOSTATUS) { + if (!(ri->revocationReason = ASN1_ENUMERATED_new())) + goto err; + if (!(ASN1_ENUMERATED_set(ri->revocationReason, + reason))) + goto err; + } break; case V_OCSP_CERTSTATUS_GOOD: @@ -183,82 +194,81 @@ OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, default: goto err; - - } + } if (!(sk_OCSP_SINGLERESP_push(rsp->tbsResponseData->responses, single))) goto err; return single; + err: OCSP_SINGLERESP_free(single); return NULL; - } +} /* Add a certificate to an OCSP request */ - -int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert) - { +int +OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert) +{ if (!resp->certs && !(resp->certs = sk_X509_new_null())) return 0; - if(!sk_X509_push(resp->certs, cert)) return 0; + if (!sk_X509_push(resp->certs, cert)) + return 0; CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509); return 1; - } +} -int OCSP_basic_sign(OCSP_BASICRESP *brsp, - X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, - STACK_OF(X509) *certs, unsigned long flags) - { +int +OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key, + const EVP_MD *dgst, STACK_OF(X509) *certs, unsigned long flags) +{ int i; OCSP_RESPID *rid; - if (!X509_check_private_key(signer, key)) - { - OCSPerr(OCSP_F_OCSP_BASIC_SIGN, OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); + if (!X509_check_private_key(signer, key)) { + OCSPerror(OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); goto err; - } + } - if(!(flags & OCSP_NOCERTS)) - { - if(!OCSP_basic_add1_cert(brsp, signer)) + if (!(flags & OCSP_NOCERTS)) { + if (!OCSP_basic_add1_cert(brsp, signer)) goto err; - for (i = 0; i < sk_X509_num(certs); i++) - { + for (i = 0; i < sk_X509_num(certs); i++) { X509 *tmpcert = sk_X509_value(certs, i); - if(!OCSP_basic_add1_cert(brsp, tmpcert)) + if (!OCSP_basic_add1_cert(brsp, tmpcert)) goto err; - } } + } rid = brsp->tbsResponseData->responderId; - if (flags & OCSP_RESPID_KEY) - { + if (flags & OCSP_RESPID_KEY) { unsigned char md[SHA_DIGEST_LENGTH]; + X509_pubkey_digest(signer, EVP_sha1(), md, NULL); if (!(rid->value.byKey = ASN1_OCTET_STRING_new())) goto err; - if (!(ASN1_OCTET_STRING_set(rid->value.byKey, md, SHA_DIGEST_LENGTH))) - goto err; + if (!(ASN1_OCTET_STRING_set(rid->value.byKey, md, + SHA_DIGEST_LENGTH))) + goto err; rid->type = V_OCSP_RESPID_KEY; - } - else - { + } else { if (!X509_NAME_set(&rid->value.byName, - X509_get_subject_name(signer))) - goto err; + X509_get_subject_name(signer))) + goto err; rid->type = V_OCSP_RESPID_NAME; - } + } if (!(flags & OCSP_NOTIME) && - !X509_gmtime_adj(brsp->tbsResponseData->producedAt, 0)) + !ASN1_GENERALIZEDTIME_set(brsp->tbsResponseData->producedAt, time(NULL))) goto err; /* Right now, I think that not doing double hashing is the right thing. -- Richard Levitte */ - if (!OCSP_BASICRESP_sign(brsp, key, dgst, 0)) goto err; + if (!OCSP_BASICRESP_sign(brsp, key, dgst, 0)) + goto err; return 1; + err: return 0; - } +} diff --git a/src/lib/libcrypto/ocsp/ocsp_vfy.c b/src/lib/libcrypto/ocsp/ocsp_vfy.c index 1f5fda7ca31..ebdd826878e 100644 --- a/src/lib/libcrypto/ocsp/ocsp_vfy.c +++ b/src/lib/libcrypto/ocsp/ocsp_vfy.c @@ -1,16 +1,16 @@ -/* ocsp_vfy.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: ocsp_vfy.c,v 1.15 2017/01/29 17:49:23 beck Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -60,130 +60,150 @@ #include #include -static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, STACK_OF(X509) *certs, - X509_STORE *st, unsigned long flags); +static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, + STACK_OF(X509) *certs, X509_STORE *st, unsigned long flags); static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id); -static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain, unsigned long flags); +static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain, + unsigned long flags); static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret); -static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, STACK_OF(OCSP_SINGLERESP) *sresp); +static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, + STACK_OF(OCSP_SINGLERESP) *sresp); static int ocsp_check_delegated(X509 *x, int flags); -static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, X509_NAME *nm, STACK_OF(X509) *certs, - X509_STORE *st, unsigned long flags); +static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, + X509_NAME *nm, STACK_OF(X509) *certs, X509_STORE *st, + unsigned long flags); /* Verify a basic response message */ - -int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, - X509_STORE *st, unsigned long flags) - { +int +OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st, + unsigned long flags) +{ X509 *signer, *x; STACK_OF(X509) *chain = NULL; + STACK_OF(X509) *untrusted = NULL; X509_STORE_CTX ctx; int i, ret = 0; + ret = ocsp_find_signer(&signer, bs, certs, st, flags); - if (!ret) - { - OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND); + if (!ret) { + OCSPerror(OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND); goto end; - } + } if ((ret == 2) && (flags & OCSP_TRUSTOTHER)) flags |= OCSP_NOVERIFY; - if (!(flags & OCSP_NOSIGS)) - { + if (!(flags & OCSP_NOSIGS)) { EVP_PKEY *skey; + skey = X509_get_pubkey(signer); - ret = OCSP_BASICRESP_verify(bs, skey, 0); - EVP_PKEY_free(skey); - if(ret <= 0) - { - OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE); + if (skey) { + ret = OCSP_BASICRESP_verify(bs, skey, 0); + EVP_PKEY_free(skey); + } + if (!skey || ret <= 0) { + OCSPerror(OCSP_R_SIGNATURE_FAILURE); goto end; - } } - if (!(flags & OCSP_NOVERIFY)) - { + } + if (!(flags & OCSP_NOVERIFY)) { int init_res; - if(flags & OCSP_NOCHAIN) - init_res = X509_STORE_CTX_init(&ctx, st, signer, NULL); - else - init_res = X509_STORE_CTX_init(&ctx, st, signer, bs->certs); - if(!init_res) - { - OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,ERR_R_X509_LIB); - goto end; + + if (flags & OCSP_NOCHAIN) { + untrusted = NULL; + } else if (bs->certs && certs) { + untrusted = sk_X509_dup(bs->certs); + for (i = 0; i < sk_X509_num(certs); i++) { + if (!sk_X509_push(untrusted, + sk_X509_value(certs, i))) { + OCSPerror(ERR_R_MALLOC_FAILURE); + goto end; + } } + } else + untrusted = bs->certs; + init_res = X509_STORE_CTX_init(&ctx, st, signer, untrusted); + if (!init_res) { + ret = -1; + OCSPerror(ERR_R_X509_LIB); + goto end; + } - X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER); + if (X509_STORE_CTX_set_purpose(&ctx, + X509_PURPOSE_OCSP_HELPER) == 0) { + X509_STORE_CTX_cleanup(&ctx); + ret = -1; + goto end; + } ret = X509_verify_cert(&ctx); chain = X509_STORE_CTX_get1_chain(&ctx); X509_STORE_CTX_cleanup(&ctx); - if (ret <= 0) - { - i = X509_STORE_CTX_get_error(&ctx); - OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,OCSP_R_CERTIFICATE_VERIFY_ERROR); - ERR_add_error_data(2, "Verify error:", - X509_verify_cert_error_string(i)); - goto end; - } - if(flags & OCSP_NOCHECKS) - { + if (ret <= 0) { + i = X509_STORE_CTX_get_error(&ctx); + OCSPerror(OCSP_R_CERTIFICATE_VERIFY_ERROR); + ERR_asprintf_error_data("Verify error:%s", + X509_verify_cert_error_string(i)); + goto end; + } + if (flags & OCSP_NOCHECKS) { ret = 1; goto end; - } + } /* At this point we have a valid certificate chain * need to verify it against the OCSP issuer criteria. */ ret = ocsp_check_issuer(bs, chain, flags); /* If fatal error or valid match then finish */ - if (ret != 0) goto end; + if (ret != 0) + goto end; /* Easy case: explicitly trusted. Get root CA and * check for explicit trust */ - if(flags & OCSP_NOEXPLICIT) goto end; + if (flags & OCSP_NOEXPLICIT) + goto end; x = sk_X509_value(chain, sk_X509_num(chain) - 1); - if(X509_check_trust(x, NID_OCSP_sign, 0) != X509_TRUST_TRUSTED) - { - OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,OCSP_R_ROOT_CA_NOT_TRUSTED); + if (X509_check_trust(x, NID_OCSP_sign, 0) != + X509_TRUST_TRUSTED) { + OCSPerror(OCSP_R_ROOT_CA_NOT_TRUSTED); goto end; - } - ret = 1; } - - - - end: - if(chain) sk_X509_pop_free(chain, X509_free); - return ret; + ret = 1; } +end: + if (chain) + sk_X509_pop_free(chain, X509_free); + if (bs->certs && certs) + sk_X509_free(untrusted); + return ret; +} -static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, STACK_OF(X509) *certs, - X509_STORE *st, unsigned long flags) - { +static int +ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, STACK_OF(X509) *certs, + X509_STORE *st, unsigned long flags) +{ X509 *signer; OCSP_RESPID *rid = bs->tbsResponseData->responderId; - if ((signer = ocsp_find_signer_sk(certs, rid))) - { + + if ((signer = ocsp_find_signer_sk(certs, rid))) { *psigner = signer; return 2; - } - if(!(flags & OCSP_NOINTERN) && - (signer = ocsp_find_signer_sk(bs->certs, rid))) - { + } + if (!(flags & OCSP_NOINTERN) && + (signer = ocsp_find_signer_sk(bs->certs, rid))) { *psigner = signer; return 1; - } + } /* Maybe lookup from store if by subject name */ *psigner = NULL; return 0; - } - +} -static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id) - { +static X509 * +ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id) +{ int i; unsigned char tmphash[SHA_DIGEST_LENGTH], *keyhash; X509 *x; @@ -195,250 +215,246 @@ static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id) /* Lookup by key hash */ /* If key hash isn't SHA1 length then forget it */ - if (id->value.byKey->length != SHA_DIGEST_LENGTH) return NULL; + if (id->value.byKey->length != SHA_DIGEST_LENGTH) + return NULL; keyhash = id->value.byKey->data; /* Calculate hash of each key and compare */ - for (i = 0; i < sk_X509_num(certs); i++) - { + for (i = 0; i < sk_X509_num(certs); i++) { x = sk_X509_value(certs, i); X509_pubkey_digest(x, EVP_sha1(), tmphash, NULL); - if(!memcmp(keyhash, tmphash, SHA_DIGEST_LENGTH)) + if (!memcmp(keyhash, tmphash, SHA_DIGEST_LENGTH)) return x; - } - return NULL; } + return NULL; +} - -static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain, unsigned long flags) - { +static int +ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain, + unsigned long flags) +{ STACK_OF(OCSP_SINGLERESP) *sresp; X509 *signer, *sca; OCSP_CERTID *caid = NULL; int i; + sresp = bs->tbsResponseData->responses; - if (sk_X509_num(chain) <= 0) - { - OCSPerr(OCSP_F_OCSP_CHECK_ISSUER, OCSP_R_NO_CERTIFICATES_IN_CHAIN); + if (sk_X509_num(chain) <= 0) { + OCSPerror(OCSP_R_NO_CERTIFICATES_IN_CHAIN); return -1; - } + } /* See if the issuer IDs match. */ i = ocsp_check_ids(sresp, &caid); /* If ID mismatch or other error then return */ - if (i <= 0) return i; + if (i <= 0) + return i; signer = sk_X509_value(chain, 0); /* Check to see if OCSP responder CA matches request CA */ - if (sk_X509_num(chain) > 1) - { + if (sk_X509_num(chain) > 1) { sca = sk_X509_value(chain, 1); i = ocsp_match_issuerid(sca, caid, sresp); - if (i < 0) return i; - if (i) - { + if (i < 0) + return i; + if (i) { /* We have a match, if extensions OK then success */ - if (ocsp_check_delegated(signer, flags)) return 1; + if (ocsp_check_delegated(signer, flags)) + return 1; return 0; - } } + } /* Otherwise check if OCSP request signed directly by request CA */ return ocsp_match_issuerid(signer, caid, sresp); - } - +} /* Check the issuer certificate IDs for equality. If there is a mismatch with the same * algorithm then there's no point trying to match any certificates against the issuer. * If the issuer IDs all match then we just need to check equality against one of them. */ - -static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret) - { +static int +ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret) +{ OCSP_CERTID *tmpid, *cid; int i, idcount; idcount = sk_OCSP_SINGLERESP_num(sresp); - if (idcount <= 0) - { - OCSPerr(OCSP_F_OCSP_CHECK_IDS, OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA); + if (idcount <= 0) { + OCSPerror(OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA); return -1; - } + } cid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId; *ret = NULL; - for (i = 1; i < idcount; i++) - { - tmpid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId; + for (i = 1; i < idcount; i++) { + tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId; /* Check to see if IDs match */ - if (OCSP_id_issuer_cmp(cid, tmpid)) - { - /* If algoritm mismatch let caller deal with it */ - if (OBJ_cmp(tmpid->hashAlgorithm->algorithm, - cid->hashAlgorithm->algorithm)) - return 2; - /* Else mismatch */ + if (OCSP_id_issuer_cmp(cid, tmpid)) { return 0; - } } + } /* All IDs match: only need to check one ID */ *ret = cid; return 1; - } - +} -static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, - STACK_OF(OCSP_SINGLERESP) *sresp) - { +static int +ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, + STACK_OF(OCSP_SINGLERESP) *sresp) +{ /* If only one ID to match then do it */ - if(cid) - { + if (cid) { const EVP_MD *dgst; X509_NAME *iname; int mdlen; unsigned char md[EVP_MAX_MD_SIZE]; - if (!(dgst = EVP_get_digestbyobj(cid->hashAlgorithm->algorithm))) - { - OCSPerr(OCSP_F_OCSP_MATCH_ISSUERID, OCSP_R_UNKNOWN_MESSAGE_DIGEST); + + if (!(dgst = + EVP_get_digestbyobj(cid->hashAlgorithm->algorithm))) { + OCSPerror(OCSP_R_UNKNOWN_MESSAGE_DIGEST); return -1; - } + } mdlen = EVP_MD_size(dgst); - if ((cid->issuerNameHash->length != mdlen) || - (cid->issuerKeyHash->length != mdlen)) + if (mdlen < 0) + return -1; + if (cid->issuerNameHash->length != mdlen || + cid->issuerKeyHash->length != mdlen) return 0; iname = X509_get_subject_name(cert); if (!X509_NAME_digest(iname, dgst, md, NULL)) return -1; if (memcmp(md, cid->issuerNameHash->data, mdlen)) return 0; - X509_pubkey_digest(cert, EVP_sha1(), md, NULL); + X509_pubkey_digest(cert, dgst, md, NULL); if (memcmp(md, cid->issuerKeyHash->data, mdlen)) return 0; return 1; - - } - else - { + } else { /* We have to match the whole lot */ int i, ret; OCSP_CERTID *tmpid; - for (i = 0; i < sk_OCSP_SINGLERESP_num(sresp); i++) - { - tmpid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId; + + for (i = 0; i < sk_OCSP_SINGLERESP_num(sresp); i++) { + tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId; ret = ocsp_match_issuerid(cert, tmpid, NULL); - if (ret <= 0) return ret; - } - return 1; + if (ret <= 0) + return ret; } - + return 1; } +} -static int ocsp_check_delegated(X509 *x, int flags) - { +static int +ocsp_check_delegated(X509 *x, int flags) +{ X509_check_purpose(x, -1, 0); - if ((x->ex_flags & EXFLAG_XKUSAGE) && - (x->ex_xkusage & XKU_OCSP_SIGN)) + if ((x->ex_flags & EXFLAG_XKUSAGE) && (x->ex_xkusage & XKU_OCSP_SIGN)) return 1; - OCSPerr(OCSP_F_OCSP_CHECK_DELEGATED, OCSP_R_MISSING_OCSPSIGNING_USAGE); + OCSPerror(OCSP_R_MISSING_OCSPSIGNING_USAGE); return 0; - } +} /* Verify an OCSP request. This is fortunately much easier than OCSP * response verify. Just find the signers certificate and verify it * against a given trust value. */ - -int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store, unsigned long flags) - { +int +OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store, + unsigned long flags) +{ X509 *signer; X509_NAME *nm; GENERAL_NAME *gen; int ret; X509_STORE_CTX ctx; - if (!req->optionalSignature) - { - OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_REQUEST_NOT_SIGNED); + + if (!req->optionalSignature) { + OCSPerror(OCSP_R_REQUEST_NOT_SIGNED); return 0; - } + } gen = req->tbsRequest->requestorName; - if (gen->type != GEN_DIRNAME) - { - OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE); + if (!gen || gen->type != GEN_DIRNAME) { + OCSPerror(OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE); return 0; - } + } nm = gen->d.directoryName; ret = ocsp_req_find_signer(&signer, req, nm, certs, store, flags); - if (ret <= 0) - { - OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND); + if (ret <= 0) { + OCSPerror(OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND); return 0; - } + } if ((ret == 2) && (flags & OCSP_TRUSTOTHER)) flags |= OCSP_NOVERIFY; - if (!(flags & OCSP_NOSIGS)) - { + if (!(flags & OCSP_NOSIGS)) { EVP_PKEY *skey; + skey = X509_get_pubkey(signer); ret = OCSP_REQUEST_verify(req, skey); EVP_PKEY_free(skey); - if(ret <= 0) - { - OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_SIGNATURE_FAILURE); + if (ret <= 0) { + OCSPerror(OCSP_R_SIGNATURE_FAILURE); return 0; - } } - if (!(flags & OCSP_NOVERIFY)) - { + } + if (!(flags & OCSP_NOVERIFY)) { int init_res; - if(flags & OCSP_NOCHAIN) - init_res = X509_STORE_CTX_init(&ctx, store, signer, NULL); + + if (flags & OCSP_NOCHAIN) + init_res = X509_STORE_CTX_init(&ctx, store, signer, + NULL); else init_res = X509_STORE_CTX_init(&ctx, store, signer, - req->optionalSignature->certs); - if(!init_res) - { - OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,ERR_R_X509_LIB); + req->optionalSignature->certs); + if (!init_res) { + OCSPerror(ERR_R_X509_LIB); return 0; - } + } - X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER); - X509_STORE_CTX_set_trust(&ctx, X509_TRUST_OCSP_REQUEST); + if (X509_STORE_CTX_set_purpose(&ctx, + X509_PURPOSE_OCSP_HELPER) == 0 || + X509_STORE_CTX_set_trust(&ctx, + X509_TRUST_OCSP_REQUEST) == 0) { + X509_STORE_CTX_cleanup(&ctx); + return 0; + } ret = X509_verify_cert(&ctx); X509_STORE_CTX_cleanup(&ctx); - if (ret <= 0) - { - ret = X509_STORE_CTX_get_error(&ctx); - OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,OCSP_R_CERTIFICATE_VERIFY_ERROR); - ERR_add_error_data(2, "Verify error:", - X509_verify_cert_error_string(ret)); - return 0; - } + if (ret <= 0) { + ret = X509_STORE_CTX_get_error(&ctx); + OCSPerror(OCSP_R_CERTIFICATE_VERIFY_ERROR); + ERR_asprintf_error_data("Verify error:%s", + X509_verify_cert_error_string(ret)); + return 0; } + } return 1; - } +} -static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, X509_NAME *nm, STACK_OF(X509) *certs, - X509_STORE *st, unsigned long flags) - { +static int +ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, X509_NAME *nm, + STACK_OF(X509) *certs, X509_STORE *st, unsigned long flags) +{ X509 *signer; - if(!(flags & OCSP_NOINTERN)) - { + + if (!(flags & OCSP_NOINTERN)) { signer = X509_find_by_subject(req->optionalSignature->certs, nm); - *psigner = signer; - return 1; + if (signer) { + *psigner = signer; + return 1; } + } signer = X509_find_by_subject(certs, nm); - if (signer) - { + if (signer) { *psigner = signer; return 2; - } - return 0; } + return 0; +} diff --git a/src/lib/libcrypto/openssl.cnf b/src/lib/libcrypto/openssl.cnf new file mode 100644 index 00000000000..8ce83bf90d9 --- /dev/null +++ b/src/lib/libcrypto/openssl.cnf @@ -0,0 +1,24 @@ +[ req ] +#default_bits = 2048 +#default_md = sha256 +#default_keyfile = privkey.pem +distinguished_name = req_distinguished_name +attributes = req_attributes + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_min = 2 +countryName_max = 2 +stateOrProvinceName = State or Province Name (full name) +localityName = Locality Name (eg, city) +0.organizationName = Organization Name (eg, company) +organizationalUnitName = Organizational Unit Name (eg, section) +commonName = Common Name (eg, fully qualified host name) +commonName_max = 64 +emailAddress = Email Address +emailAddress_max = 64 + +[ req_attributes ] +challengePassword = A challenge password +challengePassword_min = 4 +challengePassword_max = 20 diff --git a/src/lib/libcrypto/opensslconf.h.in b/src/lib/libcrypto/opensslconf.h.in deleted file mode 100644 index 9082a16c46f..00000000000 --- a/src/lib/libcrypto/opensslconf.h.in +++ /dev/null @@ -1,158 +0,0 @@ -/* crypto/opensslconf.h.in */ - -/* Generate 80386 code? */ -#undef I386_ONLY - -#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ -#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) -#define OPENSSLDIR "/usr/local/ssl" -#endif -#endif - -#undef OPENSSL_UNISTD -#define OPENSSL_UNISTD - -#undef OPENSSL_EXPORT_VAR_AS_FUNCTION - -#if defined(HEADER_IDEA_H) && !defined(IDEA_INT) -#define IDEA_INT unsigned int -#endif - -#if defined(HEADER_MD2_H) && !defined(MD2_INT) -#define MD2_INT unsigned int -#endif - -#if defined(HEADER_RC2_H) && !defined(RC2_INT) -/* I need to put in a mod for the alpha - eay */ -#define RC2_INT unsigned int -#endif - -#if defined(HEADER_RC4_H) -#if !defined(RC4_INT) -/* using int types make the structure larger but make the code faster - * on most boxes I have tested - up to %20 faster. */ -/* - * I don't know what does "most" mean, but declaring "int" is a must on: - * - Intel P6 because partial register stalls are very expensive; - * - elder Alpha because it lacks byte load/store instructions; - */ -#define RC4_INT unsigned int -#endif -#if !defined(RC4_CHUNK) -/* - * This enables code handling data aligned at natural CPU word - * boundary. See crypto/rc4/rc4_enc.c for further details. - */ -#undef RC4_CHUNK -#endif -#endif - -#if (defined(HEADER_DES_H) || defined(HEADER_DES_OLD_H)) && !defined(DES_LONG) -/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a - * %20 speed up (longs are 8 bytes, int's are 4). */ -#ifndef DES_LONG -#define DES_LONG unsigned long -#endif -#endif - -#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) -#define CONFIG_HEADER_BN_H -#undef BN_LLONG - -/* Should we define BN_DIV2W here? */ - -/* Only one for the following should be defined */ -/* The prime number generation stuff may not work when - * EIGHT_BIT but I don't care since I've only used this mode - * for debuging the bignum libraries */ -#undef SIXTY_FOUR_BIT_LONG -#undef SIXTY_FOUR_BIT -#define THIRTY_TWO_BIT -#undef SIXTEEN_BIT -#undef EIGHT_BIT -#endif - -#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) -#define CONFIG_HEADER_RC4_LOCL_H -/* if this is defined data[i] is used instead of *data, this is a %20 - * speedup on x86 */ -#undef RC4_INDEX -#endif - -#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H) -#define CONFIG_HEADER_BF_LOCL_H -#undef BF_PTR -#endif /* HEADER_BF_LOCL_H */ - -#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H) -#define CONFIG_HEADER_DES_LOCL_H -#ifndef DES_DEFAULT_OPTIONS -/* the following is tweaked from a config script, that is why it is a - * protected undef/define */ -#ifndef DES_PTR -#undef DES_PTR -#endif - -/* This helps C compiler generate the correct code for multiple functional - * units. It reduces register dependancies at the expense of 2 more - * registers */ -#ifndef DES_RISC1 -#undef DES_RISC1 -#endif - -#ifndef DES_RISC2 -#undef DES_RISC2 -#endif - -#if defined(DES_RISC1) && defined(DES_RISC2) -YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! -#endif - -/* Unroll the inner loop, this sometimes helps, sometimes hinders. - * Very mucy CPU dependant */ -#ifndef DES_UNROLL -#undef DES_UNROLL -#endif - -/* These default values were supplied by - * Peter Gutman - * They are only used if nothing else has been defined */ -#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL) -/* Special defines which change the way the code is built depending on the - CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find - even newer MIPS CPU's, but at the moment one size fits all for - optimization options. Older Sparc's work better with only UNROLL, but - there's no way to tell at compile time what it is you're running on */ - -#if defined( sun ) /* Newer Sparc's */ -# define DES_PTR -# define DES_RISC1 -# define DES_UNROLL -#elif defined( __ultrix ) /* Older MIPS */ -# define DES_PTR -# define DES_RISC2 -# define DES_UNROLL -#elif defined( __osf1__ ) /* Alpha */ -# define DES_PTR -# define DES_RISC2 -#elif defined ( _AIX ) /* RS6000 */ - /* Unknown */ -#elif defined( __hpux ) /* HP-PA */ - /* Unknown */ -#elif defined( __aux ) /* 68K */ - /* Unknown */ -#elif defined( __dgux ) /* 88K (but P6 in latest boxes) */ -# define DES_UNROLL -#elif defined( __sgi ) /* Newer MIPS */ -# define DES_PTR -# define DES_RISC2 -# define DES_UNROLL -#elif defined(i386) || defined(__i386__) /* x86 boxes, should be gcc */ -# define DES_PTR -# define DES_RISC1 -# define DES_UNROLL -#endif /* Systems-specific speed defines */ -#endif - -#endif /* DES_DEFAULT_OPTIONS */ -#endif /* HEADER_DES_LOCL_H */ diff --git a/src/lib/libcrypto/opensslfeatures.h b/src/lib/libcrypto/opensslfeatures.h new file mode 100644 index 00000000000..688d478dfd4 --- /dev/null +++ b/src/lib/libcrypto/opensslfeatures.h @@ -0,0 +1,111 @@ +/* + * Feature flags for LibreSSL... so you can actually tell when things + * are enabled, rather than not being able to tell when things are + * enabled (or possibly not yet not implemented, or removed!). + */ +/* #define LIBRESSL_HAS_TLS1_3 */ + +#define OPENSSL_THREADS + +#define OPENSSL_NO_BUF_FREELISTS +#define OPENSSL_NO_GMP +#define OPENSSL_NO_JPAKE +#define OPENSSL_NO_KRB5 +#define OPENSSL_NO_RSAX +#define OPENSSL_NO_SHA0 +#define OPENSSL_NO_SSL2 +#define OPENSSL_NO_STORE + +/* + * OPENSSL_NO_* flags that currently appear in OpenSSL. + */ + +/* #define OPENSSL_NO_AFALGENG */ +/* #define OPENSSL_NO_ALGORITHMS */ +/* #define OPENSSL_NO_ARIA */ +/* #define OPENSSL_NO_ASM */ +#define OPENSSL_NO_ASYNC +/* #define OPENSSL_NO_AUTOALGINIT */ +/* #define OPENSSL_NO_AUTOERRINIT */ +/* #define OPENSSL_NO_AUTOLOAD_CONFIG */ +/* #define OPENSSL_NO_BF */ +/* #define OPENSSL_NO_BLAKE2 */ +/* #define OPENSSL_NO_CAMELLIA */ +/* #define OPENSSL_NO_CAST */ +/* #define OPENSSL_NO_CHACHA */ +/* #define OPENSSL_NO_CMAC */ +#define OPENSSL_NO_CMS +#define OPENSSL_NO_COMP /* XXX */ +/* #define OPENSSL_NO_CRYPTO_MDEBUG */ +/* #define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE */ +/* #define OPENSSL_NO_CT */ +/* #define OPENSSL_NO_DECC_INIT */ +/* #define OPENSSL_NO_DES */ +/* #define OPENSSL_NO_DGRAM */ +/* #define OPENSSL_NO_DH */ +/* #define OPENSSL_NO_DSA */ +/* #define OPENSSL_NO_DSO */ +/* #define OPENSSL_NO_DTLS */ +/* #define OPENSSL_NO_DTLS1 */ +/* #define OPENSSL_NO_DTLS1_2 */ +/* #define OPENSSL_NO_DTLS1_2_METHOD */ +/* #define OPENSSL_NO_DTLS1_METHOD */ +#define OPENSSL_NO_DYNAMIC_ENGINE +/* #define OPENSSL_NO_EC */ +/* #define OPENSSL_NO_EC2M */ +#define OPENSSL_NO_EC_NISTP_64_GCC_128 +#define OPENSSL_NO_EGD +/* #define OPENSSL_NO_ENGINE */ +/* #define OPENSSL_NO_ERR */ +/* #define OPENSSL_NO_FUZZ_LIBFUZZER */ +/* #define OPENSSL_NO_GOST */ +#define OPENSSL_NO_HEARTBEATS +/* #define OPENSSL_NO_HW */ +/* #define OPENSSL_NO_HW_PADLOCK */ +/* #define OPENSSL_NO_IDEA */ +#define OPENSSL_NO_MD2 +/* #define OPENSSL_NO_MD4 */ +/* #define OPENSSL_NO_MD5 */ +#define OPENSSL_NO_MDC2 +/* #define OPENSSL_NO_MULTIBLOCK */ +/* #define OPENSSL_NO_NEXTPROTONEG */ +/* #define OPENSSL_NO_OCB */ +/* #define OPENSSL_NO_OCSP */ +/* #define OPENSSL_NO_POLY1305 */ +/* #define OPENSSL_NO_POSIX_IO */ +#define OPENSSL_NO_PSK +/* #define OPENSSL_NO_RC2 */ +/* #define OPENSSL_NO_RC4 */ +#define OPENSSL_NO_RC5 +#define OPENSSL_NO_RFC3779 +/* #define OPENSSL_NO_RMD160 */ +/* #define OPENSSL_NO_RSA */ +/* #define OPENSSL_NO_SCRYPT */ +#define OPENSSL_NO_SCTP +#define OPENSSL_NO_SEED +/* #define OPENSSL_NO_SIPHASH */ +/* #define OPENSSL_NO_SM2 */ +/* #define OPENSSL_NO_SM3 */ +/* #define OPENSSL_NO_SM4 */ +/* #define OPENSSL_NO_SOCK */ +#define OPENSSL_NO_SRP +/* #define OPENSSL_NO_SRTP */ +#define OPENSSL_NO_SSL3 +#define OPENSSL_NO_SSL3_METHOD +/* #define OPENSSL_NO_SSL_TRACE */ +/* #define OPENSSL_NO_STDIO */ +/* #define OPENSSL_NO_TLS */ +/* #define OPENSSL_NO_TLS1 */ +/* #define OPENSSL_NO_TLS1_1 */ +/* #define OPENSSL_NO_TLS1_1_METHOD */ +/* #define OPENSSL_NO_TLS1_2 */ +/* #define OPENSSL_NO_TLS1_2_METHOD */ +#ifndef LIBRESSL_HAS_TLS1_3 +#define OPENSSL_NO_TLS1_3 +#endif +/* #define OPENSSL_NO_TLS1_METHOD */ +/* #define OPENSSL_NO_TS */ +/* #define OPENSSL_NO_UI_CONSOLE */ +/* #define OPENSSL_NO_UNIT_TEST */ +/* #define OPENSSL_NO_WEAK_SSL_CIPHERS */ +/* #define OPENSSL_NO_WHIRLPOOL */ diff --git a/src/lib/libcrypto/opensslv.h b/src/lib/libcrypto/opensslv.h index 0d23a02fb2e..779d9b5f3c8 100644 --- a/src/lib/libcrypto/opensslv.h +++ b/src/lib/libcrypto/opensslv.h @@ -1,85 +1,18 @@ +/* $OpenBSD: opensslv.h,v 1.50 2018/11/08 17:36:57 bcook Exp $ */ #ifndef HEADER_OPENSSLV_H #define HEADER_OPENSSLV_H -/* Numeric release version identifier: - * MNNFFPPS: major minor fix patch status - * The status nibble has one of the values 0 for development, 1 to e for betas - * 1 to 14, and f for release. The patch level is exactly that. - * For example: - * 0.9.3-dev 0x00903000 - * 0.9.3-beta1 0x00903001 - * 0.9.3-beta2-dev 0x00903002 - * 0.9.3-beta2 0x00903002 (same as ...beta2-dev) - * 0.9.3 0x0090300f - * 0.9.3a 0x0090301f - * 0.9.4 0x0090400f - * 1.2.3z 0x102031af - * - * For continuity reasons (because 0.9.5 is already out, and is coded - * 0x00905100), between 0.9.5 and 0.9.6 the coding of the patch level - * part is slightly different, by setting the highest bit. This means - * that 0.9.5a looks like this: 0x0090581f. At 0.9.6, we can start - * with 0x0090600S... - * - * (Prior to 0.9.3-dev a different scheme was used: 0.9.2b is 0x0922.) - * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for - * major minor fix final patch/beta) - */ -#define OPENSSL_VERSION_NUMBER 0x00907001L -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7-beta1 01 Jun 2002" -#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT +/* These will change with each release of LibreSSL-portable */ +#define LIBRESSL_VERSION_NUMBER 0x2090000fL +/* ^ Patch starts here */ +#define LIBRESSL_VERSION_TEXT "LibreSSL 2.9.0" +/* These will never change */ +#define OPENSSL_VERSION_NUMBER 0x20000000L +#define OPENSSL_VERSION_TEXT LIBRESSL_VERSION_TEXT +#define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT -/* The macros below are to be used for shared library (.so, .dll, ...) - * versioning. That kind of versioning works a bit differently between - * operating systems. The most usual scheme is to set a major and a minor - * number, and have the runtime loader check that the major number is equal - * to what it was at application link time, while the minor number has to - * be greater or equal to what it was at application link time. With this - * scheme, the version number is usually part of the file name, like this: - * - * libcrypto.so.0.9 - * - * Some unixen also make a softlink with the major verson number only: - * - * libcrypto.so.0 - * - * On Tru64 and IRIX 6.x it works a little bit differently. There, the - * shared library version is stored in the file, and is actually a series - * of versions, separated by colons. The rightmost version present in the - * library when linking an application is stored in the application to be - * matched at run time. When the application is run, a check is done to - * see if the library version stored in the application matches any of the - * versions in the version string of the library itself. - * This version string can be constructed in any way, depending on what - * kind of matching is desired. However, to implement the same scheme as - * the one used in the other unixen, all compatible versions, from lowest - * to highest, should be part of the string. Consecutive builds would - * give the following versions strings: - * - * 3.0 - * 3.0:3.1 - * 3.0:3.1:3.2 - * 4.0 - * 4.0:4.1 - * - * Notice how version 4 is completely incompatible with version, and - * therefore give the breach you can see. - * - * There may be other schemes as well that I haven't yet discovered. - * - * So, here's the way it works here: first of all, the library version - * number doesn't need at all to match the overall OpenSSL version. - * However, it's nice and more understandable if it actually does. - * The current library version is stored in the macro SHLIB_VERSION_NUMBER, - * which is just a piece of text in the format "M.m.e" (Major, minor, edit). - * For the sake of Tru64, IRIX, and any other OS that behaves in similar ways, - * we need to keep a history of version numbers, which is done in the - * macro SHLIB_VERSION_HISTORY. The numbers are separated by colons and - * should only keep the versions that are binary compatible with the current. - */ #define SHLIB_VERSION_HISTORY "" -#define SHLIB_VERSION_NUMBER "0.9.7" - +#define SHLIB_VERSION_NUMBER "1.0.0" #endif /* HEADER_OPENSSLV_H */ diff --git a/src/lib/libcrypto/ossl_typ.h b/src/lib/libcrypto/ossl_typ.h index 6bd42aee4d4..234fdca1ea8 100644 --- a/src/lib/libcrypto/ossl_typ.h +++ b/src/lib/libcrypto/ossl_typ.h @@ -1,3 +1,4 @@ +/* $OpenBSD: ossl_typ.h,v 1.13 2015/09/30 04:10:07 doug Exp $ */ /* ==================================================================== * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. * @@ -6,7 +7,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -55,25 +56,8 @@ #ifndef HEADER_OPENSSL_TYPES_H #define HEADER_OPENSSL_TYPES_H -#ifdef NO_ASN1_TYPEDEFS -#define ASN1_INTEGER ASN1_STRING -#define ASN1_ENUMERATED ASN1_STRING -#define ASN1_BIT_STRING ASN1_STRING -#define ASN1_OCTET_STRING ASN1_STRING -#define ASN1_PRINTABLESTRING ASN1_STRING -#define ASN1_T61STRING ASN1_STRING -#define ASN1_IA5STRING ASN1_STRING -#define ASN1_UTCTIME ASN1_STRING -#define ASN1_GENERALIZEDTIME ASN1_STRING -#define ASN1_TIME ASN1_STRING -#define ASN1_GENERALSTRING ASN1_STRING -#define ASN1_UNIVERSALSTRING ASN1_STRING -#define ASN1_BMPSTRING ASN1_STRING -#define ASN1_VISIBLESTRING ASN1_STRING -#define ASN1_UTF8STRING ASN1_STRING -#define ASN1_BOOLEAN int -#define ASN1_NULL int -#else +#include + typedef struct asn1_string_st ASN1_INTEGER; typedef struct asn1_string_st ASN1_ENUMERATED; typedef struct asn1_string_st ASN1_BIT_STRING; @@ -89,14 +73,24 @@ typedef struct asn1_string_st ASN1_TIME; typedef struct asn1_string_st ASN1_GENERALIZEDTIME; typedef struct asn1_string_st ASN1_VISIBLESTRING; typedef struct asn1_string_st ASN1_UTF8STRING; +typedef struct asn1_string_st ASN1_STRING; typedef int ASN1_BOOLEAN; typedef int ASN1_NULL; -#endif -#ifdef OPENSSL_SYS_WIN32 -#undef X509_NAME -#undef PKCS7_ISSUER_AND_SERIAL +typedef struct ASN1_ITEM_st ASN1_ITEM; +typedef struct asn1_pctx_st ASN1_PCTX; + +#ifdef BIGNUM +#undef BIGNUM #endif +typedef struct bignum_st BIGNUM; +typedef struct bignum_ctx BN_CTX; +typedef struct bn_blinding_st BN_BLINDING; +typedef struct bn_mont_ctx_st BN_MONT_CTX; +typedef struct bn_recp_ctx_st BN_RECP_CTX; +typedef struct bn_gencb_st BN_GENCB; + +typedef struct buf_mem_st BUF_MEM; typedef struct evp_cipher_st EVP_CIPHER; typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX; @@ -104,17 +98,77 @@ typedef struct env_md_st EVP_MD; typedef struct env_md_ctx_st EVP_MD_CTX; typedef struct evp_pkey_st EVP_PKEY; +typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD; + +typedef struct evp_pkey_method_st EVP_PKEY_METHOD; +typedef struct evp_pkey_ctx_st EVP_PKEY_CTX; + +typedef struct dh_st DH; +typedef struct dh_method DH_METHOD; + +typedef struct dsa_st DSA; +typedef struct dsa_method DSA_METHOD; + +typedef struct rsa_st RSA; +typedef struct rsa_meth_st RSA_METHOD; + +typedef struct rand_meth_st RAND_METHOD; + +typedef struct ecdh_method ECDH_METHOD; +typedef struct ecdsa_method ECDSA_METHOD; + typedef struct x509_st X509; typedef struct X509_algor_st X509_ALGOR; typedef struct X509_crl_st X509_CRL; +typedef struct x509_crl_method_st X509_CRL_METHOD; +typedef struct x509_revoked_st X509_REVOKED; typedef struct X509_name_st X509_NAME; +typedef struct X509_pubkey_st X509_PUBKEY; typedef struct x509_store_st X509_STORE; typedef struct x509_store_ctx_st X509_STORE_CTX; +typedef struct pkcs8_priv_key_info_st PKCS8_PRIV_KEY_INFO; + +typedef struct v3_ext_ctx X509V3_CTX; +typedef struct conf_st CONF; + +typedef struct store_st STORE; +typedef struct store_method_st STORE_METHOD; + +typedef struct ui_st UI; +typedef struct ui_method_st UI_METHOD; + +typedef struct st_ERR_FNS ERR_FNS; + typedef struct engine_st ENGINE; +typedef struct ssl_st SSL; +typedef struct ssl_ctx_st SSL_CTX; + +typedef struct X509_POLICY_NODE_st X509_POLICY_NODE; +typedef struct X509_POLICY_LEVEL_st X509_POLICY_LEVEL; +typedef struct X509_POLICY_TREE_st X509_POLICY_TREE; +typedef struct X509_POLICY_CACHE_st X509_POLICY_CACHE; + +typedef struct AUTHORITY_KEYID_st AUTHORITY_KEYID; +typedef struct DIST_POINT_st DIST_POINT; +typedef struct ISSUING_DIST_POINT_st ISSUING_DIST_POINT; +typedef struct NAME_CONSTRAINTS_st NAME_CONSTRAINTS; - /* If placed in pkcs12.h, we end up with a circular depency with pkcs7.h */ +/* If placed in pkcs12.h, we end up with a circular depency with pkcs7.h */ #define DECLARE_PKCS12_STACK_OF(type) /* Nothing */ #define IMPLEMENT_PKCS12_STACK_OF(type) /* Nothing */ +typedef struct crypto_ex_data_st CRYPTO_EX_DATA; +/* Callback types for crypto.h */ +typedef int CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp); +typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp); +typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, + void *from_d, int idx, long argl, void *argp); + +typedef struct ocsp_req_ctx_st OCSP_REQ_CTX; +typedef struct ocsp_response_st OCSP_RESPONSE; +typedef struct ocsp_responder_id_st OCSP_RESPID; + #endif /* def HEADER_OPENSSL_TYPES_H */ diff --git a/src/lib/libcrypto/pariscid.pl b/src/lib/libcrypto/pariscid.pl new file mode 100644 index 00000000000..da74a2836ce --- /dev/null +++ b/src/lib/libcrypto/pariscid.pl @@ -0,0 +1,86 @@ +#!/usr/bin/env perl + +$flavour = shift; +$output = shift; +open STDOUT,">$output"; + +if ($flavour =~ /64/) { + $LEVEL ="2.0W"; + $SIZE_T =8; + $ST ="std"; +} else { + $LEVEL ="1.1"; + $SIZE_T =4; + $ST ="stw"; +} + +$rp="%r2"; +$sp="%r30"; +$rv="%r28"; + +$code=<<___; + .LEVEL $LEVEL +#if 0 + .SPACE \$TEXT\$ + .SUBSPA \$CODE\$,QUAD=0,ALIGN=8,ACCESS=0x2C,CODE_ONLY +#else + .text +#endif + + .EXPORT OPENSSL_cpuid_setup,ENTRY + .ALIGN 8 +OPENSSL_cpuid_setup + .PROC + .CALLINFO NO_CALLS + .ENTRY + bv ($rp) + .EXIT + nop + .PROCEND + + .EXPORT OPENSSL_wipe_cpu,ENTRY + .ALIGN 8 +OPENSSL_wipe_cpu + .PROC + .CALLINFO NO_CALLS + .ENTRY + xor %r0,%r0,%r1 + fcpy,dbl %fr0,%fr4 + xor %r0,%r0,%r19 + fcpy,dbl %fr0,%fr5 + xor %r0,%r0,%r20 + fcpy,dbl %fr0,%fr6 + xor %r0,%r0,%r21 + fcpy,dbl %fr0,%fr7 + xor %r0,%r0,%r22 + fcpy,dbl %fr0,%fr8 + xor %r0,%r0,%r23 + fcpy,dbl %fr0,%fr9 + xor %r0,%r0,%r24 + fcpy,dbl %fr0,%fr10 + xor %r0,%r0,%r25 + fcpy,dbl %fr0,%fr11 + xor %r0,%r0,%r26 + fcpy,dbl %fr0,%fr22 + xor %r0,%r0,%r29 + fcpy,dbl %fr0,%fr23 + xor %r0,%r0,%r31 + fcpy,dbl %fr0,%fr24 + fcpy,dbl %fr0,%fr25 + fcpy,dbl %fr0,%fr26 + fcpy,dbl %fr0,%fr27 + fcpy,dbl %fr0,%fr28 + fcpy,dbl %fr0,%fr29 + fcpy,dbl %fr0,%fr30 + fcpy,dbl %fr0,%fr31 + bv ($rp) + .EXIT + ldo 0($sp),$rv + .PROCEND +___ +$code =~ s/cmpib,\*/comib,/gm if ($SIZE_T==4); +$code =~ s/,\*/,/gm if ($SIZE_T==4); +$code =~ s/\bbv\b/bve/gm if ($SIZE_T==8); +print $code; +close STDOUT; + diff --git a/src/lib/libcrypto/pem/Makefile.ssl b/src/lib/libcrypto/pem/Makefile.ssl deleted file mode 100644 index 27be11dfc0f..00000000000 --- a/src/lib/libcrypto/pem/Makefile.ssl +++ /dev/null @@ -1,250 +0,0 @@ -# -# SSLeay/crypto/pem/Makefile -# - -DIR= pem -TOP= ../.. -CC= cc -INCLUDES= -I.. -I$(TOP) -I../../include -CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKE= make -f Makefile.ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) -MAKEFILE= Makefile.ssl -AR= ar r - -CFLAGS= $(INCLUDES) $(CFLAG) - -GENERAL=Makefile -TEST= -APPS= - -LIB=$(TOP)/libcrypto.a -LIBSRC= pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_all.c pem_err.c \ - pem_x509.c pem_xaux.c pem_oth.c pem_pk8.c pem_pkey.c - -LIBOBJ= pem_sign.o pem_seal.o pem_info.o pem_lib.o pem_all.o pem_err.o \ - pem_x509.o pem_xaux.o pem_oth.o pem_pk8.o pem_pkey.o - -SRC= $(LIBSRC) - -EXHEADER= pem.h pem2.h -HEADER= $(EXHEADER) - -ALL= $(GENERAL) $(SRC) $(HEADER) - -top: - (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) - -all: lib - -lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) || echo Never mind. - @touch lib - -files: - $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO - -links: $(EXHEADER) - @sh $(TOP)/util/point.sh Makefile.ssl Makefile - @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) - @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) - @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) - -install: - @for i in $(EXHEADER) ; \ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; - -tags: - ctags $(SRC) - -tests: - -lint: - lint -DLINT $(INCLUDES) $(SRC)>fluff - -depend: - $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC) - -dclean: - $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new - mv -f Makefile.new $(MAKEFILE) - -clean: - rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff - -# DO NOT DELETE THIS LINE -- make depend depends on it. - -pem_all.o: ../../e_os.h ../../include/openssl/asn1.h -pem_all.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -pem_all.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -pem_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -pem_all.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -pem_all.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -pem_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -pem_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -pem_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h -pem_all.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h -pem_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -pem_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -pem_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -pem_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_all.c -pem_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -pem_err.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -pem_err.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -pem_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -pem_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pem_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -pem_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -pem_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -pem_err.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h -pem_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -pem_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -pem_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -pem_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -pem_err.o: pem_err.c -pem_info.o: ../../e_os.h ../../include/openssl/asn1.h -pem_info.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -pem_info.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -pem_info.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -pem_info.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -pem_info.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -pem_info.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -pem_info.o: ../../include/openssl/opensslconf.h -pem_info.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -pem_info.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h -pem_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -pem_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -pem_info.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -pem_info.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -pem_info.o: ../cryptlib.h pem_info.c -pem_lib.o: ../../e_os.h ../../include/openssl/asn1.h -pem_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -pem_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -pem_lib.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -pem_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -pem_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -pem_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -pem_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -pem_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -pem_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h -pem_lib.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h -pem_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -pem_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -pem_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -pem_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -pem_lib.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h -pem_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_lib.c -pem_oth.o: ../../e_os.h ../../include/openssl/asn1.h -pem_oth.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -pem_oth.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -pem_oth.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -pem_oth.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -pem_oth.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -pem_oth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -pem_oth.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -pem_oth.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h -pem_oth.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h -pem_oth.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -pem_oth.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -pem_oth.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -pem_oth.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -pem_oth.o: ../cryptlib.h pem_oth.c -pem_pk8.o: ../../e_os.h ../../include/openssl/asn1.h -pem_pk8.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -pem_pk8.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -pem_pk8.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -pem_pk8.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -pem_pk8.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -pem_pk8.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -pem_pk8.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -pem_pk8.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h -pem_pk8.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h -pem_pk8.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -pem_pk8.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -pem_pk8.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -pem_pk8.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -pem_pk8.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_pk8.c -pem_pkey.o: ../../e_os.h ../../include/openssl/asn1.h -pem_pkey.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -pem_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -pem_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -pem_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -pem_pkey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -pem_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -pem_pkey.o: ../../include/openssl/opensslconf.h -pem_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -pem_pkey.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h -pem_pkey.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h -pem_pkey.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -pem_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -pem_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -pem_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -pem_pkey.o: ../cryptlib.h pem_pkey.c -pem_seal.o: ../../e_os.h ../../include/openssl/asn1.h -pem_seal.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -pem_seal.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -pem_seal.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -pem_seal.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -pem_seal.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -pem_seal.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -pem_seal.o: ../../include/openssl/opensslconf.h -pem_seal.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -pem_seal.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h -pem_seal.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -pem_seal.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -pem_seal.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -pem_seal.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -pem_seal.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_seal.c -pem_sign.o: ../../e_os.h ../../include/openssl/asn1.h -pem_sign.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -pem_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -pem_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -pem_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -pem_sign.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -pem_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -pem_sign.o: ../../include/openssl/opensslconf.h -pem_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -pem_sign.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h -pem_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -pem_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -pem_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -pem_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -pem_sign.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_sign.c -pem_x509.o: ../../e_os.h ../../include/openssl/asn1.h -pem_x509.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -pem_x509.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -pem_x509.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -pem_x509.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -pem_x509.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -pem_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -pem_x509.o: ../../include/openssl/opensslconf.h -pem_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -pem_x509.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h -pem_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -pem_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -pem_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -pem_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -pem_x509.o: ../cryptlib.h pem_x509.c -pem_xaux.o: ../../e_os.h ../../include/openssl/asn1.h -pem_xaux.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -pem_xaux.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -pem_xaux.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -pem_xaux.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -pem_xaux.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -pem_xaux.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -pem_xaux.o: ../../include/openssl/opensslconf.h -pem_xaux.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -pem_xaux.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h -pem_xaux.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -pem_xaux.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -pem_xaux.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -pem_xaux.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -pem_xaux.o: ../cryptlib.h pem_xaux.c diff --git a/src/lib/libcrypto/pem/pem.h b/src/lib/libcrypto/pem/pem.h index 3785fca77dd..adc85226e87 100644 --- a/src/lib/libcrypto/pem/pem.h +++ b/src/lib/libcrypto/pem/pem.h @@ -1,25 +1,25 @@ -/* crypto/pem/pem.h */ +/* $OpenBSD: pem.h,v 1.19 2018/08/24 19:51:31 tb Exp $ */ /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -59,6 +59,8 @@ #ifndef HEADER_PEM_H #define HEADER_PEM_H +#include + #ifndef OPENSSL_NO_BIO #include #endif @@ -68,7 +70,6 @@ #include #include #include -#include #ifdef __cplusplus extern "C" { @@ -91,6 +92,9 @@ extern "C" { #define PEM_OBJ_DHPARAMS 17 #define PEM_OBJ_DSAPARAMS 18 #define PEM_OBJ_PRIV_RSA_PUBLIC 19 +#define PEM_OBJ_PRIV_ECDSA 20 +#define PEM_OBJ_PUB_ECDSA 21 +#define PEM_OBJ_ECPARAMETERS 22 #define PEM_ERROR 30 #define PEM_DEK_DES_CBC 40 @@ -110,6 +114,7 @@ extern "C" { #define PEM_STRING_X509_OLD "X509 CERTIFICATE" #define PEM_STRING_X509 "CERTIFICATE" +#define PEM_STRING_X509_PAIR "CERTIFICATE PAIR" #define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE" #define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST" #define PEM_STRING_X509_REQ "CERTIFICATE REQUEST" @@ -121,20 +126,25 @@ extern "C" { #define PEM_STRING_DSA "DSA PRIVATE KEY" #define PEM_STRING_DSA_PUBLIC "DSA PUBLIC KEY" #define PEM_STRING_PKCS7 "PKCS7" +#define PEM_STRING_PKCS7_SIGNED "PKCS #7 SIGNED DATA" #define PEM_STRING_PKCS8 "ENCRYPTED PRIVATE KEY" #define PEM_STRING_PKCS8INF "PRIVATE KEY" #define PEM_STRING_DHPARAMS "DH PARAMETERS" #define PEM_STRING_SSL_SESSION "SSL SESSION PARAMETERS" #define PEM_STRING_DSAPARAMS "DSA PARAMETERS" +#define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY" +#define PEM_STRING_ECPARAMETERS "EC PARAMETERS" +#define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY" +#define PEM_STRING_PARAMETERS "PARAMETERS" +#define PEM_STRING_CMS "CMS" /* Note that this structure is initialised by PEM_SealInit and cleaned up by PEM_SealFinal (at least for now) */ -typedef struct PEM_Encode_Seal_st - { +typedef struct PEM_Encode_Seal_st { EVP_ENCODE_CTX encode; EVP_MD_CTX md; EVP_CIPHER_CTX cipher; - } PEM_ENCODE_SEAL_CTX; +} PEM_ENCODE_SEAL_CTX; /* enc_type is one off */ #define PEM_TYPE_ENCRYPTED 10 @@ -142,42 +152,38 @@ typedef struct PEM_Encode_Seal_st #define PEM_TYPE_MIC_CLEAR 30 #define PEM_TYPE_CLEAR 40 -typedef struct pem_recip_st - { +typedef struct pem_recip_st { char *name; X509_NAME *dn; int cipher; int key_enc; - char iv[8]; - } PEM_USER; + /* char iv[8]; unused and wrong size */ +} PEM_USER; -typedef struct pem_ctx_st - { +typedef struct pem_ctx_st { int type; /* what type of object */ struct { - int version; - int mode; - } proc_type; + int version; + int mode; + } proc_type; char *domain; struct { int cipher; - unsigned char iv[8]; - } DEK_info; - + /* unused, and wrong size + unsigned char iv[8]; */ + } DEK_info; + PEM_USER *originator; int num_recipient; PEM_USER **recipient; -#ifndef OPENSSL_NO_STACK - STACK *x509_chain; /* certificate chain */ -#else - char *x509_chain; /* certificate chain */ -#endif + /* XXX(ben): don#t think this is used! + STACK *x509_chain; / * certificate chain */ EVP_MD *md; /* signature type */ int md_enc; /* is the md encrypted or not? */ @@ -187,103 +193,123 @@ typedef struct pem_ctx_st EVP_CIPHER *dec; /* date encryption cipher */ int key_len; /* key length */ unsigned char *key; /* key */ - unsigned char iv[8]; /* the iv */ + /* unused, and wrong size + unsigned char iv[8]; */ - int data_enc; /* is the data encrypted */ int data_len; unsigned char *data; - } PEM_CTX; +} PEM_CTX; +#ifndef LIBRESSL_INTERNAL /* These macros make the PEM_read/PEM_write functions easier to maintain and * write. Now they are all implemented with either: * IMPLEMENT_PEM_rw(...) or IMPLEMENT_PEM_rw_cb(...) */ -#ifdef OPENSSL_NO_FP_API - -#define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/ -#define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/ -#define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) /**/ - -#else - #define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \ type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\ { \ -return((type *)PEM_ASN1_read((char *(*)())d2i_##asn1, str,fp,(char **)x,\ - cb,u)); \ -} \ +return PEM_ASN1_read((d2i_of_void *)d2i_##asn1, str,fp,(void **)x,cb,u); \ +} #define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \ int PEM_write_##name(FILE *fp, type *x) \ { \ -return(PEM_ASN1_write((int (*)())i2d_##asn1,str,fp, (char *)x, \ - NULL,NULL,0,NULL,NULL)); \ -} +return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,NULL,NULL,0,NULL,NULL); \ +} + +#define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \ +int PEM_write_##name(FILE *fp, const type *x) \ +{ \ +return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,(void *)x,NULL,NULL,0,NULL,NULL); \ +} #define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \ int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ unsigned char *kstr, int klen, pem_password_cb *cb, \ void *u) \ { \ - return(PEM_ASN1_write((int (*)())i2d_##asn1,str,fp, \ - (char *)x,enc,kstr,klen,cb,u)); \ + return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \ + } + +#define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \ +int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, \ + void *u) \ + { \ + return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \ } -#endif #define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u)\ { \ -return((type *)PEM_ASN1_read_bio((char *(*)())d2i_##asn1, str,bp,\ - (char **)x,cb,u)); \ +return PEM_ASN1_read_bio((d2i_of_void *)d2i_##asn1, str,bp,(void **)x,cb,u); \ } #define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ int PEM_write_bio_##name(BIO *bp, type *x) \ { \ -return(PEM_ASN1_write_bio((int (*)())i2d_##asn1,str,bp, (char *)x, \ - NULL,NULL,0,NULL,NULL)); \ +return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,NULL,NULL,0,NULL,NULL); \ +} + +#define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ +int PEM_write_bio_##name(BIO *bp, const type *x) \ +{ \ +return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,NULL,NULL,0,NULL,NULL); \ } #define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \ { \ - return(PEM_ASN1_write_bio((int (*)())i2d_##asn1,str,bp, \ - (char *)x,enc,kstr,klen,cb,u)); \ + return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,enc,kstr,klen,cb,u); \ + } + +#define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ +int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ + unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \ + { \ + return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,enc,kstr,klen,cb,u); \ } #define IMPLEMENT_PEM_write(name, type, str, asn1) \ IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ - IMPLEMENT_PEM_write_fp(name, type, str, asn1) + IMPLEMENT_PEM_write_fp(name, type, str, asn1) + +#define IMPLEMENT_PEM_write_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) #define IMPLEMENT_PEM_write_cb(name, type, str, asn1) \ IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ - IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) + IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) + +#define IMPLEMENT_PEM_write_cb_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \ + IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) #define IMPLEMENT_PEM_read(name, type, str, asn1) \ IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ - IMPLEMENT_PEM_read_fp(name, type, str, asn1) + IMPLEMENT_PEM_read_fp(name, type, str, asn1) #define IMPLEMENT_PEM_rw(name, type, str, asn1) \ IMPLEMENT_PEM_read(name, type, str, asn1) \ IMPLEMENT_PEM_write(name, type, str, asn1) +#define IMPLEMENT_PEM_rw_const(name, type, str, asn1) \ + IMPLEMENT_PEM_read(name, type, str, asn1) \ + IMPLEMENT_PEM_write_const(name, type, str, asn1) + #define IMPLEMENT_PEM_rw_cb(name, type, str, asn1) \ IMPLEMENT_PEM_read(name, type, str, asn1) \ IMPLEMENT_PEM_write_cb(name, type, str, asn1) -/* These are the same except they are for the declarations */ - -#if defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_NO_FP_API) +#endif -#define DECLARE_PEM_read_fp(name, type) /**/ -#define DECLARE_PEM_write_fp(name, type) /**/ -#define DECLARE_PEM_write_cb_fp(name, type) /**/ +/* These are the same except they are for the declarations */ -#else #define DECLARE_PEM_read_fp(name, type) \ type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u); @@ -291,11 +317,13 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ #define DECLARE_PEM_write_fp(name, type) \ int PEM_write_##name(FILE *fp, type *x); +#define DECLARE_PEM_write_fp_const(name, type) \ + int PEM_write_##name(FILE *fp, const type *x); + #define DECLARE_PEM_write_cb_fp(name, type) \ int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ unsigned char *kstr, int klen, pem_password_cb *cb, void *u); -#endif #ifndef OPENSSL_NO_BIO #define DECLARE_PEM_read_bio(name, type) \ @@ -304,6 +332,9 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ #define DECLARE_PEM_write_bio(name, type) \ int PEM_write_bio_##name(BIO *bp, type *x); +#define DECLARE_PEM_write_bio_const(name, type) \ + int PEM_write_bio_##name(BIO *bp, const type *x); + #define DECLARE_PEM_write_cb_bio(name, type) \ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ unsigned char *kstr, int klen, pem_password_cb *cb, void *u); @@ -312,17 +343,22 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ #define DECLARE_PEM_read_bio(name, type) /**/ #define DECLARE_PEM_write_bio(name, type) /**/ +#define DECLARE_PEM_write_bio_const(name, type) /**/ #define DECLARE_PEM_write_cb_bio(name, type) /**/ #endif #define DECLARE_PEM_write(name, type) \ DECLARE_PEM_write_bio(name, type) \ - DECLARE_PEM_write_fp(name, type) + DECLARE_PEM_write_fp(name, type) + +#define DECLARE_PEM_write_const(name, type) \ + DECLARE_PEM_write_bio_const(name, type) \ + DECLARE_PEM_write_fp_const(name, type) #define DECLARE_PEM_write_cb(name, type) \ DECLARE_PEM_write_cb_bio(name, type) \ - DECLARE_PEM_write_cb_fp(name, type) + DECLARE_PEM_write_cb_fp(name, type) #define DECLARE_PEM_read(name, type) \ DECLARE_PEM_read_bio(name, type) \ @@ -332,214 +368,75 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ DECLARE_PEM_read(name, type) \ DECLARE_PEM_write(name, type) +#define DECLARE_PEM_rw_const(name, type) \ + DECLARE_PEM_read(name, type) \ + DECLARE_PEM_write_const(name, type) + #define DECLARE_PEM_rw_cb(name, type) \ DECLARE_PEM_read(name, type) \ DECLARE_PEM_write_cb(name, type) -#ifdef SSLEAY_MACROS - -#define PEM_write_SSL_SESSION(fp,x) \ - PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \ - PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL) -#define PEM_write_X509(fp,x) \ - PEM_ASN1_write((int (*)())i2d_X509,PEM_STRING_X509,fp, \ - (char *)x, NULL,NULL,0,NULL,NULL) -#define PEM_write_X509_REQ(fp,x) PEM_ASN1_write( \ - (int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,fp,(char *)x, \ - NULL,NULL,0,NULL,NULL) -#define PEM_write_X509_CRL(fp,x) \ - PEM_ASN1_write((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL, \ - fp,(char *)x, NULL,NULL,0,NULL,NULL) -#define PEM_write_RSAPrivateKey(fp,x,enc,kstr,klen,cb,u) \ - PEM_ASN1_write((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,fp,\ - (char *)x,enc,kstr,klen,cb,u) -#define PEM_write_RSAPublicKey(fp,x) \ - PEM_ASN1_write((int (*)())i2d_RSAPublicKey,\ - PEM_STRING_RSA_PUBLIC,fp,(char *)x,NULL,NULL,0,NULL,NULL) -#define PEM_write_DSAPrivateKey(fp,x,enc,kstr,klen,cb,u) \ - PEM_ASN1_write((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,fp,\ - (char *)x,enc,kstr,klen,cb,u) -#define PEM_write_PrivateKey(bp,x,enc,kstr,klen,cb,u) \ - PEM_ASN1_write((int (*)())i2d_PrivateKey,\ - (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\ - bp,(char *)x,enc,kstr,klen,cb,u) -#define PEM_write_PKCS7(fp,x) \ - PEM_ASN1_write((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,fp, \ - (char *)x, NULL,NULL,0,NULL,NULL) -#define PEM_write_DHparams(fp,x) \ - PEM_ASN1_write((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,fp,\ - (char *)x,NULL,NULL,0,NULL,NULL) - -#define PEM_write_NETSCAPE_CERT_SEQUENCE(fp,x) \ - PEM_ASN1_write((int (*)())i2d_NETSCAPE_CERT_SEQUENCE, \ - PEM_STRING_X509,fp, \ - (char *)x, NULL,NULL,0,NULL,NULL) - -#define PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \ - (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u) -#define PEM_read_X509(fp,x,cb,u) (X509 *)PEM_ASN1_read( \ - (char *(*)())d2i_X509,PEM_STRING_X509,fp,(char **)x,cb,u) -#define PEM_read_X509_REQ(fp,x,cb,u) (X509_REQ *)PEM_ASN1_read( \ - (char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,fp,(char **)x,cb,u) -#define PEM_read_X509_CRL(fp,x,cb,u) (X509_CRL *)PEM_ASN1_read( \ - (char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,fp,(char **)x,cb,u) -#define PEM_read_RSAPrivateKey(fp,x,cb,u) (RSA *)PEM_ASN1_read( \ - (char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,fp,(char **)x,cb,u) -#define PEM_read_RSAPublicKey(fp,x,cb,u) (RSA *)PEM_ASN1_read( \ - (char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,fp,(char **)x,cb,u) -#define PEM_read_DSAPrivateKey(fp,x,cb,u) (DSA *)PEM_ASN1_read( \ - (char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,fp,(char **)x,cb,u) -#define PEM_read_PrivateKey(fp,x,cb,u) (EVP_PKEY *)PEM_ASN1_read( \ - (char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,fp,(char **)x,cb,u) -#define PEM_read_PKCS7(fp,x,cb,u) (PKCS7 *)PEM_ASN1_read( \ - (char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,fp,(char **)x,cb,u) -#define PEM_read_DHparams(fp,x,cb,u) (DH *)PEM_ASN1_read( \ - (char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,fp,(char **)x,cb,u) - -#define PEM_read_NETSCAPE_CERT_SEQUENCE(fp,x,cb,u) \ - (NETSCAPE_CERT_SEQUENCE *)PEM_ASN1_read( \ - (char *(*)())d2i_NETSCAPE_CERT_SEQUENCE,PEM_STRING_X509,fp,\ - (char **)x,cb,u) - -#define PEM_write_bio_SSL_SESSION(bp,x) \ - PEM_ASN1_write_bio((int (*)())i2d_SSL_SESSION, \ - PEM_STRING_SSL_SESSION,bp, (char *)x, NULL,NULL,0,NULL,NULL) -#define PEM_write_bio_X509(bp,x) \ - PEM_ASN1_write_bio((int (*)())i2d_X509,PEM_STRING_X509,bp, \ - (char *)x, NULL,NULL,0,NULL,NULL) -#define PEM_write_bio_X509_REQ(bp,x) PEM_ASN1_write_bio( \ - (int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,bp,(char *)x, \ - NULL,NULL,0,NULL,NULL) -#define PEM_write_bio_X509_CRL(bp,x) \ - PEM_ASN1_write_bio((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL,\ - bp,(char *)x, NULL,NULL,0,NULL,NULL) -#define PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \ - PEM_ASN1_write_bio((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,\ - bp,(char *)x,enc,kstr,klen,cb,u) -#define PEM_write_bio_RSAPublicKey(bp,x) \ - PEM_ASN1_write_bio((int (*)())i2d_RSAPublicKey, \ - PEM_STRING_RSA_PUBLIC,\ - bp,(char *)x,NULL,NULL,0,NULL,NULL) -#define PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \ - PEM_ASN1_write_bio((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,\ - bp,(char *)x,enc,kstr,klen,cb,u) -#define PEM_write_bio_PrivateKey(bp,x,enc,kstr,klen,cb,u) \ - PEM_ASN1_write_bio((int (*)())i2d_PrivateKey,\ - (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\ - bp,(char *)x,enc,kstr,klen,cb,u) -#define PEM_write_bio_PKCS7(bp,x) \ - PEM_ASN1_write_bio((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,bp, \ - (char *)x, NULL,NULL,0,NULL,NULL) -#define PEM_write_bio_DHparams(bp,x) \ - PEM_ASN1_write_bio((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,\ - bp,(char *)x,NULL,NULL,0,NULL,NULL) -#define PEM_write_bio_DSAparams(bp,x) \ - PEM_ASN1_write_bio((int (*)())i2d_DSAparams, \ - PEM_STRING_DSAPARAMS,bp,(char *)x,NULL,NULL,0,NULL,NULL) - -#define PEM_write_bio_NETSCAPE_CERT_SEQUENCE(bp,x) \ - PEM_ASN1_write_bio((int (*)())i2d_NETSCAPE_CERT_SEQUENCE, \ - PEM_STRING_X509,bp, \ - (char *)x, NULL,NULL,0,NULL,NULL) - -#define PEM_read_bio_SSL_SESSION(bp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read_bio( \ - (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,(char **)x,cb,u) -#define PEM_read_bio_X509(bp,x,cb,u) (X509 *)PEM_ASN1_read_bio( \ - (char *(*)())d2i_X509,PEM_STRING_X509,bp,(char **)x,cb,u) -#define PEM_read_bio_X509_REQ(bp,x,cb,u) (X509_REQ *)PEM_ASN1_read_bio( \ - (char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,bp,(char **)x,cb,u) -#define PEM_read_bio_X509_CRL(bp,x,cb,u) (X509_CRL *)PEM_ASN1_read_bio( \ - (char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,bp,(char **)x,cb,u) -#define PEM_read_bio_RSAPrivateKey(bp,x,cb,u) (RSA *)PEM_ASN1_read_bio( \ - (char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,bp,(char **)x,cb,u) -#define PEM_read_bio_RSAPublicKey(bp,x,cb,u) (RSA *)PEM_ASN1_read_bio( \ - (char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,bp,(char **)x,cb,u) -#define PEM_read_bio_DSAPrivateKey(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \ - (char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,bp,(char **)x,cb,u) -#define PEM_read_bio_PrivateKey(bp,x,cb,u) (EVP_PKEY *)PEM_ASN1_read_bio( \ - (char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,bp,(char **)x,cb,u) - -#define PEM_read_bio_PKCS7(bp,x,cb,u) (PKCS7 *)PEM_ASN1_read_bio( \ - (char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,bp,(char **)x,cb,u) -#define PEM_read_bio_DHparams(bp,x,cb,u) (DH *)PEM_ASN1_read_bio( \ - (char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,bp,(char **)x,cb,u) -#define PEM_read_bio_DSAparams(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \ - (char *(*)())d2i_DSAparams,PEM_STRING_DSAPARAMS,bp,(char **)x,cb,u) - -#define PEM_read_bio_NETSCAPE_CERT_SEQUENCE(bp,x,cb,u) \ - (NETSCAPE_CERT_SEQUENCE *)PEM_ASN1_read_bio( \ - (char *(*)())d2i_NETSCAPE_CERT_SEQUENCE,PEM_STRING_X509,bp,\ - (char **)x,cb,u) - -#endif - -#if 1 -/* "userdata": new with OpenSSL 0.9.4 */ typedef int pem_password_cb(char *buf, int size, int rwflag, void *userdata); -#else -/* OpenSSL 0.9.3, 0.9.3a */ -typedef int pem_password_cb(char *buf, int size, int rwflag); -#endif int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher); -int PEM_do_header (EVP_CIPHER_INFO *cipher, unsigned char *data,long *len, - pem_password_cb *callback,void *u); +int PEM_do_header (EVP_CIPHER_INFO *cipher, unsigned char *data, long *len, + pem_password_cb *callback, void *u); #ifndef OPENSSL_NO_BIO int PEM_read_bio(BIO *bp, char **name, char **header, - unsigned char **data,long *len); -int PEM_write_bio(BIO *bp,const char *name,char *hdr,unsigned char *data, - long len); -int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char *name, BIO *bp, - pem_password_cb *cb, void *u); -char * PEM_ASN1_read_bio(char *(*d2i)(),const char *name,BIO *bp,char **x, - pem_password_cb *cb, void *u); -int PEM_ASN1_write_bio(int (*i2d)(),const char *name,BIO *bp,char *x, - const EVP_CIPHER *enc,unsigned char *kstr,int klen, - pem_password_cb *cb, void *u); -STACK_OF(X509_INFO) * PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u); -int PEM_X509_INFO_write_bio(BIO *bp,X509_INFO *xi, EVP_CIPHER *enc, - unsigned char *kstr, int klen, pem_password_cb *cd, void *u); + unsigned char **data, long *len); +int PEM_write_bio(BIO *bp, const char *name, const char *hdr, + const unsigned char *data, long len); +int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, + const char *name, BIO *bp, pem_password_cb *cb, void *u); +void * PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, + void **x, pem_password_cb *cb, void *u); +int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, void *x, + const EVP_CIPHER *enc, unsigned char *kstr, int klen, + pem_password_cb *cb, void *u); + +STACK_OF(X509_INFO) * PEM_X509_INFO_read_bio(BIO *bp, + STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u); +int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, + unsigned char *kstr, int klen, pem_password_cb *cd, void *u); #endif -#ifndef OPENSSL_SYS_WIN16 int PEM_read(FILE *fp, char **name, char **header, - unsigned char **data,long *len); -int PEM_write(FILE *fp,char *name,char *hdr,unsigned char *data,long len); -char * PEM_ASN1_read(char *(*d2i)(),const char *name,FILE *fp,char **x, - pem_password_cb *cb, void *u); -int PEM_ASN1_write(int (*i2d)(),const char *name,FILE *fp,char *x, - const EVP_CIPHER *enc,unsigned char *kstr,int klen, - pem_password_cb *callback, void *u); + unsigned char **data, long *len); +int PEM_write(FILE *fp, const char *name, const char *hdr, + const unsigned char *data, long len); +void * PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x, + pem_password_cb *cb, void *u); +int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp, + void *x, const EVP_CIPHER *enc, unsigned char *kstr, + int klen, pem_password_cb *callback, void *u); STACK_OF(X509_INFO) * PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, - pem_password_cb *cb, void *u); -#endif + pem_password_cb *cb, void *u); int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, - EVP_MD *md_type, unsigned char **ek, int *ekl, - unsigned char *iv, EVP_PKEY **pubk, int npubk); + EVP_MD *md_type, unsigned char **ek, int *ekl, + unsigned char *iv, EVP_PKEY **pubk, int npubk); void PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl, - unsigned char *in, int inl); -int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig,int *sigl, - unsigned char *out, int *outl, EVP_PKEY *priv); + unsigned char *in, int inl); +int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl, + unsigned char *out, int *outl, EVP_PKEY *priv); -void PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type); -void PEM_SignUpdate(EVP_MD_CTX *ctx,unsigned char *d,unsigned int cnt); +int PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type); +int PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *d, unsigned int cnt); int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, - unsigned int *siglen, EVP_PKEY *pkey); + unsigned int *siglen, EVP_PKEY *pkey); int PEM_def_callback(char *buf, int num, int w, void *key); void PEM_proc_type(char *buf, int type); void PEM_dek_info(char *buf, const char *type, int len, char *str); -#ifndef SSLEAY_MACROS - -#include DECLARE_PEM_rw(X509, X509) DECLARE_PEM_rw(X509_AUX, X509) +DECLARE_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR) + DECLARE_PEM_rw(X509_REQ, X509_REQ) DECLARE_PEM_write(X509_REQ_NEW, X509_REQ) @@ -557,7 +454,7 @@ DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO) DECLARE_PEM_rw_cb(RSAPrivateKey, RSA) -DECLARE_PEM_rw(RSAPublicKey, RSA) +DECLARE_PEM_rw_const(RSAPublicKey, RSA) DECLARE_PEM_rw(RSA_PUBKEY, RSA) #endif @@ -568,13 +465,19 @@ DECLARE_PEM_rw_cb(DSAPrivateKey, DSA) DECLARE_PEM_rw(DSA_PUBKEY, DSA) -DECLARE_PEM_rw(DSAparams, DSA) +DECLARE_PEM_rw_const(DSAparams, DSA) + +#endif +#ifndef OPENSSL_NO_EC +DECLARE_PEM_rw_const(ECPKParameters, EC_GROUP) +DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY) +DECLARE_PEM_rw(EC_PUBKEY, EC_KEY) #endif #ifndef OPENSSL_NO_DH -DECLARE_PEM_rw(DHparams, DH) +DECLARE_PEM_rw_const(DHparams, DH) #endif @@ -583,34 +486,50 @@ DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY) DECLARE_PEM_rw(PUBKEY, EVP_PKEY) int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid, - char *kstr, int klen, - pem_password_cb *cb, void *u); + char *kstr, int klen, + pem_password_cb *cb, void *u); int PEM_write_bio_PKCS8PrivateKey(BIO *, EVP_PKEY *, const EVP_CIPHER *, - char *, int, pem_password_cb *, void *); + char *, int, pem_password_cb *, void *); int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, - char *kstr, int klen, - pem_password_cb *cb, void *u); + char *kstr, int klen, + pem_password_cb *cb, void *u); int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid, - char *kstr, int klen, - pem_password_cb *cb, void *u); -EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u); + char *kstr, int klen, + pem_password_cb *cb, void *u); +EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, + void *u); int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, - char *kstr, int klen, - pem_password_cb *cb, void *u); + char *kstr, int klen, + pem_password_cb *cb, void *u); int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid, - char *kstr, int klen, - pem_password_cb *cb, void *u); + char *kstr, int klen, + pem_password_cb *cb, void *u); int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid, - char *kstr, int klen, - pem_password_cb *cb, void *u); + char *kstr, int klen, + pem_password_cb *cb, void *u); -EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u); +EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, + void *u); -int PEM_write_PKCS8PrivateKey(FILE *fp,EVP_PKEY *x,const EVP_CIPHER *enc, - char *kstr,int klen, pem_password_cb *cd, void *u); +int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, + char *kstr, int klen, pem_password_cb *cd, void *u); -#endif /* SSLEAY_MACROS */ +EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x); +int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x); + + +EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length); +EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length); +EVP_PKEY *b2i_PrivateKey_bio(BIO *in); +EVP_PKEY *b2i_PublicKey_bio(BIO *in); +int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk); +int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk); +#ifndef OPENSSL_NO_RC4 +EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u); +int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel, pem_password_cb *cb, + void *u); +#endif /* BEGIN ERROR CODES */ @@ -622,26 +541,43 @@ void ERR_load_PEM_strings(void); /* Error codes for the PEM functions. */ /* Function codes. */ +#define PEM_F_B2I_DSS 127 +#define PEM_F_B2I_PVK_BIO 128 +#define PEM_F_B2I_RSA 129 +#define PEM_F_CHECK_BITLEN_DSA 130 +#define PEM_F_CHECK_BITLEN_RSA 131 #define PEM_F_D2I_PKCS8PRIVATEKEY_BIO 120 #define PEM_F_D2I_PKCS8PRIVATEKEY_FP 121 -#define PEM_F_DEF_CALLBACK 100 +#define PEM_F_DO_B2I 132 +#define PEM_F_DO_B2I_BIO 133 +#define PEM_F_DO_BLOB_HEADER 134 +#define PEM_F_DO_PK8PKEY 126 +#define PEM_F_DO_PK8PKEY_FP 125 +#define PEM_F_DO_PVK_BODY 135 +#define PEM_F_DO_PVK_HEADER 136 +#define PEM_F_I2B_PVK 137 +#define PEM_F_I2B_PVK_BIO 138 #define PEM_F_LOAD_IV 101 #define PEM_F_PEM_ASN1_READ 102 #define PEM_F_PEM_ASN1_READ_BIO 103 #define PEM_F_PEM_ASN1_WRITE 104 #define PEM_F_PEM_ASN1_WRITE_BIO 105 +#define PEM_F_PEM_DEF_CALLBACK 100 #define PEM_F_PEM_DO_HEADER 106 -#define PEM_F_PEM_F_DO_PK8KEY_FP 122 #define PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY 118 #define PEM_F_PEM_GET_EVP_CIPHER_INFO 107 +#define PEM_F_PEM_PK8PKEY 119 #define PEM_F_PEM_READ 108 #define PEM_F_PEM_READ_BIO 109 +#define PEM_F_PEM_READ_BIO_PARAMETERS 140 +#define PEM_F_PEM_READ_BIO_PRIVATEKEY 123 +#define PEM_F_PEM_READ_PRIVATEKEY 124 #define PEM_F_PEM_SEALFINAL 110 #define PEM_F_PEM_SEALINIT 111 #define PEM_F_PEM_SIGNFINAL 112 #define PEM_F_PEM_WRITE 113 #define PEM_F_PEM_WRITE_BIO 114 -#define PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY 119 +#define PEM_F_PEM_WRITE_PRIVATEKEY 139 #define PEM_F_PEM_X509_INFO_READ 115 #define PEM_F_PEM_X509_INFO_READ_BIO 116 #define PEM_F_PEM_X509_INFO_WRITE_BIO 117 @@ -651,18 +587,30 @@ void ERR_load_PEM_strings(void); #define PEM_R_BAD_DECRYPT 101 #define PEM_R_BAD_END_LINE 102 #define PEM_R_BAD_IV_CHARS 103 +#define PEM_R_BAD_MAGIC_NUMBER 116 #define PEM_R_BAD_PASSWORD_READ 104 +#define PEM_R_BAD_VERSION_NUMBER 117 +#define PEM_R_BIO_WRITE_FAILURE 118 +#define PEM_R_CIPHER_IS_NULL 127 #define PEM_R_ERROR_CONVERTING_PRIVATE_KEY 115 +#define PEM_R_EXPECTING_PRIVATE_KEY_BLOB 119 +#define PEM_R_EXPECTING_PUBLIC_KEY_BLOB 120 +#define PEM_R_INCONSISTENT_HEADER 121 +#define PEM_R_KEYBLOB_HEADER_PARSE_ERROR 122 +#define PEM_R_KEYBLOB_TOO_SHORT 123 #define PEM_R_NOT_DEK_INFO 105 #define PEM_R_NOT_ENCRYPTED 106 #define PEM_R_NOT_PROC_TYPE 107 #define PEM_R_NO_START_LINE 108 #define PEM_R_PROBLEMS_GETTING_PASSWORD 109 #define PEM_R_PUBLIC_KEY_NO_RSA 110 +#define PEM_R_PVK_DATA_TOO_SHORT 124 +#define PEM_R_PVK_TOO_SHORT 125 #define PEM_R_READ_KEY 111 #define PEM_R_SHORT_HEADER 112 #define PEM_R_UNSUPPORTED_CIPHER 113 #define PEM_R_UNSUPPORTED_ENCRYPTION 114 +#define PEM_R_UNSUPPORTED_KEY_COMPONENTS 126 #ifdef __cplusplus } diff --git a/src/lib/libcrypto/pem/pem2.h b/src/lib/libcrypto/pem/pem2.h index 4e484bcd82a..19525b4a452 100644 --- a/src/lib/libcrypto/pem/pem2.h +++ b/src/lib/libcrypto/pem/pem2.h @@ -1,3 +1,4 @@ +/* $OpenBSD: pem2.h,v 1.5 2014/06/12 15:49:30 deraadt Exp $ */ /* ==================================================================== * Copyright (c) 1999 The OpenSSL Project. All rights reserved. * @@ -6,7 +7,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -61,7 +62,9 @@ extern "C" { #endif +#ifndef HEADER_PEM_H void ERR_load_PEM_strings(void); +#endif #ifdef __cplusplus } diff --git a/src/lib/libcrypto/pem/pem_all.c b/src/lib/libcrypto/pem/pem_all.c index e72b7134cec..f5211f29a67 100644 --- a/src/lib/libcrypto/pem/pem_all.c +++ b/src/lib/libcrypto/pem/pem_all.c @@ -1,25 +1,25 @@ -/* crypto/pem/pem_all.c */ +/* $OpenBSD: pem_all.c,v 1.17 2016/09/04 16:10:38 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,21 +49,85 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ #include -#undef SSLEAY_MACROS -#include "cryptlib.h" + +#include + #include #include -#include -#include #include +#include +#include + +#ifndef OPENSSL_NO_DH +#include +#endif +#ifndef OPENSSL_NO_DSA +#include +#endif +#ifndef OPENSSL_NO_RSA +#include +#endif #ifndef OPENSSL_NO_RSA static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa); @@ -72,17 +136,136 @@ static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa); static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa); #endif -IMPLEMENT_PEM_rw(X509_REQ, X509_REQ, PEM_STRING_X509_REQ, X509_REQ) +#ifndef OPENSSL_NO_EC +static EC_KEY *pkey_get_eckey(EVP_PKEY *key, EC_KEY **eckey); +#endif + + +X509_REQ * +PEM_read_X509_REQ(FILE *fp, X509_REQ **x, pem_password_cb *cb, void *u) +{ + return PEM_ASN1_read((d2i_of_void *)d2i_X509_REQ, PEM_STRING_X509_REQ, fp, + (void **)x, cb, u); +} + +int +PEM_write_X509_REQ(FILE *fp, X509_REQ *x) +{ + return PEM_ASN1_write((i2d_of_void *)i2d_X509_REQ, PEM_STRING_X509_REQ, fp, + x, NULL, NULL, 0, NULL, NULL); +} + +X509_REQ * +PEM_read_bio_X509_REQ(BIO *bp, X509_REQ **x, pem_password_cb *cb, void *u) +{ + return PEM_ASN1_read_bio((d2i_of_void *)d2i_X509_REQ, PEM_STRING_X509_REQ, bp, + (void **)x, cb, u); +} -IMPLEMENT_PEM_write(X509_REQ_NEW, X509_REQ, PEM_STRING_X509_REQ_OLD, X509_REQ) +int +PEM_write_bio_X509_REQ(BIO *bp, X509_REQ *x) +{ + return PEM_ASN1_write_bio((i2d_of_void *)i2d_X509_REQ, PEM_STRING_X509_REQ, bp, + x, NULL, NULL, 0, NULL, NULL); +} -IMPLEMENT_PEM_rw(X509_CRL, X509_CRL, PEM_STRING_X509_CRL, X509_CRL) +int +PEM_write_X509_REQ_NEW(FILE *fp, X509_REQ *x) +{ + return PEM_ASN1_write((i2d_of_void *)i2d_X509_REQ, PEM_STRING_X509_REQ_OLD, fp, + x, NULL, NULL, 0, NULL, NULL); +} -IMPLEMENT_PEM_rw(PKCS7, PKCS7, PEM_STRING_PKCS7, PKCS7) +int +PEM_write_bio_X509_REQ_NEW(BIO *bp, X509_REQ *x) +{ + return PEM_ASN1_write_bio((i2d_of_void *)i2d_X509_REQ, PEM_STRING_X509_REQ_OLD, bp, + x, NULL, NULL, 0, NULL, NULL); +} -IMPLEMENT_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE, - PEM_STRING_X509, NETSCAPE_CERT_SEQUENCE) +X509_CRL * +PEM_read_X509_CRL(FILE *fp, X509_CRL **x, pem_password_cb *cb, void *u) +{ + return PEM_ASN1_read((d2i_of_void *)d2i_X509_CRL, PEM_STRING_X509_CRL, fp, + (void **)x, cb, u); +} +int +PEM_write_X509_CRL(FILE *fp, X509_CRL *x) +{ + return PEM_ASN1_write((i2d_of_void *)i2d_X509_CRL, PEM_STRING_X509_CRL, fp, + x, NULL, NULL, 0, NULL, NULL); +} + +X509_CRL * +PEM_read_bio_X509_CRL(BIO *bp, X509_CRL **x, pem_password_cb *cb, void *u) +{ + return PEM_ASN1_read_bio((d2i_of_void *)d2i_X509_CRL, PEM_STRING_X509_CRL, bp, + (void **)x, cb, u); +} + +int +PEM_write_bio_X509_CRL(BIO *bp, X509_CRL *x) +{ + return PEM_ASN1_write_bio((i2d_of_void *)i2d_X509_CRL, PEM_STRING_X509_CRL, bp, + x, NULL, NULL, 0, NULL, NULL); +} + +PKCS7 * +PEM_read_PKCS7(FILE *fp, PKCS7 **x, pem_password_cb *cb, void *u) +{ + return PEM_ASN1_read((d2i_of_void *)d2i_PKCS7, PEM_STRING_PKCS7, fp, + (void **)x, cb, u); +} + +int +PEM_write_PKCS7(FILE *fp, PKCS7 *x) +{ + return PEM_ASN1_write((i2d_of_void *)i2d_PKCS7, PEM_STRING_PKCS7, fp, + x, NULL, NULL, 0, NULL, NULL); +} + +PKCS7 * +PEM_read_bio_PKCS7(BIO *bp, PKCS7 **x, pem_password_cb *cb, void *u) +{ + return PEM_ASN1_read_bio((d2i_of_void *)d2i_PKCS7, PEM_STRING_PKCS7, bp, + (void **)x, cb, u); +} + +int +PEM_write_bio_PKCS7(BIO *bp, PKCS7 *x) +{ + return PEM_ASN1_write_bio((i2d_of_void *)i2d_PKCS7, PEM_STRING_PKCS7, bp, + x, NULL, NULL, 0, NULL, NULL); +} + +int +PEM_write_NETSCAPE_CERT_SEQUENCE(FILE *fp, NETSCAPE_CERT_SEQUENCE *x) +{ + return PEM_ASN1_write((i2d_of_void *)i2d_NETSCAPE_CERT_SEQUENCE, PEM_STRING_X509, fp, + x, NULL, NULL, 0, NULL, NULL); +} + +NETSCAPE_CERT_SEQUENCE * +PEM_read_NETSCAPE_CERT_SEQUENCE(FILE *fp, NETSCAPE_CERT_SEQUENCE **x, pem_password_cb *cb, void *u) +{ + return PEM_ASN1_read((d2i_of_void *)d2i_NETSCAPE_CERT_SEQUENCE, PEM_STRING_X509, fp, + (void **)x, cb, u); +} + +NETSCAPE_CERT_SEQUENCE * +PEM_read_bio_NETSCAPE_CERT_SEQUENCE(BIO *bp, NETSCAPE_CERT_SEQUENCE **x, pem_password_cb *cb, void *u) +{ + return PEM_ASN1_read_bio((d2i_of_void *)d2i_NETSCAPE_CERT_SEQUENCE, PEM_STRING_X509, bp, + (void **)x, cb, u); +} + +int +PEM_write_bio_NETSCAPE_CERT_SEQUENCE(BIO *bp, NETSCAPE_CERT_SEQUENCE *x) +{ + return PEM_ASN1_write_bio((i2d_of_void *)i2d_NETSCAPE_CERT_SEQUENCE, PEM_STRING_X509, bp, + x, NULL, NULL, 0, NULL, NULL); +} #ifndef OPENSSL_NO_RSA @@ -94,103 +277,398 @@ IMPLEMENT_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE, * transparently. */ -static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa) +static RSA * +pkey_get_rsa(EVP_PKEY *key, RSA **rsa) { RSA *rtmp; - if(!key) return NULL; + + if (!key) + return NULL; rtmp = EVP_PKEY_get1_RSA(key); EVP_PKEY_free(key); - if(!rtmp) return NULL; - if(rsa) { + if (!rtmp) + return NULL; + if (rsa) { RSA_free(*rsa); *rsa = rtmp; } return rtmp; } -RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **rsa, pem_password_cb *cb, - void *u) +RSA * +PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb, void *u) { EVP_PKEY *pktmp; - pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u); + + pktmp = PEM_read_PrivateKey(fp, NULL, cb, u); return pkey_get_rsa(pktmp, rsa); } -#ifndef OPENSSL_NO_FP_API +int +PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc, + unsigned char *kstr, int klen, pem_password_cb *cb, void *u) +{ + return PEM_ASN1_write((i2d_of_void *)i2d_RSAPrivateKey, PEM_STRING_RSA, fp, + x, enc, kstr, klen, cb, u); +} -RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb, - void *u) +RSA * +PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **rsa, pem_password_cb *cb, void *u) { EVP_PKEY *pktmp; - pktmp = PEM_read_PrivateKey(fp, NULL, cb, u); + + pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u); return pkey_get_rsa(pktmp, rsa); } -#endif +int +PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, + const EVP_CIPHER *enc, unsigned char *kstr, int klen, pem_password_cb *cb, + void *u) +{ + return PEM_ASN1_write_bio((i2d_of_void *)i2d_RSAPrivateKey, PEM_STRING_RSA, bp, + x, enc, kstr, klen, cb, u); +} -IMPLEMENT_PEM_write_cb(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey) -IMPLEMENT_PEM_rw(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey) -IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY) +RSA * +PEM_read_RSAPublicKey(FILE *fp, RSA **x, pem_password_cb *cb, void *u) +{ + return PEM_ASN1_read((d2i_of_void *)d2i_RSAPublicKey, PEM_STRING_RSA_PUBLIC, fp, + (void **)x, cb, u); +} + +int +PEM_write_RSAPublicKey(FILE *fp, const RSA *x) +{ + return PEM_ASN1_write((i2d_of_void *)i2d_RSAPublicKey, PEM_STRING_RSA_PUBLIC, fp, + (void *)x, NULL, NULL, 0, NULL, NULL); +} + +RSA * +PEM_read_bio_RSAPublicKey(BIO *bp, RSA **x, pem_password_cb *cb, void *u) +{ + return PEM_ASN1_read_bio((d2i_of_void *)d2i_RSAPublicKey, PEM_STRING_RSA_PUBLIC, bp, + (void **)x, cb, u); +} + +int +PEM_write_bio_RSAPublicKey(BIO *bp, const RSA *x) +{ + return PEM_ASN1_write_bio((i2d_of_void *)i2d_RSAPublicKey, PEM_STRING_RSA_PUBLIC, bp, + (void *)x, NULL, NULL, 0, NULL, NULL); +} + +RSA * +PEM_read_RSA_PUBKEY(FILE *fp, RSA **x, pem_password_cb *cb, void *u) +{ + return PEM_ASN1_read((d2i_of_void *)d2i_RSA_PUBKEY, PEM_STRING_PUBLIC, fp, + (void **)x, cb, u); +} + +int +PEM_write_RSA_PUBKEY(FILE *fp, RSA *x) +{ + return PEM_ASN1_write((i2d_of_void *)i2d_RSA_PUBKEY, PEM_STRING_PUBLIC, fp, + x, NULL, NULL, 0, NULL, NULL); +} + +RSA * +PEM_read_bio_RSA_PUBKEY(BIO *bp, RSA **x, pem_password_cb *cb, void *u) +{ + return PEM_ASN1_read_bio((d2i_of_void *)d2i_RSA_PUBKEY, PEM_STRING_PUBLIC, bp, + (void **)x, cb, u); +} + +int +PEM_write_bio_RSA_PUBKEY(BIO *bp, RSA *x) +{ + return PEM_ASN1_write_bio((i2d_of_void *)i2d_RSA_PUBKEY, PEM_STRING_PUBLIC, bp, + x, NULL, NULL, 0, NULL, NULL); +} #endif #ifndef OPENSSL_NO_DSA -static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa) +static DSA * +pkey_get_dsa(EVP_PKEY *key, DSA **dsa) { DSA *dtmp; - if(!key) return NULL; + + if (!key) + return NULL; dtmp = EVP_PKEY_get1_DSA(key); EVP_PKEY_free(key); - if(!dtmp) return NULL; - if(dsa) { + if (!dtmp) + return NULL; + if (dsa) { DSA_free(*dsa); *dsa = dtmp; } return dtmp; } -DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb, - void *u) +DSA * +PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb, void *u) +{ + EVP_PKEY *pktmp; + + pktmp = PEM_read_PrivateKey(fp, NULL, cb, u); + return pkey_get_dsa(pktmp, dsa); /* will free pktmp */ +} + +int +PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc, + unsigned char *kstr, int klen, pem_password_cb *cb, void *u) +{ + return PEM_ASN1_write((i2d_of_void *)i2d_DSAPrivateKey, PEM_STRING_DSA, fp, + x, enc, kstr, klen, cb, u); +} + +DSA * +PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb, void *u) { EVP_PKEY *pktmp; + pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u); - return pkey_get_dsa(pktmp, dsa); + return pkey_get_dsa(pktmp, dsa); /* will free pktmp */ +} + +int +PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, + const EVP_CIPHER *enc, unsigned char *kstr, int klen, pem_password_cb *cb, + void *u) +{ + return PEM_ASN1_write_bio((i2d_of_void *)i2d_DSAPrivateKey, PEM_STRING_DSA, bp, + x, enc, kstr, klen, cb, u); +} + +DSA * +PEM_read_DSA_PUBKEY(FILE *fp, DSA **x, pem_password_cb *cb, void *u) +{ + return PEM_ASN1_read((d2i_of_void *)d2i_DSA_PUBKEY, PEM_STRING_PUBLIC, fp, + (void **)x, cb, u); +} + +int +PEM_write_DSA_PUBKEY(FILE *fp, DSA *x) +{ + return PEM_ASN1_write((i2d_of_void *)i2d_DSA_PUBKEY, PEM_STRING_PUBLIC, fp, + x, NULL, NULL, 0, NULL, NULL); +} + +int +PEM_write_bio_DSA_PUBKEY(BIO *bp, DSA *x) +{ + return PEM_ASN1_write_bio((i2d_of_void *)i2d_DSA_PUBKEY, PEM_STRING_PUBLIC, bp, + x, NULL, NULL, 0, NULL, NULL); +} + +DSA * +PEM_read_bio_DSA_PUBKEY(BIO *bp, DSA **x, pem_password_cb *cb, void *u) +{ + return PEM_ASN1_read_bio((d2i_of_void *)d2i_DSA_PUBKEY, PEM_STRING_PUBLIC, bp, + (void **)x, cb, u); +} + +DSA * +PEM_read_DSAparams(FILE *fp, DSA **x, pem_password_cb *cb, void *u) +{ + return PEM_ASN1_read((d2i_of_void *)d2i_DSAparams, PEM_STRING_DSAPARAMS, fp, + (void **)x, cb, u); +} + +int +PEM_write_DSAparams(FILE *fp, const DSA *x) +{ + return PEM_ASN1_write((i2d_of_void *)i2d_DSAparams, PEM_STRING_DSAPARAMS, fp, + (void *)x, NULL, NULL, 0, NULL, NULL); +} + +DSA * +PEM_read_bio_DSAparams(BIO *bp, DSA **x, pem_password_cb *cb, void *u) +{ + return PEM_ASN1_read_bio((d2i_of_void *)d2i_DSAparams, PEM_STRING_DSAPARAMS, bp, + (void **)x, cb, u); +} + +int +PEM_write_bio_DSAparams(BIO *bp, const DSA *x) +{ + return PEM_ASN1_write_bio((i2d_of_void *)i2d_DSAparams, PEM_STRING_DSAPARAMS, bp, + (void *)x, NULL, NULL, 0, NULL, NULL); +} + +#endif + + +#ifndef OPENSSL_NO_EC +static EC_KEY * +pkey_get_eckey(EVP_PKEY *key, EC_KEY **eckey) +{ + EC_KEY *dtmp; + + if (!key) + return NULL; + dtmp = EVP_PKEY_get1_EC_KEY(key); + EVP_PKEY_free(key); + if (!dtmp) + return NULL; + if (eckey) { + EC_KEY_free(*eckey); + *eckey = dtmp; + } + return dtmp; +} + +EC_GROUP * +PEM_read_ECPKParameters(FILE *fp, EC_GROUP **x, pem_password_cb *cb, void *u) +{ + return PEM_ASN1_read((d2i_of_void *)d2i_ECPKParameters, PEM_STRING_ECPARAMETERS, fp, + (void **)x, cb, u); +} + +int +PEM_write_ECPKParameters(FILE *fp, const EC_GROUP *x) +{ + return PEM_ASN1_write((i2d_of_void *)i2d_ECPKParameters, PEM_STRING_ECPARAMETERS, fp, + (void *)x, NULL, NULL, 0, NULL, NULL); } -IMPLEMENT_PEM_write_cb(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey) -IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY) +EC_GROUP * +PEM_read_bio_ECPKParameters(BIO *bp, EC_GROUP **x, pem_password_cb *cb, void *u) +{ + return PEM_ASN1_read_bio((d2i_of_void *)d2i_ECPKParameters, PEM_STRING_ECPARAMETERS, bp, + (void **)x, cb, u); +} -#ifndef OPENSSL_NO_FP_API +int +PEM_write_bio_ECPKParameters(BIO *bp, const EC_GROUP *x) +{ + return PEM_ASN1_write_bio((i2d_of_void *)i2d_ECPKParameters, PEM_STRING_ECPARAMETERS, bp, + (void *)x, NULL, NULL, 0, NULL, NULL); +} -DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb, - void *u) +EC_KEY * +PEM_read_ECPrivateKey(FILE *fp, EC_KEY **eckey, pem_password_cb *cb, void *u) { EVP_PKEY *pktmp; + pktmp = PEM_read_PrivateKey(fp, NULL, cb, u); - return pkey_get_dsa(pktmp, dsa); + return pkey_get_eckey(pktmp, eckey); /* will free pktmp */ } -#endif +int +PEM_write_ECPrivateKey(FILE *fp, EC_KEY *x, const EVP_CIPHER *enc, + unsigned char *kstr, int klen, pem_password_cb *cb, void *u) +{ + return PEM_ASN1_write((i2d_of_void *)i2d_ECPrivateKey, PEM_STRING_ECPRIVATEKEY, fp, + x, enc, kstr, klen, cb, u); +} + +EC_KEY * +PEM_read_bio_ECPrivateKey(BIO *bp, EC_KEY **key, pem_password_cb *cb, void *u) +{ + EVP_PKEY *pktmp; + pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u); + return pkey_get_eckey(pktmp, key); /* will free pktmp */ +} -IMPLEMENT_PEM_rw(DSAparams, DSA, PEM_STRING_DSAPARAMS, DSAparams) +int +PEM_write_bio_ECPrivateKey(BIO *bp, EC_KEY *x, + const EVP_CIPHER *enc, unsigned char *kstr, int klen, pem_password_cb *cb, + void *u) +{ + return PEM_ASN1_write_bio((i2d_of_void *)i2d_ECPrivateKey, PEM_STRING_ECPRIVATEKEY, bp, + x, enc, kstr, klen, cb, u); +} + +EC_KEY * +PEM_read_EC_PUBKEY(FILE *fp, EC_KEY **x, pem_password_cb *cb, void *u) +{ + return PEM_ASN1_read((d2i_of_void *)d2i_EC_PUBKEY, PEM_STRING_PUBLIC, fp, + (void **)x, cb, u); +} + +int +PEM_write_EC_PUBKEY(FILE *fp, EC_KEY *x) +{ + return PEM_ASN1_write((i2d_of_void *)i2d_EC_PUBKEY, PEM_STRING_PUBLIC, fp, + x, NULL, NULL, 0, NULL, NULL); +} + +EC_KEY * +PEM_read_bio_EC_PUBKEY(BIO *bp, EC_KEY **x, pem_password_cb *cb, void *u) +{ + return PEM_ASN1_read_bio((d2i_of_void *)d2i_EC_PUBKEY, PEM_STRING_PUBLIC, bp, + (void **)x, cb, u); +} + +int +PEM_write_bio_EC_PUBKEY(BIO *bp, EC_KEY *x) +{ + return PEM_ASN1_write_bio((i2d_of_void *)i2d_EC_PUBKEY, PEM_STRING_PUBLIC, bp, + x, NULL, NULL, 0, NULL, NULL); +} #endif #ifndef OPENSSL_NO_DH -IMPLEMENT_PEM_rw(DHparams, DH, PEM_STRING_DHPARAMS, DHparams) +DH * +PEM_read_DHparams(FILE *fp, DH **x, pem_password_cb *cb, void *u) +{ + return PEM_ASN1_read((d2i_of_void *)d2i_DHparams, PEM_STRING_DHPARAMS, fp, + (void **)x, cb, u); +} + +int +PEM_write_DHparams(FILE *fp, const DH *x) +{ + return PEM_ASN1_write((i2d_of_void *)i2d_DHparams, PEM_STRING_DHPARAMS, fp, + (void *)x, NULL, NULL, 0, NULL, NULL); +} + +DH * +PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u) +{ + return PEM_ASN1_read_bio((d2i_of_void *)d2i_DHparams, PEM_STRING_DHPARAMS, bp, + (void **)x, cb, u); +} + +int +PEM_write_bio_DHparams(BIO *bp, const DH *x) +{ + return PEM_ASN1_write_bio((i2d_of_void *)i2d_DHparams, PEM_STRING_DHPARAMS, bp, + (void *)x, NULL, NULL, 0, NULL, NULL); +} #endif +EVP_PKEY * +PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u) +{ + return PEM_ASN1_read((d2i_of_void *)d2i_PUBKEY, PEM_STRING_PUBLIC, fp, + (void **)x, cb, u); +} -/* The PrivateKey case is not that straightforward. - * IMPLEMENT_PEM_rw_cb(PrivateKey, EVP_PKEY, PEM_STRING_EVP_PKEY, PrivateKey) - * does not work, RSA and DSA keys have specific strings. - * (When reading, parameter PEM_STRING_EVP_PKEY is a wildcard for anything - * appropriate.) - */ -IMPLEMENT_PEM_write_cb(PrivateKey, EVP_PKEY, ((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA), PrivateKey) +int +PEM_write_PUBKEY(FILE *fp, EVP_PKEY *x) +{ + return PEM_ASN1_write((i2d_of_void *)i2d_PUBKEY, PEM_STRING_PUBLIC, fp, + x, NULL, NULL, 0, NULL, NULL); +} -IMPLEMENT_PEM_rw(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY) +EVP_PKEY * +PEM_read_bio_PUBKEY(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u) +{ + return PEM_ASN1_read_bio((d2i_of_void *)d2i_PUBKEY, PEM_STRING_PUBLIC, bp, + (void **)x, cb, u); +} +int +PEM_write_bio_PUBKEY(BIO *bp, EVP_PKEY *x) +{ + return PEM_ASN1_write_bio((i2d_of_void *)i2d_PUBKEY, PEM_STRING_PUBLIC, bp, + x, NULL, NULL, 0, NULL, NULL); +} diff --git a/src/lib/libcrypto/pem/pem_err.c b/src/lib/libcrypto/pem/pem_err.c index 3b39b84d66e..8d3c278b54b 100644 --- a/src/lib/libcrypto/pem/pem_err.c +++ b/src/lib/libcrypto/pem/pem_err.c @@ -1,13 +1,13 @@ -/* crypto/pem/pem_err.c */ +/* $OpenBSD: pem_err.c,v 1.12 2017/01/29 17:49:23 beck Exp $ */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -59,73 +59,64 @@ */ #include + +#include + #include #include /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -static ERR_STRING_DATA PEM_str_functs[]= - { -{ERR_PACK(0,PEM_F_D2I_PKCS8PRIVATEKEY_BIO,0), "d2i_PKCS8PrivateKey_bio"}, -{ERR_PACK(0,PEM_F_D2I_PKCS8PRIVATEKEY_FP,0), "d2i_PKCS8PrivateKey_fp"}, -{ERR_PACK(0,PEM_F_DEF_CALLBACK,0), "DEF_CALLBACK"}, -{ERR_PACK(0,PEM_F_LOAD_IV,0), "LOAD_IV"}, -{ERR_PACK(0,PEM_F_PEM_ASN1_READ,0), "PEM_ASN1_read"}, -{ERR_PACK(0,PEM_F_PEM_ASN1_READ_BIO,0), "PEM_ASN1_read_bio"}, -{ERR_PACK(0,PEM_F_PEM_ASN1_WRITE,0), "PEM_ASN1_write"}, -{ERR_PACK(0,PEM_F_PEM_ASN1_WRITE_BIO,0), "PEM_ASN1_write_bio"}, -{ERR_PACK(0,PEM_F_PEM_DO_HEADER,0), "PEM_do_header"}, -{ERR_PACK(0,PEM_F_PEM_F_DO_PK8KEY_FP,0), "PEM_F_DO_PK8KEY_FP"}, -{ERR_PACK(0,PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY,0), "PEM_F_PEM_WRITE_PKCS8PRIVATEKEY"}, -{ERR_PACK(0,PEM_F_PEM_GET_EVP_CIPHER_INFO,0), "PEM_get_EVP_CIPHER_INFO"}, -{ERR_PACK(0,PEM_F_PEM_READ,0), "PEM_read"}, -{ERR_PACK(0,PEM_F_PEM_READ_BIO,0), "PEM_read_bio"}, -{ERR_PACK(0,PEM_F_PEM_SEALFINAL,0), "PEM_SealFinal"}, -{ERR_PACK(0,PEM_F_PEM_SEALINIT,0), "PEM_SealInit"}, -{ERR_PACK(0,PEM_F_PEM_SIGNFINAL,0), "PEM_SignFinal"}, -{ERR_PACK(0,PEM_F_PEM_WRITE,0), "PEM_write"}, -{ERR_PACK(0,PEM_F_PEM_WRITE_BIO,0), "PEM_write_bio"}, -{ERR_PACK(0,PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY,0), "PEM_write_bio_PKCS8PrivateKey"}, -{ERR_PACK(0,PEM_F_PEM_X509_INFO_READ,0), "PEM_X509_INFO_read"}, -{ERR_PACK(0,PEM_F_PEM_X509_INFO_READ_BIO,0), "PEM_X509_INFO_read_bio"}, -{ERR_PACK(0,PEM_F_PEM_X509_INFO_WRITE_BIO,0), "PEM_X509_INFO_write_bio"}, -{0,NULL} - }; -static ERR_STRING_DATA PEM_str_reasons[]= - { -{PEM_R_BAD_BASE64_DECODE ,"bad base64 decode"}, -{PEM_R_BAD_DECRYPT ,"bad decrypt"}, -{PEM_R_BAD_END_LINE ,"bad end line"}, -{PEM_R_BAD_IV_CHARS ,"bad iv chars"}, -{PEM_R_BAD_PASSWORD_READ ,"bad password read"}, -{PEM_R_ERROR_CONVERTING_PRIVATE_KEY ,"error converting private key"}, -{PEM_R_NOT_DEK_INFO ,"not dek info"}, -{PEM_R_NOT_ENCRYPTED ,"not encrypted"}, -{PEM_R_NOT_PROC_TYPE ,"not proc type"}, -{PEM_R_NO_START_LINE ,"no start line"}, -{PEM_R_PROBLEMS_GETTING_PASSWORD ,"problems getting password"}, -{PEM_R_PUBLIC_KEY_NO_RSA ,"public key no rsa"}, -{PEM_R_READ_KEY ,"read key"}, -{PEM_R_SHORT_HEADER ,"short header"}, -{PEM_R_UNSUPPORTED_CIPHER ,"unsupported cipher"}, -{PEM_R_UNSUPPORTED_ENCRYPTION ,"unsupported encryption"}, -{0,NULL} - }; +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PEM,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PEM,0,reason) -#endif +static ERR_STRING_DATA PEM_str_functs[] = { + {ERR_FUNC(0xfff), "CRYPTO_internal"}, + {0, NULL} +}; -void ERR_load_PEM_strings(void) - { - static int init=1; +static ERR_STRING_DATA PEM_str_reasons[] = { + {ERR_REASON(PEM_R_BAD_BASE64_DECODE) , "bad base64 decode"}, + {ERR_REASON(PEM_R_BAD_DECRYPT) , "bad decrypt"}, + {ERR_REASON(PEM_R_BAD_END_LINE) , "bad end line"}, + {ERR_REASON(PEM_R_BAD_IV_CHARS) , "bad iv chars"}, + {ERR_REASON(PEM_R_BAD_MAGIC_NUMBER) , "bad magic number"}, + {ERR_REASON(PEM_R_BAD_PASSWORD_READ) , "bad password read"}, + {ERR_REASON(PEM_R_BAD_VERSION_NUMBER) , "bad version number"}, + {ERR_REASON(PEM_R_BIO_WRITE_FAILURE) , "bio write failure"}, + {ERR_REASON(PEM_R_CIPHER_IS_NULL) , "cipher is null"}, + {ERR_REASON(PEM_R_ERROR_CONVERTING_PRIVATE_KEY), "error converting private key"}, + {ERR_REASON(PEM_R_EXPECTING_PRIVATE_KEY_BLOB), "expecting private key blob"}, + {ERR_REASON(PEM_R_EXPECTING_PUBLIC_KEY_BLOB), "expecting public key blob"}, + {ERR_REASON(PEM_R_INCONSISTENT_HEADER) , "inconsistent header"}, + {ERR_REASON(PEM_R_KEYBLOB_HEADER_PARSE_ERROR), "keyblob header parse error"}, + {ERR_REASON(PEM_R_KEYBLOB_TOO_SHORT) , "keyblob too short"}, + {ERR_REASON(PEM_R_NOT_DEK_INFO) , "not dek info"}, + {ERR_REASON(PEM_R_NOT_ENCRYPTED) , "not encrypted"}, + {ERR_REASON(PEM_R_NOT_PROC_TYPE) , "not proc type"}, + {ERR_REASON(PEM_R_NO_START_LINE) , "no start line"}, + {ERR_REASON(PEM_R_PROBLEMS_GETTING_PASSWORD), "problems getting password"}, + {ERR_REASON(PEM_R_PUBLIC_KEY_NO_RSA) , "public key no rsa"}, + {ERR_REASON(PEM_R_PVK_DATA_TOO_SHORT) , "pvk data too short"}, + {ERR_REASON(PEM_R_PVK_TOO_SHORT) , "pvk too short"}, + {ERR_REASON(PEM_R_READ_KEY) , "read key"}, + {ERR_REASON(PEM_R_SHORT_HEADER) , "short header"}, + {ERR_REASON(PEM_R_UNSUPPORTED_CIPHER) , "unsupported cipher"}, + {ERR_REASON(PEM_R_UNSUPPORTED_ENCRYPTION), "unsupported encryption"}, + {ERR_REASON(PEM_R_UNSUPPORTED_KEY_COMPONENTS), "unsupported key components"}, + {0, NULL} +}; - if (init) - { - init=0; -#ifndef OPENSSL_NO_ERR - ERR_load_strings(ERR_LIB_PEM,PEM_str_functs); - ERR_load_strings(ERR_LIB_PEM,PEM_str_reasons); #endif - } +void +ERR_load_PEM_strings(void) +{ +#ifndef OPENSSL_NO_ERR + if (ERR_func_error_string(PEM_str_functs[0].error) == NULL) { + ERR_load_strings(0, PEM_str_functs); + ERR_load_strings(0, PEM_str_reasons); } +#endif +} diff --git a/src/lib/libcrypto/pem/pem_info.c b/src/lib/libcrypto/pem/pem_info.c index 9a6dffb45cf..f02aaa8bb4b 100644 --- a/src/lib/libcrypto/pem/pem_info.c +++ b/src/lib/libcrypto/pem/pem_info.c @@ -1,25 +1,25 @@ -/* crypto/pem/pem_info.c */ +/* $OpenBSD: pem_info.c,v 1.22 2017/01/29 17:49:23 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,296 +57,331 @@ */ #include -#include "cryptlib.h" +#include + +#include + #include -#include +#include #include -#include +#include #include +#include -#ifndef OPENSSL_NO_FP_API -STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u) - { - BIO *b; - STACK_OF(X509_INFO) *ret; +#ifndef OPENSSL_NO_DSA +#include +#endif +#ifndef OPENSSL_NO_RSA +#include +#endif - if ((b=BIO_new(BIO_s_file())) == NULL) - { - PEMerr(PEM_F_PEM_X509_INFO_READ,ERR_R_BUF_LIB); - return(0); - } - BIO_set_fp(b,fp,BIO_NOCLOSE); - ret=PEM_X509_INFO_read_bio(b,sk,cb,u); - BIO_free(b); - return(ret); +STACK_OF(X509_INFO) * +PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, + void *u) +{ + BIO *b; + STACK_OF(X509_INFO) *ret; + + if ((b = BIO_new(BIO_s_file())) == NULL) { + PEMerror(ERR_R_BUF_LIB); + return (0); } -#endif + BIO_set_fp(b, fp, BIO_NOCLOSE); + ret = PEM_X509_INFO_read_bio(b, sk, cb, u); + BIO_free(b); + return (ret); +} -STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u) - { - X509_INFO *xi=NULL; - char *name=NULL,*header=NULL,**pp; - unsigned char *data=NULL,*p; - long len,error=0; - int ok=0; - STACK_OF(X509_INFO) *ret=NULL; - unsigned int i,raw; - char *(*d2i)(); - - if (sk == NULL) - { - if ((ret=sk_X509_INFO_new_null()) == NULL) - { - PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_MALLOC_FAILURE); - goto err; - } +STACK_OF(X509_INFO) * +PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, + void *u) +{ + X509_INFO *xi = NULL; + char *name = NULL, *header = NULL; + void *pp; + unsigned char *data = NULL; + const unsigned char *p; + long len, error = 0; + int ok = 0; + STACK_OF(X509_INFO) *ret = NULL; + unsigned int i, raw, ptype; + d2i_of_void *d2i = 0; + + if (sk == NULL) { + if ((ret = sk_X509_INFO_new_null()) == NULL) { + PEMerror(ERR_R_MALLOC_FAILURE); + return 0; } - else - ret=sk; + } else + ret = sk; - if ((xi=X509_INFO_new()) == NULL) goto err; - for (;;) - { - raw=0; - i=PEM_read_bio(bp,&name,&header,&data,&len); - if (i == 0) - { - error=ERR_GET_REASON(ERR_peek_last_error()); - if (error == PEM_R_NO_START_LINE) - { + if ((xi = X509_INFO_new()) == NULL) + goto err; + for (;;) { + raw = 0; + ptype = 0; + i = PEM_read_bio(bp, &name, &header, &data, &len); + if (i == 0) { + error = ERR_GET_REASON(ERR_peek_last_error()); + if (error == PEM_R_NO_START_LINE) { ERR_clear_error(); break; - } - goto err; } + goto err; + } start: - if ( (strcmp(name,PEM_STRING_X509) == 0) || - (strcmp(name,PEM_STRING_X509_OLD) == 0)) - { - d2i=(char *(*)())d2i_X509; - if (xi->x509 != NULL) - { - if (!sk_X509_INFO_push(ret,xi)) goto err; - if ((xi=X509_INFO_new()) == NULL) goto err; + if ((strcmp(name, PEM_STRING_X509) == 0) || + (strcmp(name, PEM_STRING_X509_OLD) == 0)) { + d2i = (D2I_OF(void))d2i_X509; + if (xi->x509 != NULL) { + if (!sk_X509_INFO_push(ret, xi)) + goto err; + if ((xi = X509_INFO_new()) == NULL) + goto err; goto start; - } - pp=(char **)&(xi->x509); } - else if ((strcmp(name,PEM_STRING_X509_TRUSTED) == 0)) - { - d2i=(char *(*)())d2i_X509_AUX; - if (xi->x509 != NULL) - { - if (!sk_X509_INFO_push(ret,xi)) goto err; - if ((xi=X509_INFO_new()) == NULL) goto err; + pp = &(xi->x509); + } else if ((strcmp(name, PEM_STRING_X509_TRUSTED) == 0)) { + d2i = (D2I_OF(void))d2i_X509_AUX; + if (xi->x509 != NULL) { + if (!sk_X509_INFO_push(ret, xi)) + goto err; + if ((xi = X509_INFO_new()) == NULL) + goto err; goto start; - } - pp=(char **)&(xi->x509); } - else if (strcmp(name,PEM_STRING_X509_CRL) == 0) - { - d2i=(char *(*)())d2i_X509_CRL; - if (xi->crl != NULL) - { - if (!sk_X509_INFO_push(ret,xi)) goto err; - if ((xi=X509_INFO_new()) == NULL) goto err; + pp = &(xi->x509); + } else if (strcmp(name, PEM_STRING_X509_CRL) == 0) { + d2i = (D2I_OF(void))d2i_X509_CRL; + if (xi->crl != NULL) { + if (!sk_X509_INFO_push(ret, xi)) + goto err; + if ((xi = X509_INFO_new()) == NULL) + goto err; goto start; - } - pp=(char **)&(xi->crl); } - else + pp = &(xi->crl); + } else #ifndef OPENSSL_NO_RSA - if (strcmp(name,PEM_STRING_RSA) == 0) - { - d2i=(char *(*)())d2i_RSAPrivateKey; - if (xi->x_pkey != NULL) - { - if (!sk_X509_INFO_push(ret,xi)) goto err; - if ((xi=X509_INFO_new()) == NULL) goto err; + if (strcmp(name, PEM_STRING_RSA) == 0) { + d2i = (D2I_OF(void))d2i_RSAPrivateKey; + if (xi->x_pkey != NULL) { + if (!sk_X509_INFO_push(ret, xi)) + goto err; + if ((xi = X509_INFO_new()) == NULL) + goto err; goto start; - } + } - xi->enc_data=NULL; - xi->enc_len=0; + xi->enc_data = NULL; + xi->enc_len = 0; - xi->x_pkey=X509_PKEY_new(); - if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL) + xi->x_pkey = X509_PKEY_new(); + if (xi->x_pkey == NULL) goto err; - xi->x_pkey->dec_pkey->type=EVP_PKEY_RSA; - pp=(char **)&(xi->x_pkey->dec_pkey->pkey.rsa); - if ((int)strlen(header) > 10) /* assume encrypted */ - raw=1; - } - else + ptype = EVP_PKEY_RSA; + pp = &xi->x_pkey->dec_pkey; + if (strlen(header) > 10) /* assume encrypted */ + raw = 1; + } else #endif #ifndef OPENSSL_NO_DSA - if (strcmp(name,PEM_STRING_DSA) == 0) - { - d2i=(char *(*)())d2i_DSAPrivateKey; - if (xi->x_pkey != NULL) - { - if (!sk_X509_INFO_push(ret,xi)) goto err; - if ((xi=X509_INFO_new()) == NULL) goto err; + if (strcmp(name, PEM_STRING_DSA) == 0) { + d2i = (D2I_OF(void))d2i_DSAPrivateKey; + if (xi->x_pkey != NULL) { + if (!sk_X509_INFO_push(ret, xi)) + goto err; + if ((xi = X509_INFO_new()) == NULL) + goto err; goto start; - } + } - xi->enc_data=NULL; - xi->enc_len=0; + xi->enc_data = NULL; + xi->enc_len = 0; - xi->x_pkey=X509_PKEY_new(); - if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL) + xi->x_pkey = X509_PKEY_new(); + if (xi->x_pkey == NULL) goto err; - xi->x_pkey->dec_pkey->type=EVP_PKEY_DSA; - pp=(char **)&(xi->x_pkey->dec_pkey->pkey.dsa); - if ((int)strlen(header) > 10) /* assume encrypted */ - raw=1; - } - else + ptype = EVP_PKEY_DSA; + pp = &xi->x_pkey->dec_pkey; + if (strlen(header) > 10) /* assume encrypted */ + raw = 1; + } else #endif - { - d2i=NULL; - pp=NULL; +#ifndef OPENSSL_NO_EC + if (strcmp(name, PEM_STRING_ECPRIVATEKEY) == 0) { + d2i = (D2I_OF(void))d2i_ECPrivateKey; + if (xi->x_pkey != NULL) { + if (!sk_X509_INFO_push(ret, xi)) + goto err; + if ((xi = X509_INFO_new()) == NULL) + goto err; + goto start; } - if (d2i != NULL) - { - if (!raw) - { + xi->enc_data = NULL; + xi->enc_len = 0; + + xi->x_pkey = X509_PKEY_new(); + if (xi->x_pkey == NULL) + goto err; + ptype = EVP_PKEY_EC; + pp = &xi->x_pkey->dec_pkey; + if (strlen(header) > 10) /* assume encrypted */ + raw = 1; + } else +#endif + { + d2i = NULL; + pp = NULL; + } + + if (d2i != NULL) { + if (!raw) { EVP_CIPHER_INFO cipher; - if (!PEM_get_EVP_CIPHER_INFO(header,&cipher)) - goto err; - if (!PEM_do_header(&cipher,data,&len,cb,u)) + if (!PEM_get_EVP_CIPHER_INFO(header, &cipher)) goto err; - p=data; - if (d2i(pp,&p,len) == NULL) - { - PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_ASN1_LIB); + if (!PEM_do_header(&cipher, data, &len, cb, u)) goto err; + p = data; + if (ptype) { + if (!d2i_PrivateKey(ptype, pp, &p, + len)) { + PEMerror(ERR_R_ASN1_LIB); + goto err; } + } else if (d2i(pp, &p, len) == NULL) { + PEMerror(ERR_R_ASN1_LIB); + goto err; } - else - { /* encrypted RSA data */ + } else { /* encrypted RSA data */ if (!PEM_get_EVP_CIPHER_INFO(header, - &xi->enc_cipher)) goto err; - xi->enc_data=(char *)data; - xi->enc_len=(int)len; - data=NULL; - } + &xi->enc_cipher)) + goto err; + xi->enc_data = (char *)data; + xi->enc_len = (int)len; + data = NULL; } - else { + } else { /* unknown */ - } - if (name != NULL) OPENSSL_free(name); - if (header != NULL) OPENSSL_free(header); - if (data != NULL) OPENSSL_free(data); - name=NULL; - header=NULL; - data=NULL; } + free(name); + free(header); + free(data); + name = NULL; + header = NULL; + data = NULL; + } /* if the last one hasn't been pushed yet and there is anything - * in it then add it to the stack ... + * in it then add it to the stack ... */ if ((xi->x509 != NULL) || (xi->crl != NULL) || - (xi->x_pkey != NULL) || (xi->enc_data != NULL)) - { - if (!sk_X509_INFO_push(ret,xi)) goto err; - xi=NULL; - } - ok=1; + (xi->x_pkey != NULL) || (xi->enc_data != NULL)) { + if (!sk_X509_INFO_push(ret, xi)) + goto err; + xi = NULL; + } + ok = 1; + err: - if (xi != NULL) X509_INFO_free(xi); - if (!ok) - { - for (i=0; ((int)i)x_pkey!=NULL) - { - if ( (xi->enc_data!=NULL) && (xi->enc_len>0) ) - { + if (xi->x_pkey != NULL) { + if ((xi->enc_data != NULL) && (xi->enc_len > 0) ) { + if (enc == NULL) { + PEMerror(PEM_R_CIPHER_IS_NULL); + goto err; + } + /* copy from weirdo names into more normal things */ - iv=xi->enc_cipher.iv; - data=(unsigned char *)xi->enc_data; - i=xi->enc_len; + iv = xi->enc_cipher.iv; + data = (unsigned char *)xi->enc_data; + i = xi->enc_len; /* we take the encryption data from the * internal stuff rather than what the - * user has passed us ... as we have to + * user has passed us ... as we have to * match exactly for some strange reason */ - objstr=OBJ_nid2sn( - EVP_CIPHER_nid(xi->enc_cipher.cipher)); - if (objstr == NULL) - { - PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,PEM_R_UNSUPPORTED_CIPHER); + objstr = OBJ_nid2sn( + EVP_CIPHER_nid(xi->enc_cipher.cipher)); + if (objstr == NULL) { + PEMerror(PEM_R_UNSUPPORTED_CIPHER); goto err; - } + } /* create the right magic header stuff */ - buf[0]='\0'; - PEM_proc_type(buf,PEM_TYPE_ENCRYPTED); - PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv); + if (strlen(objstr) + 23 + 2 * enc->iv_len + 13 > + sizeof buf) { + PEMerror(ASN1_R_BUFFER_TOO_SMALL); + goto err; + } + buf[0] = '\0'; + PEM_proc_type(buf, PEM_TYPE_ENCRYPTED); + PEM_dek_info(buf, objstr, enc->iv_len, (char *)iv); /* use the normal code to write things out */ - i=PEM_write_bio(bp,PEM_STRING_RSA,buf,data,i); - if (i <= 0) goto err; - } - else - { + i = PEM_write_bio(bp, PEM_STRING_RSA, buf, data, i); + if (i <= 0) + goto err; + } else { /* Add DSA/DH */ #ifndef OPENSSL_NO_RSA /* normal optionally encrypted stuff */ if (PEM_write_bio_RSAPrivateKey(bp, - xi->x_pkey->dec_pkey->pkey.rsa, - enc,kstr,klen,cb,u)<=0) + xi->x_pkey->dec_pkey->pkey.rsa, + enc, kstr, klen, cb, u) <= 0) goto err; #endif - } } + } /* if we have a certificate then write it out now */ - if ((xi->x509 != NULL) && (PEM_write_bio_X509(bp,xi->x509) <= 0)) + if ((xi->x509 != NULL) && (PEM_write_bio_X509(bp, xi->x509) <= 0)) goto err; /* we are ignoring anything else that is loaded into the X509_INFO @@ -355,10 +390,10 @@ int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, * base library --tjh */ - ret=1; + ret = 1; err: - memset((char *)&ctx,0,sizeof(ctx)); - memset(buf,0,PEM_BUFSIZE); - return(ret); - } + explicit_bzero((char *)&ctx, sizeof(ctx)); + explicit_bzero(buf, PEM_BUFSIZE); + return (ret); +} diff --git a/src/lib/libcrypto/pem/pem_lib.c b/src/lib/libcrypto/pem/pem_lib.c index 18b751a91a8..6661a222f00 100644 --- a/src/lib/libcrypto/pem/pem_lib.c +++ b/src/lib/libcrypto/pem/pem_lib.c @@ -1,25 +1,25 @@ -/* crypto/pem/pem_lib.c */ +/* $OpenBSD: pem_lib.c,v 1.48 2018/08/24 19:48:39 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,196 +49,251 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ +#include #include -#include "cryptlib.h" +#include +#include + +#include + #include -#include +#include #include -#include -#include +#include #include #include +#include + #ifndef OPENSSL_NO_DES #include #endif +#ifndef OPENSSL_NO_ENGINE +#include +#endif -const char *PEM_version="PEM" OPENSSL_VERSION_PTEXT; +#include "asn1_locl.h" #define MIN_LENGTH 4 -static int load_iv(unsigned char **fromp,unsigned char *to, int num); +static int load_iv(char **fromp, unsigned char *to, int num); static int check_pem(const char *nm, const char *name); +int pem_check_suffix(const char *pem_str, const char *suffix); -int PEM_def_callback(char *buf, int num, int w, void *key) - { -#ifdef OPENSSL_NO_FP_API - /* We should not ever call the default callback routine from - * windows. */ - PEMerr(PEM_F_DEF_CALLBACK,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return(-1); -#else - int i,j; +/* XXX LSSL ABI XXX return value and `num' ought to be size_t */ +int +PEM_def_callback(char *buf, int num, int w, void *key) +{ + size_t l; + int i; const char *prompt; - if(key) { - i=strlen(key); - i=(i > num)?num:i; - memcpy(buf,key,i); - return(i); + + if (num < 0) + return -1; + + if (key) { + l = strlen(key); + if (l > (size_t)num) + l = (size_t)num; + memcpy(buf, key, l); + return (int)l; } - prompt=EVP_get_pw_prompt(); + prompt = EVP_get_pw_prompt(); if (prompt == NULL) - prompt="Enter PEM pass phrase:"; - - for (;;) - { - i=EVP_read_pw_string(buf,num,prompt,w); - if (i != 0) - { - PEMerr(PEM_F_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD); - memset(buf,0,(unsigned int)num); - return(-1); - } - j=strlen(buf); - if (j < MIN_LENGTH) - { - fprintf(stderr,"phrase is too short, needs to be at least %d chars\n",MIN_LENGTH); - } - else - break; + prompt = "Enter PEM pass phrase:"; + + for (;;) { + i = EVP_read_pw_string_min(buf, MIN_LENGTH, num, prompt, w); + if (i != 0) { + PEMerror(PEM_R_PROBLEMS_GETTING_PASSWORD); + memset(buf, 0, num); + return (-1); } - return(j); -#endif + l = strlen(buf); + if (l < MIN_LENGTH) { + fprintf(stderr, "phrase is too short, " + "needs to be at least %zu chars\n", + (size_t)MIN_LENGTH); + } else + break; } + return (int)l; +} -void PEM_proc_type(char *buf, int type) - { +void +PEM_proc_type(char *buf, int type) +{ const char *str; if (type == PEM_TYPE_ENCRYPTED) - str="ENCRYPTED"; + str = "ENCRYPTED"; else if (type == PEM_TYPE_MIC_CLEAR) - str="MIC-CLEAR"; + str = "MIC-CLEAR"; else if (type == PEM_TYPE_MIC_ONLY) - str="MIC-ONLY"; + str = "MIC-ONLY"; else - str="BAD-TYPE"; - - strcat(buf,"Proc-Type: 4,"); - strcat(buf,str); - strcat(buf,"\n"); - } + str = "BAD-TYPE"; + + strlcat(buf, "Proc-Type: 4,", PEM_BUFSIZE); + strlcat(buf, str, PEM_BUFSIZE); + strlcat(buf, "\n", PEM_BUFSIZE); +} -void PEM_dek_info(char *buf, const char *type, int len, char *str) - { - static unsigned char map[17]="0123456789ABCDEF"; +void +PEM_dek_info(char *buf, const char *type, int len, char *str) +{ + static const unsigned char map[17] = "0123456789ABCDEF"; long i; int j; - strcat(buf,"DEK-Info: "); - strcat(buf,type); - strcat(buf,","); - j=strlen(buf); - for (i=0; i>4)&0x0f]; - buf[j+i*2+1]=map[(str[i] )&0x0f]; - } - buf[j+i*2]='\n'; - buf[j+i*2+1]='\0'; + strlcat(buf, "DEK-Info: ", PEM_BUFSIZE); + strlcat(buf, type, PEM_BUFSIZE); + strlcat(buf, ",", PEM_BUFSIZE); + j = strlen(buf); + if (j + (len * 2) + 1 > PEM_BUFSIZE) + return; + for (i = 0; i < len; i++) { + buf[j + i * 2] = map[(str[i] >> 4) & 0x0f]; + buf[j + i * 2 + 1] = map[(str[i]) & 0x0f]; } + buf[j + i * 2] = '\n'; + buf[j + i * 2 + 1] = '\0'; +} -#ifndef OPENSSL_NO_FP_API -char *PEM_ASN1_read(char *(*d2i)(), const char *name, FILE *fp, char **x, - pem_password_cb *cb, void *u) - { - BIO *b; - char *ret; +void * +PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x, + pem_password_cb *cb, void *u) +{ + BIO *b; + void *ret; - if ((b=BIO_new(BIO_s_file())) == NULL) - { - PEMerr(PEM_F_PEM_ASN1_READ,ERR_R_BUF_LIB); - return(0); - } - BIO_set_fp(b,fp,BIO_NOCLOSE); - ret=PEM_ASN1_read_bio(d2i,name,b,x,cb,u); - BIO_free(b); - return(ret); + if ((b = BIO_new(BIO_s_file())) == NULL) { + PEMerror(ERR_R_BUF_LIB); + return (0); } -#endif + BIO_set_fp(b, fp, BIO_NOCLOSE); + ret = PEM_ASN1_read_bio(d2i, name, b, x, cb, u); + BIO_free(b); + return (ret); +} -static int check_pem(const char *nm, const char *name) +static int +check_pem(const char *nm, const char *name) { /* Normal matching nm and name */ - if (!strcmp(nm,name)) return 1; + if (!strcmp(nm, name)) + return 1; /* Make PEM_STRING_EVP_PKEY match any private key */ - if(!strcmp(nm,PEM_STRING_PKCS8) && - !strcmp(name,PEM_STRING_EVP_PKEY)) return 1; - - if(!strcmp(nm,PEM_STRING_PKCS8INF) && - !strcmp(name,PEM_STRING_EVP_PKEY)) return 1; - - if(!strcmp(nm,PEM_STRING_RSA) && - !strcmp(name,PEM_STRING_EVP_PKEY)) return 1; + if (!strcmp(name, PEM_STRING_EVP_PKEY)) { + int slen; + const EVP_PKEY_ASN1_METHOD *ameth; + if (!strcmp(nm, PEM_STRING_PKCS8)) + return 1; + if (!strcmp(nm, PEM_STRING_PKCS8INF)) + return 1; + slen = pem_check_suffix(nm, "PRIVATE KEY"); + if (slen > 0) { + /* NB: ENGINE implementations wont contain + * a deprecated old private key decode function + * so don't look for them. + */ + ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen); + if (ameth && ameth->old_priv_decode) + return 1; + } + return 0; + } - if(!strcmp(nm,PEM_STRING_DSA) && - !strcmp(name,PEM_STRING_EVP_PKEY)) return 1; + if (!strcmp(name, PEM_STRING_PARAMETERS)) { + int slen; + const EVP_PKEY_ASN1_METHOD *ameth; + slen = pem_check_suffix(nm, "PARAMETERS"); + if (slen > 0) { + ENGINE *e; + ameth = EVP_PKEY_asn1_find_str(&e, nm, slen); + if (ameth) { + int r; + if (ameth->param_decode) + r = 1; + else + r = 0; +#ifndef OPENSSL_NO_ENGINE + ENGINE_finish(e); +#endif + return r; + } + } + return 0; + } /* Permit older strings */ - if(!strcmp(nm,PEM_STRING_X509_OLD) && - !strcmp(name,PEM_STRING_X509)) return 1; + if (!strcmp(nm, PEM_STRING_X509_OLD) && + !strcmp(name, PEM_STRING_X509)) + return 1; - if(!strcmp(nm,PEM_STRING_X509_REQ_OLD) && - !strcmp(name,PEM_STRING_X509_REQ)) return 1; + if (!strcmp(nm, PEM_STRING_X509_REQ_OLD) && + !strcmp(name, PEM_STRING_X509_REQ)) + return 1; /* Allow normal certs to be read as trusted certs */ - if(!strcmp(nm,PEM_STRING_X509) && - !strcmp(name,PEM_STRING_X509_TRUSTED)) return 1; + if (!strcmp(nm, PEM_STRING_X509) && + !strcmp(name, PEM_STRING_X509_TRUSTED)) + return 1; - if(!strcmp(nm,PEM_STRING_X509_OLD) && - !strcmp(name,PEM_STRING_X509_TRUSTED)) return 1; + if (!strcmp(nm, PEM_STRING_X509_OLD) && + !strcmp(name, PEM_STRING_X509_TRUSTED)) + return 1; /* Some CAs use PKCS#7 with CERTIFICATE headers */ - if(!strcmp(nm, PEM_STRING_X509) && - !strcmp(name, PEM_STRING_PKCS7)) return 1; + if (!strcmp(nm, PEM_STRING_X509) && + !strcmp(name, PEM_STRING_PKCS7)) + return 1; + + if (!strcmp(nm, PEM_STRING_PKCS7_SIGNED) && + !strcmp(name, PEM_STRING_PKCS7)) + return 1; + return 0; } -int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char *name, BIO *bp, - pem_password_cb *cb, void *u) - { +int +PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, + const char *name, BIO *bp, pem_password_cb *cb, void *u) +{ EVP_CIPHER_INFO cipher; - char *nm=NULL,*header=NULL; - unsigned char *data=NULL; + char *nm = NULL, *header = NULL; + unsigned char *data = NULL; long len; int ret = 0; - for (;;) - { - if (!PEM_read_bio(bp,&nm,&header,&data,&len)) { - if(ERR_GET_REASON(ERR_peek_error()) == - PEM_R_NO_START_LINE) - ERR_add_error_data(2, "Expecting: ", name); + for (;;) { + if (!PEM_read_bio(bp, &nm, &header, &data, &len)) { + if (ERR_GET_REASON(ERR_peek_error()) == + PEM_R_NO_START_LINE) + ERR_asprintf_error_data("Expecting: %s", name); return 0; } - if(check_pem(nm, name)) break; - OPENSSL_free(nm); - OPENSSL_free(header); - OPENSSL_free(data); - } - if (!PEM_get_EVP_CIPHER_INFO(header,&cipher)) goto err; - if (!PEM_do_header(&cipher,data,&len,cb,u)) goto err; + if (check_pem(nm, name)) + break; + free(nm); + free(header); + free(data); + } + if (!PEM_get_EVP_CIPHER_INFO(header, &cipher)) + goto err; + if (!PEM_do_header(&cipher, data, &len, cb, u)) + goto err; *pdata = data; *plen = len; @@ -249,511 +304,547 @@ int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char ret = 1; err: - if (!pnm) OPENSSL_free(nm); - OPENSSL_free(header); - if (!ret) OPENSSL_free(data); + if (!ret || !pnm) + free(nm); + free(header); + if (!ret) + free(data); return ret; - } +} -#ifndef OPENSSL_NO_FP_API -int PEM_ASN1_write(int (*i2d)(), const char *name, FILE *fp, char *x, - const EVP_CIPHER *enc, unsigned char *kstr, int klen, - pem_password_cb *callback, void *u) - { - BIO *b; - int ret; +int +PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp, void *x, + const EVP_CIPHER *enc, unsigned char *kstr, int klen, + pem_password_cb *callback, void *u) +{ + BIO *b; + int ret; - if ((b=BIO_new(BIO_s_file())) == NULL) - { - PEMerr(PEM_F_PEM_ASN1_WRITE,ERR_R_BUF_LIB); - return(0); - } - BIO_set_fp(b,fp,BIO_NOCLOSE); - ret=PEM_ASN1_write_bio(i2d,name,b,x,enc,kstr,klen,callback,u); - BIO_free(b); - return(ret); - } -#endif + if ((b = BIO_new(BIO_s_file())) == NULL) { + PEMerror(ERR_R_BUF_LIB); + return (0); + } + BIO_set_fp(b, fp, BIO_NOCLOSE); + ret = PEM_ASN1_write_bio(i2d, name, b, x, enc, kstr, klen, callback, u); + BIO_free(b); + return (ret); +} -int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x, - const EVP_CIPHER *enc, unsigned char *kstr, int klen, - pem_password_cb *callback, void *u) - { +int +PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, void *x, + const EVP_CIPHER *enc, unsigned char *kstr, int klen, + pem_password_cb *callback, void *u) +{ EVP_CIPHER_CTX ctx; - int dsize=0,i,j,ret=0; - unsigned char *p,*data=NULL; - const char *objstr=NULL; + int dsize = 0, i, j, ret = 0; + unsigned char *p, *data = NULL; + const char *objstr = NULL; char buf[PEM_BUFSIZE]; unsigned char key[EVP_MAX_KEY_LENGTH]; unsigned char iv[EVP_MAX_IV_LENGTH]; - - if (enc != NULL) - { - objstr=OBJ_nid2sn(EVP_CIPHER_nid(enc)); - if (objstr == NULL) - { - PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,PEM_R_UNSUPPORTED_CIPHER); + + if (enc != NULL) { + objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc)); + if (objstr == NULL) { + PEMerror(PEM_R_UNSUPPORTED_CIPHER); goto err; - } } + } - if ((dsize=i2d(x,NULL)) < 0) - { - PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_MALLOC_FAILURE); - dsize=0; + if ((dsize = i2d(x, NULL)) < 0) { + PEMerror(ERR_R_ASN1_LIB); + dsize = 0; goto err; - } + } /* dzise + 8 bytes are needed */ - data=(unsigned char *)OPENSSL_malloc((unsigned int)dsize+20); - if (data == NULL) - { - PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_MALLOC_FAILURE); + /* actually it needs the cipher block size extra... */ + data = malloc(dsize + 20); + if (data == NULL) { + PEMerror(ERR_R_MALLOC_FAILURE); goto err; - } - p=data; - i=i2d(x,&p); + } + p = data; + i = i2d(x, &p); - if (enc != NULL) - { - if (kstr == NULL) - { + if (enc != NULL) { + if (kstr == NULL) { if (callback == NULL) - klen=PEM_def_callback(buf,PEM_BUFSIZE,1,u); + klen = PEM_def_callback(buf, PEM_BUFSIZE, 1, u); else - klen=(*callback)(buf,PEM_BUFSIZE,1,u); - if (klen <= 0) - { - PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,PEM_R_READ_KEY); + klen = (*callback)(buf, PEM_BUFSIZE, 1, u); + if (klen <= 0) { + PEMerror(PEM_R_READ_KEY); goto err; - } -#ifdef CHARSET_EBCDIC - /* Convert the pass phrase from EBCDIC */ - ebcdic2ascii(buf, buf, klen); -#endif - kstr=(unsigned char *)buf; } - RAND_add(data,i,0);/* put in the RSA key. */ - if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */ + kstr = (unsigned char *)buf; + } + if ((size_t)enc->iv_len > sizeof(iv)) { + PEMerror(EVP_R_IV_TOO_LARGE); goto err; + } + arc4random_buf(iv, enc->iv_len); /* Generate a salt */ /* The 'iv' is used as the iv and as a salt. It is * NOT taken from the BytesToKey function */ - EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL); + if (!EVP_BytesToKey(enc, EVP_md5(), iv, kstr, klen, 1, + key, NULL)) + goto err; + + if (kstr == (unsigned char *)buf) + explicit_bzero(buf, PEM_BUFSIZE); - if (kstr == (unsigned char *)buf) memset(buf,0,PEM_BUFSIZE); + if (strlen(objstr) + 23 + 2 * enc->iv_len + 13 > sizeof buf) { + PEMerror(ASN1_R_BUFFER_TOO_SMALL); + goto err; + } - buf[0]='\0'; - PEM_proc_type(buf,PEM_TYPE_ENCRYPTED); - PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv); + buf[0] = '\0'; + PEM_proc_type(buf, PEM_TYPE_ENCRYPTED); + PEM_dek_info(buf, objstr, enc->iv_len, (char *)iv); /* k=strlen(buf); */ EVP_CIPHER_CTX_init(&ctx); - EVP_EncryptInit_ex(&ctx,enc,NULL,key,iv); - EVP_EncryptUpdate(&ctx,data,&j,data,i); - EVP_EncryptFinal_ex(&ctx,&(data[j]),&i); + ret = 1; + if (!EVP_EncryptInit_ex(&ctx, enc, NULL, key, iv) || + !EVP_EncryptUpdate(&ctx, data, &j, data, i) || + !EVP_EncryptFinal_ex(&ctx, &(data[j]), &i)) + ret = 0; EVP_CIPHER_CTX_cleanup(&ctx); - i+=j; - ret=1; - } - else - { - ret=1; - buf[0]='\0'; - } - i=PEM_write_bio(bp,name,buf,data,i); - if (i <= 0) ret=0; + if (ret == 0) + goto err; + i += j; + } else { + ret = 1; + buf[0] = '\0'; + } + i = PEM_write_bio(bp, name, buf, data, i); + if (i <= 0) + ret = 0; err: - memset(key,0,sizeof(key)); - memset(iv,0,sizeof(iv)); - memset((char *)&ctx,0,sizeof(ctx)); - memset(buf,0,PEM_BUFSIZE); - memset(data,0,(unsigned int)dsize); - OPENSSL_free(data); - return(ret); - } - -int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen, - pem_password_cb *callback,void *u) - { - int i,j,o,klen; + explicit_bzero(key, sizeof(key)); + explicit_bzero(iv, sizeof(iv)); + explicit_bzero((char *)&ctx, sizeof(ctx)); + explicit_bzero(buf, PEM_BUFSIZE); + freezero(data, (unsigned int)dsize); + return (ret); +} + +int +PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen, + pem_password_cb *callback, void *u) +{ + int i, j, o, klen; long len; EVP_CIPHER_CTX ctx; unsigned char key[EVP_MAX_KEY_LENGTH]; char buf[PEM_BUFSIZE]; - len= *plen; + len = *plen; - if (cipher->cipher == NULL) return(1); + if (cipher->cipher == NULL) + return (1); if (callback == NULL) - klen=PEM_def_callback(buf,PEM_BUFSIZE,0,u); + klen = PEM_def_callback(buf, PEM_BUFSIZE, 0, u); else - klen=callback(buf,PEM_BUFSIZE,0,u); - if (klen <= 0) - { - PEMerr(PEM_F_PEM_DO_HEADER,PEM_R_BAD_PASSWORD_READ); - return(0); - } -#ifdef CHARSET_EBCDIC - /* Convert the pass phrase from EBCDIC */ - ebcdic2ascii(buf, buf, klen); -#endif - - EVP_BytesToKey(cipher->cipher,EVP_md5(),&(cipher->iv[0]), - (unsigned char *)buf,klen,1,key,NULL); + klen = callback(buf, PEM_BUFSIZE, 0, u); + if (klen <= 0) { + PEMerror(PEM_R_BAD_PASSWORD_READ); + return (0); + } + if (!EVP_BytesToKey(cipher->cipher, EVP_md5(), &(cipher->iv[0]), + (unsigned char *)buf, klen, 1, key, NULL)) + return 0; - j=(int)len; + j = (int)len; EVP_CIPHER_CTX_init(&ctx); - EVP_DecryptInit_ex(&ctx,cipher->cipher,NULL, key,&(cipher->iv[0])); - EVP_DecryptUpdate(&ctx,data,&i,data,j); - o=EVP_DecryptFinal_ex(&ctx,&(data[i]),&j); + o = EVP_DecryptInit_ex(&ctx, cipher->cipher, NULL, key, + &(cipher->iv[0])); + if (o) + o = EVP_DecryptUpdate(&ctx, data, &i, data, j); + if (o) + o = EVP_DecryptFinal_ex(&ctx, &(data[i]), &j); EVP_CIPHER_CTX_cleanup(&ctx); - memset((char *)buf,0,sizeof(buf)); - memset((char *)key,0,sizeof(key)); - j+=i; - if (!o) - { - PEMerr(PEM_F_PEM_DO_HEADER,PEM_R_BAD_DECRYPT); - return(0); - } - *plen=j; - return(1); + explicit_bzero((char *)buf, sizeof(buf)); + explicit_bzero((char *)key, sizeof(key)); + if (!o) { + PEMerror(PEM_R_BAD_DECRYPT); + return (0); } + *plen = j + i; + return (1); +} -int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher) - { - int o; - const EVP_CIPHER *enc=NULL; - char *p,c; +int +PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher) +{ + const EVP_CIPHER *enc = NULL; + char *p, c; + char **header_pp = &header; - cipher->cipher=NULL; + cipher->cipher = NULL; if ((header == NULL) || (*header == '\0') || (*header == '\n')) - return(1); - if (strncmp(header,"Proc-Type: ",11) != 0) - { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_PROC_TYPE); return(0); } - header+=11; - if (*header != '4') return(0); header++; - if (*header != ',') return(0); header++; - if (strncmp(header,"ENCRYPTED",9) != 0) - { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_ENCRYPTED); return(0); } + return (1); + if (strncmp(header, "Proc-Type: ", 11) != 0) { + PEMerror(PEM_R_NOT_PROC_TYPE); + return (0); + } + header += 11; + if (*header != '4') + return (0); + header++; + if (*header != ',') + return (0); + header++; + if (strncmp(header, "ENCRYPTED", 9) != 0) { + PEMerror(PEM_R_NOT_ENCRYPTED); + return (0); + } for (; (*header != '\n') && (*header != '\0'); header++) ; - if (*header == '\0') - { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_SHORT_HEADER); return(0); } + if (*header == '\0') { + PEMerror(PEM_R_SHORT_HEADER); + return (0); + } header++; - if (strncmp(header,"DEK-Info: ",10) != 0) - { PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_DEK_INFO); return(0); } - header+=10; + if (strncmp(header, "DEK-Info: ", 10) != 0) { + PEMerror(PEM_R_NOT_DEK_INFO); + return (0); + } + header += 10; - p=header; - for (;;) - { + p = header; + for (;;) { c= *header; -#ifndef CHARSET_EBCDIC if (!( ((c >= 'A') && (c <= 'Z')) || (c == '-') || - ((c >= '0') && (c <= '9')))) + ((c >= '0') && (c <= '9')))) break; -#else - if (!( isupper(c) || (c == '-') || - isdigit(c))) - break; -#endif header++; - } - *header='\0'; - o=OBJ_sn2nid(p); - cipher->cipher=enc=EVP_get_cipherbyname(p); - *header=c; + } + *header = '\0'; + cipher->cipher = enc = EVP_get_cipherbyname(p); + *header = c; header++; - if (enc == NULL) - { - PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_UNSUPPORTED_ENCRYPTION); - return(0); - } - if (!load_iv((unsigned char **)&header,&(cipher->iv[0]),enc->iv_len)) return(0); - - return(1); + if (enc == NULL) { + PEMerror(PEM_R_UNSUPPORTED_ENCRYPTION); + return (0); } + if (!load_iv(header_pp, &(cipher->iv[0]), enc->iv_len)) + return (0); + + return (1); +} -static int load_iv(unsigned char **fromp, unsigned char *to, int num) - { - int v,i; - unsigned char *from; +static int +load_iv(char **fromp, unsigned char *to, int num) +{ + int v, i; + char *from; from= *fromp; - for (i=0; i= '0') && (*from <= '9')) - v= *from-'0'; + v = *from - '0'; else if ((*from >= 'A') && (*from <= 'F')) - v= *from-'A'+10; + v = *from - 'A' + 10; else if ((*from >= 'a') && (*from <= 'f')) - v= *from-'a'+10; - else - { - PEMerr(PEM_F_LOAD_IV,PEM_R_BAD_IV_CHARS); - return(0); - } - from++; - to[i/2]|=v<<(long)((!(i&1))*4); + v = *from - 'a' + 10; + else { + PEMerror(PEM_R_BAD_IV_CHARS); + return (0); } - - *fromp=from; - return(1); + from++; + to[i / 2] |= v << (long)((!(i & 1)) * 4); } -#ifndef OPENSSL_NO_FP_API -int PEM_write(FILE *fp, char *name, char *header, unsigned char *data, - long len) - { - BIO *b; - int ret; + *fromp = from; + return (1); +} - if ((b=BIO_new(BIO_s_file())) == NULL) - { - PEMerr(PEM_F_PEM_WRITE,ERR_R_BUF_LIB); - return(0); - } - BIO_set_fp(b,fp,BIO_NOCLOSE); - ret=PEM_write_bio(b, name, header, data,len); - BIO_free(b); - return(ret); - } -#endif +int +PEM_write(FILE *fp, const char *name, const char *header, + const unsigned char *data, long len) +{ + BIO *b; + int ret; + + if ((b = BIO_new(BIO_s_file())) == NULL) { + PEMerror(ERR_R_BUF_LIB); + return (0); + } + BIO_set_fp(b, fp, BIO_NOCLOSE); + ret = PEM_write_bio(b, name, header, data, len); + BIO_free(b); + return (ret); +} -int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data, - long len) - { - int nlen,n,i,j,outl; - unsigned char *buf; +int +PEM_write_bio(BIO *bp, const char *name, const char *header, + const unsigned char *data, long len) +{ + int nlen, n, i, j, outl; + unsigned char *buf = NULL; EVP_ENCODE_CTX ctx; - int reason=ERR_R_BUF_LIB; - + int reason = ERR_R_BUF_LIB; + EVP_EncodeInit(&ctx); - nlen=strlen(name); + nlen = strlen(name); - if ( (BIO_write(bp,"-----BEGIN ",11) != 11) || - (BIO_write(bp,name,nlen) != nlen) || - (BIO_write(bp,"-----\n",6) != 6)) + if ((BIO_write(bp, "-----BEGIN ", 11) != 11) || + (BIO_write(bp, name, nlen) != nlen) || + (BIO_write(bp, "-----\n", 6) != 6)) goto err; - - i=strlen(header); - if (i > 0) - { - if ( (BIO_write(bp,header,i) != i) || - (BIO_write(bp,"\n",1) != 1)) + + i = strlen(header); + if (i > 0) { + if ((BIO_write(bp, header, i) != i) || + (BIO_write(bp, "\n", 1) != 1)) goto err; - } + } - buf=(unsigned char *)OPENSSL_malloc(PEM_BUFSIZE*8); - if (buf == NULL) - { - reason=ERR_R_MALLOC_FAILURE; + buf = reallocarray(NULL, PEM_BUFSIZE, 8); + if (buf == NULL) { + reason = ERR_R_MALLOC_FAILURE; goto err; - } + } - i=j=0; - while (len > 0) - { - n=(int)((len>(PEM_BUFSIZE*5))?(PEM_BUFSIZE*5):len); - EVP_EncodeUpdate(&ctx,buf,&outl,&(data[j]),n); - if ((outl) && (BIO_write(bp,(char *)buf,outl) != outl)) + i = j = 0; + while (len > 0) { + n = (int)((len > (PEM_BUFSIZE * 5)) ? (PEM_BUFSIZE * 5) : len); + if (!EVP_EncodeUpdate(&ctx, buf, &outl, &(data[j]), n)) goto err; - i+=outl; - len-=n; - j+=n; - } - EVP_EncodeFinal(&ctx,buf,&outl); - if ((outl > 0) && (BIO_write(bp,(char *)buf,outl) != outl)) goto err; - OPENSSL_free(buf); - if ( (BIO_write(bp,"-----END ",9) != 9) || - (BIO_write(bp,name,nlen) != nlen) || - (BIO_write(bp,"-----\n",6) != 6)) + if ((outl) && (BIO_write(bp, (char *)buf, outl) != outl)) + goto err; + i += outl; + len -= n; + j += n; + } + EVP_EncodeFinal(&ctx, buf, &outl); + if ((outl > 0) && (BIO_write(bp, (char *)buf, outl) != outl)) goto err; - return(i+outl); + freezero(buf, PEM_BUFSIZE * 8); + buf = NULL; + if ((BIO_write(bp, "-----END ", 9) != 9) || + (BIO_write(bp, name, nlen) != nlen) || + (BIO_write(bp, "-----\n", 6) != 6)) + goto err; + return (i + outl); + err: - PEMerr(PEM_F_PEM_WRITE_BIO,reason); - return(0); - } + freezero(buf, PEM_BUFSIZE * 8); + PEMerror(reason); + return (0); +} -#ifndef OPENSSL_NO_FP_API -int PEM_read(FILE *fp, char **name, char **header, unsigned char **data, - long *len) - { - BIO *b; - int ret; +int +PEM_read(FILE *fp, char **name, char **header, unsigned char **data, long *len) +{ + BIO *b; + int ret; - if ((b=BIO_new(BIO_s_file())) == NULL) - { - PEMerr(PEM_F_PEM_READ,ERR_R_BUF_LIB); - return(0); - } - BIO_set_fp(b,fp,BIO_NOCLOSE); - ret=PEM_read_bio(b, name, header, data,len); - BIO_free(b); - return(ret); - } -#endif + if ((b = BIO_new(BIO_s_file())) == NULL) { + PEMerror(ERR_R_BUF_LIB); + return (0); + } + BIO_set_fp(b, fp, BIO_NOCLOSE); + ret = PEM_read_bio(b, name, header, data, len); + BIO_free(b); + return (ret); +} -int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data, - long *len) - { +int +PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data, + long *len) +{ EVP_ENCODE_CTX ctx; - int end=0,i,k,bl=0,hl=0,nohead=0; + int end = 0, i, k, bl = 0, hl = 0, nohead = 0; char buf[256]; BUF_MEM *nameB; BUF_MEM *headerB; - BUF_MEM *dataB,*tmpB; - - nameB=BUF_MEM_new(); - headerB=BUF_MEM_new(); - dataB=BUF_MEM_new(); - if ((nameB == NULL) || (headerB == NULL) || (dataB == NULL)) - { - PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); - return(0); - } + BUF_MEM *dataB, *tmpB; + + nameB = BUF_MEM_new(); + headerB = BUF_MEM_new(); + dataB = BUF_MEM_new(); + if ((nameB == NULL) || (headerB == NULL) || (dataB == NULL)) { + BUF_MEM_free(nameB); + BUF_MEM_free(headerB); + BUF_MEM_free(dataB); + PEMerror(ERR_R_MALLOC_FAILURE); + return (0); + } - buf[254]='\0'; - for (;;) - { - i=BIO_gets(bp,buf,254); + buf[254] = '\0'; + for (;;) { + i = BIO_gets(bp, buf, 254); - if (i <= 0) - { - PEMerr(PEM_F_PEM_READ_BIO,PEM_R_NO_START_LINE); + if (i <= 0) { + PEMerror(PEM_R_NO_START_LINE); goto err; - } + } - while ((i >= 0) && (buf[i] <= ' ')) i--; - buf[++i]='\n'; buf[++i]='\0'; + while ((i >= 0) && (buf[i] <= ' ')) + i--; + buf[++i] = '\n'; + buf[++i] = '\0'; - if (strncmp(buf,"-----BEGIN ",11) == 0) - { - i=strlen(&(buf[11])); + if (strncmp(buf, "-----BEGIN ", 11) == 0) { + i = strlen(&(buf[11])); - if (strncmp(&(buf[11+i-6]),"-----\n",6) != 0) + if (strncmp(&(buf[11 + i - 6]), "-----\n", 6) != 0) continue; - if (!BUF_MEM_grow(nameB,i+9)) - { - PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); + if (!BUF_MEM_grow(nameB, i + 9)) { + PEMerror(ERR_R_MALLOC_FAILURE); goto err; - } - memcpy(nameB->data,&(buf[11]),i-6); - nameB->data[i-6]='\0'; - break; } + memcpy(nameB->data, &(buf[11]), i - 6); + nameB->data[i - 6] = '\0'; + break; } - hl=0; - if (!BUF_MEM_grow(headerB,256)) - { PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; } - headerB->data[0]='\0'; - for (;;) - { - i=BIO_gets(bp,buf,254); - if (i <= 0) break; - - while ((i >= 0) && (buf[i] <= ' ')) i--; - buf[++i]='\n'; buf[++i]='\0'; - - if (buf[0] == '\n') break; - if (!BUF_MEM_grow(headerB,hl+i+9)) - { PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; } - if (strncmp(buf,"-----END ",9) == 0) - { - nohead=1; + } + hl = 0; + if (!BUF_MEM_grow(headerB, 256)) { + PEMerror(ERR_R_MALLOC_FAILURE); + goto err; + } + headerB->data[0] = '\0'; + for (;;) { + i = BIO_gets(bp, buf, 254); + if (i <= 0) + break; + + while ((i >= 0) && (buf[i] <= ' ')) + i--; + buf[++i] = '\n'; + buf[++i] = '\0'; + + if (buf[0] == '\n') + break; + if (!BUF_MEM_grow(headerB, hl + i + 9)) { + PEMerror(ERR_R_MALLOC_FAILURE); + goto err; + } + if (strncmp(buf, "-----END ", 9) == 0) { + nohead = 1; break; - } - memcpy(&(headerB->data[hl]),buf,i); - headerB->data[hl+i]='\0'; - hl+=i; } + memcpy(&(headerB->data[hl]), buf, i); + headerB->data[hl + i] = '\0'; + hl += i; + } + + bl = 0; + if (!BUF_MEM_grow(dataB, 1024)) { + PEMerror(ERR_R_MALLOC_FAILURE); + goto err; + } + dataB->data[0] = '\0'; + if (!nohead) { + for (;;) { + i = BIO_gets(bp, buf, 254); + if (i <= 0) + break; - bl=0; - if (!BUF_MEM_grow(dataB,1024)) - { PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; } - dataB->data[0]='\0'; - if (!nohead) - { - for (;;) - { - i=BIO_gets(bp,buf,254); - if (i <= 0) break; - - while ((i >= 0) && (buf[i] <= ' ')) i--; - buf[++i]='\n'; buf[++i]='\0'; - - if (i != 65) end=1; - if (strncmp(buf,"-----END ",9) == 0) + while ((i >= 0) && (buf[i] <= ' ')) + i--; + buf[++i] = '\n'; + buf[++i] = '\0'; + + if (i != 65) + end = 1; + if (strncmp(buf, "-----END ", 9) == 0) + break; + if (i > 65) break; - if (i > 65) break; - if (!BUF_MEM_grow(dataB,i+bl+9)) - { - PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); + if (!BUF_MEM_grow_clean(dataB, i + bl + 9)) { + PEMerror(ERR_R_MALLOC_FAILURE); goto err; - } - memcpy(&(dataB->data[bl]),buf,i); - dataB->data[bl+i]='\0'; - bl+=i; - if (end) - { - buf[0]='\0'; - i=BIO_gets(bp,buf,254); - if (i <= 0) break; - - while ((i >= 0) && (buf[i] <= ' ')) i--; - buf[++i]='\n'; buf[++i]='\0'; + } + memcpy(&(dataB->data[bl]), buf, i); + dataB->data[bl + i] = '\0'; + bl += i; + if (end) { + buf[0] = '\0'; + i = BIO_gets(bp, buf, 254); + if (i <= 0) + break; + + while ((i >= 0) && (buf[i] <= ' ')) + i--; + buf[++i] = '\n'; + buf[++i] = '\0'; break; - } } } - else - { - tmpB=headerB; - headerB=dataB; - dataB=tmpB; - bl=hl; - } - i=strlen(nameB->data); - if ( (strncmp(buf,"-----END ",9) != 0) || - (strncmp(nameB->data,&(buf[9]),i) != 0) || - (strncmp(&(buf[9+i]),"-----\n",6) != 0)) - { - PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_END_LINE); + } else { + tmpB = headerB; + headerB = dataB; + dataB = tmpB; + bl = hl; + } + i = strlen(nameB->data); + if ((strncmp(buf, "-----END ", 9) != 0) || + (strncmp(nameB->data, &(buf[9]), i) != 0) || + (strncmp(&(buf[9 + i]), "-----\n", 6) != 0)) { + PEMerror(PEM_R_BAD_END_LINE); goto err; - } + } EVP_DecodeInit(&ctx); - i=EVP_DecodeUpdate(&ctx, - (unsigned char *)dataB->data,&bl, - (unsigned char *)dataB->data,bl); - if (i < 0) - { - PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_BASE64_DECODE); + i = EVP_DecodeUpdate(&ctx, + (unsigned char *)dataB->data, &bl, + (unsigned char *)dataB->data, bl); + if (i < 0) { + PEMerror(PEM_R_BAD_BASE64_DECODE); goto err; - } - i=EVP_DecodeFinal(&ctx,(unsigned char *)&(dataB->data[bl]),&k); - if (i < 0) - { - PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_BASE64_DECODE); + } + i = EVP_DecodeFinal(&ctx, (unsigned char *)&(dataB->data[bl]), &k); + if (i < 0) { + PEMerror(PEM_R_BAD_BASE64_DECODE); goto err; - } - bl+=k; - - if (bl == 0) goto err; - *name=nameB->data; - *header=headerB->data; - *data=(unsigned char *)dataB->data; - *len=bl; - OPENSSL_free(nameB); - OPENSSL_free(headerB); - OPENSSL_free(dataB); - return(1); + } + bl += k; + + if (bl == 0) + goto err; + *name = nameB->data; + *header = headerB->data; + *data = (unsigned char *)dataB->data; + *len = bl; + free(nameB); + free(headerB); + free(dataB); + return (1); + err: BUF_MEM_free(nameB); BUF_MEM_free(headerB); BUF_MEM_free(dataB); - return(0); - } + return (0); +} + +/* Check pem string and return prefix length. + * If for example the pem_str == "RSA PRIVATE KEY" and suffix = "PRIVATE KEY" + * the return value is 3 for the string "RSA". + */ + +int +pem_check_suffix(const char *pem_str, const char *suffix) +{ + int pem_len = strlen(pem_str); + int suffix_len = strlen(suffix); + const char *p; + + if (suffix_len + 1 >= pem_len) + return 0; + p = pem_str + pem_len - suffix_len; + if (strcmp(p, suffix)) + return 0; + p--; + if (*p != ' ') + return 0; + return p - pem_str; +} diff --git a/src/lib/libcrypto/pem/pem_oth.c b/src/lib/libcrypto/pem/pem_oth.c index 8d9064ea7c8..21498cb6b5b 100644 --- a/src/lib/libcrypto/pem/pem_oth.c +++ b/src/lib/libcrypto/pem/pem_oth.c @@ -1,25 +1,25 @@ -/* crypto/pem/pem_oth.c */ +/* $OpenBSD: pem_oth.c,v 1.8 2017/01/29 17:49:23 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,29 +57,31 @@ */ #include -#include "cryptlib.h" + #include -#include +#include #include -#include -#include +#include #include +#include /* Handle 'other' PEMs: not private keys */ -char *PEM_ASN1_read_bio(char *(*d2i)(), const char *name, BIO *bp, char **x, - pem_password_cb *cb, void *u) - { - unsigned char *p=NULL,*data=NULL; +void * +PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x, + pem_password_cb *cb, void *u) +{ + const unsigned char *p = NULL; + unsigned char *data = NULL; long len; - char *ret=NULL; + char *ret = NULL; if (!PEM_bytes_read_bio(&data, &len, NULL, name, bp, cb, u)) return NULL; p = data; - ret=d2i(x,&p,len); + ret = d2i(x, &p, len); if (ret == NULL) - PEMerr(PEM_F_PEM_ASN1_READ_BIO,ERR_R_ASN1_LIB); - OPENSSL_free(data); - return(ret); - } + PEMerror(ERR_R_ASN1_LIB); + free(data); + return (ret); +} diff --git a/src/lib/libcrypto/pem/pem_pk8.c b/src/lib/libcrypto/pem/pem_pk8.c index f44182ffb5a..43581905f03 100644 --- a/src/lib/libcrypto/pem/pem_pk8.c +++ b/src/lib/libcrypto/pem/pem_pk8.c @@ -1,25 +1,25 @@ -/* crypto/pem/pem_pkey.c */ +/* $OpenBSD: pem_pk8.c,v 1.13 2017/01/29 17:49:23 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,23 +57,20 @@ */ #include -#include "cryptlib.h" +#include + #include -#include +#include #include -#include -#include -#include +#include #include +#include +#include -static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, - int nid, const EVP_CIPHER *enc, - char *kstr, int klen, - pem_password_cb *cb, void *u); -static int do_pk8pkey_fp(FILE *bp, EVP_PKEY *x, int isder, - int nid, const EVP_CIPHER *enc, - char *kstr, int klen, - pem_password_cb *cb, void *u); +static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, + const EVP_CIPHER *enc, char *kstr, int klen, pem_password_cb *cb, void *u); +static int do_pk8pkey_fp(FILE *bp, EVP_PKEY *x, int isder, int nid, + const EVP_CIPHER *enc, char *kstr, int klen, pem_password_cb *cb, void *u); /* These functions write a private key in PKCS#8 format: it is a "drop in" * replacement for PEM_write_bio_PrivateKey() and friends. As usual if 'enc' @@ -81,163 +78,229 @@ static int do_pk8pkey_fp(FILE *bp, EVP_PKEY *x, int isder, * uses PKCS#5 v1.5 PBE algorithms whereas the others use PKCS#5 v2.0. */ -int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid, - char *kstr, int klen, - pem_password_cb *cb, void *u) +int +PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid, char *kstr, + int klen, pem_password_cb *cb, void *u) { return do_pk8pkey(bp, x, 0, nid, NULL, kstr, klen, cb, u); } -int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, - char *kstr, int klen, - pem_password_cb *cb, void *u) +int +PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, + char *kstr, int klen, pem_password_cb *cb, void *u) { return do_pk8pkey(bp, x, 0, -1, enc, kstr, klen, cb, u); } -int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, - char *kstr, int klen, - pem_password_cb *cb, void *u) +int +i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, + char *kstr, int klen, pem_password_cb *cb, void *u) { return do_pk8pkey(bp, x, 1, -1, enc, kstr, klen, cb, u); } -int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid, - char *kstr, int klen, - pem_password_cb *cb, void *u) +int +i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid, + char *kstr, int klen, pem_password_cb *cb, void *u) { return do_pk8pkey(bp, x, 1, nid, NULL, kstr, klen, cb, u); } -static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER *enc, - char *kstr, int klen, - pem_password_cb *cb, void *u) +static int +do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER *enc, + char *kstr, int klen, pem_password_cb *cb, void *u) { X509_SIG *p8; PKCS8_PRIV_KEY_INFO *p8inf; char buf[PEM_BUFSIZE]; int ret; - if(!(p8inf = EVP_PKEY2PKCS8(x))) { - PEMerr(PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY, - PEM_R_ERROR_CONVERTING_PRIVATE_KEY); + + if (!(p8inf = EVP_PKEY2PKCS8(x))) { + PEMerror(PEM_R_ERROR_CONVERTING_PRIVATE_KEY); return 0; } - if(enc || (nid != -1)) { - if(!kstr) { - if(!cb) klen = PEM_def_callback(buf, PEM_BUFSIZE, 1, u); - else klen = cb(buf, PEM_BUFSIZE, 1, u); - if(klen <= 0) { - PEMerr(PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY, - PEM_R_READ_KEY); + if (enc || (nid != -1)) { + if (!kstr) { + if (!cb) + klen = PEM_def_callback(buf, PEM_BUFSIZE, 1, u); + else + klen = cb(buf, PEM_BUFSIZE, 1, u); + if (klen <= 0) { + PEMerror(PEM_R_READ_KEY); PKCS8_PRIV_KEY_INFO_free(p8inf); return 0; } - + kstr = buf; } p8 = PKCS8_encrypt(nid, enc, kstr, klen, NULL, 0, 0, p8inf); - if(kstr == buf) memset(buf, 0, klen); + if (kstr == buf) + explicit_bzero(buf, klen); PKCS8_PRIV_KEY_INFO_free(p8inf); - if(isder) ret = i2d_PKCS8_bio(bp, p8); - else ret = PEM_write_bio_PKCS8(bp, p8); + if (isder) + ret = i2d_PKCS8_bio(bp, p8); + else + ret = PEM_write_bio_PKCS8(bp, p8); X509_SIG_free(p8); return ret; } else { - if(isder) ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf); - else ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(bp, p8inf); + if (isder) + ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf); + else + ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(bp, p8inf); PKCS8_PRIV_KEY_INFO_free(p8inf); return ret; } } -EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u) +EVP_PKEY * +d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u) { PKCS8_PRIV_KEY_INFO *p8inf = NULL; X509_SIG *p8 = NULL; int klen; EVP_PKEY *ret; char psbuf[PEM_BUFSIZE]; + p8 = d2i_PKCS8_bio(bp, NULL); - if(!p8) return NULL; - if (cb) klen=cb(psbuf,PEM_BUFSIZE,0,u); - else klen=PEM_def_callback(psbuf,PEM_BUFSIZE,0,u); + if (!p8) + return NULL; + if (cb) + klen = cb(psbuf, PEM_BUFSIZE, 0, u); + else + klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u); if (klen <= 0) { - PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_BIO, PEM_R_BAD_PASSWORD_READ); + PEMerror(PEM_R_BAD_PASSWORD_READ); X509_SIG_free(p8); - return NULL; + return NULL; } p8inf = PKCS8_decrypt(p8, psbuf, klen); X509_SIG_free(p8); - if(!p8inf) return NULL; + if (!p8inf) + return NULL; ret = EVP_PKCS82PKEY(p8inf); PKCS8_PRIV_KEY_INFO_free(p8inf); - if(!ret) return NULL; - if(x) { - if(*x) EVP_PKEY_free(*x); + if (!ret) + return NULL; + if (x) { + EVP_PKEY_free(*x); *x = ret; } return ret; } -#ifndef OPENSSL_NO_FP_API -int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, - char *kstr, int klen, - pem_password_cb *cb, void *u) +int +i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, + char *kstr, int klen, pem_password_cb *cb, void *u) { return do_pk8pkey_fp(fp, x, 1, -1, enc, kstr, klen, cb, u); } -int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid, - char *kstr, int klen, - pem_password_cb *cb, void *u) +int +i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid, char *kstr, + int klen, pem_password_cb *cb, void *u) { return do_pk8pkey_fp(fp, x, 1, nid, NULL, kstr, klen, cb, u); } -int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid, - char *kstr, int klen, - pem_password_cb *cb, void *u) +int +PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid, char *kstr, + int klen, pem_password_cb *cb, void *u) { return do_pk8pkey_fp(fp, x, 0, nid, NULL, kstr, klen, cb, u); } -int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, - char *kstr, int klen, pem_password_cb *cb, void *u) +int +PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, + char *kstr, int klen, pem_password_cb *cb, void *u) { return do_pk8pkey_fp(fp, x, 0, -1, enc, kstr, klen, cb, u); } -static int do_pk8pkey_fp(FILE *fp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER *enc, - char *kstr, int klen, - pem_password_cb *cb, void *u) +static int +do_pk8pkey_fp(FILE *fp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER *enc, + char *kstr, int klen, pem_password_cb *cb, void *u) { BIO *bp; int ret; - if(!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) { - PEMerr(PEM_F_PEM_F_DO_PK8KEY_FP,ERR_R_BUF_LIB); - return(0); + + if (!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) { + PEMerror(ERR_R_BUF_LIB); + return (0); } ret = do_pk8pkey(bp, x, isder, nid, enc, kstr, klen, cb, u); BIO_free(bp); return ret; } -EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u) +EVP_PKEY * +d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u) { BIO *bp; EVP_PKEY *ret; - if(!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) { - PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_FP,ERR_R_BUF_LIB); - return NULL; + + if (!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) { + PEMerror(ERR_R_BUF_LIB); + return NULL; } ret = d2i_PKCS8PrivateKey_bio(bp, x, cb, u); BIO_free(bp); return ret; } -#endif +X509_SIG * +PEM_read_PKCS8(FILE *fp, X509_SIG **x, pem_password_cb *cb, void *u) +{ + return PEM_ASN1_read((d2i_of_void *)d2i_X509_SIG, PEM_STRING_PKCS8, fp, + (void **)x, cb, u); +} -IMPLEMENT_PEM_rw(PKCS8, X509_SIG, PEM_STRING_PKCS8, X509_SIG) -IMPLEMENT_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO, PEM_STRING_PKCS8INF, - PKCS8_PRIV_KEY_INFO) +int +PEM_write_PKCS8(FILE *fp, X509_SIG *x) +{ + return PEM_ASN1_write((i2d_of_void *)i2d_X509_SIG, PEM_STRING_PKCS8, fp, + x, NULL, NULL, 0, NULL, NULL); +} + +X509_SIG * +PEM_read_bio_PKCS8(BIO *bp, X509_SIG **x, pem_password_cb *cb, void *u) +{ + return PEM_ASN1_read_bio((d2i_of_void *)d2i_X509_SIG, PEM_STRING_PKCS8, bp, + (void **)x, cb, u); +} + +int +PEM_write_bio_PKCS8(BIO *bp, X509_SIG *x) +{ + return PEM_ASN1_write_bio((i2d_of_void *)i2d_X509_SIG, PEM_STRING_PKCS8, bp, + x, NULL, NULL, 0, NULL, NULL); +} + +PKCS8_PRIV_KEY_INFO * +PEM_read_PKCS8_PRIV_KEY_INFO(FILE *fp, PKCS8_PRIV_KEY_INFO **x, pem_password_cb *cb, void *u) +{ + return PEM_ASN1_read((d2i_of_void *)d2i_PKCS8_PRIV_KEY_INFO, PEM_STRING_PKCS8INF, fp, + (void **)x, cb, u); +} + +int +PEM_write_PKCS8_PRIV_KEY_INFO(FILE *fp, PKCS8_PRIV_KEY_INFO *x) +{ + return PEM_ASN1_write((i2d_of_void *)i2d_PKCS8_PRIV_KEY_INFO, PEM_STRING_PKCS8INF, fp, + x, NULL, NULL, 0, NULL, NULL); +} + +PKCS8_PRIV_KEY_INFO * +PEM_read_bio_PKCS8_PRIV_KEY_INFO(BIO *bp, PKCS8_PRIV_KEY_INFO **x, pem_password_cb *cb, void *u) +{ + return PEM_ASN1_read_bio((d2i_of_void *)d2i_PKCS8_PRIV_KEY_INFO, PEM_STRING_PKCS8INF, bp, + (void **)x, cb, u); +} + +int +PEM_write_bio_PKCS8_PRIV_KEY_INFO(BIO *bp, PKCS8_PRIV_KEY_INFO *x) +{ + return PEM_ASN1_write_bio((i2d_of_void *)i2d_PKCS8_PRIV_KEY_INFO, PEM_STRING_PKCS8INF, bp, + x, NULL, NULL, 0, NULL, NULL); +} diff --git a/src/lib/libcrypto/pem/pem_pkey.c b/src/lib/libcrypto/pem/pem_pkey.c index d96ecf69406..89181a25f70 100644 --- a/src/lib/libcrypto/pem/pem_pkey.c +++ b/src/lib/libcrypto/pem/pem_pkey.c @@ -1,25 +1,25 @@ -/* crypto/pem/pem_pkey.c */ +/* $OpenBSD: pem_pkey.c,v 1.23 2017/05/02 03:59:44 deraadt Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,84 +57,195 @@ */ #include -#include "cryptlib.h" +#include + +#include + #include -#include +#include #include -#include -#include -#include +#include #include +#include +#include + +#ifndef OPENSSL_NO_ENGINE +#include +#endif +#include "asn1_locl.h" -EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u) - { - char *nm=NULL; - unsigned char *p=NULL,*data=NULL; +int pem_check_suffix(const char *pem_str, const char *suffix); + +EVP_PKEY * +PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u) +{ + char *nm = NULL; + const unsigned char *p = NULL; + unsigned char *data = NULL; long len; - EVP_PKEY *ret=NULL; + int slen; + EVP_PKEY *ret = NULL; - if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_EVP_PKEY, bp, cb, u)) + if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_EVP_PKEY, + bp, cb, u)) return NULL; p = data; - if (strcmp(nm,PEM_STRING_RSA) == 0) - ret=d2i_PrivateKey(EVP_PKEY_RSA,x,&p,len); - else if (strcmp(nm,PEM_STRING_DSA) == 0) - ret=d2i_PrivateKey(EVP_PKEY_DSA,x,&p,len); - else if (strcmp(nm,PEM_STRING_PKCS8INF) == 0) { + if (strcmp(nm, PEM_STRING_PKCS8INF) == 0) { PKCS8_PRIV_KEY_INFO *p8inf; - p8inf=d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len); - if(!p8inf) goto p8err; + p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len); + if (!p8inf) + goto p8err; ret = EVP_PKCS82PKEY(p8inf); + if (x) { + EVP_PKEY_free(*x); + *x = ret; + } PKCS8_PRIV_KEY_INFO_free(p8inf); - } else if (strcmp(nm,PEM_STRING_PKCS8) == 0) { + } else if (strcmp(nm, PEM_STRING_PKCS8) == 0) { PKCS8_PRIV_KEY_INFO *p8inf; X509_SIG *p8; int klen; char psbuf[PEM_BUFSIZE]; p8 = d2i_X509_SIG(NULL, &p, len); - if(!p8) goto p8err; - if (cb) klen=cb(psbuf,PEM_BUFSIZE,0,u); - else klen=PEM_def_callback(psbuf,PEM_BUFSIZE,0,u); + if (!p8) + goto p8err; + if (cb) + klen = cb(psbuf, PEM_BUFSIZE, 0, u); + else + klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u); if (klen <= 0) { - PEMerr(PEM_F_PEM_ASN1_READ_BIO, - PEM_R_BAD_PASSWORD_READ); + PEMerror(PEM_R_BAD_PASSWORD_READ); + X509_SIG_free(p8); goto err; } p8inf = PKCS8_decrypt(p8, psbuf, klen); X509_SIG_free(p8); - if(!p8inf) goto p8err; + if (!p8inf) + goto p8err; ret = EVP_PKCS82PKEY(p8inf); - if(x) { - if(*x) EVP_PKEY_free((EVP_PKEY *)*x); + if (x) { + EVP_PKEY_free(*x); *x = ret; } PKCS8_PRIV_KEY_INFO_free(p8inf); + } else if ((slen = pem_check_suffix(nm, "PRIVATE KEY")) > 0) { + const EVP_PKEY_ASN1_METHOD *ameth; + ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen); + if (!ameth || !ameth->old_priv_decode) + goto p8err; + ret = d2i_PrivateKey(ameth->pkey_id, x, &p, len); } + p8err: if (ret == NULL) - PEMerr(PEM_F_PEM_ASN1_READ_BIO,ERR_R_ASN1_LIB); + PEMerror(ERR_R_ASN1_LIB); err: - OPENSSL_free(nm); - OPENSSL_free(data); - return(ret); - } + free(nm); + freezero(data, len); + return (ret); +} + +int +PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, + unsigned char *kstr, int klen, pem_password_cb *cb, void *u) +{ + char pem_str[80]; -#ifndef OPENSSL_NO_FP_API -EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u) - { - BIO *b; - EVP_PKEY *ret; + if (!x->ameth || x->ameth->priv_encode) + return PEM_write_bio_PKCS8PrivateKey(bp, x, enc, + (char *)kstr, klen, cb, u); - if ((b=BIO_new(BIO_s_file())) == NULL) - { - PEMerr(PEM_F_PEM_ASN1_READ,ERR_R_BUF_LIB); - return(0); + (void) snprintf(pem_str, sizeof(pem_str), "%s PRIVATE KEY", + x->ameth->pem_str); + return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey, + pem_str, bp, x, enc, kstr, klen, cb, u); +} + +EVP_PKEY * +PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x) +{ + char *nm = NULL; + const unsigned char *p = NULL; + unsigned char *data = NULL; + long len; + int slen; + EVP_PKEY *ret = NULL; + + if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_PARAMETERS, + bp, 0, NULL)) + return NULL; + p = data; + + if ((slen = pem_check_suffix(nm, "PARAMETERS")) > 0) { + ret = EVP_PKEY_new(); + if (!ret) + goto err; + if (!EVP_PKEY_set_type_str(ret, nm, slen) || + !ret->ameth->param_decode || + !ret->ameth->param_decode(ret, &p, len)) { + EVP_PKEY_free(ret); + ret = NULL; + goto err; + } + if (x) { + EVP_PKEY_free(*x); + *x = ret; } - BIO_set_fp(b,fp,BIO_NOCLOSE); - ret=PEM_read_bio_PrivateKey(b,x,cb,u); - BIO_free(b); - return(ret); } -#endif + +err: + if (ret == NULL) + PEMerror(ERR_R_ASN1_LIB); + free(nm); + free(data); + return (ret); +} + +int +PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x) +{ + char pem_str[80]; + + if (!x->ameth || !x->ameth->param_encode) + return 0; + + (void) snprintf(pem_str, sizeof(pem_str), "%s PARAMETERS", + x->ameth->pem_str); + return PEM_ASN1_write_bio((i2d_of_void *)x->ameth->param_encode, + pem_str, bp, x, NULL, NULL, 0, 0, NULL); +} + +EVP_PKEY * +PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u) +{ + BIO *b; + EVP_PKEY *ret; + + if ((b = BIO_new(BIO_s_file())) == NULL) { + PEMerror(ERR_R_BUF_LIB); + return (0); + } + BIO_set_fp(b, fp, BIO_NOCLOSE); + ret = PEM_read_bio_PrivateKey(b, x, cb, u); + BIO_free(b); + return (ret); +} + +int +PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, + unsigned char *kstr, int klen, pem_password_cb *cb, void *u) +{ + BIO *b; + int ret; + + if ((b = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) { + PEMerror(ERR_R_BUF_LIB); + return 0; + } + ret = PEM_write_bio_PrivateKey(b, x, enc, kstr, klen, cb, u); + BIO_free(b); + return ret; +} + diff --git a/src/lib/libcrypto/pem/pem_seal.c b/src/lib/libcrypto/pem/pem_seal.c index ae463a301de..c6d61fff0fc 100644 --- a/src/lib/libcrypto/pem/pem_seal.c +++ b/src/lib/libcrypto/pem/pem_seal.c @@ -1,25 +1,25 @@ -/* crypto/pem/pem_seal.c */ +/* $OpenBSD: pem_seal.c,v 1.24 2017/01/29 17:49:23 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,139 +49,156 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ -#ifndef OPENSSL_NO_RSA #include -#include "cryptlib.h" +#include + +#include /* for OPENSSL_NO_RSA */ + +#ifndef OPENSSL_NO_RSA + +#include #include -#include #include -#include #include +#include +#include -int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type, - unsigned char **ek, int *ekl, unsigned char *iv, EVP_PKEY **pubk, - int npubk) - { +static void +PEM_ENCODE_SEAL_CTX_cleanup(PEM_ENCODE_SEAL_CTX *ctx) +{ + EVP_CIPHER_CTX_cleanup(&ctx->cipher); + EVP_MD_CTX_cleanup(&ctx->md); + explicit_bzero(&ctx->encode, sizeof(ctx->encode)); +} + +int +PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type, + unsigned char **ek, int *ekl, unsigned char *iv, EVP_PKEY **pubk, int npubk) +{ unsigned char key[EVP_MAX_KEY_LENGTH]; - int ret= -1; - int i,j,max=0; - char *s=NULL; - - for (i=0; itype != EVP_PKEY_RSA) - { - PEMerr(PEM_F_PEM_SEALINIT,PEM_R_PUBLIC_KEY_NO_RSA); + int ret = -1; + int i, j, max = 0; + char *s = NULL; + + /* + * Make sure ctx is properly initialized so that we can always pass + * it to PEM_ENCODE_SEAL_CTX_cleanup() in the error path. + */ + EVP_EncodeInit(&ctx->encode); + EVP_MD_CTX_init(&ctx->md); + EVP_CIPHER_CTX_init(&ctx->cipher); + + for (i = 0; i < npubk; i++) { + if (pubk[i]->type != EVP_PKEY_RSA) { + PEMerror(PEM_R_PUBLIC_KEY_NO_RSA); goto err; - } - j=RSA_size(pubk[i]->pkey.rsa); - if (j > max) max=j; } - s=(char *)OPENSSL_malloc(max*2); - if (s == NULL) - { - PEMerr(PEM_F_PEM_SEALINIT,ERR_R_MALLOC_FAILURE); + j = RSA_size(pubk[i]->pkey.rsa); + if (j > max) + max = j; + } + s = reallocarray(NULL, max, 2); + if (s == NULL) { + PEMerror(ERR_R_MALLOC_FAILURE); goto err; - } - - EVP_EncodeInit(&ctx->encode); + } - EVP_MD_CTX_init(&ctx->md); - EVP_SignInit(&ctx->md,md_type); + if (!EVP_SignInit(&ctx->md, md_type)) + goto err; - EVP_CIPHER_CTX_init(&ctx->cipher); - ret=EVP_SealInit(&ctx->cipher,type,ek,ekl,iv,pubk,npubk); - if (!ret) goto err; + ret = EVP_SealInit(&ctx->cipher, type, ek, ekl, iv, pubk, npubk); + if (ret <= 0) + goto err; /* base64 encode the keys */ - for (i=0; ipkey.rsa)); - ekl[i]=j; - memcpy(ek[i],s,j+1); - } + for (i = 0; i < npubk; i++) { + j = EVP_EncodeBlock((unsigned char *)s, ek[i], + RSA_size(pubk[i]->pkey.rsa)); + ekl[i] = j; + memcpy(ek[i], s, j + 1); + } + + ret = npubk; - ret=npubk; + if (0) { err: - if (s != NULL) OPENSSL_free(s); - memset(key,0,EVP_MAX_KEY_LENGTH); - return(ret); + PEM_ENCODE_SEAL_CTX_cleanup(ctx); } - -void PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl, - unsigned char *in, int inl) - { + free(s); + explicit_bzero(key, sizeof(key)); + return (ret); +} + +void +PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl, + unsigned char *in, int inl) +{ unsigned char buffer[1600]; - int i,j; + int i, j; - *outl=0; - EVP_SignUpdate(&ctx->md,in,inl); - for (;;) - { - if (inl <= 0) break; + *outl = 0; + EVP_SignUpdate(&ctx->md, in, inl); + for (;;) { + if (inl <= 0) + break; if (inl > 1200) - i=1200; + i = 1200; else - i=inl; - EVP_EncryptUpdate(&ctx->cipher,buffer,&j,in,i); - EVP_EncodeUpdate(&ctx->encode,out,&j,buffer,j); - *outl+=j; - out+=j; - in+=i; - inl-=i; - } + i = inl; + EVP_EncryptUpdate(&ctx->cipher, buffer, &j, in, i); + EVP_EncodeUpdate(&ctx->encode, out, &j, buffer, j); + *outl += j; + out += j; + in += i; + inl -= i; } - -int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl, - unsigned char *out, int *outl, EVP_PKEY *priv) - { - unsigned char *s=NULL; - int ret=0,j; +} + +int +PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl, + unsigned char *out, int *outl, EVP_PKEY *priv) +{ + unsigned char *s = NULL; + int ret = 0, j; unsigned int i; - if (priv->type != EVP_PKEY_RSA) - { - PEMerr(PEM_F_PEM_SEALFINAL,PEM_R_PUBLIC_KEY_NO_RSA); + if (priv->type != EVP_PKEY_RSA) { + PEMerror(PEM_R_PUBLIC_KEY_NO_RSA); goto err; - } - i=RSA_size(priv->pkey.rsa); - if (i < 100) i=100; - s=(unsigned char *)OPENSSL_malloc(i*2); - if (s == NULL) - { - PEMerr(PEM_F_PEM_SEALFINAL,ERR_R_MALLOC_FAILURE); + } + i = RSA_size(priv->pkey.rsa); + if (i < 100) + i = 100; + s = reallocarray(NULL, i, 2); + if (s == NULL) { + PEMerror(ERR_R_MALLOC_FAILURE); goto err; - } - - EVP_EncryptFinal_ex(&ctx->cipher,s,(int *)&i); - EVP_EncodeUpdate(&ctx->encode,out,&j,s,i); - *outl=j; - out+=j; - EVP_EncodeFinal(&ctx->encode,out,&j); - *outl+=j; + } - if (!EVP_SignFinal(&ctx->md,s,&i,priv)) goto err; - *sigl=EVP_EncodeBlock(sig,s,i); + if (!EVP_EncryptFinal_ex(&ctx->cipher, s, (int *)&i)) + goto err; + EVP_EncodeUpdate(&ctx->encode, out, &j, s, i); + *outl = j; + out += j; + EVP_EncodeFinal(&ctx->encode, out, &j); + *outl += j; - ret=1; -err: - EVP_MD_CTX_cleanup(&ctx->md); - EVP_CIPHER_CTX_cleanup(&ctx->cipher); - if (s != NULL) OPENSSL_free(s); - return(ret); - } -#else /* !OPENSSL_NO_RSA */ + if (!EVP_SignFinal(&ctx->md, s, &i, priv)) + goto err; + *sigl = EVP_EncodeBlock(sig, s, i); -# if PEDANTIC -static void *dummy=&dummy; -# endif + ret = 1; +err: + PEM_ENCODE_SEAL_CTX_cleanup(ctx); + free(s); + return (ret); +} #endif diff --git a/src/lib/libcrypto/pem/pem_sign.c b/src/lib/libcrypto/pem/pem_sign.c index c3b9808cb20..fddeec79f3e 100644 --- a/src/lib/libcrypto/pem/pem_sign.c +++ b/src/lib/libcrypto/pem/pem_sign.c @@ -1,25 +1,25 @@ -/* crypto/pem/pem_sign.c */ +/* $OpenBSD: pem_sign.c,v 1.14 2018/08/24 19:51:31 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,46 +57,49 @@ */ #include -#include "cryptlib.h" -#include + +#include #include #include -#include #include +#include -void PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type) - { - EVP_DigestInit_ex(ctx, type, NULL); - } +int +PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type) +{ + return EVP_DigestInit_ex(ctx, type, NULL); +} -void PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data, - unsigned int count) - { - EVP_DigestUpdate(ctx,data,count); - } +int +PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data, + unsigned int count) +{ + return EVP_DigestUpdate(ctx, data, count); +} -int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, - EVP_PKEY *pkey) - { +int +PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, + EVP_PKEY *pkey) +{ unsigned char *m; - int i,ret=0; + int i, ret = 0; unsigned int m_len; - m=(unsigned char *)OPENSSL_malloc(EVP_PKEY_size(pkey)+2); - if (m == NULL) - { - PEMerr(PEM_F_PEM_SIGNFINAL,ERR_R_MALLOC_FAILURE); + m = malloc(EVP_PKEY_size(pkey) + 2); + if (m == NULL) { + PEMerror(ERR_R_MALLOC_FAILURE); goto err; - } + } - if (EVP_SignFinal(ctx,m,&m_len,pkey) <= 0) goto err; + if (EVP_SignFinal(ctx, m, &m_len, pkey) <= 0) + goto err; + + i = EVP_EncodeBlock(sigret, m, m_len); + *siglen = i; + ret = 1; - i=EVP_EncodeBlock(sigret,m,m_len); - *siglen=i; - ret=1; err: /* ctx has been zeroed by EVP_SignFinal() */ - if (m != NULL) OPENSSL_free(m); - return(ret); - } - + free(m); + return (ret); +} diff --git a/src/lib/libcrypto/pem/pem_x509.c b/src/lib/libcrypto/pem/pem_x509.c index 19f88d8d3a6..f440a9f0aa3 100644 --- a/src/lib/libcrypto/pem/pem_x509.c +++ b/src/lib/libcrypto/pem/pem_x509.c @@ -1,5 +1,5 @@ -/* pem_x509.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: pem_x509.c,v 1.8 2016/09/04 16:10:38 jsing Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2001. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,13 +57,38 @@ */ #include -#undef SSLEAY_MACROS -#include "cryptlib.h" + #include #include -#include -#include #include +#include +#include + + +X509 * +PEM_read_X509(FILE *fp, X509 **x, pem_password_cb *cb, void *u) +{ + return PEM_ASN1_read((d2i_of_void *)d2i_X509, PEM_STRING_X509, fp, + (void **)x, cb, u); +} + +int +PEM_write_X509(FILE *fp, X509 *x) +{ + return PEM_ASN1_write((i2d_of_void *)i2d_X509, PEM_STRING_X509, fp, + x, NULL, NULL, 0, NULL, NULL); +} -IMPLEMENT_PEM_rw(X509, X509, PEM_STRING_X509, X509) +X509 * +PEM_read_bio_X509(BIO *bp, X509 **x, pem_password_cb *cb, void *u) +{ + return PEM_ASN1_read_bio((d2i_of_void *)d2i_X509, PEM_STRING_X509, bp, + (void **)x, cb, u); +} +int +PEM_write_bio_X509(BIO *bp, X509 *x) +{ + return PEM_ASN1_write_bio((i2d_of_void *)i2d_X509, PEM_STRING_X509, bp, + x, NULL, NULL, 0, NULL, NULL); +} diff --git a/src/lib/libcrypto/pem/pem_xaux.c b/src/lib/libcrypto/pem/pem_xaux.c index 2f579b54213..0dd81523b58 100644 --- a/src/lib/libcrypto/pem/pem_xaux.c +++ b/src/lib/libcrypto/pem/pem_xaux.c @@ -1,5 +1,5 @@ -/* pem_xaux.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: pem_xaux.c,v 1.9 2016/09/04 16:10:38 jsing Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2001. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,12 +57,66 @@ */ #include -#undef SSLEAY_MACROS -#include "cryptlib.h" + #include #include -#include -#include #include +#include +#include + + +X509 * +PEM_read_X509_AUX(FILE *fp, X509 **x, pem_password_cb *cb, void *u) +{ + return PEM_ASN1_read((d2i_of_void *)d2i_X509_AUX, PEM_STRING_X509_TRUSTED, fp, + (void **)x, cb, u); +} + +int +PEM_write_X509_AUX(FILE *fp, X509 *x) +{ + return PEM_ASN1_write((i2d_of_void *)i2d_X509_AUX, PEM_STRING_X509_TRUSTED, fp, + x, NULL, NULL, 0, NULL, NULL); +} + +X509 * +PEM_read_bio_X509_AUX(BIO *bp, X509 **x, pem_password_cb *cb, void *u) +{ + return PEM_ASN1_read_bio((d2i_of_void *)d2i_X509_AUX, PEM_STRING_X509_TRUSTED, bp, + (void **)x, cb, u); +} + +int +PEM_write_bio_X509_AUX(BIO *bp, X509 *x) +{ + return PEM_ASN1_write_bio((i2d_of_void *)i2d_X509_AUX, PEM_STRING_X509_TRUSTED, bp, + x, NULL, NULL, 0, NULL, NULL); +} + +X509_CERT_PAIR * +PEM_read_X509_CERT_PAIR(FILE *fp, X509_CERT_PAIR **x, pem_password_cb *cb, void *u) +{ + return PEM_ASN1_read((d2i_of_void *)d2i_X509_CERT_PAIR, PEM_STRING_X509_PAIR, fp, + (void **)x, cb, u); +} + +int +PEM_write_X509_CERT_PAIR(FILE *fp, X509_CERT_PAIR *x) +{ + return PEM_ASN1_write((i2d_of_void *)i2d_X509_CERT_PAIR, PEM_STRING_X509_PAIR, fp, + x, NULL, NULL, 0, NULL, NULL); +} + +X509_CERT_PAIR * +PEM_read_bio_X509_CERT_PAIR(BIO *bp, X509_CERT_PAIR **x, pem_password_cb *cb, void *u) +{ + return PEM_ASN1_read_bio((d2i_of_void *)d2i_X509_CERT_PAIR, PEM_STRING_X509_PAIR, bp, + (void **)x, cb, u); +} -IMPLEMENT_PEM_rw(X509_AUX, X509, PEM_STRING_X509_TRUSTED, X509_AUX) +int +PEM_write_bio_X509_CERT_PAIR(BIO *bp, X509_CERT_PAIR *x) +{ + return PEM_ASN1_write_bio((i2d_of_void *)i2d_X509_CERT_PAIR, PEM_STRING_X509_PAIR, bp, + x, NULL, NULL, 0, NULL, NULL); +} diff --git a/src/lib/libcrypto/pem/pvkfmt.c b/src/lib/libcrypto/pem/pvkfmt.c new file mode 100644 index 00000000000..76cc6fefe35 --- /dev/null +++ b/src/lib/libcrypto/pem/pvkfmt.c @@ -0,0 +1,930 @@ +/* $OpenBSD: pvkfmt.c,v 1.20 2018/08/05 11:19:25 bcook Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2005. + */ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* Support for PVK format keys and related structures (such a PUBLICKEYBLOB + * and PRIVATEKEYBLOB). + */ + +#include +#include + +#include + +#include +#include +#include + +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA) +#include +#include + +#include "bn_lcl.h" + +/* Utility function: read a DWORD (4 byte unsigned integer) in little endian + * format + */ + +static unsigned int +read_ledword(const unsigned char **in) +{ + const unsigned char *p = *in; + unsigned int ret; + + ret = *p++; + ret |= (*p++ << 8); + ret |= (*p++ << 16); + ret |= (*p++ << 24); + *in = p; + return ret; +} + +/* Read a BIGNUM in little endian format. The docs say that this should take up + * bitlen/8 bytes. + */ + +static int +read_lebn(const unsigned char **in, unsigned int nbyte, BIGNUM **r) +{ + const unsigned char *p; + unsigned char *tmpbuf, *q; + unsigned int i; + + p = *in + nbyte - 1; + tmpbuf = malloc(nbyte); + if (!tmpbuf) + return 0; + q = tmpbuf; + for (i = 0; i < nbyte; i++) + *q++ = *p--; + *r = BN_bin2bn(tmpbuf, nbyte, NULL); + free(tmpbuf); + if (*r) { + *in += nbyte; + return 1; + } else + return 0; +} + + +/* Convert private key blob to EVP_PKEY: RSA and DSA keys supported */ + +#define MS_PUBLICKEYBLOB 0x6 +#define MS_PRIVATEKEYBLOB 0x7 +#define MS_RSA1MAGIC 0x31415352L +#define MS_RSA2MAGIC 0x32415352L +#define MS_DSS1MAGIC 0x31535344L +#define MS_DSS2MAGIC 0x32535344L + +#define MS_KEYALG_RSA_KEYX 0xa400 +#define MS_KEYALG_DSS_SIGN 0x2200 + +#define MS_KEYTYPE_KEYX 0x1 +#define MS_KEYTYPE_SIGN 0x2 + +/* The PVK file magic number: seems to spell out "bobsfile", who is Bob? */ +#define MS_PVKMAGIC 0xb0b5f11eL +/* Salt length for PVK files */ +#define PVK_SALTLEN 0x10 + +static EVP_PKEY *b2i_rsa(const unsigned char **in, unsigned int length, + unsigned int bitlen, int ispub); +static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length, + unsigned int bitlen, int ispub); + +static int +do_blob_header(const unsigned char **in, unsigned int length, + unsigned int *pmagic, unsigned int *pbitlen, int *pisdss, int *pispub) +{ + const unsigned char *p = *in; + + if (length < 16) + return 0; + /* bType */ + if (*p == MS_PUBLICKEYBLOB) { + if (*pispub == 0) { + PEMerror(PEM_R_EXPECTING_PRIVATE_KEY_BLOB); + return 0; + } + *pispub = 1; + } else if (*p == MS_PRIVATEKEYBLOB) { + if (*pispub == 1) { + PEMerror(PEM_R_EXPECTING_PUBLIC_KEY_BLOB); + return 0; + } + *pispub = 0; + } else + return 0; + p++; + /* Version */ + if (*p++ != 0x2) { + PEMerror(PEM_R_BAD_VERSION_NUMBER); + return 0; + } + /* Ignore reserved, aiKeyAlg */ + p += 6; + *pmagic = read_ledword(&p); + *pbitlen = read_ledword(&p); + if (*pbitlen > 65536) { + PEMerror(PEM_R_INCONSISTENT_HEADER); + return 0; + } + *pisdss = 0; + switch (*pmagic) { + + case MS_DSS1MAGIC: + *pisdss = 1; + case MS_RSA1MAGIC: + if (*pispub == 0) { + PEMerror(PEM_R_EXPECTING_PRIVATE_KEY_BLOB); + return 0; + } + break; + + case MS_DSS2MAGIC: + *pisdss = 1; + case MS_RSA2MAGIC: + if (*pispub == 1) { + PEMerror(PEM_R_EXPECTING_PUBLIC_KEY_BLOB); + return 0; + } + break; + + default: + PEMerror(PEM_R_BAD_MAGIC_NUMBER); + return -1; + } + *in = p; + return 1; +} + +static unsigned int +blob_length(unsigned bitlen, int isdss, int ispub) +{ + unsigned int nbyte, hnbyte; + + nbyte = (bitlen + 7) >> 3; + hnbyte = (bitlen + 15) >> 4; + if (isdss) { + + /* Expected length: 20 for q + 3 components bitlen each + 24 + * for seed structure. + */ + if (ispub) + return 44 + 3 * nbyte; + /* Expected length: 20 for q, priv, 2 bitlen components + 24 + * for seed structure. + */ + else + return 64 + 2 * nbyte; + } else { + /* Expected length: 4 for 'e' + 'n' */ + if (ispub) + return 4 + nbyte; + else + /* Expected length: 4 for 'e' and 7 other components. + * 2 components are bitlen size, 5 are bitlen/2 + */ + return 4 + 2*nbyte + 5*hnbyte; + } + +} + +static EVP_PKEY * +do_b2i(const unsigned char **in, unsigned int length, int ispub) +{ + const unsigned char *p = *in; + unsigned int bitlen, magic; + int isdss; + + if (do_blob_header(&p, length, &magic, &bitlen, &isdss, &ispub) <= 0) { + PEMerror(PEM_R_KEYBLOB_HEADER_PARSE_ERROR); + return NULL; + } + length -= 16; + if (length < blob_length(bitlen, isdss, ispub)) { + PEMerror(PEM_R_KEYBLOB_TOO_SHORT); + return NULL; + } + if (isdss) + return b2i_dss(&p, length, bitlen, ispub); + else + return b2i_rsa(&p, length, bitlen, ispub); +} + +static EVP_PKEY * +do_b2i_bio(BIO *in, int ispub) +{ + const unsigned char *p; + unsigned char hdr_buf[16], *buf = NULL; + unsigned int bitlen, magic, length; + int isdss; + EVP_PKEY *ret = NULL; + + if (BIO_read(in, hdr_buf, 16) != 16) { + PEMerror(PEM_R_KEYBLOB_TOO_SHORT); + return NULL; + } + p = hdr_buf; + if (do_blob_header(&p, 16, &magic, &bitlen, &isdss, &ispub) <= 0) + return NULL; + + length = blob_length(bitlen, isdss, ispub); + buf = malloc(length); + if (!buf) { + PEMerror(ERR_R_MALLOC_FAILURE); + goto err; + } + p = buf; + if (BIO_read(in, buf, length) != (int)length) { + PEMerror(PEM_R_KEYBLOB_TOO_SHORT); + goto err; + } + + if (isdss) + ret = b2i_dss(&p, length, bitlen, ispub); + else + ret = b2i_rsa(&p, length, bitlen, ispub); + +err: + free(buf); + return ret; +} + +static EVP_PKEY * +b2i_dss(const unsigned char **in, unsigned int length, unsigned int bitlen, + int ispub) +{ + const unsigned char *p = *in; + EVP_PKEY *ret = NULL; + DSA *dsa = NULL; + BN_CTX *ctx = NULL; + unsigned int nbyte; + + nbyte = (bitlen + 7) >> 3; + + dsa = DSA_new(); + ret = EVP_PKEY_new(); + if (!dsa || !ret) + goto memerr; + if (!read_lebn(&p, nbyte, &dsa->p)) + goto memerr; + if (!read_lebn(&p, 20, &dsa->q)) + goto memerr; + if (!read_lebn(&p, nbyte, &dsa->g)) + goto memerr; + if (ispub) { + if (!read_lebn(&p, nbyte, &dsa->pub_key)) + goto memerr; + } else { + if (!read_lebn(&p, 20, &dsa->priv_key)) + goto memerr; + /* Calculate public key */ + if (!(dsa->pub_key = BN_new())) + goto memerr; + if (!(ctx = BN_CTX_new())) + goto memerr; + if (!BN_mod_exp_ct(dsa->pub_key, dsa->g, + dsa->priv_key, dsa->p, ctx)) + goto memerr; + BN_CTX_free(ctx); + } + + EVP_PKEY_set1_DSA(ret, dsa); + DSA_free(dsa); + *in = p; + return ret; + +memerr: + PEMerror(ERR_R_MALLOC_FAILURE); + DSA_free(dsa); + EVP_PKEY_free(ret); + BN_CTX_free(ctx); + return NULL; +} + +static EVP_PKEY * +b2i_rsa(const unsigned char **in, unsigned int length, unsigned int bitlen, + int ispub) +{ + const unsigned char *p = *in; + EVP_PKEY *ret = NULL; + RSA *rsa = NULL; + unsigned int nbyte, hnbyte; + + nbyte = (bitlen + 7) >> 3; + hnbyte = (bitlen + 15) >> 4; + rsa = RSA_new(); + ret = EVP_PKEY_new(); + if (!rsa || !ret) + goto memerr; + rsa->e = BN_new(); + if (!rsa->e) + goto memerr; + if (!BN_set_word(rsa->e, read_ledword(&p))) + goto memerr; + if (!read_lebn(&p, nbyte, &rsa->n)) + goto memerr; + if (!ispub) { + if (!read_lebn(&p, hnbyte, &rsa->p)) + goto memerr; + if (!read_lebn(&p, hnbyte, &rsa->q)) + goto memerr; + if (!read_lebn(&p, hnbyte, &rsa->dmp1)) + goto memerr; + if (!read_lebn(&p, hnbyte, &rsa->dmq1)) + goto memerr; + if (!read_lebn(&p, hnbyte, &rsa->iqmp)) + goto memerr; + if (!read_lebn(&p, nbyte, &rsa->d)) + goto memerr; + } + + EVP_PKEY_set1_RSA(ret, rsa); + RSA_free(rsa); + *in = p; + return ret; + +memerr: + PEMerror(ERR_R_MALLOC_FAILURE); + RSA_free(rsa); + EVP_PKEY_free(ret); + return NULL; +} + +EVP_PKEY * +b2i_PrivateKey(const unsigned char **in, long length) +{ + return do_b2i(in, length, 0); +} + +EVP_PKEY * +b2i_PublicKey(const unsigned char **in, long length) +{ + return do_b2i(in, length, 1); +} + +EVP_PKEY * +b2i_PrivateKey_bio(BIO *in) +{ + return do_b2i_bio(in, 0); +} + +EVP_PKEY * +b2i_PublicKey_bio(BIO *in) +{ + return do_b2i_bio(in, 1); +} + +static void +write_ledword(unsigned char **out, unsigned int dw) +{ + unsigned char *p = *out; + + *p++ = dw & 0xff; + *p++ = (dw >> 8) & 0xff; + *p++ = (dw >> 16) & 0xff; + *p++ = (dw >> 24) & 0xff; + *out = p; +} + +static void +write_lebn(unsigned char **out, const BIGNUM *bn, int len) +{ + int nb, i; + unsigned char *p = *out, *q, c; + + nb = BN_num_bytes(bn); + BN_bn2bin(bn, p); + q = p + nb - 1; + /* In place byte order reversal */ + for (i = 0; i < nb / 2; i++) { + c = *p; + *p++ = *q; + *q-- = c; + } + *out += nb; + /* Pad with zeroes if we have to */ + if (len > 0) { + len -= nb; + if (len > 0) { + memset(*out, 0, len); + *out += len; + } + } +} + + +static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *magic); +static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *magic); + +static void write_rsa(unsigned char **out, RSA *rsa, int ispub); +static void write_dsa(unsigned char **out, DSA *dsa, int ispub); + +static int +do_i2b(unsigned char **out, EVP_PKEY *pk, int ispub) +{ + unsigned char *p; + unsigned int bitlen, magic = 0, keyalg; + int outlen, noinc = 0; + + if (pk->type == EVP_PKEY_DSA) { + bitlen = check_bitlen_dsa(pk->pkey.dsa, ispub, &magic); + keyalg = MS_KEYALG_DSS_SIGN; + } else if (pk->type == EVP_PKEY_RSA) { + bitlen = check_bitlen_rsa(pk->pkey.rsa, ispub, &magic); + keyalg = MS_KEYALG_RSA_KEYX; + } else + return -1; + if (bitlen == 0) + return -1; + outlen = 16 + blob_length(bitlen, + keyalg == MS_KEYALG_DSS_SIGN ? 1 : 0, ispub); + if (out == NULL) + return outlen; + if (*out) + p = *out; + else { + p = malloc(outlen); + if (!p) + return -1; + *out = p; + noinc = 1; + } + if (ispub) + *p++ = MS_PUBLICKEYBLOB; + else + *p++ = MS_PRIVATEKEYBLOB; + *p++ = 0x2; + *p++ = 0; + *p++ = 0; + write_ledword(&p, keyalg); + write_ledword(&p, magic); + write_ledword(&p, bitlen); + if (keyalg == MS_KEYALG_DSS_SIGN) + write_dsa(&p, pk->pkey.dsa, ispub); + else + write_rsa(&p, pk->pkey.rsa, ispub); + if (!noinc) + *out += outlen; + return outlen; +} + +static int +do_i2b_bio(BIO *out, EVP_PKEY *pk, int ispub) +{ + unsigned char *tmp = NULL; + int outlen, wrlen; + + outlen = do_i2b(&tmp, pk, ispub); + if (outlen < 0) + return -1; + wrlen = BIO_write(out, tmp, outlen); + free(tmp); + if (wrlen == outlen) + return outlen; + return -1; +} + +static int +check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *pmagic) +{ + int bitlen; + + bitlen = BN_num_bits(dsa->p); + if ((bitlen & 7) || (BN_num_bits(dsa->q) != 160) || + (BN_num_bits(dsa->g) > bitlen)) + goto badkey; + if (ispub) { + if (BN_num_bits(dsa->pub_key) > bitlen) + goto badkey; + *pmagic = MS_DSS1MAGIC; + } else { + if (BN_num_bits(dsa->priv_key) > 160) + goto badkey; + *pmagic = MS_DSS2MAGIC; + } + + return bitlen; + +badkey: + PEMerror(PEM_R_UNSUPPORTED_KEY_COMPONENTS); + return 0; +} + +static int +check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *pmagic) +{ + int nbyte, hnbyte, bitlen; + + if (BN_num_bits(rsa->e) > 32) + goto badkey; + bitlen = BN_num_bits(rsa->n); + nbyte = BN_num_bytes(rsa->n); + hnbyte = (BN_num_bits(rsa->n) + 15) >> 4; + if (ispub) { + *pmagic = MS_RSA1MAGIC; + return bitlen; + } else { + *pmagic = MS_RSA2MAGIC; + /* For private key each component must fit within nbyte or + * hnbyte. + */ + if (BN_num_bytes(rsa->d) > nbyte) + goto badkey; + if ((BN_num_bytes(rsa->iqmp) > hnbyte) || + (BN_num_bytes(rsa->p) > hnbyte) || + (BN_num_bytes(rsa->q) > hnbyte) || + (BN_num_bytes(rsa->dmp1) > hnbyte) || + (BN_num_bytes(rsa->dmq1) > hnbyte)) + goto badkey; + } + return bitlen; + +badkey: + PEMerror(PEM_R_UNSUPPORTED_KEY_COMPONENTS); + return 0; +} + +static void +write_rsa(unsigned char **out, RSA *rsa, int ispub) +{ + int nbyte, hnbyte; + + nbyte = BN_num_bytes(rsa->n); + hnbyte = (BN_num_bits(rsa->n) + 15) >> 4; + write_lebn(out, rsa->e, 4); + write_lebn(out, rsa->n, -1); + if (ispub) + return; + write_lebn(out, rsa->p, hnbyte); + write_lebn(out, rsa->q, hnbyte); + write_lebn(out, rsa->dmp1, hnbyte); + write_lebn(out, rsa->dmq1, hnbyte); + write_lebn(out, rsa->iqmp, hnbyte); + write_lebn(out, rsa->d, nbyte); +} + +static void +write_dsa(unsigned char **out, DSA *dsa, int ispub) +{ + int nbyte; + + nbyte = BN_num_bytes(dsa->p); + write_lebn(out, dsa->p, nbyte); + write_lebn(out, dsa->q, 20); + write_lebn(out, dsa->g, nbyte); + if (ispub) + write_lebn(out, dsa->pub_key, nbyte); + else + write_lebn(out, dsa->priv_key, 20); + /* Set "invalid" for seed structure values */ + memset(*out, 0xff, 24); + *out += 24; + return; +} + +int +i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk) +{ + return do_i2b_bio(out, pk, 0); +} + +int +i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk) +{ + return do_i2b_bio(out, pk, 1); +} + +#ifndef OPENSSL_NO_RC4 + +static int +do_PVK_header(const unsigned char **in, unsigned int length, int skip_magic, + unsigned int *psaltlen, unsigned int *pkeylen) +{ + const unsigned char *p = *in; + unsigned int pvk_magic, is_encrypted; + + if (skip_magic) { + if (length < 20) { + PEMerror(PEM_R_PVK_TOO_SHORT); + return 0; + } + length -= 20; + } else { + if (length < 24) { + PEMerror(PEM_R_PVK_TOO_SHORT); + return 0; + } + length -= 24; + pvk_magic = read_ledword(&p); + if (pvk_magic != MS_PVKMAGIC) { + PEMerror(PEM_R_BAD_MAGIC_NUMBER); + return 0; + } + } + /* Skip reserved */ + p += 4; + /*keytype = */read_ledword(&p); + is_encrypted = read_ledword(&p); + *psaltlen = read_ledword(&p); + *pkeylen = read_ledword(&p); + if (*psaltlen > 65536 || *pkeylen > 65536) { + PEMerror(PEM_R_ERROR_CONVERTING_PRIVATE_KEY); + return 0; + } + + if (is_encrypted && !*psaltlen) { + PEMerror(PEM_R_INCONSISTENT_HEADER); + return 0; + } + + *in = p; + return 1; +} + +static int +derive_pvk_key(unsigned char *key, const unsigned char *salt, + unsigned int saltlen, const unsigned char *pass, int passlen) +{ + EVP_MD_CTX mctx; + int rv = 1; + + EVP_MD_CTX_init(&mctx); + if (!EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL) || + !EVP_DigestUpdate(&mctx, salt, saltlen) || + !EVP_DigestUpdate(&mctx, pass, passlen) || + !EVP_DigestFinal_ex(&mctx, key, NULL)) + rv = 0; + + EVP_MD_CTX_cleanup(&mctx); + return rv; +} + +static EVP_PKEY * +do_PVK_body(const unsigned char **in, unsigned int saltlen, + unsigned int keylen, pem_password_cb *cb, void *u) +{ + EVP_PKEY *ret = NULL; + const unsigned char *p = *in; + unsigned int magic; + unsigned char *enctmp = NULL, *q; + EVP_CIPHER_CTX cctx; + + EVP_CIPHER_CTX_init(&cctx); + if (saltlen) { + char psbuf[PEM_BUFSIZE]; + unsigned char keybuf[20]; + int enctmplen, inlen; + + if (cb) + inlen = cb(psbuf, PEM_BUFSIZE, 0, u); + else + inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u); + if (inlen <= 0) { + PEMerror(PEM_R_BAD_PASSWORD_READ); + goto err; + } + enctmp = malloc(keylen + 8); + if (!enctmp) { + PEMerror(ERR_R_MALLOC_FAILURE); + goto err; + } + if (!derive_pvk_key(keybuf, p, saltlen, (unsigned char *)psbuf, + inlen)) { + goto err; + } + p += saltlen; + /* Copy BLOBHEADER across, decrypt rest */ + memcpy(enctmp, p, 8); + p += 8; + if (keylen < 8) { + PEMerror(PEM_R_PVK_TOO_SHORT); + goto err; + } + inlen = keylen - 8; + q = enctmp + 8; + if (!EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL)) + goto err; + if (!EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen)) + goto err; + if (!EVP_DecryptFinal_ex(&cctx, q + enctmplen, &enctmplen)) + goto err; + magic = read_ledword((const unsigned char **)&q); + if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) { + q = enctmp + 8; + memset(keybuf + 5, 0, 11); + if (!EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, + NULL)) + goto err; + explicit_bzero(keybuf, 20); + if (!EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen)) + goto err; + if (!EVP_DecryptFinal_ex(&cctx, q + enctmplen, + &enctmplen)) + goto err; + magic = read_ledword((const unsigned char **)&q); + if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) { + PEMerror(PEM_R_BAD_DECRYPT); + goto err; + } + } else + explicit_bzero(keybuf, 20); + p = enctmp; + } + + ret = b2i_PrivateKey(&p, keylen); + +err: + EVP_CIPHER_CTX_cleanup(&cctx); + if (enctmp && saltlen) + free(enctmp); + return ret; +} + + +EVP_PKEY * +b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u) +{ + unsigned char pvk_hdr[24], *buf = NULL; + const unsigned char *p; + size_t buflen; + EVP_PKEY *ret = NULL; + unsigned int saltlen, keylen; + + if (BIO_read(in, pvk_hdr, 24) != 24) { + PEMerror(PEM_R_PVK_DATA_TOO_SHORT); + return NULL; + } + p = pvk_hdr; + + if (!do_PVK_header(&p, 24, 0, &saltlen, &keylen)) + return 0; + buflen = keylen + saltlen; + buf = malloc(buflen); + if (!buf) { + PEMerror(ERR_R_MALLOC_FAILURE); + return 0; + } + p = buf; + if (BIO_read(in, buf, buflen) != buflen) { + PEMerror(PEM_R_PVK_DATA_TOO_SHORT); + goto err; + } + ret = do_PVK_body(&p, saltlen, keylen, cb, u); + +err: + freezero(buf, buflen); + return ret; +} + +static int +i2b_PVK(unsigned char **out, EVP_PKEY*pk, int enclevel, pem_password_cb *cb, + void *u) +{ + int outlen = 24, pklen; + unsigned char *p, *salt = NULL; + EVP_CIPHER_CTX cctx; + + EVP_CIPHER_CTX_init(&cctx); + if (enclevel) + outlen += PVK_SALTLEN; + pklen = do_i2b(NULL, pk, 0); + if (pklen < 0) + return -1; + outlen += pklen; + p = malloc(outlen); + if (!p) { + PEMerror(ERR_R_MALLOC_FAILURE); + return -1; + } + + write_ledword(&p, MS_PVKMAGIC); + write_ledword(&p, 0); + if (pk->type == EVP_PKEY_DSA) + write_ledword(&p, MS_KEYTYPE_SIGN); + else + write_ledword(&p, MS_KEYTYPE_KEYX); + write_ledword(&p, enclevel ? 1 : 0); + write_ledword(&p, enclevel ? PVK_SALTLEN : 0); + write_ledword(&p, pklen); + if (enclevel) { + arc4random_buf(p, PVK_SALTLEN); + salt = p; + p += PVK_SALTLEN; + } + do_i2b(&p, pk, 0); + if (enclevel == 0) { + *out = p; + return outlen; + } else { + char psbuf[PEM_BUFSIZE]; + unsigned char keybuf[20]; + int enctmplen, inlen; + if (cb) + inlen = cb(psbuf, PEM_BUFSIZE, 1, u); + else + inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 1, u); + if (inlen <= 0) { + PEMerror(PEM_R_BAD_PASSWORD_READ); + goto error; + } + if (!derive_pvk_key(keybuf, salt, PVK_SALTLEN, + (unsigned char *)psbuf, inlen)) + goto error; + if (enclevel == 1) + memset(keybuf + 5, 0, 11); + p = salt + PVK_SALTLEN + 8; + if (!EVP_EncryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL)) + goto error; + explicit_bzero(keybuf, 20); + if (!EVP_DecryptUpdate(&cctx, p, &enctmplen, p, pklen - 8)) + goto error; + if (!EVP_DecryptFinal_ex(&cctx, p + enctmplen, &enctmplen)) + goto error; + } + EVP_CIPHER_CTX_cleanup(&cctx); + *out = p; + return outlen; + +error: + EVP_CIPHER_CTX_cleanup(&cctx); + free(p); + return -1; +} + +int +i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel, pem_password_cb *cb, void *u) +{ + unsigned char *tmp = NULL; + int outlen, wrlen; + + outlen = i2b_PVK(&tmp, pk, enclevel, cb, u); + if (outlen < 0) + return -1; + wrlen = BIO_write(out, tmp, outlen); + free(tmp); + if (wrlen == outlen) { + PEMerror(PEM_R_BIO_WRITE_FAILURE); + return outlen; + } + return -1; +} + +#endif + +#endif diff --git a/src/lib/libcrypto/perlasm/alpha.pl b/src/lib/libcrypto/perlasm/alpha.pl deleted file mode 100644 index 3dac571743c..00000000000 --- a/src/lib/libcrypto/perlasm/alpha.pl +++ /dev/null @@ -1,434 +0,0 @@ -#!/usr/local/bin/perl - -package alpha; -use Carp qw(croak cluck); - -$label="100"; - -$n_debug=0; -$smear_regs=1; -$reg_alloc=1; - -$align="3"; -$com_start="#"; - -sub main'asm_init_output { @out=(); } -sub main'asm_get_output { return(@out); } -sub main'get_labels { return(@labels); } -sub main'external_label { push(@labels,@_); } - -# General registers - -%regs=( 'r0', '$0', - 'r1', '$1', - 'r2', '$2', - 'r3', '$3', - 'r4', '$4', - 'r5', '$5', - 'r6', '$6', - 'r7', '$7', - 'r8', '$8', - 'r9', '$22', - 'r10', '$23', - 'r11', '$24', - 'r12', '$25', - 'r13', '$27', - 'r14', '$28', - 'r15', '$21', # argc == 5 - 'r16', '$20', # argc == 4 - 'r17', '$19', # argc == 3 - 'r18', '$18', # argc == 2 - 'r19', '$17', # argc == 1 - 'r20', '$16', # argc == 0 - 'r21', '$9', # save 0 - 'r22', '$10', # save 1 - 'r23', '$11', # save 2 - 'r24', '$12', # save 3 - 'r25', '$13', # save 4 - 'r26', '$14', # save 5 - - 'a0', '$16', - 'a1', '$17', - 'a2', '$18', - 'a3', '$19', - 'a4', '$20', - 'a5', '$21', - - 's0', '$9', - 's1', '$10', - 's2', '$11', - 's3', '$12', - 's4', '$13', - 's5', '$14', - 'zero', '$31', - 'sp', '$30', - ); - -$main'reg_s0="r21"; -$main'reg_s1="r22"; -$main'reg_s2="r23"; -$main'reg_s3="r24"; -$main'reg_s4="r25"; -$main'reg_s5="r26"; - -@reg=( '$0', '$1' ,'$2' ,'$3' ,'$4' ,'$5' ,'$6' ,'$7' ,'$8', - '$22','$23','$24','$25','$20','$21','$27','$28'); - - -sub main'sub { &out3("subq",@_); } -sub main'add { &out3("addq",@_); } -sub main'mov { &out3("bis",$_[0],$_[0],$_[1]); } -sub main'or { &out3("bis",@_); } -sub main'bis { &out3("bis",@_); } -sub main'br { &out1("br",@_); } -sub main'ld { &out2("ldq",@_); } -sub main'st { &out2("stq",@_); } -sub main'cmpult { &out3("cmpult",@_); } -sub main'cmplt { &out3("cmplt",@_); } -sub main'bgt { &out2("bgt",@_); } -sub main'ble { &out2("ble",@_); } -sub main'blt { &out2("blt",@_); } -sub main'mul { &out3("mulq",@_); } -sub main'muh { &out3("umulh",@_); } - -$main'QWS=8; - -sub main'asm_add - { - push(@out,@_); - } - -sub main'asm_finish - { - &main'file_end(); - print &main'asm_get_output(); - } - -sub main'asm_init - { - ($type,$fn)=@_; - $filename=$fn; - - &main'asm_init_output(); - &main'comment("Don't even think of reading this code"); - &main'comment("It was automatically generated by $filename"); - &main'comment("Which is a perl program used to generate the alpha assember."); - &main'comment("eric "); - &main'comment(""); - - $filename =~ s/\.pl$//; - &main'file($filename); - } - -sub conv - { - local($r)=@_; - local($v); - - return($regs{$r}) if defined($regs{$r}); - return($r); - } - -sub main'QWPw - { - local($off,$reg)=@_; - - return(&main'QWP($off*8,$reg)); - } - -sub main'QWP - { - local($off,$reg)=@_; - - $ret="$off(".&conv($reg).")"; - return($ret); - } - -sub out3 - { - local($name,$p1,$p2,$p3)=@_; - - $p1=&conv($p1); - $p2=&conv($p2); - $p3=&conv($p3); - push(@out,"\t$name\t"); - $l=length($p1)+1; - push(@out,$p1.","); - $ll=3-($l+9)/8; - $tmp1=sprintf("\t" x $ll); - push(@out,$tmp1); - - $l=length($p2)+1; - push(@out,$p2.","); - $ll=3-($l+9)/8; - $tmp1=sprintf("\t" x $ll); - push(@out,$tmp1); - - push(@out,&conv($p3)."\n"); - } - -sub out2 - { - local($name,$p1,$p2,$p3)=@_; - - $p1=&conv($p1); - $p2=&conv($p2); - push(@out,"\t$name\t"); - $l=length($p1)+1; - push(@out,$p1.","); - $ll=3-($l+9)/8; - $tmp1=sprintf("\t" x $ll); - push(@out,$tmp1); - - push(@out,&conv($p2)."\n"); - } - -sub out1 - { - local($name,$p1)=@_; - - $p1=&conv($p1); - push(@out,"\t$name\t".$p1."\n"); - } - -sub out0 - { - push(@out,"\t$_[0]\n"); - } - -sub main'file - { - local($file)=@_; - - local($tmp)=<<"EOF"; - # DEC Alpha assember - # Generated from perl scripts contains in SSLeay - .file 1 "$file.s" - .set noat -EOF - push(@out,$tmp); - } - -sub main'function_begin - { - local($func)=@_; - -print STDERR "$func\n"; - local($tmp)=<<"EOF"; - .text - .align $align - .globl $func - .ent $func -${func}: -${func}..ng: - .frame \$30,0,\$26,0 - .prologue 0 -EOF - push(@out,$tmp); - $stack=0; - } - -sub main'function_end - { - local($func)=@_; - - local($tmp)=<<"EOF"; - ret \$31,(\$26),1 - .end $func -EOF - push(@out,$tmp); - $stack=0; - %label=(); - } - -sub main'function_end_A - { - local($func)=@_; - - local($tmp)=<<"EOF"; - ret \$31,(\$26),1 -EOF - push(@out,$tmp); - } - -sub main'function_end_B - { - local($func)=@_; - - $func=$under.$func; - - push(@out,"\t.end $func\n"); - $stack=0; - %label=(); - } - -sub main'wparam - { - local($num)=@_; - - if ($num < 6) - { - $num=20-$num; - return("r$num"); - } - else - { return(&main'QWP($stack+$num*8,"sp")); } - } - -sub main'stack_push - { - local($num)=@_; - $stack+=$num*8; - &main'sub("sp",$num*8,"sp"); - } - -sub main'stack_pop - { - local($num)=@_; - $stack-=$num*8; - &main'add("sp",$num*8,"sp"); - } - -sub main'swtmp - { - return(&main'QWP(($_[0])*8,"sp")); - } - -# Should use swtmp, which is above sp. Linix can trash the stack above esp -#sub main'wtmp -# { -# local($num)=@_; -# -# return(&main'QWP(-($num+1)*4,"esp","",0)); -# } - -sub main'comment - { - foreach (@_) - { - if (/^\s*$/) - { push(@out,"\n"); } - else - { push(@out,"\t$com_start $_ $com_end\n"); } - } - } - -sub main'label - { - if (!defined($label{$_[0]})) - { - $label{$_[0]}=$label; - $label++; - } - return('$'.$label{$_[0]}); - } - -sub main'set_label - { - if (!defined($label{$_[0]})) - { - $label{$_[0]}=$label; - $label++; - } -# push(@out,".align $align\n") if ($_[1] != 0); - push(@out,'$'."$label{$_[0]}:\n"); - } - -sub main'file_end - { - } - -sub main'data_word - { - push(@out,"\t.long $_[0]\n"); - } - -@pool_free=(); -@pool_taken=(); -$curr_num=0; -$max=0; - -sub main'init_pool - { - local($args)=@_; - local($i); - - @pool_free=(); - for ($i=(14+(6-$args)); $i >= 0; $i--) - { - push(@pool_free,"r$i"); - } - print STDERR "START :register pool:@pool_free\n"; - $curr_num=$max=0; - } - -sub main'fin_pool - { - printf STDERR "END %2d:register pool:@pool_free\n",$max; - } - -sub main'GR - { - local($r)=@_; - local($i,@n,$_); - - foreach (@pool_free) - { - if ($r ne $_) - { push(@n,$_); } - else - { - $curr_num++; - $max=$curr_num if ($curr_num > $max); - } - } - @pool_free=@n; -print STDERR "GR:@pool_free\n" if $reg_alloc; - return(@_); - } - -sub main'NR - { - local($num)=@_; - local(@ret); - - $num=1 if $num == 0; - ($#pool_free >= ($num-1)) || croak "out of registers: want $num, have @pool_free"; - while ($num > 0) - { - push(@ret,pop @pool_free); - $curr_num++; - $max=$curr_num if ($curr_num > $max); - $num-- - } - print STDERR "nr @ret\n" if $n_debug; -print STDERR "NR:@pool_free\n" if $reg_alloc; - return(@ret); - - } - -sub main'FR - { - local(@r)=@_; - local(@a,$v,$w); - - print STDERR "fr @r\n" if $n_debug; -# cluck "fr @r"; - for $w (@pool_free) - { - foreach $v (@r) - { - croak "double register free of $v (@pool_free)" if $w eq $v; - } - } - foreach $v (@r) - { - croak "bad argument to FR" if ($v !~ /^r\d+$/); - if ($smear_regs) - { unshift(@pool_free,$v); } - else { push(@pool_free,$v); } - $curr_num--; - } -print STDERR "FR:@pool_free\n" if $reg_alloc; - } -1; diff --git a/src/lib/libcrypto/perlasm/cbc.pl b/src/lib/libcrypto/perlasm/cbc.pl index 0145c4f0cc6..24561e759ab 100644 --- a/src/lib/libcrypto/perlasm/cbc.pl +++ b/src/lib/libcrypto/perlasm/cbc.pl @@ -146,13 +146,18 @@ sub cbc &mov($count, &wparam(2)); # length &and($count, 7); &jz(&label("finish")); + &call(&label("PIC_point")); +&set_label("PIC_point"); + &blindpop("edx"); + &lea("ecx",&DWP(&label("cbc_enc_jmp_table")."-".&label("PIC_point"),"edx")); + &mov($count,&DWP(0,"ecx",$count,4)); + &add($count,"edx"); &xor("ecx","ecx"); &xor("edx","edx"); - &mov($count,&DWP(&label("cbc_enc_jmp_table"),"",$count,4)); + #&mov($count,&DWP(&label("cbc_enc_jmp_table"),"",$count,4)); &jmp_ptr($count); &set_label("ej7"); - &xor("edx", "edx") if $ppro; # ppro friendly &movb(&HB("edx"), &BP(6,$in,"",0)); &shl("edx",8); &set_label("ej6"); @@ -164,7 +169,6 @@ sub cbc &jmp(&label("ejend")); &set_label("ej3"); &movb(&HB("ecx"), &BP(2,$in,"",0)); - &xor("ecx", "ecx") if $ppro; # ppro friendly &shl("ecx",8); &set_label("ej2"); &movb(&HB("ecx"), &BP(1,$in,"",0)); @@ -316,24 +320,27 @@ sub cbc &function_end_A($name); - &set_label("cbc_enc_jmp_table",1); + &align(64); + &set_label("cbc_enc_jmp_table"); &data_word("0"); - &data_word(&label("ej1")); - &data_word(&label("ej2")); - &data_word(&label("ej3")); - &data_word(&label("ej4")); - &data_word(&label("ej5")); - &data_word(&label("ej6")); - &data_word(&label("ej7")); - &set_label("cbc_dec_jmp_table",1); - &data_word("0"); - &data_word(&label("dj1")); - &data_word(&label("dj2")); - &data_word(&label("dj3")); - &data_word(&label("dj4")); - &data_word(&label("dj5")); - &data_word(&label("dj6")); - &data_word(&label("dj7")); + &data_word(&label("ej1")."-".&label("PIC_point")); + &data_word(&label("ej2")."-".&label("PIC_point")); + &data_word(&label("ej3")."-".&label("PIC_point")); + &data_word(&label("ej4")."-".&label("PIC_point")); + &data_word(&label("ej5")."-".&label("PIC_point")); + &data_word(&label("ej6")."-".&label("PIC_point")); + &data_word(&label("ej7")."-".&label("PIC_point")); + # not used + #&set_label("cbc_dec_jmp_table",1); + #&data_word("0"); + #&data_word(&label("dj1")."-".&label("PIC_point")); + #&data_word(&label("dj2")."-".&label("PIC_point")); + #&data_word(&label("dj3")."-".&label("PIC_point")); + #&data_word(&label("dj4")."-".&label("PIC_point")); + #&data_word(&label("dj5")."-".&label("PIC_point")); + #&data_word(&label("dj6")."-".&label("PIC_point")); + #&data_word(&label("dj7")."-".&label("PIC_point")); + &align(64); &function_end_B($name); diff --git a/src/lib/libcrypto/perlasm/ppc-xlate.pl b/src/lib/libcrypto/perlasm/ppc-xlate.pl new file mode 100755 index 00000000000..a3edd982b66 --- /dev/null +++ b/src/lib/libcrypto/perlasm/ppc-xlate.pl @@ -0,0 +1,159 @@ +#!/usr/bin/env perl + +# PowerPC assembler distiller by . + +my $flavour = shift; +my $output = shift; +open STDOUT,">$output" || die "can't open $output: $!"; + +my %GLOBALS; +my $dotinlocallabels=($flavour=~/linux/)?1:0; + +################################################################ +# directives which need special treatment on different platforms +################################################################ +my $globl = sub { + my $junk = shift; + my $name = shift; + my $global = \$GLOBALS{$name}; + my $ret; + + $name =~ s|^[\.\_]||; + + SWITCH: for ($flavour) { + /aix/ && do { $name = ".$name"; + last; + }; + /osx/ && do { $name = "_$name"; + last; + }; + /linux.*32/ && do { $ret .= ".globl $name\n"; + $ret .= ".type $name,\@function"; + last; + }; + /linux.*64/ && do { $ret .= ".globl $name\n"; + $ret .= ".type $name,\@function\n"; + $ret .= ".section \".opd\",\"aw\"\n"; + $ret .= ".align 3\n"; + $ret .= "$name:\n"; + $ret .= ".quad .$name,.TOC.\@tocbase,0\n"; + $ret .= ".size $name,24\n"; + $ret .= ".previous\n"; + + $name = ".$name"; + last; + }; + } + + $ret = ".globl $name" if (!$ret); + $$global = $name; + $ret; +}; +my $text = sub { + ($flavour =~ /aix/) ? ".csect" : ".text"; +}; +my $machine = sub { + my $junk = shift; + my $arch = shift; + if ($flavour =~ /osx/) + { $arch =~ s/\"//g; + $arch = ($flavour=~/64/) ? "ppc970-64" : "ppc970" if ($arch eq "any"); + } + ".machine $arch"; +}; +my $size = sub { + if ($flavour =~ /linux.*32/) + { shift; + ".size " . join(",",@_); + } + else + { ""; } +}; +my $asciz = sub { + shift; + my $line = join(",",@_); + if ($line =~ /^"(.*)"$/) + { ".byte " . join(",",unpack("C*",$1),0) . "\n.align 2"; } + else + { ""; } +}; + +################################################################ +# simplified mnemonics not handled by at least one assembler +################################################################ +my $cmplw = sub { + my $f = shift; + my $cr = 0; $cr = shift if ($#_>1); + # Some out-of-date 32-bit GNU assembler just can't handle cmplw... + ($flavour =~ /linux.*32/) ? + " .long ".sprintf "0x%x",31<<26|$cr<<23|$_[0]<<16|$_[1]<<11|64 : + " cmplw ".join(',',$cr,@_); +}; +my $bdnz = sub { + my $f = shift; + my $bo = $f=~/[\+\-]/ ? 16+9 : 16; # optional "to be taken" hint + " bc $bo,0,".shift; +} if ($flavour!~/linux/); +my $bltlr = sub { + my $f = shift; + my $bo = $f=~/\-/ ? 12+2 : 12; # optional "not to be taken" hint + ($flavour =~ /linux/) ? # GNU as doesn't allow most recent hints + " .long ".sprintf "0x%x",19<<26|$bo<<21|16<<1 : + " bclr $bo,0"; +}; +my $bnelr = sub { + my $f = shift; + my $bo = $f=~/\-/ ? 4+2 : 4; # optional "not to be taken" hint + ($flavour =~ /linux/) ? # GNU as doesn't allow most recent hints + " .long ".sprintf "0x%x",19<<26|$bo<<21|2<<16|16<<1 : + " bclr $bo,2"; +}; +my $beqlr = sub { + my $f = shift; + my $bo = $f=~/-/ ? 12+2 : 12; # optional "not to be taken" hint + ($flavour =~ /linux/) ? # GNU as doesn't allow most recent hints + " .long ".sprintf "0x%X",19<<26|$bo<<21|2<<16|16<<1 : + " bclr $bo,2"; +}; +# GNU assembler can't handle extrdi rA,rS,16,48, or when sum of last two +# arguments is 64, with "operand out of range" error. +my $extrdi = sub { + my ($f,$ra,$rs,$n,$b) = @_; + $b = ($b+$n)&63; $n = 64-$n; + " rldicl $ra,$rs,$b,$n"; +}; + +while($line=<>) { + + $line =~ s|[#!;].*$||; # get rid of asm-style comments... + $line =~ s|/\*.*\*/||; # ... and C-style comments... + $line =~ s|^\s+||; # ... and skip white spaces in beginning... + $line =~ s|\s+$||; # ... and at the end + + { + $line =~ s|\b\.L(\w+)|L$1|g; # common denominator for Locallabel + $line =~ s|\bL(\w+)|\.L$1|g if ($dotinlocallabels); + } + + { + $line =~ s|(^[\.\w]+)\:\s*||; + my $label = $1; + printf "%s:",($GLOBALS{$label} or $label) if ($label); + } + + { + $line =~ s|^\s*(\.?)(\w+)([\.\+\-]?)\s*||; + my $c = $1; $c = "\t" if ($c eq ""); + my $mnemonic = $2; + my $f = $3; + my $opcode = eval("\$$mnemonic"); + $line =~ s|\bc?[rf]([0-9]+)\b|$1|g if ($c ne "." and $flavour !~ /osx/); + if (ref($opcode) eq 'CODE') { $line = &$opcode($f,split(',',$line)); } + elsif ($mnemonic) { $line = $c.$mnemonic.$f."\t".$line; } + } + + print $line if ($line); + print "\n"; +} + +close STDOUT; diff --git a/src/lib/libcrypto/perlasm/readme b/src/lib/libcrypto/perlasm/readme index f02bbee75a1..57d61fda1ee 100644 --- a/src/lib/libcrypto/perlasm/readme +++ b/src/lib/libcrypto/perlasm/readme @@ -7,7 +7,7 @@ and then include it. push(@INC,"perlasm","../../perlasm"); require "x86asm.pl"; -The first thing we do is setup the file and type of assember +The first thing we do is setup the file and type of assembler &asm_init($ARGV[0],$0); diff --git a/src/lib/libcrypto/perlasm/x86_64-xlate.pl b/src/lib/libcrypto/perlasm/x86_64-xlate.pl new file mode 100755 index 00000000000..5f7f5855490 --- /dev/null +++ b/src/lib/libcrypto/perlasm/x86_64-xlate.pl @@ -0,0 +1,1077 @@ +#!/usr/bin/env perl + +# Ascetic x86_64 AT&T to MASM/NASM assembler translator by . +# +# Why AT&T to MASM and not vice versa? Several reasons. Because AT&T +# format is way easier to parse. Because it's simpler to "gear" from +# Unix ABI to Windows one [see cross-reference "card" at the end of +# file]. Because Linux targets were available first... +# +# In addition the script also "distills" code suitable for GNU +# assembler, so that it can be compiled with more rigid assemblers, +# such as Solaris /usr/ccs/bin/as. +# +# This translator is not designed to convert *arbitrary* assembler +# code from AT&T format to MASM one. It's designed to convert just +# enough to provide for dual-ABI OpenSSL modules development... +# There *are* limitations and you might have to modify your assembler +# code or this script to achieve the desired result... +# +# Currently recognized limitations: +# +# - can't use multiple ops per line; +# +# Dual-ABI styling rules. +# +# 1. Adhere to Unix register and stack layout [see cross-reference +# ABI "card" at the end for explanation]. +# 2. Forget about "red zone," stick to more traditional blended +# stack frame allocation. If volatile storage is actually required +# that is. If not, just leave the stack as is. +# 3. Functions tagged with ".type name,@function" get crafted with +# unified Win64 prologue and epilogue automatically. If you want +# to take care of ABI differences yourself, tag functions as +# ".type name,@abi-omnipotent" instead. +# 4. To optimize the Win64 prologue you can specify number of input +# arguments as ".type name,@function,N." Keep in mind that if N is +# larger than 6, then you *have to* write "abi-omnipotent" code, +# because >6 cases can't be addressed with unified prologue. +# 5. Name local labels as .L*, do *not* use dynamic labels such as 1: +# (sorry about latter). +# 6. Don't use [or hand-code with .byte] "rep ret." "ret" mnemonic is +# required to identify the spots, where to inject Win64 epilogue! +# But on the pros, it's then prefixed with rep automatically:-) +# 7. Stick to explicit ip-relative addressing. If you have to use +# GOTPCREL addressing, stick to mov symbol@GOTPCREL(%rip),%r??. +# Both are recognized and translated to proper Win64 addressing +# modes. To support legacy code a synthetic directive, .picmeup, +# is implemented. It puts address of the *next* instruction into +# target register, e.g.: +# +# .picmeup %rax +# lea .Label-.(%rax),%rax +# +# 8. In order to provide for structured exception handling unified +# Win64 prologue copies %rsp value to %rax. For further details +# see SEH paragraph at the end. +# 9. .init segment is allowed to contain calls to functions only. +# a. If function accepts more than 4 arguments *and* >4th argument +# is declared as non 64-bit value, do clear its upper part. + +my $flavour = shift; +my $output = shift; +if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } + +open STDOUT,">$output" || die "can't open $output: $!" + if (defined($output)); + +my $gas=1; $gas=0 if ($output =~ /\.asm$/); +my $elf=1; $elf=0 if (!$gas); +my $win64=0; +my $prefix=""; +my $decor=".L"; + +my $masmref=8 + 50727*2**-32; # 8.00.50727 shipped with VS2005 +my $masm=0; +my $PTR=" PTR"; + +my $nasmref=2.03; +my $nasm=0; + +if ($flavour eq "mingw64") { $gas=1; $elf=0; $win64=1; + $prefix=`echo __USER_LABEL_PREFIX__ | $ENV{CC} -E -P -`; + chomp($prefix); + } +elsif ($flavour eq "macosx") { $gas=1; $elf=0; $prefix="_"; $decor="L\$"; } +elsif ($flavour eq "masm") { $gas=0; $elf=0; $masm=$masmref; $win64=1; $decor="\$L\$"; } +elsif ($flavour eq "nasm") { $gas=0; $elf=0; $nasm=$nasmref; $win64=1; $decor="\$L\$"; $PTR=""; } +elsif (!$gas) +{ if ($ENV{ASM} =~ m/nasm/ && `nasm -v` =~ m/version ([0-9]+)\.([0-9]+)/i) + { $nasm = $1 + $2*0.01; $PTR=""; } + elsif (`ml64 2>&1` =~ m/Version ([0-9]+)\.([0-9]+)(\.([0-9]+))?/) + { $masm = $1 + $2*2**-16 + $4*2**-32; } + die "no assembler found on %PATH" if (!($nasm || $masm)); + $win64=1; + $elf=0; + $decor="\$L\$"; +} + +my $current_segment; +my $current_function; +my %globals; + +{ package opcode; # pick up opcodes + sub re { + my $self = shift; # single instance in enough... + local *line = shift; + undef $ret; + + if ($line =~ /^([a-z][a-z0-9]*)/i) { + $self->{op} = $1; + $ret = $self; + $line = substr($line,@+[0]); $line =~ s/^\s+//; + + undef $self->{sz}; + if ($self->{op} =~ /^(movz)x?([bw]).*/) { # movz is pain... + $self->{op} = $1; + $self->{sz} = $2; + } elsif ($self->{op} =~ /call|jmp/) { + $self->{sz} = ""; + } elsif ($self->{op} =~ /^p/ && $' !~ /^(ush|op|insrw)/) { # SSEn + $self->{sz} = ""; + } elsif ($self->{op} =~ /^v/) { # VEX + $self->{sz} = ""; + } elsif ($self->{op} =~ /mov[dq]/ && $line =~ /%xmm/) { + $self->{sz} = ""; + } elsif ($self->{op} =~ /([a-z]{3,})([qlwb])$/) { + $self->{op} = $1; + $self->{sz} = $2; + } + } + $ret; + } + sub size { + my $self = shift; + my $sz = shift; + $self->{sz} = $sz if (defined($sz) && !defined($self->{sz})); + $self->{sz}; + } + sub out { + my $self = shift; + if ($gas) { + if ($self->{op} eq "movz") { # movz is pain... + sprintf "%s%s%s",$self->{op},$self->{sz},shift; + } elsif ($self->{op} =~ /^set/) { + "$self->{op}"; + } elsif ($self->{op} eq "ret") { + my $epilogue = ""; + if ($win64 && $current_function->{abi} eq "svr4") { + $epilogue = "movq 8(%rsp),%rdi\n\t" . + "movq 16(%rsp),%rsi\n\t"; + } + $epilogue . "retq"; + } elsif ($self->{op} eq "call" && !$elf && $current_segment eq ".init") { + ".p2align\t3\n\t.quad"; + } else { + "$self->{op}$self->{sz}"; + } + } else { + $self->{op} =~ s/^movz/movzx/; + if ($self->{op} eq "ret") { + $self->{op} = ""; + if ($win64 && $current_function->{abi} eq "svr4") { + $self->{op} = "mov rdi,QWORD${PTR}[8+rsp]\t;WIN64 epilogue\n\t". + "mov rsi,QWORD${PTR}[16+rsp]\n\t"; + } + $self->{op} .= "DB\t0F3h,0C3h\t\t;repret"; + } elsif ($self->{op} =~ /^(pop|push)f/) { + $self->{op} .= $self->{sz}; + } elsif ($self->{op} eq "call" && $current_segment eq ".CRT\$XCU") { + $self->{op} = "\tDQ"; + } + $self->{op}; + } + } + sub mnemonic { + my $self=shift; + my $op=shift; + $self->{op}=$op if (defined($op)); + $self->{op}; + } +} +{ package const; # pick up constants, which start with $ + sub re { + my $self = shift; # single instance in enough... + local *line = shift; + undef $ret; + + if ($line =~ /^\$([^,]+)/) { + $self->{value} = $1; + $ret = $self; + $line = substr($line,@+[0]); $line =~ s/^\s+//; + } + $ret; + } + sub out { + my $self = shift; + + if ($gas) { + # Solaris /usr/ccs/bin/as can't handle multiplications + # in $self->{value} + $self->{value} =~ s/(?{value} =~ s/([0-9]+\s*[\*\/\%]\s*[0-9]+)/eval($1)/eg; + sprintf "\$%s",$self->{value}; + } else { + $self->{value} =~ s/(0b[0-1]+)/oct($1)/eig; + $self->{value} =~ s/0x([0-9a-f]+)/0$1h/ig if ($masm); + sprintf "%s",$self->{value}; + } + } +} +{ package ea; # pick up effective addresses: expr(%reg,%reg,scale) + sub re { + my $self = shift; # single instance in enough... + local *line = shift; + undef $ret; + + # optional * ---vvv--- appears in indirect jmp/call + if ($line =~ /^(\*?)([^\(,]*)\(([%\w,]+)\)/) { + $self->{asterisk} = $1; + $self->{label} = $2; + ($self->{base},$self->{index},$self->{scale})=split(/,/,$3); + $self->{scale} = 1 if (!defined($self->{scale})); + $ret = $self; + $line = substr($line,@+[0]); $line =~ s/^\s+//; + + if ($win64 && $self->{label} =~ s/\@GOTPCREL//) { + die if (opcode->mnemonic() ne "mov"); + opcode->mnemonic("lea"); + } + $self->{base} =~ s/^%//; + $self->{index} =~ s/^%// if (defined($self->{index})); + } + $ret; + } + sub size {} + sub out { + my $self = shift; + my $sz = shift; + + $self->{label} =~ s/([_a-z][_a-z0-9]*)/$globals{$1} or $1/gei; + $self->{label} =~ s/\.L/$decor/g; + + # Silently convert all EAs to 64-bit. This is required for + # elder GNU assembler and results in more compact code, + # *but* most importantly AES module depends on this feature! + $self->{index} =~ s/^[er](.?[0-9xpi])[d]?$/r\1/; + $self->{base} =~ s/^[er](.?[0-9xpi])[d]?$/r\1/; + + # Solaris /usr/ccs/bin/as can't handle multiplications + # in $self->{label}, new gas requires sign extension... + use integer; + $self->{label} =~ s/(?{label} =~ s/([0-9]+\s*[\*\/\%]\s*[0-9]+)/eval($1)/eg; + $self->{label} =~ s/([0-9]+)/$1<<32>>32/eg; + + if ($gas) { + $self->{label} =~ s/^___imp_/__imp__/ if ($flavour eq "mingw64"); + + if (defined($self->{index})) { + sprintf "%s%s(%s,%%%s,%d)",$self->{asterisk}, + $self->{label}, + $self->{base}?"%$self->{base}":"", + $self->{index},$self->{scale}; + } else { + sprintf "%s%s(%%%s)", $self->{asterisk},$self->{label},$self->{base}; + } + } else { + %szmap = ( b=>"BYTE$PTR", w=>"WORD$PTR", l=>"DWORD$PTR", + q=>"QWORD$PTR",o=>"OWORD$PTR",x=>"XMMWORD$PTR" ); + + $self->{label} =~ s/\./\$/g; + $self->{label} =~ s/(?{label} = "($self->{label})" if ($self->{label} =~ /[\*\+\-\/]/); + $sz="q" if ($self->{asterisk} || opcode->mnemonic() eq "movq"); + $sz="l" if (opcode->mnemonic() eq "movd"); + + if (defined($self->{index})) { + sprintf "%s[%s%s*%d%s]",$szmap{$sz}, + $self->{label}?"$self->{label}+":"", + $self->{index},$self->{scale}, + $self->{base}?"+$self->{base}":""; + } elsif ($self->{base} eq "rip") { + sprintf "%s[%s]",$szmap{$sz},$self->{label}; + } else { + sprintf "%s[%s%s]",$szmap{$sz}, + $self->{label}?"$self->{label}+":"", + $self->{base}; + } + } + } +} +{ package register; # pick up registers, which start with %. + sub re { + my $class = shift; # muliple instances... + my $self = {}; + local *line = shift; + undef $ret; + + # optional * ---vvv--- appears in indirect jmp/call + if ($line =~ /^(\*?)%(\w+)/) { + bless $self,$class; + $self->{asterisk} = $1; + $self->{value} = $2; + $ret = $self; + $line = substr($line,@+[0]); $line =~ s/^\s+//; + } + $ret; + } + sub size { + my $self = shift; + undef $ret; + + if ($self->{value} =~ /^r[\d]+b$/i) { $ret="b"; } + elsif ($self->{value} =~ /^r[\d]+w$/i) { $ret="w"; } + elsif ($self->{value} =~ /^r[\d]+d$/i) { $ret="l"; } + elsif ($self->{value} =~ /^r[\w]+$/i) { $ret="q"; } + elsif ($self->{value} =~ /^[a-d][hl]$/i){ $ret="b"; } + elsif ($self->{value} =~ /^[\w]{2}l$/i) { $ret="b"; } + elsif ($self->{value} =~ /^[\w]{2}$/i) { $ret="w"; } + elsif ($self->{value} =~ /^e[a-z]{2}$/i){ $ret="l"; } + + $ret; + } + sub out { + my $self = shift; + if ($gas) { sprintf "%s%%%s",$self->{asterisk},$self->{value}; } + else { $self->{value}; } + } +} +{ package label; # pick up labels, which end with : + sub re { + my $self = shift; # single instance is enough... + local *line = shift; + undef $ret; + + if ($line =~ /(^[\.\w]+)\:/) { + $self->{value} = $1; + $ret = $self; + $line = substr($line,@+[0]); $line =~ s/^\s+//; + + $self->{value} =~ s/^\.L/$decor/; + } + $ret; + } + sub out { + my $self = shift; + + if ($gas) { + my $func = ($globals{$self->{value}} or $self->{value}) . ":"; + if ($win64 && + $current_function->{name} eq $self->{value} && + $current_function->{abi} eq "svr4") { + $func .= "\n"; + $func .= " movq %rdi,8(%rsp)\n"; + $func .= " movq %rsi,16(%rsp)\n"; + $func .= " movq %rsp,%rax\n"; + $func .= "${decor}SEH_begin_$current_function->{name}:\n"; + my $narg = $current_function->{narg}; + $narg=6 if (!defined($narg)); + $func .= " movq %rcx,%rdi\n" if ($narg>0); + $func .= " movq %rdx,%rsi\n" if ($narg>1); + $func .= " movq %r8,%rdx\n" if ($narg>2); + $func .= " movq %r9,%rcx\n" if ($narg>3); + $func .= " movq 40(%rsp),%r8\n" if ($narg>4); + $func .= " movq 48(%rsp),%r9\n" if ($narg>5); + } + $func; + } elsif ($self->{value} ne "$current_function->{name}") { + $self->{value} .= ":" if ($masm && $ret!~m/^\$/); + $self->{value} . ":"; + } elsif ($win64 && $current_function->{abi} eq "svr4") { + my $func = "$current_function->{name}" . + ($nasm ? ":" : "\tPROC $current_function->{scope}") . + "\n"; + $func .= " mov QWORD${PTR}[8+rsp],rdi\t;WIN64 prologue\n"; + $func .= " mov QWORD${PTR}[16+rsp],rsi\n"; + $func .= " mov rax,rsp\n"; + $func .= "${decor}SEH_begin_$current_function->{name}:"; + $func .= ":" if ($masm); + $func .= "\n"; + my $narg = $current_function->{narg}; + $narg=6 if (!defined($narg)); + $func .= " mov rdi,rcx\n" if ($narg>0); + $func .= " mov rsi,rdx\n" if ($narg>1); + $func .= " mov rdx,r8\n" if ($narg>2); + $func .= " mov rcx,r9\n" if ($narg>3); + $func .= " mov r8,QWORD${PTR}[40+rsp]\n" if ($narg>4); + $func .= " mov r9,QWORD${PTR}[48+rsp]\n" if ($narg>5); + $func .= "\n"; + } else { + "$current_function->{name}". + ($nasm ? ":" : "\tPROC $current_function->{scope}"); + } + } +} +{ package expr; # pick up expressions + sub re { + my $self = shift; # single instance is enough... + local *line = shift; + undef $ret; + + if ($line =~ /(^[^,]+)/) { + $self->{value} = $1; + $ret = $self; + $line = substr($line,@+[0]); $line =~ s/^\s+//; + + $self->{value} =~ s/\@PLT// if (!$elf); + $self->{value} =~ s/([_a-z][_a-z0-9]*)/$globals{$1} or $1/gei; + $self->{value} =~ s/\.L/$decor/g; + } + $ret; + } + sub out { + my $self = shift; + if ($nasm && opcode->mnemonic()=~m/^j/) { + "NEAR ".$self->{value}; + } else { + $self->{value}; + } + } +} +{ package directive; # pick up directives, which start with . + sub re { + my $self = shift; # single instance is enough... + local *line = shift; + undef $ret; + my $dir; + my %opcode = # lea 2f-1f(%rip),%dst; 1: nop; 2: + ( "%rax"=>0x01058d48, "%rcx"=>0x010d8d48, + "%rdx"=>0x01158d48, "%rbx"=>0x011d8d48, + "%rsp"=>0x01258d48, "%rbp"=>0x012d8d48, + "%rsi"=>0x01358d48, "%rdi"=>0x013d8d48, + "%r8" =>0x01058d4c, "%r9" =>0x010d8d4c, + "%r10"=>0x01158d4c, "%r11"=>0x011d8d4c, + "%r12"=>0x01258d4c, "%r13"=>0x012d8d4c, + "%r14"=>0x01358d4c, "%r15"=>0x013d8d4c ); + + if ($line =~ /^\s*(\.\w+)/) { + $dir = $1; + $ret = $self; + undef $self->{value}; + $line = substr($line,@+[0]); $line =~ s/^\s+//; + + SWITCH: for ($dir) { + /\.picmeup/ && do { if ($line =~ /(%r[\w]+)/i) { + $dir="\t.long"; + $line=sprintf "0x%x,0x90000000",$opcode{$1}; + } + last; + }; + /\.global|\.globl|\.extern/ + && do { $globals{$line} = $prefix . $line; + $line = $globals{$line} if ($prefix); + last; + }; + /\.type/ && do { ($sym,$type,$narg) = split(',',$line); + if ($type eq "\@function") { + undef $current_function; + $current_function->{name} = $sym; + $current_function->{abi} = "svr4"; + $current_function->{narg} = $narg; + $current_function->{scope} = defined($globals{$sym})?"PUBLIC":"PRIVATE"; + } elsif ($type eq "\@abi-omnipotent") { + undef $current_function; + $current_function->{name} = $sym; + $current_function->{scope} = defined($globals{$sym})?"PUBLIC":"PRIVATE"; + } + $line =~ s/\@abi\-omnipotent/\@function/; + $line =~ s/\@function.*/\@function/; + last; + }; + /\.asciz/ && do { if ($line =~ /^"(.*)"$/) { + $dir = ".byte"; + $line = join(",",unpack("C*",$1),0); + } + last; + }; + /\.rva|\.long|\.quad/ + && do { $line =~ s/([_a-z][_a-z0-9]*)/$globals{$1} or $1/gei; + $line =~ s/\.L/$decor/g; + last; + }; + } + + if ($gas) { + $self->{value} = $dir . "\t" . $line; + + if ($dir =~ /\.extern/) { + $self->{value} = ""; # swallow extern + } elsif (!$elf && $dir =~ /\.type/) { + $self->{value} = ""; + $self->{value} = ".def\t" . ($globals{$1} or $1) . ";\t" . + (defined($globals{$1})?".scl 2;":".scl 3;") . + "\t.type 32;\t.endef" + if ($win64 && $line =~ /([^,]+),\@function/); + } elsif (!$elf && $dir =~ /\.size/) { + $self->{value} = ""; + if (defined($current_function)) { + $self->{value} .= "${decor}SEH_end_$current_function->{name}:" + if ($win64 && $current_function->{abi} eq "svr4"); + undef $current_function; + } + } elsif (!$elf && $dir =~ /\.align/) { + $self->{value} = ".p2align\t" . (log($line)/log(2)); + } elsif ($dir eq ".section") { + $current_segment=$line; + if (!$elf && $current_segment eq ".init") { + if ($flavour eq "macosx") { $self->{value} = ".mod_init_func"; } + elsif ($flavour eq "mingw64") { $self->{value} = ".section\t.ctors"; } + } + } elsif ($dir =~ /\.(text|data)/) { + $current_segment=".$1"; + } elsif ($dir =~ /\.hidden/) { + if ($flavour eq "macosx") { $self->{value} = ".private_extern\t$prefix$line"; } + elsif ($flavour eq "mingw64") { $self->{value} = ""; } + } elsif ($dir =~ /\.comm/) { + $self->{value} = "$dir\t$prefix$line"; + $self->{value} =~ s|,([0-9]+),([0-9]+)$|",$1,".log($2)/log(2)|e if ($flavour eq "macosx"); + } + $line = ""; + return $self; + } + + # non-gas case or nasm/masm + SWITCH: for ($dir) { + /\.text/ && do { my $v=undef; + if ($nasm) { + $v="section .text code align=64\n"; + } else { + $v="$current_segment\tENDS\n" if ($current_segment); + $current_segment = ".text\$"; + $v.="$current_segment\tSEGMENT "; + $v.=$masm>=$masmref ? "ALIGN(64)" : "PAGE"; + $v.=" 'CODE'"; + } + $self->{value} = $v; + last; + }; + /\.data/ && do { my $v=undef; + if ($nasm) { + $v="section .data data align=8\n"; + } else { + $v="$current_segment\tENDS\n" if ($current_segment); + $current_segment = "_DATA"; + $v.="$current_segment\tSEGMENT"; + } + $self->{value} = $v; + last; + }; + /\.section/ && do { my $v=undef; + $line =~ s/([^,]*).*/$1/; + $line = ".CRT\$XCU" if ($line eq ".init"); + if ($nasm) { + $v="section $line"; + if ($line=~/\.([px])data/) { + $v.=" rdata align="; + $v.=$1 eq "p"? 4 : 8; + } elsif ($line=~/\.CRT\$/i) { + $v.=" rdata align=8"; + } + } else { + $v="$current_segment\tENDS\n" if ($current_segment); + $v.="$line\tSEGMENT"; + if ($line=~/\.([px])data/) { + $v.=" READONLY"; + $v.=" ALIGN(".($1 eq "p" ? 4 : 8).")" if ($masm>=$masmref); + } elsif ($line=~/\.CRT\$/i) { + $v.=" READONLY "; + $v.=$masm>=$masmref ? "ALIGN(8)" : "DWORD"; + } + } + $current_segment = $line; + $self->{value} = $v; + last; + }; + /\.extern/ && do { $self->{value} = "EXTERN\t".$line; + $self->{value} .= ":NEAR" if ($masm); + last; + }; + /\.globl|.global/ + && do { $self->{value} = $masm?"PUBLIC":"global"; + $self->{value} .= "\t".$line; + last; + }; + /\.size/ && do { if (defined($current_function)) { + undef $self->{value}; + if ($current_function->{abi} eq "svr4") { + $self->{value}="${decor}SEH_end_$current_function->{name}:"; + $self->{value}.=":\n" if($masm); + } + $self->{value}.="$current_function->{name}\tENDP" if($masm && $current_function->{name}); + undef $current_function; + } + last; + }; + /\.align/ && do { $self->{value} = "ALIGN\t".$line; last; }; + /\.(value|long|rva|quad)/ + && do { my $sz = substr($1,0,1); + my @arr = split(/,\s*/,$line); + my $last = pop(@arr); + my $conv = sub { my $var=shift; + $var=~s/^(0b[0-1]+)/oct($1)/eig; + $var=~s/^0x([0-9a-f]+)/0$1h/ig if ($masm); + if ($sz eq "D" && ($current_segment=~/.[px]data/ || $dir eq ".rva")) + { $var=~s/([_a-z\$\@][_a-z0-9\$\@]*)/$nasm?"$1 wrt ..imagebase":"imagerel $1"/egi; } + $var; + }; + + $sz =~ tr/bvlrq/BWDDQ/; + $self->{value} = "\tD$sz\t"; + for (@arr) { $self->{value} .= &$conv($_).","; } + $self->{value} .= &$conv($last); + last; + }; + /\.byte/ && do { my @str=split(/,\s*/,$line); + map(s/(0b[0-1]+)/oct($1)/eig,@str); + map(s/0x([0-9a-f]+)/0$1h/ig,@str) if ($masm); + while ($#str>15) { + $self->{value}.="DB\t" + .join(",",@str[0..15])."\n"; + foreach (0..15) { shift @str; } + } + $self->{value}.="DB\t" + .join(",",@str) if (@str); + last; + }; + /\.comm/ && do { my @str=split(/,\s*/,$line); + my $v=undef; + if ($nasm) { + $v.="common $prefix@str[0] @str[1]"; + } else { + $v="$current_segment\tENDS\n" if ($current_segment); + $current_segment = "_DATA"; + $v.="$current_segment\tSEGMENT\n"; + $v.="COMM @str[0]:DWORD:".@str[1]/4; + } + $self->{value} = $v; + last; + }; + } + $line = ""; + } + + $ret; + } + sub out { + my $self = shift; + $self->{value}; + } +} + +sub rex { + local *opcode=shift; + my ($dst,$src,$rex)=@_; + + $rex|=0x04 if($dst>=8); + $rex|=0x01 if($src>=8); + push @opcode,($rex|0x40) if ($rex); +} + +# older gas and ml64 don't handle SSE>2 instructions +my %regrm = ( "%eax"=>0, "%ecx"=>1, "%edx"=>2, "%ebx"=>3, + "%esp"=>4, "%ebp"=>5, "%esi"=>6, "%edi"=>7 ); + +if ($flavour ne "openbsd") { + +$movq = sub { # elderly gas can't handle inter-register movq + my $arg = shift; + my @opcode=(0x66); + if ($arg =~ /%xmm([0-9]+),\s*%r(\w+)/) { + my ($src,$dst)=($1,$2); + if ($dst !~ /[0-9]+/) { $dst = $regrm{"%e$dst"}; } + rex(\@opcode,$src,$dst,0x8); + push @opcode,0x0f,0x7e; + push @opcode,0xc0|(($src&7)<<3)|($dst&7); # ModR/M + @opcode; + } elsif ($arg =~ /%r(\w+),\s*%xmm([0-9]+)/) { + my ($src,$dst)=($2,$1); + if ($dst !~ /[0-9]+/) { $dst = $regrm{"%e$dst"}; } + rex(\@opcode,$src,$dst,0x8); + push @opcode,0x0f,0x6e; + push @opcode,0xc0|(($src&7)<<3)|($dst&7); # ModR/M + @opcode; + } else { + (); + } +}; + +} + +my $pextrd = sub { + if (shift =~ /\$([0-9]+),\s*%xmm([0-9]+),\s*(%\w+)/) { + my @opcode=(0x66); + $imm=$1; + $src=$2; + $dst=$3; + if ($dst =~ /%r([0-9]+)d/) { $dst = $1; } + elsif ($dst =~ /%e/) { $dst = $regrm{$dst}; } + rex(\@opcode,$src,$dst); + push @opcode,0x0f,0x3a,0x16; + push @opcode,0xc0|(($src&7)<<3)|($dst&7); # ModR/M + push @opcode,$imm; + @opcode; + } else { + (); + } +}; + +my $pinsrd = sub { + if (shift =~ /\$([0-9]+),\s*(%\w+),\s*%xmm([0-9]+)/) { + my @opcode=(0x66); + $imm=$1; + $src=$2; + $dst=$3; + if ($src =~ /%r([0-9]+)/) { $src = $1; } + elsif ($src =~ /%e/) { $src = $regrm{$src}; } + rex(\@opcode,$dst,$src); + push @opcode,0x0f,0x3a,0x22; + push @opcode,0xc0|(($dst&7)<<3)|($src&7); # ModR/M + push @opcode,$imm; + @opcode; + } else { + (); + } +}; + +if ($flavour ne "openbsd") { + +$pshufb = sub { + if (shift =~ /%xmm([0-9]+),\s*%xmm([0-9]+)/) { + my @opcode=(0x66); + rex(\@opcode,$2,$1); + push @opcode,0x0f,0x38,0x00; + push @opcode,0xc0|($1&7)|(($2&7)<<3); # ModR/M + @opcode; + } else { + (); + } +}; + +$palignr = sub { + if (shift =~ /\$([0-9]+),\s*%xmm([0-9]+),\s*%xmm([0-9]+)/) { + my @opcode=(0x66); + rex(\@opcode,$3,$2); + push @opcode,0x0f,0x3a,0x0f; + push @opcode,0xc0|($2&7)|(($3&7)<<3); # ModR/M + push @opcode,$1; + @opcode; + } else { + (); + } +}; + +$pclmulqdq = sub { + if (shift =~ /\$([x0-9a-f]+),\s*%xmm([0-9]+),\s*%xmm([0-9]+)/) { + my @opcode=(0x66); + rex(\@opcode,$3,$2); + push @opcode,0x0f,0x3a,0x44; + push @opcode,0xc0|($2&7)|(($3&7)<<3); # ModR/M + my $c=$1; + push @opcode,$c=~/^0/?oct($c):$c; + @opcode; + } else { + (); + } +}; + +} + +if ($nasm) { + print <<___; +default rel +%define XMMWORD +___ +} elsif ($masm) { + print <<___; +OPTION DOTNAME +___ +} +print "#include \"x86_arch.h\"\n"; + +while($line=<>) { + + chomp($line); + + $line =~ s|[#!].*$||; # get rid of asm-style comments... + $line =~ s|/\*.*\*/||; # ... and C-style comments... + $line =~ s|^\s+||; # ... and skip white spaces in beginning + + undef $label; + undef $opcode; + undef @args; + + if ($label=label->re(\$line)) { print $label->out(); } + + if (directive->re(\$line)) { + printf "%s",directive->out(); + } elsif ($opcode=opcode->re(\$line)) { + my $asm = eval("\$".$opcode->mnemonic()); + undef @bytes; + + if ((ref($asm) eq 'CODE') && scalar(@bytes=&$asm($line))) { + print $gas?".byte\t":"DB\t",join(',',@bytes),"\n"; + next; + } + + ARGUMENT: while (1) { + my $arg; + + if ($arg=register->re(\$line)) { opcode->size($arg->size()); } + elsif ($arg=const->re(\$line)) { } + elsif ($arg=ea->re(\$line)) { } + elsif ($arg=expr->re(\$line)) { } + else { last ARGUMENT; } + + push @args,$arg; + + last ARGUMENT if ($line !~ /^,/); + + $line =~ s/^,\s*//; + } # ARGUMENT: + + if ($#args>=0) { + my $insn; + my $sz=opcode->size(); + + if ($gas) { + $insn = $opcode->out($#args>=1?$args[$#args]->size():$sz); + @args = map($_->out($sz),@args); + printf "\t%s\t%s",$insn,join(",",@args); + } else { + $insn = $opcode->out(); + foreach (@args) { + my $arg = $_->out(); + # $insn.=$sz compensates for movq, pinsrw, ... + if ($arg =~ /^xmm[0-9]+$/) { $insn.=$sz; $sz="x" if(!$sz); last; } + if ($arg =~ /^mm[0-9]+$/) { $insn.=$sz; $sz="q" if(!$sz); last; } + } + @args = reverse(@args); + undef $sz if ($nasm && $opcode->mnemonic() eq "lea"); + printf "\t%s\t%s",$insn,join(",",map($_->out($sz),@args)); + } + } else { + printf "\t%s",$opcode->out(); + } + } + + print $line,"\n"; +} + +print "\n$current_segment\tENDS\n" if ($current_segment && $masm); +print "END\n" if ($masm); + +close STDOUT; + + ################################################# +# Cross-reference x86_64 ABI "card" +# +# Unix Win64 +# %rax * * +# %rbx - - +# %rcx #4 #1 +# %rdx #3 #2 +# %rsi #2 - +# %rdi #1 - +# %rbp - - +# %rsp - - +# %r8 #5 #3 +# %r9 #6 #4 +# %r10 * * +# %r11 * * +# %r12 - - +# %r13 - - +# %r14 - - +# %r15 - - +# +# (*) volatile register +# (-) preserved by callee +# (#) Nth argument, volatile +# +# In Unix terms top of stack is argument transfer area for arguments +# which could not be accomodated in registers. Or in other words 7th +# [integer] argument resides at 8(%rsp) upon function entry point. +# 128 bytes above %rsp constitute a "red zone" which is not touched +# by signal handlers and can be used as temporal storage without +# allocating a frame. +# +# In Win64 terms N*8 bytes on top of stack is argument transfer area, +# which belongs to/can be overwritten by callee. N is the number of +# arguments passed to callee, *but* not less than 4! This means that +# upon function entry point 5th argument resides at 40(%rsp), as well +# as that 32 bytes from 8(%rsp) can always be used as temporal +# storage [without allocating a frame]. One can actually argue that +# one can assume a "red zone" above stack pointer under Win64 as well. +# Point is that at apparently no occasion Windows kernel would alter +# the area above user stack pointer in true asynchronous manner... +# +# All the above means that if assembler programmer adheres to Unix +# register and stack layout, but disregards the "red zone" existense, +# it's possible to use following prologue and epilogue to "gear" from +# Unix to Win64 ABI in leaf functions with not more than 6 arguments. +# +# omnipotent_function: +# ifdef WIN64 +# movq %rdi,8(%rsp) +# movq %rsi,16(%rsp) +# movq %rcx,%rdi ; if 1st argument is actually present +# movq %rdx,%rsi ; if 2nd argument is actually ... +# movq %r8,%rdx ; if 3rd argument is ... +# movq %r9,%rcx ; if 4th argument ... +# movq 40(%rsp),%r8 ; if 5th ... +# movq 48(%rsp),%r9 ; if 6th ... +# endif +# ... +# ifdef WIN64 +# movq 8(%rsp),%rdi +# movq 16(%rsp),%rsi +# endif +# ret +# + ################################################# +# Win64 SEH, Structured Exception Handling. +# +# Unlike on Unix systems(*) lack of Win64 stack unwinding information +# has undesired side-effect at run-time: if an exception is raised in +# assembler subroutine such as those in question (basically we're +# referring to segmentation violations caused by malformed input +# parameters), the application is briskly terminated without invoking +# any exception handlers, most notably without generating memory dump +# or any user notification whatsoever. This poses a problem. It's +# possible to address it by registering custom language-specific +# handler that would restore processor context to the state at +# subroutine entry point and return "exception is not handled, keep +# unwinding" code. Writing such handler can be a challenge... But it's +# doable, though requires certain coding convention. Consider following +# snippet: +# +# .type function,@function +# function: +# movq %rsp,%rax # copy rsp to volatile register +# pushq %r15 # save non-volatile registers +# pushq %rbx +# pushq %rbp +# movq %rsp,%r11 +# subq %rdi,%r11 # prepare [variable] stack frame +# andq $-64,%r11 +# movq %rax,0(%r11) # check for exceptions +# movq %r11,%rsp # allocate [variable] stack frame +# movq %rax,0(%rsp) # save original rsp value +# magic_point: +# ... +# movq 0(%rsp),%rcx # pull original rsp value +# movq -24(%rcx),%rbp # restore non-volatile registers +# movq -16(%rcx),%rbx +# movq -8(%rcx),%r15 +# movq %rcx,%rsp # restore original rsp +# ret +# .size function,.-function +# +# The key is that up to magic_point copy of original rsp value remains +# in chosen volatile register and no non-volatile register, except for +# rsp, is modified. While past magic_point rsp remains constant till +# the very end of the function. In this case custom language-specific +# exception handler would look like this: +# +# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, +# CONTEXT *context,DISPATCHER_CONTEXT *disp) +# { ULONG64 *rsp = (ULONG64 *)context->Rax; +# if (context->Rip >= magic_point) +# { rsp = ((ULONG64 **)context->Rsp)[0]; +# context->Rbp = rsp[-3]; +# context->Rbx = rsp[-2]; +# context->R15 = rsp[-1]; +# } +# context->Rsp = (ULONG64)rsp; +# context->Rdi = rsp[1]; +# context->Rsi = rsp[2]; +# +# memcpy (disp->ContextRecord,context,sizeof(CONTEXT)); +# RtlVirtualUnwind(UNW_FLAG_NHANDLER,disp->ImageBase, +# dips->ControlPc,disp->FunctionEntry,disp->ContextRecord, +# &disp->HandlerData,&disp->EstablisherFrame,NULL); +# return ExceptionContinueSearch; +# } +# +# It's appropriate to implement this handler in assembler, directly in +# function's module. In order to do that one has to know members' +# offsets in CONTEXT and DISPATCHER_CONTEXT structures and some constant +# values. Here they are: +# +# CONTEXT.Rax 120 +# CONTEXT.Rcx 128 +# CONTEXT.Rdx 136 +# CONTEXT.Rbx 144 +# CONTEXT.Rsp 152 +# CONTEXT.Rbp 160 +# CONTEXT.Rsi 168 +# CONTEXT.Rdi 176 +# CONTEXT.R8 184 +# CONTEXT.R9 192 +# CONTEXT.R10 200 +# CONTEXT.R11 208 +# CONTEXT.R12 216 +# CONTEXT.R13 224 +# CONTEXT.R14 232 +# CONTEXT.R15 240 +# CONTEXT.Rip 248 +# CONTEXT.Xmm6 512 +# sizeof(CONTEXT) 1232 +# DISPATCHER_CONTEXT.ControlPc 0 +# DISPATCHER_CONTEXT.ImageBase 8 +# DISPATCHER_CONTEXT.FunctionEntry 16 +# DISPATCHER_CONTEXT.EstablisherFrame 24 +# DISPATCHER_CONTEXT.TargetIp 32 +# DISPATCHER_CONTEXT.ContextRecord 40 +# DISPATCHER_CONTEXT.LanguageHandler 48 +# DISPATCHER_CONTEXT.HandlerData 56 +# UNW_FLAG_NHANDLER 0 +# ExceptionContinueSearch 1 +# +# In order to tie the handler to the function one has to compose +# couple of structures: one for .xdata segment and one for .pdata. +# +# UNWIND_INFO structure for .xdata segment would be +# +# function_unwind_info: +# .byte 9,0,0,0 +# .rva handler +# +# This structure designates exception handler for a function with +# zero-length prologue, no stack frame or frame register. +# +# To facilitate composing of .pdata structures, auto-generated "gear" +# prologue copies rsp value to rax and denotes next instruction with +# .LSEH_begin_{function_name} label. This essentially defines the SEH +# styling rule mentioned in the beginning. Position of this label is +# chosen in such manner that possible exceptions raised in the "gear" +# prologue would be accounted to caller and unwound from latter's frame. +# End of function is marked with respective .LSEH_end_{function_name} +# label. To summarize, .pdata segment would contain +# +# .rva .LSEH_begin_function +# .rva .LSEH_end_function +# .rva function_unwind_info +# +# Reference to functon_unwind_info from .xdata segment is the anchor. +# In case you wonder why references are 32-bit .rvas and not 64-bit +# .quads. References put into these two segments are required to be +# *relative* to the base address of the current binary module, a.k.a. +# image base. No Win64 module, be it .exe or .dll, can be larger than +# 2GB and thus such relative references can be and are accommodated in +# 32 bits. +# +# Having reviewed the example function code, one can argue that "movq +# %rsp,%rax" above is redundant. It is not! Keep in mind that on Unix +# rax would contain an undefined value. If this "offends" you, use +# another register and refrain from modifying rax till magic_point is +# reached, i.e. as if it was a non-volatile register. If more registers +# are required prior [variable] frame setup is completed, note that +# nobody says that you can have only one "magic point." You can +# "liberate" non-volatile registers by denoting last stack off-load +# instruction and reflecting it in finer grade unwind logic in handler. +# After all, isn't it why it's called *language-specific* handler... +# +# Attentive reader can notice that exceptions would be mishandled in +# auto-generated "gear" epilogue. Well, exception effectively can't +# occur there, because if memory area used by it was subject to +# segmentation violation, then it would be raised upon call to the +# function (and as already mentioned be accounted to caller, which is +# not a problem). If you're still not comfortable, then define tail +# "magic point" just prior ret instruction and have handler treat it... +# +# (*) Note that we're talking about run-time, not debug-time. Lack of +# unwind information makes debugging hard on both Windows and +# Unix. "Unlike" referes to the fact that on Unix signal handler +# will always be invoked, core dumped and appropriate exit code +# returned to parent (for user notification). diff --git a/src/lib/libcrypto/perlasm/x86asm.pl b/src/lib/libcrypto/perlasm/x86asm.pl index 81c6e64e871..e039382e009 100644 --- a/src/lib/libcrypto/perlasm/x86asm.pl +++ b/src/lib/libcrypto/perlasm/x86asm.pl @@ -1,118 +1,257 @@ -#!/usr/local/bin/perl +#!/usr/bin/env perl # require 'x86asm.pl'; -# &asm_init("cpp","des-586.pl"); -# XXX -# XXX -# main'asm_finish - -sub main'asm_finish - { - &file_end(); - &asm_finish_cpp() if $cpp; - print &asm_get_output(); - } - -sub main'asm_init - { - ($type,$fn,$i386)=@_; - $filename=$fn; - - $cpp=$sol=$aout=$win32=$gaswin=0; - if ( ($type eq "elf")) - { require "x86unix.pl"; } - elsif ( ($type eq "a.out")) - { $aout=1; require "x86unix.pl"; } - elsif ( ($type eq "gaswin")) - { $gaswin=1; $aout=1; require "x86unix.pl"; } - elsif ( ($type eq "sol")) - { $sol=1; require "x86unix.pl"; } - elsif ( ($type eq "cpp")) - { $cpp=1; require "x86unix.pl"; } - elsif ( ($type eq "win32")) - { $win32=1; require "x86ms.pl"; } - elsif ( ($type eq "win32n")) - { $win32=1; require "x86nasm.pl"; } - else - { - print STDERR <<"EOF"; +# &asm_init(,"des-586.pl"[,$i386only]); +# &function_begin("foo"); +# ... +# &function_end("foo"); +# &asm_finish + +$out=(); +$i386=0; + +# AUTOLOAD is this context has quite unpleasant side effect, namely +# that typos in function calls effectively go to assembler output, +# but on the pros side we don't have to implement one subroutine per +# each opcode... +sub ::AUTOLOAD +{ my $opcode = $AUTOLOAD; + + die "more than 4 arguments passed to $opcode" if ($#_>3); + + $opcode =~ s/.*:://; + if ($opcode =~ /^push/) { $stack+=4; } + elsif ($opcode =~ /^pop/) { $stack-=4; } + + &generic($opcode,@_) or die "undefined subroutine \&$AUTOLOAD"; +} + +sub ::emit +{ my $opcode=shift; + + if ($#_==-1) { push(@out,"\t$opcode\n"); } + else { push(@out,"\t$opcode\t".join(',',@_)."\n"); } +} + +sub ::emitraw +{ my $opcode=shift; + + if ($#_==-1) { push(@out,"$opcode\n"); } + else { push(@out,"$opcode\t".join(',',@_)."\n"); } +} + +sub ::LB +{ $_[0] =~ m/^e?([a-d])x$/o or die "$_[0] does not have a 'low byte'"; + $1."l"; +} +sub ::HB +{ $_[0] =~ m/^e?([a-d])x$/o or die "$_[0] does not have a 'high byte'"; + $1."h"; +} +sub ::stack_push{ my $num=$_[0]*4; $stack+=$num; &sub("esp",$num); } +sub ::stack_pop { my $num=$_[0]*4; $stack-=$num; &add("esp",$num); } +sub ::blindpop { &pop($_[0]); $stack+=4; } +sub ::wparam { &DWP($stack+4*$_[0],"esp"); } +sub ::swtmp { &DWP(4*$_[0],"esp"); } + +sub ::bswap +{ if ($i386) # emulate bswap for i386 + { &comment("bswap @_"); + &xchg(&HB(@_),&LB(@_)); + &ror (@_,16); + &xchg(&HB(@_),&LB(@_)); + } + else + { &generic("bswap",@_); } +} +# These are made-up opcodes introduced over the years essentially +# by ignorance, just alias them to real ones... +sub ::movb { &mov(@_); } +sub ::xorb { &xor(@_); } +sub ::rotl { &rol(@_); } +sub ::rotr { &ror(@_); } +sub ::exch { &xchg(@_); } +sub ::halt { &hlt; } +sub ::movz { &movzx(@_); } +sub ::pushf { &pushfd; } +sub ::popf { &popfd; } + +# 3 argument instructions +sub ::movq +{ my($p1,$p2,$optimize)=@_; + + if ($optimize && $p1=~/^mm[0-7]$/ && $p2=~/^mm[0-7]$/) + # movq between mmx registers can sink Intel CPUs + { &::pshufw($p1,$p2,0xe4); } + else + { &::generic("movq",@_); } +} + +# SSE>2 instructions +my %regrm = ( "eax"=>0, "ecx"=>1, "edx"=>2, "ebx"=>3, + "esp"=>4, "ebp"=>5, "esi"=>6, "edi"=>7 ); +sub ::pextrd +{ my($dst,$src,$imm)=@_; + if ("$dst:$src" =~ /(e[a-dsd][ixp]):xmm([0-7])/) + { &::data_byte(0x66,0x0f,0x3a,0x16,0xc0|($2<<3)|$regrm{$1},$imm); } + else + { &::generic("pextrd",@_); } +} + +sub ::pinsrd +{ my($dst,$src,$imm)=@_; + if ("$dst:$src" =~ /xmm([0-7]):(e[a-dsd][ixp])/) + { &::data_byte(0x66,0x0f,0x3a,0x22,0xc0|($1<<3)|$regrm{$2},$imm); } + else + { &::generic("pinsrd",@_); } +} + +sub ::pshufb +{ my($dst,$src)=@_; + if ("$dst:$src" =~ /xmm([0-7]):xmm([0-7])/) + { &data_byte(0x66,0x0f,0x38,0x00,0xc0|($1<<3)|$2); } + else + { &::generic("pshufb",@_); } +} + +sub ::palignr +{ my($dst,$src,$imm)=@_; + if ("$dst:$src" =~ /xmm([0-7]):xmm([0-7])/) + { &::data_byte(0x66,0x0f,0x3a,0x0f,0xc0|($1<<3)|$2,$imm); } + else + { &::generic("palignr",@_); } +} + +sub ::pclmulqdq +{ my($dst,$src,$imm)=@_; + if ("$dst:$src" =~ /xmm([0-7]):xmm([0-7])/) + { &::data_byte(0x66,0x0f,0x3a,0x44,0xc0|($1<<3)|$2,$imm); } + else + { &::generic("pclmulqdq",@_); } +} + +# label management +$lbdecor="L"; # local label decoration, set by package +$label="000"; + +sub ::islabel # see is argument is a known label +{ my $i; + foreach $i (values %label) { return $i if ($i eq $_[0]); } + $label{$_[0]}; # can be undef +} + +sub ::label # instantiate a function-scope label +{ if (!defined($label{$_[0]})) + { $label{$_[0]}="${lbdecor}${label}${_[0]}"; $label++; } + $label{$_[0]}; +} + +sub ::LABEL # instantiate a file-scope label +{ $label{$_[0]}=$_[1] if (!defined($label{$_[0]})); + $label{$_[0]}; +} + +sub ::static_label { &::LABEL($_[0],$lbdecor.$_[0]); } + +sub ::set_label_B { push(@out,"@_:\n"); } +sub ::set_label +{ my $label=&::label($_[0]); + &::align($_[1]) if ($_[1]>1); + &::set_label_B($label); + $label; +} + +sub ::wipe_labels # wipes function-scope labels +{ foreach $i (keys %label) + { delete $label{$i} if ($label{$i} =~ /^\Q${lbdecor}\E[0-9]{3}/); } +} + +# subroutine management +sub ::function_begin +{ &function_begin_B(@_); + $stack=4; + &push("ebp"); + &push("ebx"); + &push("esi"); + &push("edi"); +} + +sub ::function_end +{ &pop("edi"); + &pop("esi"); + &pop("ebx"); + &pop("ebp"); + &ret(); + &function_end_B(@_); + $stack=0; + &wipe_labels(); +} + +sub ::function_end_A +{ &pop("edi"); + &pop("esi"); + &pop("ebx"); + &pop("ebp"); + &ret(); + $stack+=16; # readjust esp as if we didn't pop anything +} + +sub ::asciz +{ my @str=unpack("C*",shift); + push @str,0; + while ($#str>15) { + &data_byte(@str[0..15]); + foreach (0..15) { shift @str; } + } + &data_byte(@str) if (@str); +} + +sub ::asm_finish +{ &file_end(); + print @out; +} + +sub ::asm_init +{ my ($type,$fn,$cpu)=@_; + + $filename=$fn; + $i386=$cpu; + + $elf=$cpp=$coff=$aout=$macosx=$win32=$openbsd=$android=0; + if (($type eq "elf")) + { $elf=1; require "x86gas.pl"; } + elsif (($type eq "a\.out")) + { $aout=1; require "x86gas.pl"; } + elsif (($type eq "coff" or $type eq "gaswin")) + { $coff=1; require "x86gas.pl"; } + elsif (($type eq "macosx")) + { $aout=1; $macosx=1; require "x86gas.pl"; } + elsif (($type eq "openbsd-elf")) + { $openbsd=$elf=1; require "x86gas.pl"; } + elsif (($type eq "openbsd-a.out")) + { $openbsd=1; require "x86gas.pl"; } + elsif (($type eq "android")) + { $elf=1; $android=1; require "x86gas.pl"; } + else + { print STDERR <<"EOF"; Pick one target type from - elf - linux, FreeBSD etc - a.out - old linux - sol - x86 solaris - cpp - format so x86unix.cpp can be used - win32 - Windows 95/Windows NT - win32n - Windows 95/Windows NT NASM format -EOF - exit(1); - } - - &asm_init_output(); - -&comment("Don't even think of reading this code"); -&comment("It was automatically generated by $filename"); -&comment("Which is a perl program used to generate the x86 assember for"); -&comment("any of elf, a.out, BSDI, Win32, gaswin (for GNU as on Win32) or Solaris"); -&comment("eric "); -&comment(""); - - $filename =~ s/\.pl$//; - &file($filename); - } - -sub asm_finish_cpp - { - return unless $cpp; - - local($tmp,$i); - foreach $i (&get_labels()) - { - $tmp.="#define $i _$i\n"; - } - print <<"EOF"; -/* Run the C pre-processor over this file with one of the following defined - * ELF - elf object files, - * OUT - a.out object files, - * BSDI - BSDI style a.out object files - * SOL - Solaris style elf - */ - -#define TYPE(a,b) .type a,b -#define SIZE(a,b) .size a,b - -#if defined(OUT) || (defined(BSDI) && !defined(ELF)) -$tmp -#endif - -#ifdef OUT -#define OK 1 -#define ALIGN 4 -#endif - -#if defined(BSDI) && !defined(ELF) -#define OK 1 -#define ALIGN 4 -#undef SIZE -#undef TYPE -#define SIZE(a,b) -#define TYPE(a,b) -#endif - -#if defined(ELF) || defined(SOL) -#define OK 1 -#define ALIGN 16 -#endif - -#ifndef OK -You need to define one of -ELF - elf systems - linux-elf, NetBSD and DG-UX -OUT - a.out systems - linux-a.out and FreeBSD -SOL - solaris systems, which are elf with strange comment lines -BSDI - a.out with a very primative version of as. -#endif - -/* Let the Assembler begin :-) */ + elf - Linux, FreeBSD, Solaris x86, etc. + a.out - DJGPP, elder OpenBSD, etc. + coff - GAS/COFF such as Win32 targets + openbsd-elf - OpenBSD elf + openbsd-a.out - OpenBSD a.out + macosx - Mac OS X EOF - } + exit(1); + } + + $pic=0; + for (@ARGV) { $pic=1 if (/\-[fK]PIC/i); } + + ::emitraw("#include \"x86_arch.h\"\n"); + ::emitraw("#include \n") if $openbsd; + $filename =~ s/\.pl$//; + &file($filename); +} 1; diff --git a/src/lib/libcrypto/perlasm/x86gas.pl b/src/lib/libcrypto/perlasm/x86gas.pl new file mode 100644 index 00000000000..c21cda9a6ad --- /dev/null +++ b/src/lib/libcrypto/perlasm/x86gas.pl @@ -0,0 +1,267 @@ +#!/usr/bin/env perl + +package x86gas; + +*out=\@::out; + +$::lbdecor=$::aout?"L":".L"; # local label decoration +$nmdecor=($::aout or $::coff)?"_":""; # external name decoration + +$initseg=""; + +$align=16; +$align=log($align)/log(2) if ($::aout); +$com_start="#" if ($::aout or $::coff); + +sub opsize() +{ my $reg=shift; + if ($reg =~ m/^%e/o) { "l"; } + elsif ($reg =~ m/^%[a-d][hl]$/o) { "b"; } + elsif ($reg =~ m/^%[xm]/o) { undef; } + else { "w"; } +} + +# swap arguments; +# expand opcode with size suffix; +# prefix numeric constants with $; +sub ::generic +{ my($opcode,@arg)=@_; + my($suffix,$dst,$src); + + @arg=reverse(@arg); + + for (@arg) + { s/^(\*?)(e?[a-dsixphl]{2})$/$1%$2/o; # gp registers + s/^([xy]?mm[0-7])$/%$1/o; # xmm/mmx registers + s/^(\-?[0-9]+)$/\$$1/o; # constants + s/^(\-?0x[0-9a-f]+)$/\$$1/o; # constants + } + + $dst = $arg[$#arg] if ($#arg>=0); + $src = $arg[$#arg-1] if ($#arg>=1); + if ($dst =~ m/^%/o) { $suffix=&opsize($dst); } + elsif ($src =~ m/^%/o) { $suffix=&opsize($src); } + else { $suffix="l"; } + undef $suffix if ($dst =~ m/^%[xm]/o || $src =~ m/^%[xm]/o); + + if ($#_==0) { &::emit($opcode); } + elsif ($#_==1 && $opcode =~ m/^(call|clflush|j|loop|set)/o) + { &::emit($opcode,@arg); } + else { &::emit($opcode.$suffix,@arg);} + + 1; +} +# +# opcodes not covered by ::generic above, mostly inconsistent namings... +# +sub ::movzx { &::movzb(@_); } +sub ::pushfd { &::pushfl; } +sub ::popfd { &::popfl; } +sub ::cpuid { &::emit(".byte\t0x0f,0xa2"); } +sub ::rdtsc { &::emit(".byte\t0x0f,0x31"); } + +sub ::call { &::emit("call",(&::islabel($_[0]) or "$nmdecor$_[0]")); } +sub ::call_ptr { &::generic("call","*$_[0]"); } +sub ::jmp_ptr { &::generic("jmp","*$_[0]"); } + +*::bswap = sub { &::emit("bswap","%$_[0]"); } if (!$::i386); + +sub ::DWP +{ my($addr,$reg1,$reg2,$idx)=@_; + my $ret=""; + + $addr =~ s/^\s+//; + # prepend global references with optional underscore + $addr =~ s/^([^\+\-0-9][^\+\-]*)/&::islabel($1) or "$nmdecor$1"/ige; + + $reg1 = "%$reg1" if ($reg1); + $reg2 = "%$reg2" if ($reg2); + + $ret .= $addr if (($addr ne "") && ($addr ne 0)); + + if ($reg2) + { $idx!= 0 or $idx=1; + $ret .= "($reg1,$reg2,$idx)"; + } + elsif ($reg1) + { $ret .= "($reg1)"; } + + $ret; +} +sub ::QWP { &::DWP(@_); } +sub ::BP { &::DWP(@_); } +sub ::WP { &::DWP(@_); } +sub ::BC { @_; } +sub ::DWC { @_; } + +sub ::file +{ push(@out,".file\t\"$_[0].s\"\n.text\n"); } + +sub ::function_begin_B +{ my $func=shift; + my $global=($func !~ /^_/); + my $begin="${::lbdecor}_${func}_begin"; + + &::LABEL($func,$global?"$begin":"$nmdecor$func"); + $func=$nmdecor.$func; + + push(@out,".globl\t$func\n") if ($global); + if ($::coff) + { push(@out,".def\t$func;\t.scl\t".(3-$global).";\t.type\t32;\t.endef\n"); } + elsif (($::aout and !$::pic) or $::macosx) + { } + else + { push(@out,".type $func,\@function\n"); } + push(@out,".align\t$align\n"); + push(@out,"$func:\n"); + push(@out,"$begin:\n") if ($global); + $::stack=4; +} + +sub ::function_end_B +{ my $func=shift; + push(@out,".size\t$nmdecor$func,.-".&::LABEL($func)."\n") if ($::elf); + $::stack=0; + &::wipe_labels(); +} + +sub ::comment + { + if (!defined($com_start) or $::elf) + { # Regarding $::elf above... + # GNU and SVR4 as'es use different comment delimiters, + push(@out,"\n"); # so we just skip ELF comments... + return; + } + foreach (@_) + { + if (/^\s*$/) + { push(@out,"\n"); } + else + { push(@out,"\t$com_start $_ $com_end\n"); } + } + } + +sub ::external_label +{ foreach(@_) { &::LABEL($_,$nmdecor.$_); } } + +sub ::public_label +{ push(@out,".globl\t".&::LABEL($_[0],$nmdecor.$_[0])."\n"); } + +sub ::file_end +{ if ($::macosx) + { if (%non_lazy_ptr) + { push(@out,".section __IMPORT,__pointers,non_lazy_symbol_pointers\n"); + foreach $i (keys %non_lazy_ptr) + { push(@out,"$non_lazy_ptr{$i}:\n.indirect_symbol\t$i\n.long\t0\n"); } + } + } + if (grep {/\b${nmdecor}OPENSSL_ia32cap_P\b/i} @out) { + push (@out, ".extern\t${nmdecor}OPENSSL_ia32cap_P\n"); + push (@out, ".hidden\t${nmdecor}OPENSSL_ia32cap_P\n"); + } + push(@out,$initseg) if ($initseg); +} + +sub ::data_byte { push(@out,".byte\t".join(',',@_)."\n"); } +sub ::data_short{ push(@out,".value\t".join(',',@_)."\n"); } +sub ::data_word { push(@out,".long\t".join(',',@_)."\n"); } + +sub ::align +{ my $val=$_[0],$p2,$i; + if ($::aout) + { for ($p2=0;$val!=0;$val>>=1) { $p2++; } + $val=$p2-1; + $val.=",0x90"; + } + push(@out,".align\t$val\n"); +} + +sub ::picmeup +{ my($dst,$sym,$base,$reflabel)=@_; + + if ($::openbsd) + { &::emitraw("#if defined(PIC) || defined(__PIC__)"); + &::emitraw("PIC_PROLOGUE"); + &::mov($dst, &::DWP("PIC_GOT($sym)")); + &::emitraw("PIC_EPILOGUE"); + &::emitraw("#else /* PIC */"); + &::lea($dst,&::DWP($sym)); + &::emitraw("#endif /* PIC */"); + } + if (($::pic && ($::elf || $::aout)) || $::macosx) + { if (!defined($base)) + { &::call(&::label("PIC_me_up")); + &::set_label("PIC_me_up"); + &::blindpop($dst); + $base=$dst; + $reflabel=&::label("PIC_me_up"); + } + if ($::macosx) + { my $indirect=&::static_label("$nmdecor$sym\$non_lazy_ptr"); + &::mov($dst,&::DWP("$indirect-$reflabel",$base)); + $non_lazy_ptr{"$nmdecor$sym"}=$indirect; + } + else + { &::lea($dst,&::DWP("_GLOBAL_OFFSET_TABLE_+[.-$reflabel]", + $base)); + &::mov($dst,&::DWP("$sym\@GOT",$dst)); + } + } + else + { &::lea($dst,&::DWP($sym)); } +} + +sub ::initseg +{ my $f=$nmdecor.shift; + + if ($::openbsd) + { $initseg.=<<___; +.section .init +PIC_PROLOGUE + call PIC_PLT($f) +PIC_EPILOGUE +___ + } elsif ($::android) + { $initseg.=<<___; +.section .init_array +.align 4 +.long $f +___ + } + elsif ($::elf) + { $initseg.=<<___; +.section .init + call $f +___ + } + elsif ($::coff) + { $initseg.=<<___; # applies to both Cygwin and Mingw +.section .ctors +.long $f +___ + } + elsif ($::macosx) + { $initseg.=<<___; +.mod_init_func +.align 2 +.long $f +___ + } + elsif ($::aout) + { my $ctor="${nmdecor}_GLOBAL_\$I\$$f"; + $initseg.=".text\n"; + $initseg.=".type $ctor,\@function\n" if ($::pic); + $initseg.=<<___; # OpenBSD way... +.globl $ctor +.align 2 +$ctor: + jmp $f +___ + } +} + +sub ::dataseg +{ push(@out,".data\n"); } + +1; diff --git a/src/lib/libcrypto/perlasm/x86ms.pl b/src/lib/libcrypto/perlasm/x86ms.pl deleted file mode 100644 index 206452341d1..00000000000 --- a/src/lib/libcrypto/perlasm/x86ms.pl +++ /dev/null @@ -1,365 +0,0 @@ -#!/usr/local/bin/perl - -package x86ms; - -$label="L000"; - -%lb=( 'eax', 'al', - 'ebx', 'bl', - 'ecx', 'cl', - 'edx', 'dl', - 'ax', 'al', - 'bx', 'bl', - 'cx', 'cl', - 'dx', 'dl', - ); - -%hb=( 'eax', 'ah', - 'ebx', 'bh', - 'ecx', 'ch', - 'edx', 'dh', - 'ax', 'ah', - 'bx', 'bh', - 'cx', 'ch', - 'dx', 'dh', - ); - -sub main'asm_init_output { @out=(); } -sub main'asm_get_output { return(@out); } -sub main'get_labels { return(@labels); } -sub main'external_label { push(@labels,@_); } - -sub main'LB - { - (defined($lb{$_[0]})) || die "$_[0] does not have a 'low byte'\n"; - return($lb{$_[0]}); - } - -sub main'HB - { - (defined($hb{$_[0]})) || die "$_[0] does not have a 'high byte'\n"; - return($hb{$_[0]}); - } - -sub main'BP - { - &get_mem("BYTE",@_); - } - -sub main'DWP - { - &get_mem("DWORD",@_); - } - -sub main'BC - { - return @_; - } - -sub main'DWC - { - return @_; - } - -sub main'stack_push - { - local($num)=@_; - $stack+=$num*4; - &main'sub("esp",$num*4); - } - -sub main'stack_pop - { - local($num)=@_; - $stack-=$num*4; - &main'add("esp",$num*4); - } - -sub get_mem - { - local($size,$addr,$reg1,$reg2,$idx)=@_; - local($t,$post); - local($ret)="$size PTR "; - - $addr =~ s/^\s+//; - if ($addr =~ /^(.+)\+(.+)$/) - { - $reg2=&conv($1); - $addr="_$2"; - } - elsif ($addr =~ /^[_a-zA-Z]/) - { - $addr="_$addr"; - } - - $reg1="$regs{$reg1}" if defined($regs{$reg1}); - $reg2="$regs{$reg2}" if defined($regs{$reg2}); - if (($addr ne "") && ($addr ne 0)) - { - if ($addr !~ /^-/) - { $ret.=$addr; } - else { $post=$addr; } - } - if ($reg2 ne "") - { - $t=""; - $t="*$idx" if ($idx != 0); - $reg1="+".$reg1 if ("$reg1$post" ne ""); - $ret.="[$reg2$t$reg1$post]"; - } - else - { - $ret.="[$reg1$post]" - } - return($ret); - } - -sub main'mov { &out2("mov",@_); } -sub main'movb { &out2("mov",@_); } -sub main'and { &out2("and",@_); } -sub main'or { &out2("or",@_); } -sub main'shl { &out2("shl",@_); } -sub main'shr { &out2("shr",@_); } -sub main'xor { &out2("xor",@_); } -sub main'xorb { &out2("xor",@_); } -sub main'add { &out2("add",@_); } -sub main'adc { &out2("adc",@_); } -sub main'sub { &out2("sub",@_); } -sub main'rotl { &out2("rol",@_); } -sub main'rotr { &out2("ror",@_); } -sub main'exch { &out2("xchg",@_); } -sub main'cmp { &out2("cmp",@_); } -sub main'lea { &out2("lea",@_); } -sub main'mul { &out1("mul",@_); } -sub main'div { &out1("div",@_); } -sub main'dec { &out1("dec",@_); } -sub main'inc { &out1("inc",@_); } -sub main'jmp { &out1("jmp",@_); } -sub main'jmp_ptr { &out1p("jmp",@_); } -sub main'je { &out1("je",@_); } -sub main'jle { &out1("jle",@_); } -sub main'jz { &out1("jz",@_); } -sub main'jge { &out1("jge",@_); } -sub main'jl { &out1("jl",@_); } -sub main'jb { &out1("jb",@_); } -sub main'jc { &out1("jc",@_); } -sub main'jnc { &out1("jnc",@_); } -sub main'jnz { &out1("jnz",@_); } -sub main'jne { &out1("jne",@_); } -sub main'jno { &out1("jno",@_); } -sub main'push { &out1("push",@_); $stack+=4; } -sub main'pop { &out1("pop",@_); $stack-=4; } -sub main'bswap { &out1("bswap",@_); &using486(); } -sub main'not { &out1("not",@_); } -sub main'call { &out1("call",'_'.$_[0]); } -sub main'ret { &out0("ret"); } -sub main'nop { &out0("nop"); } - -sub out2 - { - local($name,$p1,$p2)=@_; - local($l,$t); - - push(@out,"\t$name\t"); - $t=&conv($p1).","; - $l=length($t); - push(@out,$t); - $l=4-($l+9)/8; - push(@out,"\t" x $l); - push(@out,&conv($p2)); - push(@out,"\n"); - } - -sub out0 - { - local($name)=@_; - - push(@out,"\t$name\n"); - } - -sub out1 - { - local($name,$p1)=@_; - local($l,$t); - - push(@out,"\t$name\t".&conv($p1)."\n"); - } - -sub conv - { - local($p)=@_; - - $p =~ s/0x([0-9A-Fa-f]+)/0$1h/; - return $p; - } - -sub using486 - { - return if $using486; - $using486++; - grep(s/\.386/\.486/,@out); - } - -sub main'file - { - local($file)=@_; - - local($tmp)=<<"EOF"; - TITLE $file.asm - .386 -.model FLAT -EOF - push(@out,$tmp); - } - -sub main'function_begin - { - local($func,$extra)=@_; - - push(@labels,$func); - - local($tmp)=<<"EOF"; -_TEXT SEGMENT -PUBLIC _$func -$extra -_$func PROC NEAR - push ebp - push ebx - push esi - push edi -EOF - push(@out,$tmp); - $stack=20; - } - -sub main'function_begin_B - { - local($func,$extra)=@_; - - local($tmp)=<<"EOF"; -_TEXT SEGMENT -PUBLIC _$func -$extra -_$func PROC NEAR -EOF - push(@out,$tmp); - $stack=4; - } - -sub main'function_end - { - local($func)=@_; - - local($tmp)=<<"EOF"; - pop edi - pop esi - pop ebx - pop ebp - ret -_$func ENDP -_TEXT ENDS -EOF - push(@out,$tmp); - $stack=0; - %label=(); - } - -sub main'function_end_B - { - local($func)=@_; - - local($tmp)=<<"EOF"; -_$func ENDP -_TEXT ENDS -EOF - push(@out,$tmp); - $stack=0; - %label=(); - } - -sub main'function_end_A - { - local($func)=@_; - - local($tmp)=<<"EOF"; - pop edi - pop esi - pop ebx - pop ebp - ret -EOF - push(@out,$tmp); - } - -sub main'file_end - { - push(@out,"END\n"); - } - -sub main'wparam - { - local($num)=@_; - - return(&main'DWP($stack+$num*4,"esp","",0)); - } - -sub main'swtmp - { - return(&main'DWP($_[0]*4,"esp","",0)); - } - -# Should use swtmp, which is above esp. Linix can trash the stack above esp -#sub main'wtmp -# { -# local($num)=@_; -# -# return(&main'DWP(-(($num+1)*4),"esp","",0)); -# } - -sub main'comment - { - foreach (@_) - { - push(@out,"\t; $_\n"); - } - } - -sub main'label - { - if (!defined($label{$_[0]})) - { - $label{$_[0]}="\$${label}${_[0]}"; - $label++; - } - return($label{$_[0]}); - } - -sub main'set_label - { - if (!defined($label{$_[0]})) - { - $label{$_[0]}="${label}${_[0]}"; - $label++; - } - if((defined $_[2]) && ($_[2] == 1)) - { - push(@out,"$label{$_[0]}::\n"); - } - else - { - push(@out,"$label{$_[0]}:\n"); - } - } - -sub main'data_word - { - push(@out,"\tDD\t$_[0]\n"); - } - -sub out1p - { - local($name,$p1)=@_; - local($l,$t); - - push(@out,"\t$name\t ".&conv($p1)."\n"); - } diff --git a/src/lib/libcrypto/perlasm/x86nasm.pl b/src/lib/libcrypto/perlasm/x86nasm.pl deleted file mode 100644 index b4da364bbfd..00000000000 --- a/src/lib/libcrypto/perlasm/x86nasm.pl +++ /dev/null @@ -1,342 +0,0 @@ -#!/usr/local/bin/perl - -package x86nasm; - -$label="L000"; - -%lb=( 'eax', 'al', - 'ebx', 'bl', - 'ecx', 'cl', - 'edx', 'dl', - 'ax', 'al', - 'bx', 'bl', - 'cx', 'cl', - 'dx', 'dl', - ); - -%hb=( 'eax', 'ah', - 'ebx', 'bh', - 'ecx', 'ch', - 'edx', 'dh', - 'ax', 'ah', - 'bx', 'bh', - 'cx', 'ch', - 'dx', 'dh', - ); - -sub main'asm_init_output { @out=(); } -sub main'asm_get_output { return(@out); } -sub main'get_labels { return(@labels); } - -sub main'external_label -{ - push(@labels,@_); - foreach (@_) { - push(@out, "extern\t_$_\n"); - } -} - -sub main'LB - { - (defined($lb{$_[0]})) || die "$_[0] does not have a 'low byte'\n"; - return($lb{$_[0]}); - } - -sub main'HB - { - (defined($hb{$_[0]})) || die "$_[0] does not have a 'high byte'\n"; - return($hb{$_[0]}); - } - -sub main'BP - { - &get_mem("BYTE",@_); - } - -sub main'DWP - { - &get_mem("DWORD",@_); - } - -sub main'BC - { - return "BYTE @_"; - } - -sub main'DWC - { - return "DWORD @_"; - } - -sub main'stack_push - { - my($num)=@_; - $stack+=$num*4; - &main'sub("esp",$num*4); - } - -sub main'stack_pop - { - my($num)=@_; - $stack-=$num*4; - &main'add("esp",$num*4); - } - -sub get_mem - { - my($size,$addr,$reg1,$reg2,$idx)=@_; - my($t,$post); - my($ret)="["; - $addr =~ s/^\s+//; - if ($addr =~ /^(.+)\+(.+)$/) - { - $reg2=&conv($1); - $addr="_$2"; - } - elsif ($addr =~ /^[_a-zA-Z]/) - { - $addr="_$addr"; - } - - $reg1="$regs{$reg1}" if defined($regs{$reg1}); - $reg2="$regs{$reg2}" if defined($regs{$reg2}); - if (($addr ne "") && ($addr ne 0)) - { - if ($addr !~ /^-/) - { $ret.="${addr}+"; } - else { $post=$addr; } - } - if ($reg2 ne "") - { - $t=""; - $t="*$idx" if ($idx != 0); - $reg1="+".$reg1 if ("$reg1$post" ne ""); - $ret.="$reg2$t$reg1$post]"; - } - else - { - $ret.="$reg1$post]" - } - return($ret); - } - -sub main'mov { &out2("mov",@_); } -sub main'movb { &out2("mov",@_); } -sub main'and { &out2("and",@_); } -sub main'or { &out2("or",@_); } -sub main'shl { &out2("shl",@_); } -sub main'shr { &out2("shr",@_); } -sub main'xor { &out2("xor",@_); } -sub main'xorb { &out2("xor",@_); } -sub main'add { &out2("add",@_); } -sub main'adc { &out2("adc",@_); } -sub main'sub { &out2("sub",@_); } -sub main'rotl { &out2("rol",@_); } -sub main'rotr { &out2("ror",@_); } -sub main'exch { &out2("xchg",@_); } -sub main'cmp { &out2("cmp",@_); } -sub main'lea { &out2("lea",@_); } -sub main'mul { &out1("mul",@_); } -sub main'div { &out1("div",@_); } -sub main'dec { &out1("dec",@_); } -sub main'inc { &out1("inc",@_); } -sub main'jmp { &out1("jmp",@_); } -sub main'jmp_ptr { &out1p("jmp",@_); } - -# This is a bit of a kludge: declare all branches as NEAR. -sub main'je { &out1("je NEAR",@_); } -sub main'jle { &out1("jle NEAR",@_); } -sub main'jz { &out1("jz NEAR",@_); } -sub main'jge { &out1("jge NEAR",@_); } -sub main'jl { &out1("jl NEAR",@_); } -sub main'jb { &out1("jb NEAR",@_); } -sub main'jc { &out1("jc NEAR",@_); } -sub main'jnc { &out1("jnc NEAR",@_); } -sub main'jnz { &out1("jnz NEAR",@_); } -sub main'jne { &out1("jne NEAR",@_); } -sub main'jno { &out1("jno NEAR",@_); } - -sub main'push { &out1("push",@_); $stack+=4; } -sub main'pop { &out1("pop",@_); $stack-=4; } -sub main'bswap { &out1("bswap",@_); &using486(); } -sub main'not { &out1("not",@_); } -sub main'call { &out1("call",'_'.$_[0]); } -sub main'ret { &out0("ret"); } -sub main'nop { &out0("nop"); } - -sub out2 - { - my($name,$p1,$p2)=@_; - my($l,$t); - - push(@out,"\t$name\t"); - $t=&conv($p1).","; - $l=length($t); - push(@out,$t); - $l=4-($l+9)/8; - push(@out,"\t" x $l); - push(@out,&conv($p2)); - push(@out,"\n"); - } - -sub out0 - { - my($name)=@_; - - push(@out,"\t$name\n"); - } - -sub out1 - { - my($name,$p1)=@_; - my($l,$t); - push(@out,"\t$name\t".&conv($p1)."\n"); - } - -sub conv - { - my($p)=@_; - $p =~ s/0x([0-9A-Fa-f]+)/0$1h/; - return $p; - } - -sub using486 - { - return if $using486; - $using486++; - grep(s/\.386/\.486/,@out); - } - -sub main'file - { - push(@out, "segment .text\n"); - } - -sub main'function_begin - { - my($func,$extra)=@_; - - push(@labels,$func); - my($tmp)=<<"EOF"; -global _$func -_$func: - push ebp - push ebx - push esi - push edi -EOF - push(@out,$tmp); - $stack=20; - } - -sub main'function_begin_B - { - my($func,$extra)=@_; - my($tmp)=<<"EOF"; -global _$func -_$func: -EOF - push(@out,$tmp); - $stack=4; - } - -sub main'function_end - { - my($func)=@_; - - my($tmp)=<<"EOF"; - pop edi - pop esi - pop ebx - pop ebp - ret -EOF - push(@out,$tmp); - $stack=0; - %label=(); - } - -sub main'function_end_B - { - $stack=0; - %label=(); - } - -sub main'function_end_A - { - my($func)=@_; - - my($tmp)=<<"EOF"; - pop edi - pop esi - pop ebx - pop ebp - ret -EOF - push(@out,$tmp); - } - -sub main'file_end - { - } - -sub main'wparam - { - my($num)=@_; - - return(&main'DWP($stack+$num*4,"esp","",0)); - } - -sub main'swtmp - { - return(&main'DWP($_[0]*4,"esp","",0)); - } - -# Should use swtmp, which is above esp. Linix can trash the stack above esp -#sub main'wtmp -# { -# my($num)=@_; -# -# return(&main'DWP(-(($num+1)*4),"esp","",0)); -# } - -sub main'comment - { - foreach (@_) - { - push(@out,"\t; $_\n"); - } - } - -sub main'label - { - if (!defined($label{$_[0]})) - { - $label{$_[0]}="\$${label}${_[0]}"; - $label++; - } - return($label{$_[0]}); - } - -sub main'set_label - { - if (!defined($label{$_[0]})) - { - $label{$_[0]}="${label}${_[0]}"; - $label++; - } - push(@out,"$label{$_[0]}:\n"); - } - -sub main'data_word - { - push(@out,"\tDD\t$_[0]\n"); - } - -sub out1p - { - my($name,$p1)=@_; - my($l,$t); - - push(@out,"\t$name\t ".&conv($p1)."\n"); - } diff --git a/src/lib/libcrypto/perlasm/x86unix.pl b/src/lib/libcrypto/perlasm/x86unix.pl deleted file mode 100644 index 9ceabf0705e..00000000000 --- a/src/lib/libcrypto/perlasm/x86unix.pl +++ /dev/null @@ -1,544 +0,0 @@ -#!/usr/local/bin/perl - -package x86unix; - -$label="L000"; -$const=""; -$constl=0; - -$align=($main'aout)?"4":"16"; -$under=($main'aout)?"_":""; -$com_start=($main'sol)?"/":"#"; - -sub main'asm_init_output { @out=(); } -sub main'asm_get_output { return(@out); } -sub main'get_labels { return(@labels); } -sub main'external_label { push(@labels,@_); } - -if ($main'cpp) - { - $align="ALIGN"; - $under=""; - $com_start='/*'; - $com_end='*/'; - } - -%lb=( 'eax', '%al', - 'ebx', '%bl', - 'ecx', '%cl', - 'edx', '%dl', - 'ax', '%al', - 'bx', '%bl', - 'cx', '%cl', - 'dx', '%dl', - ); - -%hb=( 'eax', '%ah', - 'ebx', '%bh', - 'ecx', '%ch', - 'edx', '%dh', - 'ax', '%ah', - 'bx', '%bh', - 'cx', '%ch', - 'dx', '%dh', - ); - -%regs=( 'eax', '%eax', - 'ebx', '%ebx', - 'ecx', '%ecx', - 'edx', '%edx', - 'esi', '%esi', - 'edi', '%edi', - 'ebp', '%ebp', - 'esp', '%esp', - ); - -%reg_val=( - 'eax', 0x00, - 'ebx', 0x03, - 'ecx', 0x01, - 'edx', 0x02, - 'esi', 0x06, - 'edi', 0x07, - 'ebp', 0x05, - 'esp', 0x04, - ); - -sub main'LB - { - (defined($lb{$_[0]})) || die "$_[0] does not have a 'low byte'\n"; - return($lb{$_[0]}); - } - -sub main'HB - { - (defined($hb{$_[0]})) || die "$_[0] does not have a 'high byte'\n"; - return($hb{$_[0]}); - } - -sub main'DWP - { - local($addr,$reg1,$reg2,$idx)=@_; - - $ret=""; - $addr =~ s/(^|[+ \t])([A-Za-z_]+[A-Za-z0-9_]+)($|[+ \t])/$1$under$2$3/; - $reg1="$regs{$reg1}" if defined($regs{$reg1}); - $reg2="$regs{$reg2}" if defined($regs{$reg2}); - $ret.=$addr if ($addr ne "") && ($addr ne 0); - if ($reg2 ne "") - { - if($idx ne "") - { $ret.="($reg1,$reg2,$idx)"; } - else - { $ret.="($reg1,$reg2)"; } - } - else - { $ret.="($reg1)" } - return($ret); - } - -sub main'BP - { - return(&main'DWP(@_)); - } - -sub main'BC - { - return @_; - } - -sub main'DWC - { - return @_; - } - -#sub main'BP -# { -# local($addr,$reg1,$reg2,$idx)=@_; -# -# $ret=""; -# -# $addr =~ s/(^|[+ \t])([A-Za-z_]+)($|[+ \t])/$1$under$2$3/; -# $reg1="$regs{$reg1}" if defined($regs{$reg1}); -# $reg2="$regs{$reg2}" if defined($regs{$reg2}); -# $ret.=$addr if ($addr ne "") && ($addr ne 0); -# if ($reg2 ne "") -# { $ret.="($reg1,$reg2,$idx)"; } -# else -# { $ret.="($reg1)" } -# return($ret); -# } - -sub main'mov { &out2("movl",@_); } -sub main'movb { &out2("movb",@_); } -sub main'and { &out2("andl",@_); } -sub main'or { &out2("orl",@_); } -sub main'shl { &out2("sall",@_); } -sub main'shr { &out2("shrl",@_); } -sub main'xor { &out2("xorl",@_); } -sub main'xorb { &out2("xorb",@_); } -sub main'add { &out2("addl",@_); } -sub main'adc { &out2("adcl",@_); } -sub main'sub { &out2("subl",@_); } -sub main'rotl { &out2("roll",@_); } -sub main'rotr { &out2("rorl",@_); } -sub main'exch { &out2("xchg",@_); } -sub main'cmp { &out2("cmpl",@_); } -sub main'lea { &out2("leal",@_); } -sub main'mul { &out1("mull",@_); } -sub main'div { &out1("divl",@_); } -sub main'jmp { &out1("jmp",@_); } -sub main'jmp_ptr { &out1p("jmp",@_); } -sub main'je { &out1("je",@_); } -sub main'jle { &out1("jle",@_); } -sub main'jne { &out1("jne",@_); } -sub main'jnz { &out1("jnz",@_); } -sub main'jz { &out1("jz",@_); } -sub main'jge { &out1("jge",@_); } -sub main'jl { &out1("jl",@_); } -sub main'jb { &out1("jb",@_); } -sub main'jc { &out1("jc",@_); } -sub main'jnc { &out1("jnc",@_); } -sub main'jno { &out1("jno",@_); } -sub main'dec { &out1("decl",@_); } -sub main'inc { &out1("incl",@_); } -sub main'push { &out1("pushl",@_); $stack+=4; } -sub main'pop { &out1("popl",@_); $stack-=4; } -sub main'pushf { &out0("pushf"); $stack+=4; } -sub main'popf { &out0("popf"); $stack-=4; } -sub main'not { &out1("notl",@_); } -sub main'call { &out1("call",$under.$_[0]); } -sub main'ret { &out0("ret"); } -sub main'nop { &out0("nop"); } - -# The bswapl instruction is new for the 486. Emulate if i386. -sub main'bswap - { - if ($main'i386) - { - &main'comment("bswapl @_"); - &main'exch(main'HB(@_),main'LB(@_)); - &main'rotr(@_,16); - &main'exch(main'HB(@_),main'LB(@_)); - } - else - { - &out1("bswapl",@_); - } - } - -sub out2 - { - local($name,$p1,$p2)=@_; - local($l,$ll,$t); - local(%special)=( "roll",0xD1C0,"rorl",0xD1C8, - "rcll",0xD1D0,"rcrl",0xD1D8, - "shll",0xD1E0,"shrl",0xD1E8, - "sarl",0xD1F8); - - if ((defined($special{$name})) && defined($regs{$p1}) && ($p2 == 1)) - { - $op=$special{$name}|$reg_val{$p1}; - $tmp1=sprintf(".byte %d\n",($op>>8)&0xff); - $tmp2=sprintf(".byte %d\t",$op &0xff); - push(@out,$tmp1); - push(@out,$tmp2); - - $p2=&conv($p2); - $p1=&conv($p1); - &main'comment("$name $p2 $p1"); - return; - } - - push(@out,"\t$name\t"); - $t=&conv($p2).","; - $l=length($t); - push(@out,$t); - $ll=4-($l+9)/8; - $tmp1=sprintf("\t" x $ll); - push(@out,$tmp1); - push(@out,&conv($p1)."\n"); - } - -sub out1 - { - local($name,$p1)=@_; - local($l,$t); - local(%special)=("bswapl",0x0FC8); - - if ((defined($special{$name})) && defined($regs{$p1})) - { - $op=$special{$name}|$reg_val{$p1}; - $tmp1=sprintf(".byte %d\n",($op>>8)&0xff); - $tmp2=sprintf(".byte %d\t",$op &0xff); - push(@out,$tmp1); - push(@out,$tmp2); - - $p2=&conv($p2); - $p1=&conv($p1); - &main'comment("$name $p2 $p1"); - return; - } - - push(@out,"\t$name\t".&conv($p1)."\n"); - } - -sub out1p - { - local($name,$p1)=@_; - local($l,$t); - - push(@out,"\t$name\t*".&conv($p1)."\n"); - } - -sub out0 - { - push(@out,"\t$_[0]\n"); - } - -sub conv - { - local($p)=@_; - -# $p =~ s/0x([0-9A-Fa-f]+)/0$1h/; - - $p=$regs{$p} if (defined($regs{$p})); - - $p =~ s/^(-{0,1}[0-9A-Fa-f]+)$/\$$1/; - $p =~ s/^(0x[0-9A-Fa-f]+)$/\$$1/; - return $p; - } - -sub main'file - { - local($file)=@_; - - local($tmp)=<<"EOF"; - .file "$file.s" - .version "01.01" -gcc2_compiled.: -EOF - push(@out,$tmp); - } - -sub main'function_begin - { - local($func)=@_; - - &main'external_label($func); - $func=$under.$func; - - local($tmp)=<<"EOF"; -.text - .align $align -.globl $func -EOF - push(@out,$tmp); - if ($main'cpp) - { $tmp=push(@out,"\tTYPE($func,\@function)\n"); } - elsif ($main'gaswin) - { $tmp=push(@out,"\t.def\t$func;\t.scl\t2;\t.type\t32;\t.endef\n"); } - else { $tmp=push(@out,"\t.type\t$func,\@function\n"); } - push(@out,"$func:\n"); - $tmp=<<"EOF"; - pushl %ebp - pushl %ebx - pushl %esi - pushl %edi - -EOF - push(@out,$tmp); - $stack=20; - } - -sub main'function_begin_B - { - local($func,$extra)=@_; - - &main'external_label($func); - $func=$under.$func; - - local($tmp)=<<"EOF"; -.text - .align $align -.globl $func -EOF - push(@out,$tmp); - if ($main'cpp) - { push(@out,"\tTYPE($func,\@function)\n"); } - elsif ($main'gaswin) - { $tmp=push(@out,"\t.def\t$func;\t.scl\t2;\t.type\t32;\t.endef\n"); } - else { push(@out,"\t.type $func,\@function\n"); } - push(@out,"$func:\n"); - $stack=4; - } - -sub main'function_end - { - local($func)=@_; - - $func=$under.$func; - - local($tmp)=<<"EOF"; - popl %edi - popl %esi - popl %ebx - popl %ebp - ret -.${func}_end: -EOF - push(@out,$tmp); - - if ($main'cpp) - { push(@out,"\tSIZE($func,.${func}_end-$func)\n"); } - elsif ($main'gaswin) - { $tmp=push(@out,"\t.align 4\n"); } - else { push(@out,"\t.size\t$func,.${func}_end-$func\n"); } - push(@out,".ident \"$func\"\n"); - $stack=0; - %label=(); - } - -sub main'function_end_A - { - local($func)=@_; - - local($tmp)=<<"EOF"; - popl %edi - popl %esi - popl %ebx - popl %ebp - ret -EOF - push(@out,$tmp); - } - -sub main'function_end_B - { - local($func)=@_; - - $func=$under.$func; - - push(@out,".L_${func}_end:\n"); - if ($main'cpp) - { push(@out,"\tSIZE($func,.L_${func}_end-$func)\n"); } - elsif ($main'gaswin) - { push(@out,"\t.align 4\n"); } - else { push(@out,"\t.size\t$func,.L_${func}_end-$func\n"); } - push(@out,".ident \"desasm.pl\"\n"); - $stack=0; - %label=(); - } - -sub main'wparam - { - local($num)=@_; - - return(&main'DWP($stack+$num*4,"esp","",0)); - } - -sub main'stack_push - { - local($num)=@_; - $stack+=$num*4; - &main'sub("esp",$num*4); - } - -sub main'stack_pop - { - local($num)=@_; - $stack-=$num*4; - &main'add("esp",$num*4); - } - -sub main'swtmp - { - return(&main'DWP($_[0]*4,"esp","",0)); - } - -# Should use swtmp, which is above esp. Linix can trash the stack above esp -#sub main'wtmp -# { -# local($num)=@_; -# -# return(&main'DWP(-($num+1)*4,"esp","",0)); -# } - -sub main'comment - { - foreach (@_) - { - if (/^\s*$/) - { push(@out,"\n"); } - else - { push(@out,"\t$com_start $_ $com_end\n"); } - } - } - -sub main'label - { - if (!defined($label{$_[0]})) - { - $label{$_[0]}=".${label}${_[0]}"; - $label++; - } - return($label{$_[0]}); - } - -sub main'set_label - { - if (!defined($label{$_[0]})) - { - $label{$_[0]}=".${label}${_[0]}"; - $label++; - } - push(@out,".align $align\n") if ($_[1] != 0); - push(@out,"$label{$_[0]}:\n"); - } - -sub main'file_end - { - if ($const ne "") - { - push(@out,".section .rodata\n"); - push(@out,$const); - $const=""; - } - } - -sub main'data_word - { - push(@out,"\t.long $_[0]\n"); - } - -# debug output functions: puts, putx, printf - -sub main'puts - { - &pushvars(); - &main'push('$Lstring' . ++$constl); - &main'call('puts'); - $stack-=4; - &main'add("esp",4); - &popvars(); - - $const .= "Lstring$constl:\n\t.string \"@_[0]\"\n"; - } - -sub main'putx - { - &pushvars(); - &main'push($_[0]); - &main'push('$Lstring' . ++$constl); - &main'call('printf'); - &main'add("esp",8); - $stack-=8; - &popvars(); - - $const .= "Lstring$constl:\n\t.string \"\%X\"\n"; - } - -sub main'printf - { - $ostack = $stack; - &pushvars(); - for ($i = @_ - 1; $i >= 0; $i--) - { - if ($i == 0) # change this to support %s format strings - { - &main'push('$Lstring' . ++$constl); - $const .= "Lstring$constl:\n\t.string \"@_[$i]\"\n"; - } - else - { - if ($_[$i] =~ /([0-9]*)\(%esp\)/) - { - &main'push(($1 + $stack - $ostack) . '(%esp)'); - } - else - { - &main'push($_[$i]); - } - } - } - &main'call('printf'); - $stack-=4*@_; - &main'add("esp",4*@_); - &popvars(); - } - -sub pushvars - { - &main'pushf(); - &main'push("edx"); - &main'push("ecx"); - &main'push("eax"); - } - -sub popvars - { - &main'pop("eax"); - &main'pop("ecx"); - &main'pop("edx"); - &main'popf(); - } diff --git a/src/lib/libcrypto/pkcs12/Makefile.ssl b/src/lib/libcrypto/pkcs12/Makefile.ssl deleted file mode 100644 index 94089bc4b2e..00000000000 --- a/src/lib/libcrypto/pkcs12/Makefile.ssl +++ /dev/null @@ -1,297 +0,0 @@ -# -# SSLeay/crypto/pkcs12/Makefile -# - -DIR= pkcs12 -TOP= ../.. -CC= cc -INCLUDES= -I.. -I$(TOP) -I../../include -CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKE= make -f Makefile.ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) -MAKEFILE= Makefile.ssl -AR= ar r - -CFLAGS= $(INCLUDES) $(CFLAG) - -GENERAL=Makefile -TEST= -APPS= - -LIB=$(TOP)/libcrypto.a -LIBSRC= p12_add.c p12_asn.c p12_attr.c p12_crpt.c p12_crt.c p12_decr.c \ - p12_init.c p12_key.c p12_kiss.c p12_mutl.c\ - p12_utl.c p12_npas.c pk12err.c p12_p8d.c p12_p8e.c -LIBOBJ= p12_add.o p12_asn.o p12_attr.o p12_crpt.o p12_crt.o p12_decr.o \ - p12_init.o p12_key.o p12_kiss.o p12_mutl.o\ - p12_utl.o p12_npas.o pk12err.o p12_p8d.o p12_p8e.o - -SRC= $(LIBSRC) - -EXHEADER= pkcs12.h -HEADER= $(EXHEADER) - -ALL= $(GENERAL) $(SRC) $(HEADER) - -top: - (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) - -test: - -all: lib - -lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) || echo Never mind. - @touch lib - -files: - $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO - -links: - @sh $(TOP)/util/point.sh Makefile.ssl Makefile - @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) - @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) - @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) - -install: - @for i in $(EXHEADER) ; \ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; - -tags: - ctags $(SRC) - -tests: - -lint: - lint -DLINT $(INCLUDES) $(SRC)>fluff - -depend: - $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) - -dclean: - $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new - mv -f Makefile.new $(MAKEFILE) - -clean: - rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff - -# DO NOT DELETE THIS LINE -- make depend depends on it. - -p12_add.o: ../../e_os.h ../../include/openssl/asn1.h -p12_add.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -p12_add.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -p12_add.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -p12_add.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -p12_add.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -p12_add.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p12_add.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -p12_add.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h -p12_add.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -p12_add.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p12_add.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p12_add.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p12_add.o: ../cryptlib.h p12_add.c -p12_asn.o: ../../e_os.h ../../include/openssl/asn1.h -p12_asn.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -p12_asn.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -p12_asn.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -p12_asn.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -p12_asn.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p12_asn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p12_asn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -p12_asn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -p12_asn.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h -p12_asn.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -p12_asn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p12_asn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p12_asn.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_asn.c -p12_attr.o: ../../e_os.h ../../include/openssl/asn1.h -p12_attr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -p12_attr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -p12_attr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -p12_attr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -p12_attr.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -p12_attr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p12_attr.o: ../../include/openssl/opensslconf.h -p12_attr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -p12_attr.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h -p12_attr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -p12_attr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p12_attr.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p12_attr.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_attr.c -p12_crpt.o: ../../e_os.h ../../include/openssl/asn1.h -p12_crpt.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -p12_crpt.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -p12_crpt.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -p12_crpt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -p12_crpt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -p12_crpt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p12_crpt.o: ../../include/openssl/opensslconf.h -p12_crpt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -p12_crpt.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h -p12_crpt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -p12_crpt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p12_crpt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p12_crpt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_crpt.c -p12_crt.o: ../../e_os.h ../../include/openssl/asn1.h -p12_crt.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -p12_crt.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -p12_crt.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -p12_crt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -p12_crt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -p12_crt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p12_crt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -p12_crt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h -p12_crt.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -p12_crt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p12_crt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p12_crt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p12_crt.o: ../cryptlib.h p12_crt.c -p12_decr.o: ../../e_os.h ../../include/openssl/asn1.h -p12_decr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -p12_decr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -p12_decr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -p12_decr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -p12_decr.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -p12_decr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p12_decr.o: ../../include/openssl/opensslconf.h -p12_decr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -p12_decr.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h -p12_decr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -p12_decr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p12_decr.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p12_decr.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_decr.c -p12_init.o: ../../e_os.h ../../include/openssl/asn1.h -p12_init.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -p12_init.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -p12_init.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -p12_init.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -p12_init.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -p12_init.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p12_init.o: ../../include/openssl/opensslconf.h -p12_init.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -p12_init.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h -p12_init.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -p12_init.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p12_init.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p12_init.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_init.c -p12_key.o: ../../e_os.h ../../include/openssl/asn1.h -p12_key.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -p12_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -p12_key.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -p12_key.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -p12_key.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -p12_key.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p12_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -p12_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h -p12_key.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -p12_key.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p12_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p12_key.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p12_key.o: ../cryptlib.h p12_key.c -p12_kiss.o: ../../e_os.h ../../include/openssl/asn1.h -p12_kiss.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -p12_kiss.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -p12_kiss.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -p12_kiss.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -p12_kiss.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -p12_kiss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p12_kiss.o: ../../include/openssl/opensslconf.h -p12_kiss.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -p12_kiss.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h -p12_kiss.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -p12_kiss.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p12_kiss.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p12_kiss.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_kiss.c -p12_mutl.o: ../../e_os.h ../../include/openssl/asn1.h -p12_mutl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -p12_mutl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -p12_mutl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -p12_mutl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -p12_mutl.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h -p12_mutl.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p12_mutl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -p12_mutl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -p12_mutl.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h -p12_mutl.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -p12_mutl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p12_mutl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p12_mutl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p12_mutl.o: ../cryptlib.h p12_mutl.c -p12_npas.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -p12_npas.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -p12_npas.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -p12_npas.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -p12_npas.o: ../../include/openssl/err.h ../../include/openssl/evp.h -p12_npas.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -p12_npas.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -p12_npas.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -p12_npas.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h -p12_npas.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h -p12_npas.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -p12_npas.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -p12_npas.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p12_npas.o: ../../include/openssl/x509_vfy.h p12_npas.c -p12_p8d.o: ../../e_os.h ../../include/openssl/asn1.h -p12_p8d.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -p12_p8d.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -p12_p8d.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -p12_p8d.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -p12_p8d.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -p12_p8d.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p12_p8d.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -p12_p8d.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h -p12_p8d.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -p12_p8d.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p12_p8d.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p12_p8d.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p12_p8d.o: ../cryptlib.h p12_p8d.c -p12_p8e.o: ../../e_os.h ../../include/openssl/asn1.h -p12_p8e.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -p12_p8e.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -p12_p8e.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -p12_p8e.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -p12_p8e.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -p12_p8e.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p12_p8e.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -p12_p8e.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h -p12_p8e.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -p12_p8e.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p12_p8e.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p12_p8e.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p12_p8e.o: ../cryptlib.h p12_p8e.c -p12_utl.o: ../../e_os.h ../../include/openssl/asn1.h -p12_utl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -p12_utl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -p12_utl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -p12_utl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -p12_utl.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -p12_utl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -p12_utl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -p12_utl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h -p12_utl.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -p12_utl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -p12_utl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -p12_utl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p12_utl.o: ../cryptlib.h p12_utl.c -pk12err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -pk12err.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -pk12err.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -pk12err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -pk12err.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pk12err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -pk12err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -pk12err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -pk12err.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h -pk12err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -pk12err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -pk12err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -pk12err.o: ../../include/openssl/x509_vfy.h pk12err.c diff --git a/src/lib/libcrypto/pkcs12/p12_add.c b/src/lib/libcrypto/pkcs12/p12_add.c index 1909f285065..08bb75d312f 100644 --- a/src/lib/libcrypto/pkcs12/p12_add.c +++ b/src/lib/libcrypto/pkcs12/p12_add.c @@ -1,5 +1,5 @@ -/* p12_add.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: p12_add.c,v 1.17 2018/05/13 14:24:07 tb Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,27 +57,31 @@ */ #include -#include "cryptlib.h" + +#include #include /* Pack an object into an OCTET STRING and turn into a safebag */ -PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1, - int nid2) +PKCS12_SAFEBAG * +PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1, int nid2) { PKCS12_BAGS *bag; PKCS12_SAFEBAG *safebag; + if (!(bag = PKCS12_BAGS_new())) { - PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); + PKCS12error(ERR_R_MALLOC_FAILURE); return NULL; } bag->type = OBJ_nid2obj(nid1); if (!ASN1_item_pack(obj, it, &bag->value.octet)) { - PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); + PKCS12error(ERR_R_MALLOC_FAILURE); + PKCS12_BAGS_free(bag); return NULL; } if (!(safebag = PKCS12_SAFEBAG_new())) { - PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); + PKCS12error(ERR_R_MALLOC_FAILURE); + PKCS12_BAGS_free(bag); return NULL; } safebag->value.bag = bag; @@ -87,11 +91,13 @@ PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid /* Turn PKCS8 object into a keybag */ -PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8) +PKCS12_SAFEBAG * +PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8) { PKCS12_SAFEBAG *bag; + if (!(bag = PKCS12_SAFEBAG_new())) { - PKCS12err(PKCS12_F_PKCS12_MAKE_KEYBAG,ERR_R_MALLOC_FAILURE); + PKCS12error(ERR_R_MALLOC_FAILURE); return NULL; } bag->type = OBJ_nid2obj(NID_keyBag); @@ -101,23 +107,30 @@ PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8) /* Turn PKCS8 object into a shrouded keybag */ -PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, - int passlen, unsigned char *salt, int saltlen, int iter, - PKCS8_PRIV_KEY_INFO *p8) +PKCS12_SAFEBAG * +PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, int passlen, + unsigned char *salt, int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8) { PKCS12_SAFEBAG *bag; + const EVP_CIPHER *pbe_ciph; /* Set up the safe bag */ if (!(bag = PKCS12_SAFEBAG_new())) { - PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE); + PKCS12error(ERR_R_MALLOC_FAILURE); return NULL; } bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag); - if (!(bag->value.shkeybag = - PKCS8_encrypt(pbe_nid, NULL, pass, passlen, salt, saltlen, iter, - p8))) { - PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE); + + pbe_ciph = EVP_get_cipherbynid(pbe_nid); + + if (pbe_ciph) + pbe_nid = -1; + + if (!(bag->value.shkeybag = PKCS8_encrypt(pbe_nid, pbe_ciph, pass, + passlen, salt, saltlen, iter, p8))) { + PKCS12error(ERR_R_MALLOC_FAILURE); + PKCS12_SAFEBAG_free(bag); return NULL; } @@ -125,91 +138,121 @@ PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, } /* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */ -PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk) +PKCS7 * +PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk) { PKCS7 *p7; + if (!(p7 = PKCS7_new())) { - PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE); + PKCS12error(ERR_R_MALLOC_FAILURE); return NULL; } p7->type = OBJ_nid2obj(NID_pkcs7_data); - if (!(p7->d.data = M_ASN1_OCTET_STRING_new())) { - PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE); - return NULL; + if (!(p7->d.data = ASN1_OCTET_STRING_new())) { + PKCS12error(ERR_R_MALLOC_FAILURE); + goto err; } - - if (!ASN1_item_pack(sk, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), &p7->d.data)) { - PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE); - return NULL; + + if (!ASN1_item_pack(sk, &PKCS12_SAFEBAGS_it, &p7->d.data)) { + PKCS12error(PKCS12_R_CANT_PACK_STRUCTURE); + goto err; } return p7; + +err: + PKCS7_free(p7); + return NULL; } /* Unpack SAFEBAGS from PKCS#7 data ContentInfo */ -STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7) +STACK_OF(PKCS12_SAFEBAG) * +PKCS12_unpack_p7data(PKCS7 *p7) { - if(!PKCS7_type_is_data(p7)) return NULL; - return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS)); + if (!PKCS7_type_is_data(p7)) { + PKCS12error(PKCS12_R_CONTENT_TYPE_NOT_DATA); + return NULL; + } + return ASN1_item_unpack(p7->d.data, &PKCS12_SAFEBAGS_it); } /* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */ -PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, - unsigned char *salt, int saltlen, int iter, - STACK_OF(PKCS12_SAFEBAG) *bags) +PKCS7 * +PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, + unsigned char *salt, int saltlen, int iter, STACK_OF(PKCS12_SAFEBAG) *bags) { PKCS7 *p7; X509_ALGOR *pbe; + const EVP_CIPHER *pbe_ciph; + if (!(p7 = PKCS7_new())) { - PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE); + PKCS12error(ERR_R_MALLOC_FAILURE); return NULL; } - if(!PKCS7_set_type(p7, NID_pkcs7_encrypted)) { - PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, - PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE); - return NULL; + if (!PKCS7_set_type(p7, NID_pkcs7_encrypted)) { + PKCS12error(PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE); + goto err; } - if (!(pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen))) { - PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE); - return NULL; + + pbe_ciph = EVP_get_cipherbynid(pbe_nid); + + if (pbe_ciph) + pbe = PKCS5_pbe2_set(pbe_ciph, iter, salt, saltlen); + else + pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen); + + if (!pbe) { + PKCS12error(ERR_R_MALLOC_FAILURE); + goto err; } X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm); p7->d.encrypted->enc_data->algorithm = pbe; - M_ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data); - if (!(p7->d.encrypted->enc_data->enc_data = - PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass, passlen, - bags, 1))) { - PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, PKCS12_R_ENCRYPT_ERROR); - return NULL; + ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data); + if (!(p7->d.encrypted->enc_data->enc_data = PKCS12_item_i2d_encrypt( + pbe, &PKCS12_SAFEBAGS_it, pass, passlen, bags, 1))) { + PKCS12error(PKCS12_R_ENCRYPT_ERROR); + goto err; } return p7; + +err: + PKCS7_free(p7); + return NULL; } -STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen) +STACK_OF(PKCS12_SAFEBAG) * +PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen) { - if(!PKCS7_type_is_encrypted(p7)) return NULL; + if (!PKCS7_type_is_encrypted(p7)) + return NULL; return PKCS12_item_decrypt_d2i(p7->d.encrypted->enc_data->algorithm, - ASN1_ITEM_rptr(PKCS12_SAFEBAGS), - pass, passlen, - p7->d.encrypted->enc_data->enc_data, 1); + &PKCS12_SAFEBAGS_it, pass, passlen, + p7->d.encrypted->enc_data->enc_data, 1); } -PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, const char *pass, - int passlen) +PKCS8_PRIV_KEY_INFO * +PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag, const char *pass, int passlen) { return PKCS8_decrypt(bag->value.shkeybag, pass, passlen); } -int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes) +int +PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes) { - if(ASN1_item_pack(safes, ASN1_ITEM_rptr(PKCS12_AUTHSAFES), - &p12->authsafes->d.data)) - return 1; + if (ASN1_item_pack(safes, &PKCS12_AUTHSAFES_it, + &p12->authsafes->d.data)) + return 1; return 0; } -STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12) +STACK_OF(PKCS7) * +PKCS12_unpack_authsafes(const PKCS12 *p12) { - return ASN1_item_unpack(p12->authsafes->d.data, ASN1_ITEM_rptr(PKCS12_AUTHSAFES)); + if (!PKCS7_type_is_data(p12->authsafes)) { + PKCS12error(PKCS12_R_CONTENT_TYPE_NOT_DATA); + return NULL; + } + return ASN1_item_unpack(p12->authsafes->d.data, + &PKCS12_AUTHSAFES_it); } diff --git a/src/lib/libcrypto/pkcs12/p12_asn.c b/src/lib/libcrypto/pkcs12/p12_asn.c index c327bdba039..3baf8f43d5c 100644 --- a/src/lib/libcrypto/pkcs12/p12_asn.c +++ b/src/lib/libcrypto/pkcs12/p12_asn.c @@ -1,5 +1,5 @@ -/* p12_asn.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: p12_asn.c,v 1.9 2015/07/25 17:08:40 jsing Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,69 +57,420 @@ */ #include -#include "cryptlib.h" + #include #include /* PKCS#12 ASN1 module */ -ASN1_SEQUENCE(PKCS12) = { - ASN1_SIMPLE(PKCS12, version, ASN1_INTEGER), - ASN1_SIMPLE(PKCS12, authsafes, PKCS7), - ASN1_OPT(PKCS12, mac, PKCS12_MAC_DATA) -} ASN1_SEQUENCE_END(PKCS12) +static const ASN1_TEMPLATE PKCS12_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(PKCS12, version), + .field_name = "version", + .item = &ASN1_INTEGER_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(PKCS12, authsafes), + .field_name = "authsafes", + .item = &PKCS7_it, + }, + { + .flags = ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(PKCS12, mac), + .field_name = "mac", + .item = &PKCS12_MAC_DATA_it, + }, +}; + +const ASN1_ITEM PKCS12_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = PKCS12_seq_tt, + .tcount = sizeof(PKCS12_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(PKCS12), + .sname = "PKCS12", +}; + + +PKCS12 * +d2i_PKCS12(PKCS12 **a, const unsigned char **in, long len) +{ + return (PKCS12 *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &PKCS12_it); +} + +int +i2d_PKCS12(PKCS12 *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS12_it); +} + +PKCS12 * +PKCS12_new(void) +{ + return (PKCS12 *)ASN1_item_new(&PKCS12_it); +} + +void +PKCS12_free(PKCS12 *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &PKCS12_it); +} + +static const ASN1_TEMPLATE PKCS12_MAC_DATA_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(PKCS12_MAC_DATA, dinfo), + .field_name = "dinfo", + .item = &X509_SIG_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(PKCS12_MAC_DATA, salt), + .field_name = "salt", + .item = &ASN1_OCTET_STRING_it, + }, + { + .flags = ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(PKCS12_MAC_DATA, iter), + .field_name = "iter", + .item = &ASN1_INTEGER_it, + }, +}; + +const ASN1_ITEM PKCS12_MAC_DATA_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = PKCS12_MAC_DATA_seq_tt, + .tcount = sizeof(PKCS12_MAC_DATA_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(PKCS12_MAC_DATA), + .sname = "PKCS12_MAC_DATA", +}; + + +PKCS12_MAC_DATA * +d2i_PKCS12_MAC_DATA(PKCS12_MAC_DATA **a, const unsigned char **in, long len) +{ + return (PKCS12_MAC_DATA *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &PKCS12_MAC_DATA_it); +} + +int +i2d_PKCS12_MAC_DATA(PKCS12_MAC_DATA *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS12_MAC_DATA_it); +} + +PKCS12_MAC_DATA * +PKCS12_MAC_DATA_new(void) +{ + return (PKCS12_MAC_DATA *)ASN1_item_new(&PKCS12_MAC_DATA_it); +} -IMPLEMENT_ASN1_FUNCTIONS(PKCS12) +void +PKCS12_MAC_DATA_free(PKCS12_MAC_DATA *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &PKCS12_MAC_DATA_it); +} -ASN1_SEQUENCE(PKCS12_MAC_DATA) = { - ASN1_SIMPLE(PKCS12_MAC_DATA, dinfo, X509_SIG), - ASN1_SIMPLE(PKCS12_MAC_DATA, salt, ASN1_OCTET_STRING), - ASN1_OPT(PKCS12_MAC_DATA, iter, ASN1_INTEGER) -} ASN1_SEQUENCE_END(PKCS12_MAC_DATA) +static const ASN1_TEMPLATE bag_default_tt = { + .flags = ASN1_TFLG_EXPLICIT, + .tag = 0, + .offset = offsetof(PKCS12_BAGS, value.other), + .field_name = "value.other", + .item = &ASN1_ANY_it, +}; -IMPLEMENT_ASN1_FUNCTIONS(PKCS12_MAC_DATA) +static const ASN1_ADB_TABLE PKCS12_BAGS_adbtbl[] = { + { + .value = NID_x509Certificate, + .tt = { + .flags = ASN1_TFLG_EXPLICIT, + .tag = 0, + .offset = offsetof(PKCS12_BAGS, value.x509cert), + .field_name = "value.x509cert", + .item = &ASN1_OCTET_STRING_it, + }, + + }, + { + .value = NID_x509Crl, + .tt = { + .flags = ASN1_TFLG_EXPLICIT, + .tag = 0, + .offset = offsetof(PKCS12_BAGS, value.x509crl), + .field_name = "value.x509crl", + .item = &ASN1_OCTET_STRING_it, + }, + + }, + { + .value = NID_sdsiCertificate, + .tt = { + .flags = ASN1_TFLG_EXPLICIT, + .tag = 0, + .offset = offsetof(PKCS12_BAGS, value.sdsicert), + .field_name = "value.sdsicert", + .item = &ASN1_IA5STRING_it, + }, + + }, +}; -ASN1_ADB_TEMPLATE(bag_default) = ASN1_EXP(PKCS12_BAGS, value.other, ASN1_ANY, 0); +static const ASN1_ADB PKCS12_BAGS_adb = { + .flags = 0, + .offset = offsetof(PKCS12_BAGS, type), + .app_items = 0, + .tbl = PKCS12_BAGS_adbtbl, + .tblcount = sizeof(PKCS12_BAGS_adbtbl) / sizeof(ASN1_ADB_TABLE), + .default_tt = &bag_default_tt, + .null_tt = NULL, +}; -ASN1_ADB(PKCS12_BAGS) = { - ADB_ENTRY(NID_x509Certificate, ASN1_EXP(PKCS12_BAGS, value.x509cert, ASN1_OCTET_STRING, 0)), - ADB_ENTRY(NID_x509Certificate, ASN1_EXP(PKCS12_BAGS, value.x509crl, ASN1_OCTET_STRING, 0)), - ADB_ENTRY(NID_x509Certificate, ASN1_EXP(PKCS12_BAGS, value.sdsicert, ASN1_IA5STRING, 0)), -} ASN1_ADB_END(PKCS12_BAGS, 0, type, 0, &bag_default_tt, NULL); +static const ASN1_TEMPLATE PKCS12_BAGS_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(PKCS12_BAGS, type), + .field_name = "type", + .item = &ASN1_OBJECT_it, + }, + { + .flags = ASN1_TFLG_ADB_OID, + .tag = -1, + .offset = 0, + .field_name = "PKCS12_BAGS", + .item = (const ASN1_ITEM *)&PKCS12_BAGS_adb, + }, +}; -ASN1_SEQUENCE(PKCS12_BAGS) = { - ASN1_SIMPLE(PKCS12_BAGS, type, ASN1_OBJECT), - ASN1_ADB_OBJECT(PKCS12_BAGS), -} ASN1_SEQUENCE_END(PKCS12_BAGS) +const ASN1_ITEM PKCS12_BAGS_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = PKCS12_BAGS_seq_tt, + .tcount = sizeof(PKCS12_BAGS_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(PKCS12_BAGS), + .sname = "PKCS12_BAGS", +}; -IMPLEMENT_ASN1_FUNCTIONS(PKCS12_BAGS) -ASN1_ADB_TEMPLATE(safebag_default) = ASN1_EXP(PKCS12_SAFEBAG, value.other, ASN1_ANY, 0); +PKCS12_BAGS * +d2i_PKCS12_BAGS(PKCS12_BAGS **a, const unsigned char **in, long len) +{ + return (PKCS12_BAGS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &PKCS12_BAGS_it); +} -ASN1_ADB(PKCS12_SAFEBAG) = { - ADB_ENTRY(NID_keyBag, ASN1_EXP(PKCS12_SAFEBAG, value.keybag, PKCS8_PRIV_KEY_INFO, 0)), - ADB_ENTRY(NID_pkcs8ShroudedKeyBag, ASN1_EXP(PKCS12_SAFEBAG, value.keybag, X509_SIG, 0)), - ADB_ENTRY(NID_safeContentsBag, ASN1_EXP_SET_OF(PKCS12_SAFEBAG, value.safes, PKCS12_SAFEBAG, 0)), - ADB_ENTRY(NID_certBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)), - ADB_ENTRY(NID_crlBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)), - ADB_ENTRY(NID_secretBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)) -} ASN1_ADB_END(PKCS12_SAFEBAG, 0, type, 0, &safebag_default_tt, NULL); +int +i2d_PKCS12_BAGS(PKCS12_BAGS *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS12_BAGS_it); +} -ASN1_SEQUENCE(PKCS12_SAFEBAG) = { - ASN1_SIMPLE(PKCS12_SAFEBAG, type, ASN1_OBJECT), - ASN1_ADB_OBJECT(PKCS12_SAFEBAG), - ASN1_SET_OF_OPT(PKCS12_SAFEBAG, attrib, X509_ATTRIBUTE) -} ASN1_SEQUENCE_END(PKCS12_SAFEBAG) +PKCS12_BAGS * +PKCS12_BAGS_new(void) +{ + return (PKCS12_BAGS *)ASN1_item_new(&PKCS12_BAGS_it); +} -IMPLEMENT_ASN1_FUNCTIONS(PKCS12_SAFEBAG) +void +PKCS12_BAGS_free(PKCS12_BAGS *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &PKCS12_BAGS_it); +} + +static const ASN1_TEMPLATE safebag_default_tt = { + .flags = ASN1_TFLG_EXPLICIT, + .tag = 0, + .offset = offsetof(PKCS12_SAFEBAG, value.other), + .field_name = "value.other", + .item = &ASN1_ANY_it, +}; + +static const ASN1_ADB_TABLE PKCS12_SAFEBAG_adbtbl[] = { + { + .value = NID_keyBag, + .tt = { + .flags = ASN1_TFLG_EXPLICIT, + .tag = 0, + .offset = offsetof(PKCS12_SAFEBAG, value.keybag), + .field_name = "value.keybag", + .item = &PKCS8_PRIV_KEY_INFO_it, + }, + + }, + { + .value = NID_pkcs8ShroudedKeyBag, + .tt = { + .flags = ASN1_TFLG_EXPLICIT, + .tag = 0, + .offset = offsetof(PKCS12_SAFEBAG, value.shkeybag), + .field_name = "value.shkeybag", + .item = &X509_SIG_it, + }, + + }, + { + .value = NID_safeContentsBag, + .tt = { + .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_SET_OF, + .tag = 0, + .offset = offsetof(PKCS12_SAFEBAG, value.safes), + .field_name = "value.safes", + .item = &PKCS12_SAFEBAG_it, + }, + }, + { + .value = NID_certBag, + .tt = { + .flags = ASN1_TFLG_EXPLICIT, + .tag = 0, + .offset = offsetof(PKCS12_SAFEBAG, value.bag), + .field_name = "value.bag", + .item = &PKCS12_BAGS_it, + }, + + }, + { + .value = NID_crlBag, + .tt = { + .flags = ASN1_TFLG_EXPLICIT, + .tag = 0, + .offset = offsetof(PKCS12_SAFEBAG, value.bag), + .field_name = "value.bag", + .item = &PKCS12_BAGS_it, + }, + + }, + { + .value = NID_secretBag, + .tt = { + .flags = ASN1_TFLG_EXPLICIT, + .tag = 0, + .offset = offsetof(PKCS12_SAFEBAG, value.bag), + .field_name = "value.bag", + .item = &PKCS12_BAGS_it, + }, + + }, +}; + +static const ASN1_ADB PKCS12_SAFEBAG_adb = { + .flags = 0, + .offset = offsetof(PKCS12_SAFEBAG, type), + .app_items = 0, + .tbl = PKCS12_SAFEBAG_adbtbl, + .tblcount = sizeof(PKCS12_SAFEBAG_adbtbl) / sizeof(ASN1_ADB_TABLE), + .default_tt = &safebag_default_tt, + .null_tt = NULL, +}; + +static const ASN1_TEMPLATE PKCS12_SAFEBAG_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(PKCS12_SAFEBAG, type), + .field_name = "type", + .item = &ASN1_OBJECT_it, + }, + { + .flags = ASN1_TFLG_ADB_OID, + .tag = -1, + .offset = 0, + .field_name = "PKCS12_SAFEBAG", + .item = (const ASN1_ITEM *)&PKCS12_SAFEBAG_adb, + }, + { + .flags = ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(PKCS12_SAFEBAG, attrib), + .field_name = "attrib", + .item = &X509_ATTRIBUTE_it, + }, +}; + +const ASN1_ITEM PKCS12_SAFEBAG_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = PKCS12_SAFEBAG_seq_tt, + .tcount = sizeof(PKCS12_SAFEBAG_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(PKCS12_SAFEBAG), + .sname = "PKCS12_SAFEBAG", +}; + + +PKCS12_SAFEBAG * +d2i_PKCS12_SAFEBAG(PKCS12_SAFEBAG **a, const unsigned char **in, long len) +{ + return (PKCS12_SAFEBAG *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &PKCS12_SAFEBAG_it); +} + +int +i2d_PKCS12_SAFEBAG(PKCS12_SAFEBAG *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS12_SAFEBAG_it); +} + +PKCS12_SAFEBAG * +PKCS12_SAFEBAG_new(void) +{ + return (PKCS12_SAFEBAG *)ASN1_item_new(&PKCS12_SAFEBAG_it); +} + +void +PKCS12_SAFEBAG_free(PKCS12_SAFEBAG *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &PKCS12_SAFEBAG_it); +} /* SEQUENCE OF SafeBag */ -ASN1_ITEM_TEMPLATE(PKCS12_SAFEBAGS) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, PKCS12_SAFEBAGS, PKCS12_SAFEBAG) -ASN1_ITEM_TEMPLATE_END(PKCS12_SAFEBAGS) +static const ASN1_TEMPLATE PKCS12_SAFEBAGS_item_tt = { + .flags = ASN1_TFLG_SEQUENCE_OF, + .tag = 0, + .offset = 0, + .field_name = "PKCS12_SAFEBAGS", + .item = &PKCS12_SAFEBAG_it, +}; + +const ASN1_ITEM PKCS12_SAFEBAGS_it = { + .itype = ASN1_ITYPE_PRIMITIVE, + .utype = -1, + .templates = &PKCS12_SAFEBAGS_item_tt, + .tcount = 0, + .funcs = NULL, + .size = 0, + .sname = "PKCS12_SAFEBAGS", +}; /* Authsafes: SEQUENCE OF PKCS7 */ -ASN1_ITEM_TEMPLATE(PKCS12_AUTHSAFES) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, PKCS12_AUTHSAFES, PKCS7) -ASN1_ITEM_TEMPLATE_END(PKCS12_AUTHSAFES) +static const ASN1_TEMPLATE PKCS12_AUTHSAFES_item_tt = { + .flags = ASN1_TFLG_SEQUENCE_OF, + .tag = 0, + .offset = 0, + .field_name = "PKCS12_AUTHSAFES", + .item = &PKCS7_it, +}; + +const ASN1_ITEM PKCS12_AUTHSAFES_it = { + .itype = ASN1_ITYPE_PRIMITIVE, + .utype = -1, + .templates = &PKCS12_AUTHSAFES_item_tt, + .tcount = 0, + .funcs = NULL, + .size = 0, + .sname = "PKCS12_AUTHSAFES", +}; diff --git a/src/lib/libcrypto/pkcs12/p12_attr.c b/src/lib/libcrypto/pkcs12/p12_attr.c index 026cf3826a7..65bfaa039ed 100644 --- a/src/lib/libcrypto/pkcs12/p12_attr.c +++ b/src/lib/libcrypto/pkcs12/p12_attr.c @@ -1,5 +1,5 @@ -/* p12_attr.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: p12_attr.c,v 1.12 2018/08/24 20:07:41 tb Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,89 +57,95 @@ */ #include -#include "cryptlib.h" + #include /* Add a local keyid to a safebag */ -int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, - int namelen) +int +PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen) { if (X509at_add1_attr_by_NID(&bag->attrib, NID_localKeyID, - V_ASN1_OCTET_STRING, name, namelen)) + V_ASN1_OCTET_STRING, name, namelen)) return 1; - else + else return 0; } /* Add key usage to PKCS#8 structure */ -int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage) +int +PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage) { - unsigned char us_val; - us_val = (unsigned char) usage; - if (X509at_add1_attr_by_NID(&p8->attributes, NID_key_usage, - V_ASN1_BIT_STRING, &us_val, 1)) - return 1; - else - return 0; + unsigned char us_val = (unsigned char)usage; + + return PKCS8_pkey_add1_attr_by_NID(p8, NID_key_usage, V_ASN1_BIT_STRING, + &us_val, 1); } /* Add a friendlyname to a safebag */ -int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name, - int namelen) +int +PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name, int namelen) { if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName, - MBSTRING_ASC, (unsigned char *)name, namelen)) + MBSTRING_ASC, (unsigned char *)name, namelen)) return 1; else return 0; } -int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, - const unsigned char *name, int namelen) +int +PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, const unsigned char *name, + int namelen) { if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName, - MBSTRING_BMP, name, namelen)) + MBSTRING_BMP, name, namelen)) return 1; else return 0; } -int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, - int namelen) +int +PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, int namelen) { if (X509at_add1_attr_by_NID(&bag->attrib, NID_ms_csp_name, - MBSTRING_ASC, (unsigned char *)name, namelen)) + MBSTRING_ASC, (unsigned char *)name, namelen)) return 1; else return 0; } -ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid) +ASN1_TYPE * +PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid) { X509_ATTRIBUTE *attrib; int i; - if (!attrs) return NULL; + + if (!attrs) + return NULL; for (i = 0; i < sk_X509_ATTRIBUTE_num (attrs); i++) { attrib = sk_X509_ATTRIBUTE_value (attrs, i); if (OBJ_obj2nid (attrib->object) == attr_nid) { if (sk_ASN1_TYPE_num (attrib->value.set)) - return sk_ASN1_TYPE_value(attrib->value.set, 0); - else return NULL; + return sk_ASN1_TYPE_value(attrib->value.set, 0); + else + return NULL; } } return NULL; } -char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag) +char * +PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag) { ASN1_TYPE *atype; - if (!(atype = PKCS12_get_attr(bag, NID_friendlyName))) return NULL; - if (atype->type != V_ASN1_BMPSTRING) return NULL; - return uni2asc(atype->value.bmpstring->data, - atype->value.bmpstring->length); -} + if (!(atype = PKCS12_get_attr(bag, NID_friendlyName))) + return NULL; + if (atype->type != V_ASN1_BMPSTRING) + return NULL; + return OPENSSL_uni2asc(atype->value.bmpstring->data, + atype->value.bmpstring->length); +} diff --git a/src/lib/libcrypto/pkcs12/p12_crpt.c b/src/lib/libcrypto/pkcs12/p12_crpt.c index 97be6a5fb53..d1f7d71fd3a 100644 --- a/src/lib/libcrypto/pkcs12/p12_crpt.c +++ b/src/lib/libcrypto/pkcs12/p12_crpt.c @@ -1,5 +1,5 @@ -/* p12_crpt.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: p12_crpt.c,v 1.14 2017/01/29 17:49:23 beck Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,68 +57,65 @@ */ #include -#include "cryptlib.h" +#include + +#include #include -/* PKCS#12 specific PBE functions */ +/* PKCS#12 PBE algorithms now in static table */ -void PKCS12_PBE_add(void) +void +PKCS12_PBE_add(void) { -#ifndef OPENSSL_NO_RC4 -EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC4, EVP_rc4(), EVP_sha1(), - PKCS12_PBE_keyivgen); -EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC4, EVP_rc4_40(), EVP_sha1(), - PKCS12_PBE_keyivgen); -#endif -#ifndef OPENSSL_NO_DES -EVP_PBE_alg_add(NID_pbe_WithSHA1And3_Key_TripleDES_CBC, - EVP_des_ede3_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen); -EVP_PBE_alg_add(NID_pbe_WithSHA1And2_Key_TripleDES_CBC, - EVP_des_ede_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen); -#endif -#ifndef OPENSSL_NO_RC2 -EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC2_CBC, EVP_rc2_cbc(), - EVP_sha1(), PKCS12_PBE_keyivgen); -EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC2_CBC, EVP_rc2_40_cbc(), - EVP_sha1(), PKCS12_PBE_keyivgen); -#endif } -int PKCS12_PBE_keyivgen (EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de) +int +PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, + ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de) { PBEPARAM *pbe; - int saltlen, iter; - unsigned char *salt, *pbuf; + int saltlen, iter, ret; + unsigned char *salt; + const unsigned char *pbuf; unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH]; /* Extract useful info from parameter */ + if (param == NULL || param->type != V_ASN1_SEQUENCE || + param->value.sequence == NULL) { + PKCS12error(PKCS12_R_DECODE_ERROR); + return 0; + } + pbuf = param->value.sequence->data; - if (!param || (param->type != V_ASN1_SEQUENCE) || - !(pbe = d2i_PBEPARAM (NULL, &pbuf, param->value.sequence->length))) { - EVPerr(PKCS12_F_PKCS12_PBE_KEYIVGEN,EVP_R_DECODE_ERROR); + if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) { + PKCS12error(PKCS12_R_DECODE_ERROR); return 0; } - if (!pbe->iter) iter = 1; - else iter = ASN1_INTEGER_get (pbe->iter); + if (!pbe->iter) + iter = 1; + else if ((iter = ASN1_INTEGER_get(pbe->iter)) <= 0) { + PKCS12error(PKCS12_R_DECODE_ERROR); + PBEPARAM_free(pbe); + return 0; + } salt = pbe->salt->data; saltlen = pbe->salt->length; if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_KEY_ID, - iter, EVP_CIPHER_key_length(cipher), key, md)) { - PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_KEY_GEN_ERROR); + iter, EVP_CIPHER_key_length(cipher), key, md)) { + PKCS12error(PKCS12_R_KEY_GEN_ERROR); PBEPARAM_free(pbe); return 0; } if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_IV_ID, - iter, EVP_CIPHER_iv_length(cipher), iv, md)) { - PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_IV_GEN_ERROR); + iter, EVP_CIPHER_iv_length(cipher), iv, md)) { + PKCS12error(PKCS12_R_IV_GEN_ERROR); PBEPARAM_free(pbe); return 0; } PBEPARAM_free(pbe); - EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de); - memset(key, 0, EVP_MAX_KEY_LENGTH); - memset(iv, 0, EVP_MAX_IV_LENGTH); - return 1; + ret = EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de); + explicit_bzero(key, EVP_MAX_KEY_LENGTH); + explicit_bzero(iv, EVP_MAX_IV_LENGTH); + return ret; } diff --git a/src/lib/libcrypto/pkcs12/p12_crt.c b/src/lib/libcrypto/pkcs12/p12_crt.c index 4c36c643ce6..f8ba3357e7d 100644 --- a/src/lib/libcrypto/pkcs12/p12_crt.c +++ b/src/lib/libcrypto/pkcs12/p12_crt.c @@ -1,16 +1,16 @@ -/* p12_crt.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 1999. +/* $OpenBSD: p12_crt.c,v 1.18 2018/05/13 13:46:55 tb Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,108 +57,293 @@ */ #include -#include "cryptlib.h" + +#include #include -PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, - STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter, - int keytype) +static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, + PKCS12_SAFEBAG *bag); + +static int +copy_bag_attr(PKCS12_SAFEBAG *bag, EVP_PKEY *pkey, int nid) { - PKCS12 *p12; - STACK_OF(PKCS12_SAFEBAG) *bags; - STACK_OF(PKCS7) *safes; - PKCS12_SAFEBAG *bag; - PKCS8_PRIV_KEY_INFO *p8; - PKCS7 *authsafe; - X509 *tcert; + int idx; + X509_ATTRIBUTE *attr; + + idx = EVP_PKEY_get_attr_by_NID(pkey, nid, -1); + if (idx < 0) + return 1; + attr = EVP_PKEY_get_attr(pkey, idx); + if (!X509at_add1_attr(&bag->attrib, attr)) + return 0; + return 1; +} + +PKCS12 * +PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, X509 *cert, + STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter, + int keytype) +{ + PKCS12 *p12 = NULL; + STACK_OF(PKCS7) *safes = NULL; + STACK_OF(PKCS12_SAFEBAG) *bags = NULL; + PKCS12_SAFEBAG *bag = NULL; int i; unsigned char keyid[EVP_MAX_MD_SIZE]; - unsigned int keyidlen; + unsigned int keyidlen = 0; /* Set defaults */ - if(!nid_cert) nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC; - if(!nid_key) nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; - if(!iter) iter = PKCS12_DEFAULT_ITER; - if(!mac_iter) mac_iter = 1; - - if(!pkey || !cert) { - PKCS12err(PKCS12_F_PKCS12_CREATE,PKCS12_R_INVALID_NULL_ARGUMENT); - return NULL; + if (!nid_cert) { + nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC; } + if (!nid_key) + nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; + if (!iter) + iter = PKCS12_DEFAULT_ITER; + if (!mac_iter) + mac_iter = 1; - if(!X509_check_private_key(cert, pkey)) return NULL; - - if(!(bags = sk_PKCS12_SAFEBAG_new_null ())) { - PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); + if (!pkey && !cert && !ca) { + PKCS12error(PKCS12_R_INVALID_NULL_ARGUMENT); return NULL; } - /* Add user certificate */ - if(!(bag = PKCS12_x5092certbag(cert))) return NULL; - if(name && !PKCS12_add_friendlyname(bag, name, -1)) return NULL; - X509_digest(cert, EVP_sha1(), keyid, &keyidlen); - if(!PKCS12_add_localkeyid(bag, keyid, keyidlen)) return NULL; + if (pkey && cert) { + if (!X509_check_private_key(cert, pkey)) + return NULL; + X509_digest(cert, EVP_sha1(), keyid, &keyidlen); + } - if(!sk_PKCS12_SAFEBAG_push(bags, bag)) { - PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); - return NULL; + if (cert) { + bag = PKCS12_add_cert(&bags, cert); + if (name && !PKCS12_add_friendlyname(bag, name, -1)) + goto err; + if (keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen)) + goto err; } - + /* Add all other certificates */ - if(ca) { - for(i = 0; i < sk_X509_num(ca); i++) { - tcert = sk_X509_value(ca, i); - if(!(bag = PKCS12_x5092certbag(tcert))) return NULL; - if(!sk_PKCS12_SAFEBAG_push(bags, bag)) { - PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); - return NULL; - } - } + for (i = 0; i < sk_X509_num(ca); i++) { + if (!PKCS12_add_cert(&bags, sk_X509_value(ca, i))) + goto err; } - /* Turn certbags into encrypted authsafe */ - authsafe = PKCS12_pack_p7encdata (nid_cert, pass, -1, NULL, 0, - iter, bags); + if (bags && !PKCS12_add_safe(&safes, bags, nid_cert, iter, pass)) + goto err; + sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); + bags = NULL; - if (!authsafe) return NULL; + if (pkey) { + bag = PKCS12_add_key(&bags, pkey, keytype, iter, nid_key, pass); - if(!(safes = sk_PKCS7_new_null ()) - || !sk_PKCS7_push(safes, authsafe)) { - PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); - return NULL; - } + if (!bag) + goto err; - /* Make a shrouded key bag */ - if(!(p8 = EVP_PKEY2PKCS8 (pkey))) return NULL; - if(keytype && !PKCS8_add_keyusage(p8, keytype)) return NULL; - bag = PKCS12_MAKE_SHKEYBAG (nid_key, pass, -1, NULL, 0, iter, p8); - if(!bag) return NULL; - PKCS8_PRIV_KEY_INFO_free(p8); - if (name && !PKCS12_add_friendlyname (bag, name, -1)) return NULL; - if(!PKCS12_add_localkeyid (bag, keyid, keyidlen)) return NULL; - if(!(bags = sk_PKCS12_SAFEBAG_new_null()) - || !sk_PKCS12_SAFEBAG_push (bags, bag)) { - PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); - return NULL; + if (!copy_bag_attr(bag, pkey, NID_ms_csp_name)) + goto err; + if (!copy_bag_attr(bag, pkey, NID_LocalKeySet)) + goto err; + + if (name && !PKCS12_add_friendlyname(bag, name, -1)) + goto err; + if (keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen)) + goto err; } - /* Turn it into unencrypted safe bag */ - if(!(authsafe = PKCS12_pack_p7data (bags))) return NULL; + + if (bags && !PKCS12_add_safe(&safes, bags, -1, 0, NULL)) + goto err; + sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); - if(!sk_PKCS7_push(safes, authsafe)) { - PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); - return NULL; - } + bags = NULL; - if(!(p12 = PKCS12_init (NID_pkcs7_data))) return NULL; + p12 = PKCS12_add_safes(safes, 0); - if(!PKCS12_pack_authsafes (p12, safes)) return NULL; + if (!p12) + goto err; sk_PKCS7_pop_free(safes, PKCS7_free); - if(!PKCS12_set_mac (p12, pass, -1, NULL, 0, mac_iter, NULL)) - return NULL; + safes = NULL; + + if ((mac_iter != -1) && + !PKCS12_set_mac(p12, pass, -1, NULL, 0, mac_iter, NULL)) + goto err; return p12; +err: + if (p12) + PKCS12_free(p12); + if (safes) + sk_PKCS7_pop_free(safes, PKCS7_free); + if (bags) + sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); + return NULL; +} + +PKCS12_SAFEBAG * +PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert) +{ + PKCS12_SAFEBAG *bag = NULL; + char *name; + int namelen = -1; + unsigned char *keyid; + int keyidlen = -1; + + /* Add user certificate */ + if (!(bag = PKCS12_x5092certbag(cert))) + goto err; + + /* Use friendlyName and localKeyID in certificate. + * (if present) + */ + name = (char *)X509_alias_get0(cert, &namelen); + if (name && !PKCS12_add_friendlyname(bag, name, namelen)) + goto err; + + keyid = X509_keyid_get0(cert, &keyidlen); + + if (keyid && !PKCS12_add_localkeyid(bag, keyid, keyidlen)) + goto err; + + if (!pkcs12_add_bag(pbags, bag)) + goto err; + + return bag; + +err: + if (bag) + PKCS12_SAFEBAG_free(bag); + + return NULL; +} + +PKCS12_SAFEBAG * +PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key, int key_usage, + int iter, int nid_key, const char *pass) +{ + PKCS12_SAFEBAG *bag = NULL; + PKCS8_PRIV_KEY_INFO *p8 = NULL; + + /* Make a PKCS#8 structure */ + if (!(p8 = EVP_PKEY2PKCS8(key))) + goto err; + if (key_usage && !PKCS8_add_keyusage(p8, key_usage)) + goto err; + if (nid_key != -1) { + bag = PKCS12_MAKE_SHKEYBAG(nid_key, pass, -1, NULL, 0, + iter, p8); + PKCS8_PRIV_KEY_INFO_free(p8); + p8 = NULL; + } else { + bag = PKCS12_MAKE_KEYBAG(p8); + if (bag != NULL) + p8 = NULL; + } + + if (!bag) + goto err; + + if (!pkcs12_add_bag(pbags, bag)) + goto err; + + return bag; + +err: + if (bag) + PKCS12_SAFEBAG_free(bag); + if (p8) + PKCS8_PRIV_KEY_INFO_free(p8); + + return NULL; +} + +int +PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, + int nid_safe, int iter, const char *pass) +{ + PKCS7 *p7 = NULL; + int free_safes = 0; + + if (!*psafes) { + *psafes = sk_PKCS7_new_null(); + if (!*psafes) + return 0; + free_safes = 1; + } else + free_safes = 0; + + if (nid_safe == 0) + nid_safe = NID_pbe_WithSHA1And40BitRC2_CBC; + + if (nid_safe == -1) + p7 = PKCS12_pack_p7data(bags); + else + p7 = PKCS12_pack_p7encdata(nid_safe, pass, -1, NULL, 0, + iter, bags); + if (!p7) + goto err; + + if (!sk_PKCS7_push(*psafes, p7)) + goto err; + + return 1; + +err: + if (free_safes) { + sk_PKCS7_free(*psafes); + *psafes = NULL; + } + + if (p7) + PKCS7_free(p7); + + return 0; +} + +static int +pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag) +{ + int free_bags; + + if (!pbags) + return 1; + if (!*pbags) { + *pbags = sk_PKCS12_SAFEBAG_new_null(); + if (!*pbags) + return 0; + free_bags = 1; + } else + free_bags = 0; + + if (!sk_PKCS12_SAFEBAG_push(*pbags, bag)) { + if (free_bags) { + sk_PKCS12_SAFEBAG_free(*pbags); + *pbags = NULL; + } + return 0; + } + + return 1; +} + +PKCS12 * +PKCS12_add_safes(STACK_OF(PKCS7) *safes, int nid_p7) +{ + PKCS12 *p12; + + if (nid_p7 <= 0) + nid_p7 = NID_pkcs7_data; + p12 = PKCS12_init(nid_p7); + + if (!p12) + return NULL; + + if (!PKCS12_pack_authsafes(p12, safes)) { + PKCS12_free(p12); + return NULL; + } + + return p12; } diff --git a/src/lib/libcrypto/pkcs12/p12_decr.c b/src/lib/libcrypto/pkcs12/p12_decr.c index 394af368f4d..1ef5c4a8986 100644 --- a/src/lib/libcrypto/pkcs12/p12_decr.c +++ b/src/lib/libcrypto/pkcs12/p12_decr.c @@ -1,5 +1,5 @@ -/* p12_decr.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: p12_decr.c,v 1.19 2018/05/13 14:22:34 tb Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,20 +57,19 @@ */ #include -#include "cryptlib.h" -#include - -/* Define this to dump decrypted output to files called DERnnn */ -/*#define DEBUG_DECRYPT*/ +#include +#include +#include /* Encrypt/Decrypt a buffer based on password and algor, result in a - * OPENSSL_malloc'ed buffer + * malloc'ed buffer */ -unsigned char * PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass, - int passlen, unsigned char *in, int inlen, unsigned char **data, - int *datalen, int en_de) +unsigned char * +PKCS12_pbe_crypt(const X509_ALGOR *algor, const char *pass, int passlen, + const unsigned char *in, int inlen, unsigned char **data, int *datalen, + int en_de) { unsigned char *out; int outlen, i; @@ -78,99 +77,108 @@ unsigned char * PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass, EVP_CIPHER_CTX_init(&ctx); /* Decrypt data */ - if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen, - algor->parameter, &ctx, en_de)) { - PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR); - return NULL; + if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen, + algor->parameter, &ctx, en_de)) { + out = NULL; + PKCS12error(PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR); + goto err; } - if(!(out = OPENSSL_malloc(inlen + EVP_CIPHER_CTX_block_size(&ctx)))) { - PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,ERR_R_MALLOC_FAILURE); + if (!(out = malloc(inlen + EVP_CIPHER_CTX_block_size(&ctx)))) { + PKCS12error(ERR_R_MALLOC_FAILURE); + goto err; + } + + if (!EVP_CipherUpdate(&ctx, out, &i, in, inlen)) { + free(out); + out = NULL; + PKCS12error(ERR_R_EVP_LIB); goto err; } - EVP_CipherUpdate(&ctx, out, &i, in, inlen); outlen = i; - if(!EVP_CipherFinal_ex(&ctx, out + i, &i)) { - OPENSSL_free(out); + if (!EVP_CipherFinal_ex(&ctx, out + i, &i)) { + free(out); out = NULL; - PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,PKCS12_R_PKCS12_CIPHERFINAL_ERROR); + PKCS12error(PKCS12_R_PKCS12_CIPHERFINAL_ERROR); goto err; } outlen += i; - if (datalen) *datalen = outlen; - if (data) *data = out; - err: + if (datalen) + *datalen = outlen; + if (data) + *data = out; + +err: EVP_CIPHER_CTX_cleanup(&ctx); return out; } -/* Decrypt an OCTET STRING and decode ASN1 structure +/* Decrypt an OCTET STRING and decode ASN1 structure * if zbuf set zero buffer after use. */ -void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it, - const char *pass, int passlen, ASN1_OCTET_STRING *oct, int zbuf) +void * +PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it, + const char *pass, int passlen, const ASN1_OCTET_STRING *oct, int zbuf) { - unsigned char *out, *p; + unsigned char *out; + const unsigned char *p; void *ret; int outlen; if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length, - &out, &outlen, 0)) { - PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_PKCS12_PBE_CRYPT_ERROR); + &out, &outlen, 0)) { + PKCS12error(PKCS12_R_PKCS12_PBE_CRYPT_ERROR); return NULL; } p = out; -#ifdef DEBUG_DECRYPT - { - FILE *op; - - char fname[30]; - static int fnm = 1; - sprintf(fname, "DER%d", fnm++); - op = fopen(fname, "wb"); - fwrite (p, 1, outlen, op); - fclose(op); - } -#endif ret = ASN1_item_d2i(NULL, &p, outlen, it); - if (zbuf) memset(out, 0, outlen); - if(!ret) PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_DECODE_ERROR); - OPENSSL_free(out); + if (zbuf) + explicit_bzero(out, outlen); + if (!ret) + PKCS12error(PKCS12_R_DECODE_ERROR); + free(out); return ret; } -/* Encode ASN1 structure and encrypt, return OCTET STRING +/* Encode ASN1 structure and encrypt, return OCTET STRING * if zbuf set zero encoding. */ -ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it, - const char *pass, int passlen, - void *obj, int zbuf) +ASN1_OCTET_STRING * +PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it, + const char *pass, int passlen, + void *obj, int zbuf) { ASN1_OCTET_STRING *oct; unsigned char *in = NULL; int inlen; - if (!(oct = M_ASN1_OCTET_STRING_new ())) { - PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,ERR_R_MALLOC_FAILURE); + + if (!(oct = ASN1_OCTET_STRING_new ())) { + PKCS12error(ERR_R_MALLOC_FAILURE); return NULL; } inlen = ASN1_item_i2d(obj, &in, it); if (!in) { - PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,PKCS12_R_ENCODE_ERROR); - return NULL; + PKCS12error(PKCS12_R_ENCODE_ERROR); + goto err; } if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data, - &oct->length, 1)) { - PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,PKCS12_R_ENCRYPT_ERROR); - OPENSSL_free(in); - return NULL; + &oct->length, 1)) { + PKCS12error(PKCS12_R_ENCRYPT_ERROR); + goto err; } - if (zbuf) memset(in, 0, inlen); - OPENSSL_free(in); + if (zbuf) + explicit_bzero(in, inlen); + free(in); return oct; + +err: + free(in); + ASN1_OCTET_STRING_free(oct); + return NULL; } IMPLEMENT_PKCS12_STACK_OF(PKCS7) diff --git a/src/lib/libcrypto/pkcs12/p12_init.c b/src/lib/libcrypto/pkcs12/p12_init.c index eb837a78cf7..637c430bf47 100644 --- a/src/lib/libcrypto/pkcs12/p12_init.c +++ b/src/lib/libcrypto/pkcs12/p12_init.c @@ -1,5 +1,5 @@ -/* p12_init.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: p12_init.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,34 +57,40 @@ */ #include -#include "cryptlib.h" + +#include #include /* Initialise a PKCS12 structure to take data */ -PKCS12 *PKCS12_init (int mode) +PKCS12 * +PKCS12_init(int mode) { PKCS12 *pkcs12; + if (!(pkcs12 = PKCS12_new())) { - PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE); + PKCS12error(ERR_R_MALLOC_FAILURE); return NULL; } ASN1_INTEGER_set(pkcs12->version, 3); pkcs12->authsafes->type = OBJ_nid2obj(mode); switch (mode) { - case NID_pkcs7_data: - if (!(pkcs12->authsafes->d.data = - M_ASN1_OCTET_STRING_new())) { - PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE); - return NULL; + case NID_pkcs7_data: + if (!(pkcs12->authsafes->d.data = + ASN1_OCTET_STRING_new())) { + PKCS12error(ERR_R_MALLOC_FAILURE); + goto err; } break; - default: - PKCS12err(PKCS12_F_PKCS12_INIT,PKCS12_R_UNSUPPORTED_PKCS12_MODE); - PKCS12_free(pkcs12); - return NULL; - break; + default: + PKCS12error(PKCS12_R_UNSUPPORTED_PKCS12_MODE); + goto err; } - + return pkcs12; + +err: + if (pkcs12 != NULL) + PKCS12_free(pkcs12); + return NULL; } diff --git a/src/lib/libcrypto/pkcs12/p12_key.c b/src/lib/libcrypto/pkcs12/p12_key.c index 0d39ebde8c8..d419a9d8359 100644 --- a/src/lib/libcrypto/pkcs12/p12_key.c +++ b/src/lib/libcrypto/pkcs12/p12_key.c @@ -1,5 +1,5 @@ -/* p12_key.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: p12_key.c,v 1.26 2017/05/02 03:59:45 deraadt Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,150 +57,141 @@ */ #include -#include "cryptlib.h" -#include - +#include -/* Uncomment out this line to get debugging info about key generation */ -/*#define DEBUG_KEYGEN*/ -#ifdef DEBUG_KEYGEN -#include -extern BIO *bio_err; -void h__dump (unsigned char *p, int len); -#endif +#include +#include +#include /* PKCS12 compatible key/IV generation */ #ifndef min #define min(a,b) ((a) < (b) ? (a) : (b)) #endif -int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, - int saltlen, int id, int iter, int n, unsigned char *out, - const EVP_MD *md_type) +int +PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, + int saltlen, int id, int iter, int n, unsigned char *out, + const EVP_MD *md_type) { int ret; unsigned char *unipass; int uniplen; - if(!pass) { + + if (!pass) { unipass = NULL; uniplen = 0; - } else if (!asc2uni(pass, passlen, &unipass, &uniplen)) { - PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC,ERR_R_MALLOC_FAILURE); + } else if (!OPENSSL_asc2uni(pass, passlen, &unipass, &uniplen)) { + PKCS12error(ERR_R_MALLOC_FAILURE); return 0; } ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen, - id, iter, n, out, md_type); - if(unipass) { - memset(unipass, 0, uniplen); /* Clear password from memory */ - OPENSSL_free(unipass); - } + id, iter, n, out, md_type); + if (ret <= 0) + return 0; + freezero(unipass, uniplen); return ret; } -int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, - int saltlen, int id, int iter, int n, unsigned char *out, - const EVP_MD *md_type) +int +PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, + int saltlen, int id, int iter, int n, unsigned char *out, + const EVP_MD *md_type) { unsigned char *B, *D, *I, *p, *Ai; int Slen, Plen, Ilen, Ijlen; int i, j, u, v; + int ret = 0; BIGNUM *Ij, *Bpl1; /* These hold Ij and B + 1 */ EVP_MD_CTX ctx; -#ifdef DEBUG_KEYGEN - unsigned char *tmpout = out; - int tmpn = n; -#endif -#if 0 - if (!pass) { - PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_PASSED_NULL_PARAMETER); + v = EVP_MD_block_size(md_type); + u = EVP_MD_size(md_type); + if (u < 0) return 0; - } -#endif EVP_MD_CTX_init(&ctx); -#ifdef DEBUG_KEYGEN - fprintf(stderr, "KEYGEN DEBUG\n"); - fprintf(stderr, "ID %d, ITER %d\n", id, iter); - fprintf(stderr, "Password (length %d):\n", passlen); - h__dump(pass, passlen); - fprintf(stderr, "Salt (length %d):\n", saltlen); - h__dump(salt, saltlen); -#endif - v = EVP_MD_block_size (md_type); - u = EVP_MD_size (md_type); - D = OPENSSL_malloc (v); - Ai = OPENSSL_malloc (u); - B = OPENSSL_malloc (v + 1); - Slen = v * ((saltlen+v-1)/v); - if(passlen) Plen = v * ((passlen+v-1)/v); - else Plen = 0; + D = malloc(v); + Ai = malloc(u); + B = malloc(v + 1); + Slen = v * ((saltlen + v - 1) / v); + if (passlen) + Plen = v * ((passlen + v - 1)/v); + else + Plen = 0; Ilen = Slen + Plen; - I = OPENSSL_malloc (Ilen); + I = malloc(Ilen); Ij = BN_new(); Bpl1 = BN_new(); - if (!D || !Ai || !B || !I || !Ij || !Bpl1) { - PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_MALLOC_FAILURE); - return 0; - } - for (i = 0; i < v; i++) D[i] = id; + if (!D || !Ai || !B || !I || !Ij || !Bpl1) + goto err; + for (i = 0; i < v; i++) + D[i] = id; p = I; - for (i = 0; i < Slen; i++) *p++ = salt[i % saltlen]; - for (i = 0; i < Plen; i++) *p++ = pass[i % passlen]; + for (i = 0; i < Slen; i++) + *p++ = salt[i % saltlen]; + for (i = 0; i < Plen; i++) + *p++ = pass[i % passlen]; for (;;) { - EVP_DigestInit_ex(&ctx, md_type, NULL); - EVP_DigestUpdate(&ctx, D, v); - EVP_DigestUpdate(&ctx, I, Ilen); - EVP_DigestFinal_ex(&ctx, Ai, NULL); + if (!EVP_DigestInit_ex(&ctx, md_type, NULL) || + !EVP_DigestUpdate(&ctx, D, v) || + !EVP_DigestUpdate(&ctx, I, Ilen) || + !EVP_DigestFinal_ex(&ctx, Ai, NULL)) + goto err; for (j = 1; j < iter; j++) { - EVP_DigestInit_ex(&ctx, md_type, NULL); - EVP_DigestUpdate(&ctx, Ai, u); - EVP_DigestFinal_ex(&ctx, Ai, NULL); + if (!EVP_DigestInit_ex(&ctx, md_type, NULL) || + !EVP_DigestUpdate(&ctx, Ai, u) || + !EVP_DigestFinal_ex(&ctx, Ai, NULL)) + goto err; } memcpy (out, Ai, min (n, u)); if (u >= n) { - OPENSSL_free (Ai); - OPENSSL_free (B); - OPENSSL_free (D); - OPENSSL_free (I); - BN_free (Ij); - BN_free (Bpl1); - EVP_MD_CTX_cleanup(&ctx); -#ifdef DEBUG_KEYGEN - fprintf(stderr, "Output KEY (length %d)\n", tmpn); - h__dump(tmpout, tmpn); -#endif - return 1; + ret = 1; + goto end; } n -= u; out += u; - for (j = 0; j < v; j++) B[j] = Ai[j % u]; + for (j = 0; j < v; j++) + B[j] = Ai[j % u]; /* Work out B + 1 first then can use B as tmp space */ - BN_bin2bn (B, v, Bpl1); - BN_add_word (Bpl1, 1); - for (j = 0; j < Ilen ; j+=v) { - BN_bin2bn (I + j, v, Ij); - BN_add (Ij, Ij, Bpl1); - BN_bn2bin (Ij, B); + if (!BN_bin2bn (B, v, Bpl1)) + goto err; + if (!BN_add_word (Bpl1, 1)) + goto err; + for (j = 0; j < Ilen; j += v) { + if (!BN_bin2bn(I + j, v, Ij)) + goto err; + if (!BN_add(Ij, Ij, Bpl1)) + goto err; + if (!BN_bn2bin(Ij, B)) + goto err; Ijlen = BN_num_bytes (Ij); /* If more than 2^(v*8) - 1 cut off MSB */ if (Ijlen > v) { - BN_bn2bin (Ij, B); + if (!BN_bn2bin (Ij, B)) + goto err; memcpy (I + j, B + 1, v); #ifndef PKCS12_BROKEN_KEYGEN - /* If less than v bytes pad with zeroes */ + /* If less than v bytes pad with zeroes */ } else if (Ijlen < v) { memset(I + j, 0, v - Ijlen); - BN_bn2bin(Ij, I + j + v - Ijlen); + if (!BN_bn2bin(Ij, I + j + v - Ijlen)) + goto err; #endif - } else BN_bn2bin (Ij, I + j); + } else if (!BN_bn2bin (Ij, I + j)) + goto err; } } + +err: + PKCS12error(ERR_R_MALLOC_FAILURE); + +end: + free(Ai); + free(B); + free(D); + free(I); + BN_free(Ij); + BN_free(Bpl1); + EVP_MD_CTX_cleanup(&ctx); + return ret; } -#ifdef DEBUG_KEYGEN -void h__dump (unsigned char *p, int len) -{ - for (; len --; p++) fprintf(stderr, "%02X", *p); - fprintf(stderr, "\n"); -} -#endif diff --git a/src/lib/libcrypto/pkcs12/p12_kiss.c b/src/lib/libcrypto/pkcs12/p12_kiss.c index 885087ad00f..102ca3563bd 100644 --- a/src/lib/libcrypto/pkcs12/p12_kiss.c +++ b/src/lib/libcrypto/pkcs12/p12_kiss.c @@ -1,5 +1,5 @@ -/* p12_kiss.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: p12_kiss.c,v 1.19 2017/01/29 17:49:23 beck Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,22 +57,20 @@ */ #include -#include "cryptlib.h" + +#include #include /* Simplified PKCS#12 routines */ static int parse_pk12( PKCS12 *p12, const char *pass, int passlen, - EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca); + EVP_PKEY **pkey, STACK_OF(X509) *ocerts); static int parse_bags( STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, - int passlen, EVP_PKEY **pkey, X509 **cert, - STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid, - char *keymatch); + int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts); static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen, - EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca, - ASN1_OCTET_STRING **keyid, char *keymatch); + EVP_PKEY **pkey, STACK_OF(X509) *ocerts); /* Parse and decrypt a PKCS#12 structure returning user key, user cert * and other (CA) certs. Note either ca should be NULL, *ca should be NULL, @@ -80,27 +78,23 @@ static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen, * passed unitialised. */ -int PKCS12_parse (PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, - STACK_OF(X509) **ca) +int +PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, + STACK_OF(X509) **ca) { - + STACK_OF(X509) *ocerts = NULL; + X509 *x = NULL; /* Check for NULL PKCS12 structure */ - if(!p12) { - PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_INVALID_NULL_PKCS12_POINTER); + if (!p12) { + PKCS12error(PKCS12_R_INVALID_NULL_PKCS12_POINTER); return 0; } - /* Allocate stack for ca certificates if needed */ - if ((ca != NULL) && (*ca == NULL)) { - if (!(*ca = sk_X509_new_null())) { - PKCS12err(PKCS12_F_PKCS12_PARSE,ERR_R_MALLOC_FAILURE); - return 0; - } - } - - if(pkey) *pkey = NULL; - if(cert) *cert = NULL; + if (pkey) + *pkey = NULL; + if (cert) + *cert = NULL; /* Check the mac */ @@ -110,48 +104,81 @@ int PKCS12_parse (PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, * password are two different things... */ - if(!pass || !*pass) { - if(PKCS12_verify_mac(p12, NULL, 0)) pass = NULL; - else if(PKCS12_verify_mac(p12, "", 0)) pass = ""; + if (!pass || !*pass) { + if (PKCS12_verify_mac(p12, NULL, 0)) + pass = NULL; + else if (PKCS12_verify_mac(p12, "", 0)) + pass = ""; else { - PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_MAC_VERIFY_FAILURE); + PKCS12error(PKCS12_R_MAC_VERIFY_FAILURE); goto err; } } else if (!PKCS12_verify_mac(p12, pass, -1)) { - PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_MAC_VERIFY_FAILURE); + PKCS12error(PKCS12_R_MAC_VERIFY_FAILURE); goto err; } - if (!parse_pk12 (p12, pass, -1, pkey, cert, ca)) - { - PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_PARSE_ERROR); + /* Allocate stack for other certificates */ + ocerts = sk_X509_new_null(); + if (!ocerts) { + PKCS12error(ERR_R_MALLOC_FAILURE); + return 0; + } + + if (!parse_pk12 (p12, pass, -1, pkey, ocerts)) { + PKCS12error(PKCS12_R_PARSE_ERROR); goto err; + } + + while ((x = sk_X509_pop(ocerts))) { + if (pkey && *pkey && cert && !*cert) { + if (X509_check_private_key(x, *pkey)) { + *cert = x; + x = NULL; + } } - return 1; + if (ca && x) { + if (!*ca) + *ca = sk_X509_new_null(); + if (!*ca) + goto err; + if (!sk_X509_push(*ca, x)) + goto err; + x = NULL; + } + X509_free(x); + } - err: + if (ocerts) + sk_X509_pop_free(ocerts, X509_free); - if (pkey && *pkey) EVP_PKEY_free(*pkey); - if (cert && *cert) X509_free(*cert); - if (ca) sk_X509_pop_free(*ca, X509_free); - return 0; + return 1; +err: + if (pkey && *pkey) + EVP_PKEY_free(*pkey); + if (cert) + X509_free(*cert); + X509_free(x); + if (ocerts) + sk_X509_pop_free(ocerts, X509_free); + return 0; } /* Parse the outer PKCS#12 structure */ -static int parse_pk12 (PKCS12 *p12, const char *pass, int passlen, - EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca) +static int +parse_pk12(PKCS12 *p12, const char *pass, int passlen, EVP_PKEY **pkey, + STACK_OF(X509) *ocerts) { STACK_OF(PKCS7) *asafes; STACK_OF(PKCS12_SAFEBAG) *bags; int i, bagnid; PKCS7 *p7; - ASN1_OCTET_STRING *keyid = NULL; - char keymatch = 0; - if (!(asafes = PKCS12_unpack_authsafes (p12))) return 0; + if (!(asafes = PKCS12_unpack_authsafes (p12))) + return 0; for (i = 0; i < sk_PKCS7_num (asafes); i++) { p7 = sk_PKCS7_value (asafes, i); bagnid = OBJ_obj2nid (p7->type); @@ -159,13 +186,13 @@ static int parse_pk12 (PKCS12 *p12, const char *pass, int passlen, bags = PKCS12_unpack_p7data(p7); } else if (bagnid == NID_pkcs7_encrypted) { bags = PKCS12_unpack_p7encdata(p7, pass, passlen); - } else continue; + } else + continue; if (!bags) { sk_PKCS7_pop_free(asafes, PKCS7_free); return 0; } - if (!parse_bags(bags, pass, passlen, pkey, cert, ca, - &keyid, &keymatch)) { + if (!parse_bags(bags, pass, passlen, pkey, ocerts)) { sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); sk_PKCS7_pop_free(asafes, PKCS7_free); return 0; @@ -173,113 +200,96 @@ static int parse_pk12 (PKCS12 *p12, const char *pass, int passlen, sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); } sk_PKCS7_pop_free(asafes, PKCS7_free); - if (keyid) M_ASN1_OCTET_STRING_free(keyid); return 1; } - -static int parse_bags (STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, - int passlen, EVP_PKEY **pkey, X509 **cert, - STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid, - char *keymatch) +static int +parse_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, int passlen, + EVP_PKEY **pkey, STACK_OF(X509) *ocerts) { int i; + for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) { - if (!parse_bag(sk_PKCS12_SAFEBAG_value (bags, i), - pass, passlen, pkey, cert, ca, keyid, - keymatch)) return 0; + if (!parse_bag(sk_PKCS12_SAFEBAG_value(bags, i), pass, passlen, + pkey, ocerts)) + return 0; } return 1; } -#define MATCH_KEY 0x1 -#define MATCH_CERT 0x2 -#define MATCH_ALL 0x3 - -static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, - EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca, - ASN1_OCTET_STRING **keyid, - char *keymatch) +static int +parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, EVP_PKEY **pkey, + STACK_OF(X509) *ocerts) { PKCS8_PRIV_KEY_INFO *p8; X509 *x509; - ASN1_OCTET_STRING *lkey = NULL, *ckid = NULL; ASN1_TYPE *attrib; ASN1_BMPSTRING *fname = NULL; + ASN1_OCTET_STRING *lkid = NULL; if ((attrib = PKCS12_get_attr (bag, NID_friendlyName))) fname = attrib->value.bmpstring; - if ((attrib = PKCS12_get_attr (bag, NID_localKeyID))) { - lkey = attrib->value.octet_string; - ckid = lkey; - } + if ((attrib = PKCS12_get_attr (bag, NID_localKeyID))) + lkid = attrib->value.octet_string; - /* Check for any local key id matching (if needed) */ - if (lkey && ((*keymatch & MATCH_ALL) != MATCH_ALL)) { - if (*keyid) { - if (M_ASN1_OCTET_STRING_cmp(*keyid, lkey)) lkey = NULL; - } else { - if (!(*keyid = M_ASN1_OCTET_STRING_dup(lkey))) { - PKCS12err(PKCS12_F_PARSE_BAGS,ERR_R_MALLOC_FAILURE); - return 0; - } - } - } - - switch (M_PKCS12_bag_type(bag)) - { + switch (OBJ_obj2nid(bag->type)) { case NID_keyBag: - if (!lkey || !pkey) return 1; - if (!(*pkey = EVP_PKCS82PKEY(bag->value.keybag))) return 0; - *keymatch |= MATCH_KEY; - break; + if (!pkey || *pkey) + return 1; + if (!(*pkey = EVP_PKCS82PKEY(bag->value.keybag))) + return 0; + break; case NID_pkcs8ShroudedKeyBag: - if (!lkey || !pkey) return 1; + if (!pkey || *pkey) + return 1; if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen))) - return 0; + return 0; *pkey = EVP_PKCS82PKEY(p8); PKCS8_PRIV_KEY_INFO_free(p8); - if (!(*pkey)) return 0; - *keymatch |= MATCH_KEY; - break; + if (!(*pkey)) + return 0; + break; case NID_certBag: - if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate ) - return 1; - if (!(x509 = PKCS12_certbag2x509(bag))) return 0; - if(ckid) X509_keyid_set1(x509, ckid->data, ckid->length); - if(fname) { - int len; + if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Certificate ) + return 1; + if (!(x509 = PKCS12_certbag2x509(bag))) + return 0; + if (lkid && !X509_keyid_set1(x509, lkid->data, lkid->length)) { + X509_free(x509); + return 0; + } + if (fname) { + int len, r; unsigned char *data; len = ASN1_STRING_to_UTF8(&data, fname); - if(len > 0) { - X509_alias_set1(x509, data, len); - OPENSSL_free(data); + if (len >= 0) { + r = X509_alias_set1(x509, data, len); + free(data); + if (!r) { + X509_free(x509); + return 0; + } } } - - if (lkey) { - *keymatch |= MATCH_CERT; - if (cert) *cert = x509; - else X509_free(x509); - } else { - if(ca) sk_X509_push (*ca, x509); - else X509_free(x509); + if (!sk_X509_push(ocerts, x509)) { + X509_free(x509); + return 0; } - break; + + break; case NID_safeContentsBag: return parse_bags(bag->value.safes, pass, passlen, - pkey, cert, ca, keyid, keymatch); - break; + pkey, ocerts); + break; default: return 1; - break; + break; } return 1; } - diff --git a/src/lib/libcrypto/pkcs12/p12_mutl.c b/src/lib/libcrypto/pkcs12/p12_mutl.c index 0fb67f74b8b..f3132ec75f6 100644 --- a/src/lib/libcrypto/pkcs12/p12_mutl.c +++ b/src/lib/libcrypto/pkcs12/p12_mutl.c @@ -1,5 +1,5 @@ -/* p12_mutl.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: p12_mutl.c,v 1.23 2017/01/29 17:49:23 beck Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -56,118 +56,150 @@ * */ -#ifndef OPENSSL_NO_HMAC #include -#include "cryptlib.h" +#include +#include + +#include + +#ifndef OPENSSL_NO_HMAC + +#include #include -#include #include /* Generate a MAC */ -int PKCS12_gen_mac (PKCS12 *p12, const char *pass, int passlen, - unsigned char *mac, unsigned int *maclen) +int +PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, + unsigned char *mac, unsigned int *maclen) { const EVP_MD *md_type; HMAC_CTX hmac; - unsigned char key[PKCS12_MAC_KEY_LENGTH], *salt; + unsigned char key[EVP_MAX_MD_SIZE], *salt; int saltlen, iter; + int md_size; + + if (!PKCS7_type_is_data(p12->authsafes)) { + PKCS12error(PKCS12_R_CONTENT_TYPE_NOT_DATA); + return 0; + } salt = p12->mac->salt->data; saltlen = p12->mac->salt->length; - if (!p12->mac->iter) iter = 1; - else iter = ASN1_INTEGER_get (p12->mac->iter); - if(!(md_type = - EVP_get_digestbyobj (p12->mac->dinfo->algor->algorithm))) { - PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_UNKNOWN_DIGEST_ALGORITHM); + if (!p12->mac->iter) + iter = 1; + else if ((iter = ASN1_INTEGER_get(p12->mac->iter)) <= 0) { + PKCS12error(PKCS12_R_DECODE_ERROR); + return 0; + } + if (!(md_type = EVP_get_digestbyobj( + p12->mac->dinfo->algor->algorithm))) { + PKCS12error(PKCS12_R_UNKNOWN_DIGEST_ALGORITHM); return 0; } - if(!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter, - PKCS12_MAC_KEY_LENGTH, key, md_type)) { - PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_KEY_GEN_ERROR); + md_size = EVP_MD_size(md_type); + if (md_size < 0) + return 0; + if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter, + md_size, key, md_type)) { + PKCS12error(PKCS12_R_KEY_GEN_ERROR); return 0; } HMAC_CTX_init(&hmac); - HMAC_Init_ex(&hmac, key, PKCS12_MAC_KEY_LENGTH, md_type, NULL); - HMAC_Update(&hmac, p12->authsafes->d.data->data, - p12->authsafes->d.data->length); - HMAC_Final(&hmac, mac, maclen); - HMAC_CTX_cleanup(&hmac); + if (!HMAC_Init_ex(&hmac, key, md_size, md_type, NULL) || + !HMAC_Update(&hmac, p12->authsafes->d.data->data, + p12->authsafes->d.data->length) || + !HMAC_Final(&hmac, mac, maclen)) { + HMAC_CTX_cleanup(&hmac); + return 0; + } + HMAC_CTX_cleanup(&hmac); return 1; } /* Verify the mac */ -int PKCS12_verify_mac (PKCS12 *p12, const char *pass, int passlen) +int +PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen) { unsigned char mac[EVP_MAX_MD_SIZE]; unsigned int maclen; - if(p12->mac == NULL) { - PKCS12err(PKCS12_F_VERIFY_MAC,PKCS12_R_MAC_ABSENT); + + if (p12->mac == NULL) { + PKCS12error(PKCS12_R_MAC_ABSENT); return 0; } - if (!PKCS12_gen_mac (p12, pass, passlen, mac, &maclen)) { - PKCS12err(PKCS12_F_VERIFY_MAC,PKCS12_R_MAC_GENERATION_ERROR); + if (!PKCS12_gen_mac(p12, pass, passlen, mac, &maclen)) { + PKCS12error(PKCS12_R_MAC_GENERATION_ERROR); return 0; } - if ((maclen != (unsigned int)p12->mac->dinfo->digest->length) - || memcmp (mac, p12->mac->dinfo->digest->data, maclen)) return 0; + if ((maclen != (unsigned int)p12->mac->dinfo->digest->length) || + memcmp(mac, p12->mac->dinfo->digest->data, maclen)) + return 0; return 1; } /* Set a mac */ -int PKCS12_set_mac (PKCS12 *p12, const char *pass, int passlen, - unsigned char *salt, int saltlen, int iter, const EVP_MD *md_type) +int +PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, unsigned char *salt, + int saltlen, int iter, const EVP_MD *md_type) { unsigned char mac[EVP_MAX_MD_SIZE]; unsigned int maclen; - if (!md_type) md_type = EVP_sha1(); - if (PKCS12_setup_mac (p12, iter, salt, saltlen, md_type) == - PKCS12_ERROR) { - PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_SETUP_ERROR); + if (!md_type) + md_type = EVP_sha1(); + if (PKCS12_setup_mac(p12, iter, salt, saltlen, md_type) == + PKCS12_ERROR) { + PKCS12error(PKCS12_R_MAC_SETUP_ERROR); return 0; } - if (!PKCS12_gen_mac (p12, pass, passlen, mac, &maclen)) { - PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_GENERATION_ERROR); + if (!PKCS12_gen_mac(p12, pass, passlen, mac, &maclen)) { + PKCS12error(PKCS12_R_MAC_GENERATION_ERROR); return 0; } - if (!(M_ASN1_OCTET_STRING_set (p12->mac->dinfo->digest, mac, maclen))) { - PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_STRING_SET_ERROR); - return 0; + if (!(ASN1_STRING_set(p12->mac->dinfo->digest, mac, maclen))) { + PKCS12error(PKCS12_R_MAC_STRING_SET_ERROR); + return 0; } return 1; } /* Set up a mac structure */ -int PKCS12_setup_mac (PKCS12 *p12, int iter, unsigned char *salt, int saltlen, - const EVP_MD *md_type) +int +PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, + const EVP_MD *md_type) { - if (!(p12->mac = PKCS12_MAC_DATA_new())) return PKCS12_ERROR; + if (!(p12->mac = PKCS12_MAC_DATA_new())) + return PKCS12_ERROR; if (iter > 1) { - if(!(p12->mac->iter = M_ASN1_INTEGER_new())) { - PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); + if (!(p12->mac->iter = ASN1_INTEGER_new())) { + PKCS12error(ERR_R_MALLOC_FAILURE); + return 0; + } + if (!ASN1_INTEGER_set(p12->mac->iter, iter)) { + PKCS12error(ERR_R_MALLOC_FAILURE); return 0; } - ASN1_INTEGER_set(p12->mac->iter, iter); } - if (!saltlen) saltlen = PKCS12_SALT_LEN; - p12->mac->salt->length = saltlen; - if (!(p12->mac->salt->data = OPENSSL_malloc (saltlen))) { - PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); + if (!saltlen) + saltlen = PKCS12_SALT_LEN; + if (!(p12->mac->salt->data = malloc(saltlen))) { + PKCS12error(ERR_R_MALLOC_FAILURE); return 0; } - if (!salt) { - if (RAND_pseudo_bytes (p12->mac->salt->data, saltlen) < 0) - return 0; - } - else memcpy (p12->mac->salt->data, salt, saltlen); + p12->mac->salt->length = saltlen; + if (!salt) + arc4random_buf(p12->mac->salt->data, saltlen); + else + memcpy (p12->mac->salt->data, salt, saltlen); p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type)); if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) { - PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); + PKCS12error(ERR_R_MALLOC_FAILURE); return 0; } p12->mac->dinfo->algor->parameter->type = V_ASN1_NULL; - + return 1; } #endif diff --git a/src/lib/libcrypto/pkcs12/p12_npas.c b/src/lib/libcrypto/pkcs12/p12_npas.c index a549433eebb..d6b12edab3d 100644 --- a/src/lib/libcrypto/pkcs12/p12_npas.c +++ b/src/lib/libcrypto/pkcs12/p12_npas.c @@ -1,5 +1,5 @@ -/* p12_npas.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: p12_npas.c,v 1.13 2018/05/13 14:22:34 tb Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -65,153 +65,181 @@ /* PKCS#12 password change routine */ -static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass); -static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, char *oldpass, - char *newpass); -static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass); +static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass); +static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *oldpass, + const char *newpass); +static int newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass, + const char *newpass); static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen); -/* +/* * Change the password on a PKCS#12 structure. */ -int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass) +int +PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass) { + /* Check for NULL PKCS12 structure */ -/* Check for NULL PKCS12 structure */ - -if(!p12) { - PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_INVALID_NULL_PKCS12_POINTER); - return 0; -} - -/* Check the mac */ + if (!p12) { + PKCS12error(PKCS12_R_INVALID_NULL_PKCS12_POINTER); + return 0; + } -if (!PKCS12_verify_mac(p12, oldpass, -1)) { - PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_MAC_VERIFY_FAILURE); - return 0; -} + /* Check the mac */ -if (!newpass_p12(p12, oldpass, newpass)) { - PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_PARSE_ERROR); - return 0; -} + if (!PKCS12_verify_mac(p12, oldpass, -1)) { + PKCS12error(PKCS12_R_MAC_VERIFY_FAILURE); + return 0; + } -return 1; + if (!newpass_p12(p12, oldpass, newpass)) { + PKCS12error(PKCS12_R_PARSE_ERROR); + return 0; + } + return 1; } /* Parse the outer PKCS#12 structure */ -static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass) +static int +newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass) { STACK_OF(PKCS7) *asafes, *newsafes; STACK_OF(PKCS12_SAFEBAG) *bags; - int i, bagnid, pbe_nid, pbe_iter, pbe_saltlen; + int i, bagnid, pbe_nid = 0, pbe_iter = 0, pbe_saltlen = 0; PKCS7 *p7, *p7new; ASN1_OCTET_STRING *p12_data_tmp = NULL, *macnew = NULL; unsigned char mac[EVP_MAX_MD_SIZE]; unsigned int maclen; - if (!(asafes = PKCS12_unpack_authsafes(p12))) return 0; - if(!(newsafes = sk_PKCS7_new_null())) return 0; - for (i = 0; i < sk_PKCS7_num (asafes); i++) { + if (!(asafes = PKCS12_unpack_authsafes(p12))) + return 0; + if (!(newsafes = sk_PKCS7_new_null())) + return 0; + for (i = 0; i < sk_PKCS7_num(asafes); i++) { p7 = sk_PKCS7_value(asafes, i); bagnid = OBJ_obj2nid(p7->type); if (bagnid == NID_pkcs7_data) { bags = PKCS12_unpack_p7data(p7); } else if (bagnid == NID_pkcs7_encrypted) { bags = PKCS12_unpack_p7encdata(p7, oldpass, -1); - alg_get(p7->d.encrypted->enc_data->algorithm, - &pbe_nid, &pbe_iter, &pbe_saltlen); - } else continue; - if (!bags) { - sk_PKCS7_pop_free(asafes, PKCS7_free); - return 0; - } - if (!newpass_bags(bags, oldpass, newpass)) { + if (!alg_get(p7->d.encrypted->enc_data->algorithm, + &pbe_nid, &pbe_iter, &pbe_saltlen)) { + sk_PKCS12_SAFEBAG_pop_free(bags, + PKCS12_SAFEBAG_free); + bags = NULL; + } + } else + continue; + if (bags == NULL) + goto err; + if (!newpass_bags(bags, oldpass, newpass)) { sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); - sk_PKCS7_pop_free(asafes, PKCS7_free); - return 0; + goto err; } /* Repack bag in same form with new password */ - if (bagnid == NID_pkcs7_data) p7new = PKCS12_pack_p7data(bags); - else p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1, NULL, - pbe_saltlen, pbe_iter, bags); + if (bagnid == NID_pkcs7_data) + p7new = PKCS12_pack_p7data(bags); + else + p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1, + NULL, pbe_saltlen, pbe_iter, bags); sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); - if(!p7new) { - sk_PKCS7_pop_free(asafes, PKCS7_free); - return 0; - } - sk_PKCS7_push(newsafes, p7new); + if (p7new == NULL) + goto err; + if (sk_PKCS7_push(newsafes, p7new) == 0) + goto err; } sk_PKCS7_pop_free(asafes, PKCS7_free); /* Repack safe: save old safe in case of error */ p12_data_tmp = p12->authsafes->d.data; - if(!(p12->authsafes->d.data = ASN1_OCTET_STRING_new())) goto saferr; - if(!PKCS12_pack_authsafes(p12, newsafes)) goto saferr; - - if(!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen)) goto saferr; - if(!(macnew = ASN1_OCTET_STRING_new())) goto saferr; - if(!ASN1_OCTET_STRING_set(macnew, mac, maclen)) goto saferr; + if (!(p12->authsafes->d.data = ASN1_OCTET_STRING_new())) { + p12->authsafes->d.data = p12_data_tmp; + goto err; + } + if (!PKCS12_pack_authsafes(p12, newsafes)) + goto saferr; + + if (!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen)) + goto saferr; + if (!(macnew = ASN1_OCTET_STRING_new())) + goto saferr; + if (!ASN1_OCTET_STRING_set(macnew, mac, maclen)) + goto saferr; ASN1_OCTET_STRING_free(p12->mac->dinfo->digest); p12->mac->dinfo->digest = macnew; ASN1_OCTET_STRING_free(p12_data_tmp); return 1; - saferr: +saferr: /* Restore old safe */ ASN1_OCTET_STRING_free(p12->authsafes->d.data); ASN1_OCTET_STRING_free(macnew); p12->authsafes->d.data = p12_data_tmp; return 0; +err: + sk_PKCS7_pop_free(asafes, PKCS7_free); + sk_PKCS7_pop_free(newsafes, PKCS7_free); + return 0; } -static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, char *oldpass, - char *newpass) +static int +newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *oldpass, + const char *newpass) { int i; + for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) { if (!newpass_bag(sk_PKCS12_SAFEBAG_value(bags, i), - oldpass, newpass)) - return 0; + oldpass, newpass)) + return 0; } return 1; } /* Change password of safebag: only needs handle shrouded keybags */ -static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass) +static int +newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass, const char *newpass) { PKCS8_PRIV_KEY_INFO *p8; X509_SIG *p8new; int p8_nid, p8_saltlen, p8_iter; - if(M_PKCS12_bag_type(bag) != NID_pkcs8ShroudedKeyBag) return 1; + if (OBJ_obj2nid(bag->type) != NID_pkcs8ShroudedKeyBag) + return 1; - if (!(p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1))) return 0; - alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter, &p8_saltlen); - if(!(p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen, - p8_iter, p8))) return 0; + if (!(p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1))) + return 0; + if (!alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter, + &p8_saltlen)) + return 0; + if (!(p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen, + p8_iter, p8))) return 0; X509_SIG_free(bag->value.shkeybag); bag->value.shkeybag = p8new; return 1; } -static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen) +static int +alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen) { - PBEPARAM *pbe; - unsigned char *p; - p = alg->parameter->value.sequence->data; - pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length); - *pnid = OBJ_obj2nid(alg->algorithm); + PBEPARAM *pbe; + const unsigned char *p; + + p = alg->parameter->value.sequence->data; + pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length); + if (!pbe) + return 0; + *pnid = OBJ_obj2nid(alg->algorithm); *piter = ASN1_INTEGER_get(pbe->iter); *psaltlen = pbe->salt->length; - PBEPARAM_free(pbe); - return 0; + PBEPARAM_free(pbe); + return 1; } diff --git a/src/lib/libcrypto/pkcs12/p12_p8d.c b/src/lib/libcrypto/pkcs12/p12_p8d.c index 3c6f377933c..0286d4acf54 100644 --- a/src/lib/libcrypto/pkcs12/p12_p8d.c +++ b/src/lib/libcrypto/pkcs12/p12_p8d.c @@ -1,5 +1,5 @@ -/* p12_p8d.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: p12_p8d.c,v 1.7 2018/05/13 14:28:14 tb Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2001. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,12 +57,12 @@ */ #include -#include "cryptlib.h" + #include -PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass, int passlen) +PKCS8_PRIV_KEY_INFO * +PKCS8_decrypt(const X509_SIG *p8, const char *pass, int passlen) { - return PKCS12_item_decrypt_d2i(p8->algor, ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO), pass, - passlen, p8->digest, 1); + return PKCS12_item_decrypt_d2i(p8->algor, + &PKCS8_PRIV_KEY_INFO_it, pass, passlen, p8->digest, 1); } - diff --git a/src/lib/libcrypto/pkcs12/p12_p8e.c b/src/lib/libcrypto/pkcs12/p12_p8e.c index 3d47956652a..5e3fc6486a8 100644 --- a/src/lib/libcrypto/pkcs12/p12_p8e.c +++ b/src/lib/libcrypto/pkcs12/p12_p8e.c @@ -1,5 +1,5 @@ -/* p12_p8e.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: p12_p8e.c,v 1.8 2017/01/29 17:49:23 beck Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2001. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,41 +57,44 @@ */ #include -#include "cryptlib.h" + +#include #include -X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, - const char *pass, int passlen, - unsigned char *salt, int saltlen, int iter, - PKCS8_PRIV_KEY_INFO *p8inf) +X509_SIG * +PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, const char *pass, + int passlen, unsigned char *salt, int saltlen, int iter, + PKCS8_PRIV_KEY_INFO *p8inf) { X509_SIG *p8 = NULL; X509_ALGOR *pbe; if (!(p8 = X509_SIG_new())) { - PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE); + PKCS12error(ERR_R_MALLOC_FAILURE); goto err; } - if(pbe_nid == -1) pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen); - else pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen); - if(!pbe) { - PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_ASN1_LIB); + if (pbe_nid == -1) + pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen); + else + pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen); + if (!pbe) { + PKCS12error(ERR_R_ASN1_LIB); goto err; } X509_ALGOR_free(p8->algor); p8->algor = pbe; - M_ASN1_OCTET_STRING_free(p8->digest); - p8->digest = PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO), - pass, passlen, p8inf, 1); - if(!p8->digest) { - PKCS12err(PKCS12_F_PKCS8_ENCRYPT, PKCS12_R_ENCRYPT_ERROR); + ASN1_OCTET_STRING_free(p8->digest); + p8->digest = PKCS12_item_i2d_encrypt(pbe, + &PKCS8_PRIV_KEY_INFO_it, pass, passlen, p8inf, 1); + if (!p8->digest) { + PKCS12error(PKCS12_R_ENCRYPT_ERROR); goto err; } return p8; - err: +err: X509_SIG_free(p8); return NULL; } diff --git a/src/lib/libcrypto/pkcs12/p12_utl.c b/src/lib/libcrypto/pkcs12/p12_utl.c index 243ec76be95..ff3a035d3f7 100644 --- a/src/lib/libcrypto/pkcs12/p12_utl.c +++ b/src/lib/libcrypto/pkcs12/p12_utl.c @@ -1,5 +1,5 @@ -/* p12_utl.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: p12_utl.c,v 1.16 2018/05/30 15:32:11 tb Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -56,91 +56,130 @@ * */ +#include #include -#include "cryptlib.h" +#include + #include /* Cheap and nasty Unicode stuff */ -unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen) +unsigned char * +OPENSSL_asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen) { - int ulen, i; + size_t ulen, i; unsigned char *unitmp; - if (asclen == -1) asclen = strlen(asc); - ulen = asclen*2 + 2; - if (!(unitmp = OPENSSL_malloc(ulen))) return NULL; - for (i = 0; i < ulen - 2; i+=2) { + + if (asclen < 0) + ulen = strlen(asc); + else + ulen = (size_t)asclen; + ulen++; + if (ulen == 0) /* unlikely overflow */ + return NULL; + if ((unitmp = reallocarray(NULL, ulen, 2)) == NULL) + return NULL; + ulen *= 2; + /* XXX This interface ought to use unsigned types */ + if (ulen > INT_MAX) { + free(unitmp); + return NULL; + } + for (i = 0; i < ulen - 2; i += 2) { unitmp[i] = 0; - unitmp[i + 1] = asc[i>>1]; + unitmp[i + 1] = *asc++; } - /* Make result double null terminated */ + /* Make result double-NUL terminated */ unitmp[ulen - 2] = 0; unitmp[ulen - 1] = 0; - if (unilen) *unilen = ulen; - if (uni) *uni = unitmp; + if (unilen) + *unilen = ulen; + if (uni) + *uni = unitmp; return unitmp; } -char *uni2asc(unsigned char *uni, int unilen) +char * +OPENSSL_uni2asc(const unsigned char *uni, int unilen) { - int asclen, i; + size_t asclen, u16len, i; char *asctmp; - asclen = unilen / 2; - /* If no terminating zero allow for one */ - if (!unilen || uni[unilen - 1]) asclen++; + + if (unilen < 0) + return NULL; + + asclen = u16len = (size_t)unilen / 2; + /* If no terminating NUL, allow for one */ + if (unilen == 0 || uni[unilen - 1] != '\0') + asclen++; + if ((asctmp = malloc(asclen)) == NULL) + return NULL; + /* Skip first zero byte */ uni++; - if (!(asctmp = OPENSSL_malloc(asclen))) return NULL; - for (i = 0; i < unilen; i+=2) asctmp[i>>1] = uni[i]; - asctmp[asclen - 1] = 0; + for (i = 0; i < u16len; i++) { + asctmp[i] = *uni; + uni += 2; + } + asctmp[asclen - 1] = '\0'; return asctmp; } -int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12) +int +i2d_PKCS12_bio(BIO *bp, PKCS12 *p12) { - return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS12), bp, p12); + return ASN1_item_i2d_bio(&PKCS12_it, bp, p12); } -#ifndef OPENSSL_NO_FP_API -int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12) +int +i2d_PKCS12_fp(FILE *fp, PKCS12 *p12) { - return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS12), fp, p12); + return ASN1_item_i2d_fp(&PKCS12_it, fp, p12); } -#endif -PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12) +PKCS12 * +d2i_PKCS12_bio(BIO *bp, PKCS12 **p12) { - return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS12), bp, p12); + return ASN1_item_d2i_bio(&PKCS12_it, bp, p12); } -#ifndef OPENSSL_NO_FP_API -PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12) + +PKCS12 * +d2i_PKCS12_fp(FILE *fp, PKCS12 **p12) { - return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS12), fp, p12); + return ASN1_item_d2i_fp(&PKCS12_it, fp, p12); } -#endif -PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509) +PKCS12_SAFEBAG * +PKCS12_x5092certbag(X509 *x509) { - return PKCS12_item_pack_safebag(x509, ASN1_ITEM_rptr(X509), - NID_x509Certificate, NID_certBag); + return PKCS12_item_pack_safebag(x509, &X509_it, + NID_x509Certificate, NID_certBag); } -PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl) +PKCS12_SAFEBAG * +PKCS12_x509crl2certbag(X509_CRL *crl) { - return PKCS12_item_pack_safebag(crl, ASN1_ITEM_rptr(X509_CRL), - NID_x509Crl, NID_crlBag); + return PKCS12_item_pack_safebag(crl, &X509_CRL_it, + NID_x509Crl, NID_crlBag); } -X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag) +X509 * +PKCS12_certbag2x509(PKCS12_SAFEBAG *bag) { - if(M_PKCS12_bag_type(bag) != NID_certBag) return NULL; - if(M_PKCS12_cert_bag_type(bag) != NID_x509Certificate) return NULL; - return ASN1_item_unpack(bag->value.bag->value.octet, ASN1_ITEM_rptr(X509)); + if (OBJ_obj2nid(bag->type) != NID_certBag) + return NULL; + if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Certificate) + return NULL; + return ASN1_item_unpack(bag->value.bag->value.octet, + &X509_it); } -X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag) +X509_CRL * +PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag) { - if(M_PKCS12_bag_type(bag) != NID_crlBag) return NULL; - if(M_PKCS12_cert_bag_type(bag) != NID_x509Crl) return NULL; + if (OBJ_obj2nid(bag->type) != NID_crlBag) + return NULL; + if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Crl) + return NULL; return ASN1_item_unpack(bag->value.bag->value.octet, - ASN1_ITEM_rptr(X509_CRL)); + &X509_CRL_it); } diff --git a/src/lib/libcrypto/pkcs12/pk12err.c b/src/lib/libcrypto/pkcs12/pk12err.c index 10ab80502c1..0464a8303c1 100644 --- a/src/lib/libcrypto/pkcs12/pk12err.c +++ b/src/lib/libcrypto/pkcs12/pk12err.c @@ -1,13 +1,13 @@ -/* crypto/pkcs12/pk12err.c */ +/* $OpenBSD: pk12err.c,v 1.10 2014/07/10 22:45:57 jsing Exp $ */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -59,81 +59,86 @@ */ #include + +#include + #include #include /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -static ERR_STRING_DATA PKCS12_str_functs[]= - { -{ERR_PACK(0,PKCS12_F_PARSE_BAGS,0), "PARSE_BAGS"}, -{ERR_PACK(0,PKCS12_F_PKCS12_ADD_FRIENDLYNAME,0), "PKCS12_ADD_FRIENDLYNAME"}, -{ERR_PACK(0,PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC,0), "PKCS12_add_friendlyname_asc"}, -{ERR_PACK(0,PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI,0), "PKCS12_add_friendlyname_uni"}, -{ERR_PACK(0,PKCS12_F_PKCS12_ADD_LOCALKEYID,0), "PKCS12_add_localkeyid"}, -{ERR_PACK(0,PKCS12_F_PKCS12_CREATE,0), "PKCS12_create"}, -{ERR_PACK(0,PKCS12_F_PKCS12_DECRYPT_D2I,0), "PKCS12_decrypt_d2i"}, -{ERR_PACK(0,PKCS12_F_PKCS12_GEN_MAC,0), "PKCS12_gen_mac"}, -{ERR_PACK(0,PKCS12_F_PKCS12_I2D_ENCRYPT,0), "PKCS12_i2d_encrypt"}, -{ERR_PACK(0,PKCS12_F_PKCS12_INIT,0), "PKCS12_init"}, -{ERR_PACK(0,PKCS12_F_PKCS12_KEY_GEN_ASC,0), "PKCS12_key_gen_asc"}, -{ERR_PACK(0,PKCS12_F_PKCS12_KEY_GEN_UNI,0), "PKCS12_key_gen_uni"}, -{ERR_PACK(0,PKCS12_F_PKCS12_MAKE_KEYBAG,0), "PKCS12_MAKE_KEYBAG"}, -{ERR_PACK(0,PKCS12_F_PKCS12_MAKE_SHKEYBAG,0), "PKCS12_MAKE_SHKEYBAG"}, -{ERR_PACK(0,PKCS12_F_PKCS12_NEWPASS,0), "PKCS12_newpass"}, -{ERR_PACK(0,PKCS12_F_PKCS12_PACK_P7DATA,0), "PKCS12_pack_p7data"}, -{ERR_PACK(0,PKCS12_F_PKCS12_PACK_P7ENCDATA,0), "PKCS12_pack_p7encdata"}, -{ERR_PACK(0,PKCS12_F_PKCS12_PACK_SAFEBAG,0), "PKCS12_pack_safebag"}, -{ERR_PACK(0,PKCS12_F_PKCS12_PARSE,0), "PKCS12_parse"}, -{ERR_PACK(0,PKCS12_F_PKCS12_PBE_CRYPT,0), "PKCS12_pbe_crypt"}, -{ERR_PACK(0,PKCS12_F_PKCS12_PBE_KEYIVGEN,0), "PKCS12_PBE_keyivgen"}, -{ERR_PACK(0,PKCS12_F_PKCS12_SETUP_MAC,0), "PKCS12_setup_mac"}, -{ERR_PACK(0,PKCS12_F_PKCS12_SET_MAC,0), "PKCS12_set_mac"}, -{ERR_PACK(0,PKCS12_F_PKCS8_ADD_KEYUSAGE,0), "PKCS8_add_keyusage"}, -{ERR_PACK(0,PKCS12_F_PKCS8_ENCRYPT,0), "PKCS8_encrypt"}, -{ERR_PACK(0,PKCS12_F_VERIFY_MAC,0), "VERIFY_MAC"}, -{0,NULL} - }; -static ERR_STRING_DATA PKCS12_str_reasons[]= - { -{PKCS12_R_CANT_PACK_STRUCTURE ,"cant pack structure"}, -{PKCS12_R_DECODE_ERROR ,"decode error"}, -{PKCS12_R_ENCODE_ERROR ,"encode error"}, -{PKCS12_R_ENCRYPT_ERROR ,"encrypt error"}, -{PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE,"error setting encrypted data type"}, -{PKCS12_R_INVALID_NULL_ARGUMENT ,"invalid null argument"}, -{PKCS12_R_INVALID_NULL_PKCS12_POINTER ,"invalid null pkcs12 pointer"}, -{PKCS12_R_IV_GEN_ERROR ,"iv gen error"}, -{PKCS12_R_KEY_GEN_ERROR ,"key gen error"}, -{PKCS12_R_MAC_ABSENT ,"mac absent"}, -{PKCS12_R_MAC_GENERATION_ERROR ,"mac generation error"}, -{PKCS12_R_MAC_SETUP_ERROR ,"mac setup error"}, -{PKCS12_R_MAC_STRING_SET_ERROR ,"mac string set error"}, -{PKCS12_R_MAC_VERIFY_ERROR ,"mac verify error"}, -{PKCS12_R_MAC_VERIFY_FAILURE ,"mac verify failure"}, -{PKCS12_R_PARSE_ERROR ,"parse error"}, -{PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR ,"pkcs12 algor cipherinit error"}, -{PKCS12_R_PKCS12_CIPHERFINAL_ERROR ,"pkcs12 cipherfinal error"}, -{PKCS12_R_PKCS12_PBE_CRYPT_ERROR ,"pkcs12 pbe crypt error"}, -{PKCS12_R_UNKNOWN_DIGEST_ALGORITHM ,"unknown digest algorithm"}, -{PKCS12_R_UNSUPPORTED_PKCS12_MODE ,"unsupported pkcs12 mode"}, -{0,NULL} - }; +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS12,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS12,0,reason) -#endif +static ERR_STRING_DATA PKCS12_str_functs[]= { + {ERR_FUNC(PKCS12_F_PARSE_BAG), "PARSE_BAG"}, + {ERR_FUNC(PKCS12_F_PARSE_BAGS), "PARSE_BAGS"}, + {ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME), "PKCS12_ADD_FRIENDLYNAME"}, + {ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC), "PKCS12_add_friendlyname_asc"}, + {ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI), "PKCS12_add_friendlyname_uni"}, + {ERR_FUNC(PKCS12_F_PKCS12_ADD_LOCALKEYID), "PKCS12_add_localkeyid"}, + {ERR_FUNC(PKCS12_F_PKCS12_CREATE), "PKCS12_create"}, + {ERR_FUNC(PKCS12_F_PKCS12_GEN_MAC), "PKCS12_gen_mac"}, + {ERR_FUNC(PKCS12_F_PKCS12_INIT), "PKCS12_init"}, + {ERR_FUNC(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I), "PKCS12_item_decrypt_d2i"}, + {ERR_FUNC(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT), "PKCS12_item_i2d_encrypt"}, + {ERR_FUNC(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG), "PKCS12_item_pack_safebag"}, + {ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_ASC), "PKCS12_key_gen_asc"}, + {ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_UNI), "PKCS12_key_gen_uni"}, + {ERR_FUNC(PKCS12_F_PKCS12_MAKE_KEYBAG), "PKCS12_MAKE_KEYBAG"}, + {ERR_FUNC(PKCS12_F_PKCS12_MAKE_SHKEYBAG), "PKCS12_MAKE_SHKEYBAG"}, + {ERR_FUNC(PKCS12_F_PKCS12_NEWPASS), "PKCS12_newpass"}, + {ERR_FUNC(PKCS12_F_PKCS12_PACK_P7DATA), "PKCS12_pack_p7data"}, + {ERR_FUNC(PKCS12_F_PKCS12_PACK_P7ENCDATA), "PKCS12_pack_p7encdata"}, + {ERR_FUNC(PKCS12_F_PKCS12_PARSE), "PKCS12_parse"}, + {ERR_FUNC(PKCS12_F_PKCS12_PBE_CRYPT), "PKCS12_pbe_crypt"}, + {ERR_FUNC(PKCS12_F_PKCS12_PBE_KEYIVGEN), "PKCS12_PBE_keyivgen"}, + {ERR_FUNC(PKCS12_F_PKCS12_SETUP_MAC), "PKCS12_setup_mac"}, + {ERR_FUNC(PKCS12_F_PKCS12_SET_MAC), "PKCS12_set_mac"}, + {ERR_FUNC(PKCS12_F_PKCS12_UNPACK_AUTHSAFES), "PKCS12_unpack_authsafes"}, + {ERR_FUNC(PKCS12_F_PKCS12_UNPACK_P7DATA), "PKCS12_unpack_p7data"}, + {ERR_FUNC(PKCS12_F_PKCS12_VERIFY_MAC), "PKCS12_verify_mac"}, + {ERR_FUNC(PKCS12_F_PKCS8_ADD_KEYUSAGE), "PKCS8_add_keyusage"}, + {ERR_FUNC(PKCS12_F_PKCS8_ENCRYPT), "PKCS8_encrypt"}, + {0, NULL} +}; -void ERR_load_PKCS12_strings(void) - { - static int init=1; +static ERR_STRING_DATA PKCS12_str_reasons[]= { + {ERR_REASON(PKCS12_R_CANT_PACK_STRUCTURE), "cant pack structure"}, + {ERR_REASON(PKCS12_R_CONTENT_TYPE_NOT_DATA), "content type not data"}, + {ERR_REASON(PKCS12_R_DECODE_ERROR) , "decode error"}, + {ERR_REASON(PKCS12_R_ENCODE_ERROR) , "encode error"}, + {ERR_REASON(PKCS12_R_ENCRYPT_ERROR) , "encrypt error"}, + {ERR_REASON(PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE), "error setting encrypted data type"}, + {ERR_REASON(PKCS12_R_INVALID_NULL_ARGUMENT), "invalid null argument"}, + {ERR_REASON(PKCS12_R_INVALID_NULL_PKCS12_POINTER), "invalid null pkcs12 pointer"}, + {ERR_REASON(PKCS12_R_IV_GEN_ERROR) , "iv gen error"}, + {ERR_REASON(PKCS12_R_KEY_GEN_ERROR) , "key gen error"}, + {ERR_REASON(PKCS12_R_MAC_ABSENT) , "mac absent"}, + {ERR_REASON(PKCS12_R_MAC_GENERATION_ERROR), "mac generation error"}, + {ERR_REASON(PKCS12_R_MAC_SETUP_ERROR) , "mac setup error"}, + {ERR_REASON(PKCS12_R_MAC_STRING_SET_ERROR), "mac string set error"}, + {ERR_REASON(PKCS12_R_MAC_VERIFY_ERROR) , "mac verify error"}, + {ERR_REASON(PKCS12_R_MAC_VERIFY_FAILURE) , "mac verify failure"}, + {ERR_REASON(PKCS12_R_PARSE_ERROR) , "parse error"}, + {ERR_REASON(PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR), "pkcs12 algor cipherinit error"}, + {ERR_REASON(PKCS12_R_PKCS12_CIPHERFINAL_ERROR), "pkcs12 cipherfinal error"}, + {ERR_REASON(PKCS12_R_PKCS12_PBE_CRYPT_ERROR), "pkcs12 pbe crypt error"}, + {ERR_REASON(PKCS12_R_UNKNOWN_DIGEST_ALGORITHM), "unknown digest algorithm"}, + {ERR_REASON(PKCS12_R_UNSUPPORTED_PKCS12_MODE), "unsupported pkcs12 mode"}, + {0, NULL} +}; - if (init) - { - init=0; -#ifndef OPENSSL_NO_ERR - ERR_load_strings(ERR_LIB_PKCS12,PKCS12_str_functs); - ERR_load_strings(ERR_LIB_PKCS12,PKCS12_str_reasons); #endif - } +void +ERR_load_PKCS12_strings(void) +{ +#ifndef OPENSSL_NO_ERR + if (ERR_func_error_string(PKCS12_str_functs[0].error) == NULL) { + ERR_load_strings(0, PKCS12_str_functs); + ERR_load_strings(0, PKCS12_str_reasons); } +#endif +} diff --git a/src/lib/libcrypto/pkcs12/pkcs12.h b/src/lib/libcrypto/pkcs12/pkcs12.h index 1786b6d4f3c..56635f9d7e0 100644 --- a/src/lib/libcrypto/pkcs12/pkcs12.h +++ b/src/lib/libcrypto/pkcs12/pkcs12.h @@ -1,5 +1,5 @@ -/* pkcs12.h */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: pkcs12.h,v 1.24 2018/05/30 15:32:11 tb Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -97,56 +97,55 @@ extern "C" { #define KEY_SIG 0x80 typedef struct { -X509_SIG *dinfo; -ASN1_OCTET_STRING *salt; -ASN1_INTEGER *iter; /* defaults to 1 */ + X509_SIG *dinfo; + ASN1_OCTET_STRING *salt; + ASN1_INTEGER *iter; /* defaults to 1 */ } PKCS12_MAC_DATA; typedef struct { -ASN1_INTEGER *version; -PKCS12_MAC_DATA *mac; -PKCS7 *authsafes; + ASN1_INTEGER *version; + PKCS12_MAC_DATA *mac; + PKCS7 *authsafes; } PKCS12; -PREDECLARE_STACK_OF(PKCS12_SAFEBAG) - typedef struct { -ASN1_OBJECT *type; -union { + ASN1_OBJECT *type; + union { struct pkcs12_bag_st *bag; /* secret, crl and certbag */ struct pkcs8_priv_key_info_st *keybag; /* keybag */ X509_SIG *shkeybag; /* shrouded key bag */ - STACK_OF(PKCS12_SAFEBAG) *safes; - ASN1_TYPE *other; -}value; -STACK_OF(X509_ATTRIBUTE) *attrib; + STACK_OF(PKCS12_SAFEBAG) *safes; + ASN1_TYPE *other; + } value; + STACK_OF(X509_ATTRIBUTE) *attrib; } PKCS12_SAFEBAG; DECLARE_STACK_OF(PKCS12_SAFEBAG) -DECLARE_ASN1_SET_OF(PKCS12_SAFEBAG) DECLARE_PKCS12_STACK_OF(PKCS12_SAFEBAG) typedef struct pkcs12_bag_st { -ASN1_OBJECT *type; -union { - ASN1_OCTET_STRING *x509cert; - ASN1_OCTET_STRING *x509crl; - ASN1_OCTET_STRING *octet; - ASN1_IA5STRING *sdsicert; - ASN1_TYPE *other; /* Secret or other bag */ -}value; + ASN1_OBJECT *type; + union { + ASN1_OCTET_STRING *x509cert; + ASN1_OCTET_STRING *x509crl; + ASN1_OCTET_STRING *octet; + ASN1_IA5STRING *sdsicert; + ASN1_TYPE *other; /* Secret or other bag */ + } value; } PKCS12_BAGS; #define PKCS12_ERROR 0 #define PKCS12_OK 1 +#ifndef LIBRESSL_INTERNAL + /* Compatibility macros */ #define M_PKCS12_x5092certbag PKCS12_x5092certbag #define M_PKCS12_x509crl2certbag PKCS12_x509crl2certbag #define M_PKCS12_certbag2x509 PKCS12_certbag2x509 -#define M_PKCS12_certbag2x509crl PKCS12_certbag2x509crl +#define M_PKCS12_certbag2x509crl PKCS12_certbag2x509crl #define M_PKCS12_unpack_p7data PKCS12_unpack_p7data #define M_PKCS12_pack_authsafes PKCS12_pack_authsafes @@ -156,10 +155,12 @@ union { #define M_PKCS12_decrypt_skey PKCS12_decrypt_skey #define M_PKCS8_decrypt PKCS8_decrypt -#define M_PKCS12_bag_type(bag) OBJ_obj2nid(bag->type) -#define M_PKCS12_cert_bag_type(bag) OBJ_obj2nid(bag->value.bag->type) +#define M_PKCS12_bag_type(bg) OBJ_obj2nid((bg)->type) +#define M_PKCS12_cert_bag_type(bg) OBJ_obj2nid((bg)->value.bag->type) #define M_PKCS12_crl_bag_type M_PKCS12_cert_bag_type +#endif /* !LIBRESSL_INTERNAL */ + #define PKCS12_get_attr(bag, attr_nid) \ PKCS12_get_attr_gen(bag->attrib, attr_nid) @@ -174,86 +175,113 @@ PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl); X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag); X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag); -PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1, - int nid2); +PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, + int nid1, int nid2); PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8); -PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass, int passlen); -PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, const char *pass, - int passlen); -X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, - const char *pass, int passlen, - unsigned char *salt, int saltlen, int iter, - PKCS8_PRIV_KEY_INFO *p8); +PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(const X509_SIG *p8, const char *pass, + int passlen); +PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag, + const char *pass, int passlen); +X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, + const char *pass, int passlen, unsigned char *salt, int saltlen, int iter, + PKCS8_PRIV_KEY_INFO *p8); PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, - int passlen, unsigned char *salt, - int saltlen, int iter, - PKCS8_PRIV_KEY_INFO *p8); + int passlen, unsigned char *salt, int saltlen, int iter, + PKCS8_PRIV_KEY_INFO *p8); PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk); STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7); PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, - unsigned char *salt, int saltlen, int iter, - STACK_OF(PKCS12_SAFEBAG) *bags); -STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen); + unsigned char *salt, int saltlen, int iter, STACK_OF(PKCS12_SAFEBAG) *bags); +STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, + int passlen); int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes); -STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12); +STACK_OF(PKCS7) *PKCS12_unpack_authsafes(const PKCS12 *p12); -int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen); +int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, + int namelen); int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name, - int namelen); + int namelen); int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, - int namelen); + int namelen); int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, const unsigned char *name, - int namelen); + int namelen); int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage); -ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid); +ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs, + int attr_nid); char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag); -unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass, - int passlen, unsigned char *in, int inlen, - unsigned char **data, int *datalen, int en_de); -void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it, - const char *pass, int passlen, ASN1_OCTET_STRING *oct, int zbuf); -ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it, - const char *pass, int passlen, - void *obj, int zbuf); +unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor, const char *pass, + int passlen, const unsigned char *in, int inlen, unsigned char **data, + int *datalen, int en_de); +void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it, + const char *pass, int passlen, const ASN1_OCTET_STRING *oct, int zbuf); +ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, + const ASN1_ITEM *it, const char *pass, int passlen, void *obj, int zbuf); PKCS12 *PKCS12_init(int mode); int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, - int saltlen, int id, int iter, int n, - unsigned char *out, const EVP_MD *md_type); -int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int id, int iter, int n, unsigned char *out, const EVP_MD *md_type); + int saltlen, int id, int iter, int n, unsigned char *out, + const EVP_MD *md_type); +int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, + int saltlen, int id, int iter, int n, unsigned char *out, + const EVP_MD *md_type); int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, - ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md_type, - int en_de); + ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md_type, + int en_de); int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, - unsigned char *mac, unsigned int *maclen); + unsigned char *mac, unsigned int *maclen); int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen); int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, - unsigned char *salt, int saltlen, int iter, - const EVP_MD *md_type); + unsigned char *salt, int saltlen, int iter, + const EVP_MD *md_type); int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, - int saltlen, const EVP_MD *md_type); -unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen); -char *uni2asc(unsigned char *uni, int unilen); - -DECLARE_ASN1_FUNCTIONS(PKCS12) -DECLARE_ASN1_FUNCTIONS(PKCS12_MAC_DATA) -DECLARE_ASN1_FUNCTIONS(PKCS12_SAFEBAG) -DECLARE_ASN1_FUNCTIONS(PKCS12_BAGS) - -DECLARE_ASN1_ITEM(PKCS12_SAFEBAGS) -DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES) + int saltlen, const EVP_MD *md_type); +unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, + unsigned char **uni, int *unilen); +char *OPENSSL_uni2asc(const unsigned char *uni, int unilen); + +PKCS12 *PKCS12_new(void); +void PKCS12_free(PKCS12 *a); +PKCS12 *d2i_PKCS12(PKCS12 **a, const unsigned char **in, long len); +int i2d_PKCS12(PKCS12 *a, unsigned char **out); +extern const ASN1_ITEM PKCS12_it; +PKCS12_MAC_DATA *PKCS12_MAC_DATA_new(void); +void PKCS12_MAC_DATA_free(PKCS12_MAC_DATA *a); +PKCS12_MAC_DATA *d2i_PKCS12_MAC_DATA(PKCS12_MAC_DATA **a, const unsigned char **in, long len); +int i2d_PKCS12_MAC_DATA(PKCS12_MAC_DATA *a, unsigned char **out); +extern const ASN1_ITEM PKCS12_MAC_DATA_it; +PKCS12_SAFEBAG *PKCS12_SAFEBAG_new(void); +void PKCS12_SAFEBAG_free(PKCS12_SAFEBAG *a); +PKCS12_SAFEBAG *d2i_PKCS12_SAFEBAG(PKCS12_SAFEBAG **a, const unsigned char **in, long len); +int i2d_PKCS12_SAFEBAG(PKCS12_SAFEBAG *a, unsigned char **out); +extern const ASN1_ITEM PKCS12_SAFEBAG_it; +PKCS12_BAGS *PKCS12_BAGS_new(void); +void PKCS12_BAGS_free(PKCS12_BAGS *a); +PKCS12_BAGS *d2i_PKCS12_BAGS(PKCS12_BAGS **a, const unsigned char **in, long len); +int i2d_PKCS12_BAGS(PKCS12_BAGS *a, unsigned char **out); +extern const ASN1_ITEM PKCS12_BAGS_it; + +extern const ASN1_ITEM PKCS12_SAFEBAGS_it; +extern const ASN1_ITEM PKCS12_AUTHSAFES_it; void PKCS12_PBE_add(void); int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, - STACK_OF(X509) **ca); -PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, - STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, - int mac_iter, int keytype); + STACK_OF(X509) **ca); +PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, + X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, + int mac_iter, int keytype); + +PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert); +PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key, + int key_usage, int iter, int key_nid, const char *pass); +int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, + int safe_nid, int iter, const char *pass); +PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int p7_nid); + int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12); int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12); PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12); PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12); -int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass); +int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass); /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes @@ -264,16 +292,18 @@ void ERR_load_PKCS12_strings(void); /* Error codes for the PKCS12 functions. */ /* Function codes. */ +#define PKCS12_F_PARSE_BAG 129 #define PKCS12_F_PARSE_BAGS 103 #define PKCS12_F_PKCS12_ADD_FRIENDLYNAME 100 #define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC 127 #define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI 102 #define PKCS12_F_PKCS12_ADD_LOCALKEYID 104 #define PKCS12_F_PKCS12_CREATE 105 -#define PKCS12_F_PKCS12_DECRYPT_D2I 106 #define PKCS12_F_PKCS12_GEN_MAC 107 -#define PKCS12_F_PKCS12_I2D_ENCRYPT 108 #define PKCS12_F_PKCS12_INIT 109 +#define PKCS12_F_PKCS12_ITEM_DECRYPT_D2I 106 +#define PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT 108 +#define PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG 117 #define PKCS12_F_PKCS12_KEY_GEN_ASC 110 #define PKCS12_F_PKCS12_KEY_GEN_UNI 111 #define PKCS12_F_PKCS12_MAKE_KEYBAG 112 @@ -281,18 +311,20 @@ void ERR_load_PKCS12_strings(void); #define PKCS12_F_PKCS12_NEWPASS 128 #define PKCS12_F_PKCS12_PACK_P7DATA 114 #define PKCS12_F_PKCS12_PACK_P7ENCDATA 115 -#define PKCS12_F_PKCS12_PACK_SAFEBAG 117 #define PKCS12_F_PKCS12_PARSE 118 #define PKCS12_F_PKCS12_PBE_CRYPT 119 #define PKCS12_F_PKCS12_PBE_KEYIVGEN 120 #define PKCS12_F_PKCS12_SETUP_MAC 122 #define PKCS12_F_PKCS12_SET_MAC 123 +#define PKCS12_F_PKCS12_UNPACK_AUTHSAFES 130 +#define PKCS12_F_PKCS12_UNPACK_P7DATA 131 +#define PKCS12_F_PKCS12_VERIFY_MAC 126 #define PKCS12_F_PKCS8_ADD_KEYUSAGE 124 #define PKCS12_F_PKCS8_ENCRYPT 125 -#define PKCS12_F_VERIFY_MAC 126 /* Reason codes. */ #define PKCS12_R_CANT_PACK_STRUCTURE 100 +#define PKCS12_R_CONTENT_TYPE_NOT_DATA 121 #define PKCS12_R_DECODE_ERROR 101 #define PKCS12_R_ENCODE_ERROR 102 #define PKCS12_R_ENCRYPT_ERROR 103 diff --git a/src/lib/libcrypto/pkcs7/Makefile.ssl b/src/lib/libcrypto/pkcs7/Makefile.ssl deleted file mode 100644 index d2afd977e17..00000000000 --- a/src/lib/libcrypto/pkcs7/Makefile.ssl +++ /dev/null @@ -1,195 +0,0 @@ -# -# SSLeay/crypto/pkcs7/Makefile -# - -DIR= pkcs7 -TOP= ../.. -CC= cc -INCLUDES= -I.. -I$(TOP) -I../../include -CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKE= make -f Makefile.ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) -MAKEFILE= Makefile.ssl -AR= ar r - -PEX_LIBS= -EX_LIBS= - -CFLAGS= $(INCLUDES) $(CFLAG) - -GENERAL=Makefile README -TEST= -APPS= - -LIB=$(TOP)/libcrypto.a -LIBSRC= pk7_asn1.c pk7_lib.c pkcs7err.c pk7_doit.c pk7_smime.c pk7_attr.c \ - pk7_mime.c -LIBOBJ= pk7_asn1.o pk7_lib.o pkcs7err.o pk7_doit.o pk7_smime.o pk7_attr.o \ - pk7_mime.o - -SRC= $(LIBSRC) - -EXHEADER= pkcs7.h -HEADER= $(EXHEADER) - -ALL= $(GENERAL) $(SRC) $(HEADER) - -top: - (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) - -test: - -all: lib - -testapps: enc dec sign verify - -enc: enc.o lib - $(CC) $(CFLAGS) -o enc enc.o $(PEX_LIBS) $(LIB) $(EX_LIBS) - -dec: dec.o lib - $(CC) $(CFLAGS) -o dec dec.o $(PEX_LIBS) $(LIB) $(EX_LIBS) - -sign: sign.o lib - $(CC) $(CFLAGS) -o sign sign.o $(PEX_LIBS) $(LIB) $(EX_LIBS) - -verify: verify.o example.o lib - $(CC) $(CFLAGS) -o verify verify.o $(PEX_LIBS) example.o $(LIB) $(EX_LIBS) - -lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) || echo Never mind. - @touch lib - -files: - $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO - -links: - @sh $(TOP)/util/point.sh Makefile.ssl Makefile - @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) - @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) - @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) - -install: - @for i in $(EXHEADER) ; \ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; - -tags: - ctags $(SRC) - -tests: - -lint: - lint -DLINT $(INCLUDES) $(SRC)>fluff - -depend: - $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) - -dclean: - $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new - mv -f Makefile.new $(MAKEFILE) - -clean: - rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff enc dec sign verify - -# DO NOT DELETE THIS LINE -- make depend depends on it. - -pk7_asn1.o: ../../e_os.h ../../include/openssl/asn1.h -pk7_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -pk7_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -pk7_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -pk7_asn1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -pk7_asn1.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pk7_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -pk7_asn1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -pk7_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -pk7_asn1.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -pk7_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -pk7_asn1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -pk7_asn1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -pk7_asn1.o: ../cryptlib.h pk7_asn1.c -pk7_attr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -pk7_attr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -pk7_attr.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -pk7_attr.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -pk7_attr.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pk7_attr.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -pk7_attr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -pk7_attr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -pk7_attr.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h -pk7_attr.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -pk7_attr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -pk7_attr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -pk7_attr.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -pk7_attr.o: pk7_attr.c -pk7_doit.o: ../../e_os.h ../../include/openssl/asn1.h -pk7_doit.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -pk7_doit.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h -pk7_doit.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -pk7_doit.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -pk7_doit.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pk7_doit.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -pk7_doit.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -pk7_doit.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -pk7_doit.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -pk7_doit.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -pk7_doit.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -pk7_doit.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -pk7_doit.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -pk7_doit.o: ../cryptlib.h pk7_doit.c -pk7_lib.o: ../../e_os.h ../../include/openssl/asn1.h -pk7_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -pk7_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -pk7_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -pk7_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -pk7_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -pk7_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -pk7_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -pk7_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -pk7_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -pk7_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -pk7_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -pk7_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pk7_lib.c -pk7_mime.o: ../../e_os.h ../../include/openssl/asn1.h -pk7_mime.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -pk7_mime.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -pk7_mime.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -pk7_mime.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -pk7_mime.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -pk7_mime.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -pk7_mime.o: ../../include/openssl/opensslconf.h -pk7_mime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -pk7_mime.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -pk7_mime.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -pk7_mime.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -pk7_mime.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -pk7_mime.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pk7_mime.c -pk7_smime.o: ../../e_os.h ../../include/openssl/asn1.h -pk7_smime.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -pk7_smime.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h -pk7_smime.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -pk7_smime.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -pk7_smime.o: ../../include/openssl/err.h ../../include/openssl/evp.h -pk7_smime.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -pk7_smime.o: ../../include/openssl/objects.h -pk7_smime.o: ../../include/openssl/opensslconf.h -pk7_smime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -pk7_smime.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -pk7_smime.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -pk7_smime.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -pk7_smime.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -pk7_smime.o: ../../include/openssl/x509v3.h ../cryptlib.h pk7_smime.c -pkcs7err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -pkcs7err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -pkcs7err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -pkcs7err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -pkcs7err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -pkcs7err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -pkcs7err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -pkcs7err.o: pkcs7err.c diff --git a/src/lib/libcrypto/pkcs7/bio_ber.c b/src/lib/libcrypto/pkcs7/bio_ber.c deleted file mode 100644 index 42331f7ab0e..00000000000 --- a/src/lib/libcrypto/pkcs7/bio_ber.c +++ /dev/null @@ -1,466 +0,0 @@ -/* crypto/evp/bio_ber.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include "cryptlib.h" -#include -#include - -static int ber_write(BIO *h,char *buf,int num); -static int ber_read(BIO *h,char *buf,int size); -/*static int ber_puts(BIO *h,char *str); */ -/*static int ber_gets(BIO *h,char *str,int size); */ -static long ber_ctrl(BIO *h,int cmd,long arg1,char *arg2); -static int ber_new(BIO *h); -static int ber_free(BIO *data); -static long ber_callback_ctrl(BIO *h,int cmd,void *(*fp)()); -#define BER_BUF_SIZE (32) - -/* This is used to hold the state of the BER objects being read. */ -typedef struct ber_struct - { - int tag; - int class; - long length; - int inf; - int num_left; - int depth; - } BER_CTX; - -typedef struct bio_ber_struct - { - int tag; - int class; - long length; - int inf; - - /* most of the following are used when doing non-blocking IO */ - /* reading */ - long num_left; /* number of bytes still to read/write in block */ - int depth; /* used with indefinite encoding. */ - int finished; /* No more read data */ - - /* writting */ - char *w_addr; - int w_offset; - int w_left; - - int buf_len; - int buf_off; - unsigned char buf[BER_BUF_SIZE]; - } BIO_BER_CTX; - -static BIO_METHOD methods_ber= - { - BIO_TYPE_CIPHER,"cipher", - ber_write, - ber_read, - NULL, /* ber_puts, */ - NULL, /* ber_gets, */ - ber_ctrl, - ber_new, - ber_free, - ber_callback_ctrl, - }; - -BIO_METHOD *BIO_f_ber(void) - { - return(&methods_ber); - } - -static int ber_new(BIO *bi) - { - BIO_BER_CTX *ctx; - - ctx=(BIO_BER_CTX *)OPENSSL_malloc(sizeof(BIO_BER_CTX)); - if (ctx == NULL) return(0); - - memset((char *)ctx,0,sizeof(BIO_BER_CTX)); - - bi->init=0; - bi->ptr=(char *)ctx; - bi->flags=0; - return(1); - } - -static int ber_free(BIO *a) - { - BIO_BER_CTX *b; - - if (a == NULL) return(0); - b=(BIO_BER_CTX *)a->ptr; - memset(a->ptr,0,sizeof(BIO_BER_CTX)); - OPENSSL_free(a->ptr); - a->ptr=NULL; - a->init=0; - a->flags=0; - return(1); - } - -int bio_ber_get_header(BIO *bio, BIO_BER_CTX *ctx) - { - char buf[64]; - int i,j,n; - int ret; - unsigned char *p; - unsigned long length - int tag; - int class; - long max; - - BIO_clear_retry_flags(b); - - /* Pack the buffer down if there is a hole at the front */ - if (ctx->buf_off != 0) - { - p=ctx->buf; - j=ctx->buf_off; - n=ctx->buf_len-j; - for (i=0; ibuf_len-j; - ctx->buf_off=0; - } - - /* If there is more room, read some more data */ - i=BER_BUF_SIZE-ctx->buf_len; - if (i) - { - i=BIO_read(bio->next_bio,&(ctx->buf[ctx->buf_len]),i); - if (i <= 0) - { - BIO_copy_next_retry(b); - return(i); - } - else - ctx->buf_len+=i; - } - - max=ctx->buf_len; - p=ctx->buf; - ret=ASN1_get_object(&p,&length,&tag,&class,max); - - if (ret & 0x80) - { - if ((ctx->buf_len < BER_BUF_SIZE) && - (ERR_GET_REASON(ERR_peek_error()) == ASN1_R_TOO_LONG)) - { - ERR_get_error(); /* clear the error */ - BIO_set_retry_read(b); - } - return(-1); - } - - /* We have no error, we have a header, so make use of it */ - - if ((ctx->tag >= 0) && (ctx->tag != tag)) - { - BIOerr(BIO_F_BIO_BER_GET_HEADER,BIO_R_TAG_MISMATCH); - sprintf(buf,"tag=%d, got %d",ctx->tag,tag); - ERR_add_error_data(1,buf); - return(-1); - } - if (ret & 0x01) - if (ret & V_ASN1_CONSTRUCTED) - } - -static int ber_read(BIO *b, char *out, int outl) - { - int ret=0,i,n; - BIO_BER_CTX *ctx; - - BIO_clear_retry_flags(b); - - if (out == NULL) return(0); - ctx=(BIO_BER_CTX *)b->ptr; - - if ((ctx == NULL) || (b->next_bio == NULL)) return(0); - - if (ctx->finished) return(0); - -again: - /* First see if we are half way through reading a block */ - if (ctx->num_left > 0) - { - if (ctx->num_left < outl) - n=ctx->num_left; - else - n=outl; - i=BIO_read(b->next_bio,out,n); - if (i <= 0) - { - BIO_copy_next_retry(b); - return(i); - } - ctx->num_left-=i; - outl-=i; - ret+=i; - if (ctx->num_left <= 0) - { - ctx->depth--; - if (ctx->depth <= 0) - ctx->finished=1; - } - if (outl <= 0) - return(ret); - else - goto again; - } - else /* we need to read another BER header */ - { - } - } - -static int ber_write(BIO *b, char *in, int inl) - { - int ret=0,n,i; - BIO_ENC_CTX *ctx; - - ctx=(BIO_ENC_CTX *)b->ptr; - ret=inl; - - BIO_clear_retry_flags(b); - n=ctx->buf_len-ctx->buf_off; - while (n > 0) - { - i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n); - if (i <= 0) - { - BIO_copy_next_retry(b); - return(i); - } - ctx->buf_off+=i; - n-=i; - } - /* at this point all pending data has been written */ - - if ((in == NULL) || (inl <= 0)) return(0); - - ctx->buf_off=0; - while (inl > 0) - { - n=(inl > ENC_BLOCK_SIZE)?ENC_BLOCK_SIZE:inl; - EVP_CipherUpdate(&(ctx->cipher), - (unsigned char *)ctx->buf,&ctx->buf_len, - (unsigned char *)in,n); - inl-=n; - in+=n; - - ctx->buf_off=0; - n=ctx->buf_len; - while (n > 0) - { - i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n); - if (i <= 0) - { - BIO_copy_next_retry(b); - return(i); - } - n-=i; - ctx->buf_off+=i; - } - ctx->buf_len=0; - ctx->buf_off=0; - } - BIO_copy_next_retry(b); - return(ret); - } - -static long ber_ctrl(BIO *b, int cmd, long num, char *ptr) - { - BIO *dbio; - BIO_ENC_CTX *ctx,*dctx; - long ret=1; - int i; - - ctx=(BIO_ENC_CTX *)b->ptr; - - switch (cmd) - { - case BIO_CTRL_RESET: - ctx->ok=1; - ctx->finished=0; - EVP_CipherInit_ex(&(ctx->cipher),NULL,NULL,NULL,NULL, - ctx->cipher.berrypt); - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); - break; - case BIO_CTRL_EOF: /* More to read */ - if (ctx->cont <= 0) - ret=1; - else - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); - break; - case BIO_CTRL_WPENDING: - ret=ctx->buf_len-ctx->buf_off; - if (ret <= 0) - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); - break; - case BIO_CTRL_PENDING: /* More to read in buffer */ - ret=ctx->buf_len-ctx->buf_off; - if (ret <= 0) - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); - break; - case BIO_CTRL_FLUSH: - /* do a final write */ -again: - while (ctx->buf_len != ctx->buf_off) - { - i=ber_write(b,NULL,0); - if (i < 0) - { - ret=i; - break; - } - } - - if (!ctx->finished) - { - ctx->finished=1; - ctx->buf_off=0; - ret=EVP_CipherFinal_ex(&(ctx->cipher), - (unsigned char *)ctx->buf, - &(ctx->buf_len)); - ctx->ok=(int)ret; - if (ret <= 0) break; - - /* push out the bytes */ - goto again; - } - - /* Finally flush the underlying BIO */ - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); - break; - case BIO_C_GET_CIPHER_STATUS: - ret=(long)ctx->ok; - break; - case BIO_C_DO_STATE_MACHINE: - BIO_clear_retry_flags(b); - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); - BIO_copy_next_retry(b); - break; - - case BIO_CTRL_DUP: - dbio=(BIO *)ptr; - dctx=(BIO_ENC_CTX *)dbio->ptr; - memcpy(&(dctx->cipher),&(ctx->cipher),sizeof(ctx->cipher)); - dbio->init=1; - break; - default: - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); - break; - } - return(ret); - } - -static long ber_callback_ctrl(BIO *b, int cmd, void *(*fp)()) - { - long ret=1; - - if (b->next_bio == NULL) return(0); - switch (cmd) - { - default: - ret=BIO_callback_ctrl(b->next_bio,cmd,fp); - break; - } - return(ret); - } - -/* -void BIO_set_cipher_ctx(b,c) -BIO *b; -EVP_CIPHER_ctx *c; - { - if (b == NULL) return; - - if ((b->callback != NULL) && - (b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,0L) <= 0)) - return; - - b->init=1; - ctx=(BIO_ENC_CTX *)b->ptr; - memcpy(ctx->cipher,c,sizeof(EVP_CIPHER_CTX)); - - if (b->callback != NULL) - b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L); - } -*/ - -void BIO_set_cipher(BIO *b, EVP_CIPHER *c, unsigned char *k, unsigned char *i, - int e) - { - BIO_ENC_CTX *ctx; - - if (b == NULL) return; - - if ((b->callback != NULL) && - (b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,0L) <= 0)) - return; - - b->init=1; - ctx=(BIO_ENC_CTX *)b->ptr; - EVP_CipherInit_ex(&(ctx->cipher),c,NULL,k,i,e); - - if (b->callback != NULL) - b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L); - } - diff --git a/src/lib/libcrypto/pkcs7/bio_pk7.c b/src/lib/libcrypto/pkcs7/bio_pk7.c new file mode 100644 index 00000000000..ad3c5e26982 --- /dev/null +++ b/src/lib/libcrypto/pkcs7/bio_pk7.c @@ -0,0 +1,66 @@ +/* $OpenBSD: bio_pk7.c,v 1.5 2016/12/30 15:38:13 jsing Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2008 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + */ + +#include +#include +#include + +#include + +/* Streaming encode support for PKCS#7 */ +BIO * +BIO_new_PKCS7(BIO *out, PKCS7 *p7) +{ + return BIO_new_NDEF(out, (ASN1_VALUE *)p7, &PKCS7_it); +} diff --git a/src/lib/libcrypto/pkcs7/dec.c b/src/lib/libcrypto/pkcs7/dec.c deleted file mode 100644 index 6752ec568a9..00000000000 --- a/src/lib/libcrypto/pkcs7/dec.c +++ /dev/null @@ -1,248 +0,0 @@ -/* crypto/pkcs7/verify.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -#include -#include -#include -#include -#include -#include -#include -#include - -int verify_callback(int ok, X509_STORE_CTX *ctx); - -BIO *bio_err=NULL; - -int main(argc,argv) -int argc; -char *argv[]; - { - char *keyfile=NULL; - BIO *in; - EVP_PKEY *pkey; - X509 *x509; - PKCS7 *p7; - PKCS7_SIGNER_INFO *si; - X509_STORE_CTX cert_ctx; - X509_STORE *cert_store=NULL; - BIO *data,*detached=NULL,*p7bio=NULL; - char buf[1024*4]; - unsigned char *pp; - int i,printit=0; - STACK_OF(PKCS7_SIGNER_INFO) *sk; - - OpenSSL_add_all_algorithms(); - bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); - - data=BIO_new(BIO_s_file()); - pp=NULL; - while (argc > 1) - { - argc--; - argv++; - if (strcmp(argv[0],"-p") == 0) - { - printit=1; - } - else if ((strcmp(argv[0],"-k") == 0) && (argc >= 2)) { - keyfile = argv[1]; - argc-=1; - argv+=1; - } else if ((strcmp(argv[0],"-d") == 0) && (argc >= 2)) - { - detached=BIO_new(BIO_s_file()); - if (!BIO_read_filename(detached,argv[1])) - goto err; - argc-=1; - argv+=1; - } - else break; - } - - if (!BIO_read_filename(data,argv[0])) goto err; - - if(!keyfile) { - fprintf(stderr, "No private key file specified\n"); - goto err; - } - - if ((in=BIO_new_file(keyfile,"r")) == NULL) goto err; - if ((x509=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL) goto err; - BIO_reset(in); - if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL)) == NULL) - goto err; - BIO_free(in); - - if (pp == NULL) - BIO_set_fp(data,stdin,BIO_NOCLOSE); - - - /* Load the PKCS7 object from a file */ - if ((p7=PEM_read_bio_PKCS7(data,NULL,NULL,NULL)) == NULL) goto err; - - - - /* This stuff is being setup for certificate verification. - * When using SSL, it could be replaced with a - * cert_stre=SSL_CTX_get_cert_store(ssl_ctx); */ - cert_store=X509_STORE_new(); - X509_STORE_set_default_paths(cert_store); - X509_STORE_load_locations(cert_store,NULL,"../../certs"); - X509_STORE_set_verify_cb_func(cert_store,verify_callback); - - ERR_clear_error(); - - /* We need to process the data */ - /* We cannot support detached encryption */ - p7bio=PKCS7_dataDecode(p7,pkey,detached,x509); - - if (p7bio == NULL) - { - printf("problems decoding\n"); - goto err; - } - - /* We now have to 'read' from p7bio to calculate digests etc. */ - for (;;) - { - i=BIO_read(p7bio,buf,sizeof(buf)); - /* print it? */ - if (i <= 0) break; - fwrite(buf,1, i, stdout); - } - - /* We can now verify signatures */ - sk=PKCS7_get_signer_info(p7); - if (sk == NULL) - { - fprintf(stderr, "there are no signatures on this data\n"); - } - else - { - /* Ok, first we need to, for each subject entry, - * see if we can verify */ - ERR_clear_error(); - for (i=0; ierror) - { - case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: - X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,256); - BIO_printf(bio_err,"issuer= %s\n",buf); - break; - case X509_V_ERR_CERT_NOT_YET_VALID: - case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: - BIO_printf(bio_err,"notBefore="); - ASN1_UTCTIME_print(bio_err,X509_get_notBefore(ctx->current_cert)); - BIO_printf(bio_err,"\n"); - break; - case X509_V_ERR_CERT_HAS_EXPIRED: - case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: - BIO_printf(bio_err,"notAfter="); - ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ctx->current_cert)); - BIO_printf(bio_err,"\n"); - break; - } - BIO_printf(bio_err,"verify return:%d\n",ok); - return(ok); - } diff --git a/src/lib/libcrypto/pkcs7/des.pem b/src/lib/libcrypto/pkcs7/des.pem deleted file mode 100644 index 62d1657e3e7..00000000000 --- a/src/lib/libcrypto/pkcs7/des.pem +++ /dev/null @@ -1,15 +0,0 @@ - -MIAGCSqGSIb3DQEHA6CAMIACAQAxggHmMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEG -A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m -dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD -ExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR+MA0GCSqGSIb3DQEBAQUABEC2vXI1xQDW6lUHM3zQ -/9uBEBOO5A3TtkrklAXq7v01gsIC21t52qSk36REXY+slhNZ0OQ349tgkTsoETHFLoEwMIHw -AgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMI -QnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU -UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR9MA0G -CSqGSIb3DQEBAQUABEB8ujxbabxXUYJhopuDm3oDq4JNqX6Io4p3ro+ShqfIndsXTZ1v5a2N -WtLLCWlHn/habjBwZ/DgQgcKASbZ7QxNMIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIA -oAQIbsL5v1wX98KggAQoAaJ4WHm68fXY1WE5OIjfVBIDpO1K+i8dmKhjnAjrjoyZ9Bwc8rDL -lgQg4CXb805h5xl+GfvSwUaHJayte1m2mcOhs3J2YyqbQ+MEIMIiJQccmhO3oDKm36CFvYR8 -5PjpclVcZyX2ngbwPFMnBAgy0clOAE6UKAAAAAAAAAAAAAA= - diff --git a/src/lib/libcrypto/pkcs7/doc b/src/lib/libcrypto/pkcs7/doc deleted file mode 100644 index d2e8b7b2a3d..00000000000 --- a/src/lib/libcrypto/pkcs7/doc +++ /dev/null @@ -1,24 +0,0 @@ -int PKCS7_set_content_type(PKCS7 *p7, int type); -Call to set the type of PKCS7 object we are working on - -int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, - EVP_MD *dgst); -Use this to setup a signer info -There will also be functions to add signed and unsigned attributes. - -int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i); -Add a signer info to the content. - -int PKCS7_add_certificae(PKCS7 *p7, X509 *x509); -int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509); - ----- - -p7=PKCS7_new(); -PKCS7_set_content_type(p7,NID_pkcs7_signed); - -signer=PKCS7_SINGNER_INFO_new(); -PKCS7_SIGNER_INFO_set(signer,x509,pkey,EVP_md5()); -PKCS7_add_signer(py,signer); - -we are now setup. diff --git a/src/lib/libcrypto/pkcs7/enc.c b/src/lib/libcrypto/pkcs7/enc.c deleted file mode 100644 index 7417f8a4e00..00000000000 --- a/src/lib/libcrypto/pkcs7/enc.c +++ /dev/null @@ -1,174 +0,0 @@ -/* crypto/pkcs7/enc.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -#include -#include -#include -#include -#include -#include - -int main(argc,argv) -int argc; -char *argv[]; - { - X509 *x509; - PKCS7 *p7; - BIO *in; - BIO *data,*p7bio; - char buf[1024*4]; - int i; - int nodetach=1; - char *keyfile = NULL; - const EVP_CIPHER *cipher=NULL; - STACK_OF(X509) *recips=NULL; - - OpenSSL_add_all_algorithms(); - - data=BIO_new(BIO_s_file()); - while(argc > 1) - { - if (strcmp(argv[1],"-nd") == 0) - { - nodetach=1; - argv++; argc--; - } - else if ((strcmp(argv[1],"-c") == 0) && (argc >= 2)) { - if(!(cipher = EVP_get_cipherbyname(argv[2]))) { - fprintf(stderr, "Unknown cipher %s\n", argv[2]); - goto err; - } - argc-=2; - argv+=2; - } else if ((strcmp(argv[1],"-k") == 0) && (argc >= 2)) { - keyfile = argv[2]; - argc-=2; - argv+=2; - if (!(in=BIO_new_file(keyfile,"r"))) goto err; - if (!(x509=PEM_read_bio_X509(in,NULL,NULL,NULL))) - goto err; - if(!recips) recips = sk_X509_new_null(); - sk_X509_push(recips, x509); - BIO_free(in); - } else break; - } - - if(!recips) { - fprintf(stderr, "No recipients\n"); - goto err; - } - - if (!BIO_read_filename(data,argv[1])) goto err; - - p7=PKCS7_new(); -#if 0 - BIO_reset(in); - if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL)) == NULL) goto err; - BIO_free(in); - PKCS7_set_type(p7,NID_pkcs7_signedAndEnveloped); - - if (PKCS7_add_signature(p7,x509,pkey,EVP_sha1()) == NULL) goto err; - /* we may want to add more */ - PKCS7_add_certificate(p7,x509); -#else - PKCS7_set_type(p7,NID_pkcs7_enveloped); -#endif - if(!cipher) { -#ifndef OPENSSL_NO_DES - cipher = EVP_des_ede3_cbc(); -#else - fprintf(stderr, "No cipher selected\n"); - goto err; -#endif - } - - if (!PKCS7_set_cipher(p7,cipher)) goto err; - for(i = 0; i < sk_X509_num(recips); i++) { - if (!PKCS7_add_recipient(p7,sk_X509_value(recips, i))) goto err; - } - sk_X509_pop_free(recips, X509_free); - - /* Set the content of the signed to 'data' */ - /* PKCS7_content_new(p7,NID_pkcs7_data); not used in envelope */ - - /* could be used, but not in this version :-) - if (!nodetach) PKCS7_set_detached(p7,1); - */ - - if ((p7bio=PKCS7_dataInit(p7,NULL)) == NULL) goto err; - - for (;;) - { - i=BIO_read(data,buf,sizeof(buf)); - if (i <= 0) break; - BIO_write(p7bio,buf,i); - } - BIO_flush(p7bio); - - if (!PKCS7_dataFinal(p7,p7bio)) goto err; - BIO_free(p7bio); - - PEM_write_PKCS7(stdout,p7); - PKCS7_free(p7); - - exit(0); -err: - ERR_load_crypto_strings(); - ERR_print_errors_fp(stderr); - exit(1); - } - diff --git a/src/lib/libcrypto/pkcs7/es1.pem b/src/lib/libcrypto/pkcs7/es1.pem deleted file mode 100644 index 47112a238fd..00000000000 --- a/src/lib/libcrypto/pkcs7/es1.pem +++ /dev/null @@ -1,66 +0,0 @@ ------BEGIN PKCS7----- -MIAGCSqGSIb3DQEHA6CAMIACAQAxggHmMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEG -A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m -dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD -ExJERU1PIFpFUk8gVkFMVUUgQ0ECAgRuMA0GCSqGSIb3DQEBAQUABEDWak0y/5XZJhQJeCLo -KECcHXkTEbjzYkYNHIinbiPmRK4QbNfs9z2mA3z/c2ykQ4eAqFR2jyNrUMN/+I5XEiv6MIHw -AgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMI -QnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU -UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR9MA0G -CSqGSIb3DQEBAQUABEAWg9+KgtCjc77Jdj1Ve4wGgHjVHbbSYEA1ZqKFDoi15vSr9hfpHmC4 -ycZzcRo16JkTfolefiHZzmyjVz94vSN6MIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIA -oAQI7X4Tk4mcbV6ggASBsHl1mCaJ3RhXWlNPCgCRU53d7M5x6TDZRkvwdtdvW96m1lupT03F -XtonkBqk7oMkH7kGfs5/REQOPjx0QE2Ixmgt1W3szum82EZwA7pZNppcraK7W/odw/7bYZO+ -II3HPmRklE2N9qiu1LPaPUsnYogkO6SennyeL5tZ382vBweL/8pnG0qsbT1OBb65v+llnsjT -pa1T/p+fIx/iJJGE6K9fYFokC6gXLQ6ozXRdOu5oBDB8mPCYYvAqKycidM/MrGGUkpEtS4f0 -lS31PwQi5YTim8Ig3/TOwVpPX32i46FTuEIEIMHkD/OvpfwCCzXUHHJnKnKUAUvIsSY3vGBs -8ezpUDfBBBj9LHDy32hZ2tQilkDefP5VM2LLdrWgamYEgfiyITQvn08Ul5lQOQxbFKBheFq5 -otCCN4MR+w5eq12xQu6y+f9z0159ag2ru87D0lLtUtXXtCELbO1nUkT2sJ0k/iDs9TOXr6Cx -go1XKYho83hlkXYiCteVizdAbgVGNsNRD4wtIdajsorET/LuJECgp11YeL9w1dlDB0HLEZfi -XCsUphH4jGagba3hDeUSibnjSiJlN0ukfuQurBBbI2UkBAujiEAubKPn7C1FZJRSw6CPPX5t -KEpmcqT1JNk6LO8Js6/1sCmmBh1VGCy1+EuTI9J1p7Dagf4nQ8cHitoCRpHuKZlFHnZyv7tw -Rn/KOhHaYP2VzAh40gQIvKMAAWh9oFsEEIMwIoOmLwLH5wf+8QdbDhoECH8HwZt9a12dBAjL -r4j2zlvtfgQIt7nmEM3wz1EECKlc3EIy1irCBBCAKINcermK3A+jI6ISN2RzBFA3dsh/xwMu -l61aWMBBZzEz/SF92k6n35KZhCC0d6fIVC/1WMv0fnCwQ8oEDynSre216VEFiYKBaQLJe5o/ -mTAxC7Ht3goXnuc+i1FItOkLrgRI/wyvTICEn2WsNZiMADnGaee2bqPnUopo+VMGexJEtCPk -l0ZNlDJGquPDkpUwaEtecVZzCNyVPYyyF4J/l8rmGDhDdYUIC8IKBEg/ip/E0BuubBLWVbv+ -HRl4QrnGpyCyeXRXXK603QP3sT1Zbbm1v5pI/loOhVHi724LmtXHSyp5qv9MDcxE1PoX10LY -gBRtlwwESPeCF8bK5jk4xIQMhK5NMHj1Y1KQWTZ9NGITBL4hjRq2qp4Qk5GIpGgOVPopAuCo -TIyPikpqBRNtLSPRSsDs6QPUPzWBh6JgxwRQblnDKKUkxUcnJiD4i9QtGa/ZabMn4KxtNOBL -5JSh1nJkaLXCZY070131WWPAByLcd5TiXq8x84pmzV5NNk4tiMpoXhJNsx8e4rskQQlKd6ME -SCe2eYDHKcKPX3WJbUzhrJSQ92/aWnI2iUY8WQ+kSNyiZ2QUjyuUg9Z66g/0d2STlvPOBHT/ -y5ODP2CwbcWX4QmCbUc9TT66fQRIrRVuwvtOfnUueyGgYhJ3HpAJfVaB/7kap5bj7Fi/azW4 -9JDfd1bC/W9h0Kyk7RO2gxvE0hIHc26mZJHTm9MNP5D328MnM2MdBEjKjQBtgrp+lFIii7MP -nGHFTKUkG4WAIZJCf/CsT+p6/SW0qG71Me/YcSw5STB24j+a+HgMV8RVIeUlkP4z0IWWrSoB -Gh4d/Z0EUMCVHs/HZ/bWgiyhtHpvuVAzidm8D81p1LJ5BQX5/5f/m+q5+fS/npL27dTEbNqs -LSB6ij3MZAi7LwHWpTn9zWnDajCMEj9vlaV7mcKtHK5iBEg85agFi1h3MvicqLtoFe5hVv9T -tG0j6CRkjkixPzivltlrf44KHv14gLM0XJxCGyq7vd3l8QYr3+9at0zNnX/yqTiBnsnE5dUE -SIgrYuz87M2gi/ER9PcDoTtONH3+CkcqVy03q/Sj8cVWD/b1KgEhqnNOfc8Ak9PctyR/ItcR -8Me5XVn1GJKkQJk4O29fxvgNoAQIrIESvUWGshAEQByXiFoFTDUByjTlgjcy77H1lrH+y3P/ -wAInJjJAut9kCNyGJV0PA4kdPB5USWltuO6t8gk4Pd2YBMl09zqUWkAEUCjFrtZ3mapjcGZI -uQTASKR5LSjXoWxTT5gae/+64MerF/oCEeO3ehRTpjnPrsiRDo0rWIQTaj9+Nro8Z2xtWstw -RnfoAHIxV1lEamPwjsceBEi2SD9hiifFeO5ECiVoaE1FdXUXhU+jwYAMx6jHWO9hMkYzS9pM -Y3IyWR5ybtOjiQgkUdvRJPUPGf5DVVMPnymGX25aDh5PYpIESPbsM9akCpOOVuscywcUswmU -o7dXvlB48WWCfg/al3BQKAZbn5ZXtWNwpUZkrEdHsrxAVv3rxRcdkT3Z1fzUbIuYkLJN200o -WgRIJvn6RO8KEj7/HOg2sYuuM8nz1kR0TSgwX7/0y/7JfjBa0JIlP7o75sNJscE8oyoIMzuy -Dvn6/U9g3BCDXn83A/s+ke60qn9gBFC6NAeLOlXal1YVWYhMQNOqCyUfAjiXBTawaysQb1Mk -YgeNlF8xuEFcUQWIP+vNG7FJ5JPMaMRL4YEoaQ3sVFhYOERJR1cSb+8xt4QCYtBKQgRIUOmJ -CHW5o1hXJWJiTkZK2qWFcEMzTINSj5EpYFySr8aVBjkRnI7vxegRT/+XZZXoYedQ3UNsnGI3 -DdkWii5VzX0PNF6C60pfBEiVpausYuX7Wjb3Lfm8cBj7GgN69i6Pm2gxtobVcmpo2nS4D714 -ePyhlX9n8kJ6QAcqWMRj22smDPrHVGNTizfzHBh5zNllK9gESJizILOWI327og3ZWp+qUht5 -kNDJCzMK7Z09UAy+h+vq0VTQuEo3FgLzVdqkJujjSL4Nx97lXg51AovrEn3nd4evydwcjKLX -1wRIo72NaeWuUEQ+rt1SlCsOJ7k1ioJSqhrPOfvwcaFcb4beVet1JWiy4yvowTjLDGbUje2s -xjrlVt4BJWI/uA6jbQsrxSe89ADZBAi5YAlR4qszeAQIXD3VSBVKbRUECNTtyvw9vvqXBAhb -IZNn4H4cxgQI+XW7GkfL+ekECCCCg2reMyGDBAh1PYqkg3lw3gQQkNlggEPU+BH8eh7Gm7n7 -7AQIjC5EWbkil5cEEKcpuqwTWww/X89KnQAg8TcECJPomqHvrlZFBBiRSuIiHpmN+PaujXpv -qZV2VhjkB2j09GEECOIdv8AVOJgKBAjlHgIqAD9jZQQIXHbs44+wogcEIGGqTACRJxrhMcMG -X8drNjksIPt+snxTXUBIkTVpZWoABAh6unXPTyIr8QQgBF8xKoX27MWk7iTNmkSNZggZXa2a -DWCGHSYLngbSOHIECD9XmO6VsvTgBAjfqB70CEW4WwQIVIBkbCocznUEEHB/zFXy/sR4OYHe -UfbNPnIEEDWBB/NTCLMGE+o8BfyujcAECFik7GQnnF9VBBAhLXExQeWAofZNc6NtN7qZBCC1 -gVIS3ruTwKltmcrgx3heT3M8ZJhCfWa+6KzchnmKygQQ+1NL5sSzR4m/fdrqxHFyUAQYCT2x -PamQr3wK3h0lyZER+4H0zPM86AhFBBC3CkmvL2vjflMfujnzPBVpBBge9rMbI5+0q9DLrTiT -5F3AIgXLpD8PQWAECHkHVo6RomV3BAgMbi8E271UeAQIqtS8wnI3XngECG3TWmOMb3/iBEha -y+mvCS6I3n3JfL8e1B5P4qX9/czJRaERLuKpGNjLiL4A+zxN0LZ0UHd0qfmJjwOTxAx3iJAC -lGXX4nB9ATYPUT5EU+o1Y4sECN01pP6vWNIdBDAsiE0Ts8/9ltJlqX2B3AoOM4qOt9EaCjXf -lB+aEmrhtjUwuZ6GqS5Ke7P6XnakTk4ECCLIMatNdootAAAAAAAAAAAAAA== ------END PKCS7----- diff --git a/src/lib/libcrypto/pkcs7/example.c b/src/lib/libcrypto/pkcs7/example.c deleted file mode 100644 index c993947cc37..00000000000 --- a/src/lib/libcrypto/pkcs7/example.c +++ /dev/null @@ -1,329 +0,0 @@ -#include -#include -#include -#include -#include -#include - -int add_signed_time(PKCS7_SIGNER_INFO *si) - { - ASN1_UTCTIME *sign_time; - - /* The last parameter is the amount to add/subtract from the current - * time (in seconds) */ - sign_time=X509_gmtime_adj(NULL,0); - PKCS7_add_signed_attribute(si,NID_pkcs9_signingTime, - V_ASN1_UTCTIME,(char *)sign_time); - return(1); - } - -ASN1_UTCTIME *get_signed_time(PKCS7_SIGNER_INFO *si) - { - ASN1_TYPE *so; - - so=PKCS7_get_signed_attribute(si,NID_pkcs9_signingTime); - if (so->type == V_ASN1_UTCTIME) - return so->value.utctime; - return NULL; - } - -static int signed_string_nid= -1; - -void add_signed_string(PKCS7_SIGNER_INFO *si, char *str) - { - ASN1_OCTET_STRING *os; - - /* To a an object of OID 1.2.3.4.5, which is an octet string */ - if (signed_string_nid == -1) - signed_string_nid= - OBJ_create("1.2.3.4.5","OID_example","Our example OID"); - os=ASN1_OCTET_STRING_new(); - ASN1_OCTET_STRING_set(os,(unsigned char*)str,strlen(str)); - /* When we add, we do not free */ - PKCS7_add_signed_attribute(si,signed_string_nid, - V_ASN1_OCTET_STRING,(char *)os); - } - -int get_signed_string(PKCS7_SIGNER_INFO *si, char *buf, int len) - { - ASN1_TYPE *so; - ASN1_OCTET_STRING *os; - int i; - - if (signed_string_nid == -1) - signed_string_nid= - OBJ_create("1.2.3.4.5","OID_example","Our example OID"); - /* To retrieve */ - so=PKCS7_get_signed_attribute(si,signed_string_nid); - if (so != NULL) - { - if (so->type == V_ASN1_OCTET_STRING) - { - os=so->value.octet_string; - i=os->length; - if ((i+1) > len) - i=len-1; - memcpy(buf,os->data,i); - return(i); - } - } - return(0); - } - -static int signed_seq2string_nid= -1; -/* ########################################### */ -int add_signed_seq2string(PKCS7_SIGNER_INFO *si, char *str1, char *str2) - { - /* To add an object of OID 1.9.999, which is a sequence containing - * 2 octet strings */ - unsigned char *p; - ASN1_OCTET_STRING *os1,*os2; - ASN1_STRING *seq; - unsigned char *data; - int i,total; - - if (signed_seq2string_nid == -1) - signed_seq2string_nid= - OBJ_create("1.9.9999","OID_example","Our example OID"); - - os1=ASN1_OCTET_STRING_new(); - os2=ASN1_OCTET_STRING_new(); - ASN1_OCTET_STRING_set(os1,(unsigned char*)str1,strlen(str1)); - ASN1_OCTET_STRING_set(os2,(unsigned char*)str1,strlen(str1)); - i =i2d_ASN1_OCTET_STRING(os1,NULL); - i+=i2d_ASN1_OCTET_STRING(os2,NULL); - total=ASN1_object_size(1,i,V_ASN1_SEQUENCE); - - data=malloc(total); - p=data; - ASN1_put_object(&p,1,i,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL); - i2d_ASN1_OCTET_STRING(os1,&p); - i2d_ASN1_OCTET_STRING(os2,&p); - - seq=ASN1_STRING_new(); - ASN1_STRING_set(seq,data,total); - free(data); - ASN1_OCTET_STRING_free(os1); - ASN1_OCTET_STRING_free(os2); - - PKCS7_add_signed_attribute(si,signed_seq2string_nid, - V_ASN1_SEQUENCE,(char *)seq); - return(1); - } - -/* For this case, I will malloc the return strings */ -int get_signed_seq2string(PKCS7_SIGNER_INFO *si, char **str1, char **str2) - { - ASN1_TYPE *so; - - if (signed_seq2string_nid == -1) - signed_seq2string_nid= - OBJ_create("1.9.9999","OID_example","Our example OID"); - /* To retrieve */ - so=PKCS7_get_signed_attribute(si,signed_seq2string_nid); - if (so && (so->type == V_ASN1_SEQUENCE)) - { - ASN1_CTX c; - ASN1_STRING *s; - long length; - ASN1_OCTET_STRING *os1,*os2; - - s=so->value.sequence; - c.p=ASN1_STRING_data(s); - c.max=c.p+ASN1_STRING_length(s); - if (!asn1_GetSequence(&c,&length)) goto err; - /* Length is the length of the seqence */ - - c.q=c.p; - if ((os1=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) - goto err; - c.slen-=(c.p-c.q); - - c.q=c.p; - if ((os2=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) - goto err; - c.slen-=(c.p-c.q); - - if (!asn1_Finish(&c)) goto err; - *str1=malloc(os1->length+1); - *str2=malloc(os2->length+1); - memcpy(*str1,os1->data,os1->length); - memcpy(*str2,os2->data,os2->length); - (*str1)[os1->length]='\0'; - (*str2)[os2->length]='\0'; - ASN1_OCTET_STRING_free(os1); - ASN1_OCTET_STRING_free(os2); - return(1); - } -err: - return(0); - } - - -/* ####################################### - * THE OTHER WAY TO DO THINGS - * ####################################### - */ -X509_ATTRIBUTE *create_time(void) - { - ASN1_UTCTIME *sign_time; - X509_ATTRIBUTE *ret; - - /* The last parameter is the amount to add/subtract from the current - * time (in seconds) */ - sign_time=X509_gmtime_adj(NULL,0); - ret=X509_ATTRIBUTE_create(NID_pkcs9_signingTime, - V_ASN1_UTCTIME,(char *)sign_time); - return(ret); - } - -ASN1_UTCTIME *sk_get_time(STACK_OF(X509_ATTRIBUTE) *sk) - { - ASN1_TYPE *so; - PKCS7_SIGNER_INFO si; - - si.auth_attr=sk; - so=PKCS7_get_signed_attribute(&si,NID_pkcs9_signingTime); - if (so->type == V_ASN1_UTCTIME) - return so->value.utctime; - return NULL; - } - -X509_ATTRIBUTE *create_string(char *str) - { - ASN1_OCTET_STRING *os; - X509_ATTRIBUTE *ret; - - /* To a an object of OID 1.2.3.4.5, which is an octet string */ - if (signed_string_nid == -1) - signed_string_nid= - OBJ_create("1.2.3.4.5","OID_example","Our example OID"); - os=ASN1_OCTET_STRING_new(); - ASN1_OCTET_STRING_set(os,(unsigned char*)str,strlen(str)); - /* When we add, we do not free */ - ret=X509_ATTRIBUTE_create(signed_string_nid, - V_ASN1_OCTET_STRING,(char *)os); - return(ret); - } - -int sk_get_string(STACK_OF(X509_ATTRIBUTE) *sk, char *buf, int len) - { - ASN1_TYPE *so; - ASN1_OCTET_STRING *os; - int i; - PKCS7_SIGNER_INFO si; - - si.auth_attr=sk; - - if (signed_string_nid == -1) - signed_string_nid= - OBJ_create("1.2.3.4.5","OID_example","Our example OID"); - /* To retrieve */ - so=PKCS7_get_signed_attribute(&si,signed_string_nid); - if (so != NULL) - { - if (so->type == V_ASN1_OCTET_STRING) - { - os=so->value.octet_string; - i=os->length; - if ((i+1) > len) - i=len-1; - memcpy(buf,os->data,i); - return(i); - } - } - return(0); - } - -X509_ATTRIBUTE *add_seq2string(PKCS7_SIGNER_INFO *si, char *str1, char *str2) - { - /* To add an object of OID 1.9.999, which is a sequence containing - * 2 octet strings */ - unsigned char *p; - ASN1_OCTET_STRING *os1,*os2; - ASN1_STRING *seq; - X509_ATTRIBUTE *ret; - unsigned char *data; - int i,total; - - if (signed_seq2string_nid == -1) - signed_seq2string_nid= - OBJ_create("1.9.9999","OID_example","Our example OID"); - - os1=ASN1_OCTET_STRING_new(); - os2=ASN1_OCTET_STRING_new(); - ASN1_OCTET_STRING_set(os1,(unsigned char*)str1,strlen(str1)); - ASN1_OCTET_STRING_set(os2,(unsigned char*)str1,strlen(str1)); - i =i2d_ASN1_OCTET_STRING(os1,NULL); - i+=i2d_ASN1_OCTET_STRING(os2,NULL); - total=ASN1_object_size(1,i,V_ASN1_SEQUENCE); - - data=malloc(total); - p=data; - ASN1_put_object(&p,1,i,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL); - i2d_ASN1_OCTET_STRING(os1,&p); - i2d_ASN1_OCTET_STRING(os2,&p); - - seq=ASN1_STRING_new(); - ASN1_STRING_set(seq,data,total); - free(data); - ASN1_OCTET_STRING_free(os1); - ASN1_OCTET_STRING_free(os2); - - ret=X509_ATTRIBUTE_create(signed_seq2string_nid, - V_ASN1_SEQUENCE,(char *)seq); - return(ret); - } - -/* For this case, I will malloc the return strings */ -int sk_get_seq2string(STACK_OF(X509_ATTRIBUTE) *sk, char **str1, char **str2) - { - ASN1_TYPE *so; - PKCS7_SIGNER_INFO si; - - if (signed_seq2string_nid == -1) - signed_seq2string_nid= - OBJ_create("1.9.9999","OID_example","Our example OID"); - - si.auth_attr=sk; - /* To retrieve */ - so=PKCS7_get_signed_attribute(&si,signed_seq2string_nid); - if (so->type == V_ASN1_SEQUENCE) - { - ASN1_CTX c; - ASN1_STRING *s; - long length; - ASN1_OCTET_STRING *os1,*os2; - - s=so->value.sequence; - c.p=ASN1_STRING_data(s); - c.max=c.p+ASN1_STRING_length(s); - if (!asn1_GetSequence(&c,&length)) goto err; - /* Length is the length of the seqence */ - - c.q=c.p; - if ((os1=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) - goto err; - c.slen-=(c.p-c.q); - - c.q=c.p; - if ((os2=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) - goto err; - c.slen-=(c.p-c.q); - - if (!asn1_Finish(&c)) goto err; - *str1=malloc(os1->length+1); - *str2=malloc(os2->length+1); - memcpy(*str1,os1->data,os1->length); - memcpy(*str2,os2->data,os2->length); - (*str1)[os1->length]='\0'; - (*str2)[os2->length]='\0'; - ASN1_OCTET_STRING_free(os1); - ASN1_OCTET_STRING_free(os2); - return(1); - } -err: - return(0); - } - - diff --git a/src/lib/libcrypto/pkcs7/example.h b/src/lib/libcrypto/pkcs7/example.h deleted file mode 100644 index 96167de188d..00000000000 --- a/src/lib/libcrypto/pkcs7/example.h +++ /dev/null @@ -1,57 +0,0 @@ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -int add_signed_time(PKCS7_SIGNER_INFO *si); -ASN1_UTCTIME *get_signed_time(PKCS7_SIGNER_INFO *si); -int get_signed_seq2string(PKCS7_SIGNER_INFO *si, char **str1, char **str2); diff --git a/src/lib/libcrypto/pkcs7/info.pem b/src/lib/libcrypto/pkcs7/info.pem deleted file mode 100644 index 989baf87096..00000000000 --- a/src/lib/libcrypto/pkcs7/info.pem +++ /dev/null @@ -1,57 +0,0 @@ -issuer :/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=DEMONSTRATION AND TESTING/CN=DEMO ZERO VALUE CA -subject:/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=SMIME 003/CN=Information/Email=info@cryptsoft.com -serial :047D - -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 1149 (0x47d) - Signature Algorithm: md5withRSAEncryption - Issuer: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=DEMONSTRATION AND TESTING, CN=DEMO ZERO VALUE CA - Validity - Not Before: May 13 05:40:58 1998 GMT - Not After : May 12 05:40:58 2000 GMT - Subject: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=SMIME 003, CN=Information/Email=info@cryptsoft.com - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Modulus: - 00:ad:e7:23:89:ee:0d:87:b7:9c:32:44:4b:95:81: - 73:dd:22:80:4b:2d:c5:60:b8:fe:1e:18:63:ef:dc: - 89:89:22:df:95:3c:7a:db:3d:9a:06:a8:08:d6:29: - fd:ef:41:09:91:ed:bc:ad:98:f9:f6:28:90:62:6f: - e7:e7:0c:4d:0b - Exponent: 65537 (0x10001) - X509v3 extensions: - Netscape Comment: - Generated with SSLeay - Signature Algorithm: md5withRSAEncryption - 52:15:ea:88:f4:f0:f9:0b:ef:ce:d5:f8:83:40:61:16:5e:55: - f9:ce:2d:d1:8b:31:5c:03:c6:2d:10:7c:61:d5:5c:0a:42:97: - d1:fd:65:b6:b6:84:a5:39:ec:46:ec:fc:e0:0d:d9:22:da:1b: - 50:74:ad:92:cb:4e:90:e5:fa:7d - ------BEGIN CERTIFICATE----- -MIICTDCCAfagAwIBAgICBH0wDQYJKoZIhvcNAQEEBQAwgZIxCzAJBgNVBAYTAkFV -MRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UE -ChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsTGURFTU9OU1RSQVRJT04gQU5E -IFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBWQUxVRSBDQTAeFw05ODA1MTMw -NTQwNThaFw0wMDA1MTIwNTQwNThaMIGeMQswCQYDVQQGEwJBVTETMBEGA1UECBMK -UXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m -dCBQdHkgTHRkMRIwEAYDVQQLEwlTTUlNRSAwMDMxFDASBgNVBAMTC0luZm9ybWF0 -aW9uMSEwHwYJKoZIhvcNAQkBFhJpbmZvQGNyeXB0c29mdC5jb20wXDANBgkqhkiG -9w0BAQEFAANLADBIAkEArecjie4Nh7ecMkRLlYFz3SKASy3FYLj+Hhhj79yJiSLf -lTx62z2aBqgI1in970EJke28rZj59iiQYm/n5wxNCwIDAQABoygwJjAkBglghkgB -hvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EA -UhXqiPTw+QvvztX4g0BhFl5V+c4t0YsxXAPGLRB8YdVcCkKX0f1ltraEpTnsRuz8 -4A3ZItobUHStkstOkOX6fQ== ------END CERTIFICATE----- - ------BEGIN RSA PRIVATE KEY----- -MIIBOgIBAAJBAK3nI4nuDYe3nDJES5WBc90igEstxWC4/h4YY+/ciYki35U8ets9 -mgaoCNYp/e9BCZHtvK2Y+fYokGJv5+cMTQsCAwEAAQJBAIHpvXvqEcOEoDRRHuIG -fkcB4jPHcr9KE9TpxabH6xs9beN6OJnkePXAHwaz5MnUgSnbpOKq+cw8miKjXwe/ -zVECIQDVLwncT2lRmXarEYHzb+q/0uaSvKhWKKt3kJasLNTrAwIhANDUc/ghut29 -p3jJYjurzUKuG774/5eLjPLsxPPIZzNZAiA/10hSq41UnGqHLEUIS9m2/EeEZe7b -bm567dfRU9OnVQIgDo8ROrZXSchEGbaog5J5r/Fle83uO8l93R3GqVxKXZkCIFfk -IPD5PIYQAyyod3hyKKza7ZP4CGY4oOfZetbkSGGG ------END RSA PRIVATE KEY----- diff --git a/src/lib/libcrypto/pkcs7/infokey.pem b/src/lib/libcrypto/pkcs7/infokey.pem deleted file mode 100644 index 1e2acc954d2..00000000000 --- a/src/lib/libcrypto/pkcs7/infokey.pem +++ /dev/null @@ -1,9 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIBOgIBAAJBAK3nI4nuDYe3nDJES5WBc90igEstxWC4/h4YY+/ciYki35U8ets9 -mgaoCNYp/e9BCZHtvK2Y+fYokGJv5+cMTQsCAwEAAQJBAIHpvXvqEcOEoDRRHuIG -fkcB4jPHcr9KE9TpxabH6xs9beN6OJnkePXAHwaz5MnUgSnbpOKq+cw8miKjXwe/ -zVECIQDVLwncT2lRmXarEYHzb+q/0uaSvKhWKKt3kJasLNTrAwIhANDUc/ghut29 -p3jJYjurzUKuG774/5eLjPLsxPPIZzNZAiA/10hSq41UnGqHLEUIS9m2/EeEZe7b -bm567dfRU9OnVQIgDo8ROrZXSchEGbaog5J5r/Fle83uO8l93R3GqVxKXZkCIFfk -IPD5PIYQAyyod3hyKKza7ZP4CGY4oOfZetbkSGGG ------END RSA PRIVATE KEY----- diff --git a/src/lib/libcrypto/pkcs7/p7/a1 b/src/lib/libcrypto/pkcs7/p7/a1 deleted file mode 100644 index 56ca9437626..00000000000 --- a/src/lib/libcrypto/pkcs7/p7/a1 +++ /dev/null @@ -1,2 +0,0 @@ -j,H>_æá_­DôzEîLœ VJ³ß觬¤””E3ûáYäx%_Àk -3ê)DLScñ8% ôM \ No newline at end of file diff --git a/src/lib/libcrypto/pkcs7/p7/a2 b/src/lib/libcrypto/pkcs7/p7/a2 deleted file mode 100644 index 23d8fb5e93b..00000000000 --- a/src/lib/libcrypto/pkcs7/p7/a2 +++ /dev/null @@ -1 +0,0 @@ -k~@a”,NâM͹¼ ­×U¿o_½BqrmÎ?Ù t?t÷ÏéId2‰Š \ No newline at end of file diff --git a/src/lib/libcrypto/pkcs7/p7/cert.p7c b/src/lib/libcrypto/pkcs7/p7/cert.p7c deleted file mode 100644 index 2b75ec05f7d..00000000000 Binary files a/src/lib/libcrypto/pkcs7/p7/cert.p7c and /dev/null differ diff --git a/src/lib/libcrypto/pkcs7/p7/smime.p7m b/src/lib/libcrypto/pkcs7/p7/smime.p7m deleted file mode 100644 index 2b6e6f82ba3..00000000000 Binary files a/src/lib/libcrypto/pkcs7/p7/smime.p7m and /dev/null differ diff --git a/src/lib/libcrypto/pkcs7/p7/smime.p7s b/src/lib/libcrypto/pkcs7/p7/smime.p7s deleted file mode 100644 index 2b5d4fb0e3b..00000000000 Binary files a/src/lib/libcrypto/pkcs7/p7/smime.p7s and /dev/null differ diff --git a/src/lib/libcrypto/pkcs7/pk7_asn1.c b/src/lib/libcrypto/pkcs7/pk7_asn1.c index 46f0fc9375b..81e4a01f14f 100644 --- a/src/lib/libcrypto/pkcs7/pk7_asn1.c +++ b/src/lib/libcrypto/pkcs7/pk7_asn1.c @@ -1,5 +1,5 @@ -/* pk7_asn.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: pk7_asn1.c,v 1.12 2015/07/25 15:33:06 jsing Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" + #include #include #include @@ -66,132 +66,852 @@ /* This is the ANY DEFINED BY table for the top level PKCS#7 structure */ -ASN1_ADB_TEMPLATE(p7default) = ASN1_EXP_OPT(PKCS7, d.other, ASN1_ANY, 0); +static const ASN1_TEMPLATE p7default_tt = { + .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(PKCS7, d.other), + .field_name = "d.other", + .item = &ASN1_ANY_it, +}; + +static const ASN1_ADB_TABLE PKCS7_adbtbl[] = { + { + .value = NID_pkcs7_data, + .tt = { + .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL | ASN1_TFLG_NDEF, + .tag = 0, + .offset = offsetof(PKCS7, d.data), + .field_name = "d.data", + .item = &ASN1_OCTET_STRING_NDEF_it, + }, + + }, + { + .value = NID_pkcs7_signed, + .tt = { + .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL | ASN1_TFLG_NDEF, + .tag = 0, + .offset = offsetof(PKCS7, d.sign), + .field_name = "d.sign", + .item = &PKCS7_SIGNED_it, + }, + + }, + { + .value = NID_pkcs7_enveloped, + .tt = { + .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL | ASN1_TFLG_NDEF, + .tag = 0, + .offset = offsetof(PKCS7, d.enveloped), + .field_name = "d.enveloped", + .item = &PKCS7_ENVELOPE_it, + }, + + }, + { + .value = NID_pkcs7_signedAndEnveloped, + .tt = { + .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL | ASN1_TFLG_NDEF, + .tag = 0, + .offset = offsetof(PKCS7, d.signed_and_enveloped), + .field_name = "d.signed_and_enveloped", + .item = &PKCS7_SIGN_ENVELOPE_it, + }, + + }, + { + .value = NID_pkcs7_digest, + .tt = { + .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL | ASN1_TFLG_NDEF, + .tag = 0, + .offset = offsetof(PKCS7, d.digest), + .field_name = "d.digest", + .item = &PKCS7_DIGEST_it, + }, + + }, + { + .value = NID_pkcs7_encrypted, + .tt = { + .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL | ASN1_TFLG_NDEF, + .tag = 0, + .offset = offsetof(PKCS7, d.encrypted), + .field_name = "d.encrypted", + .item = &PKCS7_ENCRYPT_it, + }, + + }, +}; + +static const ASN1_ADB PKCS7_adb = { + .flags = 0, + .offset = offsetof(PKCS7, type), + .app_items = 0, + .tbl = PKCS7_adbtbl, + .tblcount = sizeof(PKCS7_adbtbl) / sizeof(ASN1_ADB_TABLE), + .default_tt = &p7default_tt, + .null_tt = NULL, +}; + +/* PKCS#7 streaming support */ +static int +pk7_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) +{ + ASN1_STREAM_ARG *sarg = exarg; + PKCS7 **pp7 = (PKCS7 **)pval; + + switch (operation) { + case ASN1_OP_STREAM_PRE: + if (PKCS7_stream(&sarg->boundary, *pp7) <= 0) + return 0; + + case ASN1_OP_DETACHED_PRE: + sarg->ndef_bio = PKCS7_dataInit(*pp7, sarg->out); + if (!sarg->ndef_bio) + return 0; + break; + + case ASN1_OP_STREAM_POST: + case ASN1_OP_DETACHED_POST: + if (PKCS7_dataFinal(*pp7, sarg->ndef_bio) <= 0) + return 0; + break; + } + return 1; +} -ASN1_ADB(PKCS7) = { - ADB_ENTRY(NID_pkcs7_data, ASN1_EXP_OPT(PKCS7, d.data, ASN1_OCTET_STRING, 0)), - ADB_ENTRY(NID_pkcs7_signed, ASN1_EXP_OPT(PKCS7, d.sign, PKCS7_SIGNED, 0)), - ADB_ENTRY(NID_pkcs7_enveloped, ASN1_EXP_OPT(PKCS7, d.enveloped, PKCS7_ENVELOPE, 0)), - ADB_ENTRY(NID_pkcs7_signedAndEnveloped, ASN1_EXP_OPT(PKCS7, d.signed_and_enveloped, PKCS7_SIGN_ENVELOPE, 0)), - ADB_ENTRY(NID_pkcs7_digest, ASN1_EXP_OPT(PKCS7, d.digest, PKCS7_DIGEST, 0)), - ADB_ENTRY(NID_pkcs7_encrypted, ASN1_EXP_OPT(PKCS7, d.encrypted, PKCS7_ENCRYPT, 0)) -} ASN1_ADB_END(PKCS7, 0, type, 0, &p7default_tt, NULL); +static const ASN1_AUX PKCS7_aux = { + .app_data = NULL, + .flags = 0, + .ref_offset = 0, + .ref_lock = 0, + .asn1_cb = pk7_cb, + .enc_offset = 0, +}; +static const ASN1_TEMPLATE PKCS7_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(PKCS7, type), + .field_name = "type", + .item = &ASN1_OBJECT_it, + }, + { + .flags = ASN1_TFLG_ADB_OID, + .tag = -1, + .offset = 0, + .field_name = "PKCS7", + .item = (const ASN1_ITEM *)&PKCS7_adb, + }, +}; + +const ASN1_ITEM PKCS7_it = { + .itype = ASN1_ITYPE_NDEF_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = PKCS7_seq_tt, + .tcount = sizeof(PKCS7_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = &PKCS7_aux, + .size = sizeof(PKCS7), + .sname = "PKCS7", +}; + + +PKCS7 * +d2i_PKCS7(PKCS7 **a, const unsigned char **in, long len) +{ + return (PKCS7 *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &PKCS7_it); +} -ASN1_SEQUENCE(PKCS7) = { - ASN1_SIMPLE(PKCS7, type, ASN1_OBJECT), - ASN1_ADB_OBJECT(PKCS7) -}ASN1_SEQUENCE_END(PKCS7) +int +i2d_PKCS7(PKCS7 *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS7_it); +} -IMPLEMENT_ASN1_FUNCTIONS(PKCS7) -IMPLEMENT_ASN1_DUP_FUNCTION(PKCS7) +PKCS7 * +PKCS7_new(void) +{ + return (PKCS7 *)ASN1_item_new(&PKCS7_it); +} -ASN1_SEQUENCE(PKCS7_SIGNED) = { - ASN1_SIMPLE(PKCS7_SIGNED, version, ASN1_INTEGER), - ASN1_SET_OF(PKCS7_SIGNED, md_algs, X509_ALGOR), - ASN1_SIMPLE(PKCS7_SIGNED, contents, PKCS7), - ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNED, cert, X509, 0), - ASN1_IMP_SET_OF_OPT(PKCS7_SIGNED, crl, X509_CRL, 1), - ASN1_SET_OF(PKCS7_SIGNED, signer_info, PKCS7_SIGNER_INFO) -} ASN1_SEQUENCE_END(PKCS7_SIGNED) +void +PKCS7_free(PKCS7 *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &PKCS7_it); +} -IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNED) +int +i2d_PKCS7_NDEF(PKCS7 *a, unsigned char **out) +{ + return ASN1_item_ndef_i2d((ASN1_VALUE *)a, out, &PKCS7_it); +} + +PKCS7 * +PKCS7_dup(PKCS7 *x) +{ + return ASN1_item_dup(&PKCS7_it, x); +} + +static const ASN1_TEMPLATE PKCS7_SIGNED_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(PKCS7_SIGNED, version), + .field_name = "version", + .item = &ASN1_INTEGER_it, + }, + { + .flags = ASN1_TFLG_SET_OF, + .tag = 0, + .offset = offsetof(PKCS7_SIGNED, md_algs), + .field_name = "md_algs", + .item = &X509_ALGOR_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(PKCS7_SIGNED, contents), + .field_name = "contents", + .item = &PKCS7_it, + }, + { + .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(PKCS7_SIGNED, cert), + .field_name = "cert", + .item = &X509_it, + }, + { + .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL, + .tag = 1, + .offset = offsetof(PKCS7_SIGNED, crl), + .field_name = "crl", + .item = &X509_CRL_it, + }, + { + .flags = ASN1_TFLG_SET_OF, + .tag = 0, + .offset = offsetof(PKCS7_SIGNED, signer_info), + .field_name = "signer_info", + .item = &PKCS7_SIGNER_INFO_it, + }, +}; + +const ASN1_ITEM PKCS7_SIGNED_it = { + .itype = ASN1_ITYPE_NDEF_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = PKCS7_SIGNED_seq_tt, + .tcount = sizeof(PKCS7_SIGNED_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(PKCS7_SIGNED), + .sname = "PKCS7_SIGNED", +}; + + +PKCS7_SIGNED * +d2i_PKCS7_SIGNED(PKCS7_SIGNED **a, const unsigned char **in, long len) +{ + return (PKCS7_SIGNED *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &PKCS7_SIGNED_it); +} + +int +i2d_PKCS7_SIGNED(PKCS7_SIGNED *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS7_SIGNED_it); +} + +PKCS7_SIGNED * +PKCS7_SIGNED_new(void) +{ + return (PKCS7_SIGNED *)ASN1_item_new(&PKCS7_SIGNED_it); +} + +void +PKCS7_SIGNED_free(PKCS7_SIGNED *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &PKCS7_SIGNED_it); +} /* Minor tweak to operation: free up EVP_PKEY */ -static int si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) +static int +si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) { - if(operation == ASN1_OP_FREE_POST) { + if (operation == ASN1_OP_FREE_POST) { PKCS7_SIGNER_INFO *si = (PKCS7_SIGNER_INFO *)*pval; EVP_PKEY_free(si->pkey); } return 1; } -ASN1_SEQUENCE_cb(PKCS7_SIGNER_INFO, si_cb) = { - ASN1_SIMPLE(PKCS7_SIGNER_INFO, version, ASN1_INTEGER), - ASN1_SIMPLE(PKCS7_SIGNER_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL), - ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_alg, X509_ALGOR), +static const ASN1_AUX PKCS7_SIGNER_INFO_aux = { + .app_data = NULL, + .flags = 0, + .ref_offset = 0, + .ref_lock = 0, + .asn1_cb = si_cb, + .enc_offset = 0, +}; +static const ASN1_TEMPLATE PKCS7_SIGNER_INFO_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(PKCS7_SIGNER_INFO, version), + .field_name = "version", + .item = &ASN1_INTEGER_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(PKCS7_SIGNER_INFO, issuer_and_serial), + .field_name = "issuer_and_serial", + .item = &PKCS7_ISSUER_AND_SERIAL_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(PKCS7_SIGNER_INFO, digest_alg), + .field_name = "digest_alg", + .item = &X509_ALGOR_it, + }, /* NB this should be a SET OF but we use a SEQUENCE OF so the * original order * is retained when the structure is reencoded. * Since the attributes are implicitly tagged this will not affect * the encoding. */ - ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNER_INFO, auth_attr, X509_ATTRIBUTE, 0), - ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_enc_alg, X509_ALGOR), - ASN1_SIMPLE(PKCS7_SIGNER_INFO, enc_digest, ASN1_OCTET_STRING), - ASN1_IMP_SET_OF_OPT(PKCS7_SIGNER_INFO, unauth_attr, X509_ATTRIBUTE, 1) -} ASN1_SEQUENCE_END_cb(PKCS7_SIGNER_INFO, PKCS7_SIGNER_INFO) + { + .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(PKCS7_SIGNER_INFO, auth_attr), + .field_name = "auth_attr", + .item = &X509_ATTRIBUTE_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(PKCS7_SIGNER_INFO, digest_enc_alg), + .field_name = "digest_enc_alg", + .item = &X509_ALGOR_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(PKCS7_SIGNER_INFO, enc_digest), + .field_name = "enc_digest", + .item = &ASN1_OCTET_STRING_it, + }, + { + .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL, + .tag = 1, + .offset = offsetof(PKCS7_SIGNER_INFO, unauth_attr), + .field_name = "unauth_attr", + .item = &X509_ATTRIBUTE_it, + }, +}; + +const ASN1_ITEM PKCS7_SIGNER_INFO_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = PKCS7_SIGNER_INFO_seq_tt, + .tcount = sizeof(PKCS7_SIGNER_INFO_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = &PKCS7_SIGNER_INFO_aux, + .size = sizeof(PKCS7_SIGNER_INFO), + .sname = "PKCS7_SIGNER_INFO", +}; + + +PKCS7_SIGNER_INFO * +d2i_PKCS7_SIGNER_INFO(PKCS7_SIGNER_INFO **a, const unsigned char **in, long len) +{ + return (PKCS7_SIGNER_INFO *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &PKCS7_SIGNER_INFO_it); +} + +int +i2d_PKCS7_SIGNER_INFO(PKCS7_SIGNER_INFO *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS7_SIGNER_INFO_it); +} + +PKCS7_SIGNER_INFO * +PKCS7_SIGNER_INFO_new(void) +{ + return (PKCS7_SIGNER_INFO *)ASN1_item_new(&PKCS7_SIGNER_INFO_it); +} + +void +PKCS7_SIGNER_INFO_free(PKCS7_SIGNER_INFO *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &PKCS7_SIGNER_INFO_it); +} + +static const ASN1_TEMPLATE PKCS7_ISSUER_AND_SERIAL_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(PKCS7_ISSUER_AND_SERIAL, issuer), + .field_name = "issuer", + .item = &X509_NAME_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(PKCS7_ISSUER_AND_SERIAL, serial), + .field_name = "serial", + .item = &ASN1_INTEGER_it, + }, +}; + +const ASN1_ITEM PKCS7_ISSUER_AND_SERIAL_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = PKCS7_ISSUER_AND_SERIAL_seq_tt, + .tcount = sizeof(PKCS7_ISSUER_AND_SERIAL_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(PKCS7_ISSUER_AND_SERIAL), + .sname = "PKCS7_ISSUER_AND_SERIAL", +}; + + +PKCS7_ISSUER_AND_SERIAL * +d2i_PKCS7_ISSUER_AND_SERIAL(PKCS7_ISSUER_AND_SERIAL **a, const unsigned char **in, long len) +{ + return (PKCS7_ISSUER_AND_SERIAL *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &PKCS7_ISSUER_AND_SERIAL_it); +} -IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO) +int +i2d_PKCS7_ISSUER_AND_SERIAL(PKCS7_ISSUER_AND_SERIAL *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS7_ISSUER_AND_SERIAL_it); +} -ASN1_SEQUENCE(PKCS7_ISSUER_AND_SERIAL) = { - ASN1_SIMPLE(PKCS7_ISSUER_AND_SERIAL, issuer, X509_NAME), - ASN1_SIMPLE(PKCS7_ISSUER_AND_SERIAL, serial, ASN1_INTEGER) -} ASN1_SEQUENCE_END(PKCS7_ISSUER_AND_SERIAL) +PKCS7_ISSUER_AND_SERIAL * +PKCS7_ISSUER_AND_SERIAL_new(void) +{ + return (PKCS7_ISSUER_AND_SERIAL *)ASN1_item_new(&PKCS7_ISSUER_AND_SERIAL_it); +} + +void +PKCS7_ISSUER_AND_SERIAL_free(PKCS7_ISSUER_AND_SERIAL *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &PKCS7_ISSUER_AND_SERIAL_it); +} -IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL) +static const ASN1_TEMPLATE PKCS7_ENVELOPE_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(PKCS7_ENVELOPE, version), + .field_name = "version", + .item = &ASN1_INTEGER_it, + }, + { + .flags = ASN1_TFLG_SET_OF, + .tag = 0, + .offset = offsetof(PKCS7_ENVELOPE, recipientinfo), + .field_name = "recipientinfo", + .item = &PKCS7_RECIP_INFO_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(PKCS7_ENVELOPE, enc_data), + .field_name = "enc_data", + .item = &PKCS7_ENC_CONTENT_it, + }, +}; + +const ASN1_ITEM PKCS7_ENVELOPE_it = { + .itype = ASN1_ITYPE_NDEF_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = PKCS7_ENVELOPE_seq_tt, + .tcount = sizeof(PKCS7_ENVELOPE_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(PKCS7_ENVELOPE), + .sname = "PKCS7_ENVELOPE", +}; + + +PKCS7_ENVELOPE * +d2i_PKCS7_ENVELOPE(PKCS7_ENVELOPE **a, const unsigned char **in, long len) +{ + return (PKCS7_ENVELOPE *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &PKCS7_ENVELOPE_it); +} -ASN1_SEQUENCE(PKCS7_ENVELOPE) = { - ASN1_SIMPLE(PKCS7_ENVELOPE, version, ASN1_INTEGER), - ASN1_SET_OF(PKCS7_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO), - ASN1_SIMPLE(PKCS7_ENVELOPE, enc_data, PKCS7_ENC_CONTENT) -} ASN1_SEQUENCE_END(PKCS7_ENVELOPE) +int +i2d_PKCS7_ENVELOPE(PKCS7_ENVELOPE *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS7_ENVELOPE_it); +} -IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENVELOPE) +PKCS7_ENVELOPE * +PKCS7_ENVELOPE_new(void) +{ + return (PKCS7_ENVELOPE *)ASN1_item_new(&PKCS7_ENVELOPE_it); +} + +void +PKCS7_ENVELOPE_free(PKCS7_ENVELOPE *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &PKCS7_ENVELOPE_it); +} /* Minor tweak to operation: free up X509 */ -static int ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) +static int +ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) { - if(operation == ASN1_OP_FREE_POST) { + if (operation == ASN1_OP_FREE_POST) { PKCS7_RECIP_INFO *ri = (PKCS7_RECIP_INFO *)*pval; X509_free(ri->cert); } return 1; } -ASN1_SEQUENCE_cb(PKCS7_RECIP_INFO, ri_cb) = { - ASN1_SIMPLE(PKCS7_RECIP_INFO, version, ASN1_INTEGER), - ASN1_SIMPLE(PKCS7_RECIP_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL), - ASN1_SIMPLE(PKCS7_RECIP_INFO, key_enc_algor, X509_ALGOR), - ASN1_SIMPLE(PKCS7_RECIP_INFO, enc_key, ASN1_OCTET_STRING) -} ASN1_SEQUENCE_END_cb(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO) +static const ASN1_AUX PKCS7_RECIP_INFO_aux = { + .app_data = NULL, + .flags = 0, + .ref_offset = 0, + .ref_lock = 0, + .asn1_cb = ri_cb, + .enc_offset = 0, +}; +static const ASN1_TEMPLATE PKCS7_RECIP_INFO_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(PKCS7_RECIP_INFO, version), + .field_name = "version", + .item = &ASN1_INTEGER_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(PKCS7_RECIP_INFO, issuer_and_serial), + .field_name = "issuer_and_serial", + .item = &PKCS7_ISSUER_AND_SERIAL_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(PKCS7_RECIP_INFO, key_enc_algor), + .field_name = "key_enc_algor", + .item = &X509_ALGOR_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(PKCS7_RECIP_INFO, enc_key), + .field_name = "enc_key", + .item = &ASN1_OCTET_STRING_it, + }, +}; + +const ASN1_ITEM PKCS7_RECIP_INFO_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = PKCS7_RECIP_INFO_seq_tt, + .tcount = sizeof(PKCS7_RECIP_INFO_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = &PKCS7_RECIP_INFO_aux, + .size = sizeof(PKCS7_RECIP_INFO), + .sname = "PKCS7_RECIP_INFO", +}; + + +PKCS7_RECIP_INFO * +d2i_PKCS7_RECIP_INFO(PKCS7_RECIP_INFO **a, const unsigned char **in, long len) +{ + return (PKCS7_RECIP_INFO *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &PKCS7_RECIP_INFO_it); +} + +int +i2d_PKCS7_RECIP_INFO(PKCS7_RECIP_INFO *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS7_RECIP_INFO_it); +} + +PKCS7_RECIP_INFO * +PKCS7_RECIP_INFO_new(void) +{ + return (PKCS7_RECIP_INFO *)ASN1_item_new(&PKCS7_RECIP_INFO_it); +} + +void +PKCS7_RECIP_INFO_free(PKCS7_RECIP_INFO *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &PKCS7_RECIP_INFO_it); +} + +static const ASN1_TEMPLATE PKCS7_ENC_CONTENT_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(PKCS7_ENC_CONTENT, content_type), + .field_name = "content_type", + .item = &ASN1_OBJECT_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(PKCS7_ENC_CONTENT, algorithm), + .field_name = "algorithm", + .item = &X509_ALGOR_it, + }, + { + .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(PKCS7_ENC_CONTENT, enc_data), + .field_name = "enc_data", + .item = &ASN1_OCTET_STRING_NDEF_it, + }, +}; + +const ASN1_ITEM PKCS7_ENC_CONTENT_it = { + .itype = ASN1_ITYPE_NDEF_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = PKCS7_ENC_CONTENT_seq_tt, + .tcount = sizeof(PKCS7_ENC_CONTENT_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(PKCS7_ENC_CONTENT), + .sname = "PKCS7_ENC_CONTENT", +}; + + +PKCS7_ENC_CONTENT * +d2i_PKCS7_ENC_CONTENT(PKCS7_ENC_CONTENT **a, const unsigned char **in, long len) +{ + return (PKCS7_ENC_CONTENT *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &PKCS7_ENC_CONTENT_it); +} + +int +i2d_PKCS7_ENC_CONTENT(PKCS7_ENC_CONTENT *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS7_ENC_CONTENT_it); +} + +PKCS7_ENC_CONTENT * +PKCS7_ENC_CONTENT_new(void) +{ + return (PKCS7_ENC_CONTENT *)ASN1_item_new(&PKCS7_ENC_CONTENT_it); +} + +void +PKCS7_ENC_CONTENT_free(PKCS7_ENC_CONTENT *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &PKCS7_ENC_CONTENT_it); +} + +static const ASN1_TEMPLATE PKCS7_SIGN_ENVELOPE_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(PKCS7_SIGN_ENVELOPE, version), + .field_name = "version", + .item = &ASN1_INTEGER_it, + }, + { + .flags = ASN1_TFLG_SET_OF, + .tag = 0, + .offset = offsetof(PKCS7_SIGN_ENVELOPE, recipientinfo), + .field_name = "recipientinfo", + .item = &PKCS7_RECIP_INFO_it, + }, + { + .flags = ASN1_TFLG_SET_OF, + .tag = 0, + .offset = offsetof(PKCS7_SIGN_ENVELOPE, md_algs), + .field_name = "md_algs", + .item = &X509_ALGOR_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(PKCS7_SIGN_ENVELOPE, enc_data), + .field_name = "enc_data", + .item = &PKCS7_ENC_CONTENT_it, + }, + { + .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(PKCS7_SIGN_ENVELOPE, cert), + .field_name = "cert", + .item = &X509_it, + }, + { + .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL, + .tag = 1, + .offset = offsetof(PKCS7_SIGN_ENVELOPE, crl), + .field_name = "crl", + .item = &X509_CRL_it, + }, + { + .flags = ASN1_TFLG_SET_OF, + .tag = 0, + .offset = offsetof(PKCS7_SIGN_ENVELOPE, signer_info), + .field_name = "signer_info", + .item = &PKCS7_SIGNER_INFO_it, + }, +}; + +const ASN1_ITEM PKCS7_SIGN_ENVELOPE_it = { + .itype = ASN1_ITYPE_NDEF_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = PKCS7_SIGN_ENVELOPE_seq_tt, + .tcount = sizeof(PKCS7_SIGN_ENVELOPE_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(PKCS7_SIGN_ENVELOPE), + .sname = "PKCS7_SIGN_ENVELOPE", +}; + + +PKCS7_SIGN_ENVELOPE * +d2i_PKCS7_SIGN_ENVELOPE(PKCS7_SIGN_ENVELOPE **a, const unsigned char **in, long len) +{ + return (PKCS7_SIGN_ENVELOPE *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &PKCS7_SIGN_ENVELOPE_it); +} + +int +i2d_PKCS7_SIGN_ENVELOPE(PKCS7_SIGN_ENVELOPE *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS7_SIGN_ENVELOPE_it); +} + +PKCS7_SIGN_ENVELOPE * +PKCS7_SIGN_ENVELOPE_new(void) +{ + return (PKCS7_SIGN_ENVELOPE *)ASN1_item_new(&PKCS7_SIGN_ENVELOPE_it); +} -IMPLEMENT_ASN1_FUNCTIONS(PKCS7_RECIP_INFO) +void +PKCS7_SIGN_ENVELOPE_free(PKCS7_SIGN_ENVELOPE *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &PKCS7_SIGN_ENVELOPE_it); +} -ASN1_SEQUENCE(PKCS7_ENC_CONTENT) = { - ASN1_SIMPLE(PKCS7_ENC_CONTENT, content_type, ASN1_OBJECT), - ASN1_SIMPLE(PKCS7_ENC_CONTENT, algorithm, X509_ALGOR), - ASN1_IMP_OPT(PKCS7_ENC_CONTENT, enc_data, ASN1_OCTET_STRING, 0) -} ASN1_SEQUENCE_END(PKCS7_ENC_CONTENT) +static const ASN1_TEMPLATE PKCS7_ENCRYPT_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(PKCS7_ENCRYPT, version), + .field_name = "version", + .item = &ASN1_INTEGER_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(PKCS7_ENCRYPT, enc_data), + .field_name = "enc_data", + .item = &PKCS7_ENC_CONTENT_it, + }, +}; + +const ASN1_ITEM PKCS7_ENCRYPT_it = { + .itype = ASN1_ITYPE_NDEF_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = PKCS7_ENCRYPT_seq_tt, + .tcount = sizeof(PKCS7_ENCRYPT_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(PKCS7_ENCRYPT), + .sname = "PKCS7_ENCRYPT", +}; + + +PKCS7_ENCRYPT * +d2i_PKCS7_ENCRYPT(PKCS7_ENCRYPT **a, const unsigned char **in, long len) +{ + return (PKCS7_ENCRYPT *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &PKCS7_ENCRYPT_it); +} -IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT) +int +i2d_PKCS7_ENCRYPT(PKCS7_ENCRYPT *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS7_ENCRYPT_it); +} -ASN1_SEQUENCE(PKCS7_SIGN_ENVELOPE) = { - ASN1_SIMPLE(PKCS7_SIGN_ENVELOPE, version, ASN1_INTEGER), - ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO), - ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, md_algs, X509_ALGOR), - ASN1_SIMPLE(PKCS7_SIGN_ENVELOPE, enc_data, PKCS7_ENC_CONTENT), - ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, cert, X509, 0), - ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, crl, X509_CRL, 1), - ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, signer_info, PKCS7_SIGNER_INFO) -} ASN1_SEQUENCE_END(PKCS7_SIGN_ENVELOPE) +PKCS7_ENCRYPT * +PKCS7_ENCRYPT_new(void) +{ + return (PKCS7_ENCRYPT *)ASN1_item_new(&PKCS7_ENCRYPT_it); +} -IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE) +void +PKCS7_ENCRYPT_free(PKCS7_ENCRYPT *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &PKCS7_ENCRYPT_it); +} -ASN1_SEQUENCE(PKCS7_ENCRYPT) = { - ASN1_SIMPLE(PKCS7_ENCRYPT, version, ASN1_INTEGER), - ASN1_SIMPLE(PKCS7_ENCRYPT, enc_data, PKCS7_ENC_CONTENT) -} ASN1_SEQUENCE_END(PKCS7_ENCRYPT) +static const ASN1_TEMPLATE PKCS7_DIGEST_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(PKCS7_DIGEST, version), + .field_name = "version", + .item = &ASN1_INTEGER_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(PKCS7_DIGEST, md), + .field_name = "md", + .item = &X509_ALGOR_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(PKCS7_DIGEST, contents), + .field_name = "contents", + .item = &PKCS7_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(PKCS7_DIGEST, digest), + .field_name = "digest", + .item = &ASN1_OCTET_STRING_it, + }, +}; + +const ASN1_ITEM PKCS7_DIGEST_it = { + .itype = ASN1_ITYPE_NDEF_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = PKCS7_DIGEST_seq_tt, + .tcount = sizeof(PKCS7_DIGEST_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(PKCS7_DIGEST), + .sname = "PKCS7_DIGEST", +}; + + +PKCS7_DIGEST * +d2i_PKCS7_DIGEST(PKCS7_DIGEST **a, const unsigned char **in, long len) +{ + return (PKCS7_DIGEST *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &PKCS7_DIGEST_it); +} -IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENCRYPT) +int +i2d_PKCS7_DIGEST(PKCS7_DIGEST *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS7_DIGEST_it); +} -ASN1_SEQUENCE(PKCS7_DIGEST) = { - ASN1_SIMPLE(PKCS7_DIGEST, version, ASN1_INTEGER), - ASN1_SIMPLE(PKCS7_DIGEST, md, X509_ALGOR), - ASN1_SIMPLE(PKCS7_DIGEST, contents, PKCS7), - ASN1_SIMPLE(PKCS7_DIGEST, digest, ASN1_OCTET_STRING) -} ASN1_SEQUENCE_END(PKCS7_DIGEST) +PKCS7_DIGEST * +PKCS7_DIGEST_new(void) +{ + return (PKCS7_DIGEST *)ASN1_item_new(&PKCS7_DIGEST_it); +} -IMPLEMENT_ASN1_FUNCTIONS(PKCS7_DIGEST) +void +PKCS7_DIGEST_free(PKCS7_DIGEST *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &PKCS7_DIGEST_it); +} /* Specials for authenticated attributes */ @@ -199,15 +919,50 @@ IMPLEMENT_ASN1_FUNCTIONS(PKCS7_DIGEST) * encoding. */ -ASN1_ITEM_TEMPLATE(PKCS7_ATTR_SIGN) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, PKCS7_ATTRIBUTES, X509_ATTRIBUTE) -ASN1_ITEM_TEMPLATE_END(PKCS7_ATTR_SIGN) - -/* When verifying attributes we need to use the received order. So +static const ASN1_TEMPLATE PKCS7_ATTR_SIGN_item_tt = { + .flags = ASN1_TFLG_SET_ORDER, + .tag = 0, + .offset = 0, + .field_name = "PKCS7_ATTRIBUTES", + .item = &X509_ATTRIBUTE_it, +}; + +const ASN1_ITEM PKCS7_ATTR_SIGN_it = { + .itype = ASN1_ITYPE_PRIMITIVE, + .utype = -1, + .templates = &PKCS7_ATTR_SIGN_item_tt, + .tcount = 0, + .funcs = NULL, + .size = 0, + .sname = "PKCS7_ATTR_SIGN", +}; + +/* When verifying attributes we need to use the received order. So * we use SEQUENCE OF and tag it to SET OF */ -ASN1_ITEM_TEMPLATE(PKCS7_ATTR_VERIFY) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL, - V_ASN1_SET, PKCS7_ATTRIBUTES, X509_ATTRIBUTE) -ASN1_ITEM_TEMPLATE_END(PKCS7_ATTR_VERIFY) +static const ASN1_TEMPLATE PKCS7_ATTR_VERIFY_item_tt = { + .flags = ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL, + .tag = V_ASN1_SET, + .offset = 0, + .field_name = "PKCS7_ATTRIBUTES", + .item = &X509_ATTRIBUTE_it, +}; + +const ASN1_ITEM PKCS7_ATTR_VERIFY_it = { + .itype = ASN1_ITYPE_PRIMITIVE, + .utype = -1, + .templates = &PKCS7_ATTR_VERIFY_item_tt, + .tcount = 0, + .funcs = NULL, + .size = 0, + .sname = "PKCS7_ATTR_VERIFY", +}; + + +int +PKCS7_print_ctx(BIO *out, PKCS7 *x, int indent, const ASN1_PCTX *pctx) +{ + return ASN1_item_print(out, (ASN1_VALUE *)x, indent, + &PKCS7_it, pctx); +} diff --git a/src/lib/libcrypto/pkcs7/pk7_attr.c b/src/lib/libcrypto/pkcs7/pk7_attr.c index 5ff5a88b5cf..f882ba77950 100644 --- a/src/lib/libcrypto/pkcs7/pk7_attr.c +++ b/src/lib/libcrypto/pkcs7/pk7_attr.c @@ -1,16 +1,16 @@ -/* pk7_attr.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: pk7_attr.c,v 1.12 2017/01/29 17:49:23 beck Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2001. */ /* ==================================================================== - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 2001-2004 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -60,80 +60,113 @@ #include #include #include +#include #include #include #include #include -int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK_OF(X509_ALGOR) *cap) +int +PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK_OF(X509_ALGOR) *cap) { ASN1_STRING *seq; - unsigned char *p, *pp; - int len; - len=i2d_ASN1_SET_OF_X509_ALGOR(cap,NULL,i2d_X509_ALGOR, - V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, - IS_SEQUENCE); - if(!(pp=(unsigned char *)OPENSSL_malloc(len))) { - PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE); + if (!(seq = ASN1_STRING_new())) { + PKCS7error(ERR_R_MALLOC_FAILURE); return 0; } - p=pp; - i2d_ASN1_SET_OF_X509_ALGOR(cap,&p,i2d_X509_ALGOR, V_ASN1_SEQUENCE, - V_ASN1_UNIVERSAL, IS_SEQUENCE); - if(!(seq = ASN1_STRING_new())) { - PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE); - return 0; - } - if(!ASN1_STRING_set (seq, pp, len)) { - PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE); - return 0; - } - OPENSSL_free (pp); - return PKCS7_add_signed_attribute(si, NID_SMIMECapabilities, - V_ASN1_SEQUENCE, seq); + seq->length = ASN1_item_i2d((ASN1_VALUE *)cap, &seq->data, + &X509_ALGORS_it); + return PKCS7_add_signed_attribute(si, NID_SMIMECapabilities, + V_ASN1_SEQUENCE, seq); } -STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si) +STACK_OF(X509_ALGOR) * +PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si) { ASN1_TYPE *cap; - unsigned char *p; + const unsigned char *p; + cap = PKCS7_get_signed_attribute(si, NID_SMIMECapabilities); - if (!cap) return NULL; + if (!cap || (cap->type != V_ASN1_SEQUENCE)) + return NULL; p = cap->value.sequence->data; - return d2i_ASN1_SET_OF_X509_ALGOR(NULL, &p, - cap->value.sequence->length, - d2i_X509_ALGOR, X509_ALGOR_free, - V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); + return (STACK_OF(X509_ALGOR) *) + ASN1_item_d2i(NULL, &p, cap->value.sequence->length, + &X509_ALGORS_it); } /* Basic smime-capabilities OID and optional integer arg */ -int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg) +int +PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg) { X509_ALGOR *alg; - if(!(alg = X509_ALGOR_new())) { - PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE); + if (!(alg = X509_ALGOR_new())) { + PKCS7error(ERR_R_MALLOC_FAILURE); return 0; } ASN1_OBJECT_free(alg->algorithm); - alg->algorithm = OBJ_nid2obj (nid); + alg->algorithm = OBJ_nid2obj(nid); if (arg > 0) { ASN1_INTEGER *nbit; - if(!(alg->parameter = ASN1_TYPE_new())) { - PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE); - return 0; - } - if(!(nbit = ASN1_INTEGER_new())) { - PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE); - return 0; - } - if(!ASN1_INTEGER_set (nbit, arg)) { - PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE); - return 0; + + if (!(alg->parameter = ASN1_TYPE_new())) + goto err; + if (!(nbit = ASN1_INTEGER_new())) + goto err; + if (!ASN1_INTEGER_set(nbit, arg)) { + ASN1_INTEGER_free(nbit); + goto err; } alg->parameter->value.integer = nbit; alg->parameter->type = V_ASN1_INTEGER; } - sk_X509_ALGOR_push (sk, alg); + if (sk_X509_ALGOR_push(sk, alg) == 0) + goto err; + return 1; + +err: + PKCS7error(ERR_R_MALLOC_FAILURE); + X509_ALGOR_free(alg); + return 0; +} + +int +PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid) +{ + if (PKCS7_get_signed_attribute(si, NID_pkcs9_contentType)) + return 0; + if (!coid) + coid = OBJ_nid2obj(NID_pkcs7_data); + return PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, + V_ASN1_OBJECT, coid); +} + +int +PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t) +{ + if (!t && !(t = X509_gmtime_adj(NULL, 0))) { + PKCS7error(ERR_R_MALLOC_FAILURE); + return 0; + } + return PKCS7_add_signed_attribute(si, NID_pkcs9_signingTime, + V_ASN1_UTCTIME, t); +} + +int +PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si, const unsigned char *md, + int mdlen) +{ + ASN1_OCTET_STRING *os; + + os = ASN1_OCTET_STRING_new(); + if (!os) + return 0; + if (!ASN1_STRING_set(os, md, mdlen) || + !PKCS7_add_signed_attribute(si, NID_pkcs9_messageDigest, + V_ASN1_OCTET_STRING, os)) { + ASN1_OCTET_STRING_free(os); + return 0; + } return 1; } diff --git a/src/lib/libcrypto/pkcs7/pk7_dgst.c b/src/lib/libcrypto/pkcs7/pk7_dgst.c deleted file mode 100644 index 90edfa5001f..00000000000 --- a/src/lib/libcrypto/pkcs7/pk7_dgst.c +++ /dev/null @@ -1,66 +0,0 @@ -/* crypto/pkcs7/pk7_dgst.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include "cryptlib.h" -#include -#include -#include -#include -#include - diff --git a/src/lib/libcrypto/pkcs7/pk7_doit.c b/src/lib/libcrypto/pkcs7/pk7_doit.c index 4a4ff340ce3..d0c27e98a95 100644 --- a/src/lib/libcrypto/pkcs7/pk7_doit.c +++ b/src/lib/libcrypto/pkcs7/pk7_doit.c @@ -1,25 +1,25 @@ -/* crypto/pkcs7/pk7_doit.c */ +/* $OpenBSD: pk7_doit.c,v 1.43 2019/03/13 20:34:00 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,339 +57,455 @@ */ #include -#include "cryptlib.h" -#include +#include +#include + +#include #include #include #include static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, - void *value); + void *value); static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid); -static int PKCS7_type_is_other(PKCS7* p7) - { - int isOther=1; - - int nid=OBJ_obj2nid(p7->type); +static int +PKCS7_type_is_other(PKCS7* p7) +{ + int isOther = 1; + + int nid = OBJ_obj2nid(p7->type); - switch( nid ) - { + switch (nid ) { case NID_pkcs7_data: case NID_pkcs7_signed: case NID_pkcs7_enveloped: case NID_pkcs7_signedAndEnveloped: case NID_pkcs7_digest: case NID_pkcs7_encrypted: - isOther=0; + isOther = 0; break; default: - isOther=1; - } + isOther = 1; + } return isOther; +} + +static ASN1_OCTET_STRING * +PKCS7_get_octet_string(PKCS7 *p7) +{ + if (PKCS7_type_is_data(p7)) + return p7->d.data; + if (PKCS7_type_is_other(p7) && p7->d.other && + (p7->d.other->type == V_ASN1_OCTET_STRING)) + return p7->d.other->value.octet_string; + return NULL; +} + +static int +PKCS7_bio_add_digest(BIO **pbio, X509_ALGOR *alg) +{ + BIO *btmp; + const EVP_MD *md; + if ((btmp = BIO_new(BIO_f_md())) == NULL) { + PKCS7error(ERR_R_BIO_LIB); + goto err; + } + + md = EVP_get_digestbyobj(alg->algorithm); + if (md == NULL) { + PKCS7error(PKCS7_R_UNKNOWN_DIGEST_TYPE); + goto err; + } + + BIO_set_md(btmp, md); + if (*pbio == NULL) + *pbio = btmp; + else if (!BIO_push(*pbio, btmp)) { + PKCS7error(ERR_R_BIO_LIB); + goto err; } + btmp = NULL; -static int PKCS7_type_is_octet_string(PKCS7* p7) - { - if ( 0==PKCS7_type_is_other(p7) ) + return 1; + +err: + BIO_free(btmp); + return 0; + +} + +static int +pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri, unsigned char *key, int keylen) +{ + EVP_PKEY_CTX *pctx = NULL; + EVP_PKEY *pkey = NULL; + unsigned char *ek = NULL; + int ret = 0; + size_t eklen; + + pkey = X509_get_pubkey(ri->cert); + if (!pkey) + return 0; + + pctx = EVP_PKEY_CTX_new(pkey, NULL); + if (!pctx) return 0; - return (V_ASN1_OCTET_STRING==p7->d.other->type) ? 1 : 0; + if (EVP_PKEY_encrypt_init(pctx) <= 0) + goto err; + + if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT, + EVP_PKEY_CTRL_PKCS7_ENCRYPT, 0, ri) <= 0) { + PKCS7error(PKCS7_R_CTRL_ERROR); + goto err; } -BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) - { - int i,j; - BIO *out=NULL,*btmp=NULL; - X509_ALGOR *xa; - const EVP_MD *evp_md; - const EVP_CIPHER *evp_cipher=NULL; - STACK_OF(X509_ALGOR) *md_sk=NULL; - STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL; - X509_ALGOR *xalg=NULL; - PKCS7_RECIP_INFO *ri=NULL; - EVP_PKEY *pkey; + if (EVP_PKEY_encrypt(pctx, NULL, &eklen, key, keylen) <= 0) + goto err; + + ek = malloc(eklen); + + if (ek == NULL) { + PKCS7error(ERR_R_MALLOC_FAILURE); + goto err; + } + + if (EVP_PKEY_encrypt(pctx, ek, &eklen, key, keylen) <= 0) + goto err; + + ASN1_STRING_set0(ri->enc_key, ek, eklen); + ek = NULL; - i=OBJ_obj2nid(p7->type); - p7->state=PKCS7_S_HEADER; + ret = 1; - switch (i) - { +err: + EVP_PKEY_free(pkey); + EVP_PKEY_CTX_free(pctx); + free(ek); + return ret; +} + + +static int +pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen, PKCS7_RECIP_INFO *ri, + EVP_PKEY *pkey) +{ + EVP_PKEY_CTX *pctx = NULL; + unsigned char *ek = NULL; + size_t eklen; + + int ret = -1; + + pctx = EVP_PKEY_CTX_new(pkey, NULL); + if (!pctx) + return -1; + + if (EVP_PKEY_decrypt_init(pctx) <= 0) + goto err; + + if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DECRYPT, + EVP_PKEY_CTRL_PKCS7_DECRYPT, 0, ri) <= 0) { + PKCS7error(PKCS7_R_CTRL_ERROR); + goto err; + } + + if (EVP_PKEY_decrypt(pctx, NULL, &eklen, + ri->enc_key->data, ri->enc_key->length) <= 0) + goto err; + + ek = malloc(eklen); + if (ek == NULL) { + PKCS7error(ERR_R_MALLOC_FAILURE); + goto err; + } + + if (EVP_PKEY_decrypt(pctx, ek, &eklen, + ri->enc_key->data, ri->enc_key->length) <= 0) { + ret = 0; + PKCS7error(ERR_R_EVP_LIB); + goto err; + } + + ret = 1; + + freezero(*pek, *peklen); + + *pek = ek; + *peklen = eklen; + +err: + EVP_PKEY_CTX_free(pctx); + if (!ret && ek) + free(ek); + + return ret; +} + +BIO * +PKCS7_dataInit(PKCS7 *p7, BIO *bio) +{ + int i; + BIO *out = NULL, *btmp = NULL; + X509_ALGOR *xa = NULL; + const EVP_CIPHER *evp_cipher = NULL; + STACK_OF(X509_ALGOR) *md_sk = NULL; + STACK_OF(PKCS7_RECIP_INFO) *rsk = NULL; + X509_ALGOR *xalg = NULL; + PKCS7_RECIP_INFO *ri = NULL; + ASN1_OCTET_STRING *os = NULL; + + if (p7 == NULL) { + PKCS7error(PKCS7_R_INVALID_NULL_POINTER); + return NULL; + } + + /* + * The content field in the PKCS7 ContentInfo is optional, + * but that really only applies to inner content (precisely, + * detached signatures). + * + * When reading content, missing outer content is therefore + * treated as an error. + * + * When creating content, PKCS7_content_new() must be called + * before calling this method, so a NULL p7->d is always + * an error. + */ + if (p7->d.ptr == NULL) { + PKCS7error(PKCS7_R_NO_CONTENT); + return NULL; + } + + i = OBJ_obj2nid(p7->type); + p7->state = PKCS7_S_HEADER; + + switch (i) { case NID_pkcs7_signed: - md_sk=p7->d.sign->md_algs; + md_sk = p7->d.sign->md_algs; + os = PKCS7_get_octet_string(p7->d.sign->contents); break; case NID_pkcs7_signedAndEnveloped: - rsk=p7->d.signed_and_enveloped->recipientinfo; - md_sk=p7->d.signed_and_enveloped->md_algs; - xalg=p7->d.signed_and_enveloped->enc_data->algorithm; - evp_cipher=p7->d.signed_and_enveloped->enc_data->cipher; - if (evp_cipher == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATAINIT, - PKCS7_R_CIPHER_NOT_INITIALIZED); + rsk = p7->d.signed_and_enveloped->recipientinfo; + md_sk = p7->d.signed_and_enveloped->md_algs; + xalg = p7->d.signed_and_enveloped->enc_data->algorithm; + evp_cipher = p7->d.signed_and_enveloped->enc_data->cipher; + if (evp_cipher == NULL) { + PKCS7error(PKCS7_R_CIPHER_NOT_INITIALIZED); goto err; - } + } break; case NID_pkcs7_enveloped: - rsk=p7->d.enveloped->recipientinfo; - xalg=p7->d.enveloped->enc_data->algorithm; - evp_cipher=p7->d.enveloped->enc_data->cipher; - if (evp_cipher == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATAINIT, - PKCS7_R_CIPHER_NOT_INITIALIZED); + rsk = p7->d.enveloped->recipientinfo; + xalg = p7->d.enveloped->enc_data->algorithm; + evp_cipher = p7->d.enveloped->enc_data->cipher; + if (evp_cipher == NULL) { + PKCS7error(PKCS7_R_CIPHER_NOT_INITIALIZED); goto err; - } + } + break; + case NID_pkcs7_digest: + xa = p7->d.digest->md; + os = PKCS7_get_octet_string(p7->d.digest->contents); + break; + case NID_pkcs7_data: break; default: - PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); - goto err; - } - - if (md_sk != NULL) - { - for (i=0; ialgorithm); - evp_md=EVP_get_digestbyname(OBJ_nid2sn(j)); - if (evp_md == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNKNOWN_DIGEST_TYPE); - goto err; - } + for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) + if (!PKCS7_bio_add_digest(&out, sk_X509_ALGOR_value(md_sk, i))) + goto err; - BIO_set_md(btmp,evp_md); - if (out == NULL) - out=btmp; - else - BIO_push(out,btmp); - btmp=NULL; - } - } + if (xa && !PKCS7_bio_add_digest(&out, xa)) + goto err; - if (evp_cipher != NULL) - { + if (evp_cipher != NULL) { unsigned char key[EVP_MAX_KEY_LENGTH]; unsigned char iv[EVP_MAX_IV_LENGTH]; - int keylen,ivlen; - int jj,max; - unsigned char *tmp; + int keylen, ivlen; EVP_CIPHER_CTX *ctx; - if ((btmp=BIO_new(BIO_f_cipher())) == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_BIO_LIB); + if ((btmp = BIO_new(BIO_f_cipher())) == NULL) { + PKCS7error(ERR_R_BIO_LIB); goto err; - } + } BIO_get_cipher_ctx(btmp, &ctx); - keylen=EVP_CIPHER_key_length(evp_cipher); - ivlen=EVP_CIPHER_iv_length(evp_cipher); - if (RAND_bytes(key,keylen) <= 0) - goto err; + keylen = EVP_CIPHER_key_length(evp_cipher); + ivlen = EVP_CIPHER_iv_length(evp_cipher); xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher)); - if (ivlen > 0) RAND_pseudo_bytes(iv,ivlen); - EVP_CipherInit_ex(ctx, evp_cipher, NULL, key, iv, 1); + if (ivlen > 0) + arc4random_buf(iv, ivlen); + if (EVP_CipherInit_ex(ctx, evp_cipher, NULL, NULL, + NULL, 1) <= 0) + goto err; + if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0) + goto err; + if (EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, 1) <= 0) + goto err; if (ivlen > 0) { - if (xalg->parameter == NULL) - xalg->parameter=ASN1_TYPE_new(); - if(EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0) - goto err; + if (xalg->parameter == NULL) { + xalg->parameter = ASN1_TYPE_new(); + if (xalg->parameter == NULL) + goto err; + } + if (EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0) + goto err; } /* Lets do the pub key stuff :-) */ - max=0; - for (i=0; icert == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_MISSING_CERIPEND_INFO); + for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) { + ri = sk_PKCS7_RECIP_INFO_value(rsk, i); + if (pkcs7_encode_rinfo(ri, key, keylen) <= 0) goto err; - } - pkey=X509_get_pubkey(ri->cert); - jj=EVP_PKEY_size(pkey); - EVP_PKEY_free(pkey); - if (max < jj) max=jj; - } - if ((tmp=(unsigned char *)OPENSSL_malloc(max)) == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_MALLOC_FAILURE); - goto err; - } - for (i=0; icert); - jj=EVP_PKEY_encrypt(tmp,key,keylen,pkey); - EVP_PKEY_free(pkey); - if (jj <= 0) - { - PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_EVP_LIB); - OPENSSL_free(tmp); - goto err; - } - M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj); - } - OPENSSL_free(tmp); - memset(key, 0, keylen); + } + explicit_bzero(key, keylen); if (out == NULL) - out=btmp; + out = btmp; else - BIO_push(out,btmp); - btmp=NULL; - } + BIO_push(out, btmp); + btmp = NULL; + } if (bio == NULL) { if (PKCS7_is_detached(p7)) - bio=BIO_new(BIO_s_null()); - else { - if (PKCS7_type_is_signed(p7) ) { - if ( PKCS7_type_is_data(p7->d.sign->contents)) { - ASN1_OCTET_STRING *os; - os=p7->d.sign->contents->d.data; - if (os->length > 0) - bio = BIO_new_mem_buf(os->data, os->length); - } - else if ( PKCS7_type_is_octet_string(p7->d.sign->contents) ) { - ASN1_OCTET_STRING *os; - os=p7->d.sign->contents->d.other->value.octet_string; - if (os->length > 0) - bio = BIO_new_mem_buf(os->data, os->length); - } - } - if(bio == NULL) { - bio=BIO_new(BIO_s_mem()); - BIO_set_mem_eof_return(bio,0); - } + bio = BIO_new(BIO_s_null()); + else if (os && os->length > 0) + bio = BIO_new_mem_buf(os->data, os->length); + if (bio == NULL) { + bio = BIO_new(BIO_s_mem()); + if (bio == NULL) + goto err; + BIO_set_mem_eof_return(bio, 0); } } - BIO_push(out,bio); - bio=NULL; - if (0) - { + if (out) + BIO_push(out, bio); + else + out = bio; + bio = NULL; + if (0) { err: if (out != NULL) BIO_free_all(out); if (btmp != NULL) BIO_free_all(btmp); - out=NULL; - } - return(out); + out = NULL; } + return (out); +} + +static int +pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509 *pcert) +{ + int ret; + + ret = X509_NAME_cmp(ri->issuer_and_serial->issuer, + pcert->cert_info->issuer); + if (ret) + return ret; + return ASN1_INTEGER_cmp(pcert->cert_info->serialNumber, + ri->issuer_and_serial->serial); +} /* int */ -BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) - { - int i,j; - BIO *out=NULL,*btmp=NULL,*etmp=NULL,*bio=NULL; - unsigned char *tmp=NULL; +BIO * +PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) +{ + int i, j; + BIO *out = NULL, *btmp = NULL, *etmp = NULL, *bio = NULL; X509_ALGOR *xa; - ASN1_OCTET_STRING *data_body=NULL; + ASN1_OCTET_STRING *data_body = NULL; const EVP_MD *evp_md; - const EVP_CIPHER *evp_cipher=NULL; - EVP_CIPHER_CTX *evp_ctx=NULL; - X509_ALGOR *enc_alg=NULL; - STACK_OF(X509_ALGOR) *md_sk=NULL; - STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL; - X509_ALGOR *xalg=NULL; - PKCS7_RECIP_INFO *ri=NULL; - - i=OBJ_obj2nid(p7->type); - p7->state=PKCS7_S_HEADER; - - switch (i) - { + const EVP_CIPHER *evp_cipher = NULL; + EVP_CIPHER_CTX *evp_ctx = NULL; + X509_ALGOR *enc_alg = NULL; + STACK_OF(X509_ALGOR) *md_sk = NULL; + STACK_OF(PKCS7_RECIP_INFO) *rsk = NULL; + PKCS7_RECIP_INFO *ri = NULL; + unsigned char *ek = NULL, *tkey = NULL; + int eklen = 0, tkeylen = 0; + + if (p7 == NULL) { + PKCS7error(PKCS7_R_INVALID_NULL_POINTER); + return NULL; + } + + if (p7->d.ptr == NULL) { + PKCS7error(PKCS7_R_NO_CONTENT); + return NULL; + } + + i = OBJ_obj2nid(p7->type); + p7->state = PKCS7_S_HEADER; + + switch (i) { case NID_pkcs7_signed: - data_body=p7->d.sign->contents->d.data; - md_sk=p7->d.sign->md_algs; + data_body = PKCS7_get_octet_string(p7->d.sign->contents); + md_sk = p7->d.sign->md_algs; break; case NID_pkcs7_signedAndEnveloped: - rsk=p7->d.signed_and_enveloped->recipientinfo; - md_sk=p7->d.signed_and_enveloped->md_algs; - data_body=p7->d.signed_and_enveloped->enc_data->enc_data; - enc_alg=p7->d.signed_and_enveloped->enc_data->algorithm; - evp_cipher=EVP_get_cipherbyname(OBJ_nid2sn(OBJ_obj2nid(enc_alg->algorithm))); - if (evp_cipher == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE); + rsk = p7->d.signed_and_enveloped->recipientinfo; + md_sk = p7->d.signed_and_enveloped->md_algs; + data_body = p7->d.signed_and_enveloped->enc_data->enc_data; + enc_alg = p7->d.signed_and_enveloped->enc_data->algorithm; + evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm); + if (evp_cipher == NULL) { + PKCS7error(PKCS7_R_UNSUPPORTED_CIPHER_TYPE); goto err; - } - xalg=p7->d.signed_and_enveloped->enc_data->algorithm; + } break; case NID_pkcs7_enveloped: - rsk=p7->d.enveloped->recipientinfo; - enc_alg=p7->d.enveloped->enc_data->algorithm; - data_body=p7->d.enveloped->enc_data->enc_data; - evp_cipher=EVP_get_cipherbyname(OBJ_nid2sn(OBJ_obj2nid(enc_alg->algorithm))); - if (evp_cipher == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE); + rsk = p7->d.enveloped->recipientinfo; + enc_alg = p7->d.enveloped->enc_data->algorithm; + data_body = p7->d.enveloped->enc_data->enc_data; + evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm); + if (evp_cipher == NULL) { + PKCS7error(PKCS7_R_UNSUPPORTED_CIPHER_TYPE); goto err; - } - xalg=p7->d.enveloped->enc_data->algorithm; + } break; default: - PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); - goto err; - } + PKCS7error(PKCS7_R_UNSUPPORTED_CONTENT_TYPE); + goto err; + } /* We will be checking the signature */ - if (md_sk != NULL) - { - for (i=0; ialgorithm); - evp_md=EVP_get_digestbyname(OBJ_nid2sn(j)); - if (evp_md == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNKNOWN_DIGEST_TYPE); + j = OBJ_obj2nid(xa->algorithm); + evp_md = EVP_get_digestbynid(j); + if (evp_md == NULL) { + PKCS7error(PKCS7_R_UNKNOWN_DIGEST_TYPE); goto err; - } + } - BIO_set_md(btmp,evp_md); + BIO_set_md(btmp, evp_md); if (out == NULL) - out=btmp; + out = btmp; else - BIO_push(out,btmp); - btmp=NULL; - } + BIO_push(out, btmp); + btmp = NULL; } + } - if (evp_cipher != NULL) - { -#if 0 - unsigned char key[EVP_MAX_KEY_LENGTH]; - unsigned char iv[EVP_MAX_IV_LENGTH]; - unsigned char *p; - int keylen,ivlen; - int max; - X509_OBJECT ret; -#endif - int jj; - - if ((etmp=BIO_new(BIO_f_cipher())) == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_BIO_LIB); + if (evp_cipher != NULL) { + if ((etmp = BIO_new(BIO_f_cipher())) == NULL) { + PKCS7error(ERR_R_BIO_LIB); goto err; - } + } /* It was encrypted, we need to decrypt the secret key * with the private key */ @@ -397,341 +513,472 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) /* Find the recipientInfo which matches the passed certificate * (if any) */ - - for (i=0; iissuer_and_serial->issuer, - pcert->cert_info->issuer) && - !M_ASN1_INTEGER_cmp(pcert->cert_info->serialNumber, - ri->issuer_and_serial->serial)) break; - ri=NULL; - } - if (ri == NULL) { - PKCS7err(PKCS7_F_PKCS7_DATADECODE, - PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE); - goto err; + if (pcert) { + for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) { + ri = sk_PKCS7_RECIP_INFO_value(rsk, i); + if (!pkcs7_cmp_ri(ri, pcert)) + break; + ri = NULL; + } + if (ri == NULL) { + PKCS7error(PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE); + goto err; + } } - jj=EVP_PKEY_size(pkey); - tmp=(unsigned char *)OPENSSL_malloc(jj+10); - if (tmp == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_MALLOC_FAILURE); - goto err; - } + /* If we haven't got a certificate try each ri in turn */ + if (pcert == NULL) { + /* Always attempt to decrypt all rinfo even + * after sucess as a defence against MMA timing + * attacks. + */ + for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) { + ri = sk_PKCS7_RECIP_INFO_value(rsk, i); - jj=EVP_PKEY_decrypt(tmp, M_ASN1_STRING_data(ri->enc_key), - M_ASN1_STRING_length(ri->enc_key), pkey); - if (jj <= 0) - { - PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_EVP_LIB); - goto err; + if (pkcs7_decrypt_rinfo(&ek, &eklen, + ri, pkey) < 0) + goto err; + ERR_clear_error(); } + } else { + /* Only exit on fatal errors, not decrypt failure */ + if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey) < 0) + goto err; + ERR_clear_error(); + } - evp_ctx=NULL; - BIO_get_cipher_ctx(etmp,&evp_ctx); - EVP_CipherInit_ex(evp_ctx,evp_cipher,NULL,NULL,NULL,0); - if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0) + evp_ctx = NULL; + BIO_get_cipher_ctx(etmp, &evp_ctx); + if (EVP_CipherInit_ex(evp_ctx, evp_cipher, NULL, NULL, + NULL, 0) <= 0) + goto err; + if (EVP_CIPHER_asn1_to_param(evp_ctx, enc_alg->parameter) < 0) + goto err; + /* Generate random key as MMA defence */ + tkeylen = EVP_CIPHER_CTX_key_length(evp_ctx); + tkey = malloc(tkeylen); + if (!tkey) goto err; + if (EVP_CIPHER_CTX_rand_key(evp_ctx, tkey) <= 0) + goto err; + if (ek == NULL) { + ek = tkey; + eklen = tkeylen; + tkey = NULL; + } - if (jj != EVP_CIPHER_CTX_key_length(evp_ctx)) { + if (eklen != EVP_CIPHER_CTX_key_length(evp_ctx)) { /* Some S/MIME clients don't use the same key * and effective key length. The key length is * determined by the size of the decrypted RSA key. */ - if(!EVP_CIPHER_CTX_set_key_length(evp_ctx, jj)) - { - PKCS7err(PKCS7_F_PKCS7_DATADECODE, - PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH); - goto err; - } - } - EVP_CipherInit_ex(evp_ctx,NULL,NULL,tmp,NULL,0); + if (!EVP_CIPHER_CTX_set_key_length(evp_ctx, eklen)) { + /* Use random key as MMA defence */ + freezero(ek, eklen); + ek = tkey; + eklen = tkeylen; + tkey = NULL; + } + } + /* Clear errors so we don't leak information useful in MMA */ + ERR_clear_error(); + if (EVP_CipherInit_ex(evp_ctx, NULL, NULL, ek, NULL, 0) <= 0) + goto err; - memset(tmp,0,jj); + freezero(ek, eklen); + ek = NULL; + freezero(tkey, tkeylen); + tkey = NULL; if (out == NULL) - out=etmp; + out = etmp; else - BIO_push(out,etmp); - etmp=NULL; - } - -#if 1 - if (PKCS7_is_detached(p7) || (in_bio != NULL)) - { - bio=in_bio; - } - else - { -#if 0 - bio=BIO_new(BIO_s_mem()); - /* We need to set this so that when we have read all - * the data, the encrypt BIO, if present, will read - * EOF and encode the last few bytes */ - BIO_set_mem_eof_return(bio,0); - - if (data_body->length > 0) - BIO_write(bio,(char *)data_body->data,data_body->length); -#else - if (data_body->length > 0) - bio = BIO_new_mem_buf(data_body->data,data_body->length); + BIO_push(out, etmp); + etmp = NULL; + } + + if (PKCS7_is_detached(p7) || (in_bio != NULL)) { + bio = in_bio; + } else { + if (data_body != NULL && data_body->length > 0) + bio = BIO_new_mem_buf(data_body->data, data_body->length); else { - bio=BIO_new(BIO_s_mem()); - BIO_set_mem_eof_return(bio,0); + bio = BIO_new(BIO_s_mem()); + BIO_set_mem_eof_return(bio, 0); } -#endif - } - BIO_push(out,bio); - bio=NULL; -#endif - if (0) - { + if (bio == NULL) + goto err; + } + BIO_push(out, bio); + + if (0) { err: - if (out != NULL) BIO_free_all(out); - if (btmp != NULL) BIO_free_all(btmp); - if (etmp != NULL) BIO_free_all(etmp); - if (bio != NULL) BIO_free_all(bio); - out=NULL; + freezero(ek, eklen); + freezero(tkey, tkeylen); + if (out != NULL) + BIO_free_all(out); + if (btmp != NULL) + BIO_free_all(btmp); + if (etmp != NULL) + BIO_free_all(etmp); + out = NULL; + } + return (out); +} + +static BIO * +PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid) +{ + for (;;) { + bio = BIO_find_type(bio, BIO_TYPE_MD); + if (bio == NULL) { + PKCS7error(PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); + return NULL; + } + BIO_get_md_ctx(bio, pmd); + if (*pmd == NULL) { + PKCS7error(ERR_R_INTERNAL_ERROR); + return NULL; } - if (tmp != NULL) - OPENSSL_free(tmp); - return(out); + if (EVP_MD_CTX_type(*pmd) == nid) + return bio; + bio = BIO_next(bio); } + return NULL; +} -int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) - { - int ret=0; - int i,j; +static int +do_pkcs7_signed_attrib(PKCS7_SIGNER_INFO *si, EVP_MD_CTX *mctx) +{ + unsigned char md_data[EVP_MAX_MD_SIZE]; + unsigned int md_len; + + /* Add signing time if not already present */ + if (!PKCS7_get_signed_attribute(si, NID_pkcs9_signingTime)) { + if (!PKCS7_add0_attrib_signing_time(si, NULL)) { + PKCS7error(ERR_R_MALLOC_FAILURE); + return 0; + } + } + + /* Add digest */ + if (!EVP_DigestFinal_ex(mctx, md_data, &md_len)) { + PKCS7error(ERR_R_EVP_LIB); + return 0; + } + if (!PKCS7_add1_attrib_digest(si, md_data, md_len)) { + PKCS7error(ERR_R_MALLOC_FAILURE); + return 0; + } + + /* Now sign the attributes */ + if (!PKCS7_SIGNER_INFO_sign(si)) + return 0; + + return 1; +} + + +int +PKCS7_dataFinal(PKCS7 *p7, BIO *bio) +{ + int ret = 0; + int i, j; BIO *btmp; - BUF_MEM *buf_mem=NULL; - BUF_MEM *buf=NULL; PKCS7_SIGNER_INFO *si; - EVP_MD_CTX *mdc,ctx_tmp; + EVP_MD_CTX *mdc, ctx_tmp; STACK_OF(X509_ATTRIBUTE) *sk; - STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL; - ASN1_OCTET_STRING *os=NULL; + STACK_OF(PKCS7_SIGNER_INFO) *si_sk = NULL; + ASN1_OCTET_STRING *os = NULL; + + if (p7 == NULL) { + PKCS7error(PKCS7_R_INVALID_NULL_POINTER); + return 0; + } + + if (p7->d.ptr == NULL) { + PKCS7error(PKCS7_R_NO_CONTENT); + return 0; + } EVP_MD_CTX_init(&ctx_tmp); - i=OBJ_obj2nid(p7->type); - p7->state=PKCS7_S_HEADER; + i = OBJ_obj2nid(p7->type); + p7->state = PKCS7_S_HEADER; - switch (i) - { + switch (i) { + case NID_pkcs7_data: + os = p7->d.data; + break; case NID_pkcs7_signedAndEnveloped: - /* XXXXXXXXXXXXXXXX */ - si_sk=p7->d.signed_and_enveloped->signer_info; - os=M_ASN1_OCTET_STRING_new(); - p7->d.signed_and_enveloped->enc_data->enc_data=os; + /* XXX */ + si_sk = p7->d.signed_and_enveloped->signer_info; + os = p7->d.signed_and_enveloped->enc_data->enc_data; + if (!os) { + os = ASN1_OCTET_STRING_new(); + if (!os) { + PKCS7error(ERR_R_MALLOC_FAILURE); + goto err; + } + p7->d.signed_and_enveloped->enc_data->enc_data = os; + } break; case NID_pkcs7_enveloped: - /* XXXXXXXXXXXXXXXX */ - os=M_ASN1_OCTET_STRING_new(); - p7->d.enveloped->enc_data->enc_data=os; + /* XXX */ + os = p7->d.enveloped->enc_data->enc_data; + if (!os) { + os = ASN1_OCTET_STRING_new(); + if (!os) { + PKCS7error(ERR_R_MALLOC_FAILURE); + goto err; + } + p7->d.enveloped->enc_data->enc_data = os; + } break; case NID_pkcs7_signed: - si_sk=p7->d.sign->signer_info; - os=p7->d.sign->contents->d.data; + si_sk = p7->d.sign->signer_info; + os = PKCS7_get_octet_string(p7->d.sign->contents); + if (!PKCS7_is_detached(p7) && os == NULL) { + PKCS7error(PKCS7_R_DECODE_ERROR); + goto err; + } /* If detached data then the content is excluded */ - if(p7->detached) { - M_ASN1_OCTET_STRING_free(os); + if (PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) { + ASN1_OCTET_STRING_free(os); + os = NULL; p7->d.sign->contents->d.data = NULL; } break; - } - if (si_sk != NULL) - { - if ((buf=BUF_MEM_new()) == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_BIO_LIB); + case NID_pkcs7_digest: + os = PKCS7_get_octet_string(p7->d.digest->contents); + if (os == NULL) { + PKCS7error(PKCS7_R_DECODE_ERROR); goto err; - } - for (i=0; ipkey == NULL) continue; - - j=OBJ_obj2nid(si->digest_alg->algorithm); - - btmp=bio; - for (;;) - { - if ((btmp=BIO_find_type(btmp,BIO_TYPE_MD)) - == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); - goto err; - } - BIO_get_md_ctx(btmp,&mdc); - if (mdc == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_INTERNAL_ERROR); - goto err; - } - if (EVP_MD_CTX_type(mdc) == j) - break; - else - btmp=BIO_next(btmp); - } - + } + /* If detached data then the content is excluded */ + if (PKCS7_type_is_data(p7->d.digest->contents) && + p7->detached) { + ASN1_OCTET_STRING_free(os); + os = NULL; + p7->d.digest->contents->d.data = NULL; + } + break; + + default: + PKCS7error(PKCS7_R_UNSUPPORTED_CONTENT_TYPE); + goto err; + } + + if (si_sk != NULL) { + for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(si_sk); i++) { + si = sk_PKCS7_SIGNER_INFO_value(si_sk, i); + if (si->pkey == NULL) + continue; + + j = OBJ_obj2nid(si->digest_alg->algorithm); + + if ((btmp = PKCS7_find_digest(&mdc, bio, j)) == NULL) + goto err; + /* We now have the EVP_MD_CTX, lets do the * signing. */ - EVP_MD_CTX_copy_ex(&ctx_tmp,mdc); - if (!BUF_MEM_grow(buf,EVP_PKEY_size(si->pkey))) - { - PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_BIO_LIB); + if (!EVP_MD_CTX_copy_ex(&ctx_tmp, mdc)) goto err; - } - sk=si->auth_attr; + sk = si->auth_attr; /* If there are attributes, we add the digest * attribute and only sign the attributes */ - if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0)) - { - unsigned char md_data[EVP_MAX_MD_SIZE], *abuf=NULL; - unsigned int md_len, alen; - ASN1_OCTET_STRING *digest; - ASN1_UTCTIME *sign_time; - const EVP_MD *md_tmp; - - /* Add signing time if not already present */ - if (!PKCS7_get_signed_attribute(si, - NID_pkcs9_signingTime)) - { - sign_time=X509_gmtime_adj(NULL,0); - PKCS7_add_signed_attribute(si, - NID_pkcs9_signingTime, - V_ASN1_UTCTIME,sign_time); - } - - /* Add digest */ - md_tmp=EVP_MD_CTX_md(&ctx_tmp); - EVP_DigestFinal_ex(&ctx_tmp,md_data,&md_len); - digest=M_ASN1_OCTET_STRING_new(); - M_ASN1_OCTET_STRING_set(digest,md_data,md_len); - PKCS7_add_signed_attribute(si, - NID_pkcs9_messageDigest, - V_ASN1_OCTET_STRING,digest); - - /* Now sign the attributes */ - EVP_SignInit_ex(&ctx_tmp,md_tmp,NULL); - alen = ASN1_item_i2d((ASN1_VALUE *)sk,&abuf, - ASN1_ITEM_rptr(PKCS7_ATTR_SIGN)); - if(!abuf) goto err; - EVP_SignUpdate(&ctx_tmp,abuf,alen); - OPENSSL_free(abuf); - } - -#ifndef OPENSSL_NO_DSA - if (si->pkey->type == EVP_PKEY_DSA) - ctx_tmp.digest=EVP_dss1(); -#endif + if (sk_X509_ATTRIBUTE_num(sk) > 0) { + if (!do_pkcs7_signed_attrib(si, &ctx_tmp)) + goto err; + } else { + unsigned char *abuf = NULL; + unsigned int abuflen; + abuflen = EVP_PKEY_size(si->pkey); + abuf = malloc(abuflen); + if (!abuf) + goto err; - if (!EVP_SignFinal(&ctx_tmp,(unsigned char *)buf->data, - (unsigned int *)&buf->length,si->pkey)) - { - PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_EVP_LIB); - goto err; - } - if (!ASN1_STRING_set(si->enc_digest, - (unsigned char *)buf->data,buf->length)) - { - PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_ASN1_LIB); - goto err; + if (!EVP_SignFinal(&ctx_tmp, abuf, &abuflen, + si->pkey)) { + PKCS7error(ERR_R_EVP_LIB); + goto err; } + ASN1_STRING_set0(si->enc_digest, abuf, abuflen); } } + } else if (i == NID_pkcs7_digest) { + unsigned char md_data[EVP_MAX_MD_SIZE]; + unsigned int md_len; - if (!PKCS7_is_detached(p7)) - { - btmp=BIO_find_type(bio,BIO_TYPE_MEM); - if (btmp == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_UNABLE_TO_FIND_MEM_BIO); + if (!PKCS7_find_digest(&mdc, bio, + OBJ_obj2nid(p7->d.digest->md->algorithm))) goto err; - } - BIO_get_mem_ptr(btmp,&buf_mem); - /* Mark the BIO read only then we can use its copy of the data - * instead of making an extra copy. + if (!EVP_DigestFinal_ex(mdc, md_data, &md_len)) + goto err; + if (ASN1_STRING_set(p7->d.digest->digest, md_data, + md_len) == 0) + goto err; + } + + if (!PKCS7_is_detached(p7)) { + /* + * NOTE: only reach os == NULL here because detached + * digested data support is broken? */ - BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY); - BIO_set_mem_eof_return(btmp, 0); - os->data = (unsigned char *)buf_mem->data; - os->length = buf_mem->length; -#if 0 - M_ASN1_OCTET_STRING_set(os, - (unsigned char *)buf_mem->data,buf_mem->length); -#endif - } - ret=1; + if (os == NULL) + goto err; + if (!(os->flags & ASN1_STRING_FLAG_NDEF)) { + char *cont; + long contlen; + + btmp = BIO_find_type(bio, BIO_TYPE_MEM); + if (btmp == NULL) { + PKCS7error(PKCS7_R_UNABLE_TO_FIND_MEM_BIO); + goto err; + } + contlen = BIO_get_mem_data(btmp, &cont); + /* + * Mark the BIO read only then we can use its copy + * of the data instead of making an extra copy. + */ + BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY); + BIO_set_mem_eof_return(btmp, 0); + ASN1_STRING_set0(os, (unsigned char *)cont, contlen); + } + } + ret = 1; err: EVP_MD_CTX_cleanup(&ctx_tmp); - if (buf != NULL) BUF_MEM_free(buf); - return(ret); + return (ret); +} + +int +PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si) +{ + EVP_MD_CTX mctx; + EVP_PKEY_CTX *pctx; + unsigned char *abuf = NULL; + int alen; + size_t siglen; + const EVP_MD *md = NULL; + + md = EVP_get_digestbyobj(si->digest_alg->algorithm); + if (md == NULL) + return 0; + + EVP_MD_CTX_init(&mctx); + if (EVP_DigestSignInit(&mctx, &pctx, md, NULL, si->pkey) <= 0) + goto err; + + if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, + EVP_PKEY_CTRL_PKCS7_SIGN, 0, si) <= 0) { + PKCS7error(PKCS7_R_CTRL_ERROR); + goto err; } -int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio, - PKCS7 *p7, PKCS7_SIGNER_INFO *si) - { + alen = ASN1_item_i2d((ASN1_VALUE *)si->auth_attr, &abuf, + &PKCS7_ATTR_SIGN_it); + if (!abuf) + goto err; + if (EVP_DigestSignUpdate(&mctx, abuf, alen) <= 0) + goto err; + free(abuf); + abuf = NULL; + if (EVP_DigestSignFinal(&mctx, NULL, &siglen) <= 0) + goto err; + abuf = malloc(siglen); + if (!abuf) + goto err; + if (EVP_DigestSignFinal(&mctx, abuf, &siglen) <= 0) + goto err; + + if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, + EVP_PKEY_CTRL_PKCS7_SIGN, 1, si) <= 0) { + PKCS7error(PKCS7_R_CTRL_ERROR); + goto err; + } + + EVP_MD_CTX_cleanup(&mctx); + + ASN1_STRING_set0(si->enc_digest, abuf, siglen); + + return 1; + +err: + free(abuf); + EVP_MD_CTX_cleanup(&mctx); + return 0; +} + +int +PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio, + PKCS7 *p7, PKCS7_SIGNER_INFO *si) +{ PKCS7_ISSUER_AND_SERIAL *ias; - int ret=0,i; + int ret = 0, i; STACK_OF(X509) *cert; X509 *x509; - if (PKCS7_type_is_signed(p7)) - { - cert=p7->d.sign->cert; - } - else if (PKCS7_type_is_signedAndEnveloped(p7)) - { - cert=p7->d.signed_and_enveloped->cert; - } - else - { - PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_WRONG_PKCS7_TYPE); + if (p7 == NULL) { + PKCS7error(PKCS7_R_INVALID_NULL_POINTER); + return 0; + } + + if (p7->d.ptr == NULL) { + PKCS7error(PKCS7_R_NO_CONTENT); + return 0; + } + + if (PKCS7_type_is_signed(p7)) { + cert = p7->d.sign->cert; + } else if (PKCS7_type_is_signedAndEnveloped(p7)) { + cert = p7->d.signed_and_enveloped->cert; + } else { + PKCS7error(PKCS7_R_WRONG_PKCS7_TYPE); goto err; - } - /* XXXXXXXXXXXXXXXXXXXXXXX */ - ias=si->issuer_and_serial; + } + /* XXXX */ + ias = si->issuer_and_serial; - x509=X509_find_by_issuer_and_serial(cert,ias->issuer,ias->serial); + x509 = X509_find_by_issuer_and_serial(cert, ias->issuer, ias->serial); /* were we able to find the cert in passed to us */ - if (x509 == NULL) - { - PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_UNABLE_TO_FIND_CERTIFICATE); + if (x509 == NULL) { + PKCS7error(PKCS7_R_UNABLE_TO_FIND_CERTIFICATE); goto err; - } + } /* Lets verify */ - if(!X509_STORE_CTX_init(ctx,cert_store,x509,cert)) - { - PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,ERR_R_X509_LIB); + if (!X509_STORE_CTX_init(ctx, cert_store, x509, cert)) { + PKCS7error(ERR_R_X509_LIB); goto err; - } - X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN); - i=X509_verify_cert(ctx); - if (i <= 0) - { - PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,ERR_R_X509_LIB); + } + if (X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN) == 0) { X509_STORE_CTX_cleanup(ctx); goto err; - } + } + i = X509_verify_cert(ctx); + if (i <= 0) { + PKCS7error(ERR_R_X509_LIB); + X509_STORE_CTX_cleanup(ctx); + goto err; + } X509_STORE_CTX_cleanup(ctx); return PKCS7_signatureVerify(bio, p7, si, x509); - err: +err: + return ret; - } +} -int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, - X509 *x509) - { +int +PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, X509 *x509) +{ ASN1_OCTET_STRING *os; - EVP_MD_CTX mdc_tmp,*mdc; - int ret=0,i; + EVP_MD_CTX mdc_tmp, *mdc; + int ret = 0, i; int md_type; STACK_OF(X509_ATTRIBUTE) *sk; BIO *btmp; @@ -739,241 +986,257 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, EVP_MD_CTX_init(&mdc_tmp); - if (!PKCS7_type_is_signed(p7) && - !PKCS7_type_is_signedAndEnveloped(p7)) { - PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, - PKCS7_R_WRONG_PKCS7_TYPE); + if (!PKCS7_type_is_signed(p7) && + !PKCS7_type_is_signedAndEnveloped(p7)) { + PKCS7error(PKCS7_R_WRONG_PKCS7_TYPE); goto err; } - md_type=OBJ_obj2nid(si->digest_alg->algorithm); + md_type = OBJ_obj2nid(si->digest_alg->algorithm); - btmp=bio; - for (;;) - { + btmp = bio; + for (;;) { if ((btmp == NULL) || - ((btmp=BIO_find_type(btmp,BIO_TYPE_MD)) == NULL)) - { - PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, - PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); + ((btmp = BIO_find_type(btmp, BIO_TYPE_MD)) == NULL)) { + PKCS7error(PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); goto err; - } - BIO_get_md_ctx(btmp,&mdc); - if (mdc == NULL) - { - PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, - ERR_R_INTERNAL_ERROR); + } + BIO_get_md_ctx(btmp, &mdc); + if (mdc == NULL) { + PKCS7error(ERR_R_INTERNAL_ERROR); goto err; - } + } if (EVP_MD_CTX_type(mdc) == md_type) break; - btmp=BIO_next(btmp); - } + /* Workaround for some broken clients that put the signature + * OID instead of the digest OID in digest_alg->algorithm + */ + if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type) + break; + btmp = BIO_next(btmp); + } /* mdc is the digest ctx that we want, unless there are attributes, * in which case the digest is the signed attributes */ - EVP_MD_CTX_copy_ex(&mdc_tmp,mdc); + if (!EVP_MD_CTX_copy_ex(&mdc_tmp, mdc)) + goto err; - sk=si->auth_attr; - if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0)) - { + sk = si->auth_attr; + if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0)) { unsigned char md_dat[EVP_MAX_MD_SIZE], *abuf = NULL; - unsigned int md_len, alen; + unsigned int md_len; + int alen; ASN1_OCTET_STRING *message_digest; - EVP_DigestFinal_ex(&mdc_tmp,md_dat,&md_len); - message_digest=PKCS7_digest_from_attributes(sk); - if (!message_digest) - { - PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, - PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); + if (!EVP_DigestFinal_ex(&mdc_tmp, md_dat, &md_len)) goto err; - } + message_digest = PKCS7_digest_from_attributes(sk); + if (!message_digest) { + PKCS7error(PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); + goto err; + } if ((message_digest->length != (int)md_len) || - (memcmp(message_digest->data,md_dat,md_len))) - { -#if 0 -{ -int ii; -for (ii=0; iilength; ii++) - printf("%02X",message_digest->data[ii]); printf(" sent\n"); -for (ii=0; iidata, md_dat, md_len))) { + PKCS7error(PKCS7_R_DIGEST_FAILURE); + ret = -1; goto err; - } + } - EVP_VerifyInit_ex(&mdc_tmp,EVP_get_digestbynid(md_type), NULL); + if (!EVP_VerifyInit_ex(&mdc_tmp, EVP_get_digestbynid(md_type), + NULL)) + goto err; alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf, - ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY)); - EVP_VerifyUpdate(&mdc_tmp, abuf, alen); - - OPENSSL_free(abuf); + &PKCS7_ATTR_VERIFY_it); + if (alen <= 0) { + PKCS7error(ERR_R_ASN1_LIB); + ret = -1; + goto err; } + if (!EVP_VerifyUpdate(&mdc_tmp, abuf, alen)) + goto err; - os=si->enc_digest; + free(abuf); + } + + os = si->enc_digest; pkey = X509_get_pubkey(x509); - if (!pkey) - { + if (!pkey) { ret = -1; goto err; - } -#ifndef OPENSSL_NO_DSA - if(pkey->type == EVP_PKEY_DSA) mdc_tmp.digest=EVP_dss1(); -#endif + } - i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey); + i = EVP_VerifyFinal(&mdc_tmp, os->data, os->length, pkey); EVP_PKEY_free(pkey); - if (i <= 0) - { - PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, - PKCS7_R_SIGNATURE_FAILURE); - ret= -1; + if (i <= 0) { + PKCS7error(PKCS7_R_SIGNATURE_FAILURE); + ret = -1; goto err; - } - else - ret=1; + } else + ret = 1; err: EVP_MD_CTX_cleanup(&mdc_tmp); - return(ret); - } + return (ret); +} -PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx) - { +PKCS7_ISSUER_AND_SERIAL * +PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx) +{ STACK_OF(PKCS7_RECIP_INFO) *rsk; PKCS7_RECIP_INFO *ri; int i; - i=OBJ_obj2nid(p7->type); - if (i != NID_pkcs7_signedAndEnveloped) return(NULL); - rsk=p7->d.signed_and_enveloped->recipientinfo; - ri=sk_PKCS7_RECIP_INFO_value(rsk,0); - if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx) return(NULL); - ri=sk_PKCS7_RECIP_INFO_value(rsk,idx); - return(ri->issuer_and_serial); - } + i = OBJ_obj2nid(p7->type); + if (i != NID_pkcs7_signedAndEnveloped) + return NULL; + if (p7->d.signed_and_enveloped == NULL) + return NULL; + rsk = p7->d.signed_and_enveloped->recipientinfo; + if (rsk == NULL) + return NULL; + ri = sk_PKCS7_RECIP_INFO_value(rsk, 0); + if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx) + return (NULL); + ri = sk_PKCS7_RECIP_INFO_value(rsk, idx); + return (ri->issuer_and_serial); +} -ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid) - { - return(get_attribute(si->auth_attr,nid)); - } +ASN1_TYPE * +PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid) +{ + return (get_attribute(si->auth_attr, nid)); +} -ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid) - { - return(get_attribute(si->unauth_attr,nid)); - } +ASN1_TYPE * +PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid) +{ + return (get_attribute(si->unauth_attr, nid)); +} -static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid) - { +static ASN1_TYPE * +get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid) +{ int i; X509_ATTRIBUTE *xa; ASN1_OBJECT *o; - o=OBJ_nid2obj(nid); - if (!o || !sk) return(NULL); - for (i=0; iobject,o) == 0) - { + o = OBJ_nid2obj(nid); + if (!o || !sk) + return (NULL); + for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) { + xa = sk_X509_ATTRIBUTE_value(sk, i); + if (OBJ_cmp(xa->object, o) == 0) { if (!xa->single && sk_ASN1_TYPE_num(xa->value.set)) - return(sk_ASN1_TYPE_value(xa->value.set,0)); + return (sk_ASN1_TYPE_value(xa->value.set, 0)); else - return(NULL); - } + return (NULL); } - return(NULL); } + return (NULL); +} -ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk) +ASN1_OCTET_STRING * +PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk) { ASN1_TYPE *astype; - if(!(astype = get_attribute(sk, NID_pkcs9_messageDigest))) return NULL; + + if (!(astype = get_attribute(sk, NID_pkcs9_messageDigest))) + return NULL; + if (astype->type != V_ASN1_OCTET_STRING) + return NULL; return astype->value.octet_string; } -int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si, - STACK_OF(X509_ATTRIBUTE) *sk) - { +int +PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si, + STACK_OF(X509_ATTRIBUTE) *sk) +{ int i; if (p7si->auth_attr != NULL) - sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr,X509_ATTRIBUTE_free); - p7si->auth_attr=sk_X509_ATTRIBUTE_dup(sk); - for (i=0; iauth_attr,i, - X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk,i)))) + sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr, + X509_ATTRIBUTE_free); + p7si->auth_attr = sk_X509_ATTRIBUTE_dup(sk); + if (p7si->auth_attr == NULL) + return 0; + for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) { + if ((sk_X509_ATTRIBUTE_set(p7si->auth_attr, i, + X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk, i)))) == NULL) - return(0); - } - return(1); + return (0); } + return (1); +} -int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, STACK_OF(X509_ATTRIBUTE) *sk) - { +int +PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, STACK_OF(X509_ATTRIBUTE) *sk) +{ int i; if (p7si->unauth_attr != NULL) sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr, - X509_ATTRIBUTE_free); - p7si->unauth_attr=sk_X509_ATTRIBUTE_dup(sk); - for (i=0; iunauth_attr,i, - X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk,i)))) + X509_ATTRIBUTE_free); + p7si->unauth_attr = sk_X509_ATTRIBUTE_dup(sk); + if (p7si->unauth_attr == NULL) + return 0; + for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) { + if ((sk_X509_ATTRIBUTE_set(p7si->unauth_attr, i, + X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk, i)))) == NULL) - return(0); - } - return(1); + return (0); } + return (1); +} -int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, - void *value) - { - return(add_attribute(&(p7si->auth_attr),nid,atrtype,value)); - } +int +PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, + void *value) +{ + return (add_attribute(&(p7si->auth_attr), nid, atrtype, value)); +} -int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, - void *value) - { - return(add_attribute(&(p7si->unauth_attr),nid,atrtype,value)); - } +int +PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, void *value) +{ + return (add_attribute(&(p7si->unauth_attr), nid, atrtype, value)); +} -static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, - void *value) - { - X509_ATTRIBUTE *attr=NULL; +static int +add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, void *value) +{ + X509_ATTRIBUTE *attr = NULL; - if (*sk == NULL) - { + if (*sk == NULL) { *sk = sk_X509_ATTRIBUTE_new_null(); + if (*sk == NULL) + return 0; new_attrib: - attr=X509_ATTRIBUTE_create(nid,atrtype,value); - sk_X509_ATTRIBUTE_push(*sk,attr); + if (!(attr = X509_ATTRIBUTE_create(nid, atrtype, value))) + return 0; + if (!sk_X509_ATTRIBUTE_push(*sk, attr)) { + X509_ATTRIBUTE_free(attr); + return 0; } - else - { + } else { int i; - for (i=0; iobject) == nid) - { + for (i = 0; i < sk_X509_ATTRIBUTE_num(*sk); i++) { + attr = sk_X509_ATTRIBUTE_value(*sk, i); + if (OBJ_obj2nid(attr->object) == nid) { X509_ATTRIBUTE_free(attr); - attr=X509_ATTRIBUTE_create(nid,atrtype,value); - sk_X509_ATTRIBUTE_set(*sk,i,attr); - goto end; + attr = X509_ATTRIBUTE_create(nid, atrtype, + value); + if (attr == NULL) + return 0; + if (!sk_X509_ATTRIBUTE_set(*sk, i, attr)) { + X509_ATTRIBUTE_free(attr); + return 0; } + goto end; } - goto new_attrib; } -end: - return(1); + goto new_attrib; } - +end: + return (1); +} diff --git a/src/lib/libcrypto/pkcs7/pk7_enc.c b/src/lib/libcrypto/pkcs7/pk7_enc.c deleted file mode 100644 index acbb189c59a..00000000000 --- a/src/lib/libcrypto/pkcs7/pk7_enc.c +++ /dev/null @@ -1,76 +0,0 @@ -/* crypto/pkcs7/pk7_enc.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include "cryptlib.h" -#include -#include -#include -#include -#include - -PKCS7_in_bio(PKCS7 *p7,BIO *in); -PKCS7_out_bio(PKCS7 *p7,BIO *out); - -PKCS7_add_signer(PKCS7 *p7,X509 *cert,EVP_PKEY *key); -PKCS7_cipher(PKCS7 *p7,EVP_CIPHER *cipher); - -PKCS7_Init(PKCS7 *p7); -PKCS7_Update(PKCS7 *p7); -PKCS7_Finish(PKCS7 *p7); - diff --git a/src/lib/libcrypto/pkcs7/pk7_lib.c b/src/lib/libcrypto/pkcs7/pk7_lib.c index c00ed6833a5..28f812a811d 100644 --- a/src/lib/libcrypto/pkcs7/pk7_lib.c +++ b/src/lib/libcrypto/pkcs7/pk7_lib.c @@ -1,25 +1,25 @@ -/* crypto/pkcs7/pk7_lib.c */ +/* $OpenBSD: pk7_lib.c,v 1.20 2019/03/13 20:34:00 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,421 +57,597 @@ */ #include -#include "cryptlib.h" + +#include #include #include -long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg) - { +#include "asn1_locl.h" + +long +PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg) +{ int nid; long ret; - nid=OBJ_obj2nid(p7->type); + nid = OBJ_obj2nid(p7->type); - switch (cmd) - { + switch (cmd) { case PKCS7_OP_SET_DETACHED_SIGNATURE: - if (nid == NID_pkcs7_signed) - { - ret=p7->detached=(int)larg; - } - else - { - PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE); - ret=0; + if (nid == NID_pkcs7_signed) { + ret = p7->detached = (int)larg; + if (ret && PKCS7_type_is_data(p7->d.sign->contents)) { + ASN1_OCTET_STRING *os; + os = p7->d.sign->contents->d.data; + ASN1_OCTET_STRING_free(os); + p7->d.sign->contents->d.data = NULL; } + } else { + PKCS7error(PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE); + ret = 0; + } break; case PKCS7_OP_GET_DETACHED_SIGNATURE: - if (nid == NID_pkcs7_signed) - { - if(!p7->d.sign || !p7->d.sign->contents->d.ptr) + if (nid == NID_pkcs7_signed) { + if (!p7->d.sign || !p7->d.sign->contents->d.ptr) ret = 1; - else ret = 0; - + else + ret = 0; + p7->detached = ret; - } - else - { - PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE); - ret=0; - } - + } else { + PKCS7error(PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE); + ret = 0; + } + break; default: - PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_UNKNOWN_OPERATION); - ret=0; - } - return(ret); + PKCS7error(PKCS7_R_UNKNOWN_OPERATION); + ret = 0; } + return (ret); +} -int PKCS7_content_new(PKCS7 *p7, int type) - { - PKCS7 *ret=NULL; +int +PKCS7_content_new(PKCS7 *p7, int type) +{ + PKCS7 *ret = NULL; - if ((ret=PKCS7_new()) == NULL) goto err; - if (!PKCS7_set_type(ret,type)) goto err; - if (!PKCS7_set_content(p7,ret)) goto err; + if ((ret = PKCS7_new()) == NULL) + goto err; + if (!PKCS7_set_type(ret, type)) + goto err; + if (!PKCS7_set_content(p7, ret)) + goto err; - return(1); + return (1); err: - if (ret != NULL) PKCS7_free(ret); - return(0); - } - -int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data) - { + if (ret != NULL) + PKCS7_free(ret); + return (0); +} + +int +PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data) +{ int i; - i=OBJ_obj2nid(p7->type); - switch (i) - { + i = OBJ_obj2nid(p7->type); + switch (i) { case NID_pkcs7_signed: if (p7->d.sign->contents != NULL) PKCS7_free(p7->d.sign->contents); - p7->d.sign->contents=p7_data; + p7->d.sign->contents = p7_data; break; case NID_pkcs7_digest: + if (p7->d.digest->contents != NULL) + PKCS7_free(p7->d.digest->contents); + p7->d.digest->contents = p7_data; + break; case NID_pkcs7_data: case NID_pkcs7_enveloped: case NID_pkcs7_signedAndEnveloped: case NID_pkcs7_encrypted: default: - PKCS7err(PKCS7_F_PKCS7_SET_CONTENT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); + PKCS7error(PKCS7_R_UNSUPPORTED_CONTENT_TYPE); goto err; - } - return(1); -err: - return(0); } + return (1); +err: + return (0); +} -int PKCS7_set_type(PKCS7 *p7, int type) - { +int +PKCS7_set_type(PKCS7 *p7, int type) +{ ASN1_OBJECT *obj; /*PKCS7_content_free(p7);*/ obj=OBJ_nid2obj(type); /* will not fail */ - switch (type) - { + switch (type) { case NID_pkcs7_signed: - p7->type=obj; - if ((p7->d.sign=PKCS7_SIGNED_new()) == NULL) + p7->type = obj; + if ((p7->d.sign = PKCS7_SIGNED_new()) == NULL) + goto err; + if (!ASN1_INTEGER_set(p7->d.sign->version, 1)) { + PKCS7_SIGNED_free(p7->d.sign); + p7->d.sign = NULL; goto err; - ASN1_INTEGER_set(p7->d.sign->version,1); + } break; case NID_pkcs7_data: - p7->type=obj; - if ((p7->d.data=M_ASN1_OCTET_STRING_new()) == NULL) + p7->type = obj; + if ((p7->d.data = ASN1_OCTET_STRING_new()) == NULL) goto err; break; case NID_pkcs7_signedAndEnveloped: - p7->type=obj; - if ((p7->d.signed_and_enveloped=PKCS7_SIGN_ENVELOPE_new()) - == NULL) goto err; - ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1); - p7->d.signed_and_enveloped->enc_data->content_type - = OBJ_nid2obj(NID_pkcs7_data); + p7->type = obj; + if ((p7->d.signed_and_enveloped = + PKCS7_SIGN_ENVELOPE_new()) == NULL) + goto err; + ASN1_INTEGER_set(p7->d.signed_and_enveloped->version, 1); + if (!ASN1_INTEGER_set(p7->d.signed_and_enveloped->version, 1)) + goto err; + p7->d.signed_and_enveloped->enc_data->content_type = + OBJ_nid2obj(NID_pkcs7_data); break; case NID_pkcs7_enveloped: - p7->type=obj; - if ((p7->d.enveloped=PKCS7_ENVELOPE_new()) - == NULL) goto err; - ASN1_INTEGER_set(p7->d.enveloped->version,0); - p7->d.enveloped->enc_data->content_type - = OBJ_nid2obj(NID_pkcs7_data); + p7->type = obj; + if ((p7->d.enveloped = PKCS7_ENVELOPE_new()) == NULL) + goto err; + if (!ASN1_INTEGER_set(p7->d.enveloped->version, 0)) + goto err; + p7->d.enveloped->enc_data->content_type = + OBJ_nid2obj(NID_pkcs7_data); break; case NID_pkcs7_encrypted: - p7->type=obj; - if ((p7->d.encrypted=PKCS7_ENCRYPT_new()) - == NULL) goto err; - ASN1_INTEGER_set(p7->d.encrypted->version,0); - p7->d.encrypted->enc_data->content_type - = OBJ_nid2obj(NID_pkcs7_data); + p7->type = obj; + if ((p7->d.encrypted = PKCS7_ENCRYPT_new()) == NULL) + goto err; + if (!ASN1_INTEGER_set(p7->d.encrypted->version, 0)) + goto err; + p7->d.encrypted->enc_data->content_type = + OBJ_nid2obj(NID_pkcs7_data); break; case NID_pkcs7_digest: + p7->type = obj; + if ((p7->d.digest = PKCS7_DIGEST_new()) == NULL) + goto err; + if (!ASN1_INTEGER_set(p7->d.digest->version, 0)) + goto err; + break; default: - PKCS7err(PKCS7_F_PKCS7_SET_TYPE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); + PKCS7error(PKCS7_R_UNSUPPORTED_CONTENT_TYPE); goto err; - } - return(1); -err: - return(0); } + return (1); +err: + return (0); +} + +int +PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other) +{ + p7->type = OBJ_nid2obj(type); + p7->d.other = other; + return 1; +} -int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi) - { - int i,j,nid; +int +PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi) +{ + int i, j, nid; X509_ALGOR *alg; STACK_OF(PKCS7_SIGNER_INFO) *signer_sk; STACK_OF(X509_ALGOR) *md_sk; - i=OBJ_obj2nid(p7->type); - switch (i) - { + i = OBJ_obj2nid(p7->type); + switch (i) { case NID_pkcs7_signed: - signer_sk= p7->d.sign->signer_info; - md_sk= p7->d.sign->md_algs; + signer_sk = p7->d.sign->signer_info; + md_sk = p7->d.sign->md_algs; break; case NID_pkcs7_signedAndEnveloped: - signer_sk= p7->d.signed_and_enveloped->signer_info; - md_sk= p7->d.signed_and_enveloped->md_algs; + signer_sk = p7->d.signed_and_enveloped->signer_info; + md_sk = p7->d.signed_and_enveloped->md_algs; break; default: - PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,PKCS7_R_WRONG_CONTENT_TYPE); - return(0); - } + PKCS7error(PKCS7_R_WRONG_CONTENT_TYPE); + return (0); + } - nid=OBJ_obj2nid(psi->digest_alg->algorithm); + nid = OBJ_obj2nid(psi->digest_alg->algorithm); /* If the digest is not currently listed, add it */ - j=0; - for (i=0; ialgorithm) == nid) - { - j=1; + j = 0; + for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) { + alg = sk_X509_ALGOR_value(md_sk, i); + if (OBJ_obj2nid(alg->algorithm) == nid) { + j = 1; break; - } } + } if (!j) /* we need to add another algorithm */ - { - if(!(alg=X509_ALGOR_new()) - || !(alg->parameter = ASN1_TYPE_new())) { - PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,ERR_R_MALLOC_FAILURE); - return(0); + { + if (!(alg = X509_ALGOR_new()) || + !(alg->parameter = ASN1_TYPE_new())) { + X509_ALGOR_free(alg); + PKCS7error(ERR_R_MALLOC_FAILURE); + return (0); } - alg->algorithm=OBJ_nid2obj(nid); + alg->algorithm = OBJ_nid2obj(nid); alg->parameter->type = V_ASN1_NULL; - sk_X509_ALGOR_push(md_sk,alg); + if (!sk_X509_ALGOR_push(md_sk, alg)) { + X509_ALGOR_free(alg); + return 0; } - - sk_PKCS7_SIGNER_INFO_push(signer_sk,psi); - return(1); } -int PKCS7_add_certificate(PKCS7 *p7, X509 *x509) - { + if (!sk_PKCS7_SIGNER_INFO_push(signer_sk, psi)) + return 0; + return (1); +} + +int +PKCS7_add_certificate(PKCS7 *p7, X509 *x509) +{ int i; STACK_OF(X509) **sk; - i=OBJ_obj2nid(p7->type); - switch (i) - { + i = OBJ_obj2nid(p7->type); + switch (i) { case NID_pkcs7_signed: - sk= &(p7->d.sign->cert); + sk = &(p7->d.sign->cert); break; case NID_pkcs7_signedAndEnveloped: - sk= &(p7->d.signed_and_enveloped->cert); + sk = &(p7->d.signed_and_enveloped->cert); break; default: - PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE,PKCS7_R_WRONG_CONTENT_TYPE); - return(0); - } + PKCS7error(PKCS7_R_WRONG_CONTENT_TYPE); + return (0); + } if (*sk == NULL) - *sk=sk_X509_new_null(); - CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509); - sk_X509_push(*sk,x509); - return(1); + *sk = sk_X509_new_null(); + if (*sk == NULL) { + PKCS7error(ERR_R_MALLOC_FAILURE); + return 0; + } + CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509); + if (!sk_X509_push(*sk, x509)) { + X509_free(x509); + return 0; } + return (1); +} -int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl) - { +int +PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl) +{ int i; STACK_OF(X509_CRL) **sk; - i=OBJ_obj2nid(p7->type); - switch (i) - { + i = OBJ_obj2nid(p7->type); + switch (i) { case NID_pkcs7_signed: - sk= &(p7->d.sign->crl); + sk = &(p7->d.sign->crl); break; case NID_pkcs7_signedAndEnveloped: - sk= &(p7->d.signed_and_enveloped->crl); + sk = &(p7->d.signed_and_enveloped->crl); break; default: - PKCS7err(PKCS7_F_PKCS7_ADD_CRL,PKCS7_R_WRONG_CONTENT_TYPE); - return(0); - } + PKCS7error(PKCS7_R_WRONG_CONTENT_TYPE); + return (0); + } if (*sk == NULL) - *sk=sk_X509_CRL_new_null(); + *sk = sk_X509_CRL_new_null(); + if (*sk == NULL) { + PKCS7error(ERR_R_MALLOC_FAILURE); + return 0; + } - CRYPTO_add(&crl->references,1,CRYPTO_LOCK_X509_CRL); - sk_X509_CRL_push(*sk,crl); - return(1); + CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL); + if (!sk_X509_CRL_push(*sk, crl)) { + X509_CRL_free(crl); + return 0; } + return (1); +} + +int +PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, + const EVP_MD *dgst) +{ + int ret; -int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, - const EVP_MD *dgst) - { - char is_dsa; - if (pkey->type == EVP_PKEY_DSA) is_dsa = 1; - else is_dsa = 0; /* We now need to add another PKCS7_SIGNER_INFO entry */ - ASN1_INTEGER_set(p7i->version,1); - X509_NAME_set(&p7i->issuer_and_serial->issuer, - X509_get_issuer_name(x509)); + if (!ASN1_INTEGER_set(p7i->version, 1)) + goto err; + if (!X509_NAME_set(&p7i->issuer_and_serial->issuer, + X509_get_issuer_name(x509))) + goto err; /* because ASN1_INTEGER_set is used to set a 'long' we will do * things the ugly way. */ - M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial); - p7i->issuer_and_serial->serial= - M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)); + ASN1_INTEGER_free(p7i->issuer_and_serial->serial); + if (!(p7i->issuer_and_serial->serial = + ASN1_INTEGER_dup(X509_get_serialNumber(x509)))) + goto err; /* lets keep the pkey around for a while */ - CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); - p7i->pkey=pkey; + CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); + p7i->pkey = pkey; /* Set the algorithms */ - if (is_dsa) p7i->digest_alg->algorithm=OBJ_nid2obj(NID_sha1); - else - p7i->digest_alg->algorithm=OBJ_nid2obj(EVP_MD_type(dgst)); - if (p7i->digest_alg->parameter != NULL) - ASN1_TYPE_free(p7i->digest_alg->parameter); - if ((p7i->digest_alg->parameter=ASN1_TYPE_new()) == NULL) - goto err; - p7i->digest_alg->parameter->type=V_ASN1_NULL; - - p7i->digest_enc_alg->algorithm=OBJ_nid2obj(EVP_PKEY_type(pkey->type)); - - if (p7i->digest_enc_alg->parameter != NULL) - ASN1_TYPE_free(p7i->digest_enc_alg->parameter); - if(is_dsa) p7i->digest_enc_alg->parameter = NULL; - else { - if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new())) - goto err; - p7i->digest_enc_alg->parameter->type=V_ASN1_NULL; + X509_ALGOR_set0(p7i->digest_alg, OBJ_nid2obj(EVP_MD_type(dgst)), + V_ASN1_NULL, NULL); + + if (pkey->ameth && pkey->ameth->pkey_ctrl) { + ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_SIGN, + 0, p7i); + if (ret > 0) + return 1; + if (ret != -2) { + PKCS7error(PKCS7_R_SIGNING_CTRL_FAILURE); + return 0; + } } - - return(1); + PKCS7error(PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); err: - return(0); - } + return 0; +} -PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey, - const EVP_MD *dgst) - { - PKCS7_SIGNER_INFO *si; +PKCS7_SIGNER_INFO * +PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey, const EVP_MD *dgst) +{ + PKCS7_SIGNER_INFO *si = NULL; - if ((si=PKCS7_SIGNER_INFO_new()) == NULL) goto err; - if (!PKCS7_SIGNER_INFO_set(si,x509,pkey,dgst)) goto err; - if (!PKCS7_add_signer(p7,si)) goto err; - return(si); -err: - return(NULL); + if (dgst == NULL) { + int def_nid; + if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0) + goto err; + dgst = EVP_get_digestbynid(def_nid); + if (dgst == NULL) { + PKCS7error(PKCS7_R_NO_DEFAULT_DIGEST); + goto err; + } } -STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7) - { - if (PKCS7_type_is_signed(p7)) - { - return(p7->d.sign->signer_info); - } - else if (PKCS7_type_is_signedAndEnveloped(p7)) - { - return(p7->d.signed_and_enveloped->signer_info); + if ((si = PKCS7_SIGNER_INFO_new()) == NULL) + goto err; + if (!PKCS7_SIGNER_INFO_set(si, x509, pkey, dgst)) + goto err; + if (!PKCS7_add_signer(p7, si)) + goto err; + return (si); +err: + if (si) + PKCS7_SIGNER_INFO_free(si); + return (NULL); +} + +int +PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md) +{ + if (PKCS7_type_is_digest(p7)) { + if (!(p7->d.digest->md->parameter = ASN1_TYPE_new())) { + PKCS7error(ERR_R_MALLOC_FAILURE); + return 0; } - else - return(NULL); + p7->d.digest->md->parameter->type = V_ASN1_NULL; + p7->d.digest->md->algorithm = OBJ_nid2obj(EVP_MD_nid(md)); + return 1; } -PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509) - { + PKCS7error(PKCS7_R_WRONG_CONTENT_TYPE); + return 1; +} + +STACK_OF(PKCS7_SIGNER_INFO) * +PKCS7_get_signer_info(PKCS7 *p7) +{ + if (p7 == NULL || p7->d.ptr == NULL) + return (NULL); + if (PKCS7_type_is_signed(p7)) { + return (p7->d.sign->signer_info); + } else if (PKCS7_type_is_signedAndEnveloped(p7)) { + return (p7->d.signed_and_enveloped->signer_info); + } else + return (NULL); +} + +void +PKCS7_SIGNER_INFO_get0_algs(PKCS7_SIGNER_INFO *si, EVP_PKEY **pk, + X509_ALGOR **pdig, X509_ALGOR **psig) +{ + if (pk) + *pk = si->pkey; + if (pdig) + *pdig = si->digest_alg; + if (psig) + *psig = si->digest_enc_alg; +} + +void +PKCS7_RECIP_INFO_get0_alg(PKCS7_RECIP_INFO *ri, X509_ALGOR **penc) +{ + if (penc) + *penc = ri->key_enc_algor; +} + +PKCS7_RECIP_INFO * +PKCS7_add_recipient(PKCS7 *p7, X509 *x509) +{ PKCS7_RECIP_INFO *ri; - if ((ri=PKCS7_RECIP_INFO_new()) == NULL) goto err; - if (!PKCS7_RECIP_INFO_set(ri,x509)) goto err; - if (!PKCS7_add_recipient_info(p7,ri)) goto err; - return(ri); + if ((ri = PKCS7_RECIP_INFO_new()) == NULL) + goto err; + if (!PKCS7_RECIP_INFO_set(ri, x509)) + goto err; + if (!PKCS7_add_recipient_info(p7, ri)) + goto err; + return ri; err: - return(NULL); - } - -int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri) - { + if (ri) + PKCS7_RECIP_INFO_free(ri); + return NULL; +} + +int +PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri) +{ int i; STACK_OF(PKCS7_RECIP_INFO) *sk; - i=OBJ_obj2nid(p7->type); - switch (i) - { + i = OBJ_obj2nid(p7->type); + switch (i) { case NID_pkcs7_signedAndEnveloped: - sk= p7->d.signed_and_enveloped->recipientinfo; + sk = p7->d.signed_and_enveloped->recipientinfo; break; case NID_pkcs7_enveloped: - sk= p7->d.enveloped->recipientinfo; + sk = p7->d.enveloped->recipientinfo; break; default: - PKCS7err(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,PKCS7_R_WRONG_CONTENT_TYPE); - return(0); - } + PKCS7error(PKCS7_R_WRONG_CONTENT_TYPE); + return (0); + } - sk_PKCS7_RECIP_INFO_push(sk,ri); - return(1); + if (!sk_PKCS7_RECIP_INFO_push(sk, ri)) + return 0; + return (1); +} + +int +PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509) +{ + int ret; + EVP_PKEY *pkey = NULL; + if (!ASN1_INTEGER_set(p7i->version, 0)) + return 0; + if (!X509_NAME_set(&p7i->issuer_and_serial->issuer, + X509_get_issuer_name(x509))) + return 0; + + ASN1_INTEGER_free(p7i->issuer_and_serial->serial); + if (!(p7i->issuer_and_serial->serial = + ASN1_INTEGER_dup(X509_get_serialNumber(x509)))) + return 0; + + pkey = X509_get_pubkey(x509); + + if (!pkey || !pkey->ameth || !pkey->ameth->pkey_ctrl) { + PKCS7error(PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); + goto err; } -int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509) - { - ASN1_INTEGER_set(p7i->version,0); - X509_NAME_set(&p7i->issuer_and_serial->issuer, - X509_get_issuer_name(x509)); + ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_ENCRYPT, + 0, p7i); + if (ret == -2) { + PKCS7error(PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE); + goto err; + } + if (ret <= 0) { + PKCS7error(PKCS7_R_ENCRYPTION_CTRL_FAILURE); + goto err; + } - M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial); - p7i->issuer_and_serial->serial= - M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)); + EVP_PKEY_free(pkey); - X509_ALGOR_free(p7i->key_enc_algor); - p7i->key_enc_algor= X509_ALGOR_dup(x509->cert_info->key->algor); + CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509); + p7i->cert = x509; - CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509); - p7i->cert=x509; + return 1; - return(1); - } +err: + EVP_PKEY_free(pkey); + return 0; +} -X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si) - { +X509 * +PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si) +{ if (PKCS7_type_is_signed(p7)) return(X509_find_by_issuer_and_serial(p7->d.sign->cert, - si->issuer_and_serial->issuer, - si->issuer_and_serial->serial)); + si->issuer_and_serial->issuer, + si->issuer_and_serial->serial)); else - return(NULL); - } + return (NULL); +} -int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher) - { +int +PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher) +{ int i; - ASN1_OBJECT *objtmp; PKCS7_ENC_CONTENT *ec; - i=OBJ_obj2nid(p7->type); - switch (i) - { + i = OBJ_obj2nid(p7->type); + switch (i) { case NID_pkcs7_signedAndEnveloped: - ec=p7->d.signed_and_enveloped->enc_data; + ec = p7->d.signed_and_enveloped->enc_data; break; case NID_pkcs7_enveloped: - ec=p7->d.enveloped->enc_data; + ec = p7->d.enveloped->enc_data; break; default: - PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_WRONG_CONTENT_TYPE); - return(0); - } + PKCS7error(PKCS7_R_WRONG_CONTENT_TYPE); + return (0); + } /* Check cipher OID exists and has data in it*/ i = EVP_CIPHER_type(cipher); - if(i == NID_undef) { - PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); - return(0); + if (i == NID_undef) { + PKCS7error(PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); + return (0); } - objtmp = OBJ_nid2obj(i); ec->cipher = cipher; return 1; +} + +int +PKCS7_stream(unsigned char ***boundary, PKCS7 *p7) +{ + ASN1_OCTET_STRING *os = NULL; + + switch (OBJ_obj2nid(p7->type)) { + case NID_pkcs7_data: + os = p7->d.data; + break; + + case NID_pkcs7_signedAndEnveloped: + os = p7->d.signed_and_enveloped->enc_data->enc_data; + if (os == NULL) { + os = ASN1_OCTET_STRING_new(); + p7->d.signed_and_enveloped->enc_data->enc_data = os; + } + break; + + case NID_pkcs7_enveloped: + os = p7->d.enveloped->enc_data->enc_data; + if (os == NULL) { + os = ASN1_OCTET_STRING_new(); + p7->d.enveloped->enc_data->enc_data = os; + } + break; + + case NID_pkcs7_signed: + os = p7->d.sign->contents->d.data; + break; + + default: + os = NULL; + break; } + if (os == NULL) + return 0; + + os->flags |= ASN1_STRING_FLAG_NDEF; + *boundary = &os->data; + + return 1; +} diff --git a/src/lib/libcrypto/pkcs7/pk7_mime.c b/src/lib/libcrypto/pkcs7/pk7_mime.c index 086d3942701..fad331bf165 100644 --- a/src/lib/libcrypto/pkcs7/pk7_mime.c +++ b/src/lib/libcrypto/pkcs7/pk7_mime.c @@ -1,16 +1,16 @@ -/* pk7_mime.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 1999. +/* $OpenBSD: pk7_mime.c,v 1.13 2016/12/30 15:38:13 jsing Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -50,636 +50,49 @@ * OF THE POSSIBILITY OF SUCH DAMAGE. * ==================================================================== * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * */ -#include #include -#include "cryptlib.h" -#include -#include - -/* MIME and related routines */ - -/* MIME format structures - * Note that all are translated to lower case apart from - * parameter values. Quotes are stripped off - */ - -typedef struct { -char *param_name; /* Param name e.g. "micalg" */ -char *param_value; /* Param value e.g. "sha1" */ -} MIME_PARAM; - -DECLARE_STACK_OF(MIME_PARAM) -IMPLEMENT_STACK_OF(MIME_PARAM) - -typedef struct { -char *name; /* Name of line e.g. "content-type" */ -char *value; /* Value of line e.g. "text/plain" */ -STACK_OF(MIME_PARAM) *params; /* Zero or more parameters */ -} MIME_HEADER; - -DECLARE_STACK_OF(MIME_HEADER) -IMPLEMENT_STACK_OF(MIME_HEADER) - -static int B64_write_PKCS7(BIO *bio, PKCS7 *p7); -static PKCS7 *B64_read_PKCS7(BIO *bio); -static char * strip_ends(char *name); -static char * strip_start(char *name); -static char * strip_end(char *name); -static MIME_HEADER *mime_hdr_new(char *name, char *value); -static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value); -static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio); -static int mime_hdr_cmp(const MIME_HEADER * const *a, - const MIME_HEADER * const *b); -static int mime_param_cmp(const MIME_PARAM * const *a, - const MIME_PARAM * const *b); -static void mime_param_free(MIME_PARAM *param); -static int mime_bound_check(char *line, int linelen, char *bound, int blen); -static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret); -static int iscrlf(char c); -static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name); -static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name); -static void mime_hdr_free(MIME_HEADER *hdr); - -#define MAX_SMLEN 1024 -#define mime_debug(x) /* x */ - - -typedef void (*stkfree)(); - -/* Base 64 read and write of PKCS#7 structure */ - -static int B64_write_PKCS7(BIO *bio, PKCS7 *p7) -{ - BIO *b64; - if(!(b64 = BIO_new(BIO_f_base64()))) { - PKCS7err(PKCS7_F_B64_WRITE_PKCS7,ERR_R_MALLOC_FAILURE); - return 0; - } - bio = BIO_push(b64, bio); - i2d_PKCS7_bio(bio, p7); - BIO_flush(bio); - bio = BIO_pop(bio); - BIO_free(b64); - return 1; -} - -static PKCS7 *B64_read_PKCS7(BIO *bio) -{ - BIO *b64; - PKCS7 *p7; - if(!(b64 = BIO_new(BIO_f_base64()))) { - PKCS7err(PKCS7_F_B64_READ_PKCS7,ERR_R_MALLOC_FAILURE); - return 0; - } - bio = BIO_push(b64, bio); - if(!(p7 = d2i_PKCS7_bio(bio, NULL))) - PKCS7err(PKCS7_F_B64_READ_PKCS7,PKCS7_R_DECODE_ERROR); - BIO_flush(bio); - bio = BIO_pop(bio); - BIO_free(b64); - return p7; -} - -/* SMIME sender */ - -int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) -{ - char linebuf[MAX_SMLEN]; - char bound[33], c; - int i; - if((flags & PKCS7_DETACHED) && data) { - /* We want multipart/signed */ - /* Generate a random boundary */ - RAND_pseudo_bytes((unsigned char *)bound, 32); - for(i = 0; i < 32; i++) { - c = bound[i] & 0xf; - if(c < 10) c += '0'; - else c += 'A' - 10; - bound[i] = c; - } - bound[32] = 0; - BIO_printf(bio, "MIME-Version: 1.0\n"); - BIO_printf(bio, "Content-Type: multipart/signed;"); - BIO_printf(bio, " protocol=\"application/x-pkcs7-signature\";"); - BIO_printf(bio, " micalg=sha1; boundary=\"----%s\"\n\n", bound); - BIO_printf(bio, "This is an S/MIME signed message\n\n"); - /* Now write out the first part */ - BIO_printf(bio, "------%s\n", bound); - if(flags & PKCS7_TEXT) BIO_printf(bio, "Content-Type: text/plain\n\n"); - while((i = BIO_read(data, linebuf, MAX_SMLEN)) > 0) - BIO_write(bio, linebuf, i); - BIO_printf(bio, "\n------%s\n", bound); - - /* Headers for signature */ - - BIO_printf(bio, "Content-Type: application/x-pkcs7-signature; name=\"smime.p7s\"\n"); - BIO_printf(bio, "Content-Transfer-Encoding: base64\n"); - BIO_printf(bio, "Content-Disposition: attachment; filename=\"smime.p7s\"\n\n"); - B64_write_PKCS7(bio, p7); - BIO_printf(bio,"\n------%s--\n\n", bound); - return 1; - } - /* MIME headers */ - BIO_printf(bio, "MIME-Version: 1.0\n"); - BIO_printf(bio, "Content-Disposition: attachment; filename=\"smime.p7m\"\n"); - BIO_printf(bio, "Content-Type: application/x-pkcs7-mime; name=\"smime.p7m\"\n"); - BIO_printf(bio, "Content-Transfer-Encoding: base64\n\n"); - B64_write_PKCS7(bio, p7); - BIO_printf(bio, "\n"); - return 1; -} - -/* SMIME reader: handle multipart/signed and opaque signing. - * in multipart case the content is placed in a memory BIO - * pointed to by "bcont". In opaque this is set to NULL - */ - -PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont) -{ - BIO *p7in; - STACK_OF(MIME_HEADER) *headers = NULL; - STACK_OF(BIO) *parts = NULL; - MIME_HEADER *hdr; - MIME_PARAM *prm; - PKCS7 *p7; - int ret; - - if(bcont) *bcont = NULL; - - if (!(headers = mime_parse_hdr(bio))) { - PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_MIME_PARSE_ERROR); - return NULL; - } - - if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) { - sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_CONTENT_TYPE); - return NULL; - } - - /* Handle multipart/signed */ - - if(!strcmp(hdr->value, "multipart/signed")) { - /* Split into two parts */ - prm = mime_param_find(hdr, "boundary"); - if(!prm || !prm->param_value) { - sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_MULTIPART_BOUNDARY); - return NULL; - } - ret = multi_split(bio, prm->param_value, &parts); - sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - if(!ret || (sk_BIO_num(parts) != 2) ) { - PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_MULTIPART_BODY_FAILURE); - sk_BIO_pop_free(parts, BIO_vfree); - return NULL; - } - - /* Parse the signature piece */ - p7in = sk_BIO_value(parts, 1); - - if (!(headers = mime_parse_hdr(p7in))) { - PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_MIME_SIG_PARSE_ERROR); - sk_BIO_pop_free(parts, BIO_vfree); - return NULL; - } - - /* Get content type */ - - if(!(hdr = mime_hdr_find(headers, "content-type")) || - !hdr->value) { - sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_SIG_CONTENT_TYPE); - return NULL; - } - - if(strcmp(hdr->value, "application/x-pkcs7-signature") && - strcmp(hdr->value, "application/pkcs7-signature")) { - sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_SIG_INVALID_MIME_TYPE); - ERR_add_error_data(2, "type: ", hdr->value); - sk_BIO_pop_free(parts, BIO_vfree); - return NULL; - } - sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - /* Read in PKCS#7 */ - if(!(p7 = B64_read_PKCS7(p7in))) { - PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_PKCS7_SIG_PARSE_ERROR); - sk_BIO_pop_free(parts, BIO_vfree); - return NULL; - } - - if(bcont) { - *bcont = sk_BIO_value(parts, 0); - BIO_free(p7in); - sk_BIO_free(parts); - } else sk_BIO_pop_free(parts, BIO_vfree); - return p7; - } - - /* OK, if not multipart/signed try opaque signature */ - - if (strcmp (hdr->value, "application/x-pkcs7-mime") && - strcmp (hdr->value, "application/pkcs7-mime")) { - PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_INVALID_MIME_TYPE); - ERR_add_error_data(2, "type: ", hdr->value); - sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - return NULL; - } - - sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - - if(!(p7 = B64_read_PKCS7(bio))) { - PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_PKCS7_PARSE_ERROR); - return NULL; - } - return p7; - -} - -/* Copy text from one BIO to another making the output CRLF at EOL */ -int SMIME_crlf_copy(BIO *in, BIO *out, int flags) -{ - char eol; - int len; - char linebuf[MAX_SMLEN]; - if(flags & PKCS7_BINARY) { - while((len = BIO_read(in, linebuf, MAX_SMLEN)) > 0) - BIO_write(out, linebuf, len); - return 1; - } - if(flags & PKCS7_TEXT) BIO_printf(out, "Content-Type: text/plain\r\n\r\n"); - while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) { - eol = 0; - while(iscrlf(linebuf[len - 1])) { - len--; - eol = 1; - } - BIO_write(out, linebuf, len); - if(eol) BIO_write(out, "\r\n", 2); - } - return 1; -} - -/* Strip off headers if they are text/plain */ -int SMIME_text(BIO *in, BIO *out) -{ - char iobuf[4096]; - int len; - STACK_OF(MIME_HEADER) *headers; - MIME_HEADER *hdr; - - if (!(headers = mime_parse_hdr(in))) { - PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_MIME_PARSE_ERROR); - return 0; - } - if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) { - PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_MIME_NO_CONTENT_TYPE); - sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - return 0; - } - if (strcmp (hdr->value, "text/plain")) { - PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_INVALID_MIME_TYPE); - ERR_add_error_data(2, "type: ", hdr->value); - sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - return 0; - } - sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0) - BIO_write(out, iobuf, len); - return 1; -} - -/* Split a multipart/XXX message body into component parts: result is - * canonical parts in a STACK of bios - */ - -static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret) -{ - char linebuf[MAX_SMLEN]; - int len, blen; - BIO *bpart = NULL; - STACK_OF(BIO) *parts; - char state, part, first; - - blen = strlen(bound); - part = 0; - state = 0; - first = 1; - parts = sk_BIO_new_null(); - *ret = parts; - while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) { - state = mime_bound_check(linebuf, len, bound, blen); - if(state == 1) { - first = 1; - part++; - } else if(state == 2) { - sk_BIO_push(parts, bpart); - return 1; - } else if(part) { - if(first) { - first = 0; - if(bpart) sk_BIO_push(parts, bpart); - bpart = BIO_new(BIO_s_mem()); - - } else BIO_write(bpart, "\r\n", 2); - /* Strip CR+LF from linebuf */ - while(iscrlf(linebuf[len - 1])) len--; - BIO_write(bpart, linebuf, len); - } - } - return 0; -} - -static int iscrlf(char c) -{ - if(c == '\r' || c == '\n') return 1; - return 0; -} - -/* This is the big one: parse MIME header lines up to message body */ - -#define MIME_INVALID 0 -#define MIME_START 1 -#define MIME_TYPE 2 -#define MIME_NAME 3 -#define MIME_VALUE 4 -#define MIME_QUOTE 5 -#define MIME_COMMENT 6 - - -static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio) -{ - char *p, *q, c; - char *ntmp; - char linebuf[MAX_SMLEN]; - MIME_HEADER *mhdr = NULL; - STACK_OF(MIME_HEADER) *headers; - int len, state, save_state = 0; - - headers = sk_MIME_HEADER_new(mime_hdr_cmp); - while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) { - /* If whitespace at line start then continuation line */ - if(mhdr && isspace((unsigned char)linebuf[0])) state = MIME_NAME; - else state = MIME_START; - ntmp = NULL; - /* Go through all characters */ - for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) { - - /* State machine to handle MIME headers - * if this looks horrible that's because it *is* - */ - - switch(state) { - case MIME_START: - if(c == ':') { - state = MIME_TYPE; - *p = 0; - ntmp = strip_ends(q); - q = p + 1; - } - break; - - case MIME_TYPE: - if(c == ';') { - mime_debug("Found End Value\n"); - *p = 0; - mhdr = mime_hdr_new(ntmp, strip_ends(q)); - sk_MIME_HEADER_push(headers, mhdr); - ntmp = NULL; - q = p + 1; - state = MIME_NAME; - } else if(c == '(') { - save_state = state; - state = MIME_COMMENT; - } - break; - - case MIME_COMMENT: - if(c == ')') { - state = save_state; - } - break; - - case MIME_NAME: - if(c == '=') { - state = MIME_VALUE; - *p = 0; - ntmp = strip_ends(q); - q = p + 1; - } - break ; - - case MIME_VALUE: - if(c == ';') { - state = MIME_NAME; - *p = 0; - mime_hdr_addparam(mhdr, ntmp, strip_ends(q)); - ntmp = NULL; - q = p + 1; - } else if (c == '"') { - mime_debug("Found Quote\n"); - state = MIME_QUOTE; - } else if(c == '(') { - save_state = state; - state = MIME_COMMENT; - } - break; - - case MIME_QUOTE: - if(c == '"') { - mime_debug("Found Match Quote\n"); - state = MIME_VALUE; - } - break; - } - } - - if(state == MIME_TYPE) { - mhdr = mime_hdr_new(ntmp, strip_ends(q)); - sk_MIME_HEADER_push(headers, mhdr); - } else if(state == MIME_VALUE) - mime_hdr_addparam(mhdr, ntmp, strip_ends(q)); - if(p == linebuf) break; /* Blank line means end of headers */ -} +#include -return headers; +#include +#include -} +/* PKCS#7 wrappers round generalised stream and MIME routines */ -static char *strip_ends(char *name) +int +i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *in, int flags) { - return strip_end(strip_start(name)); + return i2d_ASN1_bio_stream(out, (ASN1_VALUE *)p7, in, flags, + &PKCS7_it); } -/* Strip a parameter of whitespace from start of param */ -static char *strip_start(char *name) +int +PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *in, int flags) { - char *p, c; - /* Look for first non white space or quote */ - for(p = name; (c = *p) ;p++) { - if(c == '"') { - /* Next char is start of string if non null */ - if(p[1]) return p + 1; - /* Else null string */ - return NULL; - } - if(!isspace((unsigned char)c)) return p; - } - return NULL; + return PEM_write_bio_ASN1_stream(out, (ASN1_VALUE *) p7, in, flags, + "PKCS7", &PKCS7_it); } -/* As above but strip from end of string : maybe should handle brackets? */ -static char *strip_end(char *name) +int +SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) { - char *p, c; - if(!name) return NULL; - /* Look for first non white space or quote */ - for(p = name + strlen(name) - 1; p >= name ;p--) { - c = *p; - if(c == '"') { - if(p - 1 == name) return NULL; - *p = 0; - return name; - } - if(isspace((unsigned char)c)) *p = 0; - else return name; - } - return NULL; -} + STACK_OF(X509_ALGOR) *mdalgs; + int ctype_nid = OBJ_obj2nid(p7->type); + if (ctype_nid == NID_pkcs7_signed) + mdalgs = p7->d.sign->md_algs; + else + mdalgs = NULL; -static MIME_HEADER *mime_hdr_new(char *name, char *value) -{ - MIME_HEADER *mhdr; - char *tmpname, *tmpval, *p; - int c; - if(name) { - if(!(tmpname = BUF_strdup(name))) return NULL; - for(p = tmpname ; *p; p++) { - c = *p; - if(isupper(c)) { - c = tolower(c); - *p = c; - } - } - } else tmpname = NULL; - if(value) { - if(!(tmpval = BUF_strdup(value))) return NULL; - for(p = tmpval ; *p; p++) { - c = *p; - if(isupper(c)) { - c = tolower(c); - *p = c; - } - } - } else tmpval = NULL; - mhdr = (MIME_HEADER *) OPENSSL_malloc(sizeof(MIME_HEADER)); - if(!mhdr) return NULL; - mhdr->name = tmpname; - mhdr->value = tmpval; - if(!(mhdr->params = sk_MIME_PARAM_new(mime_param_cmp))) return NULL; - return mhdr; -} - -static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value) -{ - char *tmpname, *tmpval, *p; - int c; - MIME_PARAM *mparam; - if(name) { - tmpname = BUF_strdup(name); - if(!tmpname) return 0; - for(p = tmpname ; *p; p++) { - c = *p; - if(isupper(c)) { - c = tolower(c); - *p = c; - } - } - } else tmpname = NULL; - if(value) { - tmpval = BUF_strdup(value); - if(!tmpval) return 0; - } else tmpval = NULL; - /* Parameter values are case sensitive so leave as is */ - mparam = (MIME_PARAM *) OPENSSL_malloc(sizeof(MIME_PARAM)); - if(!mparam) return 0; - mparam->param_name = tmpname; - mparam->param_value = tmpval; - sk_MIME_PARAM_push(mhdr->params, mparam); - return 1; -} + flags ^= SMIME_OLDMIME; -static int mime_hdr_cmp(const MIME_HEADER * const *a, - const MIME_HEADER * const *b) -{ - return(strcmp((*a)->name, (*b)->name)); -} -static int mime_param_cmp(const MIME_PARAM * const *a, - const MIME_PARAM * const *b) -{ - return(strcmp((*a)->param_name, (*b)->param_name)); + return SMIME_write_ASN1(bio, (ASN1_VALUE *)p7, data, flags, + ctype_nid, NID_undef, mdalgs, &PKCS7_it); } -/* Find a header with a given name (if possible) */ - -static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name) -{ - MIME_HEADER htmp; - int idx; - htmp.name = name; - idx = sk_MIME_HEADER_find(hdrs, &htmp); - if(idx < 0) return NULL; - return sk_MIME_HEADER_value(hdrs, idx); -} - -static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name) -{ - MIME_PARAM param; - int idx; - param.param_name = name; - idx = sk_MIME_PARAM_find(hdr->params, ¶m); - if(idx < 0) return NULL; - return sk_MIME_PARAM_value(hdr->params, idx); -} - -static void mime_hdr_free(MIME_HEADER *hdr) -{ - if(hdr->name) OPENSSL_free(hdr->name); - if(hdr->value) OPENSSL_free(hdr->value); - if(hdr->params) sk_MIME_PARAM_pop_free(hdr->params, mime_param_free); - OPENSSL_free(hdr); -} - -static void mime_param_free(MIME_PARAM *param) -{ - if(param->param_name) OPENSSL_free(param->param_name); - if(param->param_value) OPENSSL_free(param->param_value); - OPENSSL_free(param); -} - -/* Check for a multipart boundary. Returns: - * 0 : no boundary - * 1 : part boundary - * 2 : final boundary - */ -static int mime_bound_check(char *line, int linelen, char *bound, int blen) +PKCS7 * +SMIME_read_PKCS7(BIO *bio, BIO **bcont) { - if(linelen == -1) linelen = strlen(line); - if(blen == -1) blen = strlen(bound); - /* Quickly eliminate if line length too short */ - if(blen + 2 > linelen) return 0; - /* Check for part boundary */ - if(!strncmp(line, "--", 2) && !strncmp(line + 2, bound, blen)) { - if(!strncmp(line + blen + 2, "--", 2)) return 2; - else return 1; - } - return 0; + return (PKCS7 *)SMIME_read_ASN1(bio, bcont, &PKCS7_it); } diff --git a/src/lib/libcrypto/pkcs7/pk7_smime.c b/src/lib/libcrypto/pkcs7/pk7_smime.c index f0d071e2824..bf9f2dd82a4 100644 --- a/src/lib/libcrypto/pkcs7/pk7_smime.c +++ b/src/lib/libcrypto/pkcs7/pk7_smime.c @@ -1,16 +1,16 @@ -/* pk7_smime.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 1999. +/* $OpenBSD: pk7_smime.c,v 1.22 2017/01/29 17:49:23 beck Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -59,93 +59,204 @@ /* Simple PKCS#7 processing functions */ #include -#include "cryptlib.h" + +#include #include #include -PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, - BIO *data, int flags) +static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si); + +PKCS7 * +PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, + int flags) { PKCS7 *p7; - PKCS7_SIGNER_INFO *si; - BIO *p7bio; - STACK_OF(X509_ALGOR) *smcap; int i; - if(!X509_check_private_key(signcert, pkey)) { - PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); - return NULL; + if (!(p7 = PKCS7_new())) { + PKCS7error(ERR_R_MALLOC_FAILURE); + return NULL; } - if(!(p7 = PKCS7_new())) { - PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE); - return NULL; + if (!PKCS7_set_type(p7, NID_pkcs7_signed)) + goto err; + + if (!PKCS7_content_new(p7, NID_pkcs7_data)) + goto err; + + if (pkey && !PKCS7_sign_add_signer(p7, signcert, pkey, NULL, flags)) { + PKCS7error(PKCS7_R_PKCS7_ADD_SIGNER_ERROR); + goto err; } - PKCS7_set_type(p7, NID_pkcs7_signed); + if (!(flags & PKCS7_NOCERTS)) { + for (i = 0; i < sk_X509_num(certs); i++) { + if (!PKCS7_add_certificate(p7, sk_X509_value(certs, i))) + goto err; + } + } - PKCS7_content_new(p7, NID_pkcs7_data); + if (flags & PKCS7_DETACHED) + PKCS7_set_detached(p7, 1); - if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha1()))) { - PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR); - return NULL; + if (flags & (PKCS7_STREAM|PKCS7_PARTIAL)) + return p7; + + if (PKCS7_final(p7, data, flags)) + return p7; + +err: + PKCS7_free(p7); + return NULL; +} + +int +PKCS7_final(PKCS7 *p7, BIO *data, int flags) +{ + BIO *p7bio; + int ret = 0; + + if (!(p7bio = PKCS7_dataInit(p7, NULL))) { + PKCS7error(ERR_R_MALLOC_FAILURE); + return 0; } - if(!(flags & PKCS7_NOCERTS)) { - PKCS7_add_certificate(p7, signcert); - if(certs) for(i = 0; i < sk_X509_num(certs); i++) - PKCS7_add_certificate(p7, sk_X509_value(certs, i)); + SMIME_crlf_copy(data, p7bio, flags); + + (void)BIO_flush(p7bio); + + if (!PKCS7_dataFinal(p7, p7bio)) { + PKCS7error(PKCS7_R_PKCS7_DATASIGN); + goto err; } - if(!(p7bio = PKCS7_dataInit(p7, NULL))) { - PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE); + ret = 1; + +err: + BIO_free_all(p7bio); + + return ret; +} + +/* Check to see if a cipher exists and if so add S/MIME capabilities */ + +static int +add_cipher_smcap(STACK_OF(X509_ALGOR) *sk, int nid, int arg) +{ + if (EVP_get_cipherbynid(nid)) + return PKCS7_simple_smimecap(sk, nid, arg); + return 1; +} + +static int +add_digest_smcap(STACK_OF(X509_ALGOR) *sk, int nid, int arg) +{ + if (EVP_get_digestbynid(nid)) + return PKCS7_simple_smimecap(sk, nid, arg); + return 1; +} + +PKCS7_SIGNER_INFO * +PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, EVP_PKEY *pkey, + const EVP_MD *md, int flags) +{ + PKCS7_SIGNER_INFO *si = NULL; + STACK_OF(X509_ALGOR) *smcap = NULL; + + if (!X509_check_private_key(signcert, pkey)) { + PKCS7error(PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); return NULL; } + if (!(si = PKCS7_add_signature(p7, signcert, pkey, md))) { + PKCS7error(PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR); + return NULL; + } - SMIME_crlf_copy(data, p7bio, flags); + if (!(flags & PKCS7_NOCERTS)) { + if (!PKCS7_add_certificate(p7, signcert)) + goto err; + } - if(!(flags & PKCS7_NOATTR)) { - PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, - V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data)); + if (!(flags & PKCS7_NOATTR)) { + if (!PKCS7_add_attrib_content_type(si, NULL)) + goto err; /* Add SMIMECapabilities */ - if(!(flags & PKCS7_NOSMIMECAP)) - { - if(!(smcap = sk_X509_ALGOR_new_null())) { - PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE); - return NULL; + if (!(flags & PKCS7_NOSMIMECAP)) { + if (!(smcap = sk_X509_ALGOR_new_null())) { + PKCS7error(ERR_R_MALLOC_FAILURE); + goto err; + } + if (!add_cipher_smcap(smcap, NID_aes_256_cbc, -1) || + !add_digest_smcap(smcap, NID_id_GostR3411_94, -1) || + !add_digest_smcap(smcap, NID_id_tc26_gost3411_2012_256, -1) || + !add_digest_smcap(smcap, NID_id_tc26_gost3411_2012_512, -1) || + !add_cipher_smcap(smcap, NID_id_Gost28147_89, -1) || + !add_cipher_smcap(smcap, NID_aes_192_cbc, -1) || + !add_cipher_smcap(smcap, NID_aes_128_cbc, -1) || + !add_cipher_smcap(smcap, NID_des_ede3_cbc, -1) || + !add_cipher_smcap(smcap, NID_rc2_cbc, 128) || + !add_cipher_smcap(smcap, NID_rc2_cbc, 64) || + !add_cipher_smcap(smcap, NID_des_cbc, -1) || + !add_cipher_smcap(smcap, NID_rc2_cbc, 40) || + !PKCS7_add_attrib_smimecap(si, smcap)) + goto err; + sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); + smcap = NULL; } -#ifndef OPENSSL_NO_DES - PKCS7_simple_smimecap (smcap, NID_des_ede3_cbc, -1); -#endif -#ifndef OPENSSL_NO_RC2 - PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 128); - PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 64); -#endif -#ifndef OPENSSL_NO_DES - PKCS7_simple_smimecap (smcap, NID_des_cbc, -1); -#endif -#ifndef OPENSSL_NO_RC2 - PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 40); -#endif - PKCS7_add_attrib_smimecap (si, smcap); - sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); + if (flags & PKCS7_REUSE_DIGEST) { + if (!pkcs7_copy_existing_digest(p7, si)) + goto err; + if (!(flags & PKCS7_PARTIAL) && + !PKCS7_SIGNER_INFO_sign(si)) + goto err; } } + return si; - if(flags & PKCS7_DETACHED)PKCS7_set_detached(p7, 1); +err: + if (smcap) + sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); + return NULL; +} + +/* Search for a digest matching SignerInfo digest type and if found + * copy across. + */ + +static int +pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si) +{ + int i; + STACK_OF(PKCS7_SIGNER_INFO) *sinfos; + PKCS7_SIGNER_INFO *sitmp; + ASN1_OCTET_STRING *osdig = NULL; + + sinfos = PKCS7_get_signer_info(p7); + for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) { + sitmp = sk_PKCS7_SIGNER_INFO_value(sinfos, i); + if (si == sitmp) + break; + if (sk_X509_ATTRIBUTE_num(sitmp->auth_attr) <= 0) + continue; + if (!OBJ_cmp(si->digest_alg->algorithm, + sitmp->digest_alg->algorithm)) { + osdig = PKCS7_digest_from_attributes(sitmp->auth_attr); + break; + } - if (!PKCS7_dataFinal(p7,p7bio)) { - PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_DATASIGN); - return NULL; } - BIO_free_all(p7bio); - return p7; + if (osdig) + return PKCS7_add1_attrib_digest(si, osdig->data, osdig->length); + + PKCS7error(PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND); + return 0; } -int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, - BIO *indata, BIO *out, int flags) +int +PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, + BIO *out, int flags) { STACK_OF(X509) *signers; X509 *signer; @@ -153,101 +264,133 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, PKCS7_SIGNER_INFO *si; X509_STORE_CTX cert_ctx; char buf[4096]; - int i, j=0, k, ret = 0; + int i, j = 0, k, ret = 0; BIO *p7bio; - BIO *tmpout; + BIO *tmpin, *tmpout; - if(!p7) { - PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_INVALID_NULL_POINTER); + if (!p7) { + PKCS7error(PKCS7_R_INVALID_NULL_POINTER); return 0; } - if(!PKCS7_type_is_signed(p7)) { - PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_WRONG_CONTENT_TYPE); + if (!PKCS7_type_is_signed(p7)) { + PKCS7error(PKCS7_R_WRONG_CONTENT_TYPE); return 0; } /* Check for no data and no content: no data to verify signature */ - if(PKCS7_get_detached(p7) && !indata) { - PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_CONTENT); + if (PKCS7_get_detached(p7) && !indata) { + PKCS7error(PKCS7_R_NO_CONTENT); return 0; } -#if 0 - /* NB: this test commented out because some versions of Netscape - * illegally include zero length content when signing data. - */ + /* + * Very old Netscape illegally included empty content with + * a detached signature. Very old users should upgrade. + */ /* Check for data and content: two sets of data */ - if(!PKCS7_get_detached(p7) && indata) { - PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CONTENT_AND_DATA_PRESENT); + if (!PKCS7_get_detached(p7) && indata) { + PKCS7error(PKCS7_R_CONTENT_AND_DATA_PRESENT); return 0; } -#endif sinfos = PKCS7_get_signer_info(p7); - if(!sinfos || !sk_PKCS7_SIGNER_INFO_num(sinfos)) { - PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_SIGNATURES_ON_DATA); + if (!sinfos || !sk_PKCS7_SIGNER_INFO_num(sinfos)) { + PKCS7error(PKCS7_R_NO_SIGNATURES_ON_DATA); return 0; } signers = PKCS7_get0_signers(p7, certs, flags); - if(!signers) return 0; + if (!signers) + return 0; /* Now verify the certificates */ - if (!(flags & PKCS7_NOVERIFY)) for (k = 0; k < sk_X509_num(signers); k++) { - signer = sk_X509_value (signers, k); - if (!(flags & PKCS7_NOCHAIN)) { - if(!X509_STORE_CTX_init(&cert_ctx, store, signer, - p7->d.sign->cert)) - { - PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB); + if (!(flags & PKCS7_NOVERIFY)) + for (k = 0; k < sk_X509_num(signers); k++) { + signer = sk_X509_value (signers, k); + if (!(flags & PKCS7_NOCHAIN)) { + if (!X509_STORE_CTX_init(&cert_ctx, store, + signer, p7->d.sign->cert)) { + PKCS7error(ERR_R_X509_LIB); + sk_X509_free(signers); + return 0; + } + if (X509_STORE_CTX_set_default(&cert_ctx, + "smime_sign") == 0) { + sk_X509_free(signers); + return 0; + } + } else if (!X509_STORE_CTX_init(&cert_ctx, store, + signer, NULL)) { + PKCS7error(ERR_R_X509_LIB); sk_X509_free(signers); return 0; - } - X509_STORE_CTX_set_purpose(&cert_ctx, - X509_PURPOSE_SMIME_SIGN); - } else if(!X509_STORE_CTX_init (&cert_ctx, store, signer, NULL)) { - PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB); - sk_X509_free(signers); - return 0; + } + if (!(flags & PKCS7_NOCRL)) + X509_STORE_CTX_set0_crls(&cert_ctx, p7->d.sign->crl); + i = X509_verify_cert(&cert_ctx); + if (i <= 0) + j = X509_STORE_CTX_get_error(&cert_ctx); + X509_STORE_CTX_cleanup(&cert_ctx); + if (i <= 0) { + PKCS7error(PKCS7_R_CERTIFICATE_VERIFY_ERROR); + ERR_asprintf_error_data("Verify error:%s", + X509_verify_cert_error_string(j)); + sk_X509_free(signers); + return 0; + } + /* Check for revocation status here */ } - i = X509_verify_cert(&cert_ctx); - if (i <= 0) j = X509_STORE_CTX_get_error(&cert_ctx); - X509_STORE_CTX_cleanup(&cert_ctx); - if (i <= 0) { - PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CERTIFICATE_VERIFY_ERROR); - ERR_add_error_data(2, "Verify error:", - X509_verify_cert_error_string(j)); - sk_X509_free(signers); + + /* + * Performance optimization: if the content is a memory BIO then + * store its contents in a temporary read only memory BIO. This + * avoids potentially large numbers of slow copies of data which will + * occur when reading from a read write memory BIO when signatures + * are calculated. + */ + if (indata && (BIO_method_type(indata) == BIO_TYPE_MEM)) { + char *ptr; + long len; + + len = BIO_get_mem_data(indata, &ptr); + tmpin = BIO_new_mem_buf(ptr, len); + if (tmpin == NULL) { + PKCS7error(ERR_R_MALLOC_FAILURE); return 0; } - /* Check for revocation status here */ - } + } else + tmpin = indata; - p7bio=PKCS7_dataInit(p7,indata); - if(flags & PKCS7_TEXT) { - if(!(tmpout = BIO_new(BIO_s_mem()))) { - PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE); + if (!(p7bio = PKCS7_dataInit(p7, tmpin))) + goto err; + + if (flags & PKCS7_TEXT) { + if (!(tmpout = BIO_new(BIO_s_mem()))) { + PKCS7error(ERR_R_MALLOC_FAILURE); goto err; } - } else tmpout = out; + BIO_set_mem_eof_return(tmpout, 0); + } else + tmpout = out; /* We now have to 'read' from p7bio to calculate digests etc. */ - for (;;) - { - i=BIO_read(p7bio,buf,sizeof(buf)); - if (i <= 0) break; - if (tmpout) BIO_write(tmpout, buf, i); + for (;;) { + i = BIO_read(p7bio, buf, sizeof(buf)); + if (i <= 0) + break; + if (tmpout) + BIO_write(tmpout, buf, i); } - if(flags & PKCS7_TEXT) { - if(!SMIME_text(tmpout, out)) { - PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_SMIME_TEXT_ERROR); + if (flags & PKCS7_TEXT) { + if (!SMIME_text(tmpout, out)) { + PKCS7error(PKCS7_R_SMIME_TEXT_ERROR); BIO_free(tmpout); goto err; } @@ -256,29 +399,31 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, /* Now Verify All Signatures */ if (!(flags & PKCS7_NOSIGS)) - for (i=0; iissuer_and_serial; - signer = NULL; + if (!(signers = sk_X509_new_null())) { + PKCS7error(ERR_R_MALLOC_FAILURE); + return NULL; + } + + for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) { + si = sk_PKCS7_SIGNER_INFO_value(sinfos, i); + ias = si->issuer_and_serial; + signer = NULL; /* If any certificates passed they take priority */ - if (certs) signer = X509_find_by_issuer_and_serial (certs, - ias->issuer, ias->serial); - if (!signer && !(flags & PKCS7_NOINTERN) - && p7->d.sign->cert) signer = - X509_find_by_issuer_and_serial (p7->d.sign->cert, - ias->issuer, ias->serial); - if (!signer) { - PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND); + if (certs) + signer = X509_find_by_issuer_and_serial (certs, + ias->issuer, ias->serial); + if (!signer && !(flags & PKCS7_NOINTERN) && p7->d.sign->cert) + signer = + X509_find_by_issuer_and_serial(p7->d.sign->cert, + ias->issuer, ias->serial); + if (!signer) { + PKCS7error(PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND); sk_X509_free(signers); return 0; - } + } - sk_X509_push(signers, signer); + if (!sk_X509_push(signers, signer)) { + sk_X509_free(signers); + return NULL; + } } return signers; } - /* Build a complete PKCS#7 enveloped data */ -PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, - int flags) +PKCS7 * +PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, + int flags) { PKCS7 *p7; BIO *p7bio = NULL; int i; X509 *x509; - if(!(p7 = PKCS7_new())) { - PKCS7err(PKCS7_F_PKCS7_ENCRYPT,ERR_R_MALLOC_FAILURE); + + if (!(p7 = PKCS7_new())) { + PKCS7error(ERR_R_MALLOC_FAILURE); return NULL; } - PKCS7_set_type(p7, NID_pkcs7_enveloped); - if(!PKCS7_set_cipher(p7, cipher)) { - PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_ERROR_SETTING_CIPHER); + if (!PKCS7_set_type(p7, NID_pkcs7_enveloped)) + goto err; + if (!PKCS7_set_cipher(p7, cipher)) { + PKCS7error(PKCS7_R_ERROR_SETTING_CIPHER); goto err; } - for(i = 0; i < sk_X509_num(certs); i++) { + for (i = 0; i < sk_X509_num(certs); i++) { x509 = sk_X509_value(certs, i); - if(!PKCS7_add_recipient(p7, x509)) { - PKCS7err(PKCS7_F_PKCS7_ENCRYPT, - PKCS7_R_ERROR_ADDING_RECIPIENT); + if (!PKCS7_add_recipient(p7, x509)) { + PKCS7error(PKCS7_R_ERROR_ADDING_RECIPIENT); goto err; } } - if(!(p7bio = PKCS7_dataInit(p7, NULL))) { - PKCS7err(PKCS7_F_PKCS7_ENCRYPT,ERR_R_MALLOC_FAILURE); - goto err; - } - - SMIME_crlf_copy(in, p7bio, flags); - - BIO_flush(p7bio); - - if (!PKCS7_dataFinal(p7,p7bio)) { - PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_PKCS7_DATAFINAL_ERROR); - goto err; - } - BIO_free_all(p7bio); + if (flags & PKCS7_STREAM) + return p7; - return p7; + if (PKCS7_final(p7, in, flags)) + return p7; - err: - - BIO_free(p7bio); +err: + BIO_free_all(p7bio); PKCS7_free(p7); return NULL; - } -int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags) +int +PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags) { BIO *tmpmem; int ret, i; char buf[4096]; - if(!p7) { - PKCS7err(PKCS7_F_PKCS7_DECRYPT,PKCS7_R_INVALID_NULL_POINTER); + if (!p7) { + PKCS7error(PKCS7_R_INVALID_NULL_POINTER); return 0; } - if(!PKCS7_type_is_enveloped(p7)) { - PKCS7err(PKCS7_F_PKCS7_DECRYPT,PKCS7_R_WRONG_CONTENT_TYPE); + if (!PKCS7_type_is_enveloped(p7)) { + PKCS7error(PKCS7_R_WRONG_CONTENT_TYPE); return 0; } - if(!X509_check_private_key(cert, pkey)) { - PKCS7err(PKCS7_F_PKCS7_DECRYPT, - PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); + if (cert && !X509_check_private_key(cert, pkey)) { + PKCS7error(PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); return 0; } - if(!(tmpmem = PKCS7_dataDecode(p7, pkey, NULL, cert))) { - PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_DECRYPT_ERROR); + if (!(tmpmem = PKCS7_dataDecode(p7, pkey, NULL, cert))) { + PKCS7error(PKCS7_R_DECRYPT_ERROR); return 0; } if (flags & PKCS7_TEXT) { - BIO *tmpbuf, *bread; + BIO *tmpbuf; + /* Encrypt BIOs can't do BIO_gets() so add a buffer BIO */ - if(!(tmpbuf = BIO_new(BIO_f_buffer()))) { - PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE); + if (!(tmpbuf = BIO_new(BIO_f_buffer()))) { + PKCS7error(ERR_R_MALLOC_FAILURE); + BIO_free_all(tmpmem); return 0; } - if(!(bread = BIO_push(tmpbuf, tmpmem))) { - PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE); - return 0; + BIO_push(tmpbuf, tmpmem); + ret = SMIME_text(tmpbuf, data); + if (ret > 0 && BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) { + if (!BIO_get_cipher_status(tmpmem)) + ret = 0; } - ret = SMIME_text(bread, data); - BIO_free_all(bread); + BIO_free_all(tmpbuf); return ret; } else { - for(;;) { + for (;;) { i = BIO_read(tmpmem, buf, sizeof(buf)); - if(i <= 0) break; - BIO_write(data, buf, i); + if (i <= 0) { + ret = 1; + if (BIO_method_type(tmpmem) == + BIO_TYPE_CIPHER) { + if (!BIO_get_cipher_status(tmpmem)) + ret = 0; + } + break; + } + if (BIO_write(data, buf, i) != i) { + ret = 0; + break; + } } BIO_free_all(tmpmem); - return 1; + return ret; } } diff --git a/src/lib/libcrypto/pkcs7/pkcs7.h b/src/lib/libcrypto/pkcs7/pkcs7.h index 5819700a850..520cc3c519b 100644 --- a/src/lib/libcrypto/pkcs7/pkcs7.h +++ b/src/lib/libcrypto/pkcs7/pkcs7.h @@ -1,25 +1,25 @@ -/* crypto/pkcs7/pkcs7.h */ +/* $OpenBSD: pkcs7.h,v 1.18 2016/12/27 16:12:47 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -59,23 +59,16 @@ #ifndef HEADER_PKCS7_H #define HEADER_PKCS7_H +#include + #include #include -#include - -#include #include #ifdef __cplusplus extern "C" { #endif -#ifdef OPENSSL_SYS_WIN32 -/* Under Win32 thes are defined in wincrypt.h */ -#undef PKCS7_ISSUER_AND_SERIAL -#undef PKCS7_SIGNER_INFO -#endif - /* Encryption_ID DES-CBC Digest_ID MD5 @@ -83,14 +76,12 @@ Digest_Encryption_ID rsaEncryption Key_Encryption_ID rsaEncryption */ -typedef struct pkcs7_issuer_and_serial_st - { +typedef struct pkcs7_issuer_and_serial_st { X509_NAME *issuer; ASN1_INTEGER *serial; - } PKCS7_ISSUER_AND_SERIAL; +} PKCS7_ISSUER_AND_SERIAL; -typedef struct pkcs7_signer_info_st - { +typedef struct pkcs7_signer_info_st { ASN1_INTEGER *version; /* version 1 */ PKCS7_ISSUER_AND_SERIAL *issuer_and_serial; X509_ALGOR *digest_alg; @@ -101,25 +92,21 @@ typedef struct pkcs7_signer_info_st /* The private key to sign with */ EVP_PKEY *pkey; - } PKCS7_SIGNER_INFO; +} PKCS7_SIGNER_INFO; DECLARE_STACK_OF(PKCS7_SIGNER_INFO) -DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO) -typedef struct pkcs7_recip_info_st - { +typedef struct pkcs7_recip_info_st { ASN1_INTEGER *version; /* version 0 */ PKCS7_ISSUER_AND_SERIAL *issuer_and_serial; X509_ALGOR *key_enc_algor; ASN1_OCTET_STRING *enc_key; X509 *cert; /* get the pub-key from this */ - } PKCS7_RECIP_INFO; +} PKCS7_RECIP_INFO; DECLARE_STACK_OF(PKCS7_RECIP_INFO) -DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO) -typedef struct pkcs7_signed_st - { +typedef struct pkcs7_signed_st { ASN1_INTEGER *version; /* version 1 */ STACK_OF(X509_ALGOR) *md_algs; /* md used */ STACK_OF(X509) *cert; /* [ 0 ] */ @@ -127,27 +114,24 @@ typedef struct pkcs7_signed_st STACK_OF(PKCS7_SIGNER_INFO) *signer_info; struct pkcs7_st *contents; - } PKCS7_SIGNED; +} PKCS7_SIGNED; /* The above structure is very very similar to PKCS7_SIGN_ENVELOPE. * How about merging the two */ -typedef struct pkcs7_enc_content_st - { +typedef struct pkcs7_enc_content_st { ASN1_OBJECT *content_type; X509_ALGOR *algorithm; ASN1_OCTET_STRING *enc_data; /* [ 0 ] */ const EVP_CIPHER *cipher; - } PKCS7_ENC_CONTENT; +} PKCS7_ENC_CONTENT; -typedef struct pkcs7_enveloped_st - { +typedef struct pkcs7_enveloped_st { ASN1_INTEGER *version; /* version 0 */ STACK_OF(PKCS7_RECIP_INFO) *recipientinfo; PKCS7_ENC_CONTENT *enc_data; - } PKCS7_ENVELOPE; +} PKCS7_ENVELOPE; -typedef struct pkcs7_signedandenveloped_st - { +typedef struct pkcs7_signedandenveloped_st { ASN1_INTEGER *version; /* version 1 */ STACK_OF(X509_ALGOR) *md_algs; /* md used */ STACK_OF(X509) *cert; /* [ 0 ] */ @@ -156,24 +140,21 @@ typedef struct pkcs7_signedandenveloped_st PKCS7_ENC_CONTENT *enc_data; STACK_OF(PKCS7_RECIP_INFO) *recipientinfo; - } PKCS7_SIGN_ENVELOPE; +} PKCS7_SIGN_ENVELOPE; -typedef struct pkcs7_digest_st - { +typedef struct pkcs7_digest_st { ASN1_INTEGER *version; /* version 0 */ X509_ALGOR *md; /* md used */ struct pkcs7_st *contents; ASN1_OCTET_STRING *digest; - } PKCS7_DIGEST; +} PKCS7_DIGEST; -typedef struct pkcs7_encrypted_st - { +typedef struct pkcs7_encrypted_st { ASN1_INTEGER *version; /* version 0 */ PKCS7_ENC_CONTENT *enc_data; - } PKCS7_ENCRYPT; +} PKCS7_ENCRYPT; -typedef struct pkcs7_st - { +typedef struct pkcs7_st { /* The following is non NULL if it contains ASN1 encoding of * this structure */ unsigned char *asn1; @@ -213,11 +194,10 @@ typedef struct pkcs7_st /* Anything else */ ASN1_TYPE *other; - } d; - } PKCS7; + } d; +} PKCS7; DECLARE_STACK_OF(PKCS7) -DECLARE_ASN1_SET_OF(PKCS7) DECLARE_PKCS12_STACK_OF(PKCS7) #define PKCS7_OP_SET_DETACHED_SIGNATURE 1 @@ -232,6 +212,11 @@ DECLARE_PKCS12_STACK_OF(PKCS7) #define PKCS7_type_is_signedAndEnveloped(a) \ (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped) #define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data) +#define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest) +#define PKCS7_type_is_encrypted(a) \ + (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted) + +#define PKCS7_type_is_digest(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_digest) #define PKCS7_set_detached(p,v) \ PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL) @@ -240,14 +225,6 @@ DECLARE_PKCS12_STACK_OF(PKCS7) #define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7)) -#ifdef SSLEAY_MACROS -#ifndef PKCS7_ISSUER_AND_SERIAL_digest -#define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \ - ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\ - (char *)data,md,len) -#endif -#endif - /* S/MIME related flags */ #define PKCS7_TEXT 0x1 @@ -260,6 +237,12 @@ DECLARE_PKCS12_STACK_OF(PKCS7) #define PKCS7_BINARY 0x80 #define PKCS7_NOATTR 0x100 #define PKCS7_NOSMIMECAP 0x200 +#define PKCS7_NOOLDMIMETYPE 0x400 +#define PKCS7_CRLFEOL 0x800 +#define PKCS7_STREAM 0x1000 +#define PKCS7_NOCRL 0x2000 +#define PKCS7_PARTIAL 0x4000 +#define PKCS7_REUSE_DIGEST 0x8000 /* Flags: for compatibility with older code */ @@ -273,48 +256,90 @@ DECLARE_PKCS12_STACK_OF(PKCS7) #define SMIME_BINARY PKCS7_BINARY #define SMIME_NOATTR PKCS7_NOATTR -DECLARE_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL) +PKCS7_ISSUER_AND_SERIAL *PKCS7_ISSUER_AND_SERIAL_new(void); +void PKCS7_ISSUER_AND_SERIAL_free(PKCS7_ISSUER_AND_SERIAL *a); +PKCS7_ISSUER_AND_SERIAL *d2i_PKCS7_ISSUER_AND_SERIAL(PKCS7_ISSUER_AND_SERIAL **a, const unsigned char **in, long len); +int i2d_PKCS7_ISSUER_AND_SERIAL(PKCS7_ISSUER_AND_SERIAL *a, unsigned char **out); +extern const ASN1_ITEM PKCS7_ISSUER_AND_SERIAL_it; -#ifndef SSLEAY_MACROS -int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,const EVP_MD *type, - unsigned char *md,unsigned int *len); -#ifndef OPENSSL_NO_FP_API -PKCS7 *d2i_PKCS7_fp(FILE *fp,PKCS7 **p7); -int i2d_PKCS7_fp(FILE *fp,PKCS7 *p7); -#endif +int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, + const EVP_MD *type, unsigned char *md, unsigned int *len); +PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7); +int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7); PKCS7 *PKCS7_dup(PKCS7 *p7); -PKCS7 *d2i_PKCS7_bio(BIO *bp,PKCS7 **p7); -int i2d_PKCS7_bio(BIO *bp,PKCS7 *p7); -#endif - -DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO) -DECLARE_ASN1_FUNCTIONS(PKCS7_RECIP_INFO) -DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNED) -DECLARE_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT) -DECLARE_ASN1_FUNCTIONS(PKCS7_ENVELOPE) -DECLARE_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE) -DECLARE_ASN1_FUNCTIONS(PKCS7_DIGEST) -DECLARE_ASN1_FUNCTIONS(PKCS7_ENCRYPT) -DECLARE_ASN1_FUNCTIONS(PKCS7) - -DECLARE_ASN1_ITEM(PKCS7_ATTR_SIGN) -DECLARE_ASN1_ITEM(PKCS7_ATTR_VERIFY) - +PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7); +int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7); +int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *in, int flags); +int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *in, int flags); + +PKCS7_SIGNER_INFO *PKCS7_SIGNER_INFO_new(void); +void PKCS7_SIGNER_INFO_free(PKCS7_SIGNER_INFO *a); +PKCS7_SIGNER_INFO *d2i_PKCS7_SIGNER_INFO(PKCS7_SIGNER_INFO **a, const unsigned char **in, long len); +int i2d_PKCS7_SIGNER_INFO(PKCS7_SIGNER_INFO *a, unsigned char **out); +extern const ASN1_ITEM PKCS7_SIGNER_INFO_it; +PKCS7_RECIP_INFO *PKCS7_RECIP_INFO_new(void); +void PKCS7_RECIP_INFO_free(PKCS7_RECIP_INFO *a); +PKCS7_RECIP_INFO *d2i_PKCS7_RECIP_INFO(PKCS7_RECIP_INFO **a, const unsigned char **in, long len); +int i2d_PKCS7_RECIP_INFO(PKCS7_RECIP_INFO *a, unsigned char **out); +extern const ASN1_ITEM PKCS7_RECIP_INFO_it; +PKCS7_SIGNED *PKCS7_SIGNED_new(void); +void PKCS7_SIGNED_free(PKCS7_SIGNED *a); +PKCS7_SIGNED *d2i_PKCS7_SIGNED(PKCS7_SIGNED **a, const unsigned char **in, long len); +int i2d_PKCS7_SIGNED(PKCS7_SIGNED *a, unsigned char **out); +extern const ASN1_ITEM PKCS7_SIGNED_it; +PKCS7_ENC_CONTENT *PKCS7_ENC_CONTENT_new(void); +void PKCS7_ENC_CONTENT_free(PKCS7_ENC_CONTENT *a); +PKCS7_ENC_CONTENT *d2i_PKCS7_ENC_CONTENT(PKCS7_ENC_CONTENT **a, const unsigned char **in, long len); +int i2d_PKCS7_ENC_CONTENT(PKCS7_ENC_CONTENT *a, unsigned char **out); +extern const ASN1_ITEM PKCS7_ENC_CONTENT_it; +PKCS7_ENVELOPE *PKCS7_ENVELOPE_new(void); +void PKCS7_ENVELOPE_free(PKCS7_ENVELOPE *a); +PKCS7_ENVELOPE *d2i_PKCS7_ENVELOPE(PKCS7_ENVELOPE **a, const unsigned char **in, long len); +int i2d_PKCS7_ENVELOPE(PKCS7_ENVELOPE *a, unsigned char **out); +extern const ASN1_ITEM PKCS7_ENVELOPE_it; +PKCS7_SIGN_ENVELOPE *PKCS7_SIGN_ENVELOPE_new(void); +void PKCS7_SIGN_ENVELOPE_free(PKCS7_SIGN_ENVELOPE *a); +PKCS7_SIGN_ENVELOPE *d2i_PKCS7_SIGN_ENVELOPE(PKCS7_SIGN_ENVELOPE **a, const unsigned char **in, long len); +int i2d_PKCS7_SIGN_ENVELOPE(PKCS7_SIGN_ENVELOPE *a, unsigned char **out); +extern const ASN1_ITEM PKCS7_SIGN_ENVELOPE_it; +PKCS7_DIGEST *PKCS7_DIGEST_new(void); +void PKCS7_DIGEST_free(PKCS7_DIGEST *a); +PKCS7_DIGEST *d2i_PKCS7_DIGEST(PKCS7_DIGEST **a, const unsigned char **in, long len); +int i2d_PKCS7_DIGEST(PKCS7_DIGEST *a, unsigned char **out); +extern const ASN1_ITEM PKCS7_DIGEST_it; +PKCS7_ENCRYPT *PKCS7_ENCRYPT_new(void); +void PKCS7_ENCRYPT_free(PKCS7_ENCRYPT *a); +PKCS7_ENCRYPT *d2i_PKCS7_ENCRYPT(PKCS7_ENCRYPT **a, const unsigned char **in, long len); +int i2d_PKCS7_ENCRYPT(PKCS7_ENCRYPT *a, unsigned char **out); +extern const ASN1_ITEM PKCS7_ENCRYPT_it; +PKCS7 *PKCS7_new(void); +void PKCS7_free(PKCS7 *a); +PKCS7 *d2i_PKCS7(PKCS7 **a, const unsigned char **in, long len); +int i2d_PKCS7(PKCS7 *a, unsigned char **out); +extern const ASN1_ITEM PKCS7_it; + +extern const ASN1_ITEM PKCS7_ATTR_SIGN_it; +extern const ASN1_ITEM PKCS7_ATTR_VERIFY_it; + +int i2d_PKCS7_NDEF(PKCS7 *a, unsigned char **out); +int PKCS7_print_ctx(BIO *out, PKCS7 *x, int indent, const ASN1_PCTX *pctx); long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg); int PKCS7_set_type(PKCS7 *p7, int type); +int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other); int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data); int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, - const EVP_MD *dgst); + const EVP_MD *dgst); +int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si); int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i); int PKCS7_add_certificate(PKCS7 *p7, X509 *x509); int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509); int PKCS7_content_new(PKCS7 *p7, int nid); int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, - BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si); + BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si); int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, - X509 *x509); + X509 *x509); BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio); int PKCS7_dataFinal(PKCS7 *p7, BIO *bio); @@ -322,46 +347,63 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert); PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, - EVP_PKEY *pkey, const EVP_MD *dgst); + EVP_PKEY *pkey, const EVP_MD *dgst); X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si); +int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md); STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7); PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509); +void PKCS7_SIGNER_INFO_get0_algs(PKCS7_SIGNER_INFO *si, EVP_PKEY **pk, + X509_ALGOR **pdig, X509_ALGOR **psig); +void PKCS7_RECIP_INFO_get0_alg(PKCS7_RECIP_INFO *ri, X509_ALGOR **penc); int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri); int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509); int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher); +int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7); PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx); ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk); -int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si,int nid,int type, - void *data); +int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int type, + void *data); int PKCS7_add_attribute (PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, - void *value); + void *value); ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid); ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid); int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si, - STACK_OF(X509_ATTRIBUTE) *sk); -int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,STACK_OF(X509_ATTRIBUTE) *sk); + STACK_OF(X509_ATTRIBUTE) *sk); +int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, STACK_OF(X509_ATTRIBUTE) *sk); PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, - BIO *data, int flags); + BIO *data, int flags); + +PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, + X509 *signcert, EVP_PKEY *pkey, const EVP_MD *md, + int flags); + +int PKCS7_final(PKCS7 *p7, BIO *data, int flags); int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, - BIO *indata, BIO *out, int flags); + BIO *indata, BIO *out, int flags); STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags); PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, - int flags); + int flags); int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags); int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, - STACK_OF(X509_ALGOR) *cap); + STACK_OF(X509_ALGOR) *cap); STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si); int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg); +int PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid); +int PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t); +int PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si, + const unsigned char *md, int mdlen); + int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags); PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont); -int SMIME_crlf_copy(BIO *in, BIO *out, int flags); -int SMIME_text(BIO *in, BIO *out); + +BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7); + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes @@ -374,24 +416,40 @@ void ERR_load_PKCS7_strings(void); /* Function codes. */ #define PKCS7_F_B64_READ_PKCS7 120 #define PKCS7_F_B64_WRITE_PKCS7 121 +#define PKCS7_F_DO_PKCS7_SIGNED_ATTRIB 136 +#define PKCS7_F_I2D_PKCS7_BIO_STREAM 140 +#define PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME 135 #define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP 118 #define PKCS7_F_PKCS7_ADD_CERTIFICATE 100 #define PKCS7_F_PKCS7_ADD_CRL 101 #define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO 102 +#define PKCS7_F_PKCS7_ADD_SIGNATURE 131 #define PKCS7_F_PKCS7_ADD_SIGNER 103 +#define PKCS7_F_PKCS7_BIO_ADD_DIGEST 125 +#define PKCS7_F_PKCS7_COPY_EXISTING_DIGEST 138 #define PKCS7_F_PKCS7_CTRL 104 #define PKCS7_F_PKCS7_DATADECODE 112 +#define PKCS7_F_PKCS7_DATAFINAL 128 #define PKCS7_F_PKCS7_DATAINIT 105 #define PKCS7_F_PKCS7_DATASIGN 106 #define PKCS7_F_PKCS7_DATAVERIFY 107 #define PKCS7_F_PKCS7_DECRYPT 114 +#define PKCS7_F_PKCS7_DECRYPT_RINFO 133 +#define PKCS7_F_PKCS7_ENCODE_RINFO 132 #define PKCS7_F_PKCS7_ENCRYPT 115 +#define PKCS7_F_PKCS7_FINAL 134 +#define PKCS7_F_PKCS7_FIND_DIGEST 127 #define PKCS7_F_PKCS7_GET0_SIGNERS 124 +#define PKCS7_F_PKCS7_RECIP_INFO_SET 130 #define PKCS7_F_PKCS7_SET_CIPHER 108 #define PKCS7_F_PKCS7_SET_CONTENT 109 +#define PKCS7_F_PKCS7_SET_DIGEST 126 #define PKCS7_F_PKCS7_SET_TYPE 110 #define PKCS7_F_PKCS7_SIGN 116 #define PKCS7_F_PKCS7_SIGNATUREVERIFY 113 +#define PKCS7_F_PKCS7_SIGNER_INFO_SET 129 +#define PKCS7_F_PKCS7_SIGNER_INFO_SIGN 139 +#define PKCS7_F_PKCS7_SIGN_ADD_SIGNER 137 #define PKCS7_F_PKCS7_SIMPLE_SMIMECAP 119 #define PKCS7_F_PKCS7_VERIFY 117 #define PKCS7_F_SMIME_READ_PKCS7 122 @@ -402,10 +460,13 @@ void ERR_load_PKCS7_strings(void); #define PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 144 #define PKCS7_R_CIPHER_NOT_INITIALIZED 116 #define PKCS7_R_CONTENT_AND_DATA_PRESENT 118 +#define PKCS7_R_CTRL_ERROR 152 #define PKCS7_R_DECODE_ERROR 130 #define PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH 100 #define PKCS7_R_DECRYPT_ERROR 119 #define PKCS7_R_DIGEST_FAILURE 101 +#define PKCS7_R_ENCRYPTION_CTRL_FAILURE 149 +#define PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 150 #define PKCS7_R_ERROR_ADDING_RECIPIENT 120 #define PKCS7_R_ERROR_SETTING_CIPHER 121 #define PKCS7_R_INVALID_MIME_TYPE 131 @@ -416,21 +477,28 @@ void ERR_load_PKCS7_strings(void); #define PKCS7_R_MISSING_CERIPEND_INFO 103 #define PKCS7_R_NO_CONTENT 122 #define PKCS7_R_NO_CONTENT_TYPE 135 +#define PKCS7_R_NO_DEFAULT_DIGEST 151 +#define PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND 154 #define PKCS7_R_NO_MULTIPART_BODY_FAILURE 136 #define PKCS7_R_NO_MULTIPART_BOUNDARY 137 #define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE 115 +#define PKCS7_R_NO_RECIPIENT_MATCHES_KEY 146 #define PKCS7_R_NO_SIGNATURES_ON_DATA 123 #define PKCS7_R_NO_SIGNERS 142 #define PKCS7_R_NO_SIG_CONTENT_TYPE 138 #define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE 104 #define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR 124 +#define PKCS7_R_PKCS7_ADD_SIGNER_ERROR 153 +#define PKCS7_R_PKCS7_DATAFINAL 126 #define PKCS7_R_PKCS7_DATAFINAL_ERROR 125 -#define PKCS7_R_PKCS7_DATASIGN 126 +#define PKCS7_R_PKCS7_DATASIGN 145 #define PKCS7_R_PKCS7_PARSE_ERROR 139 #define PKCS7_R_PKCS7_SIG_PARSE_ERROR 140 #define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 127 #define PKCS7_R_SIGNATURE_FAILURE 105 #define PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND 128 +#define PKCS7_R_SIGNING_CTRL_FAILURE 147 +#define PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 148 #define PKCS7_R_SIG_INVALID_MIME_TYPE 141 #define PKCS7_R_SMIME_TEXT_ERROR 129 #define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE 106 diff --git a/src/lib/libcrypto/pkcs7/pkcs7err.c b/src/lib/libcrypto/pkcs7/pkcs7err.c index 5e51527a407..8a67bf52210 100644 --- a/src/lib/libcrypto/pkcs7/pkcs7err.c +++ b/src/lib/libcrypto/pkcs7/pkcs7err.c @@ -1,13 +1,13 @@ -/* crypto/pkcs7/pkcs7err.c */ +/* $OpenBSD: pkcs7err.c,v 1.11 2014/07/10 22:45:57 jsing Exp $ */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -59,102 +59,129 @@ */ #include + +#include + #include #include /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -static ERR_STRING_DATA PKCS7_str_functs[]= - { -{ERR_PACK(0,PKCS7_F_B64_READ_PKCS7,0), "B64_READ_PKCS7"}, -{ERR_PACK(0,PKCS7_F_B64_WRITE_PKCS7,0), "B64_WRITE_PKCS7"}, -{ERR_PACK(0,PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,0), "PKCS7_add_attrib_smimecap"}, -{ERR_PACK(0,PKCS7_F_PKCS7_ADD_CERTIFICATE,0), "PKCS7_add_certificate"}, -{ERR_PACK(0,PKCS7_F_PKCS7_ADD_CRL,0), "PKCS7_add_crl"}, -{ERR_PACK(0,PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,0), "PKCS7_add_recipient_info"}, -{ERR_PACK(0,PKCS7_F_PKCS7_ADD_SIGNER,0), "PKCS7_add_signer"}, -{ERR_PACK(0,PKCS7_F_PKCS7_CTRL,0), "PKCS7_ctrl"}, -{ERR_PACK(0,PKCS7_F_PKCS7_DATADECODE,0), "PKCS7_dataDecode"}, -{ERR_PACK(0,PKCS7_F_PKCS7_DATAINIT,0), "PKCS7_dataInit"}, -{ERR_PACK(0,PKCS7_F_PKCS7_DATASIGN,0), "PKCS7_DATASIGN"}, -{ERR_PACK(0,PKCS7_F_PKCS7_DATAVERIFY,0), "PKCS7_dataVerify"}, -{ERR_PACK(0,PKCS7_F_PKCS7_DECRYPT,0), "PKCS7_decrypt"}, -{ERR_PACK(0,PKCS7_F_PKCS7_ENCRYPT,0), "PKCS7_encrypt"}, -{ERR_PACK(0,PKCS7_F_PKCS7_GET0_SIGNERS,0), "PKCS7_get0_signers"}, -{ERR_PACK(0,PKCS7_F_PKCS7_SET_CIPHER,0), "PKCS7_set_cipher"}, -{ERR_PACK(0,PKCS7_F_PKCS7_SET_CONTENT,0), "PKCS7_set_content"}, -{ERR_PACK(0,PKCS7_F_PKCS7_SET_TYPE,0), "PKCS7_set_type"}, -{ERR_PACK(0,PKCS7_F_PKCS7_SIGN,0), "PKCS7_sign"}, -{ERR_PACK(0,PKCS7_F_PKCS7_SIGNATUREVERIFY,0), "PKCS7_signatureVerify"}, -{ERR_PACK(0,PKCS7_F_PKCS7_SIMPLE_SMIMECAP,0), "PKCS7_simple_smimecap"}, -{ERR_PACK(0,PKCS7_F_PKCS7_VERIFY,0), "PKCS7_verify"}, -{ERR_PACK(0,PKCS7_F_SMIME_READ_PKCS7,0), "SMIME_read_PKCS7"}, -{ERR_PACK(0,PKCS7_F_SMIME_TEXT,0), "SMIME_text"}, -{0,NULL} - }; -static ERR_STRING_DATA PKCS7_str_reasons[]= - { -{PKCS7_R_CERTIFICATE_VERIFY_ERROR ,"certificate verify error"}, -{PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER ,"cipher has no object identifier"}, -{PKCS7_R_CIPHER_NOT_INITIALIZED ,"cipher not initialized"}, -{PKCS7_R_CONTENT_AND_DATA_PRESENT ,"content and data present"}, -{PKCS7_R_DECODE_ERROR ,"decode error"}, -{PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH ,"decrypted key is wrong length"}, -{PKCS7_R_DECRYPT_ERROR ,"decrypt error"}, -{PKCS7_R_DIGEST_FAILURE ,"digest failure"}, -{PKCS7_R_ERROR_ADDING_RECIPIENT ,"error adding recipient"}, -{PKCS7_R_ERROR_SETTING_CIPHER ,"error setting cipher"}, -{PKCS7_R_INVALID_MIME_TYPE ,"invalid mime type"}, -{PKCS7_R_INVALID_NULL_POINTER ,"invalid null pointer"}, -{PKCS7_R_MIME_NO_CONTENT_TYPE ,"mime no content type"}, -{PKCS7_R_MIME_PARSE_ERROR ,"mime parse error"}, -{PKCS7_R_MIME_SIG_PARSE_ERROR ,"mime sig parse error"}, -{PKCS7_R_MISSING_CERIPEND_INFO ,"missing ceripend info"}, -{PKCS7_R_NO_CONTENT ,"no content"}, -{PKCS7_R_NO_CONTENT_TYPE ,"no content type"}, -{PKCS7_R_NO_MULTIPART_BODY_FAILURE ,"no multipart body failure"}, -{PKCS7_R_NO_MULTIPART_BOUNDARY ,"no multipart boundary"}, -{PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE,"no recipient matches certificate"}, -{PKCS7_R_NO_SIGNATURES_ON_DATA ,"no signatures on data"}, -{PKCS7_R_NO_SIGNERS ,"no signers"}, -{PKCS7_R_NO_SIG_CONTENT_TYPE ,"no sig content type"}, -{PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE,"operation not supported on this type"}, -{PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR ,"pkcs7 add signature error"}, -{PKCS7_R_PKCS7_DATAFINAL_ERROR ,"pkcs7 datafinal error"}, -{PKCS7_R_PKCS7_DATASIGN ,"pkcs7 datasign"}, -{PKCS7_R_PKCS7_PARSE_ERROR ,"pkcs7 parse error"}, -{PKCS7_R_PKCS7_SIG_PARSE_ERROR ,"pkcs7 sig parse error"}, -{PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE,"private key does not match certificate"}, -{PKCS7_R_SIGNATURE_FAILURE ,"signature failure"}, -{PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND ,"signer certificate not found"}, -{PKCS7_R_SIG_INVALID_MIME_TYPE ,"sig invalid mime type"}, -{PKCS7_R_SMIME_TEXT_ERROR ,"smime text error"}, -{PKCS7_R_UNABLE_TO_FIND_CERTIFICATE ,"unable to find certificate"}, -{PKCS7_R_UNABLE_TO_FIND_MEM_BIO ,"unable to find mem bio"}, -{PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST ,"unable to find message digest"}, -{PKCS7_R_UNKNOWN_DIGEST_TYPE ,"unknown digest type"}, -{PKCS7_R_UNKNOWN_OPERATION ,"unknown operation"}, -{PKCS7_R_UNSUPPORTED_CIPHER_TYPE ,"unsupported cipher type"}, -{PKCS7_R_UNSUPPORTED_CONTENT_TYPE ,"unsupported content type"}, -{PKCS7_R_WRONG_CONTENT_TYPE ,"wrong content type"}, -{PKCS7_R_WRONG_PKCS7_TYPE ,"wrong pkcs7 type"}, -{0,NULL} - }; +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS7,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS7,0,reason) -#endif +static ERR_STRING_DATA PKCS7_str_functs[]= { + {ERR_FUNC(PKCS7_F_B64_READ_PKCS7), "B64_READ_PKCS7"}, + {ERR_FUNC(PKCS7_F_B64_WRITE_PKCS7), "B64_WRITE_PKCS7"}, + {ERR_FUNC(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB), "DO_PKCS7_SIGNED_ATTRIB"}, + {ERR_FUNC(PKCS7_F_I2D_PKCS7_BIO_STREAM), "i2d_PKCS7_bio_stream"}, + {ERR_FUNC(PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME), "PKCS7_add0_attrib_signing_time"}, + {ERR_FUNC(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP), "PKCS7_add_attrib_smimecap"}, + {ERR_FUNC(PKCS7_F_PKCS7_ADD_CERTIFICATE), "PKCS7_add_certificate"}, + {ERR_FUNC(PKCS7_F_PKCS7_ADD_CRL), "PKCS7_add_crl"}, + {ERR_FUNC(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO), "PKCS7_add_recipient_info"}, + {ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNATURE), "PKCS7_add_signature"}, + {ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNER), "PKCS7_add_signer"}, + {ERR_FUNC(PKCS7_F_PKCS7_BIO_ADD_DIGEST), "PKCS7_BIO_ADD_DIGEST"}, + {ERR_FUNC(PKCS7_F_PKCS7_COPY_EXISTING_DIGEST), "PKCS7_COPY_EXISTING_DIGEST"}, + {ERR_FUNC(PKCS7_F_PKCS7_CTRL), "PKCS7_ctrl"}, + {ERR_FUNC(PKCS7_F_PKCS7_DATADECODE), "PKCS7_dataDecode"}, + {ERR_FUNC(PKCS7_F_PKCS7_DATAFINAL), "PKCS7_dataFinal"}, + {ERR_FUNC(PKCS7_F_PKCS7_DATAINIT), "PKCS7_dataInit"}, + {ERR_FUNC(PKCS7_F_PKCS7_DATASIGN), "PKCS7_DATASIGN"}, + {ERR_FUNC(PKCS7_F_PKCS7_DATAVERIFY), "PKCS7_dataVerify"}, + {ERR_FUNC(PKCS7_F_PKCS7_DECRYPT), "PKCS7_decrypt"}, + {ERR_FUNC(PKCS7_F_PKCS7_DECRYPT_RINFO), "PKCS7_DECRYPT_RINFO"}, + {ERR_FUNC(PKCS7_F_PKCS7_ENCODE_RINFO), "PKCS7_ENCODE_RINFO"}, + {ERR_FUNC(PKCS7_F_PKCS7_ENCRYPT), "PKCS7_encrypt"}, + {ERR_FUNC(PKCS7_F_PKCS7_FINAL), "PKCS7_final"}, + {ERR_FUNC(PKCS7_F_PKCS7_FIND_DIGEST), "PKCS7_FIND_DIGEST"}, + {ERR_FUNC(PKCS7_F_PKCS7_GET0_SIGNERS), "PKCS7_get0_signers"}, + {ERR_FUNC(PKCS7_F_PKCS7_RECIP_INFO_SET), "PKCS7_RECIP_INFO_set"}, + {ERR_FUNC(PKCS7_F_PKCS7_SET_CIPHER), "PKCS7_set_cipher"}, + {ERR_FUNC(PKCS7_F_PKCS7_SET_CONTENT), "PKCS7_set_content"}, + {ERR_FUNC(PKCS7_F_PKCS7_SET_DIGEST), "PKCS7_set_digest"}, + {ERR_FUNC(PKCS7_F_PKCS7_SET_TYPE), "PKCS7_set_type"}, + {ERR_FUNC(PKCS7_F_PKCS7_SIGN), "PKCS7_sign"}, + {ERR_FUNC(PKCS7_F_PKCS7_SIGNATUREVERIFY), "PKCS7_signatureVerify"}, + {ERR_FUNC(PKCS7_F_PKCS7_SIGNER_INFO_SET), "PKCS7_SIGNER_INFO_set"}, + {ERR_FUNC(PKCS7_F_PKCS7_SIGNER_INFO_SIGN), "PKCS7_SIGNER_INFO_sign"}, + {ERR_FUNC(PKCS7_F_PKCS7_SIGN_ADD_SIGNER), "PKCS7_sign_add_signer"}, + {ERR_FUNC(PKCS7_F_PKCS7_SIMPLE_SMIMECAP), "PKCS7_simple_smimecap"}, + {ERR_FUNC(PKCS7_F_PKCS7_VERIFY), "PKCS7_verify"}, + {ERR_FUNC(PKCS7_F_SMIME_READ_PKCS7), "SMIME_read_PKCS7"}, + {ERR_FUNC(PKCS7_F_SMIME_TEXT), "SMIME_text"}, + {0, NULL} +}; -void ERR_load_PKCS7_strings(void) - { - static int init=1; +static ERR_STRING_DATA PKCS7_str_reasons[]= { + {ERR_REASON(PKCS7_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"}, + {ERR_REASON(PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER), "cipher has no object identifier"}, + {ERR_REASON(PKCS7_R_CIPHER_NOT_INITIALIZED), "cipher not initialized"}, + {ERR_REASON(PKCS7_R_CONTENT_AND_DATA_PRESENT), "content and data present"}, + {ERR_REASON(PKCS7_R_CTRL_ERROR) , "ctrl error"}, + {ERR_REASON(PKCS7_R_DECODE_ERROR) , "decode error"}, + {ERR_REASON(PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH), "decrypted key is wrong length"}, + {ERR_REASON(PKCS7_R_DECRYPT_ERROR) , "decrypt error"}, + {ERR_REASON(PKCS7_R_DIGEST_FAILURE) , "digest failure"}, + {ERR_REASON(PKCS7_R_ENCRYPTION_CTRL_FAILURE), "encryption ctrl failure"}, + {ERR_REASON(PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE), "encryption not supported for this key type"}, + {ERR_REASON(PKCS7_R_ERROR_ADDING_RECIPIENT), "error adding recipient"}, + {ERR_REASON(PKCS7_R_ERROR_SETTING_CIPHER), "error setting cipher"}, + {ERR_REASON(PKCS7_R_INVALID_MIME_TYPE) , "invalid mime type"}, + {ERR_REASON(PKCS7_R_INVALID_NULL_POINTER), "invalid null pointer"}, + {ERR_REASON(PKCS7_R_MIME_NO_CONTENT_TYPE), "mime no content type"}, + {ERR_REASON(PKCS7_R_MIME_PARSE_ERROR) , "mime parse error"}, + {ERR_REASON(PKCS7_R_MIME_SIG_PARSE_ERROR), "mime sig parse error"}, + {ERR_REASON(PKCS7_R_MISSING_CERIPEND_INFO), "missing ceripend info"}, + {ERR_REASON(PKCS7_R_NO_CONTENT) , "no content"}, + {ERR_REASON(PKCS7_R_NO_CONTENT_TYPE) , "no content type"}, + {ERR_REASON(PKCS7_R_NO_DEFAULT_DIGEST) , "no default digest"}, + {ERR_REASON(PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND), "no matching digest type found"}, + {ERR_REASON(PKCS7_R_NO_MULTIPART_BODY_FAILURE), "no multipart body failure"}, + {ERR_REASON(PKCS7_R_NO_MULTIPART_BOUNDARY), "no multipart boundary"}, + {ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE), "no recipient matches certificate"}, + {ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_KEY), "no recipient matches key"}, + {ERR_REASON(PKCS7_R_NO_SIGNATURES_ON_DATA), "no signatures on data"}, + {ERR_REASON(PKCS7_R_NO_SIGNERS) , "no signers"}, + {ERR_REASON(PKCS7_R_NO_SIG_CONTENT_TYPE) , "no sig content type"}, + {ERR_REASON(PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE), "operation not supported on this type"}, + {ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR), "pkcs7 add signature error"}, + {ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNER_ERROR), "pkcs7 add signer error"}, + {ERR_REASON(PKCS7_R_PKCS7_DATAFINAL) , "pkcs7 datafinal"}, + {ERR_REASON(PKCS7_R_PKCS7_DATAFINAL_ERROR), "pkcs7 datafinal error"}, + {ERR_REASON(PKCS7_R_PKCS7_DATASIGN) , "pkcs7 datasign"}, + {ERR_REASON(PKCS7_R_PKCS7_PARSE_ERROR) , "pkcs7 parse error"}, + {ERR_REASON(PKCS7_R_PKCS7_SIG_PARSE_ERROR), "pkcs7 sig parse error"}, + {ERR_REASON(PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE), "private key does not match certificate"}, + {ERR_REASON(PKCS7_R_SIGNATURE_FAILURE) , "signature failure"}, + {ERR_REASON(PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND), "signer certificate not found"}, + {ERR_REASON(PKCS7_R_SIGNING_CTRL_FAILURE), "signing ctrl failure"}, + {ERR_REASON(PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE), "signing not supported for this key type"}, + {ERR_REASON(PKCS7_R_SIG_INVALID_MIME_TYPE), "sig invalid mime type"}, + {ERR_REASON(PKCS7_R_SMIME_TEXT_ERROR) , "smime text error"}, + {ERR_REASON(PKCS7_R_UNABLE_TO_FIND_CERTIFICATE), "unable to find certificate"}, + {ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MEM_BIO), "unable to find mem bio"}, + {ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST), "unable to find message digest"}, + {ERR_REASON(PKCS7_R_UNKNOWN_DIGEST_TYPE) , "unknown digest type"}, + {ERR_REASON(PKCS7_R_UNKNOWN_OPERATION) , "unknown operation"}, + {ERR_REASON(PKCS7_R_UNSUPPORTED_CIPHER_TYPE), "unsupported cipher type"}, + {ERR_REASON(PKCS7_R_UNSUPPORTED_CONTENT_TYPE), "unsupported content type"}, + {ERR_REASON(PKCS7_R_WRONG_CONTENT_TYPE) , "wrong content type"}, + {ERR_REASON(PKCS7_R_WRONG_PKCS7_TYPE) , "wrong pkcs7 type"}, + {0, NULL} +}; - if (init) - { - init=0; -#ifndef OPENSSL_NO_ERR - ERR_load_strings(ERR_LIB_PKCS7,PKCS7_str_functs); - ERR_load_strings(ERR_LIB_PKCS7,PKCS7_str_reasons); #endif - } +void +ERR_load_PKCS7_strings(void) +{ +#ifndef OPENSSL_NO_ERR + if (ERR_func_error_string(PKCS7_str_functs[0].error) == NULL) { + ERR_load_strings(0, PKCS7_str_functs); + ERR_load_strings(0, PKCS7_str_reasons); } +#endif +} diff --git a/src/lib/libcrypto/pkcs7/server.pem b/src/lib/libcrypto/pkcs7/server.pem deleted file mode 100644 index 750aac20946..00000000000 --- a/src/lib/libcrypto/pkcs7/server.pem +++ /dev/null @@ -1,24 +0,0 @@ -issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit) -subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512 bit) ------BEGIN CERTIFICATE----- -MIIB6TCCAVICAQAwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV -BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD -VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTcwNjA5MTM1NzQ2WhcNOTgwNjA5 -MTM1NzQ2WjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG -A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0IGNl -cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8SMVIP -Fe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8Ey2// -Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQB4TMR2CvacKE9wAsu9jyCX8YiW -mgCM+YoP6kt4Zkj2z5IRfm7WrycKsnpnOR+tGeqAjkCeZ6/36o9l91RvPnN1VJ/i -xQv2df0KFeMr00IkDdTNAdIWqFkSsZTAY2QAdgenb7MB1joejquYzO2DQIO7+wpH -irObpESxAZLySCmPPg== ------END CERTIFICATE----- ------BEGIN RSA PRIVATE KEY----- -MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD -TGiXav6ooKXfX3j/7tdkuD8Ey2//Kv7+ue0CAwEAAQJAN6W31vDEP2DjdqhzCDDu -OA4NACqoiFqyblo7yc2tM4h4xMbC3Yx5UKMN9ZkCtX0gzrz6DyF47bdKcWBzNWCj -gQIhANEoojVt7hq+SQ6MCN6FTAysGgQf56Q3TYoJMoWvdiXVAiEAw3e3rc+VJpOz -rHuDo6bgpjUAAXM+v3fcpsfZSNO6V7kCIQCtbVjanpUwvZkMI9by02oUk9taki3b -PzPfAfNPYAbCJQIhAJXNQDWyqwn/lGmR11cqY2y9nZ1+5w3yHGatLrcDnQHxAiEA -vnlEGo8K85u+KwIOimM48ZG8oTk7iFdkqLJR1utT3aU= ------END RSA PRIVATE KEY----- diff --git a/src/lib/libcrypto/pkcs7/sign.c b/src/lib/libcrypto/pkcs7/sign.c deleted file mode 100644 index 8b59885f7ea..00000000000 --- a/src/lib/libcrypto/pkcs7/sign.c +++ /dev/null @@ -1,154 +0,0 @@ -/* crypto/pkcs7/sign.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -#include -#include -#include -#include -#include -#include - -int main(argc,argv) -int argc; -char *argv[]; - { - X509 *x509; - EVP_PKEY *pkey; - PKCS7 *p7; - PKCS7_SIGNER_INFO *si; - BIO *in; - BIO *data,*p7bio; - char buf[1024*4]; - int i; - int nodetach=0; - -#ifndef OPENSSL_NO_MD2 - EVP_add_digest(EVP_md2()); -#endif -#ifndef OPENSSL_NO_MD5 - EVP_add_digest(EVP_md5()); -#endif -#ifndef OPENSSL_NO_SHA1 - EVP_add_digest(EVP_sha1()); -#endif -#ifndef OPENSSL_NO_MDC2 - EVP_add_digest(EVP_mdc2()); -#endif - - data=BIO_new(BIO_s_file()); -again: - if (argc > 1) - { - if (strcmp(argv[1],"-nd") == 0) - { - nodetach=1; - argv++; argc--; - goto again; - } - if (!BIO_read_filename(data,argv[1])) - goto err; - } - else - BIO_set_fp(data,stdin,BIO_NOCLOSE); - - if ((in=BIO_new_file("server.pem","r")) == NULL) goto err; - if ((x509=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL) goto err; - BIO_reset(in); - if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL)) == NULL) goto err; - BIO_free(in); - - p7=PKCS7_new(); - PKCS7_set_type(p7,NID_pkcs7_signed); - - si=PKCS7_add_signature(p7,x509,pkey,EVP_sha1()); - if (si == NULL) goto err; - - /* If you do this then you get signing time automatically added */ - PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, V_ASN1_OBJECT, - OBJ_nid2obj(NID_pkcs7_data)); - - /* we may want to add more */ - PKCS7_add_certificate(p7,x509); - - /* Set the content of the signed to 'data' */ - PKCS7_content_new(p7,NID_pkcs7_data); - - if (!nodetach) - PKCS7_set_detached(p7,1); - - if ((p7bio=PKCS7_dataInit(p7,NULL)) == NULL) goto err; - - for (;;) - { - i=BIO_read(data,buf,sizeof(buf)); - if (i <= 0) break; - BIO_write(p7bio,buf,i); - } - - if (!PKCS7_dataFinal(p7,p7bio)) goto err; - BIO_free(p7bio); - - PEM_write_PKCS7(stdout,p7); - PKCS7_free(p7); - - exit(0); -err: - ERR_load_crypto_strings(); - ERR_print_errors_fp(stderr); - exit(1); - } - diff --git a/src/lib/libcrypto/pkcs7/t/3des.pem b/src/lib/libcrypto/pkcs7/t/3des.pem deleted file mode 100644 index b2b5081a10e..00000000000 --- a/src/lib/libcrypto/pkcs7/t/3des.pem +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PKCS7----- -MIAGCSqGSIb3DQEHA6CAMIACAQAxggHmMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEG -A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m -dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD -ExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR+MA0GCSqGSIb3DQEBAQUABEC2vXI1xQDW6lUHM3zQ -/9uBEBOO5A3TtkrklAXq7v01gsIC21t52qSk36REXY+slhNZ0OQ349tgkTsoETHFLoEwMIHw -AgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMI -QnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU -UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR9MA0G -CSqGSIb3DQEBAQUABEB8ujxbabxXUYJhopuDm3oDq4JNqX6Io4p3ro+ShqfIndsXTZ1v5a2N -WtLLCWlHn/habjBwZ/DgQgcKASbZ7QxNMIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIA -oAQIbsL5v1wX98KggAQoAaJ4WHm68fXY1WE5OIjfVBIDpO1K+i8dmKhjnAjrjoyZ9Bwc8rDL -lgQg4CXb805h5xl+GfvSwUaHJayte1m2mcOhs3J2YyqbQ+MEIMIiJQccmhO3oDKm36CFvYR8 -5PjpclVcZyX2ngbwPFMnBAgy0clOAE6UKAAAAAAAAAAAAAA= ------END PKCS7----- - diff --git a/src/lib/libcrypto/pkcs7/t/3dess.pem b/src/lib/libcrypto/pkcs7/t/3dess.pem deleted file mode 100644 index 23f013516a5..00000000000 --- a/src/lib/libcrypto/pkcs7/t/3dess.pem +++ /dev/null @@ -1,32 +0,0 @@ ------BEGIN PKCS7----- -MIIGHgYJKoZIhvcNAQcCoIIGDzCCBgsCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC -BGswggJTMIIB/aADAgECAgIEfjANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCQVUxEzAR -BgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNv -ZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UE -AxMSREVNTyBaRVJPIFZBTFVFIENBMB4XDTk4MDUxMzA2MjY1NloXDTAwMDUxMjA2MjY1Nlow -gaUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFu -ZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxEjAQBgNVBAsTCVNNSU1FIDAwMzEZMBcG -A1UEAxMQQW5nZWxhIHZhbiBMZWVudDEjMCEGCSqGSIb3DQEJARYUYW5nZWxhQGNyeXB0c29m -dC5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAuC3+7dAb2LhuO7gt2cTM8vsNjhG5JfDh -hX1Vl/wVGbKEEj0MA6vWEolvefQlxB+EzwCtR0YZ7eEC/T/4JoCyeQIDAQABoygwJjAkBglg -hkgBhvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EAUnSP -igs6TMFISTjw8cBtJYb98czgAVkVFjKyJQwYMH8FbDnCyx6NocM555nsyDstaw8fKR11Khds -syd3ikkrhDCCAhAwggG6AgEDMA0GCSqGSIb3DQEBBAUAMIGSMQswCQYDVQQGEwJBVTETMBEG -A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m -dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD -ExJERU1PIFpFUk8gVkFMVUUgQ0EwHhcNOTgwMzAzMDc0MTMyWhcNMDgwMjI5MDc0MTMyWjCB -kjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5l -MRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBB -TkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENBMFwwDQYJKoZIhvcNAQEB -BQADSwAwSAJBAL+0E2fLej3FSCwe2A2iRnMuC3z12qHIp6Ky1wo2zZcxft7AI+RfkrWrSGtf -mfzBEuPrLdfulncC5Y1pNcM8RTUCAwEAATANBgkqhkiG9w0BAQQFAANBAGSbLMphL6F5pp3s -8o0Xyh86FHFdpVOwYx09ELLkuG17V/P9pgIc0Eo/gDMbN+KT3IdgECf8S//pCRA6RrNjcXIx -ggF7MIIBdwIBATCBmTCBkjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAP -BgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZ -REVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENB -AgIEfjAJBgUrDgMCGgUAoHowGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAbBgkqhkiG9w0B -CQ8xDjAMMAoGCCqGSIb3DQMHMBwGCSqGSIb3DQEJBTEPFw05ODA1MTQwMzM5MzdaMCMGCSqG -SIb3DQEJBDEWBBQstNMnSV26ba8PapQEDhO21yNFrjANBgkqhkiG9w0BAQEFAARAW9Xb9YXv -BfcNkutgFX9Gr8iXhBVsNtGEVrjrpkQwpKa7jHI8SjAlLhk/4RFwDHf+ISB9Np3Z1WDWnLcA -9CWR6g== ------END PKCS7----- diff --git a/src/lib/libcrypto/pkcs7/t/c.pem b/src/lib/libcrypto/pkcs7/t/c.pem deleted file mode 100644 index a4b55e321a5..00000000000 --- a/src/lib/libcrypto/pkcs7/t/c.pem +++ /dev/null @@ -1,48 +0,0 @@ -issuer :/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=DEMONSTRATION AND TESTING/CN=DEMO ZERO VALUE CA -subject:/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=SMIME 003/CN=Information/Email=info@cryptsoft.com -serial :047D - -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 1149 (0x47d) - Signature Algorithm: md5withRSAEncryption - Issuer: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=DEMONSTRATION AND TESTING, CN=DEMO ZERO VALUE CA - Validity - Not Before: May 13 05:40:58 1998 GMT - Not After : May 12 05:40:58 2000 GMT - Subject: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=SMIME 003, CN=Information/Email=info@cryptsoft.com - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Modulus: - 00:ad:e7:23:89:ee:0d:87:b7:9c:32:44:4b:95:81: - 73:dd:22:80:4b:2d:c5:60:b8:fe:1e:18:63:ef:dc: - 89:89:22:df:95:3c:7a:db:3d:9a:06:a8:08:d6:29: - fd:ef:41:09:91:ed:bc:ad:98:f9:f6:28:90:62:6f: - e7:e7:0c:4d:0b - Exponent: 65537 (0x10001) - X509v3 extensions: - Netscape Comment: - Generated with SSLeay - Signature Algorithm: md5withRSAEncryption - 52:15:ea:88:f4:f0:f9:0b:ef:ce:d5:f8:83:40:61:16:5e:55: - f9:ce:2d:d1:8b:31:5c:03:c6:2d:10:7c:61:d5:5c:0a:42:97: - d1:fd:65:b6:b6:84:a5:39:ec:46:ec:fc:e0:0d:d9:22:da:1b: - 50:74:ad:92:cb:4e:90:e5:fa:7d - ------BEGIN CERTIFICATE----- -MIICTDCCAfagAwIBAgICBH0wDQYJKoZIhvcNAQEEBQAwgZIxCzAJBgNVBAYTAkFV -MRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UE -ChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsTGURFTU9OU1RSQVRJT04gQU5E -IFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBWQUxVRSBDQTAeFw05ODA1MTMw -NTQwNThaFw0wMDA1MTIwNTQwNThaMIGeMQswCQYDVQQGEwJBVTETMBEGA1UECBMK -UXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m -dCBQdHkgTHRkMRIwEAYDVQQLEwlTTUlNRSAwMDMxFDASBgNVBAMTC0luZm9ybWF0 -aW9uMSEwHwYJKoZIhvcNAQkBFhJpbmZvQGNyeXB0c29mdC5jb20wXDANBgkqhkiG -9w0BAQEFAANLADBIAkEArecjie4Nh7ecMkRLlYFz3SKASy3FYLj+Hhhj79yJiSLf -lTx62z2aBqgI1in970EJke28rZj59iiQYm/n5wxNCwIDAQABoygwJjAkBglghkgB -hvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EA -UhXqiPTw+QvvztX4g0BhFl5V+c4t0YsxXAPGLRB8YdVcCkKX0f1ltraEpTnsRuz8 -4A3ZItobUHStkstOkOX6fQ== ------END CERTIFICATE----- - diff --git a/src/lib/libcrypto/pkcs7/t/ff b/src/lib/libcrypto/pkcs7/t/ff deleted file mode 100644 index 23f013516a5..00000000000 --- a/src/lib/libcrypto/pkcs7/t/ff +++ /dev/null @@ -1,32 +0,0 @@ ------BEGIN PKCS7----- -MIIGHgYJKoZIhvcNAQcCoIIGDzCCBgsCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC -BGswggJTMIIB/aADAgECAgIEfjANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCQVUxEzAR -BgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNv -ZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UE -AxMSREVNTyBaRVJPIFZBTFVFIENBMB4XDTk4MDUxMzA2MjY1NloXDTAwMDUxMjA2MjY1Nlow -gaUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFu -ZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxEjAQBgNVBAsTCVNNSU1FIDAwMzEZMBcG -A1UEAxMQQW5nZWxhIHZhbiBMZWVudDEjMCEGCSqGSIb3DQEJARYUYW5nZWxhQGNyeXB0c29m -dC5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAuC3+7dAb2LhuO7gt2cTM8vsNjhG5JfDh -hX1Vl/wVGbKEEj0MA6vWEolvefQlxB+EzwCtR0YZ7eEC/T/4JoCyeQIDAQABoygwJjAkBglg -hkgBhvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EAUnSP -igs6TMFISTjw8cBtJYb98czgAVkVFjKyJQwYMH8FbDnCyx6NocM555nsyDstaw8fKR11Khds -syd3ikkrhDCCAhAwggG6AgEDMA0GCSqGSIb3DQEBBAUAMIGSMQswCQYDVQQGEwJBVTETMBEG -A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m -dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD -ExJERU1PIFpFUk8gVkFMVUUgQ0EwHhcNOTgwMzAzMDc0MTMyWhcNMDgwMjI5MDc0MTMyWjCB -kjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5l -MRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBB -TkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENBMFwwDQYJKoZIhvcNAQEB -BQADSwAwSAJBAL+0E2fLej3FSCwe2A2iRnMuC3z12qHIp6Ky1wo2zZcxft7AI+RfkrWrSGtf -mfzBEuPrLdfulncC5Y1pNcM8RTUCAwEAATANBgkqhkiG9w0BAQQFAANBAGSbLMphL6F5pp3s -8o0Xyh86FHFdpVOwYx09ELLkuG17V/P9pgIc0Eo/gDMbN+KT3IdgECf8S//pCRA6RrNjcXIx -ggF7MIIBdwIBATCBmTCBkjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAP -BgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZ -REVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENB -AgIEfjAJBgUrDgMCGgUAoHowGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAbBgkqhkiG9w0B -CQ8xDjAMMAoGCCqGSIb3DQMHMBwGCSqGSIb3DQEJBTEPFw05ODA1MTQwMzM5MzdaMCMGCSqG -SIb3DQEJBDEWBBQstNMnSV26ba8PapQEDhO21yNFrjANBgkqhkiG9w0BAQEFAARAW9Xb9YXv -BfcNkutgFX9Gr8iXhBVsNtGEVrjrpkQwpKa7jHI8SjAlLhk/4RFwDHf+ISB9Np3Z1WDWnLcA -9CWR6g== ------END PKCS7----- diff --git a/src/lib/libcrypto/pkcs7/t/msie-e b/src/lib/libcrypto/pkcs7/t/msie-e deleted file mode 100644 index aafae69fc9d..00000000000 --- a/src/lib/libcrypto/pkcs7/t/msie-e +++ /dev/null @@ -1,20 +0,0 @@ - -MIAGCSqGSIb3DQEHA6CAMIACAQAxggHCMIHMAgEAMHYwYjERMA8GA1UEBxMISW50ZXJuZXQxFzAV -BgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5k -aXZpZHVhbCBTdWJzY3JpYmVyAhBgQJiC3qfbCbjdj5INYLnKMA0GCSqGSIb3DQEBAQUABECMzu8y -wQ/qZbO8cAGMRBF+mPruv3+Dvb9aWNZ2k8njUgqF6mcdhVB2MkGcsG3memRXJBixvMYWVkU3qK4Z -VuKsMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UE -BxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU -UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgRuMA0GCSqG -SIb3DQEBAQUABEBcWwYFHJbJGhiztt7lzue3Lc9CH5WAbyR+2BZ3uv+JxZfRs1PuaWPOwRa0Vgs3 -YwSJoRfxQj2Gk0wFqG1qt6d1MIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIAoAQI8vRlP/Nx -2iSggASCAZhR5srxyspy7DfomRJ9ff8eMCtaNwEoEx7G25PZRonC57hBvGoScLtEPU3Wp9FEbPN7 -oJESeC+AqMTyTLNy8aQsyC5s53E9UkoIvg62ekYZBbXZqXsrxx4PhiiX3NH8GVh42phB0Chjw0nK -HZeRDmxGY3Cmk+J+l0uVKxbNIfJIKOguLBnhqmnKH/PrnzDt591u0ULy2aTLqRm+4/1Yat/QPb6J -eoKGwNPBbS9ogBdrCNCp9ZFg3Xar2AtQHzyTQIfYeH3SRQUpKmRm5U5o9p5emgEdT+ZfJm/J4tSH -OmbgAFsbHQakA4MBZ4J5qfDJhOA2g5lWk1hIeu5Dn/AaLRZd0yz3oY0Ieo/erPWx/bCqtBzYbMe9 -qSFTedKlbc9EGe3opOTdBZVzK8KH3w3zsy5luxKdOUG59YYb5F1IZiWGiDyuo/HuacX+griu5LeD -bEzOtZnko+TZXvWIko30fD79j3T4MRRhWXbgj2HKza+4vJ0mzcC/1+GPsJjAEAA/JgIEDU4w6/DI -/HQHhLAO3G+9xKD7MvmrzkoAAAAAAAAAAAAA - - diff --git a/src/lib/libcrypto/pkcs7/t/msie-e.pem b/src/lib/libcrypto/pkcs7/t/msie-e.pem deleted file mode 100644 index a2a5e24e742..00000000000 --- a/src/lib/libcrypto/pkcs7/t/msie-e.pem +++ /dev/null @@ -1,22 +0,0 @@ ------BEGIN PKCS7----- -MIAGCSqGSIb3DQEHA6CAMIIDkAIBADGCAcIwgcwCAQAwdjBiMREwDwYDVQQHEwhJ -bnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1ZlcmlT -aWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXICEGBAmILep9sJ -uN2Pkg1gucowDQYJKoZIhvcNAQEBBQAEQIzO7zLBD+pls7xwAYxEEX6Y+u6/f4O9 -v1pY1naTyeNSCoXqZx2FUHYyQZywbeZ6ZFckGLG8xhZWRTeorhlW4qwwgfACAQAw -gZkwgZIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH -EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsT -GURFTU9OU1RSQVRJT04gQU5EIFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBW -QUxVRSBDQQICBG4wDQYJKoZIhvcNAQEBBQAEQFxbBgUclskaGLO23uXO57ctz0If -lYBvJH7YFne6/4nFl9GzU+5pY87BFrRWCzdjBImhF/FCPYaTTAWobWq3p3UwggHD -BgkqhkiG9w0BBwEwGgYIKoZIhvcNAwIwDgICAKAECPL0ZT/zcdokgIIBmFHmyvHK -ynLsN+iZEn19/x4wK1o3ASgTHsbbk9lGicLnuEG8ahJwu0Q9Tdan0URs83ugkRJ4 -L4CoxPJMs3LxpCzILmzncT1SSgi+DrZ6RhkFtdmpeyvHHg+GKJfc0fwZWHjamEHQ -KGPDScodl5EObEZjcKaT4n6XS5UrFs0h8kgo6C4sGeGqacof8+ufMO3n3W7RQvLZ -pMupGb7j/Vhq39A9vol6gobA08FtL2iAF2sI0Kn1kWDddqvYC1AfPJNAh9h4fdJF -BSkqZGblTmj2nl6aAR1P5l8mb8ni1Ic6ZuAAWxsdBqQDgwFngnmp8MmE4DaDmVaT -WEh67kOf8BotFl3TLPehjQh6j96s9bH9sKq0HNhsx72pIVN50qVtz0QZ7eik5N0F -lXMrwoffDfOzLmW7Ep05Qbn1hhvkXUhmJYaIPK6j8e5pxf6CuK7kt4NsTM61meSj -5Nle9YiSjfR8Pv2PdPgxFGFZduCPYcrNr7i8nSbNwL/X4Y+wmMAQAD8mAgQNTjDr -8Mj8dAeEsA7cb73EoPsy+avOSgAAAAA= ------END PKCS7----- diff --git a/src/lib/libcrypto/pkcs7/t/msie-enc-01 b/src/lib/libcrypto/pkcs7/t/msie-enc-01 deleted file mode 100644 index 2c93ab64626..00000000000 --- a/src/lib/libcrypto/pkcs7/t/msie-enc-01 +++ /dev/null @@ -1,62 +0,0 @@ - -MIAGCSqGSIb3DQEHA6CAMIACAQAxgfMwgfACAQAwgZkwgZIxCzAJBgNVBAYTAkFVMRMwEQYD -VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRzb2Z0 -IFB0eSBMdGQxIjAgBgNVBAsTGURFTU9OU1RSQVRJT04gQU5EIFRFU1RJTkcxGzAZBgNVBAMT -EkRFTU8gWkVSTyBWQUxVRSBDQQICBG4wDQYJKoZIhvcNAQEBBQAEQKvMaW8xh6oF/X+CJivz -IZV7yHxlp4O3NHQtWG0A8MOZB+CtKlU7/6g5e/a9Du/TOqxRMqtYRp63pa2Q/mM4IYMwgAYJ -KoZIhvcNAQcBMBoGCCqGSIb3DQMCMA4CAgCgBAifz6RvzOPYlKCABIGwxtGA/FLBBRs1wbBP -gDCbSG0yCwjJNsFg89/k6xuXo8c5YTwsw8+XlIVq03navpew6XxxzY090rD2OJ0t6HA6GqrI -pd8WiSh/Atqn0yfLFmkLqgIAPRfzxUxqUocxLpQsLIFp2YNUGE+yps+UZmIjw/WHfdqrcWTm -STSvKuy3UkIJZCkGDBpTvqk4BFaHh4oTXEpgpNY+GKxjf9TDN9GQPqQZR7sgQki4t2g4/Saq -Kl4EMISgluk6swdND0tiHY7v5d6YR29ePCl2/STJ98eJpWkEEC22GNNvOy7ru/Rv2He4MgQg -optd7sk9MMd9xhJppg7CcH/yDx//HrtgpOcWmn6VxpgECFqon4uXkQtIBIH4PaNclFn7/hLx -Pw2VmBGaC0SYF3U1jyN96EBxdjqy8Aa6ByMXYDW5BcfqniD5mYXfw+b81lh1kutxaPaV4YJ9 -ZlRUW752N7VHo/fG0/fukoe5W9a8kIhgLpygllb/GP4oSF4wM6n1/OgRzZj2IWFiobKO4d/t -Mnh+C+PoEVAuFZcxQwi9GqvsK5OoIjVwNx0XcVSOl1TTYS9SwC7ugMBCab73JiruC24pL78Y -M+NaIpIQ3On4DokJA2ZHtjBjZIxF4tKA144RvFN6pBd6TVE5XM6KD/Vh9bjSmujtEAfdQ3Te -dvKJsbZuu0stErbvWcRy11I328l557EECAJT7d44OJ3rBBBj6bnnx6dDU2SRqp2CEoQaBAhK -RBuyhNxkygQIOY9/NhwqAJAECOvX0Zd0DqgoBAjobPpMHhVV3gQQWLU2vEoZ51BwzxdzCmxO -wwQI4oKfudaNqoAESKzBNAqv5kGumHOlMKsRfrs7jZCcSaOuEj97pYx08FLEgF23cav39MOQ -NUEM1dNU+EYslL4o3RoSHRjUgPU+2t9c0prS9A/bPARIEOP94PynaTNxwHi3VTK7SzuQmgzA -4n942E9joSiqsQPlsKAb3sPUaLC3SuUxSjNBgfpvD0bmrA/5h+WZoYXvIogFpwjkSmnFBEie -0lh5Ov1aRrvCw5/j3Q/W/4ZtN5U+aeVBJMtA8n0Mxd5kPxHbNVh4oGprZ6wEegV8ht3voyZa -mZ5Cyxc8ffMYnM/JJI6/oEYEUEMyyiS5FnYyvxKzfMtyn2lZ2st9nZGNNgMc9N62r5HgNbdD -FHuRdKKzV+8kQfuMc3mOPpK1t9TFY+QgrxiB5p6S7VooI97YtP3PbfknszCEBEh4PdXYbbaR -3AacN3Q5kYYmWsq3WW6xgrg0mmEGosGvwSQxBBuiXZrxScCa4ivEq05UZwyShePvKduOvnUE -2zDO6IXFLZxhTZAESEm9/FovLgGAiJ7iMGmYvsISLJScwG4n+wrSaQNQXizs9N3ykys54wBN -d/+BQ4F7pncHhDQ2Dyt5MekB8Y8iNOocUTFCu524vQRIaWCXmXP3vU7D21dp0XnAMzRQJ565 -JV3aHRoY7XDa4LePa7PP9ywyafOE5yCW7ndqx3J+2JhTDvSFsW8/q3H3iyeFhykuJVS6BFDK -6CmKbnyyjOfE2iLGJmTFa905V2KrVDCmlEu/xyGMs80yTyZC+ySzM83FMVvLEQmSzcTNUZVp -DfA1kNXbXkPouBXXT6g8r8JCRljaKKABmgRIlMheOJQRUUU4cgvhMreXPayhq5Ao4VMSCkA5 -hYRCBczm4Di/MMohF0SxIsdRY6gY9CPnrBXAsY6h1RbR7Tw0iQZmeXi52DCiBEj0by+SYMAa -9z0CReIzl8JLL6EVIFz8kFxlkGWjr4dnOzhhPOq/mCpp0WxbavDfdhE87MdXJZBnLwoT62QG -955HlAoEQBOGJbcESCgd5XSirZ9Y3AbCfuKOqoMBvEUGn+w/pMaqnGvnr5FZhuBDKrhRXqtx -QsxA//drGUxsrZOuSL/0+fbvo7n2h1Z8Ny86jOvVZAQIAjw2l1Yc5RAESNc9i3I8pKEOVQf/ -UBczJ0NR9aTEF80dRg2lpXwD0ho4N0AvSiVbgxC7cPZHQwIqvq9LHRUs/4n+Vu3SVYU3cAxo -lUTiCGUSlARIF+TD57SI5+RI+MNtnD9rs4E1ml51YoHGWFj3UPriDmY0FKEwIgqtMXMY3fZ9 -Kq8d83bjDzxwbDX7WwR7KbSeJWT42pCz7kM+BEjjPsOnZHuusXT3x2rrsBnYtYsbt98mSFiS -KzTtFmXfkOBbCQdit1P76QnYJ1aXMGs6zP6GypQTadK/zYWvlm38QkVwueaJ0woESKW2pqKA -70h2UMDHOrpepU1lj0YMzmotDHSTU3L909VvUMNg9uqfrQ6mSkb9j5Tl8oF2otOw5EzA1Yda -KPmgsv62RWLYl80wXQRQwG0e/mgG75jp9lOhJdVXqcYbQpS9viwVaVkwH+69mu/bQI4gjoEs -UYX6O71Re2z+cYhcm9UrK+DXuSFBXQOIlAFxKMW4B0apd6fU84FsZLMESOorXE5OE0A2B2ji -J8QI0Exk4hUvWrMNJfUZwFyS7E05xV9ORuX1xmsKqkT4tVR5Nqln4vhvAY860VBoloz0CDkd -8seSBEjeMgRI9FvpYuflIeHg9urkwp6N+1f0DrJJhJY9ZQ0HTQhziJmIfvbEjNqCl7hEC28+ -F8I5tuViLgfSwcFFCvnS6WFoN4X6QdFdqMCbBEjdlI1c+IQGA/IuTDMJYCuQ/v+8BG5ZeWVH -icPZmXfRat9eFK1dGKAJef6+Tf9HPuDjSpDyffrifsp7Dc34lmm7GN1+ON3ZMtwEUNm6epb8 -1RKWjoI7jIKUV/M2p/0eeGSqs4b06KF/VR6dBwsJVL5DpnTsp3MV4j/CAOlRdSPZ5++tsKbM -aplk+ceqQtpEFz1MYTtVV4+rlrWaBEA1okJyNZ5/tNOwM7B+XfOZ0xw+uyVi9v4byTZM2Qds -J+d3YGYLAugTGHISLqQEerD8/gGK+/SL06b2gNedXPHtBAiBKX+Mdy3wFQQIqE9gVgvrFNUE -CKKoTFoMGqnPBAjDPgLCklNfrwQI3Ek1vSq68w8ECBodu2FOZJVkBAgzwjfSr2N9WQQQTCoQ -KkAbrS9tnjXn1I3+ZwQIrPx3eINo/YUECIeYWCFskxlYBAiDUdvZXwD3vgQIkEyZbbZWbUUE -CH4+odl1Isk3BBj68fkqJ0fKJRWVLWuW/O3VE4BOPKwFlaIECFseVTdDUho8BAj+cOKvV2WA -hgQgaXr+wwq+ItblG0Qxz8IVUXX6PV2mIdHwz4SCCvnCsaIECJhBYxdfLI/XBCDswamPn9MR -yXi2HVQBineV+GtWVkIoZ2dCLFB9mQRMoAQI0nUR5a5AOJoECA+AunKlAlx8BAi5RtFeF4g1 -FQQIz/ie+16LlQcECOmNuVg5DXjMBAjH2nkfpXZgWwQIVdLuO/+kuHAECO/5rEHmyI9vBBD4 -16BU4Rd3YerDQnHtrwOQBCCkho1XxK5Maz8KLCNi20wvcGt8wsIXlj2h5q9ITBq7IgQQvKVY -4OfJ7bKbItP2dylwQgQYPIGxwkkbRXNraONYvN19G8UdF35rFOuIBAjf0sKz/618ZQQIxObr -xJkRe0sECIC+ssnjEb2NBBBI+XM4OntVWGsRV9Td3sFgBAinGwIroo8O0gQQMGAwgc9PaLaG -gBCiwSTrYQQIVHjfCQgOtygEUIoraFoANfhZgIShpOd/RRxFU4/7xZR5tMdGoYz/g0thR0lM -+Hi88FtFD4mAh/Oat4Ri8B7bv04aokjN2UHz6nPbHHjZ8zIqpbYTCy043GNZBAhOqjyB2JbD -NwQoR23XCYD9x6E20ChHJRXmaHwyMdYXKl5CUxypl7ois+sy2D7jDukS3wQIsTyyPgJi0GsA -AAAAAAAAAAAA - diff --git a/src/lib/libcrypto/pkcs7/t/msie-enc-01.pem b/src/lib/libcrypto/pkcs7/t/msie-enc-01.pem deleted file mode 100644 index 9abf00b2f24..00000000000 --- a/src/lib/libcrypto/pkcs7/t/msie-enc-01.pem +++ /dev/null @@ -1,66 +0,0 @@ ------BEGIN PKCS7----- -MIAGCSqGSIb3DQEHA6CAMIILyAIBADGB8zCB8AIBADCBmTCBkjELMAkGA1UEBhMC -QVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5lMRowGAYD -VQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBB -TkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENBAgIEbjANBgkq -hkiG9w0BAQEFAARAq8xpbzGHqgX9f4ImK/MhlXvIfGWng7c0dC1YbQDww5kH4K0q -VTv/qDl79r0O79M6rFEyq1hGnrelrZD+YzghgzCCCssGCSqGSIb3DQEHATAaBggq -hkiG9w0DAjAOAgIAoAQIn8+kb8zj2JSAggqgxtGA/FLBBRs1wbBPgDCbSG0yCwjJ -NsFg89/k6xuXo8c5YTwsw8+XlIVq03navpew6XxxzY090rD2OJ0t6HA6GqrIpd8W -iSh/Atqn0yfLFmkLqgIAPRfzxUxqUocxLpQsLIFp2YNUGE+yps+UZmIjw/WHfdqr -cWTmSTSvKuy3UkIJZCkGDBpTvqk4BFaHh4oTXEpgpNY+GKxjf9TDN9GQPqQZR7sg -Qki4t2g4/SaqKl6EoJbpOrMHTQ9LYh2O7+XemEdvXjwpdv0kyffHiaVpBBAtthjT -bzsu67v0b9h3uDKim13uyT0wx33GEmmmDsJwf/IPH/8eu2Ck5xaafpXGmFqon4uX -kQtIPaNclFn7/hLxPw2VmBGaC0SYF3U1jyN96EBxdjqy8Aa6ByMXYDW5BcfqniD5 -mYXfw+b81lh1kutxaPaV4YJ9ZlRUW752N7VHo/fG0/fukoe5W9a8kIhgLpygllb/ -GP4oSF4wM6n1/OgRzZj2IWFiobKO4d/tMnh+C+PoEVAuFZcxQwi9GqvsK5OoIjVw -Nx0XcVSOl1TTYS9SwC7ugMBCab73JiruC24pL78YM+NaIpIQ3On4DokJA2ZHtjBj -ZIxF4tKA144RvFN6pBd6TVE5XM6KD/Vh9bjSmujtEAfdQ3TedvKJsbZuu0stErbv -WcRy11I328l557ECU+3eODid62PpuefHp0NTZJGqnYIShBpKRBuyhNxkyjmPfzYc -KgCQ69fRl3QOqCjobPpMHhVV3li1NrxKGedQcM8XcwpsTsPigp+51o2qgKzBNAqv -5kGumHOlMKsRfrs7jZCcSaOuEj97pYx08FLEgF23cav39MOQNUEM1dNU+EYslL4o -3RoSHRjUgPU+2t9c0prS9A/bPBDj/eD8p2kzccB4t1Uyu0s7kJoMwOJ/eNhPY6Eo -qrED5bCgG97D1Giwt0rlMUozQYH6bw9G5qwP+YflmaGF7yKIBacI5EppxZ7SWHk6 -/VpGu8LDn+PdD9b/hm03lT5p5UEky0DyfQzF3mQ/Eds1WHigamtnrAR6BXyG3e+j -JlqZnkLLFzx98xicz8kkjr+gRkMyyiS5FnYyvxKzfMtyn2lZ2st9nZGNNgMc9N62 -r5HgNbdDFHuRdKKzV+8kQfuMc3mOPpK1t9TFY+QgrxiB5p6S7VooI97YtP3Pbfkn -szCEeD3V2G22kdwGnDd0OZGGJlrKt1lusYK4NJphBqLBr8EkMQQbol2a8UnAmuIr -xKtOVGcMkoXj7ynbjr51BNswzuiFxS2cYU2QSb38Wi8uAYCInuIwaZi+whIslJzA -bif7CtJpA1BeLOz03fKTKznjAE13/4FDgXumdweENDYPK3kx6QHxjyI06hxRMUK7 -nbi9aWCXmXP3vU7D21dp0XnAMzRQJ565JV3aHRoY7XDa4LePa7PP9ywyafOE5yCW -7ndqx3J+2JhTDvSFsW8/q3H3iyeFhykuJVS6yugpim58soznxNoixiZkxWvdOVdi -q1QwppRLv8chjLPNMk8mQvskszPNxTFbyxEJks3EzVGVaQ3wNZDV215D6LgV10+o -PK/CQkZY2iigAZqUyF44lBFRRThyC+Eyt5c9rKGrkCjhUxIKQDmFhEIFzObgOL8w -yiEXRLEix1FjqBj0I+esFcCxjqHVFtHtPDSJBmZ5eLnYMKL0by+SYMAa9z0CReIz -l8JLL6EVIFz8kFxlkGWjr4dnOzhhPOq/mCpp0WxbavDfdhE87MdXJZBnLwoT62QG -955HlAoEQBOGJbcoHeV0oq2fWNwGwn7ijqqDAbxFBp/sP6TGqpxr56+RWYbgQyq4 -UV6rcULMQP/3axlMbK2Trki/9Pn276O59odWfDcvOozr1WQCPDaXVhzlENc9i3I8 -pKEOVQf/UBczJ0NR9aTEF80dRg2lpXwD0ho4N0AvSiVbgxC7cPZHQwIqvq9LHRUs -/4n+Vu3SVYU3cAxolUTiCGUSlBfkw+e0iOfkSPjDbZw/a7OBNZpedWKBxlhY91D6 -4g5mNBShMCIKrTFzGN32fSqvHfN24w88cGw1+1sEeym0niVk+NqQs+5DPuM+w6dk -e66xdPfHauuwGdi1ixu33yZIWJIrNO0WZd+Q4FsJB2K3U/vpCdgnVpcwazrM/obK -lBNp0r/Nha+WbfxCRXC55onTCqW2pqKA70h2UMDHOrpepU1lj0YMzmotDHSTU3L9 -09VvUMNg9uqfrQ6mSkb9j5Tl8oF2otOw5EzA1YdaKPmgsv62RWLYl80wXcBtHv5o -Bu+Y6fZToSXVV6nGG0KUvb4sFWlZMB/uvZrv20COII6BLFGF+ju9UXts/nGIXJvV -Kyvg17khQV0DiJQBcSjFuAdGqXen1POBbGSz6itcTk4TQDYHaOInxAjQTGTiFS9a -sw0l9RnAXJLsTTnFX05G5fXGawqqRPi1VHk2qWfi+G8BjzrRUGiWjPQIOR3yx5IE -SN4y9FvpYuflIeHg9urkwp6N+1f0DrJJhJY9ZQ0HTQhziJmIfvbEjNqCl7hEC28+ -F8I5tuViLgfSwcFFCvnS6WFoN4X6QdFdqMCb3ZSNXPiEBgPyLkwzCWArkP7/vARu -WXllR4nD2Zl30WrfXhStXRigCXn+vk3/Rz7g40qQ8n364n7Kew3N+JZpuxjdfjjd -2TLc2bp6lvzVEpaOgjuMgpRX8zan/R54ZKqzhvTooX9VHp0HCwlUvkOmdOyncxXi -P8IA6VF1I9nn762wpsxqmWT5x6pC2kQXPUxhO1VXj6uWtZo1okJyNZ5/tNOwM7B+ -XfOZ0xw+uyVi9v4byTZM2QdsJ+d3YGYLAugTGHISLqQEerD8/gGK+/SL06b2gNed -XPHtgSl/jHct8BWoT2BWC+sU1aKoTFoMGqnPwz4CwpJTX6/cSTW9KrrzDxodu2FO -ZJVkM8I30q9jfVlMKhAqQButL22eNefUjf5nrPx3eINo/YWHmFghbJMZWINR29lf -APe+kEyZbbZWbUV+PqHZdSLJN/rx+SonR8olFZUta5b87dUTgE48rAWVolseVTdD -Uho8/nDir1dlgIZpev7DCr4i1uUbRDHPwhVRdfo9XaYh0fDPhIIK+cKxophBYxdf -LI/X7MGpj5/TEcl4th1UAYp3lfhrVlZCKGdnQixQfZkETKDSdRHlrkA4mg+AunKl -Alx8uUbRXheINRXP+J77XouVB+mNuVg5DXjMx9p5H6V2YFtV0u47/6S4cO/5rEHm -yI9v+NegVOEXd2Hqw0Jx7a8DkKSGjVfErkxrPwosI2LbTC9wa3zCwheWPaHmr0hM -GrsivKVY4OfJ7bKbItP2dylwQjyBscJJG0Vza2jjWLzdfRvFHRd+axTriN/SwrP/ -rXxlxObrxJkRe0uAvrLJ4xG9jUj5czg6e1VYaxFX1N3ewWCnGwIroo8O0jBgMIHP -T2i2hoAQosEk62FUeN8JCA63KIoraFoANfhZgIShpOd/RRxFU4/7xZR5tMdGoYz/ -g0thR0lM+Hi88FtFD4mAh/Oat4Ri8B7bv04aokjN2UHz6nPbHHjZ8zIqpbYTCy04 -3GNZTqo8gdiWwzdHbdcJgP3HoTbQKEclFeZofDIx1hcqXkJTHKmXuiKz6zLYPuMO -6RLfsTyyPgJi0GsAAAAA ------END PKCS7----- diff --git a/src/lib/libcrypto/pkcs7/t/msie-enc-02 b/src/lib/libcrypto/pkcs7/t/msie-enc-02 deleted file mode 100644 index 70170559651..00000000000 --- a/src/lib/libcrypto/pkcs7/t/msie-enc-02 +++ /dev/null @@ -1,90 +0,0 @@ - -MIAGCSqGSIb3DQEHA6CAMIACAQAxggHCMIHMAgEAMHYwYjERMA8GA1UEBxMISW50ZXJuZXQxFzAV -BgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5k -aXZpZHVhbCBTdWJzY3JpYmVyAhBgQJiC3qfbCbjdj5INYLnKMA0GCSqGSIb3DQEBAQUABEACr4tn -kSzvo3aIlHfJLGbfokNCV6FjdDP1vQhL+kdXONqcFCEf9ReETCvaHslIr/Wepc5j2hjZselzgqLn -rM1ZMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UE -BxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU -UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgRuMA0GCSqG -SIb3DQEBAQUABEBanBxKOvUoRn3DiFY55lly2TPu2Cv+dI/GLrzW6qvnUMZPWGPGaUlPyWLMZrXJ -xGXZUiRJKTBwDu91fnodUEK9MIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIAoAQImxKZEDWP -EuOggASCBACBi1bX/qc3geqFyfRpX7JyIo/g4CDr62GlwvassAGlIO8zJ5Z/UDIIooeV6QS4D4OW -PymKd0WXhwcJI0yBcJTWEoxND27LM7CWFJpA07AoxVCRHTOPgm794NynLecNUOqVTFyS4CRuLhVG -PAk0nFZG/RE2yMtx4rAkSiVgOexES7wq/xWuoDSSmuTMNQOTbKfkEKqdFLkM/d62gD2wnaph7vKk -PPK82wdZP8rF3nUUC5c4ahbNoa8g+5B3tIF/Jz3ZZK3vGLU0IWO+i7W451dna13MglDDjXOeikNl -XLsQdAVo0nsjfGu+f66besJojPzysNA+IEZl6gNWUetl9lim4SqrxubUExdS2rmXnXXmEuEW/HC7 -dlTAeYq5Clqx5id6slhC2C2oegMww3XH9yxHw6OqzvXY6pVPEScEtBMQLgaKFQT+m2SRtbTVFG7c -QcnUODyVB1IbpQTF1DHeeOX1W/HfpWZym8dzkti6SCyeumHmqO406xDiIMVKtHOqM86nEHuAMZsr -cLy+ey6TEJvR6S4N8QRzng8JJDZDTJXQN6q84aEudsnOrw2KyOVwPpI6ey4qBsHUgQ8kAFy5lsQa -WV45h6exgUwbBcKLgPZGFj+OdD2RKJsTb83/UqbJS5Q/lGXhzBlnaYucyJxEprRxbntmcnOEPFJe -+tRDUwOTd7qlJljdhIJL+uDcooL9Ahgo6Cwep6tduekv2cSEohJeTE8Dvy34YRhMbLvnFNdmnpNy -rNZDYVVxxaKoyd2AfB8NPFZh1VdAYfI3R1QAQ2kXEef5NNIfVQfMzD9akJn4RP+Kv32Qaxm4FrnK -xmwRyGJShavIBc2ax+F1r1+NZXuSBHn5vfoRTxOk0ST4dXsw74dnlYUMRaSu4qqUdM9jsXSyeX4Z -gQgkR2bkaYO6ezFgenFIa7QWVw8rXZAEZ5aibCxbnY1VE41PYIvhlLdbFJhH9gY22s+fFAuwnzyA -SRjC40A9aAEItRlaPStWSGiqlLRgNkBBwdpv2l2YPBd2QzHx6ek6XGrvRJuAC+Nh62rtQKwpNH54 -YAOHW55maBFW2SQ3TF+cZ6NbbqhCmHTyyR7mcSYc9sXSVDWEhYKQ1iyU870zhHWVpvglZizZetJC -ZFjYex3b1ngVdcgargOvpPq9urCKKi2mbkqv/EFpzSWGXkKSpfCG/XfMnEOtkNrB8S06vnk2JcJB -OBqJot+uuSH5hOg0vTpxX2DuONJSiWSWyfRE/lTfJJFXwhod7SXclUyXPeSyibcSic2hVAzDmwjD -31js/j2k02PI/agPhr3UQ8cMgcNAiaoCKbNaWfn6BGbCAbTchxzUlo2cSJiLlrX2IDZmfXbXmZCo -m1smWIG+BIIEALiuAxDb6dWLAYyVBoN9hYI4AiPeZAY9MtvQ6AV8o2/EFm6PvYGXy3Hei5830CH0 -PBeX7Kdd6ff1y33TW/l5qSkIL1ULTGR7okFfJePHDmq1dFt6/JOMptiQ8WSu7CsJQvZ9VTFXeYFc -ZqCPPZc1NrPegNK70Zf9QxWIbDAevJ5KLBf1c6j8pU2/6LnvDY6VjaTvYSgr7vTR8eVzH4Rm77W0 -iOHxg5VcODv6cGSVyuvbX8UAGo8Cmb58ERDtBDJBQXVpWKLNAuDJ9GX8n2zNkpjZLbPSkcmuhqGa -BJBE/BaCTkUQWlY9dIbRtEnxIU1mfbPPdx1Ppa8DqGDjSOsQdKcKYNNZtayEw++EIpmpdBNsKphC -fB8UEK2Wkk4ZVW+qyGoi/r0MFsvO1NmSOOZ0o/jy/YHmoeURHhPy97AO3eVTkEAa5CfJEJybmo56 -7CDw/FwoGAUCgsoz7rlxzMudr/IhHIH+APinncxXlHO2ecvHD9i8DaHGA8tVifgsUhqQoZieULut -eF94O5UAxOkv41UZssYTwN4nYrN1QkesZl3BX4ORS4EE30/PQ23ARf3WZptZrCJevGm2ZYzGeh8x -g17mCDfiLO+bff4qP/4mC96Pu4ia6j4to5BwKIJS/+DCuoD8WeSKF4pugXQkMUiHdQnNnVP9Sp2O -/4ly5mO8JzrQC59V2bnTNBqPhpno8kfJvK5TypPSVC+bTzern3rJ6UceB3srcn9zxKx9GdNydJQj -yWjv8ec3n3d1nuQwhz5Q053NBhIjwoGg3Go7LO6i78ZOlpF7dcoAO13NfHLyNjnyHCaiWtVRTct9 -rLf5vN00urSn8YJngHk1eTKK8nHGIcOg6YdYDOD2nE5XwRijKmieG8Xa3eKRzfbL06GrBQENle6J -mC131bp3cRVxpjq+o6RAbGoMm4yICsL4eTarCQrsyHmoPHqr91UHo91avyxU7knWmEhX27ybmsrs -8aeZwPHixL14TeyhruCqRVvkf1Ks7P+z8MPUboGNqQe2WLN8ktCGEr15O8MJR/em86G03Jfo4oaw -/DVUH5RwLT6acedOGuzMh/2r8BcmemhVQ8/cWvV4YJ0tOW4hzyVHC5hQf8sZ3LzxXLH6Ohnrbprh -xvrdbaSdChWZDDP0bCCbxEhkwuBkBeKZrMbwRTP+TPTPYLVTH/CmKLzKh/114tkGkyO3hHS4qExU -V39F2Sj4mylx+hD0+20D9pntpNi7htccGlOm6yNM69at/3+kLgJJyoIlaxLcCUYHNMifDt+T3p/t -5U4XmD53uUQ6M8dvj/udqPekNSUfse15yrd9pjOt5PcJuqW28q0sFHf9pHIgz3XZFMe5PD7ppw6r -S+C6Ir4PrYIEggQA7ZDVtiCm+BbtNNB/UJm79/OQ5mp5bTI0kPmDeycaWTa0Ojpum+c/dpG/iJOB -DICj7jHOXSHT7JlGyX6aSFJUltucAnZvwzhPDmdDaIDiKSk85GqgdDWVfGosSCX9Ph/T3WpIxnwf -WSDRtIHkWTjly+pe4yy5K6/XISy/L5Zh/fhiI5fjHjgzmlibs2ru4nVw6hBhUvlSSe2BEs5d9h/y -NH8Wy3qvb2D3jh7hkepFtZJGNTHp8ZUC7Ns2JIpQYObsaxdI65i3mMOu7fRwI+0/4ejsWhP6KCEi -LgwvLg0qM82ma6YB7qHAHboaczRVEffDcJUG4a5uycB0DoZFn+uEaEFyili20hCn4hVfsqUQk2PT -8Mo1tSl5e30xI1YJZrRgiJm9nHRX6fLizngP+ILJLPHZsPvlSVIfY+/v/FR8feKOjaGhyGF51BAx -aM2NIQ4jMP5/X+U5gQybi0E6u7rroDhaHsKmCMgXqszwXWCpedA/sEbeHpiTC59YlPPSlIOMc9vP -Ko/mQCfWy/9icUaIfKQldvkllUxxNkqu6AbIpHVscbAEzSPs5xbQXU8EZNNCDisFnnpY3nQ3eLnl -m89saTJxRb7NWHRMlmPv7qgD7uMIq3vdOGA7i5wT9MeoNIgK1/DsgH30s6RWjJy4YyyLmRTXPzbj -hbQVpEmiMRbEidIvUx2OjKVxVQIcgtLsa2lvHQ4XL1cpLr5GVtOgy0fMg5OCDUUDsvjgjgLQ3P2U -p2nVY5FM6/QpPc5DTLuuR9ekI2/c9Biz09RtcYDUQK2ajdo8h1IyKqHFoB7h48OXxXKKY94DY0TG -x6PonB/epj8orAw4QKmm5M0vXYwBOqRymCTHTqOJGObdLx1euFFyqguzHJOU2gAGZI0z9Lg1yRuF -yhdPZyuniIcmtLNxRZ1duYHErcAyX56qndmLXt7UVkATai/rIMuoJLfAsUnVuTUS5p7tJM754UZT -7lTcXvDJgOUNnBRaIcxC3pxvbrYDJ2iFJ72xkxUP2p74gucqg25XnCVmQuLg6zDDxF6CLuw9isxy -Xg4pkneMN//7fpp8GYl9nyZm2yqYYM+jcw0fcVc64L+X4w/gL3H2UMGgxIHSJp7HIG7VKHtXrNyj -dPXXPVUsMsAAimqOr0Lr2sZWirfuivLaPTqhbkvG5PF7K3gT80AOIcd/6EIHBy2hZ7ukfjHmdP4L -yQOhTQklaKzGHI0mypq0uFLWJOUlZnVrMiLP1xrWkpC8Ro9eo6mfjjQ45z8adC43a47klwTEzvod -3rNEFIGJJUEjAN3mbqie7IxoSJknBBJK0D9lZEQ8lZWlq7vuN8JdqPM6xh155jMVsPwjLK6Tzkj5 -BpRD9Tgm3u6HPQSCBADgkWEN75Mu9TGosXY0xm1k6K6sPv8L949CrLWo4r1I2LA072bTGvQP28Vs -hUA76jgcT1ocC++9PoktIK10YCq5w+FfMAQ04KeCXuAdmiY2iAT4Slea61PMCMta3mVGyLUZCLEm -P+I0UKR5mlO0fGEcjU9j8TmbjZqxNFqloLsU7oSi7Os0EtYHkdAVrExUyOc/ZDie6fBjdLTmLdCm -bE9JNwjlbXypdTZupGgLNhKGDIskUAAMwZYayI6YfSIMkNCeAYTnjOuGZZ1msCXGXsfMBR1sfUIj -9UeGjwD8gq+UVVHX/oeoH/m0eJ5ppqi3+nUlgc9DvpYsC/Fg0G2KuYb9B+VJ+a4GMzQSPREoFtQp -B9dtLkBb7Ha/hpGWTIdqzW0eAo5llyN8FNvl2Fu2IcLaNmWFO69gLjRKQopp0dvFOuwAVI6fvGDj -p1WigoNbFZl8N+iiWmzKOjoG2ZLbez1clZCms/JPJrXhEMMOxWpVzkQyN336VWHmGgMcjaKCGSeA -2nnESIGuiCXMrkHlGfabYIsKcHFCo2t13uXyZPf0zSPTkuD0Eh92wqC9pvA3gvrrCUfo9Mn3bs+e -KWKmDlpcs8mDn032oIg+zrQhIduMqXVn3evzeVM3B5MBOGMvg51/SXg7R+MC/463juQQEb9IVe/I -YGnO//oWm9lw/377Af/qH+FnN02obJw1FvesQIs9e5RHNQykKbO+vmVJQl1nd9DZWrHDNO7/80Yz -2hCm7Tws5nSRN2iFlyRaYJHr7ypxkU2rCak2r6ua7XDwu1qU2RT3+qPjT1RuxQ2oTlHyGkKPMZGC -Rc+CSWz5aeeCmHZVwdb3nC8YpfsujMiYqygLeuQ82pjKuR7DIKGmnfcOLdv5F+Ek2Wyy0D98iSgk -+aoQGYLhL9llU13pn21uRsDY5uGcXiIw1IETFlTdgENEv8futZuJsegrp7fmFXyNoNyFNyypeDrM -6ZqR4vKxFjg3tKKeVpkw/W4EAklzMxmNiazGNDBHsnYV3rwPlKa+HeeE2YxnsKwGLCNgRYUXTaJk -461vS160z3dvh/mLfdZ7MYCkmO3bNE3ELUDAw7YQkSuo9ujzdFKte9LC34sjg9fOex3ThAg5Y50n -wYm4zBmGM7yEqL8O6QgnM6tIDFS9XryDaLNzcGhMWqMvhzO6sC/AA2WfLgwS517Cp03IkJQWqG9q -w52+E+GAtpioJfczEhlv9BrhjttdugRSjJrG8SYVYE4zG3Aur5eNBoGaALIOHOtPw8+JovQmIWcF -oaJ/WQuglFrWtew51IK6F8RiHAOBVavZOuZcO7tV+5enVfreOd0rX8ZOy4hYmHhmF1hOrrWOn+Ee -E0SYKonXN01BM9xMBIIBSLCvNAppnGPTUGjwbMJRg1VJ2KMiBWH5oJp8tyfIAxMuWFdtaLYbRSOD -XbOAshPVK8JAY8DQDkzqaCTAkLTfSRAt9yY6SbUpMsRv7xa8nMZNJBJzJT9b/wNjgiOJgaGuJMkV -2g/DX2jfP3PrMM/Sbnz7edORXHj1Pa5XTT8nG5MS0FuZgvevdq3o/gVVAz+ZCKOH3ShMzZvfp01l -SX5gaJTflmU6cdNwtn2yZ6IScF7OrjUeA9iEoSVR9dQcA+4lB3RAG3LMwcnxXY35D7+PMJzHIZdF -cSnq+n03ACY2/E/T31iijRH29rvYHGI+mP/ieYs45iq4fTWo6i1HofeWLdP0fX7xW3XO0/hWYFiw -BxKu66whAbRhaib3XJNvetVs25ToYXyiDpjG+cd5rCMei8sGQwTBj9Zeh0URoeMW1inTP0JvCmMU -rZgAAAAAAAAAAAAA - diff --git a/src/lib/libcrypto/pkcs7/t/msie-enc-02.pem b/src/lib/libcrypto/pkcs7/t/msie-enc-02.pem deleted file mode 100644 index 279c5d830b0..00000000000 --- a/src/lib/libcrypto/pkcs7/t/msie-enc-02.pem +++ /dev/null @@ -1,106 +0,0 @@ ------BEGIN PKCS7----- -MIAGCSqGSIb3DQEHA6CAMIITQAIBADGCAcIwgcwCAQAwdjBiMREwDwYDVQQHEwhJ -bnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1ZlcmlT -aWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXICEGBAmILep9sJ -uN2Pkg1gucowDQYJKoZIhvcNAQEBBQAEQAKvi2eRLO+jdoiUd8ksZt+iQ0JXoWN0 -M/W9CEv6R1c42pwUIR/1F4RMK9oeyUiv9Z6lzmPaGNmx6XOCoueszVkwgfACAQAw -gZkwgZIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH -EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsT -GURFTU9OU1RSQVRJT04gQU5EIFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBW -QUxVRSBDQQICBG4wDQYJKoZIhvcNAQEBBQAEQFqcHEo69ShGfcOIVjnmWXLZM+7Y -K/50j8YuvNbqq+dQxk9YY8ZpSU/JYsxmtcnEZdlSJEkpMHAO73V+eh1QQr0wghFz -BgkqhkiG9w0BBwEwGgYIKoZIhvcNAwIwDgICAKAECJsSmRA1jxLjgIIRSIGLVtf+ -pzeB6oXJ9GlfsnIij+DgIOvrYaXC9qywAaUg7zMnln9QMgiih5XpBLgPg5Y/KYp3 -RZeHBwkjTIFwlNYSjE0PbsszsJYUmkDTsCjFUJEdM4+Cbv3g3Kct5w1Q6pVMXJLg -JG4uFUY8CTScVkb9ETbIy3HisCRKJWA57ERLvCr/Fa6gNJKa5Mw1A5Nsp+QQqp0U -uQz93raAPbCdqmHu8qQ88rzbB1k/ysXedRQLlzhqFs2hryD7kHe0gX8nPdlkre8Y -tTQhY76LtbjnV2drXcyCUMONc56KQ2VcuxB0BWjSeyN8a75/rpt6wmiM/PKw0D4g -RmXqA1ZR62X2WKbhKqvG5tQTF1LauZeddeYS4Rb8cLt2VMB5irkKWrHmJ3qyWELY -Lah6AzDDdcf3LEfDo6rO9djqlU8RJwS0ExAuBooVBP6bZJG1tNUUbtxBydQ4PJUH -UhulBMXUMd545fVb8d+lZnKbx3OS2LpILJ66Yeao7jTrEOIgxUq0c6ozzqcQe4Ax -mytwvL57LpMQm9HpLg3xBHOeDwkkNkNMldA3qrzhoS52yc6vDYrI5XA+kjp7LioG -wdSBDyQAXLmWxBpZXjmHp7GBTBsFwouA9kYWP450PZEomxNvzf9SpslLlD+UZeHM -GWdpi5zInESmtHFue2Zyc4Q8Ul761ENTA5N3uqUmWN2Egkv64Nyigv0CGCjoLB6n -q1256S/ZxISiEl5MTwO/LfhhGExsu+cU12aek3Ks1kNhVXHFoqjJ3YB8Hw08VmHV -V0Bh8jdHVABDaRcR5/k00h9VB8zMP1qQmfhE/4q/fZBrGbgWucrGbBHIYlKFq8gF -zZrH4XWvX41le5IEefm9+hFPE6TRJPh1ezDvh2eVhQxFpK7iqpR0z2OxdLJ5fhmB -CCRHZuRpg7p7MWB6cUhrtBZXDytdkARnlqJsLFudjVUTjU9gi+GUt1sUmEf2Bjba -z58UC7CfPIBJGMLjQD1oAQi1GVo9K1ZIaKqUtGA2QEHB2m/aXZg8F3ZDMfHp6Tpc -au9Em4AL42Hrau1ArCk0fnhgA4dbnmZoEVbZJDdMX5xno1tuqEKYdPLJHuZxJhz2 -xdJUNYSFgpDWLJTzvTOEdZWm+CVmLNl60kJkWNh7HdvWeBV1yBquA6+k+r26sIoq -LaZuSq/8QWnNJYZeQpKl8Ib9d8ycQ62Q2sHxLTq+eTYlwkE4Gomi3665IfmE6DS9 -OnFfYO440lKJZJbJ9ET+VN8kkVfCGh3tJdyVTJc95LKJtxKJzaFUDMObCMPfWOz+ -PaTTY8j9qA+GvdRDxwyBw0CJqgIps1pZ+foEZsIBtNyHHNSWjZxImIuWtfYgNmZ9 -dteZkKibWyZYgb64rgMQ2+nViwGMlQaDfYWCOAIj3mQGPTLb0OgFfKNvxBZuj72B -l8tx3oufN9Ah9DwXl+ynXen39ct901v5eakpCC9VC0xke6JBXyXjxw5qtXRbevyT -jKbYkPFkruwrCUL2fVUxV3mBXGagjz2XNTaz3oDSu9GX/UMViGwwHryeSiwX9XOo -/KVNv+i57w2OlY2k72EoK+700fHlcx+EZu+1tIjh8YOVXDg7+nBklcrr21/FABqP -Apm+fBEQ7QQyQUF1aViizQLgyfRl/J9szZKY2S2z0pHJroahmgSQRPwWgk5FEFpW -PXSG0bRJ8SFNZn2zz3cdT6WvA6hg40jrEHSnCmDTWbWshMPvhCKZqXQTbCqYQnwf -FBCtlpJOGVVvqshqIv69DBbLztTZkjjmdKP48v2B5qHlER4T8vewDt3lU5BAGuQn -yRCcm5qOeuwg8PxcKBgFAoLKM+65cczLna/yIRyB/gD4p53MV5RztnnLxw/YvA2h -xgPLVYn4LFIakKGYnlC7rXhfeDuVAMTpL+NVGbLGE8DeJ2KzdUJHrGZdwV+DkUuB -BN9Pz0NtwEX91mabWawiXrxptmWMxnofMYNe5gg34izvm33+Kj/+Jgvej7uImuo+ -LaOQcCiCUv/gwrqA/FnkiheKboF0JDFIh3UJzZ1T/Uqdjv+JcuZjvCc60AufVdm5 -0zQaj4aZ6PJHybyuU8qT0lQvm083q596yelHHgd7K3J/c8SsfRnTcnSUI8lo7/Hn -N593dZ7kMIc+UNOdzQYSI8KBoNxqOyzuou/GTpaRe3XKADtdzXxy8jY58hwmolrV -UU3Lfay3+bzdNLq0p/GCZ4B5NXkyivJxxiHDoOmHWAzg9pxOV8EYoyponhvF2t3i -kc32y9OhqwUBDZXuiZgtd9W6d3EVcaY6vqOkQGxqDJuMiArC+Hk2qwkK7Mh5qDx6 -q/dVB6PdWr8sVO5J1phIV9u8m5rK7PGnmcDx4sS9eE3soa7gqkVb5H9SrOz/s/DD -1G6BjakHtlizfJLQhhK9eTvDCUf3pvOhtNyX6OKGsPw1VB+UcC0+mnHnThrszIf9 -q/AXJnpoVUPP3Fr1eGCdLTluIc8lRwuYUH/LGdy88Vyx+joZ626a4cb63W2knQoV -mQwz9Gwgm8RIZMLgZAXimazG8EUz/kz0z2C1Ux/wpii8yof9deLZBpMjt4R0uKhM -VFd/Rdko+JspcfoQ9PttA/aZ7aTYu4bXHBpTpusjTOvWrf9/pC4CScqCJWsS3AlG -BzTInw7fk96f7eVOF5g+d7lEOjPHb4/7naj3pDUlH7Htecq3faYzreT3CbqltvKt -LBR3/aRyIM912RTHuTw+6acOq0vguiK+D62C7ZDVtiCm+BbtNNB/UJm79/OQ5mp5 -bTI0kPmDeycaWTa0Ojpum+c/dpG/iJOBDICj7jHOXSHT7JlGyX6aSFJUltucAnZv -wzhPDmdDaIDiKSk85GqgdDWVfGosSCX9Ph/T3WpIxnwfWSDRtIHkWTjly+pe4yy5 -K6/XISy/L5Zh/fhiI5fjHjgzmlibs2ru4nVw6hBhUvlSSe2BEs5d9h/yNH8Wy3qv -b2D3jh7hkepFtZJGNTHp8ZUC7Ns2JIpQYObsaxdI65i3mMOu7fRwI+0/4ejsWhP6 -KCEiLgwvLg0qM82ma6YB7qHAHboaczRVEffDcJUG4a5uycB0DoZFn+uEaEFyili2 -0hCn4hVfsqUQk2PT8Mo1tSl5e30xI1YJZrRgiJm9nHRX6fLizngP+ILJLPHZsPvl -SVIfY+/v/FR8feKOjaGhyGF51BAxaM2NIQ4jMP5/X+U5gQybi0E6u7rroDhaHsKm -CMgXqszwXWCpedA/sEbeHpiTC59YlPPSlIOMc9vPKo/mQCfWy/9icUaIfKQldvkl -lUxxNkqu6AbIpHVscbAEzSPs5xbQXU8EZNNCDisFnnpY3nQ3eLnlm89saTJxRb7N -WHRMlmPv7qgD7uMIq3vdOGA7i5wT9MeoNIgK1/DsgH30s6RWjJy4YyyLmRTXPzbj -hbQVpEmiMRbEidIvUx2OjKVxVQIcgtLsa2lvHQ4XL1cpLr5GVtOgy0fMg5OCDUUD -svjgjgLQ3P2Up2nVY5FM6/QpPc5DTLuuR9ekI2/c9Biz09RtcYDUQK2ajdo8h1Iy -KqHFoB7h48OXxXKKY94DY0TGx6PonB/epj8orAw4QKmm5M0vXYwBOqRymCTHTqOJ -GObdLx1euFFyqguzHJOU2gAGZI0z9Lg1yRuFyhdPZyuniIcmtLNxRZ1duYHErcAy -X56qndmLXt7UVkATai/rIMuoJLfAsUnVuTUS5p7tJM754UZT7lTcXvDJgOUNnBRa -IcxC3pxvbrYDJ2iFJ72xkxUP2p74gucqg25XnCVmQuLg6zDDxF6CLuw9isxyXg4p -kneMN//7fpp8GYl9nyZm2yqYYM+jcw0fcVc64L+X4w/gL3H2UMGgxIHSJp7HIG7V -KHtXrNyjdPXXPVUsMsAAimqOr0Lr2sZWirfuivLaPTqhbkvG5PF7K3gT80AOIcd/ -6EIHBy2hZ7ukfjHmdP4LyQOhTQklaKzGHI0mypq0uFLWJOUlZnVrMiLP1xrWkpC8 -Ro9eo6mfjjQ45z8adC43a47klwTEzvod3rNEFIGJJUEjAN3mbqie7IxoSJknBBJK -0D9lZEQ8lZWlq7vuN8JdqPM6xh155jMVsPwjLK6Tzkj5BpRD9Tgm3u6HPeCRYQ3v -ky71MaixdjTGbWTorqw+/wv3j0KstajivUjYsDTvZtMa9A/bxWyFQDvqOBxPWhwL -770+iS0grXRgKrnD4V8wBDTgp4Je4B2aJjaIBPhKV5rrU8wIy1reZUbItRkIsSY/ -4jRQpHmaU7R8YRyNT2PxOZuNmrE0WqWguxTuhKLs6zQS1geR0BWsTFTI5z9kOJ7p -8GN0tOYt0KZsT0k3COVtfKl1Nm6kaAs2EoYMiyRQAAzBlhrIjph9IgyQ0J4BhOeM -64ZlnWawJcZex8wFHWx9QiP1R4aPAPyCr5RVUdf+h6gf+bR4nmmmqLf6dSWBz0O+ -liwL8WDQbYq5hv0H5Un5rgYzNBI9ESgW1CkH120uQFvsdr+GkZZMh2rNbR4CjmWX -I3wU2+XYW7Yhwto2ZYU7r2AuNEpCimnR28U67ABUjp+8YOOnVaKCg1sVmXw36KJa -bMo6OgbZktt7PVyVkKaz8k8mteEQww7FalXORDI3ffpVYeYaAxyNooIZJ4DaecRI -ga6IJcyuQeUZ9ptgiwpwcUKja3Xe5fJk9/TNI9OS4PQSH3bCoL2m8DeC+usJR+j0 -yfduz54pYqYOWlyzyYOfTfagiD7OtCEh24ypdWfd6/N5UzcHkwE4Yy+DnX9JeDtH -4wL/jreO5BARv0hV78hgac7/+hab2XD/fvsB/+of4Wc3TahsnDUW96xAiz17lEc1 -DKQps76+ZUlCXWd30NlascM07v/zRjPaEKbtPCzmdJE3aIWXJFpgkevvKnGRTasJ -qTavq5rtcPC7WpTZFPf6o+NPVG7FDahOUfIaQo8xkYJFz4JJbPlp54KYdlXB1vec -Lxil+y6MyJirKAt65DzamMq5HsMgoaad9w4t2/kX4STZbLLQP3yJKCT5qhAZguEv -2WVTXemfbW5GwNjm4ZxeIjDUgRMWVN2AQ0S/x+61m4mx6Cunt+YVfI2g3IU3LKl4 -OszpmpHi8rEWODe0op5WmTD9bgQCSXMzGY2JrMY0MEeydhXevA+Upr4d54TZjGew -rAYsI2BFhRdNomTjrW9LXrTPd2+H+Yt91nsxgKSY7ds0TcQtQMDDthCRK6j26PN0 -Uq170sLfiyOD1857HdOECDljnSfBibjMGYYzvISovw7pCCczq0gMVL1evINos3Nw -aExaoy+HM7qwL8ADZZ8uDBLnXsKnTciQlBaob2rDnb4T4YC2mKgl9zMSGW/0GuGO -2126BFKMmsbxJhVgTjMbcC6vl40GgZoAsg4c60/Dz4mi9CYhZwWhon9ZC6CUWta1 -7DnUgroXxGIcA4FVq9k65lw7u1X7l6dV+t453Stfxk7LiFiYeGYXWE6utY6f4R4T -RJgqidc3TUEz3EywrzQKaZxj01Bo8GzCUYNVSdijIgVh+aCafLcnyAMTLlhXbWi2 -G0Ujg12zgLIT1SvCQGPA0A5M6mgkwJC030kQLfcmOkm1KTLEb+8WvJzGTSQScyU/ -W/8DY4IjiYGhriTJFdoPw19o3z9z6zDP0m58+3nTkVx49T2uV00/JxuTEtBbmYL3 -r3at6P4FVQM/mQijh90oTM2b36dNZUl+YGiU35ZlOnHTcLZ9smeiEnBezq41HgPY -hKElUfXUHAPuJQd0QBtyzMHJ8V2N+Q+/jzCcxyGXRXEp6vp9NwAmNvxP099Yoo0R -9va72BxiPpj/4nmLOOYquH01qOotR6H3li3T9H1+8Vt1ztP4VmBYsAcSruusIQG0 -YWom91yTb3rVbNuU6GF8og6YxvnHeawjHovLBkMEwY/WXodFEaHjFtYp0z9Cbwpj -FK2YAAAAAA== ------END PKCS7----- diff --git a/src/lib/libcrypto/pkcs7/t/msie-s-a-e b/src/lib/libcrypto/pkcs7/t/msie-s-a-e deleted file mode 100644 index 0067794d708..00000000000 --- a/src/lib/libcrypto/pkcs7/t/msie-s-a-e +++ /dev/null @@ -1,91 +0,0 @@ - -MIAGCSqGSIb3DQEHA6CAMIACAQAxggHCMIHMAgEAMHYwYjERMA8GA1UEBxMISW50ZXJuZXQxFzAV -BgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5k -aXZpZHVhbCBTdWJzY3JpYmVyAhBgQJiC3qfbCbjdj5INYLnKMA0GCSqGSIb3DQEBAQUABECjscaS -G0U299fqiEAgTqTFQBp8Ai6zzjl557cVb3k6z4QZ7CbqBjSXAjLbh5e7S5Hd/FrFcDnxl1Ka06ha -VHGPMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UE -BxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU -UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgRuMA0GCSqG -SIb3DQEBAQUABECsyHXZ1xaiv0UQRvOmVYsaF38AL2XX75wxbCsz5/wOg7g3RP4aicZxaR4sBog0 -f2G1o9om/hu+A0rIYF/L4/GUMIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIAoAQIsozQrnwj -cc2ggASCBAAQz/LPoJe/+iYWeTwSebz6Q9UeKZzQ2UWm7GLtEM3s3c9SCvpmkwIRdEhLjWaBJMyI -DiL7t1I1vMf9inB8LXgAcIEYkpNScjS8ERA9Ebb7ieNKSBg7w7B8ATHFxLSlDADqRgoZrB1Ctfgf -ximp3EgxTgnhtyQhZxXW7kBQyFRwumplrJXOp7albP7IothrOKncw30IJT1fwPxWNMItI9juXF0U -CbWVSjPzGBo4+XNXMvUO6MplOQEz/ywEQ9E8OZAQex1Zw9qq5ppsXB2pMsYV5sLJGikukMYKquiz -3YK+tN6J8ahLcDUs+VGwqvZi17gpBTlbEP+ZmXJpnO63t1yTEB0V5AZcRKWUOhzlCBM5YUagqNoY -cpsmSvOK6bYzkUKOrzWpDCAtGZ/Dvul5dTZZmxs2WpM+iyeHXMxO3huy8K1brPTqt1f1sHhuq1jD -1eXedaCjIgUW9qV18vNAQCof/Yb6T/1fxztf/jD7pPLQJ+7LJkKCAEHGcaizpoKqhYcttaEhLq1G -O+Ohqf7yFegMdTJ3wwP324w5ZYSU5fLo2Z34/Edf6EGvXyTIqVfAmEBALd6JGVdN5GlYYTxrL+eO -P80Z4ao4YKoxwEmRp5bmQsQ8B29QhOFKmC6eiG5B96qLMtp7Zmu1grDNxTd6OXShWVwYARD0/B1P -Sy0PAfk9Gb4fAkO9fZJDQYZ7s0mM5iOPEeSR7820TolOb+KfRabLA9d714jsc2jEykKlpP66Bh4j -aCsyqJ0uUQcE8SnzrKAqGwgWiCGQpiTa+HBiP6eRlRGOKQj5Y06vcNx6Ija4cGe6+yCN8HV8tCY0 -okZK98NQCl5t79R/ZB2c3NvBJH+/g3ulU48ikT3tVmDxE3mOZofZyGFEM99P+YCMScLDxTl3hzGy -0YkI8U855P7qOAbcFfh2T5n+LSELwLhbkymEfZT917GWTfmypBWMvJx0WHeDhKwQYPdzbKgWETnc -yeKasaCW+oLdhBwrd6Ws2r4MA8cwiYXDLbwYmCxJA8VF++8kubF2HJOjSyMBS+QT2PSV/0D9UWoi -Vfk7R4OvWBJVvq7nV+lXS0O5igjExxlmx1OaBfg7+Cr/MbK4zVNrKSJn82NnKKt6LC6RaTmvFYay -0sDFxQ7Xo+Th6tDNKmKWJt6Kegfjc+qTWJTKb3kL+UI8vS0zTLy1+M/rZ4ekos/JiS5rYIcAswvg -58kBgp/0rc6upBeWjBaK5O0aLAeBQfLulo1axWX04OSVKmYeoAltyR6UO9ME3acurQyg7Ta24yqO -whi/PrIaEiO7dsWvFtzsshVzBLic02NlAkPkMUzliPYnZHWQglDAVxL5K2qhvK1OFCkQpIgBsBDM -6KYRL/mkBIIEALIl927rIkaN37/BQIcxLcSa05YfC0Hl3mxWESt1A0D4lA37A9S8EbYmDfAYlMc0 -3HhZGdZEtawfpJFyDHzNZceNWBch6nxeNZCY4YFdsbzuGS0RKpwNA9S/czOJ4p9ymBCxuhGepI3U -PKbC8C749Www1/wMdAot1n+K7M/PBGR8hWmaH5SS7U3yMwAB1fq2NDjx4ur+Um+MclSdN01MDXzG -EO+eAo1pdAY8479234l8dB2YVAhZ1ZlJ4KmbqMKJrGJXnQUEYS6/cTDRjsUocsoW7uGg1ci2GiHa -qjlkfpBfie3SdhFW/K8hwAH0HALs56oFN66wUkP/AaJAPfIUNhR6RpHKzZ9zCC42oB2mNawQRMnF -ETBl1s/SwMxLKRp7jAfKs4NZxSY6I9z/2dTpzS3tsHMjxVDuxkolvRNWBILEMeL1CBvip2HhmoUw -/Sz5NDgyzk1aQLV6DQNJ2RZLMZDRCtSwZSBu6lhhSgTJGazP0+NbqXXC5aQTrqrFIcWyDXz+ADle -kszzYM/gSaQTCALTwfDDaU9Ek3xVgW+XBtExtJ3U+0AN3l0j86rUIdIvp6eWdxWQqv9LtpoorKMD -KfUc5PYV09Z1JgsT4X51Zzq+74l5dz7udIM7UNbdTpmRm9PDj3TUbGCvNR9hqOEGTLbkvb1ZR24a -h6uGRl2znB25IpDAGRhNRb9is/pO2tvHwHTDMOjrgvZG/pNvXgSUxz0pRjUjXIcqBe2X2gcQfeal -r8gY76o83WEGL6ODryV9vTQVHt52+izgpYoBZaVlpgqbZl54c+OE0Zxf9RwXwDbcYu5Ku5E0MPL0 -qUjc0y2+Y6E4P5bAWaZGMGT+ORkyVUzcaWmM/+XlO7PER5wrWlCIMZCX1L/nvioY0q0CKqALn7DJ -QU+qenbwrb6uwS7uNZY6V86s0aDYpU7yRyqxC5SbuyNJb02gdxUCgpIscFaMUjMVRml4M4BIjX/b -U+HgHoVMUm8SnN9gRcT2izPrgOGVcMTJjfenzoCKoCPo9RjgGMctgB4DvKamErNU7OrilIfuoqzE -PNSeP9SPw/zkDmNvMebM499We9CVnsHUWqF00/ZJWoua77+0f1bLS/tmci1JBvIcMo/4SJvgH+KF -o0gijP9gqAPd5iCOnpnJlHUqRIym42SmyKEDuzdSwXKjAR6j7uXda39JyMJr8gGzEsu0jYRkAmj1 -YdiqwKXUcLMkcj1AKeU/PxTUVw0YKsv/rowrPYww3xQUWqNivrXB7GCHE3BzsYNdHsmziaGIXQbA -+EBHdkuKrM8BcC+fxhF/l/KUxngsD1E75IcUv8zFDF+sk4CBYHqks9S4JYlcubuizqsILbdGzIMN -Z7w34k0XT+sEggQAyzr8MHeIJGsT+AYnZr08PeTbyr01JEoT7lPYT6PzX4F63QKKDl+mB+PwLMzY -CXrxZcUmuay6/MV8w/f5T6vQXdoSw5puWodBYwVReYh1IaEN+jiTapm9YBVmcIsJPO6abHowknSV -OWSvST0AtAX57fFOTckm+facfBK9s9T1lUUgF44Bh5e8f9qKqfOV44nqdCOEyUm0Dao497ieN4Eg -XBLNvOZY9+irMiXjp0lcyFvhrJOczfyCr9EiiaiH1TfSzKGKsf2W84iKn/JH6x2eOo7xjwJ40BQD -c6S1cUNEuqBhP6by0FioOXYOKVyifpxk84Eb+F/4CNdTJTvCPwsiegdfsX/Q53DvKVtXp9Ycam5J -TmKRHXK/bMHF4ONv3p/O/kn/BqRx+fbbP2eMX8Z1F/ltHKfp6B+06HljUwQLBJs9XtCfqH5Zgdz9 -gad5WZF5ykFArmHDgeFlgggvbZ7z9vqnjN/TH68TxJzauYQ5vLHQ6wGXik4/4uq7/TqNmhxlQEM4 -zVkwsn203bUmKLyz+yl1zItDpn5zy1uXfGo99rBdUzdbdE9LmEFPMaFsaHd4a8oDaUroD7FgCbeD -JJVld3ac6F8+3QbExPs48OrgA1kI3/UwXr52ldjiYzTLfAGR9BjqNFTw45FUHuMf8TEM5hcHx56w -95eKAqraDk28o9k+M2UKpcmrdlWoWzdqVVFeWGpM8x9Y9Nt0lf/4VUQgrXjqTkUCQkJyqTeTeGgH -rn3QBk2XAgpxZhaJs3InW0BkAlBmK99cMinUiJeFt5a4p5wPeXrVuh6V9m7Mpl9hzpogg++EZqah -fzzNnDgxOZfW342DX052PdgXo0NnkhCk005LvFt6M2mRn0fLgNVfyUZZoOp8cO5ZWbhXXlrhrgUt -j2zKPK6Q94Zj4kdXHBGpAkrB8ZQ4EGGODE0Dqusm8WPXzB+9236IMHPU7lFbyjBrFNI7O4jg+qRI -Ipi+7tX0FsilqEbmjG+OPwhZXrdqUqyF+rjKQuSRq7lOeDB4c6S2dq4OOny01i5HCbbyc9UvSHRm -hOhGqUlzHyHLo3W7j+26V/MhkDXJ+Tx+qfylv4pbliwTteJJj+CZwzjv29qb6lxYi+38Bw10ERap -m8UCRFBecVN7xXlcIfyeAl666Vi7EBJZv3EdFNrx1nlLwM65nYya7uj6L7IwJWotIUx8E0XH0/cU -xS/dG8bxf9L/8652h5gq3LI+wTNGuEX0DMuz7BGQG+NtgabrZ6SsKGthGa7eULTpz0McWTLRU0y/ -/tkckpm5pDnXSFbIMskwwjECz82UZBSPpigdN/Pjg5d+0yWu7s3VJxw4ENWPPpzZ+j7sOXmdvn9P -O1tQd60EO+3awASCBAAZQvWV3/yJ6FxPttbP+qeURpJoPEZfpN2UYZmd8HqtR0YbaOZ6Rln9nvpd -K9fylXdw9z2xeCbjDWUttJB4VqZxGJM8eCTC1VDVyAOsQ5n7SY55dMkQbU+o4Z/4J5m8+wz50BBI -LfruL1eZ6/CF6CdvxVRiJ10sXc0Tn2sVMXqkw7Adp1GYoCI9c6VFSFK74+n+y7LVFQ5HBnbQyKJc -dvdLOXwZOPaFHC5UNXRmOpcwdPqyXUe+xIsOMYbzdlAnI9eGDNeRDktUa/Rh0CbZCxjmJzoZEYOE -ZjsYZlEfp1Kb61t8z4m28hGLEg88T1Ihmxa2HeUWes1RpmgIOP+/2Lb3smj/l/fpSu4gabFgyCAV -H5HdCYMScUv8SVu55+tpeO8ELoHHQUXV4rr084O4budzhgNSOPyLGDl5sfDUXiyusPCxS4JVO/KY -6V2Qrtg/q2wtmXpEkZnGT+Qi3WDzwt4W81alztnYMP17oGLmxX71KV9OEiMZjI4WaaGt+OOINLtR -qefioZ1NI2L1s5M0tybwTsyU9WERM+3pUwXIfJVsbMZRlNaO2OogcHbaR4UWvhOj+3CTG1sThiYQ -MxMnp1Rpqx3nhyzqLO3TRrkYvxnA3cdPBn9EeqpgBMg7X3hCiMV3Fl5cj/WOMhtHYgY7BgeCXo46 -EFVZ4+WroGZ46xGiRDiIblo8bzLd7QCxvukzxy3mUDgsZQ8pds4N28weSUhBk5MAPbfBpRvXUVJx -MhKqXucQU1Md1qSGLbuuIQuz9pAGp1JFUx/vEkCgm74daSoVWCZuB+1ZE4f48clvrBj51xMNf8CP -EFE7vySzVb6X2H1i5X3Z+Y3DdIcWw4Y2FClfcJk4Mwq8Cq2GALGFEge9YSEE9YmyuU6OFeU0ICon -iXAgZ72SM8fBwJPruLFbdsNYKW+oAfmPisXSWMcZmdSbfk0GYv+vKtu3eegSbWw1UsCVtZOh9E5Z -uQ83l59CBqO9sV/SFU3WrrJ0qNWxrmXu9nJn5Qf5iCRoFGYNHYHkIG5FS6N00GEDZxGkxmro2d++ -Adj5LVHc/b1cYWmrux+jEqI8ZK8cyTB0XMbBA/HYbx9NXazr7znP4/Mlv3pZToEcYt+lgLHAArtU -AdhybhbLIwNMq0gr6EwtDklBa3ns4Wx/rJU8H7LGs6gV8uqeaSketv+nz+sQhfctxZ1rx+5qzXfy -FOQVpO23KDQunBi1Bl9k61Di4q9JWcyADBXPHXJzp7mL8Fk7zdvMAEfuED1phdRm6GgDYoYUs4yQ -IrhSjFlWyk7hT8475xk3BIv++obvWSAv/3+pF6A6U2RXDChVmnG0JnPa9wYYtdzBmLfZKBjX+DjD -yEMsuhPsCzuN4R6tBIIBWCVRKmKwdkatmpsQBgDw48u0/Arffl5/DRlS9ee+QffFecUitDdCK+kt -X5L2fGYrL5g6SltncMIeV1ptx4nuSjC/O944q1KYtqvQiPFWJqEXIRMNbbYOC47sjLza0tEFrimN -wxcrWGSzsy5R9beFQ1aHPcMrDWfCoviNRk2qPtxuKIC5Qk2ZuOmJLjCiLwUGEb0/1Mpzv3MqQa7d -mRayXg3DZWJPajxNZv6eS357ElMvwGQmqafb2mlQJwWLsg9m9PG7uqEoyrqSc6MiuY+icLEFib9j -OfRQrx70rTSKUfTr4MtP0aZZAefjCrpVIyTekhFDOk0Nmx057eonlyGgmGpl5/Uo+t1J1Z11Ya/l -bNbfmebRISJeTVW0I8FhseAZMI1GSwp/ludJxSLYOgyRkh+GX134MexNo7O9F1SxLCfWaSG9Fc3s -5ify04ua9/t8SGrYZPm/l3MkAAAAAAAAAAAAAA== - - diff --git a/src/lib/libcrypto/pkcs7/t/msie-s-a-e.pem b/src/lib/libcrypto/pkcs7/t/msie-s-a-e.pem deleted file mode 100644 index 55dbd8f80bd..00000000000 --- a/src/lib/libcrypto/pkcs7/t/msie-s-a-e.pem +++ /dev/null @@ -1,106 +0,0 @@ ------BEGIN PKCS7----- -MIAGCSqGSIb3DQEHA6CAMIITUAIBADGCAcIwgcwCAQAwdjBiMREwDwYDVQQHEwhJ -bnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1ZlcmlT -aWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXICEGBAmILep9sJ -uN2Pkg1gucowDQYJKoZIhvcNAQEBBQAEQKOxxpIbRTb31+qIQCBOpMVAGnwCLrPO -OXnntxVveTrPhBnsJuoGNJcCMtuHl7tLkd38WsVwOfGXUprTqFpUcY8wgfACAQAw -gZkwgZIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH -EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsT -GURFTU9OU1RSQVRJT04gQU5EIFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBW -QUxVRSBDQQICBG4wDQYJKoZIhvcNAQEBBQAEQKzIddnXFqK/RRBG86ZVixoXfwAv -ZdfvnDFsKzPn/A6DuDdE/hqJxnFpHiwGiDR/YbWj2ib+G74DSshgX8vj8ZQwghGD -BgkqhkiG9w0BBwEwGgYIKoZIhvcNAwIwDgICAKAECLKM0K58I3HNgIIRWBDP8s+g -l7/6JhZ5PBJ5vPpD1R4pnNDZRabsYu0Qzezdz1IK+maTAhF0SEuNZoEkzIgOIvu3 -UjW8x/2KcHwteABwgRiSk1JyNLwRED0RtvuJ40pIGDvDsHwBMcXEtKUMAOpGChms -HUK1+B/GKancSDFOCeG3JCFnFdbuQFDIVHC6amWslc6ntqVs/sii2Gs4qdzDfQgl -PV/A/FY0wi0j2O5cXRQJtZVKM/MYGjj5c1cy9Q7oymU5ATP/LARD0Tw5kBB7HVnD -2qrmmmxcHakyxhXmwskaKS6Qxgqq6LPdgr603onxqEtwNSz5UbCq9mLXuCkFOVsQ -/5mZcmmc7re3XJMQHRXkBlxEpZQ6HOUIEzlhRqCo2hhymyZK84rptjORQo6vNakM -IC0Zn8O+6Xl1NlmbGzZakz6LJ4dczE7eG7LwrVus9Oq3V/WweG6rWMPV5d51oKMi -BRb2pXXy80BAKh/9hvpP/V/HO1/+MPuk8tAn7ssmQoIAQcZxqLOmgqqFhy21oSEu -rUY746Gp/vIV6Ax1MnfDA/fbjDllhJTl8ujZnfj8R1/oQa9fJMipV8CYQEAt3okZ -V03kaVhhPGsv544/zRnhqjhgqjHASZGnluZCxDwHb1CE4UqYLp6IbkH3qosy2ntm -a7WCsM3FN3o5dKFZXBgBEPT8HU9LLQ8B+T0Zvh8CQ719kkNBhnuzSYzmI48R5JHv -zbROiU5v4p9FpssD13vXiOxzaMTKQqWk/roGHiNoKzKonS5RBwTxKfOsoCobCBaI -IZCmJNr4cGI/p5GVEY4pCPljTq9w3HoiNrhwZ7r7II3wdXy0JjSiRkr3w1AKXm3v -1H9kHZzc28Ekf7+De6VTjyKRPe1WYPETeY5mh9nIYUQz30/5gIxJwsPFOXeHMbLR -iQjxTznk/uo4BtwV+HZPmf4tIQvAuFuTKYR9lP3XsZZN+bKkFYy8nHRYd4OErBBg -93NsqBYROdzJ4pqxoJb6gt2EHCt3pazavgwDxzCJhcMtvBiYLEkDxUX77yS5sXYc -k6NLIwFL5BPY9JX/QP1RaiJV+TtHg69YElW+rudX6VdLQ7mKCMTHGWbHU5oF+Dv4 -Kv8xsrjNU2spImfzY2coq3osLpFpOa8VhrLSwMXFDtej5OHq0M0qYpYm3op6B+Nz -6pNYlMpveQv5Qjy9LTNMvLX4z+tnh6Siz8mJLmtghwCzC+DnyQGCn/Stzq6kF5aM -Fork7RosB4FB8u6WjVrFZfTg5JUqZh6gCW3JHpQ70wTdpy6tDKDtNrbjKo7CGL8+ -shoSI7t2xa8W3OyyFXMEuJzTY2UCQ+QxTOWI9idkdZCCUMBXEvkraqG8rU4UKRCk -iAGwEMzophEv+aSyJfdu6yJGjd+/wUCHMS3EmtOWHwtB5d5sVhErdQNA+JQN+wPU -vBG2Jg3wGJTHNNx4WRnWRLWsH6SRcgx8zWXHjVgXIep8XjWQmOGBXbG87hktESqc -DQPUv3MzieKfcpgQsboRnqSN1DymwvAu+PVsMNf8DHQKLdZ/iuzPzwRkfIVpmh+U -ku1N8jMAAdX6tjQ48eLq/lJvjHJUnTdNTA18xhDvngKNaXQGPOO/dt+JfHQdmFQI -WdWZSeCpm6jCiaxiV50FBGEuv3Ew0Y7FKHLKFu7hoNXIthoh2qo5ZH6QX4nt0nYR -VvyvIcAB9BwC7OeqBTeusFJD/wGiQD3yFDYUekaRys2fcwguNqAdpjWsEETJxREw -ZdbP0sDMSykae4wHyrODWcUmOiPc/9nU6c0t7bBzI8VQ7sZKJb0TVgSCxDHi9Qgb -4qdh4ZqFMP0s+TQ4Ms5NWkC1eg0DSdkWSzGQ0QrUsGUgbupYYUoEyRmsz9PjW6l1 -wuWkE66qxSHFsg18/gA5XpLM82DP4EmkEwgC08Hww2lPRJN8VYFvlwbRMbSd1PtA -Dd5dI/Oq1CHSL6enlncVkKr/S7aaKKyjAyn1HOT2FdPWdSYLE+F+dWc6vu+JeXc+ -7nSDO1DW3U6ZkZvTw4901GxgrzUfYajhBky25L29WUduGoerhkZds5wduSKQwBkY -TUW/YrP6Ttrbx8B0wzDo64L2Rv6Tb14ElMc9KUY1I1yHKgXtl9oHEH3mpa/IGO+q -PN1hBi+jg68lfb00FR7edvos4KWKAWWlZaYKm2ZeeHPjhNGcX/UcF8A23GLuSruR -NDDy9KlI3NMtvmOhOD+WwFmmRjBk/jkZMlVM3GlpjP/l5TuzxEecK1pQiDGQl9S/ -574qGNKtAiqgC5+wyUFPqnp28K2+rsEu7jWWOlfOrNGg2KVO8kcqsQuUm7sjSW9N -oHcVAoKSLHBWjFIzFUZpeDOASI1/21Ph4B6FTFJvEpzfYEXE9osz64DhlXDEyY33 -p86AiqAj6PUY4BjHLYAeA7ymphKzVOzq4pSH7qKsxDzUnj/Uj8P85A5jbzHmzOPf -VnvQlZ7B1FqhdNP2SVqLmu+/tH9Wy0v7ZnItSQbyHDKP+Eib4B/ihaNIIoz/YKgD -3eYgjp6ZyZR1KkSMpuNkpsihA7s3UsFyowEeo+7l3Wt/ScjCa/IBsxLLtI2EZAJo -9WHYqsCl1HCzJHI9QCnlPz8U1FcNGCrL/66MKz2MMN8UFFqjYr61wexghxNwc7GD -XR7Js4mhiF0GwPhAR3ZLiqzPAXAvn8YRf5fylMZ4LA9RO+SHFL/MxQxfrJOAgWB6 -pLPUuCWJXLm7os6rCC23RsyDDWe8N+JNF0/ryzr8MHeIJGsT+AYnZr08PeTbyr01 -JEoT7lPYT6PzX4F63QKKDl+mB+PwLMzYCXrxZcUmuay6/MV8w/f5T6vQXdoSw5pu -WodBYwVReYh1IaEN+jiTapm9YBVmcIsJPO6abHowknSVOWSvST0AtAX57fFOTckm -+facfBK9s9T1lUUgF44Bh5e8f9qKqfOV44nqdCOEyUm0Dao497ieN4EgXBLNvOZY -9+irMiXjp0lcyFvhrJOczfyCr9EiiaiH1TfSzKGKsf2W84iKn/JH6x2eOo7xjwJ4 -0BQDc6S1cUNEuqBhP6by0FioOXYOKVyifpxk84Eb+F/4CNdTJTvCPwsiegdfsX/Q -53DvKVtXp9Ycam5JTmKRHXK/bMHF4ONv3p/O/kn/BqRx+fbbP2eMX8Z1F/ltHKfp -6B+06HljUwQLBJs9XtCfqH5Zgdz9gad5WZF5ykFArmHDgeFlgggvbZ7z9vqnjN/T -H68TxJzauYQ5vLHQ6wGXik4/4uq7/TqNmhxlQEM4zVkwsn203bUmKLyz+yl1zItD -pn5zy1uXfGo99rBdUzdbdE9LmEFPMaFsaHd4a8oDaUroD7FgCbeDJJVld3ac6F8+ -3QbExPs48OrgA1kI3/UwXr52ldjiYzTLfAGR9BjqNFTw45FUHuMf8TEM5hcHx56w -95eKAqraDk28o9k+M2UKpcmrdlWoWzdqVVFeWGpM8x9Y9Nt0lf/4VUQgrXjqTkUC -QkJyqTeTeGgHrn3QBk2XAgpxZhaJs3InW0BkAlBmK99cMinUiJeFt5a4p5wPeXrV -uh6V9m7Mpl9hzpogg++EZqahfzzNnDgxOZfW342DX052PdgXo0NnkhCk005LvFt6 -M2mRn0fLgNVfyUZZoOp8cO5ZWbhXXlrhrgUtj2zKPK6Q94Zj4kdXHBGpAkrB8ZQ4 -EGGODE0Dqusm8WPXzB+9236IMHPU7lFbyjBrFNI7O4jg+qRIIpi+7tX0FsilqEbm -jG+OPwhZXrdqUqyF+rjKQuSRq7lOeDB4c6S2dq4OOny01i5HCbbyc9UvSHRmhOhG -qUlzHyHLo3W7j+26V/MhkDXJ+Tx+qfylv4pbliwTteJJj+CZwzjv29qb6lxYi+38 -Bw10ERapm8UCRFBecVN7xXlcIfyeAl666Vi7EBJZv3EdFNrx1nlLwM65nYya7uj6 -L7IwJWotIUx8E0XH0/cUxS/dG8bxf9L/8652h5gq3LI+wTNGuEX0DMuz7BGQG+Nt -gabrZ6SsKGthGa7eULTpz0McWTLRU0y//tkckpm5pDnXSFbIMskwwjECz82UZBSP -pigdN/Pjg5d+0yWu7s3VJxw4ENWPPpzZ+j7sOXmdvn9PO1tQd60EO+3awBlC9ZXf -/InoXE+21s/6p5RGkmg8Rl+k3ZRhmZ3weq1HRhto5npGWf2e+l0r1/KVd3D3PbF4 -JuMNZS20kHhWpnEYkzx4JMLVUNXIA6xDmftJjnl0yRBtT6jhn/gnmbz7DPnQEEgt -+u4vV5nr8IXoJ2/FVGInXSxdzROfaxUxeqTDsB2nUZigIj1zpUVIUrvj6f7LstUV -DkcGdtDIolx290s5fBk49oUcLlQ1dGY6lzB0+rJdR77Eiw4xhvN2UCcj14YM15EO -S1Rr9GHQJtkLGOYnOhkRg4RmOxhmUR+nUpvrW3zPibbyEYsSDzxPUiGbFrYd5RZ6 -zVGmaAg4/7/YtveyaP+X9+lK7iBpsWDIIBUfkd0JgxJxS/xJW7nn62l47wQugcdB -RdXiuvTzg7hu53OGA1I4/IsYOXmx8NReLK6w8LFLglU78pjpXZCu2D+rbC2ZekSR -mcZP5CLdYPPC3hbzVqXO2dgw/XugYubFfvUpX04SIxmMjhZpoa3444g0u1Gp5+Kh -nU0jYvWzkzS3JvBOzJT1YREz7elTBch8lWxsxlGU1o7Y6iBwdtpHhRa+E6P7cJMb -WxOGJhAzEyenVGmrHeeHLOos7dNGuRi/GcDdx08Gf0R6qmAEyDtfeEKIxXcWXlyP -9Y4yG0diBjsGB4JejjoQVVnj5augZnjrEaJEOIhuWjxvMt3tALG+6TPHLeZQOCxl -Dyl2zg3bzB5JSEGTkwA9t8GlG9dRUnEyEqpe5xBTUx3WpIYtu64hC7P2kAanUkVT -H+8SQKCbvh1pKhVYJm4H7VkTh/jxyW+sGPnXEw1/wI8QUTu/JLNVvpfYfWLlfdn5 -jcN0hxbDhjYUKV9wmTgzCrwKrYYAsYUSB71hIQT1ibK5To4V5TQgKieJcCBnvZIz -x8HAk+u4sVt2w1gpb6gB+Y+KxdJYxxmZ1Jt+TQZi/68q27d56BJtbDVSwJW1k6H0 -Tlm5DzeXn0IGo72xX9IVTdausnSo1bGuZe72cmflB/mIJGgUZg0dgeQgbkVLo3TQ -YQNnEaTGaujZ374B2PktUdz9vVxhaau7H6MSojxkrxzJMHRcxsED8dhvH01drOvv -Oc/j8yW/ellOgRxi36WAscACu1QB2HJuFssjA0yrSCvoTC0OSUFreezhbH+slTwf -ssazqBXy6p5pKR62/6fP6xCF9y3FnWvH7mrNd/IU5BWk7bcoNC6cGLUGX2TrUOLi -r0lZzIAMFc8dcnOnuYvwWTvN28wAR+4QPWmF1GboaANihhSzjJAiuFKMWVbKTuFP -zjvnGTcEi/76hu9ZIC//f6kXoDpTZFcMKFWacbQmc9r3Bhi13MGYt9koGNf4OMPI -Qyy6E+wLO43hHq0lUSpisHZGrZqbEAYA8OPLtPwK335efw0ZUvXnvkH3xXnFIrQ3 -QivpLV+S9nxmKy+YOkpbZ3DCHldabceJ7kowvzveOKtSmLar0IjxViahFyETDW22 -DguO7Iy82tLRBa4pjcMXK1hks7MuUfW3hUNWhz3DKw1nwqL4jUZNqj7cbiiAuUJN -mbjpiS4woi8FBhG9P9TKc79zKkGu3ZkWsl4Nw2ViT2o8TWb+nkt+exJTL8BkJqmn -29ppUCcFi7IPZvTxu7qhKMq6knOjIrmPonCxBYm/Yzn0UK8e9K00ilH06+DLT9Gm -WQHn4wq6VSMk3pIRQzpNDZsdOe3qJ5choJhqZef1KPrdSdWddWGv5WzW35nm0SEi -Xk1VtCPBYbHgGTCNRksKf5bnScUi2DoMkZIfhl9d+DHsTaOzvRdUsSwn1mkhvRXN -7OYn8tOLmvf7fEhq2GT5v5dzJAAAAAA= ------END PKCS7----- diff --git a/src/lib/libcrypto/pkcs7/t/nav-smime b/src/lib/libcrypto/pkcs7/t/nav-smime deleted file mode 100644 index 6ee4b597a14..00000000000 --- a/src/lib/libcrypto/pkcs7/t/nav-smime +++ /dev/null @@ -1,157 +0,0 @@ -From angela@c2.net.au Thu May 14 13:32:27 1998 -X-UIDL: 83c94dd550e54329bf9571b72038b8c8 -Return-Path: angela@c2.net.au -Received: from cryptsoft.com (play.cryptsoft.com [203.56.44.3]) by pandora.cryptsoft.com (8.8.3/8.7.3) with ESMTP id NAA27838 for ; Thu, 14 May 1998 13:32:26 +1000 (EST) -Message-ID: <355A6779.4B63E64C@cryptsoft.com> -Date: Thu, 14 May 1998 13:39:37 +1000 -From: Angela van Lent -X-Mailer: Mozilla 4.03 [en] (Win95; U) -MIME-Version: 1.0 -To: tjh@cryptsoft.com -Subject: signed -Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms9A58844C95949ECC78A1C54C" -Content-Length: 2604 -Status: OR - -This is a cryptographically signed message in MIME format. - ---------------ms9A58844C95949ECC78A1C54C -Content-Type: text/plain; charset=us-ascii -Content-Transfer-Encoding: 7bit - -signed body - ---------------ms9A58844C95949ECC78A1C54C -Content-Type: application/x-pkcs7-signature; name="smime.p7s" -Content-Transfer-Encoding: base64 -Content-Disposition: attachment; filename="smime.p7s" -Content-Description: S/MIME Cryptographic Signature - -MIIGHgYJKoZIhvcNAQcCoIIGDzCCBgsCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC -BGswggJTMIIB/aADAgECAgIEfjANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCQVUxEzAR -BgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNv -ZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UE -AxMSREVNTyBaRVJPIFZBTFVFIENBMB4XDTk4MDUxMzA2MjY1NloXDTAwMDUxMjA2MjY1Nlow -gaUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFu -ZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxEjAQBgNVBAsTCVNNSU1FIDAwMzEZMBcG -A1UEAxMQQW5nZWxhIHZhbiBMZWVudDEjMCEGCSqGSIb3DQEJARYUYW5nZWxhQGNyeXB0c29m -dC5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAuC3+7dAb2LhuO7gt2cTM8vsNjhG5JfDh -hX1Vl/wVGbKEEj0MA6vWEolvefQlxB+EzwCtR0YZ7eEC/T/4JoCyeQIDAQABoygwJjAkBglg -hkgBhvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EAUnSP -igs6TMFISTjw8cBtJYb98czgAVkVFjKyJQwYMH8FbDnCyx6NocM555nsyDstaw8fKR11Khds -syd3ikkrhDCCAhAwggG6AgEDMA0GCSqGSIb3DQEBBAUAMIGSMQswCQYDVQQGEwJBVTETMBEG -A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m -dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD -ExJERU1PIFpFUk8gVkFMVUUgQ0EwHhcNOTgwMzAzMDc0MTMyWhcNMDgwMjI5MDc0MTMyWjCB -kjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5l -MRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBB -TkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENBMFwwDQYJKoZIhvcNAQEB -BQADSwAwSAJBAL+0E2fLej3FSCwe2A2iRnMuC3z12qHIp6Ky1wo2zZcxft7AI+RfkrWrSGtf -mfzBEuPrLdfulncC5Y1pNcM8RTUCAwEAATANBgkqhkiG9w0BAQQFAANBAGSbLMphL6F5pp3s -8o0Xyh86FHFdpVOwYx09ELLkuG17V/P9pgIc0Eo/gDMbN+KT3IdgECf8S//pCRA6RrNjcXIx -ggF7MIIBdwIBATCBmTCBkjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAP -BgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZ -REVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENB -AgIEfjAJBgUrDgMCGgUAoHowGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAbBgkqhkiG9w0B -CQ8xDjAMMAoGCCqGSIb3DQMHMBwGCSqGSIb3DQEJBTEPFw05ODA1MTQwMzM5MzdaMCMGCSqG -SIb3DQEJBDEWBBQstNMnSV26ba8PapQEDhO21yNFrjANBgkqhkiG9w0BAQEFAARAW9Xb9YXv -BfcNkutgFX9Gr8iXhBVsNtGEVrjrpkQwpKa7jHI8SjAlLhk/4RFwDHf+ISB9Np3Z1WDWnLcA -9CWR6g== ---------------ms9A58844C95949ECC78A1C54C-- - - -From angela@c2.net.au Thu May 14 13:33:16 1998 -X-UIDL: 8f076c44ff7c5967fd5b00c4588a8731 -Return-Path: angela@c2.net.au -Received: from cryptsoft.com (play.cryptsoft.com [203.56.44.3]) by pandora.cryptsoft.com (8.8.3/8.7.3) with ESMTP id NAA27847 for ; Thu, 14 May 1998 13:33:15 +1000 (EST) -Message-ID: <355A67AB.2AF38806@cryptsoft.com> -Date: Thu, 14 May 1998 13:40:27 +1000 -From: Angela van Lent -X-Mailer: Mozilla 4.03 [en] (Win95; U) -MIME-Version: 1.0 -To: tjh@cryptsoft.com -Subject: signed -Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------msD7863B84BD61E02C407F2F5E" -Content-Length: 2679 -Status: OR - -This is a cryptographically signed message in MIME format. - ---------------msD7863B84BD61E02C407F2F5E -Content-Type: text/plain; charset=us-ascii -Content-Transfer-Encoding: 7bit - -signed body 2 - ---------------msD7863B84BD61E02C407F2F5E -Content-Type: application/x-pkcs7-signature; name="smime.p7s" -Content-Transfer-Encoding: base64 -Content-Disposition: attachment; filename="smime.p7s" -Content-Description: S/MIME Cryptographic Signature - -MIIGVgYJKoZIhvcNAQcCoIIGRzCCBkMCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC -BGswggJTMIIB/aADAgECAgIEfjANBgkqhkiG9w0BAQQFADCBkjELMAkGA1UEBhMCQVUxEzAR -BgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNv -ZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UE -AxMSREVNTyBaRVJPIFZBTFVFIENBMB4XDTk4MDUxMzA2MjY1NloXDTAwMDUxMjA2MjY1Nlow -gaUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFu -ZTEaMBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxEjAQBgNVBAsTCVNNSU1FIDAwMzEZMBcG -A1UEAxMQQW5nZWxhIHZhbiBMZWVudDEjMCEGCSqGSIb3DQEJARYUYW5nZWxhQGNyeXB0c29m -dC5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAuC3+7dAb2LhuO7gt2cTM8vsNjhG5JfDh -hX1Vl/wVGbKEEj0MA6vWEolvefQlxB+EzwCtR0YZ7eEC/T/4JoCyeQIDAQABoygwJjAkBglg -hkgBhvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EAUnSP -igs6TMFISTjw8cBtJYb98czgAVkVFjKyJQwYMH8FbDnCyx6NocM555nsyDstaw8fKR11Khds -syd3ikkrhDCCAhAwggG6AgEDMA0GCSqGSIb3DQEBBAUAMIGSMQswCQYDVQQGEwJBVTETMBEG -A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m -dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD -ExJERU1PIFpFUk8gVkFMVUUgQ0EwHhcNOTgwMzAzMDc0MTMyWhcNMDgwMjI5MDc0MTMyWjCB -kjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5l -MRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZREVNT05TVFJBVElPTiBB -TkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENBMFwwDQYJKoZIhvcNAQEB -BQADSwAwSAJBAL+0E2fLej3FSCwe2A2iRnMuC3z12qHIp6Ky1wo2zZcxft7AI+RfkrWrSGtf -mfzBEuPrLdfulncC5Y1pNcM8RTUCAwEAATANBgkqhkiG9w0BAQQFAANBAGSbLMphL6F5pp3s -8o0Xyh86FHFdpVOwYx09ELLkuG17V/P9pgIc0Eo/gDMbN+KT3IdgECf8S//pCRA6RrNjcXIx -ggGzMIIBrwIBATCBmTCBkjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAP -BgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdHNvZnQgUHR5IEx0ZDEiMCAGA1UECxMZ -REVNT05TVFJBVElPTiBBTkQgVEVTVElORzEbMBkGA1UEAxMSREVNTyBaRVJPIFZBTFVFIENB -AgIEfjAJBgUrDgMCGgUAoIGxMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcN -AQkFMQ8XDTk4MDUxNDAzNDAyN1owIwYJKoZIhvcNAQkEMRYEFOKcV8mNYJnM8rHQajcSEqJN -rwdDMFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMAcGBSsO -AwIHMA0GCCqGSIb3DQMCAgFAMA0GCCqGSIb3DQMCAgEoMA0GCSqGSIb3DQEBAQUABEADPE/N -coH+zTFuX5YpolupTKxKK8eEjc48TuADuO8bIHHDE/fEYaWunlwDuTlcFJl1ig0idffPB1qC -Zp8SSVVY ---------------msD7863B84BD61E02C407F2F5E-- - - -From angela@c2.net.au Thu May 14 14:05:32 1998 -X-UIDL: a7d629b4b9acacaee8b39371b860a32a -Return-Path: angela@c2.net.au -Received: from cryptsoft.com (play.cryptsoft.com [203.56.44.3]) by pandora.cryptsoft.com (8.8.3/8.7.3) with ESMTP id OAA28033 for ; Thu, 14 May 1998 14:05:32 +1000 (EST) -Message-ID: <355A6F3B.AC385981@cryptsoft.com> -Date: Thu, 14 May 1998 14:12:43 +1000 -From: Angela van Lent -X-Mailer: Mozilla 4.03 [en] (Win95; U) -MIME-Version: 1.0 -To: tjh@cryptsoft.com -Subject: encrypted -Content-Type: application/x-pkcs7-mime; name="smime.p7m" -Content-Transfer-Encoding: base64 -Content-Disposition: attachment; filename="smime.p7m" -Content-Description: S/MIME Encrypted Message -Content-Length: 905 -Status: OR - -MIAGCSqGSIb3DQEHA6CAMIACAQAxggHmMIHwAgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEG -A1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m -dCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNUUkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQD -ExJERU1PIFpFUk8gVkFMVUUgQ0ECAgR+MA0GCSqGSIb3DQEBAQUABEA92N29Yk39RUY2tIVd -exGT2MFX3J6H8LB8aDRJjw7843ALgJ5zXpM5+f80QkAWwEN2A6Pl3VxiCeKLi435zXVyMIHw -AgEAMIGZMIGSMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMI -QnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29mdCBQdHkgTHRkMSIwIAYDVQQLExlERU1PTlNU -UkFUSU9OIEFORCBURVNUSU5HMRswGQYDVQQDExJERU1PIFpFUk8gVkFMVUUgQ0ECAgRuMA0G -CSqGSIb3DQEBAQUABECR9IfyHtvnjFmZ8B2oUCEs1vxMsG0u1kxKE4RMPFyDqDCEARq7zXMg -nzSUI7Wgv5USSKDqcLRJeW+jvYURv/nJMIAGCSqGSIb3DQEHATAaBggqhkiG9w0DAjAOAgIA -oAQIrLqrij2ZMpeggAQoibtn6reRZWuWk5Iv5IAhgitr8EYE4w4ySQ7EMB6mTlBoFpccUMWX -BwQgQn1UoWCvYAlhDzURdbui64Dc0rS2wtj+kE/InS6y25EEEPe4NUKaF8/UlE+lo3LtILQE -CL3uV8k7m0iqAAAAAAAAAAAAAA== - diff --git a/src/lib/libcrypto/pkcs7/t/s.pem b/src/lib/libcrypto/pkcs7/t/s.pem deleted file mode 100644 index 4fa925b1824..00000000000 --- a/src/lib/libcrypto/pkcs7/t/s.pem +++ /dev/null @@ -1,57 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIBOgIBAAJBAK3nI4nuDYe3nDJES5WBc90igEstxWC4/h4YY+/ciYki35U8ets9 -mgaoCNYp/e9BCZHtvK2Y+fYokGJv5+cMTQsCAwEAAQJBAIHpvXvqEcOEoDRRHuIG -fkcB4jPHcr9KE9TpxabH6xs9beN6OJnkePXAHwaz5MnUgSnbpOKq+cw8miKjXwe/ -zVECIQDVLwncT2lRmXarEYHzb+q/0uaSvKhWKKt3kJasLNTrAwIhANDUc/ghut29 -p3jJYjurzUKuG774/5eLjPLsxPPIZzNZAiA/10hSq41UnGqHLEUIS9m2/EeEZe7b -bm567dfRU9OnVQIgDo8ROrZXSchEGbaog5J5r/Fle83uO8l93R3GqVxKXZkCIFfk -IPD5PIYQAyyod3hyKKza7ZP4CGY4oOfZetbkSGGG ------END RSA PRIVATE KEY----- -issuer :/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=DEMONSTRATION AND TESTING/CN=DEMO ZERO VALUE CA -subject:/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=SMIME 003/CN=Information/Email=info@cryptsoft.com -serial :047D - -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 1149 (0x47d) - Signature Algorithm: md5withRSAEncryption - Issuer: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=DEMONSTRATION AND TESTING, CN=DEMO ZERO VALUE CA - Validity - Not Before: May 13 05:40:58 1998 GMT - Not After : May 12 05:40:58 2000 GMT - Subject: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=SMIME 003, CN=Information/Email=info@cryptsoft.com - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Modulus: - 00:ad:e7:23:89:ee:0d:87:b7:9c:32:44:4b:95:81: - 73:dd:22:80:4b:2d:c5:60:b8:fe:1e:18:63:ef:dc: - 89:89:22:df:95:3c:7a:db:3d:9a:06:a8:08:d6:29: - fd:ef:41:09:91:ed:bc:ad:98:f9:f6:28:90:62:6f: - e7:e7:0c:4d:0b - Exponent: 65537 (0x10001) - X509v3 extensions: - Netscape Comment: - Generated with SSLeay - Signature Algorithm: md5withRSAEncryption - 52:15:ea:88:f4:f0:f9:0b:ef:ce:d5:f8:83:40:61:16:5e:55: - f9:ce:2d:d1:8b:31:5c:03:c6:2d:10:7c:61:d5:5c:0a:42:97: - d1:fd:65:b6:b6:84:a5:39:ec:46:ec:fc:e0:0d:d9:22:da:1b: - 50:74:ad:92:cb:4e:90:e5:fa:7d - ------BEGIN CERTIFICATE----- -MIICTDCCAfagAwIBAgICBH0wDQYJKoZIhvcNAQEEBQAwgZIxCzAJBgNVBAYTAkFV -MRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UE -ChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsTGURFTU9OU1RSQVRJT04gQU5E -IFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBWQUxVRSBDQTAeFw05ODA1MTMw -NTQwNThaFw0wMDA1MTIwNTQwNThaMIGeMQswCQYDVQQGEwJBVTETMBEGA1UECBMK -UXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m -dCBQdHkgTHRkMRIwEAYDVQQLEwlTTUlNRSAwMDMxFDASBgNVBAMTC0luZm9ybWF0 -aW9uMSEwHwYJKoZIhvcNAQkBFhJpbmZvQGNyeXB0c29mdC5jb20wXDANBgkqhkiG -9w0BAQEFAANLADBIAkEArecjie4Nh7ecMkRLlYFz3SKASy3FYLj+Hhhj79yJiSLf -lTx62z2aBqgI1in970EJke28rZj59iiQYm/n5wxNCwIDAQABoygwJjAkBglghkgB -hvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EA -UhXqiPTw+QvvztX4g0BhFl5V+c4t0YsxXAPGLRB8YdVcCkKX0f1ltraEpTnsRuz8 -4A3ZItobUHStkstOkOX6fQ== ------END CERTIFICATE----- - diff --git a/src/lib/libcrypto/pkcs7/t/server.pem b/src/lib/libcrypto/pkcs7/t/server.pem deleted file mode 100644 index 989baf87096..00000000000 --- a/src/lib/libcrypto/pkcs7/t/server.pem +++ /dev/null @@ -1,57 +0,0 @@ -issuer :/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=DEMONSTRATION AND TESTING/CN=DEMO ZERO VALUE CA -subject:/C=AU/SP=Queensland/L=Brisbane/O=Cryptsoft Pty Ltd/OU=SMIME 003/CN=Information/Email=info@cryptsoft.com -serial :047D - -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 1149 (0x47d) - Signature Algorithm: md5withRSAEncryption - Issuer: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=DEMONSTRATION AND TESTING, CN=DEMO ZERO VALUE CA - Validity - Not Before: May 13 05:40:58 1998 GMT - Not After : May 12 05:40:58 2000 GMT - Subject: C=AU, SP=Queensland, L=Brisbane, O=Cryptsoft Pty Ltd, OU=SMIME 003, CN=Information/Email=info@cryptsoft.com - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Modulus: - 00:ad:e7:23:89:ee:0d:87:b7:9c:32:44:4b:95:81: - 73:dd:22:80:4b:2d:c5:60:b8:fe:1e:18:63:ef:dc: - 89:89:22:df:95:3c:7a:db:3d:9a:06:a8:08:d6:29: - fd:ef:41:09:91:ed:bc:ad:98:f9:f6:28:90:62:6f: - e7:e7:0c:4d:0b - Exponent: 65537 (0x10001) - X509v3 extensions: - Netscape Comment: - Generated with SSLeay - Signature Algorithm: md5withRSAEncryption - 52:15:ea:88:f4:f0:f9:0b:ef:ce:d5:f8:83:40:61:16:5e:55: - f9:ce:2d:d1:8b:31:5c:03:c6:2d:10:7c:61:d5:5c:0a:42:97: - d1:fd:65:b6:b6:84:a5:39:ec:46:ec:fc:e0:0d:d9:22:da:1b: - 50:74:ad:92:cb:4e:90:e5:fa:7d - ------BEGIN CERTIFICATE----- -MIICTDCCAfagAwIBAgICBH0wDQYJKoZIhvcNAQEEBQAwgZIxCzAJBgNVBAYTAkFV -MRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UE -ChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsTGURFTU9OU1RSQVRJT04gQU5E -IFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBWQUxVRSBDQTAeFw05ODA1MTMw -NTQwNThaFw0wMDA1MTIwNTQwNThaMIGeMQswCQYDVQQGEwJBVTETMBEGA1UECBMK -UXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0c29m -dCBQdHkgTHRkMRIwEAYDVQQLEwlTTUlNRSAwMDMxFDASBgNVBAMTC0luZm9ybWF0 -aW9uMSEwHwYJKoZIhvcNAQkBFhJpbmZvQGNyeXB0c29mdC5jb20wXDANBgkqhkiG -9w0BAQEFAANLADBIAkEArecjie4Nh7ecMkRLlYFz3SKASy3FYLj+Hhhj79yJiSLf -lTx62z2aBqgI1in970EJke28rZj59iiQYm/n5wxNCwIDAQABoygwJjAkBglghkgB -hvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0GCSqGSIb3DQEBBAUAA0EA -UhXqiPTw+QvvztX4g0BhFl5V+c4t0YsxXAPGLRB8YdVcCkKX0f1ltraEpTnsRuz8 -4A3ZItobUHStkstOkOX6fQ== ------END CERTIFICATE----- - ------BEGIN RSA PRIVATE KEY----- -MIIBOgIBAAJBAK3nI4nuDYe3nDJES5WBc90igEstxWC4/h4YY+/ciYki35U8ets9 -mgaoCNYp/e9BCZHtvK2Y+fYokGJv5+cMTQsCAwEAAQJBAIHpvXvqEcOEoDRRHuIG -fkcB4jPHcr9KE9TpxabH6xs9beN6OJnkePXAHwaz5MnUgSnbpOKq+cw8miKjXwe/ -zVECIQDVLwncT2lRmXarEYHzb+q/0uaSvKhWKKt3kJasLNTrAwIhANDUc/ghut29 -p3jJYjurzUKuG774/5eLjPLsxPPIZzNZAiA/10hSq41UnGqHLEUIS9m2/EeEZe7b -bm567dfRU9OnVQIgDo8ROrZXSchEGbaog5J5r/Fle83uO8l93R3GqVxKXZkCIFfk -IPD5PIYQAyyod3hyKKza7ZP4CGY4oOfZetbkSGGG ------END RSA PRIVATE KEY----- diff --git a/src/lib/libcrypto/pkcs7/verify.c b/src/lib/libcrypto/pkcs7/verify.c deleted file mode 100644 index 5f7afe89336..00000000000 --- a/src/lib/libcrypto/pkcs7/verify.c +++ /dev/null @@ -1,262 +0,0 @@ -/* crypto/pkcs7/verify.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -#include -#include -#include -#include -#include -#include -#include -#include "example.h" - -int verify_callback(int ok, X509_STORE_CTX *ctx); - -BIO *bio_err=NULL; -BIO *bio_out=NULL; - -int main(argc,argv) -int argc; -char *argv[]; - { - PKCS7 *p7; - PKCS7_SIGNER_INFO *si; - X509_STORE_CTX cert_ctx; - X509_STORE *cert_store=NULL; - BIO *data,*detached=NULL,*p7bio=NULL; - char buf[1024*4]; - char *pp; - int i,printit=0; - STACK_OF(PKCS7_SIGNER_INFO) *sk; - - bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); - bio_out=BIO_new_fp(stdout,BIO_NOCLOSE); -#ifndef OPENSSL_NO_MD2 - EVP_add_digest(EVP_md2()); -#endif -#ifndef OPENSSL_NO_MD5 - EVP_add_digest(EVP_md5()); -#endif -#ifndef OPENSSL_NO_SHA1 - EVP_add_digest(EVP_sha1()); -#endif -#ifndef OPENSSL_NO_MDC2 - EVP_add_digest(EVP_mdc2()); -#endif - - data=BIO_new(BIO_s_file()); - - pp=NULL; - while (argc > 1) - { - argc--; - argv++; - if (strcmp(argv[0],"-p") == 0) - { - printit=1; - } - else if ((strcmp(argv[0],"-d") == 0) && (argc >= 2)) - { - detached=BIO_new(BIO_s_file()); - if (!BIO_read_filename(detached,argv[1])) - goto err; - argc--; - argv++; - } - else - { - pp=argv[0]; - if (!BIO_read_filename(data,argv[0])) - goto err; - } - } - - if (pp == NULL) - BIO_set_fp(data,stdin,BIO_NOCLOSE); - - - /* Load the PKCS7 object from a file */ - if ((p7=PEM_read_bio_PKCS7(data,NULL,NULL,NULL)) == NULL) goto err; - - /* This stuff is being setup for certificate verification. - * When using SSL, it could be replaced with a - * cert_stre=SSL_CTX_get_cert_store(ssl_ctx); */ - cert_store=X509_STORE_new(); - X509_STORE_set_default_paths(cert_store); - X509_STORE_load_locations(cert_store,NULL,"../../certs"); - X509_STORE_set_verify_cb_func(cert_store,verify_callback); - - ERR_clear_error(); - - /* We need to process the data */ - if ((PKCS7_get_detached(p7) || detached)) - { - if (detached == NULL) - { - printf("no data to verify the signature on\n"); - exit(1); - } - else - p7bio=PKCS7_dataInit(p7,detached); - } - else - { - p7bio=PKCS7_dataInit(p7,NULL); - } - - /* We now have to 'read' from p7bio to calculate digests etc. */ - for (;;) - { - i=BIO_read(p7bio,buf,sizeof(buf)); - /* print it? */ - if (i <= 0) break; - } - - /* We can now verify signatures */ - sk=PKCS7_get_signer_info(p7); - if (sk == NULL) - { - printf("there are no signatures on this data\n"); - exit(1); - } - - /* Ok, first we need to, for each subject entry, see if we can verify */ - for (i=0; ierror) - { - case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: - X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,256); - BIO_printf(bio_err,"issuer= %s\n",buf); - break; - case X509_V_ERR_CERT_NOT_YET_VALID: - case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: - BIO_printf(bio_err,"notBefore="); - ASN1_UTCTIME_print(bio_err,X509_get_notBefore(ctx->current_cert)); - BIO_printf(bio_err,"\n"); - break; - case X509_V_ERR_CERT_HAS_EXPIRED: - case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: - BIO_printf(bio_err,"notAfter="); - ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ctx->current_cert)); - BIO_printf(bio_err,"\n"); - break; - } - BIO_printf(bio_err,"verify return:%d\n",ok); - return(ok); - } diff --git a/src/lib/libcrypto/poly1305/poly1305-donna.c b/src/lib/libcrypto/poly1305/poly1305-donna.c new file mode 100644 index 00000000000..773ea4ebe78 --- /dev/null +++ b/src/lib/libcrypto/poly1305/poly1305-donna.c @@ -0,0 +1,321 @@ +/* $OpenBSD: poly1305-donna.c,v 1.3 2014/06/12 15:49:30 deraadt Exp $ */ +/* + * Public Domain poly1305 from Andrew Moon + * Based on poly1305-donna.c, poly1305-donna-32.h and poly1305-donna.h from: + * https://github.com/floodyberry/poly1305-donna + */ + +#include + +static inline void poly1305_init(poly1305_context *ctx, + const unsigned char key[32]); +static inline void poly1305_update(poly1305_context *ctx, + const unsigned char *m, size_t bytes); +static inline void poly1305_finish(poly1305_context *ctx, + unsigned char mac[16]); + +/* + * poly1305 implementation using 32 bit * 32 bit = 64 bit multiplication + * and 64 bit addition. + */ + +#define poly1305_block_size 16 + +/* 17 + sizeof(size_t) + 14*sizeof(unsigned long) */ +typedef struct poly1305_state_internal_t { + unsigned long r[5]; + unsigned long h[5]; + unsigned long pad[4]; + size_t leftover; + unsigned char buffer[poly1305_block_size]; + unsigned char final; +} poly1305_state_internal_t; + +/* interpret four 8 bit unsigned integers as a 32 bit unsigned integer in little endian */ +static unsigned long +U8TO32(const unsigned char *p) +{ + return (((unsigned long)(p[0] & 0xff)) | + ((unsigned long)(p[1] & 0xff) << 8) | + ((unsigned long)(p[2] & 0xff) << 16) | + ((unsigned long)(p[3] & 0xff) << 24)); +} + +/* store a 32 bit unsigned integer as four 8 bit unsigned integers in little endian */ +static void +U32TO8(unsigned char *p, unsigned long v) +{ + p[0] = (v) & 0xff; + p[1] = (v >> 8) & 0xff; + p[2] = (v >> 16) & 0xff; + p[3] = (v >> 24) & 0xff; +} + +static inline void +poly1305_init(poly1305_context *ctx, const unsigned char key[32]) +{ + poly1305_state_internal_t *st = (poly1305_state_internal_t *)ctx; + + /* r &= 0xffffffc0ffffffc0ffffffc0fffffff */ + st->r[0] = (U8TO32(&key[0])) & 0x3ffffff; + st->r[1] = (U8TO32(&key[3]) >> 2) & 0x3ffff03; + st->r[2] = (U8TO32(&key[6]) >> 4) & 0x3ffc0ff; + st->r[3] = (U8TO32(&key[9]) >> 6) & 0x3f03fff; + st->r[4] = (U8TO32(&key[12]) >> 8) & 0x00fffff; + + /* h = 0 */ + st->h[0] = 0; + st->h[1] = 0; + st->h[2] = 0; + st->h[3] = 0; + st->h[4] = 0; + + /* save pad for later */ + st->pad[0] = U8TO32(&key[16]); + st->pad[1] = U8TO32(&key[20]); + st->pad[2] = U8TO32(&key[24]); + st->pad[3] = U8TO32(&key[28]); + + st->leftover = 0; + st->final = 0; +} + +static void +poly1305_blocks(poly1305_state_internal_t *st, const unsigned char *m, size_t bytes) +{ + const unsigned long hibit = (st->final) ? 0 : (1 << 24); /* 1 << 128 */ + unsigned long r0, r1, r2, r3, r4; + unsigned long s1, s2, s3, s4; + unsigned long h0, h1, h2, h3, h4; + unsigned long long d0, d1, d2, d3, d4; + unsigned long c; + + r0 = st->r[0]; + r1 = st->r[1]; + r2 = st->r[2]; + r3 = st->r[3]; + r4 = st->r[4]; + + s1 = r1 * 5; + s2 = r2 * 5; + s3 = r3 * 5; + s4 = r4 * 5; + + h0 = st->h[0]; + h1 = st->h[1]; + h2 = st->h[2]; + h3 = st->h[3]; + h4 = st->h[4]; + + while (bytes >= poly1305_block_size) { + /* h += m[i] */ + h0 += (U8TO32(m + 0)) & 0x3ffffff; + h1 += (U8TO32(m + 3) >> 2) & 0x3ffffff; + h2 += (U8TO32(m + 6) >> 4) & 0x3ffffff; + h3 += (U8TO32(m + 9) >> 6) & 0x3ffffff; + h4 += (U8TO32(m + 12) >> 8) | hibit; + + /* h *= r */ + d0 = ((unsigned long long)h0 * r0) + + ((unsigned long long)h1 * s4) + + ((unsigned long long)h2 * s3) + + ((unsigned long long)h3 * s2) + + ((unsigned long long)h4 * s1); + d1 = ((unsigned long long)h0 * r1) + + ((unsigned long long)h1 * r0) + + ((unsigned long long)h2 * s4) + + ((unsigned long long)h3 * s3) + + ((unsigned long long)h4 * s2); + d2 = ((unsigned long long)h0 * r2) + + ((unsigned long long)h1 * r1) + + ((unsigned long long)h2 * r0) + + ((unsigned long long)h3 * s4) + + ((unsigned long long)h4 * s3); + d3 = ((unsigned long long)h0 * r3) + + ((unsigned long long)h1 * r2) + + ((unsigned long long)h2 * r1) + + ((unsigned long long)h3 * r0) + + ((unsigned long long)h4 * s4); + d4 = ((unsigned long long)h0 * r4) + + ((unsigned long long)h1 * r3) + + ((unsigned long long)h2 * r2) + + ((unsigned long long)h3 * r1) + + ((unsigned long long)h4 * r0); + + /* (partial) h %= p */ + c = (unsigned long)(d0 >> 26); + h0 = (unsigned long)d0 & 0x3ffffff; + d1 += c; + c = (unsigned long)(d1 >> 26); + h1 = (unsigned long)d1 & 0x3ffffff; + d2 += c; + c = (unsigned long)(d2 >> 26); + h2 = (unsigned long)d2 & 0x3ffffff; + d3 += c; + c = (unsigned long)(d3 >> 26); + h3 = (unsigned long)d3 & 0x3ffffff; + d4 += c; + c = (unsigned long)(d4 >> 26); + h4 = (unsigned long)d4 & 0x3ffffff; + h0 += c * 5; + c = (h0 >> 26); + h0 = h0 & 0x3ffffff; + h1 += c; + + m += poly1305_block_size; + bytes -= poly1305_block_size; + } + + st->h[0] = h0; + st->h[1] = h1; + st->h[2] = h2; + st->h[3] = h3; + st->h[4] = h4; +} + +static inline void +poly1305_update(poly1305_context *ctx, const unsigned char *m, size_t bytes) +{ + poly1305_state_internal_t *st = (poly1305_state_internal_t *)ctx; + size_t i; + + /* handle leftover */ + if (st->leftover) { + size_t want = (poly1305_block_size - st->leftover); + if (want > bytes) + want = bytes; + for (i = 0; i < want; i++) + st->buffer[st->leftover + i] = m[i]; + bytes -= want; + m += want; + st->leftover += want; + if (st->leftover < poly1305_block_size) + return; + poly1305_blocks(st, st->buffer, poly1305_block_size); + st->leftover = 0; + } + + /* process full blocks */ + if (bytes >= poly1305_block_size) { + size_t want = (bytes & ~(poly1305_block_size - 1)); + poly1305_blocks(st, m, want); + m += want; + bytes -= want; + } + + /* store leftover */ + if (bytes) { + for (i = 0; i < bytes; i++) + st->buffer[st->leftover + i] = m[i]; + st->leftover += bytes; + } +} + +static inline void +poly1305_finish(poly1305_context *ctx, unsigned char mac[16]) +{ + poly1305_state_internal_t *st = (poly1305_state_internal_t *)ctx; + unsigned long h0, h1, h2, h3, h4, c; + unsigned long g0, g1, g2, g3, g4; + unsigned long long f; + unsigned long mask; + + /* process the remaining block */ + if (st->leftover) { + size_t i = st->leftover; + st->buffer[i++] = 1; + for (; i < poly1305_block_size; i++) + st->buffer[i] = 0; + st->final = 1; + poly1305_blocks(st, st->buffer, poly1305_block_size); + } + + /* fully carry h */ + h0 = st->h[0]; + h1 = st->h[1]; + h2 = st->h[2]; + h3 = st->h[3]; + h4 = st->h[4]; + + c = h1 >> 26; + h1 = h1 & 0x3ffffff; + h2 += c; + c = h2 >> 26; + h2 = h2 & 0x3ffffff; + h3 += c; + c = h3 >> 26; + h3 = h3 & 0x3ffffff; + h4 += c; + c = h4 >> 26; + h4 = h4 & 0x3ffffff; + h0 += c * 5; + c = h0 >> 26; + h0 = h0 & 0x3ffffff; + h1 += c; + + /* compute h + -p */ + g0 = h0 + 5; + c = g0 >> 26; + g0 &= 0x3ffffff; + g1 = h1 + c; + c = g1 >> 26; + g1 &= 0x3ffffff; + g2 = h2 + c; + c = g2 >> 26; + g2 &= 0x3ffffff; + g3 = h3 + c; + c = g3 >> 26; + g3 &= 0x3ffffff; + g4 = h4 + c - (1 << 26); + + /* select h if h < p, or h + -p if h >= p */ + mask = (g4 >> ((sizeof(unsigned long) * 8) - 1)) - 1; + g0 &= mask; + g1 &= mask; + g2 &= mask; + g3 &= mask; + g4 &= mask; + mask = ~mask; + h0 = (h0 & mask) | g0; + h1 = (h1 & mask) | g1; + h2 = (h2 & mask) | g2; + h3 = (h3 & mask) | g3; + h4 = (h4 & mask) | g4; + + /* h = h % (2^128) */ + h0 = ((h0) | (h1 << 26)) & 0xffffffff; + h1 = ((h1 >> 6) | (h2 << 20)) & 0xffffffff; + h2 = ((h2 >> 12) | (h3 << 14)) & 0xffffffff; + h3 = ((h3 >> 18) | (h4 << 8)) & 0xffffffff; + + /* mac = (h + pad) % (2^128) */ + f = (unsigned long long)h0 + st->pad[0]; + h0 = (unsigned long)f; + f = (unsigned long long)h1 + st->pad[1] + (f >> 32); + h1 = (unsigned long)f; + f = (unsigned long long)h2 + st->pad[2] + (f >> 32); + h2 = (unsigned long)f; + f = (unsigned long long)h3 + st->pad[3] + (f >> 32); + h3 = (unsigned long)f; + + U32TO8(mac + 0, h0); + U32TO8(mac + 4, h1); + U32TO8(mac + 8, h2); + U32TO8(mac + 12, h3); + + /* zero out the state */ + st->h[0] = 0; + st->h[1] = 0; + st->h[2] = 0; + st->h[3] = 0; + st->h[4] = 0; + st->r[0] = 0; + st->r[1] = 0; + st->r[2] = 0; + st->r[3] = 0; + st->r[4] = 0; + st->pad[0] = 0; + st->pad[1] = 0; + st->pad[2] = 0; + st->pad[3] = 0; +} diff --git a/src/lib/libcrypto/poly1305/poly1305.c b/src/lib/libcrypto/poly1305/poly1305.c new file mode 100644 index 00000000000..75a34cc3e14 --- /dev/null +++ b/src/lib/libcrypto/poly1305/poly1305.c @@ -0,0 +1,38 @@ +/* $OpenBSD: poly1305.c,v 1.3 2014/06/12 15:49:30 deraadt Exp $ */ +/* + * Copyright (c) 2014 Joel Sing + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include "poly1305-donna.c" + +void +CRYPTO_poly1305_init(poly1305_context *ctx, const unsigned char key[32]) +{ + poly1305_init(ctx, key); +} + +void +CRYPTO_poly1305_update(poly1305_context *ctx, const unsigned char *in, + size_t len) +{ + poly1305_update(ctx, in, len); +} + +void +CRYPTO_poly1305_finish(poly1305_context *ctx, unsigned char mac[16]) +{ + poly1305_finish(ctx, mac); +} diff --git a/src/lib/libcrypto/poly1305/poly1305.h b/src/lib/libcrypto/poly1305/poly1305.h new file mode 100644 index 00000000000..00ab0bfd2ba --- /dev/null +++ b/src/lib/libcrypto/poly1305/poly1305.h @@ -0,0 +1,49 @@ +/* $OpenBSD: poly1305.h,v 1.3 2014/07/25 14:04:51 jsing Exp $ */ +/* + * Copyright (c) 2014 Joel Sing + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef HEADER_POLY1305_H +#define HEADER_POLY1305_H + +#include + +#if defined(OPENSSL_NO_POLY1305) +#error Poly1305 is disabled. +#endif + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +typedef struct poly1305_context { + size_t aligner; + unsigned char opaque[136]; +} poly1305_context; + +typedef struct poly1305_context poly1305_state; + +void CRYPTO_poly1305_init(poly1305_context *ctx, const unsigned char key[32]); +void CRYPTO_poly1305_update(poly1305_context *ctx, const unsigned char *in, + size_t len); +void CRYPTO_poly1305_finish(poly1305_context *ctx, unsigned char mac[16]); + +#ifdef __cplusplus +} +#endif + +#endif /* HEADER_POLY1305_H */ diff --git a/src/lib/libcrypto/ppccap.c b/src/lib/libcrypto/ppccap.c new file mode 100644 index 00000000000..ce01edf6ecf --- /dev/null +++ b/src/lib/libcrypto/ppccap.c @@ -0,0 +1,50 @@ +/* $OpenBSD: ppccap.c,v 1.6 2014/07/17 23:48:24 deraadt Exp $ */ + +#include +#include +#include +#include + +#include +#include + +#ifdef unused +#define PPC_FPU64 (1<<0) +#define PPC_ALTIVEC (1<<1) + +static int OPENSSL_ppccap_P = 0; +#endif + +#ifdef OPENSSL_BN_ASM_MONT +extern int bn_mul_mont_int(BN_ULONG *, const BN_ULONG *, const BN_ULONG *, + const BN_ULONG *, const BN_ULONG *, int); +int +bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, + const BN_ULONG *np, const BN_ULONG *n0, int num) +{ + return bn_mul_mont_int(rp, ap, bp, np, n0, num); +} +#endif + +#ifdef unused +void OPENSSL_cpuid_setup(void) __attribute__((constructor)); + +void +OPENSSL_cpuid_setup(void) +{ + static const int mib[2] = { CTL_MACHDEP, CPU_ALTIVEC }; + static int trigger = 0; + int altivec = 0; + size_t size; + + if (trigger) + return; + trigger = 1; + + size = sizeof altivec; + if (sysctl(mib, 2, &altivec, &size, NULL, 0) != -1) { + if (altivec != 0) + OPENSSL_ppccap_P |= PPC_ALTIVEC; + } +} +#endif diff --git a/src/lib/libcrypto/ppccpuid.pl b/src/lib/libcrypto/ppccpuid.pl new file mode 100755 index 00000000000..0cef7014b6e --- /dev/null +++ b/src/lib/libcrypto/ppccpuid.pl @@ -0,0 +1,85 @@ +#!/usr/bin/env perl + +$flavour = shift; + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or +( $xlate="${dir}perlasm/ppc-xlate.pl" and -f $xlate) or +die "can't locate ppc-xlate.pl"; + +open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!"; + +if ($flavour=~/64/) { + $CMPLI="cmpldi"; + $SHRLI="srdi"; + $SIGNX="extsw"; +} else { + $CMPLI="cmplwi"; + $SHRLI="srwi"; + $SIGNX="mr"; +} + +$code=<<___; +.machine "any" +.text + +#if 0 +.globl .OPENSSL_ppc64_probe +.align 4 +.OPENSSL_ppc64_probe: + fcfid f1,f1 + extrdi r0,r0,32,0 + blr + .long 0 + .byte 0,12,0x14,0,0,0,0,0 +#endif + +.globl .OPENSSL_wipe_cpu +.align 4 +.OPENSSL_wipe_cpu: + xor r0,r0,r0 + fmr f0,f31 + fmr f1,f31 + fmr f2,f31 + mr r3,r1 + fmr f3,f31 + xor r4,r4,r4 + fmr f4,f31 + xor r5,r5,r5 + fmr f5,f31 + xor r6,r6,r6 + fmr f6,f31 + xor r7,r7,r7 + fmr f7,f31 + xor r8,r8,r8 + fmr f8,f31 + xor r9,r9,r9 + fmr f9,f31 + xor r10,r10,r10 + fmr f10,f31 + xor r11,r11,r11 + fmr f11,f31 + xor r12,r12,r12 + fmr f12,f31 + fmr f13,f31 + blr + .long 0 + .byte 0,12,0x14,0,0,0,0,0 + +.globl .OPENSSL_atomic_add +.align 4 +.OPENSSL_atomic_add: +Ladd: lwarx r5,0,r3 + add r0,r4,r5 + stwcx. r0,0,r3 + bne- Ladd + $SIGNX r3,r0 + blr + .long 0 + .byte 0,12,0x14,0,0,0,2,0 + .long 0 +___ + +$code =~ s/\`([^\`]*)\`/eval $1/gem; +print $code; +close STDOUT; diff --git a/src/lib/libcrypto/rand/Makefile.ssl b/src/lib/libcrypto/rand/Makefile.ssl deleted file mode 100644 index 4d73d4f7e80..00000000000 --- a/src/lib/libcrypto/rand/Makefile.ssl +++ /dev/null @@ -1,157 +0,0 @@ -# -# SSLeay/crypto/rand/Makefile -# - -DIR= rand -TOP= ../.. -CC= cc -INCLUDES= -CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKE= make -f Makefile.ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) -MAKEFILE= Makefile.ssl -AR= ar r - -CFLAGS= $(INCLUDES) $(CFLAG) - -GENERAL=Makefile -TEST= randtest.c -APPS= - -LIB=$(TOP)/libcrypto.a -LIBSRC=md_rand.c randfile.c rand_lib.c rand_err.c rand_egd.c \ - rand_win.c rand_unix.c rand_os2.c -LIBOBJ=md_rand.o randfile.o rand_lib.o rand_err.o rand_egd.o \ - rand_win.o rand_unix.o rand_os2.o - -SRC= $(LIBSRC) - -EXHEADER= rand.h -HEADER= $(EXHEADER) - -ALL= $(GENERAL) $(SRC) $(HEADER) - -top: - (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) - -all: lib - -lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) || echo Never mind. - @touch lib - -files: - $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO - -links: - @sh $(TOP)/util/point.sh Makefile.ssl Makefile - @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) - @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) - @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) - -install: - @for i in $(EXHEADER) ; \ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; - -tags: - ctags $(SRC) - -tests: - -lint: - lint -DLINT $(INCLUDES) $(SRC)>fluff - -depend: - $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) - -dclean: - $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new - mv -f Makefile.new $(MAKEFILE) - -clean: - rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff - -# DO NOT DELETE THIS LINE -- make depend depends on it. - -md_rand.o: ../../e_os.h ../../include/openssl/asn1.h -md_rand.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -md_rand.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -md_rand.o: ../../include/openssl/err.h ../../include/openssl/evp.h -md_rand.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -md_rand.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -md_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -md_rand.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -md_rand.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -md_rand.o: ../../include/openssl/symhacks.h md_rand.c rand_lcl.h -rand_egd.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h -rand_egd.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -rand_egd.o: rand_egd.c -rand_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h -rand_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -rand_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -rand_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rand_err.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -rand_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -rand_err.o: rand_err.c -rand_lib.o: ../../e_os.h ../../include/openssl/asn1.h -rand_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -rand_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -rand_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -rand_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -rand_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -rand_lib.o: ../../include/openssl/opensslconf.h -rand_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rand_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -rand_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -rand_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -rand_lib.o: ../cryptlib.h rand_lib.c -rand_os2.o: ../../e_os.h ../../include/openssl/asn1.h -rand_os2.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -rand_os2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -rand_os2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -rand_os2.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -rand_os2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -rand_os2.o: ../../include/openssl/opensslconf.h -rand_os2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rand_os2.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -rand_os2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -rand_os2.o: ../../include/openssl/symhacks.h ../cryptlib.h rand_lcl.h -rand_os2.o: rand_os2.c -rand_unix.o: ../../e_os.h ../../include/openssl/asn1.h -rand_unix.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -rand_unix.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -rand_unix.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -rand_unix.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -rand_unix.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -rand_unix.o: ../../include/openssl/opensslconf.h -rand_unix.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rand_unix.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -rand_unix.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -rand_unix.o: ../../include/openssl/symhacks.h ../cryptlib.h rand_lcl.h -rand_unix.o: rand_unix.c -rand_win.o: ../../e_os.h ../../include/openssl/asn1.h -rand_win.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -rand_win.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -rand_win.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -rand_win.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -rand_win.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -rand_win.o: ../../include/openssl/opensslconf.h -rand_win.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rand_win.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -rand_win.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -rand_win.o: ../../include/openssl/symhacks.h ../cryptlib.h rand_lcl.h -rand_win.o: rand_win.c -randfile.o: ../../e_os.h ../../include/openssl/crypto.h -randfile.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h -randfile.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -randfile.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -randfile.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -randfile.o: randfile.c diff --git a/src/lib/libcrypto/rand/md_rand.c b/src/lib/libcrypto/rand/md_rand.c deleted file mode 100644 index a00ed707185..00000000000 --- a/src/lib/libcrypto/rand/md_rand.c +++ /dev/null @@ -1,572 +0,0 @@ -/* crypto/rand/md_rand.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#ifdef MD_RAND_DEBUG -# ifndef NDEBUG -# define NDEBUG -# endif -#endif - -#include -#include -#include - -#include "e_os.h" - -#include -#include "rand_lcl.h" - -#include -#include - -#ifdef BN_DEBUG -# define PREDICT -#endif - -/* #define PREDICT 1 */ - -#define STATE_SIZE 1023 -static int state_num=0,state_index=0; -static unsigned char state[STATE_SIZE+MD_DIGEST_LENGTH]; -static unsigned char md[MD_DIGEST_LENGTH]; -static long md_count[2]={0,0}; -static double entropy=0; -static int initialized=0; - -static unsigned int crypto_lock_rand = 0; /* may be set only when a thread - * holds CRYPTO_LOCK_RAND - * (to prevent double locking) */ -/* access to lockin_thread is synchronized by CRYPTO_LOCK_RAND2 */ -static unsigned long locking_thread = 0; /* valid iff crypto_lock_rand is set */ - - -#ifdef PREDICT -int rand_predictable=0; -#endif - -const char *RAND_version="RAND" OPENSSL_VERSION_PTEXT; - -static void ssleay_rand_cleanup(void); -static void ssleay_rand_seed(const void *buf, int num); -static void ssleay_rand_add(const void *buf, int num, double add_entropy); -static int ssleay_rand_bytes(unsigned char *buf, int num); -static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num); -static int ssleay_rand_status(void); - -RAND_METHOD rand_ssleay_meth={ - ssleay_rand_seed, - ssleay_rand_bytes, - ssleay_rand_cleanup, - ssleay_rand_add, - ssleay_rand_pseudo_bytes, - ssleay_rand_status - }; - -RAND_METHOD *RAND_SSLeay(void) - { - return(&rand_ssleay_meth); - } - -static void ssleay_rand_cleanup(void) - { - memset(state,0,sizeof(state)); - state_num=0; - state_index=0; - memset(md,0,MD_DIGEST_LENGTH); - md_count[0]=0; - md_count[1]=0; - entropy=0; - initialized=0; - } - -static void ssleay_rand_add(const void *buf, int num, double add) - { - int i,j,k,st_idx; - long md_c[2]; - unsigned char local_md[MD_DIGEST_LENGTH]; - EVP_MD_CTX m; - int do_not_lock; - - /* - * (Based on the rand(3) manpage) - * - * The input is chopped up into units of 20 bytes (or less for - * the last block). Each of these blocks is run through the hash - * function as follows: The data passed to the hash function - * is the current 'md', the same number of bytes from the 'state' - * (the location determined by in incremented looping index) as - * the current 'block', the new key data 'block', and 'count' - * (which is incremented after each use). - * The result of this is kept in 'md' and also xored into the - * 'state' at the same locations that were used as input into the - * hash function. - */ - - /* check if we already have the lock */ - if (crypto_lock_rand) - { - CRYPTO_r_lock(CRYPTO_LOCK_RAND2); - do_not_lock = (locking_thread == CRYPTO_thread_id()); - CRYPTO_r_unlock(CRYPTO_LOCK_RAND2); - } - else - do_not_lock = 0; - - if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND); - st_idx=state_index; - - /* use our own copies of the counters so that even - * if a concurrent thread seeds with exactly the - * same data and uses the same subarray there's _some_ - * difference */ - md_c[0] = md_count[0]; - md_c[1] = md_count[1]; - - memcpy(local_md, md, sizeof md); - - /* state_index <= state_num <= STATE_SIZE */ - state_index += num; - if (state_index >= STATE_SIZE) - { - state_index%=STATE_SIZE; - state_num=STATE_SIZE; - } - else if (state_num < STATE_SIZE) - { - if (state_index > state_num) - state_num=state_index; - } - /* state_index <= state_num <= STATE_SIZE */ - - /* state[st_idx], ..., state[(st_idx + num - 1) % STATE_SIZE] - * are what we will use now, but other threads may use them - * as well */ - - md_count[1] += (num / MD_DIGEST_LENGTH) + (num % MD_DIGEST_LENGTH > 0); - - if (!do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND); - - EVP_MD_CTX_init(&m); - for (i=0; i MD_DIGEST_LENGTH)?MD_DIGEST_LENGTH:j; - - MD_Init(&m); - MD_Update(&m,local_md,MD_DIGEST_LENGTH); - k=(st_idx+j)-STATE_SIZE; - if (k > 0) - { - MD_Update(&m,&(state[st_idx]),j-k); - MD_Update(&m,&(state[0]),k); - } - else - MD_Update(&m,&(state[st_idx]),j); - - MD_Update(&m,buf,j); - MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c)); - MD_Final(&m,local_md); - md_c[1]++; - - buf=(const char *)buf + j; - - for (k=0; k= STATE_SIZE) - st_idx=0; - } - } - EVP_MD_CTX_cleanup(&m); - - if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND); - /* Don't just copy back local_md into md -- this could mean that - * other thread's seeding remains without effect (except for - * the incremented counter). By XORing it we keep at least as - * much entropy as fits into md. */ - for (k = 0; k < sizeof md; k++) - { - md[k] ^= local_md[k]; - } - if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */ - entropy += add; - if (!do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND); - -#if !defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) - assert(md_c[1] == md_count[1]); -#endif - } - -static void ssleay_rand_seed(const void *buf, int num) - { - ssleay_rand_add(buf, num, num); - } - -static int ssleay_rand_bytes(unsigned char *buf, int num) - { - static volatile int stirred_pool = 0; - int i,j,k,st_num,st_idx; - int num_ceil; - int ok; - long md_c[2]; - unsigned char local_md[MD_DIGEST_LENGTH]; - EVP_MD_CTX m; -#ifndef GETPID_IS_MEANINGLESS - pid_t curr_pid = getpid(); -#endif - int do_stir_pool = 0; - -#ifdef PREDICT - if (rand_predictable) - { - static unsigned char val=0; - - for (i=0; i= ENTROPY_NEEDED); - if (!ok) - { - /* If the PRNG state is not yet unpredictable, then seeing - * the PRNG output may help attackers to determine the new - * state; thus we have to decrease the entropy estimate. - * Once we've had enough initial seeding we don't bother to - * adjust the entropy count, though, because we're not ambitious - * to provide *information-theoretic* randomness. - * - * NOTE: This approach fails if the program forks before - * we have enough entropy. Entropy should be collected - * in a separate input pool and be transferred to the - * output pool only when the entropy limit has been reached. - */ - entropy -= num; - if (entropy < 0) - entropy = 0; - } - - if (do_stir_pool) - { - /* In the output function only half of 'md' remains secret, - * so we better make sure that the required entropy gets - * 'evenly distributed' through 'state', our randomness pool. - * The input function (ssleay_rand_add) chains all of 'md', - * which makes it more suitable for this purpose. - */ - - int n = STATE_SIZE; /* so that the complete pool gets accessed */ - while (n > 0) - { -#if MD_DIGEST_LENGTH > 20 -# error "Please adjust DUMMY_SEED." -#endif -#define DUMMY_SEED "...................." /* at least MD_DIGEST_LENGTH */ - /* Note that the seed does not matter, it's just that - * ssleay_rand_add expects to have something to hash. */ - ssleay_rand_add(DUMMY_SEED, MD_DIGEST_LENGTH, 0.0); - n -= MD_DIGEST_LENGTH; - } - if (ok) - stirred_pool = 1; - } - - st_idx=state_index; - st_num=state_num; - md_c[0] = md_count[0]; - md_c[1] = md_count[1]; - memcpy(local_md, md, sizeof md); - - state_index+=num_ceil; - if (state_index > state_num) - state_index %= state_num; - - /* state[st_idx], ..., state[(st_idx + num_ceil - 1) % st_num] - * are now ours (but other threads may use them too) */ - - md_count[0] += 1; - - /* before unlocking, we must clear 'crypto_lock_rand' */ - crypto_lock_rand = 0; - CRYPTO_w_unlock(CRYPTO_LOCK_RAND); - - while (num > 0) - { - /* num_ceil -= MD_DIGEST_LENGTH/2 */ - j=(num >= MD_DIGEST_LENGTH/2)?MD_DIGEST_LENGTH/2:num; - num-=j; - MD_Init(&m); -#ifndef GETPID_IS_MEANINGLESS - if (curr_pid) /* just in the first iteration to save time */ - { - MD_Update(&m,(unsigned char*)&curr_pid,sizeof curr_pid); - curr_pid = 0; - } -#endif - MD_Update(&m,local_md,MD_DIGEST_LENGTH); - MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c)); -#ifndef PURIFY - MD_Update(&m,buf,j); /* purify complains */ -#endif - k=(st_idx+MD_DIGEST_LENGTH/2)-st_num; - if (k > 0) - { - MD_Update(&m,&(state[st_idx]),MD_DIGEST_LENGTH/2-k); - MD_Update(&m,&(state[0]),k); - } - else - MD_Update(&m,&(state[st_idx]),MD_DIGEST_LENGTH/2); - MD_Final(&m,local_md); - - for (i=0; i= st_num) - st_idx=0; - if (i < j) - *(buf++)=local_md[i+MD_DIGEST_LENGTH/2]; - } - } - - MD_Init(&m); - MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c)); - MD_Update(&m,local_md,MD_DIGEST_LENGTH); - CRYPTO_w_lock(CRYPTO_LOCK_RAND); - MD_Update(&m,md,MD_DIGEST_LENGTH); - MD_Final(&m,md); - CRYPTO_w_unlock(CRYPTO_LOCK_RAND); - - EVP_MD_CTX_cleanup(&m); - if (ok) - return(1); - else - { - RANDerr(RAND_F_SSLEAY_RAND_BYTES,RAND_R_PRNG_NOT_SEEDED); - ERR_add_error_data(1, "You need to read the OpenSSL FAQ, " - "http://www.openssl.org/support/faq.html"); - return(0); - } - } - -/* pseudo-random bytes that are guaranteed to be unique but not - unpredictable */ -static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num) - { - int ret; - unsigned long err; - - ret = RAND_bytes(buf, num); - if (ret == 0) - { - err = ERR_peek_error(); - if (ERR_GET_LIB(err) == ERR_LIB_RAND && - ERR_GET_REASON(err) == RAND_R_PRNG_NOT_SEEDED) - (void)ERR_get_error(); - } - return (ret); - } - -static int ssleay_rand_status(void) - { - int ret; - int do_not_lock; - - /* check if we already have the lock - * (could happen if a RAND_poll() implementation calls RAND_status()) */ - if (crypto_lock_rand) - { - CRYPTO_r_lock(CRYPTO_LOCK_RAND2); - do_not_lock = (locking_thread == CRYPTO_thread_id()); - CRYPTO_r_unlock(CRYPTO_LOCK_RAND2); - } - else - do_not_lock = 0; - - if (!do_not_lock) - { - CRYPTO_w_lock(CRYPTO_LOCK_RAND); - - /* prevent ssleay_rand_bytes() from trying to obtain the lock again */ - CRYPTO_w_lock(CRYPTO_LOCK_RAND2); - locking_thread = CRYPTO_thread_id(); - CRYPTO_w_unlock(CRYPTO_LOCK_RAND2); - crypto_lock_rand = 1; - } - - if (!initialized) - { - RAND_poll(); - initialized = 1; - } - - ret = entropy >= ENTROPY_NEEDED; - - if (!do_not_lock) - { - /* before unlocking, we must clear 'crypto_lock_rand' */ - crypto_lock_rand = 0; - - CRYPTO_w_unlock(CRYPTO_LOCK_RAND); - } - - return ret; - } diff --git a/src/lib/libcrypto/rand/rand.h b/src/lib/libcrypto/rand/rand.h index e17aa7a9f73..fcb2e9218d0 100644 --- a/src/lib/libcrypto/rand/rand.h +++ b/src/lib/libcrypto/rand/rand.h @@ -1,25 +1,25 @@ -/* crypto/rand/rand.h */ +/* $OpenBSD: rand.h,v 1.22 2014/10/22 14:02:52 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,60 +49,56 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ +#include + #ifndef HEADER_RAND_H #define HEADER_RAND_H -#include +#include + #include #ifdef __cplusplus extern "C" { #endif -typedef struct rand_meth_st - { +/* Already defined in ossl_typ.h */ +/* typedef struct rand_meth_st RAND_METHOD; */ + +struct rand_meth_st { void (*seed)(const void *buf, int num); int (*bytes)(unsigned char *buf, int num); void (*cleanup)(void); void (*add)(const void *buf, int num, double entropy); int (*pseudorand)(unsigned char *buf, int num); int (*status)(void); - } RAND_METHOD; - -#ifdef BN_DEBUG -extern int rand_predictable; -#endif +}; int RAND_set_rand_method(const RAND_METHOD *meth); const RAND_METHOD *RAND_get_rand_method(void); +#ifndef OPENSSL_NO_ENGINE int RAND_set_rand_engine(ENGINE *engine); +#endif RAND_METHOD *RAND_SSLeay(void); + +#ifndef LIBRESSL_INTERNAL void RAND_cleanup(void ); -int RAND_bytes(unsigned char *buf,int num); -int RAND_pseudo_bytes(unsigned char *buf,int num); -void RAND_seed(const void *buf,int num); -void RAND_add(const void *buf,int num,double entropy); -int RAND_load_file(const char *file,long max_bytes); +int RAND_bytes(unsigned char *buf, int num); +int RAND_pseudo_bytes(unsigned char *buf, int num); +void RAND_seed(const void *buf, int num); +void RAND_add(const void *buf, int num, double entropy); +int RAND_load_file(const char *file, long max_bytes); int RAND_write_file(const char *file); -const char *RAND_file_name(char *file,size_t num); +const char *RAND_file_name(char *file, size_t num); int RAND_status(void); -int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes); -int RAND_egd(const char *path); -int RAND_egd_bytes(const char *path,int bytes); int RAND_poll(void); - -#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) - -void RAND_screen(void); -int RAND_event(UINT, WPARAM, LPARAM); - #endif /* BEGIN ERROR CODES */ @@ -111,13 +107,18 @@ int RAND_event(UINT, WPARAM, LPARAM); */ void ERR_load_RAND_strings(void); -/* Error codes for the RAND functions. */ +/* Error codes for the RAND functions. (no longer used) */ /* Function codes. */ #define RAND_F_RAND_GET_RAND_METHOD 101 +#define RAND_F_RAND_INIT_FIPS 102 #define RAND_F_SSLEAY_RAND_BYTES 100 /* Reason codes. */ +#define RAND_R_DUAL_EC_DRBG_DISABLED 104 +#define RAND_R_ERROR_INITIALISING_DRBG 102 +#define RAND_R_ERROR_INSTANTIATING_DRBG 103 +#define RAND_R_NO_FIPS_RANDOM_METHOD_SET 101 #define RAND_R_PRNG_NOT_SEEDED 100 #ifdef __cplusplus diff --git a/src/lib/libcrypto/rand/rand_egd.c b/src/lib/libcrypto/rand/rand_egd.c deleted file mode 100644 index 97ed12cf671..00000000000 --- a/src/lib/libcrypto/rand/rand_egd.c +++ /dev/null @@ -1,298 +0,0 @@ -/* crypto/rand/rand_egd.c */ -/* Written by Ulf Moeller and Lutz Jaenicke for the OpenSSL project. */ -/* ==================================================================== - * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include - -/* - * Query the EGD . - * - * This module supplies three routines: - * - * RAND_query_egd_bytes(path, buf, bytes) - * will actually query "bytes" bytes of entropy form the egd-socket located - * at path and will write them to buf (if supplied) or will directly feed - * it to RAND_seed() if buf==NULL. - * The number of bytes is not limited by the maximum chunk size of EGD, - * which is 255 bytes. If more than 255 bytes are wanted, several chunks - * of entropy bytes are requested. The connection is left open until the - * query is competed. - * RAND_query_egd_bytes() returns with - * -1 if an error occured during connection or communication. - * num the number of bytes read from the EGD socket. This number is either - * the number of bytes requested or smaller, if the EGD pool is - * drained and the daemon signals that the pool is empty. - * This routine does not touch any RAND_status(). This is necessary, since - * PRNG functions may call it during initialization. - * - * RAND_egd_bytes(path, bytes) will query "bytes" bytes and have them - * used to seed the PRNG. - * RAND_egd_bytes() is a wrapper for RAND_query_egd_bytes() with buf=NULL. - * Unlike RAND_query_egd_bytes(), RAND_status() is used to test the - * seed status so that the return value can reflect the seed state: - * -1 if an error occured during connection or communication _or_ - * if the PRNG has still not received the required seeding. - * num the number of bytes read from the EGD socket. This number is either - * the number of bytes requested or smaller, if the EGD pool is - * drained and the daemon signals that the pool is empty. - * - * RAND_egd(path) will query 255 bytes and use the bytes retreived to seed - * the PRNG. - * RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255. - */ - -#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) -int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) - { - return(-1); - } -int RAND_egd(const char *path) - { - return(-1); - } - -int RAND_egd_bytes(const char *path,int bytes) - { - return(-1); - } -#else -#include -#include OPENSSL_UNISTD -#include -#include -#ifndef NO_SYS_UN_H -# ifdef OPENSSL_SYS_VSWORKS -# include -# else -# include -# endif -#else -struct sockaddr_un { - short sun_family; /* AF_UNIX */ - char sun_path[108]; /* path name (gag) */ -}; -#endif /* NO_SYS_UN_H */ -#include -#include - -#ifndef offsetof -# define offsetof(TYPE, MEMBER) ((size_t) &((TYPE *)0)->MEMBER) -#endif - -int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes) - { - int ret = 0; - struct sockaddr_un addr; - int len, num, numbytes; - int fd = -1; - int success; - unsigned char egdbuf[2], tempbuf[255], *retrievebuf; - - memset(&addr, 0, sizeof(addr)); - addr.sun_family = AF_UNIX; - if (strlen(path) > sizeof(addr.sun_path)) - return (-1); - strcpy(addr.sun_path,path); - len = offsetof(struct sockaddr_un, sun_path) + strlen(path); - fd = socket(AF_UNIX, SOCK_STREAM, 0); - if (fd == -1) return (-1); - success = 0; - while (!success) - { - if (connect(fd, (struct sockaddr *)&addr, len) == 0) - success = 1; - else - { - switch (errno) - { -#ifdef EINTR - case EINTR: -#endif -#ifdef EAGAIN - case EAGAIN: -#endif -#ifdef EINPROGRESS - case EINPROGRESS: -#endif -#ifdef EALREADY - case EALREADY: -#endif - /* No error, try again */ - break; -#ifdef EISCONN - case EISCONN: - success = 1; - break; -#endif - default: - goto err; /* failure */ - } - } - } - - while(bytes > 0) - { - egdbuf[0] = 1; - egdbuf[1] = bytes < 255 ? bytes : 255; - numbytes = 0; - while (numbytes != 2) - { - num = write(fd, egdbuf + numbytes, 2 - numbytes); - if (num >= 0) - numbytes += num; - else - { - switch (errno) - { -#ifdef EINTR - case EINTR: -#endif -#ifdef EAGAIN - case EAGAIN: -#endif - /* No error, try again */ - break; - default: - ret = -1; - goto err; /* failure */ - } - } - } - numbytes = 0; - while (numbytes != 1) - { - num = read(fd, egdbuf, 1); - if (num >= 0) - numbytes += num; - else - { - switch (errno) - { -#ifdef EINTR - case EINTR: -#endif -#ifdef EAGAIN - case EAGAIN: -#endif - /* No error, try again */ - break; - default: - ret = -1; - goto err; /* failure */ - } - } - } - if(egdbuf[0] == 0) - goto err; - if (buf) - retrievebuf = buf + ret; - else - retrievebuf = tempbuf; - numbytes = 0; - while (numbytes != egdbuf[0]) - { - num = read(fd, retrievebuf + numbytes, egdbuf[0] - numbytes); - if (num >= 0) - numbytes += num; - else - { - switch (errno) - { -#ifdef EINTR - case EINTR: -#endif -#ifdef EAGAIN - case EAGAIN: -#endif - /* No error, try again */ - break; - default: - ret = -1; - goto err; /* failure */ - } - } - } - ret += egdbuf[0]; - bytes -= egdbuf[0]; - if (!buf) - RAND_seed(tempbuf, egdbuf[0]); - } - err: - if (fd != -1) close(fd); - return(ret); - } - - -int RAND_egd_bytes(const char *path, int bytes) - { - int num, ret = 0; - - num = RAND_query_egd_bytes(path, NULL, bytes); - if (num < 1) goto err; - if (RAND_status() == 1) - ret = num; - err: - return(ret); - } - - -int RAND_egd(const char *path) - { - return (RAND_egd_bytes(path, 255)); - } - - -#endif diff --git a/src/lib/libcrypto/rand/rand_err.c b/src/lib/libcrypto/rand/rand_err.c index b77267e213b..1ac00be7730 100644 --- a/src/lib/libcrypto/rand/rand_err.c +++ b/src/lib/libcrypto/rand/rand_err.c @@ -1,13 +1,13 @@ -/* crypto/rand/rand_err.c */ +/* $OpenBSD: rand_err.c,v 1.15 2017/01/29 17:49:23 beck Exp $ */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -59,37 +59,41 @@ */ #include + +#include + #include #include /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -static ERR_STRING_DATA RAND_str_functs[]= - { -{ERR_PACK(0,RAND_F_RAND_GET_RAND_METHOD,0), "RAND_get_rand_method"}, -{ERR_PACK(0,RAND_F_SSLEAY_RAND_BYTES,0), "SSLEAY_RAND_BYTES"}, -{0,NULL} - }; -static ERR_STRING_DATA RAND_str_reasons[]= - { -{RAND_R_PRNG_NOT_SEEDED ,"PRNG not seeded"}, -{0,NULL} - }; +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_RAND,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_RAND,0,reason) -#endif +static ERR_STRING_DATA RAND_str_functs[] = { + {ERR_FUNC(0xfff), "CRYPTO_internal"}, + {0, NULL} +}; -void ERR_load_RAND_strings(void) - { - static int init=1; +static ERR_STRING_DATA RAND_str_reasons[] = { + {ERR_REASON(RAND_R_DUAL_EC_DRBG_DISABLED), "dual ec drbg disabled"}, + {ERR_REASON(RAND_R_ERROR_INITIALISING_DRBG), "error initialising drbg"}, + {ERR_REASON(RAND_R_ERROR_INSTANTIATING_DRBG), "error instantiating drbg"}, + {ERR_REASON(RAND_R_NO_FIPS_RANDOM_METHOD_SET), "no fips random method set"}, + {ERR_REASON(RAND_R_PRNG_NOT_SEEDED) , "PRNG not seeded"}, + {0, NULL} +}; - if (init) - { - init=0; -#ifndef OPENSSL_NO_ERR - ERR_load_strings(ERR_LIB_RAND,RAND_str_functs); - ERR_load_strings(ERR_LIB_RAND,RAND_str_reasons); #endif - } +void +ERR_load_RAND_strings(void) +{ +#ifndef OPENSSL_NO_ERR + if (ERR_func_error_string(RAND_str_functs[0].error) == NULL) { + ERR_load_strings(0, RAND_str_functs); + ERR_load_strings(0, RAND_str_reasons); } +#endif +} diff --git a/src/lib/libcrypto/rand/rand_lcl.h b/src/lib/libcrypto/rand/rand_lcl.h deleted file mode 100644 index 618a8ec899c..00000000000 --- a/src/lib/libcrypto/rand/rand_lcl.h +++ /dev/null @@ -1,158 +0,0 @@ -/* crypto/rand/rand_lcl.h */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#ifndef HEADER_RAND_LCL_H -#define HEADER_RAND_LCL_H - -#define ENTROPY_NEEDED 32 /* require 256 bits = 32 bytes of randomness */ - - -#if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND) -#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) -#define USE_SHA1_RAND -#elif !defined(OPENSSL_NO_MD5) -#define USE_MD5_RAND -#elif !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES) -#define USE_MDC2_RAND -#elif !defined(OPENSSL_NO_MD2) -#define USE_MD2_RAND -#else -#error No message digest algorithm available -#endif -#endif - -#include -#define MD_Update(a,b,c) EVP_DigestUpdate(a,b,c) -#define MD_Final(a,b) EVP_DigestFinal_ex(a,b,NULL) -#if defined(USE_MD5_RAND) -#include -#define MD_DIGEST_LENGTH MD5_DIGEST_LENGTH -#define MD_Init(a) EVP_DigestInit_ex(a,EVP_md5(), NULL) -#define MD(a,b,c) EVP_Digest(a,b,c,NULL,EVP_md5(), NULL) -#elif defined(USE_SHA1_RAND) -#include -#define MD_DIGEST_LENGTH SHA_DIGEST_LENGTH -#define MD_Init(a) EVP_DigestInit_ex(a,EVP_sha1(), NULL) -#define MD(a,b,c) EVP_Digest(a,b,c,NULL,EVP_sha1(), NULL) -#elif defined(USE_MDC2_RAND) -#include -#define MD_DIGEST_LENGTH MDC2_DIGEST_LENGTH -#define MD_Init(a) EVP_DigestInit_ex(a,EVP_mdc2(), NULL) -#define MD(a,b,c) EVP_Digest(a,b,c,NULL,EVP_mdc2(), NULL) -#elif defined(USE_MD2_RAND) -#include -#define MD_DIGEST_LENGTH MD2_DIGEST_LENGTH -#define MD_Init(a) EVP_DigestInit_ex(a,EVP_md2(), NULL) -#define MD(a,b,c) EVP_Digest(a,b,c,NULL,EVP_md2(), NULL) -#endif - - -#endif diff --git a/src/lib/libcrypto/rand/rand_lib.c b/src/lib/libcrypto/rand/rand_lib.c index 5cf5dc11886..8342a55f05d 100644 --- a/src/lib/libcrypto/rand/rand_lib.c +++ b/src/lib/libcrypto/rand/rand_lib.c @@ -1,166 +1,100 @@ -/* crypto/rand/rand_lib.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. +/* $OpenBSD: rand_lib.c,v 1.20 2014/10/22 13:02:04 jsing Exp $ */ +/* + * Copyright (c) 2014 Ted Unangst * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#include -#include -#include "cryptlib.h" +#include + +#include + #include -#include - -/* non-NULL if default_RAND_meth is ENGINE-provided */ -static ENGINE *funct_ref =NULL; -static const RAND_METHOD *default_RAND_meth = NULL; - -int RAND_set_rand_method(const RAND_METHOD *meth) - { - if(funct_ref) - { - ENGINE_finish(funct_ref); - funct_ref = NULL; - } - default_RAND_meth = meth; + +/* + * The useful functions in this file are at the bottom. + */ +int +RAND_set_rand_method(const RAND_METHOD *meth) +{ + return 1; +} + +const RAND_METHOD * +RAND_get_rand_method(void) +{ + return NULL; +} + +RAND_METHOD * +RAND_SSLeay(void) +{ + return NULL; +} + +#ifndef OPENSSL_NO_ENGINE +int +RAND_set_rand_engine(ENGINE *engine) +{ return 1; - } - -const RAND_METHOD *RAND_get_rand_method(void) - { - if (!default_RAND_meth) - { - ENGINE *e = ENGINE_get_default_RAND(); - if(e) - { - default_RAND_meth = ENGINE_get_RAND(e); - if(!default_RAND_meth) - { - ENGINE_finish(e); - e = NULL; - } - } - if(e) - funct_ref = e; - else - default_RAND_meth = RAND_SSLeay(); - } - return default_RAND_meth; - } - -int RAND_set_rand_engine(ENGINE *engine) - { - const RAND_METHOD *tmp_meth = NULL; - if(engine) - { - if(!ENGINE_init(engine)) - return 0; - tmp_meth = ENGINE_get_RAND(engine); - if(!tmp_meth) - { - ENGINE_finish(engine); - return 0; - } - } - /* This function releases any prior ENGINE so call it first */ - RAND_set_rand_method(tmp_meth); - funct_ref = engine; +} +#endif + +void +RAND_cleanup(void) +{ + +} + +void +RAND_seed(const void *buf, int num) +{ + +} + +void +RAND_add(const void *buf, int num, double entropy) +{ + +} + +int +RAND_status(void) +{ + return 1; +} + +int +RAND_poll(void) +{ + return 1; +} + +/* + * Hurray. You've made it to the good parts. + */ +int +RAND_bytes(unsigned char *buf, int num) +{ + if (num > 0) + arc4random_buf(buf, num); + return 1; +} + +int +RAND_pseudo_bytes(unsigned char *buf, int num) +{ + if (num > 0) + arc4random_buf(buf, num); return 1; - } - -void RAND_cleanup(void) - { - const RAND_METHOD *meth = RAND_get_rand_method(); - if (meth && meth->cleanup) - meth->cleanup(); - RAND_set_rand_method(NULL); - } - -void RAND_seed(const void *buf, int num) - { - const RAND_METHOD *meth = RAND_get_rand_method(); - if (meth && meth->seed) - meth->seed(buf,num); - } - -void RAND_add(const void *buf, int num, double entropy) - { - const RAND_METHOD *meth = RAND_get_rand_method(); - if (meth && meth->add) - meth->add(buf,num,entropy); - } - -int RAND_bytes(unsigned char *buf, int num) - { - const RAND_METHOD *meth = RAND_get_rand_method(); - if (meth && meth->bytes) - return meth->bytes(buf,num); - return(-1); - } - -int RAND_pseudo_bytes(unsigned char *buf, int num) - { - const RAND_METHOD *meth = RAND_get_rand_method(); - if (meth && meth->pseudorand) - return meth->pseudorand(buf,num); - return(-1); - } - -int RAND_status(void) - { - const RAND_METHOD *meth = RAND_get_rand_method(); - if (meth && meth->status) - return meth->status(); - return 0; - } +} diff --git a/src/lib/libcrypto/rand/rand_os2.c b/src/lib/libcrypto/rand/rand_os2.c deleted file mode 100644 index c3e36d4e5e3..00000000000 --- a/src/lib/libcrypto/rand/rand_os2.c +++ /dev/null @@ -1,147 +0,0 @@ -/* crypto/rand/rand_os2.c */ -/* ==================================================================== - * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include "cryptlib.h" -#include -#include "rand_lcl.h" - -#ifdef OPENSSL_SYS_OS2 - -#define INCL_DOSPROCESS -#define INCL_DOSPROFILE -#define INCL_DOSMISC -#define INCL_DOSMODULEMGR -#include - -#define CMD_KI_RDCNT (0x63) - -typedef struct _CPUUTIL { - ULONG ulTimeLow; /* Low 32 bits of time stamp */ - ULONG ulTimeHigh; /* High 32 bits of time stamp */ - ULONG ulIdleLow; /* Low 32 bits of idle time */ - ULONG ulIdleHigh; /* High 32 bits of idle time */ - ULONG ulBusyLow; /* Low 32 bits of busy time */ - ULONG ulBusyHigh; /* High 32 bits of busy time */ - ULONG ulIntrLow; /* Low 32 bits of interrupt time */ - ULONG ulIntrHigh; /* High 32 bits of interrupt time */ -} CPUUTIL; - -APIRET APIENTRY(*DosPerfSysCall) (ULONG ulCommand, ULONG ulParm1, ULONG ulParm2, ULONG ulParm3) = NULL; -APIRET APIENTRY(*DosQuerySysState) (ULONG func, ULONG arg1, ULONG pid, ULONG _res_, PVOID buf, ULONG bufsz) = NULL; -HMODULE hDoscalls = 0; - -int RAND_poll(void) -{ - char failed_module[20]; - QWORD qwTime; - ULONG SysVars[QSV_FOREGROUND_PROCESS]; - - if (hDoscalls == 0) { - ULONG rc = DosLoadModule(failed_module, sizeof(failed_module), "DOSCALLS", &hDoscalls); - - if (rc == 0) { - rc = DosQueryProcAddr(hDoscalls, 976, NULL, (PFN *)&DosPerfSysCall); - - if (rc) - DosPerfSysCall = NULL; - - rc = DosQueryProcAddr(hDoscalls, 368, NULL, (PFN *)&DosQuerySysState); - - if (rc) - DosQuerySysState = NULL; - } - } - - /* Sample the hi-res timer, runs at around 1.1 MHz */ - DosTmrQueryTime(&qwTime); - RAND_add(&qwTime, sizeof(qwTime), 2); - - /* Sample a bunch of system variables, includes various process & memory statistics */ - DosQuerySysInfo(1, QSV_FOREGROUND_PROCESS, SysVars, sizeof(SysVars)); - RAND_add(SysVars, sizeof(SysVars), 4); - - /* If available, sample CPU registers that count at CPU MHz - * Only fairly new CPUs (PPro & K6 onwards) & OS/2 versions support this - */ - if (DosPerfSysCall) { - CPUUTIL util; - - if (DosPerfSysCall(CMD_KI_RDCNT, (ULONG)&util, 0, 0) == 0) { - RAND_add(&util, sizeof(util), 10); - } - else { - DosPerfSysCall = NULL; - } - } - - /* DosQuerySysState() gives us a huge quantity of process, thread, memory & handle stats */ - if (DosQuerySysState) { - char *buffer = OPENSSL_malloc(256 * 1024); - - if (DosQuerySysState(0x1F, 0, 0, 0, buffer, 256 * 1024) == 0) { - /* First 4 bytes in buffer is a pointer to the thread count - * there should be at least 1 byte of entropy per thread - */ - RAND_add(buffer, 256 * 1024, **(ULONG **)buffer); - } - - OPENSSL_free(buffer); - return 1; - } - - return 0; -} - -#endif /* OPENSSL_SYS_OS2 */ diff --git a/src/lib/libcrypto/rand/rand_unix.c b/src/lib/libcrypto/rand/rand_unix.c deleted file mode 100644 index 0b292351302..00000000000 --- a/src/lib/libcrypto/rand/rand_unix.c +++ /dev/null @@ -1,274 +0,0 @@ -/* crypto/rand/rand_unix.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include "cryptlib.h" -#include -#include "rand_lcl.h" - -#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2)) - -#include -#include -#include -#include -#include -#include - -#ifdef __OpenBSD__ -#undef DEVRANDOM -#define DEVRANDOM "/dev/arandom" -int RAND_poll(void) -{ - unsigned long l; - pid_t curr_pid = getpid(); - FILE *fh; - - /* Use a random entropy pool device. Linux, FreeBSD and OpenBSD - * have this. Use /dev/urandom if you can as /dev/random may block - * if it runs out of random entries. */ - - if ((fh = fopen(DEVRANDOM, "r")) != NULL) - { - unsigned char tmpbuf[ENTROPY_NEEDED]; - int n; - - setvbuf(fh, NULL, _IONBF, 0); - n=fread((unsigned char *)tmpbuf,1,ENTROPY_NEEDED,fh); - fclose(fh); - RAND_add(tmpbuf,sizeof tmpbuf,n); - memset(tmpbuf,0,n); - } - - /* put in some default random data, we need more than just this */ - l=curr_pid; - RAND_add(&l,sizeof(l),0); - l=getuid(); - RAND_add(&l,sizeof(l),0); - - l=time(NULL); - RAND_add(&l,sizeof(l),0); - - return 1; -} -#else -int RAND_poll(void) -{ - unsigned long l; - pid_t curr_pid = getpid(); -#if defined(DEVRANDOM) || defined(DEVRANDOM_EGD) - unsigned char tmpbuf[ENTROPY_NEEDED]; - int n = 0; -#endif -#ifdef DEVRANDOM - static const char *randomfiles[] = { DEVRANDOM, NULL }; - const char **randomfile = NULL; - int fd; -#endif -#ifdef DEVRANDOM_EGD - static const char *egdsockets[] = { DEVRANDOM_EGD, NULL }; - const char **egdsocket = NULL; -#endif - -#ifdef DEVRANDOM - /* Use a random entropy pool device. Linux, FreeBSD and OpenBSD - * have this. Use /dev/urandom if you can as /dev/random may block - * if it runs out of random entries. */ - - for (randomfile = randomfiles; *randomfile && n < ENTROPY_NEEDED; randomfile++) - { - if ((fd = open(*randomfile, O_RDONLY|O_NONBLOCK -#ifdef O_NOCTTY /* If it happens to be a TTY (god forbid), do not make it - our controlling tty */ - |O_NOCTTY -#endif -#ifdef O_NOFOLLOW /* Fail if the file is a symbolic link */ - |O_NOFOLLOW -#endif - )) >= 0) - { - struct timeval t = { 0, 10*1000 }; /* Spend 10ms on - each file. */ - int r; - fd_set fset; - - do - { - FD_ZERO(&fset); - FD_SET(fd, &fset); - r = -1; - - if (select(fd+1,&fset,NULL,NULL,&t) < 0) - t.tv_usec=0; - else if (FD_ISSET(fd, &fset)) - { - r=read(fd,(unsigned char *)tmpbuf+n, - ENTROPY_NEEDED-n); - if (r > 0) - n += r; - } - - /* Some Unixen will update t, some - won't. For those who won't, give - up here, otherwise, we will do - this once again for the remaining - time. */ - if (t.tv_usec == 10*1000) - t.tv_usec=0; - } - while ((r > 0 || (errno == EINTR || errno == EAGAIN)) - && t.tv_usec != 0 && n < ENTROPY_NEEDED); - - close(fd); - } - } -#endif - -#ifdef DEVRANDOM_EGD - /* Use an EGD socket to read entropy from an EGD or PRNGD entropy - * collecting daemon. */ - - for (egdsocket = egdsockets; *egdsocket && n < ENTROPY_NEEDED; egdsocket++) - { - int r; - - r = RAND_query_egd_bytes(*egdsocket, (unsigned char *)tmpbuf+n, - ENTROPY_NEEDED-n); - if (r > 0) - n += r; - } -#endif - -#if defined(DEVRANDOM) || defined(DEVRANDOM_EGD) - if (n > 0) - { - RAND_add(tmpbuf,sizeof tmpbuf,n); - memset(tmpbuf,0,n); - } -#endif - - /* put in some default random data, we need more than just this */ - l=curr_pid; - RAND_add(&l,sizeof(l),0); - l=getuid(); - RAND_add(&l,sizeof(l),0); - - l=time(NULL); - RAND_add(&l,sizeof(l),0); - -#if defined(DEVRANDOM) || defined(DEVRANDOM_EGD) - return 1; -#else - return 0; -#endif -} - -#endif -#endif diff --git a/src/lib/libcrypto/rand/rand_vms.c b/src/lib/libcrypto/rand/rand_vms.c deleted file mode 100644 index 29b2d7af0b0..00000000000 --- a/src/lib/libcrypto/rand/rand_vms.c +++ /dev/null @@ -1,135 +0,0 @@ -/* crypto/rand/rand_vms.c -*- mode:C; c-file-style: "eay" -*- */ -/* Written by Richard Levitte for the OpenSSL - * project 2000. - */ -/* ==================================================================== - * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include "rand_lcl.h" - -#if defined(OPENSSL_SYS_VMS) - -#include -#include -#include -#include -#ifdef __DECC -# pragma message disable DOLLARID -#endif - -static struct items_data_st - { - short length, code; /* length is amount of bytes */ - } items_data[] = - { { 4, JPI$_BUFIO }, - { 4, JPI$_CPUTIM }, - { 4, JPI$_DIRIO }, - { 8, JPI$_LOGINTIM }, - { 4, JPI$_PAGEFLTS }, - { 4, JPI$_PID }, - { 4, JPI$_WSSIZE }, - { 0, 0 } - }; - -int RAND_poll(void) - { - long pid, iosb[2]; - int status = 0; - struct - { - short length, code; - long *buffer; - int *retlen; - } item[32], *pitem; - unsigned char data_buffer[256]; - short total_length = 0; - struct items_data_st *pitems_data; - - pitems_data = items_data; - pitem = item; - - /* Setup */ - while (pitems_data->length) - { - pitem->length = pitems_data->length; - pitem->code = pitems_data->code; - pitem->buffer = (long *)data_buffer[total_length]; - pitem->retlen = 0; - total_length += pitems_data->length; - pitems_data++; - pitem++; - } - pitem->length = pitem->code = 0; - - /* - * Scan through all the processes in the system and add entropy with - * results from the processes that were possible to look at. - * However, view the information as only half trustable. - */ - pid = -1; /* search context */ - while ((status = sys$getjpiw(0, &pid, 0, item, iosb, 0, 0)) - != SS$_NOMOREPROC) - { - if (status == SS$_NORMAL) - { - RAND_add(data_buffer, total_length, total_length/2); - } - } - sys$gettim(iosb); - RAND_add((unsigned char *)iosb, sizeof(iosb), sizeof(iosb)/2); - return 1; -} - -#endif diff --git a/src/lib/libcrypto/rand/rand_win.c b/src/lib/libcrypto/rand/rand_win.c deleted file mode 100644 index c1b955b06f0..00000000000 --- a/src/lib/libcrypto/rand/rand_win.c +++ /dev/null @@ -1,693 +0,0 @@ -/* crypto/rand/rand_win.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include "cryptlib.h" -#include -#include "rand_lcl.h" - -#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) -#include -#ifndef _WIN32_WINNT -# define _WIN32_WINNT 0x0400 -#endif -#include -#include - -/* Intel hardware RNG CSP -- available from - * http://developer.intel.com/design/security/rng/redist_license.htm - */ -#define PROV_INTEL_SEC 22 -#define INTEL_DEF_PROV "Intel Hardware Cryptographic Service Provider" - -static void readtimer(void); -static void readscreen(void); - -/* It appears like CURSORINFO, PCURSORINFO and LPCURSORINFO are only defined - when WINVER is 0x0500 and up, which currently only happens on Win2000. - Unfortunately, those are typedefs, so they're a little bit difficult to - detect properly. On the other hand, the macro CURSOR_SHOWING is defined - within the same conditional, so it can be use to detect the absence of said - typedefs. */ - -#ifndef CURSOR_SHOWING -/* - * Information about the global cursor. - */ -typedef struct tagCURSORINFO -{ - DWORD cbSize; - DWORD flags; - HCURSOR hCursor; - POINT ptScreenPos; -} CURSORINFO, *PCURSORINFO, *LPCURSORINFO; - -#define CURSOR_SHOWING 0x00000001 -#endif /* CURSOR_SHOWING */ - -typedef BOOL (WINAPI *CRYPTACQUIRECONTEXT)(HCRYPTPROV *, LPCTSTR, LPCTSTR, - DWORD, DWORD); -typedef BOOL (WINAPI *CRYPTGENRANDOM)(HCRYPTPROV, DWORD, BYTE *); -typedef BOOL (WINAPI *CRYPTRELEASECONTEXT)(HCRYPTPROV, DWORD); - -typedef HWND (WINAPI *GETFOREGROUNDWINDOW)(VOID); -typedef BOOL (WINAPI *GETCURSORINFO)(PCURSORINFO); -typedef DWORD (WINAPI *GETQUEUESTATUS)(UINT); - -typedef HANDLE (WINAPI *CREATETOOLHELP32SNAPSHOT)(DWORD, DWORD); -typedef BOOL (WINAPI *HEAP32FIRST)(LPHEAPENTRY32, DWORD, DWORD); -typedef BOOL (WINAPI *HEAP32NEXT)(LPHEAPENTRY32); -typedef BOOL (WINAPI *HEAP32LIST)(HANDLE, LPHEAPLIST32); -typedef BOOL (WINAPI *PROCESS32)(HANDLE, LPPROCESSENTRY32); -typedef BOOL (WINAPI *THREAD32)(HANDLE, LPTHREADENTRY32); -typedef BOOL (WINAPI *MODULE32)(HANDLE, LPMODULEENTRY32); - -#include -#include -#if 1 /* The NET API is Unicode only. It requires the use of the UNICODE - * macro. When UNICODE is defined LPTSTR becomes LPWSTR. LMSTR was - * was added to the Platform SDK to allow the NET API to be used in - * non-Unicode applications provided that Unicode strings were still - * used for input. LMSTR is defined as LPWSTR. - */ -typedef NET_API_STATUS (NET_API_FUNCTION * NETSTATGET) - (LPWSTR, LPWSTR, DWORD, DWORD, LPBYTE*); -typedef NET_API_STATUS (NET_API_FUNCTION * NETFREE)(LPBYTE); -#endif /* 1 */ - -int RAND_poll(void) -{ - MEMORYSTATUS m; - HCRYPTPROV hProvider = 0; - BYTE buf[64]; - DWORD w; - HWND h; - - HMODULE advapi, kernel, user, netapi; - CRYPTACQUIRECONTEXT acquire = 0; - CRYPTGENRANDOM gen = 0; - CRYPTRELEASECONTEXT release = 0; -#if 1 /* There was previously a problem with NETSTATGET. Currently, this - * section is still experimental, but if all goes well, this conditional - * will be removed - */ - NETSTATGET netstatget = 0; - NETFREE netfree = 0; -#endif /* 1 */ - - /* Determine the OS version we are on so we can turn off things - * that do not work properly. - */ - OSVERSIONINFO osverinfo ; - osverinfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO) ; - GetVersionEx( &osverinfo ) ; - - /* load functions dynamically - not available on all systems */ - advapi = LoadLibrary("ADVAPI32.DLL"); - kernel = LoadLibrary("KERNEL32.DLL"); - user = LoadLibrary("USER32.DLL"); - netapi = LoadLibrary("NETAPI32.DLL"); - -#if 1 /* There was previously a problem with NETSTATGET. Currently, this - * section is still experimental, but if all goes well, this conditional - * will be removed - */ - if (netapi) - { - netstatget = (NETSTATGET) GetProcAddress(netapi,"NetStatisticsGet"); - netfree = (NETFREE) GetProcAddress(netapi,"NetApiBufferFree"); - } - - if (netstatget && netfree) - { - LPBYTE outbuf; - /* NetStatisticsGet() is a Unicode only function - * STAT_WORKSTATION_0 contains 45 fields and STAT_SERVER_0 - * contains 17 fields. We treat each field as a source of - * one byte of entropy. - */ - - if (netstatget(NULL, L"LanmanWorkstation", 0, 0, &outbuf) == 0) - { - RAND_add(outbuf, sizeof(STAT_WORKSTATION_0), 45); - netfree(outbuf); - } - if (netstatget(NULL, L"LanmanServer", 0, 0, &outbuf) == 0) - { - RAND_add(outbuf, sizeof(STAT_SERVER_0), 17); - netfree(outbuf); - } - } - - if (netapi) - FreeLibrary(netapi); -#endif /* 1 */ - - /* It appears like this can cause an exception deep within ADVAPI32.DLL - * at random times on Windows 2000. Reported by Jeffrey Altman. - * Only use it on NT. - */ - /* Wolfgang Marczy reports that - * the RegQueryValueEx call below can hang on NT4.0 (SP6). - * So we don't use this at all for now. */ -#if 0 - if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT && - osverinfo.dwMajorVersion < 5) - { - /* Read Performance Statistics from NT/2000 registry - * The size of the performance data can vary from call - * to call so we must guess the size of the buffer to use - * and increase its size if we get an ERROR_MORE_DATA - * return instead of ERROR_SUCCESS. - */ - LONG rc=ERROR_MORE_DATA; - char * buf=NULL; - DWORD bufsz=0; - DWORD length; - - while (rc == ERROR_MORE_DATA) - { - buf = realloc(buf,bufsz+8192); - if (!buf) - break; - bufsz += 8192; - - length = bufsz; - rc = RegQueryValueEx(HKEY_PERFORMANCE_DATA, "Global", - NULL, NULL, buf, &length); - } - if (rc == ERROR_SUCCESS) - { - /* For entropy count assume only least significant - * byte of each DWORD is random. - */ - RAND_add(&length, sizeof(length), 0); - RAND_add(buf, length, length / 4.0); - } - if (buf) - free(buf); - } -#endif - - if (advapi) - { - acquire = (CRYPTACQUIRECONTEXT) GetProcAddress(advapi, - "CryptAcquireContextA"); - gen = (CRYPTGENRANDOM) GetProcAddress(advapi, - "CryptGenRandom"); - release = (CRYPTRELEASECONTEXT) GetProcAddress(advapi, - "CryptReleaseContext"); - } - - if (acquire && gen && release) - { - /* poll the CryptoAPI PRNG */ - /* The CryptoAPI returns sizeof(buf) bytes of randomness */ - if (acquire(&hProvider, 0, 0, PROV_RSA_FULL, - CRYPT_VERIFYCONTEXT)) - { - if (gen(hProvider, sizeof(buf), buf) != 0) - { - RAND_add(buf, sizeof(buf), 0); -#if 0 - printf("randomness from PROV_RSA_FULL\n"); -#endif - } - release(hProvider, 0); - } - - /* poll the Pentium PRG with CryptoAPI */ - if (acquire(&hProvider, 0, INTEL_DEF_PROV, PROV_INTEL_SEC, 0)) - { - if (gen(hProvider, sizeof(buf), buf) != 0) - { - RAND_add(buf, sizeof(buf), sizeof(buf)); -#if 0 - printf("randomness from PROV_INTEL_SEC\n"); -#endif - } - release(hProvider, 0); - } - } - - if (advapi) - FreeLibrary(advapi); - - /* timer data */ - readtimer(); - - /* memory usage statistics */ - GlobalMemoryStatus(&m); - RAND_add(&m, sizeof(m), 1); - - /* process ID */ - w = GetCurrentProcessId(); - RAND_add(&w, sizeof(w), 1); - - if (user) - { - GETCURSORINFO cursor; - GETFOREGROUNDWINDOW win; - GETQUEUESTATUS queue; - - win = (GETFOREGROUNDWINDOW) GetProcAddress(user, "GetForegroundWindow"); - cursor = (GETCURSORINFO) GetProcAddress(user, "GetCursorInfo"); - queue = (GETQUEUESTATUS) GetProcAddress(user, "GetQueueStatus"); - - if (win) - { - /* window handle */ - h = win(); - RAND_add(&h, sizeof(h), 0); - } - if (cursor) - { - /* unfortunately, its not safe to call GetCursorInfo() - * on NT4 even though it exists in SP3 (or SP6) and - * higher. - */ - if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT && - osverinfo.dwMajorVersion < 5) - cursor = 0; - } - if (cursor) - { - /* cursor position */ - /* assume 2 bytes of entropy */ - CURSORINFO ci; - ci.cbSize = sizeof(CURSORINFO); - if (cursor(&ci)) - RAND_add(&ci, ci.cbSize, 2); - } - - if (queue) - { - /* message queue status */ - /* assume 1 byte of entropy */ - w = queue(QS_ALLEVENTS); - RAND_add(&w, sizeof(w), 1); - } - - FreeLibrary(user); - } - - /* Toolhelp32 snapshot: enumerate processes, threads, modules and heap - * http://msdn.microsoft.com/library/psdk/winbase/toolhelp_5pfd.htm - * (Win 9x and 2000 only, not available on NT) - * - * This seeding method was proposed in Peter Gutmann, Software - * Generation of Practically Strong Random Numbers, - * http://www.usenix.org/publications/library/proceedings/sec98/gutmann.html - * revised version at http://www.cryptoengines.com/~peter/06_random.pdf - * (The assignment of entropy estimates below is arbitrary, but based - * on Peter's analysis the full poll appears to be safe. Additional - * interactive seeding is encouraged.) - */ - - if (kernel) - { - CREATETOOLHELP32SNAPSHOT snap; - HANDLE handle; - - HEAP32FIRST heap_first; - HEAP32NEXT heap_next; - HEAP32LIST heaplist_first, heaplist_next; - PROCESS32 process_first, process_next; - THREAD32 thread_first, thread_next; - MODULE32 module_first, module_next; - - HEAPLIST32 hlist; - HEAPENTRY32 hentry; - PROCESSENTRY32 p; - THREADENTRY32 t; - MODULEENTRY32 m; - - snap = (CREATETOOLHELP32SNAPSHOT) - GetProcAddress(kernel, "CreateToolhelp32Snapshot"); - heap_first = (HEAP32FIRST) GetProcAddress(kernel, "Heap32First"); - heap_next = (HEAP32NEXT) GetProcAddress(kernel, "Heap32Next"); - heaplist_first = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListFirst"); - heaplist_next = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListNext"); - process_first = (PROCESS32) GetProcAddress(kernel, "Process32First"); - process_next = (PROCESS32) GetProcAddress(kernel, "Process32Next"); - thread_first = (THREAD32) GetProcAddress(kernel, "Thread32First"); - thread_next = (THREAD32) GetProcAddress(kernel, "Thread32Next"); - module_first = (MODULE32) GetProcAddress(kernel, "Module32First"); - module_next = (MODULE32) GetProcAddress(kernel, "Module32Next"); - - if (snap && heap_first && heap_next && heaplist_first && - heaplist_next && process_first && process_next && - thread_first && thread_next && module_first && - module_next && (handle = snap(TH32CS_SNAPALL,0)) - != NULL) - { - /* heap list and heap walking */ - /* HEAPLIST32 contains 3 fields that will change with - * each entry. Consider each field a source of 1 byte - * of entropy. - * HEAPENTRY32 contains 5 fields that will change with - * each entry. Consider each field a source of 1 byte - * of entropy. - */ - hlist.dwSize = sizeof(HEAPLIST32); - if (heaplist_first(handle, &hlist)) - do - { - RAND_add(&hlist, hlist.dwSize, 3); - hentry.dwSize = sizeof(HEAPENTRY32); - if (heap_first(&hentry, - hlist.th32ProcessID, - hlist.th32HeapID)) - { - int entrycnt = 80; - do - RAND_add(&hentry, - hentry.dwSize, 5); - while (heap_next(&hentry) - && --entrycnt > 0); - } - } while (heaplist_next(handle, - &hlist)); - - /* process walking */ - /* PROCESSENTRY32 contains 9 fields that will change - * with each entry. Consider each field a source of - * 1 byte of entropy. - */ - p.dwSize = sizeof(PROCESSENTRY32); - if (process_first(handle, &p)) - do - RAND_add(&p, p.dwSize, 9); - while (process_next(handle, &p)); - - /* thread walking */ - /* THREADENTRY32 contains 6 fields that will change - * with each entry. Consider each field a source of - * 1 byte of entropy. - */ - t.dwSize = sizeof(THREADENTRY32); - if (thread_first(handle, &t)) - do - RAND_add(&t, t.dwSize, 6); - while (thread_next(handle, &t)); - - /* module walking */ - /* MODULEENTRY32 contains 9 fields that will change - * with each entry. Consider each field a source of - * 1 byte of entropy. - */ - m.dwSize = sizeof(MODULEENTRY32); - if (module_first(handle, &m)) - do - RAND_add(&m, m.dwSize, 9); - while (module_next(handle, &m)); - - CloseHandle(handle); - } - - FreeLibrary(kernel); - } - -#if 0 - printf("Exiting RAND_poll\n"); -#endif - - return(1); -} - -int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam) - { - double add_entropy=0; - - switch (iMsg) - { - case WM_KEYDOWN: - { - static WPARAM key; - if (key != wParam) - add_entropy = 0.05; - key = wParam; - } - break; - case WM_MOUSEMOVE: - { - static int lastx,lasty,lastdx,lastdy; - int x,y,dx,dy; - - x=LOWORD(lParam); - y=HIWORD(lParam); - dx=lastx-x; - dy=lasty-y; - if (dx != 0 && dy != 0 && dx-lastdx != 0 && dy-lastdy != 0) - add_entropy=.2; - lastx=x, lasty=y; - lastdx=dx, lastdy=dy; - } - break; - } - - readtimer(); - RAND_add(&iMsg, sizeof(iMsg), add_entropy); - RAND_add(&wParam, sizeof(wParam), 0); - RAND_add(&lParam, sizeof(lParam), 0); - - return (RAND_status()); - } - - -void RAND_screen(void) /* function available for backward compatibility */ -{ - RAND_poll(); - readscreen(); -} - - -/* feed timing information to the PRNG */ -static void readtimer(void) -{ - DWORD w; - LARGE_INTEGER l; - static int have_perfc = 1; -#ifdef _MSC_VER - static int have_tsc = 1; - DWORD cyclecount; - - if (have_tsc) { - __try { - __asm { - _emit 0x0f - _emit 0x31 - mov cyclecount, eax - } - RAND_add(&cyclecount, sizeof(cyclecount), 1); - } __except(EXCEPTION_EXECUTE_HANDLER) { - have_tsc = 0; - } - } -#else -# define have_tsc 0 -#endif - - if (have_perfc) { - if (QueryPerformanceCounter(&l) == 0) - have_perfc = 0; - else - RAND_add(&l, sizeof(l), 0); - } - - if (!have_tsc && !have_perfc) { - w = GetTickCount(); - RAND_add(&w, sizeof(w), 0); - } -} - -/* feed screen contents to PRNG */ -/***************************************************************************** - * - * Created 960901 by Gertjan van Oosten, gertjan@West.NL, West Consulting B.V. - * - * Code adapted from - * ; - * the original copyright message is: - * - * (C) Copyright Microsoft Corp. 1993. All rights reserved. - * - * You have a royalty-free right to use, modify, reproduce and - * distribute the Sample Files (and/or any modified version) in - * any way you find useful, provided that you agree that - * Microsoft has no warranty obligations or liability for any - * Sample Application Files which are modified. - */ - -static void readscreen(void) -{ - HDC hScrDC; /* screen DC */ - HDC hMemDC; /* memory DC */ - HBITMAP hBitmap; /* handle for our bitmap */ - HBITMAP hOldBitmap; /* handle for previous bitmap */ - BITMAP bm; /* bitmap properties */ - unsigned int size; /* size of bitmap */ - char *bmbits; /* contents of bitmap */ - int w; /* screen width */ - int h; /* screen height */ - int y; /* y-coordinate of screen lines to grab */ - int n = 16; /* number of screen lines to grab at a time */ - - /* Create a screen DC and a memory DC compatible to screen DC */ - hScrDC = CreateDC("DISPLAY", NULL, NULL, NULL); - hMemDC = CreateCompatibleDC(hScrDC); - - /* Get screen resolution */ - w = GetDeviceCaps(hScrDC, HORZRES); - h = GetDeviceCaps(hScrDC, VERTRES); - - /* Create a bitmap compatible with the screen DC */ - hBitmap = CreateCompatibleBitmap(hScrDC, w, n); - - /* Select new bitmap into memory DC */ - hOldBitmap = SelectObject(hMemDC, hBitmap); - - /* Get bitmap properties */ - GetObject(hBitmap, sizeof(BITMAP), (LPSTR)&bm); - size = (unsigned int)bm.bmWidthBytes * bm.bmHeight * bm.bmPlanes; - - bmbits = OPENSSL_malloc(size); - if (bmbits) { - /* Now go through the whole screen, repeatedly grabbing n lines */ - for (y = 0; y < h-n; y += n) - { - unsigned char md[MD_DIGEST_LENGTH]; - - /* Bitblt screen DC to memory DC */ - BitBlt(hMemDC, 0, 0, w, n, hScrDC, 0, y, SRCCOPY); - - /* Copy bitmap bits from memory DC to bmbits */ - GetBitmapBits(hBitmap, size, bmbits); - - /* Get the hash of the bitmap */ - MD(bmbits,size,md); - - /* Seed the random generator with the hash value */ - RAND_add(md, MD_DIGEST_LENGTH, 0); - } - - OPENSSL_free(bmbits); - } - - /* Select old bitmap back into memory DC */ - hBitmap = SelectObject(hMemDC, hOldBitmap); - - /* Clean up */ - DeleteObject(hBitmap); - DeleteDC(hMemDC); - DeleteDC(hScrDC); -} - -#endif diff --git a/src/lib/libcrypto/rand/randfile.c b/src/lib/libcrypto/rand/randfile.c index 4b221e08f5b..72c065c48da 100644 --- a/src/lib/libcrypto/rand/randfile.c +++ b/src/lib/libcrypto/rand/randfile.c @@ -1,25 +1,25 @@ -/* crypto/rand/randfile.c */ +/* $OpenBSD: randfile.c,v 1.42 2015/09/10 15:56:25 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -59,217 +59,85 @@ #include #include #include +#include #include -#include "e_os.h" #include #include +#include -#ifdef OPENSSL_SYS_VMS -#include -#endif -#ifndef NO_SYS_TYPES_H -# include -#endif -#ifdef MAC_OS_pre_X -# include -#else -# include -#endif +#include +#include +#include #undef BUFSIZE #define BUFSIZE 1024 #define RAND_DATA 1024 -/* #define RFILE ".rnd" - defined in ../../e_os.h */ - -/* Note that these functions are intended for seed files only. - * Entropy devices and EGD sockets are handled in rand_unix.c */ - -int RAND_load_file(const char *file, long bytes) - { - /* If bytes >= 0, read up to 'bytes' bytes. - * if bytes == -1, read complete file. */ - - MS_STATIC unsigned char buf[BUFSIZE]; - struct stat sb; - int i,ret=0,n; - FILE *in; +/* Note that these functions should not be used. */ - if (file == NULL) return(0); - - i=stat(file,&sb); - if (i < 0) { - /* If the state fails, put some crap in anyway */ - RAND_add(&sb,sizeof(sb),0); - return(0); - } - if (bytes == 0) return(ret); - in=fopen(file,"rb"); - if (in == NULL) goto err; - if (sb.st_mode & (S_IFBLK | S_IFCHR)) { - /* this file is a device. we don't want read an infinite number - * of bytes from a random device, nor do we want to use buffered - * I/O because we will waste system entropy. - */ - bytes = (bytes == -1) ? 2048 : bytes; /* ok, is 2048 enough? */ - setvbuf(in, NULL, _IONBF, 0); /* don't do buffered reads */ - } - for (;;) - { - if (bytes > 0) - n = (bytes < BUFSIZE)?(int)bytes:BUFSIZE; - else - n = BUFSIZE; - i=fread(buf,1,n,in); - if (i <= 0) break; - /* even if n != i, use the full array */ - RAND_add(buf,n,i); - ret+=i; - if (bytes > 0) - { - bytes-=n; - if (bytes <= 0) break; - } - } - fclose(in); - memset(buf,0,BUFSIZE); -err: - return(ret); - } +int +RAND_load_file(const char *file, long bytes) +{ + /* the "whole" file */ + if (bytes == -1) + return 123456; + else + return bytes; +} -int RAND_write_file(const char *file) - { +int +RAND_write_file(const char *file) +{ unsigned char buf[BUFSIZE]; - int i,ret=0,rand_err=0; + int i, ret = 0; FILE *out = NULL; - int n; + int n, fd; struct stat sb; - i=stat(file,&sb); - if (i != -1) { - if (sb.st_mode & (S_IFBLK | S_IFCHR)) { - /* this file is a device. we don't write back to it. - * we "succeed" on the assumption this is some sort - * of random device. Otherwise attempting to write to - * and chmod the device causes problems. - */ - return(1); - } + /* + * If this file is a device, avoid opening it. + * XXX TOCTOU + */ + if (stat(file, &sb) != -1 && + (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode))) { + return (1); } -#if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32) - /* For some reason Win32 can't write to files created this way */ - - /* chmod(..., 0600) is too late to protect the file, - * permissions should be restrictive from the start */ - int fd = open(file, O_CREAT, 0600); - if (fd != -1) - out = fdopen(fd, "wb"); -#endif - if (out == NULL) - out = fopen(file,"wb"); - if (out == NULL) goto err; + fd = open(file, O_WRONLY|O_CREAT, 0600); + if (fd == -1) + return (1); + out = fdopen(fd, "wb"); -#ifndef NO_CHMOD - chmod(file,0600); -#endif - n=RAND_DATA; - for (;;) - { - i=(n > BUFSIZE)?BUFSIZE:n; - n-=BUFSIZE; - if (RAND_bytes(buf,i) <= 0) - rand_err=1; - i=fwrite(buf,1,i,out); - if (i <= 0) - { - ret=0; - break; - } - ret+=i; - if (n <= 0) break; - } -#ifdef OPENSSL_SYS_VMS - /* Try to delete older versions of the file, until there aren't - any */ - { - char *tmpf; - - tmpf = OPENSSL_malloc(strlen(file) + 4); /* to add ";-1" and a nul */ - if (tmpf) - { - strcpy(tmpf, file); - strcat(tmpf, ";-1"); - while(delete(tmpf) == 0) - ; - rename(file,";1"); /* Make sure it's version 1, or we - will reach the limit (32767) at - some point... */ - } - } -#endif /* OPENSSL_SYS_VMS */ - - fclose(out); - memset(buf,0,BUFSIZE); -err: - return (rand_err ? -1 : ret); + if (out == NULL) { + close(fd); + return (1); } -const char *RAND_file_name(char *buf, size_t size) - { - char *s = NULL; - int ok = 0; - struct stat sb; - - if (issetugid() == 0) - s = getenv("RANDFILE"); - if (s != NULL && *s && strlen(s) + 1 < size) - { - strlcpy(buf,s,size); - ok = 1; - } - else - { - if (issetugid() == 0) - s=getenv("HOME"); -#ifdef DEFAULT_HOME - if (s == NULL) - { - s = DEFAULT_HOME; - } -#endif - if (s && *s && strlen(s)+strlen(RFILE)+2 < size) - { - strlcpy(buf,s,size); -#ifndef OPENSSL_SYS_VMS - strcat(buf,"/"); -#endif - strlcat(buf,RFILE,size); - ok = 1; - } - else - buf[0] = '\0'; /* no file name */ + n = RAND_DATA; + for (;;) { + i = (n > BUFSIZE) ? BUFSIZE : n; + n -= BUFSIZE; + arc4random_buf(buf, i); + i = fwrite(buf, 1, i, out); + if (i <= 0) { + ret = 0; + break; } - -#ifdef __OpenBSD__ - /* given that all random loads just fail if the file can't be - * seen on a stat, we stat the file we're returning, if it - * fails, use /dev/arandom instead. this allows the user to - * use their own source for good random data, but defaults - * to something hopefully decent if that isn't available. - */ - - if (!ok) - if (strlcpy(buf,"/dev/arandom",size) >= size) { - return(NULL); - } - if (stat(buf,&sb) == -1) - if (strlcpy(buf,"/dev/arandom",size) >= size) { - return(NULL); - } - -#endif - return(buf); + ret += i; + if (n <= 0) + break; } + fclose(out); + explicit_bzero(buf, BUFSIZE); + return ret; +} + +const char * +RAND_file_name(char * buf, size_t size) +{ + if (strlcpy(buf, "/dev/urandom", size) >= size) + return (NULL); + return buf; +} diff --git a/src/lib/libcrypto/rand/randtest.c b/src/lib/libcrypto/rand/randtest.c deleted file mode 100644 index b64de616dbc..00000000000 --- a/src/lib/libcrypto/rand/randtest.c +++ /dev/null @@ -1,214 +0,0 @@ -/* crypto/rand/randtest.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include - -/* some FIPS 140-1 random number test */ -/* some simple tests */ - -int main() - { - unsigned char buf[2500]; - int i,j,k,s,sign,nsign,err=0; - unsigned long n1; - unsigned long n2[16]; - unsigned long runs[2][34]; - /*double d; */ - long d; - - i = RAND_pseudo_bytes(buf,2500); - if (i < 0) - { - printf ("init failed, the rand method is not properly installed\n"); - err++; - goto err; - } - - n1=0; - for (i=0; i<16; i++) n2[i]=0; - for (i=0; i<34; i++) runs[0][i]=runs[1][i]=0; - - /* test 1 and 2 */ - sign=0; - nsign=0; - for (i=0; i<2500; i++) - { - j=buf[i]; - - n2[j&0x0f]++; - n2[(j>>4)&0x0f]++; - - for (k=0; k<8; k++) - { - s=(j&0x01); - if (s == sign) - nsign++; - else - { - if (nsign > 34) nsign=34; - if (nsign != 0) - { - runs[sign][nsign-1]++; - if (nsign > 6) - runs[sign][5]++; - } - sign=s; - nsign=1; - } - - if (s) n1++; - j>>=1; - } - } - if (nsign > 34) nsign=34; - if (nsign != 0) runs[sign][nsign-1]++; - - /* test 1 */ - if (!((9654 < n1) && (n1 < 10346))) - { - printf("test 1 failed, X=%lu\n",n1); - err++; - } - printf("test 1 done\n"); - - /* test 2 */ -#ifdef undef - d=0; - for (i=0; i<16; i++) - d+=n2[i]*n2[i]; - d=d*16.0/5000.0-5000.0; - if (!((1.03 < d) && (d < 57.4))) - { - printf("test 2 failed, X=%.2f\n",d); - err++; - } -#endif - d=0; - for (i=0; i<16; i++) - d+=n2[i]*n2[i]; - d=(d*8)/25-500000; - if (!((103 < d) && (d < 5740))) - { - printf("test 2 failed, X=%ld.%02ld\n",d/100L,d%100L); - err++; - } - printf("test 2 done\n"); - - /* test 3 */ - for (i=0; i<2; i++) - { - if (!((2267 < runs[i][0]) && (runs[i][0] < 2733))) - { - printf("test 3 failed, bit=%d run=%d num=%lu\n", - i,1,runs[i][0]); - err++; - } - if (!((1079 < runs[i][1]) && (runs[i][1] < 1421))) - { - printf("test 3 failed, bit=%d run=%d num=%lu\n", - i,2,runs[i][1]); - err++; - } - if (!(( 502 < runs[i][2]) && (runs[i][2] < 748))) - { - printf("test 3 failed, bit=%d run=%d num=%lu\n", - i,3,runs[i][2]); - err++; - } - if (!(( 223 < runs[i][3]) && (runs[i][3] < 402))) - { - printf("test 3 failed, bit=%d run=%d num=%lu\n", - i,4,runs[i][3]); - err++; - } - if (!(( 90 < runs[i][4]) && (runs[i][4] < 223))) - { - printf("test 3 failed, bit=%d run=%d num=%lu\n", - i,5,runs[i][4]); - err++; - } - if (!(( 90 < runs[i][5]) && (runs[i][5] < 223))) - { - printf("test 3 failed, bit=%d run=%d num=%lu\n", - i,6,runs[i][5]); - err++; - } - } - printf("test 3 done\n"); - - /* test 4 */ - if (runs[0][33] != 0) - { - printf("test 4 failed, bit=%d run=%d num=%lu\n", - 0,34,runs[0][33]); - err++; - } - if (runs[1][33] != 0) - { - printf("test 4 failed, bit=%d run=%d num=%lu\n", - 1,34,runs[1][33]); - err++; - } - printf("test 4 done\n"); - err: - err=((err)?1:0); - exit(err); - return(err); - } diff --git a/src/lib/libcrypto/rc2/Makefile.ssl b/src/lib/libcrypto/rc2/Makefile.ssl deleted file mode 100644 index 6aa921c863e..00000000000 --- a/src/lib/libcrypto/rc2/Makefile.ssl +++ /dev/null @@ -1,91 +0,0 @@ -# -# SSLeay/crypto/rc2/Makefile -# - -DIR= rc2 -TOP= ../.. -CC= cc -INCLUDES= -CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKE= make -f Makefile.ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) -MAKEFILE= Makefile.ssl -AR= ar r - -CFLAGS= $(INCLUDES) $(CFLAG) - -GENERAL=Makefile -TEST=rc2test.c -APPS= - -LIB=$(TOP)/libcrypto.a -LIBSRC=rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c rc2ofb64.c -LIBOBJ=rc2_ecb.o rc2_skey.o rc2_cbc.o rc2cfb64.o rc2ofb64.o - -SRC= $(LIBSRC) - -EXHEADER= rc2.h -HEADER= rc2_locl.h $(EXHEADER) - -ALL= $(GENERAL) $(SRC) $(HEADER) - -top: - (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) - -all: lib - -lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) || echo Never mind. - @touch lib - -files: - $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO - -links: - @sh $(TOP)/util/point.sh Makefile.ssl Makefile - @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) - @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) - @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) - -install: - @for i in $(EXHEADER) ; \ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; - -tags: - ctags $(SRC) - -tests: - -lint: - lint -DLINT $(INCLUDES) $(SRC)>fluff - -depend: - $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) - -dclean: - $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new - mv -f Makefile.new $(MAKEFILE) - -clean: - rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff - -# DO NOT DELETE THIS LINE -- make depend depends on it. - -rc2_cbc.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h -rc2_cbc.o: rc2_cbc.c rc2_locl.h -rc2_ecb.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -rc2_ecb.o: ../../include/openssl/rc2.h rc2_ecb.c rc2_locl.h -rc2_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h -rc2_skey.o: rc2_locl.h rc2_skey.c -rc2cfb64.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h -rc2cfb64.o: rc2_locl.h rc2cfb64.c -rc2ofb64.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h -rc2ofb64.o: rc2_locl.h rc2ofb64.c diff --git a/src/lib/libcrypto/rc2/rc2.h b/src/lib/libcrypto/rc2/rc2.h index 7816b454dcd..21511ff36ea 100644 --- a/src/lib/libcrypto/rc2/rc2.h +++ b/src/lib/libcrypto/rc2/rc2.h @@ -1,4 +1,4 @@ -/* crypto/rc2/rc2.h */ +/* $OpenBSD: rc2.h,v 1.11 2014/07/10 22:45:57 jsing Exp $ */ /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -59,6 +59,8 @@ #ifndef HEADER_RC2_H #define HEADER_RC2_H +#include /* OPENSSL_NO_RC2, RC2_INT */ + #ifdef OPENSSL_NO_RC2 #error RC2 is disabled. #endif @@ -66,7 +68,6 @@ #define RC2_ENCRYPT 1 #define RC2_DECRYPT 0 -#include /* RC2_INT */ #define RC2_BLOCK 8 #define RC2_KEY_LENGTH 16 @@ -79,7 +80,6 @@ typedef struct rc2_key_st RC2_INT data[64]; } RC2_KEY; - void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits); void RC2_ecb_encrypt(const unsigned char *in,unsigned char *out,RC2_KEY *key, int enc); diff --git a/src/lib/libcrypto/rc2/rc2_cbc.c b/src/lib/libcrypto/rc2/rc2_cbc.c index 74f48d3d87b..a947f1d3c3a 100644 --- a/src/lib/libcrypto/rc2/rc2_cbc.c +++ b/src/lib/libcrypto/rc2/rc2_cbc.c @@ -1,4 +1,4 @@ -/* crypto/rc2/rc2_cbc.c */ +/* $OpenBSD: rc2_cbc.c,v 1.5 2014/10/28 07:35:59 jsg Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -62,9 +62,9 @@ void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, RC2_KEY *ks, unsigned char *iv, int encrypt) { - register unsigned long tin0,tin1; - register unsigned long tout0,tout1,xor0,xor1; - register long l=length; + unsigned long tin0,tin1; + unsigned long tout0,tout1,xor0,xor1; + long l=length; unsigned long tin[2]; if (encrypt) @@ -136,8 +136,8 @@ void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, void RC2_encrypt(unsigned long *d, RC2_KEY *key) { int i,n; - register RC2_INT *p0,*p1; - register RC2_INT x0,x1,x2,x3,t; + RC2_INT *p0,*p1; + RC2_INT x0,x1,x2,x3,t; unsigned long l; l=d[0]; @@ -181,8 +181,8 @@ void RC2_encrypt(unsigned long *d, RC2_KEY *key) void RC2_decrypt(unsigned long *d, RC2_KEY *key) { int i,n; - register RC2_INT *p0,*p1; - register RC2_INT x0,x1,x2,x3,t; + RC2_INT *p0,*p1; + RC2_INT x0,x1,x2,x3,t; unsigned long l; l=d[0]; diff --git a/src/lib/libcrypto/rc2/rc2_ecb.c b/src/lib/libcrypto/rc2/rc2_ecb.c index d3e8c2718a3..76873752788 100644 --- a/src/lib/libcrypto/rc2/rc2_ecb.c +++ b/src/lib/libcrypto/rc2/rc2_ecb.c @@ -1,4 +1,4 @@ -/* crypto/rc2/rc2_ecb.c */ +/* $OpenBSD: rc2_ecb.c,v 1.6 2014/07/09 11:10:51 bcook Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -60,8 +60,6 @@ #include "rc2_locl.h" #include -const char *RC2_version="RC2" OPENSSL_VERSION_PTEXT; - /* RC2 as implemented frm a posting from * Newsgroups: sci.crypt * Sender: pgut01@cs.auckland.ac.nz (Peter Gutmann) diff --git a/src/lib/libcrypto/rc2/rc2_locl.h b/src/lib/libcrypto/rc2/rc2_locl.h index 565cd176197..73d8c68ca76 100644 --- a/src/lib/libcrypto/rc2/rc2_locl.h +++ b/src/lib/libcrypto/rc2/rc2_locl.h @@ -1,4 +1,4 @@ -/* crypto/rc2/rc2_locl.h */ +/* $OpenBSD: rc2_locl.h,v 1.2 2014/06/12 15:49:30 deraadt Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * diff --git a/src/lib/libcrypto/rc2/rc2_skey.c b/src/lib/libcrypto/rc2/rc2_skey.c index cab3080c73d..964db098932 100644 --- a/src/lib/libcrypto/rc2/rc2_skey.c +++ b/src/lib/libcrypto/rc2/rc2_skey.c @@ -1,4 +1,4 @@ -/* crypto/rc2/rc2_skey.c */ +/* $OpenBSD: rc2_skey.c,v 1.12 2014/06/12 15:49:30 deraadt Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -56,10 +56,11 @@ * [including the GNU Public Licence.] */ +#include #include #include "rc2_locl.h" -static unsigned char key_table[256]={ +static const unsigned char key_table[256]={ 0xd9,0x78,0xf9,0xc4,0x19,0xdd,0xb5,0xed,0x28,0xe9,0xfd,0x79, 0x4a,0xa0,0xd8,0x9d,0xc6,0x7e,0x37,0x83,0x2b,0x76,0x53,0x8e, 0x62,0x4c,0x64,0x88,0x44,0x8b,0xfb,0xa2,0x17,0x9a,0x59,0xf5, @@ -135,4 +136,3 @@ void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits) for (i=127; i>=0; i-=2) *(ki--)=((k[i]<<8)|k[i-1])&0xffff; } - diff --git a/src/lib/libcrypto/rc2/rc2cfb64.c b/src/lib/libcrypto/rc2/rc2cfb64.c index b3a0158a6e6..95366444c4e 100644 --- a/src/lib/libcrypto/rc2/rc2cfb64.c +++ b/src/lib/libcrypto/rc2/rc2cfb64.c @@ -1,4 +1,4 @@ -/* crypto/rc2/rc2cfb64.c */ +/* $OpenBSD: rc2cfb64.c,v 1.5 2014/10/28 07:35:59 jsg Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -68,9 +68,9 @@ void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out, long length, RC2_KEY *schedule, unsigned char *ivec, int *num, int encrypt) { - register unsigned long v0,v1,t; - register int n= *num; - register long l=length; + unsigned long v0,v1,t; + int n= *num; + long l=length; unsigned long ti[2]; unsigned char *iv,c,cc; diff --git a/src/lib/libcrypto/rc2/rc2ofb64.c b/src/lib/libcrypto/rc2/rc2ofb64.c index 9e297867ed5..c47b4137394 100644 --- a/src/lib/libcrypto/rc2/rc2ofb64.c +++ b/src/lib/libcrypto/rc2/rc2ofb64.c @@ -1,4 +1,4 @@ -/* crypto/rc2/rc2ofb64.c */ +/* $OpenBSD: rc2ofb64.c,v 1.5 2014/10/28 07:35:59 jsg Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -67,11 +67,11 @@ void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out, long length, RC2_KEY *schedule, unsigned char *ivec, int *num) { - register unsigned long v0,v1,t; - register int n= *num; - register long l=length; + unsigned long v0,v1,t; + int n= *num; + long l=length; unsigned char d[8]; - register char *dp; + char *dp; unsigned long ti[2]; unsigned char *iv; int save=0; diff --git a/src/lib/libcrypto/rc2/rc2speed.c b/src/lib/libcrypto/rc2/rc2speed.c deleted file mode 100644 index 47d34b444e5..00000000000 --- a/src/lib/libcrypto/rc2/rc2speed.c +++ /dev/null @@ -1,274 +0,0 @@ -/* crypto/rc2/rc2speed.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -/* 11-Sep-92 Andrew Daviel Support for Silicon Graphics IRIX added */ -/* 06-Apr-92 Luke Brennan Support for VMS and add extra signal calls */ - -#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX) -#define TIMES -#endif - -#include - -#include -#include OPENSSL_UNISTD_IO -OPENSSL_DECLARE_EXIT - -#include -#ifndef _IRIX -#include -#endif -#ifdef TIMES -#include -#include -#endif - -/* Depending on the VMS version, the tms structure is perhaps defined. - The __TMS macro will show if it was. If it wasn't defined, we should - undefine TIMES, since that tells the rest of the program how things - should be handled. -- Richard Levitte */ -#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS) -#undef TIMES -#endif - -#ifndef TIMES -#include -#endif - -#if defined(sun) || defined(__ultrix) -#define _POSIX_SOURCE -#include -#include -#endif - -#include - -/* The following if from times(3) man page. It may need to be changed */ -#ifndef HZ -#ifndef CLK_TCK -#define HZ 100.0 -#endif -#else /* CLK_TCK */ -#define HZ ((double)CLK_TCK) -#endif - -#define BUFSIZE ((long)1024) -long run=0; - -double Time_F(int s); -#ifdef SIGALRM -#if defined(__STDC__) || defined(sgi) || defined(_AIX) -#define SIGRETTYPE void -#else -#define SIGRETTYPE int -#endif - -SIGRETTYPE sig_done(int sig); -SIGRETTYPE sig_done(int sig) - { - signal(SIGALRM,sig_done); - run=0; -#ifdef LINT - sig=sig; -#endif - } -#endif - -#define START 0 -#define STOP 1 - -double Time_F(int s) - { - double ret; -#ifdef TIMES - static struct tms tstart,tend; - - if (s == START) - { - times(&tstart); - return(0); - } - else - { - times(&tend); - ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ; - return((ret == 0.0)?1e-6:ret); - } -#else /* !times() */ - static struct timeb tstart,tend; - long i; - - if (s == START) - { - ftime(&tstart); - return(0); - } - else - { - ftime(&tend); - i=(long)tend.millitm-(long)tstart.millitm; - ret=((double)(tend.time-tstart.time))+((double)i)/1e3; - return((ret == 0.0)?1e-6:ret); - } -#endif - } - -int main(int argc, char **argv) - { - long count; - static unsigned char buf[BUFSIZE]; - static unsigned char key[] ={ - 0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0, - 0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10, - }; - RC2_KEY sch; - double a,b,c,d; -#ifndef SIGALRM - long ca,cb,cc; -#endif - -#ifndef TIMES - printf("To get the most accurate results, try to run this\n"); - printf("program when this computer is idle.\n"); -#endif - -#ifndef SIGALRM - printf("First we calculate the approximate speed ...\n"); - RC2_set_key(&sch,16,key,128); - count=10; - do { - long i; - unsigned long data[2]; - - count*=2; - Time_F(START); - for (i=count; i; i--) - RC2_encrypt(data,&sch); - d=Time_F(STOP); - } while (d < 3.0); - ca=count/512; - cb=count; - cc=count*8/BUFSIZE+1; - printf("Doing RC2_set_key %ld times\n",ca); -#define COND(d) (count != (d)) -#define COUNT(d) (d) -#else -#define COND(c) (run) -#define COUNT(d) (count) - signal(SIGALRM,sig_done); - printf("Doing RC2_set_key for 10 seconds\n"); - alarm(10); -#endif - - Time_F(START); - for (count=0,run=1; COND(ca); count+=4) - { - RC2_set_key(&sch,16,key,128); - RC2_set_key(&sch,16,key,128); - RC2_set_key(&sch,16,key,128); - RC2_set_key(&sch,16,key,128); - } - d=Time_F(STOP); - printf("%ld RC2_set_key's in %.2f seconds\n",count,d); - a=((double)COUNT(ca))/d; - -#ifdef SIGALRM - printf("Doing RC2_encrypt's for 10 seconds\n"); - alarm(10); -#else - printf("Doing RC2_encrypt %ld times\n",cb); -#endif - Time_F(START); - for (count=0,run=1; COND(cb); count+=4) - { - unsigned long data[2]; - - RC2_encrypt(data,&sch); - RC2_encrypt(data,&sch); - RC2_encrypt(data,&sch); - RC2_encrypt(data,&sch); - } - d=Time_F(STOP); - printf("%ld RC2_encrypt's in %.2f second\n",count,d); - b=((double)COUNT(cb)*8)/d; - -#ifdef SIGALRM - printf("Doing RC2_cbc_encrypt on %ld byte blocks for 10 seconds\n", - BUFSIZE); - alarm(10); -#else - printf("Doing RC2_cbc_encrypt %ld times on %ld byte blocks\n",cc, - BUFSIZE); -#endif - Time_F(START); - for (count=0,run=1; COND(cc); count++) - RC2_cbc_encrypt(buf,buf,BUFSIZE,&sch, - &(key[0]),RC2_ENCRYPT); - d=Time_F(STOP); - printf("%ld RC2_cbc_encrypt's of %ld byte blocks in %.2f second\n", - count,BUFSIZE,d); - c=((double)COUNT(cc)*BUFSIZE)/d; - - printf("RC2 set_key per sec = %12.2f (%9.3fuS)\n",a,1.0e6/a); - printf("RC2 raw ecb bytes per sec = %12.2f (%9.3fuS)\n",b,8.0e6/b); - printf("RC2 cbc bytes per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c); - exit(0); -#if defined(LINT) || defined(OPENSSL_SYS_MSDOS) - return(0); -#endif - } diff --git a/src/lib/libcrypto/rc2/rc2test.c b/src/lib/libcrypto/rc2/rc2test.c deleted file mode 100644 index d9a2a0a1cbd..00000000000 --- a/src/lib/libcrypto/rc2/rc2test.c +++ /dev/null @@ -1,269 +0,0 @@ -/* crypto/rc2/rc2test.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -/* This has been a quickly hacked 'ideatest.c'. When I add tests for other - * RC2 modes, more of the code will be uncommented. */ - -#include -#include -#include - -#ifdef OPENSSL_NO_RC2 -int main(int argc, char *argv[]) -{ - printf("No RC2 support\n"); - return(0); -} -#else -#include - -static unsigned char RC2key[4][16]={ - {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, - {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01}, - {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, - {0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, - 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F}, - }; - -static unsigned char RC2plain[4][8]={ - {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, - {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, - {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}, - {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, - }; - -static unsigned char RC2cipher[4][8]={ - {0x1C,0x19,0x8A,0x83,0x8D,0xF0,0x28,0xB7}, - {0x21,0x82,0x9C,0x78,0xA9,0xF9,0xC0,0x74}, - {0x13,0xDB,0x35,0x17,0xD3,0x21,0x86,0x9E}, - {0x50,0xDC,0x01,0x62,0xBD,0x75,0x7F,0x31}, - }; -/************/ -#ifdef undef -unsigned char k[16]={ - 0x00,0x01,0x00,0x02,0x00,0x03,0x00,0x04, - 0x00,0x05,0x00,0x06,0x00,0x07,0x00,0x08}; - -unsigned char in[8]={0x00,0x00,0x00,0x01,0x00,0x02,0x00,0x03}; -unsigned char c[8]={0x11,0xFB,0xED,0x2B,0x01,0x98,0x6D,0xE5}; -unsigned char out[80]; - -char *text="Hello to all people out there"; - -static unsigned char cfb_key[16]={ - 0xe1,0xf0,0xc3,0xd2,0xa5,0xb4,0x87,0x96, - 0x69,0x78,0x4b,0x5a,0x2d,0x3c,0x0f,0x1e, - }; -static unsigned char cfb_iv[80]={0x34,0x12,0x78,0x56,0xab,0x90,0xef,0xcd}; -static unsigned char cfb_buf1[40],cfb_buf2[40],cfb_tmp[8]; -#define CFB_TEST_SIZE 24 -static unsigned char plain[CFB_TEST_SIZE]= - { - 0x4e,0x6f,0x77,0x20,0x69,0x73, - 0x20,0x74,0x68,0x65,0x20,0x74, - 0x69,0x6d,0x65,0x20,0x66,0x6f, - 0x72,0x20,0x61,0x6c,0x6c,0x20 - }; -static unsigned char cfb_cipher64[CFB_TEST_SIZE]={ - 0x59,0xD8,0xE2,0x65,0x00,0x58,0x6C,0x3F, - 0x2C,0x17,0x25,0xD0,0x1A,0x38,0xB7,0x2A, - 0x39,0x61,0x37,0xDC,0x79,0xFB,0x9F,0x45 - -/* 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38, - 0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9, - 0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/ - }; - - -/*static int cfb64_test(unsigned char *cfb_cipher);*/ -static char *pt(unsigned char *p); -#endif - -int main(int argc, char *argv[]) - { - int i,n,err=0; - RC2_KEY key; - unsigned char buf[8],buf2[8]; - - for (n=0; n<4; n++) - { - RC2_set_key(&key,16,&(RC2key[n][0]),0 /* or 1024 */); - - RC2_ecb_encrypt(&(RC2plain[n][0]),buf,&key,RC2_ENCRYPT); - if (memcmp(&(RC2cipher[n][0]),buf,8) != 0) - { - printf("ecb rc2 error encrypting\n"); - printf("got :"); - for (i=0; i<8; i++) - printf("%02X ",buf[i]); - printf("\n"); - printf("expected:"); - for (i=0; i<8; i++) - printf("%02X ",RC2cipher[n][i]); - err=20; - printf("\n"); - } - - RC2_ecb_encrypt(buf,buf2,&key,RC2_DECRYPT); - if (memcmp(&(RC2plain[n][0]),buf2,8) != 0) - { - printf("ecb RC2 error decrypting\n"); - printf("got :"); - for (i=0; i<8; i++) - printf("%02X ",buf[i]); - printf("\n"); - printf("expected:"); - for (i=0; i<8; i++) - printf("%02X ",RC2plain[n][i]); - printf("\n"); - err=3; - } - } - - if (err == 0) printf("ecb RC2 ok\n"); -#ifdef undef - memcpy(iv,k,8); - idea_cbc_encrypt((unsigned char *)text,out,strlen(text)+1,&key,iv,1); - memcpy(iv,k,8); - idea_cbc_encrypt(out,out,8,&dkey,iv,0); - idea_cbc_encrypt(&(out[8]),&(out[8]),strlen(text)+1-8,&dkey,iv,0); - if (memcmp(text,out,strlen(text)+1) != 0) - { - printf("cbc idea bad\n"); - err=4; - } - else - printf("cbc idea ok\n"); - - printf("cfb64 idea "); - if (cfb64_test(cfb_cipher64)) - { - printf("bad\n"); - err=5; - } - else - printf("ok\n"); -#endif - - exit(err); - return(err); - } - -#ifdef undef -static int cfb64_test(unsigned char *cfb_cipher) - { - IDEA_KEY_SCHEDULE eks,dks; - int err=0,i,n; - - idea_set_encrypt_key(cfb_key,&eks); - idea_set_decrypt_key(&eks,&dks); - memcpy(cfb_tmp,cfb_iv,8); - n=0; - idea_cfb64_encrypt(plain,cfb_buf1,(long)12,&eks, - cfb_tmp,&n,IDEA_ENCRYPT); - idea_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]), - (long)CFB_TEST_SIZE-12,&eks, - cfb_tmp,&n,IDEA_ENCRYPT); - if (memcmp(cfb_cipher,cfb_buf1,CFB_TEST_SIZE) != 0) - { - err=1; - printf("idea_cfb64_encrypt encrypt error\n"); - for (i=0; i>4)&0xf]; - ret[i*2+1]=f[p[i]&0xf]; - } - ret[16]='\0'; - return(ret); - } - -#endif -#endif diff --git a/src/lib/libcrypto/rc2/tab.c b/src/lib/libcrypto/rc2/tab.c deleted file mode 100644 index 25dc14eeba1..00000000000 --- a/src/lib/libcrypto/rc2/tab.c +++ /dev/null @@ -1,86 +0,0 @@ -#include - -unsigned char ebits_to_num[256]={ - 0xbd,0x56,0xea,0xf2,0xa2,0xf1,0xac,0x2a, - 0xb0,0x93,0xd1,0x9c,0x1b,0x33,0xfd,0xd0, - 0x30,0x04,0xb6,0xdc,0x7d,0xdf,0x32,0x4b, - 0xf7,0xcb,0x45,0x9b,0x31,0xbb,0x21,0x5a, - 0x41,0x9f,0xe1,0xd9,0x4a,0x4d,0x9e,0xda, - 0xa0,0x68,0x2c,0xc3,0x27,0x5f,0x80,0x36, - 0x3e,0xee,0xfb,0x95,0x1a,0xfe,0xce,0xa8, - 0x34,0xa9,0x13,0xf0,0xa6,0x3f,0xd8,0x0c, - 0x78,0x24,0xaf,0x23,0x52,0xc1,0x67,0x17, - 0xf5,0x66,0x90,0xe7,0xe8,0x07,0xb8,0x60, - 0x48,0xe6,0x1e,0x53,0xf3,0x92,0xa4,0x72, - 0x8c,0x08,0x15,0x6e,0x86,0x00,0x84,0xfa, - 0xf4,0x7f,0x8a,0x42,0x19,0xf6,0xdb,0xcd, - 0x14,0x8d,0x50,0x12,0xba,0x3c,0x06,0x4e, - 0xec,0xb3,0x35,0x11,0xa1,0x88,0x8e,0x2b, - 0x94,0x99,0xb7,0x71,0x74,0xd3,0xe4,0xbf, - 0x3a,0xde,0x96,0x0e,0xbc,0x0a,0xed,0x77, - 0xfc,0x37,0x6b,0x03,0x79,0x89,0x62,0xc6, - 0xd7,0xc0,0xd2,0x7c,0x6a,0x8b,0x22,0xa3, - 0x5b,0x05,0x5d,0x02,0x75,0xd5,0x61,0xe3, - 0x18,0x8f,0x55,0x51,0xad,0x1f,0x0b,0x5e, - 0x85,0xe5,0xc2,0x57,0x63,0xca,0x3d,0x6c, - 0xb4,0xc5,0xcc,0x70,0xb2,0x91,0x59,0x0d, - 0x47,0x20,0xc8,0x4f,0x58,0xe0,0x01,0xe2, - 0x16,0x38,0xc4,0x6f,0x3b,0x0f,0x65,0x46, - 0xbe,0x7e,0x2d,0x7b,0x82,0xf9,0x40,0xb5, - 0x1d,0x73,0xf8,0xeb,0x26,0xc7,0x87,0x97, - 0x25,0x54,0xb1,0x28,0xaa,0x98,0x9d,0xa5, - 0x64,0x6d,0x7a,0xd4,0x10,0x81,0x44,0xef, - 0x49,0xd6,0xae,0x2e,0xdd,0x76,0x5c,0x2f, - 0xa7,0x1c,0xc9,0x09,0x69,0x9a,0x83,0xcf, - 0x29,0x39,0xb9,0xe9,0x4c,0xff,0x43,0xab, - }; - -unsigned char num_to_ebits[256]={ - 0x5d,0xbe,0x9b,0x8b,0x11,0x99,0x6e,0x4d, - 0x59,0xf3,0x85,0xa6,0x3f,0xb7,0x83,0xc5, - 0xe4,0x73,0x6b,0x3a,0x68,0x5a,0xc0,0x47, - 0xa0,0x64,0x34,0x0c,0xf1,0xd0,0x52,0xa5, - 0xb9,0x1e,0x96,0x43,0x41,0xd8,0xd4,0x2c, - 0xdb,0xf8,0x07,0x77,0x2a,0xca,0xeb,0xef, - 0x10,0x1c,0x16,0x0d,0x38,0x72,0x2f,0x89, - 0xc1,0xf9,0x80,0xc4,0x6d,0xae,0x30,0x3d, - 0xce,0x20,0x63,0xfe,0xe6,0x1a,0xc7,0xb8, - 0x50,0xe8,0x24,0x17,0xfc,0x25,0x6f,0xbb, - 0x6a,0xa3,0x44,0x53,0xd9,0xa2,0x01,0xab, - 0xbc,0xb6,0x1f,0x98,0xee,0x9a,0xa7,0x2d, - 0x4f,0x9e,0x8e,0xac,0xe0,0xc6,0x49,0x46, - 0x29,0xf4,0x94,0x8a,0xaf,0xe1,0x5b,0xc3, - 0xb3,0x7b,0x57,0xd1,0x7c,0x9c,0xed,0x87, - 0x40,0x8c,0xe2,0xcb,0x93,0x14,0xc9,0x61, - 0x2e,0xe5,0xcc,0xf6,0x5e,0xa8,0x5c,0xd6, - 0x75,0x8d,0x62,0x95,0x58,0x69,0x76,0xa1, - 0x4a,0xb5,0x55,0x09,0x78,0x33,0x82,0xd7, - 0xdd,0x79,0xf5,0x1b,0x0b,0xde,0x26,0x21, - 0x28,0x74,0x04,0x97,0x56,0xdf,0x3c,0xf0, - 0x37,0x39,0xdc,0xff,0x06,0xa4,0xea,0x42, - 0x08,0xda,0xb4,0x71,0xb0,0xcf,0x12,0x7a, - 0x4e,0xfa,0x6c,0x1d,0x84,0x00,0xc8,0x7f, - 0x91,0x45,0xaa,0x2b,0xc2,0xb1,0x8f,0xd5, - 0xba,0xf2,0xad,0x19,0xb2,0x67,0x36,0xf7, - 0x0f,0x0a,0x92,0x7d,0xe3,0x9d,0xe9,0x90, - 0x3e,0x23,0x27,0x66,0x13,0xec,0x81,0x15, - 0xbd,0x22,0xbf,0x9f,0x7e,0xa9,0x51,0x4b, - 0x4c,0xfb,0x02,0xd3,0x70,0x86,0x31,0xe7, - 0x3b,0x05,0x03,0x54,0x60,0x48,0x65,0x18, - 0xd2,0xcd,0x5f,0x32,0x88,0x0e,0x35,0xfd, - }; - -main() - { - int i,j; - - for (i=0; i<256; i++) - { - for (j=0; j<256; j++) - if (ebits_to_num[j] == i) - { - printf("0x%02x,",j); - break; - } - } - } diff --git a/src/lib/libcrypto/rc2/version b/src/lib/libcrypto/rc2/version index 6f89d595f17..a69ff35a437 100644 --- a/src/lib/libcrypto/rc2/version +++ b/src/lib/libcrypto/rc2/version @@ -15,7 +15,7 @@ little-endian operators. While rc2 is included because it is used with SSL, I don't know how far I trust it. It is about the same speed as IDEA and DES. - So if you are paranoid, used Tripple DES, else IDEA. If RC2 + So if you are paranoid, used Triple DES, else IDEA. If RC2 does get used more, perhaps more people will look for weaknesses in it. diff --git a/src/lib/libcrypto/rc4/Makefile.ssl b/src/lib/libcrypto/rc4/Makefile.ssl deleted file mode 100644 index c779728af8b..00000000000 --- a/src/lib/libcrypto/rc4/Makefile.ssl +++ /dev/null @@ -1,115 +0,0 @@ -# -# SSLeay/crypto/rc4/Makefile -# - -DIR= rc4 -TOP= ../.. -CC= cc -CPP= $(CC) -E -INCLUDES= -CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKE= make -f Makefile.ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) -MAKEFILE= Makefile.ssl -AR= ar r - -RC4_ENC=rc4_enc.o -# or use -#RC4_ENC=asm/rx86-elf.o -#RC4_ENC=asm/rx86-out.o -#RC4_ENC=asm/rx86-sol.o -#RC4_ENC=asm/rx86bdsi.o - -CFLAGS= $(INCLUDES) $(CFLAG) - -GENERAL=Makefile -TEST=rc4test.c -APPS= - -LIB=$(TOP)/libcrypto.a -LIBSRC=rc4_skey.c rc4_enc.c -LIBOBJ=rc4_skey.o $(RC4_ENC) - -SRC= $(LIBSRC) - -EXHEADER= rc4.h -HEADER= $(EXHEADER) rc4_locl.h - -ALL= $(GENERAL) $(SRC) $(HEADER) - -top: - (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) - -all: lib - -lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) || echo Never mind. - @touch lib - -# elf -asm/rx86-elf.o: asm/rx86unix.cpp - $(CPP) -DELF -x c asm/rx86unix.cpp | as -o asm/rx86-elf.o - -# solaris -asm/rx86-sol.o: asm/rx86unix.cpp - $(CC) -E -DSOL asm/rx86unix.cpp | sed 's/^#.*//' > asm/rx86-sol.s - as -o asm/rx86-sol.o asm/rx86-sol.s - rm -f asm/rx86-sol.s - -# a.out -asm/rx86-out.o: asm/rx86unix.cpp - $(CPP) -DOUT asm/rx86unix.cpp | as -o asm/rx86-out.o - -# bsdi -asm/rx86bsdi.o: asm/rx86unix.cpp - $(CPP) -DBSDI asm/rx86unix.cpp | sed 's/ :/:/' | as -o asm/rx86bsdi.o - -asm/rx86unix.cpp: asm/rc4-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) rc4-586.pl cpp >rx86unix.cpp) - -files: - $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO - -links: - @sh $(TOP)/util/point.sh Makefile.ssl Makefile - @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) - @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) - @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) - -install: - @for i in $(EXHEADER) ; \ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; - -tags: - ctags $(SRC) - -tests: - -lint: - lint -DLINT $(INCLUDES) $(SRC)>fluff - -depend: - $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) - -dclean: - $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new - mv -f Makefile.new $(MAKEFILE) - -clean: - rm -f asm/rx86unix.cpp *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff asm/*.o - -# DO NOT DELETE THIS LINE -- make depend depends on it. - -rc4_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc4.h -rc4_enc.o: rc4_enc.c rc4_locl.h -rc4_skey.o: ../../include/openssl/opensslconf.h -rc4_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/rc4.h -rc4_skey.o: rc4_locl.h rc4_skey.c diff --git a/src/lib/libcrypto/rc4/asm/rc4-586.pl b/src/lib/libcrypto/rc4/asm/rc4-586.pl index 7ef889e5a13..03f0cff467c 100644 --- a/src/lib/libcrypto/rc4/asm/rc4-586.pl +++ b/src/lib/libcrypto/rc4/asm/rc4-586.pl @@ -1,173 +1,411 @@ -#!/usr/local/bin/perl - -# define for pentium pro friendly version - -push(@INC,"perlasm","../../perlasm"); +#!/usr/bin/env perl + +# ==================================================================== +# [Re]written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# At some point it became apparent that the original SSLeay RC4 +# assembler implementation performs suboptimally on latest IA-32 +# microarchitectures. After re-tuning performance has changed as +# following: +# +# Pentium -10% +# Pentium III +12% +# AMD +50%(*) +# P4 +250%(**) +# +# (*) This number is actually a trade-off:-) It's possible to +# achieve +72%, but at the cost of -48% off PIII performance. +# In other words code performing further 13% faster on AMD +# would perform almost 2 times slower on Intel PIII... +# For reference! This code delivers ~80% of rc4-amd64.pl +# performance on the same Opteron machine. +# (**) This number requires compressed key schedule set up by +# RC4_set_key [see commentary below for further details]. +# +# + +# May 2011 +# +# Optimize for Core2 and Westmere [and incidentally Opteron]. Current +# performance in cycles per processed byte (less is better) and +# improvement relative to previous version of this module is: +# +# Pentium 10.2 # original numbers +# Pentium III 7.8(*) +# Intel P4 7.5 +# +# Opteron 6.1/+20% # new MMX numbers +# Core2 5.3/+67%(**) +# Westmere 5.1/+94%(**) +# Sandy Bridge 5.0/+8% +# Atom 12.6/+6% +# +# (*) PIII can actually deliver 6.6 cycles per byte with MMX code, +# but this specific code performs poorly on Core2. And vice +# versa, below MMX/SSE code delivering 5.8/7.1 on Core2 performs +# poorly on PIII, at 8.0/14.5:-( As PIII is not a "hot" CPU +# [anymore], I chose to discard PIII-specific code path and opt +# for original IALU-only code, which is why MMX/SSE code path +# is guarded by SSE2 bit (see below), not MMX/SSE. +# (**) Performance vs. block size on Core2 and Westmere had a maximum +# at ... 64 bytes block size. And it was quite a maximum, 40-60% +# in comparison to largest 8KB block size. Above improvement +# coefficients are for the largest block size. + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +push(@INC,"${dir}","${dir}../../perlasm"); require "x86asm.pl"; &asm_init($ARGV[0],"rc4-586.pl"); -$tx="eax"; -$ty="ebx"; -$x="ecx"; -$y="edx"; -$in="esi"; +$xx="eax"; +$yy="ebx"; +$tx="ecx"; +$ty="edx"; +$inp="esi"; +$out="ebp"; +$dat="edi"; + +sub RC4_loop { + my $i=shift; + my $func = ($i==0)?*mov:*or; + + &add (&LB($yy),&LB($tx)); + &mov ($ty,&DWP(0,$dat,$yy,4)); + &mov (&DWP(0,$dat,$yy,4),$tx); + &mov (&DWP(0,$dat,$xx,4),$ty); + &add ($ty,$tx); + &inc (&LB($xx)); + &and ($ty,0xff); + &ror ($out,8) if ($i!=0); + if ($i<3) { + &mov ($tx,&DWP(0,$dat,$xx,4)); + } else { + &mov ($tx,&wparam(3)); # reload [re-biased] out + } + &$func ($out,&DWP(0,$dat,$ty,4)); +} + +if ($alt=0) { + # >20% faster on Atom and Sandy Bridge[!], 8% faster on Opteron, + # but ~40% slower on Core2 and Westmere... Attempt to add movz + # brings down Opteron by 25%, Atom and Sandy Bridge by 15%, yet + # on Core2 with movz it's almost 20% slower than below alternative + # code... Yes, it's a total mess... + my @XX=($xx,$out); + $RC4_loop_mmx = sub { # SSE actually... + my $i=shift; + my $j=$i<=0?0:$i>>1; + my $mm=$i<=0?"mm0":"mm".($i&1); + + &add (&LB($yy),&LB($tx)); + &lea (@XX[1],&DWP(1,@XX[0])); + &pxor ("mm2","mm0") if ($i==0); + &psllq ("mm1",8) if ($i==0); + &and (@XX[1],0xff); + &pxor ("mm0","mm0") if ($i<=0); + &mov ($ty,&DWP(0,$dat,$yy,4)); + &mov (&DWP(0,$dat,$yy,4),$tx); + &pxor ("mm1","mm2") if ($i==0); + &mov (&DWP(0,$dat,$XX[0],4),$ty); + &add (&LB($ty),&LB($tx)); + &movd (@XX[0],"mm7") if ($i==0); + &mov ($tx,&DWP(0,$dat,@XX[1],4)); + &pxor ("mm1","mm1") if ($i==1); + &movq ("mm2",&QWP(0,$inp)) if ($i==1); + &movq (&QWP(-8,(@XX[0],$inp)),"mm1") if ($i==0); + &pinsrw ($mm,&DWP(0,$dat,$ty,4),$j); + + push (@XX,shift(@XX)) if ($i>=0); + } +} else { + # Using pinsrw here improves performane on Intel CPUs by 2-3%, but + # brings down AMD by 7%... + $RC4_loop_mmx = sub { + my $i=shift; + + &add (&LB($yy),&LB($tx)); + &psllq ("mm1",8*(($i-1)&7)) if (abs($i)!=1); + &mov ($ty,&DWP(0,$dat,$yy,4)); + &mov (&DWP(0,$dat,$yy,4),$tx); + &mov (&DWP(0,$dat,$xx,4),$ty); + &inc ($xx); + &add ($ty,$tx); + &movz ($xx,&LB($xx)); # (*) + &movz ($ty,&LB($ty)); # (*) + &pxor ("mm2",$i==1?"mm0":"mm1") if ($i>=0); + &movq ("mm0",&QWP(0,$inp)) if ($i<=0); + &movq (&QWP(-8,($out,$inp)),"mm2") if ($i==0); + &mov ($tx,&DWP(0,$dat,$xx,4)); + &movd ($i>0?"mm1":"mm2",&DWP(0,$dat,$ty,4)); + + # (*) This is the key to Core2 and Westmere performance. + # Whithout movz out-of-order execution logic confuses + # itself and fails to reorder loads and stores. Problem + # appears to be fixed in Sandy Bridge... + } +} + +&external_label("OPENSSL_ia32cap_P"); + +# void RC4(RC4_KEY *key,size_t len,const unsigned char *inp,unsigned char *out); +&function_begin("RC4"); + &mov ($dat,&wparam(0)); # load key schedule pointer + &mov ($ty, &wparam(1)); # load len + &mov ($inp,&wparam(2)); # load inp + &mov ($out,&wparam(3)); # load out + + &xor ($xx,$xx); # avoid partial register stalls + &xor ($yy,$yy); + + &cmp ($ty,0); # safety net + &je (&label("abort")); + + &mov (&LB($xx),&BP(0,$dat)); # load key->x + &mov (&LB($yy),&BP(4,$dat)); # load key->y + &add ($dat,8); + + &lea ($tx,&DWP(0,$inp,$ty)); + &sub ($out,$inp); # re-bias out + &mov (&wparam(1),$tx); # save input+len + + &inc (&LB($xx)); + + # detect compressed key schedule... + &cmp (&DWP(256,$dat),-1); + &je (&label("RC4_CHAR")); + + &mov ($tx,&DWP(0,$dat,$xx,4)); + + &and ($ty,-4); # how many 4-byte chunks? + &jz (&label("loop1")); + + &test ($ty,-8); + &mov (&wparam(3),$out); # $out as accumulator in these loops + &jz (&label("go4loop4")); + + &picmeup($out,"OPENSSL_ia32cap_P"); + # check SSE2 bit [could have been MMX] + &bt (&DWP(0,$out),"\$IA32CAP_BIT0_SSE2"); + &jnc (&label("go4loop4")); + + &mov ($out,&wparam(3)) if (!$alt); + &movd ("mm7",&wparam(3)) if ($alt); + &and ($ty,-8); + &lea ($ty,&DWP(-8,$inp,$ty)); + &mov (&DWP(-4,$dat),$ty); # save input+(len/8)*8-8 + + &$RC4_loop_mmx(-1); + &jmp(&label("loop_mmx_enter")); + + &set_label("loop_mmx",16); + &$RC4_loop_mmx(0); + &set_label("loop_mmx_enter"); + for ($i=1;$i<8;$i++) { &$RC4_loop_mmx($i); } + &mov ($ty,$yy); + &xor ($yy,$yy); # this is second key to Core2 + &mov (&LB($yy),&LB($ty)); # and Westmere performance... + &cmp ($inp,&DWP(-4,$dat)); + &lea ($inp,&DWP(8,$inp)); + &jb (&label("loop_mmx")); + + if ($alt) { + &movd ($out,"mm7"); + &pxor ("mm2","mm0"); + &psllq ("mm1",8); + &pxor ("mm1","mm2"); + &movq (&QWP(-8,$out,$inp),"mm1"); + } else { + &psllq ("mm1",56); + &pxor ("mm2","mm1"); + &movq (&QWP(-8,$out,$inp),"mm2"); + } + &emms (); + + &cmp ($inp,&wparam(1)); # compare to input+len + &je (&label("done")); + &jmp (&label("loop1")); + +&set_label("go4loop4",16); + &lea ($ty,&DWP(-4,$inp,$ty)); + &mov (&wparam(2),$ty); # save input+(len/4)*4-4 + + &set_label("loop4"); + for ($i=0;$i<4;$i++) { RC4_loop($i); } + &ror ($out,8); + &xor ($out,&DWP(0,$inp)); + &cmp ($inp,&wparam(2)); # compare to input+(len/4)*4-4 + &mov (&DWP(0,$tx,$inp),$out);# $tx holds re-biased out here + &lea ($inp,&DWP(4,$inp)); + &mov ($tx,&DWP(0,$dat,$xx,4)); + &jb (&label("loop4")); + + &cmp ($inp,&wparam(1)); # compare to input+len + &je (&label("done")); + &mov ($out,&wparam(3)); # restore $out + + &set_label("loop1",16); + &add (&LB($yy),&LB($tx)); + &mov ($ty,&DWP(0,$dat,$yy,4)); + &mov (&DWP(0,$dat,$yy,4),$tx); + &mov (&DWP(0,$dat,$xx,4),$ty); + &add ($ty,$tx); + &inc (&LB($xx)); + &and ($ty,0xff); + &mov ($ty,&DWP(0,$dat,$ty,4)); + &xor (&LB($ty),&BP(0,$inp)); + &lea ($inp,&DWP(1,$inp)); + &mov ($tx,&DWP(0,$dat,$xx,4)); + &cmp ($inp,&wparam(1)); # compare to input+len + &mov (&BP(-1,$out,$inp),&LB($ty)); + &jb (&label("loop1")); + + &jmp (&label("done")); + +# this is essentially Intel P4 specific codepath... +&set_label("RC4_CHAR",16); + &movz ($tx,&BP(0,$dat,$xx)); + # strangely enough unrolled loop performs over 20% slower... + &set_label("cloop1"); + &add (&LB($yy),&LB($tx)); + &movz ($ty,&BP(0,$dat,$yy)); + &mov (&BP(0,$dat,$yy),&LB($tx)); + &mov (&BP(0,$dat,$xx),&LB($ty)); + &add (&LB($ty),&LB($tx)); + &movz ($ty,&BP(0,$dat,$ty)); + &add (&LB($xx),1); + &xor (&LB($ty),&BP(0,$inp)); + &lea ($inp,&DWP(1,$inp)); + &movz ($tx,&BP(0,$dat,$xx)); + &cmp ($inp,&wparam(1)); + &mov (&BP(-1,$out,$inp),&LB($ty)); + &jb (&label("cloop1")); + +&set_label("done"); + &dec (&LB($xx)); + &mov (&DWP(-4,$dat),$yy); # save key->y + &mov (&BP(-8,$dat),&LB($xx)); # save key->x +&set_label("abort"); +&function_end("RC4"); + +######################################################################## + +$inp="esi"; $out="edi"; -$d="ebp"; - -&RC4("RC4"); +$idi="ebp"; +$ido="ecx"; +$idx="edx"; + +# void RC4_set_key(RC4_KEY *key,int len,const unsigned char *data); +&function_begin("RC4_set_key"); + &mov ($out,&wparam(0)); # load key + &mov ($idi,&wparam(1)); # load len + &mov ($inp,&wparam(2)); # load data + &picmeup($idx,"OPENSSL_ia32cap_P"); + + &lea ($out,&DWP(2*4,$out)); # &key->data + &lea ($inp,&DWP(0,$inp,$idi)); # $inp to point at the end + &neg ($idi); + &xor ("eax","eax"); + &mov (&DWP(-4,$out),$idi); # borrow key->y + + &bt (&DWP(0,$idx),"\$IA32CAP_BIT0_INTELP4"); + &jc (&label("c1stloop")); + +&set_label("w1stloop",16); + &mov (&DWP(0,$out,"eax",4),"eax"); # key->data[i]=i; + &add (&LB("eax"),1); # i++; + &jnc (&label("w1stloop")); + + &xor ($ido,$ido); + &xor ($idx,$idx); + +&set_label("w2ndloop",16); + &mov ("eax",&DWP(0,$out,$ido,4)); + &add (&LB($idx),&BP(0,$inp,$idi)); + &add (&LB($idx),&LB("eax")); + &add ($idi,1); + &mov ("ebx",&DWP(0,$out,$idx,4)); + &jnz (&label("wnowrap")); + &mov ($idi,&DWP(-4,$out)); + &set_label("wnowrap"); + &mov (&DWP(0,$out,$idx,4),"eax"); + &mov (&DWP(0,$out,$ido,4),"ebx"); + &add (&LB($ido),1); + &jnc (&label("w2ndloop")); +&jmp (&label("exit")); + +# Unlike all other x86 [and x86_64] implementations, Intel P4 core +# [including EM64T] was found to perform poorly with above "32-bit" key +# schedule, a.k.a. RC4_INT. Performance improvement for IA-32 hand-coded +# assembler turned out to be 3.5x if re-coded for compressed 8-bit one, +# a.k.a. RC4_CHAR! It's however inappropriate to just switch to 8-bit +# schedule for x86[_64], because non-P4 implementations suffer from +# significant performance losses then, e.g. PIII exhibits >2x +# deterioration, and so does Opteron. In order to assure optimal +# all-round performance, we detect P4 at run-time and set up compressed +# key schedule, which is recognized by RC4 procedure. + +&set_label("c1stloop",16); + &mov (&BP(0,$out,"eax"),&LB("eax")); # key->data[i]=i; + &add (&LB("eax"),1); # i++; + &jnc (&label("c1stloop")); + + &xor ($ido,$ido); + &xor ($idx,$idx); + &xor ("ebx","ebx"); + +&set_label("c2ndloop",16); + &mov (&LB("eax"),&BP(0,$out,$ido)); + &add (&LB($idx),&BP(0,$inp,$idi)); + &add (&LB($idx),&LB("eax")); + &add ($idi,1); + &mov (&LB("ebx"),&BP(0,$out,$idx)); + &jnz (&label("cnowrap")); + &mov ($idi,&DWP(-4,$out)); + &set_label("cnowrap"); + &mov (&BP(0,$out,$idx),&LB("eax")); + &mov (&BP(0,$out,$ido),&LB("ebx")); + &add (&LB($ido),1); + &jnc (&label("c2ndloop")); + + &mov (&DWP(256,$out),-1); # mark schedule as compressed + +&set_label("exit"); + &xor ("eax","eax"); + &mov (&DWP(-8,$out),"eax"); # key->x=0; + &mov (&DWP(-4,$out),"eax"); # key->y=0; +&function_end("RC4_set_key"); + +# const char *RC4_options(void); +&function_begin_B("RC4_options"); + &call (&label("pic_point")); +&set_label("pic_point"); + &blindpop("eax"); + &lea ("eax",&DWP(&label("opts")."-".&label("pic_point"),"eax")); + &picmeup("edx","OPENSSL_ia32cap_P"); + &mov ("edx",&DWP(0,"edx")); + &bt ("edx","\$IA32CAP_BIT0_INTELP4"); + &jc (&label("1xchar")); + &bt ("edx","\$IA32CAP_BIT0_SSE2"); + &jnc (&label("ret")); + &add ("eax",25); + &ret (); +&set_label("1xchar"); + &add ("eax",12); +&set_label("ret"); + &ret (); +&set_label("opts",64); +&asciz ("rc4(4x,int)"); +&asciz ("rc4(1x,char)"); +&asciz ("rc4(8x,mmx)"); +&asciz ("RC4 for x86, CRYPTOGAMS by "); +&align (64); +&function_end_B("RC4_options"); &asm_finish(); -sub RC4_loop - { - local($n,$p,$char)=@_; - - &comment("Round $n"); - - if ($char) - { - if ($p >= 0) - { - &mov($ty, &swtmp(2)); - &cmp($ty, $in); - &jle(&label("finished")); - &inc($in); - } - else - { - &add($ty, 8); - &inc($in); - &cmp($ty, $in); - &jl(&label("finished")); - &mov(&swtmp(2), $ty); - } - } - # Moved out - # &mov( $tx, &DWP(0,$d,$x,4)) if $p < 0; - - &add( $y, $tx); - &and( $y, 0xff); - &inc( $x); # NEXT ROUND - &mov( $ty, &DWP(0,$d,$y,4)); - # XXX - &mov( &DWP(-4,$d,$x,4),$ty); # AGI - &add( $ty, $tx); - &and( $x, 0xff); # NEXT ROUND - &and( $ty, 0xff); - &mov( &DWP(0,$d,$y,4),$tx); - &nop(); - &mov( $ty, &DWP(0,$d,$ty,4)); - &mov( $tx, &DWP(0,$d,$x,4)) if $p < 1; # NEXT ROUND - # XXX - - if (!$char) - { - #moved up into last round - if ($p >= 1) - { - &add( $out, 8) - } - &movb( &BP($n,"esp","",0), &LB($ty)); - } - else - { - # Note in+=8 has occured - &movb( &HB($ty), &BP(-1,$in,"",0)); - # XXX - &xorb(&LB($ty), &HB($ty)); - # XXX - &movb(&BP($n,$out,"",0),&LB($ty)); - } - } - - -sub RC4 - { - local($name)=@_; - - &function_begin_B($name,""); - - &comment(""); - - &push("ebp"); - &push("ebx"); - &mov( $d, &wparam(0)); # key - &mov( $ty, &wparam(1)); # num - &push("esi"); - &push("edi"); - - &mov( $x, &DWP(0,$d,"",1)); - &mov( $y, &DWP(4,$d,"",1)); - - &mov( $in, &wparam(2)); - &inc( $x); - - &stack_push(3); # 3 temp variables - &add( $d, 8); - &and( $x, 0xff); - - &lea( $ty, &DWP(-8,$ty,$in)); - - # check for 0 length input - - &mov( $out, &wparam(3)); - &mov( &swtmp(2), $ty); # this is now address to exit at - &mov( $tx, &DWP(0,$d,$x,4)); - - &cmp( $ty, $in); - &jl( &label("end")); # less than 8 bytes - - &set_label("start"); - - # filling DELAY SLOT - &add( $in, 8); - - &RC4_loop(0,-1,0); - &RC4_loop(1,0,0); - &RC4_loop(2,0,0); - &RC4_loop(3,0,0); - &RC4_loop(4,0,0); - &RC4_loop(5,0,0); - &RC4_loop(6,0,0); - &RC4_loop(7,1,0); - - &comment("apply the cipher text"); - # xor the cipher data with input - - #&add( $out, 8); #moved up into last round - - &mov( $tx, &swtmp(0)); - &mov( $ty, &DWP(-8,$in,"",0)); - &xor( $tx, $ty); - &mov( $ty, &DWP(-4,$in,"",0)); - &mov( &DWP(-8,$out,"",0), $tx); - &mov( $tx, &swtmp(1)); - &xor( $tx, $ty); - &mov( $ty, &swtmp(2)); # load end ptr; - &mov( &DWP(-4,$out,"",0), $tx); - &mov( $tx, &DWP(0,$d,$x,4)); - &cmp($in, $ty); - &jle(&label("start")); - - &set_label("end"); - - # There is quite a bit of extra crap in RC4_loop() for this - # first round - &RC4_loop(0,-1,1); - &RC4_loop(1,0,1); - &RC4_loop(2,0,1); - &RC4_loop(3,0,1); - &RC4_loop(4,0,1); - &RC4_loop(5,0,1); - &RC4_loop(6,1,1); - - &set_label("finished"); - &dec( $x); - &stack_pop(3); - &mov( &DWP(-4,$d,"",0),$y); - &movb( &BP(-8,$d,"",0),&LB($x)); - - &function_end($name); - } - diff --git a/src/lib/libcrypto/rc4/asm/rc4-md5-x86_64.pl b/src/lib/libcrypto/rc4/asm/rc4-md5-x86_64.pl new file mode 100644 index 00000000000..501d9e936bb --- /dev/null +++ b/src/lib/libcrypto/rc4/asm/rc4-md5-x86_64.pl @@ -0,0 +1,525 @@ +#!/usr/bin/env perl +# +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# June 2011 +# +# This is RC4+MD5 "stitch" implementation. The idea, as spelled in +# http://download.intel.com/design/intarch/papers/323686.pdf, is that +# since both algorithms exhibit instruction-level parallelism, ILP, +# below theoretical maximum, interleaving them would allow to utilize +# processor resources better and achieve better performance. RC4 +# instruction sequence is virtually identical to rc4-x86_64.pl, which +# is heavily based on submission by Maxim Perminov, Maxim Locktyukhin +# and Jim Guilford of Intel. MD5 is fresh implementation aiming to +# minimize register usage, which was used as "main thread" with RC4 +# weaved into it, one RC4 round per one MD5 round. In addition to the +# stiched subroutine the script can generate standalone replacement +# md5_block_asm_data_order and RC4. Below are performance numbers in +# cycles per processed byte, less is better, for these the standalone +# subroutines, sum of them, and stitched one: +# +# RC4 MD5 RC4+MD5 stitch gain +# Opteron 6.5(*) 5.4 11.9 7.0 +70%(*) +# Core2 6.5 5.8 12.3 7.7 +60% +# Westmere 4.3 5.2 9.5 7.0 +36% +# Sandy Bridge 4.2 5.5 9.7 6.8 +43% +# Atom 9.3 6.5 15.8 11.1 +42% +# +# (*) rc4-x86_64.pl delivers 5.3 on Opteron, so real improvement +# is +53%... + +my ($rc4,$md5)=(1,1); # what to generate? +my $D="#" if (!$md5); # if set to "#", MD5 is stitched into RC4(), + # but its result is discarded. Idea here is + # to be able to use 'openssl speed rc4' for + # benchmarking the stitched subroutine... + +my $flavour = shift; +my $output = shift; +if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; my $dir=$1; my $xlate; +( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or +die "can't locate x86_64-xlate.pl"; + +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; + +my ($dat,$in0,$out,$ctx,$inp,$len, $func,$nargs); + +if ($rc4 && !$md5) { + ($dat,$len,$in0,$out) = ("%rdi","%rsi","%rdx","%rcx"); + $func="RC4"; $nargs=4; +} elsif ($md5 && !$rc4) { + ($ctx,$inp,$len) = ("%rdi","%rsi","%rdx"); + $func="md5_block_asm_data_order"; $nargs=3; +} else { + ($dat,$in0,$out,$ctx,$inp,$len) = ("%rdi","%rsi","%rdx","%rcx","%r8","%r9"); + $func="rc4_md5_enc"; $nargs=6; + # void rc4_md5_enc( + # RC4_KEY *key, # + # const void *in0, # RC4 input + # void *out, # RC4 output + # MD5_CTX *ctx, # + # const void *inp, # MD5 input + # size_t len); # number of 64-byte blocks +} + +my @K=( 0xd76aa478,0xe8c7b756,0x242070db,0xc1bdceee, + 0xf57c0faf,0x4787c62a,0xa8304613,0xfd469501, + 0x698098d8,0x8b44f7af,0xffff5bb1,0x895cd7be, + 0x6b901122,0xfd987193,0xa679438e,0x49b40821, + + 0xf61e2562,0xc040b340,0x265e5a51,0xe9b6c7aa, + 0xd62f105d,0x02441453,0xd8a1e681,0xe7d3fbc8, + 0x21e1cde6,0xc33707d6,0xf4d50d87,0x455a14ed, + 0xa9e3e905,0xfcefa3f8,0x676f02d9,0x8d2a4c8a, + + 0xfffa3942,0x8771f681,0x6d9d6122,0xfde5380c, + 0xa4beea44,0x4bdecfa9,0xf6bb4b60,0xbebfbc70, + 0x289b7ec6,0xeaa127fa,0xd4ef3085,0x04881d05, + 0xd9d4d039,0xe6db99e5,0x1fa27cf8,0xc4ac5665, + + 0xf4292244,0x432aff97,0xab9423a7,0xfc93a039, + 0x655b59c3,0x8f0ccc92,0xffeff47d,0x85845dd1, + 0x6fa87e4f,0xfe2ce6e0,0xa3014314,0x4e0811a1, + 0xf7537e82,0xbd3af235,0x2ad7d2bb,0xeb86d391 ); + +my @V=("%r8d","%r9d","%r10d","%r11d"); # MD5 registers +my $tmp="%r12d"; + +my @XX=("%rbp","%rsi"); # RC4 registers +my @TX=("%rax","%rbx"); +my $YY="%rcx"; +my $TY="%rdx"; + +my $MOD=32; # 16, 32 or 64 + +$code.=<<___; +.text +.align 16 + +.globl $func +.type $func,\@function,$nargs +$func: + cmp \$0,$len + je .Labort + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + sub \$40,%rsp +.Lbody: +___ +if ($rc4) { +$code.=<<___; +$D#md5# mov $ctx,%r11 # reassign arguments + mov $len,%r12 + mov $in0,%r13 + mov $out,%r14 +$D#md5# mov $inp,%r15 +___ + $ctx="%r11" if ($md5); # reassign arguments + $len="%r12"; + $in0="%r13"; + $out="%r14"; + $inp="%r15" if ($md5); + $inp=$in0 if (!$md5); +$code.=<<___; + xor $XX[0],$XX[0] + xor $YY,$YY + + lea 8($dat),$dat + mov -8($dat),$XX[0]#b + mov -4($dat),$YY#b + + inc $XX[0]#b + sub $in0,$out + movl ($dat,$XX[0],4),$TX[0]#d +___ +$code.=<<___ if (!$md5); + xor $TX[1],$TX[1] + test \$-128,$len + jz .Loop1 + sub $XX[0],$TX[1] + and \$`$MOD-1`,$TX[1] + jz .Loop${MOD}_is_hot + sub $TX[1],$len +.Loop${MOD}_warmup: + add $TX[0]#b,$YY#b + movl ($dat,$YY,4),$TY#d + movl $TX[0]#d,($dat,$YY,4) + movl $TY#d,($dat,$XX[0],4) + add $TY#b,$TX[0]#b + inc $XX[0]#b + movl ($dat,$TX[0],4),$TY#d + movl ($dat,$XX[0],4),$TX[0]#d + xorb ($in0),$TY#b + movb $TY#b,($out,$in0) + lea 1($in0),$in0 + dec $TX[1] + jnz .Loop${MOD}_warmup + + mov $YY,$TX[1] + xor $YY,$YY + mov $TX[1]#b,$YY#b + +.Loop${MOD}_is_hot: + mov $len,32(%rsp) # save original $len + shr \$6,$len # number of 64-byte blocks +___ + if ($D && !$md5) { # stitch in dummy MD5 + $md5=1; + $ctx="%r11"; + $inp="%r15"; + $code.=<<___; + mov %rsp,$ctx + mov $in0,$inp +___ + } +} +$code.=<<___; +#rc4# add $TX[0]#b,$YY#b +#rc4# lea ($dat,$XX[0],4),$XX[1] + shl \$6,$len + add $inp,$len # pointer to the end of input + mov $len,16(%rsp) + +#md5# mov $ctx,24(%rsp) # save pointer to MD5_CTX +#md5# mov 0*4($ctx),$V[0] # load current hash value from MD5_CTX +#md5# mov 1*4($ctx),$V[1] +#md5# mov 2*4($ctx),$V[2] +#md5# mov 3*4($ctx),$V[3] + jmp .Loop + +.align 16 +.Loop: +#md5# mov $V[0],0*4(%rsp) # put aside current hash value +#md5# mov $V[1],1*4(%rsp) +#md5# mov $V[2],2*4(%rsp) +#md5# mov $V[3],$tmp # forward reference +#md5# mov $V[3],3*4(%rsp) +___ + +sub R0 { + my ($i,$a,$b,$c,$d)=@_; + my @rot0=(7,12,17,22); + my $j=$i%16; + my $k=$i%$MOD; + my $xmm="%xmm".($j&1); + $code.=" movdqu ($in0),%xmm2\n" if ($rc4 && $j==15); + $code.=" add \$$MOD,$XX[0]#b\n" if ($rc4 && $j==15 && $k==$MOD-1); + $code.=" pxor $xmm,$xmm\n" if ($rc4 && $j<=1); + $code.=<<___; +#rc4# movl ($dat,$YY,4),$TY#d +#md5# xor $c,$tmp +#rc4# movl $TX[0]#d,($dat,$YY,4) +#md5# and $b,$tmp +#md5# add 4*`$j`($inp),$a +#rc4# add $TY#b,$TX[0]#b +#rc4# movl `4*(($k+1)%$MOD)`(`$k==$MOD-1?"$dat,$XX[0],4":"$XX[1]"`),$TX[1]#d +#md5# add \$$K[$i],$a +#md5# xor $d,$tmp +#rc4# movz $TX[0]#b,$TX[0]#d +#rc4# movl $TY#d,4*$k($XX[1]) +#md5# add $tmp,$a +#rc4# add $TX[1]#b,$YY#b +#md5# rol \$$rot0[$j%4],$a +#md5# mov `$j==15?"$b":"$c"`,$tmp # forward reference +#rc4# pinsrw \$`($j>>1)&7`,($dat,$TX[0],4),$xmm\n +#md5# add $b,$a +___ + $code.=<<___ if ($rc4 && $j==15 && $k==$MOD-1); + mov $YY,$XX[1] + xor $YY,$YY # keyword to partial register + mov $XX[1]#b,$YY#b + lea ($dat,$XX[0],4),$XX[1] +___ + $code.=<<___ if ($rc4 && $j==15); + psllq \$8,%xmm1 + pxor %xmm0,%xmm2 + pxor %xmm1,%xmm2 +___ +} +sub R1 { + my ($i,$a,$b,$c,$d)=@_; + my @rot1=(5,9,14,20); + my $j=$i%16; + my $k=$i%$MOD; + my $xmm="%xmm".($j&1); + $code.=" movdqu 16($in0),%xmm3\n" if ($rc4 && $j==15); + $code.=" add \$$MOD,$XX[0]#b\n" if ($rc4 && $j==15 && $k==$MOD-1); + $code.=" pxor $xmm,$xmm\n" if ($rc4 && $j<=1); + $code.=<<___; +#rc4# movl ($dat,$YY,4),$TY#d +#md5# xor $b,$tmp +#rc4# movl $TX[0]#d,($dat,$YY,4) +#md5# and $d,$tmp +#md5# add 4*`((1+5*$j)%16)`($inp),$a +#rc4# add $TY#b,$TX[0]#b +#rc4# movl `4*(($k+1)%$MOD)`(`$k==$MOD-1?"$dat,$XX[0],4":"$XX[1]"`),$TX[1]#d +#md5# add \$$K[$i],$a +#md5# xor $c,$tmp +#rc4# movz $TX[0]#b,$TX[0]#d +#rc4# movl $TY#d,4*$k($XX[1]) +#md5# add $tmp,$a +#rc4# add $TX[1]#b,$YY#b +#md5# rol \$$rot1[$j%4],$a +#md5# mov `$j==15?"$c":"$b"`,$tmp # forward reference +#rc4# pinsrw \$`($j>>1)&7`,($dat,$TX[0],4),$xmm\n +#md5# add $b,$a +___ + $code.=<<___ if ($rc4 && $j==15 && $k==$MOD-1); + mov $YY,$XX[1] + xor $YY,$YY # keyword to partial register + mov $XX[1]#b,$YY#b + lea ($dat,$XX[0],4),$XX[1] +___ + $code.=<<___ if ($rc4 && $j==15); + psllq \$8,%xmm1 + pxor %xmm0,%xmm3 + pxor %xmm1,%xmm3 +___ +} +sub R2 { + my ($i,$a,$b,$c,$d)=@_; + my @rot2=(4,11,16,23); + my $j=$i%16; + my $k=$i%$MOD; + my $xmm="%xmm".($j&1); + $code.=" movdqu 32($in0),%xmm4\n" if ($rc4 && $j==15); + $code.=" add \$$MOD,$XX[0]#b\n" if ($rc4 && $j==15 && $k==$MOD-1); + $code.=" pxor $xmm,$xmm\n" if ($rc4 && $j<=1); + $code.=<<___; +#rc4# movl ($dat,$YY,4),$TY#d +#md5# xor $c,$tmp +#rc4# movl $TX[0]#d,($dat,$YY,4) +#md5# xor $b,$tmp +#md5# add 4*`((5+3*$j)%16)`($inp),$a +#rc4# add $TY#b,$TX[0]#b +#rc4# movl `4*(($k+1)%$MOD)`(`$k==$MOD-1?"$dat,$XX[0],4":"$XX[1]"`),$TX[1]#d +#md5# add \$$K[$i],$a +#rc4# movz $TX[0]#b,$TX[0]#d +#md5# add $tmp,$a +#rc4# movl $TY#d,4*$k($XX[1]) +#rc4# add $TX[1]#b,$YY#b +#md5# rol \$$rot2[$j%4],$a +#md5# mov `$j==15?"\\\$-1":"$c"`,$tmp # forward reference +#rc4# pinsrw \$`($j>>1)&7`,($dat,$TX[0],4),$xmm\n +#md5# add $b,$a +___ + $code.=<<___ if ($rc4 && $j==15 && $k==$MOD-1); + mov $YY,$XX[1] + xor $YY,$YY # keyword to partial register + mov $XX[1]#b,$YY#b + lea ($dat,$XX[0],4),$XX[1] +___ + $code.=<<___ if ($rc4 && $j==15); + psllq \$8,%xmm1 + pxor %xmm0,%xmm4 + pxor %xmm1,%xmm4 +___ +} +sub R3 { + my ($i,$a,$b,$c,$d)=@_; + my @rot3=(6,10,15,21); + my $j=$i%16; + my $k=$i%$MOD; + my $xmm="%xmm".($j&1); + $code.=" movdqu 48($in0),%xmm5\n" if ($rc4 && $j==15); + $code.=" add \$$MOD,$XX[0]#b\n" if ($rc4 && $j==15 && $k==$MOD-1); + $code.=" pxor $xmm,$xmm\n" if ($rc4 && $j<=1); + $code.=<<___; +#rc4# movl ($dat,$YY,4),$TY#d +#md5# xor $d,$tmp +#rc4# movl $TX[0]#d,($dat,$YY,4) +#md5# or $b,$tmp +#md5# add 4*`((7*$j)%16)`($inp),$a +#rc4# add $TY#b,$TX[0]#b +#rc4# movl `4*(($k+1)%$MOD)`(`$k==$MOD-1?"$dat,$XX[0],4":"$XX[1]"`),$TX[1]#d +#md5# add \$$K[$i],$a +#rc4# movz $TX[0]#b,$TX[0]#d +#md5# xor $c,$tmp +#rc4# movl $TY#d,4*$k($XX[1]) +#md5# add $tmp,$a +#rc4# add $TX[1]#b,$YY#b +#md5# rol \$$rot3[$j%4],$a +#md5# mov \$-1,$tmp # forward reference +#rc4# pinsrw \$`($j>>1)&7`,($dat,$TX[0],4),$xmm\n +#md5# add $b,$a +___ + $code.=<<___ if ($rc4 && $j==15); + mov $XX[0],$XX[1] + xor $XX[0],$XX[0] # keyword to partial register + mov $XX[1]#b,$XX[0]#b + mov $YY,$XX[1] + xor $YY,$YY # keyword to partial register + mov $XX[1]#b,$YY#b + lea ($dat,$XX[0],4),$XX[1] + psllq \$8,%xmm1 + pxor %xmm0,%xmm5 + pxor %xmm1,%xmm5 +___ +} + +my $i=0; +for(;$i<16;$i++) { R0($i,@V); unshift(@V,pop(@V)); push(@TX,shift(@TX)); } +for(;$i<32;$i++) { R1($i,@V); unshift(@V,pop(@V)); push(@TX,shift(@TX)); } +for(;$i<48;$i++) { R2($i,@V); unshift(@V,pop(@V)); push(@TX,shift(@TX)); } +for(;$i<64;$i++) { R3($i,@V); unshift(@V,pop(@V)); push(@TX,shift(@TX)); } + +$code.=<<___; +#md5# add 0*4(%rsp),$V[0] # accumulate hash value +#md5# add 1*4(%rsp),$V[1] +#md5# add 2*4(%rsp),$V[2] +#md5# add 3*4(%rsp),$V[3] + +#rc4# movdqu %xmm2,($out,$in0) # write RC4 output +#rc4# movdqu %xmm3,16($out,$in0) +#rc4# movdqu %xmm4,32($out,$in0) +#rc4# movdqu %xmm5,48($out,$in0) +#md5# lea 64($inp),$inp +#rc4# lea 64($in0),$in0 + cmp 16(%rsp),$inp # are we done? + jb .Loop + +#md5# mov 24(%rsp),$len # restore pointer to MD5_CTX +#rc4# sub $TX[0]#b,$YY#b # correct $YY +#md5# mov $V[0],0*4($len) # write MD5_CTX +#md5# mov $V[1],1*4($len) +#md5# mov $V[2],2*4($len) +#md5# mov $V[3],3*4($len) +___ +$code.=<<___ if ($rc4 && (!$md5 || $D)); + mov 32(%rsp),$len # restore original $len + and \$63,$len # remaining bytes + jnz .Loop1 + jmp .Ldone + +.align 16 +.Loop1: + add $TX[0]#b,$YY#b + movl ($dat,$YY,4),$TY#d + movl $TX[0]#d,($dat,$YY,4) + movl $TY#d,($dat,$XX[0],4) + add $TY#b,$TX[0]#b + inc $XX[0]#b + movl ($dat,$TX[0],4),$TY#d + movl ($dat,$XX[0],4),$TX[0]#d + xorb ($in0),$TY#b + movb $TY#b,($out,$in0) + lea 1($in0),$in0 + dec $len + jnz .Loop1 + +.Ldone: +___ +$code.=<<___; +#rc4# sub \$1,$XX[0]#b +#rc4# movl $XX[0]#d,-8($dat) +#rc4# movl $YY#d,-4($dat) + + mov 40(%rsp),%r15 + mov 48(%rsp),%r14 + mov 56(%rsp),%r13 + mov 64(%rsp),%r12 + mov 72(%rsp),%rbp + mov 80(%rsp),%rbx + lea 88(%rsp),%rsp +.Lepilogue: +.Labort: + ret +.size $func,.-$func +___ + +if ($rc4 && $D) { # sole purpose of this section is to provide + # option to use the generated module as drop-in + # replacement for rc4-x86_64.pl for debugging + # and testing purposes... +my ($idx,$ido)=("%r8","%r9"); +my ($dat,$len,$inp)=("%rdi","%rsi","%rdx"); + +$code.=<<___; +.globl RC4_set_key +.type RC4_set_key,\@function,3 +.align 16 +RC4_set_key: + lea 8($dat),$dat + lea ($inp,$len),$inp + neg $len + mov $len,%rcx + xor %eax,%eax + xor $ido,$ido + xor %r10,%r10 + xor %r11,%r11 + jmp .Lw1stloop + +.align 16 +.Lw1stloop: + mov %eax,($dat,%rax,4) + add \$1,%al + jnc .Lw1stloop + + xor $ido,$ido + xor $idx,$idx +.align 16 +.Lw2ndloop: + mov ($dat,$ido,4),%r10d + add ($inp,$len,1),$idx#b + add %r10b,$idx#b + add \$1,$len + mov ($dat,$idx,4),%r11d + cmovz %rcx,$len + mov %r10d,($dat,$idx,4) + mov %r11d,($dat,$ido,4) + add \$1,$ido#b + jnc .Lw2ndloop + + xor %eax,%eax + mov %eax,-8($dat) + mov %eax,-4($dat) + ret +.size RC4_set_key,.-RC4_set_key + +.globl RC4_options +.type RC4_options,\@abi-omnipotent +.align 16 +RC4_options: + lea .Lopts(%rip),%rax + ret +.align 64 +.Lopts: +.asciz "rc4(64x,int)" +.align 64 +.size RC4_options,.-RC4_options +___ +} + +sub reg_part { +my ($reg,$conv)=@_; + if ($reg =~ /%r[0-9]+/) { $reg .= $conv; } + elsif ($conv eq "b") { $reg =~ s/%[er]([^x]+)x?/%$1l/; } + elsif ($conv eq "w") { $reg =~ s/%[er](.+)/%$1/; } + elsif ($conv eq "d") { $reg =~ s/%[er](.+)/%e$1/; } + return $reg; +} + +$code =~ s/(%[a-z0-9]+)#([bwd])/reg_part($1,$2)/gem; +$code =~ s/\`([^\`]*)\`/eval $1/gem; +$code =~ s/pinsrw\s+\$0,/movd /gm; + +$code =~ s/#md5#//gm if ($md5); +$code =~ s/#rc4#//gm if ($rc4); + +print $code; + +close STDOUT; diff --git a/src/lib/libcrypto/rc4/asm/rc4-parisc.pl b/src/lib/libcrypto/rc4/asm/rc4-parisc.pl new file mode 100644 index 00000000000..7e7974430aa --- /dev/null +++ b/src/lib/libcrypto/rc4/asm/rc4-parisc.pl @@ -0,0 +1,320 @@ +#!/usr/bin/env perl + +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# RC4 for PA-RISC. + +# June 2009. +# +# Performance is 33% better than gcc 3.2 generated code on PA-7100LC. +# For reference, [4x] unrolled loop is >40% faster than folded one. +# It's possible to unroll loop 8 times on PA-RISC 2.0, but improvement +# is believed to be not sufficient to justify the effort... +# +# Special thanks to polarhome.com for providing HP-UX account. + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; + +$flavour = shift; +$output = shift; +open STDOUT,">$output"; + +if ($flavour =~ /64/) { + $LEVEL ="2.0W"; + $SIZE_T =8; + $FRAME_MARKER =80; + $SAVED_RP =16; + $PUSH ="std"; + $PUSHMA ="std,ma"; + $POP ="ldd"; + $POPMB ="ldd,mb"; +} else { + $LEVEL ="1.0"; + $SIZE_T =4; + $FRAME_MARKER =48; + $SAVED_RP =20; + $PUSH ="stw"; + $PUSHMA ="stwm"; + $POP ="ldw"; + $POPMB ="ldwm"; +} + +$FRAME=4*$SIZE_T+$FRAME_MARKER; # 4 saved regs + frame marker + # [+ argument transfer] +$SZ=1; # defaults to RC4_CHAR +if (open CONF,"<${dir}../../opensslconf.h") { + while() { + if (m/#\s*define\s+RC4_INT\s+(.*)/) { + $SZ = ($1=~/char$/) ? 1 : 4; + last; + } + } + close CONF; +} + +if ($SZ==1) { # RC4_CHAR + $LD="ldb"; + $LDX="ldbx"; + $MKX="addl"; + $ST="stb"; +} else { # RC4_INT (~5% faster than RC4_CHAR on PA-7100LC) + $LD="ldw"; + $LDX="ldwx,s"; + $MKX="sh2addl"; + $ST="stw"; +} + +$key="%r26"; +$len="%r25"; +$inp="%r24"; +$out="%r23"; + +@XX=("%r19","%r20"); +@TX=("%r21","%r22"); +$YY="%r28"; +$TY="%r29"; + +$acc="%r1"; +$ix="%r2"; +$iy="%r3"; +$dat0="%r4"; +$dat1="%r5"; +$rem="%r6"; +$mask="%r31"; + +sub unrolledloopbody { +for ($i=0;$i<4;$i++) { +$code.=<<___; + ldo 1($XX[0]),$XX[1] + `sprintf("$LDX %$TY(%$key),%$dat1") if ($i>0)` + and $mask,$XX[1],$XX[1] + $LDX $YY($key),$TY + $MKX $YY,$key,$ix + $LDX $XX[1]($key),$TX[1] + $MKX $XX[0],$key,$iy + $ST $TX[0],0($ix) + comclr,<> $XX[1],$YY,%r0 ; conditional + copy $TX[0],$TX[1] ; move + `sprintf("%sdep %$dat1,%d,8,%$acc",$i==1?"z":"",8*($i-1)+7) if ($i>0)` + $ST $TY,0($iy) + addl $TX[0],$TY,$TY + addl $TX[1],$YY,$YY + and $mask,$TY,$TY + and $mask,$YY,$YY +___ +push(@TX,shift(@TX)); push(@XX,shift(@XX)); # "rotate" registers +} } + +sub foldedloop { +my ($label,$count)=@_; +$code.=<<___; +$label + $MKX $YY,$key,$iy + $LDX $YY($key),$TY + $MKX $XX[0],$key,$ix + $ST $TX[0],0($iy) + ldo 1($XX[0]),$XX[0] + $ST $TY,0($ix) + addl $TX[0],$TY,$TY + ldbx $inp($out),$dat1 + and $mask,$TY,$TY + and $mask,$XX[0],$XX[0] + $LDX $TY($key),$acc + $LDX $XX[0]($key),$TX[0] + ldo 1($out),$out + xor $dat1,$acc,$acc + addl $TX[0],$YY,$YY + stb $acc,-1($out) + addib,<> -1,$count,$label ; $count is always small + and $mask,$YY,$YY +___ +} + +$code=<<___; + .LEVEL $LEVEL +#if 0 + .SPACE \$TEXT\$ + .SUBSPA \$CODE\$,QUAD=0,ALIGN=8,ACCESS=0x2C,CODE_ONLY +#else + .text +#endif + + .EXPORT RC4,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR +RC4 + .PROC + .CALLINFO FRAME=`$FRAME-4*$SIZE_T`,NO_CALLS,SAVE_RP,ENTRY_GR=6 + .ENTRY + $PUSH %r2,-$SAVED_RP(%sp) ; standard prologue + $PUSHMA %r3,$FRAME(%sp) + $PUSH %r4,`-$FRAME+1*$SIZE_T`(%sp) + $PUSH %r5,`-$FRAME+2*$SIZE_T`(%sp) + $PUSH %r6,`-$FRAME+3*$SIZE_T`(%sp) + + cmpib,*= 0,$len,L\$abort + sub $inp,$out,$inp ; distance between $inp and $out + + $LD `0*$SZ`($key),$XX[0] + $LD `1*$SZ`($key),$YY + ldo `2*$SZ`($key),$key + + ldi 0xff,$mask + ldi 3,$dat0 + + ldo 1($XX[0]),$XX[0] ; warm up loop + and $mask,$XX[0],$XX[0] + $LDX $XX[0]($key),$TX[0] + addl $TX[0],$YY,$YY + cmpib,*>>= 6,$len,L\$oop1 ; is $len large enough to bother? + and $mask,$YY,$YY + + and,<> $out,$dat0,$rem ; is $out aligned? + b L\$alignedout + subi 4,$rem,$rem + sub $len,$rem,$len +___ +&foldedloop("L\$alignout",$rem); # process till $out is aligned + +$code.=<<___; +L\$alignedout ; $len is at least 4 here + and,<> $inp,$dat0,$acc ; is $inp aligned? + b L\$oop4 + sub $inp,$acc,$rem ; align $inp + + sh3addl $acc,%r0,$acc + subi 32,$acc,$acc + mtctl $acc,%cr11 ; load %sar with vshd align factor + ldwx $rem($out),$dat0 + ldo 4($rem),$rem +L\$oop4misalignedinp +___ +&unrolledloopbody(); +$code.=<<___; + $LDX $TY($key),$ix + ldwx $rem($out),$dat1 + ldo -4($len),$len + or $ix,$acc,$acc ; last piece, no need to dep + vshd $dat0,$dat1,$iy ; align data + copy $dat1,$dat0 + xor $iy,$acc,$acc + stw $acc,0($out) + cmpib,*<< 3,$len,L\$oop4misalignedinp + ldo 4($out),$out + cmpib,*= 0,$len,L\$done + nop + b L\$oop1 + nop + + .ALIGN 8 +L\$oop4 +___ +&unrolledloopbody(); +$code.=<<___; + $LDX $TY($key),$ix + ldwx $inp($out),$dat0 + ldo -4($len),$len + or $ix,$acc,$acc ; last piece, no need to dep + xor $dat0,$acc,$acc + stw $acc,0($out) + cmpib,*<< 3,$len,L\$oop4 + ldo 4($out),$out + cmpib,*= 0,$len,L\$done + nop +___ +&foldedloop("L\$oop1",$len); +$code.=<<___; +L\$done + $POP `-$FRAME-$SAVED_RP`(%sp),%r2 + ldo -1($XX[0]),$XX[0] ; chill out loop + sub $YY,$TX[0],$YY + and $mask,$XX[0],$XX[0] + and $mask,$YY,$YY + $ST $XX[0],`-2*$SZ`($key) + $ST $YY,`-1*$SZ`($key) + $POP `-$FRAME+1*$SIZE_T`(%sp),%r4 + $POP `-$FRAME+2*$SIZE_T`(%sp),%r5 + $POP `-$FRAME+3*$SIZE_T`(%sp),%r6 +L\$abort + bv (%r2) + .EXIT + $POPMB -$FRAME(%sp),%r3 + .PROCEND +___ + +$code.=<<___; + + .EXPORT RC4_set_key,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR + .ALIGN 8 +RC4_set_key + .PROC + .CALLINFO NO_CALLS + .ENTRY + $ST %r0,`0*$SZ`($key) + $ST %r0,`1*$SZ`($key) + ldo `2*$SZ`($key),$key + copy %r0,@XX[0] +L\$1st + $ST @XX[0],0($key) + ldo 1(@XX[0]),@XX[0] + bb,>= @XX[0],`31-8`,L\$1st ; @XX[0]<256 + ldo $SZ($key),$key + + ldo `-256*$SZ`($key),$key ; rewind $key + addl $len,$inp,$inp ; $inp to point at the end + sub %r0,$len,%r23 ; inverse index + copy %r0,@XX[0] + copy %r0,@XX[1] + ldi 0xff,$mask + +L\$2nd + $LDX @XX[0]($key),@TX[0] + ldbx %r23($inp),@TX[1] + addi,nuv 1,%r23,%r23 ; increment and conditional + sub %r0,$len,%r23 ; inverse index + addl @TX[0],@XX[1],@XX[1] + addl @TX[1],@XX[1],@XX[1] + and $mask,@XX[1],@XX[1] + $MKX @XX[0],$key,$TY + $LDX @XX[1]($key),@TX[1] + $MKX @XX[1],$key,$YY + ldo 1(@XX[0]),@XX[0] + $ST @TX[0],0($YY) + bb,>= @XX[0],`31-8`,L\$2nd ; @XX[0]<256 + $ST @TX[1],0($TY) + + bv,n (%r2) + .EXIT + nop + .PROCEND + + .EXPORT RC4_options,ENTRY + .ALIGN 8 +RC4_options + .PROC + .CALLINFO NO_CALLS + .ENTRY + blr %r0,%r28 + ldi 3,%r1 +L\$pic + andcm %r28,%r1,%r28 + bv (%r2) + .EXIT + ldo L\$opts-L\$pic(%r28),%r28 + .PROCEND + + .data + .ALIGN 8 +L\$opts + .STRINGZ "rc4(4x,`$SZ==1?"char":"int"`)" + .STRINGZ "RC4 for PA-RISC, CRYPTOGAMS by " +___ +$code =~ s/\`([^\`]*)\`/eval $1/gem; +$code =~ s/cmpib,\*/comib,/gm if ($SIZE_T==4); +$code =~ s/\bbv\b/bve/gm if ($SIZE_T==8); + +print $code; +close STDOUT; diff --git a/src/lib/libcrypto/rc4/asm/rc4-x86_64.pl b/src/lib/libcrypto/rc4/asm/rc4-x86_64.pl new file mode 100755 index 00000000000..2135b38ef82 --- /dev/null +++ b/src/lib/libcrypto/rc4/asm/rc4-x86_64.pl @@ -0,0 +1,544 @@ +#!/usr/bin/env perl +# +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== +# +# July 2004 +# +# 2.22x RC4 tune-up:-) It should be noted though that my hand [as in +# "hand-coded assembler"] doesn't stand for the whole improvement +# coefficient. It turned out that eliminating RC4_CHAR from config +# line results in ~40% improvement (yes, even for C implementation). +# Presumably it has everything to do with AMD cache architecture and +# RAW or whatever penalties. Once again! The module *requires* config +# line *without* RC4_CHAR! As for coding "secret," I bet on partial +# register arithmetics. For example instead of 'inc %r8; and $255,%r8' +# I simply 'inc %r8b'. Even though optimization manual discourages +# to operate on partial registers, it turned out to be the best bet. +# At least for AMD... How IA32E would perform remains to be seen... + +# November 2004 +# +# As was shown by Marc Bevand reordering of couple of load operations +# results in even higher performance gain of 3.3x:-) At least on +# Opteron... For reference, 1x in this case is RC4_CHAR C-code +# compiled with gcc 3.3.2, which performs at ~54MBps per 1GHz clock. +# Latter means that if you want to *estimate* what to expect from +# *your* Opteron, then multiply 54 by 3.3 and clock frequency in GHz. + +# November 2004 +# +# Intel P4 EM64T core was found to run the AMD64 code really slow... +# The only way to achieve comparable performance on P4 was to keep +# RC4_CHAR. Kind of ironic, huh? As it's apparently impossible to +# compose blended code, which would perform even within 30% marginal +# on either AMD and Intel platforms, I implement both cases. See +# rc4_skey.c for further details... + +# April 2005 +# +# P4 EM64T core appears to be "allergic" to 64-bit inc/dec. Replacing +# those with add/sub results in 50% performance improvement of folded +# loop... + +# May 2005 +# +# As was shown by Zou Nanhai loop unrolling can improve Intel EM64T +# performance by >30% [unlike P4 32-bit case that is]. But this is +# provided that loads are reordered even more aggressively! Both code +# pathes, AMD64 and EM64T, reorder loads in essentially same manner +# as my IA-64 implementation. On Opteron this resulted in modest 5% +# improvement [I had to test it], while final Intel P4 performance +# achieves respectful 432MBps on 2.8GHz processor now. For reference. +# If executed on Xeon, current RC4_CHAR code-path is 2.7x faster than +# RC4_INT code-path. While if executed on Opteron, it's only 25% +# slower than the RC4_INT one [meaning that if CPU µ-arch detection +# is not implemented, then this final RC4_CHAR code-path should be +# preferred, as it provides better *all-round* performance]. + +# March 2007 +# +# Intel Core2 was observed to perform poorly on both code paths:-( It +# apparently suffers from some kind of partial register stall, which +# occurs in 64-bit mode only [as virtually identical 32-bit loop was +# observed to outperform 64-bit one by almost 50%]. Adding two movzb to +# cloop1 boosts its performance by 80%! This loop appears to be optimal +# fit for Core2 and therefore the code was modified to skip cloop8 on +# this CPU. + +# May 2010 +# +# Intel Westmere was observed to perform suboptimally. Adding yet +# another movzb to cloop1 improved performance by almost 50%! Core2 +# performance is improved too, but nominally... + +# May 2011 +# +# The only code path that was not modified is P4-specific one. Non-P4 +# Intel code path optimization is heavily based on submission by Maxim +# Perminov, Maxim Locktyukhin and Jim Guilford of Intel. I've used +# some of the ideas even in attempt to optmize the original RC4_INT +# code path... Current performance in cycles per processed byte (less +# is better) and improvement coefficients relative to previous +# version of this module are: +# +# Opteron 5.3/+0%(*) +# P4 6.5 +# Core2 6.2/+15%(**) +# Westmere 4.2/+60% +# Sandy Bridge 4.2/+120% +# Atom 9.3/+80% +# +# (*) But corresponding loop has less instructions, which should have +# positive effect on upcoming Bulldozer, which has one less ALU. +# For reference, Intel code runs at 6.8 cpb rate on Opteron. +# (**) Note that Core2 result is ~15% lower than corresponding result +# for 32-bit code, meaning that it's possible to improve it, +# but more than likely at the cost of the others (see rc4-586.pl +# to get the idea)... + +$flavour = shift; +$output = shift; +if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or +die "can't locate x86_64-xlate.pl"; + +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; + +$dat="%rdi"; # arg1 +$len="%rsi"; # arg2 +$inp="%rdx"; # arg3 +$out="%rcx"; # arg4 + +{ +$code=<<___; +.text +.extern OPENSSL_ia32cap_P +.hidden OPENSSL_ia32cap_P + +.globl RC4 +.type RC4,\@function,4 +.align 16 +RC4: or $len,$len + jne .Lentry + ret +.Lentry: + push %rbx + push %r12 + push %r13 +.Lprologue: + mov $len,%r11 + mov $inp,%r12 + mov $out,%r13 +___ +my $len="%r11"; # reassign input arguments +my $inp="%r12"; +my $out="%r13"; + +my @XX=("%r10","%rsi"); +my @TX=("%rax","%rbx"); +my $YY="%rcx"; +my $TY="%rdx"; + +$code.=<<___; + xor $XX[0],$XX[0] + xor $YY,$YY + + lea 8($dat),$dat + mov -8($dat),$XX[0]#b + mov -4($dat),$YY#b + cmpl \$-1,256($dat) + je .LRC4_CHAR + mov OPENSSL_ia32cap_P(%rip),%r8d + xor $TX[1],$TX[1] + inc $XX[0]#b + sub $XX[0],$TX[1] + sub $inp,$out + movl ($dat,$XX[0],4),$TX[0]#d + test \$-16,$len + jz .Lloop1 + bt \$IA32CAP_BIT0_INTEL,%r8d # Intel CPU? + jc .Lintel + and \$7,$TX[1] + lea 1($XX[0]),$XX[1] + jz .Loop8 + sub $TX[1],$len +.Loop8_warmup: + add $TX[0]#b,$YY#b + movl ($dat,$YY,4),$TY#d + movl $TX[0]#d,($dat,$YY,4) + movl $TY#d,($dat,$XX[0],4) + add $TY#b,$TX[0]#b + inc $XX[0]#b + movl ($dat,$TX[0],4),$TY#d + movl ($dat,$XX[0],4),$TX[0]#d + xorb ($inp),$TY#b + movb $TY#b,($out,$inp) + lea 1($inp),$inp + dec $TX[1] + jnz .Loop8_warmup + + lea 1($XX[0]),$XX[1] + jmp .Loop8 +.align 16 +.Loop8: +___ +for ($i=0;$i<8;$i++) { +$code.=<<___ if ($i==7); + add \$8,$XX[1]#b +___ +$code.=<<___; + add $TX[0]#b,$YY#b + movl ($dat,$YY,4),$TY#d + movl $TX[0]#d,($dat,$YY,4) + movl `4*($i==7?-1:$i)`($dat,$XX[1],4),$TX[1]#d + ror \$8,%r8 # ror is redundant when $i=0 + movl $TY#d,4*$i($dat,$XX[0],4) + add $TX[0]#b,$TY#b + movb ($dat,$TY,4),%r8b +___ +push(@TX,shift(@TX)); #push(@XX,shift(@XX)); # "rotate" registers +} +$code.=<<___; + add \$8,$XX[0]#b + ror \$8,%r8 + sub \$8,$len + + xor ($inp),%r8 + mov %r8,($out,$inp) + lea 8($inp),$inp + + test \$-8,$len + jnz .Loop8 + cmp \$0,$len + jne .Lloop1 + jmp .Lexit + +.align 16 +.Lintel: + test \$-32,$len + jz .Lloop1 + and \$15,$TX[1] + jz .Loop16_is_hot + sub $TX[1],$len +.Loop16_warmup: + add $TX[0]#b,$YY#b + movl ($dat,$YY,4),$TY#d + movl $TX[0]#d,($dat,$YY,4) + movl $TY#d,($dat,$XX[0],4) + add $TY#b,$TX[0]#b + inc $XX[0]#b + movl ($dat,$TX[0],4),$TY#d + movl ($dat,$XX[0],4),$TX[0]#d + xorb ($inp),$TY#b + movb $TY#b,($out,$inp) + lea 1($inp),$inp + dec $TX[1] + jnz .Loop16_warmup + + mov $YY,$TX[1] + xor $YY,$YY + mov $TX[1]#b,$YY#b + +.Loop16_is_hot: + lea ($dat,$XX[0],4),$XX[1] +___ +sub RC4_loop { + my $i=shift; + my $j=$i<0?0:$i; + my $xmm="%xmm".($j&1); + + $code.=" add \$16,$XX[0]#b\n" if ($i==15); + $code.=" movdqu ($inp),%xmm2\n" if ($i==15); + $code.=" add $TX[0]#b,$YY#b\n" if ($i<=0); + $code.=" movl ($dat,$YY,4),$TY#d\n"; + $code.=" pxor %xmm0,%xmm2\n" if ($i==0); + $code.=" psllq \$8,%xmm1\n" if ($i==0); + $code.=" pxor $xmm,$xmm\n" if ($i<=1); + $code.=" movl $TX[0]#d,($dat,$YY,4)\n"; + $code.=" add $TY#b,$TX[0]#b\n"; + $code.=" movl `4*($j+1)`($XX[1]),$TX[1]#d\n" if ($i<15); + $code.=" movz $TX[0]#b,$TX[0]#d\n"; + $code.=" movl $TY#d,4*$j($XX[1])\n"; + $code.=" pxor %xmm1,%xmm2\n" if ($i==0); + $code.=" lea ($dat,$XX[0],4),$XX[1]\n" if ($i==15); + $code.=" add $TX[1]#b,$YY#b\n" if ($i<15); + $code.=" pinsrw \$`($j>>1)&7`,($dat,$TX[0],4),$xmm\n"; + $code.=" movdqu %xmm2,($out,$inp)\n" if ($i==0); + $code.=" lea 16($inp),$inp\n" if ($i==0); + $code.=" movl ($XX[1]),$TX[1]#d\n" if ($i==15); +} + RC4_loop(-1); +$code.=<<___; + jmp .Loop16_enter +.align 16 +.Loop16: +___ + +for ($i=0;$i<16;$i++) { + $code.=".Loop16_enter:\n" if ($i==1); + RC4_loop($i); + push(@TX,shift(@TX)); # "rotate" registers +} +$code.=<<___; + mov $YY,$TX[1] + xor $YY,$YY # keyword to partial register + sub \$16,$len + mov $TX[1]#b,$YY#b + test \$-16,$len + jnz .Loop16 + + psllq \$8,%xmm1 + pxor %xmm0,%xmm2 + pxor %xmm1,%xmm2 + movdqu %xmm2,($out,$inp) + lea 16($inp),$inp + + cmp \$0,$len + jne .Lloop1 + jmp .Lexit + +.align 16 +.Lloop1: + add $TX[0]#b,$YY#b + movl ($dat,$YY,4),$TY#d + movl $TX[0]#d,($dat,$YY,4) + movl $TY#d,($dat,$XX[0],4) + add $TY#b,$TX[0]#b + inc $XX[0]#b + movl ($dat,$TX[0],4),$TY#d + movl ($dat,$XX[0],4),$TX[0]#d + xorb ($inp),$TY#b + movb $TY#b,($out,$inp) + lea 1($inp),$inp + dec $len + jnz .Lloop1 + jmp .Lexit + +.align 16 +.LRC4_CHAR: + add \$1,$XX[0]#b + movzb ($dat,$XX[0]),$TX[0]#d + test \$-8,$len + jz .Lcloop1 + jmp .Lcloop8 +.align 16 +.Lcloop8: + mov ($inp),%r8d + mov 4($inp),%r9d +___ +# unroll 2x4-wise, because 64-bit rotates kill Intel P4... +for ($i=0;$i<4;$i++) { +$code.=<<___; + add $TX[0]#b,$YY#b + lea 1($XX[0]),$XX[1] + movzb ($dat,$YY),$TY#d + movzb $XX[1]#b,$XX[1]#d + movzb ($dat,$XX[1]),$TX[1]#d + movb $TX[0]#b,($dat,$YY) + cmp $XX[1],$YY + movb $TY#b,($dat,$XX[0]) + jne .Lcmov$i # Intel cmov is sloooow... + mov $TX[0],$TX[1] +.Lcmov$i: + add $TX[0]#b,$TY#b + xor ($dat,$TY),%r8b + ror \$8,%r8d +___ +push(@TX,shift(@TX)); push(@XX,shift(@XX)); # "rotate" registers +} +for ($i=4;$i<8;$i++) { +$code.=<<___; + add $TX[0]#b,$YY#b + lea 1($XX[0]),$XX[1] + movzb ($dat,$YY),$TY#d + movzb $XX[1]#b,$XX[1]#d + movzb ($dat,$XX[1]),$TX[1]#d + movb $TX[0]#b,($dat,$YY) + cmp $XX[1],$YY + movb $TY#b,($dat,$XX[0]) + jne .Lcmov$i # Intel cmov is sloooow... + mov $TX[0],$TX[1] +.Lcmov$i: + add $TX[0]#b,$TY#b + xor ($dat,$TY),%r9b + ror \$8,%r9d +___ +push(@TX,shift(@TX)); push(@XX,shift(@XX)); # "rotate" registers +} +$code.=<<___; + lea -8($len),$len + mov %r8d,($out) + lea 8($inp),$inp + mov %r9d,4($out) + lea 8($out),$out + + test \$-8,$len + jnz .Lcloop8 + cmp \$0,$len + jne .Lcloop1 + jmp .Lexit +___ +$code.=<<___; +.align 16 +.Lcloop1: + add $TX[0]#b,$YY#b + movzb $YY#b,$YY#d + movzb ($dat,$YY),$TY#d + movb $TX[0]#b,($dat,$YY) + movb $TY#b,($dat,$XX[0]) + add $TX[0]#b,$TY#b + add \$1,$XX[0]#b + movzb $TY#b,$TY#d + movzb $XX[0]#b,$XX[0]#d + movzb ($dat,$TY),$TY#d + movzb ($dat,$XX[0]),$TX[0]#d + xorb ($inp),$TY#b + lea 1($inp),$inp + movb $TY#b,($out) + lea 1($out),$out + sub \$1,$len + jnz .Lcloop1 + jmp .Lexit + +.align 16 +.Lexit: + sub \$1,$XX[0]#b + movl $XX[0]#d,-8($dat) + movl $YY#d,-4($dat) + + mov (%rsp),%r13 + mov 8(%rsp),%r12 + mov 16(%rsp),%rbx + add \$24,%rsp +.Lepilogue: + ret +.size RC4,.-RC4 +___ +} + +$idx="%r8"; +$ido="%r9"; + +$code.=<<___; +.globl RC4_set_key +.type RC4_set_key,\@function,3 +.align 16 +RC4_set_key: + lea 8($dat),$dat + lea ($inp,$len),$inp + neg $len + mov $len,%rcx + xor %eax,%eax + xor $ido,$ido + xor %r10,%r10 + xor %r11,%r11 + + mov OPENSSL_ia32cap_P(%rip),$idx#d + bt \$IA32CAP_BIT0_INTELP4,$idx#d # RC4_CHAR? + jc .Lc1stloop + jmp .Lw1stloop + +.align 16 +.Lw1stloop: + mov %eax,($dat,%rax,4) + add \$1,%al + jnc .Lw1stloop + + xor $ido,$ido + xor $idx,$idx +.align 16 +.Lw2ndloop: + mov ($dat,$ido,4),%r10d + add ($inp,$len,1),$idx#b + add %r10b,$idx#b + add \$1,$len + mov ($dat,$idx,4),%r11d + cmovz %rcx,$len + mov %r10d,($dat,$idx,4) + mov %r11d,($dat,$ido,4) + add \$1,$ido#b + jnc .Lw2ndloop + jmp .Lexit_key + +.align 16 +.Lc1stloop: + mov %al,($dat,%rax) + add \$1,%al + jnc .Lc1stloop + + xor $ido,$ido + xor $idx,$idx +.align 16 +.Lc2ndloop: + mov ($dat,$ido),%r10b + add ($inp,$len),$idx#b + add %r10b,$idx#b + add \$1,$len + mov ($dat,$idx),%r11b + jnz .Lcnowrap + mov %rcx,$len +.Lcnowrap: + mov %r10b,($dat,$idx) + mov %r11b,($dat,$ido) + add \$1,$ido#b + jnc .Lc2ndloop + movl \$-1,256($dat) + +.align 16 +.Lexit_key: + xor %eax,%eax + mov %eax,-8($dat) + mov %eax,-4($dat) + ret +.size RC4_set_key,.-RC4_set_key + +.globl RC4_options +.type RC4_options,\@abi-omnipotent +.align 16 +RC4_options: + lea .Lopts(%rip),%rax + mov OPENSSL_ia32cap_P(%rip),%edx + bt \$IA32CAP_BIT0_INTELP4,%edx + jc .L8xchar + bt \$IA32CAP_BIT0_INTEL,%edx + jnc .Ldone + add \$25,%rax + ret +.L8xchar: + add \$12,%rax +.Ldone: + ret +.align 64 +.Lopts: +.asciz "rc4(8x,int)" +.asciz "rc4(8x,char)" +.asciz "rc4(16x,int)" +.asciz "RC4 for x86_64, CRYPTOGAMS by " +.align 64 +.size RC4_options,.-RC4_options +___ + +sub reg_part { +my ($reg,$conv)=@_; + if ($reg =~ /%r[0-9]+/) { $reg .= $conv; } + elsif ($conv eq "b") { $reg =~ s/%[er]([^x]+)x?/%$1l/; } + elsif ($conv eq "w") { $reg =~ s/%[er](.+)/%$1/; } + elsif ($conv eq "d") { $reg =~ s/%[er](.+)/%e$1/; } + return $reg; +} + +$code =~ s/(%[a-z0-9]+)#([bwd])/reg_part($1,$2)/gem; +$code =~ s/\`([^\`]*)\`/eval $1/gem; + +print $code; + +close STDOUT; diff --git a/src/lib/libcrypto/rc4/rc4.c b/src/lib/libcrypto/rc4/rc4.c deleted file mode 100644 index c2165b0b759..00000000000 --- a/src/lib/libcrypto/rc4/rc4.c +++ /dev/null @@ -1,192 +0,0 @@ -/* crypto/rc4/rc4.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include -#include - -char *usage[]={ -"usage: rc4 args\n", -"\n", -" -in arg - input file - default stdin\n", -" -out arg - output file - default stdout\n", -" -key key - password\n", -NULL -}; - -int main(int argc, char *argv[]) - { - FILE *in=NULL,*out=NULL; - char *infile=NULL,*outfile=NULL,*keystr=NULL; - RC4_KEY key; - char buf[BUFSIZ]; - int badops=0,i; - char **pp; - unsigned char md[MD5_DIGEST_LENGTH]; - - argc--; - argv++; - while (argc >= 1) - { - if (strcmp(*argv,"-in") == 0) - { - if (--argc < 1) goto bad; - infile= *(++argv); - } - else if (strcmp(*argv,"-out") == 0) - { - if (--argc < 1) goto bad; - outfile= *(++argv); - } - else if (strcmp(*argv,"-key") == 0) - { - if (--argc < 1) goto bad; - keystr= *(++argv); - } - else - { - fprintf(stderr,"unknown option %s\n",*argv); - badops=1; - break; - } - argc--; - argv++; - } - - if (badops) - { -bad: - for (pp=usage; (*pp != NULL); pp++) - fprintf(stderr,"%s",*pp); - exit(1); - } - - if (infile == NULL) - in=stdin; - else - { - in=fopen(infile,"r"); - if (in == NULL) - { - perror("open"); - exit(1); - } - - } - if (outfile == NULL) - out=stdout; - else - { - out=fopen(outfile,"w"); - if (out == NULL) - { - perror("open"); - exit(1); - } - } - -#ifdef OPENSSL_SYS_MSDOS - /* This should set the file to binary mode. */ - { -#include - setmode(fileno(in),O_BINARY); - setmode(fileno(out),O_BINARY); - } -#endif - - if (keystr == NULL) - { /* get key */ - i=EVP_read_pw_string(buf,BUFSIZ,"Enter RC4 password:",0); - if (i != 0) - { - memset(buf,0,BUFSIZ); - fprintf(stderr,"bad password read\n"); - exit(1); - } - keystr=buf; - } - - EVP_Digest((unsigned char *)keystr,(unsigned long)strlen(keystr),md,NULL,EVP_md5()); - memset(keystr,0,strlen(keystr)); - RC4_set_key(&key,MD5_DIGEST_LENGTH,md); - - for(;;) - { - i=fread(buf,1,BUFSIZ,in); - if (i == 0) break; - if (i < 0) - { - perror("read"); - exit(1); - } - RC4(&key,(unsigned int)i,(unsigned char *)buf, - (unsigned char *)buf); - i=fwrite(buf,(unsigned int)i,1,out); - if (i != 1) - { - perror("write"); - exit(1); - } - } - fclose(out); - fclose(in); - exit(0); - return(1); - } - diff --git a/src/lib/libcrypto/rc4/rc4.h b/src/lib/libcrypto/rc4/rc4.h index 8722091f2ec..f59185ed33a 100644 --- a/src/lib/libcrypto/rc4/rc4.h +++ b/src/lib/libcrypto/rc4/rc4.h @@ -1,25 +1,25 @@ -/* crypto/rc4/rc4.h */ +/* $OpenBSD: rc4.h,v 1.13 2015/10/20 15:50:13 jsing Exp $ */ /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -59,27 +59,28 @@ #ifndef HEADER_RC4_H #define HEADER_RC4_H +#include /* OPENSSL_NO_RC4, RC4_INT */ + #ifdef OPENSSL_NO_RC4 #error RC4 is disabled. #endif -#include /* RC4_INT */ +#include #ifdef __cplusplus extern "C" { #endif -typedef struct rc4_key_st - { - RC4_INT x,y; +typedef struct rc4_key_st { + RC4_INT x, y; RC4_INT data[256]; - } RC4_KEY; +} RC4_KEY; - const char *RC4_options(void); void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); -void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, - unsigned char *outdata); +void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); +void RC4(RC4_KEY *key, size_t len, const unsigned char *indata, + unsigned char *outdata); #ifdef __cplusplus } diff --git a/src/lib/libcrypto/rc4/rc4_enc.c b/src/lib/libcrypto/rc4/rc4_enc.c index d5f18a3a707..bd928b58c99 100644 --- a/src/lib/libcrypto/rc4/rc4_enc.c +++ b/src/lib/libcrypto/rc4/rc4_enc.c @@ -1,25 +1,25 @@ -/* crypto/rc4/rc4_enc.c */ +/* $OpenBSD: rc4_enc.c,v 1.16 2017/08/13 17:46:24 bcook Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,13 +49,14 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ +#include #include #include "rc4_locl.h" @@ -67,16 +68,17 @@ * Date: Wed, 14 Sep 1994 06:35:31 GMT */ -void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, - unsigned char *outdata) - { - register RC4_INT *d; - register RC4_INT x,y,tx,ty; - int i; - - x=key->x; - y=key->y; - d=key->data; +void +RC4(RC4_KEY *key, size_t len, const unsigned char *indata, + unsigned char *outdata) +{ + RC4_INT *d; + RC4_INT x, y,tx, ty; + size_t i; + + x = key->x; + y = key->y; + d = key->data; #if defined(RC4_CHUNK) /* @@ -99,7 +101,7 @@ void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, * (**) i.e. according to 'apps/openssl speed rc4' benchmark, * crypto/rc4/rc4speed.c exhibits almost 70% speed-up... * - * Cavets. + * Caveats. * * - RC4_CHUNK="unsigned long long" should be a #1 choice for * UltraSPARC. Unfortunately gcc generates very slow code @@ -120,11 +122,9 @@ void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, (RC4_CHUNK)d[(tx+ty)&0xff]\ ) - if ( ( ((unsigned long)indata & (sizeof(RC4_CHUNK)-1)) | - ((unsigned long)outdata & (sizeof(RC4_CHUNK)-1)) ) == 0 ) - { - RC4_CHUNK ichunk,otp; - const union { long one; char little; } is_endian = {1}; + if ((((size_t)indata & (sizeof(RC4_CHUNK) - 1)) | + ((size_t)outdata & (sizeof(RC4_CHUNK) - 1))) == 0 ) { + RC4_CHUNK ichunk, otp; /* * I reckon we can afford to implement both endian @@ -132,14 +132,10 @@ void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, * because the machine code appears to be very compact * and redundant 1-2KB is perfectly tolerable (i.e. * in case the compiler fails to eliminate it:-). By - * suggestion from Terrel Larson - * who also stands for the is_endian union:-) + * suggestion from Terrel Larson . * * Special notes. * - * - is_endian is declared automatic as doing otherwise - * (declaring static) prevents gcc from eliminating - * the redundant code; * - compilers (those I've tried) don't seem to have * problems eliminating either the operators guarded * by "if (sizeof(RC4_CHUNK)==8)" or the condition @@ -150,117 +146,48 @@ void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, * before); * - in case you wonder "&(sizeof(RC4_CHUNK)*8-1)" in * [LB]ESHFT guards against "shift is out of range" - * warnings when sizeof(RC4_CHUNK)!=8 + * warnings when sizeof(RC4_CHUNK)!=8 * * */ - if (!is_endian.little) - { /* BIG-ENDIAN CASE */ +#if BYTE_ORDER == BIG_ENDIAN # define BESHFT(c) (((sizeof(RC4_CHUNK)-(c)-1)*8)&(sizeof(RC4_CHUNK)*8-1)) - for (;len&-sizeof(RC4_CHUNK);len-=sizeof(RC4_CHUNK)) - { - ichunk = *(RC4_CHUNK *)indata; - otp = RC4_STEP<x=x; - key->y=y; - return; + for (; len & (0 - sizeof(RC4_CHUNK)); len -= sizeof(RC4_CHUNK)) { + ichunk = *(RC4_CHUNK *)indata; + otp = RC4_STEP << BESHFT(0); + otp |= RC4_STEP << BESHFT(1); + otp |= RC4_STEP << BESHFT(2); + otp |= RC4_STEP << BESHFT(3); + if (sizeof(RC4_CHUNK) == 8) { + otp |= RC4_STEP << BESHFT(4); + otp |= RC4_STEP << BESHFT(5); + otp |= RC4_STEP << BESHFT(6); + otp |= RC4_STEP << BESHFT(7); } - else - { /* LITTLE-ENDIAN CASE */ + *(RC4_CHUNK *)outdata = otp^ichunk; + indata += sizeof(RC4_CHUNK); + outdata += sizeof(RC4_CHUNK); + } +#else # define LESHFT(c) (((c)*8)&(sizeof(RC4_CHUNK)*8-1)) - for (;len&-sizeof(RC4_CHUNK);len-=sizeof(RC4_CHUNK)) - { - ichunk = *(RC4_CHUNK *)indata; - otp = RC4_STEP; - otp |= RC4_STEP<<8; - otp |= RC4_STEP<<16; - otp |= RC4_STEP<<24; - if (sizeof(RC4_CHUNK)==8) - { - otp |= RC4_STEP<>= (sizeof(RC4_CHUNK)-len)<<3; - switch (len&(sizeof(RC4_CHUNK)-1)) - { - case 7: otp = RC4_STEP, i+=8; - case 6: otp |= RC4_STEP<x=x; - key->y=y; - return; + for (; len & (0 - sizeof(RC4_CHUNK)); len -= sizeof(RC4_CHUNK)) { + ichunk = *(RC4_CHUNK *)indata; + otp = RC4_STEP; + otp |= RC4_STEP << 8; + otp |= RC4_STEP << 16; + otp |= RC4_STEP << 24; + if (sizeof(RC4_CHUNK) == 8) { + otp |= RC4_STEP << LESHFT(4); + otp |= RC4_STEP << LESHFT(5); + otp |= RC4_STEP << LESHFT(6); + otp |= RC4_STEP << LESHFT(7); } + *(RC4_CHUNK *)outdata = otp ^ ichunk; + indata += sizeof(RC4_CHUNK); + outdata += sizeof(RC4_CHUNK); } +#endif + } #endif #define LOOP(in,out) \ x=((x+1)&0xff); \ @@ -276,40 +203,51 @@ void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, #define RC4_LOOP(a,b,i) LOOP(a[i],b[i]) #endif - i=(int)(len>>3L); - if (i) - { - for (;;) - { - RC4_LOOP(indata,outdata,0); - RC4_LOOP(indata,outdata,1); - RC4_LOOP(indata,outdata,2); - RC4_LOOP(indata,outdata,3); - RC4_LOOP(indata,outdata,4); - RC4_LOOP(indata,outdata,5); - RC4_LOOP(indata,outdata,6); - RC4_LOOP(indata,outdata,7); + i = len >> 3; + if (i) { + for (;;) { + RC4_LOOP(indata, outdata, 0); + RC4_LOOP(indata, outdata, 1); + RC4_LOOP(indata, outdata, 2); + RC4_LOOP(indata, outdata, 3); + RC4_LOOP(indata, outdata, 4); + RC4_LOOP(indata, outdata, 5); + RC4_LOOP(indata, outdata, 6); + RC4_LOOP(indata, outdata, 7); #ifdef RC4_INDEX - indata+=8; - outdata+=8; + indata += 8; + outdata += 8; #endif - if (--i == 0) break; - } + if (--i == 0) + break; + } + } + i = len&0x07; + if (i) { + for (;;) { + RC4_LOOP(indata, outdata, 0); + if (--i == 0) + break; + RC4_LOOP(indata, outdata, 1); + if (--i == 0) + break; + RC4_LOOP(indata, outdata, 2); + if (--i == 0) + break; + RC4_LOOP(indata, outdata, 3); + if (--i == 0) + break; + RC4_LOOP(indata, outdata, 4); + if (--i == 0) + break; + RC4_LOOP(indata, outdata, 5); + if (--i == 0) + break; + RC4_LOOP(indata, outdata, 6); + if (--i == 0) + break; } - i=(int)len&0x07; - if (i) - { - for (;;) - { - RC4_LOOP(indata,outdata,0); if (--i == 0) break; - RC4_LOOP(indata,outdata,1); if (--i == 0) break; - RC4_LOOP(indata,outdata,2); if (--i == 0) break; - RC4_LOOP(indata,outdata,3); if (--i == 0) break; - RC4_LOOP(indata,outdata,4); if (--i == 0) break; - RC4_LOOP(indata,outdata,5); if (--i == 0) break; - RC4_LOOP(indata,outdata,6); if (--i == 0) break; - } - } - key->x=x; - key->y=y; } + key->x = x; + key->y = y; +} diff --git a/src/lib/libcrypto/rc4/rc4_locl.h b/src/lib/libcrypto/rc4/rc4_locl.h index 3bb80b6ce9e..d2b08064a3b 100644 --- a/src/lib/libcrypto/rc4/rc4_locl.h +++ b/src/lib/libcrypto/rc4/rc4_locl.h @@ -1,4 +1,5 @@ +/* $OpenBSD: rc4_locl.h,v 1.4 2014/07/11 08:44:49 jsing Exp $ */ + #ifndef HEADER_RC4_LOCL_H #define HEADER_RC4_LOCL_H -#include #endif diff --git a/src/lib/libcrypto/rc4/rc4_skey.c b/src/lib/libcrypto/rc4/rc4_skey.c index bb10c1ebe28..861941fb4d6 100644 --- a/src/lib/libcrypto/rc4/rc4_skey.c +++ b/src/lib/libcrypto/rc4/rc4_skey.c @@ -1,25 +1,25 @@ -/* crypto/rc4/rc4_skey.c */ +/* $OpenBSD: rc4_skey.c,v 1.14 2015/10/20 15:50:13 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -60,10 +60,9 @@ #include "rc4_locl.h" #include -const char *RC4_version="RC4" OPENSSL_VERSION_PTEXT; - -const char *RC4_options(void) - { +const char * +RC4_options(void) +{ #ifdef RC4_INDEX if (sizeof(RC4_INT) == 1) return("rc4(idx,char)"); @@ -75,7 +74,7 @@ const char *RC4_options(void) else return("rc4(ptr,int)"); #endif - } +} /* RC4 as implemented from a posting from * Newsgroups: sci.crypt @@ -85,33 +84,32 @@ const char *RC4_options(void) * Date: Wed, 14 Sep 1994 06:35:31 GMT */ -void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data) - { - register RC4_INT tmp; - register int id1,id2; - register RC4_INT *d; - unsigned int i; - - d= &(key->data[0]); - for (i=0; i<256; i++) - d[i]=i; - key->x = 0; - key->y = 0; - id1=id2=0; +void +RC4_set_key(RC4_KEY *key, int len, const unsigned char *data) +{ + RC4_INT tmp; + int id1, id2; + RC4_INT *d; + unsigned int i; + + d = &(key->data[0]); + key->x = 0; + key->y = 0; + id1 = id2 = 0; -#define SK_LOOP(n) { \ +#define SK_LOOP(d,n) { \ tmp=d[(n)]; \ id2 = (data[id1] + tmp + id2) & 0xff; \ if (++id1 == len) id1=0; \ d[(n)]=d[id2]; \ d[id2]=tmp; } - for (i=0; i < 256; i+=4) - { - SK_LOOP(i+0); - SK_LOOP(i+1); - SK_LOOP(i+2); - SK_LOOP(i+3); - } + for (i = 0; i < 256; i++) + d[i] = i; + for (i = 0; i < 256; i += 4) { + SK_LOOP(d, i + 0); + SK_LOOP(d, i + 1); + SK_LOOP(d, i + 2); + SK_LOOP(d, i + 3); } - +} diff --git a/src/lib/libcrypto/rc4/rc4s.cpp b/src/lib/libcrypto/rc4/rc4s.cpp deleted file mode 100644 index 3814fde9972..00000000000 --- a/src/lib/libcrypto/rc4/rc4s.cpp +++ /dev/null @@ -1,73 +0,0 @@ -// -// gettsc.inl -// -// gives access to the Pentium's (secret) cycle counter -// -// This software was written by Leonard Janke (janke@unixg.ubc.ca) -// in 1996-7 and is entered, by him, into the public domain. - -#if defined(__WATCOMC__) -void GetTSC(unsigned long&); -#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax]; -#elif defined(__GNUC__) -inline -void GetTSC(unsigned long& tsc) -{ - asm volatile(".byte 15, 49\n\t" - : "=eax" (tsc) - : - : "%edx", "%eax"); -} -#elif defined(_MSC_VER) -inline -void GetTSC(unsigned long& tsc) -{ - unsigned long a; - __asm _emit 0fh - __asm _emit 31h - __asm mov a, eax; - tsc=a; -} -#endif - -#include -#include -#include - -void main(int argc,char *argv[]) - { - unsigned char buffer[1024]; - RC4_KEY ctx; - unsigned long s1,s2,e1,e2; - unsigned char k[16]; - unsigned long data[2]; - unsigned char iv[8]; - int i,num=64,numm; - int j=0; - - if (argc >= 2) - num=atoi(argv[1]); - - if (num == 0) num=256; - if (num > 1024-16) num=1024-16; - numm=num+8; - - for (j=0; j<6; j++) - { - for (i=0; i<10; i++) /**/ - { - RC4(&ctx,numm,buffer,buffer); - GetTSC(s1); - RC4(&ctx,numm,buffer,buffer); - GetTSC(e1); - GetTSC(s2); - RC4(&ctx,num,buffer,buffer); - GetTSC(e2); - RC4(&ctx,num,buffer,buffer); - } - - printf("RC4 (%d bytes) %d %d (%d) - 8 bytes\n",num, - e1-s1,e2-s2,(e1-s1)-(e2-s2)); - } - } - diff --git a/src/lib/libcrypto/rc4/rc4speed.c b/src/lib/libcrypto/rc4/rc4speed.c deleted file mode 100644 index ced98c52df9..00000000000 --- a/src/lib/libcrypto/rc4/rc4speed.c +++ /dev/null @@ -1,250 +0,0 @@ -/* crypto/rc4/rc4speed.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -/* 11-Sep-92 Andrew Daviel Support for Silicon Graphics IRIX added */ -/* 06-Apr-92 Luke Brennan Support for VMS and add extra signal calls */ - -#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX) -#define TIMES -#endif - -#include - -#include -#include OPENSSL_UNISTD_IO -OPENSSL_DECLARE_EXIT - -#include -#ifndef _IRIX -#include -#endif -#ifdef TIMES -#include -#include -#endif - -/* Depending on the VMS version, the tms structure is perhaps defined. - The __TMS macro will show if it was. If it wasn't defined, we should - undefine TIMES, since that tells the rest of the program how things - should be handled. -- Richard Levitte */ -#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS) -#undef TIMES -#endif - -#ifndef TIMES -#include -#endif - -#if defined(sun) || defined(__ultrix) -#define _POSIX_SOURCE -#include -#include -#endif - -#include - -/* The following if from times(3) man page. It may need to be changed */ -#ifndef HZ -#ifndef CLK_TCK -#define HZ 100.0 -#else /* CLK_TCK */ -#define HZ ((double)CLK_TCK) -#endif -#endif - -#define BUFSIZE ((long)1024) -long run=0; - -double Time_F(int s); -#ifdef SIGALRM -#if defined(__STDC__) || defined(sgi) || defined(_AIX) -#define SIGRETTYPE void -#else -#define SIGRETTYPE int -#endif - -SIGRETTYPE sig_done(int sig); -SIGRETTYPE sig_done(int sig) - { - signal(SIGALRM,sig_done); - run=0; -#ifdef LINT - sig=sig; -#endif - } -#endif - -#define START 0 -#define STOP 1 - -double Time_F(int s) - { - double ret; -#ifdef TIMES - static struct tms tstart,tend; - - if (s == START) - { - times(&tstart); - return(0); - } - else - { - times(&tend); - ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ; - return((ret == 0.0)?1e-6:ret); - } -#else /* !times() */ - static struct timeb tstart,tend; - long i; - - if (s == START) - { - ftime(&tstart); - return(0); - } - else - { - ftime(&tend); - i=(long)tend.millitm-(long)tstart.millitm; - ret=((double)(tend.time-tstart.time))+((double)i)/1e3; - return((ret == 0.0)?1e-6:ret); - } -#endif - } - -int main(int argc, char **argv) - { - long count; - static unsigned char buf[BUFSIZE]; - static unsigned char key[] ={ - 0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0, - 0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10, - }; - RC4_KEY sch; - double a,b,c,d; -#ifndef SIGALRM - long ca,cb,cc; -#endif - -#ifndef TIMES - printf("To get the most accurate results, try to run this\n"); - printf("program when this computer is idle.\n"); -#endif - -#ifndef SIGALRM - printf("First we calculate the approximate speed ...\n"); - RC4_set_key(&sch,16,key); - count=10; - do { - long i; - unsigned long data[2]; - - count*=2; - Time_F(START); - for (i=count; i; i--) - RC4(&sch,8,buf,buf); - d=Time_F(STOP); - } while (d < 3.0); - ca=count/512; - cc=count*8/BUFSIZE+1; - printf("Doing RC4_set_key %ld times\n",ca); -#define COND(d) (count != (d)) -#define COUNT(d) (d) -#else -#define COND(c) (run) -#define COUNT(d) (count) - signal(SIGALRM,sig_done); - printf("Doing RC4_set_key for 10 seconds\n"); - alarm(10); -#endif - - Time_F(START); - for (count=0,run=1; COND(ca); count+=4) - { - RC4_set_key(&sch,16,key); - RC4_set_key(&sch,16,key); - RC4_set_key(&sch,16,key); - RC4_set_key(&sch,16,key); - } - d=Time_F(STOP); - printf("%ld RC4_set_key's in %.2f seconds\n",count,d); - a=((double)COUNT(ca))/d; - -#ifdef SIGALRM - printf("Doing RC4 on %ld byte blocks for 10 seconds\n",BUFSIZE); - alarm(10); -#else - printf("Doing RC4 %ld times on %ld byte blocks\n",cc,BUFSIZE); -#endif - Time_F(START); - for (count=0,run=1; COND(cc); count++) - RC4(&sch,BUFSIZE,buf,buf); - d=Time_F(STOP); - printf("%ld RC4's of %ld byte blocks in %.2f second\n", - count,BUFSIZE,d); - c=((double)COUNT(cc)*BUFSIZE)/d; - - printf("RC4 set_key per sec = %12.2f (%9.3fuS)\n",a,1.0e6/a); - printf("RC4 bytes per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c); - exit(0); -#if defined(LINT) || defined(OPENSSL_SYS_MSDOS) - return(0); -#endif - } - diff --git a/src/lib/libcrypto/rc4/rc4test.c b/src/lib/libcrypto/rc4/rc4test.c deleted file mode 100644 index a28d457c8d5..00000000000 --- a/src/lib/libcrypto/rc4/rc4test.c +++ /dev/null @@ -1,201 +0,0 @@ -/* crypto/rc4/rc4test.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include - -#ifdef OPENSSL_NO_RC4 -int main(int argc, char *argv[]) -{ - printf("No RC4 support\n"); - return(0); -} -#else -#include - -static unsigned char keys[7][30]={ - {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef}, - {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef}, - {8,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}, - {4,0xef,0x01,0x23,0x45}, - {8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef}, - {4,0xef,0x01,0x23,0x45}, - }; - -static unsigned char data_len[7]={8,8,8,20,28,10}; -static unsigned char data[7][30]={ - {0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,0xff}, - {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff}, - {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff}, - {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0xff}, - {0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0, - 0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0, - 0x12,0x34,0x56,0x78,0x9A,0xBC,0xDE,0xF0, - 0x12,0x34,0x56,0x78,0xff}, - {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff}, - {0}, - }; - -static unsigned char output[7][30]={ - {0x75,0xb7,0x87,0x80,0x99,0xe0,0xc5,0x96,0x00}, - {0x74,0x94,0xc2,0xe7,0x10,0x4b,0x08,0x79,0x00}, - {0xde,0x18,0x89,0x41,0xa3,0x37,0x5d,0x3a,0x00}, - {0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf, - 0xbd,0x61,0x5a,0x11,0x62,0xe1,0xc7,0xba, - 0x36,0xb6,0x78,0x58,0x00}, - {0x66,0xa0,0x94,0x9f,0x8a,0xf7,0xd6,0x89, - 0x1f,0x7f,0x83,0x2b,0xa8,0x33,0xc0,0x0c, - 0x89,0x2e,0xbe,0x30,0x14,0x3c,0xe2,0x87, - 0x40,0x01,0x1e,0xcf,0x00}, - {0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf,0xbd,0x61,0x00}, - {0}, - }; - -int main(int argc, char *argv[]) - { - int i,err=0; - int j; - unsigned char *p; - RC4_KEY key; - unsigned char buf[512],obuf[512]; - - for (i=0; i<512; i++) buf[i]=0x01; - - for (i=0; i<6; i++) - { - RC4_set_key(&key,keys[i][0],&(keys[i][1])); - memset(obuf,0x00,sizeof(obuf)); - RC4(&key,data_len[i],&(data[i][0]),obuf); - if (memcmp(obuf,output[i],data_len[i]+1) != 0) - { - printf("error calculating RC4\n"); - printf("output:"); - for (j=0; j -Sender: sterndark@netcom.com -Organization: NETCOM On-line Communication Services (408 261-4700 guest) -X-Newsreader: TIN [version 1.2 PL1] -Date: Wed, 14 Sep 1994 06:35:31 GMT -Lines: 263 -Xref: ghost.dsi.unimi.it sci.crypt:27332 alt.security:14732 comp.security.misc:11701 alt.privacy:16026 - -I am shocked, shocked, I tell you, shocked, to discover -that the cypherpunks have illegaly and criminally revealed -a crucial RSA trade secret and harmed the security of -America by reverse engineering the RC4 algorithm and -publishing it to the world. - -On Saturday morning an anonymous cypherpunk wrote: - - - SUBJECT: RC4 Source Code - - - I've tested this. It is compatible with the RC4 object module - that comes in the various RSA toolkits. - - /* rc4.h */ - typedef struct rc4_key - { - unsigned char state[256]; - unsigned char x; - unsigned char y; - } rc4_key; - void prepare_key(unsigned char *key_data_ptr,int key_data_len, - rc4_key *key); - void rc4(unsigned char *buffer_ptr,int buffer_len,rc4_key * key); - - - /*rc4.c */ - #include "rc4.h" - static void swap_byte(unsigned char *a, unsigned char *b); - void prepare_key(unsigned char *key_data_ptr, int key_data_len, - rc4_key *key) - { - unsigned char swapByte; - unsigned char index1; - unsigned char index2; - unsigned char* state; - short counter; - - state = &key->state[0]; - for(counter = 0; counter < 256; counter++) - state[counter] = counter; - key->x = 0; - key->y = 0; - index1 = 0; - index2 = 0; - for(counter = 0; counter < 256; counter++) - { - index2 = (key_data_ptr[index1] + state[counter] + - index2) % 256; - swap_byte(&state[counter], &state[index2]); - - index1 = (index1 + 1) % key_data_len; - } - } - - void rc4(unsigned char *buffer_ptr, int buffer_len, rc4_key *key) - { - unsigned char x; - unsigned char y; - unsigned char* state; - unsigned char xorIndex; - short counter; - - x = key->x; - y = key->y; - - state = &key->state[0]; - for(counter = 0; counter < buffer_len; counter ++) - { - x = (x + 1) % 256; - y = (state[x] + y) % 256; - swap_byte(&state[x], &state[y]); - - xorIndex = (state[x] + state[y]) % 256; - - buffer_ptr[counter] ^= state[xorIndex]; - } - key->x = x; - key->y = y; - } - - static void swap_byte(unsigned char *a, unsigned char *b) - { - unsigned char swapByte; - - swapByte = *a; - *a = *b; - *b = swapByte; - } - - - -Another cypherpunk, this one not anonymous, tested the -output from this algorithm against the output from -official RC4 object code - - - Date: Tue, 13 Sep 94 18:37:56 PDT - From: ekr@eit.COM (Eric Rescorla) - Message-Id: <9409140137.AA17743@eitech.eit.com> - Subject: RC4 compatibility testing - Cc: cypherpunks@toad.com - - One data point: - - I can't say anything about the internals of RC4 versus the - algorithm that Bill Sommerfeld is rightly calling 'Alleged RC4', - since I don't know anything about RC4's internals. - - However, I do have a (legitimately acquired) copy of BSAFE2 and - so I'm able to compare the output of this algorithm to the output - of genuine RC4 as found in BSAFE. I chose a set of test vectors - and ran them through both algorithms. The algorithms appear to - give identical results, at least with these key/plaintext pairs. - - I note that this is the algorithm _without_ Hal Finney's - proposed modification - - (see <199409130605.XAA24133@jobe.shell.portal.com>). - - The vectors I used (together with the ciphertext they produce) - follow at the end of this message. - - -Ekr - - Disclaimer: This posting does not reflect the opinions of EIT. - - --------------------results follow-------------- - Test vector 0 - Key: 0x01 0x23 0x45 0x67 0x89 0xab 0xcd 0xef - Input: 0x01 0x23 0x45 0x67 0x89 0xab 0xcd 0xef - 0 Output: 0x75 0xb7 0x87 0x80 0x99 0xe0 0xc5 0x96 - - Test vector 1 - Key: 0x01 0x23 0x45 0x67 0x89 0xab 0xcd 0xef - Input: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 - 0 Output: 0x74 0x94 0xc2 0xe7 0x10 0x4b 0x08 0x79 - - Test vector 2 - Key: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 - Input: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 - 0 Output: 0xde 0x18 0x89 0x41 0xa3 0x37 0x5d 0x3a - - Test vector 3 - Key: 0xef 0x01 0x23 0x45 - Input: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 - 0 Output: 0xd6 0xa1 0x41 0xa7 0xec 0x3c 0x38 0xdf 0xbd 0x61 - - Test vector 4 - Key: 0x01 0x23 0x45 0x67 0x89 0xab 0xcd 0xef - Input: 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 - 0 Output: 0x75 0x95 0xc3 0xe6 0x11 0x4a 0x09 0x78 0x0c 0x4a 0xd4 - 0x52 0x33 0x8e 0x1f 0xfd 0x9a 0x1b 0xe9 0x49 0x8f - 0x81 0x3d 0x76 0x53 0x34 0x49 0xb6 0x77 0x8d 0xca - 0xd8 0xc7 0x8a 0x8d 0x2b 0xa9 0xac 0x66 0x08 0x5d - 0x0e 0x53 0xd5 0x9c 0x26 0xc2 0xd1 0xc4 0x90 0xc1 - 0xeb 0xbe 0x0c 0xe6 0x6d 0x1b 0x6b 0x1b 0x13 0xb6 - 0xb9 0x19 0xb8 0x47 0xc2 0x5a 0x91 0x44 0x7a 0x95 - 0xe7 0x5e 0x4e 0xf1 0x67 0x79 0xcd 0xe8 0xbf 0x0a - 0x95 0x85 0x0e 0x32 0xaf 0x96 0x89 0x44 0x4f 0xd3 - 0x77 0x10 0x8f 0x98 0xfd 0xcb 0xd4 0xe7 0x26 0x56 - 0x75 0x00 0x99 0x0b 0xcc 0x7e 0x0c 0xa3 0xc4 0xaa - 0xa3 0x04 0xa3 0x87 0xd2 0x0f 0x3b 0x8f 0xbb 0xcd - 0x42 0xa1 0xbd 0x31 0x1d 0x7a 0x43 0x03 0xdd 0xa5 - 0xab 0x07 0x88 0x96 0xae 0x80 0xc1 0x8b 0x0a 0xf6 - 0x6d 0xff 0x31 0x96 0x16 0xeb 0x78 0x4e 0x49 0x5a - 0xd2 0xce 0x90 0xd7 0xf7 0x72 0xa8 0x17 0x47 0xb6 - 0x5f 0x62 0x09 0x3b 0x1e 0x0d 0xb9 0xe5 0xba 0x53 - 0x2f 0xaf 0xec 0x47 0x50 0x83 0x23 0xe6 0x71 0x32 - 0x7d 0xf9 0x44 0x44 0x32 0xcb 0x73 0x67 0xce 0xc8 - 0x2f 0x5d 0x44 0xc0 0xd0 0x0b 0x67 0xd6 0x50 0xa0 - 0x75 0xcd 0x4b 0x70 0xde 0xdd 0x77 0xeb 0x9b 0x10 - 0x23 0x1b 0x6b 0x5b 0x74 0x13 0x47 0x39 0x6d 0x62 - 0x89 0x74 0x21 0xd4 0x3d 0xf9 0xb4 0x2e 0x44 0x6e - 0x35 0x8e 0x9c 0x11 0xa9 0xb2 0x18 0x4e 0xcb 0xef - 0x0c 0xd8 0xe7 0xa8 0x77 0xef 0x96 0x8f 0x13 0x90 - 0xec 0x9b 0x3d 0x35 0xa5 0x58 0x5c 0xb0 0x09 0x29 - 0x0e 0x2f 0xcd 0xe7 0xb5 0xec 0x66 0xd9 0x08 0x4b - 0xe4 0x40 0x55 0xa6 0x19 0xd9 0xdd 0x7f 0xc3 0x16 - 0x6f 0x94 0x87 0xf7 0xcb 0x27 0x29 0x12 0x42 0x64 - 0x45 0x99 0x85 0x14 0xc1 0x5d 0x53 0xa1 0x8c 0x86 - 0x4c 0xe3 0xa2 0xb7 0x55 0x57 0x93 0x98 0x81 0x26 - 0x52 0x0e 0xac 0xf2 0xe3 0x06 0x6e 0x23 0x0c 0x91 - 0xbe 0xe4 0xdd 0x53 0x04 0xf5 0xfd 0x04 0x05 0xb3 - 0x5b 0xd9 0x9c 0x73 0x13 0x5d 0x3d 0x9b 0xc3 0x35 - 0xee 0x04 0x9e 0xf6 0x9b 0x38 0x67 0xbf 0x2d 0x7b - 0xd1 0xea 0xa5 0x95 0xd8 0xbf 0xc0 0x06 0x6f 0xf8 - 0xd3 0x15 0x09 0xeb 0x0c 0x6c 0xaa 0x00 0x6c 0x80 - 0x7a 0x62 0x3e 0xf8 0x4c 0x3d 0x33 0xc1 0x95 0xd2 - 0x3e 0xe3 0x20 0xc4 0x0d 0xe0 0x55 0x81 0x57 0xc8 - 0x22 0xd4 0xb8 0xc5 0x69 0xd8 0x49 0xae 0xd5 0x9d - 0x4e 0x0f 0xd7 0xf3 0x79 0x58 0x6b 0x4b 0x7f 0xf6 - 0x84 0xed 0x6a 0x18 0x9f 0x74 0x86 0xd4 0x9b 0x9c - 0x4b 0xad 0x9b 0xa2 0x4b 0x96 0xab 0xf9 0x24 0x37 - 0x2c 0x8a 0x8f 0xff 0xb1 0x0d 0x55 0x35 0x49 0x00 - 0xa7 0x7a 0x3d 0xb5 0xf2 0x05 0xe1 0xb9 0x9f 0xcd - 0x86 0x60 0x86 0x3a 0x15 0x9a 0xd4 0xab 0xe4 0x0f - 0xa4 0x89 0x34 0x16 0x3d 0xdd 0xe5 0x42 0xa6 0x58 - 0x55 0x40 0xfd 0x68 0x3c 0xbf 0xd8 0xc0 0x0f 0x12 - 0x12 0x9a 0x28 0x4d 0xea 0xcc 0x4c 0xde 0xfe 0x58 - 0xbe 0x71 0x37 0x54 0x1c 0x04 0x71 0x26 0xc8 0xd4 - 0x9e 0x27 0x55 0xab 0x18 0x1a 0xb7 0xe9 0x40 0xb0 - 0xc0 - - - --- - --------------------------------------------------------------------- -We have the right to defend ourselves and our -property, because of the kind of animals that we James A. Donald -are. True law derives from this right, not from -the arbitrary power of the omnipotent state. jamesd@netcom.com - - diff --git a/src/lib/libcrypto/rc5/Makefile.ssl b/src/lib/libcrypto/rc5/Makefile.ssl deleted file mode 100644 index 01d08c7d434..00000000000 --- a/src/lib/libcrypto/rc5/Makefile.ssl +++ /dev/null @@ -1,113 +0,0 @@ -# -# SSLeay/crypto/rc5/Makefile -# - -DIR= rc5 -TOP= ../.. -CC= cc -CPP= $(CC) -E -INCLUDES= -CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKE= make -f Makefile.ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) -MAKEFILE= Makefile.ssl -AR= ar r - -RC5_ENC= rc5_enc.o -# or use -#DES_ENC= r586-elf.o - -CFLAGS= $(INCLUDES) $(CFLAG) - -GENERAL=Makefile -TEST=rc5test.c -APPS= - -LIB=$(TOP)/libcrypto.a -LIBSRC=rc5_skey.c rc5_ecb.c rc5_enc.c rc5cfb64.c rc5ofb64.c -LIBOBJ=rc5_skey.o rc5_ecb.o $(RC5_ENC) rc5cfb64.o rc5ofb64.o - -SRC= $(LIBSRC) - -EXHEADER= rc5.h -HEADER= rc5_locl.h $(EXHEADER) - -ALL= $(GENERAL) $(SRC) $(HEADER) - -top: - (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) - -all: lib - -lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) || echo Never mind. - @touch lib - -# elf -asm/r586-elf.o: asm/r586unix.cpp - $(CPP) -DELF -x c asm/r586unix.cpp | as -o asm/r586-elf.o - -# solaris -asm/r586-sol.o: asm/r586unix.cpp - $(CC) -E -DSOL asm/r586unix.cpp | sed 's/^#.*//' > asm/r586-sol.s - as -o asm/r586-sol.o asm/r586-sol.s - rm -f asm/r586-sol.s - -# a.out -asm/r586-out.o: asm/r586unix.cpp - $(CPP) -DOUT asm/r586unix.cpp | as -o asm/r586-out.o - -# bsdi -asm/r586bsdi.o: asm/r586unix.cpp - $(CPP) -DBSDI asm/r586unix.cpp | sed 's/ :/:/' | as -o asm/r586bsdi.o - -asm/r586unix.cpp: asm/rc5-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl - (cd asm; $(PERL) rc5-586.pl cpp >r586unix.cpp) - -files: - $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO - -links: - @sh $(TOP)/util/point.sh Makefile.ssl Makefile - @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) - @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) - @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) - -install: - @for i in $(EXHEADER) ; \ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; - -tags: - ctags $(SRC) - -tests: - -lint: - lint -DLINT $(INCLUDES) $(SRC)>fluff - -depend: - $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) - -dclean: - $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new - mv -f Makefile.new $(MAKEFILE) - -clean: - rm -f asm/r586unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff - -# DO NOT DELETE THIS LINE -- make depend depends on it. - -rc5_ecb.o: ../../include/openssl/opensslv.h ../../include/openssl/rc5.h -rc5_ecb.o: rc5_ecb.c rc5_locl.h -rc5_enc.o: ../../include/openssl/rc5.h rc5_enc.c rc5_locl.h -rc5_skey.o: ../../include/openssl/rc5.h rc5_locl.h rc5_skey.c -rc5cfb64.o: ../../include/openssl/rc5.h rc5_locl.h rc5cfb64.c -rc5ofb64.o: ../../include/openssl/rc5.h rc5_locl.h rc5ofb64.c diff --git a/src/lib/libcrypto/rc5/asm/rc5-586.pl b/src/lib/libcrypto/rc5/asm/rc5-586.pl deleted file mode 100644 index edff1d1e64a..00000000000 --- a/src/lib/libcrypto/rc5/asm/rc5-586.pl +++ /dev/null @@ -1,109 +0,0 @@ -#!/usr/local/bin/perl - -push(@INC,"perlasm","../../perlasm"); -require "x86asm.pl"; -require "cbc.pl"; - -&asm_init($ARGV[0],"rc5-586.pl"); - -$RC5_MAX_ROUNDS=16; -$RC5_32_OFF=($RC5_MAX_ROUNDS+2)*4; -$A="edi"; -$B="esi"; -$S="ebp"; -$tmp1="eax"; -$r="ebx"; -$tmpc="ecx"; -$tmp4="edx"; - -&RC5_32_encrypt("RC5_32_encrypt",1); -&RC5_32_encrypt("RC5_32_decrypt",0); -&cbc("RC5_32_cbc_encrypt","RC5_32_encrypt","RC5_32_decrypt",0,4,5,3,-1,-1); -&asm_finish(); - -sub RC5_32_encrypt - { - local($name,$enc)=@_; - - &function_begin_B($name,""); - - &comment(""); - - &push("ebp"); - &push("esi"); - &push("edi"); - &mov($tmp4,&wparam(0)); - &mov($S,&wparam(1)); - - &comment("Load the 2 words"); - &mov($A,&DWP(0,$tmp4,"",0)); - &mov($B,&DWP(4,$tmp4,"",0)); - - &push($r); - &mov($r, &DWP(0,$S,"",0)); - - # encrypting part - - if ($enc) - { - &add($A, &DWP(4+0,$S,"",0)); - &add($B, &DWP(4+4,$S,"",0)); - - for ($i=0; $i<$RC5_MAX_ROUNDS; $i++) - { - &xor($A, $B); - &mov($tmp1, &DWP(12+$i*8,$S,"",0)); - &mov($tmpc, $B); - &rotl($A, &LB("ecx")); - &add($A, $tmp1); - - &xor($B, $A); - &mov($tmp1, &DWP(16+$i*8,$S,"",0)); - &mov($tmpc, $A); - &rotl($B, &LB("ecx")); - &add($B, $tmp1); - if (($i == 7) || ($i == 11)) - { - &cmp($r, $i+1); - &je(&label("rc5_exit")); - } - } - } - else - { - &cmp($r, 12); - &je(&label("rc5_dec_12")); - &cmp($r, 8); - &je(&label("rc5_dec_8")); - for ($i=$RC5_MAX_ROUNDS; $i > 0; $i--) - { - &set_label("rc5_dec_$i") if ($i == 12) || ($i == 8); - &mov($tmp1, &DWP($i*8+8,$S,"",0)); - &sub($B, $tmp1); - &mov($tmpc, $A); - &rotr($B, &LB("ecx")); - &xor($B, $A); - - &mov($tmp1, &DWP($i*8+4,$S,"",0)); - &sub($A, $tmp1); - &mov($tmpc, $B); - &rotr($A, &LB("ecx")); - &xor($A, $B); - } - &sub($B, &DWP(4+4,$S,"",0)); - &sub($A, &DWP(4+0,$S,"",0)); - } - - &set_label("rc5_exit"); - &mov(&DWP(0,$tmp4,"",0),$A); - &mov(&DWP(4,$tmp4,"",0),$B); - - &pop("ebx"); - &pop("edi"); - &pop("esi"); - &pop("ebp"); - &ret(); - &function_end_B($name); - } - - diff --git a/src/lib/libcrypto/rc5/rc5.h b/src/lib/libcrypto/rc5/rc5.h deleted file mode 100644 index 4adfd2db5ab..00000000000 --- a/src/lib/libcrypto/rc5/rc5.h +++ /dev/null @@ -1,116 +0,0 @@ -/* crypto/rc5/rc5.h */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#ifndef HEADER_RC5_H -#define HEADER_RC5_H - -#ifdef __cplusplus -extern "C" { -#endif - -#ifdef OPENSSL_NO_RC5 -#error RC5 is disabled. -#endif - -#define RC5_ENCRYPT 1 -#define RC5_DECRYPT 0 - -/* 32 bit. For Alpha, things may get weird */ -#define RC5_32_INT unsigned long - -#define RC5_32_BLOCK 8 -#define RC5_32_KEY_LENGTH 16 /* This is a default, max is 255 */ - -/* This are the only values supported. Tweak the code if you want more - * The most supported modes will be - * RC5-32/12/16 - * RC5-32/16/8 - */ -#define RC5_8_ROUNDS 8 -#define RC5_12_ROUNDS 12 -#define RC5_16_ROUNDS 16 - -typedef struct rc5_key_st - { - /* Number of rounds */ - int rounds; - RC5_32_INT data[2*(RC5_16_ROUNDS+1)]; - } RC5_32_KEY; - - -void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data, - int rounds); -void RC5_32_ecb_encrypt(const unsigned char *in,unsigned char *out,RC5_32_KEY *key, - int enc); -void RC5_32_encrypt(unsigned long *data,RC5_32_KEY *key); -void RC5_32_decrypt(unsigned long *data,RC5_32_KEY *key); -void RC5_32_cbc_encrypt(const unsigned char *in, unsigned char *out, - long length, RC5_32_KEY *ks, unsigned char *iv, - int enc); -void RC5_32_cfb64_encrypt(const unsigned char *in, unsigned char *out, - long length, RC5_32_KEY *schedule, - unsigned char *ivec, int *num, int enc); -void RC5_32_ofb64_encrypt(const unsigned char *in, unsigned char *out, - long length, RC5_32_KEY *schedule, - unsigned char *ivec, int *num); - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/src/lib/libcrypto/rijndael/Makefile.ssl b/src/lib/libcrypto/rijndael/Makefile.ssl deleted file mode 100644 index 7f57f174fd6..00000000000 --- a/src/lib/libcrypto/rijndael/Makefile.ssl +++ /dev/null @@ -1,89 +0,0 @@ -# -# crypto/rijndael/Makefile -# - -DIR= rijndael -TOP= ../.. -CC= cc -CPP= $(CC) -E -INCLUDES= -CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKE= make -f Makefile.ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) -MAKEFILE= Makefile.ssl -AR= ar r - -RD_ENC= rd_enc.o -# or use -#DES_ENC= bx86-elf.o - -# CFLAGS= -mpentiumpro $(INCLUDES) $(CFLAG) -O3 -fexpensive-optimizations -funroll-loops -fforce-addr -CFLAGS= $(INCLUDES) $(CFLAG) - -GENERAL=Makefile -TEST= -APPS= - -LIB=$(TOP)/libcrypto.a -LIBSRC=rd_fst.c -LIBOBJ=rd_fst.o - -SRC= $(LIBSRC) - -EXHEADER=rd_fst.h rijndael.h - -top: - (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) - -all: lib - -lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) - @touch lib - -$(LIBOBJ): $(LIBSRC) - -files: - $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO - -links: - @sh $(TOP)/util/point.sh Makefile.ssl Makefile - @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) - @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) - @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) - -install: installs - -installs: - @for i in $(EXHEADER) ; \ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; - -tags: - ctags $(SRC) - -tests: - -lint: - lint -DLINT $(INCLUDES) $(SRC)>fluff - -depend: - $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) - -dclean: - $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new - mv -f Makefile.new $(MAKEFILE) - -clean: - rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff - -# DO NOT DELETE THIS LINE -- make depend depends on it. - -rd_fst.o: rd_fst.c rd_fst.h diff --git a/src/lib/libcrypto/rijndael/README b/src/lib/libcrypto/rijndael/README deleted file mode 100644 index 1118ccbad88..00000000000 --- a/src/lib/libcrypto/rijndael/README +++ /dev/null @@ -1,80 +0,0 @@ -Optimised ANSI C code for the Rijndael cipher (now AES) - -Authors: - Vincent Rijmen - Antoon Bosselaers - Paulo Barreto - -All code contained in this distributed is placed in the public domain. - -======================================================================== - -Disclaimer: - -THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS -OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE -LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, -WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE -OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, -EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -======================================================================== - -Acknowledgements: - -We are deeply indebted to the following people for their bug reports, -fixes, and improvement suggestions to the API implementation. Though we -tried to list all contributions, we apologise in advance for any -missing reference: - -Andrew Bales -Markus Friedl -John Skodon - -======================================================================== - -Description: - -This optimised implementation of Rijndael is noticeably faster than the -previous versions on Intel processors under Win32 w/ MSVC 6.0. On the -same processor under Linux w/ gcc-2.95.2, the key setup is also -considerably faster, but normal encryption/decryption is only marginally -faster. - -To enable full loop unrolling for encryption/decryption, define the -conditional compilation directive FULL_UNROLL. This may help increase -performance or not, depending on the platform. - -To compute the intermediate value tests, define the conditional -compilation directive INTERMEDIATE_VALUE_KAT. It may be worthwhile to -define the TRACE_KAT_MCT directive too, which provides useful progress -information during the generation of the KAT and MCT sets. - -======================================================================== - -Contents: - -README This file -rijndael-alg-fst.c The algorithm implementation. -rijndael-alg-fst.h The corresponding header file. -rijndael-api-fst.c NIST's implementation. -rijndael-api-fst.h The corresponding header file. -rijndael-test-fst.c A simple program to generate test vectors. -table.128 Data for the table tests and 128-bit keys. -table.192 Data for the table tests and 192-bit keys. -table.256 Data for the table tests and 256-bit keys. -fips-test-vectors.txt Key schedule and ciphertext intermediate values - (reduced set proposed for FIPS inclusion). -Makefile A sample makefile; may need some changes, - depending on the C compiler used. - -N.B. Both the API implementation and the provisional reduced set of -test vectors are likely to change, according to NIST's final decision -regarding modes of operation and the FIPS contents. They are therefore -marked as "version 2.9" rather than "version 3.0". - diff --git a/src/lib/libcrypto/rijndael/rd_fst.c b/src/lib/libcrypto/rijndael/rd_fst.c deleted file mode 100644 index f1597288f03..00000000000 --- a/src/lib/libcrypto/rijndael/rd_fst.c +++ /dev/null @@ -1,1400 +0,0 @@ -/** - * rijndael-alg-fst.c - * - * @version 3.0 (December 2000) - * - * Optimised ANSI C code for the Rijndael cipher (now AES) - * - * @author Vincent Rijmen - * @author Antoon Bosselaers - * @author Paulo Barreto - * - * This code is hereby placed in the public domain. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS - * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED - * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR - * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE - * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, - * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#include -#include - -#include "rd_fst.h" - -/* -Te0[x] = S [x].[02, 01, 01, 03]; -Te1[x] = S [x].[03, 02, 01, 01]; -Te2[x] = S [x].[01, 03, 02, 01]; -Te3[x] = S [x].[01, 01, 03, 02]; -Te4[x] = S [x].[01, 01, 01, 01]; - -Td0[x] = Si[x].[0e, 09, 0d, 0b]; -Td1[x] = Si[x].[0b, 0e, 09, 0d]; -Td2[x] = Si[x].[0d, 0b, 0e, 09]; -Td3[x] = Si[x].[09, 0d, 0b, 0e]; -Td4[x] = Si[x].[01, 01, 01, 01]; -*/ - -static const u32 Te0[256] = { - 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU, - 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U, - 0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU, - 0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU, - 0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U, - 0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU, - 0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU, - 0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU, - 0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU, - 0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU, - 0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U, - 0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU, - 0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU, - 0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U, - 0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU, - 0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU, - 0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU, - 0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU, - 0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU, - 0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U, - 0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU, - 0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU, - 0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU, - 0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU, - 0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U, - 0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U, - 0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U, - 0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U, - 0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU, - 0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U, - 0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U, - 0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU, - 0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU, - 0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U, - 0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U, - 0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U, - 0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU, - 0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U, - 0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU, - 0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U, - 0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU, - 0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U, - 0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U, - 0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU, - 0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U, - 0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U, - 0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U, - 0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U, - 0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U, - 0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U, - 0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U, - 0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U, - 0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU, - 0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U, - 0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U, - 0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U, - 0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U, - 0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U, - 0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U, - 0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU, - 0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U, - 0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U, - 0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U, - 0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU, -}; -static const u32 Te1[256] = { - 0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU, - 0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U, - 0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU, - 0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U, - 0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU, - 0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U, - 0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU, - 0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U, - 0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U, - 0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU, - 0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U, - 0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U, - 0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U, - 0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU, - 0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U, - 0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U, - 0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU, - 0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U, - 0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U, - 0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U, - 0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU, - 0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU, - 0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U, - 0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU, - 0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU, - 0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U, - 0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU, - 0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U, - 0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU, - 0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U, - 0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U, - 0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U, - 0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU, - 0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U, - 0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU, - 0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U, - 0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU, - 0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U, - 0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U, - 0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU, - 0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU, - 0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU, - 0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U, - 0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U, - 0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU, - 0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U, - 0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU, - 0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U, - 0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU, - 0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U, - 0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU, - 0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU, - 0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U, - 0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU, - 0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U, - 0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU, - 0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U, - 0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U, - 0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U, - 0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU, - 0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU, - 0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U, - 0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU, - 0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U, -}; -static const u32 Te2[256] = { - 0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU, - 0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U, - 0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU, - 0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U, - 0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU, - 0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U, - 0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU, - 0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U, - 0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U, - 0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU, - 0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U, - 0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U, - 0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U, - 0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU, - 0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U, - 0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U, - 0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU, - 0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U, - 0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U, - 0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U, - 0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU, - 0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU, - 0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U, - 0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU, - 0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU, - 0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U, - 0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU, - 0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U, - 0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU, - 0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U, - 0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U, - 0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U, - 0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU, - 0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U, - 0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU, - 0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U, - 0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU, - 0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U, - 0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U, - 0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU, - 0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU, - 0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU, - 0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U, - 0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U, - 0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU, - 0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U, - 0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU, - 0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U, - 0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU, - 0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U, - 0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU, - 0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU, - 0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U, - 0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU, - 0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U, - 0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU, - 0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U, - 0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U, - 0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U, - 0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU, - 0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU, - 0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U, - 0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU, - 0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U, -}; -static const u32 Te3[256] = { - - 0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U, - 0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U, - 0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U, - 0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU, - 0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU, - 0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU, - 0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U, - 0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU, - 0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU, - 0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U, - 0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U, - 0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU, - 0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU, - 0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU, - 0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU, - 0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU, - 0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U, - 0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU, - 0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU, - 0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U, - 0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U, - 0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U, - 0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U, - 0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U, - 0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU, - 0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U, - 0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU, - 0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU, - 0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U, - 0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U, - 0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U, - 0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU, - 0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U, - 0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU, - 0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU, - 0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U, - 0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U, - 0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU, - 0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U, - 0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU, - 0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U, - 0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U, - 0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U, - 0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U, - 0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU, - 0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U, - 0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU, - 0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U, - 0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU, - 0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U, - 0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU, - 0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU, - 0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU, - 0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU, - 0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U, - 0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U, - 0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U, - 0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U, - 0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U, - 0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U, - 0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU, - 0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U, - 0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU, - 0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU, -}; -static const u32 Te4[256] = { - 0x63636363U, 0x7c7c7c7cU, 0x77777777U, 0x7b7b7b7bU, - 0xf2f2f2f2U, 0x6b6b6b6bU, 0x6f6f6f6fU, 0xc5c5c5c5U, - 0x30303030U, 0x01010101U, 0x67676767U, 0x2b2b2b2bU, - 0xfefefefeU, 0xd7d7d7d7U, 0xababababU, 0x76767676U, - 0xcacacacaU, 0x82828282U, 0xc9c9c9c9U, 0x7d7d7d7dU, - 0xfafafafaU, 0x59595959U, 0x47474747U, 0xf0f0f0f0U, - 0xadadadadU, 0xd4d4d4d4U, 0xa2a2a2a2U, 0xafafafafU, - 0x9c9c9c9cU, 0xa4a4a4a4U, 0x72727272U, 0xc0c0c0c0U, - 0xb7b7b7b7U, 0xfdfdfdfdU, 0x93939393U, 0x26262626U, - 0x36363636U, 0x3f3f3f3fU, 0xf7f7f7f7U, 0xccccccccU, - 0x34343434U, 0xa5a5a5a5U, 0xe5e5e5e5U, 0xf1f1f1f1U, - 0x71717171U, 0xd8d8d8d8U, 0x31313131U, 0x15151515U, - 0x04040404U, 0xc7c7c7c7U, 0x23232323U, 0xc3c3c3c3U, - 0x18181818U, 0x96969696U, 0x05050505U, 0x9a9a9a9aU, - 0x07070707U, 0x12121212U, 0x80808080U, 0xe2e2e2e2U, - 0xebebebebU, 0x27272727U, 0xb2b2b2b2U, 0x75757575U, - 0x09090909U, 0x83838383U, 0x2c2c2c2cU, 0x1a1a1a1aU, - 0x1b1b1b1bU, 0x6e6e6e6eU, 0x5a5a5a5aU, 0xa0a0a0a0U, - 0x52525252U, 0x3b3b3b3bU, 0xd6d6d6d6U, 0xb3b3b3b3U, - 0x29292929U, 0xe3e3e3e3U, 0x2f2f2f2fU, 0x84848484U, - 0x53535353U, 0xd1d1d1d1U, 0x00000000U, 0xededededU, - 0x20202020U, 0xfcfcfcfcU, 0xb1b1b1b1U, 0x5b5b5b5bU, - 0x6a6a6a6aU, 0xcbcbcbcbU, 0xbebebebeU, 0x39393939U, - 0x4a4a4a4aU, 0x4c4c4c4cU, 0x58585858U, 0xcfcfcfcfU, - 0xd0d0d0d0U, 0xefefefefU, 0xaaaaaaaaU, 0xfbfbfbfbU, - 0x43434343U, 0x4d4d4d4dU, 0x33333333U, 0x85858585U, - 0x45454545U, 0xf9f9f9f9U, 0x02020202U, 0x7f7f7f7fU, - 0x50505050U, 0x3c3c3c3cU, 0x9f9f9f9fU, 0xa8a8a8a8U, - 0x51515151U, 0xa3a3a3a3U, 0x40404040U, 0x8f8f8f8fU, - 0x92929292U, 0x9d9d9d9dU, 0x38383838U, 0xf5f5f5f5U, - 0xbcbcbcbcU, 0xb6b6b6b6U, 0xdadadadaU, 0x21212121U, - 0x10101010U, 0xffffffffU, 0xf3f3f3f3U, 0xd2d2d2d2U, - 0xcdcdcdcdU, 0x0c0c0c0cU, 0x13131313U, 0xececececU, - 0x5f5f5f5fU, 0x97979797U, 0x44444444U, 0x17171717U, - 0xc4c4c4c4U, 0xa7a7a7a7U, 0x7e7e7e7eU, 0x3d3d3d3dU, - 0x64646464U, 0x5d5d5d5dU, 0x19191919U, 0x73737373U, - 0x60606060U, 0x81818181U, 0x4f4f4f4fU, 0xdcdcdcdcU, - 0x22222222U, 0x2a2a2a2aU, 0x90909090U, 0x88888888U, - 0x46464646U, 0xeeeeeeeeU, 0xb8b8b8b8U, 0x14141414U, - 0xdedededeU, 0x5e5e5e5eU, 0x0b0b0b0bU, 0xdbdbdbdbU, - 0xe0e0e0e0U, 0x32323232U, 0x3a3a3a3aU, 0x0a0a0a0aU, - 0x49494949U, 0x06060606U, 0x24242424U, 0x5c5c5c5cU, - 0xc2c2c2c2U, 0xd3d3d3d3U, 0xacacacacU, 0x62626262U, - 0x91919191U, 0x95959595U, 0xe4e4e4e4U, 0x79797979U, - 0xe7e7e7e7U, 0xc8c8c8c8U, 0x37373737U, 0x6d6d6d6dU, - 0x8d8d8d8dU, 0xd5d5d5d5U, 0x4e4e4e4eU, 0xa9a9a9a9U, - 0x6c6c6c6cU, 0x56565656U, 0xf4f4f4f4U, 0xeaeaeaeaU, - 0x65656565U, 0x7a7a7a7aU, 0xaeaeaeaeU, 0x08080808U, - 0xbabababaU, 0x78787878U, 0x25252525U, 0x2e2e2e2eU, - 0x1c1c1c1cU, 0xa6a6a6a6U, 0xb4b4b4b4U, 0xc6c6c6c6U, - 0xe8e8e8e8U, 0xddddddddU, 0x74747474U, 0x1f1f1f1fU, - 0x4b4b4b4bU, 0xbdbdbdbdU, 0x8b8b8b8bU, 0x8a8a8a8aU, - 0x70707070U, 0x3e3e3e3eU, 0xb5b5b5b5U, 0x66666666U, - 0x48484848U, 0x03030303U, 0xf6f6f6f6U, 0x0e0e0e0eU, - 0x61616161U, 0x35353535U, 0x57575757U, 0xb9b9b9b9U, - 0x86868686U, 0xc1c1c1c1U, 0x1d1d1d1dU, 0x9e9e9e9eU, - 0xe1e1e1e1U, 0xf8f8f8f8U, 0x98989898U, 0x11111111U, - 0x69696969U, 0xd9d9d9d9U, 0x8e8e8e8eU, 0x94949494U, - 0x9b9b9b9bU, 0x1e1e1e1eU, 0x87878787U, 0xe9e9e9e9U, - 0xcecececeU, 0x55555555U, 0x28282828U, 0xdfdfdfdfU, - 0x8c8c8c8cU, 0xa1a1a1a1U, 0x89898989U, 0x0d0d0d0dU, - 0xbfbfbfbfU, 0xe6e6e6e6U, 0x42424242U, 0x68686868U, - 0x41414141U, 0x99999999U, 0x2d2d2d2dU, 0x0f0f0f0fU, - 0xb0b0b0b0U, 0x54545454U, 0xbbbbbbbbU, 0x16161616U, -}; -static const u32 Td0[256] = { - 0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U, - 0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U, - 0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U, - 0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU, - 0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U, - 0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U, - 0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU, - 0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U, - 0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU, - 0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U, - 0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U, - 0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U, - 0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U, - 0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU, - 0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U, - 0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU, - 0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U, - 0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU, - 0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U, - 0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U, - 0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U, - 0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU, - 0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U, - 0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU, - 0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U, - 0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU, - 0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U, - 0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU, - 0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU, - 0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U, - 0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU, - 0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U, - 0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU, - 0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U, - 0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U, - 0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U, - 0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU, - 0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U, - 0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U, - 0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU, - 0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U, - 0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U, - 0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U, - 0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U, - 0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U, - 0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU, - 0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U, - 0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U, - 0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U, - 0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U, - 0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U, - 0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU, - 0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU, - 0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU, - 0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU, - 0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U, - 0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U, - 0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU, - 0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU, - 0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U, - 0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU, - 0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U, - 0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U, - 0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U, -}; -static const u32 Td1[256] = { - 0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU, - 0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U, - 0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU, - 0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U, - 0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U, - 0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U, - 0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U, - 0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U, - 0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U, - 0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU, - 0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU, - 0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU, - 0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U, - 0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU, - 0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U, - 0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U, - 0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U, - 0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU, - 0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU, - 0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U, - 0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU, - 0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U, - 0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU, - 0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU, - 0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U, - 0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U, - 0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U, - 0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU, - 0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U, - 0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU, - 0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U, - 0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U, - 0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U, - 0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU, - 0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U, - 0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U, - 0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U, - 0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U, - 0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U, - 0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U, - 0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU, - 0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU, - 0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U, - 0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU, - 0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U, - 0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU, - 0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU, - 0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U, - 0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU, - 0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U, - 0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U, - 0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U, - 0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U, - 0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U, - 0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U, - 0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U, - 0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU, - 0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U, - 0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U, - 0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU, - 0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U, - 0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U, - 0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U, - 0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U, -}; -static const u32 Td2[256] = { - 0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U, - 0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U, - 0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U, - 0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U, - 0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU, - 0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U, - 0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U, - 0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U, - 0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U, - 0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU, - 0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U, - 0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U, - 0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU, - 0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U, - 0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U, - 0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U, - 0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U, - 0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U, - 0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U, - 0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU, - - 0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U, - 0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U, - 0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U, - 0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U, - 0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U, - 0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU, - 0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU, - 0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U, - 0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU, - 0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U, - 0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU, - 0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU, - 0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU, - 0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU, - 0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U, - 0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U, - 0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U, - 0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U, - 0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U, - 0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U, - 0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U, - 0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU, - 0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU, - 0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U, - 0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U, - 0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU, - 0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU, - 0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U, - 0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U, - 0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U, - 0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U, - 0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U, - 0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U, - 0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U, - 0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU, - 0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U, - 0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U, - 0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U, - 0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U, - 0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U, - 0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U, - 0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU, - 0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U, - 0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U, -}; -static const u32 Td3[256] = { - 0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU, - 0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU, - 0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U, - 0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U, - 0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU, - 0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU, - 0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U, - 0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU, - 0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U, - 0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU, - 0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U, - 0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U, - 0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U, - 0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U, - 0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U, - 0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU, - 0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU, - 0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U, - 0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U, - 0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU, - 0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU, - 0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U, - 0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U, - 0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U, - 0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U, - 0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU, - 0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U, - 0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U, - 0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU, - 0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU, - 0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U, - 0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U, - 0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U, - 0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU, - 0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U, - 0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U, - 0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U, - 0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U, - 0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U, - 0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U, - 0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U, - 0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU, - 0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U, - 0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U, - 0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU, - 0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU, - 0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U, - 0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU, - 0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U, - 0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U, - 0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U, - 0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U, - 0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U, - 0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U, - 0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU, - 0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU, - 0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU, - 0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU, - 0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U, - 0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U, - 0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U, - 0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU, - 0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U, - 0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U, -}; -static const u32 Td4[256] = { - 0x52525252U, 0x09090909U, 0x6a6a6a6aU, 0xd5d5d5d5U, - 0x30303030U, 0x36363636U, 0xa5a5a5a5U, 0x38383838U, - 0xbfbfbfbfU, 0x40404040U, 0xa3a3a3a3U, 0x9e9e9e9eU, - 0x81818181U, 0xf3f3f3f3U, 0xd7d7d7d7U, 0xfbfbfbfbU, - 0x7c7c7c7cU, 0xe3e3e3e3U, 0x39393939U, 0x82828282U, - 0x9b9b9b9bU, 0x2f2f2f2fU, 0xffffffffU, 0x87878787U, - 0x34343434U, 0x8e8e8e8eU, 0x43434343U, 0x44444444U, - 0xc4c4c4c4U, 0xdedededeU, 0xe9e9e9e9U, 0xcbcbcbcbU, - 0x54545454U, 0x7b7b7b7bU, 0x94949494U, 0x32323232U, - 0xa6a6a6a6U, 0xc2c2c2c2U, 0x23232323U, 0x3d3d3d3dU, - 0xeeeeeeeeU, 0x4c4c4c4cU, 0x95959595U, 0x0b0b0b0bU, - 0x42424242U, 0xfafafafaU, 0xc3c3c3c3U, 0x4e4e4e4eU, - 0x08080808U, 0x2e2e2e2eU, 0xa1a1a1a1U, 0x66666666U, - 0x28282828U, 0xd9d9d9d9U, 0x24242424U, 0xb2b2b2b2U, - 0x76767676U, 0x5b5b5b5bU, 0xa2a2a2a2U, 0x49494949U, - 0x6d6d6d6dU, 0x8b8b8b8bU, 0xd1d1d1d1U, 0x25252525U, - 0x72727272U, 0xf8f8f8f8U, 0xf6f6f6f6U, 0x64646464U, - 0x86868686U, 0x68686868U, 0x98989898U, 0x16161616U, - 0xd4d4d4d4U, 0xa4a4a4a4U, 0x5c5c5c5cU, 0xccccccccU, - 0x5d5d5d5dU, 0x65656565U, 0xb6b6b6b6U, 0x92929292U, - 0x6c6c6c6cU, 0x70707070U, 0x48484848U, 0x50505050U, - 0xfdfdfdfdU, 0xededededU, 0xb9b9b9b9U, 0xdadadadaU, - 0x5e5e5e5eU, 0x15151515U, 0x46464646U, 0x57575757U, - 0xa7a7a7a7U, 0x8d8d8d8dU, 0x9d9d9d9dU, 0x84848484U, - 0x90909090U, 0xd8d8d8d8U, 0xababababU, 0x00000000U, - 0x8c8c8c8cU, 0xbcbcbcbcU, 0xd3d3d3d3U, 0x0a0a0a0aU, - 0xf7f7f7f7U, 0xe4e4e4e4U, 0x58585858U, 0x05050505U, - 0xb8b8b8b8U, 0xb3b3b3b3U, 0x45454545U, 0x06060606U, - 0xd0d0d0d0U, 0x2c2c2c2cU, 0x1e1e1e1eU, 0x8f8f8f8fU, - 0xcacacacaU, 0x3f3f3f3fU, 0x0f0f0f0fU, 0x02020202U, - 0xc1c1c1c1U, 0xafafafafU, 0xbdbdbdbdU, 0x03030303U, - 0x01010101U, 0x13131313U, 0x8a8a8a8aU, 0x6b6b6b6bU, - 0x3a3a3a3aU, 0x91919191U, 0x11111111U, 0x41414141U, - 0x4f4f4f4fU, 0x67676767U, 0xdcdcdcdcU, 0xeaeaeaeaU, - 0x97979797U, 0xf2f2f2f2U, 0xcfcfcfcfU, 0xcecececeU, - 0xf0f0f0f0U, 0xb4b4b4b4U, 0xe6e6e6e6U, 0x73737373U, - 0x96969696U, 0xacacacacU, 0x74747474U, 0x22222222U, - 0xe7e7e7e7U, 0xadadadadU, 0x35353535U, 0x85858585U, - 0xe2e2e2e2U, 0xf9f9f9f9U, 0x37373737U, 0xe8e8e8e8U, - 0x1c1c1c1cU, 0x75757575U, 0xdfdfdfdfU, 0x6e6e6e6eU, - 0x47474747U, 0xf1f1f1f1U, 0x1a1a1a1aU, 0x71717171U, - 0x1d1d1d1dU, 0x29292929U, 0xc5c5c5c5U, 0x89898989U, - 0x6f6f6f6fU, 0xb7b7b7b7U, 0x62626262U, 0x0e0e0e0eU, - 0xaaaaaaaaU, 0x18181818U, 0xbebebebeU, 0x1b1b1b1bU, - 0xfcfcfcfcU, 0x56565656U, 0x3e3e3e3eU, 0x4b4b4b4bU, - 0xc6c6c6c6U, 0xd2d2d2d2U, 0x79797979U, 0x20202020U, - 0x9a9a9a9aU, 0xdbdbdbdbU, 0xc0c0c0c0U, 0xfefefefeU, - 0x78787878U, 0xcdcdcdcdU, 0x5a5a5a5aU, 0xf4f4f4f4U, - 0x1f1f1f1fU, 0xddddddddU, 0xa8a8a8a8U, 0x33333333U, - 0x88888888U, 0x07070707U, 0xc7c7c7c7U, 0x31313131U, - 0xb1b1b1b1U, 0x12121212U, 0x10101010U, 0x59595959U, - 0x27272727U, 0x80808080U, 0xececececU, 0x5f5f5f5fU, - 0x60606060U, 0x51515151U, 0x7f7f7f7fU, 0xa9a9a9a9U, - 0x19191919U, 0xb5b5b5b5U, 0x4a4a4a4aU, 0x0d0d0d0dU, - 0x2d2d2d2dU, 0xe5e5e5e5U, 0x7a7a7a7aU, 0x9f9f9f9fU, - 0x93939393U, 0xc9c9c9c9U, 0x9c9c9c9cU, 0xefefefefU, - 0xa0a0a0a0U, 0xe0e0e0e0U, 0x3b3b3b3bU, 0x4d4d4d4dU, - 0xaeaeaeaeU, 0x2a2a2a2aU, 0xf5f5f5f5U, 0xb0b0b0b0U, - 0xc8c8c8c8U, 0xebebebebU, 0xbbbbbbbbU, 0x3c3c3c3cU, - 0x83838383U, 0x53535353U, 0x99999999U, 0x61616161U, - 0x17171717U, 0x2b2b2b2bU, 0x04040404U, 0x7e7e7e7eU, - 0xbabababaU, 0x77777777U, 0xd6d6d6d6U, 0x26262626U, - 0xe1e1e1e1U, 0x69696969U, 0x14141414U, 0x63636363U, - 0x55555555U, 0x21212121U, 0x0c0c0c0cU, 0x7d7d7d7dU, -}; -static const u32 rcon[] = { - 0x01000000, 0x02000000, 0x04000000, 0x08000000, - 0x10000000, 0x20000000, 0x40000000, 0x80000000, - 0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */ -}; - -#define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00) - -#ifdef _MSC_VER -#define GETU32(p) SWAP(*((u32 *)(p))) -#define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); } -#else -#define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] << 8) ^ ((u32)(pt)[3])) -#define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >> 8); (ct)[3] = (u8)(st); } -#endif - -/** - * Expand the cipher key into the encryption key schedule. - * - * @return the number of rounds for the given cipher key size. - */ -int rijndaelKeySetupEnc(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits) { - int i = 0; - u32 temp; - - rk[0] = GETU32(cipherKey ); - rk[1] = GETU32(cipherKey + 4); - rk[2] = GETU32(cipherKey + 8); - rk[3] = GETU32(cipherKey + 12); - if (keyBits == 128) { - for (;;) { - temp = rk[3]; - rk[4] = rk[0] ^ - (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ - (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ - (Te4[(temp ) & 0xff] & 0x0000ff00) ^ - (Te4[(temp >> 24) ] & 0x000000ff) ^ - rcon[i]; - rk[5] = rk[1] ^ rk[4]; - rk[6] = rk[2] ^ rk[5]; - rk[7] = rk[3] ^ rk[6]; - if (++i == 10) { - return 10; - } - rk += 4; - } - } - rk[4] = GETU32(cipherKey + 16); - rk[5] = GETU32(cipherKey + 20); - if (keyBits == 192) { - for (;;) { - temp = rk[ 5]; - rk[ 6] = rk[ 0] ^ - (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ - (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ - (Te4[(temp ) & 0xff] & 0x0000ff00) ^ - (Te4[(temp >> 24) ] & 0x000000ff) ^ - rcon[i]; - rk[ 7] = rk[ 1] ^ rk[ 6]; - rk[ 8] = rk[ 2] ^ rk[ 7]; - rk[ 9] = rk[ 3] ^ rk[ 8]; - if (++i == 8) { - return 12; - } - rk[10] = rk[ 4] ^ rk[ 9]; - rk[11] = rk[ 5] ^ rk[10]; - rk += 6; - } - } - rk[6] = GETU32(cipherKey + 24); - rk[7] = GETU32(cipherKey + 28); - if (keyBits == 256) { - for (;;) { - temp = rk[ 7]; - rk[ 8] = rk[ 0] ^ - (Te4[(temp >> 16) & 0xff] & 0xff000000) ^ - (Te4[(temp >> 8) & 0xff] & 0x00ff0000) ^ - (Te4[(temp ) & 0xff] & 0x0000ff00) ^ - (Te4[(temp >> 24) ] & 0x000000ff) ^ - rcon[i]; - rk[ 9] = rk[ 1] ^ rk[ 8]; - rk[10] = rk[ 2] ^ rk[ 9]; - rk[11] = rk[ 3] ^ rk[10]; - if (++i == 7) { - return 14; - } - temp = rk[11]; - rk[12] = rk[ 4] ^ - (Te4[(temp >> 24) ] & 0xff000000) ^ - (Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^ - (Te4[(temp >> 8) & 0xff] & 0x0000ff00) ^ - (Te4[(temp ) & 0xff] & 0x000000ff); - rk[13] = rk[ 5] ^ rk[12]; - rk[14] = rk[ 6] ^ rk[13]; - rk[15] = rk[ 7] ^ rk[14]; - - rk += 8; - } - } - return 0; -} - -/** - * Expand the cipher key into the decryption key schedule. - * - * @return the number of rounds for the given cipher key size. - */ -int rijndaelKeySetupDec(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits) { - int Nr, i, j; - u32 temp; - - /* expand the cipher key: */ - Nr = rijndaelKeySetupEnc(rk, cipherKey, keyBits); - /* invert the order of the round keys: */ - for (i = 0, j = 4*Nr; i < j; i += 4, j -= 4) { - temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp; - temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp; - temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp; - temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp; - } - /* apply the inverse MixColumn transform to all round keys but the first and the last: */ - for (i = 1; i < Nr; i++) { - rk += 4; - rk[0] = - Td0[Te4[(rk[0] >> 24) ] & 0xff] ^ - Td1[Te4[(rk[0] >> 16) & 0xff] & 0xff] ^ - Td2[Te4[(rk[0] >> 8) & 0xff] & 0xff] ^ - Td3[Te4[(rk[0] ) & 0xff] & 0xff]; - rk[1] = - Td0[Te4[(rk[1] >> 24) ] & 0xff] ^ - Td1[Te4[(rk[1] >> 16) & 0xff] & 0xff] ^ - Td2[Te4[(rk[1] >> 8) & 0xff] & 0xff] ^ - Td3[Te4[(rk[1] ) & 0xff] & 0xff]; - rk[2] = - Td0[Te4[(rk[2] >> 24) ] & 0xff] ^ - Td1[Te4[(rk[2] >> 16) & 0xff] & 0xff] ^ - Td2[Te4[(rk[2] >> 8) & 0xff] & 0xff] ^ - Td3[Te4[(rk[2] ) & 0xff] & 0xff]; - rk[3] = - Td0[Te4[(rk[3] >> 24) ] & 0xff] ^ - Td1[Te4[(rk[3] >> 16) & 0xff] & 0xff] ^ - Td2[Te4[(rk[3] >> 8) & 0xff] & 0xff] ^ - Td3[Te4[(rk[3] ) & 0xff] & 0xff]; - } - return Nr; -} - -void rijndaelEncrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 pt[16], u8 ct[16]) { - u32 s0, s1, s2, s3, t0, t1, t2, t3; -#ifndef FULL_UNROLL - int r; -#endif /* ?FULL_UNROLL */ - - /* - * map byte array block to cipher state - * and add initial round key: - */ - s0 = GETU32(pt ) ^ rk[0]; - s1 = GETU32(pt + 4) ^ rk[1]; - s2 = GETU32(pt + 8) ^ rk[2]; - s3 = GETU32(pt + 12) ^ rk[3]; -#ifdef FULL_UNROLL - /* round 1: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7]; - /* round 2: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11]; - /* round 3: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15]; - /* round 4: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19]; - /* round 5: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23]; - /* round 6: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27]; - /* round 7: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31]; - /* round 8: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35]; - /* round 9: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39]; - if (Nr > 10) { - /* round 10: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[41]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[42]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[43]; - /* round 11: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[44]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[45]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[46]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[47]; - if (Nr > 12) { - /* round 12: */ - s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >> 8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[48]; - s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >> 8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[49]; - s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >> 8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[50]; - s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >> 8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[51]; - /* round 13: */ - t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >> 8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[52]; - t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >> 8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[53]; - t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >> 8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[54]; - t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >> 8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[55]; - } - } - rk += Nr << 2; -#else /* !FULL_UNROLL */ - /* - * Nr - 1 full rounds: - */ - r = Nr >> 1; - for (;;) { - t0 = - Te0[(s0 >> 24) ] ^ - Te1[(s1 >> 16) & 0xff] ^ - Te2[(s2 >> 8) & 0xff] ^ - Te3[(s3 ) & 0xff] ^ - rk[4]; - t1 = - Te0[(s1 >> 24) ] ^ - Te1[(s2 >> 16) & 0xff] ^ - Te2[(s3 >> 8) & 0xff] ^ - Te3[(s0 ) & 0xff] ^ - rk[5]; - t2 = - Te0[(s2 >> 24) ] ^ - Te1[(s3 >> 16) & 0xff] ^ - Te2[(s0 >> 8) & 0xff] ^ - Te3[(s1 ) & 0xff] ^ - rk[6]; - t3 = - Te0[(s3 >> 24) ] ^ - Te1[(s0 >> 16) & 0xff] ^ - Te2[(s1 >> 8) & 0xff] ^ - Te3[(s2 ) & 0xff] ^ - rk[7]; - - rk += 8; - if (--r == 0) { - break; - } - - s0 = - Te0[(t0 >> 24) ] ^ - Te1[(t1 >> 16) & 0xff] ^ - Te2[(t2 >> 8) & 0xff] ^ - Te3[(t3 ) & 0xff] ^ - rk[0]; - s1 = - Te0[(t1 >> 24) ] ^ - Te1[(t2 >> 16) & 0xff] ^ - Te2[(t3 >> 8) & 0xff] ^ - Te3[(t0 ) & 0xff] ^ - rk[1]; - s2 = - Te0[(t2 >> 24) ] ^ - Te1[(t3 >> 16) & 0xff] ^ - Te2[(t0 >> 8) & 0xff] ^ - Te3[(t1 ) & 0xff] ^ - rk[2]; - s3 = - Te0[(t3 >> 24) ] ^ - Te1[(t0 >> 16) & 0xff] ^ - Te2[(t1 >> 8) & 0xff] ^ - Te3[(t2 ) & 0xff] ^ - rk[3]; - } -#endif /* ?FULL_UNROLL */ - /* - * apply last round and - * map cipher state to byte array block: - */ - s0 = - (Te4[(t0 >> 24) ] & 0xff000000) ^ - (Te4[(t1 >> 16) & 0xff] & 0x00ff0000) ^ - (Te4[(t2 >> 8) & 0xff] & 0x0000ff00) ^ - (Te4[(t3 ) & 0xff] & 0x000000ff) ^ - rk[0]; - PUTU32(ct , s0); - s1 = - (Te4[(t1 >> 24) ] & 0xff000000) ^ - (Te4[(t2 >> 16) & 0xff] & 0x00ff0000) ^ - (Te4[(t3 >> 8) & 0xff] & 0x0000ff00) ^ - (Te4[(t0 ) & 0xff] & 0x000000ff) ^ - rk[1]; - PUTU32(ct + 4, s1); - s2 = - (Te4[(t2 >> 24) ] & 0xff000000) ^ - (Te4[(t3 >> 16) & 0xff] & 0x00ff0000) ^ - (Te4[(t0 >> 8) & 0xff] & 0x0000ff00) ^ - (Te4[(t1 ) & 0xff] & 0x000000ff) ^ - rk[2]; - PUTU32(ct + 8, s2); - s3 = - (Te4[(t3 >> 24) ] & 0xff000000) ^ - (Te4[(t0 >> 16) & 0xff] & 0x00ff0000) ^ - (Te4[(t1 >> 8) & 0xff] & 0x0000ff00) ^ - (Te4[(t2 ) & 0xff] & 0x000000ff) ^ - rk[3]; - PUTU32(ct + 12, s3); -} - -void rijndaelDecrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 ct[16], u8 pt[16]) { - u32 s0, s1, s2, s3, t0, t1, t2, t3; -#ifndef FULL_UNROLL - int r; -#endif /* ?FULL_UNROLL */ - - /* - * map byte array block to cipher state - * and add initial round key: - */ - s0 = GETU32(ct ) ^ rk[0]; - s1 = GETU32(ct + 4) ^ rk[1]; - s2 = GETU32(ct + 8) ^ rk[2]; - s3 = GETU32(ct + 12) ^ rk[3]; -#ifdef FULL_UNROLL - /* round 1: */ - t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[ 4]; - t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[ 5]; - t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[ 6]; - t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[ 7]; - /* round 2: */ - s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[ 8]; - s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[ 9]; - s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[10]; - s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[11]; - /* round 3: */ - t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[12]; - t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[13]; - t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[14]; - t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[15]; - /* round 4: */ - s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[16]; - s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[17]; - s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[18]; - s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[19]; - /* round 5: */ - t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[20]; - t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[21]; - t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[22]; - t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[23]; - /* round 6: */ - s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[24]; - s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[25]; - s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[26]; - s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[27]; - /* round 7: */ - t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[28]; - t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[29]; - t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[30]; - t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[31]; - /* round 8: */ - s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[32]; - s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[33]; - s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[34]; - s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[35]; - /* round 9: */ - t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[36]; - t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[37]; - t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[38]; - t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[39]; - if (Nr > 10) { - /* round 10: */ - s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[40]; - s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[41]; - s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[42]; - s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[43]; - /* round 11: */ - t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[44]; - t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[45]; - t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[46]; - t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[47]; - if (Nr > 12) { - /* round 12: */ - s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >> 8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[48]; - s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >> 8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[49]; - s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >> 8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[50]; - s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >> 8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[51]; - /* round 13: */ - t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >> 8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[52]; - t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >> 8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[53]; - t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >> 8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[54]; - t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >> 8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[55]; - } - } - rk += Nr << 2; -#else /* !FULL_UNROLL */ - /* - * Nr - 1 full rounds: - */ - r = Nr >> 1; - for (;;) { - t0 = - Td0[(s0 >> 24) ] ^ - Td1[(s3 >> 16) & 0xff] ^ - Td2[(s2 >> 8) & 0xff] ^ - Td3[(s1 ) & 0xff] ^ - rk[4]; - t1 = - Td0[(s1 >> 24) ] ^ - Td1[(s0 >> 16) & 0xff] ^ - Td2[(s3 >> 8) & 0xff] ^ - Td3[(s2 ) & 0xff] ^ - rk[5]; - t2 = - Td0[(s2 >> 24) ] ^ - Td1[(s1 >> 16) & 0xff] ^ - Td2[(s0 >> 8) & 0xff] ^ - Td3[(s3 ) & 0xff] ^ - rk[6]; - t3 = - Td0[(s3 >> 24) ] ^ - Td1[(s2 >> 16) & 0xff] ^ - Td2[(s1 >> 8) & 0xff] ^ - Td3[(s0 ) & 0xff] ^ - rk[7]; - - rk += 8; - if (--r == 0) { - break; - } - - s0 = - Td0[(t0 >> 24) ] ^ - Td1[(t3 >> 16) & 0xff] ^ - Td2[(t2 >> 8) & 0xff] ^ - Td3[(t1 ) & 0xff] ^ - rk[0]; - s1 = - Td0[(t1 >> 24) ] ^ - Td1[(t0 >> 16) & 0xff] ^ - Td2[(t3 >> 8) & 0xff] ^ - Td3[(t2 ) & 0xff] ^ - rk[1]; - s2 = - Td0[(t2 >> 24) ] ^ - Td1[(t1 >> 16) & 0xff] ^ - Td2[(t0 >> 8) & 0xff] ^ - Td3[(t3 ) & 0xff] ^ - rk[2]; - s3 = - Td0[(t3 >> 24) ] ^ - Td1[(t2 >> 16) & 0xff] ^ - Td2[(t1 >> 8) & 0xff] ^ - Td3[(t0 ) & 0xff] ^ - rk[3]; - } -#endif /* ?FULL_UNROLL */ - /* - * apply last round and - * map cipher state to byte array block: - */ - s0 = - (Td4[(t0 >> 24) ] & 0xff000000) ^ - (Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^ - (Td4[(t2 >> 8) & 0xff] & 0x0000ff00) ^ - (Td4[(t1 ) & 0xff] & 0x000000ff) ^ - rk[0]; - PUTU32(pt , s0); - s1 = - (Td4[(t1 >> 24) ] & 0xff000000) ^ - (Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^ - (Td4[(t3 >> 8) & 0xff] & 0x0000ff00) ^ - (Td4[(t2 ) & 0xff] & 0x000000ff) ^ - rk[1]; - PUTU32(pt + 4, s1); - s2 = - (Td4[(t2 >> 24) ] & 0xff000000) ^ - (Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^ - (Td4[(t0 >> 8) & 0xff] & 0x0000ff00) ^ - (Td4[(t3 ) & 0xff] & 0x000000ff) ^ - rk[2]; - PUTU32(pt + 8, s2); - s3 = - (Td4[(t3 >> 24) ] & 0xff000000) ^ - (Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^ - (Td4[(t1 >> 8) & 0xff] & 0x0000ff00) ^ - (Td4[(t0 ) & 0xff] & 0x000000ff) ^ - rk[3]; - PUTU32(pt + 12, s3); -} - -#ifdef INTERMEDIATE_VALUE_KAT - -void rijndaelEncryptRound(const u32 rk[/*4*(Nr + 1)*/], int Nr, u8 block[16], int rounds) { - int r; - u32 s0, s1, s2, s3, t0, t1, t2, t3; - - /* - * map byte array block to cipher state - * and add initial round key: - */ - s0 = GETU32(block ) ^ rk[0]; - s1 = GETU32(block + 4) ^ rk[1]; - s2 = GETU32(block + 8) ^ rk[2]; - s3 = GETU32(block + 12) ^ rk[3]; - rk += 4; - - /* - * Nr - 1 full rounds: - */ - for (r = (rounds < Nr ? rounds : Nr - 1); r > 0; r--) { - t0 = - Te0[(s0 >> 24) ] ^ - Te1[(s1 >> 16) & 0xff] ^ - Te2[(s2 >> 8) & 0xff] ^ - Te3[(s3 ) & 0xff] ^ - rk[0]; - t1 = - Te0[(s1 >> 24) ] ^ - Te1[(s2 >> 16) & 0xff] ^ - Te2[(s3 >> 8) & 0xff] ^ - Te3[(s0 ) & 0xff] ^ - rk[1]; - t2 = - Te0[(s2 >> 24) ] ^ - Te1[(s3 >> 16) & 0xff] ^ - Te2[(s0 >> 8) & 0xff] ^ - Te3[(s1 ) & 0xff] ^ - rk[2]; - t3 = - Te0[(s3 >> 24) ] ^ - Te1[(s0 >> 16) & 0xff] ^ - Te2[(s1 >> 8) & 0xff] ^ - Te3[(s2 ) & 0xff] ^ - rk[3]; - - s0 = t0; - s1 = t1; - s2 = t2; - s3 = t3; - rk += 4; - - } - - /* - * apply last round and - * map cipher state to byte array block: - */ - if (rounds == Nr) { - t0 = - (Te4[(s0 >> 24) ] & 0xff000000) ^ - (Te4[(s1 >> 16) & 0xff] & 0x00ff0000) ^ - (Te4[(s2 >> 8) & 0xff] & 0x0000ff00) ^ - (Te4[(s3 ) & 0xff] & 0x000000ff) ^ - rk[0]; - t1 = - (Te4[(s1 >> 24) ] & 0xff000000) ^ - (Te4[(s2 >> 16) & 0xff] & 0x00ff0000) ^ - (Te4[(s3 >> 8) & 0xff] & 0x0000ff00) ^ - (Te4[(s0 ) & 0xff] & 0x000000ff) ^ - rk[1]; - t2 = - (Te4[(s2 >> 24) ] & 0xff000000) ^ - (Te4[(s3 >> 16) & 0xff] & 0x00ff0000) ^ - (Te4[(s0 >> 8) & 0xff] & 0x0000ff00) ^ - (Te4[(s1 ) & 0xff] & 0x000000ff) ^ - rk[2]; - t3 = - (Te4[(s3 >> 24) ] & 0xff000000) ^ - (Te4[(s0 >> 16) & 0xff] & 0x00ff0000) ^ - (Te4[(s1 >> 8) & 0xff] & 0x0000ff00) ^ - (Te4[(s2 ) & 0xff] & 0x000000ff) ^ - rk[3]; - - s0 = t0; - s1 = t1; - s2 = t2; - s3 = t3; - } - - PUTU32(block , s0); - PUTU32(block + 4, s1); - PUTU32(block + 8, s2); - PUTU32(block + 12, s3); -} - -void rijndaelDecryptRound(const u32 rk[/*4*(Nr + 1)*/], int Nr, u8 block[16], int rounds) { - int r; - u32 s0, s1, s2, s3, t0, t1, t2, t3; - - /* - * map byte array block to cipher state - * and add initial round key: - */ - s0 = GETU32(block ) ^ rk[0]; - s1 = GETU32(block + 4) ^ rk[1]; - s2 = GETU32(block + 8) ^ rk[2]; - s3 = GETU32(block + 12) ^ rk[3]; - rk += 4; - - /* - * Nr - 1 full rounds: - */ - for (r = (rounds < Nr ? rounds : Nr) - 1; r > 0; r--) { - t0 = - Td0[(s0 >> 24) ] ^ - Td1[(s3 >> 16) & 0xff] ^ - Td2[(s2 >> 8) & 0xff] ^ - Td3[(s1 ) & 0xff] ^ - rk[0]; - t1 = - Td0[(s1 >> 24) ] ^ - Td1[(s0 >> 16) & 0xff] ^ - Td2[(s3 >> 8) & 0xff] ^ - Td3[(s2 ) & 0xff] ^ - rk[1]; - t2 = - Td0[(s2 >> 24) ] ^ - Td1[(s1 >> 16) & 0xff] ^ - Td2[(s0 >> 8) & 0xff] ^ - Td3[(s3 ) & 0xff] ^ - rk[2]; - t3 = - Td0[(s3 >> 24) ] ^ - Td1[(s2 >> 16) & 0xff] ^ - Td2[(s1 >> 8) & 0xff] ^ - Td3[(s0 ) & 0xff] ^ - rk[3]; - - s0 = t0; - s1 = t1; - s2 = t2; - s3 = t3; - rk += 4; - - } - - /* - * complete the last round and - * map cipher state to byte array block: - */ - t0 = - (Td4[(s0 >> 24) ] & 0xff000000) ^ - (Td4[(s3 >> 16) & 0xff] & 0x00ff0000) ^ - (Td4[(s2 >> 8) & 0xff] & 0x0000ff00) ^ - (Td4[(s1 ) & 0xff] & 0x000000ff); - t1 = - (Td4[(s1 >> 24) ] & 0xff000000) ^ - (Td4[(s0 >> 16) & 0xff] & 0x00ff0000) ^ - (Td4[(s3 >> 8) & 0xff] & 0x0000ff00) ^ - (Td4[(s2 ) & 0xff] & 0x000000ff); - t2 = - (Td4[(s2 >> 24) ] & 0xff000000) ^ - (Td4[(s1 >> 16) & 0xff] & 0x00ff0000) ^ - (Td4[(s0 >> 8) & 0xff] & 0x0000ff00) ^ - (Td4[(s3 ) & 0xff] & 0x000000ff); - t3 = - (Td4[(s3 >> 24) ] & 0xff000000) ^ - (Td4[(s2 >> 16) & 0xff] & 0x00ff0000) ^ - (Td4[(s1 >> 8) & 0xff] & 0x0000ff00) ^ - (Td4[(s0 ) & 0xff] & 0x000000ff); - - if (rounds == Nr) { - t0 ^= rk[0]; - t1 ^= rk[1]; - t2 ^= rk[2]; - t3 ^= rk[3]; - } - - PUTU32(block , t0); - PUTU32(block + 4, t1); - PUTU32(block + 8, t2); - PUTU32(block + 12, t3); -} - -#endif /* INTERMEDIATE_VALUE_KAT */ diff --git a/src/lib/libcrypto/rijndael/rd_fst.h b/src/lib/libcrypto/rijndael/rd_fst.h deleted file mode 100644 index fcace294781..00000000000 --- a/src/lib/libcrypto/rijndael/rd_fst.h +++ /dev/null @@ -1,42 +0,0 @@ -/** - * rijndael-alg-fst.h - * - * @version 3.0 (December 2000) - * - * Optimised ANSI C code for the Rijndael cipher (now AES) - * - * @author Vincent Rijmen - * @author Antoon Bosselaers - * @author Paulo Barreto - * - * This code is hereby placed in the public domain. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS - * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED - * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR - * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE - * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, - * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#ifndef __RIJNDAEL_ALG_FST_H -#define __RIJNDAEL_ALG_FST_H - -#define MAXKC (256/32) -#define MAXKB (256/8) -#define MAXNR 14 - -typedef unsigned char u8; -typedef unsigned short u16; -typedef unsigned int u32; - -int rijndaelKeySetupEnc(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits); -int rijndaelKeySetupDec(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits); -void rijndaelEncrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 pt[16], u8 ct[16]); -void rijndaelDecrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 ct[16], u8 pt[16]); - -#endif /* __RIJNDAEL_ALG_FST_H */ diff --git a/src/lib/libcrypto/rijndael/rijndael.h b/src/lib/libcrypto/rijndael/rijndael.h deleted file mode 100644 index 72edcc29424..00000000000 --- a/src/lib/libcrypto/rijndael/rijndael.h +++ /dev/null @@ -1,7 +0,0 @@ -#include "openssl/rd_fst.h" - -typedef struct - { - u32 rd_key[4 *(MAXNR + 1)]; - int rounds; - } RIJNDAEL_KEY; diff --git a/src/lib/libcrypto/ripemd/Makefile.ssl b/src/lib/libcrypto/ripemd/Makefile.ssl deleted file mode 100644 index a58662a69f4..00000000000 --- a/src/lib/libcrypto/ripemd/Makefile.ssl +++ /dev/null @@ -1,110 +0,0 @@ -# -# SSLeay/crypto/ripemd/Makefile -# - -DIR= ripemd -TOP= ../.. -CC= cc -CPP= $(CC) -E -INCLUDES= -CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKE= make -f Makefile.ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) -MAKEFILE= Makefile.ssl -AR= ar r - -RIP_ASM_OBJ= - -CFLAGS= $(INCLUDES) $(CFLAG) - -GENERAL=Makefile -TEST=rmdtest.c -APPS= - -LIB=$(TOP)/libcrypto.a -LIBSRC=rmd_dgst.c rmd_one.c -LIBOBJ=rmd_dgst.o rmd_one.o $(RMD160_ASM_OBJ) - -SRC= $(LIBSRC) - -EXHEADER= ripemd.h -HEADER= rmd_locl.h rmdconst.h $(EXHEADER) - -ALL= $(GENERAL) $(SRC) $(HEADER) - -top: - (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) - -all: lib - -lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) || echo Never mind. - @touch lib - -# elf -asm/rm86-elf.o: asm/rm86unix.cpp - $(CPP) -DELF -x c asm/rm86unix.cpp | as -o asm/rm86-elf.o - -# solaris -asm/rm86-sol.o: asm/rm86unix.cpp - $(CC) -E -DSOL asm/rm86unix.cpp | sed 's/^#.*//' > asm/rm86-sol.s - as -o asm/rm86-sol.o asm/rm86-sol.s - rm -f asm/rm86-sol.s - -# a.out -asm/rm86-out.o: asm/rm86unix.cpp - $(CPP) -DOUT asm/rm86unix.cpp | as -o asm/rm86-out.o - -# bsdi -asm/rm86bsdi.o: asm/rm86unix.cpp - $(CPP) -DBSDI asm/rm86unix.cpp | sed 's/ :/:/' | as -o asm/rm86bsdi.o - -asm/rm86unix.cpp: asm/rmd-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) rmd-586.pl cpp >rm86unix.cpp) - -files: - $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO - -links: - @sh $(TOP)/util/point.sh Makefile.ssl Makefile - @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) - @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) - @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) - -install: - @for i in $(EXHEADER) ; \ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; - -tags: - ctags $(SRC) - -tests: - -lint: - lint -DLINT $(INCLUDES) $(SRC)>fluff - -depend: - $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) - -dclean: - $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new - mv -f Makefile.new $(MAKEFILE) - -clean: - rm -f asm/rm86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff - -# DO NOT DELETE THIS LINE -- make depend depends on it. - -rmd_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h -rmd_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ripemd.h -rmd_dgst.o: ../md32_common.h rmd_dgst.c rmd_locl.h rmdconst.h -rmd_one.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h -rmd_one.o: ../../include/openssl/ripemd.h rmd_one.c diff --git a/src/lib/libcrypto/ripemd/README b/src/lib/libcrypto/ripemd/README index 70977072649..5e18d458664 100644 --- a/src/lib/libcrypto/ripemd/README +++ b/src/lib/libcrypto/ripemd/README @@ -1,10 +1,10 @@ RIPEMD-160 http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html -This is my implementation of RIPEMD-160. The pentium assember is a little +This is my implementation of RIPEMD-160. The pentium assembler is a little off the pace since I only get 1050 cycles, while the best is 1013. I have a few ideas for how to get another 20 or so cycles, but at -this point I will not bother right now. I belive the trick will be +this point I will not bother right now. I believe the trick will be to remove my 'copy X array onto stack' until inside the RIP1() finctions the first time round. To do this I need another register and will only have one temporary one. A bit tricky.... I can also cleanup the saving of the 5 words diff --git a/src/lib/libcrypto/ripemd/asm/rips.cpp b/src/lib/libcrypto/ripemd/asm/rips.cpp deleted file mode 100644 index f7a13677a92..00000000000 --- a/src/lib/libcrypto/ripemd/asm/rips.cpp +++ /dev/null @@ -1,82 +0,0 @@ -// -// gettsc.inl -// -// gives access to the Pentium's (secret) cycle counter -// -// This software was written by Leonard Janke (janke@unixg.ubc.ca) -// in 1996-7 and is entered, by him, into the public domain. - -#if defined(__WATCOMC__) -void GetTSC(unsigned long&); -#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax]; -#elif defined(__GNUC__) -inline -void GetTSC(unsigned long& tsc) -{ - asm volatile(".byte 15, 49\n\t" - : "=eax" (tsc) - : - : "%edx", "%eax"); -} -#elif defined(_MSC_VER) -inline -void GetTSC(unsigned long& tsc) -{ - unsigned long a; - __asm _emit 0fh - __asm _emit 31h - __asm mov a, eax; - tsc=a; -} -#endif - -#include -#include -#include - -#define ripemd160_block_x86 ripemd160_block_asm_host_order - -extern "C" { -void ripemd160_block_x86(RIPEMD160_CTX *ctx, unsigned char *buffer,int num); -} - -void main(int argc,char *argv[]) - { - unsigned char buffer[64*256]; - RIPEMD160_CTX ctx; - unsigned long s1,s2,e1,e2; - unsigned char k[16]; - unsigned long data[2]; - unsigned char iv[8]; - int i,num=0,numm; - int j=0; - - if (argc >= 2) - num=atoi(argv[1]); - - if (num == 0) num=16; - if (num > 250) num=16; - numm=num+2; -#if 0 - num*=64; - numm*=64; -#endif - - for (j=0; j<6; j++) - { - for (i=0; i<10; i++) /**/ - { - ripemd160_block_x86(&ctx,buffer,numm); - GetTSC(s1); - ripemd160_block_x86(&ctx,buffer,numm); - GetTSC(e1); - GetTSC(s2); - ripemd160_block_x86(&ctx,buffer,num); - GetTSC(e2); - ripemd160_block_x86(&ctx,buffer,num); - } - printf("ripemd160 (%d bytes) %d %d (%.2f)\n",num*64, - e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2); - } - } - diff --git a/src/lib/libcrypto/ripemd/asm/rmd-586.pl b/src/lib/libcrypto/ripemd/asm/rmd-586.pl index 0ab6f76bfff..e8b2bc2db2d 100644 --- a/src/lib/libcrypto/ripemd/asm/rmd-586.pl +++ b/src/lib/libcrypto/ripemd/asm/rmd-586.pl @@ -1,11 +1,12 @@ #!/usr/local/bin/perl # Normal is the -# ripemd160_block_asm_host_order(RIPEMD160_CTX *c, ULONG *X,int blocks); +# ripemd160_block_asm_data_order(RIPEMD160_CTX *c, ULONG *X,int blocks); $normal=0; -push(@INC,"perlasm","../../perlasm"); +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +push(@INC,"${dir}","${dir}../../perlasm"); require "x86asm.pl"; &asm_init($ARGV[0],$0); @@ -56,7 +57,7 @@ 8, 5,12, 9,12, 5,14, 6, 8,13, 6, 5,15,13,11,11, ); -&ripemd160_block("ripemd160_block_asm_host_order"); +&ripemd160_block("ripemd160_block_asm_data_order"); &asm_finish(); sub Xv diff --git a/src/lib/libcrypto/ripemd/ripemd.h b/src/lib/libcrypto/ripemd/ripemd.h index 78d5f365605..a5f3a129373 100644 --- a/src/lib/libcrypto/ripemd/ripemd.h +++ b/src/lib/libcrypto/ripemd/ripemd.h @@ -1,4 +1,4 @@ -/* crypto/ripemd/ripemd.h */ +/* $OpenBSD: ripemd.h,v 1.14 2014/07/10 22:45:57 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -56,10 +56,12 @@ * [including the GNU Public Licence.] */ +#include + #ifndef HEADER_RIPEMD_H #define HEADER_RIPEMD_H -#include +#include #ifdef __cplusplus extern "C" { @@ -69,9 +71,9 @@ extern "C" { #error RIPEMD is disabled. #endif -#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__) +#if defined(__LP32__) #define RIPEMD160_LONG unsigned long -#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) +#elif defined(__ILP64__) #define RIPEMD160_LONG unsigned long #define RIPEMD160_LONG_LOG2 3 #else @@ -87,13 +89,13 @@ typedef struct RIPEMD160state_st RIPEMD160_LONG A,B,C,D,E; RIPEMD160_LONG Nl,Nh; RIPEMD160_LONG data[RIPEMD160_LBLOCK]; - int num; + unsigned int num; } RIPEMD160_CTX; int RIPEMD160_Init(RIPEMD160_CTX *c); -int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, unsigned long len); +int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len); int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); -unsigned char *RIPEMD160(const unsigned char *d, unsigned long n, +unsigned char *RIPEMD160(const unsigned char *d, size_t n, unsigned char *md); void RIPEMD160_Transform(RIPEMD160_CTX *c, const unsigned char *b); #ifdef __cplusplus diff --git a/src/lib/libcrypto/ripemd/rmd160.c b/src/lib/libcrypto/ripemd/rmd160.c deleted file mode 100644 index 4f8b88a18ac..00000000000 --- a/src/lib/libcrypto/ripemd/rmd160.c +++ /dev/null @@ -1,127 +0,0 @@ -/* crypto/ripemd/rmd160.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include - -#define BUFSIZE 1024*16 - -void do_fp(FILE *f); -void pt(unsigned char *md); -#ifndef _OSD_POSIX -int read(int, void *, unsigned int); -#endif - -int main(int argc, char **argv) - { - int i,err=0; - FILE *IN; - - if (argc == 1) - { - do_fp(stdin); - } - else - { - for (i=1; i #include "rmd_locl.h" #include - -const char *RMD160_version="RIPE-MD160" OPENSSL_VERSION_PTEXT; +#include # ifdef RMD160_ASM - void ripemd160_block_x86(RIPEMD160_CTX *c, unsigned long *p,int num); + void ripemd160_block_x86(RIPEMD160_CTX *c, unsigned long *p,size_t num); # define ripemd160_block ripemd160_block_x86 # else - void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p,int num); + void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p,size_t num); # endif int RIPEMD160_Init(RIPEMD160_CTX *c) { + memset (c,0,sizeof(*c)); c->A=RIPEMD160_A; c->B=RIPEMD160_B; c->C=RIPEMD160_C; c->D=RIPEMD160_D; c->E=RIPEMD160_E; - c->Nl=0; - c->Nh=0; - c->num=0; return 1; } -#ifndef ripemd160_block_host_order -#ifdef X -#undef X -#endif -#define X(i) XX[i] -void ripemd160_block_host_order (RIPEMD160_CTX *ctx, const void *p, int num) - { - const RIPEMD160_LONG *XX=p; - register unsigned long A,B,C,D,E; - register unsigned long a,b,c,d,e; - - for (;num--;XX+=HASH_LBLOCK) - { - - A=ctx->A; B=ctx->B; C=ctx->C; D=ctx->D; E=ctx->E; - - RIP1(A,B,C,D,E,WL00,SL00); - RIP1(E,A,B,C,D,WL01,SL01); - RIP1(D,E,A,B,C,WL02,SL02); - RIP1(C,D,E,A,B,WL03,SL03); - RIP1(B,C,D,E,A,WL04,SL04); - RIP1(A,B,C,D,E,WL05,SL05); - RIP1(E,A,B,C,D,WL06,SL06); - RIP1(D,E,A,B,C,WL07,SL07); - RIP1(C,D,E,A,B,WL08,SL08); - RIP1(B,C,D,E,A,WL09,SL09); - RIP1(A,B,C,D,E,WL10,SL10); - RIP1(E,A,B,C,D,WL11,SL11); - RIP1(D,E,A,B,C,WL12,SL12); - RIP1(C,D,E,A,B,WL13,SL13); - RIP1(B,C,D,E,A,WL14,SL14); - RIP1(A,B,C,D,E,WL15,SL15); - - RIP2(E,A,B,C,D,WL16,SL16,KL1); - RIP2(D,E,A,B,C,WL17,SL17,KL1); - RIP2(C,D,E,A,B,WL18,SL18,KL1); - RIP2(B,C,D,E,A,WL19,SL19,KL1); - RIP2(A,B,C,D,E,WL20,SL20,KL1); - RIP2(E,A,B,C,D,WL21,SL21,KL1); - RIP2(D,E,A,B,C,WL22,SL22,KL1); - RIP2(C,D,E,A,B,WL23,SL23,KL1); - RIP2(B,C,D,E,A,WL24,SL24,KL1); - RIP2(A,B,C,D,E,WL25,SL25,KL1); - RIP2(E,A,B,C,D,WL26,SL26,KL1); - RIP2(D,E,A,B,C,WL27,SL27,KL1); - RIP2(C,D,E,A,B,WL28,SL28,KL1); - RIP2(B,C,D,E,A,WL29,SL29,KL1); - RIP2(A,B,C,D,E,WL30,SL30,KL1); - RIP2(E,A,B,C,D,WL31,SL31,KL1); - - RIP3(D,E,A,B,C,WL32,SL32,KL2); - RIP3(C,D,E,A,B,WL33,SL33,KL2); - RIP3(B,C,D,E,A,WL34,SL34,KL2); - RIP3(A,B,C,D,E,WL35,SL35,KL2); - RIP3(E,A,B,C,D,WL36,SL36,KL2); - RIP3(D,E,A,B,C,WL37,SL37,KL2); - RIP3(C,D,E,A,B,WL38,SL38,KL2); - RIP3(B,C,D,E,A,WL39,SL39,KL2); - RIP3(A,B,C,D,E,WL40,SL40,KL2); - RIP3(E,A,B,C,D,WL41,SL41,KL2); - RIP3(D,E,A,B,C,WL42,SL42,KL2); - RIP3(C,D,E,A,B,WL43,SL43,KL2); - RIP3(B,C,D,E,A,WL44,SL44,KL2); - RIP3(A,B,C,D,E,WL45,SL45,KL2); - RIP3(E,A,B,C,D,WL46,SL46,KL2); - RIP3(D,E,A,B,C,WL47,SL47,KL2); - - RIP4(C,D,E,A,B,WL48,SL48,KL3); - RIP4(B,C,D,E,A,WL49,SL49,KL3); - RIP4(A,B,C,D,E,WL50,SL50,KL3); - RIP4(E,A,B,C,D,WL51,SL51,KL3); - RIP4(D,E,A,B,C,WL52,SL52,KL3); - RIP4(C,D,E,A,B,WL53,SL53,KL3); - RIP4(B,C,D,E,A,WL54,SL54,KL3); - RIP4(A,B,C,D,E,WL55,SL55,KL3); - RIP4(E,A,B,C,D,WL56,SL56,KL3); - RIP4(D,E,A,B,C,WL57,SL57,KL3); - RIP4(C,D,E,A,B,WL58,SL58,KL3); - RIP4(B,C,D,E,A,WL59,SL59,KL3); - RIP4(A,B,C,D,E,WL60,SL60,KL3); - RIP4(E,A,B,C,D,WL61,SL61,KL3); - RIP4(D,E,A,B,C,WL62,SL62,KL3); - RIP4(C,D,E,A,B,WL63,SL63,KL3); - - RIP5(B,C,D,E,A,WL64,SL64,KL4); - RIP5(A,B,C,D,E,WL65,SL65,KL4); - RIP5(E,A,B,C,D,WL66,SL66,KL4); - RIP5(D,E,A,B,C,WL67,SL67,KL4); - RIP5(C,D,E,A,B,WL68,SL68,KL4); - RIP5(B,C,D,E,A,WL69,SL69,KL4); - RIP5(A,B,C,D,E,WL70,SL70,KL4); - RIP5(E,A,B,C,D,WL71,SL71,KL4); - RIP5(D,E,A,B,C,WL72,SL72,KL4); - RIP5(C,D,E,A,B,WL73,SL73,KL4); - RIP5(B,C,D,E,A,WL74,SL74,KL4); - RIP5(A,B,C,D,E,WL75,SL75,KL4); - RIP5(E,A,B,C,D,WL76,SL76,KL4); - RIP5(D,E,A,B,C,WL77,SL77,KL4); - RIP5(C,D,E,A,B,WL78,SL78,KL4); - RIP5(B,C,D,E,A,WL79,SL79,KL4); - - a=A; b=B; c=C; d=D; e=E; - /* Do other half */ - A=ctx->A; B=ctx->B; C=ctx->C; D=ctx->D; E=ctx->E; - - RIP5(A,B,C,D,E,WR00,SR00,KR0); - RIP5(E,A,B,C,D,WR01,SR01,KR0); - RIP5(D,E,A,B,C,WR02,SR02,KR0); - RIP5(C,D,E,A,B,WR03,SR03,KR0); - RIP5(B,C,D,E,A,WR04,SR04,KR0); - RIP5(A,B,C,D,E,WR05,SR05,KR0); - RIP5(E,A,B,C,D,WR06,SR06,KR0); - RIP5(D,E,A,B,C,WR07,SR07,KR0); - RIP5(C,D,E,A,B,WR08,SR08,KR0); - RIP5(B,C,D,E,A,WR09,SR09,KR0); - RIP5(A,B,C,D,E,WR10,SR10,KR0); - RIP5(E,A,B,C,D,WR11,SR11,KR0); - RIP5(D,E,A,B,C,WR12,SR12,KR0); - RIP5(C,D,E,A,B,WR13,SR13,KR0); - RIP5(B,C,D,E,A,WR14,SR14,KR0); - RIP5(A,B,C,D,E,WR15,SR15,KR0); - - RIP4(E,A,B,C,D,WR16,SR16,KR1); - RIP4(D,E,A,B,C,WR17,SR17,KR1); - RIP4(C,D,E,A,B,WR18,SR18,KR1); - RIP4(B,C,D,E,A,WR19,SR19,KR1); - RIP4(A,B,C,D,E,WR20,SR20,KR1); - RIP4(E,A,B,C,D,WR21,SR21,KR1); - RIP4(D,E,A,B,C,WR22,SR22,KR1); - RIP4(C,D,E,A,B,WR23,SR23,KR1); - RIP4(B,C,D,E,A,WR24,SR24,KR1); - RIP4(A,B,C,D,E,WR25,SR25,KR1); - RIP4(E,A,B,C,D,WR26,SR26,KR1); - RIP4(D,E,A,B,C,WR27,SR27,KR1); - RIP4(C,D,E,A,B,WR28,SR28,KR1); - RIP4(B,C,D,E,A,WR29,SR29,KR1); - RIP4(A,B,C,D,E,WR30,SR30,KR1); - RIP4(E,A,B,C,D,WR31,SR31,KR1); - - RIP3(D,E,A,B,C,WR32,SR32,KR2); - RIP3(C,D,E,A,B,WR33,SR33,KR2); - RIP3(B,C,D,E,A,WR34,SR34,KR2); - RIP3(A,B,C,D,E,WR35,SR35,KR2); - RIP3(E,A,B,C,D,WR36,SR36,KR2); - RIP3(D,E,A,B,C,WR37,SR37,KR2); - RIP3(C,D,E,A,B,WR38,SR38,KR2); - RIP3(B,C,D,E,A,WR39,SR39,KR2); - RIP3(A,B,C,D,E,WR40,SR40,KR2); - RIP3(E,A,B,C,D,WR41,SR41,KR2); - RIP3(D,E,A,B,C,WR42,SR42,KR2); - RIP3(C,D,E,A,B,WR43,SR43,KR2); - RIP3(B,C,D,E,A,WR44,SR44,KR2); - RIP3(A,B,C,D,E,WR45,SR45,KR2); - RIP3(E,A,B,C,D,WR46,SR46,KR2); - RIP3(D,E,A,B,C,WR47,SR47,KR2); - - RIP2(C,D,E,A,B,WR48,SR48,KR3); - RIP2(B,C,D,E,A,WR49,SR49,KR3); - RIP2(A,B,C,D,E,WR50,SR50,KR3); - RIP2(E,A,B,C,D,WR51,SR51,KR3); - RIP2(D,E,A,B,C,WR52,SR52,KR3); - RIP2(C,D,E,A,B,WR53,SR53,KR3); - RIP2(B,C,D,E,A,WR54,SR54,KR3); - RIP2(A,B,C,D,E,WR55,SR55,KR3); - RIP2(E,A,B,C,D,WR56,SR56,KR3); - RIP2(D,E,A,B,C,WR57,SR57,KR3); - RIP2(C,D,E,A,B,WR58,SR58,KR3); - RIP2(B,C,D,E,A,WR59,SR59,KR3); - RIP2(A,B,C,D,E,WR60,SR60,KR3); - RIP2(E,A,B,C,D,WR61,SR61,KR3); - RIP2(D,E,A,B,C,WR62,SR62,KR3); - RIP2(C,D,E,A,B,WR63,SR63,KR3); - - RIP1(B,C,D,E,A,WR64,SR64); - RIP1(A,B,C,D,E,WR65,SR65); - RIP1(E,A,B,C,D,WR66,SR66); - RIP1(D,E,A,B,C,WR67,SR67); - RIP1(C,D,E,A,B,WR68,SR68); - RIP1(B,C,D,E,A,WR69,SR69); - RIP1(A,B,C,D,E,WR70,SR70); - RIP1(E,A,B,C,D,WR71,SR71); - RIP1(D,E,A,B,C,WR72,SR72); - RIP1(C,D,E,A,B,WR73,SR73); - RIP1(B,C,D,E,A,WR74,SR74); - RIP1(A,B,C,D,E,WR75,SR75); - RIP1(E,A,B,C,D,WR76,SR76); - RIP1(D,E,A,B,C,WR77,SR77); - RIP1(C,D,E,A,B,WR78,SR78); - RIP1(B,C,D,E,A,WR79,SR79); - - D =ctx->B+c+D; - ctx->B=ctx->C+d+E; - ctx->C=ctx->D+e+A; - ctx->D=ctx->E+a+B; - ctx->E=ctx->A+b+C; - ctx->A=D; - - } - } -#endif - #ifndef ripemd160_block_data_order #ifdef X #undef X #endif -void ripemd160_block_data_order (RIPEMD160_CTX *ctx, const void *p, int num) +void ripemd160_block_data_order (RIPEMD160_CTX *ctx, const void *p, size_t num) { const unsigned char *data=p; - register unsigned long A,B,C,D,E; - unsigned long a,b,c,d,e,l; + unsigned MD32_REG_T A,B,C,D,E; + unsigned MD32_REG_T a,b,c,d,e,l; #ifndef MD32_XARRAY /* See comment in crypto/sha/sha_locl.h for details. */ - unsigned long XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, - XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15; + unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, + XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15; # define X(i) XX##i #else RIPEMD160_LONG XX[16]; @@ -307,7 +103,7 @@ void ripemd160_block_data_order (RIPEMD160_CTX *ctx, const void *p, int num) A=ctx->A; B=ctx->B; C=ctx->C; D=ctx->D; E=ctx->E; - HOST_c2l(data,l); X( 0)=l; HOST_c2l(data,l); X( 1)=l; + HOST_c2l(data,l); X( 0)=l;HOST_c2l(data,l); X( 1)=l; RIP1(A,B,C,D,E,WL00,SL00); HOST_c2l(data,l); X( 2)=l; RIP1(E,A,B,C,D,WL01,SL01); HOST_c2l(data,l); X( 3)=l; RIP1(D,E,A,B,C,WL02,SL02); HOST_c2l(data,l); X( 4)=l; diff --git a/src/lib/libcrypto/ripemd/rmd_locl.h b/src/lib/libcrypto/ripemd/rmd_locl.h index 7b835dfbd4f..f38b101cc69 100644 --- a/src/lib/libcrypto/ripemd/rmd_locl.h +++ b/src/lib/libcrypto/ripemd/rmd_locl.h @@ -1,4 +1,4 @@ -/* crypto/ripemd/rmd_locl.h */ +/* $OpenBSD: rmd_locl.h,v 1.13 2016/12/21 15:49:29 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -61,10 +61,6 @@ #include #include -#ifndef RIPEMD160_LONG_LOG2 -#define RIPEMD160_LONG_LOG2 2 /* default to 32 bits */ -#endif - /* * DO EXAMINE COMMENTS IN crypto/md5/md5_locl.h & crypto/md5/md5_dgst.c * FOR EXPLANATIONS ON FOLLOWING "CODE." @@ -72,28 +68,24 @@ */ #ifdef RMD160_ASM # if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) -# define ripemd160_block_host_order ripemd160_block_asm_host_order +# define ripemd160_block_data_order ripemd160_block_asm_data_order # endif #endif -void ripemd160_block_host_order (RIPEMD160_CTX *c, const void *p,int num); -void ripemd160_block_data_order (RIPEMD160_CTX *c, const void *p,int num); +__BEGIN_HIDDEN_DECLS -#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) -#define ripemd160_block_data_order ripemd160_block_host_order -#endif +void ripemd160_block_data_order (RIPEMD160_CTX *c, const void *p,size_t num); + +__END_HIDDEN_DECLS #define DATA_ORDER_IS_LITTLE_ENDIAN #define HASH_LONG RIPEMD160_LONG -#define HASH_LONG_LOG2 RIPEMD160_LONG_LOG2 #define HASH_CTX RIPEMD160_CTX #define HASH_CBLOCK RIPEMD160_CBLOCK -#define HASH_LBLOCK RIPEMD160_LBLOCK #define HASH_UPDATE RIPEMD160_Update #define HASH_TRANSFORM RIPEMD160_Transform #define HASH_FINAL RIPEMD160_Final -#define HASH_BLOCK_HOST_ORDER ripemd160_block_host_order #define HASH_MAKE_STRING(c,s) do { \ unsigned long ll; \ ll=(c)->A; HOST_l2c(ll,(s)); \ @@ -102,9 +94,7 @@ void ripemd160_block_data_order (RIPEMD160_CTX *c, const void *p,int num); ll=(c)->D; HOST_l2c(ll,(s)); \ ll=(c)->E; HOST_l2c(ll,(s)); \ } while (0) -#if !defined(L_ENDIAN) || defined(ripemd160_block_data_order) #define HASH_BLOCK_DATA_ORDER ripemd160_block_data_order -#endif #include "md32_common.h" @@ -157,4 +147,3 @@ void ripemd160_block_data_order (RIPEMD160_CTX *c, const void *p,int num); a+=F5(b,c,d)+X(w)+K; \ a=ROTATE(a,s)+e; \ c=ROTATE(c,10); } - diff --git a/src/lib/libcrypto/ripemd/rmd_one.c b/src/lib/libcrypto/ripemd/rmd_one.c index efdf2dd6efc..0d372f32f78 100644 --- a/src/lib/libcrypto/ripemd/rmd_one.c +++ b/src/lib/libcrypto/ripemd/rmd_one.c @@ -1,4 +1,4 @@ -/* crypto/ripemd/rmd_one.c */ +/* $OpenBSD: rmd_one.c,v 1.9 2015/09/10 15:56:25 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -59,18 +59,20 @@ #include #include #include +#include -unsigned char *RIPEMD160(const unsigned char *d, unsigned long n, +unsigned char *RIPEMD160(const unsigned char *d, size_t n, unsigned char *md) { RIPEMD160_CTX c; static unsigned char m[RIPEMD160_DIGEST_LENGTH]; if (md == NULL) md=m; - RIPEMD160_Init(&c); + if (!RIPEMD160_Init(&c)) + return NULL; RIPEMD160_Update(&c,d,n); RIPEMD160_Final(md,&c); - memset(&c,0,sizeof(c)); /* security consideration */ + explicit_bzero(&c,sizeof(c)); return(md); } diff --git a/src/lib/libcrypto/ripemd/rmdconst.h b/src/lib/libcrypto/ripemd/rmdconst.h index 59c48dead1b..f34047f4ff3 100644 --- a/src/lib/libcrypto/ripemd/rmdconst.h +++ b/src/lib/libcrypto/ripemd/rmdconst.h @@ -1,4 +1,4 @@ -/* crypto/ripemd/rmdconst.h */ +/* $OpenBSD: rmdconst.h,v 1.3 2016/12/21 15:49:29 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -55,6 +55,9 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ + +__BEGIN_HIDDEN_DECLS + #define KL0 0x00000000L #define KL1 0x5A827999L #define KL2 0x6ED9EBA1L @@ -397,3 +400,4 @@ #define WR79 11 #define SR79 11 +__END_HIDDEN_DECLS diff --git a/src/lib/libcrypto/ripemd/rmdtest.c b/src/lib/libcrypto/ripemd/rmdtest.c deleted file mode 100644 index 19e9741db2a..00000000000 --- a/src/lib/libcrypto/ripemd/rmdtest.c +++ /dev/null @@ -1,143 +0,0 @@ -/* crypto/ripemd/rmdtest.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include -#include - -#ifdef OPENSSL_NO_RIPEMD -int main(int argc, char *argv[]) -{ - printf("No ripemd support\n"); - return(0); -} -#else -#include - -#ifdef CHARSET_EBCDIC -#include -#endif - -static char *test[]={ - "", - "a", - "abc", - "message digest", - "abcdefghijklmnopqrstuvwxyz", - "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", - "12345678901234567890123456789012345678901234567890123456789012345678901234567890", - NULL, - }; - -static char *ret[]={ - "9c1185a5c5e9fc54612808977ee8f548b2258d31", - "0bdc9d2d256b3ee9daae347be6f4dc835a467ffe", - "8eb208f7e05d987a9b044a8e98c6b087f15a0bfc", - "5d0689ef49d2fae572b881b123a85ffa21595f36", - "f71c27109c692c1b56bbdceb5b9d2865b3708dbc", - "12a053384a9c0c88e405a06c27dcf49ada62eb2b", - "b0e20b6e3116640286ed3a87a5713079b21f5189", - "9b752e45573d4b39f4dbd3323cab82bf63326bfb", - }; - -static char *pt(unsigned char *md); -int main(int argc, char *argv[]) - { - int i,err=0; - unsigned char **P,**R; - char *p; - unsigned char md[RIPEMD160_DIGEST_LENGTH]; - - P=(unsigned char **)test; - R=(unsigned char **)ret; - i=1; - while (*P != NULL) - { -#ifdef CHARSET_EBCDIC - ebcdic2ascii((char *)*P, (char *)*P, strlen((char *)*P)); -#endif - EVP_Digest(&(P[0][0]),(unsigned long)strlen((char *)*P),md,NULL,EVP_ripemd160(), NULL); - p=pt(md); - if (strcmp(p,(char *)*R) != 0) - { - printf("error calculating RIPEMD160 on '%s'\n",*P); - printf("got %s instead of %s\n",p,*R); - err++; - } - else - printf("test %d ok\n",i); - i++; - R++; - P++; - } - exit(err); - return(0); - } - -static char *pt(unsigned char *md) - { - int i; - static char buf[80]; - - for (i=0; i> $(TOP)/MINFO - -links: - @sh $(TOP)/util/point.sh Makefile.ssl Makefile - @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) - @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) - @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) - -install: - @for i in $(EXHEADER) ; \ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; - -tags: - ctags $(SRC) - -tests: - -lint: - lint -DLINT $(INCLUDES) $(SRC)>fluff - -depend: - $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) - -dclean: - $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new - mv -f Makefile.new $(MAKEFILE) - -clean: - rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff - -# DO NOT DELETE THIS LINE -- make depend depends on it. - -rsa_asn1.o: ../../e_os.h ../../include/openssl/asn1.h -rsa_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -rsa_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -rsa_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -rsa_asn1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -rsa_asn1.o: ../../include/openssl/opensslconf.h -rsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rsa_asn1.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -rsa_asn1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -rsa_asn1.o: ../cryptlib.h rsa_asn1.c -rsa_chk.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -rsa_chk.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -rsa_chk.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -rsa_chk.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -rsa_chk.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rsa_chk.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -rsa_chk.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -rsa_chk.o: rsa_chk.c -rsa_eay.o: ../../e_os.h ../../include/openssl/asn1.h -rsa_eay.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -rsa_eay.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -rsa_eay.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -rsa_eay.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -rsa_eay.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -rsa_eay.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -rsa_eay.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -rsa_eay.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -rsa_eay.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -rsa_eay.o: ../../include/openssl/ui.h ../cryptlib.h rsa_eay.c -rsa_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -rsa_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -rsa_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -rsa_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -rsa_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rsa_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -rsa_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -rsa_err.o: rsa_err.c -rsa_gen.o: ../../e_os.h ../../include/openssl/asn1.h -rsa_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -rsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -rsa_gen.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -rsa_gen.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -rsa_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rsa_gen.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -rsa_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -rsa_gen.o: ../cryptlib.h rsa_gen.c -rsa_lib.o: ../../e_os.h ../../include/openssl/asn1.h -rsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -rsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -rsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -rsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -rsa_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -rsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -rsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -rsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -rsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -rsa_lib.o: ../../include/openssl/ui.h ../cryptlib.h rsa_lib.c -rsa_none.o: ../../e_os.h ../../include/openssl/asn1.h -rsa_none.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -rsa_none.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -rsa_none.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -rsa_none.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -rsa_none.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rsa_none.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -rsa_none.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -rsa_none.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_none.c -rsa_null.o: ../../e_os.h ../../include/openssl/asn1.h -rsa_null.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -rsa_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -rsa_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -rsa_null.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -rsa_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rsa_null.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -rsa_null.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -rsa_null.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_null.c -rsa_oaep.o: ../../e_os.h ../../include/openssl/asn1.h -rsa_oaep.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -rsa_oaep.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -rsa_oaep.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -rsa_oaep.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -rsa_oaep.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -rsa_oaep.o: ../../include/openssl/opensslconf.h -rsa_oaep.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rsa_oaep.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -rsa_oaep.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -rsa_oaep.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -rsa_oaep.o: ../cryptlib.h rsa_oaep.c -rsa_pk1.o: ../../e_os.h ../../include/openssl/asn1.h -rsa_pk1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -rsa_pk1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -rsa_pk1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -rsa_pk1.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -rsa_pk1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rsa_pk1.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -rsa_pk1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -rsa_pk1.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_pk1.c -rsa_saos.o: ../../e_os.h ../../include/openssl/asn1.h -rsa_saos.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -rsa_saos.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -rsa_saos.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -rsa_saos.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -rsa_saos.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -rsa_saos.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -rsa_saos.o: ../../include/openssl/opensslconf.h -rsa_saos.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rsa_saos.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -rsa_saos.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -rsa_saos.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -rsa_saos.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -rsa_saos.o: ../cryptlib.h rsa_saos.c -rsa_sign.o: ../../e_os.h ../../include/openssl/asn1.h -rsa_sign.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -rsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -rsa_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -rsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -rsa_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h -rsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -rsa_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -rsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rsa_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -rsa_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -rsa_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -rsa_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -rsa_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -rsa_sign.o: ../cryptlib.h rsa_sign.c -rsa_ssl.o: ../../e_os.h ../../include/openssl/asn1.h -rsa_ssl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -rsa_ssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -rsa_ssl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -rsa_ssl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -rsa_ssl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rsa_ssl.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -rsa_ssl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -rsa_ssl.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_ssl.c diff --git a/src/lib/libcrypto/rsa/rsa.h b/src/lib/libcrypto/rsa/rsa.h index 030a6c88e5d..d2df1a92d38 100644 --- a/src/lib/libcrypto/rsa/rsa.h +++ b/src/lib/libcrypto/rsa/rsa.h @@ -1,25 +1,25 @@ -/* crypto/rsa/rsa.h */ +/* $OpenBSD: rsa.h,v 1.39 2018/09/12 06:35:38 djm Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -59,14 +59,18 @@ #ifndef HEADER_RSA_H #define HEADER_RSA_H +#include + #include #ifndef OPENSSL_NO_BIO #include #endif -#include #include #include +#ifndef OPENSSL_NO_DEPRECATED +#include +#endif #ifdef OPENSSL_NO_RSA #error RSA is disabled. @@ -76,27 +80,24 @@ extern "C" { #endif -typedef struct rsa_st RSA; +/* Declared already in ossl_typ.h */ +/* typedef struct rsa_st RSA; */ +/* typedef struct rsa_meth_st RSA_METHOD; */ -typedef struct rsa_meth_st - { +struct rsa_meth_st { const char *name; - int (*rsa_pub_enc)(int flen,const unsigned char *from, - unsigned char *to, - RSA *rsa,int padding); - int (*rsa_pub_dec)(int flen,const unsigned char *from, - unsigned char *to, - RSA *rsa,int padding); - int (*rsa_priv_enc)(int flen,const unsigned char *from, - unsigned char *to, - RSA *rsa,int padding); - int (*rsa_priv_dec)(int flen,const unsigned char *from, - unsigned char *to, - RSA *rsa,int padding); - int (*rsa_mod_exp)(BIGNUM *r0,const BIGNUM *I,RSA *rsa); /* Can be null */ + int (*rsa_pub_enc)(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); + int (*rsa_pub_dec)(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); + int (*rsa_priv_enc)(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); + int (*rsa_priv_dec)(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); + int (*rsa_mod_exp)(BIGNUM *r0, const BIGNUM *I, RSA *rsa, + BN_CTX *ctx); /* Can be null */ int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx); /* Can be null */ + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); /* Can be null */ int (*init)(RSA *rsa); /* called at new */ int (*finish)(RSA *rsa); /* called at free */ int flags; /* RSA_METHOD_FLAG_* things */ @@ -108,17 +109,19 @@ typedef struct rsa_meth_st * compatibility this functionality is only enabled if the RSA_FLAG_SIGN_VER * option is set in 'flags'. */ - int (*rsa_sign)(int type, - const unsigned char *m, unsigned int m_length, - unsigned char *sigret, unsigned int *siglen, const RSA *rsa); - int (*rsa_verify)(int dtype, - const unsigned char *m, unsigned int m_length, - unsigned char *sigbuf, unsigned int siglen, const RSA *rsa); - - } RSA_METHOD; - -struct rsa_st - { + int (*rsa_sign)(int type, const unsigned char *m, unsigned int m_length, + unsigned char *sigret, unsigned int *siglen, const RSA *rsa); + int (*rsa_verify)(int dtype, const unsigned char *m, + unsigned int m_length, const unsigned char *sigbuf, + unsigned int siglen, const RSA *rsa); +/* If this callback is NULL, the builtin software RSA key-gen will be used. This + * is for behavioural compatibility whilst the code gets rewired, but one day + * it would be nice to assume there are no such things as "builtin software" + * implementations. */ + int (*rsa_keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); +}; + +struct rsa_st { /* The first parameter is used to pickup errors where * this is passed instead of aEVP_PKEY, it is set to 0 */ int pad; @@ -146,136 +149,298 @@ struct rsa_st /* all BIGNUM values are actually in the following data, if it is not * NULL */ - char *bignum_data; BN_BLINDING *blinding; - }; + BN_BLINDING *mt_blinding; +}; + +#ifndef OPENSSL_RSA_MAX_MODULUS_BITS +# define OPENSSL_RSA_MAX_MODULUS_BITS 16384 +#endif + +#ifndef OPENSSL_RSA_SMALL_MODULUS_BITS +# define OPENSSL_RSA_SMALL_MODULUS_BITS 3072 +#endif +#ifndef OPENSSL_RSA_MAX_PUBEXP_BITS +# define OPENSSL_RSA_MAX_PUBEXP_BITS 64 /* exponent limit enforced for "large" modulus only */ +#endif #define RSA_3 0x3L #define RSA_F4 0x10001L -#define RSA_METHOD_FLAG_NO_CHECK 0x01 /* don't check pub/private match */ +/* Don't check pub/private match. */ +#define RSA_METHOD_FLAG_NO_CHECK 0x0001 + +#define RSA_FLAG_CACHE_PUBLIC 0x0002 +#define RSA_FLAG_CACHE_PRIVATE 0x0004 +#define RSA_FLAG_BLINDING 0x0008 +#define RSA_FLAG_THREAD_SAFE 0x0010 -#define RSA_FLAG_CACHE_PUBLIC 0x02 -#define RSA_FLAG_CACHE_PRIVATE 0x04 -#define RSA_FLAG_BLINDING 0x08 -#define RSA_FLAG_THREAD_SAFE 0x10 -/* This flag means the private key operations will be handled by rsa_mod_exp +/* + * This flag means the private key operations will be handled by rsa_mod_exp * and that they do not depend on the private key components being present: * for example a key stored in external hardware. Without this flag bn_mod_exp * gets called when private key components are absent. */ -#define RSA_FLAG_EXT_PKEY 0x20 +#define RSA_FLAG_EXT_PKEY 0x0020 -/* This flag in the RSA_METHOD enables the new rsa_sign, rsa_verify functions. +/* + * This flag in the RSA_METHOD enables the new rsa_sign, rsa_verify functions. */ -#define RSA_FLAG_SIGN_VER 0x40 +#define RSA_FLAG_SIGN_VER 0x0040 + +/* + * The built-in RSA implementation uses blinding by default, but other engines + * might not need it. + */ +#define RSA_FLAG_NO_BLINDING 0x0080 + +#define EVP_PKEY_CTX_set_rsa_padding(ctx, pad) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, -1, EVP_PKEY_CTRL_RSA_PADDING, \ + pad, NULL) + +#define EVP_PKEY_CTX_get_rsa_padding(ctx, ppad) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, -1, \ + EVP_PKEY_CTRL_GET_RSA_PADDING, 0, ppad) + +#define EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, len) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \ + (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \ + EVP_PKEY_CTRL_RSA_PSS_SALTLEN, \ + len, NULL) + +#define EVP_PKEY_CTX_get_rsa_pss_saltlen(ctx, plen) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \ + (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \ + EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN, \ + 0, plen) + +#define EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_RSA_KEYGEN_BITS, bits, NULL) + +#define EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN, \ + EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pubexp) + +#define EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, md) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_SIG, \ + EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)md) + +#define EVP_PKEY_CTX_get_rsa_mgf1_md(ctx, pmd) \ + EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_SIG, \ + EVP_PKEY_CTRL_GET_RSA_MGF1_MD, 0, (void *)pmd) + +#define EVP_PKEY_CTRL_RSA_PADDING (EVP_PKEY_ALG_CTRL + 1) +#define EVP_PKEY_CTRL_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 2) + +#define EVP_PKEY_CTRL_RSA_KEYGEN_BITS (EVP_PKEY_ALG_CTRL + 3) +#define EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP (EVP_PKEY_ALG_CTRL + 4) +#define EVP_PKEY_CTRL_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 5) + +#define EVP_PKEY_CTRL_GET_RSA_PADDING (EVP_PKEY_ALG_CTRL + 6) +#define EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 7) +#define EVP_PKEY_CTRL_GET_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 8) #define RSA_PKCS1_PADDING 1 #define RSA_SSLV23_PADDING 2 #define RSA_NO_PADDING 3 #define RSA_PKCS1_OAEP_PADDING 4 +#define RSA_X931_PADDING 5 +/* EVP_PKEY_ only */ +#define RSA_PKCS1_PSS_PADDING 6 + +#define RSA_PKCS1_PADDING_SIZE 11 #define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,arg) #define RSA_get_app_data(s) RSA_get_ex_data(s,0) -RSA * RSA_new(void); -RSA * RSA_new_method(ENGINE *engine); -int RSA_size(const RSA *); -RSA * RSA_generate_key(int bits, unsigned long e,void - (*callback)(int,int,void *),void *cb_arg); -int RSA_check_key(const RSA *); - /* next 4 return -1 on error */ -int RSA_public_encrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa,int padding); -int RSA_private_encrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa,int padding); -int RSA_public_decrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa,int padding); -int RSA_private_decrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa,int padding); -void RSA_free (RSA *r); +RSA *RSA_new(void); +RSA *RSA_new_method(ENGINE *engine); +int RSA_bits(const RSA *rsa); +int RSA_size(const RSA *rsa); + +/* Deprecated version */ +#ifndef OPENSSL_NO_DEPRECATED +RSA *RSA_generate_key(int bits, unsigned long e, + void (*callback)(int, int, void *), void *cb_arg); +#endif /* !defined(OPENSSL_NO_DEPRECATED) */ + +/* New version */ +int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); + +int RSA_check_key(const RSA *); +/* next 4 return -1 on error */ +int RSA_public_encrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +int RSA_private_encrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +int RSA_public_decrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +int RSA_private_decrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding); +void RSA_free(RSA *r); /* "up" the RSA object's reference count */ -int RSA_up_ref(RSA *r); +int RSA_up_ref(RSA *r); -int RSA_flags(const RSA *r); +int RSA_flags(const RSA *r); void RSA_set_default_method(const RSA_METHOD *meth); const RSA_METHOD *RSA_get_default_method(void); const RSA_METHOD *RSA_get_method(const RSA *rsa); int RSA_set_method(RSA *rsa, const RSA_METHOD *meth); -/* This function needs the memory locking malloc callbacks to be installed */ -int RSA_memory_lock(RSA *r); - /* these are the actual SSLeay RSA functions */ const RSA_METHOD *RSA_PKCS1_SSLeay(void); const RSA_METHOD *RSA_null_method(void); -DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPublicKey) -DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPrivateKey) +RSA *d2i_RSAPublicKey(RSA **a, const unsigned char **in, long len); +int i2d_RSAPublicKey(const RSA *a, unsigned char **out); +extern const ASN1_ITEM RSAPublicKey_it; +RSA *d2i_RSAPrivateKey(RSA **a, const unsigned char **in, long len); +int i2d_RSAPrivateKey(const RSA *a, unsigned char **out); +extern const ASN1_ITEM RSAPrivateKey_it; -#ifndef OPENSSL_NO_FP_API -int RSA_print_fp(FILE *fp, const RSA *r,int offset); -#endif +typedef struct rsa_pss_params_st { + X509_ALGOR *hashAlgorithm; + X509_ALGOR *maskGenAlgorithm; + ASN1_INTEGER *saltLength; + ASN1_INTEGER *trailerField; +} RSA_PSS_PARAMS; + +RSA_PSS_PARAMS *RSA_PSS_PARAMS_new(void); +void RSA_PSS_PARAMS_free(RSA_PSS_PARAMS *a); +RSA_PSS_PARAMS *d2i_RSA_PSS_PARAMS(RSA_PSS_PARAMS **a, const unsigned char **in, long len); +int i2d_RSA_PSS_PARAMS(RSA_PSS_PARAMS *a, unsigned char **out); +extern const ASN1_ITEM RSA_PSS_PARAMS_it; + +int RSA_print_fp(FILE *fp, const RSA *r, int offset); #ifndef OPENSSL_NO_BIO -int RSA_print(BIO *bp, const RSA *r,int offset); +int RSA_print(BIO *bp, const RSA *r, int offset); #endif -int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey); -RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, int (*cb)(), int sgckey); +#ifndef OPENSSL_NO_RC4 +int i2d_RSA_NET(const RSA *a, unsigned char **pp, + int (*cb)(char *buf, int len, const char *prompt, int verify), int sgckey); +RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, + int (*cb)(char *buf, int len, const char *prompt, int verify), int sgckey); -int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, int (*cb)()); -RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int (*cb)()); +int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, + int (*cb)(char *buf, int len, const char *prompt, int verify)); +RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, + int (*cb)(char *buf, int len, const char *prompt, int verify)); +#endif /* The following 2 functions sign and verify a X509_SIG ASN1 object * inside PKCS#1 padded RSA encryption */ int RSA_sign(int type, const unsigned char *m, unsigned int m_length, - unsigned char *sigret, unsigned int *siglen, RSA *rsa); + unsigned char *sigret, unsigned int *siglen, RSA *rsa); int RSA_verify(int type, const unsigned char *m, unsigned int m_length, - unsigned char *sigbuf, unsigned int siglen, RSA *rsa); + const unsigned char *sigbuf, unsigned int siglen, RSA *rsa); /* The following 2 function sign and verify a ASN1_OCTET_STRING * object inside PKCS#1 padded RSA encryption */ -int RSA_sign_ASN1_OCTET_STRING(int type, - const unsigned char *m, unsigned int m_length, - unsigned char *sigret, unsigned int *siglen, RSA *rsa); -int RSA_verify_ASN1_OCTET_STRING(int type, - const unsigned char *m, unsigned int m_length, - unsigned char *sigbuf, unsigned int siglen, RSA *rsa); +int RSA_sign_ASN1_OCTET_STRING(int type, const unsigned char *m, + unsigned int m_length, unsigned char *sigret, unsigned int *siglen, + RSA *rsa); +int RSA_verify_ASN1_OCTET_STRING(int type, const unsigned char *m, + unsigned int m_length, unsigned char *sigbuf, unsigned int siglen, + RSA *rsa); int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); void RSA_blinding_off(RSA *rsa); - -int RSA_padding_add_PKCS1_type_1(unsigned char *to,int tlen, - const unsigned char *f,int fl); -int RSA_padding_check_PKCS1_type_1(unsigned char *to,int tlen, - const unsigned char *f,int fl,int rsa_len); -int RSA_padding_add_PKCS1_type_2(unsigned char *to,int tlen, - const unsigned char *f,int fl); -int RSA_padding_check_PKCS1_type_2(unsigned char *to,int tlen, - const unsigned char *f,int fl,int rsa_len); -int RSA_padding_add_PKCS1_OAEP(unsigned char *to,int tlen, - const unsigned char *f,int fl, - const unsigned char *p,int pl); -int RSA_padding_check_PKCS1_OAEP(unsigned char *to,int tlen, - const unsigned char *f,int fl,int rsa_len, - const unsigned char *p,int pl); -int RSA_padding_add_SSLv23(unsigned char *to,int tlen, - const unsigned char *f,int fl); -int RSA_padding_check_SSLv23(unsigned char *to,int tlen, - const unsigned char *f,int fl,int rsa_len); -int RSA_padding_add_none(unsigned char *to,int tlen, - const unsigned char *f,int fl); -int RSA_padding_check_none(unsigned char *to,int tlen, - const unsigned char *f,int fl,int rsa_len); +BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *ctx); + +int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen, + const unsigned char *f, int fl); +int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen, + const unsigned char *f, int fl, int rsa_len); +int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen, + const unsigned char *f, int fl); +int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, + const unsigned char *f, int fl, int rsa_len); +int PKCS1_MGF1(unsigned char *mask, long len, + const unsigned char *seed, long seedlen, const EVP_MD *dgst); +int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, + const unsigned char *f, int fl, + const unsigned char *p, int pl); +int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, + const unsigned char *f, int fl, int rsa_len, + const unsigned char *p, int pl); +int RSA_padding_add_none(unsigned char *to, int tlen, + const unsigned char *f, int fl); +int RSA_padding_check_none(unsigned char *to, int tlen, + const unsigned char *f, int fl, int rsa_len); +int RSA_padding_add_X931(unsigned char *to, int tlen, + const unsigned char *f, int fl); +int RSA_padding_check_X931(unsigned char *to, int tlen, + const unsigned char *f, int fl, int rsa_len); +int RSA_X931_hash_id(int nid); + +int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash, + const EVP_MD *Hash, const unsigned char *EM, int sLen); +int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM, + const unsigned char *mHash, const EVP_MD *Hash, int sLen); + +int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, + const EVP_MD *Hash, const EVP_MD *mgf1Hash, const unsigned char *EM, + int sLen); + +int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, + const unsigned char *mHash, const EVP_MD *Hash, const EVP_MD *mgf1Hash, + int sLen); int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); -int RSA_set_ex_data(RSA *r,int idx,void *arg); + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +int RSA_set_ex_data(RSA *r, int idx, void *arg); void *RSA_get_ex_data(const RSA *r, int idx); +void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, + const BIGNUM **d); +int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d); +void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, + const BIGNUM **iqmp); +int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp); +void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q); +int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q); +void RSA_clear_flags(RSA *r, int flags); +int RSA_test_flags(const RSA *r, int flags); +void RSA_set_flags(RSA *r, int flags); + +RSA *RSAPublicKey_dup(RSA *rsa); +RSA *RSAPrivateKey_dup(RSA *rsa); + +/* If this flag is set the RSA method is FIPS compliant and can be used + * in FIPS mode. This is set in the validated module method. If an + * application sets this flag in its own methods it is its responsibility + * to ensure the result is compliant. + */ + +#define RSA_FLAG_FIPS_METHOD 0x0400 + +/* If this flag is set the operations normally disabled in FIPS mode are + * permitted it is then the applications responsibility to ensure that the + * usage is compliant. + */ + +#define RSA_FLAG_NON_FIPS_ALLOW 0x0400 +/* Application has decided PRNG is good enough to generate a key: don't + * check. + */ +#define RSA_FLAG_CHECKED 0x0800 + +RSA_METHOD *RSA_meth_new(const char *name, int flags); +void RSA_meth_free(RSA_METHOD *meth); +RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth); +int RSA_meth_set1_name(RSA_METHOD *meth, const char *name); +int RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc)(int flen, + const unsigned char *from, unsigned char *to, RSA *rsa, int padding)); +int RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec)(int flen, + const unsigned char *from, unsigned char *to, RSA *rsa, int padding)); +int (*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa); +int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa)); + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. @@ -285,31 +450,62 @@ void ERR_load_RSA_strings(void); /* Error codes for the RSA functions. */ /* Function codes. */ +#define RSA_F_CHECK_PADDING_MD 140 +#define RSA_F_DO_RSA_PRINT 146 +#define RSA_F_INT_RSA_VERIFY 145 #define RSA_F_MEMORY_LOCK 100 +#define RSA_F_OLD_RSA_PRIV_DECODE 147 +#define RSA_F_PKEY_RSA_CTRL 143 +#define RSA_F_PKEY_RSA_CTRL_STR 144 +#define RSA_F_PKEY_RSA_SIGN 142 +#define RSA_F_PKEY_RSA_VERIFY 154 +#define RSA_F_PKEY_RSA_VERIFYRECOVER 141 +#define RSA_F_RSA_BUILTIN_KEYGEN 129 #define RSA_F_RSA_CHECK_KEY 123 +#define RSA_F_RSA_EAY_MOD_EXP 157 #define RSA_F_RSA_EAY_PRIVATE_DECRYPT 101 #define RSA_F_RSA_EAY_PRIVATE_ENCRYPT 102 #define RSA_F_RSA_EAY_PUBLIC_DECRYPT 103 #define RSA_F_RSA_EAY_PUBLIC_ENCRYPT 104 #define RSA_F_RSA_GENERATE_KEY 105 +#define RSA_F_RSA_GENERATE_KEY_EX 155 +#define RSA_F_RSA_ITEM_VERIFY 156 +#define RSA_F_RSA_MEMORY_LOCK 130 #define RSA_F_RSA_NEW_METHOD 106 #define RSA_F_RSA_NULL 124 +#define RSA_F_RSA_NULL_MOD_EXP 131 +#define RSA_F_RSA_NULL_PRIVATE_DECRYPT 132 +#define RSA_F_RSA_NULL_PRIVATE_ENCRYPT 133 +#define RSA_F_RSA_NULL_PUBLIC_DECRYPT 134 +#define RSA_F_RSA_NULL_PUBLIC_ENCRYPT 135 #define RSA_F_RSA_PADDING_ADD_NONE 107 #define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121 +#define RSA_F_RSA_PADDING_ADD_PKCS1_PSS 125 +#define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1 148 #define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108 #define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109 -#define RSA_F_RSA_PADDING_ADD_SSLV23 110 +#define RSA_F_RSA_PADDING_ADD_X931 127 #define RSA_F_RSA_PADDING_CHECK_NONE 111 #define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP 122 #define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 112 #define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 113 -#define RSA_F_RSA_PADDING_CHECK_SSLV23 114 +#define RSA_F_RSA_PADDING_CHECK_X931 128 #define RSA_F_RSA_PRINT 115 #define RSA_F_RSA_PRINT_FP 116 +#define RSA_F_RSA_PRIVATE_DECRYPT 150 +#define RSA_F_RSA_PRIVATE_ENCRYPT 151 +#define RSA_F_RSA_PRIV_DECODE 137 +#define RSA_F_RSA_PRIV_ENCODE 138 +#define RSA_F_RSA_PUBLIC_DECRYPT 152 +#define RSA_F_RSA_PUBLIC_ENCRYPT 153 +#define RSA_F_RSA_PUB_DECODE 139 +#define RSA_F_RSA_SETUP_BLINDING 136 #define RSA_F_RSA_SIGN 117 #define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 #define RSA_F_RSA_VERIFY 119 #define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120 +#define RSA_F_RSA_VERIFY_PKCS1_PSS 126 +#define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1 149 /* Reason codes. */ #define RSA_R_ALGORITHM_MISMATCH 100 @@ -329,20 +525,47 @@ void ERR_load_RSA_strings(void); #define RSA_R_DMP1_NOT_CONGRUENT_TO_D 124 #define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125 #define RSA_R_D_E_NOT_CONGRUENT_TO_1 123 +#define RSA_R_FIRST_OCTET_INVALID 133 +#define RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 144 +#define RSA_R_INVALID_DIGEST_LENGTH 143 +#define RSA_R_INVALID_HEADER 137 +#define RSA_R_INVALID_KEYBITS 145 #define RSA_R_INVALID_MESSAGE_LENGTH 131 +#define RSA_R_INVALID_MGF1_MD 156 +#define RSA_R_INVALID_PADDING 138 +#define RSA_R_INVALID_PADDING_MODE 141 +#define RSA_R_INVALID_PSS_PARAMETERS 149 +#define RSA_R_INVALID_PSS_SALTLEN 146 +#define RSA_R_INVALID_SALT_LENGTH 150 +#define RSA_R_INVALID_TRAILER 139 +#define RSA_R_INVALID_X931_DIGEST 142 #define RSA_R_IQMP_NOT_INVERSE_OF_Q 126 #define RSA_R_KEY_SIZE_TOO_SMALL 120 +#define RSA_R_LAST_OCTET_INVALID 134 +#define RSA_R_MODULUS_TOO_LARGE 105 +#define RSA_R_NON_FIPS_RSA_METHOD 157 +#define RSA_R_NO_PUBLIC_EXPONENT 140 #define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 #define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 #define RSA_R_OAEP_DECODING_ERROR 121 +#define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 158 +#define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 #define RSA_R_PADDING_CHECK_FAILED 114 #define RSA_R_P_NOT_PRIME 128 #define RSA_R_Q_NOT_PRIME 129 #define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130 +#define RSA_R_SLEN_CHECK_FAILED 136 +#define RSA_R_SLEN_RECOVERY_FAILED 135 #define RSA_R_SSLV3_ROLLBACK_ATTACK 115 #define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116 #define RSA_R_UNKNOWN_ALGORITHM_TYPE 117 +#define RSA_R_UNKNOWN_MASK_DIGEST 151 #define RSA_R_UNKNOWN_PADDING_TYPE 118 +#define RSA_R_UNKNOWN_PSS_DIGEST 152 +#define RSA_R_UNSUPPORTED_MASK_ALGORITHM 153 +#define RSA_R_UNSUPPORTED_MASK_PARAMETER 154 +#define RSA_R_UNSUPPORTED_SIGNATURE_TYPE 155 +#define RSA_R_VALUE_MISSING 147 #define RSA_R_WRONG_SIGNATURE_LENGTH 119 #ifdef __cplusplus diff --git a/src/lib/libcrypto/rsa/rsa_ameth.c b/src/lib/libcrypto/rsa/rsa_ameth.c new file mode 100644 index 00000000000..ce3e9b3509f --- /dev/null +++ b/src/lib/libcrypto/rsa/rsa_ameth.c @@ -0,0 +1,657 @@ +/* $OpenBSD: rsa_ameth.c,v 1.19 2018/08/24 20:22:15 tb Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2006. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include + +#include + +#include +#include +#include +#include +#include + + +#include "asn1_locl.h" + +static int +rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) +{ + unsigned char *penc = NULL; + int penclen; + + penclen = i2d_RSAPublicKey(pkey->pkey.rsa, &penc); + if (penclen <= 0) + return 0; + if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_RSA), + V_ASN1_NULL, NULL, penc, penclen)) + return 1; + + free(penc); + return 0; +} + +static int +rsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) +{ + const unsigned char *p; + int pklen; + RSA *rsa = NULL; + + if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, NULL, pubkey)) + return 0; + if (!(rsa = d2i_RSAPublicKey(NULL, &p, pklen))) { + RSAerror(ERR_R_RSA_LIB); + return 0; + } + EVP_PKEY_assign_RSA (pkey, rsa); + return 1; +} + +static int +rsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) +{ + if (BN_cmp(b->pkey.rsa->n, a->pkey.rsa->n) != 0 || + BN_cmp(b->pkey.rsa->e, a->pkey.rsa->e) != 0) + return 0; + return 1; +} + +static int +old_rsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen) +{ + RSA *rsa; + + if (!(rsa = d2i_RSAPrivateKey (NULL, pder, derlen))) { + RSAerror(ERR_R_RSA_LIB); + return 0; + } + EVP_PKEY_assign_RSA(pkey, rsa); + return 1; +} + +static int +old_rsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder) +{ + return i2d_RSAPrivateKey(pkey->pkey.rsa, pder); +} + +static int +rsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) +{ + unsigned char *rk = NULL; + int rklen; + + rklen = i2d_RSAPrivateKey(pkey->pkey.rsa, &rk); + + if (rklen <= 0) { + RSAerror(ERR_R_MALLOC_FAILURE); + return 0; + } + + if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_rsaEncryption), 0, + V_ASN1_NULL, NULL, rk, rklen)) { + RSAerror(ERR_R_MALLOC_FAILURE); + return 0; + } + + return 1; +} + +static int +rsa_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8) +{ + const unsigned char *p; + int pklen; + + if (!PKCS8_pkey_get0(NULL, &p, &pklen, NULL, p8)) + return 0; + return old_rsa_priv_decode(pkey, &p, pklen); +} + +static int +int_rsa_size(const EVP_PKEY *pkey) +{ + return RSA_size(pkey->pkey.rsa); +} + +static int +rsa_bits(const EVP_PKEY *pkey) +{ + return BN_num_bits(pkey->pkey.rsa->n); +} + +static void +int_rsa_free(EVP_PKEY *pkey) +{ + RSA_free(pkey->pkey.rsa); +} + +static void +update_buflen(const BIGNUM *b, size_t *pbuflen) +{ + size_t i; + + if (!b) + return; + if (*pbuflen < (i = (size_t)BN_num_bytes(b))) + *pbuflen = i; +} + +static int +do_rsa_print(BIO *bp, const RSA *x, int off, int priv) +{ + char *str; + const char *s; + unsigned char *m = NULL; + int ret = 0, mod_len = 0; + size_t buf_len = 0; + + update_buflen(x->n, &buf_len); + update_buflen(x->e, &buf_len); + + if (priv) { + update_buflen(x->d, &buf_len); + update_buflen(x->p, &buf_len); + update_buflen(x->q, &buf_len); + update_buflen(x->dmp1, &buf_len); + update_buflen(x->dmq1, &buf_len); + update_buflen(x->iqmp, &buf_len); + } + + m = malloc(buf_len + 10); + if (m == NULL) { + RSAerror(ERR_R_MALLOC_FAILURE); + goto err; + } + + if (x->n != NULL) + mod_len = BN_num_bits(x->n); + + if (!BIO_indent(bp, off, 128)) + goto err; + + if (priv && x->d) { + if (BIO_printf(bp, "Private-Key: (%d bit)\n", mod_len) <= 0) + goto err; + str = "modulus:"; + s = "publicExponent:"; + } else { + if (BIO_printf(bp, "Public-Key: (%d bit)\n", mod_len) <= 0) + goto err; + str = "Modulus:"; + s= "Exponent:"; + } + if (!ASN1_bn_print(bp, str, x->n, m, off)) + goto err; + if (!ASN1_bn_print(bp, s, x->e, m, off)) + goto err; + if (priv) { + if (!ASN1_bn_print(bp, "privateExponent:", x->d,m, off)) + goto err; + if (!ASN1_bn_print(bp, "prime1:", x->p, m, off)) + goto err; + if (!ASN1_bn_print(bp, "prime2:", x->q, m, off)) + goto err; + if (!ASN1_bn_print(bp, "exponent1:", x->dmp1, m, off)) + goto err; + if (!ASN1_bn_print(bp, "exponent2:", x->dmq1, m, off)) + goto err; + if (!ASN1_bn_print(bp, "coefficient:", x->iqmp, m, off)) + goto err; + } + ret = 1; +err: + free(m); + return (ret); +} + +static int +rsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx) +{ + return do_rsa_print(bp, pkey->pkey.rsa, indent, 0); +} + +static int +rsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx) +{ + return do_rsa_print(bp, pkey->pkey.rsa, indent, 1); +} + +static RSA_PSS_PARAMS * +rsa_pss_decode(const X509_ALGOR *alg, X509_ALGOR **pmaskHash) +{ + const unsigned char *p; + int plen; + RSA_PSS_PARAMS *pss; + + *pmaskHash = NULL; + + if (!alg->parameter || alg->parameter->type != V_ASN1_SEQUENCE) + return NULL; + + p = alg->parameter->value.sequence->data; + plen = alg->parameter->value.sequence->length; + pss = d2i_RSA_PSS_PARAMS(NULL, &p, plen); + + if (!pss) + return NULL; + + if (pss->maskGenAlgorithm) { + ASN1_TYPE *param = pss->maskGenAlgorithm->parameter; + if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) == NID_mgf1 && + param && param->type == V_ASN1_SEQUENCE) { + p = param->value.sequence->data; + plen = param->value.sequence->length; + *pmaskHash = d2i_X509_ALGOR(NULL, &p, plen); + } + } + + return pss; +} + +static int +rsa_pss_param_print(BIO *bp, RSA_PSS_PARAMS *pss, X509_ALGOR *maskHash, + int indent) +{ + int rv = 0; + + if (!pss) { + if (BIO_puts(bp, " (INVALID PSS PARAMETERS)\n") <= 0) + return 0; + return 1; + } + if (BIO_puts(bp, "\n") <= 0) + goto err; + if (!BIO_indent(bp, indent, 128)) + goto err; + if (BIO_puts(bp, "Hash Algorithm: ") <= 0) + goto err; + + if (pss->hashAlgorithm) { + if (i2a_ASN1_OBJECT(bp, pss->hashAlgorithm->algorithm) <= 0) + goto err; + } else if (BIO_puts(bp, "sha1 (default)") <= 0) + goto err; + + if (BIO_puts(bp, "\n") <= 0) + goto err; + + if (!BIO_indent(bp, indent, 128)) + goto err; + + if (BIO_puts(bp, "Mask Algorithm: ") <= 0) + goto err; + if (pss->maskGenAlgorithm) { + if (i2a_ASN1_OBJECT(bp, pss->maskGenAlgorithm->algorithm) <= 0) + goto err; + if (BIO_puts(bp, " with ") <= 0) + goto err; + if (maskHash) { + if (i2a_ASN1_OBJECT(bp, maskHash->algorithm) <= 0) + goto err; + } else if (BIO_puts(bp, "INVALID") <= 0) + goto err; + } else if (BIO_puts(bp, "mgf1 with sha1 (default)") <= 0) + goto err; + BIO_puts(bp, "\n"); + + if (!BIO_indent(bp, indent, 128)) + goto err; + if (BIO_puts(bp, "Salt Length: 0x") <= 0) + goto err; + if (pss->saltLength) { + if (i2a_ASN1_INTEGER(bp, pss->saltLength) <= 0) + goto err; + } else if (BIO_puts(bp, "14 (default)") <= 0) + goto err; + BIO_puts(bp, "\n"); + + if (!BIO_indent(bp, indent, 128)) + goto err; + if (BIO_puts(bp, "Trailer Field: 0x") <= 0) + goto err; + if (pss->trailerField) { + if (i2a_ASN1_INTEGER(bp, pss->trailerField) <= 0) + goto err; + } else if (BIO_puts(bp, "BC (default)") <= 0) + goto err; + BIO_puts(bp, "\n"); + + rv = 1; + +err: + return rv; +} + +static int +rsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, const ASN1_STRING *sig, + int indent, ASN1_PCTX *pctx) +{ + if (OBJ_obj2nid(sigalg->algorithm) == NID_rsassaPss) { + int rv; + RSA_PSS_PARAMS *pss; + X509_ALGOR *maskHash; + pss = rsa_pss_decode(sigalg, &maskHash); + rv = rsa_pss_param_print(bp, pss, maskHash, indent); + if (pss) + RSA_PSS_PARAMS_free(pss); + if (maskHash) + X509_ALGOR_free(maskHash); + if (!rv) + return 0; + } else if (!sig && BIO_puts(bp, "\n") <= 0) + return 0; + if (sig) + return X509_signature_dump(bp, sig, indent); + return 1; +} + +static int +rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) +{ + X509_ALGOR *alg = NULL; + + switch (op) { + case ASN1_PKEY_CTRL_PKCS7_SIGN: + if (arg1 == 0) + PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, NULL, &alg); + break; + + case ASN1_PKEY_CTRL_PKCS7_ENCRYPT: + if (arg1 == 0) + PKCS7_RECIP_INFO_get0_alg(arg2, &alg); + break; + + case ASN1_PKEY_CTRL_DEFAULT_MD_NID: + *(int *)arg2 = NID_sha1; + return 1; + + default: + return -2; + } + + if (alg) + X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), + V_ASN1_NULL, 0); + + return 1; +} + +/* Customised RSA item verification routine. This is called + * when a signature is encountered requiring special handling. We + * currently only handle PSS. + */ +static int +rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, + X509_ALGOR *sigalg, ASN1_BIT_STRING *sig, EVP_PKEY *pkey) +{ + int rv = -1; + int saltlen; + const EVP_MD *mgf1md = NULL, *md = NULL; + RSA_PSS_PARAMS *pss; + X509_ALGOR *maskHash; + EVP_PKEY_CTX *pkctx; + + /* Sanity check: make sure it is PSS */ + if (OBJ_obj2nid(sigalg->algorithm) != NID_rsassaPss) { + RSAerror(RSA_R_UNSUPPORTED_SIGNATURE_TYPE); + return -1; + } + + /* Decode PSS parameters */ + pss = rsa_pss_decode(sigalg, &maskHash); + + if (pss == NULL) { + RSAerror(RSA_R_INVALID_PSS_PARAMETERS); + goto err; + } + /* Check mask and lookup mask hash algorithm */ + if (pss->maskGenAlgorithm) { + if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) != NID_mgf1) { + RSAerror(RSA_R_UNSUPPORTED_MASK_ALGORITHM); + goto err; + } + if (!maskHash) { + RSAerror(RSA_R_UNSUPPORTED_MASK_PARAMETER); + goto err; + } + mgf1md = EVP_get_digestbyobj(maskHash->algorithm); + if (mgf1md == NULL) { + RSAerror(RSA_R_UNKNOWN_MASK_DIGEST); + goto err; + } + } else + mgf1md = EVP_sha1(); + + if (pss->hashAlgorithm) { + md = EVP_get_digestbyobj(pss->hashAlgorithm->algorithm); + if (md == NULL) { + RSAerror(RSA_R_UNKNOWN_PSS_DIGEST); + goto err; + } + } else + md = EVP_sha1(); + + if (pss->saltLength) { + saltlen = ASN1_INTEGER_get(pss->saltLength); + + /* Could perform more salt length sanity checks but the main + * RSA routines will trap other invalid values anyway. + */ + if (saltlen < 0) { + RSAerror(RSA_R_INVALID_SALT_LENGTH); + goto err; + } + } else + saltlen = 20; + + /* low-level routines support only trailer field 0xbc (value 1) + * and PKCS#1 says we should reject any other value anyway. + */ + if (pss->trailerField && ASN1_INTEGER_get(pss->trailerField) != 1) { + RSAerror(RSA_R_INVALID_TRAILER); + goto err; + } + + /* We have all parameters now set up context */ + + if (!EVP_DigestVerifyInit(ctx, &pkctx, md, NULL, pkey)) + goto err; + + if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING) <= 0) + goto err; + + if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkctx, saltlen) <= 0) + goto err; + + if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0) + goto err; + /* Carry on */ + rv = 2; + +err: + RSA_PSS_PARAMS_free(pss); + if (maskHash) + X509_ALGOR_free(maskHash); + return rv; +} + +static int +rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, + X509_ALGOR *alg1, X509_ALGOR *alg2, ASN1_BIT_STRING *sig) +{ + int pad_mode; + EVP_PKEY_CTX *pkctx = ctx->pctx; + + if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0) + return 0; + if (pad_mode == RSA_PKCS1_PADDING) + return 2; + if (pad_mode == RSA_PKCS1_PSS_PADDING) { + const EVP_MD *sigmd, *mgf1md; + RSA_PSS_PARAMS *pss = NULL; + X509_ALGOR *mgf1alg = NULL; + ASN1_STRING *os1 = NULL, *os2 = NULL; + EVP_PKEY *pk = EVP_PKEY_CTX_get0_pkey(pkctx); + int saltlen, rv = 0; + + sigmd = EVP_MD_CTX_md(ctx); + if (EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) <= 0) + goto err; + if (!EVP_PKEY_CTX_get_rsa_pss_saltlen(pkctx, &saltlen)) + goto err; + if (saltlen == -1) + saltlen = EVP_MD_size(sigmd); + else if (saltlen == -2) { + saltlen = EVP_PKEY_size(pk) - EVP_MD_size(sigmd) - 2; + if (((EVP_PKEY_bits(pk) - 1) & 0x7) == 0) + saltlen--; + } + pss = RSA_PSS_PARAMS_new(); + if (!pss) + goto err; + if (saltlen != 20) { + pss->saltLength = ASN1_INTEGER_new(); + if (!pss->saltLength) + goto err; + if (!ASN1_INTEGER_set(pss->saltLength, saltlen)) + goto err; + } + if (EVP_MD_type(sigmd) != NID_sha1) { + pss->hashAlgorithm = X509_ALGOR_new(); + if (!pss->hashAlgorithm) + goto err; + X509_ALGOR_set_md(pss->hashAlgorithm, sigmd); + } + if (EVP_MD_type(mgf1md) != NID_sha1) { + ASN1_STRING *stmp = NULL; + /* need to embed algorithm ID inside another */ + mgf1alg = X509_ALGOR_new(); + X509_ALGOR_set_md(mgf1alg, mgf1md); + if (!ASN1_item_pack(mgf1alg, &X509_ALGOR_it, + &stmp)) + goto err; + pss->maskGenAlgorithm = X509_ALGOR_new(); + if (!pss->maskGenAlgorithm) + goto err; + X509_ALGOR_set0(pss->maskGenAlgorithm, + OBJ_nid2obj(NID_mgf1), V_ASN1_SEQUENCE, stmp); + } + /* Finally create string with pss parameter encoding. */ + if (!ASN1_item_pack(pss, &RSA_PSS_PARAMS_it, &os1)) + goto err; + if (alg2) { + os2 = ASN1_STRING_dup(os1); + if (!os2) + goto err; + X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_rsassaPss), + V_ASN1_SEQUENCE, os2); + } + X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_rsassaPss), + V_ASN1_SEQUENCE, os1); + os1 = os2 = NULL; + rv = 3; +err: + if (mgf1alg) + X509_ALGOR_free(mgf1alg); + if (pss) + RSA_PSS_PARAMS_free(pss); + ASN1_STRING_free(os1); + return rv; + } + return 2; +} + +const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = { + { + .pkey_id = EVP_PKEY_RSA, + .pkey_base_id = EVP_PKEY_RSA, + .pkey_flags = ASN1_PKEY_SIGPARAM_NULL, + + .pem_str = "RSA", + .info = "OpenSSL RSA method", + + .pub_decode = rsa_pub_decode, + .pub_encode = rsa_pub_encode, + .pub_cmp = rsa_pub_cmp, + .pub_print = rsa_pub_print, + + .priv_decode = rsa_priv_decode, + .priv_encode = rsa_priv_encode, + .priv_print = rsa_priv_print, + + .pkey_size = int_rsa_size, + .pkey_bits = rsa_bits, + + .sig_print = rsa_sig_print, + + .pkey_free = int_rsa_free, + .pkey_ctrl = rsa_pkey_ctrl, + .old_priv_decode = old_rsa_priv_decode, + .old_priv_encode = old_rsa_priv_encode, + .item_verify = rsa_item_verify, + .item_sign = rsa_item_sign + }, + + { + .pkey_id = EVP_PKEY_RSA2, + .pkey_base_id = EVP_PKEY_RSA, + .pkey_flags = ASN1_PKEY_ALIAS + } +}; diff --git a/src/lib/libcrypto/rsa/rsa_asn1.c b/src/lib/libcrypto/rsa/rsa_asn1.c index 1455a7e0e42..f931a93e85e 100644 --- a/src/lib/libcrypto/rsa/rsa_asn1.c +++ b/src/lib/libcrypto/rsa/rsa_asn1.c @@ -1,16 +1,16 @@ -/* rsa_asn1.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: rsa_asn1.c,v 1.13 2016/12/30 15:47:07 jsing Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ /* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. + * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,30 +57,22 @@ */ #include -#include "cryptlib.h" + +#include #include #include -#include - -static ASN1_METHOD method={ - (int (*)()) i2d_RSAPrivateKey, - (char *(*)())d2i_RSAPrivateKey, - (char *(*)())RSA_new, - (void (*)()) RSA_free}; - -ASN1_METHOD *RSAPrivateKey_asn1_meth(void) - { - return(&method); - } +#include /* Override the default free and new methods */ -static int rsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) +static int +rsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) { - if(operation == ASN1_OP_NEW_PRE) { + if (operation == ASN1_OP_NEW_PRE) { *pval = (ASN1_VALUE *)RSA_new(); - if(*pval) return 2; + if (*pval) + return 2; return 0; - } else if(operation == ASN1_OP_FREE_PRE) { + } else if (operation == ASN1_OP_FREE_PRE) { RSA_free((RSA *)*pval); *pval = NULL; return 2; @@ -88,34 +80,229 @@ static int rsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) return 1; } -ASN1_SEQUENCE_cb(RSAPrivateKey, rsa_cb) = { - ASN1_SIMPLE(RSA, version, LONG), - ASN1_SIMPLE(RSA, n, BIGNUM), - ASN1_SIMPLE(RSA, e, BIGNUM), - ASN1_SIMPLE(RSA, d, BIGNUM), - ASN1_SIMPLE(RSA, p, BIGNUM), - ASN1_SIMPLE(RSA, q, BIGNUM), - ASN1_SIMPLE(RSA, dmp1, BIGNUM), - ASN1_SIMPLE(RSA, dmq1, BIGNUM), - ASN1_SIMPLE(RSA, iqmp, BIGNUM) -} ASN1_SEQUENCE_END_cb(RSA, RSAPrivateKey) +static const ASN1_AUX RSAPrivateKey_aux = { + .app_data = NULL, + .flags = 0, + .ref_offset = 0, + .ref_lock = 0, + .asn1_cb = rsa_cb, + .enc_offset = 0, +}; +static const ASN1_TEMPLATE RSAPrivateKey_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(RSA, version), + .field_name = "version", + .item = &LONG_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(RSA, n), + .field_name = "n", + .item = &BIGNUM_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(RSA, e), + .field_name = "e", + .item = &BIGNUM_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(RSA, d), + .field_name = "d", + .item = &BIGNUM_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(RSA, p), + .field_name = "p", + .item = &BIGNUM_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(RSA, q), + .field_name = "q", + .item = &BIGNUM_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(RSA, dmp1), + .field_name = "dmp1", + .item = &BIGNUM_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(RSA, dmq1), + .field_name = "dmq1", + .item = &BIGNUM_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(RSA, iqmp), + .field_name = "iqmp", + .item = &BIGNUM_it, + }, +}; +const ASN1_ITEM RSAPrivateKey_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = RSAPrivateKey_seq_tt, + .tcount = sizeof(RSAPrivateKey_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = &RSAPrivateKey_aux, + .size = sizeof(RSA), + .sname = "RSA", +}; -ASN1_SEQUENCE_cb(RSAPublicKey, rsa_cb) = { - ASN1_SIMPLE(RSA, n, BIGNUM), - ASN1_SIMPLE(RSA, e, BIGNUM), -} ASN1_SEQUENCE_END_cb(RSA, RSAPublicKey) -IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(RSA, RSAPrivateKey, RSAPrivateKey) +static const ASN1_AUX RSAPublicKey_aux = { + .app_data = NULL, + .flags = 0, + .ref_offset = 0, + .ref_lock = 0, + .asn1_cb = rsa_cb, + .enc_offset = 0, +}; +static const ASN1_TEMPLATE RSAPublicKey_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(RSA, n), + .field_name = "n", + .item = &BIGNUM_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(RSA, e), + .field_name = "e", + .item = &BIGNUM_it, + }, +}; -IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(RSA, RSAPublicKey, RSAPublicKey) +const ASN1_ITEM RSAPublicKey_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = RSAPublicKey_seq_tt, + .tcount = sizeof(RSAPublicKey_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = &RSAPublicKey_aux, + .size = sizeof(RSA), + .sname = "RSA", +}; -RSA *RSAPublicKey_dup(RSA *rsa) +static const ASN1_TEMPLATE RSA_PSS_PARAMS_seq_tt[] = { { - return ASN1_item_dup(ASN1_ITEM_rptr(RSAPublicKey), rsa); - } - -RSA *RSAPrivateKey_dup(RSA *rsa) + .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(RSA_PSS_PARAMS, hashAlgorithm), + .field_name = "hashAlgorithm", + .item = &X509_ALGOR_it, + }, { - return ASN1_item_dup(ASN1_ITEM_rptr(RSAPrivateKey), rsa); - } + .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL, + .tag = 1, + .offset = offsetof(RSA_PSS_PARAMS, maskGenAlgorithm), + .field_name = "maskGenAlgorithm", + .item = &X509_ALGOR_it, + }, + { + .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL, + .tag = 2, + .offset = offsetof(RSA_PSS_PARAMS, saltLength), + .field_name = "saltLength", + .item = &ASN1_INTEGER_it, + }, + { + .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL, + .tag = 3, + .offset = offsetof(RSA_PSS_PARAMS, trailerField), + .field_name = "trailerField", + .item = &ASN1_INTEGER_it, + }, +}; + +const ASN1_ITEM RSA_PSS_PARAMS_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = RSA_PSS_PARAMS_seq_tt, + .tcount = sizeof(RSA_PSS_PARAMS_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(RSA_PSS_PARAMS), + .sname = "RSA_PSS_PARAMS", +}; + + +RSA_PSS_PARAMS * +d2i_RSA_PSS_PARAMS(RSA_PSS_PARAMS **a, const unsigned char **in, long len) +{ + return (RSA_PSS_PARAMS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &RSA_PSS_PARAMS_it); +} + +int +i2d_RSA_PSS_PARAMS(RSA_PSS_PARAMS *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &RSA_PSS_PARAMS_it); +} + +RSA_PSS_PARAMS * +RSA_PSS_PARAMS_new(void) +{ + return (RSA_PSS_PARAMS *)ASN1_item_new(&RSA_PSS_PARAMS_it); +} + +void +RSA_PSS_PARAMS_free(RSA_PSS_PARAMS *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &RSA_PSS_PARAMS_it); +} + + +RSA * +d2i_RSAPrivateKey(RSA **a, const unsigned char **in, long len) +{ + return (RSA *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &RSAPrivateKey_it); +} + +int +i2d_RSAPrivateKey(const RSA *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &RSAPrivateKey_it); +} + + +RSA * +d2i_RSAPublicKey(RSA **a, const unsigned char **in, long len) +{ + return (RSA *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &RSAPublicKey_it); +} + +int +i2d_RSAPublicKey(const RSA *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &RSAPublicKey_it); +} + +RSA * +RSAPublicKey_dup(RSA *rsa) +{ + return ASN1_item_dup(&RSAPublicKey_it, rsa); +} + +RSA * +RSAPrivateKey_dup(RSA *rsa) +{ + return ASN1_item_dup(&RSAPrivateKey_it, rsa); +} diff --git a/src/lib/libcrypto/rsa/rsa_chk.c b/src/lib/libcrypto/rsa/rsa_chk.c index 002f2cb4872..5345d31df98 100644 --- a/src/lib/libcrypto/rsa/rsa_chk.c +++ b/src/lib/libcrypto/rsa/rsa_chk.c @@ -1,4 +1,4 @@ -/* crypto/rsa/rsa_chk.c -*- Mode: C; c-file-style: "eay" -*- */ +/* $OpenBSD: rsa_chk.c,v 1.13 2017/01/29 17:49:23 beck Exp $ */ /* ==================================================================== * Copyright (c) 1999 The OpenSSL Project. All rights reserved. * @@ -7,7 +7,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -52,133 +52,161 @@ #include #include +#include "bn_lcl.h" -int RSA_check_key(const RSA *key) - { +int +RSA_check_key(const RSA *key) +{ BIGNUM *i, *j, *k, *l, *m; BN_CTX *ctx; int r; - int ret=1; - + int ret = 1; + + if (!key->p || !key->q || !key->n || !key->e || !key->d) { + RSAerror(RSA_R_VALUE_MISSING); + return 0; + } + i = BN_new(); j = BN_new(); k = BN_new(); l = BN_new(); m = BN_new(); ctx = BN_CTX_new(); - if (i == NULL || j == NULL || k == NULL || l == NULL || - m == NULL || ctx == NULL) - { + if (i == NULL || j == NULL || k == NULL || l == NULL || m == NULL || + ctx == NULL) { ret = -1; - RSAerr(RSA_F_RSA_CHECK_KEY, ERR_R_MALLOC_FAILURE); + RSAerror(ERR_R_MALLOC_FAILURE); goto err; - } - + } + /* p prime? */ - r = BN_is_prime(key->p, BN_prime_checks, NULL, NULL, NULL); - if (r != 1) - { + r = BN_is_prime_ex(key->p, BN_prime_checks, NULL, NULL); + if (r != 1) { ret = r; if (r != 0) goto err; - RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_P_NOT_PRIME); - } - + RSAerror(RSA_R_P_NOT_PRIME); + } + /* q prime? */ - r = BN_is_prime(key->q, BN_prime_checks, NULL, NULL, NULL); - if (r != 1) - { + r = BN_is_prime_ex(key->q, BN_prime_checks, NULL, NULL); + if (r != 1) { ret = r; if (r != 0) goto err; - RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_Q_NOT_PRIME); - } - + RSAerror(RSA_R_Q_NOT_PRIME); + } + /* n = p*q? */ r = BN_mul(i, key->p, key->q, ctx); - if (!r) { ret = -1; goto err; } - - if (BN_cmp(i, key->n) != 0) - { + if (!r) { + ret = -1; + goto err; + } + + if (BN_cmp(i, key->n) != 0) { ret = 0; - RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_N_DOES_NOT_EQUAL_P_Q); - } - + RSAerror(RSA_R_N_DOES_NOT_EQUAL_P_Q); + } + /* d*e = 1 mod lcm(p-1,q-1)? */ r = BN_sub(i, key->p, BN_value_one()); - if (!r) { ret = -1; goto err; } + if (!r) { + ret = -1; + goto err; + } r = BN_sub(j, key->q, BN_value_one()); - if (!r) { ret = -1; goto err; } + if (!r) { + ret = -1; + goto err; + } /* now compute k = lcm(i,j) */ r = BN_mul(l, i, j, ctx); - if (!r) { ret = -1; goto err; } - r = BN_gcd(m, i, j, ctx); - if (!r) { ret = -1; goto err; } - r = BN_div(k, NULL, l, m, ctx); /* remainder is 0 */ - if (!r) { ret = -1; goto err; } + if (!r) { + ret = -1; + goto err; + } + r = BN_gcd_ct(m, i, j, ctx); + if (!r) { + ret = -1; + goto err; + } + r = BN_div_ct(k, NULL, l, m, ctx); /* remainder is 0 */ + if (!r) { + ret = -1; + goto err; + } r = BN_mod_mul(i, key->d, key->e, k, ctx); - if (!r) { ret = -1; goto err; } + if (!r) { + ret = -1; + goto err; + } - if (!BN_is_one(i)) - { + if (!BN_is_one(i)) { ret = 0; - RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_D_E_NOT_CONGRUENT_TO_1); - } - - if (key->dmp1 != NULL && key->dmq1 != NULL && key->iqmp != NULL) - { + RSAerror(RSA_R_D_E_NOT_CONGRUENT_TO_1); + } + + if (key->dmp1 != NULL && key->dmq1 != NULL && key->iqmp != NULL) { /* dmp1 = d mod (p-1)? */ r = BN_sub(i, key->p, BN_value_one()); - if (!r) { ret = -1; goto err; } + if (!r) { + ret = -1; + goto err; + } - r = BN_mod(j, key->d, i, ctx); - if (!r) { ret = -1; goto err; } + r = BN_mod_ct(j, key->d, i, ctx); + if (!r) { + ret = -1; + goto err; + } - if (BN_cmp(j, key->dmp1) != 0) - { + if (BN_cmp(j, key->dmp1) != 0) { ret = 0; - RSAerr(RSA_F_RSA_CHECK_KEY, - RSA_R_DMP1_NOT_CONGRUENT_TO_D); - } - - /* dmq1 = d mod (q-1)? */ + RSAerror(RSA_R_DMP1_NOT_CONGRUENT_TO_D); + } + + /* dmq1 = d mod (q-1)? */ r = BN_sub(i, key->q, BN_value_one()); - if (!r) { ret = -1; goto err; } - - r = BN_mod(j, key->d, i, ctx); - if (!r) { ret = -1; goto err; } + if (!r) { + ret = -1; + goto err; + } - if (BN_cmp(j, key->dmq1) != 0) - { + r = BN_mod_ct(j, key->d, i, ctx); + if (!r) { + ret = -1; + goto err; + } + + if (BN_cmp(j, key->dmq1) != 0) { ret = 0; - RSAerr(RSA_F_RSA_CHECK_KEY, - RSA_R_DMQ1_NOT_CONGRUENT_TO_D); - } - + RSAerror(RSA_R_DMQ1_NOT_CONGRUENT_TO_D); + } + /* iqmp = q^-1 mod p? */ - if(!BN_mod_inverse(i, key->q, key->p, ctx)) - { + if (!BN_mod_inverse_ct(i, key->q, key->p, ctx)) { ret = -1; goto err; - } + } - if (BN_cmp(i, key->iqmp) != 0) - { + if (BN_cmp(i, key->iqmp) != 0) { ret = 0; - RSAerr(RSA_F_RSA_CHECK_KEY, - RSA_R_IQMP_NOT_INVERSE_OF_Q); - } + RSAerror(RSA_R_IQMP_NOT_INVERSE_OF_Q); } + } + +err: + BN_free(i); + BN_free(j); + BN_free(k); + BN_free(l); + BN_free(m); + BN_CTX_free(ctx); - err: - if (i != NULL) BN_free(i); - if (j != NULL) BN_free(j); - if (k != NULL) BN_free(k); - if (l != NULL) BN_free(l); - if (m != NULL) BN_free(m); - if (ctx != NULL) BN_CTX_free(ctx); return (ret); - } +} diff --git a/src/lib/libcrypto/rsa/rsa_crpt.c b/src/lib/libcrypto/rsa/rsa_crpt.c new file mode 100644 index 00000000000..a646ded4a73 --- /dev/null +++ b/src/lib/libcrypto/rsa/rsa_crpt.c @@ -0,0 +1,221 @@ +/* $OpenBSD: rsa_crpt.c,v 1.19 2018/02/18 12:52:13 tb Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include + +#include + +#include +#include +#include +#include +#include + +#include "bn_lcl.h" + +#ifndef OPENSSL_NO_ENGINE +#include +#endif + +int +RSA_bits(const RSA *r) +{ + return BN_num_bits(r->n); +} + +int +RSA_size(const RSA *r) +{ + return BN_num_bytes(r->n); +} + +int +RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to, + RSA *rsa, int padding) +{ + return rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding); +} + +int +RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to, + RSA *rsa, int padding) +{ + return rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding); +} + +int +RSA_private_decrypt(int flen, const unsigned char *from, unsigned char *to, + RSA *rsa, int padding) +{ + return rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding); +} + +int +RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to, + RSA *rsa, int padding) +{ + return rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding); +} + +int +RSA_flags(const RSA *r) +{ + return r == NULL ? 0 : r->meth->flags; +} + +void +RSA_blinding_off(RSA *rsa) +{ + BN_BLINDING_free(rsa->blinding); + rsa->blinding = NULL; + rsa->flags |= RSA_FLAG_NO_BLINDING; +} + +int +RSA_blinding_on(RSA *rsa, BN_CTX *ctx) +{ + int ret = 0; + + if (rsa->blinding != NULL) + RSA_blinding_off(rsa); + + rsa->blinding = RSA_setup_blinding(rsa, ctx); + if (rsa->blinding == NULL) + goto err; + + rsa->flags &= ~RSA_FLAG_NO_BLINDING; + ret = 1; +err: + return (ret); +} + +static BIGNUM * +rsa_get_public_exp(const BIGNUM *d, const BIGNUM *p, const BIGNUM *q, + BN_CTX *ctx) +{ + BIGNUM *ret = NULL, *r0, *r1, *r2; + + if (d == NULL || p == NULL || q == NULL) + return NULL; + + BN_CTX_start(ctx); + if ((r0 = BN_CTX_get(ctx)) == NULL) + goto err; + if ((r1 = BN_CTX_get(ctx)) == NULL) + goto err; + if ((r2 = BN_CTX_get(ctx)) == NULL) + goto err; + + if (!BN_sub(r1, p, BN_value_one())) + goto err; + if (!BN_sub(r2, q, BN_value_one())) + goto err; + if (!BN_mul(r0, r1, r2, ctx)) + goto err; + + ret = BN_mod_inverse_ct(NULL, d, r0, ctx); +err: + BN_CTX_end(ctx); + return ret; +} + +BN_BLINDING * +RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx) +{ + BIGNUM *e; + BIGNUM n; + BN_CTX *ctx; + BN_BLINDING *ret = NULL; + + if (in_ctx == NULL) { + if ((ctx = BN_CTX_new()) == NULL) + return 0; + } else + ctx = in_ctx; + + BN_CTX_start(ctx); + + if (rsa->e == NULL) { + e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx); + if (e == NULL) { + RSAerror(RSA_R_NO_PUBLIC_EXPONENT); + goto err; + } + } else + e = rsa->e; + + BN_init(&n); + BN_with_flags(&n, rsa->n, BN_FLG_CONSTTIME); + + ret = BN_BLINDING_create_param(NULL, e, &n, ctx, rsa->meth->bn_mod_exp, + rsa->_method_mod_n); + + if (ret == NULL) { + RSAerror(ERR_R_BN_LIB); + goto err; + } + CRYPTO_THREADID_current(BN_BLINDING_thread_id(ret)); +err: + BN_CTX_end(ctx); + if (in_ctx == NULL) + BN_CTX_free(ctx); + if (rsa->e == NULL) + BN_free(e); + + return ret; +} diff --git a/src/lib/libcrypto/rsa/rsa_depr.c b/src/lib/libcrypto/rsa/rsa_depr.c new file mode 100644 index 00000000000..b830a2293c4 --- /dev/null +++ b/src/lib/libcrypto/rsa/rsa_depr.c @@ -0,0 +1,101 @@ +/* $OpenBSD: rsa_depr.c,v 1.8 2014/07/11 08:44:49 jsing Exp $ */ +/* ==================================================================== + * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* NB: This file contains deprecated functions (compatibility wrappers to the + * "new" versions). */ + +#include +#include + +#include + +#include +#include + +#ifndef OPENSSL_NO_DEPRECATED + +RSA * +RSA_generate_key(int bits, unsigned long e_value, + void (*callback)(int, int, void *), void *cb_arg) +{ + BN_GENCB cb; + int i; + RSA *rsa = RSA_new(); + BIGNUM *e = BN_new(); + + if (!rsa || !e) + goto err; + + /* The problem is when building with 8, 16, or 32 BN_ULONG, + * unsigned long can be larger */ + for (i = 0; i < (int)sizeof(unsigned long) * 8; i++) { + if (e_value & (1UL << i)) + if (BN_set_bit(e, i) == 0) + goto err; + } + + BN_GENCB_set_old(&cb, callback, cb_arg); + + if (RSA_generate_key_ex(rsa, bits, e, &cb)) { + BN_free(e); + return rsa; + } +err: + BN_free(e); + RSA_free(rsa); + + return 0; +} +#endif diff --git a/src/lib/libcrypto/rsa/rsa_eay.c b/src/lib/libcrypto/rsa/rsa_eay.c index 0eda816081d..8e8c6d520d9 100644 --- a/src/lib/libcrypto/rsa/rsa_eay.c +++ b/src/lib/libcrypto/rsa/rsa_eay.c @@ -1,25 +1,25 @@ -/* crypto/rsa/rsa_eay.c */ +/* $OpenBSD: rsa_eay.c,v 1.50 2017/08/28 17:41:59 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,561 +49,807 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ #include -#include "cryptlib.h" +#include + +#include + #include +#include #include -#include -#include -#ifndef RSA_NULL +#include "bn_lcl.h" static int RSA_eay_public_encrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa,int padding); + unsigned char *to, RSA *rsa, int padding); static int RSA_eay_private_encrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa,int padding); + unsigned char *to, RSA *rsa, int padding); static int RSA_eay_public_decrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa,int padding); + unsigned char *to, RSA *rsa, int padding); static int RSA_eay_private_decrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa,int padding); -static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa); + unsigned char *to, RSA *rsa, int padding); +static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx); static int RSA_eay_init(RSA *rsa); static int RSA_eay_finish(RSA *rsa); -static RSA_METHOD rsa_pkcs1_eay_meth={ - "Eric Young's PKCS#1 RSA", - RSA_eay_public_encrypt, - RSA_eay_public_decrypt, /* signature verification */ - RSA_eay_private_encrypt, /* signing */ - RSA_eay_private_decrypt, - RSA_eay_mod_exp, - BN_mod_exp_mont, /* XXX probably we should not use Montgomery if e == 3 */ - RSA_eay_init, - RSA_eay_finish, - 0, /* flags */ - NULL, - 0, /* rsa_sign */ - 0 /* rsa_verify */ - }; - -const RSA_METHOD *RSA_PKCS1_SSLeay(void) - { - return(&rsa_pkcs1_eay_meth); + +static RSA_METHOD rsa_pkcs1_eay_meth = { + .name = "Eric Young's PKCS#1 RSA", + .rsa_pub_enc = RSA_eay_public_encrypt, + .rsa_pub_dec = RSA_eay_public_decrypt, /* signature verification */ + .rsa_priv_enc = RSA_eay_private_encrypt, /* signing */ + .rsa_priv_dec = RSA_eay_private_decrypt, + .rsa_mod_exp = RSA_eay_mod_exp, + .bn_mod_exp = BN_mod_exp_mont_ct, /* XXX probably we should not use Montgomery if e == 3 */ + .init = RSA_eay_init, + .finish = RSA_eay_finish, +}; + +const RSA_METHOD * +RSA_PKCS1_SSLeay(void) +{ + return &rsa_pkcs1_eay_meth; +} + +static int +RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *to, + RSA *rsa, int padding) +{ + BIGNUM *f, *ret; + int i, j, k, num = 0, r = -1; + unsigned char *buf = NULL; + BN_CTX *ctx = NULL; + + if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) { + RSAerror(RSA_R_MODULUS_TOO_LARGE); + return -1; } -static int RSA_eay_public_encrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding) - { - BIGNUM f,ret; - int i,j,k,num=0,r= -1; - unsigned char *buf=NULL; - BN_CTX *ctx=NULL; - - BN_init(&f); - BN_init(&ret); - if ((ctx=BN_CTX_new()) == NULL) goto err; - num=BN_num_bytes(rsa->n); - if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL) - { - RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,ERR_R_MALLOC_FAILURE); - goto err; + if (BN_ucmp(rsa->n, rsa->e) <= 0) { + RSAerror(RSA_R_BAD_E_VALUE); + return -1; + } + + /* for large moduli, enforce exponent limit */ + if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) { + if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) { + RSAerror(RSA_R_BAD_E_VALUE); + return -1; } + } + + if ((ctx = BN_CTX_new()) == NULL) + goto err; + + BN_CTX_start(ctx); + f = BN_CTX_get(ctx); + ret = BN_CTX_get(ctx); + num = BN_num_bytes(rsa->n); + buf = malloc(num); - switch (padding) - { + if (f == NULL || ret == NULL || buf == NULL) { + RSAerror(ERR_R_MALLOC_FAILURE); + goto err; + } + + switch (padding) { case RSA_PKCS1_PADDING: - i=RSA_padding_add_PKCS1_type_2(buf,num,from,flen); + i = RSA_padding_add_PKCS1_type_2(buf, num, from, flen); break; #ifndef OPENSSL_NO_SHA case RSA_PKCS1_OAEP_PADDING: - i=RSA_padding_add_PKCS1_OAEP(buf,num,from,flen,NULL,0); + i = RSA_padding_add_PKCS1_OAEP(buf, num, from, flen, NULL, 0); break; #endif - case RSA_SSLV23_PADDING: - i=RSA_padding_add_SSLv23(buf,num,from,flen); - break; case RSA_NO_PADDING: - i=RSA_padding_add_none(buf,num,from,flen); + i = RSA_padding_add_none(buf, num, from, flen); break; default: - RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE); + RSAerror(RSA_R_UNKNOWN_PADDING_TYPE); + goto err; + } + if (i <= 0) + goto err; + + if (BN_bin2bn(buf, num, f) == NULL) goto err; - } - if (i <= 0) goto err; - if (BN_bin2bn(buf,num,&f) == NULL) goto err; - - if (BN_ucmp(&f, rsa->n) >= 0) - { + if (BN_ucmp(f, rsa->n) >= 0) { /* usually the padding functions would catch this */ - RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS); + RSAerror(RSA_R_DATA_TOO_LARGE_FOR_MODULUS); goto err; - } + } - if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC)) - { - BN_MONT_CTX* bn_mont_ctx; - if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL) - goto err; - if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->n,ctx)) - { - BN_MONT_CTX_free(bn_mont_ctx); + if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) + if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, + CRYPTO_LOCK_RSA, rsa->n, ctx)) goto err; - } - if (rsa->_method_mod_n == NULL) /* other thread may have finished first */ - { - CRYPTO_w_lock(CRYPTO_LOCK_RSA); - if (rsa->_method_mod_n == NULL) - { - rsa->_method_mod_n = bn_mont_ctx; - bn_mont_ctx = NULL; - } - CRYPTO_w_unlock(CRYPTO_LOCK_RSA); - } - if (bn_mont_ctx) - BN_MONT_CTX_free(bn_mont_ctx); - } - - if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx, - rsa->_method_mod_n)) goto err; + + if (!rsa->meth->bn_mod_exp(ret, f, rsa->e, rsa->n, ctx, + rsa->_method_mod_n)) + goto err; /* put in leading 0 bytes if the number is less than the * length of the modulus */ - j=BN_num_bytes(&ret); - i=BN_bn2bin(&ret,&(to[num-j])); - for (k=0; k<(num-i); k++) - to[k]=0; + j = BN_num_bytes(ret); + i = BN_bn2bin(ret, &(to[num - j])); + for (k = 0; k < num - i; k++) + to[k] = 0; - r=num; + r = num; err: - if (ctx != NULL) BN_CTX_free(ctx); - BN_clear_free(&f); - BN_clear_free(&ret); - if (buf != NULL) - { - memset(buf,0,num); - OPENSSL_free(buf); + if (ctx != NULL) { + BN_CTX_end(ctx); + BN_CTX_free(ctx); + } + freezero(buf, num); + return r; +} + +static BN_BLINDING * +rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx) +{ + BN_BLINDING *ret; + int got_write_lock = 0; + CRYPTO_THREADID cur; + + CRYPTO_r_lock(CRYPTO_LOCK_RSA); + + if (rsa->blinding == NULL) { + CRYPTO_r_unlock(CRYPTO_LOCK_RSA); + CRYPTO_w_lock(CRYPTO_LOCK_RSA); + got_write_lock = 1; + + if (rsa->blinding == NULL) + rsa->blinding = RSA_setup_blinding(rsa, ctx); + } + + ret = rsa->blinding; + if (ret == NULL) + goto err; + + CRYPTO_THREADID_current(&cur); + if (!CRYPTO_THREADID_cmp(&cur, BN_BLINDING_thread_id(ret))) { + /* rsa->blinding is ours! */ + *local = 1; + } else { + /* resort to rsa->mt_blinding instead */ + /* + * Instruct rsa_blinding_convert(), rsa_blinding_invert() + * that the BN_BLINDING is shared, meaning that accesses + * require locks, and that the blinding factor must be + * stored outside the BN_BLINDING + */ + *local = 0; + + if (rsa->mt_blinding == NULL) { + if (!got_write_lock) { + CRYPTO_r_unlock(CRYPTO_LOCK_RSA); + CRYPTO_w_lock(CRYPTO_LOCK_RSA); + got_write_lock = 1; + } + + if (rsa->mt_blinding == NULL) + rsa->mt_blinding = RSA_setup_blinding(rsa, ctx); } - return(r); + ret = rsa->mt_blinding; } +err: + if (got_write_lock) + CRYPTO_w_unlock(CRYPTO_LOCK_RSA); + else + CRYPTO_r_unlock(CRYPTO_LOCK_RSA); + return ret; +} + +static int +rsa_blinding_convert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind, BN_CTX *ctx) +{ + if (unblind == NULL) + /* + * Local blinding: store the unblinding factor + * in BN_BLINDING. + */ + return BN_BLINDING_convert_ex(f, NULL, b, ctx); + else { + /* + * Shared blinding: store the unblinding factor + * outside BN_BLINDING. + */ + int ret; + CRYPTO_w_lock(CRYPTO_LOCK_RSA_BLINDING); + ret = BN_BLINDING_convert_ex(f, unblind, b, ctx); + CRYPTO_w_unlock(CRYPTO_LOCK_RSA_BLINDING); + return ret; + } +} + +static int +rsa_blinding_invert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind, BN_CTX *ctx) +{ + /* + * For local blinding, unblind is set to NULL, and BN_BLINDING_invert_ex + * will use the unblinding factor stored in BN_BLINDING. + * If BN_BLINDING is shared between threads, unblind must be non-null: + * BN_BLINDING_invert_ex will then use the local unblinding factor, + * and will only read the modulus from BN_BLINDING. + * In both cases it's safe to access the blinding without a lock. + */ + return BN_BLINDING_invert_ex(f, unblind, b, ctx); +} + /* signing */ -static int RSA_eay_private_encrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding) - { - BIGNUM f,ret; - int i,j,k,num=0,r= -1; - unsigned char *buf=NULL; - BN_CTX *ctx=NULL; +static int +RSA_eay_private_encrypt(int flen, const unsigned char *from, unsigned char *to, + RSA *rsa, int padding) +{ + BIGNUM *f, *ret, *res; + int i, j, k, num = 0, r = -1; + unsigned char *buf = NULL; + BN_CTX *ctx = NULL; + int local_blinding = 0; + /* + * Used only if the blinding structure is shared. A non-NULL unblind + * instructs rsa_blinding_convert() and rsa_blinding_invert() to store + * the unblinding factor outside the blinding structure. + */ + BIGNUM *unblind = NULL; + BN_BLINDING *blinding = NULL; + + if ((ctx = BN_CTX_new()) == NULL) + goto err; - BN_init(&f); - BN_init(&ret); + BN_CTX_start(ctx); + f = BN_CTX_get(ctx); + ret = BN_CTX_get(ctx); + num = BN_num_bytes(rsa->n); + buf = malloc(num); - if ((ctx=BN_CTX_new()) == NULL) goto err; - num=BN_num_bytes(rsa->n); - if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL) - { - RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE); + if (f == NULL || ret == NULL || buf == NULL) { + RSAerror(ERR_R_MALLOC_FAILURE); goto err; - } + } - switch (padding) - { + switch (padding) { case RSA_PKCS1_PADDING: - i=RSA_padding_add_PKCS1_type_1(buf,num,from,flen); + i = RSA_padding_add_PKCS1_type_1(buf, num, from, flen); + break; + case RSA_X931_PADDING: + i = RSA_padding_add_X931(buf, num, from, flen); break; case RSA_NO_PADDING: - i=RSA_padding_add_none(buf,num,from,flen); + i = RSA_padding_add_none(buf, num, from, flen); break; - case RSA_SSLV23_PADDING: default: - RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE); + RSAerror(RSA_R_UNKNOWN_PADDING_TYPE); + goto err; + } + if (i <= 0) goto err; - } - if (i <= 0) goto err; - if (BN_bin2bn(buf,num,&f) == NULL) goto err; - - if (BN_ucmp(&f, rsa->n) >= 0) - { + if (BN_bin2bn(buf, num, f) == NULL) + goto err; + + if (BN_ucmp(f, rsa->n) >= 0) { /* usually the padding functions would catch this */ - RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS); + RSAerror(RSA_R_DATA_TOO_LARGE_FOR_MODULUS); goto err; + } + + if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) { + blinding = rsa_get_blinding(rsa, &local_blinding, ctx); + if (blinding == NULL) { + RSAerror(ERR_R_INTERNAL_ERROR); + goto err; } + } - if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL)) - RSA_blinding_on(rsa,ctx); - if (rsa->flags & RSA_FLAG_BLINDING) - if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err; - - if ( (rsa->flags & RSA_FLAG_EXT_PKEY) || - ((rsa->p != NULL) && - (rsa->q != NULL) && - (rsa->dmp1 != NULL) && - (rsa->dmq1 != NULL) && - (rsa->iqmp != NULL)) ) - { if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; } - else - { - if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) goto err; + if (blinding != NULL) { + if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) { + RSAerror(ERR_R_MALLOC_FAILURE); + goto err; } + if (!rsa_blinding_convert(blinding, f, unblind, ctx)) + goto err; + } + + if ((rsa->flags & RSA_FLAG_EXT_PKEY) || + (rsa->p != NULL && rsa->q != NULL && rsa->dmp1 != NULL && + rsa->dmq1 != NULL && rsa->iqmp != NULL)) { + if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx)) + goto err; + } else { + BIGNUM d; + + BN_init(&d); + BN_with_flags(&d, rsa->d, BN_FLG_CONSTTIME); + + if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) + if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, + CRYPTO_LOCK_RSA, rsa->n, ctx)) + goto err; + + if (!rsa->meth->bn_mod_exp(ret, f, &d, rsa->n, ctx, + rsa->_method_mod_n)) { + goto err; + } + } + + if (blinding) + if (!rsa_blinding_invert(blinding, ret, unblind, ctx)) + goto err; - if (rsa->flags & RSA_FLAG_BLINDING) - if (!BN_BLINDING_invert(&ret,rsa->blinding,ctx)) goto err; + if (padding == RSA_X931_PADDING) { + BN_sub(f, rsa->n, ret); + if (BN_cmp(ret, f) > 0) + res = f; + else + res = ret; + } else + res = ret; /* put in leading 0 bytes if the number is less than the * length of the modulus */ - j=BN_num_bytes(&ret); - i=BN_bn2bin(&ret,&(to[num-j])); - for (k=0; k<(num-i); k++) - to[k]=0; + j = BN_num_bytes(res); + i = BN_bn2bin(res, &(to[num - j])); + for (k = 0; k < num - i; k++) + to[k] = 0; - r=num; + r = num; err: - if (ctx != NULL) BN_CTX_free(ctx); - BN_clear_free(&ret); - BN_clear_free(&f); - if (buf != NULL) - { - memset(buf,0,num); - OPENSSL_free(buf); - } - return(r); + if (ctx != NULL) { + BN_CTX_end(ctx); + BN_CTX_free(ctx); } - -static int RSA_eay_private_decrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding) - { - BIGNUM f,ret; - int j,num=0,r= -1; + freezero(buf, num); + return r; +} + +static int +RSA_eay_private_decrypt(int flen, const unsigned char *from, unsigned char *to, + RSA *rsa, int padding) +{ + BIGNUM *f, *ret; + int j, num = 0, r = -1; unsigned char *p; - unsigned char *buf=NULL; - BN_CTX *ctx=NULL; - - BN_init(&f); - BN_init(&ret); - ctx=BN_CTX_new(); - if (ctx == NULL) goto err; + unsigned char *buf = NULL; + BN_CTX *ctx = NULL; + int local_blinding = 0; + /* + * Used only if the blinding structure is shared. A non-NULL unblind + * instructs rsa_blinding_convert() and rsa_blinding_invert() to store + * the unblinding factor outside the blinding structure. + */ + BIGNUM *unblind = NULL; + BN_BLINDING *blinding = NULL; + + if ((ctx = BN_CTX_new()) == NULL) + goto err; - num=BN_num_bytes(rsa->n); + BN_CTX_start(ctx); + f = BN_CTX_get(ctx); + ret = BN_CTX_get(ctx); + num = BN_num_bytes(rsa->n); + buf = malloc(num); - if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL) - { - RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE); + if (!f || !ret || !buf) { + RSAerror(ERR_R_MALLOC_FAILURE); goto err; - } + } /* This check was for equality but PGP does evil things * and chops off the top '0' bytes */ - if (flen > num) - { - RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_GREATER_THAN_MOD_LEN); + if (flen > num) { + RSAerror(RSA_R_DATA_GREATER_THAN_MOD_LEN); goto err; - } + } /* make data into a big number */ - if (BN_bin2bn(from,(int)flen,&f) == NULL) goto err; + if (BN_bin2bn(from, (int)flen, f) == NULL) + goto err; - if (BN_ucmp(&f, rsa->n) >= 0) - { - RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS); + if (BN_ucmp(f, rsa->n) >= 0) { + RSAerror(RSA_R_DATA_TOO_LARGE_FOR_MODULUS); goto err; + } + + if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) { + blinding = rsa_get_blinding(rsa, &local_blinding, ctx); + if (blinding == NULL) { + RSAerror(ERR_R_INTERNAL_ERROR); + goto err; } + } - if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL)) - RSA_blinding_on(rsa,ctx); - if (rsa->flags & RSA_FLAG_BLINDING) - if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err; + if (blinding != NULL) { + if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) { + RSAerror(ERR_R_MALLOC_FAILURE); + goto err; + } + if (!rsa_blinding_convert(blinding, f, unblind, ctx)) + goto err; + } /* do the decrypt */ - if ( (rsa->flags & RSA_FLAG_EXT_PKEY) || - ((rsa->p != NULL) && - (rsa->q != NULL) && - (rsa->dmp1 != NULL) && - (rsa->dmq1 != NULL) && - (rsa->iqmp != NULL)) ) - { if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; } - else - { - if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) + if ((rsa->flags & RSA_FLAG_EXT_PKEY) || + (rsa->p != NULL && rsa->q != NULL && rsa->dmp1 != NULL && + rsa->dmq1 != NULL && rsa->iqmp != NULL)) { + if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx)) + goto err; + } else { + BIGNUM d; + + BN_init(&d); + BN_with_flags(&d, rsa->d, BN_FLG_CONSTTIME); + + if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) + if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, + CRYPTO_LOCK_RSA, rsa->n, ctx)) + goto err; + + if (!rsa->meth->bn_mod_exp(ret, f, &d, rsa->n, ctx, + rsa->_method_mod_n)) { goto err; } + } - if (rsa->flags & RSA_FLAG_BLINDING) - if (!BN_BLINDING_invert(&ret,rsa->blinding,ctx)) goto err; + if (blinding) + if (!rsa_blinding_invert(blinding, ret, unblind, ctx)) + goto err; - p=buf; - j=BN_bn2bin(&ret,p); /* j is only used with no-padding mode */ + p = buf; + j = BN_bn2bin(ret, p); /* j is only used with no-padding mode */ - switch (padding) - { + switch (padding) { case RSA_PKCS1_PADDING: - r=RSA_padding_check_PKCS1_type_2(to,num,buf,j,num); + r = RSA_padding_check_PKCS1_type_2(to, num, buf, j, num); break; #ifndef OPENSSL_NO_SHA - case RSA_PKCS1_OAEP_PADDING: - r=RSA_padding_check_PKCS1_OAEP(to,num,buf,j,num,NULL,0); - break; -#endif - case RSA_SSLV23_PADDING: - r=RSA_padding_check_SSLv23(to,num,buf,j,num); + case RSA_PKCS1_OAEP_PADDING: + r = RSA_padding_check_PKCS1_OAEP(to, num, buf, j, num, NULL, 0); break; +#endif case RSA_NO_PADDING: - r=RSA_padding_check_none(to,num,buf,j,num); + r = RSA_padding_check_none(to, num, buf, j, num); break; default: - RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE); + RSAerror(RSA_R_UNKNOWN_PADDING_TYPE); goto err; - } + } if (r < 0) - RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_PADDING_CHECK_FAILED); + RSAerror(RSA_R_PADDING_CHECK_FAILED); err: - if (ctx != NULL) BN_CTX_free(ctx); - BN_clear_free(&f); - BN_clear_free(&ret); - if (buf != NULL) - { - memset(buf,0,num); - OPENSSL_free(buf); - } - return(r); + if (ctx != NULL) { + BN_CTX_end(ctx); + BN_CTX_free(ctx); } + freezero(buf, num); + return r; +} /* signature verification */ -static int RSA_eay_public_decrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding) - { - BIGNUM f,ret; - int i,num=0,r= -1; +static int +RSA_eay_public_decrypt(int flen, const unsigned char *from, unsigned char *to, + RSA *rsa, int padding) +{ + BIGNUM *f, *ret; + int i, num = 0, r = -1; unsigned char *p; - unsigned char *buf=NULL; - BN_CTX *ctx=NULL; + unsigned char *buf = NULL; + BN_CTX *ctx = NULL; - BN_init(&f); - BN_init(&ret); - ctx=BN_CTX_new(); - if (ctx == NULL) goto err; + if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) { + RSAerror(RSA_R_MODULUS_TOO_LARGE); + return -1; + } - num=BN_num_bytes(rsa->n); - buf=(unsigned char *)OPENSSL_malloc(num); - if (buf == NULL) - { - RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,ERR_R_MALLOC_FAILURE); - goto err; + if (BN_ucmp(rsa->n, rsa->e) <= 0) { + RSAerror(RSA_R_BAD_E_VALUE); + return -1; + } + + /* for large moduli, enforce exponent limit */ + if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) { + if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) { + RSAerror(RSA_R_BAD_E_VALUE); + return -1; } + } + + if ((ctx = BN_CTX_new()) == NULL) + goto err; + + BN_CTX_start(ctx); + f = BN_CTX_get(ctx); + ret = BN_CTX_get(ctx); + num = BN_num_bytes(rsa->n); + buf = malloc(num); + + if (!f || !ret || !buf) { + RSAerror(ERR_R_MALLOC_FAILURE); + goto err; + } /* This check was for equality but PGP does evil things * and chops off the top '0' bytes */ - if (flen > num) - { - RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_DATA_GREATER_THAN_MOD_LEN); + if (flen > num) { + RSAerror(RSA_R_DATA_GREATER_THAN_MOD_LEN); goto err; - } + } - if (BN_bin2bn(from,flen,&f) == NULL) goto err; + if (BN_bin2bn(from, flen, f) == NULL) + goto err; - if (BN_ucmp(&f, rsa->n) >= 0) - { - RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS); + if (BN_ucmp(f, rsa->n) >= 0) { + RSAerror(RSA_R_DATA_TOO_LARGE_FOR_MODULUS); goto err; - } + } - /* do the decrypt */ - if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC)) - { - BN_MONT_CTX* bn_mont_ctx; - if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL) + if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) + if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, + CRYPTO_LOCK_RSA, rsa->n, ctx)) goto err; - if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->n,ctx)) - { - BN_MONT_CTX_free(bn_mont_ctx); + + if (!rsa->meth->bn_mod_exp(ret, f, rsa->e, rsa->n, ctx, + rsa->_method_mod_n)) + goto err; + + if (padding == RSA_X931_PADDING && (ret->d[0] & 0xf) != 12) + if (!BN_sub(ret, rsa->n, ret)) goto err; - } - if (rsa->_method_mod_n == NULL) /* other thread may have finished first */ - { - CRYPTO_w_lock(CRYPTO_LOCK_RSA); - if (rsa->_method_mod_n == NULL) - { - rsa->_method_mod_n = bn_mont_ctx; - bn_mont_ctx = NULL; - } - CRYPTO_w_unlock(CRYPTO_LOCK_RSA); - } - if (bn_mont_ctx) - BN_MONT_CTX_free(bn_mont_ctx); - } - - if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx, - rsa->_method_mod_n)) goto err; - p=buf; - i=BN_bn2bin(&ret,p); + p = buf; + i = BN_bn2bin(ret, p); - switch (padding) - { + switch (padding) { case RSA_PKCS1_PADDING: - r=RSA_padding_check_PKCS1_type_1(to,num,buf,i,num); + r = RSA_padding_check_PKCS1_type_1(to, num, buf, i, num); + break; + case RSA_X931_PADDING: + r = RSA_padding_check_X931(to, num, buf, i, num); break; case RSA_NO_PADDING: - r=RSA_padding_check_none(to,num,buf,i,num); + r = RSA_padding_check_none(to, num, buf, i, num); break; default: - RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE); + RSAerror(RSA_R_UNKNOWN_PADDING_TYPE); goto err; - } + } if (r < 0) - RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_PADDING_CHECK_FAILED); + RSAerror(RSA_R_PADDING_CHECK_FAILED); err: - if (ctx != NULL) BN_CTX_free(ctx); - BN_clear_free(&f); - BN_clear_free(&ret); - if (buf != NULL) - { - memset(buf,0,num); - OPENSSL_free(buf); - } - return(r); + if (ctx != NULL) { + BN_CTX_end(ctx); + BN_CTX_free(ctx); + } + freezero(buf, num); + return r; +} + +static int +RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) +{ + BIGNUM *r1, *m1, *vrfy; + BIGNUM dmp1, dmq1, c, pr1; + int ret = 0; + + BN_CTX_start(ctx); + r1 = BN_CTX_get(ctx); + m1 = BN_CTX_get(ctx); + vrfy = BN_CTX_get(ctx); + if (r1 == NULL || m1 == NULL || vrfy == NULL) { + RSAerror(ERR_R_MALLOC_FAILURE); + goto err; } -static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) { - BIGNUM r1,m1,vrfy; - int ret=0; - BN_CTX *ctx; - - BN_init(&m1); - BN_init(&r1); - BN_init(&vrfy); - if ((ctx=BN_CTX_new()) == NULL) goto err; - - if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) - { - if (rsa->_method_mod_p == NULL) - { - BN_MONT_CTX* bn_mont_ctx; - if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL) + BIGNUM p, q; + + /* + * Make sure BN_mod_inverse in Montgomery intialization uses the + * BN_FLG_CONSTTIME flag + */ + BN_init(&p); + BN_init(&q); + BN_with_flags(&p, rsa->p, BN_FLG_CONSTTIME); + BN_with_flags(&q, rsa->q, BN_FLG_CONSTTIME); + + if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) { + if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_p, + CRYPTO_LOCK_RSA, &p, ctx) || + !BN_MONT_CTX_set_locked(&rsa->_method_mod_q, + CRYPTO_LOCK_RSA, &q, ctx)) { goto err; - if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->p,ctx)) - { - BN_MONT_CTX_free(bn_mont_ctx); - goto err; - } - if (rsa->_method_mod_p == NULL) /* other thread may have finished first */ - { - CRYPTO_w_lock(CRYPTO_LOCK_RSA); - if (rsa->_method_mod_p == NULL) - { - rsa->_method_mod_p = bn_mont_ctx; - bn_mont_ctx = NULL; - } - CRYPTO_w_unlock(CRYPTO_LOCK_RSA); - } - if (bn_mont_ctx) - BN_MONT_CTX_free(bn_mont_ctx); - } - - if (rsa->_method_mod_q == NULL) - { - BN_MONT_CTX* bn_mont_ctx; - if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL) - goto err; - if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->q,ctx)) - { - BN_MONT_CTX_free(bn_mont_ctx); - goto err; - } - if (rsa->_method_mod_q == NULL) /* other thread may have finished first */ - { - CRYPTO_w_lock(CRYPTO_LOCK_RSA); - if (rsa->_method_mod_q == NULL) - { - rsa->_method_mod_q = bn_mont_ctx; - bn_mont_ctx = NULL; - } - CRYPTO_w_unlock(CRYPTO_LOCK_RSA); - } - if (bn_mont_ctx) - BN_MONT_CTX_free(bn_mont_ctx); } } - - if (!BN_mod(&r1,I,rsa->q,ctx)) goto err; - if (!rsa->meth->bn_mod_exp(&m1,&r1,rsa->dmq1,rsa->q,ctx, - rsa->_method_mod_q)) goto err; - - if (!BN_mod(&r1,I,rsa->p,ctx)) goto err; - if (!rsa->meth->bn_mod_exp(r0,&r1,rsa->dmp1,rsa->p,ctx, - rsa->_method_mod_p)) goto err; - - if (!BN_sub(r0,r0,&m1)) goto err; - /* This will help stop the size of r0 increasing, which does - * affect the multiply if it optimised for a power of 2 size */ - if (r0->neg) - if (!BN_add(r0,r0,rsa->p)) goto err; - - if (!BN_mul(&r1,r0,rsa->iqmp,ctx)) goto err; - if (!BN_mod(r0,&r1,rsa->p,ctx)) goto err; - /* If p < q it is occasionally possible for the correction of - * adding 'p' if r0 is negative above to leave the result still + } + + if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) + if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, + CRYPTO_LOCK_RSA, rsa->n, ctx)) + goto err; + + /* compute I mod q */ + BN_init(&c); + BN_with_flags(&c, I, BN_FLG_CONSTTIME); + + if (!BN_mod_ct(r1, &c, rsa->q, ctx)) + goto err; + + /* compute r1^dmq1 mod q */ + BN_init(&dmq1); + BN_with_flags(&dmq1, rsa->dmq1, BN_FLG_CONSTTIME); + + if (!rsa->meth->bn_mod_exp(m1, r1, &dmq1, rsa->q, ctx, + rsa->_method_mod_q)) + goto err; + + /* compute I mod p */ + BN_with_flags(&c, I, BN_FLG_CONSTTIME); + + if (!BN_mod_ct(r1, &c, rsa->p, ctx)) + goto err; + + /* compute r1^dmp1 mod p */ + BN_init(&dmp1); + BN_with_flags(&dmp1, rsa->dmp1, BN_FLG_CONSTTIME); + + if (!rsa->meth->bn_mod_exp(r0, r1, &dmp1, rsa->p, ctx, + rsa->_method_mod_p)) + goto err; + + if (!BN_sub(r0, r0, m1)) + goto err; + + /* + * This will help stop the size of r0 increasing, which does + * affect the multiply if it optimised for a power of 2 size + */ + if (BN_is_negative(r0)) + if (!BN_add(r0, r0, rsa->p)) + goto err; + + if (!BN_mul(r1, r0, rsa->iqmp, ctx)) + goto err; + + /* Turn BN_FLG_CONSTTIME flag on before division operation */ + BN_init(&pr1); + BN_with_flags(&pr1, r1, BN_FLG_CONSTTIME); + + if (!BN_mod_ct(r0, &pr1, rsa->p, ctx)) + goto err; + + /* + * If p < q it is occasionally possible for the correction of + * adding 'p' if r0 is negative above to leave the result still * negative. This can break the private key operations: the following * second correction should *always* correct this rare occurrence. * This will *never* happen with OpenSSL generated keys because - * they ensure p > q [steve] - */ - if (r0->neg) - if (!BN_add(r0,r0,rsa->p)) goto err; - if (!BN_mul(&r1,r0,rsa->q,ctx)) goto err; - if (!BN_add(r0,&r1,&m1)) goto err; - - if (rsa->e && rsa->n) - { - if (!rsa->meth->bn_mod_exp(&vrfy,r0,rsa->e,rsa->n,ctx,NULL)) goto err; - /* If 'I' was greater than (or equal to) rsa->n, the operation + * they ensure p > q [steve] + */ + if (BN_is_negative(r0)) + if (!BN_add(r0, r0, rsa->p)) + goto err; + if (!BN_mul(r1, r0, rsa->q, ctx)) + goto err; + if (!BN_add(r0, r1, m1)) + goto err; + + if (rsa->e && rsa->n) { + if (!rsa->meth->bn_mod_exp(vrfy, r0, rsa->e, rsa->n, ctx, + rsa->_method_mod_n)) + goto err; + /* + * If 'I' was greater than (or equal to) rsa->n, the operation * will be equivalent to using 'I mod n'. However, the result of * the verify will *always* be less than 'n' so we don't check - * for absolute equality, just congruency. */ - if (!BN_sub(&vrfy, &vrfy, I)) goto err; - if (!BN_mod(&vrfy, &vrfy, rsa->n, ctx)) goto err; - if (vrfy.neg) - if (!BN_add(&vrfy, &vrfy, rsa->n)) goto err; - if (!BN_is_zero(&vrfy)) - /* 'I' and 'vrfy' aren't congruent mod n. Don't leak + * for absolute equality, just congruency. + */ + if (!BN_sub(vrfy, vrfy, I)) + goto err; + if (!BN_mod_ct(vrfy, vrfy, rsa->n, ctx)) + goto err; + if (BN_is_negative(vrfy)) + if (!BN_add(vrfy, vrfy, rsa->n)) + goto err; + if (!BN_is_zero(vrfy)) { + /* + * 'I' and 'vrfy' aren't congruent mod n. Don't leak * miscalculated CRT output, just do a raw (slower) - * mod_exp and return that instead. */ - if (!rsa->meth->bn_mod_exp(r0,I,rsa->d,rsa->n,ctx,NULL)) goto err; - } - ret=1; -err: - BN_clear_free(&m1); - BN_clear_free(&r1); - BN_clear_free(&vrfy); - BN_CTX_free(ctx); - return(ret); - } + * mod_exp and return that instead. + */ + BIGNUM d; -static int RSA_eay_init(RSA *rsa) - { - rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE; - return(1); - } + BN_init(&d); + BN_with_flags(&d, rsa->d, BN_FLG_CONSTTIME); -static int RSA_eay_finish(RSA *rsa) - { - if (rsa->_method_mod_n != NULL) - BN_MONT_CTX_free(rsa->_method_mod_n); - if (rsa->_method_mod_p != NULL) - BN_MONT_CTX_free(rsa->_method_mod_p); - if (rsa->_method_mod_q != NULL) - BN_MONT_CTX_free(rsa->_method_mod_q); - return(1); + if (!rsa->meth->bn_mod_exp(r0, I, &d, rsa->n, ctx, + rsa->_method_mod_n)) { + goto err; + } + } } - -#endif + ret = 1; +err: + BN_CTX_end(ctx); + return ret; +} + +static int +RSA_eay_init(RSA *rsa) +{ + rsa->flags |= RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE; + return 1; +} + +static int +RSA_eay_finish(RSA *rsa) +{ + BN_MONT_CTX_free(rsa->_method_mod_n); + BN_MONT_CTX_free(rsa->_method_mod_p); + BN_MONT_CTX_free(rsa->_method_mod_q); + + return 1; +} diff --git a/src/lib/libcrypto/rsa/rsa_err.c b/src/lib/libcrypto/rsa/rsa_err.c index a7766c3b762..c2b197c581d 100644 --- a/src/lib/libcrypto/rsa/rsa_err.c +++ b/src/lib/libcrypto/rsa/rsa_err.c @@ -1,13 +1,13 @@ -/* crypto/rsa/rsa_err.c */ +/* $OpenBSD: rsa_err.c,v 1.17 2017/01/29 17:49:23 beck Exp $ */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -59,91 +59,95 @@ */ #include + +#include + #include #include /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -static ERR_STRING_DATA RSA_str_functs[]= - { -{ERR_PACK(0,RSA_F_MEMORY_LOCK,0), "MEMORY_LOCK"}, -{ERR_PACK(0,RSA_F_RSA_CHECK_KEY,0), "RSA_check_key"}, -{ERR_PACK(0,RSA_F_RSA_EAY_PRIVATE_DECRYPT,0), "RSA_EAY_PRIVATE_DECRYPT"}, -{ERR_PACK(0,RSA_F_RSA_EAY_PRIVATE_ENCRYPT,0), "RSA_EAY_PRIVATE_ENCRYPT"}, -{ERR_PACK(0,RSA_F_RSA_EAY_PUBLIC_DECRYPT,0), "RSA_EAY_PUBLIC_DECRYPT"}, -{ERR_PACK(0,RSA_F_RSA_EAY_PUBLIC_ENCRYPT,0), "RSA_EAY_PUBLIC_ENCRYPT"}, -{ERR_PACK(0,RSA_F_RSA_GENERATE_KEY,0), "RSA_generate_key"}, -{ERR_PACK(0,RSA_F_RSA_NEW_METHOD,0), "RSA_new_method"}, -{ERR_PACK(0,RSA_F_RSA_NULL,0), "RSA_NULL"}, -{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_NONE,0), "RSA_padding_add_none"}, -{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_OAEP,0), "RSA_padding_add_PKCS1_OAEP"}, -{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,0), "RSA_padding_add_PKCS1_type_1"}, -{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2,0), "RSA_padding_add_PKCS1_type_2"}, -{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_SSLV23,0), "RSA_padding_add_SSLv23"}, -{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_NONE,0), "RSA_padding_check_none"}, -{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP,0), "RSA_padding_check_PKCS1_OAEP"}, -{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,0), "RSA_padding_check_PKCS1_type_1"}, -{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,0), "RSA_padding_check_PKCS1_type_2"}, -{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_SSLV23,0), "RSA_padding_check_SSLv23"}, -{ERR_PACK(0,RSA_F_RSA_PRINT,0), "RSA_print"}, -{ERR_PACK(0,RSA_F_RSA_PRINT_FP,0), "RSA_print_fp"}, -{ERR_PACK(0,RSA_F_RSA_SIGN,0), "RSA_sign"}, -{ERR_PACK(0,RSA_F_RSA_SIGN_ASN1_OCTET_STRING,0), "RSA_sign_ASN1_OCTET_STRING"}, -{ERR_PACK(0,RSA_F_RSA_VERIFY,0), "RSA_verify"}, -{ERR_PACK(0,RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,0), "RSA_verify_ASN1_OCTET_STRING"}, -{0,NULL} - }; -static ERR_STRING_DATA RSA_str_reasons[]= - { -{RSA_R_ALGORITHM_MISMATCH ,"algorithm mismatch"}, -{RSA_R_BAD_E_VALUE ,"bad e value"}, -{RSA_R_BAD_FIXED_HEADER_DECRYPT ,"bad fixed header decrypt"}, -{RSA_R_BAD_PAD_BYTE_COUNT ,"bad pad byte count"}, -{RSA_R_BAD_SIGNATURE ,"bad signature"}, -{RSA_R_BLOCK_TYPE_IS_NOT_01 ,"block type is not 01"}, -{RSA_R_BLOCK_TYPE_IS_NOT_02 ,"block type is not 02"}, -{RSA_R_DATA_GREATER_THAN_MOD_LEN ,"data greater than mod len"}, -{RSA_R_DATA_TOO_LARGE ,"data too large"}, -{RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"}, -{RSA_R_DATA_TOO_LARGE_FOR_MODULUS ,"data too large for modulus"}, -{RSA_R_DATA_TOO_SMALL ,"data too small"}, -{RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE ,"data too small for key size"}, -{RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY ,"digest too big for rsa key"}, -{RSA_R_DMP1_NOT_CONGRUENT_TO_D ,"dmp1 not congruent to d"}, -{RSA_R_DMQ1_NOT_CONGRUENT_TO_D ,"dmq1 not congruent to d"}, -{RSA_R_D_E_NOT_CONGRUENT_TO_1 ,"d e not congruent to 1"}, -{RSA_R_INVALID_MESSAGE_LENGTH ,"invalid message length"}, -{RSA_R_IQMP_NOT_INVERSE_OF_Q ,"iqmp not inverse of q"}, -{RSA_R_KEY_SIZE_TOO_SMALL ,"key size too small"}, -{RSA_R_NULL_BEFORE_BLOCK_MISSING ,"null before block missing"}, -{RSA_R_N_DOES_NOT_EQUAL_P_Q ,"n does not equal p q"}, -{RSA_R_OAEP_DECODING_ERROR ,"oaep decoding error"}, -{RSA_R_PADDING_CHECK_FAILED ,"padding check failed"}, -{RSA_R_P_NOT_PRIME ,"p not prime"}, -{RSA_R_Q_NOT_PRIME ,"q not prime"}, -{RSA_R_RSA_OPERATIONS_NOT_SUPPORTED ,"rsa operations not supported"}, -{RSA_R_SSLV3_ROLLBACK_ATTACK ,"sslv3 rollback attack"}, -{RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD,"the asn1 object identifier is not known for this md"}, -{RSA_R_UNKNOWN_ALGORITHM_TYPE ,"unknown algorithm type"}, -{RSA_R_UNKNOWN_PADDING_TYPE ,"unknown padding type"}, -{RSA_R_WRONG_SIGNATURE_LENGTH ,"wrong signature length"}, -{0,NULL} - }; +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_RSA,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_RSA,0,reason) -#endif +static ERR_STRING_DATA RSA_str_functs[] = { + {ERR_FUNC(0xfff), "CRYPTO_internal"}, + {0, NULL} +}; -void ERR_load_RSA_strings(void) - { - static int init=1; +static ERR_STRING_DATA RSA_str_reasons[] = { + {ERR_REASON(RSA_R_ALGORITHM_MISMATCH) , "algorithm mismatch"}, + {ERR_REASON(RSA_R_BAD_E_VALUE) , "bad e value"}, + {ERR_REASON(RSA_R_BAD_FIXED_HEADER_DECRYPT), "bad fixed header decrypt"}, + {ERR_REASON(RSA_R_BAD_PAD_BYTE_COUNT) , "bad pad byte count"}, + {ERR_REASON(RSA_R_BAD_SIGNATURE) , "bad signature"}, + {ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_01) , "block type is not 01"}, + {ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_02) , "block type is not 02"}, + {ERR_REASON(RSA_R_DATA_GREATER_THAN_MOD_LEN), "data greater than mod len"}, + {ERR_REASON(RSA_R_DATA_TOO_LARGE) , "data too large"}, + {ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE), "data too large for key size"}, + {ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_MODULUS), "data too large for modulus"}, + {ERR_REASON(RSA_R_DATA_TOO_SMALL) , "data too small"}, + {ERR_REASON(RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE), "data too small for key size"}, + {ERR_REASON(RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY), "digest too big for rsa key"}, + {ERR_REASON(RSA_R_DMP1_NOT_CONGRUENT_TO_D), "dmp1 not congruent to d"}, + {ERR_REASON(RSA_R_DMQ1_NOT_CONGRUENT_TO_D), "dmq1 not congruent to d"}, + {ERR_REASON(RSA_R_D_E_NOT_CONGRUENT_TO_1), "d e not congruent to 1"}, + {ERR_REASON(RSA_R_FIRST_OCTET_INVALID) , "first octet invalid"}, + {ERR_REASON(RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE), "illegal or unsupported padding mode"}, + {ERR_REASON(RSA_R_INVALID_DIGEST_LENGTH) , "invalid digest length"}, + {ERR_REASON(RSA_R_INVALID_HEADER) , "invalid header"}, + {ERR_REASON(RSA_R_INVALID_KEYBITS) , "invalid keybits"}, + {ERR_REASON(RSA_R_INVALID_MESSAGE_LENGTH), "invalid message length"}, + {ERR_REASON(RSA_R_INVALID_MGF1_MD) , "invalid mgf1 md"}, + {ERR_REASON(RSA_R_INVALID_PADDING) , "invalid padding"}, + {ERR_REASON(RSA_R_INVALID_PADDING_MODE) , "invalid padding mode"}, + {ERR_REASON(RSA_R_INVALID_PSS_PARAMETERS), "invalid pss parameters"}, + {ERR_REASON(RSA_R_INVALID_PSS_SALTLEN) , "invalid pss saltlen"}, + {ERR_REASON(RSA_R_INVALID_SALT_LENGTH) , "invalid salt length"}, + {ERR_REASON(RSA_R_INVALID_TRAILER) , "invalid trailer"}, + {ERR_REASON(RSA_R_INVALID_X931_DIGEST) , "invalid x931 digest"}, + {ERR_REASON(RSA_R_IQMP_NOT_INVERSE_OF_Q) , "iqmp not inverse of q"}, + {ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL) , "key size too small"}, + {ERR_REASON(RSA_R_LAST_OCTET_INVALID) , "last octet invalid"}, + {ERR_REASON(RSA_R_MODULUS_TOO_LARGE) , "modulus too large"}, + {ERR_REASON(RSA_R_NON_FIPS_RSA_METHOD) , "non fips rsa method"}, + {ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT) , "no public exponent"}, + {ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING), "null before block missing"}, + {ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q) , "n does not equal p q"}, + {ERR_REASON(RSA_R_OAEP_DECODING_ERROR) , "oaep decoding error"}, + {ERR_REASON(RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE), "operation not allowed in fips mode"}, + {ERR_REASON(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), "operation not supported for this keytype"}, + {ERR_REASON(RSA_R_PADDING_CHECK_FAILED) , "padding check failed"}, + {ERR_REASON(RSA_R_P_NOT_PRIME) , "p not prime"}, + {ERR_REASON(RSA_R_Q_NOT_PRIME) , "q not prime"}, + {ERR_REASON(RSA_R_RSA_OPERATIONS_NOT_SUPPORTED), "rsa operations not supported"}, + {ERR_REASON(RSA_R_SLEN_CHECK_FAILED) , "salt length check failed"}, + {ERR_REASON(RSA_R_SLEN_RECOVERY_FAILED) , "salt length recovery failed"}, + {ERR_REASON(RSA_R_SSLV3_ROLLBACK_ATTACK) , "sslv3 rollback attack"}, + {ERR_REASON(RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD), "the asn1 object identifier is not known for this md"}, + {ERR_REASON(RSA_R_UNKNOWN_ALGORITHM_TYPE), "unknown algorithm type"}, + {ERR_REASON(RSA_R_UNKNOWN_MASK_DIGEST) , "unknown mask digest"}, + {ERR_REASON(RSA_R_UNKNOWN_PADDING_TYPE) , "unknown padding type"}, + {ERR_REASON(RSA_R_UNKNOWN_PSS_DIGEST) , "unknown pss digest"}, + {ERR_REASON(RSA_R_UNSUPPORTED_MASK_ALGORITHM), "unsupported mask algorithm"}, + {ERR_REASON(RSA_R_UNSUPPORTED_MASK_PARAMETER), "unsupported mask parameter"}, + {ERR_REASON(RSA_R_UNSUPPORTED_SIGNATURE_TYPE), "unsupported signature type"}, + {ERR_REASON(RSA_R_VALUE_MISSING) , "value missing"}, + {ERR_REASON(RSA_R_WRONG_SIGNATURE_LENGTH), "wrong signature length"}, + {0, NULL} +}; - if (init) - { - init=0; -#ifndef OPENSSL_NO_ERR - ERR_load_strings(ERR_LIB_RSA,RSA_str_functs); - ERR_load_strings(ERR_LIB_RSA,RSA_str_reasons); #endif - } +void +ERR_load_RSA_strings(void) +{ +#ifndef OPENSSL_NO_ERR + if (ERR_func_error_string(RSA_str_functs[0].error) == NULL) { + ERR_load_strings(0, RSA_str_functs); + ERR_load_strings(0, RSA_str_reasons); } +#endif +} diff --git a/src/lib/libcrypto/rsa/rsa_gen.c b/src/lib/libcrypto/rsa/rsa_gen.c index 00c25adbc58..596eb8eb783 100644 --- a/src/lib/libcrypto/rsa/rsa_gen.c +++ b/src/lib/libcrypto/rsa/rsa_gen.c @@ -1,25 +1,25 @@ -/* crypto/rsa/rsa_gen.c */ +/* $OpenBSD: rsa_gen.c,v 1.22 2017/01/29 17:49:23 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,149 +49,182 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ + +/* NB: these functions have been "upgraded", the deprecated versions (which are + * compatibility wrappers using these functions) are in rsa_depr.c. + * - Geoff + */ + #include #include -#include "cryptlib.h" + #include +#include #include -RSA *RSA_generate_key(int bits, unsigned long e_value, - void (*callback)(int,int,void *), void *cb_arg) - { - RSA *rsa=NULL; - BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp; - int bitsp,bitsq,ok= -1,n=0,i; - BN_CTX *ctx=NULL,*ctx2=NULL; - - ctx=BN_CTX_new(); - if (ctx == NULL) goto err; - ctx2=BN_CTX_new(); - if (ctx2 == NULL) goto err; +#include "bn_lcl.h" + +static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb); + +/* + * NB: this wrapper would normally be placed in rsa_lib.c and the static + * implementation would probably be in rsa_eay.c. Nonetheless, is kept here so + * that we don't introduce a new linker dependency. Eg. any application that + * wasn't previously linking object code related to key-generation won't have to + * now just because key-generation is part of RSA_METHOD. + */ +int +RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) +{ + if (rsa->meth->rsa_keygen) + return rsa->meth->rsa_keygen(rsa, bits, e_value, cb); + return rsa_builtin_keygen(rsa, bits, e_value, cb); +} + +static int +rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) +{ + BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *r3 = NULL, *tmp; + BIGNUM pr0, d, p; + int bitsp, bitsq, ok = -1, n = 0; + BN_CTX *ctx = NULL; + + ctx = BN_CTX_new(); + if (ctx == NULL) + goto err; BN_CTX_start(ctx); - r0 = BN_CTX_get(ctx); - r1 = BN_CTX_get(ctx); - r2 = BN_CTX_get(ctx); - r3 = BN_CTX_get(ctx); - if (r3 == NULL) goto err; - - bitsp=(bits+1)/2; - bitsq=bits-bitsp; - rsa=RSA_new(); - if (rsa == NULL) goto err; - - /* set e */ - rsa->e=BN_new(); - if (rsa->e == NULL) goto err; - -#if 1 - /* The problem is when building with 8, 16, or 32 BN_ULONG, - * unsigned long can be larger */ - for (i=0; ie,i); - } -#else - if (!BN_set_word(rsa->e,e_value)) goto err; -#endif + if ((r0 = BN_CTX_get(ctx)) == NULL) + goto err; + if ((r1 = BN_CTX_get(ctx)) == NULL) + goto err; + if ((r2 = BN_CTX_get(ctx)) == NULL) + goto err; + if ((r3 = BN_CTX_get(ctx)) == NULL) + goto err; + + bitsp = (bits + 1) / 2; + bitsq = bits - bitsp; + + /* We need the RSA components non-NULL */ + if (!rsa->n && ((rsa->n = BN_new()) == NULL)) + goto err; + if (!rsa->d && ((rsa->d = BN_new()) == NULL)) + goto err; + if (!rsa->e && ((rsa->e = BN_new()) == NULL)) + goto err; + if (!rsa->p && ((rsa->p = BN_new()) == NULL)) + goto err; + if (!rsa->q && ((rsa->q = BN_new()) == NULL)) + goto err; + if (!rsa->dmp1 && ((rsa->dmp1 = BN_new()) == NULL)) + goto err; + if (!rsa->dmq1 && ((rsa->dmq1 = BN_new()) == NULL)) + goto err; + if (!rsa->iqmp && ((rsa->iqmp = BN_new()) == NULL)) + goto err; + + BN_copy(rsa->e, e_value); /* generate p and q */ - for (;;) - { - rsa->p=BN_generate_prime(NULL,bitsp,0,NULL,NULL,callback,cb_arg); - if (rsa->p == NULL) goto err; - if (!BN_sub(r2,rsa->p,BN_value_one())) goto err; - if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err; - if (BN_is_one(r1)) break; - if (callback != NULL) callback(2,n++,cb_arg); - BN_free(rsa->p); - } - if (callback != NULL) callback(3,0,cb_arg); - for (;;) - { - rsa->q=BN_generate_prime(NULL,bitsq,0,NULL,NULL,callback,cb_arg); - if (rsa->q == NULL) goto err; - if (!BN_sub(r2,rsa->q,BN_value_one())) goto err; - if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err; - if (BN_is_one(r1) && (BN_cmp(rsa->p,rsa->q) != 0)) + for (;;) { + if (!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb)) + goto err; + if (!BN_sub(r2, rsa->p, BN_value_one())) + goto err; + if (!BN_gcd_ct(r1, r2, rsa->e, ctx)) + goto err; + if (BN_is_one(r1)) break; - if (callback != NULL) callback(2,n++,cb_arg); - BN_free(rsa->q); - } - if (callback != NULL) callback(3,1,cb_arg); - if (BN_cmp(rsa->p,rsa->q) < 0) - { - tmp=rsa->p; - rsa->p=rsa->q; - rsa->q=tmp; + if (!BN_GENCB_call(cb, 2, n++)) + goto err; + } + if (!BN_GENCB_call(cb, 3, 0)) + goto err; + for (;;) { + /* + * When generating ridiculously small keys, we can get stuck + * continually regenerating the same prime values. Check for + * this and bail if it happens 3 times. + */ + unsigned int degenerate = 0; + do { + if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, + cb)) + goto err; + } while (BN_cmp(rsa->p, rsa->q) == 0 && + ++degenerate < 3); + if (degenerate == 3) { + ok = 0; /* we set our own err */ + RSAerror(RSA_R_KEY_SIZE_TOO_SMALL); + goto err; } + if (!BN_sub(r2, rsa->q, BN_value_one())) + goto err; + if (!BN_gcd_ct(r1, r2, rsa->e, ctx)) + goto err; + if (BN_is_one(r1)) + break; + if (!BN_GENCB_call(cb, 2, n++)) + goto err; + } + if (!BN_GENCB_call(cb, 3, 1)) + goto err; + if (BN_cmp(rsa->p, rsa->q) < 0) { + tmp = rsa->p; + rsa->p = rsa->q; + rsa->q = tmp; + } /* calculate n */ - rsa->n=BN_new(); - if (rsa->n == NULL) goto err; - if (!BN_mul(rsa->n,rsa->p,rsa->q,ctx)) goto err; + if (!BN_mul(rsa->n, rsa->p, rsa->q, ctx)) + goto err; /* calculate d */ - if (!BN_sub(r1,rsa->p,BN_value_one())) goto err; /* p-1 */ - if (!BN_sub(r2,rsa->q,BN_value_one())) goto err; /* q-1 */ - if (!BN_mul(r0,r1,r2,ctx)) goto err; /* (p-1)(q-1) */ - -/* should not be needed, since gcd(p-1,e) == 1 and gcd(q-1,e) == 1 */ -/* for (;;) - { - if (!BN_gcd(r3,r0,rsa->e,ctx)) goto err; - if (BN_is_one(r3)) break; - - if (1) - { - if (!BN_add_word(rsa->e,2L)) goto err; - continue; - } - RSAerr(RSA_F_RSA_GENERATE_KEY,RSA_R_BAD_E_VALUE); + if (!BN_sub(r1, rsa->p, BN_value_one())) /* p-1 */ goto err; - } -*/ - rsa->d=BN_mod_inverse(NULL,rsa->e,r0,ctx2); /* d */ - if (rsa->d == NULL) goto err; + if (!BN_sub(r2, rsa->q, BN_value_one())) /* q-1 */ + goto err; + if (!BN_mul(r0, r1, r2, ctx)) /* (p-1)(q-1) */ + goto err; + + BN_with_flags(&pr0, r0, BN_FLG_CONSTTIME); + + if (!BN_mod_inverse_ct(rsa->d, rsa->e, &pr0, ctx)) /* d */ + goto err; + + /* set up d for correct BN_FLG_CONSTTIME flag */ + BN_with_flags(&d, rsa->d, BN_FLG_CONSTTIME); /* calculate d mod (p-1) */ - rsa->dmp1=BN_new(); - if (rsa->dmp1 == NULL) goto err; - if (!BN_mod(rsa->dmp1,rsa->d,r1,ctx)) goto err; + if (!BN_mod_ct(rsa->dmp1, &d, r1, ctx)) + goto err; /* calculate d mod (q-1) */ - rsa->dmq1=BN_new(); - if (rsa->dmq1 == NULL) goto err; - if (!BN_mod(rsa->dmq1,rsa->d,r2,ctx)) goto err; + if (!BN_mod_ct(rsa->dmq1, &d, r2, ctx)) + goto err; /* calculate inverse of q mod p */ - rsa->iqmp=BN_mod_inverse(NULL,rsa->q,rsa->p,ctx2); - if (rsa->iqmp == NULL) goto err; + BN_with_flags(&p, rsa->p, BN_FLG_CONSTTIME); + if (!BN_mod_inverse_ct(rsa->iqmp, rsa->q, &p, ctx)) + goto err; - ok=1; + ok = 1; err: - if (ok == -1) - { - RSAerr(RSA_F_RSA_GENERATE_KEY,ERR_LIB_BN); - ok=0; - } - BN_CTX_end(ctx); - BN_CTX_free(ctx); - BN_CTX_free(ctx2); - - if (!ok) - { - if (rsa != NULL) RSA_free(rsa); - return(NULL); - } - else - return(rsa); + if (ok == -1) { + RSAerror(ERR_LIB_BN); + ok = 0; + } + if (ctx != NULL) { + BN_CTX_end(ctx); + BN_CTX_free(ctx); } + return ok; +} diff --git a/src/lib/libcrypto/rsa/rsa_lib.c b/src/lib/libcrypto/rsa/rsa_lib.c index 93235744f7a..84e1dc7eaf7 100644 --- a/src/lib/libcrypto/rsa/rsa_lib.c +++ b/src/lib/libcrypto/rsa/rsa_lib.c @@ -1,25 +1,25 @@ -/* crypto/rsa/rsa_lib.c */ +/* $OpenBSD: rsa_lib.c,v 1.37 2018/04/14 07:09:21 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,323 +57,311 @@ */ #include + +#include + +#include #include -#include "cryptlib.h" +#include #include -#include #include + +#ifndef OPENSSL_NO_ENGINE #include +#endif -const char *RSA_version="RSA" OPENSSL_VERSION_PTEXT; +static const RSA_METHOD *default_RSA_meth = NULL; -static const RSA_METHOD *default_RSA_meth=NULL; +RSA * +RSA_new(void) +{ + RSA *r = RSA_new_method(NULL); -RSA *RSA_new(void) - { - return(RSA_new_method(NULL)); - } + return r; +} -void RSA_set_default_method(const RSA_METHOD *meth) - { +void +RSA_set_default_method(const RSA_METHOD *meth) +{ default_RSA_meth = meth; - } +} -const RSA_METHOD *RSA_get_default_method(void) - { +const RSA_METHOD * +RSA_get_default_method(void) +{ if (default_RSA_meth == NULL) - { -#ifdef RSA_NULL - default_RSA_meth=RSA_null_method(); -#else -#if 0 /* was: #ifdef RSAref */ - default_RSA_meth=RSA_PKCS1_RSAref(); -#else - default_RSA_meth=RSA_PKCS1_SSLeay(); -#endif -#endif - } + default_RSA_meth = RSA_PKCS1_SSLeay(); return default_RSA_meth; - } +} -const RSA_METHOD *RSA_get_method(const RSA *rsa) - { +const RSA_METHOD * +RSA_get_method(const RSA *rsa) +{ return rsa->meth; - } - -int RSA_set_method(RSA *rsa, const RSA_METHOD *meth) - { - /* NB: The caller is specifically setting a method, so it's not up to us - * to deal with which ENGINE it comes from. */ +} + +int +RSA_set_method(RSA *rsa, const RSA_METHOD *meth) +{ + /* + * NB: The caller is specifically setting a method, so it's not up to us + * to deal with which ENGINE it comes from. + */ const RSA_METHOD *mtmp; + mtmp = rsa->meth; - if (mtmp->finish) mtmp->finish(rsa); - if (rsa->engine) - { - ENGINE_finish(rsa->engine); - rsa->engine = NULL; - } + if (mtmp->finish) + mtmp->finish(rsa); +#ifndef OPENSSL_NO_ENGINE + ENGINE_finish(rsa->engine); + rsa->engine = NULL; +#endif rsa->meth = meth; - if (meth->init) meth->init(rsa); + if (meth->init) + meth->init(rsa); return 1; - } +} -RSA *RSA_new_method(ENGINE *engine) - { +RSA * +RSA_new_method(ENGINE *engine) +{ RSA *ret; - ret=(RSA *)OPENSSL_malloc(sizeof(RSA)); - if (ret == NULL) - { - RSAerr(RSA_F_RSA_NEW_METHOD,ERR_R_MALLOC_FAILURE); + ret = malloc(sizeof(RSA)); + if (ret == NULL) { + RSAerror(ERR_R_MALLOC_FAILURE); return NULL; - } + } ret->meth = RSA_get_default_method(); - if (engine) - { - if (!ENGINE_init(engine)) - { - RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB); - OPENSSL_free(ret); +#ifndef OPENSSL_NO_ENGINE + if (engine) { + if (!ENGINE_init(engine)) { + RSAerror(ERR_R_ENGINE_LIB); + free(ret); return NULL; - } - ret->engine = engine; } - else + ret->engine = engine; + } else ret->engine = ENGINE_get_default_RSA(); - if(ret->engine) - { + if (ret->engine) { ret->meth = ENGINE_get_RSA(ret->engine); - if(!ret->meth) - { - RSAerr(RSA_F_RSA_NEW_METHOD, - ERR_R_ENGINE_LIB); + if (ret->meth == NULL) { + RSAerror(ERR_R_ENGINE_LIB); ENGINE_finish(ret->engine); - OPENSSL_free(ret); + free(ret); return NULL; - } } + } +#endif - ret->pad=0; - ret->version=0; - ret->n=NULL; - ret->e=NULL; - ret->d=NULL; - ret->p=NULL; - ret->q=NULL; - ret->dmp1=NULL; - ret->dmq1=NULL; - ret->iqmp=NULL; - ret->references=1; - ret->_method_mod_n=NULL; - ret->_method_mod_p=NULL; - ret->_method_mod_q=NULL; - ret->blinding=NULL; - ret->bignum_data=NULL; - ret->flags=ret->meth->flags; - CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data); - if ((ret->meth->init != NULL) && !ret->meth->init(ret)) - { - if (ret->engine) - ENGINE_finish(ret->engine); + ret->pad = 0; + ret->version = 0; + ret->n = NULL; + ret->e = NULL; + ret->d = NULL; + ret->p = NULL; + ret->q = NULL; + ret->dmp1 = NULL; + ret->dmq1 = NULL; + ret->iqmp = NULL; + ret->references = 1; + ret->_method_mod_n = NULL; + ret->_method_mod_p = NULL; + ret->_method_mod_q = NULL; + ret->blinding = NULL; + ret->mt_blinding = NULL; + ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW; + if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) { +#ifndef OPENSSL_NO_ENGINE + ENGINE_finish(ret->engine); +#endif + free(ret); + return NULL; + } + + if (ret->meth->init != NULL && !ret->meth->init(ret)) { +#ifndef OPENSSL_NO_ENGINE + ENGINE_finish(ret->engine); +#endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data); - OPENSSL_free(ret); - ret=NULL; - } - return(ret); + free(ret); + ret = NULL; } + return ret; +} -void RSA_free(RSA *r) - { +void +RSA_free(RSA *r) +{ int i; - if (r == NULL) return; + if (r == NULL) + return; - i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_RSA); -#ifdef REF_PRINT - REF_PRINT("RSA",r); -#endif - if (i > 0) return; -#ifdef REF_CHECK - if (i < 0) - { - fprintf(stderr,"RSA_free, bad reference count\n"); - abort(); - } -#endif + i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_RSA); + if (i > 0) + return; if (r->meth->finish) r->meth->finish(r); - if (r->engine) - ENGINE_finish(r->engine); +#ifndef OPENSSL_NO_ENGINE + ENGINE_finish(r->engine); +#endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data); - if (r->n != NULL) BN_clear_free(r->n); - if (r->e != NULL) BN_clear_free(r->e); - if (r->d != NULL) BN_clear_free(r->d); - if (r->p != NULL) BN_clear_free(r->p); - if (r->q != NULL) BN_clear_free(r->q); - if (r->dmp1 != NULL) BN_clear_free(r->dmp1); - if (r->dmq1 != NULL) BN_clear_free(r->dmq1); - if (r->iqmp != NULL) BN_clear_free(r->iqmp); - if (r->blinding != NULL) BN_BLINDING_free(r->blinding); - if (r->bignum_data != NULL) OPENSSL_free_locked(r->bignum_data); - OPENSSL_free(r); - } - -int RSA_up_ref(RSA *r) - { + BN_clear_free(r->n); + BN_clear_free(r->e); + BN_clear_free(r->d); + BN_clear_free(r->p); + BN_clear_free(r->q); + BN_clear_free(r->dmp1); + BN_clear_free(r->dmq1); + BN_clear_free(r->iqmp); + BN_BLINDING_free(r->blinding); + BN_BLINDING_free(r->mt_blinding); + free(r); +} + +int +RSA_up_ref(RSA *r) +{ int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_RSA); -#ifdef REF_PRINT - REF_PRINT("RSA",r); -#endif -#ifdef REF_CHECK - if (i < 2) - { - fprintf(stderr, "RSA_up_ref, bad reference count\n"); - abort(); - } -#endif - return ((i > 1) ? 1 : 0); - } + return i > 1 ? 1 : 0; +} -int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) - { +int +RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) +{ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, argl, argp, - new_func, dup_func, free_func); - } - -int RSA_set_ex_data(RSA *r, int idx, void *arg) - { - return(CRYPTO_set_ex_data(&r->ex_data,idx,arg)); + new_func, dup_func, free_func); +} + +int +RSA_set_ex_data(RSA *r, int idx, void *arg) +{ + return CRYPTO_set_ex_data(&r->ex_data, idx, arg); +} + +void * +RSA_get_ex_data(const RSA *r, int idx) +{ + return CRYPTO_get_ex_data(&r->ex_data, idx); +} + +void +RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) +{ + if (n != NULL) + *n = r->n; + if (e != NULL) + *e = r->e; + if (d != NULL) + *d = r->d; +} + +int +RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) +{ + if ((r->n == NULL && n == NULL) || (r->e == NULL && e == NULL)) + return 0; + + if (n != NULL) { + BN_free(r->n); + r->n = n; } - -void *RSA_get_ex_data(const RSA *r, int idx) - { - return(CRYPTO_get_ex_data(&r->ex_data,idx)); + if (e != NULL) { + BN_free(r->e); + r->e = e; } - -int RSA_size(const RSA *r) - { - return(BN_num_bytes(r->n)); + if (d != NULL) { + BN_free(r->d); + r->d = d; } -int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to, - RSA *rsa, int padding) - { - return(rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding)); - } - -int RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to, - RSA *rsa, int padding) - { - return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding)); - } - -int RSA_private_decrypt(int flen, const unsigned char *from, unsigned char *to, - RSA *rsa, int padding) - { - return(rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding)); + return 1; +} + +void +RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, + const BIGNUM **iqmp) +{ + if (dmp1 != NULL) + *dmp1 = r->dmp1; + if (dmq1 != NULL) + *dmq1 = r->dmq1; + if (iqmp != NULL) + *iqmp = r->iqmp; +} + +int +RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp) +{ + if ((r->dmp1 == NULL && dmp1 == NULL) || + (r->dmq1 == NULL && dmq1 == NULL) || + (r->iqmp == NULL && iqmp == NULL)) + return 0; + + if (dmp1 != NULL) { + BN_free(r->dmp1); + r->dmp1 = dmp1; } - -int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to, - RSA *rsa, int padding) - { - return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding)); + if (dmq1 != NULL) { + BN_free(r->dmq1); + r->dmq1 = dmq1; } - -int RSA_flags(const RSA *r) - { - return((r == NULL)?0:r->meth->flags); + if (iqmp != NULL) { + BN_free(r->iqmp); + r->iqmp = iqmp; } -void RSA_blinding_off(RSA *rsa) - { - if (rsa->blinding != NULL) - { - BN_BLINDING_free(rsa->blinding); - rsa->blinding=NULL; - } - rsa->flags&= ~RSA_FLAG_BLINDING; + return 1; +} + +void +RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q) +{ + if (p != NULL) + *p = r->p; + if (q != NULL) + *q = r->q; +} + +int +RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q) +{ + if ((r->p == NULL && p == NULL) || (r->q == NULL && q == NULL)) + return 0; + + if (p != NULL) { + BN_free(r->p); + r->p = p; } - -int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx) - { - BIGNUM *A,*Ai; - BN_CTX *ctx; - int ret=0; - - if (p_ctx == NULL) - { - if ((ctx=BN_CTX_new()) == NULL) goto err; - } - else - ctx=p_ctx; - - if (rsa->blinding != NULL) - BN_BLINDING_free(rsa->blinding); - - BN_CTX_start(ctx); - A = BN_CTX_get(ctx); - if (!BN_rand_range(A,rsa->n)) goto err; - if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err; - - if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,rsa->_method_mod_n)) - goto err; - rsa->blinding=BN_BLINDING_new(A,Ai,rsa->n); - rsa->flags|=RSA_FLAG_BLINDING; - BN_free(Ai); - ret=1; -err: - BN_CTX_end(ctx); - if (ctx != p_ctx) BN_CTX_free(ctx); - return(ret); + if (q != NULL) { + BN_free(r->q); + r->q = q; } -int RSA_memory_lock(RSA *r) - { - int i,j,k,off; - char *p; - BIGNUM *bn,**t[6],*b; - BN_ULONG *ul; - - if (r->d == NULL) return(1); - t[0]= &r->d; - t[1]= &r->p; - t[2]= &r->q; - t[3]= &r->dmp1; - t[4]= &r->dmq1; - t[5]= &r->iqmp; - k=sizeof(BIGNUM)*6; - off=k/sizeof(BN_ULONG)+1; - j=1; - for (i=0; i<6; i++) - j+= (*t[i])->top; - if ((p=OPENSSL_malloc_locked((off+j)*sizeof(BN_ULONG))) == NULL) - { - RSAerr(RSA_F_MEMORY_LOCK,ERR_R_MALLOC_FAILURE); - return(0); - } - bn=(BIGNUM *)p; - ul=(BN_ULONG *)&(p[off]); - for (i=0; i<6; i++) - { - b= *(t[i]); - *(t[i])= &(bn[i]); - memcpy((char *)&(bn[i]),(char *)b,sizeof(BIGNUM)); - bn[i].flags=BN_FLG_STATIC_DATA; - bn[i].d=ul; - memcpy((char *)ul,b->d,sizeof(BN_ULONG)*b->top); - ul+=b->top; - BN_clear_free(b); - } - - /* I should fix this so it can still be done */ - r->flags&= ~(RSA_FLAG_CACHE_PRIVATE|RSA_FLAG_CACHE_PUBLIC); - - r->bignum_data=p; - return(1); - } + return 1; +} + +void +RSA_clear_flags(RSA *r, int flags) +{ + r->flags &= ~flags; +} + +int +RSA_test_flags(const RSA *r, int flags) +{ + return r->flags & flags; +} + +void +RSA_set_flags(RSA *r, int flags) +{ + r->flags |= flags; +} diff --git a/src/lib/libcrypto/rsa/rsa_locl.h b/src/lib/libcrypto/rsa/rsa_locl.h new file mode 100644 index 00000000000..e949ee8aa98 --- /dev/null +++ b/src/lib/libcrypto/rsa/rsa_locl.h @@ -0,0 +1,9 @@ +/* $OpenBSD: rsa_locl.h,v 1.4 2016/12/21 15:49:29 jsing Exp $ */ + +__BEGIN_HIDDEN_DECLS + +extern int int_rsa_verify(int dtype, const unsigned char *m, + unsigned int m_len, unsigned char *rm, size_t *prm_len, + const unsigned char *sigbuf, size_t siglen, RSA *rsa); + +__END_HIDDEN_DECLS diff --git a/src/lib/libcrypto/rsa/rsa_meth.c b/src/lib/libcrypto/rsa/rsa_meth.c new file mode 100644 index 00000000000..ae613cc65c5 --- /dev/null +++ b/src/lib/libcrypto/rsa/rsa_meth.c @@ -0,0 +1,104 @@ +/* $OpenBSD: rsa_meth.c,v 1.2 2018/09/12 06:35:38 djm Exp $ */ +/* + * Copyright (c) 2018 Theo Buehler + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include + +#include +#include + +RSA_METHOD * +RSA_meth_new(const char *name, int flags) +{ + RSA_METHOD *meth; + + if ((meth = calloc(1, sizeof(*meth))) == NULL) + return NULL; + if ((meth->name = strdup(name)) == NULL) { + free(meth); + return NULL; + } + meth->flags = flags; + + return meth; +} + +void +RSA_meth_free(RSA_METHOD *meth) +{ + if (meth != NULL) { + free((char *)meth->name); + free(meth); + } +} + +RSA_METHOD * +RSA_meth_dup(const RSA_METHOD *meth) +{ + RSA_METHOD *copy; + + if ((copy = calloc(1, sizeof(*copy))) == NULL) + return NULL; + memcpy(copy, meth, sizeof(*copy)); + if ((copy->name = strdup(meth->name)) == NULL) { + free(copy); + return NULL; + } + + return copy; +} + +int +RSA_meth_set1_name(RSA_METHOD *meth, const char *name) +{ + char *copy; + + if ((copy = strdup(name)) == NULL) + return 0; + free((char *)meth->name); + meth->name = copy; + return 1; +} + +int +(*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa) +{ + return meth->finish; +} + +int +RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc)(int flen, + const unsigned char *from, unsigned char *to, RSA *rsa, int padding)) +{ + meth->rsa_priv_enc = priv_enc; + return 1; +} + +int +RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec)(int flen, + const unsigned char *from, unsigned char *to, RSA *rsa, int padding)) +{ + meth->rsa_priv_dec = priv_dec; + return 1; +} + +int +RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa)) +{ + meth->finish = finish; + return 1; +} diff --git a/src/lib/libcrypto/rsa/rsa_none.c b/src/lib/libcrypto/rsa/rsa_none.c index e6f3e627ca1..13d3449a9f4 100644 --- a/src/lib/libcrypto/rsa/rsa_none.c +++ b/src/lib/libcrypto/rsa/rsa_none.c @@ -1,25 +1,25 @@ -/* crypto/rsa/rsa_none.c */ +/* $OpenBSD: rsa_none.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,42 +57,40 @@ */ #include -#include "cryptlib.h" +#include + #include +#include #include -#include -int RSA_padding_add_none(unsigned char *to, int tlen, - const unsigned char *from, int flen) - { - if (flen > tlen) - { - RSAerr(RSA_F_RSA_PADDING_ADD_NONE,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); - return(0); - } - - if (flen < tlen) - { - RSAerr(RSA_F_RSA_PADDING_ADD_NONE,RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE); - return(0); - } - - memcpy(to,from,(unsigned int)flen); - return(1); +int +RSA_padding_add_none(unsigned char *to, int tlen, const unsigned char *from, + int flen) +{ + if (flen > tlen) { + RSAerror(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); + return 0; } -int RSA_padding_check_none(unsigned char *to, int tlen, - const unsigned char *from, int flen, int num) - { + if (flen < tlen) { + RSAerror(RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE); + return 0; + } - if (flen > tlen) - { - RSAerr(RSA_F_RSA_PADDING_CHECK_NONE,RSA_R_DATA_TOO_LARGE); - return(-1); - } + memcpy(to, from, flen); + return 1; +} - memset(to,0,tlen-flen); - memcpy(to+tlen-flen,from,flen); - return(tlen); +int +RSA_padding_check_none(unsigned char *to, int tlen, const unsigned char *from, + int flen, int num) +{ + if (flen > tlen) { + RSAerror(RSA_R_DATA_TOO_LARGE); + return -1; } + memset(to, 0, tlen - flen); + memcpy(to + tlen - flen, from, flen); + return tlen; +} diff --git a/src/lib/libcrypto/rsa/rsa_null.c b/src/lib/libcrypto/rsa/rsa_null.c deleted file mode 100644 index 64057fbdcf7..00000000000 --- a/src/lib/libcrypto/rsa/rsa_null.c +++ /dev/null @@ -1,150 +0,0 @@ -/* rsa_null.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 1999. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include "cryptlib.h" -#include -#include -#include - -/* This is a dummy RSA implementation that just returns errors when called. - * It is designed to allow some RSA functions to work while stopping those - * covered by the RSA patent. That is RSA, encryption, decryption, signing - * and verify is not allowed but RSA key generation, key checking and other - * operations (like storing RSA keys) are permitted. - */ - -static int RSA_null_public_encrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa,int padding); -static int RSA_null_private_encrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa,int padding); -static int RSA_null_public_decrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa,int padding); -static int RSA_null_private_decrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa,int padding); -#if 0 /* not currently used */ -static int RSA_null_mod_exp(const BIGNUM *r0, const BIGNUM *i, RSA *rsa); -#endif -static int RSA_null_init(RSA *rsa); -static int RSA_null_finish(RSA *rsa); -static RSA_METHOD rsa_null_meth={ - "Null RSA", - RSA_null_public_encrypt, - RSA_null_public_decrypt, - RSA_null_private_encrypt, - RSA_null_private_decrypt, - NULL, - NULL, - RSA_null_init, - RSA_null_finish, - 0, - NULL, - }; - -const RSA_METHOD *RSA_null_method(void) - { - return(&rsa_null_meth); - } - -static int RSA_null_public_encrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding) - { - RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); - return -1; - } - -static int RSA_null_private_encrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding) - { - RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); - return -1; - } - -static int RSA_null_private_decrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding) - { - RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); - return -1; - } - -static int RSA_null_public_decrypt(int flen, const unsigned char *from, - unsigned char *to, RSA *rsa, int padding) - { - RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); - return -1; - } - -#if 0 /* not currently used */ -static int RSA_null_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa) - { - RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED); - return -1; - } -#endif - -static int RSA_null_init(RSA *rsa) - { - return(1); - } - -static int RSA_null_finish(RSA *rsa) - { - return(1); - } - - diff --git a/src/lib/libcrypto/rsa/rsa_oaep.c b/src/lib/libcrypto/rsa/rsa_oaep.c index e3f7c608ec8..c463a885d27 100644 --- a/src/lib/libcrypto/rsa/rsa_oaep.c +++ b/src/lib/libcrypto/rsa/rsa_oaep.c @@ -1,4 +1,4 @@ -/* crypto/rsa/rsa_oaep.c */ +/* $OpenBSD: rsa_oaep.c,v 1.29 2018/08/19 20:17:20 tb Exp $ */ /* Written by Ulf Moeller. This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. */ @@ -8,7 +8,7 @@ * * for problems with the security proof for the * original OAEP scheme, which EME-OAEP is based on. - * + * * A new proof can be found in E. Fujisaki, T. Okamoto, * D. Pointcheval, J. Stern, "RSA-OEAP is Still Alive!", * Dec. 2000, . @@ -18,189 +18,219 @@ * an equivalent notion. */ +#include +#include +#include + +#include #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) -#include -#include "cryptlib.h" + #include -#include +#include #include -#include +#include #include -int MGF1(unsigned char *mask, long len, - const unsigned char *seed, long seedlen); +static int MGF1(unsigned char *mask, long len, const unsigned char *seed, + long seedlen); -int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, - const unsigned char *from, int flen, - const unsigned char *param, int plen) - { +int +RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, + const unsigned char *from, int flen, const unsigned char *param, int plen) +{ int i, emlen = tlen - 1; unsigned char *db, *seed; unsigned char *dbmask, seedmask[SHA_DIGEST_LENGTH]; - if (flen > emlen - 2 * SHA_DIGEST_LENGTH - 1) - { - RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, - RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); - return 0; - } - - if (emlen < 2 * SHA_DIGEST_LENGTH + 1) - { - RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, RSA_R_KEY_SIZE_TOO_SMALL); + if (flen > emlen - 2 * SHA_DIGEST_LENGTH - 1) { + RSAerror(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); return 0; - } + } - dbmask = OPENSSL_malloc(emlen - SHA_DIGEST_LENGTH); - if (dbmask == NULL) - { - RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE); + if (emlen < 2 * SHA_DIGEST_LENGTH + 1) { + RSAerror(RSA_R_KEY_SIZE_TOO_SMALL); return 0; - } + } to[0] = 0; seed = to + 1; db = to + SHA_DIGEST_LENGTH + 1; - EVP_Digest((void *)param, plen, db, NULL, EVP_sha1(), NULL); + if (!EVP_Digest((void *)param, plen, db, NULL, EVP_sha1(), NULL)) + return 0; memset(db + SHA_DIGEST_LENGTH, 0, - emlen - flen - 2 * SHA_DIGEST_LENGTH - 1); + emlen - flen - 2 * SHA_DIGEST_LENGTH - 1); db[emlen - flen - SHA_DIGEST_LENGTH - 1] = 0x01; - memcpy(db + emlen - flen - SHA_DIGEST_LENGTH, from, (unsigned int) flen); - if (RAND_bytes(seed, SHA_DIGEST_LENGTH) <= 0) + memcpy(db + emlen - flen - SHA_DIGEST_LENGTH, from, flen); + arc4random_buf(seed, SHA_DIGEST_LENGTH); + + dbmask = malloc(emlen - SHA_DIGEST_LENGTH); + if (dbmask == NULL) { + RSAerror(ERR_R_MALLOC_FAILURE); return 0; -#ifdef PKCS_TESTVECT - memcpy(seed, - "\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2\xf0\x6c\xb5\x8f", - 20); -#endif + } - MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH); + if (MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, + SHA_DIGEST_LENGTH) < 0) { + free(dbmask); + return 0; + } for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++) db[i] ^= dbmask[i]; - MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH); + if (MGF1(seedmask, SHA_DIGEST_LENGTH, db, + emlen - SHA_DIGEST_LENGTH) < 0) { + free(dbmask); + return 0; + } for (i = 0; i < SHA_DIGEST_LENGTH; i++) seed[i] ^= seedmask[i]; - OPENSSL_free(dbmask); + free(dbmask); return 1; - } +} -int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, - const unsigned char *from, int flen, int num, - const unsigned char *param, int plen) - { +int +RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, + const unsigned char *from, int flen, int num, const unsigned char *param, + int plen) +{ int i, dblen, mlen = -1; const unsigned char *maskeddb; int lzero; - unsigned char *db = NULL, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH]; + unsigned char *db = NULL; + unsigned char seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH]; + unsigned char *padded_from; int bad = 0; if (--num < 2 * SHA_DIGEST_LENGTH + 1) - /* 'num' is the length of the modulus, i.e. does not depend on the - * particular ciphertext. */ + /* + * 'num' is the length of the modulus, i.e. does not depend + * on the particular ciphertext. + */ goto decoding_err; lzero = num - flen; - if (lzero < 0) - { - /* lzero == -1 */ - - /* signalling this error immediately after detection might allow + if (lzero < 0) { + /* + * signalling this error immediately after detection might allow * for side-channel attacks (e.g. timing if 'plen' is huge - * -- cf. James H. Manger, "A Chosen Ciphertext Attack on RSA Optimal - * Asymmetric Encryption Padding (OAEP) [...]", CRYPTO 2001), - * so we use a 'bad' flag */ + * -- cf. James H. Manger, "A Chosen Ciphertext Attack on RSA + * Optimal Asymmetric Encryption Padding (OAEP) [...]", + * CRYPTO 2001), so we use a 'bad' flag + */ bad = 1; lzero = 0; - } - maskeddb = from - lzero + SHA_DIGEST_LENGTH; + flen = num; /* don't overflow the memcpy to padded_from */ + } dblen = num - SHA_DIGEST_LENGTH; - db = OPENSSL_malloc(dblen); - if (db == NULL) - { - RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE); + if ((db = malloc(dblen + num)) == NULL) { + RSAerror(ERR_R_MALLOC_FAILURE); return -1; - } + } - MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen); - for (i = lzero; i < SHA_DIGEST_LENGTH; i++) - seed[i] ^= from[i - lzero]; - - MGF1(db, dblen, seed, SHA_DIGEST_LENGTH); + /* + * Always do this zero-padding copy (even when lzero == 0) + * to avoid leaking timing info about the value of lzero. + */ + padded_from = db + dblen; + memset(padded_from, 0, lzero); + memcpy(padded_from + lzero, from, flen); + + maskeddb = padded_from + SHA_DIGEST_LENGTH; + + if (MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen)) + goto err; + for (i = 0; i < SHA_DIGEST_LENGTH; i++) + seed[i] ^= padded_from[i]; + + if (MGF1(db, dblen, seed, SHA_DIGEST_LENGTH)) + goto err; for (i = 0; i < dblen; i++) db[i] ^= maskeddb[i]; - EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL); + if (!EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL)) + goto err; - if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad) + if (timingsafe_memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad) goto decoding_err; - else - { + else { for (i = SHA_DIGEST_LENGTH; i < dblen; i++) if (db[i] != 0x00) break; - if (db[i] != 0x01 || i++ >= dblen) + if (i == dblen || db[i] != 0x01) goto decoding_err; - else - { + else { /* everything looks OK */ - mlen = dblen - i; - if (tlen < mlen) - { - RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE); + mlen = dblen - ++i; + if (tlen < mlen) { + RSAerror(RSA_R_DATA_TOO_LARGE); mlen = -1; - } - else + } else memcpy(to, db + i, mlen); - } } - OPENSSL_free(db); + } + free(db); return mlen; -decoding_err: - /* to avoid chosen ciphertext attacks, the error message should not reveal - * which kind of decoding error happened */ - RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR); - if (db != NULL) OPENSSL_free(db); + decoding_err: + /* + * To avoid chosen ciphertext attacks, the error message should not + * reveal which kind of decoding error happened + */ + RSAerror(RSA_R_OAEP_DECODING_ERROR); + err: + free(db); return -1; - } +} -int MGF1(unsigned char *mask, long len, - const unsigned char *seed, long seedlen) - { +int +PKCS1_MGF1(unsigned char *mask, long len, const unsigned char *seed, + long seedlen, const EVP_MD *dgst) +{ long i, outlen = 0; unsigned char cnt[4]; EVP_MD_CTX c; - unsigned char md[SHA_DIGEST_LENGTH]; + unsigned char md[EVP_MAX_MD_SIZE]; + int mdlen; + int rv = -1; EVP_MD_CTX_init(&c); - for (i = 0; outlen < len; i++) - { + mdlen = EVP_MD_size(dgst); + if (mdlen < 0) + goto err; + for (i = 0; outlen < len; i++) { cnt[0] = (unsigned char)((i >> 24) & 255); cnt[1] = (unsigned char)((i >> 16) & 255); cnt[2] = (unsigned char)((i >> 8)) & 255; cnt[3] = (unsigned char)(i & 255); - EVP_DigestInit_ex(&c,EVP_sha1(), NULL); - EVP_DigestUpdate(&c, seed, seedlen); - EVP_DigestUpdate(&c, cnt, 4); - if (outlen + SHA_DIGEST_LENGTH <= len) - { - EVP_DigestFinal_ex(&c, mask + outlen, NULL); - outlen += SHA_DIGEST_LENGTH; - } - else - { - EVP_DigestFinal_ex(&c, md, NULL); + if (!EVP_DigestInit_ex(&c, dgst, NULL) || + !EVP_DigestUpdate(&c, seed, seedlen) || + !EVP_DigestUpdate(&c, cnt, 4)) + goto err; + if (outlen + mdlen <= len) { + if (!EVP_DigestFinal_ex(&c, mask + outlen, NULL)) + goto err; + outlen += mdlen; + } else { + if (!EVP_DigestFinal_ex(&c, md, NULL)) + goto err; memcpy(mask + outlen, md, len - outlen); outlen = len; - } } - EVP_MD_CTX_cleanup(&c); - return 0; } + rv = 0; + err: + EVP_MD_CTX_cleanup(&c); + return rv; +} + +static int +MGF1(unsigned char *mask, long len, const unsigned char *seed, long seedlen) +{ + return PKCS1_MGF1(mask, len, seed, seedlen, EVP_sha1()); +} #endif diff --git a/src/lib/libcrypto/rsa/rsa_pk1.c b/src/lib/libcrypto/rsa/rsa_pk1.c index c1edd6764fc..6de263113f6 100644 --- a/src/lib/libcrypto/rsa/rsa_pk1.c +++ b/src/lib/libcrypto/rsa/rsa_pk1.c @@ -1,25 +1,25 @@ -/* crypto/rsa/rsa_pk1.c */ +/* $OpenBSD: rsa_pk1.c,v 1.15 2017/01/29 17:49:23 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,168 +57,157 @@ */ #include -#include "cryptlib.h" +#include +#include + #include +#include #include -#include -int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen, - const unsigned char *from, int flen) - { +int +RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen, + const unsigned char *from, int flen) +{ int j; unsigned char *p; - if (flen > (tlen-11)) - { - RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); - return(0); - } - - p=(unsigned char *)to; + if (flen > (tlen - RSA_PKCS1_PADDING_SIZE)) { + RSAerror(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); + return 0; + } - *(p++)=0; - *(p++)=1; /* Private Key BT (Block Type) */ + p = (unsigned char *)to; - /* pad out with 0xff data */ - j=tlen-3-flen; - memset(p,0xff,j); - p+=j; - *(p++)='\0'; - memcpy(p,from,(unsigned int)flen); - return(1); - } + *(p++) = 0; + *(p++) = 1; /* Private Key BT (Block Type) */ -int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen, - const unsigned char *from, int flen, int num) - { - int i,j; + /* pad out with 0xff data */ + j = tlen - 3 - flen; + memset(p, 0xff, j); + p += j; + *(p++) = '\0'; + memcpy(p, from, flen); + + return 1; +} + +int +RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen, + const unsigned char *from, int flen, int num) +{ + int i, j; const unsigned char *p; - p=from; - if ((num != (flen+1)) || (*(p++) != 01)) - { - RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_BLOCK_TYPE_IS_NOT_01); - return(-1); - } + p = from; + if (num != flen + 1 || *(p++) != 01) { + RSAerror(RSA_R_BLOCK_TYPE_IS_NOT_01); + return -1; + } /* scan over padding data */ - j=flen-1; /* one for type. */ - for (i=0; i tlen) - { - RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_DATA_TOO_LARGE); - return(-1); - } - memcpy(to,p,(unsigned int)j); - - return(j); + j -= i; + if (j > tlen) { + RSAerror(RSA_R_DATA_TOO_LARGE); + return -1; } + memcpy(to, p, j); + + return j; +} -int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen, - const unsigned char *from, int flen) - { - int i,j; +int +RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen, + const unsigned char *from, int flen) +{ + int i, j; unsigned char *p; - - if (flen > (tlen-11)) - { - RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); - return(0); - } - - p=(unsigned char *)to; - *(p++)=0; - *(p++)=2; /* Public Key BT (Block Type) */ + if (flen > tlen - 11) { + RSAerror(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); + return 0; + } + + p = (unsigned char *)to; + + *(p++) = 0; + *(p++) = 2; /* Public Key BT (Block Type) */ /* pad out with non-zero random data */ - j=tlen-3-flen; - - if (RAND_bytes(p,j) <= 0) - return(0); - for (i=0; i tlen) - { - RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_DATA_TOO_LARGE); - return(-1); - } - memcpy(to,p,(unsigned int)j); - - return(j); + j -= i; + if (j > tlen) { + RSAerror(RSA_R_DATA_TOO_LARGE); + return -1; } + memcpy(to, p, j); + return j; +} diff --git a/src/lib/libcrypto/rsa/rsa_pmeth.c b/src/lib/libcrypto/rsa/rsa_pmeth.c new file mode 100644 index 00000000000..ea6401b3dab --- /dev/null +++ b/src/lib/libcrypto/rsa/rsa_pmeth.c @@ -0,0 +1,584 @@ +/* $OpenBSD: rsa_pmeth.c,v 1.21 2018/09/05 00:55:33 djm Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2006. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include +#include + +#include + +#include +#include +#include +#include +#include +#include + + +#include "evp_locl.h" +#include "rsa_locl.h" + +/* RSA pkey context structure */ + +typedef struct { + /* Key gen parameters */ + int nbits; + BIGNUM *pub_exp; + /* Keygen callback info */ + int gentmp[2]; + /* RSA padding mode */ + int pad_mode; + /* message digest */ + const EVP_MD *md; + /* message digest for MGF1 */ + const EVP_MD *mgf1md; + /* PSS/OAEP salt length */ + int saltlen; + /* Temp buffer */ + unsigned char *tbuf; +} RSA_PKEY_CTX; + +static int +pkey_rsa_init(EVP_PKEY_CTX *ctx) +{ + RSA_PKEY_CTX *rctx; + + rctx = malloc(sizeof(RSA_PKEY_CTX)); + if (!rctx) + return 0; + rctx->nbits = 2048; + rctx->pub_exp = NULL; + rctx->pad_mode = RSA_PKCS1_PADDING; + rctx->md = NULL; + rctx->mgf1md = NULL; + rctx->tbuf = NULL; + + rctx->saltlen = -2; + + ctx->data = rctx; + ctx->keygen_info = rctx->gentmp; + ctx->keygen_info_count = 2; + + return 1; +} + +static int +pkey_rsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) +{ + RSA_PKEY_CTX *dctx, *sctx; + + if (!pkey_rsa_init(dst)) + return 0; + sctx = src->data; + dctx = dst->data; + dctx->nbits = sctx->nbits; + if (sctx->pub_exp) { + dctx->pub_exp = BN_dup(sctx->pub_exp); + if (!dctx->pub_exp) + return 0; + } + dctx->pad_mode = sctx->pad_mode; + dctx->md = sctx->md; + return 1; +} + +static int +setup_tbuf(RSA_PKEY_CTX *ctx, EVP_PKEY_CTX *pk) +{ + if (ctx->tbuf) + return 1; + ctx->tbuf = malloc(EVP_PKEY_size(pk->pkey)); + if (!ctx->tbuf) + return 0; + return 1; +} + +static void +pkey_rsa_cleanup(EVP_PKEY_CTX *ctx) +{ + RSA_PKEY_CTX *rctx = ctx->data; + + if (rctx) { + BN_free(rctx->pub_exp); + free(rctx->tbuf); + free(rctx); + } +} + +static int +pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen) +{ + int ret; + RSA_PKEY_CTX *rctx = ctx->data; + RSA *rsa = ctx->pkey->pkey.rsa; + + if (rctx->md) { + if (tbslen != (size_t)EVP_MD_size(rctx->md)) { + RSAerror(RSA_R_INVALID_DIGEST_LENGTH); + return -1; + } + + if (rctx->pad_mode == RSA_X931_PADDING) { + if (!setup_tbuf(rctx, ctx)) + return -1; + memcpy(rctx->tbuf, tbs, tbslen); + rctx->tbuf[tbslen] = + RSA_X931_hash_id(EVP_MD_type(rctx->md)); + ret = RSA_private_encrypt(tbslen + 1, rctx->tbuf, sig, + rsa, RSA_X931_PADDING); + } else if (rctx->pad_mode == RSA_PKCS1_PADDING) { + unsigned int sltmp; + + ret = RSA_sign(EVP_MD_type(rctx->md), tbs, tbslen, sig, + &sltmp, rsa); + if (ret <= 0) + return ret; + ret = sltmp; + } else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) { + if (!setup_tbuf(rctx, ctx)) + return -1; + if (!RSA_padding_add_PKCS1_PSS_mgf1(rsa, rctx->tbuf, + tbs, rctx->md, rctx->mgf1md, rctx->saltlen)) + return -1; + ret = RSA_private_encrypt(RSA_size(rsa), rctx->tbuf, + sig, rsa, RSA_NO_PADDING); + } else + return -1; + } else + ret = RSA_private_encrypt(tbslen, tbs, sig, ctx->pkey->pkey.rsa, + rctx->pad_mode); + if (ret < 0) + return ret; + *siglen = ret; + return 1; +} + +static int +pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx, unsigned char *rout, size_t *routlen, + const unsigned char *sig, size_t siglen) +{ + int ret; + RSA_PKEY_CTX *rctx = ctx->data; + + if (rctx->md) { + if (rctx->pad_mode == RSA_X931_PADDING) { + if (!setup_tbuf(rctx, ctx)) + return -1; + ret = RSA_public_decrypt(siglen, sig, rctx->tbuf, + ctx->pkey->pkey.rsa, RSA_X931_PADDING); + if (ret < 1) + return 0; + ret--; + if (rctx->tbuf[ret] != + RSA_X931_hash_id(EVP_MD_type(rctx->md))) { + RSAerror(RSA_R_ALGORITHM_MISMATCH); + return 0; + } + if (ret != EVP_MD_size(rctx->md)) { + RSAerror(RSA_R_INVALID_DIGEST_LENGTH); + return 0; + } + if (rout) + memcpy(rout, rctx->tbuf, ret); + } else if (rctx->pad_mode == RSA_PKCS1_PADDING) { + size_t sltmp; + + ret = int_rsa_verify(EVP_MD_type(rctx->md), NULL, 0, + rout, &sltmp, sig, siglen, ctx->pkey->pkey.rsa); + if (ret <= 0) + return 0; + ret = sltmp; + } else + return -1; + } else + ret = RSA_public_decrypt(siglen, sig, rout, ctx->pkey->pkey.rsa, + rctx->pad_mode); + if (ret < 0) + return ret; + *routlen = ret; + return 1; +} + +static int +pkey_rsa_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen) +{ + RSA_PKEY_CTX *rctx = ctx->data; + RSA *rsa = ctx->pkey->pkey.rsa; + size_t rslen; + + if (rctx->md) { + if (rctx->pad_mode == RSA_PKCS1_PADDING) + return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen, + sig, siglen, rsa); + if (rctx->pad_mode == RSA_X931_PADDING) { + if (pkey_rsa_verifyrecover(ctx, NULL, &rslen, sig, + siglen) <= 0) + return 0; + } else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) { + int ret; + + if (!setup_tbuf(rctx, ctx)) + return -1; + ret = RSA_public_decrypt(siglen, sig, rctx->tbuf, + rsa, RSA_NO_PADDING); + if (ret <= 0) + return 0; + ret = RSA_verify_PKCS1_PSS_mgf1(rsa, tbs, rctx->md, + rctx->mgf1md, rctx->tbuf, rctx->saltlen); + if (ret <= 0) + return 0; + return 1; + } else + return -1; + } else { + if (!setup_tbuf(rctx, ctx)) + return -1; + rslen = RSA_public_decrypt(siglen, sig, rctx->tbuf, rsa, + rctx->pad_mode); + if (rslen == 0) + return 0; + } + + if (rslen != tbslen || timingsafe_bcmp(tbs, rctx->tbuf, rslen)) + return 0; + + return 1; +} + +static int +pkey_rsa_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen) +{ + int ret; + RSA_PKEY_CTX *rctx = ctx->data; + + ret = RSA_public_encrypt(inlen, in, out, ctx->pkey->pkey.rsa, + rctx->pad_mode); + if (ret < 0) + return ret; + *outlen = ret; + return 1; +} + +static int +pkey_rsa_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen) +{ + int ret; + RSA_PKEY_CTX *rctx = ctx->data; + + ret = RSA_private_decrypt(inlen, in, out, ctx->pkey->pkey.rsa, + rctx->pad_mode); + if (ret < 0) + return ret; + *outlen = ret; + return 1; +} + +static int +check_padding_md(const EVP_MD *md, int padding) +{ + if (!md) + return 1; + + if (padding == RSA_NO_PADDING) { + RSAerror(RSA_R_INVALID_PADDING_MODE); + return 0; + } + + if (padding == RSA_X931_PADDING) { + if (RSA_X931_hash_id(EVP_MD_type(md)) == -1) { + RSAerror(RSA_R_INVALID_X931_DIGEST); + return 0; + } + return 1; + } + + return 1; +} + +static int +pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) +{ + RSA_PKEY_CTX *rctx = ctx->data; + + switch (type) { + case EVP_PKEY_CTRL_RSA_PADDING: + if (p1 >= RSA_PKCS1_PADDING && p1 <= RSA_PKCS1_PSS_PADDING) { + if (!check_padding_md(rctx->md, p1)) + return 0; + if (p1 == RSA_PKCS1_PSS_PADDING) { + if (!(ctx->operation & + (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY))) + goto bad_pad; + if (!rctx->md) + rctx->md = EVP_sha1(); + } + if (p1 == RSA_PKCS1_OAEP_PADDING) { + if (!(ctx->operation & EVP_PKEY_OP_TYPE_CRYPT)) + goto bad_pad; + if (!rctx->md) + rctx->md = EVP_sha1(); + } + rctx->pad_mode = p1; + return 1; + } +bad_pad: + RSAerror(RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE); + return -2; + + case EVP_PKEY_CTRL_GET_RSA_PADDING: + *(int *)p2 = rctx->pad_mode; + return 1; + + case EVP_PKEY_CTRL_RSA_PSS_SALTLEN: + case EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN: + if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING) { + RSAerror(RSA_R_INVALID_PSS_SALTLEN); + return -2; + } + if (type == EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN) + *(int *)p2 = rctx->saltlen; + else { + if (p1 < -2) + return -2; + rctx->saltlen = p1; + } + return 1; + + case EVP_PKEY_CTRL_RSA_KEYGEN_BITS: + if (p1 < 256) { + RSAerror(RSA_R_INVALID_KEYBITS); + return -2; + } + rctx->nbits = p1; + return 1; + + case EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP: + if (!p2) + return -2; + rctx->pub_exp = p2; + return 1; + + case EVP_PKEY_CTRL_MD: + if (!check_padding_md(p2, rctx->pad_mode)) + return 0; + rctx->md = p2; + return 1; + + case EVP_PKEY_CTRL_RSA_MGF1_MD: + case EVP_PKEY_CTRL_GET_RSA_MGF1_MD: + if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING) { + RSAerror(RSA_R_INVALID_MGF1_MD); + return -2; + } + if (type == EVP_PKEY_CTRL_GET_RSA_MGF1_MD) { + if (rctx->mgf1md) + *(const EVP_MD **)p2 = rctx->mgf1md; + else + *(const EVP_MD **)p2 = rctx->md; + } else + rctx->mgf1md = p2; + return 1; + + case EVP_PKEY_CTRL_DIGESTINIT: + case EVP_PKEY_CTRL_PKCS7_ENCRYPT: + case EVP_PKEY_CTRL_PKCS7_DECRYPT: + case EVP_PKEY_CTRL_PKCS7_SIGN: + return 1; + case EVP_PKEY_CTRL_PEER_KEY: + RSAerror(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + return -2; + + default: + return -2; + } +} + +static int +pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value) +{ + long lval; + char *ep; + + if (!value) { + RSAerror(RSA_R_VALUE_MISSING); + return 0; + } + if (!strcmp(type, "rsa_padding_mode")) { + int pm; + if (!strcmp(value, "pkcs1")) + pm = RSA_PKCS1_PADDING; + else if (!strcmp(value, "none")) + pm = RSA_NO_PADDING; + else if (!strcmp(value, "oeap")) + pm = RSA_PKCS1_OAEP_PADDING; + else if (!strcmp(value, "oaep")) + pm = RSA_PKCS1_OAEP_PADDING; + else if (!strcmp(value, "x931")) + pm = RSA_X931_PADDING; + else if (!strcmp(value, "pss")) + pm = RSA_PKCS1_PSS_PADDING; + else { + RSAerror(RSA_R_UNKNOWN_PADDING_TYPE); + return -2; + } + return EVP_PKEY_CTX_set_rsa_padding(ctx, pm); + } + + if (!strcmp(type, "rsa_pss_saltlen")) { + int saltlen; + + errno = 0; + lval = strtol(value, &ep, 10); + if (value[0] == '\0' || *ep != '\0') + goto not_a_number; + if ((errno == ERANGE && + (lval == LONG_MAX || lval == LONG_MIN)) || + (lval > INT_MAX || lval < INT_MIN)) + goto out_of_range; + saltlen = lval; + return EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, saltlen); + } + + if (!strcmp(type, "rsa_keygen_bits")) { + int nbits; + + errno = 0; + lval = strtol(value, &ep, 10); + if (value[0] == '\0' || *ep != '\0') + goto not_a_number; + if ((errno == ERANGE && + (lval == LONG_MAX || lval == LONG_MIN)) || + (lval > INT_MAX || lval < INT_MIN)) + goto out_of_range; + nbits = lval; + return EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, nbits); + } + + if (!strcmp(type, "rsa_keygen_pubexp")) { + int ret; + BIGNUM *pubexp = NULL; + + if (!BN_asc2bn(&pubexp, value)) + return 0; + ret = EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp); + if (ret <= 0) + BN_free(pubexp); + return ret; + } + +not_a_number: +out_of_range: + return -2; +} + +static int +pkey_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) +{ + RSA *rsa = NULL; + RSA_PKEY_CTX *rctx = ctx->data; + BN_GENCB *pcb, cb; + int ret; + + if (!rctx->pub_exp) { + rctx->pub_exp = BN_new(); + if (!rctx->pub_exp || !BN_set_word(rctx->pub_exp, RSA_F4)) + return 0; + } + rsa = RSA_new(); + if (!rsa) + return 0; + if (ctx->pkey_gencb) { + pcb = &cb; + evp_pkey_set_cb_translate(pcb, ctx); + } else + pcb = NULL; + ret = RSA_generate_key_ex(rsa, rctx->nbits, rctx->pub_exp, pcb); + if (ret > 0) + EVP_PKEY_assign_RSA(pkey, rsa); + else + RSA_free(rsa); + return ret; +} + +const EVP_PKEY_METHOD rsa_pkey_meth = { + .pkey_id = EVP_PKEY_RSA, + .flags = EVP_PKEY_FLAG_AUTOARGLEN, + + .init = pkey_rsa_init, + .copy = pkey_rsa_copy, + .cleanup = pkey_rsa_cleanup, + + .keygen = pkey_rsa_keygen, + + .sign = pkey_rsa_sign, + + .verify = pkey_rsa_verify, + + .verify_recover = pkey_rsa_verifyrecover, + + .encrypt = pkey_rsa_encrypt, + + .decrypt = pkey_rsa_decrypt, + + .ctrl = pkey_rsa_ctrl, + .ctrl_str = pkey_rsa_ctrl_str +}; diff --git a/src/lib/libcrypto/rsa/rsa_prn.c b/src/lib/libcrypto/rsa/rsa_prn.c new file mode 100644 index 00000000000..c46b08c00d9 --- /dev/null +++ b/src/lib/libcrypto/rsa/rsa_prn.c @@ -0,0 +1,93 @@ +/* $OpenBSD: rsa_prn.c,v 1.7 2017/01/29 17:49:23 beck Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2006. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include + +#include +#include +#include + +int +RSA_print_fp(FILE *fp, const RSA *x, int off) +{ + BIO *b; + int ret; + + if ((b = BIO_new(BIO_s_file())) == NULL) { + RSAerror(ERR_R_BUF_LIB); + return 0; + } + BIO_set_fp(b, fp, BIO_NOCLOSE); + ret = RSA_print(b, x, off); + BIO_free(b); + return ret; +} + +int +RSA_print(BIO *bp, const RSA *x, int off) +{ + EVP_PKEY *pk; + int ret; + + pk = EVP_PKEY_new(); + if (!pk || !EVP_PKEY_set1_RSA(pk, (RSA *)x)) + return 0; + ret = EVP_PKEY_print_private(bp, pk, off, NULL); + EVP_PKEY_free(pk); + return ret; +} diff --git a/src/lib/libcrypto/rsa/rsa_pss.c b/src/lib/libcrypto/rsa/rsa_pss.c new file mode 100644 index 00000000000..562f7b252c9 --- /dev/null +++ b/src/lib/libcrypto/rsa/rsa_pss.c @@ -0,0 +1,281 @@ +/* $OpenBSD: rsa_pss.c,v 1.13 2018/09/05 00:55:33 djm Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2005. + */ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include +#include + +#include +#include +#include +#include +#include + +static const unsigned char zeroes[] = { 0, 0, 0, 0, 0, 0, 0, 0 }; + +int +RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash, const EVP_MD *Hash, + const unsigned char *EM, int sLen) +{ + return RSA_verify_PKCS1_PSS_mgf1(rsa, mHash, Hash, NULL, EM, sLen); +} + +int +RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, + const EVP_MD *Hash, const EVP_MD *mgf1Hash, const unsigned char *EM, + int sLen) +{ + int i; + int ret = 0; + int hLen, maskedDBLen, MSBits, emLen; + const unsigned char *H; + unsigned char *DB = NULL; + EVP_MD_CTX ctx; + unsigned char H_[EVP_MAX_MD_SIZE]; + + EVP_MD_CTX_init(&ctx); + + if (mgf1Hash == NULL) + mgf1Hash = Hash; + + hLen = EVP_MD_size(Hash); + if (hLen < 0) + goto err; + /* + * Negative sLen has special meanings: + * -1 sLen == hLen + * -2 salt length is autorecovered from signature + * -N reserved + */ + if (sLen == -1) + sLen = hLen; + else if (sLen == -2) + sLen = -2; + else if (sLen < -2) { + RSAerror(RSA_R_SLEN_CHECK_FAILED); + goto err; + } + + MSBits = (BN_num_bits(rsa->n) - 1) & 0x7; + emLen = RSA_size(rsa); + if (EM[0] & (0xFF << MSBits)) { + RSAerror(RSA_R_FIRST_OCTET_INVALID); + goto err; + } + if (MSBits == 0) { + EM++; + emLen--; + } + if (emLen < (hLen + sLen + 2)) { + /* sLen can be small negative */ + RSAerror(RSA_R_DATA_TOO_LARGE); + goto err; + } + if (EM[emLen - 1] != 0xbc) { + RSAerror(RSA_R_LAST_OCTET_INVALID); + goto err; + } + maskedDBLen = emLen - hLen - 1; + H = EM + maskedDBLen; + DB = malloc(maskedDBLen); + if (!DB) { + RSAerror(ERR_R_MALLOC_FAILURE); + goto err; + } + if (PKCS1_MGF1(DB, maskedDBLen, H, hLen, mgf1Hash) < 0) + goto err; + for (i = 0; i < maskedDBLen; i++) + DB[i] ^= EM[i]; + if (MSBits) + DB[0] &= 0xFF >> (8 - MSBits); + for (i = 0; DB[i] == 0 && i < (maskedDBLen - 1); i++) + ; + if (DB[i++] != 0x1) { + RSAerror(RSA_R_SLEN_RECOVERY_FAILED); + goto err; + } + if (sLen >= 0 && (maskedDBLen - i) != sLen) { + RSAerror(RSA_R_SLEN_CHECK_FAILED); + goto err; + } + if (!EVP_DigestInit_ex(&ctx, Hash, NULL) || + !EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes) || + !EVP_DigestUpdate(&ctx, mHash, hLen)) + goto err; + if (maskedDBLen - i) { + if (!EVP_DigestUpdate(&ctx, DB + i, maskedDBLen - i)) + goto err; + } + if (!EVP_DigestFinal_ex(&ctx, H_, NULL)) + goto err; + if (timingsafe_bcmp(H_, H, hLen)) { + RSAerror(RSA_R_BAD_SIGNATURE); + ret = 0; + } else + ret = 1; + +err: + free(DB); + EVP_MD_CTX_cleanup(&ctx); + + return ret; +} + +int +RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM, + const unsigned char *mHash, const EVP_MD *Hash, int sLen) +{ + return RSA_padding_add_PKCS1_PSS_mgf1(rsa, EM, mHash, Hash, NULL, sLen); +} + +int +RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, + const unsigned char *mHash, const EVP_MD *Hash, const EVP_MD *mgf1Hash, + int sLen) +{ + int i; + int ret = 0; + int hLen, maskedDBLen, MSBits, emLen; + unsigned char *H, *salt = NULL, *p; + EVP_MD_CTX ctx; + + EVP_MD_CTX_init(&ctx); + + if (mgf1Hash == NULL) + mgf1Hash = Hash; + + hLen = EVP_MD_size(Hash); + if (hLen < 0) + goto err; + /* + * Negative sLen has special meanings: + * -1 sLen == hLen + * -2 salt length is maximized + * -N reserved + */ + if (sLen == -1) + sLen = hLen; + else if (sLen == -2) + sLen = -2; + else if (sLen < -2) { + RSAerror(RSA_R_SLEN_CHECK_FAILED); + goto err; + } + + MSBits = (BN_num_bits(rsa->n) - 1) & 0x7; + emLen = RSA_size(rsa); + if (MSBits == 0) { + *EM++ = 0; + emLen--; + } + if (sLen == -2) + sLen = emLen - hLen - 2; + else if (emLen < (hLen + sLen + 2)) { + RSAerror(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); + goto err; + } + if (sLen > 0) { + salt = malloc(sLen); + if (!salt) { + RSAerror(ERR_R_MALLOC_FAILURE); + goto err; + } + arc4random_buf(salt, sLen); + } + maskedDBLen = emLen - hLen - 1; + H = EM + maskedDBLen; + if (!EVP_DigestInit_ex(&ctx, Hash, NULL) || + !EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes) || + !EVP_DigestUpdate(&ctx, mHash, hLen)) + goto err; + if (sLen && !EVP_DigestUpdate(&ctx, salt, sLen)) + goto err; + if (!EVP_DigestFinal_ex(&ctx, H, NULL)) + goto err; + + /* Generate dbMask in place then perform XOR on it */ + if (PKCS1_MGF1(EM, maskedDBLen, H, hLen, mgf1Hash)) + goto err; + + p = EM; + + /* + * Initial PS XORs with all zeroes which is a NOP so just update + * pointer. Note from a test above this value is guaranteed to + * be non-negative. + */ + p += emLen - sLen - hLen - 2; + *p++ ^= 0x1; + if (sLen > 0) { + for (i = 0; i < sLen; i++) + *p++ ^= salt[i]; + } + if (MSBits) + EM[0] &= 0xFF >> (8 - MSBits); + + /* H is already in place so just set final 0xbc */ + EM[emLen - 1] = 0xbc; + + ret = 1; + +err: + free(salt); + EVP_MD_CTX_cleanup(&ctx); + + return ret; +} diff --git a/src/lib/libcrypto/rsa/rsa_saos.c b/src/lib/libcrypto/rsa/rsa_saos.c index 85adacc08fd..93492ac5035 100644 --- a/src/lib/libcrypto/rsa/rsa_saos.c +++ b/src/lib/libcrypto/rsa/rsa_saos.c @@ -1,25 +1,25 @@ -/* crypto/rsa/rsa_saos.c */ +/* $OpenBSD: rsa_saos.c,v 1.24 2018/09/05 00:55:33 djm Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,90 +57,85 @@ */ #include -#include "cryptlib.h" +#include + #include -#include +#include #include +#include #include -int RSA_sign_ASN1_OCTET_STRING(int type, - const unsigned char *m, unsigned int m_len, - unsigned char *sigret, unsigned int *siglen, RSA *rsa) - { +int +RSA_sign_ASN1_OCTET_STRING(int type, const unsigned char *m, unsigned int m_len, + unsigned char *sigret, unsigned int *siglen, RSA *rsa) +{ ASN1_OCTET_STRING sig; - int i,j,ret=1; - unsigned char *p,*s; + int i, j, ret = 1; + unsigned char *p, *s; - sig.type=V_ASN1_OCTET_STRING; - sig.length=m_len; - sig.data=(unsigned char *)m; + sig.type = V_ASN1_OCTET_STRING; + sig.length = m_len; + sig.data = (unsigned char *)m; - i=i2d_ASN1_OCTET_STRING(&sig,NULL); - j=RSA_size(rsa); - if ((i-RSA_PKCS1_PADDING) > j) - { - RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY); - return(0); - } - s=(unsigned char *)OPENSSL_malloc((unsigned int)j+1); - if (s == NULL) - { - RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE); - return(0); - } - p=s; - i2d_ASN1_OCTET_STRING(&sig,&p); - i=RSA_private_encrypt(i,s,sigret,rsa,RSA_PKCS1_PADDING); + i = i2d_ASN1_OCTET_STRING(&sig, NULL); + j = RSA_size(rsa); + if (i > (j - RSA_PKCS1_PADDING_SIZE)) { + RSAerror(RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY); + return 0; + } + s = malloc(j + 1); + if (s == NULL) { + RSAerror(ERR_R_MALLOC_FAILURE); + return 0; + } + p = s; + i2d_ASN1_OCTET_STRING(&sig, &p); + i = RSA_private_encrypt(i, s, sigret, rsa, RSA_PKCS1_PADDING); if (i <= 0) - ret=0; + ret = 0; else - *siglen=i; + *siglen = i; - memset(s,0,(unsigned int)j+1); - OPENSSL_free(s); - return(ret); - } + freezero(s, (unsigned int)j + 1); + return ret; +} -int RSA_verify_ASN1_OCTET_STRING(int dtype, - const unsigned char *m, - unsigned int m_len, unsigned char *sigbuf, unsigned int siglen, - RSA *rsa) - { - int i,ret=0; - unsigned char *p,*s; - ASN1_OCTET_STRING *sig=NULL; +int +RSA_verify_ASN1_OCTET_STRING(int dtype, const unsigned char *m, + unsigned int m_len, unsigned char *sigbuf, unsigned int siglen, RSA *rsa) +{ + int i, ret = 0; + unsigned char *s; + const unsigned char *p; + ASN1_OCTET_STRING *sig = NULL; - if (siglen != (unsigned int)RSA_size(rsa)) - { - RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,RSA_R_WRONG_SIGNATURE_LENGTH); - return(0); - } + if (siglen != (unsigned int)RSA_size(rsa)) { + RSAerror(RSA_R_WRONG_SIGNATURE_LENGTH); + return 0; + } - s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen); - if (s == NULL) - { - RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE); + s = malloc(siglen); + if (s == NULL) { + RSAerror(ERR_R_MALLOC_FAILURE); goto err; - } - i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING); + } + i = RSA_public_decrypt((int)siglen, sigbuf, s, rsa, RSA_PKCS1_PADDING); - if (i <= 0) goto err; + if (i <= 0) + goto err; - p=s; - sig=d2i_ASN1_OCTET_STRING(NULL,&p,(long)i); - if (sig == NULL) goto err; + p = s; + sig = d2i_ASN1_OCTET_STRING(NULL, &p, (long)i); + if (sig == NULL) + goto err; - if ( ((unsigned int)sig->length != m_len) || - (memcmp(m,sig->data,m_len) != 0)) - { - RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,RSA_R_BAD_SIGNATURE); - } - else - ret=1; + if ((unsigned int)sig->length != m_len || + timingsafe_bcmp(m, sig->data, m_len) != 0) { + RSAerror(RSA_R_BAD_SIGNATURE); + } else + ret = 1; err: - if (sig != NULL) M_ASN1_OCTET_STRING_free(sig); - memset(s,0,(unsigned int)siglen); - OPENSSL_free(s); - return(ret); - } - + ASN1_OCTET_STRING_free(sig); + freezero(s, (unsigned int)siglen); + return ret; +} diff --git a/src/lib/libcrypto/rsa/rsa_sign.c b/src/lib/libcrypto/rsa/rsa_sign.c index 2a440901de3..50e07f4f1e2 100644 --- a/src/lib/libcrypto/rsa/rsa_sign.c +++ b/src/lib/libcrypto/rsa/rsa_sign.c @@ -1,25 +1,25 @@ -/* crypto/rsa/rsa_sign.c */ +/* $OpenBSD: rsa_sign.c,v 1.31 2018/09/05 00:55:33 djm Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,172 +57,220 @@ */ #include -#include "cryptlib.h" +#include + #include -#include +#include #include +#include #include -#include + +#include "rsa_locl.h" /* Size of an SSL signature: MD5+SHA1 */ #define SSL_SIG_LENGTH 36 -int RSA_sign(int type, const unsigned char *m, unsigned int m_len, - unsigned char *sigret, unsigned int *siglen, RSA *rsa) - { +static int encode_pkcs1(unsigned char **, int *, int , const unsigned char *, + unsigned int); + +/* + * encode_pkcs1 encodes a DigestInfo prefix of hash `type' and digest `m', as + * described in EMSA-PKCS-v1_5-ENCODE, RFC 8017 section 9. step 2. This + * encodes the DigestInfo (T and tLen) but does not add the padding. + * + * On success, it returns one and sets `*out' to a newly allocated buffer + * containing the result and `*out_len' to its length. Freeing `*out' is + * the caller's responsibility. Failure is indicated by zero. + */ +static int +encode_pkcs1(unsigned char **out, int *out_len, int type, + const unsigned char *m, unsigned int m_len) +{ X509_SIG sig; - ASN1_TYPE parameter; - int i,j,ret=1; - unsigned char *p, *tmps = NULL; - const unsigned char *s = NULL; X509_ALGOR algor; + ASN1_TYPE parameter; ASN1_OCTET_STRING digest; - if((rsa->flags & RSA_FLAG_SIGN_VER) - && ENGINE_get_RSA(rsa->engine)->rsa_sign) - return ENGINE_get_RSA(rsa->engine)->rsa_sign(type, - m, m_len, sigret, siglen, rsa); - /* Special case: SSL signature, just check the length */ - if(type == NID_md5_sha1) { - if(m_len != SSL_SIG_LENGTH) { - RSAerr(RSA_F_RSA_SIGN,RSA_R_INVALID_MESSAGE_LENGTH); - return(0); - } - i = SSL_SIG_LENGTH; - s = m; - } else { - sig.algor= &algor; - sig.algor->algorithm=OBJ_nid2obj(type); - if (sig.algor->algorithm == NULL) - { - RSAerr(RSA_F_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE); - return(0); - } - if (sig.algor->algorithm->length == 0) - { - RSAerr(RSA_F_RSA_SIGN,RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD); - return(0); - } - parameter.type=V_ASN1_NULL; - parameter.value.ptr=NULL; - sig.algor->parameter= ¶meter; - - sig.digest= &digest; - sig.digest->data=(unsigned char *)m; /* TMP UGLY CAST */ - sig.digest->length=m_len; + uint8_t *der = NULL; + int len; - i=i2d_X509_SIG(&sig,NULL); + sig.algor = &algor; + if ((sig.algor->algorithm = OBJ_nid2obj(type)) == NULL) { + RSAerror(RSA_R_UNKNOWN_ALGORITHM_TYPE); + return 0; } - j=RSA_size(rsa); - if ((i-RSA_PKCS1_PADDING) > j) - { - RSAerr(RSA_F_RSA_SIGN,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY); - return(0); - } - if(type != NID_md5_sha1) { - tmps=(unsigned char *)OPENSSL_malloc((unsigned int)j+1); - if (tmps == NULL) - { - RSAerr(RSA_F_RSA_SIGN,ERR_R_MALLOC_FAILURE); - return(0); - } - p=tmps; - i2d_X509_SIG(&sig,&p); - s=tmps; + if (sig.algor->algorithm->length == 0) { + RSAerror( + RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD); + return 0; } - i=RSA_private_encrypt(i,s,sigret,rsa,RSA_PKCS1_PADDING); - if (i <= 0) - ret=0; - else - *siglen=i; - - if(type != NID_md5_sha1) { - memset(tmps,0,(unsigned int)j+1); - OPENSSL_free(tmps); + parameter.type = V_ASN1_NULL; + parameter.value.ptr = NULL; + sig.algor->parameter = ¶meter; + + sig.digest = &digest; + sig.digest->data = (unsigned char*)m; /* TMP UGLY CAST */ + sig.digest->length = m_len; + + if ((len = i2d_X509_SIG(&sig, &der)) < 0) + return 0; + + *out = der; + *out_len = len; + + return 1; +} + +int +RSA_sign(int type, const unsigned char *m, unsigned int m_len, + unsigned char *sigret, unsigned int *siglen, RSA *rsa) +{ + const unsigned char *encoded = NULL; + unsigned char *tmps = NULL; + int encrypt_len, encoded_len = 0, ret = 0; + + if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign != NULL) + return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa); + + /* Compute the encoded digest. */ + if (type == NID_md5_sha1) { + /* + * NID_md5_sha1 corresponds to the MD5/SHA1 combination in + * TLS 1.1 and earlier. It has no DigestInfo wrapper but + * otherwise is RSASSA-PKCS-v1.5. + */ + if (m_len != SSL_SIG_LENGTH) { + RSAerror(RSA_R_INVALID_DIGEST_LENGTH); + return 0; + } + encoded_len = SSL_SIG_LENGTH; + encoded = m; + } else { + if (!encode_pkcs1(&tmps, &encoded_len, type, m, m_len)) + goto err; + encoded = tmps; } - return(ret); + if (encoded_len > RSA_size(rsa) - RSA_PKCS1_PADDING_SIZE) { + RSAerror(RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY); + goto err; } + if ((encrypt_len = RSA_private_encrypt(encoded_len, encoded, sigret, + rsa, RSA_PKCS1_PADDING)) <= 0) + goto err; -int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, - unsigned char *sigbuf, unsigned int siglen, RSA *rsa) - { - int i,ret=0,sigtype; - unsigned char *p,*s; - X509_SIG *sig=NULL; - - if (siglen != (unsigned int)RSA_size(rsa)) - { - RSAerr(RSA_F_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH); - return(0); - } + *siglen = encrypt_len; + ret = 1; - if((rsa->flags & RSA_FLAG_SIGN_VER) - && ENGINE_get_RSA(rsa->engine)->rsa_verify) - return ENGINE_get_RSA(rsa->engine)->rsa_verify(dtype, - m, m_len, sigbuf, siglen, rsa); + err: + freezero(tmps, (size_t)encoded_len); + return (ret); +} - s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen); - if (s == NULL) - { - RSAerr(RSA_F_RSA_VERIFY,ERR_R_MALLOC_FAILURE); - goto err; - } - if((dtype == NID_md5_sha1) && (m_len != SSL_SIG_LENGTH) ) { - RSAerr(RSA_F_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH); - return(0); +/* + * int_rsa_verify verifies an RSA signature in `sigbuf' using `rsa'. It may be + * called in two modes. If `rm' is NULL, it verifies the signature for the + * digest `m'. Otherwise, it recovers the digest from the signature, writing the + * digest to `rm' and the length to `*prm_len'. `type' is the NID of the digest + * algorithm to use. It returns one on successful verification and zero + * otherwise. + */ +int +int_rsa_verify(int type, const unsigned char *m, unsigned int m_len, + unsigned char *rm, size_t *prm_len, const unsigned char *sigbuf, + size_t siglen, RSA *rsa) +{ + unsigned char *decrypt_buf, *encoded = NULL; + int decrypt_len, encoded_len = 0, ret = 0; + + if (siglen != (size_t)RSA_size(rsa)) { + RSAerror(RSA_R_WRONG_SIGNATURE_LENGTH); + return 0; } - i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING); - if (i <= 0) goto err; + /* Recover the encoded digest. */ + if ((decrypt_buf = malloc(siglen)) == NULL) { + RSAerror(ERR_R_MALLOC_FAILURE); + goto err; + } + if ((decrypt_len = RSA_public_decrypt((int)siglen, sigbuf, decrypt_buf, + rsa, RSA_PKCS1_PADDING)) <= 0) + goto err; + + if (type == NID_md5_sha1) { + /* + * NID_md5_sha1 corresponds to the MD5/SHA1 combination in + * TLS 1.1 and earlier. It has no DigestInfo wrapper but + * otherwise is RSASSA-PKCS1-v1_5. + */ + if (decrypt_len != SSL_SIG_LENGTH) { + RSAerror(RSA_R_INVALID_DIGEST_LENGTH); + goto err; + } - /* Special case: SSL signature */ - if(dtype == NID_md5_sha1) { - if((i != SSL_SIG_LENGTH) || memcmp(s, m, SSL_SIG_LENGTH)) - RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); - else ret = 1; + if (rm != NULL) { + memcpy(rm, decrypt_buf, SSL_SIG_LENGTH); + *prm_len = SSL_SIG_LENGTH; + } else { + if (m_len != SSL_SIG_LENGTH) { + RSAerror(RSA_R_INVALID_MESSAGE_LENGTH); + goto err; + } + if (timingsafe_bcmp(decrypt_buf, + m, SSL_SIG_LENGTH) != 0) { + RSAerror(RSA_R_BAD_SIGNATURE); + goto err; + } + } } else { - p=s; - sig=d2i_X509_SIG(NULL,&p,(long)i); - - if (sig == NULL) goto err; - sigtype=OBJ_obj2nid(sig->algor->algorithm); - - - #ifdef RSA_DEBUG - /* put a backward compatibility flag in EAY */ - fprintf(stderr,"in(%s) expect(%s)\n",OBJ_nid2ln(sigtype), - OBJ_nid2ln(dtype)); - #endif - if (sigtype != dtype) - { - if (((dtype == NID_md5) && - (sigtype == NID_md5WithRSAEncryption)) || - ((dtype == NID_md2) && - (sigtype == NID_md2WithRSAEncryption))) - { - /* ok, we will let it through */ -#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) - fprintf(stderr,"signature has problems, re-make with post SSLeay045\n"); -#endif - } - else - { - RSAerr(RSA_F_RSA_VERIFY, - RSA_R_ALGORITHM_MISMATCH); + /* + * If recovering the digest, extract a digest-sized output from + * the end of `decrypt_buf' for `encode_pkcs1', then compare the + * decryption output as in a standard verification. + */ + if (rm != NULL) { + const EVP_MD *md; + + if ((md = EVP_get_digestbynid(type)) == NULL) { + RSAerror(RSA_R_UNKNOWN_ALGORITHM_TYPE); goto err; - } } - if ( ((unsigned int)sig->digest->length != m_len) || - (memcmp(m,sig->digest->data,m_len) != 0)) - { - RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); + if ((m_len = EVP_MD_size(md)) > (size_t)decrypt_len) { + RSAerror(RSA_R_INVALID_DIGEST_LENGTH); + goto err; } - else - ret=1; - } -err: - if (sig != NULL) X509_SIG_free(sig); - memset(s,0,(unsigned int)siglen); - OPENSSL_free(s); - return(ret); + m = decrypt_buf + decrypt_len - m_len; + } + + /* Construct the encoded digest and ensure it matches */ + if (!encode_pkcs1(&encoded, &encoded_len, type, m, m_len)) + goto err; + + if (encoded_len != decrypt_len || + timingsafe_bcmp(encoded, decrypt_buf, encoded_len) != 0) { + RSAerror(RSA_R_BAD_SIGNATURE); + goto err; + } + + /* Output the recovered digest. */ + if (rm != NULL) { + memcpy(rm, m, m_len); + *prm_len = m_len; + } } + ret = 1; + err: + freezero(encoded, (size_t)encoded_len); + freezero(decrypt_buf, siglen); + return ret; +} + +int +RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, + const unsigned char *sigbuf, unsigned int siglen, RSA *rsa) +{ + if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify) + return rsa->meth->rsa_verify(dtype, m, m_len, sigbuf, siglen, + rsa); + + return int_rsa_verify(dtype, m, m_len, NULL, NULL, sigbuf, siglen, rsa); +} diff --git a/src/lib/libcrypto/rsa/rsa_ssl.c b/src/lib/libcrypto/rsa/rsa_ssl.c deleted file mode 100644 index ea72629494c..00000000000 --- a/src/lib/libcrypto/rsa/rsa_ssl.c +++ /dev/null @@ -1,154 +0,0 @@ -/* crypto/rsa/rsa_ssl.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include "cryptlib.h" -#include -#include -#include - -int RSA_padding_add_SSLv23(unsigned char *to, int tlen, - const unsigned char *from, int flen) - { - int i,j; - unsigned char *p; - - if (flen > (tlen-11)) - { - RSAerr(RSA_F_RSA_PADDING_ADD_SSLV23,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); - return(0); - } - - p=(unsigned char *)to; - - *(p++)=0; - *(p++)=2; /* Public Key BT (Block Type) */ - - /* pad out with non-zero random data */ - j=tlen-3-8-flen; - - if (RAND_bytes(p,j) <= 0) - return(0); - for (i=0; i tlen) - { - RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_DATA_TOO_LARGE); - return(-1); - } - memcpy(to,p,(unsigned int)j); - - return(j); - } - diff --git a/src/lib/libcrypto/rsa/rsa_test.c b/src/lib/libcrypto/rsa/rsa_test.c deleted file mode 100644 index b8b462d33b5..00000000000 --- a/src/lib/libcrypto/rsa/rsa_test.c +++ /dev/null @@ -1,318 +0,0 @@ -/* test vectors from p1ovect1.txt */ - -#include -#include - -#include "e_os.h" - -#include -#include -#include -#ifdef OPENSSL_NO_RSA -int main(int argc, char *argv[]) -{ - printf("No RSA support\n"); - return(0); -} -#else -#include -#include - -#define SetKey \ - key->n = BN_bin2bn(n, sizeof(n)-1, key->n); \ - key->e = BN_bin2bn(e, sizeof(e)-1, key->e); \ - key->d = BN_bin2bn(d, sizeof(d)-1, key->d); \ - key->p = BN_bin2bn(p, sizeof(p)-1, key->p); \ - key->q = BN_bin2bn(q, sizeof(q)-1, key->q); \ - key->dmp1 = BN_bin2bn(dmp1, sizeof(dmp1)-1, key->dmp1); \ - key->dmq1 = BN_bin2bn(dmq1, sizeof(dmq1)-1, key->dmq1); \ - key->iqmp = BN_bin2bn(iqmp, sizeof(iqmp)-1, key->iqmp); \ - memcpy(c, ctext_ex, sizeof(ctext_ex) - 1); \ - return (sizeof(ctext_ex) - 1); - -static int key1(RSA *key, unsigned char *c) - { - static unsigned char n[] = -"\x00\xAA\x36\xAB\xCE\x88\xAC\xFD\xFF\x55\x52\x3C\x7F\xC4\x52\x3F" -"\x90\xEF\xA0\x0D\xF3\x77\x4A\x25\x9F\x2E\x62\xB4\xC5\xD9\x9C\xB5" -"\xAD\xB3\x00\xA0\x28\x5E\x53\x01\x93\x0E\x0C\x70\xFB\x68\x76\x93" -"\x9C\xE6\x16\xCE\x62\x4A\x11\xE0\x08\x6D\x34\x1E\xBC\xAC\xA0\xA1" -"\xF5"; - - static unsigned char e[] = "\x11"; - - static unsigned char d[] = -"\x0A\x03\x37\x48\x62\x64\x87\x69\x5F\x5F\x30\xBC\x38\xB9\x8B\x44" -"\xC2\xCD\x2D\xFF\x43\x40\x98\xCD\x20\xD8\xA1\x38\xD0\x90\xBF\x64" -"\x79\x7C\x3F\xA7\xA2\xCD\xCB\x3C\xD1\xE0\xBD\xBA\x26\x54\xB4\xF9" -"\xDF\x8E\x8A\xE5\x9D\x73\x3D\x9F\x33\xB3\x01\x62\x4A\xFD\x1D\x51"; - - static unsigned char p[] = -"\x00\xD8\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5" -"\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x12" -"\x0D"; - - static unsigned char q[] = -"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9" -"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D" -"\x89"; - - static unsigned char dmp1[] = -"\x59\x0B\x95\x72\xA2\xC2\xA9\xC4\x06\x05\x9D\xC2\xAB\x2F\x1D\xAF" -"\xEB\x7E\x8B\x4F\x10\xA7\x54\x9E\x8E\xED\xF5\xB4\xFC\xE0\x9E\x05"; - - static unsigned char dmq1[] = -"\x00\x8E\x3C\x05\x21\xFE\x15\xE0\xEA\x06\xA3\x6F\xF0\xF1\x0C\x99" -"\x52\xC3\x5B\x7A\x75\x14\xFD\x32\x38\xB8\x0A\xAD\x52\x98\x62\x8D" -"\x51"; - - static unsigned char iqmp[] = -"\x36\x3F\xF7\x18\x9D\xA8\xE9\x0B\x1D\x34\x1F\x71\xD0\x9B\x76\xA8" -"\xA9\x43\xE1\x1D\x10\xB2\x4D\x24\x9F\x2D\xEA\xFE\xF8\x0C\x18\x26"; - - static unsigned char ctext_ex[] = -"\x1b\x8f\x05\xf9\xca\x1a\x79\x52\x6e\x53\xf3\xcc\x51\x4f\xdb\x89" -"\x2b\xfb\x91\x93\x23\x1e\x78\xb9\x92\xe6\x8d\x50\xa4\x80\xcb\x52" -"\x33\x89\x5c\x74\x95\x8d\x5d\x02\xab\x8c\x0f\xd0\x40\xeb\x58\x44" -"\xb0\x05\xc3\x9e\xd8\x27\x4a\x9d\xbf\xa8\x06\x71\x40\x94\x39\xd2"; - - SetKey; - } - -static int key2(RSA *key, unsigned char *c) - { - static unsigned char n[] = -"\x00\xA3\x07\x9A\x90\xDF\x0D\xFD\x72\xAC\x09\x0C\xCC\x2A\x78\xB8" -"\x74\x13\x13\x3E\x40\x75\x9C\x98\xFA\xF8\x20\x4F\x35\x8A\x0B\x26" -"\x3C\x67\x70\xE7\x83\xA9\x3B\x69\x71\xB7\x37\x79\xD2\x71\x7B\xE8" -"\x34\x77\xCF"; - - static unsigned char e[] = "\x3"; - - static unsigned char d[] = -"\x6C\xAF\xBC\x60\x94\xB3\xFE\x4C\x72\xB0\xB3\x32\xC6\xFB\x25\xA2" -"\xB7\x62\x29\x80\x4E\x68\x65\xFC\xA4\x5A\x74\xDF\x0F\x8F\xB8\x41" -"\x3B\x52\xC0\xD0\xE5\x3D\x9B\x59\x0F\xF1\x9B\xE7\x9F\x49\xDD\x21" -"\xE5\xEB"; - - static unsigned char p[] = -"\x00\xCF\x20\x35\x02\x8B\x9D\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92" -"\xEA\x0D\xA3\xB4\x32\x04\xB5\xCF\xCE\x91"; - - static unsigned char q[] = -"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9" -"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5F"; - - static unsigned char dmp1[] = -"\x00\x8A\x15\x78\xAC\x5D\x13\xAF\x10\x2B\x22\xB9\x99\xCD\x74\x61" -"\xF1\x5E\x6D\x22\xCC\x03\x23\xDF\xDF\x0B"; - - static unsigned char dmq1[] = -"\x00\x86\x55\x21\x4A\xC5\x4D\x8D\x4E\xCD\x61\x77\xF1\xC7\x36\x90" -"\xCE\x2A\x48\x2C\x8B\x05\x99\xCB\xE0\x3F"; - - static unsigned char iqmp[] = -"\x00\x83\xEF\xEF\xB8\xA9\xA4\x0D\x1D\xB6\xED\x98\xAD\x84\xED\x13" -"\x35\xDC\xC1\x08\xF3\x22\xD0\x57\xCF\x8D"; - - static unsigned char ctext_ex[] = -"\x14\xbd\xdd\x28\xc9\x83\x35\x19\x23\x80\xe8\xe5\x49\xb1\x58\x2a" -"\x8b\x40\xb4\x48\x6d\x03\xa6\xa5\x31\x1f\x1f\xd5\xf0\xa1\x80\xe4" -"\x17\x53\x03\x29\xa9\x34\x90\x74\xb1\x52\x13\x54\x29\x08\x24\x52" -"\x62\x51"; - - SetKey; - } - -static int key3(RSA *key, unsigned char *c) - { - static unsigned char n[] = -"\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71" -"\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5" -"\x1F\xB8\xDF\xBA\xAF\x03\x5C\x02\xAB\x61\xEA\x48\xCE\xEB\x6F\xCD" -"\x48\x76\xED\x52\x0D\x60\xE1\xEC\x46\x19\x71\x9D\x8A\x5B\x8B\x80" -"\x7F\xAF\xB8\xE0\xA3\xDF\xC7\x37\x72\x3E\xE6\xB4\xB7\xD9\x3A\x25" -"\x84\xEE\x6A\x64\x9D\x06\x09\x53\x74\x88\x34\xB2\x45\x45\x98\x39" -"\x4E\xE0\xAA\xB1\x2D\x7B\x61\xA5\x1F\x52\x7A\x9A\x41\xF6\xC1\x68" -"\x7F\xE2\x53\x72\x98\xCA\x2A\x8F\x59\x46\xF8\xE5\xFD\x09\x1D\xBD" -"\xCB"; - - static unsigned char e[] = "\x11"; - - static unsigned char d[] = -"\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD" -"\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41" -"\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69" -"\xD6\x87\x0D\xA2\xC0\x82\xA9\x39\xE3\x7F\xDC\xB8\x2E\xC9\x3E\xDA" -"\xC9\x7F\xF3\xAD\x59\x50\xAC\xCF\xBC\x11\x1C\x76\xF1\xA9\x52\x94" -"\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A" -"\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94" -"\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3" -"\xC1"; - - static unsigned char p[] = -"\x00\xEE\xCF\xAE\x81\xB1\xB9\xB3\xC9\x08\x81\x0B\x10\xA1\xB5\x60" -"\x01\x99\xEB\x9F\x44\xAE\xF4\xFD\xA4\x93\xB8\x1A\x9E\x3D\x84\xF6" -"\x32\x12\x4E\xF0\x23\x6E\x5D\x1E\x3B\x7E\x28\xFA\xE7\xAA\x04\x0A" -"\x2D\x5B\x25\x21\x76\x45\x9D\x1F\x39\x75\x41\xBA\x2A\x58\xFB\x65" -"\x99"; - - static unsigned char q[] = -"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9" -"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D" -"\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5" -"\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x15" -"\x03"; - - static unsigned char dmp1[] = -"\x54\x49\x4C\xA6\x3E\xBA\x03\x37\xE4\xE2\x40\x23\xFC\xD6\x9A\x5A" -"\xEB\x07\xDD\xDC\x01\x83\xA4\xD0\xAC\x9B\x54\xB0\x51\xF2\xB1\x3E" -"\xD9\x49\x09\x75\xEA\xB7\x74\x14\xFF\x59\xC1\xF7\x69\x2E\x9A\x2E" -"\x20\x2B\x38\xFC\x91\x0A\x47\x41\x74\xAD\xC9\x3C\x1F\x67\xC9\x81"; - - static unsigned char dmq1[] = -"\x47\x1E\x02\x90\xFF\x0A\xF0\x75\x03\x51\xB7\xF8\x78\x86\x4C\xA9" -"\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7" -"\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D" -"\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D"; - - static unsigned char iqmp[] = -"\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23" -"\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11" -"\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E" -"\x9E\x2E\x0F\x96\x56\xE6\x98\xEA\x36\x66\xED\xFB\x25\x79\x80\x39" -"\xF7"; - - static unsigned char ctext_ex[] = -"\xb8\x24\x6b\x56\xa6\xed\x58\x81\xae\xb5\x85\xd9\xa2\x5b\x2a\xd7" -"\x90\xc4\x17\xe0\x80\x68\x1b\xf1\xac\x2b\xc3\xde\xb6\x9d\x8b\xce" -"\xf0\xc4\x36\x6f\xec\x40\x0a\xf0\x52\xa7\x2e\x9b\x0e\xff\xb5\xb3" -"\xf2\xf1\x92\xdb\xea\xca\x03\xc1\x27\x40\x05\x71\x13\xbf\x1f\x06" -"\x69\xac\x22\xe9\xf3\xa7\x85\x2e\x3c\x15\xd9\x13\xca\xb0\xb8\x86" -"\x3a\x95\xc9\x92\x94\xce\x86\x74\x21\x49\x54\x61\x03\x46\xf4\xd4" -"\x74\xb2\x6f\x7c\x48\xb4\x2e\xe6\x8e\x1f\x57\x2a\x1f\xc4\x02\x6a" -"\xc4\x56\xb4\xf5\x9f\x7b\x62\x1e\xa1\xb9\xd8\x8f\x64\x20\x2f\xb1"; - - SetKey; - } - -static int pad_unknown(void) -{ - unsigned long l; - while ((l = ERR_get_error()) != 0) - if (ERR_GET_REASON(l) == RSA_R_UNKNOWN_PADDING_TYPE) - return(1); - return(0); -} - -static const char rnd_seed[] = "string to make the random number generator think it has entropy"; - -int main(int argc, char *argv[]) - { - int err=0; - int v; - RSA *key; - unsigned char ptext[256]; - unsigned char ctext[256]; - static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a"; - unsigned char ctext_ex[256]; - int plen; - int clen = 0; - int num; - - CRYPTO_malloc_debug_init(); - CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); - - RAND_seed(rnd_seed, sizeof rnd_seed); /* or OAEP may fail */ - - plen = sizeof(ptext_ex) - 1; - - for (v = 0; v < 3; v++) - { - key = RSA_new(); - switch (v) { - case 0: - clen = key1(key, ctext_ex); - break; - case 1: - clen = key2(key, ctext_ex); - break; - case 2: - clen = key3(key, ctext_ex); - break; - } - - num = RSA_public_encrypt(plen, ptext_ex, ctext, key, - RSA_PKCS1_PADDING); - if (num != clen) - { - printf("PKCS#1 v1.5 encryption failed!\n"); - err=1; - goto oaep; - } - - num = RSA_private_decrypt(num, ctext, ptext, key, - RSA_PKCS1_PADDING); - if (num != plen || memcmp(ptext, ptext_ex, num) != 0) - { - printf("PKCS#1 v1.5 decryption failed!\n"); - err=1; - } - else - printf("PKCS #1 v1.5 encryption/decryption ok\n"); - - oaep: - ERR_clear_error(); - num = RSA_public_encrypt(plen, ptext_ex, ctext, key, - RSA_PKCS1_OAEP_PADDING); - if (num == -1 && pad_unknown()) - { - printf("No OAEP support\n"); - goto next; - } - if (num != clen) - { - printf("OAEP encryption failed!\n"); - err=1; - goto next; - } - - num = RSA_private_decrypt(num, ctext, ptext, key, - RSA_PKCS1_OAEP_PADDING); - if (num != plen || memcmp(ptext, ptext_ex, num) != 0) - { - printf("OAEP decryption (encrypted data) failed!\n"); - err=1; - } - else if (memcmp(ctext, ctext_ex, num) == 0) - { - printf("OAEP test vector %d passed!\n", v); - goto next; - } - - /* Different ciphertexts (rsa_oaep.c without -DPKCS_TESTVECT). - Try decrypting ctext_ex */ - - num = RSA_private_decrypt(clen, ctext_ex, ptext, key, - RSA_PKCS1_OAEP_PADDING); - - if (num != plen || memcmp(ptext, ptext_ex, num) != 0) - { - printf("OAEP decryption (test vector data) failed!\n"); - err=1; - } - else - printf("OAEP encryption/decryption ok\n"); - next: - RSA_free(key); - } - - CRYPTO_cleanup_all_ex_data(); - ERR_remove_state(0); - - CRYPTO_mem_leaks_fp(stderr); - - return err; - } -#endif diff --git a/src/lib/libcrypto/rsa/rsa_x931.c b/src/lib/libcrypto/rsa/rsa_x931.c new file mode 100644 index 00000000000..3579735ab24 --- /dev/null +++ b/src/lib/libcrypto/rsa/rsa_x931.c @@ -0,0 +1,164 @@ +/* $OpenBSD: rsa_x931.c,v 1.10 2017/01/29 17:49:23 beck Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2005. + */ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include + +#include +#include +#include +#include + +int +RSA_padding_add_X931(unsigned char *to, int tlen, const unsigned char *from, + int flen) +{ + int j; + unsigned char *p; + + /* + * Absolute minimum amount of padding is 1 header nibble, 1 padding + * nibble and 2 trailer bytes: but 1 hash if is already in 'from'. + */ + j = tlen - flen - 2; + + if (j < 0) { + RSAerror(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); + return -1; + } + + p = (unsigned char *)to; + + /* If no padding start and end nibbles are in one byte */ + if (j == 0) + *p++ = 0x6A; + else { + *p++ = 0x6B; + if (j > 1) { + memset(p, 0xBB, j - 1); + p += j - 1; + } + *p++ = 0xBA; + } + memcpy(p, from, flen); + p += flen; + *p = 0xCC; + return 1; +} + +int +RSA_padding_check_X931(unsigned char *to, int tlen, const unsigned char *from, + int flen, int num) +{ + int i = 0, j; + const unsigned char *p = from; + + if (num != flen || (*p != 0x6A && *p != 0x6B)) { + RSAerror(RSA_R_INVALID_HEADER); + return -1; + } + + if (*p++ == 0x6B) { + j = flen - 3; + for (i = 0; i < j; i++) { + unsigned char c = *p++; + if (c == 0xBA) + break; + if (c != 0xBB) { + RSAerror(RSA_R_INVALID_PADDING); + return -1; + } + } + + if (i == 0) { + RSAerror(RSA_R_INVALID_PADDING); + return -1; + } + + j -= i; + } else + j = flen - 2; + + if (j < 0 || p[j] != 0xCC) { + RSAerror(RSA_R_INVALID_TRAILER); + return -1; + } + + memcpy(to, p, j); + + return j; +} + +/* Translate between X931 hash ids and NIDs */ + +int +RSA_X931_hash_id(int nid) +{ + switch (nid) { + case NID_sha1: + return 0x33; + case NID_sha256: + return 0x34; + case NID_sha384: + return 0x36; + case NID_sha512: + return 0x35; + } + + return -1; +} diff --git a/src/lib/libcrypto/sha/Makefile.ssl b/src/lib/libcrypto/sha/Makefile.ssl deleted file mode 100644 index 482ff192b1d..00000000000 --- a/src/lib/libcrypto/sha/Makefile.ssl +++ /dev/null @@ -1,115 +0,0 @@ -# -# SSLeay/crypto/sha/Makefile -# - -DIR= sha -TOP= ../.. -CC= cc -CPP= $(CC) -E -INCLUDES= -CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKE= make -f Makefile.ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) -MAKEFILE= Makefile.ssl -AR= ar r - -SHA1_ASM_OBJ= - -CFLAGS= $(INCLUDES) $(CFLAG) - -GENERAL=Makefile -TEST=shatest.c sha1test.c -APPS= - -LIB=$(TOP)/libcrypto.a -LIBSRC=sha_dgst.c sha1dgst.c sha_one.c sha1_one.c -LIBOBJ=sha_dgst.o sha1dgst.o sha_one.o sha1_one.o $(SHA1_ASM_OBJ) - -SRC= $(LIBSRC) - -EXHEADER= sha.h -HEADER= sha_locl.h $(EXHEADER) - -ALL= $(GENERAL) $(SRC) $(HEADER) - -top: - (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) - -all: lib - -lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) || echo Never mind. - @touch lib - -# elf -asm/sx86-elf.o: asm/sx86unix.cpp - $(CPP) -DELF -x c asm/sx86unix.cpp | as -o asm/sx86-elf.o - -# solaris -asm/sx86-sol.o: asm/sx86unix.cpp - $(CC) -E -DSOL asm/sx86unix.cpp | sed 's/^#.*//' > asm/sx86-sol.s - as -o asm/sx86-sol.o asm/sx86-sol.s - rm -f asm/sx86-sol.s - -# a.out -asm/sx86-out.o: asm/sx86unix.cpp - $(CPP) -DOUT asm/sx86unix.cpp | as -o asm/sx86-out.o - -# bsdi -asm/sx86bsdi.o: asm/sx86unix.cpp - $(CPP) -DBSDI asm/sx86unix.cpp | sed 's/ :/:/' | as -o asm/sx86bsdi.o - -asm/sx86unix.cpp: asm/sha1-586.pl ../perlasm/x86asm.pl - (cd asm; $(PERL) sha1-586.pl cpp $(PROCESSOR) >sx86unix.cpp) - -files: - $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO - -links: - @sh $(TOP)/util/point.sh Makefile.ssl Makefile - @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) - @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) - @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) - -install: - @for i in $(EXHEADER) ; \ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; - -tags: - ctags $(SRC) - -tests: - -lint: - lint -DLINT $(INCLUDES) $(SRC)>fluff - -depend: - $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) - -dclean: - $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new - mv -f Makefile.new $(MAKEFILE) - -clean: - rm -f asm/sx86unix.cpp *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff asm/*.o - -# DO NOT DELETE THIS LINE -- make depend depends on it. - -sha1_one.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h -sha1_one.o: ../../include/openssl/sha.h sha1_one.c -sha1dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h -sha1dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h -sha1dgst.o: ../md32_common.h sha1dgst.c sha_locl.h -sha_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h -sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h -sha_dgst.o: ../md32_common.h sha_dgst.c sha_locl.h -sha_one.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h -sha_one.o: ../../include/openssl/sha.h sha_one.c diff --git a/src/lib/libcrypto/sha/asm/README b/src/lib/libcrypto/sha/asm/README deleted file mode 100644 index b7e755765fc..00000000000 --- a/src/lib/libcrypto/sha/asm/README +++ /dev/null @@ -1 +0,0 @@ -C2.pl works diff --git a/src/lib/libcrypto/sha/asm/sha1-586.pl b/src/lib/libcrypto/sha/asm/sha1-586.pl index fe51fd07945..d29ed84706a 100644 --- a/src/lib/libcrypto/sha/asm/sha1-586.pl +++ b/src/lib/libcrypto/sha/asm/sha1-586.pl @@ -1,540 +1,1225 @@ -#!/usr/local/bin/perl - -$normal=0; - -push(@INC,"perlasm","../../perlasm"); +#!/usr/bin/env perl + +# ==================================================================== +# [Re]written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# "[Re]written" was achieved in two major overhauls. In 2004 BODY_* +# functions were re-implemented to address P4 performance issue [see +# commentary below], and in 2006 the rest was rewritten in order to +# gain freedom to liberate licensing terms. + +# January, September 2004. +# +# It was noted that Intel IA-32 C compiler generates code which +# performs ~30% *faster* on P4 CPU than original *hand-coded* +# SHA1 assembler implementation. To address this problem (and +# prove that humans are still better than machines:-), the +# original code was overhauled, which resulted in following +# performance changes: +# +# compared with original compared with Intel cc +# assembler impl. generated code +# Pentium -16% +48% +# PIII/AMD +8% +16% +# P4 +85%(!) +45% +# +# As you can see Pentium came out as looser:-( Yet I reckoned that +# improvement on P4 outweights the loss and incorporate this +# re-tuned code to 0.9.7 and later. +# ---------------------------------------------------------------- +# + +# August 2009. +# +# George Spelvin has tipped that F_40_59(b,c,d) can be rewritten as +# '(c&d) + (b&(c^d))', which allows to accumulate partial results +# and lighten "pressure" on scratch registers. This resulted in +# >12% performance improvement on contemporary AMD cores (with no +# degradation on other CPUs:-). Also, the code was revised to maximize +# "distance" between instructions producing input to 'lea' instruction +# and the 'lea' instruction itself, which is essential for Intel Atom +# core and resulted in ~15% improvement. + +# October 2010. +# +# Add SSSE3, Supplemental[!] SSE3, implementation. The idea behind it +# is to offload message schedule denoted by Wt in NIST specification, +# or Xupdate in OpenSSL source, to SIMD unit. The idea is not novel, +# and in SSE2 context was first explored by Dean Gaudet in 2004, see +# http://arctic.org/~dean/crypto/sha1.html. Since then several things +# have changed that made it interesting again: +# +# a) XMM units became faster and wider; +# b) instruction set became more versatile; +# c) an important observation was made by Max Locktykhin, which made +# it possible to reduce amount of instructions required to perform +# the operation in question, for further details see +# http://software.intel.com/en-us/articles/improving-the-performance-of-the-secure-hash-algorithm-1/. + +# April 2011. +# +# Add AVX code path, probably most controversial... The thing is that +# switch to AVX alone improves performance by as little as 4% in +# comparison to SSSE3 code path. But below result doesn't look like +# 4% improvement... Trouble is that Sandy Bridge decodes 'ro[rl]' as +# pair of µ-ops, and it's the additional µ-ops, two per round, that +# make it run slower than Core2 and Westmere. But 'sh[rl]d' is decoded +# as single µ-op by Sandy Bridge and it's replacing 'ro[rl]' with +# equivalent 'sh[rl]d' that is responsible for the impressive 5.1 +# cycles per processed byte. But 'sh[rl]d' is not something that used +# to be fast, nor does it appear to be fast in upcoming Bulldozer +# [according to its optimization manual]. Which is why AVX code path +# is guarded by *both* AVX and synthetic bit denoting Intel CPUs. +# One can argue that it's unfair to AMD, but without 'sh[rl]d' it +# makes no sense to keep the AVX code path. If somebody feels that +# strongly, it's probably more appropriate to discuss possibility of +# using vector rotate XOP on AMD... + +###################################################################### +# Current performance is summarized in following table. Numbers are +# CPU clock cycles spent to process single byte (less is better). +# +# x86 SSSE3 AVX +# Pentium 15.7 - +# PIII 11.5 - +# P4 10.6 - +# AMD K8 7.1 - +# Core2 7.3 6.1/+20% - +# Atom 12.5 9.5(*)/+32% - +# Westmere 7.3 5.6/+30% - +# Sandy Bridge 8.8 6.2/+40% 5.1(**)/+70% +# +# (*) Loop is 1056 instructions long and expected result is ~8.25. +# It remains mystery [to me] why ILP is limited to 1.7. +# +# (**) As per above comment, the result is for AVX *plus* sh[rl]d. + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +push(@INC,"${dir}","${dir}../../perlasm"); require "x86asm.pl"; &asm_init($ARGV[0],"sha1-586.pl",$ARGV[$#ARGV] eq "386"); +$xmm=$ymm=0; +for (@ARGV) { $xmm=1 if (/-DOPENSSL_IA32_SSE2/); } + +$ymm=1 if ($xmm && + `$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` + =~ /GNU assembler version ([2-9]\.[0-9]+)/ && + $1>=2.19); # first version supporting AVX + +&external_label("OPENSSL_ia32cap_P") if ($xmm); + + $A="eax"; -$B="ecx"; -$C="ebx"; +$B="ebx"; +$C="ecx"; $D="edx"; $E="edi"; $T="esi"; $tmp1="ebp"; -$off=9*4; - -@K=(0x5a827999,0x6ed9eba1,0x8f1bbcdc,0xca62c1d6); - -&sha1_block_data("sha1_block_asm_data_order"); +@V=($A,$B,$C,$D,$E,$T); -&asm_finish(); - -sub Nn - { - local($p)=@_; - local(%n)=($A,$T,$B,$A,$C,$B,$D,$C,$E,$D,$T,$E); - return($n{$p}); - } - -sub Np - { - local($p)=@_; - local(%n)=($A,$T,$B,$A,$C,$B,$D,$C,$E,$D,$T,$E); - local(%n)=($A,$B,$B,$C,$C,$D,$D,$E,$E,$T,$T,$A); - return($n{$p}); - } - -sub Na - { - local($n)=@_; - return( (($n )&0x0f), - (($n+ 2)&0x0f), - (($n+ 8)&0x0f), - (($n+13)&0x0f), - (($n+ 1)&0x0f)); - } - -sub X_expand - { - local($in)=@_; - - &comment("First, load the words onto the stack in network byte order"); - for ($i=0; $i<16; $i+=2) - { - &mov($A,&DWP(($i+0)*4,$in,"",0));# unless $i == 0; - &mov($B,&DWP(($i+1)*4,$in,"",0)); - &bswap($A); - &bswap($B); - &mov(&swtmp($i+0),$A); - &mov(&swtmp($i+1),$B); - } - - &comment("We now have the X array on the stack"); - &comment("starting at sp-4"); - } - -# Rules of engagement -# F is always trashable at the start, the running total. -# E becomes the next F so it can be trashed after it has been 'accumulated' -# F becomes A in the next round. We don't need to access it much. -# During the X update part, the result ends up in $X[$n0]. +$alt=0; # 1 denotes alternative IALU implementation, which performs + # 8% *worse* on P4, same on Westmere and Atom, 2% better on + # Sandy Bridge... sub BODY_00_15 { - local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_; + local($n,$a,$b,$c,$d,$e,$f)=@_; -return if $n & 1; &comment("00_15 $n"); - &mov($f,$c); - - &mov($tmp1,$a); - &xor($f,$d); # F2 - - &rotl($tmp1,5); # A2 - - &and($f,$b); # F3 - &add($tmp1,$e); - - &rotr($b,1); # B1 <- F - &mov($e,&swtmp($n)); # G1 - - &rotr($b,1); # B1 <- F - &xor($f,$d); # F4 - - &lea($tmp1,&DWP($K,$tmp1,$e,1)); - -############################ -# &BODY_40_59( 0,$K[2],$X,42,$A,$B,$C,$D,$E,$T); -# &BODY_40_59( 0,$K[2],$X,43,$T,$A,$B,$C,$D,$E); -$n++; - local($n0,$n1,$n2,$n3,$np)=&Na($n); - ($b,$c,$d,$e,$f,$a)=($a,$b,$c,$d,$e,$f); - - &mov($f,$c); - - &add($a,$tmp1); # MOVED DOWN - &xor($f,$d); # F2 - - &mov($tmp1,$a); - &and($f,$b); # F3 - - &rotl($tmp1,5); # A2 - - &add($tmp1,$e); - &mov($e,&swtmp($n)); # G1 - - &rotr($b,1); # B1 <- F - &xor($f,$d); # F4 - - &rotr($b,1); # B1 <- F - &lea($tmp1,&DWP($K,$tmp1,$e,1)); - - &add($f,$tmp1); + &mov($f,$c); # f to hold F_00_19(b,c,d) + if ($n==0) { &mov($tmp1,$a); } + else { &mov($a,$tmp1); } + &rotl($tmp1,5); # tmp1=ROTATE(a,5) + &xor($f,$d); + &add($tmp1,$e); # tmp1+=e; + &mov($e,&swtmp($n%16)); # e becomes volatile and is loaded + # with xi, also note that e becomes + # f in next round... + &and($f,$b); + &rotr($b,2); # b=ROTATE(b,30) + &xor($f,$d); # f holds F_00_19(b,c,d) + &lea($tmp1,&DWP(0x5a827999,$tmp1,$e)); # tmp1+=K_00_19+xi + + if ($n==15) { &mov($e,&swtmp(($n+1)%16));# pre-fetch f for next round + &add($f,$tmp1); } # f+=tmp1 + else { &add($tmp1,$f); } # f becomes a in next round + &mov($tmp1,$a) if ($alt && $n==15); } sub BODY_16_19 { - local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_; - local($n0,$n1,$n2,$n3,$np)=&Na($n); + local($n,$a,$b,$c,$d,$e,$f)=@_; -return if $n & 1; &comment("16_19 $n"); - &nop() if ($pos < 0); -&mov($tmp1,&swtmp($n0)); # X1 - &mov($f,&swtmp($n1)); # X2 -&xor($f,$tmp1); # X3 - &mov($tmp1,&swtmp($n2)); # X4 -&xor($f,$tmp1); # X5 - &mov($tmp1,&swtmp($n3)); # X6 -&xor($f,$tmp1); # X7 - slot - &mov($tmp1,$c); # F1 -&rotl($f,1); # X8 - slot - &xor($tmp1,$d); # F2 -&mov(&swtmp($n0),$f); # X9 - anytime - &and($tmp1,$b); # F3 -&lea($f,&DWP($K,$f,$e,1)); # tot=X+K+e - &xor($tmp1,$d); # F4 -&mov($e,$a); # A1 - &add($f,$tmp1); # tot+=F(); - -&rotl($e,5); # A2 - -&rotr($b,1); # B1 <- F - &add($f,$e); # tot+=a - -############################ -# &BODY_40_59( 0,$K[2],$X,42,$A,$B,$C,$D,$E,$T); -# &BODY_40_59( 0,$K[2],$X,43,$T,$A,$B,$C,$D,$E); -$n++; - local($n0,$n1,$n2,$n3,$np)=&Na($n); - ($b,$c,$d,$e,$f,$a)=($a,$b,$c,$d,$e,$f); - - -&mov($f,&swtmp($n0)); # X1 - &mov($tmp1,&swtmp($n1)); # X2 -&xor($f,$tmp1); # X3 - &mov($tmp1,&swtmp($n2)); # X4 -&xor($f,$tmp1); # X5 - &mov($tmp1,&swtmp($n3)); # X6 -&rotr($c,1); #&rotr($b,1); # B1 <- F # MOVED DOWN - &xor($f,$tmp1); # X7 - slot -&rotl($f,1); # X8 - slot - &mov($tmp1,$c); # F1 -&xor($tmp1,$d); # F2 - &mov(&swtmp($n0),$f); # X9 - anytime -&and($tmp1,$b); # F3 - &lea($f,&DWP($K,$f,$e,1)); # tot=X+K+e - -&xor($tmp1,$d); # F4 - &mov($e,$a); # A1 - -&rotl($e,5); # A2 - -&rotr($b,1); # B1 <- F - &add($f,$e); # tot+=a - -&rotr($b,1); # B1 <- F - &add($f,$tmp1); # tot+=F(); - +if ($alt) { + &xor($c,$d); + &xor($f,&swtmp(($n+2)%16)); # f to hold Xupdate(xi,xa,xb,xc,xd) + &and($tmp1,$c); # tmp1 to hold F_00_19(b,c,d), b&=c^d + &xor($f,&swtmp(($n+8)%16)); + &xor($tmp1,$d); # tmp1=F_00_19(b,c,d) + &xor($f,&swtmp(($n+13)%16)); # f holds xa^xb^xc^xd + &rotl($f,1); # f=ROTATE(f,1) + &add($e,$tmp1); # e+=F_00_19(b,c,d) + &xor($c,$d); # restore $c + &mov($tmp1,$a); # b in next round + &rotr($b,$n==16?2:7); # b=ROTATE(b,30) + &mov(&swtmp($n%16),$f); # xi=f + &rotl($a,5); # ROTATE(a,5) + &lea($f,&DWP(0x5a827999,$f,$e));# f+=F_00_19(b,c,d)+e + &mov($e,&swtmp(($n+1)%16)); # pre-fetch f for next round + &add($f,$a); # f+=ROTATE(a,5) +} else { + &mov($tmp1,$c); # tmp1 to hold F_00_19(b,c,d) + &xor($f,&swtmp(($n+2)%16)); # f to hold Xupdate(xi,xa,xb,xc,xd) + &xor($tmp1,$d); + &xor($f,&swtmp(($n+8)%16)); + &and($tmp1,$b); + &xor($f,&swtmp(($n+13)%16)); # f holds xa^xb^xc^xd + &rotl($f,1); # f=ROTATE(f,1) + &xor($tmp1,$d); # tmp1=F_00_19(b,c,d) + &add($e,$tmp1); # e+=F_00_19(b,c,d) + &mov($tmp1,$a); + &rotr($b,2); # b=ROTATE(b,30) + &mov(&swtmp($n%16),$f); # xi=f + &rotl($tmp1,5); # ROTATE(a,5) + &lea($f,&DWP(0x5a827999,$f,$e));# f+=F_00_19(b,c,d)+e + &mov($e,&swtmp(($n+1)%16)); # pre-fetch f for next round + &add($f,$tmp1); # f+=ROTATE(a,5) +} } sub BODY_20_39 { - local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_; + local($n,$a,$b,$c,$d,$e,$f)=@_; + local $K=($n<40)?0x6ed9eba1:0xca62c1d6; &comment("20_39 $n"); - local($n0,$n1,$n2,$n3,$np)=&Na($n); - -&mov($f,&swtmp($n0)); # X1 - &mov($tmp1,&swtmp($n1)); # X2 -&xor($f,$tmp1); # X3 - &mov($tmp1,&swtmp($n2)); # X4 -&xor($f,$tmp1); # X5 - &mov($tmp1,&swtmp($n3)); # X6 -&xor($f,$tmp1); # X7 - slot - &mov($tmp1,$b); # F1 -&rotl($f,1); # X8 - slot - &xor($tmp1,$c); # F2 -&mov(&swtmp($n0),$f); # X9 - anytime - &xor($tmp1,$d); # F3 - -&lea($f,&DWP($K,$f,$e,1)); # tot=X+K+e - &mov($e,$a); # A1 - -&rotl($e,5); # A2 - -if ($n != 79) # last loop - { - &rotr($b,1); # B1 <- F - &add($e,$tmp1); # tmp1=F()+a - - &rotr($b,1); # B2 <- F - &add($f,$e); # tot+=tmp1; - } -else - { - &add($e,$tmp1); # tmp1=F()+a - &mov($tmp1,&wparam(0)); - &rotr($b,1); # B1 <- F - &add($f,$e); # tot+=tmp1; - - &rotr($b,1); # B2 <- F - } +if ($alt) { + &xor($tmp1,$c); # tmp1 to hold F_20_39(b,c,d), b^=c + &xor($f,&swtmp(($n+2)%16)); # f to hold Xupdate(xi,xa,xb,xc,xd) + &xor($tmp1,$d); # tmp1 holds F_20_39(b,c,d) + &xor($f,&swtmp(($n+8)%16)); + &add($e,$tmp1); # e+=F_20_39(b,c,d) + &xor($f,&swtmp(($n+13)%16)); # f holds xa^xb^xc^xd + &rotl($f,1); # f=ROTATE(f,1) + &mov($tmp1,$a); # b in next round + &rotr($b,7); # b=ROTATE(b,30) + &mov(&swtmp($n%16),$f) if($n<77);# xi=f + &rotl($a,5); # ROTATE(a,5) + &xor($b,$c) if($n==39);# warm up for BODY_40_59 + &and($tmp1,$b) if($n==39); + &lea($f,&DWP($K,$f,$e)); # f+=e+K_XX_YY + &mov($e,&swtmp(($n+1)%16)) if($n<79);# pre-fetch f for next round + &add($f,$a); # f+=ROTATE(a,5) + &rotr($a,5) if ($n==79); +} else { + &mov($tmp1,$b); # tmp1 to hold F_20_39(b,c,d) + &xor($f,&swtmp(($n+2)%16)); # f to hold Xupdate(xi,xa,xb,xc,xd) + &xor($tmp1,$c); + &xor($f,&swtmp(($n+8)%16)); + &xor($tmp1,$d); # tmp1 holds F_20_39(b,c,d) + &xor($f,&swtmp(($n+13)%16)); # f holds xa^xb^xc^xd + &rotl($f,1); # f=ROTATE(f,1) + &add($e,$tmp1); # e+=F_20_39(b,c,d) + &rotr($b,2); # b=ROTATE(b,30) + &mov($tmp1,$a); + &rotl($tmp1,5); # ROTATE(a,5) + &mov(&swtmp($n%16),$f) if($n<77);# xi=f + &lea($f,&DWP($K,$f,$e)); # f+=e+K_XX_YY + &mov($e,&swtmp(($n+1)%16)) if($n<79);# pre-fetch f for next round + &add($f,$tmp1); # f+=ROTATE(a,5) +} } sub BODY_40_59 { - local($pos,$K,$X,$n,$a,$b,$c,$d,$e,$f)=@_; + local($n,$a,$b,$c,$d,$e,$f)=@_; &comment("40_59 $n"); - return if $n & 1; - local($n0,$n1,$n2,$n3,$np)=&Na($n); - -&mov($f,&swtmp($n0)); # X1 - &mov($tmp1,&swtmp($n1)); # X2 -&xor($f,$tmp1); # X3 - &mov($tmp1,&swtmp($n2)); # X4 -&xor($f,$tmp1); # X5 - &mov($tmp1,&swtmp($n3)); # X6 -&xor($f,$tmp1); # X7 - slot - &mov($tmp1,$b); # F1 -&rotl($f,1); # X8 - slot - &or($tmp1,$c); # F2 -&mov(&swtmp($n0),$f); # X9 - anytime - &and($tmp1,$d); # F3 - -&lea($f,&DWP($K,$f,$e,1)); # tot=X+K+e - &mov($e,$b); # F4 - -&rotr($b,1); # B1 <- F - &and($e,$c); # F5 - -&or($tmp1,$e); # F6 - &mov($e,$a); # A1 - -&rotl($e,5); # A2 - -&add($tmp1,$e); # tmp1=F()+a - -############################ -# &BODY_40_59( 0,$K[2],$X,42,$A,$B,$C,$D,$E,$T); -# &BODY_40_59( 0,$K[2],$X,43,$T,$A,$B,$C,$D,$E); -$n++; - local($n0,$n1,$n2,$n3,$np)=&Na($n); - ($b,$c,$d,$e,$f,$a)=($a,$b,$c,$d,$e,$f); - - &mov($f,&swtmp($n0)); # X1 -&add($a,$tmp1); # tot+=tmp1; # moved was add f,tmp1 - &mov($tmp1,&swtmp($n1)); # X2 -&xor($f,$tmp1); # X3 - &mov($tmp1,&swtmp($n2)); # X4 -&xor($f,$tmp1); # X5 - &mov($tmp1,&swtmp($n3)); # X6 -&rotr($c,1); # B2 <- F # moved was rotr b,1 - &xor($f,$tmp1); # X7 - slot -&rotl($f,1); # X8 - slot - &mov($tmp1,$b); # F1 -&mov(&swtmp($n0),$f); # X9 - anytime - &or($tmp1,$c); # F2 -&lea($f,&DWP($K,$f,$e,1)); # tot=X+K+e - &mov($e,$b); # F4 -&and($tmp1,$d); # F3 - &and($e,$c); # F5 - -&or($tmp1,$e); # F6 - &mov($e,$a); # A1 - -&rotl($e,5); # A2 - -&rotr($b,1); # B1 <- F - &add($tmp1,$e); # tmp1=F()+a - -&rotr($b,1); # B2 <- F - &add($f,$tmp1); # tot+=tmp1; - } -sub BODY_60_79 - { - &BODY_20_39(@_); +if ($alt) { + &add($e,$tmp1); # e+=b&(c^d) + &xor($f,&swtmp(($n+2)%16)); # f to hold Xupdate(xi,xa,xb,xc,xd) + &mov($tmp1,$d); + &xor($f,&swtmp(($n+8)%16)); + &xor($c,$d); # restore $c + &xor($f,&swtmp(($n+13)%16)); # f holds xa^xb^xc^xd + &rotl($f,1); # f=ROTATE(f,1) + &and($tmp1,$c); + &rotr($b,7); # b=ROTATE(b,30) + &add($e,$tmp1); # e+=c&d + &mov($tmp1,$a); # b in next round + &mov(&swtmp($n%16),$f); # xi=f + &rotl($a,5); # ROTATE(a,5) + &xor($b,$c) if ($n<59); + &and($tmp1,$b) if ($n<59);# tmp1 to hold F_40_59(b,c,d) + &lea($f,&DWP(0x8f1bbcdc,$f,$e));# f+=K_40_59+e+(b&(c^d)) + &mov($e,&swtmp(($n+1)%16)); # pre-fetch f for next round + &add($f,$a); # f+=ROTATE(a,5) +} else { + &mov($tmp1,$c); # tmp1 to hold F_40_59(b,c,d) + &xor($f,&swtmp(($n+2)%16)); # f to hold Xupdate(xi,xa,xb,xc,xd) + &xor($tmp1,$d); + &xor($f,&swtmp(($n+8)%16)); + &and($tmp1,$b); + &xor($f,&swtmp(($n+13)%16)); # f holds xa^xb^xc^xd + &rotl($f,1); # f=ROTATE(f,1) + &add($tmp1,$e); # b&(c^d)+=e + &rotr($b,2); # b=ROTATE(b,30) + &mov($e,$a); # e becomes volatile + &rotl($e,5); # ROTATE(a,5) + &mov(&swtmp($n%16),$f); # xi=f + &lea($f,&DWP(0x8f1bbcdc,$f,$tmp1));# f+=K_40_59+e+(b&(c^d)) + &mov($tmp1,$c); + &add($f,$e); # f+=ROTATE(a,5) + &and($tmp1,$d); + &mov($e,&swtmp(($n+1)%16)); # pre-fetch f for next round + &add($f,$tmp1); # f+=c&d +} } -sub sha1_block_host - { - local($name, $sclabel)=@_; - - &function_begin_B($name,""); - - # parameter 1 is the MD5_CTX structure. - # A 0 - # B 4 - # C 8 - # D 12 - # E 16 - - &mov("ecx", &wparam(2)); - &push("esi"); - &shl("ecx",6); - &mov("esi", &wparam(1)); - &push("ebp"); - &add("ecx","esi"); # offset to leave on - &push("ebx"); - &mov("ebp", &wparam(0)); - &push("edi"); - &mov($D, &DWP(12,"ebp","",0)); - &stack_push(18+9); - &mov($E, &DWP(16,"ebp","",0)); - &mov($C, &DWP( 8,"ebp","",0)); - &mov(&swtmp(17),"ecx"); - - &comment("First we need to setup the X array"); - - for ($i=0; $i<16; $i+=2) +&function_begin("sha1_block_data_order"); +if ($xmm) { + &static_label("ssse3_shortcut"); + &static_label("avx_shortcut") if ($ymm); + &static_label("K_XX_XX"); + + &call (&label("pic_point")); # make it PIC! + &set_label("pic_point"); + &blindpop($tmp1); + &picmeup($T,"OPENSSL_ia32cap_P",$tmp1,&label("pic_point")); + &lea ($tmp1,&DWP(&label("K_XX_XX")."-".&label("pic_point"),$tmp1)); + + &mov ($A,&DWP(0,$T)); + &mov ($D,&DWP(4,$T)); + &test ($D,"\$IA32CAP_MASK1_SSSE3"); # check SSSE3 bit + &jz (&label("x86")); + &test ($A,"\$IA32CAP_MASK0_FXSR"); # check FXSR bit + &jz (&label("x86")); + if ($ymm) { + &and ($D,"\$IA32CAP_MASK1_AVX"); # mask AVX bit + &and ($A,"\$IA32CAP_MASK0_INTEL"); # mask "Intel CPU" bit + &or ($A,$D); + &cmp ($A,"\$(IA32CAP_MASK1_AVX | IA32CAP_MASK0_INTEL)"); + &je (&label("avx_shortcut")); + } + &jmp (&label("ssse3_shortcut")); + &set_label("x86",16); +} + &mov($tmp1,&wparam(0)); # SHA_CTX *c + &mov($T,&wparam(1)); # const void *input + &mov($A,&wparam(2)); # size_t num + &stack_push(16+3); # allocate X[16] + &shl($A,6); + &add($A,$T); + &mov(&wparam(2),$A); # pointer beyond the end of input + &mov($E,&DWP(16,$tmp1));# pre-load E + &jmp(&label("loop")); + +&set_label("loop",16); + + # copy input chunk to X, but reversing byte order! + for ($i=0; $i<16; $i+=4) { - &mov($A,&DWP(($i+0)*4,"esi","",0));# unless $i == 0; - &mov($B,&DWP(($i+1)*4,"esi","",0)); + &mov($A,&DWP(4*($i+0),$T)); + &mov($B,&DWP(4*($i+1),$T)); + &mov($C,&DWP(4*($i+2),$T)); + &mov($D,&DWP(4*($i+3),$T)); + &bswap($A); + &bswap($B); + &bswap($C); + &bswap($D); &mov(&swtmp($i+0),$A); - &mov(&swtmp($i+1),$B); + &mov(&swtmp($i+1),$B); + &mov(&swtmp($i+2),$C); + &mov(&swtmp($i+3),$D); } - &jmp($sclabel); - &function_end_B($name); - } - - -sub sha1_block_data - { - local($name)=@_; - - &function_begin_B($name,""); - - # parameter 1 is the MD5_CTX structure. - # A 0 - # B 4 - # C 8 - # D 12 - # E 16 - - &mov("ecx", &wparam(2)); - &push("esi"); - &shl("ecx",6); - &mov("esi", &wparam(1)); - &push("ebp"); - &add("ecx","esi"); # offset to leave on - &push("ebx"); - &mov("ebp", &wparam(0)); - &push("edi"); - &mov($D, &DWP(12,"ebp","",0)); - &stack_push(18+9); - &mov($E, &DWP(16,"ebp","",0)); - &mov($C, &DWP( 8,"ebp","",0)); - &mov(&swtmp(17),"ecx"); - - &comment("First we need to setup the X array"); - - &set_label("start") unless $normal; - - &X_expand("esi"); - &mov(&wparam(1),"esi"); - - &set_label("shortcut", 0, 1); - &comment(""); - &comment("Start processing"); - - # odd start - &mov($A, &DWP( 0,"ebp","",0)); - &mov($B, &DWP( 4,"ebp","",0)); - $X="esp"; - &BODY_00_15(-2,$K[0],$X, 0,$A,$B,$C,$D,$E,$T); - &BODY_00_15( 0,$K[0],$X, 1,$T,$A,$B,$C,$D,$E); - &BODY_00_15( 0,$K[0],$X, 2,$E,$T,$A,$B,$C,$D); - &BODY_00_15( 0,$K[0],$X, 3,$D,$E,$T,$A,$B,$C); - &BODY_00_15( 0,$K[0],$X, 4,$C,$D,$E,$T,$A,$B); - &BODY_00_15( 0,$K[0],$X, 5,$B,$C,$D,$E,$T,$A); - &BODY_00_15( 0,$K[0],$X, 6,$A,$B,$C,$D,$E,$T); - &BODY_00_15( 0,$K[0],$X, 7,$T,$A,$B,$C,$D,$E); - &BODY_00_15( 0,$K[0],$X, 8,$E,$T,$A,$B,$C,$D); - &BODY_00_15( 0,$K[0],$X, 9,$D,$E,$T,$A,$B,$C); - &BODY_00_15( 0,$K[0],$X,10,$C,$D,$E,$T,$A,$B); - &BODY_00_15( 0,$K[0],$X,11,$B,$C,$D,$E,$T,$A); - &BODY_00_15( 0,$K[0],$X,12,$A,$B,$C,$D,$E,$T); - &BODY_00_15( 0,$K[0],$X,13,$T,$A,$B,$C,$D,$E); - &BODY_00_15( 0,$K[0],$X,14,$E,$T,$A,$B,$C,$D); - &BODY_00_15( 1,$K[0],$X,15,$D,$E,$T,$A,$B,$C); - &BODY_16_19(-1,$K[0],$X,16,$C,$D,$E,$T,$A,$B); - &BODY_16_19( 0,$K[0],$X,17,$B,$C,$D,$E,$T,$A); - &BODY_16_19( 0,$K[0],$X,18,$A,$B,$C,$D,$E,$T); - &BODY_16_19( 1,$K[0],$X,19,$T,$A,$B,$C,$D,$E); - - &BODY_20_39(-1,$K[1],$X,20,$E,$T,$A,$B,$C,$D); - &BODY_20_39( 0,$K[1],$X,21,$D,$E,$T,$A,$B,$C); - &BODY_20_39( 0,$K[1],$X,22,$C,$D,$E,$T,$A,$B); - &BODY_20_39( 0,$K[1],$X,23,$B,$C,$D,$E,$T,$A); - &BODY_20_39( 0,$K[1],$X,24,$A,$B,$C,$D,$E,$T); - &BODY_20_39( 0,$K[1],$X,25,$T,$A,$B,$C,$D,$E); - &BODY_20_39( 0,$K[1],$X,26,$E,$T,$A,$B,$C,$D); - &BODY_20_39( 0,$K[1],$X,27,$D,$E,$T,$A,$B,$C); - &BODY_20_39( 0,$K[1],$X,28,$C,$D,$E,$T,$A,$B); - &BODY_20_39( 0,$K[1],$X,29,$B,$C,$D,$E,$T,$A); - &BODY_20_39( 0,$K[1],$X,30,$A,$B,$C,$D,$E,$T); - &BODY_20_39( 0,$K[1],$X,31,$T,$A,$B,$C,$D,$E); - &BODY_20_39( 0,$K[1],$X,32,$E,$T,$A,$B,$C,$D); - &BODY_20_39( 0,$K[1],$X,33,$D,$E,$T,$A,$B,$C); - &BODY_20_39( 0,$K[1],$X,34,$C,$D,$E,$T,$A,$B); - &BODY_20_39( 0,$K[1],$X,35,$B,$C,$D,$E,$T,$A); - &BODY_20_39( 0,$K[1],$X,36,$A,$B,$C,$D,$E,$T); - &BODY_20_39( 0,$K[1],$X,37,$T,$A,$B,$C,$D,$E); - &BODY_20_39( 0,$K[1],$X,38,$E,$T,$A,$B,$C,$D); - &BODY_20_39( 1,$K[1],$X,39,$D,$E,$T,$A,$B,$C); - - &BODY_40_59(-1,$K[2],$X,40,$C,$D,$E,$T,$A,$B); - &BODY_40_59( 0,$K[2],$X,41,$B,$C,$D,$E,$T,$A); - &BODY_40_59( 0,$K[2],$X,42,$A,$B,$C,$D,$E,$T); - &BODY_40_59( 0,$K[2],$X,43,$T,$A,$B,$C,$D,$E); - &BODY_40_59( 0,$K[2],$X,44,$E,$T,$A,$B,$C,$D); - &BODY_40_59( 0,$K[2],$X,45,$D,$E,$T,$A,$B,$C); - &BODY_40_59( 0,$K[2],$X,46,$C,$D,$E,$T,$A,$B); - &BODY_40_59( 0,$K[2],$X,47,$B,$C,$D,$E,$T,$A); - &BODY_40_59( 0,$K[2],$X,48,$A,$B,$C,$D,$E,$T); - &BODY_40_59( 0,$K[2],$X,49,$T,$A,$B,$C,$D,$E); - &BODY_40_59( 0,$K[2],$X,50,$E,$T,$A,$B,$C,$D); - &BODY_40_59( 0,$K[2],$X,51,$D,$E,$T,$A,$B,$C); - &BODY_40_59( 0,$K[2],$X,52,$C,$D,$E,$T,$A,$B); - &BODY_40_59( 0,$K[2],$X,53,$B,$C,$D,$E,$T,$A); - &BODY_40_59( 0,$K[2],$X,54,$A,$B,$C,$D,$E,$T); - &BODY_40_59( 0,$K[2],$X,55,$T,$A,$B,$C,$D,$E); - &BODY_40_59( 0,$K[2],$X,56,$E,$T,$A,$B,$C,$D); - &BODY_40_59( 0,$K[2],$X,57,$D,$E,$T,$A,$B,$C); - &BODY_40_59( 0,$K[2],$X,58,$C,$D,$E,$T,$A,$B); - &BODY_40_59( 1,$K[2],$X,59,$B,$C,$D,$E,$T,$A); - - &BODY_60_79(-1,$K[3],$X,60,$A,$B,$C,$D,$E,$T); - &BODY_60_79( 0,$K[3],$X,61,$T,$A,$B,$C,$D,$E); - &BODY_60_79( 0,$K[3],$X,62,$E,$T,$A,$B,$C,$D); - &BODY_60_79( 0,$K[3],$X,63,$D,$E,$T,$A,$B,$C); - &BODY_60_79( 0,$K[3],$X,64,$C,$D,$E,$T,$A,$B); - &BODY_60_79( 0,$K[3],$X,65,$B,$C,$D,$E,$T,$A); - &BODY_60_79( 0,$K[3],$X,66,$A,$B,$C,$D,$E,$T); - &BODY_60_79( 0,$K[3],$X,67,$T,$A,$B,$C,$D,$E); - &BODY_60_79( 0,$K[3],$X,68,$E,$T,$A,$B,$C,$D); - &BODY_60_79( 0,$K[3],$X,69,$D,$E,$T,$A,$B,$C); - &BODY_60_79( 0,$K[3],$X,70,$C,$D,$E,$T,$A,$B); - &BODY_60_79( 0,$K[3],$X,71,$B,$C,$D,$E,$T,$A); - &BODY_60_79( 0,$K[3],$X,72,$A,$B,$C,$D,$E,$T); - &BODY_60_79( 0,$K[3],$X,73,$T,$A,$B,$C,$D,$E); - &BODY_60_79( 0,$K[3],$X,74,$E,$T,$A,$B,$C,$D); - &BODY_60_79( 0,$K[3],$X,75,$D,$E,$T,$A,$B,$C); - &BODY_60_79( 0,$K[3],$X,76,$C,$D,$E,$T,$A,$B); - &BODY_60_79( 0,$K[3],$X,77,$B,$C,$D,$E,$T,$A); - &BODY_60_79( 0,$K[3],$X,78,$A,$B,$C,$D,$E,$T); - &BODY_60_79( 2,$K[3],$X,79,$T,$A,$B,$C,$D,$E); - - &comment("End processing"); - &comment(""); - # D is the tmp value - - # E -> A - # T -> B - # A -> C - # B -> D - # C -> E - # D -> T - - # The last 2 have been moved into the last loop - # &mov($tmp1,&wparam(0)); - - &mov($D, &DWP(12,$tmp1,"",0)); - &add($D,$B); - &mov($B, &DWP( 4,$tmp1,"",0)); - &add($B,$T); - &mov($T, $A); - &mov($A, &DWP( 0,$tmp1,"",0)); - &mov(&DWP(12,$tmp1,"",0),$D); - - &add($A,$E); - &mov($E, &DWP(16,$tmp1,"",0)); - &add($E,$C); - &mov($C, &DWP( 8,$tmp1,"",0)); - &add($C,$T); - - &mov(&DWP( 0,$tmp1,"",0),$A); - &mov("esi",&wparam(1)); - &mov(&DWP( 8,$tmp1,"",0),$C); - &add("esi",64); - &mov("eax",&swtmp(17)); - &mov(&DWP(16,$tmp1,"",0),$E); - &cmp("esi","eax"); - &mov(&DWP( 4,$tmp1,"",0),$B); - &jl(&label("start")); - - &stack_pop(18+9); - &pop("edi"); - &pop("ebx"); - &pop("ebp"); - &pop("esi"); - &ret(); - - # keep a note of shortcut label so it can be used outside - # block. - my $sclabel = &label("shortcut"); - - &function_end_B($name); - # Putting this here avoids problems with MASM in debugging mode - &sha1_block_host("sha1_block_asm_host_order", $sclabel); - } + &mov(&wparam(1),$T); # redundant in 1st spin + + &mov($A,&DWP(0,$tmp1)); # load SHA_CTX + &mov($B,&DWP(4,$tmp1)); + &mov($C,&DWP(8,$tmp1)); + &mov($D,&DWP(12,$tmp1)); + # E is pre-loaded + + for($i=0;$i<16;$i++) { &BODY_00_15($i,@V); unshift(@V,pop(@V)); } + for(;$i<20;$i++) { &BODY_16_19($i,@V); unshift(@V,pop(@V)); } + for(;$i<40;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } + for(;$i<60;$i++) { &BODY_40_59($i,@V); unshift(@V,pop(@V)); } + for(;$i<80;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } + + (($V[5] eq $D) and ($V[0] eq $E)) or die; # double-check + + &mov($tmp1,&wparam(0)); # re-load SHA_CTX* + &mov($D,&wparam(1)); # D is last "T" and is discarded + + &add($E,&DWP(0,$tmp1)); # E is last "A"... + &add($T,&DWP(4,$tmp1)); + &add($A,&DWP(8,$tmp1)); + &add($B,&DWP(12,$tmp1)); + &add($C,&DWP(16,$tmp1)); + + &mov(&DWP(0,$tmp1),$E); # update SHA_CTX + &add($D,64); # advance input pointer + &mov(&DWP(4,$tmp1),$T); + &cmp($D,&wparam(2)); # have we reached the end yet? + &mov(&DWP(8,$tmp1),$A); + &mov($E,$C); # C is last "E" which needs to be "pre-loaded" + &mov(&DWP(12,$tmp1),$B); + &mov($T,$D); # input pointer + &mov(&DWP(16,$tmp1),$C); + &jb(&label("loop")); + + &stack_pop(16+3); +&function_end("sha1_block_data_order"); + +if ($xmm) { +###################################################################### +# The SSSE3 implementation. +# +# %xmm[0-7] are used as ring @X[] buffer containing quadruples of last +# 32 elements of the message schedule or Xupdate outputs. First 4 +# quadruples are simply byte-swapped input, next 4 are calculated +# according to method originally suggested by Dean Gaudet (modulo +# being implemented in SSSE3). Once 8 quadruples or 32 elements are +# collected, it switches to routine proposed by Max Locktyukhin. +# +# Calculations inevitably require temporary reqisters, and there are +# no %xmm registers left to spare. For this reason part of the ring +# buffer, X[2..4] to be specific, is offloaded to 3 quadriples ring +# buffer on the stack. Keep in mind that X[2] is alias X[-6], X[3] - +# X[-5], and X[4] - X[-4]... +# +# Another notable optimization is aggressive stack frame compression +# aiming to minimize amount of 9-byte instructions... +# +# Yet another notable optimization is "jumping" $B variable. It means +# that there is no register permanently allocated for $B value. This +# allowed to eliminate one instruction from body_20_39... +# +my $Xi=4; # 4xSIMD Xupdate round, start pre-seeded +my @X=map("xmm$_",(4..7,0..3)); # pre-seeded for $Xi=4 +my @V=($A,$B,$C,$D,$E); +my $j=0; # hash round +my @T=($T,$tmp1); +my $inp; + +my $_rol=sub { &rol(@_) }; +my $_ror=sub { &ror(@_) }; + +&function_begin("_sha1_block_data_order_ssse3"); + &call (&label("pic_point")); # make it PIC! + &set_label("pic_point"); + &blindpop($tmp1); + &lea ($tmp1,&DWP(&label("K_XX_XX")."-".&label("pic_point"),$tmp1)); +&set_label("ssse3_shortcut"); + + &movdqa (@X[3],&QWP(0,$tmp1)); # K_00_19 + &movdqa (@X[4],&QWP(16,$tmp1)); # K_20_39 + &movdqa (@X[5],&QWP(32,$tmp1)); # K_40_59 + &movdqa (@X[6],&QWP(48,$tmp1)); # K_60_79 + &movdqa (@X[2],&QWP(64,$tmp1)); # pbswap mask + + &mov ($E,&wparam(0)); # load argument block + &mov ($inp=@T[1],&wparam(1)); + &mov ($D,&wparam(2)); + &mov (@T[0],"esp"); + + # stack frame layout + # + # +0 X[0]+K X[1]+K X[2]+K X[3]+K # XMM->IALU xfer area + # X[4]+K X[5]+K X[6]+K X[7]+K + # X[8]+K X[9]+K X[10]+K X[11]+K + # X[12]+K X[13]+K X[14]+K X[15]+K + # + # +64 X[0] X[1] X[2] X[3] # XMM->XMM backtrace area + # X[4] X[5] X[6] X[7] + # X[8] X[9] X[10] X[11] # even borrowed for K_00_19 + # + # +112 K_20_39 K_20_39 K_20_39 K_20_39 # constants + # K_40_59 K_40_59 K_40_59 K_40_59 + # K_60_79 K_60_79 K_60_79 K_60_79 + # K_00_19 K_00_19 K_00_19 K_00_19 + # pbswap mask + # + # +192 ctx # argument block + # +196 inp + # +200 end + # +204 esp + &sub ("esp",208); + &and ("esp",-64); + + &movdqa (&QWP(112+0,"esp"),@X[4]); # copy constants + &movdqa (&QWP(112+16,"esp"),@X[5]); + &movdqa (&QWP(112+32,"esp"),@X[6]); + &shl ($D,6); # len*64 + &movdqa (&QWP(112+48,"esp"),@X[3]); + &add ($D,$inp); # end of input + &movdqa (&QWP(112+64,"esp"),@X[2]); + &add ($inp,64); + &mov (&DWP(192+0,"esp"),$E); # save argument block + &mov (&DWP(192+4,"esp"),$inp); + &mov (&DWP(192+8,"esp"),$D); + &mov (&DWP(192+12,"esp"),@T[0]); # save original %esp + + &mov ($A,&DWP(0,$E)); # load context + &mov ($B,&DWP(4,$E)); + &mov ($C,&DWP(8,$E)); + &mov ($D,&DWP(12,$E)); + &mov ($E,&DWP(16,$E)); + &mov (@T[0],$B); # magic seed + + &movdqu (@X[-4&7],&QWP(-64,$inp)); # load input to %xmm[0-3] + &movdqu (@X[-3&7],&QWP(-48,$inp)); + &movdqu (@X[-2&7],&QWP(-32,$inp)); + &movdqu (@X[-1&7],&QWP(-16,$inp)); + &pshufb (@X[-4&7],@X[2]); # byte swap + &pshufb (@X[-3&7],@X[2]); + &pshufb (@X[-2&7],@X[2]); + &movdqa (&QWP(112-16,"esp"),@X[3]); # borrow last backtrace slot + &pshufb (@X[-1&7],@X[2]); + &paddd (@X[-4&7],@X[3]); # add K_00_19 + &paddd (@X[-3&7],@X[3]); + &paddd (@X[-2&7],@X[3]); + &movdqa (&QWP(0,"esp"),@X[-4&7]); # X[]+K xfer to IALU + &psubd (@X[-4&7],@X[3]); # restore X[] + &movdqa (&QWP(0+16,"esp"),@X[-3&7]); + &psubd (@X[-3&7],@X[3]); + &movdqa (&QWP(0+32,"esp"),@X[-2&7]); + &psubd (@X[-2&7],@X[3]); + &movdqa (@X[0],@X[-3&7]); + &jmp (&label("loop")); + +###################################################################### +# SSE instruction sequence is first broken to groups of independent +# instructions, independent in respect to their inputs and shifter +# (not all architectures have more than one). Then IALU instructions +# are "knitted in" between the SSE groups. Distance is maintained for +# SSE latency of 2 in hope that it fits better upcoming AMD Bulldozer +# [which allegedly also implements SSSE3]... +# +# Temporary registers usage. X[2] is volatile at the entry and at the +# end is restored from backtrace ring buffer. X[3] is expected to +# contain current K_XX_XX constant and is used to caclulate X[-1]+K +# from previous round, it becomes volatile the moment the value is +# saved to stack for transfer to IALU. X[4] becomes volatile whenever +# X[-4] is accumulated and offloaded to backtrace ring buffer, at the +# end it is loaded with next K_XX_XX [which becomes X[3] in next +# round]... +# +sub Xupdate_ssse3_16_31() # recall that $Xi starts wtih 4 +{ use integer; + my $body = shift; + my @insns = (&$body,&$body,&$body,&$body); # 40 instructions + my ($a,$b,$c,$d,$e); + + eval(shift(@insns)); + eval(shift(@insns)); + &palignr(@X[0],@X[-4&7],8); # compose "X[-14]" in "X[0]" + &movdqa (@X[2],@X[-1&7]); + eval(shift(@insns)); + eval(shift(@insns)); + + &paddd (@X[3],@X[-1&7]); + &movdqa (&QWP(64+16*(($Xi-4)%3),"esp"),@X[-4&7]);# save X[] to backtrace buffer + eval(shift(@insns)); + eval(shift(@insns)); + &psrldq (@X[2],4); # "X[-3]", 3 dwords + eval(shift(@insns)); + eval(shift(@insns)); + &pxor (@X[0],@X[-4&7]); # "X[0]"^="X[-16]" + eval(shift(@insns)); + eval(shift(@insns)); + + &pxor (@X[2],@X[-2&7]); # "X[-3]"^"X[-8]" + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + + &pxor (@X[0],@X[2]); # "X[0]"^="X[-3]"^"X[-8]" + eval(shift(@insns)); + eval(shift(@insns)); + &movdqa (&QWP(0+16*(($Xi-1)&3),"esp"),@X[3]); # X[]+K xfer to IALU + eval(shift(@insns)); + eval(shift(@insns)); + + &movdqa (@X[4],@X[0]); + &movdqa (@X[2],@X[0]); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + + &pslldq (@X[4],12); # "X[0]"<<96, extract one dword + &paddd (@X[0],@X[0]); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + + &psrld (@X[2],31); + eval(shift(@insns)); + eval(shift(@insns)); + &movdqa (@X[3],@X[4]); + eval(shift(@insns)); + eval(shift(@insns)); + + &psrld (@X[4],30); + &por (@X[0],@X[2]); # "X[0]"<<<=1 + eval(shift(@insns)); + eval(shift(@insns)); + &movdqa (@X[2],&QWP(64+16*(($Xi-6)%3),"esp")) if ($Xi>5); # restore X[] from backtrace buffer + eval(shift(@insns)); + eval(shift(@insns)); + + &pslld (@X[3],2); + &pxor (@X[0],@X[4]); + eval(shift(@insns)); + eval(shift(@insns)); + &movdqa (@X[4],&QWP(112-16+16*(($Xi)/5),"esp")); # K_XX_XX + eval(shift(@insns)); + eval(shift(@insns)); + + &pxor (@X[0],@X[3]); # "X[0]"^=("X[0]"<<96)<<<2 + &movdqa (@X[1],@X[-2&7]) if ($Xi<7); + eval(shift(@insns)); + eval(shift(@insns)); + + foreach (@insns) { eval; } # remaining instructions [if any] + + $Xi++; push(@X,shift(@X)); # "rotate" X[] +} + +sub Xupdate_ssse3_32_79() +{ use integer; + my $body = shift; + my @insns = (&$body,&$body,&$body,&$body); # 32 to 48 instructions + my ($a,$b,$c,$d,$e); + + &movdqa (@X[2],@X[-1&7]) if ($Xi==8); + eval(shift(@insns)); # body_20_39 + &pxor (@X[0],@X[-4&7]); # "X[0]"="X[-32]"^"X[-16]" + &palignr(@X[2],@X[-2&7],8); # compose "X[-6]" + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); # rol + + &pxor (@X[0],@X[-7&7]); # "X[0]"^="X[-28]" + &movdqa (&QWP(64+16*(($Xi-4)%3),"esp"),@X[-4&7]); # save X[] to backtrace buffer + eval(shift(@insns)); + eval(shift(@insns)); + if ($Xi%5) { + &movdqa (@X[4],@X[3]); # "perpetuate" K_XX_XX... + } else { # ... or load next one + &movdqa (@X[4],&QWP(112-16+16*($Xi/5),"esp")); + } + &paddd (@X[3],@X[-1&7]); + eval(shift(@insns)); # ror + eval(shift(@insns)); + + &pxor (@X[0],@X[2]); # "X[0]"^="X[-6]" + eval(shift(@insns)); # body_20_39 + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); # rol + + &movdqa (@X[2],@X[0]); + &movdqa (&QWP(0+16*(($Xi-1)&3),"esp"),@X[3]); # X[]+K xfer to IALU + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); # ror + eval(shift(@insns)); + + &pslld (@X[0],2); + eval(shift(@insns)); # body_20_39 + eval(shift(@insns)); + &psrld (@X[2],30); + eval(shift(@insns)); + eval(shift(@insns)); # rol + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); # ror + eval(shift(@insns)); + + &por (@X[0],@X[2]); # "X[0]"<<<=2 + eval(shift(@insns)); # body_20_39 + eval(shift(@insns)); + &movdqa (@X[2],&QWP(64+16*(($Xi-6)%3),"esp")) if($Xi<19); # restore X[] from backtrace buffer + eval(shift(@insns)); + eval(shift(@insns)); # rol + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); # ror + &movdqa (@X[3],@X[0]) if ($Xi<19); + eval(shift(@insns)); + + foreach (@insns) { eval; } # remaining instructions + + $Xi++; push(@X,shift(@X)); # "rotate" X[] +} + +sub Xuplast_ssse3_80() +{ use integer; + my $body = shift; + my @insns = (&$body,&$body,&$body,&$body); # 32 instructions + my ($a,$b,$c,$d,$e); + + eval(shift(@insns)); + &paddd (@X[3],@X[-1&7]); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + + &movdqa (&QWP(0+16*(($Xi-1)&3),"esp"),@X[3]); # X[]+K xfer IALU + + foreach (@insns) { eval; } # remaining instructions + + &mov ($inp=@T[1],&DWP(192+4,"esp")); + &cmp ($inp,&DWP(192+8,"esp")); + &je (&label("done")); + + &movdqa (@X[3],&QWP(112+48,"esp")); # K_00_19 + &movdqa (@X[2],&QWP(112+64,"esp")); # pbswap mask + &movdqu (@X[-4&7],&QWP(0,$inp)); # load input + &movdqu (@X[-3&7],&QWP(16,$inp)); + &movdqu (@X[-2&7],&QWP(32,$inp)); + &movdqu (@X[-1&7],&QWP(48,$inp)); + &add ($inp,64); + &pshufb (@X[-4&7],@X[2]); # byte swap + &mov (&DWP(192+4,"esp"),$inp); + &movdqa (&QWP(112-16,"esp"),@X[3]); # borrow last backtrace slot + + $Xi=0; +} + +sub Xloop_ssse3() +{ use integer; + my $body = shift; + my @insns = (&$body,&$body,&$body,&$body); # 32 instructions + my ($a,$b,$c,$d,$e); + + eval(shift(@insns)); + eval(shift(@insns)); + &pshufb (@X[($Xi-3)&7],@X[2]); + eval(shift(@insns)); + eval(shift(@insns)); + &paddd (@X[($Xi-4)&7],@X[3]); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + &movdqa (&QWP(0+16*$Xi,"esp"),@X[($Xi-4)&7]); # X[]+K xfer to IALU + eval(shift(@insns)); + eval(shift(@insns)); + &psubd (@X[($Xi-4)&7],@X[3]); + + foreach (@insns) { eval; } + $Xi++; +} + +sub Xtail_ssse3() +{ use integer; + my $body = shift; + my @insns = (&$body,&$body,&$body,&$body); # 32 instructions + my ($a,$b,$c,$d,$e); + + foreach (@insns) { eval; } +} + +sub body_00_19 () { + ( + '($a,$b,$c,$d,$e)=@V;'. + '&add ($e,&DWP(4*($j&15),"esp"));', # X[]+K xfer + '&xor ($c,$d);', + '&mov (@T[1],$a);', # $b in next round + '&$_rol ($a,5);', + '&and (@T[0],$c);', # ($b&($c^$d)) + '&xor ($c,$d);', # restore $c + '&xor (@T[0],$d);', + '&add ($e,$a);', + '&$_ror ($b,$j?7:2);', # $b>>>2 + '&add ($e,@T[0]);' .'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));' + ); +} + +sub body_20_39 () { + ( + '($a,$b,$c,$d,$e)=@V;'. + '&add ($e,&DWP(4*($j++&15),"esp"));', # X[]+K xfer + '&xor (@T[0],$d);', # ($b^$d) + '&mov (@T[1],$a);', # $b in next round + '&$_rol ($a,5);', + '&xor (@T[0],$c);', # ($b^$d^$c) + '&add ($e,$a);', + '&$_ror ($b,7);', # $b>>>2 + '&add ($e,@T[0]);' .'unshift(@V,pop(@V)); unshift(@T,pop(@T));' + ); +} + +sub body_40_59 () { + ( + '($a,$b,$c,$d,$e)=@V;'. + '&mov (@T[1],$c);', + '&xor ($c,$d);', + '&add ($e,&DWP(4*($j++&15),"esp"));', # X[]+K xfer + '&and (@T[1],$d);', + '&and (@T[0],$c);', # ($b&($c^$d)) + '&$_ror ($b,7);', # $b>>>2 + '&add ($e,@T[1]);', + '&mov (@T[1],$a);', # $b in next round + '&$_rol ($a,5);', + '&add ($e,@T[0]);', + '&xor ($c,$d);', # restore $c + '&add ($e,$a);' .'unshift(@V,pop(@V)); unshift(@T,pop(@T));' + ); +} + +&set_label("loop",16); + &Xupdate_ssse3_16_31(\&body_00_19); + &Xupdate_ssse3_16_31(\&body_00_19); + &Xupdate_ssse3_16_31(\&body_00_19); + &Xupdate_ssse3_16_31(\&body_00_19); + &Xupdate_ssse3_32_79(\&body_00_19); + &Xupdate_ssse3_32_79(\&body_20_39); + &Xupdate_ssse3_32_79(\&body_20_39); + &Xupdate_ssse3_32_79(\&body_20_39); + &Xupdate_ssse3_32_79(\&body_20_39); + &Xupdate_ssse3_32_79(\&body_20_39); + &Xupdate_ssse3_32_79(\&body_40_59); + &Xupdate_ssse3_32_79(\&body_40_59); + &Xupdate_ssse3_32_79(\&body_40_59); + &Xupdate_ssse3_32_79(\&body_40_59); + &Xupdate_ssse3_32_79(\&body_40_59); + &Xupdate_ssse3_32_79(\&body_20_39); + &Xuplast_ssse3_80(\&body_20_39); # can jump to "done" + + $saved_j=$j; @saved_V=@V; + + &Xloop_ssse3(\&body_20_39); + &Xloop_ssse3(\&body_20_39); + &Xloop_ssse3(\&body_20_39); + + &mov (@T[1],&DWP(192,"esp")); # update context + &add ($A,&DWP(0,@T[1])); + &add (@T[0],&DWP(4,@T[1])); # $b + &add ($C,&DWP(8,@T[1])); + &mov (&DWP(0,@T[1]),$A); + &add ($D,&DWP(12,@T[1])); + &mov (&DWP(4,@T[1]),@T[0]); + &add ($E,&DWP(16,@T[1])); + &mov (&DWP(8,@T[1]),$C); + &mov ($B,@T[0]); + &mov (&DWP(12,@T[1]),$D); + &mov (&DWP(16,@T[1]),$E); + &movdqa (@X[0],@X[-3&7]); + + &jmp (&label("loop")); + +&set_label("done",16); $j=$saved_j; @V=@saved_V; + + &Xtail_ssse3(\&body_20_39); + &Xtail_ssse3(\&body_20_39); + &Xtail_ssse3(\&body_20_39); + + &mov (@T[1],&DWP(192,"esp")); # update context + &add ($A,&DWP(0,@T[1])); + &mov ("esp",&DWP(192+12,"esp")); # restore %esp + &add (@T[0],&DWP(4,@T[1])); # $b + &add ($C,&DWP(8,@T[1])); + &mov (&DWP(0,@T[1]),$A); + &add ($D,&DWP(12,@T[1])); + &mov (&DWP(4,@T[1]),@T[0]); + &add ($E,&DWP(16,@T[1])); + &mov (&DWP(8,@T[1]),$C); + &mov (&DWP(12,@T[1]),$D); + &mov (&DWP(16,@T[1]),$E); + +&function_end("_sha1_block_data_order_ssse3"); + +if ($ymm) { +my $Xi=4; # 4xSIMD Xupdate round, start pre-seeded +my @X=map("xmm$_",(4..7,0..3)); # pre-seeded for $Xi=4 +my @V=($A,$B,$C,$D,$E); +my $j=0; # hash round +my @T=($T,$tmp1); +my $inp; + +my $_rol=sub { &shld(@_[0],@_) }; +my $_ror=sub { &shrd(@_[0],@_) }; + +&function_begin("_sha1_block_data_order_avx"); + &call (&label("pic_point")); # make it PIC! + &set_label("pic_point"); + &blindpop($tmp1); + &lea ($tmp1,&DWP(&label("K_XX_XX")."-".&label("pic_point"),$tmp1)); +&set_label("avx_shortcut"); + &vzeroall(); + + &vmovdqa(@X[3],&QWP(0,$tmp1)); # K_00_19 + &vmovdqa(@X[4],&QWP(16,$tmp1)); # K_20_39 + &vmovdqa(@X[5],&QWP(32,$tmp1)); # K_40_59 + &vmovdqa(@X[6],&QWP(48,$tmp1)); # K_60_79 + &vmovdqa(@X[2],&QWP(64,$tmp1)); # pbswap mask + + &mov ($E,&wparam(0)); # load argument block + &mov ($inp=@T[1],&wparam(1)); + &mov ($D,&wparam(2)); + &mov (@T[0],"esp"); + + # stack frame layout + # + # +0 X[0]+K X[1]+K X[2]+K X[3]+K # XMM->IALU xfer area + # X[4]+K X[5]+K X[6]+K X[7]+K + # X[8]+K X[9]+K X[10]+K X[11]+K + # X[12]+K X[13]+K X[14]+K X[15]+K + # + # +64 X[0] X[1] X[2] X[3] # XMM->XMM backtrace area + # X[4] X[5] X[6] X[7] + # X[8] X[9] X[10] X[11] # even borrowed for K_00_19 + # + # +112 K_20_39 K_20_39 K_20_39 K_20_39 # constants + # K_40_59 K_40_59 K_40_59 K_40_59 + # K_60_79 K_60_79 K_60_79 K_60_79 + # K_00_19 K_00_19 K_00_19 K_00_19 + # pbswap mask + # + # +192 ctx # argument block + # +196 inp + # +200 end + # +204 esp + &sub ("esp",208); + &and ("esp",-64); + + &vmovdqa(&QWP(112+0,"esp"),@X[4]); # copy constants + &vmovdqa(&QWP(112+16,"esp"),@X[5]); + &vmovdqa(&QWP(112+32,"esp"),@X[6]); + &shl ($D,6); # len*64 + &vmovdqa(&QWP(112+48,"esp"),@X[3]); + &add ($D,$inp); # end of input + &vmovdqa(&QWP(112+64,"esp"),@X[2]); + &add ($inp,64); + &mov (&DWP(192+0,"esp"),$E); # save argument block + &mov (&DWP(192+4,"esp"),$inp); + &mov (&DWP(192+8,"esp"),$D); + &mov (&DWP(192+12,"esp"),@T[0]); # save original %esp + + &mov ($A,&DWP(0,$E)); # load context + &mov ($B,&DWP(4,$E)); + &mov ($C,&DWP(8,$E)); + &mov ($D,&DWP(12,$E)); + &mov ($E,&DWP(16,$E)); + &mov (@T[0],$B); # magic seed + + &vmovdqu(@X[-4&7],&QWP(-64,$inp)); # load input to %xmm[0-3] + &vmovdqu(@X[-3&7],&QWP(-48,$inp)); + &vmovdqu(@X[-2&7],&QWP(-32,$inp)); + &vmovdqu(@X[-1&7],&QWP(-16,$inp)); + &vpshufb(@X[-4&7],@X[-4&7],@X[2]); # byte swap + &vpshufb(@X[-3&7],@X[-3&7],@X[2]); + &vpshufb(@X[-2&7],@X[-2&7],@X[2]); + &vmovdqa(&QWP(112-16,"esp"),@X[3]); # borrow last backtrace slot + &vpshufb(@X[-1&7],@X[-1&7],@X[2]); + &vpaddd (@X[0],@X[-4&7],@X[3]); # add K_00_19 + &vpaddd (@X[1],@X[-3&7],@X[3]); + &vpaddd (@X[2],@X[-2&7],@X[3]); + &vmovdqa(&QWP(0,"esp"),@X[0]); # X[]+K xfer to IALU + &vmovdqa(&QWP(0+16,"esp"),@X[1]); + &vmovdqa(&QWP(0+32,"esp"),@X[2]); + &jmp (&label("loop")); + +sub Xupdate_avx_16_31() # recall that $Xi starts wtih 4 +{ use integer; + my $body = shift; + my @insns = (&$body,&$body,&$body,&$body); # 40 instructions + my ($a,$b,$c,$d,$e); + + eval(shift(@insns)); + eval(shift(@insns)); + &vpalignr(@X[0],@X[-3&7],@X[-4&7],8); # compose "X[-14]" in "X[0]" + eval(shift(@insns)); + eval(shift(@insns)); + + &vpaddd (@X[3],@X[3],@X[-1&7]); + &vmovdqa (&QWP(64+16*(($Xi-4)%3),"esp"),@X[-4&7]);# save X[] to backtrace buffer + eval(shift(@insns)); + eval(shift(@insns)); + &vpsrldq(@X[2],@X[-1&7],4); # "X[-3]", 3 dwords + eval(shift(@insns)); + eval(shift(@insns)); + &vpxor (@X[0],@X[0],@X[-4&7]); # "X[0]"^="X[-16]" + eval(shift(@insns)); + eval(shift(@insns)); + + &vpxor (@X[2],@X[2],@X[-2&7]); # "X[-3]"^"X[-8]" + eval(shift(@insns)); + eval(shift(@insns)); + &vmovdqa (&QWP(0+16*(($Xi-1)&3),"esp"),@X[3]); # X[]+K xfer to IALU + eval(shift(@insns)); + eval(shift(@insns)); + + &vpxor (@X[0],@X[0],@X[2]); # "X[0]"^="X[-3]"^"X[-8]" + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + + &vpsrld (@X[2],@X[0],31); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + + &vpslldq(@X[4],@X[0],12); # "X[0]"<<96, extract one dword + &vpaddd (@X[0],@X[0],@X[0]); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + + &vpsrld (@X[3],@X[4],30); + &vpor (@X[0],@X[0],@X[2]); # "X[0]"<<<=1 + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + + &vpslld (@X[4],@X[4],2); + &vmovdqa (@X[2],&QWP(64+16*(($Xi-6)%3),"esp")) if ($Xi>5); # restore X[] from backtrace buffer + eval(shift(@insns)); + eval(shift(@insns)); + &vpxor (@X[0],@X[0],@X[3]); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + + &vpxor (@X[0],@X[0],@X[4]); # "X[0]"^=("X[0]"<<96)<<<2 + eval(shift(@insns)); + eval(shift(@insns)); + &vmovdqa (@X[4],&QWP(112-16+16*(($Xi)/5),"esp")); # K_XX_XX + eval(shift(@insns)); + eval(shift(@insns)); + + foreach (@insns) { eval; } # remaining instructions [if any] + + $Xi++; push(@X,shift(@X)); # "rotate" X[] +} + +sub Xupdate_avx_32_79() +{ use integer; + my $body = shift; + my @insns = (&$body,&$body,&$body,&$body); # 32 to 48 instructions + my ($a,$b,$c,$d,$e); + + &vpalignr(@X[2],@X[-1&7],@X[-2&7],8); # compose "X[-6]" + &vpxor (@X[0],@X[0],@X[-4&7]); # "X[0]"="X[-32]"^"X[-16]" + eval(shift(@insns)); # body_20_39 + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); # rol + + &vpxor (@X[0],@X[0],@X[-7&7]); # "X[0]"^="X[-28]" + &vmovdqa (&QWP(64+16*(($Xi-4)%3),"esp"),@X[-4&7]); # save X[] to backtrace buffer + eval(shift(@insns)); + eval(shift(@insns)); + if ($Xi%5) { + &vmovdqa (@X[4],@X[3]); # "perpetuate" K_XX_XX... + } else { # ... or load next one + &vmovdqa (@X[4],&QWP(112-16+16*($Xi/5),"esp")); + } + &vpaddd (@X[3],@X[3],@X[-1&7]); + eval(shift(@insns)); # ror + eval(shift(@insns)); + + &vpxor (@X[0],@X[0],@X[2]); # "X[0]"^="X[-6]" + eval(shift(@insns)); # body_20_39 + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); # rol + + &vpsrld (@X[2],@X[0],30); + &vmovdqa (&QWP(0+16*(($Xi-1)&3),"esp"),@X[3]); # X[]+K xfer to IALU + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); # ror + eval(shift(@insns)); + + &vpslld (@X[0],@X[0],2); + eval(shift(@insns)); # body_20_39 + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); # rol + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); # ror + eval(shift(@insns)); + + &vpor (@X[0],@X[0],@X[2]); # "X[0]"<<<=2 + eval(shift(@insns)); # body_20_39 + eval(shift(@insns)); + &vmovdqa (@X[2],&QWP(64+16*(($Xi-6)%3),"esp")) if($Xi<19); # restore X[] from backtrace buffer + eval(shift(@insns)); + eval(shift(@insns)); # rol + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); # ror + eval(shift(@insns)); + + foreach (@insns) { eval; } # remaining instructions + + $Xi++; push(@X,shift(@X)); # "rotate" X[] +} + +sub Xuplast_avx_80() +{ use integer; + my $body = shift; + my @insns = (&$body,&$body,&$body,&$body); # 32 instructions + my ($a,$b,$c,$d,$e); + + eval(shift(@insns)); + &vpaddd (@X[3],@X[3],@X[-1&7]); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + + &vmovdqa (&QWP(0+16*(($Xi-1)&3),"esp"),@X[3]); # X[]+K xfer IALU + + foreach (@insns) { eval; } # remaining instructions + + &mov ($inp=@T[1],&DWP(192+4,"esp")); + &cmp ($inp,&DWP(192+8,"esp")); + &je (&label("done")); + + &vmovdqa(@X[3],&QWP(112+48,"esp")); # K_00_19 + &vmovdqa(@X[2],&QWP(112+64,"esp")); # pbswap mask + &vmovdqu(@X[-4&7],&QWP(0,$inp)); # load input + &vmovdqu(@X[-3&7],&QWP(16,$inp)); + &vmovdqu(@X[-2&7],&QWP(32,$inp)); + &vmovdqu(@X[-1&7],&QWP(48,$inp)); + &add ($inp,64); + &vpshufb(@X[-4&7],@X[-4&7],@X[2]); # byte swap + &mov (&DWP(192+4,"esp"),$inp); + &vmovdqa(&QWP(112-16,"esp"),@X[3]); # borrow last backtrace slot + + $Xi=0; +} + +sub Xloop_avx() +{ use integer; + my $body = shift; + my @insns = (&$body,&$body,&$body,&$body); # 32 instructions + my ($a,$b,$c,$d,$e); + + eval(shift(@insns)); + eval(shift(@insns)); + &vpshufb (@X[($Xi-3)&7],@X[($Xi-3)&7],@X[2]); + eval(shift(@insns)); + eval(shift(@insns)); + &vpaddd (@X[$Xi&7],@X[($Xi-4)&7],@X[3]); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + &vmovdqa (&QWP(0+16*$Xi,"esp"),@X[$Xi&7]); # X[]+K xfer to IALU + eval(shift(@insns)); + eval(shift(@insns)); + + foreach (@insns) { eval; } + $Xi++; +} + +sub Xtail_avx() +{ use integer; + my $body = shift; + my @insns = (&$body,&$body,&$body,&$body); # 32 instructions + my ($a,$b,$c,$d,$e); + + foreach (@insns) { eval; } +} + +&set_label("loop",16); + &Xupdate_avx_16_31(\&body_00_19); + &Xupdate_avx_16_31(\&body_00_19); + &Xupdate_avx_16_31(\&body_00_19); + &Xupdate_avx_16_31(\&body_00_19); + &Xupdate_avx_32_79(\&body_00_19); + &Xupdate_avx_32_79(\&body_20_39); + &Xupdate_avx_32_79(\&body_20_39); + &Xupdate_avx_32_79(\&body_20_39); + &Xupdate_avx_32_79(\&body_20_39); + &Xupdate_avx_32_79(\&body_20_39); + &Xupdate_avx_32_79(\&body_40_59); + &Xupdate_avx_32_79(\&body_40_59); + &Xupdate_avx_32_79(\&body_40_59); + &Xupdate_avx_32_79(\&body_40_59); + &Xupdate_avx_32_79(\&body_40_59); + &Xupdate_avx_32_79(\&body_20_39); + &Xuplast_avx_80(\&body_20_39); # can jump to "done" + + $saved_j=$j; @saved_V=@V; + + &Xloop_avx(\&body_20_39); + &Xloop_avx(\&body_20_39); + &Xloop_avx(\&body_20_39); + + &mov (@T[1],&DWP(192,"esp")); # update context + &add ($A,&DWP(0,@T[1])); + &add (@T[0],&DWP(4,@T[1])); # $b + &add ($C,&DWP(8,@T[1])); + &mov (&DWP(0,@T[1]),$A); + &add ($D,&DWP(12,@T[1])); + &mov (&DWP(4,@T[1]),@T[0]); + &add ($E,&DWP(16,@T[1])); + &mov (&DWP(8,@T[1]),$C); + &mov ($B,@T[0]); + &mov (&DWP(12,@T[1]),$D); + &mov (&DWP(16,@T[1]),$E); + + &jmp (&label("loop")); + +&set_label("done",16); $j=$saved_j; @V=@saved_V; + + &Xtail_avx(\&body_20_39); + &Xtail_avx(\&body_20_39); + &Xtail_avx(\&body_20_39); + + &vzeroall(); + + &mov (@T[1],&DWP(192,"esp")); # update context + &add ($A,&DWP(0,@T[1])); + &mov ("esp",&DWP(192+12,"esp")); # restore %esp + &add (@T[0],&DWP(4,@T[1])); # $b + &add ($C,&DWP(8,@T[1])); + &mov (&DWP(0,@T[1]),$A); + &add ($D,&DWP(12,@T[1])); + &mov (&DWP(4,@T[1]),@T[0]); + &add ($E,&DWP(16,@T[1])); + &mov (&DWP(8,@T[1]),$C); + &mov (&DWP(12,@T[1]),$D); + &mov (&DWP(16,@T[1]),$E); +&function_end("_sha1_block_data_order_avx"); +} +&set_label("K_XX_XX",64); +&data_word(0x5a827999,0x5a827999,0x5a827999,0x5a827999); # K_00_19 +&data_word(0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1); # K_20_39 +&data_word(0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc); # K_40_59 +&data_word(0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6); # K_60_79 +&data_word(0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f); # pbswap mask +} +&asciz("SHA1 block transform for x86, CRYPTOGAMS by "); +&asm_finish(); diff --git a/src/lib/libcrypto/sha/asm/sha1-alpha.pl b/src/lib/libcrypto/sha/asm/sha1-alpha.pl new file mode 100644 index 00000000000..44720c418c8 --- /dev/null +++ b/src/lib/libcrypto/sha/asm/sha1-alpha.pl @@ -0,0 +1,317 @@ +#!/usr/bin/env perl + +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# SHA1 block procedure for Alpha. + +# On 21264 performance is 33% better than code generated by vendor +# compiler, and 75% better than GCC [3.4], and in absolute terms is +# 8.7 cycles per processed byte. Implementation features vectorized +# byte swap, but not Xupdate. + +@X=( "\$0", "\$1", "\$2", "\$3", "\$4", "\$5", "\$6", "\$7", + "\$8", "\$9", "\$10", "\$11", "\$12", "\$13", "\$14", "\$15"); +$ctx="a0"; # $16 +$inp="a1"; +$num="a2"; +$A="a3"; +$B="a4"; # 20 +$C="a5"; +$D="t8"; +$E="t9"; @V=($A,$B,$C,$D,$E); +$t0="t10"; # 24 +$t1="t11"; +$t2="ra"; +$t3="t12"; +$K="AT"; # 28 + +sub BODY_00_19 { +my ($i,$a,$b,$c,$d,$e)=@_; +my $j=$i+1; +$code.=<<___ if ($i==0); + ldq_u @X[0],0+0($inp) + ldq_u @X[1],0+7($inp) +___ +$code.=<<___ if (!($i&1) && $i<14); + ldq_u @X[$i+2],($i+2)*4+0($inp) + ldq_u @X[$i+3],($i+2)*4+7($inp) +___ +$code.=<<___ if (!($i&1) && $i<15); + extql @X[$i],$inp,@X[$i] + extqh @X[$i+1],$inp,@X[$i+1] + + or @X[$i+1],@X[$i],@X[$i] # pair of 32-bit values are fetched + + srl @X[$i],24,$t0 # vectorized byte swap + srl @X[$i],8,$t2 + + sll @X[$i],8,$t3 + sll @X[$i],24,@X[$i] + zapnot $t0,0x11,$t0 + zapnot $t2,0x22,$t2 + + zapnot @X[$i],0x88,@X[$i] + or $t0,$t2,$t0 + zapnot $t3,0x44,$t3 + sll $a,5,$t1 + + or @X[$i],$t0,@X[$i] + addl $K,$e,$e + and $b,$c,$t2 + zapnot $a,0xf,$a + + or @X[$i],$t3,@X[$i] + srl $a,27,$t0 + bic $d,$b,$t3 + sll $b,30,$b + + extll @X[$i],4,@X[$i+1] # extract upper half + or $t2,$t3,$t2 + addl @X[$i],$e,$e + + addl $t1,$e,$e + srl $b,32,$t3 + zapnot @X[$i],0xf,@X[$i] + + addl $t0,$e,$e + addl $t2,$e,$e + or $t3,$b,$b +___ +$code.=<<___ if (($i&1) && $i<15); + sll $a,5,$t1 + addl $K,$e,$e + and $b,$c,$t2 + zapnot $a,0xf,$a + + srl $a,27,$t0 + addl @X[$i%16],$e,$e + bic $d,$b,$t3 + sll $b,30,$b + + or $t2,$t3,$t2 + addl $t1,$e,$e + srl $b,32,$t3 + zapnot @X[$i],0xf,@X[$i] + + addl $t0,$e,$e + addl $t2,$e,$e + or $t3,$b,$b +___ +$code.=<<___ if ($i>=15); # with forward Xupdate + sll $a,5,$t1 + addl $K,$e,$e + and $b,$c,$t2 + xor @X[($j+2)%16],@X[$j%16],@X[$j%16] + + zapnot $a,0xf,$a + addl @X[$i%16],$e,$e + bic $d,$b,$t3 + xor @X[($j+8)%16],@X[$j%16],@X[$j%16] + + srl $a,27,$t0 + addl $t1,$e,$e + or $t2,$t3,$t2 + xor @X[($j+13)%16],@X[$j%16],@X[$j%16] + + sll $b,30,$b + addl $t0,$e,$e + srl @X[$j%16],31,$t1 + + addl $t2,$e,$e + srl $b,32,$t3 + addl @X[$j%16],@X[$j%16],@X[$j%16] + + or $t3,$b,$b + zapnot @X[$i%16],0xf,@X[$i%16] + or $t1,@X[$j%16],@X[$j%16] +___ +} + +sub BODY_20_39 { +my ($i,$a,$b,$c,$d,$e)=@_; +my $j=$i+1; +$code.=<<___ if ($i<79); # with forward Xupdate + sll $a,5,$t1 + addl $K,$e,$e + zapnot $a,0xf,$a + xor @X[($j+2)%16],@X[$j%16],@X[$j%16] + + sll $b,30,$t3 + addl $t1,$e,$e + xor $b,$c,$t2 + xor @X[($j+8)%16],@X[$j%16],@X[$j%16] + + srl $b,2,$b + addl @X[$i%16],$e,$e + xor $d,$t2,$t2 + xor @X[($j+13)%16],@X[$j%16],@X[$j%16] + + srl @X[$j%16],31,$t1 + addl $t2,$e,$e + srl $a,27,$t0 + addl @X[$j%16],@X[$j%16],@X[$j%16] + + or $t3,$b,$b + addl $t0,$e,$e + or $t1,@X[$j%16],@X[$j%16] +___ +$code.=<<___ if ($i<77); + zapnot @X[$i%16],0xf,@X[$i%16] +___ +$code.=<<___ if ($i==79); # with context fetch + sll $a,5,$t1 + addl $K,$e,$e + zapnot $a,0xf,$a + ldl @X[0],0($ctx) + + sll $b,30,$t3 + addl $t1,$e,$e + xor $b,$c,$t2 + ldl @X[1],4($ctx) + + srl $b,2,$b + addl @X[$i%16],$e,$e + xor $d,$t2,$t2 + ldl @X[2],8($ctx) + + srl $a,27,$t0 + addl $t2,$e,$e + ldl @X[3],12($ctx) + + or $t3,$b,$b + addl $t0,$e,$e + ldl @X[4],16($ctx) +___ +} + +sub BODY_40_59 { +my ($i,$a,$b,$c,$d,$e)=@_; +my $j=$i+1; +$code.=<<___; # with forward Xupdate + sll $a,5,$t1 + addl $K,$e,$e + zapnot $a,0xf,$a + xor @X[($j+2)%16],@X[$j%16],@X[$j%16] + + srl $a,27,$t0 + and $b,$c,$t2 + and $b,$d,$t3 + xor @X[($j+8)%16],@X[$j%16],@X[$j%16] + + sll $b,30,$b + addl $t1,$e,$e + xor @X[($j+13)%16],@X[$j%16],@X[$j%16] + + srl @X[$j%16],31,$t1 + addl $t0,$e,$e + or $t2,$t3,$t2 + and $c,$d,$t3 + + or $t2,$t3,$t2 + srl $b,32,$t3 + addl @X[$i%16],$e,$e + addl @X[$j%16],@X[$j%16],@X[$j%16] + + or $t3,$b,$b + addl $t2,$e,$e + or $t1,@X[$j%16],@X[$j%16] + zapnot @X[$i%16],0xf,@X[$i%16] +___ +} + +$code=<<___; +#include + +.text + +.set noat +.set noreorder +.globl sha1_block_data_order +.align 5 +.ent sha1_block_data_order +sha1_block_data_order: + lda sp,-64(sp) + stq ra,0(sp) + stq s0,8(sp) + stq s1,16(sp) + stq s2,24(sp) + stq s3,32(sp) + stq s4,40(sp) + stq s5,48(sp) + stq fp,56(sp) + .mask 0x0400fe00,-64 + .frame sp,64,ra + .prologue 0 + + ldl $A,0($ctx) + ldl $B,4($ctx) + sll $num,6,$num + ldl $C,8($ctx) + ldl $D,12($ctx) + ldl $E,16($ctx) + addq $inp,$num,$num + +.Lloop: + .set noreorder + ldah $K,23170(zero) + zapnot $B,0xf,$B + lda $K,31129($K) # K_00_19 +___ +for ($i=0;$i<20;$i++) { &BODY_00_19($i,@V); unshift(@V,pop(@V)); } + +$code.=<<___; + ldah $K,28378(zero) + lda $K,-5215($K) # K_20_39 +___ +for (;$i<40;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } + +$code.=<<___; + ldah $K,-28900(zero) + lda $K,-17188($K) # K_40_59 +___ +for (;$i<60;$i++) { &BODY_40_59($i,@V); unshift(@V,pop(@V)); } + +$code.=<<___; + ldah $K,-13725(zero) + lda $K,-15914($K) # K_60_79 +___ +for (;$i<80;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } + +$code.=<<___; + addl @X[0],$A,$A + addl @X[1],$B,$B + addl @X[2],$C,$C + addl @X[3],$D,$D + addl @X[4],$E,$E + stl $A,0($ctx) + stl $B,4($ctx) + addq $inp,64,$inp + stl $C,8($ctx) + stl $D,12($ctx) + stl $E,16($ctx) + cmpult $inp,$num,$t1 + bne $t1,.Lloop + + .set noreorder + ldq ra,0(sp) + ldq s0,8(sp) + ldq s1,16(sp) + ldq s2,24(sp) + ldq s3,32(sp) + ldq s4,40(sp) + ldq s5,48(sp) + ldq fp,56(sp) + lda sp,64(sp) + ret (ra) +.end sha1_block_data_order +.ascii "SHA1 block transform for Alpha, CRYPTOGAMS by " +.align 2 +___ +$output=shift and open STDOUT,">$output"; +print $code; +close STDOUT; diff --git a/src/lib/libcrypto/sha/asm/sha1-armv4-large.pl b/src/lib/libcrypto/sha/asm/sha1-armv4-large.pl new file mode 100644 index 00000000000..8f0cdaf83c8 --- /dev/null +++ b/src/lib/libcrypto/sha/asm/sha1-armv4-large.pl @@ -0,0 +1,248 @@ +#!/usr/bin/env perl + +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# sha1_block procedure for ARMv4. +# +# January 2007. + +# Size/performance trade-off +# ==================================================================== +# impl size in bytes comp cycles[*] measured performance +# ==================================================================== +# thumb 304 3212 4420 +# armv4-small 392/+29% 1958/+64% 2250/+96% +# armv4-compact 740/+89% 1552/+26% 1840/+22% +# armv4-large 1420/+92% 1307/+19% 1370/+34%[***] +# full unroll ~5100/+260% ~1260/+4% ~1300/+5% +# ==================================================================== +# thumb = same as 'small' but in Thumb instructions[**] and +# with recurring code in two private functions; +# small = detached Xload/update, loops are folded; +# compact = detached Xload/update, 5x unroll; +# large = interleaved Xload/update, 5x unroll; +# full unroll = interleaved Xload/update, full unroll, estimated[!]; +# +# [*] Manually counted instructions in "grand" loop body. Measured +# performance is affected by prologue and epilogue overhead, +# i-cache availability, branch penalties, etc. +# [**] While each Thumb instruction is twice smaller, they are not as +# diverse as ARM ones: e.g., there are only two arithmetic +# instructions with 3 arguments, no [fixed] rotate, addressing +# modes are limited. As result it takes more instructions to do +# the same job in Thumb, therefore the code is never twice as +# small and always slower. +# [***] which is also ~35% better than compiler generated code. Dual- +# issue Cortex A8 core was measured to process input block in +# ~990 cycles. + +# August 2010. +# +# Rescheduling for dual-issue pipeline resulted in 13% improvement on +# Cortex A8 core and in absolute terms ~870 cycles per input block +# [or 13.6 cycles per byte]. + +# February 2011. +# +# Profiler-assisted and platform-specific optimization resulted in 10% +# improvement on Cortex A8 core and 12.2 cycles per byte. + +while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} +open STDOUT,">$output"; + +$ctx="r0"; +$inp="r1"; +$len="r2"; +$a="r3"; +$b="r4"; +$c="r5"; +$d="r6"; +$e="r7"; +$K="r8"; +$t0="r9"; +$t1="r10"; +$t2="r11"; +$t3="r12"; +$Xi="r14"; +@V=($a,$b,$c,$d,$e); + +sub Xupdate { +my ($a,$b,$c,$d,$e,$opt1,$opt2)=@_; +$code.=<<___; + ldr $t0,[$Xi,#15*4] + ldr $t1,[$Xi,#13*4] + ldr $t2,[$Xi,#7*4] + add $e,$K,$e,ror#2 @ E+=K_xx_xx + ldr $t3,[$Xi,#2*4] + eor $t0,$t0,$t1 + eor $t2,$t2,$t3 @ 1 cycle stall + eor $t1,$c,$d @ F_xx_xx + mov $t0,$t0,ror#31 + add $e,$e,$a,ror#27 @ E+=ROR(A,27) + eor $t0,$t0,$t2,ror#31 + str $t0,[$Xi,#-4]! + $opt1 @ F_xx_xx + $opt2 @ F_xx_xx + add $e,$e,$t0 @ E+=X[i] +___ +} + +sub BODY_00_15 { +my ($a,$b,$c,$d,$e)=@_; +$code.=<<___; +#if __ARM_ARCH__<7 || defined(__STRICT_ALIGNMENT) + ldrb $t1,[$inp,#2] + ldrb $t0,[$inp,#3] + ldrb $t2,[$inp,#1] + add $e,$K,$e,ror#2 @ E+=K_00_19 + ldrb $t3,[$inp],#4 + orr $t0,$t0,$t1,lsl#8 + eor $t1,$c,$d @ F_xx_xx + orr $t0,$t0,$t2,lsl#16 + add $e,$e,$a,ror#27 @ E+=ROR(A,27) + orr $t0,$t0,$t3,lsl#24 +#else + ldr $t0,[$inp],#4 @ handles unaligned + add $e,$K,$e,ror#2 @ E+=K_00_19 + eor $t1,$c,$d @ F_xx_xx + add $e,$e,$a,ror#27 @ E+=ROR(A,27) +#ifdef __ARMEL__ + rev $t0,$t0 @ byte swap +#endif +#endif + and $t1,$b,$t1,ror#2 + add $e,$e,$t0 @ E+=X[i] + eor $t1,$t1,$d,ror#2 @ F_00_19(B,C,D) + str $t0,[$Xi,#-4]! + add $e,$e,$t1 @ E+=F_00_19(B,C,D) +___ +} + +sub BODY_16_19 { +my ($a,$b,$c,$d,$e)=@_; + &Xupdate(@_,"and $t1,$b,$t1,ror#2"); +$code.=<<___; + eor $t1,$t1,$d,ror#2 @ F_00_19(B,C,D) + add $e,$e,$t1 @ E+=F_00_19(B,C,D) +___ +} + +sub BODY_20_39 { +my ($a,$b,$c,$d,$e)=@_; + &Xupdate(@_,"eor $t1,$b,$t1,ror#2"); +$code.=<<___; + add $e,$e,$t1 @ E+=F_20_39(B,C,D) +___ +} + +sub BODY_40_59 { +my ($a,$b,$c,$d,$e)=@_; + &Xupdate(@_,"and $t1,$b,$t1,ror#2","and $t2,$c,$d"); +$code.=<<___; + add $e,$e,$t1 @ E+=F_40_59(B,C,D) + add $e,$e,$t2,ror#2 +___ +} + +$code=<<___; +#include "arm_arch.h" + +.text + +.global sha1_block_data_order +.type sha1_block_data_order,%function + +.align 2 +sha1_block_data_order: + stmdb sp!,{r4-r12,lr} + add $len,$inp,$len,lsl#6 @ $len to point at the end of $inp + ldmia $ctx,{$a,$b,$c,$d,$e} +.Lloop: + ldr $K,.LK_00_19 + mov $Xi,sp + sub sp,sp,#15*4 + mov $c,$c,ror#30 + mov $d,$d,ror#30 + mov $e,$e,ror#30 @ [6] +.L_00_15: +___ +for($i=0;$i<5;$i++) { + &BODY_00_15(@V); unshift(@V,pop(@V)); +} +$code.=<<___; + teq $Xi,sp + bne .L_00_15 @ [((11+4)*5+2)*3] + sub sp,sp,#25*4 +___ + &BODY_00_15(@V); unshift(@V,pop(@V)); + &BODY_16_19(@V); unshift(@V,pop(@V)); + &BODY_16_19(@V); unshift(@V,pop(@V)); + &BODY_16_19(@V); unshift(@V,pop(@V)); + &BODY_16_19(@V); unshift(@V,pop(@V)); +$code.=<<___; + + ldr $K,.LK_20_39 @ [+15+16*4] + cmn sp,#0 @ [+3], clear carry to denote 20_39 +.L_20_39_or_60_79: +___ +for($i=0;$i<5;$i++) { + &BODY_20_39(@V); unshift(@V,pop(@V)); +} +$code.=<<___; + teq $Xi,sp @ preserve carry + bne .L_20_39_or_60_79 @ [+((12+3)*5+2)*4] + bcs .L_done @ [+((12+3)*5+2)*4], spare 300 bytes + + ldr $K,.LK_40_59 + sub sp,sp,#20*4 @ [+2] +.L_40_59: +___ +for($i=0;$i<5;$i++) { + &BODY_40_59(@V); unshift(@V,pop(@V)); +} +$code.=<<___; + teq $Xi,sp + bne .L_40_59 @ [+((12+5)*5+2)*4] + + ldr $K,.LK_60_79 + sub sp,sp,#20*4 + cmp sp,#0 @ set carry to denote 60_79 + b .L_20_39_or_60_79 @ [+4], spare 300 bytes +.L_done: + add sp,sp,#80*4 @ "deallocate" stack frame + ldmia $ctx,{$K,$t0,$t1,$t2,$t3} + add $a,$K,$a + add $b,$t0,$b + add $c,$t1,$c,ror#2 + add $d,$t2,$d,ror#2 + add $e,$t3,$e,ror#2 + stmia $ctx,{$a,$b,$c,$d,$e} + teq $inp,$len + bne .Lloop @ [+18], total 1307 + +#if __ARM_ARCH__>=5 + ldmia sp!,{r4-r12,pc} +#else + ldmia sp!,{r4-r12,lr} + tst lr,#1 + moveq pc,lr @ be binary compatible with V4, yet + bx lr @ interoperable with Thumb ISA:-) +#endif +.align 2 +.LK_00_19: .word 0x5a827999 +.LK_20_39: .word 0x6ed9eba1 +.LK_40_59: .word 0x8f1bbcdc +.LK_60_79: .word 0xca62c1d6 +.size sha1_block_data_order,.-sha1_block_data_order +.asciz "SHA1 block transform for ARMv4, CRYPTOGAMS by " +.align 2 +___ + +$code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm; # make it possible to compile with -march=armv4 +print $code; +close STDOUT; # enforce flush diff --git a/src/lib/libcrypto/sha/asm/sha1-mips.pl b/src/lib/libcrypto/sha/asm/sha1-mips.pl new file mode 100644 index 00000000000..75fe7113e29 --- /dev/null +++ b/src/lib/libcrypto/sha/asm/sha1-mips.pl @@ -0,0 +1,350 @@ +#!/usr/bin/env perl + +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# SHA1 block procedure for MIPS. + +# Performance improvement is 30% on unaligned input. The "secret" is +# to deploy lwl/lwr pair to load unaligned input. One could have +# vectorized Xupdate on MIPSIII/IV, but the goal was to code MIPS32- +# compatible subroutine. There is room for minor optimization on +# little-endian platforms... + +###################################################################### +# There is a number of MIPS ABI in use, O32 and N32/64 are most +# widely used. Then there is a new contender: NUBI. It appears that if +# one picks the latter, it's possible to arrange code in ABI neutral +# manner. Therefore let's stick to NUBI register layout: +# +($zero,$at,$t0,$t1,$t2)=map("\$$_",(0..2,24,25)); +($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$$_",(4..11)); +($s0,$s1,$s2,$s3,$s4,$s5,$s6,$s7,$s8,$s9,$s10,$s11)=map("\$$_",(12..23)); +($gp,$tp,$sp,$fp,$ra)=map("\$$_",(3,28..31)); +# +# The return value is placed in $a0. Following coding rules facilitate +# interoperability: +# +# - never ever touch $tp, "thread pointer", former $gp; +# - copy return value to $t0, former $v0 [or to $a0 if you're adapting +# old code]; +# - on O32 populate $a4-$a7 with 'lw $aN,4*N($sp)' if necessary; +# +# For reference here is register layout for N32/64 MIPS ABIs: +# +# ($zero,$at,$v0,$v1)=map("\$$_",(0..3)); +# ($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$$_",(4..11)); +# ($t0,$t1,$t2,$t3,$t8,$t9)=map("\$$_",(12..15,24,25)); +# ($s0,$s1,$s2,$s3,$s4,$s5,$s6,$s7)=map("\$$_",(16..23)); +# ($gp,$sp,$fp,$ra)=map("\$$_",(28..31)); +# +$flavour = shift; # supported flavours are o32,n32,64,nubi32,nubi64 + +if ($flavour =~ /64|n32/i) { + $PTR_ADD="dadd"; # incidentally works even on n32 + $PTR_SUB="dsub"; # incidentally works even on n32 + $REG_S="sd"; + $REG_L="ld"; + $PTR_SLL="dsll"; # incidentally works even on n32 + $SZREG=8; +} else { + $PTR_ADD="add"; + $PTR_SUB="sub"; + $REG_S="sw"; + $REG_L="lw"; + $PTR_SLL="sll"; + $SZREG=4; +} +# +# +# +###################################################################### + +$big_endian=(`echo MIPSEL | $ENV{CC} -E -P -`=~/MIPSEL/)?1:0; + +for (@ARGV) { $output=$_ if (/^\w[\w\-]*\.\w+$/); } +open STDOUT,">$output"; + +if (!defined($big_endian)) + { $big_endian=(unpack('L',pack('N',1))==1); } + +# offsets of the Most and Least Significant Bytes +$MSB=$big_endian?0:3; +$LSB=3&~$MSB; + +@X=map("\$$_",(8..23)); # a4-a7,s0-s11 + +$ctx=$a0; +$inp=$a1; +$num=$a2; +$A="\$1"; +$B="\$2"; +$C="\$3"; +$D="\$7"; +$E="\$24"; @V=($A,$B,$C,$D,$E); +$t0="\$25"; +$t1=$num; # $num is offloaded to stack +$t2="\$30"; # fp +$K="\$31"; # ra + +sub BODY_00_14 { +my ($i,$a,$b,$c,$d,$e)=@_; +my $j=$i+1; +$code.=<<___ if (!$big_endian); + srl $t0,@X[$i],24 # byte swap($i) + srl $t1,@X[$i],8 + andi $t2,@X[$i],0xFF00 + sll @X[$i],@X[$i],24 + andi $t1,0xFF00 + sll $t2,$t2,8 + or @X[$i],$t0 + or $t1,$t2 + or @X[$i],$t1 +___ +$code.=<<___; + lwl @X[$j],$j*4+$MSB($inp) + sll $t0,$a,5 # $i + addu $e,$K + lwr @X[$j],$j*4+$LSB($inp) + srl $t1,$a,27 + addu $e,$t0 + xor $t0,$c,$d + addu $e,$t1 + sll $t2,$b,30 + and $t0,$b + srl $b,$b,2 + xor $t0,$d + addu $e,@X[$i] + or $b,$t2 + addu $e,$t0 +___ +} + +sub BODY_15_19 { +my ($i,$a,$b,$c,$d,$e)=@_; +my $j=$i+1; + +$code.=<<___ if (!$big_endian && $i==15); + srl $t0,@X[$i],24 # byte swap($i) + srl $t1,@X[$i],8 + andi $t2,@X[$i],0xFF00 + sll @X[$i],@X[$i],24 + andi $t1,0xFF00 + sll $t2,$t2,8 + or @X[$i],$t0 + or @X[$i],$t1 + or @X[$i],$t2 +___ +$code.=<<___; + xor @X[$j%16],@X[($j+2)%16] + sll $t0,$a,5 # $i + addu $e,$K + srl $t1,$a,27 + addu $e,$t0 + xor @X[$j%16],@X[($j+8)%16] + xor $t0,$c,$d + addu $e,$t1 + xor @X[$j%16],@X[($j+13)%16] + sll $t2,$b,30 + and $t0,$b + srl $t1,@X[$j%16],31 + addu @X[$j%16],@X[$j%16] + srl $b,$b,2 + xor $t0,$d + or @X[$j%16],$t1 + addu $e,@X[$i%16] + or $b,$t2 + addu $e,$t0 +___ +} + +sub BODY_20_39 { +my ($i,$a,$b,$c,$d,$e)=@_; +my $j=$i+1; +$code.=<<___ if ($i<79); + xor @X[$j%16],@X[($j+2)%16] + sll $t0,$a,5 # $i + addu $e,$K + srl $t1,$a,27 + addu $e,$t0 + xor @X[$j%16],@X[($j+8)%16] + xor $t0,$c,$d + addu $e,$t1 + xor @X[$j%16],@X[($j+13)%16] + sll $t2,$b,30 + xor $t0,$b + srl $t1,@X[$j%16],31 + addu @X[$j%16],@X[$j%16] + srl $b,$b,2 + addu $e,@X[$i%16] + or @X[$j%16],$t1 + or $b,$t2 + addu $e,$t0 +___ +$code.=<<___ if ($i==79); + lw @X[0],0($ctx) + sll $t0,$a,5 # $i + addu $e,$K + lw @X[1],4($ctx) + srl $t1,$a,27 + addu $e,$t0 + lw @X[2],8($ctx) + xor $t0,$c,$d + addu $e,$t1 + lw @X[3],12($ctx) + sll $t2,$b,30 + xor $t0,$b + lw @X[4],16($ctx) + srl $b,$b,2 + addu $e,@X[$i%16] + or $b,$t2 + addu $e,$t0 +___ +} + +sub BODY_40_59 { +my ($i,$a,$b,$c,$d,$e)=@_; +my $j=$i+1; +$code.=<<___ if ($i<79); + xor @X[$j%16],@X[($j+2)%16] + sll $t0,$a,5 # $i + addu $e,$K + srl $t1,$a,27 + addu $e,$t0 + xor @X[$j%16],@X[($j+8)%16] + and $t0,$c,$d + addu $e,$t1 + xor @X[$j%16],@X[($j+13)%16] + sll $t2,$b,30 + addu $e,$t0 + srl $t1,@X[$j%16],31 + xor $t0,$c,$d + addu @X[$j%16],@X[$j%16] + and $t0,$b + srl $b,$b,2 + or @X[$j%16],$t1 + addu $e,@X[$i%16] + or $b,$t2 + addu $e,$t0 +___ +} + +$FRAMESIZE=16; # large enough to accommodate NUBI saved registers +$SAVED_REGS_MASK = ($flavour =~ /nubi/i) ? 0xc0fff008 : 0xc0ff0000; + +$code=<<___; +.text + +.set noat +.set noreorder +.align 5 +.globl sha1_block_data_order +.ent sha1_block_data_order +sha1_block_data_order: + .frame $sp,$FRAMESIZE*$SZREG,$ra + .mask $SAVED_REGS_MASK,-$SZREG + .set noreorder + $PTR_SUB $sp,$FRAMESIZE*$SZREG + $REG_S $ra,($FRAMESIZE-1)*$SZREG($sp) + $REG_S $fp,($FRAMESIZE-2)*$SZREG($sp) + $REG_S $s11,($FRAMESIZE-3)*$SZREG($sp) + $REG_S $s10,($FRAMESIZE-4)*$SZREG($sp) + $REG_S $s9,($FRAMESIZE-5)*$SZREG($sp) + $REG_S $s8,($FRAMESIZE-6)*$SZREG($sp) + $REG_S $s7,($FRAMESIZE-7)*$SZREG($sp) + $REG_S $s6,($FRAMESIZE-8)*$SZREG($sp) + $REG_S $s5,($FRAMESIZE-9)*$SZREG($sp) + $REG_S $s4,($FRAMESIZE-10)*$SZREG($sp) +___ +$code.=<<___ if ($flavour =~ /nubi/i); # optimize non-nubi prologue + $REG_S $s3,($FRAMESIZE-11)*$SZREG($sp) + $REG_S $s2,($FRAMESIZE-12)*$SZREG($sp) + $REG_S $s1,($FRAMESIZE-13)*$SZREG($sp) + $REG_S $s0,($FRAMESIZE-14)*$SZREG($sp) + $REG_S $gp,($FRAMESIZE-15)*$SZREG($sp) +___ +$code.=<<___; + $PTR_SLL $num,6 + $PTR_ADD $num,$inp + $REG_S $num,0($sp) + lw $A,0($ctx) + lw $B,4($ctx) + lw $C,8($ctx) + lw $D,12($ctx) + b .Loop + lw $E,16($ctx) +.align 4 +.Loop: + .set reorder + lwl @X[0],$MSB($inp) + lui $K,0x5a82 + lwr @X[0],$LSB($inp) + ori $K,0x7999 # K_00_19 +___ +for ($i=0;$i<15;$i++) { &BODY_00_14($i,@V); unshift(@V,pop(@V)); } +for (;$i<20;$i++) { &BODY_15_19($i,@V); unshift(@V,pop(@V)); } +$code.=<<___; + lui $K,0x6ed9 + ori $K,0xeba1 # K_20_39 +___ +for (;$i<40;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } +$code.=<<___; + lui $K,0x8f1b + ori $K,0xbcdc # K_40_59 +___ +for (;$i<60;$i++) { &BODY_40_59($i,@V); unshift(@V,pop(@V)); } +$code.=<<___; + lui $K,0xca62 + ori $K,0xc1d6 # K_60_79 +___ +for (;$i<80;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } +$code.=<<___; + $PTR_ADD $inp,64 + $REG_L $num,0($sp) + + addu $A,$X[0] + addu $B,$X[1] + sw $A,0($ctx) + addu $C,$X[2] + addu $D,$X[3] + sw $B,4($ctx) + addu $E,$X[4] + sw $C,8($ctx) + sw $D,12($ctx) + sw $E,16($ctx) + .set noreorder + bne $inp,$num,.Loop + nop + + .set noreorder + $REG_L $ra,($FRAMESIZE-1)*$SZREG($sp) + $REG_L $fp,($FRAMESIZE-2)*$SZREG($sp) + $REG_L $s11,($FRAMESIZE-3)*$SZREG($sp) + $REG_L $s10,($FRAMESIZE-4)*$SZREG($sp) + $REG_L $s9,($FRAMESIZE-5)*$SZREG($sp) + $REG_L $s8,($FRAMESIZE-6)*$SZREG($sp) + $REG_L $s7,($FRAMESIZE-7)*$SZREG($sp) + $REG_L $s6,($FRAMESIZE-8)*$SZREG($sp) + $REG_L $s5,($FRAMESIZE-9)*$SZREG($sp) + $REG_L $s4,($FRAMESIZE-10)*$SZREG($sp) +___ +$code.=<<___ if ($flavour =~ /nubi/i); + $REG_L $s3,($FRAMESIZE-11)*$SZREG($sp) + $REG_L $s2,($FRAMESIZE-12)*$SZREG($sp) + $REG_L $s1,($FRAMESIZE-13)*$SZREG($sp) + $REG_L $s0,($FRAMESIZE-14)*$SZREG($sp) + $REG_L $gp,($FRAMESIZE-15)*$SZREG($sp) +___ +$code.=<<___; + jr $ra + $PTR_ADD $sp,$FRAMESIZE*$SZREG +.end sha1_block_data_order +.rdata +.asciiz "SHA1 for MIPS, CRYPTOGAMS by " +___ +print $code; +close STDOUT; diff --git a/src/lib/libcrypto/sha/asm/sha1-parisc.pl b/src/lib/libcrypto/sha/asm/sha1-parisc.pl new file mode 100644 index 00000000000..6cb46564224 --- /dev/null +++ b/src/lib/libcrypto/sha/asm/sha1-parisc.pl @@ -0,0 +1,266 @@ +#!/usr/bin/env perl + +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# SHA1 block procedure for PA-RISC. + +# June 2009. +# +# On PA-7100LC performance is >30% better than gcc 3.2 generated code +# for aligned input and >50% better for unaligned. Compared to vendor +# compiler on PA-8600 it's almost 60% faster in 64-bit build and just +# few percent faster in 32-bit one (this for aligned input, data for +# unaligned input is not available). +# +# Special thanks to polarhome.com for providing HP-UX account. + +$flavour = shift; +$output = shift; +open STDOUT,">$output"; + +if ($flavour =~ /64/) { + $LEVEL ="2.0W"; + $SIZE_T =8; + $FRAME_MARKER =80; + $SAVED_RP =16; + $PUSH ="std"; + $PUSHMA ="std,ma"; + $POP ="ldd"; + $POPMB ="ldd,mb"; +} else { + $LEVEL ="1.0"; + $SIZE_T =4; + $FRAME_MARKER =48; + $SAVED_RP =20; + $PUSH ="stw"; + $PUSHMA ="stwm"; + $POP ="ldw"; + $POPMB ="ldwm"; +} + +$FRAME=14*$SIZE_T+$FRAME_MARKER;# 14 saved regs + frame marker + # [+ argument transfer] +$ctx="%r26"; # arg0 +$inp="%r25"; # arg1 +$num="%r24"; # arg2 + +$t0="%r28"; +$t1="%r29"; +$K="%r31"; + +@X=("%r1", "%r2", "%r3", "%r4", "%r5", "%r6", "%r7", "%r8", + "%r9", "%r10","%r11","%r12","%r13","%r14","%r15","%r16",$t0); + +@V=($A,$B,$C,$D,$E)=("%r19","%r20","%r21","%r22","%r23"); + +sub BODY_00_19 { +my ($i,$a,$b,$c,$d,$e)=@_; +my $j=$i+1; +$code.=<<___ if ($i<15); + addl $K,$e,$e ; $i + shd $a,$a,27,$t1 + addl @X[$i],$e,$e + and $c,$b,$t0 + addl $t1,$e,$e + andcm $d,$b,$t1 + shd $b,$b,2,$b + or $t1,$t0,$t0 + addl $t0,$e,$e +___ +$code.=<<___ if ($i>=15); # with forward Xupdate + addl $K,$e,$e ; $i + shd $a,$a,27,$t1 + xor @X[($j+2)%16],@X[$j%16],@X[$j%16] + addl @X[$i%16],$e,$e + and $c,$b,$t0 + xor @X[($j+8)%16],@X[$j%16],@X[$j%16] + addl $t1,$e,$e + andcm $d,$b,$t1 + shd $b,$b,2,$b + or $t1,$t0,$t0 + xor @X[($j+13)%16],@X[$j%16],@X[$j%16] + add $t0,$e,$e + shd @X[$j%16],@X[$j%16],31,@X[$j%16] +___ +} + +sub BODY_20_39 { +my ($i,$a,$b,$c,$d,$e)=@_; +my $j=$i+1; +$code.=<<___ if ($i<79); + xor @X[($j+2)%16],@X[$j%16],@X[$j%16] ; $i + addl $K,$e,$e + shd $a,$a,27,$t1 + xor @X[($j+8)%16],@X[$j%16],@X[$j%16] + addl @X[$i%16],$e,$e + xor $b,$c,$t0 + xor @X[($j+13)%16],@X[$j%16],@X[$j%16] + addl $t1,$e,$e + shd $b,$b,2,$b + xor $d,$t0,$t0 + shd @X[$j%16],@X[$j%16],31,@X[$j%16] + addl $t0,$e,$e +___ +$code.=<<___ if ($i==79); # with context load + ldw 0($ctx),@X[0] ; $i + addl $K,$e,$e + shd $a,$a,27,$t1 + ldw 4($ctx),@X[1] + addl @X[$i%16],$e,$e + xor $b,$c,$t0 + ldw 8($ctx),@X[2] + addl $t1,$e,$e + shd $b,$b,2,$b + xor $d,$t0,$t0 + ldw 12($ctx),@X[3] + addl $t0,$e,$e + ldw 16($ctx),@X[4] +___ +} + +sub BODY_40_59 { +my ($i,$a,$b,$c,$d,$e)=@_; +my $j=$i+1; +$code.=<<___; + shd $a,$a,27,$t1 ; $i + addl $K,$e,$e + xor @X[($j+2)%16],@X[$j%16],@X[$j%16] + xor $d,$c,$t0 + addl @X[$i%16],$e,$e + xor @X[($j+8)%16],@X[$j%16],@X[$j%16] + and $b,$t0,$t0 + addl $t1,$e,$e + shd $b,$b,2,$b + xor @X[($j+13)%16],@X[$j%16],@X[$j%16] + addl $t0,$e,$e + and $d,$c,$t1 + shd @X[$j%16],@X[$j%16],31,@X[$j%16] + addl $t1,$e,$e +___ +} + +$code=<<___; + .LEVEL $LEVEL +#if 0 + .SPACE \$TEXT\$ + .SUBSPA \$CODE\$,QUAD=0,ALIGN=8,ACCESS=0x2C,CODE_ONLY +#else + .text +#endif + + .EXPORT sha1_block_data_order,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR +sha1_block_data_order + .PROC + .CALLINFO FRAME=`$FRAME-14*$SIZE_T`,NO_CALLS,SAVE_RP,ENTRY_GR=16 + .ENTRY + $PUSH %r2,-$SAVED_RP(%sp) ; standard prologue + $PUSHMA %r3,$FRAME(%sp) + $PUSH %r4,`-$FRAME+1*$SIZE_T`(%sp) + $PUSH %r5,`-$FRAME+2*$SIZE_T`(%sp) + $PUSH %r6,`-$FRAME+3*$SIZE_T`(%sp) + $PUSH %r7,`-$FRAME+4*$SIZE_T`(%sp) + $PUSH %r8,`-$FRAME+5*$SIZE_T`(%sp) + $PUSH %r9,`-$FRAME+6*$SIZE_T`(%sp) + $PUSH %r10,`-$FRAME+7*$SIZE_T`(%sp) + $PUSH %r11,`-$FRAME+8*$SIZE_T`(%sp) + $PUSH %r12,`-$FRAME+9*$SIZE_T`(%sp) + $PUSH %r13,`-$FRAME+10*$SIZE_T`(%sp) + $PUSH %r14,`-$FRAME+11*$SIZE_T`(%sp) + $PUSH %r15,`-$FRAME+12*$SIZE_T`(%sp) + $PUSH %r16,`-$FRAME+13*$SIZE_T`(%sp) + + ldw 0($ctx),$A + ldw 4($ctx),$B + ldw 8($ctx),$C + ldw 12($ctx),$D + ldw 16($ctx),$E + + extru $inp,31,2,$t0 ; t0=inp&3; + sh3addl $t0,%r0,$t0 ; t0*=8; + subi 32,$t0,$t0 ; t0=32-t0; + mtctl $t0,%cr11 ; %sar=t0; + +L\$oop + ldi 3,$t0 + andcm $inp,$t0,$t0 ; 64-bit neutral +___ + for ($i=0;$i<15;$i++) { # load input block + $code.="\tldw `4*$i`($t0),@X[$i]\n"; } +$code.=<<___; + cmpb,*= $inp,$t0,L\$aligned + ldw 60($t0),@X[15] + ldw 64($t0),@X[16] +___ + for ($i=0;$i<16;$i++) { # align input + $code.="\tvshd @X[$i],@X[$i+1],@X[$i]\n"; } +$code.=<<___; +L\$aligned + ldil L'0x5a827000,$K ; K_00_19 + ldo 0x999($K),$K +___ +for ($i=0;$i<20;$i++) { &BODY_00_19($i,@V); unshift(@V,pop(@V)); } +$code.=<<___; + ldil L'0x6ed9e000,$K ; K_20_39 + ldo 0xba1($K),$K +___ + +for (;$i<40;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } +$code.=<<___; + ldil L'0x8f1bb000,$K ; K_40_59 + ldo 0xcdc($K),$K +___ + +for (;$i<60;$i++) { &BODY_40_59($i,@V); unshift(@V,pop(@V)); } +$code.=<<___; + ldil L'0xca62c000,$K ; K_60_79 + ldo 0x1d6($K),$K +___ +for (;$i<80;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } + +$code.=<<___; + addl @X[0],$A,$A + addl @X[1],$B,$B + addl @X[2],$C,$C + addl @X[3],$D,$D + addl @X[4],$E,$E + stw $A,0($ctx) + stw $B,4($ctx) + stw $C,8($ctx) + stw $D,12($ctx) + stw $E,16($ctx) + addib,*<> -1,$num,L\$oop + ldo 64($inp),$inp + + $POP `-$FRAME-$SAVED_RP`(%sp),%r2 ; standard epilogue + $POP `-$FRAME+1*$SIZE_T`(%sp),%r4 + $POP `-$FRAME+2*$SIZE_T`(%sp),%r5 + $POP `-$FRAME+3*$SIZE_T`(%sp),%r6 + $POP `-$FRAME+4*$SIZE_T`(%sp),%r7 + $POP `-$FRAME+5*$SIZE_T`(%sp),%r8 + $POP `-$FRAME+6*$SIZE_T`(%sp),%r9 + $POP `-$FRAME+7*$SIZE_T`(%sp),%r10 + $POP `-$FRAME+8*$SIZE_T`(%sp),%r11 + $POP `-$FRAME+9*$SIZE_T`(%sp),%r12 + $POP `-$FRAME+10*$SIZE_T`(%sp),%r13 + $POP `-$FRAME+11*$SIZE_T`(%sp),%r14 + $POP `-$FRAME+12*$SIZE_T`(%sp),%r15 + $POP `-$FRAME+13*$SIZE_T`(%sp),%r16 + bv (%r2) + .EXIT + $POPMB -$FRAME(%sp),%r3 + .PROCEND + + .data + .STRINGZ "SHA1 block transform for PA-RISC, CRYPTOGAMS by " +___ + +$code =~ s/\`([^\`]*)\`/eval $1/gem; +$code =~ s/,\*/,/gm if ($SIZE_T==4); +$code =~ s/\bbv\b/bve/gm if ($SIZE_T==8); +print $code; +close STDOUT; diff --git a/src/lib/libcrypto/sha/asm/sha1-ppc.pl b/src/lib/libcrypto/sha/asm/sha1-ppc.pl new file mode 100755 index 00000000000..2140dd2f8dd --- /dev/null +++ b/src/lib/libcrypto/sha/asm/sha1-ppc.pl @@ -0,0 +1,326 @@ +#!/usr/bin/env perl + +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# I let hardware handle unaligned input(*), except on page boundaries +# (see below for details). Otherwise straightforward implementation +# with X vector in register bank. The module is big-endian [which is +# not big deal as there're no little-endian targets left around]. +# +# (*) this means that this module is inappropriate for PPC403? Does +# anybody know if pre-POWER3 can sustain unaligned load? + +# -m64 -m32 +# ---------------------------------- +# PPC970,gcc-4.0.0 +76% +59% +# Power6,xlc-7 +68% +33% + +$flavour = shift; + +if ($flavour =~ /64/) { + $SIZE_T =8; + $LRSAVE =2*$SIZE_T; + $UCMP ="cmpld"; + $STU ="stdu"; + $POP ="ld"; + $PUSH ="std"; +} elsif ($flavour =~ /32/) { + $SIZE_T =4; + $LRSAVE =$SIZE_T; + $UCMP ="cmplw"; + $STU ="stwu"; + $POP ="lwz"; + $PUSH ="stw"; +} else { die "nonsense $flavour"; } + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or +die "can't locate ppc-xlate.pl"; + +open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!"; + +$FRAME=24*$SIZE_T+64; +$LOCALS=6*$SIZE_T; + +$K ="r0"; +$sp ="r1"; +$toc="r2"; +$ctx="r3"; +$inp="r4"; +$num="r5"; +$t0 ="r15"; +$t1 ="r6"; + +$A ="r7"; +$B ="r8"; +$C ="r9"; +$D ="r10"; +$E ="r11"; +$T ="r12"; + +@V=($A,$B,$C,$D,$E,$T); +@X=("r16","r17","r18","r19","r20","r21","r22","r23", + "r24","r25","r26","r27","r28","r29","r30","r31"); + +sub BODY_00_19 { +my ($i,$a,$b,$c,$d,$e,$f)=@_; +my $j=$i+1; +$code.=<<___ if ($i==0); + lwz @X[$i],`$i*4`($inp) +___ +$code.=<<___ if ($i<15); + lwz @X[$j],`$j*4`($inp) + add $f,$K,$e + rotlwi $e,$a,5 + add $f,$f,@X[$i] + and $t0,$c,$b + add $f,$f,$e + andc $t1,$d,$b + rotlwi $b,$b,30 + or $t0,$t0,$t1 + add $f,$f,$t0 +___ +$code.=<<___ if ($i>=15); + add $f,$K,$e + rotlwi $e,$a,5 + xor @X[$j%16],@X[$j%16],@X[($j+2)%16] + add $f,$f,@X[$i%16] + and $t0,$c,$b + xor @X[$j%16],@X[$j%16],@X[($j+8)%16] + add $f,$f,$e + andc $t1,$d,$b + rotlwi $b,$b,30 + or $t0,$t0,$t1 + xor @X[$j%16],@X[$j%16],@X[($j+13)%16] + add $f,$f,$t0 + rotlwi @X[$j%16],@X[$j%16],1 +___ +} + +sub BODY_20_39 { +my ($i,$a,$b,$c,$d,$e,$f)=@_; +my $j=$i+1; +$code.=<<___ if ($i<79); + add $f,$K,$e + rotlwi $e,$a,5 + xor @X[$j%16],@X[$j%16],@X[($j+2)%16] + add $f,$f,@X[$i%16] + xor $t0,$b,$c + xor @X[$j%16],@X[$j%16],@X[($j+8)%16] + add $f,$f,$e + rotlwi $b,$b,30 + xor $t0,$t0,$d + xor @X[$j%16],@X[$j%16],@X[($j+13)%16] + add $f,$f,$t0 + rotlwi @X[$j%16],@X[$j%16],1 +___ +$code.=<<___ if ($i==79); + add $f,$K,$e + rotlwi $e,$a,5 + lwz r16,0($ctx) + add $f,$f,@X[$i%16] + xor $t0,$b,$c + lwz r17,4($ctx) + add $f,$f,$e + rotlwi $b,$b,30 + lwz r18,8($ctx) + xor $t0,$t0,$d + lwz r19,12($ctx) + add $f,$f,$t0 + lwz r20,16($ctx) +___ +} + +sub BODY_40_59 { +my ($i,$a,$b,$c,$d,$e,$f)=@_; +my $j=$i+1; +$code.=<<___; + add $f,$K,$e + rotlwi $e,$a,5 + xor @X[$j%16],@X[$j%16],@X[($j+2)%16] + add $f,$f,@X[$i%16] + and $t0,$b,$c + xor @X[$j%16],@X[$j%16],@X[($j+8)%16] + add $f,$f,$e + or $t1,$b,$c + rotlwi $b,$b,30 + xor @X[$j%16],@X[$j%16],@X[($j+13)%16] + and $t1,$t1,$d + or $t0,$t0,$t1 + rotlwi @X[$j%16],@X[$j%16],1 + add $f,$f,$t0 +___ +} + +$code=<<___; +.machine "any" +.text + +.globl .sha1_block_data_order +.align 4 +.sha1_block_data_order: + $STU $sp,-$FRAME($sp) + mflr r0 + $PUSH r15,`$FRAME-$SIZE_T*17`($sp) + $PUSH r16,`$FRAME-$SIZE_T*16`($sp) + $PUSH r17,`$FRAME-$SIZE_T*15`($sp) + $PUSH r18,`$FRAME-$SIZE_T*14`($sp) + $PUSH r19,`$FRAME-$SIZE_T*13`($sp) + $PUSH r20,`$FRAME-$SIZE_T*12`($sp) + $PUSH r21,`$FRAME-$SIZE_T*11`($sp) + $PUSH r22,`$FRAME-$SIZE_T*10`($sp) + $PUSH r23,`$FRAME-$SIZE_T*9`($sp) + $PUSH r24,`$FRAME-$SIZE_T*8`($sp) + $PUSH r25,`$FRAME-$SIZE_T*7`($sp) + $PUSH r26,`$FRAME-$SIZE_T*6`($sp) + $PUSH r27,`$FRAME-$SIZE_T*5`($sp) + $PUSH r28,`$FRAME-$SIZE_T*4`($sp) + $PUSH r29,`$FRAME-$SIZE_T*3`($sp) + $PUSH r30,`$FRAME-$SIZE_T*2`($sp) + $PUSH r31,`$FRAME-$SIZE_T*1`($sp) + $PUSH r0,`$FRAME+$LRSAVE`($sp) + lwz $A,0($ctx) + lwz $B,4($ctx) + lwz $C,8($ctx) + lwz $D,12($ctx) + lwz $E,16($ctx) + andi. r0,$inp,3 + bne Lunaligned +Laligned: + mtctr $num + bl Lsha1_block_private + b Ldone + +; PowerPC specification allows an implementation to be ill-behaved +; upon unaligned access which crosses page boundary. "Better safe +; than sorry" principle makes me treat it specially. But I don't +; look for particular offending word, but rather for 64-byte input +; block which crosses the boundary. Once found that block is aligned +; and hashed separately... +.align 4 +Lunaligned: + subfic $t1,$inp,4096 + andi. $t1,$t1,4095 ; distance to closest page boundary + srwi. $t1,$t1,6 ; t1/=64 + beq Lcross_page + $UCMP $num,$t1 + ble- Laligned ; didn't cross the page boundary + mtctr $t1 + subfc $num,$t1,$num + bl Lsha1_block_private +Lcross_page: + li $t1,16 + mtctr $t1 + addi r20,$sp,$LOCALS ; spot within the frame +Lmemcpy: + lbz r16,0($inp) + lbz r17,1($inp) + lbz r18,2($inp) + lbz r19,3($inp) + addi $inp,$inp,4 + stb r16,0(r20) + stb r17,1(r20) + stb r18,2(r20) + stb r19,3(r20) + addi r20,r20,4 + bdnz Lmemcpy + + $PUSH $inp,`$FRAME-$SIZE_T*18`($sp) + li $t1,1 + addi $inp,$sp,$LOCALS + mtctr $t1 + bl Lsha1_block_private + $POP $inp,`$FRAME-$SIZE_T*18`($sp) + addic. $num,$num,-1 + bne- Lunaligned + +Ldone: + $POP r0,`$FRAME+$LRSAVE`($sp) + $POP r15,`$FRAME-$SIZE_T*17`($sp) + $POP r16,`$FRAME-$SIZE_T*16`($sp) + $POP r17,`$FRAME-$SIZE_T*15`($sp) + $POP r18,`$FRAME-$SIZE_T*14`($sp) + $POP r19,`$FRAME-$SIZE_T*13`($sp) + $POP r20,`$FRAME-$SIZE_T*12`($sp) + $POP r21,`$FRAME-$SIZE_T*11`($sp) + $POP r22,`$FRAME-$SIZE_T*10`($sp) + $POP r23,`$FRAME-$SIZE_T*9`($sp) + $POP r24,`$FRAME-$SIZE_T*8`($sp) + $POP r25,`$FRAME-$SIZE_T*7`($sp) + $POP r26,`$FRAME-$SIZE_T*6`($sp) + $POP r27,`$FRAME-$SIZE_T*5`($sp) + $POP r28,`$FRAME-$SIZE_T*4`($sp) + $POP r29,`$FRAME-$SIZE_T*3`($sp) + $POP r30,`$FRAME-$SIZE_T*2`($sp) + $POP r31,`$FRAME-$SIZE_T*1`($sp) + mtlr r0 + addi $sp,$sp,$FRAME + blr + .long 0 + .byte 0,12,4,1,0x80,18,3,0 + .long 0 +___ + +# This is private block function, which uses tailored calling +# interface, namely upon entry SHA_CTX is pre-loaded to given +# registers and counter register contains amount of chunks to +# digest... +$code.=<<___; +.align 4 +Lsha1_block_private: +___ +$code.=<<___; # load K_00_19 + lis $K,0x5a82 + ori $K,$K,0x7999 +___ +for($i=0;$i<20;$i++) { &BODY_00_19($i,@V); unshift(@V,pop(@V)); } +$code.=<<___; # load K_20_39 + lis $K,0x6ed9 + ori $K,$K,0xeba1 +___ +for(;$i<40;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } +$code.=<<___; # load K_40_59 + lis $K,0x8f1b + ori $K,$K,0xbcdc +___ +for(;$i<60;$i++) { &BODY_40_59($i,@V); unshift(@V,pop(@V)); } +$code.=<<___; # load K_60_79 + lis $K,0xca62 + ori $K,$K,0xc1d6 +___ +for(;$i<80;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } +$code.=<<___; + add r16,r16,$E + add r17,r17,$T + add r18,r18,$A + add r19,r19,$B + add r20,r20,$C + stw r16,0($ctx) + mr $A,r16 + stw r17,4($ctx) + mr $B,r17 + stw r18,8($ctx) + mr $C,r18 + stw r19,12($ctx) + mr $D,r19 + stw r20,16($ctx) + mr $E,r20 + addi $inp,$inp,`16*4` + bdnz- Lsha1_block_private + blr + .long 0 + .byte 0,12,0x14,0,0,0,0,0 +___ +$code.=<<___; +.asciz "SHA1 block transform for PPC, CRYPTOGAMS by " +___ + +$code =~ s/\`([^\`]*)\`/eval $1/gem; +print $code; +close STDOUT; diff --git a/src/lib/libcrypto/sha/asm/sha1-sparcv9.pl b/src/lib/libcrypto/sha/asm/sha1-sparcv9.pl new file mode 100644 index 00000000000..5c161cecd69 --- /dev/null +++ b/src/lib/libcrypto/sha/asm/sha1-sparcv9.pl @@ -0,0 +1,284 @@ +#!/usr/bin/env perl + +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# Performance improvement is not really impressive on pre-T1 CPU: +8% +# over Sun C and +25% over gcc [3.3]. While on T1, a.k.a. Niagara, it +# turned to be 40% faster than 64-bit code generated by Sun C 5.8 and +# >2x than 64-bit code generated by gcc 3.4. And there is a gimmick. +# X[16] vector is packed to 8 64-bit registers and as result nothing +# is spilled on stack. In addition input data is loaded in compact +# instruction sequence, thus minimizing the window when the code is +# subject to [inter-thread] cache-thrashing hazard. The goal is to +# ensure scalability on UltraSPARC T1, or rather to avoid decay when +# amount of active threads exceeds the number of physical cores. + +$bits=32; +for (@ARGV) { $bits=64 if (/\-m64/ || /\-xarch\=v9/); } +if ($bits==64) { $bias=2047; $frame=192; } +else { $bias=0; $frame=112; } + +$output=shift; +open STDOUT,">$output"; + +@X=("%o0","%o1","%o2","%o3","%o4","%o5","%g1","%o7"); +$rot1m="%g2"; +$tmp64="%g3"; +$Xi="%g4"; +$A="%l0"; +$B="%l1"; +$C="%l2"; +$D="%l3"; +$E="%l4"; +@V=($A,$B,$C,$D,$E); +$K_00_19="%l5"; +$K_20_39="%l6"; +$K_40_59="%l7"; +$K_60_79="%g5"; +@K=($K_00_19,$K_20_39,$K_40_59,$K_60_79); + +$ctx="%i0"; +$inp="%i1"; +$len="%i2"; +$tmp0="%i3"; +$tmp1="%i4"; +$tmp2="%i5"; + +sub BODY_00_15 { +my ($i,$a,$b,$c,$d,$e)=@_; +my $xi=($i&1)?@X[($i/2)%8]:$Xi; + +$code.=<<___; + sll $a,5,$tmp0 !! $i + add @K[$i/20],$e,$e + srl $a,27,$tmp1 + add $tmp0,$e,$e + and $c,$b,$tmp0 + add $tmp1,$e,$e + sll $b,30,$tmp2 + andn $d,$b,$tmp1 + srl $b,2,$b + or $tmp1,$tmp0,$tmp1 + or $tmp2,$b,$b + add $xi,$e,$e +___ +if ($i&1 && $i<15) { + $code.= + " srlx @X[(($i+1)/2)%8],32,$Xi\n"; +} +$code.=<<___; + add $tmp1,$e,$e +___ +} + +sub Xupdate { +my ($i,$a,$b,$c,$d,$e)=@_; +my $j=$i/2; + +if ($i&1) { +$code.=<<___; + sll $a,5,$tmp0 !! $i + add @K[$i/20],$e,$e + srl $a,27,$tmp1 +___ +} else { +$code.=<<___; + sllx @X[($j+6)%8],32,$Xi ! Xupdate($i) + xor @X[($j+1)%8],@X[$j%8],@X[$j%8] + srlx @X[($j+7)%8],32,$tmp1 + xor @X[($j+4)%8],@X[$j%8],@X[$j%8] + sll $a,5,$tmp0 !! $i + or $tmp1,$Xi,$Xi + add @K[$i/20],$e,$e !! + xor $Xi,@X[$j%8],@X[$j%8] + srlx @X[$j%8],31,$Xi + add @X[$j%8],@X[$j%8],@X[$j%8] + and $Xi,$rot1m,$Xi + andn @X[$j%8],$rot1m,@X[$j%8] + srl $a,27,$tmp1 !! + or $Xi,@X[$j%8],@X[$j%8] +___ +} +} + +sub BODY_16_19 { +my ($i,$a,$b,$c,$d,$e)=@_; + + &Xupdate(@_); + if ($i&1) { + $xi=@X[($i/2)%8]; + } else { + $xi=$Xi; + $code.="\tsrlx @X[($i/2)%8],32,$xi\n"; + } +$code.=<<___; + add $tmp0,$e,$e !! + and $c,$b,$tmp0 + add $tmp1,$e,$e + sll $b,30,$tmp2 + add $xi,$e,$e + andn $d,$b,$tmp1 + srl $b,2,$b + or $tmp1,$tmp0,$tmp1 + or $tmp2,$b,$b + add $tmp1,$e,$e +___ +} + +sub BODY_20_39 { +my ($i,$a,$b,$c,$d,$e)=@_; +my $xi; + &Xupdate(@_); + if ($i&1) { + $xi=@X[($i/2)%8]; + } else { + $xi=$Xi; + $code.="\tsrlx @X[($i/2)%8],32,$xi\n"; + } +$code.=<<___; + add $tmp0,$e,$e !! + xor $c,$b,$tmp0 + add $tmp1,$e,$e + sll $b,30,$tmp2 + xor $d,$tmp0,$tmp1 + srl $b,2,$b + add $tmp1,$e,$e + or $tmp2,$b,$b + add $xi,$e,$e +___ +} + +sub BODY_40_59 { +my ($i,$a,$b,$c,$d,$e)=@_; +my $xi; + &Xupdate(@_); + if ($i&1) { + $xi=@X[($i/2)%8]; + } else { + $xi=$Xi; + $code.="\tsrlx @X[($i/2)%8],32,$xi\n"; + } +$code.=<<___; + add $tmp0,$e,$e !! + and $c,$b,$tmp0 + add $tmp1,$e,$e + sll $b,30,$tmp2 + or $c,$b,$tmp1 + srl $b,2,$b + and $d,$tmp1,$tmp1 + add $xi,$e,$e + or $tmp1,$tmp0,$tmp1 + or $tmp2,$b,$b + add $tmp1,$e,$e +___ +} + +$code.=<<___ if ($bits==64); +.register %g2,#scratch +.register %g3,#scratch +___ +$code.=<<___; +.section ".text",#alloc,#execinstr + +.align 32 +.globl sha1_block_data_order +sha1_block_data_order: + save %sp,-$frame,%sp + sllx $len,6,$len + add $inp,$len,$len + + or %g0,1,$rot1m + sllx $rot1m,32,$rot1m + or $rot1m,1,$rot1m + + ld [$ctx+0],$A + ld [$ctx+4],$B + ld [$ctx+8],$C + ld [$ctx+12],$D + ld [$ctx+16],$E + andn $inp,7,$tmp0 + + sethi %hi(0x5a827999),$K_00_19 + or $K_00_19,%lo(0x5a827999),$K_00_19 + sethi %hi(0x6ed9eba1),$K_20_39 + or $K_20_39,%lo(0x6ed9eba1),$K_20_39 + sethi %hi(0x8f1bbcdc),$K_40_59 + or $K_40_59,%lo(0x8f1bbcdc),$K_40_59 + sethi %hi(0xca62c1d6),$K_60_79 + or $K_60_79,%lo(0xca62c1d6),$K_60_79 + +.Lloop: + ldx [$tmp0+0],@X[0] + ldx [$tmp0+16],@X[2] + ldx [$tmp0+32],@X[4] + ldx [$tmp0+48],@X[6] + and $inp,7,$tmp1 + ldx [$tmp0+8],@X[1] + sll $tmp1,3,$tmp1 + ldx [$tmp0+24],@X[3] + subcc %g0,$tmp1,$tmp2 ! should be 64-$tmp1, but -$tmp1 works too + ldx [$tmp0+40],@X[5] + bz,pt %icc,.Laligned + ldx [$tmp0+56],@X[7] + + sllx @X[0],$tmp1,@X[0] + ldx [$tmp0+64],$tmp64 +___ +for($i=0;$i<7;$i++) +{ $code.=<<___; + srlx @X[$i+1],$tmp2,$Xi + sllx @X[$i+1],$tmp1,@X[$i+1] + or $Xi,@X[$i],@X[$i] +___ +} +$code.=<<___; + srlx $tmp64,$tmp2,$tmp64 + or $tmp64,@X[7],@X[7] +.Laligned: + srlx @X[0],32,$Xi +___ +for ($i=0;$i<16;$i++) { &BODY_00_15($i,@V); unshift(@V,pop(@V)); } +for (;$i<20;$i++) { &BODY_16_19($i,@V); unshift(@V,pop(@V)); } +for (;$i<40;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } +for (;$i<60;$i++) { &BODY_40_59($i,@V); unshift(@V,pop(@V)); } +for (;$i<80;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } +$code.=<<___; + + ld [$ctx+0],@X[0] + ld [$ctx+4],@X[1] + ld [$ctx+8],@X[2] + ld [$ctx+12],@X[3] + add $inp,64,$inp + ld [$ctx+16],@X[4] + cmp $inp,$len + + add $A,@X[0],$A + st $A,[$ctx+0] + add $B,@X[1],$B + st $B,[$ctx+4] + add $C,@X[2],$C + st $C,[$ctx+8] + add $D,@X[3],$D + st $D,[$ctx+12] + add $E,@X[4],$E + st $E,[$ctx+16] + + bne `$bits==64?"%xcc":"%icc"`,.Lloop + andn $inp,7,$tmp0 + + ret + restore +.type sha1_block_data_order,#function +.size sha1_block_data_order,(.-sha1_block_data_order) +.asciz "SHA1 block transform for SPARCv9, CRYPTOGAMS by " +.align 4 +___ + +$code =~ s/\`([^\`]*)\`/eval $1/gem; +print $code; +close STDOUT; diff --git a/src/lib/libcrypto/sha/asm/sha1-sparcv9a.pl b/src/lib/libcrypto/sha/asm/sha1-sparcv9a.pl new file mode 100644 index 00000000000..e65291bbd97 --- /dev/null +++ b/src/lib/libcrypto/sha/asm/sha1-sparcv9a.pl @@ -0,0 +1,601 @@ +#!/usr/bin/env perl + +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# January 2009 +# +# Provided that UltraSPARC VIS instructions are pipe-lined(*) and +# pairable(*) with IALU ones, offloading of Xupdate to the UltraSPARC +# Graphic Unit would make it possible to achieve higher instruction- +# level parallelism, ILP, and thus higher performance. It should be +# explicitly noted that ILP is the keyword, and it means that this +# code would be unsuitable for cores like UltraSPARC-Tx. The idea is +# not really novel, Sun had VIS-powered implementation for a while. +# Unlike Sun's implementation this one can process multiple unaligned +# input blocks, and as such works as drop-in replacement for OpenSSL +# sha1_block_data_order. Performance improvement was measured to be +# 40% over pure IALU sha1-sparcv9.pl on UltraSPARC-IIi, but 12% on +# UltraSPARC-III. See below for discussion... +# +# The module does not present direct interest for OpenSSL, because +# it doesn't provide better performance on contemporary SPARCv9 CPUs, +# UltraSPARC-Tx and SPARC64-V[II] to be specific. Those who feel they +# absolutely must score on UltraSPARC-I-IV can simply replace +# crypto/sha/asm/sha1-sparcv9.pl with this module. +# +# (*) "Pipe-lined" means that even if it takes several cycles to +# complete, next instruction using same functional unit [but not +# depending on the result of the current instruction] can start +# execution without having to wait for the unit. "Pairable" +# means that two [or more] independent instructions can be +# issued at the very same time. + +$bits=32; +for (@ARGV) { $bits=64 if (/\-m64/ || /\-xarch\=v9/); } +if ($bits==64) { $bias=2047; $frame=192; } +else { $bias=0; $frame=112; } + +$output=shift; +open STDOUT,">$output"; + +$ctx="%i0"; +$inp="%i1"; +$len="%i2"; +$tmp0="%i3"; +$tmp1="%i4"; +$tmp2="%i5"; +$tmp3="%g5"; + +$base="%g1"; +$align="%g4"; +$Xfer="%o5"; +$nXfer=$tmp3; +$Xi="%o7"; + +$A="%l0"; +$B="%l1"; +$C="%l2"; +$D="%l3"; +$E="%l4"; +@V=($A,$B,$C,$D,$E); + +$Actx="%o0"; +$Bctx="%o1"; +$Cctx="%o2"; +$Dctx="%o3"; +$Ectx="%o4"; + +$fmul="%f32"; +$VK_00_19="%f34"; +$VK_20_39="%f36"; +$VK_40_59="%f38"; +$VK_60_79="%f40"; +@VK=($VK_00_19,$VK_20_39,$VK_40_59,$VK_60_79); +@X=("%f0", "%f1", "%f2", "%f3", "%f4", "%f5", "%f6", "%f7", + "%f8", "%f9","%f10","%f11","%f12","%f13","%f14","%f15","%f16"); + +# This is reference 2x-parallelized VIS-powered Xupdate procedure. It +# covers even K_NN_MM addition... +sub Xupdate { +my ($i)=@_; +my $K=@VK[($i+16)/20]; +my $j=($i+16)%16; + +# [ provided that GSR.alignaddr_offset is 5, $mul contains +# 0x100ULL<<32|0x100 value and K_NN_MM are pre-loaded to +# chosen registers... ] +$code.=<<___; + fxors @X[($j+13)%16],@X[$j],@X[$j] !-1/-1/-1:X[0]^=X[13] + fxors @X[($j+14)%16],@X[$j+1],@X[$j+1]! 0/ 0/ 0:X[1]^=X[14] + fxor @X[($j+2)%16],@X[($j+8)%16],%f18! 1/ 1/ 1:Tmp=X[2,3]^X[8,9] + fxor %f18,@X[$j],@X[$j] ! 2/ 4/ 3:X[0,1]^=X[2,3]^X[8,9] + faligndata @X[$j],@X[$j],%f18 ! 3/ 7/ 5:Tmp=X[0,1]>>>24 + fpadd32 @X[$j],@X[$j],@X[$j] ! 4/ 8/ 6:X[0,1]<<=1 + fmul8ulx16 %f18,$fmul,%f18 ! 5/10/ 7:Tmp>>=7, Tmp&=1 + ![fxors %f15,%f2,%f2] + for %f18,@X[$j],@X[$j] ! 8/14/10:X[0,1]|=Tmp + ![fxors %f0,%f3,%f3] !10/17/12:X[0] dependency + fpadd32 $K,@X[$j],%f20 + std %f20,[$Xfer+`4*$j`] +___ +# The numbers delimited with slash are the earliest possible dispatch +# cycles for given instruction assuming 1 cycle latency for simple VIS +# instructions, such as on UltraSPARC-I&II, 3 cycles latency, such as +# on UltraSPARC-III&IV, and 2 cycles latency(*), respectively. Being +# 2x-parallelized the procedure is "worth" 5, 8.5 or 6 ticks per SHA1 +# round. As [long as] FPU/VIS instructions are perfectly pairable with +# IALU ones, the round timing is defined by the maximum between VIS +# and IALU timings. The latter varies from round to round and averages +# out at 6.25 ticks. This means that USI&II should operate at IALU +# rate, while USIII&IV - at VIS rate. This explains why performance +# improvement varies among processors. Well, given that pure IALU +# sha1-sparcv9.pl module exhibits virtually uniform performance of +# ~9.3 cycles per SHA1 round. Timings mentioned above are theoretical +# lower limits. Real-life performance was measured to be 6.6 cycles +# per SHA1 round on USIIi and 8.3 on USIII. The latter is lower than +# half-round VIS timing, because there are 16 Xupdate-free rounds, +# which "push down" average theoretical timing to 8 cycles... + +# (*) SPARC64-V[II] was originally believed to have 2 cycles VIS +# latency. Well, it might have, but it doesn't have dedicated +# VIS-unit. Instead, VIS instructions are executed by other +# functional units, ones used here - by IALU. This doesn't +# improve effective ILP... +} + +# The reference Xupdate procedure is then "strained" over *pairs* of +# BODY_NN_MM and kind of modulo-scheduled in respect to X[n]^=X[n+13] +# and K_NN_MM addition. It's "running" 15 rounds ahead, which leaves +# plenty of room to amortize for read-after-write hazard, as well as +# to fetch and align input for the next spin. The VIS instructions are +# scheduled for latency of 2 cycles, because there are not enough IALU +# instructions to schedule for latency of 3, while scheduling for 1 +# would give no gain on USI&II anyway. + +sub BODY_00_19 { +my ($i,$a,$b,$c,$d,$e)=@_; +my $j=$i&~1; +my $k=($j+16+2)%16; # ahead reference +my $l=($j+16-2)%16; # behind reference +my $K=@VK[($j+16-2)/20]; + +$j=($j+16)%16; + +$code.=<<___ if (!($i&1)); + sll $a,5,$tmp0 !! $i + and $c,$b,$tmp3 + ld [$Xfer+`4*($i%16)`],$Xi + fxors @X[($j+14)%16],@X[$j+1],@X[$j+1]! 0/ 0/ 0:X[1]^=X[14] + srl $a,27,$tmp1 + add $tmp0,$e,$e + fxor @X[($j+2)%16],@X[($j+8)%16],%f18! 1/ 1/ 1:Tmp=X[2,3]^X[8,9] + sll $b,30,$tmp2 + add $tmp1,$e,$e + andn $d,$b,$tmp1 + add $Xi,$e,$e + fxor %f18,@X[$j],@X[$j] ! 2/ 4/ 3:X[0,1]^=X[2,3]^X[8,9] + srl $b,2,$b + or $tmp1,$tmp3,$tmp1 + or $tmp2,$b,$b + add $tmp1,$e,$e + faligndata @X[$j],@X[$j],%f18 ! 3/ 7/ 5:Tmp=X[0,1]>>>24 +___ +$code.=<<___ if ($i&1); + sll $a,5,$tmp0 !! $i + and $c,$b,$tmp3 + ld [$Xfer+`4*($i%16)`],$Xi + fpadd32 @X[$j],@X[$j],@X[$j] ! 4/ 8/ 6:X[0,1]<<=1 + srl $a,27,$tmp1 + add $tmp0,$e,$e + fmul8ulx16 %f18,$fmul,%f18 ! 5/10/ 7:Tmp>>=7, Tmp&=1 + sll $b,30,$tmp2 + add $tmp1,$e,$e + fpadd32 $K,@X[$l],%f20 ! + andn $d,$b,$tmp1 + add $Xi,$e,$e + fxors @X[($k+13)%16],@X[$k],@X[$k] !-1/-1/-1:X[0]^=X[13] + srl $b,2,$b + or $tmp1,$tmp3,$tmp1 + fxor %f18,@X[$j],@X[$j] ! 8/14/10:X[0,1]|=Tmp + or $tmp2,$b,$b + add $tmp1,$e,$e +___ +$code.=<<___ if ($i&1 && $i>=2); + std %f20,[$Xfer+`4*$l`] ! +___ +} + +sub BODY_20_39 { +my ($i,$a,$b,$c,$d,$e)=@_; +my $j=$i&~1; +my $k=($j+16+2)%16; # ahead reference +my $l=($j+16-2)%16; # behind reference +my $K=@VK[($j+16-2)/20]; + +$j=($j+16)%16; + +$code.=<<___ if (!($i&1) && $i<64); + sll $a,5,$tmp0 !! $i + ld [$Xfer+`4*($i%16)`],$Xi + fxors @X[($j+14)%16],@X[$j+1],@X[$j+1]! 0/ 0/ 0:X[1]^=X[14] + srl $a,27,$tmp1 + add $tmp0,$e,$e + fxor @X[($j+2)%16],@X[($j+8)%16],%f18! 1/ 1/ 1:Tmp=X[2,3]^X[8,9] + xor $c,$b,$tmp0 + add $tmp1,$e,$e + sll $b,30,$tmp2 + xor $d,$tmp0,$tmp1 + fxor %f18,@X[$j],@X[$j] ! 2/ 4/ 3:X[0,1]^=X[2,3]^X[8,9] + srl $b,2,$b + add $tmp1,$e,$e + or $tmp2,$b,$b + add $Xi,$e,$e + faligndata @X[$j],@X[$j],%f18 ! 3/ 7/ 5:Tmp=X[0,1]>>>24 +___ +$code.=<<___ if ($i&1 && $i<64); + sll $a,5,$tmp0 !! $i + ld [$Xfer+`4*($i%16)`],$Xi + fpadd32 @X[$j],@X[$j],@X[$j] ! 4/ 8/ 6:X[0,1]<<=1 + srl $a,27,$tmp1 + add $tmp0,$e,$e + fmul8ulx16 %f18,$fmul,%f18 ! 5/10/ 7:Tmp>>=7, Tmp&=1 + xor $c,$b,$tmp0 + add $tmp1,$e,$e + fpadd32 $K,@X[$l],%f20 ! + sll $b,30,$tmp2 + xor $d,$tmp0,$tmp1 + fxors @X[($k+13)%16],@X[$k],@X[$k] !-1/-1/-1:X[0]^=X[13] + srl $b,2,$b + add $tmp1,$e,$e + fxor %f18,@X[$j],@X[$j] ! 8/14/10:X[0,1]|=Tmp + or $tmp2,$b,$b + add $Xi,$e,$e + std %f20,[$Xfer+`4*$l`] ! +___ +$code.=<<___ if ($i==64); + sll $a,5,$tmp0 !! $i + ld [$Xfer+`4*($i%16)`],$Xi + fpadd32 $K,@X[$l],%f20 + srl $a,27,$tmp1 + add $tmp0,$e,$e + xor $c,$b,$tmp0 + add $tmp1,$e,$e + sll $b,30,$tmp2 + xor $d,$tmp0,$tmp1 + std %f20,[$Xfer+`4*$l`] + srl $b,2,$b + add $tmp1,$e,$e + or $tmp2,$b,$b + add $Xi,$e,$e +___ +$code.=<<___ if ($i>64); + sll $a,5,$tmp0 !! $i + ld [$Xfer+`4*($i%16)`],$Xi + srl $a,27,$tmp1 + add $tmp0,$e,$e + xor $c,$b,$tmp0 + add $tmp1,$e,$e + sll $b,30,$tmp2 + xor $d,$tmp0,$tmp1 + srl $b,2,$b + add $tmp1,$e,$e + or $tmp2,$b,$b + add $Xi,$e,$e +___ +} + +sub BODY_40_59 { +my ($i,$a,$b,$c,$d,$e)=@_; +my $j=$i&~1; +my $k=($j+16+2)%16; # ahead reference +my $l=($j+16-2)%16; # behind reference +my $K=@VK[($j+16-2)/20]; + +$j=($j+16)%16; + +$code.=<<___ if (!($i&1)); + sll $a,5,$tmp0 !! $i + ld [$Xfer+`4*($i%16)`],$Xi + fxors @X[($j+14)%16],@X[$j+1],@X[$j+1]! 0/ 0/ 0:X[1]^=X[14] + srl $a,27,$tmp1 + add $tmp0,$e,$e + fxor @X[($j+2)%16],@X[($j+8)%16],%f18! 1/ 1/ 1:Tmp=X[2,3]^X[8,9] + and $c,$b,$tmp0 + add $tmp1,$e,$e + sll $b,30,$tmp2 + or $c,$b,$tmp1 + fxor %f18,@X[$j],@X[$j] ! 2/ 4/ 3:X[0,1]^=X[2,3]^X[8,9] + srl $b,2,$b + and $d,$tmp1,$tmp1 + add $Xi,$e,$e + or $tmp1,$tmp0,$tmp1 + faligndata @X[$j],@X[$j],%f18 ! 3/ 7/ 5:Tmp=X[0,1]>>>24 + or $tmp2,$b,$b + add $tmp1,$e,$e + fpadd32 @X[$j],@X[$j],@X[$j] ! 4/ 8/ 6:X[0,1]<<=1 +___ +$code.=<<___ if ($i&1); + sll $a,5,$tmp0 !! $i + ld [$Xfer+`4*($i%16)`],$Xi + srl $a,27,$tmp1 + add $tmp0,$e,$e + fmul8ulx16 %f18,$fmul,%f18 ! 5/10/ 7:Tmp>>=7, Tmp&=1 + and $c,$b,$tmp0 + add $tmp1,$e,$e + fpadd32 $K,@X[$l],%f20 ! + sll $b,30,$tmp2 + or $c,$b,$tmp1 + fxors @X[($k+13)%16],@X[$k],@X[$k] !-1/-1/-1:X[0]^=X[13] + srl $b,2,$b + and $d,$tmp1,$tmp1 + fxor %f18,@X[$j],@X[$j] ! 8/14/10:X[0,1]|=Tmp + add $Xi,$e,$e + or $tmp1,$tmp0,$tmp1 + or $tmp2,$b,$b + add $tmp1,$e,$e + std %f20,[$Xfer+`4*$l`] ! +___ +} + +# If there is more data to process, then we pre-fetch the data for +# next iteration in last ten rounds... +sub BODY_70_79 { +my ($i,$a,$b,$c,$d,$e)=@_; +my $j=$i&~1; +my $m=($i%8)*2; + +$j=($j+16)%16; + +$code.=<<___ if ($i==70); + sll $a,5,$tmp0 !! $i + ld [$Xfer+`4*($i%16)`],$Xi + srl $a,27,$tmp1 + add $tmp0,$e,$e + ldd [$inp+64],@X[0] + xor $c,$b,$tmp0 + add $tmp1,$e,$e + sll $b,30,$tmp2 + xor $d,$tmp0,$tmp1 + srl $b,2,$b + add $tmp1,$e,$e + or $tmp2,$b,$b + add $Xi,$e,$e + + and $inp,-64,$nXfer + inc 64,$inp + and $nXfer,255,$nXfer + alignaddr %g0,$align,%g0 + add $base,$nXfer,$nXfer +___ +$code.=<<___ if ($i==71); + sll $a,5,$tmp0 !! $i + ld [$Xfer+`4*($i%16)`],$Xi + srl $a,27,$tmp1 + add $tmp0,$e,$e + xor $c,$b,$tmp0 + add $tmp1,$e,$e + sll $b,30,$tmp2 + xor $d,$tmp0,$tmp1 + srl $b,2,$b + add $tmp1,$e,$e + or $tmp2,$b,$b + add $Xi,$e,$e +___ +$code.=<<___ if ($i>=72); + faligndata @X[$m],@X[$m+2],@X[$m] + sll $a,5,$tmp0 !! $i + ld [$Xfer+`4*($i%16)`],$Xi + srl $a,27,$tmp1 + add $tmp0,$e,$e + xor $c,$b,$tmp0 + add $tmp1,$e,$e + fpadd32 $VK_00_19,@X[$m],%f20 + sll $b,30,$tmp2 + xor $d,$tmp0,$tmp1 + srl $b,2,$b + add $tmp1,$e,$e + or $tmp2,$b,$b + add $Xi,$e,$e +___ +$code.=<<___ if ($i<77); + ldd [$inp+`8*($i+1-70)`],@X[2*($i+1-70)] +___ +$code.=<<___ if ($i==77); # redundant if $inp was aligned + add $align,63,$tmp0 + and $tmp0,-8,$tmp0 + ldd [$inp+$tmp0],@X[16] +___ +$code.=<<___ if ($i>=72); + std %f20,[$nXfer+`4*$m`] +___ +} + +$code.=<<___; +.section ".text",#alloc,#execinstr + +.align 64 +vis_const: +.long 0x5a827999,0x5a827999 ! K_00_19 +.long 0x6ed9eba1,0x6ed9eba1 ! K_20_39 +.long 0x8f1bbcdc,0x8f1bbcdc ! K_40_59 +.long 0xca62c1d6,0xca62c1d6 ! K_60_79 +.long 0x00000100,0x00000100 +.align 64 +.type vis_const,#object +.size vis_const,(.-vis_const) + +.globl sha1_block_data_order +sha1_block_data_order: + save %sp,-$frame,%sp + add %fp,$bias-256,$base + +1: call .+8 + add %o7,vis_const-1b,$tmp0 + + ldd [$tmp0+0],$VK_00_19 + ldd [$tmp0+8],$VK_20_39 + ldd [$tmp0+16],$VK_40_59 + ldd [$tmp0+24],$VK_60_79 + ldd [$tmp0+32],$fmul + + ld [$ctx+0],$Actx + and $base,-256,$base + ld [$ctx+4],$Bctx + sub $base,$bias+$frame,%sp + ld [$ctx+8],$Cctx + and $inp,7,$align + ld [$ctx+12],$Dctx + and $inp,-8,$inp + ld [$ctx+16],$Ectx + + ! X[16] is maintained in FP register bank + alignaddr %g0,$align,%g0 + ldd [$inp+0],@X[0] + sub $inp,-64,$Xfer + ldd [$inp+8],@X[2] + and $Xfer,-64,$Xfer + ldd [$inp+16],@X[4] + and $Xfer,255,$Xfer + ldd [$inp+24],@X[6] + add $base,$Xfer,$Xfer + ldd [$inp+32],@X[8] + ldd [$inp+40],@X[10] + ldd [$inp+48],@X[12] + brz,pt $align,.Laligned + ldd [$inp+56],@X[14] + + ldd [$inp+64],@X[16] + faligndata @X[0],@X[2],@X[0] + faligndata @X[2],@X[4],@X[2] + faligndata @X[4],@X[6],@X[4] + faligndata @X[6],@X[8],@X[6] + faligndata @X[8],@X[10],@X[8] + faligndata @X[10],@X[12],@X[10] + faligndata @X[12],@X[14],@X[12] + faligndata @X[14],@X[16],@X[14] + +.Laligned: + mov 5,$tmp0 + dec 1,$len + alignaddr %g0,$tmp0,%g0 + fpadd32 $VK_00_19,@X[0],%f16 + fpadd32 $VK_00_19,@X[2],%f18 + fpadd32 $VK_00_19,@X[4],%f20 + fpadd32 $VK_00_19,@X[6],%f22 + fpadd32 $VK_00_19,@X[8],%f24 + fpadd32 $VK_00_19,@X[10],%f26 + fpadd32 $VK_00_19,@X[12],%f28 + fpadd32 $VK_00_19,@X[14],%f30 + std %f16,[$Xfer+0] + mov $Actx,$A + std %f18,[$Xfer+8] + mov $Bctx,$B + std %f20,[$Xfer+16] + mov $Cctx,$C + std %f22,[$Xfer+24] + mov $Dctx,$D + std %f24,[$Xfer+32] + mov $Ectx,$E + std %f26,[$Xfer+40] + fxors @X[13],@X[0],@X[0] + std %f28,[$Xfer+48] + ba .Loop + std %f30,[$Xfer+56] +.align 32 +.Loop: +___ +for ($i=0;$i<20;$i++) { &BODY_00_19($i,@V); unshift(@V,pop(@V)); } +for (;$i<40;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } +for (;$i<60;$i++) { &BODY_40_59($i,@V); unshift(@V,pop(@V)); } +for (;$i<70;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } +$code.=<<___; + tst $len + bz,pn `$bits==32?"%icc":"%xcc"`,.Ltail + nop +___ +for (;$i<80;$i++) { &BODY_70_79($i,@V); unshift(@V,pop(@V)); } +$code.=<<___; + add $A,$Actx,$Actx + add $B,$Bctx,$Bctx + add $C,$Cctx,$Cctx + add $D,$Dctx,$Dctx + add $E,$Ectx,$Ectx + mov 5,$tmp0 + fxors @X[13],@X[0],@X[0] + mov $Actx,$A + mov $Bctx,$B + mov $Cctx,$C + mov $Dctx,$D + mov $Ectx,$E + alignaddr %g0,$tmp0,%g0 + dec 1,$len + ba .Loop + mov $nXfer,$Xfer + +.align 32 +.Ltail: +___ +for($i=70;$i<80;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } +$code.=<<___; + add $A,$Actx,$Actx + add $B,$Bctx,$Bctx + add $C,$Cctx,$Cctx + add $D,$Dctx,$Dctx + add $E,$Ectx,$Ectx + + st $Actx,[$ctx+0] + st $Bctx,[$ctx+4] + st $Cctx,[$ctx+8] + st $Dctx,[$ctx+12] + st $Ectx,[$ctx+16] + + ret + restore +.type sha1_block_data_order,#function +.size sha1_block_data_order,(.-sha1_block_data_order) +.asciz "SHA1 block transform for SPARCv9a, CRYPTOGAMS by " +.align 4 +___ + +# Purpose of these subroutines is to explicitly encode VIS instructions, +# so that one can compile the module without having to specify VIS +# extentions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a. +# Idea is to reserve for option to produce "universal" binary and let +# programmer detect if current CPU is VIS capable at run-time. +sub unvis { +my ($mnemonic,$rs1,$rs2,$rd)=@_; +my ($ref,$opf); +my %visopf = ( "fmul8ulx16" => 0x037, + "faligndata" => 0x048, + "fpadd32" => 0x052, + "fxor" => 0x06c, + "fxors" => 0x06d ); + + $ref = "$mnemonic\t$rs1,$rs2,$rd"; + + if ($opf=$visopf{$mnemonic}) { + foreach ($rs1,$rs2,$rd) { + return $ref if (!/%f([0-9]{1,2})/); + $_=$1; + if ($1>=32) { + return $ref if ($1&1); + # re-encode for upper double register addressing + $_=($1|$1>>5)&31; + } + } + + return sprintf ".word\t0x%08x !%s", + 0x81b00000|$rd<<25|$rs1<<14|$opf<<5|$rs2, + $ref; + } else { + return $ref; + } +} +sub unalignaddr { +my ($mnemonic,$rs1,$rs2,$rd)=@_; +my %bias = ( "g" => 0, "o" => 8, "l" => 16, "i" => 24 ); +my $ref="$mnemonic\t$rs1,$rs2,$rd"; + + foreach ($rs1,$rs2,$rd) { + if (/%([goli])([0-7])/) { $_=$bias{$1}+$2; } + else { return $ref; } + } + return sprintf ".word\t0x%08x !%s", + 0x81b00300|$rd<<25|$rs1<<14|$rs2, + $ref; +} + +$code =~ s/\`([^\`]*)\`/eval $1/gem; +$code =~ s/\b(f[^\s]*)\s+(%f[0-9]{1,2}),(%f[0-9]{1,2}),(%f[0-9]{1,2})/ + &unvis($1,$2,$3,$4) + /gem; +$code =~ s/\b(alignaddr)\s+(%[goli][0-7]),(%[goli][0-7]),(%[goli][0-7])/ + &unalignaddr($1,$2,$3,$4) + /gem; +print $code; +close STDOUT; diff --git a/src/lib/libcrypto/sha/asm/sha1-thumb.pl b/src/lib/libcrypto/sha/asm/sha1-thumb.pl new file mode 100644 index 00000000000..7c9ea9b0296 --- /dev/null +++ b/src/lib/libcrypto/sha/asm/sha1-thumb.pl @@ -0,0 +1,259 @@ +#!/usr/bin/env perl + +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# sha1_block for Thumb. +# +# January 2007. +# +# The code does not present direct interest to OpenSSL, because of low +# performance. Its purpose is to establish _size_ benchmark. Pretty +# useless one I must say, because 30% or 88 bytes larger ARMv4 code +# [avialable on demand] is almost _twice_ as fast. It should also be +# noted that in-lining of .Lcommon and .Lrotate improves performance +# by over 40%, while code increases by only 10% or 32 bytes. But once +# again, the goal was to establish _size_ benchmark, not performance. + +$output=shift; +open STDOUT,">$output"; + +$inline=0; +#$cheat_on_binutils=1; + +$t0="r0"; +$t1="r1"; +$t2="r2"; +$a="r3"; +$b="r4"; +$c="r5"; +$d="r6"; +$e="r7"; +$K="r8"; # "upper" registers can be used in add/sub and mov insns +$ctx="r9"; +$inp="r10"; +$len="r11"; +$Xi="r12"; + +sub common { +<<___; + sub $t0,#4 + ldr $t1,[$t0] + add $e,$K @ E+=K_xx_xx + lsl $t2,$a,#5 + add $t2,$e + lsr $e,$a,#27 + add $t2,$e @ E+=ROR(A,27) + add $t2,$t1 @ E+=X[i] +___ +} +sub rotate { +<<___; + mov $e,$d @ E=D + mov $d,$c @ D=C + lsl $c,$b,#30 + lsr $b,$b,#2 + orr $c,$b @ C=ROR(B,2) + mov $b,$a @ B=A + add $a,$t2,$t1 @ A=E+F_xx_xx(B,C,D) +___ +} + +sub BODY_00_19 { +$code.=$inline?&common():"\tbl .Lcommon\n"; +$code.=<<___; + mov $t1,$c + eor $t1,$d + and $t1,$b + eor $t1,$d @ F_00_19(B,C,D) +___ +$code.=$inline?&rotate():"\tbl .Lrotate\n"; +} + +sub BODY_20_39 { +$code.=$inline?&common():"\tbl .Lcommon\n"; +$code.=<<___; + mov $t1,$b + eor $t1,$c + eor $t1,$d @ F_20_39(B,C,D) +___ +$code.=$inline?&rotate():"\tbl .Lrotate\n"; +} + +sub BODY_40_59 { +$code.=$inline?&common():"\tbl .Lcommon\n"; +$code.=<<___; + mov $t1,$b + and $t1,$c + mov $e,$b + orr $e,$c + and $e,$d + orr $t1,$e @ F_40_59(B,C,D) +___ +$code.=$inline?&rotate():"\tbl .Lrotate\n"; +} + +$code=<<___; +.text +.code 16 + +.global sha1_block_data_order +.type sha1_block_data_order,%function + +.align 2 +sha1_block_data_order: +___ +if ($cheat_on_binutils) { +$code.=<<___; +.code 32 + add r3,pc,#1 + bx r3 @ switch to Thumb ISA +.code 16 +___ +} +$code.=<<___; + push {r4-r7} + mov r3,r8 + mov r4,r9 + mov r5,r10 + mov r6,r11 + mov r7,r12 + push {r3-r7,lr} + lsl r2,#6 + mov $ctx,r0 @ save context + mov $inp,r1 @ save inp + mov $len,r2 @ save len + add $len,$inp @ $len to point at inp end + +.Lloop: + mov $Xi,sp + mov $t2,sp + sub $t2,#16*4 @ [3] +.LXload: + ldrb $a,[$t1,#0] @ $t1 is r1 and holds inp + ldrb $b,[$t1,#1] + ldrb $c,[$t1,#2] + ldrb $d,[$t1,#3] + lsl $a,#24 + lsl $b,#16 + lsl $c,#8 + orr $a,$b + orr $a,$c + orr $a,$d + add $t1,#4 + push {$a} + cmp sp,$t2 + bne .LXload @ [+14*16] + + mov $inp,$t1 @ update $inp + sub $t2,#32*4 + sub $t2,#32*4 + mov $e,#31 @ [+4] +.LXupdate: + ldr $a,[sp,#15*4] + ldr $b,[sp,#13*4] + ldr $c,[sp,#7*4] + ldr $d,[sp,#2*4] + eor $a,$b + eor $a,$c + eor $a,$d + ror $a,$e + push {$a} + cmp sp,$t2 + bne .LXupdate @ [+(11+1)*64] + + ldmia $t0!,{$a,$b,$c,$d,$e} @ $t0 is r0 and holds ctx + mov $t0,$Xi + + ldr $t2,.LK_00_19 + mov $t1,$t0 + sub $t1,#20*4 + mov $Xi,$t1 + mov $K,$t2 @ [+7+4] +.L_00_19: +___ + &BODY_00_19(); +$code.=<<___; + cmp $Xi,$t0 + bne .L_00_19 @ [+(2+9+4+2+8+2)*20] + + ldr $t2,.LK_20_39 + mov $t1,$t0 + sub $t1,#20*4 + mov $Xi,$t1 + mov $K,$t2 @ [+5] +.L_20_39_or_60_79: +___ + &BODY_20_39(); +$code.=<<___; + cmp $Xi,$t0 + bne .L_20_39_or_60_79 @ [+(2+9+3+2+8+2)*20*2] + cmp sp,$t0 + beq .Ldone @ [+2] + + ldr $t2,.LK_40_59 + mov $t1,$t0 + sub $t1,#20*4 + mov $Xi,$t1 + mov $K,$t2 @ [+5] +.L_40_59: +___ + &BODY_40_59(); +$code.=<<___; + cmp $Xi,$t0 + bne .L_40_59 @ [+(2+9+6+2+8+2)*20] + + ldr $t2,.LK_60_79 + mov $Xi,sp + mov $K,$t2 + b .L_20_39_or_60_79 @ [+4] +.Ldone: + mov $t0,$ctx + ldr $t1,[$t0,#0] + ldr $t2,[$t0,#4] + add $a,$t1 + ldr $t1,[$t0,#8] + add $b,$t2 + ldr $t2,[$t0,#12] + add $c,$t1 + ldr $t1,[$t0,#16] + add $d,$t2 + add $e,$t1 + stmia $t0!,{$a,$b,$c,$d,$e} @ [+20] + + add sp,#80*4 @ deallocate stack frame + mov $t0,$ctx @ restore ctx + mov $t1,$inp @ restore inp + cmp $t1,$len + beq .Lexit + b .Lloop @ [+6] total 3212 cycles +.Lexit: + pop {r2-r7} + mov r8,r2 + mov r9,r3 + mov r10,r4 + mov r11,r5 + mov r12,r6 + mov lr,r7 + pop {r4-r7} + bx lr +.align 2 +___ +$code.=".Lcommon:\n".&common()."\tmov pc,lr\n" if (!$inline); +$code.=".Lrotate:\n".&rotate()."\tmov pc,lr\n" if (!$inline); +$code.=<<___; +.align 2 +.LK_00_19: .word 0x5a827999 +.LK_20_39: .word 0x6ed9eba1 +.LK_40_59: .word 0x8f1bbcdc +.LK_60_79: .word 0xca62c1d6 +.size sha1_block_data_order,.-sha1_block_data_order +.asciz "SHA1 block transform for Thumb, CRYPTOGAMS by " +___ + +print $code; +close STDOUT; # enforce flush diff --git a/src/lib/libcrypto/sha/asm/sha1-x86_64.pl b/src/lib/libcrypto/sha/asm/sha1-x86_64.pl new file mode 100755 index 00000000000..147d21570bc --- /dev/null +++ b/src/lib/libcrypto/sha/asm/sha1-x86_64.pl @@ -0,0 +1,1262 @@ +#!/usr/bin/env perl +# +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== +# +# sha1_block procedure for x86_64. +# +# It was brought to my attention that on EM64T compiler-generated code +# was far behind 32-bit assembler implementation. This is unlike on +# Opteron where compiler-generated code was only 15% behind 32-bit +# assembler, which originally made it hard to motivate the effort. +# There was suggestion to mechanically translate 32-bit code, but I +# dismissed it, reasoning that x86_64 offers enough register bank +# capacity to fully utilize SHA-1 parallelism. Therefore this fresh +# implementation:-) However! While 64-bit code does perform better +# on Opteron, I failed to beat 32-bit assembler on EM64T core. Well, +# x86_64 does offer larger *addressable* bank, but out-of-order core +# reaches for even more registers through dynamic aliasing, and EM64T +# core must have managed to run-time optimize even 32-bit code just as +# good as 64-bit one. Performance improvement is summarized in the +# following table: +# +# gcc 3.4 32-bit asm cycles/byte +# Opteron +45% +20% 6.8 +# Xeon P4 +65% +0% 9.9 +# Core2 +60% +10% 7.0 + +# August 2009. +# +# The code was revised to minimize code size and to maximize +# "distance" between instructions producing input to 'lea' +# instruction and the 'lea' instruction itself, which is essential +# for Intel Atom core. + +# October 2010. +# +# Add SSSE3, Supplemental[!] SSE3, implementation. The idea behind it +# is to offload message schedule denoted by Wt in NIST specification, +# or Xupdate in OpenSSL source, to SIMD unit. See sha1-586.pl module +# for background and implementation details. The only difference from +# 32-bit code is that 64-bit code doesn't have to spill @X[] elements +# to free temporary registers. + +# April 2011. +# +# Add AVX code path. See sha1-586.pl for further information. + +###################################################################### +# Current performance is summarized in following table. Numbers are +# CPU clock cycles spent to process single byte (less is better). +# +# x86_64 SSSE3 AVX +# P4 9.8 - +# Opteron 6.6 - +# Core2 6.7 6.1/+10% - +# Atom 11.0 9.7/+13% - +# Westmere 7.1 5.6/+27% - +# Sandy Bridge 7.9 6.3/+25% 5.2/+51% + +$flavour = shift; +$output = shift; +if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } + +$win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or +die "can't locate x86_64-xlate.pl"; + +$avx=1 if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1` + =~ /GNU assembler version ([2-9]\.[0-9]+)/ && + $1>=2.19); +$avx=1 if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) && + `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/ && + $1>=2.09); +$avx=1 if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) && + `ml64 2>&1` =~ /Version ([0-9]+)\./ && + $1>=10); + +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; + +$ctx="%rdi"; # 1st arg +$inp="%rsi"; # 2nd arg +$num="%rdx"; # 3rd arg + +# reassign arguments in order to produce more compact code +$ctx="%r8"; +$inp="%r9"; +$num="%r10"; + +$t0="%eax"; +$t1="%ebx"; +$t2="%ecx"; +@xi=("%edx","%ebp"); +$A="%esi"; +$B="%edi"; +$C="%r11d"; +$D="%r12d"; +$E="%r13d"; + +@V=($A,$B,$C,$D,$E); + +sub BODY_00_19 { +my ($i,$a,$b,$c,$d,$e)=@_; +my $j=$i+1; +$code.=<<___ if ($i==0); + mov `4*$i`($inp),$xi[0] + bswap $xi[0] + mov $xi[0],`4*$i`(%rsp) +___ +$code.=<<___ if ($i<15); + mov $c,$t0 + mov `4*$j`($inp),$xi[1] + mov $a,$t2 + xor $d,$t0 + bswap $xi[1] + rol \$5,$t2 + lea 0x5a827999($xi[0],$e),$e + and $b,$t0 + mov $xi[1],`4*$j`(%rsp) + add $t2,$e + xor $d,$t0 + rol \$30,$b + add $t0,$e +___ +$code.=<<___ if ($i>=15); + mov `4*($j%16)`(%rsp),$xi[1] + mov $c,$t0 + mov $a,$t2 + xor `4*(($j+2)%16)`(%rsp),$xi[1] + xor $d,$t0 + rol \$5,$t2 + xor `4*(($j+8)%16)`(%rsp),$xi[1] + and $b,$t0 + lea 0x5a827999($xi[0],$e),$e + xor `4*(($j+13)%16)`(%rsp),$xi[1] + xor $d,$t0 + rol \$1,$xi[1] + add $t2,$e + rol \$30,$b + mov $xi[1],`4*($j%16)`(%rsp) + add $t0,$e +___ +unshift(@xi,pop(@xi)); +} + +sub BODY_20_39 { +my ($i,$a,$b,$c,$d,$e)=@_; +my $j=$i+1; +my $K=($i<40)?0x6ed9eba1:0xca62c1d6; +$code.=<<___ if ($i<79); + mov `4*($j%16)`(%rsp),$xi[1] + mov $c,$t0 + mov $a,$t2 + xor `4*(($j+2)%16)`(%rsp),$xi[1] + xor $b,$t0 + rol \$5,$t2 + lea $K($xi[0],$e),$e + xor `4*(($j+8)%16)`(%rsp),$xi[1] + xor $d,$t0 + add $t2,$e + xor `4*(($j+13)%16)`(%rsp),$xi[1] + rol \$30,$b + add $t0,$e + rol \$1,$xi[1] +___ +$code.=<<___ if ($i<76); + mov $xi[1],`4*($j%16)`(%rsp) +___ +$code.=<<___ if ($i==79); + mov $c,$t0 + mov $a,$t2 + xor $b,$t0 + lea $K($xi[0],$e),$e + rol \$5,$t2 + xor $d,$t0 + add $t2,$e + rol \$30,$b + add $t0,$e +___ +unshift(@xi,pop(@xi)); +} + +sub BODY_40_59 { +my ($i,$a,$b,$c,$d,$e)=@_; +my $j=$i+1; +$code.=<<___; + mov `4*($j%16)`(%rsp),$xi[1] + mov $c,$t0 + mov $c,$t1 + xor `4*(($j+2)%16)`(%rsp),$xi[1] + and $d,$t0 + mov $a,$t2 + xor `4*(($j+8)%16)`(%rsp),$xi[1] + xor $d,$t1 + lea 0x8f1bbcdc($xi[0],$e),$e + rol \$5,$t2 + xor `4*(($j+13)%16)`(%rsp),$xi[1] + add $t0,$e + and $b,$t1 + rol \$1,$xi[1] + add $t1,$e + rol \$30,$b + mov $xi[1],`4*($j%16)`(%rsp) + add $t2,$e +___ +unshift(@xi,pop(@xi)); +} + +$code.=<<___; +.text +.extern OPENSSL_ia32cap_P +.hidden OPENSSL_ia32cap_P + +.globl sha1_block_data_order +.type sha1_block_data_order,\@function,3 +.align 16 +sha1_block_data_order: + mov OPENSSL_ia32cap_P+0(%rip),%r9d + mov OPENSSL_ia32cap_P+4(%rip),%r8d + test \$IA32CAP_MASK1_SSSE3,%r8d # check SSSE3 bit + jz .Lialu +___ +$code.=<<___ if ($avx); + and \$IA32CAP_MASK1_AVX,%r8d # mask AVX bit + and \$IA32CAP_MASK0_INTEL,%r9d # mask "Intel CPU" bit + or %r9d,%r8d + cmp \$(IA32CAP_MASK0_INTEL | IA32CAP_MASK1_AVX),%r8d + je _avx_shortcut +___ +$code.=<<___; + jmp _ssse3_shortcut + +.align 16 +.Lialu: + push %rbx + push %rbp + push %r12 + push %r13 + mov %rsp,%r11 + mov %rdi,$ctx # reassigned argument + sub \$`8+16*4`,%rsp + mov %rsi,$inp # reassigned argument + and \$-64,%rsp + mov %rdx,$num # reassigned argument + mov %r11,`16*4`(%rsp) +.Lprologue: + + mov 0($ctx),$A + mov 4($ctx),$B + mov 8($ctx),$C + mov 12($ctx),$D + mov 16($ctx),$E + jmp .Lloop + +.align 16 +.Lloop: +___ +for($i=0;$i<20;$i++) { &BODY_00_19($i,@V); unshift(@V,pop(@V)); } +for(;$i<40;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } +for(;$i<60;$i++) { &BODY_40_59($i,@V); unshift(@V,pop(@V)); } +for(;$i<80;$i++) { &BODY_20_39($i,@V); unshift(@V,pop(@V)); } +$code.=<<___; + add 0($ctx),$A + add 4($ctx),$B + add 8($ctx),$C + add 12($ctx),$D + add 16($ctx),$E + mov $A,0($ctx) + mov $B,4($ctx) + mov $C,8($ctx) + mov $D,12($ctx) + mov $E,16($ctx) + + sub \$1,$num + lea `16*4`($inp),$inp + jnz .Lloop + + mov `16*4`(%rsp),%rsi + mov (%rsi),%r13 + mov 8(%rsi),%r12 + mov 16(%rsi),%rbp + mov 24(%rsi),%rbx + lea 32(%rsi),%rsp +.Lepilogue: + ret +.size sha1_block_data_order,.-sha1_block_data_order +___ +{{{ +my $Xi=4; +my @X=map("%xmm$_",(4..7,0..3)); +my @Tx=map("%xmm$_",(8..10)); +my @V=($A,$B,$C,$D,$E)=("%eax","%ebx","%ecx","%edx","%ebp"); # size optimization +my @T=("%esi","%edi"); +my $j=0; +my $K_XX_XX="%r11"; + +my $_rol=sub { &rol(@_) }; +my $_ror=sub { &ror(@_) }; + +$code.=<<___; +.type sha1_block_data_order_ssse3,\@function,3 +.align 16 +sha1_block_data_order_ssse3: +_ssse3_shortcut: + push %rbx + push %rbp + push %r12 + lea `-64-($win64?5*16:0)`(%rsp),%rsp +___ +$code.=<<___ if ($win64); + movaps %xmm6,64+0(%rsp) + movaps %xmm7,64+16(%rsp) + movaps %xmm8,64+32(%rsp) + movaps %xmm9,64+48(%rsp) + movaps %xmm10,64+64(%rsp) +.Lprologue_ssse3: +___ +$code.=<<___; + mov %rdi,$ctx # reassigned argument + mov %rsi,$inp # reassigned argument + mov %rdx,$num # reassigned argument + + shl \$6,$num + add $inp,$num + lea K_XX_XX(%rip),$K_XX_XX + + mov 0($ctx),$A # load context + mov 4($ctx),$B + mov 8($ctx),$C + mov 12($ctx),$D + mov $B,@T[0] # magic seed + mov 16($ctx),$E + + movdqa 64($K_XX_XX),@X[2] # pbswap mask + movdqa 0($K_XX_XX),@Tx[1] # K_00_19 + movdqu 0($inp),@X[-4&7] # load input to %xmm[0-3] + movdqu 16($inp),@X[-3&7] + movdqu 32($inp),@X[-2&7] + movdqu 48($inp),@X[-1&7] + pshufb @X[2],@X[-4&7] # byte swap + add \$64,$inp + pshufb @X[2],@X[-3&7] + pshufb @X[2],@X[-2&7] + pshufb @X[2],@X[-1&7] + paddd @Tx[1],@X[-4&7] # add K_00_19 + paddd @Tx[1],@X[-3&7] + paddd @Tx[1],@X[-2&7] + movdqa @X[-4&7],0(%rsp) # X[]+K xfer to IALU + psubd @Tx[1],@X[-4&7] # restore X[] + movdqa @X[-3&7],16(%rsp) + psubd @Tx[1],@X[-3&7] + movdqa @X[-2&7],32(%rsp) + psubd @Tx[1],@X[-2&7] + jmp .Loop_ssse3 +___ + +sub AUTOLOAD() # thunk [simplified] 32-bit style perlasm +{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://; + my $arg = pop; + $arg = "\$$arg" if ($arg*1 eq $arg); + $code .= "\t$opcode\t".join(',',$arg,reverse @_)."\n"; +} + +sub Xupdate_ssse3_16_31() # recall that $Xi starts wtih 4 +{ use integer; + my $body = shift; + my @insns = (&$body,&$body,&$body,&$body); # 40 instructions + my ($a,$b,$c,$d,$e); + + &movdqa (@X[0],@X[-3&7]); + eval(shift(@insns)); + eval(shift(@insns)); + &movdqa (@Tx[0],@X[-1&7]); + &palignr(@X[0],@X[-4&7],8); # compose "X[-14]" in "X[0]" + eval(shift(@insns)); + eval(shift(@insns)); + + &paddd (@Tx[1],@X[-1&7]); + eval(shift(@insns)); + eval(shift(@insns)); + &psrldq (@Tx[0],4); # "X[-3]", 3 dwords + eval(shift(@insns)); + eval(shift(@insns)); + &pxor (@X[0],@X[-4&7]); # "X[0]"^="X[-16]" + eval(shift(@insns)); + eval(shift(@insns)); + + &pxor (@Tx[0],@X[-2&7]); # "X[-3]"^"X[-8]" + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + + &pxor (@X[0],@Tx[0]); # "X[0]"^="X[-3]"^"X[-8]" + eval(shift(@insns)); + eval(shift(@insns)); + &movdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer to IALU + eval(shift(@insns)); + eval(shift(@insns)); + + &movdqa (@Tx[2],@X[0]); + &movdqa (@Tx[0],@X[0]); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + + &pslldq (@Tx[2],12); # "X[0]"<<96, extract one dword + &paddd (@X[0],@X[0]); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + + &psrld (@Tx[0],31); + eval(shift(@insns)); + eval(shift(@insns)); + &movdqa (@Tx[1],@Tx[2]); + eval(shift(@insns)); + eval(shift(@insns)); + + &psrld (@Tx[2],30); + &por (@X[0],@Tx[0]); # "X[0]"<<<=1 + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + + &pslld (@Tx[1],2); + &pxor (@X[0],@Tx[2]); + eval(shift(@insns)); + eval(shift(@insns)); + &movdqa (@Tx[2],eval(16*(($Xi)/5))."($K_XX_XX)"); # K_XX_XX + eval(shift(@insns)); + eval(shift(@insns)); + + &pxor (@X[0],@Tx[1]); # "X[0]"^=("X[0]">>96)<<<2 + + foreach (@insns) { eval; } # remaining instructions [if any] + + $Xi++; push(@X,shift(@X)); # "rotate" X[] + push(@Tx,shift(@Tx)); +} + +sub Xupdate_ssse3_32_79() +{ use integer; + my $body = shift; + my @insns = (&$body,&$body,&$body,&$body); # 32 to 48 instructions + my ($a,$b,$c,$d,$e); + + &movdqa (@Tx[0],@X[-1&7]) if ($Xi==8); + eval(shift(@insns)); # body_20_39 + &pxor (@X[0],@X[-4&7]); # "X[0]"="X[-32]"^"X[-16]" + &palignr(@Tx[0],@X[-2&7],8); # compose "X[-6]" + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); # rol + + &pxor (@X[0],@X[-7&7]); # "X[0]"^="X[-28]" + eval(shift(@insns)); + eval(shift(@insns)) if (@insns[0] !~ /&ro[rl]/); + if ($Xi%5) { + &movdqa (@Tx[2],@Tx[1]);# "perpetuate" K_XX_XX... + } else { # ... or load next one + &movdqa (@Tx[2],eval(16*($Xi/5))."($K_XX_XX)"); + } + &paddd (@Tx[1],@X[-1&7]); + eval(shift(@insns)); # ror + eval(shift(@insns)); + + &pxor (@X[0],@Tx[0]); # "X[0]"^="X[-6]" + eval(shift(@insns)); # body_20_39 + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); # rol + + &movdqa (@Tx[0],@X[0]); + &movdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer to IALU + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); # ror + eval(shift(@insns)); + + &pslld (@X[0],2); + eval(shift(@insns)); # body_20_39 + eval(shift(@insns)); + &psrld (@Tx[0],30); + eval(shift(@insns)); + eval(shift(@insns)); # rol + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); # ror + eval(shift(@insns)); + + &por (@X[0],@Tx[0]); # "X[0]"<<<=2 + eval(shift(@insns)); # body_20_39 + eval(shift(@insns)); + &movdqa (@Tx[1],@X[0]) if ($Xi<19); + eval(shift(@insns)); + eval(shift(@insns)); # rol + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); # rol + eval(shift(@insns)); + + foreach (@insns) { eval; } # remaining instructions + + $Xi++; push(@X,shift(@X)); # "rotate" X[] + push(@Tx,shift(@Tx)); +} + +sub Xuplast_ssse3_80() +{ use integer; + my $body = shift; + my @insns = (&$body,&$body,&$body,&$body); # 32 instructions + my ($a,$b,$c,$d,$e); + + eval(shift(@insns)); + &paddd (@Tx[1],@X[-1&7]); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + + &movdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer IALU + + foreach (@insns) { eval; } # remaining instructions + + &cmp ($inp,$num); + &je (".Ldone_ssse3"); + + unshift(@Tx,pop(@Tx)); + + &movdqa (@X[2],"64($K_XX_XX)"); # pbswap mask + &movdqa (@Tx[1],"0($K_XX_XX)"); # K_00_19 + &movdqu (@X[-4&7],"0($inp)"); # load input + &movdqu (@X[-3&7],"16($inp)"); + &movdqu (@X[-2&7],"32($inp)"); + &movdqu (@X[-1&7],"48($inp)"); + &pshufb (@X[-4&7],@X[2]); # byte swap + &add ($inp,64); + + $Xi=0; +} + +sub Xloop_ssse3() +{ use integer; + my $body = shift; + my @insns = (&$body,&$body,&$body,&$body); # 32 instructions + my ($a,$b,$c,$d,$e); + + eval(shift(@insns)); + eval(shift(@insns)); + &pshufb (@X[($Xi-3)&7],@X[2]); + eval(shift(@insns)); + eval(shift(@insns)); + &paddd (@X[($Xi-4)&7],@Tx[1]); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + &movdqa (eval(16*$Xi)."(%rsp)",@X[($Xi-4)&7]); # X[]+K xfer to IALU + eval(shift(@insns)); + eval(shift(@insns)); + &psubd (@X[($Xi-4)&7],@Tx[1]); + + foreach (@insns) { eval; } + $Xi++; +} + +sub Xtail_ssse3() +{ use integer; + my $body = shift; + my @insns = (&$body,&$body,&$body,&$body); # 32 instructions + my ($a,$b,$c,$d,$e); + + foreach (@insns) { eval; } +} + +sub body_00_19 () { + ( + '($a,$b,$c,$d,$e)=@V;'. + '&add ($e,eval(4*($j&15))."(%rsp)");', # X[]+K xfer + '&xor ($c,$d);', + '&mov (@T[1],$a);', # $b in next round + '&$_rol ($a,5);', + '&and (@T[0],$c);', # ($b&($c^$d)) + '&xor ($c,$d);', # restore $c + '&xor (@T[0],$d);', + '&add ($e,$a);', + '&$_ror ($b,$j?7:2);', # $b>>>2 + '&add ($e,@T[0]);' .'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));' + ); +} + +sub body_20_39 () { + ( + '($a,$b,$c,$d,$e)=@V;'. + '&add ($e,eval(4*($j++&15))."(%rsp)");', # X[]+K xfer + '&xor (@T[0],$d);', # ($b^$d) + '&mov (@T[1],$a);', # $b in next round + '&$_rol ($a,5);', + '&xor (@T[0],$c);', # ($b^$d^$c) + '&add ($e,$a);', + '&$_ror ($b,7);', # $b>>>2 + '&add ($e,@T[0]);' .'unshift(@V,pop(@V)); unshift(@T,pop(@T));' + ); +} + +sub body_40_59 () { + ( + '($a,$b,$c,$d,$e)=@V;'. + '&mov (@T[1],$c);', + '&xor ($c,$d);', + '&add ($e,eval(4*($j++&15))."(%rsp)");', # X[]+K xfer + '&and (@T[1],$d);', + '&and (@T[0],$c);', # ($b&($c^$d)) + '&$_ror ($b,7);', # $b>>>2 + '&add ($e,@T[1]);', + '&mov (@T[1],$a);', # $b in next round + '&$_rol ($a,5);', + '&add ($e,@T[0]);', + '&xor ($c,$d);', # restore $c + '&add ($e,$a);' .'unshift(@V,pop(@V)); unshift(@T,pop(@T));' + ); +} +$code.=<<___; +.align 16 +.Loop_ssse3: +___ + &Xupdate_ssse3_16_31(\&body_00_19); + &Xupdate_ssse3_16_31(\&body_00_19); + &Xupdate_ssse3_16_31(\&body_00_19); + &Xupdate_ssse3_16_31(\&body_00_19); + &Xupdate_ssse3_32_79(\&body_00_19); + &Xupdate_ssse3_32_79(\&body_20_39); + &Xupdate_ssse3_32_79(\&body_20_39); + &Xupdate_ssse3_32_79(\&body_20_39); + &Xupdate_ssse3_32_79(\&body_20_39); + &Xupdate_ssse3_32_79(\&body_20_39); + &Xupdate_ssse3_32_79(\&body_40_59); + &Xupdate_ssse3_32_79(\&body_40_59); + &Xupdate_ssse3_32_79(\&body_40_59); + &Xupdate_ssse3_32_79(\&body_40_59); + &Xupdate_ssse3_32_79(\&body_40_59); + &Xupdate_ssse3_32_79(\&body_20_39); + &Xuplast_ssse3_80(\&body_20_39); # can jump to "done" + + $saved_j=$j; @saved_V=@V; + + &Xloop_ssse3(\&body_20_39); + &Xloop_ssse3(\&body_20_39); + &Xloop_ssse3(\&body_20_39); + +$code.=<<___; + add 0($ctx),$A # update context + add 4($ctx),@T[0] + add 8($ctx),$C + add 12($ctx),$D + mov $A,0($ctx) + add 16($ctx),$E + mov @T[0],4($ctx) + mov @T[0],$B # magic seed + mov $C,8($ctx) + mov $D,12($ctx) + mov $E,16($ctx) + jmp .Loop_ssse3 + +.align 16 +.Ldone_ssse3: +___ + $j=$saved_j; @V=@saved_V; + + &Xtail_ssse3(\&body_20_39); + &Xtail_ssse3(\&body_20_39); + &Xtail_ssse3(\&body_20_39); + +$code.=<<___; + add 0($ctx),$A # update context + add 4($ctx),@T[0] + add 8($ctx),$C + mov $A,0($ctx) + add 12($ctx),$D + mov @T[0],4($ctx) + add 16($ctx),$E + mov $C,8($ctx) + mov $D,12($ctx) + mov $E,16($ctx) +___ +$code.=<<___ if ($win64); + movaps 64+0(%rsp),%xmm6 + movaps 64+16(%rsp),%xmm7 + movaps 64+32(%rsp),%xmm8 + movaps 64+48(%rsp),%xmm9 + movaps 64+64(%rsp),%xmm10 +___ +$code.=<<___; + lea `64+($win64?5*16:0)`(%rsp),%rsi + mov 0(%rsi),%r12 + mov 8(%rsi),%rbp + mov 16(%rsi),%rbx + lea 24(%rsi),%rsp +.Lepilogue_ssse3: + ret +.size sha1_block_data_order_ssse3,.-sha1_block_data_order_ssse3 +___ + +if ($avx) { +my $Xi=4; +my @X=map("%xmm$_",(4..7,0..3)); +my @Tx=map("%xmm$_",(8..10)); +my @V=($A,$B,$C,$D,$E)=("%eax","%ebx","%ecx","%edx","%ebp"); # size optimization +my @T=("%esi","%edi"); +my $j=0; +my $K_XX_XX="%r11"; + +my $_rol=sub { &shld(@_[0],@_) }; +my $_ror=sub { &shrd(@_[0],@_) }; + +$code.=<<___; +.type sha1_block_data_order_avx,\@function,3 +.align 16 +sha1_block_data_order_avx: +_avx_shortcut: + push %rbx + push %rbp + push %r12 + lea `-64-($win64?5*16:0)`(%rsp),%rsp +___ +$code.=<<___ if ($win64); + movaps %xmm6,64+0(%rsp) + movaps %xmm7,64+16(%rsp) + movaps %xmm8,64+32(%rsp) + movaps %xmm9,64+48(%rsp) + movaps %xmm10,64+64(%rsp) +.Lprologue_avx: +___ +$code.=<<___; + mov %rdi,$ctx # reassigned argument + mov %rsi,$inp # reassigned argument + mov %rdx,$num # reassigned argument + vzeroupper + + shl \$6,$num + add $inp,$num + lea K_XX_XX(%rip),$K_XX_XX + + mov 0($ctx),$A # load context + mov 4($ctx),$B + mov 8($ctx),$C + mov 12($ctx),$D + mov $B,@T[0] # magic seed + mov 16($ctx),$E + + vmovdqa 64($K_XX_XX),@X[2] # pbswap mask + vmovdqa 0($K_XX_XX),@Tx[1] # K_00_19 + vmovdqu 0($inp),@X[-4&7] # load input to %xmm[0-3] + vmovdqu 16($inp),@X[-3&7] + vmovdqu 32($inp),@X[-2&7] + vmovdqu 48($inp),@X[-1&7] + vpshufb @X[2],@X[-4&7],@X[-4&7] # byte swap + add \$64,$inp + vpshufb @X[2],@X[-3&7],@X[-3&7] + vpshufb @X[2],@X[-2&7],@X[-2&7] + vpshufb @X[2],@X[-1&7],@X[-1&7] + vpaddd @Tx[1],@X[-4&7],@X[0] # add K_00_19 + vpaddd @Tx[1],@X[-3&7],@X[1] + vpaddd @Tx[1],@X[-2&7],@X[2] + vmovdqa @X[0],0(%rsp) # X[]+K xfer to IALU + vmovdqa @X[1],16(%rsp) + vmovdqa @X[2],32(%rsp) + jmp .Loop_avx +___ + +sub Xupdate_avx_16_31() # recall that $Xi starts wtih 4 +{ use integer; + my $body = shift; + my @insns = (&$body,&$body,&$body,&$body); # 40 instructions + my ($a,$b,$c,$d,$e); + + eval(shift(@insns)); + eval(shift(@insns)); + &vpalignr(@X[0],@X[-3&7],@X[-4&7],8); # compose "X[-14]" in "X[0]" + eval(shift(@insns)); + eval(shift(@insns)); + + &vpaddd (@Tx[1],@Tx[1],@X[-1&7]); + eval(shift(@insns)); + eval(shift(@insns)); + &vpsrldq(@Tx[0],@X[-1&7],4); # "X[-3]", 3 dwords + eval(shift(@insns)); + eval(shift(@insns)); + &vpxor (@X[0],@X[0],@X[-4&7]); # "X[0]"^="X[-16]" + eval(shift(@insns)); + eval(shift(@insns)); + + &vpxor (@Tx[0],@Tx[0],@X[-2&7]); # "X[-3]"^"X[-8]" + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + + &vpxor (@X[0],@X[0],@Tx[0]); # "X[0]"^="X[-3]"^"X[-8]" + eval(shift(@insns)); + eval(shift(@insns)); + &vmovdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer to IALU + eval(shift(@insns)); + eval(shift(@insns)); + + &vpsrld (@Tx[0],@X[0],31); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + + &vpslldq(@Tx[2],@X[0],12); # "X[0]"<<96, extract one dword + &vpaddd (@X[0],@X[0],@X[0]); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + + &vpsrld (@Tx[1],@Tx[2],30); + &vpor (@X[0],@X[0],@Tx[0]); # "X[0]"<<<=1 + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + + &vpslld (@Tx[2],@Tx[2],2); + &vpxor (@X[0],@X[0],@Tx[1]); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + + &vpxor (@X[0],@X[0],@Tx[2]); # "X[0]"^=("X[0]">>96)<<<2 + eval(shift(@insns)); + eval(shift(@insns)); + &vmovdqa (@Tx[2],eval(16*(($Xi)/5))."($K_XX_XX)"); # K_XX_XX + eval(shift(@insns)); + eval(shift(@insns)); + + + foreach (@insns) { eval; } # remaining instructions [if any] + + $Xi++; push(@X,shift(@X)); # "rotate" X[] + push(@Tx,shift(@Tx)); +} + +sub Xupdate_avx_32_79() +{ use integer; + my $body = shift; + my @insns = (&$body,&$body,&$body,&$body); # 32 to 48 instructions + my ($a,$b,$c,$d,$e); + + &vpalignr(@Tx[0],@X[-1&7],@X[-2&7],8); # compose "X[-6]" + &vpxor (@X[0],@X[0],@X[-4&7]); # "X[0]"="X[-32]"^"X[-16]" + eval(shift(@insns)); # body_20_39 + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); # rol + + &vpxor (@X[0],@X[0],@X[-7&7]); # "X[0]"^="X[-28]" + eval(shift(@insns)); + eval(shift(@insns)) if (@insns[0] !~ /&ro[rl]/); + if ($Xi%5) { + &vmovdqa (@Tx[2],@Tx[1]);# "perpetuate" K_XX_XX... + } else { # ... or load next one + &vmovdqa (@Tx[2],eval(16*($Xi/5))."($K_XX_XX)"); + } + &vpaddd (@Tx[1],@Tx[1],@X[-1&7]); + eval(shift(@insns)); # ror + eval(shift(@insns)); + + &vpxor (@X[0],@X[0],@Tx[0]); # "X[0]"^="X[-6]" + eval(shift(@insns)); # body_20_39 + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); # rol + + &vpsrld (@Tx[0],@X[0],30); + &vmovdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer to IALU + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); # ror + eval(shift(@insns)); + + &vpslld (@X[0],@X[0],2); + eval(shift(@insns)); # body_20_39 + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); # rol + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); # ror + eval(shift(@insns)); + + &vpor (@X[0],@X[0],@Tx[0]); # "X[0]"<<<=2 + eval(shift(@insns)); # body_20_39 + eval(shift(@insns)); + &vmovdqa (@Tx[1],@X[0]) if ($Xi<19); + eval(shift(@insns)); + eval(shift(@insns)); # rol + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); # rol + eval(shift(@insns)); + + foreach (@insns) { eval; } # remaining instructions + + $Xi++; push(@X,shift(@X)); # "rotate" X[] + push(@Tx,shift(@Tx)); +} + +sub Xuplast_avx_80() +{ use integer; + my $body = shift; + my @insns = (&$body,&$body,&$body,&$body); # 32 instructions + my ($a,$b,$c,$d,$e); + + eval(shift(@insns)); + &vpaddd (@Tx[1],@Tx[1],@X[-1&7]); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + + &movdqa (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer IALU + + foreach (@insns) { eval; } # remaining instructions + + &cmp ($inp,$num); + &je (".Ldone_avx"); + + unshift(@Tx,pop(@Tx)); + + &vmovdqa(@X[2],"64($K_XX_XX)"); # pbswap mask + &vmovdqa(@Tx[1],"0($K_XX_XX)"); # K_00_19 + &vmovdqu(@X[-4&7],"0($inp)"); # load input + &vmovdqu(@X[-3&7],"16($inp)"); + &vmovdqu(@X[-2&7],"32($inp)"); + &vmovdqu(@X[-1&7],"48($inp)"); + &vpshufb(@X[-4&7],@X[-4&7],@X[2]); # byte swap + &add ($inp,64); + + $Xi=0; +} + +sub Xloop_avx() +{ use integer; + my $body = shift; + my @insns = (&$body,&$body,&$body,&$body); # 32 instructions + my ($a,$b,$c,$d,$e); + + eval(shift(@insns)); + eval(shift(@insns)); + &vpshufb(@X[($Xi-3)&7],@X[($Xi-3)&7],@X[2]); + eval(shift(@insns)); + eval(shift(@insns)); + &vpaddd (@X[$Xi&7],@X[($Xi-4)&7],@Tx[1]); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + eval(shift(@insns)); + &vmovdqa(eval(16*$Xi)."(%rsp)",@X[$Xi&7]); # X[]+K xfer to IALU + eval(shift(@insns)); + eval(shift(@insns)); + + foreach (@insns) { eval; } + $Xi++; +} + +sub Xtail_avx() +{ use integer; + my $body = shift; + my @insns = (&$body,&$body,&$body,&$body); # 32 instructions + my ($a,$b,$c,$d,$e); + + foreach (@insns) { eval; } +} + +$code.=<<___; +.align 16 +.Loop_avx: +___ + &Xupdate_avx_16_31(\&body_00_19); + &Xupdate_avx_16_31(\&body_00_19); + &Xupdate_avx_16_31(\&body_00_19); + &Xupdate_avx_16_31(\&body_00_19); + &Xupdate_avx_32_79(\&body_00_19); + &Xupdate_avx_32_79(\&body_20_39); + &Xupdate_avx_32_79(\&body_20_39); + &Xupdate_avx_32_79(\&body_20_39); + &Xupdate_avx_32_79(\&body_20_39); + &Xupdate_avx_32_79(\&body_20_39); + &Xupdate_avx_32_79(\&body_40_59); + &Xupdate_avx_32_79(\&body_40_59); + &Xupdate_avx_32_79(\&body_40_59); + &Xupdate_avx_32_79(\&body_40_59); + &Xupdate_avx_32_79(\&body_40_59); + &Xupdate_avx_32_79(\&body_20_39); + &Xuplast_avx_80(\&body_20_39); # can jump to "done" + + $saved_j=$j; @saved_V=@V; + + &Xloop_avx(\&body_20_39); + &Xloop_avx(\&body_20_39); + &Xloop_avx(\&body_20_39); + +$code.=<<___; + add 0($ctx),$A # update context + add 4($ctx),@T[0] + add 8($ctx),$C + add 12($ctx),$D + mov $A,0($ctx) + add 16($ctx),$E + mov @T[0],4($ctx) + mov @T[0],$B # magic seed + mov $C,8($ctx) + mov $D,12($ctx) + mov $E,16($ctx) + jmp .Loop_avx + +.align 16 +.Ldone_avx: +___ + $j=$saved_j; @V=@saved_V; + + &Xtail_avx(\&body_20_39); + &Xtail_avx(\&body_20_39); + &Xtail_avx(\&body_20_39); + +$code.=<<___; + vzeroupper + + add 0($ctx),$A # update context + add 4($ctx),@T[0] + add 8($ctx),$C + mov $A,0($ctx) + add 12($ctx),$D + mov @T[0],4($ctx) + add 16($ctx),$E + mov $C,8($ctx) + mov $D,12($ctx) + mov $E,16($ctx) +___ +$code.=<<___ if ($win64); + movaps 64+0(%rsp),%xmm6 + movaps 64+16(%rsp),%xmm7 + movaps 64+32(%rsp),%xmm8 + movaps 64+48(%rsp),%xmm9 + movaps 64+64(%rsp),%xmm10 +___ +$code.=<<___; + lea `64+($win64?5*16:0)`(%rsp),%rsi + mov 0(%rsi),%r12 + mov 8(%rsi),%rbp + mov 16(%rsi),%rbx + lea 24(%rsi),%rsp +.Lepilogue_avx: + ret +.size sha1_block_data_order_avx,.-sha1_block_data_order_avx +___ +} +$code.=<<___; +.align 64 +K_XX_XX: +.long 0x5a827999,0x5a827999,0x5a827999,0x5a827999 # K_00_19 +.long 0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1 # K_20_39 +.long 0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc # K_40_59 +.long 0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6 # K_60_79 +.long 0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f # pbswap mask +___ +}}} +$code.=<<___; +.asciz "SHA1 block transform for x86_64, CRYPTOGAMS by " +.align 64 +___ + +# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, +# CONTEXT *context,DISPATCHER_CONTEXT *disp) +if ($win64) { +$rec="%rcx"; +$frame="%rdx"; +$context="%r8"; +$disp="%r9"; + +$code.=<<___; +.extern __imp_RtlVirtualUnwind +.type se_handler,\@abi-omnipotent +.align 16 +se_handler: + push %rsi + push %rdi + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + pushfq + sub \$64,%rsp + + mov 120($context),%rax # pull context->Rax + mov 248($context),%rbx # pull context->Rip + + lea .Lprologue(%rip),%r10 + cmp %r10,%rbx # context->Rip<.Lprologue + jb .Lcommon_seh_tail + + mov 152($context),%rax # pull context->Rsp + + lea .Lepilogue(%rip),%r10 + cmp %r10,%rbx # context->Rip>=.Lepilogue + jae .Lcommon_seh_tail + + mov `16*4`(%rax),%rax # pull saved stack pointer + lea 32(%rax),%rax + + mov -8(%rax),%rbx + mov -16(%rax),%rbp + mov -24(%rax),%r12 + mov -32(%rax),%r13 + mov %rbx,144($context) # restore context->Rbx + mov %rbp,160($context) # restore context->Rbp + mov %r12,216($context) # restore context->R12 + mov %r13,224($context) # restore context->R13 + + jmp .Lcommon_seh_tail +.size se_handler,.-se_handler + +.type ssse3_handler,\@abi-omnipotent +.align 16 +ssse3_handler: + push %rsi + push %rdi + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + pushfq + sub \$64,%rsp + + mov 120($context),%rax # pull context->Rax + mov 248($context),%rbx # pull context->Rip + + mov 8($disp),%rsi # disp->ImageBase + mov 56($disp),%r11 # disp->HandlerData + + mov 0(%r11),%r10d # HandlerData[0] + lea (%rsi,%r10),%r10 # prologue label + cmp %r10,%rbx # context->RipRsp + + mov 4(%r11),%r10d # HandlerData[1] + lea (%rsi,%r10),%r10 # epilogue label + cmp %r10,%rbx # context->Rip>=epilogue label + jae .Lcommon_seh_tail + + lea 64(%rax),%rsi + lea 512($context),%rdi # &context.Xmm6 + mov \$10,%ecx + .long 0xa548f3fc # cld; rep movsq + lea `24+64+5*16`(%rax),%rax # adjust stack pointer + + mov -8(%rax),%rbx + mov -16(%rax),%rbp + mov -24(%rax),%r12 + mov %rbx,144($context) # restore context->Rbx + mov %rbp,160($context) # restore context->Rbp + mov %r12,216($context) # restore cotnext->R12 + +.Lcommon_seh_tail: + mov 8(%rax),%rdi + mov 16(%rax),%rsi + mov %rax,152($context) # restore context->Rsp + mov %rsi,168($context) # restore context->Rsi + mov %rdi,176($context) # restore context->Rdi + + mov 40($disp),%rdi # disp->ContextRecord + mov $context,%rsi # context + mov \$154,%ecx # sizeof(CONTEXT) + .long 0xa548f3fc # cld; rep movsq + + mov $disp,%rsi + xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER + mov 8(%rsi),%rdx # arg2, disp->ImageBase + mov 0(%rsi),%r8 # arg3, disp->ControlPc + mov 16(%rsi),%r9 # arg4, disp->FunctionEntry + mov 40(%rsi),%r10 # disp->ContextRecord + lea 56(%rsi),%r11 # &disp->HandlerData + lea 24(%rsi),%r12 # &disp->EstablisherFrame + mov %r10,32(%rsp) # arg5 + mov %r11,40(%rsp) # arg6 + mov %r12,48(%rsp) # arg7 + mov %rcx,56(%rsp) # arg8, (NULL) + call *__imp_RtlVirtualUnwind(%rip) + + mov \$1,%eax # ExceptionContinueSearch + add \$64,%rsp + popfq + pop %r15 + pop %r14 + pop %r13 + pop %r12 + pop %rbp + pop %rbx + pop %rdi + pop %rsi + ret +.size ssse3_handler,.-ssse3_handler + +.section .pdata +.align 4 + .rva .LSEH_begin_sha1_block_data_order + .rva .LSEH_end_sha1_block_data_order + .rva .LSEH_info_sha1_block_data_order + .rva .LSEH_begin_sha1_block_data_order_ssse3 + .rva .LSEH_end_sha1_block_data_order_ssse3 + .rva .LSEH_info_sha1_block_data_order_ssse3 +___ +$code.=<<___ if ($avx); + .rva .LSEH_begin_sha1_block_data_order_avx + .rva .LSEH_end_sha1_block_data_order_avx + .rva .LSEH_info_sha1_block_data_order_avx +___ +$code.=<<___; +.section .xdata +.align 8 +.LSEH_info_sha1_block_data_order: + .byte 9,0,0,0 + .rva se_handler +.LSEH_info_sha1_block_data_order_ssse3: + .byte 9,0,0,0 + .rva ssse3_handler + .rva .Lprologue_ssse3,.Lepilogue_ssse3 # HandlerData[] +___ +$code.=<<___ if ($avx); +.LSEH_info_sha1_block_data_order_avx: + .byte 9,0,0,0 + .rva ssse3_handler + .rva .Lprologue_avx,.Lepilogue_avx # HandlerData[] +___ +} + +#################################################################### + +$code =~ s/\`([^\`]*)\`/eval $1/gem; +print $code; +close STDOUT; diff --git a/src/lib/libcrypto/sha/asm/sha256-586.pl b/src/lib/libcrypto/sha/asm/sha256-586.pl new file mode 100644 index 00000000000..928ec53123b --- /dev/null +++ b/src/lib/libcrypto/sha/asm/sha256-586.pl @@ -0,0 +1,249 @@ +#!/usr/bin/env perl +# +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== +# +# SHA256 block transform for x86. September 2007. +# +# Performance in clock cycles per processed byte (less is better): +# +# Pentium PIII P4 AMD K8 Core2 +# gcc 46 36 41 27 26 +# icc 57 33 38 25 23 +# x86 asm 40 30 33 20 18 +# x86_64 asm(*) - - 21 16 16 +# +# (*) x86_64 assembler performance is presented for reference +# purposes. +# +# Performance improvement over compiler generated code varies from +# 10% to 40% [see above]. Not very impressive on some µ-archs, but +# it's 5 times smaller and optimizies amount of writes. + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +push(@INC,"${dir}","${dir}../../perlasm"); +require "x86asm.pl"; + +&asm_init($ARGV[0],"sha512-586.pl",$ARGV[$#ARGV] eq "386"); + +$A="eax"; +$E="edx"; +$T="ebx"; +$Aoff=&DWP(0,"esp"); +$Boff=&DWP(4,"esp"); +$Coff=&DWP(8,"esp"); +$Doff=&DWP(12,"esp"); +$Eoff=&DWP(16,"esp"); +$Foff=&DWP(20,"esp"); +$Goff=&DWP(24,"esp"); +$Hoff=&DWP(28,"esp"); +$Xoff=&DWP(32,"esp"); +$K256="ebp"; + +sub BODY_00_15() { + my $in_16_63=shift; + + &mov ("ecx",$E); + &add ($T,"edi") if ($in_16_63); # T += sigma1(X[-2]) + &ror ("ecx",25-11); + &mov ("esi",$Foff); + &xor ("ecx",$E); + &ror ("ecx",11-6); + &mov (&DWP(4*(8+15),"esp"),$T) if ($in_16_63); # save X[0] + &xor ("ecx",$E); + &ror ("ecx",6); # Sigma1(e) + &mov ("edi",$Goff); + &add ($T,"ecx"); # T += Sigma1(e) + + &xor ("esi","edi"); + &mov ($Eoff,$E); # modulo-scheduled + &mov ("ecx",$A); + &and ("esi",$E); + &mov ($E,$Doff); # e becomes d, which is e in next iteration + &xor ("esi","edi"); # Ch(e,f,g) + &mov ("edi",$A); + &add ($T,"esi"); # T += Ch(e,f,g) + + &ror ("ecx",22-13); + &add ($T,$Hoff); # T += h + &xor ("ecx",$A); + &ror ("ecx",13-2); + &mov ("esi",$Boff); + &xor ("ecx",$A); + &ror ("ecx",2); # Sigma0(a) + &add ($E,$T); # d += T + &mov ("edi",$Coff); + + &add ($T,"ecx"); # T += Sigma0(a) + &mov ($Aoff,$A); # modulo-scheduled + + &mov ("ecx",$A); + &sub ("esp",4); + &or ($A,"esi"); # a becomes h, which is a in next iteration + &and ("ecx","esi"); + &and ($A,"edi"); + &mov ("esi",&DWP(0,$K256)); + &or ($A,"ecx"); # h=Maj(a,b,c) + + &add ($K256,4); + &add ($A,$T); # h += T + &mov ($T,&DWP(4*(8+15+16-1),"esp")) if ($in_16_63); # preload T + &add ($E,"esi"); # d += K256[i] + &add ($A,"esi"); # h += K256[i] +} + +&function_begin("sha256_block_data_order"); + &mov ("esi",wparam(0)); # ctx + &mov ("edi",wparam(1)); # inp + &mov ("eax",wparam(2)); # num + &mov ("ebx","esp"); # saved sp + + &call (&label("pic_point")); # make it PIC! +&set_label("pic_point"); + &blindpop($K256); + &lea ($K256,&DWP(&label("K256")."-".&label("pic_point"),$K256)); + + &sub ("esp",16); + &and ("esp",-64); + + &shl ("eax",6); + &add ("eax","edi"); + &mov (&DWP(0,"esp"),"esi"); # ctx + &mov (&DWP(4,"esp"),"edi"); # inp + &mov (&DWP(8,"esp"),"eax"); # inp+num*128 + &mov (&DWP(12,"esp"),"ebx"); # saved sp + +&set_label("loop",16); + # copy input block to stack reversing byte and dword order + for($i=0;$i<4;$i++) { + &mov ("eax",&DWP($i*16+0,"edi")); + &mov ("ebx",&DWP($i*16+4,"edi")); + &mov ("ecx",&DWP($i*16+8,"edi")); + &mov ("edx",&DWP($i*16+12,"edi")); + &bswap ("eax"); + &bswap ("ebx"); + &bswap ("ecx"); + &bswap ("edx"); + &push ("eax"); + &push ("ebx"); + &push ("ecx"); + &push ("edx"); + } + &add ("edi",64); + &sub ("esp",4*8); # place for A,B,C,D,E,F,G,H + &mov (&DWP(4*(8+16)+4,"esp"),"edi"); + + # copy ctx->h[0-7] to A,B,C,D,E,F,G,H on stack + &mov ($A,&DWP(0,"esi")); + &mov ("ebx",&DWP(4,"esi")); + &mov ("ecx",&DWP(8,"esi")); + &mov ("edi",&DWP(12,"esi")); + # &mov ($Aoff,$A); + &mov ($Boff,"ebx"); + &mov ($Coff,"ecx"); + &mov ($Doff,"edi"); + &mov ($E,&DWP(16,"esi")); + &mov ("ebx",&DWP(20,"esi")); + &mov ("ecx",&DWP(24,"esi")); + &mov ("edi",&DWP(28,"esi")); + # &mov ($Eoff,$E); + &mov ($Foff,"ebx"); + &mov ($Goff,"ecx"); + &mov ($Hoff,"edi"); + +&set_label("00_15",16); + &mov ($T,&DWP(4*(8+15),"esp")); + + &BODY_00_15(); + + &cmp ("esi",0xc19bf174); + &jne (&label("00_15")); + + &mov ($T,&DWP(4*(8+15+16-1),"esp")); # preloaded in BODY_00_15(1) +&set_label("16_63",16); + &mov ("esi",$T); + &mov ("ecx",&DWP(4*(8+15+16-14),"esp")); + &ror ("esi",18-7); + &mov ("edi","ecx"); + &xor ("esi",$T); + &ror ("esi",7); + &shr ($T,3); + + &ror ("edi",19-17); + &xor ($T,"esi"); # T = sigma0(X[-15]) + &xor ("edi","ecx"); + &ror ("edi",17); + &shr ("ecx",10); + &add ($T,&DWP(4*(8+15+16),"esp")); # T += X[-16] + &xor ("edi","ecx"); # sigma1(X[-2]) + + &add ($T,&DWP(4*(8+15+16-9),"esp")); # T += X[-7] + # &add ($T,"edi"); # T += sigma1(X[-2]) + # &mov (&DWP(4*(8+15),"esp"),$T); # save X[0] + + &BODY_00_15(1); + + &cmp ("esi",0xc67178f2); + &jne (&label("16_63")); + + &mov ("esi",&DWP(4*(8+16+64)+0,"esp"));#ctx + # &mov ($A,$Aoff); + &mov ("ebx",$Boff); + &mov ("ecx",$Coff); + &mov ("edi",$Doff); + &add ($A,&DWP(0,"esi")); + &add ("ebx",&DWP(4,"esi")); + &add ("ecx",&DWP(8,"esi")); + &add ("edi",&DWP(12,"esi")); + &mov (&DWP(0,"esi"),$A); + &mov (&DWP(4,"esi"),"ebx"); + &mov (&DWP(8,"esi"),"ecx"); + &mov (&DWP(12,"esi"),"edi"); + # &mov ($E,$Eoff); + &mov ("eax",$Foff); + &mov ("ebx",$Goff); + &mov ("ecx",$Hoff); + &mov ("edi",&DWP(4*(8+16+64)+4,"esp"));#inp + &add ($E,&DWP(16,"esi")); + &add ("eax",&DWP(20,"esi")); + &add ("ebx",&DWP(24,"esi")); + &add ("ecx",&DWP(28,"esi")); + &mov (&DWP(16,"esi"),$E); + &mov (&DWP(20,"esi"),"eax"); + &mov (&DWP(24,"esi"),"ebx"); + &mov (&DWP(28,"esi"),"ecx"); + + &add ("esp",4*(8+16+64)); # destroy frame + &sub ($K256,4*64); # rewind K + + &cmp ("edi",&DWP(8,"esp")); # are we done yet? + &jb (&label("loop")); + + &mov ("esp",&DWP(12,"esp")); # restore sp +&function_end_A(); + +&set_label("K256",64); # Yes! I keep it in the code segment! + &data_word(0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5); + &data_word(0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5); + &data_word(0xd807aa98,0x12835b01,0x243185be,0x550c7dc3); + &data_word(0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174); + &data_word(0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc); + &data_word(0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da); + &data_word(0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7); + &data_word(0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967); + &data_word(0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13); + &data_word(0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85); + &data_word(0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3); + &data_word(0xd192e819,0xd6990624,0xf40e3585,0x106aa070); + &data_word(0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5); + &data_word(0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3); + &data_word(0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208); + &data_word(0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2); +&function_end_B("sha256_block_data_order"); +&asciz("SHA256 block transform for x86, CRYPTOGAMS by "); + +&asm_finish(); diff --git a/src/lib/libcrypto/sha/asm/sha256-armv4.pl b/src/lib/libcrypto/sha/asm/sha256-armv4.pl new file mode 100644 index 00000000000..292520731cd --- /dev/null +++ b/src/lib/libcrypto/sha/asm/sha256-armv4.pl @@ -0,0 +1,211 @@ +#!/usr/bin/env perl + +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# SHA256 block procedure for ARMv4. May 2007. + +# Performance is ~2x better than gcc 3.4 generated code and in "abso- +# lute" terms is ~2250 cycles per 64-byte block or ~35 cycles per +# byte [on single-issue Xscale PXA250 core]. + +# July 2010. +# +# Rescheduling for dual-issue pipeline resulted in 22% improvement on +# Cortex A8 core and ~20 cycles per processed byte. + +# February 2011. +# +# Profiler-assisted and platform-specific optimization resulted in 16% +# improvement on Cortex A8 core and ~17 cycles per processed byte. + +while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} +open STDOUT,">$output"; + +$ctx="r0"; $t0="r0"; +$inp="r1"; $t3="r1"; +$len="r2"; $t1="r2"; +$T1="r3"; +$A="r4"; +$B="r5"; +$C="r6"; +$D="r7"; +$E="r8"; +$F="r9"; +$G="r10"; +$H="r11"; +@V=($A,$B,$C,$D,$E,$F,$G,$H); +$t2="r12"; +$Ktbl="r14"; + +@Sigma0=( 2,13,22); +@Sigma1=( 6,11,25); +@sigma0=( 7,18, 3); +@sigma1=(17,19,10); + +sub BODY_00_15 { +my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_; + +$code.=<<___ if ($i<16); +#if __ARM_ARCH__>=7 && !defined(__STRICT_ALIGNMENT) + ldr $T1,[$inp],#4 +#else + ldrb $T1,[$inp,#3] @ $i + ldrb $t2,[$inp,#2] + ldrb $t1,[$inp,#1] + ldrb $t0,[$inp],#4 + orr $T1,$T1,$t2,lsl#8 + orr $T1,$T1,$t1,lsl#16 + orr $T1,$T1,$t0,lsl#24 +#endif +___ +$code.=<<___; + mov $t0,$e,ror#$Sigma1[0] + ldr $t2,[$Ktbl],#4 @ *K256++ + eor $t0,$t0,$e,ror#$Sigma1[1] + eor $t1,$f,$g +#if $i>=16 + add $T1,$T1,$t3 @ from BODY_16_xx +#elif __ARM_ARCH__>=7 && defined(__ARMEL__) && !defined(__STRICT_ALIGNMENT) + rev $T1,$T1 +#endif +#if $i==15 + str $inp,[sp,#17*4] @ leave room for $t3 +#endif + eor $t0,$t0,$e,ror#$Sigma1[2] @ Sigma1(e) + and $t1,$t1,$e + str $T1,[sp,#`$i%16`*4] + add $T1,$T1,$t0 + eor $t1,$t1,$g @ Ch(e,f,g) + add $T1,$T1,$h + mov $h,$a,ror#$Sigma0[0] + add $T1,$T1,$t1 + eor $h,$h,$a,ror#$Sigma0[1] + add $T1,$T1,$t2 + eor $h,$h,$a,ror#$Sigma0[2] @ Sigma0(a) +#if $i>=15 + ldr $t3,[sp,#`($i+2)%16`*4] @ from BODY_16_xx +#endif + orr $t0,$a,$b + and $t1,$a,$b + and $t0,$t0,$c + add $h,$h,$T1 + orr $t0,$t0,$t1 @ Maj(a,b,c) + add $d,$d,$T1 + add $h,$h,$t0 +___ +} + +sub BODY_16_XX { +my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_; + +$code.=<<___; + @ ldr $t3,[sp,#`($i+1)%16`*4] @ $i + ldr $t2,[sp,#`($i+14)%16`*4] + mov $t0,$t3,ror#$sigma0[0] + ldr $T1,[sp,#`($i+0)%16`*4] + eor $t0,$t0,$t3,ror#$sigma0[1] + ldr $t1,[sp,#`($i+9)%16`*4] + eor $t0,$t0,$t3,lsr#$sigma0[2] @ sigma0(X[i+1]) + mov $t3,$t2,ror#$sigma1[0] + add $T1,$T1,$t0 + eor $t3,$t3,$t2,ror#$sigma1[1] + add $T1,$T1,$t1 + eor $t3,$t3,$t2,lsr#$sigma1[2] @ sigma1(X[i+14]) + @ add $T1,$T1,$t3 +___ + &BODY_00_15(@_); +} + +$code=<<___; +#include "arm_arch.h" + +.text +.code 32 + +.type K256,%object +.align 5 +K256: +.word 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5 +.word 0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5 +.word 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3 +.word 0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174 +.word 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc +.word 0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da +.word 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7 +.word 0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967 +.word 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13 +.word 0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85 +.word 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3 +.word 0xd192e819,0xd6990624,0xf40e3585,0x106aa070 +.word 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5 +.word 0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3 +.word 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208 +.word 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2 +.size K256,.-K256 + +.global sha256_block_data_order +.type sha256_block_data_order,%function +sha256_block_data_order: + sub r3,pc,#8 @ sha256_block_data_order + add $len,$inp,$len,lsl#6 @ len to point at the end of inp + stmdb sp!,{$ctx,$inp,$len,r4-r11,lr} + ldmia $ctx,{$A,$B,$C,$D,$E,$F,$G,$H} + sub $Ktbl,r3,#256 @ K256 + sub sp,sp,#16*4 @ alloca(X[16]) +.Loop: +___ +for($i=0;$i<16;$i++) { &BODY_00_15($i,@V); unshift(@V,pop(@V)); } +$code.=".Lrounds_16_xx:\n"; +for (;$i<32;$i++) { &BODY_16_XX($i,@V); unshift(@V,pop(@V)); } +$code.=<<___; + and $t2,$t2,#0xff + cmp $t2,#0xf2 + bne .Lrounds_16_xx + + ldr $T1,[sp,#16*4] @ pull ctx + ldr $t0,[$T1,#0] + ldr $t1,[$T1,#4] + ldr $t2,[$T1,#8] + add $A,$A,$t0 + ldr $t0,[$T1,#12] + add $B,$B,$t1 + ldr $t1,[$T1,#16] + add $C,$C,$t2 + ldr $t2,[$T1,#20] + add $D,$D,$t0 + ldr $t0,[$T1,#24] + add $E,$E,$t1 + ldr $t1,[$T1,#28] + add $F,$F,$t2 + ldr $inp,[sp,#17*4] @ pull inp + ldr $t2,[sp,#18*4] @ pull inp+len + add $G,$G,$t0 + add $H,$H,$t1 + stmia $T1,{$A,$B,$C,$D,$E,$F,$G,$H} + cmp $inp,$t2 + sub $Ktbl,$Ktbl,#256 @ rewind Ktbl + bne .Loop + + add sp,sp,#`16+3`*4 @ destroy frame +#if __ARM_ARCH__>=5 + ldmia sp!,{r4-r11,pc} +#else + ldmia sp!,{r4-r11,lr} + tst lr,#1 + moveq pc,lr @ be binary compatible with V4, yet + bx lr @ interoperable with Thumb ISA:-) +#endif +.size sha256_block_data_order,.-sha256_block_data_order +.asciz "SHA256 block transform for ARMv4, CRYPTOGAMS by " +.align 2 +___ + +$code =~ s/\`([^\`]*)\`/eval $1/gem; +$code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm; # make it possible to compile with -march=armv4 +print $code; +close STDOUT; # enforce flush diff --git a/src/lib/libcrypto/sha/asm/sha512-586.pl b/src/lib/libcrypto/sha/asm/sha512-586.pl new file mode 100644 index 00000000000..163361ebe9d --- /dev/null +++ b/src/lib/libcrypto/sha/asm/sha512-586.pl @@ -0,0 +1,644 @@ +#!/usr/bin/env perl +# +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== +# +# SHA512 block transform for x86. September 2007. +# +# Performance in clock cycles per processed byte (less is better): +# +# Pentium PIII P4 AMD K8 Core2 +# gcc 100 75 116 54 66 +# icc 97 77 95 55 57 +# x86 asm 61 56 82 36 40 +# SSE2 asm - - 38 24 20 +# x86_64 asm(*) - - 30 10.0 10.5 +# +# (*) x86_64 assembler performance is presented for reference +# purposes. +# +# IALU code-path is optimized for elder Pentiums. On vanilla Pentium +# performance improvement over compiler generated code reaches ~60%, +# while on PIII - ~35%. On newer µ-archs improvement varies from 15% +# to 50%, but it's less important as they are expected to execute SSE2 +# code-path, which is commonly ~2-3x faster [than compiler generated +# code]. SSE2 code-path is as fast as original sha512-sse2.pl, even +# though it does not use 128-bit operations. The latter means that +# SSE2-aware kernel is no longer required to execute the code. Another +# difference is that new code optimizes amount of writes, but at the +# cost of increased data cache "footprint" by 1/2KB. + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +push(@INC,"${dir}","${dir}../../perlasm"); +require "x86asm.pl"; + +&asm_init($ARGV[0],"sha512-586.pl",$ARGV[$#ARGV] eq "386"); + +$sse2=0; +for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } + +&external_label("OPENSSL_ia32cap_P") if ($sse2); + +$Tlo=&DWP(0,"esp"); $Thi=&DWP(4,"esp"); +$Alo=&DWP(8,"esp"); $Ahi=&DWP(8+4,"esp"); +$Blo=&DWP(16,"esp"); $Bhi=&DWP(16+4,"esp"); +$Clo=&DWP(24,"esp"); $Chi=&DWP(24+4,"esp"); +$Dlo=&DWP(32,"esp"); $Dhi=&DWP(32+4,"esp"); +$Elo=&DWP(40,"esp"); $Ehi=&DWP(40+4,"esp"); +$Flo=&DWP(48,"esp"); $Fhi=&DWP(48+4,"esp"); +$Glo=&DWP(56,"esp"); $Ghi=&DWP(56+4,"esp"); +$Hlo=&DWP(64,"esp"); $Hhi=&DWP(64+4,"esp"); +$K512="ebp"; + +$Asse2=&QWP(0,"esp"); +$Bsse2=&QWP(8,"esp"); +$Csse2=&QWP(16,"esp"); +$Dsse2=&QWP(24,"esp"); +$Esse2=&QWP(32,"esp"); +$Fsse2=&QWP(40,"esp"); +$Gsse2=&QWP(48,"esp"); +$Hsse2=&QWP(56,"esp"); + +$A="mm0"; # B-D and +$E="mm4"; # F-H are commonly loaded to respectively mm1-mm3 and + # mm5-mm7, but it's done on on-demand basis... + +sub BODY_00_15_sse2 { + my $prefetch=shift; + + &movq ("mm5",$Fsse2); # load f + &movq ("mm6",$Gsse2); # load g + &movq ("mm7",$Hsse2); # load h + + &movq ("mm1",$E); # %mm1 is sliding right + &movq ("mm2",$E); # %mm2 is sliding left + &psrlq ("mm1",14); + &movq ($Esse2,$E); # modulo-scheduled save e + &psllq ("mm2",23); + &movq ("mm3","mm1"); # %mm3 is T1 + &psrlq ("mm1",4); + &pxor ("mm3","mm2"); + &psllq ("mm2",23); + &pxor ("mm3","mm1"); + &psrlq ("mm1",23); + &pxor ("mm3","mm2"); + &psllq ("mm2",4); + &pxor ("mm3","mm1"); + &paddq ("mm7",QWP(0,$K512)); # h+=K512[i] + &pxor ("mm3","mm2"); # T1=Sigma1_512(e) + + &pxor ("mm5","mm6"); # f^=g + &movq ("mm1",$Bsse2); # load b + &pand ("mm5",$E); # f&=e + &movq ("mm2",$Csse2); # load c + &pxor ("mm5","mm6"); # f^=g + &movq ($E,$Dsse2); # e = load d + &paddq ("mm3","mm5"); # T1+=Ch(e,f,g) + &movq (&QWP(0,"esp"),$A); # modulo-scheduled save a + &paddq ("mm3","mm7"); # T1+=h + + &movq ("mm5",$A); # %mm5 is sliding right + &movq ("mm6",$A); # %mm6 is sliding left + &paddq ("mm3",&QWP(8*9,"esp")); # T1+=X[0] + &psrlq ("mm5",28); + &paddq ($E,"mm3"); # e += T1 + &psllq ("mm6",25); + &movq ("mm7","mm5"); # %mm7 is T2 + &psrlq ("mm5",6); + &pxor ("mm7","mm6"); + &psllq ("mm6",5); + &pxor ("mm7","mm5"); + &psrlq ("mm5",5); + &pxor ("mm7","mm6"); + &psllq ("mm6",6); + &pxor ("mm7","mm5"); + &sub ("esp",8); + &pxor ("mm7","mm6"); # T2=Sigma0_512(a) + + &movq ("mm5",$A); # %mm5=a + &por ($A,"mm2"); # a=a|c + &movq ("mm6",&QWP(8*(9+16-14),"esp")) if ($prefetch); + &pand ("mm5","mm2"); # %mm5=a&c + &pand ($A,"mm1"); # a=(a|c)&b + &movq ("mm2",&QWP(8*(9+16-1),"esp")) if ($prefetch); + &por ("mm5",$A); # %mm5=(a&c)|((a|c)&b) + &paddq ("mm7","mm5"); # T2+=Maj(a,b,c) + &movq ($A,"mm3"); # a=T1 + + &mov (&LB("edx"),&BP(0,$K512)); + &paddq ($A,"mm7"); # a+=T2 + &add ($K512,8); +} + +sub BODY_00_15_x86 { + #define Sigma1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41)) + # LO lo>>14^hi<<18 ^ lo>>18^hi<<14 ^ hi>>9^lo<<23 + # HI hi>>14^lo<<18 ^ hi>>18^lo<<14 ^ lo>>9^hi<<23 + &mov ("ecx",$Elo); + &mov ("edx",$Ehi); + &mov ("esi","ecx"); + + &shr ("ecx",9); # lo>>9 + &mov ("edi","edx"); + &shr ("edx",9); # hi>>9 + &mov ("ebx","ecx"); + &shl ("esi",14); # lo<<14 + &mov ("eax","edx"); + &shl ("edi",14); # hi<<14 + &xor ("ebx","esi"); + + &shr ("ecx",14-9); # lo>>14 + &xor ("eax","edi"); + &shr ("edx",14-9); # hi>>14 + &xor ("eax","ecx"); + &shl ("esi",18-14); # lo<<18 + &xor ("ebx","edx"); + &shl ("edi",18-14); # hi<<18 + &xor ("ebx","esi"); + + &shr ("ecx",18-14); # lo>>18 + &xor ("eax","edi"); + &shr ("edx",18-14); # hi>>18 + &xor ("eax","ecx"); + &shl ("esi",23-18); # lo<<23 + &xor ("ebx","edx"); + &shl ("edi",23-18); # hi<<23 + &xor ("eax","esi"); + &xor ("ebx","edi"); # T1 = Sigma1(e) + + &mov ("ecx",$Flo); + &mov ("edx",$Fhi); + &mov ("esi",$Glo); + &mov ("edi",$Ghi); + &add ("eax",$Hlo); + &adc ("ebx",$Hhi); # T1 += h + &xor ("ecx","esi"); + &xor ("edx","edi"); + &and ("ecx",$Elo); + &and ("edx",$Ehi); + &add ("eax",&DWP(8*(9+15)+0,"esp")); + &adc ("ebx",&DWP(8*(9+15)+4,"esp")); # T1 += X[0] + &xor ("ecx","esi"); + &xor ("edx","edi"); # Ch(e,f,g) = (f^g)&e)^g + + &mov ("esi",&DWP(0,$K512)); + &mov ("edi",&DWP(4,$K512)); # K[i] + &add ("eax","ecx"); + &adc ("ebx","edx"); # T1 += Ch(e,f,g) + &mov ("ecx",$Dlo); + &mov ("edx",$Dhi); + &add ("eax","esi"); + &adc ("ebx","edi"); # T1 += K[i] + &mov ($Tlo,"eax"); + &mov ($Thi,"ebx"); # put T1 away + &add ("eax","ecx"); + &adc ("ebx","edx"); # d += T1 + + #define Sigma0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39)) + # LO lo>>28^hi<<4 ^ hi>>2^lo<<30 ^ hi>>7^lo<<25 + # HI hi>>28^lo<<4 ^ lo>>2^hi<<30 ^ lo>>7^hi<<25 + &mov ("ecx",$Alo); + &mov ("edx",$Ahi); + &mov ($Dlo,"eax"); + &mov ($Dhi,"ebx"); + &mov ("esi","ecx"); + + &shr ("ecx",2); # lo>>2 + &mov ("edi","edx"); + &shr ("edx",2); # hi>>2 + &mov ("ebx","ecx"); + &shl ("esi",4); # lo<<4 + &mov ("eax","edx"); + &shl ("edi",4); # hi<<4 + &xor ("ebx","esi"); + + &shr ("ecx",7-2); # lo>>7 + &xor ("eax","edi"); + &shr ("edx",7-2); # hi>>7 + &xor ("ebx","ecx"); + &shl ("esi",25-4); # lo<<25 + &xor ("eax","edx"); + &shl ("edi",25-4); # hi<<25 + &xor ("eax","esi"); + + &shr ("ecx",28-7); # lo>>28 + &xor ("ebx","edi"); + &shr ("edx",28-7); # hi>>28 + &xor ("eax","ecx"); + &shl ("esi",30-25); # lo<<30 + &xor ("ebx","edx"); + &shl ("edi",30-25); # hi<<30 + &xor ("eax","esi"); + &xor ("ebx","edi"); # Sigma0(a) + + &mov ("ecx",$Alo); + &mov ("edx",$Ahi); + &mov ("esi",$Blo); + &mov ("edi",$Bhi); + &add ("eax",$Tlo); + &adc ("ebx",$Thi); # T1 = Sigma0(a)+T1 + &or ("ecx","esi"); + &or ("edx","edi"); + &and ("ecx",$Clo); + &and ("edx",$Chi); + &and ("esi",$Alo); + &and ("edi",$Ahi); + &or ("ecx","esi"); + &or ("edx","edi"); # Maj(a,b,c) = ((a|b)&c)|(a&b) + + &add ("eax","ecx"); + &adc ("ebx","edx"); # T1 += Maj(a,b,c) + &mov ($Tlo,"eax"); + &mov ($Thi,"ebx"); + + &mov (&LB("edx"),&BP(0,$K512)); # pre-fetch LSB of *K + &sub ("esp",8); + &lea ($K512,&DWP(8,$K512)); # K++ +} + + +&function_begin("sha512_block_data_order"); + &mov ("esi",wparam(0)); # ctx + &mov ("edi",wparam(1)); # inp + &mov ("eax",wparam(2)); # num + &mov ("ebx","esp"); # saved sp + + &call (&label("pic_point")); # make it PIC! +&set_label("pic_point"); + &blindpop($K512); + &lea ($K512,&DWP(&label("K512")."-".&label("pic_point"),$K512)); + + &sub ("esp",16); + &and ("esp",-64); + + &shl ("eax",7); + &add ("eax","edi"); + &mov (&DWP(0,"esp"),"esi"); # ctx + &mov (&DWP(4,"esp"),"edi"); # inp + &mov (&DWP(8,"esp"),"eax"); # inp+num*128 + &mov (&DWP(12,"esp"),"ebx"); # saved sp + +if ($sse2) { + &picmeup("edx","OPENSSL_ia32cap_P",$K512,&label("K512")); + &bt (&DWP(0,"edx"),"\$IA32CAP_BIT0_SSE2"); + &jnc (&label("loop_x86")); + + # load ctx->h[0-7] + &movq ($A,&QWP(0,"esi")); + &movq ("mm1",&QWP(8,"esi")); + &movq ("mm2",&QWP(16,"esi")); + &movq ("mm3",&QWP(24,"esi")); + &movq ($E,&QWP(32,"esi")); + &movq ("mm5",&QWP(40,"esi")); + &movq ("mm6",&QWP(48,"esi")); + &movq ("mm7",&QWP(56,"esi")); + &sub ("esp",8*10); + +&set_label("loop_sse2",16); + # &movq ($Asse2,$A); + &movq ($Bsse2,"mm1"); + &movq ($Csse2,"mm2"); + &movq ($Dsse2,"mm3"); + # &movq ($Esse2,$E); + &movq ($Fsse2,"mm5"); + &movq ($Gsse2,"mm6"); + &movq ($Hsse2,"mm7"); + + &mov ("ecx",&DWP(0,"edi")); + &mov ("edx",&DWP(4,"edi")); + &add ("edi",8); + &bswap ("ecx"); + &bswap ("edx"); + &mov (&DWP(8*9+4,"esp"),"ecx"); + &mov (&DWP(8*9+0,"esp"),"edx"); + +&set_label("00_14_sse2",16); + &mov ("eax",&DWP(0,"edi")); + &mov ("ebx",&DWP(4,"edi")); + &add ("edi",8); + &bswap ("eax"); + &bswap ("ebx"); + &mov (&DWP(8*8+4,"esp"),"eax"); + &mov (&DWP(8*8+0,"esp"),"ebx"); + + &BODY_00_15_sse2(); + + &cmp (&LB("edx"),0x35); + &jne (&label("00_14_sse2")); + + &BODY_00_15_sse2(1); + +&set_label("16_79_sse2",16); + #&movq ("mm2",&QWP(8*(9+16-1),"esp")); #prefetched in BODY_00_15 + #&movq ("mm6",&QWP(8*(9+16-14),"esp")); + &movq ("mm1","mm2"); + + &psrlq ("mm2",1); + &movq ("mm7","mm6"); + &psrlq ("mm6",6); + &movq ("mm3","mm2"); + + &psrlq ("mm2",7-1); + &movq ("mm5","mm6"); + &psrlq ("mm6",19-6); + &pxor ("mm3","mm2"); + + &psrlq ("mm2",8-7); + &pxor ("mm5","mm6"); + &psrlq ("mm6",61-19); + &pxor ("mm3","mm2"); + + &movq ("mm2",&QWP(8*(9+16),"esp")); + + &psllq ("mm1",56); + &pxor ("mm5","mm6"); + &psllq ("mm7",3); + &pxor ("mm3","mm1"); + + &paddq ("mm2",&QWP(8*(9+16-9),"esp")); + + &psllq ("mm1",63-56); + &pxor ("mm5","mm7"); + &psllq ("mm7",45-3); + &pxor ("mm3","mm1"); + &pxor ("mm5","mm7"); + + &paddq ("mm3","mm5"); + &paddq ("mm3","mm2"); + &movq (&QWP(8*9,"esp"),"mm3"); + + &BODY_00_15_sse2(1); + + &cmp (&LB("edx"),0x17); + &jne (&label("16_79_sse2")); + + # &movq ($A,$Asse2); + &movq ("mm1",$Bsse2); + &movq ("mm2",$Csse2); + &movq ("mm3",$Dsse2); + # &movq ($E,$Esse2); + &movq ("mm5",$Fsse2); + &movq ("mm6",$Gsse2); + &movq ("mm7",$Hsse2); + + &paddq ($A,&QWP(0,"esi")); + &paddq ("mm1",&QWP(8,"esi")); + &paddq ("mm2",&QWP(16,"esi")); + &paddq ("mm3",&QWP(24,"esi")); + &paddq ($E,&QWP(32,"esi")); + &paddq ("mm5",&QWP(40,"esi")); + &paddq ("mm6",&QWP(48,"esi")); + &paddq ("mm7",&QWP(56,"esi")); + + &movq (&QWP(0,"esi"),$A); + &movq (&QWP(8,"esi"),"mm1"); + &movq (&QWP(16,"esi"),"mm2"); + &movq (&QWP(24,"esi"),"mm3"); + &movq (&QWP(32,"esi"),$E); + &movq (&QWP(40,"esi"),"mm5"); + &movq (&QWP(48,"esi"),"mm6"); + &movq (&QWP(56,"esi"),"mm7"); + + &add ("esp",8*80); # destroy frame + &sub ($K512,8*80); # rewind K + + &cmp ("edi",&DWP(8*10+8,"esp")); # are we done yet? + &jb (&label("loop_sse2")); + + &emms (); + &mov ("esp",&DWP(8*10+12,"esp")); # restore sp +&function_end_A(); +} +&set_label("loop_x86",16); + # copy input block to stack reversing byte and qword order + for ($i=0;$i<8;$i++) { + &mov ("eax",&DWP($i*16+0,"edi")); + &mov ("ebx",&DWP($i*16+4,"edi")); + &mov ("ecx",&DWP($i*16+8,"edi")); + &mov ("edx",&DWP($i*16+12,"edi")); + &bswap ("eax"); + &bswap ("ebx"); + &bswap ("ecx"); + &bswap ("edx"); + &push ("eax"); + &push ("ebx"); + &push ("ecx"); + &push ("edx"); + } + &add ("edi",128); + &sub ("esp",9*8); # place for T,A,B,C,D,E,F,G,H + &mov (&DWP(8*(9+16)+4,"esp"),"edi"); + + # copy ctx->h[0-7] to A,B,C,D,E,F,G,H on stack + &lea ("edi",&DWP(8,"esp")); + &mov ("ecx",16); + &data_word(0xA5F3F689); # rep movsd + +&set_label("00_15_x86",16); + &BODY_00_15_x86(); + + &cmp (&LB("edx"),0x94); + &jne (&label("00_15_x86")); + +&set_label("16_79_x86",16); + #define sigma0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7)) + # LO lo>>1^hi<<31 ^ lo>>8^hi<<24 ^ lo>>7^hi<<25 + # HI hi>>1^lo<<31 ^ hi>>8^lo<<24 ^ hi>>7 + &mov ("ecx",&DWP(8*(9+15+16-1)+0,"esp")); + &mov ("edx",&DWP(8*(9+15+16-1)+4,"esp")); + &mov ("esi","ecx"); + + &shr ("ecx",1); # lo>>1 + &mov ("edi","edx"); + &shr ("edx",1); # hi>>1 + &mov ("eax","ecx"); + &shl ("esi",24); # lo<<24 + &mov ("ebx","edx"); + &shl ("edi",24); # hi<<24 + &xor ("ebx","esi"); + + &shr ("ecx",7-1); # lo>>7 + &xor ("eax","edi"); + &shr ("edx",7-1); # hi>>7 + &xor ("eax","ecx"); + &shl ("esi",31-24); # lo<<31 + &xor ("ebx","edx"); + &shl ("edi",25-24); # hi<<25 + &xor ("ebx","esi"); + + &shr ("ecx",8-7); # lo>>8 + &xor ("eax","edi"); + &shr ("edx",8-7); # hi>>8 + &xor ("eax","ecx"); + &shl ("edi",31-25); # hi<<31 + &xor ("ebx","edx"); + &xor ("eax","edi"); # T1 = sigma0(X[-15]) + + &mov (&DWP(0,"esp"),"eax"); + &mov (&DWP(4,"esp"),"ebx"); # put T1 away + + #define sigma1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6)) + # LO lo>>19^hi<<13 ^ hi>>29^lo<<3 ^ lo>>6^hi<<26 + # HI hi>>19^lo<<13 ^ lo>>29^hi<<3 ^ hi>>6 + &mov ("ecx",&DWP(8*(9+15+16-14)+0,"esp")); + &mov ("edx",&DWP(8*(9+15+16-14)+4,"esp")); + &mov ("esi","ecx"); + + &shr ("ecx",6); # lo>>6 + &mov ("edi","edx"); + &shr ("edx",6); # hi>>6 + &mov ("eax","ecx"); + &shl ("esi",3); # lo<<3 + &mov ("ebx","edx"); + &shl ("edi",3); # hi<<3 + &xor ("eax","esi"); + + &shr ("ecx",19-6); # lo>>19 + &xor ("ebx","edi"); + &shr ("edx",19-6); # hi>>19 + &xor ("eax","ecx"); + &shl ("esi",13-3); # lo<<13 + &xor ("ebx","edx"); + &shl ("edi",13-3); # hi<<13 + &xor ("ebx","esi"); + + &shr ("ecx",29-19); # lo>>29 + &xor ("eax","edi"); + &shr ("edx",29-19); # hi>>29 + &xor ("ebx","ecx"); + &shl ("edi",26-13); # hi<<26 + &xor ("eax","edx"); + &xor ("eax","edi"); # sigma1(X[-2]) + + &mov ("ecx",&DWP(8*(9+15+16)+0,"esp")); + &mov ("edx",&DWP(8*(9+15+16)+4,"esp")); + &add ("eax",&DWP(0,"esp")); + &adc ("ebx",&DWP(4,"esp")); # T1 = sigma1(X[-2])+T1 + &mov ("esi",&DWP(8*(9+15+16-9)+0,"esp")); + &mov ("edi",&DWP(8*(9+15+16-9)+4,"esp")); + &add ("eax","ecx"); + &adc ("ebx","edx"); # T1 += X[-16] + &add ("eax","esi"); + &adc ("ebx","edi"); # T1 += X[-7] + &mov (&DWP(8*(9+15)+0,"esp"),"eax"); + &mov (&DWP(8*(9+15)+4,"esp"),"ebx"); # save X[0] + + &BODY_00_15_x86(); + + &cmp (&LB("edx"),0x17); + &jne (&label("16_79_x86")); + + &mov ("esi",&DWP(8*(9+16+80)+0,"esp"));# ctx + &mov ("edi",&DWP(8*(9+16+80)+4,"esp"));# inp + for($i=0;$i<4;$i++) { + &mov ("eax",&DWP($i*16+0,"esi")); + &mov ("ebx",&DWP($i*16+4,"esi")); + &mov ("ecx",&DWP($i*16+8,"esi")); + &mov ("edx",&DWP($i*16+12,"esi")); + &add ("eax",&DWP(8+($i*16)+0,"esp")); + &adc ("ebx",&DWP(8+($i*16)+4,"esp")); + &mov (&DWP($i*16+0,"esi"),"eax"); + &mov (&DWP($i*16+4,"esi"),"ebx"); + &add ("ecx",&DWP(8+($i*16)+8,"esp")); + &adc ("edx",&DWP(8+($i*16)+12,"esp")); + &mov (&DWP($i*16+8,"esi"),"ecx"); + &mov (&DWP($i*16+12,"esi"),"edx"); + } + &add ("esp",8*(9+16+80)); # destroy frame + &sub ($K512,8*80); # rewind K + + &cmp ("edi",&DWP(8,"esp")); # are we done yet? + &jb (&label("loop_x86")); + + &mov ("esp",&DWP(12,"esp")); # restore sp +&function_end_A(); + +&set_label("K512",64); # Yes! I keep it in the code segment! + &data_word(0xd728ae22,0x428a2f98); # u64 + &data_word(0x23ef65cd,0x71374491); # u64 + &data_word(0xec4d3b2f,0xb5c0fbcf); # u64 + &data_word(0x8189dbbc,0xe9b5dba5); # u64 + &data_word(0xf348b538,0x3956c25b); # u64 + &data_word(0xb605d019,0x59f111f1); # u64 + &data_word(0xaf194f9b,0x923f82a4); # u64 + &data_word(0xda6d8118,0xab1c5ed5); # u64 + &data_word(0xa3030242,0xd807aa98); # u64 + &data_word(0x45706fbe,0x12835b01); # u64 + &data_word(0x4ee4b28c,0x243185be); # u64 + &data_word(0xd5ffb4e2,0x550c7dc3); # u64 + &data_word(0xf27b896f,0x72be5d74); # u64 + &data_word(0x3b1696b1,0x80deb1fe); # u64 + &data_word(0x25c71235,0x9bdc06a7); # u64 + &data_word(0xcf692694,0xc19bf174); # u64 + &data_word(0x9ef14ad2,0xe49b69c1); # u64 + &data_word(0x384f25e3,0xefbe4786); # u64 + &data_word(0x8b8cd5b5,0x0fc19dc6); # u64 + &data_word(0x77ac9c65,0x240ca1cc); # u64 + &data_word(0x592b0275,0x2de92c6f); # u64 + &data_word(0x6ea6e483,0x4a7484aa); # u64 + &data_word(0xbd41fbd4,0x5cb0a9dc); # u64 + &data_word(0x831153b5,0x76f988da); # u64 + &data_word(0xee66dfab,0x983e5152); # u64 + &data_word(0x2db43210,0xa831c66d); # u64 + &data_word(0x98fb213f,0xb00327c8); # u64 + &data_word(0xbeef0ee4,0xbf597fc7); # u64 + &data_word(0x3da88fc2,0xc6e00bf3); # u64 + &data_word(0x930aa725,0xd5a79147); # u64 + &data_word(0xe003826f,0x06ca6351); # u64 + &data_word(0x0a0e6e70,0x14292967); # u64 + &data_word(0x46d22ffc,0x27b70a85); # u64 + &data_word(0x5c26c926,0x2e1b2138); # u64 + &data_word(0x5ac42aed,0x4d2c6dfc); # u64 + &data_word(0x9d95b3df,0x53380d13); # u64 + &data_word(0x8baf63de,0x650a7354); # u64 + &data_word(0x3c77b2a8,0x766a0abb); # u64 + &data_word(0x47edaee6,0x81c2c92e); # u64 + &data_word(0x1482353b,0x92722c85); # u64 + &data_word(0x4cf10364,0xa2bfe8a1); # u64 + &data_word(0xbc423001,0xa81a664b); # u64 + &data_word(0xd0f89791,0xc24b8b70); # u64 + &data_word(0x0654be30,0xc76c51a3); # u64 + &data_word(0xd6ef5218,0xd192e819); # u64 + &data_word(0x5565a910,0xd6990624); # u64 + &data_word(0x5771202a,0xf40e3585); # u64 + &data_word(0x32bbd1b8,0x106aa070); # u64 + &data_word(0xb8d2d0c8,0x19a4c116); # u64 + &data_word(0x5141ab53,0x1e376c08); # u64 + &data_word(0xdf8eeb99,0x2748774c); # u64 + &data_word(0xe19b48a8,0x34b0bcb5); # u64 + &data_word(0xc5c95a63,0x391c0cb3); # u64 + &data_word(0xe3418acb,0x4ed8aa4a); # u64 + &data_word(0x7763e373,0x5b9cca4f); # u64 + &data_word(0xd6b2b8a3,0x682e6ff3); # u64 + &data_word(0x5defb2fc,0x748f82ee); # u64 + &data_word(0x43172f60,0x78a5636f); # u64 + &data_word(0xa1f0ab72,0x84c87814); # u64 + &data_word(0x1a6439ec,0x8cc70208); # u64 + &data_word(0x23631e28,0x90befffa); # u64 + &data_word(0xde82bde9,0xa4506ceb); # u64 + &data_word(0xb2c67915,0xbef9a3f7); # u64 + &data_word(0xe372532b,0xc67178f2); # u64 + &data_word(0xea26619c,0xca273ece); # u64 + &data_word(0x21c0c207,0xd186b8c7); # u64 + &data_word(0xcde0eb1e,0xeada7dd6); # u64 + &data_word(0xee6ed178,0xf57d4f7f); # u64 + &data_word(0x72176fba,0x06f067aa); # u64 + &data_word(0xa2c898a6,0x0a637dc5); # u64 + &data_word(0xbef90dae,0x113f9804); # u64 + &data_word(0x131c471b,0x1b710b35); # u64 + &data_word(0x23047d84,0x28db77f5); # u64 + &data_word(0x40c72493,0x32caab7b); # u64 + &data_word(0x15c9bebc,0x3c9ebe0a); # u64 + &data_word(0x9c100d4c,0x431d67c4); # u64 + &data_word(0xcb3e42b6,0x4cc5d4be); # u64 + &data_word(0xfc657e2a,0x597f299c); # u64 + &data_word(0x3ad6faec,0x5fcb6fab); # u64 + &data_word(0x4a475817,0x6c44198c); # u64 +&function_end_B("sha512_block_data_order"); +&asciz("SHA512 block transform for x86, CRYPTOGAMS by "); + +&asm_finish(); diff --git a/src/lib/libcrypto/sha/asm/sha512-armv4.pl b/src/lib/libcrypto/sha/asm/sha512-armv4.pl new file mode 100644 index 00000000000..a247a00c2b1 --- /dev/null +++ b/src/lib/libcrypto/sha/asm/sha512-armv4.pl @@ -0,0 +1,582 @@ +#!/usr/bin/env perl + +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# SHA512 block procedure for ARMv4. September 2007. + +# This code is ~4.5 (four and a half) times faster than code generated +# by gcc 3.4 and it spends ~72 clock cycles per byte [on single-issue +# Xscale PXA250 core]. +# +# July 2010. +# +# Rescheduling for dual-issue pipeline resulted in 6% improvement on +# Cortex A8 core and ~40 cycles per processed byte. + +# February 2011. +# +# Profiler-assisted and platform-specific optimization resulted in 7% +# improvement on Coxtex A8 core and ~38 cycles per byte. + +# March 2011. +# +# Add NEON implementation. On Cortex A8 it was measured to process +# one byte in 25.5 cycles or 47% faster than integer-only code. + +# Byte order [in]dependence. ========================================= +# +# Originally caller was expected to maintain specific *dword* order in +# h[0-7], namely with most significant dword at *lower* address, which +# was reflected in below two parameters as 0 and 4. Now caller is +# expected to maintain native byte order for whole 64-bit values. +$hi="HI"; +$lo="LO"; +# ==================================================================== + +while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} +open STDOUT,">$output"; + +$ctx="r0"; # parameter block +$inp="r1"; +$len="r2"; + +$Tlo="r3"; +$Thi="r4"; +$Alo="r5"; +$Ahi="r6"; +$Elo="r7"; +$Ehi="r8"; +$t0="r9"; +$t1="r10"; +$t2="r11"; +$t3="r12"; +############ r13 is stack pointer +$Ktbl="r14"; +############ r15 is program counter + +$Aoff=8*0; +$Boff=8*1; +$Coff=8*2; +$Doff=8*3; +$Eoff=8*4; +$Foff=8*5; +$Goff=8*6; +$Hoff=8*7; +$Xoff=8*8; + +sub BODY_00_15() { +my $magic = shift; +$code.=<<___; + @ Sigma1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41)) + @ LO lo>>14^hi<<18 ^ lo>>18^hi<<14 ^ hi>>9^lo<<23 + @ HI hi>>14^lo<<18 ^ hi>>18^lo<<14 ^ lo>>9^hi<<23 + mov $t0,$Elo,lsr#14 + str $Tlo,[sp,#$Xoff+0] + mov $t1,$Ehi,lsr#14 + str $Thi,[sp,#$Xoff+4] + eor $t0,$t0,$Ehi,lsl#18 + ldr $t2,[sp,#$Hoff+0] @ h.lo + eor $t1,$t1,$Elo,lsl#18 + ldr $t3,[sp,#$Hoff+4] @ h.hi + eor $t0,$t0,$Elo,lsr#18 + eor $t1,$t1,$Ehi,lsr#18 + eor $t0,$t0,$Ehi,lsl#14 + eor $t1,$t1,$Elo,lsl#14 + eor $t0,$t0,$Ehi,lsr#9 + eor $t1,$t1,$Elo,lsr#9 + eor $t0,$t0,$Elo,lsl#23 + eor $t1,$t1,$Ehi,lsl#23 @ Sigma1(e) + adds $Tlo,$Tlo,$t0 + ldr $t0,[sp,#$Foff+0] @ f.lo + adc $Thi,$Thi,$t1 @ T += Sigma1(e) + ldr $t1,[sp,#$Foff+4] @ f.hi + adds $Tlo,$Tlo,$t2 + ldr $t2,[sp,#$Goff+0] @ g.lo + adc $Thi,$Thi,$t3 @ T += h + ldr $t3,[sp,#$Goff+4] @ g.hi + + eor $t0,$t0,$t2 + str $Elo,[sp,#$Eoff+0] + eor $t1,$t1,$t3 + str $Ehi,[sp,#$Eoff+4] + and $t0,$t0,$Elo + str $Alo,[sp,#$Aoff+0] + and $t1,$t1,$Ehi + str $Ahi,[sp,#$Aoff+4] + eor $t0,$t0,$t2 + ldr $t2,[$Ktbl,#$lo] @ K[i].lo + eor $t1,$t1,$t3 @ Ch(e,f,g) + ldr $t3,[$Ktbl,#$hi] @ K[i].hi + + adds $Tlo,$Tlo,$t0 + ldr $Elo,[sp,#$Doff+0] @ d.lo + adc $Thi,$Thi,$t1 @ T += Ch(e,f,g) + ldr $Ehi,[sp,#$Doff+4] @ d.hi + adds $Tlo,$Tlo,$t2 + and $t0,$t2,#0xff + adc $Thi,$Thi,$t3 @ T += K[i] + adds $Elo,$Elo,$Tlo + ldr $t2,[sp,#$Boff+0] @ b.lo + adc $Ehi,$Ehi,$Thi @ d += T + teq $t0,#$magic + + ldr $t3,[sp,#$Coff+0] @ c.lo + orreq $Ktbl,$Ktbl,#1 + @ Sigma0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39)) + @ LO lo>>28^hi<<4 ^ hi>>2^lo<<30 ^ hi>>7^lo<<25 + @ HI hi>>28^lo<<4 ^ lo>>2^hi<<30 ^ lo>>7^hi<<25 + mov $t0,$Alo,lsr#28 + mov $t1,$Ahi,lsr#28 + eor $t0,$t0,$Ahi,lsl#4 + eor $t1,$t1,$Alo,lsl#4 + eor $t0,$t0,$Ahi,lsr#2 + eor $t1,$t1,$Alo,lsr#2 + eor $t0,$t0,$Alo,lsl#30 + eor $t1,$t1,$Ahi,lsl#30 + eor $t0,$t0,$Ahi,lsr#7 + eor $t1,$t1,$Alo,lsr#7 + eor $t0,$t0,$Alo,lsl#25 + eor $t1,$t1,$Ahi,lsl#25 @ Sigma0(a) + adds $Tlo,$Tlo,$t0 + and $t0,$Alo,$t2 + adc $Thi,$Thi,$t1 @ T += Sigma0(a) + + ldr $t1,[sp,#$Boff+4] @ b.hi + orr $Alo,$Alo,$t2 + ldr $t2,[sp,#$Coff+4] @ c.hi + and $Alo,$Alo,$t3 + and $t3,$Ahi,$t1 + orr $Ahi,$Ahi,$t1 + orr $Alo,$Alo,$t0 @ Maj(a,b,c).lo + and $Ahi,$Ahi,$t2 + adds $Alo,$Alo,$Tlo + orr $Ahi,$Ahi,$t3 @ Maj(a,b,c).hi + sub sp,sp,#8 + adc $Ahi,$Ahi,$Thi @ h += T + tst $Ktbl,#1 + add $Ktbl,$Ktbl,#8 +___ +} +$code=<<___; +#include "arm_arch.h" +#ifdef __ARMEL__ +# define LO 0 +# define HI 4 +# define WORD64(hi0,lo0,hi1,lo1) .word lo0,hi0, lo1,hi1 +#else +# define HI 0 +# define LO 4 +# define WORD64(hi0,lo0,hi1,lo1) .word hi0,lo0, hi1,lo1 +#endif + +.text +.code 32 +.type K512,%object +.align 5 +K512: +WORD64(0x428a2f98,0xd728ae22, 0x71374491,0x23ef65cd) +WORD64(0xb5c0fbcf,0xec4d3b2f, 0xe9b5dba5,0x8189dbbc) +WORD64(0x3956c25b,0xf348b538, 0x59f111f1,0xb605d019) +WORD64(0x923f82a4,0xaf194f9b, 0xab1c5ed5,0xda6d8118) +WORD64(0xd807aa98,0xa3030242, 0x12835b01,0x45706fbe) +WORD64(0x243185be,0x4ee4b28c, 0x550c7dc3,0xd5ffb4e2) +WORD64(0x72be5d74,0xf27b896f, 0x80deb1fe,0x3b1696b1) +WORD64(0x9bdc06a7,0x25c71235, 0xc19bf174,0xcf692694) +WORD64(0xe49b69c1,0x9ef14ad2, 0xefbe4786,0x384f25e3) +WORD64(0x0fc19dc6,0x8b8cd5b5, 0x240ca1cc,0x77ac9c65) +WORD64(0x2de92c6f,0x592b0275, 0x4a7484aa,0x6ea6e483) +WORD64(0x5cb0a9dc,0xbd41fbd4, 0x76f988da,0x831153b5) +WORD64(0x983e5152,0xee66dfab, 0xa831c66d,0x2db43210) +WORD64(0xb00327c8,0x98fb213f, 0xbf597fc7,0xbeef0ee4) +WORD64(0xc6e00bf3,0x3da88fc2, 0xd5a79147,0x930aa725) +WORD64(0x06ca6351,0xe003826f, 0x14292967,0x0a0e6e70) +WORD64(0x27b70a85,0x46d22ffc, 0x2e1b2138,0x5c26c926) +WORD64(0x4d2c6dfc,0x5ac42aed, 0x53380d13,0x9d95b3df) +WORD64(0x650a7354,0x8baf63de, 0x766a0abb,0x3c77b2a8) +WORD64(0x81c2c92e,0x47edaee6, 0x92722c85,0x1482353b) +WORD64(0xa2bfe8a1,0x4cf10364, 0xa81a664b,0xbc423001) +WORD64(0xc24b8b70,0xd0f89791, 0xc76c51a3,0x0654be30) +WORD64(0xd192e819,0xd6ef5218, 0xd6990624,0x5565a910) +WORD64(0xf40e3585,0x5771202a, 0x106aa070,0x32bbd1b8) +WORD64(0x19a4c116,0xb8d2d0c8, 0x1e376c08,0x5141ab53) +WORD64(0x2748774c,0xdf8eeb99, 0x34b0bcb5,0xe19b48a8) +WORD64(0x391c0cb3,0xc5c95a63, 0x4ed8aa4a,0xe3418acb) +WORD64(0x5b9cca4f,0x7763e373, 0x682e6ff3,0xd6b2b8a3) +WORD64(0x748f82ee,0x5defb2fc, 0x78a5636f,0x43172f60) +WORD64(0x84c87814,0xa1f0ab72, 0x8cc70208,0x1a6439ec) +WORD64(0x90befffa,0x23631e28, 0xa4506ceb,0xde82bde9) +WORD64(0xbef9a3f7,0xb2c67915, 0xc67178f2,0xe372532b) +WORD64(0xca273ece,0xea26619c, 0xd186b8c7,0x21c0c207) +WORD64(0xeada7dd6,0xcde0eb1e, 0xf57d4f7f,0xee6ed178) +WORD64(0x06f067aa,0x72176fba, 0x0a637dc5,0xa2c898a6) +WORD64(0x113f9804,0xbef90dae, 0x1b710b35,0x131c471b) +WORD64(0x28db77f5,0x23047d84, 0x32caab7b,0x40c72493) +WORD64(0x3c9ebe0a,0x15c9bebc, 0x431d67c4,0x9c100d4c) +WORD64(0x4cc5d4be,0xcb3e42b6, 0x597f299c,0xfc657e2a) +WORD64(0x5fcb6fab,0x3ad6faec, 0x6c44198c,0x4a475817) +.size K512,.-K512 +.LOPENSSL_armcap: +.word OPENSSL_armcap_P-sha512_block_data_order +.skip 32-4 + +.global sha512_block_data_order +.type sha512_block_data_order,%function +sha512_block_data_order: + sub r3,pc,#8 @ sha512_block_data_order + add $len,$inp,$len,lsl#7 @ len to point at the end of inp +#if __ARM_ARCH__>=7 && !defined(__STRICT_ALIGNMENT) + ldr r12,.LOPENSSL_armcap + ldr r12,[r3,r12] @ OPENSSL_armcap_P + tst r12,#1 + bne .LNEON +#endif + stmdb sp!,{r4-r12,lr} + sub $Ktbl,r3,#672 @ K512 + sub sp,sp,#9*8 + + ldr $Elo,[$ctx,#$Eoff+$lo] + ldr $Ehi,[$ctx,#$Eoff+$hi] + ldr $t0, [$ctx,#$Goff+$lo] + ldr $t1, [$ctx,#$Goff+$hi] + ldr $t2, [$ctx,#$Hoff+$lo] + ldr $t3, [$ctx,#$Hoff+$hi] +.Loop: + str $t0, [sp,#$Goff+0] + str $t1, [sp,#$Goff+4] + str $t2, [sp,#$Hoff+0] + str $t3, [sp,#$Hoff+4] + ldr $Alo,[$ctx,#$Aoff+$lo] + ldr $Ahi,[$ctx,#$Aoff+$hi] + ldr $Tlo,[$ctx,#$Boff+$lo] + ldr $Thi,[$ctx,#$Boff+$hi] + ldr $t0, [$ctx,#$Coff+$lo] + ldr $t1, [$ctx,#$Coff+$hi] + ldr $t2, [$ctx,#$Doff+$lo] + ldr $t3, [$ctx,#$Doff+$hi] + str $Tlo,[sp,#$Boff+0] + str $Thi,[sp,#$Boff+4] + str $t0, [sp,#$Coff+0] + str $t1, [sp,#$Coff+4] + str $t2, [sp,#$Doff+0] + str $t3, [sp,#$Doff+4] + ldr $Tlo,[$ctx,#$Foff+$lo] + ldr $Thi,[$ctx,#$Foff+$hi] + str $Tlo,[sp,#$Foff+0] + str $Thi,[sp,#$Foff+4] + +.L00_15: +#if __ARM_ARCH__<7 || defined(__STRICT_ALIGNMENT) + ldrb $Tlo,[$inp,#7] + ldrb $t0, [$inp,#6] + ldrb $t1, [$inp,#5] + ldrb $t2, [$inp,#4] + ldrb $Thi,[$inp,#3] + ldrb $t3, [$inp,#2] + orr $Tlo,$Tlo,$t0,lsl#8 + ldrb $t0, [$inp,#1] + orr $Tlo,$Tlo,$t1,lsl#16 + ldrb $t1, [$inp],#8 + orr $Tlo,$Tlo,$t2,lsl#24 + orr $Thi,$Thi,$t3,lsl#8 + orr $Thi,$Thi,$t0,lsl#16 + orr $Thi,$Thi,$t1,lsl#24 +#else + ldr $Tlo,[$inp,#4] + ldr $Thi,[$inp],#8 +#ifdef __ARMEL__ + rev $Tlo,$Tlo + rev $Thi,$Thi +#endif +#endif +___ + &BODY_00_15(0x94); +$code.=<<___; + tst $Ktbl,#1 + beq .L00_15 + ldr $t0,[sp,#`$Xoff+8*(16-1)`+0] + ldr $t1,[sp,#`$Xoff+8*(16-1)`+4] + bic $Ktbl,$Ktbl,#1 +.L16_79: + @ sigma0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7)) + @ LO lo>>1^hi<<31 ^ lo>>8^hi<<24 ^ lo>>7^hi<<25 + @ HI hi>>1^lo<<31 ^ hi>>8^lo<<24 ^ hi>>7 + mov $Tlo,$t0,lsr#1 + ldr $t2,[sp,#`$Xoff+8*(16-14)`+0] + mov $Thi,$t1,lsr#1 + ldr $t3,[sp,#`$Xoff+8*(16-14)`+4] + eor $Tlo,$Tlo,$t1,lsl#31 + eor $Thi,$Thi,$t0,lsl#31 + eor $Tlo,$Tlo,$t0,lsr#8 + eor $Thi,$Thi,$t1,lsr#8 + eor $Tlo,$Tlo,$t1,lsl#24 + eor $Thi,$Thi,$t0,lsl#24 + eor $Tlo,$Tlo,$t0,lsr#7 + eor $Thi,$Thi,$t1,lsr#7 + eor $Tlo,$Tlo,$t1,lsl#25 + + @ sigma1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6)) + @ LO lo>>19^hi<<13 ^ hi>>29^lo<<3 ^ lo>>6^hi<<26 + @ HI hi>>19^lo<<13 ^ lo>>29^hi<<3 ^ hi>>6 + mov $t0,$t2,lsr#19 + mov $t1,$t3,lsr#19 + eor $t0,$t0,$t3,lsl#13 + eor $t1,$t1,$t2,lsl#13 + eor $t0,$t0,$t3,lsr#29 + eor $t1,$t1,$t2,lsr#29 + eor $t0,$t0,$t2,lsl#3 + eor $t1,$t1,$t3,lsl#3 + eor $t0,$t0,$t2,lsr#6 + eor $t1,$t1,$t3,lsr#6 + ldr $t2,[sp,#`$Xoff+8*(16-9)`+0] + eor $t0,$t0,$t3,lsl#26 + + ldr $t3,[sp,#`$Xoff+8*(16-9)`+4] + adds $Tlo,$Tlo,$t0 + ldr $t0,[sp,#`$Xoff+8*16`+0] + adc $Thi,$Thi,$t1 + + ldr $t1,[sp,#`$Xoff+8*16`+4] + adds $Tlo,$Tlo,$t2 + adc $Thi,$Thi,$t3 + adds $Tlo,$Tlo,$t0 + adc $Thi,$Thi,$t1 +___ + &BODY_00_15(0x17); +$code.=<<___; + ldreq $t0,[sp,#`$Xoff+8*(16-1)`+0] + ldreq $t1,[sp,#`$Xoff+8*(16-1)`+4] + beq .L16_79 + bic $Ktbl,$Ktbl,#1 + + ldr $Tlo,[sp,#$Boff+0] + ldr $Thi,[sp,#$Boff+4] + ldr $t0, [$ctx,#$Aoff+$lo] + ldr $t1, [$ctx,#$Aoff+$hi] + ldr $t2, [$ctx,#$Boff+$lo] + ldr $t3, [$ctx,#$Boff+$hi] + adds $t0,$Alo,$t0 + str $t0, [$ctx,#$Aoff+$lo] + adc $t1,$Ahi,$t1 + str $t1, [$ctx,#$Aoff+$hi] + adds $t2,$Tlo,$t2 + str $t2, [$ctx,#$Boff+$lo] + adc $t3,$Thi,$t3 + str $t3, [$ctx,#$Boff+$hi] + + ldr $Alo,[sp,#$Coff+0] + ldr $Ahi,[sp,#$Coff+4] + ldr $Tlo,[sp,#$Doff+0] + ldr $Thi,[sp,#$Doff+4] + ldr $t0, [$ctx,#$Coff+$lo] + ldr $t1, [$ctx,#$Coff+$hi] + ldr $t2, [$ctx,#$Doff+$lo] + ldr $t3, [$ctx,#$Doff+$hi] + adds $t0,$Alo,$t0 + str $t0, [$ctx,#$Coff+$lo] + adc $t1,$Ahi,$t1 + str $t1, [$ctx,#$Coff+$hi] + adds $t2,$Tlo,$t2 + str $t2, [$ctx,#$Doff+$lo] + adc $t3,$Thi,$t3 + str $t3, [$ctx,#$Doff+$hi] + + ldr $Tlo,[sp,#$Foff+0] + ldr $Thi,[sp,#$Foff+4] + ldr $t0, [$ctx,#$Eoff+$lo] + ldr $t1, [$ctx,#$Eoff+$hi] + ldr $t2, [$ctx,#$Foff+$lo] + ldr $t3, [$ctx,#$Foff+$hi] + adds $Elo,$Elo,$t0 + str $Elo,[$ctx,#$Eoff+$lo] + adc $Ehi,$Ehi,$t1 + str $Ehi,[$ctx,#$Eoff+$hi] + adds $t2,$Tlo,$t2 + str $t2, [$ctx,#$Foff+$lo] + adc $t3,$Thi,$t3 + str $t3, [$ctx,#$Foff+$hi] + + ldr $Alo,[sp,#$Goff+0] + ldr $Ahi,[sp,#$Goff+4] + ldr $Tlo,[sp,#$Hoff+0] + ldr $Thi,[sp,#$Hoff+4] + ldr $t0, [$ctx,#$Goff+$lo] + ldr $t1, [$ctx,#$Goff+$hi] + ldr $t2, [$ctx,#$Hoff+$lo] + ldr $t3, [$ctx,#$Hoff+$hi] + adds $t0,$Alo,$t0 + str $t0, [$ctx,#$Goff+$lo] + adc $t1,$Ahi,$t1 + str $t1, [$ctx,#$Goff+$hi] + adds $t2,$Tlo,$t2 + str $t2, [$ctx,#$Hoff+$lo] + adc $t3,$Thi,$t3 + str $t3, [$ctx,#$Hoff+$hi] + + add sp,sp,#640 + sub $Ktbl,$Ktbl,#640 + + teq $inp,$len + bne .Loop + + add sp,sp,#8*9 @ destroy frame +#if __ARM_ARCH__>=5 + ldmia sp!,{r4-r12,pc} +#else + ldmia sp!,{r4-r12,lr} + tst lr,#1 + moveq pc,lr @ be binary compatible with V4, yet + bx lr @ interoperable with Thumb ISA:-) +#endif +___ + +{ +my @Sigma0=(28,34,39); +my @Sigma1=(14,18,41); +my @sigma0=(1, 8, 7); +my @sigma1=(19,61,6); + +my $Ktbl="r3"; +my $cnt="r12"; # volatile register known as ip, intra-procedure-call scratch + +my @X=map("d$_",(0..15)); +my @V=($A,$B,$C,$D,$E,$F,$G,$H)=map("d$_",(16..23)); + +sub NEON_00_15() { +my $i=shift; +my ($a,$b,$c,$d,$e,$f,$g,$h)=@_; +my ($t0,$t1,$t2,$T1,$K,$Ch,$Maj)=map("d$_",(24..31)); # temps + +$code.=<<___ if ($i<16 || $i&1); + vshr.u64 $t0,$e,#@Sigma1[0] @ $i +#if $i<16 + vld1.64 {@X[$i%16]},[$inp]! @ handles unaligned +#endif + vshr.u64 $t1,$e,#@Sigma1[1] + vshr.u64 $t2,$e,#@Sigma1[2] +___ +$code.=<<___; + vld1.64 {$K},[$Ktbl,:64]! @ K[i++] + vsli.64 $t0,$e,#`64-@Sigma1[0]` + vsli.64 $t1,$e,#`64-@Sigma1[1]` + vsli.64 $t2,$e,#`64-@Sigma1[2]` +#if $i<16 && defined(__ARMEL__) + vrev64.8 @X[$i],@X[$i] +#endif + vadd.i64 $T1,$K,$h + veor $Ch,$f,$g + veor $t0,$t1 + vand $Ch,$e + veor $t0,$t2 @ Sigma1(e) + veor $Ch,$g @ Ch(e,f,g) + vadd.i64 $T1,$t0 + vshr.u64 $t0,$a,#@Sigma0[0] + vadd.i64 $T1,$Ch + vshr.u64 $t1,$a,#@Sigma0[1] + vshr.u64 $t2,$a,#@Sigma0[2] + vsli.64 $t0,$a,#`64-@Sigma0[0]` + vsli.64 $t1,$a,#`64-@Sigma0[1]` + vsli.64 $t2,$a,#`64-@Sigma0[2]` + vadd.i64 $T1,@X[$i%16] + vorr $Maj,$a,$c + vand $Ch,$a,$c + veor $h,$t0,$t1 + vand $Maj,$b + veor $h,$t2 @ Sigma0(a) + vorr $Maj,$Ch @ Maj(a,b,c) + vadd.i64 $h,$T1 + vadd.i64 $d,$T1 + vadd.i64 $h,$Maj +___ +} + +sub NEON_16_79() { +my $i=shift; + +if ($i&1) { &NEON_00_15($i,@_); return; } + +# 2x-vectorized, therefore runs every 2nd round +my @X=map("q$_",(0..7)); # view @X as 128-bit vector +my ($t0,$t1,$s0,$s1) = map("q$_",(12..15)); # temps +my ($d0,$d1,$d2) = map("d$_",(24..26)); # temps from NEON_00_15 +my $e=@_[4]; # $e from NEON_00_15 +$i /= 2; +$code.=<<___; + vshr.u64 $t0,@X[($i+7)%8],#@sigma1[0] + vshr.u64 $t1,@X[($i+7)%8],#@sigma1[1] + vshr.u64 $s1,@X[($i+7)%8],#@sigma1[2] + vsli.64 $t0,@X[($i+7)%8],#`64-@sigma1[0]` + vext.8 $s0,@X[$i%8],@X[($i+1)%8],#8 @ X[i+1] + vsli.64 $t1,@X[($i+7)%8],#`64-@sigma1[1]` + veor $s1,$t0 + vshr.u64 $t0,$s0,#@sigma0[0] + veor $s1,$t1 @ sigma1(X[i+14]) + vshr.u64 $t1,$s0,#@sigma0[1] + vadd.i64 @X[$i%8],$s1 + vshr.u64 $s1,$s0,#@sigma0[2] + vsli.64 $t0,$s0,#`64-@sigma0[0]` + vsli.64 $t1,$s0,#`64-@sigma0[1]` + vext.8 $s0,@X[($i+4)%8],@X[($i+5)%8],#8 @ X[i+9] + veor $s1,$t0 + vshr.u64 $d0,$e,#@Sigma1[0] @ from NEON_00_15 + vadd.i64 @X[$i%8],$s0 + vshr.u64 $d1,$e,#@Sigma1[1] @ from NEON_00_15 + veor $s1,$t1 @ sigma0(X[i+1]) + vshr.u64 $d2,$e,#@Sigma1[2] @ from NEON_00_15 + vadd.i64 @X[$i%8],$s1 +___ + &NEON_00_15(2*$i,@_); +} + +$code.=<<___; +#if __ARM_ARCH__>=7 && !defined(__STRICT_ALIGNMENT) +.fpu neon + +.align 4 +.LNEON: + dmb @ errata #451034 on early Cortex A8 + vstmdb sp!,{d8-d15} @ ABI specification says so + sub $Ktbl,r3,#672 @ K512 + vldmia $ctx,{$A-$H} @ load context +.Loop_neon: +___ +for($i=0;$i<16;$i++) { &NEON_00_15($i,@V); unshift(@V,pop(@V)); } +$code.=<<___; + mov $cnt,#4 +.L16_79_neon: + subs $cnt,#1 +___ +for(;$i<32;$i++) { &NEON_16_79($i,@V); unshift(@V,pop(@V)); } +$code.=<<___; + bne .L16_79_neon + + vldmia $ctx,{d24-d31} @ load context to temp + vadd.i64 q8,q12 @ vectorized accumulate + vadd.i64 q9,q13 + vadd.i64 q10,q14 + vadd.i64 q11,q15 + vstmia $ctx,{$A-$H} @ save context + teq $inp,$len + sub $Ktbl,#640 @ rewind K512 + bne .Loop_neon + + vldmia sp!,{d8-d15} @ epilogue + bx lr +#endif +___ +} +$code.=<<___; +.size sha512_block_data_order,.-sha512_block_data_order +.asciz "SHA512 block transform for ARMv4/NEON, CRYPTOGAMS by " +.align 2 +.comm OPENSSL_armcap_P,4,4 +___ + +$code =~ s/\`([^\`]*)\`/eval $1/gem; +$code =~ s/\bbx\s+lr\b/.word\t0xe12fff1e/gm; # make it possible to compile with -march=armv4 +print $code; +close STDOUT; # enforce flush diff --git a/src/lib/libcrypto/sha/asm/sha512-mips.pl b/src/lib/libcrypto/sha/asm/sha512-mips.pl new file mode 100644 index 00000000000..495a000695a --- /dev/null +++ b/src/lib/libcrypto/sha/asm/sha512-mips.pl @@ -0,0 +1,457 @@ +#!/usr/bin/env perl + +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# SHA2 block procedures for MIPS. + +# October 2010. +# +# SHA256 performance improvement on MIPS R5000 CPU is ~27% over gcc- +# generated code in o32 build and ~55% in n32/64 build. SHA512 [which +# for now can only be compiled for MIPS64 ISA] improvement is modest +# ~17%, but it comes for free, because it's same instruction sequence. +# Improvement coefficients are for aligned input. + +###################################################################### +# There is a number of MIPS ABI in use, O32 and N32/64 are most +# widely used. Then there is a new contender: NUBI. It appears that if +# one picks the latter, it's possible to arrange code in ABI neutral +# manner. Therefore let's stick to NUBI register layout: +# +($zero,$at,$t0,$t1,$t2)=map("\$$_",(0..2,24,25)); +($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$$_",(4..11)); +($s0,$s1,$s2,$s3,$s4,$s5,$s6,$s7,$s8,$s9,$s10,$s11)=map("\$$_",(12..23)); +($gp,$tp,$sp,$fp,$ra)=map("\$$_",(3,28..31)); +# +# The return value is placed in $a0. Following coding rules facilitate +# interoperability: +# +# - never ever touch $tp, "thread pointer", former $gp [o32 can be +# excluded from the rule, because it's specified volatile]; +# - copy return value to $t0, former $v0 [or to $a0 if you're adapting +# old code]; +# - on O32 populate $a4-$a7 with 'lw $aN,4*N($sp)' if necessary; +# +# For reference here is register layout for N32/64 MIPS ABIs: +# +# ($zero,$at,$v0,$v1)=map("\$$_",(0..3)); +# ($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$$_",(4..11)); +# ($t0,$t1,$t2,$t3,$t8,$t9)=map("\$$_",(12..15,24,25)); +# ($s0,$s1,$s2,$s3,$s4,$s5,$s6,$s7)=map("\$$_",(16..23)); +# ($gp,$sp,$fp,$ra)=map("\$$_",(28..31)); +# +$flavour = shift; # supported flavours are o32,n32,64,nubi32,nubi64 + +if ($flavour =~ /64/i) { + $LA="dla"; +} else { + $LA="la"; +} + +if ($flavour =~ /64|n32/i) { + $PTR_ADD="dadd"; # incidentally works even on n32 + $PTR_SUB="dsub"; # incidentally works even on n32 + $REG_S="sd"; + $REG_L="ld"; + $PTR_SLL="dsll"; # incidentally works even on n32 + $SZREG=8; +} else { + $PTR_ADD="add"; + $PTR_SUB="sub"; + $REG_S="sw"; + $REG_L="lw"; + $PTR_SLL="sll"; + $SZREG=4; +} +$pf = ($flavour =~ /nubi/i) ? $t0 : $t2; +# +# +# +###################################################################### + +$big_endian=(`echo MIPSEL | $ENV{CC} -E -P -`=~/MIPSEL/)?1:0; + +for (@ARGV) { $output=$_ if (/^\w[\w\-]*\.\w+$/); } +open STDOUT,">$output"; + +if (!defined($big_endian)) { $big_endian=(unpack('L',pack('N',1))==1); } + +if ($output =~ /512/) { + $label="512"; + $SZ=8; + $LD="ld"; # load from memory + $ST="sd"; # store to memory + $SLL="dsll"; # shift left logical + $SRL="dsrl"; # shift right logical + $ADDU="daddu"; + @Sigma0=(28,34,39); + @Sigma1=(14,18,41); + @sigma0=( 7, 1, 8); # right shift first + @sigma1=( 6,19,61); # right shift first + $lastK=0x817; + $rounds=80; +} else { + $label="256"; + $SZ=4; + $LD="lw"; # load from memory + $ST="sw"; # store to memory + $SLL="sll"; # shift left logical + $SRL="srl"; # shift right logical + $ADDU="addu"; + @Sigma0=( 2,13,22); + @Sigma1=( 6,11,25); + @sigma0=( 3, 7,18); # right shift first + @sigma1=(10,17,19); # right shift first + $lastK=0x8f2; + $rounds=64; +} + +$MSB = $big_endian ? 0 : ($SZ-1); +$LSB = ($SZ-1)&~$MSB; + +@V=($A,$B,$C,$D,$E,$F,$G,$H)=map("\$$_",(1,2,3,7,24,25,30,31)); +@X=map("\$$_",(8..23)); + +$ctx=$a0; +$inp=$a1; +$len=$a2; $Ktbl=$len; + +sub BODY_00_15 { +my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_; +my ($T1,$tmp0,$tmp1,$tmp2)=(@X[4],@X[5],@X[6],@X[7]); + +$code.=<<___ if ($i<15); + ${LD}l @X[1],`($i+1)*$SZ+$MSB`($inp) + ${LD}r @X[1],`($i+1)*$SZ+$LSB`($inp) +___ +$code.=<<___ if (!$big_endian && $i<16 && $SZ==4); + srl $tmp0,@X[0],24 # byte swap($i) + srl $tmp1,@X[0],8 + andi $tmp2,@X[0],0xFF00 + sll @X[0],@X[0],24 + andi $tmp1,0xFF00 + sll $tmp2,$tmp2,8 + or @X[0],$tmp0 + or $tmp1,$tmp2 + or @X[0],$tmp1 +___ +$code.=<<___ if (!$big_endian && $i<16 && $SZ==8); + ori $tmp0,$zero,0xFF + dsll $tmp2,$tmp0,32 + or $tmp0,$tmp2 # 0x000000FF000000FF + and $tmp1,@X[0],$tmp0 # byte swap($i) + dsrl $tmp2,@X[0],24 + dsll $tmp1,24 + and $tmp2,$tmp0 + dsll $tmp0,8 # 0x0000FF000000FF00 + or $tmp1,$tmp2 + and $tmp2,@X[0],$tmp0 + dsrl @X[0],8 + dsll $tmp2,8 + and @X[0],$tmp0 + or $tmp1,$tmp2 + or @X[0],$tmp1 + dsrl $tmp1,@X[0],32 + dsll @X[0],32 + or @X[0],$tmp1 +___ +$code.=<<___; + $ADDU $T1,$X[0],$h # $i + $SRL $h,$e,@Sigma1[0] + xor $tmp2,$f,$g + $SLL $tmp1,$e,`$SZ*8-@Sigma1[2]` + and $tmp2,$e + $SRL $tmp0,$e,@Sigma1[1] + xor $h,$tmp1 + $SLL $tmp1,$e,`$SZ*8-@Sigma1[1]` + xor $h,$tmp0 + $SRL $tmp0,$e,@Sigma1[2] + xor $h,$tmp1 + $SLL $tmp1,$e,`$SZ*8-@Sigma1[0]` + xor $h,$tmp0 + xor $tmp2,$g # Ch(e,f,g) + xor $tmp0,$tmp1,$h # Sigma1(e) + + $SRL $h,$a,@Sigma0[0] + $ADDU $T1,$tmp2 + $LD $tmp2,`$i*$SZ`($Ktbl) # K[$i] + $SLL $tmp1,$a,`$SZ*8-@Sigma0[2]` + $ADDU $T1,$tmp0 + $SRL $tmp0,$a,@Sigma0[1] + xor $h,$tmp1 + $SLL $tmp1,$a,`$SZ*8-@Sigma0[1]` + xor $h,$tmp0 + $SRL $tmp0,$a,@Sigma0[2] + xor $h,$tmp1 + $SLL $tmp1,$a,`$SZ*8-@Sigma0[0]` + xor $h,$tmp0 + $ST @X[0],`($i%16)*$SZ`($sp) # offload to ring buffer + xor $h,$tmp1 # Sigma0(a) + + or $tmp0,$a,$b + and $tmp1,$a,$b + and $tmp0,$c + or $tmp1,$tmp0 # Maj(a,b,c) + $ADDU $T1,$tmp2 # +=K[$i] + $ADDU $h,$tmp1 + + $ADDU $d,$T1 + $ADDU $h,$T1 +___ +$code.=<<___ if ($i>=13); + $LD @X[3],`(($i+3)%16)*$SZ`($sp) # prefetch from ring buffer +___ +} + +sub BODY_16_XX { +my $i=@_[0]; +my ($tmp0,$tmp1,$tmp2,$tmp3)=(@X[4],@X[5],@X[6],@X[7]); + +$code.=<<___; + $SRL $tmp2,@X[1],@sigma0[0] # Xupdate($i) + $ADDU @X[0],@X[9] # +=X[i+9] + $SLL $tmp1,@X[1],`$SZ*8-@sigma0[2]` + $SRL $tmp0,@X[1],@sigma0[1] + xor $tmp2,$tmp1 + $SLL $tmp1,`@sigma0[2]-@sigma0[1]` + xor $tmp2,$tmp0 + $SRL $tmp0,@X[1],@sigma0[2] + xor $tmp2,$tmp1 + + $SRL $tmp3,@X[14],@sigma1[0] + xor $tmp2,$tmp0 # sigma0(X[i+1]) + $SLL $tmp1,@X[14],`$SZ*8-@sigma1[2]` + $ADDU @X[0],$tmp2 + $SRL $tmp0,@X[14],@sigma1[1] + xor $tmp3,$tmp1 + $SLL $tmp1,`@sigma1[2]-@sigma1[1]` + xor $tmp3,$tmp0 + $SRL $tmp0,@X[14],@sigma1[2] + xor $tmp3,$tmp1 + + xor $tmp3,$tmp0 # sigma1(X[i+14]) + $ADDU @X[0],$tmp3 +___ + &BODY_00_15(@_); +} + +$FRAMESIZE=16*$SZ+16*$SZREG; +$SAVED_REGS_MASK = ($flavour =~ /nubi/i) ? 0xc0fff008 : 0xc0ff0000; + +$code.=<<___; +.text +.set noat +#if !defined(__vxworks) || defined(__pic__) +.option pic2 +#endif + +.align 5 +.globl sha${label}_block_data_order +.ent sha${label}_block_data_order +sha${label}_block_data_order: + .frame $sp,$FRAMESIZE,$ra + .mask $SAVED_REGS_MASK,-$SZREG + .set noreorder +___ +$code.=<<___ if ($flavour =~ /o32/i); # o32 PIC-ification + .cpload $pf +___ +$code.=<<___; + $PTR_SUB $sp,$FRAMESIZE + $REG_S $ra,$FRAMESIZE-1*$SZREG($sp) + $REG_S $fp,$FRAMESIZE-2*$SZREG($sp) + $REG_S $s11,$FRAMESIZE-3*$SZREG($sp) + $REG_S $s10,$FRAMESIZE-4*$SZREG($sp) + $REG_S $s9,$FRAMESIZE-5*$SZREG($sp) + $REG_S $s8,$FRAMESIZE-6*$SZREG($sp) + $REG_S $s7,$FRAMESIZE-7*$SZREG($sp) + $REG_S $s6,$FRAMESIZE-8*$SZREG($sp) + $REG_S $s5,$FRAMESIZE-9*$SZREG($sp) + $REG_S $s4,$FRAMESIZE-10*$SZREG($sp) +___ +$code.=<<___ if ($flavour =~ /nubi/i); # optimize non-nubi prologue + $REG_S $s3,$FRAMESIZE-11*$SZREG($sp) + $REG_S $s2,$FRAMESIZE-12*$SZREG($sp) + $REG_S $s1,$FRAMESIZE-13*$SZREG($sp) + $REG_S $s0,$FRAMESIZE-14*$SZREG($sp) + $REG_S $gp,$FRAMESIZE-15*$SZREG($sp) +___ +$code.=<<___; + $PTR_SLL @X[15],$len,`log(16*$SZ)/log(2)` +___ +$code.=<<___ if ($flavour !~ /o32/i); # non-o32 PIC-ification + .cplocal $Ktbl + .cpsetup $pf,$zero,sha${label}_block_data_order +___ +$code.=<<___; + .set reorder + $LA $Ktbl,K${label} # PIC-ified 'load address' + + $LD $A,0*$SZ($ctx) # load context + $LD $B,1*$SZ($ctx) + $LD $C,2*$SZ($ctx) + $LD $D,3*$SZ($ctx) + $LD $E,4*$SZ($ctx) + $LD $F,5*$SZ($ctx) + $LD $G,6*$SZ($ctx) + $LD $H,7*$SZ($ctx) + + $PTR_ADD @X[15],$inp # pointer to the end of input + $REG_S @X[15],16*$SZ($sp) + b .Loop + +.align 5 +.Loop: + ${LD}l @X[0],$MSB($inp) + ${LD}r @X[0],$LSB($inp) +___ +for ($i=0;$i<16;$i++) +{ &BODY_00_15($i,@V); unshift(@V,pop(@V)); push(@X,shift(@X)); } +$code.=<<___; + b .L16_xx +.align 4 +.L16_xx: +___ +for (;$i<32;$i++) +{ &BODY_16_XX($i,@V); unshift(@V,pop(@V)); push(@X,shift(@X)); } +$code.=<<___; + and @X[6],0xfff + li @X[7],$lastK + .set noreorder + bne @X[6],@X[7],.L16_xx + $PTR_ADD $Ktbl,16*$SZ # Ktbl+=16 + + $REG_L @X[15],16*$SZ($sp) # restore pointer to the end of input + $LD @X[0],0*$SZ($ctx) + $LD @X[1],1*$SZ($ctx) + $LD @X[2],2*$SZ($ctx) + $PTR_ADD $inp,16*$SZ + $LD @X[3],3*$SZ($ctx) + $ADDU $A,@X[0] + $LD @X[4],4*$SZ($ctx) + $ADDU $B,@X[1] + $LD @X[5],5*$SZ($ctx) + $ADDU $C,@X[2] + $LD @X[6],6*$SZ($ctx) + $ADDU $D,@X[3] + $LD @X[7],7*$SZ($ctx) + $ADDU $E,@X[4] + $ST $A,0*$SZ($ctx) + $ADDU $F,@X[5] + $ST $B,1*$SZ($ctx) + $ADDU $G,@X[6] + $ST $C,2*$SZ($ctx) + $ADDU $H,@X[7] + $ST $D,3*$SZ($ctx) + $ST $E,4*$SZ($ctx) + $ST $F,5*$SZ($ctx) + $ST $G,6*$SZ($ctx) + $ST $H,7*$SZ($ctx) + + bne $inp,@X[15],.Loop + $PTR_SUB $Ktbl,`($rounds-16)*$SZ` # rewind $Ktbl + + $REG_L $ra,$FRAMESIZE-1*$SZREG($sp) + $REG_L $fp,$FRAMESIZE-2*$SZREG($sp) + $REG_L $s11,$FRAMESIZE-3*$SZREG($sp) + $REG_L $s10,$FRAMESIZE-4*$SZREG($sp) + $REG_L $s9,$FRAMESIZE-5*$SZREG($sp) + $REG_L $s8,$FRAMESIZE-6*$SZREG($sp) + $REG_L $s7,$FRAMESIZE-7*$SZREG($sp) + $REG_L $s6,$FRAMESIZE-8*$SZREG($sp) + $REG_L $s5,$FRAMESIZE-9*$SZREG($sp) + $REG_L $s4,$FRAMESIZE-10*$SZREG($sp) +___ +$code.=<<___ if ($flavour =~ /nubi/i); + $REG_L $s3,$FRAMESIZE-11*$SZREG($sp) + $REG_L $s2,$FRAMESIZE-12*$SZREG($sp) + $REG_L $s1,$FRAMESIZE-13*$SZREG($sp) + $REG_L $s0,$FRAMESIZE-14*$SZREG($sp) + $REG_L $gp,$FRAMESIZE-15*$SZREG($sp) +___ +$code.=<<___; + jr $ra + $PTR_ADD $sp,$FRAMESIZE +.end sha${label}_block_data_order + +.rdata +.align 5 +K${label}: +___ +if ($SZ==4) { +$code.=<<___; + .word 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5 + .word 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5 + .word 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3 + .word 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174 + .word 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc + .word 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da + .word 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7 + .word 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967 + .word 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13 + .word 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85 + .word 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3 + .word 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070 + .word 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5 + .word 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3 + .word 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208 + .word 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 +___ +} else { +$code.=<<___; + .dword 0x428a2f98d728ae22, 0x7137449123ef65cd + .dword 0xb5c0fbcfec4d3b2f, 0xe9b5dba58189dbbc + .dword 0x3956c25bf348b538, 0x59f111f1b605d019 + .dword 0x923f82a4af194f9b, 0xab1c5ed5da6d8118 + .dword 0xd807aa98a3030242, 0x12835b0145706fbe + .dword 0x243185be4ee4b28c, 0x550c7dc3d5ffb4e2 + .dword 0x72be5d74f27b896f, 0x80deb1fe3b1696b1 + .dword 0x9bdc06a725c71235, 0xc19bf174cf692694 + .dword 0xe49b69c19ef14ad2, 0xefbe4786384f25e3 + .dword 0x0fc19dc68b8cd5b5, 0x240ca1cc77ac9c65 + .dword 0x2de92c6f592b0275, 0x4a7484aa6ea6e483 + .dword 0x5cb0a9dcbd41fbd4, 0x76f988da831153b5 + .dword 0x983e5152ee66dfab, 0xa831c66d2db43210 + .dword 0xb00327c898fb213f, 0xbf597fc7beef0ee4 + .dword 0xc6e00bf33da88fc2, 0xd5a79147930aa725 + .dword 0x06ca6351e003826f, 0x142929670a0e6e70 + .dword 0x27b70a8546d22ffc, 0x2e1b21385c26c926 + .dword 0x4d2c6dfc5ac42aed, 0x53380d139d95b3df + .dword 0x650a73548baf63de, 0x766a0abb3c77b2a8 + .dword 0x81c2c92e47edaee6, 0x92722c851482353b + .dword 0xa2bfe8a14cf10364, 0xa81a664bbc423001 + .dword 0xc24b8b70d0f89791, 0xc76c51a30654be30 + .dword 0xd192e819d6ef5218, 0xd69906245565a910 + .dword 0xf40e35855771202a, 0x106aa07032bbd1b8 + .dword 0x19a4c116b8d2d0c8, 0x1e376c085141ab53 + .dword 0x2748774cdf8eeb99, 0x34b0bcb5e19b48a8 + .dword 0x391c0cb3c5c95a63, 0x4ed8aa4ae3418acb + .dword 0x5b9cca4f7763e373, 0x682e6ff3d6b2b8a3 + .dword 0x748f82ee5defb2fc, 0x78a5636f43172f60 + .dword 0x84c87814a1f0ab72, 0x8cc702081a6439ec + .dword 0x90befffa23631e28, 0xa4506cebde82bde9 + .dword 0xbef9a3f7b2c67915, 0xc67178f2e372532b + .dword 0xca273eceea26619c, 0xd186b8c721c0c207 + .dword 0xeada7dd6cde0eb1e, 0xf57d4f7fee6ed178 + .dword 0x06f067aa72176fba, 0x0a637dc5a2c898a6 + .dword 0x113f9804bef90dae, 0x1b710b35131c471b + .dword 0x28db77f523047d84, 0x32caab7b40c72493 + .dword 0x3c9ebe0a15c9bebc, 0x431d67c49c100d4c + .dword 0x4cc5d4becb3e42b6, 0x597f299cfc657e2a + .dword 0x5fcb6fab3ad6faec, 0x6c44198c4a475817 +___ +} +$code.=<<___; +.asciiz "SHA${label} for MIPS, CRYPTOGAMS by " +.align 5 + +___ + +$code =~ s/\`([^\`]*)\`/eval $1/gem; +print $code; +close STDOUT; diff --git a/src/lib/libcrypto/sha/asm/sha512-parisc.pl b/src/lib/libcrypto/sha/asm/sha512-parisc.pl new file mode 100755 index 00000000000..0704302d2a9 --- /dev/null +++ b/src/lib/libcrypto/sha/asm/sha512-parisc.pl @@ -0,0 +1,805 @@ +#!/usr/bin/env perl + +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# SHA256/512 block procedure for PA-RISC. + +# June 2009. +# +# SHA256 performance is >75% better than gcc 3.2 generated code on +# PA-7100LC. Compared to code generated by vendor compiler this +# implementation is almost 70% faster in 64-bit build, but delivers +# virtually same performance in 32-bit build on PA-8600. +# +# SHA512 performance is >2.9x better than gcc 3.2 generated code on +# PA-7100LC, PA-RISC 1.1 processor. Then implementation detects if the +# code is executed on PA-RISC 2.0 processor and switches to 64-bit +# code path delivering adequate performance even in "blended" 32-bit +# build. Though 64-bit code is not any faster than code generated by +# vendor compiler on PA-8600... +# +# Special thanks to polarhome.com for providing HP-UX account. + +$flavour = shift; +$output = shift; +open STDOUT,">$output"; + +if ($flavour =~ /64/) { + $LEVEL ="2.0W"; + $SIZE_T =8; + $FRAME_MARKER =80; + $SAVED_RP =16; + $PUSH ="std"; + $PUSHMA ="std,ma"; + $POP ="ldd"; + $POPMB ="ldd,mb"; +} else { + $LEVEL ="1.0"; + $SIZE_T =4; + $FRAME_MARKER =48; + $SAVED_RP =20; + $PUSH ="stw"; + $PUSHMA ="stwm"; + $POP ="ldw"; + $POPMB ="ldwm"; +} + +if ($output =~ /512/) { + $func="sha512_block_data_order"; + $SZ=8; + @Sigma0=(28,34,39); + @Sigma1=(14,18,41); + @sigma0=(1, 8, 7); + @sigma1=(19,61, 6); + $rounds=80; + $LAST10BITS=0x017; + $LD="ldd"; + $LDM="ldd,ma"; + $ST="std"; +} else { + $func="sha256_block_data_order"; + $SZ=4; + @Sigma0=( 2,13,22); + @Sigma1=( 6,11,25); + @sigma0=( 7,18, 3); + @sigma1=(17,19,10); + $rounds=64; + $LAST10BITS=0x0f2; + $LD="ldw"; + $LDM="ldwm"; + $ST="stw"; +} + +$FRAME=16*$SIZE_T+$FRAME_MARKER;# 16 saved regs + frame marker + # [+ argument transfer] +$XOFF=16*$SZ+32; # local variables +$FRAME+=$XOFF; +$XOFF+=$FRAME_MARKER; # distance between %sp and local variables + +$ctx="%r26"; # zapped by $a0 +$inp="%r25"; # zapped by $a1 +$num="%r24"; # zapped by $t0 + +$a0 ="%r26"; +$a1 ="%r25"; +$t0 ="%r24"; +$t1 ="%r29"; +$Tbl="%r31"; + +@V=($A,$B,$C,$D,$E,$F,$G,$H)=("%r17","%r18","%r19","%r20","%r21","%r22","%r23","%r28"); + +@X=("%r1", "%r2", "%r3", "%r4", "%r5", "%r6", "%r7", "%r8", + "%r9", "%r10","%r11","%r12","%r13","%r14","%r15","%r16",$inp); + +sub ROUND_00_15 { +my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_; +$code.=<<___; + _ror $e,$Sigma1[0],$a0 + and $f,$e,$t0 + _ror $e,$Sigma1[1],$a1 + addl $t1,$h,$h + andcm $g,$e,$t1 + xor $a1,$a0,$a0 + _ror $a1,`$Sigma1[2]-$Sigma1[1]`,$a1 + or $t0,$t1,$t1 ; Ch(e,f,g) + addl @X[$i%16],$h,$h + xor $a0,$a1,$a1 ; Sigma1(e) + addl $t1,$h,$h + _ror $a,$Sigma0[0],$a0 + addl $a1,$h,$h + + _ror $a,$Sigma0[1],$a1 + and $a,$b,$t0 + and $a,$c,$t1 + xor $a1,$a0,$a0 + _ror $a1,`$Sigma0[2]-$Sigma0[1]`,$a1 + xor $t1,$t0,$t0 + and $b,$c,$t1 + xor $a0,$a1,$a1 ; Sigma0(a) + addl $h,$d,$d + xor $t1,$t0,$t0 ; Maj(a,b,c) + `"$LDM $SZ($Tbl),$t1" if ($i<15)` + addl $a1,$h,$h + addl $t0,$h,$h + +___ +} + +sub ROUND_16_xx { +my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_; +$i-=16; +$code.=<<___; + _ror @X[($i+1)%16],$sigma0[0],$a0 + _ror @X[($i+1)%16],$sigma0[1],$a1 + addl @X[($i+9)%16],@X[$i],@X[$i] + _ror @X[($i+14)%16],$sigma1[0],$t0 + _ror @X[($i+14)%16],$sigma1[1],$t1 + xor $a1,$a0,$a0 + _shr @X[($i+1)%16],$sigma0[2],$a1 + xor $t1,$t0,$t0 + _shr @X[($i+14)%16],$sigma1[2],$t1 + xor $a1,$a0,$a0 ; sigma0(X[(i+1)&0x0f]) + xor $t1,$t0,$t0 ; sigma1(X[(i+14)&0x0f]) + $LDM $SZ($Tbl),$t1 + addl $a0,@X[$i],@X[$i] + addl $t0,@X[$i],@X[$i] +___ +$code.=<<___ if ($i==15); + extru $t1,31,10,$a1 + comiclr,<> $LAST10BITS,$a1,%r0 + ldo 1($Tbl),$Tbl ; signal end of $Tbl +___ +&ROUND_00_15($i+16,$a,$b,$c,$d,$e,$f,$g,$h); +} + +$code=<<___; + .LEVEL $LEVEL +#if 0 + .SPACE \$TEXT\$ + .SUBSPA \$CODE\$,QUAD=0,ALIGN=8,ACCESS=0x2C,CODE_ONLY +#else + .text +#endif + + .ALIGN 64 +L\$table +___ +$code.=<<___ if ($SZ==8); + .WORD 0x428a2f98,0xd728ae22,0x71374491,0x23ef65cd + .WORD 0xb5c0fbcf,0xec4d3b2f,0xe9b5dba5,0x8189dbbc + .WORD 0x3956c25b,0xf348b538,0x59f111f1,0xb605d019 + .WORD 0x923f82a4,0xaf194f9b,0xab1c5ed5,0xda6d8118 + .WORD 0xd807aa98,0xa3030242,0x12835b01,0x45706fbe + .WORD 0x243185be,0x4ee4b28c,0x550c7dc3,0xd5ffb4e2 + .WORD 0x72be5d74,0xf27b896f,0x80deb1fe,0x3b1696b1 + .WORD 0x9bdc06a7,0x25c71235,0xc19bf174,0xcf692694 + .WORD 0xe49b69c1,0x9ef14ad2,0xefbe4786,0x384f25e3 + .WORD 0x0fc19dc6,0x8b8cd5b5,0x240ca1cc,0x77ac9c65 + .WORD 0x2de92c6f,0x592b0275,0x4a7484aa,0x6ea6e483 + .WORD 0x5cb0a9dc,0xbd41fbd4,0x76f988da,0x831153b5 + .WORD 0x983e5152,0xee66dfab,0xa831c66d,0x2db43210 + .WORD 0xb00327c8,0x98fb213f,0xbf597fc7,0xbeef0ee4 + .WORD 0xc6e00bf3,0x3da88fc2,0xd5a79147,0x930aa725 + .WORD 0x06ca6351,0xe003826f,0x14292967,0x0a0e6e70 + .WORD 0x27b70a85,0x46d22ffc,0x2e1b2138,0x5c26c926 + .WORD 0x4d2c6dfc,0x5ac42aed,0x53380d13,0x9d95b3df + .WORD 0x650a7354,0x8baf63de,0x766a0abb,0x3c77b2a8 + .WORD 0x81c2c92e,0x47edaee6,0x92722c85,0x1482353b + .WORD 0xa2bfe8a1,0x4cf10364,0xa81a664b,0xbc423001 + .WORD 0xc24b8b70,0xd0f89791,0xc76c51a3,0x0654be30 + .WORD 0xd192e819,0xd6ef5218,0xd6990624,0x5565a910 + .WORD 0xf40e3585,0x5771202a,0x106aa070,0x32bbd1b8 + .WORD 0x19a4c116,0xb8d2d0c8,0x1e376c08,0x5141ab53 + .WORD 0x2748774c,0xdf8eeb99,0x34b0bcb5,0xe19b48a8 + .WORD 0x391c0cb3,0xc5c95a63,0x4ed8aa4a,0xe3418acb + .WORD 0x5b9cca4f,0x7763e373,0x682e6ff3,0xd6b2b8a3 + .WORD 0x748f82ee,0x5defb2fc,0x78a5636f,0x43172f60 + .WORD 0x84c87814,0xa1f0ab72,0x8cc70208,0x1a6439ec + .WORD 0x90befffa,0x23631e28,0xa4506ceb,0xde82bde9 + .WORD 0xbef9a3f7,0xb2c67915,0xc67178f2,0xe372532b + .WORD 0xca273ece,0xea26619c,0xd186b8c7,0x21c0c207 + .WORD 0xeada7dd6,0xcde0eb1e,0xf57d4f7f,0xee6ed178 + .WORD 0x06f067aa,0x72176fba,0x0a637dc5,0xa2c898a6 + .WORD 0x113f9804,0xbef90dae,0x1b710b35,0x131c471b + .WORD 0x28db77f5,0x23047d84,0x32caab7b,0x40c72493 + .WORD 0x3c9ebe0a,0x15c9bebc,0x431d67c4,0x9c100d4c + .WORD 0x4cc5d4be,0xcb3e42b6,0x597f299c,0xfc657e2a + .WORD 0x5fcb6fab,0x3ad6faec,0x6c44198c,0x4a475817 +___ +$code.=<<___ if ($SZ==4); + .WORD 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5 + .WORD 0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5 + .WORD 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3 + .WORD 0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174 + .WORD 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc + .WORD 0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da + .WORD 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7 + .WORD 0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967 + .WORD 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13 + .WORD 0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85 + .WORD 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3 + .WORD 0xd192e819,0xd6990624,0xf40e3585,0x106aa070 + .WORD 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5 + .WORD 0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3 + .WORD 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208 + .WORD 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2 +___ +$code.=<<___; + + .EXPORT $func,ENTRY,ARGW0=GR,ARGW1=GR,ARGW2=GR + .ALIGN 64 +$func + .PROC + .CALLINFO FRAME=`$FRAME-16*$SIZE_T`,NO_CALLS,SAVE_RP,ENTRY_GR=18 + .ENTRY + $PUSH %r2,-$SAVED_RP(%sp) ; standard prologue + $PUSHMA %r3,$FRAME(%sp) + $PUSH %r4,`-$FRAME+1*$SIZE_T`(%sp) + $PUSH %r5,`-$FRAME+2*$SIZE_T`(%sp) + $PUSH %r6,`-$FRAME+3*$SIZE_T`(%sp) + $PUSH %r7,`-$FRAME+4*$SIZE_T`(%sp) + $PUSH %r8,`-$FRAME+5*$SIZE_T`(%sp) + $PUSH %r9,`-$FRAME+6*$SIZE_T`(%sp) + $PUSH %r10,`-$FRAME+7*$SIZE_T`(%sp) + $PUSH %r11,`-$FRAME+8*$SIZE_T`(%sp) + $PUSH %r12,`-$FRAME+9*$SIZE_T`(%sp) + $PUSH %r13,`-$FRAME+10*$SIZE_T`(%sp) + $PUSH %r14,`-$FRAME+11*$SIZE_T`(%sp) + $PUSH %r15,`-$FRAME+12*$SIZE_T`(%sp) + $PUSH %r16,`-$FRAME+13*$SIZE_T`(%sp) + $PUSH %r17,`-$FRAME+14*$SIZE_T`(%sp) + $PUSH %r18,`-$FRAME+15*$SIZE_T`(%sp) + + _shl $num,`log(16*$SZ)/log(2)`,$num + addl $inp,$num,$num ; $num to point at the end of $inp + + $PUSH $num,`-$FRAME_MARKER-4*$SIZE_T`(%sp) ; save arguments + $PUSH $inp,`-$FRAME_MARKER-3*$SIZE_T`(%sp) + $PUSH $ctx,`-$FRAME_MARKER-2*$SIZE_T`(%sp) + + blr %r0,$Tbl + ldi 3,$t1 +L\$pic + andcm $Tbl,$t1,$Tbl ; wipe privilege level + ldo L\$table-L\$pic($Tbl),$Tbl +___ +$code.=<<___ if ($SZ==8 && $SIZE_T==4); +#ifndef __OpenBSD__ +___ +$code.=<<___ if ($SZ==8 && $SIZE_T==4); + ldi 31,$t1 + mtctl $t1,%cr11 + extrd,u,*= $t1,%sar,1,$t1 ; executes on PA-RISC 1.0 + b L\$parisc1 + nop +___ +$code.=<<___; + $LD `0*$SZ`($ctx),$A ; load context + $LD `1*$SZ`($ctx),$B + $LD `2*$SZ`($ctx),$C + $LD `3*$SZ`($ctx),$D + $LD `4*$SZ`($ctx),$E + $LD `5*$SZ`($ctx),$F + $LD `6*$SZ`($ctx),$G + $LD `7*$SZ`($ctx),$H + + extru $inp,31,`log($SZ)/log(2)`,$t0 + sh3addl $t0,%r0,$t0 + subi `8*$SZ`,$t0,$t0 + mtctl $t0,%cr11 ; load %sar with align factor + +L\$oop + ldi `$SZ-1`,$t0 + $LDM $SZ($Tbl),$t1 + andcm $inp,$t0,$t0 ; align $inp +___ + for ($i=0;$i<15;$i++) { # load input block + $code.="\t$LD `$SZ*$i`($t0),@X[$i]\n"; } +$code.=<<___; + cmpb,*= $inp,$t0,L\$aligned + $LD `$SZ*15`($t0),@X[15] + $LD `$SZ*16`($t0),@X[16] +___ + for ($i=0;$i<16;$i++) { # align data + $code.="\t_align @X[$i],@X[$i+1],@X[$i]\n"; } +$code.=<<___; +L\$aligned + nop ; otherwise /usr/ccs/bin/as is confused by below .WORD +___ + +for($i=0;$i<16;$i++) { &ROUND_00_15($i,@V); unshift(@V,pop(@V)); } +$code.=<<___; +L\$rounds + nop ; otherwise /usr/ccs/bin/as is confused by below .WORD +___ +for(;$i<32;$i++) { &ROUND_16_xx($i,@V); unshift(@V,pop(@V)); } +$code.=<<___; + bb,>= $Tbl,31,L\$rounds ; end of $Tbl signalled? + nop + + $POP `-$FRAME_MARKER-2*$SIZE_T`(%sp),$ctx ; restore arguments + $POP `-$FRAME_MARKER-3*$SIZE_T`(%sp),$inp + $POP `-$FRAME_MARKER-4*$SIZE_T`(%sp),$num + ldo `-$rounds*$SZ-1`($Tbl),$Tbl ; rewind $Tbl + + $LD `0*$SZ`($ctx),@X[0] ; load context + $LD `1*$SZ`($ctx),@X[1] + $LD `2*$SZ`($ctx),@X[2] + $LD `3*$SZ`($ctx),@X[3] + $LD `4*$SZ`($ctx),@X[4] + $LD `5*$SZ`($ctx),@X[5] + addl @X[0],$A,$A + $LD `6*$SZ`($ctx),@X[6] + addl @X[1],$B,$B + $LD `7*$SZ`($ctx),@X[7] + ldo `16*$SZ`($inp),$inp ; advance $inp + + $ST $A,`0*$SZ`($ctx) ; save context + addl @X[2],$C,$C + $ST $B,`1*$SZ`($ctx) + addl @X[3],$D,$D + $ST $C,`2*$SZ`($ctx) + addl @X[4],$E,$E + $ST $D,`3*$SZ`($ctx) + addl @X[5],$F,$F + $ST $E,`4*$SZ`($ctx) + addl @X[6],$G,$G + $ST $F,`5*$SZ`($ctx) + addl @X[7],$H,$H + $ST $G,`6*$SZ`($ctx) + $ST $H,`7*$SZ`($ctx) + + cmpb,*<>,n $inp,$num,L\$oop + $PUSH $inp,`-$FRAME_MARKER-3*$SIZE_T`(%sp) ; save $inp +___ +if ($SZ==8 && $SIZE_T==4) # SHA512 for 32-bit PA-RISC 1.0 +{{ +$code.=<<___; + b L\$done + nop + + .ALIGN 64 +L\$parisc1 +___ +$code.=<<___ if ($SZ==8 && $SIZE_T==4); +#endif +___ + +@V=( $Ahi, $Alo, $Bhi, $Blo, $Chi, $Clo, $Dhi, $Dlo, + $Ehi, $Elo, $Fhi, $Flo, $Ghi, $Glo, $Hhi, $Hlo) = + ( "%r1", "%r2", "%r3", "%r4", "%r5", "%r6", "%r7", "%r8", + "%r9","%r10","%r11","%r12","%r13","%r14","%r15","%r16"); +$a0 ="%r17"; +$a1 ="%r18"; +$a2 ="%r19"; +$a3 ="%r20"; +$t0 ="%r21"; +$t1 ="%r22"; +$t2 ="%r28"; +$t3 ="%r29"; +$Tbl="%r31"; + +@X=("%r23","%r24","%r25","%r26"); # zaps $num,$inp,$ctx + +sub ROUND_00_15_pa1 { +my ($i,$ahi,$alo,$bhi,$blo,$chi,$clo,$dhi,$dlo, + $ehi,$elo,$fhi,$flo,$ghi,$glo,$hhi,$hlo,$flag)=@_; +my ($Xhi,$Xlo,$Xnhi,$Xnlo) = @X; + +$code.=<<___ if (!$flag); + ldw `-$XOFF+8*(($i+1)%16)`(%sp),$Xnhi + ldw `-$XOFF+8*(($i+1)%16)+4`(%sp),$Xnlo ; load X[i+1] +___ +$code.=<<___; + shd $ehi,$elo,$Sigma1[0],$t0 + add $Xlo,$hlo,$hlo + shd $elo,$ehi,$Sigma1[0],$t1 + addc $Xhi,$hhi,$hhi ; h += X[i] + shd $ehi,$elo,$Sigma1[1],$t2 + ldwm 8($Tbl),$Xhi + shd $elo,$ehi,$Sigma1[1],$t3 + ldw -4($Tbl),$Xlo ; load K[i] + xor $t2,$t0,$t0 + xor $t3,$t1,$t1 + and $flo,$elo,$a0 + and $fhi,$ehi,$a1 + shd $ehi,$elo,$Sigma1[2],$t2 + andcm $glo,$elo,$a2 + shd $elo,$ehi,$Sigma1[2],$t3 + andcm $ghi,$ehi,$a3 + xor $t2,$t0,$t0 + xor $t3,$t1,$t1 ; Sigma1(e) + add $Xlo,$hlo,$hlo + xor $a2,$a0,$a0 + addc $Xhi,$hhi,$hhi ; h += K[i] + xor $a3,$a1,$a1 ; Ch(e,f,g) + + add $t0,$hlo,$hlo + shd $ahi,$alo,$Sigma0[0],$t0 + addc $t1,$hhi,$hhi ; h += Sigma1(e) + shd $alo,$ahi,$Sigma0[0],$t1 + add $a0,$hlo,$hlo + shd $ahi,$alo,$Sigma0[1],$t2 + addc $a1,$hhi,$hhi ; h += Ch(e,f,g) + shd $alo,$ahi,$Sigma0[1],$t3 + + xor $t2,$t0,$t0 + xor $t3,$t1,$t1 + shd $ahi,$alo,$Sigma0[2],$t2 + and $alo,$blo,$a0 + shd $alo,$ahi,$Sigma0[2],$t3 + and $ahi,$bhi,$a1 + xor $t2,$t0,$t0 + xor $t3,$t1,$t1 ; Sigma0(a) + + and $alo,$clo,$a2 + and $ahi,$chi,$a3 + xor $a2,$a0,$a0 + add $hlo,$dlo,$dlo + xor $a3,$a1,$a1 + addc $hhi,$dhi,$dhi ; d += h + and $blo,$clo,$a2 + add $t0,$hlo,$hlo + and $bhi,$chi,$a3 + addc $t1,$hhi,$hhi ; h += Sigma0(a) + xor $a2,$a0,$a0 + add $a0,$hlo,$hlo + xor $a3,$a1,$a1 ; Maj(a,b,c) + addc $a1,$hhi,$hhi ; h += Maj(a,b,c) + +___ +$code.=<<___ if ($i==15 && $flag); + extru $Xlo,31,10,$Xlo + comiclr,= $LAST10BITS,$Xlo,%r0 + b L\$rounds_pa1 + nop +___ +push(@X,shift(@X)); push(@X,shift(@X)); +} + +sub ROUND_16_xx_pa1 { +my ($Xhi,$Xlo,$Xnhi,$Xnlo) = @X; +my ($i)=shift; +$i-=16; +$code.=<<___; + ldw `-$XOFF+8*(($i+1)%16)`(%sp),$Xnhi + ldw `-$XOFF+8*(($i+1)%16)+4`(%sp),$Xnlo ; load X[i+1] + ldw `-$XOFF+8*(($i+9)%16)`(%sp),$a1 + ldw `-$XOFF+8*(($i+9)%16)+4`(%sp),$a0 ; load X[i+9] + ldw `-$XOFF+8*(($i+14)%16)`(%sp),$a3 + ldw `-$XOFF+8*(($i+14)%16)+4`(%sp),$a2 ; load X[i+14] + shd $Xnhi,$Xnlo,$sigma0[0],$t0 + shd $Xnlo,$Xnhi,$sigma0[0],$t1 + add $a0,$Xlo,$Xlo + shd $Xnhi,$Xnlo,$sigma0[1],$t2 + addc $a1,$Xhi,$Xhi + shd $Xnlo,$Xnhi,$sigma0[1],$t3 + xor $t2,$t0,$t0 + shd $Xnhi,$Xnlo,$sigma0[2],$t2 + xor $t3,$t1,$t1 + extru $Xnhi,`31-$sigma0[2]`,`32-$sigma0[2]`,$t3 + xor $t2,$t0,$t0 + shd $a3,$a2,$sigma1[0],$a0 + xor $t3,$t1,$t1 ; sigma0(X[i+1)&0x0f]) + shd $a2,$a3,$sigma1[0],$a1 + add $t0,$Xlo,$Xlo + shd $a3,$a2,$sigma1[1],$t2 + addc $t1,$Xhi,$Xhi + shd $a2,$a3,$sigma1[1],$t3 + xor $t2,$a0,$a0 + shd $a3,$a2,$sigma1[2],$t2 + xor $t3,$a1,$a1 + extru $a3,`31-$sigma1[2]`,`32-$sigma1[2]`,$t3 + xor $t2,$a0,$a0 + xor $t3,$a1,$a1 ; sigma0(X[i+14)&0x0f]) + add $a0,$Xlo,$Xlo + addc $a1,$Xhi,$Xhi + + stw $Xhi,`-$XOFF+8*($i%16)`(%sp) + stw $Xlo,`-$XOFF+8*($i%16)+4`(%sp) +___ +&ROUND_00_15_pa1($i,@_,1); +} +$code.=<<___; + ldw `0*4`($ctx),$Ahi ; load context + ldw `1*4`($ctx),$Alo + ldw `2*4`($ctx),$Bhi + ldw `3*4`($ctx),$Blo + ldw `4*4`($ctx),$Chi + ldw `5*4`($ctx),$Clo + ldw `6*4`($ctx),$Dhi + ldw `7*4`($ctx),$Dlo + ldw `8*4`($ctx),$Ehi + ldw `9*4`($ctx),$Elo + ldw `10*4`($ctx),$Fhi + ldw `11*4`($ctx),$Flo + ldw `12*4`($ctx),$Ghi + ldw `13*4`($ctx),$Glo + ldw `14*4`($ctx),$Hhi + ldw `15*4`($ctx),$Hlo + + extru $inp,31,2,$t0 + sh3addl $t0,%r0,$t0 + subi 32,$t0,$t0 + mtctl $t0,%cr11 ; load %sar with align factor + +L\$oop_pa1 + extru $inp,31,2,$a3 + comib,= 0,$a3,L\$aligned_pa1 + sub $inp,$a3,$inp + + ldw `0*4`($inp),$X[0] + ldw `1*4`($inp),$X[1] + ldw `2*4`($inp),$t2 + ldw `3*4`($inp),$t3 + ldw `4*4`($inp),$a0 + ldw `5*4`($inp),$a1 + ldw `6*4`($inp),$a2 + ldw `7*4`($inp),$a3 + vshd $X[0],$X[1],$X[0] + vshd $X[1],$t2,$X[1] + stw $X[0],`-$XOFF+0*4`(%sp) + ldw `8*4`($inp),$t0 + vshd $t2,$t3,$t2 + stw $X[1],`-$XOFF+1*4`(%sp) + ldw `9*4`($inp),$t1 + vshd $t3,$a0,$t3 +___ +{ +my @t=($t2,$t3,$a0,$a1,$a2,$a3,$t0,$t1); +for ($i=2;$i<=(128/4-8);$i++) { +$code.=<<___; + stw $t[0],`-$XOFF+$i*4`(%sp) + ldw `(8+$i)*4`($inp),$t[0] + vshd $t[1],$t[2],$t[1] +___ +push(@t,shift(@t)); +} +for (;$i<(128/4-1);$i++) { +$code.=<<___; + stw $t[0],`-$XOFF+$i*4`(%sp) + vshd $t[1],$t[2],$t[1] +___ +push(@t,shift(@t)); +} +$code.=<<___; + b L\$collected_pa1 + stw $t[0],`-$XOFF+$i*4`(%sp) + +___ +} +$code.=<<___; +L\$aligned_pa1 + ldw `0*4`($inp),$X[0] + ldw `1*4`($inp),$X[1] + ldw `2*4`($inp),$t2 + ldw `3*4`($inp),$t3 + ldw `4*4`($inp),$a0 + ldw `5*4`($inp),$a1 + ldw `6*4`($inp),$a2 + ldw `7*4`($inp),$a3 + stw $X[0],`-$XOFF+0*4`(%sp) + ldw `8*4`($inp),$t0 + stw $X[1],`-$XOFF+1*4`(%sp) + ldw `9*4`($inp),$t1 +___ +{ +my @t=($t2,$t3,$a0,$a1,$a2,$a3,$t0,$t1); +for ($i=2;$i<(128/4-8);$i++) { +$code.=<<___; + stw $t[0],`-$XOFF+$i*4`(%sp) + ldw `(8+$i)*4`($inp),$t[0] +___ +push(@t,shift(@t)); +} +for (;$i<128/4;$i++) { +$code.=<<___; + stw $t[0],`-$XOFF+$i*4`(%sp) +___ +push(@t,shift(@t)); +} +$code.="L\$collected_pa1\n"; +} + +for($i=0;$i<16;$i++) { &ROUND_00_15_pa1($i,@V); unshift(@V,pop(@V)); unshift(@V,pop(@V)); } +$code.="L\$rounds_pa1\n"; +for(;$i<32;$i++) { &ROUND_16_xx_pa1($i,@V); unshift(@V,pop(@V)); unshift(@V,pop(@V)); } + +$code.=<<___; + $POP `-$FRAME_MARKER-2*$SIZE_T`(%sp),$ctx ; restore arguments + $POP `-$FRAME_MARKER-3*$SIZE_T`(%sp),$inp + $POP `-$FRAME_MARKER-4*$SIZE_T`(%sp),$num + ldo `-$rounds*$SZ`($Tbl),$Tbl ; rewind $Tbl + + ldw `0*4`($ctx),$t1 ; update context + ldw `1*4`($ctx),$t0 + ldw `2*4`($ctx),$t3 + ldw `3*4`($ctx),$t2 + ldw `4*4`($ctx),$a1 + ldw `5*4`($ctx),$a0 + ldw `6*4`($ctx),$a3 + add $t0,$Alo,$Alo + ldw `7*4`($ctx),$a2 + addc $t1,$Ahi,$Ahi + ldw `8*4`($ctx),$t1 + add $t2,$Blo,$Blo + ldw `9*4`($ctx),$t0 + addc $t3,$Bhi,$Bhi + ldw `10*4`($ctx),$t3 + add $a0,$Clo,$Clo + ldw `11*4`($ctx),$t2 + addc $a1,$Chi,$Chi + ldw `12*4`($ctx),$a1 + add $a2,$Dlo,$Dlo + ldw `13*4`($ctx),$a0 + addc $a3,$Dhi,$Dhi + ldw `14*4`($ctx),$a3 + add $t0,$Elo,$Elo + ldw `15*4`($ctx),$a2 + addc $t1,$Ehi,$Ehi + stw $Ahi,`0*4`($ctx) + add $t2,$Flo,$Flo + stw $Alo,`1*4`($ctx) + addc $t3,$Fhi,$Fhi + stw $Bhi,`2*4`($ctx) + add $a0,$Glo,$Glo + stw $Blo,`3*4`($ctx) + addc $a1,$Ghi,$Ghi + stw $Chi,`4*4`($ctx) + add $a2,$Hlo,$Hlo + stw $Clo,`5*4`($ctx) + addc $a3,$Hhi,$Hhi + stw $Dhi,`6*4`($ctx) + ldo `16*$SZ`($inp),$inp ; advance $inp + stw $Dlo,`7*4`($ctx) + stw $Ehi,`8*4`($ctx) + stw $Elo,`9*4`($ctx) + stw $Fhi,`10*4`($ctx) + stw $Flo,`11*4`($ctx) + stw $Ghi,`12*4`($ctx) + stw $Glo,`13*4`($ctx) + stw $Hhi,`14*4`($ctx) + comb,= $inp,$num,L\$done + stw $Hlo,`15*4`($ctx) + b L\$oop_pa1 + $PUSH $inp,`-$FRAME_MARKER-3*$SIZE_T`(%sp) ; save $inp +L\$done +___ +}} +$code.=<<___; + $POP `-$FRAME-$SAVED_RP`(%sp),%r2 ; standard epilogue + $POP `-$FRAME+1*$SIZE_T`(%sp),%r4 + $POP `-$FRAME+2*$SIZE_T`(%sp),%r5 + $POP `-$FRAME+3*$SIZE_T`(%sp),%r6 + $POP `-$FRAME+4*$SIZE_T`(%sp),%r7 + $POP `-$FRAME+5*$SIZE_T`(%sp),%r8 + $POP `-$FRAME+6*$SIZE_T`(%sp),%r9 + $POP `-$FRAME+7*$SIZE_T`(%sp),%r10 + $POP `-$FRAME+8*$SIZE_T`(%sp),%r11 + $POP `-$FRAME+9*$SIZE_T`(%sp),%r12 + $POP `-$FRAME+10*$SIZE_T`(%sp),%r13 + $POP `-$FRAME+11*$SIZE_T`(%sp),%r14 + $POP `-$FRAME+12*$SIZE_T`(%sp),%r15 + $POP `-$FRAME+13*$SIZE_T`(%sp),%r16 + $POP `-$FRAME+14*$SIZE_T`(%sp),%r17 + $POP `-$FRAME+15*$SIZE_T`(%sp),%r18 + bv (%r2) + .EXIT + $POPMB -$FRAME(%sp),%r3 + .PROCEND + + .data + .STRINGZ "SHA`64*$SZ` block transform for PA-RISC, CRYPTOGAMS by " +___ + +# Explicitly encode PA-RISC 2.0 instructions used in this module, so +# that it can be compiled with .LEVEL 1.0. It should be noted that I +# wouldn't have to do this, if GNU assembler understood .ALLOW 2.0 +# directive... + +my $ldd = sub { + my ($mod,$args) = @_; + my $orig = "ldd$mod\t$args"; + + if ($args =~ /(\-?[0-9]+)\(%r([0-9]+)\),%r([0-9]+)/) # format 3 suffices + { my $opcode=(0x14<<26)|($2<<21)|($3<<16)|(($1&0x1FF8)<<1)|(($1>>13)&1); + $opcode|=(1<<3) if ($mod =~ /^,m/); + $opcode|=(1<<2) if ($mod =~ /^,mb/); + sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig; + } + else { "\t".$orig; } +}; + +my $std = sub { + my ($mod,$args) = @_; + my $orig = "std$mod\t$args"; + + if ($args =~ /%r([0-9]+),(\-?[0-9]+)\(%r([0-9]+)\)/) # format 3 suffices + { my $opcode=(0x1c<<26)|($3<<21)|($1<<16)|(($2&0x1FF8)<<1)|(($2>>13)&1); + sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig; + } + else { "\t".$orig; } +}; + +my $extrd = sub { + my ($mod,$args) = @_; + my $orig = "extrd$mod\t$args"; + + # I only have ",u" completer, it's implicitly encoded... + if ($args =~ /%r([0-9]+),([0-9]+),([0-9]+),%r([0-9]+)/) # format 15 + { my $opcode=(0x36<<26)|($1<<21)|($4<<16); + my $len=32-$3; + $opcode |= (($2&0x20)<<6)|(($2&0x1f)<<5); # encode pos + $opcode |= (($len&0x20)<<7)|($len&0x1f); # encode len + sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig; + } + elsif ($args =~ /%r([0-9]+),%sar,([0-9]+),%r([0-9]+)/) # format 12 + { my $opcode=(0x34<<26)|($1<<21)|($3<<16)|(2<<11)|(1<<9); + my $len=32-$2; + $opcode |= (($len&0x20)<<3)|($len&0x1f); # encode len + $opcode |= (1<<13) if ($mod =~ /,\**=/); + sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig; + } + else { "\t".$orig; } +}; + +my $shrpd = sub { + my ($mod,$args) = @_; + my $orig = "shrpd$mod\t$args"; + + if ($args =~ /%r([0-9]+),%r([0-9]+),([0-9]+),%r([0-9]+)/) # format 14 + { my $opcode=(0x34<<26)|($2<<21)|($1<<16)|(1<<10)|$4; + my $cpos=63-$3; + $opcode |= (($cpos&0x20)<<6)|(($cpos&0x1f)<<5); # encode sa + sprintf "\t.WORD\t0x%08x\t; %s",$opcode,$orig; + } + elsif ($args =~ /%r([0-9]+),%r([0-9]+),%sar,%r([0-9]+)/) # format 11 + { sprintf "\t.WORD\t0x%08x\t; %s", + (0x34<<26)|($2<<21)|($1<<16)|(1<<9)|$3,$orig; + } + else { "\t".$orig; } +}; + +sub assemble { + my ($mnemonic,$mod,$args)=@_; + my $opcode = eval("\$$mnemonic"); + + ref($opcode) eq 'CODE' ? &$opcode($mod,$args) : "\t$mnemonic$mod\t$args"; +} + +foreach (split("\n",$code)) { + s/\`([^\`]*)\`/eval $1/ge; + + s/shd\s+(%r[0-9]+),(%r[0-9]+),([0-9]+)/ + $3>31 ? sprintf("shd\t%$2,%$1,%d",$3-32) # rotation for >=32 + : sprintf("shd\t%$1,%$2,%d",$3)/e or + # translate made up instructons: _ror, _shr, _align, _shl + s/_ror(\s+)(%r[0-9]+),/ + ($SZ==4 ? "shd" : "shrpd")."$1$2,$2,"/e or + + s/_shr(\s+%r[0-9]+),([0-9]+),/ + $SZ==4 ? sprintf("extru%s,%d,%d,",$1,31-$2,32-$2) + : sprintf("extrd,u%s,%d,%d,",$1,63-$2,64-$2)/e or + + s/_align(\s+%r[0-9]+,%r[0-9]+),/ + ($SZ==4 ? "vshd$1," : "shrpd$1,%sar,")/e or + + s/_shl(\s+%r[0-9]+),([0-9]+),/ + $SIZE_T==4 ? sprintf("zdep%s,%d,%d,",$1,31-$2,32-$2) + : sprintf("depd,z%s,%d,%d,",$1,63-$2,64-$2)/e; + + s/^\s+([a-z]+)([\S]*)\s+([\S]*)/&assemble($1,$2,$3)/e if ($SIZE_T==4); + + s/cmpb,\*/comb,/ if ($SIZE_T==4); + + s/\bbv\b/bve/ if ($SIZE_T==8); + + print $_,"\n"; +} + +close STDOUT; diff --git a/src/lib/libcrypto/sha/asm/sha512-ppc.pl b/src/lib/libcrypto/sha/asm/sha512-ppc.pl new file mode 100755 index 00000000000..2a7d5a0e8bc --- /dev/null +++ b/src/lib/libcrypto/sha/asm/sha512-ppc.pl @@ -0,0 +1,460 @@ +#!/usr/bin/env perl + +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# I let hardware handle unaligned input, except on page boundaries +# (see below for details). Otherwise straightforward implementation +# with X vector in register bank. The module is big-endian [which is +# not big deal as there're no little-endian targets left around]. + +# sha256 | sha512 +# -m64 -m32 | -m64 -m32 +# --------------------------------------+----------------------- +# PPC970,gcc-4.0.0 +50% +38% | +40% +410%(*) +# Power6,xlc-7 +150% +90% | +100% +430%(*) +# +# (*) 64-bit code in 32-bit application context, which actually is +# on TODO list. It should be noted that for safe deployment in +# 32-bit *multi-threaded* context asynchronous signals should be +# blocked upon entry to SHA512 block routine. This is because +# 32-bit signaling procedure invalidates upper halves of GPRs. +# Context switch procedure preserves them, but not signaling:-( + +# Second version is true multi-thread safe. Trouble with the original +# version was that it was using thread local storage pointer register. +# Well, it scrupulously preserved it, but the problem would arise the +# moment asynchronous signal was delivered and signal handler would +# dereference the TLS pointer. While it's never the case in openssl +# application or test suite, we have to respect this scenario and not +# use TLS pointer register. Alternative would be to require caller to +# block signals prior calling this routine. For the record, in 32-bit +# context R2 serves as TLS pointer, while in 64-bit context - R13. + +$flavour=shift; +$output =shift; + +if ($flavour =~ /64/) { + $SIZE_T=8; + $LRSAVE=2*$SIZE_T; + $STU="stdu"; + $UCMP="cmpld"; + $SHL="sldi"; + $POP="ld"; + $PUSH="std"; +} elsif ($flavour =~ /32/) { + $SIZE_T=4; + $LRSAVE=$SIZE_T; + $STU="stwu"; + $UCMP="cmplw"; + $SHL="slwi"; + $POP="lwz"; + $PUSH="stw"; +} else { die "nonsense $flavour"; } + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or +die "can't locate ppc-xlate.pl"; + +open STDOUT,"| $^X $xlate $flavour $output" || die "can't call $xlate: $!"; + +if ($output =~ /512/) { + $func="sha512_block_data_order"; + $SZ=8; + @Sigma0=(28,34,39); + @Sigma1=(14,18,41); + @sigma0=(1, 8, 7); + @sigma1=(19,61, 6); + $rounds=80; + $LD="ld"; + $ST="std"; + $ROR="rotrdi"; + $SHR="srdi"; +} else { + $func="sha256_block_data_order"; + $SZ=4; + @Sigma0=( 2,13,22); + @Sigma1=( 6,11,25); + @sigma0=( 7,18, 3); + @sigma1=(17,19,10); + $rounds=64; + $LD="lwz"; + $ST="stw"; + $ROR="rotrwi"; + $SHR="srwi"; +} + +$FRAME=32*$SIZE_T+16*$SZ; +$LOCALS=6*$SIZE_T; + +$sp ="r1"; +$toc="r2"; +$ctx="r3"; # zapped by $a0 +$inp="r4"; # zapped by $a1 +$num="r5"; # zapped by $t0 + +$T ="r0"; +$a0 ="r3"; +$a1 ="r4"; +$t0 ="r5"; +$t1 ="r6"; +$Tbl="r7"; + +$A ="r8"; +$B ="r9"; +$C ="r10"; +$D ="r11"; +$E ="r12"; +$F ="r13"; $F="r2" if ($SIZE_T==8);# reassigned to exempt TLS pointer +$G ="r14"; +$H ="r15"; + +@V=($A,$B,$C,$D,$E,$F,$G,$H); +@X=("r16","r17","r18","r19","r20","r21","r22","r23", + "r24","r25","r26","r27","r28","r29","r30","r31"); + +$inp="r31"; # reassigned $inp! aliases with @X[15] + +sub ROUND_00_15 { +my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_; +$code.=<<___; + $LD $T,`$i*$SZ`($Tbl) + $ROR $a0,$e,$Sigma1[0] + $ROR $a1,$e,$Sigma1[1] + and $t0,$f,$e + andc $t1,$g,$e + add $T,$T,$h + xor $a0,$a0,$a1 + $ROR $a1,$a1,`$Sigma1[2]-$Sigma1[1]` + or $t0,$t0,$t1 ; Ch(e,f,g) + add $T,$T,@X[$i] + xor $a0,$a0,$a1 ; Sigma1(e) + add $T,$T,$t0 + add $T,$T,$a0 + + $ROR $a0,$a,$Sigma0[0] + $ROR $a1,$a,$Sigma0[1] + and $t0,$a,$b + and $t1,$a,$c + xor $a0,$a0,$a1 + $ROR $a1,$a1,`$Sigma0[2]-$Sigma0[1]` + xor $t0,$t0,$t1 + and $t1,$b,$c + xor $a0,$a0,$a1 ; Sigma0(a) + add $d,$d,$T + xor $t0,$t0,$t1 ; Maj(a,b,c) + add $h,$T,$a0 + add $h,$h,$t0 + +___ +} + +sub ROUND_16_xx { +my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_; +$i-=16; +$code.=<<___; + $ROR $a0,@X[($i+1)%16],$sigma0[0] + $ROR $a1,@X[($i+1)%16],$sigma0[1] + $ROR $t0,@X[($i+14)%16],$sigma1[0] + $ROR $t1,@X[($i+14)%16],$sigma1[1] + xor $a0,$a0,$a1 + $SHR $a1,@X[($i+1)%16],$sigma0[2] + xor $t0,$t0,$t1 + $SHR $t1,@X[($i+14)%16],$sigma1[2] + add @X[$i],@X[$i],@X[($i+9)%16] + xor $a0,$a0,$a1 ; sigma0(X[(i+1)&0x0f]) + xor $t0,$t0,$t1 ; sigma1(X[(i+14)&0x0f]) + add @X[$i],@X[$i],$a0 + add @X[$i],@X[$i],$t0 +___ +&ROUND_00_15($i,$a,$b,$c,$d,$e,$f,$g,$h); +} + +$code=<<___; +.machine "any" +.text + +.globl $func +.align 6 +$func: + $STU $sp,-$FRAME($sp) + mflr r0 + $SHL $num,$num,`log(16*$SZ)/log(2)` + + $PUSH $ctx,`$FRAME-$SIZE_T*22`($sp) + + $PUSH $toc,`$FRAME-$SIZE_T*20`($sp) + $PUSH r13,`$FRAME-$SIZE_T*19`($sp) + $PUSH r14,`$FRAME-$SIZE_T*18`($sp) + $PUSH r15,`$FRAME-$SIZE_T*17`($sp) + $PUSH r16,`$FRAME-$SIZE_T*16`($sp) + $PUSH r17,`$FRAME-$SIZE_T*15`($sp) + $PUSH r18,`$FRAME-$SIZE_T*14`($sp) + $PUSH r19,`$FRAME-$SIZE_T*13`($sp) + $PUSH r20,`$FRAME-$SIZE_T*12`($sp) + $PUSH r21,`$FRAME-$SIZE_T*11`($sp) + $PUSH r22,`$FRAME-$SIZE_T*10`($sp) + $PUSH r23,`$FRAME-$SIZE_T*9`($sp) + $PUSH r24,`$FRAME-$SIZE_T*8`($sp) + $PUSH r25,`$FRAME-$SIZE_T*7`($sp) + $PUSH r26,`$FRAME-$SIZE_T*6`($sp) + $PUSH r27,`$FRAME-$SIZE_T*5`($sp) + $PUSH r28,`$FRAME-$SIZE_T*4`($sp) + $PUSH r29,`$FRAME-$SIZE_T*3`($sp) + $PUSH r30,`$FRAME-$SIZE_T*2`($sp) + $PUSH r31,`$FRAME-$SIZE_T*1`($sp) + $PUSH r0,`$FRAME+$LRSAVE`($sp) + + $LD $A,`0*$SZ`($ctx) + mr $inp,r4 ; incarnate $inp + $LD $B,`1*$SZ`($ctx) + $LD $C,`2*$SZ`($ctx) + $LD $D,`3*$SZ`($ctx) + $LD $E,`4*$SZ`($ctx) + $LD $F,`5*$SZ`($ctx) + $LD $G,`6*$SZ`($ctx) + $LD $H,`7*$SZ`($ctx) + + bl LPICmeup +LPICedup: + andi. r0,$inp,3 + bne Lunaligned +Laligned: + add $num,$inp,$num + $PUSH $num,`$FRAME-$SIZE_T*24`($sp) ; end pointer + $PUSH $inp,`$FRAME-$SIZE_T*23`($sp) ; inp pointer + bl Lsha2_block_private + b Ldone + +; PowerPC specification allows an implementation to be ill-behaved +; upon unaligned access which crosses page boundary. "Better safe +; than sorry" principle makes me treat it specially. But I don't +; look for particular offending word, but rather for the input +; block which crosses the boundary. Once found that block is aligned +; and hashed separately... +.align 4 +Lunaligned: + subfic $t1,$inp,4096 + andi. $t1,$t1,`4096-16*$SZ` ; distance to closest page boundary + beq Lcross_page + $UCMP $num,$t1 + ble- Laligned ; didn't cross the page boundary + subfc $num,$t1,$num + add $t1,$inp,$t1 + $PUSH $num,`$FRAME-$SIZE_T*25`($sp) ; save real remaining num + $PUSH $t1,`$FRAME-$SIZE_T*24`($sp) ; intermediate end pointer + $PUSH $inp,`$FRAME-$SIZE_T*23`($sp) ; inp pointer + bl Lsha2_block_private + ; $inp equals to the intermediate end pointer here + $POP $num,`$FRAME-$SIZE_T*25`($sp) ; restore real remaining num +Lcross_page: + li $t1,`16*$SZ/4` + mtctr $t1 + addi r20,$sp,$LOCALS ; aligned spot below the frame +Lmemcpy: + lbz r16,0($inp) + lbz r17,1($inp) + lbz r18,2($inp) + lbz r19,3($inp) + addi $inp,$inp,4 + stb r16,0(r20) + stb r17,1(r20) + stb r18,2(r20) + stb r19,3(r20) + addi r20,r20,4 + bdnz Lmemcpy + + $PUSH $inp,`$FRAME-$SIZE_T*26`($sp) ; save real inp + addi $t1,$sp,`$LOCALS+16*$SZ` ; fictitious end pointer + addi $inp,$sp,$LOCALS ; fictitious inp pointer + $PUSH $num,`$FRAME-$SIZE_T*25`($sp) ; save real num + $PUSH $t1,`$FRAME-$SIZE_T*24`($sp) ; end pointer + $PUSH $inp,`$FRAME-$SIZE_T*23`($sp) ; inp pointer + bl Lsha2_block_private + $POP $inp,`$FRAME-$SIZE_T*26`($sp) ; restore real inp + $POP $num,`$FRAME-$SIZE_T*25`($sp) ; restore real num + addic. $num,$num,`-16*$SZ` ; num-- + bne- Lunaligned + +Ldone: + $POP r0,`$FRAME+$LRSAVE`($sp) + $POP $toc,`$FRAME-$SIZE_T*20`($sp) + $POP r13,`$FRAME-$SIZE_T*19`($sp) + $POP r14,`$FRAME-$SIZE_T*18`($sp) + $POP r15,`$FRAME-$SIZE_T*17`($sp) + $POP r16,`$FRAME-$SIZE_T*16`($sp) + $POP r17,`$FRAME-$SIZE_T*15`($sp) + $POP r18,`$FRAME-$SIZE_T*14`($sp) + $POP r19,`$FRAME-$SIZE_T*13`($sp) + $POP r20,`$FRAME-$SIZE_T*12`($sp) + $POP r21,`$FRAME-$SIZE_T*11`($sp) + $POP r22,`$FRAME-$SIZE_T*10`($sp) + $POP r23,`$FRAME-$SIZE_T*9`($sp) + $POP r24,`$FRAME-$SIZE_T*8`($sp) + $POP r25,`$FRAME-$SIZE_T*7`($sp) + $POP r26,`$FRAME-$SIZE_T*6`($sp) + $POP r27,`$FRAME-$SIZE_T*5`($sp) + $POP r28,`$FRAME-$SIZE_T*4`($sp) + $POP r29,`$FRAME-$SIZE_T*3`($sp) + $POP r30,`$FRAME-$SIZE_T*2`($sp) + $POP r31,`$FRAME-$SIZE_T*1`($sp) + mtlr r0 + addi $sp,$sp,$FRAME + blr + .long 0 + .byte 0,12,4,1,0x80,18,3,0 + .long 0 + +.align 4 +Lsha2_block_private: +___ +for($i=0;$i<16;$i++) { +$code.=<<___ if ($SZ==4); + lwz @X[$i],`$i*$SZ`($inp) +___ +# 64-bit loads are split to 2x32-bit ones, as CPU can't handle +# unaligned 64-bit loads, only 32-bit ones... +$code.=<<___ if ($SZ==8); + lwz $t0,`$i*$SZ`($inp) + lwz @X[$i],`$i*$SZ+4`($inp) + insrdi @X[$i],$t0,32,0 +___ + &ROUND_00_15($i,@V); + unshift(@V,pop(@V)); +} +$code.=<<___; + li $T,`$rounds/16-1` + mtctr $T +.align 4 +Lrounds: + addi $Tbl,$Tbl,`16*$SZ` +___ +for(;$i<32;$i++) { + &ROUND_16_xx($i,@V); + unshift(@V,pop(@V)); +} +$code.=<<___; + bdnz- Lrounds + + $POP $ctx,`$FRAME-$SIZE_T*22`($sp) + $POP $inp,`$FRAME-$SIZE_T*23`($sp) ; inp pointer + $POP $num,`$FRAME-$SIZE_T*24`($sp) ; end pointer + subi $Tbl,$Tbl,`($rounds-16)*$SZ` ; rewind Tbl + + $LD r16,`0*$SZ`($ctx) + $LD r17,`1*$SZ`($ctx) + $LD r18,`2*$SZ`($ctx) + $LD r19,`3*$SZ`($ctx) + $LD r20,`4*$SZ`($ctx) + $LD r21,`5*$SZ`($ctx) + $LD r22,`6*$SZ`($ctx) + addi $inp,$inp,`16*$SZ` ; advance inp + $LD r23,`7*$SZ`($ctx) + add $A,$A,r16 + add $B,$B,r17 + $PUSH $inp,`$FRAME-$SIZE_T*23`($sp) + add $C,$C,r18 + $ST $A,`0*$SZ`($ctx) + add $D,$D,r19 + $ST $B,`1*$SZ`($ctx) + add $E,$E,r20 + $ST $C,`2*$SZ`($ctx) + add $F,$F,r21 + $ST $D,`3*$SZ`($ctx) + add $G,$G,r22 + $ST $E,`4*$SZ`($ctx) + add $H,$H,r23 + $ST $F,`5*$SZ`($ctx) + $ST $G,`6*$SZ`($ctx) + $UCMP $inp,$num + $ST $H,`7*$SZ`($ctx) + bne Lsha2_block_private + blr + .long 0 + .byte 0,12,0x14,0,0,0,0,0 +___ + +# Ugly hack here, because PPC assembler syntax seem to vary too +# much from platforms to platform... +$code.=<<___; +.align 6 +LPICmeup: + mflr r0 + bcl 20,31,\$+4 + mflr $Tbl ; vvvvvv "distance" between . and 1st data entry + addi $Tbl,$Tbl,`64-8` + mtlr r0 + blr + .long 0 + .byte 0,12,0x14,0,0,0,0,0 + .space `64-9*4` +___ +$code.=<<___ if ($SZ==8); + .long 0x428a2f98,0xd728ae22,0x71374491,0x23ef65cd + .long 0xb5c0fbcf,0xec4d3b2f,0xe9b5dba5,0x8189dbbc + .long 0x3956c25b,0xf348b538,0x59f111f1,0xb605d019 + .long 0x923f82a4,0xaf194f9b,0xab1c5ed5,0xda6d8118 + .long 0xd807aa98,0xa3030242,0x12835b01,0x45706fbe + .long 0x243185be,0x4ee4b28c,0x550c7dc3,0xd5ffb4e2 + .long 0x72be5d74,0xf27b896f,0x80deb1fe,0x3b1696b1 + .long 0x9bdc06a7,0x25c71235,0xc19bf174,0xcf692694 + .long 0xe49b69c1,0x9ef14ad2,0xefbe4786,0x384f25e3 + .long 0x0fc19dc6,0x8b8cd5b5,0x240ca1cc,0x77ac9c65 + .long 0x2de92c6f,0x592b0275,0x4a7484aa,0x6ea6e483 + .long 0x5cb0a9dc,0xbd41fbd4,0x76f988da,0x831153b5 + .long 0x983e5152,0xee66dfab,0xa831c66d,0x2db43210 + .long 0xb00327c8,0x98fb213f,0xbf597fc7,0xbeef0ee4 + .long 0xc6e00bf3,0x3da88fc2,0xd5a79147,0x930aa725 + .long 0x06ca6351,0xe003826f,0x14292967,0x0a0e6e70 + .long 0x27b70a85,0x46d22ffc,0x2e1b2138,0x5c26c926 + .long 0x4d2c6dfc,0x5ac42aed,0x53380d13,0x9d95b3df + .long 0x650a7354,0x8baf63de,0x766a0abb,0x3c77b2a8 + .long 0x81c2c92e,0x47edaee6,0x92722c85,0x1482353b + .long 0xa2bfe8a1,0x4cf10364,0xa81a664b,0xbc423001 + .long 0xc24b8b70,0xd0f89791,0xc76c51a3,0x0654be30 + .long 0xd192e819,0xd6ef5218,0xd6990624,0x5565a910 + .long 0xf40e3585,0x5771202a,0x106aa070,0x32bbd1b8 + .long 0x19a4c116,0xb8d2d0c8,0x1e376c08,0x5141ab53 + .long 0x2748774c,0xdf8eeb99,0x34b0bcb5,0xe19b48a8 + .long 0x391c0cb3,0xc5c95a63,0x4ed8aa4a,0xe3418acb + .long 0x5b9cca4f,0x7763e373,0x682e6ff3,0xd6b2b8a3 + .long 0x748f82ee,0x5defb2fc,0x78a5636f,0x43172f60 + .long 0x84c87814,0xa1f0ab72,0x8cc70208,0x1a6439ec + .long 0x90befffa,0x23631e28,0xa4506ceb,0xde82bde9 + .long 0xbef9a3f7,0xb2c67915,0xc67178f2,0xe372532b + .long 0xca273ece,0xea26619c,0xd186b8c7,0x21c0c207 + .long 0xeada7dd6,0xcde0eb1e,0xf57d4f7f,0xee6ed178 + .long 0x06f067aa,0x72176fba,0x0a637dc5,0xa2c898a6 + .long 0x113f9804,0xbef90dae,0x1b710b35,0x131c471b + .long 0x28db77f5,0x23047d84,0x32caab7b,0x40c72493 + .long 0x3c9ebe0a,0x15c9bebc,0x431d67c4,0x9c100d4c + .long 0x4cc5d4be,0xcb3e42b6,0x597f299c,0xfc657e2a + .long 0x5fcb6fab,0x3ad6faec,0x6c44198c,0x4a475817 +___ +$code.=<<___ if ($SZ==4); + .long 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5 + .long 0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5 + .long 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3 + .long 0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174 + .long 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc + .long 0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da + .long 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7 + .long 0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967 + .long 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13 + .long 0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85 + .long 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3 + .long 0xd192e819,0xd6990624,0xf40e3585,0x106aa070 + .long 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5 + .long 0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3 + .long 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208 + .long 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2 +___ + +$code =~ s/\`([^\`]*)\`/eval $1/gem; +print $code; +close STDOUT; diff --git a/src/lib/libcrypto/sha/asm/sha512-sparcv9.pl b/src/lib/libcrypto/sha/asm/sha512-sparcv9.pl new file mode 100644 index 00000000000..585740789e6 --- /dev/null +++ b/src/lib/libcrypto/sha/asm/sha512-sparcv9.pl @@ -0,0 +1,594 @@ +#!/usr/bin/env perl + +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== + +# SHA256 performance improvement over compiler generated code varies +# from 40% for Sun C [32-bit build] to 70% for gcc [3.3, 64-bit +# build]. Just like in SHA1 module I aim to ensure scalability on +# UltraSPARC T1 by packing X[16] to 8 64-bit registers. + +# SHA512 on pre-T1 UltraSPARC. +# +# Performance is >75% better than 64-bit code generated by Sun C and +# over 2x than 32-bit code. X[16] resides on stack, but access to it +# is scheduled for L2 latency and staged through 32 least significant +# bits of %l0-%l7. The latter is done to achieve 32-/64-bit ABI +# duality. Nevetheless it's ~40% faster than SHA256, which is pretty +# good [optimal coefficient is 50%]. +# +# SHA512 on UltraSPARC T1. +# +# It's not any faster than 64-bit code generated by Sun C 5.8. This is +# because 64-bit code generator has the advantage of using 64-bit +# loads(*) to access X[16], which I consciously traded for 32-/64-bit +# ABI duality [as per above]. But it surpasses 32-bit Sun C generated +# code by 60%, not to mention that it doesn't suffer from severe decay +# when running 4 times physical cores threads and that it leaves gcc +# [3.4] behind by over 4x factor! If compared to SHA256, single thread +# performance is only 10% better, but overall throughput for maximum +# amount of threads for given CPU exceeds corresponding one of SHA256 +# by 30% [again, optimal coefficient is 50%]. +# +# (*) Unlike pre-T1 UltraSPARC loads on T1 are executed strictly +# in-order, i.e. load instruction has to complete prior next +# instruction in given thread is executed, even if the latter is +# not dependent on load result! This means that on T1 two 32-bit +# loads are always slower than one 64-bit load. Once again this +# is unlike pre-T1 UltraSPARC, where, if scheduled appropriately, +# 2x32-bit loads can be as fast as 1x64-bit ones. + +$bits=32; +for (@ARGV) { $bits=64 if (/\-m64/ || /\-xarch\=v9/); } +if ($bits==64) { $bias=2047; $frame=192; } +else { $bias=0; $frame=112; } + +$output=shift; +open STDOUT,">$output"; + +if ($output =~ /512/) { + $label="512"; + $SZ=8; + $LD="ldx"; # load from memory + $ST="stx"; # store to memory + $SLL="sllx"; # shift left logical + $SRL="srlx"; # shift right logical + @Sigma0=(28,34,39); + @Sigma1=(14,18,41); + @sigma0=( 7, 1, 8); # right shift first + @sigma1=( 6,19,61); # right shift first + $lastK=0x817; + $rounds=80; + $align=4; + + $locals=16*$SZ; # X[16] + + $A="%o0"; + $B="%o1"; + $C="%o2"; + $D="%o3"; + $E="%o4"; + $F="%o5"; + $G="%g1"; + $H="%o7"; + @V=($A,$B,$C,$D,$E,$F,$G,$H); +} else { + $label="256"; + $SZ=4; + $LD="ld"; # load from memory + $ST="st"; # store to memory + $SLL="sll"; # shift left logical + $SRL="srl"; # shift right logical + @Sigma0=( 2,13,22); + @Sigma1=( 6,11,25); + @sigma0=( 3, 7,18); # right shift first + @sigma1=(10,17,19); # right shift first + $lastK=0x8f2; + $rounds=64; + $align=8; + + $locals=0; # X[16] is register resident + @X=("%o0","%o1","%o2","%o3","%o4","%o5","%g1","%o7"); + + $A="%l0"; + $B="%l1"; + $C="%l2"; + $D="%l3"; + $E="%l4"; + $F="%l5"; + $G="%l6"; + $H="%l7"; + @V=($A,$B,$C,$D,$E,$F,$G,$H); +} +$T1="%g2"; +$tmp0="%g3"; +$tmp1="%g4"; +$tmp2="%g5"; + +$ctx="%i0"; +$inp="%i1"; +$len="%i2"; +$Ktbl="%i3"; +$tmp31="%i4"; +$tmp32="%i5"; + +########### SHA256 +$Xload = sub { +my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_; + + if ($i==0) { +$code.=<<___; + ldx [$inp+0],@X[0] + ldx [$inp+16],@X[2] + ldx [$inp+32],@X[4] + ldx [$inp+48],@X[6] + ldx [$inp+8],@X[1] + ldx [$inp+24],@X[3] + subcc %g0,$tmp31,$tmp32 ! should be 64-$tmp31, but -$tmp31 works too + ldx [$inp+40],@X[5] + bz,pt %icc,.Laligned + ldx [$inp+56],@X[7] + + sllx @X[0],$tmp31,@X[0] + ldx [$inp+64],$T1 +___ +for($j=0;$j<7;$j++) +{ $code.=<<___; + srlx @X[$j+1],$tmp32,$tmp1 + sllx @X[$j+1],$tmp31,@X[$j+1] + or $tmp1,@X[$j],@X[$j] +___ +} +$code.=<<___; + srlx $T1,$tmp32,$T1 + or $T1,@X[7],@X[7] +.Laligned: +___ + } + + if ($i&1) { + $code.="\tadd @X[$i/2],$h,$T1\n"; + } else { + $code.="\tsrlx @X[$i/2],32,$T1\n\tadd $h,$T1,$T1\n"; + } +} if ($SZ==4); + +########### SHA512 +$Xload = sub { +my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_; +my @pair=("%l".eval(($i*2)%8),"%l".eval(($i*2)%8+1),"%l".eval((($i+1)*2)%8)); + +$code.=<<___ if ($i==0); + ld [$inp+0],%l0 + ld [$inp+4],%l1 + ld [$inp+8],%l2 + ld [$inp+12],%l3 + ld [$inp+16],%l4 + ld [$inp+20],%l5 + ld [$inp+24],%l6 + ld [$inp+28],%l7 +___ +$code.=<<___ if ($i<15); + sllx @pair[1],$tmp31,$tmp2 ! Xload($i) + add $tmp31,32,$tmp0 + sllx @pair[0],$tmp0,$tmp1 + `"ld [$inp+".eval(32+0+$i*8)."],@pair[0]" if ($i<12)` + srlx @pair[2],$tmp32,@pair[1] + or $tmp1,$tmp2,$tmp2 + or @pair[1],$tmp2,$tmp2 + `"ld [$inp+".eval(32+4+$i*8)."],@pair[1]" if ($i<12)` + add $h,$tmp2,$T1 + $ST $tmp2,[%sp+`$bias+$frame+$i*$SZ`] +___ +$code.=<<___ if ($i==12); + brnz,a $tmp31,.+8 + ld [$inp+128],%l0 +___ +$code.=<<___ if ($i==15); + ld [%sp+`$bias+$frame+(($i+1+1)%16)*$SZ+0`],%l2 + sllx @pair[1],$tmp31,$tmp2 ! Xload($i) + add $tmp31,32,$tmp0 + ld [%sp+`$bias+$frame+(($i+1+1)%16)*$SZ+4`],%l3 + sllx @pair[0],$tmp0,$tmp1 + ld [%sp+`$bias+$frame+(($i+1+9)%16)*$SZ+0`],%l4 + srlx @pair[2],$tmp32,@pair[1] + or $tmp1,$tmp2,$tmp2 + ld [%sp+`$bias+$frame+(($i+1+9)%16)*$SZ+4`],%l5 + or @pair[1],$tmp2,$tmp2 + ld [%sp+`$bias+$frame+(($i+1+14)%16)*$SZ+0`],%l6 + add $h,$tmp2,$T1 + $ST $tmp2,[%sp+`$bias+$frame+$i*$SZ`] + ld [%sp+`$bias+$frame+(($i+1+14)%16)*$SZ+4`],%l7 + ld [%sp+`$bias+$frame+(($i+1+0)%16)*$SZ+0`],%l0 + ld [%sp+`$bias+$frame+(($i+1+0)%16)*$SZ+4`],%l1 +___ +} if ($SZ==8); + +########### common +sub BODY_00_15 { +my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_; + + if ($i<16) { + &$Xload(@_); + } else { + $code.="\tadd $h,$T1,$T1\n"; + } + +$code.=<<___; + $SRL $e,@Sigma1[0],$h !! $i + xor $f,$g,$tmp2 + $SLL $e,`$SZ*8-@Sigma1[2]`,$tmp1 + and $e,$tmp2,$tmp2 + $SRL $e,@Sigma1[1],$tmp0 + xor $tmp1,$h,$h + $SLL $e,`$SZ*8-@Sigma1[1]`,$tmp1 + xor $tmp0,$h,$h + $SRL $e,@Sigma1[2],$tmp0 + xor $tmp1,$h,$h + $SLL $e,`$SZ*8-@Sigma1[0]`,$tmp1 + xor $tmp0,$h,$h + xor $g,$tmp2,$tmp2 ! Ch(e,f,g) + xor $tmp1,$h,$tmp0 ! Sigma1(e) + + $SRL $a,@Sigma0[0],$h + add $tmp2,$T1,$T1 + $LD [$Ktbl+`$i*$SZ`],$tmp2 ! K[$i] + $SLL $a,`$SZ*8-@Sigma0[2]`,$tmp1 + add $tmp0,$T1,$T1 + $SRL $a,@Sigma0[1],$tmp0 + xor $tmp1,$h,$h + $SLL $a,`$SZ*8-@Sigma0[1]`,$tmp1 + xor $tmp0,$h,$h + $SRL $a,@Sigma0[2],$tmp0 + xor $tmp1,$h,$h + $SLL $a,`$SZ*8-@Sigma0[0]`,$tmp1 + xor $tmp0,$h,$h + xor $tmp1,$h,$h ! Sigma0(a) + + or $a,$b,$tmp0 + and $a,$b,$tmp1 + and $c,$tmp0,$tmp0 + or $tmp0,$tmp1,$tmp1 ! Maj(a,b,c) + add $tmp2,$T1,$T1 ! +=K[$i] + add $tmp1,$h,$h + + add $T1,$d,$d + add $T1,$h,$h +___ +} + +########### SHA256 +$BODY_16_XX = sub { +my $i=@_[0]; +my $xi; + + if ($i&1) { + $xi=$tmp32; + $code.="\tsrlx @X[(($i+1)/2)%8],32,$xi\n"; + } else { + $xi=@X[(($i+1)/2)%8]; + } +$code.=<<___; + srl $xi,@sigma0[0],$T1 !! Xupdate($i) + sll $xi,`32-@sigma0[2]`,$tmp1 + srl $xi,@sigma0[1],$tmp0 + xor $tmp1,$T1,$T1 + sll $tmp1,`@sigma0[2]-@sigma0[1]`,$tmp1 + xor $tmp0,$T1,$T1 + srl $xi,@sigma0[2],$tmp0 + xor $tmp1,$T1,$T1 +___ + if ($i&1) { + $xi=@X[(($i+14)/2)%8]; + } else { + $xi=$tmp32; + $code.="\tsrlx @X[(($i+14)/2)%8],32,$xi\n"; + } +$code.=<<___; + srl $xi,@sigma1[0],$tmp2 + xor $tmp0,$T1,$T1 ! T1=sigma0(X[i+1]) + sll $xi,`32-@sigma1[2]`,$tmp1 + srl $xi,@sigma1[1],$tmp0 + xor $tmp1,$tmp2,$tmp2 + sll $tmp1,`@sigma1[2]-@sigma1[1]`,$tmp1 + xor $tmp0,$tmp2,$tmp2 + srl $xi,@sigma1[2],$tmp0 + xor $tmp1,$tmp2,$tmp2 +___ + if ($i&1) { + $xi=@X[($i/2)%8]; +$code.=<<___; + srlx @X[(($i+9)/2)%8],32,$tmp1 ! X[i+9] + xor $tmp0,$tmp2,$tmp2 ! sigma1(X[i+14]) + srl @X[($i/2)%8],0,$tmp0 + add $tmp2,$tmp1,$tmp1 + add $xi,$T1,$T1 ! +=X[i] + xor $tmp0,@X[($i/2)%8],@X[($i/2)%8] + add $tmp1,$T1,$T1 + + srl $T1,0,$T1 + or $T1,@X[($i/2)%8],@X[($i/2)%8] +___ + } else { + $xi=@X[(($i+9)/2)%8]; +$code.=<<___; + srlx @X[($i/2)%8],32,$tmp1 ! X[i] + xor $tmp0,$tmp2,$tmp2 ! sigma1(X[i+14]) + add $xi,$T1,$T1 ! +=X[i+9] + add $tmp2,$tmp1,$tmp1 + srl @X[($i/2)%8],0,@X[($i/2)%8] + add $tmp1,$T1,$T1 + + sllx $T1,32,$tmp0 + or $tmp0,@X[($i/2)%8],@X[($i/2)%8] +___ + } + &BODY_00_15(@_); +} if ($SZ==4); + +########### SHA512 +$BODY_16_XX = sub { +my $i=@_[0]; +my @pair=("%l".eval(($i*2)%8),"%l".eval(($i*2)%8+1)); + +$code.=<<___; + sllx %l2,32,$tmp0 !! Xupdate($i) + or %l3,$tmp0,$tmp0 + + srlx $tmp0,@sigma0[0],$T1 + ld [%sp+`$bias+$frame+(($i+1+1)%16)*$SZ+0`],%l2 + sllx $tmp0,`64-@sigma0[2]`,$tmp1 + ld [%sp+`$bias+$frame+(($i+1+1)%16)*$SZ+4`],%l3 + srlx $tmp0,@sigma0[1],$tmp0 + xor $tmp1,$T1,$T1 + sllx $tmp1,`@sigma0[2]-@sigma0[1]`,$tmp1 + xor $tmp0,$T1,$T1 + srlx $tmp0,`@sigma0[2]-@sigma0[1]`,$tmp0 + xor $tmp1,$T1,$T1 + sllx %l6,32,$tmp2 + xor $tmp0,$T1,$T1 ! sigma0(X[$i+1]) + or %l7,$tmp2,$tmp2 + + srlx $tmp2,@sigma1[0],$tmp1 + ld [%sp+`$bias+$frame+(($i+1+14)%16)*$SZ+0`],%l6 + sllx $tmp2,`64-@sigma1[2]`,$tmp0 + ld [%sp+`$bias+$frame+(($i+1+14)%16)*$SZ+4`],%l7 + srlx $tmp2,@sigma1[1],$tmp2 + xor $tmp0,$tmp1,$tmp1 + sllx $tmp0,`@sigma1[2]-@sigma1[1]`,$tmp0 + xor $tmp2,$tmp1,$tmp1 + srlx $tmp2,`@sigma1[2]-@sigma1[1]`,$tmp2 + xor $tmp0,$tmp1,$tmp1 + sllx %l4,32,$tmp0 + xor $tmp2,$tmp1,$tmp1 ! sigma1(X[$i+14]) + ld [%sp+`$bias+$frame+(($i+1+9)%16)*$SZ+0`],%l4 + or %l5,$tmp0,$tmp0 + ld [%sp+`$bias+$frame+(($i+1+9)%16)*$SZ+4`],%l5 + + sllx %l0,32,$tmp2 + add $tmp1,$T1,$T1 + ld [%sp+`$bias+$frame+(($i+1+0)%16)*$SZ+0`],%l0 + or %l1,$tmp2,$tmp2 + add $tmp0,$T1,$T1 ! +=X[$i+9] + ld [%sp+`$bias+$frame+(($i+1+0)%16)*$SZ+4`],%l1 + add $tmp2,$T1,$T1 ! +=X[$i] + $ST $T1,[%sp+`$bias+$frame+($i%16)*$SZ`] +___ + &BODY_00_15(@_); +} if ($SZ==8); + +$code.=<<___ if ($bits==64); +.register %g2,#scratch +.register %g3,#scratch +___ +$code.=<<___; +.section ".text",#alloc,#execinstr + +.align 64 +K${label}: +.type K${label},#object +___ +if ($SZ==4) { +$code.=<<___; + .long 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5 + .long 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5 + .long 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3 + .long 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174 + .long 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc + .long 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da + .long 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7 + .long 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967 + .long 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13 + .long 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85 + .long 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3 + .long 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070 + .long 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5 + .long 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3 + .long 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208 + .long 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 +___ +} else { +$code.=<<___; + .long 0x428a2f98,0xd728ae22, 0x71374491,0x23ef65cd + .long 0xb5c0fbcf,0xec4d3b2f, 0xe9b5dba5,0x8189dbbc + .long 0x3956c25b,0xf348b538, 0x59f111f1,0xb605d019 + .long 0x923f82a4,0xaf194f9b, 0xab1c5ed5,0xda6d8118 + .long 0xd807aa98,0xa3030242, 0x12835b01,0x45706fbe + .long 0x243185be,0x4ee4b28c, 0x550c7dc3,0xd5ffb4e2 + .long 0x72be5d74,0xf27b896f, 0x80deb1fe,0x3b1696b1 + .long 0x9bdc06a7,0x25c71235, 0xc19bf174,0xcf692694 + .long 0xe49b69c1,0x9ef14ad2, 0xefbe4786,0x384f25e3 + .long 0x0fc19dc6,0x8b8cd5b5, 0x240ca1cc,0x77ac9c65 + .long 0x2de92c6f,0x592b0275, 0x4a7484aa,0x6ea6e483 + .long 0x5cb0a9dc,0xbd41fbd4, 0x76f988da,0x831153b5 + .long 0x983e5152,0xee66dfab, 0xa831c66d,0x2db43210 + .long 0xb00327c8,0x98fb213f, 0xbf597fc7,0xbeef0ee4 + .long 0xc6e00bf3,0x3da88fc2, 0xd5a79147,0x930aa725 + .long 0x06ca6351,0xe003826f, 0x14292967,0x0a0e6e70 + .long 0x27b70a85,0x46d22ffc, 0x2e1b2138,0x5c26c926 + .long 0x4d2c6dfc,0x5ac42aed, 0x53380d13,0x9d95b3df + .long 0x650a7354,0x8baf63de, 0x766a0abb,0x3c77b2a8 + .long 0x81c2c92e,0x47edaee6, 0x92722c85,0x1482353b + .long 0xa2bfe8a1,0x4cf10364, 0xa81a664b,0xbc423001 + .long 0xc24b8b70,0xd0f89791, 0xc76c51a3,0x0654be30 + .long 0xd192e819,0xd6ef5218, 0xd6990624,0x5565a910 + .long 0xf40e3585,0x5771202a, 0x106aa070,0x32bbd1b8 + .long 0x19a4c116,0xb8d2d0c8, 0x1e376c08,0x5141ab53 + .long 0x2748774c,0xdf8eeb99, 0x34b0bcb5,0xe19b48a8 + .long 0x391c0cb3,0xc5c95a63, 0x4ed8aa4a,0xe3418acb + .long 0x5b9cca4f,0x7763e373, 0x682e6ff3,0xd6b2b8a3 + .long 0x748f82ee,0x5defb2fc, 0x78a5636f,0x43172f60 + .long 0x84c87814,0xa1f0ab72, 0x8cc70208,0x1a6439ec + .long 0x90befffa,0x23631e28, 0xa4506ceb,0xde82bde9 + .long 0xbef9a3f7,0xb2c67915, 0xc67178f2,0xe372532b + .long 0xca273ece,0xea26619c, 0xd186b8c7,0x21c0c207 + .long 0xeada7dd6,0xcde0eb1e, 0xf57d4f7f,0xee6ed178 + .long 0x06f067aa,0x72176fba, 0x0a637dc5,0xa2c898a6 + .long 0x113f9804,0xbef90dae, 0x1b710b35,0x131c471b + .long 0x28db77f5,0x23047d84, 0x32caab7b,0x40c72493 + .long 0x3c9ebe0a,0x15c9bebc, 0x431d67c4,0x9c100d4c + .long 0x4cc5d4be,0xcb3e42b6, 0x597f299c,0xfc657e2a + .long 0x5fcb6fab,0x3ad6faec, 0x6c44198c,0x4a475817 +___ +} +$code.=<<___; +.size K${label},.-K${label} +.globl sha${label}_block_data_order +sha${label}_block_data_order: + save %sp,`-$frame-$locals`,%sp + and $inp,`$align-1`,$tmp31 + sllx $len,`log(16*$SZ)/log(2)`,$len + andn $inp,`$align-1`,$inp + sll $tmp31,3,$tmp31 + add $inp,$len,$len +___ +$code.=<<___ if ($SZ==8); # SHA512 + mov 32,$tmp32 + sub $tmp32,$tmp31,$tmp32 +___ +$code.=<<___; +.Lpic: call .+8 + add %o7,K${label}-.Lpic,$Ktbl + + $LD [$ctx+`0*$SZ`],$A + $LD [$ctx+`1*$SZ`],$B + $LD [$ctx+`2*$SZ`],$C + $LD [$ctx+`3*$SZ`],$D + $LD [$ctx+`4*$SZ`],$E + $LD [$ctx+`5*$SZ`],$F + $LD [$ctx+`6*$SZ`],$G + $LD [$ctx+`7*$SZ`],$H + +.Lloop: +___ +for ($i=0;$i<16;$i++) { &BODY_00_15($i,@V); unshift(@V,pop(@V)); } +$code.=".L16_xx:\n"; +for (;$i<32;$i++) { &$BODY_16_XX($i,@V); unshift(@V,pop(@V)); } +$code.=<<___; + and $tmp2,0xfff,$tmp2 + cmp $tmp2,$lastK + bne .L16_xx + add $Ktbl,`16*$SZ`,$Ktbl ! Ktbl+=16 + +___ +$code.=<<___ if ($SZ==4); # SHA256 + $LD [$ctx+`0*$SZ`],@X[0] + $LD [$ctx+`1*$SZ`],@X[1] + $LD [$ctx+`2*$SZ`],@X[2] + $LD [$ctx+`3*$SZ`],@X[3] + $LD [$ctx+`4*$SZ`],@X[4] + $LD [$ctx+`5*$SZ`],@X[5] + $LD [$ctx+`6*$SZ`],@X[6] + $LD [$ctx+`7*$SZ`],@X[7] + + add $A,@X[0],$A + $ST $A,[$ctx+`0*$SZ`] + add $B,@X[1],$B + $ST $B,[$ctx+`1*$SZ`] + add $C,@X[2],$C + $ST $C,[$ctx+`2*$SZ`] + add $D,@X[3],$D + $ST $D,[$ctx+`3*$SZ`] + add $E,@X[4],$E + $ST $E,[$ctx+`4*$SZ`] + add $F,@X[5],$F + $ST $F,[$ctx+`5*$SZ`] + add $G,@X[6],$G + $ST $G,[$ctx+`6*$SZ`] + add $H,@X[7],$H + $ST $H,[$ctx+`7*$SZ`] +___ +$code.=<<___ if ($SZ==8); # SHA512 + ld [$ctx+`0*$SZ+0`],%l0 + ld [$ctx+`0*$SZ+4`],%l1 + ld [$ctx+`1*$SZ+0`],%l2 + ld [$ctx+`1*$SZ+4`],%l3 + ld [$ctx+`2*$SZ+0`],%l4 + ld [$ctx+`2*$SZ+4`],%l5 + ld [$ctx+`3*$SZ+0`],%l6 + + sllx %l0,32,$tmp0 + ld [$ctx+`3*$SZ+4`],%l7 + sllx %l2,32,$tmp1 + or %l1,$tmp0,$tmp0 + or %l3,$tmp1,$tmp1 + add $tmp0,$A,$A + add $tmp1,$B,$B + $ST $A,[$ctx+`0*$SZ`] + sllx %l4,32,$tmp2 + $ST $B,[$ctx+`1*$SZ`] + sllx %l6,32,$T1 + or %l5,$tmp2,$tmp2 + or %l7,$T1,$T1 + add $tmp2,$C,$C + $ST $C,[$ctx+`2*$SZ`] + add $T1,$D,$D + $ST $D,[$ctx+`3*$SZ`] + + ld [$ctx+`4*$SZ+0`],%l0 + ld [$ctx+`4*$SZ+4`],%l1 + ld [$ctx+`5*$SZ+0`],%l2 + ld [$ctx+`5*$SZ+4`],%l3 + ld [$ctx+`6*$SZ+0`],%l4 + ld [$ctx+`6*$SZ+4`],%l5 + ld [$ctx+`7*$SZ+0`],%l6 + + sllx %l0,32,$tmp0 + ld [$ctx+`7*$SZ+4`],%l7 + sllx %l2,32,$tmp1 + or %l1,$tmp0,$tmp0 + or %l3,$tmp1,$tmp1 + add $tmp0,$E,$E + add $tmp1,$F,$F + $ST $E,[$ctx+`4*$SZ`] + sllx %l4,32,$tmp2 + $ST $F,[$ctx+`5*$SZ`] + sllx %l6,32,$T1 + or %l5,$tmp2,$tmp2 + or %l7,$T1,$T1 + add $tmp2,$G,$G + $ST $G,[$ctx+`6*$SZ`] + add $T1,$H,$H + $ST $H,[$ctx+`7*$SZ`] +___ +$code.=<<___; + add $inp,`16*$SZ`,$inp ! advance inp + cmp $inp,$len + bne `$bits==64?"%xcc":"%icc"`,.Lloop + sub $Ktbl,`($rounds-16)*$SZ`,$Ktbl ! rewind Ktbl + + ret + restore +.type sha${label}_block_data_order,#function +.size sha${label}_block_data_order,(.-sha${label}_block_data_order) +.asciz "SHA${label} block transform for SPARCv9, CRYPTOGAMS by " +.align 4 +___ + +$code =~ s/\`([^\`]*)\`/eval $1/gem; +print $code; +close STDOUT; diff --git a/src/lib/libcrypto/sha/asm/sha512-x86_64.pl b/src/lib/libcrypto/sha/asm/sha512-x86_64.pl new file mode 100755 index 00000000000..feb0f9e7767 --- /dev/null +++ b/src/lib/libcrypto/sha/asm/sha512-x86_64.pl @@ -0,0 +1,342 @@ +#!/usr/bin/env perl +# +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. Rights for redistribution and usage in source and binary +# forms are granted according to the OpenSSL license. +# ==================================================================== +# +# sha256/512_block procedure for x86_64. +# +# 40% improvement over compiler-generated code on Opteron. On EM64T +# sha256 was observed to run >80% faster and sha512 - >40%. No magical +# tricks, just straight implementation... I really wonder why gcc +# [being armed with inline assembler] fails to generate as fast code. +# The only thing which is cool about this module is that it's very +# same instruction sequence used for both SHA-256 and SHA-512. In +# former case the instructions operate on 32-bit operands, while in +# latter - on 64-bit ones. All I had to do is to get one flavor right, +# the other one passed the test right away:-) +# +# sha256_block runs in ~1005 cycles on Opteron, which gives you +# asymptotic performance of 64*1000/1005=63.7MBps times CPU clock +# frequency in GHz. sha512_block runs in ~1275 cycles, which results +# in 128*1000/1275=100MBps per GHz. Is there room for improvement? +# Well, if you compare it to IA-64 implementation, which maintains +# X[16] in register bank[!], tends to 4 instructions per CPU clock +# cycle and runs in 1003 cycles, 1275 is very good result for 3-way +# issue Opteron pipeline and X[16] maintained in memory. So that *if* +# there is a way to improve it, *then* the only way would be to try to +# offload X[16] updates to SSE unit, but that would require "deeper" +# loop unroll, which in turn would naturally cause size blow-up, not +# to mention increased complexity! And once again, only *if* it's +# actually possible to noticeably improve overall ILP, instruction +# level parallelism, on a given CPU implementation in this case. +# +# Special note on Intel EM64T. While Opteron CPU exhibits perfect +# perfromance ratio of 1.5 between 64- and 32-bit flavors [see above], +# [currently available] EM64T CPUs apparently are far from it. On the +# contrary, 64-bit version, sha512_block, is ~30% *slower* than 32-bit +# sha256_block:-( This is presumably because 64-bit shifts/rotates +# apparently are not atomic instructions, but implemented in microcode. + +$flavour = shift; +$output = shift; +if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or +die "can't locate x86_64-xlate.pl"; + +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; + +if ($output =~ /512/) { + $func="sha512_block_data_order"; + $TABLE="K512"; + $SZ=8; + @ROT=($A,$B,$C,$D,$E,$F,$G,$H)=("%rax","%rbx","%rcx","%rdx", + "%r8", "%r9", "%r10","%r11"); + ($T1,$a0,$a1,$a2)=("%r12","%r13","%r14","%r15"); + @Sigma0=(28,34,39); + @Sigma1=(14,18,41); + @sigma0=(1, 8, 7); + @sigma1=(19,61, 6); + $rounds=80; +} else { + $func="sha256_block_data_order"; + $TABLE="K256"; + $SZ=4; + @ROT=($A,$B,$C,$D,$E,$F,$G,$H)=("%eax","%ebx","%ecx","%edx", + "%r8d","%r9d","%r10d","%r11d"); + ($T1,$a0,$a1,$a2)=("%r12d","%r13d","%r14d","%r15d"); + @Sigma0=( 2,13,22); + @Sigma1=( 6,11,25); + @sigma0=( 7,18, 3); + @sigma1=(17,19,10); + $rounds=64; +} + +$ctx="%rdi"; # 1st arg +$round="%rdi"; # zaps $ctx +$inp="%rsi"; # 2nd arg +$Tbl="%rbp"; + +$_ctx="16*$SZ+0*8(%rsp)"; +$_inp="16*$SZ+1*8(%rsp)"; +$_end="16*$SZ+2*8(%rsp)"; +$_rsp="16*$SZ+3*8(%rsp)"; +$framesz="16*$SZ+4*8"; + + +sub ROUND_00_15() +{ my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_; + +$code.=<<___; + ror \$`$Sigma1[2]-$Sigma1[1]`,$a0 + mov $f,$a2 + mov $T1,`$SZ*($i&0xf)`(%rsp) + + ror \$`$Sigma0[2]-$Sigma0[1]`,$a1 + xor $e,$a0 + xor $g,$a2 # f^g + + ror \$`$Sigma1[1]-$Sigma1[0]`,$a0 + add $h,$T1 # T1+=h + xor $a,$a1 + + add ($Tbl,$round,$SZ),$T1 # T1+=K[round] + and $e,$a2 # (f^g)&e + mov $b,$h + + ror \$`$Sigma0[1]-$Sigma0[0]`,$a1 + xor $e,$a0 + xor $g,$a2 # Ch(e,f,g)=((f^g)&e)^g + + xor $c,$h # b^c + xor $a,$a1 + add $a2,$T1 # T1+=Ch(e,f,g) + mov $b,$a2 + + ror \$$Sigma1[0],$a0 # Sigma1(e) + and $a,$h # h=(b^c)&a + and $c,$a2 # b&c + + ror \$$Sigma0[0],$a1 # Sigma0(a) + add $a0,$T1 # T1+=Sigma1(e) + add $a2,$h # h+=b&c (completes +=Maj(a,b,c) + + add $T1,$d # d+=T1 + add $T1,$h # h+=T1 + lea 1($round),$round # round++ + add $a1,$h # h+=Sigma0(a) + +___ +} + +sub ROUND_16_XX() +{ my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_; + +$code.=<<___; + mov `$SZ*(($i+1)&0xf)`(%rsp),$a0 + mov `$SZ*(($i+14)&0xf)`(%rsp),$a1 + mov $a0,$T1 + mov $a1,$a2 + + ror \$`$sigma0[1]-$sigma0[0]`,$T1 + xor $a0,$T1 + shr \$$sigma0[2],$a0 + + ror \$$sigma0[0],$T1 + xor $T1,$a0 # sigma0(X[(i+1)&0xf]) + mov `$SZ*(($i+9)&0xf)`(%rsp),$T1 + + ror \$`$sigma1[1]-$sigma1[0]`,$a2 + xor $a1,$a2 + shr \$$sigma1[2],$a1 + + ror \$$sigma1[0],$a2 + add $a0,$T1 + xor $a2,$a1 # sigma1(X[(i+14)&0xf]) + + add `$SZ*($i&0xf)`(%rsp),$T1 + mov $e,$a0 + add $a1,$T1 + mov $a,$a1 +___ + &ROUND_00_15(@_); +} + +$code=<<___; +.text + +.globl $func +.type $func,\@function,4 +.align 16 +$func: + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + mov %rsp,%r11 # copy %rsp + shl \$4,%rdx # num*16 + sub \$$framesz,%rsp + lea ($inp,%rdx,$SZ),%rdx # inp+num*16*$SZ + and \$-64,%rsp # align stack frame + mov $ctx,$_ctx # save ctx, 1st arg + mov $inp,$_inp # save inp, 2nd arh + mov %rdx,$_end # save end pointer, "3rd" arg + mov %r11,$_rsp # save copy of %rsp +.Lprologue: + + lea $TABLE(%rip),$Tbl + + mov $SZ*0($ctx),$A + mov $SZ*1($ctx),$B + mov $SZ*2($ctx),$C + mov $SZ*3($ctx),$D + mov $SZ*4($ctx),$E + mov $SZ*5($ctx),$F + mov $SZ*6($ctx),$G + mov $SZ*7($ctx),$H + jmp .Lloop + +.align 16 +.Lloop: + xor $round,$round +___ + for($i=0;$i<16;$i++) { + $code.=" mov $SZ*$i($inp),$T1\n"; + $code.=" mov @ROT[4],$a0\n"; + $code.=" mov @ROT[0],$a1\n"; + $code.=" bswap $T1\n"; + &ROUND_00_15($i,@ROT); + unshift(@ROT,pop(@ROT)); + } +$code.=<<___; + jmp .Lrounds_16_xx +.align 16 +.Lrounds_16_xx: +___ + for(;$i<32;$i++) { + &ROUND_16_XX($i,@ROT); + unshift(@ROT,pop(@ROT)); + } + +$code.=<<___; + cmp \$$rounds,$round + jb .Lrounds_16_xx + + mov $_ctx,$ctx + lea 16*$SZ($inp),$inp + + add $SZ*0($ctx),$A + add $SZ*1($ctx),$B + add $SZ*2($ctx),$C + add $SZ*3($ctx),$D + add $SZ*4($ctx),$E + add $SZ*5($ctx),$F + add $SZ*6($ctx),$G + add $SZ*7($ctx),$H + + cmp $_end,$inp + + mov $A,$SZ*0($ctx) + mov $B,$SZ*1($ctx) + mov $C,$SZ*2($ctx) + mov $D,$SZ*3($ctx) + mov $E,$SZ*4($ctx) + mov $F,$SZ*5($ctx) + mov $G,$SZ*6($ctx) + mov $H,$SZ*7($ctx) + jb .Lloop + + mov $_rsp,%rsi + mov (%rsi),%r15 + mov 8(%rsi),%r14 + mov 16(%rsi),%r13 + mov 24(%rsi),%r12 + mov 32(%rsi),%rbp + mov 40(%rsi),%rbx + lea 48(%rsi),%rsp +.Lepilogue: + ret +.size $func,.-$func +___ + +if ($SZ==4) { +$code.=<<___; +.align 64 +.type $TABLE,\@object +$TABLE: + .long 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5 + .long 0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5 + .long 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3 + .long 0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174 + .long 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc + .long 0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da + .long 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7 + .long 0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967 + .long 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13 + .long 0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85 + .long 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3 + .long 0xd192e819,0xd6990624,0xf40e3585,0x106aa070 + .long 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5 + .long 0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3 + .long 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208 + .long 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2 +___ +} else { +$code.=<<___; +.align 64 +.type $TABLE,\@object +$TABLE: + .quad 0x428a2f98d728ae22,0x7137449123ef65cd + .quad 0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc + .quad 0x3956c25bf348b538,0x59f111f1b605d019 + .quad 0x923f82a4af194f9b,0xab1c5ed5da6d8118 + .quad 0xd807aa98a3030242,0x12835b0145706fbe + .quad 0x243185be4ee4b28c,0x550c7dc3d5ffb4e2 + .quad 0x72be5d74f27b896f,0x80deb1fe3b1696b1 + .quad 0x9bdc06a725c71235,0xc19bf174cf692694 + .quad 0xe49b69c19ef14ad2,0xefbe4786384f25e3 + .quad 0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65 + .quad 0x2de92c6f592b0275,0x4a7484aa6ea6e483 + .quad 0x5cb0a9dcbd41fbd4,0x76f988da831153b5 + .quad 0x983e5152ee66dfab,0xa831c66d2db43210 + .quad 0xb00327c898fb213f,0xbf597fc7beef0ee4 + .quad 0xc6e00bf33da88fc2,0xd5a79147930aa725 + .quad 0x06ca6351e003826f,0x142929670a0e6e70 + .quad 0x27b70a8546d22ffc,0x2e1b21385c26c926 + .quad 0x4d2c6dfc5ac42aed,0x53380d139d95b3df + .quad 0x650a73548baf63de,0x766a0abb3c77b2a8 + .quad 0x81c2c92e47edaee6,0x92722c851482353b + .quad 0xa2bfe8a14cf10364,0xa81a664bbc423001 + .quad 0xc24b8b70d0f89791,0xc76c51a30654be30 + .quad 0xd192e819d6ef5218,0xd69906245565a910 + .quad 0xf40e35855771202a,0x106aa07032bbd1b8 + .quad 0x19a4c116b8d2d0c8,0x1e376c085141ab53 + .quad 0x2748774cdf8eeb99,0x34b0bcb5e19b48a8 + .quad 0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb + .quad 0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3 + .quad 0x748f82ee5defb2fc,0x78a5636f43172f60 + .quad 0x84c87814a1f0ab72,0x8cc702081a6439ec + .quad 0x90befffa23631e28,0xa4506cebde82bde9 + .quad 0xbef9a3f7b2c67915,0xc67178f2e372532b + .quad 0xca273eceea26619c,0xd186b8c721c0c207 + .quad 0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178 + .quad 0x06f067aa72176fba,0x0a637dc5a2c898a6 + .quad 0x113f9804bef90dae,0x1b710b35131c471b + .quad 0x28db77f523047d84,0x32caab7b40c72493 + .quad 0x3c9ebe0a15c9bebc,0x431d67c49c100d4c + .quad 0x4cc5d4becb3e42b6,0x597f299cfc657e2a + .quad 0x5fcb6fab3ad6faec,0x6c44198c4a475817 +___ +} + +$code =~ s/\`([^\`]*)\`/eval $1/gem; +print $code; +close STDOUT; diff --git a/src/lib/libcrypto/sha/sha.c b/src/lib/libcrypto/sha/sha.c deleted file mode 100644 index 42126551d12..00000000000 --- a/src/lib/libcrypto/sha/sha.c +++ /dev/null @@ -1,124 +0,0 @@ -/* crypto/sha/sha.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include - -#define BUFSIZE 1024*16 - -void do_fp(FILE *f); -void pt(unsigned char *md); -int read(int, void *, unsigned int); -int main(int argc, char **argv) - { - int i,err=0; - FILE *IN; - - if (argc == 1) - { - do_fp(stdin); - } - else - { - for (i=1; i + #ifndef HEADER_SHA_H #define HEADER_SHA_H +#if !defined(HAVE_ATTRIBUTE__BOUNDED__) && !defined(__OpenBSD__) +#define __bounded__(x, y, z) +#endif -#include +#include #ifdef __cplusplus extern "C" { #endif -#if defined(OPENSSL_NO_SHA) || (defined(OPENSSL_NO_SHA0) && defined(OPENSSL_NO_SHA1)) +#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA1) #error SHA is disabled. #endif /* * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! - * ! SHA_LONG has to be at least 32 bits wide. If it's wider, then ! - * ! SHA_LONG_LOG2 has to be defined along. ! + * ! SHA_LONG has to be at least 32 bits wide. ! * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! */ -#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__) -#define SHA_LONG unsigned long -#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) -#define SHA_LONG unsigned long -#define SHA_LONG_LOG2 3 -#else #define SHA_LONG unsigned int -#endif #define SHA_LBLOCK 16 #define SHA_CBLOCK (SHA_LBLOCK*4) /* SHA treats input data as a @@ -97,23 +94,97 @@ typedef struct SHAstate_st SHA_LONG h0,h1,h2,h3,h4; SHA_LONG Nl,Nh; SHA_LONG data[SHA_LBLOCK]; - int num; + unsigned int num; } SHA_CTX; -#ifndef OPENSSL_NO_SHA0 -int SHA_Init(SHA_CTX *c); -int SHA_Update(SHA_CTX *c, const void *data, unsigned long len); -int SHA_Final(unsigned char *md, SHA_CTX *c); -unsigned char *SHA(const unsigned char *d, unsigned long n,unsigned char *md); -void SHA_Transform(SHA_CTX *c, const unsigned char *data); -#endif #ifndef OPENSSL_NO_SHA1 int SHA1_Init(SHA_CTX *c); -int SHA1_Update(SHA_CTX *c, const void *data, unsigned long len); +int SHA1_Update(SHA_CTX *c, const void *data, size_t len) + __attribute__ ((__bounded__(__buffer__,2,3))); int SHA1_Final(unsigned char *md, SHA_CTX *c); -unsigned char *SHA1(const unsigned char *d, unsigned long n,unsigned char *md); +unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md) + __attribute__ ((__bounded__(__buffer__,1,2))); void SHA1_Transform(SHA_CTX *c, const unsigned char *data); #endif + +#define SHA256_CBLOCK (SHA_LBLOCK*4) /* SHA-256 treats input data as a + * contiguous array of 32 bit + * wide big-endian values. */ +#define SHA224_DIGEST_LENGTH 28 +#define SHA256_DIGEST_LENGTH 32 + +typedef struct SHA256state_st + { + SHA_LONG h[8]; + SHA_LONG Nl,Nh; + SHA_LONG data[SHA_LBLOCK]; + unsigned int num,md_len; + } SHA256_CTX; + +#ifndef OPENSSL_NO_SHA256 +int SHA224_Init(SHA256_CTX *c); +int SHA224_Update(SHA256_CTX *c, const void *data, size_t len) + __attribute__ ((__bounded__(__buffer__,2,3))); +int SHA224_Final(unsigned char *md, SHA256_CTX *c); +unsigned char *SHA224(const unsigned char *d, size_t n,unsigned char *md) + __attribute__ ((__bounded__(__buffer__,1,2))); +int SHA256_Init(SHA256_CTX *c); +int SHA256_Update(SHA256_CTX *c, const void *data, size_t len) + __attribute__ ((__bounded__(__buffer__,2,3))); +int SHA256_Final(unsigned char *md, SHA256_CTX *c); +unsigned char *SHA256(const unsigned char *d, size_t n,unsigned char *md) + __attribute__ ((__bounded__(__buffer__,1,2))); +void SHA256_Transform(SHA256_CTX *c, const unsigned char *data); +#endif + +#define SHA384_DIGEST_LENGTH 48 +#define SHA512_DIGEST_LENGTH 64 + +#ifndef OPENSSL_NO_SHA512 +/* + * Unlike 32-bit digest algorithms, SHA-512 *relies* on SHA_LONG64 + * being exactly 64-bit wide. See Implementation Notes in sha512.c + * for further details. + */ +#define SHA512_CBLOCK (SHA_LBLOCK*8) /* SHA-512 treats input data as a + * contiguous array of 64 bit + * wide big-endian values. */ +#if defined(_LP64) +#define SHA_LONG64 unsigned long +#define U64(C) C##UL +#else +#define SHA_LONG64 unsigned long long +#define U64(C) C##ULL +#endif + +typedef struct SHA512state_st + { + SHA_LONG64 h[8]; + SHA_LONG64 Nl,Nh; + union { + SHA_LONG64 d[SHA_LBLOCK]; + unsigned char p[SHA512_CBLOCK]; + } u; + unsigned int num,md_len; + } SHA512_CTX; +#endif + +#ifndef OPENSSL_NO_SHA512 +int SHA384_Init(SHA512_CTX *c); +int SHA384_Update(SHA512_CTX *c, const void *data, size_t len) + __attribute__ ((__bounded__(__buffer__,2,3))); +int SHA384_Final(unsigned char *md, SHA512_CTX *c); +unsigned char *SHA384(const unsigned char *d, size_t n,unsigned char *md) + __attribute__ ((__bounded__(__buffer__,1,2))); +int SHA512_Init(SHA512_CTX *c); +int SHA512_Update(SHA512_CTX *c, const void *data, size_t len) + __attribute__ ((__bounded__(__buffer__,2,3))); +int SHA512_Final(unsigned char *md, SHA512_CTX *c); +unsigned char *SHA512(const unsigned char *d, size_t n,unsigned char *md) + __attribute__ ((__bounded__(__buffer__,1,2))); +void SHA512_Transform(SHA512_CTX *c, const unsigned char *data); +#endif + #ifdef __cplusplus } #endif diff --git a/src/lib/libcrypto/sha/sha1.c b/src/lib/libcrypto/sha/sha1.c deleted file mode 100644 index d350c88ee47..00000000000 --- a/src/lib/libcrypto/sha/sha1.c +++ /dev/null @@ -1,127 +0,0 @@ -/* crypto/sha/sha1.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include - -#define BUFSIZE 1024*16 - -void do_fp(FILE *f); -void pt(unsigned char *md); -#ifndef _OSD_POSIX -int read(int, void *, unsigned int); -#endif - -int main(int argc, char **argv) - { - int i,err=0; - FILE *IN; - - if (argc == 1) - { - do_fp(stdin); - } - else - { - for (i=1; i #include + +#include + +#include #include #ifndef OPENSSL_NO_SHA1 -unsigned char *SHA1(const unsigned char *d, unsigned long n, unsigned char *md) +unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md) { SHA_CTX c; static unsigned char m[SHA_DIGEST_LENGTH]; if (md == NULL) md=m; - SHA1_Init(&c); + if (!SHA1_Init(&c)) + return NULL; SHA1_Update(&c,d,n); SHA1_Final(md,&c); - memset(&c,0,sizeof(c)); + explicit_bzero(&c,sizeof(c)); return(md); } #endif diff --git a/src/lib/libcrypto/sha/sha1dgst.c b/src/lib/libcrypto/sha/sha1dgst.c index 182f65982ab..583d1068ba4 100644 --- a/src/lib/libcrypto/sha/sha1dgst.c +++ b/src/lib/libcrypto/sha/sha1dgst.c @@ -1,4 +1,4 @@ -/* crypto/sha/sha1dgst.c */ +/* $OpenBSD: sha1dgst.c,v 1.14 2015/09/13 21:09:56 doug Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -56,14 +56,13 @@ * [including the GNU Public Licence.] */ -#if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_SHA) +#include -#undef SHA_0 -#define SHA_1 +#include -#include +#if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_SHA) -const char *SHA1_version="SHA1" OPENSSL_VERSION_PTEXT; +#include /* The implementation is in ../md32_common.h */ diff --git a/src/lib/libcrypto/sha/sha1s.cpp b/src/lib/libcrypto/sha/sha1s.cpp deleted file mode 100644 index af23d1e0f21..00000000000 --- a/src/lib/libcrypto/sha/sha1s.cpp +++ /dev/null @@ -1,82 +0,0 @@ -// -// gettsc.inl -// -// gives access to the Pentium's (secret) cycle counter -// -// This software was written by Leonard Janke (janke@unixg.ubc.ca) -// in 1996-7 and is entered, by him, into the public domain. - -#if defined(__WATCOMC__) -void GetTSC(unsigned long&); -#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax]; -#elif defined(__GNUC__) -inline -void GetTSC(unsigned long& tsc) -{ - asm volatile(".byte 15, 49\n\t" - : "=eax" (tsc) - : - : "%edx", "%eax"); -} -#elif defined(_MSC_VER) -inline -void GetTSC(unsigned long& tsc) -{ - unsigned long a; - __asm _emit 0fh - __asm _emit 31h - __asm mov a, eax; - tsc=a; -} -#endif - -#include -#include -#include - -#define sha1_block_x86 sha1_block_asm_data_order -extern "C" { -void sha1_block_x86(SHA_CTX *ctx, unsigned char *buffer,int num); -} - -void main(int argc,char *argv[]) - { - unsigned char buffer[64*256]; - SHA_CTX ctx; - unsigned long s1,s2,e1,e2; - unsigned char k[16]; - unsigned long data[2]; - unsigned char iv[8]; - int i,num=0,numm; - int j=0; - - if (argc >= 2) - num=atoi(argv[1]); - - if (num == 0) num=16; - if (num > 250) num=16; - numm=num+2; -#if 0 - num*=64; - numm*=64; -#endif - - for (j=0; j<6; j++) - { - for (i=0; i<10; i++) /**/ - { - sha1_block_x86(&ctx,buffer,numm); - GetTSC(s1); - sha1_block_x86(&ctx,buffer,numm); - GetTSC(e1); - GetTSC(s2); - sha1_block_x86(&ctx,buffer,num); - GetTSC(e2); - sha1_block_x86(&ctx,buffer,num); - } - - printf("sha1 (%d bytes) %d %d (%.2f)\n",num*64, - e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2); - } - } - diff --git a/src/lib/libcrypto/sha/sha1test.c b/src/lib/libcrypto/sha/sha1test.c deleted file mode 100644 index 499a1cf5af0..00000000000 --- a/src/lib/libcrypto/sha/sha1test.c +++ /dev/null @@ -1,172 +0,0 @@ -/* crypto/sha/sha1test.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include - -#ifdef OPENSSL_NO_SHA -int main(int argc, char *argv[]) -{ - printf("No SHA support\n"); - return(0); -} -#else -#include -#include - -#ifdef CHARSET_EBCDIC -#include -#endif - -#undef SHA_0 /* FIPS 180 */ -#define SHA_1 /* FIPS 180-1 */ - -static char *test[]={ - "abc", - "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", - NULL, - }; - -#ifdef SHA_0 -static char *ret[]={ - "0164b8a914cd2a5e74c4f7ff082c4d97f1edf880", - "d2516ee1acfa5baf33dfc1c471e438449ef134c8", - }; -static char *bigret= - "3232affa48628a26653b5aaa44541fd90d690603"; -#endif -#ifdef SHA_1 -static char *ret[]={ - "a9993e364706816aba3e25717850c26c9cd0d89d", - "84983e441c3bd26ebaae4aa1f95129e5e54670f1", - }; -static char *bigret= - "34aa973cd4c4daa4f61eeb2bdbad27316534016f"; -#endif - -static char *pt(unsigned char *md); -int main(int argc, char *argv[]) - { - int i,err=0; - unsigned char **P,**R; - static unsigned char buf[1000]; - char *p,*r; - EVP_MD_CTX c; - unsigned char md[SHA_DIGEST_LENGTH]; - -#ifdef CHARSET_EBCDIC - ebcdic2ascii(test[0], test[0], strlen(test[0])); - ebcdic2ascii(test[1], test[1], strlen(test[1])); -#endif - - EVP_MD_CTX_init(&c); - P=(unsigned char **)test; - R=(unsigned char **)ret; - i=1; - while (*P != NULL) - { - EVP_Digest(*P,(unsigned long)strlen((char *)*P),md,NULL,EVP_sha1(), NULL); - p=pt(md); - if (strcmp(p,(char *)*R) != 0) - { - printf("error calculating SHA1 on '%s'\n",*P); - printf("got %s instead of %s\n",p,*R); - err++; - } - else - printf("test %d ok\n",i); - i++; - R++; - P++; - } - - memset(buf,'a',1000); -#ifdef CHARSET_EBCDIC - ebcdic2ascii(buf, buf, 1000); -#endif /*CHARSET_EBCDIC*/ - EVP_DigestInit_ex(&c,EVP_sha1(), NULL); - for (i=0; i<1000; i++) - EVP_DigestUpdate(&c,buf,1000); - EVP_DigestFinal_ex(&c,md,NULL); - p=pt(md); - - r=bigret; - if (strcmp(p,r) != 0) - { - printf("error calculating SHA1 on 'a' * 1000\n"); - printf("got %s instead of %s\n",p,r); - err++; - } - else - printf("test 3 ok\n"); - exit(err); - EVP_MD_CTX_cleanup(&c); - return(0); - } - -static char *pt(unsigned char *md) - { - int i; - static char buf[80]; - - for (i=0; i + +#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256) + +#include + +#include +#include + +#include +#include +#include + +int SHA224_Init(SHA256_CTX *c) + { + memset (c,0,sizeof(*c)); + c->h[0]=0xc1059ed8UL; c->h[1]=0x367cd507UL; + c->h[2]=0x3070dd17UL; c->h[3]=0xf70e5939UL; + c->h[4]=0xffc00b31UL; c->h[5]=0x68581511UL; + c->h[6]=0x64f98fa7UL; c->h[7]=0xbefa4fa4UL; + c->md_len=SHA224_DIGEST_LENGTH; + return 1; + } + +int SHA256_Init(SHA256_CTX *c) + { + memset (c,0,sizeof(*c)); + c->h[0]=0x6a09e667UL; c->h[1]=0xbb67ae85UL; + c->h[2]=0x3c6ef372UL; c->h[3]=0xa54ff53aUL; + c->h[4]=0x510e527fUL; c->h[5]=0x9b05688cUL; + c->h[6]=0x1f83d9abUL; c->h[7]=0x5be0cd19UL; + c->md_len=SHA256_DIGEST_LENGTH; + return 1; + } + +unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md) + { + SHA256_CTX c; + static unsigned char m[SHA224_DIGEST_LENGTH]; + + if (md == NULL) md=m; + SHA224_Init(&c); + SHA256_Update(&c,d,n); + SHA256_Final(md,&c); + explicit_bzero(&c,sizeof(c)); + return(md); + } + +unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md) + { + SHA256_CTX c; + static unsigned char m[SHA256_DIGEST_LENGTH]; + + if (md == NULL) md=m; + SHA256_Init(&c); + SHA256_Update(&c,d,n); + SHA256_Final(md,&c); + explicit_bzero(&c,sizeof(c)); + return(md); + } + +int SHA224_Update(SHA256_CTX *c, const void *data, size_t len) +{ return SHA256_Update (c,data,len); } +int SHA224_Final (unsigned char *md, SHA256_CTX *c) +{ return SHA256_Final (md,c); } + +#define DATA_ORDER_IS_BIG_ENDIAN + +#define HASH_LONG SHA_LONG +#define HASH_CTX SHA256_CTX +#define HASH_CBLOCK SHA_CBLOCK +/* + * Note that FIPS180-2 discusses "Truncation of the Hash Function Output." + * default: case below covers for it. It's not clear however if it's + * permitted to truncate to amount of bytes not divisible by 4. I bet not, + * but if it is, then default: case shall be extended. For reference. + * Idea behind separate cases for pre-defined lengths is to let the + * compiler decide if it's appropriate to unroll small loops. + */ +#define HASH_MAKE_STRING(c,s) do { \ + unsigned long ll; \ + unsigned int nn; \ + switch ((c)->md_len) \ + { case SHA224_DIGEST_LENGTH: \ + for (nn=0;nnh[nn]; HOST_l2c(ll,(s)); } \ + break; \ + case SHA256_DIGEST_LENGTH: \ + for (nn=0;nnh[nn]; HOST_l2c(ll,(s)); } \ + break; \ + default: \ + if ((c)->md_len > SHA256_DIGEST_LENGTH) \ + return 0; \ + for (nn=0;nn<(c)->md_len/4;nn++) \ + { ll=(c)->h[nn]; HOST_l2c(ll,(s)); } \ + break; \ + } \ + } while (0) + +#define HASH_UPDATE SHA256_Update +#define HASH_TRANSFORM SHA256_Transform +#define HASH_FINAL SHA256_Final +#define HASH_BLOCK_DATA_ORDER sha256_block_data_order +#ifndef SHA256_ASM +static +#endif +void sha256_block_data_order (SHA256_CTX *ctx, const void *in, size_t num); + +#include "md32_common.h" + +#ifndef SHA256_ASM +static const SHA_LONG K256[64] = { + 0x428a2f98UL,0x71374491UL,0xb5c0fbcfUL,0xe9b5dba5UL, + 0x3956c25bUL,0x59f111f1UL,0x923f82a4UL,0xab1c5ed5UL, + 0xd807aa98UL,0x12835b01UL,0x243185beUL,0x550c7dc3UL, + 0x72be5d74UL,0x80deb1feUL,0x9bdc06a7UL,0xc19bf174UL, + 0xe49b69c1UL,0xefbe4786UL,0x0fc19dc6UL,0x240ca1ccUL, + 0x2de92c6fUL,0x4a7484aaUL,0x5cb0a9dcUL,0x76f988daUL, + 0x983e5152UL,0xa831c66dUL,0xb00327c8UL,0xbf597fc7UL, + 0xc6e00bf3UL,0xd5a79147UL,0x06ca6351UL,0x14292967UL, + 0x27b70a85UL,0x2e1b2138UL,0x4d2c6dfcUL,0x53380d13UL, + 0x650a7354UL,0x766a0abbUL,0x81c2c92eUL,0x92722c85UL, + 0xa2bfe8a1UL,0xa81a664bUL,0xc24b8b70UL,0xc76c51a3UL, + 0xd192e819UL,0xd6990624UL,0xf40e3585UL,0x106aa070UL, + 0x19a4c116UL,0x1e376c08UL,0x2748774cUL,0x34b0bcb5UL, + 0x391c0cb3UL,0x4ed8aa4aUL,0x5b9cca4fUL,0x682e6ff3UL, + 0x748f82eeUL,0x78a5636fUL,0x84c87814UL,0x8cc70208UL, + 0x90befffaUL,0xa4506cebUL,0xbef9a3f7UL,0xc67178f2UL }; + +/* + * FIPS specification refers to right rotations, while our ROTATE macro + * is left one. This is why you might notice that rotation coefficients + * differ from those observed in FIPS document by 32-N... + */ +#define Sigma0(x) (ROTATE((x),30) ^ ROTATE((x),19) ^ ROTATE((x),10)) +#define Sigma1(x) (ROTATE((x),26) ^ ROTATE((x),21) ^ ROTATE((x),7)) +#define sigma0(x) (ROTATE((x),25) ^ ROTATE((x),14) ^ ((x)>>3)) +#define sigma1(x) (ROTATE((x),15) ^ ROTATE((x),13) ^ ((x)>>10)) + +#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) +#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) + +#ifdef OPENSSL_SMALL_FOOTPRINT + +static void sha256_block_data_order (SHA256_CTX *ctx, const void *in, size_t num) + { + unsigned MD32_REG_T a,b,c,d,e,f,g,h,s0,s1,T1,T2; + SHA_LONG X[16],l; + int i; + const unsigned char *data=in; + + while (num--) { + + a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3]; + e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7]; + + for (i=0;i<16;i++) + { + HOST_c2l(data,l); T1 = X[i] = l; + T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i]; + T2 = Sigma0(a) + Maj(a,b,c); + h = g; g = f; f = e; e = d + T1; + d = c; c = b; b = a; a = T1 + T2; + } + + for (;i<64;i++) + { + s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); + s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); + + T1 = X[i&0xf] += s0 + s1 + X[(i+9)&0xf]; + T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i]; + T2 = Sigma0(a) + Maj(a,b,c); + h = g; g = f; f = e; e = d + T1; + d = c; c = b; b = a; a = T1 + T2; + } + + ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d; + ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h; + + } +} + +#else + +#define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \ + T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i]; \ + h = Sigma0(a) + Maj(a,b,c); \ + d += T1; h += T1; } while (0) + +#define ROUND_16_63(i,a,b,c,d,e,f,g,h,X) do { \ + s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); \ + s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); \ + T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \ + ROUND_00_15(i,a,b,c,d,e,f,g,h); } while (0) + +static void sha256_block_data_order (SHA256_CTX *ctx, const void *in, size_t num) + { + unsigned MD32_REG_T a,b,c,d,e,f,g,h,s0,s1,T1; + SHA_LONG X[16]; + int i; + const unsigned char *data=in; + + while (num--) { + + a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3]; + e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7]; + + if (BYTE_ORDER != LITTLE_ENDIAN && + sizeof(SHA_LONG)==4 && ((size_t)in%4)==0) + { + const SHA_LONG *W=(const SHA_LONG *)data; + + T1 = X[0] = W[0]; ROUND_00_15(0,a,b,c,d,e,f,g,h); + T1 = X[1] = W[1]; ROUND_00_15(1,h,a,b,c,d,e,f,g); + T1 = X[2] = W[2]; ROUND_00_15(2,g,h,a,b,c,d,e,f); + T1 = X[3] = W[3]; ROUND_00_15(3,f,g,h,a,b,c,d,e); + T1 = X[4] = W[4]; ROUND_00_15(4,e,f,g,h,a,b,c,d); + T1 = X[5] = W[5]; ROUND_00_15(5,d,e,f,g,h,a,b,c); + T1 = X[6] = W[6]; ROUND_00_15(6,c,d,e,f,g,h,a,b); + T1 = X[7] = W[7]; ROUND_00_15(7,b,c,d,e,f,g,h,a); + T1 = X[8] = W[8]; ROUND_00_15(8,a,b,c,d,e,f,g,h); + T1 = X[9] = W[9]; ROUND_00_15(9,h,a,b,c,d,e,f,g); + T1 = X[10] = W[10]; ROUND_00_15(10,g,h,a,b,c,d,e,f); + T1 = X[11] = W[11]; ROUND_00_15(11,f,g,h,a,b,c,d,e); + T1 = X[12] = W[12]; ROUND_00_15(12,e,f,g,h,a,b,c,d); + T1 = X[13] = W[13]; ROUND_00_15(13,d,e,f,g,h,a,b,c); + T1 = X[14] = W[14]; ROUND_00_15(14,c,d,e,f,g,h,a,b); + T1 = X[15] = W[15]; ROUND_00_15(15,b,c,d,e,f,g,h,a); + + data += SHA256_CBLOCK; + } + else + { + SHA_LONG l; + + HOST_c2l(data,l); T1 = X[0] = l; ROUND_00_15(0,a,b,c,d,e,f,g,h); + HOST_c2l(data,l); T1 = X[1] = l; ROUND_00_15(1,h,a,b,c,d,e,f,g); + HOST_c2l(data,l); T1 = X[2] = l; ROUND_00_15(2,g,h,a,b,c,d,e,f); + HOST_c2l(data,l); T1 = X[3] = l; ROUND_00_15(3,f,g,h,a,b,c,d,e); + HOST_c2l(data,l); T1 = X[4] = l; ROUND_00_15(4,e,f,g,h,a,b,c,d); + HOST_c2l(data,l); T1 = X[5] = l; ROUND_00_15(5,d,e,f,g,h,a,b,c); + HOST_c2l(data,l); T1 = X[6] = l; ROUND_00_15(6,c,d,e,f,g,h,a,b); + HOST_c2l(data,l); T1 = X[7] = l; ROUND_00_15(7,b,c,d,e,f,g,h,a); + HOST_c2l(data,l); T1 = X[8] = l; ROUND_00_15(8,a,b,c,d,e,f,g,h); + HOST_c2l(data,l); T1 = X[9] = l; ROUND_00_15(9,h,a,b,c,d,e,f,g); + HOST_c2l(data,l); T1 = X[10] = l; ROUND_00_15(10,g,h,a,b,c,d,e,f); + HOST_c2l(data,l); T1 = X[11] = l; ROUND_00_15(11,f,g,h,a,b,c,d,e); + HOST_c2l(data,l); T1 = X[12] = l; ROUND_00_15(12,e,f,g,h,a,b,c,d); + HOST_c2l(data,l); T1 = X[13] = l; ROUND_00_15(13,d,e,f,g,h,a,b,c); + HOST_c2l(data,l); T1 = X[14] = l; ROUND_00_15(14,c,d,e,f,g,h,a,b); + HOST_c2l(data,l); T1 = X[15] = l; ROUND_00_15(15,b,c,d,e,f,g,h,a); + } + + for (i=16;i<64;i+=8) + { + ROUND_16_63(i+0,a,b,c,d,e,f,g,h,X); + ROUND_16_63(i+1,h,a,b,c,d,e,f,g,X); + ROUND_16_63(i+2,g,h,a,b,c,d,e,f,X); + ROUND_16_63(i+3,f,g,h,a,b,c,d,e,X); + ROUND_16_63(i+4,e,f,g,h,a,b,c,d,X); + ROUND_16_63(i+5,d,e,f,g,h,a,b,c,X); + ROUND_16_63(i+6,c,d,e,f,g,h,a,b,X); + ROUND_16_63(i+7,b,c,d,e,f,g,h,a,X); + } + + ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d; + ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h; + + } + } + +#endif +#endif /* SHA256_ASM */ + +#endif /* OPENSSL_NO_SHA256 */ diff --git a/src/lib/libcrypto/sha/sha512.c b/src/lib/libcrypto/sha/sha512.c new file mode 100644 index 00000000000..6b95cfa72e1 --- /dev/null +++ b/src/lib/libcrypto/sha/sha512.c @@ -0,0 +1,547 @@ +/* $OpenBSD: sha512.c,v 1.15 2016/11/04 13:56:05 miod Exp $ */ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved + * according to the OpenSSL license [found in ../../LICENSE]. + * ==================================================================== + */ + +#include + +#include +#include + +#include + +#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512) +/* + * IMPLEMENTATION NOTES. + * + * As you might have noticed 32-bit hash algorithms: + * + * - permit SHA_LONG to be wider than 32-bit (case on CRAY); + * - optimized versions implement two transform functions: one operating + * on [aligned] data in host byte order and one - on data in input + * stream byte order; + * - share common byte-order neutral collector and padding function + * implementations, ../md32_common.h; + * + * Neither of the above applies to this SHA-512 implementations. Reasons + * [in reverse order] are: + * + * - it's the only 64-bit hash algorithm for the moment of this writing, + * there is no need for common collector/padding implementation [yet]; + * - by supporting only one transform function [which operates on + * *aligned* data in input stream byte order, big-endian in this case] + * we minimize burden of maintenance in two ways: a) collector/padding + * function is simpler; b) only one transform function to stare at; + * - SHA_LONG64 is required to be exactly 64-bit in order to be able to + * apply a number of optimizations to mitigate potential performance + * penalties caused by previous design decision; + * + * Caveat lector. + * + * Implementation relies on the fact that "long long" is 64-bit on + * both 32- and 64-bit platforms. If some compiler vendor comes up + * with 128-bit long long, adjustment to sha.h would be required. + * As this implementation relies on 64-bit integer type, it's totally + * inappropriate for platforms which don't support it, most notably + * 16-bit platforms. + * + */ + +#include +#include +#include + +#if !defined(__STRICT_ALIGNMENT) || defined(SHA512_ASM) +#define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA +#endif + +int SHA384_Init(SHA512_CTX *c) + { + c->h[0]=U64(0xcbbb9d5dc1059ed8); + c->h[1]=U64(0x629a292a367cd507); + c->h[2]=U64(0x9159015a3070dd17); + c->h[3]=U64(0x152fecd8f70e5939); + c->h[4]=U64(0x67332667ffc00b31); + c->h[5]=U64(0x8eb44a8768581511); + c->h[6]=U64(0xdb0c2e0d64f98fa7); + c->h[7]=U64(0x47b5481dbefa4fa4); + + c->Nl=0; c->Nh=0; + c->num=0; c->md_len=SHA384_DIGEST_LENGTH; + return 1; + } + +int SHA512_Init(SHA512_CTX *c) + { + c->h[0]=U64(0x6a09e667f3bcc908); + c->h[1]=U64(0xbb67ae8584caa73b); + c->h[2]=U64(0x3c6ef372fe94f82b); + c->h[3]=U64(0xa54ff53a5f1d36f1); + c->h[4]=U64(0x510e527fade682d1); + c->h[5]=U64(0x9b05688c2b3e6c1f); + c->h[6]=U64(0x1f83d9abfb41bd6b); + c->h[7]=U64(0x5be0cd19137e2179); + + c->Nl=0; c->Nh=0; + c->num=0; c->md_len=SHA512_DIGEST_LENGTH; + return 1; + } + +#ifndef SHA512_ASM +static +#endif +void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num); + +int SHA512_Final (unsigned char *md, SHA512_CTX *c) + { + unsigned char *p=(unsigned char *)c->u.p; + size_t n=c->num; + + p[n]=0x80; /* There always is a room for one */ + n++; + if (n > (sizeof(c->u)-16)) + memset (p+n,0,sizeof(c->u)-n), n=0, + sha512_block_data_order (c,p,1); + + memset (p+n,0,sizeof(c->u)-16-n); +#if BYTE_ORDER == BIG_ENDIAN + c->u.d[SHA_LBLOCK-2] = c->Nh; + c->u.d[SHA_LBLOCK-1] = c->Nl; +#else + p[sizeof(c->u)-1] = (unsigned char)(c->Nl); + p[sizeof(c->u)-2] = (unsigned char)(c->Nl>>8); + p[sizeof(c->u)-3] = (unsigned char)(c->Nl>>16); + p[sizeof(c->u)-4] = (unsigned char)(c->Nl>>24); + p[sizeof(c->u)-5] = (unsigned char)(c->Nl>>32); + p[sizeof(c->u)-6] = (unsigned char)(c->Nl>>40); + p[sizeof(c->u)-7] = (unsigned char)(c->Nl>>48); + p[sizeof(c->u)-8] = (unsigned char)(c->Nl>>56); + p[sizeof(c->u)-9] = (unsigned char)(c->Nh); + p[sizeof(c->u)-10] = (unsigned char)(c->Nh>>8); + p[sizeof(c->u)-11] = (unsigned char)(c->Nh>>16); + p[sizeof(c->u)-12] = (unsigned char)(c->Nh>>24); + p[sizeof(c->u)-13] = (unsigned char)(c->Nh>>32); + p[sizeof(c->u)-14] = (unsigned char)(c->Nh>>40); + p[sizeof(c->u)-15] = (unsigned char)(c->Nh>>48); + p[sizeof(c->u)-16] = (unsigned char)(c->Nh>>56); +#endif + + sha512_block_data_order (c,p,1); + + if (md==0) return 0; + + switch (c->md_len) + { + /* Let compiler decide if it's appropriate to unroll... */ + case SHA384_DIGEST_LENGTH: + for (n=0;nh[n]; + + *(md++) = (unsigned char)(t>>56); + *(md++) = (unsigned char)(t>>48); + *(md++) = (unsigned char)(t>>40); + *(md++) = (unsigned char)(t>>32); + *(md++) = (unsigned char)(t>>24); + *(md++) = (unsigned char)(t>>16); + *(md++) = (unsigned char)(t>>8); + *(md++) = (unsigned char)(t); + } + break; + case SHA512_DIGEST_LENGTH: + for (n=0;nh[n]; + + *(md++) = (unsigned char)(t>>56); + *(md++) = (unsigned char)(t>>48); + *(md++) = (unsigned char)(t>>40); + *(md++) = (unsigned char)(t>>32); + *(md++) = (unsigned char)(t>>24); + *(md++) = (unsigned char)(t>>16); + *(md++) = (unsigned char)(t>>8); + *(md++) = (unsigned char)(t); + } + break; + /* ... as well as make sure md_len is not abused. */ + default: return 0; + } + + return 1; + } + +int SHA384_Final (unsigned char *md,SHA512_CTX *c) +{ return SHA512_Final (md,c); } + +int SHA512_Update (SHA512_CTX *c, const void *_data, size_t len) + { + SHA_LONG64 l; + unsigned char *p=c->u.p; + const unsigned char *data=(const unsigned char *)_data; + + if (len==0) return 1; + + l = (c->Nl+(((SHA_LONG64)len)<<3))&U64(0xffffffffffffffff); + if (l < c->Nl) c->Nh++; + if (sizeof(len)>=8) c->Nh+=(((SHA_LONG64)len)>>61); + c->Nl=l; + + if (c->num != 0) + { + size_t n = sizeof(c->u) - c->num; + + if (len < n) + { + memcpy (p+c->num,data,len), c->num += (unsigned int)len; + return 1; + } + else { + memcpy (p+c->num,data,n), c->num = 0; + len-=n, data+=n; + sha512_block_data_order (c,p,1); + } + } + + if (len >= sizeof(c->u)) + { +#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA + if ((size_t)data%sizeof(c->u.d[0]) != 0) + while (len >= sizeof(c->u)) + memcpy (p,data,sizeof(c->u)), + sha512_block_data_order (c,p,1), + len -= sizeof(c->u), + data += sizeof(c->u); + else +#endif + sha512_block_data_order (c,data,len/sizeof(c->u)), + data += len, + len %= sizeof(c->u), + data -= len; + } + + if (len != 0) memcpy (p,data,len), c->num = (int)len; + + return 1; + } + +int SHA384_Update (SHA512_CTX *c, const void *data, size_t len) +{ return SHA512_Update (c,data,len); } + +void SHA512_Transform (SHA512_CTX *c, const unsigned char *data) + { +#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA + if ((size_t)data%sizeof(c->u.d[0]) != 0) + memcpy(c->u.p,data,sizeof(c->u.p)), + data = c->u.p; +#endif + sha512_block_data_order (c,data,1); + } + +unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md) + { + SHA512_CTX c; + static unsigned char m[SHA384_DIGEST_LENGTH]; + + if (md == NULL) md=m; + SHA384_Init(&c); + SHA512_Update(&c,d,n); + SHA512_Final(md,&c); + explicit_bzero(&c,sizeof(c)); + return(md); + } + +unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md) + { + SHA512_CTX c; + static unsigned char m[SHA512_DIGEST_LENGTH]; + + if (md == NULL) md=m; + SHA512_Init(&c); + SHA512_Update(&c,d,n); + SHA512_Final(md,&c); + explicit_bzero(&c,sizeof(c)); + return(md); + } + +#ifndef SHA512_ASM +static const SHA_LONG64 K512[80] = { + U64(0x428a2f98d728ae22),U64(0x7137449123ef65cd), + U64(0xb5c0fbcfec4d3b2f),U64(0xe9b5dba58189dbbc), + U64(0x3956c25bf348b538),U64(0x59f111f1b605d019), + U64(0x923f82a4af194f9b),U64(0xab1c5ed5da6d8118), + U64(0xd807aa98a3030242),U64(0x12835b0145706fbe), + U64(0x243185be4ee4b28c),U64(0x550c7dc3d5ffb4e2), + U64(0x72be5d74f27b896f),U64(0x80deb1fe3b1696b1), + U64(0x9bdc06a725c71235),U64(0xc19bf174cf692694), + U64(0xe49b69c19ef14ad2),U64(0xefbe4786384f25e3), + U64(0x0fc19dc68b8cd5b5),U64(0x240ca1cc77ac9c65), + U64(0x2de92c6f592b0275),U64(0x4a7484aa6ea6e483), + U64(0x5cb0a9dcbd41fbd4),U64(0x76f988da831153b5), + U64(0x983e5152ee66dfab),U64(0xa831c66d2db43210), + U64(0xb00327c898fb213f),U64(0xbf597fc7beef0ee4), + U64(0xc6e00bf33da88fc2),U64(0xd5a79147930aa725), + U64(0x06ca6351e003826f),U64(0x142929670a0e6e70), + U64(0x27b70a8546d22ffc),U64(0x2e1b21385c26c926), + U64(0x4d2c6dfc5ac42aed),U64(0x53380d139d95b3df), + U64(0x650a73548baf63de),U64(0x766a0abb3c77b2a8), + U64(0x81c2c92e47edaee6),U64(0x92722c851482353b), + U64(0xa2bfe8a14cf10364),U64(0xa81a664bbc423001), + U64(0xc24b8b70d0f89791),U64(0xc76c51a30654be30), + U64(0xd192e819d6ef5218),U64(0xd69906245565a910), + U64(0xf40e35855771202a),U64(0x106aa07032bbd1b8), + U64(0x19a4c116b8d2d0c8),U64(0x1e376c085141ab53), + U64(0x2748774cdf8eeb99),U64(0x34b0bcb5e19b48a8), + U64(0x391c0cb3c5c95a63),U64(0x4ed8aa4ae3418acb), + U64(0x5b9cca4f7763e373),U64(0x682e6ff3d6b2b8a3), + U64(0x748f82ee5defb2fc),U64(0x78a5636f43172f60), + U64(0x84c87814a1f0ab72),U64(0x8cc702081a6439ec), + U64(0x90befffa23631e28),U64(0xa4506cebde82bde9), + U64(0xbef9a3f7b2c67915),U64(0xc67178f2e372532b), + U64(0xca273eceea26619c),U64(0xd186b8c721c0c207), + U64(0xeada7dd6cde0eb1e),U64(0xf57d4f7fee6ed178), + U64(0x06f067aa72176fba),U64(0x0a637dc5a2c898a6), + U64(0x113f9804bef90dae),U64(0x1b710b35131c471b), + U64(0x28db77f523047d84),U64(0x32caab7b40c72493), + U64(0x3c9ebe0a15c9bebc),U64(0x431d67c49c100d4c), + U64(0x4cc5d4becb3e42b6),U64(0x597f299cfc657e2a), + U64(0x5fcb6fab3ad6faec),U64(0x6c44198c4a475817) }; + +#if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) +# if defined(__x86_64) || defined(__x86_64__) +# define ROTR(a,n) ({ SHA_LONG64 ret; \ + asm ("rorq %1,%0" \ + : "=r"(ret) \ + : "J"(n),"0"(a) \ + : "cc"); ret; }) +# define PULL64(x) ({ SHA_LONG64 ret=*((const SHA_LONG64 *)(&(x))); \ + asm ("bswapq %0" \ + : "=r"(ret) \ + : "0"(ret)); ret; }) +# elif (defined(__i386) || defined(__i386__)) +# define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\ + unsigned int hi=p[0],lo=p[1]; \ + asm ("bswapl %0; bswapl %1;" \ + : "=r"(lo),"=r"(hi) \ + : "0"(lo),"1"(hi)); \ + ((SHA_LONG64)hi)<<32|lo; }) +# elif (defined(_ARCH_PPC) && defined(__64BIT__)) || defined(_ARCH_PPC64) +# define ROTR(a,n) ({ SHA_LONG64 ret; \ + asm ("rotrdi %0,%1,%2" \ + : "=r"(ret) \ + : "r"(a),"K"(n)); ret; }) +# endif +#endif + +#ifndef PULL64 +#define B(x,j) (((SHA_LONG64)(*(((const unsigned char *)(&x))+j)))<<((7-j)*8)) +#define PULL64(x) (B(x,0)|B(x,1)|B(x,2)|B(x,3)|B(x,4)|B(x,5)|B(x,6)|B(x,7)) +#endif + +#ifndef ROTR +#define ROTR(x,s) (((x)>>s) | (x)<<(64-s)) +#endif + +#define Sigma0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39)) +#define Sigma1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41)) +#define sigma0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7)) +#define sigma1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6)) + +#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) +#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) + + +#if defined(__i386) || defined(__i386__) || defined(_M_IX86) +/* + * This code should give better results on 32-bit CPU with less than + * ~24 registers, both size and performance wise... + */ +static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num) + { + const SHA_LONG64 *W=in; + SHA_LONG64 A,E,T; + SHA_LONG64 X[9+80],*F; + int i; + + while (num--) { + + F = X+80; + A = ctx->h[0]; F[1] = ctx->h[1]; + F[2] = ctx->h[2]; F[3] = ctx->h[3]; + E = ctx->h[4]; F[5] = ctx->h[5]; + F[6] = ctx->h[6]; F[7] = ctx->h[7]; + + for (i=0;i<16;i++,F--) + { + T = PULL64(W[i]); + F[0] = A; + F[4] = E; + F[8] = T; + T += F[7] + Sigma1(E) + Ch(E,F[5],F[6]) + K512[i]; + E = F[3] + T; + A = T + Sigma0(A) + Maj(A,F[1],F[2]); + } + + for (;i<80;i++,F--) + { + T = sigma0(F[8+16-1]); + T += sigma1(F[8+16-14]); + T += F[8+16] + F[8+16-9]; + + F[0] = A; + F[4] = E; + F[8] = T; + T += F[7] + Sigma1(E) + Ch(E,F[5],F[6]) + K512[i]; + E = F[3] + T; + A = T + Sigma0(A) + Maj(A,F[1],F[2]); + } + + ctx->h[0] += A; ctx->h[1] += F[1]; + ctx->h[2] += F[2]; ctx->h[3] += F[3]; + ctx->h[4] += E; ctx->h[5] += F[5]; + ctx->h[6] += F[6]; ctx->h[7] += F[7]; + + W+=SHA_LBLOCK; + } + } + +#elif defined(OPENSSL_SMALL_FOOTPRINT) + +static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num) + { + const SHA_LONG64 *W=in; + SHA_LONG64 a,b,c,d,e,f,g,h,s0,s1,T1,T2; + SHA_LONG64 X[16]; + int i; + + while (num--) { + + a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3]; + e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7]; + + for (i=0;i<16;i++) + { +#if BYTE_ORDER == BIG_ENDIAN + T1 = X[i] = W[i]; +#else + T1 = X[i] = PULL64(W[i]); +#endif + T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i]; + T2 = Sigma0(a) + Maj(a,b,c); + h = g; g = f; f = e; e = d + T1; + d = c; c = b; b = a; a = T1 + T2; + } + + for (;i<80;i++) + { + s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); + s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); + + T1 = X[i&0xf] += s0 + s1 + X[(i+9)&0xf]; + T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i]; + T2 = Sigma0(a) + Maj(a,b,c); + h = g; g = f; f = e; e = d + T1; + d = c; c = b; b = a; a = T1 + T2; + } + + ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d; + ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h; + + W+=SHA_LBLOCK; + } + } + +#else + +#define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \ + T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i]; \ + h = Sigma0(a) + Maj(a,b,c); \ + d += T1; h += T1; } while (0) + +#define ROUND_16_80(i,j,a,b,c,d,e,f,g,h,X) do { \ + s0 = X[(j+1)&0x0f]; s0 = sigma0(s0); \ + s1 = X[(j+14)&0x0f]; s1 = sigma1(s1); \ + T1 = X[(j)&0x0f] += s0 + s1 + X[(j+9)&0x0f]; \ + ROUND_00_15(i+j,a,b,c,d,e,f,g,h); } while (0) + +static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num) + { + const SHA_LONG64 *W=in; + SHA_LONG64 a,b,c,d,e,f,g,h,s0,s1,T1; + SHA_LONG64 X[16]; + int i; + + while (num--) { + + a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3]; + e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7]; + +#if BYTE_ORDER == BIG_ENDIAN + T1 = X[0] = W[0]; ROUND_00_15(0,a,b,c,d,e,f,g,h); + T1 = X[1] = W[1]; ROUND_00_15(1,h,a,b,c,d,e,f,g); + T1 = X[2] = W[2]; ROUND_00_15(2,g,h,a,b,c,d,e,f); + T1 = X[3] = W[3]; ROUND_00_15(3,f,g,h,a,b,c,d,e); + T1 = X[4] = W[4]; ROUND_00_15(4,e,f,g,h,a,b,c,d); + T1 = X[5] = W[5]; ROUND_00_15(5,d,e,f,g,h,a,b,c); + T1 = X[6] = W[6]; ROUND_00_15(6,c,d,e,f,g,h,a,b); + T1 = X[7] = W[7]; ROUND_00_15(7,b,c,d,e,f,g,h,a); + T1 = X[8] = W[8]; ROUND_00_15(8,a,b,c,d,e,f,g,h); + T1 = X[9] = W[9]; ROUND_00_15(9,h,a,b,c,d,e,f,g); + T1 = X[10] = W[10]; ROUND_00_15(10,g,h,a,b,c,d,e,f); + T1 = X[11] = W[11]; ROUND_00_15(11,f,g,h,a,b,c,d,e); + T1 = X[12] = W[12]; ROUND_00_15(12,e,f,g,h,a,b,c,d); + T1 = X[13] = W[13]; ROUND_00_15(13,d,e,f,g,h,a,b,c); + T1 = X[14] = W[14]; ROUND_00_15(14,c,d,e,f,g,h,a,b); + T1 = X[15] = W[15]; ROUND_00_15(15,b,c,d,e,f,g,h,a); +#else + T1 = X[0] = PULL64(W[0]); ROUND_00_15(0,a,b,c,d,e,f,g,h); + T1 = X[1] = PULL64(W[1]); ROUND_00_15(1,h,a,b,c,d,e,f,g); + T1 = X[2] = PULL64(W[2]); ROUND_00_15(2,g,h,a,b,c,d,e,f); + T1 = X[3] = PULL64(W[3]); ROUND_00_15(3,f,g,h,a,b,c,d,e); + T1 = X[4] = PULL64(W[4]); ROUND_00_15(4,e,f,g,h,a,b,c,d); + T1 = X[5] = PULL64(W[5]); ROUND_00_15(5,d,e,f,g,h,a,b,c); + T1 = X[6] = PULL64(W[6]); ROUND_00_15(6,c,d,e,f,g,h,a,b); + T1 = X[7] = PULL64(W[7]); ROUND_00_15(7,b,c,d,e,f,g,h,a); + T1 = X[8] = PULL64(W[8]); ROUND_00_15(8,a,b,c,d,e,f,g,h); + T1 = X[9] = PULL64(W[9]); ROUND_00_15(9,h,a,b,c,d,e,f,g); + T1 = X[10] = PULL64(W[10]); ROUND_00_15(10,g,h,a,b,c,d,e,f); + T1 = X[11] = PULL64(W[11]); ROUND_00_15(11,f,g,h,a,b,c,d,e); + T1 = X[12] = PULL64(W[12]); ROUND_00_15(12,e,f,g,h,a,b,c,d); + T1 = X[13] = PULL64(W[13]); ROUND_00_15(13,d,e,f,g,h,a,b,c); + T1 = X[14] = PULL64(W[14]); ROUND_00_15(14,c,d,e,f,g,h,a,b); + T1 = X[15] = PULL64(W[15]); ROUND_00_15(15,b,c,d,e,f,g,h,a); +#endif + + for (i=16;i<80;i+=16) + { + ROUND_16_80(i, 0,a,b,c,d,e,f,g,h,X); + ROUND_16_80(i, 1,h,a,b,c,d,e,f,g,X); + ROUND_16_80(i, 2,g,h,a,b,c,d,e,f,X); + ROUND_16_80(i, 3,f,g,h,a,b,c,d,e,X); + ROUND_16_80(i, 4,e,f,g,h,a,b,c,d,X); + ROUND_16_80(i, 5,d,e,f,g,h,a,b,c,X); + ROUND_16_80(i, 6,c,d,e,f,g,h,a,b,X); + ROUND_16_80(i, 7,b,c,d,e,f,g,h,a,X); + ROUND_16_80(i, 8,a,b,c,d,e,f,g,h,X); + ROUND_16_80(i, 9,h,a,b,c,d,e,f,g,X); + ROUND_16_80(i,10,g,h,a,b,c,d,e,f,X); + ROUND_16_80(i,11,f,g,h,a,b,c,d,e,X); + ROUND_16_80(i,12,e,f,g,h,a,b,c,d,X); + ROUND_16_80(i,13,d,e,f,g,h,a,b,c,X); + ROUND_16_80(i,14,c,d,e,f,g,h,a,b,X); + ROUND_16_80(i,15,b,c,d,e,f,g,h,a,X); + } + + ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d; + ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h; + + W+=SHA_LBLOCK; + } + } + +#endif + +#endif /* SHA512_ASM */ + +#endif /* !OPENSSL_NO_SHA512 */ diff --git a/src/lib/libcrypto/sha/sha_dgst.c b/src/lib/libcrypto/sha/sha_dgst.c deleted file mode 100644 index 5a4b3ab2045..00000000000 --- a/src/lib/libcrypto/sha/sha_dgst.c +++ /dev/null @@ -1,73 +0,0 @@ -/* crypto/sha/sha1dgst.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA) - -#undef SHA_1 -#define SHA_0 - -#include - -const char *SHA_version="SHA" OPENSSL_VERSION_PTEXT; - -/* The implementation is in ../md32_common.h */ - -#include "sha_locl.h" - -#endif - diff --git a/src/lib/libcrypto/sha/sha_locl.h b/src/lib/libcrypto/sha/sha_locl.h index 471dfb9f8f2..46c9a39be2f 100644 --- a/src/lib/libcrypto/sha/sha_locl.h +++ b/src/lib/libcrypto/sha/sha_locl.h @@ -1,4 +1,4 @@ -/* crypto/sha/sha_locl.h */ +/* $OpenBSD: sha_locl.h,v 1.23 2016/12/23 23:22:25 patrick Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -62,17 +62,11 @@ #include #include -#ifndef SHA_LONG_LOG2 -#define SHA_LONG_LOG2 2 /* default to 32 bits */ -#endif - #define DATA_ORDER_IS_BIG_ENDIAN #define HASH_LONG SHA_LONG -#define HASH_LONG_LOG2 SHA_LONG_LOG2 #define HASH_CTX SHA_CTX #define HASH_CBLOCK SHA_CBLOCK -#define HASH_LBLOCK SHA_LBLOCK #define HASH_MAKE_STRING(c,s) do { \ unsigned long ll; \ ll=(c)->h0; HOST_l2c(ll,(s)); \ @@ -82,54 +76,25 @@ ll=(c)->h4; HOST_l2c(ll,(s)); \ } while (0) -#if defined(SHA_0) - -# define HASH_UPDATE SHA_Update -# define HASH_TRANSFORM SHA_Transform -# define HASH_FINAL SHA_Final -# define HASH_INIT SHA_Init -# define HASH_BLOCK_HOST_ORDER sha_block_host_order -# define HASH_BLOCK_DATA_ORDER sha_block_data_order -# define Xupdate(a,ix,ia,ib,ic,id) (ix=(a)=(ia^ib^ic^id)) - - void sha_block_host_order (SHA_CTX *c, const void *p,int num); - void sha_block_data_order (SHA_CTX *c, const void *p,int num); - -#elif defined(SHA_1) - # define HASH_UPDATE SHA1_Update # define HASH_TRANSFORM SHA1_Transform # define HASH_FINAL SHA1_Final # define HASH_INIT SHA1_Init -# define HASH_BLOCK_HOST_ORDER sha1_block_host_order # define HASH_BLOCK_DATA_ORDER sha1_block_data_order -# if defined(__MWERKS__) && defined(__MC68K__) - /* Metrowerks for Motorola fails otherwise:-( */ -# define Xupdate(a,ix,ia,ib,ic,id) do { (a)=(ia^ib^ic^id); \ - ix=(a)=ROTATE((a),1); \ - } while (0) -# else -# define Xupdate(a,ix,ia,ib,ic,id) ( (a)=(ia^ib^ic^id), \ +# define Xupdate(a,ix,ia,ib,ic,id) ( (a)=(ia^ib^ic^id), \ ix=(a)=ROTATE((a),1) \ ) -# endif - -# ifdef SHA1_ASM -# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) -# define sha1_block_host_order sha1_block_asm_host_order -# define DONT_IMPLEMENT_BLOCK_HOST_ORDER -# define sha1_block_data_order sha1_block_asm_data_order -# define DONT_IMPLEMENT_BLOCK_DATA_ORDER -# define HASH_BLOCK_DATA_ORDER_ALIGNED sha1_block_asm_data_order -# endif -# endif - void sha1_block_host_order (SHA_CTX *c, const void *p,int num); - void sha1_block_data_order (SHA_CTX *c, const void *p,int num); -#else -# error "Either SHA_0 or SHA_1 must be defined." +__BEGIN_HIDDEN_DECLS + +#ifndef SHA1_ASM +static #endif +void sha1_block_data_order (SHA_CTX *c, const void *p,size_t num); + +__END_HIDDEN_DECLS + #include "md32_common.h" #define INIT_DATA_h0 0x67452301UL @@ -138,16 +103,14 @@ #define INIT_DATA_h3 0x10325476UL #define INIT_DATA_h4 0xc3d2e1f0UL -int HASH_INIT (SHA_CTX *c) +int SHA1_Init(SHA_CTX *c) { + memset (c,0,sizeof(*c)); c->h0=INIT_DATA_h0; c->h1=INIT_DATA_h1; c->h2=INIT_DATA_h2; c->h3=INIT_DATA_h3; c->h4=INIT_DATA_h4; - c->Nl=0; - c->Nh=0; - c->num=0; return 1; } @@ -168,6 +131,8 @@ int HASH_INIT (SHA_CTX *c) #define F_40_59(b,c,d) (((b) & (c)) | (((b)|(c)) & (d))) #define F_60_79(b,c,d) F_20_39(b,c,d) +#ifndef OPENSSL_SMALL_FOOTPRINT + #define BODY_00_15(i,a,b,c,d,e,f,xi) \ (f)=xi+(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \ (b)=ROTATE((b),30); @@ -203,7 +168,7 @@ int HASH_INIT (SHA_CTX *c) #ifndef MD32_XARRAY /* * Originally X was an array. As it's automatic it's natural - * to expect RISC compiler to accomodate at least part of it in + * to expect RISC compiler to accommodate at least part of it in * the register bank, isn't it? Unfortunately not all compilers * "find" this expectation reasonable:-( On order to make such * compilers generate better code I replace X[] with a bunch of @@ -220,14 +185,15 @@ int HASH_INIT (SHA_CTX *c) # define X(i) XX[i] #endif -#ifndef DONT_IMPLEMENT_BLOCK_HOST_ORDER -void HASH_BLOCK_HOST_ORDER (SHA_CTX *c, const void *d, int num) +#if !defined(SHA1_ASM) +#include +static void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num) { - const SHA_LONG *W=d; - register unsigned long A,B,C,D,E,T; + const unsigned char *data=p; + unsigned MD32_REG_T A,B,C,D,E,T,l; #ifndef MD32_XARRAY - unsigned long XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, - XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15; + unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, + XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15; #else SHA_LONG XX[16]; #endif @@ -239,41 +205,71 @@ void HASH_BLOCK_HOST_ORDER (SHA_CTX *c, const void *d, int num) E=c->h4; for (;;) + { + + if (BYTE_ORDER != LITTLE_ENDIAN && + sizeof(SHA_LONG)==4 && ((size_t)p%4)==0) + { + const SHA_LONG *W=(const SHA_LONG *)data; + + X( 0) = W[0]; X( 1) = W[ 1]; + BODY_00_15( 0,A,B,C,D,E,T,X( 0)); X( 2) = W[ 2]; + BODY_00_15( 1,T,A,B,C,D,E,X( 1)); X( 3) = W[ 3]; + BODY_00_15( 2,E,T,A,B,C,D,X( 2)); X( 4) = W[ 4]; + BODY_00_15( 3,D,E,T,A,B,C,X( 3)); X( 5) = W[ 5]; + BODY_00_15( 4,C,D,E,T,A,B,X( 4)); X( 6) = W[ 6]; + BODY_00_15( 5,B,C,D,E,T,A,X( 5)); X( 7) = W[ 7]; + BODY_00_15( 6,A,B,C,D,E,T,X( 6)); X( 8) = W[ 8]; + BODY_00_15( 7,T,A,B,C,D,E,X( 7)); X( 9) = W[ 9]; + BODY_00_15( 8,E,T,A,B,C,D,X( 8)); X(10) = W[10]; + BODY_00_15( 9,D,E,T,A,B,C,X( 9)); X(11) = W[11]; + BODY_00_15(10,C,D,E,T,A,B,X(10)); X(12) = W[12]; + BODY_00_15(11,B,C,D,E,T,A,X(11)); X(13) = W[13]; + BODY_00_15(12,A,B,C,D,E,T,X(12)); X(14) = W[14]; + BODY_00_15(13,T,A,B,C,D,E,X(13)); X(15) = W[15]; + BODY_00_15(14,E,T,A,B,C,D,X(14)); + BODY_00_15(15,D,E,T,A,B,C,X(15)); + + data += SHA_CBLOCK; + } + else { - BODY_00_15( 0,A,B,C,D,E,T,W[ 0]); - BODY_00_15( 1,T,A,B,C,D,E,W[ 1]); - BODY_00_15( 2,E,T,A,B,C,D,W[ 2]); - BODY_00_15( 3,D,E,T,A,B,C,W[ 3]); - BODY_00_15( 4,C,D,E,T,A,B,W[ 4]); - BODY_00_15( 5,B,C,D,E,T,A,W[ 5]); - BODY_00_15( 6,A,B,C,D,E,T,W[ 6]); - BODY_00_15( 7,T,A,B,C,D,E,W[ 7]); - BODY_00_15( 8,E,T,A,B,C,D,W[ 8]); - BODY_00_15( 9,D,E,T,A,B,C,W[ 9]); - BODY_00_15(10,C,D,E,T,A,B,W[10]); - BODY_00_15(11,B,C,D,E,T,A,W[11]); - BODY_00_15(12,A,B,C,D,E,T,W[12]); - BODY_00_15(13,T,A,B,C,D,E,W[13]); - BODY_00_15(14,E,T,A,B,C,D,W[14]); - BODY_00_15(15,D,E,T,A,B,C,W[15]); - - BODY_16_19(16,C,D,E,T,A,B,X( 0),W[ 0],W[ 2],W[ 8],W[13]); - BODY_16_19(17,B,C,D,E,T,A,X( 1),W[ 1],W[ 3],W[ 9],W[14]); - BODY_16_19(18,A,B,C,D,E,T,X( 2),W[ 2],W[ 4],W[10],W[15]); - BODY_16_19(19,T,A,B,C,D,E,X( 3),W[ 3],W[ 5],W[11],X( 0)); - - BODY_20_31(20,E,T,A,B,C,D,X( 4),W[ 4],W[ 6],W[12],X( 1)); - BODY_20_31(21,D,E,T,A,B,C,X( 5),W[ 5],W[ 7],W[13],X( 2)); - BODY_20_31(22,C,D,E,T,A,B,X( 6),W[ 6],W[ 8],W[14],X( 3)); - BODY_20_31(23,B,C,D,E,T,A,X( 7),W[ 7],W[ 9],W[15],X( 4)); - BODY_20_31(24,A,B,C,D,E,T,X( 8),W[ 8],W[10],X( 0),X( 5)); - BODY_20_31(25,T,A,B,C,D,E,X( 9),W[ 9],W[11],X( 1),X( 6)); - BODY_20_31(26,E,T,A,B,C,D,X(10),W[10],W[12],X( 2),X( 7)); - BODY_20_31(27,D,E,T,A,B,C,X(11),W[11],W[13],X( 3),X( 8)); - BODY_20_31(28,C,D,E,T,A,B,X(12),W[12],W[14],X( 4),X( 9)); - BODY_20_31(29,B,C,D,E,T,A,X(13),W[13],W[15],X( 5),X(10)); - BODY_20_31(30,A,B,C,D,E,T,X(14),W[14],X( 0),X( 6),X(11)); - BODY_20_31(31,T,A,B,C,D,E,X(15),W[15],X( 1),X( 7),X(12)); + HOST_c2l(data,l); X( 0)=l; HOST_c2l(data,l); X( 1)=l; + BODY_00_15( 0,A,B,C,D,E,T,X( 0)); HOST_c2l(data,l); X( 2)=l; + BODY_00_15( 1,T,A,B,C,D,E,X( 1)); HOST_c2l(data,l); X( 3)=l; + BODY_00_15( 2,E,T,A,B,C,D,X( 2)); HOST_c2l(data,l); X( 4)=l; + BODY_00_15( 3,D,E,T,A,B,C,X( 3)); HOST_c2l(data,l); X( 5)=l; + BODY_00_15( 4,C,D,E,T,A,B,X( 4)); HOST_c2l(data,l); X( 6)=l; + BODY_00_15( 5,B,C,D,E,T,A,X( 5)); HOST_c2l(data,l); X( 7)=l; + BODY_00_15( 6,A,B,C,D,E,T,X( 6)); HOST_c2l(data,l); X( 8)=l; + BODY_00_15( 7,T,A,B,C,D,E,X( 7)); HOST_c2l(data,l); X( 9)=l; + BODY_00_15( 8,E,T,A,B,C,D,X( 8)); HOST_c2l(data,l); X(10)=l; + BODY_00_15( 9,D,E,T,A,B,C,X( 9)); HOST_c2l(data,l); X(11)=l; + BODY_00_15(10,C,D,E,T,A,B,X(10)); HOST_c2l(data,l); X(12)=l; + BODY_00_15(11,B,C,D,E,T,A,X(11)); HOST_c2l(data,l); X(13)=l; + BODY_00_15(12,A,B,C,D,E,T,X(12)); HOST_c2l(data,l); X(14)=l; + BODY_00_15(13,T,A,B,C,D,E,X(13)); HOST_c2l(data,l); X(15)=l; + BODY_00_15(14,E,T,A,B,C,D,X(14)); + BODY_00_15(15,D,E,T,A,B,C,X(15)); + } + + BODY_16_19(16,C,D,E,T,A,B,X( 0),X( 0),X( 2),X( 8),X(13)); + BODY_16_19(17,B,C,D,E,T,A,X( 1),X( 1),X( 3),X( 9),X(14)); + BODY_16_19(18,A,B,C,D,E,T,X( 2),X( 2),X( 4),X(10),X(15)); + BODY_16_19(19,T,A,B,C,D,E,X( 3),X( 3),X( 5),X(11),X( 0)); + + BODY_20_31(20,E,T,A,B,C,D,X( 4),X( 4),X( 6),X(12),X( 1)); + BODY_20_31(21,D,E,T,A,B,C,X( 5),X( 5),X( 7),X(13),X( 2)); + BODY_20_31(22,C,D,E,T,A,B,X( 6),X( 6),X( 8),X(14),X( 3)); + BODY_20_31(23,B,C,D,E,T,A,X( 7),X( 7),X( 9),X(15),X( 4)); + BODY_20_31(24,A,B,C,D,E,T,X( 8),X( 8),X(10),X( 0),X( 5)); + BODY_20_31(25,T,A,B,C,D,E,X( 9),X( 9),X(11),X( 1),X( 6)); + BODY_20_31(26,E,T,A,B,C,D,X(10),X(10),X(12),X( 2),X( 7)); + BODY_20_31(27,D,E,T,A,B,C,X(11),X(11),X(13),X( 3),X( 8)); + BODY_20_31(28,C,D,E,T,A,B,X(12),X(12),X(14),X( 4),X( 9)); + BODY_20_31(29,B,C,D,E,T,A,X(13),X(13),X(15),X( 5),X(10)); + BODY_20_31(30,A,B,C,D,E,T,X(14),X(14),X( 0),X( 6),X(11)); + BODY_20_31(31,T,A,B,C,D,E,X(15),X(15),X( 1),X( 7),X(12)); BODY_32_39(32,E,T,A,B,C,D,X( 0),X( 2),X( 8),X(13)); BODY_32_39(33,D,E,T,A,B,C,X( 1),X( 3),X( 9),X(14)); @@ -332,7 +328,7 @@ void HASH_BLOCK_HOST_ORDER (SHA_CTX *c, const void *d, int num) c->h3=(c->h3+B)&0xffffffffL; c->h4=(c->h4+C)&0xffffffffL; - if (--num <= 0) break; + if (--num == 0) break; A=c->h0; B=c->h1; @@ -340,22 +336,48 @@ void HASH_BLOCK_HOST_ORDER (SHA_CTX *c, const void *d, int num) D=c->h3; E=c->h4; - W+=SHA_LBLOCK; - } + } } #endif -#ifndef DONT_IMPLEMENT_BLOCK_DATA_ORDER -void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, int num) +#else /* OPENSSL_SMALL_FOOTPRINT */ + +#define BODY_00_15(xi) do { \ + T=E+K_00_19+F_00_19(B,C,D); \ + E=D, D=C, C=ROTATE(B,30), B=A; \ + A=ROTATE(A,5)+T+xi; } while(0) + +#define BODY_16_19(xa,xb,xc,xd) do { \ + Xupdate(T,xa,xa,xb,xc,xd); \ + T+=E+K_00_19+F_00_19(B,C,D); \ + E=D, D=C, C=ROTATE(B,30), B=A; \ + A=ROTATE(A,5)+T; } while(0) + +#define BODY_20_39(xa,xb,xc,xd) do { \ + Xupdate(T,xa,xa,xb,xc,xd); \ + T+=E+K_20_39+F_20_39(B,C,D); \ + E=D, D=C, C=ROTATE(B,30), B=A; \ + A=ROTATE(A,5)+T; } while(0) + +#define BODY_40_59(xa,xb,xc,xd) do { \ + Xupdate(T,xa,xa,xb,xc,xd); \ + T+=E+K_40_59+F_40_59(B,C,D); \ + E=D, D=C, C=ROTATE(B,30), B=A; \ + A=ROTATE(A,5)+T; } while(0) + +#define BODY_60_79(xa,xb,xc,xd) do { \ + Xupdate(T,xa,xa,xb,xc,xd); \ + T=E+K_60_79+F_60_79(B,C,D); \ + E=D, D=C, C=ROTATE(B,30), B=A; \ + A=ROTATE(A,5)+T+xa; } while(0) + +#if !defined(SHA1_ASM) +static void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num) { const unsigned char *data=p; - register unsigned long A,B,C,D,E,T,l; -#ifndef MD32_XARRAY - unsigned long XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, - XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15; -#else - SHA_LONG XX[16]; -#endif + unsigned MD32_REG_T A,B,C,D,E,T,l; + int i; + SHA_LONG X[16]; A=c->h0; B=c->h1; @@ -365,101 +387,24 @@ void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, int num) for (;;) { - - HOST_c2l(data,l); X( 0)=l; HOST_c2l(data,l); X( 1)=l; - BODY_00_15( 0,A,B,C,D,E,T,X( 0)); HOST_c2l(data,l); X( 2)=l; - BODY_00_15( 1,T,A,B,C,D,E,X( 1)); HOST_c2l(data,l); X( 3)=l; - BODY_00_15( 2,E,T,A,B,C,D,X( 2)); HOST_c2l(data,l); X( 4)=l; - BODY_00_15( 3,D,E,T,A,B,C,X( 3)); HOST_c2l(data,l); X( 5)=l; - BODY_00_15( 4,C,D,E,T,A,B,X( 4)); HOST_c2l(data,l); X( 6)=l; - BODY_00_15( 5,B,C,D,E,T,A,X( 5)); HOST_c2l(data,l); X( 7)=l; - BODY_00_15( 6,A,B,C,D,E,T,X( 6)); HOST_c2l(data,l); X( 8)=l; - BODY_00_15( 7,T,A,B,C,D,E,X( 7)); HOST_c2l(data,l); X( 9)=l; - BODY_00_15( 8,E,T,A,B,C,D,X( 8)); HOST_c2l(data,l); X(10)=l; - BODY_00_15( 9,D,E,T,A,B,C,X( 9)); HOST_c2l(data,l); X(11)=l; - BODY_00_15(10,C,D,E,T,A,B,X(10)); HOST_c2l(data,l); X(12)=l; - BODY_00_15(11,B,C,D,E,T,A,X(11)); HOST_c2l(data,l); X(13)=l; - BODY_00_15(12,A,B,C,D,E,T,X(12)); HOST_c2l(data,l); X(14)=l; - BODY_00_15(13,T,A,B,C,D,E,X(13)); HOST_c2l(data,l); X(15)=l; - BODY_00_15(14,E,T,A,B,C,D,X(14)); - BODY_00_15(15,D,E,T,A,B,C,X(15)); - - BODY_16_19(16,C,D,E,T,A,B,X( 0),X( 0),X( 2),X( 8),X(13)); - BODY_16_19(17,B,C,D,E,T,A,X( 1),X( 1),X( 3),X( 9),X(14)); - BODY_16_19(18,A,B,C,D,E,T,X( 2),X( 2),X( 4),X(10),X(15)); - BODY_16_19(19,T,A,B,C,D,E,X( 3),X( 3),X( 5),X(11),X( 0)); - - BODY_20_31(20,E,T,A,B,C,D,X( 4),X( 4),X( 6),X(12),X( 1)); - BODY_20_31(21,D,E,T,A,B,C,X( 5),X( 5),X( 7),X(13),X( 2)); - BODY_20_31(22,C,D,E,T,A,B,X( 6),X( 6),X( 8),X(14),X( 3)); - BODY_20_31(23,B,C,D,E,T,A,X( 7),X( 7),X( 9),X(15),X( 4)); - BODY_20_31(24,A,B,C,D,E,T,X( 8),X( 8),X(10),X( 0),X( 5)); - BODY_20_31(25,T,A,B,C,D,E,X( 9),X( 9),X(11),X( 1),X( 6)); - BODY_20_31(26,E,T,A,B,C,D,X(10),X(10),X(12),X( 2),X( 7)); - BODY_20_31(27,D,E,T,A,B,C,X(11),X(11),X(13),X( 3),X( 8)); - BODY_20_31(28,C,D,E,T,A,B,X(12),X(12),X(14),X( 4),X( 9)); - BODY_20_31(29,B,C,D,E,T,A,X(13),X(13),X(15),X( 5),X(10)); - BODY_20_31(30,A,B,C,D,E,T,X(14),X(14),X( 0),X( 6),X(11)); - BODY_20_31(31,T,A,B,C,D,E,X(15),X(15),X( 1),X( 7),X(12)); - - BODY_32_39(32,E,T,A,B,C,D,X( 0),X( 2),X( 8),X(13)); - BODY_32_39(33,D,E,T,A,B,C,X( 1),X( 3),X( 9),X(14)); - BODY_32_39(34,C,D,E,T,A,B,X( 2),X( 4),X(10),X(15)); - BODY_32_39(35,B,C,D,E,T,A,X( 3),X( 5),X(11),X( 0)); - BODY_32_39(36,A,B,C,D,E,T,X( 4),X( 6),X(12),X( 1)); - BODY_32_39(37,T,A,B,C,D,E,X( 5),X( 7),X(13),X( 2)); - BODY_32_39(38,E,T,A,B,C,D,X( 6),X( 8),X(14),X( 3)); - BODY_32_39(39,D,E,T,A,B,C,X( 7),X( 9),X(15),X( 4)); - - BODY_40_59(40,C,D,E,T,A,B,X( 8),X(10),X( 0),X( 5)); - BODY_40_59(41,B,C,D,E,T,A,X( 9),X(11),X( 1),X( 6)); - BODY_40_59(42,A,B,C,D,E,T,X(10),X(12),X( 2),X( 7)); - BODY_40_59(43,T,A,B,C,D,E,X(11),X(13),X( 3),X( 8)); - BODY_40_59(44,E,T,A,B,C,D,X(12),X(14),X( 4),X( 9)); - BODY_40_59(45,D,E,T,A,B,C,X(13),X(15),X( 5),X(10)); - BODY_40_59(46,C,D,E,T,A,B,X(14),X( 0),X( 6),X(11)); - BODY_40_59(47,B,C,D,E,T,A,X(15),X( 1),X( 7),X(12)); - BODY_40_59(48,A,B,C,D,E,T,X( 0),X( 2),X( 8),X(13)); - BODY_40_59(49,T,A,B,C,D,E,X( 1),X( 3),X( 9),X(14)); - BODY_40_59(50,E,T,A,B,C,D,X( 2),X( 4),X(10),X(15)); - BODY_40_59(51,D,E,T,A,B,C,X( 3),X( 5),X(11),X( 0)); - BODY_40_59(52,C,D,E,T,A,B,X( 4),X( 6),X(12),X( 1)); - BODY_40_59(53,B,C,D,E,T,A,X( 5),X( 7),X(13),X( 2)); - BODY_40_59(54,A,B,C,D,E,T,X( 6),X( 8),X(14),X( 3)); - BODY_40_59(55,T,A,B,C,D,E,X( 7),X( 9),X(15),X( 4)); - BODY_40_59(56,E,T,A,B,C,D,X( 8),X(10),X( 0),X( 5)); - BODY_40_59(57,D,E,T,A,B,C,X( 9),X(11),X( 1),X( 6)); - BODY_40_59(58,C,D,E,T,A,B,X(10),X(12),X( 2),X( 7)); - BODY_40_59(59,B,C,D,E,T,A,X(11),X(13),X( 3),X( 8)); - - BODY_60_79(60,A,B,C,D,E,T,X(12),X(14),X( 4),X( 9)); - BODY_60_79(61,T,A,B,C,D,E,X(13),X(15),X( 5),X(10)); - BODY_60_79(62,E,T,A,B,C,D,X(14),X( 0),X( 6),X(11)); - BODY_60_79(63,D,E,T,A,B,C,X(15),X( 1),X( 7),X(12)); - BODY_60_79(64,C,D,E,T,A,B,X( 0),X( 2),X( 8),X(13)); - BODY_60_79(65,B,C,D,E,T,A,X( 1),X( 3),X( 9),X(14)); - BODY_60_79(66,A,B,C,D,E,T,X( 2),X( 4),X(10),X(15)); - BODY_60_79(67,T,A,B,C,D,E,X( 3),X( 5),X(11),X( 0)); - BODY_60_79(68,E,T,A,B,C,D,X( 4),X( 6),X(12),X( 1)); - BODY_60_79(69,D,E,T,A,B,C,X( 5),X( 7),X(13),X( 2)); - BODY_60_79(70,C,D,E,T,A,B,X( 6),X( 8),X(14),X( 3)); - BODY_60_79(71,B,C,D,E,T,A,X( 7),X( 9),X(15),X( 4)); - BODY_60_79(72,A,B,C,D,E,T,X( 8),X(10),X( 0),X( 5)); - BODY_60_79(73,T,A,B,C,D,E,X( 9),X(11),X( 1),X( 6)); - BODY_60_79(74,E,T,A,B,C,D,X(10),X(12),X( 2),X( 7)); - BODY_60_79(75,D,E,T,A,B,C,X(11),X(13),X( 3),X( 8)); - BODY_60_79(76,C,D,E,T,A,B,X(12),X(14),X( 4),X( 9)); - BODY_60_79(77,B,C,D,E,T,A,X(13),X(15),X( 5),X(10)); - BODY_60_79(78,A,B,C,D,E,T,X(14),X( 0),X( 6),X(11)); - BODY_60_79(79,T,A,B,C,D,E,X(15),X( 1),X( 7),X(12)); - - c->h0=(c->h0+E)&0xffffffffL; - c->h1=(c->h1+T)&0xffffffffL; - c->h2=(c->h2+A)&0xffffffffL; - c->h3=(c->h3+B)&0xffffffffL; - c->h4=(c->h4+C)&0xffffffffL; - - if (--num <= 0) break; + for (i=0;i<16;i++) + { HOST_c2l(data,l); X[i]=l; BODY_00_15(X[i]); } + for (i=0;i<4;i++) + { BODY_16_19(X[i], X[i+2], X[i+8], X[(i+13)&15]); } + for (;i<24;i++) + { BODY_20_39(X[i&15], X[(i+2)&15], X[(i+8)&15],X[(i+13)&15]); } + for (i=0;i<20;i++) + { BODY_40_59(X[(i+8)&15],X[(i+10)&15],X[i&15], X[(i+5)&15]); } + for (i=4;i<24;i++) + { BODY_60_79(X[(i+8)&15],X[(i+10)&15],X[i&15], X[(i+5)&15]); } + + c->h0=(c->h0+A)&0xffffffffL; + c->h1=(c->h1+B)&0xffffffffL; + c->h2=(c->h2+C)&0xffffffffL; + c->h3=(c->h3+D)&0xffffffffL; + c->h4=(c->h4+E)&0xffffffffL; + + if (--num == 0) break; A=c->h0; B=c->h1; @@ -470,3 +415,5 @@ void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, int num) } } #endif + +#endif diff --git a/src/lib/libcrypto/sha/sha_one.c b/src/lib/libcrypto/sha/sha_one.c deleted file mode 100644 index 5426faae4af..00000000000 --- a/src/lib/libcrypto/sha/sha_one.c +++ /dev/null @@ -1,76 +0,0 @@ -/* crypto/sha/sha_one.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include - -#ifndef OPENSSL_NO_SHA0 -unsigned char *SHA(const unsigned char *d, unsigned long n, unsigned char *md) - { - SHA_CTX c; - static unsigned char m[SHA_DIGEST_LENGTH]; - - if (md == NULL) md=m; - SHA_Init(&c); - SHA_Update(&c,d,n); - SHA_Final(md,&c); - memset(&c,0,sizeof(c)); - return(md); - } -#endif diff --git a/src/lib/libcrypto/sha/shatest.c b/src/lib/libcrypto/sha/shatest.c deleted file mode 100644 index 331294a74f9..00000000000 --- a/src/lib/libcrypto/sha/shatest.c +++ /dev/null @@ -1,172 +0,0 @@ -/* crypto/sha/shatest.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include - -#ifdef OPENSSL_NO_SHA -int main(int argc, char *argv[]) -{ - printf("No SHA support\n"); - return(0); -} -#else -#include -#include - -#ifdef CHARSET_EBCDIC -#include -#endif - -#define SHA_0 /* FIPS 180 */ -#undef SHA_1 /* FIPS 180-1 */ - -static char *test[]={ - "abc", - "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", - NULL, - }; - -#ifdef SHA_0 -static char *ret[]={ - "0164b8a914cd2a5e74c4f7ff082c4d97f1edf880", - "d2516ee1acfa5baf33dfc1c471e438449ef134c8", - }; -static char *bigret= - "3232affa48628a26653b5aaa44541fd90d690603"; -#endif -#ifdef SHA_1 -static char *ret[]={ - "a9993e364706816aba3e25717850c26c9cd0d89d", - "84983e441c3bd26ebaae4aa1f95129e5e54670f1", - }; -static char *bigret= - "34aa973cd4c4daa4f61eeb2bdbad27316534016f"; -#endif - -static char *pt(unsigned char *md); -int main(int argc, char *argv[]) - { - int i,err=0; - unsigned char **P,**R; - static unsigned char buf[1000]; - char *p,*r; - EVP_MD_CTX c; - unsigned char md[SHA_DIGEST_LENGTH]; - -#ifdef CHARSET_EBCDIC - ebcdic2ascii(test[0], test[0], strlen(test[0])); - ebcdic2ascii(test[1], test[1], strlen(test[1])); -#endif - - EVP_MD_CTX_init(&c); - P=(unsigned char **)test; - R=(unsigned char **)ret; - i=1; - while (*P != NULL) - { - EVP_Digest(*P,(unsigned long)strlen((char *)*P),md,NULL,EVP_sha(), NULL); - p=pt(md); - if (strcmp(p,(char *)*R) != 0) - { - printf("error calculating SHA on '%s'\n",*P); - printf("got %s instead of %s\n",p,*R); - err++; - } - else - printf("test %d ok\n",i); - i++; - R++; - P++; - } - - memset(buf,'a',1000); -#ifdef CHARSET_EBCDIC - ebcdic2ascii(buf, buf, 1000); -#endif /*CHARSET_EBCDIC*/ - EVP_DigestInit_ex(&c,EVP_sha(), NULL); - for (i=0; i<1000; i++) - EVP_DigestUpdate(&c,buf,1000); - EVP_DigestFinal_ex(&c,md,NULL); - p=pt(md); - - r=bigret; - if (strcmp(p,r) != 0) - { - printf("error calculating SHA on '%s'\n",p); - printf("got %s instead of %s\n",p,r); - err++; - } - else - printf("test 3 ok\n"); - EVP_MD_CTX_cleanup(&c); - exit(err); - return(0); - } - -static char *pt(unsigned char *md) - { - int i; - static char buf[80]; - - for (i=0; i + +#include +#include + +#ifdef OPENSSL_NO_SM2 +#error SM2 is disabled. +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * SM2 signature generation. + */ +int SM2_sign(const unsigned char *dgst, int dgstlen, + unsigned char *sig, unsigned int *siglen, EC_KEY *eckey); + +/* + * SM2 signature verification. Assumes input is an SM3 digest + */ +int SM2_verify(const unsigned char *dgst, int dgstlen, + const unsigned char *sig, int siglen, EC_KEY *eckey); + +/* + * SM2 encryption + */ +int SM2_ciphertext_size(const EC_KEY *key, const EVP_MD *digest, + size_t msg_len, size_t *c_size); + +int SM2_plaintext_size(const EC_KEY *key, const EVP_MD *digest, + size_t msg_len, size_t *pl_size); + +int SM2_encrypt(const EC_KEY *key, + const EVP_MD *digest, + const uint8_t *msg, + size_t msg_len, + uint8_t *ciphertext_buf, size_t *ciphertext_len); + +int SM2_decrypt(const EC_KEY *key, + const EVP_MD *digest, + const uint8_t *ciphertext, + size_t ciphertext_len, uint8_t *ptext_buf, size_t *ptext_len); + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_SM2_strings(void); + +/* Error codes for the SM2 functions. */ + +/* Function codes. */ +# define SM2_F_PKEY_SM2_CTRL 274 +# define SM2_F_PKEY_SM2_CTRL_STR 275 +# define SM2_F_PKEY_SM2_KEYGEN 276 +# define SM2_F_PKEY_SM2_PARAMGEN 277 +# define SM2_F_PKEY_SM2_SIGN 278 +# define SM2_F_PKEY_SM2_VERIFY 279 +# define SM2_F_PKEY_SM2_ENCRYPT 280 +# define SM2_F_PKEY_SM2_DECRYPT 281 + +/* Reason codes. */ +# define SM2_R_ASN1_ERROR 115 +# define SM2_R_ASN5_ERROR 1150 +# define SM2_R_BAD_SIGNATURE 156 +# define SM2_R_BIGNUM_OUT_OF_RANGE 144 +# define SM2_R_BUFFER_TOO_SMALL 100 +# define SM2_R_COORDINATES_OUT_OF_RANGE 146 +# define SM2_R_CURVE_DOES_NOT_SUPPORT_ECDH 160 +# define SM2_R_CURVE_DOES_NOT_SUPPORT_SIGNING 159 +# define SM2_R_D2I_ECPKPARAMETERS_FAILURE 117 +# define SM2_R_DECODE_ERROR 142 +# define SM2_R_DIGEST_FAILURE 163 +# define SM2_R_DISCRIMINANT_IS_ZERO 118 +# define SM2_R_EC_GROUP_NEW_BY_NAME_FAILURE 119 +# define SM2_R_FIELD_TOO_LARGE 143 +# define SM2_R_GF2M_NOT_SUPPORTED 147 +# define SM2_R_GROUP2PKPARAMETERS_FAILURE 120 +# define SM2_R_I2D_ECPKPARAMETERS_FAILURE 121 +# define SM2_R_INCOMPATIBLE_OBJECTS 101 +# define SM2_R_INVALID_ARGUMENT 112 +# define SM2_R_INVALID_COMPRESSED_POINT 110 +# define SM2_R_INVALID_COMPRESSION_BIT 109 +# define SM2_R_INVALID_CURVE 141 +# define SM2_R_INVALID_DIGEST 151 +# define SM2_R_INVALID_DIGEST_TYPE 138 +# define SM2_R_INVALID_ENCODING 102 +# define SM2_R_INVALID_FIELD 103 +# define SM2_R_INVALID_FORM 104 +# define SM2_R_INVALID_GROUP_ORDER 122 +# define SM2_R_INVALID_KEY 116 +# define SM2_R_INVALID_OUTPUT_LENGTH 161 +# define SM2_R_INVALID_PEER_KEY 133 +# define SM2_R_INVALID_PENTANOMIAL_BASIS 132 +# define SM2_R_INVALID_PRIVATE_KEY 123 +# define SM2_R_INVALID_TRINOMIAL_BASIS 137 +# define SM2_R_KDF_FAILURE 162 +# define SM2_R_KDF_PARAMETER_ERROR 148 +# define SM2_R_KEYS_NOT_SET 140 +# define SM2_R_MISSING_PARAMETERS 124 +# define SM2_R_MISSING_PRIVATE_KEY 125 +# define SM2_R_NEED_NEW_SETUP_VALUES 157 +# define SM2_R_NOT_A_NIST_PRIME 135 +# define SM2_R_NOT_IMPLEMENTED 126 +# define SM2_R_NOT_INITIALIZED 111 +# define SM2_R_NO_PARAMETERS_SET 139 +# define SM2_R_NO_PRIVATE_VALUE 154 +# define SM2_R_OPERATION_NOT_SUPPORTED 152 +# define SM2_R_PASSED_NULL_PARAMETER 134 +# define SM2_R_PEER_KEY_ERROR 149 +# define SM2_R_PKPARAMETERS2GROUP_FAILURE 127 +# define SM2_R_POINT_ARITHMETIC_FAILURE 155 +# define SM2_R_POINT_AT_INFINITY 106 +# define SM2_R_POINT_IS_NOT_ON_CURVE 107 +# define SM2_R_RANDOM_NUMBER_GENERATION_FAILED 158 +# define SM2_R_SHARED_INFO_ERROR 150 +# define SM2_R_SLOT_FULL 108 +# define SM2_R_UNDEFINED_GENERATOR 113 +# define SM2_R_UNDEFINED_ORDER 128 +# define SM2_R_UNKNOWN_GROUP 129 +# define SM2_R_UNKNOWN_ORDER 114 +# define SM2_R_UNSUPPORTED_FIELD 131 +# define SM2_R_WRONG_CURVE_PARAMETERS 145 +# define SM2_R_WRONG_ORDER 130 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/src/lib/libcrypto/sm2/sm2_crypt.c b/src/lib/libcrypto/sm2/sm2_crypt.c new file mode 100644 index 00000000000..8da902dded5 --- /dev/null +++ b/src/lib/libcrypto/sm2/sm2_crypt.c @@ -0,0 +1,609 @@ +/* + * Copyright (c) 2019 Ribose Inc + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include +#include +#include +#include +#include +#include + +#include "sm2_locl.h" + +typedef struct SM2_Ciphertext_st SM2_Ciphertext; + +SM2_Ciphertext *SM2_Ciphertext_new(void); +void SM2_Ciphertext_free(SM2_Ciphertext *a); +SM2_Ciphertext *d2i_SM2_Ciphertext(SM2_Ciphertext **a, const unsigned char **in, long len); +int i2d_SM2_Ciphertext(SM2_Ciphertext *a, unsigned char **out); + +struct SM2_Ciphertext_st { + BIGNUM *C1x; + BIGNUM *C1y; + ASN1_OCTET_STRING *C3; + ASN1_OCTET_STRING *C2; +}; + +static const ASN1_TEMPLATE SM2_Ciphertext_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(SM2_Ciphertext, C1x), + .field_name = "C1x", + .item = &BIGNUM_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(SM2_Ciphertext, C1y), + .field_name = "C1y", + .item = &BIGNUM_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(SM2_Ciphertext, C3), + .field_name = "C3", + .item = &ASN1_OCTET_STRING_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(SM2_Ciphertext, C2), + .field_name = "C2", + .item = &ASN1_OCTET_STRING_it, + }, +}; + +const ASN1_ITEM SM2_Ciphertext_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = SM2_Ciphertext_seq_tt, + .tcount = sizeof(SM2_Ciphertext_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(SM2_Ciphertext), + .sname = "SM2_Ciphertext", +}; + +SM2_Ciphertext * +d2i_SM2_Ciphertext(SM2_Ciphertext **a, const unsigned char **in, long len) +{ + return (SM2_Ciphertext *) ASN1_item_d2i((ASN1_VALUE **)a, in, len, &SM2_Ciphertext_it); +} + +int +i2d_SM2_Ciphertext(SM2_Ciphertext *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &SM2_Ciphertext_it); +} + +SM2_Ciphertext * +SM2_Ciphertext_new(void) +{ + return (SM2_Ciphertext *)ASN1_item_new(&SM2_Ciphertext_it); +} + +void +SM2_Ciphertext_free(SM2_Ciphertext *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &SM2_Ciphertext_it); +} + +static size_t EC_field_size(const EC_GROUP *group) +{ + /* Is there some simpler way to do this? */ + BIGNUM *p = BN_new(); + size_t field_size = 0; + + if (p == NULL) + goto done; + + EC_GROUP_get_curve_GFp(group, p, NULL, NULL, NULL); + field_size = BN_num_bytes(p); + done: + BN_free(p); + return field_size; +} + +int +SM2_plaintext_size(const EC_KEY *key, const EVP_MD *digest, + size_t msg_len, size_t *pl_size) +{ + size_t field_size = 0; + int md_size = 0; + size_t overhead = 0; + + field_size = EC_field_size(EC_KEY_get0_group(key)); + if (!field_size) { + SM2error(SM2_R_INVALID_FIELD); + return 0; + } + + md_size = EVP_MD_size(digest); + if (md_size <= 0) { + SM2error(SM2_R_INVALID_DIGEST); + return 0; + } + + overhead = 10 + 2 * field_size + md_size; + if (msg_len <= overhead) { + SM2error(SM2_R_INVALID_ARGUMENT); + return 0; + } + + *pl_size = msg_len - overhead; + return 1; +} + +int +SM2_ciphertext_size(const EC_KEY *key, const EVP_MD *digest, + size_t msg_len, size_t *c_size) +{ + size_t field_size = 0; + int md_size = 0; + size_t asn_size = 0; + + field_size = EC_field_size(EC_KEY_get0_group(key)); + if (!field_size) { + SM2error(SM2_R_INVALID_FIELD); + return 0; + } + + md_size = EVP_MD_size(digest); + if (md_size <= 0) { + SM2error(SM2_R_INVALID_DIGEST); + return 0; + } + + asn_size = 2 * ASN1_object_size(0, field_size, V_ASN1_INTEGER) + + ASN1_object_size(0, md_size, V_ASN1_OCTET_STRING) + + ASN1_object_size(0, msg_len, V_ASN1_OCTET_STRING); + + *c_size = ASN1_object_size(1, asn_size, V_ASN1_SEQUENCE); + return 1; +} + +int +SM2_kdf(uint8_t *key, size_t key_len, uint8_t *secret, size_t secret_len, const EVP_MD *digest) +{ + int rc = 0; + uint32_t ctr = 1; + uint8_t ctr_buf[4] = {0}; + EVP_MD_CTX *hash = NULL; + uint8_t *hash_buf = NULL; + size_t hlen = 0; + size_t hadd = 0; + + hash = EVP_MD_CTX_new(); + if (hash == NULL) { + SM2error(ERR_R_MALLOC_FAILURE); + goto done; + } + + EVP_MD_CTX_init(hash); + hlen = EVP_MD_size(digest); + hash_buf = malloc(hlen); + if (hash_buf == NULL) { + SM2error(ERR_R_MALLOC_FAILURE); + goto done; + } + + while ((key_len > 0) && (ctr != 0)) { + if (EVP_DigestInit_ex(hash, digest, NULL) == 0) { + SM2error(ERR_R_EVP_LIB); + goto done; + } + if (EVP_DigestUpdate(hash, secret, secret_len) == 0) { + SM2error(ERR_R_EVP_LIB); + goto done; + } + /* big-endian counter representation */ + ctr_buf[0] = (ctr >> 24) & 0xff; + ctr_buf[1] = (ctr >> 16) & 0xff; + ctr_buf[2] = (ctr >> 8) & 0xff; + ctr_buf[3] = ctr & 0xff; + ctr++; + if (EVP_DigestUpdate(hash, ctr_buf, 4) == 0) { + SM2error(ERR_R_EVP_LIB); + goto done; + } + if (EVP_DigestFinal(hash, hash_buf, NULL) == 0) { + SM2error(ERR_R_EVP_LIB); + goto done; + } + hadd = key_len > hlen ? hlen : key_len; + memcpy(key, hash_buf, hadd); + memset(hash_buf, 0, hlen); + key_len -= hadd; + key += hadd; + } + + rc = 1; +done: + free(hash_buf); + EVP_MD_CTX_free(hash); + return rc; +} + +int SM2_encrypt(const EC_KEY *key, + const EVP_MD *digest, + const uint8_t *msg, + size_t msg_len, uint8_t *ciphertext_buf, size_t *ciphertext_len) +{ + int rc = 0; + size_t i; + size_t x2size = 0; + size_t y2size = 0; + BN_CTX *ctx = NULL; + BIGNUM *k = NULL; + BIGNUM *x1 = NULL; + BIGNUM *y1 = NULL; + BIGNUM *x2 = NULL; + BIGNUM *y2 = NULL; + BIGNUM *order = NULL; + EVP_MD_CTX *hash = NULL; + struct SM2_Ciphertext_st ctext_struct; + const EC_GROUP *group = NULL; + const EC_POINT *P = NULL; + EC_POINT *kG = NULL; + EC_POINT *kP = NULL; + uint8_t *msg_mask = NULL; + uint8_t *x2y2 = NULL; + uint8_t *C3 = NULL; + size_t field_size = 0; + size_t C3_size = 0; + + hash = EVP_MD_CTX_new(); + if (hash == NULL) { + SM2error(ERR_R_MALLOC_FAILURE); + goto done; + } + + group = EC_KEY_get0_group(key); + + if ((order = BN_new()) == NULL) { + SM2error(ERR_R_MALLOC_FAILURE); + goto done; + } + + if (!EC_GROUP_get_order(group, order, NULL)) { + SM2error(SM2_R_INVALID_GROUP_ORDER); + goto done; + } + + P = EC_KEY_get0_public_key(key); + field_size = EC_field_size(group); + if (field_size == 0) { + SM2error(SM2_R_INVALID_FIELD); + goto done; + } + + C3_size = EVP_MD_size(digest); + if (C3_size == 0) { + SM2error(SM2_R_INVALID_DIGEST); + goto done; + } + + kG = EC_POINT_new(group); + kP = EC_POINT_new(group); + if (kG == NULL || kP == NULL) { + SM2error(ERR_R_MALLOC_FAILURE); + goto done; + } + + ctx = BN_CTX_new(); + if (ctx == NULL) { + SM2error(ERR_R_MALLOC_FAILURE); + goto done; + } + + BN_CTX_start(ctx); + k = BN_CTX_get(ctx); + x1 = BN_CTX_get(ctx); + x2 = BN_CTX_get(ctx); + y1 = BN_CTX_get(ctx); + y2 = BN_CTX_get(ctx); + + if (y2 == NULL) { + SM2error(ERR_R_BN_LIB); + goto done; + } + + x2y2 = calloc(1, 2 * field_size); + C3 = calloc(1, C3_size); + + if (x2y2 == NULL || C3 == NULL) { + SM2error(ERR_R_MALLOC_FAILURE); + goto done; + } + + memset(ciphertext_buf, 0, *ciphertext_len); + + if (BN_rand_range(k, order) == 0) { + SM2error(SM2_R_RANDOM_NUMBER_GENERATION_FAILED); + goto done; + } + + if (EC_POINT_mul(group, kG, k, NULL, NULL, ctx) == 0) { + SM2error(ERR_R_EC_LIB); + goto done; + } + + if (EC_POINT_get_affine_coordinates_GFp(group, kG, x1, y1, ctx) == 0) { + SM2error(ERR_R_EC_LIB); + goto done; + } + + if (EC_POINT_mul(group, kP, NULL, P, k, ctx) == 0) { + SM2error(ERR_R_EC_LIB); + goto done; + } + + if (EC_POINT_get_affine_coordinates_GFp(group, kP, x2, y2, ctx) == 0) { + SM2error(ERR_R_EC_LIB); + goto done; + } + + x2size = BN_num_bytes(x2); + y2size = BN_num_bytes(y2); + if ((x2size > field_size) || (y2size > field_size)) { + SM2error(SM2_R_BIGNUM_OUT_OF_RANGE); + goto done; + } + + BN_bn2bin(x2, x2y2 + field_size - x2size); + BN_bn2bin(y2, x2y2 + 2 * field_size - y2size); + + msg_mask = calloc(1, msg_len); + if (msg_mask == NULL) { + SM2error(ERR_R_MALLOC_FAILURE); + goto done; + } + + if (SM2_kdf(msg_mask, msg_len, x2y2, 2 * field_size, digest) == 0) { + SM2error(SM2_R_KDF_FAILURE); + goto done; + } + + for (i = 0; i != msg_len; ++i) + msg_mask[i] ^= msg[i]; + + if (EVP_DigestInit(hash, digest) == 0) { + SM2error(ERR_R_EVP_LIB); + goto done; + } + + if (EVP_DigestUpdate(hash, x2y2, field_size) == 0) { + SM2error(ERR_R_EVP_LIB); + goto done; + } + + if (EVP_DigestUpdate(hash, msg, msg_len) == 0) { + SM2error(ERR_R_EVP_LIB); + goto done; + } + + if (EVP_DigestUpdate(hash, x2y2 + field_size, field_size) == 0) { + SM2error(ERR_R_EVP_LIB); + goto done; + } + + if (EVP_DigestFinal(hash, C3, NULL) == 0) { + SM2error(ERR_R_EVP_LIB); + goto done; + } + + ctext_struct.C1x = x1; + ctext_struct.C1y = y1; + ctext_struct.C3 = ASN1_OCTET_STRING_new(); + ASN1_OCTET_STRING_set(ctext_struct.C3, C3, C3_size); + ctext_struct.C2 = ASN1_OCTET_STRING_new(); + ASN1_OCTET_STRING_set(ctext_struct.C2, msg_mask, msg_len); + + *ciphertext_len = i2d_SM2_Ciphertext(&ctext_struct, &ciphertext_buf); + + ASN1_OCTET_STRING_free(ctext_struct.C2); + ASN1_OCTET_STRING_free(ctext_struct.C3); + + rc = 1; + + done: + free(msg_mask); + free(x2y2); + free(C3); + EVP_MD_CTX_free(hash); + BN_CTX_free(ctx); + EC_POINT_free(kG); + EC_POINT_free(kP); + BN_free(order); + return rc; +} + +int SM2_decrypt(const EC_KEY *key, + const EVP_MD *digest, + const uint8_t *ciphertext, + size_t ciphertext_len, uint8_t *ptext_buf, size_t *ptext_len) +{ + int rc = 0; + int i; + size_t x2size = 0; + size_t y2size = 0; + BN_CTX *ctx = NULL; + const EC_GROUP *group = NULL; + EC_POINT *C1 = NULL; + struct SM2_Ciphertext_st *sm2_ctext = NULL; + BIGNUM *x2 = NULL; + BIGNUM *y2 = NULL; + uint8_t *x2y2 = NULL; + uint8_t *computed_C3 = NULL; + size_t field_size = 0; + int hash_size = 0; + uint8_t *msg_mask = NULL; + const uint8_t *C2 = NULL; + const uint8_t *C3 = NULL; + int msg_len = 0; + EVP_MD_CTX *hash = NULL; + + group = EC_KEY_get0_group(key); + field_size = EC_field_size(group); + hash_size = EVP_MD_size(digest); + + if (field_size == 0) { + SM2error(SM2_R_INVALID_FIELD); + goto done; + } + + if (hash_size == 0) { + SM2error(SM2_R_INVALID_DIGEST); + goto done; + } + + memset(ptext_buf, 0xFF, *ptext_len); + + sm2_ctext = d2i_SM2_Ciphertext(NULL, &ciphertext, ciphertext_len); + + if (sm2_ctext == NULL) { + SM2error(SM2_R_ASN1_ERROR); + goto done; + } + + if (sm2_ctext->C3->length != hash_size) { + SM2error(SM2_R_INVALID_ENCODING); + goto done; + } + + C2 = sm2_ctext->C2->data; + C3 = sm2_ctext->C3->data; + msg_len = sm2_ctext->C2->length; + + ctx = BN_CTX_new(); + if (ctx == NULL) { + SM2error(ERR_R_MALLOC_FAILURE); + goto done; + } + + BN_CTX_start(ctx); + x2 = BN_CTX_get(ctx); + y2 = BN_CTX_get(ctx); + + if ((x2 == NULL) || (y2 == NULL)) { + SM2error(ERR_R_BN_LIB); + goto done; + } + + msg_mask = calloc(1, msg_len); + x2y2 = calloc(1, 2 * field_size); + computed_C3 = calloc(1, hash_size); + + if (msg_mask == NULL || x2y2 == NULL || computed_C3 == NULL) { + SM2error(ERR_R_MALLOC_FAILURE); + goto done; + } + + C1 = EC_POINT_new(group); + if (C1 == NULL) { + SM2error(ERR_R_MALLOC_FAILURE); + goto done; + } + + if (EC_POINT_set_affine_coordinates_GFp + (group, C1, sm2_ctext->C1x, sm2_ctext->C1y, ctx) == 0) + { + SM2error(ERR_R_EC_LIB); + goto done; + } + + if (EC_POINT_mul(group, C1, NULL, C1, EC_KEY_get0_private_key(key), ctx) == 0) { + SM2error(ERR_R_EC_LIB); + goto done; + } + + if (EC_POINT_get_affine_coordinates_GFp(group, C1, x2, y2, ctx) == 0) { + SM2error(ERR_R_EC_LIB); + goto done; + } + + x2size = BN_num_bytes(x2); + y2size = BN_num_bytes(y2); + if ((x2size > field_size) || (y2size > field_size)) { + SM2error(SM2_R_BIGNUM_OUT_OF_RANGE); + goto done; + } + + BN_bn2bin(x2, x2y2 + field_size - x2size); + BN_bn2bin(y2, x2y2 + 2 * field_size - y2size); + + if (SM2_kdf(msg_mask, msg_len, x2y2, 2 * field_size, digest) == 0) { + SM2error(SM2_R_KDF_FAILURE); + goto done; + } + + for (i = 0; i != msg_len; ++i) + ptext_buf[i] = C2[i] ^ msg_mask[i]; + + hash = EVP_MD_CTX_new(); + + if (hash == NULL) { + SM2error(ERR_R_EVP_LIB); + goto done; + } + + if (EVP_DigestInit(hash, digest) == 0) { + SM2error(ERR_R_EVP_LIB); + goto done; + } + + if (EVP_DigestUpdate(hash, x2y2, field_size) == 0) { + SM2error(ERR_R_EVP_LIB); + goto done; + } + + if (EVP_DigestUpdate(hash, ptext_buf, msg_len) == 0) { + SM2error(ERR_R_EVP_LIB); + goto done; + } + + if (EVP_DigestUpdate(hash, x2y2 + field_size, field_size) == 0) { + SM2error(ERR_R_EVP_LIB); + goto done; + } + + if (EVP_DigestFinal(hash, computed_C3, NULL) == 0) { + SM2error(ERR_R_EVP_LIB); + goto done; + } + + if (memcmp(computed_C3, C3, hash_size) != 0) + goto done; + + rc = 1; + *ptext_len = msg_len; + done: + + if (rc == 0) + memset(ptext_buf, 0, *ptext_len); + + free(msg_mask); + free(x2y2); + free(computed_C3); + EC_POINT_free(C1); + BN_CTX_free(ctx); + SM2_Ciphertext_free(sm2_ctext); + EVP_MD_CTX_free(hash); + + return rc; +} diff --git a/src/lib/libcrypto/sm2/sm2_err.c b/src/lib/libcrypto/sm2/sm2_err.c new file mode 100644 index 00000000000..94b9a974751 --- /dev/null +++ b/src/lib/libcrypto/sm2/sm2_err.c @@ -0,0 +1,101 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include + +#ifndef OPENSSL_NO_ERR + +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_SM2,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_SM2,0,reason) + +static ERR_STRING_DATA SM2_str_functs[] = { + {ERR_FUNC(0xfff), "CRYPTO_internal"}, + {0, NULL} +}; + +static ERR_STRING_DATA SM2_str_reasons[] = { + {ERR_REASON(SM2_R_ASN1_ERROR), "asn1 error"}, + {ERR_REASON(SM2_R_ASN5_ERROR), "asn5 error"}, + {ERR_REASON(SM2_R_BAD_SIGNATURE), "bad signature"}, + {ERR_REASON(SM2_R_BIGNUM_OUT_OF_RANGE), "bignum out of range"}, + {ERR_REASON(SM2_R_BUFFER_TOO_SMALL), "buffer too small"}, + {ERR_REASON(SM2_R_COORDINATES_OUT_OF_RANGE), "coordinates out of range"}, + {ERR_REASON(SM2_R_CURVE_DOES_NOT_SUPPORT_ECDH), "curve does not support ecdh"}, + {ERR_REASON(SM2_R_CURVE_DOES_NOT_SUPPORT_SIGNING), "curve does not support signing"}, + {ERR_REASON(SM2_R_D2I_ECPKPARAMETERS_FAILURE), "d2i ecpkparameters failure"}, + {ERR_REASON(SM2_R_DECODE_ERROR), "decode error"}, + {ERR_REASON(SM2_R_DIGEST_FAILURE), "digest calculation failure"}, + {ERR_REASON(SM2_R_DISCRIMINANT_IS_ZERO), "discriminant is zero"}, + {ERR_REASON(SM2_R_EC_GROUP_NEW_BY_NAME_FAILURE), "ec group new by name failure"}, + {ERR_REASON(SM2_R_FIELD_TOO_LARGE), "field too large"}, + {ERR_REASON(SM2_R_GF2M_NOT_SUPPORTED), "gf2m not supported"}, + {ERR_REASON(SM2_R_GROUP2PKPARAMETERS_FAILURE), "group2pkparameters failure"}, + {ERR_REASON(SM2_R_I2D_ECPKPARAMETERS_FAILURE), "i2d ecpkparameters failure"}, + {ERR_REASON(SM2_R_INCOMPATIBLE_OBJECTS), "incompatible objects"}, + {ERR_REASON(SM2_R_INVALID_ARGUMENT), "invalid argument"}, + {ERR_REASON(SM2_R_INVALID_COMPRESSED_POINT), "invalid compressed point"}, + {ERR_REASON(SM2_R_INVALID_COMPRESSION_BIT), "invalid compression bit"}, + {ERR_REASON(SM2_R_INVALID_CURVE), "invalid curve"}, + {ERR_REASON(SM2_R_INVALID_DIGEST), "invalid digest"}, + {ERR_REASON(SM2_R_INVALID_DIGEST_TYPE), "invalid digest type"}, + {ERR_REASON(SM2_R_INVALID_ENCODING), "invalid encoding"}, + {ERR_REASON(SM2_R_INVALID_FIELD), "invalid field"}, + {ERR_REASON(SM2_R_INVALID_FORM), "invalid form"}, + {ERR_REASON(SM2_R_INVALID_GROUP_ORDER), "invalid group order"}, + {ERR_REASON(SM2_R_INVALID_KEY), "invalid key"}, + {ERR_REASON(SM2_R_INVALID_OUTPUT_LENGTH), "invalid output length"}, + {ERR_REASON(SM2_R_INVALID_PEER_KEY), "invalid peer key"}, + {ERR_REASON(SM2_R_INVALID_PENTANOMIAL_BASIS), "invalid pentanomial basis"}, + {ERR_REASON(SM2_R_INVALID_PRIVATE_KEY), "invalid private key"}, + {ERR_REASON(SM2_R_INVALID_TRINOMIAL_BASIS), "invalid trinomial basis"}, + {ERR_REASON(SM2_R_KDF_FAILURE), "kdf calculation failure"}, + {ERR_REASON(SM2_R_KDF_PARAMETER_ERROR), "kdf parameter error"}, + {ERR_REASON(SM2_R_KEYS_NOT_SET), "keys not set"}, + {ERR_REASON(SM2_R_MISSING_PARAMETERS), "missing parameters"}, + {ERR_REASON(SM2_R_MISSING_PRIVATE_KEY), "missing private key"}, + {ERR_REASON(SM2_R_NEED_NEW_SETUP_VALUES), "need new setup values"}, + {ERR_REASON(SM2_R_NOT_A_NIST_PRIME), "not a NIST prime"}, + {ERR_REASON(SM2_R_NOT_IMPLEMENTED), "not implemented"}, + {ERR_REASON(SM2_R_NOT_INITIALIZED), "not initialized"}, + {ERR_REASON(SM2_R_NO_PARAMETERS_SET), "no parameters set"}, + {ERR_REASON(SM2_R_NO_PRIVATE_VALUE), "no private value"}, + {ERR_REASON(SM2_R_OPERATION_NOT_SUPPORTED), "operation not supported"}, + {ERR_REASON(SM2_R_PASSED_NULL_PARAMETER), "passed null parameter"}, + {ERR_REASON(SM2_R_PEER_KEY_ERROR), "peer key error"}, + {ERR_REASON(SM2_R_PKPARAMETERS2GROUP_FAILURE), "pkparameters2group failure"}, + {ERR_REASON(SM2_R_POINT_ARITHMETIC_FAILURE), "point arithmetic failure"}, + {ERR_REASON(SM2_R_POINT_AT_INFINITY), "point at infinity"}, + {ERR_REASON(SM2_R_POINT_IS_NOT_ON_CURVE), "point is not on curve"}, + {ERR_REASON(SM2_R_RANDOM_NUMBER_GENERATION_FAILED), "random number generation failed"}, + {ERR_REASON(SM2_R_SHARED_INFO_ERROR), "shared info error"}, + {ERR_REASON(SM2_R_SLOT_FULL), "slot full"}, + {ERR_REASON(SM2_R_UNDEFINED_GENERATOR), "undefined generator"}, + {ERR_REASON(SM2_R_UNDEFINED_ORDER), "undefined order"}, + {ERR_REASON(SM2_R_UNKNOWN_GROUP), "unknown group"}, + {ERR_REASON(SM2_R_UNKNOWN_ORDER), "unknown order"}, + {ERR_REASON(SM2_R_UNSUPPORTED_FIELD), "unsupported field"}, + {ERR_REASON(SM2_R_WRONG_CURVE_PARAMETERS), "wrong curve parameters"}, + {ERR_REASON(SM2_R_WRONG_ORDER), "wrong order"}, + {0, NULL} +}; + +#endif + +void +ERR_load_SM2_strings(void) +{ +#ifndef OPENSSL_NO_ERR + if (ERR_func_error_string(SM2_str_functs[0].error) == NULL) { + ERR_load_strings(0, SM2_str_functs); + ERR_load_strings(0, SM2_str_reasons); + } +#endif +} diff --git a/src/lib/libcrypto/sm2/sm2_locl.h b/src/lib/libcrypto/sm2/sm2_locl.h new file mode 100644 index 00000000000..4923b54e489 --- /dev/null +++ b/src/lib/libcrypto/sm2/sm2_locl.h @@ -0,0 +1,53 @@ +/* $OpenBSD: sm2_locl.h,v 1.1 2019/03/19 16:44:25 tb Exp $ */ +/* + * Copyright (c) 2019, Ribose Inc + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef HEADER_SM2_LOCL_H +#define HEADER_SM2_LOCL_H + +#include +#include + +__BEGIN_HIDDEN_DECLS + +/* The default user id as specified in GM/T 0009-2012 */ +#define SM2_DEFAULT_USERID "1234567812345678" + +int SM2_compute_userid_digest(uint8_t *out, + const EVP_MD *digest, + const uint8_t *uid, + size_t uid_len, + const EC_KEY *key); + +/* + * SM2 signature operation. Computes ZA (user id digest) and then signs + * H(ZA || msg) using SM2 + */ +ECDSA_SIG *SM2_do_sign(const EC_KEY *key, + const EVP_MD *digest, + const uint8_t *uid, size_t uid_len, + const uint8_t *msg, size_t msg_len); + +int SM2_do_verify(const EC_KEY *key, + const EVP_MD *digest, + const ECDSA_SIG *signature, + const uint8_t *uid, size_t uid_len, + const uint8_t *msg, size_t msg_len); + +__END_HIDDEN_DECLS + +#endif + diff --git a/src/lib/libcrypto/sm2/sm2_pmeth.c b/src/lib/libcrypto/sm2/sm2_pmeth.c new file mode 100644 index 00000000000..a4929b2c3cd --- /dev/null +++ b/src/lib/libcrypto/sm2/sm2_pmeth.c @@ -0,0 +1,313 @@ +/* + * Copyright (c) 2019 Ribose Inc + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include +#include +#include +#include +#include + +#include "evp_locl.h" +#include "sm2_locl.h" + +/* SM2 pkey context structure */ + +typedef struct { + /* key and paramgen group */ + EC_GROUP *gen_group; + /* message digest */ + const EVP_MD *md; + EVP_MD_CTX *md_ctx; + /* personalization string */ + uint8_t* uid; + size_t uid_len; +} SM2_PKEY_CTX; + +static int pkey_sm2_init(EVP_PKEY_CTX *ctx) +{ + SM2_PKEY_CTX *dctx; + + dctx = calloc(1, sizeof(*dctx)); + if (dctx == NULL) { + SM2error(ERR_R_MALLOC_FAILURE); + return 0; + } + + ctx->data = dctx; + return 1; +} + +static void pkey_sm2_cleanup(EVP_PKEY_CTX *ctx) +{ + SM2_PKEY_CTX *dctx = ctx->data; + + if (dctx) { + EC_GROUP_free(dctx->gen_group); + free(dctx->uid); + free(dctx); + ctx->data = NULL; + } +} + +static int pkey_sm2_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) +{ + SM2_PKEY_CTX *dctx, *sctx; + if (!pkey_sm2_init(dst)) + return 0; + sctx = src->data; + dctx = dst->data; + if (sctx->gen_group) { + dctx->gen_group = EC_GROUP_dup(sctx->gen_group); + if (!dctx->gen_group) { + SM2error(ERR_R_MALLOC_FAILURE); + pkey_sm2_cleanup(dst); + return 0; + } + } + + if (sctx->uid != NULL) { + dctx->uid = malloc(sctx->uid_len); + if (dctx->uid == NULL) { + SM2error(ERR_R_MALLOC_FAILURE); + pkey_sm2_cleanup(dst); + return 0; + } + memcpy(dctx->uid, sctx->uid, sctx->uid_len); + dctx->uid_len = sctx->uid_len; + } + + dctx->md = sctx->md; + + return 1; +} + +static int pkey_sm2_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, + const unsigned char *tbs, size_t tbslen) +{ + int ret; + unsigned int sltmp; + EC_KEY *ec = ctx->pkey->pkey.ec; + const int sig_sz = ECDSA_size(ctx->pkey->pkey.ec); + + if (sig_sz <= 0) { + return 0; + } + + if (sig == NULL) { + *siglen = (size_t) sig_sz; + return 1; + } + + if (*siglen < (size_t)sig_sz) { + SM2error(SM2_R_BUFFER_TOO_SMALL); + return 0; + } + + ret = SM2_sign(tbs, tbslen, sig, &sltmp, ec); + + if (ret <= 0) + return ret; + *siglen = (size_t)sltmp; + return 1; +} + +static int pkey_sm2_verify(EVP_PKEY_CTX *ctx, + const unsigned char *sig, size_t siglen, + const unsigned char *tbs, size_t tbslen) +{ + EC_KEY *ec = ctx->pkey->pkey.ec; + + return SM2_verify(tbs, tbslen, sig, siglen, ec); +} + +static int pkey_sm2_encrypt(EVP_PKEY_CTX *ctx, + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen) +{ + EC_KEY *ec = ctx->pkey->pkey.ec; + SM2_PKEY_CTX *dctx = ctx->data; + const EVP_MD *md = (dctx->md == NULL) ? EVP_sm3() : dctx->md; + + if (out == NULL) { + if (!SM2_ciphertext_size(ec, md, inlen, outlen)) + return -1; + else + return 1; + } + + return SM2_encrypt(ec, md, in, inlen, out, outlen); +} + +static int pkey_sm2_decrypt(EVP_PKEY_CTX *ctx, + unsigned char *out, size_t *outlen, + const unsigned char *in, size_t inlen) +{ + EC_KEY *ec = ctx->pkey->pkey.ec; + SM2_PKEY_CTX *dctx = ctx->data; + const EVP_MD *md = (dctx->md == NULL) ? EVP_sm3() : dctx->md; + + if (out == NULL) { + if (!SM2_plaintext_size(ec, md, inlen, outlen)) + return -1; + else + return 1; + } + + return SM2_decrypt(ec, md, in, inlen, out, outlen); +} + +static int pkey_sm2_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) +{ + SM2_PKEY_CTX *dctx = ctx->data; + EC_GROUP *group = NULL; + + switch (type) { + case EVP_PKEY_CTRL_DIGESTINIT: + dctx->md_ctx = p2; + return 1; + + case EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID: + group = EC_GROUP_new_by_curve_name(p1); + if (group == NULL) { + SM2error(SM2_R_INVALID_CURVE); + return 0; + } + EC_GROUP_free(dctx->gen_group); + dctx->gen_group = group; + return 1; + + case EVP_PKEY_CTRL_SM2_SET_UID: + if ((p1 < 0) || ((p1 == 0) && (p2 != NULL))) { + SM2error(SM2_R_INVALID_ARGUMENT); + return 0; + } + if ((p1 > 0) && (p2 == NULL)) { + SM2error(ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + free(dctx->uid); + if (p2 == NULL) { + dctx->uid = NULL; + dctx->uid_len = 0; + return 1; + } + + dctx->uid = malloc((size_t) p1); + if (dctx->uid == NULL) { + SM2error(ERR_R_MALLOC_FAILURE); + return 1; + } + memcpy(dctx->uid, p2, (size_t) p1); + dctx->uid_len = (size_t) p1; + return 1; + + case EVP_PKEY_CTRL_SM2_HASH_UID: + if (dctx->uid == NULL) { + SM2error(SM2_R_INVALID_ARGUMENT); + return 0; + } + + EC_KEY *ec = ctx->pkey->pkey.ec; + const EVP_MD* md = NULL; + int md_len = 0; + uint8_t za[EVP_MAX_MD_SIZE] = {0}; + + md = EVP_MD_CTX_md(dctx->md_ctx); + if (md == NULL) { + SM2error(ERR_R_EVP_LIB); + return 0; + } + + md_len = EVP_MD_size(md); + if (md_len <= 0) { + SM2error(SM2_R_INVALID_DIGEST); + return 0; + } + + if (SM2_compute_userid_digest(za, md, dctx->uid, dctx->uid_len, ec) != 1) { + SM2error(SM2_R_DIGEST_FAILURE); + return 0; + } + return EVP_DigestUpdate(dctx->md_ctx, za, md_len); + + case EVP_PKEY_CTRL_SM2_GET_UID_LEN: + if (p2 == NULL) { + SM2error(ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + *(size_t *)p2 = dctx->uid_len; + return 1; + + case EVP_PKEY_CTRL_SM2_GET_UID: + if (p2 == NULL) { + SM2error(ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (dctx->uid_len == 0) { + return 1; + } + memcpy(p2, dctx->uid, dctx->uid_len); + return 1; + + case EVP_PKEY_CTRL_MD: + dctx->md = p2; + return 1; + + default: + return -2; + + } +} + +static int pkey_sm2_ctrl_str(EVP_PKEY_CTX *ctx, + const char *type, const char *value) +{ + if (strcmp(type, "ec_paramgen_curve") == 0) { + int nid = NID_undef; + + if (((nid = EC_curve_nist2nid(value)) == NID_undef) + && ((nid = OBJ_sn2nid(value)) == NID_undef) + && ((nid = OBJ_ln2nid(value)) == NID_undef)) { + SM2error(SM2_R_INVALID_CURVE); + return 0; + } + return EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid); + } else if (strcmp(type, "sm2_uid") == 0) { + return EVP_PKEY_CTX_set_sm2_uid(ctx, (void*) value, (int) strlen(value)); + } + + return -2; +} + +const EVP_PKEY_METHOD sm2_pkey_meth = { + .pkey_id = EVP_PKEY_SM2, + .init = pkey_sm2_init, + .copy = pkey_sm2_copy, + .cleanup = pkey_sm2_cleanup, + + .sign = pkey_sm2_sign, + + .verify = pkey_sm2_verify, + + .encrypt = pkey_sm2_encrypt, + + .decrypt = pkey_sm2_decrypt, + + .ctrl = pkey_sm2_ctrl, + .ctrl_str = pkey_sm2_ctrl_str +}; diff --git a/src/lib/libcrypto/sm2/sm2_sign.c b/src/lib/libcrypto/sm2/sm2_sign.c new file mode 100644 index 00000000000..307a4d3ccad --- /dev/null +++ b/src/lib/libcrypto/sm2/sm2_sign.c @@ -0,0 +1,437 @@ +/* + * Copyright (c) 2019 Ribose Inc + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include +#include +#include +#include + +#include "bn_lcl.h" +#include "sm2_locl.h" + +static BIGNUM *SM2_compute_msg_hash(const EVP_MD *digest, + const EC_KEY *key, + const uint8_t *uid, size_t uid_len, + const uint8_t *msg, size_t msg_len) +{ + EVP_MD_CTX *hash = NULL; + const int md_size = EVP_MD_size(digest); + uint8_t *za = NULL; + BIGNUM *e = NULL; + + hash = EVP_MD_CTX_new(); + if (hash == NULL) { + SM2error(ERR_R_MALLOC_FAILURE); + goto done; + } + + za = calloc(1, md_size); + if (za == NULL) { + SM2error(ERR_R_MALLOC_FAILURE); + goto done; + } + + if (SM2_compute_userid_digest(za, digest, uid, uid_len, key) == 0) { + SM2error(SM2_R_DIGEST_FAILURE); + goto done; + } + + if (EVP_DigestInit(hash, digest) == 0) { + SM2error(ERR_R_EVP_LIB); + goto done; + } + + if (EVP_DigestUpdate(hash, za, md_size) == 0) { + SM2error(ERR_R_EVP_LIB); + goto done; + } + + if (EVP_DigestUpdate(hash, msg, msg_len) == 0) { + SM2error(ERR_R_EVP_LIB); + goto done; + } + + /* reuse za buffer to hold H(ZA || M) */ + if (EVP_DigestFinal(hash, za, NULL) == 0) { + SM2error(ERR_R_EVP_LIB); + goto done; + } + + e = BN_bin2bn(za, md_size, NULL); + + done: + free(za); + EVP_MD_CTX_free(hash); + return e; +} + +static +ECDSA_SIG *SM2_sig_gen(const EC_KEY *key, const BIGNUM *e) +{ + const BIGNUM *dA = EC_KEY_get0_private_key(key); + const EC_GROUP *group = EC_KEY_get0_group(key); + + BIGNUM *order = NULL; + ECDSA_SIG *sig = NULL; + EC_POINT *kG = NULL; + BN_CTX *ctx = NULL; + BIGNUM *k = NULL; + BIGNUM *rk = NULL; + BIGNUM *r = NULL; + BIGNUM *s = NULL; + BIGNUM *x1 = NULL; + BIGNUM *tmp = NULL; + + order = BN_new(); + if (order == NULL) { + SM2error(ERR_R_MALLOC_FAILURE); + goto done; + } + + if (!EC_GROUP_get_order(group, order, NULL)) { + SM2error(ERR_R_EC_LIB); + goto done; + } + + kG = EC_POINT_new(group); + if (kG == NULL) { + SM2error(ERR_R_MALLOC_FAILURE); + goto done; + } + + ctx = BN_CTX_new(); + if (ctx == NULL) { + SM2error(ERR_R_MALLOC_FAILURE); + goto done; + } + + BN_CTX_start(ctx); + + k = BN_CTX_get(ctx); + rk = BN_CTX_get(ctx); + x1 = BN_CTX_get(ctx); + tmp = BN_CTX_get(ctx); + + if (tmp == NULL) { + SM2error(ERR_R_BN_LIB); + goto done; + } + + /* These values are returned and so should not be allocated out of the context */ + r = BN_new(); + s = BN_new(); + + if (r == NULL || s == NULL) { + SM2error(ERR_R_MALLOC_FAILURE); + goto done; + } + + for (;;) { + if (BN_rand_range(k, order) == 0) { + SM2error(SM2_R_RANDOM_NUMBER_GENERATION_FAILED); + goto done; + } + + if (EC_POINT_mul(group, kG, k, NULL, NULL, ctx) == 0) { + SM2error(ERR_R_EC_LIB); + goto done; + } + + if (EC_POINT_get_affine_coordinates_GFp(group, kG, x1, NULL, ctx) == 0) { + SM2error(ERR_R_EC_LIB); + goto done; + } + + if (BN_mod_add(r, e, x1, order, ctx) == 0) { + SM2error(ERR_R_BN_LIB); + goto done; + } + + /* try again if r == 0 or r+k == n */ + if (BN_is_zero(r)) + continue; + + BN_add(rk, r, k); + + if (BN_cmp(rk, order) == 0) + continue; + + if (BN_add(s, dA, BN_value_one()) == 0) { + SM2error(ERR_R_BN_LIB); + goto done; + } + + if (BN_mod_inverse_ct(s, s, order, ctx) == 0) { + SM2error(ERR_R_BN_LIB); + goto done; + } + + if (BN_mod_mul(tmp, dA, r, order, ctx) == 0) { + SM2error(ERR_R_BN_LIB); + goto done; + } + + if (BN_sub(tmp, k, tmp) == 0) { + SM2error(ERR_R_BN_LIB); + goto done; + } + + if (BN_mod_mul(s, s, tmp, order, ctx) == 0) { + SM2error(ERR_R_BN_LIB); + goto done; + } + + sig = ECDSA_SIG_new(); + if (sig == NULL) { + SM2error(ERR_R_MALLOC_FAILURE); + goto done; + } + + /* takes ownership of r and s */ + ECDSA_SIG_set0(sig, r, s); + break; + } + + done: + if (sig == NULL) { + BN_free(r); + BN_free(s); + } + + BN_free(order); + BN_CTX_free(ctx); + EC_POINT_free(kG); + return sig; +} + +static +int SM2_sig_verify(const EC_KEY *key, const ECDSA_SIG *sig, const BIGNUM *e) +{ + int ret = 0; + const EC_GROUP *group = EC_KEY_get0_group(key); + BIGNUM *order = NULL; + BN_CTX *ctx = NULL; + EC_POINT *pt = NULL; + BIGNUM *t = NULL; + BIGNUM *x1 = NULL; + const BIGNUM *r = NULL; + const BIGNUM *s = NULL; + + ctx = BN_CTX_new(); + if (ctx == NULL) { + SM2error(ERR_R_MALLOC_FAILURE); + goto done; + } + BN_CTX_start(ctx); + + order = BN_CTX_get(ctx); + if (order == NULL) { + SM2error(ERR_R_MALLOC_FAILURE); + goto done; + } + if (!EC_GROUP_get_order(group, order, NULL)) { + SM2error(ERR_R_EC_LIB); + goto done; + } + + pt = EC_POINT_new(group); + if (pt == NULL) { + SM2error(ERR_R_MALLOC_FAILURE); + goto done; + } + + t = BN_CTX_get(ctx); + x1 = BN_CTX_get(ctx); + if (x1 == NULL) { + SM2error(ERR_R_MALLOC_FAILURE); + goto done; + } + + /* + B1: verify whether r' in [1,n-1], verification failed if not + B2: vefify whether s' in [1,n-1], verification failed if not + B3: set M'~=ZA || M' + B4: calculate e'=Hv(M'~) + B5: calculate t = (r' + s') modn, verification failed if t=0 + B6: calculate the point (x1', y1')=[s']G + [t]PA + B7: calculate R=(e'+x1') modn, verfication pass if yes, otherwise failed + */ + + ECDSA_SIG_get0(sig, &r, &s); + + if ((BN_cmp(r, BN_value_one()) < 0) || (BN_cmp(s, BN_value_one()) < 0)) { + SM2error(SM2_R_BAD_SIGNATURE); + goto done; + } + + if ((BN_cmp(order, r) <= 0) || (BN_cmp(order, s) <= 0)) { + SM2error(SM2_R_BAD_SIGNATURE); + goto done; + } + + if (BN_mod_add(t, r, s, order, ctx) == 0) { + SM2error(ERR_R_BN_LIB); + goto done; + } + + if (BN_is_zero(t) == 1) { + SM2error(SM2_R_BAD_SIGNATURE); + goto done; + } + + if (EC_POINT_mul(group, pt, s, EC_KEY_get0_public_key(key), t, ctx) == 0) { + SM2error(ERR_R_EC_LIB); + goto done; + } + + if (EC_POINT_get_affine_coordinates_GFp(group, pt, x1, NULL, ctx) == 0) { + SM2error(ERR_R_EC_LIB); + goto done; + } + + if (BN_mod_add(t, e, x1, order, ctx) == 0) { + SM2error(ERR_R_BN_LIB); + goto done; + } + + if (BN_cmp(r, t) == 0) + ret = 1; + + done: + EC_POINT_free(pt); + BN_CTX_free(ctx); + return ret; +} + +ECDSA_SIG *SM2_do_sign(const EC_KEY *key, + const EVP_MD *digest, + const uint8_t *uid, size_t uid_len, + const uint8_t *msg, size_t msg_len) +{ + BIGNUM *e = NULL; + ECDSA_SIG *sig = NULL; + + e = SM2_compute_msg_hash(digest, key, uid, uid_len, msg, msg_len); + if (e == NULL) { + SM2error(SM2_R_DIGEST_FAILURE); + goto done; + } + + sig = SM2_sig_gen(key, e); + + done: + BN_free(e); + return sig; +} + +int SM2_do_verify(const EC_KEY *key, + const EVP_MD *digest, + const ECDSA_SIG *sig, + const uint8_t *uid, size_t uid_len, + const uint8_t *msg, size_t msg_len) +{ + BIGNUM *e = NULL; + int ret = -1; + + e = SM2_compute_msg_hash(digest, key, uid, uid_len, msg, msg_len); + if (e == NULL) { + SM2error(SM2_R_DIGEST_FAILURE); + goto done; + } + + ret = SM2_sig_verify(key, sig, e); + + done: + BN_free(e); + return ret; +} + +int SM2_sign(const unsigned char *dgst, int dgstlen, + unsigned char *sig, unsigned int *siglen, EC_KEY *eckey) +{ + BIGNUM *e = NULL; + ECDSA_SIG *s = NULL; + int outlen = 0; + int ret = -1; + + e = BN_bin2bn(dgst, dgstlen, NULL); + if (e == NULL) { + SM2error(ERR_R_MALLOC_FAILURE); + goto done; + } + + s = SM2_sig_gen(eckey, e); + if (s == NULL) { + goto done; + } + + outlen = i2d_ECDSA_SIG(s, &sig); + if (outlen < 0) { + SM2error(SM2_R_ASN1_ERROR); + goto done; + } + + *siglen = outlen; + ret = 1; + + done: + ECDSA_SIG_free(s); + BN_free(e); + return ret; +} + +int SM2_verify(const unsigned char *dgst, int dgstlen, + const unsigned char *sig, int sig_len, EC_KEY *eckey) +{ + ECDSA_SIG *s = NULL; + BIGNUM *e = NULL; + const unsigned char *p = sig; + unsigned char *der = NULL; + int derlen = -1; + int ret = -1; + + s = ECDSA_SIG_new(); + if (s == NULL) { + SM2error(ERR_R_MALLOC_FAILURE); + goto done; + } + if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL) { + SM2error(SM2_R_INVALID_ENCODING); + goto done; + } + /* Ensure signature uses DER and doesn't have trailing garbage */ + derlen = i2d_ECDSA_SIG(s, &der); + if (derlen != sig_len || memcmp(sig, der, derlen) != 0) { + SM2error(SM2_R_INVALID_ENCODING); + goto done; + } + + e = BN_bin2bn(dgst, dgstlen, NULL); + if (e == NULL) { + SM2error(ERR_R_BN_LIB); + goto done; + } + + ret = SM2_sig_verify(eckey, s, e); + + done: + free(der); + BN_free(e); + ECDSA_SIG_free(s); + return ret; +} diff --git a/src/lib/libcrypto/sm2/sm2_za.c b/src/lib/libcrypto/sm2/sm2_za.c new file mode 100644 index 00000000000..4afe13ac721 --- /dev/null +++ b/src/lib/libcrypto/sm2/sm2_za.c @@ -0,0 +1,159 @@ +/* + * Copyright (c) 2019 Ribose Inc + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include +#include +#include + +int SM2_compute_userid_digest(uint8_t *out, + const EVP_MD *digest, + uint8_t *uid, + size_t uid_len, + const EC_KEY *key) +{ + int rc = 0; + + const EC_GROUP *group = EC_KEY_get0_group(key); + + BN_CTX *ctx = NULL; + EVP_MD_CTX *hash = NULL; + + BIGNUM *p = NULL; + BIGNUM *a = NULL; + BIGNUM *b = NULL; + + BIGNUM *xG = NULL; + BIGNUM *yG = NULL; + BIGNUM *xA = NULL; + BIGNUM *yA = NULL; + + int p_bytes = 0; + int bytes = 0; + uint8_t *buf = NULL; + uint16_t entla = 0; + uint8_t e_byte = 0; + + hash = EVP_MD_CTX_new(); + if (hash == NULL) + goto done; + + ctx = BN_CTX_new(); + if (ctx == NULL) + goto done; + + p = BN_CTX_get(ctx); + a = BN_CTX_get(ctx); + b = BN_CTX_get(ctx); + xG = BN_CTX_get(ctx); + yG = BN_CTX_get(ctx); + xA = BN_CTX_get(ctx); + yA = BN_CTX_get(ctx); + + if (p == NULL || a == NULL || b == NULL || + xG == NULL || yG == NULL || xA == NULL || yA == NULL) + goto done; + + memset(out, 0, EVP_MD_size(digest)); + + if (EVP_DigestInit(hash, digest) == 0) + goto done; + + /* + ZA=H256(ENTLA || IDA || a || b || xG || yG || xA || yA) + */ + + if (uid_len >= 8192) /* too large */ + goto done; + + entla = (unsigned short)(8 * uid_len); + + e_byte = entla >> 8; + if (EVP_DigestUpdate(hash, &e_byte, 1) == 0) + goto done; + e_byte = entla & 0xFF; + if (EVP_DigestUpdate(hash, &e_byte, 1) == 0) + goto done; + + if (EVP_DigestUpdate(hash, uid, uid_len) == 0) + goto done; + + if (EC_GROUP_get_curve_GFp(group, p, a, b, ctx) == 0) + goto done; + + p_bytes = BN_num_bytes(p); + buf = calloc(1, p_bytes); + + bytes = BN_num_bytes(a); + if (bytes > p_bytes) + goto done; + BN_bn2bin(a, buf + p_bytes - bytes); + if (EVP_DigestUpdate(hash, buf, p_bytes) == 0) + goto done; + bytes = BN_num_bytes(b); + if (bytes > p_bytes) + goto done; + memset(buf, 0, p_bytes - bytes); + BN_bn2bin(b, buf + p_bytes - bytes); + if (EVP_DigestUpdate(hash, buf, p_bytes) == 0) + goto done; + EC_POINT_get_affine_coordinates_GFp(group, + EC_GROUP_get0_generator(group), + xG, yG, ctx); + bytes = BN_num_bytes(xG); + if (bytes > p_bytes) + goto done; + memset(buf, 0, p_bytes - bytes); + BN_bn2bin(xG, buf + p_bytes - bytes); + if (EVP_DigestUpdate(hash, buf, p_bytes) == 0) + goto done; + bytes = BN_num_bytes(yG); + if (bytes > p_bytes) + goto done; + memset(buf, 0, p_bytes - bytes); + BN_bn2bin(yG, buf + p_bytes - bytes); + if (EVP_DigestUpdate(hash, buf, p_bytes) == 0) + goto done; + + EC_POINT_get_affine_coordinates_GFp(group, + EC_KEY_get0_public_key(key), + xA, yA, ctx); + bytes = BN_num_bytes(xA); + if (bytes > p_bytes) + goto done; + memset(buf, 0, p_bytes - bytes); + BN_bn2bin(xA, buf + p_bytes - bytes); + if (EVP_DigestUpdate(hash, buf, p_bytes) == 0) + goto done; + bytes = BN_num_bytes(yA); + if (bytes > p_bytes) + goto done; + memset(buf, 0, p_bytes - bytes); + BN_bn2bin(yA, buf + p_bytes - bytes); + if (EVP_DigestUpdate(hash, buf, p_bytes) == 0) + goto done; + + if (EVP_DigestFinal(hash, out, NULL) == 0) + goto done; + + rc = 1; + + done: + free(buf); + BN_CTX_free(ctx); + EVP_MD_CTX_free(hash); + return rc; +} diff --git a/src/lib/libcrypto/sm3/sm3.c b/src/lib/libcrypto/sm3/sm3.c new file mode 100644 index 00000000000..ff6240a0bba --- /dev/null +++ b/src/lib/libcrypto/sm3/sm3.c @@ -0,0 +1,206 @@ +/* $OpenBSD: sm3.c,v 1.1 2018/11/11 06:53:31 tb Exp $ */ +/* + * Copyright (c) 2018, Ribose Inc + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef OPENSSL_NO_SM3 + +#include + +#include "sm3_locl.h" + +int +SM3_Init(SM3_CTX *c) +{ + memset(c, 0, sizeof(*c)); + c->A = SM3_A; + c->B = SM3_B; + c->C = SM3_C; + c->D = SM3_D; + c->E = SM3_E; + c->F = SM3_F; + c->G = SM3_G; + c->H = SM3_H; + return 1; +} + +void +SM3_block_data_order(SM3_CTX *ctx, const void *p, size_t num) +{ + const unsigned char *data = p; + SM3_WORD A, B, C, D, E, F, G, H; + SM3_WORD W00, W01, W02, W03, W04, W05, W06, W07; + SM3_WORD W08, W09, W10, W11, W12, W13, W14, W15; + + while (num-- != 0) { + A = ctx->A; + B = ctx->B; + C = ctx->C; + D = ctx->D; + E = ctx->E; + F = ctx->F; + G = ctx->G; + H = ctx->H; + + /* + * We have to load all message bytes immediately since SM3 reads + * them slightly out of order. + */ + HOST_c2l(data, W00); + HOST_c2l(data, W01); + HOST_c2l(data, W02); + HOST_c2l(data, W03); + HOST_c2l(data, W04); + HOST_c2l(data, W05); + HOST_c2l(data, W06); + HOST_c2l(data, W07); + HOST_c2l(data, W08); + HOST_c2l(data, W09); + HOST_c2l(data, W10); + HOST_c2l(data, W11); + HOST_c2l(data, W12); + HOST_c2l(data, W13); + HOST_c2l(data, W14); + HOST_c2l(data, W15); + + R1(A, B, C, D, E, F, G, H, 0x79cc4519, W00, W00 ^ W04); + W00 = EXPAND(W00, W07, W13, W03, W10); + R1(D, A, B, C, H, E, F, G, 0xf3988a32, W01, W01 ^ W05); + W01 = EXPAND(W01, W08, W14, W04, W11); + R1(C, D, A, B, G, H, E, F, 0xe7311465, W02, W02 ^ W06); + W02 = EXPAND(W02, W09, W15, W05, W12); + R1(B, C, D, A, F, G, H, E, 0xce6228cb, W03, W03 ^ W07); + W03 = EXPAND(W03, W10, W00, W06, W13); + R1(A, B, C, D, E, F, G, H, 0x9cc45197, W04, W04 ^ W08); + W04 = EXPAND(W04, W11, W01, W07, W14); + R1(D, A, B, C, H, E, F, G, 0x3988a32f, W05, W05 ^ W09); + W05 = EXPAND(W05, W12, W02, W08, W15); + R1(C, D, A, B, G, H, E, F, 0x7311465e, W06, W06 ^ W10); + W06 = EXPAND(W06, W13, W03, W09, W00); + R1(B, C, D, A, F, G, H, E, 0xe6228cbc, W07, W07 ^ W11); + W07 = EXPAND(W07, W14, W04, W10, W01); + R1(A, B, C, D, E, F, G, H, 0xcc451979, W08, W08 ^ W12); + W08 = EXPAND(W08, W15, W05, W11, W02); + R1(D, A, B, C, H, E, F, G, 0x988a32f3, W09, W09 ^ W13); + W09 = EXPAND(W09, W00, W06, W12, W03); + R1(C, D, A, B, G, H, E, F, 0x311465e7, W10, W10 ^ W14); + W10 = EXPAND(W10, W01, W07, W13, W04); + R1(B, C, D, A, F, G, H, E, 0x6228cbce, W11, W11 ^ W15); + W11 = EXPAND(W11, W02, W08, W14, W05); + R1(A, B, C, D, E, F, G, H, 0xc451979c, W12, W12 ^ W00); + W12 = EXPAND(W12, W03, W09, W15, W06); + R1(D, A, B, C, H, E, F, G, 0x88a32f39, W13, W13 ^ W01); + W13 = EXPAND(W13, W04, W10, W00, W07); + R1(C, D, A, B, G, H, E, F, 0x11465e73, W14, W14 ^ W02); + W14 = EXPAND(W14, W05, W11, W01, W08); + R1(B, C, D, A, F, G, H, E, 0x228cbce6, W15, W15 ^ W03); + W15 = EXPAND(W15, W06, W12, W02, W09); + R2(A, B, C, D, E, F, G, H, 0x9d8a7a87, W00, W00 ^ W04); + W00 = EXPAND(W00, W07, W13, W03, W10); + R2(D, A, B, C, H, E, F, G, 0x3b14f50f, W01, W01 ^ W05); + W01 = EXPAND(W01, W08, W14, W04, W11); + R2(C, D, A, B, G, H, E, F, 0x7629ea1e, W02, W02 ^ W06); + W02 = EXPAND(W02, W09, W15, W05, W12); + R2(B, C, D, A, F, G, H, E, 0xec53d43c, W03, W03 ^ W07); + W03 = EXPAND(W03, W10, W00, W06, W13); + R2(A, B, C, D, E, F, G, H, 0xd8a7a879, W04, W04 ^ W08); + W04 = EXPAND(W04, W11, W01, W07, W14); + R2(D, A, B, C, H, E, F, G, 0xb14f50f3, W05, W05 ^ W09); + W05 = EXPAND(W05, W12, W02, W08, W15); + R2(C, D, A, B, G, H, E, F, 0x629ea1e7, W06, W06 ^ W10); + W06 = EXPAND(W06, W13, W03, W09, W00); + R2(B, C, D, A, F, G, H, E, 0xc53d43ce, W07, W07 ^ W11); + W07 = EXPAND(W07, W14, W04, W10, W01); + R2(A, B, C, D, E, F, G, H, 0x8a7a879d, W08, W08 ^ W12); + W08 = EXPAND(W08, W15, W05, W11, W02); + R2(D, A, B, C, H, E, F, G, 0x14f50f3b, W09, W09 ^ W13); + W09 = EXPAND(W09, W00, W06, W12, W03); + R2(C, D, A, B, G, H, E, F, 0x29ea1e76, W10, W10 ^ W14); + W10 = EXPAND(W10, W01, W07, W13, W04); + R2(B, C, D, A, F, G, H, E, 0x53d43cec, W11, W11 ^ W15); + W11 = EXPAND(W11, W02, W08, W14, W05); + R2(A, B, C, D, E, F, G, H, 0xa7a879d8, W12, W12 ^ W00); + W12 = EXPAND(W12, W03, W09, W15, W06); + R2(D, A, B, C, H, E, F, G, 0x4f50f3b1, W13, W13 ^ W01); + W13 = EXPAND(W13, W04, W10, W00, W07); + R2(C, D, A, B, G, H, E, F, 0x9ea1e762, W14, W14 ^ W02); + W14 = EXPAND(W14, W05, W11, W01, W08); + R2(B, C, D, A, F, G, H, E, 0x3d43cec5, W15, W15 ^ W03); + W15 = EXPAND(W15, W06, W12, W02, W09); + R2(A, B, C, D, E, F, G, H, 0x7a879d8a, W00, W00 ^ W04); + W00 = EXPAND(W00, W07, W13, W03, W10); + R2(D, A, B, C, H, E, F, G, 0xf50f3b14, W01, W01 ^ W05); + W01 = EXPAND(W01, W08, W14, W04, W11); + R2(C, D, A, B, G, H, E, F, 0xea1e7629, W02, W02 ^ W06); + W02 = EXPAND(W02, W09, W15, W05, W12); + R2(B, C, D, A, F, G, H, E, 0xd43cec53, W03, W03 ^ W07); + W03 = EXPAND(W03, W10, W00, W06, W13); + R2(A, B, C, D, E, F, G, H, 0xa879d8a7, W04, W04 ^ W08); + W04 = EXPAND(W04, W11, W01, W07, W14); + R2(D, A, B, C, H, E, F, G, 0x50f3b14f, W05, W05 ^ W09); + W05 = EXPAND(W05, W12, W02, W08, W15); + R2(C, D, A, B, G, H, E, F, 0xa1e7629e, W06, W06 ^ W10); + W06 = EXPAND(W06, W13, W03, W09, W00); + R2(B, C, D, A, F, G, H, E, 0x43cec53d, W07, W07 ^ W11); + W07 = EXPAND(W07, W14, W04, W10, W01); + R2(A, B, C, D, E, F, G, H, 0x879d8a7a, W08, W08 ^ W12); + W08 = EXPAND(W08, W15, W05, W11, W02); + R2(D, A, B, C, H, E, F, G, 0x0f3b14f5, W09, W09 ^ W13); + W09 = EXPAND(W09, W00, W06, W12, W03); + R2(C, D, A, B, G, H, E, F, 0x1e7629ea, W10, W10 ^ W14); + W10 = EXPAND(W10, W01, W07, W13, W04); + R2(B, C, D, A, F, G, H, E, 0x3cec53d4, W11, W11 ^ W15); + W11 = EXPAND(W11, W02, W08, W14, W05); + R2(A, B, C, D, E, F, G, H, 0x79d8a7a8, W12, W12 ^ W00); + W12 = EXPAND(W12, W03, W09, W15, W06); + R2(D, A, B, C, H, E, F, G, 0xf3b14f50, W13, W13 ^ W01); + W13 = EXPAND(W13, W04, W10, W00, W07); + R2(C, D, A, B, G, H, E, F, 0xe7629ea1, W14, W14 ^ W02); + W14 = EXPAND(W14, W05, W11, W01, W08); + R2(B, C, D, A, F, G, H, E, 0xcec53d43, W15, W15 ^ W03); + W15 = EXPAND(W15, W06, W12, W02, W09); + R2(A, B, C, D, E, F, G, H, 0x9d8a7a87, W00, W00 ^ W04); + W00 = EXPAND(W00, W07, W13, W03, W10); + R2(D, A, B, C, H, E, F, G, 0x3b14f50f, W01, W01 ^ W05); + W01 = EXPAND(W01, W08, W14, W04, W11); + R2(C, D, A, B, G, H, E, F, 0x7629ea1e, W02, W02 ^ W06); + W02 = EXPAND(W02, W09, W15, W05, W12); + R2(B, C, D, A, F, G, H, E, 0xec53d43c, W03, W03 ^ W07); + W03 = EXPAND(W03, W10, W00, W06, W13); + R2(A, B, C, D, E, F, G, H, 0xd8a7a879, W04, W04 ^ W08); + R2(D, A, B, C, H, E, F, G, 0xb14f50f3, W05, W05 ^ W09); + R2(C, D, A, B, G, H, E, F, 0x629ea1e7, W06, W06 ^ W10); + R2(B, C, D, A, F, G, H, E, 0xc53d43ce, W07, W07 ^ W11); + R2(A, B, C, D, E, F, G, H, 0x8a7a879d, W08, W08 ^ W12); + R2(D, A, B, C, H, E, F, G, 0x14f50f3b, W09, W09 ^ W13); + R2(C, D, A, B, G, H, E, F, 0x29ea1e76, W10, W10 ^ W14); + R2(B, C, D, A, F, G, H, E, 0x53d43cec, W11, W11 ^ W15); + R2(A, B, C, D, E, F, G, H, 0xa7a879d8, W12, W12 ^ W00); + R2(D, A, B, C, H, E, F, G, 0x4f50f3b1, W13, W13 ^ W01); + R2(C, D, A, B, G, H, E, F, 0x9ea1e762, W14, W14 ^ W02); + R2(B, C, D, A, F, G, H, E, 0x3d43cec5, W15, W15 ^ W03); + + ctx->A ^= A; + ctx->B ^= B; + ctx->C ^= C; + ctx->D ^= D; + ctx->E ^= E; + ctx->F ^= F; + ctx->G ^= G; + ctx->H ^= H; + } +} + +#endif /* !OPENSSL_NO_SM3 */ diff --git a/src/lib/libcrypto/sm3/sm3.h b/src/lib/libcrypto/sm3/sm3.h new file mode 100644 index 00000000000..553c64dcdb0 --- /dev/null +++ b/src/lib/libcrypto/sm3/sm3.h @@ -0,0 +1,53 @@ +/* $OpenBSD: sm3.h,v 1.1 2018/11/11 06:53:31 tb Exp $ */ +/* + * Copyright (c) 2018, Ribose Inc + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef HEADER_SM3_H +#define HEADER_SM3_H + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#ifdef OPENSSL_NO_SM3 +#error SM3 is disabled. +#endif + +#define SM3_DIGEST_LENGTH 32 +#define SM3_WORD unsigned int + +#define SM3_CBLOCK 64 +#define SM3_LBLOCK (SM3_CBLOCK / 4) + +typedef struct SM3state_st { + SM3_WORD A, B, C, D, E, F, G, H; + SM3_WORD Nl, Nh; + SM3_WORD data[SM3_LBLOCK]; + unsigned int num; +} SM3_CTX; + +int SM3_Init(SM3_CTX *c); +int SM3_Update(SM3_CTX *c, const void *data, size_t len); +int SM3_Final(unsigned char *md, SM3_CTX *c); + +#ifdef __cplusplus +} +#endif + +#endif /* HEADER_SM3_H */ diff --git a/src/lib/libcrypto/sm3/sm3_locl.h b/src/lib/libcrypto/sm3/sm3_locl.h new file mode 100644 index 00000000000..6ecf8094f9e --- /dev/null +++ b/src/lib/libcrypto/sm3/sm3_locl.h @@ -0,0 +1,85 @@ +/* $OpenBSD: sm3_locl.h,v 1.1 2018/11/11 06:53:31 tb Exp $ */ +/* + * Copyright (c) 2018, Ribose Inc + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include + +#define DATA_ORDER_IS_BIG_ENDIAN + +#define HASH_LONG SM3_WORD +#define HASH_CTX SM3_CTX +#define HASH_CBLOCK SM3_CBLOCK +#define HASH_UPDATE SM3_Update +#define HASH_TRANSFORM SM3_Transform +#define HASH_FINAL SM3_Final +#define HASH_MAKE_STRING(c, s) do { \ + unsigned long ll; \ + ll = (c)->A; HOST_l2c(ll, (s)); \ + ll = (c)->B; HOST_l2c(ll, (s)); \ + ll = (c)->C; HOST_l2c(ll, (s)); \ + ll = (c)->D; HOST_l2c(ll, (s)); \ + ll = (c)->E; HOST_l2c(ll, (s)); \ + ll = (c)->F; HOST_l2c(ll, (s)); \ + ll = (c)->G; HOST_l2c(ll, (s)); \ + ll = (c)->H; HOST_l2c(ll, (s)); \ +} while (0) +#define HASH_BLOCK_DATA_ORDER SM3_block_data_order + +void SM3_block_data_order(SM3_CTX *c, const void *p, size_t num); +void SM3_transform(SM3_CTX *c, const unsigned char *data); + +#include "md32_common.h" + +#define P0(X) (X ^ ROTATE(X, 9) ^ ROTATE(X, 17)) +#define P1(X) (X ^ ROTATE(X, 15) ^ ROTATE(X, 23)) + +#define FF0(X, Y, Z) (X ^ Y ^ Z) +#define GG0(X, Y, Z) (X ^ Y ^ Z) + +#define FF1(X, Y, Z) ((X & Y) | ((X | Y) & Z)) +#define GG1(X, Y, Z) ((Z ^ (X & (Y ^ Z)))) + +#define EXPAND(W0, W7, W13, W3, W10) \ + (P1(W0 ^ W7 ^ ROTATE(W13, 15)) ^ ROTATE(W3, 7) ^ W10) + +#define ROUND(A, B, C, D, E, F, G, H, TJ, Wi, Wj, FF, GG) do { \ + const SM3_WORD A12 = ROTATE(A, 12); \ + const SM3_WORD A12_SM = A12 + E + TJ; \ + const SM3_WORD SS1 = ROTATE(A12_SM, 7); \ + const SM3_WORD TT1 = FF(A, B, C) + D + (SS1 ^ A12) + (Wj); \ + const SM3_WORD TT2 = GG(E, F, G) + H + SS1 + Wi; \ + B = ROTATE(B, 9); \ + D = TT1; \ + F = ROTATE(F, 19); \ + H = P0(TT2); \ +} while(0) + +#define R1(A, B, C, D, E, F, G, H, TJ, Wi, Wj) \ + ROUND(A, B, C, D, E, F, G, H, TJ, Wi, Wj, FF0, GG0) + +#define R2(A, B, C, D, E, F, G, H, TJ, Wi, Wj) \ + ROUND(A, B, C, D, E, F, G, H, TJ, Wi, Wj, FF1, GG1) + +#define SM3_A 0x7380166fUL +#define SM3_B 0x4914b2b9UL +#define SM3_C 0x172442d7UL +#define SM3_D 0xda8a0600UL +#define SM3_E 0xa96f30bcUL +#define SM3_F 0x163138aaUL +#define SM3_G 0xe38dee4dUL +#define SM3_H 0xb0fb0e4eUL diff --git a/src/lib/libcrypto/sm4/sm4.c b/src/lib/libcrypto/sm4/sm4.c new file mode 100644 index 00000000000..009c780fb52 --- /dev/null +++ b/src/lib/libcrypto/sm4/sm4.c @@ -0,0 +1,263 @@ +/* $OpenBSD: sm4.c,v 1.1 2019/03/17 17:42:37 tb Exp $ */ +/* + * Copyright (c) 2017, 2019 Ribose Inc + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#ifndef OPENSSL_NO_SM4 +#include + +struct sm4_key { + uint32_t rk[SM4_KEY_SCHEDULE]; +}; + +static const uint8_t SM4_S[256] = { + 0xD6, 0x90, 0xE9, 0xFE, 0xCC, 0xE1, 0x3D, 0xB7, 0x16, 0xB6, 0x14, 0xC2, + 0x28, 0xFB, 0x2C, 0x05, 0x2B, 0x67, 0x9A, 0x76, 0x2A, 0xBE, 0x04, 0xC3, + 0xAA, 0x44, 0x13, 0x26, 0x49, 0x86, 0x06, 0x99, 0x9C, 0x42, 0x50, 0xF4, + 0x91, 0xEF, 0x98, 0x7A, 0x33, 0x54, 0x0B, 0x43, 0xED, 0xCF, 0xAC, 0x62, + 0xE4, 0xB3, 0x1C, 0xA9, 0xC9, 0x08, 0xE8, 0x95, 0x80, 0xDF, 0x94, 0xFA, + 0x75, 0x8F, 0x3F, 0xA6, 0x47, 0x07, 0xA7, 0xFC, 0xF3, 0x73, 0x17, 0xBA, + 0x83, 0x59, 0x3C, 0x19, 0xE6, 0x85, 0x4F, 0xA8, 0x68, 0x6B, 0x81, 0xB2, + 0x71, 0x64, 0xDA, 0x8B, 0xF8, 0xEB, 0x0F, 0x4B, 0x70, 0x56, 0x9D, 0x35, + 0x1E, 0x24, 0x0E, 0x5E, 0x63, 0x58, 0xD1, 0xA2, 0x25, 0x22, 0x7C, 0x3B, + 0x01, 0x21, 0x78, 0x87, 0xD4, 0x00, 0x46, 0x57, 0x9F, 0xD3, 0x27, 0x52, + 0x4C, 0x36, 0x02, 0xE7, 0xA0, 0xC4, 0xC8, 0x9E, 0xEA, 0xBF, 0x8A, 0xD2, + 0x40, 0xC7, 0x38, 0xB5, 0xA3, 0xF7, 0xF2, 0xCE, 0xF9, 0x61, 0x15, 0xA1, + 0xE0, 0xAE, 0x5D, 0xA4, 0x9B, 0x34, 0x1A, 0x55, 0xAD, 0x93, 0x32, 0x30, + 0xF5, 0x8C, 0xB1, 0xE3, 0x1D, 0xF6, 0xE2, 0x2E, 0x82, 0x66, 0xCA, 0x60, + 0xC0, 0x29, 0x23, 0xAB, 0x0D, 0x53, 0x4E, 0x6F, 0xD5, 0xDB, 0x37, 0x45, + 0xDE, 0xFD, 0x8E, 0x2F, 0x03, 0xFF, 0x6A, 0x72, 0x6D, 0x6C, 0x5B, 0x51, + 0x8D, 0x1B, 0xAF, 0x92, 0xBB, 0xDD, 0xBC, 0x7F, 0x11, 0xD9, 0x5C, 0x41, + 0x1F, 0x10, 0x5A, 0xD8, 0x0A, 0xC1, 0x31, 0x88, 0xA5, 0xCD, 0x7B, 0xBD, + 0x2D, 0x74, 0xD0, 0x12, 0xB8, 0xE5, 0xB4, 0xB0, 0x89, 0x69, 0x97, 0x4A, + 0x0C, 0x96, 0x77, 0x7E, 0x65, 0xB9, 0xF1, 0x09, 0xC5, 0x6E, 0xC6, 0x84, + 0x18, 0xF0, 0x7D, 0xEC, 0x3A, 0xDC, 0x4D, 0x20, 0x79, 0xEE, 0x5F, 0x3E, + 0xD7, 0xCB, 0x39, 0x48, +}; + +/* + * SM4_SBOX_T[j] == L(SM4_SBOX[j]). + */ +static const uint32_t SM4_SBOX_T[256] = { + 0x8ED55B5B, 0xD0924242, 0x4DEAA7A7, 0x06FDFBFB, 0xFCCF3333, 0x65E28787, + 0xC93DF4F4, 0x6BB5DEDE, 0x4E165858, 0x6EB4DADA, 0x44145050, 0xCAC10B0B, + 0x8828A0A0, 0x17F8EFEF, 0x9C2CB0B0, 0x11051414, 0x872BACAC, 0xFB669D9D, + 0xF2986A6A, 0xAE77D9D9, 0x822AA8A8, 0x46BCFAFA, 0x14041010, 0xCFC00F0F, + 0x02A8AAAA, 0x54451111, 0x5F134C4C, 0xBE269898, 0x6D482525, 0x9E841A1A, + 0x1E061818, 0xFD9B6666, 0xEC9E7272, 0x4A430909, 0x10514141, 0x24F7D3D3, + 0xD5934646, 0x53ECBFBF, 0xF89A6262, 0x927BE9E9, 0xFF33CCCC, 0x04555151, + 0x270B2C2C, 0x4F420D0D, 0x59EEB7B7, 0xF3CC3F3F, 0x1CAEB2B2, 0xEA638989, + 0x74E79393, 0x7FB1CECE, 0x6C1C7070, 0x0DABA6A6, 0xEDCA2727, 0x28082020, + 0x48EBA3A3, 0xC1975656, 0x80820202, 0xA3DC7F7F, 0xC4965252, 0x12F9EBEB, + 0xA174D5D5, 0xB38D3E3E, 0xC33FFCFC, 0x3EA49A9A, 0x5B461D1D, 0x1B071C1C, + 0x3BA59E9E, 0x0CFFF3F3, 0x3FF0CFCF, 0xBF72CDCD, 0x4B175C5C, 0x52B8EAEA, + 0x8F810E0E, 0x3D586565, 0xCC3CF0F0, 0x7D196464, 0x7EE59B9B, 0x91871616, + 0x734E3D3D, 0x08AAA2A2, 0xC869A1A1, 0xC76AADAD, 0x85830606, 0x7AB0CACA, + 0xB570C5C5, 0xF4659191, 0xB2D96B6B, 0xA7892E2E, 0x18FBE3E3, 0x47E8AFAF, + 0x330F3C3C, 0x674A2D2D, 0xB071C1C1, 0x0E575959, 0xE99F7676, 0xE135D4D4, + 0x661E7878, 0xB4249090, 0x360E3838, 0x265F7979, 0xEF628D8D, 0x38596161, + 0x95D24747, 0x2AA08A8A, 0xB1259494, 0xAA228888, 0x8C7DF1F1, 0xD73BECEC, + 0x05010404, 0xA5218484, 0x9879E1E1, 0x9B851E1E, 0x84D75353, 0x00000000, + 0x5E471919, 0x0B565D5D, 0xE39D7E7E, 0x9FD04F4F, 0xBB279C9C, 0x1A534949, + 0x7C4D3131, 0xEE36D8D8, 0x0A020808, 0x7BE49F9F, 0x20A28282, 0xD4C71313, + 0xE8CB2323, 0xE69C7A7A, 0x42E9ABAB, 0x43BDFEFE, 0xA2882A2A, 0x9AD14B4B, + 0x40410101, 0xDBC41F1F, 0xD838E0E0, 0x61B7D6D6, 0x2FA18E8E, 0x2BF4DFDF, + 0x3AF1CBCB, 0xF6CD3B3B, 0x1DFAE7E7, 0xE5608585, 0x41155454, 0x25A38686, + 0x60E38383, 0x16ACBABA, 0x295C7575, 0x34A69292, 0xF7996E6E, 0xE434D0D0, + 0x721A6868, 0x01545555, 0x19AFB6B6, 0xDF914E4E, 0xFA32C8C8, 0xF030C0C0, + 0x21F6D7D7, 0xBC8E3232, 0x75B3C6C6, 0x6FE08F8F, 0x691D7474, 0x2EF5DBDB, + 0x6AE18B8B, 0x962EB8B8, 0x8A800A0A, 0xFE679999, 0xE2C92B2B, 0xE0618181, + 0xC0C30303, 0x8D29A4A4, 0xAF238C8C, 0x07A9AEAE, 0x390D3434, 0x1F524D4D, + 0x764F3939, 0xD36EBDBD, 0x81D65757, 0xB7D86F6F, 0xEB37DCDC, 0x51441515, + 0xA6DD7B7B, 0x09FEF7F7, 0xB68C3A3A, 0x932FBCBC, 0x0F030C0C, 0x03FCFFFF, + 0xC26BA9A9, 0xBA73C9C9, 0xD96CB5B5, 0xDC6DB1B1, 0x375A6D6D, 0x15504545, + 0xB98F3636, 0x771B6C6C, 0x13ADBEBE, 0xDA904A4A, 0x57B9EEEE, 0xA9DE7777, + 0x4CBEF2F2, 0x837EFDFD, 0x55114444, 0xBDDA6767, 0x2C5D7171, 0x45400505, + 0x631F7C7C, 0x50104040, 0x325B6969, 0xB8DB6363, 0x220A2828, 0xC5C20707, + 0xF531C4C4, 0xA88A2222, 0x31A79696, 0xF9CE3737, 0x977AEDED, 0x49BFF6F6, + 0x992DB4B4, 0xA475D1D1, 0x90D34343, 0x5A124848, 0x58BAE2E2, 0x71E69797, + 0x64B6D2D2, 0x70B2C2C2, 0xAD8B2626, 0xCD68A5A5, 0xCB955E5E, 0x624B2929, + 0x3C0C3030, 0xCE945A5A, 0xAB76DDDD, 0x867FF9F9, 0xF1649595, 0x5DBBE6E6, + 0x35F2C7C7, 0x2D092424, 0xD1C61717, 0xD66FB9B9, 0xDEC51B1B, 0x94861212, + 0x78186060, 0x30F3C3C3, 0x897CF5F5, 0x5CEFB3B3, 0xD23AE8E8, 0xACDF7373, + 0x794C3535, 0xA0208080, 0x9D78E5E5, 0x56EDBBBB, 0x235E7D7D, 0xC63EF8F8, + 0x8BD45F5F, 0xE7C82F2F, 0xDD39E4E4, 0x68492121, +}; + +static inline uint32_t +rotl(uint32_t a, uint8_t n) +{ + return (a << n) | (a >> (32 - n)); +} + +static inline uint32_t +load_u32_be(const uint8_t *b, uint32_t n) +{ + return ((uint32_t)b[4 * n] << 24) | + ((uint32_t)b[4 * n + 1] << 16) | + ((uint32_t)b[4 * n + 2] << 8) | + ((uint32_t)b[4 * n + 3]); +} + +static inline void +store_u32_be(uint32_t v, uint8_t *b) +{ + b[0] = (uint8_t)(v >> 24); + b[1] = (uint8_t)(v >> 16); + b[2] = (uint8_t)(v >> 8); + b[3] = (uint8_t)(v); +} + +static inline uint32_t +SM4_T_slow(uint32_t X) +{ + uint32_t t = 0; + + t |= ((uint32_t)SM4_S[(uint8_t)(X >> 24)]) << 24; + t |= ((uint32_t)SM4_S[(uint8_t)(X >> 16)]) << 16; + t |= ((uint32_t)SM4_S[(uint8_t)(X >> 8)]) << 8; + t |= SM4_S[(uint8_t)X]; + + /* + * L linear transform + */ + return t ^ rotl(t, 2) ^ rotl(t, 10) ^ rotl(t, 18) ^ rotl(t, 24); +} + +static inline uint32_t +SM4_T(uint32_t X) +{ + return SM4_SBOX_T[(uint8_t)(X >> 24)] ^ + rotl(SM4_SBOX_T[(uint8_t)(X >> 16)], 24) ^ + rotl(SM4_SBOX_T[(uint8_t)(X >> 8)], 16) ^ + rotl(SM4_SBOX_T[(uint8_t)X], 8); +} + +int +SM4_set_key(const uint8_t *key, SM4_KEY *k) +{ + struct sm4_key *ks = (struct sm4_key *)k; + + /* + * Family Key + */ + static const uint32_t FK[4] = { + 0xa3b1bac6, 0x56aa3350, 0x677d9197, 0xb27022dc, + }; + + /* + * Constant Key + */ + static const uint32_t CK[32] = { + 0x00070E15, 0x1C232A31, 0x383F464D, 0x545B6269, + 0x70777E85, 0x8C939AA1, 0xA8AFB6BD, 0xC4CBD2D9, + 0xE0E7EEF5, 0xFC030A11, 0x181F262D, 0x343B4249, + 0x50575E65, 0x6C737A81, 0x888F969D, 0xA4ABB2B9, + 0xC0C7CED5, 0xDCE3EAF1, 0xF8FF060D, 0x141B2229, + 0x30373E45, 0x4C535A61, 0x686F767D, 0x848B9299, + 0xA0A7AEB5, 0xBCC3CAD1, 0xD8DFE6ED, 0xF4FB0209, + 0x10171E25, 0x2C333A41, 0x484F565D, 0x646B7279, + }; + + uint32_t K[4]; + int i; + + K[0] = load_u32_be(key, 0) ^ FK[0]; + K[1] = load_u32_be(key, 1) ^ FK[1]; + K[2] = load_u32_be(key, 2) ^ FK[2]; + K[3] = load_u32_be(key, 3) ^ FK[3]; + + for (i = 0; i < SM4_KEY_SCHEDULE; i++) { + uint32_t X; + uint32_t t = 0; + + X = K[(i + 1) % 4] ^ K[(i + 2) % 4] ^ K[(i + 3) % 4] ^ CK[i]; + + t |= ((uint32_t)SM4_S[(uint8_t)(X >> 24)]) << 24; + t |= ((uint32_t)SM4_S[(uint8_t)(X >> 16)]) << 16; + t |= ((uint32_t)SM4_S[(uint8_t)(X >> 8)]) << 8; + t |= SM4_S[(uint8_t)X]; + + t = t ^ rotl(t, 13) ^ rotl(t, 23); + K[i % 4] ^= t; + ks->rk[i] = K[i % 4]; + } + + return 1; +} + +#define SM4_ROUNDS(k0, k1, k2, k3, F) \ + do { \ + B0 ^= F(B1 ^ B2 ^ B3 ^ ks->rk[k0]); \ + B1 ^= F(B0 ^ B2 ^ B3 ^ ks->rk[k1]); \ + B2 ^= F(B0 ^ B1 ^ B3 ^ ks->rk[k2]); \ + B3 ^= F(B0 ^ B1 ^ B2 ^ ks->rk[k3]); \ + } while(0) + +void +SM4_encrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *k) +{ + struct sm4_key *ks = (struct sm4_key *)k; + uint32_t B0 = load_u32_be(in, 0); + uint32_t B1 = load_u32_be(in, 1); + uint32_t B2 = load_u32_be(in, 2); + uint32_t B3 = load_u32_be(in, 3); + + /* + * Uses byte-wise sbox in the first and last rounds to provide some + * protection from cache based side channels. + */ + SM4_ROUNDS( 0, 1, 2, 3, SM4_T_slow); + SM4_ROUNDS( 4, 5, 6, 7, SM4_T); + SM4_ROUNDS( 8, 9, 10, 11, SM4_T); + SM4_ROUNDS(12, 13, 14, 15, SM4_T); + SM4_ROUNDS(16, 17, 18, 19, SM4_T); + SM4_ROUNDS(20, 21, 22, 23, SM4_T); + SM4_ROUNDS(24, 25, 26, 27, SM4_T); + SM4_ROUNDS(28, 29, 30, 31, SM4_T_slow); + + store_u32_be(B3, out); + store_u32_be(B2, out + 4); + store_u32_be(B1, out + 8); + store_u32_be(B0, out + 12); +} + +void +SM4_decrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *k) +{ + struct sm4_key *ks = (struct sm4_key *)k; + uint32_t B0 = load_u32_be(in, 0); + uint32_t B1 = load_u32_be(in, 1); + uint32_t B2 = load_u32_be(in, 2); + uint32_t B3 = load_u32_be(in, 3); + + SM4_ROUNDS(31, 30, 29, 28, SM4_T_slow); + SM4_ROUNDS(27, 26, 25, 24, SM4_T); + SM4_ROUNDS(23, 22, 21, 20, SM4_T); + SM4_ROUNDS(19, 18, 17, 16, SM4_T); + SM4_ROUNDS(15, 14, 13, 12, SM4_T); + SM4_ROUNDS(11, 10, 9, 8, SM4_T); + SM4_ROUNDS( 7, 6, 5, 4, SM4_T); + SM4_ROUNDS( 3, 2, 1, 0, SM4_T_slow); + + store_u32_be(B3, out); + store_u32_be(B2, out + 4); + store_u32_be(B1, out + 8); + store_u32_be(B0, out + 12); +} + +#endif /* OPENSSL_NO_SM4 */ diff --git a/src/lib/libcrypto/sm4/sm4.h b/src/lib/libcrypto/sm4/sm4.h new file mode 100644 index 00000000000..5931ac714b7 --- /dev/null +++ b/src/lib/libcrypto/sm4/sm4.h @@ -0,0 +1,51 @@ +/* $OpenBSD: sm4.h,v 1.1 2019/03/17 17:42:37 tb Exp $ */ +/* + * Copyright (c) 2017, 2019 Ribose Inc + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef HEADER_SM4_H +#define HEADER_SM4_H + +#include + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#ifdef OPENSSL_NO_SM4 +#error SM4 is disabled. +#endif + +#define SM4_DECRYPT 0 +#define SM4_ENCRYPT 1 + +#define SM4_BLOCK_SIZE 16 +#define SM4_KEY_SCHEDULE 32 + +typedef struct sm4_key_st { + unsigned char opaque[128]; +} SM4_KEY; + +int SM4_set_key(const uint8_t *key, SM4_KEY *ks); +void SM4_decrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks); +void SM4_encrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks); + +#ifdef __cplusplus +} +#endif + +#endif /* HEADER_SM4_H */ diff --git a/src/lib/libcrypto/sparccpuid.S b/src/lib/libcrypto/sparccpuid.S new file mode 100644 index 00000000000..b913e3dddbc --- /dev/null +++ b/src/lib/libcrypto/sparccpuid.S @@ -0,0 +1,302 @@ +#if defined(__SUNPRO_C) && defined(__sparcv9) +# define ABI64 /* They've said -xarch=v9 at command line */ +#elif defined(__GNUC__) && defined(__arch64__) +# define ABI64 /* They've said -m64 at command line */ +#endif + +#ifdef ABI64 + .register %g2,#scratch + .register %g3,#scratch +# define FRAME -192 +# define BIAS 2047 +#else +# define FRAME -96 +# define BIAS 0 +#endif + +.text +.align 32 +.global OPENSSL_wipe_cpu +.type OPENSSL_wipe_cpu,#function +! Keep in mind that this does not excuse us from wiping the stack! +! This routine wipes registers, but not the backing store [which +! resides on the stack, toward lower addresses]. To facilitate for +! stack wiping I return pointer to the top of stack of the *caller*. +OPENSSL_wipe_cpu: + save %sp,FRAME,%sp + nop +#ifdef __sun +#include + ta ST_CLEAN_WINDOWS +#else + call .walk.reg.wins +#endif + nop + call .PIC.zero.up + mov .zero-(.-4),%o0 + ld [%o0],%f0 + ld [%o0],%f1 + + subcc %g0,1,%o0 + ! Following is V9 "rd %ccr,%o0" instruction. However! V8 + ! specification says that it ("rd %asr2,%o0" in V8 terms) does + ! not cause illegal_instruction trap. It therefore can be used + ! to determine if the CPU the code is executing on is V8- or + ! V9-compliant, as V9 returns a distinct value of 0x99, + ! "negative" and "borrow" bits set in both %icc and %xcc. + .word 0x91408000 !rd %ccr,%o0 + cmp %o0,0x99 + bne .v8 + nop + ! Even though we do not use %fp register bank, + ! we wipe it as memcpy might have used it... + .word 0xbfa00040 !fmovd %f0,%f62 + .word 0xbba00040 !... + .word 0xb7a00040 + .word 0xb3a00040 + .word 0xafa00040 + .word 0xaba00040 + .word 0xa7a00040 + .word 0xa3a00040 + .word 0x9fa00040 + .word 0x9ba00040 + .word 0x97a00040 + .word 0x93a00040 + .word 0x8fa00040 + .word 0x8ba00040 + .word 0x87a00040 + .word 0x83a00040 !fmovd %f0,%f32 +.v8: fmovs %f1,%f31 + clr %o0 + fmovs %f0,%f30 + clr %o1 + fmovs %f1,%f29 + clr %o2 + fmovs %f0,%f28 + clr %o3 + fmovs %f1,%f27 + clr %o4 + fmovs %f0,%f26 + clr %o5 + fmovs %f1,%f25 + clr %o7 + fmovs %f0,%f24 + clr %l0 + fmovs %f1,%f23 + clr %l1 + fmovs %f0,%f22 + clr %l2 + fmovs %f1,%f21 + clr %l3 + fmovs %f0,%f20 + clr %l4 + fmovs %f1,%f19 + clr %l5 + fmovs %f0,%f18 + clr %l6 + fmovs %f1,%f17 + clr %l7 + fmovs %f0,%f16 + clr %i0 + fmovs %f1,%f15 + clr %i1 + fmovs %f0,%f14 + clr %i2 + fmovs %f1,%f13 + clr %i3 + fmovs %f0,%f12 + clr %i4 + fmovs %f1,%f11 + clr %i5 + fmovs %f0,%f10 + clr %g1 + fmovs %f1,%f9 + clr %g2 + fmovs %f0,%f8 + clr %g3 + fmovs %f1,%f7 + clr %g4 + fmovs %f0,%f6 + clr %g5 + fmovs %f1,%f5 + fmovs %f0,%f4 + fmovs %f1,%f3 + fmovs %f0,%f2 + + add %fp,BIAS,%i0 ! return pointer to caller´s top of stack + + ret + restore + +.zero: .long 0x0,0x0 +.PIC.zero.up: + retl + add %o0,%o7,%o0 +#ifdef DEBUG +.global walk_reg_wins +.type walk_reg_wins,#function +walk_reg_wins: +#endif +.walk.reg.wins: + save %sp,FRAME,%sp + cmp %i7,%o7 + be 2f + clr %o0 + cmp %o7,0 ! compiler never cleans %o7... + be 1f ! could have been a leaf function... + clr %o1 + call .walk.reg.wins + nop +1: clr %o2 + clr %o3 + clr %o4 + clr %o5 + clr %o7 + clr %l0 + clr %l1 + clr %l2 + clr %l3 + clr %l4 + clr %l5 + clr %l6 + clr %l7 + add %o0,1,%i0 ! used for debugging +2: ret + restore +.size OPENSSL_wipe_cpu,.-OPENSSL_wipe_cpu + +.global OPENSSL_atomic_add +.type OPENSSL_atomic_add,#function +.align 32 +OPENSSL_atomic_add: +#ifndef ABI64 + subcc %g0,1,%o2 + .word 0x95408000 !rd %ccr,%o2, see comment above + cmp %o2,0x99 + be .v9 + nop + save %sp,FRAME,%sp + ba .enter + nop +#ifdef __sun +! Note that you do not have to link with libthread to call thr_yield, +! as libc provides a stub, which is overloaded the moment you link +! with *either* libpthread or libthread... +#define YIELD_CPU thr_yield +#else +! applies at least to Linux and FreeBSD... Feedback expected... +#define YIELD_CPU sched_yield +#endif +.spin: call YIELD_CPU + nop +.enter: ld [%i0],%i2 + cmp %i2,-4096 + be .spin + mov -1,%i2 + swap [%i0],%i2 + cmp %i2,-1 + be .spin + add %i2,%i1,%i2 + stbar + st %i2,[%i0] + sra %i2,%g0,%i0 + ret + restore +.v9: +#endif + ld [%o0],%o2 +1: add %o1,%o2,%o3 + .word 0xd7e2100a !cas [%o0],%o2,%o3, compare [%o0] with %o2 and swap %o3 + cmp %o2,%o3 + bne 1b + mov %o3,%o2 ! cas is always fetching to dest. register + add %o1,%o2,%o0 ! OpenSSL expects the new value + retl + sra %o0,%g0,%o0 ! we return signed int, remember? +.size OPENSSL_atomic_add,.-OPENSSL_atomic_add + +.global _sparcv9_vis1_probe +.align 8 +_sparcv9_vis1_probe: + add %sp,BIAS+2,%o1 + .word 0xc19a5a40 !ldda [%o1]ASI_FP16_P,%f0 + retl + .word 0x81b00d80 !fxor %f0,%f0,%f0 +.type _sparcv9_vis1_probe,#function +.size _sparcv9_vis1_probe,.-_sparcv9_vis1_probe + +! Probe and instrument VIS1 instruction. Output is number of cycles it +! takes to execute rdtick and pair of VIS1 instructions. US-Tx VIS unit +! is slow (documented to be 6 cycles on T2) and the core is in-order +! single-issue, it should be possible to distinguish Tx reliably... +! Observed return values are: +! +! UltraSPARC IIe 7 +! UltraSPARC III 7 +! UltraSPARC T1 24 +! +! Numbers for T2 and SPARC64 V-VII are more than welcomed. +! +! It would be possible to detect specifically US-T1 by instrumenting +! fmul8ulx16, which is emulated on T1 and as such accounts for quite +! a lot of %tick-s, couple of thousand on Linux... +.global _sparcv9_vis1_instrument +.align 8 +_sparcv9_vis1_instrument: + .word 0x91410000 !rd %tick,%o0 + .word 0x81b00d80 !fxor %f0,%f0,%f0 + .word 0x85b08d82 !fxor %f2,%f2,%f2 + .word 0x93410000 !rd %tick,%o1 + .word 0x81b00d80 !fxor %f0,%f0,%f0 + .word 0x85b08d82 !fxor %f2,%f2,%f2 + .word 0x95410000 !rd %tick,%o2 + .word 0x81b00d80 !fxor %f0,%f0,%f0 + .word 0x85b08d82 !fxor %f2,%f2,%f2 + .word 0x97410000 !rd %tick,%o3 + .word 0x81b00d80 !fxor %f0,%f0,%f0 + .word 0x85b08d82 !fxor %f2,%f2,%f2 + .word 0x99410000 !rd %tick,%o4 + + ! calculate intervals + sub %o1,%o0,%o0 + sub %o2,%o1,%o1 + sub %o3,%o2,%o2 + sub %o4,%o3,%o3 + + ! find minumum value + cmp %o0,%o1 + .word 0x38680002 !bgu,a %xcc,.+8 + mov %o1,%o0 + cmp %o0,%o2 + .word 0x38680002 !bgu,a %xcc,.+8 + mov %o2,%o0 + cmp %o0,%o3 + .word 0x38680002 !bgu,a %xcc,.+8 + mov %o3,%o0 + + retl + nop +.type _sparcv9_vis1_instrument,#function +.size _sparcv9_vis1_instrument,.-_sparcv9_vis1_instrument + +.global _sparcv9_vis2_probe +.align 8 +_sparcv9_vis2_probe: + retl + .word 0x81b00980 !bshuffle %f0,%f0,%f0 +.type _sparcv9_vis2_probe,#function +.size _sparcv9_vis2_probe,.-_sparcv9_vis2_probe + +.global _sparcv9_fmadd_probe +.align 8 +_sparcv9_fmadd_probe: + .word 0x81b00d80 !fxor %f0,%f0,%f0 + .word 0x85b08d82 !fxor %f2,%f2,%f2 + retl + .word 0x81b80440 !fmaddd %f0,%f0,%f2,%f0 +.type _sparcv9_fmadd_probe,#function +.size _sparcv9_fmadd_probe,.-_sparcv9_fmadd_probe + +.section ".init",#alloc,#execinstr + call OPENSSL_cpuid_setup + nop diff --git a/src/lib/libcrypto/sparcv9cap.c b/src/lib/libcrypto/sparcv9cap.c new file mode 100644 index 00000000000..cc39c1bf453 --- /dev/null +++ b/src/lib/libcrypto/sparcv9cap.c @@ -0,0 +1,98 @@ +/* $OpenBSD: sparcv9cap.c,v 1.7 2014/06/20 21:00:46 deraadt Exp $ */ +#include +#include +#include +#include +#include +#include +#include + +#define SPARCV9_PREFER_FPU (1<<1) +#define SPARCV9_VIS1 (1<<2) +#define SPARCV9_VIS2 (1<<3) /* reserved */ +#define SPARCV9_FMADD (1<<4) /* reserved for SPARC64 V */ + +static int OPENSSL_sparcv9cap_P = 0; + +int +bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, + const BN_ULONG *np, const BN_ULONG *n0, int num) +{ + int bn_mul_mont_fpu(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np, const BN_ULONG *n0, int num); + int bn_mul_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np, const BN_ULONG *n0, int num); + + if (num >= 8 && !(num & 1) && + (OPENSSL_sparcv9cap_P & (SPARCV9_PREFER_FPU|SPARCV9_VIS1)) == + (SPARCV9_PREFER_FPU|SPARCV9_VIS1)) + return bn_mul_mont_fpu(rp, ap, bp, np, n0, num); + else + return bn_mul_mont_int(rp, ap, bp, np, n0, num); +} + +void _sparcv9_vis1_probe(void); +unsigned long _sparcv9_vis1_instrument(void); +void _sparcv9_vis2_probe(void); +void _sparcv9_fmadd_probe(void); + +static sigjmp_buf common_jmp; +static void +common_handler(int sig) +{ + siglongjmp(common_jmp, sig); +} + +void +OPENSSL_cpuid_setup(void) +{ + char *e; + struct sigaction common_act, ill_oact, bus_oact; + sigset_t all_masked, oset; + static int trigger = 0; + + if (trigger) + return; + trigger = 1; + + /* Initial value, fits UltraSPARC-I&II... */ + OPENSSL_sparcv9cap_P = SPARCV9_PREFER_FPU; + + sigfillset(&all_masked); + sigdelset(&all_masked, SIGILL); + sigdelset(&all_masked, SIGTRAP); +#ifdef SIGEMT + sigdelset(&all_masked, SIGEMT); +#endif + sigdelset(&all_masked, SIGFPE); + sigdelset(&all_masked, SIGBUS); + sigdelset(&all_masked, SIGSEGV); + sigprocmask(SIG_SETMASK, &all_masked, &oset); + + memset(&common_act, 0, sizeof(common_act)); + common_act.sa_handler = common_handler; + common_act.sa_mask = all_masked; + + sigaction(SIGILL, &common_act, &ill_oact); + sigaction(SIGBUS,&common_act,&bus_oact);/* T1 fails 16-bit ldda [on Linux] */ + + if (sigsetjmp(common_jmp, 1) == 0) { + _sparcv9_vis1_probe(); + OPENSSL_sparcv9cap_P |= SPARCV9_VIS1; + /* detect UltraSPARC-Tx, see sparccpud.S for details... */ + if (_sparcv9_vis1_instrument() >= 12) + OPENSSL_sparcv9cap_P &= ~(SPARCV9_VIS1|SPARCV9_PREFER_FPU); + else { + _sparcv9_vis2_probe(); + OPENSSL_sparcv9cap_P |= SPARCV9_VIS2; + } + } + + if (sigsetjmp(common_jmp, 1) == 0) { + _sparcv9_fmadd_probe(); + OPENSSL_sparcv9cap_P |= SPARCV9_FMADD; + } + + sigaction(SIGBUS, &bus_oact, NULL); + sigaction(SIGILL, &ill_oact, NULL); + + sigprocmask(SIG_SETMASK, &oset, NULL); +} diff --git a/src/lib/libcrypto/stack/Makefile.ssl b/src/lib/libcrypto/stack/Makefile.ssl deleted file mode 100644 index e04066dcd65..00000000000 --- a/src/lib/libcrypto/stack/Makefile.ssl +++ /dev/null @@ -1,88 +0,0 @@ -# -# SSLeay/crypto/stack/Makefile -# - -DIR= stack -TOP= ../.. -CC= cc -INCLUDES= -CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKE= make -f Makefile.ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) -MAKEFILE= Makefile.ssl -AR= ar r - -CFLAGS= $(INCLUDES) $(CFLAG) - -GENERAL=Makefile -TEST= -APPS= - -LIB=$(TOP)/libcrypto.a -LIBSRC=stack.c -LIBOBJ=stack.o - -SRC= $(LIBSRC) - -EXHEADER= stack.h safestack.h -HEADER= $(EXHEADER) - -ALL= $(GENERAL) $(SRC) $(HEADER) - -top: - (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) - -all: lib - -lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) || echo Never mind. - @touch lib - -files: - $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO - -links: - @sh $(TOP)/util/point.sh Makefile.ssl Makefile - @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) - @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) - @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) - -install: - @for i in $(EXHEADER) ; \ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; - -tags: - ctags $(SRC) - -tests: - -lint: - lint -DLINT $(INCLUDES) $(SRC)>fluff - -depend: - $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) - -dclean: - $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new - mv -f Makefile.new $(MAKEFILE) - -clean: - rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff - -# DO NOT DELETE THIS LINE -- make depend depends on it. - -stack.o: ../../e_os.h ../../include/openssl/bio.h -stack.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -stack.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -stack.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -stack.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -stack.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -stack.o: ../cryptlib.h stack.c diff --git a/src/lib/libcrypto/stack/safestack.h b/src/lib/libcrypto/stack/safestack.h index ed9ed2c23a0..ace2e95c13c 100644 --- a/src/lib/libcrypto/stack/safestack.h +++ b/src/lib/libcrypto/stack/safestack.h @@ -1,3 +1,4 @@ +/* $OpenBSD: safestack.h,v 1.17 2018/10/24 17:57:22 jsing Exp $ */ /* ==================================================================== * Copyright (c) 1999 The OpenSSL Project. All rights reserved. * @@ -57,7 +58,28 @@ #include -#ifdef DEBUG_SAFESTACK +#ifndef CHECKED_PTR_OF +#define CHECKED_PTR_OF(type, p) \ + ((void*) (1 ? p : (type*)0)) +#endif + +/* In C++ we get problems because an explicit cast is needed from (void *) + * we use CHECKED_STACK_OF to ensure the correct type is passed in the macros + * below. + */ + +#define CHECKED_STACK_OF(type, p) \ + ((_STACK*) (1 ? p : (STACK_OF(type)*)0)) + +#define CHECKED_SK_FREE_FUNC(type, p) \ + ((void (*)(void *)) ((1 ? p : (void (*)(type *))0))) + +#define CHECKED_SK_FREE_FUNC2(type, p) \ + ((void (*)(void *)) ((1 ? p : (void (*)(type))0))) + +#define CHECKED_SK_CMP_FUNC(type, p) \ + ((int (*)(const void *, const void *)) \ + ((1 ? p : (int (*)(const type * const *, const type * const *))0))) #define STACK_OF(type) struct stack_st_##type #define PREDECLARE_STACK_OF(type) STACK_OF(type); @@ -65,146 +87,99 @@ #define DECLARE_STACK_OF(type) \ STACK_OF(type) \ { \ - STACK stack; \ + _STACK stack; \ + }; +#define DECLARE_SPECIAL_STACK_OF(type, type2) \ +STACK_OF(type) \ + { \ + _STACK stack; \ }; #define IMPLEMENT_STACK_OF(type) /* nada (obsolete in new safestack approach)*/ + +/* Strings are special: normally an lhash entry will point to a single + * (somewhat) mutable object. In the case of strings: + * + * a) Instead of a single char, there is an array of chars, NUL-terminated. + * b) The string may have be immutable. + * + * So, they need their own declarations. Especially important for + * type-checking tools, such as Deputy. + * +o * In practice, however, it appears to be hard to have a const + * string. For now, I'm settling for dealing with the fact it is a + * string at all. + */ +typedef char *OPENSSL_STRING; + +typedef const char *OPENSSL_CSTRING; + +/* Confusingly, LHASH_OF(STRING) deals with char ** throughout, but + * STACK_OF(STRING) is really more like STACK_OF(char), only, as + * mentioned above, instead of a single char each entry is a + * NUL-terminated array of chars. So, we have to implement STRING + * specially for STACK_OF. This is dealt with in the autogenerated + * macros below. + */ + +DECLARE_SPECIAL_STACK_OF(OPENSSL_STRING, char) + +/* Similarly, we sometimes use a block of characters, NOT + * nul-terminated. These should also be distinguished from "normal" + * stacks. */ + +typedef void *OPENSSL_BLOCK; +DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) + /* SKM_sk_... stack macros are internal to safestack.h: * never use them directly, use sk__... instead */ #define SKM_sk_new(type, cmp) \ - ((STACK_OF(type) * (*)(int (*)(const type * const *, const type * const *)))sk_new)(cmp) + ((STACK_OF(type) *)sk_new(CHECKED_SK_CMP_FUNC(type, cmp))) #define SKM_sk_new_null(type) \ - ((STACK_OF(type) * (*)(void))sk_new_null)() + ((STACK_OF(type) *)sk_new_null()) #define SKM_sk_free(type, st) \ - ((void (*)(STACK_OF(type) *))sk_free)(st) + sk_free(CHECKED_STACK_OF(type, st)) #define SKM_sk_num(type, st) \ - ((int (*)(const STACK_OF(type) *))sk_num)(st) + sk_num(CHECKED_STACK_OF(type, st)) #define SKM_sk_value(type, st,i) \ - ((type * (*)(const STACK_OF(type) *, int))sk_value)(st, i) + ((type *)sk_value(CHECKED_STACK_OF(type, st), i)) #define SKM_sk_set(type, st,i,val) \ - ((type * (*)(STACK_OF(type) *, int, type *))sk_set)(st, i, val) + sk_set(CHECKED_STACK_OF(type, st), i, CHECKED_PTR_OF(type, val)) #define SKM_sk_zero(type, st) \ - ((void (*)(STACK_OF(type) *))sk_zero)(st) -#define SKM_sk_push(type, st,val) \ - ((int (*)(STACK_OF(type) *, type *))sk_push)(st, val) -#define SKM_sk_unshift(type, st,val) \ - ((int (*)(STACK_OF(type) *, type *))sk_unshift)(st, val) -#define SKM_sk_find(type, st,val) \ - ((int (*)(STACK_OF(type) *, type *))sk_find)(st, val) -#define SKM_sk_delete(type, st,i) \ - ((type * (*)(STACK_OF(type) *, int))sk_delete)(st, i) -#define SKM_sk_delete_ptr(type, st,ptr) \ - ((type * (*)(STACK_OF(type) *, type *))sk_delete_ptr)(st, ptr) -#define SKM_sk_insert(type, st,val,i) \ - ((int (*)(STACK_OF(type) *, type *, int))sk_insert)(st, val, i) -#define SKM_sk_set_cmp_func(type, st,cmp) \ - ((int (*(*)(STACK_OF(type) *, int (*)(const type * const *, const type * const *))) \ - (const type * const *, const type * const *))sk_set_cmp_func)\ - (st, cmp) -#define SKM_sk_dup(type, st) \ - ((STACK_OF(type) *(*)(STACK_OF(type) *))sk_dup)(st) -#define SKM_sk_pop_free(type, st,free_func) \ - ((void (*)(STACK_OF(type) *, void (*)(type *)))sk_pop_free)\ - (st, free_func) -#define SKM_sk_shift(type, st) \ - ((type * (*)(STACK_OF(type) *))sk_shift)(st) -#define SKM_sk_pop(type, st) \ - ((type * (*)(STACK_OF(type) *))sk_pop)(st) -#define SKM_sk_sort(type, st) \ - ((void (*)(STACK_OF(type) *))sk_sort)(st) - -#define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - ((STACK_OF(type) * (*) (STACK_OF(type) **,unsigned char **, long , \ - type *(*)(type **, unsigned char **,long), \ - void (*)(type *), int ,int )) d2i_ASN1_SET) \ - (st,pp,length, d2i_func, free_func, ex_tag,ex_class) -#define SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \ - ((int (*)(STACK_OF(type) *,unsigned char **, \ - int (*)(type *,unsigned char **), int , int , int)) i2d_ASN1_SET) \ - (st,pp,i2d_func,ex_tag,ex_class,is_set) - -#define SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \ - ((unsigned char *(*)(STACK_OF(type) *, \ - int (*)(type *,unsigned char **), unsigned char **,int *)) ASN1_seq_pack) \ - (st, i2d_func, buf, len) -#define SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \ - ((STACK_OF(type) * (*)(unsigned char *,int, \ - type *(*)(type **,unsigned char **, long), \ - void (*)(type *)))ASN1_seq_unpack) \ - (buf,len,d2i_func, free_func) - -#define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \ - ((STACK_OF(type) * (*)(X509_ALGOR *, \ - type *(*)(type **, unsigned char **, long), void (*)(type *), \ - const char *, int, \ - ASN1_STRING *, int))PKCS12_decrypt_d2i) \ - (algor,d2i_func,free_func,pass,passlen,oct,seq) - -#else - -#define STACK_OF(type) STACK -#define PREDECLARE_STACK_OF(type) /* nada */ -#define DECLARE_STACK_OF(type) /* nada */ -#define IMPLEMENT_STACK_OF(type) /* nada */ - -#define SKM_sk_new(type, cmp) \ - sk_new((int (*)(const char * const *, const char * const *))(cmp)) -#define SKM_sk_new_null(type) \ - sk_new_null() -#define SKM_sk_free(type, st) \ - sk_free(st) -#define SKM_sk_num(type, st) \ - sk_num(st) -#define SKM_sk_value(type, st,i) \ - ((type *)sk_value(st, i)) -#define SKM_sk_set(type, st,i,val) \ - ((type *)sk_set(st, i,(char *)val)) -#define SKM_sk_zero(type, st) \ - sk_zero(st) -#define SKM_sk_push(type, st,val) \ - sk_push(st, (char *)val) -#define SKM_sk_unshift(type, st,val) \ - sk_unshift(st, val) -#define SKM_sk_find(type, st,val) \ - sk_find(st, (char *)val) -#define SKM_sk_delete(type, st,i) \ - ((type *)sk_delete(st, i)) -#define SKM_sk_delete_ptr(type, st,ptr) \ - ((type *)sk_delete_ptr(st,(char *)ptr)) -#define SKM_sk_insert(type, st,val,i) \ - sk_insert(st, (char *)val, i) -#define SKM_sk_set_cmp_func(type, st,cmp) \ + sk_zero(CHECKED_STACK_OF(type, st)) +#define SKM_sk_push(type, st, val) \ + sk_push(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val)) +#define SKM_sk_unshift(type, st, val) \ + sk_unshift(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val)) +#define SKM_sk_find(type, st, val) \ + sk_find(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val)) +#define SKM_sk_find_ex(type, st, val) \ + sk_find_ex(CHECKED_STACK_OF(type, st), \ + CHECKED_PTR_OF(type, val)) +#define SKM_sk_delete(type, st, i) \ + (type *)sk_delete(CHECKED_STACK_OF(type, st), i) +#define SKM_sk_delete_ptr(type, st, ptr) \ + (type *)sk_delete_ptr(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, ptr)) +#define SKM_sk_insert(type, st,val, i) \ + sk_insert(CHECKED_STACK_OF(type, st), CHECKED_PTR_OF(type, val), i) +#define SKM_sk_set_cmp_func(type, st, cmp) \ ((int (*)(const type * const *,const type * const *)) \ - sk_set_cmp_func(st, (int (*)(const char * const *, const char * const *))(cmp))) + sk_set_cmp_func(CHECKED_STACK_OF(type, st), CHECKED_SK_CMP_FUNC(type, cmp))) #define SKM_sk_dup(type, st) \ - sk_dup(st) -#define SKM_sk_pop_free(type, st,free_func) \ - sk_pop_free(st, (void (*)(void *))free_func) + (STACK_OF(type) *)sk_dup(CHECKED_STACK_OF(type, st)) +#define SKM_sk_pop_free(type, st, free_func) \ + sk_pop_free(CHECKED_STACK_OF(type, st), CHECKED_SK_FREE_FUNC(type, free_func)) #define SKM_sk_shift(type, st) \ - ((type *)sk_shift(st)) + (type *)sk_shift(CHECKED_STACK_OF(type, st)) #define SKM_sk_pop(type, st) \ - ((type *)sk_pop(st)) + (type *)sk_pop(CHECKED_STACK_OF(type, st)) #define SKM_sk_sort(type, st) \ - sk_sort(st) - -#define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - d2i_ASN1_SET(st,pp,length, (char *(*)())d2i_func, (void (*)(void *))free_func, ex_tag,ex_class) -#define SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \ - i2d_ASN1_SET(st,pp,i2d_func,ex_tag,ex_class,is_set) - -#define SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \ - ASN1_seq_pack(st, i2d_func, buf, len) -#define SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \ - ASN1_seq_unpack(buf,len,(char *(*)())d2i_func, (void(*)(void *))free_func) - -#define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \ - ((STACK *)PKCS12_decrypt_d2i(algor,(char *(*)())d2i_func, (void(*)(void *))free_func,pass,passlen,oct,seq)) + sk_sort(CHECKED_STACK_OF(type, st)) +#define SKM_sk_is_sorted(type, st) \ + sk_is_sorted(CHECKED_STACK_OF(type, st)) -#endif - -/* This block of defines is updated by util/mkstack.pl, please do not touch! */ -#define sk_ACCESS_DESCRIPTION_new(st) SKM_sk_new(ACCESS_DESCRIPTION, (st)) +#define sk_ACCESS_DESCRIPTION_new(cmp) SKM_sk_new(ACCESS_DESCRIPTION, (cmp)) #define sk_ACCESS_DESCRIPTION_new_null() SKM_sk_new_null(ACCESS_DESCRIPTION) #define sk_ACCESS_DESCRIPTION_free(st) SKM_sk_free(ACCESS_DESCRIPTION, (st)) #define sk_ACCESS_DESCRIPTION_num(st) SKM_sk_num(ACCESS_DESCRIPTION, (st)) @@ -214,6 +189,7 @@ STACK_OF(type) \ #define sk_ACCESS_DESCRIPTION_push(st, val) SKM_sk_push(ACCESS_DESCRIPTION, (st), (val)) #define sk_ACCESS_DESCRIPTION_unshift(st, val) SKM_sk_unshift(ACCESS_DESCRIPTION, (st), (val)) #define sk_ACCESS_DESCRIPTION_find(st, val) SKM_sk_find(ACCESS_DESCRIPTION, (st), (val)) +#define sk_ACCESS_DESCRIPTION_find_ex(st, val) SKM_sk_find_ex(ACCESS_DESCRIPTION, (st), (val)) #define sk_ACCESS_DESCRIPTION_delete(st, i) SKM_sk_delete(ACCESS_DESCRIPTION, (st), (i)) #define sk_ACCESS_DESCRIPTION_delete_ptr(st, ptr) SKM_sk_delete_ptr(ACCESS_DESCRIPTION, (st), (ptr)) #define sk_ACCESS_DESCRIPTION_insert(st, val, i) SKM_sk_insert(ACCESS_DESCRIPTION, (st), (val), (i)) @@ -223,8 +199,31 @@ STACK_OF(type) \ #define sk_ACCESS_DESCRIPTION_shift(st) SKM_sk_shift(ACCESS_DESCRIPTION, (st)) #define sk_ACCESS_DESCRIPTION_pop(st) SKM_sk_pop(ACCESS_DESCRIPTION, (st)) #define sk_ACCESS_DESCRIPTION_sort(st) SKM_sk_sort(ACCESS_DESCRIPTION, (st)) - -#define sk_ASN1_GENERALSTRING_new(st) SKM_sk_new(ASN1_GENERALSTRING, (st)) +#define sk_ACCESS_DESCRIPTION_is_sorted(st) SKM_sk_is_sorted(ACCESS_DESCRIPTION, (st)) + +#define sk_ASIdOrRange_new(cmp) SKM_sk_new(ASIdOrRange, (cmp)) +#define sk_ASIdOrRange_new_null() SKM_sk_new_null(ASIdOrRange) +#define sk_ASIdOrRange_free(st) SKM_sk_free(ASIdOrRange, (st)) +#define sk_ASIdOrRange_num(st) SKM_sk_num(ASIdOrRange, (st)) +#define sk_ASIdOrRange_value(st, i) SKM_sk_value(ASIdOrRange, (st), (i)) +#define sk_ASIdOrRange_set(st, i, val) SKM_sk_set(ASIdOrRange, (st), (i), (val)) +#define sk_ASIdOrRange_zero(st) SKM_sk_zero(ASIdOrRange, (st)) +#define sk_ASIdOrRange_push(st, val) SKM_sk_push(ASIdOrRange, (st), (val)) +#define sk_ASIdOrRange_unshift(st, val) SKM_sk_unshift(ASIdOrRange, (st), (val)) +#define sk_ASIdOrRange_find(st, val) SKM_sk_find(ASIdOrRange, (st), (val)) +#define sk_ASIdOrRange_find_ex(st, val) SKM_sk_find_ex(ASIdOrRange, (st), (val)) +#define sk_ASIdOrRange_delete(st, i) SKM_sk_delete(ASIdOrRange, (st), (i)) +#define sk_ASIdOrRange_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASIdOrRange, (st), (ptr)) +#define sk_ASIdOrRange_insert(st, val, i) SKM_sk_insert(ASIdOrRange, (st), (val), (i)) +#define sk_ASIdOrRange_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASIdOrRange, (st), (cmp)) +#define sk_ASIdOrRange_dup(st) SKM_sk_dup(ASIdOrRange, st) +#define sk_ASIdOrRange_pop_free(st, free_func) SKM_sk_pop_free(ASIdOrRange, (st), (free_func)) +#define sk_ASIdOrRange_shift(st) SKM_sk_shift(ASIdOrRange, (st)) +#define sk_ASIdOrRange_pop(st) SKM_sk_pop(ASIdOrRange, (st)) +#define sk_ASIdOrRange_sort(st) SKM_sk_sort(ASIdOrRange, (st)) +#define sk_ASIdOrRange_is_sorted(st) SKM_sk_is_sorted(ASIdOrRange, (st)) + +#define sk_ASN1_GENERALSTRING_new(cmp) SKM_sk_new(ASN1_GENERALSTRING, (cmp)) #define sk_ASN1_GENERALSTRING_new_null() SKM_sk_new_null(ASN1_GENERALSTRING) #define sk_ASN1_GENERALSTRING_free(st) SKM_sk_free(ASN1_GENERALSTRING, (st)) #define sk_ASN1_GENERALSTRING_num(st) SKM_sk_num(ASN1_GENERALSTRING, (st)) @@ -234,6 +233,7 @@ STACK_OF(type) \ #define sk_ASN1_GENERALSTRING_push(st, val) SKM_sk_push(ASN1_GENERALSTRING, (st), (val)) #define sk_ASN1_GENERALSTRING_unshift(st, val) SKM_sk_unshift(ASN1_GENERALSTRING, (st), (val)) #define sk_ASN1_GENERALSTRING_find(st, val) SKM_sk_find(ASN1_GENERALSTRING, (st), (val)) +#define sk_ASN1_GENERALSTRING_find_ex(st, val) SKM_sk_find_ex(ASN1_GENERALSTRING, (st), (val)) #define sk_ASN1_GENERALSTRING_delete(st, i) SKM_sk_delete(ASN1_GENERALSTRING, (st), (i)) #define sk_ASN1_GENERALSTRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_GENERALSTRING, (st), (ptr)) #define sk_ASN1_GENERALSTRING_insert(st, val, i) SKM_sk_insert(ASN1_GENERALSTRING, (st), (val), (i)) @@ -243,8 +243,9 @@ STACK_OF(type) \ #define sk_ASN1_GENERALSTRING_shift(st) SKM_sk_shift(ASN1_GENERALSTRING, (st)) #define sk_ASN1_GENERALSTRING_pop(st) SKM_sk_pop(ASN1_GENERALSTRING, (st)) #define sk_ASN1_GENERALSTRING_sort(st) SKM_sk_sort(ASN1_GENERALSTRING, (st)) +#define sk_ASN1_GENERALSTRING_is_sorted(st) SKM_sk_is_sorted(ASN1_GENERALSTRING, (st)) -#define sk_ASN1_INTEGER_new(st) SKM_sk_new(ASN1_INTEGER, (st)) +#define sk_ASN1_INTEGER_new(cmp) SKM_sk_new(ASN1_INTEGER, (cmp)) #define sk_ASN1_INTEGER_new_null() SKM_sk_new_null(ASN1_INTEGER) #define sk_ASN1_INTEGER_free(st) SKM_sk_free(ASN1_INTEGER, (st)) #define sk_ASN1_INTEGER_num(st) SKM_sk_num(ASN1_INTEGER, (st)) @@ -254,6 +255,7 @@ STACK_OF(type) \ #define sk_ASN1_INTEGER_push(st, val) SKM_sk_push(ASN1_INTEGER, (st), (val)) #define sk_ASN1_INTEGER_unshift(st, val) SKM_sk_unshift(ASN1_INTEGER, (st), (val)) #define sk_ASN1_INTEGER_find(st, val) SKM_sk_find(ASN1_INTEGER, (st), (val)) +#define sk_ASN1_INTEGER_find_ex(st, val) SKM_sk_find_ex(ASN1_INTEGER, (st), (val)) #define sk_ASN1_INTEGER_delete(st, i) SKM_sk_delete(ASN1_INTEGER, (st), (i)) #define sk_ASN1_INTEGER_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_INTEGER, (st), (ptr)) #define sk_ASN1_INTEGER_insert(st, val, i) SKM_sk_insert(ASN1_INTEGER, (st), (val), (i)) @@ -263,8 +265,9 @@ STACK_OF(type) \ #define sk_ASN1_INTEGER_shift(st) SKM_sk_shift(ASN1_INTEGER, (st)) #define sk_ASN1_INTEGER_pop(st) SKM_sk_pop(ASN1_INTEGER, (st)) #define sk_ASN1_INTEGER_sort(st) SKM_sk_sort(ASN1_INTEGER, (st)) +#define sk_ASN1_INTEGER_is_sorted(st) SKM_sk_is_sorted(ASN1_INTEGER, (st)) -#define sk_ASN1_OBJECT_new(st) SKM_sk_new(ASN1_OBJECT, (st)) +#define sk_ASN1_OBJECT_new(cmp) SKM_sk_new(ASN1_OBJECT, (cmp)) #define sk_ASN1_OBJECT_new_null() SKM_sk_new_null(ASN1_OBJECT) #define sk_ASN1_OBJECT_free(st) SKM_sk_free(ASN1_OBJECT, (st)) #define sk_ASN1_OBJECT_num(st) SKM_sk_num(ASN1_OBJECT, (st)) @@ -274,6 +277,7 @@ STACK_OF(type) \ #define sk_ASN1_OBJECT_push(st, val) SKM_sk_push(ASN1_OBJECT, (st), (val)) #define sk_ASN1_OBJECT_unshift(st, val) SKM_sk_unshift(ASN1_OBJECT, (st), (val)) #define sk_ASN1_OBJECT_find(st, val) SKM_sk_find(ASN1_OBJECT, (st), (val)) +#define sk_ASN1_OBJECT_find_ex(st, val) SKM_sk_find_ex(ASN1_OBJECT, (st), (val)) #define sk_ASN1_OBJECT_delete(st, i) SKM_sk_delete(ASN1_OBJECT, (st), (i)) #define sk_ASN1_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_OBJECT, (st), (ptr)) #define sk_ASN1_OBJECT_insert(st, val, i) SKM_sk_insert(ASN1_OBJECT, (st), (val), (i)) @@ -283,8 +287,9 @@ STACK_OF(type) \ #define sk_ASN1_OBJECT_shift(st) SKM_sk_shift(ASN1_OBJECT, (st)) #define sk_ASN1_OBJECT_pop(st) SKM_sk_pop(ASN1_OBJECT, (st)) #define sk_ASN1_OBJECT_sort(st) SKM_sk_sort(ASN1_OBJECT, (st)) +#define sk_ASN1_OBJECT_is_sorted(st) SKM_sk_is_sorted(ASN1_OBJECT, (st)) -#define sk_ASN1_STRING_TABLE_new(st) SKM_sk_new(ASN1_STRING_TABLE, (st)) +#define sk_ASN1_STRING_TABLE_new(cmp) SKM_sk_new(ASN1_STRING_TABLE, (cmp)) #define sk_ASN1_STRING_TABLE_new_null() SKM_sk_new_null(ASN1_STRING_TABLE) #define sk_ASN1_STRING_TABLE_free(st) SKM_sk_free(ASN1_STRING_TABLE, (st)) #define sk_ASN1_STRING_TABLE_num(st) SKM_sk_num(ASN1_STRING_TABLE, (st)) @@ -294,6 +299,7 @@ STACK_OF(type) \ #define sk_ASN1_STRING_TABLE_push(st, val) SKM_sk_push(ASN1_STRING_TABLE, (st), (val)) #define sk_ASN1_STRING_TABLE_unshift(st, val) SKM_sk_unshift(ASN1_STRING_TABLE, (st), (val)) #define sk_ASN1_STRING_TABLE_find(st, val) SKM_sk_find(ASN1_STRING_TABLE, (st), (val)) +#define sk_ASN1_STRING_TABLE_find_ex(st, val) SKM_sk_find_ex(ASN1_STRING_TABLE, (st), (val)) #define sk_ASN1_STRING_TABLE_delete(st, i) SKM_sk_delete(ASN1_STRING_TABLE, (st), (i)) #define sk_ASN1_STRING_TABLE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_STRING_TABLE, (st), (ptr)) #define sk_ASN1_STRING_TABLE_insert(st, val, i) SKM_sk_insert(ASN1_STRING_TABLE, (st), (val), (i)) @@ -303,8 +309,9 @@ STACK_OF(type) \ #define sk_ASN1_STRING_TABLE_shift(st) SKM_sk_shift(ASN1_STRING_TABLE, (st)) #define sk_ASN1_STRING_TABLE_pop(st) SKM_sk_pop(ASN1_STRING_TABLE, (st)) #define sk_ASN1_STRING_TABLE_sort(st) SKM_sk_sort(ASN1_STRING_TABLE, (st)) +#define sk_ASN1_STRING_TABLE_is_sorted(st) SKM_sk_is_sorted(ASN1_STRING_TABLE, (st)) -#define sk_ASN1_TYPE_new(st) SKM_sk_new(ASN1_TYPE, (st)) +#define sk_ASN1_TYPE_new(cmp) SKM_sk_new(ASN1_TYPE, (cmp)) #define sk_ASN1_TYPE_new_null() SKM_sk_new_null(ASN1_TYPE) #define sk_ASN1_TYPE_free(st) SKM_sk_free(ASN1_TYPE, (st)) #define sk_ASN1_TYPE_num(st) SKM_sk_num(ASN1_TYPE, (st)) @@ -314,6 +321,7 @@ STACK_OF(type) \ #define sk_ASN1_TYPE_push(st, val) SKM_sk_push(ASN1_TYPE, (st), (val)) #define sk_ASN1_TYPE_unshift(st, val) SKM_sk_unshift(ASN1_TYPE, (st), (val)) #define sk_ASN1_TYPE_find(st, val) SKM_sk_find(ASN1_TYPE, (st), (val)) +#define sk_ASN1_TYPE_find_ex(st, val) SKM_sk_find_ex(ASN1_TYPE, (st), (val)) #define sk_ASN1_TYPE_delete(st, i) SKM_sk_delete(ASN1_TYPE, (st), (i)) #define sk_ASN1_TYPE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_TYPE, (st), (ptr)) #define sk_ASN1_TYPE_insert(st, val, i) SKM_sk_insert(ASN1_TYPE, (st), (val), (i)) @@ -323,8 +331,31 @@ STACK_OF(type) \ #define sk_ASN1_TYPE_shift(st) SKM_sk_shift(ASN1_TYPE, (st)) #define sk_ASN1_TYPE_pop(st) SKM_sk_pop(ASN1_TYPE, (st)) #define sk_ASN1_TYPE_sort(st) SKM_sk_sort(ASN1_TYPE, (st)) - -#define sk_ASN1_VALUE_new(st) SKM_sk_new(ASN1_VALUE, (st)) +#define sk_ASN1_TYPE_is_sorted(st) SKM_sk_is_sorted(ASN1_TYPE, (st)) + +#define sk_ASN1_UTF8STRING_new(cmp) SKM_sk_new(ASN1_UTF8STRING, (cmp)) +#define sk_ASN1_UTF8STRING_new_null() SKM_sk_new_null(ASN1_UTF8STRING) +#define sk_ASN1_UTF8STRING_free(st) SKM_sk_free(ASN1_UTF8STRING, (st)) +#define sk_ASN1_UTF8STRING_num(st) SKM_sk_num(ASN1_UTF8STRING, (st)) +#define sk_ASN1_UTF8STRING_value(st, i) SKM_sk_value(ASN1_UTF8STRING, (st), (i)) +#define sk_ASN1_UTF8STRING_set(st, i, val) SKM_sk_set(ASN1_UTF8STRING, (st), (i), (val)) +#define sk_ASN1_UTF8STRING_zero(st) SKM_sk_zero(ASN1_UTF8STRING, (st)) +#define sk_ASN1_UTF8STRING_push(st, val) SKM_sk_push(ASN1_UTF8STRING, (st), (val)) +#define sk_ASN1_UTF8STRING_unshift(st, val) SKM_sk_unshift(ASN1_UTF8STRING, (st), (val)) +#define sk_ASN1_UTF8STRING_find(st, val) SKM_sk_find(ASN1_UTF8STRING, (st), (val)) +#define sk_ASN1_UTF8STRING_find_ex(st, val) SKM_sk_find_ex(ASN1_UTF8STRING, (st), (val)) +#define sk_ASN1_UTF8STRING_delete(st, i) SKM_sk_delete(ASN1_UTF8STRING, (st), (i)) +#define sk_ASN1_UTF8STRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_UTF8STRING, (st), (ptr)) +#define sk_ASN1_UTF8STRING_insert(st, val, i) SKM_sk_insert(ASN1_UTF8STRING, (st), (val), (i)) +#define sk_ASN1_UTF8STRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_UTF8STRING, (st), (cmp)) +#define sk_ASN1_UTF8STRING_dup(st) SKM_sk_dup(ASN1_UTF8STRING, st) +#define sk_ASN1_UTF8STRING_pop_free(st, free_func) SKM_sk_pop_free(ASN1_UTF8STRING, (st), (free_func)) +#define sk_ASN1_UTF8STRING_shift(st) SKM_sk_shift(ASN1_UTF8STRING, (st)) +#define sk_ASN1_UTF8STRING_pop(st) SKM_sk_pop(ASN1_UTF8STRING, (st)) +#define sk_ASN1_UTF8STRING_sort(st) SKM_sk_sort(ASN1_UTF8STRING, (st)) +#define sk_ASN1_UTF8STRING_is_sorted(st) SKM_sk_is_sorted(ASN1_UTF8STRING, (st)) + +#define sk_ASN1_VALUE_new(cmp) SKM_sk_new(ASN1_VALUE, (cmp)) #define sk_ASN1_VALUE_new_null() SKM_sk_new_null(ASN1_VALUE) #define sk_ASN1_VALUE_free(st) SKM_sk_free(ASN1_VALUE, (st)) #define sk_ASN1_VALUE_num(st) SKM_sk_num(ASN1_VALUE, (st)) @@ -334,6 +365,7 @@ STACK_OF(type) \ #define sk_ASN1_VALUE_push(st, val) SKM_sk_push(ASN1_VALUE, (st), (val)) #define sk_ASN1_VALUE_unshift(st, val) SKM_sk_unshift(ASN1_VALUE, (st), (val)) #define sk_ASN1_VALUE_find(st, val) SKM_sk_find(ASN1_VALUE, (st), (val)) +#define sk_ASN1_VALUE_find_ex(st, val) SKM_sk_find_ex(ASN1_VALUE, (st), (val)) #define sk_ASN1_VALUE_delete(st, i) SKM_sk_delete(ASN1_VALUE, (st), (i)) #define sk_ASN1_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_VALUE, (st), (ptr)) #define sk_ASN1_VALUE_insert(st, val, i) SKM_sk_insert(ASN1_VALUE, (st), (val), (i)) @@ -343,8 +375,9 @@ STACK_OF(type) \ #define sk_ASN1_VALUE_shift(st) SKM_sk_shift(ASN1_VALUE, (st)) #define sk_ASN1_VALUE_pop(st) SKM_sk_pop(ASN1_VALUE, (st)) #define sk_ASN1_VALUE_sort(st) SKM_sk_sort(ASN1_VALUE, (st)) +#define sk_ASN1_VALUE_is_sorted(st) SKM_sk_is_sorted(ASN1_VALUE, (st)) -#define sk_BIO_new(st) SKM_sk_new(BIO, (st)) +#define sk_BIO_new(cmp) SKM_sk_new(BIO, (cmp)) #define sk_BIO_new_null() SKM_sk_new_null(BIO) #define sk_BIO_free(st) SKM_sk_free(BIO, (st)) #define sk_BIO_num(st) SKM_sk_num(BIO, (st)) @@ -354,6 +387,7 @@ STACK_OF(type) \ #define sk_BIO_push(st, val) SKM_sk_push(BIO, (st), (val)) #define sk_BIO_unshift(st, val) SKM_sk_unshift(BIO, (st), (val)) #define sk_BIO_find(st, val) SKM_sk_find(BIO, (st), (val)) +#define sk_BIO_find_ex(st, val) SKM_sk_find_ex(BIO, (st), (val)) #define sk_BIO_delete(st, i) SKM_sk_delete(BIO, (st), (i)) #define sk_BIO_delete_ptr(st, ptr) SKM_sk_delete_ptr(BIO, (st), (ptr)) #define sk_BIO_insert(st, val, i) SKM_sk_insert(BIO, (st), (val), (i)) @@ -363,8 +397,53 @@ STACK_OF(type) \ #define sk_BIO_shift(st) SKM_sk_shift(BIO, (st)) #define sk_BIO_pop(st) SKM_sk_pop(BIO, (st)) #define sk_BIO_sort(st) SKM_sk_sort(BIO, (st)) - -#define sk_CONF_IMODULE_new(st) SKM_sk_new(CONF_IMODULE, (st)) +#define sk_BIO_is_sorted(st) SKM_sk_is_sorted(BIO, (st)) + +#define sk_BY_DIR_ENTRY_new(cmp) SKM_sk_new(BY_DIR_ENTRY, (cmp)) +#define sk_BY_DIR_ENTRY_new_null() SKM_sk_new_null(BY_DIR_ENTRY) +#define sk_BY_DIR_ENTRY_free(st) SKM_sk_free(BY_DIR_ENTRY, (st)) +#define sk_BY_DIR_ENTRY_num(st) SKM_sk_num(BY_DIR_ENTRY, (st)) +#define sk_BY_DIR_ENTRY_value(st, i) SKM_sk_value(BY_DIR_ENTRY, (st), (i)) +#define sk_BY_DIR_ENTRY_set(st, i, val) SKM_sk_set(BY_DIR_ENTRY, (st), (i), (val)) +#define sk_BY_DIR_ENTRY_zero(st) SKM_sk_zero(BY_DIR_ENTRY, (st)) +#define sk_BY_DIR_ENTRY_push(st, val) SKM_sk_push(BY_DIR_ENTRY, (st), (val)) +#define sk_BY_DIR_ENTRY_unshift(st, val) SKM_sk_unshift(BY_DIR_ENTRY, (st), (val)) +#define sk_BY_DIR_ENTRY_find(st, val) SKM_sk_find(BY_DIR_ENTRY, (st), (val)) +#define sk_BY_DIR_ENTRY_find_ex(st, val) SKM_sk_find_ex(BY_DIR_ENTRY, (st), (val)) +#define sk_BY_DIR_ENTRY_delete(st, i) SKM_sk_delete(BY_DIR_ENTRY, (st), (i)) +#define sk_BY_DIR_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(BY_DIR_ENTRY, (st), (ptr)) +#define sk_BY_DIR_ENTRY_insert(st, val, i) SKM_sk_insert(BY_DIR_ENTRY, (st), (val), (i)) +#define sk_BY_DIR_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BY_DIR_ENTRY, (st), (cmp)) +#define sk_BY_DIR_ENTRY_dup(st) SKM_sk_dup(BY_DIR_ENTRY, st) +#define sk_BY_DIR_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(BY_DIR_ENTRY, (st), (free_func)) +#define sk_BY_DIR_ENTRY_shift(st) SKM_sk_shift(BY_DIR_ENTRY, (st)) +#define sk_BY_DIR_ENTRY_pop(st) SKM_sk_pop(BY_DIR_ENTRY, (st)) +#define sk_BY_DIR_ENTRY_sort(st) SKM_sk_sort(BY_DIR_ENTRY, (st)) +#define sk_BY_DIR_ENTRY_is_sorted(st) SKM_sk_is_sorted(BY_DIR_ENTRY, (st)) + +#define sk_BY_DIR_HASH_new(cmp) SKM_sk_new(BY_DIR_HASH, (cmp)) +#define sk_BY_DIR_HASH_new_null() SKM_sk_new_null(BY_DIR_HASH) +#define sk_BY_DIR_HASH_free(st) SKM_sk_free(BY_DIR_HASH, (st)) +#define sk_BY_DIR_HASH_num(st) SKM_sk_num(BY_DIR_HASH, (st)) +#define sk_BY_DIR_HASH_value(st, i) SKM_sk_value(BY_DIR_HASH, (st), (i)) +#define sk_BY_DIR_HASH_set(st, i, val) SKM_sk_set(BY_DIR_HASH, (st), (i), (val)) +#define sk_BY_DIR_HASH_zero(st) SKM_sk_zero(BY_DIR_HASH, (st)) +#define sk_BY_DIR_HASH_push(st, val) SKM_sk_push(BY_DIR_HASH, (st), (val)) +#define sk_BY_DIR_HASH_unshift(st, val) SKM_sk_unshift(BY_DIR_HASH, (st), (val)) +#define sk_BY_DIR_HASH_find(st, val) SKM_sk_find(BY_DIR_HASH, (st), (val)) +#define sk_BY_DIR_HASH_find_ex(st, val) SKM_sk_find_ex(BY_DIR_HASH, (st), (val)) +#define sk_BY_DIR_HASH_delete(st, i) SKM_sk_delete(BY_DIR_HASH, (st), (i)) +#define sk_BY_DIR_HASH_delete_ptr(st, ptr) SKM_sk_delete_ptr(BY_DIR_HASH, (st), (ptr)) +#define sk_BY_DIR_HASH_insert(st, val, i) SKM_sk_insert(BY_DIR_HASH, (st), (val), (i)) +#define sk_BY_DIR_HASH_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BY_DIR_HASH, (st), (cmp)) +#define sk_BY_DIR_HASH_dup(st) SKM_sk_dup(BY_DIR_HASH, st) +#define sk_BY_DIR_HASH_pop_free(st, free_func) SKM_sk_pop_free(BY_DIR_HASH, (st), (free_func)) +#define sk_BY_DIR_HASH_shift(st) SKM_sk_shift(BY_DIR_HASH, (st)) +#define sk_BY_DIR_HASH_pop(st) SKM_sk_pop(BY_DIR_HASH, (st)) +#define sk_BY_DIR_HASH_sort(st) SKM_sk_sort(BY_DIR_HASH, (st)) +#define sk_BY_DIR_HASH_is_sorted(st) SKM_sk_is_sorted(BY_DIR_HASH, (st)) + +#define sk_CONF_IMODULE_new(cmp) SKM_sk_new(CONF_IMODULE, (cmp)) #define sk_CONF_IMODULE_new_null() SKM_sk_new_null(CONF_IMODULE) #define sk_CONF_IMODULE_free(st) SKM_sk_free(CONF_IMODULE, (st)) #define sk_CONF_IMODULE_num(st) SKM_sk_num(CONF_IMODULE, (st)) @@ -374,6 +453,7 @@ STACK_OF(type) \ #define sk_CONF_IMODULE_push(st, val) SKM_sk_push(CONF_IMODULE, (st), (val)) #define sk_CONF_IMODULE_unshift(st, val) SKM_sk_unshift(CONF_IMODULE, (st), (val)) #define sk_CONF_IMODULE_find(st, val) SKM_sk_find(CONF_IMODULE, (st), (val)) +#define sk_CONF_IMODULE_find_ex(st, val) SKM_sk_find_ex(CONF_IMODULE, (st), (val)) #define sk_CONF_IMODULE_delete(st, i) SKM_sk_delete(CONF_IMODULE, (st), (i)) #define sk_CONF_IMODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_IMODULE, (st), (ptr)) #define sk_CONF_IMODULE_insert(st, val, i) SKM_sk_insert(CONF_IMODULE, (st), (val), (i)) @@ -383,8 +463,9 @@ STACK_OF(type) \ #define sk_CONF_IMODULE_shift(st) SKM_sk_shift(CONF_IMODULE, (st)) #define sk_CONF_IMODULE_pop(st) SKM_sk_pop(CONF_IMODULE, (st)) #define sk_CONF_IMODULE_sort(st) SKM_sk_sort(CONF_IMODULE, (st)) +#define sk_CONF_IMODULE_is_sorted(st) SKM_sk_is_sorted(CONF_IMODULE, (st)) -#define sk_CONF_MODULE_new(st) SKM_sk_new(CONF_MODULE, (st)) +#define sk_CONF_MODULE_new(cmp) SKM_sk_new(CONF_MODULE, (cmp)) #define sk_CONF_MODULE_new_null() SKM_sk_new_null(CONF_MODULE) #define sk_CONF_MODULE_free(st) SKM_sk_free(CONF_MODULE, (st)) #define sk_CONF_MODULE_num(st) SKM_sk_num(CONF_MODULE, (st)) @@ -394,6 +475,7 @@ STACK_OF(type) \ #define sk_CONF_MODULE_push(st, val) SKM_sk_push(CONF_MODULE, (st), (val)) #define sk_CONF_MODULE_unshift(st, val) SKM_sk_unshift(CONF_MODULE, (st), (val)) #define sk_CONF_MODULE_find(st, val) SKM_sk_find(CONF_MODULE, (st), (val)) +#define sk_CONF_MODULE_find_ex(st, val) SKM_sk_find_ex(CONF_MODULE, (st), (val)) #define sk_CONF_MODULE_delete(st, i) SKM_sk_delete(CONF_MODULE, (st), (i)) #define sk_CONF_MODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_MODULE, (st), (ptr)) #define sk_CONF_MODULE_insert(st, val, i) SKM_sk_insert(CONF_MODULE, (st), (val), (i)) @@ -403,8 +485,9 @@ STACK_OF(type) \ #define sk_CONF_MODULE_shift(st) SKM_sk_shift(CONF_MODULE, (st)) #define sk_CONF_MODULE_pop(st) SKM_sk_pop(CONF_MODULE, (st)) #define sk_CONF_MODULE_sort(st) SKM_sk_sort(CONF_MODULE, (st)) +#define sk_CONF_MODULE_is_sorted(st) SKM_sk_is_sorted(CONF_MODULE, (st)) -#define sk_CONF_VALUE_new(st) SKM_sk_new(CONF_VALUE, (st)) +#define sk_CONF_VALUE_new(cmp) SKM_sk_new(CONF_VALUE, (cmp)) #define sk_CONF_VALUE_new_null() SKM_sk_new_null(CONF_VALUE) #define sk_CONF_VALUE_free(st) SKM_sk_free(CONF_VALUE, (st)) #define sk_CONF_VALUE_num(st) SKM_sk_num(CONF_VALUE, (st)) @@ -414,6 +497,7 @@ STACK_OF(type) \ #define sk_CONF_VALUE_push(st, val) SKM_sk_push(CONF_VALUE, (st), (val)) #define sk_CONF_VALUE_unshift(st, val) SKM_sk_unshift(CONF_VALUE, (st), (val)) #define sk_CONF_VALUE_find(st, val) SKM_sk_find(CONF_VALUE, (st), (val)) +#define sk_CONF_VALUE_find_ex(st, val) SKM_sk_find_ex(CONF_VALUE, (st), (val)) #define sk_CONF_VALUE_delete(st, i) SKM_sk_delete(CONF_VALUE, (st), (i)) #define sk_CONF_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_VALUE, (st), (ptr)) #define sk_CONF_VALUE_insert(st, val, i) SKM_sk_insert(CONF_VALUE, (st), (val), (i)) @@ -423,8 +507,9 @@ STACK_OF(type) \ #define sk_CONF_VALUE_shift(st) SKM_sk_shift(CONF_VALUE, (st)) #define sk_CONF_VALUE_pop(st) SKM_sk_pop(CONF_VALUE, (st)) #define sk_CONF_VALUE_sort(st) SKM_sk_sort(CONF_VALUE, (st)) +#define sk_CONF_VALUE_is_sorted(st) SKM_sk_is_sorted(CONF_VALUE, (st)) -#define sk_CRYPTO_EX_DATA_FUNCS_new(st) SKM_sk_new(CRYPTO_EX_DATA_FUNCS, (st)) +#define sk_CRYPTO_EX_DATA_FUNCS_new(cmp) SKM_sk_new(CRYPTO_EX_DATA_FUNCS, (cmp)) #define sk_CRYPTO_EX_DATA_FUNCS_new_null() SKM_sk_new_null(CRYPTO_EX_DATA_FUNCS) #define sk_CRYPTO_EX_DATA_FUNCS_free(st) SKM_sk_free(CRYPTO_EX_DATA_FUNCS, (st)) #define sk_CRYPTO_EX_DATA_FUNCS_num(st) SKM_sk_num(CRYPTO_EX_DATA_FUNCS, (st)) @@ -434,6 +519,7 @@ STACK_OF(type) \ #define sk_CRYPTO_EX_DATA_FUNCS_push(st, val) SKM_sk_push(CRYPTO_EX_DATA_FUNCS, (st), (val)) #define sk_CRYPTO_EX_DATA_FUNCS_unshift(st, val) SKM_sk_unshift(CRYPTO_EX_DATA_FUNCS, (st), (val)) #define sk_CRYPTO_EX_DATA_FUNCS_find(st, val) SKM_sk_find(CRYPTO_EX_DATA_FUNCS, (st), (val)) +#define sk_CRYPTO_EX_DATA_FUNCS_find_ex(st, val) SKM_sk_find_ex(CRYPTO_EX_DATA_FUNCS, (st), (val)) #define sk_CRYPTO_EX_DATA_FUNCS_delete(st, i) SKM_sk_delete(CRYPTO_EX_DATA_FUNCS, (st), (i)) #define sk_CRYPTO_EX_DATA_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_EX_DATA_FUNCS, (st), (ptr)) #define sk_CRYPTO_EX_DATA_FUNCS_insert(st, val, i) SKM_sk_insert(CRYPTO_EX_DATA_FUNCS, (st), (val), (i)) @@ -443,8 +529,9 @@ STACK_OF(type) \ #define sk_CRYPTO_EX_DATA_FUNCS_shift(st) SKM_sk_shift(CRYPTO_EX_DATA_FUNCS, (st)) #define sk_CRYPTO_EX_DATA_FUNCS_pop(st) SKM_sk_pop(CRYPTO_EX_DATA_FUNCS, (st)) #define sk_CRYPTO_EX_DATA_FUNCS_sort(st) SKM_sk_sort(CRYPTO_EX_DATA_FUNCS, (st)) +#define sk_CRYPTO_EX_DATA_FUNCS_is_sorted(st) SKM_sk_is_sorted(CRYPTO_EX_DATA_FUNCS, (st)) -#define sk_CRYPTO_dynlock_new(st) SKM_sk_new(CRYPTO_dynlock, (st)) +#define sk_CRYPTO_dynlock_new(cmp) SKM_sk_new(CRYPTO_dynlock, (cmp)) #define sk_CRYPTO_dynlock_new_null() SKM_sk_new_null(CRYPTO_dynlock) #define sk_CRYPTO_dynlock_free(st) SKM_sk_free(CRYPTO_dynlock, (st)) #define sk_CRYPTO_dynlock_num(st) SKM_sk_num(CRYPTO_dynlock, (st)) @@ -454,6 +541,7 @@ STACK_OF(type) \ #define sk_CRYPTO_dynlock_push(st, val) SKM_sk_push(CRYPTO_dynlock, (st), (val)) #define sk_CRYPTO_dynlock_unshift(st, val) SKM_sk_unshift(CRYPTO_dynlock, (st), (val)) #define sk_CRYPTO_dynlock_find(st, val) SKM_sk_find(CRYPTO_dynlock, (st), (val)) +#define sk_CRYPTO_dynlock_find_ex(st, val) SKM_sk_find_ex(CRYPTO_dynlock, (st), (val)) #define sk_CRYPTO_dynlock_delete(st, i) SKM_sk_delete(CRYPTO_dynlock, (st), (i)) #define sk_CRYPTO_dynlock_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_dynlock, (st), (ptr)) #define sk_CRYPTO_dynlock_insert(st, val, i) SKM_sk_insert(CRYPTO_dynlock, (st), (val), (i)) @@ -463,8 +551,9 @@ STACK_OF(type) \ #define sk_CRYPTO_dynlock_shift(st) SKM_sk_shift(CRYPTO_dynlock, (st)) #define sk_CRYPTO_dynlock_pop(st) SKM_sk_pop(CRYPTO_dynlock, (st)) #define sk_CRYPTO_dynlock_sort(st) SKM_sk_sort(CRYPTO_dynlock, (st)) +#define sk_CRYPTO_dynlock_is_sorted(st) SKM_sk_is_sorted(CRYPTO_dynlock, (st)) -#define sk_DIST_POINT_new(st) SKM_sk_new(DIST_POINT, (st)) +#define sk_DIST_POINT_new(cmp) SKM_sk_new(DIST_POINT, (cmp)) #define sk_DIST_POINT_new_null() SKM_sk_new_null(DIST_POINT) #define sk_DIST_POINT_free(st) SKM_sk_free(DIST_POINT, (st)) #define sk_DIST_POINT_num(st) SKM_sk_num(DIST_POINT, (st)) @@ -474,6 +563,7 @@ STACK_OF(type) \ #define sk_DIST_POINT_push(st, val) SKM_sk_push(DIST_POINT, (st), (val)) #define sk_DIST_POINT_unshift(st, val) SKM_sk_unshift(DIST_POINT, (st), (val)) #define sk_DIST_POINT_find(st, val) SKM_sk_find(DIST_POINT, (st), (val)) +#define sk_DIST_POINT_find_ex(st, val) SKM_sk_find_ex(DIST_POINT, (st), (val)) #define sk_DIST_POINT_delete(st, i) SKM_sk_delete(DIST_POINT, (st), (i)) #define sk_DIST_POINT_delete_ptr(st, ptr) SKM_sk_delete_ptr(DIST_POINT, (st), (ptr)) #define sk_DIST_POINT_insert(st, val, i) SKM_sk_insert(DIST_POINT, (st), (val), (i)) @@ -483,8 +573,9 @@ STACK_OF(type) \ #define sk_DIST_POINT_shift(st) SKM_sk_shift(DIST_POINT, (st)) #define sk_DIST_POINT_pop(st) SKM_sk_pop(DIST_POINT, (st)) #define sk_DIST_POINT_sort(st) SKM_sk_sort(DIST_POINT, (st)) +#define sk_DIST_POINT_is_sorted(st) SKM_sk_is_sorted(DIST_POINT, (st)) -#define sk_ENGINE_new(st) SKM_sk_new(ENGINE, (st)) +#define sk_ENGINE_new(cmp) SKM_sk_new(ENGINE, (cmp)) #define sk_ENGINE_new_null() SKM_sk_new_null(ENGINE) #define sk_ENGINE_free(st) SKM_sk_free(ENGINE, (st)) #define sk_ENGINE_num(st) SKM_sk_num(ENGINE, (st)) @@ -494,6 +585,7 @@ STACK_OF(type) \ #define sk_ENGINE_push(st, val) SKM_sk_push(ENGINE, (st), (val)) #define sk_ENGINE_unshift(st, val) SKM_sk_unshift(ENGINE, (st), (val)) #define sk_ENGINE_find(st, val) SKM_sk_find(ENGINE, (st), (val)) +#define sk_ENGINE_find_ex(st, val) SKM_sk_find_ex(ENGINE, (st), (val)) #define sk_ENGINE_delete(st, i) SKM_sk_delete(ENGINE, (st), (i)) #define sk_ENGINE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE, (st), (ptr)) #define sk_ENGINE_insert(st, val, i) SKM_sk_insert(ENGINE, (st), (val), (i)) @@ -503,8 +595,9 @@ STACK_OF(type) \ #define sk_ENGINE_shift(st) SKM_sk_shift(ENGINE, (st)) #define sk_ENGINE_pop(st) SKM_sk_pop(ENGINE, (st)) #define sk_ENGINE_sort(st) SKM_sk_sort(ENGINE, (st)) +#define sk_ENGINE_is_sorted(st) SKM_sk_is_sorted(ENGINE, (st)) -#define sk_ENGINE_CLEANUP_ITEM_new(st) SKM_sk_new(ENGINE_CLEANUP_ITEM, (st)) +#define sk_ENGINE_CLEANUP_ITEM_new(cmp) SKM_sk_new(ENGINE_CLEANUP_ITEM, (cmp)) #define sk_ENGINE_CLEANUP_ITEM_new_null() SKM_sk_new_null(ENGINE_CLEANUP_ITEM) #define sk_ENGINE_CLEANUP_ITEM_free(st) SKM_sk_free(ENGINE_CLEANUP_ITEM, (st)) #define sk_ENGINE_CLEANUP_ITEM_num(st) SKM_sk_num(ENGINE_CLEANUP_ITEM, (st)) @@ -514,6 +607,7 @@ STACK_OF(type) \ #define sk_ENGINE_CLEANUP_ITEM_push(st, val) SKM_sk_push(ENGINE_CLEANUP_ITEM, (st), (val)) #define sk_ENGINE_CLEANUP_ITEM_unshift(st, val) SKM_sk_unshift(ENGINE_CLEANUP_ITEM, (st), (val)) #define sk_ENGINE_CLEANUP_ITEM_find(st, val) SKM_sk_find(ENGINE_CLEANUP_ITEM, (st), (val)) +#define sk_ENGINE_CLEANUP_ITEM_find_ex(st, val) SKM_sk_find_ex(ENGINE_CLEANUP_ITEM, (st), (val)) #define sk_ENGINE_CLEANUP_ITEM_delete(st, i) SKM_sk_delete(ENGINE_CLEANUP_ITEM, (st), (i)) #define sk_ENGINE_CLEANUP_ITEM_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE_CLEANUP_ITEM, (st), (ptr)) #define sk_ENGINE_CLEANUP_ITEM_insert(st, val, i) SKM_sk_insert(ENGINE_CLEANUP_ITEM, (st), (val), (i)) @@ -523,8 +617,119 @@ STACK_OF(type) \ #define sk_ENGINE_CLEANUP_ITEM_shift(st) SKM_sk_shift(ENGINE_CLEANUP_ITEM, (st)) #define sk_ENGINE_CLEANUP_ITEM_pop(st) SKM_sk_pop(ENGINE_CLEANUP_ITEM, (st)) #define sk_ENGINE_CLEANUP_ITEM_sort(st) SKM_sk_sort(ENGINE_CLEANUP_ITEM, (st)) - -#define sk_GENERAL_NAME_new(st) SKM_sk_new(GENERAL_NAME, (st)) +#define sk_ENGINE_CLEANUP_ITEM_is_sorted(st) SKM_sk_is_sorted(ENGINE_CLEANUP_ITEM, (st)) + +#define sk_ESS_CERT_ID_new(cmp) SKM_sk_new(ESS_CERT_ID, (cmp)) +#define sk_ESS_CERT_ID_new_null() SKM_sk_new_null(ESS_CERT_ID) +#define sk_ESS_CERT_ID_free(st) SKM_sk_free(ESS_CERT_ID, (st)) +#define sk_ESS_CERT_ID_num(st) SKM_sk_num(ESS_CERT_ID, (st)) +#define sk_ESS_CERT_ID_value(st, i) SKM_sk_value(ESS_CERT_ID, (st), (i)) +#define sk_ESS_CERT_ID_set(st, i, val) SKM_sk_set(ESS_CERT_ID, (st), (i), (val)) +#define sk_ESS_CERT_ID_zero(st) SKM_sk_zero(ESS_CERT_ID, (st)) +#define sk_ESS_CERT_ID_push(st, val) SKM_sk_push(ESS_CERT_ID, (st), (val)) +#define sk_ESS_CERT_ID_unshift(st, val) SKM_sk_unshift(ESS_CERT_ID, (st), (val)) +#define sk_ESS_CERT_ID_find(st, val) SKM_sk_find(ESS_CERT_ID, (st), (val)) +#define sk_ESS_CERT_ID_find_ex(st, val) SKM_sk_find_ex(ESS_CERT_ID, (st), (val)) +#define sk_ESS_CERT_ID_delete(st, i) SKM_sk_delete(ESS_CERT_ID, (st), (i)) +#define sk_ESS_CERT_ID_delete_ptr(st, ptr) SKM_sk_delete_ptr(ESS_CERT_ID, (st), (ptr)) +#define sk_ESS_CERT_ID_insert(st, val, i) SKM_sk_insert(ESS_CERT_ID, (st), (val), (i)) +#define sk_ESS_CERT_ID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ESS_CERT_ID, (st), (cmp)) +#define sk_ESS_CERT_ID_dup(st) SKM_sk_dup(ESS_CERT_ID, st) +#define sk_ESS_CERT_ID_pop_free(st, free_func) SKM_sk_pop_free(ESS_CERT_ID, (st), (free_func)) +#define sk_ESS_CERT_ID_shift(st) SKM_sk_shift(ESS_CERT_ID, (st)) +#define sk_ESS_CERT_ID_pop(st) SKM_sk_pop(ESS_CERT_ID, (st)) +#define sk_ESS_CERT_ID_sort(st) SKM_sk_sort(ESS_CERT_ID, (st)) +#define sk_ESS_CERT_ID_is_sorted(st) SKM_sk_is_sorted(ESS_CERT_ID, (st)) + +#define sk_EVP_MD_new(cmp) SKM_sk_new(EVP_MD, (cmp)) +#define sk_EVP_MD_new_null() SKM_sk_new_null(EVP_MD) +#define sk_EVP_MD_free(st) SKM_sk_free(EVP_MD, (st)) +#define sk_EVP_MD_num(st) SKM_sk_num(EVP_MD, (st)) +#define sk_EVP_MD_value(st, i) SKM_sk_value(EVP_MD, (st), (i)) +#define sk_EVP_MD_set(st, i, val) SKM_sk_set(EVP_MD, (st), (i), (val)) +#define sk_EVP_MD_zero(st) SKM_sk_zero(EVP_MD, (st)) +#define sk_EVP_MD_push(st, val) SKM_sk_push(EVP_MD, (st), (val)) +#define sk_EVP_MD_unshift(st, val) SKM_sk_unshift(EVP_MD, (st), (val)) +#define sk_EVP_MD_find(st, val) SKM_sk_find(EVP_MD, (st), (val)) +#define sk_EVP_MD_find_ex(st, val) SKM_sk_find_ex(EVP_MD, (st), (val)) +#define sk_EVP_MD_delete(st, i) SKM_sk_delete(EVP_MD, (st), (i)) +#define sk_EVP_MD_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_MD, (st), (ptr)) +#define sk_EVP_MD_insert(st, val, i) SKM_sk_insert(EVP_MD, (st), (val), (i)) +#define sk_EVP_MD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_MD, (st), (cmp)) +#define sk_EVP_MD_dup(st) SKM_sk_dup(EVP_MD, st) +#define sk_EVP_MD_pop_free(st, free_func) SKM_sk_pop_free(EVP_MD, (st), (free_func)) +#define sk_EVP_MD_shift(st) SKM_sk_shift(EVP_MD, (st)) +#define sk_EVP_MD_pop(st) SKM_sk_pop(EVP_MD, (st)) +#define sk_EVP_MD_sort(st) SKM_sk_sort(EVP_MD, (st)) +#define sk_EVP_MD_is_sorted(st) SKM_sk_is_sorted(EVP_MD, (st)) + +#define sk_EVP_PBE_CTL_new(cmp) SKM_sk_new(EVP_PBE_CTL, (cmp)) +#define sk_EVP_PBE_CTL_new_null() SKM_sk_new_null(EVP_PBE_CTL) +#define sk_EVP_PBE_CTL_free(st) SKM_sk_free(EVP_PBE_CTL, (st)) +#define sk_EVP_PBE_CTL_num(st) SKM_sk_num(EVP_PBE_CTL, (st)) +#define sk_EVP_PBE_CTL_value(st, i) SKM_sk_value(EVP_PBE_CTL, (st), (i)) +#define sk_EVP_PBE_CTL_set(st, i, val) SKM_sk_set(EVP_PBE_CTL, (st), (i), (val)) +#define sk_EVP_PBE_CTL_zero(st) SKM_sk_zero(EVP_PBE_CTL, (st)) +#define sk_EVP_PBE_CTL_push(st, val) SKM_sk_push(EVP_PBE_CTL, (st), (val)) +#define sk_EVP_PBE_CTL_unshift(st, val) SKM_sk_unshift(EVP_PBE_CTL, (st), (val)) +#define sk_EVP_PBE_CTL_find(st, val) SKM_sk_find(EVP_PBE_CTL, (st), (val)) +#define sk_EVP_PBE_CTL_find_ex(st, val) SKM_sk_find_ex(EVP_PBE_CTL, (st), (val)) +#define sk_EVP_PBE_CTL_delete(st, i) SKM_sk_delete(EVP_PBE_CTL, (st), (i)) +#define sk_EVP_PBE_CTL_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_PBE_CTL, (st), (ptr)) +#define sk_EVP_PBE_CTL_insert(st, val, i) SKM_sk_insert(EVP_PBE_CTL, (st), (val), (i)) +#define sk_EVP_PBE_CTL_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_PBE_CTL, (st), (cmp)) +#define sk_EVP_PBE_CTL_dup(st) SKM_sk_dup(EVP_PBE_CTL, st) +#define sk_EVP_PBE_CTL_pop_free(st, free_func) SKM_sk_pop_free(EVP_PBE_CTL, (st), (free_func)) +#define sk_EVP_PBE_CTL_shift(st) SKM_sk_shift(EVP_PBE_CTL, (st)) +#define sk_EVP_PBE_CTL_pop(st) SKM_sk_pop(EVP_PBE_CTL, (st)) +#define sk_EVP_PBE_CTL_sort(st) SKM_sk_sort(EVP_PBE_CTL, (st)) +#define sk_EVP_PBE_CTL_is_sorted(st) SKM_sk_is_sorted(EVP_PBE_CTL, (st)) + +#define sk_EVP_PKEY_ASN1_METHOD_new(cmp) SKM_sk_new(EVP_PKEY_ASN1_METHOD, (cmp)) +#define sk_EVP_PKEY_ASN1_METHOD_new_null() SKM_sk_new_null(EVP_PKEY_ASN1_METHOD) +#define sk_EVP_PKEY_ASN1_METHOD_free(st) SKM_sk_free(EVP_PKEY_ASN1_METHOD, (st)) +#define sk_EVP_PKEY_ASN1_METHOD_num(st) SKM_sk_num(EVP_PKEY_ASN1_METHOD, (st)) +#define sk_EVP_PKEY_ASN1_METHOD_value(st, i) SKM_sk_value(EVP_PKEY_ASN1_METHOD, (st), (i)) +#define sk_EVP_PKEY_ASN1_METHOD_set(st, i, val) SKM_sk_set(EVP_PKEY_ASN1_METHOD, (st), (i), (val)) +#define sk_EVP_PKEY_ASN1_METHOD_zero(st) SKM_sk_zero(EVP_PKEY_ASN1_METHOD, (st)) +#define sk_EVP_PKEY_ASN1_METHOD_push(st, val) SKM_sk_push(EVP_PKEY_ASN1_METHOD, (st), (val)) +#define sk_EVP_PKEY_ASN1_METHOD_unshift(st, val) SKM_sk_unshift(EVP_PKEY_ASN1_METHOD, (st), (val)) +#define sk_EVP_PKEY_ASN1_METHOD_find(st, val) SKM_sk_find(EVP_PKEY_ASN1_METHOD, (st), (val)) +#define sk_EVP_PKEY_ASN1_METHOD_find_ex(st, val) SKM_sk_find_ex(EVP_PKEY_ASN1_METHOD, (st), (val)) +#define sk_EVP_PKEY_ASN1_METHOD_delete(st, i) SKM_sk_delete(EVP_PKEY_ASN1_METHOD, (st), (i)) +#define sk_EVP_PKEY_ASN1_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_PKEY_ASN1_METHOD, (st), (ptr)) +#define sk_EVP_PKEY_ASN1_METHOD_insert(st, val, i) SKM_sk_insert(EVP_PKEY_ASN1_METHOD, (st), (val), (i)) +#define sk_EVP_PKEY_ASN1_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_PKEY_ASN1_METHOD, (st), (cmp)) +#define sk_EVP_PKEY_ASN1_METHOD_dup(st) SKM_sk_dup(EVP_PKEY_ASN1_METHOD, st) +#define sk_EVP_PKEY_ASN1_METHOD_pop_free(st, free_func) SKM_sk_pop_free(EVP_PKEY_ASN1_METHOD, (st), (free_func)) +#define sk_EVP_PKEY_ASN1_METHOD_shift(st) SKM_sk_shift(EVP_PKEY_ASN1_METHOD, (st)) +#define sk_EVP_PKEY_ASN1_METHOD_pop(st) SKM_sk_pop(EVP_PKEY_ASN1_METHOD, (st)) +#define sk_EVP_PKEY_ASN1_METHOD_sort(st) SKM_sk_sort(EVP_PKEY_ASN1_METHOD, (st)) +#define sk_EVP_PKEY_ASN1_METHOD_is_sorted(st) SKM_sk_is_sorted(EVP_PKEY_ASN1_METHOD, (st)) + +#define sk_EVP_PKEY_METHOD_new(cmp) SKM_sk_new(EVP_PKEY_METHOD, (cmp)) +#define sk_EVP_PKEY_METHOD_new_null() SKM_sk_new_null(EVP_PKEY_METHOD) +#define sk_EVP_PKEY_METHOD_free(st) SKM_sk_free(EVP_PKEY_METHOD, (st)) +#define sk_EVP_PKEY_METHOD_num(st) SKM_sk_num(EVP_PKEY_METHOD, (st)) +#define sk_EVP_PKEY_METHOD_value(st, i) SKM_sk_value(EVP_PKEY_METHOD, (st), (i)) +#define sk_EVP_PKEY_METHOD_set(st, i, val) SKM_sk_set(EVP_PKEY_METHOD, (st), (i), (val)) +#define sk_EVP_PKEY_METHOD_zero(st) SKM_sk_zero(EVP_PKEY_METHOD, (st)) +#define sk_EVP_PKEY_METHOD_push(st, val) SKM_sk_push(EVP_PKEY_METHOD, (st), (val)) +#define sk_EVP_PKEY_METHOD_unshift(st, val) SKM_sk_unshift(EVP_PKEY_METHOD, (st), (val)) +#define sk_EVP_PKEY_METHOD_find(st, val) SKM_sk_find(EVP_PKEY_METHOD, (st), (val)) +#define sk_EVP_PKEY_METHOD_find_ex(st, val) SKM_sk_find_ex(EVP_PKEY_METHOD, (st), (val)) +#define sk_EVP_PKEY_METHOD_delete(st, i) SKM_sk_delete(EVP_PKEY_METHOD, (st), (i)) +#define sk_EVP_PKEY_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(EVP_PKEY_METHOD, (st), (ptr)) +#define sk_EVP_PKEY_METHOD_insert(st, val, i) SKM_sk_insert(EVP_PKEY_METHOD, (st), (val), (i)) +#define sk_EVP_PKEY_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(EVP_PKEY_METHOD, (st), (cmp)) +#define sk_EVP_PKEY_METHOD_dup(st) SKM_sk_dup(EVP_PKEY_METHOD, st) +#define sk_EVP_PKEY_METHOD_pop_free(st, free_func) SKM_sk_pop_free(EVP_PKEY_METHOD, (st), (free_func)) +#define sk_EVP_PKEY_METHOD_shift(st) SKM_sk_shift(EVP_PKEY_METHOD, (st)) +#define sk_EVP_PKEY_METHOD_pop(st) SKM_sk_pop(EVP_PKEY_METHOD, (st)) +#define sk_EVP_PKEY_METHOD_sort(st) SKM_sk_sort(EVP_PKEY_METHOD, (st)) +#define sk_EVP_PKEY_METHOD_is_sorted(st) SKM_sk_is_sorted(EVP_PKEY_METHOD, (st)) + +#define sk_GENERAL_NAME_new(cmp) SKM_sk_new(GENERAL_NAME, (cmp)) #define sk_GENERAL_NAME_new_null() SKM_sk_new_null(GENERAL_NAME) #define sk_GENERAL_NAME_free(st) SKM_sk_free(GENERAL_NAME, (st)) #define sk_GENERAL_NAME_num(st) SKM_sk_num(GENERAL_NAME, (st)) @@ -534,6 +739,7 @@ STACK_OF(type) \ #define sk_GENERAL_NAME_push(st, val) SKM_sk_push(GENERAL_NAME, (st), (val)) #define sk_GENERAL_NAME_unshift(st, val) SKM_sk_unshift(GENERAL_NAME, (st), (val)) #define sk_GENERAL_NAME_find(st, val) SKM_sk_find(GENERAL_NAME, (st), (val)) +#define sk_GENERAL_NAME_find_ex(st, val) SKM_sk_find_ex(GENERAL_NAME, (st), (val)) #define sk_GENERAL_NAME_delete(st, i) SKM_sk_delete(GENERAL_NAME, (st), (i)) #define sk_GENERAL_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_NAME, (st), (ptr)) #define sk_GENERAL_NAME_insert(st, val, i) SKM_sk_insert(GENERAL_NAME, (st), (val), (i)) @@ -543,168 +749,119 @@ STACK_OF(type) \ #define sk_GENERAL_NAME_shift(st) SKM_sk_shift(GENERAL_NAME, (st)) #define sk_GENERAL_NAME_pop(st) SKM_sk_pop(GENERAL_NAME, (st)) #define sk_GENERAL_NAME_sort(st) SKM_sk_sort(GENERAL_NAME, (st)) - -#define sk_KRB5_APREQBODY_new(st) SKM_sk_new(KRB5_APREQBODY, (st)) -#define sk_KRB5_APREQBODY_new_null() SKM_sk_new_null(KRB5_APREQBODY) -#define sk_KRB5_APREQBODY_free(st) SKM_sk_free(KRB5_APREQBODY, (st)) -#define sk_KRB5_APREQBODY_num(st) SKM_sk_num(KRB5_APREQBODY, (st)) -#define sk_KRB5_APREQBODY_value(st, i) SKM_sk_value(KRB5_APREQBODY, (st), (i)) -#define sk_KRB5_APREQBODY_set(st, i, val) SKM_sk_set(KRB5_APREQBODY, (st), (i), (val)) -#define sk_KRB5_APREQBODY_zero(st) SKM_sk_zero(KRB5_APREQBODY, (st)) -#define sk_KRB5_APREQBODY_push(st, val) SKM_sk_push(KRB5_APREQBODY, (st), (val)) -#define sk_KRB5_APREQBODY_unshift(st, val) SKM_sk_unshift(KRB5_APREQBODY, (st), (val)) -#define sk_KRB5_APREQBODY_find(st, val) SKM_sk_find(KRB5_APREQBODY, (st), (val)) -#define sk_KRB5_APREQBODY_delete(st, i) SKM_sk_delete(KRB5_APREQBODY, (st), (i)) -#define sk_KRB5_APREQBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_APREQBODY, (st), (ptr)) -#define sk_KRB5_APREQBODY_insert(st, val, i) SKM_sk_insert(KRB5_APREQBODY, (st), (val), (i)) -#define sk_KRB5_APREQBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_APREQBODY, (st), (cmp)) -#define sk_KRB5_APREQBODY_dup(st) SKM_sk_dup(KRB5_APREQBODY, st) -#define sk_KRB5_APREQBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_APREQBODY, (st), (free_func)) -#define sk_KRB5_APREQBODY_shift(st) SKM_sk_shift(KRB5_APREQBODY, (st)) -#define sk_KRB5_APREQBODY_pop(st) SKM_sk_pop(KRB5_APREQBODY, (st)) -#define sk_KRB5_APREQBODY_sort(st) SKM_sk_sort(KRB5_APREQBODY, (st)) - -#define sk_KRB5_AUTHDATA_new(st) SKM_sk_new(KRB5_AUTHDATA, (st)) -#define sk_KRB5_AUTHDATA_new_null() SKM_sk_new_null(KRB5_AUTHDATA) -#define sk_KRB5_AUTHDATA_free(st) SKM_sk_free(KRB5_AUTHDATA, (st)) -#define sk_KRB5_AUTHDATA_num(st) SKM_sk_num(KRB5_AUTHDATA, (st)) -#define sk_KRB5_AUTHDATA_value(st, i) SKM_sk_value(KRB5_AUTHDATA, (st), (i)) -#define sk_KRB5_AUTHDATA_set(st, i, val) SKM_sk_set(KRB5_AUTHDATA, (st), (i), (val)) -#define sk_KRB5_AUTHDATA_zero(st) SKM_sk_zero(KRB5_AUTHDATA, (st)) -#define sk_KRB5_AUTHDATA_push(st, val) SKM_sk_push(KRB5_AUTHDATA, (st), (val)) -#define sk_KRB5_AUTHDATA_unshift(st, val) SKM_sk_unshift(KRB5_AUTHDATA, (st), (val)) -#define sk_KRB5_AUTHDATA_find(st, val) SKM_sk_find(KRB5_AUTHDATA, (st), (val)) -#define sk_KRB5_AUTHDATA_delete(st, i) SKM_sk_delete(KRB5_AUTHDATA, (st), (i)) -#define sk_KRB5_AUTHDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHDATA, (st), (ptr)) -#define sk_KRB5_AUTHDATA_insert(st, val, i) SKM_sk_insert(KRB5_AUTHDATA, (st), (val), (i)) -#define sk_KRB5_AUTHDATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_AUTHDATA, (st), (cmp)) -#define sk_KRB5_AUTHDATA_dup(st) SKM_sk_dup(KRB5_AUTHDATA, st) -#define sk_KRB5_AUTHDATA_pop_free(st, free_func) SKM_sk_pop_free(KRB5_AUTHDATA, (st), (free_func)) -#define sk_KRB5_AUTHDATA_shift(st) SKM_sk_shift(KRB5_AUTHDATA, (st)) -#define sk_KRB5_AUTHDATA_pop(st) SKM_sk_pop(KRB5_AUTHDATA, (st)) -#define sk_KRB5_AUTHDATA_sort(st) SKM_sk_sort(KRB5_AUTHDATA, (st)) - -#define sk_KRB5_AUTHENTBODY_new(st) SKM_sk_new(KRB5_AUTHENTBODY, (st)) -#define sk_KRB5_AUTHENTBODY_new_null() SKM_sk_new_null(KRB5_AUTHENTBODY) -#define sk_KRB5_AUTHENTBODY_free(st) SKM_sk_free(KRB5_AUTHENTBODY, (st)) -#define sk_KRB5_AUTHENTBODY_num(st) SKM_sk_num(KRB5_AUTHENTBODY, (st)) -#define sk_KRB5_AUTHENTBODY_value(st, i) SKM_sk_value(KRB5_AUTHENTBODY, (st), (i)) -#define sk_KRB5_AUTHENTBODY_set(st, i, val) SKM_sk_set(KRB5_AUTHENTBODY, (st), (i), (val)) -#define sk_KRB5_AUTHENTBODY_zero(st) SKM_sk_zero(KRB5_AUTHENTBODY, (st)) -#define sk_KRB5_AUTHENTBODY_push(st, val) SKM_sk_push(KRB5_AUTHENTBODY, (st), (val)) -#define sk_KRB5_AUTHENTBODY_unshift(st, val) SKM_sk_unshift(KRB5_AUTHENTBODY, (st), (val)) -#define sk_KRB5_AUTHENTBODY_find(st, val) SKM_sk_find(KRB5_AUTHENTBODY, (st), (val)) -#define sk_KRB5_AUTHENTBODY_delete(st, i) SKM_sk_delete(KRB5_AUTHENTBODY, (st), (i)) -#define sk_KRB5_AUTHENTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHENTBODY, (st), (ptr)) -#define sk_KRB5_AUTHENTBODY_insert(st, val, i) SKM_sk_insert(KRB5_AUTHENTBODY, (st), (val), (i)) -#define sk_KRB5_AUTHENTBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_AUTHENTBODY, (st), (cmp)) -#define sk_KRB5_AUTHENTBODY_dup(st) SKM_sk_dup(KRB5_AUTHENTBODY, st) -#define sk_KRB5_AUTHENTBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_AUTHENTBODY, (st), (free_func)) -#define sk_KRB5_AUTHENTBODY_shift(st) SKM_sk_shift(KRB5_AUTHENTBODY, (st)) -#define sk_KRB5_AUTHENTBODY_pop(st) SKM_sk_pop(KRB5_AUTHENTBODY, (st)) -#define sk_KRB5_AUTHENTBODY_sort(st) SKM_sk_sort(KRB5_AUTHENTBODY, (st)) - -#define sk_KRB5_CHECKSUM_new(st) SKM_sk_new(KRB5_CHECKSUM, (st)) -#define sk_KRB5_CHECKSUM_new_null() SKM_sk_new_null(KRB5_CHECKSUM) -#define sk_KRB5_CHECKSUM_free(st) SKM_sk_free(KRB5_CHECKSUM, (st)) -#define sk_KRB5_CHECKSUM_num(st) SKM_sk_num(KRB5_CHECKSUM, (st)) -#define sk_KRB5_CHECKSUM_value(st, i) SKM_sk_value(KRB5_CHECKSUM, (st), (i)) -#define sk_KRB5_CHECKSUM_set(st, i, val) SKM_sk_set(KRB5_CHECKSUM, (st), (i), (val)) -#define sk_KRB5_CHECKSUM_zero(st) SKM_sk_zero(KRB5_CHECKSUM, (st)) -#define sk_KRB5_CHECKSUM_push(st, val) SKM_sk_push(KRB5_CHECKSUM, (st), (val)) -#define sk_KRB5_CHECKSUM_unshift(st, val) SKM_sk_unshift(KRB5_CHECKSUM, (st), (val)) -#define sk_KRB5_CHECKSUM_find(st, val) SKM_sk_find(KRB5_CHECKSUM, (st), (val)) -#define sk_KRB5_CHECKSUM_delete(st, i) SKM_sk_delete(KRB5_CHECKSUM, (st), (i)) -#define sk_KRB5_CHECKSUM_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_CHECKSUM, (st), (ptr)) -#define sk_KRB5_CHECKSUM_insert(st, val, i) SKM_sk_insert(KRB5_CHECKSUM, (st), (val), (i)) -#define sk_KRB5_CHECKSUM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_CHECKSUM, (st), (cmp)) -#define sk_KRB5_CHECKSUM_dup(st) SKM_sk_dup(KRB5_CHECKSUM, st) -#define sk_KRB5_CHECKSUM_pop_free(st, free_func) SKM_sk_pop_free(KRB5_CHECKSUM, (st), (free_func)) -#define sk_KRB5_CHECKSUM_shift(st) SKM_sk_shift(KRB5_CHECKSUM, (st)) -#define sk_KRB5_CHECKSUM_pop(st) SKM_sk_pop(KRB5_CHECKSUM, (st)) -#define sk_KRB5_CHECKSUM_sort(st) SKM_sk_sort(KRB5_CHECKSUM, (st)) - -#define sk_KRB5_ENCDATA_new(st) SKM_sk_new(KRB5_ENCDATA, (st)) -#define sk_KRB5_ENCDATA_new_null() SKM_sk_new_null(KRB5_ENCDATA) -#define sk_KRB5_ENCDATA_free(st) SKM_sk_free(KRB5_ENCDATA, (st)) -#define sk_KRB5_ENCDATA_num(st) SKM_sk_num(KRB5_ENCDATA, (st)) -#define sk_KRB5_ENCDATA_value(st, i) SKM_sk_value(KRB5_ENCDATA, (st), (i)) -#define sk_KRB5_ENCDATA_set(st, i, val) SKM_sk_set(KRB5_ENCDATA, (st), (i), (val)) -#define sk_KRB5_ENCDATA_zero(st) SKM_sk_zero(KRB5_ENCDATA, (st)) -#define sk_KRB5_ENCDATA_push(st, val) SKM_sk_push(KRB5_ENCDATA, (st), (val)) -#define sk_KRB5_ENCDATA_unshift(st, val) SKM_sk_unshift(KRB5_ENCDATA, (st), (val)) -#define sk_KRB5_ENCDATA_find(st, val) SKM_sk_find(KRB5_ENCDATA, (st), (val)) -#define sk_KRB5_ENCDATA_delete(st, i) SKM_sk_delete(KRB5_ENCDATA, (st), (i)) -#define sk_KRB5_ENCDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCDATA, (st), (ptr)) -#define sk_KRB5_ENCDATA_insert(st, val, i) SKM_sk_insert(KRB5_ENCDATA, (st), (val), (i)) -#define sk_KRB5_ENCDATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_ENCDATA, (st), (cmp)) -#define sk_KRB5_ENCDATA_dup(st) SKM_sk_dup(KRB5_ENCDATA, st) -#define sk_KRB5_ENCDATA_pop_free(st, free_func) SKM_sk_pop_free(KRB5_ENCDATA, (st), (free_func)) -#define sk_KRB5_ENCDATA_shift(st) SKM_sk_shift(KRB5_ENCDATA, (st)) -#define sk_KRB5_ENCDATA_pop(st) SKM_sk_pop(KRB5_ENCDATA, (st)) -#define sk_KRB5_ENCDATA_sort(st) SKM_sk_sort(KRB5_ENCDATA, (st)) - -#define sk_KRB5_ENCKEY_new(st) SKM_sk_new(KRB5_ENCKEY, (st)) -#define sk_KRB5_ENCKEY_new_null() SKM_sk_new_null(KRB5_ENCKEY) -#define sk_KRB5_ENCKEY_free(st) SKM_sk_free(KRB5_ENCKEY, (st)) -#define sk_KRB5_ENCKEY_num(st) SKM_sk_num(KRB5_ENCKEY, (st)) -#define sk_KRB5_ENCKEY_value(st, i) SKM_sk_value(KRB5_ENCKEY, (st), (i)) -#define sk_KRB5_ENCKEY_set(st, i, val) SKM_sk_set(KRB5_ENCKEY, (st), (i), (val)) -#define sk_KRB5_ENCKEY_zero(st) SKM_sk_zero(KRB5_ENCKEY, (st)) -#define sk_KRB5_ENCKEY_push(st, val) SKM_sk_push(KRB5_ENCKEY, (st), (val)) -#define sk_KRB5_ENCKEY_unshift(st, val) SKM_sk_unshift(KRB5_ENCKEY, (st), (val)) -#define sk_KRB5_ENCKEY_find(st, val) SKM_sk_find(KRB5_ENCKEY, (st), (val)) -#define sk_KRB5_ENCKEY_delete(st, i) SKM_sk_delete(KRB5_ENCKEY, (st), (i)) -#define sk_KRB5_ENCKEY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCKEY, (st), (ptr)) -#define sk_KRB5_ENCKEY_insert(st, val, i) SKM_sk_insert(KRB5_ENCKEY, (st), (val), (i)) -#define sk_KRB5_ENCKEY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_ENCKEY, (st), (cmp)) -#define sk_KRB5_ENCKEY_dup(st) SKM_sk_dup(KRB5_ENCKEY, st) -#define sk_KRB5_ENCKEY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_ENCKEY, (st), (free_func)) -#define sk_KRB5_ENCKEY_shift(st) SKM_sk_shift(KRB5_ENCKEY, (st)) -#define sk_KRB5_ENCKEY_pop(st) SKM_sk_pop(KRB5_ENCKEY, (st)) -#define sk_KRB5_ENCKEY_sort(st) SKM_sk_sort(KRB5_ENCKEY, (st)) - -#define sk_KRB5_PRINCNAME_new(st) SKM_sk_new(KRB5_PRINCNAME, (st)) -#define sk_KRB5_PRINCNAME_new_null() SKM_sk_new_null(KRB5_PRINCNAME) -#define sk_KRB5_PRINCNAME_free(st) SKM_sk_free(KRB5_PRINCNAME, (st)) -#define sk_KRB5_PRINCNAME_num(st) SKM_sk_num(KRB5_PRINCNAME, (st)) -#define sk_KRB5_PRINCNAME_value(st, i) SKM_sk_value(KRB5_PRINCNAME, (st), (i)) -#define sk_KRB5_PRINCNAME_set(st, i, val) SKM_sk_set(KRB5_PRINCNAME, (st), (i), (val)) -#define sk_KRB5_PRINCNAME_zero(st) SKM_sk_zero(KRB5_PRINCNAME, (st)) -#define sk_KRB5_PRINCNAME_push(st, val) SKM_sk_push(KRB5_PRINCNAME, (st), (val)) -#define sk_KRB5_PRINCNAME_unshift(st, val) SKM_sk_unshift(KRB5_PRINCNAME, (st), (val)) -#define sk_KRB5_PRINCNAME_find(st, val) SKM_sk_find(KRB5_PRINCNAME, (st), (val)) -#define sk_KRB5_PRINCNAME_delete(st, i) SKM_sk_delete(KRB5_PRINCNAME, (st), (i)) -#define sk_KRB5_PRINCNAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_PRINCNAME, (st), (ptr)) -#define sk_KRB5_PRINCNAME_insert(st, val, i) SKM_sk_insert(KRB5_PRINCNAME, (st), (val), (i)) -#define sk_KRB5_PRINCNAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_PRINCNAME, (st), (cmp)) -#define sk_KRB5_PRINCNAME_dup(st) SKM_sk_dup(KRB5_PRINCNAME, st) -#define sk_KRB5_PRINCNAME_pop_free(st, free_func) SKM_sk_pop_free(KRB5_PRINCNAME, (st), (free_func)) -#define sk_KRB5_PRINCNAME_shift(st) SKM_sk_shift(KRB5_PRINCNAME, (st)) -#define sk_KRB5_PRINCNAME_pop(st) SKM_sk_pop(KRB5_PRINCNAME, (st)) -#define sk_KRB5_PRINCNAME_sort(st) SKM_sk_sort(KRB5_PRINCNAME, (st)) - -#define sk_KRB5_TKTBODY_new(st) SKM_sk_new(KRB5_TKTBODY, (st)) -#define sk_KRB5_TKTBODY_new_null() SKM_sk_new_null(KRB5_TKTBODY) -#define sk_KRB5_TKTBODY_free(st) SKM_sk_free(KRB5_TKTBODY, (st)) -#define sk_KRB5_TKTBODY_num(st) SKM_sk_num(KRB5_TKTBODY, (st)) -#define sk_KRB5_TKTBODY_value(st, i) SKM_sk_value(KRB5_TKTBODY, (st), (i)) -#define sk_KRB5_TKTBODY_set(st, i, val) SKM_sk_set(KRB5_TKTBODY, (st), (i), (val)) -#define sk_KRB5_TKTBODY_zero(st) SKM_sk_zero(KRB5_TKTBODY, (st)) -#define sk_KRB5_TKTBODY_push(st, val) SKM_sk_push(KRB5_TKTBODY, (st), (val)) -#define sk_KRB5_TKTBODY_unshift(st, val) SKM_sk_unshift(KRB5_TKTBODY, (st), (val)) -#define sk_KRB5_TKTBODY_find(st, val) SKM_sk_find(KRB5_TKTBODY, (st), (val)) -#define sk_KRB5_TKTBODY_delete(st, i) SKM_sk_delete(KRB5_TKTBODY, (st), (i)) -#define sk_KRB5_TKTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_TKTBODY, (st), (ptr)) -#define sk_KRB5_TKTBODY_insert(st, val, i) SKM_sk_insert(KRB5_TKTBODY, (st), (val), (i)) -#define sk_KRB5_TKTBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_TKTBODY, (st), (cmp)) -#define sk_KRB5_TKTBODY_dup(st) SKM_sk_dup(KRB5_TKTBODY, st) -#define sk_KRB5_TKTBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_TKTBODY, (st), (free_func)) -#define sk_KRB5_TKTBODY_shift(st) SKM_sk_shift(KRB5_TKTBODY, (st)) -#define sk_KRB5_TKTBODY_pop(st) SKM_sk_pop(KRB5_TKTBODY, (st)) -#define sk_KRB5_TKTBODY_sort(st) SKM_sk_sort(KRB5_TKTBODY, (st)) - -#define sk_MIME_HEADER_new(st) SKM_sk_new(MIME_HEADER, (st)) +#define sk_GENERAL_NAME_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAME, (st)) + +#define sk_GENERAL_NAMES_new(cmp) SKM_sk_new(GENERAL_NAMES, (cmp)) +#define sk_GENERAL_NAMES_new_null() SKM_sk_new_null(GENERAL_NAMES) +#define sk_GENERAL_NAMES_free(st) SKM_sk_free(GENERAL_NAMES, (st)) +#define sk_GENERAL_NAMES_num(st) SKM_sk_num(GENERAL_NAMES, (st)) +#define sk_GENERAL_NAMES_value(st, i) SKM_sk_value(GENERAL_NAMES, (st), (i)) +#define sk_GENERAL_NAMES_set(st, i, val) SKM_sk_set(GENERAL_NAMES, (st), (i), (val)) +#define sk_GENERAL_NAMES_zero(st) SKM_sk_zero(GENERAL_NAMES, (st)) +#define sk_GENERAL_NAMES_push(st, val) SKM_sk_push(GENERAL_NAMES, (st), (val)) +#define sk_GENERAL_NAMES_unshift(st, val) SKM_sk_unshift(GENERAL_NAMES, (st), (val)) +#define sk_GENERAL_NAMES_find(st, val) SKM_sk_find(GENERAL_NAMES, (st), (val)) +#define sk_GENERAL_NAMES_find_ex(st, val) SKM_sk_find_ex(GENERAL_NAMES, (st), (val)) +#define sk_GENERAL_NAMES_delete(st, i) SKM_sk_delete(GENERAL_NAMES, (st), (i)) +#define sk_GENERAL_NAMES_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_NAMES, (st), (ptr)) +#define sk_GENERAL_NAMES_insert(st, val, i) SKM_sk_insert(GENERAL_NAMES, (st), (val), (i)) +#define sk_GENERAL_NAMES_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_NAMES, (st), (cmp)) +#define sk_GENERAL_NAMES_dup(st) SKM_sk_dup(GENERAL_NAMES, st) +#define sk_GENERAL_NAMES_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_NAMES, (st), (free_func)) +#define sk_GENERAL_NAMES_shift(st) SKM_sk_shift(GENERAL_NAMES, (st)) +#define sk_GENERAL_NAMES_pop(st) SKM_sk_pop(GENERAL_NAMES, (st)) +#define sk_GENERAL_NAMES_sort(st) SKM_sk_sort(GENERAL_NAMES, (st)) +#define sk_GENERAL_NAMES_is_sorted(st) SKM_sk_is_sorted(GENERAL_NAMES, (st)) + +#define sk_GENERAL_SUBTREE_new(cmp) SKM_sk_new(GENERAL_SUBTREE, (cmp)) +#define sk_GENERAL_SUBTREE_new_null() SKM_sk_new_null(GENERAL_SUBTREE) +#define sk_GENERAL_SUBTREE_free(st) SKM_sk_free(GENERAL_SUBTREE, (st)) +#define sk_GENERAL_SUBTREE_num(st) SKM_sk_num(GENERAL_SUBTREE, (st)) +#define sk_GENERAL_SUBTREE_value(st, i) SKM_sk_value(GENERAL_SUBTREE, (st), (i)) +#define sk_GENERAL_SUBTREE_set(st, i, val) SKM_sk_set(GENERAL_SUBTREE, (st), (i), (val)) +#define sk_GENERAL_SUBTREE_zero(st) SKM_sk_zero(GENERAL_SUBTREE, (st)) +#define sk_GENERAL_SUBTREE_push(st, val) SKM_sk_push(GENERAL_SUBTREE, (st), (val)) +#define sk_GENERAL_SUBTREE_unshift(st, val) SKM_sk_unshift(GENERAL_SUBTREE, (st), (val)) +#define sk_GENERAL_SUBTREE_find(st, val) SKM_sk_find(GENERAL_SUBTREE, (st), (val)) +#define sk_GENERAL_SUBTREE_find_ex(st, val) SKM_sk_find_ex(GENERAL_SUBTREE, (st), (val)) +#define sk_GENERAL_SUBTREE_delete(st, i) SKM_sk_delete(GENERAL_SUBTREE, (st), (i)) +#define sk_GENERAL_SUBTREE_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_SUBTREE, (st), (ptr)) +#define sk_GENERAL_SUBTREE_insert(st, val, i) SKM_sk_insert(GENERAL_SUBTREE, (st), (val), (i)) +#define sk_GENERAL_SUBTREE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_SUBTREE, (st), (cmp)) +#define sk_GENERAL_SUBTREE_dup(st) SKM_sk_dup(GENERAL_SUBTREE, st) +#define sk_GENERAL_SUBTREE_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_SUBTREE, (st), (free_func)) +#define sk_GENERAL_SUBTREE_shift(st) SKM_sk_shift(GENERAL_SUBTREE, (st)) +#define sk_GENERAL_SUBTREE_pop(st) SKM_sk_pop(GENERAL_SUBTREE, (st)) +#define sk_GENERAL_SUBTREE_sort(st) SKM_sk_sort(GENERAL_SUBTREE, (st)) +#define sk_GENERAL_SUBTREE_is_sorted(st) SKM_sk_is_sorted(GENERAL_SUBTREE, (st)) + +#define sk_IPAddressFamily_new(cmp) SKM_sk_new(IPAddressFamily, (cmp)) +#define sk_IPAddressFamily_new_null() SKM_sk_new_null(IPAddressFamily) +#define sk_IPAddressFamily_free(st) SKM_sk_free(IPAddressFamily, (st)) +#define sk_IPAddressFamily_num(st) SKM_sk_num(IPAddressFamily, (st)) +#define sk_IPAddressFamily_value(st, i) SKM_sk_value(IPAddressFamily, (st), (i)) +#define sk_IPAddressFamily_set(st, i, val) SKM_sk_set(IPAddressFamily, (st), (i), (val)) +#define sk_IPAddressFamily_zero(st) SKM_sk_zero(IPAddressFamily, (st)) +#define sk_IPAddressFamily_push(st, val) SKM_sk_push(IPAddressFamily, (st), (val)) +#define sk_IPAddressFamily_unshift(st, val) SKM_sk_unshift(IPAddressFamily, (st), (val)) +#define sk_IPAddressFamily_find(st, val) SKM_sk_find(IPAddressFamily, (st), (val)) +#define sk_IPAddressFamily_find_ex(st, val) SKM_sk_find_ex(IPAddressFamily, (st), (val)) +#define sk_IPAddressFamily_delete(st, i) SKM_sk_delete(IPAddressFamily, (st), (i)) +#define sk_IPAddressFamily_delete_ptr(st, ptr) SKM_sk_delete_ptr(IPAddressFamily, (st), (ptr)) +#define sk_IPAddressFamily_insert(st, val, i) SKM_sk_insert(IPAddressFamily, (st), (val), (i)) +#define sk_IPAddressFamily_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(IPAddressFamily, (st), (cmp)) +#define sk_IPAddressFamily_dup(st) SKM_sk_dup(IPAddressFamily, st) +#define sk_IPAddressFamily_pop_free(st, free_func) SKM_sk_pop_free(IPAddressFamily, (st), (free_func)) +#define sk_IPAddressFamily_shift(st) SKM_sk_shift(IPAddressFamily, (st)) +#define sk_IPAddressFamily_pop(st) SKM_sk_pop(IPAddressFamily, (st)) +#define sk_IPAddressFamily_sort(st) SKM_sk_sort(IPAddressFamily, (st)) +#define sk_IPAddressFamily_is_sorted(st) SKM_sk_is_sorted(IPAddressFamily, (st)) + +#define sk_IPAddressOrRange_new(cmp) SKM_sk_new(IPAddressOrRange, (cmp)) +#define sk_IPAddressOrRange_new_null() SKM_sk_new_null(IPAddressOrRange) +#define sk_IPAddressOrRange_free(st) SKM_sk_free(IPAddressOrRange, (st)) +#define sk_IPAddressOrRange_num(st) SKM_sk_num(IPAddressOrRange, (st)) +#define sk_IPAddressOrRange_value(st, i) SKM_sk_value(IPAddressOrRange, (st), (i)) +#define sk_IPAddressOrRange_set(st, i, val) SKM_sk_set(IPAddressOrRange, (st), (i), (val)) +#define sk_IPAddressOrRange_zero(st) SKM_sk_zero(IPAddressOrRange, (st)) +#define sk_IPAddressOrRange_push(st, val) SKM_sk_push(IPAddressOrRange, (st), (val)) +#define sk_IPAddressOrRange_unshift(st, val) SKM_sk_unshift(IPAddressOrRange, (st), (val)) +#define sk_IPAddressOrRange_find(st, val) SKM_sk_find(IPAddressOrRange, (st), (val)) +#define sk_IPAddressOrRange_find_ex(st, val) SKM_sk_find_ex(IPAddressOrRange, (st), (val)) +#define sk_IPAddressOrRange_delete(st, i) SKM_sk_delete(IPAddressOrRange, (st), (i)) +#define sk_IPAddressOrRange_delete_ptr(st, ptr) SKM_sk_delete_ptr(IPAddressOrRange, (st), (ptr)) +#define sk_IPAddressOrRange_insert(st, val, i) SKM_sk_insert(IPAddressOrRange, (st), (val), (i)) +#define sk_IPAddressOrRange_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(IPAddressOrRange, (st), (cmp)) +#define sk_IPAddressOrRange_dup(st) SKM_sk_dup(IPAddressOrRange, st) +#define sk_IPAddressOrRange_pop_free(st, free_func) SKM_sk_pop_free(IPAddressOrRange, (st), (free_func)) +#define sk_IPAddressOrRange_shift(st) SKM_sk_shift(IPAddressOrRange, (st)) +#define sk_IPAddressOrRange_pop(st) SKM_sk_pop(IPAddressOrRange, (st)) +#define sk_IPAddressOrRange_sort(st) SKM_sk_sort(IPAddressOrRange, (st)) +#define sk_IPAddressOrRange_is_sorted(st) SKM_sk_is_sorted(IPAddressOrRange, (st)) + +#define sk_MEM_OBJECT_DATA_new(cmp) SKM_sk_new(MEM_OBJECT_DATA, (cmp)) +#define sk_MEM_OBJECT_DATA_new_null() SKM_sk_new_null(MEM_OBJECT_DATA) +#define sk_MEM_OBJECT_DATA_free(st) SKM_sk_free(MEM_OBJECT_DATA, (st)) +#define sk_MEM_OBJECT_DATA_num(st) SKM_sk_num(MEM_OBJECT_DATA, (st)) +#define sk_MEM_OBJECT_DATA_value(st, i) SKM_sk_value(MEM_OBJECT_DATA, (st), (i)) +#define sk_MEM_OBJECT_DATA_set(st, i, val) SKM_sk_set(MEM_OBJECT_DATA, (st), (i), (val)) +#define sk_MEM_OBJECT_DATA_zero(st) SKM_sk_zero(MEM_OBJECT_DATA, (st)) +#define sk_MEM_OBJECT_DATA_push(st, val) SKM_sk_push(MEM_OBJECT_DATA, (st), (val)) +#define sk_MEM_OBJECT_DATA_unshift(st, val) SKM_sk_unshift(MEM_OBJECT_DATA, (st), (val)) +#define sk_MEM_OBJECT_DATA_find(st, val) SKM_sk_find(MEM_OBJECT_DATA, (st), (val)) +#define sk_MEM_OBJECT_DATA_find_ex(st, val) SKM_sk_find_ex(MEM_OBJECT_DATA, (st), (val)) +#define sk_MEM_OBJECT_DATA_delete(st, i) SKM_sk_delete(MEM_OBJECT_DATA, (st), (i)) +#define sk_MEM_OBJECT_DATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(MEM_OBJECT_DATA, (st), (ptr)) +#define sk_MEM_OBJECT_DATA_insert(st, val, i) SKM_sk_insert(MEM_OBJECT_DATA, (st), (val), (i)) +#define sk_MEM_OBJECT_DATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MEM_OBJECT_DATA, (st), (cmp)) +#define sk_MEM_OBJECT_DATA_dup(st) SKM_sk_dup(MEM_OBJECT_DATA, st) +#define sk_MEM_OBJECT_DATA_pop_free(st, free_func) SKM_sk_pop_free(MEM_OBJECT_DATA, (st), (free_func)) +#define sk_MEM_OBJECT_DATA_shift(st) SKM_sk_shift(MEM_OBJECT_DATA, (st)) +#define sk_MEM_OBJECT_DATA_pop(st) SKM_sk_pop(MEM_OBJECT_DATA, (st)) +#define sk_MEM_OBJECT_DATA_sort(st) SKM_sk_sort(MEM_OBJECT_DATA, (st)) +#define sk_MEM_OBJECT_DATA_is_sorted(st) SKM_sk_is_sorted(MEM_OBJECT_DATA, (st)) + +#define sk_MIME_HEADER_new(cmp) SKM_sk_new(MIME_HEADER, (cmp)) #define sk_MIME_HEADER_new_null() SKM_sk_new_null(MIME_HEADER) #define sk_MIME_HEADER_free(st) SKM_sk_free(MIME_HEADER, (st)) #define sk_MIME_HEADER_num(st) SKM_sk_num(MIME_HEADER, (st)) @@ -714,6 +871,7 @@ STACK_OF(type) \ #define sk_MIME_HEADER_push(st, val) SKM_sk_push(MIME_HEADER, (st), (val)) #define sk_MIME_HEADER_unshift(st, val) SKM_sk_unshift(MIME_HEADER, (st), (val)) #define sk_MIME_HEADER_find(st, val) SKM_sk_find(MIME_HEADER, (st), (val)) +#define sk_MIME_HEADER_find_ex(st, val) SKM_sk_find_ex(MIME_HEADER, (st), (val)) #define sk_MIME_HEADER_delete(st, i) SKM_sk_delete(MIME_HEADER, (st), (i)) #define sk_MIME_HEADER_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_HEADER, (st), (ptr)) #define sk_MIME_HEADER_insert(st, val, i) SKM_sk_insert(MIME_HEADER, (st), (val), (i)) @@ -723,8 +881,9 @@ STACK_OF(type) \ #define sk_MIME_HEADER_shift(st) SKM_sk_shift(MIME_HEADER, (st)) #define sk_MIME_HEADER_pop(st) SKM_sk_pop(MIME_HEADER, (st)) #define sk_MIME_HEADER_sort(st) SKM_sk_sort(MIME_HEADER, (st)) +#define sk_MIME_HEADER_is_sorted(st) SKM_sk_is_sorted(MIME_HEADER, (st)) -#define sk_MIME_PARAM_new(st) SKM_sk_new(MIME_PARAM, (st)) +#define sk_MIME_PARAM_new(cmp) SKM_sk_new(MIME_PARAM, (cmp)) #define sk_MIME_PARAM_new_null() SKM_sk_new_null(MIME_PARAM) #define sk_MIME_PARAM_free(st) SKM_sk_free(MIME_PARAM, (st)) #define sk_MIME_PARAM_num(st) SKM_sk_num(MIME_PARAM, (st)) @@ -734,6 +893,7 @@ STACK_OF(type) \ #define sk_MIME_PARAM_push(st, val) SKM_sk_push(MIME_PARAM, (st), (val)) #define sk_MIME_PARAM_unshift(st, val) SKM_sk_unshift(MIME_PARAM, (st), (val)) #define sk_MIME_PARAM_find(st, val) SKM_sk_find(MIME_PARAM, (st), (val)) +#define sk_MIME_PARAM_find_ex(st, val) SKM_sk_find_ex(MIME_PARAM, (st), (val)) #define sk_MIME_PARAM_delete(st, i) SKM_sk_delete(MIME_PARAM, (st), (i)) #define sk_MIME_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_PARAM, (st), (ptr)) #define sk_MIME_PARAM_insert(st, val, i) SKM_sk_insert(MIME_PARAM, (st), (val), (i)) @@ -743,8 +903,9 @@ STACK_OF(type) \ #define sk_MIME_PARAM_shift(st) SKM_sk_shift(MIME_PARAM, (st)) #define sk_MIME_PARAM_pop(st) SKM_sk_pop(MIME_PARAM, (st)) #define sk_MIME_PARAM_sort(st) SKM_sk_sort(MIME_PARAM, (st)) +#define sk_MIME_PARAM_is_sorted(st) SKM_sk_is_sorted(MIME_PARAM, (st)) -#define sk_NAME_FUNCS_new(st) SKM_sk_new(NAME_FUNCS, (st)) +#define sk_NAME_FUNCS_new(cmp) SKM_sk_new(NAME_FUNCS, (cmp)) #define sk_NAME_FUNCS_new_null() SKM_sk_new_null(NAME_FUNCS) #define sk_NAME_FUNCS_free(st) SKM_sk_free(NAME_FUNCS, (st)) #define sk_NAME_FUNCS_num(st) SKM_sk_num(NAME_FUNCS, (st)) @@ -754,6 +915,7 @@ STACK_OF(type) \ #define sk_NAME_FUNCS_push(st, val) SKM_sk_push(NAME_FUNCS, (st), (val)) #define sk_NAME_FUNCS_unshift(st, val) SKM_sk_unshift(NAME_FUNCS, (st), (val)) #define sk_NAME_FUNCS_find(st, val) SKM_sk_find(NAME_FUNCS, (st), (val)) +#define sk_NAME_FUNCS_find_ex(st, val) SKM_sk_find_ex(NAME_FUNCS, (st), (val)) #define sk_NAME_FUNCS_delete(st, i) SKM_sk_delete(NAME_FUNCS, (st), (i)) #define sk_NAME_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(NAME_FUNCS, (st), (ptr)) #define sk_NAME_FUNCS_insert(st, val, i) SKM_sk_insert(NAME_FUNCS, (st), (val), (i)) @@ -763,8 +925,9 @@ STACK_OF(type) \ #define sk_NAME_FUNCS_shift(st) SKM_sk_shift(NAME_FUNCS, (st)) #define sk_NAME_FUNCS_pop(st) SKM_sk_pop(NAME_FUNCS, (st)) #define sk_NAME_FUNCS_sort(st) SKM_sk_sort(NAME_FUNCS, (st)) +#define sk_NAME_FUNCS_is_sorted(st) SKM_sk_is_sorted(NAME_FUNCS, (st)) -#define sk_OCSP_CERTID_new(st) SKM_sk_new(OCSP_CERTID, (st)) +#define sk_OCSP_CERTID_new(cmp) SKM_sk_new(OCSP_CERTID, (cmp)) #define sk_OCSP_CERTID_new_null() SKM_sk_new_null(OCSP_CERTID) #define sk_OCSP_CERTID_free(st) SKM_sk_free(OCSP_CERTID, (st)) #define sk_OCSP_CERTID_num(st) SKM_sk_num(OCSP_CERTID, (st)) @@ -774,6 +937,7 @@ STACK_OF(type) \ #define sk_OCSP_CERTID_push(st, val) SKM_sk_push(OCSP_CERTID, (st), (val)) #define sk_OCSP_CERTID_unshift(st, val) SKM_sk_unshift(OCSP_CERTID, (st), (val)) #define sk_OCSP_CERTID_find(st, val) SKM_sk_find(OCSP_CERTID, (st), (val)) +#define sk_OCSP_CERTID_find_ex(st, val) SKM_sk_find_ex(OCSP_CERTID, (st), (val)) #define sk_OCSP_CERTID_delete(st, i) SKM_sk_delete(OCSP_CERTID, (st), (i)) #define sk_OCSP_CERTID_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_CERTID, (st), (ptr)) #define sk_OCSP_CERTID_insert(st, val, i) SKM_sk_insert(OCSP_CERTID, (st), (val), (i)) @@ -783,8 +947,9 @@ STACK_OF(type) \ #define sk_OCSP_CERTID_shift(st) SKM_sk_shift(OCSP_CERTID, (st)) #define sk_OCSP_CERTID_pop(st) SKM_sk_pop(OCSP_CERTID, (st)) #define sk_OCSP_CERTID_sort(st) SKM_sk_sort(OCSP_CERTID, (st)) +#define sk_OCSP_CERTID_is_sorted(st) SKM_sk_is_sorted(OCSP_CERTID, (st)) -#define sk_OCSP_ONEREQ_new(st) SKM_sk_new(OCSP_ONEREQ, (st)) +#define sk_OCSP_ONEREQ_new(cmp) SKM_sk_new(OCSP_ONEREQ, (cmp)) #define sk_OCSP_ONEREQ_new_null() SKM_sk_new_null(OCSP_ONEREQ) #define sk_OCSP_ONEREQ_free(st) SKM_sk_free(OCSP_ONEREQ, (st)) #define sk_OCSP_ONEREQ_num(st) SKM_sk_num(OCSP_ONEREQ, (st)) @@ -794,6 +959,7 @@ STACK_OF(type) \ #define sk_OCSP_ONEREQ_push(st, val) SKM_sk_push(OCSP_ONEREQ, (st), (val)) #define sk_OCSP_ONEREQ_unshift(st, val) SKM_sk_unshift(OCSP_ONEREQ, (st), (val)) #define sk_OCSP_ONEREQ_find(st, val) SKM_sk_find(OCSP_ONEREQ, (st), (val)) +#define sk_OCSP_ONEREQ_find_ex(st, val) SKM_sk_find_ex(OCSP_ONEREQ, (st), (val)) #define sk_OCSP_ONEREQ_delete(st, i) SKM_sk_delete(OCSP_ONEREQ, (st), (i)) #define sk_OCSP_ONEREQ_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_ONEREQ, (st), (ptr)) #define sk_OCSP_ONEREQ_insert(st, val, i) SKM_sk_insert(OCSP_ONEREQ, (st), (val), (i)) @@ -803,8 +969,31 @@ STACK_OF(type) \ #define sk_OCSP_ONEREQ_shift(st) SKM_sk_shift(OCSP_ONEREQ, (st)) #define sk_OCSP_ONEREQ_pop(st) SKM_sk_pop(OCSP_ONEREQ, (st)) #define sk_OCSP_ONEREQ_sort(st) SKM_sk_sort(OCSP_ONEREQ, (st)) - -#define sk_OCSP_SINGLERESP_new(st) SKM_sk_new(OCSP_SINGLERESP, (st)) +#define sk_OCSP_ONEREQ_is_sorted(st) SKM_sk_is_sorted(OCSP_ONEREQ, (st)) + +#define sk_OCSP_RESPID_new(cmp) SKM_sk_new(OCSP_RESPID, (cmp)) +#define sk_OCSP_RESPID_new_null() SKM_sk_new_null(OCSP_RESPID) +#define sk_OCSP_RESPID_free(st) SKM_sk_free(OCSP_RESPID, (st)) +#define sk_OCSP_RESPID_num(st) SKM_sk_num(OCSP_RESPID, (st)) +#define sk_OCSP_RESPID_value(st, i) SKM_sk_value(OCSP_RESPID, (st), (i)) +#define sk_OCSP_RESPID_set(st, i, val) SKM_sk_set(OCSP_RESPID, (st), (i), (val)) +#define sk_OCSP_RESPID_zero(st) SKM_sk_zero(OCSP_RESPID, (st)) +#define sk_OCSP_RESPID_push(st, val) SKM_sk_push(OCSP_RESPID, (st), (val)) +#define sk_OCSP_RESPID_unshift(st, val) SKM_sk_unshift(OCSP_RESPID, (st), (val)) +#define sk_OCSP_RESPID_find(st, val) SKM_sk_find(OCSP_RESPID, (st), (val)) +#define sk_OCSP_RESPID_find_ex(st, val) SKM_sk_find_ex(OCSP_RESPID, (st), (val)) +#define sk_OCSP_RESPID_delete(st, i) SKM_sk_delete(OCSP_RESPID, (st), (i)) +#define sk_OCSP_RESPID_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_RESPID, (st), (ptr)) +#define sk_OCSP_RESPID_insert(st, val, i) SKM_sk_insert(OCSP_RESPID, (st), (val), (i)) +#define sk_OCSP_RESPID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_RESPID, (st), (cmp)) +#define sk_OCSP_RESPID_dup(st) SKM_sk_dup(OCSP_RESPID, st) +#define sk_OCSP_RESPID_pop_free(st, free_func) SKM_sk_pop_free(OCSP_RESPID, (st), (free_func)) +#define sk_OCSP_RESPID_shift(st) SKM_sk_shift(OCSP_RESPID, (st)) +#define sk_OCSP_RESPID_pop(st) SKM_sk_pop(OCSP_RESPID, (st)) +#define sk_OCSP_RESPID_sort(st) SKM_sk_sort(OCSP_RESPID, (st)) +#define sk_OCSP_RESPID_is_sorted(st) SKM_sk_is_sorted(OCSP_RESPID, (st)) + +#define sk_OCSP_SINGLERESP_new(cmp) SKM_sk_new(OCSP_SINGLERESP, (cmp)) #define sk_OCSP_SINGLERESP_new_null() SKM_sk_new_null(OCSP_SINGLERESP) #define sk_OCSP_SINGLERESP_free(st) SKM_sk_free(OCSP_SINGLERESP, (st)) #define sk_OCSP_SINGLERESP_num(st) SKM_sk_num(OCSP_SINGLERESP, (st)) @@ -814,6 +1003,7 @@ STACK_OF(type) \ #define sk_OCSP_SINGLERESP_push(st, val) SKM_sk_push(OCSP_SINGLERESP, (st), (val)) #define sk_OCSP_SINGLERESP_unshift(st, val) SKM_sk_unshift(OCSP_SINGLERESP, (st), (val)) #define sk_OCSP_SINGLERESP_find(st, val) SKM_sk_find(OCSP_SINGLERESP, (st), (val)) +#define sk_OCSP_SINGLERESP_find_ex(st, val) SKM_sk_find_ex(OCSP_SINGLERESP, (st), (val)) #define sk_OCSP_SINGLERESP_delete(st, i) SKM_sk_delete(OCSP_SINGLERESP, (st), (i)) #define sk_OCSP_SINGLERESP_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_SINGLERESP, (st), (ptr)) #define sk_OCSP_SINGLERESP_insert(st, val, i) SKM_sk_insert(OCSP_SINGLERESP, (st), (val), (i)) @@ -823,8 +1013,9 @@ STACK_OF(type) \ #define sk_OCSP_SINGLERESP_shift(st) SKM_sk_shift(OCSP_SINGLERESP, (st)) #define sk_OCSP_SINGLERESP_pop(st) SKM_sk_pop(OCSP_SINGLERESP, (st)) #define sk_OCSP_SINGLERESP_sort(st) SKM_sk_sort(OCSP_SINGLERESP, (st)) +#define sk_OCSP_SINGLERESP_is_sorted(st) SKM_sk_is_sorted(OCSP_SINGLERESP, (st)) -#define sk_PKCS12_SAFEBAG_new(st) SKM_sk_new(PKCS12_SAFEBAG, (st)) +#define sk_PKCS12_SAFEBAG_new(cmp) SKM_sk_new(PKCS12_SAFEBAG, (cmp)) #define sk_PKCS12_SAFEBAG_new_null() SKM_sk_new_null(PKCS12_SAFEBAG) #define sk_PKCS12_SAFEBAG_free(st) SKM_sk_free(PKCS12_SAFEBAG, (st)) #define sk_PKCS12_SAFEBAG_num(st) SKM_sk_num(PKCS12_SAFEBAG, (st)) @@ -834,6 +1025,7 @@ STACK_OF(type) \ #define sk_PKCS12_SAFEBAG_push(st, val) SKM_sk_push(PKCS12_SAFEBAG, (st), (val)) #define sk_PKCS12_SAFEBAG_unshift(st, val) SKM_sk_unshift(PKCS12_SAFEBAG, (st), (val)) #define sk_PKCS12_SAFEBAG_find(st, val) SKM_sk_find(PKCS12_SAFEBAG, (st), (val)) +#define sk_PKCS12_SAFEBAG_find_ex(st, val) SKM_sk_find_ex(PKCS12_SAFEBAG, (st), (val)) #define sk_PKCS12_SAFEBAG_delete(st, i) SKM_sk_delete(PKCS12_SAFEBAG, (st), (i)) #define sk_PKCS12_SAFEBAG_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS12_SAFEBAG, (st), (ptr)) #define sk_PKCS12_SAFEBAG_insert(st, val, i) SKM_sk_insert(PKCS12_SAFEBAG, (st), (val), (i)) @@ -843,8 +1035,9 @@ STACK_OF(type) \ #define sk_PKCS12_SAFEBAG_shift(st) SKM_sk_shift(PKCS12_SAFEBAG, (st)) #define sk_PKCS12_SAFEBAG_pop(st) SKM_sk_pop(PKCS12_SAFEBAG, (st)) #define sk_PKCS12_SAFEBAG_sort(st) SKM_sk_sort(PKCS12_SAFEBAG, (st)) +#define sk_PKCS12_SAFEBAG_is_sorted(st) SKM_sk_is_sorted(PKCS12_SAFEBAG, (st)) -#define sk_PKCS7_new(st) SKM_sk_new(PKCS7, (st)) +#define sk_PKCS7_new(cmp) SKM_sk_new(PKCS7, (cmp)) #define sk_PKCS7_new_null() SKM_sk_new_null(PKCS7) #define sk_PKCS7_free(st) SKM_sk_free(PKCS7, (st)) #define sk_PKCS7_num(st) SKM_sk_num(PKCS7, (st)) @@ -854,6 +1047,7 @@ STACK_OF(type) \ #define sk_PKCS7_push(st, val) SKM_sk_push(PKCS7, (st), (val)) #define sk_PKCS7_unshift(st, val) SKM_sk_unshift(PKCS7, (st), (val)) #define sk_PKCS7_find(st, val) SKM_sk_find(PKCS7, (st), (val)) +#define sk_PKCS7_find_ex(st, val) SKM_sk_find_ex(PKCS7, (st), (val)) #define sk_PKCS7_delete(st, i) SKM_sk_delete(PKCS7, (st), (i)) #define sk_PKCS7_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7, (st), (ptr)) #define sk_PKCS7_insert(st, val, i) SKM_sk_insert(PKCS7, (st), (val), (i)) @@ -863,8 +1057,9 @@ STACK_OF(type) \ #define sk_PKCS7_shift(st) SKM_sk_shift(PKCS7, (st)) #define sk_PKCS7_pop(st) SKM_sk_pop(PKCS7, (st)) #define sk_PKCS7_sort(st) SKM_sk_sort(PKCS7, (st)) +#define sk_PKCS7_is_sorted(st) SKM_sk_is_sorted(PKCS7, (st)) -#define sk_PKCS7_RECIP_INFO_new(st) SKM_sk_new(PKCS7_RECIP_INFO, (st)) +#define sk_PKCS7_RECIP_INFO_new(cmp) SKM_sk_new(PKCS7_RECIP_INFO, (cmp)) #define sk_PKCS7_RECIP_INFO_new_null() SKM_sk_new_null(PKCS7_RECIP_INFO) #define sk_PKCS7_RECIP_INFO_free(st) SKM_sk_free(PKCS7_RECIP_INFO, (st)) #define sk_PKCS7_RECIP_INFO_num(st) SKM_sk_num(PKCS7_RECIP_INFO, (st)) @@ -874,6 +1069,7 @@ STACK_OF(type) \ #define sk_PKCS7_RECIP_INFO_push(st, val) SKM_sk_push(PKCS7_RECIP_INFO, (st), (val)) #define sk_PKCS7_RECIP_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_RECIP_INFO, (st), (val)) #define sk_PKCS7_RECIP_INFO_find(st, val) SKM_sk_find(PKCS7_RECIP_INFO, (st), (val)) +#define sk_PKCS7_RECIP_INFO_find_ex(st, val) SKM_sk_find_ex(PKCS7_RECIP_INFO, (st), (val)) #define sk_PKCS7_RECIP_INFO_delete(st, i) SKM_sk_delete(PKCS7_RECIP_INFO, (st), (i)) #define sk_PKCS7_RECIP_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_RECIP_INFO, (st), (ptr)) #define sk_PKCS7_RECIP_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_RECIP_INFO, (st), (val), (i)) @@ -883,8 +1079,9 @@ STACK_OF(type) \ #define sk_PKCS7_RECIP_INFO_shift(st) SKM_sk_shift(PKCS7_RECIP_INFO, (st)) #define sk_PKCS7_RECIP_INFO_pop(st) SKM_sk_pop(PKCS7_RECIP_INFO, (st)) #define sk_PKCS7_RECIP_INFO_sort(st) SKM_sk_sort(PKCS7_RECIP_INFO, (st)) +#define sk_PKCS7_RECIP_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_RECIP_INFO, (st)) -#define sk_PKCS7_SIGNER_INFO_new(st) SKM_sk_new(PKCS7_SIGNER_INFO, (st)) +#define sk_PKCS7_SIGNER_INFO_new(cmp) SKM_sk_new(PKCS7_SIGNER_INFO, (cmp)) #define sk_PKCS7_SIGNER_INFO_new_null() SKM_sk_new_null(PKCS7_SIGNER_INFO) #define sk_PKCS7_SIGNER_INFO_free(st) SKM_sk_free(PKCS7_SIGNER_INFO, (st)) #define sk_PKCS7_SIGNER_INFO_num(st) SKM_sk_num(PKCS7_SIGNER_INFO, (st)) @@ -894,6 +1091,7 @@ STACK_OF(type) \ #define sk_PKCS7_SIGNER_INFO_push(st, val) SKM_sk_push(PKCS7_SIGNER_INFO, (st), (val)) #define sk_PKCS7_SIGNER_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_SIGNER_INFO, (st), (val)) #define sk_PKCS7_SIGNER_INFO_find(st, val) SKM_sk_find(PKCS7_SIGNER_INFO, (st), (val)) +#define sk_PKCS7_SIGNER_INFO_find_ex(st, val) SKM_sk_find_ex(PKCS7_SIGNER_INFO, (st), (val)) #define sk_PKCS7_SIGNER_INFO_delete(st, i) SKM_sk_delete(PKCS7_SIGNER_INFO, (st), (i)) #define sk_PKCS7_SIGNER_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_SIGNER_INFO, (st), (ptr)) #define sk_PKCS7_SIGNER_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_SIGNER_INFO, (st), (val), (i)) @@ -903,8 +1101,9 @@ STACK_OF(type) \ #define sk_PKCS7_SIGNER_INFO_shift(st) SKM_sk_shift(PKCS7_SIGNER_INFO, (st)) #define sk_PKCS7_SIGNER_INFO_pop(st) SKM_sk_pop(PKCS7_SIGNER_INFO, (st)) #define sk_PKCS7_SIGNER_INFO_sort(st) SKM_sk_sort(PKCS7_SIGNER_INFO, (st)) +#define sk_PKCS7_SIGNER_INFO_is_sorted(st) SKM_sk_is_sorted(PKCS7_SIGNER_INFO, (st)) -#define sk_POLICYINFO_new(st) SKM_sk_new(POLICYINFO, (st)) +#define sk_POLICYINFO_new(cmp) SKM_sk_new(POLICYINFO, (cmp)) #define sk_POLICYINFO_new_null() SKM_sk_new_null(POLICYINFO) #define sk_POLICYINFO_free(st) SKM_sk_free(POLICYINFO, (st)) #define sk_POLICYINFO_num(st) SKM_sk_num(POLICYINFO, (st)) @@ -914,6 +1113,7 @@ STACK_OF(type) \ #define sk_POLICYINFO_push(st, val) SKM_sk_push(POLICYINFO, (st), (val)) #define sk_POLICYINFO_unshift(st, val) SKM_sk_unshift(POLICYINFO, (st), (val)) #define sk_POLICYINFO_find(st, val) SKM_sk_find(POLICYINFO, (st), (val)) +#define sk_POLICYINFO_find_ex(st, val) SKM_sk_find_ex(POLICYINFO, (st), (val)) #define sk_POLICYINFO_delete(st, i) SKM_sk_delete(POLICYINFO, (st), (i)) #define sk_POLICYINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYINFO, (st), (ptr)) #define sk_POLICYINFO_insert(st, val, i) SKM_sk_insert(POLICYINFO, (st), (val), (i)) @@ -923,8 +1123,9 @@ STACK_OF(type) \ #define sk_POLICYINFO_shift(st) SKM_sk_shift(POLICYINFO, (st)) #define sk_POLICYINFO_pop(st) SKM_sk_pop(POLICYINFO, (st)) #define sk_POLICYINFO_sort(st) SKM_sk_sort(POLICYINFO, (st)) +#define sk_POLICYINFO_is_sorted(st) SKM_sk_is_sorted(POLICYINFO, (st)) -#define sk_POLICYQUALINFO_new(st) SKM_sk_new(POLICYQUALINFO, (st)) +#define sk_POLICYQUALINFO_new(cmp) SKM_sk_new(POLICYQUALINFO, (cmp)) #define sk_POLICYQUALINFO_new_null() SKM_sk_new_null(POLICYQUALINFO) #define sk_POLICYQUALINFO_free(st) SKM_sk_free(POLICYQUALINFO, (st)) #define sk_POLICYQUALINFO_num(st) SKM_sk_num(POLICYQUALINFO, (st)) @@ -934,6 +1135,7 @@ STACK_OF(type) \ #define sk_POLICYQUALINFO_push(st, val) SKM_sk_push(POLICYQUALINFO, (st), (val)) #define sk_POLICYQUALINFO_unshift(st, val) SKM_sk_unshift(POLICYQUALINFO, (st), (val)) #define sk_POLICYQUALINFO_find(st, val) SKM_sk_find(POLICYQUALINFO, (st), (val)) +#define sk_POLICYQUALINFO_find_ex(st, val) SKM_sk_find_ex(POLICYQUALINFO, (st), (val)) #define sk_POLICYQUALINFO_delete(st, i) SKM_sk_delete(POLICYQUALINFO, (st), (i)) #define sk_POLICYQUALINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYQUALINFO, (st), (ptr)) #define sk_POLICYQUALINFO_insert(st, val, i) SKM_sk_insert(POLICYQUALINFO, (st), (val), (i)) @@ -943,8 +1145,53 @@ STACK_OF(type) \ #define sk_POLICYQUALINFO_shift(st) SKM_sk_shift(POLICYQUALINFO, (st)) #define sk_POLICYQUALINFO_pop(st) SKM_sk_pop(POLICYQUALINFO, (st)) #define sk_POLICYQUALINFO_sort(st) SKM_sk_sort(POLICYQUALINFO, (st)) - -#define sk_SSL_CIPHER_new(st) SKM_sk_new(SSL_CIPHER, (st)) +#define sk_POLICYQUALINFO_is_sorted(st) SKM_sk_is_sorted(POLICYQUALINFO, (st)) + +#define sk_POLICY_MAPPING_new(cmp) SKM_sk_new(POLICY_MAPPING, (cmp)) +#define sk_POLICY_MAPPING_new_null() SKM_sk_new_null(POLICY_MAPPING) +#define sk_POLICY_MAPPING_free(st) SKM_sk_free(POLICY_MAPPING, (st)) +#define sk_POLICY_MAPPING_num(st) SKM_sk_num(POLICY_MAPPING, (st)) +#define sk_POLICY_MAPPING_value(st, i) SKM_sk_value(POLICY_MAPPING, (st), (i)) +#define sk_POLICY_MAPPING_set(st, i, val) SKM_sk_set(POLICY_MAPPING, (st), (i), (val)) +#define sk_POLICY_MAPPING_zero(st) SKM_sk_zero(POLICY_MAPPING, (st)) +#define sk_POLICY_MAPPING_push(st, val) SKM_sk_push(POLICY_MAPPING, (st), (val)) +#define sk_POLICY_MAPPING_unshift(st, val) SKM_sk_unshift(POLICY_MAPPING, (st), (val)) +#define sk_POLICY_MAPPING_find(st, val) SKM_sk_find(POLICY_MAPPING, (st), (val)) +#define sk_POLICY_MAPPING_find_ex(st, val) SKM_sk_find_ex(POLICY_MAPPING, (st), (val)) +#define sk_POLICY_MAPPING_delete(st, i) SKM_sk_delete(POLICY_MAPPING, (st), (i)) +#define sk_POLICY_MAPPING_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICY_MAPPING, (st), (ptr)) +#define sk_POLICY_MAPPING_insert(st, val, i) SKM_sk_insert(POLICY_MAPPING, (st), (val), (i)) +#define sk_POLICY_MAPPING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICY_MAPPING, (st), (cmp)) +#define sk_POLICY_MAPPING_dup(st) SKM_sk_dup(POLICY_MAPPING, st) +#define sk_POLICY_MAPPING_pop_free(st, free_func) SKM_sk_pop_free(POLICY_MAPPING, (st), (free_func)) +#define sk_POLICY_MAPPING_shift(st) SKM_sk_shift(POLICY_MAPPING, (st)) +#define sk_POLICY_MAPPING_pop(st) SKM_sk_pop(POLICY_MAPPING, (st)) +#define sk_POLICY_MAPPING_sort(st) SKM_sk_sort(POLICY_MAPPING, (st)) +#define sk_POLICY_MAPPING_is_sorted(st) SKM_sk_is_sorted(POLICY_MAPPING, (st)) + +#define sk_SRTP_PROTECTION_PROFILE_new(cmp) SKM_sk_new(SRTP_PROTECTION_PROFILE, (cmp)) +#define sk_SRTP_PROTECTION_PROFILE_new_null() SKM_sk_new_null(SRTP_PROTECTION_PROFILE) +#define sk_SRTP_PROTECTION_PROFILE_free(st) SKM_sk_free(SRTP_PROTECTION_PROFILE, (st)) +#define sk_SRTP_PROTECTION_PROFILE_num(st) SKM_sk_num(SRTP_PROTECTION_PROFILE, (st)) +#define sk_SRTP_PROTECTION_PROFILE_value(st, i) SKM_sk_value(SRTP_PROTECTION_PROFILE, (st), (i)) +#define sk_SRTP_PROTECTION_PROFILE_set(st, i, val) SKM_sk_set(SRTP_PROTECTION_PROFILE, (st), (i), (val)) +#define sk_SRTP_PROTECTION_PROFILE_zero(st) SKM_sk_zero(SRTP_PROTECTION_PROFILE, (st)) +#define sk_SRTP_PROTECTION_PROFILE_push(st, val) SKM_sk_push(SRTP_PROTECTION_PROFILE, (st), (val)) +#define sk_SRTP_PROTECTION_PROFILE_unshift(st, val) SKM_sk_unshift(SRTP_PROTECTION_PROFILE, (st), (val)) +#define sk_SRTP_PROTECTION_PROFILE_find(st, val) SKM_sk_find(SRTP_PROTECTION_PROFILE, (st), (val)) +#define sk_SRTP_PROTECTION_PROFILE_find_ex(st, val) SKM_sk_find_ex(SRTP_PROTECTION_PROFILE, (st), (val)) +#define sk_SRTP_PROTECTION_PROFILE_delete(st, i) SKM_sk_delete(SRTP_PROTECTION_PROFILE, (st), (i)) +#define sk_SRTP_PROTECTION_PROFILE_delete_ptr(st, ptr) SKM_sk_delete_ptr(SRTP_PROTECTION_PROFILE, (st), (ptr)) +#define sk_SRTP_PROTECTION_PROFILE_insert(st, val, i) SKM_sk_insert(SRTP_PROTECTION_PROFILE, (st), (val), (i)) +#define sk_SRTP_PROTECTION_PROFILE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SRTP_PROTECTION_PROFILE, (st), (cmp)) +#define sk_SRTP_PROTECTION_PROFILE_dup(st) SKM_sk_dup(SRTP_PROTECTION_PROFILE, st) +#define sk_SRTP_PROTECTION_PROFILE_pop_free(st, free_func) SKM_sk_pop_free(SRTP_PROTECTION_PROFILE, (st), (free_func)) +#define sk_SRTP_PROTECTION_PROFILE_shift(st) SKM_sk_shift(SRTP_PROTECTION_PROFILE, (st)) +#define sk_SRTP_PROTECTION_PROFILE_pop(st) SKM_sk_pop(SRTP_PROTECTION_PROFILE, (st)) +#define sk_SRTP_PROTECTION_PROFILE_sort(st) SKM_sk_sort(SRTP_PROTECTION_PROFILE, (st)) +#define sk_SRTP_PROTECTION_PROFILE_is_sorted(st) SKM_sk_is_sorted(SRTP_PROTECTION_PROFILE, (st)) + +#define sk_SSL_CIPHER_new(cmp) SKM_sk_new(SSL_CIPHER, (cmp)) #define sk_SSL_CIPHER_new_null() SKM_sk_new_null(SSL_CIPHER) #define sk_SSL_CIPHER_free(st) SKM_sk_free(SSL_CIPHER, (st)) #define sk_SSL_CIPHER_num(st) SKM_sk_num(SSL_CIPHER, (st)) @@ -954,6 +1201,7 @@ STACK_OF(type) \ #define sk_SSL_CIPHER_push(st, val) SKM_sk_push(SSL_CIPHER, (st), (val)) #define sk_SSL_CIPHER_unshift(st, val) SKM_sk_unshift(SSL_CIPHER, (st), (val)) #define sk_SSL_CIPHER_find(st, val) SKM_sk_find(SSL_CIPHER, (st), (val)) +#define sk_SSL_CIPHER_find_ex(st, val) SKM_sk_find_ex(SSL_CIPHER, (st), (val)) #define sk_SSL_CIPHER_delete(st, i) SKM_sk_delete(SSL_CIPHER, (st), (i)) #define sk_SSL_CIPHER_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_CIPHER, (st), (ptr)) #define sk_SSL_CIPHER_insert(st, val, i) SKM_sk_insert(SSL_CIPHER, (st), (val), (i)) @@ -963,8 +1211,9 @@ STACK_OF(type) \ #define sk_SSL_CIPHER_shift(st) SKM_sk_shift(SSL_CIPHER, (st)) #define sk_SSL_CIPHER_pop(st) SKM_sk_pop(SSL_CIPHER, (st)) #define sk_SSL_CIPHER_sort(st) SKM_sk_sort(SSL_CIPHER, (st)) +#define sk_SSL_CIPHER_is_sorted(st) SKM_sk_is_sorted(SSL_CIPHER, (st)) -#define sk_SSL_COMP_new(st) SKM_sk_new(SSL_COMP, (st)) +#define sk_SSL_COMP_new(cmp) SKM_sk_new(SSL_COMP, (cmp)) #define sk_SSL_COMP_new_null() SKM_sk_new_null(SSL_COMP) #define sk_SSL_COMP_free(st) SKM_sk_free(SSL_COMP, (st)) #define sk_SSL_COMP_num(st) SKM_sk_num(SSL_COMP, (st)) @@ -974,6 +1223,7 @@ STACK_OF(type) \ #define sk_SSL_COMP_push(st, val) SKM_sk_push(SSL_COMP, (st), (val)) #define sk_SSL_COMP_unshift(st, val) SKM_sk_unshift(SSL_COMP, (st), (val)) #define sk_SSL_COMP_find(st, val) SKM_sk_find(SSL_COMP, (st), (val)) +#define sk_SSL_COMP_find_ex(st, val) SKM_sk_find_ex(SSL_COMP, (st), (val)) #define sk_SSL_COMP_delete(st, i) SKM_sk_delete(SSL_COMP, (st), (i)) #define sk_SSL_COMP_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_COMP, (st), (ptr)) #define sk_SSL_COMP_insert(st, val, i) SKM_sk_insert(SSL_COMP, (st), (val), (i)) @@ -983,8 +1233,75 @@ STACK_OF(type) \ #define sk_SSL_COMP_shift(st) SKM_sk_shift(SSL_COMP, (st)) #define sk_SSL_COMP_pop(st) SKM_sk_pop(SSL_COMP, (st)) #define sk_SSL_COMP_sort(st) SKM_sk_sort(SSL_COMP, (st)) - -#define sk_SXNETID_new(st) SKM_sk_new(SXNETID, (st)) +#define sk_SSL_COMP_is_sorted(st) SKM_sk_is_sorted(SSL_COMP, (st)) + +#define sk_STACK_OF_X509_NAME_ENTRY_new(cmp) SKM_sk_new(STACK_OF_X509_NAME_ENTRY, (cmp)) +#define sk_STACK_OF_X509_NAME_ENTRY_new_null() SKM_sk_new_null(STACK_OF_X509_NAME_ENTRY) +#define sk_STACK_OF_X509_NAME_ENTRY_free(st) SKM_sk_free(STACK_OF_X509_NAME_ENTRY, (st)) +#define sk_STACK_OF_X509_NAME_ENTRY_num(st) SKM_sk_num(STACK_OF_X509_NAME_ENTRY, (st)) +#define sk_STACK_OF_X509_NAME_ENTRY_value(st, i) SKM_sk_value(STACK_OF_X509_NAME_ENTRY, (st), (i)) +#define sk_STACK_OF_X509_NAME_ENTRY_set(st, i, val) SKM_sk_set(STACK_OF_X509_NAME_ENTRY, (st), (i), (val)) +#define sk_STACK_OF_X509_NAME_ENTRY_zero(st) SKM_sk_zero(STACK_OF_X509_NAME_ENTRY, (st)) +#define sk_STACK_OF_X509_NAME_ENTRY_push(st, val) SKM_sk_push(STACK_OF_X509_NAME_ENTRY, (st), (val)) +#define sk_STACK_OF_X509_NAME_ENTRY_unshift(st, val) SKM_sk_unshift(STACK_OF_X509_NAME_ENTRY, (st), (val)) +#define sk_STACK_OF_X509_NAME_ENTRY_find(st, val) SKM_sk_find(STACK_OF_X509_NAME_ENTRY, (st), (val)) +#define sk_STACK_OF_X509_NAME_ENTRY_find_ex(st, val) SKM_sk_find_ex(STACK_OF_X509_NAME_ENTRY, (st), (val)) +#define sk_STACK_OF_X509_NAME_ENTRY_delete(st, i) SKM_sk_delete(STACK_OF_X509_NAME_ENTRY, (st), (i)) +#define sk_STACK_OF_X509_NAME_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(STACK_OF_X509_NAME_ENTRY, (st), (ptr)) +#define sk_STACK_OF_X509_NAME_ENTRY_insert(st, val, i) SKM_sk_insert(STACK_OF_X509_NAME_ENTRY, (st), (val), (i)) +#define sk_STACK_OF_X509_NAME_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STACK_OF_X509_NAME_ENTRY, (st), (cmp)) +#define sk_STACK_OF_X509_NAME_ENTRY_dup(st) SKM_sk_dup(STACK_OF_X509_NAME_ENTRY, st) +#define sk_STACK_OF_X509_NAME_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(STACK_OF_X509_NAME_ENTRY, (st), (free_func)) +#define sk_STACK_OF_X509_NAME_ENTRY_shift(st) SKM_sk_shift(STACK_OF_X509_NAME_ENTRY, (st)) +#define sk_STACK_OF_X509_NAME_ENTRY_pop(st) SKM_sk_pop(STACK_OF_X509_NAME_ENTRY, (st)) +#define sk_STACK_OF_X509_NAME_ENTRY_sort(st) SKM_sk_sort(STACK_OF_X509_NAME_ENTRY, (st)) +#define sk_STACK_OF_X509_NAME_ENTRY_is_sorted(st) SKM_sk_is_sorted(STACK_OF_X509_NAME_ENTRY, (st)) + +#define sk_STORE_ATTR_INFO_new(cmp) SKM_sk_new(STORE_ATTR_INFO, (cmp)) +#define sk_STORE_ATTR_INFO_new_null() SKM_sk_new_null(STORE_ATTR_INFO) +#define sk_STORE_ATTR_INFO_free(st) SKM_sk_free(STORE_ATTR_INFO, (st)) +#define sk_STORE_ATTR_INFO_num(st) SKM_sk_num(STORE_ATTR_INFO, (st)) +#define sk_STORE_ATTR_INFO_value(st, i) SKM_sk_value(STORE_ATTR_INFO, (st), (i)) +#define sk_STORE_ATTR_INFO_set(st, i, val) SKM_sk_set(STORE_ATTR_INFO, (st), (i), (val)) +#define sk_STORE_ATTR_INFO_zero(st) SKM_sk_zero(STORE_ATTR_INFO, (st)) +#define sk_STORE_ATTR_INFO_push(st, val) SKM_sk_push(STORE_ATTR_INFO, (st), (val)) +#define sk_STORE_ATTR_INFO_unshift(st, val) SKM_sk_unshift(STORE_ATTR_INFO, (st), (val)) +#define sk_STORE_ATTR_INFO_find(st, val) SKM_sk_find(STORE_ATTR_INFO, (st), (val)) +#define sk_STORE_ATTR_INFO_find_ex(st, val) SKM_sk_find_ex(STORE_ATTR_INFO, (st), (val)) +#define sk_STORE_ATTR_INFO_delete(st, i) SKM_sk_delete(STORE_ATTR_INFO, (st), (i)) +#define sk_STORE_ATTR_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(STORE_ATTR_INFO, (st), (ptr)) +#define sk_STORE_ATTR_INFO_insert(st, val, i) SKM_sk_insert(STORE_ATTR_INFO, (st), (val), (i)) +#define sk_STORE_ATTR_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STORE_ATTR_INFO, (st), (cmp)) +#define sk_STORE_ATTR_INFO_dup(st) SKM_sk_dup(STORE_ATTR_INFO, st) +#define sk_STORE_ATTR_INFO_pop_free(st, free_func) SKM_sk_pop_free(STORE_ATTR_INFO, (st), (free_func)) +#define sk_STORE_ATTR_INFO_shift(st) SKM_sk_shift(STORE_ATTR_INFO, (st)) +#define sk_STORE_ATTR_INFO_pop(st) SKM_sk_pop(STORE_ATTR_INFO, (st)) +#define sk_STORE_ATTR_INFO_sort(st) SKM_sk_sort(STORE_ATTR_INFO, (st)) +#define sk_STORE_ATTR_INFO_is_sorted(st) SKM_sk_is_sorted(STORE_ATTR_INFO, (st)) + +#define sk_STORE_OBJECT_new(cmp) SKM_sk_new(STORE_OBJECT, (cmp)) +#define sk_STORE_OBJECT_new_null() SKM_sk_new_null(STORE_OBJECT) +#define sk_STORE_OBJECT_free(st) SKM_sk_free(STORE_OBJECT, (st)) +#define sk_STORE_OBJECT_num(st) SKM_sk_num(STORE_OBJECT, (st)) +#define sk_STORE_OBJECT_value(st, i) SKM_sk_value(STORE_OBJECT, (st), (i)) +#define sk_STORE_OBJECT_set(st, i, val) SKM_sk_set(STORE_OBJECT, (st), (i), (val)) +#define sk_STORE_OBJECT_zero(st) SKM_sk_zero(STORE_OBJECT, (st)) +#define sk_STORE_OBJECT_push(st, val) SKM_sk_push(STORE_OBJECT, (st), (val)) +#define sk_STORE_OBJECT_unshift(st, val) SKM_sk_unshift(STORE_OBJECT, (st), (val)) +#define sk_STORE_OBJECT_find(st, val) SKM_sk_find(STORE_OBJECT, (st), (val)) +#define sk_STORE_OBJECT_find_ex(st, val) SKM_sk_find_ex(STORE_OBJECT, (st), (val)) +#define sk_STORE_OBJECT_delete(st, i) SKM_sk_delete(STORE_OBJECT, (st), (i)) +#define sk_STORE_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(STORE_OBJECT, (st), (ptr)) +#define sk_STORE_OBJECT_insert(st, val, i) SKM_sk_insert(STORE_OBJECT, (st), (val), (i)) +#define sk_STORE_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(STORE_OBJECT, (st), (cmp)) +#define sk_STORE_OBJECT_dup(st) SKM_sk_dup(STORE_OBJECT, st) +#define sk_STORE_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(STORE_OBJECT, (st), (free_func)) +#define sk_STORE_OBJECT_shift(st) SKM_sk_shift(STORE_OBJECT, (st)) +#define sk_STORE_OBJECT_pop(st) SKM_sk_pop(STORE_OBJECT, (st)) +#define sk_STORE_OBJECT_sort(st) SKM_sk_sort(STORE_OBJECT, (st)) +#define sk_STORE_OBJECT_is_sorted(st) SKM_sk_is_sorted(STORE_OBJECT, (st)) + +#define sk_SXNETID_new(cmp) SKM_sk_new(SXNETID, (cmp)) #define sk_SXNETID_new_null() SKM_sk_new_null(SXNETID) #define sk_SXNETID_free(st) SKM_sk_free(SXNETID, (st)) #define sk_SXNETID_num(st) SKM_sk_num(SXNETID, (st)) @@ -994,6 +1311,7 @@ STACK_OF(type) \ #define sk_SXNETID_push(st, val) SKM_sk_push(SXNETID, (st), (val)) #define sk_SXNETID_unshift(st, val) SKM_sk_unshift(SXNETID, (st), (val)) #define sk_SXNETID_find(st, val) SKM_sk_find(SXNETID, (st), (val)) +#define sk_SXNETID_find_ex(st, val) SKM_sk_find_ex(SXNETID, (st), (val)) #define sk_SXNETID_delete(st, i) SKM_sk_delete(SXNETID, (st), (i)) #define sk_SXNETID_delete_ptr(st, ptr) SKM_sk_delete_ptr(SXNETID, (st), (ptr)) #define sk_SXNETID_insert(st, val, i) SKM_sk_insert(SXNETID, (st), (val), (i)) @@ -1003,8 +1321,9 @@ STACK_OF(type) \ #define sk_SXNETID_shift(st) SKM_sk_shift(SXNETID, (st)) #define sk_SXNETID_pop(st) SKM_sk_pop(SXNETID, (st)) #define sk_SXNETID_sort(st) SKM_sk_sort(SXNETID, (st)) +#define sk_SXNETID_is_sorted(st) SKM_sk_is_sorted(SXNETID, (st)) -#define sk_UI_STRING_new(st) SKM_sk_new(UI_STRING, (st)) +#define sk_UI_STRING_new(cmp) SKM_sk_new(UI_STRING, (cmp)) #define sk_UI_STRING_new_null() SKM_sk_new_null(UI_STRING) #define sk_UI_STRING_free(st) SKM_sk_free(UI_STRING, (st)) #define sk_UI_STRING_num(st) SKM_sk_num(UI_STRING, (st)) @@ -1014,6 +1333,7 @@ STACK_OF(type) \ #define sk_UI_STRING_push(st, val) SKM_sk_push(UI_STRING, (st), (val)) #define sk_UI_STRING_unshift(st, val) SKM_sk_unshift(UI_STRING, (st), (val)) #define sk_UI_STRING_find(st, val) SKM_sk_find(UI_STRING, (st), (val)) +#define sk_UI_STRING_find_ex(st, val) SKM_sk_find_ex(UI_STRING, (st), (val)) #define sk_UI_STRING_delete(st, i) SKM_sk_delete(UI_STRING, (st), (i)) #define sk_UI_STRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(UI_STRING, (st), (ptr)) #define sk_UI_STRING_insert(st, val, i) SKM_sk_insert(UI_STRING, (st), (val), (i)) @@ -1023,8 +1343,9 @@ STACK_OF(type) \ #define sk_UI_STRING_shift(st) SKM_sk_shift(UI_STRING, (st)) #define sk_UI_STRING_pop(st) SKM_sk_pop(UI_STRING, (st)) #define sk_UI_STRING_sort(st) SKM_sk_sort(UI_STRING, (st)) +#define sk_UI_STRING_is_sorted(st) SKM_sk_is_sorted(UI_STRING, (st)) -#define sk_X509_new(st) SKM_sk_new(X509, (st)) +#define sk_X509_new(cmp) SKM_sk_new(X509, (cmp)) #define sk_X509_new_null() SKM_sk_new_null(X509) #define sk_X509_free(st) SKM_sk_free(X509, (st)) #define sk_X509_num(st) SKM_sk_num(X509, (st)) @@ -1034,6 +1355,7 @@ STACK_OF(type) \ #define sk_X509_push(st, val) SKM_sk_push(X509, (st), (val)) #define sk_X509_unshift(st, val) SKM_sk_unshift(X509, (st), (val)) #define sk_X509_find(st, val) SKM_sk_find(X509, (st), (val)) +#define sk_X509_find_ex(st, val) SKM_sk_find_ex(X509, (st), (val)) #define sk_X509_delete(st, i) SKM_sk_delete(X509, (st), (i)) #define sk_X509_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509, (st), (ptr)) #define sk_X509_insert(st, val, i) SKM_sk_insert(X509, (st), (val), (i)) @@ -1043,8 +1365,9 @@ STACK_OF(type) \ #define sk_X509_shift(st) SKM_sk_shift(X509, (st)) #define sk_X509_pop(st) SKM_sk_pop(X509, (st)) #define sk_X509_sort(st) SKM_sk_sort(X509, (st)) +#define sk_X509_is_sorted(st) SKM_sk_is_sorted(X509, (st)) -#define sk_X509V3_EXT_METHOD_new(st) SKM_sk_new(X509V3_EXT_METHOD, (st)) +#define sk_X509V3_EXT_METHOD_new(cmp) SKM_sk_new(X509V3_EXT_METHOD, (cmp)) #define sk_X509V3_EXT_METHOD_new_null() SKM_sk_new_null(X509V3_EXT_METHOD) #define sk_X509V3_EXT_METHOD_free(st) SKM_sk_free(X509V3_EXT_METHOD, (st)) #define sk_X509V3_EXT_METHOD_num(st) SKM_sk_num(X509V3_EXT_METHOD, (st)) @@ -1054,6 +1377,7 @@ STACK_OF(type) \ #define sk_X509V3_EXT_METHOD_push(st, val) SKM_sk_push(X509V3_EXT_METHOD, (st), (val)) #define sk_X509V3_EXT_METHOD_unshift(st, val) SKM_sk_unshift(X509V3_EXT_METHOD, (st), (val)) #define sk_X509V3_EXT_METHOD_find(st, val) SKM_sk_find(X509V3_EXT_METHOD, (st), (val)) +#define sk_X509V3_EXT_METHOD_find_ex(st, val) SKM_sk_find_ex(X509V3_EXT_METHOD, (st), (val)) #define sk_X509V3_EXT_METHOD_delete(st, i) SKM_sk_delete(X509V3_EXT_METHOD, (st), (i)) #define sk_X509V3_EXT_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509V3_EXT_METHOD, (st), (ptr)) #define sk_X509V3_EXT_METHOD_insert(st, val, i) SKM_sk_insert(X509V3_EXT_METHOD, (st), (val), (i)) @@ -1063,8 +1387,9 @@ STACK_OF(type) \ #define sk_X509V3_EXT_METHOD_shift(st) SKM_sk_shift(X509V3_EXT_METHOD, (st)) #define sk_X509V3_EXT_METHOD_pop(st) SKM_sk_pop(X509V3_EXT_METHOD, (st)) #define sk_X509V3_EXT_METHOD_sort(st) SKM_sk_sort(X509V3_EXT_METHOD, (st)) +#define sk_X509V3_EXT_METHOD_is_sorted(st) SKM_sk_is_sorted(X509V3_EXT_METHOD, (st)) -#define sk_X509_ALGOR_new(st) SKM_sk_new(X509_ALGOR, (st)) +#define sk_X509_ALGOR_new(cmp) SKM_sk_new(X509_ALGOR, (cmp)) #define sk_X509_ALGOR_new_null() SKM_sk_new_null(X509_ALGOR) #define sk_X509_ALGOR_free(st) SKM_sk_free(X509_ALGOR, (st)) #define sk_X509_ALGOR_num(st) SKM_sk_num(X509_ALGOR, (st)) @@ -1074,6 +1399,7 @@ STACK_OF(type) \ #define sk_X509_ALGOR_push(st, val) SKM_sk_push(X509_ALGOR, (st), (val)) #define sk_X509_ALGOR_unshift(st, val) SKM_sk_unshift(X509_ALGOR, (st), (val)) #define sk_X509_ALGOR_find(st, val) SKM_sk_find(X509_ALGOR, (st), (val)) +#define sk_X509_ALGOR_find_ex(st, val) SKM_sk_find_ex(X509_ALGOR, (st), (val)) #define sk_X509_ALGOR_delete(st, i) SKM_sk_delete(X509_ALGOR, (st), (i)) #define sk_X509_ALGOR_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ALGOR, (st), (ptr)) #define sk_X509_ALGOR_insert(st, val, i) SKM_sk_insert(X509_ALGOR, (st), (val), (i)) @@ -1083,8 +1409,9 @@ STACK_OF(type) \ #define sk_X509_ALGOR_shift(st) SKM_sk_shift(X509_ALGOR, (st)) #define sk_X509_ALGOR_pop(st) SKM_sk_pop(X509_ALGOR, (st)) #define sk_X509_ALGOR_sort(st) SKM_sk_sort(X509_ALGOR, (st)) +#define sk_X509_ALGOR_is_sorted(st) SKM_sk_is_sorted(X509_ALGOR, (st)) -#define sk_X509_ATTRIBUTE_new(st) SKM_sk_new(X509_ATTRIBUTE, (st)) +#define sk_X509_ATTRIBUTE_new(cmp) SKM_sk_new(X509_ATTRIBUTE, (cmp)) #define sk_X509_ATTRIBUTE_new_null() SKM_sk_new_null(X509_ATTRIBUTE) #define sk_X509_ATTRIBUTE_free(st) SKM_sk_free(X509_ATTRIBUTE, (st)) #define sk_X509_ATTRIBUTE_num(st) SKM_sk_num(X509_ATTRIBUTE, (st)) @@ -1094,6 +1421,7 @@ STACK_OF(type) \ #define sk_X509_ATTRIBUTE_push(st, val) SKM_sk_push(X509_ATTRIBUTE, (st), (val)) #define sk_X509_ATTRIBUTE_unshift(st, val) SKM_sk_unshift(X509_ATTRIBUTE, (st), (val)) #define sk_X509_ATTRIBUTE_find(st, val) SKM_sk_find(X509_ATTRIBUTE, (st), (val)) +#define sk_X509_ATTRIBUTE_find_ex(st, val) SKM_sk_find_ex(X509_ATTRIBUTE, (st), (val)) #define sk_X509_ATTRIBUTE_delete(st, i) SKM_sk_delete(X509_ATTRIBUTE, (st), (i)) #define sk_X509_ATTRIBUTE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ATTRIBUTE, (st), (ptr)) #define sk_X509_ATTRIBUTE_insert(st, val, i) SKM_sk_insert(X509_ATTRIBUTE, (st), (val), (i)) @@ -1103,8 +1431,9 @@ STACK_OF(type) \ #define sk_X509_ATTRIBUTE_shift(st) SKM_sk_shift(X509_ATTRIBUTE, (st)) #define sk_X509_ATTRIBUTE_pop(st) SKM_sk_pop(X509_ATTRIBUTE, (st)) #define sk_X509_ATTRIBUTE_sort(st) SKM_sk_sort(X509_ATTRIBUTE, (st)) +#define sk_X509_ATTRIBUTE_is_sorted(st) SKM_sk_is_sorted(X509_ATTRIBUTE, (st)) -#define sk_X509_CRL_new(st) SKM_sk_new(X509_CRL, (st)) +#define sk_X509_CRL_new(cmp) SKM_sk_new(X509_CRL, (cmp)) #define sk_X509_CRL_new_null() SKM_sk_new_null(X509_CRL) #define sk_X509_CRL_free(st) SKM_sk_free(X509_CRL, (st)) #define sk_X509_CRL_num(st) SKM_sk_num(X509_CRL, (st)) @@ -1114,6 +1443,7 @@ STACK_OF(type) \ #define sk_X509_CRL_push(st, val) SKM_sk_push(X509_CRL, (st), (val)) #define sk_X509_CRL_unshift(st, val) SKM_sk_unshift(X509_CRL, (st), (val)) #define sk_X509_CRL_find(st, val) SKM_sk_find(X509_CRL, (st), (val)) +#define sk_X509_CRL_find_ex(st, val) SKM_sk_find_ex(X509_CRL, (st), (val)) #define sk_X509_CRL_delete(st, i) SKM_sk_delete(X509_CRL, (st), (i)) #define sk_X509_CRL_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_CRL, (st), (ptr)) #define sk_X509_CRL_insert(st, val, i) SKM_sk_insert(X509_CRL, (st), (val), (i)) @@ -1123,8 +1453,9 @@ STACK_OF(type) \ #define sk_X509_CRL_shift(st) SKM_sk_shift(X509_CRL, (st)) #define sk_X509_CRL_pop(st) SKM_sk_pop(X509_CRL, (st)) #define sk_X509_CRL_sort(st) SKM_sk_sort(X509_CRL, (st)) +#define sk_X509_CRL_is_sorted(st) SKM_sk_is_sorted(X509_CRL, (st)) -#define sk_X509_EXTENSION_new(st) SKM_sk_new(X509_EXTENSION, (st)) +#define sk_X509_EXTENSION_new(cmp) SKM_sk_new(X509_EXTENSION, (cmp)) #define sk_X509_EXTENSION_new_null() SKM_sk_new_null(X509_EXTENSION) #define sk_X509_EXTENSION_free(st) SKM_sk_free(X509_EXTENSION, (st)) #define sk_X509_EXTENSION_num(st) SKM_sk_num(X509_EXTENSION, (st)) @@ -1134,6 +1465,7 @@ STACK_OF(type) \ #define sk_X509_EXTENSION_push(st, val) SKM_sk_push(X509_EXTENSION, (st), (val)) #define sk_X509_EXTENSION_unshift(st, val) SKM_sk_unshift(X509_EXTENSION, (st), (val)) #define sk_X509_EXTENSION_find(st, val) SKM_sk_find(X509_EXTENSION, (st), (val)) +#define sk_X509_EXTENSION_find_ex(st, val) SKM_sk_find_ex(X509_EXTENSION, (st), (val)) #define sk_X509_EXTENSION_delete(st, i) SKM_sk_delete(X509_EXTENSION, (st), (i)) #define sk_X509_EXTENSION_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_EXTENSION, (st), (ptr)) #define sk_X509_EXTENSION_insert(st, val, i) SKM_sk_insert(X509_EXTENSION, (st), (val), (i)) @@ -1143,8 +1475,9 @@ STACK_OF(type) \ #define sk_X509_EXTENSION_shift(st) SKM_sk_shift(X509_EXTENSION, (st)) #define sk_X509_EXTENSION_pop(st) SKM_sk_pop(X509_EXTENSION, (st)) #define sk_X509_EXTENSION_sort(st) SKM_sk_sort(X509_EXTENSION, (st)) +#define sk_X509_EXTENSION_is_sorted(st) SKM_sk_is_sorted(X509_EXTENSION, (st)) -#define sk_X509_INFO_new(st) SKM_sk_new(X509_INFO, (st)) +#define sk_X509_INFO_new(cmp) SKM_sk_new(X509_INFO, (cmp)) #define sk_X509_INFO_new_null() SKM_sk_new_null(X509_INFO) #define sk_X509_INFO_free(st) SKM_sk_free(X509_INFO, (st)) #define sk_X509_INFO_num(st) SKM_sk_num(X509_INFO, (st)) @@ -1154,6 +1487,7 @@ STACK_OF(type) \ #define sk_X509_INFO_push(st, val) SKM_sk_push(X509_INFO, (st), (val)) #define sk_X509_INFO_unshift(st, val) SKM_sk_unshift(X509_INFO, (st), (val)) #define sk_X509_INFO_find(st, val) SKM_sk_find(X509_INFO, (st), (val)) +#define sk_X509_INFO_find_ex(st, val) SKM_sk_find_ex(X509_INFO, (st), (val)) #define sk_X509_INFO_delete(st, i) SKM_sk_delete(X509_INFO, (st), (i)) #define sk_X509_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_INFO, (st), (ptr)) #define sk_X509_INFO_insert(st, val, i) SKM_sk_insert(X509_INFO, (st), (val), (i)) @@ -1163,8 +1497,9 @@ STACK_OF(type) \ #define sk_X509_INFO_shift(st) SKM_sk_shift(X509_INFO, (st)) #define sk_X509_INFO_pop(st) SKM_sk_pop(X509_INFO, (st)) #define sk_X509_INFO_sort(st) SKM_sk_sort(X509_INFO, (st)) +#define sk_X509_INFO_is_sorted(st) SKM_sk_is_sorted(X509_INFO, (st)) -#define sk_X509_LOOKUP_new(st) SKM_sk_new(X509_LOOKUP, (st)) +#define sk_X509_LOOKUP_new(cmp) SKM_sk_new(X509_LOOKUP, (cmp)) #define sk_X509_LOOKUP_new_null() SKM_sk_new_null(X509_LOOKUP) #define sk_X509_LOOKUP_free(st) SKM_sk_free(X509_LOOKUP, (st)) #define sk_X509_LOOKUP_num(st) SKM_sk_num(X509_LOOKUP, (st)) @@ -1174,6 +1509,7 @@ STACK_OF(type) \ #define sk_X509_LOOKUP_push(st, val) SKM_sk_push(X509_LOOKUP, (st), (val)) #define sk_X509_LOOKUP_unshift(st, val) SKM_sk_unshift(X509_LOOKUP, (st), (val)) #define sk_X509_LOOKUP_find(st, val) SKM_sk_find(X509_LOOKUP, (st), (val)) +#define sk_X509_LOOKUP_find_ex(st, val) SKM_sk_find_ex(X509_LOOKUP, (st), (val)) #define sk_X509_LOOKUP_delete(st, i) SKM_sk_delete(X509_LOOKUP, (st), (i)) #define sk_X509_LOOKUP_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_LOOKUP, (st), (ptr)) #define sk_X509_LOOKUP_insert(st, val, i) SKM_sk_insert(X509_LOOKUP, (st), (val), (i)) @@ -1183,8 +1519,9 @@ STACK_OF(type) \ #define sk_X509_LOOKUP_shift(st) SKM_sk_shift(X509_LOOKUP, (st)) #define sk_X509_LOOKUP_pop(st) SKM_sk_pop(X509_LOOKUP, (st)) #define sk_X509_LOOKUP_sort(st) SKM_sk_sort(X509_LOOKUP, (st)) +#define sk_X509_LOOKUP_is_sorted(st) SKM_sk_is_sorted(X509_LOOKUP, (st)) -#define sk_X509_NAME_new(st) SKM_sk_new(X509_NAME, (st)) +#define sk_X509_NAME_new(cmp) SKM_sk_new(X509_NAME, (cmp)) #define sk_X509_NAME_new_null() SKM_sk_new_null(X509_NAME) #define sk_X509_NAME_free(st) SKM_sk_free(X509_NAME, (st)) #define sk_X509_NAME_num(st) SKM_sk_num(X509_NAME, (st)) @@ -1194,6 +1531,7 @@ STACK_OF(type) \ #define sk_X509_NAME_push(st, val) SKM_sk_push(X509_NAME, (st), (val)) #define sk_X509_NAME_unshift(st, val) SKM_sk_unshift(X509_NAME, (st), (val)) #define sk_X509_NAME_find(st, val) SKM_sk_find(X509_NAME, (st), (val)) +#define sk_X509_NAME_find_ex(st, val) SKM_sk_find_ex(X509_NAME, (st), (val)) #define sk_X509_NAME_delete(st, i) SKM_sk_delete(X509_NAME, (st), (i)) #define sk_X509_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME, (st), (ptr)) #define sk_X509_NAME_insert(st, val, i) SKM_sk_insert(X509_NAME, (st), (val), (i)) @@ -1203,8 +1541,9 @@ STACK_OF(type) \ #define sk_X509_NAME_shift(st) SKM_sk_shift(X509_NAME, (st)) #define sk_X509_NAME_pop(st) SKM_sk_pop(X509_NAME, (st)) #define sk_X509_NAME_sort(st) SKM_sk_sort(X509_NAME, (st)) +#define sk_X509_NAME_is_sorted(st) SKM_sk_is_sorted(X509_NAME, (st)) -#define sk_X509_NAME_ENTRY_new(st) SKM_sk_new(X509_NAME_ENTRY, (st)) +#define sk_X509_NAME_ENTRY_new(cmp) SKM_sk_new(X509_NAME_ENTRY, (cmp)) #define sk_X509_NAME_ENTRY_new_null() SKM_sk_new_null(X509_NAME_ENTRY) #define sk_X509_NAME_ENTRY_free(st) SKM_sk_free(X509_NAME_ENTRY, (st)) #define sk_X509_NAME_ENTRY_num(st) SKM_sk_num(X509_NAME_ENTRY, (st)) @@ -1214,6 +1553,7 @@ STACK_OF(type) \ #define sk_X509_NAME_ENTRY_push(st, val) SKM_sk_push(X509_NAME_ENTRY, (st), (val)) #define sk_X509_NAME_ENTRY_unshift(st, val) SKM_sk_unshift(X509_NAME_ENTRY, (st), (val)) #define sk_X509_NAME_ENTRY_find(st, val) SKM_sk_find(X509_NAME_ENTRY, (st), (val)) +#define sk_X509_NAME_ENTRY_find_ex(st, val) SKM_sk_find_ex(X509_NAME_ENTRY, (st), (val)) #define sk_X509_NAME_ENTRY_delete(st, i) SKM_sk_delete(X509_NAME_ENTRY, (st), (i)) #define sk_X509_NAME_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME_ENTRY, (st), (ptr)) #define sk_X509_NAME_ENTRY_insert(st, val, i) SKM_sk_insert(X509_NAME_ENTRY, (st), (val), (i)) @@ -1223,8 +1563,9 @@ STACK_OF(type) \ #define sk_X509_NAME_ENTRY_shift(st) SKM_sk_shift(X509_NAME_ENTRY, (st)) #define sk_X509_NAME_ENTRY_pop(st) SKM_sk_pop(X509_NAME_ENTRY, (st)) #define sk_X509_NAME_ENTRY_sort(st) SKM_sk_sort(X509_NAME_ENTRY, (st)) +#define sk_X509_NAME_ENTRY_is_sorted(st) SKM_sk_is_sorted(X509_NAME_ENTRY, (st)) -#define sk_X509_OBJECT_new(st) SKM_sk_new(X509_OBJECT, (st)) +#define sk_X509_OBJECT_new(cmp) SKM_sk_new(X509_OBJECT, (cmp)) #define sk_X509_OBJECT_new_null() SKM_sk_new_null(X509_OBJECT) #define sk_X509_OBJECT_free(st) SKM_sk_free(X509_OBJECT, (st)) #define sk_X509_OBJECT_num(st) SKM_sk_num(X509_OBJECT, (st)) @@ -1234,6 +1575,7 @@ STACK_OF(type) \ #define sk_X509_OBJECT_push(st, val) SKM_sk_push(X509_OBJECT, (st), (val)) #define sk_X509_OBJECT_unshift(st, val) SKM_sk_unshift(X509_OBJECT, (st), (val)) #define sk_X509_OBJECT_find(st, val) SKM_sk_find(X509_OBJECT, (st), (val)) +#define sk_X509_OBJECT_find_ex(st, val) SKM_sk_find_ex(X509_OBJECT, (st), (val)) #define sk_X509_OBJECT_delete(st, i) SKM_sk_delete(X509_OBJECT, (st), (i)) #define sk_X509_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_OBJECT, (st), (ptr)) #define sk_X509_OBJECT_insert(st, val, i) SKM_sk_insert(X509_OBJECT, (st), (val), (i)) @@ -1243,8 +1585,53 @@ STACK_OF(type) \ #define sk_X509_OBJECT_shift(st) SKM_sk_shift(X509_OBJECT, (st)) #define sk_X509_OBJECT_pop(st) SKM_sk_pop(X509_OBJECT, (st)) #define sk_X509_OBJECT_sort(st) SKM_sk_sort(X509_OBJECT, (st)) - -#define sk_X509_PURPOSE_new(st) SKM_sk_new(X509_PURPOSE, (st)) +#define sk_X509_OBJECT_is_sorted(st) SKM_sk_is_sorted(X509_OBJECT, (st)) + +#define sk_X509_POLICY_DATA_new(cmp) SKM_sk_new(X509_POLICY_DATA, (cmp)) +#define sk_X509_POLICY_DATA_new_null() SKM_sk_new_null(X509_POLICY_DATA) +#define sk_X509_POLICY_DATA_free(st) SKM_sk_free(X509_POLICY_DATA, (st)) +#define sk_X509_POLICY_DATA_num(st) SKM_sk_num(X509_POLICY_DATA, (st)) +#define sk_X509_POLICY_DATA_value(st, i) SKM_sk_value(X509_POLICY_DATA, (st), (i)) +#define sk_X509_POLICY_DATA_set(st, i, val) SKM_sk_set(X509_POLICY_DATA, (st), (i), (val)) +#define sk_X509_POLICY_DATA_zero(st) SKM_sk_zero(X509_POLICY_DATA, (st)) +#define sk_X509_POLICY_DATA_push(st, val) SKM_sk_push(X509_POLICY_DATA, (st), (val)) +#define sk_X509_POLICY_DATA_unshift(st, val) SKM_sk_unshift(X509_POLICY_DATA, (st), (val)) +#define sk_X509_POLICY_DATA_find(st, val) SKM_sk_find(X509_POLICY_DATA, (st), (val)) +#define sk_X509_POLICY_DATA_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_DATA, (st), (val)) +#define sk_X509_POLICY_DATA_delete(st, i) SKM_sk_delete(X509_POLICY_DATA, (st), (i)) +#define sk_X509_POLICY_DATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_DATA, (st), (ptr)) +#define sk_X509_POLICY_DATA_insert(st, val, i) SKM_sk_insert(X509_POLICY_DATA, (st), (val), (i)) +#define sk_X509_POLICY_DATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_DATA, (st), (cmp)) +#define sk_X509_POLICY_DATA_dup(st) SKM_sk_dup(X509_POLICY_DATA, st) +#define sk_X509_POLICY_DATA_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_DATA, (st), (free_func)) +#define sk_X509_POLICY_DATA_shift(st) SKM_sk_shift(X509_POLICY_DATA, (st)) +#define sk_X509_POLICY_DATA_pop(st) SKM_sk_pop(X509_POLICY_DATA, (st)) +#define sk_X509_POLICY_DATA_sort(st) SKM_sk_sort(X509_POLICY_DATA, (st)) +#define sk_X509_POLICY_DATA_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_DATA, (st)) + +#define sk_X509_POLICY_NODE_new(cmp) SKM_sk_new(X509_POLICY_NODE, (cmp)) +#define sk_X509_POLICY_NODE_new_null() SKM_sk_new_null(X509_POLICY_NODE) +#define sk_X509_POLICY_NODE_free(st) SKM_sk_free(X509_POLICY_NODE, (st)) +#define sk_X509_POLICY_NODE_num(st) SKM_sk_num(X509_POLICY_NODE, (st)) +#define sk_X509_POLICY_NODE_value(st, i) SKM_sk_value(X509_POLICY_NODE, (st), (i)) +#define sk_X509_POLICY_NODE_set(st, i, val) SKM_sk_set(X509_POLICY_NODE, (st), (i), (val)) +#define sk_X509_POLICY_NODE_zero(st) SKM_sk_zero(X509_POLICY_NODE, (st)) +#define sk_X509_POLICY_NODE_push(st, val) SKM_sk_push(X509_POLICY_NODE, (st), (val)) +#define sk_X509_POLICY_NODE_unshift(st, val) SKM_sk_unshift(X509_POLICY_NODE, (st), (val)) +#define sk_X509_POLICY_NODE_find(st, val) SKM_sk_find(X509_POLICY_NODE, (st), (val)) +#define sk_X509_POLICY_NODE_find_ex(st, val) SKM_sk_find_ex(X509_POLICY_NODE, (st), (val)) +#define sk_X509_POLICY_NODE_delete(st, i) SKM_sk_delete(X509_POLICY_NODE, (st), (i)) +#define sk_X509_POLICY_NODE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_POLICY_NODE, (st), (ptr)) +#define sk_X509_POLICY_NODE_insert(st, val, i) SKM_sk_insert(X509_POLICY_NODE, (st), (val), (i)) +#define sk_X509_POLICY_NODE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_POLICY_NODE, (st), (cmp)) +#define sk_X509_POLICY_NODE_dup(st) SKM_sk_dup(X509_POLICY_NODE, st) +#define sk_X509_POLICY_NODE_pop_free(st, free_func) SKM_sk_pop_free(X509_POLICY_NODE, (st), (free_func)) +#define sk_X509_POLICY_NODE_shift(st) SKM_sk_shift(X509_POLICY_NODE, (st)) +#define sk_X509_POLICY_NODE_pop(st) SKM_sk_pop(X509_POLICY_NODE, (st)) +#define sk_X509_POLICY_NODE_sort(st) SKM_sk_sort(X509_POLICY_NODE, (st)) +#define sk_X509_POLICY_NODE_is_sorted(st) SKM_sk_is_sorted(X509_POLICY_NODE, (st)) + +#define sk_X509_PURPOSE_new(cmp) SKM_sk_new(X509_PURPOSE, (cmp)) #define sk_X509_PURPOSE_new_null() SKM_sk_new_null(X509_PURPOSE) #define sk_X509_PURPOSE_free(st) SKM_sk_free(X509_PURPOSE, (st)) #define sk_X509_PURPOSE_num(st) SKM_sk_num(X509_PURPOSE, (st)) @@ -1254,6 +1641,7 @@ STACK_OF(type) \ #define sk_X509_PURPOSE_push(st, val) SKM_sk_push(X509_PURPOSE, (st), (val)) #define sk_X509_PURPOSE_unshift(st, val) SKM_sk_unshift(X509_PURPOSE, (st), (val)) #define sk_X509_PURPOSE_find(st, val) SKM_sk_find(X509_PURPOSE, (st), (val)) +#define sk_X509_PURPOSE_find_ex(st, val) SKM_sk_find_ex(X509_PURPOSE, (st), (val)) #define sk_X509_PURPOSE_delete(st, i) SKM_sk_delete(X509_PURPOSE, (st), (i)) #define sk_X509_PURPOSE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_PURPOSE, (st), (ptr)) #define sk_X509_PURPOSE_insert(st, val, i) SKM_sk_insert(X509_PURPOSE, (st), (val), (i)) @@ -1263,8 +1651,9 @@ STACK_OF(type) \ #define sk_X509_PURPOSE_shift(st) SKM_sk_shift(X509_PURPOSE, (st)) #define sk_X509_PURPOSE_pop(st) SKM_sk_pop(X509_PURPOSE, (st)) #define sk_X509_PURPOSE_sort(st) SKM_sk_sort(X509_PURPOSE, (st)) +#define sk_X509_PURPOSE_is_sorted(st) SKM_sk_is_sorted(X509_PURPOSE, (st)) -#define sk_X509_REVOKED_new(st) SKM_sk_new(X509_REVOKED, (st)) +#define sk_X509_REVOKED_new(cmp) SKM_sk_new(X509_REVOKED, (cmp)) #define sk_X509_REVOKED_new_null() SKM_sk_new_null(X509_REVOKED) #define sk_X509_REVOKED_free(st) SKM_sk_free(X509_REVOKED, (st)) #define sk_X509_REVOKED_num(st) SKM_sk_num(X509_REVOKED, (st)) @@ -1274,6 +1663,7 @@ STACK_OF(type) \ #define sk_X509_REVOKED_push(st, val) SKM_sk_push(X509_REVOKED, (st), (val)) #define sk_X509_REVOKED_unshift(st, val) SKM_sk_unshift(X509_REVOKED, (st), (val)) #define sk_X509_REVOKED_find(st, val) SKM_sk_find(X509_REVOKED, (st), (val)) +#define sk_X509_REVOKED_find_ex(st, val) SKM_sk_find_ex(X509_REVOKED, (st), (val)) #define sk_X509_REVOKED_delete(st, i) SKM_sk_delete(X509_REVOKED, (st), (i)) #define sk_X509_REVOKED_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_REVOKED, (st), (ptr)) #define sk_X509_REVOKED_insert(st, val, i) SKM_sk_insert(X509_REVOKED, (st), (val), (i)) @@ -1283,8 +1673,9 @@ STACK_OF(type) \ #define sk_X509_REVOKED_shift(st) SKM_sk_shift(X509_REVOKED, (st)) #define sk_X509_REVOKED_pop(st) SKM_sk_pop(X509_REVOKED, (st)) #define sk_X509_REVOKED_sort(st) SKM_sk_sort(X509_REVOKED, (st)) +#define sk_X509_REVOKED_is_sorted(st) SKM_sk_is_sorted(X509_REVOKED, (st)) -#define sk_X509_TRUST_new(st) SKM_sk_new(X509_TRUST, (st)) +#define sk_X509_TRUST_new(cmp) SKM_sk_new(X509_TRUST, (cmp)) #define sk_X509_TRUST_new_null() SKM_sk_new_null(X509_TRUST) #define sk_X509_TRUST_free(st) SKM_sk_free(X509_TRUST, (st)) #define sk_X509_TRUST_num(st) SKM_sk_num(X509_TRUST, (st)) @@ -1294,6 +1685,7 @@ STACK_OF(type) \ #define sk_X509_TRUST_push(st, val) SKM_sk_push(X509_TRUST, (st), (val)) #define sk_X509_TRUST_unshift(st, val) SKM_sk_unshift(X509_TRUST, (st), (val)) #define sk_X509_TRUST_find(st, val) SKM_sk_find(X509_TRUST, (st), (val)) +#define sk_X509_TRUST_find_ex(st, val) SKM_sk_find_ex(X509_TRUST, (st), (val)) #define sk_X509_TRUST_delete(st, i) SKM_sk_delete(X509_TRUST, (st), (i)) #define sk_X509_TRUST_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_TRUST, (st), (ptr)) #define sk_X509_TRUST_insert(st, val, i) SKM_sk_insert(X509_TRUST, (st), (val), (i)) @@ -1303,210 +1695,378 @@ STACK_OF(type) \ #define sk_X509_TRUST_shift(st) SKM_sk_shift(X509_TRUST, (st)) #define sk_X509_TRUST_pop(st) SKM_sk_pop(X509_TRUST, (st)) #define sk_X509_TRUST_sort(st) SKM_sk_sort(X509_TRUST, (st)) - -#define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(ACCESS_DESCRIPTION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -#define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(ACCESS_DESCRIPTION, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -#define ASN1_seq_pack_ACCESS_DESCRIPTION(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(ACCESS_DESCRIPTION, (st), (i2d_func), (buf), (len)) -#define ASN1_seq_unpack_ACCESS_DESCRIPTION(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(ACCESS_DESCRIPTION, (buf), (len), (d2i_func), (free_func)) - -#define d2i_ASN1_SET_OF_ASN1_INTEGER(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(ASN1_INTEGER, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -#define i2d_ASN1_SET_OF_ASN1_INTEGER(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(ASN1_INTEGER, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -#define ASN1_seq_pack_ASN1_INTEGER(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(ASN1_INTEGER, (st), (i2d_func), (buf), (len)) -#define ASN1_seq_unpack_ASN1_INTEGER(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(ASN1_INTEGER, (buf), (len), (d2i_func), (free_func)) - -#define d2i_ASN1_SET_OF_ASN1_OBJECT(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(ASN1_OBJECT, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -#define i2d_ASN1_SET_OF_ASN1_OBJECT(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(ASN1_OBJECT, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -#define ASN1_seq_pack_ASN1_OBJECT(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(ASN1_OBJECT, (st), (i2d_func), (buf), (len)) -#define ASN1_seq_unpack_ASN1_OBJECT(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(ASN1_OBJECT, (buf), (len), (d2i_func), (free_func)) - -#define d2i_ASN1_SET_OF_ASN1_TYPE(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(ASN1_TYPE, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -#define i2d_ASN1_SET_OF_ASN1_TYPE(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(ASN1_TYPE, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -#define ASN1_seq_pack_ASN1_TYPE(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(ASN1_TYPE, (st), (i2d_func), (buf), (len)) -#define ASN1_seq_unpack_ASN1_TYPE(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(ASN1_TYPE, (buf), (len), (d2i_func), (free_func)) - -#define d2i_ASN1_SET_OF_DIST_POINT(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(DIST_POINT, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -#define i2d_ASN1_SET_OF_DIST_POINT(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(DIST_POINT, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -#define ASN1_seq_pack_DIST_POINT(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(DIST_POINT, (st), (i2d_func), (buf), (len)) -#define ASN1_seq_unpack_DIST_POINT(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(DIST_POINT, (buf), (len), (d2i_func), (free_func)) - -#define d2i_ASN1_SET_OF_GENERAL_NAME(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(GENERAL_NAME, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -#define i2d_ASN1_SET_OF_GENERAL_NAME(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(GENERAL_NAME, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -#define ASN1_seq_pack_GENERAL_NAME(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(GENERAL_NAME, (st), (i2d_func), (buf), (len)) -#define ASN1_seq_unpack_GENERAL_NAME(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(GENERAL_NAME, (buf), (len), (d2i_func), (free_func)) - -#define d2i_ASN1_SET_OF_OCSP_ONEREQ(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(OCSP_ONEREQ, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -#define i2d_ASN1_SET_OF_OCSP_ONEREQ(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(OCSP_ONEREQ, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -#define ASN1_seq_pack_OCSP_ONEREQ(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(OCSP_ONEREQ, (st), (i2d_func), (buf), (len)) -#define ASN1_seq_unpack_OCSP_ONEREQ(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(OCSP_ONEREQ, (buf), (len), (d2i_func), (free_func)) - -#define d2i_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(OCSP_SINGLERESP, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -#define i2d_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(OCSP_SINGLERESP, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -#define ASN1_seq_pack_OCSP_SINGLERESP(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(OCSP_SINGLERESP, (st), (i2d_func), (buf), (len)) -#define ASN1_seq_unpack_OCSP_SINGLERESP(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(OCSP_SINGLERESP, (buf), (len), (d2i_func), (free_func)) - -#define d2i_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(PKCS12_SAFEBAG, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -#define i2d_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(PKCS12_SAFEBAG, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -#define ASN1_seq_pack_PKCS12_SAFEBAG(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(PKCS12_SAFEBAG, (st), (i2d_func), (buf), (len)) -#define ASN1_seq_unpack_PKCS12_SAFEBAG(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(PKCS12_SAFEBAG, (buf), (len), (d2i_func), (free_func)) - -#define d2i_ASN1_SET_OF_PKCS7(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(PKCS7, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -#define i2d_ASN1_SET_OF_PKCS7(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(PKCS7, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -#define ASN1_seq_pack_PKCS7(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(PKCS7, (st), (i2d_func), (buf), (len)) -#define ASN1_seq_unpack_PKCS7(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(PKCS7, (buf), (len), (d2i_func), (free_func)) - -#define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(PKCS7_RECIP_INFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -#define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(PKCS7_RECIP_INFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -#define ASN1_seq_pack_PKCS7_RECIP_INFO(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(PKCS7_RECIP_INFO, (st), (i2d_func), (buf), (len)) -#define ASN1_seq_unpack_PKCS7_RECIP_INFO(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(PKCS7_RECIP_INFO, (buf), (len), (d2i_func), (free_func)) - -#define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(PKCS7_SIGNER_INFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -#define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(PKCS7_SIGNER_INFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -#define ASN1_seq_pack_PKCS7_SIGNER_INFO(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(PKCS7_SIGNER_INFO, (st), (i2d_func), (buf), (len)) -#define ASN1_seq_unpack_PKCS7_SIGNER_INFO(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(PKCS7_SIGNER_INFO, (buf), (len), (d2i_func), (free_func)) - -#define d2i_ASN1_SET_OF_POLICYINFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(POLICYINFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -#define i2d_ASN1_SET_OF_POLICYINFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(POLICYINFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -#define ASN1_seq_pack_POLICYINFO(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(POLICYINFO, (st), (i2d_func), (buf), (len)) -#define ASN1_seq_unpack_POLICYINFO(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(POLICYINFO, (buf), (len), (d2i_func), (free_func)) - -#define d2i_ASN1_SET_OF_POLICYQUALINFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(POLICYQUALINFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -#define i2d_ASN1_SET_OF_POLICYQUALINFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(POLICYQUALINFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -#define ASN1_seq_pack_POLICYQUALINFO(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(POLICYQUALINFO, (st), (i2d_func), (buf), (len)) -#define ASN1_seq_unpack_POLICYQUALINFO(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(POLICYQUALINFO, (buf), (len), (d2i_func), (free_func)) - -#define d2i_ASN1_SET_OF_SXNETID(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(SXNETID, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -#define i2d_ASN1_SET_OF_SXNETID(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(SXNETID, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -#define ASN1_seq_pack_SXNETID(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(SXNETID, (st), (i2d_func), (buf), (len)) -#define ASN1_seq_unpack_SXNETID(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(SXNETID, (buf), (len), (d2i_func), (free_func)) - -#define d2i_ASN1_SET_OF_X509(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(X509, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -#define i2d_ASN1_SET_OF_X509(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(X509, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -#define ASN1_seq_pack_X509(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(X509, (st), (i2d_func), (buf), (len)) -#define ASN1_seq_unpack_X509(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(X509, (buf), (len), (d2i_func), (free_func)) - -#define d2i_ASN1_SET_OF_X509_ALGOR(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(X509_ALGOR, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -#define i2d_ASN1_SET_OF_X509_ALGOR(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(X509_ALGOR, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -#define ASN1_seq_pack_X509_ALGOR(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(X509_ALGOR, (st), (i2d_func), (buf), (len)) -#define ASN1_seq_unpack_X509_ALGOR(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(X509_ALGOR, (buf), (len), (d2i_func), (free_func)) - -#define d2i_ASN1_SET_OF_X509_ATTRIBUTE(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(X509_ATTRIBUTE, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -#define i2d_ASN1_SET_OF_X509_ATTRIBUTE(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(X509_ATTRIBUTE, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -#define ASN1_seq_pack_X509_ATTRIBUTE(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(X509_ATTRIBUTE, (st), (i2d_func), (buf), (len)) -#define ASN1_seq_unpack_X509_ATTRIBUTE(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(X509_ATTRIBUTE, (buf), (len), (d2i_func), (free_func)) - -#define d2i_ASN1_SET_OF_X509_CRL(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(X509_CRL, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -#define i2d_ASN1_SET_OF_X509_CRL(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(X509_CRL, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -#define ASN1_seq_pack_X509_CRL(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(X509_CRL, (st), (i2d_func), (buf), (len)) -#define ASN1_seq_unpack_X509_CRL(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(X509_CRL, (buf), (len), (d2i_func), (free_func)) - -#define d2i_ASN1_SET_OF_X509_EXTENSION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(X509_EXTENSION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -#define i2d_ASN1_SET_OF_X509_EXTENSION(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(X509_EXTENSION, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -#define ASN1_seq_pack_X509_EXTENSION(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(X509_EXTENSION, (st), (i2d_func), (buf), (len)) -#define ASN1_seq_unpack_X509_EXTENSION(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(X509_EXTENSION, (buf), (len), (d2i_func), (free_func)) - -#define d2i_ASN1_SET_OF_X509_NAME_ENTRY(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(X509_NAME_ENTRY, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -#define i2d_ASN1_SET_OF_X509_NAME_ENTRY(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(X509_NAME_ENTRY, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -#define ASN1_seq_pack_X509_NAME_ENTRY(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(X509_NAME_ENTRY, (st), (i2d_func), (buf), (len)) -#define ASN1_seq_unpack_X509_NAME_ENTRY(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(X509_NAME_ENTRY, (buf), (len), (d2i_func), (free_func)) - -#define d2i_ASN1_SET_OF_X509_REVOKED(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(X509_REVOKED, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -#define i2d_ASN1_SET_OF_X509_REVOKED(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(X509_REVOKED, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -#define ASN1_seq_pack_X509_REVOKED(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(X509_REVOKED, (st), (i2d_func), (buf), (len)) -#define ASN1_seq_unpack_X509_REVOKED(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(X509_REVOKED, (buf), (len), (d2i_func), (free_func)) - -#define PKCS12_decrypt_d2i_PKCS12_SAFEBAG(algor, d2i_func, free_func, pass, passlen, oct, seq) \ - SKM_PKCS12_decrypt_d2i(PKCS12_SAFEBAG, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq)) - -#define PKCS12_decrypt_d2i_PKCS7(algor, d2i_func, free_func, pass, passlen, oct, seq) \ - SKM_PKCS12_decrypt_d2i(PKCS7, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq)) -/* End of util/mkstack.pl block, you may now edit :-) */ +#define sk_X509_TRUST_is_sorted(st) SKM_sk_is_sorted(X509_TRUST, (st)) + +#define sk_X509_VERIFY_PARAM_new(cmp) SKM_sk_new(X509_VERIFY_PARAM, (cmp)) +#define sk_X509_VERIFY_PARAM_new_null() SKM_sk_new_null(X509_VERIFY_PARAM) +#define sk_X509_VERIFY_PARAM_free(st) SKM_sk_free(X509_VERIFY_PARAM, (st)) +#define sk_X509_VERIFY_PARAM_num(st) SKM_sk_num(X509_VERIFY_PARAM, (st)) +#define sk_X509_VERIFY_PARAM_value(st, i) SKM_sk_value(X509_VERIFY_PARAM, (st), (i)) +#define sk_X509_VERIFY_PARAM_set(st, i, val) SKM_sk_set(X509_VERIFY_PARAM, (st), (i), (val)) +#define sk_X509_VERIFY_PARAM_zero(st) SKM_sk_zero(X509_VERIFY_PARAM, (st)) +#define sk_X509_VERIFY_PARAM_push(st, val) SKM_sk_push(X509_VERIFY_PARAM, (st), (val)) +#define sk_X509_VERIFY_PARAM_unshift(st, val) SKM_sk_unshift(X509_VERIFY_PARAM, (st), (val)) +#define sk_X509_VERIFY_PARAM_find(st, val) SKM_sk_find(X509_VERIFY_PARAM, (st), (val)) +#define sk_X509_VERIFY_PARAM_find_ex(st, val) SKM_sk_find_ex(X509_VERIFY_PARAM, (st), (val)) +#define sk_X509_VERIFY_PARAM_delete(st, i) SKM_sk_delete(X509_VERIFY_PARAM, (st), (i)) +#define sk_X509_VERIFY_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_VERIFY_PARAM, (st), (ptr)) +#define sk_X509_VERIFY_PARAM_insert(st, val, i) SKM_sk_insert(X509_VERIFY_PARAM, (st), (val), (i)) +#define sk_X509_VERIFY_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_VERIFY_PARAM, (st), (cmp)) +#define sk_X509_VERIFY_PARAM_dup(st) SKM_sk_dup(X509_VERIFY_PARAM, st) +#define sk_X509_VERIFY_PARAM_pop_free(st, free_func) SKM_sk_pop_free(X509_VERIFY_PARAM, (st), (free_func)) +#define sk_X509_VERIFY_PARAM_shift(st) SKM_sk_shift(X509_VERIFY_PARAM, (st)) +#define sk_X509_VERIFY_PARAM_pop(st) SKM_sk_pop(X509_VERIFY_PARAM, (st)) +#define sk_X509_VERIFY_PARAM_sort(st) SKM_sk_sort(X509_VERIFY_PARAM, (st)) +#define sk_X509_VERIFY_PARAM_is_sorted(st) SKM_sk_is_sorted(X509_VERIFY_PARAM, (st)) + +#define sk_nid_triple_new(cmp) SKM_sk_new(nid_triple, (cmp)) +#define sk_nid_triple_new_null() SKM_sk_new_null(nid_triple) +#define sk_nid_triple_free(st) SKM_sk_free(nid_triple, (st)) +#define sk_nid_triple_num(st) SKM_sk_num(nid_triple, (st)) +#define sk_nid_triple_value(st, i) SKM_sk_value(nid_triple, (st), (i)) +#define sk_nid_triple_set(st, i, val) SKM_sk_set(nid_triple, (st), (i), (val)) +#define sk_nid_triple_zero(st) SKM_sk_zero(nid_triple, (st)) +#define sk_nid_triple_push(st, val) SKM_sk_push(nid_triple, (st), (val)) +#define sk_nid_triple_unshift(st, val) SKM_sk_unshift(nid_triple, (st), (val)) +#define sk_nid_triple_find(st, val) SKM_sk_find(nid_triple, (st), (val)) +#define sk_nid_triple_find_ex(st, val) SKM_sk_find_ex(nid_triple, (st), (val)) +#define sk_nid_triple_delete(st, i) SKM_sk_delete(nid_triple, (st), (i)) +#define sk_nid_triple_delete_ptr(st, ptr) SKM_sk_delete_ptr(nid_triple, (st), (ptr)) +#define sk_nid_triple_insert(st, val, i) SKM_sk_insert(nid_triple, (st), (val), (i)) +#define sk_nid_triple_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(nid_triple, (st), (cmp)) +#define sk_nid_triple_dup(st) SKM_sk_dup(nid_triple, st) +#define sk_nid_triple_pop_free(st, free_func) SKM_sk_pop_free(nid_triple, (st), (free_func)) +#define sk_nid_triple_shift(st) SKM_sk_shift(nid_triple, (st)) +#define sk_nid_triple_pop(st) SKM_sk_pop(nid_triple, (st)) +#define sk_nid_triple_sort(st) SKM_sk_sort(nid_triple, (st)) +#define sk_nid_triple_is_sorted(st) SKM_sk_is_sorted(nid_triple, (st)) + +#define sk_void_new(cmp) SKM_sk_new(void, (cmp)) +#define sk_void_new_null() SKM_sk_new_null(void) +#define sk_void_free(st) SKM_sk_free(void, (st)) +#define sk_void_num(st) SKM_sk_num(void, (st)) +#define sk_void_value(st, i) SKM_sk_value(void, (st), (i)) +#define sk_void_set(st, i, val) SKM_sk_set(void, (st), (i), (val)) +#define sk_void_zero(st) SKM_sk_zero(void, (st)) +#define sk_void_push(st, val) SKM_sk_push(void, (st), (val)) +#define sk_void_unshift(st, val) SKM_sk_unshift(void, (st), (val)) +#define sk_void_find(st, val) SKM_sk_find(void, (st), (val)) +#define sk_void_find_ex(st, val) SKM_sk_find_ex(void, (st), (val)) +#define sk_void_delete(st, i) SKM_sk_delete(void, (st), (i)) +#define sk_void_delete_ptr(st, ptr) SKM_sk_delete_ptr(void, (st), (ptr)) +#define sk_void_insert(st, val, i) SKM_sk_insert(void, (st), (val), (i)) +#define sk_void_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(void, (st), (cmp)) +#define sk_void_dup(st) SKM_sk_dup(void, st) +#define sk_void_pop_free(st, free_func) SKM_sk_pop_free(void, (st), (free_func)) +#define sk_void_shift(st) SKM_sk_shift(void, (st)) +#define sk_void_pop(st) SKM_sk_pop(void, (st)) +#define sk_void_sort(st) SKM_sk_sort(void, (st)) +#define sk_void_is_sorted(st) SKM_sk_is_sorted(void, (st)) + +#define sk_OPENSSL_STRING_new(cmp) ((STACK_OF(OPENSSL_STRING) *)sk_new(CHECKED_SK_CMP_FUNC(char, cmp))) +#define sk_OPENSSL_STRING_new_null() ((STACK_OF(OPENSSL_STRING) *)sk_new_null()) +#define sk_OPENSSL_STRING_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val)) +#define sk_OPENSSL_STRING_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val)) +#define sk_OPENSSL_STRING_value(st, i) ((OPENSSL_STRING)sk_value(CHECKED_STACK_OF(OPENSSL_STRING, st), i)) +#define sk_OPENSSL_STRING_num(st) SKM_sk_num(OPENSSL_STRING, st) +#define sk_OPENSSL_STRING_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_SK_FREE_FUNC2(OPENSSL_STRING, free_func)) +#define sk_OPENSSL_STRING_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val), i) +#define sk_OPENSSL_STRING_free(st) SKM_sk_free(OPENSSL_STRING, st) +#define sk_OPENSSL_STRING_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_STRING, st), i, CHECKED_PTR_OF(char, val)) +#define sk_OPENSSL_STRING_zero(st) SKM_sk_zero(OPENSSL_STRING, (st)) +#define sk_OPENSSL_STRING_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val)) +#define sk_OPENSSL_STRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_STRING), st), CHECKED_CONST_PTR_OF(char, val)) +#define sk_OPENSSL_STRING_delete(st, i) SKM_sk_delete(OPENSSL_STRING, (st), (i)) +#define sk_OPENSSL_STRING_delete_ptr(st, ptr) (OPENSSL_STRING *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, ptr)) +#define sk_OPENSSL_STRING_set_cmp_func(st, cmp) \ + ((int (*)(const char * const *,const char * const *)) \ + sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_SK_CMP_FUNC(char, cmp))) +#define sk_OPENSSL_STRING_dup(st) SKM_sk_dup(OPENSSL_STRING, st) +#define sk_OPENSSL_STRING_shift(st) SKM_sk_shift(OPENSSL_STRING, (st)) +#define sk_OPENSSL_STRING_pop(st) (char *)sk_pop(CHECKED_STACK_OF(OPENSSL_STRING, st)) +#define sk_OPENSSL_STRING_sort(st) SKM_sk_sort(OPENSSL_STRING, (st)) +#define sk_OPENSSL_STRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_STRING, (st)) + +#define sk_OPENSSL_BLOCK_new(cmp) ((STACK_OF(OPENSSL_BLOCK) *)sk_new(CHECKED_SK_CMP_FUNC(void, cmp))) +#define sk_OPENSSL_BLOCK_new_null() ((STACK_OF(OPENSSL_BLOCK) *)sk_new_null()) +#define sk_OPENSSL_BLOCK_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val)) +#define sk_OPENSSL_BLOCK_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val)) +#define sk_OPENSSL_BLOCK_value(st, i) ((OPENSSL_BLOCK)sk_value(CHECKED_STACK_OF(OPENSSL_BLOCK, st), i)) +#define sk_OPENSSL_BLOCK_num(st) SKM_sk_num(OPENSSL_BLOCK, st) +#define sk_OPENSSL_BLOCK_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_SK_FREE_FUNC2(OPENSSL_BLOCK, free_func)) +#define sk_OPENSSL_BLOCK_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val), i) +#define sk_OPENSSL_BLOCK_free(st) SKM_sk_free(OPENSSL_BLOCK, st) +#define sk_OPENSSL_BLOCK_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_BLOCK, st), i, CHECKED_PTR_OF(void, val)) +#define sk_OPENSSL_BLOCK_zero(st) SKM_sk_zero(OPENSSL_BLOCK, (st)) +#define sk_OPENSSL_BLOCK_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val)) +#define sk_OPENSSL_BLOCK_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_BLOCK), st), CHECKED_CONST_PTR_OF(void, val)) +#define sk_OPENSSL_BLOCK_delete(st, i) SKM_sk_delete(OPENSSL_BLOCK, (st), (i)) +#define sk_OPENSSL_BLOCK_delete_ptr(st, ptr) (OPENSSL_BLOCK *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, ptr)) +#define sk_OPENSSL_BLOCK_set_cmp_func(st, cmp) \ + ((int (*)(const void * const *,const void * const *)) \ + sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_SK_CMP_FUNC(void, cmp))) +#define sk_OPENSSL_BLOCK_dup(st) SKM_sk_dup(OPENSSL_BLOCK, st) +#define sk_OPENSSL_BLOCK_shift(st) SKM_sk_shift(OPENSSL_BLOCK, (st)) +#define sk_OPENSSL_BLOCK_pop(st) (void *)sk_pop(CHECKED_STACK_OF(OPENSSL_BLOCK, st)) +#define sk_OPENSSL_BLOCK_sort(st) SKM_sk_sort(OPENSSL_BLOCK, (st)) +#define sk_OPENSSL_BLOCK_is_sorted(st) SKM_sk_is_sorted(OPENSSL_BLOCK, (st)) + +#define sk_OPENSSL_PSTRING_new(cmp) ((STACK_OF(OPENSSL_PSTRING) *)sk_new(CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp))) +#define sk_OPENSSL_PSTRING_new_null() ((STACK_OF(OPENSSL_PSTRING) *)sk_new_null()) +#define sk_OPENSSL_PSTRING_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val)) +#define sk_OPENSSL_PSTRING_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val)) +#define sk_OPENSSL_PSTRING_value(st, i) ((OPENSSL_PSTRING)sk_value(CHECKED_STACK_OF(OPENSSL_PSTRING, st), i)) +#define sk_OPENSSL_PSTRING_num(st) SKM_sk_num(OPENSSL_PSTRING, st) +#define sk_OPENSSL_PSTRING_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_FREE_FUNC2(OPENSSL_PSTRING, free_func)) +#define sk_OPENSSL_PSTRING_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val), i) +#define sk_OPENSSL_PSTRING_free(st) SKM_sk_free(OPENSSL_PSTRING, st) +#define sk_OPENSSL_PSTRING_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_PSTRING, st), i, CHECKED_PTR_OF(OPENSSL_STRING, val)) +#define sk_OPENSSL_PSTRING_zero(st) SKM_sk_zero(OPENSSL_PSTRING, (st)) +#define sk_OPENSSL_PSTRING_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val)) +#define sk_OPENSSL_PSTRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_CONST_PTR_OF(OPENSSL_STRING, val)) +#define sk_OPENSSL_PSTRING_delete(st, i) SKM_sk_delete(OPENSSL_PSTRING, (st), (i)) +#define sk_OPENSSL_PSTRING_delete_ptr(st, ptr) (OPENSSL_PSTRING *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, ptr)) +#define sk_OPENSSL_PSTRING_set_cmp_func(st, cmp) \ + ((int (*)(const OPENSSL_STRING * const *,const OPENSSL_STRING * const *)) \ + sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp))) +#define sk_OPENSSL_PSTRING_dup(st) SKM_sk_dup(OPENSSL_PSTRING, st) +#define sk_OPENSSL_PSTRING_shift(st) SKM_sk_shift(OPENSSL_PSTRING, (st)) +#define sk_OPENSSL_PSTRING_pop(st) (OPENSSL_STRING *)sk_pop(CHECKED_STACK_OF(OPENSSL_PSTRING, st)) +#define sk_OPENSSL_PSTRING_sort(st) SKM_sk_sort(OPENSSL_PSTRING, (st)) +#define sk_OPENSSL_PSTRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_PSTRING, (st)) + +#define lh_ADDED_OBJ_new() LHM_lh_new(ADDED_OBJ,added_obj) +#define lh_ADDED_OBJ_insert(lh,inst) LHM_lh_insert(ADDED_OBJ,lh,inst) +#define lh_ADDED_OBJ_retrieve(lh,inst) LHM_lh_retrieve(ADDED_OBJ,lh,inst) +#define lh_ADDED_OBJ_delete(lh,inst) LHM_lh_delete(ADDED_OBJ,lh,inst) +#define lh_ADDED_OBJ_doall(lh,fn) LHM_lh_doall(ADDED_OBJ,lh,fn) +#define lh_ADDED_OBJ_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(ADDED_OBJ,lh,fn,arg_type,arg) +#define lh_ADDED_OBJ_error(lh) LHM_lh_error(ADDED_OBJ,lh) +#define lh_ADDED_OBJ_num_items(lh) LHM_lh_num_items(ADDED_OBJ,lh) +#define lh_ADDED_OBJ_down_load(lh) LHM_lh_down_load(ADDED_OBJ,lh) +#define lh_ADDED_OBJ_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(ADDED_OBJ,lh,out) +#define lh_ADDED_OBJ_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(ADDED_OBJ,lh,out) +#define lh_ADDED_OBJ_stats_bio(lh,out) \ + LHM_lh_stats_bio(ADDED_OBJ,lh,out) +#define lh_ADDED_OBJ_free(lh) LHM_lh_free(ADDED_OBJ,lh) + +#define lh_APP_INFO_new() LHM_lh_new(APP_INFO,app_info) +#define lh_APP_INFO_insert(lh,inst) LHM_lh_insert(APP_INFO,lh,inst) +#define lh_APP_INFO_retrieve(lh,inst) LHM_lh_retrieve(APP_INFO,lh,inst) +#define lh_APP_INFO_delete(lh,inst) LHM_lh_delete(APP_INFO,lh,inst) +#define lh_APP_INFO_doall(lh,fn) LHM_lh_doall(APP_INFO,lh,fn) +#define lh_APP_INFO_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(APP_INFO,lh,fn,arg_type,arg) +#define lh_APP_INFO_error(lh) LHM_lh_error(APP_INFO,lh) +#define lh_APP_INFO_num_items(lh) LHM_lh_num_items(APP_INFO,lh) +#define lh_APP_INFO_down_load(lh) LHM_lh_down_load(APP_INFO,lh) +#define lh_APP_INFO_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(APP_INFO,lh,out) +#define lh_APP_INFO_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(APP_INFO,lh,out) +#define lh_APP_INFO_stats_bio(lh,out) \ + LHM_lh_stats_bio(APP_INFO,lh,out) +#define lh_APP_INFO_free(lh) LHM_lh_free(APP_INFO,lh) + +#define lh_CONF_VALUE_new() LHM_lh_new(CONF_VALUE,conf_value) +#define lh_CONF_VALUE_insert(lh,inst) LHM_lh_insert(CONF_VALUE,lh,inst) +#define lh_CONF_VALUE_retrieve(lh,inst) LHM_lh_retrieve(CONF_VALUE,lh,inst) +#define lh_CONF_VALUE_delete(lh,inst) LHM_lh_delete(CONF_VALUE,lh,inst) +#define lh_CONF_VALUE_doall(lh,fn) LHM_lh_doall(CONF_VALUE,lh,fn) +#define lh_CONF_VALUE_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(CONF_VALUE,lh,fn,arg_type,arg) +#define lh_CONF_VALUE_error(lh) LHM_lh_error(CONF_VALUE,lh) +#define lh_CONF_VALUE_num_items(lh) LHM_lh_num_items(CONF_VALUE,lh) +#define lh_CONF_VALUE_down_load(lh) LHM_lh_down_load(CONF_VALUE,lh) +#define lh_CONF_VALUE_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(CONF_VALUE,lh,out) +#define lh_CONF_VALUE_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(CONF_VALUE,lh,out) +#define lh_CONF_VALUE_stats_bio(lh,out) \ + LHM_lh_stats_bio(CONF_VALUE,lh,out) +#define lh_CONF_VALUE_free(lh) LHM_lh_free(CONF_VALUE,lh) + +#define lh_ENGINE_PILE_new() LHM_lh_new(ENGINE_PILE,engine_pile) +#define lh_ENGINE_PILE_insert(lh,inst) LHM_lh_insert(ENGINE_PILE,lh,inst) +#define lh_ENGINE_PILE_retrieve(lh,inst) LHM_lh_retrieve(ENGINE_PILE,lh,inst) +#define lh_ENGINE_PILE_delete(lh,inst) LHM_lh_delete(ENGINE_PILE,lh,inst) +#define lh_ENGINE_PILE_doall(lh,fn) LHM_lh_doall(ENGINE_PILE,lh,fn) +#define lh_ENGINE_PILE_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(ENGINE_PILE,lh,fn,arg_type,arg) +#define lh_ENGINE_PILE_error(lh) LHM_lh_error(ENGINE_PILE,lh) +#define lh_ENGINE_PILE_num_items(lh) LHM_lh_num_items(ENGINE_PILE,lh) +#define lh_ENGINE_PILE_down_load(lh) LHM_lh_down_load(ENGINE_PILE,lh) +#define lh_ENGINE_PILE_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(ENGINE_PILE,lh,out) +#define lh_ENGINE_PILE_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(ENGINE_PILE,lh,out) +#define lh_ENGINE_PILE_stats_bio(lh,out) \ + LHM_lh_stats_bio(ENGINE_PILE,lh,out) +#define lh_ENGINE_PILE_free(lh) LHM_lh_free(ENGINE_PILE,lh) + +#define lh_ERR_STATE_new() LHM_lh_new(ERR_STATE,err_state) +#define lh_ERR_STATE_insert(lh,inst) LHM_lh_insert(ERR_STATE,lh,inst) +#define lh_ERR_STATE_retrieve(lh,inst) LHM_lh_retrieve(ERR_STATE,lh,inst) +#define lh_ERR_STATE_delete(lh,inst) LHM_lh_delete(ERR_STATE,lh,inst) +#define lh_ERR_STATE_doall(lh,fn) LHM_lh_doall(ERR_STATE,lh,fn) +#define lh_ERR_STATE_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(ERR_STATE,lh,fn,arg_type,arg) +#define lh_ERR_STATE_error(lh) LHM_lh_error(ERR_STATE,lh) +#define lh_ERR_STATE_num_items(lh) LHM_lh_num_items(ERR_STATE,lh) +#define lh_ERR_STATE_down_load(lh) LHM_lh_down_load(ERR_STATE,lh) +#define lh_ERR_STATE_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(ERR_STATE,lh,out) +#define lh_ERR_STATE_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(ERR_STATE,lh,out) +#define lh_ERR_STATE_stats_bio(lh,out) \ + LHM_lh_stats_bio(ERR_STATE,lh,out) +#define lh_ERR_STATE_free(lh) LHM_lh_free(ERR_STATE,lh) + +#define lh_ERR_STRING_DATA_new() LHM_lh_new(ERR_STRING_DATA,err_string_data) +#define lh_ERR_STRING_DATA_insert(lh,inst) LHM_lh_insert(ERR_STRING_DATA,lh,inst) +#define lh_ERR_STRING_DATA_retrieve(lh,inst) LHM_lh_retrieve(ERR_STRING_DATA,lh,inst) +#define lh_ERR_STRING_DATA_delete(lh,inst) LHM_lh_delete(ERR_STRING_DATA,lh,inst) +#define lh_ERR_STRING_DATA_doall(lh,fn) LHM_lh_doall(ERR_STRING_DATA,lh,fn) +#define lh_ERR_STRING_DATA_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(ERR_STRING_DATA,lh,fn,arg_type,arg) +#define lh_ERR_STRING_DATA_error(lh) LHM_lh_error(ERR_STRING_DATA,lh) +#define lh_ERR_STRING_DATA_num_items(lh) LHM_lh_num_items(ERR_STRING_DATA,lh) +#define lh_ERR_STRING_DATA_down_load(lh) LHM_lh_down_load(ERR_STRING_DATA,lh) +#define lh_ERR_STRING_DATA_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(ERR_STRING_DATA,lh,out) +#define lh_ERR_STRING_DATA_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(ERR_STRING_DATA,lh,out) +#define lh_ERR_STRING_DATA_stats_bio(lh,out) \ + LHM_lh_stats_bio(ERR_STRING_DATA,lh,out) +#define lh_ERR_STRING_DATA_free(lh) LHM_lh_free(ERR_STRING_DATA,lh) + +#define lh_EX_CLASS_ITEM_new() LHM_lh_new(EX_CLASS_ITEM,ex_class_item) +#define lh_EX_CLASS_ITEM_insert(lh,inst) LHM_lh_insert(EX_CLASS_ITEM,lh,inst) +#define lh_EX_CLASS_ITEM_retrieve(lh,inst) LHM_lh_retrieve(EX_CLASS_ITEM,lh,inst) +#define lh_EX_CLASS_ITEM_delete(lh,inst) LHM_lh_delete(EX_CLASS_ITEM,lh,inst) +#define lh_EX_CLASS_ITEM_doall(lh,fn) LHM_lh_doall(EX_CLASS_ITEM,lh,fn) +#define lh_EX_CLASS_ITEM_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(EX_CLASS_ITEM,lh,fn,arg_type,arg) +#define lh_EX_CLASS_ITEM_error(lh) LHM_lh_error(EX_CLASS_ITEM,lh) +#define lh_EX_CLASS_ITEM_num_items(lh) LHM_lh_num_items(EX_CLASS_ITEM,lh) +#define lh_EX_CLASS_ITEM_down_load(lh) LHM_lh_down_load(EX_CLASS_ITEM,lh) +#define lh_EX_CLASS_ITEM_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(EX_CLASS_ITEM,lh,out) +#define lh_EX_CLASS_ITEM_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(EX_CLASS_ITEM,lh,out) +#define lh_EX_CLASS_ITEM_stats_bio(lh,out) \ + LHM_lh_stats_bio(EX_CLASS_ITEM,lh,out) +#define lh_EX_CLASS_ITEM_free(lh) LHM_lh_free(EX_CLASS_ITEM,lh) + +#define lh_FUNCTION_new() LHM_lh_new(FUNCTION,function) +#define lh_FUNCTION_insert(lh,inst) LHM_lh_insert(FUNCTION,lh,inst) +#define lh_FUNCTION_retrieve(lh,inst) LHM_lh_retrieve(FUNCTION,lh,inst) +#define lh_FUNCTION_delete(lh,inst) LHM_lh_delete(FUNCTION,lh,inst) +#define lh_FUNCTION_doall(lh,fn) LHM_lh_doall(FUNCTION,lh,fn) +#define lh_FUNCTION_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(FUNCTION,lh,fn,arg_type,arg) +#define lh_FUNCTION_error(lh) LHM_lh_error(FUNCTION,lh) +#define lh_FUNCTION_num_items(lh) LHM_lh_num_items(FUNCTION,lh) +#define lh_FUNCTION_down_load(lh) LHM_lh_down_load(FUNCTION,lh) +#define lh_FUNCTION_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(FUNCTION,lh,out) +#define lh_FUNCTION_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(FUNCTION,lh,out) +#define lh_FUNCTION_stats_bio(lh,out) \ + LHM_lh_stats_bio(FUNCTION,lh,out) +#define lh_FUNCTION_free(lh) LHM_lh_free(FUNCTION,lh) + +#define lh_MEM_new() LHM_lh_new(MEM,mem) +#define lh_MEM_insert(lh,inst) LHM_lh_insert(MEM,lh,inst) +#define lh_MEM_retrieve(lh,inst) LHM_lh_retrieve(MEM,lh,inst) +#define lh_MEM_delete(lh,inst) LHM_lh_delete(MEM,lh,inst) +#define lh_MEM_doall(lh,fn) LHM_lh_doall(MEM,lh,fn) +#define lh_MEM_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(MEM,lh,fn,arg_type,arg) +#define lh_MEM_error(lh) LHM_lh_error(MEM,lh) +#define lh_MEM_num_items(lh) LHM_lh_num_items(MEM,lh) +#define lh_MEM_down_load(lh) LHM_lh_down_load(MEM,lh) +#define lh_MEM_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(MEM,lh,out) +#define lh_MEM_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(MEM,lh,out) +#define lh_MEM_stats_bio(lh,out) \ + LHM_lh_stats_bio(MEM,lh,out) +#define lh_MEM_free(lh) LHM_lh_free(MEM,lh) + +#define lh_OBJ_NAME_new() LHM_lh_new(OBJ_NAME,obj_name) +#define lh_OBJ_NAME_insert(lh,inst) LHM_lh_insert(OBJ_NAME,lh,inst) +#define lh_OBJ_NAME_retrieve(lh,inst) LHM_lh_retrieve(OBJ_NAME,lh,inst) +#define lh_OBJ_NAME_delete(lh,inst) LHM_lh_delete(OBJ_NAME,lh,inst) +#define lh_OBJ_NAME_doall(lh,fn) LHM_lh_doall(OBJ_NAME,lh,fn) +#define lh_OBJ_NAME_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(OBJ_NAME,lh,fn,arg_type,arg) +#define lh_OBJ_NAME_error(lh) LHM_lh_error(OBJ_NAME,lh) +#define lh_OBJ_NAME_num_items(lh) LHM_lh_num_items(OBJ_NAME,lh) +#define lh_OBJ_NAME_down_load(lh) LHM_lh_down_load(OBJ_NAME,lh) +#define lh_OBJ_NAME_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(OBJ_NAME,lh,out) +#define lh_OBJ_NAME_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(OBJ_NAME,lh,out) +#define lh_OBJ_NAME_stats_bio(lh,out) \ + LHM_lh_stats_bio(OBJ_NAME,lh,out) +#define lh_OBJ_NAME_free(lh) LHM_lh_free(OBJ_NAME,lh) + +#define lh_OPENSSL_CSTRING_new() LHM_lh_new(OPENSSL_CSTRING,openssl_cstring) +#define lh_OPENSSL_CSTRING_insert(lh,inst) LHM_lh_insert(OPENSSL_CSTRING,lh,inst) +#define lh_OPENSSL_CSTRING_retrieve(lh,inst) LHM_lh_retrieve(OPENSSL_CSTRING,lh,inst) +#define lh_OPENSSL_CSTRING_delete(lh,inst) LHM_lh_delete(OPENSSL_CSTRING,lh,inst) +#define lh_OPENSSL_CSTRING_doall(lh,fn) LHM_lh_doall(OPENSSL_CSTRING,lh,fn) +#define lh_OPENSSL_CSTRING_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(OPENSSL_CSTRING,lh,fn,arg_type,arg) +#define lh_OPENSSL_CSTRING_error(lh) LHM_lh_error(OPENSSL_CSTRING,lh) +#define lh_OPENSSL_CSTRING_num_items(lh) LHM_lh_num_items(OPENSSL_CSTRING,lh) +#define lh_OPENSSL_CSTRING_down_load(lh) LHM_lh_down_load(OPENSSL_CSTRING,lh) +#define lh_OPENSSL_CSTRING_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(OPENSSL_CSTRING,lh,out) +#define lh_OPENSSL_CSTRING_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(OPENSSL_CSTRING,lh,out) +#define lh_OPENSSL_CSTRING_stats_bio(lh,out) \ + LHM_lh_stats_bio(OPENSSL_CSTRING,lh,out) +#define lh_OPENSSL_CSTRING_free(lh) LHM_lh_free(OPENSSL_CSTRING,lh) + +#define lh_OPENSSL_STRING_new() LHM_lh_new(OPENSSL_STRING,openssl_string) +#define lh_OPENSSL_STRING_insert(lh,inst) LHM_lh_insert(OPENSSL_STRING,lh,inst) +#define lh_OPENSSL_STRING_retrieve(lh,inst) LHM_lh_retrieve(OPENSSL_STRING,lh,inst) +#define lh_OPENSSL_STRING_delete(lh,inst) LHM_lh_delete(OPENSSL_STRING,lh,inst) +#define lh_OPENSSL_STRING_doall(lh,fn) LHM_lh_doall(OPENSSL_STRING,lh,fn) +#define lh_OPENSSL_STRING_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(OPENSSL_STRING,lh,fn,arg_type,arg) +#define lh_OPENSSL_STRING_error(lh) LHM_lh_error(OPENSSL_STRING,lh) +#define lh_OPENSSL_STRING_num_items(lh) LHM_lh_num_items(OPENSSL_STRING,lh) +#define lh_OPENSSL_STRING_down_load(lh) LHM_lh_down_load(OPENSSL_STRING,lh) +#define lh_OPENSSL_STRING_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(OPENSSL_STRING,lh,out) +#define lh_OPENSSL_STRING_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(OPENSSL_STRING,lh,out) +#define lh_OPENSSL_STRING_stats_bio(lh,out) \ + LHM_lh_stats_bio(OPENSSL_STRING,lh,out) +#define lh_OPENSSL_STRING_free(lh) LHM_lh_free(OPENSSL_STRING,lh) + +#define lh_SSL_SESSION_new() LHM_lh_new(SSL_SESSION,ssl_session) +#define lh_SSL_SESSION_insert(lh,inst) LHM_lh_insert(SSL_SESSION,lh,inst) +#define lh_SSL_SESSION_retrieve(lh,inst) LHM_lh_retrieve(SSL_SESSION,lh,inst) +#define lh_SSL_SESSION_delete(lh,inst) LHM_lh_delete(SSL_SESSION,lh,inst) +#define lh_SSL_SESSION_doall(lh,fn) LHM_lh_doall(SSL_SESSION,lh,fn) +#define lh_SSL_SESSION_doall_arg(lh,fn,arg_type,arg) \ + LHM_lh_doall_arg(SSL_SESSION,lh,fn,arg_type,arg) +#define lh_SSL_SESSION_error(lh) LHM_lh_error(SSL_SESSION,lh) +#define lh_SSL_SESSION_num_items(lh) LHM_lh_num_items(SSL_SESSION,lh) +#define lh_SSL_SESSION_down_load(lh) LHM_lh_down_load(SSL_SESSION,lh) +#define lh_SSL_SESSION_node_stats_bio(lh,out) \ + LHM_lh_node_stats_bio(SSL_SESSION,lh,out) +#define lh_SSL_SESSION_node_usage_stats_bio(lh,out) \ + LHM_lh_node_usage_stats_bio(SSL_SESSION,lh,out) +#define lh_SSL_SESSION_stats_bio(lh,out) \ + LHM_lh_stats_bio(SSL_SESSION,lh,out) +#define lh_SSL_SESSION_free(lh) LHM_lh_free(SSL_SESSION,lh) #endif /* !defined HEADER_SAFESTACK_H */ diff --git a/src/lib/libcrypto/stack/stack.c b/src/lib/libcrypto/stack/stack.c index 2496f28a8c0..b76a0d7271c 100644 --- a/src/lib/libcrypto/stack/stack.c +++ b/src/lib/libcrypto/stack/stack.c @@ -1,25 +1,25 @@ -/* crypto/stack/stack.c */ +/* $OpenBSD: stack.c,v 1.20 2018/04/01 00:36:28 schwarze Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,286 +49,294 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ -/* Code for stacks - * Author - Eric Young v 1.0 - * 1.2 eay 12-Mar-97 - Modified sk_find so that it _DOES_ return the - * lowest index for the searched item. - * - * 1.1 eay - Take from netdb and added to SSLeay - * - * 1.0 eay - First version 29/07/92 - */ #include -#include "cryptlib.h" +#include + +#include #include #undef MIN_NODES #define MIN_NODES 4 -const char *STACK_version="Stack" OPENSSL_VERSION_PTEXT; - #include -int (*sk_set_cmp_func(STACK *sk, int (*c)(const char * const *,const char * const *))) - (const char * const *, const char * const *) - { - int (*old)(const char * const *,const char * const *)=sk->comp; +int +(*sk_set_cmp_func(_STACK *sk, int (*c)(const void *, const void *)))( + const void *, const void *) +{ + int (*old)(const void *, const void *) = sk->comp; if (sk->comp != c) - sk->sorted=0; - sk->comp=c; + sk->sorted = 0; + sk->comp = c; return old; - } +} -STACK *sk_dup(STACK *sk) - { - STACK *ret; +_STACK * +sk_dup(_STACK *sk) +{ + _STACK *ret; char **s; - if ((ret=sk_new(sk->comp)) == NULL) goto err; - s=(char **)OPENSSL_realloc((char *)ret->data, - (unsigned int)sizeof(char *)*sk->num_alloc); - if (s == NULL) goto err; - ret->data=s; - - ret->num=sk->num; - memcpy(ret->data,sk->data,sizeof(char *)*sk->num); - ret->sorted=sk->sorted; - ret->num_alloc=sk->num_alloc; - ret->comp=sk->comp; - return(ret); + if ((ret = sk_new(sk->comp)) == NULL) + goto err; + s = reallocarray(ret->data, sk->num_alloc, sizeof(char *)); + if (s == NULL) + goto err; + ret->data = s; + + ret->num = sk->num; + memcpy(ret->data, sk->data, sizeof(char *) * sk->num); + ret->sorted = sk->sorted; + ret->num_alloc = sk->num_alloc; + ret->comp = sk->comp; + return (ret); + err: - if(ret) + if (ret) sk_free(ret); - return(NULL); - } + return (NULL); +} -STACK *sk_new_null(void) - { - return sk_new((int (*)(const char * const *, const char * const *))0); - } +_STACK * +sk_new_null(void) +{ + return sk_new((int (*)(const void *, const void *))0); +} -STACK *sk_new(int (*c)(const char * const *, const char * const *)) - { - STACK *ret; +_STACK * +sk_new(int (*c)(const void *, const void *)) +{ + _STACK *ret; int i; - if ((ret=(STACK *)OPENSSL_malloc(sizeof(STACK))) == NULL) + if ((ret = malloc(sizeof(_STACK))) == NULL) goto err; - if ((ret->data=(char **)OPENSSL_malloc(sizeof(char *)*MIN_NODES)) == NULL) + if ((ret->data = reallocarray(NULL, MIN_NODES, sizeof(char *))) == NULL) goto err; - for (i=0; idata[i]=NULL; - ret->comp=c; - ret->num_alloc=MIN_NODES; - ret->num=0; - ret->sorted=0; - return(ret); + for (i = 0; i < MIN_NODES; i++) + ret->data[i] = NULL; + ret->comp = c; + ret->num_alloc = MIN_NODES; + ret->num = 0; + ret->sorted = 0; + return (ret); + err: - if(ret) - OPENSSL_free(ret); - return(NULL); - } + free(ret); + return (NULL); +} -int sk_insert(STACK *st, char *data, int loc) - { +int +sk_insert(_STACK *st, void *data, int loc) +{ char **s; - if(st == NULL) return 0; - if (st->num_alloc <= st->num+1) - { - s=(char **)OPENSSL_realloc((char *)st->data, - (unsigned int)sizeof(char *)*st->num_alloc*2); + if (st == NULL) + return 0; + if (st->num_alloc <= st->num + 1) { + s = reallocarray(st->data, st->num_alloc, 2 * sizeof(char *)); if (s == NULL) - return(0); - st->data=s; - st->num_alloc*=2; - } + return (0); + st->data = s; + st->num_alloc *= 2; + } if ((loc >= (int)st->num) || (loc < 0)) - st->data[st->num]=data; - else - { - int i; - char **f,**t; - - f=(char **)st->data; - t=(char **)&(st->data[1]); - for (i=st->num; i>=loc; i--) - t[i]=f[i]; - -#ifdef undef /* no memmove on sunos :-( */ - memmove( (char *)&(st->data[loc+1]), - (char *)&(st->data[loc]), - sizeof(char *)*(st->num-loc)); -#endif - st->data[loc]=data; - } - st->num++; - st->sorted=0; - return(st->num); + st->data[st->num] = data; + else { + memmove(&(st->data[loc + 1]), &(st->data[loc]), + sizeof(char *)*(st->num - loc)); + st->data[loc] = data; } + st->num++; + st->sorted = 0; + return (st->num); +} -char *sk_delete_ptr(STACK *st, char *p) - { +void * +sk_delete_ptr(_STACK *st, void *p) +{ int i; - for (i=0; inum; i++) + for (i = 0; i < st->num; i++) if (st->data[i] == p) - return(sk_delete(st,i)); - return(NULL); - } + return (sk_delete(st, i)); + return (NULL); +} -char *sk_delete(STACK *st, int loc) - { +void * +sk_delete(_STACK *st, int loc) +{ char *ret; - int i,j; - - if ((st == NULL) || (st->num == 0) || (loc < 0) - || (loc >= st->num)) return(NULL); - - ret=st->data[loc]; - if (loc != st->num-1) - { - j=st->num-1; - for (i=loc; idata[i]=st->data[i+1]; - /* In theory memcpy is not safe for this - * memcpy( &(st->data[loc]), - * &(st->data[loc+1]), - * sizeof(char *)*(st->num-loc-1)); - */ - } - st->num--; - return(ret); + + if (!st || (loc < 0) || (loc >= st->num)) + return NULL; + + ret = st->data[loc]; + if (loc != st->num - 1) { + memmove(&(st->data[loc]), &(st->data[loc + 1]), + sizeof(char *)*(st->num - 1 - loc)); } + st->num--; + return (ret); +} -int sk_find(STACK *st, char *data) - { - char **r; +static int +internal_find(_STACK *st, void *data, int ret_val_options) +{ + const void * const *r; int i; - int (*comp_func)(const void *,const void *); - if(st == NULL) return -1; - if (st->comp == NULL) - { - for (i=0; inum; i++) + if (st == NULL) + return -1; + + if (st->comp == NULL) { + for (i = 0; i < st->num; i++) if (st->data[i] == data) - return(i); - return(-1); - } - sk_sort(st); - if (data == NULL) return(-1); - /* This (and the "qsort" below) are the two places in OpenSSL - * where we need to convert from our standard (type **,type **) - * compare callback type to the (void *,void *) type required by - * bsearch. However, the "data" it is being called(back) with are - * not (type *) pointers, but the *pointers* to (type *) pointers, - * so we get our extra level of pointer dereferencing that way. */ - comp_func=(int (*)(const void *,const void *))(st->comp); - r=(char **)bsearch(&data,(char *)st->data, - st->num,sizeof(char *), comp_func); - if (r == NULL) return(-1); - i=(int)(r-st->data); - for ( ; i>0; i--) - /* This needs a cast because the type being pointed to from - * the "&" expressions are (char *) rather than (const char *). - * For an explanation, read: - * http://www.eskimo.com/~scs/C-faq/q11.10.html :-) */ - if ((*st->comp)((const char * const *)&(st->data[i-1]), - (const char * const *)&data) < 0) - break; - return(i); + return (i); + return (-1); } + sk_sort(st); + if (data == NULL) + return (-1); + r = OBJ_bsearch_ex_(&data, st->data, st->num, sizeof(void *), st->comp, + ret_val_options); + if (r == NULL) + return (-1); + return (int)((char **)r - st->data); +} -int sk_push(STACK *st, char *data) - { - return(sk_insert(st,data,st->num)); - } +int +sk_find(_STACK *st, void *data) +{ + return internal_find(st, data, OBJ_BSEARCH_FIRST_VALUE_ON_MATCH); +} -int sk_unshift(STACK *st, char *data) - { - return(sk_insert(st,data,0)); - } +int +sk_find_ex(_STACK *st, void *data) +{ + return internal_find(st, data, OBJ_BSEARCH_VALUE_ON_NOMATCH); +} -char *sk_shift(STACK *st) - { - if (st == NULL) return(NULL); - if (st->num <= 0) return(NULL); - return(sk_delete(st,0)); - } +int +sk_push(_STACK *st, void *data) +{ + return (sk_insert(st, data, st->num)); +} -char *sk_pop(STACK *st) - { - if (st == NULL) return(NULL); - if (st->num <= 0) return(NULL); - return(sk_delete(st,st->num-1)); - } +int +sk_unshift(_STACK *st, void *data) +{ + return (sk_insert(st, data, 0)); +} -void sk_zero(STACK *st) - { - if (st == NULL) return; - if (st->num <= 0) return; - memset((char *)st->data,0,sizeof(st->data)*st->num); - st->num=0; - } +void * +sk_shift(_STACK *st) +{ + if (st == NULL) + return (NULL); + if (st->num <= 0) + return (NULL); + return (sk_delete(st, 0)); +} + +void * +sk_pop(_STACK *st) +{ + if (st == NULL) + return (NULL); + if (st->num <= 0) + return (NULL); + return (sk_delete(st, st->num - 1)); +} -void sk_pop_free(STACK *st, void (*func)(void *)) - { +void +sk_zero(_STACK *st) +{ + if (st == NULL) + return; + if (st->num <= 0) + return; + memset(st->data, 0, sizeof(st->data)*st->num); + st->num = 0; +} + +void +sk_pop_free(_STACK *st, void (*func)(void *)) +{ int i; - if (st == NULL) return; - for (i=0; inum; i++) + if (st == NULL) + return; + for (i = 0; i < st->num; i++) if (st->data[i] != NULL) func(st->data[i]); sk_free(st); - } +} -void sk_free(STACK *st) - { - if (st == NULL) return; - if (st->data != NULL) OPENSSL_free(st->data); - OPENSSL_free(st); - } +void +sk_free(_STACK *st) +{ + if (st == NULL) + return; + free(st->data); + free(st); +} -int sk_num(const STACK *st) +int +sk_num(const _STACK *st) { - if(st == NULL) return -1; + if (st == NULL) + return -1; return st->num; } -char *sk_value(const STACK *st, int i) +void * +sk_value(const _STACK *st, int i) { - if(st == NULL) return NULL; + if (!st || (i < 0) || (i >= st->num)) + return NULL; return st->data[i]; } -char *sk_set(STACK *st, int i, char *value) +void * +sk_set(_STACK *st, int i, void *value) { - if(st == NULL) return NULL; + if (!st || (i < 0) || (i >= st->num)) + return NULL; + st->sorted = 0; return (st->data[i] = value); } -void sk_sort(STACK *st) - { - if (st && !st->sorted) - { - int (*comp_func)(const void *,const void *); +void +sk_sort(_STACK *st) +{ + if (st && !st->sorted) { + int (*comp_func)(const void *, const void *); /* same comment as in sk_find ... previously st->comp was declared * as a (void*,void*) callback type, but this made the population * of the callback pointer illogical - our callbacks compare * type** with type**, so we leave the casting until absolutely * necessary (ie. "now"). */ - comp_func=(int (*)(const void *,const void *))(st->comp); - qsort(st->data,st->num,sizeof(char *), comp_func); - st->sorted=1; - } + comp_func = (int (*)(const void *, const void *))(st->comp); + qsort(st->data, st->num, sizeof(char *), comp_func); + st->sorted = 1; } +} + +int +sk_is_sorted(const _STACK *st) +{ + if (!st) + return 1; + return st->sorted; +} diff --git a/src/lib/libcrypto/stack/stack.h b/src/lib/libcrypto/stack/stack.h index 8b436ca4b98..6bea6348f20 100644 --- a/src/lib/libcrypto/stack/stack.h +++ b/src/lib/libcrypto/stack/stack.h @@ -1,25 +1,25 @@ -/* crypto/stack/stack.h */ +/* $OpenBSD: stack.h,v 1.9 2014/06/12 15:49:30 deraadt Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -63,42 +63,42 @@ extern "C" { #endif -typedef struct stack_st - { +typedef struct stack_st { int num; char **data; int sorted; int num_alloc; - int (*comp)(const char * const *, const char * const *); - } STACK; + int (*comp)(const void *, const void *); +} _STACK; /* Use STACK_OF(...) instead */ #define M_sk_num(sk) ((sk) ? (sk)->num:-1) #define M_sk_value(sk,n) ((sk) ? (sk)->data[n] : NULL) -int sk_num(const STACK *); -char *sk_value(const STACK *, int); +int sk_num(const _STACK *); +void *sk_value(const _STACK *, int); -char *sk_set(STACK *, int, char *); +void *sk_set(_STACK *, int, void *); -STACK *sk_new(int (*cmp)(const char * const *, const char * const *)); -STACK *sk_new_null(void); -void sk_free(STACK *); -void sk_pop_free(STACK *st, void (*func)(void *)); -int sk_insert(STACK *sk,char *data,int where); -char *sk_delete(STACK *st,int loc); -char *sk_delete_ptr(STACK *st, char *p); -int sk_find(STACK *st,char *data); -int sk_push(STACK *st,char *data); -int sk_unshift(STACK *st,char *data); -char *sk_shift(STACK *st); -char *sk_pop(STACK *st); -void sk_zero(STACK *st); -int (*sk_set_cmp_func(STACK *sk, int (*c)(const char * const *, - const char * const *))) - (const char * const *, const char * const *); -STACK *sk_dup(STACK *st); -void sk_sort(STACK *st); +_STACK *sk_new(int (*cmp)(const void *, const void *)); +_STACK *sk_new_null(void); +void sk_free(_STACK *); +void sk_pop_free(_STACK *st, void (*func)(void *)); +int sk_insert(_STACK *sk, void *data, int where); +void *sk_delete(_STACK *st, int loc); +void *sk_delete_ptr(_STACK *st, void *p); +int sk_find(_STACK *st, void *data); +int sk_find_ex(_STACK *st, void *data); +int sk_push(_STACK *st, void *data); +int sk_unshift(_STACK *st, void *data); +void *sk_shift(_STACK *st); +void *sk_pop(_STACK *st); +void sk_zero(_STACK *st); +int (*sk_set_cmp_func(_STACK *sk, int (*c)(const void *, const void *)))( + const void *, const void *); +_STACK *sk_dup(_STACK *st); +void sk_sort(_STACK *st); +int sk_is_sorted(const _STACK *st); #ifdef __cplusplus } diff --git a/src/lib/libcrypto/symhacks.h b/src/lib/libcrypto/symhacks.h deleted file mode 100644 index de0f452b476..00000000000 --- a/src/lib/libcrypto/symhacks.h +++ /dev/null @@ -1,275 +0,0 @@ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#ifndef HEADER_SYMHACKS_H -#define HEADER_SYMHACKS_H - -#include - -/* Hacks to solve the problem with linkers incapable of handling very long - symbol names. In the case of VMS, the limit is 31 characters on VMS for - VAX. */ -#ifdef OPENSSL_SYS_VMS - -/* Hack a long name in crypto/ex_data.c */ -#undef CRYPTO_get_ex_data_implementation -#define CRYPTO_get_ex_data_implementation CRYPTO_get_ex_data_impl -#undef CRYPTO_set_ex_data_implementation -#define CRYPTO_set_ex_data_implementation CRYPTO_set_ex_data_impl - -/* Hack a long name in crypto/asn1/a_mbstr.c */ -#undef ASN1_STRING_set_default_mask_asc -#define ASN1_STRING_set_default_mask_asc ASN1_STRING_set_def_mask_asc - -#if 0 /* No longer needed, since safestack macro magic does the job */ -/* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO) */ -#undef i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO -#define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO i2d_ASN1_SET_OF_PKCS7_SIGINF -#undef d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO -#define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO d2i_ASN1_SET_OF_PKCS7_SIGINF -#endif - -#if 0 /* No longer needed, since safestack macro magic does the job */ -/* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO) */ -#undef i2d_ASN1_SET_OF_PKCS7_RECIP_INFO -#define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO i2d_ASN1_SET_OF_PKCS7_RECINF -#undef d2i_ASN1_SET_OF_PKCS7_RECIP_INFO -#define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO d2i_ASN1_SET_OF_PKCS7_RECINF -#endif - -#if 0 /* No longer needed, since safestack macro magic does the job */ -/* Hack the names created with DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION) */ -#undef i2d_ASN1_SET_OF_ACCESS_DESCRIPTION -#define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION i2d_ASN1_SET_OF_ACC_DESC -#undef d2i_ASN1_SET_OF_ACCESS_DESCRIPTION -#define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION d2i_ASN1_SET_OF_ACC_DESC -#endif - -/* Hack the names created with DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE) */ -#undef PEM_read_NETSCAPE_CERT_SEQUENCE -#define PEM_read_NETSCAPE_CERT_SEQUENCE PEM_read_NS_CERT_SEQ -#undef PEM_write_NETSCAPE_CERT_SEQUENCE -#define PEM_write_NETSCAPE_CERT_SEQUENCE PEM_write_NS_CERT_SEQ -#undef PEM_read_bio_NETSCAPE_CERT_SEQUENCE -#define PEM_read_bio_NETSCAPE_CERT_SEQUENCE PEM_read_bio_NS_CERT_SEQ -#undef PEM_write_bio_NETSCAPE_CERT_SEQUENCE -#define PEM_write_bio_NETSCAPE_CERT_SEQUENCE PEM_write_bio_NS_CERT_SEQ -#undef PEM_write_cb_bio_NETSCAPE_CERT_SEQUENCE -#define PEM_write_cb_bio_NETSCAPE_CERT_SEQUENCE PEM_write_cb_bio_NS_CERT_SEQ - -/* Hack the names created with DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO) */ -#undef PEM_read_PKCS8_PRIV_KEY_INFO -#define PEM_read_PKCS8_PRIV_KEY_INFO PEM_read_P8_PRIV_KEY_INFO -#undef PEM_write_PKCS8_PRIV_KEY_INFO -#define PEM_write_PKCS8_PRIV_KEY_INFO PEM_write_P8_PRIV_KEY_INFO -#undef PEM_read_bio_PKCS8_PRIV_KEY_INFO -#define PEM_read_bio_PKCS8_PRIV_KEY_INFO PEM_read_bio_P8_PRIV_KEY_INFO -#undef PEM_write_bio_PKCS8_PRIV_KEY_INFO -#define PEM_write_bio_PKCS8_PRIV_KEY_INFO PEM_write_bio_P8_PRIV_KEY_INFO -#undef PEM_write_cb_bio_PKCS8_PRIV_KEY_INFO -#define PEM_write_cb_bio_PKCS8_PRIV_KEY_INFO PEM_wrt_cb_bio_P8_PRIV_KEY_INFO - -/* Hack other PEM names */ -#undef PEM_write_bio_PKCS8PrivateKey_nid -#define PEM_write_bio_PKCS8PrivateKey_nid PEM_write_bio_PKCS8PrivKey_nid - -/* Hack some long X509 names */ -#undef X509_REVOKED_get_ext_by_critical -#define X509_REVOKED_get_ext_by_critical X509_REVOKED_get_ext_by_critic - -/* Hack some long CRYPTO names */ -#undef CRYPTO_set_dynlock_destroy_callback -#define CRYPTO_set_dynlock_destroy_callback CRYPTO_set_dynlock_destroy_cb -#undef CRYPTO_set_dynlock_create_callback -#define CRYPTO_set_dynlock_create_callback CRYPTO_set_dynlock_create_cb -#undef CRYPTO_set_dynlock_lock_callback -#define CRYPTO_set_dynlock_lock_callback CRYPTO_set_dynlock_lock_cb -#undef CRYPTO_get_dynlock_lock_callback -#define CRYPTO_get_dynlock_lock_callback CRYPTO_get_dynlock_lock_cb -#undef CRYPTO_get_dynlock_destroy_callback -#define CRYPTO_get_dynlock_destroy_callback CRYPTO_get_dynlock_destroy_cb -#undef CRYPTO_get_dynlock_create_callback -#define CRYPTO_get_dynlock_create_callback CRYPTO_get_dynlock_create_cb -#undef CRYPTO_set_locked_mem_ex_functions -#define CRYPTO_set_locked_mem_ex_functions CRYPTO_set_locked_mem_ex_funcs -#undef CRYPTO_get_locked_mem_ex_functions -#define CRYPTO_get_locked_mem_ex_functions CRYPTO_get_locked_mem_ex_funcs - -/* Hack some long SSL names */ -#undef SSL_CTX_set_default_verify_paths -#define SSL_CTX_set_default_verify_paths SSL_CTX_set_def_verify_paths -#undef SSL_get_ex_data_X509_STORE_CTX_idx -#define SSL_get_ex_data_X509_STORE_CTX_idx SSL_get_ex_d_X509_STORE_CTX_idx -#undef SSL_add_file_cert_subjects_to_stack -#define SSL_add_file_cert_subjects_to_stack SSL_add_file_cert_subjs_to_stk -#if 0 /* This function is not defined i VMS. */ -#undef SSL_add_dir_cert_subjects_to_stack -#define SSL_add_dir_cert_subjects_to_stack SSL_add_dir_cert_subjs_to_stk -#endif -#undef SSL_CTX_use_certificate_chain_file -#define SSL_CTX_use_certificate_chain_file SSL_CTX_use_cert_chain_file -#undef SSL_CTX_set_cert_verify_callback -#define SSL_CTX_set_cert_verify_callback SSL_CTX_set_cert_verify_cb -#undef SSL_CTX_set_default_passwd_cb_userdata -#define SSL_CTX_set_default_passwd_cb_userdata SSL_CTX_set_def_passwd_cb_ud - -/* Hack some long ENGINE names */ -#undef ENGINE_get_default_BN_mod_exp_crt -#define ENGINE_get_default_BN_mod_exp_crt ENGINE_get_def_BN_mod_exp_crt -#undef ENGINE_set_default_BN_mod_exp_crt -#define ENGINE_set_default_BN_mod_exp_crt ENGINE_set_def_BN_mod_exp_crt -#undef ENGINE_set_load_privkey_function -#define ENGINE_set_load_privkey_function ENGINE_set_load_privkey_fn -#undef ENGINE_get_load_privkey_function -#define ENGINE_get_load_privkey_function ENGINE_get_load_privkey_fn - -/* Hack some long OCSP names */ -#undef OCSP_REQUEST_get_ext_by_critical -#define OCSP_REQUEST_get_ext_by_critical OCSP_REQUEST_get_ext_by_crit -#undef OCSP_BASICRESP_get_ext_by_critical -#define OCSP_BASICRESP_get_ext_by_critical OCSP_BASICRESP_get_ext_by_crit -#undef OCSP_SINGLERESP_get_ext_by_critical -#define OCSP_SINGLERESP_get_ext_by_critical OCSP_SINGLERESP_get_ext_by_crit - -/* Hack some long DES names */ -#undef _ossl_old_des_ede3_cfb64_encrypt -#define _ossl_old_des_ede3_cfb64_encrypt _ossl_odes_ede3_cfb64_encrypt -#undef _ossl_old_des_ede3_ofb64_encrypt -#define _ossl_old_des_ede3_ofb64_encrypt _ossl_odes_ede3_ofb64_encrypt - -/* Hack some long EVP names */ -#undef OPENSSL_add_all_algorithms_noconf -#define OPENSSL_add_all_algorithms_noconf OPENSSL_add_all_algo_noconf -#undef OPENSSL_add_all_algorithms_conf -#define OPENSSL_add_all_algorithms_conf OPENSSL_add_all_algo_conf - -/* Hack some long EC names */ -#undef EC_POINT_set_Jprojective_coordinates_GFp -#define EC_POINT_set_Jprojective_coordinates_GFp \ - EC_POINT_set_Jproj_coords_GFp -#undef EC_POINT_get_Jprojective_coordinates_GFp -#define EC_POINT_get_Jprojective_coordinates_GFp \ - EC_POINT_get_Jproj_coords_GFp -#undef EC_POINT_set_affine_coordinates_GFp -#define EC_POINT_set_affine_coordinates_GFp EC_POINT_set_affine_coords_GFp -#undef EC_POINT_get_affine_coordinates_GFp -#define EC_POINT_get_affine_coordinates_GFp EC_POINT_get_affine_coords_GFp -#undef EC_POINT_set_compressed_coordinates_GFp -#define EC_POINT_set_compressed_coordinates_GFp EC_POINT_set_compr_coords_GFp -#undef ec_GFp_simple_group_set_curve_GFp -#define ec_GFp_simple_group_set_curve_GFp ec_GFp_simple_grp_set_curve_GFp -#undef ec_GFp_simple_group_get_curve_GFp -#define ec_GFp_simple_group_get_curve_GFp ec_GFp_simple_grp_get_curve_GFp -#undef ec_GFp_simple_group_clear_finish -#define ec_GFp_simple_group_clear_finish ec_GFp_simple_grp_clear_finish -#undef ec_GFp_simple_group_set_generator -#define ec_GFp_simple_group_set_generator ec_GFp_simple_grp_set_generator -#undef ec_GFp_simple_group_get0_generator -#define ec_GFp_simple_group_get0_generator ec_GFp_simple_grp_gt0_generator -#undef ec_GFp_simple_group_get_cofactor -#define ec_GFp_simple_group_get_cofactor ec_GFp_simple_grp_get_cofactor -#undef ec_GFp_simple_point_clear_finish -#define ec_GFp_simple_point_clear_finish ec_GFp_simple_pt_clear_finish -#undef ec_GFp_simple_point_set_to_infinity -#define ec_GFp_simple_point_set_to_infinity ec_GFp_simple_pt_set_to_inf -#undef ec_GFp_simple_points_make_affine -#define ec_GFp_simple_points_make_affine ec_GFp_simple_pts_make_affine -#undef ec_GFp_simple_group_get_curve_GFp -#define ec_GFp_simple_group_get_curve_GFp ec_GFp_simple_grp_get_curve_GFp -#undef ec_GFp_simple_set_Jprojective_coordinates_GFp -#define ec_GFp_simple_set_Jprojective_coordinates_GFp \ - ec_GFp_smp_set_Jproj_coords_GFp -#undef ec_GFp_simple_get_Jprojective_coordinates_GFp -#define ec_GFp_simple_get_Jprojective_coordinates_GFp \ - ec_GFp_smp_get_Jproj_coords_GFp -#undef ec_GFp_simple_point_set_affine_coordinates_GFp -#define ec_GFp_simple_point_set_affine_coordinates_GFp \ - ec_GFp_smp_pt_set_af_coords_GFp -#undef ec_GFp_simple_point_get_affine_coordinates_GFp -#define ec_GFp_simple_point_get_affine_coordinates_GFp \ - ec_GFp_smp_pt_get_af_coords_GFp -#undef ec_GFp_simple_set_compressed_coordinates_GFp -#define ec_GFp_simple_set_compressed_coordinates_GFp \ - ec_GFp_smp_set_compr_coords_GFp - -#endif /* defined OPENSSL_SYS_VMS */ - - -/* Case insensiteve linking causes problems.... */ -#if defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_VMS) -#undef ERR_load_CRYPTO_strings -#define ERR_load_CRYPTO_strings ERR_load_CRYPTOlib_strings -#undef OCSP_crlID_new -#define OCSP_crlID_new OCSP_crlID2_new - -/* These functions do not seem to exist! However, I'm paranoid... - Original command in x509v3.h: - These functions are being redefined in another directory, - and clash when the linker is case-insensitive, so let's - hide them a little, by giving them an extra 'o' at the - beginning of the name... */ -#undef X509v3_cleanup_extensions -#define X509v3_cleanup_extensions oX509v3_cleanup_extensions -#undef X509v3_add_extension -#define X509v3_add_extension oX509v3_add_extension -#undef X509v3_add_netscape_extensions -#define X509v3_add_netscape_extensions oX509v3_add_netscape_extensions -#undef X509v3_add_standard_extensions -#define X509v3_add_standard_extensions oX509v3_add_standard_extensions - - -#endif - - -#endif /* ! defined HEADER_VMS_IDHACKS_H */ diff --git a/src/lib/libcrypto/threads/README b/src/lib/libcrypto/threads/README deleted file mode 100644 index df6b26e146f..00000000000 --- a/src/lib/libcrypto/threads/README +++ /dev/null @@ -1,14 +0,0 @@ -Mutithreading testing area. - -Since this stuff is very very platorm specific, this is not part of the -normal build. Have a read of doc/threads.doc. - -mttest will do some testing and will currently build under Windows NT/95, -Solaris and Linux. The IRIX stuff is not finished. - -I have tested this program on a 12 CPU ultra sparc box (solaris 2.5.1) -and things seem to work ok. - -The Linux pthreads package can be retrieved from -http://www.mit.edu:8001/people/proven/pthreads.html - diff --git a/src/lib/libcrypto/threads/mttest.c b/src/lib/libcrypto/threads/mttest.c deleted file mode 100644 index c474a63c746..00000000000 --- a/src/lib/libcrypto/threads/mttest.c +++ /dev/null @@ -1,1101 +0,0 @@ -/* crypto/threads/mttest.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include -#include -#ifdef LINUX -#include -#endif -#ifdef OPENSSL_SYS_WIN32 -#include -#endif -#ifdef SOLARIS -#include -#include -#endif -#ifdef IRIX -#include -#include -#endif -#ifdef PTHREADS -#include -#endif -#include -#include -#include -#include "../../e_os.h" -#include -#include -#include -#include - -#ifdef OPENSSL_NO_FP_API -#define APPS_WIN16 -#include "../buffer/bss_file.c" -#endif - -#define TEST_SERVER_CERT "../../apps/server.pem" -#define TEST_CLIENT_CERT "../../apps/client.pem" - -#define MAX_THREAD_NUMBER 100 - -int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *xs); -void thread_setup(void); -void thread_cleanup(void); -void do_threads(SSL_CTX *s_ctx,SSL_CTX *c_ctx); - -void irix_locking_callback(int mode,int type,char *file,int line); -void solaris_locking_callback(int mode,int type,char *file,int line); -void win32_locking_callback(int mode,int type,char *file,int line); -void pthreads_locking_callback(int mode,int type,char *file,int line); - -unsigned long irix_thread_id(void ); -unsigned long solaris_thread_id(void ); -unsigned long pthreads_thread_id(void ); - -BIO *bio_err=NULL; -BIO *bio_stdout=NULL; - -static char *cipher=NULL; -int verbose=0; -#ifdef FIONBIO -static int s_nbio=0; -#endif - -int thread_number=10; -int number_of_loops=10; -int reconnect=0; -int cache_stats=0; - -static const char rnd_seed[] = "string to make the random number generator think it has entropy"; - -int doit(char *ctx[4]); -static void print_stats(FILE *fp, SSL_CTX *ctx) -{ - fprintf(fp,"%4ld items in the session cache\n", - SSL_CTX_sess_number(ctx)); - fprintf(fp,"%4d client connects (SSL_connect())\n", - SSL_CTX_sess_connect(ctx)); - fprintf(fp,"%4d client connects that finished\n", - SSL_CTX_sess_connect_good(ctx)); - fprintf(fp,"%4d server connects (SSL_accept())\n", - SSL_CTX_sess_accept(ctx)); - fprintf(fp,"%4d server connects that finished\n", - SSL_CTX_sess_accept_good(ctx)); - fprintf(fp,"%4d session cache hits\n",SSL_CTX_sess_hits(ctx)); - fprintf(fp,"%4d session cache misses\n",SSL_CTX_sess_misses(ctx)); - fprintf(fp,"%4d session cache timeouts\n",SSL_CTX_sess_timeouts(ctx)); - } - -static void sv_usage(void) - { - fprintf(stderr,"usage: ssltest [args ...]\n"); - fprintf(stderr,"\n"); - fprintf(stderr," -server_auth - check server certificate\n"); - fprintf(stderr," -client_auth - do client authentication\n"); - fprintf(stderr," -v - more output\n"); - fprintf(stderr," -CApath arg - PEM format directory of CA's\n"); - fprintf(stderr," -CAfile arg - PEM format file of CA's\n"); - fprintf(stderr," -threads arg - number of threads\n"); - fprintf(stderr," -loops arg - number of 'connections', per thread\n"); - fprintf(stderr," -reconnect - reuse session-id's\n"); - fprintf(stderr," -stats - server session-id cache stats\n"); - fprintf(stderr," -cert arg - server certificate/key\n"); - fprintf(stderr," -ccert arg - client certificate/key\n"); - fprintf(stderr," -ssl3 - just SSLv3n\n"); - } - -int main(int argc, char *argv[]) - { - char *CApath=NULL,*CAfile=NULL; - int badop=0; - int ret=1; - int client_auth=0; - int server_auth=0; - SSL_CTX *s_ctx=NULL; - SSL_CTX *c_ctx=NULL; - char *scert=TEST_SERVER_CERT; - char *ccert=TEST_CLIENT_CERT; - SSL_METHOD *ssl_method=SSLv23_method(); - - RAND_seed(rnd_seed, sizeof rnd_seed); - - if (bio_err == NULL) - bio_err=BIO_new_fp(stderr,BIO_NOCLOSE); - if (bio_stdout == NULL) - bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE); - argc--; - argv++; - - while (argc >= 1) - { - if (strcmp(*argv,"-server_auth") == 0) - server_auth=1; - else if (strcmp(*argv,"-client_auth") == 0) - client_auth=1; - else if (strcmp(*argv,"-reconnect") == 0) - reconnect=1; - else if (strcmp(*argv,"-stats") == 0) - cache_stats=1; - else if (strcmp(*argv,"-ssl3") == 0) - ssl_method=SSLv3_method(); - else if (strcmp(*argv,"-ssl2") == 0) - ssl_method=SSLv2_method(); - else if (strcmp(*argv,"-CApath") == 0) - { - if (--argc < 1) goto bad; - CApath= *(++argv); - } - else if (strcmp(*argv,"-CAfile") == 0) - { - if (--argc < 1) goto bad; - CAfile= *(++argv); - } - else if (strcmp(*argv,"-cert") == 0) - { - if (--argc < 1) goto bad; - scert= *(++argv); - } - else if (strcmp(*argv,"-ccert") == 0) - { - if (--argc < 1) goto bad; - ccert= *(++argv); - } - else if (strcmp(*argv,"-threads") == 0) - { - if (--argc < 1) goto bad; - thread_number= atoi(*(++argv)); - if (thread_number == 0) thread_number=1; - if (thread_number > MAX_THREAD_NUMBER) - thread_number=MAX_THREAD_NUMBER; - } - else if (strcmp(*argv,"-loops") == 0) - { - if (--argc < 1) goto bad; - number_of_loops= atoi(*(++argv)); - if (number_of_loops == 0) number_of_loops=1; - } - else - { - fprintf(stderr,"unknown option %s\n",*argv); - badop=1; - break; - } - argc--; - argv++; - } - if (badop) - { -bad: - sv_usage(); - goto end; - } - - if (cipher == NULL && issetugid() == 0) - cipher=getenv("SSL_CIPHER"); - - SSL_load_error_strings(); - OpenSSL_add_ssl_algorithms(); - - c_ctx=SSL_CTX_new(ssl_method); - s_ctx=SSL_CTX_new(ssl_method); - if ((c_ctx == NULL) || (s_ctx == NULL)) - { - ERR_print_errors(bio_err); - goto end; - } - - SSL_CTX_set_session_cache_mode(s_ctx, - SSL_SESS_CACHE_NO_AUTO_CLEAR|SSL_SESS_CACHE_SERVER); - SSL_CTX_set_session_cache_mode(c_ctx, - SSL_SESS_CACHE_NO_AUTO_CLEAR|SSL_SESS_CACHE_SERVER); - - if (!SSL_CTX_use_certificate_file(s_ctx,scert,SSL_FILETYPE_PEM)) - { - ERR_print_errors(bio_err); - } - else if (!SSL_CTX_use_RSAPrivateKey_file(s_ctx,scert,SSL_FILETYPE_PEM)) - { - ERR_print_errors(bio_err); - goto end; - } - - if (client_auth) - { - SSL_CTX_use_certificate_file(c_ctx,ccert, - SSL_FILETYPE_PEM); - SSL_CTX_use_RSAPrivateKey_file(c_ctx,ccert, - SSL_FILETYPE_PEM); - } - - if ( (!SSL_CTX_load_verify_locations(s_ctx,CAfile,CApath)) || - (!SSL_CTX_set_default_verify_paths(s_ctx)) || - (!SSL_CTX_load_verify_locations(c_ctx,CAfile,CApath)) || - (!SSL_CTX_set_default_verify_paths(c_ctx))) - { - fprintf(stderr,"SSL_load_verify_locations\n"); - ERR_print_errors(bio_err); - goto end; - } - - if (client_auth) - { - fprintf(stderr,"client authentication\n"); - SSL_CTX_set_verify(s_ctx, - SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, - verify_callback); - } - if (server_auth) - { - fprintf(stderr,"server authentication\n"); - SSL_CTX_set_verify(c_ctx,SSL_VERIFY_PEER, - verify_callback); - } - - thread_setup(); - do_threads(s_ctx,c_ctx); - thread_cleanup(); -end: - - if (c_ctx != NULL) - { - fprintf(stderr,"Client SSL_CTX stats then free it\n"); - print_stats(stderr,c_ctx); - SSL_CTX_free(c_ctx); - } - if (s_ctx != NULL) - { - fprintf(stderr,"Server SSL_CTX stats then free it\n"); - print_stats(stderr,s_ctx); - if (cache_stats) - { - fprintf(stderr,"-----\n"); - lh_stats(SSL_CTX_sessions(s_ctx),stderr); - fprintf(stderr,"-----\n"); - /* lh_node_stats(SSL_CTX_sessions(s_ctx),stderr); - fprintf(stderr,"-----\n"); */ - lh_node_usage_stats(SSL_CTX_sessions(s_ctx),stderr); - fprintf(stderr,"-----\n"); - } - SSL_CTX_free(s_ctx); - fprintf(stderr,"done free\n"); - } - exit(ret); - return(0); - } - -#define W_READ 1 -#define W_WRITE 2 -#define C_DONE 1 -#define S_DONE 2 - -int ndoit(SSL_CTX *ssl_ctx[2]) - { - int i; - int ret; - char *ctx[4]; - - ctx[0]=(char *)ssl_ctx[0]; - ctx[1]=(char *)ssl_ctx[1]; - - if (reconnect) - { - ctx[2]=(char *)SSL_new(ssl_ctx[0]); - ctx[3]=(char *)SSL_new(ssl_ctx[1]); - } - else - { - ctx[2]=NULL; - ctx[3]=NULL; - } - - fprintf(stdout,"started thread %lu\n",CRYPTO_thread_id()); - for (i=0; iref (%3d,%3d)\n", - CRYPTO_thread_id(),i, - ssl_ctx[0]->references, - ssl_ctx[1]->references); */ - /* pthread_delay_np(&tm);*/ - - ret=doit(ctx); - if (ret != 0) - { - fprintf(stdout,"error[%d] %lu - %d\n", - i,CRYPTO_thread_id(),ret); - return(ret); - } - } - fprintf(stdout,"DONE %lu\n",CRYPTO_thread_id()); - if (reconnect) - { - SSL_free((SSL *)ctx[2]); - SSL_free((SSL *)ctx[3]); - } - return(0); - } - -int doit(char *ctx[4]) - { - SSL_CTX *s_ctx,*c_ctx; - static char cbuf[200],sbuf[200]; - SSL *c_ssl=NULL; - SSL *s_ssl=NULL; - BIO *c_to_s=NULL; - BIO *s_to_c=NULL; - BIO *c_bio=NULL; - BIO *s_bio=NULL; - int c_r,c_w,s_r,s_w; - int c_want,s_want; - int i; - int done=0; - int c_write,s_write; - int do_server=0,do_client=0; - - s_ctx=(SSL_CTX *)ctx[0]; - c_ctx=(SSL_CTX *)ctx[1]; - - if (ctx[2] != NULL) - s_ssl=(SSL *)ctx[2]; - else - s_ssl=SSL_new(s_ctx); - - if (ctx[3] != NULL) - c_ssl=(SSL *)ctx[3]; - else - c_ssl=SSL_new(c_ctx); - - if ((s_ssl == NULL) || (c_ssl == NULL)) goto err; - - c_to_s=BIO_new(BIO_s_mem()); - s_to_c=BIO_new(BIO_s_mem()); - if ((s_to_c == NULL) || (c_to_s == NULL)) goto err; - - c_bio=BIO_new(BIO_f_ssl()); - s_bio=BIO_new(BIO_f_ssl()); - if ((c_bio == NULL) || (s_bio == NULL)) goto err; - - SSL_set_connect_state(c_ssl); - SSL_set_bio(c_ssl,s_to_c,c_to_s); - BIO_set_ssl(c_bio,c_ssl,(ctx[2] == NULL)?BIO_CLOSE:BIO_NOCLOSE); - - SSL_set_accept_state(s_ssl); - SSL_set_bio(s_ssl,c_to_s,s_to_c); - BIO_set_ssl(s_bio,s_ssl,(ctx[3] == NULL)?BIO_CLOSE:BIO_NOCLOSE); - - c_r=0; s_r=1; - c_w=1; s_w=0; - c_want=W_WRITE; - s_want=0; - c_write=1,s_write=0; - - /* We can always do writes */ - for (;;) - { - do_server=0; - do_client=0; - - i=(int)BIO_pending(s_bio); - if ((i && s_r) || s_w) do_server=1; - - i=(int)BIO_pending(c_bio); - if ((i && c_r) || c_w) do_client=1; - - if (do_server && verbose) - { - if (SSL_in_init(s_ssl)) - printf("server waiting in SSL_accept - %s\n", - SSL_state_string_long(s_ssl)); - else if (s_write) - printf("server:SSL_write()\n"); - else - printf("server:SSL_read()\n"); - } - - if (do_client && verbose) - { - if (SSL_in_init(c_ssl)) - printf("client waiting in SSL_connect - %s\n", - SSL_state_string_long(c_ssl)); - else if (c_write) - printf("client:SSL_write()\n"); - else - printf("client:SSL_read()\n"); - } - - if (!do_client && !do_server) - { - fprintf(stdout,"ERROR IN STARTUP\n"); - break; - } - if (do_client && !(done & C_DONE)) - { - if (c_write) - { - i=BIO_write(c_bio,"hello from client\n",18); - if (i < 0) - { - c_r=0; - c_w=0; - if (BIO_should_retry(c_bio)) - { - if (BIO_should_read(c_bio)) - c_r=1; - if (BIO_should_write(c_bio)) - c_w=1; - } - else - { - fprintf(stderr,"ERROR in CLIENT\n"); - ERR_print_errors_fp(stderr); - return(1); - } - } - else if (i == 0) - { - fprintf(stderr,"SSL CLIENT STARTUP FAILED\n"); - return(1); - } - else - { - /* ok */ - c_write=0; - } - } - else - { - i=BIO_read(c_bio,cbuf,100); - if (i < 0) - { - c_r=0; - c_w=0; - if (BIO_should_retry(c_bio)) - { - if (BIO_should_read(c_bio)) - c_r=1; - if (BIO_should_write(c_bio)) - c_w=1; - } - else - { - fprintf(stderr,"ERROR in CLIENT\n"); - ERR_print_errors_fp(stderr); - return(1); - } - } - else if (i == 0) - { - fprintf(stderr,"SSL CLIENT STARTUP FAILED\n"); - return(1); - } - else - { - done|=C_DONE; -#ifdef undef - fprintf(stdout,"CLIENT:from server:"); - fwrite(cbuf,1,i,stdout); - fflush(stdout); -#endif - } - } - } - - if (do_server && !(done & S_DONE)) - { - if (!s_write) - { - i=BIO_read(s_bio,sbuf,100); - if (i < 0) - { - s_r=0; - s_w=0; - if (BIO_should_retry(s_bio)) - { - if (BIO_should_read(s_bio)) - s_r=1; - if (BIO_should_write(s_bio)) - s_w=1; - } - else - { - fprintf(stderr,"ERROR in SERVER\n"); - ERR_print_errors_fp(stderr); - return(1); - } - } - else if (i == 0) - { - fprintf(stderr,"SSL SERVER STARTUP FAILED\n"); - return(1); - } - else - { - s_write=1; - s_w=1; -#ifdef undef - fprintf(stdout,"SERVER:from client:"); - fwrite(sbuf,1,i,stdout); - fflush(stdout); -#endif - } - } - else - { - i=BIO_write(s_bio,"hello from server\n",18); - if (i < 0) - { - s_r=0; - s_w=0; - if (BIO_should_retry(s_bio)) - { - if (BIO_should_read(s_bio)) - s_r=1; - if (BIO_should_write(s_bio)) - s_w=1; - } - else - { - fprintf(stderr,"ERROR in SERVER\n"); - ERR_print_errors_fp(stderr); - return(1); - } - } - else if (i == 0) - { - fprintf(stderr,"SSL SERVER STARTUP FAILED\n"); - return(1); - } - else - { - s_write=0; - s_r=1; - done|=S_DONE; - } - } - } - - if ((done & S_DONE) && (done & C_DONE)) break; - } - - SSL_set_shutdown(c_ssl,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); - SSL_set_shutdown(s_ssl,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); - -#ifdef undef - fprintf(stdout,"DONE\n"); -#endif -err: - /* We have to set the BIO's to NULL otherwise they will be - * free()ed twice. Once when th s_ssl is SSL_free()ed and - * again when c_ssl is SSL_free()ed. - * This is a hack required because s_ssl and c_ssl are sharing the same - * BIO structure and SSL_set_bio() and SSL_free() automatically - * BIO_free non NULL entries. - * You should not normally do this or be required to do this */ - - if (s_ssl != NULL) - { - s_ssl->rbio=NULL; - s_ssl->wbio=NULL; - } - if (c_ssl != NULL) - { - c_ssl->rbio=NULL; - c_ssl->wbio=NULL; - } - - /* The SSL's are optionally freed in the following calls */ - if (c_to_s != NULL) BIO_free(c_to_s); - if (s_to_c != NULL) BIO_free(s_to_c); - - if (c_bio != NULL) BIO_free(c_bio); - if (s_bio != NULL) BIO_free(s_bio); - return(0); - } - -int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx) - { - char *s, buf[256]; - - if (verbose) - { - s=X509_NAME_oneline(X509_get_subject_name(ctx->current_cert), - buf,256); - if (s != NULL) - { - if (ok) - fprintf(stderr,"depth=%d %s\n", - ctx->error_depth,buf); - else - fprintf(stderr,"depth=%d error=%d %s\n", - ctx->error_depth,ctx->error,buf); - } - } - return(ok); - } - -#define THREAD_STACK_SIZE (16*1024) - -#ifdef OPENSSL_SYS_WIN32 - -static HANDLE *lock_cs; - -void thread_setup(void) - { - int i; - - lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(HANDLE)); - for (i=0; i end.wDayOfWeek) end.wDayOfWeek+=7; - ret=(end.wDayOfWeek-start.wDayOfWeek)*24; - - ret=(ret+end.wHour-start.wHour)*60; - ret=(ret+end.wMinute-start.wMinute)*60; - ret=(ret+end.wSecond-start.wSecond); - ret+=(end.wMilliseconds-start.wMilliseconds)/1000.0; - - printf("win32 threads done - %.3f seconds\n",ret); - } - -#endif /* OPENSSL_SYS_WIN32 */ - -#ifdef SOLARIS - -static mutex_t *lock_cs; -/*static rwlock_t *lock_cs; */ -static long *lock_count; - -void thread_setup(void) - { - int i; - - lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(mutex_t)); - lock_count=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long)); - for (i=0; ireferences,c_ctx->references); - } - -unsigned long solaris_thread_id(void) - { - unsigned long ret; - - ret=(unsigned long)thr_self(); - return(ret); - } -#endif /* SOLARIS */ - -#ifdef IRIX - - -static usptr_t *arena; -static usema_t **lock_cs; - -void thread_setup(void) - { - int i; - char filename[20]; - - strcpy(filename,"/tmp/mttest.XXXXXX"); - mktemp(filename); - - usconfig(CONF_STHREADIOOFF); - usconfig(CONF_STHREADMALLOCOFF); - usconfig(CONF_INITUSERS,100); - usconfig(CONF_LOCKTYPE,US_DEBUGPLUS); - arena=usinit(filename); - unlink(filename); - - lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(usema_t *)); - for (i=0; ireferences,c_ctx->references); - } - -unsigned long irix_thread_id(void) - { - unsigned long ret; - - ret=(unsigned long)getpid(); - return(ret); - } -#endif /* IRIX */ - -#ifdef PTHREADS - -static pthread_mutex_t *lock_cs; -static long *lock_count; - -void thread_setup(void) - { - int i; - - lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t)); - lock_count=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long)); - for (i=0; ireferences,c_ctx->references); - } - -unsigned long pthreads_thread_id(void) - { - unsigned long ret; - - ret=(unsigned long)pthread_self(); - return(ret); - } - -#endif /* PTHREADS */ - - - diff --git a/src/lib/libcrypto/threads/profile.sh b/src/lib/libcrypto/threads/profile.sh deleted file mode 100644 index 6e3e342fc0b..00000000000 --- a/src/lib/libcrypto/threads/profile.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -/bin/rm -f mttest -cc -p -DSOLARIS -I../../include -g mttest.c -o mttest -L/usr/lib/libc -ldl -L../.. -lthread -lssl -lcrypto -lnsl -lsocket - diff --git a/src/lib/libcrypto/threads/ptest.bat b/src/lib/libcrypto/threads/ptest.bat deleted file mode 100644 index 4071b5ffeac..00000000000 --- a/src/lib/libcrypto/threads/ptest.bat +++ /dev/null @@ -1,4 +0,0 @@ -del mttest.exe - -purify cl /O2 -DWIN32 /MD -I..\..\out mttest.c /Femttest ..\..\out\ssl32.lib ..\..\out\crypt32.lib - diff --git a/src/lib/libcrypto/threads/pthread.sh b/src/lib/libcrypto/threads/pthread.sh deleted file mode 100644 index f1c49821d2f..00000000000 --- a/src/lib/libcrypto/threads/pthread.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/sh -# -# build using pthreads -# -# http://www.mit.edu:8001/people/proven/pthreads.html -# -/bin/rm -f mttest -pgcc -DPTHREADS -I../../include -g mttest.c -o mttest -L../.. -lssl -lcrypto - diff --git a/src/lib/libcrypto/threads/pthread2.sh b/src/lib/libcrypto/threads/pthread2.sh deleted file mode 100644 index 41264c6a504..00000000000 --- a/src/lib/libcrypto/threads/pthread2.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh -# -# build using pthreads where it's already built into the system -# -/bin/rm -f mttest -gcc -DPTHREADS -I../../include -g mttest.c -o mttest -L../.. -lssl -lcrypto -lpthread - diff --git a/src/lib/libcrypto/threads/pthreads-vms.com b/src/lib/libcrypto/threads/pthreads-vms.com deleted file mode 100644 index 63f5b8cc2e9..00000000000 --- a/src/lib/libcrypto/threads/pthreads-vms.com +++ /dev/null @@ -1,9 +0,0 @@ -$! To compile mttest on VMS. -$! -$! WARNING: only tested with DEC C so far. -$ -$ arch := vax -$ if f$getsyi("CPU") .ge. 128 then arch := axp -$ define/user openssl [--.include.openssl] -$ cc/def=PTHREADS mttest.c -$ link mttest,[--.'arch'.exe.ssl]libssl/lib,[--.'arch'.exe.crypto]libcrypto/lib diff --git a/src/lib/libcrypto/threads/purify.sh b/src/lib/libcrypto/threads/purify.sh deleted file mode 100644 index 6d44fe26b76..00000000000 --- a/src/lib/libcrypto/threads/purify.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -/bin/rm -f mttest -purify cc -DSOLARIS -I../../include -g mttest.c -o mttest -L../.. -lthread -lssl -lcrypto -lnsl -lsocket - diff --git a/src/lib/libcrypto/threads/solaris.sh b/src/lib/libcrypto/threads/solaris.sh deleted file mode 100644 index bc93094a274..00000000000 --- a/src/lib/libcrypto/threads/solaris.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -/bin/rm -f mttest -cc -DSOLARIS -I../../include -g mttest.c -o mttest -L../.. -lthread -lssl -lcrypto -lnsl -lsocket - diff --git a/src/lib/libcrypto/threads/th-lock.c b/src/lib/libcrypto/threads/th-lock.c deleted file mode 100644 index a6a79b9f453..00000000000 --- a/src/lib/libcrypto/threads/th-lock.c +++ /dev/null @@ -1,387 +0,0 @@ -/* crypto/threads/th-lock.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include -#include -#ifdef LINUX -#include -#endif -#ifdef OPENSSL_SYS_WIN32 -#include -#endif -#ifdef SOLARIS -#include -#include -#endif -#ifdef IRIX -#include -#include -#endif -#ifdef PTHREADS -#include -#endif -#include -#include -#include -#include -#include -#include -#include - -void CRYPTO_thread_setup(void); -void CRYPTO_thread_cleanup(void); - -static void irix_locking_callback(int mode,int type,char *file,int line); -static void solaris_locking_callback(int mode,int type,char *file,int line); -static void win32_locking_callback(int mode,int type,char *file,int line); -static void pthreads_locking_callback(int mode,int type,char *file,int line); - -static unsigned long irix_thread_id(void ); -static unsigned long solaris_thread_id(void ); -static unsigned long pthreads_thread_id(void ); - -/* usage: - * CRYPTO_thread_setup(); - * application code - * CRYPTO_thread_cleanup(); - */ - -#define THREAD_STACK_SIZE (16*1024) - -#ifdef OPENSSL_SYS_WIN32 - -static HANDLE *lock_cs; - -void CRYPTO_thread_setup(void) - { - int i; - - lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(HANDLE)); - for (i=0; i -#include -#include "cryptlib.h" -#include - -#ifdef TIMEB -#undef OPENSSL_SYS_WIN32 -#undef TIMES -#endif - -#if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_VMS) || defined(__DECC) && !defined(OPENSSL_SYS_MACOSX) && !defined(OPENSSL_SYS_VXWORKS) -# define TIMES -#endif - -#ifndef _IRIX -# include -#endif -#ifdef TIMES -# include -# include -#endif - -/* Depending on the VMS version, the tms structure is perhaps defined. - The __TMS macro will show if it was. If it wasn't defined, we should - undefine TIMES, since that tells the rest of the program how things - should be handled. -- Richard Levitte */ -#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS) -#undef TIMES -#endif - -#if defined(sun) || defined(__ultrix) -#define _POSIX_SOURCE -#include -#include -#endif - -#if !defined(TIMES) && !defined(OPENSSL_SYS_VXWORKS) -#include -#endif - -#ifdef OPENSSL_SYS_WIN32 -#include -#endif - -/* The following if from times(3) man page. It may need to be changed */ -#ifndef HZ -# ifndef CLK_TCK -# ifndef _BSD_CLK_TCK_ /* FreeBSD hack */ -# define HZ 100.0 -# else /* _BSD_CLK_TCK_ */ -# define HZ ((double)_BSD_CLK_TCK_) -# endif -# else /* CLK_TCK */ -# define HZ ((double)CLK_TCK) -# endif -#endif - -typedef struct ms_tm - { -#ifdef TIMES - struct tms ms_tms; -#else -# ifdef OPENSSL_SYS_WIN32 - HANDLE thread_id; - FILETIME ms_win32; -# else -# ifdef OPENSSL_SYS_VSWORKS - unsigned long ticks; -# else - struct timeb ms_timeb; -# endif -# endif -#endif - } MS_TM; - -char *ms_time_new(void) - { - MS_TM *ret; - - ret=(MS_TM *)OPENSSL_malloc(sizeof(MS_TM)); - if (ret == NULL) - return(NULL); - memset(ret,0,sizeof(MS_TM)); -#ifdef OPENSSL_SYS_WIN32 - ret->thread_id=GetCurrentThread(); -#endif - return((char *)ret); - } - -void ms_time_free(char *a) - { - if (a != NULL) - OPENSSL_free(a); - } - -void ms_time_get(char *a) - { - MS_TM *tm=(MS_TM *)a; -#ifdef OPENSSL_SYS_WIN32 - FILETIME tmpa,tmpb,tmpc; -#endif - -#ifdef TIMES - times(&tm->ms_tms); -#else -# ifdef OPENSSL_SYS_WIN32 - GetThreadTimes(tm->thread_id,&tmpa,&tmpb,&tmpc,&(tm->ms_win32)); -# else -# ifdef OPENSSL_SYS_VSWORKS - tm->ticks = tickGet(); -# else - ftime(&tm->ms_timeb); -# endif -# endif -#endif - } - -double ms_time_diff(char *ap, char *bp) - { - MS_TM *a=(MS_TM *)ap; - MS_TM *b=(MS_TM *)bp; - double ret; - -#ifdef TIMES - ret=(b->ms_tms.tms_utime-a->ms_tms.tms_utime)/HZ; -#else -# ifdef OPENSSL_SYS_WIN32 - { -#ifdef __GNUC__ - signed long long la,lb; -#else - signed _int64 la,lb; -#endif - la=a->ms_win32.dwHighDateTime; - lb=b->ms_win32.dwHighDateTime; - la<<=32; - lb<<=32; - la+=a->ms_win32.dwLowDateTime; - lb+=b->ms_win32.dwLowDateTime; - ret=((double)(lb-la))/1e7; - } -# else -# ifdef OPENSSL_SYS_VSWORKS - ret = (double)(b->ticks - a->ticks) / (double)sysClkRateGet(); -# else - ret= (double)(b->ms_timeb.time-a->ms_timeb.time)+ - (((double)b->ms_timeb.millitm)- - ((double)a->ms_timeb.millitm))/1000.0; -# endif -# endif -#endif - return((ret < 0.0000001)?0.0000001:ret); - } - -int ms_time_cmp(char *ap, char *bp) - { - MS_TM *a=(MS_TM *)ap,*b=(MS_TM *)bp; - double d; - int ret; - -#ifdef TIMES - d=(b->ms_tms.tms_utime-a->ms_tms.tms_utime)/HZ; -#else -# ifdef OPENSSL_SYS_WIN32 - d =(b->ms_win32.dwHighDateTime&0x000fffff)*10+b->ms_win32.dwLowDateTime/1e7; - d-=(a->ms_win32.dwHighDateTime&0x000fffff)*10+a->ms_win32.dwLowDateTime/1e7; -# else -# ifdef OPENSSL_SYS_VSWORKS - d = (b->ticks - a->ticks); -# else - d= (double)(b->ms_timeb.time-a->ms_timeb.time)+ - (((double)b->ms_timeb.millitm)-(double)a->ms_timeb.millitm)/1000.0; -# endif -# endif -#endif - if (d == 0.0) - ret=0; - else if (d < 0) - ret= -1; - else - ret=1; - return(ret); - } - diff --git a/src/lib/libcrypto/tmdiff.h b/src/lib/libcrypto/tmdiff.h deleted file mode 100644 index 41a8a1e0e0d..00000000000 --- a/src/lib/libcrypto/tmdiff.h +++ /dev/null @@ -1,81 +0,0 @@ -/* crypto/tmdiff.h */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -/* Header for dynamic hash table routines - * Author - Eric Young - */ - -#ifndef HEADER_TMDIFF_H -#define HEADER_TMDIFF_H - -#ifdef __cplusplus -extern "C" { -#endif - -char *ms_time_new(void ); -void ms_time_free(char *a); -void ms_time_get(char *a); -double ms_time_diff(char *start,char *end); -int ms_time_cmp(char *ap,char *bp); - -#ifdef __cplusplus -} -#endif - -#endif - diff --git a/src/lib/libcrypto/ts/ts.h b/src/lib/libcrypto/ts/ts.h new file mode 100644 index 00000000000..fa8eb949a4e --- /dev/null +++ b/src/lib/libcrypto/ts/ts.h @@ -0,0 +1,837 @@ +/* $OpenBSD: ts.h,v 1.10 2018/05/13 15:35:46 tb Exp $ */ +/* Written by Zoltan Glozik (zglozik@opentsa.org) for the OpenSSL + * project 2002, 2003, 2004. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_TS_H +#define HEADER_TS_H + +#include + +#ifndef OPENSSL_NO_BUFFER +#include +#endif +#ifndef OPENSSL_NO_EVP +#include +#endif +#ifndef OPENSSL_NO_BIO +#include +#endif +#include +#include +#include + +#ifndef OPENSSL_NO_RSA +#include +#endif + +#ifndef OPENSSL_NO_DSA +#include +#endif + +#ifndef OPENSSL_NO_DH +#include +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +#include +#include + +/* +MessageImprint ::= SEQUENCE { + hashAlgorithm AlgorithmIdentifier, + hashedMessage OCTET STRING } +*/ + +typedef struct TS_msg_imprint_st { + X509_ALGOR *hash_algo; + ASN1_OCTET_STRING *hashed_msg; +} TS_MSG_IMPRINT; + +/* +TimeStampReq ::= SEQUENCE { + version INTEGER { v1(1) }, + messageImprint MessageImprint, + --a hash algorithm OID and the hash value of the data to be + --time-stamped + reqPolicy TSAPolicyId OPTIONAL, + nonce INTEGER OPTIONAL, + certReq BOOLEAN DEFAULT FALSE, + extensions [0] IMPLICIT Extensions OPTIONAL } +*/ + +typedef struct TS_req_st { + ASN1_INTEGER *version; + TS_MSG_IMPRINT *msg_imprint; + ASN1_OBJECT *policy_id; /* OPTIONAL */ + ASN1_INTEGER *nonce; /* OPTIONAL */ + ASN1_BOOLEAN cert_req; /* DEFAULT FALSE */ + STACK_OF(X509_EXTENSION) *extensions; /* [0] OPTIONAL */ +} TS_REQ; + +/* +Accuracy ::= SEQUENCE { + seconds INTEGER OPTIONAL, + millis [0] INTEGER (1..999) OPTIONAL, + micros [1] INTEGER (1..999) OPTIONAL } +*/ + +typedef struct TS_accuracy_st { + ASN1_INTEGER *seconds; + ASN1_INTEGER *millis; + ASN1_INTEGER *micros; +} TS_ACCURACY; + +/* +TSTInfo ::= SEQUENCE { + version INTEGER { v1(1) }, + policy TSAPolicyId, + messageImprint MessageImprint, + -- MUST have the same value as the similar field in + -- TimeStampReq + serialNumber INTEGER, + -- Time-Stamping users MUST be ready to accommodate integers + -- up to 160 bits. + genTime GeneralizedTime, + accuracy Accuracy OPTIONAL, + ordering BOOLEAN DEFAULT FALSE, + nonce INTEGER OPTIONAL, + -- MUST be present if the similar field was present + -- in TimeStampReq. In that case it MUST have the same value. + tsa [0] GeneralName OPTIONAL, + extensions [1] IMPLICIT Extensions OPTIONAL } +*/ + +typedef struct TS_tst_info_st { + ASN1_INTEGER *version; + ASN1_OBJECT *policy_id; + TS_MSG_IMPRINT *msg_imprint; + ASN1_INTEGER *serial; + ASN1_GENERALIZEDTIME *time; + TS_ACCURACY *accuracy; + ASN1_BOOLEAN ordering; + ASN1_INTEGER *nonce; + GENERAL_NAME *tsa; + STACK_OF(X509_EXTENSION) *extensions; +} TS_TST_INFO; + +/* +PKIStatusInfo ::= SEQUENCE { + status PKIStatus, + statusString PKIFreeText OPTIONAL, + failInfo PKIFailureInfo OPTIONAL } + +From RFC 1510 - section 3.1.1: +PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String + -- text encoded as UTF-8 String (note: each UTF8String SHOULD + -- include an RFC 1766 language tag to indicate the language + -- of the contained text) +*/ + +/* Possible values for status. See ts_resp_print.c && ts_resp_verify.c. */ + +#define TS_STATUS_GRANTED 0 +#define TS_STATUS_GRANTED_WITH_MODS 1 +#define TS_STATUS_REJECTION 2 +#define TS_STATUS_WAITING 3 +#define TS_STATUS_REVOCATION_WARNING 4 +#define TS_STATUS_REVOCATION_NOTIFICATION 5 + +/* Possible values for failure_info. See ts_resp_print.c && ts_resp_verify.c */ + +#define TS_INFO_BAD_ALG 0 +#define TS_INFO_BAD_REQUEST 2 +#define TS_INFO_BAD_DATA_FORMAT 5 +#define TS_INFO_TIME_NOT_AVAILABLE 14 +#define TS_INFO_UNACCEPTED_POLICY 15 +#define TS_INFO_UNACCEPTED_EXTENSION 16 +#define TS_INFO_ADD_INFO_NOT_AVAILABLE 17 +#define TS_INFO_SYSTEM_FAILURE 25 + +typedef struct TS_status_info_st { + ASN1_INTEGER *status; + STACK_OF(ASN1_UTF8STRING) *text; + ASN1_BIT_STRING *failure_info; +} TS_STATUS_INFO; + +DECLARE_STACK_OF(ASN1_UTF8STRING) + +/* +TimeStampResp ::= SEQUENCE { + status PKIStatusInfo, + timeStampToken TimeStampToken OPTIONAL } +*/ + +typedef struct TS_resp_st { + TS_STATUS_INFO *status_info; + PKCS7 *token; + TS_TST_INFO *tst_info; +} TS_RESP; + +/* The structure below would belong to the ESS component. */ + +/* +IssuerSerial ::= SEQUENCE { + issuer GeneralNames, + serialNumber CertificateSerialNumber + } +*/ + +typedef struct ESS_issuer_serial { + STACK_OF(GENERAL_NAME) *issuer; + ASN1_INTEGER *serial; +} ESS_ISSUER_SERIAL; + +/* +ESSCertID ::= SEQUENCE { + certHash Hash, + issuerSerial IssuerSerial OPTIONAL +} +*/ + +typedef struct ESS_cert_id { + ASN1_OCTET_STRING *hash; /* Always SHA-1 digest. */ + ESS_ISSUER_SERIAL *issuer_serial; +} ESS_CERT_ID; + +DECLARE_STACK_OF(ESS_CERT_ID) + +/* +SigningCertificate ::= SEQUENCE { + certs SEQUENCE OF ESSCertID, + policies SEQUENCE OF PolicyInformation OPTIONAL +} +*/ + +typedef struct ESS_signing_cert { + STACK_OF(ESS_CERT_ID) *cert_ids; + STACK_OF(POLICYINFO) *policy_info; +} ESS_SIGNING_CERT; + + +TS_REQ *TS_REQ_new(void); +void TS_REQ_free(TS_REQ *a); +int i2d_TS_REQ(const TS_REQ *a, unsigned char **pp); +TS_REQ *d2i_TS_REQ(TS_REQ **a, const unsigned char **pp, long length); + +TS_REQ *TS_REQ_dup(TS_REQ *a); + +TS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a); +int i2d_TS_REQ_fp(FILE *fp, TS_REQ *a); +TS_REQ *d2i_TS_REQ_bio(BIO *fp, TS_REQ **a); +int i2d_TS_REQ_bio(BIO *fp, TS_REQ *a); + +TS_MSG_IMPRINT *TS_MSG_IMPRINT_new(void); +void TS_MSG_IMPRINT_free(TS_MSG_IMPRINT *a); +int i2d_TS_MSG_IMPRINT(const TS_MSG_IMPRINT *a, unsigned char **pp); +TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT(TS_MSG_IMPRINT **a, + const unsigned char **pp, long length); + +TS_MSG_IMPRINT *TS_MSG_IMPRINT_dup(TS_MSG_IMPRINT *a); + +TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a); +int i2d_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT *a); +TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT **a); +int i2d_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT *a); + +TS_RESP *TS_RESP_new(void); +void TS_RESP_free(TS_RESP *a); +int i2d_TS_RESP(const TS_RESP *a, unsigned char **pp); +TS_RESP *d2i_TS_RESP(TS_RESP **a, const unsigned char **pp, long length); +TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token); +TS_RESP *TS_RESP_dup(TS_RESP *a); + +TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a); +int i2d_TS_RESP_fp(FILE *fp, TS_RESP *a); +TS_RESP *d2i_TS_RESP_bio(BIO *fp, TS_RESP **a); +int i2d_TS_RESP_bio(BIO *fp, TS_RESP *a); + +TS_STATUS_INFO *TS_STATUS_INFO_new(void); +void TS_STATUS_INFO_free(TS_STATUS_INFO *a); +int i2d_TS_STATUS_INFO(const TS_STATUS_INFO *a, unsigned char **pp); +TS_STATUS_INFO *d2i_TS_STATUS_INFO(TS_STATUS_INFO **a, + const unsigned char **pp, long length); +TS_STATUS_INFO *TS_STATUS_INFO_dup(TS_STATUS_INFO *a); + +TS_TST_INFO *TS_TST_INFO_new(void); +void TS_TST_INFO_free(TS_TST_INFO *a); +int i2d_TS_TST_INFO(const TS_TST_INFO *a, unsigned char **pp); +TS_TST_INFO *d2i_TS_TST_INFO(TS_TST_INFO **a, const unsigned char **pp, + long length); +TS_TST_INFO *TS_TST_INFO_dup(TS_TST_INFO *a); + +TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a); +int i2d_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO *a); +TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO **a); +int i2d_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO *a); + +TS_ACCURACY *TS_ACCURACY_new(void); +void TS_ACCURACY_free(TS_ACCURACY *a); +int i2d_TS_ACCURACY(const TS_ACCURACY *a, unsigned char **pp); +TS_ACCURACY *d2i_TS_ACCURACY(TS_ACCURACY **a, const unsigned char **pp, + long length); +TS_ACCURACY *TS_ACCURACY_dup(TS_ACCURACY *a); + +ESS_ISSUER_SERIAL *ESS_ISSUER_SERIAL_new(void); +void ESS_ISSUER_SERIAL_free(ESS_ISSUER_SERIAL *a); +int i2d_ESS_ISSUER_SERIAL(const ESS_ISSUER_SERIAL *a, + unsigned char **pp); +ESS_ISSUER_SERIAL *d2i_ESS_ISSUER_SERIAL(ESS_ISSUER_SERIAL **a, + const unsigned char **pp, long length); +ESS_ISSUER_SERIAL *ESS_ISSUER_SERIAL_dup(ESS_ISSUER_SERIAL *a); + +ESS_CERT_ID *ESS_CERT_ID_new(void); +void ESS_CERT_ID_free(ESS_CERT_ID *a); +int i2d_ESS_CERT_ID(const ESS_CERT_ID *a, unsigned char **pp); +ESS_CERT_ID *d2i_ESS_CERT_ID(ESS_CERT_ID **a, const unsigned char **pp, + long length); +ESS_CERT_ID *ESS_CERT_ID_dup(ESS_CERT_ID *a); + +ESS_SIGNING_CERT *ESS_SIGNING_CERT_new(void); +void ESS_SIGNING_CERT_free(ESS_SIGNING_CERT *a); +int i2d_ESS_SIGNING_CERT(const ESS_SIGNING_CERT *a, + unsigned char **pp); +ESS_SIGNING_CERT *d2i_ESS_SIGNING_CERT(ESS_SIGNING_CERT **a, + const unsigned char **pp, long length); +ESS_SIGNING_CERT *ESS_SIGNING_CERT_dup(ESS_SIGNING_CERT *a); + +void ERR_load_TS_strings(void); + +int TS_REQ_set_version(TS_REQ *a, long version); +long TS_REQ_get_version(const TS_REQ *a); + +int TS_REQ_set_msg_imprint(TS_REQ *a, TS_MSG_IMPRINT *msg_imprint); +TS_MSG_IMPRINT *TS_REQ_get_msg_imprint(TS_REQ *a); + +int TS_MSG_IMPRINT_set_algo(TS_MSG_IMPRINT *a, X509_ALGOR *alg); +X509_ALGOR *TS_MSG_IMPRINT_get_algo(TS_MSG_IMPRINT *a); + +int TS_MSG_IMPRINT_set_msg(TS_MSG_IMPRINT *a, unsigned char *d, int len); +ASN1_OCTET_STRING *TS_MSG_IMPRINT_get_msg(TS_MSG_IMPRINT *a); + +int TS_REQ_set_policy_id(TS_REQ *a, const ASN1_OBJECT *policy); +ASN1_OBJECT *TS_REQ_get_policy_id(TS_REQ *a); + +int TS_REQ_set_nonce(TS_REQ *a, const ASN1_INTEGER *nonce); +const ASN1_INTEGER *TS_REQ_get_nonce(const TS_REQ *a); + +int TS_REQ_set_cert_req(TS_REQ *a, int cert_req); +int TS_REQ_get_cert_req(const TS_REQ *a); + +STACK_OF(X509_EXTENSION) *TS_REQ_get_exts(TS_REQ *a); +void TS_REQ_ext_free(TS_REQ *a); +int TS_REQ_get_ext_count(TS_REQ *a); +int TS_REQ_get_ext_by_NID(TS_REQ *a, int nid, int lastpos); +int TS_REQ_get_ext_by_OBJ(TS_REQ *a, const ASN1_OBJECT *obj, int lastpos); +int TS_REQ_get_ext_by_critical(TS_REQ *a, int crit, int lastpos); +X509_EXTENSION *TS_REQ_get_ext(TS_REQ *a, int loc); +X509_EXTENSION *TS_REQ_delete_ext(TS_REQ *a, int loc); +int TS_REQ_add_ext(TS_REQ *a, X509_EXTENSION *ex, int loc); +void *TS_REQ_get_ext_d2i(TS_REQ *a, int nid, int *crit, int *idx); + +/* Function declarations for TS_REQ defined in ts/ts_req_print.c */ + +int TS_REQ_print_bio(BIO *bio, TS_REQ *a); + +/* Function declarations for TS_RESP defined in ts/ts_resp_utils.c */ + +int TS_RESP_set_status_info(TS_RESP *a, TS_STATUS_INFO *info); +TS_STATUS_INFO *TS_RESP_get_status_info(TS_RESP *a); + +/* Caller loses ownership of PKCS7 and TS_TST_INFO objects. */ +void TS_RESP_set_tst_info(TS_RESP *a, PKCS7 *p7, TS_TST_INFO *tst_info); +PKCS7 *TS_RESP_get_token(TS_RESP *a); +TS_TST_INFO *TS_RESP_get_tst_info(TS_RESP *a); + +int TS_TST_INFO_set_version(TS_TST_INFO *a, long version); +long TS_TST_INFO_get_version(const TS_TST_INFO *a); + +int TS_TST_INFO_set_policy_id(TS_TST_INFO *a, ASN1_OBJECT *policy_id); +ASN1_OBJECT *TS_TST_INFO_get_policy_id(TS_TST_INFO *a); + +int TS_TST_INFO_set_msg_imprint(TS_TST_INFO *a, TS_MSG_IMPRINT *msg_imprint); +TS_MSG_IMPRINT *TS_TST_INFO_get_msg_imprint(TS_TST_INFO *a); + +int TS_TST_INFO_set_serial(TS_TST_INFO *a, const ASN1_INTEGER *serial); +const ASN1_INTEGER *TS_TST_INFO_get_serial(const TS_TST_INFO *a); + +int TS_TST_INFO_set_time(TS_TST_INFO *a, const ASN1_GENERALIZEDTIME *gtime); +const ASN1_GENERALIZEDTIME *TS_TST_INFO_get_time(const TS_TST_INFO *a); + +int TS_TST_INFO_set_accuracy(TS_TST_INFO *a, TS_ACCURACY *accuracy); +TS_ACCURACY *TS_TST_INFO_get_accuracy(TS_TST_INFO *a); + +int TS_ACCURACY_set_seconds(TS_ACCURACY *a, const ASN1_INTEGER *seconds); +const ASN1_INTEGER *TS_ACCURACY_get_seconds(const TS_ACCURACY *a); + +int TS_ACCURACY_set_millis(TS_ACCURACY *a, const ASN1_INTEGER *millis); +const ASN1_INTEGER *TS_ACCURACY_get_millis(const TS_ACCURACY *a); + +int TS_ACCURACY_set_micros(TS_ACCURACY *a, const ASN1_INTEGER *micros); +const ASN1_INTEGER *TS_ACCURACY_get_micros(const TS_ACCURACY *a); + +int TS_TST_INFO_set_ordering(TS_TST_INFO *a, int ordering); +int TS_TST_INFO_get_ordering(const TS_TST_INFO *a); + +int TS_TST_INFO_set_nonce(TS_TST_INFO *a, const ASN1_INTEGER *nonce); +const ASN1_INTEGER *TS_TST_INFO_get_nonce(const TS_TST_INFO *a); + +int TS_TST_INFO_set_tsa(TS_TST_INFO *a, GENERAL_NAME *tsa); +GENERAL_NAME *TS_TST_INFO_get_tsa(TS_TST_INFO *a); + +STACK_OF(X509_EXTENSION) *TS_TST_INFO_get_exts(TS_TST_INFO *a); +void TS_TST_INFO_ext_free(TS_TST_INFO *a); +int TS_TST_INFO_get_ext_count(TS_TST_INFO *a); +int TS_TST_INFO_get_ext_by_NID(TS_TST_INFO *a, int nid, int lastpos); +int TS_TST_INFO_get_ext_by_OBJ(TS_TST_INFO *a, const ASN1_OBJECT *obj, + int lastpos); +int TS_TST_INFO_get_ext_by_critical(TS_TST_INFO *a, int crit, int lastpos); +X509_EXTENSION *TS_TST_INFO_get_ext(TS_TST_INFO *a, int loc); +X509_EXTENSION *TS_TST_INFO_delete_ext(TS_TST_INFO *a, int loc); +int TS_TST_INFO_add_ext(TS_TST_INFO *a, X509_EXTENSION *ex, int loc); +void *TS_TST_INFO_get_ext_d2i(TS_TST_INFO *a, int nid, int *crit, int *idx); + +/* Declarations related to response generation, defined in ts/ts_resp_sign.c. */ + +/* Optional flags for response generation. */ + +/* Don't include the TSA name in response. */ +#define TS_TSA_NAME 0x01 + +/* Set ordering to true in response. */ +#define TS_ORDERING 0x02 + +/* + * Include the signer certificate and the other specified certificates in + * the ESS signing certificate attribute beside the PKCS7 signed data. + * Only the signer certificates is included by default. + */ +#define TS_ESS_CERT_ID_CHAIN 0x04 + +/* Forward declaration. */ +struct TS_resp_ctx; + +/* This must return a unique number less than 160 bits long. */ +typedef ASN1_INTEGER *(*TS_serial_cb)(struct TS_resp_ctx *, void *); + +/* This must return the seconds and microseconds since Jan 1, 1970 in + the sec and usec variables allocated by the caller. + Return non-zero for success and zero for failure. */ +typedef int (*TS_time_cb)(struct TS_resp_ctx *, void *, time_t *sec, long *usec); + +/* This must process the given extension. + * It can modify the TS_TST_INFO object of the context. + * Return values: !0 (processed), 0 (error, it must set the + * status info/failure info of the response). + */ +typedef int (*TS_extension_cb)(struct TS_resp_ctx *, X509_EXTENSION *, void *); + +typedef struct TS_resp_ctx { + X509 *signer_cert; + EVP_PKEY *signer_key; + STACK_OF(X509) *certs; /* Certs to include in signed data. */ + STACK_OF(ASN1_OBJECT) *policies; /* Acceptable policies. */ + ASN1_OBJECT *default_policy; /* It may appear in policies, too. */ + STACK_OF(EVP_MD) *mds; /* Acceptable message digests. */ + ASN1_INTEGER *seconds; /* accuracy, 0 means not specified. */ + ASN1_INTEGER *millis; /* accuracy, 0 means not specified. */ + ASN1_INTEGER *micros; /* accuracy, 0 means not specified. */ + unsigned clock_precision_digits; /* fraction of seconds in + time stamp token. */ + unsigned flags; /* Optional info, see values above. */ + + /* Callback functions. */ + TS_serial_cb serial_cb; + void *serial_cb_data; /* User data for serial_cb. */ + + TS_time_cb time_cb; + void *time_cb_data; /* User data for time_cb. */ + + TS_extension_cb extension_cb; + void *extension_cb_data; /* User data for extension_cb. */ + + /* These members are used only while creating the response. */ + TS_REQ *request; + TS_RESP *response; + TS_TST_INFO *tst_info; +} TS_RESP_CTX; + +DECLARE_STACK_OF(EVP_MD) + +/* Creates a response context that can be used for generating responses. */ +TS_RESP_CTX *TS_RESP_CTX_new(void); +void TS_RESP_CTX_free(TS_RESP_CTX *ctx); + +/* This parameter must be set. */ +int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer); + +/* This parameter must be set. */ +int TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key); + +/* This parameter must be set. */ +int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *def_policy); + +/* No additional certs are included in the response by default. */ +int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs); + +/* Adds a new acceptable policy, only the default policy + is accepted by default. */ +int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *policy); + +/* Adds a new acceptable message digest. Note that no message digests + are accepted by default. The md argument is shared with the caller. */ +int TS_RESP_CTX_add_md(TS_RESP_CTX *ctx, const EVP_MD *md); + +/* Accuracy is not included by default. */ +int TS_RESP_CTX_set_accuracy(TS_RESP_CTX *ctx, + int secs, int millis, int micros); + +/* Clock precision digits, i.e. the number of decimal digits: + '0' means sec, '3' msec, '6' usec, and so on. Default is 0. */ +int TS_RESP_CTX_set_clock_precision_digits(TS_RESP_CTX *ctx, + unsigned clock_precision_digits); +/* At most we accept usec precision. */ +#define TS_MAX_CLOCK_PRECISION_DIGITS 6 + +/* No flags are set by default. */ +void TS_RESP_CTX_add_flags(TS_RESP_CTX *ctx, int flags); + +/* Default callback always returns a constant. */ +void TS_RESP_CTX_set_serial_cb(TS_RESP_CTX *ctx, TS_serial_cb cb, void *data); + +/* Default callback rejects all extensions. The extension callback is called + * when the TS_TST_INFO object is already set up and not signed yet. */ +/* FIXME: extension handling is not tested yet. */ +void TS_RESP_CTX_set_extension_cb(TS_RESP_CTX *ctx, + TS_extension_cb cb, void *data); + +/* The following methods can be used in the callbacks. */ +int TS_RESP_CTX_set_status_info(TS_RESP_CTX *ctx, + int status, const char *text); + +/* Sets the status info only if it is still TS_STATUS_GRANTED. */ +int TS_RESP_CTX_set_status_info_cond(TS_RESP_CTX *ctx, + int status, const char *text); + +int TS_RESP_CTX_add_failure_info(TS_RESP_CTX *ctx, int failure); + +/* The get methods below can be used in the extension callback. */ +TS_REQ *TS_RESP_CTX_get_request(TS_RESP_CTX *ctx); + +TS_TST_INFO *TS_RESP_CTX_get_tst_info(TS_RESP_CTX *ctx); + +/* + * Creates the signed TS_TST_INFO and puts it in TS_RESP. + * In case of errors it sets the status info properly. + * Returns NULL only in case of memory allocation/fatal error. + */ +TS_RESP *TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio); + +/* + * Declarations related to response verification, + * they are defined in ts/ts_resp_verify.c. + */ + +int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs, + X509_STORE *store, X509 **signer_out); + +/* Context structure for the generic verify method. */ + +/* Verify the signer's certificate and the signature of the response. */ +#define TS_VFY_SIGNATURE (1u << 0) +/* Verify the version number of the response. */ +#define TS_VFY_VERSION (1u << 1) +/* Verify if the policy supplied by the user matches the policy of the TSA. */ +#define TS_VFY_POLICY (1u << 2) +/* Verify the message imprint provided by the user. This flag should not be + specified with TS_VFY_DATA. */ +#define TS_VFY_IMPRINT (1u << 3) +/* Verify the message imprint computed by the verify method from the user + provided data and the MD algorithm of the response. This flag should not be + specified with TS_VFY_IMPRINT. */ +#define TS_VFY_DATA (1u << 4) +/* Verify the nonce value. */ +#define TS_VFY_NONCE (1u << 5) +/* Verify if the TSA name field matches the signer certificate. */ +#define TS_VFY_SIGNER (1u << 6) +/* Verify if the TSA name field equals to the user provided name. */ +#define TS_VFY_TSA_NAME (1u << 7) + +/* You can use the following convenience constants. */ +#define TS_VFY_ALL_IMPRINT (TS_VFY_SIGNATURE \ + | TS_VFY_VERSION \ + | TS_VFY_POLICY \ + | TS_VFY_IMPRINT \ + | TS_VFY_NONCE \ + | TS_VFY_SIGNER \ + | TS_VFY_TSA_NAME) +#define TS_VFY_ALL_DATA (TS_VFY_SIGNATURE \ + | TS_VFY_VERSION \ + | TS_VFY_POLICY \ + | TS_VFY_DATA \ + | TS_VFY_NONCE \ + | TS_VFY_SIGNER \ + | TS_VFY_TSA_NAME) + +typedef struct TS_verify_ctx { + /* Set this to the union of TS_VFY_... flags you want to carry out. */ + unsigned flags; + + /* Must be set only with TS_VFY_SIGNATURE. certs is optional. */ + X509_STORE *store; + STACK_OF(X509) *certs; + + /* Must be set only with TS_VFY_POLICY. */ + ASN1_OBJECT *policy; + + /* Must be set only with TS_VFY_IMPRINT. If md_alg is NULL, + the algorithm from the response is used. */ + X509_ALGOR *md_alg; + unsigned char *imprint; + unsigned imprint_len; + + /* Must be set only with TS_VFY_DATA. */ + BIO *data; + + /* Must be set only with TS_VFY_TSA_NAME. */ + ASN1_INTEGER *nonce; + + /* Must be set only with TS_VFY_TSA_NAME. */ + GENERAL_NAME *tsa_name; +} TS_VERIFY_CTX; + +int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response); +int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token); + +/* + * Declarations related to response verification context, + * they are defined in ts/ts_verify_ctx.c. + */ + +/* Set all fields to zero. */ +TS_VERIFY_CTX *TS_VERIFY_CTX_new(void); +void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx); +void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx); +void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx); + +/* + * If ctx is NULL, it allocates and returns a new object, otherwise + * it returns ctx. It initialises all the members as follows: + * flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE) + * certs = NULL + * store = NULL + * policy = policy from the request or NULL if absent (in this case + * TS_VFY_POLICY is cleared from flags as well) + * md_alg = MD algorithm from request + * imprint, imprint_len = imprint from request + * data = NULL + * nonce, nonce_len = nonce from the request or NULL if absent (in this case + * TS_VFY_NONCE is cleared from flags as well) + * tsa_name = NULL + * Important: after calling this method TS_VFY_SIGNATURE should be added! + */ +TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx); + +/* Function declarations for TS_RESP defined in ts/ts_resp_print.c */ + +int TS_RESP_print_bio(BIO *bio, TS_RESP *a); +int TS_STATUS_INFO_print_bio(BIO *bio, TS_STATUS_INFO *a); +int TS_TST_INFO_print_bio(BIO *bio, TS_TST_INFO *a); + +/* Common utility functions defined in ts/ts_lib.c */ + +int TS_ASN1_INTEGER_print_bio(BIO *bio, const ASN1_INTEGER *num); +int TS_OBJ_print_bio(BIO *bio, const ASN1_OBJECT *obj); +int TS_ext_print_bio(BIO *bio, const STACK_OF(X509_EXTENSION) *extensions); +int TS_X509_ALGOR_print_bio(BIO *bio, const X509_ALGOR *alg); +int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *msg); + +/* Function declarations for handling configuration options, + defined in ts/ts_conf.c */ + +X509 *TS_CONF_load_cert(const char *file); +STACK_OF(X509) *TS_CONF_load_certs(const char *file); +EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass); +const char *TS_CONF_get_tsa_section(CONF *conf, const char *section); +int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb, + TS_RESP_CTX *ctx); +int TS_CONF_set_crypto_device(CONF *conf, const char *section, + const char *device); +int TS_CONF_set_default_engine(const char *name); +int TS_CONF_set_signer_cert(CONF *conf, const char *section, + const char *cert, TS_RESP_CTX *ctx); +int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs, + TS_RESP_CTX *ctx); +int TS_CONF_set_signer_key(CONF *conf, const char *section, + const char *key, const char *pass, TS_RESP_CTX *ctx); +int TS_CONF_set_def_policy(CONF *conf, const char *section, + const char *policy, TS_RESP_CTX *ctx); +int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_digests(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_clock_precision_digits(CONF *conf, const char *section, + TS_RESP_CTX *ctx); +int TS_CONF_set_ordering(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_tsa_name(CONF *conf, const char *section, TS_RESP_CTX *ctx); +int TS_CONF_set_ess_cert_id_chain(CONF *conf, const char *section, + TS_RESP_CTX *ctx); + +/* -------------------------------------------------- */ +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ +void ERR_load_TS_strings(void); + +/* Error codes for the TS functions. */ + +/* Function codes. */ +#define TS_F_D2I_TS_RESP 147 +#define TS_F_DEF_SERIAL_CB 110 +#define TS_F_DEF_TIME_CB 111 +#define TS_F_ESS_ADD_SIGNING_CERT 112 +#define TS_F_ESS_CERT_ID_NEW_INIT 113 +#define TS_F_ESS_SIGNING_CERT_NEW_INIT 114 +#define TS_F_INT_TS_RESP_VERIFY_TOKEN 149 +#define TS_F_PKCS7_TO_TS_TST_INFO 148 +#define TS_F_TS_ACCURACY_SET_MICROS 115 +#define TS_F_TS_ACCURACY_SET_MILLIS 116 +#define TS_F_TS_ACCURACY_SET_SECONDS 117 +#define TS_F_TS_CHECK_IMPRINTS 100 +#define TS_F_TS_CHECK_NONCES 101 +#define TS_F_TS_CHECK_POLICY 102 +#define TS_F_TS_CHECK_SIGNING_CERTS 103 +#define TS_F_TS_CHECK_STATUS_INFO 104 +#define TS_F_TS_COMPUTE_IMPRINT 145 +#define TS_F_TS_CONF_SET_DEFAULT_ENGINE 146 +#define TS_F_TS_GET_STATUS_TEXT 105 +#define TS_F_TS_MSG_IMPRINT_SET_ALGO 118 +#define TS_F_TS_REQ_SET_MSG_IMPRINT 119 +#define TS_F_TS_REQ_SET_NONCE 120 +#define TS_F_TS_REQ_SET_POLICY_ID 121 +#define TS_F_TS_RESP_CREATE_RESPONSE 122 +#define TS_F_TS_RESP_CREATE_TST_INFO 123 +#define TS_F_TS_RESP_CTX_ADD_FAILURE_INFO 124 +#define TS_F_TS_RESP_CTX_ADD_MD 125 +#define TS_F_TS_RESP_CTX_ADD_POLICY 126 +#define TS_F_TS_RESP_CTX_NEW 127 +#define TS_F_TS_RESP_CTX_SET_ACCURACY 128 +#define TS_F_TS_RESP_CTX_SET_CERTS 129 +#define TS_F_TS_RESP_CTX_SET_DEF_POLICY 130 +#define TS_F_TS_RESP_CTX_SET_SIGNER_CERT 131 +#define TS_F_TS_RESP_CTX_SET_STATUS_INFO 132 +#define TS_F_TS_RESP_GET_POLICY 133 +#define TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION 134 +#define TS_F_TS_RESP_SET_STATUS_INFO 135 +#define TS_F_TS_RESP_SET_TST_INFO 150 +#define TS_F_TS_RESP_SIGN 136 +#define TS_F_TS_RESP_VERIFY_SIGNATURE 106 +#define TS_F_TS_RESP_VERIFY_TOKEN 107 +#define TS_F_TS_TST_INFO_SET_ACCURACY 137 +#define TS_F_TS_TST_INFO_SET_MSG_IMPRINT 138 +#define TS_F_TS_TST_INFO_SET_NONCE 139 +#define TS_F_TS_TST_INFO_SET_POLICY_ID 140 +#define TS_F_TS_TST_INFO_SET_SERIAL 141 +#define TS_F_TS_TST_INFO_SET_TIME 142 +#define TS_F_TS_TST_INFO_SET_TSA 143 +#define TS_F_TS_VERIFY 108 +#define TS_F_TS_VERIFY_CERT 109 +#define TS_F_TS_VERIFY_CTX_NEW 144 + +/* Reason codes. */ +#define TS_R_BAD_PKCS7_TYPE 132 +#define TS_R_BAD_TYPE 133 +#define TS_R_CERTIFICATE_VERIFY_ERROR 100 +#define TS_R_COULD_NOT_SET_ENGINE 127 +#define TS_R_COULD_NOT_SET_TIME 115 +#define TS_R_D2I_TS_RESP_INT_FAILED 128 +#define TS_R_DETACHED_CONTENT 134 +#define TS_R_ESS_ADD_SIGNING_CERT_ERROR 116 +#define TS_R_ESS_SIGNING_CERTIFICATE_ERROR 101 +#define TS_R_INVALID_NULL_POINTER 102 +#define TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE 117 +#define TS_R_MESSAGE_IMPRINT_MISMATCH 103 +#define TS_R_NONCE_MISMATCH 104 +#define TS_R_NONCE_NOT_RETURNED 105 +#define TS_R_NO_CONTENT 106 +#define TS_R_NO_TIME_STAMP_TOKEN 107 +#define TS_R_PKCS7_ADD_SIGNATURE_ERROR 118 +#define TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR 119 +#define TS_R_PKCS7_TO_TS_TST_INFO_FAILED 129 +#define TS_R_POLICY_MISMATCH 108 +#define TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 120 +#define TS_R_RESPONSE_SETUP_ERROR 121 +#define TS_R_SIGNATURE_FAILURE 109 +#define TS_R_THERE_MUST_BE_ONE_SIGNER 110 +#define TS_R_TIME_SYSCALL_ERROR 122 +#define TS_R_TOKEN_NOT_PRESENT 130 +#define TS_R_TOKEN_PRESENT 131 +#define TS_R_TSA_NAME_MISMATCH 111 +#define TS_R_TSA_UNTRUSTED 112 +#define TS_R_TST_INFO_SETUP_ERROR 123 +#define TS_R_TS_DATASIGN 124 +#define TS_R_UNACCEPTABLE_POLICY 125 +#define TS_R_UNSUPPORTED_MD_ALGORITHM 126 +#define TS_R_UNSUPPORTED_VERSION 113 +#define TS_R_WRONG_CONTENT_TYPE 114 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/src/lib/libcrypto/ts/ts_asn1.c b/src/lib/libcrypto/ts/ts_asn1.c new file mode 100644 index 00000000000..bc89f1368af --- /dev/null +++ b/src/lib/libcrypto/ts/ts_asn1.c @@ -0,0 +1,890 @@ +/* $OpenBSD: ts_asn1.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */ +/* Written by Nils Larsch for the OpenSSL project 2004. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include + +#include +#include +#include + +static const ASN1_TEMPLATE TS_MSG_IMPRINT_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(TS_MSG_IMPRINT, hash_algo), + .field_name = "hash_algo", + .item = &X509_ALGOR_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(TS_MSG_IMPRINT, hashed_msg), + .field_name = "hashed_msg", + .item = &ASN1_OCTET_STRING_it, + }, +}; + +const ASN1_ITEM TS_MSG_IMPRINT_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = TS_MSG_IMPRINT_seq_tt, + .tcount = sizeof(TS_MSG_IMPRINT_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(TS_MSG_IMPRINT), + .sname = "TS_MSG_IMPRINT", +}; + + +TS_MSG_IMPRINT * +d2i_TS_MSG_IMPRINT(TS_MSG_IMPRINT **a, const unsigned char **in, long len) +{ + return (TS_MSG_IMPRINT *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &TS_MSG_IMPRINT_it); +} + +int +i2d_TS_MSG_IMPRINT(const TS_MSG_IMPRINT *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &TS_MSG_IMPRINT_it); +} + +TS_MSG_IMPRINT * +TS_MSG_IMPRINT_new(void) +{ + return (TS_MSG_IMPRINT *)ASN1_item_new(&TS_MSG_IMPRINT_it); +} + +void +TS_MSG_IMPRINT_free(TS_MSG_IMPRINT *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &TS_MSG_IMPRINT_it); +} + +TS_MSG_IMPRINT * +TS_MSG_IMPRINT_dup(TS_MSG_IMPRINT *x) +{ + return ASN1_item_dup(&TS_MSG_IMPRINT_it, x); +} + +#ifndef OPENSSL_NO_BIO +TS_MSG_IMPRINT * +d2i_TS_MSG_IMPRINT_bio(BIO *bp, TS_MSG_IMPRINT **a) +{ + return ASN1_item_d2i_bio(&TS_MSG_IMPRINT_it, bp, a); +} + +int +i2d_TS_MSG_IMPRINT_bio(BIO *bp, TS_MSG_IMPRINT *a) +{ + return ASN1_item_i2d_bio(&TS_MSG_IMPRINT_it, bp, a); +} +#endif + +TS_MSG_IMPRINT * +d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a) +{ + return ASN1_item_d2i_fp(&TS_MSG_IMPRINT_it, fp, a); +} + +int +i2d_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT *a) +{ + return ASN1_item_i2d_fp(&TS_MSG_IMPRINT_it, fp, a); +} + +static const ASN1_TEMPLATE TS_REQ_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(TS_REQ, version), + .field_name = "version", + .item = &ASN1_INTEGER_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(TS_REQ, msg_imprint), + .field_name = "msg_imprint", + .item = &TS_MSG_IMPRINT_it, + }, + { + .flags = ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(TS_REQ, policy_id), + .field_name = "policy_id", + .item = &ASN1_OBJECT_it, + }, + { + .flags = ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(TS_REQ, nonce), + .field_name = "nonce", + .item = &ASN1_INTEGER_it, + }, + { + .flags = ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(TS_REQ, cert_req), + .field_name = "cert_req", + .item = &ASN1_FBOOLEAN_it, + }, + { + .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(TS_REQ, extensions), + .field_name = "extensions", + .item = &X509_EXTENSION_it, + }, +}; + +const ASN1_ITEM TS_REQ_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = TS_REQ_seq_tt, + .tcount = sizeof(TS_REQ_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(TS_REQ), + .sname = "TS_REQ", +}; + + +TS_REQ * +d2i_TS_REQ(TS_REQ **a, const unsigned char **in, long len) +{ + return (TS_REQ *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &TS_REQ_it); +} + +int +i2d_TS_REQ(const TS_REQ *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &TS_REQ_it); +} + +TS_REQ * +TS_REQ_new(void) +{ + return (TS_REQ *)ASN1_item_new(&TS_REQ_it); +} + +void +TS_REQ_free(TS_REQ *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &TS_REQ_it); +} + +TS_REQ * +TS_REQ_dup(TS_REQ *x) +{ + return ASN1_item_dup(&TS_REQ_it, x); +} + +#ifndef OPENSSL_NO_BIO +TS_REQ * +d2i_TS_REQ_bio(BIO *bp, TS_REQ **a) +{ + return ASN1_item_d2i_bio(&TS_REQ_it, bp, a); +} + +int +i2d_TS_REQ_bio(BIO *bp, TS_REQ *a) +{ + return ASN1_item_i2d_bio(&TS_REQ_it, bp, a); +} +#endif + +TS_REQ * +d2i_TS_REQ_fp(FILE *fp, TS_REQ **a) +{ + return ASN1_item_d2i_fp(&TS_REQ_it, fp, a); +} + +int +i2d_TS_REQ_fp(FILE *fp, TS_REQ *a) +{ + return ASN1_item_i2d_fp(&TS_REQ_it, fp, a); +} + +static const ASN1_TEMPLATE TS_ACCURACY_seq_tt[] = { + { + .flags = ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(TS_ACCURACY, seconds), + .field_name = "seconds", + .item = &ASN1_INTEGER_it, + }, + { + .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(TS_ACCURACY, millis), + .field_name = "millis", + .item = &ASN1_INTEGER_it, + }, + { + .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL, + .tag = 1, + .offset = offsetof(TS_ACCURACY, micros), + .field_name = "micros", + .item = &ASN1_INTEGER_it, + }, +}; + +const ASN1_ITEM TS_ACCURACY_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = TS_ACCURACY_seq_tt, + .tcount = sizeof(TS_ACCURACY_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(TS_ACCURACY), + .sname = "TS_ACCURACY", +}; + + +TS_ACCURACY * +d2i_TS_ACCURACY(TS_ACCURACY **a, const unsigned char **in, long len) +{ + return (TS_ACCURACY *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &TS_ACCURACY_it); +} + +int +i2d_TS_ACCURACY(const TS_ACCURACY *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &TS_ACCURACY_it); +} + +TS_ACCURACY * +TS_ACCURACY_new(void) +{ + return (TS_ACCURACY *)ASN1_item_new(&TS_ACCURACY_it); +} + +void +TS_ACCURACY_free(TS_ACCURACY *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &TS_ACCURACY_it); +} + +TS_ACCURACY * +TS_ACCURACY_dup(TS_ACCURACY *x) +{ + return ASN1_item_dup(&TS_ACCURACY_it, x); +} + +static const ASN1_TEMPLATE TS_TST_INFO_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(TS_TST_INFO, version), + .field_name = "version", + .item = &ASN1_INTEGER_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(TS_TST_INFO, policy_id), + .field_name = "policy_id", + .item = &ASN1_OBJECT_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(TS_TST_INFO, msg_imprint), + .field_name = "msg_imprint", + .item = &TS_MSG_IMPRINT_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(TS_TST_INFO, serial), + .field_name = "serial", + .item = &ASN1_INTEGER_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(TS_TST_INFO, time), + .field_name = "time", + .item = &ASN1_GENERALIZEDTIME_it, + }, + { + .flags = ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(TS_TST_INFO, accuracy), + .field_name = "accuracy", + .item = &TS_ACCURACY_it, + }, + { + .flags = ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(TS_TST_INFO, ordering), + .field_name = "ordering", + .item = &ASN1_FBOOLEAN_it, + }, + { + .flags = ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(TS_TST_INFO, nonce), + .field_name = "nonce", + .item = &ASN1_INTEGER_it, + }, + { + .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(TS_TST_INFO, tsa), + .field_name = "tsa", + .item = &GENERAL_NAME_it, + }, + { + .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL, + .tag = 1, + .offset = offsetof(TS_TST_INFO, extensions), + .field_name = "extensions", + .item = &X509_EXTENSION_it, + }, +}; + +const ASN1_ITEM TS_TST_INFO_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = TS_TST_INFO_seq_tt, + .tcount = sizeof(TS_TST_INFO_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(TS_TST_INFO), + .sname = "TS_TST_INFO", +}; + + +TS_TST_INFO * +d2i_TS_TST_INFO(TS_TST_INFO **a, const unsigned char **in, long len) +{ + return (TS_TST_INFO *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &TS_TST_INFO_it); +} + +int +i2d_TS_TST_INFO(const TS_TST_INFO *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &TS_TST_INFO_it); +} + +TS_TST_INFO * +TS_TST_INFO_new(void) +{ + return (TS_TST_INFO *)ASN1_item_new(&TS_TST_INFO_it); +} + +void +TS_TST_INFO_free(TS_TST_INFO *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &TS_TST_INFO_it); +} + +TS_TST_INFO * +TS_TST_INFO_dup(TS_TST_INFO *x) +{ + return ASN1_item_dup(&TS_TST_INFO_it, x); +} + +#ifndef OPENSSL_NO_BIO +TS_TST_INFO * +d2i_TS_TST_INFO_bio(BIO *bp, TS_TST_INFO **a) +{ + return ASN1_item_d2i_bio(&TS_TST_INFO_it, bp, a); +} + +int +i2d_TS_TST_INFO_bio(BIO *bp, TS_TST_INFO *a) +{ + return ASN1_item_i2d_bio(&TS_TST_INFO_it, bp, a); +} +#endif + +TS_TST_INFO * +d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a) +{ + return ASN1_item_d2i_fp(&TS_TST_INFO_it, fp, a); +} + +int +i2d_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO *a) +{ + return ASN1_item_i2d_fp(&TS_TST_INFO_it, fp, a); +} + +static const ASN1_TEMPLATE TS_STATUS_INFO_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(TS_STATUS_INFO, status), + .field_name = "status", + .item = &ASN1_INTEGER_it, + }, + { + .flags = ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(TS_STATUS_INFO, text), + .field_name = "text", + .item = &ASN1_UTF8STRING_it, + }, + { + .flags = ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(TS_STATUS_INFO, failure_info), + .field_name = "failure_info", + .item = &ASN1_BIT_STRING_it, + }, +}; + +const ASN1_ITEM TS_STATUS_INFO_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = TS_STATUS_INFO_seq_tt, + .tcount = sizeof(TS_STATUS_INFO_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(TS_STATUS_INFO), + .sname = "TS_STATUS_INFO", +}; + + +TS_STATUS_INFO * +d2i_TS_STATUS_INFO(TS_STATUS_INFO **a, const unsigned char **in, long len) +{ + return (TS_STATUS_INFO *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &TS_STATUS_INFO_it); +} + +int +i2d_TS_STATUS_INFO(const TS_STATUS_INFO *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &TS_STATUS_INFO_it); +} + +TS_STATUS_INFO * +TS_STATUS_INFO_new(void) +{ + return (TS_STATUS_INFO *)ASN1_item_new(&TS_STATUS_INFO_it); +} + +void +TS_STATUS_INFO_free(TS_STATUS_INFO *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &TS_STATUS_INFO_it); +} + +TS_STATUS_INFO * +TS_STATUS_INFO_dup(TS_STATUS_INFO *x) +{ + return ASN1_item_dup(&TS_STATUS_INFO_it, x); +} + +static int +ts_resp_set_tst_info(TS_RESP *a) +{ + long status; + + status = ASN1_INTEGER_get(a->status_info->status); + + if (a->token) { + if (status != 0 && status != 1) { + TSerror(TS_R_TOKEN_PRESENT); + return 0; + } + if (a->tst_info != NULL) + TS_TST_INFO_free(a->tst_info); + a->tst_info = PKCS7_to_TS_TST_INFO(a->token); + if (!a->tst_info) { + TSerror(TS_R_PKCS7_TO_TS_TST_INFO_FAILED); + return 0; + } + } else if (status == 0 || status == 1) { + TSerror(TS_R_TOKEN_NOT_PRESENT); + return 0; + } + + return 1; +} + +static int +ts_resp_cb(int op, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) +{ + TS_RESP *ts_resp = (TS_RESP *)*pval; + + if (op == ASN1_OP_NEW_POST) { + ts_resp->tst_info = NULL; + } else if (op == ASN1_OP_FREE_POST) { + if (ts_resp->tst_info != NULL) + TS_TST_INFO_free(ts_resp->tst_info); + } else if (op == ASN1_OP_D2I_POST) { + if (ts_resp_set_tst_info(ts_resp) == 0) + return 0; + } + return 1; +} + +static const ASN1_AUX TS_RESP_aux = { + .app_data = NULL, + .flags = 0, + .ref_offset = 0, + .ref_lock = 0, + .asn1_cb = ts_resp_cb, + .enc_offset = 0, +}; +static const ASN1_TEMPLATE TS_RESP_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(TS_RESP, status_info), + .field_name = "status_info", + .item = &TS_STATUS_INFO_it, + }, + { + .flags = ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(TS_RESP, token), + .field_name = "token", + .item = &PKCS7_it, + }, +}; + +const ASN1_ITEM TS_RESP_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = TS_RESP_seq_tt, + .tcount = sizeof(TS_RESP_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = &TS_RESP_aux, + .size = sizeof(TS_RESP), + .sname = "TS_RESP", +}; + + +TS_RESP * +d2i_TS_RESP(TS_RESP **a, const unsigned char **in, long len) +{ + return (TS_RESP *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &TS_RESP_it); +} + +int +i2d_TS_RESP(const TS_RESP *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &TS_RESP_it); +} + +TS_RESP * +TS_RESP_new(void) +{ + return (TS_RESP *)ASN1_item_new(&TS_RESP_it); +} + +void +TS_RESP_free(TS_RESP *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &TS_RESP_it); +} + +TS_RESP * +TS_RESP_dup(TS_RESP *x) +{ + return ASN1_item_dup(&TS_RESP_it, x); +} + +#ifndef OPENSSL_NO_BIO +TS_RESP * +d2i_TS_RESP_bio(BIO *bp, TS_RESP **a) +{ + return ASN1_item_d2i_bio(&TS_RESP_it, bp, a); +} + +int +i2d_TS_RESP_bio(BIO *bp, TS_RESP *a) +{ + return ASN1_item_i2d_bio(&TS_RESP_it, bp, a); +} +#endif + +TS_RESP * +d2i_TS_RESP_fp(FILE *fp, TS_RESP **a) +{ + return ASN1_item_d2i_fp(&TS_RESP_it, fp, a); +} + +int +i2d_TS_RESP_fp(FILE *fp, TS_RESP *a) +{ + return ASN1_item_i2d_fp(&TS_RESP_it, fp, a); +} + +static const ASN1_TEMPLATE ESS_ISSUER_SERIAL_seq_tt[] = { + { + .flags = ASN1_TFLG_SEQUENCE_OF, + .tag = 0, + .offset = offsetof(ESS_ISSUER_SERIAL, issuer), + .field_name = "issuer", + .item = &GENERAL_NAME_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(ESS_ISSUER_SERIAL, serial), + .field_name = "serial", + .item = &ASN1_INTEGER_it, + }, +}; + +const ASN1_ITEM ESS_ISSUER_SERIAL_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = ESS_ISSUER_SERIAL_seq_tt, + .tcount = sizeof(ESS_ISSUER_SERIAL_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(ESS_ISSUER_SERIAL), + .sname = "ESS_ISSUER_SERIAL", +}; + + +ESS_ISSUER_SERIAL * +d2i_ESS_ISSUER_SERIAL(ESS_ISSUER_SERIAL **a, const unsigned char **in, long len) +{ + return (ESS_ISSUER_SERIAL *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &ESS_ISSUER_SERIAL_it); +} + +int +i2d_ESS_ISSUER_SERIAL(const ESS_ISSUER_SERIAL *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &ESS_ISSUER_SERIAL_it); +} + +ESS_ISSUER_SERIAL * +ESS_ISSUER_SERIAL_new(void) +{ + return (ESS_ISSUER_SERIAL *)ASN1_item_new(&ESS_ISSUER_SERIAL_it); +} + +void +ESS_ISSUER_SERIAL_free(ESS_ISSUER_SERIAL *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &ESS_ISSUER_SERIAL_it); +} + +ESS_ISSUER_SERIAL * +ESS_ISSUER_SERIAL_dup(ESS_ISSUER_SERIAL *x) +{ + return ASN1_item_dup(&ESS_ISSUER_SERIAL_it, x); +} + +static const ASN1_TEMPLATE ESS_CERT_ID_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(ESS_CERT_ID, hash), + .field_name = "hash", + .item = &ASN1_OCTET_STRING_it, + }, + { + .flags = ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(ESS_CERT_ID, issuer_serial), + .field_name = "issuer_serial", + .item = &ESS_ISSUER_SERIAL_it, + }, +}; + +const ASN1_ITEM ESS_CERT_ID_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = ESS_CERT_ID_seq_tt, + .tcount = sizeof(ESS_CERT_ID_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(ESS_CERT_ID), + .sname = "ESS_CERT_ID", +}; + + +ESS_CERT_ID * +d2i_ESS_CERT_ID(ESS_CERT_ID **a, const unsigned char **in, long len) +{ + return (ESS_CERT_ID *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &ESS_CERT_ID_it); +} + +int +i2d_ESS_CERT_ID(const ESS_CERT_ID *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &ESS_CERT_ID_it); +} + +ESS_CERT_ID * +ESS_CERT_ID_new(void) +{ + return (ESS_CERT_ID *)ASN1_item_new(&ESS_CERT_ID_it); +} + +void +ESS_CERT_ID_free(ESS_CERT_ID *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &ESS_CERT_ID_it); +} + +ESS_CERT_ID * +ESS_CERT_ID_dup(ESS_CERT_ID *x) +{ + return ASN1_item_dup(&ESS_CERT_ID_it, x); +} + +static const ASN1_TEMPLATE ESS_SIGNING_CERT_seq_tt[] = { + { + .flags = ASN1_TFLG_SEQUENCE_OF, + .tag = 0, + .offset = offsetof(ESS_SIGNING_CERT, cert_ids), + .field_name = "cert_ids", + .item = &ESS_CERT_ID_it, + }, + { + .flags = ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(ESS_SIGNING_CERT, policy_info), + .field_name = "policy_info", + .item = &POLICYINFO_it, + }, +}; + +const ASN1_ITEM ESS_SIGNING_CERT_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = ESS_SIGNING_CERT_seq_tt, + .tcount = sizeof(ESS_SIGNING_CERT_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(ESS_SIGNING_CERT), + .sname = "ESS_SIGNING_CERT", +}; + + +ESS_SIGNING_CERT * +d2i_ESS_SIGNING_CERT(ESS_SIGNING_CERT **a, const unsigned char **in, long len) +{ + return (ESS_SIGNING_CERT *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &ESS_SIGNING_CERT_it); +} + +int +i2d_ESS_SIGNING_CERT(const ESS_SIGNING_CERT *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &ESS_SIGNING_CERT_it); +} + +ESS_SIGNING_CERT * +ESS_SIGNING_CERT_new(void) +{ + return (ESS_SIGNING_CERT *)ASN1_item_new(&ESS_SIGNING_CERT_it); +} + +void +ESS_SIGNING_CERT_free(ESS_SIGNING_CERT *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &ESS_SIGNING_CERT_it); +} + +ESS_SIGNING_CERT * +ESS_SIGNING_CERT_dup(ESS_SIGNING_CERT *x) +{ + return ASN1_item_dup(&ESS_SIGNING_CERT_it, x); +} + +/* Getting encapsulated TS_TST_INFO object from PKCS7. */ +TS_TST_INFO * +PKCS7_to_TS_TST_INFO(PKCS7 *token) +{ + PKCS7_SIGNED *pkcs7_signed; + PKCS7 *enveloped; + ASN1_TYPE *tst_info_wrapper; + ASN1_OCTET_STRING *tst_info_der; + const unsigned char *p; + + if (!PKCS7_type_is_signed(token)) { + TSerror(TS_R_BAD_PKCS7_TYPE); + return NULL; + } + + /* Content must be present. */ + if (PKCS7_get_detached(token)) { + TSerror(TS_R_DETACHED_CONTENT); + return NULL; + } + + /* We have a signed data with content. */ + pkcs7_signed = token->d.sign; + enveloped = pkcs7_signed->contents; + if (OBJ_obj2nid(enveloped->type) != NID_id_smime_ct_TSTInfo) { + TSerror(TS_R_BAD_PKCS7_TYPE); + return NULL; + } + + /* We have a DER encoded TST_INFO as the signed data. */ + tst_info_wrapper = enveloped->d.other; + if (tst_info_wrapper->type != V_ASN1_OCTET_STRING) { + TSerror(TS_R_BAD_TYPE); + return NULL; + } + + /* We have the correct ASN1_OCTET_STRING type. */ + tst_info_der = tst_info_wrapper->value.octet_string; + /* At last, decode the TST_INFO. */ + p = tst_info_der->data; + return d2i_TS_TST_INFO(NULL, &p, tst_info_der->length); +} diff --git a/src/lib/libcrypto/ts/ts_conf.c b/src/lib/libcrypto/ts/ts_conf.c new file mode 100644 index 00000000000..41d185ee5a0 --- /dev/null +++ b/src/lib/libcrypto/ts/ts_conf.c @@ -0,0 +1,530 @@ +/* $OpenBSD: ts_conf.c,v 1.11 2018/04/14 07:18:37 tb Exp $ */ +/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL + * project 2002. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include + +#include + +#include +#include +#include +#include + +#ifndef OPENSSL_NO_ENGINE +#include +#endif + +/* Macro definitions for the configuration file. */ + +#define BASE_SECTION "tsa" +#define ENV_DEFAULT_TSA "default_tsa" +#define ENV_SERIAL "serial" +#define ENV_CRYPTO_DEVICE "crypto_device" +#define ENV_SIGNER_CERT "signer_cert" +#define ENV_CERTS "certs" +#define ENV_SIGNER_KEY "signer_key" +#define ENV_DEFAULT_POLICY "default_policy" +#define ENV_OTHER_POLICIES "other_policies" +#define ENV_DIGESTS "digests" +#define ENV_ACCURACY "accuracy" +#define ENV_ORDERING "ordering" +#define ENV_TSA_NAME "tsa_name" +#define ENV_ESS_CERT_ID_CHAIN "ess_cert_id_chain" +#define ENV_VALUE_SECS "secs" +#define ENV_VALUE_MILLISECS "millisecs" +#define ENV_VALUE_MICROSECS "microsecs" +#define ENV_CLOCK_PRECISION_DIGITS "clock_precision_digits" +#define ENV_VALUE_YES "yes" +#define ENV_VALUE_NO "no" + +/* Function definitions for certificate and key loading. */ + +X509 * +TS_CONF_load_cert(const char *file) +{ + BIO *cert = NULL; + X509 *x = NULL; + + if ((cert = BIO_new_file(file, "r")) == NULL) + goto end; + x = PEM_read_bio_X509_AUX(cert, NULL, NULL, NULL); + +end: + if (x == NULL) + fprintf(stderr, "unable to load certificate: %s\n", file); + BIO_free(cert); + return x; +} + +STACK_OF(X509) * +TS_CONF_load_certs(const char *file) +{ + BIO *certs = NULL; + STACK_OF(X509) *othercerts = NULL; + STACK_OF(X509_INFO) *allcerts = NULL; + int i; + + if (!(certs = BIO_new_file(file, "r"))) + goto end; + + if (!(othercerts = sk_X509_new_null())) + goto end; + allcerts = PEM_X509_INFO_read_bio(certs, NULL, NULL, NULL); + for (i = 0; i < sk_X509_INFO_num(allcerts); i++) { + X509_INFO *xi = sk_X509_INFO_value(allcerts, i); + if (xi->x509) { + if (sk_X509_push(othercerts, xi->x509) == 0) { + sk_X509_pop_free(othercerts, X509_free); + othercerts = NULL; + goto end; + } + xi->x509 = NULL; + } + } + +end: + if (othercerts == NULL) + fprintf(stderr, "unable to load certificates: %s\n", file); + sk_X509_INFO_pop_free(allcerts, X509_INFO_free); + BIO_free(certs); + return othercerts; +} + +EVP_PKEY * +TS_CONF_load_key(const char *file, const char *pass) +{ + BIO *key = NULL; + EVP_PKEY *pkey = NULL; + + if (!(key = BIO_new_file(file, "r"))) + goto end; + pkey = PEM_read_bio_PrivateKey(key, NULL, NULL, (char *) pass); + +end: + if (pkey == NULL) + fprintf(stderr, "unable to load private key: %s\n", file); + BIO_free(key); + return pkey; +} + +/* Function definitions for handling configuration options. */ + +static void +TS_CONF_lookup_fail(const char *name, const char *tag) +{ + fprintf(stderr, "variable lookup failed for %s::%s\n", name, tag); +} + +static void +TS_CONF_invalid(const char *name, const char *tag) +{ + fprintf(stderr, "invalid variable value for %s::%s\n", name, tag); +} + +const char * +TS_CONF_get_tsa_section(CONF *conf, const char *section) +{ + if (!section) { + section = NCONF_get_string(conf, BASE_SECTION, ENV_DEFAULT_TSA); + if (!section) + TS_CONF_lookup_fail(BASE_SECTION, ENV_DEFAULT_TSA); + } + return section; +} + +int +TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb, + TS_RESP_CTX *ctx) +{ + int ret = 0; + char *serial = NCONF_get_string(conf, section, ENV_SERIAL); + + if (!serial) { + TS_CONF_lookup_fail(section, ENV_SERIAL); + goto err; + } + TS_RESP_CTX_set_serial_cb(ctx, cb, serial); + + ret = 1; + +err: + return ret; +} + +#ifndef OPENSSL_NO_ENGINE + +int +TS_CONF_set_crypto_device(CONF *conf, const char *section, const char *device) +{ + int ret = 0; + + if (!device) + device = NCONF_get_string(conf, section, ENV_CRYPTO_DEVICE); + + if (device && !TS_CONF_set_default_engine(device)) { + TS_CONF_invalid(section, ENV_CRYPTO_DEVICE); + goto err; + } + ret = 1; + +err: + return ret; +} + +int +TS_CONF_set_default_engine(const char *name) +{ + ENGINE *e = NULL; + int ret = 0; + + /* Leave the default if builtin specified. */ + if (strcmp(name, "builtin") == 0) + return 1; + + if (!(e = ENGINE_by_id(name))) + goto err; + /* All the operations are going to be carried out by the engine. */ + if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) + goto err; + ret = 1; + +err: + if (!ret) { + TSerror(TS_R_COULD_NOT_SET_ENGINE); + ERR_asprintf_error_data("engine:%s", name); + } + ENGINE_free(e); + return ret; +} + +#endif + +int +TS_CONF_set_signer_cert(CONF *conf, const char *section, const char *cert, + TS_RESP_CTX *ctx) +{ + int ret = 0; + X509 *cert_obj = NULL; + + if (!cert) + cert = NCONF_get_string(conf, section, ENV_SIGNER_CERT); + if (!cert) { + TS_CONF_lookup_fail(section, ENV_SIGNER_CERT); + goto err; + } + if (!(cert_obj = TS_CONF_load_cert(cert))) + goto err; + if (!TS_RESP_CTX_set_signer_cert(ctx, cert_obj)) + goto err; + + ret = 1; + +err: + X509_free(cert_obj); + return ret; +} + +int +TS_CONF_set_certs(CONF *conf, const char *section, const char *certs, + TS_RESP_CTX *ctx) +{ + int ret = 0; + STACK_OF(X509) *certs_obj = NULL; + + if (!certs) + certs = NCONF_get_string(conf, section, ENV_CERTS); + /* Certificate chain is optional. */ + if (!certs) + goto end; + if (!(certs_obj = TS_CONF_load_certs(certs))) + goto err; + if (!TS_RESP_CTX_set_certs(ctx, certs_obj)) + goto err; + +end: + ret = 1; +err: + sk_X509_pop_free(certs_obj, X509_free); + return ret; +} + +int +TS_CONF_set_signer_key(CONF *conf, const char *section, const char *key, + const char *pass, TS_RESP_CTX *ctx) +{ + int ret = 0; + EVP_PKEY *key_obj = NULL; + + if (!key) + key = NCONF_get_string(conf, section, ENV_SIGNER_KEY); + if (!key) { + TS_CONF_lookup_fail(section, ENV_SIGNER_KEY); + goto err; + } + if (!(key_obj = TS_CONF_load_key(key, pass))) + goto err; + if (!TS_RESP_CTX_set_signer_key(ctx, key_obj)) + goto err; + + ret = 1; + +err: + EVP_PKEY_free(key_obj); + return ret; +} + +int +TS_CONF_set_def_policy(CONF *conf, const char *section, const char *policy, + TS_RESP_CTX *ctx) +{ + int ret = 0; + ASN1_OBJECT *policy_obj = NULL; + + if (!policy) + policy = NCONF_get_string(conf, section, ENV_DEFAULT_POLICY); + if (!policy) { + TS_CONF_lookup_fail(section, ENV_DEFAULT_POLICY); + goto err; + } + if (!(policy_obj = OBJ_txt2obj(policy, 0))) { + TS_CONF_invalid(section, ENV_DEFAULT_POLICY); + goto err; + } + if (!TS_RESP_CTX_set_def_policy(ctx, policy_obj)) + goto err; + + ret = 1; + +err: + ASN1_OBJECT_free(policy_obj); + return ret; +} + +int +TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx) +{ + int ret = 0; + int i; + STACK_OF(CONF_VALUE) *list = NULL; + char *policies = NCONF_get_string(conf, section, ENV_OTHER_POLICIES); + + /* If no other policy is specified, that's fine. */ + if (policies && !(list = X509V3_parse_list(policies))) { + TS_CONF_invalid(section, ENV_OTHER_POLICIES); + goto err; + } + for (i = 0; i < sk_CONF_VALUE_num(list); ++i) { + CONF_VALUE *val = sk_CONF_VALUE_value(list, i); + const char *extval = val->value ? val->value : val->name; + ASN1_OBJECT *objtmp; + if (!(objtmp = OBJ_txt2obj(extval, 0))) { + TS_CONF_invalid(section, ENV_OTHER_POLICIES); + goto err; + } + if (!TS_RESP_CTX_add_policy(ctx, objtmp)) + goto err; + ASN1_OBJECT_free(objtmp); + } + + ret = 1; + +err: + sk_CONF_VALUE_pop_free(list, X509V3_conf_free); + return ret; +} + +int +TS_CONF_set_digests(CONF *conf, const char *section, TS_RESP_CTX *ctx) +{ + int ret = 0; + int i; + STACK_OF(CONF_VALUE) *list = NULL; + char *digests = NCONF_get_string(conf, section, ENV_DIGESTS); + + if (!digests) { + TS_CONF_lookup_fail(section, ENV_DIGESTS); + goto err; + } + if (!(list = X509V3_parse_list(digests))) { + TS_CONF_invalid(section, ENV_DIGESTS); + goto err; + } + if (sk_CONF_VALUE_num(list) == 0) { + TS_CONF_invalid(section, ENV_DIGESTS); + goto err; + } + for (i = 0; i < sk_CONF_VALUE_num(list); ++i) { + CONF_VALUE *val = sk_CONF_VALUE_value(list, i); + const char *extval = val->value ? val->value : val->name; + const EVP_MD *md; + if (!(md = EVP_get_digestbyname(extval))) { + TS_CONF_invalid(section, ENV_DIGESTS); + goto err; + } + if (!TS_RESP_CTX_add_md(ctx, md)) + goto err; + } + + ret = 1; + +err: + sk_CONF_VALUE_pop_free(list, X509V3_conf_free); + return ret; +} + +int +TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx) +{ + int ret = 0; + int i; + int secs = 0, millis = 0, micros = 0; + STACK_OF(CONF_VALUE) *list = NULL; + char *accuracy = NCONF_get_string(conf, section, ENV_ACCURACY); + + if (accuracy && !(list = X509V3_parse_list(accuracy))) { + TS_CONF_invalid(section, ENV_ACCURACY); + goto err; + } + for (i = 0; i < sk_CONF_VALUE_num(list); ++i) { + CONF_VALUE *val = sk_CONF_VALUE_value(list, i); + if (strcmp(val->name, ENV_VALUE_SECS) == 0) { + if (val->value) + secs = atoi(val->value); + } else if (strcmp(val->name, ENV_VALUE_MILLISECS) == 0) { + if (val->value) + millis = atoi(val->value); + } else if (strcmp(val->name, ENV_VALUE_MICROSECS) == 0) { + if (val->value) + micros = atoi(val->value); + } else { + TS_CONF_invalid(section, ENV_ACCURACY); + goto err; + } + } + if (!TS_RESP_CTX_set_accuracy(ctx, secs, millis, micros)) + goto err; + + ret = 1; + +err: + sk_CONF_VALUE_pop_free(list, X509V3_conf_free); + return ret; +} + +int +TS_CONF_set_clock_precision_digits(CONF *conf, const char *section, + TS_RESP_CTX *ctx) +{ + int ret = 0; + long digits = 0; + + /* If not specified, set the default value to 0, i.e. sec precision */ + if (!NCONF_get_number_e(conf, section, ENV_CLOCK_PRECISION_DIGITS, + &digits)) + digits = 0; + if (digits < 0 || digits > TS_MAX_CLOCK_PRECISION_DIGITS) { + TS_CONF_invalid(section, ENV_CLOCK_PRECISION_DIGITS); + goto err; + } + + if (!TS_RESP_CTX_set_clock_precision_digits(ctx, digits)) + goto err; + + return 1; + +err: + return ret; +} + +static int +TS_CONF_add_flag(CONF *conf, const char *section, const char *field, int flag, + TS_RESP_CTX *ctx) +{ + /* Default is false. */ + const char *value = NCONF_get_string(conf, section, field); + + if (value) { + if (strcmp(value, ENV_VALUE_YES) == 0) + TS_RESP_CTX_add_flags(ctx, flag); + else if (strcmp(value, ENV_VALUE_NO) != 0) { + TS_CONF_invalid(section, field); + return 0; + } + } + + return 1; +} + +int +TS_CONF_set_ordering(CONF *conf, const char *section, TS_RESP_CTX *ctx) +{ + return TS_CONF_add_flag(conf, section, ENV_ORDERING, TS_ORDERING, ctx); +} + +int +TS_CONF_set_tsa_name(CONF *conf, const char *section, TS_RESP_CTX *ctx) +{ + return TS_CONF_add_flag(conf, section, ENV_TSA_NAME, TS_TSA_NAME, ctx); +} + +int +TS_CONF_set_ess_cert_id_chain(CONF *conf, const char *section, TS_RESP_CTX *ctx) +{ + return TS_CONF_add_flag(conf, section, ENV_ESS_CERT_ID_CHAIN, + TS_ESS_CERT_ID_CHAIN, ctx); +} diff --git a/src/lib/libcrypto/ts/ts_err.c b/src/lib/libcrypto/ts/ts_err.c new file mode 100644 index 00000000000..4b899093844 --- /dev/null +++ b/src/lib/libcrypto/ts/ts_err.c @@ -0,0 +1,129 @@ +/* $OpenBSD: ts_err.c,v 1.5 2017/01/29 17:49:23 beck Exp $ */ +/* ==================================================================== + * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file, + * only reason strings will be preserved. + */ + +#include + +#include + +#include +#include + +/* BEGIN ERROR CODES */ +#ifndef OPENSSL_NO_ERR + +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_TS,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_TS,0,reason) + +static ERR_STRING_DATA TS_str_functs[] = { + {ERR_FUNC(0xfff), "CRYPTO_internal"}, + {0, NULL} +}; + +static ERR_STRING_DATA TS_str_reasons[]= { + {ERR_REASON(TS_R_BAD_PKCS7_TYPE) , "bad pkcs7 type"}, + {ERR_REASON(TS_R_BAD_TYPE) , "bad type"}, + {ERR_REASON(TS_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"}, + {ERR_REASON(TS_R_COULD_NOT_SET_ENGINE) , "could not set engine"}, + {ERR_REASON(TS_R_COULD_NOT_SET_TIME) , "could not set time"}, + {ERR_REASON(TS_R_D2I_TS_RESP_INT_FAILED) , "d2i ts resp int failed"}, + {ERR_REASON(TS_R_DETACHED_CONTENT) , "detached content"}, + {ERR_REASON(TS_R_ESS_ADD_SIGNING_CERT_ERROR), "ess add signing cert error"}, + {ERR_REASON(TS_R_ESS_SIGNING_CERTIFICATE_ERROR), "ess signing certificate error"}, + {ERR_REASON(TS_R_INVALID_NULL_POINTER) , "invalid null pointer"}, + {ERR_REASON(TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE), "invalid signer certificate purpose"}, + {ERR_REASON(TS_R_MESSAGE_IMPRINT_MISMATCH), "message imprint mismatch"}, + {ERR_REASON(TS_R_NONCE_MISMATCH) , "nonce mismatch"}, + {ERR_REASON(TS_R_NONCE_NOT_RETURNED) , "nonce not returned"}, + {ERR_REASON(TS_R_NO_CONTENT) , "no content"}, + {ERR_REASON(TS_R_NO_TIME_STAMP_TOKEN) , "no time stamp token"}, + {ERR_REASON(TS_R_PKCS7_ADD_SIGNATURE_ERROR), "pkcs7 add signature error"}, + {ERR_REASON(TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR), "pkcs7 add signed attr error"}, + {ERR_REASON(TS_R_PKCS7_TO_TS_TST_INFO_FAILED), "pkcs7 to ts tst info failed"}, + {ERR_REASON(TS_R_POLICY_MISMATCH) , "policy mismatch"}, + {ERR_REASON(TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE), "private key does not match certificate"}, + {ERR_REASON(TS_R_RESPONSE_SETUP_ERROR) , "response setup error"}, + {ERR_REASON(TS_R_SIGNATURE_FAILURE) , "signature failure"}, + {ERR_REASON(TS_R_THERE_MUST_BE_ONE_SIGNER), "there must be one signer"}, + {ERR_REASON(TS_R_TIME_SYSCALL_ERROR) , "time syscall error"}, + {ERR_REASON(TS_R_TOKEN_NOT_PRESENT) , "token not present"}, + {ERR_REASON(TS_R_TOKEN_PRESENT) , "token present"}, + {ERR_REASON(TS_R_TSA_NAME_MISMATCH) , "tsa name mismatch"}, + {ERR_REASON(TS_R_TSA_UNTRUSTED) , "tsa untrusted"}, + {ERR_REASON(TS_R_TST_INFO_SETUP_ERROR) , "tst info setup error"}, + {ERR_REASON(TS_R_TS_DATASIGN) , "ts datasign"}, + {ERR_REASON(TS_R_UNACCEPTABLE_POLICY) , "unacceptable policy"}, + {ERR_REASON(TS_R_UNSUPPORTED_MD_ALGORITHM), "unsupported md algorithm"}, + {ERR_REASON(TS_R_UNSUPPORTED_VERSION) , "unsupported version"}, + {ERR_REASON(TS_R_WRONG_CONTENT_TYPE) , "wrong content type"}, + {0, NULL} +}; + +#endif + +void +ERR_load_TS_strings(void) +{ +#ifndef OPENSSL_NO_ERR + if (ERR_func_error_string(TS_str_functs[0].error) == NULL) { + ERR_load_strings(0, TS_str_functs); + ERR_load_strings(0, TS_str_reasons); + } +#endif +} diff --git a/src/lib/libcrypto/ts/ts_lib.c b/src/lib/libcrypto/ts/ts_lib.c new file mode 100644 index 00000000000..293564118fd --- /dev/null +++ b/src/lib/libcrypto/ts/ts_lib.c @@ -0,0 +1,150 @@ +/* $OpenBSD: ts_lib.c,v 1.10 2015/09/10 14:29:22 jsing Exp $ */ +/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL + * project 2002. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include + +#include +#include +#include +#include + +/* Local function declarations. */ + +/* Function definitions. */ + +int +TS_ASN1_INTEGER_print_bio(BIO *bio, const ASN1_INTEGER *num) +{ + BIGNUM num_bn; + int result = 0; + char *hex; + + BN_init(&num_bn); + ASN1_INTEGER_to_BN(num, &num_bn); + if ((hex = BN_bn2hex(&num_bn))) { + result = BIO_write(bio, "0x", 2) > 0; + result = result && BIO_write(bio, hex, strlen(hex)) > 0; + free(hex); + } + BN_free(&num_bn); + + return result; +} + +int +TS_OBJ_print_bio(BIO *bio, const ASN1_OBJECT *obj) +{ + char obj_txt[128]; + + int len = OBJ_obj2txt(obj_txt, sizeof(obj_txt), obj, 0); + if (len >= sizeof(obj_txt)) + len = sizeof(obj_txt) - 1; + BIO_write(bio, obj_txt, len); + BIO_write(bio, "\n", 1); + return 1; +} + +int +TS_ext_print_bio(BIO *bio, const STACK_OF(X509_EXTENSION) *extensions) +{ + int i, critical, n; + X509_EXTENSION *ex; + ASN1_OBJECT *obj; + + BIO_printf(bio, "Extensions:\n"); + n = X509v3_get_ext_count(extensions); + for (i = 0; i < n; i++) { + ex = X509v3_get_ext(extensions, i); + obj = X509_EXTENSION_get_object(ex); + i2a_ASN1_OBJECT(bio, obj); + critical = X509_EXTENSION_get_critical(ex); + BIO_printf(bio, ": %s\n", critical ? "critical" : ""); + if (!X509V3_EXT_print(bio, ex, 0, 4)) { + BIO_printf(bio, "%4s", ""); + ASN1_STRING_print(bio, ex->value); + } + BIO_write(bio, "\n", 1); + } + + return 1; +} + +int +TS_X509_ALGOR_print_bio(BIO *bio, const X509_ALGOR *alg) +{ + int i = OBJ_obj2nid(alg->algorithm); + + return BIO_printf(bio, "Hash Algorithm: %s\n", + (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i)); +} + +int +TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *a) +{ + ASN1_OCTET_STRING *msg; + + TS_X509_ALGOR_print_bio(bio, TS_MSG_IMPRINT_get_algo(a)); + + BIO_printf(bio, "Message data:\n"); + msg = TS_MSG_IMPRINT_get_msg(a); + BIO_dump_indent(bio, (const char *)ASN1_STRING_data(msg), + ASN1_STRING_length(msg), 4); + + return 1; +} diff --git a/src/lib/libcrypto/ts/ts_req_print.c b/src/lib/libcrypto/ts/ts_req_print.c new file mode 100644 index 00000000000..64a8133a58d --- /dev/null +++ b/src/lib/libcrypto/ts/ts_req_print.c @@ -0,0 +1,104 @@ +/* $OpenBSD: ts_req_print.c,v 1.4 2014/07/11 08:44:49 jsing Exp $ */ +/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL + * project 2002. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include + +#include +#include +#include +#include + +/* Function definitions. */ + +int +TS_REQ_print_bio(BIO *bio, TS_REQ *a) +{ + int v; + ASN1_OBJECT *policy_id; + const ASN1_INTEGER *nonce; + + if (a == NULL) + return 0; + + v = TS_REQ_get_version(a); + BIO_printf(bio, "Version: %d\n", v); + + TS_MSG_IMPRINT_print_bio(bio, TS_REQ_get_msg_imprint(a)); + + BIO_printf(bio, "Policy OID: "); + policy_id = TS_REQ_get_policy_id(a); + if (policy_id == NULL) + BIO_printf(bio, "unspecified\n"); + else + TS_OBJ_print_bio(bio, policy_id); + + BIO_printf(bio, "Nonce: "); + nonce = TS_REQ_get_nonce(a); + if (nonce == NULL) + BIO_printf(bio, "unspecified"); + else + TS_ASN1_INTEGER_print_bio(bio, nonce); + BIO_write(bio, "\n", 1); + + BIO_printf(bio, "Certificate required: %s\n", + TS_REQ_get_cert_req(a) ? "yes" : "no"); + + TS_ext_print_bio(bio, TS_REQ_get_exts(a)); + + return 1; +} diff --git a/src/lib/libcrypto/ts/ts_req_utils.c b/src/lib/libcrypto/ts/ts_req_utils.c new file mode 100644 index 00000000000..6b9c13f39b4 --- /dev/null +++ b/src/lib/libcrypto/ts/ts_req_utils.c @@ -0,0 +1,255 @@ +/* $OpenBSD: ts_req_utils.c,v 1.6 2018/05/13 15:04:05 tb Exp $ */ +/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL + * project 2002. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include + +#include +#include +#include +#include + +int +TS_REQ_set_version(TS_REQ *a, long version) +{ + return ASN1_INTEGER_set(a->version, version); +} + +long +TS_REQ_get_version(const TS_REQ *a) +{ + return ASN1_INTEGER_get(a->version); +} + +int +TS_REQ_set_msg_imprint(TS_REQ *a, TS_MSG_IMPRINT *msg_imprint) +{ + TS_MSG_IMPRINT *new_msg_imprint; + + if (a->msg_imprint == msg_imprint) + return 1; + new_msg_imprint = TS_MSG_IMPRINT_dup(msg_imprint); + if (new_msg_imprint == NULL) { + TSerror(ERR_R_MALLOC_FAILURE); + return 0; + } + TS_MSG_IMPRINT_free(a->msg_imprint); + a->msg_imprint = new_msg_imprint; + return 1; +} + +TS_MSG_IMPRINT * +TS_REQ_get_msg_imprint(TS_REQ *a) +{ + return a->msg_imprint; +} + +int +TS_MSG_IMPRINT_set_algo(TS_MSG_IMPRINT *a, X509_ALGOR *alg) +{ + X509_ALGOR *new_alg; + + if (a->hash_algo == alg) + return 1; + new_alg = X509_ALGOR_dup(alg); + if (new_alg == NULL) { + TSerror(ERR_R_MALLOC_FAILURE); + return 0; + } + X509_ALGOR_free(a->hash_algo); + a->hash_algo = new_alg; + return 1; +} + +X509_ALGOR * +TS_MSG_IMPRINT_get_algo(TS_MSG_IMPRINT *a) +{ + return a->hash_algo; +} + +int +TS_MSG_IMPRINT_set_msg(TS_MSG_IMPRINT *a, unsigned char *d, int len) +{ + return ASN1_OCTET_STRING_set(a->hashed_msg, d, len); +} + +ASN1_OCTET_STRING * +TS_MSG_IMPRINT_get_msg(TS_MSG_IMPRINT *a) +{ + return a->hashed_msg; +} + +int +TS_REQ_set_policy_id(TS_REQ *a, const ASN1_OBJECT *policy) +{ + ASN1_OBJECT *new_policy; + + if (a->policy_id == policy) + return 1; + new_policy = OBJ_dup(policy); + if (new_policy == NULL) { + TSerror(ERR_R_MALLOC_FAILURE); + return 0; + } + ASN1_OBJECT_free(a->policy_id); + a->policy_id = new_policy; + return 1; +} + +ASN1_OBJECT * +TS_REQ_get_policy_id(TS_REQ *a) +{ + return a->policy_id; +} + +int +TS_REQ_set_nonce(TS_REQ *a, const ASN1_INTEGER *nonce) +{ + ASN1_INTEGER *new_nonce; + + if (a->nonce == nonce) + return 1; + new_nonce = ASN1_INTEGER_dup(nonce); + if (new_nonce == NULL) { + TSerror(ERR_R_MALLOC_FAILURE); + return 0; + } + ASN1_INTEGER_free(a->nonce); + a->nonce = new_nonce; + return 1; +} + +const ASN1_INTEGER * +TS_REQ_get_nonce(const TS_REQ *a) +{ + return a->nonce; +} + +int +TS_REQ_set_cert_req(TS_REQ *a, int cert_req) +{ + a->cert_req = cert_req ? 0xFF : 0x00; + return 1; +} + +int +TS_REQ_get_cert_req(const TS_REQ *a) +{ + return a->cert_req ? 1 : 0; +} + +STACK_OF(X509_EXTENSION) *TS_REQ_get_exts(TS_REQ *a) +{ + return a->extensions; +} + +void +TS_REQ_ext_free(TS_REQ *a) +{ + if (!a) + return; + sk_X509_EXTENSION_pop_free(a->extensions, X509_EXTENSION_free); + a->extensions = NULL; +} + +int +TS_REQ_get_ext_count(TS_REQ *a) +{ + return X509v3_get_ext_count(a->extensions); +} + +int +TS_REQ_get_ext_by_NID(TS_REQ *a, int nid, int lastpos) +{ + return X509v3_get_ext_by_NID(a->extensions, nid, lastpos); +} + +int +TS_REQ_get_ext_by_OBJ(TS_REQ *a, const ASN1_OBJECT *obj, int lastpos) +{ + return X509v3_get_ext_by_OBJ(a->extensions, obj, lastpos); +} + +int +TS_REQ_get_ext_by_critical(TS_REQ *a, int crit, int lastpos) +{ + return X509v3_get_ext_by_critical(a->extensions, crit, lastpos); +} + +X509_EXTENSION * +TS_REQ_get_ext(TS_REQ *a, int loc) +{ + return X509v3_get_ext(a->extensions, loc); +} + +X509_EXTENSION * +TS_REQ_delete_ext(TS_REQ *a, int loc) +{ + return X509v3_delete_ext(a->extensions, loc); +} + +int +TS_REQ_add_ext(TS_REQ *a, X509_EXTENSION *ex, int loc) +{ + return X509v3_add_ext(&a->extensions, ex, loc) != NULL; +} + +void * +TS_REQ_get_ext_d2i(TS_REQ *a, int nid, int *crit, int *idx) +{ + return X509V3_get_d2i(a->extensions, nid, crit, idx); +} diff --git a/src/lib/libcrypto/ts/ts_rsp_print.c b/src/lib/libcrypto/ts/ts_rsp_print.c new file mode 100644 index 00000000000..c442b716464 --- /dev/null +++ b/src/lib/libcrypto/ts/ts_rsp_print.c @@ -0,0 +1,301 @@ +/* $OpenBSD: ts_rsp_print.c,v 1.5 2014/07/11 08:44:49 jsing Exp $ */ +/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL + * project 2002. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include + +#include +#include +#include +#include + +struct status_map_st { + int bit; + const char *text; +}; + +/* Local function declarations. */ + +static int TS_status_map_print(BIO *bio, struct status_map_st *a, + ASN1_BIT_STRING *v); +static int TS_ACCURACY_print_bio(BIO *bio, const TS_ACCURACY *accuracy); + +/* Function definitions. */ + +int +TS_RESP_print_bio(BIO *bio, TS_RESP *a) +{ + TS_TST_INFO *tst_info; + + BIO_printf(bio, "Status info:\n"); + TS_STATUS_INFO_print_bio(bio, TS_RESP_get_status_info(a)); + + BIO_printf(bio, "\nTST info:\n"); + tst_info = TS_RESP_get_tst_info(a); + if (tst_info != NULL) + TS_TST_INFO_print_bio(bio, TS_RESP_get_tst_info(a)); + else + BIO_printf(bio, "Not included.\n"); + + return 1; +} + +int +TS_STATUS_INFO_print_bio(BIO *bio, TS_STATUS_INFO *a) +{ + static const char *status_map[] = { + "Granted.", + "Granted with modifications.", + "Rejected.", + "Waiting.", + "Revocation warning.", + "Revoked." + }; + static struct status_map_st failure_map[] = { + { + TS_INFO_BAD_ALG, + "unrecognized or unsupported algorithm identifier" + }, + { + TS_INFO_BAD_REQUEST, + "transaction not permitted or supported" + }, + { + TS_INFO_BAD_DATA_FORMAT, + "the data submitted has the wrong format" + }, + { + TS_INFO_TIME_NOT_AVAILABLE, + "the TSA's time source is not available" + }, + { + TS_INFO_UNACCEPTED_POLICY, + "the requested TSA policy is not supported by the TSA" + }, + { + TS_INFO_UNACCEPTED_EXTENSION, + "the requested extension is not supported by the TSA" + }, + { + TS_INFO_ADD_INFO_NOT_AVAILABLE, + "the additional information requested could not be understood " + "or is not available" + }, + { + TS_INFO_SYSTEM_FAILURE, + "the request cannot be handled due to system failure" + }, + { -1, NULL } + }; + long status; + int i, lines = 0; + + /* Printing status code. */ + BIO_printf(bio, "Status: "); + status = ASN1_INTEGER_get(a->status); + if (0 <= status && + status < (long)(sizeof(status_map) / sizeof(status_map[0]))) + BIO_printf(bio, "%s\n", status_map[status]); + else + BIO_printf(bio, "out of bounds\n"); + + /* Printing status description. */ + BIO_printf(bio, "Status description: "); + for (i = 0; i < sk_ASN1_UTF8STRING_num(a->text); ++i) { + if (i > 0) + BIO_puts(bio, "\t"); + ASN1_STRING_print_ex(bio, sk_ASN1_UTF8STRING_value(a->text, i), + 0); + BIO_puts(bio, "\n"); + } + if (i == 0) + BIO_printf(bio, "unspecified\n"); + + /* Printing failure information. */ + BIO_printf(bio, "Failure info: "); + if (a->failure_info != NULL) + lines = TS_status_map_print(bio, failure_map, a->failure_info); + if (lines == 0) + BIO_printf(bio, "unspecified"); + BIO_printf(bio, "\n"); + + return 1; +} + +static int +TS_status_map_print(BIO *bio, struct status_map_st *a, ASN1_BIT_STRING *v) +{ + int lines = 0; + + for (; a->bit >= 0; ++a) { + if (ASN1_BIT_STRING_get_bit(v, a->bit)) { + if (++lines > 1) + BIO_printf(bio, ", "); + BIO_printf(bio, "%s", a->text); + } + } + + return lines; +} + +int +TS_TST_INFO_print_bio(BIO *bio, TS_TST_INFO *a) +{ + int v; + ASN1_OBJECT *policy_id; + const ASN1_INTEGER *serial; + const ASN1_GENERALIZEDTIME *gtime; + TS_ACCURACY *accuracy; + const ASN1_INTEGER *nonce; + GENERAL_NAME *tsa_name; + + if (a == NULL) + return 0; + + /* Print version. */ + v = TS_TST_INFO_get_version(a); + BIO_printf(bio, "Version: %d\n", v); + + /* Print policy id. */ + BIO_printf(bio, "Policy OID: "); + policy_id = TS_TST_INFO_get_policy_id(a); + TS_OBJ_print_bio(bio, policy_id); + + /* Print message imprint. */ + TS_MSG_IMPRINT_print_bio(bio, TS_TST_INFO_get_msg_imprint(a)); + + /* Print serial number. */ + BIO_printf(bio, "Serial number: "); + serial = TS_TST_INFO_get_serial(a); + if (serial == NULL) + BIO_printf(bio, "unspecified"); + else + TS_ASN1_INTEGER_print_bio(bio, serial); + BIO_write(bio, "\n", 1); + + /* Print time stamp. */ + BIO_printf(bio, "Time stamp: "); + gtime = TS_TST_INFO_get_time(a); + ASN1_GENERALIZEDTIME_print(bio, gtime); + BIO_write(bio, "\n", 1); + + /* Print accuracy. */ + BIO_printf(bio, "Accuracy: "); + accuracy = TS_TST_INFO_get_accuracy(a); + if (accuracy == NULL) + BIO_printf(bio, "unspecified"); + else + TS_ACCURACY_print_bio(bio, accuracy); + BIO_write(bio, "\n", 1); + + /* Print ordering. */ + BIO_printf(bio, "Ordering: %s\n", + TS_TST_INFO_get_ordering(a) ? "yes" : "no"); + + /* Print nonce. */ + BIO_printf(bio, "Nonce: "); + nonce = TS_TST_INFO_get_nonce(a); + if (nonce == NULL) + BIO_printf(bio, "unspecified"); + else + TS_ASN1_INTEGER_print_bio(bio, nonce); + BIO_write(bio, "\n", 1); + + /* Print TSA name. */ + BIO_printf(bio, "TSA: "); + tsa_name = TS_TST_INFO_get_tsa(a); + if (tsa_name == NULL) + BIO_printf(bio, "unspecified"); + else { + STACK_OF(CONF_VALUE) *nval; + if ((nval = i2v_GENERAL_NAME(NULL, tsa_name, NULL))) + X509V3_EXT_val_prn(bio, nval, 0, 0); + sk_CONF_VALUE_pop_free(nval, X509V3_conf_free); + } + BIO_write(bio, "\n", 1); + + /* Print extensions. */ + TS_ext_print_bio(bio, TS_TST_INFO_get_exts(a)); + + return 1; +} + +static int +TS_ACCURACY_print_bio(BIO *bio, const TS_ACCURACY *accuracy) +{ + const ASN1_INTEGER *seconds = TS_ACCURACY_get_seconds(accuracy); + const ASN1_INTEGER *millis = TS_ACCURACY_get_millis(accuracy); + const ASN1_INTEGER *micros = TS_ACCURACY_get_micros(accuracy); + + if (seconds != NULL) + TS_ASN1_INTEGER_print_bio(bio, seconds); + else + BIO_printf(bio, "unspecified"); + BIO_printf(bio, " seconds, "); + if (millis != NULL) + TS_ASN1_INTEGER_print_bio(bio, millis); + else + BIO_printf(bio, "unspecified"); + BIO_printf(bio, " millis, "); + if (micros != NULL) + TS_ASN1_INTEGER_print_bio(bio, micros); + else + BIO_printf(bio, "unspecified"); + BIO_printf(bio, " micros"); + + return 1; +} diff --git a/src/lib/libcrypto/ts/ts_rsp_sign.c b/src/lib/libcrypto/ts/ts_rsp_sign.c new file mode 100644 index 00000000000..9ab80160b38 --- /dev/null +++ b/src/lib/libcrypto/ts/ts_rsp_sign.c @@ -0,0 +1,1020 @@ +/* $OpenBSD: ts_rsp_sign.c,v 1.22 2018/05/13 15:04:05 tb Exp $ */ +/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL + * project 2002. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include + +#include + +#include +#include +#include +#include + +/* Private function declarations. */ + +static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *, void *); +static int def_time_cb(struct TS_resp_ctx *, void *, time_t *sec, long *usec); +static int def_extension_cb(struct TS_resp_ctx *, X509_EXTENSION *, void *); + +static void TS_RESP_CTX_init(TS_RESP_CTX *ctx); +static void TS_RESP_CTX_cleanup(TS_RESP_CTX *ctx); +static int TS_RESP_check_request(TS_RESP_CTX *ctx); +static ASN1_OBJECT *TS_RESP_get_policy(TS_RESP_CTX *ctx); +static TS_TST_INFO *TS_RESP_create_tst_info(TS_RESP_CTX *ctx, + ASN1_OBJECT *policy); +static int TS_RESP_process_extensions(TS_RESP_CTX *ctx); +static int TS_RESP_sign(TS_RESP_CTX *ctx); + +static ESS_SIGNING_CERT *ESS_SIGNING_CERT_new_init(X509 *signcert, + STACK_OF(X509) *certs); +static ESS_CERT_ID *ESS_CERT_ID_new_init(X509 *cert, int issuer_needed); +static int TS_TST_INFO_content_new(PKCS7 *p7); +static int ESS_add_signing_cert(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc); + +static ASN1_GENERALIZEDTIME *TS_RESP_set_genTime_with_precision( + ASN1_GENERALIZEDTIME *, time_t, long, unsigned); + +/* Default callbacks for response generation. */ + +static ASN1_INTEGER * +def_serial_cb(struct TS_resp_ctx *ctx, void *data) +{ + ASN1_INTEGER *serial = ASN1_INTEGER_new(); + + if (!serial) + goto err; + if (!ASN1_INTEGER_set(serial, 1)) + goto err; + return serial; + +err: + TSerror(ERR_R_MALLOC_FAILURE); + TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, + "Error during serial number generation."); + return NULL; +} + +/* Use the gettimeofday function call. */ +static int +def_time_cb(struct TS_resp_ctx *ctx, void *data, time_t *sec, long *usec) +{ + struct timeval tv; + + if (gettimeofday(&tv, NULL) != 0) { + TSerror(TS_R_TIME_SYSCALL_ERROR); + TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, + "Time is not available."); + TS_RESP_CTX_add_failure_info(ctx, TS_INFO_TIME_NOT_AVAILABLE); + return 0; + } + /* Return time to caller. */ + *sec = tv.tv_sec; + *usec = tv.tv_usec; + + return 1; +} + +static int +def_extension_cb(struct TS_resp_ctx *ctx, X509_EXTENSION *ext, void *data) +{ + /* No extensions are processed here. */ + TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, + "Unsupported extension."); + TS_RESP_CTX_add_failure_info(ctx, TS_INFO_UNACCEPTED_EXTENSION); + return 0; +} + +/* TS_RESP_CTX management functions. */ + +TS_RESP_CTX * +TS_RESP_CTX_new(void) +{ + TS_RESP_CTX *ctx; + + if (!(ctx = calloc(1, sizeof(TS_RESP_CTX)))) { + TSerror(ERR_R_MALLOC_FAILURE); + return NULL; + } + + /* Setting default callbacks. */ + ctx->serial_cb = def_serial_cb; + ctx->time_cb = def_time_cb; + ctx->extension_cb = def_extension_cb; + + return ctx; +} + +void +TS_RESP_CTX_free(TS_RESP_CTX *ctx) +{ + if (!ctx) + return; + + X509_free(ctx->signer_cert); + EVP_PKEY_free(ctx->signer_key); + sk_X509_pop_free(ctx->certs, X509_free); + sk_ASN1_OBJECT_pop_free(ctx->policies, ASN1_OBJECT_free); + ASN1_OBJECT_free(ctx->default_policy); + sk_EVP_MD_free(ctx->mds); /* No EVP_MD_free method exists. */ + ASN1_INTEGER_free(ctx->seconds); + ASN1_INTEGER_free(ctx->millis); + ASN1_INTEGER_free(ctx->micros); + free(ctx); +} + +int +TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer) +{ + if (X509_check_purpose(signer, X509_PURPOSE_TIMESTAMP_SIGN, 0) != 1) { + TSerror(TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE); + return 0; + } + X509_free(ctx->signer_cert); + ctx->signer_cert = signer; + CRYPTO_add(&ctx->signer_cert->references, +1, CRYPTO_LOCK_X509); + return 1; +} + +int +TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key) +{ + EVP_PKEY_free(ctx->signer_key); + ctx->signer_key = key; + CRYPTO_add(&ctx->signer_key->references, +1, CRYPTO_LOCK_EVP_PKEY); + + return 1; +} + +int +TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *def_policy) +{ + if (ctx->default_policy) + ASN1_OBJECT_free(ctx->default_policy); + if (!(ctx->default_policy = OBJ_dup(def_policy))) + goto err; + return 1; + +err: + TSerror(ERR_R_MALLOC_FAILURE); + return 0; +} + +int +TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs) +{ + int i; + + if (ctx->certs) { + sk_X509_pop_free(ctx->certs, X509_free); + ctx->certs = NULL; + } + if (!certs) + return 1; + if (!(ctx->certs = sk_X509_dup(certs))) { + TSerror(ERR_R_MALLOC_FAILURE); + return 0; + } + for (i = 0; i < sk_X509_num(ctx->certs); ++i) { + X509 *cert = sk_X509_value(ctx->certs, i); + CRYPTO_add(&cert->references, +1, CRYPTO_LOCK_X509); + } + + return 1; +} + +int +TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *policy) +{ + ASN1_OBJECT *copy = NULL; + + /* Create new policy stack if necessary. */ + if (!ctx->policies && !(ctx->policies = sk_ASN1_OBJECT_new_null())) + goto err; + if (!(copy = OBJ_dup(policy))) + goto err; + if (!sk_ASN1_OBJECT_push(ctx->policies, copy)) + goto err; + + return 1; + +err: + TSerror(ERR_R_MALLOC_FAILURE); + ASN1_OBJECT_free(copy); + return 0; +} + +int +TS_RESP_CTX_add_md(TS_RESP_CTX *ctx, const EVP_MD *md) +{ + /* Create new md stack if necessary. */ + if (!ctx->mds && !(ctx->mds = sk_EVP_MD_new_null())) + goto err; + /* Add the shared md, no copy needed. */ + if (!sk_EVP_MD_push(ctx->mds, (EVP_MD *)md)) + goto err; + + return 1; + +err: + TSerror(ERR_R_MALLOC_FAILURE); + return 0; +} + +#define TS_RESP_CTX_accuracy_free(ctx) \ + ASN1_INTEGER_free(ctx->seconds); \ + ctx->seconds = NULL; \ + ASN1_INTEGER_free(ctx->millis); \ + ctx->millis = NULL; \ + ASN1_INTEGER_free(ctx->micros); \ + ctx->micros = NULL; + +int +TS_RESP_CTX_set_accuracy(TS_RESP_CTX *ctx, int secs, int millis, int micros) +{ + TS_RESP_CTX_accuracy_free(ctx); + if (secs && (!(ctx->seconds = ASN1_INTEGER_new()) || + !ASN1_INTEGER_set(ctx->seconds, secs))) + goto err; + if (millis && (!(ctx->millis = ASN1_INTEGER_new()) || + !ASN1_INTEGER_set(ctx->millis, millis))) + goto err; + if (micros && (!(ctx->micros = ASN1_INTEGER_new()) || + !ASN1_INTEGER_set(ctx->micros, micros))) + goto err; + + return 1; + +err: + TS_RESP_CTX_accuracy_free(ctx); + TSerror(ERR_R_MALLOC_FAILURE); + return 0; +} + +void +TS_RESP_CTX_add_flags(TS_RESP_CTX *ctx, int flags) +{ + ctx->flags |= flags; +} + +void +TS_RESP_CTX_set_serial_cb(TS_RESP_CTX *ctx, TS_serial_cb cb, void *data) +{ + ctx->serial_cb = cb; + ctx->serial_cb_data = data; +} + +void +TS_RESP_CTX_set_extension_cb(TS_RESP_CTX *ctx, TS_extension_cb cb, void *data) +{ + ctx->extension_cb = cb; + ctx->extension_cb_data = data; +} + +int +TS_RESP_CTX_set_status_info(TS_RESP_CTX *ctx, int status, const char *text) +{ + TS_STATUS_INFO *si = NULL; + ASN1_UTF8STRING *utf8_text = NULL; + int ret = 0; + + if (!(si = TS_STATUS_INFO_new())) + goto err; + if (!ASN1_INTEGER_set(si->status, status)) + goto err; + if (text) { + if (!(utf8_text = ASN1_UTF8STRING_new()) || + !ASN1_STRING_set(utf8_text, text, strlen(text))) + goto err; + if (!si->text && !(si->text = sk_ASN1_UTF8STRING_new_null())) + goto err; + if (!sk_ASN1_UTF8STRING_push(si->text, utf8_text)) + goto err; + utf8_text = NULL; /* Ownership is lost. */ + } + if (!TS_RESP_set_status_info(ctx->response, si)) + goto err; + ret = 1; + +err: + if (!ret) + TSerror(ERR_R_MALLOC_FAILURE); + TS_STATUS_INFO_free(si); + ASN1_UTF8STRING_free(utf8_text); + return ret; +} + +int +TS_RESP_CTX_set_status_info_cond(TS_RESP_CTX *ctx, int status, const char *text) +{ + int ret = 1; + TS_STATUS_INFO *si = TS_RESP_get_status_info(ctx->response); + + if (ASN1_INTEGER_get(si->status) == TS_STATUS_GRANTED) { + /* Status has not been set, set it now. */ + ret = TS_RESP_CTX_set_status_info(ctx, status, text); + } + return ret; +} + +int +TS_RESP_CTX_add_failure_info(TS_RESP_CTX *ctx, int failure) +{ + TS_STATUS_INFO *si = TS_RESP_get_status_info(ctx->response); + + if (!si->failure_info && !(si->failure_info = ASN1_BIT_STRING_new())) + goto err; + if (!ASN1_BIT_STRING_set_bit(si->failure_info, failure, 1)) + goto err; + return 1; + +err: + TSerror(ERR_R_MALLOC_FAILURE); + return 0; +} + +TS_REQ * +TS_RESP_CTX_get_request(TS_RESP_CTX *ctx) +{ + return ctx->request; +} + +TS_TST_INFO * +TS_RESP_CTX_get_tst_info(TS_RESP_CTX *ctx) +{ + return ctx->tst_info; +} + +int +TS_RESP_CTX_set_clock_precision_digits(TS_RESP_CTX *ctx, unsigned precision) +{ + if (precision > TS_MAX_CLOCK_PRECISION_DIGITS) + return 0; + ctx->clock_precision_digits = precision; + return 1; +} + +/* Main entry method of the response generation. */ +TS_RESP * +TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio) +{ + ASN1_OBJECT *policy; + TS_RESP *response; + int result = 0; + + TS_RESP_CTX_init(ctx); + + /* Creating the response object. */ + if (!(ctx->response = TS_RESP_new())) { + TSerror(ERR_R_MALLOC_FAILURE); + goto end; + } + + /* Parsing DER request. */ + if (!(ctx->request = d2i_TS_REQ_bio(req_bio, NULL))) { + TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, + "Bad request format or " + "system error."); + TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_DATA_FORMAT); + goto end; + } + + /* Setting default status info. */ + if (!TS_RESP_CTX_set_status_info(ctx, TS_STATUS_GRANTED, NULL)) + goto end; + + /* Checking the request format. */ + if (!TS_RESP_check_request(ctx)) + goto end; + + /* Checking acceptable policies. */ + if (!(policy = TS_RESP_get_policy(ctx))) + goto end; + + /* Creating the TS_TST_INFO object. */ + if (!(ctx->tst_info = TS_RESP_create_tst_info(ctx, policy))) + goto end; + + /* Processing extensions. */ + if (!TS_RESP_process_extensions(ctx)) + goto end; + + /* Generating the signature. */ + if (!TS_RESP_sign(ctx)) + goto end; + + /* Everything was successful. */ + result = 1; + +end: + if (!result) { + TSerror(TS_R_RESPONSE_SETUP_ERROR); + if (ctx->response != NULL) { + if (TS_RESP_CTX_set_status_info_cond(ctx, + TS_STATUS_REJECTION, "Error during response " + "generation.") == 0) { + TS_RESP_free(ctx->response); + ctx->response = NULL; + } + } + } + response = ctx->response; + ctx->response = NULL; /* Ownership will be returned to caller. */ + TS_RESP_CTX_cleanup(ctx); + return response; +} + +/* Initializes the variable part of the context. */ +static void +TS_RESP_CTX_init(TS_RESP_CTX *ctx) +{ + ctx->request = NULL; + ctx->response = NULL; + ctx->tst_info = NULL; +} + +/* Cleans up the variable part of the context. */ +static void +TS_RESP_CTX_cleanup(TS_RESP_CTX *ctx) +{ + TS_REQ_free(ctx->request); + ctx->request = NULL; + TS_RESP_free(ctx->response); + ctx->response = NULL; + TS_TST_INFO_free(ctx->tst_info); + ctx->tst_info = NULL; +} + +/* Checks the format and content of the request. */ +static int +TS_RESP_check_request(TS_RESP_CTX *ctx) +{ + TS_REQ *request = ctx->request; + TS_MSG_IMPRINT *msg_imprint; + X509_ALGOR *md_alg; + int md_alg_id; + const ASN1_OCTET_STRING *digest; + EVP_MD *md = NULL; + int i; + + /* Checking request version. */ + if (TS_REQ_get_version(request) != 1) { + TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, + "Bad request version."); + TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_REQUEST); + return 0; + } + + /* Checking message digest algorithm. */ + msg_imprint = TS_REQ_get_msg_imprint(request); + md_alg = TS_MSG_IMPRINT_get_algo(msg_imprint); + md_alg_id = OBJ_obj2nid(md_alg->algorithm); + for (i = 0; !md && i < sk_EVP_MD_num(ctx->mds); ++i) { + EVP_MD *current_md = sk_EVP_MD_value(ctx->mds, i); + if (md_alg_id == EVP_MD_type(current_md)) + md = current_md; + } + if (!md) { + TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, + "Message digest algorithm is " + "not supported."); + TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_ALG); + return 0; + } + + /* No message digest takes parameter. */ + if (md_alg->parameter && + ASN1_TYPE_get(md_alg->parameter) != V_ASN1_NULL) { + TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, + "Superfluous message digest " + "parameter."); + TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_ALG); + return 0; + } + /* Checking message digest size. */ + digest = TS_MSG_IMPRINT_get_msg(msg_imprint); + if (digest->length != EVP_MD_size(md)) { + TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, + "Bad message digest."); + TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_DATA_FORMAT); + return 0; + } + + return 1; +} + +/* Returns the TSA policy based on the requested and acceptable policies. */ +static ASN1_OBJECT * +TS_RESP_get_policy(TS_RESP_CTX *ctx) +{ + ASN1_OBJECT *requested = TS_REQ_get_policy_id(ctx->request); + ASN1_OBJECT *policy = NULL; + int i; + + if (ctx->default_policy == NULL) { + TSerror(TS_R_INVALID_NULL_POINTER); + return NULL; + } + /* Return the default policy if none is requested or the default is + requested. */ + if (!requested || !OBJ_cmp(requested, ctx->default_policy)) + policy = ctx->default_policy; + + /* Check if the policy is acceptable. */ + for (i = 0; !policy && i < sk_ASN1_OBJECT_num(ctx->policies); ++i) { + ASN1_OBJECT *current = sk_ASN1_OBJECT_value(ctx->policies, i); + if (!OBJ_cmp(requested, current)) + policy = current; + } + if (!policy) { + TSerror(TS_R_UNACCEPTABLE_POLICY); + TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, + "Requested policy is not " + "supported."); + TS_RESP_CTX_add_failure_info(ctx, TS_INFO_UNACCEPTED_POLICY); + } + return policy; +} + +/* Creates the TS_TST_INFO object based on the settings of the context. */ +static TS_TST_INFO * +TS_RESP_create_tst_info(TS_RESP_CTX *ctx, ASN1_OBJECT *policy) +{ + int result = 0; + TS_TST_INFO *tst_info = NULL; + ASN1_INTEGER *serial = NULL; + ASN1_GENERALIZEDTIME *asn1_time = NULL; + time_t sec; + long usec; + TS_ACCURACY *accuracy = NULL; + const ASN1_INTEGER *nonce; + GENERAL_NAME *tsa_name = NULL; + + if (!(tst_info = TS_TST_INFO_new())) + goto end; + if (!TS_TST_INFO_set_version(tst_info, 1)) + goto end; + if (!TS_TST_INFO_set_policy_id(tst_info, policy)) + goto end; + if (!TS_TST_INFO_set_msg_imprint(tst_info, ctx->request->msg_imprint)) + goto end; + if (!(serial = (*ctx->serial_cb)(ctx, ctx->serial_cb_data)) || + !TS_TST_INFO_set_serial(tst_info, serial)) + goto end; + if (!(*ctx->time_cb)(ctx, ctx->time_cb_data, &sec, &usec) || + !(asn1_time = TS_RESP_set_genTime_with_precision(NULL, sec, usec, + ctx->clock_precision_digits)) || + !TS_TST_INFO_set_time(tst_info, asn1_time)) + goto end; + + /* Setting accuracy if needed. */ + if ((ctx->seconds || ctx->millis || ctx->micros) && + !(accuracy = TS_ACCURACY_new())) + goto end; + + if (ctx->seconds && !TS_ACCURACY_set_seconds(accuracy, ctx->seconds)) + goto end; + if (ctx->millis && !TS_ACCURACY_set_millis(accuracy, ctx->millis)) + goto end; + if (ctx->micros && !TS_ACCURACY_set_micros(accuracy, ctx->micros)) + goto end; + if (accuracy && !TS_TST_INFO_set_accuracy(tst_info, accuracy)) + goto end; + + /* Setting ordering. */ + if ((ctx->flags & TS_ORDERING) && + !TS_TST_INFO_set_ordering(tst_info, 1)) + goto end; + + /* Setting nonce if needed. */ + if ((nonce = TS_REQ_get_nonce(ctx->request)) != NULL && + !TS_TST_INFO_set_nonce(tst_info, nonce)) + goto end; + + /* Setting TSA name to subject of signer certificate. */ + if (ctx->flags & TS_TSA_NAME) { + if (!(tsa_name = GENERAL_NAME_new())) + goto end; + tsa_name->type = GEN_DIRNAME; + tsa_name->d.dirn = + X509_NAME_dup(ctx->signer_cert->cert_info->subject); + if (!tsa_name->d.dirn) + goto end; + if (!TS_TST_INFO_set_tsa(tst_info, tsa_name)) + goto end; + } + + result = 1; + +end: + if (!result) { + TS_TST_INFO_free(tst_info); + tst_info = NULL; + TSerror(TS_R_TST_INFO_SETUP_ERROR); + TS_RESP_CTX_set_status_info_cond(ctx, TS_STATUS_REJECTION, + "Error during TSTInfo " + "generation."); + } + GENERAL_NAME_free(tsa_name); + TS_ACCURACY_free(accuracy); + ASN1_GENERALIZEDTIME_free(asn1_time); + ASN1_INTEGER_free(serial); + + return tst_info; +} + +/* Processing the extensions of the request. */ +static int +TS_RESP_process_extensions(TS_RESP_CTX *ctx) +{ + STACK_OF(X509_EXTENSION) *exts = TS_REQ_get_exts(ctx->request); + int i; + int ok = 1; + + for (i = 0; ok && i < sk_X509_EXTENSION_num(exts); ++i) { + X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i); + /* XXXXX The last argument was previously + (void *)ctx->extension_cb, but ISO C doesn't permit + converting a function pointer to void *. For lack of + better information, I'm placing a NULL there instead. + The callback can pick its own address out from the ctx + anyway... + */ + ok = (*ctx->extension_cb)(ctx, ext, NULL); + } + + return ok; +} + +/* Functions for signing the TS_TST_INFO structure of the context. */ +static int +TS_RESP_sign(TS_RESP_CTX *ctx) +{ + int ret = 0; + PKCS7 *p7 = NULL; + PKCS7_SIGNER_INFO *si; + STACK_OF(X509) *certs; /* Certificates to include in sc. */ + ESS_SIGNING_CERT *sc = NULL; + ASN1_OBJECT *oid; + BIO *p7bio = NULL; + int i; + + /* Check if signcert and pkey match. */ + if (!X509_check_private_key(ctx->signer_cert, ctx->signer_key)) { + TSerror(TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); + goto err; + } + + /* Create a new PKCS7 signed object. */ + if (!(p7 = PKCS7_new())) { + TSerror(ERR_R_MALLOC_FAILURE); + goto err; + } + if (!PKCS7_set_type(p7, NID_pkcs7_signed)) + goto err; + + /* Force SignedData version to be 3 instead of the default 1. */ + if (!ASN1_INTEGER_set(p7->d.sign->version, 3)) + goto err; + + /* Add signer certificate and optional certificate chain. */ + if (TS_REQ_get_cert_req(ctx->request)) { + PKCS7_add_certificate(p7, ctx->signer_cert); + if (ctx->certs) { + for (i = 0; i < sk_X509_num(ctx->certs); ++i) { + X509 *cert = sk_X509_value(ctx->certs, i); + PKCS7_add_certificate(p7, cert); + } + } + } + + /* Add a new signer info. */ + if (!(si = PKCS7_add_signature(p7, ctx->signer_cert, + ctx->signer_key, EVP_sha1()))) { + TSerror(TS_R_PKCS7_ADD_SIGNATURE_ERROR); + goto err; + } + + /* Add content type signed attribute to the signer info. */ + oid = OBJ_nid2obj(NID_id_smime_ct_TSTInfo); + if (!PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, + V_ASN1_OBJECT, oid)) { + TSerror(TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR); + goto err; + } + + /* Create the ESS SigningCertificate attribute which contains + the signer certificate id and optionally the certificate chain. */ + certs = ctx->flags & TS_ESS_CERT_ID_CHAIN ? ctx->certs : NULL; + if (!(sc = ESS_SIGNING_CERT_new_init(ctx->signer_cert, certs))) + goto err; + + /* Add SigningCertificate signed attribute to the signer info. */ + if (!ESS_add_signing_cert(si, sc)) { + TSerror(TS_R_ESS_ADD_SIGNING_CERT_ERROR); + goto err; + } + + /* Add a new empty NID_id_smime_ct_TSTInfo encapsulated content. */ + if (!TS_TST_INFO_content_new(p7)) + goto err; + + /* Add the DER encoded tst_info to the PKCS7 structure. */ + if (!(p7bio = PKCS7_dataInit(p7, NULL))) { + TSerror(ERR_R_MALLOC_FAILURE); + goto err; + } + + /* Convert tst_info to DER. */ + if (!i2d_TS_TST_INFO_bio(p7bio, ctx->tst_info)) { + TSerror(TS_R_TS_DATASIGN); + goto err; + } + + /* Create the signature and add it to the signer info. */ + if (!PKCS7_dataFinal(p7, p7bio)) { + TSerror(TS_R_TS_DATASIGN); + goto err; + } + + /* Set new PKCS7 and TST_INFO objects. */ + TS_RESP_set_tst_info(ctx->response, p7, ctx->tst_info); + p7 = NULL; /* Ownership is lost. */ + ctx->tst_info = NULL; /* Ownership is lost. */ + + ret = 1; + +err: + if (!ret) + TS_RESP_CTX_set_status_info_cond(ctx, TS_STATUS_REJECTION, + "Error during signature " + "generation."); + BIO_free_all(p7bio); + ESS_SIGNING_CERT_free(sc); + PKCS7_free(p7); + return ret; +} + +static ESS_SIGNING_CERT * +ESS_SIGNING_CERT_new_init(X509 *signcert, STACK_OF(X509) *certs) +{ + ESS_CERT_ID *cid; + ESS_SIGNING_CERT *sc = NULL; + int i; + + /* Creating the ESS_CERT_ID stack. */ + if (!(sc = ESS_SIGNING_CERT_new())) + goto err; + if (!sc->cert_ids && !(sc->cert_ids = sk_ESS_CERT_ID_new_null())) + goto err; + + /* Adding the signing certificate id. */ + if (!(cid = ESS_CERT_ID_new_init(signcert, 0)) || + !sk_ESS_CERT_ID_push(sc->cert_ids, cid)) + goto err; + /* Adding the certificate chain ids. */ + for (i = 0; i < sk_X509_num(certs); ++i) { + X509 *cert = sk_X509_value(certs, i); + if (!(cid = ESS_CERT_ID_new_init(cert, 1)) || + !sk_ESS_CERT_ID_push(sc->cert_ids, cid)) + goto err; + } + + return sc; + +err: + ESS_SIGNING_CERT_free(sc); + TSerror(ERR_R_MALLOC_FAILURE); + return NULL; +} + +static ESS_CERT_ID * +ESS_CERT_ID_new_init(X509 *cert, int issuer_needed) +{ + ESS_CERT_ID *cid = NULL; + GENERAL_NAME *name = NULL; + + /* Recompute SHA1 hash of certificate if necessary (side effect). */ + X509_check_purpose(cert, -1, 0); + + if (!(cid = ESS_CERT_ID_new())) + goto err; + if (!ASN1_OCTET_STRING_set(cid->hash, cert->sha1_hash, + sizeof(cert->sha1_hash))) + goto err; + + /* Setting the issuer/serial if requested. */ + if (issuer_needed) { + /* Creating issuer/serial structure. */ + if (!cid->issuer_serial && + !(cid->issuer_serial = ESS_ISSUER_SERIAL_new())) + goto err; + /* Creating general name from the certificate issuer. */ + if (!(name = GENERAL_NAME_new())) + goto err; + name->type = GEN_DIRNAME; + if (!(name->d.dirn = X509_NAME_dup(cert->cert_info->issuer))) + goto err; + if (!sk_GENERAL_NAME_push(cid->issuer_serial->issuer, name)) + goto err; + name = NULL; /* Ownership is lost. */ + /* Setting the serial number. */ + ASN1_INTEGER_free(cid->issuer_serial->serial); + if (!(cid->issuer_serial->serial = + ASN1_INTEGER_dup(cert->cert_info->serialNumber))) + goto err; + } + + return cid; + +err: + GENERAL_NAME_free(name); + ESS_CERT_ID_free(cid); + TSerror(ERR_R_MALLOC_FAILURE); + return NULL; +} + +static int +TS_TST_INFO_content_new(PKCS7 *p7) +{ + PKCS7 *ret = NULL; + ASN1_OCTET_STRING *octet_string = NULL; + + /* Create new encapsulated NID_id_smime_ct_TSTInfo content. */ + if (!(ret = PKCS7_new())) + goto err; + if (!(ret->d.other = ASN1_TYPE_new())) + goto err; + ret->type = OBJ_nid2obj(NID_id_smime_ct_TSTInfo); + if (!(octet_string = ASN1_OCTET_STRING_new())) + goto err; + ASN1_TYPE_set(ret->d.other, V_ASN1_OCTET_STRING, octet_string); + octet_string = NULL; + + /* Add encapsulated content to signed PKCS7 structure. */ + if (!PKCS7_set_content(p7, ret)) + goto err; + + return 1; + +err: + ASN1_OCTET_STRING_free(octet_string); + PKCS7_free(ret); + return 0; +} + +static int +ESS_add_signing_cert(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc) +{ + ASN1_STRING *seq = NULL; + unsigned char *p, *pp = NULL; + int len; + + len = i2d_ESS_SIGNING_CERT(sc, NULL); + if (!(pp = malloc(len))) { + TSerror(ERR_R_MALLOC_FAILURE); + goto err; + } + p = pp; + i2d_ESS_SIGNING_CERT(sc, &p); + if (!(seq = ASN1_STRING_new()) || !ASN1_STRING_set(seq, pp, len)) { + TSerror(ERR_R_MALLOC_FAILURE); + goto err; + } + free(pp); + pp = NULL; + return PKCS7_add_signed_attribute(si, + NID_id_smime_aa_signingCertificate, V_ASN1_SEQUENCE, seq); + +err: + ASN1_STRING_free(seq); + free(pp); + + return 0; +} + + +static ASN1_GENERALIZEDTIME * +TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time, + time_t sec, long usec, unsigned precision) +{ + struct tm *tm = NULL; + char genTime_str[17 + TS_MAX_CLOCK_PRECISION_DIGITS]; + char usecstr[TS_MAX_CLOCK_PRECISION_DIGITS + 2]; + char *p; + int rv; + + if (precision > TS_MAX_CLOCK_PRECISION_DIGITS) + goto err; + + if (!(tm = gmtime(&sec))) + goto err; + + /* + * Put "genTime_str" in GeneralizedTime format. We work around the + * restrictions imposed by rfc3280 (i.e. "GeneralizedTime values MUST + * NOT include fractional seconds") and OpenSSL related functions to + * meet the rfc3161 requirement: "GeneralizedTime syntax can include + * fraction-of-second details". + */ + if (precision > 0) { + /* To make things a bit harder, X.690 | ISO/IEC 8825-1 provides + the following restrictions for a DER-encoding, which OpenSSL + (specifically ASN1_GENERALIZEDTIME_check() function) doesn't + support: + "The encoding MUST terminate with a "Z" (which means "Zulu" + time). The decimal point element, if present, MUST be the + point option ".". The fractional-seconds elements, + if present, MUST omit all trailing 0's; + if the elements correspond to 0, they MUST be wholly + omitted, and the decimal point element also MUST be + omitted." */ + (void) snprintf(usecstr, sizeof(usecstr), ".%06ld", usec); + /* truncate and trim trailing 0 */ + usecstr[precision + 1] = '\0'; + p = usecstr + strlen(usecstr) - 1; + while (p > usecstr && *p == '0') + *p-- = '\0'; + /* if we've reached the beginning, delete the . too */ + if (p == usecstr) + *p = '\0'; + + } else { + /* empty */ + usecstr[0] = '\0'; + } + rv = snprintf(genTime_str, sizeof(genTime_str), + "%04d%02d%02d%02d%02d%02d%sZ", + tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday, + tm->tm_hour, tm->tm_min, tm->tm_sec, usecstr); + if (rv == -1 || rv >= sizeof(genTime_str)) + goto err; + + /* Now call OpenSSL to check and set our genTime value */ + if (!asn1_time && !(asn1_time = ASN1_GENERALIZEDTIME_new())) + goto err; + if (!ASN1_GENERALIZEDTIME_set_string(asn1_time, genTime_str)) { + ASN1_GENERALIZEDTIME_free(asn1_time); + goto err; + } + + return asn1_time; + +err: + TSerror(TS_R_COULD_NOT_SET_TIME); + return NULL; +} diff --git a/src/lib/libcrypto/ts/ts_rsp_utils.c b/src/lib/libcrypto/ts/ts_rsp_utils.c new file mode 100644 index 00000000000..233df867acd --- /dev/null +++ b/src/lib/libcrypto/ts/ts_rsp_utils.c @@ -0,0 +1,434 @@ +/* $OpenBSD: ts_rsp_utils.c,v 1.7 2018/05/13 15:35:46 tb Exp $ */ +/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL + * project 2002. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include + +#include +#include +#include +#include + +/* Function definitions. */ + +int +TS_RESP_set_status_info(TS_RESP *a, TS_STATUS_INFO *status_info) +{ + TS_STATUS_INFO *new_status_info; + + if (a->status_info == status_info) + return 1; + new_status_info = TS_STATUS_INFO_dup(status_info); + if (new_status_info == NULL) { + TSerror(ERR_R_MALLOC_FAILURE); + return 0; + } + TS_STATUS_INFO_free(a->status_info); + a->status_info = new_status_info; + + return 1; +} + +TS_STATUS_INFO * +TS_RESP_get_status_info(TS_RESP *a) +{ + return a->status_info; +} + +/* Caller loses ownership of PKCS7 and TS_TST_INFO objects. */ +void +TS_RESP_set_tst_info(TS_RESP *a, PKCS7 *p7, TS_TST_INFO *tst_info) +{ + /* Set new PKCS7 and TST_INFO objects. */ + PKCS7_free(a->token); + a->token = p7; + TS_TST_INFO_free(a->tst_info); + a->tst_info = tst_info; +} + +PKCS7 * +TS_RESP_get_token(TS_RESP *a) +{ + return a->token; +} + +TS_TST_INFO * +TS_RESP_get_tst_info(TS_RESP *a) +{ + return a->tst_info; +} + +int +TS_TST_INFO_set_version(TS_TST_INFO *a, long version) +{ + return ASN1_INTEGER_set(a->version, version); +} + +long +TS_TST_INFO_get_version(const TS_TST_INFO *a) +{ + return ASN1_INTEGER_get(a->version); +} + +int +TS_TST_INFO_set_policy_id(TS_TST_INFO *a, ASN1_OBJECT *policy) +{ + ASN1_OBJECT *new_policy; + + if (a->policy_id == policy) + return 1; + new_policy = OBJ_dup(policy); + if (new_policy == NULL) { + TSerror(ERR_R_MALLOC_FAILURE); + return 0; + } + ASN1_OBJECT_free(a->policy_id); + a->policy_id = new_policy; + return 1; +} + +ASN1_OBJECT * +TS_TST_INFO_get_policy_id(TS_TST_INFO *a) +{ + return a->policy_id; +} + +int +TS_TST_INFO_set_msg_imprint(TS_TST_INFO *a, TS_MSG_IMPRINT *msg_imprint) +{ + TS_MSG_IMPRINT *new_msg_imprint; + + if (a->msg_imprint == msg_imprint) + return 1; + new_msg_imprint = TS_MSG_IMPRINT_dup(msg_imprint); + if (new_msg_imprint == NULL) { + TSerror(ERR_R_MALLOC_FAILURE); + return 0; + } + TS_MSG_IMPRINT_free(a->msg_imprint); + a->msg_imprint = new_msg_imprint; + return 1; +} + +TS_MSG_IMPRINT * +TS_TST_INFO_get_msg_imprint(TS_TST_INFO *a) +{ + return a->msg_imprint; +} + +int +TS_TST_INFO_set_serial(TS_TST_INFO *a, const ASN1_INTEGER *serial) +{ + ASN1_INTEGER *new_serial; + + if (a->serial == serial) + return 1; + new_serial = ASN1_INTEGER_dup(serial); + if (new_serial == NULL) { + TSerror(ERR_R_MALLOC_FAILURE); + return 0; + } + ASN1_INTEGER_free(a->serial); + a->serial = new_serial; + return 1; +} + +const ASN1_INTEGER * +TS_TST_INFO_get_serial(const TS_TST_INFO *a) +{ + return a->serial; +} + +int +TS_TST_INFO_set_time(TS_TST_INFO *a, const ASN1_GENERALIZEDTIME *gtime) +{ + ASN1_GENERALIZEDTIME *new_time; + + if (a->time == gtime) + return 1; + new_time = ASN1_STRING_dup(gtime); + if (new_time == NULL) { + TSerror(ERR_R_MALLOC_FAILURE); + return 0; + } + ASN1_GENERALIZEDTIME_free(a->time); + a->time = new_time; + return 1; +} + +const ASN1_GENERALIZEDTIME * +TS_TST_INFO_get_time(const TS_TST_INFO *a) +{ + return a->time; +} + +int +TS_TST_INFO_set_accuracy(TS_TST_INFO *a, TS_ACCURACY *accuracy) +{ + TS_ACCURACY *new_accuracy; + + if (a->accuracy == accuracy) + return 1; + new_accuracy = TS_ACCURACY_dup(accuracy); + if (new_accuracy == NULL) { + TSerror(ERR_R_MALLOC_FAILURE); + return 0; + } + TS_ACCURACY_free(a->accuracy); + a->accuracy = new_accuracy; + return 1; +} + +TS_ACCURACY * +TS_TST_INFO_get_accuracy(TS_TST_INFO *a) +{ + return a->accuracy; +} + +int +TS_ACCURACY_set_seconds(TS_ACCURACY *a, const ASN1_INTEGER *seconds) +{ + ASN1_INTEGER *new_seconds; + + if (a->seconds == seconds) + return 1; + new_seconds = ASN1_INTEGER_dup(seconds); + if (new_seconds == NULL) { + TSerror(ERR_R_MALLOC_FAILURE); + return 0; + } + ASN1_INTEGER_free(a->seconds); + a->seconds = new_seconds; + return 1; +} + +const ASN1_INTEGER * +TS_ACCURACY_get_seconds(const TS_ACCURACY *a) +{ + return a->seconds; +} + +int +TS_ACCURACY_set_millis(TS_ACCURACY *a, const ASN1_INTEGER *millis) +{ + ASN1_INTEGER *new_millis = NULL; + + if (a->millis == millis) + return 1; + if (millis != NULL) { + new_millis = ASN1_INTEGER_dup(millis); + if (new_millis == NULL) { + TSerror(ERR_R_MALLOC_FAILURE); + return 0; + } + } + ASN1_INTEGER_free(a->millis); + a->millis = new_millis; + return 1; +} + +const ASN1_INTEGER * +TS_ACCURACY_get_millis(const TS_ACCURACY *a) +{ + return a->millis; +} + +int +TS_ACCURACY_set_micros(TS_ACCURACY *a, const ASN1_INTEGER *micros) +{ + ASN1_INTEGER *new_micros = NULL; + + if (a->micros == micros) + return 1; + if (micros != NULL) { + new_micros = ASN1_INTEGER_dup(micros); + if (new_micros == NULL) { + TSerror(ERR_R_MALLOC_FAILURE); + return 0; + } + } + ASN1_INTEGER_free(a->micros); + a->micros = new_micros; + return 1; +} + +const ASN1_INTEGER * +TS_ACCURACY_get_micros(const TS_ACCURACY *a) +{ + return a->micros; +} + +int +TS_TST_INFO_set_ordering(TS_TST_INFO *a, int ordering) +{ + a->ordering = ordering ? 0xFF : 0x00; + return 1; +} + +int +TS_TST_INFO_get_ordering(const TS_TST_INFO *a) +{ + return a->ordering ? 1 : 0; +} + +int +TS_TST_INFO_set_nonce(TS_TST_INFO *a, const ASN1_INTEGER *nonce) +{ + ASN1_INTEGER *new_nonce; + + if (a->nonce == nonce) + return 1; + new_nonce = ASN1_INTEGER_dup(nonce); + if (new_nonce == NULL) { + TSerror(ERR_R_MALLOC_FAILURE); + return 0; + } + ASN1_INTEGER_free(a->nonce); + a->nonce = new_nonce; + return 1; +} + +const ASN1_INTEGER * +TS_TST_INFO_get_nonce(const TS_TST_INFO *a) +{ + return a->nonce; +} + +int +TS_TST_INFO_set_tsa(TS_TST_INFO *a, GENERAL_NAME *tsa) +{ + GENERAL_NAME *new_tsa; + + if (a->tsa == tsa) + return 1; + new_tsa = GENERAL_NAME_dup(tsa); + if (new_tsa == NULL) { + TSerror(ERR_R_MALLOC_FAILURE); + return 0; + } + GENERAL_NAME_free(a->tsa); + a->tsa = new_tsa; + return 1; +} + +GENERAL_NAME * +TS_TST_INFO_get_tsa(TS_TST_INFO *a) +{ + return a->tsa; +} + +STACK_OF(X509_EXTENSION) *TS_TST_INFO_get_exts(TS_TST_INFO *a) +{ + return a->extensions; +} + +void +TS_TST_INFO_ext_free(TS_TST_INFO *a) +{ + if (!a) + return; + sk_X509_EXTENSION_pop_free(a->extensions, X509_EXTENSION_free); + a->extensions = NULL; +} + +int +TS_TST_INFO_get_ext_count(TS_TST_INFO *a) +{ + return X509v3_get_ext_count(a->extensions); +} + +int +TS_TST_INFO_get_ext_by_NID(TS_TST_INFO *a, int nid, int lastpos) +{ + return X509v3_get_ext_by_NID(a->extensions, nid, lastpos); +} + +int +TS_TST_INFO_get_ext_by_OBJ(TS_TST_INFO *a, const ASN1_OBJECT *obj, int lastpos) +{ + return X509v3_get_ext_by_OBJ(a->extensions, obj, lastpos); +} + +int +TS_TST_INFO_get_ext_by_critical(TS_TST_INFO *a, int crit, int lastpos) +{ + return X509v3_get_ext_by_critical(a->extensions, crit, lastpos); +} + +X509_EXTENSION * +TS_TST_INFO_get_ext(TS_TST_INFO *a, int loc) +{ + return X509v3_get_ext(a->extensions, loc); +} + +X509_EXTENSION * +TS_TST_INFO_delete_ext(TS_TST_INFO *a, int loc) +{ + return X509v3_delete_ext(a->extensions, loc); +} + +int +TS_TST_INFO_add_ext(TS_TST_INFO *a, X509_EXTENSION *ex, int loc) +{ + return X509v3_add_ext(&a->extensions, ex, loc) != NULL; +} + +void * +TS_TST_INFO_get_ext_d2i(TS_TST_INFO *a, int nid, int *crit, int *idx) +{ + return X509V3_get_d2i(a->extensions, nid, crit, idx); +} diff --git a/src/lib/libcrypto/ts/ts_rsp_verify.c b/src/lib/libcrypto/ts/ts_rsp_verify.c new file mode 100644 index 00000000000..36ead0671a9 --- /dev/null +++ b/src/lib/libcrypto/ts/ts_rsp_verify.c @@ -0,0 +1,745 @@ +/* $OpenBSD: ts_rsp_verify.c,v 1.18 2017/01/29 17:49:23 beck Exp $ */ +/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL + * project 2002. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include + +#include +#include +#include +#include + +/* Private function declarations. */ + +static int TS_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted, + X509 *signer, STACK_OF(X509) **chain); +static int TS_check_signing_certs(PKCS7_SIGNER_INFO *si, STACK_OF(X509) *chain); +static ESS_SIGNING_CERT *ESS_get_signing_cert(PKCS7_SIGNER_INFO *si); +static int TS_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert); +static int TS_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509_CINF *cinfo); +static int int_TS_RESP_verify_token(TS_VERIFY_CTX *ctx, + PKCS7 *token, TS_TST_INFO *tst_info); +static int TS_check_status_info(TS_RESP *response); +static char *TS_get_status_text(STACK_OF(ASN1_UTF8STRING) *text); +static int TS_check_policy(ASN1_OBJECT *req_oid, TS_TST_INFO *tst_info); +static int TS_compute_imprint(BIO *data, TS_TST_INFO *tst_info, + X509_ALGOR **md_alg, + unsigned char **imprint, unsigned *imprint_len); +static int TS_check_imprints(X509_ALGOR *algor_a, + unsigned char *imprint_a, unsigned len_a, + TS_TST_INFO *tst_info); +static int TS_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info); +static int TS_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer); +static int TS_find_name(STACK_OF(GENERAL_NAME) *gen_names, GENERAL_NAME *name); + +/* + * Local mapping between response codes and descriptions. + * Don't forget to change TS_STATUS_BUF_SIZE when modifying + * the elements of this array. + */ +static const char *TS_status_text[] = { + "granted", + "grantedWithMods", + "rejection", + "waiting", + "revocationWarning", + "revocationNotification" +}; + +#define TS_STATUS_TEXT_SIZE (sizeof(TS_status_text)/sizeof(*TS_status_text)) + +/* + * This must be greater or equal to the sum of the strings in TS_status_text + * plus the number of its elements. + */ +#define TS_STATUS_BUF_SIZE 256 + +static struct { + int code; + const char *text; +} TS_failure_info[] = { + { TS_INFO_BAD_ALG, "badAlg" }, + { TS_INFO_BAD_REQUEST, "badRequest" }, + { TS_INFO_BAD_DATA_FORMAT, "badDataFormat" }, + { TS_INFO_TIME_NOT_AVAILABLE, "timeNotAvailable" }, + { TS_INFO_UNACCEPTED_POLICY, "unacceptedPolicy" }, + { TS_INFO_UNACCEPTED_EXTENSION, "unacceptedExtension" }, + { TS_INFO_ADD_INFO_NOT_AVAILABLE, "addInfoNotAvailable" }, + { TS_INFO_SYSTEM_FAILURE, "systemFailure" } +}; + +#define TS_FAILURE_INFO_SIZE (sizeof(TS_failure_info) / \ + sizeof(*TS_failure_info)) + +/* Functions for verifying a signed TS_TST_INFO structure. */ + +/* + * This function carries out the following tasks: + * - Checks if there is one and only one signer. + * - Search for the signing certificate in 'certs' and in the response. + * - Check the extended key usage and key usage fields of the signer + * certificate (done by the path validation). + * - Build and validate the certificate path. + * - Check if the certificate path meets the requirements of the + * SigningCertificate ESS signed attribute. + * - Verify the signature value. + * - Returns the signer certificate in 'signer', if 'signer' is not NULL. + */ +int +TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs, + X509_STORE *store, X509 **signer_out) +{ + STACK_OF(PKCS7_SIGNER_INFO) *sinfos = NULL; + PKCS7_SIGNER_INFO *si; + STACK_OF(X509) *signers = NULL; + X509 *signer; + STACK_OF(X509) *chain = NULL; + char buf[4096]; + int i, j = 0, ret = 0; + BIO *p7bio = NULL; + + /* Some sanity checks first. */ + if (!token) { + TSerror(TS_R_INVALID_NULL_POINTER); + goto err; + } + + /* Check for the correct content type */ + if (!PKCS7_type_is_signed(token)) { + TSerror(TS_R_WRONG_CONTENT_TYPE); + goto err; + } + + /* Check if there is one and only one signer. */ + sinfos = PKCS7_get_signer_info(token); + if (!sinfos || sk_PKCS7_SIGNER_INFO_num(sinfos) != 1) { + TSerror(TS_R_THERE_MUST_BE_ONE_SIGNER); + goto err; + } + si = sk_PKCS7_SIGNER_INFO_value(sinfos, 0); + + /* Check for no content: no data to verify signature. */ + if (PKCS7_get_detached(token)) { + TSerror(TS_R_NO_CONTENT); + goto err; + } + + /* Get hold of the signer certificate, search only internal + certificates if it was requested. */ + signers = PKCS7_get0_signers(token, certs, 0); + if (!signers || sk_X509_num(signers) != 1) + goto err; + signer = sk_X509_value(signers, 0); + + /* Now verify the certificate. */ + if (!TS_verify_cert(store, certs, signer, &chain)) + goto err; + + /* Check if the signer certificate is consistent with the + ESS extension. */ + if (!TS_check_signing_certs(si, chain)) + goto err; + + /* Creating the message digest. */ + p7bio = PKCS7_dataInit(token, NULL); + + /* We now have to 'read' from p7bio to calculate digests etc. */ + while ((i = BIO_read(p7bio, buf, sizeof(buf))) > 0) + ; + + /* Verifying the signature. */ + j = PKCS7_signatureVerify(p7bio, token, si, signer); + if (j <= 0) { + TSerror(TS_R_SIGNATURE_FAILURE); + goto err; + } + + /* Return the signer certificate if needed. */ + if (signer_out) { + *signer_out = signer; + CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509); + } + + ret = 1; + +err: + BIO_free_all(p7bio); + sk_X509_pop_free(chain, X509_free); + sk_X509_free(signers); + + return ret; +} + +/* + * The certificate chain is returned in chain. Caller is responsible for + * freeing the vector. + */ +static int +TS_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted, X509 *signer, + STACK_OF(X509) **chain) +{ + X509_STORE_CTX cert_ctx; + int i; + int ret = 0; + + /* chain is an out argument. */ + *chain = NULL; + if (X509_STORE_CTX_init(&cert_ctx, store, signer, untrusted) == 0) { + TSerror(ERR_R_X509_LIB); + goto err; + } + if (X509_STORE_CTX_set_purpose(&cert_ctx, + X509_PURPOSE_TIMESTAMP_SIGN) == 0) + goto err; + i = X509_verify_cert(&cert_ctx); + if (i <= 0) { + int j = X509_STORE_CTX_get_error(&cert_ctx); + + TSerror(TS_R_CERTIFICATE_VERIFY_ERROR); + ERR_asprintf_error_data("Verify error:%s", + X509_verify_cert_error_string(j)); + goto err; + } else { + /* Get a copy of the certificate chain. */ + *chain = X509_STORE_CTX_get1_chain(&cert_ctx); + ret = 1; + } + +err: + X509_STORE_CTX_cleanup(&cert_ctx); + + return ret; +} + +static int +TS_check_signing_certs(PKCS7_SIGNER_INFO *si, STACK_OF(X509) *chain) +{ + ESS_SIGNING_CERT *ss = ESS_get_signing_cert(si); + STACK_OF(ESS_CERT_ID) *cert_ids = NULL; + X509 *cert; + int i = 0; + int ret = 0; + + if (!ss) + goto err; + cert_ids = ss->cert_ids; + /* The signer certificate must be the first in cert_ids. */ + cert = sk_X509_value(chain, 0); + if (TS_find_cert(cert_ids, cert) != 0) + goto err; + + /* Check the other certificates of the chain if there are more + than one certificate ids in cert_ids. */ + if (sk_ESS_CERT_ID_num(cert_ids) > 1) { + /* All the certificates of the chain must be in cert_ids. */ + for (i = 1; i < sk_X509_num(chain); ++i) { + cert = sk_X509_value(chain, i); + if (TS_find_cert(cert_ids, cert) < 0) + goto err; + } + } + ret = 1; + +err: + if (!ret) + TSerror(TS_R_ESS_SIGNING_CERTIFICATE_ERROR); + ESS_SIGNING_CERT_free(ss); + return ret; +} + +static ESS_SIGNING_CERT * +ESS_get_signing_cert(PKCS7_SIGNER_INFO *si) +{ + ASN1_TYPE *attr; + const unsigned char *p; + + attr = PKCS7_get_signed_attribute(si, + NID_id_smime_aa_signingCertificate); + if (!attr) + return NULL; + if (attr->type != V_ASN1_SEQUENCE) + return NULL; + p = attr->value.sequence->data; + return d2i_ESS_SIGNING_CERT(NULL, &p, attr->value.sequence->length); +} + +/* Returns < 0 if certificate is not found, certificate index otherwise. */ +static int +TS_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert) +{ + int i; + + if (!cert_ids || !cert) + return -1; + + /* Recompute SHA1 hash of certificate if necessary (side effect). */ + X509_check_purpose(cert, -1, 0); + + /* Look for cert in the cert_ids vector. */ + for (i = 0; i < sk_ESS_CERT_ID_num(cert_ids); ++i) { + ESS_CERT_ID *cid = sk_ESS_CERT_ID_value(cert_ids, i); + + /* Check the SHA-1 hash first. */ + if (cid->hash->length == sizeof(cert->sha1_hash) && + !memcmp(cid->hash->data, cert->sha1_hash, + sizeof(cert->sha1_hash))) { + /* Check the issuer/serial as well if specified. */ + ESS_ISSUER_SERIAL *is = cid->issuer_serial; + if (!is || !TS_issuer_serial_cmp(is, cert->cert_info)) + return i; + } + } + + return -1; +} + +static int +TS_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509_CINF *cinfo) +{ + GENERAL_NAME *issuer; + + if (!is || !cinfo || sk_GENERAL_NAME_num(is->issuer) != 1) + return -1; + + /* Check the issuer first. It must be a directory name. */ + issuer = sk_GENERAL_NAME_value(is->issuer, 0); + if (issuer->type != GEN_DIRNAME || + X509_NAME_cmp(issuer->d.dirn, cinfo->issuer)) + return -1; + + /* Check the serial number, too. */ + if (ASN1_INTEGER_cmp(is->serial, cinfo->serialNumber)) + return -1; + + return 0; +} + +/* + * Verifies whether 'response' contains a valid response with regards + * to the settings of the context: + * - Gives an error message if the TS_TST_INFO is not present. + * - Calls _TS_RESP_verify_token to verify the token content. + */ +int +TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response) +{ + PKCS7 *token = TS_RESP_get_token(response); + TS_TST_INFO *tst_info = TS_RESP_get_tst_info(response); + int ret = 0; + + /* Check if we have a successful TS_TST_INFO object in place. */ + if (!TS_check_status_info(response)) + goto err; + + /* Check the contents of the time stamp token. */ + if (!int_TS_RESP_verify_token(ctx, token, tst_info)) + goto err; + + ret = 1; + +err: + return ret; +} + +/* + * Tries to extract a TS_TST_INFO structure from the PKCS7 token and + * calls the internal int_TS_RESP_verify_token function for verifying it. + */ +int +TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token) +{ + TS_TST_INFO *tst_info = PKCS7_to_TS_TST_INFO(token); + int ret = 0; + + if (tst_info) { + ret = int_TS_RESP_verify_token(ctx, token, tst_info); + TS_TST_INFO_free(tst_info); + } + return ret; +} + +/* + * Verifies whether the 'token' contains a valid time stamp token + * with regards to the settings of the context. Only those checks are + * carried out that are specified in the context: + * - Verifies the signature of the TS_TST_INFO. + * - Checks the version number of the response. + * - Check if the requested and returned policies math. + * - Check if the message imprints are the same. + * - Check if the nonces are the same. + * - Check if the TSA name matches the signer. + * - Check if the TSA name is the expected TSA. + */ +static int +int_TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token, + TS_TST_INFO *tst_info) +{ + X509 *signer = NULL; + GENERAL_NAME *tsa_name = TS_TST_INFO_get_tsa(tst_info); + X509_ALGOR *md_alg = NULL; + unsigned char *imprint = NULL; + unsigned imprint_len = 0; + int ret = 0; + + /* Verify the signature. */ + if ((ctx->flags & TS_VFY_SIGNATURE) && + !TS_RESP_verify_signature(token, ctx->certs, ctx->store, &signer)) + goto err; + + /* Check version number of response. */ + if ((ctx->flags & TS_VFY_VERSION) && + TS_TST_INFO_get_version(tst_info) != 1) { + TSerror(TS_R_UNSUPPORTED_VERSION); + goto err; + } + + /* Check policies. */ + if ((ctx->flags & TS_VFY_POLICY) && + !TS_check_policy(ctx->policy, tst_info)) + goto err; + + /* Check message imprints. */ + if ((ctx->flags & TS_VFY_IMPRINT) && + !TS_check_imprints(ctx->md_alg, ctx->imprint, ctx->imprint_len, + tst_info)) + goto err; + + /* Compute and check message imprints. */ + if ((ctx->flags & TS_VFY_DATA) && + (!TS_compute_imprint(ctx->data, tst_info, + &md_alg, &imprint, &imprint_len) || + !TS_check_imprints(md_alg, imprint, imprint_len, tst_info))) + goto err; + + /* Check nonces. */ + if ((ctx->flags & TS_VFY_NONCE) && + !TS_check_nonces(ctx->nonce, tst_info)) + goto err; + + /* Check whether TSA name and signer certificate match. */ + if ((ctx->flags & TS_VFY_SIGNER) && + tsa_name && !TS_check_signer_name(tsa_name, signer)) { + TSerror(TS_R_TSA_NAME_MISMATCH); + goto err; + } + + /* Check whether the TSA is the expected one. */ + if ((ctx->flags & TS_VFY_TSA_NAME) && + !TS_check_signer_name(ctx->tsa_name, signer)) { + TSerror(TS_R_TSA_UNTRUSTED); + goto err; + } + + ret = 1; + +err: + X509_free(signer); + X509_ALGOR_free(md_alg); + free(imprint); + return ret; +} + +static int +TS_check_status_info(TS_RESP *response) +{ + TS_STATUS_INFO *info = TS_RESP_get_status_info(response); + long status = ASN1_INTEGER_get(info->status); + const char *status_text = NULL; + char *embedded_status_text = NULL; + char failure_text[TS_STATUS_BUF_SIZE] = ""; + + /* Check if everything went fine. */ + if (status == 0 || status == 1) + return 1; + + /* There was an error, get the description in status_text. */ + if (0 <= status && status < (long)TS_STATUS_TEXT_SIZE) + status_text = TS_status_text[status]; + else + status_text = "unknown code"; + + /* Set the embedded_status_text to the returned description. */ + if (sk_ASN1_UTF8STRING_num(info->text) > 0 && + !(embedded_status_text = TS_get_status_text(info->text))) + return 0; + + /* Filling in failure_text with the failure information. */ + if (info->failure_info) { + int i; + int first = 1; + for (i = 0; i < (int)TS_FAILURE_INFO_SIZE; ++i) { + if (ASN1_BIT_STRING_get_bit(info->failure_info, + TS_failure_info[i].code)) { + if (!first) + strlcat(failure_text, ",", + TS_STATUS_BUF_SIZE); + else + first = 0; + strlcat(failure_text, TS_failure_info[i].text, + TS_STATUS_BUF_SIZE); + } + } + } + if (failure_text[0] == '\0') + strlcpy(failure_text, "unspecified", TS_STATUS_BUF_SIZE); + + /* Making up the error string. */ + TSerror(TS_R_NO_TIME_STAMP_TOKEN); + ERR_asprintf_error_data + ("status code: %s, status text: %s, failure codes: %s", + status_text, + embedded_status_text ? embedded_status_text : "unspecified", + failure_text); + free(embedded_status_text); + + return 0; +} + +static char * +TS_get_status_text(STACK_OF(ASN1_UTF8STRING) *text) +{ + int i; + unsigned int length = 0; + char *result = NULL; + + /* Determine length first. */ + for (i = 0; i < sk_ASN1_UTF8STRING_num(text); ++i) { + ASN1_UTF8STRING *current = sk_ASN1_UTF8STRING_value(text, i); + length += ASN1_STRING_length(current); + length += 1; /* separator character */ + } + /* Allocate memory (closing '\0' included). */ + if (!(result = malloc(length))) { + TSerror(ERR_R_MALLOC_FAILURE); + return NULL; + } + /* Concatenate the descriptions. */ + result[0] = '\0'; + for (i = 0; i < sk_ASN1_UTF8STRING_num(text); ++i) { + ASN1_UTF8STRING *current = sk_ASN1_UTF8STRING_value(text, i); + if (i > 0) + strlcat(result, "/", length); + strlcat(result, (const char *)ASN1_STRING_data(current), length); + } + return result; +} + +static int +TS_check_policy(ASN1_OBJECT *req_oid, TS_TST_INFO *tst_info) +{ + ASN1_OBJECT *resp_oid = TS_TST_INFO_get_policy_id(tst_info); + + if (OBJ_cmp(req_oid, resp_oid) != 0) { + TSerror(TS_R_POLICY_MISMATCH); + return 0; + } + + return 1; +} + +static int +TS_compute_imprint(BIO *data, TS_TST_INFO *tst_info, X509_ALGOR **md_alg, + unsigned char **imprint, unsigned *imprint_len) +{ + TS_MSG_IMPRINT *msg_imprint = TS_TST_INFO_get_msg_imprint(tst_info); + X509_ALGOR *md_alg_resp = TS_MSG_IMPRINT_get_algo(msg_imprint); + const EVP_MD *md; + EVP_MD_CTX md_ctx; + unsigned char buffer[4096]; + int length; + + *md_alg = NULL; + *imprint = NULL; + + /* Return the MD algorithm of the response. */ + if (!(*md_alg = X509_ALGOR_dup(md_alg_resp))) + goto err; + + /* Getting the MD object. */ + if (!(md = EVP_get_digestbyobj((*md_alg)->algorithm))) { + TSerror(TS_R_UNSUPPORTED_MD_ALGORITHM); + goto err; + } + + /* Compute message digest. */ + length = EVP_MD_size(md); + if (length < 0) + goto err; + *imprint_len = length; + if (!(*imprint = malloc(*imprint_len))) { + TSerror(ERR_R_MALLOC_FAILURE); + goto err; + } + + if (!EVP_DigestInit(&md_ctx, md)) + goto err; + while ((length = BIO_read(data, buffer, sizeof(buffer))) > 0) { + if (!EVP_DigestUpdate(&md_ctx, buffer, length)) + goto err; + } + if (!EVP_DigestFinal(&md_ctx, *imprint, NULL)) + goto err; + + return 1; + +err: + X509_ALGOR_free(*md_alg); + free(*imprint); + *imprint = NULL; + *imprint_len = 0; + return 0; +} + +static int +TS_check_imprints(X509_ALGOR *algor_a, unsigned char *imprint_a, unsigned len_a, + TS_TST_INFO *tst_info) +{ + TS_MSG_IMPRINT *b = TS_TST_INFO_get_msg_imprint(tst_info); + X509_ALGOR *algor_b = TS_MSG_IMPRINT_get_algo(b); + int ret = 0; + + /* algor_a is optional. */ + if (algor_a) { + /* Compare algorithm OIDs. */ + if (OBJ_cmp(algor_a->algorithm, algor_b->algorithm)) + goto err; + + /* The parameter must be NULL in both. */ + if ((algor_a->parameter && + ASN1_TYPE_get(algor_a->parameter) != V_ASN1_NULL) || + (algor_b->parameter && + ASN1_TYPE_get(algor_b->parameter) != V_ASN1_NULL)) + goto err; + } + + /* Compare octet strings. */ + ret = len_a == (unsigned) ASN1_STRING_length(b->hashed_msg) && + memcmp(imprint_a, ASN1_STRING_data(b->hashed_msg), len_a) == 0; + +err: + if (!ret) + TSerror(TS_R_MESSAGE_IMPRINT_MISMATCH); + return ret; +} + +static int +TS_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info) +{ + const ASN1_INTEGER *b = TS_TST_INFO_get_nonce(tst_info); + + /* Error if nonce is missing. */ + if (!b) { + TSerror(TS_R_NONCE_NOT_RETURNED); + return 0; + } + + /* No error if a nonce is returned without being requested. */ + if (ASN1_INTEGER_cmp(a, b) != 0) { + TSerror(TS_R_NONCE_MISMATCH); + return 0; + } + + return 1; +} + +/* Check if the specified TSA name matches either the subject + or one of the subject alternative names of the TSA certificate. */ +static int +TS_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer) +{ + STACK_OF(GENERAL_NAME) *gen_names = NULL; + int idx = -1; + int found = 0; + + if (signer == NULL) + return 0; + + /* Check the subject name first. */ + if (tsa_name->type == GEN_DIRNAME && + X509_name_cmp(tsa_name->d.dirn, signer->cert_info->subject) == 0) + return 1; + + /* Check all the alternative names. */ + gen_names = X509_get_ext_d2i(signer, NID_subject_alt_name, + NULL, &idx); + while (gen_names != NULL && + !(found = (TS_find_name(gen_names, tsa_name) >= 0))) { + /* Get the next subject alternative name, + although there should be no more than one. */ + GENERAL_NAMES_free(gen_names); + gen_names = X509_get_ext_d2i(signer, NID_subject_alt_name, + NULL, &idx); + } + if (gen_names) + GENERAL_NAMES_free(gen_names); + + return found; +} + +/* Returns 1 if name is in gen_names, 0 otherwise. */ +static int +TS_find_name(STACK_OF(GENERAL_NAME) *gen_names, GENERAL_NAME *name) +{ + int i, found; + for (i = 0, found = 0; !found && i < sk_GENERAL_NAME_num(gen_names); + ++i) { + GENERAL_NAME *current = sk_GENERAL_NAME_value(gen_names, i); + found = GENERAL_NAME_cmp(current, name) == 0; + } + return found ? i - 1 : -1; +} diff --git a/src/lib/libcrypto/ts/ts_verify_ctx.c b/src/lib/libcrypto/ts/ts_verify_ctx.c new file mode 100644 index 00000000000..7608a7d1093 --- /dev/null +++ b/src/lib/libcrypto/ts/ts_verify_ctx.c @@ -0,0 +1,166 @@ +/* $OpenBSD: ts_verify_ctx.c,v 1.9 2017/01/29 17:49:23 beck Exp $ */ +/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL + * project 2003. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include + +#include +#include +#include + +TS_VERIFY_CTX * +TS_VERIFY_CTX_new(void) +{ + TS_VERIFY_CTX *ctx = calloc(1, sizeof(TS_VERIFY_CTX)); + + if (!ctx) + TSerror(ERR_R_MALLOC_FAILURE); + + return ctx; +} + +void +TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx) +{ + memset(ctx, 0, sizeof(TS_VERIFY_CTX)); +} + +void +TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx) +{ + if (!ctx) + return; + + TS_VERIFY_CTX_cleanup(ctx); + free(ctx); +} + +void +TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx) +{ + if (!ctx) + return; + + X509_STORE_free(ctx->store); + sk_X509_pop_free(ctx->certs, X509_free); + + ASN1_OBJECT_free(ctx->policy); + + X509_ALGOR_free(ctx->md_alg); + free(ctx->imprint); + + BIO_free_all(ctx->data); + + ASN1_INTEGER_free(ctx->nonce); + + GENERAL_NAME_free(ctx->tsa_name); + + TS_VERIFY_CTX_init(ctx); +} + +TS_VERIFY_CTX * +TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx) +{ + TS_VERIFY_CTX *ret = ctx; + ASN1_OBJECT *policy; + TS_MSG_IMPRINT *imprint; + X509_ALGOR *md_alg; + ASN1_OCTET_STRING *msg; + const ASN1_INTEGER *nonce; + + if (ret) + TS_VERIFY_CTX_cleanup(ret); + else if (!(ret = TS_VERIFY_CTX_new())) + return NULL; + + /* Setting flags. */ + ret->flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE); + + /* Setting policy. */ + if ((policy = TS_REQ_get_policy_id(req)) != NULL) { + if (!(ret->policy = OBJ_dup(policy))) + goto err; + } else + ret->flags &= ~TS_VFY_POLICY; + + /* Setting md_alg, imprint and imprint_len. */ + imprint = TS_REQ_get_msg_imprint(req); + md_alg = TS_MSG_IMPRINT_get_algo(imprint); + if (!(ret->md_alg = X509_ALGOR_dup(md_alg))) + goto err; + msg = TS_MSG_IMPRINT_get_msg(imprint); + ret->imprint_len = ASN1_STRING_length(msg); + if (!(ret->imprint = malloc(ret->imprint_len))) + goto err; + memcpy(ret->imprint, ASN1_STRING_data(msg), ret->imprint_len); + + /* Setting nonce. */ + if ((nonce = TS_REQ_get_nonce(req)) != NULL) { + if (!(ret->nonce = ASN1_INTEGER_dup(nonce))) + goto err; + } else + ret->flags &= ~TS_VFY_NONCE; + + return ret; + +err: + if (ctx) + TS_VERIFY_CTX_cleanup(ctx); + else + TS_VERIFY_CTX_free(ret); + return NULL; +} diff --git a/src/lib/libcrypto/txt_db/Makefile.ssl b/src/lib/libcrypto/txt_db/Makefile.ssl deleted file mode 100644 index 8e697fc8633..00000000000 --- a/src/lib/libcrypto/txt_db/Makefile.ssl +++ /dev/null @@ -1,88 +0,0 @@ -# -# SSLeay/crypto/txt_db/Makefile -# - -DIR= txt_db -TOP= ../.. -CC= cc -INCLUDES= -CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKE= make -f Makefile.ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) -MAKEFILE= Makefile.ssl -AR= ar r - -CFLAGS= $(INCLUDES) $(CFLAG) - -GENERAL=Makefile -TEST= -APPS= - -LIB=$(TOP)/libcrypto.a -LIBSRC=txt_db.c -LIBOBJ=txt_db.o - -SRC= $(LIBSRC) - -EXHEADER= txt_db.h -HEADER= $(EXHEADER) - -ALL= $(GENERAL) $(SRC) $(HEADER) - -top: - (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) - -all: lib - -lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) || echo Never mind. - @touch lib - -files: - $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO - -links: - @sh $(TOP)/util/point.sh Makefile.ssl Makefile - @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) - @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) - @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) - -install: - @for i in $(EXHEADER) ; \ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; - -tags: - ctags $(SRC) - -tests: - -lint: - lint -DLINT $(INCLUDES) $(SRC)>fluff - -depend: - $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) - -dclean: - $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new - mv -f Makefile.new $(MAKEFILE) - -clean: - rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff - -# DO NOT DELETE THIS LINE -- make depend depends on it. - -txt_db.o: ../../e_os.h ../../include/openssl/bio.h -txt_db.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -txt_db.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -txt_db.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -txt_db.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -txt_db.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -txt_db.o: ../../include/openssl/txt_db.h ../cryptlib.h txt_db.c diff --git a/src/lib/libcrypto/txt_db/txt_db.c b/src/lib/libcrypto/txt_db/txt_db.c index 9b186f2da53..26df76a9c2a 100644 --- a/src/lib/libcrypto/txt_db/txt_db.c +++ b/src/lib/libcrypto/txt_db/txt_db.c @@ -1,25 +1,25 @@ -/* crypto/txt_db/txt_db.c */ +/* $OpenBSD: txt_db.c,v 1.18 2014/07/11 08:44:49 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -59,325 +59,314 @@ #include #include #include -#include "cryptlib.h" + #include #include #undef BUFSIZE #define BUFSIZE 512 -const char *TXT_DB_version="TXT_DB" OPENSSL_VERSION_PTEXT; - -TXT_DB *TXT_DB_read(BIO *in, int num) - { - TXT_DB *ret=NULL; - int er=1; - int esc=0; - long ln=0; - int i,add,n; - int size=BUFSIZE; - int offset=0; - char *p,**pp,*f; - BUF_MEM *buf=NULL; +TXT_DB * +TXT_DB_read(BIO *in, int num) +{ + TXT_DB *ret = NULL; + int er = 1; + int esc = 0; + long ln = 0; + int i, add, n; + int size = BUFSIZE; + int offset = 0; + char *p, *f; + OPENSSL_STRING *pp; + BUF_MEM *buf = NULL; - if ((buf=BUF_MEM_new()) == NULL) goto err; - if (!BUF_MEM_grow(buf,size)) goto err; + if ((buf = BUF_MEM_new()) == NULL) + goto err; + if (!BUF_MEM_grow(buf, size)) + goto err; - if ((ret=(TXT_DB *)OPENSSL_malloc(sizeof(TXT_DB))) == NULL) + if ((ret = malloc(sizeof(TXT_DB))) == NULL) goto err; - ret->num_fields=num; - ret->index=NULL; - ret->qual=NULL; - if ((ret->data=sk_new_null()) == NULL) + ret->num_fields = num; + ret->index = NULL; + ret->qual = NULL; + if ((ret->data = sk_OPENSSL_PSTRING_new_null()) == NULL) goto err; - if ((ret->index=(LHASH **)OPENSSL_malloc(sizeof(LHASH *)*num)) == NULL) + if ((ret->index = reallocarray(NULL, num, sizeof(*ret->index))) == NULL) goto err; - if ((ret->qual=(int (**)())OPENSSL_malloc(sizeof(int (**)())*num)) == NULL) + if ((ret->qual = reallocarray(NULL, num, sizeof(*(ret->qual)))) == NULL) goto err; - for (i=0; iindex[i]=NULL; - ret->qual[i]=NULL; - } + for (i = 0; i < num; i++) { + ret->index[i] = NULL; + ret->qual[i] = NULL; + } - add=(num+1)*sizeof(char *); - buf->data[size-1]='\0'; - offset=0; - for (;;) - { - if (offset != 0) - { - size+=BUFSIZE; - if (!BUF_MEM_grow(buf,size)) goto err; - } - buf->data[offset]='\0'; - BIO_gets(in,&(buf->data[offset]),size-offset); + add = (num + 1)*sizeof(char *); + buf->data[size-1] = '\0'; + offset = 0; + for (;;) { + if (offset != 0) { + size += BUFSIZE; + if (!BUF_MEM_grow_clean(buf, size)) + goto err; + } + buf->data[offset] = '\0'; + BIO_gets(in, &(buf->data[offset]), size - offset); ln++; - if (buf->data[offset] == '\0') break; - if ((offset == 0) && (buf->data[0] == '#')) continue; - i=strlen(&(buf->data[offset])); - offset+=i; + if (buf->data[offset] == '\0') + break; + if ((offset == 0) && (buf->data[0] == '#')) + continue; + i = strlen(&(buf->data[offset])); + offset += i; if (buf->data[offset-1] != '\n') continue; - else - { - buf->data[offset-1]='\0'; /* blat the '\n' */ - if (!(p=(char *)OPENSSL_malloc(add+offset))) goto err; - offset=0; - } - pp=(char **)p; - p+=add; - n=0; - pp[n++]=p; - i=0; - f=buf->data; + else { + buf->data[offset-1] = '\0'; /* blat the '\n' */ + if (!(p = malloc(add + offset))) + goto err; + offset = 0; + } + pp = (char **)p; + p += add; + n = 0; + pp[n++] = p; + i = 0; + f = buf->data; - esc=0; - for (;;) - { - if (*f == '\0') break; - if (*f == '\t') - { + esc = 0; + for (;;) { + if (*f == '\0') + break; + if (*f == '\t') { if (esc) p--; - else - { + else { *(p++)='\0'; f++; - if (n >= num) break; - pp[n++]=p; + if (n >= num) + break; + pp[n++] = p; continue; - } } + } esc=(*f == '\\'); *(p++)= *(f++); - } + } *(p++)='\0'; - if ((n != num) || (*f != '\0')) - { -#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) /* temporaty fix :-( */ - fprintf(stderr,"wrong number of fields on line %ld (looking for field %d, got %d, '%s' left)\n",ln,num,n,f); -#endif - er=2; + if ((n != num) || (*f != '\0')) { + fprintf(stderr, "wrong number of fields on line %ld (looking for field %d, got %d, '%s' left)\n",ln,num,n,f); + er = 2; goto err; - } - pp[n]=p; - if (!sk_push(ret->data,(char *)pp)) - { -#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) /* temporaty fix :-( */ - fprintf(stderr,"failure in sk_push\n"); -#endif - er=2; + } + pp[n] = p; + if (!sk_OPENSSL_PSTRING_push(ret->data, pp)) { + fprintf(stderr, "failure in sk_push\n"); + er = 2; goto err; - } } - er=0; + } + er = 0; + err: BUF_MEM_free(buf); - if (er) - { -#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) - if (er == 1) fprintf(stderr,"OPENSSL_malloc failure\n"); -#endif - if (ret->data != NULL) sk_free(ret->data); - if (ret->index != NULL) OPENSSL_free(ret->index); - if (ret->qual != NULL) OPENSSL_free(ret->qual); - if (ret != NULL) OPENSSL_free(ret); - return(NULL); + if (er) { + if (er == 1) + fprintf(stderr, "malloc failure\n"); + if (ret != NULL) { + if (ret->data != NULL) + sk_OPENSSL_PSTRING_free(ret->data); + free(ret->index); + free(ret->qual); + free(ret); } - else - return(ret); - } + return (NULL); + } else + return (ret); +} -char **TXT_DB_get_by_index(TXT_DB *db, int idx, char **value) - { - char **ret; - LHASH *lh; +OPENSSL_STRING * +TXT_DB_get_by_index(TXT_DB *db, int idx, OPENSSL_STRING *value) +{ + OPENSSL_STRING *ret; + LHASH_OF(OPENSSL_STRING) *lh; - if (idx >= db->num_fields) - { - db->error=DB_ERROR_INDEX_OUT_OF_RANGE; - return(NULL); - } - lh=db->index[idx]; - if (lh == NULL) - { - db->error=DB_ERROR_NO_INDEX; - return(NULL); - } - ret=(char **)lh_retrieve(lh,value); - db->error=DB_ERROR_OK; - return(ret); + if (idx >= db->num_fields) { + db->error = DB_ERROR_INDEX_OUT_OF_RANGE; + return (NULL); + } + lh = db->index[idx]; + if (lh == NULL) { + db->error = DB_ERROR_NO_INDEX; + return (NULL); } + ret = lh_OPENSSL_STRING_retrieve(lh, value); + db->error = DB_ERROR_OK; + return (ret); +} -int TXT_DB_create_index(TXT_DB *db, int field, int (*qual)(), - LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp) - { - LHASH *idx; - char *r; - int i,n; +int +TXT_DB_create_index(TXT_DB *db, int field, int (*qual)(OPENSSL_STRING *), + LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp) +{ + LHASH_OF(OPENSSL_STRING) *idx; + OPENSSL_STRING *r; + int i, n; - if (field >= db->num_fields) - { - db->error=DB_ERROR_INDEX_OUT_OF_RANGE; - return(0); - } - if ((idx=lh_new(hash,cmp)) == NULL) - { - db->error=DB_ERROR_MALLOC; - return(0); - } - n=sk_num(db->data); - for (i=0; idata,i); - if ((qual != NULL) && (qual(r) == 0)) continue; - if ((r=lh_insert(idx,r)) != NULL) - { - db->error=DB_ERROR_INDEX_CLASH; - db->arg1=sk_find(db->data,r); - db->arg2=i; - lh_free(idx); - return(0); - } + if (field >= db->num_fields) { + db->error = DB_ERROR_INDEX_OUT_OF_RANGE; + return (0); + } + /* FIXME: we lose type checking at this point */ + if ((idx = (LHASH_OF(OPENSSL_STRING) *)lh_new(hash, cmp)) == NULL) { + db->error = DB_ERROR_MALLOC; + return (0); + } + n = sk_OPENSSL_PSTRING_num(db->data); + for (i = 0; i < n; i++) { + r = sk_OPENSSL_PSTRING_value(db->data, i); + if ((qual != NULL) && (qual(r) == 0)) + continue; + if ((r = lh_OPENSSL_STRING_insert(idx, r)) != NULL) { + db->error = DB_ERROR_INDEX_CLASH; + db->arg1 = sk_OPENSSL_PSTRING_find(db->data, r); + db->arg2 = i; + lh_OPENSSL_STRING_free(idx); + return (0); } - if (db->index[field] != NULL) lh_free(db->index[field]); - db->index[field]=idx; - db->qual[field]=qual; - return(1); } + if (db->index[field] != NULL) + lh_OPENSSL_STRING_free(db->index[field]); + db->index[field] = idx; + db->qual[field] = qual; + return (1); +} -long TXT_DB_write(BIO *out, TXT_DB *db) - { - long i,j,n,nn,l,tot=0; - char *p,**pp,*f; - BUF_MEM *buf=NULL; - long ret= -1; +long +TXT_DB_write(BIO *out, TXT_DB *db) +{ + long i, j,n, nn, l, tot = 0; + char *p, **pp, *f; + BUF_MEM *buf = NULL; + long ret = -1; - if ((buf=BUF_MEM_new()) == NULL) + if ((buf = BUF_MEM_new()) == NULL) goto err; - n=sk_num(db->data); - nn=db->num_fields; - for (i=0; idata,i); + n = sk_OPENSSL_PSTRING_num(db->data); + nn = db->num_fields; + for (i = 0; i < n; i++) { + pp = sk_OPENSSL_PSTRING_value(db->data, i); - l=0; - for (j=0; jdata; - for (j=0; jdata; + for (j = 0; j < nn; j++) { + f = pp[j]; if (f != NULL) - for (;;) - { - if (*f == '\0') break; - if (*f == '\t') *(p++)='\\'; - *(p++)= *(f++); - } - *(p++)='\t'; - } - p[-1]='\n'; - j=p-buf->data; - if (BIO_write(out,buf->data,(int)j) != j) - goto err; - tot+=j; + for (;;) { + if (*f == '\0') + break; + if (*f == '\t') + *(p++) = '\\'; + *(p++) = *(f++); + } + *(p++) = '\t'; } - ret=tot; -err: - if (buf != NULL) BUF_MEM_free(buf); - return(ret); + p[-1] = '\n'; + j = p - buf->data; + if (BIO_write(out, buf->data, (int)j) != j) + goto err; + tot += j; } + ret = tot; -int TXT_DB_insert(TXT_DB *db, char **row) - { +err: + if (buf != NULL) + BUF_MEM_free(buf); + return (ret); +} + +int +TXT_DB_insert(TXT_DB *db, OPENSSL_STRING *row) +{ int i; - char **r; + OPENSSL_STRING *r; - for (i=0; inum_fields; i++) - { - if (db->index[i] != NULL) - { - if ((db->qual[i] != NULL) && - (db->qual[i](row) == 0)) continue; - r=(char **)lh_retrieve(db->index[i],row); - if (r != NULL) - { - db->error=DB_ERROR_INDEX_CLASH; - db->arg1=i; - db->arg_row=r; + for (i = 0; i < db->num_fields; i++) { + if (db->index[i] != NULL) { + if ((db->qual[i] != NULL) && (db->qual[i](row) == 0)) + continue; + r = lh_OPENSSL_STRING_retrieve(db->index[i], row); + if (r != NULL) { + db->error = DB_ERROR_INDEX_CLASH; + db->arg1 = i; + db->arg_row = r; goto err; - } } } + } /* We have passed the index checks, now just append and insert */ - if (!sk_push(db->data,(char *)row)) - { - db->error=DB_ERROR_MALLOC; + if (!sk_OPENSSL_PSTRING_push(db->data, row)) { + db->error = DB_ERROR_MALLOC; goto err; - } + } - for (i=0; inum_fields; i++) - { - if (db->index[i] != NULL) - { - if ((db->qual[i] != NULL) && - (db->qual[i](row) == 0)) continue; - lh_insert(db->index[i],row); - } + for (i = 0; i < db->num_fields; i++) { + if (db->index[i] != NULL) { + if ((db->qual[i] != NULL) && (db->qual[i](row) == 0)) + continue; + (void)lh_OPENSSL_STRING_insert(db->index[i], row); } - return(1); -err: - return(0); } + return (1); -void TXT_DB_free(TXT_DB *db) - { - int i,n; - char **p,*max; +err: + return (0); +} - if(db == NULL) - return; +void +TXT_DB_free(TXT_DB *db) +{ + int i, n; + char **p, *max; - if (db->index != NULL) - { - for (i=db->num_fields-1; i>=0; i--) - if (db->index[i] != NULL) lh_free(db->index[i]); - OPENSSL_free(db->index); - } - if (db->qual != NULL) - OPENSSL_free(db->qual); - if (db->data != NULL) - { - for (i=sk_num(db->data)-1; i>=0; i--) - { + if (db == NULL) + return; + + if (db->index != NULL) { + for (i = db->num_fields - 1; i >= 0; i--) + if (db->index[i] != NULL) + lh_OPENSSL_STRING_free(db->index[i]); + free(db->index); + } + free(db->qual); + if (db->data != NULL) { + for (i = sk_OPENSSL_PSTRING_num(db->data) - 1; i >= 0; i--) { /* check if any 'fields' have been allocated * from outside of the initial block */ - p=(char **)sk_value(db->data,i); - max=p[db->num_fields]; /* last address */ + p = sk_OPENSSL_PSTRING_value(db->data, i); + max = p[db->num_fields]; /* last address */ if (max == NULL) /* new row */ - { - for (n=0; nnum_fields; n++) - if (p[n] != NULL) OPENSSL_free(p[n]); - } - else - { - for (n=0; nnum_fields; n++) - { - if (((p[n] < (char *)p) || (p[n] > max)) - && (p[n] != NULL)) - OPENSSL_free(p[n]); - } + { + for (n = 0; n < db->num_fields; n++) + free(p[n]); + } else { + for (n = 0; n < db->num_fields; n++) { + if (((p[n] < (char *)p) || + (p[n] > max)) && + (p[n] != NULL)) + free(p[n]); } - OPENSSL_free(sk_value(db->data,i)); } - sk_free(db->data); + free(sk_OPENSSL_PSTRING_value(db->data, i)); } - OPENSSL_free(db); + sk_OPENSSL_PSTRING_free(db->data); } + free(db); +} diff --git a/src/lib/libcrypto/txt_db/txt_db.h b/src/lib/libcrypto/txt_db/txt_db.h index 563392aeff1..56b6b42482d 100644 --- a/src/lib/libcrypto/txt_db/txt_db.h +++ b/src/lib/libcrypto/txt_db/txt_db.h @@ -1,25 +1,25 @@ -/* crypto/txt_db/txt_db.h */ +/* $OpenBSD: txt_db.h,v 1.9 2014/07/10 22:45:58 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -59,6 +59,8 @@ #ifndef HEADER_TXT_DB_H #define HEADER_TXT_DB_H +#include + #ifndef OPENSSL_NO_BIO #include #endif @@ -76,17 +78,19 @@ extern "C" { #endif -typedef struct txt_db_st - { +typedef OPENSSL_STRING *OPENSSL_PSTRING; +DECLARE_SPECIAL_STACK_OF(OPENSSL_PSTRING, OPENSSL_STRING) + +typedef struct txt_db_st { int num_fields; - STACK /* char ** */ *data; - LHASH **index; - int (**qual)(); + STACK_OF(OPENSSL_PSTRING) *data; + LHASH_OF(OPENSSL_STRING) **index; + int (**qual)(OPENSSL_STRING *); long error; long arg1; long arg2; - char **arg_row; - } TXT_DB; + OPENSSL_STRING *arg_row; +} TXT_DB; #ifndef OPENSSL_NO_BIO TXT_DB *TXT_DB_read(BIO *in, int num); @@ -95,11 +99,11 @@ long TXT_DB_write(BIO *out, TXT_DB *db); TXT_DB *TXT_DB_read(char *in, int num); long TXT_DB_write(char *out, TXT_DB *db); #endif -int TXT_DB_create_index(TXT_DB *db,int field,int (*qual)(), - LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp); +int TXT_DB_create_index(TXT_DB *db, int field, int (*qual)(OPENSSL_STRING *), + LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp); void TXT_DB_free(TXT_DB *db); -char **TXT_DB_get_by_index(TXT_DB *db, int idx, char **value); -int TXT_DB_insert(TXT_DB *db,char **value); +OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx, OPENSSL_STRING *value); +int TXT_DB_insert(TXT_DB *db, OPENSSL_STRING *value); #ifdef __cplusplus } diff --git a/src/lib/libcrypto/ui/Makefile.ssl b/src/lib/libcrypto/ui/Makefile.ssl deleted file mode 100644 index 7de1d0022b4..00000000000 --- a/src/lib/libcrypto/ui/Makefile.ssl +++ /dev/null @@ -1,117 +0,0 @@ -# -# OpenSSL/crypto/ui/Makefile -# - -DIR= ui -TOP= ../.. -CC= cc -INCLUDES= -I.. -I$(TOP) -I../../include -CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKE= make -f Makefile.ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) -MAKEFILE= Makefile.ssl -AR= ar r - -CFLAGS= $(INCLUDES) $(CFLAG) - -GENERAL=Makefile -#TEST= uitest.c -TEST= -APPS= - -COMPATSRC= ui_compat.c -COMPATOBJ= ui_compat.o - -LIB=$(TOP)/libcrypto.a -LIBSRC= ui_err.c ui_lib.c ui_openssl.c ui_util.c $(COMPATSRC) -LIBOBJ= ui_err.o ui_lib.o ui_openssl.o ui_util.o $(COMPATOBJ) - -SRC= $(LIBSRC) - -EXHEADER= ui.h ui_compat.h -HEADER= $(EXHEADER) ui_locl.h - -ALL= $(GENERAL) $(SRC) $(HEADER) - -top: - (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) - -all: lib - -lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) - @touch lib - -files: - $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO - -links: - @sh $(TOP)/util/point.sh Makefile.ssl Makefile - @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) - @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) - @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) - -install: - @for i in $(EXHEADER) ; \ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; - -tags: - ctags $(SRC) - -tests: - -lint: - lint -DLINT $(INCLUDES) $(SRC)>fluff - -depend: - $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) - -dclean: - $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new - mv -f Makefile.new $(MAKEFILE) - -clean: - rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff - -# DO NOT DELETE THIS LINE -- make depend depends on it. - -ui_compat.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -ui_compat.o: ../../include/openssl/opensslconf.h -ui_compat.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -ui_compat.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -ui_compat.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h -ui_compat.o: ui_compat.c -ui_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h -ui_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -ui_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -ui_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h -ui_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -ui_err.o: ../../include/openssl/ui.h ui_err.c -ui_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h -ui_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -ui_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -ui_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -ui_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -ui_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h ui_lib.c -ui_lib.o: ui_locl.h -ui_openssl.o: ../../e_os.h ../../include/openssl/bio.h -ui_openssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -ui_openssl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -ui_openssl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -ui_openssl.o: ../../include/openssl/opensslv.h -ui_openssl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -ui_openssl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -ui_openssl.o: ../cryptlib.h ui_locl.h ui_openssl.c -ui_util.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -ui_util.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -ui_util.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -ui_util.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -ui_util.o: ui_util.c diff --git a/src/lib/libcrypto/ui/ui.h b/src/lib/libcrypto/ui/ui.h index 735a2d988e8..8035fc2baa7 100644 --- a/src/lib/libcrypto/ui/ui.h +++ b/src/lib/libcrypto/ui/ui.h @@ -1,4 +1,4 @@ -/* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */ +/* $OpenBSD: ui.h,v 1.11 2018/06/02 04:45:21 tb Exp $ */ /* Written by Richard Levitte (richard@levitte.org) for the OpenSSL * project 2001. */ @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -59,25 +59,21 @@ #ifndef HEADER_UI_H #define HEADER_UI_H +#include + +#ifndef OPENSSL_NO_DEPRECATED #include +#endif #include +#include #ifdef __cplusplus extern "C" { #endif -/* The UI type is a holder for a specific user interface session. It can - contain an illimited number of informational or error strings as well - as things to prompt for, both passwords (noecho mode) and others (echo - mode), and verification of the same. All of these are called strings, - and are further described below. */ -typedef struct ui_st UI; - -/* All instances of UI have a reference to a method structure, which is a - ordered vector of functions that implement the lower level things to do. - There is an instruction on the implementation further down, in the section - for method implementors. */ -typedef struct ui_method_st UI_METHOD; +/* Declared already in ossl_typ.h */ +/* typedef struct ui_st UI; */ +/* typedef struct ui_method_st UI_METHOD; */ /* All the following functions return -1 or NULL on error and in some cases @@ -134,19 +130,19 @@ void UI_free(UI *ui); On success, the all return an index of the added information. That index is usefull when retrieving results with UI_get0_result(). */ int UI_add_input_string(UI *ui, const char *prompt, int flags, - char *result_buf, int minsize, int maxsize); + char *result_buf, int minsize, int maxsize); int UI_dup_input_string(UI *ui, const char *prompt, int flags, - char *result_buf, int minsize, int maxsize); + char *result_buf, int minsize, int maxsize); int UI_add_verify_string(UI *ui, const char *prompt, int flags, - char *result_buf, int minsize, int maxsize, const char *test_buf); + char *result_buf, int minsize, int maxsize, const char *test_buf); int UI_dup_verify_string(UI *ui, const char *prompt, int flags, - char *result_buf, int minsize, int maxsize, const char *test_buf); + char *result_buf, int minsize, int maxsize, const char *test_buf); int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc, - const char *ok_chars, const char *cancel_chars, - int flags, char *result_buf); + const char *ok_chars, const char *cancel_chars, + int flags, char *result_buf); int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc, - const char *ok_chars, const char *cancel_chars, - int flags, char *result_buf); + const char *ok_chars, const char *cancel_chars, + int flags, char *result_buf); int UI_add_info_string(UI *ui, const char *text); int UI_dup_info_string(UI *ui, const char *text); int UI_add_error_string(UI *ui, const char *text); @@ -179,7 +175,7 @@ int UI_dup_error_string(UI *ui, const char *text); and object_name is the name of the object (might be a card name or a file name. The returned string shall always be allocated on the heap with - OPENSSL_malloc(), and need to be free'd with OPENSSL_free(). + malloc(), and need to be free'd with free(). If the ui_method doesn't contain a pointer to a user-defined prompt constructor, a default string is built, looking like this: @@ -191,8 +187,8 @@ int UI_dup_error_string(UI *ui, const char *text); "Enter pass phrase for foo.key:" */ -char *UI_construct_prompt(UI *ui_method, - const char *object_desc, const char *object_name); +char *UI_construct_prompt(UI *ui_method, const char *object_desc, + const char *object_name); /* The following function is used to store a pointer to user-specific data. @@ -217,7 +213,7 @@ int UI_process(UI *ui); /* Give a user interface parametrised control commands. This can be used to send down an integer, a data pointer or a function pointer, as well as be used to get information from a UI. */ -int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)()); +int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)(void)); /* The commands */ /* Use UI_CONTROL_PRINT_ERRORS with the value 1 to have UI_process print the @@ -234,8 +230,8 @@ int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)()); #define UI_set_app_data(s,arg) UI_set_ex_data(s,0,arg) #define UI_get_app_data(s) UI_get_ex_data(s,0) int UI_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); -int UI_set_ex_data(UI *r,int idx,void *arg); + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); +int UI_set_ex_data(UI *r, int idx, void *arg); void *UI_get_ex_data(UI *r, int idx); /* Use specific methods instead of the built-in one */ @@ -293,34 +289,35 @@ UI_METHOD *UI_OpenSSL(void); /* The UI_STRING type is the data structure that contains all the needed info about a string or a prompt, including test data for a verification prompt. */ -DECLARE_STACK_OF(UI_STRING) typedef struct ui_string_st UI_STRING; +DECLARE_STACK_OF(UI_STRING) /* The different types of strings that are currently supported. This is only needed by method authors. */ -enum UI_string_types - { - UIT_NONE=0, +enum UI_string_types { + UIT_NONE = 0, UIT_PROMPT, /* Prompt for a string */ UIT_VERIFY, /* Prompt for a string and verify */ UIT_BOOLEAN, /* Prompt for a yes/no response */ UIT_INFO, /* Send info to the user */ UIT_ERROR /* Send an error message to the user */ - }; +}; /* Create and manipulate methods */ -UI_METHOD *UI_create_method(char *name); +UI_METHOD *UI_create_method(const char *name); void UI_destroy_method(UI_METHOD *ui_method); int UI_method_set_opener(UI_METHOD *method, int (*opener)(UI *ui)); int UI_method_set_writer(UI_METHOD *method, int (*writer)(UI *ui, UI_STRING *uis)); int UI_method_set_flusher(UI_METHOD *method, int (*flusher)(UI *ui)); int UI_method_set_reader(UI_METHOD *method, int (*reader)(UI *ui, UI_STRING *uis)); int UI_method_set_closer(UI_METHOD *method, int (*closer)(UI *ui)); -int (*UI_method_get_opener(UI_METHOD *method))(UI*); -int (*UI_method_get_writer(UI_METHOD *method))(UI*,UI_STRING*); -int (*UI_method_get_flusher(UI_METHOD *method))(UI*); -int (*UI_method_get_reader(UI_METHOD *method))(UI*,UI_STRING*); -int (*UI_method_get_closer(UI_METHOD *method))(UI*); +int UI_method_set_prompt_constructor(UI_METHOD *method, char *(*prompt_constructor)(UI* ui, const char* object_desc, const char* object_name)); +int (*UI_method_get_opener(const UI_METHOD *method))(UI*); +int (*UI_method_get_writer(const UI_METHOD *method))(UI*, UI_STRING*); +int (*UI_method_get_flusher(const UI_METHOD *method))(UI*); +int (*UI_method_get_reader(const UI_METHOD *method))(UI*, UI_STRING*); +int (*UI_method_get_closer(const UI_METHOD *method))(UI*); +char * (*UI_method_get_prompt_constructor(const UI_METHOD *method))(UI*, const char*, const char*); /* The following functions are helpers for method writers to access relevant data from a UI_STRING. */ @@ -346,8 +343,8 @@ int UI_set_result(UI *ui, UI_STRING *uis, const char *result); /* A couple of popular utility functions */ -int UI_UTIL_read_pw_string(char *buf,int length,const char *prompt,int verify); -int UI_UTIL_read_pw(char *buf,char *buff,int size,const char *prompt,int verify); +int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt, int verify); +int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt, int verify); /* BEGIN ERROR CODES */ diff --git a/src/lib/libcrypto/ui/ui_compat.c b/src/lib/libcrypto/ui/ui_compat.c deleted file mode 100644 index 13e0f70d909..00000000000 --- a/src/lib/libcrypto/ui/ui_compat.c +++ /dev/null @@ -1,67 +0,0 @@ -/* crypto/ui/ui_compat.c -*- mode:C; c-file-style: "eay" -*- */ -/* ==================================================================== - * Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include - -int _ossl_old_des_read_pw_string(char *buf,int length,const char *prompt,int verify) - { - return UI_UTIL_read_pw_string(buf, length, prompt, verify); - } - -int _ossl_old_des_read_pw(char *buf,char *buff,int size,const char *prompt,int verify) - { - return UI_UTIL_read_pw(buf, buff, size, prompt, verify); - } diff --git a/src/lib/libcrypto/ui/ui_compat.h b/src/lib/libcrypto/ui/ui_compat.h index b35c9bb7fd3..860e80c83c5 100644 --- a/src/lib/libcrypto/ui/ui_compat.h +++ b/src/lib/libcrypto/ui/ui_compat.h @@ -1,4 +1,4 @@ -/* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */ +/* $OpenBSD: ui_compat.h,v 1.4 2014/06/12 15:49:31 deraadt Exp $ */ /* Written by Richard Levitte (richard@levitte.org) for the OpenSSL * project 2001. */ @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -74,8 +74,8 @@ extern "C" { #define des_read_pw(b,bf,s,p,v) \ _ossl_old_des_read_pw((b),(bf),(s),(p),(v)) -int _ossl_old_des_read_pw_string(char *buf,int length,const char *prompt,int verify); -int _ossl_old_des_read_pw(char *buf,char *buff,int size,const char *prompt,int verify); +int _ossl_old_des_read_pw_string(char *buf, int length, const char *prompt, int verify); +int _ossl_old_des_read_pw(char *buf, char *buff, int size, const char *prompt, int verify); #ifdef __cplusplus } diff --git a/src/lib/libcrypto/ui/ui_err.c b/src/lib/libcrypto/ui/ui_err.c index 39a62ae7371..8451d632537 100644 --- a/src/lib/libcrypto/ui/ui_err.c +++ b/src/lib/libcrypto/ui/ui_err.c @@ -1,13 +1,13 @@ -/* crypto/ui/ui_err.c */ +/* $OpenBSD: ui_err.c,v 1.9 2017/01/29 17:49:23 beck Exp $ */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -59,53 +59,43 @@ */ #include + +#include + #include #include /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -static ERR_STRING_DATA UI_str_functs[]= - { -{ERR_PACK(0,UI_F_GENERAL_ALLOCATE_BOOLEAN,0), "GENERAL_ALLOCATE_BOOLEAN"}, -{ERR_PACK(0,UI_F_GENERAL_ALLOCATE_PROMPT,0), "GENERAL_ALLOCATE_PROMPT"}, -{ERR_PACK(0,UI_F_GENERAL_ALLOCATE_STRING,0), "GENERAL_ALLOCATE_STRING"}, -{ERR_PACK(0,UI_F_UI_CTRL,0), "UI_ctrl"}, -{ERR_PACK(0,UI_F_UI_DUP_ERROR_STRING,0), "UI_dup_error_string"}, -{ERR_PACK(0,UI_F_UI_DUP_INFO_STRING,0), "UI_dup_info_string"}, -{ERR_PACK(0,UI_F_UI_DUP_INPUT_BOOLEAN,0), "UI_dup_input_boolean"}, -{ERR_PACK(0,UI_F_UI_DUP_INPUT_STRING,0), "UI_dup_input_string"}, -{ERR_PACK(0,UI_F_UI_DUP_VERIFY_STRING,0), "UI_dup_verify_string"}, -{ERR_PACK(0,UI_F_UI_GET0_RESULT,0), "UI_get0_result"}, -{ERR_PACK(0,UI_F_UI_NEW_METHOD,0), "UI_new_method"}, -{ERR_PACK(0,UI_F_UI_SET_RESULT,0), "UI_set_result"}, -{0,NULL} - }; -static ERR_STRING_DATA UI_str_reasons[]= - { -{UI_R_COMMON_OK_AND_CANCEL_CHARACTERS ,"common ok and cancel characters"}, -{UI_R_INDEX_TOO_LARGE ,"index too large"}, -{UI_R_INDEX_TOO_SMALL ,"index too small"}, -{UI_R_NO_RESULT_BUFFER ,"no result buffer"}, -{UI_R_RESULT_TOO_LARGE ,"result too large"}, -{UI_R_RESULT_TOO_SMALL ,"result too small"}, -{UI_R_UNKNOWN_CONTROL_COMMAND ,"unknown control command"}, -{0,NULL} - }; +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_UI,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_UI,0,reason) -#endif +static ERR_STRING_DATA UI_str_functs[] = { + {ERR_FUNC(0xfff), "CRYPTO_internal"}, + {0, NULL} +}; -void ERR_load_UI_strings(void) - { - static int init=1; +static ERR_STRING_DATA UI_str_reasons[] = { + {ERR_REASON(UI_R_COMMON_OK_AND_CANCEL_CHARACTERS), "common ok and cancel characters"}, + {ERR_REASON(UI_R_INDEX_TOO_LARGE), "index too large"}, + {ERR_REASON(UI_R_INDEX_TOO_SMALL), "index too small"}, + {ERR_REASON(UI_R_NO_RESULT_BUFFER), "no result buffer"}, + {ERR_REASON(UI_R_RESULT_TOO_LARGE), "result too large"}, + {ERR_REASON(UI_R_RESULT_TOO_SMALL), "result too small"}, + {ERR_REASON(UI_R_UNKNOWN_CONTROL_COMMAND), "unknown control command"}, + {0, NULL} +}; - if (init) - { - init=0; -#ifndef OPENSSL_NO_ERR - ERR_load_strings(ERR_LIB_UI,UI_str_functs); - ERR_load_strings(ERR_LIB_UI,UI_str_reasons); #endif - } +void +ERR_load_UI_strings(void) +{ +#ifndef OPENSSL_NO_ERR + if (ERR_func_error_string(UI_str_functs[0].error) == NULL) { + ERR_load_strings(0, UI_str_functs); + ERR_load_strings(0, UI_str_reasons); } +#endif +} diff --git a/src/lib/libcrypto/ui/ui_lib.c b/src/lib/libcrypto/ui/ui_lib.c index 16946cad95b..06b29b8ceea 100644 --- a/src/lib/libcrypto/ui/ui_lib.c +++ b/src/lib/libcrypto/ui/ui_lib.c @@ -1,4 +1,4 @@ -/* crypto/ui/ui_lib.c -*- mode:C; c-file-style: "eay" -*- */ +/* $OpenBSD: ui_lib.c,v 1.34 2018/06/02 04:45:21 tb Exp $ */ /* Written by Richard Levitte (richard@levitte.org) for the OpenSSL * project 2001. */ @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,843 +57,823 @@ */ #include -#include + +#include + #include -#include #include -#include "ui_locl.h" +#include -IMPLEMENT_STACK_OF(UI_STRING_ST) +#include "ui_locl.h" -static const UI_METHOD *default_UI_meth=NULL; +static const UI_METHOD *default_UI_meth = NULL; -UI *UI_new(void) - { - return(UI_new_method(NULL)); - } +UI * +UI_new(void) +{ + return (UI_new_method(NULL)); +} -UI *UI_new_method(const UI_METHOD *method) - { +UI * +UI_new_method(const UI_METHOD *method) +{ UI *ret; - ret=(UI *)OPENSSL_malloc(sizeof(UI)); - if (ret == NULL) - { - UIerr(UI_F_UI_NEW_METHOD,ERR_R_MALLOC_FAILURE); + ret = malloc(sizeof(UI)); + if (ret == NULL) { + UIerror(ERR_R_MALLOC_FAILURE); return NULL; - } + } if (method == NULL) - ret->meth=UI_get_default_method(); + ret->meth = UI_get_default_method(); else - ret->meth=method; + ret->meth = method; - ret->strings=NULL; - ret->user_data=NULL; + ret->strings = NULL; + ret->user_data = NULL; + ret->flags = 0; CRYPTO_new_ex_data(CRYPTO_EX_INDEX_UI, ret, &ret->ex_data); return ret; - } - -static void free_string(UI_STRING *uis) - { - if (uis->flags & OUT_STRING_FREEABLE) - { - OPENSSL_free((char *)uis->out_string); - switch(uis->type) - { +} + +static void +free_string(UI_STRING *uis) +{ + if (uis->flags & OUT_STRING_FREEABLE) { + free((char *) uis->out_string); + switch (uis->type) { case UIT_BOOLEAN: - OPENSSL_free((char *)uis->_.boolean_data.action_desc); - OPENSSL_free((char *)uis->_.boolean_data.ok_chars); - OPENSSL_free((char *)uis->_.boolean_data.cancel_chars); + free((char *)uis->_.boolean_data.action_desc); + free((char *)uis->_.boolean_data.ok_chars); + free((char *)uis->_.boolean_data.cancel_chars); break; default: break; - } } - OPENSSL_free(uis); } + free(uis); +} -void UI_free(UI *ui) - { +void +UI_free(UI *ui) +{ if (ui == NULL) return; - sk_UI_STRING_pop_free(ui->strings,free_string); + sk_UI_STRING_pop_free(ui->strings, free_string); CRYPTO_free_ex_data(CRYPTO_EX_INDEX_UI, ui, &ui->ex_data); - OPENSSL_free(ui); - } - -static int allocate_string_stack(UI *ui) - { - if (ui->strings == NULL) - { - ui->strings=sk_UI_STRING_new_null(); - if (ui->strings == NULL) - { + free(ui); +} + +static int +allocate_string_stack(UI *ui) +{ + if (ui->strings == NULL) { + ui->strings = sk_UI_STRING_new_null(); + if (ui->strings == NULL) { return -1; - } } - return 0; } + return 0; +} -static UI_STRING *general_allocate_prompt(UI *ui, const char *prompt, - int prompt_freeable, enum UI_string_types type, int input_flags, - char *result_buf) - { +static UI_STRING * +general_allocate_prompt(UI *ui, const char *prompt, int prompt_freeable, + enum UI_string_types type, int input_flags, char *result_buf) +{ UI_STRING *ret = NULL; - if (prompt == NULL) - { - UIerr(UI_F_GENERAL_ALLOCATE_PROMPT,ERR_R_PASSED_NULL_PARAMETER); - } - else if (result_buf == NULL) - { - UIerr(UI_F_GENERAL_ALLOCATE_PROMPT,UI_R_NO_RESULT_BUFFER); - } - else if ((ret = (UI_STRING *)OPENSSL_malloc(sizeof(UI_STRING)))) - { - ret->out_string=prompt; - ret->flags=prompt_freeable ? OUT_STRING_FREEABLE : 0; - ret->input_flags=input_flags; - ret->type=type; - ret->result_buf=result_buf; - } - return ret; + if (prompt == NULL) { + UIerror(ERR_R_PASSED_NULL_PARAMETER); + } else if ((type == UIT_PROMPT || type == UIT_VERIFY || + type == UIT_BOOLEAN) && result_buf == NULL) { + UIerror(UI_R_NO_RESULT_BUFFER); + } else if ((ret = malloc(sizeof(UI_STRING)))) { + ret->out_string = prompt; + ret->flags = prompt_freeable ? OUT_STRING_FREEABLE : 0; + ret->input_flags = input_flags; + ret->type = type; + ret->result_buf = result_buf; } + return ret; +} -static int general_allocate_string(UI *ui, const char *prompt, - int prompt_freeable, enum UI_string_types type, int input_flags, - char *result_buf, int minsize, int maxsize, const char *test_buf) - { +static int +general_allocate_string(UI *ui, const char *prompt, int prompt_freeable, + enum UI_string_types type, int input_flags, char *result_buf, int minsize, + int maxsize, const char *test_buf) +{ int ret = -1; UI_STRING *s = general_allocate_prompt(ui, prompt, prompt_freeable, - type, input_flags, result_buf); - - if (s) - { - if (allocate_string_stack(ui) >= 0) - { - s->_.string_data.result_minsize=minsize; - s->_.string_data.result_maxsize=maxsize; - s->_.string_data.test_buf=test_buf; - ret=sk_UI_STRING_push(ui->strings, s); - /* sk_push() returns 0 on error. Let's addapt that */ - if (ret <= 0) ret--; - } - else + type, input_flags, result_buf); + + if (s) { + if (allocate_string_stack(ui) >= 0) { + s->_.string_data.result_minsize = minsize; + s->_.string_data.result_maxsize = maxsize; + s->_.string_data.test_buf = test_buf; + ret = sk_UI_STRING_push(ui->strings, s); + /* sk_push() returns 0 on error. Let's adapt that */ + if (ret <= 0) + ret--; + } else free_string(s); - } - return ret; } + return ret; +} -static int general_allocate_boolean(UI *ui, - const char *prompt, const char *action_desc, - const char *ok_chars, const char *cancel_chars, - int prompt_freeable, enum UI_string_types type, int input_flags, - char *result_buf) - { +static int +general_allocate_boolean(UI *ui, const char *prompt, const char *action_desc, + const char *ok_chars, const char *cancel_chars, int prompt_freeable, + enum UI_string_types type, int input_flags, char *result_buf) +{ int ret = -1; UI_STRING *s; const char *p; - if (ok_chars == NULL) - { - UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN,ERR_R_PASSED_NULL_PARAMETER); - } - else if (cancel_chars == NULL) - { - UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN,ERR_R_PASSED_NULL_PARAMETER); - } - else - { - for(p = ok_chars; *p; p++) - { - if (strchr(cancel_chars, *p)) - { - UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN, - UI_R_COMMON_OK_AND_CANCEL_CHARACTERS); - } + if (ok_chars == NULL) { + UIerror(ERR_R_PASSED_NULL_PARAMETER); + } else if (cancel_chars == NULL) { + UIerror(ERR_R_PASSED_NULL_PARAMETER); + } else { + for (p = ok_chars; *p; p++) { + if (strchr(cancel_chars, *p)) { + UIerror(UI_R_COMMON_OK_AND_CANCEL_CHARACTERS); } + } s = general_allocate_prompt(ui, prompt, prompt_freeable, - type, input_flags, result_buf); + type, input_flags, result_buf); - if (s) - { - if (allocate_string_stack(ui) >= 0) - { + if (s) { + if (allocate_string_stack(ui) >= 0) { s->_.boolean_data.action_desc = action_desc; s->_.boolean_data.ok_chars = ok_chars; s->_.boolean_data.cancel_chars = cancel_chars; - ret=sk_UI_STRING_push(ui->strings, s); - /* sk_push() returns 0 on error. - Let's addapt that */ - if (ret <= 0) ret--; - } - else + ret = sk_UI_STRING_push(ui->strings, s); + /* + * sk_push() returns 0 on error. Let's adapt + * that + */ + if (ret <= 0) + ret--; + } else free_string(s); - } } - return ret; } + return ret; +} -/* Returns the index to the place in the stack or 0 for error. Uses a +/* Returns the index to the place in the stack or -1 for error. Uses a direct reference to the prompt. */ -int UI_add_input_string(UI *ui, const char *prompt, int flags, - char *result_buf, int minsize, int maxsize) - { - return general_allocate_string(ui, prompt, 0, - UIT_PROMPT, flags, result_buf, minsize, maxsize, NULL); - } +int +UI_add_input_string(UI *ui, const char *prompt, int flags, char *result_buf, + int minsize, int maxsize) +{ + return general_allocate_string(ui, prompt, 0, UIT_PROMPT, flags, + result_buf, minsize, maxsize, NULL); +} /* Same as UI_add_input_string(), excepts it takes a copy of the prompt */ -int UI_dup_input_string(UI *ui, const char *prompt, int flags, - char *result_buf, int minsize, int maxsize) - { - char *prompt_copy=NULL; +int +UI_dup_input_string(UI *ui, const char *prompt, int flags, char *result_buf, + int minsize, int maxsize) +{ + char *prompt_copy = NULL; - if (prompt) - { - prompt_copy=BUF_strdup(prompt); - if (prompt_copy == NULL) - { - UIerr(UI_F_UI_DUP_INPUT_STRING,ERR_R_MALLOC_FAILURE); + if (prompt) { + prompt_copy = strdup(prompt); + if (prompt_copy == NULL) { + UIerror(ERR_R_MALLOC_FAILURE); return 0; - } } - - return general_allocate_string(ui, prompt_copy, 1, - UIT_PROMPT, flags, result_buf, minsize, maxsize, NULL); } + return general_allocate_string(ui, prompt_copy, 1, UIT_PROMPT, flags, + result_buf, minsize, maxsize, NULL); +} -int UI_add_verify_string(UI *ui, const char *prompt, int flags, - char *result_buf, int minsize, int maxsize, const char *test_buf) - { - return general_allocate_string(ui, prompt, 0, - UIT_VERIFY, flags, result_buf, minsize, maxsize, test_buf); - } +int +UI_add_verify_string(UI *ui, const char *prompt, int flags, char *result_buf, + int minsize, int maxsize, const char *test_buf) +{ + return general_allocate_string(ui, prompt, 0, UIT_VERIFY, flags, + result_buf, minsize, maxsize, test_buf); +} -int UI_dup_verify_string(UI *ui, const char *prompt, int flags, - char *result_buf, int minsize, int maxsize, const char *test_buf) - { - char *prompt_copy=NULL; +int +UI_dup_verify_string(UI *ui, const char *prompt, int flags, + char *result_buf, int minsize, int maxsize, const char *test_buf) +{ + char *prompt_copy = NULL; - if (prompt) - { - prompt_copy=BUF_strdup(prompt); - if (prompt_copy == NULL) - { - UIerr(UI_F_UI_DUP_VERIFY_STRING,ERR_R_MALLOC_FAILURE); + if (prompt) { + prompt_copy = strdup(prompt); + if (prompt_copy == NULL) { + UIerror(ERR_R_MALLOC_FAILURE); return -1; - } } - - return general_allocate_string(ui, prompt_copy, 1, - UIT_VERIFY, flags, result_buf, minsize, maxsize, test_buf); } + return general_allocate_string(ui, prompt_copy, 1, UIT_VERIFY, flags, + result_buf, minsize, maxsize, test_buf); +} -int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc, - const char *ok_chars, const char *cancel_chars, - int flags, char *result_buf) - { - return general_allocate_boolean(ui, prompt, action_desc, - ok_chars, cancel_chars, 0, UIT_BOOLEAN, flags, result_buf); - } +int +UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc, + const char *ok_chars, const char *cancel_chars, int flags, char *result_buf) +{ + return general_allocate_boolean(ui, prompt, action_desc, ok_chars, + cancel_chars, 0, UIT_BOOLEAN, flags, result_buf); +} -int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc, - const char *ok_chars, const char *cancel_chars, - int flags, char *result_buf) - { +int +UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc, + const char *ok_chars, const char *cancel_chars, int flags, char *result_buf) +{ char *prompt_copy = NULL; char *action_desc_copy = NULL; char *ok_chars_copy = NULL; char *cancel_chars_copy = NULL; - if (prompt) - { - prompt_copy=BUF_strdup(prompt); - if (prompt_copy == NULL) - { - UIerr(UI_F_UI_DUP_INPUT_BOOLEAN,ERR_R_MALLOC_FAILURE); + if (prompt) { + prompt_copy = strdup(prompt); + if (prompt_copy == NULL) { + UIerror(ERR_R_MALLOC_FAILURE); goto err; - } } - - if (action_desc) - { - action_desc_copy=BUF_strdup(action_desc); - if (action_desc_copy == NULL) - { - UIerr(UI_F_UI_DUP_INPUT_BOOLEAN,ERR_R_MALLOC_FAILURE); + } + if (action_desc) { + action_desc_copy = strdup(action_desc); + if (action_desc_copy == NULL) { + UIerror(ERR_R_MALLOC_FAILURE); goto err; - } } - - if (ok_chars) - { - ok_chars_copy=BUF_strdup(ok_chars); - if (ok_chars_copy == NULL) - { - UIerr(UI_F_UI_DUP_INPUT_BOOLEAN,ERR_R_MALLOC_FAILURE); + } + if (ok_chars) { + ok_chars_copy = strdup(ok_chars); + if (ok_chars_copy == NULL) { + UIerror(ERR_R_MALLOC_FAILURE); goto err; - } } - - if (cancel_chars) - { - cancel_chars_copy=BUF_strdup(cancel_chars); - if (cancel_chars_copy == NULL) - { - UIerr(UI_F_UI_DUP_INPUT_BOOLEAN,ERR_R_MALLOC_FAILURE); + } + if (cancel_chars) { + cancel_chars_copy = strdup(cancel_chars); + if (cancel_chars_copy == NULL) { + UIerror(ERR_R_MALLOC_FAILURE); goto err; - } } - + } return general_allocate_boolean(ui, prompt_copy, action_desc_copy, - ok_chars_copy, cancel_chars_copy, 1, UIT_BOOLEAN, flags, - result_buf); - err: - if (prompt_copy) OPENSSL_free(prompt_copy); - if (action_desc_copy) OPENSSL_free(action_desc_copy); - if (ok_chars_copy) OPENSSL_free(ok_chars_copy); - if (cancel_chars_copy) OPENSSL_free(cancel_chars_copy); + ok_chars_copy, cancel_chars_copy, 1, UIT_BOOLEAN, flags, + result_buf); + +err: + free(prompt_copy); + free(action_desc_copy); + free(ok_chars_copy); + free(cancel_chars_copy); return -1; - } +} -int UI_add_info_string(UI *ui, const char *text) - { +int +UI_add_info_string(UI *ui, const char *text) +{ return general_allocate_string(ui, text, 0, UIT_INFO, 0, NULL, 0, 0, - NULL); - } - -int UI_dup_info_string(UI *ui, const char *text) - { - char *text_copy=NULL; - - if (text) - { - text_copy=BUF_strdup(text); - if (text_copy == NULL) - { - UIerr(UI_F_UI_DUP_INFO_STRING,ERR_R_MALLOC_FAILURE); + NULL); +} + +int +UI_dup_info_string(UI *ui, const char *text) +{ + char *text_copy = NULL; + + if (text) { + text_copy = strdup(text); + if (text_copy == NULL) { + UIerror(ERR_R_MALLOC_FAILURE); return -1; - } } - - return general_allocate_string(ui, text_copy, 1, UIT_INFO, 0, NULL, - 0, 0, NULL); } + return general_allocate_string(ui, text_copy, 1, UIT_INFO, 0, NULL, + 0, 0, NULL); +} -int UI_add_error_string(UI *ui, const char *text) - { +int +UI_add_error_string(UI *ui, const char *text) +{ return general_allocate_string(ui, text, 0, UIT_ERROR, 0, NULL, 0, 0, - NULL); - } - -int UI_dup_error_string(UI *ui, const char *text) - { - char *text_copy=NULL; - - if (text) - { - text_copy=BUF_strdup(text); - if (text_copy == NULL) - { - UIerr(UI_F_UI_DUP_ERROR_STRING,ERR_R_MALLOC_FAILURE); + NULL); +} + +int +UI_dup_error_string(UI *ui, const char *text) +{ + char *text_copy = NULL; + + if (text) { + text_copy = strdup(text); + if (text_copy == NULL) { + UIerror(ERR_R_MALLOC_FAILURE); return -1; - } } - return general_allocate_string(ui, text_copy, 1, UIT_ERROR, 0, NULL, - 0, 0, NULL); } + return general_allocate_string(ui, text_copy, 1, UIT_ERROR, 0, NULL, + 0, 0, NULL); +} -char *UI_construct_prompt(UI *ui, const char *object_desc, - const char *object_name) - { - char *prompt = NULL; +char * +UI_construct_prompt(UI *ui, const char *object_desc, const char *object_name) +{ + char *prompt; if (ui->meth->ui_construct_prompt) - prompt = ui->meth->ui_construct_prompt(ui, - object_desc, object_name); - else - { - char prompt1[] = "Enter "; - char prompt2[] = " for "; - char prompt3[] = ":"; - int len = 0; - - if (object_desc == NULL) - return NULL; - len = sizeof(prompt1) - 1 + strlen(object_desc); - if (object_name) - len += sizeof(prompt2) - 1 + strlen(object_name); - len += sizeof(prompt3) - 1; - - prompt = (char *)OPENSSL_malloc(len + 1); - strcpy(prompt, prompt1); - strcat(prompt, object_desc); - if (object_name) - { - strcat(prompt, prompt2); - strcat(prompt, object_name); - } - strcat(prompt, prompt3); - } - return prompt; + return ui->meth->ui_construct_prompt(ui, object_desc, + object_name); + + if (object_desc == NULL) + return NULL; + + if (object_name == NULL) { + if (asprintf(&prompt, "Enter %s:", object_desc) == -1) + return (NULL); + } else { + if (asprintf(&prompt, "Enter %s for %s:", object_desc, + object_name) == -1) + return (NULL); } -void *UI_add_user_data(UI *ui, void *user_data) - { + return prompt; +} + +void * +UI_add_user_data(UI *ui, void *user_data) +{ void *old_data = ui->user_data; + ui->user_data = user_data; return old_data; - } +} -void *UI_get0_user_data(UI *ui) - { +void * +UI_get0_user_data(UI *ui) +{ return ui->user_data; - } +} -const char *UI_get0_result(UI *ui, int i) - { - if (i < 0) - { - UIerr(UI_F_UI_GET0_RESULT,UI_R_INDEX_TOO_SMALL); +const char * +UI_get0_result(UI *ui, int i) +{ + if (i < 0) { + UIerror(UI_R_INDEX_TOO_SMALL); return NULL; - } - if (i >= sk_UI_STRING_num(ui->strings)) - { - UIerr(UI_F_UI_GET0_RESULT,UI_R_INDEX_TOO_LARGE); + } + if (i >= sk_UI_STRING_num(ui->strings)) { + UIerror(UI_R_INDEX_TOO_LARGE); return NULL; - } - return UI_get0_result_string(sk_UI_STRING_value(ui->strings, i)); } + return UI_get0_result_string(sk_UI_STRING_value(ui->strings, i)); +} -static int print_error(const char *str, size_t len, UI *ui) - { +static int +print_error(const char *str, size_t len, UI *ui) +{ UI_STRING uis; memset(&uis, 0, sizeof(uis)); uis.type = UIT_ERROR; uis.out_string = str; - if (ui->meth->ui_write_string - && !ui->meth->ui_write_string(ui, &uis)) + if (ui->meth->ui_write_string && + !ui->meth->ui_write_string(ui, &uis)) return -1; return 0; - } +} -int UI_process(UI *ui) - { - int i, ok=0; +int +UI_process(UI *ui) +{ + int i, ok = 0; if (ui->meth->ui_open_session && !ui->meth->ui_open_session(ui)) return -1; if (ui->flags & UI_FLAG_PRINT_ERRORS) ERR_print_errors_cb( - (int (*)(const char *, size_t, void *))print_error, - (void *)ui); + (int (*)(const char *, size_t, void *)) print_error, + (void *)ui); - for(i=0; istrings); i++) - { - if (ui->meth->ui_write_string - && !ui->meth->ui_write_string(ui, - sk_UI_STRING_value(ui->strings, i))) - { - ok=-1; + for (i = 0; i < sk_UI_STRING_num(ui->strings); i++) { + if (ui->meth->ui_write_string && + !ui->meth->ui_write_string(ui, + sk_UI_STRING_value(ui->strings, i))) { + ok = -1; goto err; - } } + } if (ui->meth->ui_flush) - switch(ui->meth->ui_flush(ui)) - { - case -1: /* Interrupt/Cancel/something... */ + switch (ui->meth->ui_flush(ui)) { + case -1: /* Interrupt/Cancel/something... */ ok = -2; goto err; - case 0: /* Errors */ + case 0: /* Errors */ ok = -1; goto err; - default: /* Success */ + default: /* Success */ ok = 0; break; - } + } - for(i=0; istrings); i++) - { - if (ui->meth->ui_read_string) - { - switch(ui->meth->ui_read_string(ui, - sk_UI_STRING_value(ui->strings, i))) - { - case -1: /* Interrupt/Cancel/something... */ + for (i = 0; i < sk_UI_STRING_num(ui->strings); i++) { + if (ui->meth->ui_read_string) { + switch (ui->meth->ui_read_string(ui, + sk_UI_STRING_value(ui->strings, i))) { + case -1: /* Interrupt/Cancel/something... */ + ui->flags &= ~UI_FLAG_REDOABLE; ok = -2; goto err; - case 0: /* Errors */ + case 0: /* Errors */ ok = -1; goto err; - default: /* Success */ + default: /* Success */ ok = 0; break; - } } } - err: + } + +err: if (ui->meth->ui_close_session && !ui->meth->ui_close_session(ui)) return -1; return ok; - } +} -int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)()) - { - if (ui == NULL) - { - UIerr(UI_F_UI_CTRL,ERR_R_PASSED_NULL_PARAMETER); +int +UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f) (void)) +{ + if (ui == NULL) { + UIerror(ERR_R_PASSED_NULL_PARAMETER); return -1; - } - switch(cmd) - { + } + switch (cmd) { case UI_CTRL_PRINT_ERRORS: { - int save_flag = !!(ui->flags & UI_FLAG_PRINT_ERRORS); - if (i) - ui->flags |= UI_FLAG_PRINT_ERRORS; - else - ui->flags &= ~UI_FLAG_PRINT_ERRORS; - return save_flag; + int save_flag = !!(ui->flags & UI_FLAG_PRINT_ERRORS); + if (i) + ui->flags |= UI_FLAG_PRINT_ERRORS; + else + ui->flags &= ~UI_FLAG_PRINT_ERRORS; + return save_flag; } case UI_CTRL_IS_REDOABLE: return !!(ui->flags & UI_FLAG_REDOABLE); default: break; - } - UIerr(UI_F_UI_CTRL,UI_R_UNKNOWN_CONTROL_COMMAND); - return -1; } + UIerror(UI_R_UNKNOWN_CONTROL_COMMAND); + return -1; +} -int UI_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) - { +int +UI_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) +{ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI, argl, argp, - new_func, dup_func, free_func); - } - -int UI_set_ex_data(UI *r, int idx, void *arg) - { - return(CRYPTO_set_ex_data(&r->ex_data,idx,arg)); + new_func, dup_func, free_func); +} + +int +UI_set_ex_data(UI *r, int idx, void *arg) +{ + return (CRYPTO_set_ex_data(&r->ex_data, idx, arg)); +} + +void * +UI_get_ex_data(UI *r, int idx) +{ + return (CRYPTO_get_ex_data(&r->ex_data, idx)); +} + +void +UI_set_default_method(const UI_METHOD *meth) +{ + default_UI_meth = meth; +} + +const UI_METHOD * +UI_get_default_method(void) +{ + if (default_UI_meth == NULL) { + default_UI_meth = UI_OpenSSL(); } - -void *UI_get_ex_data(UI *r, int idx) - { - return(CRYPTO_get_ex_data(&r->ex_data,idx)); - } - -void UI_set_default_method(const UI_METHOD *meth) - { - default_UI_meth=meth; - } - -const UI_METHOD *UI_get_default_method(void) - { - if (default_UI_meth == NULL) - { - default_UI_meth=UI_OpenSSL(); - } return default_UI_meth; - } +} -const UI_METHOD *UI_get_method(UI *ui) - { +const UI_METHOD * +UI_get_method(UI *ui) +{ return ui->meth; - } +} -const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth) - { - ui->meth=meth; +const UI_METHOD * +UI_set_method(UI *ui, const UI_METHOD *meth) +{ + ui->meth = meth; return ui->meth; - } +} -UI_METHOD *UI_create_method(char *name) - { - UI_METHOD *ui_method = (UI_METHOD *)OPENSSL_malloc(sizeof(UI_METHOD)); +UI_METHOD * +UI_create_method(const char *name) +{ + UI_METHOD *ui_method = calloc(1, sizeof(UI_METHOD)); + + if (ui_method && name) + ui_method->name = strdup(name); - if (ui_method) - memset(ui_method, 0, sizeof(*ui_method)); - ui_method->name = BUF_strdup(name); return ui_method; - } +} /* BIG FSCKING WARNING!!!! If you use this on a statically allocated method (that is, it hasn't been allocated using UI_create_method(), you deserve anything Murphy can throw at you and more! You have been warned. */ -void UI_destroy_method(UI_METHOD *ui_method) - { - OPENSSL_free(ui_method->name); +void +UI_destroy_method(UI_METHOD *ui_method) +{ + free(ui_method->name); ui_method->name = NULL; - OPENSSL_free(ui_method); - } + free(ui_method); +} -int UI_method_set_opener(UI_METHOD *method, int (*opener)(UI *ui)) - { - if (method) - { +int +UI_method_set_opener(UI_METHOD *method, int (*opener)(UI *ui)) +{ + if (method) { method->ui_open_session = opener; return 0; - } - else + } else return -1; - } +} -int UI_method_set_writer(UI_METHOD *method, int (*writer)(UI *ui, UI_STRING *uis)) - { - if (method) - { +int +UI_method_set_writer(UI_METHOD *method, int (*writer)(UI *ui, UI_STRING *uis)) +{ + if (method) { method->ui_write_string = writer; return 0; - } - else + } else return -1; - } +} -int UI_method_set_flusher(UI_METHOD *method, int (*flusher)(UI *ui)) - { - if (method) - { +int +UI_method_set_flusher(UI_METHOD *method, int (*flusher)(UI *ui)) +{ + if (method) { method->ui_flush = flusher; return 0; - } - else + } else return -1; - } +} -int UI_method_set_reader(UI_METHOD *method, int (*reader)(UI *ui, UI_STRING *uis)) - { - if (method) - { +int +UI_method_set_reader(UI_METHOD *method, int (*reader)(UI *ui, UI_STRING *uis)) +{ + if (method) { method->ui_read_string = reader; return 0; - } - else + } else return -1; - } +} -int UI_method_set_closer(UI_METHOD *method, int (*closer)(UI *ui)) - { - if (method) - { +int +UI_method_set_closer(UI_METHOD *method, int (*closer)(UI *ui)) +{ + if (method) { method->ui_close_session = closer; return 0; - } - else + } else return -1; - } +} + +int +UI_method_set_prompt_constructor(UI_METHOD *method, + char *(*prompt_constructor)(UI *ui, const char *object_desc, + const char *object_name)) +{ + if (method) { + method->ui_construct_prompt = prompt_constructor; + return 0; + } else + return -1; +} -int (*UI_method_get_opener(UI_METHOD *method))(UI*) - { +int +(*UI_method_get_opener(const UI_METHOD * method))(UI *) +{ if (method) return method->ui_open_session; else return NULL; - } +} -int (*UI_method_get_writer(UI_METHOD *method))(UI*,UI_STRING*) - { +int +(*UI_method_get_writer(const UI_METHOD *method))(UI *, UI_STRING *) +{ if (method) return method->ui_write_string; else return NULL; - } +} -int (*UI_method_get_flusher(UI_METHOD *method))(UI*) - { +int +(*UI_method_get_flusher(const UI_METHOD *method)) (UI *) +{ if (method) return method->ui_flush; else return NULL; - } +} -int (*UI_method_get_reader(UI_METHOD *method))(UI*,UI_STRING*) - { +int +(*UI_method_get_reader(const UI_METHOD *method))(UI *, UI_STRING *) +{ if (method) return method->ui_read_string; else return NULL; - } +} -int (*UI_method_get_closer(UI_METHOD *method))(UI*) - { +int +(*UI_method_get_closer(const UI_METHOD *method))(UI *) +{ if (method) return method->ui_close_session; else return NULL; - } +} -enum UI_string_types UI_get_string_type(UI_STRING *uis) - { +char * +(*UI_method_get_prompt_constructor(const UI_METHOD *method))(UI *, const char *, + const char *) +{ + if (method) + return method->ui_construct_prompt; + else + return NULL; +} + +enum UI_string_types +UI_get_string_type(UI_STRING *uis) +{ if (!uis) return UIT_NONE; return uis->type; - } +} -int UI_get_input_flags(UI_STRING *uis) - { +int +UI_get_input_flags(UI_STRING *uis) +{ if (!uis) return 0; return uis->input_flags; - } +} -const char *UI_get0_output_string(UI_STRING *uis) - { +const char * +UI_get0_output_string(UI_STRING *uis) +{ if (!uis) return NULL; return uis->out_string; - } +} -const char *UI_get0_action_string(UI_STRING *uis) - { +const char * +UI_get0_action_string(UI_STRING *uis) +{ if (!uis) return NULL; - switch(uis->type) - { + switch (uis->type) { case UIT_PROMPT: case UIT_BOOLEAN: return uis->_.boolean_data.action_desc; default: return NULL; - } } +} -const char *UI_get0_result_string(UI_STRING *uis) - { +const char * +UI_get0_result_string(UI_STRING *uis) +{ if (!uis) return NULL; - switch(uis->type) - { + switch (uis->type) { case UIT_PROMPT: case UIT_VERIFY: return uis->result_buf; default: return NULL; - } } +} -const char *UI_get0_test_string(UI_STRING *uis) - { +const char * +UI_get0_test_string(UI_STRING *uis) +{ if (!uis) return NULL; - switch(uis->type) - { + switch (uis->type) { case UIT_VERIFY: return uis->_.string_data.test_buf; default: return NULL; - } } +} -int UI_get_result_minsize(UI_STRING *uis) - { +int +UI_get_result_minsize(UI_STRING *uis) +{ if (!uis) return -1; - switch(uis->type) - { + switch (uis->type) { case UIT_PROMPT: case UIT_VERIFY: return uis->_.string_data.result_minsize; default: return -1; - } } +} -int UI_get_result_maxsize(UI_STRING *uis) - { +int +UI_get_result_maxsize(UI_STRING *uis) +{ if (!uis) return -1; - switch(uis->type) - { + switch (uis->type) { case UIT_PROMPT: case UIT_VERIFY: return uis->_.string_data.result_maxsize; default: return -1; - } } +} -int UI_set_result(UI *ui, UI_STRING *uis, const char *result) - { +int +UI_set_result(UI *ui, UI_STRING *uis, const char *result) +{ int l = strlen(result); ui->flags &= ~UI_FLAG_REDOABLE; if (!uis) return -1; - switch (uis->type) - { + switch (uis->type) { case UIT_PROMPT: case UIT_VERIFY: - { - char number1[20]; - char number2[20]; - - BIO_snprintf(number1, sizeof(number1), "%d", - uis->_.string_data.result_minsize); - BIO_snprintf(number2, sizeof(number2), "%d", - uis->_.string_data.result_maxsize); - - if (l < uis->_.string_data.result_minsize) - { + if (l < uis->_.string_data.result_minsize) { ui->flags |= UI_FLAG_REDOABLE; - UIerr(UI_F_UI_SET_RESULT,UI_R_RESULT_TOO_SMALL); - ERR_add_error_data(5,"You must type in ", - number1," to ",number2," characters"); + UIerror(UI_R_RESULT_TOO_SMALL); + ERR_asprintf_error_data + ("You must type in %d to %d characters", + uis->_.string_data.result_minsize, + uis->_.string_data.result_maxsize); return -1; - } - if (l > uis->_.string_data.result_maxsize) - { + } + if (l > uis->_.string_data.result_maxsize) { ui->flags |= UI_FLAG_REDOABLE; - UIerr(UI_F_UI_SET_RESULT,UI_R_RESULT_TOO_LARGE); - ERR_add_error_data(5,"You must type in ", - number1," to ",number2," characters"); + UIerror(UI_R_RESULT_TOO_LARGE); + ERR_asprintf_error_data + ("You must type in %d to %d characters", + uis->_.string_data.result_minsize, + uis->_.string_data.result_maxsize); return -1; - } } - - if (!uis->result_buf) - { - UIerr(UI_F_UI_SET_RESULT,UI_R_NO_RESULT_BUFFER); + if (!uis->result_buf) { + UIerror(UI_R_NO_RESULT_BUFFER); return -1; - } - - strcpy(uis->result_buf, result); + } + strlcpy(uis->result_buf, result, + uis->_.string_data.result_maxsize + 1); break; case UIT_BOOLEAN: { - const char *p; + const char *p; - if (!uis->result_buf) - { - UIerr(UI_F_UI_SET_RESULT,UI_R_NO_RESULT_BUFFER); - return -1; + if (!uis->result_buf) { + UIerror(UI_R_NO_RESULT_BUFFER); + return -1; } - - uis->result_buf[0] = '\0'; - for(p = result; *p; p++) - { - if (strchr(uis->_.boolean_data.ok_chars, *p)) - { - uis->result_buf[0] = - uis->_.boolean_data.ok_chars[0]; - break; + uis->result_buf[0] = '\0'; + for (p = result; *p; p++) { + if (strchr(uis->_.boolean_data.ok_chars, *p)) { + uis->result_buf[0] = + uis->_.boolean_data.ok_chars[0]; + break; } - if (strchr(uis->_.boolean_data.cancel_chars, *p)) - { - uis->result_buf[0] = - uis->_.boolean_data.cancel_chars[0]; - break; + if (strchr(uis->_.boolean_data.cancel_chars, *p)) { + uis->result_buf[0] = + uis->_.boolean_data.cancel_chars[0]; + break; } } - default: - break; - } + default: + break; } - return 0; } + return 0; +} diff --git a/src/lib/libcrypto/ui/ui_locl.h b/src/lib/libcrypto/ui/ui_locl.h index 7d3a75a619c..c424be6546b 100644 --- a/src/lib/libcrypto/ui/ui_locl.h +++ b/src/lib/libcrypto/ui/ui_locl.h @@ -1,4 +1,5 @@ -/* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */ +/* $OpenBSD: ui_locl.h,v 1.7 2016/12/21 15:49:29 jsing Exp $ */ + /* Written by Richard Levitte (richard@levitte.org) for the OpenSSL * project 2001. */ @@ -10,7 +11,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -60,9 +61,15 @@ #define HEADER_UI_LOCL_H #include +#include + +__BEGIN_HIDDEN_DECLS -struct ui_method_st - { +#ifdef _ +#undef _ +#endif + +struct ui_method_st { char *name; /* All the functions return 1 or non-NULL for success and 0 or NULL @@ -89,13 +96,12 @@ struct ui_method_st and object_name is the name of the object (might be a card name or a file name. The returned string shall always be allocated on the heap with - OPENSSL_malloc(), and need to be free'd with OPENSSL_free(). */ + malloc(), and need to be free'd with free(). */ char *(*ui_construct_prompt)(UI *ui, const char *object_desc, - const char *object_name); - }; + const char *object_name); +}; -struct ui_string_st - { +struct ui_string_st { enum UI_string_types type; /* Input */ const char *out_string; /* Input */ int input_flags; /* Flags from the user */ @@ -106,10 +112,8 @@ struct ui_string_st with size in result_maxsize. Otherwise, it may be allocated by the UI routine, meaning result_minsize is going to be overwritten.*/ - union - { - struct - { + union { + struct { int result_minsize; /* Input: minimum required size of the result. */ @@ -118,21 +122,19 @@ struct ui_string_st const char *test_buf; /* Input: test string to verify against */ - } string_data; - struct - { + } string_data; + struct { const char *action_desc; /* Input */ const char *ok_chars; /* Input */ const char *cancel_chars; /* Input */ - } boolean_data; - } _; + } boolean_data; + } _; #define OUT_STRING_FREEABLE 0x01 int flags; /* flags for internal use */ - }; +}; -struct ui_st - { +struct ui_st { const UI_METHOD *meth; STACK_OF(UI_STRING) *strings; /* We might want to prompt for more than one thing at a time, and @@ -143,6 +145,8 @@ struct ui_st #define UI_FLAG_REDOABLE 0x0001 #define UI_FLAG_PRINT_ERRORS 0x0100 int flags; - }; +}; + +__END_HIDDEN_DECLS #endif diff --git a/src/lib/libcrypto/ui/ui_openssl.c b/src/lib/libcrypto/ui/ui_openssl.c index 821dd29eaaf..9562c2c937a 100644 --- a/src/lib/libcrypto/ui/ui_openssl.c +++ b/src/lib/libcrypto/ui/ui_openssl.c @@ -1,4 +1,4 @@ -/* crypto/ui/ui_openssl.c -*- mode:C; c-file-style: "eay" -*- */ +/* $OpenBSD: ui_openssl.c,v 1.25 2015/09/10 15:56:26 jsing Exp $ */ /* Written by Richard Levitte (richard@levitte.org) and others * for the OpenSSL project 2001. */ @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -63,21 +63,21 @@ * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -92,10 +92,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -107,183 +107,42 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ +#include -#include - -#if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) -# ifdef OPENSSL_UNISTD -# include OPENSSL_UNISTD -# else -# include -# endif -/* If unistd.h defines _POSIX_VERSION, we conclude that we - * are on a POSIX system and have sigaction and termios. */ -# if defined(_POSIX_VERSION) - -# define SIGACTION -# if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY) -# define TERMIOS -# endif +#include -# endif -#endif - -#ifdef WIN16TTY -# undef OPENSSL_SYS_WIN16 -# undef WIN16 -# undef _WINDOWS -# include -#endif - -/* 06-Apr-92 Luke Brennan Support for VMS */ -#include "ui_locl.h" -#include "cryptlib.h" +#include #include #include #include -#include - -#ifdef OPENSSL_SYS_VMS /* prototypes for sys$whatever */ -# include -# ifdef __DECC -# pragma message disable DOLLARID -# endif -#endif - -#ifdef WIN_CONSOLE_BUG -# include -# include -#endif - - -/* There are 5 types of terminal interface supported, - * TERMIO, TERMIOS, VMS, MSDOS and SGTTY - */ - -#if defined(__sgi) && !defined(TERMIOS) -# define TERMIOS -# undef TERMIO -# undef SGTTY -#endif - -#if defined(linux) && !defined(TERMIO) -# undef TERMIOS -# define TERMIO -# undef SGTTY -#endif - -#ifdef _LIBC -# undef TERMIOS -# define TERMIO -# undef SGTTY -#endif - -#if !defined(TERMIO) && !defined(TERMIOS) && !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && !defined(MAC_OS_GUSI_SOURCE) -# undef TERMIOS -# undef TERMIO -# define SGTTY -#endif - -#if defined(OPENSSL_SYS_VSWORKS) -#undef TERMIOS -#undef TERMIO -#undef SGTTY -#endif - -#ifdef TERMIOS -# include -# define TTY_STRUCT struct termios -# define TTY_FLAGS c_lflag -# define TTY_get(tty,data) tcgetattr(tty,data) -# define TTY_set(tty,data) tcsetattr(tty,TCSANOW,data) -#endif - -#ifdef TERMIO -# include -# define TTY_STRUCT struct termio -# define TTY_FLAGS c_lflag -# define TTY_get(tty,data) ioctl(tty,TCGETA,data) -# define TTY_set(tty,data) ioctl(tty,TCSETA,data) -#endif - -#ifdef SGTTY -# include -# define TTY_STRUCT struct sgttyb -# define TTY_FLAGS sg_flags -# define TTY_get(tty,data) ioctl(tty,TIOCGETP,data) -# define TTY_set(tty,data) ioctl(tty,TIOCSETP,data) -#endif - -#if !defined(_LIBC) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) -# include -#endif - -#ifdef OPENSSL_SYS_MSDOS -# include -#endif - -#ifdef OPENSSL_SYS_VMS -# include -# include -# include -# include -struct IOSB { - short iosb$w_value; - short iosb$w_count; - long iosb$l_info; - }; -#endif +#include +#include -#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(MAC_OS_GUSI_SOURCE) -/* - * This one needs work. As a matter of fact the code is unoperational - * and this is only a trick to get it compiled. - * - */ -# define TTY_STRUCT int -#endif +#include "ui_locl.h" #ifndef NX509_SIG -# define NX509_SIG 32 +#define NX509_SIG 32 #endif - /* Define globals. They are protected by a lock */ -#ifdef SIGACTION static struct sigaction savsig[NX509_SIG]; -#else -static void (*savsig[NX509_SIG])(int ); -#endif -#ifdef OPENSSL_SYS_VMS -static struct IOSB iosb; -static $DESCRIPTOR(terminal,"TT"); -static long tty_orig[3], tty_new[3]; /* XXX Is there any guarantee that this will always suffice for the actual structures? */ -static long status; -static unsigned short channel = 0; -#else -#ifndef OPENSSL_SYS_MSDOS -static TTY_STRUCT tty_orig,tty_new; -#endif -#endif +static struct termios tty_orig; static FILE *tty_in, *tty_out; static int is_a_tty; /* Declare static functions */ -static void read_till_nl(FILE *); +static int read_till_nl(FILE *); static void recsig(int); static void pushsig(void); static void popsig(void); -#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN16) -static int noecho_fgets(char *buf, int size, FILE *tty); -#endif static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl); static int read_string(UI *ui, UI_STRING *uis); @@ -294,29 +153,27 @@ static int echo_console(UI *ui); static int noecho_console(UI *ui); static int close_console(UI *ui); -static UI_METHOD ui_openssl = - { - "OpenSSL default user interface", - open_console, - write_string, - NULL, /* No flusher is needed for command lines */ - read_string, - close_console, - NULL - }; +static UI_METHOD ui_openssl = { + .name = "OpenSSL default user interface", + .ui_open_session = open_console, + .ui_write_string = write_string, + .ui_read_string = read_string, + .ui_close_session = close_console, +}; /* The method with all the built-in thingies */ -UI_METHOD *UI_OpenSSL(void) - { +UI_METHOD * +UI_OpenSSL(void) +{ return &ui_openssl; - } +} /* The following function makes sure that info and error strings are printed before any prompt. */ -static int write_string(UI *ui, UI_STRING *uis) - { - switch (UI_get_string_type(uis)) - { +static int +write_string(UI *ui, UI_STRING *uis) +{ + switch (UI_get_string_type(uis)) { case UIT_ERROR: case UIT_INFO: fputs(UI_get0_output_string(uis), tty_out); @@ -324,338 +181,217 @@ static int write_string(UI *ui, UI_STRING *uis) break; default: break; - } - return 1; } + return 1; +} -static int read_string(UI *ui, UI_STRING *uis) - { +static int +read_string(UI *ui, UI_STRING *uis) +{ int ok = 0; - switch (UI_get_string_type(uis)) - { + switch (UI_get_string_type(uis)) { case UIT_BOOLEAN: fputs(UI_get0_output_string(uis), tty_out); fputs(UI_get0_action_string(uis), tty_out); fflush(tty_out); return read_string_inner(ui, uis, - UI_get_input_flags(uis) & UI_INPUT_FLAG_ECHO, 0); + UI_get_input_flags(uis) & UI_INPUT_FLAG_ECHO, 0); case UIT_PROMPT: fputs(UI_get0_output_string(uis), tty_out); fflush(tty_out); return read_string_inner(ui, uis, - UI_get_input_flags(uis) & UI_INPUT_FLAG_ECHO, 1); + UI_get_input_flags(uis) & UI_INPUT_FLAG_ECHO, 1); case UIT_VERIFY: - fprintf(tty_out,"Verifying - %s", - UI_get0_output_string(uis)); + fprintf(tty_out, "Verifying - %s", + UI_get0_output_string(uis)); fflush(tty_out); - if ((ok = read_string_inner(ui, uis, - UI_get_input_flags(uis) & UI_INPUT_FLAG_ECHO, 1)) <= 0) + if ((ok = read_string_inner(ui, uis, UI_get_input_flags(uis) & + UI_INPUT_FLAG_ECHO, 1)) <= 0) return ok; if (strcmp(UI_get0_result_string(uis), - UI_get0_test_string(uis)) != 0) - { - fprintf(tty_out,"Verify failure\n"); + UI_get0_test_string(uis)) != 0) { + fprintf(tty_out, "Verify failure\n"); fflush(tty_out); return 0; - } + } break; default: break; - } - return 1; } + return 1; +} /* Internal functions to read a string without echoing */ -static void read_till_nl(FILE *in) - { +static int +read_till_nl(FILE *in) +{ #define SIZE 4 - char buf[SIZE+1]; + char buf[SIZE + 1]; - do { - fgets(buf,SIZE,in); - } while (strchr(buf,'\n') == NULL); - } + do { + if (!fgets(buf, SIZE, in)) + return 0; + } while (strchr(buf, '\n') == NULL); + return 1; +} static volatile sig_atomic_t intr_signal; -static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl) - { +static int +read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl) +{ static int ps; int ok; char result[BUFSIZ]; - int maxsize = BUFSIZ-1; + int maxsize = BUFSIZ - 1; char *p; -#ifndef OPENSSL_SYS_WIN16 - intr_signal=0; - ok=0; - ps=0; + intr_signal = 0; + ok = 0; + ps = 0; pushsig(); - ps=1; + ps = 1; if (!echo && !noecho_console(ui)) goto error; - ps=2; + ps = 2; - result[0]='\0'; -#ifdef OPENSSL_SYS_MSDOS - if (!echo) - { - noecho_fgets(result,maxsize,tty_in); - p=result; /* FIXME: noecho_fgets doesn't return errors */ - } - else - p=fgets(result,maxsize,tty_in); -#else - p=fgets(result,maxsize,tty_in); -#endif - if(!p) + result[0] = '\0'; + p = fgets(result, maxsize, tty_in); + if (!p) goto error; - if (feof(tty_in)) goto error; - if (ferror(tty_in)) goto error; - if ((p=(char *)strchr(result,'\n')) != NULL) - { + if (feof(tty_in)) + goto error; + if (ferror(tty_in)) + goto error; + if ((p = strchr(result, '\n')) != NULL) { if (strip_nl) - *p='\0'; - } - else - read_till_nl(tty_in); + *p = '\0'; + } else if (!read_till_nl(tty_in)) + goto error; if (UI_set_result(ui, uis, result) >= 0) - ok=1; + ok = 1; error: if (intr_signal == SIGINT) - ok=-1; - if (!echo) fprintf(tty_out,"\n"); + ok = -1; + if (!echo) + fprintf(tty_out, "\n"); if (ps >= 2 && !echo && !echo_console(ui)) - ok=0; + ok = 0; if (ps >= 1) popsig(); -#else - ok=1; -#endif - memset(result,0,BUFSIZ); + explicit_bzero(result, BUFSIZ); return ok; - } +} /* Internal functions to open, handle and close a channel to the console. */ -static int open_console(UI *ui) - { +static int +open_console(UI *ui) +{ CRYPTO_w_lock(CRYPTO_LOCK_UI); is_a_tty = 1; -#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(OPENSSL_SYS_VSWORKS) - tty_in=stdin; - tty_out=stderr; -#else -# ifdef OPENSSL_SYS_MSDOS -# define DEV_TTY "con" -# else -# define DEV_TTY "/dev/tty" -# endif - if ((tty_in=fopen(DEV_TTY,"r")) == NULL) - tty_in=stdin; - if ((tty_out=fopen(DEV_TTY,"w")) == NULL) - tty_out=stderr; -#endif +#define DEV_TTY "/dev/tty" + if ((tty_in = fopen(DEV_TTY, "r")) == NULL) + tty_in = stdin; + if ((tty_out = fopen(DEV_TTY, "w")) == NULL) + tty_out = stderr; -#if defined(TTY_get) && !defined(OPENSSL_SYS_VMS) - if (TTY_get(fileno(tty_in),&tty_orig) == -1) - { -#ifdef ENOTTY + if (tcgetattr(fileno(tty_in), &tty_orig) == -1) { if (errno == ENOTTY) - is_a_tty=0; + is_a_tty = 0; else -#endif -#ifdef EINVAL - /* Ariel Glenn ariel@columbia.edu reports that solaris - * can return EINVAL instead. This should be ok */ - if (errno == EINVAL) - is_a_tty=0; + /* + * Ariel Glenn ariel@columbia.edu reports that + * solaris can return EINVAL instead. This should be + * ok + */ + if (errno == EINVAL) + is_a_tty = 0; else -#endif return 0; - } -#endif -#ifdef OPENSSL_SYS_VMS - status = sys$assign(&terminal,&channel,0,0); - if (status != SS$_NORMAL) - return 0; - status=sys$qiow(0,channel,IO$_SENSEMODE,&iosb,0,0,tty_orig,12,0,0,0,0); - if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL)) - return 0; -#endif - return 1; } -static int noecho_console(UI *ui) - { -#ifdef TTY_FLAGS - memcpy(&(tty_new),&(tty_orig),sizeof(tty_orig)); - tty_new.TTY_FLAGS &= ~ECHO; -#endif - -#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS) - if (is_a_tty && (TTY_set(fileno(tty_in),&tty_new) == -1)) - return 0; -#endif -#ifdef OPENSSL_SYS_VMS - tty_new[0] = tty_orig[0]; - tty_new[1] = tty_orig[1] | TT$M_NOECHO; - tty_new[2] = tty_orig[2]; - status = sys$qiow(0,channel,IO$_SETMODE,&iosb,0,0,tty_new,12,0,0,0,0); - if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL)) - return 0; -#endif return 1; - } +} -static int echo_console(UI *ui) - { -#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS) - memcpy(&(tty_new),&(tty_orig),sizeof(tty_orig)); - tty_new.TTY_FLAGS |= ECHO; -#endif +static int +noecho_console(UI *ui) +{ + struct termios tty_new = tty_orig; -#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS) - if (is_a_tty && (TTY_set(fileno(tty_in),&tty_new) == -1)) + tty_new.c_lflag &= ~ECHO; + if (is_a_tty && (tcsetattr(fileno(tty_in), TCSANOW, &tty_new) == -1)) return 0; -#endif -#ifdef OPENSSL_SYS_VMS - tty_new[0] = tty_orig[0]; - tty_new[1] = tty_orig[1] & ~TT$M_NOECHO; - tty_new[2] = tty_orig[2]; - status = sys$qiow(0,channel,IO$_SETMODE,&iosb,0,0,tty_new,12,0,0,0,0); - if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL)) - return 0; -#endif return 1; - } +} -static int close_console(UI *ui) - { - if (tty_in != stderr) fclose(tty_in); - if (tty_out != stderr) fclose(tty_out); -#ifdef OPENSSL_SYS_VMS - status = sys$dassgn(channel); -#endif +static int +echo_console(UI *ui) +{ + if (is_a_tty && (tcsetattr(fileno(tty_in), TCSANOW, &tty_orig) == -1)) + return 0; + return 1; +} + +static int +close_console(UI *ui) +{ + if (tty_in != stdin) + fclose(tty_in); + if (tty_out != stderr) + fclose(tty_out); CRYPTO_w_unlock(CRYPTO_LOCK_UI); return 1; - } +} /* Internal functions to handle signals and act on them */ -static void pushsig(void) - { +static void +pushsig(void) +{ int i; -#ifdef SIGACTION struct sigaction sa; - memset(&sa,0,sizeof sa); - sa.sa_handler=recsig; -#endif + memset(&sa, 0, sizeof sa); + sa.sa_handler = recsig; - for (i=1; i -#include -int UI_UTIL_read_pw_string(char *buf,int length,const char *prompt,int verify) - { +#include + +#include "ui_locl.h" + +int +UI_UTIL_read_pw_string(char *buf, int length, const char *prompt, int verify) +{ char buff[BUFSIZ]; int ret; - ret=UI_UTIL_read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify); - memset(buff,0,BUFSIZ); - return(ret); - } + ret = UI_UTIL_read_pw(buf, buff, (length > BUFSIZ) ? BUFSIZ : length, + prompt, verify); + explicit_bzero(buff, BUFSIZ); + return (ret); +} -int UI_UTIL_read_pw(char *buf,char *buff,int size,const char *prompt,int verify) - { +int +UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt, int verify) +{ int ok = 0; UI *ui; + if (size < 1) + return -1; + ui = UI_new(); - if (ui) - { - ok = UI_add_input_string(ui,prompt,0,buf,0,BUFSIZ-1); - if (ok == 0 && verify) - ok = UI_add_verify_string(ui,prompt,0,buff,0,BUFSIZ-1, - buf); - if (ok == 0) - ok=UI_process(ui); + if (ui) { + ok = UI_add_input_string(ui, prompt, 0, buf, 0, size - 1); + if (ok >= 0 && verify) + ok = UI_add_verify_string(ui, prompt, 0, buff, 0, + size - 1, buf); + if (ok >= 0) + ok = UI_process(ui); UI_free(ui); - } - return(ok); } + if (ok > 0) + ok = 0; + return (ok); +} + +/* + * Old compatibility glue - see comment in ui_compat.h. + */ +int +_ossl_old_des_read_pw_string(char *buf, int length, const char *prompt, int verify) +{ + return UI_UTIL_read_pw_string(buf, length, prompt, verify); +} + +int +_ossl_old_des_read_pw(char *buf, char *buff, int size, const char *prompt, int verify) +{ + return UI_UTIL_read_pw(buf, buff, size, prompt, verify); +} diff --git a/src/lib/libcrypto/uid.c b/src/lib/libcrypto/uid.c deleted file mode 100644 index d3d249c36fd..00000000000 --- a/src/lib/libcrypto/uid.c +++ /dev/null @@ -1,89 +0,0 @@ -/* crypto/uid.c */ -/* ==================================================================== - * Copyright (c) 2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include - -#if defined(__OpenBSD__) || (defined(__FreeBSD__) && __FreeBSD__ > 2) - -#include OPENSSL_UNISTD - -int OPENSSL_issetugid(void) - { - return issetugid(); - } - -#elif defined(OPENSSL_SYS_WIN32) - -int OPENSSL_issetugid(void) - { - return 0; - } - -#else - -#include OPENSSL_UNISTD -#include - -int OPENSSL_issetugid(void) - { - if (getuid() != geteuid()) return 1; - if (getgid() != getegid()) return 1; - return 0; - } -#endif - - - diff --git a/src/lib/libcrypto/util/FreeBSD.sh b/src/lib/libcrypto/util/FreeBSD.sh deleted file mode 100644 index db8edfc6aa2..00000000000 --- a/src/lib/libcrypto/util/FreeBSD.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh - -perl util/perlpath.pl /usr/bin -perl util/ssldir.pl /usr/local -perl util/mk1mf.pl FreeBSD >Makefile.FreeBSD -perl Configure FreeBSD diff --git a/src/lib/libcrypto/util/add_cr.pl b/src/lib/libcrypto/util/add_cr.pl deleted file mode 100644 index c7b62c11ec9..00000000000 --- a/src/lib/libcrypto/util/add_cr.pl +++ /dev/null @@ -1,123 +0,0 @@ -#!/usr/local/bin/perl -# -# This adds a copyright message to a souce code file. -# It also gets the file name correct. -# -# perl util/add_cr.pl *.[ch] */*.[ch] */*/*.[ch] -# - -foreach (@ARGV) - { - &dofile($_); - } - -sub dofile - { - local($file)=@_; - - open(IN,"<$file") || die "unable to open $file:$!\n"; - - print STDERR "doing $file\n"; - @in=; - - return(1) if ($in[0] =~ / NOCW /); - - @out=(); - open(OUT,">$file.out") || die "unable to open $file.$$:$!\n"; - push(@out,"/* $file */\n"); - if (($in[1] !~ /^\/\* Copyright \(C\) [0-9-]+ Eric Young \(eay\@cryptsoft.com\)/)) - { - push(@out,&Copyright); - $i=2; - @a=grep(/ Copyright \(C\) /,@in); - if ($#a >= 0) - { - while (($i <= $#in) && ($in[$i] ne " */\n")) - { $i++; } - $i++ if ($in[$i] eq " */\n"); - - while (($i <= $#in) && ($in[$i] =~ /^\s*$/)) - { $i++; } - - push(@out,"\n"); - for ( ; $i <= $#in; $i++) - { push(@out,$in[$i]); } - } - else - { push(@out,@in); } - } - else - { - shift(@in); - push(@out,@in); - } - print OUT @out; - close(IN); - close(OUT); - rename("$file","$file.orig") || die "unable to rename $file:$!\n"; - rename("$file.out",$file) || die "unable to rename $file.out:$!\n"; - } - - - -sub Copyright - { - return <<'EOF'; -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -EOF - } diff --git a/src/lib/libcrypto/util/bat.sh b/src/lib/libcrypto/util/bat.sh deleted file mode 100644 index c6f48e8a7b1..00000000000 --- a/src/lib/libcrypto/util/bat.sh +++ /dev/null @@ -1,132 +0,0 @@ -#!/usr/local/bin/perl - -$infile="/home/eay/ssl/SSLeay/MINFO"; - -open(IN,"<$infile") || die "unable to open $infile:$!\n"; -$_=; -for (;;) - { - chop; - - ($key,$val)=/^([^=]+)=(.*)/; - if ($key eq "RELATIVE_DIRECTORY") - { - if ($lib ne "") - { - $uc=$lib; - $uc =~ s/^lib(.*)\.a/$1/; - $uc =~ tr/a-z/A-Z/; - $lib_nam{$uc}=$uc; - $lib_obj{$uc}.=$libobj." "; - } - last if ($val eq "FINISHED"); - $lib=""; - $libobj=""; - $dir=$val; - } - - if ($key eq "TEST") - { $test.=&var_add($dir,$val); } - - if (($key eq "PROGS") || ($key eq "E_OBJ")) - { $e_exe.=&var_add($dir,$val); } - - if ($key eq "LIB") - { - $lib=$val; - $lib =~ s/^.*\/([^\/]+)$/$1/; - } - - if ($key eq "EXHEADER") - { $exheader.=&var_add($dir,$val); } - - if ($key eq "HEADER") - { $header.=&var_add($dir,$val); } - - if ($key eq "LIBSRC") - { $libsrc.=&var_add($dir,$val); } - - if (!($_=)) - { $_="RELATIVE_DIRECTORY=FINISHED\n"; } - } -close(IN); - -@a=split(/\s+/,$libsrc); -foreach (@a) - { - print "${_}.c\n"; - } - -sub var_add - { - local($dir,$val)=@_; - local(@a,$_,$ret); - - return("") if $no_idea && $dir =~ /\/idea/; - return("") if $no_rc2 && $dir =~ /\/rc2/; - return("") if $no_rc4 && $dir =~ /\/rc4/; - return("") if $no_rsa && $dir =~ /\/rsa/; - return("") if $no_rsa && $dir =~ /^rsaref/; - return("") if $no_dsa && $dir =~ /\/dsa/; - return("") if $no_dh && $dir =~ /\/dh/; - if ($no_des && $dir =~ /\/des/) - { - if ($val =~ /read_pwd/) - { return("$dir/read_pwd "); } - else - { return(""); } - } - return("") if $no_mdc2 && $dir =~ /\/mdc2/; - return("") if $no_sock && $dir =~ /\/proxy/; - return("") if $no_bf && $dir =~ /\/bf/; - return("") if $no_cast && $dir =~ /\/cast/; - - $val =~ s/^\s*(.*)\s*$/$1/; - @a=split(/\s+/,$val); - grep(s/\.[och]$//,@a); - - @a=grep(!/^e_.*_3d$/,@a) if $no_des; - @a=grep(!/^e_.*_d$/,@a) if $no_des; - @a=grep(!/^e_.*_i$/,@a) if $no_idea; - @a=grep(!/^e_.*_r2$/,@a) if $no_rc2; - @a=grep(!/^e_.*_bf$/,@a) if $no_bf; - @a=grep(!/^e_.*_c$/,@a) if $no_cast; - @a=grep(!/^e_rc4$/,@a) if $no_rc4; - - @a=grep(!/(^s2_)|(^s23_)/,@a) if $no_ssl2; - @a=grep(!/(^s3_)|(^s23_)/,@a) if $no_ssl3; - - @a=grep(!/(_sock$)|(_acpt$)|(_conn$)|(^pxy_)/,@a) if $no_sock; - - @a=grep(!/(^md2)|(_md2$)/,@a) if $no_md2; - @a=grep(!/(^md5)|(_md5$)/,@a) if $no_md5; - - @a=grep(!/(^d2i_r_)|(^i2d_r_)/,@a) if $no_rsa; - @a=grep(!/(^p_open$)|(^p_seal$)/,@a) if $no_rsa; - @a=grep(!/(^pem_seal$)/,@a) if $no_rsa; - - @a=grep(!/(m_dss$)|(m_dss1$)/,@a) if $no_dsa; - @a=grep(!/(^d2i_s_)|(^i2d_s_)|(_dsap$)/,@a) if $no_dsa; - - @a=grep(!/^n_pkey$/,@a) if $no_rsa || $no_rc4; - - @a=grep(!/_dhp$/,@a) if $no_dh; - - @a=grep(!/(^sha[^1])|(_sha$)|(m_dss$)/,@a) if $no_sha; - @a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1; - @a=grep(!/_mdc2$/,@a) if $no_mdc2; - - @a=grep(!/(^rsa$)|(^genrsa$)|(^req$)|(^ca$)/,@a) if $no_rsa; - @a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/,@a) if $no_dsa; - @a=grep(!/^gendsa$/,@a) if $no_sha1; - @a=grep(!/(^dh$)|(^gendh$)/,@a) if $no_dh; - - @a=grep(!/(^dh)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1; - - grep($_="$dir/$_",@a); - @a=grep(!/(^|\/)s_/,@a) if $no_sock; - @a=grep(!/(^|\/)bio_sock/,@a) if $no_sock; - $ret=join(' ',@a)." "; - return($ret); - } - diff --git a/src/lib/libcrypto/util/ck_errf.pl b/src/lib/libcrypto/util/ck_errf.pl deleted file mode 100644 index 7a24d6c5a2e..00000000000 --- a/src/lib/libcrypto/util/ck_errf.pl +++ /dev/null @@ -1,45 +0,0 @@ -#!/usr/local/bin/perl -# -# This is just a quick script to scan for cases where the 'error' -# function name in a XXXerr() macro is wrong. -# -# Run in the top level by going -# perl util/ck_errf.pl */*.c */*/*.c -# - -foreach $file (@ARGV) - { - open(IN,"<$file") || die "unable to open $file\n"; - $func=""; - while () - { - if (/^[a-zA-Z].+[\s*]([A-Za-z_0-9]+)\(.*\)/) - { - $func=$1; - $func =~ tr/A-Z/a-z/; - } - if (/([A-Z0-9]+)err\(([^,]+)/) - { - next if ($func eq ""); - $errlib=$1; - $n=$2; - if ($n !~ /([^_]+)_F_(.+)$/) - { - # print "check -$file:$.:$func:$n\n"; - next; - } - $lib=$1; - $n=$2; - - if ($lib ne $errlib) - { print "$file:$.:$func:$n\n"; next; } - - $n =~ tr/A-Z/a-z/; - if (($n ne $func) && ($errlib ne "SYS")) - { print "$file:$.:$func:$n\n"; next; } - # print "$func:$1\n"; - } - } - close(IN); - } - diff --git a/src/lib/libcrypto/util/clean-depend.pl b/src/lib/libcrypto/util/clean-depend.pl deleted file mode 100644 index 6c485d1e2fb..00000000000 --- a/src/lib/libcrypto/util/clean-depend.pl +++ /dev/null @@ -1,54 +0,0 @@ -#!/usr/local/bin/perl -w -# Clean the dependency list in a makefile of standard includes... -# Written by Ben Laurie 19 Jan 1999 - -use strict; - -while() { - print; - last if /^# DO NOT DELETE THIS LINE/; -} - -my %files; - -my $thisfile=""; -while() { - my ($dummy, $file,$deps)=/^((.*):)? (.*)$/; - my $origfile=""; - $thisfile=$file if defined $file; - next if !defined $deps; - $origfile=$thisfile; - $origfile=~s/\.o$/.c/; - my @deps=split ' ',$deps; - @deps=grep(!/^\//,@deps); - @deps=grep(!/^\\$/,@deps); - @deps=grep(!/^$origfile$/,@deps); -# pull out the kludged kerberos header (if present). - @deps=grep(!/^[.\/]+\/krb5.h/,@deps); - push @{$files{$thisfile}},@deps; -} - -my $file; -foreach $file (sort keys %files) { - my $len=0; - my $dep; - my $origfile=$file; - $origfile=~s/\.o$/.c/; - $file=~s/^\.\///; - push @{$files{$file}},$origfile; - my $prevdep=""; - foreach $dep (sort @{$files{$file}}) { - $dep=~s/^\.\///; - next if $prevdep eq $dep; # to exterminate duplicates... - $prevdep = $dep; - $len=0 if $len+length($dep)+1 >= 80; - if($len == 0) { - print "\n$file:"; - $len=length($file)+1; - } - print " $dep"; - $len+=length($dep)+1; - } -} - -print "\n"; diff --git a/src/lib/libcrypto/util/cygwin.sh b/src/lib/libcrypto/util/cygwin.sh deleted file mode 100644 index b607399b028..00000000000 --- a/src/lib/libcrypto/util/cygwin.sh +++ /dev/null @@ -1,125 +0,0 @@ -#!/bin/bash -# -# This script configures, builds and packs the binary package for -# the Cygwin net distribution version of OpenSSL -# - -# Uncomment when debugging -#set -x - -CONFIG_OPTIONS="--prefix=/usr shared no-idea no-rc5 no-mdc2" -INSTALL_PREFIX=/tmp/install - -VERSION= -SUBVERSION=$1 - -function cleanup() -{ - rm -rf ${INSTALL_PREFIX}/etc - rm -rf ${INSTALL_PREFIX}/usr -} - -function get_openssl_version() -{ - eval `grep '^VERSION=' Makefile.ssl` - if [ -z "${VERSION}" ] - then - echo "Error: Couldn't retrieve OpenSSL version from Makefile.ssl." - echo " Check value of variable VERSION in Makefile.ssl." - exit 1 - fi -} - -function base_install() -{ - mkdir -p ${INSTALL_PREFIX} - cleanup - make install INSTALL_PREFIX="${INSTALL_PREFIX}" -} - -function doc_install() -{ - DOC_DIR=${INSTALL_PREFIX}/usr/doc/openssl - - mkdir -p ${DOC_DIR} - cp CHANGES CHANGES.SSLeay INSTALL LICENSE NEWS README ${DOC_DIR} - - create_cygwin_readme -} - -function create_cygwin_readme() -{ - README_DIR=${INSTALL_PREFIX}/usr/doc/Cygwin - README_FILE=${README_DIR}/openssl-${VERSION}.README - - mkdir -p ${README_DIR} - cat > ${README_FILE} <<- EOF - The Cygwin version has been built using the following configure: - - ./config ${CONFIG_OPTIONS} - - The IDEA, RC5 and MDC2 algorithms are disabled due to patent and/or - licensing issues. - EOF -} - -function create_profile_files() -{ - PROFILE_DIR=${INSTALL_PREFIX}/etc/profile.d - - mkdir -p $PROFILE_DIR - cat > ${PROFILE_DIR}/openssl.sh <<- "EOF" - export MANPATH="${MANPATH}:/usr/ssl/man" - EOF - cat > ${PROFILE_DIR}/openssl.csh <<- "EOF" - if ( $?MANPATH ) then - setenv MANPATH "${MANPATH}:/usr/ssl/man" - else - setenv MANPATH ":/usr/ssl/man" - endif - EOF -} - -if [ -z "${SUBVERSION}" ] -then - echo "Usage: $0 subversion" - exit 1 -fi - -if [ ! -f config ] -then - echo "You must start this script in the OpenSSL toplevel source dir." - exit 1 -fi - -./config ${CONFIG_OPTIONS} - -get_openssl_version - -make || exit 1 - -base_install - -doc_install - -create_cygwin_readme - -create_profile_files - -cd ${INSTALL_PREFIX} -strip usr/bin/*.exe usr/bin/*.dll - -# Runtime package -find etc usr/bin usr/doc usr/ssl/certs usr/ssl/man/man[157] usr/ssl/misc \ - usr/ssl/openssl.cnf usr/ssl/private -empty -o \! -type d | -tar cjfT openssl-${VERSION}-${SUBVERSION}.tar.bz2 - -# Development package -find usr/include usr/lib usr/ssl/man/man3 -empty -o \! -type d | -tar cjfT openssl-devel-${VERSION}-${SUBVERSION}.tar.bz2 - - -ls -l openssl-${VERSION}-${SUBVERSION}.tar.bz2 -ls -l openssl-devel-${VERSION}-${SUBVERSION}.tar.bz2 - -cleanup - -exit 0 diff --git a/src/lib/libcrypto/util/deleof.pl b/src/lib/libcrypto/util/deleof.pl deleted file mode 100644 index 155acd88ff1..00000000000 --- a/src/lib/libcrypto/util/deleof.pl +++ /dev/null @@ -1,7 +0,0 @@ -#!/usr/local/bin/perl - -while (<>) - { - print - last if (/^# DO NOT DELETE THIS LINE/); - } diff --git a/src/lib/libcrypto/util/do_ms.sh b/src/lib/libcrypto/util/do_ms.sh deleted file mode 100644 index 515b074cffb..00000000000 --- a/src/lib/libcrypto/util/do_ms.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/sh -# -# generate the Microsoft makefiles and .def files -# - -PATH=util:../util:$PATH - -# perl util/mk1mf.pl no-sock VC-MSDOS >ms/msdos.mak -# perl util/mk1mf.pl VC-W31-32 >ms/w31.mak -perl util/mk1mf.pl dll VC-WIN16 >ms/w31dll.mak -# perl util/mk1mf.pl VC-WIN32 >ms/nt.mak -perl util/mk1mf.pl dll VC-WIN32 >ms/ntdll.mak -perl util/mk1mf.pl Mingw32 >ms/mingw32.mak -perl util/mk1mf.pl Mingw32-files >ms/mingw32f.mak - -perl util/mkdef.pl 16 libeay > ms/libeay16.def -perl util/mkdef.pl 32 libeay > ms/libeay32.def -perl util/mkdef.pl 16 ssleay > ms/ssleay16.def -perl util/mkdef.pl 32 ssleay > ms/ssleay32.def diff --git a/src/lib/libcrypto/util/domd b/src/lib/libcrypto/util/domd deleted file mode 100644 index 8cbe383c165..00000000000 --- a/src/lib/libcrypto/util/domd +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/sh -# Do a makedepend, only leave out the standard headers -# Written by Ben Laurie 19 Jan 1999 - -TOP=$1 -shift -if [ "$1" = "-MD" ]; then - shift - MAKEDEPEND=$1 - shift -fi -if [ "$MAKEDEPEND" = "" ]; then MAKEDEPEND=makedepend; fi - -cp Makefile.ssl Makefile.save -# fake the presence of Kerberos -touch $TOP/krb5.h -if [ "$MAKEDEPEND" = "gcc" ]; then - sed -e '/^# DO NOT DELETE.*/,$d' < Makefile.ssl > Makefile.tmp - echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp - gcc -D OPENSSL_DOING_MAKEDEPEND -M $@ >> Makefile.tmp - ${PERL} $TOP/util/clean-depend.pl < Makefile.tmp > Makefile.new - rm -f Makefile.tmp -else - ${MAKEDEPEND} -D OPENSSL_DOING_MAKEDEPEND -f Makefile.ssl $@ - ${PERL} $TOP/util/clean-depend.pl < Makefile.ssl > Makefile.new -fi -mv Makefile.new Makefile.ssl -# unfake the presence of Kerberos -rm $TOP/krb5.h diff --git a/src/lib/libcrypto/util/err-ins.pl b/src/lib/libcrypto/util/err-ins.pl deleted file mode 100644 index 31b70df8d0e..00000000000 --- a/src/lib/libcrypto/util/err-ins.pl +++ /dev/null @@ -1,33 +0,0 @@ -#!/usr/local/bin/perl -# -# tack error codes onto the end of a file -# - -open(ERR,$ARGV[0]) || die "unable to open error file '$ARGV[0]':$!\n"; -@err=; -close(ERR); - -open(IN,$ARGV[1]) || die "unable to open header file '$ARGV[1]':$!\n"; - -@out=""; -while () - { - push(@out,$_); - last if /BEGIN ERROR CODES/; - } -close(IN); - -open(OUT,">$ARGV[1]") || die "unable to open header file '$ARGV[1]':$1\n"; -print OUT @out; -print OUT @err; -print OUT <<"EOF"; - -#ifdef __cplusplus -} -#endif -#endif - -EOF -close(OUT); - - diff --git a/src/lib/libcrypto/util/files.pl b/src/lib/libcrypto/util/files.pl deleted file mode 100644 index 41f033e3b9a..00000000000 --- a/src/lib/libcrypto/util/files.pl +++ /dev/null @@ -1,61 +0,0 @@ -#!/usr/local/bin/perl -# -# used to generate the file MINFO for use by util/mk1mf.pl -# It is basically a list of all variables from the passed makefile -# - -$s=""; -while (<>) - { - chop; - s/#.*//; - if (/^(\S+)\s*=\s*(.*)$/) - { - $o=""; - ($s,$b)=($1,$2); - for (;;) - { - if ($b =~ /\\$/) - { - chop($b); - $o.=$b." "; - $b=<>; - chop($b); - } - else - { - $o.=$b." "; - last; - } - } - $o =~ s/^\s+//; - $o =~ s/\s+$//; - $o =~ s/\s+/ /g; - - $o =~ s/\$[({]([^)}]+)[)}]/$sym{$1}/g; - $sym{$s}=$o; - } - } - -$pwd=`pwd`; chop($pwd); - -if ($sym{'TOP'} eq ".") - { - $n=0; - $dir="."; - } -else { - $n=split(/\//,$sym{'TOP'}); - @_=split(/\//,$pwd); - $z=$#_-$n+1; - foreach $i ($z .. $#_) { $dir.=$_[$i]."/"; } - chop($dir); - } - -print "RELATIVE_DIRECTORY=$dir\n"; - -foreach (sort keys %sym) - { - print "$_=$sym{$_}\n"; - } -print "RELATIVE_DIRECTORY=\n"; diff --git a/src/lib/libcrypto/util/fixNT.sh b/src/lib/libcrypto/util/fixNT.sh deleted file mode 100644 index ce4f19299ba..00000000000 --- a/src/lib/libcrypto/util/fixNT.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/sh -# -# clean up the mess that NT makes of my source tree -# - -if [ -f makefile.ssl -a ! -f Makefile.ssl ]; then - /bin/mv makefile.ssl Makefile.ssl -fi -chmod +x Configure util/* -echo cleaning -/bin/rm -f `find . -name '*.$$$' -print` 2>/dev/null >/dev/null -echo 'removing those damn ^M' -perl -pi -e 's/\015//' `find . -type 'f' -print |grep -v '.obj$' |grep -v '.der$' |grep -v '.gz'` -make -f Makefile.ssl links diff --git a/src/lib/libcrypto/util/install.sh b/src/lib/libcrypto/util/install.sh deleted file mode 100644 index e1d0c982df5..00000000000 --- a/src/lib/libcrypto/util/install.sh +++ /dev/null @@ -1,108 +0,0 @@ -#!/bin/sh -# -# install - install a program, script, or datafile -# This comes from X11R5; it is not part of GNU. -# -# $XConsortium: install.sh,v 1.2 89/12/18 14:47:22 jim Exp $ -# -# This script is compatible with the BSD install script, but was written -# from scratch. -# - - -# set DOITPROG to echo to test this script - -doit="${DOITPROG:-}" - - -# put in absolute paths if you don't have them in your path; or use env. vars. - -mvprog="${MVPROG:-mv}" -cpprog="${CPPROG:-cp}" -chmodprog="${CHMODPROG:-chmod}" -chownprog="${CHOWNPROG:-chown}" -chgrpprog="${CHGRPPROG:-chgrp}" -stripprog="${STRIPPROG:-strip}" -rmprog="${RMPROG:-rm}" - -instcmd="$mvprog" -chmodcmd="" -chowncmd="" -chgrpcmd="" -stripcmd="" -rmcmd="$rmprog -f" -src="" -dst="" - -while [ x"$1" != x ]; do - case $1 in - -c) instcmd="$cpprog" - shift - continue;; - - -m) chmodcmd="$chmodprog $2" - shift - shift - continue;; - - -o) chowncmd="$chownprog $2" - shift - shift - continue;; - - -g) chgrpcmd="$chgrpprog $2" - shift - shift - continue;; - - -s) stripcmd="$stripprog" - shift - continue;; - - *) if [ x"$src" = x ] - then - src=$1 - else - dst=$1 - fi - shift - continue;; - esac -done - -if [ x"$src" = x ] -then - echo "install: no input file specified" - exit 1 -fi - -if [ x"$dst" = x ] -then - echo "install: no destination specified" - exit 1 -fi - - -# if destination is a directory, append the input filename; if your system -# does not like double slashes in filenames, you may need to add some logic - -if [ -d $dst ] -then - dst="$dst"/`basename $src` -fi - - -# get rid of the old one and mode the new one in - -$doit $rmcmd $dst -$doit $instcmd $src $dst - - -# and set any options; do chmod last to preserve setuid bits - -if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; fi -if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; fi -if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; fi -if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; fi - -exit 0 diff --git a/src/lib/libcrypto/util/libeay.num b/src/lib/libcrypto/util/libeay.num deleted file mode 100644 index 4845158158f..00000000000 --- a/src/lib/libcrypto/util/libeay.num +++ /dev/null @@ -1,2782 +0,0 @@ -SSLeay 1 EXIST::FUNCTION: -SSLeay_version 2 EXIST::FUNCTION: -ASN1_BIT_STRING_asn1_meth 3 EXIST::FUNCTION: -ASN1_HEADER_free 4 EXIST::FUNCTION: -ASN1_HEADER_new 5 EXIST::FUNCTION: -ASN1_IA5STRING_asn1_meth 6 EXIST::FUNCTION: -ASN1_INTEGER_get 7 EXIST::FUNCTION: -ASN1_INTEGER_set 8 EXIST::FUNCTION: -ASN1_INTEGER_to_BN 9 EXIST::FUNCTION: -ASN1_OBJECT_create 10 EXIST::FUNCTION: -ASN1_OBJECT_free 11 EXIST::FUNCTION: -ASN1_OBJECT_new 12 EXIST::FUNCTION: -ASN1_PRINTABLE_type 13 EXIST::FUNCTION: -ASN1_STRING_cmp 14 EXIST::FUNCTION: -ASN1_STRING_dup 15 EXIST::FUNCTION: -ASN1_STRING_free 16 EXIST::FUNCTION: -ASN1_STRING_new 17 EXIST::FUNCTION: -ASN1_STRING_print 18 EXIST::FUNCTION:BIO -ASN1_STRING_set 19 EXIST::FUNCTION: -ASN1_STRING_type_new 20 EXIST::FUNCTION: -ASN1_TYPE_free 21 EXIST::FUNCTION: -ASN1_TYPE_new 22 EXIST::FUNCTION: -ASN1_UNIVERSALSTRING_to_string 23 EXIST::FUNCTION: -ASN1_UTCTIME_check 24 EXIST::FUNCTION: -ASN1_UTCTIME_print 25 EXIST::FUNCTION:BIO -ASN1_UTCTIME_set 26 EXIST::FUNCTION: -ASN1_check_infinite_end 27 EXIST::FUNCTION: -ASN1_d2i_bio 28 EXIST::FUNCTION:BIO -ASN1_d2i_fp 29 EXIST::FUNCTION:FP_API -ASN1_digest 30 EXIST::FUNCTION:EVP -ASN1_dup 31 EXIST::FUNCTION: -ASN1_get_object 32 EXIST::FUNCTION: -ASN1_i2d_bio 33 EXIST::FUNCTION:BIO -ASN1_i2d_fp 34 EXIST::FUNCTION:FP_API -ASN1_object_size 35 EXIST::FUNCTION: -ASN1_parse 36 EXIST::FUNCTION:BIO -ASN1_put_object 37 EXIST::FUNCTION: -ASN1_sign 38 EXIST::FUNCTION:EVP -ASN1_verify 39 EXIST::FUNCTION:EVP -BF_cbc_encrypt 40 EXIST::FUNCTION:BF -BF_cfb64_encrypt 41 EXIST::FUNCTION:BF -BF_ecb_encrypt 42 EXIST::FUNCTION:BF -BF_encrypt 43 EXIST::FUNCTION:BF -BF_ofb64_encrypt 44 EXIST::FUNCTION:BF -BF_options 45 EXIST::FUNCTION:BF -BF_set_key 46 EXIST::FUNCTION:BF -BIO_CONNECT_free 47 NOEXIST::FUNCTION: -BIO_CONNECT_new 48 NOEXIST::FUNCTION: -BIO_accept 51 EXIST::FUNCTION: -BIO_ctrl 52 EXIST::FUNCTION: -BIO_int_ctrl 53 EXIST::FUNCTION: -BIO_debug_callback 54 EXIST::FUNCTION: -BIO_dump 55 EXIST::FUNCTION: -BIO_dup_chain 56 EXIST::FUNCTION: -BIO_f_base64 57 EXIST::FUNCTION:BIO -BIO_f_buffer 58 EXIST::FUNCTION: -BIO_f_cipher 59 EXIST::FUNCTION:BIO -BIO_f_md 60 EXIST::FUNCTION:BIO -BIO_f_null 61 EXIST::FUNCTION: -BIO_f_proxy_server 62 NOEXIST::FUNCTION: -BIO_fd_non_fatal_error 63 EXIST::FUNCTION: -BIO_fd_should_retry 64 EXIST::FUNCTION: -BIO_find_type 65 EXIST::FUNCTION: -BIO_free 66 EXIST::FUNCTION: -BIO_free_all 67 EXIST::FUNCTION: -BIO_get_accept_socket 69 EXIST::FUNCTION: -BIO_get_filter_bio 70 NOEXIST::FUNCTION: -BIO_get_host_ip 71 EXIST::FUNCTION: -BIO_get_port 72 EXIST::FUNCTION: -BIO_get_retry_BIO 73 EXIST::FUNCTION: -BIO_get_retry_reason 74 EXIST::FUNCTION: -BIO_gethostbyname 75 EXIST::FUNCTION: -BIO_gets 76 EXIST::FUNCTION: -BIO_new 78 EXIST::FUNCTION: -BIO_new_accept 79 EXIST::FUNCTION: -BIO_new_connect 80 EXIST::FUNCTION: -BIO_new_fd 81 EXIST::FUNCTION: -BIO_new_file 82 EXIST:!WIN16:FUNCTION:FP_API -BIO_new_fp 83 EXIST:!WIN16:FUNCTION:FP_API -BIO_new_socket 84 EXIST::FUNCTION: -BIO_pop 85 EXIST::FUNCTION: -BIO_printf 86 EXIST::FUNCTION: -BIO_push 87 EXIST::FUNCTION: -BIO_puts 88 EXIST::FUNCTION: -BIO_read 89 EXIST::FUNCTION: -BIO_s_accept 90 EXIST::FUNCTION: -BIO_s_connect 91 EXIST::FUNCTION: -BIO_s_fd 92 EXIST::FUNCTION: -BIO_s_file 93 EXIST:!WIN16:FUNCTION:FP_API -BIO_s_mem 95 EXIST::FUNCTION: -BIO_s_null 96 EXIST::FUNCTION: -BIO_s_proxy_client 97 NOEXIST::FUNCTION: -BIO_s_socket 98 EXIST::FUNCTION: -BIO_set 100 EXIST::FUNCTION: -BIO_set_cipher 101 EXIST::FUNCTION:BIO -BIO_set_tcp_ndelay 102 EXIST::FUNCTION: -BIO_sock_cleanup 103 EXIST::FUNCTION: -BIO_sock_error 104 EXIST::FUNCTION: -BIO_sock_init 105 EXIST::FUNCTION: -BIO_sock_non_fatal_error 106 EXIST::FUNCTION: -BIO_sock_should_retry 107 EXIST::FUNCTION: -BIO_socket_ioctl 108 EXIST::FUNCTION: -BIO_write 109 EXIST::FUNCTION: -BN_CTX_free 110 EXIST::FUNCTION: -BN_CTX_new 111 EXIST::FUNCTION: -BN_MONT_CTX_free 112 EXIST::FUNCTION: -BN_MONT_CTX_new 113 EXIST::FUNCTION: -BN_MONT_CTX_set 114 EXIST::FUNCTION: -BN_add 115 EXIST::FUNCTION: -BN_add_word 116 EXIST::FUNCTION: -BN_hex2bn 117 EXIST::FUNCTION: -BN_bin2bn 118 EXIST::FUNCTION: -BN_bn2hex 119 EXIST::FUNCTION: -BN_bn2bin 120 EXIST::FUNCTION: -BN_clear 121 EXIST::FUNCTION: -BN_clear_bit 122 EXIST::FUNCTION: -BN_clear_free 123 EXIST::FUNCTION: -BN_cmp 124 EXIST::FUNCTION: -BN_copy 125 EXIST::FUNCTION: -BN_div 126 EXIST::FUNCTION: -BN_div_word 127 EXIST::FUNCTION: -BN_dup 128 EXIST::FUNCTION: -BN_free 129 EXIST::FUNCTION: -BN_from_montgomery 130 EXIST::FUNCTION: -BN_gcd 131 EXIST::FUNCTION: -BN_generate_prime 132 EXIST::FUNCTION: -BN_get_word 133 EXIST::FUNCTION: -BN_is_bit_set 134 EXIST::FUNCTION: -BN_is_prime 135 EXIST::FUNCTION: -BN_lshift 136 EXIST::FUNCTION: -BN_lshift1 137 EXIST::FUNCTION: -BN_mask_bits 138 EXIST::FUNCTION: -BN_mod 139 NOEXIST::FUNCTION: -BN_mod_exp 140 EXIST::FUNCTION: -BN_mod_exp_mont 141 EXIST::FUNCTION: -BN_mod_exp_simple 143 EXIST::FUNCTION: -BN_mod_inverse 144 EXIST::FUNCTION: -BN_mod_mul 145 EXIST::FUNCTION: -BN_mod_mul_montgomery 146 EXIST::FUNCTION: -BN_mod_word 148 EXIST::FUNCTION: -BN_mul 149 EXIST::FUNCTION: -BN_new 150 EXIST::FUNCTION: -BN_num_bits 151 EXIST::FUNCTION: -BN_num_bits_word 152 EXIST::FUNCTION: -BN_options 153 EXIST::FUNCTION: -BN_print 154 EXIST::FUNCTION: -BN_print_fp 155 EXIST::FUNCTION:FP_API -BN_rand 156 EXIST::FUNCTION: -BN_reciprocal 157 EXIST::FUNCTION: -BN_rshift 158 EXIST::FUNCTION: -BN_rshift1 159 EXIST::FUNCTION: -BN_set_bit 160 EXIST::FUNCTION: -BN_set_word 161 EXIST::FUNCTION: -BN_sqr 162 EXIST::FUNCTION: -BN_sub 163 EXIST::FUNCTION: -BN_to_ASN1_INTEGER 164 EXIST::FUNCTION: -BN_ucmp 165 EXIST::FUNCTION: -BN_value_one 166 EXIST::FUNCTION: -BUF_MEM_free 167 EXIST::FUNCTION: -BUF_MEM_grow 168 EXIST::FUNCTION: -BUF_MEM_new 169 EXIST::FUNCTION: -BUF_strdup 170 EXIST::FUNCTION: -CONF_free 171 EXIST::FUNCTION: -CONF_get_number 172 EXIST::FUNCTION: -CONF_get_section 173 EXIST::FUNCTION: -CONF_get_string 174 EXIST::FUNCTION: -CONF_load 175 EXIST::FUNCTION: -CRYPTO_add_lock 176 EXIST::FUNCTION: -CRYPTO_dbg_free 177 EXIST::FUNCTION: -CRYPTO_dbg_malloc 178 EXIST::FUNCTION: -CRYPTO_dbg_realloc 179 EXIST::FUNCTION: -CRYPTO_dbg_remalloc 180 NOEXIST::FUNCTION: -CRYPTO_free 181 EXIST::FUNCTION: -CRYPTO_get_add_lock_callback 182 EXIST::FUNCTION: -CRYPTO_get_id_callback 183 EXIST::FUNCTION: -CRYPTO_get_lock_name 184 EXIST::FUNCTION: -CRYPTO_get_locking_callback 185 EXIST::FUNCTION: -CRYPTO_get_mem_functions 186 EXIST::FUNCTION: -CRYPTO_lock 187 EXIST::FUNCTION: -CRYPTO_malloc 188 EXIST::FUNCTION: -CRYPTO_mem_ctrl 189 EXIST::FUNCTION: -CRYPTO_mem_leaks 190 EXIST::FUNCTION: -CRYPTO_mem_leaks_cb 191 EXIST::FUNCTION: -CRYPTO_mem_leaks_fp 192 EXIST::FUNCTION:FP_API -CRYPTO_realloc 193 EXIST::FUNCTION: -CRYPTO_remalloc 194 EXIST::FUNCTION: -CRYPTO_set_add_lock_callback 195 EXIST::FUNCTION: -CRYPTO_set_id_callback 196 EXIST::FUNCTION: -CRYPTO_set_locking_callback 197 EXIST::FUNCTION: -CRYPTO_set_mem_functions 198 EXIST::FUNCTION: -CRYPTO_thread_id 199 EXIST::FUNCTION: -DH_check 200 EXIST::FUNCTION:DH -DH_compute_key 201 EXIST::FUNCTION:DH -DH_free 202 EXIST::FUNCTION:DH -DH_generate_key 203 EXIST::FUNCTION:DH -DH_generate_parameters 204 EXIST::FUNCTION:DH -DH_new 205 EXIST::FUNCTION:DH -DH_size 206 EXIST::FUNCTION:DH -DHparams_print 207 EXIST::FUNCTION:BIO,DH -DHparams_print_fp 208 EXIST::FUNCTION:DH,FP_API -DSA_free 209 EXIST::FUNCTION:DSA -DSA_generate_key 210 EXIST::FUNCTION:DSA -DSA_generate_parameters 211 EXIST::FUNCTION:DSA -DSA_is_prime 212 NOEXIST::FUNCTION: -DSA_new 213 EXIST::FUNCTION:DSA -DSA_print 214 EXIST::FUNCTION:BIO,DSA -DSA_print_fp 215 EXIST::FUNCTION:DSA,FP_API -DSA_sign 216 EXIST::FUNCTION:DSA -DSA_sign_setup 217 EXIST::FUNCTION:DSA -DSA_size 218 EXIST::FUNCTION:DSA -DSA_verify 219 EXIST::FUNCTION:DSA -DSAparams_print 220 EXIST::FUNCTION:BIO,DSA -DSAparams_print_fp 221 EXIST::FUNCTION:DSA,FP_API -ERR_clear_error 222 EXIST::FUNCTION: -ERR_error_string 223 EXIST::FUNCTION: -ERR_free_strings 224 EXIST::FUNCTION: -ERR_func_error_string 225 EXIST::FUNCTION: -ERR_get_err_state_table 226 EXIST::FUNCTION:LHASH -ERR_get_error 227 EXIST::FUNCTION: -ERR_get_error_line 228 EXIST::FUNCTION: -ERR_get_state 229 EXIST::FUNCTION: -ERR_get_string_table 230 EXIST::FUNCTION:LHASH -ERR_lib_error_string 231 EXIST::FUNCTION: -ERR_load_ASN1_strings 232 EXIST::FUNCTION: -ERR_load_BIO_strings 233 EXIST::FUNCTION: -ERR_load_BN_strings 234 EXIST::FUNCTION: -ERR_load_BUF_strings 235 EXIST::FUNCTION: -ERR_load_CONF_strings 236 EXIST::FUNCTION: -ERR_load_DH_strings 237 EXIST::FUNCTION:DH -ERR_load_DSA_strings 238 EXIST::FUNCTION:DSA -ERR_load_ERR_strings 239 EXIST::FUNCTION: -ERR_load_EVP_strings 240 EXIST::FUNCTION: -ERR_load_OBJ_strings 241 EXIST::FUNCTION: -ERR_load_PEM_strings 242 EXIST::FUNCTION: -ERR_load_PROXY_strings 243 NOEXIST::FUNCTION: -ERR_load_RSA_strings 244 EXIST::FUNCTION:RSA -ERR_load_X509_strings 245 EXIST::FUNCTION: -ERR_load_crypto_strings 246 EXIST::FUNCTION: -ERR_load_strings 247 EXIST::FUNCTION: -ERR_peek_error 248 EXIST::FUNCTION: -ERR_peek_error_line 249 EXIST::FUNCTION: -ERR_print_errors 250 EXIST::FUNCTION:BIO -ERR_print_errors_fp 251 EXIST::FUNCTION:FP_API -ERR_put_error 252 EXIST::FUNCTION: -ERR_reason_error_string 253 EXIST::FUNCTION: -ERR_remove_state 254 EXIST::FUNCTION: -EVP_BytesToKey 255 EXIST::FUNCTION: -EVP_CIPHER_CTX_cleanup 256 EXIST::FUNCTION: -EVP_CipherFinal 257 EXIST::FUNCTION: -EVP_CipherInit 258 EXIST::FUNCTION: -EVP_CipherUpdate 259 EXIST::FUNCTION: -EVP_DecodeBlock 260 EXIST::FUNCTION: -EVP_DecodeFinal 261 EXIST::FUNCTION: -EVP_DecodeInit 262 EXIST::FUNCTION: -EVP_DecodeUpdate 263 EXIST::FUNCTION: -EVP_DecryptFinal 264 EXIST::FUNCTION: -EVP_DecryptInit 265 EXIST::FUNCTION: -EVP_DecryptUpdate 266 EXIST::FUNCTION: -EVP_DigestFinal 267 EXIST::FUNCTION: -EVP_DigestInit 268 EXIST::FUNCTION: -EVP_DigestUpdate 269 EXIST::FUNCTION: -EVP_EncodeBlock 270 EXIST::FUNCTION: -EVP_EncodeFinal 271 EXIST::FUNCTION: -EVP_EncodeInit 272 EXIST::FUNCTION: -EVP_EncodeUpdate 273 EXIST::FUNCTION: -EVP_EncryptFinal 274 EXIST::FUNCTION: -EVP_EncryptInit 275 EXIST::FUNCTION: -EVP_EncryptUpdate 276 EXIST::FUNCTION: -EVP_OpenFinal 277 EXIST::FUNCTION:RSA -EVP_OpenInit 278 EXIST::FUNCTION:RSA -EVP_PKEY_assign 279 EXIST::FUNCTION: -EVP_PKEY_copy_parameters 280 EXIST::FUNCTION: -EVP_PKEY_free 281 EXIST::FUNCTION: -EVP_PKEY_missing_parameters 282 EXIST::FUNCTION: -EVP_PKEY_new 283 EXIST::FUNCTION: -EVP_PKEY_save_parameters 284 EXIST::FUNCTION: -EVP_PKEY_size 285 EXIST::FUNCTION: -EVP_PKEY_type 286 EXIST::FUNCTION: -EVP_SealFinal 287 EXIST::FUNCTION:RSA -EVP_SealInit 288 EXIST::FUNCTION:RSA -EVP_SignFinal 289 EXIST::FUNCTION: -EVP_VerifyFinal 290 EXIST::FUNCTION: -EVP_add_alias 291 NOEXIST::FUNCTION: -EVP_add_cipher 292 EXIST::FUNCTION: -EVP_add_digest 293 EXIST::FUNCTION: -EVP_bf_cbc 294 EXIST::FUNCTION:BF -EVP_bf_cfb 295 EXIST::FUNCTION:BF -EVP_bf_ecb 296 EXIST::FUNCTION:BF -EVP_bf_ofb 297 EXIST::FUNCTION:BF -EVP_cleanup 298 EXIST::FUNCTION: -EVP_des_cbc 299 EXIST::FUNCTION:DES -EVP_des_cfb 300 EXIST::FUNCTION:DES -EVP_des_ecb 301 EXIST::FUNCTION:DES -EVP_des_ede 302 EXIST::FUNCTION:DES -EVP_des_ede3 303 EXIST::FUNCTION:DES -EVP_des_ede3_cbc 304 EXIST::FUNCTION:DES -EVP_des_ede3_cfb 305 EXIST::FUNCTION:DES -EVP_des_ede3_ofb 306 EXIST::FUNCTION:DES -EVP_des_ede_cbc 307 EXIST::FUNCTION:DES -EVP_des_ede_cfb 308 EXIST::FUNCTION:DES -EVP_des_ede_ofb 309 EXIST::FUNCTION:DES -EVP_des_ofb 310 EXIST::FUNCTION:DES -EVP_desx_cbc 311 EXIST::FUNCTION:DES -EVP_dss 312 EXIST::FUNCTION:DSA,SHA -EVP_dss1 313 EXIST::FUNCTION:DSA,SHA -EVP_enc_null 314 EXIST::FUNCTION: -EVP_get_cipherbyname 315 EXIST::FUNCTION: -EVP_get_digestbyname 316 EXIST::FUNCTION: -EVP_get_pw_prompt 317 EXIST::FUNCTION: -EVP_idea_cbc 318 EXIST::FUNCTION:IDEA -EVP_idea_cfb 319 EXIST::FUNCTION:IDEA -EVP_idea_ecb 320 EXIST::FUNCTION:IDEA -EVP_idea_ofb 321 EXIST::FUNCTION:IDEA -EVP_md2 322 EXIST::FUNCTION:MD2 -EVP_md5 323 EXIST::FUNCTION:MD5 -EVP_md_null 324 EXIST::FUNCTION: -EVP_rc2_cbc 325 EXIST::FUNCTION:RC2 -EVP_rc2_cfb 326 EXIST::FUNCTION:RC2 -EVP_rc2_ecb 327 EXIST::FUNCTION:RC2 -EVP_rc2_ofb 328 EXIST::FUNCTION:RC2 -EVP_rc4 329 EXIST::FUNCTION:RC4 -EVP_read_pw_string 330 EXIST::FUNCTION: -EVP_set_pw_prompt 331 EXIST::FUNCTION: -EVP_sha 332 EXIST::FUNCTION:SHA -EVP_sha1 333 EXIST::FUNCTION:SHA -MD2 334 EXIST::FUNCTION:MD2 -MD2_Final 335 EXIST::FUNCTION:MD2 -MD2_Init 336 EXIST::FUNCTION:MD2 -MD2_Update 337 EXIST::FUNCTION:MD2 -MD2_options 338 EXIST::FUNCTION:MD2 -MD5 339 EXIST::FUNCTION:MD5 -MD5_Final 340 EXIST::FUNCTION:MD5 -MD5_Init 341 EXIST::FUNCTION:MD5 -MD5_Update 342 EXIST::FUNCTION:MD5 -MDC2 343 EXIST::FUNCTION:MDC2 -MDC2_Final 344 EXIST::FUNCTION:MDC2 -MDC2_Init 345 EXIST::FUNCTION:MDC2 -MDC2_Update 346 EXIST::FUNCTION:MDC2 -NETSCAPE_SPKAC_free 347 EXIST::FUNCTION: -NETSCAPE_SPKAC_new 348 EXIST::FUNCTION: -NETSCAPE_SPKI_free 349 EXIST::FUNCTION: -NETSCAPE_SPKI_new 350 EXIST::FUNCTION: -NETSCAPE_SPKI_sign 351 EXIST::FUNCTION:EVP -NETSCAPE_SPKI_verify 352 EXIST::FUNCTION:EVP -OBJ_add_object 353 EXIST::FUNCTION: -OBJ_bsearch 354 EXIST::FUNCTION: -OBJ_cleanup 355 EXIST::FUNCTION: -OBJ_cmp 356 EXIST::FUNCTION: -OBJ_create 357 EXIST::FUNCTION: -OBJ_dup 358 EXIST::FUNCTION: -OBJ_ln2nid 359 EXIST::FUNCTION: -OBJ_new_nid 360 EXIST::FUNCTION: -OBJ_nid2ln 361 EXIST::FUNCTION: -OBJ_nid2obj 362 EXIST::FUNCTION: -OBJ_nid2sn 363 EXIST::FUNCTION: -OBJ_obj2nid 364 EXIST::FUNCTION: -OBJ_sn2nid 365 EXIST::FUNCTION: -OBJ_txt2nid 366 EXIST::FUNCTION: -PEM_ASN1_read 367 EXIST:!WIN16:FUNCTION: -PEM_ASN1_read_bio 368 EXIST::FUNCTION:BIO -PEM_ASN1_write 369 EXIST:!WIN16:FUNCTION: -PEM_ASN1_write_bio 370 EXIST::FUNCTION:BIO -PEM_SealFinal 371 EXIST::FUNCTION:RSA -PEM_SealInit 372 EXIST::FUNCTION:RSA -PEM_SealUpdate 373 EXIST::FUNCTION:RSA -PEM_SignFinal 374 EXIST::FUNCTION: -PEM_SignInit 375 EXIST::FUNCTION: -PEM_SignUpdate 376 EXIST::FUNCTION: -PEM_X509_INFO_read 377 EXIST:!WIN16:FUNCTION: -PEM_X509_INFO_read_bio 378 EXIST::FUNCTION:BIO -PEM_X509_INFO_write_bio 379 EXIST::FUNCTION:BIO -PEM_dek_info 380 EXIST::FUNCTION: -PEM_do_header 381 EXIST::FUNCTION: -PEM_get_EVP_CIPHER_INFO 382 EXIST::FUNCTION: -PEM_proc_type 383 EXIST::FUNCTION: -PEM_read 384 EXIST:!WIN16:FUNCTION: -PEM_read_DHparams 385 EXIST:!WIN16:FUNCTION:DH -PEM_read_DSAPrivateKey 386 EXIST:!WIN16:FUNCTION:DSA -PEM_read_DSAparams 387 EXIST:!WIN16:FUNCTION:DSA -PEM_read_PKCS7 388 EXIST:!WIN16:FUNCTION: -PEM_read_PrivateKey 389 EXIST:!WIN16:FUNCTION: -PEM_read_RSAPrivateKey 390 EXIST:!WIN16:FUNCTION:RSA -PEM_read_X509 391 EXIST:!WIN16:FUNCTION: -PEM_read_X509_CRL 392 EXIST:!WIN16:FUNCTION: -PEM_read_X509_REQ 393 EXIST:!WIN16:FUNCTION: -PEM_read_bio 394 EXIST::FUNCTION:BIO -PEM_read_bio_DHparams 395 EXIST::FUNCTION:DH -PEM_read_bio_DSAPrivateKey 396 EXIST::FUNCTION:DSA -PEM_read_bio_DSAparams 397 EXIST::FUNCTION:DSA -PEM_read_bio_PKCS7 398 EXIST::FUNCTION: -PEM_read_bio_PrivateKey 399 EXIST::FUNCTION: -PEM_read_bio_RSAPrivateKey 400 EXIST::FUNCTION:RSA -PEM_read_bio_X509 401 EXIST::FUNCTION: -PEM_read_bio_X509_CRL 402 EXIST::FUNCTION: -PEM_read_bio_X509_REQ 403 EXIST::FUNCTION: -PEM_write 404 EXIST:!WIN16:FUNCTION: -PEM_write_DHparams 405 EXIST:!WIN16:FUNCTION:DH -PEM_write_DSAPrivateKey 406 EXIST:!WIN16:FUNCTION:DSA -PEM_write_DSAparams 407 EXIST:!WIN16:FUNCTION:DSA -PEM_write_PKCS7 408 EXIST:!WIN16:FUNCTION: -PEM_write_PrivateKey 409 EXIST:!WIN16:FUNCTION: -PEM_write_RSAPrivateKey 410 EXIST:!WIN16:FUNCTION:RSA -PEM_write_X509 411 EXIST:!WIN16:FUNCTION: -PEM_write_X509_CRL 412 EXIST:!WIN16:FUNCTION: -PEM_write_X509_REQ 413 EXIST:!WIN16:FUNCTION: -PEM_write_bio 414 EXIST::FUNCTION:BIO -PEM_write_bio_DHparams 415 EXIST::FUNCTION:DH -PEM_write_bio_DSAPrivateKey 416 EXIST::FUNCTION:DSA -PEM_write_bio_DSAparams 417 EXIST::FUNCTION:DSA -PEM_write_bio_PKCS7 418 EXIST::FUNCTION: -PEM_write_bio_PrivateKey 419 EXIST::FUNCTION: -PEM_write_bio_RSAPrivateKey 420 EXIST::FUNCTION:RSA -PEM_write_bio_X509 421 EXIST::FUNCTION: -PEM_write_bio_X509_CRL 422 EXIST::FUNCTION: -PEM_write_bio_X509_REQ 423 EXIST::FUNCTION: -PKCS7_DIGEST_free 424 EXIST::FUNCTION: -PKCS7_DIGEST_new 425 EXIST::FUNCTION: -PKCS7_ENCRYPT_free 426 EXIST::FUNCTION: -PKCS7_ENCRYPT_new 427 EXIST::FUNCTION: -PKCS7_ENC_CONTENT_free 428 EXIST::FUNCTION: -PKCS7_ENC_CONTENT_new 429 EXIST::FUNCTION: -PKCS7_ENVELOPE_free 430 EXIST::FUNCTION: -PKCS7_ENVELOPE_new 431 EXIST::FUNCTION: -PKCS7_ISSUER_AND_SERIAL_digest 432 EXIST::FUNCTION: -PKCS7_ISSUER_AND_SERIAL_free 433 EXIST::FUNCTION: -PKCS7_ISSUER_AND_SERIAL_new 434 EXIST::FUNCTION: -PKCS7_RECIP_INFO_free 435 EXIST::FUNCTION: -PKCS7_RECIP_INFO_new 436 EXIST::FUNCTION: -PKCS7_SIGNED_free 437 EXIST::FUNCTION: -PKCS7_SIGNED_new 438 EXIST::FUNCTION: -PKCS7_SIGNER_INFO_free 439 EXIST::FUNCTION: -PKCS7_SIGNER_INFO_new 440 EXIST::FUNCTION: -PKCS7_SIGN_ENVELOPE_free 441 EXIST::FUNCTION: -PKCS7_SIGN_ENVELOPE_new 442 EXIST::FUNCTION: -PKCS7_dup 443 EXIST::FUNCTION: -PKCS7_free 444 EXIST::FUNCTION: -PKCS7_new 445 EXIST::FUNCTION: -PROXY_ENTRY_add_noproxy 446 NOEXIST::FUNCTION: -PROXY_ENTRY_clear_noproxy 447 NOEXIST::FUNCTION: -PROXY_ENTRY_free 448 NOEXIST::FUNCTION: -PROXY_ENTRY_get_noproxy 449 NOEXIST::FUNCTION: -PROXY_ENTRY_new 450 NOEXIST::FUNCTION: -PROXY_ENTRY_set_server 451 NOEXIST::FUNCTION: -PROXY_add_noproxy 452 NOEXIST::FUNCTION: -PROXY_add_server 453 NOEXIST::FUNCTION: -PROXY_check_by_host 454 NOEXIST::FUNCTION: -PROXY_check_url 455 NOEXIST::FUNCTION: -PROXY_clear_noproxy 456 NOEXIST::FUNCTION: -PROXY_free 457 NOEXIST::FUNCTION: -PROXY_get_noproxy 458 NOEXIST::FUNCTION: -PROXY_get_proxies 459 NOEXIST::FUNCTION: -PROXY_get_proxy_entry 460 NOEXIST::FUNCTION: -PROXY_load_conf 461 NOEXIST::FUNCTION: -PROXY_new 462 NOEXIST::FUNCTION: -PROXY_print 463 NOEXIST::FUNCTION: -RAND_bytes 464 EXIST::FUNCTION: -RAND_cleanup 465 EXIST::FUNCTION: -RAND_file_name 466 EXIST::FUNCTION: -RAND_load_file 467 EXIST::FUNCTION: -RAND_screen 468 EXIST:WIN32:FUNCTION: -RAND_seed 469 EXIST::FUNCTION: -RAND_write_file 470 EXIST::FUNCTION: -RC2_cbc_encrypt 471 EXIST::FUNCTION:RC2 -RC2_cfb64_encrypt 472 EXIST::FUNCTION:RC2 -RC2_ecb_encrypt 473 EXIST::FUNCTION:RC2 -RC2_encrypt 474 EXIST::FUNCTION:RC2 -RC2_ofb64_encrypt 475 EXIST::FUNCTION:RC2 -RC2_set_key 476 EXIST::FUNCTION:RC2 -RC4 477 EXIST::FUNCTION:RC4 -RC4_options 478 EXIST::FUNCTION:RC4 -RC4_set_key 479 EXIST::FUNCTION:RC4 -RSAPrivateKey_asn1_meth 480 EXIST::FUNCTION:RSA -RSAPrivateKey_dup 481 EXIST::FUNCTION:RSA -RSAPublicKey_dup 482 EXIST::FUNCTION:RSA -RSA_PKCS1_SSLeay 483 EXIST::FUNCTION:RSA -RSA_free 484 EXIST::FUNCTION:RSA -RSA_generate_key 485 EXIST::FUNCTION:RSA -RSA_new 486 EXIST::FUNCTION:RSA -RSA_new_method 487 EXIST::FUNCTION:RSA -RSA_print 488 EXIST::FUNCTION:BIO,RSA -RSA_print_fp 489 EXIST::FUNCTION:FP_API,RSA -RSA_private_decrypt 490 EXIST::FUNCTION:RSA -RSA_private_encrypt 491 EXIST::FUNCTION:RSA -RSA_public_decrypt 492 EXIST::FUNCTION:RSA -RSA_public_encrypt 493 EXIST::FUNCTION:RSA -RSA_set_default_method 494 EXIST::FUNCTION:RSA -RSA_sign 495 EXIST::FUNCTION:RSA -RSA_sign_ASN1_OCTET_STRING 496 EXIST::FUNCTION:RSA -RSA_size 497 EXIST::FUNCTION:RSA -RSA_verify 498 EXIST::FUNCTION:RSA -RSA_verify_ASN1_OCTET_STRING 499 EXIST::FUNCTION:RSA -SHA 500 EXIST::FUNCTION:SHA,SHA0 -SHA1 501 EXIST::FUNCTION:SHA,SHA1 -SHA1_Final 502 EXIST::FUNCTION:SHA,SHA1 -SHA1_Init 503 EXIST::FUNCTION:SHA,SHA1 -SHA1_Update 504 EXIST::FUNCTION:SHA,SHA1 -SHA_Final 505 EXIST::FUNCTION:SHA,SHA0 -SHA_Init 506 EXIST::FUNCTION:SHA,SHA0 -SHA_Update 507 EXIST::FUNCTION:SHA,SHA0 -OpenSSL_add_all_algorithms 508 NOEXIST::FUNCTION: -OpenSSL_add_all_ciphers 509 EXIST::FUNCTION: -OpenSSL_add_all_digests 510 EXIST::FUNCTION: -TXT_DB_create_index 511 EXIST::FUNCTION: -TXT_DB_free 512 EXIST::FUNCTION: -TXT_DB_get_by_index 513 EXIST::FUNCTION: -TXT_DB_insert 514 EXIST::FUNCTION: -TXT_DB_read 515 EXIST::FUNCTION:BIO -TXT_DB_write 516 EXIST::FUNCTION:BIO -X509_ALGOR_free 517 EXIST::FUNCTION: -X509_ALGOR_new 518 EXIST::FUNCTION: -X509_ATTRIBUTE_free 519 EXIST::FUNCTION: -X509_ATTRIBUTE_new 520 EXIST::FUNCTION: -X509_CINF_free 521 EXIST::FUNCTION: -X509_CINF_new 522 EXIST::FUNCTION: -X509_CRL_INFO_free 523 EXIST::FUNCTION: -X509_CRL_INFO_new 524 EXIST::FUNCTION: -X509_CRL_add_ext 525 EXIST::FUNCTION: -X509_CRL_cmp 526 EXIST::FUNCTION: -X509_CRL_delete_ext 527 EXIST::FUNCTION: -X509_CRL_dup 528 EXIST::FUNCTION: -X509_CRL_free 529 EXIST::FUNCTION: -X509_CRL_get_ext 530 EXIST::FUNCTION: -X509_CRL_get_ext_by_NID 531 EXIST::FUNCTION: -X509_CRL_get_ext_by_OBJ 532 EXIST::FUNCTION: -X509_CRL_get_ext_by_critical 533 EXIST::FUNCTION: -X509_CRL_get_ext_count 534 EXIST::FUNCTION: -X509_CRL_new 535 EXIST::FUNCTION: -X509_CRL_sign 536 EXIST::FUNCTION:EVP -X509_CRL_verify 537 EXIST::FUNCTION:EVP -X509_EXTENSION_create_by_NID 538 EXIST::FUNCTION: -X509_EXTENSION_create_by_OBJ 539 EXIST::FUNCTION: -X509_EXTENSION_dup 540 EXIST::FUNCTION: -X509_EXTENSION_free 541 EXIST::FUNCTION: -X509_EXTENSION_get_critical 542 EXIST::FUNCTION: -X509_EXTENSION_get_data 543 EXIST::FUNCTION: -X509_EXTENSION_get_object 544 EXIST::FUNCTION: -X509_EXTENSION_new 545 EXIST::FUNCTION: -X509_EXTENSION_set_critical 546 EXIST::FUNCTION: -X509_EXTENSION_set_data 547 EXIST::FUNCTION: -X509_EXTENSION_set_object 548 EXIST::FUNCTION: -X509_INFO_free 549 EXIST::FUNCTION:EVP -X509_INFO_new 550 EXIST::FUNCTION:EVP -X509_LOOKUP_by_alias 551 EXIST::FUNCTION: -X509_LOOKUP_by_fingerprint 552 EXIST::FUNCTION: -X509_LOOKUP_by_issuer_serial 553 EXIST::FUNCTION: -X509_LOOKUP_by_subject 554 EXIST::FUNCTION: -X509_LOOKUP_ctrl 555 EXIST::FUNCTION: -X509_LOOKUP_file 556 EXIST::FUNCTION: -X509_LOOKUP_free 557 EXIST::FUNCTION: -X509_LOOKUP_hash_dir 558 EXIST::FUNCTION: -X509_LOOKUP_init 559 EXIST::FUNCTION: -X509_LOOKUP_new 560 EXIST::FUNCTION: -X509_LOOKUP_shutdown 561 EXIST::FUNCTION: -X509_NAME_ENTRY_create_by_NID 562 EXIST::FUNCTION: -X509_NAME_ENTRY_create_by_OBJ 563 EXIST::FUNCTION: -X509_NAME_ENTRY_dup 564 EXIST::FUNCTION: -X509_NAME_ENTRY_free 565 EXIST::FUNCTION: -X509_NAME_ENTRY_get_data 566 EXIST::FUNCTION: -X509_NAME_ENTRY_get_object 567 EXIST::FUNCTION: -X509_NAME_ENTRY_new 568 EXIST::FUNCTION: -X509_NAME_ENTRY_set_data 569 EXIST::FUNCTION: -X509_NAME_ENTRY_set_object 570 EXIST::FUNCTION: -X509_NAME_add_entry 571 EXIST::FUNCTION: -X509_NAME_cmp 572 EXIST::FUNCTION: -X509_NAME_delete_entry 573 EXIST::FUNCTION: -X509_NAME_digest 574 EXIST::FUNCTION:EVP -X509_NAME_dup 575 EXIST::FUNCTION: -X509_NAME_entry_count 576 EXIST::FUNCTION: -X509_NAME_free 577 EXIST::FUNCTION: -X509_NAME_get_entry 578 EXIST::FUNCTION: -X509_NAME_get_index_by_NID 579 EXIST::FUNCTION: -X509_NAME_get_index_by_OBJ 580 EXIST::FUNCTION: -X509_NAME_get_text_by_NID 581 EXIST::FUNCTION: -X509_NAME_get_text_by_OBJ 582 EXIST::FUNCTION: -X509_NAME_hash 583 EXIST::FUNCTION: -X509_NAME_new 584 EXIST::FUNCTION: -X509_NAME_oneline 585 EXIST::FUNCTION:EVP -X509_NAME_print 586 EXIST::FUNCTION:BIO -X509_NAME_set 587 EXIST::FUNCTION: -X509_OBJECT_free_contents 588 EXIST::FUNCTION: -X509_OBJECT_retrieve_by_subject 589 EXIST::FUNCTION: -X509_OBJECT_up_ref_count 590 EXIST::FUNCTION: -X509_PKEY_free 591 EXIST::FUNCTION: -X509_PKEY_new 592 EXIST::FUNCTION: -X509_PUBKEY_free 593 EXIST::FUNCTION: -X509_PUBKEY_get 594 EXIST::FUNCTION: -X509_PUBKEY_new 595 EXIST::FUNCTION: -X509_PUBKEY_set 596 EXIST::FUNCTION: -X509_REQ_INFO_free 597 EXIST::FUNCTION: -X509_REQ_INFO_new 598 EXIST::FUNCTION: -X509_REQ_dup 599 EXIST::FUNCTION: -X509_REQ_free 600 EXIST::FUNCTION: -X509_REQ_get_pubkey 601 EXIST::FUNCTION: -X509_REQ_new 602 EXIST::FUNCTION: -X509_REQ_print 603 EXIST::FUNCTION:BIO -X509_REQ_print_fp 604 EXIST::FUNCTION:FP_API -X509_REQ_set_pubkey 605 EXIST::FUNCTION: -X509_REQ_set_subject_name 606 EXIST::FUNCTION: -X509_REQ_set_version 607 EXIST::FUNCTION: -X509_REQ_sign 608 EXIST::FUNCTION:EVP -X509_REQ_to_X509 609 EXIST::FUNCTION: -X509_REQ_verify 610 EXIST::FUNCTION:EVP -X509_REVOKED_add_ext 611 EXIST::FUNCTION: -X509_REVOKED_delete_ext 612 EXIST::FUNCTION: -X509_REVOKED_free 613 EXIST::FUNCTION: -X509_REVOKED_get_ext 614 EXIST::FUNCTION: -X509_REVOKED_get_ext_by_NID 615 EXIST::FUNCTION: -X509_REVOKED_get_ext_by_OBJ 616 EXIST::FUNCTION: -X509_REVOKED_get_ext_by_critical 617 EXIST:!VMS:FUNCTION: -X509_REVOKED_get_ext_by_critic 617 EXIST:VMS:FUNCTION: -X509_REVOKED_get_ext_count 618 EXIST::FUNCTION: -X509_REVOKED_new 619 EXIST::FUNCTION: -X509_SIG_free 620 EXIST::FUNCTION: -X509_SIG_new 621 EXIST::FUNCTION: -X509_STORE_CTX_cleanup 622 EXIST::FUNCTION: -X509_STORE_CTX_init 623 EXIST::FUNCTION: -X509_STORE_add_cert 624 EXIST::FUNCTION: -X509_STORE_add_lookup 625 EXIST::FUNCTION: -X509_STORE_free 626 EXIST::FUNCTION: -X509_STORE_get_by_subject 627 EXIST::FUNCTION: -X509_STORE_load_locations 628 EXIST::FUNCTION:STDIO -X509_STORE_new 629 EXIST::FUNCTION: -X509_STORE_set_default_paths 630 EXIST::FUNCTION:STDIO -X509_VAL_free 631 EXIST::FUNCTION: -X509_VAL_new 632 EXIST::FUNCTION: -X509_add_ext 633 EXIST::FUNCTION: -X509_asn1_meth 634 EXIST::FUNCTION: -X509_certificate_type 635 EXIST::FUNCTION: -X509_check_private_key 636 EXIST::FUNCTION: -X509_cmp_current_time 637 EXIST::FUNCTION: -X509_delete_ext 638 EXIST::FUNCTION: -X509_digest 639 EXIST::FUNCTION:EVP -X509_dup 640 EXIST::FUNCTION: -X509_free 641 EXIST::FUNCTION: -X509_get_default_cert_area 642 EXIST::FUNCTION: -X509_get_default_cert_dir 643 EXIST::FUNCTION: -X509_get_default_cert_dir_env 644 EXIST::FUNCTION: -X509_get_default_cert_file 645 EXIST::FUNCTION: -X509_get_default_cert_file_env 646 EXIST::FUNCTION: -X509_get_default_private_dir 647 EXIST::FUNCTION: -X509_get_ext 648 EXIST::FUNCTION: -X509_get_ext_by_NID 649 EXIST::FUNCTION: -X509_get_ext_by_OBJ 650 EXIST::FUNCTION: -X509_get_ext_by_critical 651 EXIST::FUNCTION: -X509_get_ext_count 652 EXIST::FUNCTION: -X509_get_issuer_name 653 EXIST::FUNCTION: -X509_get_pubkey 654 EXIST::FUNCTION: -X509_get_pubkey_parameters 655 EXIST::FUNCTION: -X509_get_serialNumber 656 EXIST::FUNCTION: -X509_get_subject_name 657 EXIST::FUNCTION: -X509_gmtime_adj 658 EXIST::FUNCTION: -X509_issuer_and_serial_cmp 659 EXIST::FUNCTION: -X509_issuer_and_serial_hash 660 EXIST::FUNCTION: -X509_issuer_name_cmp 661 EXIST::FUNCTION: -X509_issuer_name_hash 662 EXIST::FUNCTION: -X509_load_cert_file 663 EXIST::FUNCTION:STDIO -X509_new 664 EXIST::FUNCTION: -X509_print 665 EXIST::FUNCTION:BIO -X509_print_fp 666 EXIST::FUNCTION:FP_API -X509_set_issuer_name 667 EXIST::FUNCTION: -X509_set_notAfter 668 EXIST::FUNCTION: -X509_set_notBefore 669 EXIST::FUNCTION: -X509_set_pubkey 670 EXIST::FUNCTION: -X509_set_serialNumber 671 EXIST::FUNCTION: -X509_set_subject_name 672 EXIST::FUNCTION: -X509_set_version 673 EXIST::FUNCTION: -X509_sign 674 EXIST::FUNCTION:EVP -X509_subject_name_cmp 675 EXIST::FUNCTION: -X509_subject_name_hash 676 EXIST::FUNCTION: -X509_to_X509_REQ 677 EXIST::FUNCTION: -X509_verify 678 EXIST::FUNCTION:EVP -X509_verify_cert 679 EXIST::FUNCTION: -X509_verify_cert_error_string 680 EXIST::FUNCTION: -X509v3_add_ext 681 EXIST::FUNCTION: -X509v3_add_extension 682 NOEXIST::FUNCTION: -X509v3_add_netscape_extensions 683 NOEXIST::FUNCTION: -X509v3_add_standard_extensions 684 NOEXIST::FUNCTION: -X509v3_cleanup_extensions 685 NOEXIST::FUNCTION: -X509v3_data_type_by_NID 686 NOEXIST::FUNCTION: -X509v3_data_type_by_OBJ 687 NOEXIST::FUNCTION: -X509v3_delete_ext 688 EXIST::FUNCTION: -X509v3_get_ext 689 EXIST::FUNCTION: -X509v3_get_ext_by_NID 690 EXIST::FUNCTION: -X509v3_get_ext_by_OBJ 691 EXIST::FUNCTION: -X509v3_get_ext_by_critical 692 EXIST::FUNCTION: -X509v3_get_ext_count 693 EXIST::FUNCTION: -X509v3_pack_string 694 NOEXIST::FUNCTION: -X509v3_pack_type_by_NID 695 NOEXIST::FUNCTION: -X509v3_pack_type_by_OBJ 696 NOEXIST::FUNCTION: -X509v3_unpack_string 697 NOEXIST::FUNCTION: -_des_crypt 698 NOEXIST::FUNCTION: -a2d_ASN1_OBJECT 699 EXIST::FUNCTION: -a2i_ASN1_INTEGER 700 EXIST::FUNCTION:BIO -a2i_ASN1_STRING 701 EXIST::FUNCTION:BIO -asn1_Finish 702 EXIST::FUNCTION: -asn1_GetSequence 703 EXIST::FUNCTION: -bn_div_words 704 EXIST::FUNCTION: -bn_expand2 705 EXIST::FUNCTION: -bn_mul_add_words 706 EXIST::FUNCTION: -bn_mul_words 707 EXIST::FUNCTION: -BN_uadd 708 EXIST::FUNCTION: -BN_usub 709 EXIST::FUNCTION: -bn_sqr_words 710 EXIST::FUNCTION: -_ossl_old_crypt 711 EXIST:!NeXT,!PERL5,!__FreeBSD__:FUNCTION:DES -d2i_ASN1_BIT_STRING 712 EXIST::FUNCTION: -d2i_ASN1_BOOLEAN 713 EXIST::FUNCTION: -d2i_ASN1_HEADER 714 EXIST::FUNCTION: -d2i_ASN1_IA5STRING 715 EXIST::FUNCTION: -d2i_ASN1_INTEGER 716 EXIST::FUNCTION: -d2i_ASN1_OBJECT 717 EXIST::FUNCTION: -d2i_ASN1_OCTET_STRING 718 EXIST::FUNCTION: -d2i_ASN1_PRINTABLE 719 EXIST::FUNCTION: -d2i_ASN1_PRINTABLESTRING 720 EXIST::FUNCTION: -d2i_ASN1_SET 721 EXIST::FUNCTION: -d2i_ASN1_T61STRING 722 EXIST::FUNCTION: -d2i_ASN1_TYPE 723 EXIST::FUNCTION: -d2i_ASN1_UTCTIME 724 EXIST::FUNCTION: -d2i_ASN1_bytes 725 EXIST::FUNCTION: -d2i_ASN1_type_bytes 726 EXIST::FUNCTION: -d2i_DHparams 727 EXIST::FUNCTION:DH -d2i_DSAPrivateKey 728 EXIST::FUNCTION:DSA -d2i_DSAPrivateKey_bio 729 EXIST::FUNCTION:BIO,DSA -d2i_DSAPrivateKey_fp 730 EXIST::FUNCTION:DSA,FP_API -d2i_DSAPublicKey 731 EXIST::FUNCTION:DSA -d2i_DSAparams 732 EXIST::FUNCTION:DSA -d2i_NETSCAPE_SPKAC 733 EXIST::FUNCTION: -d2i_NETSCAPE_SPKI 734 EXIST::FUNCTION: -d2i_Netscape_RSA 735 EXIST::FUNCTION:RSA -d2i_PKCS7 736 EXIST::FUNCTION: -d2i_PKCS7_DIGEST 737 EXIST::FUNCTION: -d2i_PKCS7_ENCRYPT 738 EXIST::FUNCTION: -d2i_PKCS7_ENC_CONTENT 739 EXIST::FUNCTION: -d2i_PKCS7_ENVELOPE 740 EXIST::FUNCTION: -d2i_PKCS7_ISSUER_AND_SERIAL 741 EXIST::FUNCTION: -d2i_PKCS7_RECIP_INFO 742 EXIST::FUNCTION: -d2i_PKCS7_SIGNED 743 EXIST::FUNCTION: -d2i_PKCS7_SIGNER_INFO 744 EXIST::FUNCTION: -d2i_PKCS7_SIGN_ENVELOPE 745 EXIST::FUNCTION: -d2i_PKCS7_bio 746 EXIST::FUNCTION: -d2i_PKCS7_fp 747 EXIST::FUNCTION:FP_API -d2i_PrivateKey 748 EXIST::FUNCTION: -d2i_PublicKey 749 EXIST::FUNCTION: -d2i_RSAPrivateKey 750 EXIST::FUNCTION:RSA -d2i_RSAPrivateKey_bio 751 EXIST::FUNCTION:BIO,RSA -d2i_RSAPrivateKey_fp 752 EXIST::FUNCTION:FP_API,RSA -d2i_RSAPublicKey 753 EXIST::FUNCTION:RSA -d2i_X509 754 EXIST::FUNCTION: -d2i_X509_ALGOR 755 EXIST::FUNCTION: -d2i_X509_ATTRIBUTE 756 EXIST::FUNCTION: -d2i_X509_CINF 757 EXIST::FUNCTION: -d2i_X509_CRL 758 EXIST::FUNCTION: -d2i_X509_CRL_INFO 759 EXIST::FUNCTION: -d2i_X509_CRL_bio 760 EXIST::FUNCTION:BIO -d2i_X509_CRL_fp 761 EXIST::FUNCTION:FP_API -d2i_X509_EXTENSION 762 EXIST::FUNCTION: -d2i_X509_NAME 763 EXIST::FUNCTION: -d2i_X509_NAME_ENTRY 764 EXIST::FUNCTION: -d2i_X509_PKEY 765 EXIST::FUNCTION: -d2i_X509_PUBKEY 766 EXIST::FUNCTION: -d2i_X509_REQ 767 EXIST::FUNCTION: -d2i_X509_REQ_INFO 768 EXIST::FUNCTION: -d2i_X509_REQ_bio 769 EXIST::FUNCTION:BIO -d2i_X509_REQ_fp 770 EXIST::FUNCTION:FP_API -d2i_X509_REVOKED 771 EXIST::FUNCTION: -d2i_X509_SIG 772 EXIST::FUNCTION: -d2i_X509_VAL 773 EXIST::FUNCTION: -d2i_X509_bio 774 EXIST::FUNCTION:BIO -d2i_X509_fp 775 EXIST::FUNCTION:FP_API -DES_cbc_cksum 777 EXIST::FUNCTION:DES -DES_cbc_encrypt 778 EXIST::FUNCTION:DES -DES_cblock_print_file 779 NOEXIST::FUNCTION: -DES_cfb64_encrypt 780 EXIST::FUNCTION:DES -DES_cfb_encrypt 781 EXIST::FUNCTION:DES -DES_decrypt3 782 EXIST::FUNCTION:DES -DES_ecb3_encrypt 783 EXIST::FUNCTION:DES -DES_ecb_encrypt 784 EXIST::FUNCTION:DES -DES_ede3_cbc_encrypt 785 EXIST::FUNCTION:DES -DES_ede3_cfb64_encrypt 786 EXIST::FUNCTION:DES -DES_ede3_ofb64_encrypt 787 EXIST::FUNCTION:DES -DES_enc_read 788 EXIST::FUNCTION:DES -DES_enc_write 789 EXIST::FUNCTION:DES -DES_encrypt1 790 EXIST::FUNCTION:DES -DES_encrypt2 791 EXIST::FUNCTION:DES -DES_encrypt3 792 EXIST::FUNCTION:DES -DES_fcrypt 793 EXIST::FUNCTION:DES -DES_is_weak_key 794 EXIST::FUNCTION:DES -DES_key_sched 795 EXIST::FUNCTION:DES -DES_ncbc_encrypt 796 EXIST::FUNCTION:DES -DES_ofb64_encrypt 797 EXIST::FUNCTION:DES -DES_ofb_encrypt 798 EXIST::FUNCTION:DES -DES_options 799 EXIST::FUNCTION:DES -DES_pcbc_encrypt 800 EXIST::FUNCTION:DES -DES_quad_cksum 801 EXIST::FUNCTION:DES -DES_random_key 802 EXIST::FUNCTION:DES -_ossl_old_des_random_seed 803 EXIST::FUNCTION:DES -_ossl_old_des_read_2passwords 804 EXIST::FUNCTION:DES -_ossl_old_des_read_password 805 EXIST::FUNCTION:DES -_ossl_old_des_read_pw 806 EXIST::FUNCTION: -_ossl_old_des_read_pw_string 807 EXIST::FUNCTION: -DES_set_key 808 EXIST::FUNCTION:DES -DES_set_odd_parity 809 EXIST::FUNCTION:DES -DES_string_to_2keys 810 EXIST::FUNCTION:DES -DES_string_to_key 811 EXIST::FUNCTION:DES -DES_xcbc_encrypt 812 EXIST::FUNCTION:DES -DES_xwhite_in2out 813 EXIST::FUNCTION:DES -fcrypt_body 814 NOEXIST::FUNCTION: -i2a_ASN1_INTEGER 815 EXIST::FUNCTION:BIO -i2a_ASN1_OBJECT 816 EXIST::FUNCTION:BIO -i2a_ASN1_STRING 817 EXIST::FUNCTION:BIO -i2d_ASN1_BIT_STRING 818 EXIST::FUNCTION: -i2d_ASN1_BOOLEAN 819 EXIST::FUNCTION: -i2d_ASN1_HEADER 820 EXIST::FUNCTION: -i2d_ASN1_IA5STRING 821 EXIST::FUNCTION: -i2d_ASN1_INTEGER 822 EXIST::FUNCTION: -i2d_ASN1_OBJECT 823 EXIST::FUNCTION: -i2d_ASN1_OCTET_STRING 824 EXIST::FUNCTION: -i2d_ASN1_PRINTABLE 825 EXIST::FUNCTION: -i2d_ASN1_SET 826 EXIST::FUNCTION: -i2d_ASN1_TYPE 827 EXIST::FUNCTION: -i2d_ASN1_UTCTIME 828 EXIST::FUNCTION: -i2d_ASN1_bytes 829 EXIST::FUNCTION: -i2d_DHparams 830 EXIST::FUNCTION:DH -i2d_DSAPrivateKey 831 EXIST::FUNCTION:DSA -i2d_DSAPrivateKey_bio 832 EXIST::FUNCTION:BIO,DSA -i2d_DSAPrivateKey_fp 833 EXIST::FUNCTION:DSA,FP_API -i2d_DSAPublicKey 834 EXIST::FUNCTION:DSA -i2d_DSAparams 835 EXIST::FUNCTION:DSA -i2d_NETSCAPE_SPKAC 836 EXIST::FUNCTION: -i2d_NETSCAPE_SPKI 837 EXIST::FUNCTION: -i2d_Netscape_RSA 838 EXIST::FUNCTION:RSA -i2d_PKCS7 839 EXIST::FUNCTION: -i2d_PKCS7_DIGEST 840 EXIST::FUNCTION: -i2d_PKCS7_ENCRYPT 841 EXIST::FUNCTION: -i2d_PKCS7_ENC_CONTENT 842 EXIST::FUNCTION: -i2d_PKCS7_ENVELOPE 843 EXIST::FUNCTION: -i2d_PKCS7_ISSUER_AND_SERIAL 844 EXIST::FUNCTION: -i2d_PKCS7_RECIP_INFO 845 EXIST::FUNCTION: -i2d_PKCS7_SIGNED 846 EXIST::FUNCTION: -i2d_PKCS7_SIGNER_INFO 847 EXIST::FUNCTION: -i2d_PKCS7_SIGN_ENVELOPE 848 EXIST::FUNCTION: -i2d_PKCS7_bio 849 EXIST::FUNCTION: -i2d_PKCS7_fp 850 EXIST::FUNCTION:FP_API -i2d_PrivateKey 851 EXIST::FUNCTION: -i2d_PublicKey 852 EXIST::FUNCTION: -i2d_RSAPrivateKey 853 EXIST::FUNCTION:RSA -i2d_RSAPrivateKey_bio 854 EXIST::FUNCTION:BIO,RSA -i2d_RSAPrivateKey_fp 855 EXIST::FUNCTION:FP_API,RSA -i2d_RSAPublicKey 856 EXIST::FUNCTION:RSA -i2d_X509 857 EXIST::FUNCTION: -i2d_X509_ALGOR 858 EXIST::FUNCTION: -i2d_X509_ATTRIBUTE 859 EXIST::FUNCTION: -i2d_X509_CINF 860 EXIST::FUNCTION: -i2d_X509_CRL 861 EXIST::FUNCTION: -i2d_X509_CRL_INFO 862 EXIST::FUNCTION: -i2d_X509_CRL_bio 863 EXIST::FUNCTION:BIO -i2d_X509_CRL_fp 864 EXIST::FUNCTION:FP_API -i2d_X509_EXTENSION 865 EXIST::FUNCTION: -i2d_X509_NAME 866 EXIST::FUNCTION: -i2d_X509_NAME_ENTRY 867 EXIST::FUNCTION: -i2d_X509_PKEY 868 EXIST::FUNCTION: -i2d_X509_PUBKEY 869 EXIST::FUNCTION: -i2d_X509_REQ 870 EXIST::FUNCTION: -i2d_X509_REQ_INFO 871 EXIST::FUNCTION: -i2d_X509_REQ_bio 872 EXIST::FUNCTION:BIO -i2d_X509_REQ_fp 873 EXIST::FUNCTION:FP_API -i2d_X509_REVOKED 874 EXIST::FUNCTION: -i2d_X509_SIG 875 EXIST::FUNCTION: -i2d_X509_VAL 876 EXIST::FUNCTION: -i2d_X509_bio 877 EXIST::FUNCTION:BIO -i2d_X509_fp 878 EXIST::FUNCTION:FP_API -idea_cbc_encrypt 879 EXIST::FUNCTION:IDEA -idea_cfb64_encrypt 880 EXIST::FUNCTION:IDEA -idea_ecb_encrypt 881 EXIST::FUNCTION:IDEA -idea_encrypt 882 EXIST::FUNCTION:IDEA -idea_ofb64_encrypt 883 EXIST::FUNCTION:IDEA -idea_options 884 EXIST::FUNCTION:IDEA -idea_set_decrypt_key 885 EXIST::FUNCTION:IDEA -idea_set_encrypt_key 886 EXIST::FUNCTION:IDEA -lh_delete 887 EXIST::FUNCTION: -lh_doall 888 EXIST::FUNCTION: -lh_doall_arg 889 EXIST::FUNCTION: -lh_free 890 EXIST::FUNCTION: -lh_insert 891 EXIST::FUNCTION: -lh_new 892 EXIST::FUNCTION: -lh_node_stats 893 EXIST::FUNCTION:FP_API -lh_node_stats_bio 894 EXIST::FUNCTION:BIO -lh_node_usage_stats 895 EXIST::FUNCTION:FP_API -lh_node_usage_stats_bio 896 EXIST::FUNCTION:BIO -lh_retrieve 897 EXIST::FUNCTION: -lh_stats 898 EXIST::FUNCTION:FP_API -lh_stats_bio 899 EXIST::FUNCTION:BIO -lh_strhash 900 EXIST::FUNCTION: -sk_delete 901 EXIST::FUNCTION: -sk_delete_ptr 902 EXIST::FUNCTION: -sk_dup 903 EXIST::FUNCTION: -sk_find 904 EXIST::FUNCTION: -sk_free 905 EXIST::FUNCTION: -sk_insert 906 EXIST::FUNCTION: -sk_new 907 EXIST::FUNCTION: -sk_pop 908 EXIST::FUNCTION: -sk_pop_free 909 EXIST::FUNCTION: -sk_push 910 EXIST::FUNCTION: -sk_set_cmp_func 911 EXIST::FUNCTION: -sk_shift 912 EXIST::FUNCTION: -sk_unshift 913 EXIST::FUNCTION: -sk_zero 914 EXIST::FUNCTION: -BIO_f_nbio_test 915 EXIST::FUNCTION: -ASN1_TYPE_get 916 EXIST::FUNCTION: -ASN1_TYPE_set 917 EXIST::FUNCTION: -PKCS7_content_free 918 NOEXIST::FUNCTION: -ERR_load_PKCS7_strings 919 EXIST::FUNCTION: -X509_find_by_issuer_and_serial 920 EXIST::FUNCTION: -X509_find_by_subject 921 EXIST::FUNCTION: -PKCS7_ctrl 927 EXIST::FUNCTION: -PKCS7_set_type 928 EXIST::FUNCTION: -PKCS7_set_content 929 EXIST::FUNCTION: -PKCS7_SIGNER_INFO_set 930 EXIST::FUNCTION: -PKCS7_add_signer 931 EXIST::FUNCTION: -PKCS7_add_certificate 932 EXIST::FUNCTION: -PKCS7_add_crl 933 EXIST::FUNCTION: -PKCS7_content_new 934 EXIST::FUNCTION: -PKCS7_dataSign 935 NOEXIST::FUNCTION: -PKCS7_dataVerify 936 EXIST::FUNCTION: -PKCS7_dataInit 937 EXIST::FUNCTION: -PKCS7_add_signature 938 EXIST::FUNCTION: -PKCS7_cert_from_signer_info 939 EXIST::FUNCTION: -PKCS7_get_signer_info 940 EXIST::FUNCTION: -EVP_delete_alias 941 NOEXIST::FUNCTION: -EVP_mdc2 942 EXIST::FUNCTION:MDC2 -PEM_read_bio_RSAPublicKey 943 EXIST::FUNCTION:RSA -PEM_write_bio_RSAPublicKey 944 EXIST::FUNCTION:RSA -d2i_RSAPublicKey_bio 945 EXIST::FUNCTION:BIO,RSA -i2d_RSAPublicKey_bio 946 EXIST::FUNCTION:BIO,RSA -PEM_read_RSAPublicKey 947 EXIST:!WIN16:FUNCTION:RSA -PEM_write_RSAPublicKey 949 EXIST:!WIN16:FUNCTION:RSA -d2i_RSAPublicKey_fp 952 EXIST::FUNCTION:FP_API,RSA -i2d_RSAPublicKey_fp 954 EXIST::FUNCTION:FP_API,RSA -BIO_copy_next_retry 955 EXIST::FUNCTION: -RSA_flags 956 EXIST::FUNCTION:RSA -X509_STORE_add_crl 957 EXIST::FUNCTION: -X509_load_crl_file 958 EXIST::FUNCTION:STDIO -EVP_rc2_40_cbc 959 EXIST::FUNCTION:RC2 -EVP_rc4_40 960 EXIST::FUNCTION:RC4 -EVP_CIPHER_CTX_init 961 EXIST::FUNCTION: -HMAC 962 EXIST::FUNCTION:HMAC -HMAC_Init 963 EXIST::FUNCTION:HMAC -HMAC_Update 964 EXIST::FUNCTION:HMAC -HMAC_Final 965 EXIST::FUNCTION:HMAC -ERR_get_next_error_library 966 EXIST::FUNCTION: -EVP_PKEY_cmp_parameters 967 EXIST::FUNCTION: -HMAC_cleanup 968 NOEXIST::FUNCTION: -BIO_ptr_ctrl 969 EXIST::FUNCTION: -BIO_new_file_internal 970 EXIST:WIN16:FUNCTION:FP_API -BIO_new_fp_internal 971 EXIST:WIN16:FUNCTION:FP_API -BIO_s_file_internal 972 EXIST:WIN16:FUNCTION:FP_API -BN_BLINDING_convert 973 EXIST::FUNCTION: -BN_BLINDING_invert 974 EXIST::FUNCTION: -BN_BLINDING_update 975 EXIST::FUNCTION: -RSA_blinding_on 977 EXIST::FUNCTION:RSA -RSA_blinding_off 978 EXIST::FUNCTION:RSA -i2t_ASN1_OBJECT 979 EXIST::FUNCTION: -BN_BLINDING_new 980 EXIST::FUNCTION: -BN_BLINDING_free 981 EXIST::FUNCTION: -EVP_cast5_cbc 983 EXIST::FUNCTION:CAST -EVP_cast5_cfb 984 EXIST::FUNCTION:CAST -EVP_cast5_ecb 985 EXIST::FUNCTION:CAST -EVP_cast5_ofb 986 EXIST::FUNCTION:CAST -BF_decrypt 987 EXIST::FUNCTION:BF -CAST_set_key 988 EXIST::FUNCTION:CAST -CAST_encrypt 989 EXIST::FUNCTION:CAST -CAST_decrypt 990 EXIST::FUNCTION:CAST -CAST_ecb_encrypt 991 EXIST::FUNCTION:CAST -CAST_cbc_encrypt 992 EXIST::FUNCTION:CAST -CAST_cfb64_encrypt 993 EXIST::FUNCTION:CAST -CAST_ofb64_encrypt 994 EXIST::FUNCTION:CAST -RC2_decrypt 995 EXIST::FUNCTION:RC2 -OBJ_create_objects 997 EXIST::FUNCTION: -BN_exp 998 EXIST::FUNCTION: -BN_mul_word 999 EXIST::FUNCTION: -BN_sub_word 1000 EXIST::FUNCTION: -BN_dec2bn 1001 EXIST::FUNCTION: -BN_bn2dec 1002 EXIST::FUNCTION: -BIO_ghbn_ctrl 1003 EXIST::FUNCTION: -CRYPTO_free_ex_data 1004 EXIST::FUNCTION: -CRYPTO_get_ex_data 1005 EXIST::FUNCTION: -CRYPTO_set_ex_data 1007 EXIST::FUNCTION: -ERR_load_CRYPTO_strings 1009 EXIST:!VMS,!WIN16:FUNCTION: -ERR_load_CRYPTOlib_strings 1009 EXIST:VMS,WIN16:FUNCTION: -EVP_PKEY_bits 1010 EXIST::FUNCTION: -MD5_Transform 1011 EXIST::FUNCTION:MD5 -SHA1_Transform 1012 EXIST::FUNCTION:SHA,SHA1 -SHA_Transform 1013 EXIST::FUNCTION:SHA,SHA0 -X509_STORE_CTX_get_chain 1014 EXIST::FUNCTION: -X509_STORE_CTX_get_current_cert 1015 EXIST::FUNCTION: -X509_STORE_CTX_get_error 1016 EXIST::FUNCTION: -X509_STORE_CTX_get_error_depth 1017 EXIST::FUNCTION: -X509_STORE_CTX_get_ex_data 1018 EXIST::FUNCTION: -X509_STORE_CTX_set_cert 1020 EXIST::FUNCTION: -X509_STORE_CTX_set_chain 1021 EXIST::FUNCTION: -X509_STORE_CTX_set_error 1022 EXIST::FUNCTION: -X509_STORE_CTX_set_ex_data 1023 EXIST::FUNCTION: -CRYPTO_dup_ex_data 1025 EXIST::FUNCTION: -CRYPTO_get_new_lockid 1026 EXIST::FUNCTION: -CRYPTO_new_ex_data 1027 EXIST::FUNCTION: -RSA_set_ex_data 1028 EXIST::FUNCTION:RSA -RSA_get_ex_data 1029 EXIST::FUNCTION:RSA -RSA_get_ex_new_index 1030 EXIST::FUNCTION:RSA -RSA_padding_add_PKCS1_type_1 1031 EXIST::FUNCTION:RSA -RSA_padding_add_PKCS1_type_2 1032 EXIST::FUNCTION:RSA -RSA_padding_add_SSLv23 1033 EXIST::FUNCTION:RSA -RSA_padding_add_none 1034 EXIST::FUNCTION:RSA -RSA_padding_check_PKCS1_type_1 1035 EXIST::FUNCTION:RSA -RSA_padding_check_PKCS1_type_2 1036 EXIST::FUNCTION:RSA -RSA_padding_check_SSLv23 1037 EXIST::FUNCTION:RSA -RSA_padding_check_none 1038 EXIST::FUNCTION:RSA -bn_add_words 1039 EXIST::FUNCTION: -d2i_Netscape_RSA_2 1040 NOEXIST::FUNCTION: -CRYPTO_get_ex_new_index 1041 EXIST::FUNCTION: -RIPEMD160_Init 1042 EXIST::FUNCTION:RIPEMD -RIPEMD160_Update 1043 EXIST::FUNCTION:RIPEMD -RIPEMD160_Final 1044 EXIST::FUNCTION:RIPEMD -RIPEMD160 1045 EXIST::FUNCTION:RIPEMD -RIPEMD160_Transform 1046 EXIST::FUNCTION:RIPEMD -RC5_32_set_key 1047 EXIST::FUNCTION:RC5 -RC5_32_ecb_encrypt 1048 EXIST::FUNCTION:RC5 -RC5_32_encrypt 1049 EXIST::FUNCTION:RC5 -RC5_32_decrypt 1050 EXIST::FUNCTION:RC5 -RC5_32_cbc_encrypt 1051 EXIST::FUNCTION:RC5 -RC5_32_cfb64_encrypt 1052 EXIST::FUNCTION:RC5 -RC5_32_ofb64_encrypt 1053 EXIST::FUNCTION:RC5 -BN_bn2mpi 1058 EXIST::FUNCTION: -BN_mpi2bn 1059 EXIST::FUNCTION: -ASN1_BIT_STRING_get_bit 1060 EXIST::FUNCTION: -ASN1_BIT_STRING_set_bit 1061 EXIST::FUNCTION: -BIO_get_ex_data 1062 EXIST::FUNCTION: -BIO_get_ex_new_index 1063 EXIST::FUNCTION: -BIO_set_ex_data 1064 EXIST::FUNCTION: -X509v3_get_key_usage 1066 NOEXIST::FUNCTION: -X509v3_set_key_usage 1067 NOEXIST::FUNCTION: -a2i_X509v3_key_usage 1068 NOEXIST::FUNCTION: -i2a_X509v3_key_usage 1069 NOEXIST::FUNCTION: -EVP_PKEY_decrypt 1070 EXIST::FUNCTION: -EVP_PKEY_encrypt 1071 EXIST::FUNCTION: -PKCS7_RECIP_INFO_set 1072 EXIST::FUNCTION: -PKCS7_add_recipient 1073 EXIST::FUNCTION: -PKCS7_add_recipient_info 1074 EXIST::FUNCTION: -PKCS7_set_cipher 1075 EXIST::FUNCTION: -ASN1_TYPE_get_int_octetstring 1076 EXIST::FUNCTION: -ASN1_TYPE_get_octetstring 1077 EXIST::FUNCTION: -ASN1_TYPE_set_int_octetstring 1078 EXIST::FUNCTION: -ASN1_TYPE_set_octetstring 1079 EXIST::FUNCTION: -ASN1_UTCTIME_set_string 1080 EXIST::FUNCTION: -ERR_add_error_data 1081 EXIST::FUNCTION:BIO -ERR_set_error_data 1082 EXIST::FUNCTION: -EVP_CIPHER_asn1_to_param 1083 EXIST::FUNCTION: -EVP_CIPHER_param_to_asn1 1084 EXIST::FUNCTION: -EVP_CIPHER_get_asn1_iv 1085 EXIST::FUNCTION: -EVP_CIPHER_set_asn1_iv 1086 EXIST::FUNCTION: -EVP_rc5_32_12_16_cbc 1087 EXIST::FUNCTION:RC5 -EVP_rc5_32_12_16_cfb 1088 EXIST::FUNCTION:RC5 -EVP_rc5_32_12_16_ecb 1089 EXIST::FUNCTION:RC5 -EVP_rc5_32_12_16_ofb 1090 EXIST::FUNCTION:RC5 -asn1_add_error 1091 EXIST::FUNCTION: -d2i_ASN1_BMPSTRING 1092 EXIST::FUNCTION: -i2d_ASN1_BMPSTRING 1093 EXIST::FUNCTION: -BIO_f_ber 1094 NOEXIST::FUNCTION: -BN_init 1095 EXIST::FUNCTION: -COMP_CTX_new 1096 EXIST::FUNCTION: -COMP_CTX_free 1097 EXIST::FUNCTION: -COMP_CTX_compress_block 1098 NOEXIST::FUNCTION: -COMP_CTX_expand_block 1099 NOEXIST::FUNCTION: -X509_STORE_CTX_get_ex_new_index 1100 EXIST::FUNCTION: -OBJ_NAME_add 1101 EXIST::FUNCTION: -BIO_socket_nbio 1102 EXIST::FUNCTION: -EVP_rc2_64_cbc 1103 EXIST::FUNCTION:RC2 -OBJ_NAME_cleanup 1104 EXIST::FUNCTION: -OBJ_NAME_get 1105 EXIST::FUNCTION: -OBJ_NAME_init 1106 EXIST::FUNCTION: -OBJ_NAME_new_index 1107 EXIST::FUNCTION: -OBJ_NAME_remove 1108 EXIST::FUNCTION: -BN_MONT_CTX_copy 1109 EXIST::FUNCTION: -BIO_new_socks4a_connect 1110 NOEXIST::FUNCTION: -BIO_s_socks4a_connect 1111 NOEXIST::FUNCTION: -PROXY_set_connect_mode 1112 NOEXIST::FUNCTION: -RAND_SSLeay 1113 EXIST::FUNCTION: -RAND_set_rand_method 1114 EXIST::FUNCTION: -RSA_memory_lock 1115 EXIST::FUNCTION:RSA -bn_sub_words 1116 EXIST::FUNCTION: -bn_mul_normal 1117 NOEXIST::FUNCTION: -bn_mul_comba8 1118 NOEXIST::FUNCTION: -bn_mul_comba4 1119 NOEXIST::FUNCTION: -bn_sqr_normal 1120 NOEXIST::FUNCTION: -bn_sqr_comba8 1121 NOEXIST::FUNCTION: -bn_sqr_comba4 1122 NOEXIST::FUNCTION: -bn_cmp_words 1123 NOEXIST::FUNCTION: -bn_mul_recursive 1124 NOEXIST::FUNCTION: -bn_mul_part_recursive 1125 NOEXIST::FUNCTION: -bn_sqr_recursive 1126 NOEXIST::FUNCTION: -bn_mul_low_normal 1127 NOEXIST::FUNCTION: -BN_RECP_CTX_init 1128 EXIST::FUNCTION: -BN_RECP_CTX_new 1129 EXIST::FUNCTION: -BN_RECP_CTX_free 1130 EXIST::FUNCTION: -BN_RECP_CTX_set 1131 EXIST::FUNCTION: -BN_mod_mul_reciprocal 1132 EXIST::FUNCTION: -BN_mod_exp_recp 1133 EXIST::FUNCTION: -BN_div_recp 1134 EXIST::FUNCTION: -BN_CTX_init 1135 EXIST::FUNCTION: -BN_MONT_CTX_init 1136 EXIST::FUNCTION: -RAND_get_rand_method 1137 EXIST::FUNCTION: -PKCS7_add_attribute 1138 EXIST::FUNCTION: -PKCS7_add_signed_attribute 1139 EXIST::FUNCTION: -PKCS7_digest_from_attributes 1140 EXIST::FUNCTION: -PKCS7_get_attribute 1141 EXIST::FUNCTION: -PKCS7_get_issuer_and_serial 1142 EXIST::FUNCTION: -PKCS7_get_signed_attribute 1143 EXIST::FUNCTION: -COMP_compress_block 1144 EXIST::FUNCTION: -COMP_expand_block 1145 EXIST::FUNCTION: -COMP_rle 1146 EXIST::FUNCTION: -COMP_zlib 1147 EXIST::FUNCTION: -ms_time_diff 1148 EXIST::FUNCTION: -ms_time_new 1149 EXIST::FUNCTION: -ms_time_free 1150 EXIST::FUNCTION: -ms_time_cmp 1151 EXIST::FUNCTION: -ms_time_get 1152 EXIST::FUNCTION: -PKCS7_set_attributes 1153 EXIST::FUNCTION: -PKCS7_set_signed_attributes 1154 EXIST::FUNCTION: -X509_ATTRIBUTE_create 1155 EXIST::FUNCTION: -X509_ATTRIBUTE_dup 1156 EXIST::FUNCTION: -ASN1_GENERALIZEDTIME_check 1157 EXIST::FUNCTION: -ASN1_GENERALIZEDTIME_print 1158 EXIST::FUNCTION:BIO -ASN1_GENERALIZEDTIME_set 1159 EXIST::FUNCTION: -ASN1_GENERALIZEDTIME_set_string 1160 EXIST::FUNCTION: -ASN1_TIME_print 1161 EXIST::FUNCTION:BIO -BASIC_CONSTRAINTS_free 1162 EXIST::FUNCTION: -BASIC_CONSTRAINTS_new 1163 EXIST::FUNCTION: -ERR_load_X509V3_strings 1164 EXIST::FUNCTION: -NETSCAPE_CERT_SEQUENCE_free 1165 EXIST::FUNCTION: -NETSCAPE_CERT_SEQUENCE_new 1166 EXIST::FUNCTION: -OBJ_txt2obj 1167 EXIST::FUNCTION: -PEM_read_NETSCAPE_CERT_SEQUENCE 1168 EXIST:!VMS,!WIN16:FUNCTION: -PEM_read_NS_CERT_SEQ 1168 EXIST:VMS:FUNCTION: -PEM_read_bio_NETSCAPE_CERT_SEQUENCE 1169 EXIST:!VMS:FUNCTION: -PEM_read_bio_NS_CERT_SEQ 1169 EXIST:VMS:FUNCTION: -PEM_write_NETSCAPE_CERT_SEQUENCE 1170 EXIST:!VMS,!WIN16:FUNCTION: -PEM_write_NS_CERT_SEQ 1170 EXIST:VMS:FUNCTION: -PEM_write_bio_NETSCAPE_CERT_SEQUENCE 1171 EXIST:!VMS:FUNCTION: -PEM_write_bio_NS_CERT_SEQ 1171 EXIST:VMS:FUNCTION: -X509V3_EXT_add 1172 EXIST::FUNCTION: -X509V3_EXT_add_alias 1173 EXIST::FUNCTION: -X509V3_EXT_add_conf 1174 EXIST::FUNCTION: -X509V3_EXT_cleanup 1175 EXIST::FUNCTION: -X509V3_EXT_conf 1176 EXIST::FUNCTION: -X509V3_EXT_conf_nid 1177 EXIST::FUNCTION: -X509V3_EXT_get 1178 EXIST::FUNCTION: -X509V3_EXT_get_nid 1179 EXIST::FUNCTION: -X509V3_EXT_print 1180 EXIST::FUNCTION: -X509V3_EXT_print_fp 1181 EXIST::FUNCTION: -X509V3_add_standard_extensions 1182 EXIST::FUNCTION: -X509V3_add_value 1183 EXIST::FUNCTION: -X509V3_add_value_bool 1184 EXIST::FUNCTION: -X509V3_add_value_int 1185 EXIST::FUNCTION: -X509V3_conf_free 1186 EXIST::FUNCTION: -X509V3_get_value_bool 1187 EXIST::FUNCTION: -X509V3_get_value_int 1188 EXIST::FUNCTION: -X509V3_parse_list 1189 EXIST::FUNCTION: -d2i_ASN1_GENERALIZEDTIME 1190 EXIST::FUNCTION: -d2i_ASN1_TIME 1191 EXIST::FUNCTION: -d2i_BASIC_CONSTRAINTS 1192 EXIST::FUNCTION: -d2i_NETSCAPE_CERT_SEQUENCE 1193 EXIST::FUNCTION: -d2i_ext_ku 1194 NOEXIST::FUNCTION: -ext_ku_free 1195 NOEXIST::FUNCTION: -ext_ku_new 1196 NOEXIST::FUNCTION: -i2d_ASN1_GENERALIZEDTIME 1197 EXIST::FUNCTION: -i2d_ASN1_TIME 1198 EXIST::FUNCTION: -i2d_BASIC_CONSTRAINTS 1199 EXIST::FUNCTION: -i2d_NETSCAPE_CERT_SEQUENCE 1200 EXIST::FUNCTION: -i2d_ext_ku 1201 NOEXIST::FUNCTION: -EVP_MD_CTX_copy 1202 EXIST::FUNCTION: -i2d_ASN1_ENUMERATED 1203 EXIST::FUNCTION: -d2i_ASN1_ENUMERATED 1204 EXIST::FUNCTION: -ASN1_ENUMERATED_set 1205 EXIST::FUNCTION: -ASN1_ENUMERATED_get 1206 EXIST::FUNCTION: -BN_to_ASN1_ENUMERATED 1207 EXIST::FUNCTION: -ASN1_ENUMERATED_to_BN 1208 EXIST::FUNCTION: -i2a_ASN1_ENUMERATED 1209 EXIST::FUNCTION:BIO -a2i_ASN1_ENUMERATED 1210 EXIST::FUNCTION:BIO -i2d_GENERAL_NAME 1211 EXIST::FUNCTION: -d2i_GENERAL_NAME 1212 EXIST::FUNCTION: -GENERAL_NAME_new 1213 EXIST::FUNCTION: -GENERAL_NAME_free 1214 EXIST::FUNCTION: -GENERAL_NAMES_new 1215 EXIST::FUNCTION: -GENERAL_NAMES_free 1216 EXIST::FUNCTION: -d2i_GENERAL_NAMES 1217 EXIST::FUNCTION: -i2d_GENERAL_NAMES 1218 EXIST::FUNCTION: -i2v_GENERAL_NAMES 1219 EXIST::FUNCTION: -i2s_ASN1_OCTET_STRING 1220 EXIST::FUNCTION: -s2i_ASN1_OCTET_STRING 1221 EXIST::FUNCTION: -X509V3_EXT_check_conf 1222 NOEXIST::FUNCTION: -hex_to_string 1223 EXIST::FUNCTION: -string_to_hex 1224 EXIST::FUNCTION: -DES_ede3_cbcm_encrypt 1225 EXIST::FUNCTION:DES -RSA_padding_add_PKCS1_OAEP 1226 EXIST::FUNCTION:RSA -RSA_padding_check_PKCS1_OAEP 1227 EXIST::FUNCTION:RSA -X509_CRL_print_fp 1228 EXIST::FUNCTION:FP_API -X509_CRL_print 1229 EXIST::FUNCTION:BIO -i2v_GENERAL_NAME 1230 EXIST::FUNCTION: -v2i_GENERAL_NAME 1231 EXIST::FUNCTION: -i2d_PKEY_USAGE_PERIOD 1232 EXIST::FUNCTION: -d2i_PKEY_USAGE_PERIOD 1233 EXIST::FUNCTION: -PKEY_USAGE_PERIOD_new 1234 EXIST::FUNCTION: -PKEY_USAGE_PERIOD_free 1235 EXIST::FUNCTION: -v2i_GENERAL_NAMES 1236 EXIST::FUNCTION: -i2s_ASN1_INTEGER 1237 EXIST::FUNCTION: -X509V3_EXT_d2i 1238 EXIST::FUNCTION: -name_cmp 1239 EXIST::FUNCTION: -str_dup 1240 NOEXIST::FUNCTION: -i2s_ASN1_ENUMERATED 1241 EXIST::FUNCTION: -i2s_ASN1_ENUMERATED_TABLE 1242 EXIST::FUNCTION: -BIO_s_log 1243 EXIST:!WIN16,!WIN32,!macintosh:FUNCTION: -BIO_f_reliable 1244 EXIST::FUNCTION:BIO -PKCS7_dataFinal 1245 EXIST::FUNCTION: -PKCS7_dataDecode 1246 EXIST::FUNCTION: -X509V3_EXT_CRL_add_conf 1247 EXIST::FUNCTION: -BN_set_params 1248 EXIST::FUNCTION: -BN_get_params 1249 EXIST::FUNCTION: -BIO_get_ex_num 1250 NOEXIST::FUNCTION: -BIO_set_ex_free_func 1251 NOEXIST::FUNCTION: -EVP_ripemd160 1252 EXIST::FUNCTION:RIPEMD -ASN1_TIME_set 1253 EXIST::FUNCTION: -i2d_AUTHORITY_KEYID 1254 EXIST::FUNCTION: -d2i_AUTHORITY_KEYID 1255 EXIST::FUNCTION: -AUTHORITY_KEYID_new 1256 EXIST::FUNCTION: -AUTHORITY_KEYID_free 1257 EXIST::FUNCTION: -ASN1_seq_unpack 1258 EXIST::FUNCTION: -ASN1_seq_pack 1259 EXIST::FUNCTION: -ASN1_unpack_string 1260 EXIST::FUNCTION: -ASN1_pack_string 1261 EXIST::FUNCTION: -PKCS12_pack_safebag 1262 NOEXIST::FUNCTION: -PKCS12_MAKE_KEYBAG 1263 EXIST::FUNCTION: -PKCS8_encrypt 1264 EXIST::FUNCTION: -PKCS12_MAKE_SHKEYBAG 1265 EXIST::FUNCTION: -PKCS12_pack_p7data 1266 EXIST::FUNCTION: -PKCS12_pack_p7encdata 1267 EXIST::FUNCTION: -PKCS12_add_localkeyid 1268 EXIST::FUNCTION: -PKCS12_add_friendlyname_asc 1269 EXIST::FUNCTION: -PKCS12_add_friendlyname_uni 1270 EXIST::FUNCTION: -PKCS12_get_friendlyname 1271 EXIST::FUNCTION: -PKCS12_pbe_crypt 1272 EXIST::FUNCTION: -PKCS12_decrypt_d2i 1273 NOEXIST::FUNCTION: -PKCS12_i2d_encrypt 1274 NOEXIST::FUNCTION: -PKCS12_init 1275 EXIST::FUNCTION: -PKCS12_key_gen_asc 1276 EXIST::FUNCTION: -PKCS12_key_gen_uni 1277 EXIST::FUNCTION: -PKCS12_gen_mac 1278 EXIST::FUNCTION: -PKCS12_verify_mac 1279 EXIST::FUNCTION: -PKCS12_set_mac 1280 EXIST::FUNCTION: -PKCS12_setup_mac 1281 EXIST::FUNCTION: -asc2uni 1282 EXIST::FUNCTION: -uni2asc 1283 EXIST::FUNCTION: -i2d_PKCS12_BAGS 1284 EXIST::FUNCTION: -PKCS12_BAGS_new 1285 EXIST::FUNCTION: -d2i_PKCS12_BAGS 1286 EXIST::FUNCTION: -PKCS12_BAGS_free 1287 EXIST::FUNCTION: -i2d_PKCS12 1288 EXIST::FUNCTION: -d2i_PKCS12 1289 EXIST::FUNCTION: -PKCS12_new 1290 EXIST::FUNCTION: -PKCS12_free 1291 EXIST::FUNCTION: -i2d_PKCS12_MAC_DATA 1292 EXIST::FUNCTION: -PKCS12_MAC_DATA_new 1293 EXIST::FUNCTION: -d2i_PKCS12_MAC_DATA 1294 EXIST::FUNCTION: -PKCS12_MAC_DATA_free 1295 EXIST::FUNCTION: -i2d_PKCS12_SAFEBAG 1296 EXIST::FUNCTION: -PKCS12_SAFEBAG_new 1297 EXIST::FUNCTION: -d2i_PKCS12_SAFEBAG 1298 EXIST::FUNCTION: -PKCS12_SAFEBAG_free 1299 EXIST::FUNCTION: -ERR_load_PKCS12_strings 1300 EXIST::FUNCTION: -PKCS12_PBE_add 1301 EXIST::FUNCTION: -PKCS8_add_keyusage 1302 EXIST::FUNCTION: -PKCS12_get_attr_gen 1303 EXIST::FUNCTION: -PKCS12_parse 1304 EXIST::FUNCTION: -PKCS12_create 1305 EXIST::FUNCTION: -i2d_PKCS12_bio 1306 EXIST::FUNCTION: -i2d_PKCS12_fp 1307 EXIST::FUNCTION: -d2i_PKCS12_bio 1308 EXIST::FUNCTION: -d2i_PKCS12_fp 1309 EXIST::FUNCTION: -i2d_PBEPARAM 1310 EXIST::FUNCTION: -PBEPARAM_new 1311 EXIST::FUNCTION: -d2i_PBEPARAM 1312 EXIST::FUNCTION: -PBEPARAM_free 1313 EXIST::FUNCTION: -i2d_PKCS8_PRIV_KEY_INFO 1314 EXIST::FUNCTION: -PKCS8_PRIV_KEY_INFO_new 1315 EXIST::FUNCTION: -d2i_PKCS8_PRIV_KEY_INFO 1316 EXIST::FUNCTION: -PKCS8_PRIV_KEY_INFO_free 1317 EXIST::FUNCTION: -EVP_PKCS82PKEY 1318 EXIST::FUNCTION: -EVP_PKEY2PKCS8 1319 EXIST::FUNCTION: -PKCS8_set_broken 1320 EXIST::FUNCTION: -EVP_PBE_ALGOR_CipherInit 1321 NOEXIST::FUNCTION: -EVP_PBE_alg_add 1322 EXIST::FUNCTION: -PKCS5_pbe_set 1323 EXIST::FUNCTION: -EVP_PBE_cleanup 1324 EXIST::FUNCTION: -i2d_SXNET 1325 EXIST::FUNCTION: -d2i_SXNET 1326 EXIST::FUNCTION: -SXNET_new 1327 EXIST::FUNCTION: -SXNET_free 1328 EXIST::FUNCTION: -i2d_SXNETID 1329 EXIST::FUNCTION: -d2i_SXNETID 1330 EXIST::FUNCTION: -SXNETID_new 1331 EXIST::FUNCTION: -SXNETID_free 1332 EXIST::FUNCTION: -DSA_SIG_new 1333 EXIST::FUNCTION:DSA -DSA_SIG_free 1334 EXIST::FUNCTION:DSA -DSA_do_sign 1335 EXIST::FUNCTION:DSA -DSA_do_verify 1336 EXIST::FUNCTION:DSA -d2i_DSA_SIG 1337 EXIST::FUNCTION:DSA -i2d_DSA_SIG 1338 EXIST::FUNCTION:DSA -i2d_ASN1_VISIBLESTRING 1339 EXIST::FUNCTION: -d2i_ASN1_VISIBLESTRING 1340 EXIST::FUNCTION: -i2d_ASN1_UTF8STRING 1341 EXIST::FUNCTION: -d2i_ASN1_UTF8STRING 1342 EXIST::FUNCTION: -i2d_DIRECTORYSTRING 1343 EXIST::FUNCTION: -d2i_DIRECTORYSTRING 1344 EXIST::FUNCTION: -i2d_DISPLAYTEXT 1345 EXIST::FUNCTION: -d2i_DISPLAYTEXT 1346 EXIST::FUNCTION: -d2i_ASN1_SET_OF_X509 1379 NOEXIST::FUNCTION: -i2d_ASN1_SET_OF_X509 1380 NOEXIST::FUNCTION: -i2d_PBKDF2PARAM 1397 EXIST::FUNCTION: -PBKDF2PARAM_new 1398 EXIST::FUNCTION: -d2i_PBKDF2PARAM 1399 EXIST::FUNCTION: -PBKDF2PARAM_free 1400 EXIST::FUNCTION: -i2d_PBE2PARAM 1401 EXIST::FUNCTION: -PBE2PARAM_new 1402 EXIST::FUNCTION: -d2i_PBE2PARAM 1403 EXIST::FUNCTION: -PBE2PARAM_free 1404 EXIST::FUNCTION: -d2i_ASN1_SET_OF_GENERAL_NAME 1421 NOEXIST::FUNCTION: -i2d_ASN1_SET_OF_GENERAL_NAME 1422 NOEXIST::FUNCTION: -d2i_ASN1_SET_OF_SXNETID 1439 NOEXIST::FUNCTION: -i2d_ASN1_SET_OF_SXNETID 1440 NOEXIST::FUNCTION: -d2i_ASN1_SET_OF_POLICYQUALINFO 1457 NOEXIST::FUNCTION: -i2d_ASN1_SET_OF_POLICYQUALINFO 1458 NOEXIST::FUNCTION: -d2i_ASN1_SET_OF_POLICYINFO 1475 NOEXIST::FUNCTION: -i2d_ASN1_SET_OF_POLICYINFO 1476 NOEXIST::FUNCTION: -SXNET_add_id_asc 1477 EXIST::FUNCTION: -SXNET_add_id_ulong 1478 EXIST::FUNCTION: -SXNET_add_id_INTEGER 1479 EXIST::FUNCTION: -SXNET_get_id_asc 1480 EXIST::FUNCTION: -SXNET_get_id_ulong 1481 EXIST::FUNCTION: -SXNET_get_id_INTEGER 1482 EXIST::FUNCTION: -X509V3_set_conf_lhash 1483 EXIST::FUNCTION: -i2d_CERTIFICATEPOLICIES 1484 EXIST::FUNCTION: -CERTIFICATEPOLICIES_new 1485 EXIST::FUNCTION: -CERTIFICATEPOLICIES_free 1486 EXIST::FUNCTION: -d2i_CERTIFICATEPOLICIES 1487 EXIST::FUNCTION: -i2d_POLICYINFO 1488 EXIST::FUNCTION: -POLICYINFO_new 1489 EXIST::FUNCTION: -d2i_POLICYINFO 1490 EXIST::FUNCTION: -POLICYINFO_free 1491 EXIST::FUNCTION: -i2d_POLICYQUALINFO 1492 EXIST::FUNCTION: -POLICYQUALINFO_new 1493 EXIST::FUNCTION: -d2i_POLICYQUALINFO 1494 EXIST::FUNCTION: -POLICYQUALINFO_free 1495 EXIST::FUNCTION: -i2d_USERNOTICE 1496 EXIST::FUNCTION: -USERNOTICE_new 1497 EXIST::FUNCTION: -d2i_USERNOTICE 1498 EXIST::FUNCTION: -USERNOTICE_free 1499 EXIST::FUNCTION: -i2d_NOTICEREF 1500 EXIST::FUNCTION: -NOTICEREF_new 1501 EXIST::FUNCTION: -d2i_NOTICEREF 1502 EXIST::FUNCTION: -NOTICEREF_free 1503 EXIST::FUNCTION: -X509V3_get_string 1504 EXIST::FUNCTION: -X509V3_get_section 1505 EXIST::FUNCTION: -X509V3_string_free 1506 EXIST::FUNCTION: -X509V3_section_free 1507 EXIST::FUNCTION: -X509V3_set_ctx 1508 EXIST::FUNCTION: -s2i_ASN1_INTEGER 1509 EXIST::FUNCTION: -CRYPTO_set_locked_mem_functions 1510 EXIST::FUNCTION: -CRYPTO_get_locked_mem_functions 1511 EXIST::FUNCTION: -CRYPTO_malloc_locked 1512 EXIST::FUNCTION: -CRYPTO_free_locked 1513 EXIST::FUNCTION: -BN_mod_exp2_mont 1514 EXIST::FUNCTION: -ERR_get_error_line_data 1515 EXIST::FUNCTION: -ERR_peek_error_line_data 1516 EXIST::FUNCTION: -PKCS12_PBE_keyivgen 1517 EXIST::FUNCTION: -X509_ALGOR_dup 1518 EXIST::FUNCTION: -d2i_ASN1_SET_OF_DIST_POINT 1535 NOEXIST::FUNCTION: -i2d_ASN1_SET_OF_DIST_POINT 1536 NOEXIST::FUNCTION: -i2d_CRL_DIST_POINTS 1537 EXIST::FUNCTION: -CRL_DIST_POINTS_new 1538 EXIST::FUNCTION: -CRL_DIST_POINTS_free 1539 EXIST::FUNCTION: -d2i_CRL_DIST_POINTS 1540 EXIST::FUNCTION: -i2d_DIST_POINT 1541 EXIST::FUNCTION: -DIST_POINT_new 1542 EXIST::FUNCTION: -d2i_DIST_POINT 1543 EXIST::FUNCTION: -DIST_POINT_free 1544 EXIST::FUNCTION: -i2d_DIST_POINT_NAME 1545 EXIST::FUNCTION: -DIST_POINT_NAME_new 1546 EXIST::FUNCTION: -DIST_POINT_NAME_free 1547 EXIST::FUNCTION: -d2i_DIST_POINT_NAME 1548 EXIST::FUNCTION: -X509V3_add_value_uchar 1549 EXIST::FUNCTION: -d2i_ASN1_SET_OF_X509_ATTRIBUTE 1555 NOEXIST::FUNCTION: -i2d_ASN1_SET_OF_ASN1_TYPE 1560 NOEXIST::FUNCTION: -d2i_ASN1_SET_OF_X509_EXTENSION 1567 NOEXIST::FUNCTION: -d2i_ASN1_SET_OF_X509_NAME_ENTRY 1574 NOEXIST::FUNCTION: -d2i_ASN1_SET_OF_ASN1_TYPE 1589 NOEXIST::FUNCTION: -i2d_ASN1_SET_OF_X509_ATTRIBUTE 1615 NOEXIST::FUNCTION: -i2d_ASN1_SET_OF_X509_EXTENSION 1624 NOEXIST::FUNCTION: -i2d_ASN1_SET_OF_X509_NAME_ENTRY 1633 NOEXIST::FUNCTION: -X509V3_EXT_i2d 1646 EXIST::FUNCTION: -X509V3_EXT_val_prn 1647 EXIST::FUNCTION: -X509V3_EXT_add_list 1648 EXIST::FUNCTION: -EVP_CIPHER_type 1649 EXIST::FUNCTION: -EVP_PBE_CipherInit 1650 EXIST::FUNCTION: -X509V3_add_value_bool_nf 1651 EXIST::FUNCTION: -d2i_ASN1_UINTEGER 1652 EXIST::FUNCTION: -sk_value 1653 EXIST::FUNCTION: -sk_num 1654 EXIST::FUNCTION: -sk_set 1655 EXIST::FUNCTION: -i2d_ASN1_SET_OF_X509_REVOKED 1661 NOEXIST::FUNCTION: -sk_sort 1671 EXIST::FUNCTION: -d2i_ASN1_SET_OF_X509_REVOKED 1674 NOEXIST::FUNCTION: -i2d_ASN1_SET_OF_X509_ALGOR 1682 NOEXIST::FUNCTION: -i2d_ASN1_SET_OF_X509_CRL 1685 NOEXIST::FUNCTION: -d2i_ASN1_SET_OF_X509_ALGOR 1696 NOEXIST::FUNCTION: -d2i_ASN1_SET_OF_X509_CRL 1702 NOEXIST::FUNCTION: -i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO 1723 NOEXIST::FUNCTION: -i2d_ASN1_SET_OF_PKCS7_RECIP_INFO 1738 NOEXIST::FUNCTION: -d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO 1748 NOEXIST::FUNCTION: -d2i_ASN1_SET_OF_PKCS7_RECIP_INFO 1753 NOEXIST::FUNCTION: -PKCS5_PBE_add 1775 EXIST::FUNCTION: -PEM_write_bio_PKCS8 1776 EXIST::FUNCTION: -i2d_PKCS8_fp 1777 EXIST::FUNCTION:FP_API -PEM_read_bio_PKCS8_PRIV_KEY_INFO 1778 EXIST:!VMS:FUNCTION: -PEM_read_bio_P8_PRIV_KEY_INFO 1778 EXIST:VMS:FUNCTION: -d2i_PKCS8_bio 1779 EXIST::FUNCTION:BIO -d2i_PKCS8_PRIV_KEY_INFO_fp 1780 EXIST::FUNCTION:FP_API -PEM_write_bio_PKCS8_PRIV_KEY_INFO 1781 EXIST:!VMS:FUNCTION: -PEM_write_bio_P8_PRIV_KEY_INFO 1781 EXIST:VMS:FUNCTION: -PEM_read_PKCS8 1782 EXIST:!WIN16:FUNCTION: -d2i_PKCS8_PRIV_KEY_INFO_bio 1783 EXIST::FUNCTION:BIO -d2i_PKCS8_fp 1784 EXIST::FUNCTION:FP_API -PEM_write_PKCS8 1785 EXIST:!WIN16:FUNCTION: -PEM_read_PKCS8_PRIV_KEY_INFO 1786 EXIST:!VMS,!WIN16:FUNCTION: -PEM_read_P8_PRIV_KEY_INFO 1786 EXIST:VMS:FUNCTION: -PEM_read_bio_PKCS8 1787 EXIST::FUNCTION: -PEM_write_PKCS8_PRIV_KEY_INFO 1788 EXIST:!VMS,!WIN16:FUNCTION: -PEM_write_P8_PRIV_KEY_INFO 1788 EXIST:VMS:FUNCTION: -PKCS5_PBE_keyivgen 1789 EXIST::FUNCTION: -i2d_PKCS8_bio 1790 EXIST::FUNCTION:BIO -i2d_PKCS8_PRIV_KEY_INFO_fp 1791 EXIST::FUNCTION:FP_API -i2d_PKCS8_PRIV_KEY_INFO_bio 1792 EXIST::FUNCTION:BIO -BIO_s_bio 1793 EXIST::FUNCTION: -PKCS5_pbe2_set 1794 EXIST::FUNCTION: -PKCS5_PBKDF2_HMAC_SHA1 1795 EXIST::FUNCTION: -PKCS5_v2_PBE_keyivgen 1796 EXIST::FUNCTION: -PEM_write_bio_PKCS8PrivateKey 1797 EXIST::FUNCTION: -PEM_write_PKCS8PrivateKey 1798 EXIST::FUNCTION: -BIO_ctrl_get_read_request 1799 EXIST::FUNCTION: -BIO_ctrl_pending 1800 EXIST::FUNCTION: -BIO_ctrl_wpending 1801 EXIST::FUNCTION: -BIO_new_bio_pair 1802 EXIST::FUNCTION: -BIO_ctrl_get_write_guarantee 1803 EXIST::FUNCTION: -CRYPTO_num_locks 1804 EXIST::FUNCTION: -CONF_load_bio 1805 EXIST::FUNCTION: -CONF_load_fp 1806 EXIST::FUNCTION:FP_API -i2d_ASN1_SET_OF_ASN1_OBJECT 1837 NOEXIST::FUNCTION: -d2i_ASN1_SET_OF_ASN1_OBJECT 1844 NOEXIST::FUNCTION: -PKCS7_signatureVerify 1845 EXIST::FUNCTION: -RSA_set_method 1846 EXIST::FUNCTION:RSA -RSA_get_method 1847 EXIST::FUNCTION:RSA -RSA_get_default_method 1848 EXIST::FUNCTION:RSA -RSA_check_key 1869 EXIST::FUNCTION:RSA -OBJ_obj2txt 1870 EXIST::FUNCTION: -DSA_dup_DH 1871 EXIST::FUNCTION:DH,DSA -X509_REQ_get_extensions 1872 EXIST::FUNCTION: -X509_REQ_set_extension_nids 1873 EXIST::FUNCTION: -BIO_nwrite 1874 EXIST::FUNCTION: -X509_REQ_extension_nid 1875 EXIST::FUNCTION: -BIO_nread 1876 EXIST::FUNCTION: -X509_REQ_get_extension_nids 1877 EXIST::FUNCTION: -BIO_nwrite0 1878 EXIST::FUNCTION: -X509_REQ_add_extensions_nid 1879 EXIST::FUNCTION: -BIO_nread0 1880 EXIST::FUNCTION: -X509_REQ_add_extensions 1881 EXIST::FUNCTION: -BIO_new_mem_buf 1882 EXIST::FUNCTION: -DH_set_ex_data 1883 EXIST::FUNCTION:DH -DH_set_method 1884 EXIST::FUNCTION:DH -DSA_OpenSSL 1885 EXIST::FUNCTION:DSA -DH_get_ex_data 1886 EXIST::FUNCTION:DH -DH_get_ex_new_index 1887 EXIST::FUNCTION:DH -DSA_new_method 1888 EXIST::FUNCTION:DSA -DH_new_method 1889 EXIST::FUNCTION:DH -DH_OpenSSL 1890 EXIST::FUNCTION:DH -DSA_get_ex_new_index 1891 EXIST::FUNCTION:DSA -DH_get_default_method 1892 EXIST::FUNCTION:DH -DSA_set_ex_data 1893 EXIST::FUNCTION:DSA -DH_set_default_method 1894 EXIST::FUNCTION:DH -DSA_get_ex_data 1895 EXIST::FUNCTION:DSA -X509V3_EXT_REQ_add_conf 1896 EXIST::FUNCTION: -NETSCAPE_SPKI_print 1897 EXIST::FUNCTION:EVP -NETSCAPE_SPKI_set_pubkey 1898 EXIST::FUNCTION:EVP -NETSCAPE_SPKI_b64_encode 1899 EXIST::FUNCTION:EVP -NETSCAPE_SPKI_get_pubkey 1900 EXIST::FUNCTION:EVP -NETSCAPE_SPKI_b64_decode 1901 EXIST::FUNCTION:EVP -UTF8_putc 1902 EXIST::FUNCTION: -UTF8_getc 1903 EXIST::FUNCTION: -RSA_null_method 1904 EXIST::FUNCTION:RSA -ASN1_tag2str 1905 EXIST::FUNCTION: -BIO_ctrl_reset_read_request 1906 EXIST::FUNCTION: -DISPLAYTEXT_new 1907 EXIST::FUNCTION: -ASN1_GENERALIZEDTIME_free 1908 EXIST::FUNCTION: -X509_REVOKED_get_ext_d2i 1909 EXIST::FUNCTION: -X509_set_ex_data 1910 EXIST::FUNCTION: -X509_reject_set_bit_asc 1911 NOEXIST::FUNCTION: -X509_NAME_add_entry_by_txt 1912 EXIST::FUNCTION: -X509_NAME_add_entry_by_NID 1914 EXIST::FUNCTION: -X509_PURPOSE_get0 1915 EXIST::FUNCTION: -PEM_read_X509_AUX 1917 EXIST:!WIN16:FUNCTION: -d2i_AUTHORITY_INFO_ACCESS 1918 EXIST::FUNCTION: -PEM_write_PUBKEY 1921 EXIST:!WIN16:FUNCTION: -ACCESS_DESCRIPTION_new 1925 EXIST::FUNCTION: -X509_CERT_AUX_free 1926 EXIST::FUNCTION: -d2i_ACCESS_DESCRIPTION 1927 EXIST::FUNCTION: -X509_trust_clear 1928 EXIST::FUNCTION: -X509_TRUST_add 1931 EXIST::FUNCTION: -ASN1_VISIBLESTRING_new 1932 EXIST::FUNCTION: -X509_alias_set1 1933 EXIST::FUNCTION: -ASN1_PRINTABLESTRING_free 1934 EXIST::FUNCTION: -EVP_PKEY_get1_DSA 1935 EXIST::FUNCTION:DSA -ASN1_BMPSTRING_new 1936 EXIST::FUNCTION: -ASN1_mbstring_copy 1937 EXIST::FUNCTION: -ASN1_UTF8STRING_new 1938 EXIST::FUNCTION: -DSA_get_default_method 1941 EXIST::FUNCTION:DSA -i2d_ASN1_SET_OF_ACCESS_DESCRIPTION 1945 NOEXIST::FUNCTION: -ASN1_T61STRING_free 1946 EXIST::FUNCTION: -DSA_set_method 1949 EXIST::FUNCTION:DSA -X509_get_ex_data 1950 EXIST::FUNCTION: -ASN1_STRING_type 1951 EXIST::FUNCTION: -X509_PURPOSE_get_by_sname 1952 EXIST::FUNCTION: -ASN1_TIME_free 1954 EXIST::FUNCTION: -ASN1_OCTET_STRING_cmp 1955 EXIST::FUNCTION: -ASN1_BIT_STRING_new 1957 EXIST::FUNCTION: -X509_get_ext_d2i 1958 EXIST::FUNCTION: -PEM_read_bio_X509_AUX 1959 EXIST::FUNCTION: -ASN1_STRING_set_default_mask_asc 1960 EXIST:!VMS:FUNCTION: -ASN1_STRING_set_def_mask_asc 1960 EXIST:VMS:FUNCTION: -PEM_write_bio_RSA_PUBKEY 1961 EXIST::FUNCTION:RSA -ASN1_INTEGER_cmp 1963 EXIST::FUNCTION: -d2i_RSA_PUBKEY_fp 1964 EXIST::FUNCTION:FP_API,RSA -X509_trust_set_bit_asc 1967 NOEXIST::FUNCTION: -PEM_write_bio_DSA_PUBKEY 1968 EXIST::FUNCTION:DSA -X509_STORE_CTX_free 1969 EXIST::FUNCTION: -EVP_PKEY_set1_DSA 1970 EXIST::FUNCTION:DSA -i2d_DSA_PUBKEY_fp 1971 EXIST::FUNCTION:DSA,FP_API -X509_load_cert_crl_file 1972 EXIST::FUNCTION:STDIO -ASN1_TIME_new 1973 EXIST::FUNCTION: -i2d_RSA_PUBKEY 1974 EXIST::FUNCTION:RSA -X509_STORE_CTX_purpose_inherit 1976 EXIST::FUNCTION: -PEM_read_RSA_PUBKEY 1977 EXIST:!WIN16:FUNCTION:RSA -d2i_X509_AUX 1980 EXIST::FUNCTION: -i2d_DSA_PUBKEY 1981 EXIST::FUNCTION:DSA -X509_CERT_AUX_print 1982 EXIST::FUNCTION:BIO -PEM_read_DSA_PUBKEY 1984 EXIST:!WIN16:FUNCTION:DSA -i2d_RSA_PUBKEY_bio 1985 EXIST::FUNCTION:BIO,RSA -ASN1_BIT_STRING_num_asc 1986 EXIST::FUNCTION: -i2d_PUBKEY 1987 EXIST::FUNCTION: -ASN1_UTCTIME_free 1988 EXIST::FUNCTION: -DSA_set_default_method 1989 EXIST::FUNCTION:DSA -X509_PURPOSE_get_by_id 1990 EXIST::FUNCTION: -ACCESS_DESCRIPTION_free 1994 EXIST::FUNCTION: -PEM_read_bio_PUBKEY 1995 EXIST::FUNCTION: -ASN1_STRING_set_by_NID 1996 EXIST::FUNCTION: -X509_PURPOSE_get_id 1997 EXIST::FUNCTION: -DISPLAYTEXT_free 1998 EXIST::FUNCTION: -OTHERNAME_new 1999 EXIST::FUNCTION: -X509_CERT_AUX_new 2001 EXIST::FUNCTION: -X509_TRUST_cleanup 2007 EXIST::FUNCTION: -X509_NAME_add_entry_by_OBJ 2008 EXIST::FUNCTION: -X509_CRL_get_ext_d2i 2009 EXIST::FUNCTION: -X509_PURPOSE_get0_name 2011 EXIST::FUNCTION: -PEM_read_PUBKEY 2012 EXIST:!WIN16:FUNCTION: -i2d_DSA_PUBKEY_bio 2014 EXIST::FUNCTION:BIO,DSA -i2d_OTHERNAME 2015 EXIST::FUNCTION: -ASN1_OCTET_STRING_free 2016 EXIST::FUNCTION: -ASN1_BIT_STRING_set_asc 2017 EXIST::FUNCTION: -X509_get_ex_new_index 2019 EXIST::FUNCTION: -ASN1_STRING_TABLE_cleanup 2020 EXIST::FUNCTION: -X509_TRUST_get_by_id 2021 EXIST::FUNCTION: -X509_PURPOSE_get_trust 2022 EXIST::FUNCTION: -ASN1_STRING_length 2023 EXIST::FUNCTION: -d2i_ASN1_SET_OF_ACCESS_DESCRIPTION 2024 NOEXIST::FUNCTION: -ASN1_PRINTABLESTRING_new 2025 EXIST::FUNCTION: -X509V3_get_d2i 2026 EXIST::FUNCTION: -ASN1_ENUMERATED_free 2027 EXIST::FUNCTION: -i2d_X509_CERT_AUX 2028 EXIST::FUNCTION: -X509_STORE_CTX_set_trust 2030 EXIST::FUNCTION: -ASN1_STRING_set_default_mask 2032 EXIST::FUNCTION: -X509_STORE_CTX_new 2033 EXIST::FUNCTION: -EVP_PKEY_get1_RSA 2034 EXIST::FUNCTION:RSA -DIRECTORYSTRING_free 2038 EXIST::FUNCTION: -PEM_write_X509_AUX 2039 EXIST:!WIN16:FUNCTION: -ASN1_OCTET_STRING_set 2040 EXIST::FUNCTION: -d2i_DSA_PUBKEY_fp 2041 EXIST::FUNCTION:DSA,FP_API -d2i_RSA_PUBKEY 2044 EXIST::FUNCTION:RSA -X509_TRUST_get0_name 2046 EXIST::FUNCTION: -X509_TRUST_get0 2047 EXIST::FUNCTION: -AUTHORITY_INFO_ACCESS_free 2048 EXIST::FUNCTION: -ASN1_IA5STRING_new 2049 EXIST::FUNCTION: -d2i_DSA_PUBKEY 2050 EXIST::FUNCTION:DSA -X509_check_purpose 2051 EXIST::FUNCTION: -ASN1_ENUMERATED_new 2052 EXIST::FUNCTION: -d2i_RSA_PUBKEY_bio 2053 EXIST::FUNCTION:BIO,RSA -d2i_PUBKEY 2054 EXIST::FUNCTION: -X509_TRUST_get_trust 2055 EXIST::FUNCTION: -X509_TRUST_get_flags 2056 EXIST::FUNCTION: -ASN1_BMPSTRING_free 2057 EXIST::FUNCTION: -ASN1_T61STRING_new 2058 EXIST::FUNCTION: -ASN1_UTCTIME_new 2060 EXIST::FUNCTION: -i2d_AUTHORITY_INFO_ACCESS 2062 EXIST::FUNCTION: -EVP_PKEY_set1_RSA 2063 EXIST::FUNCTION:RSA -X509_STORE_CTX_set_purpose 2064 EXIST::FUNCTION: -ASN1_IA5STRING_free 2065 EXIST::FUNCTION: -PEM_write_bio_X509_AUX 2066 EXIST::FUNCTION: -X509_PURPOSE_get_count 2067 EXIST::FUNCTION: -CRYPTO_add_info 2068 NOEXIST::FUNCTION: -X509_NAME_ENTRY_create_by_txt 2071 EXIST::FUNCTION: -ASN1_STRING_get_default_mask 2072 EXIST::FUNCTION: -X509_alias_get0 2074 EXIST::FUNCTION: -ASN1_STRING_data 2075 EXIST::FUNCTION: -i2d_ACCESS_DESCRIPTION 2077 EXIST::FUNCTION: -X509_trust_set_bit 2078 NOEXIST::FUNCTION: -ASN1_BIT_STRING_free 2080 EXIST::FUNCTION: -PEM_read_bio_RSA_PUBKEY 2081 EXIST::FUNCTION:RSA -X509_add1_reject_object 2082 EXIST::FUNCTION: -X509_check_trust 2083 EXIST::FUNCTION: -PEM_read_bio_DSA_PUBKEY 2088 EXIST::FUNCTION:DSA -X509_PURPOSE_add 2090 EXIST::FUNCTION: -ASN1_STRING_TABLE_get 2091 EXIST::FUNCTION: -ASN1_UTF8STRING_free 2092 EXIST::FUNCTION: -d2i_DSA_PUBKEY_bio 2093 EXIST::FUNCTION:BIO,DSA -PEM_write_RSA_PUBKEY 2095 EXIST:!WIN16:FUNCTION:RSA -d2i_OTHERNAME 2096 EXIST::FUNCTION: -X509_reject_set_bit 2098 NOEXIST::FUNCTION: -PEM_write_DSA_PUBKEY 2101 EXIST:!WIN16:FUNCTION:DSA -X509_PURPOSE_get0_sname 2105 EXIST::FUNCTION: -EVP_PKEY_set1_DH 2107 EXIST::FUNCTION:DH -ASN1_OCTET_STRING_dup 2108 EXIST::FUNCTION: -ASN1_BIT_STRING_set 2109 EXIST::FUNCTION: -X509_TRUST_get_count 2110 EXIST::FUNCTION: -ASN1_INTEGER_free 2111 EXIST::FUNCTION: -OTHERNAME_free 2112 EXIST::FUNCTION: -i2d_RSA_PUBKEY_fp 2113 EXIST::FUNCTION:FP_API,RSA -ASN1_INTEGER_dup 2114 EXIST::FUNCTION: -d2i_X509_CERT_AUX 2115 EXIST::FUNCTION: -PEM_write_bio_PUBKEY 2117 EXIST::FUNCTION: -ASN1_VISIBLESTRING_free 2118 EXIST::FUNCTION: -X509_PURPOSE_cleanup 2119 EXIST::FUNCTION: -ASN1_mbstring_ncopy 2123 EXIST::FUNCTION: -ASN1_GENERALIZEDTIME_new 2126 EXIST::FUNCTION: -EVP_PKEY_get1_DH 2128 EXIST::FUNCTION:DH -ASN1_OCTET_STRING_new 2130 EXIST::FUNCTION: -ASN1_INTEGER_new 2131 EXIST::FUNCTION: -i2d_X509_AUX 2132 EXIST::FUNCTION: -ASN1_BIT_STRING_name_print 2134 EXIST::FUNCTION:BIO -X509_cmp 2135 EXIST::FUNCTION: -ASN1_STRING_length_set 2136 EXIST::FUNCTION: -DIRECTORYSTRING_new 2137 EXIST::FUNCTION: -X509_add1_trust_object 2140 EXIST::FUNCTION: -PKCS12_newpass 2141 EXIST::FUNCTION: -SMIME_write_PKCS7 2142 EXIST::FUNCTION: -SMIME_read_PKCS7 2143 EXIST::FUNCTION: -DES_set_key_checked 2144 EXIST::FUNCTION:DES -PKCS7_verify 2145 EXIST::FUNCTION: -PKCS7_encrypt 2146 EXIST::FUNCTION: -DES_set_key_unchecked 2147 EXIST::FUNCTION:DES -SMIME_crlf_copy 2148 EXIST::FUNCTION: -i2d_ASN1_PRINTABLESTRING 2149 EXIST::FUNCTION: -PKCS7_get0_signers 2150 EXIST::FUNCTION: -PKCS7_decrypt 2151 EXIST::FUNCTION: -SMIME_text 2152 EXIST::FUNCTION: -PKCS7_simple_smimecap 2153 EXIST::FUNCTION: -PKCS7_get_smimecap 2154 EXIST::FUNCTION: -PKCS7_sign 2155 EXIST::FUNCTION: -PKCS7_add_attrib_smimecap 2156 EXIST::FUNCTION: -CRYPTO_dbg_set_options 2157 EXIST::FUNCTION: -CRYPTO_remove_all_info 2158 EXIST::FUNCTION: -CRYPTO_get_mem_debug_functions 2159 EXIST::FUNCTION: -CRYPTO_is_mem_check_on 2160 EXIST::FUNCTION: -CRYPTO_set_mem_debug_functions 2161 EXIST::FUNCTION: -CRYPTO_pop_info 2162 EXIST::FUNCTION: -CRYPTO_push_info_ 2163 EXIST::FUNCTION: -CRYPTO_set_mem_debug_options 2164 EXIST::FUNCTION: -PEM_write_PKCS8PrivateKey_nid 2165 EXIST::FUNCTION: -PEM_write_bio_PKCS8PrivateKey_nid 2166 EXIST:!VMS:FUNCTION: -PEM_write_bio_PKCS8PrivKey_nid 2166 EXIST:VMS:FUNCTION: -d2i_PKCS8PrivateKey_bio 2167 EXIST::FUNCTION: -ASN1_NULL_free 2168 EXIST::FUNCTION: -d2i_ASN1_NULL 2169 EXIST::FUNCTION: -ASN1_NULL_new 2170 EXIST::FUNCTION: -i2d_PKCS8PrivateKey_bio 2171 EXIST::FUNCTION: -i2d_PKCS8PrivateKey_fp 2172 EXIST::FUNCTION: -i2d_ASN1_NULL 2173 EXIST::FUNCTION: -i2d_PKCS8PrivateKey_nid_fp 2174 EXIST::FUNCTION: -d2i_PKCS8PrivateKey_fp 2175 EXIST::FUNCTION: -i2d_PKCS8PrivateKey_nid_bio 2176 EXIST::FUNCTION: -i2d_PKCS8PrivateKeyInfo_fp 2177 EXIST::FUNCTION:FP_API -i2d_PKCS8PrivateKeyInfo_bio 2178 EXIST::FUNCTION:BIO -PEM_cb 2179 NOEXIST::FUNCTION: -i2d_PrivateKey_fp 2180 EXIST::FUNCTION:FP_API -d2i_PrivateKey_bio 2181 EXIST::FUNCTION:BIO -d2i_PrivateKey_fp 2182 EXIST::FUNCTION:FP_API -i2d_PrivateKey_bio 2183 EXIST::FUNCTION:BIO -X509_reject_clear 2184 EXIST::FUNCTION: -X509_TRUST_set_default 2185 EXIST::FUNCTION: -d2i_AutoPrivateKey 2186 EXIST::FUNCTION: -X509_ATTRIBUTE_get0_type 2187 EXIST::FUNCTION: -X509_ATTRIBUTE_set1_data 2188 EXIST::FUNCTION: -X509at_get_attr 2189 EXIST::FUNCTION: -X509at_get_attr_count 2190 EXIST::FUNCTION: -X509_ATTRIBUTE_create_by_NID 2191 EXIST::FUNCTION: -X509_ATTRIBUTE_set1_object 2192 EXIST::FUNCTION: -X509_ATTRIBUTE_count 2193 EXIST::FUNCTION: -X509_ATTRIBUTE_create_by_OBJ 2194 EXIST::FUNCTION: -X509_ATTRIBUTE_get0_object 2195 EXIST::FUNCTION: -X509at_get_attr_by_NID 2196 EXIST::FUNCTION: -X509at_add1_attr 2197 EXIST::FUNCTION: -X509_ATTRIBUTE_get0_data 2198 EXIST::FUNCTION: -X509at_delete_attr 2199 EXIST::FUNCTION: -X509at_get_attr_by_OBJ 2200 EXIST::FUNCTION: -RAND_add 2201 EXIST::FUNCTION: -BIO_number_written 2202 EXIST::FUNCTION: -BIO_number_read 2203 EXIST::FUNCTION: -X509_STORE_CTX_get1_chain 2204 EXIST::FUNCTION: -ERR_load_RAND_strings 2205 EXIST::FUNCTION: -RAND_pseudo_bytes 2206 EXIST::FUNCTION: -X509_REQ_get_attr_by_NID 2207 EXIST::FUNCTION: -X509_REQ_get_attr 2208 EXIST::FUNCTION: -X509_REQ_add1_attr_by_NID 2209 EXIST::FUNCTION: -X509_REQ_get_attr_by_OBJ 2210 EXIST::FUNCTION: -X509at_add1_attr_by_NID 2211 EXIST::FUNCTION: -X509_REQ_add1_attr_by_OBJ 2212 EXIST::FUNCTION: -X509_REQ_get_attr_count 2213 EXIST::FUNCTION: -X509_REQ_add1_attr 2214 EXIST::FUNCTION: -X509_REQ_delete_attr 2215 EXIST::FUNCTION: -X509at_add1_attr_by_OBJ 2216 EXIST::FUNCTION: -X509_REQ_add1_attr_by_txt 2217 EXIST::FUNCTION: -X509_ATTRIBUTE_create_by_txt 2218 EXIST::FUNCTION: -X509at_add1_attr_by_txt 2219 EXIST::FUNCTION: -BN_pseudo_rand 2239 EXIST::FUNCTION: -BN_is_prime_fasttest 2240 EXIST::FUNCTION: -BN_CTX_end 2241 EXIST::FUNCTION: -BN_CTX_start 2242 EXIST::FUNCTION: -BN_CTX_get 2243 EXIST::FUNCTION: -EVP_PKEY2PKCS8_broken 2244 EXIST::FUNCTION: -ASN1_STRING_TABLE_add 2245 EXIST::FUNCTION: -CRYPTO_dbg_get_options 2246 EXIST::FUNCTION: -AUTHORITY_INFO_ACCESS_new 2247 EXIST::FUNCTION: -CRYPTO_get_mem_debug_options 2248 EXIST::FUNCTION: -DES_crypt 2249 EXIST::FUNCTION:DES -PEM_write_bio_X509_REQ_NEW 2250 EXIST::FUNCTION: -PEM_write_X509_REQ_NEW 2251 EXIST:!WIN16:FUNCTION: -BIO_callback_ctrl 2252 EXIST::FUNCTION: -RAND_egd 2253 EXIST::FUNCTION: -RAND_status 2254 EXIST::FUNCTION: -bn_dump1 2255 NOEXIST::FUNCTION: -DES_check_key_parity 2256 EXIST::FUNCTION:DES -lh_num_items 2257 EXIST::FUNCTION: -RAND_event 2258 EXIST:WIN32:FUNCTION: -DSO_new 2259 EXIST::FUNCTION: -DSO_new_method 2260 EXIST::FUNCTION: -DSO_free 2261 EXIST::FUNCTION: -DSO_flags 2262 EXIST::FUNCTION: -DSO_up 2263 NOEXIST::FUNCTION: -DSO_set_default_method 2264 EXIST::FUNCTION: -DSO_get_default_method 2265 EXIST::FUNCTION: -DSO_get_method 2266 EXIST::FUNCTION: -DSO_set_method 2267 EXIST::FUNCTION: -DSO_load 2268 EXIST::FUNCTION: -DSO_bind_var 2269 EXIST::FUNCTION: -DSO_METHOD_null 2270 EXIST::FUNCTION: -DSO_METHOD_openssl 2271 EXIST::FUNCTION: -DSO_METHOD_dlfcn 2272 EXIST::FUNCTION: -DSO_METHOD_win32 2273 EXIST::FUNCTION: -ERR_load_DSO_strings 2274 EXIST::FUNCTION: -DSO_METHOD_dl 2275 EXIST::FUNCTION: -NCONF_load 2276 EXIST::FUNCTION: -NCONF_load_fp 2278 EXIST::FUNCTION:FP_API -NCONF_new 2279 EXIST::FUNCTION: -NCONF_get_string 2280 EXIST::FUNCTION: -NCONF_free 2281 EXIST::FUNCTION: -NCONF_get_number 2282 NOEXIST::FUNCTION: -CONF_dump_fp 2283 EXIST::FUNCTION: -NCONF_load_bio 2284 EXIST::FUNCTION: -NCONF_dump_fp 2285 EXIST::FUNCTION: -NCONF_get_section 2286 EXIST::FUNCTION: -NCONF_dump_bio 2287 EXIST::FUNCTION: -CONF_dump_bio 2288 EXIST::FUNCTION: -NCONF_free_data 2289 EXIST::FUNCTION: -CONF_set_default_method 2290 EXIST::FUNCTION: -ERR_error_string_n 2291 EXIST::FUNCTION: -BIO_snprintf 2292 EXIST::FUNCTION: -DSO_ctrl 2293 EXIST::FUNCTION: -i2d_ASN1_SET_OF_ASN1_INTEGER 2317 NOEXIST::FUNCTION: -i2d_ASN1_SET_OF_PKCS12_SAFEBAG 2320 NOEXIST::FUNCTION: -i2d_ASN1_SET_OF_PKCS7 2328 NOEXIST::FUNCTION: -BIO_vfree 2334 EXIST::FUNCTION: -d2i_ASN1_SET_OF_ASN1_INTEGER 2339 NOEXIST::FUNCTION: -d2i_ASN1_SET_OF_PKCS12_SAFEBAG 2341 NOEXIST::FUNCTION: -ASN1_UTCTIME_get 2350 NOEXIST::FUNCTION: -X509_REQ_digest 2362 EXIST::FUNCTION:EVP -X509_CRL_digest 2391 EXIST::FUNCTION:EVP -d2i_ASN1_SET_OF_PKCS7 2397 NOEXIST::FUNCTION: -EVP_CIPHER_CTX_set_key_length 2399 EXIST::FUNCTION: -EVP_CIPHER_CTX_ctrl 2400 EXIST::FUNCTION: -BN_mod_exp_mont_word 2401 EXIST::FUNCTION: -RAND_egd_bytes 2402 EXIST::FUNCTION: -X509_REQ_get1_email 2403 EXIST::FUNCTION: -X509_get1_email 2404 EXIST::FUNCTION: -X509_email_free 2405 EXIST::FUNCTION: -i2d_RSA_NET 2406 EXIST::FUNCTION:RSA -d2i_RSA_NET_2 2407 NOEXIST::FUNCTION: -d2i_RSA_NET 2408 EXIST::FUNCTION:RSA -DSO_bind_func 2409 EXIST::FUNCTION: -CRYPTO_get_new_dynlockid 2410 EXIST::FUNCTION: -sk_new_null 2411 EXIST::FUNCTION: -CRYPTO_set_dynlock_destroy_callback 2412 EXIST:!VMS:FUNCTION: -CRYPTO_set_dynlock_destroy_cb 2412 EXIST:VMS:FUNCTION: -CRYPTO_destroy_dynlockid 2413 EXIST::FUNCTION: -CRYPTO_set_dynlock_size 2414 NOEXIST::FUNCTION: -CRYPTO_set_dynlock_create_callback 2415 EXIST:!VMS:FUNCTION: -CRYPTO_set_dynlock_create_cb 2415 EXIST:VMS:FUNCTION: -CRYPTO_set_dynlock_lock_callback 2416 EXIST:!VMS:FUNCTION: -CRYPTO_set_dynlock_lock_cb 2416 EXIST:VMS:FUNCTION: -CRYPTO_get_dynlock_lock_callback 2417 EXIST:!VMS:FUNCTION: -CRYPTO_get_dynlock_lock_cb 2417 EXIST:VMS:FUNCTION: -CRYPTO_get_dynlock_destroy_callback 2418 EXIST:!VMS:FUNCTION: -CRYPTO_get_dynlock_destroy_cb 2418 EXIST:VMS:FUNCTION: -CRYPTO_get_dynlock_value 2419 EXIST::FUNCTION: -CRYPTO_get_dynlock_create_callback 2420 EXIST:!VMS:FUNCTION: -CRYPTO_get_dynlock_create_cb 2420 EXIST:VMS:FUNCTION: -c2i_ASN1_BIT_STRING 2421 EXIST::FUNCTION: -i2c_ASN1_BIT_STRING 2422 EXIST::FUNCTION: -RAND_poll 2423 EXIST::FUNCTION: -c2i_ASN1_INTEGER 2424 EXIST::FUNCTION: -i2c_ASN1_INTEGER 2425 EXIST::FUNCTION: -BIO_dump_indent 2426 EXIST::FUNCTION: -ASN1_parse_dump 2427 EXIST::FUNCTION:BIO -c2i_ASN1_OBJECT 2428 EXIST::FUNCTION: -X509_NAME_print_ex_fp 2429 EXIST::FUNCTION:FP_API -ASN1_STRING_print_ex_fp 2430 EXIST::FUNCTION:FP_API -X509_NAME_print_ex 2431 EXIST::FUNCTION:BIO -ASN1_STRING_print_ex 2432 EXIST::FUNCTION:BIO -MD4 2433 EXIST::FUNCTION:MD4 -MD4_Transform 2434 EXIST::FUNCTION:MD4 -MD4_Final 2435 EXIST::FUNCTION:MD4 -MD4_Update 2436 EXIST::FUNCTION:MD4 -MD4_Init 2437 EXIST::FUNCTION:MD4 -EVP_md4 2438 EXIST::FUNCTION:MD4 -i2d_PUBKEY_bio 2439 EXIST::FUNCTION:BIO -i2d_PUBKEY_fp 2440 EXIST::FUNCTION:FP_API -d2i_PUBKEY_bio 2441 EXIST::FUNCTION:BIO -ASN1_STRING_to_UTF8 2442 EXIST::FUNCTION: -BIO_vprintf 2443 EXIST::FUNCTION: -BIO_vsnprintf 2444 EXIST::FUNCTION: -d2i_PUBKEY_fp 2445 EXIST::FUNCTION:FP_API -X509_cmp_time 2446 EXIST::FUNCTION: -X509_STORE_CTX_set_time 2447 EXIST::FUNCTION: -X509_STORE_CTX_get1_issuer 2448 EXIST::FUNCTION: -X509_OBJECT_retrieve_match 2449 EXIST::FUNCTION: -X509_OBJECT_idx_by_subject 2450 EXIST::FUNCTION: -X509_STORE_CTX_set_flags 2451 EXIST::FUNCTION: -X509_STORE_CTX_trusted_stack 2452 EXIST::FUNCTION: -X509_time_adj 2453 EXIST::FUNCTION: -X509_check_issued 2454 EXIST::FUNCTION: -ASN1_UTCTIME_cmp_time_t 2455 EXIST::FUNCTION: -DES_set_weak_key_flag 2456 NOEXIST::FUNCTION: -DES_check_key 2457 NOEXIST::FUNCTION: -DES_rw_mode 2458 NOEXIST::FUNCTION: -RSA_PKCS1_RSAref 2459 NOEXIST::FUNCTION: -X509_keyid_set1 2460 EXIST::FUNCTION: -BIO_next 2461 EXIST::FUNCTION: -DSO_METHOD_vms 2462 EXIST::FUNCTION: -BIO_f_linebuffer 2463 EXIST:VMS:FUNCTION: -BN_bntest_rand 2464 EXIST::FUNCTION: -OPENSSL_issetugid 2465 EXIST::FUNCTION: -BN_rand_range 2466 EXIST::FUNCTION: -ERR_load_ENGINE_strings 2467 EXIST::FUNCTION: -ENGINE_set_DSA 2468 EXIST::FUNCTION: -ENGINE_get_finish_function 2469 EXIST::FUNCTION: -ENGINE_get_default_RSA 2470 EXIST::FUNCTION: -ENGINE_get_BN_mod_exp 2471 NOEXIST::FUNCTION: -DSA_get_default_openssl_method 2472 NOEXIST::FUNCTION: -ENGINE_set_DH 2473 EXIST::FUNCTION: -ENGINE_set_def_BN_mod_exp_crt 2474 NOEXIST::FUNCTION: -ENGINE_set_default_BN_mod_exp_crt 2474 NOEXIST::FUNCTION: -ENGINE_init 2475 EXIST::FUNCTION: -DH_get_default_openssl_method 2476 NOEXIST::FUNCTION: -RSA_set_default_openssl_method 2477 NOEXIST::FUNCTION: -ENGINE_finish 2478 EXIST::FUNCTION: -ENGINE_load_public_key 2479 EXIST::FUNCTION: -ENGINE_get_DH 2480 EXIST::FUNCTION: -ENGINE_ctrl 2481 EXIST::FUNCTION: -ENGINE_get_init_function 2482 EXIST::FUNCTION: -ENGINE_set_init_function 2483 EXIST::FUNCTION: -ENGINE_set_default_DSA 2484 EXIST::FUNCTION: -ENGINE_get_name 2485 EXIST::FUNCTION: -ENGINE_get_last 2486 EXIST::FUNCTION: -ENGINE_get_prev 2487 EXIST::FUNCTION: -ENGINE_get_default_DH 2488 EXIST::FUNCTION: -ENGINE_get_RSA 2489 EXIST::FUNCTION: -ENGINE_set_default 2490 EXIST::FUNCTION: -ENGINE_get_RAND 2491 EXIST::FUNCTION: -ENGINE_get_first 2492 EXIST::FUNCTION: -ENGINE_by_id 2493 EXIST::FUNCTION: -ENGINE_set_finish_function 2494 EXIST::FUNCTION: -ENGINE_get_def_BN_mod_exp_crt 2495 NOEXIST::FUNCTION: -ENGINE_get_default_BN_mod_exp_crt 2495 NOEXIST::FUNCTION: -RSA_get_default_openssl_method 2496 NOEXIST::FUNCTION: -ENGINE_set_RSA 2497 EXIST::FUNCTION: -ENGINE_load_private_key 2498 EXIST::FUNCTION: -ENGINE_set_default_RAND 2499 EXIST::FUNCTION: -ENGINE_set_BN_mod_exp 2500 NOEXIST::FUNCTION: -ENGINE_remove 2501 EXIST::FUNCTION: -ENGINE_free 2502 EXIST::FUNCTION: -ENGINE_get_BN_mod_exp_crt 2503 NOEXIST::FUNCTION: -ENGINE_get_next 2504 EXIST::FUNCTION: -ENGINE_set_name 2505 EXIST::FUNCTION: -ENGINE_get_default_DSA 2506 EXIST::FUNCTION: -ENGINE_set_default_BN_mod_exp 2507 NOEXIST::FUNCTION: -ENGINE_set_default_RSA 2508 EXIST::FUNCTION: -ENGINE_get_default_RAND 2509 EXIST::FUNCTION: -ENGINE_get_default_BN_mod_exp 2510 NOEXIST::FUNCTION: -ENGINE_set_RAND 2511 EXIST::FUNCTION: -ENGINE_set_id 2512 EXIST::FUNCTION: -ENGINE_set_BN_mod_exp_crt 2513 NOEXIST::FUNCTION: -ENGINE_set_default_DH 2514 EXIST::FUNCTION: -ENGINE_new 2515 EXIST::FUNCTION: -ENGINE_get_id 2516 EXIST::FUNCTION: -DSA_set_default_openssl_method 2517 NOEXIST::FUNCTION: -ENGINE_add 2518 EXIST::FUNCTION: -DH_set_default_openssl_method 2519 NOEXIST::FUNCTION: -ENGINE_get_DSA 2520 EXIST::FUNCTION: -ENGINE_get_ctrl_function 2521 EXIST::FUNCTION: -ENGINE_set_ctrl_function 2522 EXIST::FUNCTION: -BN_pseudo_rand_range 2523 EXIST::FUNCTION: -X509_STORE_CTX_set_verify_cb 2524 EXIST::FUNCTION: -ERR_load_COMP_strings 2525 EXIST::FUNCTION: -PKCS12_item_decrypt_d2i 2526 EXIST::FUNCTION: -ASN1_UTF8STRING_it 2527 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASN1_UTF8STRING_it 2527 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_unregister_ciphers 2528 EXIST::FUNCTION: -ENGINE_get_ciphers 2529 EXIST::FUNCTION: -d2i_OCSP_BASICRESP 2530 EXIST::FUNCTION: -KRB5_CHECKSUM_it 2531 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -KRB5_CHECKSUM_it 2531 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -EC_POINT_add 2532 EXIST::FUNCTION:EC -ASN1_item_ex_i2d 2533 EXIST::FUNCTION: -OCSP_CERTID_it 2534 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -OCSP_CERTID_it 2534 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -d2i_OCSP_RESPBYTES 2535 EXIST::FUNCTION: -X509V3_add1_i2d 2536 EXIST::FUNCTION: -PKCS7_ENVELOPE_it 2537 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -PKCS7_ENVELOPE_it 2537 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -UI_add_input_boolean 2538 EXIST::FUNCTION: -ENGINE_unregister_RSA 2539 EXIST::FUNCTION: -X509V3_EXT_nconf 2540 EXIST::FUNCTION: -ASN1_GENERALSTRING_free 2541 EXIST::FUNCTION: -d2i_OCSP_CERTSTATUS 2542 EXIST::FUNCTION: -X509_REVOKED_set_serialNumber 2543 EXIST::FUNCTION: -X509_print_ex 2544 EXIST::FUNCTION:BIO -OCSP_ONEREQ_get1_ext_d2i 2545 EXIST::FUNCTION: -ENGINE_register_all_RAND 2546 EXIST::FUNCTION: -ENGINE_load_dynamic 2547 EXIST::FUNCTION: -PBKDF2PARAM_it 2548 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -PBKDF2PARAM_it 2548 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -EXTENDED_KEY_USAGE_new 2549 EXIST::FUNCTION: -EC_GROUP_clear_free 2550 EXIST::FUNCTION:EC -OCSP_sendreq_bio 2551 EXIST::FUNCTION: -ASN1_item_digest 2552 EXIST::FUNCTION:EVP -OCSP_BASICRESP_delete_ext 2553 EXIST::FUNCTION: -OCSP_SIGNATURE_it 2554 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -OCSP_SIGNATURE_it 2554 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -X509_CRL_it 2555 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -X509_CRL_it 2555 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -OCSP_BASICRESP_add_ext 2556 EXIST::FUNCTION: -KRB5_ENCKEY_it 2557 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -KRB5_ENCKEY_it 2557 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -UI_method_set_closer 2558 EXIST::FUNCTION: -X509_STORE_set_purpose 2559 EXIST::FUNCTION: -i2d_ASN1_GENERALSTRING 2560 EXIST::FUNCTION: -OCSP_response_status 2561 EXIST::FUNCTION: -i2d_OCSP_SERVICELOC 2562 EXIST::FUNCTION: -ENGINE_get_digest_engine 2563 EXIST::FUNCTION: -EC_GROUP_set_curve_GFp 2564 EXIST::FUNCTION:EC -OCSP_REQUEST_get_ext_by_OBJ 2565 EXIST::FUNCTION: -_ossl_old_des_random_key 2566 EXIST::FUNCTION:DES -ASN1_T61STRING_it 2567 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASN1_T61STRING_it 2567 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -EC_GROUP_method_of 2568 EXIST::FUNCTION:EC -i2d_KRB5_APREQ 2569 EXIST::FUNCTION: -_ossl_old_des_encrypt 2570 EXIST::FUNCTION:DES -ASN1_PRINTABLE_new 2571 EXIST::FUNCTION: -HMAC_Init_ex 2572 EXIST::FUNCTION:HMAC -d2i_KRB5_AUTHENT 2573 EXIST::FUNCTION: -OCSP_archive_cutoff_new 2574 EXIST::FUNCTION: -EC_POINT_set_Jprojective_coordinates_GFp 2575 EXIST:!VMS:FUNCTION:EC -EC_POINT_set_Jproj_coords_GFp 2575 EXIST:VMS:FUNCTION:EC -_ossl_old_des_is_weak_key 2576 EXIST::FUNCTION:DES -OCSP_BASICRESP_get_ext_by_OBJ 2577 EXIST::FUNCTION: -EC_POINT_oct2point 2578 EXIST::FUNCTION:EC -OCSP_SINGLERESP_get_ext_count 2579 EXIST::FUNCTION: -UI_ctrl 2580 EXIST::FUNCTION: -_shadow_DES_rw_mode 2581 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DES -_shadow_DES_rw_mode 2581 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DES -asn1_do_adb 2582 EXIST::FUNCTION: -ASN1_template_i2d 2583 EXIST::FUNCTION: -ENGINE_register_DH 2584 EXIST::FUNCTION: -UI_construct_prompt 2585 EXIST::FUNCTION: -X509_STORE_set_trust 2586 EXIST::FUNCTION: -UI_dup_input_string 2587 EXIST::FUNCTION: -d2i_KRB5_APREQ 2588 EXIST::FUNCTION: -EVP_MD_CTX_copy_ex 2589 EXIST::FUNCTION: -OCSP_request_is_signed 2590 EXIST::FUNCTION: -i2d_OCSP_REQINFO 2591 EXIST::FUNCTION: -KRB5_ENCKEY_free 2592 EXIST::FUNCTION: -OCSP_resp_get0 2593 EXIST::FUNCTION: -GENERAL_NAME_it 2594 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -GENERAL_NAME_it 2594 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ASN1_GENERALIZEDTIME_it 2595 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASN1_GENERALIZEDTIME_it 2595 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -X509_STORE_set_flags 2596 EXIST::FUNCTION: -EC_POINT_set_compressed_coordinates_GFp 2597 EXIST:!VMS:FUNCTION:EC -EC_POINT_set_compr_coords_GFp 2597 EXIST:VMS:FUNCTION:EC -OCSP_response_status_str 2598 EXIST::FUNCTION: -d2i_OCSP_REVOKEDINFO 2599 EXIST::FUNCTION: -OCSP_basic_add1_cert 2600 EXIST::FUNCTION: -ERR_get_implementation 2601 EXIST::FUNCTION: -EVP_CipherFinal_ex 2602 EXIST::FUNCTION: -OCSP_CERTSTATUS_new 2603 EXIST::FUNCTION: -CRYPTO_cleanup_all_ex_data 2604 EXIST::FUNCTION: -OCSP_resp_find 2605 EXIST::FUNCTION: -BN_nnmod 2606 EXIST::FUNCTION: -X509_CRL_sort 2607 EXIST::FUNCTION: -X509_REVOKED_set_revocationDate 2608 EXIST::FUNCTION: -ENGINE_register_RAND 2609 EXIST::FUNCTION: -OCSP_SERVICELOC_new 2610 EXIST::FUNCTION: -EC_POINT_set_affine_coordinates_GFp 2611 EXIST:!VMS:FUNCTION:EC -EC_POINT_set_affine_coords_GFp 2611 EXIST:VMS:FUNCTION:EC -_ossl_old_des_options 2612 EXIST::FUNCTION:DES -SXNET_it 2613 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -SXNET_it 2613 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -UI_dup_input_boolean 2614 EXIST::FUNCTION: -PKCS12_add_CSPName_asc 2615 EXIST::FUNCTION: -EC_POINT_is_at_infinity 2616 EXIST::FUNCTION:EC -ENGINE_load_openbsd_dev_crypto 2617 EXIST::FUNCTION: -DSO_convert_filename 2618 EXIST::FUNCTION: -POLICYQUALINFO_it 2619 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -POLICYQUALINFO_it 2619 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_register_ciphers 2620 EXIST::FUNCTION: -BN_mod_lshift_quick 2621 EXIST::FUNCTION: -DSO_set_filename 2622 EXIST::FUNCTION: -ASN1_item_free 2623 EXIST::FUNCTION: -KRB5_TKTBODY_free 2624 EXIST::FUNCTION: -AUTHORITY_KEYID_it 2625 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -AUTHORITY_KEYID_it 2625 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -KRB5_APREQBODY_new 2626 EXIST::FUNCTION: -X509V3_EXT_REQ_add_nconf 2627 EXIST::FUNCTION: -ENGINE_ctrl_cmd_string 2628 EXIST::FUNCTION: -i2d_OCSP_RESPDATA 2629 EXIST::FUNCTION: -EVP_MD_CTX_init 2630 EXIST::FUNCTION: -EXTENDED_KEY_USAGE_free 2631 EXIST::FUNCTION: -PKCS7_ATTR_SIGN_it 2632 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -PKCS7_ATTR_SIGN_it 2632 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -UI_add_error_string 2633 EXIST::FUNCTION: -KRB5_CHECKSUM_free 2634 EXIST::FUNCTION: -OCSP_REQUEST_get_ext 2635 EXIST::FUNCTION: -ENGINE_load_ubsec 2636 EXIST::FUNCTION: -ENGINE_register_all_digests 2637 EXIST::FUNCTION: -PKEY_USAGE_PERIOD_it 2638 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -PKEY_USAGE_PERIOD_it 2638 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -PKCS12_unpack_authsafes 2639 EXIST::FUNCTION: -ASN1_item_unpack 2640 EXIST::FUNCTION: -NETSCAPE_SPKAC_it 2641 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -NETSCAPE_SPKAC_it 2641 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -X509_REVOKED_it 2642 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -X509_REVOKED_it 2642 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ASN1_STRING_encode 2643 EXIST::FUNCTION: -EVP_aes_128_ecb 2644 EXIST::FUNCTION:AES -KRB5_AUTHENT_free 2645 EXIST::FUNCTION: -OCSP_BASICRESP_get_ext_by_critical 2646 EXIST:!VMS:FUNCTION: -OCSP_BASICRESP_get_ext_by_crit 2646 EXIST:VMS:FUNCTION: -OCSP_cert_status_str 2647 EXIST::FUNCTION: -d2i_OCSP_REQUEST 2648 EXIST::FUNCTION: -UI_dup_info_string 2649 EXIST::FUNCTION: -_ossl_old_des_xwhite_in2out 2650 EXIST::FUNCTION:DES -PKCS12_it 2651 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -PKCS12_it 2651 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -OCSP_SINGLERESP_get_ext_by_critical 2652 EXIST:!VMS:FUNCTION: -OCSP_SINGLERESP_get_ext_by_crit 2652 EXIST:VMS:FUNCTION: -OCSP_CERTSTATUS_free 2653 EXIST::FUNCTION: -_ossl_old_des_crypt 2654 EXIST::FUNCTION:DES -ASN1_item_i2d 2655 EXIST::FUNCTION: -EVP_DecryptFinal_ex 2656 EXIST::FUNCTION: -ENGINE_load_openssl 2657 EXIST::FUNCTION: -ENGINE_get_cmd_defns 2658 EXIST::FUNCTION: -ENGINE_set_load_privkey_function 2659 EXIST:!VMS:FUNCTION: -ENGINE_set_load_privkey_fn 2659 EXIST:VMS:FUNCTION: -EVP_EncryptFinal_ex 2660 EXIST::FUNCTION: -ENGINE_set_default_digests 2661 EXIST::FUNCTION: -X509_get0_pubkey_bitstr 2662 EXIST::FUNCTION: -asn1_ex_i2c 2663 EXIST::FUNCTION: -ENGINE_register_RSA 2664 EXIST::FUNCTION: -ENGINE_unregister_DSA 2665 EXIST::FUNCTION: -_ossl_old_des_key_sched 2666 EXIST::FUNCTION:DES -X509_EXTENSION_it 2667 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -X509_EXTENSION_it 2667 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -i2d_KRB5_AUTHENT 2668 EXIST::FUNCTION: -SXNETID_it 2669 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -SXNETID_it 2669 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -d2i_OCSP_SINGLERESP 2670 EXIST::FUNCTION: -EDIPARTYNAME_new 2671 EXIST::FUNCTION: -PKCS12_certbag2x509 2672 EXIST::FUNCTION: -_ossl_old_des_ofb64_encrypt 2673 EXIST::FUNCTION:DES -d2i_EXTENDED_KEY_USAGE 2674 EXIST::FUNCTION: -ERR_print_errors_cb 2675 EXIST::FUNCTION: -ENGINE_set_ciphers 2676 EXIST::FUNCTION: -d2i_KRB5_APREQBODY 2677 EXIST::FUNCTION: -UI_method_get_flusher 2678 EXIST::FUNCTION: -X509_PUBKEY_it 2679 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -X509_PUBKEY_it 2679 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -_ossl_old_des_enc_read 2680 EXIST::FUNCTION:DES -PKCS7_ENCRYPT_it 2681 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -PKCS7_ENCRYPT_it 2681 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -i2d_OCSP_RESPONSE 2682 EXIST::FUNCTION: -EC_GROUP_get_cofactor 2683 EXIST::FUNCTION:EC -PKCS12_unpack_p7data 2684 EXIST::FUNCTION: -d2i_KRB5_AUTHDATA 2685 EXIST::FUNCTION: -OCSP_copy_nonce 2686 EXIST::FUNCTION: -KRB5_AUTHDATA_new 2687 EXIST::FUNCTION: -OCSP_RESPDATA_new 2688 EXIST::FUNCTION: -EC_GFp_mont_method 2689 EXIST::FUNCTION:EC -OCSP_REVOKEDINFO_free 2690 EXIST::FUNCTION: -UI_get_ex_data 2691 EXIST::FUNCTION: -KRB5_APREQBODY_free 2692 EXIST::FUNCTION: -EC_GROUP_get0_generator 2693 EXIST::FUNCTION:EC -UI_get_default_method 2694 EXIST::FUNCTION: -X509V3_set_nconf 2695 EXIST::FUNCTION: -PKCS12_item_i2d_encrypt 2696 EXIST::FUNCTION: -X509_add1_ext_i2d 2697 EXIST::FUNCTION: -PKCS7_SIGNER_INFO_it 2698 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -PKCS7_SIGNER_INFO_it 2698 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -KRB5_PRINCNAME_new 2699 EXIST::FUNCTION: -PKCS12_SAFEBAG_it 2700 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -PKCS12_SAFEBAG_it 2700 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -EC_GROUP_get_order 2701 EXIST::FUNCTION:EC -d2i_OCSP_RESPID 2702 EXIST::FUNCTION: -OCSP_request_verify 2703 EXIST::FUNCTION: -NCONF_get_number_e 2704 EXIST::FUNCTION: -_ossl_old_des_decrypt3 2705 EXIST::FUNCTION:DES -X509_signature_print 2706 EXIST::FUNCTION:EVP -OCSP_SINGLERESP_free 2707 EXIST::FUNCTION: -ENGINE_load_builtin_engines 2708 EXIST::FUNCTION: -i2d_OCSP_ONEREQ 2709 EXIST::FUNCTION: -OCSP_REQUEST_add_ext 2710 EXIST::FUNCTION: -OCSP_RESPBYTES_new 2711 EXIST::FUNCTION: -EVP_MD_CTX_create 2712 EXIST::FUNCTION: -OCSP_resp_find_status 2713 EXIST::FUNCTION: -X509_ALGOR_it 2714 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -X509_ALGOR_it 2714 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ASN1_TIME_it 2715 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASN1_TIME_it 2715 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -OCSP_request_set1_name 2716 EXIST::FUNCTION: -OCSP_ONEREQ_get_ext_count 2717 EXIST::FUNCTION: -UI_get0_result 2718 EXIST::FUNCTION: -PKCS12_AUTHSAFES_it 2719 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -PKCS12_AUTHSAFES_it 2719 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -EVP_aes_256_ecb 2720 EXIST::FUNCTION:AES -PKCS12_pack_authsafes 2721 EXIST::FUNCTION: -ASN1_IA5STRING_it 2722 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASN1_IA5STRING_it 2722 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -UI_get_input_flags 2723 EXIST::FUNCTION: -EC_GROUP_set_generator 2724 EXIST::FUNCTION:EC -_ossl_old_des_string_to_2keys 2725 EXIST::FUNCTION:DES -OCSP_CERTID_free 2726 EXIST::FUNCTION: -X509_CERT_AUX_it 2727 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -X509_CERT_AUX_it 2727 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -CERTIFICATEPOLICIES_it 2728 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -CERTIFICATEPOLICIES_it 2728 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -_ossl_old_des_ede3_cbc_encrypt 2729 EXIST::FUNCTION:DES -RAND_set_rand_engine 2730 EXIST::FUNCTION: -DSO_get_loaded_filename 2731 EXIST::FUNCTION: -X509_ATTRIBUTE_it 2732 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -X509_ATTRIBUTE_it 2732 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -OCSP_ONEREQ_get_ext_by_NID 2733 EXIST::FUNCTION: -PKCS12_decrypt_skey 2734 EXIST::FUNCTION: -KRB5_AUTHENT_it 2735 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -KRB5_AUTHENT_it 2735 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -UI_dup_error_string 2736 EXIST::FUNCTION: -RSAPublicKey_it 2737 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA -RSAPublicKey_it 2737 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA -i2d_OCSP_REQUEST 2738 EXIST::FUNCTION: -PKCS12_x509crl2certbag 2739 EXIST::FUNCTION: -OCSP_SERVICELOC_it 2740 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -OCSP_SERVICELOC_it 2740 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ASN1_item_sign 2741 EXIST::FUNCTION:EVP -X509_CRL_set_issuer_name 2742 EXIST::FUNCTION: -OBJ_NAME_do_all_sorted 2743 EXIST::FUNCTION: -i2d_OCSP_BASICRESP 2744 EXIST::FUNCTION: -i2d_OCSP_RESPBYTES 2745 EXIST::FUNCTION: -PKCS12_unpack_p7encdata 2746 EXIST::FUNCTION: -HMAC_CTX_init 2747 EXIST::FUNCTION:HMAC -ENGINE_get_digest 2748 EXIST::FUNCTION: -OCSP_RESPONSE_print 2749 EXIST::FUNCTION: -KRB5_TKTBODY_it 2750 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -KRB5_TKTBODY_it 2750 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ACCESS_DESCRIPTION_it 2751 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ACCESS_DESCRIPTION_it 2751 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -PKCS7_ISSUER_AND_SERIAL_it 2752 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -PKCS7_ISSUER_AND_SERIAL_it 2752 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -PBE2PARAM_it 2753 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -PBE2PARAM_it 2753 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -PKCS12_certbag2x509crl 2754 EXIST::FUNCTION: -PKCS7_SIGNED_it 2755 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -PKCS7_SIGNED_it 2755 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_get_cipher 2756 EXIST::FUNCTION: -i2d_OCSP_CRLID 2757 EXIST::FUNCTION: -OCSP_SINGLERESP_new 2758 EXIST::FUNCTION: -ENGINE_cmd_is_executable 2759 EXIST::FUNCTION: -RSA_up_ref 2760 EXIST::FUNCTION:RSA -ASN1_GENERALSTRING_it 2761 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASN1_GENERALSTRING_it 2761 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_register_DSA 2762 EXIST::FUNCTION: -X509V3_EXT_add_nconf_sk 2763 EXIST::FUNCTION: -ENGINE_set_load_pubkey_function 2764 EXIST::FUNCTION: -PKCS8_decrypt 2765 EXIST::FUNCTION: -PEM_bytes_read_bio 2766 EXIST::FUNCTION:BIO -DIRECTORYSTRING_it 2767 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -DIRECTORYSTRING_it 2767 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -d2i_OCSP_CRLID 2768 EXIST::FUNCTION: -EC_POINT_is_on_curve 2769 EXIST::FUNCTION:EC -CRYPTO_set_locked_mem_ex_functions 2770 EXIST:!VMS:FUNCTION: -CRYPTO_set_locked_mem_ex_funcs 2770 EXIST:VMS:FUNCTION: -d2i_KRB5_CHECKSUM 2771 EXIST::FUNCTION: -ASN1_item_dup 2772 EXIST::FUNCTION: -X509_it 2773 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -X509_it 2773 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -BN_mod_add 2774 EXIST::FUNCTION: -KRB5_AUTHDATA_free 2775 EXIST::FUNCTION: -_ossl_old_des_cbc_cksum 2776 EXIST::FUNCTION:DES -ASN1_item_verify 2777 EXIST::FUNCTION:EVP -CRYPTO_set_mem_ex_functions 2778 EXIST::FUNCTION: -EC_POINT_get_Jprojective_coordinates_GFp 2779 EXIST:!VMS:FUNCTION:EC -EC_POINT_get_Jproj_coords_GFp 2779 EXIST:VMS:FUNCTION:EC -ZLONG_it 2780 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ZLONG_it 2780 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -CRYPTO_get_locked_mem_ex_functions 2781 EXIST:!VMS:FUNCTION: -CRYPTO_get_locked_mem_ex_funcs 2781 EXIST:VMS:FUNCTION: -ASN1_TIME_check 2782 EXIST::FUNCTION: -UI_get0_user_data 2783 EXIST::FUNCTION: -HMAC_CTX_cleanup 2784 EXIST::FUNCTION:HMAC -DSA_up_ref 2785 EXIST::FUNCTION:DSA -_ossl_old_des_ede3_cfb64_encrypt 2786 EXIST:!VMS:FUNCTION:DES -_ossl_odes_ede3_cfb64_encrypt 2786 EXIST:VMS:FUNCTION:DES -ASN1_BMPSTRING_it 2787 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASN1_BMPSTRING_it 2787 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ASN1_tag2bit 2788 EXIST::FUNCTION: -UI_method_set_flusher 2789 EXIST::FUNCTION: -X509_ocspid_print 2790 EXIST::FUNCTION:BIO -KRB5_ENCDATA_it 2791 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -KRB5_ENCDATA_it 2791 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_get_load_pubkey_function 2792 EXIST::FUNCTION: -UI_add_user_data 2793 EXIST::FUNCTION: -OCSP_REQUEST_delete_ext 2794 EXIST::FUNCTION: -UI_get_method 2795 EXIST::FUNCTION: -OCSP_ONEREQ_free 2796 EXIST::FUNCTION: -ASN1_PRINTABLESTRING_it 2797 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASN1_PRINTABLESTRING_it 2797 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -X509_CRL_set_nextUpdate 2798 EXIST::FUNCTION: -OCSP_REQUEST_it 2799 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -OCSP_REQUEST_it 2799 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -OCSP_BASICRESP_it 2800 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -OCSP_BASICRESP_it 2800 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -AES_ecb_encrypt 2801 EXIST::FUNCTION:AES -BN_mod_sqr 2802 EXIST::FUNCTION: -NETSCAPE_CERT_SEQUENCE_it 2803 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -NETSCAPE_CERT_SEQUENCE_it 2803 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -GENERAL_NAMES_it 2804 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -GENERAL_NAMES_it 2804 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -AUTHORITY_INFO_ACCESS_it 2805 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -AUTHORITY_INFO_ACCESS_it 2805 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ASN1_FBOOLEAN_it 2806 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASN1_FBOOLEAN_it 2806 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -UI_set_ex_data 2807 EXIST::FUNCTION: -_ossl_old_des_string_to_key 2808 EXIST::FUNCTION:DES -ENGINE_register_all_RSA 2809 EXIST::FUNCTION: -d2i_KRB5_PRINCNAME 2810 EXIST::FUNCTION: -OCSP_RESPBYTES_it 2811 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -OCSP_RESPBYTES_it 2811 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -X509_CINF_it 2812 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -X509_CINF_it 2812 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_unregister_digests 2813 EXIST::FUNCTION: -d2i_EDIPARTYNAME 2814 EXIST::FUNCTION: -d2i_OCSP_SERVICELOC 2815 EXIST::FUNCTION: -ENGINE_get_digests 2816 EXIST::FUNCTION: -_ossl_old_des_set_odd_parity 2817 EXIST::FUNCTION:DES -OCSP_RESPDATA_free 2818 EXIST::FUNCTION: -d2i_KRB5_TICKET 2819 EXIST::FUNCTION: -OTHERNAME_it 2820 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -OTHERNAME_it 2820 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -EVP_MD_CTX_cleanup 2821 EXIST::FUNCTION: -d2i_ASN1_GENERALSTRING 2822 EXIST::FUNCTION: -X509_CRL_set_version 2823 EXIST::FUNCTION: -BN_mod_sub 2824 EXIST::FUNCTION: -OCSP_SINGLERESP_get_ext_by_NID 2825 EXIST::FUNCTION: -ENGINE_get_ex_new_index 2826 EXIST::FUNCTION: -OCSP_REQUEST_free 2827 EXIST::FUNCTION: -OCSP_REQUEST_add1_ext_i2d 2828 EXIST::FUNCTION: -X509_VAL_it 2829 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -X509_VAL_it 2829 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -EC_POINTs_make_affine 2830 EXIST::FUNCTION:EC -EC_POINT_mul 2831 EXIST::FUNCTION:EC -X509V3_EXT_add_nconf 2832 EXIST::FUNCTION: -X509_TRUST_set 2833 EXIST::FUNCTION: -X509_CRL_add1_ext_i2d 2834 EXIST::FUNCTION: -_ossl_old_des_fcrypt 2835 EXIST::FUNCTION:DES -DISPLAYTEXT_it 2836 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -DISPLAYTEXT_it 2836 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -X509_CRL_set_lastUpdate 2837 EXIST::FUNCTION: -OCSP_BASICRESP_free 2838 EXIST::FUNCTION: -OCSP_BASICRESP_add1_ext_i2d 2839 EXIST::FUNCTION: -d2i_KRB5_AUTHENTBODY 2840 EXIST::FUNCTION: -CRYPTO_set_ex_data_implementation 2841 EXIST:!VMS:FUNCTION: -CRYPTO_set_ex_data_impl 2841 EXIST:VMS:FUNCTION: -KRB5_ENCDATA_new 2842 EXIST::FUNCTION: -DSO_up_ref 2843 EXIST::FUNCTION: -OCSP_crl_reason_str 2844 EXIST::FUNCTION: -UI_get0_result_string 2845 EXIST::FUNCTION: -ASN1_GENERALSTRING_new 2846 EXIST::FUNCTION: -X509_SIG_it 2847 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -X509_SIG_it 2847 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ERR_set_implementation 2848 EXIST::FUNCTION: -ERR_load_EC_strings 2849 EXIST::FUNCTION:EC -UI_get0_action_string 2850 EXIST::FUNCTION: -OCSP_ONEREQ_get_ext 2851 EXIST::FUNCTION: -EC_POINT_method_of 2852 EXIST::FUNCTION:EC -i2d_KRB5_APREQBODY 2853 EXIST::FUNCTION: -_ossl_old_des_ecb3_encrypt 2854 EXIST::FUNCTION:DES -CRYPTO_get_mem_ex_functions 2855 EXIST::FUNCTION: -ENGINE_get_ex_data 2856 EXIST::FUNCTION: -UI_destroy_method 2857 EXIST::FUNCTION: -ASN1_item_i2d_bio 2858 EXIST::FUNCTION:BIO -OCSP_ONEREQ_get_ext_by_OBJ 2859 EXIST::FUNCTION: -ASN1_primitive_new 2860 EXIST::FUNCTION: -ASN1_PRINTABLE_it 2861 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASN1_PRINTABLE_it 2861 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -EVP_aes_192_ecb 2862 EXIST::FUNCTION:AES -OCSP_SIGNATURE_new 2863 EXIST::FUNCTION: -LONG_it 2864 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -LONG_it 2864 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ASN1_VISIBLESTRING_it 2865 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASN1_VISIBLESTRING_it 2865 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -OCSP_SINGLERESP_add1_ext_i2d 2866 EXIST::FUNCTION: -d2i_OCSP_CERTID 2867 EXIST::FUNCTION: -ASN1_item_d2i_fp 2868 EXIST::FUNCTION:FP_API -CRL_DIST_POINTS_it 2869 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -CRL_DIST_POINTS_it 2869 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -GENERAL_NAME_print 2870 EXIST::FUNCTION: -OCSP_SINGLERESP_delete_ext 2871 EXIST::FUNCTION: -PKCS12_SAFEBAGS_it 2872 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -PKCS12_SAFEBAGS_it 2872 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -d2i_OCSP_SIGNATURE 2873 EXIST::FUNCTION: -OCSP_request_add1_nonce 2874 EXIST::FUNCTION: -ENGINE_set_cmd_defns 2875 EXIST::FUNCTION: -OCSP_SERVICELOC_free 2876 EXIST::FUNCTION: -EC_GROUP_free 2877 EXIST::FUNCTION:EC -ASN1_BIT_STRING_it 2878 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASN1_BIT_STRING_it 2878 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -X509_REQ_it 2879 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -X509_REQ_it 2879 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -_ossl_old_des_cbc_encrypt 2880 EXIST::FUNCTION:DES -ERR_unload_strings 2881 EXIST::FUNCTION: -PKCS7_SIGN_ENVELOPE_it 2882 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -PKCS7_SIGN_ENVELOPE_it 2882 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -EDIPARTYNAME_free 2883 EXIST::FUNCTION: -OCSP_REQINFO_free 2884 EXIST::FUNCTION: -EC_GROUP_new_curve_GFp 2885 EXIST::FUNCTION:EC -OCSP_REQUEST_get1_ext_d2i 2886 EXIST::FUNCTION: -PKCS12_item_pack_safebag 2887 EXIST::FUNCTION: -asn1_ex_c2i 2888 EXIST::FUNCTION: -ENGINE_register_digests 2889 EXIST::FUNCTION: -i2d_OCSP_REVOKEDINFO 2890 EXIST::FUNCTION: -asn1_enc_restore 2891 EXIST::FUNCTION: -UI_free 2892 EXIST::FUNCTION: -UI_new_method 2893 EXIST::FUNCTION: -EVP_EncryptInit_ex 2894 EXIST::FUNCTION: -X509_pubkey_digest 2895 EXIST::FUNCTION:EVP -EC_POINT_invert 2896 EXIST::FUNCTION:EC -OCSP_basic_sign 2897 EXIST::FUNCTION: -i2d_OCSP_RESPID 2898 EXIST::FUNCTION: -OCSP_check_nonce 2899 EXIST::FUNCTION: -ENGINE_ctrl_cmd 2900 EXIST::FUNCTION: -d2i_KRB5_ENCKEY 2901 EXIST::FUNCTION: -OCSP_parse_url 2902 EXIST::FUNCTION: -OCSP_SINGLERESP_get_ext 2903 EXIST::FUNCTION: -OCSP_CRLID_free 2904 EXIST::FUNCTION: -OCSP_BASICRESP_get1_ext_d2i 2905 EXIST::FUNCTION: -RSAPrivateKey_it 2906 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA -RSAPrivateKey_it 2906 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA -ENGINE_register_all_DH 2907 EXIST::FUNCTION: -i2d_EDIPARTYNAME 2908 EXIST::FUNCTION: -EC_POINT_get_affine_coordinates_GFp 2909 EXIST:!VMS:FUNCTION:EC -EC_POINT_get_affine_coords_GFp 2909 EXIST:VMS:FUNCTION:EC -OCSP_CRLID_new 2910 EXIST::FUNCTION: -ENGINE_get_flags 2911 EXIST::FUNCTION: -OCSP_ONEREQ_it 2912 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -OCSP_ONEREQ_it 2912 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -UI_process 2913 EXIST::FUNCTION: -ASN1_INTEGER_it 2914 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASN1_INTEGER_it 2914 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -EVP_CipherInit_ex 2915 EXIST::FUNCTION: -UI_get_string_type 2916 EXIST::FUNCTION: -ENGINE_unregister_DH 2917 EXIST::FUNCTION: -ENGINE_register_all_DSA 2918 EXIST::FUNCTION: -OCSP_ONEREQ_get_ext_by_critical 2919 EXIST::FUNCTION: -bn_dup_expand 2920 EXIST::FUNCTION: -OCSP_cert_id_new 2921 EXIST::FUNCTION: -BASIC_CONSTRAINTS_it 2922 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -BASIC_CONSTRAINTS_it 2922 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -BN_mod_add_quick 2923 EXIST::FUNCTION: -EC_POINT_new 2924 EXIST::FUNCTION:EC -EVP_MD_CTX_destroy 2925 EXIST::FUNCTION: -OCSP_RESPBYTES_free 2926 EXIST::FUNCTION: -EVP_aes_128_cbc 2927 EXIST::FUNCTION:AES -OCSP_SINGLERESP_get1_ext_d2i 2928 EXIST::FUNCTION: -EC_POINT_free 2929 EXIST::FUNCTION:EC -DH_up_ref 2930 EXIST::FUNCTION:DH -X509_NAME_ENTRY_it 2931 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -X509_NAME_ENTRY_it 2931 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -UI_get_ex_new_index 2932 EXIST::FUNCTION: -BN_mod_sub_quick 2933 EXIST::FUNCTION: -OCSP_ONEREQ_add_ext 2934 EXIST::FUNCTION: -OCSP_request_sign 2935 EXIST::FUNCTION: -EVP_DigestFinal_ex 2936 EXIST::FUNCTION: -ENGINE_set_digests 2937 EXIST::FUNCTION: -OCSP_id_issuer_cmp 2938 EXIST::FUNCTION: -OBJ_NAME_do_all 2939 EXIST::FUNCTION: -EC_POINTs_mul 2940 EXIST::FUNCTION:EC -ENGINE_register_complete 2941 EXIST::FUNCTION: -X509V3_EXT_nconf_nid 2942 EXIST::FUNCTION: -ASN1_SEQUENCE_it 2943 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASN1_SEQUENCE_it 2943 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -UI_set_default_method 2944 EXIST::FUNCTION: -RAND_query_egd_bytes 2945 EXIST::FUNCTION: -UI_method_get_writer 2946 EXIST::FUNCTION: -UI_OpenSSL 2947 EXIST::FUNCTION: -PEM_def_callback 2948 EXIST::FUNCTION: -ENGINE_cleanup 2949 EXIST::FUNCTION: -DIST_POINT_it 2950 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -DIST_POINT_it 2950 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -OCSP_SINGLERESP_it 2951 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -OCSP_SINGLERESP_it 2951 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -d2i_KRB5_TKTBODY 2952 EXIST::FUNCTION: -EC_POINT_cmp 2953 EXIST::FUNCTION:EC -OCSP_REVOKEDINFO_new 2954 EXIST::FUNCTION: -i2d_OCSP_CERTSTATUS 2955 EXIST::FUNCTION: -OCSP_basic_add1_nonce 2956 EXIST::FUNCTION: -ASN1_item_ex_d2i 2957 EXIST::FUNCTION: -BN_mod_lshift1_quick 2958 EXIST::FUNCTION: -UI_set_method 2959 EXIST::FUNCTION: -OCSP_id_get0_info 2960 EXIST::FUNCTION: -BN_mod_sqrt 2961 EXIST::FUNCTION: -EC_GROUP_copy 2962 EXIST::FUNCTION:EC -KRB5_ENCDATA_free 2963 EXIST::FUNCTION: -_ossl_old_des_cfb_encrypt 2964 EXIST::FUNCTION:DES -OCSP_SINGLERESP_get_ext_by_OBJ 2965 EXIST::FUNCTION: -OCSP_cert_to_id 2966 EXIST::FUNCTION: -OCSP_RESPID_new 2967 EXIST::FUNCTION: -OCSP_RESPDATA_it 2968 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -OCSP_RESPDATA_it 2968 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -d2i_OCSP_RESPDATA 2969 EXIST::FUNCTION: -ENGINE_register_all_complete 2970 EXIST::FUNCTION: -OCSP_check_validity 2971 EXIST::FUNCTION: -PKCS12_BAGS_it 2972 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -PKCS12_BAGS_it 2972 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -OCSP_url_svcloc_new 2973 EXIST::FUNCTION: -ASN1_template_free 2974 EXIST::FUNCTION: -OCSP_SINGLERESP_add_ext 2975 EXIST::FUNCTION: -KRB5_AUTHENTBODY_it 2976 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -KRB5_AUTHENTBODY_it 2976 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -X509_supported_extension 2977 EXIST::FUNCTION: -i2d_KRB5_AUTHDATA 2978 EXIST::FUNCTION: -UI_method_get_opener 2979 EXIST::FUNCTION: -ENGINE_set_ex_data 2980 EXIST::FUNCTION: -OCSP_REQUEST_print 2981 EXIST::FUNCTION: -CBIGNUM_it 2982 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -CBIGNUM_it 2982 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -KRB5_TICKET_new 2983 EXIST::FUNCTION: -KRB5_APREQ_new 2984 EXIST::FUNCTION: -EC_GROUP_get_curve_GFp 2985 EXIST::FUNCTION:EC -KRB5_ENCKEY_new 2986 EXIST::FUNCTION: -ASN1_template_d2i 2987 EXIST::FUNCTION: -_ossl_old_des_quad_cksum 2988 EXIST::FUNCTION:DES -OCSP_single_get0_status 2989 EXIST::FUNCTION: -BN_swap 2990 EXIST::FUNCTION: -POLICYINFO_it 2991 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -POLICYINFO_it 2991 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_set_destroy_function 2992 EXIST::FUNCTION: -asn1_enc_free 2993 EXIST::FUNCTION: -OCSP_RESPID_it 2994 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -OCSP_RESPID_it 2994 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -EC_GROUP_new 2995 EXIST::FUNCTION:EC -EVP_aes_256_cbc 2996 EXIST::FUNCTION:AES -i2d_KRB5_PRINCNAME 2997 EXIST::FUNCTION: -_ossl_old_des_encrypt2 2998 EXIST::FUNCTION:DES -_ossl_old_des_encrypt3 2999 EXIST::FUNCTION:DES -PKCS8_PRIV_KEY_INFO_it 3000 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -PKCS8_PRIV_KEY_INFO_it 3000 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -OCSP_REQINFO_it 3001 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -OCSP_REQINFO_it 3001 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -PBEPARAM_it 3002 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -PBEPARAM_it 3002 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -KRB5_AUTHENTBODY_new 3003 EXIST::FUNCTION: -X509_CRL_add0_revoked 3004 EXIST::FUNCTION: -EDIPARTYNAME_it 3005 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -EDIPARTYNAME_it 3005 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -NETSCAPE_SPKI_it 3006 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -NETSCAPE_SPKI_it 3006 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -UI_get0_test_string 3007 EXIST::FUNCTION: -ENGINE_get_cipher_engine 3008 EXIST::FUNCTION: -ENGINE_register_all_ciphers 3009 EXIST::FUNCTION: -EC_POINT_copy 3010 EXIST::FUNCTION:EC -BN_kronecker 3011 EXIST::FUNCTION: -_ossl_old_des_ede3_ofb64_encrypt 3012 EXIST:!VMS:FUNCTION:DES -_ossl_odes_ede3_ofb64_encrypt 3012 EXIST:VMS:FUNCTION:DES -UI_method_get_reader 3013 EXIST::FUNCTION: -OCSP_BASICRESP_get_ext_count 3014 EXIST::FUNCTION: -ASN1_ENUMERATED_it 3015 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASN1_ENUMERATED_it 3015 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -UI_set_result 3016 EXIST::FUNCTION: -i2d_KRB5_TICKET 3017 EXIST::FUNCTION: -X509_print_ex_fp 3018 EXIST::FUNCTION:FP_API -EVP_CIPHER_CTX_set_padding 3019 EXIST::FUNCTION: -d2i_OCSP_RESPONSE 3020 EXIST::FUNCTION: -ASN1_UTCTIME_it 3021 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASN1_UTCTIME_it 3021 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -_ossl_old_des_enc_write 3022 EXIST::FUNCTION:DES -OCSP_RESPONSE_new 3023 EXIST::FUNCTION: -AES_set_encrypt_key 3024 EXIST::FUNCTION:AES -OCSP_resp_count 3025 EXIST::FUNCTION: -KRB5_CHECKSUM_new 3026 EXIST::FUNCTION: -ENGINE_load_cswift 3027 EXIST::FUNCTION: -OCSP_onereq_get0_id 3028 EXIST::FUNCTION: -ENGINE_set_default_ciphers 3029 EXIST::FUNCTION: -NOTICEREF_it 3030 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -NOTICEREF_it 3030 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -X509V3_EXT_CRL_add_nconf 3031 EXIST::FUNCTION: -OCSP_REVOKEDINFO_it 3032 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -OCSP_REVOKEDINFO_it 3032 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -AES_encrypt 3033 EXIST::FUNCTION:AES -OCSP_REQUEST_new 3034 EXIST::FUNCTION: -ASN1_ANY_it 3035 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASN1_ANY_it 3035 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -CRYPTO_ex_data_new_class 3036 EXIST::FUNCTION: -_ossl_old_des_ncbc_encrypt 3037 EXIST::FUNCTION:DES -i2d_KRB5_TKTBODY 3038 EXIST::FUNCTION: -EC_POINT_clear_free 3039 EXIST::FUNCTION:EC -AES_decrypt 3040 EXIST::FUNCTION:AES -asn1_enc_init 3041 EXIST::FUNCTION: -UI_get_result_maxsize 3042 EXIST::FUNCTION: -OCSP_CERTID_new 3043 EXIST::FUNCTION: -ENGINE_unregister_RAND 3044 EXIST::FUNCTION: -UI_method_get_closer 3045 EXIST::FUNCTION: -d2i_KRB5_ENCDATA 3046 EXIST::FUNCTION: -OCSP_request_onereq_count 3047 EXIST::FUNCTION: -OCSP_basic_verify 3048 EXIST::FUNCTION: -KRB5_AUTHENTBODY_free 3049 EXIST::FUNCTION: -ASN1_item_d2i 3050 EXIST::FUNCTION: -ASN1_primitive_free 3051 EXIST::FUNCTION: -i2d_EXTENDED_KEY_USAGE 3052 EXIST::FUNCTION: -i2d_OCSP_SIGNATURE 3053 EXIST::FUNCTION: -asn1_enc_save 3054 EXIST::FUNCTION: -ENGINE_load_nuron 3055 EXIST::FUNCTION: -_ossl_old_des_pcbc_encrypt 3056 EXIST::FUNCTION:DES -PKCS12_MAC_DATA_it 3057 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -PKCS12_MAC_DATA_it 3057 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -OCSP_accept_responses_new 3058 EXIST::FUNCTION: -asn1_do_lock 3059 EXIST::FUNCTION: -PKCS7_ATTR_VERIFY_it 3060 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -PKCS7_ATTR_VERIFY_it 3060 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -KRB5_APREQBODY_it 3061 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -KRB5_APREQBODY_it 3061 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -i2d_OCSP_SINGLERESP 3062 EXIST::FUNCTION: -ASN1_item_ex_new 3063 EXIST::FUNCTION: -UI_add_verify_string 3064 EXIST::FUNCTION: -_ossl_old_des_set_key 3065 EXIST::FUNCTION:DES -KRB5_PRINCNAME_it 3066 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -KRB5_PRINCNAME_it 3066 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -EVP_DecryptInit_ex 3067 EXIST::FUNCTION: -i2d_OCSP_CERTID 3068 EXIST::FUNCTION: -ASN1_item_d2i_bio 3069 EXIST::FUNCTION:BIO -EC_POINT_dbl 3070 EXIST::FUNCTION:EC -asn1_get_choice_selector 3071 EXIST::FUNCTION: -i2d_KRB5_CHECKSUM 3072 EXIST::FUNCTION: -ENGINE_set_table_flags 3073 EXIST::FUNCTION: -AES_options 3074 EXIST::FUNCTION:AES -ENGINE_load_chil 3075 EXIST::FUNCTION: -OCSP_id_cmp 3076 EXIST::FUNCTION: -OCSP_BASICRESP_new 3077 EXIST::FUNCTION: -OCSP_REQUEST_get_ext_by_NID 3078 EXIST::FUNCTION: -KRB5_APREQ_it 3079 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -KRB5_APREQ_it 3079 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_get_destroy_function 3080 EXIST::FUNCTION: -CONF_set_nconf 3081 EXIST::FUNCTION: -ASN1_PRINTABLE_free 3082 EXIST::FUNCTION: -OCSP_BASICRESP_get_ext_by_NID 3083 EXIST::FUNCTION: -DIST_POINT_NAME_it 3084 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -DIST_POINT_NAME_it 3084 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -X509V3_extensions_print 3085 EXIST::FUNCTION: -_ossl_old_des_cfb64_encrypt 3086 EXIST::FUNCTION:DES -X509_REVOKED_add1_ext_i2d 3087 EXIST::FUNCTION: -_ossl_old_des_ofb_encrypt 3088 EXIST::FUNCTION:DES -KRB5_TKTBODY_new 3089 EXIST::FUNCTION: -ASN1_OCTET_STRING_it 3090 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASN1_OCTET_STRING_it 3090 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ERR_load_UI_strings 3091 EXIST::FUNCTION: -i2d_KRB5_ENCKEY 3092 EXIST::FUNCTION: -ASN1_template_new 3093 EXIST::FUNCTION: -OCSP_SIGNATURE_free 3094 EXIST::FUNCTION: -ASN1_item_i2d_fp 3095 EXIST::FUNCTION:FP_API -KRB5_PRINCNAME_free 3096 EXIST::FUNCTION: -PKCS7_RECIP_INFO_it 3097 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -PKCS7_RECIP_INFO_it 3097 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -EXTENDED_KEY_USAGE_it 3098 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -EXTENDED_KEY_USAGE_it 3098 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -EC_GFp_simple_method 3099 EXIST::FUNCTION:EC -EC_GROUP_precompute_mult 3100 EXIST::FUNCTION:EC -OCSP_request_onereq_get0 3101 EXIST::FUNCTION: -UI_method_set_writer 3102 EXIST::FUNCTION: -KRB5_AUTHENT_new 3103 EXIST::FUNCTION: -X509_CRL_INFO_it 3104 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -X509_CRL_INFO_it 3104 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -DSO_set_name_converter 3105 EXIST::FUNCTION: -AES_set_decrypt_key 3106 EXIST::FUNCTION:AES -PKCS7_DIGEST_it 3107 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -PKCS7_DIGEST_it 3107 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -PKCS12_x5092certbag 3108 EXIST::FUNCTION: -EVP_DigestInit_ex 3109 EXIST::FUNCTION: -i2a_ACCESS_DESCRIPTION 3110 EXIST::FUNCTION: -OCSP_RESPONSE_it 3111 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -OCSP_RESPONSE_it 3111 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -PKCS7_ENC_CONTENT_it 3112 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -PKCS7_ENC_CONTENT_it 3112 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -OCSP_request_add0_id 3113 EXIST::FUNCTION: -EC_POINT_make_affine 3114 EXIST::FUNCTION:EC -DSO_get_filename 3115 EXIST::FUNCTION: -OCSP_CERTSTATUS_it 3116 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -OCSP_CERTSTATUS_it 3116 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -OCSP_request_add1_cert 3117 EXIST::FUNCTION: -UI_get0_output_string 3118 EXIST::FUNCTION: -UI_dup_verify_string 3119 EXIST::FUNCTION: -BN_mod_lshift 3120 EXIST::FUNCTION: -KRB5_AUTHDATA_it 3121 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -KRB5_AUTHDATA_it 3121 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -asn1_set_choice_selector 3122 EXIST::FUNCTION: -OCSP_basic_add1_status 3123 EXIST::FUNCTION: -OCSP_RESPID_free 3124 EXIST::FUNCTION: -asn1_get_field_ptr 3125 EXIST::FUNCTION: -UI_add_input_string 3126 EXIST::FUNCTION: -OCSP_CRLID_it 3127 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -OCSP_CRLID_it 3127 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -i2d_KRB5_AUTHENTBODY 3128 EXIST::FUNCTION: -OCSP_REQUEST_get_ext_count 3129 EXIST::FUNCTION: -ENGINE_load_atalla 3130 EXIST::FUNCTION: -X509_NAME_it 3131 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -X509_NAME_it 3131 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -USERNOTICE_it 3132 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -USERNOTICE_it 3132 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -OCSP_REQINFO_new 3133 EXIST::FUNCTION: -OCSP_BASICRESP_get_ext 3134 EXIST::FUNCTION: -CRYPTO_get_ex_data_implementation 3135 EXIST:!VMS:FUNCTION: -CRYPTO_get_ex_data_impl 3135 EXIST:VMS:FUNCTION: -ASN1_item_pack 3136 EXIST::FUNCTION: -i2d_KRB5_ENCDATA 3137 EXIST::FUNCTION: -X509_PURPOSE_set 3138 EXIST::FUNCTION: -X509_REQ_INFO_it 3139 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -X509_REQ_INFO_it 3139 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -UI_method_set_opener 3140 EXIST::FUNCTION: -ASN1_item_ex_free 3141 EXIST::FUNCTION: -ASN1_BOOLEAN_it 3142 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASN1_BOOLEAN_it 3142 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ENGINE_get_table_flags 3143 EXIST::FUNCTION: -UI_create_method 3144 EXIST::FUNCTION: -OCSP_ONEREQ_add1_ext_i2d 3145 EXIST::FUNCTION: -_shadow_DES_check_key 3146 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DES -_shadow_DES_check_key 3146 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DES -d2i_OCSP_REQINFO 3147 EXIST::FUNCTION: -UI_add_info_string 3148 EXIST::FUNCTION: -UI_get_result_minsize 3149 EXIST::FUNCTION: -ASN1_NULL_it 3150 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASN1_NULL_it 3150 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -BN_mod_lshift1 3151 EXIST::FUNCTION: -d2i_OCSP_ONEREQ 3152 EXIST::FUNCTION: -OCSP_ONEREQ_new 3153 EXIST::FUNCTION: -KRB5_TICKET_it 3154 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -KRB5_TICKET_it 3154 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -EVP_aes_192_cbc 3155 EXIST::FUNCTION:AES -KRB5_TICKET_free 3156 EXIST::FUNCTION: -UI_new 3157 EXIST::FUNCTION: -OCSP_response_create 3158 EXIST::FUNCTION: -_ossl_old_des_xcbc_encrypt 3159 EXIST::FUNCTION:DES -PKCS7_it 3160 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -PKCS7_it 3160 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -OCSP_REQUEST_get_ext_by_critical 3161 EXIST:!VMS:FUNCTION: -OCSP_REQUEST_get_ext_by_crit 3161 EXIST:VMS:FUNCTION: -ENGINE_set_flags 3162 EXIST::FUNCTION: -_ossl_old_des_ecb_encrypt 3163 EXIST::FUNCTION:DES -OCSP_response_get1_basic 3164 EXIST::FUNCTION: -EVP_Digest 3165 EXIST::FUNCTION: -OCSP_ONEREQ_delete_ext 3166 EXIST::FUNCTION: -ASN1_TBOOLEAN_it 3167 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASN1_TBOOLEAN_it 3167 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ASN1_item_new 3168 EXIST::FUNCTION: -ASN1_TIME_to_generalizedtime 3169 EXIST::FUNCTION: -BIGNUM_it 3170 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -BIGNUM_it 3170 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -AES_cbc_encrypt 3171 EXIST::FUNCTION:AES -ENGINE_get_load_privkey_function 3172 EXIST:!VMS:FUNCTION: -ENGINE_get_load_privkey_fn 3172 EXIST:VMS:FUNCTION: -OCSP_RESPONSE_free 3173 EXIST::FUNCTION: -UI_method_set_reader 3174 EXIST::FUNCTION: -i2d_ASN1_T61STRING 3175 EXIST::FUNCTION: -EC_POINT_set_to_infinity 3176 EXIST::FUNCTION:EC -ERR_load_OCSP_strings 3177 EXIST::FUNCTION: -EC_POINT_point2oct 3178 EXIST::FUNCTION:EC -KRB5_APREQ_free 3179 EXIST::FUNCTION: -ASN1_OBJECT_it 3180 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -ASN1_OBJECT_it 3180 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -OCSP_crlID_new 3181 EXIST:!VMS,!WIN16:FUNCTION: -OCSP_crlID2_new 3181 EXIST:VMS,WIN16:FUNCTION: -CONF_modules_load_file 3182 EXIST::FUNCTION: -CONF_imodule_set_usr_data 3183 EXIST::FUNCTION: -ENGINE_set_default_string 3184 EXIST::FUNCTION: -CONF_module_get_usr_data 3185 EXIST::FUNCTION: -ASN1_add_oid_module 3186 EXIST::FUNCTION: -CONF_modules_finish 3187 EXIST::FUNCTION: -OPENSSL_config 3188 EXIST::FUNCTION: -CONF_modules_unload 3189 EXIST::FUNCTION: -CONF_imodule_get_value 3190 EXIST::FUNCTION: -CONF_module_set_usr_data 3191 EXIST::FUNCTION: -CONF_parse_list 3192 EXIST::FUNCTION: -CONF_module_add 3193 EXIST::FUNCTION: -CONF_get1_default_config_file 3194 EXIST::FUNCTION: -CONF_imodule_get_flags 3195 EXIST::FUNCTION: -CONF_imodule_get_module 3196 EXIST::FUNCTION: -CONF_modules_load 3197 EXIST::FUNCTION: -CONF_imodule_get_name 3198 EXIST::FUNCTION: -ERR_peek_top_error 3199 NOEXIST::FUNCTION: -CONF_imodule_get_usr_data 3200 EXIST::FUNCTION: -CONF_imodule_set_flags 3201 EXIST::FUNCTION: -ENGINE_add_conf_module 3202 EXIST::FUNCTION: -ERR_peek_last_error_line 3203 EXIST::FUNCTION: -ERR_peek_last_error_line_data 3204 EXIST::FUNCTION: -ERR_peek_last_error 3205 EXIST::FUNCTION: -DES_read_2passwords 3206 EXIST::FUNCTION:DES -DES_read_password 3207 EXIST::FUNCTION:DES -UI_UTIL_read_pw 3208 EXIST::FUNCTION: -UI_UTIL_read_pw_string 3209 EXIST::FUNCTION: -ENGINE_load_aep 3210 EXIST::FUNCTION: -ENGINE_load_sureware 3211 EXIST::FUNCTION: -OPENSSL_add_all_algorithms_noconf 3212 EXIST:!VMS:FUNCTION: -OPENSSL_add_all_algo_noconf 3212 EXIST:VMS:FUNCTION: -OPENSSL_add_all_algorithms_conf 3213 EXIST:!VMS:FUNCTION: -OPENSSL_add_all_algo_conf 3213 EXIST:VMS:FUNCTION: -OPENSSL_load_builtin_modules 3214 EXIST::FUNCTION: -AES_ofb128_encrypt 3215 EXIST::FUNCTION:AES -AES_ctr128_encrypt 3216 EXIST::FUNCTION:AES -AES_cfb128_encrypt 3217 EXIST::FUNCTION:AES -ENGINE_load_4758cca 3218 EXIST::FUNCTION: -_ossl_096_des_random_seed 3219 EXIST::FUNCTION:DES -EVP_aes_256_ofb 3220 EXIST::FUNCTION:AES -EVP_aes_192_ofb 3221 EXIST::FUNCTION:AES -EVP_aes_128_cfb 3222 EXIST::FUNCTION:AES -EVP_aes_256_cfb 3223 EXIST::FUNCTION:AES -EVP_aes_128_ofb 3224 EXIST::FUNCTION:AES -EVP_aes_192_cfb 3225 EXIST::FUNCTION:AES diff --git a/src/lib/libcrypto/util/mk1mf.pl b/src/lib/libcrypto/util/mk1mf.pl deleted file mode 100644 index 8b6b2e668ae..00000000000 --- a/src/lib/libcrypto/util/mk1mf.pl +++ /dev/null @@ -1,907 +0,0 @@ -#!/usr/local/bin/perl -# A bit of an evil hack but it post processes the file ../MINFO which -# is generated by `make files` in the top directory. -# This script outputs one mega makefile that has no shell stuff or any -# funny stuff -# - -$INSTALLTOP="/usr/local/ssl"; -$OPTIONS=""; -$ssl_version=""; -$banner="\t\@echo Building OpenSSL"; - -open(IN,") { - $ssl_version=$1 if (/^VERSION=(.*)$/); - $OPTIONS=$1 if (/^OPTIONS=(.*)$/); - $INSTALLTOP=$1 if (/^INSTALLTOP=(.*$)/); -} -close(IN); - -die "Makefile.ssl is not the toplevel Makefile!\n" if $ssl_version eq ""; - -$infile="MINFO"; - -%ops=( - "VC-WIN32", "Microsoft Visual C++ [4-6] - Windows NT or 9X", - "VC-NT", "Microsoft Visual C++ [4-6] - Windows NT ONLY", - "VC-W31-16", "Microsoft Visual C++ 1.52 - Windows 3.1 - 286", - "VC-WIN16", "Alias for VC-W31-32", - "VC-W31-32", "Microsoft Visual C++ 1.52 - Windows 3.1 - 386+", - "VC-MSDOS","Microsoft Visual C++ 1.52 - MSDOS", - "Mingw32", "GNU C++ - Windows NT or 9x", - "Mingw32-files", "Create files with DOS copy ...", - "BC-NT", "Borland C++ 4.5 - Windows NT", - "BC-W31", "Borland C++ 4.5 - Windows 3.1 - PROBABLY NOT WORKING", - "BC-MSDOS","Borland C++ 4.5 - MSDOS", - "linux-elf","Linux elf", - "ultrix-mips","DEC mips ultrix", - "FreeBSD","FreeBSD distribution", - "OS2-EMX", "EMX GCC OS/2", - "default","cc under unix", - ); - -$platform=""; -foreach (@ARGV) - { - if (!&read_options && !defined($ops{$_})) - { - print STDERR "unknown option - $_\n"; - print STDERR "usage: perl mk1mf.pl [options] [system]\n"; - print STDERR "\nwhere [system] can be one of the following\n"; - foreach $i (sort keys %ops) - { printf STDERR "\t%-10s\t%s\n",$i,$ops{$i}; } - print STDERR <<"EOF"; -and [options] can be one of - no-md2 no-md4 no-md5 no-sha no-mdc2 - Skip this digest - no-ripemd - no-rc2 no-rc4 no-rc5 no-idea no-des - Skip this symetric cipher - no-bf no-cast no-aes - no-rsa no-dsa no-dh - Skip this public key cipher - no-ssl2 no-ssl3 - Skip this version of SSL - just-ssl - remove all non-ssl keys/digest - no-asm - No x86 asm - no-krb5 - No KRB5 - no-ec - No EC - nasm - Use NASM for x86 asm - gaswin - Use GNU as with Mingw32 - no-socks - No socket code - no-err - No error strings - dll/shlib - Build shared libraries (MS) - debug - Debug build - profile - Profiling build - gcc - Use Gcc (unix) - -Values that can be set -TMP=tmpdir OUT=outdir SRC=srcdir BIN=binpath INC=header-outdir CC=C-compiler - --L -l - extra library flags (unix) -- - extra 'cc' flags, - added (MS), or replace (unix) -EOF - exit(1); - } - $platform=$_; - } -foreach (grep(!/^$/, split(/ /, $OPTIONS))) - { - print STDERR "unknown option - $_\n" if !&read_options; - } - -$no_mdc2=1 if ($no_des); - -$no_ssl3=1 if ($no_md5 || $no_sha); -$no_ssl3=1 if ($no_rsa && $no_dh); - -$no_ssl2=1 if ($no_md5); -$no_ssl2=1 if ($no_rsa); - -$out_def="out"; -$inc_def="outinc"; -$tmp_def="tmp"; - -$mkdir="mkdir"; - -($ssl,$crypto)=("ssl","crypto"); -$ranlib="echo ranlib"; - -$cc=(defined($VARS{'CC'}))?$VARS{'CC'}:'cc'; -$src_dir=(defined($VARS{'SRC'}))?$VARS{'SRC'}:'.'; -$bin_dir=(defined($VARS{'BIN'}))?$VARS{'BIN'}:''; - -# $bin_dir.=$o causes a core dump on my sparc :-( - -$NT=0; - -push(@INC,"util/pl","pl"); -if ($platform eq "VC-MSDOS") - { - $asmbits=16; - $msdos=1; - require 'VC-16.pl'; - } -elsif ($platform eq "VC-W31-16") - { - $asmbits=16; - $msdos=1; $win16=1; - require 'VC-16.pl'; - } -elsif (($platform eq "VC-W31-32") || ($platform eq "VC-WIN16")) - { - $asmbits=32; - $msdos=1; $win16=1; - require 'VC-16.pl'; - } -elsif (($platform eq "VC-WIN32") || ($platform eq "VC-NT")) - { - $NT = 1 if $platform eq "VC-NT"; - require 'VC-32.pl'; - } -elsif ($platform eq "Mingw32") - { - require 'Mingw32.pl'; - } -elsif ($platform eq "Mingw32-files") - { - require 'Mingw32f.pl'; - } -elsif ($platform eq "BC-NT") - { - $bc=1; - require 'BC-32.pl'; - } -elsif ($platform eq "BC-W31") - { - $bc=1; - $msdos=1; $w16=1; - require 'BC-16.pl'; - } -elsif ($platform eq "BC-Q16") - { - $msdos=1; $w16=1; $shlib=0; $qw=1; - require 'BC-16.pl'; - } -elsif ($platform eq "BC-MSDOS") - { - $asmbits=16; - $msdos=1; - require 'BC-16.pl'; - } -elsif ($platform eq "FreeBSD") - { - require 'unix.pl'; - $cflags='-DTERMIO -D_ANSI_SOURCE -O2 -fomit-frame-pointer'; - } -elsif ($platform eq "linux-elf") - { - require "unix.pl"; - require "linux.pl"; - $unix=1; - } -elsif ($platform eq "ultrix-mips") - { - require "unix.pl"; - require "ultrix.pl"; - $unix=1; - } -elsif ($platform eq "OS2-EMX") - { - $wc=1; - require 'OS2-EMX.pl'; - } -else - { - require "unix.pl"; - - $unix=1; - $cflags.=' -DTERMIO'; - } - -$out_dir=(defined($VARS{'OUT'}))?$VARS{'OUT'}:$out_def.($debug?".dbg":""); -$tmp_dir=(defined($VARS{'TMP'}))?$VARS{'TMP'}:$tmp_def.($debug?".dbg":""); -$inc_dir=(defined($VARS{'INC'}))?$VARS{'INC'}:$inc_def; - -$bin_dir=$bin_dir.$o unless ((substr($bin_dir,-1,1) eq $o) || ($bin_dir eq '')); - -$cflags.=" -DOPENSSL_NO_IDEA" if $no_idea; -$cflags.=" -DOPENSSL_NO_AES" if $no_aes; -$cflags.=" -DOPENSSL_NO_RC2" if $no_rc2; -$cflags.=" -DOPENSSL_NO_RC4" if $no_rc4; -$cflags.=" -DOPENSSL_NO_RC5" if $no_rc5; -$cflags.=" -DOPENSSL_NO_MD2" if $no_md2; -$cflags.=" -DOPENSSL_NO_MD4" if $no_md4; -$cflags.=" -DOPENSSL_NO_MD5" if $no_md5; -$cflags.=" -DOPENSSL_NO_SHA" if $no_sha; -$cflags.=" -DOPENSSL_NO_SHA1" if $no_sha1; -$cflags.=" -DOPENSSL_NO_RIPEMD" if $no_rmd160; -$cflags.=" -DOPENSSL_NO_MDC2" if $no_mdc2; -$cflags.=" -DOPENSSL_NO_BF" if $no_bf; -$cflags.=" -DOPENSSL_NO_CAST" if $no_cast; -$cflags.=" -DOPENSSL_NO_DES" if $no_des; -$cflags.=" -DOPENSSL_NO_RSA" if $no_rsa; -$cflags.=" -DOPENSSL_NO_DSA" if $no_dsa; -$cflags.=" -DOPENSSL_NO_DH" if $no_dh; -$cflags.=" -DOPENSSL_NO_SOCK" if $no_sock; -$cflags.=" -DOPENSSL_NO_SSL2" if $no_ssl2; -$cflags.=" -DOPENSSL_NO_SSL3" if $no_ssl3; -$cflags.=" -DOPENSSL_NO_ERR" if $no_err; -$cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5; -$cflags.=" -DOPENSSL_NO_EC" if $no_ec; -#$cflags.=" -DRSAref" if $rsaref ne ""; - -## if ($unix) -## { $cflags="$c_flags" if ($c_flags ne ""); } -##else - { $cflags="$c_flags$cflags" if ($c_flags ne ""); } - -$ex_libs="$l_flags$ex_libs" if ($l_flags ne ""); - -%shlib_ex_cflags=("SSL" => " -DOPENSSL_BUILD_SHLIBSSL", - "CRYPTO" => " -DOPENSSL_BUILD_SHLIBCRYPTO"); - -if ($msdos) - { - $banner ="\t\@echo Make sure you have run 'perl Configure $platform' in the\n"; - $banner.="\t\@echo top level directory, if you don't have perl, you will\n"; - $banner.="\t\@echo need to probably edit crypto/bn/bn.h, check the\n"; - $banner.="\t\@echo documentation for details.\n"; - } - -# have to do this to allow $(CC) under unix -$link="$bin_dir$link" if ($link !~ /^\$/); - -$INSTALLTOP =~ s|/|$o|g; - -$defs= <<"EOF"; -# This makefile has been automatically generated from the OpenSSL distribution. -# This single makefile will build the complete OpenSSL distribution and -# by default leave the 'intertesting' output files in .${o}out and the stuff -# that needs deleting in .${o}tmp. -# The file was generated by running 'make makefile.one', which -# does a 'make files', which writes all the environment variables from all -# the makefiles to the file call MINFO. This file is used by -# util${o}mk1mf.pl to generate makefile.one. -# The 'makefile per directory' system suites me when developing this -# library and also so I can 'distribute' indervidual library sections. -# The one monster makefile better suits building in non-unix -# environments. - -INSTALLTOP=$INSTALLTOP - -# Set your compiler options -PLATFORM=$platform -CC=$bin_dir${cc} -CFLAG=$cflags -APP_CFLAG=$app_cflag -LIB_CFLAG=$lib_cflag -SHLIB_CFLAG=$shl_cflag -APP_EX_OBJ=$app_ex_obj -SHLIB_EX_OBJ=$shlib_ex_obj -# add extra libraries to this define, for solaris -lsocket -lnsl would -# be added -EX_LIBS=$ex_libs - -# The OpenSSL directory -SRC_D=$src_dir - -LINK=$link -LFLAGS=$lflags - -BN_ASM_OBJ=$bn_asm_obj -BN_ASM_SRC=$bn_asm_src -BNCO_ASM_OBJ=$bnco_asm_obj -BNCO_ASM_SRC=$bnco_asm_src -DES_ENC_OBJ=$des_enc_obj -DES_ENC_SRC=$des_enc_src -BF_ENC_OBJ=$bf_enc_obj -BF_ENC_SRC=$bf_enc_src -CAST_ENC_OBJ=$cast_enc_obj -CAST_ENC_SRC=$cast_enc_src -RC4_ENC_OBJ=$rc4_enc_obj -RC4_ENC_SRC=$rc4_enc_src -RC5_ENC_OBJ=$rc5_enc_obj -RC5_ENC_SRC=$rc5_enc_src -MD5_ASM_OBJ=$md5_asm_obj -MD5_ASM_SRC=$md5_asm_src -SHA1_ASM_OBJ=$sha1_asm_obj -SHA1_ASM_SRC=$sha1_asm_src -RMD160_ASM_OBJ=$rmd160_asm_obj -RMD160_ASM_SRC=$rmd160_asm_src - -# The output directory for everything intersting -OUT_D=$out_dir -# The output directory for all the temporary muck -TMP_D=$tmp_dir -# The output directory for the header files -INC_D=$inc_dir -INCO_D=$inc_dir${o}openssl - -CP=$cp -RM=$rm -RANLIB=$ranlib -MKDIR=$mkdir -MKLIB=$bin_dir$mklib -MLFLAGS=$mlflags -ASM=$bin_dir$asm - -###################################################### -# You should not need to touch anything below this point -###################################################### - -E_EXE=openssl -SSL=$ssl -CRYPTO=$crypto - -# BIN_D - Binary output directory -# TEST_D - Binary test file output directory -# LIB_D - library output directory -# Note: if you change these point to different directories then uncomment out -# the lines around the 'NB' comment below. -# -BIN_D=\$(OUT_D) -TEST_D=\$(OUT_D) -LIB_D=\$(OUT_D) - -# INCL_D - local library directory -# OBJ_D - temp object file directory -OBJ_D=\$(TMP_D) -INCL_D=\$(TMP_D) - -O_SSL= \$(LIB_D)$o$plib\$(SSL)$shlibp -O_CRYPTO= \$(LIB_D)$o$plib\$(CRYPTO)$shlibp -SO_SSL= $plib\$(SSL)$so_shlibp -SO_CRYPTO= $plib\$(CRYPTO)$so_shlibp -L_SSL= \$(LIB_D)$o$plib\$(SSL)$libp -L_CRYPTO= \$(LIB_D)$o$plib\$(CRYPTO)$libp - -L_LIBS= \$(L_SSL) \$(L_CRYPTO) - -###################################################### -# Don't touch anything below this point -###################################################### - -INC=-I\$(INC_D) -I\$(INCL_D) -APP_CFLAGS=\$(INC) \$(CFLAG) \$(APP_CFLAG) -LIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) -SHLIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) \$(SHLIB_CFLAG) -LIBS_DEP=\$(O_CRYPTO) \$(O_SSL) - -############################################# -EOF - -$rules=<<"EOF"; -all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers lib exe - -banner: -$banner - -\$(TMP_D): - \$(MKDIR) \$(TMP_D) -# NB: uncomment out these lines if BIN_D, TEST_D and LIB_D are different -#\$(BIN_D): -# \$(MKDIR) \$(BIN_D) -# -#\$(TEST_D): -# \$(MKDIR) \$(TEST_D) - -\$(LIB_D): - \$(MKDIR) \$(LIB_D) - -\$(INCO_D): \$(INC_D) - \$(MKDIR) \$(INCO_D) - -\$(INC_D): - \$(MKDIR) \$(INC_D) - -headers: \$(HEADER) \$(EXHEADER) - @ - -lib: \$(LIBS_DEP) - -exe: \$(T_EXE) \$(BIN_D)$o\$(E_EXE)$exep - -install: - \$(MKDIR) \$(INSTALLTOP) - \$(MKDIR) \$(INSTALLTOP)${o}bin - \$(MKDIR) \$(INSTALLTOP)${o}include - \$(MKDIR) \$(INSTALLTOP)${o}include${o}openssl - \$(MKDIR) \$(INSTALLTOP)${o}lib - \$(CP) \$(INCO_D)${o}*.\[ch\] \$(INSTALLTOP)${o}include${o}openssl - \$(CP) \$(BIN_D)$o\$(E_EXE)$exep \$(INSTALLTOP)${o}bin - \$(CP) \$(O_SSL) \$(INSTALLTOP)${o}lib - \$(CP) \$(O_CRYPTO) \$(INSTALLTOP)${o}lib - -clean: - \$(RM) \$(TMP_D)$o*.* - -vclean: - \$(RM) \$(TMP_D)$o*.* - \$(RM) \$(OUT_D)$o*.* - -EOF - -my $platform_cpp_symbol = "MK1MF_PLATFORM_$platform"; -$platform_cpp_symbol =~ s/-/_/g; -if (open(IN,"crypto/buildinf.h")) - { - # Remove entry for this platform in existing file buildinf.h. - - my $old_buildinf_h = ""; - while () - { - if (/^\#ifdef $platform_cpp_symbol$/) - { - while () { last if (/^\#endif/); } - } - else - { - $old_buildinf_h .= $_; - } - } - close(IN); - - open(OUT,">crypto/buildinf.h") || die "Can't open buildinf.h"; - print OUT $old_buildinf_h; - close(OUT); - } - -open (OUT,">>crypto/buildinf.h") || die "Can't open buildinf.h"; -printf OUT <; -for (;;) - { - chop; - - ($key,$val)=/^([^=]+)=(.*)/; - if ($key eq "RELATIVE_DIRECTORY") - { - if ($lib ne "") - { - $uc=$lib; - $uc =~ s/^lib(.*)\.a/$1/; - $uc =~ tr/a-z/A-Z/; - $lib_nam{$uc}=$uc; - $lib_obj{$uc}.=$libobj." "; - } - last if ($val eq "FINISHED"); - $lib=""; - $libobj=""; - $dir=$val; - } - - if ($key eq "TEST") - { $test.=&var_add($dir,$val); } - - if (($key eq "PROGS") || ($key eq "E_OBJ")) - { $e_exe.=&var_add($dir,$val); } - - if ($key eq "LIB") - { - $lib=$val; - $lib =~ s/^.*\/([^\/]+)$/$1/; - } - - if ($key eq "EXHEADER") - { $exheader.=&var_add($dir,$val); } - - if ($key eq "HEADER") - { $header.=&var_add($dir,$val); } - - if ($key eq "LIBOBJ") - { $libobj=&var_add($dir,$val); } - - if (!($_=)) - { $_="RELATIVE_DIRECTORY=FINISHED\n"; } - } -close(IN); - -# Strip of trailing ' ' -foreach (keys %lib_obj) { $lib_obj{$_}=&clean_up_ws($lib_obj{$_}); } -$test=&clean_up_ws($test); -$e_exe=&clean_up_ws($e_exe); -$exheader=&clean_up_ws($exheader); -$header=&clean_up_ws($header); - -# First we strip the exheaders from the headers list -foreach (split(/\s+/,$exheader)){ $h{$_}=1; } -foreach (split(/\s+/,$header)) { $h.=$_." " unless $h{$_}; } -chop($h); $header=$h; - -$defs.=&do_defs("HEADER",$header,"\$(INCL_D)",".h"); -$rules.=&do_copy_rule("\$(INCL_D)",$header,".h"); - -$defs.=&do_defs("EXHEADER",$exheader,"\$(INCO_D)",".h"); -$rules.=&do_copy_rule("\$(INCO_D)",$exheader,".h"); - -$defs.=&do_defs("T_OBJ",$test,"\$(OBJ_D)",$obj); -$rules.=&do_compile_rule("\$(OBJ_D)",$test,"\$(APP_CFLAGS)"); - -$defs.=&do_defs("E_OBJ",$e_exe,"\$(OBJ_D)",$obj); -$rules.=&do_compile_rule("\$(OBJ_D)",$e_exe,'-DMONOLITH $(APP_CFLAGS)'); - -foreach (values %lib_nam) - { - $lib_obj=$lib_obj{$_}; - local($slib)=$shlib; - - if (($_ eq "SSL") && $no_ssl2 && $no_ssl3) - { - $rules.="\$(O_SSL):\n\n"; - next; - } - - if (($bn_asm_obj ne "") && ($_ eq "CRYPTO")) - { - $lib_obj =~ s/\s\S*\/bn_asm\S*/ \$(BN_ASM_OBJ)/; - $rules.=&do_asm_rule($bn_asm_obj,$bn_asm_src); - } - if (($bnco_asm_obj ne "") && ($_ eq "CRYPTO")) - { - $lib_obj .= "\$(BNCO_ASM_OBJ)"; - $rules.=&do_asm_rule($bnco_asm_obj,$bnco_asm_src); - } - if (($des_enc_obj ne "") && ($_ eq "CRYPTO")) - { - $lib_obj =~ s/\s\S*des_enc\S*/ \$(DES_ENC_OBJ)/; - $lib_obj =~ s/\s\S*\/fcrypt_b\S*\s*/ /; - $rules.=&do_asm_rule($des_enc_obj,$des_enc_src); - } - if (($bf_enc_obj ne "") && ($_ eq "CRYPTO")) - { - $lib_obj =~ s/\s\S*\/bf_enc\S*/ \$(BF_ENC_OBJ)/; - $rules.=&do_asm_rule($bf_enc_obj,$bf_enc_src); - } - if (($cast_enc_obj ne "") && ($_ eq "CRYPTO")) - { - $lib_obj =~ s/(\s\S*\/c_enc\S*)/ \$(CAST_ENC_OBJ)/; - $rules.=&do_asm_rule($cast_enc_obj,$cast_enc_src); - } - if (($rc4_enc_obj ne "") && ($_ eq "CRYPTO")) - { - $lib_obj =~ s/\s\S*\/rc4_enc\S*/ \$(RC4_ENC_OBJ)/; - $rules.=&do_asm_rule($rc4_enc_obj,$rc4_enc_src); - } - if (($rc5_enc_obj ne "") && ($_ eq "CRYPTO")) - { - $lib_obj =~ s/\s\S*\/rc5_enc\S*/ \$(RC5_ENC_OBJ)/; - $rules.=&do_asm_rule($rc5_enc_obj,$rc5_enc_src); - } - if (($md5_asm_obj ne "") && ($_ eq "CRYPTO")) - { - $lib_obj =~ s/\s(\S*\/md5_dgst\S*)/ $1 \$(MD5_ASM_OBJ)/; - $rules.=&do_asm_rule($md5_asm_obj,$md5_asm_src); - } - if (($sha1_asm_obj ne "") && ($_ eq "CRYPTO")) - { - $lib_obj =~ s/\s(\S*\/sha1dgst\S*)/ $1 \$(SHA1_ASM_OBJ)/; - $rules.=&do_asm_rule($sha1_asm_obj,$sha1_asm_src); - } - if (($rmd160_asm_obj ne "") && ($_ eq "CRYPTO")) - { - $lib_obj =~ s/\s(\S*\/rmd_dgst\S*)/ $1 \$(RMD160_ASM_OBJ)/; - $rules.=&do_asm_rule($rmd160_asm_obj,$rmd160_asm_src); - } - $defs.=&do_defs(${_}."OBJ",$lib_obj,"\$(OBJ_D)",$obj); - $lib=($slib)?" \$(SHLIB_CFLAGS)".$shlib_ex_cflags{$_}:" \$(LIB_CFLAGS)"; - $rules.=&do_compile_rule("\$(OBJ_D)",$lib_obj{$_},$lib); - } - -$defs.=&do_defs("T_EXE",$test,"\$(TEST_D)",$exep); -foreach (split(/\s+/,$test)) - { - $t=&bname($_); - $tt="\$(OBJ_D)${o}$t${obj}"; - $rules.=&do_link_rule("\$(TEST_D)$o$t$exep",$tt,"\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)"); - } - -$rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib,"\$(SO_SSL)"); -$rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)"); - -$rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)"); - -print $defs; - -if ($platform eq "linux-elf") { - print <<"EOF"; -# Generate perlasm output files -%.cpp: - (cd \$(\@D)/..; PERL=perl make -f Makefile.ssl asm/\$(\@F)) -EOF -} -print "###################################################################\n"; -print $rules; - -############################################### -# strip off any trailing .[och] and append the relative directory -# also remembering to do nothing if we are in one of the dropped -# directories -sub var_add - { - local($dir,$val)=@_; - local(@a,$_,$ret); - - return("") if $no_idea && $dir =~ /\/idea/; - return("") if $no_aes && $dir =~ /\/aes/; - return("") if $no_rc2 && $dir =~ /\/rc2/; - return("") if $no_rc4 && $dir =~ /\/rc4/; - return("") if $no_rc5 && $dir =~ /\/rc5/; - return("") if $no_rsa && $dir =~ /\/rsa/; - return("") if $no_rsa && $dir =~ /^rsaref/; - return("") if $no_dsa && $dir =~ /\/dsa/; - return("") if $no_dh && $dir =~ /\/dh/; - if ($no_des && $dir =~ /\/des/) - { - if ($val =~ /read_pwd/) - { return("$dir/read_pwd "); } - else - { return(""); } - } - return("") if $no_mdc2 && $dir =~ /\/mdc2/; - return("") if $no_sock && $dir =~ /\/proxy/; - return("") if $no_bf && $dir =~ /\/bf/; - return("") if $no_cast && $dir =~ /\/cast/; - - $val =~ s/^\s*(.*)\s*$/$1/; - @a=split(/\s+/,$val); - grep(s/\.[och]$//,@a); - - @a=grep(!/^e_.*_3d$/,@a) if $no_des; - @a=grep(!/^e_.*_d$/,@a) if $no_des; - @a=grep(!/^e_.*_ae$/,@a) if $no_idea; - @a=grep(!/^e_.*_i$/,@a) if $no_aes; - @a=grep(!/^e_.*_r2$/,@a) if $no_rc2; - @a=grep(!/^e_.*_r5$/,@a) if $no_rc5; - @a=grep(!/^e_.*_bf$/,@a) if $no_bf; - @a=grep(!/^e_.*_c$/,@a) if $no_cast; - @a=grep(!/^e_rc4$/,@a) if $no_rc4; - - @a=grep(!/(^s2_)|(^s23_)/,@a) if $no_ssl2; - @a=grep(!/(^s3_)|(^s23_)/,@a) if $no_ssl3; - - @a=grep(!/(_sock$)|(_acpt$)|(_conn$)|(^pxy_)/,@a) if $no_sock; - - @a=grep(!/(^md2)|(_md2$)/,@a) if $no_md2; - @a=grep(!/(^md4)|(_md4$)/,@a) if $no_md4; - @a=grep(!/(^md5)|(_md5$)/,@a) if $no_md5; - @a=grep(!/(rmd)|(ripemd)/,@a) if $no_rmd160; - - @a=grep(!/(^d2i_r_)|(^i2d_r_)/,@a) if $no_rsa; - @a=grep(!/(^p_open$)|(^p_seal$)/,@a) if $no_rsa; - @a=grep(!/(^pem_seal$)/,@a) if $no_rsa; - - @a=grep(!/(m_dss$)|(m_dss1$)/,@a) if $no_dsa; - @a=grep(!/(^d2i_s_)|(^i2d_s_)|(_dsap$)/,@a) if $no_dsa; - - @a=grep(!/^n_pkey$/,@a) if $no_rsa || $no_rc4; - - @a=grep(!/_dhp$/,@a) if $no_dh; - - @a=grep(!/(^sha[^1])|(_sha$)|(m_dss$)/,@a) if $no_sha; - @a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1; - @a=grep(!/_mdc2$/,@a) if $no_mdc2; - - @a=grep(!/(^rsa$)|(^genrsa$)/,@a) if $no_rsa; - @a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/,@a) if $no_dsa; - @a=grep(!/^gendsa$/,@a) if $no_sha1; - @a=grep(!/(^dh$)|(^gendh$)/,@a) if $no_dh; - - @a=grep(!/(^dh)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1; - - grep($_="$dir/$_",@a); - @a=grep(!/(^|\/)s_/,@a) if $no_sock; - @a=grep(!/(^|\/)bio_sock/,@a) if $no_sock; - $ret=join(' ',@a)." "; - return($ret); - } - -# change things so that each 'token' is only separated by one space -sub clean_up_ws - { - local($w)=@_; - - $w =~ s/^\s*(.*)\s*$/$1/; - $w =~ s/\s+/ /g; - return($w); - } - -sub do_defs - { - local($var,$files,$location,$postfix)=@_; - local($_,$ret,$pf); - local(*OUT,$tmp,$t); - - $files =~ s/\//$o/g if $o ne '/'; - $ret="$var="; - $n=1; - $Vars{$var}.=""; - foreach (split(/ /,$files)) - { - $orig=$_; - $_=&bname($_) unless /^\$/; - if ($n++ == 2) - { - $n=0; - $ret.="\\\n\t"; - } - if (($_ =~ /bss_file/) && ($postfix eq ".h")) - { $pf=".c"; } - else { $pf=$postfix; } - if ($_ =~ /BN_ASM/) { $t="$_ "; } - elsif ($_ =~ /BNCO_ASM/){ $t="$_ "; } - elsif ($_ =~ /DES_ENC/) { $t="$_ "; } - elsif ($_ =~ /BF_ENC/) { $t="$_ "; } - elsif ($_ =~ /CAST_ENC/){ $t="$_ "; } - elsif ($_ =~ /RC4_ENC/) { $t="$_ "; } - elsif ($_ =~ /RC5_ENC/) { $t="$_ "; } - elsif ($_ =~ /MD5_ASM/) { $t="$_ "; } - elsif ($_ =~ /SHA1_ASM/){ $t="$_ "; } - elsif ($_ =~ /RMD160_ASM/){ $t="$_ "; } - else { $t="$location${o}$_$pf "; } - - $Vars{$var}.="$t "; - $ret.=$t; - } - chop($ret); - $ret.="\n\n"; - return($ret); - } - -# return the name with the leading path removed -sub bname - { - local($ret)=@_; - $ret =~ s/^.*[\\\/]([^\\\/]+)$/$1/; - return($ret); - } - - -############################################################## -# do a rule for each file that says 'compile' to new direcory -# compile the files in '$files' into $to -sub do_compile_rule - { - local($to,$files,$ex)=@_; - local($ret,$_,$n); - - $files =~ s/\//$o/g if $o ne '/'; - foreach (split(/\s+/,$files)) - { - $n=&bname($_); - $ret.=&cc_compile_target("$to${o}$n$obj","${_}.c",$ex) - } - return($ret); - } - -############################################################## -# do a rule for each file that says 'compile' to new direcory -sub cc_compile_target - { - local($target,$source,$ex_flags)=@_; - local($ret); - - $ex_flags.=" -DMK1MF_BUILD -D$platform_cpp_symbol" if ($source =~ /cversion/); - $target =~ s/\//$o/g if $o ne "/"; - $source =~ s/\//$o/g if $o ne "/"; - $ret ="$target: \$(SRC_D)$o$source\n\t"; - $ret.="\$(CC) ${ofile}$target $ex_flags -c \$(SRC_D)$o$source\n\n"; - return($ret); - } - -############################################################## -sub do_asm_rule - { - local($target,$src)=@_; - local($ret,@s,@t,$i); - - $target =~ s/\//$o/g if $o ne "/"; - $src =~ s/\//$o/g if $o ne "/"; - - @s=split(/\s+/,$src); - @t=split(/\s+/,$target); - - for ($i=0; $i<=$#s; $i++) - { - $ret.="$t[$i]: $s[$i]\n"; - $ret.="\t\$(ASM) $afile$t[$i] \$(SRC_D)$o$s[$i]\n\n"; - } - return($ret); - } - -sub do_shlib_rule - { - local($n,$def)=@_; - local($ret,$nn); - local($t); - - ($nn=$n) =~ tr/a-z/A-Z/; - $ret.="$n.dll: \$(${nn}OBJ)\n"; - if ($vc && $w32) - { - $ret.="\t\$(MKSHLIB) $efile$n.dll $def @<<\n \$(${nn}OBJ_F)\n<<\n"; - } - $ret.="\n"; - return($ret); - } - -# do a rule for each file that says 'copy' to new direcory on change -sub do_copy_rule - { - local($to,$files,$p)=@_; - local($ret,$_,$n,$pp); - - $files =~ s/\//$o/g if $o ne '/'; - foreach (split(/\s+/,$files)) - { - $n=&bname($_); - if ($n =~ /bss_file/) - { $pp=".c"; } - else { $pp=$p; } - $ret.="$to${o}$n$pp: \$(SRC_D)$o$_$pp\n\t\$(CP) \$(SRC_D)$o$_$pp $to${o}$n$pp\n\n"; - } - return($ret); - } - -sub read_options - { - if (/^no-rc2$/) { $no_rc2=1; } - elsif (/^no-rc4$/) { $no_rc4=1; } - elsif (/^no-rc5$/) { $no_rc5=1; } - elsif (/^no-idea$/) { $no_idea=1; } - elsif (/^no-aes$/) { $no_aes=1; } - elsif (/^no-des$/) { $no_des=1; } - elsif (/^no-bf$/) { $no_bf=1; } - elsif (/^no-cast$/) { $no_cast=1; } - elsif (/^no-md2$/) { $no_md2=1; } - elsif (/^no-md4$/) { $no_md4=1; } - elsif (/^no-md5$/) { $no_md5=1; } - elsif (/^no-sha$/) { $no_sha=1; } - elsif (/^no-sha1$/) { $no_sha1=1; } - elsif (/^no-ripemd$/) { $no_ripemd=1; } - elsif (/^no-mdc2$/) { $no_mdc2=1; } - elsif (/^no-patents$/) { $no_rc2=$no_rc4=$no_rc5=$no_idea=$no_rsa=1; } - elsif (/^no-rsa$/) { $no_rsa=1; } - elsif (/^no-dsa$/) { $no_dsa=1; } - elsif (/^no-dh$/) { $no_dh=1; } - elsif (/^no-hmac$/) { $no_hmac=1; } - elsif (/^no-aes$/) { $no_aes=1; } - elsif (/^no-asm$/) { $no_asm=1; } - elsif (/^nasm$/) { $nasm=1; } - elsif (/^gaswin$/) { $gaswin=1; } - elsif (/^no-ssl2$/) { $no_ssl2=1; } - elsif (/^no-ssl3$/) { $no_ssl3=1; } - elsif (/^no-err$/) { $no_err=1; } - elsif (/^no-sock$/) { $no_sock=1; } - elsif (/^no-krb5$/) { $no_krb5=1; } - elsif (/^no-ec$/) { $no_ec=1; } - - elsif (/^just-ssl$/) { $no_rc2=$no_idea=$no_des=$no_bf=$no_cast=1; - $no_md2=$no_sha=$no_mdc2=$no_dsa=$no_dh=1; - $no_ssl2=$no_err=$no_rmd160=$no_rc5=1; - $no_aes=1; } - - elsif (/^rsaref$/) { } - elsif (/^gcc$/) { $gcc=1; } - elsif (/^debug$/) { $debug=1; } - elsif (/^profile$/) { $profile=1; } - elsif (/^shlib$/) { $shlib=1; } - elsif (/^dll$/) { $shlib=1; } - elsif (/^shared$/) { } # We just need to ignore it for now... - elsif (/^([^=]*)=(.*)$/){ $VARS{$1}=$2; } - elsif (/^-[lL].*$/) { $l_flags.="$_ "; } - elsif ((!/^-help/) && (!/^-h/) && (!/^-\?/) && /^-.*$/) - { $c_flags.="$_ "; } - else { return(0); } - return(1); - } diff --git a/src/lib/libcrypto/util/mkcerts.sh b/src/lib/libcrypto/util/mkcerts.sh deleted file mode 100644 index 5f8a1dae739..00000000000 --- a/src/lib/libcrypto/util/mkcerts.sh +++ /dev/null @@ -1,220 +0,0 @@ -#!bin/sh - -# This script will re-make all the required certs. -# cd apps -# sh ../util/mkcerts.sh -# mv ca-cert.pem pca-cert.pem ../certs -# cd .. -# cat certs/*.pem >>apps/server.pem -# cat certs/*.pem >>apps/server2.pem -# SSLEAY=`pwd`/apps/ssleay; export SSLEAY -# sh tools/c_rehash certs -# - -CAbits=1024 -SSLEAY="../apps/ssleay" -CONF="-config ../apps/ssleay.cnf" - -# create pca request. -echo creating $CAbits bit PCA cert request -$SSLEAY req $CONF \ - -new -md5 -newkey $CAbits \ - -keyout pca-key.pem \ - -out pca-req.pem -nodes >/dev/null </dev/null </dev/null </dev/null </dev/null <> pca-cert.pem -cat ca-key.pem >> ca-cert.pem -cat s512-key.pem >> server.pem -cat s1024key.pem >> server2.pem -cat c512-key.pem >> client.pem - -for i in pca-cert.pem ca-cert.pem server.pem server2.pem client.pem -do -$SSLEAY x509 -issuer -subject -in $i -noout >$$ -cat $$ -/bin/cat $i >>$$ -/bin/mv $$ $i -done - -#/bin/rm -f *key.pem *req.pem *.srl - -echo Finished - diff --git a/src/lib/libcrypto/util/mkdef.pl b/src/lib/libcrypto/util/mkdef.pl deleted file mode 100644 index ecba93cd948..00000000000 --- a/src/lib/libcrypto/util/mkdef.pl +++ /dev/null @@ -1,1338 +0,0 @@ -#!/usr/local/bin/perl -w -# -# generate a .def file -# -# It does this by parsing the header files and looking for the -# prototyped functions: it then prunes the output. -# -# Intermediary files are created, call libeay.num and ssleay.num,... -# Previously, they had the following format: -# -# routine-name nnnn -# -# But that isn't enough for a number of reasons, the first on being that -# this format is (needlessly) very Win32-centric, and even then... -# One of the biggest problems is that there's no information about what -# routines should actually be used, which varies with what crypto algorithms -# are disabled. Also, some operating systems (for example VMS with VAX C) -# need to keep track of the global variables as well as the functions. -# -# So, a remake of this script is done so as to include information on the -# kind of symbol it is (function or variable) and what algorithms they're -# part of. This will allow easy translating to .def files or the corresponding -# file in other operating systems (a .opt file for VMS, possibly with a .mar -# file). -# -# The format now becomes: -# -# routine-name nnnn info -# -# and the "info" part is actually a colon-separated string of fields with -# the following meaning: -# -# existence:platform:kind:algorithms -# -# - "existence" can be "EXIST" or "NOEXIST" depending on if the symbol is -# found somewhere in the source, -# - "platforms" is empty if it exists on all platforms, otherwise it contains -# comma-separated list of the platform, just as they are if the symbol exists -# for those platforms, or prepended with a "!" if not. This helps resolve -# symbol name variants for platforms where the names are too long for the -# compiler or linker, or if the systems is case insensitive and there is a -# clash, or the symbol is implemented differently (see -# EXPORT_VAR_AS_FUNCTION). This script assumes renaming of symbols is found -# in the file crypto/symhacks.h. -# The semantics for the platforms is that every item is checked against the -# environment. For the negative items ("!FOO"), if any of them is false -# (i.e. "FOO" is true) in the environment, the corresponding symbol can't be -# used. For the positive itms, if all of them are false in the environment, -# the corresponding symbol can't be used. Any combination of positive and -# negative items are possible, and of course leave room for some redundancy. -# - "kind" is "FUNCTION" or "VARIABLE". The meaning of that is obvious. -# - "algorithms" is a comma-separated list of algorithm names. This helps -# exclude symbols that are part of an algorithm that some user wants to -# exclude. -# - -my $debug=0; - -my $crypto_num= "util/libeay.num"; -my $ssl_num= "util/ssleay.num"; - -my $do_update = 0; -my $do_rewrite = 1; -my $do_crypto = 0; -my $do_ssl = 0; -my $do_ctest = 0; -my $do_ctestall = 0; -my $do_checkexist = 0; - -my $VMSVAX=0; -my $VMSAlpha=0; -my $VMS=0; -my $W32=0; -my $W16=0; -my $NT=0; -# Set this to make typesafe STACK definitions appear in DEF -my $safe_stack_def = 0; - -my @known_platforms = ( "__FreeBSD__", "PERL5", "NeXT", - "EXPORT_VAR_AS_FUNCTION" ); -my @known_ossl_platforms = ( "VMS", "WIN16", "WIN32", "WINNT" ); -my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", - "CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1", - "RIPEMD", - "MDC2", "RSA", "DSA", "DH", "EC", "HMAC", "AES", - # Envelope "algorithms" - "EVP", "X509", "ASN1_TYPEDEFS", - # Helper "algorithms" - "BIO", "COMP", "BUFFER", "LHASH", "STACK", "ERR", - "LOCKING", - # External "algorithms" - "FP_API", "STDIO", "SOCK", "KRB5" ); - -my $options=""; -open(IN,") { - $options=$1 if (/^OPTIONS=(.*)$/); -} -close(IN); - -# The following ciphers may be excluded (by Configure). This means functions -# defined with ifndef(NO_XXX) are not included in the .def file, and everything -# in directory xxx is ignored. -my $no_rc2; my $no_rc4; my $no_rc5; my $no_idea; my $no_des; my $no_bf; -my $no_cast; -my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2; -my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5; -my $no_ec; -my $no_fp_api; - -foreach (@ARGV, split(/ /, $options)) - { - $debug=1 if $_ eq "debug"; - $W32=1 if $_ eq "32"; - $W16=1 if $_ eq "16"; - if($_ eq "NT") { - $W32 = 1; - $NT = 1; - } - if ($_ eq "VMS-VAX") { - $VMS=1; - $VMSVAX=1; - } - if ($_ eq "VMS-Alpha") { - $VMS=1; - $VMSAlpha=1; - } - $VMS=1 if $_ eq "VMS"; - - $do_ssl=1 if $_ eq "ssleay"; - $do_ssl=1 if $_ eq "ssl"; - $do_crypto=1 if $_ eq "libeay"; - $do_crypto=1 if $_ eq "crypto"; - $do_update=1 if $_ eq "update"; - $do_rewrite=1 if $_ eq "rewrite"; - $do_ctest=1 if $_ eq "ctest"; - $do_ctestall=1 if $_ eq "ctestall"; - $do_checkexist=1 if $_ eq "exist"; - #$safe_stack_def=1 if $_ eq "-DDEBUG_SAFESTACK"; - - if (/^no-rc2$/) { $no_rc2=1; } - elsif (/^no-rc4$/) { $no_rc4=1; } - elsif (/^no-rc5$/) { $no_rc5=1; } - elsif (/^no-idea$/) { $no_idea=1; } - elsif (/^no-des$/) { $no_des=1; $no_mdc2=1; } - elsif (/^no-bf$/) { $no_bf=1; } - elsif (/^no-cast$/) { $no_cast=1; } - elsif (/^no-md2$/) { $no_md2=1; } - elsif (/^no-md4$/) { $no_md4=1; } - elsif (/^no-md5$/) { $no_md5=1; } - elsif (/^no-sha$/) { $no_sha=1; } - elsif (/^no-ripemd$/) { $no_ripemd=1; } - elsif (/^no-mdc2$/) { $no_mdc2=1; } - elsif (/^no-rsa$/) { $no_rsa=1; } - elsif (/^no-dsa$/) { $no_dsa=1; } - elsif (/^no-dh$/) { $no_dh=1; } - elsif (/^no-ec$/) { $no_ec=1; } - elsif (/^no-hmac$/) { $no_hmac=1; } - elsif (/^no-aes$/) { $no_aes=1; } - elsif (/^no-evp$/) { $no_evp=1; } - elsif (/^no-lhash$/) { $no_lhash=1; } - elsif (/^no-stack$/) { $no_stack=1; } - elsif (/^no-err$/) { $no_err=1; } - elsif (/^no-buffer$/) { $no_buffer=1; } - elsif (/^no-bio$/) { $no_bio=1; } - #elsif (/^no-locking$/) { $no_locking=1; } - elsif (/^no-comp$/) { $no_comp=1; } - elsif (/^no-dso$/) { $no_dso=1; } - elsif (/^no-krb5$/) { $no_krb5=1; } - } - - -# If no platform is given, assume WIN32 -if ($W32 + $W16 + $VMS == 0) { - $W32 = 1; -} - -# Add extra knowledge -if ($W16) { - $no_fp_api=1; -} - -if (!$do_ssl && !$do_crypto) - { - print STDERR "usage: $0 ( ssl | crypto ) [ 16 | 32 | NT ]\n"; - exit(1); - } - -%ssl_list=&load_numbers($ssl_num); -$max_ssl = $max_num; -%crypto_list=&load_numbers($crypto_num); -$max_crypto = $max_num; - -my $ssl="ssl/ssl.h"; -$ssl.=" ssl/kssl.h"; - -my $crypto ="crypto/crypto.h"; -$crypto.=" crypto/des/des.h crypto/des/des_old.h" ; # unless $no_des; -$crypto.=" crypto/idea/idea.h" ; # unless $no_idea; -$crypto.=" crypto/rc4/rc4.h" ; # unless $no_rc4; -$crypto.=" crypto/rc5/rc5.h" ; # unless $no_rc5; -$crypto.=" crypto/rc2/rc2.h" ; # unless $no_rc2; -$crypto.=" crypto/bf/blowfish.h" ; # unless $no_bf; -$crypto.=" crypto/cast/cast.h" ; # unless $no_cast; -$crypto.=" crypto/md2/md2.h" ; # unless $no_md2; -$crypto.=" crypto/md4/md4.h" ; # unless $no_md4; -$crypto.=" crypto/md5/md5.h" ; # unless $no_md5; -$crypto.=" crypto/mdc2/mdc2.h" ; # unless $no_mdc2; -$crypto.=" crypto/sha/sha.h" ; # unless $no_sha; -$crypto.=" crypto/ripemd/ripemd.h" ; # unless $no_ripemd; -$crypto.=" crypto/aes/aes.h" ; # unless $no_aes; - -$crypto.=" crypto/bn/bn.h"; -$crypto.=" crypto/rsa/rsa.h" ; # unless $no_rsa; -$crypto.=" crypto/dsa/dsa.h" ; # unless $no_dsa; -$crypto.=" crypto/dh/dh.h" ; # unless $no_dh; -$crypto.=" crypto/ec/ec.h" ; # unless $no_ec; -$crypto.=" crypto/hmac/hmac.h" ; # unless $no_hmac; - -$crypto.=" crypto/engine/engine.h"; -$crypto.=" crypto/stack/stack.h" ; # unless $no_stack; -$crypto.=" crypto/buffer/buffer.h" ; # unless $no_buffer; -$crypto.=" crypto/bio/bio.h" ; # unless $no_bio; -$crypto.=" crypto/dso/dso.h" ; # unless $no_dso; -$crypto.=" crypto/lhash/lhash.h" ; # unless $no_lhash; -$crypto.=" crypto/conf/conf.h"; -$crypto.=" crypto/txt_db/txt_db.h"; - -$crypto.=" crypto/evp/evp.h" ; # unless $no_evp; -$crypto.=" crypto/objects/objects.h"; -$crypto.=" crypto/pem/pem.h"; -#$crypto.=" crypto/meth/meth.h"; -$crypto.=" crypto/asn1/asn1.h"; -$crypto.=" crypto/asn1/asn1t.h"; -$crypto.=" crypto/asn1/asn1_mac.h"; -$crypto.=" crypto/err/err.h" ; # unless $no_err; -$crypto.=" crypto/pkcs7/pkcs7.h"; -$crypto.=" crypto/pkcs12/pkcs12.h"; -$crypto.=" crypto/x509/x509.h"; -$crypto.=" crypto/x509/x509_vfy.h"; -$crypto.=" crypto/x509v3/x509v3.h"; -$crypto.=" crypto/rand/rand.h"; -$crypto.=" crypto/comp/comp.h" ; # unless $no_comp; -$crypto.=" crypto/ocsp/ocsp.h"; -$crypto.=" crypto/ui/ui.h crypto/ui/ui_compat.h"; -$crypto.=" crypto/krb5/krb5_asn.h"; -$crypto.=" crypto/tmdiff.h"; - -my $symhacks="crypto/symhacks.h"; - -my @ssl_symbols = &do_defs("SSLEAY", $ssl, $symhacks); -my @crypto_symbols = &do_defs("LIBEAY", $crypto, $symhacks); - -if ($do_update) { - -if ($do_ssl == 1) { - - &maybe_add_info("SSLEAY",*ssl_list,@ssl_symbols); - if ($do_rewrite == 1) { - open(OUT, ">$ssl_num"); - &rewrite_numbers(*OUT,"SSLEAY",*ssl_list,@ssl_symbols); - } else { - open(OUT, ">>$ssl_num"); - } - &update_numbers(*OUT,"SSLEAY",*ssl_list,$max_ssl,@ssl_symbols); - close OUT; -} - -if($do_crypto == 1) { - - &maybe_add_info("LIBEAY",*crypto_list,@crypto_symbols); - if ($do_rewrite == 1) { - open(OUT, ">$crypto_num"); - &rewrite_numbers(*OUT,"LIBEAY",*crypto_list,@crypto_symbols); - } else { - open(OUT, ">>$crypto_num"); - } - &update_numbers(*OUT,"LIBEAY",*crypto_list,$max_crypto,@crypto_symbols); - close OUT; -} - -} elsif ($do_checkexist) { - &check_existing(*ssl_list, @ssl_symbols) - if $do_ssl == 1; - &check_existing(*crypto_list, @crypto_symbols) - if $do_crypto == 1; -} elsif ($do_ctest || $do_ctestall) { - - print <<"EOF"; - -/* Test file to check all DEF file symbols are present by trying - * to link to all of them. This is *not* intended to be run! - */ - -int main() -{ -EOF - &print_test_file(*STDOUT,"SSLEAY",*ssl_list,$do_ctestall,@ssl_symbols) - if $do_ssl == 1; - - &print_test_file(*STDOUT,"LIBEAY",*crypto_list,$do_ctestall,@crypto_symbols) - if $do_crypto == 1; - - print "}\n"; - -} else { - - &print_def_file(*STDOUT,"SSLEAY",*ssl_list,@ssl_symbols) - if $do_ssl == 1; - - &print_def_file(*STDOUT,"LIBEAY",*crypto_list,@crypto_symbols) - if $do_crypto == 1; - -} - - -sub do_defs -{ - my($name,$files,$symhacksfile)=@_; - my $file; - my @ret; - my %syms; - my %platform; # For anything undefined, we assume "" - my %kind; # For anything undefined, we assume "FUNCTION" - my %algorithm; # For anything undefined, we assume "" - my %variant; - my %variant_cnt; # To be able to allocate "name{n}" if "name" - # is the same name as the original. - my $cpp; - my %unknown_algorithms = (); - - foreach $file (split(/\s+/,$symhacksfile." ".$files)) - { - print STDERR "DEBUG: starting on $file:\n" if $debug; - open(IN,"<$file") || die "unable to open $file:$!\n"; - my $line = "", my $def= ""; - my %tag = ( - (map { $_ => 0 } @known_platforms), - (map { "OPENSSL_SYS_".$_ => 0 } @known_ossl_platforms), - (map { "OPENSSL_NO_".$_ => 0 } @known_algorithms), - NOPROTO => 0, - PERL5 => 0, - _WINDLL => 0, - CONST_STRICT => 0, - TRUE => 1, - ); - my $symhacking = $file eq $symhacksfile; - my @current_platforms = (); - my @current_algorithms = (); - - # params: symbol, alias, platforms, kind - # The reason to put this subroutine in a variable is that - # it will otherwise create it's own, unshared, version of - # %tag and %variant... - my $make_variant = sub - { - my ($s, $a, $p, $k) = @_; - my ($a1, $a2); - - print STDERR "DEBUG: make_variant: Entered with ",$s,", ",$a,", ",(defined($p)?$p:""),", ",(defined($k)?$k:""),"\n" if $debug; - if (defined($p)) - { - $a1 = join(",",$p, - grep(!/^$/, - map { $tag{$_} == 1 ? $_ : "" } - @known_platforms)); - } - else - { - $a1 = join(",", - grep(!/^$/, - map { $tag{$_} == 1 ? $_ : "" } - @known_platforms)); - } - $a2 = join(",", - grep(!/^$/, - map { $tag{"OPENSSL_SYS_".$_} == 1 ? $_ : "" } - @known_ossl_platforms)); - print STDERR "DEBUG: make_variant: a1 = $a1; a2 = $a2\n" if $debug; - if ($a1 eq "") { $a1 = $a2; } - elsif ($a1 ne "" && $a2 ne "") { $a1 .= ",".$a2; } - if ($a eq $s) - { - if (!defined($variant_cnt{$s})) - { - $variant_cnt{$s} = 0; - } - $variant_cnt{$s}++; - $a .= "{$variant_cnt{$s}}"; - } - my $toadd = $a.":".$a1.(defined($k)?":".$k:""); - my $togrep = $s.'(\{[0-9]+\})?:'.$a1.(defined($k)?":".$k:""); - if (!grep(/^$togrep$/, - split(/;/, defined($variant{$s})?$variant{$s}:""))) { - if (defined($variant{$s})) { $variant{$s} .= ";"; } - $variant{$s} .= $toadd; - } - print STDERR "DEBUG: make_variant: Exit with variant of ",$s," = ",$variant{$s},"\n" if $debug; - }; - - print STDERR "DEBUG: parsing ----------\n" if $debug; - while() { - last if (/\/\* Error codes for the \w+ functions\. \*\//); - if ($line ne '') { - $_ = $line . $_; - $line = ''; - } - - if (/\\$/) { - chomp; # remove eol - chop; # remove ending backslash - $line = $_; - next; - } - - $cpp = 1 if /^\#.*ifdef.*cplusplus/; - if ($cpp) { - $cpp = 0 if /^\#.*endif/; - next; - } - - s/\/\*.*?\*\///gs; # ignore comments - s/{[^{}]*}//gs; # ignore {} blocks - print STDERR "DEBUG: \$_=\"$_\"\n" if $debug; - if (/^\#\s*ifndef\s+(.*)/) { - push(@tag,"-"); - push(@tag,$1); - $tag{$1}=-1; - print STDERR "DEBUG: $file: found tag $1 = -1\n" if $debug; - } elsif (/^\#\s*if\s+!defined\(([^\)]+)\)/) { - push(@tag,"-"); - if (/^\#\s*if\s+(!defined\(([^\)]+)\)(\s+\&\&\s+!defined\(([^\)]+)\))*)$/) { - my $tmp_1 = $1; - my $tmp_; - foreach $tmp_ (split '\&\&',$tmp_1) { - $tmp_ =~ /!defined\(([^\)]+)\)/; - print STDERR "DEBUG: $file: found tag $1 = -1\n" if $debug; - push(@tag,$1); - $tag{$1}=-1; - } - } else { - print STDERR "Warning: $file: complicated expression: $_" if $debug; # because it is O... - print STDERR "DEBUG: $file: found tag $1 = -1\n" if $debug; - push(@tag,$1); - $tag{$1}=-1; - } - } elsif (/^\#\s*ifdef\s+(.*)/) { - push(@tag,"-"); - push(@tag,$1); - $tag{$1}=1; - print STDERR "DEBUG: $file: found tag $1 = 1\n" if $debug; - } elsif (/^\#\s*if\s+defined\(([^\)]+)\)/) { - push(@tag,"-"); - if (/^\#\s*if\s+(defined\(([^\)]+)\)(\s+\|\|\s+defined\(([^\)]+)\))*)$/) { - my $tmp_1 = $1; - my $tmp_; - foreach $tmp_ (split '\|\|',$tmp_1) { - $tmp_ =~ /defined\(([^\)]+)\)/; - print STDERR "DEBUG: $file: found tag $1 = 1\n" if $debug; - push(@tag,$1); - $tag{$1}=1; - } - } else { - print STDERR "Warning: $file: complicated expression: $_\n" if $debug; # because it is O... - print STDERR "DEBUG: $file: found tag $1 = 1\n" if $debug; - push(@tag,$1); - $tag{$1}=1; - } - } elsif (/^\#\s*error\s+(\w+) is disabled\./) { - my $tag_i = $#tag; - while($tag[$tag_i] ne "-") { - if ($tag[$tag_i] eq "OPENSSL_NO_".$1) { - $tag{$tag[$tag_i]}=2; - print STDERR "DEBUG: $file: chaged tag $1 = 2\n" if $debug; - } - $tag_i--; - } - } elsif (/^\#\s*endif/) { - my $tag_i = $#tag; - while($tag[$tag_i] ne "-") { - my $t=$tag[$tag_i]; - print STDERR "DEBUG: \$t=\"$t\"\n" if $debug; - if ($tag{$t}==2) { - $tag{$t}=-1; - } else { - $tag{$t}=0; - } - print STDERR "DEBUG: $file: changed tag ",$t," = ",$tag{$t},"\n" if $debug; - pop(@tag); - if ($t =~ /^OPENSSL_NO_([A-Z0-9_]+)$/) { - $t=$1; - } else { - $t=""; - } - if ($t ne "" - && !grep(/^$t$/, @known_algorithms)) { - $unknown_algorithms{$t} = 1; - #print STDERR "DEBUG: Added as unknown algorithm: $t\n" if $debug; - } - $tag_i--; - } - pop(@tag); - } elsif (/^\#\s*else/) { - my $tag_i = $#tag; - while($tag[$tag_i] ne "-") { - my $t=$tag[$tag_i]; - $tag{$t}= -$tag{$t}; - print STDERR "DEBUG: $file: changed tag ",$t," = ",$tag{$t},"\n" if $debug; - $tag_i--; - } - } elsif (/^\#\s*if\s+1/) { - push(@tag,"-"); - # Dummy tag - push(@tag,"TRUE"); - $tag{"TRUE"}=1; - print STDERR "DEBUG: $file: found 1\n" if $debug; - } elsif (/^\#\s*if\s+0/) { - push(@tag,"-"); - # Dummy tag - push(@tag,"TRUE"); - $tag{"TRUE"}=-1; - print STDERR "DEBUG: $file: found 0\n" if $debug; - } elsif (/^\#\s*define\s+(\w+)\s+(\w+)/ - && $symhacking && $tag{'TRUE'} != -1) { - # This is for aliasing. When we find an alias, - # we have to invert - &$make_variant($1,$2); - print STDERR "DEBUG: $file: defined $1 = $2\n" if $debug; - } - if (/^\#/) { - @current_platforms = - grep(!/^$/, - map { $tag{$_} == 1 ? $_ : - $tag{$_} == -1 ? "!".$_ : "" } - @known_platforms); - push @current_platforms - , grep(!/^$/, - map { $tag{"OPENSSL_SYS_".$_} == 1 ? $_ : - $tag{"OPENSSL_SYS_".$_} == -1 ? "!".$_ : "" } - @known_ossl_platforms); - @current_algorithms = - grep(!/^$/, - map { $tag{"OPENSSL_NO_".$_} == -1 ? $_ : "" } - @known_algorithms); - $def .= - "#INFO:" - .join(',',@current_platforms).":" - .join(',',@current_algorithms).";"; - next; - } - if ($tag{'TRUE'} != -1) { - if (/^\s*DECLARE_STACK_OF\s*\(\s*(\w*)\s*\)/) { - next; - } elsif (/^\s*DECLARE_ASN1_ENCODE_FUNCTIONS\s*\(\s*(\w*)\s*,\s*(\w*)\s*,\s*(\w*)\s*\)/) { - $def .= "int d2i_$3(void);"; - $def .= "int i2d_$3(void);"; - # Variant for platforms that do not - # have to access globale variables - # in shared libraries through functions - $def .= - "#INFO:" - .join(',',"!EXPORT_VAR_AS_FUNCTION",@current_platforms).":" - .join(',',@current_algorithms).";"; - $def .= "OPENSSL_EXTERN int $2_it;"; - $def .= - "#INFO:" - .join(',',@current_platforms).":" - .join(',',@current_algorithms).";"; - # Variant for platforms that have to - # access globale variables in shared - # libraries through functions - &$make_variant("$2_it","$2_it", - "EXPORT_VAR_AS_FUNCTION", - "FUNCTION"); - next; - } elsif (/^\s*DECLARE_ASN1_FUNCTIONS_fname\s*\(\s*(\w*)\s*,\s*(\w*)\s*,\s*(\w*)\s*\)/) { - $def .= "int d2i_$3(void);"; - $def .= "int i2d_$3(void);"; - $def .= "int $3_free(void);"; - $def .= "int $3_new(void);"; - # Variant for platforms that do not - # have to access globale variables - # in shared libraries through functions - $def .= - "#INFO:" - .join(',',"!EXPORT_VAR_AS_FUNCTION",@current_platforms).":" - .join(',',@current_algorithms).";"; - $def .= "OPENSSL_EXTERN int $2_it;"; - $def .= - "#INFO:" - .join(',',@current_platforms).":" - .join(',',@current_algorithms).";"; - # Variant for platforms that have to - # access globale variables in shared - # libraries through functions - &$make_variant("$2_it","$2_it", - "EXPORT_VAR_AS_FUNCTION", - "FUNCTION"); - next; - } elsif (/^\s*DECLARE_ASN1_FUNCTIONS\s*\(\s*(\w*)\s*\)/ || - /^\s*DECLARE_ASN1_FUNCTIONS_const\s*\(\s*(\w*)\s*\)/) { - $def .= "int d2i_$1(void);"; - $def .= "int i2d_$1(void);"; - $def .= "int $1_free(void);"; - $def .= "int $1_new(void);"; - # Variant for platforms that do not - # have to access globale variables - # in shared libraries through functions - $def .= - "#INFO:" - .join(',',"!EXPORT_VAR_AS_FUNCTION",@current_platforms).":" - .join(',',@current_algorithms).";"; - $def .= "OPENSSL_EXTERN int $1_it;"; - $def .= - "#INFO:" - .join(',',@current_platforms).":" - .join(',',@current_algorithms).";"; - # Variant for platforms that have to - # access globale variables in shared - # libraries through functions - &$make_variant("$1_it","$1_it", - "EXPORT_VAR_AS_FUNCTION", - "FUNCTION"); - next; - } elsif (/^\s*DECLARE_ASN1_ENCODE_FUNCTIONS_const\s*\(\s*(\w*)\s*,\s*(\w*)\s*\)/) { - $def .= "int d2i_$2(void);"; - $def .= "int i2d_$2(void);"; - # Variant for platforms that do not - # have to access globale variables - # in shared libraries through functions - $def .= - "#INFO:" - .join(',',"!EXPORT_VAR_AS_FUNCTION",@current_platforms).":" - .join(',',@current_algorithms).";"; - $def .= "OPENSSL_EXTERN int $2_it;"; - $def .= - "#INFO:" - .join(',',@current_platforms).":" - .join(',',@current_algorithms).";"; - # Variant for platforms that have to - # access globale variables in shared - # libraries through functions - &$make_variant("$2_it","$2_it", - "EXPORT_VAR_AS_FUNCTION", - "FUNCTION"); - next; - } elsif (/^\s*DECLARE_ASN1_FUNCTIONS_name\s*\(\s*(\w*)\s*,\s*(\w*)\s*\)/) { - $def .= "int d2i_$2(void);"; - $def .= "int i2d_$2(void);"; - $def .= "int $2_free(void);"; - $def .= "int $2_new(void);"; - # Variant for platforms that do not - # have to access globale variables - # in shared libraries through functions - $def .= - "#INFO:" - .join(',',"!EXPORT_VAR_AS_FUNCTION",@current_platforms).":" - .join(',',@current_algorithms).";"; - $def .= "OPENSSL_EXTERN int $2_it;"; - $def .= - "#INFO:" - .join(',',@current_platforms).":" - .join(',',@current_algorithms).";"; - # Variant for platforms that have to - # access globale variables in shared - # libraries through functions - &$make_variant("$2_it","$2_it", - "EXPORT_VAR_AS_FUNCTION", - "FUNCTION"); - next; - } elsif (/^\s*DECLARE_ASN1_ITEM\s*\(\s*(\w*)\s*\)/) { - # Variant for platforms that do not - # have to access globale variables - # in shared libraries through functions - $def .= - "#INFO:" - .join(',',"!EXPORT_VAR_AS_FUNCTION",@current_platforms).":" - .join(',',@current_algorithms).";"; - $def .= "OPENSSL_EXTERN int $1_it;"; - $def .= - "#INFO:" - .join(',',@current_platforms).":" - .join(',',@current_algorithms).";"; - # Variant for platforms that have to - # access globale variables in shared - # libraries through functions - &$make_variant("$1_it","$1_it", - "EXPORT_VAR_AS_FUNCTION", - "FUNCTION"); - next; - } elsif (/^\s*DECLARE_ASN1_SET_OF\s*\(\s*(\w*)\s*\)/) { - next; - } elsif (/^\s*DECLARE_PKCS12_STACK_OF\s*\(\s*(\w*)\s*\)/) { - next; - } elsif (/^DECLARE_PEM_rw\s*\(\s*(\w*)\s*,/ || - /^DECLARE_PEM_rw_cb\s*\(\s*(\w*)\s*,/ ) { - # Things not in Win16 - $def .= - "#INFO:" - .join(',',"!WIN16",@current_platforms).":" - .join(',',@current_algorithms).";"; - $def .= "int PEM_read_$1(void);"; - $def .= "int PEM_write_$1(void);"; - $def .= - "#INFO:" - .join(',',@current_platforms).":" - .join(',',@current_algorithms).";"; - # Things that are everywhere - $def .= "int PEM_read_bio_$1(void);"; - $def .= "int PEM_write_bio_$1(void);"; - next; - } elsif (/^DECLARE_PEM_write\s*\(\s*(\w*)\s*,/ || - /^DECLARE_PEM_write_cb\s*\(\s*(\w*)\s*,/ ) { - # Things not in Win16 - $def .= - "#INFO:" - .join(',',"!WIN16",@current_platforms).":" - .join(',',@current_algorithms).";"; - $def .= "int PEM_write_$1(void);"; - $def .= - "#INFO:" - .join(',',@current_platforms).":" - .join(',',@current_algorithms).";"; - # Things that are everywhere - $def .= "int PEM_write_bio_$1(void);"; - next; - } elsif (/^DECLARE_PEM_read\s*\(\s*(\w*)\s*,/ || - /^DECLARE_PEM_read_cb\s*\(\s*(\w*)\s*,/ ) { - # Things not in Win16 - $def .= - "#INFO:" - .join(',',"!WIN16",@current_platforms).":" - .join(',',@current_algorithms).";"; - $def .= "int PEM_read_$1(void);"; - $def .= - "#INFO:" - .join(',',@current_platforms).":" - .join(',',@current_algorithms).";"; - # Things that are everywhere - $def .= "int PEM_read_bio_$1(void);"; - next; - } elsif (/^OPENSSL_DECLARE_GLOBAL\s*\(\s*(\w*)\s*,\s*(\w*)\s*\)/) { - # Variant for platforms that do not - # have to access globale variables - # in shared libraries through functions - $def .= - "#INFO:" - .join(',',"!EXPORT_VAR_AS_FUNCTION",@current_platforms).":" - .join(',',@current_algorithms).";"; - $def .= "OPENSSL_EXTERN int _shadow_$2;"; - $def .= - "#INFO:" - .join(',',@current_platforms).":" - .join(',',@current_algorithms).";"; - # Variant for platforms that have to - # access globale variables in shared - # libraries through functions - &$make_variant("_shadow_$2","_shadow_$2", - "EXPORT_VAR_AS_FUNCTION", - "FUNCTION"); - } elsif ($tag{'CONST_STRICT'} != 1) { - if (/\{|\/\*|\([^\)]*$/) { - $line = $_; - } else { - $def .= $_; - } - } - } - } - close(IN); - - my $algs; - my $plays; - - print STDERR "DEBUG: postprocessing ----------\n" if $debug; - foreach (split /;/, $def) { - my $s; my $k = "FUNCTION"; my $p; my $a; - s/^[\n\s]*//g; - s/[\n\s]*$//g; - next if(/\#undef/); - next if(/typedef\W/); - next if(/\#define/); - - print STDERR "DEBUG: \$_ = \"$_\"\n" if $debug; - if (/^\#INFO:([^:]*):(.*)$/) { - $plats = $1; - $algs = $2; - print STDERR "DEBUG: found info on platforms ($plats) and algorithms ($algs)\n" if $debug; - next; - } elsif (/^\s*OPENSSL_EXTERN\s.*?(\w+(\{[0-9]+\})?)(\[[0-9]*\])*\s*$/) { - $s = $1; - $k = "VARIABLE"; - print STDERR "DEBUG: found external variable $s\n" if $debug; - } elsif (/\(\*(\w*(\{[0-9]+\})?)\([^\)]+/) { - $s = $1; - print STDERR "DEBUG: found ANSI C function $s\n" if $debug; - } elsif (/\w+\W+(\w+)\W*\(\s*\)$/s) { - # K&R C - print STDERR "DEBUG: found K&R C function $s\n" if $debug; - next; - } elsif (/\w+\W+\w+(\{[0-9]+\})?\W*\(.*\)$/s) { - while (not /\(\)$/s) { - s/[^\(\)]*\)$/\)/s; - s/\([^\(\)]*\)\)$/\)/s; - } - s/\(void\)//; - /(\w+(\{[0-9]+\})?)\W*\(\)/s; - $s = $1; - print STDERR "DEBUG: found function $s\n" if $debug; - } elsif (/\(/ and not (/=/)) { - print STDERR "File $file: cannot parse: $_;\n"; - next; - } else { - next; - } - - $syms{$s} = 1; - $kind{$s} = $k; - - $p = $plats; - $a = $algs; - $a .= ",BF" if($s =~ /EVP_bf/); - $a .= ",CAST" if($s =~ /EVP_cast/); - $a .= ",DES" if($s =~ /EVP_des/); - $a .= ",DSA" if($s =~ /EVP_dss/); - $a .= ",IDEA" if($s =~ /EVP_idea/); - $a .= ",MD2" if($s =~ /EVP_md2/); - $a .= ",MD4" if($s =~ /EVP_md4/); - $a .= ",MD5" if($s =~ /EVP_md5/); - $a .= ",RC2" if($s =~ /EVP_rc2/); - $a .= ",RC4" if($s =~ /EVP_rc4/); - $a .= ",RC5" if($s =~ /EVP_rc5/); - $a .= ",RIPEMD" if($s =~ /EVP_ripemd/); - $a .= ",SHA" if($s =~ /EVP_sha/); - $a .= ",RSA" if($s =~ /EVP_(Open|Seal)(Final|Init)/); - $a .= ",RSA" if($s =~ /PEM_Seal(Final|Init|Update)/); - $a .= ",RSA" if($s =~ /RSAPrivateKey/); - $a .= ",RSA" if($s =~ /SSLv23?_((client|server)_)?method/); - - $platform{$s} = - &reduce_platforms((defined($platform{$s})?$platform{$s}.',':"").$p); - $algorithm{$s} .= ','.$a; - - if (defined($variant{$s})) { - foreach $v (split /;/,$variant{$s}) { - (my $r, my $p, my $k) = split(/:/,$v); - my $ip = join ',',map({ /^!(.*)$/ ? $1 : "!".$_ } split /,/, $p); - $syms{$r} = 1; - if (!defined($k)) { $k = $kind{$s}; } - $kind{$r} = $k."(".$s.")"; - $algorithm{$r} = $algorithm{$s}; - $platform{$r} = &reduce_platforms($platform{$s}.",".$p.",".$p); - $platform{$s} = &reduce_platforms($platform{$s}.','.$ip.','.$ip); - print STDERR "DEBUG: \$variant{\"$s\"} = ",$v,"; \$r = $r; \$p = ",$platform{$r},"; \$a = ",$algorithm{$r},"; \$kind = ",$kind{$r},"\n" if $debug; - } - } - print STDERR "DEBUG: \$s = $s; \$p = ",$platform{$s},"; \$a = ",$algorithm{$s},"; \$kind = ",$kind{$s},"\n" if $debug; - } - } - - # Prune the returned symbols - - delete $syms{"bn_dump1"}; - $platform{"BIO_s_log"} .= ",!WIN32,!WIN16,!macintosh"; - - $platform{"PEM_read_NS_CERT_SEQ"} = "VMS"; - $platform{"PEM_write_NS_CERT_SEQ"} = "VMS"; - $platform{"PEM_read_P8_PRIV_KEY_INFO"} = "VMS"; - $platform{"PEM_write_P8_PRIV_KEY_INFO"} = "VMS"; - - # Info we know about - - push @ret, map { $_."\\".&info_string($_,"EXIST", - $platform{$_}, - $kind{$_}, - $algorithm{$_}) } keys %syms; - - if (keys %unknown_algorithms) { - print STDERR "WARNING: mkdef.pl doesn't know the following algorithms:\n"; - print STDERR "\t",join("\n\t",keys %unknown_algorithms),"\n"; - } - return(@ret); -} - -# Param: string of comma-separated platform-specs. -sub reduce_platforms -{ - my ($platforms) = @_; - my $pl = defined($platforms) ? $platforms : ""; - my %p = map { $_ => 0 } split /,/, $pl; - my $ret; - - print STDERR "DEBUG: Entered reduce_platforms with \"$platforms\"\n" - if $debug; - # We do this, because if there's code like the following, it really - # means the function exists in all cases and should therefore be - # everywhere. By increasing and decreasing, we may attain 0: - # - # ifndef WIN16 - # int foo(); - # else - # int _fat foo(); - # endif - foreach $platform (split /,/, $pl) { - if ($platform =~ /^!(.*)$/) { - $p{$1}--; - } else { - $p{$platform}++; - } - } - foreach $platform (keys %p) { - if ($p{$platform} == 0) { delete $p{$platform}; } - } - - delete $p{""}; - - $ret = join(',',sort(map { $p{$_} < 0 ? "!".$_ : $_ } keys %p)); - print STDERR "DEBUG: Exiting reduce_platforms with \"$ret\"\n" - if $debug; - return $ret; -} - -sub info_string { - (my $symbol, my $exist, my $platforms, my $kind, my $algorithms) = @_; - - my %a = defined($algorithms) ? - map { $_ => 1 } split /,/, $algorithms : (); - my $k = defined($kind) ? $kind : "FUNCTION"; - my $ret; - my $p = &reduce_platforms($platforms); - - delete $a{""}; - - $ret = $exist; - $ret .= ":".$p; - $ret .= ":".$k; - $ret .= ":".join(',',sort keys %a); - return $ret; -} - -sub maybe_add_info { - (my $name, *nums, my @symbols) = @_; - my $sym; - my $new_info = 0; - my %syms=(); - - print STDERR "Updating $name info\n"; - foreach $sym (@symbols) { - (my $s, my $i) = split /\\/, $sym; - if (defined($nums{$s})) { - $i =~ s/^(.*?:.*?:\w+)(\(\w+\))?/$1/; - (my $n, my $dummy) = split /\\/, $nums{$s}; - if (!defined($dummy) || $i ne $dummy) { - $nums{$s} = $n."\\".$i; - $new_info++; - print STDERR "DEBUG: maybe_add_info for $s: \"$dummy\" => \"$i\"\n" if $debug; - } - } - $syms{$s} = 1; - } - - my @s=sort { &parse_number($nums{$a},"n") <=> &parse_number($nums{$b},"n") } keys %nums; - foreach $sym (@s) { - (my $n, my $i) = split /\\/, $nums{$sym}; - if (!defined($syms{$sym}) && $i !~ /^NOEXIST:/) { - $new_info++; - print STDERR "DEBUG: maybe_add_info for $sym: -> undefined\n" if $debug; - } - } - if ($new_info) { - print STDERR "$new_info old symbols got an info update\n"; - if (!$do_rewrite) { - print STDERR "You should do a rewrite to fix this.\n"; - } - } else { - print STDERR "No old symbols needed info update\n"; - } -} - -# Param: string of comma-separated keywords, each possibly prefixed with a "!" -sub is_valid -{ - my ($keywords_txt,$platforms) = @_; - my (@keywords) = split /,/,$keywords_txt; - my ($falsesum, $truesum) = (0, !grep(/^[^!]/,@keywords)); - - # Param: one keyword - sub recognise - { - my ($keyword,$platforms) = @_; - - if ($platforms) { - # platforms - if ($keyword eq "VMS" && $VMS) { return 1; } - if ($keyword eq "WIN32" && $W32) { return 1; } - if ($keyword eq "WIN16" && $W16) { return 1; } - if ($keyword eq "WINNT" && $NT) { return 1; } - # Special platforms: - # EXPORT_VAR_AS_FUNCTION means that global variables - # will be represented as functions. This currently - # only happens on VMS-VAX. - if ($keyword eq "EXPORT_VAR_AS_FUNCTION" && ($VMSVAX || $W32 || $W16)) { - return 1; - } - return 0; - } else { - # algorithms - if ($keyword eq "RC2" && $no_rc2) { return 0; } - if ($keyword eq "RC4" && $no_rc4) { return 0; } - if ($keyword eq "RC5" && $no_rc5) { return 0; } - if ($keyword eq "IDEA" && $no_idea) { return 0; } - if ($keyword eq "DES" && $no_des) { return 0; } - if ($keyword eq "BF" && $no_bf) { return 0; } - if ($keyword eq "CAST" && $no_cast) { return 0; } - if ($keyword eq "MD2" && $no_md2) { return 0; } - if ($keyword eq "MD4" && $no_md4) { return 0; } - if ($keyword eq "MD5" && $no_md5) { return 0; } - if ($keyword eq "SHA" && $no_sha) { return 0; } - if ($keyword eq "RIPEMD" && $no_ripemd) { return 0; } - if ($keyword eq "MDC2" && $no_mdc2) { return 0; } - if ($keyword eq "RSA" && $no_rsa) { return 0; } - if ($keyword eq "DSA" && $no_dsa) { return 0; } - if ($keyword eq "DH" && $no_dh) { return 0; } - if ($keyword eq "EC" && $no_ec) { return 0; } - if ($keyword eq "HMAC" && $no_hmac) { return 0; } - if ($keyword eq "AES" && $no_aes) { return 0; } - if ($keyword eq "EVP" && $no_evp) { return 0; } - if ($keyword eq "LHASH" && $no_lhash) { return 0; } - if ($keyword eq "STACK" && $no_stack) { return 0; } - if ($keyword eq "ERR" && $no_err) { return 0; } - if ($keyword eq "BUFFER" && $no_buffer) { return 0; } - if ($keyword eq "BIO" && $no_bio) { return 0; } - if ($keyword eq "COMP" && $no_comp) { return 0; } - if ($keyword eq "DSO" && $no_dso) { return 0; } - if ($keyword eq "KRB5" && $no_krb5) { return 0; } - if ($keyword eq "FP_API" && $no_fp_api) { return 0; } - - # Nothing recognise as true - return 1; - } - } - - foreach $k (@keywords) { - if ($k =~ /^!(.*)$/) { - $falsesum += &recognise($1,$platforms); - } else { - $truesum += &recognise($k,$platforms); - } - } - print STDERR "DEBUG: [",$#keywords,",",$#keywords < 0,"] is_valid($keywords_txt) => (\!$falsesum) && $truesum = ",(!$falsesum) && $truesum,"\n" if $debug; - return (!$falsesum) && $truesum; -} - -sub print_test_file -{ - (*OUT,my $name,*nums,my $testall,my @symbols)=@_; - my $n = 1; my @e; my @r; - my $sym; my $prev = ""; my $prefSSLeay; - - (@e)=grep(/^SSLeay(\{[0-9]+\})?\\.*?:.*?:.*/,@symbols); - (@r)=grep(/^\w+(\{[0-9]+\})?\\.*?:.*?:.*/ && !/^SSLeay(\{[0-9]+\})?\\.*?:.*?:.*/,@symbols); - @symbols=((sort @e),(sort @r)); - - foreach $sym (@symbols) { - (my $s, my $i) = $sym =~ /^(.*?)\\(.*)$/; - my $v = 0; - $v = 1 if $i=~ /^.*?:.*?:VARIABLE/; - my $p = ($i =~ /^[^:]*:([^:]*):/,$1); - my $a = ($i =~ /^[^:]*:[^:]*:[^:]*:([^:]*)/,$1); - if (!defined($nums{$s})) { - print STDERR "Warning: $s does not have a number assigned\n" - if(!$do_update); - } elsif (is_valid($p,1) && is_valid($a,0)) { - my $s2 = ($s =~ /^(.*?)(\{[0-9]+\})?$/, $1); - if ($prev eq $s2) { - print OUT "\t/* The following has already appeared previously */\n"; - print STDERR "Warning: Symbol '",$s2,"' redefined. old=",($nums{$prev} =~ /^(.*?)\\/,$1),", new=",($nums{$s2} =~ /^(.*?)\\/,$1),"\n"; - } - $prev = $s2; # To warn about duplicates... - - ($nn,$ni)=($nums{$s2} =~ /^(.*?)\\(.*)$/); - if ($v) { - print OUT "\textern int $s2; /* type unknown */ /* $nn $ni */\n"; - } else { - print OUT "\textern int $s2(); /* type unknown */ /* $nn $ni */\n"; - } - } - } -} - -sub print_def_file -{ - (*OUT,my $name,*nums,my @symbols)=@_; - my $n = 1; my @e; my @r; my @v; my $prev=""; - - if ($W32) - { $name.="32"; } - else - { $name.="16"; } - - print OUT <<"EOF"; -; -; Definition file for the DLL version of the $name library from OpenSSL -; - -LIBRARY $name - -DESCRIPTION 'OpenSSL $name - http://www.openssl.org/' - -EOF - - if (!$W32) { - print <<"EOF"; -CODE PRELOAD MOVEABLE -DATA PRELOAD MOVEABLE SINGLE - -EXETYPE WINDOWS - -HEAPSIZE 4096 -STACKSIZE 8192 - -EOF - } - - print "EXPORTS\n"; - - (@e)=grep(/^SSLeay(\{[0-9]+\})?\\.*?:.*?:FUNCTION/,@symbols); - (@r)=grep(/^\w+(\{[0-9]+\})?\\.*?:.*?:FUNCTION/ && !/^SSLeay(\{[0-9]+\})?\\.*?:.*?:FUNCTION/,@symbols); - (@v)=grep(/^\w+(\{[0-9]+\})?\\.*?:.*?:VARIABLE/,@symbols); - @symbols=((sort @e),(sort @r), (sort @v)); - - - foreach $sym (@symbols) { - (my $s, my $i) = $sym =~ /^(.*?)\\(.*)$/; - my $v = 0; - $v = 1 if $i =~ /^.*?:.*?:VARIABLE/; - if (!defined($nums{$s})) { - printf STDERR "Warning: $s does not have a number assigned\n" - if(!$do_update); - } else { - (my $n, my $dummy) = split /\\/, $nums{$s}; - my %pf = (); - my $p = ($i =~ /^[^:]*:([^:]*):/,$1); - my $a = ($i =~ /^[^:]*:[^:]*:[^:]*:([^:]*)/,$1); - if (is_valid($p,1) && is_valid($a,0)) { - my $s2 = ($s =~ /^(.*?)(\{[0-9]+\})?$/, $1); - if ($prev eq $s2) { - print STDERR "Warning: Symbol '",$s2,"' redefined. old=",($nums{$prev} =~ /^(.*?)\\/,$1),", new=",($nums{$s2} =~ /^(.*?)\\/,$1),"\n"; - } - $prev = $s2; # To warn about duplicates... - if($v) { - printf OUT " %s%-39s @%-8d DATA\n",($W32)?"":"_",$s2,$n; - } else { - printf OUT " %s%-39s @%d\n",($W32)?"":"_",$s2,$n; - } - } - } - } - printf OUT "\n"; -} - -sub load_numbers -{ - my($name)=@_; - my(@a,%ret); - - $max_num = 0; - $num_noinfo = 0; - $prev = ""; - $prev_cnt = 0; - - open(IN,"<$name") || die "unable to open $name:$!\n"; - while () { - chop; - s/#.*$//; - next if /^\s*$/; - @a=split; - if (defined $ret{$a[0]}) { - # This is actually perfectly OK - #print STDERR "Warning: Symbol '",$a[0],"' redefined. old=",$ret{$a[0]},", new=",$a[1],"\n"; - } - if ($max_num > $a[1]) { - print STDERR "Warning: Number decreased from ",$max_num," to ",$a[1],"\n"; - } - elsif ($max_num == $a[1]) { - # This is actually perfectly OK - #print STDERR "Warning: Symbol ",$a[0]," has same number as previous ",$prev,": ",$a[1],"\n"; - if ($a[0] eq $prev) { - $prev_cnt++; - $a[0] .= "{$prev_cnt}"; - } - } - else { - $prev_cnt = 0; - } - if ($#a < 2) { - # Existence will be proven later, in do_defs - $ret{$a[0]}=$a[1]; - $num_noinfo++; - } else { - $ret{$a[0]}=$a[1]."\\".$a[2]; # \\ is a special marker - } - $max_num = $a[1] if $a[1] > $max_num; - $prev=$a[0]; - } - if ($num_noinfo) { - print STDERR "Warning: $num_noinfo symbols were without info."; - if ($do_rewrite) { - printf STDERR " The rewrite will fix this.\n"; - } else { - printf STDERR " You should do a rewrite to fix this.\n"; - } - } - close(IN); - return(%ret); -} - -sub parse_number -{ - (my $str, my $what) = @_; - (my $n, my $i) = split(/\\/,$str); - if ($what eq "n") { - return $n; - } else { - return $i; - } -} - -sub rewrite_numbers -{ - (*OUT,$name,*nums,@symbols)=@_; - my $thing; - - print STDERR "Rewriting $name\n"; - - my @r = grep(/^\w+(\{[0-9]+\})?\\.*?:.*?:\w+\(\w+\)/,@symbols); - my $r; my %r; my %rsyms; - foreach $r (@r) { - (my $s, my $i) = split /\\/, $r; - my $a = $1 if $i =~ /^.*?:.*?:\w+\((\w+)\)/; - $i =~ s/^(.*?:.*?:\w+)\(\w+\)/$1/; - $r{$a} = $s."\\".$i; - $rsyms{$s} = 1; - } - - my %syms = (); - foreach $_ (@symbols) { - (my $n, my $i) = split /\\/; - $syms{$n} = 1; - } - - my @s=sort { - &parse_number($nums{$a},"n") <=> &parse_number($nums{$b},"n") - || $a cmp $b - } keys %nums; - foreach $sym (@s) { - (my $n, my $i) = split /\\/, $nums{$sym}; - next if defined($i) && $i =~ /^.*?:.*?:\w+\(\w+\)/; - next if defined($rsyms{$sym}); - print STDERR "DEBUG: rewrite_numbers for sym = ",$sym,": i = ",$i,", n = ",$n,", rsym{sym} = ",$rsyms{$sym},"syms{sym} = ",$syms{$sym},"\n" if $debug; - $i="NOEXIST::FUNCTION:" - if !defined($i) || $i eq "" || !defined($syms{$sym}); - my $s2 = $sym; - $s2 =~ s/\{[0-9]+\}$//; - printf OUT "%s%-39s %d\t%s\n","",$s2,$n,$i; - if (exists $r{$sym}) { - (my $s, $i) = split /\\/,$r{$sym}; - my $s2 = $s; - $s2 =~ s/\{[0-9]+\}$//; - printf OUT "%s%-39s %d\t%s\n","",$s2,$n,$i; - } - } -} - -sub update_numbers -{ - (*OUT,$name,*nums,my $start_num, my @symbols)=@_; - my $new_syms = 0; - - print STDERR "Updating $name numbers\n"; - - my @r = grep(/^\w+(\{[0-9]+\})?\\.*?:.*?:\w+\(\w+\)/,@symbols); - my $r; my %r; my %rsyms; - foreach $r (@r) { - (my $s, my $i) = split /\\/, $r; - my $a = $1 if $i =~ /^.*?:.*?:\w+\((\w+)\)/; - $i =~ s/^(.*?:.*?:\w+)\(\w+\)/$1/; - $r{$a} = $s."\\".$i; - $rsyms{$s} = 1; - } - - foreach $sym (@symbols) { - (my $s, my $i) = $sym =~ /^(.*?)\\(.*)$/; - next if $i =~ /^.*?:.*?:\w+\(\w+\)/; - next if defined($rsyms{$sym}); - die "ERROR: Symbol $sym had no info attached to it." - if $i eq ""; - if (!exists $nums{$s}) { - $new_syms++; - my $s2 = $s; - $s2 =~ s/\{[0-9]+\}$//; - printf OUT "%s%-39s %d\t%s\n","",$s2, ++$start_num,$i; - if (exists $r{$s}) { - ($s, $i) = split /\\/,$r{$s}; - $s =~ s/\{[0-9]+\}$//; - printf OUT "%s%-39s %d\t%s\n","",$s, $start_num,$i; - } - } - } - if($new_syms) { - print STDERR "$new_syms New symbols added\n"; - } else { - print STDERR "No New symbols Added\n"; - } -} - -sub check_existing -{ - (*nums, my @symbols)=@_; - my %existing; my @remaining; - @remaining=(); - foreach $sym (@symbols) { - (my $s, my $i) = $sym =~ /^(.*?)\\(.*)$/; - $existing{$s}=1; - } - foreach $sym (keys %nums) { - if (!exists $existing{$sym}) { - push @remaining, $sym; - } - } - if(@remaining) { - print STDERR "The following symbols do not seem to exist:\n"; - foreach $sym (@remaining) { - print STDERR "\t",$sym,"\n"; - } - } -} - diff --git a/src/lib/libcrypto/util/mkdir-p.pl b/src/lib/libcrypto/util/mkdir-p.pl deleted file mode 100644 index 6c69c2daa4d..00000000000 --- a/src/lib/libcrypto/util/mkdir-p.pl +++ /dev/null @@ -1,33 +0,0 @@ -#!/usr/local/bin/perl - -# mkdir-p.pl - -# On some systems, the -p option to mkdir (= also create any missing parent -# directories) is not available. - -my $arg; - -foreach $arg (@ARGV) { - &do_mkdir_p($arg); -} - - -sub do_mkdir_p { - local($dir) = @_; - - $dir =~ s|/*\Z(?!\n)||s; - - if (-d $dir) { - return; - } - - if ($dir =~ m|[^/]/|s) { - local($parent) = $dir; - $parent =~ s|[^/]*\Z(?!\n)||s; - - do_mkdir_p($parent); - } - - mkdir($dir, 0777) || die "Cannot create directory $dir: $!\n"; - print "created directory `$dir'\n"; -} diff --git a/src/lib/libcrypto/util/mkerr.pl b/src/lib/libcrypto/util/mkerr.pl index 4105047b217..aec401c7731 100644 --- a/src/lib/libcrypto/util/mkerr.pl +++ b/src/lib/libcrypto/util/mkerr.pl @@ -1,6 +1,7 @@ #!/usr/local/bin/perl -w my $config = "crypto/err/openssl.ec"; +my $hprefix = "openssl/"; my $debug = 0; my $rebuild = 0; my $static = 1; @@ -9,11 +10,19 @@ my $dowrite = 0; my $staticloader = ""; +my $pack_errcode; +my $load_errcode; + +my $errcount; + while (@ARGV) { my $arg = $ARGV[0]; if($arg eq "-conf") { shift @ARGV; $config = shift @ARGV; + } elsif($arg eq "-hprefix") { + shift @ARGV; + $hprefix = shift @ARGV; } elsif($arg eq "-debug") { $debug = 1; shift @ARGV; @@ -35,6 +44,71 @@ } elsif($arg eq "-write") { $dowrite = 1; shift @ARGV; + } elsif($arg eq "-help" || $arg eq "-h" || $arg eq "-?" || $arg eq "--help") { + print STDERR <<"EOF"; +mkerr.pl [options] ... + +Options: + + -conf F Use the config file F instead of the default one: + crypto/err/openssl.ec + + -hprefix P Prepend the filenames in generated #include

+ statements with prefix P. Default: 'openssl/' (without + the quotes, naturally) + + -debug Turn on debugging verbose output on stderr. + + -rebuild Rebuild all header and C source files, irrespective of the + fact if any error or function codes have been added/removed. + Default: only update files for libraries which saw change + (of course, this requires '-write' as well, or no + files will be touched!) + + -recurse scan a preconfigured set of directories / files for error and + function codes: + (, , , ) + When this option is NOT specified, the filelist is taken from + the commandline instead. Here, wildcards may be embedded. (Be + sure to escape those to prevent the shell from expanding them + for you when you wish mkerr.pl to do so instead.) + Default: take file list to scan from the command line. + + -reindex Discard the numeric values previously assigned to the error + and function codes as extracted from the scanned header files; + instead renumber all of them starting from 100. (Note that + the numbers assigned through 'R' records in the config file + remain intact.) + Default: keep previously assigned numbers. (You are warned + when collisions are detected.) + + -nostatic Generates a different source code, where these additional + functions are generated for each library specified in the + config file: + void ERR_load__strings(void); + void ERR_unload__strings(void); + void ERR__error(int f, int r, char *fn, int ln); + #define err(f,r) ERR__error(f,r,__FILE__,__LINE__) + while the code facilitates the use of these in an environment + where the error support routines are dynamically loaded at + runtime. + Default: 'static' code generation. + + -staticloader Prefix generated functions with the 'static' scope modifier. + Default: don't write any scope modifier prefix. + + -write Actually (over)write the generated code to the header and C + source files as assigned to each library through the config + file. + Default: don't write. + + -help / -h / -? / --help Show this help text. + + ... Additional arguments are added to the file list to scan, + assuming '-recurse' was NOT specified on the command line. + +EOF + exit 1; } else { last; } @@ -60,8 +134,10 @@ $cskip{$3} = $1; if($3 ne "NONE") { $csrc{$1} = $3; - $fmax{$1} = 99; - $rmax{$1} = 99; + $fmax{$1} = 100; + $rmax{$1} = 100; + $fassigned{$1} = ":"; + $rassigned{$1} = ":"; $fnew{$1} = 0; $rnew{$1} = 0; } @@ -100,15 +176,24 @@ next; } - $cpp = 1 if /^#.*ifdef.*cplusplus/; # skip "C" declaration + if(/\/\*/) { + if (not /\*\//) { # multiline comment... + $line = $_; # ... just accumulate + next; + } else { + s/\/\*.*?\*\///gs; # wipe it + } + } + if ($cpp) { - $cpp = 0 if /^#.*endif/; + $cpp++ if /^#\s*if/; + $cpp-- if /^#\s*endif/; next; } + $cpp = 1 if /^#.*ifdef.*cplusplus/; # skip "C" declaration next if (/^\#/); # skip preprocessor directives - s/\/\*.*?\*\///gs; # ignore comments s/{[^{}]*}//gs; # ignore {} blocks if (/\{|\/\*/) { # Add a } so editor works... @@ -121,31 +206,37 @@ print STDERR " \r" if $debug; $defnr = 0; + # Delete any DECLARE_ macros + $def =~ s/DECLARE_\w+\([\w,\s]+\)//gs; foreach (split /;/, $def) { $defnr++; print STDERR "def: $defnr\r" if $debug; + # The goal is to collect function names from function declarations. + s/^[\n\s]*//g; s/[\n\s]*$//g; - next if(/typedef\W/); - if (/\(\*(\w*)\([^\)]+/) { - my $name = $1; - $name =~ tr/[a-z]/[A-Z]/; - $ftrans{$name} = $1; - } elsif (/\w+\W+(\w+)\W*\(\s*\)$/s){ - # K&R C - next ; - } elsif (/\w+\W+\w+\W*\(.*\)$/s) { - while (not /\(\)$/s) { - s/[^\(\)]*\)$/\)/s; - s/\([^\(\)]*\)\)$/\)/s; - } - s/\(void\)//; - /(\w+)\W*\(\)/s; - my $name = $1; + + # Skip over recognized non-function declarations + next if(/typedef\W/ or /DECLARE_STACK_OF/ or /TYPEDEF_.*_OF/); + + # Remove STACK_OF(foo) + s/STACK_OF\(\w+\)/void/; + + # Reduce argument lists to empty () + # fold round brackets recursively: (t(*v)(t),t) -> (t{}{},t) -> {} + while(/\(.*\)/s) { + s/\([^\(\)]+\)/\{\}/gs; + s/\(\s*\*\s*(\w+)\s*\{\}\s*\)/$1/gs; #(*f{}) -> f + } + # pretend as we didn't use curly braces: {} -> () + s/\{\}/\(\)/gs; + + if (/(\w+)\s*\(\).*/s) { # first token prior [first] () is + my $name = $1; # a function name! $name =~ tr/[a-z]/[A-Z]/; $ftrans{$name} = $1; - } elsif (/\(/ and not (/=/ or /DECLARE_STACK/)) { + } elsif (/[\(\)]/ and not (/=/)) { print STDERR "Header $hdr: cannot parse: $_;\n"; } } @@ -158,7 +249,7 @@ # maximum code used. if ($gotfile) { - while() { + while() { if(/^\#define\s+(\S+)\s+(\S+)/) { $name = $1; $code = $2; @@ -169,18 +260,52 @@ } if($1 eq "R") { $rcodes{$name} = $code; + if ($rassigned{$lib} =~ /:$code:/) { + print STDERR "!! ERROR: $lib reason code $code assigned twice (collision at $name)\n"; + ++$errcount; + } + $rassigned{$lib} .= "$code:"; if(!(exists $rextra{$name}) && ($code > $rmax{$lib}) ) { $rmax{$lib} = $code; } } else { + if ($fassigned{$lib} =~ /:$code:/) { + print STDERR "!! ERROR: $lib function code $code assigned twice (collision at $name)\n"; + ++$errcount; + } + $fassigned{$lib} .= "$code:"; if($code > $fmax{$lib}) { $fmax{$lib} = $code; } $fcodes{$name} = $code; } } - } + } + } + + if ($debug) { + if (defined($fmax{$lib})) { + print STDERR "Max function code fmax" . "{" . "$lib" . "} = $fmax{$lib}\n"; + $fassigned{$lib} =~ m/^:(.*):$/; + @fassigned = sort {$a <=> $b} split(":", $1); + print STDERR " @fassigned\n"; + } + if (defined($rmax{$lib})) { + print STDERR "Max reason code rmax" . "{" . "$lib" . "} = $rmax{$lib}\n"; + $rassigned{$lib} =~ m/^:(.*):$/; + @rassigned = sort {$a <=> $b} split(":", $1); + print STDERR " @rassigned\n"; + } + } + + if ($lib eq "SSL") { + if ($rmax{$lib} >= 1000) { + print STDERR "!! ERROR: SSL error codes 1000+ are reserved for alerts.\n"; + print STDERR "!! Any new alerts must be added to $config.\n"; + ++$errcount; + print STDERR "\n"; + } } close IN; } @@ -197,13 +322,15 @@ # so all those unreferenced can be printed out. -print STDERR "Files loaded: " if $debug; foreach $file (@source) { # Don't parse the error source file. next if exists $cskip{$file}; - print STDERR $file if $debug; + print STDERR "File loaded: ".$file."\r" if $debug; open(IN, "<$file") || die "Can't open source file $file\n"; while() { + # skip obsoleted source files entirely! + last if(/^#error\s+obsolete/); + if(/(([A-Z0-9]+)_F_([A-Z0-9_]+))/) { next unless exists $csrc{$2}; next if($1 eq "BIO_F_BUFFER_CTX"); @@ -213,6 +340,7 @@ $fnew{$2}++; } $notrans{$1} = 1 unless exists $ftrans{$3}; + print STDERR "Function: $1\t= $fcodes{$1} (lib: $2, name: $3)\n" if $debug; } if(/(([A-Z0-9]+)_R_[A-Z0-9_]+)/) { next unless exists $csrc{$2}; @@ -221,11 +349,12 @@ $rcodes{$1} = "X"; $rnew{$2}++; } + print STDERR "Reason: $1\t= $rcodes{$1} (lib: $2)\n" if $debug; } } close IN; } -print STDERR "\n" if $debug; +print STDERR " \n" if $debug; # Now process each library in turn. @@ -262,7 +391,7 @@ } else { push @out, "/* ====================================================================\n", -" * Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved.\n", +" * Copyright (c) 2001-2011 The OpenSSL Project. All rights reserved.\n", " *\n", " * Redistribution and use in source and binary forms, with or without\n", " * modification, are permitted provided that the following conditions\n", @@ -318,6 +447,10 @@ "#ifndef HEADER_${lib}_ERR_H\n", "#define HEADER_${lib}_ERR_H\n", "\n", +"#ifdef __cplusplus\n", +"extern \"C\" {\n", +"#endif\n", +"\n", "/* BEGIN ERROR CODES */\n"; } open (OUT, ">$hfile") || die "Can't Open File $hfile for writing\n"; @@ -352,7 +485,16 @@ foreach $i (@function) { $z=6-int(length($i)/8); if($fcodes{$i} eq "X") { - $fcodes{$i} = ++$fmax{$lib}; + $fassigned{$lib} =~ m/^:([^:]*):/; + $findcode = $1; + if (!defined($findcode)) { + $findcode = $fmax{$lib}; + } + while ($fassigned{$lib} =~ m/:$findcode:/) { + $findcode++; + } + $fcodes{$i} = $findcode; + $fassigned{$lib} .= "$findcode:"; print STDERR "New Function code $i\n" if $debug; } printf OUT "#define $i%s $fcodes{$i}\n","\t" x $z; @@ -363,7 +505,16 @@ foreach $i (@reasons) { $z=6-int(length($i)/8); if($rcodes{$i} eq "X") { - $rcodes{$i} = ++$rmax{$lib}; + $rassigned{$lib} =~ m/^:([^:]*):/; + $findcode = $1; + if (!defined($findcode)) { + $findcode = $rmax{$lib}; + } + while ($rassigned{$lib} =~ m/:$findcode:/) { + $findcode++; + } + $rcodes{$i} = $findcode; + $rassigned{$lib} .= "$findcode:"; print STDERR "New Reason code $i\n" if $debug; } printf OUT "#define $i%s $rcodes{$i}\n","\t" x $z; @@ -386,25 +537,46 @@ if (/\b(${lib}_R_\w*)\b.*\"(.*)\"/) { $err_reason_strings{$1} = $2; } + if (/\b${lib}_F_(\w*)\b.*\"(.*)\"/) { + if (!exists $ftrans{$1} && ($1 ne $2)) { + print STDERR "WARNING: Mismatched function string $2\n"; + $ftrans{$1} = $2; + } + } } close(IN); } + my $hincf; if($static) { $hfile =~ /([^\/]+)$/; - $hincf = ""; + $hincf = "<${hprefix}$1>"; } else { $hincf = "\"$hfile\""; } + # If static we know the error code at compile time so use it + # in error definitions. + + if ($static) + { + $pack_errcode = "ERR_LIB_${lib}"; + $load_errcode = "0"; + } + else + { + $pack_errcode = "0"; + $load_errcode = "ERR_LIB_${lib}"; + } + open (OUT,">$cfile") || die "Can't open $cfile for writing"; print OUT <<"EOF"; /* $cfile */ /* ==================================================================== - * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -468,6 +640,10 @@ /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR + +#define ERR_FUNC(func) ERR_PACK($pack_errcode,func,0) +#define ERR_REASON(reason) ERR_PACK($pack_errcode,0,reason) + static ERR_STRING_DATA ${lib}_str_functs[]= { EOF @@ -479,7 +655,8 @@ if(exists $ftrans{$fn}) { $fn = $ftrans{$fn}; } - print OUT "{ERR_PACK(0,$i,0),\t\"$fn\"},\n"; +# print OUT "{ERR_PACK($pack_errcode,$i,0),\t\"$fn\"},\n"; + print OUT "{ERR_FUNC($i),\t\"$fn\"},\n"; } print OUT <<"EOF"; {0,NULL} @@ -491,6 +668,7 @@ # Add each reason code. foreach $i (@reasons) { my $rn; + my $rstr = "ERR_REASON($i)"; my $nspc = 0; if (exists $err_reason_strings{$i}) { $rn = $err_reason_strings{$i}; @@ -499,9 +677,9 @@ $rn = $1; $rn =~ tr/_[A-Z]/ [a-z]/; } - $nspc = 40 - length($i) unless length($i) > 40; + $nspc = 40 - length($rstr) unless length($rstr) > 40; $nspc = " " x $nspc; - print OUT "{${i}${nspc},\"$rn\"},\n"; + print OUT "{${rstr}${nspc},\"$rn\"},\n"; } if($static) { print OUT <<"EOF"; @@ -512,17 +690,14 @@ ${staticloader}void ERR_load_${lib}_strings(void) { - static int init=1; - - if (init) - { - init=0; #ifndef OPENSSL_NO_ERR - ERR_load_strings(ERR_LIB_${lib},${lib}_str_functs); - ERR_load_strings(ERR_LIB_${lib},${lib}_str_reasons); -#endif + if (ERR_func_error_string(${lib}_str_functs[0].error) == NULL) + { + ERR_load_strings($load_errcode,${lib}_str_functs); + ERR_load_strings($load_errcode,${lib}_str_reasons); } +#endif } EOF } else { @@ -594,7 +769,7 @@ undef %err_reason_strings; } -if($debug && defined(%notrans)) { +if($debug && %notrans) { print STDERR "The following function codes were not translated:\n"; foreach(sort keys %notrans) { @@ -627,3 +802,9 @@ print STDERR "$_\n"; } } + +if($errcount) { + print STDERR "There were errors, failing...\n\n"; + exit $errcount; +} + diff --git a/src/lib/libcrypto/util/mkfiles.pl b/src/lib/libcrypto/util/mkfiles.pl deleted file mode 100644 index 29e1404c695..00000000000 --- a/src/lib/libcrypto/util/mkfiles.pl +++ /dev/null @@ -1,117 +0,0 @@ -#!/usr/local/bin/perl -# -# This is a hacked version of files.pl for systems that can't do a 'make files'. -# Do a perl util/mkminfo.pl >MINFO to build MINFO -# Written by Steve Henson 1999. - -# List of directories to process - -my @dirs = ( -".", -"crypto", -"crypto/md2", -"crypto/md4", -"crypto/md5", -"crypto/sha", -"crypto/mdc2", -"crypto/hmac", -"crypto/ripemd", -"crypto/des", -"crypto/rc2", -"crypto/rc4", -"crypto/rc5", -"crypto/idea", -"crypto/bf", -"crypto/cast", -"crypto/aes", -"crypto/bn", -"crypto/rsa", -"crypto/dsa", -"crypto/dso", -"crypto/dh", -"crypto/ec", -"crypto/buffer", -"crypto/bio", -"crypto/stack", -"crypto/lhash", -"crypto/rand", -"crypto/err", -"crypto/objects", -"crypto/evp", -"crypto/asn1", -"crypto/pem", -"crypto/x509", -"crypto/x509v3", -"crypto/conf", -"crypto/txt_db", -"crypto/pkcs7", -"crypto/pkcs12", -"crypto/comp", -"crypto/engine", -"crypto/ocsp", -"crypto/ui", -"crypto/krb5", -"ssl", -"apps", -"test", -"tools" -); - -foreach (@dirs) { - &files_dir ($_, "Makefile.ssl"); -} - -exit(0); - -sub files_dir -{ -my ($dir, $makefile) = @_; - -my %sym; - -open (IN, "$dir/$makefile") || die "Can't open $dir/$makefile"; - -my $s=""; - -while () - { - chop; - s/#.*//; - if (/^(\S+)\s*=\s*(.*)$/) - { - $o=""; - ($s,$b)=($1,$2); - for (;;) - { - if ($b =~ /\\$/) - { - chop($b); - $o.=$b." "; - $b=; - chop($b); - } - else - { - $o.=$b." "; - last; - } - } - $o =~ s/^\s+//; - $o =~ s/\s+$//; - $o =~ s/\s+/ /g; - - $o =~ s/\$[({]([^)}]+)[)}]/$sym{$1}/g; - $sym{$s}=$o; - } - } - -print "RELATIVE_DIRECTORY=$dir\n"; - -foreach (sort keys %sym) - { - print "$_=$sym{$_}\n"; - } -print "RELATIVE_DIRECTORY=\n"; - -close (IN); -} diff --git a/src/lib/libcrypto/util/mklink.pl b/src/lib/libcrypto/util/mklink.pl deleted file mode 100644 index 9e9c9a51467..00000000000 --- a/src/lib/libcrypto/util/mklink.pl +++ /dev/null @@ -1,60 +0,0 @@ -#!/usr/local/bin/perl - -# mklink.pl - -# The first command line argument is a non-empty relative path -# specifying the "from" directory. -# Each other argument is a file name not containing / and -# names a file in the current directory. -# -# For each of these files, we create in the "from" directory a link -# of the same name pointing to the local file. -# -# We assume that the directory structure is a tree, i.e. that it does -# not contain symbolic links and that the parent of / is never referenced. -# Apart from this, this script should be able to handle even the most -# pathological cases. - -my $from = shift; -my @files = @ARGV; - -my @from_path = split(/\//, $from); -my $pwd = `pwd`; -chop($pwd); -my @pwd_path = split(/\//, $pwd); - -my @to_path = (); - -my $dirname; -foreach $dirname (@from_path) { - - # In this loop, @to_path always is a relative path from - # @pwd_path (interpreted is an absolute path) to the original pwd. - - # At the end, @from_path (as a relative path from the original pwd) - # designates the same directory as the absolute path @pwd_path, - # which means that @to_path then is a path from there to the original pwd. - - next if ($dirname eq "" || $dirname eq "."); - - if ($dirname eq "..") { - @to_path = (pop(@pwd_path), @to_path); - } else { - @to_path = ("..", @to_path); - push(@pwd_path, $dirname); - } -} - -my $to = join('/', @to_path); - -my $file; -$symlink_exists=eval {symlink("",""); 1}; -foreach $file (@files) { - my $err = ""; - if ($symlink_exists) { - symlink("$to/$file", "$from/$file") or $err = " [$!]"; - } else { - system ("cp", "$file", "$from/$file") and $err = " [$!]"; - } - print $file . " => $from/$file$err\n"; -} diff --git a/src/lib/libcrypto/util/mkstack.pl b/src/lib/libcrypto/util/mkstack.pl index 085c50f790f..77b0ec49430 100644 --- a/src/lib/libcrypto/util/mkstack.pl +++ b/src/lib/libcrypto/util/mkstack.pl @@ -21,7 +21,7 @@ } -@source = (, , ); +@source = (, , , ); foreach $file (@source) { next if -l $file; @@ -31,11 +31,19 @@ while() { if (/^DECLARE_STACK_OF\(([^)]+)\)/) { push @stacklst, $1; - } if (/^DECLARE_ASN1_SET_OF\(([^)]+)\)/) { + } + if (/^DECLARE_SPECIAL_STACK_OF\(([^,\s]+)\s*,\s*([^>\s]+)\)/) { + push @sstacklst, [$1, $2]; + } + if (/^DECLARE_ASN1_SET_OF\(([^)]+)\)/) { push @asn1setlst, $1; - } if (/^DECLARE_PKCS12_STACK_OF\(([^)]+)\)/) { + } + if (/^DECLARE_PKCS12_STACK_OF\(([^)]+)\)/) { push @p12stklst, $1; } + if (/^DECLARE_LHASH_OF\(([^)]+)\)/) { + push @lhashlst, $1; + } } close(IN); } @@ -65,7 +73,7 @@ foreach $type_thing (sort @stacklst) { $new_stackfile .= <[0]; + my $t2 = $type_thing->[1]; + $new_stackfile .= <; - close(IN); - - if (-d $ARGV[0]) { - $a[0]="#!$ARGV[0]/perl\n"; - } - else { - $a[0]="#!$ARGV[0]\n"; - } - - # Playing it safe... - $new="$_.new"; - open(OUT,">$new") || die "unable to open $dir/$new:$!\n"; - print OUT @a; - close(OUT); - - rename($new,$_) || die "unable to rename $dir/$new:$!\n"; - chmod(0755,$_) || die "unable to chmod $dir/$new:$!\n"; - } diff --git a/src/lib/libcrypto/util/pl/BC-16.pl b/src/lib/libcrypto/util/pl/BC-16.pl deleted file mode 100644 index 2033f524ca5..00000000000 --- a/src/lib/libcrypto/util/pl/BC-16.pl +++ /dev/null @@ -1,146 +0,0 @@ -#!/usr/local/bin/perl -# VCw16lib.pl - the file for Visual C++ 1.52b for windows, static libraries -# - -$o='\\'; -$cp='copy'; -$rm='del'; - -# C compiler stuff -$cc='bcc'; - -if ($debug) - { $op="-v "; } -else { $op="-O "; } - -$cflags="-d -ml $op -DL_ENDIAN"; -# I add the stack opt -$base_lflags="/c /C"; -$lflags="$base_lflags"; - -if ($win16) - { - $shlib=1; - $cflags.=" -DOPENSSL_SYSNAME_WIN16"; - $app_cflag="-W"; - $lib_cflag="-WD"; - $lflags.="/Twe"; - } -else - { - $cflags.=" -DOENSSL_SYSNAME_MSDOS"; - $lflags.=" /Tde"; - } - -if ($shlib) - { - $mlflags=" /Twd $base_lflags"; # stack if defined in .def file - $libs="libw ldllcew"; - $no_asm=1; - } -else - { $mlflags=''; } - -$obj='.obj'; -$ofile="-o"; - -# EXE linking stuff -$link="tlink"; -$efile=""; -$exep='.exe'; -$ex_libs="CL"; -$ex_libs.=$no_sock?"":" winsock.lib"; - -$app_ex_obj="C0L.obj "; -$shlib_ex_obj="" if ($shlib); - -# static library stuff -$mklib='tlib'; -$ranlib='echo no ranlib'; -$plib=""; -$libp=".lib"; -$shlibp=($shlib)?".dll":".lib"; -$lfile=''; - -$asm='bcc -c -B -Tml'; -$afile='/o'; -if ($no_asm) - { - $bn_asm_obj=''; - $bn_asm_src=''; - } -elsif ($asmbits == 32) - { - $bn_asm_obj='crypto\bn\asm\x86w32.obj'; - $bn_asm_src='crypto\bn\asm\x86w32.asm'; - } -else - { - $bn_asm_obj='crypto\bn\asm\x86w16.obj'; - $bn_asm_src='crypto\bn\asm\x86w16.asm'; - } - -sub do_lib_rule - { - local($target,$name,$shlib)=@_; - local($ret,$Name); - - $taget =~ s/\//$o/g if $o ne '/'; - ($Name=$name) =~ tr/a-z/A-Z/; - - $ret.="$target: \$(${Name}OBJ)\n"; - $ret.="\t\$(RM) \$(O_$Name)\n"; - - # Due to a pathetic line length limit, I unwrap the args. - local($lib_names)=""; - local($dll_names)=""; - foreach $_ (sort split(/\s+/,$Vars{"${Name}OBJ"})) - { - $lib_names.=" +$_ &\n"; - $dll_names.=" $_\n"; - } - - if (!$shlib) - { - $ret.="\t\$(MKLIB) $target & <<|\n$lib_names\n,\n|\n"; - } - else - { - local($ex)=($Name eq "SSL")?' $(L_CRYPTO) winsock':""; - $ret.="\t\$(LINK) \$(MLFLAGS) @&&|\n"; - $ret.=$dll_names; - $ret.="\n $target\n\n $ex $libs\nms$o${name}16.def;\n|\n"; - ($out_lib=$target) =~ s/O_/L_/; - $ret.="\timplib /nowep $out_lib $target\n\n"; - } - $ret.="\n"; - return($ret); - } - -sub do_link_rule - { - local($target,$files,$dep_libs,$libs)=@_; - local($ret,$f,$_,@f); - - $file =~ s/\//$o/g if $o ne '/'; - $n=&bname($targer); - $ret.="$target: $files $dep_libs\n"; - $ret.=" \$(LINK) @&&|"; - - # Due to a pathetic line length limit, I have to unwrap the args. - $ret.=" \$(LFLAGS) "; - if ($files =~ /\(([^)]*)\)$/) - { - $ret.=" \$(APP_EX_OBJ)"; - foreach $_ (sort split(/\s+/,$Vars{$1})) - { $ret.="\n $r $_ +"; } - chop($ret); - $ret.="\n"; - } - else - { $ret.="\n $r \$(APP_EX_OBJ) $files\n"; } - $ret.=" $target\n\n $libs\n\n|\n\n"; - return($ret); - } - -1; diff --git a/src/lib/libcrypto/util/pl/BC-32.pl b/src/lib/libcrypto/util/pl/BC-32.pl deleted file mode 100644 index 78d60616a6b..00000000000 --- a/src/lib/libcrypto/util/pl/BC-32.pl +++ /dev/null @@ -1,135 +0,0 @@ -#!/usr/local/bin/perl -# Borland C++ builder 3 and 4 -- Janez Jere -# - -$ssl= "ssleay32"; -$crypto="libeay32"; - -$o='\\'; -$cp='copy'; -$rm='del'; - -# C compiler stuff -$cc='bcc32'; -$lflags="-ap -Tpe -x -Gn "; -$mlflags=''; - -$out_def="out32"; -$tmp_def="tmp32"; -$inc_def="inc32"; -#enable max error messages, disable most common warnings -$cflags="-DWIN32_LEAN_AND_MEAN -q -w-aus -w-par -w-inl -c -tWC -tWM -DOPENSSL_SYSNAME_WIN32 -DL_ENDIAN -DDSO_WIN32 "; -if ($debug) -{ - $cflags.="-Od -y -v -vi- -D_DEBUG"; - $mlflags.=' '; -} -else -{ - $cflags.="-O2 -ff -fp"; -} - -$obj='.obj'; -$ofile="-o"; - -# EXE linking stuff -$link="ilink32"; -$efile=""; -$exep='.exe'; -if ($no_sock) - { $ex_libs=""; } -else { $ex_libs="cw32mt.lib import32.lib"; } - -# static library stuff -$mklib='tlib /P64'; -$ranlib=''; -$plib=""; -$libp=".lib"; -$shlibp=($shlib)?".dll":".lib"; -$lfile=''; - -$shlib_ex_obj=""; -$app_ex_obj="c0x32.obj"; - -$asm='n_o_T_a_s_m'; -$asm.=" /Zi" if $debug; -$afile='/Fo'; - -$bn_mulw_obj=''; -$bn_mulw_src=''; -$des_enc_obj=''; -$des_enc_src=''; -$bf_enc_obj=''; -$bf_enc_src=''; - -if (!$no_asm) - { - $bn_mulw_obj='crypto\bn\asm\bn-win32.obj'; - $bn_mulw_src='crypto\bn\asm\bn-win32.asm'; - $des_enc_obj='crypto\des\asm\d-win32.obj crypto\des\asm\y-win32.obj'; - $des_enc_src='crypto\des\asm\d-win32.asm crypto\des\asm\y-win32.asm'; - $bf_enc_obj='crypto\bf\asm\b-win32.obj'; - $bf_enc_src='crypto\bf\asm\b-win32.asm'; - $cast_enc_obj='crypto\cast\asm\c-win32.obj'; - $cast_enc_src='crypto\cast\asm\c-win32.asm'; - $rc4_enc_obj='crypto\rc4\asm\r4-win32.obj'; - $rc4_enc_src='crypto\rc4\asm\r4-win32.asm'; - $rc5_enc_obj='crypto\rc5\asm\r5-win32.obj'; - $rc5_enc_src='crypto\rc5\asm\r5-win32.asm'; - $md5_asm_obj='crypto\md5\asm\m5-win32.obj'; - $md5_asm_src='crypto\md5\asm\m5-win32.asm'; - $sha1_asm_obj='crypto\sha\asm\s1-win32.obj'; - $sha1_asm_src='crypto\sha\asm\s1-win32.asm'; - $rmd160_asm_obj='crypto\ripemd\asm\rm-win32.obj'; - $rmd160_asm_src='crypto\ripemd\asm\rm-win32.asm'; - $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM"; - } - -if ($shlib) - { - $mlflags.=" $lflags /dll"; -# $cflags =~ s| /MD| /MT|; - $lib_cflag=" /GD -D_WINDLL -D_DLL"; - $out_def="out32dll"; - $tmp_def="tmp32dll"; - } - -sub do_lib_rule - { - local($objs,$target,$name,$shlib)=@_; - local($ret,$Name); - - $taget =~ s/\//$o/g if $o ne '/'; - ($Name=$name) =~ tr/a-z/A-Z/; - -# $target="\$(LIB_D)$o$target"; - $ret.="$target: $objs\n"; - if (!$shlib) - { - # $ret.="\t\$(RM) \$(O_$Name)\n"; - $ret.="\techo LIB $<\n"; - $ret.="\t&\$(MKLIB) $lfile$target -+\$**\n"; - } - else - { - local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':''; - $ex.=' wsock32.lib gdi32.lib'; - $ret.="\t\$(LINK) \$(MLFLAGS) $efile$target /def:ms/${Name}.def @<<\n \$(SHLIB_EX_OBJ) $objs $ex\n<<\n"; - } - $ret.="\n"; - return($ret); - } - -sub do_link_rule - { - local($target,$files,$dep_libs,$libs)=@_; - local($ret,$_); - - $file =~ s/\//$o/g if $o ne '/'; - $n=&bname($targer); - $ret.="$target: $files $dep_libs\n"; - $ret.="\t\$(LINK) \$(LFLAGS) $files \$(APP_EX_OBJ), $target,, $libs\n\n"; - return($ret); - } - -1; diff --git a/src/lib/libcrypto/util/pl/Mingw32.pl b/src/lib/libcrypto/util/pl/Mingw32.pl deleted file mode 100644 index 45ab685974e..00000000000 --- a/src/lib/libcrypto/util/pl/Mingw32.pl +++ /dev/null @@ -1,104 +0,0 @@ -#!/usr/local/bin/perl -# -# Mingw32.pl -- Mingw32 with GNU cp (Mingw32f.pl uses DOS tools) -# - -$o='/'; -$cp='cp'; -$rm='rem'; # use 'rm -f' if using GNU file utilities -$mkdir='gmkdir'; - -# gcc wouldn't accept backslashes in paths -#$o='\\'; -#$cp='copy'; -#$rm='del'; - -# C compiler stuff - -$cc='gcc'; -if ($debug) - { $cflags="-DL_ENDIAN -DDSO_WIN32 -g2 -ggdb"; } -else - { $cflags="-DL_ENDIAN -DDSO_WIN32 -fomit-frame-pointer -O3 -m486 -Wall"; } - -if ($gaswin and !$no_asm) - { - $bn_asm_obj='$(OBJ_D)/bn-win32.o'; - $bn_asm_src='crypto/bn/asm/bn-win32.s'; - $bnco_asm_obj='$(OBJ_D)/co-win32.o'; - $bnco_asm_src='crypto/bn/asm/co-win32.s'; - $des_enc_obj='$(OBJ_D)/d-win32.o $(OBJ_D)/y-win32.o'; - $des_enc_src='crypto/des/asm/d-win32.s crypto/des/asm/y-win32.s'; - $bf_enc_obj='$(OBJ_D)/b-win32.o'; - $bf_enc_src='crypto/bf/asm/b-win32.s'; -# $cast_enc_obj='$(OBJ_D)/c-win32.o'; -# $cast_enc_src='crypto/cast/asm/c-win32.s'; - $rc4_enc_obj='$(OBJ_D)/r4-win32.o'; - $rc4_enc_src='crypto/rc4/asm/r4-win32.s'; - $rc5_enc_obj='$(OBJ_D)/r5-win32.o'; - $rc5_enc_src='crypto/rc5/asm/r5-win32.s'; - $md5_asm_obj='$(OBJ_D)/m5-win32.o'; - $md5_asm_src='crypto/md5/asm/m5-win32.s'; - $rmd160_asm_obj='$(OBJ_D)/rm-win32.o'; - $rmd160_asm_src='crypto/ripemd/asm/rm-win32.s'; - $sha1_asm_obj='$(OBJ_D)/s1-win32.o'; - $sha1_asm_src='crypto/sha/asm/s1-win32.s'; - $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM"; - } - - -$obj='.o'; -$ofile='-o '; - -# EXE linking stuff -$link='${CC}'; -$lflags='${CFLAGS}'; -$efile='-o '; -$exep=''; -$ex_libs="-lwsock32 -lgdi32"; - -# static library stuff -$mklib='ar r'; -$mlflags=''; -$ranlib='ranlib'; -$plib='lib'; -$libp=".a"; -$shlibp=".a"; -$lfile=''; - -$asm='as'; -$afile='-o '; -#$bn_asm_obj=""; -#$bn_asm_src=""; -#$des_enc_obj=""; -#$des_enc_src=""; -#$bf_enc_obj=""; -#$bf_enc_src=""; - -sub do_lib_rule - { - local($obj,$target,$name,$shlib)=@_; - local($ret,$_,$Name); - - $target =~ s/\//$o/g if $o ne '/'; - $target="$target"; - ($Name=$name) =~ tr/a-z/A-Z/; - - $ret.="$target: \$(${Name}OBJ)\n"; - $ret.="\t\$(RM) $target\n"; - $ret.="\t\$(MKLIB) $target \$(${Name}OBJ)\n"; - $ret.="\t\$(RANLIB) $target\n\n"; - } - -sub do_link_rule - { - local($target,$files,$dep_libs,$libs)=@_; - local($ret,$_); - - $file =~ s/\//$o/g if $o ne '/'; - $n=&bname($target); - $ret.="$target: $files $dep_libs\n"; - $ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n\n"; - return($ret); - } -1; diff --git a/src/lib/libcrypto/util/pl/Mingw32f.pl b/src/lib/libcrypto/util/pl/Mingw32f.pl deleted file mode 100644 index 44f5673d7aa..00000000000 --- a/src/lib/libcrypto/util/pl/Mingw32f.pl +++ /dev/null @@ -1,73 +0,0 @@ -#!/usr/local/bin/perl -# -# Mingw32f.pl -- copy files; Mingw32.pl is needed to do the compiling. -# - -$o='\\'; -$cp='copy'; -$rm='del'; - -# C compiler stuff - -$cc='gcc'; -if ($debug) - { $cflags="-g2 -ggdb -DDSO_WIN32"; } -else - { $cflags="-O3 -fomit-frame-pointer -DDSO_WIN32"; } - -$obj='.o'; -$ofile='-o '; - -# EXE linking stuff -$link='${CC}'; -$lflags='${CFLAGS}'; -$efile='-o '; -$exep=''; -$ex_libs="-lwsock32 -lgdi32"; - -# static library stuff -$mklib='ar r'; -$mlflags=''; -$ranlib='ranlib'; -$plib='lib'; -$libp=".a"; -$shlibp=".a"; -$lfile=''; - -$asm='as'; -$afile='-o '; -$bn_asm_obj=""; -$bn_asm_src=""; -$des_enc_obj=""; -$des_enc_src=""; -$bf_enc_obj=""; -$bf_enc_src=""; - -sub do_lib_rule - { - local($obj,$target,$name,$shlib)=@_; - local($ret,$_,$Name); - - $target =~ s/\//$o/g if $o ne '/'; - $target="$target"; - ($Name=$name) =~ tr/a-z/A-Z/; - - $ret.="$target: \$(${Name}OBJ)\n"; - $ret.="\t\$(RM) $target\n"; - $ret.="\t\$(MKLIB) $target \$(${Name}OBJ)\n"; - $ret.="\t\$(RANLIB) $target\n\n"; - } - -sub do_link_rule - { - local($target,$files,$dep_libs,$libs)=@_; - local($ret,$_); - - $file =~ s/\//$o/g if $o ne '/'; - $n=&bname($target); - $ret.="$target: $files $dep_libs\n"; - $ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n\n"; - return($ret); - } -1; - diff --git a/src/lib/libcrypto/util/pl/OS2-EMX.pl b/src/lib/libcrypto/util/pl/OS2-EMX.pl deleted file mode 100644 index 57180556ca6..00000000000 --- a/src/lib/libcrypto/util/pl/OS2-EMX.pl +++ /dev/null @@ -1,96 +0,0 @@ -#!/usr/local/bin/perl -# -# OS2-EMX.pl - for EMX GCC on OS/2 -# - -$o='\\'; -$cp='copy'; -$rm='rm -f'; - -# C compiler stuff - -$cc='gcc'; -$cflags="-DL_ENDIAN -O3 -fomit-frame-pointer -m486 -Zmt -Wall "; - -if ($debug) { - $cflags.="-g "; -} - -$obj='.o'; -$ofile='-o '; - -# EXE linking stuff -$link='${CC}'; -$lflags='${CFLAGS} -Zbsd-signals'; -$efile='-o '; -$exep='.exe'; -$ex_libs="-lsocket"; - -# static library stuff -$mklib='ar r'; -$mlflags=''; -$ranlib="ar s"; -$plib='lib'; -$libp=".a"; -$shlibp=".a"; -$lfile=''; - -$asm='as'; -$afile='-o '; -$bn_asm_obj=""; -$bn_asm_src=""; -$des_enc_obj=""; -$des_enc_src=""; -$bf_enc_obj=""; -$bf_enc_src=""; - -if (!$no_asm) - { - $bn_asm_obj='crypto\bn\asm\bn-os2.o crypto\bn\asm\co-os2.o'; - $bn_asm_src='crypto\bn\asm\bn-os2.asm crypto\bn\asm\co-os2.asm'; - $des_enc_obj='crypto\des\asm\d-os2.o crypto\des\asm\y-os2.o'; - $des_enc_src='crypto\des\asm\d-os2.asm crypto\des\asm\y-os2.asm'; - $bf_enc_obj='crypto\bf\asm\b-os2.o'; - $bf_enc_src='crypto\bf\asm\b-os2.asm'; - $cast_enc_obj='crypto\cast\asm\c-os2.o'; - $cast_enc_src='crypto\cast\asm\c-os2.asm'; - $rc4_enc_obj='crypto\rc4\asm\r4-os2.o'; - $rc4_enc_src='crypto\rc4\asm\r4-os2.asm'; - $rc5_enc_obj='crypto\rc5\asm\r5-os2.o'; - $rc5_enc_src='crypto\rc5\asm\r5-os2.asm'; - $md5_asm_obj='crypto\md5\asm\m5-os2.o'; - $md5_asm_src='crypto\md5\asm\m5-os2.asm'; - $sha1_asm_obj='crypto\sha\asm\s1-os2.o'; - $sha1_asm_src='crypto\sha\asm\s1-os2.asm'; - $rmd160_asm_obj='crypto\ripemd\asm\rm-os2.o'; - $rmd160_asm_src='crypto\ripemd\asm\rm-os2.asm'; - } - -sub do_lib_rule - { - local($obj,$target,$name,$shlib)=@_; - local($ret,$_,$Name); - - $target =~ s/\//$o/g if $o ne '/'; - $target="$target"; - ($Name=$name) =~ tr/a-z/A-Z/; - - $ret.="$target: \$(${Name}OBJ)\n"; - $ret.="\t\$(RM) $target\n"; - $ret.="\t\$(MKLIB) $target \$(${Name}OBJ)\n"; - $ret.="\t\$(RANLIB) $target\n\n"; - } - -sub do_link_rule - { - local($target,$files,$dep_libs,$libs)=@_; - local($ret,$_); - - $file =~ s/\//$o/g if $o ne '/'; - $n=&bname($target); - $ret.="$target: $files $dep_libs\n"; - $ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n\n"; - return($ret); - } - -1; diff --git a/src/lib/libcrypto/util/pl/VC-16.pl b/src/lib/libcrypto/util/pl/VC-16.pl deleted file mode 100644 index 7cda5e67a94..00000000000 --- a/src/lib/libcrypto/util/pl/VC-16.pl +++ /dev/null @@ -1,172 +0,0 @@ -#!/usr/local/bin/perl -# VCw16lib.pl - the file for Visual C++ 1.52b for windows, static libraries -# - -$ssl= "ssleay16"; -$crypto="libeay16"; - -$o='\\'; -$cp='copy'; -$rm='del'; - -# C compiler stuff -$cc='cl'; - -$out_def="out16"; -$tmp_def="tmp16"; -$inc_def="inc16"; - -if ($debug) - { - $op="/Od /Zi /Zd"; - $base_lflags="/CO"; - } -else { - $op="/G2 /f- /Ocgnotb2"; - } -$base_lflags.=" /FARCALL /NOLOGO /NOD /SEG:1024 /ONERROR:NOEXE /NOE /PACKC:60000"; -if ($win16) { $base_lflags.=" /PACKD:60000"; } - -$cflags="/ALw /Gx- /Gt256 /Gf $op /W3 /WX -DL_ENDIAN /nologo"; -# I add the stack opt -$lflags="$base_lflags /STACK:20000"; - -if ($win16) - { - $cflags.=" -DOPENSSL_SYSNAME_WIN16"; - $app_cflag="/Gw /FPi87"; - $lib_cflag="/Gw"; - $lib_cflag.=" -D_WINDLL -D_DLL" if $shlib; - $lib_cflag.=" -DWIN16TTY" if !$shlib; - $lflags.=" /ALIGN:256"; - $ex_libs.="oldnames llibcewq libw"; - } -else - { - $no_sock=1; - $cflags.=" -DMSDOS"; - $lflags.=" /EXEPACK"; - $ex_libs.="oldnames.lib llibce.lib"; - } - -if ($shlib) - { - $mlflags="$base_lflags"; - $libs="oldnames ldllcew libw"; - $shlib_ex_obj=""; -# $no_asm=1; - $out_def="out16dll"; - $tmp_def="tmp16dll"; - } -else - { $mlflags=''; } - -$app_ex_obj="setargv.obj"; - -$obj='.obj'; -$ofile="/Fo"; - -# EXE linking stuff -$link="link"; -$efile=""; -$exep='.exe'; -$ex_libs.=$no_sock?"":" winsock"; - -# static library stuff -$mklib='lib /PAGESIZE:1024'; -$ranlib=''; -$plib=""; -$libp=".lib"; -$shlibp=($shlib)?".dll":".lib"; -$lfile=''; - -$asm='ml /Cp /c /Cx'; -$afile='/Fo'; - -$bn_asm_obj=''; -$bn_asm_src=''; -$des_enc_obj=''; -$des_enc_src=''; -$bf_enc_obj=''; -$bf_enc_src=''; - -if (!$no_asm) - { - if ($asmbits == 32) - { - $bn_asm_obj='crypto\bn\asm\x86w32.obj'; - $bn_asm_src='crypto\bn\asm\x86w32.asm'; - } - else - { - $bn_asm_obj='crypto\bn\asm\x86w16.obj'; - $bn_asm_src='crypto\bn\asm\x86w16.asm'; - } - } - -sub do_lib_rule - { - local($objs,$target,$name,$shlib)=@_; - local($ret,$Name); - - $taget =~ s/\//$o/g if $o ne '/'; - ($Name=$name) =~ tr/a-z/A-Z/; - -# $target="\$(LIB_D)$o$target"; - $ret.="$target: $objs\n"; -# $ret.="\t\$(RM) \$(O_$Name)\n"; - - # Due to a pathetic line length limit, I unwrap the args. - local($lib_names)=""; - local($dll_names)=" \$(SHLIB_EX_OBJ) +\n"; - ($obj)= ($objs =~ /\((.*)\)/); - foreach $_ (sort split(/\s+/,$Vars{$obj})) - { - $lib_names.="+$_ &\n"; - $dll_names.=" $_ +\n"; - } - - if (!$shlib) - { - $ret.="\tdel $target\n"; - $ret.="\t\$(MKLIB) @<<\n$target\ny\n$lib_names\n\n<<\n"; - } - else - { - local($ex)=($target =~ /O_SSL/)?'$(L_CRYPTO)':""; - $ex.=' winsock'; - $ret.="\t\$(LINK) \$(MLFLAGS) @<<\n"; - $ret.=$dll_names; - $ret.="\n $target\n\n $ex $libs\nms$o${name}.def;\n<<\n"; - ($out_lib=$target) =~ s/O_/L_/; - $ret.="\timplib /noignorecase /nowep $out_lib $target\n"; - } - $ret.="\n"; - return($ret); - } - -sub do_link_rule - { - local($target,$files,$dep_libs,$libs)=@_; - local($ret,$f,$_,@f); - - $file =~ s/\//$o/g if $o ne '/'; - $n=&bname($targer); - $ret.="$target: $files $dep_libs\n"; - $ret.=" \$(LINK) \$(LFLAGS) @<<\n"; - - # Due to a pathetic line length limit, I have to unwrap the args. - if ($files =~ /\(([^)]*)\)$/) - { - @a=('$(APP_EX_OBJ)'); - push(@a,sort split(/\s+/,$Vars{$1})); - for $_ (@a) - { $ret.=" $_ +\n"; } - } - else - { $ret.=" \$(APP_EX_OBJ) $files"; } - $ret.="\n $target\n\n $libs\n\n<<\n\n"; - return($ret); - } - -1; diff --git a/src/lib/libcrypto/util/pl/VC-32.pl b/src/lib/libcrypto/util/pl/VC-32.pl deleted file mode 100644 index 50bfb343854..00000000000 --- a/src/lib/libcrypto/util/pl/VC-32.pl +++ /dev/null @@ -1,140 +0,0 @@ -#!/usr/local/bin/perl -# VCw32lib.pl - the file for Visual C++ 4.[01] for windows NT, static libraries -# - -$ssl= "ssleay32"; -$crypto="libeay32"; - -$o='\\'; -$cp='copy nul+'; # Timestamps get stuffed otherwise -$rm='del'; - -# C compiler stuff -$cc='cl'; -$cflags=' /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32'; -$lflags="/nologo /subsystem:console /machine:I386 /opt:ref"; -$mlflags=''; - -$out_def="out32"; -$tmp_def="tmp32"; -$inc_def="inc32"; - -if ($debug) - { - $cflags=" /MDd /W3 /WX /Zi /Yd /Od /nologo -DOPENSSL_SYSNAME_WIN32 -D_DEBUG -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -DDEBUG -DDSO_WIN32"; - $lflags.=" /debug"; - $mlflags.=' /debug'; - } -$cflags .= " -DOPENSSL_SYSNAME_WINNT" if $NT == 1; - -$obj='.obj'; -$ofile="/Fo"; - -# EXE linking stuff -$link="link"; -$efile="/out:"; -$exep='.exe'; -if ($no_sock) - { $ex_libs=""; } -else { $ex_libs="wsock32.lib user32.lib gdi32.lib"; } - -# static library stuff -$mklib='lib'; -$ranlib=''; -$plib=""; -$libp=".lib"; -$shlibp=($shlib)?".dll":".lib"; -$lfile='/out:'; - -$shlib_ex_obj=""; -$app_ex_obj="setargv.obj"; -if ($nasm) { - $asm='nasmw -f win32'; - $afile='-o '; -} else { - $asm='ml /Cp /coff /c /Cx'; - $asm.=" /Zi" if $debug; - $afile='/Fo'; -} - -$bn_asm_obj=''; -$bn_asm_src=''; -$des_enc_obj=''; -$des_enc_src=''; -$bf_enc_obj=''; -$bf_enc_src=''; - -if (!$no_asm) - { - $bn_asm_obj='crypto\bn\asm\bn-win32.obj'; - $bn_asm_src='crypto\bn\asm\bn-win32.asm'; - $des_enc_obj='crypto\des\asm\d-win32.obj crypto\des\asm\y-win32.obj'; - $des_enc_src='crypto\des\asm\d-win32.asm crypto\des\asm\y-win32.asm'; - $bf_enc_obj='crypto\bf\asm\b-win32.obj'; - $bf_enc_src='crypto\bf\asm\b-win32.asm'; - $cast_enc_obj='crypto\cast\asm\c-win32.obj'; - $cast_enc_src='crypto\cast\asm\c-win32.asm'; - $rc4_enc_obj='crypto\rc4\asm\r4-win32.obj'; - $rc4_enc_src='crypto\rc4\asm\r4-win32.asm'; - $rc5_enc_obj='crypto\rc5\asm\r5-win32.obj'; - $rc5_enc_src='crypto\rc5\asm\r5-win32.asm'; - $md5_asm_obj='crypto\md5\asm\m5-win32.obj'; - $md5_asm_src='crypto\md5\asm\m5-win32.asm'; - $sha1_asm_obj='crypto\sha\asm\s1-win32.obj'; - $sha1_asm_src='crypto\sha\asm\s1-win32.asm'; - $rmd160_asm_obj='crypto\ripemd\asm\rm-win32.obj'; - $rmd160_asm_src='crypto\ripemd\asm\rm-win32.asm'; - $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM"; - } - -if ($shlib) - { - $mlflags.=" $lflags /dll"; -# $cflags =~ s| /MD| /MT|; - $lib_cflag=" -D_WINDLL -D_DLL"; - $out_def="out32dll"; - $tmp_def="tmp32dll"; - } - -$cflags.=" /Fd$out_def"; - -sub do_lib_rule - { - local($objs,$target,$name,$shlib)=@_; - local($ret,$Name); - - $taget =~ s/\//$o/g if $o ne '/'; - ($Name=$name) =~ tr/a-z/A-Z/; - -# $target="\$(LIB_D)$o$target"; - $ret.="$target: $objs\n"; - if (!$shlib) - { -# $ret.="\t\$(RM) \$(O_$Name)\n"; - $ex =' advapi32.lib'; - $ret.="\t\$(MKLIB) $lfile$target @<<\n $objs $ex\n<<\n"; - } - else - { - local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':''; - $ex.=' wsock32.lib gdi32.lib advapi32.lib'; - $ret.="\t\$(LINK) \$(MLFLAGS) $efile$target /def:ms/${Name}.def @<<\n \$(SHLIB_EX_OBJ) $objs $ex\n<<\n"; - } - $ret.="\n"; - return($ret); - } - -sub do_link_rule - { - local($target,$files,$dep_libs,$libs)=@_; - local($ret,$_); - - $file =~ s/\//$o/g if $o ne '/'; - $n=&bname($targer); - $ret.="$target: $files $dep_libs\n"; - $ret.=" \$(LINK) \$(LFLAGS) $efile$target @<<\n"; - $ret.=" \$(APP_EX_OBJ) $files $libs\n<<\n\n"; - return($ret); - } - -1; diff --git a/src/lib/libcrypto/util/pl/linux.pl b/src/lib/libcrypto/util/pl/linux.pl deleted file mode 100644 index 8924ed54808..00000000000 --- a/src/lib/libcrypto/util/pl/linux.pl +++ /dev/null @@ -1,104 +0,0 @@ -#!/usr/local/bin/perl -# -# linux.pl - the standard unix makefile stuff. -# - -$o='/'; -$cp='/bin/cp'; -$rm='/bin/rm -f'; - -# C compiler stuff - -$cc='gcc'; -if ($debug) - { $cflags="-g2 -ggdb -DREF_CHECK -DCRYPTO_MDEBUG"; } -elsif ($profile) - { $cflags="-pg -O3"; } -else - { $cflags="-O3 -fomit-frame-pointer"; } - -if (!$no_asm) - { - $bn_asm_obj='$(OBJ_D)/bn86-elf.o'; - $bn_asm_src='crypto/bn/asm/bn86unix.cpp'; - $bnco_asm_obj='$(OBJ_D)/co86-elf.o'; - $bnco_asm_src='crypto/bn/asm/co86unix.cpp'; - $des_enc_obj='$(OBJ_D)/dx86-elf.o $(OBJ_D)/yx86-elf.o'; - $des_enc_src='crypto/des/asm/dx86unix.cpp crypto/des/asm/yx86unix.cpp'; - $bf_enc_obj='$(OBJ_D)/bx86-elf.o'; - $bf_enc_src='crypto/bf/asm/bx86unix.cpp'; - $cast_enc_obj='$(OBJ_D)/cx86-elf.o'; - $cast_enc_src='crypto/cast/asm/cx86unix.cpp'; - $rc4_enc_obj='$(OBJ_D)/rx86-elf.o'; - $rc4_enc_src='crypto/rc4/asm/rx86unix.cpp'; - $rc5_enc_obj='$(OBJ_D)/r586-elf.o'; - $rc5_enc_src='crypto/rc5/asm/r586unix.cpp'; - $md5_asm_obj='$(OBJ_D)/mx86-elf.o'; - $md5_asm_src='crypto/md5/asm/mx86unix.cpp'; - $rmd160_asm_obj='$(OBJ_D)/rm86-elf.o'; - $rmd160_asm_src='crypto/ripemd/asm/rm86unix.cpp'; - $sha1_asm_obj='$(OBJ_D)/sx86-elf.o'; - $sha1_asm_src='crypto/sha/asm/sx86unix.cpp'; - $cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM"; - } - -$cflags.=" -DTERMIO -DL_ENDIAN -m486 -Wall"; - -if ($shlib) - { - $shl_cflag=" -DPIC -fpic"; - $shlibp=".so.$ssl_version"; - $so_shlibp=".so"; - } - -sub do_shlib_rule - { - local($obj,$target,$name,$shlib,$so_name)=@_; - local($ret,$_,$Name); - - $target =~ s/\//$o/g if $o ne '/'; - ($Name=$name) =~ tr/a-z/A-Z/; - - $ret.="$target: \$(${Name}OBJ)\n"; - $ret.="\t\$(RM) target\n"; - $ret.="\tgcc \${CFLAGS} -shared -Wl,-soname,$target -o $target \$(${Name}OBJ)\n"; - ($t=$target) =~ s/(^.*)\/[^\/]*$/$1/; - if ($so_name ne "") - { - $ret.="\t\$(RM) \$(LIB_D)$o$so_name\n"; - $ret.="\tln -s $target \$(LIB_D)$o$so_name\n\n"; - } - } - -sub do_link_rule - { - local($target,$files,$dep_libs,$libs)=@_; - local($ret,$_); - - $file =~ s/\//$o/g if $o ne '/'; - $n=&bname($target); - $ret.="$target: $files $dep_libs\n"; - $ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n\n"; - return($ret); - } - -sub do_asm_rule - { - local($target,$src)=@_; - local($ret,@s,@t,$i); - - $target =~ s/\//$o/g if $o ne "/"; - $src =~ s/\//$o/g if $o ne "/"; - - @s=split(/\s+/,$src); - @t=split(/\s+/,$target); - - for ($i=0; $i<=$#s; $i++) - { - $ret.="$t[$i]: $s[$i]\n"; - $ret.="\tgcc -E -DELF \$(SRC_D)$o$s[$i]|\$(AS) $afile$t[$i]\n\n"; - } - return($ret); - } - -1; diff --git a/src/lib/libcrypto/util/pl/ultrix.pl b/src/lib/libcrypto/util/pl/ultrix.pl deleted file mode 100644 index ea370c71f96..00000000000 --- a/src/lib/libcrypto/util/pl/ultrix.pl +++ /dev/null @@ -1,38 +0,0 @@ -#!/usr/local/bin/perl -# -# linux.pl - the standard unix makefile stuff. -# - -$o='/'; -$cp='/bin/cp'; -$rm='/bin/rm -f'; - -# C compiler stuff - -$cc='cc'; -if ($debug) - { $cflags="-g -DREF_CHECK -DCRYPTO_MDEBUG"; } -else - { $cflags="-O2"; } - -$cflags.=" -std1 -DL_ENDIAN"; - -if (!$no_asm) - { - $bn_asm_obj='$(OBJ_D)/mips1.o'; - $bn_asm_src='crypto/bn/asm/mips1.s'; - } - -sub do_link_rule - { - local($target,$files,$dep_libs,$libs)=@_; - local($ret,$_); - - $file =~ s/\//$o/g if $o ne '/'; - $n=&bname($target); - $ret.="$target: $files $dep_libs\n"; - $ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n\n"; - return($ret); - } - -1; diff --git a/src/lib/libcrypto/util/pl/unix.pl b/src/lib/libcrypto/util/pl/unix.pl deleted file mode 100644 index 146611ad995..00000000000 --- a/src/lib/libcrypto/util/pl/unix.pl +++ /dev/null @@ -1,96 +0,0 @@ -#!/usr/local/bin/perl -# -# unix.pl - the standard unix makefile stuff. -# - -$o='/'; -$cp='/bin/cp'; -$rm='/bin/rm -f'; - -# C compiler stuff - -if ($gcc) - { - $cc='gcc'; - if ($debug) - { $cflags="-g2 -ggdb"; } - else - { $cflags="-O3 -fomit-frame-pointer"; } - } -else - { - $cc='cc'; - if ($debug) - { $cflags="-g"; } - else - { $cflags="-O"; } - } -$obj='.o'; -$ofile='-o '; - -# EXE linking stuff -$link='${CC}'; -$lflags='${CFLAGS}'; -$efile='-o '; -$exep=''; -$ex_libs=""; - -# static library stuff -$mklib='ar r'; -$mlflags=''; -$ranlib=&which("ranlib") or $ranlib="true"; -$plib='lib'; -$libp=".a"; -$shlibp=".a"; -$lfile=''; - -$asm='as'; -$afile='-o '; -$bn_asm_obj=""; -$bn_asm_src=""; -$des_enc_obj=""; -$des_enc_src=""; -$bf_enc_obj=""; -$bf_enc_src=""; - -sub do_lib_rule - { - local($obj,$target,$name,$shlib)=@_; - local($ret,$_,$Name); - - $target =~ s/\//$o/g if $o ne '/'; - $target="$target"; - ($Name=$name) =~ tr/a-z/A-Z/; - - $ret.="$target: \$(${Name}OBJ)\n"; - $ret.="\t\$(RM) $target\n"; - $ret.="\t\$(MKLIB) $target \$(${Name}OBJ)\n"; - $ret.="\t\$(RANLIB) $target\n\n"; - } - -sub do_link_rule - { - local($target,$files,$dep_libs,$libs)=@_; - local($ret,$_); - - $file =~ s/\//$o/g if $o ne '/'; - $n=&bname($target); - $ret.="$target: $files $dep_libs\n"; - $ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n\n"; - return($ret); - } - -sub which - { - my ($name)=@_; - my $path; - foreach $path (split /:/, $ENV{PATH}) - { - if (-x "$path/$name") - { - return "$path/$name"; - } - } - } - -1; diff --git a/src/lib/libcrypto/util/pod2man.pl b/src/lib/libcrypto/util/pod2man.pl deleted file mode 100644 index 657e4e264e0..00000000000 --- a/src/lib/libcrypto/util/pod2man.pl +++ /dev/null @@ -1,1183 +0,0 @@ -: #!/usr/bin/perl-5.005 - eval 'exec /usr/bin/perl -S $0 ${1+"$@"}' - if $running_under_some_shell; - -$DEF_PM_SECTION = '3pm' || '3'; - -=head1 NAME - -pod2man - translate embedded Perl pod directives into man pages - -=head1 SYNOPSIS - -B -[ B<--section=>I ] -[ B<--release=>I ] -[ B<--center=>I ] -[ B<--date=>I ] -[ B<--fixed=>I ] -[ B<--official> ] -[ B<--lax> ] -I - -=head1 DESCRIPTION - -B converts its input file containing embedded pod directives (see -L) into nroff source suitable for viewing with nroff(1) or -troff(1) using the man(7) macro set. - -Besides the obvious pod conversions, B also takes care of -func(), func(n), and simple variable references like $foo or @bar so -you don't have to use code escapes for them; complex expressions like -C<$fred{'stuff'}> will still need to be escaped, though. Other nagging -little roffish things that it catches include translating the minus in -something like foo-bar, making a long dash--like this--into a real em -dash, fixing up "paired quotes", putting a little space after the -parens in something like func(), making C++ and PI look right, making -double underbars have a little tiny space between them, making ALLCAPS -a teeny bit smaller in troff(1), and escaping backslashes so you don't -have to. - -=head1 OPTIONS - -=over 8 - -=item center - -Set the centered header to a specific string. The default is -"User Contributed Perl Documentation", unless the C<--official> flag is -given, in which case the default is "Perl Programmers Reference Guide". - -=item date - -Set the left-hand footer string to this value. By default, -the modification date of the input file will be used. - -=item fixed - -The fixed font to use for code refs. Defaults to CW. - -=item official - -Set the default header to indicate that this page is of -the standard release in case C<--center> is not given. - -=item release - -Set the centered footer. By default, this is the current -perl release. - -=item section - -Set the section for the C<.TH> macro. The standard conventions on -sections are to use 1 for user commands, 2 for system calls, 3 for -functions, 4 for devices, 5 for file formats, 6 for games, 7 for -miscellaneous information, and 8 for administrator commands. This works -best if you put your Perl man pages in a separate tree, like -F. By default, section 1 will be used -unless the file ends in F<.pm> in which case section 3 will be selected. - -=item lax - -Don't complain when required sections aren't present. - -=back - -=head1 Anatomy of a Proper Man Page - -For those not sure of the proper layout of a man page, here's -an example of the skeleton of a proper man page. Head of the -major headers should be setout as a C<=head1> directive, and -are historically written in the rather startling ALL UPPER CASE -format, although this is not mandatory. -Minor headers may be included using C<=head2>, and are -typically in mixed case. - -=over 10 - -=item NAME - -Mandatory section; should be a comma-separated list of programs or -functions documented by this podpage, such as: - - foo, bar - programs to do something - -=item SYNOPSIS - -A short usage summary for programs and functions, which -may someday be deemed mandatory. - -=item DESCRIPTION - -Long drawn out discussion of the program. It's a good idea to break this -up into subsections using the C<=head2> directives, like - - =head2 A Sample Subection - - =head2 Yet Another Sample Subection - -=item OPTIONS - -Some people make this separate from the description. - -=item RETURN VALUE - -What the program or function returns if successful. - -=item ERRORS - -Exceptions, return codes, exit stati, and errno settings. - -=item EXAMPLES - -Give some example uses of the program. - -=item ENVIRONMENT - -Envariables this program might care about. - -=item FILES - -All files used by the program. You should probably use the FEE -for these. - -=item SEE ALSO - -Other man pages to check out, like man(1), man(7), makewhatis(8), or catman(8). - -=item NOTES - -Miscellaneous commentary. - -=item CAVEATS - -Things to take special care with; sometimes called WARNINGS. - -=item DIAGNOSTICS - -All possible messages the program can print out--and -what they mean. - -=item BUGS - -Things that are broken or just don't work quite right. - -=item RESTRICTIONS - -Bugs you don't plan to fix :-) - -=item AUTHOR - -Who wrote it (or AUTHORS if multiple). - -=item HISTORY - -Programs derived from other sources sometimes have this, or -you might keep a modification log here. - -=back - -=head1 EXAMPLES - - pod2man program > program.1 - pod2man some_module.pm > /usr/perl/man/man3/some_module.3 - pod2man --section=7 note.pod > note.7 - -=head1 DIAGNOSTICS - -The following diagnostics are generated by B. Items -marked "(W)" are non-fatal, whereas the "(F)" errors will cause -B to immediately exit with a non-zero status. - -=over 4 - -=item bad option in paragraph %d of %s: ``%s'' should be [%s]<%s> - -(W) If you start include an option, you should set it off -as bold, italic, or code. - -=item can't open %s: %s - -(F) The input file wasn't available for the given reason. - -=item Improper man page - no dash in NAME header in paragraph %d of %s - -(W) The NAME header did not have an isolated dash in it. This is -considered important. - -=item Invalid man page - no NAME line in %s - -(F) You did not include a NAME header, which is essential. - -=item roff font should be 1 or 2 chars, not `%s' (F) - -(F) The font specified with the C<--fixed> option was not -a one- or two-digit roff font. - -=item %s is missing required section: %s - -(W) Required sections include NAME, DESCRIPTION, and if you're -using a section starting with a 3, also a SYNOPSIS. Actually, -not having a NAME is a fatal. - -=item Unknown escape: %s in %s - -(W) An unknown HTML entity (probably for an 8-bit character) was given via -a CE> directive. Besides amp, lt, gt, and quot, recognized -entities are Aacute, aacute, Acirc, acirc, AElig, aelig, Agrave, agrave, -Aring, aring, Atilde, atilde, Auml, auml, Ccedil, ccedil, Eacute, eacute, -Ecirc, ecirc, Egrave, egrave, ETH, eth, Euml, euml, Iacute, iacute, Icirc, -icirc, Igrave, igrave, Iuml, iuml, Ntilde, ntilde, Oacute, oacute, Ocirc, -ocirc, Ograve, ograve, Oslash, oslash, Otilde, otilde, Ouml, ouml, szlig, -THORN, thorn, Uacute, uacute, Ucirc, ucirc, Ugrave, ugrave, Uuml, uuml, -Yacute, yacute, and yuml. - -=item Unmatched =back - -(W) You have a C<=back> without a corresponding C<=over>. - -=item Unrecognized pod directive: %s - -(W) You specified a pod directive that isn't in the known list of -C<=head1>, C<=head2>, C<=item>, C<=over>, C<=back>, or C<=cut>. - - -=back - -=head1 NOTES - -If you would like to print out a lot of man page continuously, you -probably want to set the C and D registers to set contiguous page -numbering and even/odd paging, at least on some versions of man(7). -Settting the F register will get you some additional experimental -indexing: - - troff -man -rC1 -rD1 -rF1 perl.1 perldata.1 perlsyn.1 ... - -The indexing merely outputs messages via C<.tm> for each -major page, section, subsection, item, and any CE> -directives. - - -=head1 RESTRICTIONS - -None at this time. - -=head1 BUGS - -The =over and =back directives don't really work right. They -take absolute positions instead of offsets, don't nest well, and -making people count is suboptimal in any event. - -=head1 AUTHORS - -Original prototype by Larry Wall, but so massively hacked over by -Tom Christiansen such that Larry probably doesn't recognize it anymore. - -=cut - -$/ = ""; -$cutting = 1; -@Indices = (); - -# We try first to get the version number from a local binary, in case we're -# running an installed version of Perl to produce documentation from an -# uninstalled newer version's pod files. -if ($^O ne 'plan9' and $^O ne 'dos' and $^O ne 'os2' and $^O ne 'MSWin32') { - my $perl = (-x './perl' && -f './perl' ) ? - './perl' : - ((-x '../perl' && -f '../perl') ? - '../perl' : - ''); - ($version,$patch) = `$perl -e 'print $]'` =~ /^(\d\.\d{3})(\d{2})?/ if $perl; -} -# No luck; we'll just go with the running Perl's version -($version,$patch) = $] =~ /^(.{5})(\d{2})?/ unless $version; -$DEF_RELEASE = "perl $version"; -$DEF_RELEASE .= ", patch $patch" if $patch; - - -sub makedate { - my $secs = shift; - my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime($secs); - my $mname = (qw{Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec})[$mon]; - $year += 1900; - return "$mday/$mname/$year"; -} - -use Getopt::Long; - -$DEF_SECTION = 1; -$DEF_CENTER = "User Contributed Perl Documentation"; -$STD_CENTER = "Perl Programmers Reference Guide"; -$DEF_FIXED = 'CW'; -$DEF_LAX = 0; - -sub usage { - warn "$0: @_\n" if @_; - die <"; -$Filename = $name; -if ($section =~ /^1/) { - require File::Basename; - $name = uc File::Basename::basename($name); -} -$name =~ s/\.(pod|p[lm])$//i; - -# Lose everything up to the first of -# */lib/*perl* standard or site_perl module -# */*perl*/lib from -D prefix=/opt/perl -# */*perl*/ random module hierarchy -# which works. -$name =~ s-//+-/-g; -if ($name =~ s-^.*?/lib/[^/]*perl[^/]*/--i - or $name =~ s-^.*?/[^/]*perl[^/]*/lib/--i - or $name =~ s-^.*?/[^/]*perl[^/]*/--i) { - # Lose ^site(_perl)?/. - $name =~ s-^site(_perl)?/--; - # Lose ^arch/. (XXX should we use Config? Just for archname?) - $name =~ s~^(.*-$^O|$^O-.*)/~~o; - # Lose ^version/. - $name =~ s-^\d+\.\d+/--; -} - -# Translate Getopt/Long to Getopt::Long, etc. -$name =~ s(/)(::)g; - -if ($name ne 'something') { - FCHECK: { - open(F, "< $ARGV[0]") || die "can't open $ARGV[0]: $!"; - while () { - next unless /^=\b/; - if (/^=head1\s+NAME\s*$/) { # an /m would forgive mistakes - $_ = ; - unless (/\s*-+\s+/) { - $oops++; - warn "$0: Improper man page - no dash in NAME header in paragraph $. of $ARGV[0]\n" - } else { - my @n = split /\s+-+\s+/; - if (@n != 2) { - $oops++; - warn "$0: Improper man page - malformed NAME header in paragraph $. of $ARGV[0]\n" - } - else { - $n[0] =~ s/\n/ /g; - $n[1] =~ s/\n/ /g; - %namedesc = @n; - } - } - last FCHECK; - } - next if /^=cut\b/; # DB_File and Net::Ping have =cut before NAME - next if /^=pod\b/; # It is OK to have =pod before NAME - die "$0: Invalid man page - 1st pod line is not NAME in $ARGV[0]\n" unless $lax; - } - die "$0: Invalid man page - no documentation in $ARGV[0]\n" unless $lax; - } - close F; -} - -print <<"END"; -.rn '' }` -''' \$RCSfile\$\$Revision\$\$Date\$ -''' -''' \$Log\$ -''' -.de Sh -.br -.if t .Sp -.ne 5 -.PP -\\fB\\\\\$1\\fR -.PP -.. -.de Sp -.if t .sp .5v -.if n .sp -.. -.de Ip -.br -.ie \\\\n(.\$>=3 .ne \\\\\$3 -.el .ne 3 -.IP "\\\\\$1" \\\\\$2 -.. -.de Vb -.ft $CFont -.nf -.ne \\\\\$1 -.. -.de Ve -.ft R - -.fi -.. -''' -''' -''' Set up \\*(-- to give an unbreakable dash; -''' string Tr holds user defined translation string. -''' Bell System Logo is used as a dummy character. -''' -.tr \\(*W-|\\(bv\\*(Tr -.ie n \\{\\ -.ds -- \\(*W- -.ds PI pi -.if (\\n(.H=4u)&(1m=24u) .ds -- \\(*W\\h'-12u'\\(*W\\h'-12u'-\\" diablo 10 pitch -.if (\\n(.H=4u)&(1m=20u) .ds -- \\(*W\\h'-12u'\\(*W\\h'-8u'-\\" diablo 12 pitch -.ds L" "" -.ds R" "" -''' \\*(M", \\*(S", \\*(N" and \\*(T" are the equivalent of -''' \\*(L" and \\*(R", except that they are used on ".xx" lines, -''' such as .IP and .SH, which do another additional levels of -''' double-quote interpretation -.ds M" """ -.ds S" """ -.ds N" """"" -.ds T" """"" -.ds L' ' -.ds R' ' -.ds M' ' -.ds S' ' -.ds N' ' -.ds T' ' -'br\\} -.el\\{\\ -.ds -- \\(em\\| -.tr \\*(Tr -.ds L" `` -.ds R" '' -.ds M" `` -.ds S" '' -.ds N" `` -.ds T" '' -.ds L' ` -.ds R' ' -.ds M' ` -.ds S' ' -.ds N' ` -.ds T' ' -.ds PI \\(*p -'br\\} -END - -print <<'END'; -.\" If the F register is turned on, we'll generate -.\" index entries out stderr for the following things: -.\" TH Title -.\" SH Header -.\" Sh Subsection -.\" Ip Item -.\" X<> Xref (embedded -.\" Of course, you have to process the output yourself -.\" in some meaninful fashion. -.if \nF \{ -.de IX -.tm Index:\\$1\t\\n%\t"\\$2" -.. -.nr % 0 -.rr F -.\} -END - -print <<"END"; -.TH $name $section "$RP" "$date" "$center" -.UC -END - -push(@Indices, qq{.IX Title "$name $section"}); - -while (($name, $desc) = each %namedesc) { - for ($name, $desc) { s/^\s+//; s/\s+$//; } - push(@Indices, qq(.IX Name "$name - $desc"\n)); -} - -print <<'END'; -.if n .hy 0 -.if n .na -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' -.de CQ \" put $1 in typewriter font -END -print ".ft $CFont\n"; -print <<'END'; -'if n "\c -'if t \\&\\$1\c -'if n \\&\\$1\c -'if n \&" -\\&\\$2 \\$3 \\$4 \\$5 \\$6 \\$7 -'.ft R -.. -.\" @(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2 -. \" AM - accent mark definitions -.bd B 3 -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds ? ? -. ds ! ! -. ds / -. ds q -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds ? \s-2c\h'-\w'c'u*7/10'\u\h'\*(#H'\zi\d\s+2\h'\w'c'u*8/10' -. ds ! \s-2\(or\s+2\h'-\w'\(or'u'\v'-.8m'.\v'.8m' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -. ds q o\h'-\w'o'u*8/10'\s-4\v'.4m'\z\(*i\v'-.4m'\s+4\h'\w'o'u*8/10' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds v \\k:\h'-(\\n(.wu*9/10-\*(#H)'\v'-\*(#V'\*(#[\s-4v\s0\v'\*(#V'\h'|\\n:u'\*(#] -.ds _ \\k:\h'-(\\n(.wu*9/10-\*(#H+(\*(#F*2/3))'\v'-.4m'\z\(hy\v'.4m'\h'|\\n:u' -.ds . \\k:\h'-(\\n(.wu*8/10)'\v'\*(#V*4/10'\z.\v'-\*(#V*4/10'\h'|\\n:u' -.ds 3 \*(#[\v'.2m'\s-2\&3\s0\v'-.2m'\*(#] -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -.ds oe o\h'-(\w'o'u*4/10)'e -.ds Oe O\h'-(\w'O'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds v \h'-1'\o'\(aa\(ga' -. ds _ \h'-1'^ -. ds . \h'-1'. -. ds 3 3 -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -. ds oe oe -. ds Oe OE -.\} -.rm #[ #] #H #V #F C -END - -$indent = 0; - -$begun = ""; - -# Unrolling [^A-Z>]|[A-Z](?!<) gives: // MRE pp 165. -my $nonest = '(?:[^A-Z>]*(?:[A-Z](?!<)[^A-Z>]*)*)'; - -while (<>) { - if ($cutting) { - next unless /^=/; - $cutting = 0; - } - if ($begun) { - if (/^=end\s+$begun/) { - $begun = ""; - } - elsif ($begun =~ /^(roff|man)$/) { - print STDOUT $_; - } - next; - } - chomp; - - # Translate verbatim paragraph - - if (/^\s/) { - @lines = split(/\n/); - for (@lines) { - 1 while s - {^( [^\t]* ) \t ( \t* ) } - { $1 . ' ' x (8 - (length($1)%8) + 8 * (length($2))) }ex; - s/\\/\\e/g; - s/\A/\\&/s; - } - $lines = @lines; - makespace() unless $verbatim++; - print ".Vb $lines\n"; - print join("\n", @lines), "\n"; - print ".Ve\n"; - $needspace = 0; - next; - } - - $verbatim = 0; - - if (/^=for\s+(\S+)\s*/s) { - if ($1 eq "man" or $1 eq "roff") { - print STDOUT $',"\n\n"; - } else { - # ignore unknown for - } - next; - } - elsif (/^=begin\s+(\S+)\s*/s) { - $begun = $1; - if ($1 eq "man" or $1 eq "roff") { - print STDOUT $'."\n\n"; - } - next; - } - - # check for things that'll hosed our noremap scheme; affects $_ - init_noremap(); - - if (!/^=item/) { - - # trofficate backslashes; must do it before what happens below - s/\\/noremap('\\e')/ge; - - # protect leading periods and quotes against *roff - # mistaking them for directives - s/^(?:[A-Z]<)?[.']/\\&$&/gm; - - # first hide the escapes in case we need to - # intuit something and get it wrong due to fmting - - 1 while s/([A-Z]<$nonest>)/noremap($1)/ge; - - # func() is a reference to a perl function - s{ - \b - ( - [:\w]+ \(\) - ) - } {I<$1>}gx; - - # func(n) is a reference to a perl function or a man page - s{ - ([:\w]+) - ( - \( [^\051]+ \) - ) - } {I<$1>\\|$2}gx; - - # convert simple variable references - s/(\s+)([\$\@%][\w:]+)(?!\()/${1}C<$2>/g; - - if (m{ ( - [\-\w]+ - \( - [^\051]*? - [\@\$,] - [^\051]*? - \) - ) - }x && $` !~ /([LCI]<[^<>]*|-)$/ && !/^=\w/) - { - warn "$0: bad option in paragraph $. of $ARGV: ``$1'' should be [LCI]<$1>\n"; - $oops++; - } - - while (/(-[a-zA-Z])\b/g && $` !~ /[\w\-]$/) { - warn "$0: bad option in paragraph $. of $ARGV: ``$1'' should be [CB]<$1>\n"; - $oops++; - } - - # put it back so we get the <> processed again; - clear_noremap(0); # 0 means leave the E's - - } else { - # trofficate backslashes - s/\\/noremap('\\e')/ge; - - } - - # need to hide E<> first; they're processed in clear_noremap - s/(E<[^<>]+>)/noremap($1)/ge; - - - $maxnest = 10; - while ($maxnest-- && /[A-Z]/font($1) . $2 . font('R')/eg; - - # files and filelike refs in italics - s/F<($nonest)>/I<$1>/g; - - # no break -- usually we want C<> for this - s/S<($nonest)>/nobreak($1)/eg; - - # LREF: a la HREF L - s:L<([^|>]+)\|[^>]+>:$1:g; - - # LREF: a manpage(3f) - s:L<([a-zA-Z][^\s\/]+)(\([^\)]+\))?>:the I<$1>$2 manpage:g; - - # LREF: an =item on another manpage - s{ - L< - ([^/]+) - / - ( - [:\w]+ - (\(\))? - ) - > - } {the C<$2> entry in the I<$1> manpage}gx; - - # LREF: an =item on this manpage - s{ - ((?: - L< - / - ( - [:\w]+ - (\(\))? - ) - > - (,?\s+(and\s+)?)? - )+) - } { internal_lrefs($1) }gex; - - # LREF: a =head2 (head1?), maybe on a manpage, maybe right here - # the "func" can disambiguate - s{ - L< - (?: - ([a-zA-Z]\S+?) / - )? - "?(.*?)"? - > - }{ - do { - $1 # if no $1, assume it means on this page. - ? "the section on I<$2> in the I<$1> manpage" - : "the section on I<$2>" - } - }gesx; # s in case it goes over multiple lines, so . matches \n - - s/Z<>/\\&/g; - - # comes last because not subject to reprocessing - s/C<($nonest)>/noremap("${CFont_embed}${1}\\fR")/eg; - } - - if (s/^=//) { - $needspace = 0; # Assume this. - - s/\n/ /g; - - ($Cmd, $_) = split(' ', $_, 2); - - $dotlevel = 1; - if ($Cmd eq 'head1') { - $dotlevel = 1; - } - elsif ($Cmd eq 'head2') { - $dotlevel = 1; - } - elsif ($Cmd eq 'item') { - $dotlevel = 2; - } - - if (defined $_) { - &escapes($dotlevel); - s/"/""/g; - } - - clear_noremap(1); - - if ($Cmd eq 'cut') { - $cutting = 1; - } - elsif ($Cmd eq 'head1') { - s/\s+$//; - delete $wanna_see{$_} if exists $wanna_see{$_}; - print qq{.SH "$_"\n}; - push(@Indices, qq{.IX Header "$_"\n}); - } - elsif ($Cmd eq 'head2') { - print qq{.Sh "$_"\n}; - push(@Indices, qq{.IX Subsection "$_"\n}); - } - elsif ($Cmd eq 'over') { - push(@indent,$indent); - $indent += ($_ + 0) || 5; - } - elsif ($Cmd eq 'back') { - $indent = pop(@indent); - warn "$0: Unmatched =back in paragraph $. of $ARGV\n" unless defined $indent; - $needspace = 1; - } - elsif ($Cmd eq 'item') { - s/^\*( |$)/\\(bu$1/g; - # if you know how to get ":s please do - s/\\\*\(L"([^"]+?)\\\*\(R"/'$1'/g; - s/\\\*\(L"([^"]+?)""/'$1'/g; - s/[^"]""([^"]+?)""[^"]/'$1'/g; - # here do something about the $" in perlvar? - print STDOUT qq{.Ip "$_" $indent\n}; - push(@Indices, qq{.IX Item "$_"\n}); - } - elsif ($Cmd eq 'pod') { - # this is just a comment - } - else { - warn "$0: Unrecognized pod directive in paragraph $. of $ARGV: $Cmd\n"; - } - } - else { - if ($needspace) { - &makespace; - } - &escapes(0); - clear_noremap(1); - print $_, "\n"; - $needspace = 1; - } -} - -print <<"END"; - -.rn }` '' -END - -if (%wanna_see && !$lax) { - @missing = keys %wanna_see; - warn "$0: $Filename is missing required section" - . (@missing > 1 && "s") - . ": @missing\n"; - $oops++; -} - -foreach (@Indices) { print "$_\n"; } - -exit; -#exit ($oops != 0); - -######################################################################### - -sub nobreak { - my $string = shift; - $string =~ s/ /\\ /g; - $string; -} - -sub escapes { - my $indot = shift; - - s/X<(.*?)>/mkindex($1)/ge; - - # translate the minus in foo-bar into foo\-bar for roff - s/([^0-9a-z-])-([^-])/$1\\-$2/g; - - # make -- into the string version \*(-- (defined above) - s/\b--\b/\\*(--/g; - s/"--([^"])/"\\*(--$1/g; # should be a better way - s/([^"])--"/$1\\*(--"/g; - - # fix up quotes; this is somewhat tricky - my $dotmacroL = 'L'; - my $dotmacroR = 'R'; - if ( $indot == 1 ) { - $dotmacroL = 'M'; - $dotmacroR = 'S'; - } - elsif ( $indot >= 2 ) { - $dotmacroL = 'N'; - $dotmacroR = 'T'; - } - if (!/""/) { - s/(^|\s)(['"])/noremap("$1\\*($dotmacroL$2")/ge; - s/(['"])($|[\-\s,;\\!?.])/noremap("\\*($dotmacroR$1$2")/ge; - } - - #s/(?!")(?:.)--(?!")(?:.)/\\*(--/g; - #s/(?:(?!")(?:.)--(?:"))|(?:(?:")--(?!")(?:.))/\\*(--/g; - - - # make sure that func() keeps a bit a space tween the parens - ### s/\b\(\)/\\|()/g; - ### s/\b\(\)/(\\|)/g; - - # make C++ into \*C+, which is a squinched version (defined above) - s/\bC\+\+/\\*(C+/g; - - # make double underbars have a little tiny space between them - s/__/_\\|_/g; - - # PI goes to \*(PI (defined above) - s/\bPI\b/noremap('\\*(PI')/ge; - - # make all caps a teeny bit smaller, but don't muck with embedded code literals - my $hidCFont = font('C'); - if ($Cmd !~ /^head1/) { # SH already makes smaller - # /g isn't enough; 1 while or we'll be off - -# 1 while s{ -# (?!$hidCFont)(..|^.|^) -# \b -# ( -# [A-Z][\/A-Z+:\-\d_$.]+ -# ) -# (s?) -# \b -# } {$1\\s-1$2\\s0}gmox; - - 1 while s{ - (?!$hidCFont)(..|^.|^) - ( - \b[A-Z]{2,}[\/A-Z+:\-\d_\$]*\b - ) - } { - $1 . noremap( '\\s-1' . $2 . '\\s0' ) - }egmox; - - } -} - -# make troff just be normal, but make small nroff get quoted -# decided to just put the quotes in the text; sigh; -sub ccvt { - local($_,$prev) = @_; - noremap(qq{.CQ "$_" \n\\&}); -} - -sub makespace { - if ($indent) { - print ".Sp\n"; - } - else { - print ".PP\n"; - } -} - -sub mkindex { - my ($entry) = @_; - my @entries = split m:\s*/\s*:, $entry; - push @Indices, ".IX Xref " . join ' ', map {qq("$_")} @entries; - return ''; -} - -sub font { - local($font) = shift; - return '\\f' . noremap($font); -} - -sub noremap { - local($thing_to_hide) = shift; - $thing_to_hide =~ tr/\000-\177/\200-\377/; - return $thing_to_hide; -} - -sub init_noremap { - # escape high bit characters in input stream - s/([\200-\377])/"E<".ord($1).">"/ge; -} - -sub clear_noremap { - my $ready_to_print = $_[0]; - - tr/\200-\377/\000-\177/; - - # trofficate backslashes - # s/(?!\\e)(?:..|^.|^)\\/\\e/g; - - # now for the E<>s, which have been hidden until now - # otherwise the interative \w<> processing would have - # been hosed by the E - s { - E< - ( - ( \d + ) - | ( [A-Za-z]+ ) - ) - > - } { - do { - defined $2 - ? chr($2) - : - exists $HTML_Escapes{$3} - ? do { $HTML_Escapes{$3} } - : do { - warn "$0: Unknown escape in paragraph $. of $ARGV: ``$&''\n"; - "E<$1>"; - } - } - }egx if $ready_to_print; -} - -sub internal_lrefs { - local($_) = shift; - local $trailing_and = s/and\s+$// ? "and " : ""; - - s{L]+)>}{$1}g; - my(@items) = split( /(?:,?\s+(?:and\s+)?)/ ); - my $retstr = "the "; - my $i; - for ($i = 0; $i <= $#items; $i++) { - $retstr .= "C<$items[$i]>"; - $retstr .= ", " if @items > 2 && $i != $#items; - $retstr .= " and " if $i+2 == @items; - } - - $retstr .= " entr" . ( @items > 1 ? "ies" : "y" ) - . " elsewhere in this document"; - # terminal space to avoid words running together (pattern used - # strips terminal spaces) - $retstr .= " " if length $trailing_and; - $retstr .= $trailing_and; - - return $retstr; - -} - -BEGIN { -%HTML_Escapes = ( - 'amp' => '&', # ampersand - 'lt' => '<', # left chevron, less-than - 'gt' => '>', # right chevron, greater-than - 'quot' => '"', # double quote - - "Aacute" => "A\\*'", # capital A, acute accent - "aacute" => "a\\*'", # small a, acute accent - "Acirc" => "A\\*^", # capital A, circumflex accent - "acirc" => "a\\*^", # small a, circumflex accent - "AElig" => '\*(AE', # capital AE diphthong (ligature) - "aelig" => '\*(ae', # small ae diphthong (ligature) - "Agrave" => "A\\*`", # capital A, grave accent - "agrave" => "A\\*`", # small a, grave accent - "Aring" => 'A\\*o', # capital A, ring - "aring" => 'a\\*o', # small a, ring - "Atilde" => 'A\\*~', # capital A, tilde - "atilde" => 'a\\*~', # small a, tilde - "Auml" => 'A\\*:', # capital A, dieresis or umlaut mark - "auml" => 'a\\*:', # small a, dieresis or umlaut mark - "Ccedil" => 'C\\*,', # capital C, cedilla - "ccedil" => 'c\\*,', # small c, cedilla - "Eacute" => "E\\*'", # capital E, acute accent - "eacute" => "e\\*'", # small e, acute accent - "Ecirc" => "E\\*^", # capital E, circumflex accent - "ecirc" => "e\\*^", # small e, circumflex accent - "Egrave" => "E\\*`", # capital E, grave accent - "egrave" => "e\\*`", # small e, grave accent - "ETH" => '\\*(D-', # capital Eth, Icelandic - "eth" => '\\*(d-', # small eth, Icelandic - "Euml" => "E\\*:", # capital E, dieresis or umlaut mark - "euml" => "e\\*:", # small e, dieresis or umlaut mark - "Iacute" => "I\\*'", # capital I, acute accent - "iacute" => "i\\*'", # small i, acute accent - "Icirc" => "I\\*^", # capital I, circumflex accent - "icirc" => "i\\*^", # small i, circumflex accent - "Igrave" => "I\\*`", # capital I, grave accent - "igrave" => "i\\*`", # small i, grave accent - "Iuml" => "I\\*:", # capital I, dieresis or umlaut mark - "iuml" => "i\\*:", # small i, dieresis or umlaut mark - "Ntilde" => 'N\*~', # capital N, tilde - "ntilde" => 'n\*~', # small n, tilde - "Oacute" => "O\\*'", # capital O, acute accent - "oacute" => "o\\*'", # small o, acute accent - "Ocirc" => "O\\*^", # capital O, circumflex accent - "ocirc" => "o\\*^", # small o, circumflex accent - "Ograve" => "O\\*`", # capital O, grave accent - "ograve" => "o\\*`", # small o, grave accent - "Oslash" => "O\\*/", # capital O, slash - "oslash" => "o\\*/", # small o, slash - "Otilde" => "O\\*~", # capital O, tilde - "otilde" => "o\\*~", # small o, tilde - "Ouml" => "O\\*:", # capital O, dieresis or umlaut mark - "ouml" => "o\\*:", # small o, dieresis or umlaut mark - "szlig" => '\*8', # small sharp s, German (sz ligature) - "THORN" => '\\*(Th', # capital THORN, Icelandic - "thorn" => '\\*(th',, # small thorn, Icelandic - "Uacute" => "U\\*'", # capital U, acute accent - "uacute" => "u\\*'", # small u, acute accent - "Ucirc" => "U\\*^", # capital U, circumflex accent - "ucirc" => "u\\*^", # small u, circumflex accent - "Ugrave" => "U\\*`", # capital U, grave accent - "ugrave" => "u\\*`", # small u, grave accent - "Uuml" => "U\\*:", # capital U, dieresis or umlaut mark - "uuml" => "u\\*:", # small u, dieresis or umlaut mark - "Yacute" => "Y\\*'", # capital Y, acute accent - "yacute" => "y\\*'", # small y, acute accent - "yuml" => "y\\*:", # small y, dieresis or umlaut mark -); -} - diff --git a/src/lib/libcrypto/util/point.sh b/src/lib/libcrypto/util/point.sh deleted file mode 100644 index 47543c88e26..00000000000 --- a/src/lib/libcrypto/util/point.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh - -rm -f $2 -ln -s $1 $2 -echo "$2 => $1" - diff --git a/src/lib/libcrypto/util/selftest.pl b/src/lib/libcrypto/util/selftest.pl deleted file mode 100644 index 276b81183d2..00000000000 --- a/src/lib/libcrypto/util/selftest.pl +++ /dev/null @@ -1,195 +0,0 @@ -#!/usr/local/bin/perl -w -# -# Run the test suite and generate a report -# - -if (! -f "Configure") { - print "Please run perl util/selftest.pl in the OpenSSL directory.\n"; - exit 1; -} - -my $report="testlog"; -my $os="??"; -my $version="??"; -my $platform0="??"; -my $platform="??"; -my $options="??"; -my $last="??"; -my $ok=0; -my $cc="cc"; -my $cversion="??"; -my $sep="-----------------------------------------------------------------------------\n"; -my $not_our_fault="\nPlease ask your system administrator/vendor for more information.\n[Problems with your operating system setup should not be reported\nto the OpenSSL project.]\n"; - -open(OUT,">$report") or die; - -print OUT "OpenSSL self-test report:\n\n"; - -$uname=`uname -a`; -$uname="??\n" if $uname eq ""; - -$c=`sh config -t`; -foreach $_ (split("\n",$c)) { - $os=$1 if (/Operating system: (.*)$/); - $platform0=$1 if (/Configuring for (.*)$/); -} - -system "sh config" if (! -f "Makefile.ssl"); - -if (open(IN,") { - $version=$1 if (/^VERSION=(.*)$/); - $platform=$1 if (/^PLATFORM=(.*)$/); - $options=$1 if (/^OPTIONS=(.*)$/); - $cc=$1 if (/^CC= *(.*)$/); - } - close(IN); -} else { - print OUT "Error running config!\n"; -} - -$cversion=`$cc -v 2>&1`; -$cversion=`$cc -V 2>&1` if $cversion =~ "usage"; -$cversion=`$cc -V |head -1` if $cversion =~ "Error"; -$cversion=`$cc --version` if $cversion eq ""; -$cversion =~ s/Reading specs.*\n//; -$cversion =~ s/usage.*\n//; -chomp $cversion; - -if (open(IN,") { - if (/\*\) (.{0,55})/ && !/applies to/) { - $last=$1; - last; - } - } - close(IN); -} - -print OUT "OpenSSL version: $version\n"; -print OUT "Last change: $last...\n"; -print OUT "Options: $options\n" if $options ne ""; -print OUT "OS (uname): $uname"; -print OUT "OS (config): $os\n"; -print OUT "Target (default): $platform0\n"; -print OUT "Target: $platform\n"; -print OUT "Compiler: $cversion\n"; -print OUT "\n"; - -print "Checking compiler...\n"; -if (open(TEST,">cctest.c")) { - print TEST "#include \n#include \nmain(){printf(\"Hello world\\n\");}\n"; - close(TEST); - system("$cc -o cctest cctest.c"); - if (`./cctest` !~ /Hello world/) { - print OUT "Compiler doesn't work.\n"; - print OUT $not_our_fault; - goto err; - } - system("ar r cctest.a /dev/null"); - if (not -f "cctest.a") { - print OUT "Check your archive tool (ar).\n"; - print OUT $not_our_fault; - goto err; - } -} else { - print OUT "Can't create cctest.c\n"; -} -if (open(TEST,">cctest.c")) { - print TEST "#include \nmain(){printf(OPENSSL_VERSION_TEXT);}\n"; - close(TEST); - system("$cc -o cctest -Iinclude cctest.c"); - $cctest = `./cctest`; - if ($cctest !~ /OpenSSL $version/) { - if ($cctest =~ /OpenSSL/) { - print OUT "#include uses headers from different OpenSSL version!\n"; - } else { - print OUT "Can't compile test program!\n"; - } - print OUT $not_our_fault; - goto err; - } -} else { - print OUT "Can't create cctest.c\n"; -} - -print "Running make...\n"; -if (system("make 2>&1 | tee make.log") > 255) { - - print OUT "make failed!\n"; - if (open(IN,") { - print OUT; - } - close(IN); - print OUT $sep; - } else { - print OUT "make.log not found!\n"; - } - goto err; -} - -$_=$options; -s/no-asm//; -s/no-shared//; -s/no-krb5//; -if (/no-/) -{ - print OUT "Test skipped.\n"; - goto err; -} - -print "Running make test...\n"; -if (system("make test 2>&1 | tee maketest.log") > 255) - { - print OUT "make test failed!\n"; -} else { - $ok=1; -} - -if ($ok and open(IN,") { - $ok=2 if /^platform: $platform/; - } - close(IN); -} - -if ($ok != 2) { - print OUT "Failure!\n"; - if (open(IN,") { - print OUT; - } - close(IN); - print OUT $sep; - } else { - print OUT "make.log not found!\n"; - } - if (open(IN,") { - print OUT; - } - close(IN); - print OUT $sep; - } else { - print OUT "maketest.log not found!\n"; - } -} else { - print OUT "Test passed.\n"; -} -err: -close(OUT); - -print "\n"; -open(IN,"<$report") or die; -while () { - if (/$sep/) { - print "[...]\n"; - last; - } - print; -} -print "\nTest report in file $report\n"; - diff --git a/src/lib/libcrypto/util/sp-diff.pl b/src/lib/libcrypto/util/sp-diff.pl deleted file mode 100644 index 9d6c60387fa..00000000000 --- a/src/lib/libcrypto/util/sp-diff.pl +++ /dev/null @@ -1,80 +0,0 @@ -#!/usr/local/bin/perl -# -# This file takes as input, the files that have been output from -# ssleay speed. -# It prints a table of the relative differences with %100 being 'no difference' -# - -($#ARGV == 1) || die "$0 speedout1 speedout2\n"; - -%one=&loadfile($ARGV[0]); -%two=&loadfile($ARGV[1]); - -$line=0; -foreach $a ("md2","md4","md5","sha","sha1","rc4","des cfb","des cbc","des ede3", - "idea cfb","idea cbc","rc2 cfb","rc2 cbc","blowfish cbc","cast cbc") - { - if (defined($one{$a,8}) && defined($two{$a,8})) - { - print "type 8 byte% 64 byte% 256 byte% 1024 byte% 8192 byte%\n" - unless $line; - $line++; - printf "%-12s ",$a; - foreach $b (8,64,256,1024,8192) - { - $r=$two{$a,$b}/$one{$a,$b}*100; - printf "%12.2f",$r; - } - print "\n"; - } - } - -foreach $a ( - "rsa 512","rsa 1024","rsa 2048","rsa 4096", - "dsa 512","dsa 1024","dsa 2048", - ) - { - if (defined($one{$a,1}) && defined($two{$a,1})) - { - $r1=($one{$a,1}/$two{$a,1})*100; - $r2=($one{$a,2}/$two{$a,2})*100; - printf "$a bits %% %6.2f %% %6.2f\n",$r1,$r2; - } - } - -sub loadfile - { - local($file)=@_; - local($_,%ret); - - open(IN,"<$file") || die "unable to open '$file' for input\n"; - $header=1; - while () - { - $header=0 if /^[dr]sa/; - if (/^type/) { $header=0; next; } - next if $header; - chop; - @a=split; - if ($a[0] =~ /^[dr]sa$/) - { - ($n,$t1,$t2)=($_ =~ /^([dr]sa\s+\d+)\s+bits\s+([.\d]+)s\s+([.\d]+)/); - $ret{$n,1}=$t1; - $ret{$n,2}=$t2; - } - else - { - $n=join(' ',grep(/[^k]$/,@a)); - @k=grep(s/k$//,@a); - - $ret{$n, 8}=$k[0]; - $ret{$n, 64}=$k[1]; - $ret{$n, 256}=$k[2]; - $ret{$n,1024}=$k[3]; - $ret{$n,8192}=$k[4]; - } - } - close(IN); - return(%ret); - } - diff --git a/src/lib/libcrypto/util/speed.sh b/src/lib/libcrypto/util/speed.sh deleted file mode 100644 index f489706197b..00000000000 --- a/src/lib/libcrypto/util/speed.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/sh - -# -# This is a ugly script use, in conjuction with editing the 'b' -# configuration in the $(TOP)/Configure script which will -# output when finished a file called speed.log which is the -# timings of SSLeay with various options turned on or off. -# -# from the $(TOP) directory -# Edit Configure, modifying things to do with the b/bl-4c-2c etc -# configurations. -# - -make clean -perl Configure b -make -apps/ssleay version -v -b -f >speed.1 -apps/ssleay speed >speed.1l - -perl Configure bl-4c-2c -/bin/rm -f crypto/rc4/*.o crypto/bn/bn*.o crypto/md2/md2_dgst.o -make -apps/ssleay speed rc4 rsa md2 >speed.2l - -perl Configure bl-4c-ri -/bin/rm -f crypto/rc4/rc4*.o -make -apps/ssleay speed rc4 >speed.3l - -perl Configure b2-is-ri-dp -/bin/rm -f crypto/idea/i_*.o crypto/rc4/*.o crypto/des/ecb_enc.o crypto/bn/bn*.o -apps/ssleay speed rsa rc4 idea des >speed.4l - -cat speed.1 >speed.log -cat speed.1l >>speed.log -perl util/sp-diff.pl speed.1l speed.2l >>speed.log -perl util/sp-diff.pl speed.1l speed.3l >>speed.log -perl util/sp-diff.pl speed.1l speed.4l >>speed.log - diff --git a/src/lib/libcrypto/util/src-dep.pl b/src/lib/libcrypto/util/src-dep.pl deleted file mode 100644 index ad997e47468..00000000000 --- a/src/lib/libcrypto/util/src-dep.pl +++ /dev/null @@ -1,147 +0,0 @@ -#!/usr/local/bin/perl - -# we make up an array of -# $file{function_name}=filename; -# $unres{filename}="func1 func2 ...." -$debug=1; -#$nm_func="parse_linux"; -$nm_func="parse_solaris"; - -foreach (@ARGV) - { - &$nm_func($_); - } - -foreach $file (sort keys %unres) - { - @a=split(/\s+/,$unres{$file}); - %ff=(); - foreach $func (@a) - { - $f=$file{$func}; - $ff{$f}=1 if $f ne ""; - } - - foreach $a (keys %ff) - { $we_need{$file}.="$a "; } - } - -foreach $file (sort keys %we_need) - { -# print " $file $we_need{$file}\n"; - foreach $bit (split(/\s+/,$we_need{$file})) - { push(@final,&walk($bit)); } - - foreach (@final) { $fin{$_}=1; } - @final=""; - foreach (sort keys %fin) - { push(@final,$_); } - - print "$file: @final\n"; - } - -sub walk - { - local($f)=@_; - local(@a,%seen,@ret,$r); - - @ret=""; - $f =~ s/^\s+//; - $f =~ s/\s+$//; - return "" if ($f =~ "^\s*$"); - - return(split(/\s/,$done{$f})) if defined ($done{$f}); - - return if $in{$f} > 0; - $in{$f}++; - push(@ret,$f); - foreach $r (split(/\s+/,$we_need{$f})) - { - push(@ret,&walk($r)); - } - $in{$f}--; - $done{$f}=join(" ",@ret); - return(@ret); - } - -sub parse_linux - { - local($name)=@_; - - open(IN,"nm $name|") || die "unable to run 'nn $name':$!\n"; - while () - { - chop; - next if /^\s*$/; - if (/^[^[](.*):$/) - { - $file=$1; - $file="$1.c" if /\[(.*).o\]/; - print STDERR "$file\n"; - $we_need{$file}=" "; - next; - } - - @a=split(/\s*\|\s*/); - next unless $#a == 7; - next unless $a[4] eq "GLOB"; - if ($a[6] eq "UNDEF") - { - $unres{$file}.=$a[7]." "; - } - else - { - if ($file{$a[7]} ne "") - { - print STDERR "duplicate definition of $a[7],\n$file{$a[7]} and $file \n"; - } - else - { - $file{$a[7]}=$file; - } - } - } - close(IN); - } - -sub parse_solaris - { - local($name)=@_; - - open(IN,"nm $name|") || die "unable to run 'nn $name':$!\n"; - while () - { - chop; - next if /^\s*$/; - if (/^(\S+):$/) - { - $file=$1; - #$file="$1.c" if $file =~ /^(.*).o$/; - print STDERR "$file\n"; - $we_need{$file}=" "; - next; - } - @a=split(/\s*\|\s*/); - next unless $#a == 7; - next unless $a[4] eq "GLOB"; - if ($a[6] eq "UNDEF") - { - $unres{$file}.=$a[7]." "; - print STDERR "$file needs $a[7]\n" if $debug; - } - else - { - if ($file{$a[7]} ne "") - { - print STDERR "duplicate definition of $a[7],\n$file{$a[7]} and $file \n"; - } - else - { - $file{$a[7]}=$file; - print STDERR "$file has $a[7]\n" if $debug; - } - } - } - close(IN); - } - diff --git a/src/lib/libcrypto/util/ssleay.num b/src/lib/libcrypto/util/ssleay.num deleted file mode 100644 index fdea47205dd..00000000000 --- a/src/lib/libcrypto/util/ssleay.num +++ /dev/null @@ -1,217 +0,0 @@ -ERR_load_SSL_strings 1 EXIST::FUNCTION: -SSL_CIPHER_description 2 EXIST::FUNCTION: -SSL_CTX_add_client_CA 3 EXIST::FUNCTION: -SSL_CTX_add_session 4 EXIST::FUNCTION: -SSL_CTX_check_private_key 5 EXIST::FUNCTION: -SSL_CTX_ctrl 6 EXIST::FUNCTION: -SSL_CTX_flush_sessions 7 EXIST::FUNCTION: -SSL_CTX_free 8 EXIST::FUNCTION: -SSL_CTX_get_client_CA_list 9 EXIST::FUNCTION: -SSL_CTX_get_verify_callback 10 EXIST::FUNCTION: -SSL_CTX_get_verify_mode 11 EXIST::FUNCTION: -SSL_CTX_new 12 EXIST::FUNCTION: -SSL_CTX_remove_session 13 EXIST::FUNCTION: -SSL_CTX_set_cipher_list 15 EXIST::FUNCTION: -SSL_CTX_set_client_CA_list 16 EXIST::FUNCTION: -SSL_CTX_set_default_passwd_cb 17 EXIST::FUNCTION: -SSL_CTX_set_ssl_version 19 EXIST::FUNCTION: -SSL_CTX_set_verify 21 EXIST::FUNCTION: -SSL_CTX_use_PrivateKey 22 EXIST::FUNCTION: -SSL_CTX_use_PrivateKey_ASN1 23 EXIST::FUNCTION: -SSL_CTX_use_PrivateKey_file 24 EXIST::FUNCTION:STDIO -SSL_CTX_use_RSAPrivateKey 25 EXIST::FUNCTION:RSA -SSL_CTX_use_RSAPrivateKey_ASN1 26 EXIST::FUNCTION:RSA -SSL_CTX_use_RSAPrivateKey_file 27 EXIST::FUNCTION:RSA,STDIO -SSL_CTX_use_certificate 28 EXIST::FUNCTION: -SSL_CTX_use_certificate_ASN1 29 EXIST::FUNCTION: -SSL_CTX_use_certificate_file 30 EXIST::FUNCTION:STDIO -SSL_SESSION_free 31 EXIST::FUNCTION: -SSL_SESSION_new 32 EXIST::FUNCTION: -SSL_SESSION_print 33 EXIST::FUNCTION:BIO -SSL_SESSION_print_fp 34 EXIST::FUNCTION:FP_API -SSL_accept 35 EXIST::FUNCTION: -SSL_add_client_CA 36 EXIST::FUNCTION: -SSL_alert_desc_string 37 EXIST::FUNCTION: -SSL_alert_desc_string_long 38 EXIST::FUNCTION: -SSL_alert_type_string 39 EXIST::FUNCTION: -SSL_alert_type_string_long 40 EXIST::FUNCTION: -SSL_check_private_key 41 EXIST::FUNCTION: -SSL_clear 42 EXIST::FUNCTION: -SSL_connect 43 EXIST::FUNCTION: -SSL_copy_session_id 44 EXIST::FUNCTION: -SSL_ctrl 45 EXIST::FUNCTION: -SSL_dup 46 EXIST::FUNCTION: -SSL_dup_CA_list 47 EXIST::FUNCTION: -SSL_free 48 EXIST::FUNCTION: -SSL_get_certificate 49 EXIST::FUNCTION: -SSL_get_cipher_list 52 EXIST::FUNCTION: -SSL_get_ciphers 55 EXIST::FUNCTION: -SSL_get_client_CA_list 56 EXIST::FUNCTION: -SSL_get_default_timeout 57 EXIST::FUNCTION: -SSL_get_error 58 EXIST::FUNCTION: -SSL_get_fd 59 EXIST::FUNCTION: -SSL_get_peer_cert_chain 60 EXIST::FUNCTION: -SSL_get_peer_certificate 61 EXIST::FUNCTION: -SSL_get_rbio 63 EXIST::FUNCTION:BIO -SSL_get_read_ahead 64 EXIST::FUNCTION: -SSL_get_shared_ciphers 65 EXIST::FUNCTION: -SSL_get_ssl_method 66 EXIST::FUNCTION: -SSL_get_verify_callback 69 EXIST::FUNCTION: -SSL_get_verify_mode 70 EXIST::FUNCTION: -SSL_get_version 71 EXIST::FUNCTION: -SSL_get_wbio 72 EXIST::FUNCTION:BIO -SSL_load_client_CA_file 73 EXIST::FUNCTION:STDIO -SSL_load_error_strings 74 EXIST::FUNCTION: -SSL_new 75 EXIST::FUNCTION: -SSL_peek 76 EXIST::FUNCTION: -SSL_pending 77 EXIST::FUNCTION: -SSL_read 78 EXIST::FUNCTION: -SSL_renegotiate 79 EXIST::FUNCTION: -SSL_rstate_string 80 EXIST::FUNCTION: -SSL_rstate_string_long 81 EXIST::FUNCTION: -SSL_set_accept_state 82 EXIST::FUNCTION: -SSL_set_bio 83 EXIST::FUNCTION:BIO -SSL_set_cipher_list 84 EXIST::FUNCTION: -SSL_set_client_CA_list 85 EXIST::FUNCTION: -SSL_set_connect_state 86 EXIST::FUNCTION: -SSL_set_fd 87 EXIST::FUNCTION:SOCK -SSL_set_read_ahead 88 EXIST::FUNCTION: -SSL_set_rfd 89 EXIST::FUNCTION:SOCK -SSL_set_session 90 EXIST::FUNCTION: -SSL_set_ssl_method 91 EXIST::FUNCTION: -SSL_set_verify 94 EXIST::FUNCTION: -SSL_set_wfd 95 EXIST::FUNCTION:SOCK -SSL_shutdown 96 EXIST::FUNCTION: -SSL_state_string 97 EXIST::FUNCTION: -SSL_state_string_long 98 EXIST::FUNCTION: -SSL_use_PrivateKey 99 EXIST::FUNCTION: -SSL_use_PrivateKey_ASN1 100 EXIST::FUNCTION: -SSL_use_PrivateKey_file 101 EXIST::FUNCTION:STDIO -SSL_use_RSAPrivateKey 102 EXIST::FUNCTION:RSA -SSL_use_RSAPrivateKey_ASN1 103 EXIST::FUNCTION:RSA -SSL_use_RSAPrivateKey_file 104 EXIST::FUNCTION:RSA,STDIO -SSL_use_certificate 105 EXIST::FUNCTION: -SSL_use_certificate_ASN1 106 EXIST::FUNCTION: -SSL_use_certificate_file 107 EXIST::FUNCTION:STDIO -SSL_write 108 EXIST::FUNCTION: -SSLeay_add_ssl_algorithms 109 NOEXIST::FUNCTION: -SSLv23_client_method 110 EXIST::FUNCTION:RSA -SSLv23_method 111 EXIST::FUNCTION:RSA -SSLv23_server_method 112 EXIST::FUNCTION:RSA -SSLv2_client_method 113 EXIST::FUNCTION:RSA -SSLv2_method 114 EXIST::FUNCTION:RSA -SSLv2_server_method 115 EXIST::FUNCTION:RSA -SSLv3_client_method 116 EXIST::FUNCTION: -SSLv3_method 117 EXIST::FUNCTION: -SSLv3_server_method 118 EXIST::FUNCTION: -d2i_SSL_SESSION 119 EXIST::FUNCTION: -i2d_SSL_SESSION 120 EXIST::FUNCTION: -BIO_f_ssl 121 EXIST::FUNCTION:BIO -BIO_new_ssl 122 EXIST::FUNCTION:BIO -BIO_proxy_ssl_copy_session_id 123 NOEXIST::FUNCTION: -BIO_ssl_copy_session_id 124 EXIST::FUNCTION:BIO -SSL_do_handshake 125 EXIST::FUNCTION: -SSL_get_privatekey 126 EXIST::FUNCTION: -SSL_get_current_cipher 127 EXIST::FUNCTION: -SSL_CIPHER_get_bits 128 EXIST::FUNCTION: -SSL_CIPHER_get_version 129 EXIST::FUNCTION: -SSL_CIPHER_get_name 130 EXIST::FUNCTION: -BIO_ssl_shutdown 131 EXIST::FUNCTION:BIO -SSL_SESSION_cmp 132 EXIST::FUNCTION: -SSL_SESSION_hash 133 EXIST::FUNCTION: -SSL_SESSION_get_time 134 EXIST::FUNCTION: -SSL_SESSION_set_time 135 EXIST::FUNCTION: -SSL_SESSION_get_timeout 136 EXIST::FUNCTION: -SSL_SESSION_set_timeout 137 EXIST::FUNCTION: -SSL_CTX_get_ex_data 138 EXIST::FUNCTION: -SSL_CTX_get_quiet_shutdown 140 EXIST::FUNCTION: -SSL_CTX_load_verify_locations 141 EXIST::FUNCTION: -SSL_CTX_set_default_verify_paths 142 EXIST:!VMS:FUNCTION: -SSL_CTX_set_def_verify_paths 142 EXIST:VMS:FUNCTION: -SSL_CTX_set_ex_data 143 EXIST::FUNCTION: -SSL_CTX_set_quiet_shutdown 145 EXIST::FUNCTION: -SSL_SESSION_get_ex_data 146 EXIST::FUNCTION: -SSL_SESSION_set_ex_data 148 EXIST::FUNCTION: -SSL_get_SSL_CTX 150 EXIST::FUNCTION: -SSL_get_ex_data 151 EXIST::FUNCTION: -SSL_get_quiet_shutdown 153 EXIST::FUNCTION: -SSL_get_session 154 EXIST::FUNCTION: -SSL_get_shutdown 155 EXIST::FUNCTION: -SSL_get_verify_result 157 EXIST::FUNCTION: -SSL_set_ex_data 158 EXIST::FUNCTION: -SSL_set_info_callback 160 EXIST::FUNCTION: -SSL_set_quiet_shutdown 161 EXIST::FUNCTION: -SSL_set_shutdown 162 EXIST::FUNCTION: -SSL_set_verify_result 163 EXIST::FUNCTION: -SSL_version 164 EXIST::FUNCTION: -SSL_get_info_callback 165 EXIST::FUNCTION: -SSL_state 166 EXIST::FUNCTION: -SSL_CTX_get_ex_new_index 167 EXIST::FUNCTION: -SSL_SESSION_get_ex_new_index 168 EXIST::FUNCTION: -SSL_get_ex_new_index 169 EXIST::FUNCTION: -TLSv1_method 170 EXIST::FUNCTION: -TLSv1_server_method 171 EXIST::FUNCTION: -TLSv1_client_method 172 EXIST::FUNCTION: -BIO_new_buffer_ssl_connect 173 EXIST::FUNCTION:BIO -BIO_new_ssl_connect 174 EXIST::FUNCTION:BIO -SSL_get_ex_data_X509_STORE_CTX_idx 175 EXIST:!VMS:FUNCTION: -SSL_get_ex_d_X509_STORE_CTX_idx 175 EXIST:VMS:FUNCTION: -SSL_CTX_set_tmp_dh_callback 176 EXIST::FUNCTION:DH -SSL_CTX_set_tmp_rsa_callback 177 EXIST::FUNCTION:RSA -SSL_CTX_set_timeout 178 EXIST::FUNCTION: -SSL_CTX_get_timeout 179 EXIST::FUNCTION: -SSL_CTX_get_cert_store 180 EXIST::FUNCTION: -SSL_CTX_set_cert_store 181 EXIST::FUNCTION: -SSL_want 182 EXIST::FUNCTION: -SSL_library_init 183 EXIST::FUNCTION: -SSL_COMP_add_compression_method 184 EXIST::FUNCTION:COMP -SSL_add_file_cert_subjects_to_stack 185 EXIST:!VMS:FUNCTION:STDIO -SSL_add_file_cert_subjs_to_stk 185 EXIST:VMS:FUNCTION:STDIO -SSL_set_tmp_rsa_callback 186 EXIST::FUNCTION:RSA -SSL_set_tmp_dh_callback 187 EXIST::FUNCTION:DH -SSL_add_dir_cert_subjects_to_stack 188 EXIST:!VMS,!WIN32:FUNCTION:STDIO -SSL_add_dir_cert_subjs_to_stk 188 NOEXIST::FUNCTION: -SSL_set_session_id_context 189 EXIST::FUNCTION: -SSL_CTX_use_certificate_chain_file 222 EXIST:!VMS:FUNCTION:STDIO -SSL_CTX_use_cert_chain_file 222 EXIST:VMS:FUNCTION:STDIO -SSL_CTX_set_verify_depth 225 EXIST::FUNCTION: -SSL_set_verify_depth 226 EXIST::FUNCTION: -SSL_CTX_get_verify_depth 228 EXIST::FUNCTION: -SSL_get_verify_depth 229 EXIST::FUNCTION: -SSL_CTX_set_session_id_context 231 EXIST::FUNCTION: -SSL_CTX_set_cert_verify_callback 232 EXIST:!VMS:FUNCTION: -SSL_CTX_set_cert_verify_cb 232 EXIST:VMS:FUNCTION: -SSL_CTX_set_default_passwd_cb_userdata 235 EXIST:!VMS:FUNCTION: -SSL_CTX_set_def_passwd_cb_ud 235 EXIST:VMS:FUNCTION: -SSL_set_purpose 236 EXIST::FUNCTION: -SSL_CTX_set_trust 237 EXIST::FUNCTION: -SSL_CTX_set_purpose 238 EXIST::FUNCTION: -SSL_set_trust 239 EXIST::FUNCTION: -SSL_get_finished 240 EXIST::FUNCTION: -SSL_get_peer_finished 241 EXIST::FUNCTION: -SSL_get1_session 242 EXIST::FUNCTION: -SSL_CTX_callback_ctrl 243 EXIST::FUNCTION: -SSL_callback_ctrl 244 EXIST::FUNCTION: -SSL_CTX_sessions 245 EXIST::FUNCTION: -SSL_get_rfd 246 EXIST::FUNCTION: -SSL_get_wfd 247 EXIST::FUNCTION: -kssl_cget_tkt 248 EXIST::FUNCTION:KRB5 -SSL_has_matching_session_id 249 EXIST::FUNCTION: -kssl_err_set 250 EXIST::FUNCTION:KRB5 -kssl_ctx_show 251 EXIST::FUNCTION:KRB5 -kssl_validate_times 252 EXIST::FUNCTION:KRB5 -kssl_check_authent 253 EXIST::FUNCTION:KRB5 -kssl_ctx_new 254 EXIST::FUNCTION:KRB5 -kssl_build_principal_2 255 EXIST::FUNCTION:KRB5 -kssl_skip_confound 256 EXIST::FUNCTION:KRB5 -kssl_sget_tkt 257 EXIST::FUNCTION:KRB5 -SSL_set_generate_session_id 258 EXIST::FUNCTION: -kssl_ctx_setkey 259 EXIST::FUNCTION:KRB5 -kssl_ctx_setprinc 260 EXIST::FUNCTION:KRB5 -kssl_ctx_free 261 EXIST::FUNCTION:KRB5 -kssl_krb5_free_data_contents 262 EXIST::FUNCTION:KRB5 -kssl_ctx_setstring 263 EXIST::FUNCTION:KRB5 -SSL_CTX_set_generate_session_id 264 EXIST::FUNCTION: -SSL_renegotiate_pending 265 EXIST::FUNCTION: -SSL_CTX_set_msg_callback 266 EXIST::FUNCTION: -SSL_set_msg_callback 267 EXIST::FUNCTION: diff --git a/src/lib/libcrypto/util/tab_num.pl b/src/lib/libcrypto/util/tab_num.pl deleted file mode 100644 index a81ed0edc24..00000000000 --- a/src/lib/libcrypto/util/tab_num.pl +++ /dev/null @@ -1,17 +0,0 @@ -#!/usr/local/bin/perl - -$num=1; -$width=40; - -while (<>) - { - chop; - - $i=length($_); - - $n=$width-$i; - $i=int(($n+7)/8); - print $_.("\t" x $i).$num."\n"; - $num++; - } - diff --git a/src/lib/libcrypto/util/x86asm.sh b/src/lib/libcrypto/util/x86asm.sh deleted file mode 100644 index d2090a98493..00000000000 --- a/src/lib/libcrypto/util/x86asm.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/sh - -echo Generating x86 assember -echo Bignum -(cd crypto/bn/asm; perl x86.pl cpp > bn86unix.cpp) -(cd crypto/bn/asm; perl x86.pl win32 > bn-win32.asm) - -echo DES -(cd crypto/des/asm; perl des-586.pl cpp > dx86unix.cpp) -(cd crypto/des/asm; perl des-586.pl win32 > d-win32.asm) - -echo "crypt(3)" -(cd crypto/des/asm; perl crypt586.pl cpp > yx86unix.cpp) -(cd crypto/des/asm; perl crypt586.pl win32 > y-win32.asm) - -echo Blowfish -(cd crypto/bf/asm; perl bf-586.pl cpp > bx86unix.cpp) -(cd crypto/bf/asm; perl bf-586.pl win32 > b-win32.asm) - -echo CAST5 -(cd crypto/cast/asm; perl cast-586.pl cpp > cx86unix.cpp) -(cd crypto/cast/asm; perl cast-586.pl win32 > c-win32.asm) - -echo RC4 -(cd crypto/rc4/asm; perl rc4-586.pl cpp > rx86unix.cpp) -(cd crypto/rc4/asm; perl rc4-586.pl win32 > r4-win32.asm) - -echo MD5 -(cd crypto/md5/asm; perl md5-586.pl cpp > mx86unix.cpp) -(cd crypto/md5/asm; perl md5-586.pl win32 > m5-win32.asm) - -echo SHA1 -(cd crypto/sha/asm; perl sha1-586.pl cpp > sx86unix.cpp) -(cd crypto/sha/asm; perl sha1-586.pl win32 > s1-win32.asm) - -echo RIPEMD160 -(cd crypto/ripemd/asm; perl rmd-586.pl cpp > rm86unix.cpp) -(cd crypto/ripemd/asm; perl rmd-586.pl win32 > rm-win32.asm) - -echo RC5/32 -(cd crypto/rc5/asm; perl rc5-586.pl cpp > r586unix.cpp) -(cd crypto/rc5/asm; perl rc5-586.pl win32 > r5-win32.asm) diff --git a/src/lib/libcrypto/whrlpool/asm/wp-mmx.pl b/src/lib/libcrypto/whrlpool/asm/wp-mmx.pl new file mode 100644 index 00000000000..cb2381c22ba --- /dev/null +++ b/src/lib/libcrypto/whrlpool/asm/wp-mmx.pl @@ -0,0 +1,493 @@ +#!/usr/bin/env perl +# +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. Rights for redistribution and usage in source and binary +# forms are granted according to the OpenSSL license. +# ==================================================================== +# +# whirlpool_block_mmx implementation. +# +*SCALE=\(2); # 2 or 8, that is the question:-) Value of 8 results +# in 16KB large table, which is tough on L1 cache, but eliminates +# unaligned references to it. Value of 2 results in 4KB table, but +# 7/8 of references to it are unaligned. AMD cores seem to be +# allergic to the latter, while Intel ones - to former [see the +# table]. I stick to value of 2 for two reasons: 1. smaller table +# minimizes cache trashing and thus mitigates the hazard of side- +# channel leakage similar to AES cache-timing one; 2. performance +# gap among different µ-archs is smaller. +# +# Performance table lists rounded amounts of CPU cycles spent by +# whirlpool_block_mmx routine on single 64 byte input block, i.e. +# smaller is better and asymptotic throughput can be estimated by +# multiplying 64 by CPU clock frequency and dividing by relevant +# value from the given table: +# +# $SCALE=2/8 icc8 gcc3 +# Intel P4 3200/4600 4600(*) 6400 +# Intel PIII 2900/3000 4900 5400 +# AMD K[78] 2500/1800 9900 8200(**) +# +# (*) I've sketched even non-MMX assembler, but for the record +# I've failed to beat the Intel compiler on P4, without using +# MMX that is... +# (**) ... on AMD on the other hand non-MMX assembler was observed +# to perform significantly better, but I figured this MMX +# implementation is even faster anyway, so why bother? As for +# pre-MMX AMD core[s], the improvement coefficient is more +# than likely to vary anyway and I don't know how. But the +# least I know is that gcc-generated code compiled with +# -DL_ENDIAN and -DOPENSSL_SMALL_FOOTPRINT [see C module for +# details] and optimized for Pentium was observed to perform +# *better* on Pentium 100 than unrolled non-MMX assembler +# loop... So we just say that I don't know if maintaining +# non-MMX implementation would actually pay off, but till +# opposite is proved "unlikely" is assumed. + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +push(@INC,"${dir}","${dir}../../perlasm"); +require "x86asm.pl"; + +&asm_init($ARGV[0],"wp-mmx.pl"); + +sub L() { &data_byte(@_); } +sub LL() +{ if ($SCALE==2) { &data_byte(@_); &data_byte(@_); } + elsif ($SCALE==8) { for ($i=0;$i<8;$i++) { + &data_byte(@_); + unshift(@_,pop(@_)); + } + } + else { die "unvalid SCALE value"; } +} + +sub scale() +{ if ($SCALE==2) { &lea(@_[0],&DWP(0,@_[1],@_[1])); } + elsif ($SCALE==8) { &lea(@_[0],&DWP(0,"",@_[1],8)); } + else { die "unvalid SCALE value"; } +} + +sub row() +{ if ($SCALE==2) { ((8-shift)&7); } + elsif ($SCALE==8) { (8*shift); } + else { die "unvalid SCALE value"; } +} + +$tbl="ebp"; +@mm=("mm0","mm1","mm2","mm3","mm4","mm5","mm6","mm7"); + +&function_begin_B("whirlpool_block_mmx"); + &push ("ebp"); + &push ("ebx"); + &push ("esi"); + &push ("edi"); + + &mov ("esi",&wparam(0)); # hash value + &mov ("edi",&wparam(1)); # input data stream + &mov ("ebp",&wparam(2)); # number of chunks in input + + &mov ("eax","esp"); # copy stack pointer + &sub ("esp",128+20); # allocate frame + &and ("esp",-64); # align for cache-line + + &lea ("ebx",&DWP(128,"esp")); + &mov (&DWP(0,"ebx"),"esi"); # save parameter block + &mov (&DWP(4,"ebx"),"edi"); + &mov (&DWP(8,"ebx"),"ebp"); + &mov (&DWP(16,"ebx"),"eax"); # saved stack pointer + + &call (&label("pic_point")); +&set_label("pic_point"); + &blindpop($tbl); + &lea ($tbl,&DWP(&label("table")."-".&label("pic_point"),$tbl)); + + &xor ("ecx","ecx"); + &xor ("edx","edx"); + + for($i=0;$i<8;$i++) { &movq(@mm[$i],&QWP($i*8,"esi")); } # L=H +&set_label("outerloop"); + for($i=0;$i<8;$i++) { &movq(&QWP($i*8,"esp"),@mm[$i]); } # K=L + for($i=0;$i<8;$i++) { &pxor(@mm[$i],&QWP($i*8,"edi")); } # L^=inp + for($i=0;$i<8;$i++) { &movq(&QWP(64+$i*8,"esp"),@mm[$i]); } # S=L + + &xor ("esi","esi"); + &mov (&DWP(12,"ebx"),"esi"); # zero round counter + +&set_label("round",16); + &movq (@mm[0],&QWP(2048*$SCALE,$tbl,"esi",8)); # rc[r] + &mov ("eax",&DWP(0,"esp")); + &mov ("ebx",&DWP(4,"esp")); +for($i=0;$i<8;$i++) { + my $func = ($i==0)? \&movq : \&pxor; + &movb (&LB("ecx"),&LB("eax")); + &movb (&LB("edx"),&HB("eax")); + &scale ("esi","ecx"); + &scale ("edi","edx"); + &shr ("eax",16); + &pxor (@mm[0],&QWP(&row(0),$tbl,"esi",8)); + &$func (@mm[1],&QWP(&row(1),$tbl,"edi",8)); + &movb (&LB("ecx"),&LB("eax")); + &movb (&LB("edx"),&HB("eax")); + &mov ("eax",&DWP(($i+1)*8,"esp")); + &scale ("esi","ecx"); + &scale ("edi","edx"); + &$func (@mm[2],&QWP(&row(2),$tbl,"esi",8)); + &$func (@mm[3],&QWP(&row(3),$tbl,"edi",8)); + &movb (&LB("ecx"),&LB("ebx")); + &movb (&LB("edx"),&HB("ebx")); + &scale ("esi","ecx"); + &scale ("edi","edx"); + &shr ("ebx",16); + &$func (@mm[4],&QWP(&row(4),$tbl,"esi",8)); + &$func (@mm[5],&QWP(&row(5),$tbl,"edi",8)); + &movb (&LB("ecx"),&LB("ebx")); + &movb (&LB("edx"),&HB("ebx")); + &mov ("ebx",&DWP(($i+1)*8+4,"esp")); + &scale ("esi","ecx"); + &scale ("edi","edx"); + &$func (@mm[6],&QWP(&row(6),$tbl,"esi",8)); + &$func (@mm[7],&QWP(&row(7),$tbl,"edi",8)); + push(@mm,shift(@mm)); +} + + for($i=0;$i<8;$i++) { &movq(&QWP($i*8,"esp"),@mm[$i]); } # K=L + +for($i=0;$i<8;$i++) { + &movb (&LB("ecx"),&LB("eax")); + &movb (&LB("edx"),&HB("eax")); + &scale ("esi","ecx"); + &scale ("edi","edx"); + &shr ("eax",16); + &pxor (@mm[0],&QWP(&row(0),$tbl,"esi",8)); + &pxor (@mm[1],&QWP(&row(1),$tbl,"edi",8)); + &movb (&LB("ecx"),&LB("eax")); + &movb (&LB("edx"),&HB("eax")); + &mov ("eax",&DWP(64+($i+1)*8,"esp")) if ($i<7); + &scale ("esi","ecx"); + &scale ("edi","edx"); + &pxor (@mm[2],&QWP(&row(2),$tbl,"esi",8)); + &pxor (@mm[3],&QWP(&row(3),$tbl,"edi",8)); + &movb (&LB("ecx"),&LB("ebx")); + &movb (&LB("edx"),&HB("ebx")); + &scale ("esi","ecx"); + &scale ("edi","edx"); + &shr ("ebx",16); + &pxor (@mm[4],&QWP(&row(4),$tbl,"esi",8)); + &pxor (@mm[5],&QWP(&row(5),$tbl,"edi",8)); + &movb (&LB("ecx"),&LB("ebx")); + &movb (&LB("edx"),&HB("ebx")); + &mov ("ebx",&DWP(64+($i+1)*8+4,"esp")) if ($i<7); + &scale ("esi","ecx"); + &scale ("edi","edx"); + &pxor (@mm[6],&QWP(&row(6),$tbl,"esi",8)); + &pxor (@mm[7],&QWP(&row(7),$tbl,"edi",8)); + push(@mm,shift(@mm)); +} + &lea ("ebx",&DWP(128,"esp")); + &mov ("esi",&DWP(12,"ebx")); # pull round counter + &add ("esi",1); + &cmp ("esi",10); + &je (&label("roundsdone")); + + &mov (&DWP(12,"ebx"),"esi"); # update round counter + for($i=0;$i<8;$i++) { &movq(&QWP(64+$i*8,"esp"),@mm[$i]); } # S=L + &jmp (&label("round")); + +&set_label("roundsdone",16); + &mov ("esi",&DWP(0,"ebx")); # reload argument block + &mov ("edi",&DWP(4,"ebx")); + &mov ("eax",&DWP(8,"ebx")); + + for($i=0;$i<8;$i++) { &pxor(@mm[$i],&QWP($i*8,"edi")); } # L^=inp + for($i=0;$i<8;$i++) { &pxor(@mm[$i],&QWP($i*8,"esi")); } # L^=H + for($i=0;$i<8;$i++) { &movq(&QWP($i*8,"esi"),@mm[$i]); } # H=L + + &lea ("edi",&DWP(64,"edi")); # inp+=64 + &sub ("eax",1); # num-- + &jz (&label("alldone")); + &mov (&DWP(4,"ebx"),"edi"); # update argument block + &mov (&DWP(8,"ebx"),"eax"); + &jmp (&label("outerloop")); + +&set_label("alldone"); + &emms (); + &mov ("esp",&DWP(16,"ebx")); # restore saved stack pointer + &pop ("edi"); + &pop ("esi"); + &pop ("ebx"); + &pop ("ebp"); + &ret (); + +&align(64); +&set_label("table"); + &LL(0x18,0x18,0x60,0x18,0xc0,0x78,0x30,0xd8); + &LL(0x23,0x23,0x8c,0x23,0x05,0xaf,0x46,0x26); + &LL(0xc6,0xc6,0x3f,0xc6,0x7e,0xf9,0x91,0xb8); + &LL(0xe8,0xe8,0x87,0xe8,0x13,0x6f,0xcd,0xfb); + &LL(0x87,0x87,0x26,0x87,0x4c,0xa1,0x13,0xcb); + &LL(0xb8,0xb8,0xda,0xb8,0xa9,0x62,0x6d,0x11); + &LL(0x01,0x01,0x04,0x01,0x08,0x05,0x02,0x09); + &LL(0x4f,0x4f,0x21,0x4f,0x42,0x6e,0x9e,0x0d); + &LL(0x36,0x36,0xd8,0x36,0xad,0xee,0x6c,0x9b); + &LL(0xa6,0xa6,0xa2,0xa6,0x59,0x04,0x51,0xff); + &LL(0xd2,0xd2,0x6f,0xd2,0xde,0xbd,0xb9,0x0c); + &LL(0xf5,0xf5,0xf3,0xf5,0xfb,0x06,0xf7,0x0e); + &LL(0x79,0x79,0xf9,0x79,0xef,0x80,0xf2,0x96); + &LL(0x6f,0x6f,0xa1,0x6f,0x5f,0xce,0xde,0x30); + &LL(0x91,0x91,0x7e,0x91,0xfc,0xef,0x3f,0x6d); + &LL(0x52,0x52,0x55,0x52,0xaa,0x07,0xa4,0xf8); + &LL(0x60,0x60,0x9d,0x60,0x27,0xfd,0xc0,0x47); + &LL(0xbc,0xbc,0xca,0xbc,0x89,0x76,0x65,0x35); + &LL(0x9b,0x9b,0x56,0x9b,0xac,0xcd,0x2b,0x37); + &LL(0x8e,0x8e,0x02,0x8e,0x04,0x8c,0x01,0x8a); + &LL(0xa3,0xa3,0xb6,0xa3,0x71,0x15,0x5b,0xd2); + &LL(0x0c,0x0c,0x30,0x0c,0x60,0x3c,0x18,0x6c); + &LL(0x7b,0x7b,0xf1,0x7b,0xff,0x8a,0xf6,0x84); + &LL(0x35,0x35,0xd4,0x35,0xb5,0xe1,0x6a,0x80); + &LL(0x1d,0x1d,0x74,0x1d,0xe8,0x69,0x3a,0xf5); + &LL(0xe0,0xe0,0xa7,0xe0,0x53,0x47,0xdd,0xb3); + &LL(0xd7,0xd7,0x7b,0xd7,0xf6,0xac,0xb3,0x21); + &LL(0xc2,0xc2,0x2f,0xc2,0x5e,0xed,0x99,0x9c); + &LL(0x2e,0x2e,0xb8,0x2e,0x6d,0x96,0x5c,0x43); + &LL(0x4b,0x4b,0x31,0x4b,0x62,0x7a,0x96,0x29); + &LL(0xfe,0xfe,0xdf,0xfe,0xa3,0x21,0xe1,0x5d); + &LL(0x57,0x57,0x41,0x57,0x82,0x16,0xae,0xd5); + &LL(0x15,0x15,0x54,0x15,0xa8,0x41,0x2a,0xbd); + &LL(0x77,0x77,0xc1,0x77,0x9f,0xb6,0xee,0xe8); + &LL(0x37,0x37,0xdc,0x37,0xa5,0xeb,0x6e,0x92); + &LL(0xe5,0xe5,0xb3,0xe5,0x7b,0x56,0xd7,0x9e); + &LL(0x9f,0x9f,0x46,0x9f,0x8c,0xd9,0x23,0x13); + &LL(0xf0,0xf0,0xe7,0xf0,0xd3,0x17,0xfd,0x23); + &LL(0x4a,0x4a,0x35,0x4a,0x6a,0x7f,0x94,0x20); + &LL(0xda,0xda,0x4f,0xda,0x9e,0x95,0xa9,0x44); + &LL(0x58,0x58,0x7d,0x58,0xfa,0x25,0xb0,0xa2); + &LL(0xc9,0xc9,0x03,0xc9,0x06,0xca,0x8f,0xcf); + &LL(0x29,0x29,0xa4,0x29,0x55,0x8d,0x52,0x7c); + &LL(0x0a,0x0a,0x28,0x0a,0x50,0x22,0x14,0x5a); + &LL(0xb1,0xb1,0xfe,0xb1,0xe1,0x4f,0x7f,0x50); + &LL(0xa0,0xa0,0xba,0xa0,0x69,0x1a,0x5d,0xc9); + &LL(0x6b,0x6b,0xb1,0x6b,0x7f,0xda,0xd6,0x14); + &LL(0x85,0x85,0x2e,0x85,0x5c,0xab,0x17,0xd9); + &LL(0xbd,0xbd,0xce,0xbd,0x81,0x73,0x67,0x3c); + &LL(0x5d,0x5d,0x69,0x5d,0xd2,0x34,0xba,0x8f); + &LL(0x10,0x10,0x40,0x10,0x80,0x50,0x20,0x90); + &LL(0xf4,0xf4,0xf7,0xf4,0xf3,0x03,0xf5,0x07); + &LL(0xcb,0xcb,0x0b,0xcb,0x16,0xc0,0x8b,0xdd); + &LL(0x3e,0x3e,0xf8,0x3e,0xed,0xc6,0x7c,0xd3); + &LL(0x05,0x05,0x14,0x05,0x28,0x11,0x0a,0x2d); + &LL(0x67,0x67,0x81,0x67,0x1f,0xe6,0xce,0x78); + &LL(0xe4,0xe4,0xb7,0xe4,0x73,0x53,0xd5,0x97); + &LL(0x27,0x27,0x9c,0x27,0x25,0xbb,0x4e,0x02); + &LL(0x41,0x41,0x19,0x41,0x32,0x58,0x82,0x73); + &LL(0x8b,0x8b,0x16,0x8b,0x2c,0x9d,0x0b,0xa7); + &LL(0xa7,0xa7,0xa6,0xa7,0x51,0x01,0x53,0xf6); + &LL(0x7d,0x7d,0xe9,0x7d,0xcf,0x94,0xfa,0xb2); + &LL(0x95,0x95,0x6e,0x95,0xdc,0xfb,0x37,0x49); + &LL(0xd8,0xd8,0x47,0xd8,0x8e,0x9f,0xad,0x56); + &LL(0xfb,0xfb,0xcb,0xfb,0x8b,0x30,0xeb,0x70); + &LL(0xee,0xee,0x9f,0xee,0x23,0x71,0xc1,0xcd); + &LL(0x7c,0x7c,0xed,0x7c,0xc7,0x91,0xf8,0xbb); + &LL(0x66,0x66,0x85,0x66,0x17,0xe3,0xcc,0x71); + &LL(0xdd,0xdd,0x53,0xdd,0xa6,0x8e,0xa7,0x7b); + &LL(0x17,0x17,0x5c,0x17,0xb8,0x4b,0x2e,0xaf); + &LL(0x47,0x47,0x01,0x47,0x02,0x46,0x8e,0x45); + &LL(0x9e,0x9e,0x42,0x9e,0x84,0xdc,0x21,0x1a); + &LL(0xca,0xca,0x0f,0xca,0x1e,0xc5,0x89,0xd4); + &LL(0x2d,0x2d,0xb4,0x2d,0x75,0x99,0x5a,0x58); + &LL(0xbf,0xbf,0xc6,0xbf,0x91,0x79,0x63,0x2e); + &LL(0x07,0x07,0x1c,0x07,0x38,0x1b,0x0e,0x3f); + &LL(0xad,0xad,0x8e,0xad,0x01,0x23,0x47,0xac); + &LL(0x5a,0x5a,0x75,0x5a,0xea,0x2f,0xb4,0xb0); + &LL(0x83,0x83,0x36,0x83,0x6c,0xb5,0x1b,0xef); + &LL(0x33,0x33,0xcc,0x33,0x85,0xff,0x66,0xb6); + &LL(0x63,0x63,0x91,0x63,0x3f,0xf2,0xc6,0x5c); + &LL(0x02,0x02,0x08,0x02,0x10,0x0a,0x04,0x12); + &LL(0xaa,0xaa,0x92,0xaa,0x39,0x38,0x49,0x93); + &LL(0x71,0x71,0xd9,0x71,0xaf,0xa8,0xe2,0xde); + &LL(0xc8,0xc8,0x07,0xc8,0x0e,0xcf,0x8d,0xc6); + &LL(0x19,0x19,0x64,0x19,0xc8,0x7d,0x32,0xd1); + &LL(0x49,0x49,0x39,0x49,0x72,0x70,0x92,0x3b); + &LL(0xd9,0xd9,0x43,0xd9,0x86,0x9a,0xaf,0x5f); + &LL(0xf2,0xf2,0xef,0xf2,0xc3,0x1d,0xf9,0x31); + &LL(0xe3,0xe3,0xab,0xe3,0x4b,0x48,0xdb,0xa8); + &LL(0x5b,0x5b,0x71,0x5b,0xe2,0x2a,0xb6,0xb9); + &LL(0x88,0x88,0x1a,0x88,0x34,0x92,0x0d,0xbc); + &LL(0x9a,0x9a,0x52,0x9a,0xa4,0xc8,0x29,0x3e); + &LL(0x26,0x26,0x98,0x26,0x2d,0xbe,0x4c,0x0b); + &LL(0x32,0x32,0xc8,0x32,0x8d,0xfa,0x64,0xbf); + &LL(0xb0,0xb0,0xfa,0xb0,0xe9,0x4a,0x7d,0x59); + &LL(0xe9,0xe9,0x83,0xe9,0x1b,0x6a,0xcf,0xf2); + &LL(0x0f,0x0f,0x3c,0x0f,0x78,0x33,0x1e,0x77); + &LL(0xd5,0xd5,0x73,0xd5,0xe6,0xa6,0xb7,0x33); + &LL(0x80,0x80,0x3a,0x80,0x74,0xba,0x1d,0xf4); + &LL(0xbe,0xbe,0xc2,0xbe,0x99,0x7c,0x61,0x27); + &LL(0xcd,0xcd,0x13,0xcd,0x26,0xde,0x87,0xeb); + &LL(0x34,0x34,0xd0,0x34,0xbd,0xe4,0x68,0x89); + &LL(0x48,0x48,0x3d,0x48,0x7a,0x75,0x90,0x32); + &LL(0xff,0xff,0xdb,0xff,0xab,0x24,0xe3,0x54); + &LL(0x7a,0x7a,0xf5,0x7a,0xf7,0x8f,0xf4,0x8d); + &LL(0x90,0x90,0x7a,0x90,0xf4,0xea,0x3d,0x64); + &LL(0x5f,0x5f,0x61,0x5f,0xc2,0x3e,0xbe,0x9d); + &LL(0x20,0x20,0x80,0x20,0x1d,0xa0,0x40,0x3d); + &LL(0x68,0x68,0xbd,0x68,0x67,0xd5,0xd0,0x0f); + &LL(0x1a,0x1a,0x68,0x1a,0xd0,0x72,0x34,0xca); + &LL(0xae,0xae,0x82,0xae,0x19,0x2c,0x41,0xb7); + &LL(0xb4,0xb4,0xea,0xb4,0xc9,0x5e,0x75,0x7d); + &LL(0x54,0x54,0x4d,0x54,0x9a,0x19,0xa8,0xce); + &LL(0x93,0x93,0x76,0x93,0xec,0xe5,0x3b,0x7f); + &LL(0x22,0x22,0x88,0x22,0x0d,0xaa,0x44,0x2f); + &LL(0x64,0x64,0x8d,0x64,0x07,0xe9,0xc8,0x63); + &LL(0xf1,0xf1,0xe3,0xf1,0xdb,0x12,0xff,0x2a); + &LL(0x73,0x73,0xd1,0x73,0xbf,0xa2,0xe6,0xcc); + &LL(0x12,0x12,0x48,0x12,0x90,0x5a,0x24,0x82); + &LL(0x40,0x40,0x1d,0x40,0x3a,0x5d,0x80,0x7a); + &LL(0x08,0x08,0x20,0x08,0x40,0x28,0x10,0x48); + &LL(0xc3,0xc3,0x2b,0xc3,0x56,0xe8,0x9b,0x95); + &LL(0xec,0xec,0x97,0xec,0x33,0x7b,0xc5,0xdf); + &LL(0xdb,0xdb,0x4b,0xdb,0x96,0x90,0xab,0x4d); + &LL(0xa1,0xa1,0xbe,0xa1,0x61,0x1f,0x5f,0xc0); + &LL(0x8d,0x8d,0x0e,0x8d,0x1c,0x83,0x07,0x91); + &LL(0x3d,0x3d,0xf4,0x3d,0xf5,0xc9,0x7a,0xc8); + &LL(0x97,0x97,0x66,0x97,0xcc,0xf1,0x33,0x5b); + &LL(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00); + &LL(0xcf,0xcf,0x1b,0xcf,0x36,0xd4,0x83,0xf9); + &LL(0x2b,0x2b,0xac,0x2b,0x45,0x87,0x56,0x6e); + &LL(0x76,0x76,0xc5,0x76,0x97,0xb3,0xec,0xe1); + &LL(0x82,0x82,0x32,0x82,0x64,0xb0,0x19,0xe6); + &LL(0xd6,0xd6,0x7f,0xd6,0xfe,0xa9,0xb1,0x28); + &LL(0x1b,0x1b,0x6c,0x1b,0xd8,0x77,0x36,0xc3); + &LL(0xb5,0xb5,0xee,0xb5,0xc1,0x5b,0x77,0x74); + &LL(0xaf,0xaf,0x86,0xaf,0x11,0x29,0x43,0xbe); + &LL(0x6a,0x6a,0xb5,0x6a,0x77,0xdf,0xd4,0x1d); + &LL(0x50,0x50,0x5d,0x50,0xba,0x0d,0xa0,0xea); + &LL(0x45,0x45,0x09,0x45,0x12,0x4c,0x8a,0x57); + &LL(0xf3,0xf3,0xeb,0xf3,0xcb,0x18,0xfb,0x38); + &LL(0x30,0x30,0xc0,0x30,0x9d,0xf0,0x60,0xad); + &LL(0xef,0xef,0x9b,0xef,0x2b,0x74,0xc3,0xc4); + &LL(0x3f,0x3f,0xfc,0x3f,0xe5,0xc3,0x7e,0xda); + &LL(0x55,0x55,0x49,0x55,0x92,0x1c,0xaa,0xc7); + &LL(0xa2,0xa2,0xb2,0xa2,0x79,0x10,0x59,0xdb); + &LL(0xea,0xea,0x8f,0xea,0x03,0x65,0xc9,0xe9); + &LL(0x65,0x65,0x89,0x65,0x0f,0xec,0xca,0x6a); + &LL(0xba,0xba,0xd2,0xba,0xb9,0x68,0x69,0x03); + &LL(0x2f,0x2f,0xbc,0x2f,0x65,0x93,0x5e,0x4a); + &LL(0xc0,0xc0,0x27,0xc0,0x4e,0xe7,0x9d,0x8e); + &LL(0xde,0xde,0x5f,0xde,0xbe,0x81,0xa1,0x60); + &LL(0x1c,0x1c,0x70,0x1c,0xe0,0x6c,0x38,0xfc); + &LL(0xfd,0xfd,0xd3,0xfd,0xbb,0x2e,0xe7,0x46); + &LL(0x4d,0x4d,0x29,0x4d,0x52,0x64,0x9a,0x1f); + &LL(0x92,0x92,0x72,0x92,0xe4,0xe0,0x39,0x76); + &LL(0x75,0x75,0xc9,0x75,0x8f,0xbc,0xea,0xfa); + &LL(0x06,0x06,0x18,0x06,0x30,0x1e,0x0c,0x36); + &LL(0x8a,0x8a,0x12,0x8a,0x24,0x98,0x09,0xae); + &LL(0xb2,0xb2,0xf2,0xb2,0xf9,0x40,0x79,0x4b); + &LL(0xe6,0xe6,0xbf,0xe6,0x63,0x59,0xd1,0x85); + &LL(0x0e,0x0e,0x38,0x0e,0x70,0x36,0x1c,0x7e); + &LL(0x1f,0x1f,0x7c,0x1f,0xf8,0x63,0x3e,0xe7); + &LL(0x62,0x62,0x95,0x62,0x37,0xf7,0xc4,0x55); + &LL(0xd4,0xd4,0x77,0xd4,0xee,0xa3,0xb5,0x3a); + &LL(0xa8,0xa8,0x9a,0xa8,0x29,0x32,0x4d,0x81); + &LL(0x96,0x96,0x62,0x96,0xc4,0xf4,0x31,0x52); + &LL(0xf9,0xf9,0xc3,0xf9,0x9b,0x3a,0xef,0x62); + &LL(0xc5,0xc5,0x33,0xc5,0x66,0xf6,0x97,0xa3); + &LL(0x25,0x25,0x94,0x25,0x35,0xb1,0x4a,0x10); + &LL(0x59,0x59,0x79,0x59,0xf2,0x20,0xb2,0xab); + &LL(0x84,0x84,0x2a,0x84,0x54,0xae,0x15,0xd0); + &LL(0x72,0x72,0xd5,0x72,0xb7,0xa7,0xe4,0xc5); + &LL(0x39,0x39,0xe4,0x39,0xd5,0xdd,0x72,0xec); + &LL(0x4c,0x4c,0x2d,0x4c,0x5a,0x61,0x98,0x16); + &LL(0x5e,0x5e,0x65,0x5e,0xca,0x3b,0xbc,0x94); + &LL(0x78,0x78,0xfd,0x78,0xe7,0x85,0xf0,0x9f); + &LL(0x38,0x38,0xe0,0x38,0xdd,0xd8,0x70,0xe5); + &LL(0x8c,0x8c,0x0a,0x8c,0x14,0x86,0x05,0x98); + &LL(0xd1,0xd1,0x63,0xd1,0xc6,0xb2,0xbf,0x17); + &LL(0xa5,0xa5,0xae,0xa5,0x41,0x0b,0x57,0xe4); + &LL(0xe2,0xe2,0xaf,0xe2,0x43,0x4d,0xd9,0xa1); + &LL(0x61,0x61,0x99,0x61,0x2f,0xf8,0xc2,0x4e); + &LL(0xb3,0xb3,0xf6,0xb3,0xf1,0x45,0x7b,0x42); + &LL(0x21,0x21,0x84,0x21,0x15,0xa5,0x42,0x34); + &LL(0x9c,0x9c,0x4a,0x9c,0x94,0xd6,0x25,0x08); + &LL(0x1e,0x1e,0x78,0x1e,0xf0,0x66,0x3c,0xee); + &LL(0x43,0x43,0x11,0x43,0x22,0x52,0x86,0x61); + &LL(0xc7,0xc7,0x3b,0xc7,0x76,0xfc,0x93,0xb1); + &LL(0xfc,0xfc,0xd7,0xfc,0xb3,0x2b,0xe5,0x4f); + &LL(0x04,0x04,0x10,0x04,0x20,0x14,0x08,0x24); + &LL(0x51,0x51,0x59,0x51,0xb2,0x08,0xa2,0xe3); + &LL(0x99,0x99,0x5e,0x99,0xbc,0xc7,0x2f,0x25); + &LL(0x6d,0x6d,0xa9,0x6d,0x4f,0xc4,0xda,0x22); + &LL(0x0d,0x0d,0x34,0x0d,0x68,0x39,0x1a,0x65); + &LL(0xfa,0xfa,0xcf,0xfa,0x83,0x35,0xe9,0x79); + &LL(0xdf,0xdf,0x5b,0xdf,0xb6,0x84,0xa3,0x69); + &LL(0x7e,0x7e,0xe5,0x7e,0xd7,0x9b,0xfc,0xa9); + &LL(0x24,0x24,0x90,0x24,0x3d,0xb4,0x48,0x19); + &LL(0x3b,0x3b,0xec,0x3b,0xc5,0xd7,0x76,0xfe); + &LL(0xab,0xab,0x96,0xab,0x31,0x3d,0x4b,0x9a); + &LL(0xce,0xce,0x1f,0xce,0x3e,0xd1,0x81,0xf0); + &LL(0x11,0x11,0x44,0x11,0x88,0x55,0x22,0x99); + &LL(0x8f,0x8f,0x06,0x8f,0x0c,0x89,0x03,0x83); + &LL(0x4e,0x4e,0x25,0x4e,0x4a,0x6b,0x9c,0x04); + &LL(0xb7,0xb7,0xe6,0xb7,0xd1,0x51,0x73,0x66); + &LL(0xeb,0xeb,0x8b,0xeb,0x0b,0x60,0xcb,0xe0); + &LL(0x3c,0x3c,0xf0,0x3c,0xfd,0xcc,0x78,0xc1); + &LL(0x81,0x81,0x3e,0x81,0x7c,0xbf,0x1f,0xfd); + &LL(0x94,0x94,0x6a,0x94,0xd4,0xfe,0x35,0x40); + &LL(0xf7,0xf7,0xfb,0xf7,0xeb,0x0c,0xf3,0x1c); + &LL(0xb9,0xb9,0xde,0xb9,0xa1,0x67,0x6f,0x18); + &LL(0x13,0x13,0x4c,0x13,0x98,0x5f,0x26,0x8b); + &LL(0x2c,0x2c,0xb0,0x2c,0x7d,0x9c,0x58,0x51); + &LL(0xd3,0xd3,0x6b,0xd3,0xd6,0xb8,0xbb,0x05); + &LL(0xe7,0xe7,0xbb,0xe7,0x6b,0x5c,0xd3,0x8c); + &LL(0x6e,0x6e,0xa5,0x6e,0x57,0xcb,0xdc,0x39); + &LL(0xc4,0xc4,0x37,0xc4,0x6e,0xf3,0x95,0xaa); + &LL(0x03,0x03,0x0c,0x03,0x18,0x0f,0x06,0x1b); + &LL(0x56,0x56,0x45,0x56,0x8a,0x13,0xac,0xdc); + &LL(0x44,0x44,0x0d,0x44,0x1a,0x49,0x88,0x5e); + &LL(0x7f,0x7f,0xe1,0x7f,0xdf,0x9e,0xfe,0xa0); + &LL(0xa9,0xa9,0x9e,0xa9,0x21,0x37,0x4f,0x88); + &LL(0x2a,0x2a,0xa8,0x2a,0x4d,0x82,0x54,0x67); + &LL(0xbb,0xbb,0xd6,0xbb,0xb1,0x6d,0x6b,0x0a); + &LL(0xc1,0xc1,0x23,0xc1,0x46,0xe2,0x9f,0x87); + &LL(0x53,0x53,0x51,0x53,0xa2,0x02,0xa6,0xf1); + &LL(0xdc,0xdc,0x57,0xdc,0xae,0x8b,0xa5,0x72); + &LL(0x0b,0x0b,0x2c,0x0b,0x58,0x27,0x16,0x53); + &LL(0x9d,0x9d,0x4e,0x9d,0x9c,0xd3,0x27,0x01); + &LL(0x6c,0x6c,0xad,0x6c,0x47,0xc1,0xd8,0x2b); + &LL(0x31,0x31,0xc4,0x31,0x95,0xf5,0x62,0xa4); + &LL(0x74,0x74,0xcd,0x74,0x87,0xb9,0xe8,0xf3); + &LL(0xf6,0xf6,0xff,0xf6,0xe3,0x09,0xf1,0x15); + &LL(0x46,0x46,0x05,0x46,0x0a,0x43,0x8c,0x4c); + &LL(0xac,0xac,0x8a,0xac,0x09,0x26,0x45,0xa5); + &LL(0x89,0x89,0x1e,0x89,0x3c,0x97,0x0f,0xb5); + &LL(0x14,0x14,0x50,0x14,0xa0,0x44,0x28,0xb4); + &LL(0xe1,0xe1,0xa3,0xe1,0x5b,0x42,0xdf,0xba); + &LL(0x16,0x16,0x58,0x16,0xb0,0x4e,0x2c,0xa6); + &LL(0x3a,0x3a,0xe8,0x3a,0xcd,0xd2,0x74,0xf7); + &LL(0x69,0x69,0xb9,0x69,0x6f,0xd0,0xd2,0x06); + &LL(0x09,0x09,0x24,0x09,0x48,0x2d,0x12,0x41); + &LL(0x70,0x70,0xdd,0x70,0xa7,0xad,0xe0,0xd7); + &LL(0xb6,0xb6,0xe2,0xb6,0xd9,0x54,0x71,0x6f); + &LL(0xd0,0xd0,0x67,0xd0,0xce,0xb7,0xbd,0x1e); + &LL(0xed,0xed,0x93,0xed,0x3b,0x7e,0xc7,0xd6); + &LL(0xcc,0xcc,0x17,0xcc,0x2e,0xdb,0x85,0xe2); + &LL(0x42,0x42,0x15,0x42,0x2a,0x57,0x84,0x68); + &LL(0x98,0x98,0x5a,0x98,0xb4,0xc2,0x2d,0x2c); + &LL(0xa4,0xa4,0xaa,0xa4,0x49,0x0e,0x55,0xed); + &LL(0x28,0x28,0xa0,0x28,0x5d,0x88,0x50,0x75); + &LL(0x5c,0x5c,0x6d,0x5c,0xda,0x31,0xb8,0x86); + &LL(0xf8,0xf8,0xc7,0xf8,0x93,0x3f,0xed,0x6b); + &LL(0x86,0x86,0x22,0x86,0x44,0xa4,0x11,0xc2); + + &L(0x18,0x23,0xc6,0xe8,0x87,0xb8,0x01,0x4f); # rc[ROUNDS] + &L(0x36,0xa6,0xd2,0xf5,0x79,0x6f,0x91,0x52); + &L(0x60,0xbc,0x9b,0x8e,0xa3,0x0c,0x7b,0x35); + &L(0x1d,0xe0,0xd7,0xc2,0x2e,0x4b,0xfe,0x57); + &L(0x15,0x77,0x37,0xe5,0x9f,0xf0,0x4a,0xda); + &L(0x58,0xc9,0x29,0x0a,0xb1,0xa0,0x6b,0x85); + &L(0xbd,0x5d,0x10,0xf4,0xcb,0x3e,0x05,0x67); + &L(0xe4,0x27,0x41,0x8b,0xa7,0x7d,0x95,0xd8); + &L(0xfb,0xee,0x7c,0x66,0xdd,0x17,0x47,0x9e); + &L(0xca,0x2d,0xbf,0x07,0xad,0x5a,0x83,0x33); + +&function_end_B("whirlpool_block_mmx"); +&asm_finish(); diff --git a/src/lib/libcrypto/whrlpool/asm/wp-x86_64.pl b/src/lib/libcrypto/whrlpool/asm/wp-x86_64.pl new file mode 100644 index 00000000000..afadd5d2f15 --- /dev/null +++ b/src/lib/libcrypto/whrlpool/asm/wp-x86_64.pl @@ -0,0 +1,481 @@ +#!/usr/bin/env perl +# +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. Rights for redistribution and usage in source and binary +# forms are granted according to the OpenSSL license. +# ==================================================================== +# +# whirlpool_block for x86_64. +# +# 2500 cycles per 64-byte input block on AMD64, which is *identical* +# to 32-bit MMX version executed on same CPU. So why did I bother? +# Well, it's faster than gcc 3.3.2 generated code by over 50%, and +# over 80% faster than PathScale 1.4, an "ambitious" commercial +# compiler. Furthermore it surpasses gcc 3.4.3 by 170% and Sun Studio +# 10 - by 360%[!]... What is it with x86_64 compilers? It's not the +# first example when they fail to generate more optimal code, when +# I believe they had *all* chances to... +# +# Note that register and stack frame layout are virtually identical +# to 32-bit MMX version, except that %r8-15 are used instead of +# %mm0-8. You can even notice that K[i] and S[i] are loaded to +# %eax:%ebx as pair of 32-bit values and not as single 64-bit one. +# This is done in order to avoid 64-bit shift penalties on Intel +# EM64T core. Speaking of which! I bet it's possible to improve +# Opteron performance by compressing the table to 2KB and replacing +# unaligned references with complementary rotations [which would +# incidentally replace lea instructions], but it would definitely +# just "kill" EM64T, because it has only 1 shifter/rotator [against +# 3 on Opteron] and which is *unacceptably* slow with 64-bit +# operand. + +$flavour = shift; +$output = shift; +if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; my $dir=$1; my $xlate; +( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or +die "can't locate x86_64-xlate.pl"; + +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; + +sub L() { $code.=".byte ".join(',',@_)."\n"; } +sub LL(){ $code.=".byte ".join(',',@_).",".join(',',@_)."\n"; } + +@mm=("%r8","%r9","%r10","%r11","%r12","%r13","%r14","%r15"); + +$func="whirlpool_block"; +$table=".Ltable"; + +$code=<<___; +.text + +.globl $func +.type $func,\@function,3 +.align 16 +$func: + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + + mov %rsp,%r11 + sub \$128+40,%rsp + and \$-64,%rsp + + lea 128(%rsp),%r10 + mov %rdi,0(%r10) # save parameter block + mov %rsi,8(%r10) + mov %rdx,16(%r10) + mov %r11,32(%r10) # saved stack pointer +.Lprologue: + + mov %r10,%rbx + lea $table(%rip),%rbp + + xor %rcx,%rcx + xor %rdx,%rdx +___ +for($i=0;$i<8;$i++) { $code.="mov $i*8(%rdi),@mm[$i]\n"; } # L=H +$code.=".Louterloop:\n"; +for($i=0;$i<8;$i++) { $code.="mov @mm[$i],$i*8(%rsp)\n"; } # K=L +for($i=0;$i<8;$i++) { $code.="xor $i*8(%rsi),@mm[$i]\n"; } # L^=inp +for($i=0;$i<8;$i++) { $code.="mov @mm[$i],64+$i*8(%rsp)\n"; } # S=L +$code.=<<___; + xor %rsi,%rsi + mov %rsi,24(%rbx) # zero round counter +.align 16 +.Lround: + mov 4096(%rbp,%rsi,8),@mm[0] # rc[r] + mov 0(%rsp),%eax + mov 4(%rsp),%ebx +___ +for($i=0;$i<8;$i++) { + my $func = ($i==0)? "mov" : "xor"; + $code.=<<___; + mov %al,%cl + mov %ah,%dl + lea (%rcx,%rcx),%rsi + lea (%rdx,%rdx),%rdi + shr \$16,%eax + xor 0(%rbp,%rsi,8),@mm[0] + $func 7(%rbp,%rdi,8),@mm[1] + mov %al,%cl + mov %ah,%dl + mov $i*8+8(%rsp),%eax # ($i+1)*8 + lea (%rcx,%rcx),%rsi + lea (%rdx,%rdx),%rdi + $func 6(%rbp,%rsi,8),@mm[2] + $func 5(%rbp,%rdi,8),@mm[3] + mov %bl,%cl + mov %bh,%dl + lea (%rcx,%rcx),%rsi + lea (%rdx,%rdx),%rdi + shr \$16,%ebx + $func 4(%rbp,%rsi,8),@mm[4] + $func 3(%rbp,%rdi,8),@mm[5] + mov %bl,%cl + mov %bh,%dl + mov $i*8+8+4(%rsp),%ebx # ($i+1)*8+4 + lea (%rcx,%rcx),%rsi + lea (%rdx,%rdx),%rdi + $func 2(%rbp,%rsi,8),@mm[6] + $func 1(%rbp,%rdi,8),@mm[7] +___ + push(@mm,shift(@mm)); +} +for($i=0;$i<8;$i++) { $code.="mov @mm[$i],$i*8(%rsp)\n"; } # K=L +for($i=0;$i<8;$i++) { + $code.=<<___; + mov %al,%cl + mov %ah,%dl + lea (%rcx,%rcx),%rsi + lea (%rdx,%rdx),%rdi + shr \$16,%eax + xor 0(%rbp,%rsi,8),@mm[0] + xor 7(%rbp,%rdi,8),@mm[1] + mov %al,%cl + mov %ah,%dl + `"mov 64+$i*8+8(%rsp),%eax" if($i<7);` # 64+($i+1)*8 + lea (%rcx,%rcx),%rsi + lea (%rdx,%rdx),%rdi + xor 6(%rbp,%rsi,8),@mm[2] + xor 5(%rbp,%rdi,8),@mm[3] + mov %bl,%cl + mov %bh,%dl + lea (%rcx,%rcx),%rsi + lea (%rdx,%rdx),%rdi + shr \$16,%ebx + xor 4(%rbp,%rsi,8),@mm[4] + xor 3(%rbp,%rdi,8),@mm[5] + mov %bl,%cl + mov %bh,%dl + `"mov 64+$i*8+8+4(%rsp),%ebx" if($i<7);` # 64+($i+1)*8+4 + lea (%rcx,%rcx),%rsi + lea (%rdx,%rdx),%rdi + xor 2(%rbp,%rsi,8),@mm[6] + xor 1(%rbp,%rdi,8),@mm[7] +___ + push(@mm,shift(@mm)); +} +$code.=<<___; + lea 128(%rsp),%rbx + mov 24(%rbx),%rsi # pull round counter + add \$1,%rsi + cmp \$10,%rsi + je .Lroundsdone + + mov %rsi,24(%rbx) # update round counter +___ +for($i=0;$i<8;$i++) { $code.="mov @mm[$i],64+$i*8(%rsp)\n"; } # S=L +$code.=<<___; + jmp .Lround +.align 16 +.Lroundsdone: + mov 0(%rbx),%rdi # reload argument block + mov 8(%rbx),%rsi + mov 16(%rbx),%rax +___ +for($i=0;$i<8;$i++) { $code.="xor $i*8(%rsi),@mm[$i]\n"; } # L^=inp +for($i=0;$i<8;$i++) { $code.="xor $i*8(%rdi),@mm[$i]\n"; } # L^=H +for($i=0;$i<8;$i++) { $code.="mov @mm[$i],$i*8(%rdi)\n"; } # H=L +$code.=<<___; + lea 64(%rsi),%rsi # inp+=64 + sub \$1,%rax # num-- + jz .Lalldone + mov %rsi,8(%rbx) # update parameter block + mov %rax,16(%rbx) + jmp .Louterloop +.Lalldone: + mov 32(%rbx),%rsi # restore saved pointer + mov (%rsi),%r15 + mov 8(%rsi),%r14 + mov 16(%rsi),%r13 + mov 24(%rsi),%r12 + mov 32(%rsi),%rbp + mov 40(%rsi),%rbx + lea 48(%rsi),%rsp +.Lepilogue: + ret +.size $func,.-$func + +.align 64 +.type $table,\@object +$table: +___ + &LL(0x18,0x18,0x60,0x18,0xc0,0x78,0x30,0xd8); + &LL(0x23,0x23,0x8c,0x23,0x05,0xaf,0x46,0x26); + &LL(0xc6,0xc6,0x3f,0xc6,0x7e,0xf9,0x91,0xb8); + &LL(0xe8,0xe8,0x87,0xe8,0x13,0x6f,0xcd,0xfb); + &LL(0x87,0x87,0x26,0x87,0x4c,0xa1,0x13,0xcb); + &LL(0xb8,0xb8,0xda,0xb8,0xa9,0x62,0x6d,0x11); + &LL(0x01,0x01,0x04,0x01,0x08,0x05,0x02,0x09); + &LL(0x4f,0x4f,0x21,0x4f,0x42,0x6e,0x9e,0x0d); + &LL(0x36,0x36,0xd8,0x36,0xad,0xee,0x6c,0x9b); + &LL(0xa6,0xa6,0xa2,0xa6,0x59,0x04,0x51,0xff); + &LL(0xd2,0xd2,0x6f,0xd2,0xde,0xbd,0xb9,0x0c); + &LL(0xf5,0xf5,0xf3,0xf5,0xfb,0x06,0xf7,0x0e); + &LL(0x79,0x79,0xf9,0x79,0xef,0x80,0xf2,0x96); + &LL(0x6f,0x6f,0xa1,0x6f,0x5f,0xce,0xde,0x30); + &LL(0x91,0x91,0x7e,0x91,0xfc,0xef,0x3f,0x6d); + &LL(0x52,0x52,0x55,0x52,0xaa,0x07,0xa4,0xf8); + &LL(0x60,0x60,0x9d,0x60,0x27,0xfd,0xc0,0x47); + &LL(0xbc,0xbc,0xca,0xbc,0x89,0x76,0x65,0x35); + &LL(0x9b,0x9b,0x56,0x9b,0xac,0xcd,0x2b,0x37); + &LL(0x8e,0x8e,0x02,0x8e,0x04,0x8c,0x01,0x8a); + &LL(0xa3,0xa3,0xb6,0xa3,0x71,0x15,0x5b,0xd2); + &LL(0x0c,0x0c,0x30,0x0c,0x60,0x3c,0x18,0x6c); + &LL(0x7b,0x7b,0xf1,0x7b,0xff,0x8a,0xf6,0x84); + &LL(0x35,0x35,0xd4,0x35,0xb5,0xe1,0x6a,0x80); + &LL(0x1d,0x1d,0x74,0x1d,0xe8,0x69,0x3a,0xf5); + &LL(0xe0,0xe0,0xa7,0xe0,0x53,0x47,0xdd,0xb3); + &LL(0xd7,0xd7,0x7b,0xd7,0xf6,0xac,0xb3,0x21); + &LL(0xc2,0xc2,0x2f,0xc2,0x5e,0xed,0x99,0x9c); + &LL(0x2e,0x2e,0xb8,0x2e,0x6d,0x96,0x5c,0x43); + &LL(0x4b,0x4b,0x31,0x4b,0x62,0x7a,0x96,0x29); + &LL(0xfe,0xfe,0xdf,0xfe,0xa3,0x21,0xe1,0x5d); + &LL(0x57,0x57,0x41,0x57,0x82,0x16,0xae,0xd5); + &LL(0x15,0x15,0x54,0x15,0xa8,0x41,0x2a,0xbd); + &LL(0x77,0x77,0xc1,0x77,0x9f,0xb6,0xee,0xe8); + &LL(0x37,0x37,0xdc,0x37,0xa5,0xeb,0x6e,0x92); + &LL(0xe5,0xe5,0xb3,0xe5,0x7b,0x56,0xd7,0x9e); + &LL(0x9f,0x9f,0x46,0x9f,0x8c,0xd9,0x23,0x13); + &LL(0xf0,0xf0,0xe7,0xf0,0xd3,0x17,0xfd,0x23); + &LL(0x4a,0x4a,0x35,0x4a,0x6a,0x7f,0x94,0x20); + &LL(0xda,0xda,0x4f,0xda,0x9e,0x95,0xa9,0x44); + &LL(0x58,0x58,0x7d,0x58,0xfa,0x25,0xb0,0xa2); + &LL(0xc9,0xc9,0x03,0xc9,0x06,0xca,0x8f,0xcf); + &LL(0x29,0x29,0xa4,0x29,0x55,0x8d,0x52,0x7c); + &LL(0x0a,0x0a,0x28,0x0a,0x50,0x22,0x14,0x5a); + &LL(0xb1,0xb1,0xfe,0xb1,0xe1,0x4f,0x7f,0x50); + &LL(0xa0,0xa0,0xba,0xa0,0x69,0x1a,0x5d,0xc9); + &LL(0x6b,0x6b,0xb1,0x6b,0x7f,0xda,0xd6,0x14); + &LL(0x85,0x85,0x2e,0x85,0x5c,0xab,0x17,0xd9); + &LL(0xbd,0xbd,0xce,0xbd,0x81,0x73,0x67,0x3c); + &LL(0x5d,0x5d,0x69,0x5d,0xd2,0x34,0xba,0x8f); + &LL(0x10,0x10,0x40,0x10,0x80,0x50,0x20,0x90); + &LL(0xf4,0xf4,0xf7,0xf4,0xf3,0x03,0xf5,0x07); + &LL(0xcb,0xcb,0x0b,0xcb,0x16,0xc0,0x8b,0xdd); + &LL(0x3e,0x3e,0xf8,0x3e,0xed,0xc6,0x7c,0xd3); + &LL(0x05,0x05,0x14,0x05,0x28,0x11,0x0a,0x2d); + &LL(0x67,0x67,0x81,0x67,0x1f,0xe6,0xce,0x78); + &LL(0xe4,0xe4,0xb7,0xe4,0x73,0x53,0xd5,0x97); + &LL(0x27,0x27,0x9c,0x27,0x25,0xbb,0x4e,0x02); + &LL(0x41,0x41,0x19,0x41,0x32,0x58,0x82,0x73); + &LL(0x8b,0x8b,0x16,0x8b,0x2c,0x9d,0x0b,0xa7); + &LL(0xa7,0xa7,0xa6,0xa7,0x51,0x01,0x53,0xf6); + &LL(0x7d,0x7d,0xe9,0x7d,0xcf,0x94,0xfa,0xb2); + &LL(0x95,0x95,0x6e,0x95,0xdc,0xfb,0x37,0x49); + &LL(0xd8,0xd8,0x47,0xd8,0x8e,0x9f,0xad,0x56); + &LL(0xfb,0xfb,0xcb,0xfb,0x8b,0x30,0xeb,0x70); + &LL(0xee,0xee,0x9f,0xee,0x23,0x71,0xc1,0xcd); + &LL(0x7c,0x7c,0xed,0x7c,0xc7,0x91,0xf8,0xbb); + &LL(0x66,0x66,0x85,0x66,0x17,0xe3,0xcc,0x71); + &LL(0xdd,0xdd,0x53,0xdd,0xa6,0x8e,0xa7,0x7b); + &LL(0x17,0x17,0x5c,0x17,0xb8,0x4b,0x2e,0xaf); + &LL(0x47,0x47,0x01,0x47,0x02,0x46,0x8e,0x45); + &LL(0x9e,0x9e,0x42,0x9e,0x84,0xdc,0x21,0x1a); + &LL(0xca,0xca,0x0f,0xca,0x1e,0xc5,0x89,0xd4); + &LL(0x2d,0x2d,0xb4,0x2d,0x75,0x99,0x5a,0x58); + &LL(0xbf,0xbf,0xc6,0xbf,0x91,0x79,0x63,0x2e); + &LL(0x07,0x07,0x1c,0x07,0x38,0x1b,0x0e,0x3f); + &LL(0xad,0xad,0x8e,0xad,0x01,0x23,0x47,0xac); + &LL(0x5a,0x5a,0x75,0x5a,0xea,0x2f,0xb4,0xb0); + &LL(0x83,0x83,0x36,0x83,0x6c,0xb5,0x1b,0xef); + &LL(0x33,0x33,0xcc,0x33,0x85,0xff,0x66,0xb6); + &LL(0x63,0x63,0x91,0x63,0x3f,0xf2,0xc6,0x5c); + &LL(0x02,0x02,0x08,0x02,0x10,0x0a,0x04,0x12); + &LL(0xaa,0xaa,0x92,0xaa,0x39,0x38,0x49,0x93); + &LL(0x71,0x71,0xd9,0x71,0xaf,0xa8,0xe2,0xde); + &LL(0xc8,0xc8,0x07,0xc8,0x0e,0xcf,0x8d,0xc6); + &LL(0x19,0x19,0x64,0x19,0xc8,0x7d,0x32,0xd1); + &LL(0x49,0x49,0x39,0x49,0x72,0x70,0x92,0x3b); + &LL(0xd9,0xd9,0x43,0xd9,0x86,0x9a,0xaf,0x5f); + &LL(0xf2,0xf2,0xef,0xf2,0xc3,0x1d,0xf9,0x31); + &LL(0xe3,0xe3,0xab,0xe3,0x4b,0x48,0xdb,0xa8); + &LL(0x5b,0x5b,0x71,0x5b,0xe2,0x2a,0xb6,0xb9); + &LL(0x88,0x88,0x1a,0x88,0x34,0x92,0x0d,0xbc); + &LL(0x9a,0x9a,0x52,0x9a,0xa4,0xc8,0x29,0x3e); + &LL(0x26,0x26,0x98,0x26,0x2d,0xbe,0x4c,0x0b); + &LL(0x32,0x32,0xc8,0x32,0x8d,0xfa,0x64,0xbf); + &LL(0xb0,0xb0,0xfa,0xb0,0xe9,0x4a,0x7d,0x59); + &LL(0xe9,0xe9,0x83,0xe9,0x1b,0x6a,0xcf,0xf2); + &LL(0x0f,0x0f,0x3c,0x0f,0x78,0x33,0x1e,0x77); + &LL(0xd5,0xd5,0x73,0xd5,0xe6,0xa6,0xb7,0x33); + &LL(0x80,0x80,0x3a,0x80,0x74,0xba,0x1d,0xf4); + &LL(0xbe,0xbe,0xc2,0xbe,0x99,0x7c,0x61,0x27); + &LL(0xcd,0xcd,0x13,0xcd,0x26,0xde,0x87,0xeb); + &LL(0x34,0x34,0xd0,0x34,0xbd,0xe4,0x68,0x89); + &LL(0x48,0x48,0x3d,0x48,0x7a,0x75,0x90,0x32); + &LL(0xff,0xff,0xdb,0xff,0xab,0x24,0xe3,0x54); + &LL(0x7a,0x7a,0xf5,0x7a,0xf7,0x8f,0xf4,0x8d); + &LL(0x90,0x90,0x7a,0x90,0xf4,0xea,0x3d,0x64); + &LL(0x5f,0x5f,0x61,0x5f,0xc2,0x3e,0xbe,0x9d); + &LL(0x20,0x20,0x80,0x20,0x1d,0xa0,0x40,0x3d); + &LL(0x68,0x68,0xbd,0x68,0x67,0xd5,0xd0,0x0f); + &LL(0x1a,0x1a,0x68,0x1a,0xd0,0x72,0x34,0xca); + &LL(0xae,0xae,0x82,0xae,0x19,0x2c,0x41,0xb7); + &LL(0xb4,0xb4,0xea,0xb4,0xc9,0x5e,0x75,0x7d); + &LL(0x54,0x54,0x4d,0x54,0x9a,0x19,0xa8,0xce); + &LL(0x93,0x93,0x76,0x93,0xec,0xe5,0x3b,0x7f); + &LL(0x22,0x22,0x88,0x22,0x0d,0xaa,0x44,0x2f); + &LL(0x64,0x64,0x8d,0x64,0x07,0xe9,0xc8,0x63); + &LL(0xf1,0xf1,0xe3,0xf1,0xdb,0x12,0xff,0x2a); + &LL(0x73,0x73,0xd1,0x73,0xbf,0xa2,0xe6,0xcc); + &LL(0x12,0x12,0x48,0x12,0x90,0x5a,0x24,0x82); + &LL(0x40,0x40,0x1d,0x40,0x3a,0x5d,0x80,0x7a); + &LL(0x08,0x08,0x20,0x08,0x40,0x28,0x10,0x48); + &LL(0xc3,0xc3,0x2b,0xc3,0x56,0xe8,0x9b,0x95); + &LL(0xec,0xec,0x97,0xec,0x33,0x7b,0xc5,0xdf); + &LL(0xdb,0xdb,0x4b,0xdb,0x96,0x90,0xab,0x4d); + &LL(0xa1,0xa1,0xbe,0xa1,0x61,0x1f,0x5f,0xc0); + &LL(0x8d,0x8d,0x0e,0x8d,0x1c,0x83,0x07,0x91); + &LL(0x3d,0x3d,0xf4,0x3d,0xf5,0xc9,0x7a,0xc8); + &LL(0x97,0x97,0x66,0x97,0xcc,0xf1,0x33,0x5b); + &LL(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00); + &LL(0xcf,0xcf,0x1b,0xcf,0x36,0xd4,0x83,0xf9); + &LL(0x2b,0x2b,0xac,0x2b,0x45,0x87,0x56,0x6e); + &LL(0x76,0x76,0xc5,0x76,0x97,0xb3,0xec,0xe1); + &LL(0x82,0x82,0x32,0x82,0x64,0xb0,0x19,0xe6); + &LL(0xd6,0xd6,0x7f,0xd6,0xfe,0xa9,0xb1,0x28); + &LL(0x1b,0x1b,0x6c,0x1b,0xd8,0x77,0x36,0xc3); + &LL(0xb5,0xb5,0xee,0xb5,0xc1,0x5b,0x77,0x74); + &LL(0xaf,0xaf,0x86,0xaf,0x11,0x29,0x43,0xbe); + &LL(0x6a,0x6a,0xb5,0x6a,0x77,0xdf,0xd4,0x1d); + &LL(0x50,0x50,0x5d,0x50,0xba,0x0d,0xa0,0xea); + &LL(0x45,0x45,0x09,0x45,0x12,0x4c,0x8a,0x57); + &LL(0xf3,0xf3,0xeb,0xf3,0xcb,0x18,0xfb,0x38); + &LL(0x30,0x30,0xc0,0x30,0x9d,0xf0,0x60,0xad); + &LL(0xef,0xef,0x9b,0xef,0x2b,0x74,0xc3,0xc4); + &LL(0x3f,0x3f,0xfc,0x3f,0xe5,0xc3,0x7e,0xda); + &LL(0x55,0x55,0x49,0x55,0x92,0x1c,0xaa,0xc7); + &LL(0xa2,0xa2,0xb2,0xa2,0x79,0x10,0x59,0xdb); + &LL(0xea,0xea,0x8f,0xea,0x03,0x65,0xc9,0xe9); + &LL(0x65,0x65,0x89,0x65,0x0f,0xec,0xca,0x6a); + &LL(0xba,0xba,0xd2,0xba,0xb9,0x68,0x69,0x03); + &LL(0x2f,0x2f,0xbc,0x2f,0x65,0x93,0x5e,0x4a); + &LL(0xc0,0xc0,0x27,0xc0,0x4e,0xe7,0x9d,0x8e); + &LL(0xde,0xde,0x5f,0xde,0xbe,0x81,0xa1,0x60); + &LL(0x1c,0x1c,0x70,0x1c,0xe0,0x6c,0x38,0xfc); + &LL(0xfd,0xfd,0xd3,0xfd,0xbb,0x2e,0xe7,0x46); + &LL(0x4d,0x4d,0x29,0x4d,0x52,0x64,0x9a,0x1f); + &LL(0x92,0x92,0x72,0x92,0xe4,0xe0,0x39,0x76); + &LL(0x75,0x75,0xc9,0x75,0x8f,0xbc,0xea,0xfa); + &LL(0x06,0x06,0x18,0x06,0x30,0x1e,0x0c,0x36); + &LL(0x8a,0x8a,0x12,0x8a,0x24,0x98,0x09,0xae); + &LL(0xb2,0xb2,0xf2,0xb2,0xf9,0x40,0x79,0x4b); + &LL(0xe6,0xe6,0xbf,0xe6,0x63,0x59,0xd1,0x85); + &LL(0x0e,0x0e,0x38,0x0e,0x70,0x36,0x1c,0x7e); + &LL(0x1f,0x1f,0x7c,0x1f,0xf8,0x63,0x3e,0xe7); + &LL(0x62,0x62,0x95,0x62,0x37,0xf7,0xc4,0x55); + &LL(0xd4,0xd4,0x77,0xd4,0xee,0xa3,0xb5,0x3a); + &LL(0xa8,0xa8,0x9a,0xa8,0x29,0x32,0x4d,0x81); + &LL(0x96,0x96,0x62,0x96,0xc4,0xf4,0x31,0x52); + &LL(0xf9,0xf9,0xc3,0xf9,0x9b,0x3a,0xef,0x62); + &LL(0xc5,0xc5,0x33,0xc5,0x66,0xf6,0x97,0xa3); + &LL(0x25,0x25,0x94,0x25,0x35,0xb1,0x4a,0x10); + &LL(0x59,0x59,0x79,0x59,0xf2,0x20,0xb2,0xab); + &LL(0x84,0x84,0x2a,0x84,0x54,0xae,0x15,0xd0); + &LL(0x72,0x72,0xd5,0x72,0xb7,0xa7,0xe4,0xc5); + &LL(0x39,0x39,0xe4,0x39,0xd5,0xdd,0x72,0xec); + &LL(0x4c,0x4c,0x2d,0x4c,0x5a,0x61,0x98,0x16); + &LL(0x5e,0x5e,0x65,0x5e,0xca,0x3b,0xbc,0x94); + &LL(0x78,0x78,0xfd,0x78,0xe7,0x85,0xf0,0x9f); + &LL(0x38,0x38,0xe0,0x38,0xdd,0xd8,0x70,0xe5); + &LL(0x8c,0x8c,0x0a,0x8c,0x14,0x86,0x05,0x98); + &LL(0xd1,0xd1,0x63,0xd1,0xc6,0xb2,0xbf,0x17); + &LL(0xa5,0xa5,0xae,0xa5,0x41,0x0b,0x57,0xe4); + &LL(0xe2,0xe2,0xaf,0xe2,0x43,0x4d,0xd9,0xa1); + &LL(0x61,0x61,0x99,0x61,0x2f,0xf8,0xc2,0x4e); + &LL(0xb3,0xb3,0xf6,0xb3,0xf1,0x45,0x7b,0x42); + &LL(0x21,0x21,0x84,0x21,0x15,0xa5,0x42,0x34); + &LL(0x9c,0x9c,0x4a,0x9c,0x94,0xd6,0x25,0x08); + &LL(0x1e,0x1e,0x78,0x1e,0xf0,0x66,0x3c,0xee); + &LL(0x43,0x43,0x11,0x43,0x22,0x52,0x86,0x61); + &LL(0xc7,0xc7,0x3b,0xc7,0x76,0xfc,0x93,0xb1); + &LL(0xfc,0xfc,0xd7,0xfc,0xb3,0x2b,0xe5,0x4f); + &LL(0x04,0x04,0x10,0x04,0x20,0x14,0x08,0x24); + &LL(0x51,0x51,0x59,0x51,0xb2,0x08,0xa2,0xe3); + &LL(0x99,0x99,0x5e,0x99,0xbc,0xc7,0x2f,0x25); + &LL(0x6d,0x6d,0xa9,0x6d,0x4f,0xc4,0xda,0x22); + &LL(0x0d,0x0d,0x34,0x0d,0x68,0x39,0x1a,0x65); + &LL(0xfa,0xfa,0xcf,0xfa,0x83,0x35,0xe9,0x79); + &LL(0xdf,0xdf,0x5b,0xdf,0xb6,0x84,0xa3,0x69); + &LL(0x7e,0x7e,0xe5,0x7e,0xd7,0x9b,0xfc,0xa9); + &LL(0x24,0x24,0x90,0x24,0x3d,0xb4,0x48,0x19); + &LL(0x3b,0x3b,0xec,0x3b,0xc5,0xd7,0x76,0xfe); + &LL(0xab,0xab,0x96,0xab,0x31,0x3d,0x4b,0x9a); + &LL(0xce,0xce,0x1f,0xce,0x3e,0xd1,0x81,0xf0); + &LL(0x11,0x11,0x44,0x11,0x88,0x55,0x22,0x99); + &LL(0x8f,0x8f,0x06,0x8f,0x0c,0x89,0x03,0x83); + &LL(0x4e,0x4e,0x25,0x4e,0x4a,0x6b,0x9c,0x04); + &LL(0xb7,0xb7,0xe6,0xb7,0xd1,0x51,0x73,0x66); + &LL(0xeb,0xeb,0x8b,0xeb,0x0b,0x60,0xcb,0xe0); + &LL(0x3c,0x3c,0xf0,0x3c,0xfd,0xcc,0x78,0xc1); + &LL(0x81,0x81,0x3e,0x81,0x7c,0xbf,0x1f,0xfd); + &LL(0x94,0x94,0x6a,0x94,0xd4,0xfe,0x35,0x40); + &LL(0xf7,0xf7,0xfb,0xf7,0xeb,0x0c,0xf3,0x1c); + &LL(0xb9,0xb9,0xde,0xb9,0xa1,0x67,0x6f,0x18); + &LL(0x13,0x13,0x4c,0x13,0x98,0x5f,0x26,0x8b); + &LL(0x2c,0x2c,0xb0,0x2c,0x7d,0x9c,0x58,0x51); + &LL(0xd3,0xd3,0x6b,0xd3,0xd6,0xb8,0xbb,0x05); + &LL(0xe7,0xe7,0xbb,0xe7,0x6b,0x5c,0xd3,0x8c); + &LL(0x6e,0x6e,0xa5,0x6e,0x57,0xcb,0xdc,0x39); + &LL(0xc4,0xc4,0x37,0xc4,0x6e,0xf3,0x95,0xaa); + &LL(0x03,0x03,0x0c,0x03,0x18,0x0f,0x06,0x1b); + &LL(0x56,0x56,0x45,0x56,0x8a,0x13,0xac,0xdc); + &LL(0x44,0x44,0x0d,0x44,0x1a,0x49,0x88,0x5e); + &LL(0x7f,0x7f,0xe1,0x7f,0xdf,0x9e,0xfe,0xa0); + &LL(0xa9,0xa9,0x9e,0xa9,0x21,0x37,0x4f,0x88); + &LL(0x2a,0x2a,0xa8,0x2a,0x4d,0x82,0x54,0x67); + &LL(0xbb,0xbb,0xd6,0xbb,0xb1,0x6d,0x6b,0x0a); + &LL(0xc1,0xc1,0x23,0xc1,0x46,0xe2,0x9f,0x87); + &LL(0x53,0x53,0x51,0x53,0xa2,0x02,0xa6,0xf1); + &LL(0xdc,0xdc,0x57,0xdc,0xae,0x8b,0xa5,0x72); + &LL(0x0b,0x0b,0x2c,0x0b,0x58,0x27,0x16,0x53); + &LL(0x9d,0x9d,0x4e,0x9d,0x9c,0xd3,0x27,0x01); + &LL(0x6c,0x6c,0xad,0x6c,0x47,0xc1,0xd8,0x2b); + &LL(0x31,0x31,0xc4,0x31,0x95,0xf5,0x62,0xa4); + &LL(0x74,0x74,0xcd,0x74,0x87,0xb9,0xe8,0xf3); + &LL(0xf6,0xf6,0xff,0xf6,0xe3,0x09,0xf1,0x15); + &LL(0x46,0x46,0x05,0x46,0x0a,0x43,0x8c,0x4c); + &LL(0xac,0xac,0x8a,0xac,0x09,0x26,0x45,0xa5); + &LL(0x89,0x89,0x1e,0x89,0x3c,0x97,0x0f,0xb5); + &LL(0x14,0x14,0x50,0x14,0xa0,0x44,0x28,0xb4); + &LL(0xe1,0xe1,0xa3,0xe1,0x5b,0x42,0xdf,0xba); + &LL(0x16,0x16,0x58,0x16,0xb0,0x4e,0x2c,0xa6); + &LL(0x3a,0x3a,0xe8,0x3a,0xcd,0xd2,0x74,0xf7); + &LL(0x69,0x69,0xb9,0x69,0x6f,0xd0,0xd2,0x06); + &LL(0x09,0x09,0x24,0x09,0x48,0x2d,0x12,0x41); + &LL(0x70,0x70,0xdd,0x70,0xa7,0xad,0xe0,0xd7); + &LL(0xb6,0xb6,0xe2,0xb6,0xd9,0x54,0x71,0x6f); + &LL(0xd0,0xd0,0x67,0xd0,0xce,0xb7,0xbd,0x1e); + &LL(0xed,0xed,0x93,0xed,0x3b,0x7e,0xc7,0xd6); + &LL(0xcc,0xcc,0x17,0xcc,0x2e,0xdb,0x85,0xe2); + &LL(0x42,0x42,0x15,0x42,0x2a,0x57,0x84,0x68); + &LL(0x98,0x98,0x5a,0x98,0xb4,0xc2,0x2d,0x2c); + &LL(0xa4,0xa4,0xaa,0xa4,0x49,0x0e,0x55,0xed); + &LL(0x28,0x28,0xa0,0x28,0x5d,0x88,0x50,0x75); + &LL(0x5c,0x5c,0x6d,0x5c,0xda,0x31,0xb8,0x86); + &LL(0xf8,0xf8,0xc7,0xf8,0x93,0x3f,0xed,0x6b); + &LL(0x86,0x86,0x22,0x86,0x44,0xa4,0x11,0xc2); + + &L(0x18,0x23,0xc6,0xe8,0x87,0xb8,0x01,0x4f); # rc[ROUNDS] + &L(0x36,0xa6,0xd2,0xf5,0x79,0x6f,0x91,0x52); + &L(0x60,0xbc,0x9b,0x8e,0xa3,0x0c,0x7b,0x35); + &L(0x1d,0xe0,0xd7,0xc2,0x2e,0x4b,0xfe,0x57); + &L(0x15,0x77,0x37,0xe5,0x9f,0xf0,0x4a,0xda); + &L(0x58,0xc9,0x29,0x0a,0xb1,0xa0,0x6b,0x85); + &L(0xbd,0x5d,0x10,0xf4,0xcb,0x3e,0x05,0x67); + &L(0xe4,0x27,0x41,0x8b,0xa7,0x7d,0x95,0xd8); + &L(0xfb,0xee,0x7c,0x66,0xdd,0x17,0x47,0x9e); + &L(0xca,0x2d,0xbf,0x07,0xad,0x5a,0x83,0x33); + +$code =~ s/\`([^\`]*)\`/eval $1/gem; +print $code; +close STDOUT; diff --git a/src/lib/libcrypto/whrlpool/whrlpool.h b/src/lib/libcrypto/whrlpool/whrlpool.h new file mode 100644 index 00000000000..875d34f7d33 --- /dev/null +++ b/src/lib/libcrypto/whrlpool/whrlpool.h @@ -0,0 +1,41 @@ +/* $OpenBSD: whrlpool.h,v 1.5 2014/07/10 22:45:58 jsing Exp $ */ + +#include + +#ifndef HEADER_WHRLPOOL_H +#define HEADER_WHRLPOOL_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#define WHIRLPOOL_DIGEST_LENGTH (512/8) +#define WHIRLPOOL_BBLOCK 512 +#define WHIRLPOOL_COUNTER (256/8) + +typedef struct { + union { + unsigned char c[WHIRLPOOL_DIGEST_LENGTH]; + /* double q is here to ensure 64-bit alignment */ + double q[WHIRLPOOL_DIGEST_LENGTH/sizeof(double)]; + } H; + unsigned char data[WHIRLPOOL_BBLOCK/8]; + unsigned int bitoff; + size_t bitlen[WHIRLPOOL_COUNTER/sizeof(size_t)]; + } WHIRLPOOL_CTX; + +#ifndef OPENSSL_NO_WHIRLPOOL +int WHIRLPOOL_Init (WHIRLPOOL_CTX *c); +int WHIRLPOOL_Update (WHIRLPOOL_CTX *c,const void *inp,size_t bytes); +void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c,const void *inp,size_t bits); +int WHIRLPOOL_Final (unsigned char *md,WHIRLPOOL_CTX *c); +unsigned char *WHIRLPOOL(const void *inp,size_t bytes,unsigned char *md); +#endif + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/src/lib/libcrypto/whrlpool/wp_block.c b/src/lib/libcrypto/whrlpool/wp_block.c new file mode 100644 index 00000000000..1e00a013304 --- /dev/null +++ b/src/lib/libcrypto/whrlpool/wp_block.c @@ -0,0 +1,629 @@ +/* $OpenBSD: wp_block.c,v 1.13 2016/11/04 17:30:30 miod Exp $ */ +/** + * The Whirlpool hashing function. + * + *

+ * References + * + *

+ * References + * + *

+ * The Whirlpool algorithm was developed by + * Paulo S. L. M. Barreto and + * Vincent Rijmen. + * + * See + * P.S.L.M. Barreto, V. Rijmen, + * ``The Whirlpool hashing function,'' + * NESSIE submission, 2000 (tweaked version, 2001), + * + * + * Based on "@version 3.0 (2003.03.12)" by Paulo S.L.M. Barreto and + * Vincent Rijmen. Lookup "reference implementations" on + * + * + * ============================================================================= + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE + * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, + * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +/* + * OpenSSL-specific implementation notes. + * + * WHIRLPOOL_Update as well as one-stroke WHIRLPOOL both expect + * number of *bytes* as input length argument. Bit-oriented routine + * as specified by authors is called WHIRLPOOL_BitUpdate[!] and + * does not have one-stroke counterpart. + * + * WHIRLPOOL_BitUpdate implements byte-oriented loop, essentially + * to serve WHIRLPOOL_Update. This is done for performance. + * + * Unlike authors' reference implementation, block processing + * routine whirlpool_block is designed to operate on multi-block + * input. This is done for performance. + */ + +#include "wp_locl.h" +#include +#include + +int WHIRLPOOL_Init(WHIRLPOOL_CTX *c) + { + memset (c,0,sizeof(*c)); + return(1); + } + +int WHIRLPOOL_Update (WHIRLPOOL_CTX *c,const void *_inp,size_t bytes) + { + /* Well, largest suitable chunk size actually is + * (1<<(sizeof(size_t)*8-3))-64, but below number + * is large enough for not to care about excessive + * calls to WHIRLPOOL_BitUpdate... */ + size_t chunk = ((size_t)1)<<(sizeof(size_t)*8-4); + const unsigned char *inp = _inp; + + while (bytes>=chunk) + { + WHIRLPOOL_BitUpdate(c,inp,chunk*8); + bytes -= chunk; + inp += chunk; + } + if (bytes) + WHIRLPOOL_BitUpdate(c,inp,bytes*8); + + return(1); + } + +void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c,const void *_inp,size_t bits) + { + size_t n; + unsigned int bitoff = c->bitoff, + bitrem = bitoff%8, + inpgap = (8-(unsigned int)bits%8)&7; + const unsigned char *inp=_inp; + + /* This 256-bit increment procedure relies on the size_t + * being natural size of CPU register, so that we don't + * have to mask the value in order to detect overflows. */ + c->bitlen[0] += bits; + if (c->bitlen[0] < bits) /* overflow */ + { + n = 1; + do { c->bitlen[n]++; + } while(c->bitlen[n]==0 + && ++n<(WHIRLPOOL_COUNTER/sizeof(size_t))); + } + +#ifndef OPENSSL_SMALL_FOOTPRINT + reconsider: + if (inpgap==0 && bitrem==0) /* byte-oriented loop */ + { + while (bits) + { + if (bitoff==0 && (n=bits/WHIRLPOOL_BBLOCK)) + { + whirlpool_block(c,inp,n); + inp += n*WHIRLPOOL_BBLOCK/8; + bits %= WHIRLPOOL_BBLOCK; + } + else + { + unsigned int byteoff = bitoff/8; + + bitrem = WHIRLPOOL_BBLOCK - bitoff;/* re-use bitrem */ + if (bits >= bitrem) + { + bits -= bitrem; + bitrem /= 8; + memcpy(c->data+byteoff,inp,bitrem); + inp += bitrem; + whirlpool_block(c,c->data,1); + bitoff = 0; + } + else + { + memcpy(c->data+byteoff,inp,bits/8); + bitoff += (unsigned int)bits; + bits = 0; + } + c->bitoff = bitoff; + } + } + } + else /* bit-oriented loop */ +#endif + { + /* + inp + | + +-------+-------+------- + ||||||||||||||||||||| + +-------+-------+------- + +-------+-------+-------+-------+------- + |||||||||||||| c->data + +-------+-------+-------+-------+------- + | + c->bitoff/8 + */ + while (bits) + { + unsigned int byteoff = bitoff/8; + unsigned char b; + +#ifndef OPENSSL_SMALL_FOOTPRINT + if (bitrem==inpgap) + { + c->data[byteoff++] |= inp[0] & (0xff>>inpgap); + inpgap = 8-inpgap; + bitoff += inpgap; bitrem = 0; /* bitoff%8 */ + bits -= inpgap; inpgap = 0; /* bits%8 */ + inp++; + if (bitoff==WHIRLPOOL_BBLOCK) + { + whirlpool_block(c,c->data,1); + bitoff = 0; + } + c->bitoff = bitoff; + goto reconsider; + } + else +#endif + if (bits>=8) + { + b = ((inp[0]<>(8-inpgap))); + b &= 0xff; + if (bitrem) c->data[byteoff++] |= b>>bitrem; + else c->data[byteoff++] = b; + bitoff += 8; + bits -= 8; + inp++; + if (bitoff>=WHIRLPOOL_BBLOCK) + { + whirlpool_block(c,c->data,1); + byteoff = 0; + bitoff %= WHIRLPOOL_BBLOCK; + } + if (bitrem) c->data[byteoff] = b<<(8-bitrem); + } + else /* remaining less than 8 bits */ + { + b = (inp[0]<data[byteoff++] |= b>>bitrem; + else c->data[byteoff++] = b; + bitoff += (unsigned int)bits; + if (bitoff==WHIRLPOOL_BBLOCK) + { + whirlpool_block(c,c->data,1); + byteoff = 0; + bitoff %= WHIRLPOOL_BBLOCK; + } + if (bitrem) c->data[byteoff] = b<<(8-bitrem); + bits = 0; + } + c->bitoff = bitoff; + } + } + } + +int WHIRLPOOL_Final (unsigned char *md,WHIRLPOOL_CTX *c) + { + unsigned int bitoff = c->bitoff, + byteoff = bitoff/8; + size_t i,j,v; + unsigned char *p; + + bitoff %= 8; + if (bitoff) c->data[byteoff] |= 0x80>>bitoff; + else c->data[byteoff] = 0x80; + byteoff++; + + /* pad with zeros */ + if (byteoff > (WHIRLPOOL_BBLOCK/8-WHIRLPOOL_COUNTER)) + { + if (byteoffdata[byteoff],0,WHIRLPOOL_BBLOCK/8-byteoff); + whirlpool_block(c,c->data,1); + byteoff = 0; + } + if (byteoff < (WHIRLPOOL_BBLOCK/8-WHIRLPOOL_COUNTER)) + memset(&c->data[byteoff],0, + (WHIRLPOOL_BBLOCK/8-WHIRLPOOL_COUNTER)-byteoff); + /* smash 256-bit c->bitlen in big-endian order */ + p = &c->data[WHIRLPOOL_BBLOCK/8-1]; /* last byte in c->data */ + for(i=0;ibitlen[i],j=0;j>=8) + *p-- = (unsigned char)(v&0xff); + + whirlpool_block(c,c->data,1); + + if (md) { + memcpy(md,c->H.c,WHIRLPOOL_DIGEST_LENGTH); + memset(c,0,sizeof(*c)); + return(1); + } + return(0); + } + +unsigned char *WHIRLPOOL(const void *inp, size_t bytes,unsigned char *md) + { + WHIRLPOOL_CTX ctx; + static unsigned char m[WHIRLPOOL_DIGEST_LENGTH]; + + if (md == NULL) md=m; + WHIRLPOOL_Init(&ctx); + WHIRLPOOL_Update(&ctx,inp,bytes); + WHIRLPOOL_Final(md,&ctx); + return(md); + } diff --git a/src/lib/libcrypto/whrlpool/wp_locl.h b/src/lib/libcrypto/whrlpool/wp_locl.h new file mode 100644 index 00000000000..771c65e413b --- /dev/null +++ b/src/lib/libcrypto/whrlpool/wp_locl.h @@ -0,0 +1,9 @@ +/* $OpenBSD: wp_locl.h,v 1.3 2016/12/21 15:49:29 jsing Exp $ */ + +#include + +__BEGIN_HIDDEN_DECLS + +void whirlpool_block(WHIRLPOOL_CTX *,const void *,size_t); + +__END_HIDDEN_DECLS diff --git a/src/lib/libcrypto/x509/Makefile.ssl b/src/lib/libcrypto/x509/Makefile.ssl deleted file mode 100644 index 2df6ddcd347..00000000000 --- a/src/lib/libcrypto/x509/Makefile.ssl +++ /dev/null @@ -1,410 +0,0 @@ -# -# SSLeay/crypto/x509/Makefile -# - -DIR= x509 -TOP= ../.. -CC= cc -INCLUDES= -I.. -I$(TOP) -I../../include -CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKE= make -f Makefile.ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) -MAKEFILE= Makefile.ssl -AR= ar r - -CFLAGS= $(INCLUDES) $(CFLAG) - -GENERAL=Makefile README -TEST= -APPS= - -LIB=$(TOP)/libcrypto.a -LIBSRC= x509_def.c x509_d2.c x509_r2x.c x509_cmp.c \ - x509_obj.c x509_req.c x509spki.c x509_vfy.c \ - x509_set.c x509cset.c x509rset.c x509_err.c \ - x509name.c x509_v3.c x509_ext.c x509_att.c \ - x509type.c x509_lu.c x_all.c x509_txt.c \ - x509_trs.c by_file.c by_dir.c -LIBOBJ= x509_def.o x509_d2.o x509_r2x.o x509_cmp.o \ - x509_obj.o x509_req.o x509spki.o x509_vfy.o \ - x509_set.o x509cset.o x509rset.o x509_err.o \ - x509name.o x509_v3.o x509_ext.o x509_att.o \ - x509type.o x509_lu.o x_all.o x509_txt.o \ - x509_trs.o by_file.o by_dir.o - -SRC= $(LIBSRC) - -EXHEADER= x509.h x509_vfy.h -HEADER= $(EXHEADER) - -ALL= $(GENERAL) $(SRC) $(HEADER) - -top: - (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) - -all: lib - -lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) || echo Never mind. - @touch lib - -files: - $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO - -links: - @sh $(TOP)/util/point.sh Makefile.ssl Makefile - @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) - @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) - @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) - -install: - @for i in $(EXHEADER) ; \ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; - -tags: - ctags $(SRC) - -tests: - -lint: - lint -DLINT $(INCLUDES) $(SRC)>fluff - -depend: - $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) - -dclean: - $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new - mv -f Makefile.new $(MAKEFILE) - -clean: - rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff - -# DO NOT DELETE THIS LINE -- make depend depends on it. - -by_dir.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -by_dir.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -by_dir.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -by_dir.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -by_dir.o: ../../include/openssl/err.h ../../include/openssl/evp.h -by_dir.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -by_dir.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -by_dir.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -by_dir.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -by_dir.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -by_dir.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -by_dir.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -by_dir.o: ../cryptlib.h by_dir.c -by_file.o: ../../e_os.h ../../include/openssl/asn1.h -by_file.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -by_file.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -by_file.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -by_file.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -by_file.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -by_file.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -by_file.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -by_file.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h -by_file.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h -by_file.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -by_file.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -by_file.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -by_file.o: ../../include/openssl/x509_vfy.h ../cryptlib.h by_file.c -x509_att.o: ../../e_os.h ../../include/openssl/asn1.h -x509_att.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -x509_att.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h -x509_att.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -x509_att.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -x509_att.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_att.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x509_att.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -x509_att.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x509_att.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -x509_att.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x509_att.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x509_att.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509_att.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_att.c -x509_cmp.o: ../../e_os.h ../../include/openssl/asn1.h -x509_cmp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -x509_cmp.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h -x509_cmp.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -x509_cmp.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -x509_cmp.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_cmp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x509_cmp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -x509_cmp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x509_cmp.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -x509_cmp.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x509_cmp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x509_cmp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509_cmp.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_cmp.c -x509_d2.o: ../../e_os.h ../../include/openssl/asn1.h -x509_d2.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -x509_d2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -x509_d2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -x509_d2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -x509_d2.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -x509_d2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x509_d2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -x509_d2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -x509_d2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -x509_d2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -x509_d2.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -x509_d2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_d2.c -x509_def.o: ../../e_os.h ../../include/openssl/asn1.h -x509_def.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -x509_def.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -x509_def.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -x509_def.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -x509_def.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -x509_def.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x509_def.o: ../../include/openssl/opensslconf.h -x509_def.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x509_def.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -x509_def.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x509_def.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x509_def.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509_def.o: ../cryptlib.h x509_def.c -x509_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -x509_err.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -x509_err.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -x509_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -x509_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x509_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -x509_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x509_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -x509_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x509_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x509_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509_err.o: x509_err.c -x509_ext.o: ../../e_os.h ../../include/openssl/asn1.h -x509_ext.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -x509_ext.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h -x509_ext.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -x509_ext.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -x509_ext.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_ext.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x509_ext.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -x509_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x509_ext.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -x509_ext.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x509_ext.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x509_ext.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509_ext.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_ext.c -x509_lu.o: ../../e_os.h ../../include/openssl/asn1.h -x509_lu.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -x509_lu.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h -x509_lu.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -x509_lu.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -x509_lu.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_lu.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x509_lu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -x509_lu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x509_lu.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -x509_lu.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x509_lu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x509_lu.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509_lu.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_lu.c -x509_obj.o: ../../e_os.h ../../include/openssl/asn1.h -x509_obj.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -x509_obj.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -x509_obj.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -x509_obj.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -x509_obj.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -x509_obj.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x509_obj.o: ../../include/openssl/opensslconf.h -x509_obj.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x509_obj.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -x509_obj.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x509_obj.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x509_obj.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509_obj.o: ../cryptlib.h x509_obj.c -x509_r2x.o: ../../e_os.h ../../include/openssl/asn1.h -x509_r2x.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -x509_r2x.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -x509_r2x.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -x509_r2x.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -x509_r2x.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -x509_r2x.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x509_r2x.o: ../../include/openssl/opensslconf.h -x509_r2x.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x509_r2x.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -x509_r2x.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x509_r2x.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x509_r2x.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509_r2x.o: ../cryptlib.h x509_r2x.c -x509_req.o: ../../e_os.h ../../include/openssl/asn1.h -x509_req.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -x509_req.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -x509_req.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -x509_req.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -x509_req.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -x509_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x509_req.o: ../../include/openssl/opensslconf.h -x509_req.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x509_req.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h -x509_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -x509_req.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x509_req.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x509_req.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509_req.o: ../cryptlib.h x509_req.c -x509_set.o: ../../e_os.h ../../include/openssl/asn1.h -x509_set.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -x509_set.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -x509_set.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -x509_set.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -x509_set.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -x509_set.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x509_set.o: ../../include/openssl/opensslconf.h -x509_set.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x509_set.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -x509_set.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x509_set.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x509_set.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509_set.o: ../cryptlib.h x509_set.c -x509_trs.o: ../../e_os.h ../../include/openssl/asn1.h -x509_trs.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -x509_trs.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h -x509_trs.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -x509_trs.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -x509_trs.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_trs.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x509_trs.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -x509_trs.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x509_trs.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -x509_trs.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x509_trs.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x509_trs.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509_trs.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_trs.c -x509_txt.o: ../../e_os.h ../../include/openssl/asn1.h -x509_txt.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -x509_txt.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -x509_txt.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -x509_txt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -x509_txt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -x509_txt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x509_txt.o: ../../include/openssl/opensslconf.h -x509_txt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x509_txt.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -x509_txt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x509_txt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x509_txt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509_txt.o: ../cryptlib.h x509_txt.c -x509_v3.o: ../../e_os.h ../../include/openssl/asn1.h -x509_v3.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -x509_v3.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h -x509_v3.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -x509_v3.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -x509_v3.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_v3.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x509_v3.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -x509_v3.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x509_v3.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -x509_v3.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x509_v3.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x509_v3.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509_v3.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_v3.c -x509_vfy.o: ../../e_os.h ../../include/openssl/asn1.h -x509_vfy.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -x509_vfy.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h -x509_vfy.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -x509_vfy.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -x509_vfy.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x509_vfy.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x509_vfy.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -x509_vfy.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x509_vfy.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -x509_vfy.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x509_vfy.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x509_vfy.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509_vfy.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_vfy.c -x509cset.o: ../../e_os.h ../../include/openssl/asn1.h -x509cset.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -x509cset.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -x509cset.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -x509cset.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -x509cset.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -x509cset.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x509cset.o: ../../include/openssl/opensslconf.h -x509cset.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x509cset.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -x509cset.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x509cset.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x509cset.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509cset.o: ../cryptlib.h x509cset.c -x509name.o: ../../e_os.h ../../include/openssl/asn1.h -x509name.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -x509name.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -x509name.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -x509name.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -x509name.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -x509name.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x509name.o: ../../include/openssl/opensslconf.h -x509name.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x509name.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -x509name.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x509name.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x509name.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509name.o: ../cryptlib.h x509name.c -x509rset.o: ../../e_os.h ../../include/openssl/asn1.h -x509rset.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -x509rset.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -x509rset.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -x509rset.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -x509rset.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -x509rset.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x509rset.o: ../../include/openssl/opensslconf.h -x509rset.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x509rset.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -x509rset.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x509rset.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x509rset.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509rset.o: ../cryptlib.h x509rset.c -x509spki.o: ../../e_os.h ../../include/openssl/asn1.h -x509spki.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -x509spki.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -x509spki.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -x509spki.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -x509spki.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -x509spki.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x509spki.o: ../../include/openssl/opensslconf.h -x509spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x509spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -x509spki.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x509spki.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x509spki.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509spki.o: ../cryptlib.h x509spki.c -x509type.o: ../../e_os.h ../../include/openssl/asn1.h -x509type.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -x509type.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -x509type.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -x509type.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -x509type.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -x509type.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -x509type.o: ../../include/openssl/opensslconf.h -x509type.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x509type.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -x509type.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x509type.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x509type.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509type.o: ../cryptlib.h x509type.c -x_all.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -x_all.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -x_all.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -x_all.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -x_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_all.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -x_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -x_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -x_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_all.o: ../cryptlib.h x_all.c diff --git a/src/lib/libcrypto/x509/by_dir.c b/src/lib/libcrypto/x509/by_dir.c index 448bd7e69cc..04eada8ad05 100644 --- a/src/lib/libcrypto/x509/by_dir.c +++ b/src/lib/libcrypto/x509/by_dir.c @@ -1,25 +1,25 @@ -/* crypto/x509/by_dir.c */ +/* $OpenBSD: by_dir.c,v 1.39 2018/08/05 14:17:12 bcook Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,303 +49,374 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ +#include + +#include #include +#include #include -#include +#include -#include "cryptlib.h" - -#ifndef NO_SYS_TYPES_H -# include -#endif -#ifdef MAC_OS_pre_X -# include -#else -# include -#endif +#include +#include #include #include -typedef struct lookup_dir_st - { +# include + +typedef struct lookup_dir_hashes_st { + unsigned long hash; + int suffix; +} BY_DIR_HASH; + +typedef struct lookup_dir_entry_st { + char *dir; + int dir_type; + STACK_OF(BY_DIR_HASH) *hashes; +} BY_DIR_ENTRY; + +typedef struct lookup_dir_st { BUF_MEM *buffer; - int num_dirs; - char **dirs; - int *dirs_type; - int num_dirs_alloced; - } BY_DIR; + STACK_OF(BY_DIR_ENTRY) *dirs; +} BY_DIR; + +DECLARE_STACK_OF(BY_DIR_HASH) +DECLARE_STACK_OF(BY_DIR_ENTRY) static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, - char **ret); + char **ret); static int new_dir(X509_LOOKUP *lu); static void free_dir(X509_LOOKUP *lu); -static int add_cert_dir(BY_DIR *ctx,const char *dir,int type); -static int get_cert_by_subject(X509_LOOKUP *xl,int type,X509_NAME *name, - X509_OBJECT *ret); -X509_LOOKUP_METHOD x509_dir_lookup= - { - "Load certs from files in a directory", - new_dir, /* new */ - free_dir, /* free */ - NULL, /* init */ - NULL, /* shutdown */ - dir_ctrl, /* ctrl */ - get_cert_by_subject, /* get_by_subject */ - NULL, /* get_by_issuer_serial */ - NULL, /* get_by_fingerprint */ - NULL, /* get_by_alias */ - }; - -X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void) - { - return(&x509_dir_lookup); - } +static int add_cert_dir(BY_DIR *ctx, const char *dir, int type); +static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, + X509_OBJECT *ret); -static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, - char **retp) - { - int ret=0; +static X509_LOOKUP_METHOD x509_dir_lookup = { + .name = "Load certs from files in a directory", + .new_item = new_dir, + .free = free_dir, + .init = NULL, + .shutdown = NULL, + .ctrl = dir_ctrl, + .get_by_subject = get_cert_by_subject, + .get_by_issuer_serial = NULL, + .get_by_fingerprint = NULL, + .get_by_alias = NULL, +}; + +X509_LOOKUP_METHOD * +X509_LOOKUP_hash_dir(void) +{ + return (&x509_dir_lookup); +} + +static int +dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, + char **retp) +{ + int ret = 0; BY_DIR *ld; - char *dir; - ld=(BY_DIR *)ctx->method_data; + ld = (BY_DIR *)ctx->method_data; - switch (cmd) - { + switch (cmd) { case X509_L_ADD_DIR: - if (argl == X509_FILETYPE_DEFAULT) - { - ret=add_cert_dir(ld,X509_get_default_cert_dir(), - X509_FILETYPE_PEM); - if (!ret) - { - X509err(X509_F_DIR_CTRL,X509_R_LOADING_CERT_DIR); - } - else - { - dir=(char *)Getenv(X509_get_default_cert_dir_env()); - ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM); - } + if (argl == X509_FILETYPE_DEFAULT) { + ret = add_cert_dir(ld, X509_get_default_cert_dir(), + X509_FILETYPE_PEM); + if (!ret) { + X509error(X509_R_LOADING_CERT_DIR); } - else - ret=add_cert_dir(ld,argp,(int)argl); + } else + ret = add_cert_dir(ld, argp, (int)argl); break; - } - return(ret); } + return (ret); +} -static int new_dir(X509_LOOKUP *lu) - { +static int +new_dir(X509_LOOKUP *lu) +{ BY_DIR *a; - if ((a=(BY_DIR *)OPENSSL_malloc(sizeof(BY_DIR))) == NULL) - return(0); - if ((a->buffer=BUF_MEM_new()) == NULL) - { - OPENSSL_free(a); - return(0); - } - a->num_dirs=0; - a->dirs=NULL; - a->dirs_type=NULL; - a->num_dirs_alloced=0; - lu->method_data=(char *)a; - return(1); + if ((a = malloc(sizeof(BY_DIR))) == NULL) + return (0); + if ((a->buffer = BUF_MEM_new()) == NULL) { + free(a); + return (0); } + a->dirs = NULL; + lu->method_data = (char *)a; + return (1); +} -static void free_dir(X509_LOOKUP *lu) - { +static void +by_dir_hash_free(BY_DIR_HASH *hash) +{ + free(hash); +} + +static int +by_dir_hash_cmp(const BY_DIR_HASH * const *a, + const BY_DIR_HASH * const *b) +{ + if ((*a)->hash > (*b)->hash) + return 1; + if ((*a)->hash < (*b)->hash) + return -1; + return 0; +} + +static void +by_dir_entry_free(BY_DIR_ENTRY *ent) +{ + free(ent->dir); + if (ent->hashes) + sk_BY_DIR_HASH_pop_free(ent->hashes, by_dir_hash_free); + free(ent); +} + +static void +free_dir(X509_LOOKUP *lu) +{ BY_DIR *a; - int i; - - a=(BY_DIR *)lu->method_data; - for (i=0; inum_dirs; i++) - if (a->dirs[i] != NULL) OPENSSL_free(a->dirs[i]); - if (a->dirs != NULL) OPENSSL_free(a->dirs); - if (a->dirs_type != NULL) OPENSSL_free(a->dirs_type); - if (a->buffer != NULL) BUF_MEM_free(a->buffer); - OPENSSL_free(a); + + a = (BY_DIR *)lu->method_data; + if (a->dirs != NULL) + sk_BY_DIR_ENTRY_pop_free(a->dirs, by_dir_entry_free); + if (a->buffer != NULL) + BUF_MEM_free(a->buffer); + free(a); +} + +static int +add_cert_dir(BY_DIR *ctx, const char *dir, int type) +{ + int j; + const char *s, *ss, *p; + ptrdiff_t len; + + if (dir == NULL || !*dir) { + X509error(X509_R_INVALID_DIRECTORY); + return 0; } -static int add_cert_dir(BY_DIR *ctx, const char *dir, int type) - { - int j,len; - int *ip; - const char *s,*ss,*p; - char **pp; - - if (dir == NULL || !*dir) - { - X509err(X509_F_ADD_CERT_DIR,X509_R_INVALID_DIRECTORY); - return 0; - } - - s=dir; - p=s; - for (;;) - { - if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0')) - { - ss=s; - s=p+1; - len=(int)(p-ss); - if (len == 0) continue; - for (j=0; jnum_dirs; j++) - if (strncmp(ctx->dirs[j],ss,(unsigned int)len) == 0) - continue; - if (ctx->num_dirs_alloced < (ctx->num_dirs+1)) - { - ctx->num_dirs_alloced+=10; - pp=(char **)OPENSSL_malloc(ctx->num_dirs_alloced* - sizeof(char *)); - ip=(int *)OPENSSL_malloc(ctx->num_dirs_alloced* - sizeof(int)); - if ((pp == NULL) || (ip == NULL)) - { - X509err(X509_F_ADD_CERT_DIR,ERR_R_MALLOC_FAILURE); - return(0); - } - memcpy(pp,ctx->dirs,(ctx->num_dirs_alloced-10)* - sizeof(char *)); - memcpy(ip,ctx->dirs_type,(ctx->num_dirs_alloced-10)* - sizeof(int)); - if (ctx->dirs != NULL) - OPENSSL_free(ctx->dirs); - if (ctx->dirs_type != NULL) - OPENSSL_free(ctx->dirs_type); - ctx->dirs=pp; - ctx->dirs_type=ip; + s = dir; + p = s; + do { + if ((*p == ':') || (*p == '\0')) { + BY_DIR_ENTRY *ent; + ss = s; + s = p + 1; + len = p - ss; + if (len == 0) + continue; + for (j = 0; j < sk_BY_DIR_ENTRY_num(ctx->dirs); j++) { + ent = sk_BY_DIR_ENTRY_value(ctx->dirs, j); + if (strlen(ent->dir) == (size_t)len && + strncmp(ent->dir, ss, (size_t)len) == 0) + break; + } + if (j < sk_BY_DIR_ENTRY_num(ctx->dirs)) + continue; + if (ctx->dirs == NULL) { + ctx->dirs = sk_BY_DIR_ENTRY_new_null(); + if (!ctx->dirs) { + X509error(ERR_R_MALLOC_FAILURE); + return 0; } - ctx->dirs_type[ctx->num_dirs]=type; - ctx->dirs[ctx->num_dirs]=(char *)OPENSSL_malloc((unsigned int)len+1); - if (ctx->dirs[ctx->num_dirs] == NULL) return(0); - strncpy(ctx->dirs[ctx->num_dirs],ss,(unsigned int)len); - ctx->dirs[ctx->num_dirs][len]='\0'; - ctx->num_dirs++; } - if (*p == '\0') break; - p++; + ent = malloc(sizeof(BY_DIR_ENTRY)); + if (!ent) { + X509error(ERR_R_MALLOC_FAILURE); + return 0; + } + ent->dir_type = type; + ent->hashes = sk_BY_DIR_HASH_new(by_dir_hash_cmp); + ent->dir = strndup(ss, (size_t)len); + if (!ent->dir || !ent->hashes) { + X509error(ERR_R_MALLOC_FAILURE); + by_dir_entry_free(ent); + return 0; + } + if (!sk_BY_DIR_ENTRY_push(ctx->dirs, ent)) { + X509error(ERR_R_MALLOC_FAILURE); + by_dir_entry_free(ent); + return 0; + } } - return(1); - } + } while (*p++ != '\0'); + return 1; +} -static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, - X509_OBJECT *ret) - { +static int +get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, + X509_OBJECT *ret) +{ BY_DIR *ctx; union { struct { X509 st_x509; X509_CINF st_x509_cinf; - } x509; + } x509; struct { X509_CRL st_crl; X509_CRL_INFO st_crl_info; - } crl; - } data; - int ok=0; - int i,j,k; + } crl; + } data; + int ok = 0; + int i, j, k; unsigned long h; - BUF_MEM *b=NULL; - struct stat st; - X509_OBJECT stmp,*tmp; + BUF_MEM *b = NULL; + X509_OBJECT stmp, *tmp; const char *postfix=""; - if (name == NULL) return(0); + if (name == NULL) + return (0); - stmp.type=type; - if (type == X509_LU_X509) - { - data.x509.st_x509.cert_info= &data.x509.st_x509_cinf; - data.x509.st_x509_cinf.subject=name; - stmp.data.x509= &data.x509.st_x509; + stmp.type = type; + if (type == X509_LU_X509) { + data.x509.st_x509.cert_info = &data.x509.st_x509_cinf; + data.x509.st_x509_cinf.subject = name; + stmp.data.x509 = &data.x509.st_x509; postfix=""; - } - else if (type == X509_LU_CRL) - { - data.crl.st_crl.crl= &data.crl.st_crl_info; - data.crl.st_crl_info.issuer=name; - stmp.data.crl= &data.crl.st_crl; + } else if (type == X509_LU_CRL) { + data.crl.st_crl.crl = &data.crl.st_crl_info; + data.crl.st_crl_info.issuer = name; + stmp.data.crl = &data.crl.st_crl; postfix="r"; - } - else - { - X509err(X509_F_GET_CERT_BY_SUBJECT,X509_R_WRONG_LOOKUP_TYPE); + } else { + X509error(X509_R_WRONG_LOOKUP_TYPE); goto finish; - } + } - if ((b=BUF_MEM_new()) == NULL) - { - X509err(X509_F_GET_CERT_BY_SUBJECT,ERR_R_BUF_LIB); + if ((b = BUF_MEM_new()) == NULL) { + X509error(ERR_R_BUF_LIB); goto finish; - } - - ctx=(BY_DIR *)xl->method_data; - - h=X509_NAME_hash(name); - for (i=0; inum_dirs; i++) - { - j=strlen(ctx->dirs[i])+1+8+6+1+1; - if (!BUF_MEM_grow(b,j)) - { - X509err(X509_F_GET_CERT_BY_SUBJECT,ERR_R_MALLOC_FAILURE); + } + + ctx = (BY_DIR *)xl->method_data; + + h = X509_NAME_hash(name); + for (i = 0; i < sk_BY_DIR_ENTRY_num(ctx->dirs); i++) { + BY_DIR_ENTRY *ent; + int idx; + BY_DIR_HASH htmp, *hent; + ent = sk_BY_DIR_ENTRY_value(ctx->dirs, i); + j = strlen(ent->dir) + 1 + 8 + 6 + 1 + 1; + if (!BUF_MEM_grow(b, j)) { + X509error(ERR_R_MALLOC_FAILURE); goto finish; + } + if (type == X509_LU_CRL) { + htmp.hash = h; + CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE); + idx = sk_BY_DIR_HASH_find(ent->hashes, &htmp); + if (idx >= 0) { + hent = sk_BY_DIR_HASH_value(ent->hashes, idx); + k = hent->suffix; + } else { + hent = NULL; + k = 0; } - k=0; - for (;;) + CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE); + } else { + k = 0; + hent = NULL; + } + for (;;) { + (void) snprintf(b->data, b->max, "%s/%08lx.%s%d", + ent->dir, h, postfix, k); + { - sprintf(b->data,"%s/%08lx.%s%d",ctx->dirs[i],h, - postfix,k); - k++; - if (stat(b->data,&st) < 0) - break; + struct stat st; + if (stat(b->data, &st) < 0) + break; + } /* found one. */ - if (type == X509_LU_X509) - { - if ((X509_load_cert_file(xl,b->data, - ctx->dirs_type[i])) == 0) + if (type == X509_LU_X509) { + if ((X509_load_cert_file(xl, b->data, + ent->dir_type)) == 0) break; - } - else if (type == X509_LU_CRL) - { - if ((X509_load_crl_file(xl,b->data, - ctx->dirs_type[i])) == 0) + } else if (type == X509_LU_CRL) { + if ((X509_load_crl_file(xl, b->data, + ent->dir_type)) == 0) break; - } + } /* else case will caught higher up */ + k++; + } + + /* we have added it to the cache so now pull it out again */ + CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); + j = sk_X509_OBJECT_find(xl->store_ctx->objs, &stmp); + if (j != -1) + tmp = sk_X509_OBJECT_value(xl->store_ctx->objs, j); + else + tmp = NULL; + CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + + /* If a CRL, update the last file suffix added for this */ + if (type == X509_LU_CRL) { + CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); + /* + * Look for entry again in case another thread added + * an entry first. + */ + if (!hent) { + htmp.hash = h; + idx = sk_BY_DIR_HASH_find(ent->hashes, &htmp); + if (idx >= 0) + hent = sk_BY_DIR_HASH_value( + ent->hashes, idx); } + if (!hent) { + hent = malloc(sizeof(BY_DIR_HASH)); + if (!hent) { + X509error(ERR_R_MALLOC_FAILURE); + CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + ok = 0; + goto finish; + } + hent->hash = h; + hent->suffix = k; + if (!sk_BY_DIR_HASH_push(ent->hashes, hent)) { + X509error(ERR_R_MALLOC_FAILURE); + CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + free(hent); + ok = 0; + goto finish; + } + } else if (hent->suffix < k) + hent->suffix = k; - /* we have added it to the cache so now pull - * it out again */ - CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE); - j = sk_X509_OBJECT_find(xl->store_ctx->objs,&stmp); - if(j != -1) tmp=sk_X509_OBJECT_value(xl->store_ctx->objs,j); - else tmp = NULL; - CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE); + CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); - if (tmp != NULL) - { - ok=1; - ret->type=tmp->type; - memcpy(&ret->data,&tmp->data,sizeof(ret->data)); - /* If we were going to up the reference count, - * we would need to do it on a perl 'type' - * basis */ + } + + if (tmp != NULL) { + ok = 1; + ret->type = tmp->type; + memcpy(&ret->data, &tmp->data, sizeof(ret->data)); + /* + * If we were going to up the reference count, + * we would need to do it on a perl 'type' basis + */ /* CRYPTO_add(&tmp->data.x509->references,1, CRYPTO_LOCK_X509);*/ goto finish; - } } -finish: - if (b != NULL) BUF_MEM_free(b); - return(ok); } - +finish: + if (b != NULL) + BUF_MEM_free(b); + return (ok); +} diff --git a/src/lib/libcrypto/x509/by_file.c b/src/lib/libcrypto/x509/by_file.c index 92e00d2d733..b2c8ef6cfaf 100644 --- a/src/lib/libcrypto/x509/by_file.c +++ b/src/lib/libcrypto/x509/by_file.c @@ -1,25 +1,25 @@ -/* crypto/x509/by_file.c */ +/* $OpenBSD: by_file.c,v 1.21 2017/01/29 17:49:23 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,242 +49,218 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ +#include #include #include -#include +#include -#include "cryptlib.h" -#include #include -#include +#include #include - -#ifndef OPENSSL_NO_STDIO +#include +#include static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, - long argl, char **ret); -X509_LOOKUP_METHOD x509_file_lookup= - { - "Load file into cache", - NULL, /* new */ - NULL, /* free */ - NULL, /* init */ - NULL, /* shutdown */ - by_file_ctrl, /* ctrl */ - NULL, /* get_by_subject */ - NULL, /* get_by_issuer_serial */ - NULL, /* get_by_fingerprint */ - NULL, /* get_by_alias */ - }; + long argl, char **ret); -X509_LOOKUP_METHOD *X509_LOOKUP_file(void) - { - return(&x509_file_lookup); - } +static X509_LOOKUP_METHOD x509_file_lookup = { + .name = "Load file into cache", + .new_item = NULL, + .free = NULL, + .init = NULL, + .shutdown = NULL, + .ctrl = by_file_ctrl, + .get_by_subject = NULL, + .get_by_issuer_serial = NULL, + .get_by_fingerprint = NULL, + .get_by_alias = NULL, +}; -static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, - char **ret) - { - int ok=0; - char *file; +X509_LOOKUP_METHOD * +X509_LOOKUP_file(void) +{ + return (&x509_file_lookup); +} + +static int +by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, + char **ret) +{ + int ok = 0; - switch (cmd) - { + switch (cmd) { case X509_L_FILE_LOAD: - if (argl == X509_FILETYPE_DEFAULT) - { - ok = (X509_load_cert_crl_file(ctx,X509_get_default_cert_file(), - X509_FILETYPE_PEM) != 0); - if (!ok) - { - X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS); - } - else - { - file=(char *)Getenv(X509_get_default_cert_file_env()); - ok = (X509_load_cert_crl_file(ctx,file, - X509_FILETYPE_PEM) != 0); - } + if (argl == X509_FILETYPE_DEFAULT) { + ok = (X509_load_cert_crl_file(ctx, + X509_get_default_cert_file(), + X509_FILETYPE_PEM) != 0); + if (!ok) { + X509error(X509_R_LOADING_DEFAULTS); } - else - { - if(argl == X509_FILETYPE_PEM) - ok = (X509_load_cert_crl_file(ctx,argp, - X509_FILETYPE_PEM) != 0); + } else { + if (argl == X509_FILETYPE_PEM) + ok = (X509_load_cert_crl_file(ctx, argp, + X509_FILETYPE_PEM) != 0); else - ok = (X509_load_cert_file(ctx,argp,(int)argl) != 0); - } - break; + ok = (X509_load_cert_file(ctx, + argp, (int)argl) != 0); } - return(ok); + break; } + return (ok); +} -int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type) - { - int ret=0; - BIO *in=NULL; - int i,count=0; - X509 *x=NULL; +int +X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type) +{ + int ret = 0; + BIO *in = NULL; + int i, count = 0; + X509 *x = NULL; - if (file == NULL) return(1); - in=BIO_new(BIO_s_file_internal()); + if (file == NULL) + return (1); + in = BIO_new(BIO_s_file_internal()); - if ((in == NULL) || (BIO_read_filename(in,file) <= 0)) - { - X509err(X509_F_X509_LOAD_CERT_FILE,ERR_R_SYS_LIB); + if ((in == NULL) || (BIO_read_filename(in, file) <= 0)) { + X509error(ERR_R_SYS_LIB); goto err; - } + } - if (type == X509_FILETYPE_PEM) - { - for (;;) - { - x=PEM_read_bio_X509_AUX(in,NULL,NULL,NULL); - if (x == NULL) - { - if ((ERR_GET_REASON(ERR_peek_error()) == - PEM_R_NO_START_LINE) && (count > 0)) - { + if (type == X509_FILETYPE_PEM) { + for (;;) { + x = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL); + if (x == NULL) { + if ((ERR_GET_REASON(ERR_peek_last_error()) == + PEM_R_NO_START_LINE) && (count > 0)) { ERR_clear_error(); break; - } - else - { - X509err(X509_F_X509_LOAD_CERT_FILE, - ERR_R_PEM_LIB); + } else { + X509error(ERR_R_PEM_LIB); goto err; - } } - i=X509_STORE_add_cert(ctx->store_ctx,x); - if (!i) goto err; + } + i = X509_STORE_add_cert(ctx->store_ctx, x); + if (!i) + goto err; count++; X509_free(x); - x=NULL; - } - ret=count; + x = NULL; } - else if (type == X509_FILETYPE_ASN1) - { - x=d2i_X509_bio(in,NULL); - if (x == NULL) - { - X509err(X509_F_X509_LOAD_CERT_FILE,ERR_R_ASN1_LIB); + ret = count; + } else if (type == X509_FILETYPE_ASN1) { + x = d2i_X509_bio(in, NULL); + if (x == NULL) { + X509error(ERR_R_ASN1_LIB); goto err; - } - i=X509_STORE_add_cert(ctx->store_ctx,x); - if (!i) goto err; - ret=i; } - else - { - X509err(X509_F_X509_LOAD_CERT_FILE,X509_R_BAD_X509_FILETYPE); + i = X509_STORE_add_cert(ctx->store_ctx, x); + if (!i) + goto err; + ret = i; + } else { + X509error(X509_R_BAD_X509_FILETYPE); goto err; - } -err: - if (x != NULL) X509_free(x); - if (in != NULL) BIO_free(in); - return(ret); } +err: + X509_free(x); + BIO_free(in); + return (ret); +} -int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type) - { - int ret=0; - BIO *in=NULL; - int i,count=0; - X509_CRL *x=NULL; +int +X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type) +{ + int ret = 0; + BIO *in = NULL; + int i, count = 0; + X509_CRL *x = NULL; - if (file == NULL) return(1); - in=BIO_new(BIO_s_file_internal()); + if (file == NULL) + return (1); + in = BIO_new(BIO_s_file_internal()); - if ((in == NULL) || (BIO_read_filename(in,file) <= 0)) - { - X509err(X509_F_X509_LOAD_CRL_FILE,ERR_R_SYS_LIB); + if ((in == NULL) || (BIO_read_filename(in, file) <= 0)) { + X509error(ERR_R_SYS_LIB); goto err; - } + } - if (type == X509_FILETYPE_PEM) - { - for (;;) - { - x=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL); - if (x == NULL) - { - if ((ERR_GET_REASON(ERR_peek_error()) == - PEM_R_NO_START_LINE) && (count > 0)) - { + if (type == X509_FILETYPE_PEM) { + for (;;) { + x = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL); + if (x == NULL) { + if ((ERR_GET_REASON(ERR_peek_last_error()) == + PEM_R_NO_START_LINE) && (count > 0)) { ERR_clear_error(); break; - } - else - { - X509err(X509_F_X509_LOAD_CRL_FILE, - ERR_R_PEM_LIB); + } else { + X509error(ERR_R_PEM_LIB); goto err; - } } - i=X509_STORE_add_crl(ctx->store_ctx,x); - if (!i) goto err; + } + i = X509_STORE_add_crl(ctx->store_ctx, x); + if (!i) + goto err; count++; X509_CRL_free(x); - x=NULL; - } - ret=count; + x = NULL; } - else if (type == X509_FILETYPE_ASN1) - { - x=d2i_X509_CRL_bio(in,NULL); - if (x == NULL) - { - X509err(X509_F_X509_LOAD_CRL_FILE,ERR_R_ASN1_LIB); + ret = count; + } else if (type == X509_FILETYPE_ASN1) { + x = d2i_X509_CRL_bio(in, NULL); + if (x == NULL) { + X509error(ERR_R_ASN1_LIB); goto err; - } - i=X509_STORE_add_crl(ctx->store_ctx,x); - if (!i) goto err; - ret=i; } - else - { - X509err(X509_F_X509_LOAD_CRL_FILE,X509_R_BAD_X509_FILETYPE); + i = X509_STORE_add_crl(ctx->store_ctx, x); + if (!i) + goto err; + ret = i; + } else { + X509error(X509_R_BAD_X509_FILETYPE); goto err; - } -err: - if (x != NULL) X509_CRL_free(x); - if (in != NULL) BIO_free(in); - return(ret); } +err: + if (x != NULL) + X509_CRL_free(x); + BIO_free(in); + return (ret); +} -int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type) +int +X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type) { STACK_OF(X509_INFO) *inf; X509_INFO *itmp; BIO *in; int i, count = 0; - if(type != X509_FILETYPE_PEM) + if (type != X509_FILETYPE_PEM) return X509_load_cert_file(ctx, file, type); in = BIO_new_file(file, "r"); - if(!in) { - X509err(X509_F_X509_LOAD_CERT_CRL_FILE,ERR_R_SYS_LIB); + if (!in) { + X509error(ERR_R_SYS_LIB); return 0; } inf = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL); BIO_free(in); - if(!inf) { - X509err(X509_F_X509_LOAD_CERT_CRL_FILE,ERR_R_PEM_LIB); + if (!inf) { + X509error(ERR_R_PEM_LIB); return 0; } - for(i = 0; i < sk_X509_INFO_num(inf); i++) { + for (i = 0; i < sk_X509_INFO_num(inf); i++) { itmp = sk_X509_INFO_value(inf, i); - if(itmp->x509) { + if (itmp->x509) { X509_STORE_add_cert(ctx->store_ctx, itmp->x509); count++; - } else if(itmp->crl) { + } + if (itmp->crl) { X509_STORE_add_crl(ctx->store_ctx, itmp->crl); count++; } @@ -293,6 +269,3 @@ int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type) return count; } - -#endif /* OPENSSL_NO_STDIO */ - diff --git a/src/lib/libcrypto/x509/by_mem.c b/src/lib/libcrypto/x509/by_mem.c new file mode 100644 index 00000000000..34d4040d848 --- /dev/null +++ b/src/lib/libcrypto/x509/by_mem.c @@ -0,0 +1,138 @@ +/* $OpenBSD: by_mem.c,v 1.4 2017/01/29 17:49:23 beck Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include + +static int by_mem_ctrl(X509_LOOKUP *, int, const char *, long, char **); + +static X509_LOOKUP_METHOD x509_mem_lookup = { + .name = "Load cert from memory", + .new_item = NULL, + .free = NULL, + .init = NULL, + .shutdown = NULL, + .ctrl = by_mem_ctrl, + .get_by_subject = NULL, + .get_by_issuer_serial = NULL, + .get_by_fingerprint = NULL, + .get_by_alias = NULL, +}; + +X509_LOOKUP_METHOD * +X509_LOOKUP_mem(void) +{ + return (&x509_mem_lookup); +} + +static int +by_mem_ctrl(X509_LOOKUP *lu, int cmd, const char *buf, + long type, char **ret) +{ + STACK_OF(X509_INFO) *inf = NULL; + const struct iovec *iov; + X509_INFO *itmp; + BIO *in = NULL; + int i, count = 0, ok = 0; + + iov = (const struct iovec *)buf; + + if (!(cmd == X509_L_MEM && type == X509_FILETYPE_PEM)) + goto done; + + if ((in = BIO_new_mem_buf(iov->iov_base, iov->iov_len)) == NULL) + goto done; + + if ((inf = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL)) == NULL) + goto done; + + for (i = 0; i < sk_X509_INFO_num(inf); i++) { + itmp = sk_X509_INFO_value(inf, i); + if (itmp->x509) { + ok = X509_STORE_add_cert(lu->store_ctx, itmp->x509); + if (!ok) + goto done; + count++; + } + if (itmp->crl) { + ok = X509_STORE_add_crl(lu->store_ctx, itmp->crl); + if (!ok) + goto done; + count++; + } + } + + ok = count != 0; + done: + if (count == 0) + X509error(ERR_R_PEM_LIB); + if (inf != NULL) + sk_X509_INFO_pop_free(inf, X509_INFO_free); + if (in != NULL) + BIO_free(in); + return (ok); +} diff --git a/src/lib/libcrypto/x509/vpm_int.h b/src/lib/libcrypto/x509/vpm_int.h new file mode 100644 index 00000000000..7fc9fef761b --- /dev/null +++ b/src/lib/libcrypto/x509/vpm_int.h @@ -0,0 +1,75 @@ +/* $OpenBSD: vpm_int.h,v 1.4 2018/04/06 07:08:20 beck Exp $ */ +/* + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 2013. + */ +/* ==================================================================== + * Copyright (c) 2013 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +__BEGIN_HIDDEN_DECLS + +/* internal only structure to hold additional X509_VERIFY_PARAM data */ + +struct X509_VERIFY_PARAM_ID_st { + STACK_OF(OPENSSL_STRING) *hosts; /* Set of acceptable names */ + unsigned int hostflags; /* Flags to control matching features */ + char *peername; /* Matching hostname in peer certificate */ + char *email; /* If not NULL email address to match */ + size_t emaillen; + unsigned char *ip; /* If not NULL IP address to match */ + size_t iplen; /* Length of IP address */ + int poisoned; +}; + +__END_HIDDEN_DECLS diff --git a/src/lib/libcrypto/x509/x509.h b/src/lib/libcrypto/x509/x509.h index c75aa0c7174..c66dfa6a48f 100644 --- a/src/lib/libcrypto/x509/x509.h +++ b/src/lib/libcrypto/x509/x509.h @@ -1,4 +1,4 @@ -/* crypto/x509/x509.h */ +/* $OpenBSD: x509.h,v 1.74 2018/08/24 20:26:03 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -55,11 +55,17 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * ECDH support in OpenSSL originally developed by + * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. + */ #ifndef HEADER_X509_H #define HEADER_X509_H -#include +#include + #ifndef OPENSSL_NO_BUFFER #include #endif @@ -73,33 +79,39 @@ #include #include +#ifndef OPENSSL_NO_EC +#include +#endif + +#ifndef OPENSSL_NO_ECDSA +#include +#endif + +#ifndef OPENSSL_NO_ECDH +#include +#endif + +#ifndef OPENSSL_NO_DEPRECATED #ifndef OPENSSL_NO_RSA #include #endif - #ifndef OPENSSL_NO_DSA #include #endif - #ifndef OPENSSL_NO_DH #include #endif +#endif + #ifndef OPENSSL_NO_SHA #include #endif -#include -#include #include #ifdef __cplusplus extern "C" { #endif -#ifdef OPENSSL_SYS_WIN32 -/* Under Win32 this is defined in wincrypt.h */ -#undef X509_NAME -#endif - #define X509_FILETYPE_PEM 1 #define X509_FILETYPE_ASN1 2 #define X509_FILETYPE_DEFAULT 3 @@ -118,8 +130,8 @@ extern "C" { typedef struct X509_objects_st { int nid; - int (*a2i)(); - int (*i2a)(); + int (*a2i)(void); + int (*i2a)(void); } X509_OBJECTS; struct X509_algor_st @@ -128,8 +140,8 @@ struct X509_algor_st ASN1_TYPE *parameter; } /* X509_ALGOR */; -DECLARE_STACK_OF(X509_ALGOR) -DECLARE_ASN1_SET_OF(X509_ALGOR) + +typedef STACK_OF(X509_ALGOR) X509_ALGORS; typedef struct X509_val_st { @@ -137,12 +149,12 @@ typedef struct X509_val_st ASN1_TIME *notAfter; } X509_VAL; -typedef struct X509_pubkey_st +struct X509_pubkey_st { X509_ALGOR *algor; ASN1_BIT_STRING *public_key; EVP_PKEY *pkey; - } X509_PUBKEY; + }; typedef struct X509_sig_st { @@ -159,7 +171,6 @@ typedef struct X509_name_entry_st } X509_NAME_ENTRY; DECLARE_STACK_OF(X509_NAME_ENTRY) -DECLARE_ASN1_SET_OF(X509_NAME_ENTRY) /* we always keep X509_NAMEs in 2 forms. */ struct X509_name_st @@ -171,7 +182,9 @@ struct X509_name_st #else char *bytes; #endif - unsigned long hash; /* Keep the hash around for lookups */ +/* unsigned long hash; Keep the hash around for lookups */ + unsigned char *canon_enc; + int canon_enclen; } /* X509_NAME */; DECLARE_STACK_OF(X509_NAME) @@ -185,8 +198,9 @@ typedef struct X509_extension_st ASN1_OCTET_STRING *value; } X509_EXTENSION; +typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS; + DECLARE_STACK_OF(X509_EXTENSION) -DECLARE_ASN1_SET_OF(X509_EXTENSION) /* a sequence of these are used */ typedef struct x509_attributes_st @@ -201,7 +215,6 @@ typedef struct x509_attributes_st } X509_ATTRIBUTE; DECLARE_STACK_OF(X509_ATTRIBUTE) -DECLARE_ASN1_SET_OF(X509_ATTRIBUTE) typedef struct X509_req_info_st @@ -234,6 +247,7 @@ typedef struct x509_cinf_st ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */ ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */ STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */ + ASN1_ENCODING enc; } X509_CINF; /* This stuff is certificate "auxiliary info" @@ -262,12 +276,17 @@ struct x509_st CRYPTO_EX_DATA ex_data; /* These contain copies of various extension values */ long ex_pathlen; + long ex_pcpathlen; unsigned long ex_flags; unsigned long ex_kusage; unsigned long ex_xkusage; unsigned long ex_nscert; ASN1_OCTET_STRING *skid; - struct AUTHORITY_KEYID_st *akid; + AUTHORITY_KEYID *akid; + X509_POLICY_CACHE *policy_cache; + STACK_OF(DIST_POINT) *crldp; + STACK_OF(GENERAL_NAME) *altname; + NAME_CONSTRAINTS *nc; #ifndef OPENSSL_NO_SHA unsigned char sha1_hash[SHA_DIGEST_LENGTH]; #endif @@ -275,7 +294,6 @@ struct x509_st } /* X509 */; DECLARE_STACK_OF(X509) -DECLARE_ASN1_SET_OF(X509) /* This is used for a table of trust checking functions */ @@ -290,6 +308,11 @@ typedef struct x509_trust_st { DECLARE_STACK_OF(X509_TRUST) +typedef struct x509_cert_pair_st { + X509 *forward; + X509 *reverse; +} X509_CERT_PAIR; + /* standard trust ids */ #define X509_TRUST_DEFAULT -1 /* Only valid in purpose settings */ @@ -301,10 +324,11 @@ DECLARE_STACK_OF(X509_TRUST) #define X509_TRUST_OBJECT_SIGN 5 #define X509_TRUST_OCSP_SIGN 6 #define X509_TRUST_OCSP_REQUEST 7 +#define X509_TRUST_TSA 8 /* Keep these up to date! */ #define X509_TRUST_MIN 1 -#define X509_TRUST_MAX 7 +#define X509_TRUST_MAX 8 /* trust_flags values */ @@ -331,6 +355,7 @@ DECLARE_STACK_OF(X509_TRUST) #define X509_FLAG_NO_EXTENSIONS (1L << 8) #define X509_FLAG_NO_SIGDUMP (1L << 9) #define X509_FLAG_NO_AUX (1L << 10) +#define X509_FLAG_NO_ATTRIBUTES (1L << 11) /* Flags specific to X509_NAME_print_ex() */ @@ -390,16 +415,19 @@ DECLARE_STACK_OF(X509_TRUST) XN_FLAG_FN_LN | \ XN_FLAG_FN_ALIGN) -typedef struct X509_revoked_st +struct x509_revoked_st { ASN1_INTEGER *serialNumber; ASN1_TIME *revocationDate; STACK_OF(X509_EXTENSION) /* optional */ *extensions; + /* Set up if indirect CRL */ + STACK_OF(GENERAL_NAME) *issuer; + /* Revocation reason */ + int reason; int sequence; /* load sequence */ - } X509_REVOKED; + }; DECLARE_STACK_OF(X509_REVOKED) -DECLARE_ASN1_SET_OF(X509_REVOKED) typedef struct X509_crl_info_st { @@ -410,6 +438,7 @@ typedef struct X509_crl_info_st ASN1_TIME *nextUpdate; STACK_OF(X509_REVOKED) *revoked; STACK_OF(X509_EXTENSION) /* [0] */ *extensions; + ASN1_ENCODING enc; } X509_CRL_INFO; struct X509_crl_st @@ -419,10 +448,25 @@ struct X509_crl_st X509_ALGOR *sig_alg; ASN1_BIT_STRING *signature; int references; + int flags; + /* Copies of various extensions */ + AUTHORITY_KEYID *akid; + ISSUING_DIST_POINT *idp; + /* Convenient breakdown of IDP */ + int idp_flags; + int idp_reasons; + /* CRL and base CRL numbers for delta processing */ + ASN1_INTEGER *crl_number; + ASN1_INTEGER *base_crl_number; +#ifndef OPENSSL_NO_SHA + unsigned char sha1_hash[SHA_DIGEST_LENGTH]; +#endif + STACK_OF(GENERAL_NAMES) *issuers; + const X509_CRL_METHOD *meth; + void *meth_data; } /* X509_CRL */; DECLARE_STACK_OF(X509_CRL) -DECLARE_ASN1_SET_OF(X509_CRL) typedef struct private_key_st { @@ -486,10 +530,12 @@ typedef struct Netscape_certificate_sequence STACK_OF(X509) *certs; } NETSCAPE_CERT_SEQUENCE; +/* Unused (and iv length is wrong) typedef struct CBCParameter_st { unsigned char iv[8]; } CBC_PARAM; +*/ /* Password based encryption structure */ @@ -515,18 +561,12 @@ X509_ALGOR *prf; /* PKCS#8 private key info structure */ -typedef struct pkcs8_priv_key_info_st - { - int broken; /* Flag for various broken formats */ -#define PKCS8_OK 0 -#define PKCS8_NO_OCTET 1 -#define PKCS8_EMBEDDED_PARAM 2 -#define PKCS8_NS_DB 3 +struct pkcs8_priv_key_info_st { ASN1_INTEGER *version; X509_ALGOR *pkeyalg; - ASN1_TYPE *pkey; /* Should be OCTET STRING but some are broken */ + ASN1_OCTET_STRING *pkey; STACK_OF(X509_ATTRIBUTE) *attributes; - } PKCS8_PRIV_KEY_INFO; +}; #ifdef __cplusplus } @@ -539,159 +579,43 @@ typedef struct pkcs8_priv_key_info_st extern "C" { #endif -#ifdef SSLEAY_MACROS -#define X509_verify(a,r) ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg,\ - a->signature,(char *)a->cert_info,r) -#define X509_REQ_verify(a,r) ASN1_verify((int (*)())i2d_X509_REQ_INFO, \ - a->sig_alg,a->signature,(char *)a->req_info,r) -#define X509_CRL_verify(a,r) ASN1_verify((int (*)())i2d_X509_CRL_INFO, \ - a->sig_alg, a->signature,(char *)a->crl,r) - -#define X509_sign(x,pkey,md) \ - ASN1_sign((int (*)())i2d_X509_CINF, x->cert_info->signature, \ - x->sig_alg, x->signature, (char *)x->cert_info,pkey,md) -#define X509_REQ_sign(x,pkey,md) \ - ASN1_sign((int (*)())i2d_X509_REQ_INFO,x->sig_alg, NULL, \ - x->signature, (char *)x->req_info,pkey,md) -#define X509_CRL_sign(x,pkey,md) \ - ASN1_sign((int (*)())i2d_X509_CRL_INFO,x->crl->sig_alg,x->sig_alg, \ - x->signature, (char *)x->crl,pkey,md) -#define NETSCAPE_SPKI_sign(x,pkey,md) \ - ASN1_sign((int (*)())i2d_NETSCAPE_SPKAC, x->sig_algor,NULL, \ - x->signature, (char *)x->spkac,pkey,md) - -#define X509_dup(x509) (X509 *)ASN1_dup((int (*)())i2d_X509, \ - (char *(*)())d2i_X509,(char *)x509) -#define X509_ATTRIBUTE_dup(xa) (X509_ATTRIBUTE *)ASN1_dup(\ - (int (*)())i2d_X509_ATTRIBUTE, \ - (char *(*)())d2i_X509_ATTRIBUTE,(char *)xa) -#define X509_EXTENSION_dup(ex) (X509_EXTENSION *)ASN1_dup( \ - (int (*)())i2d_X509_EXTENSION, \ - (char *(*)())d2i_X509_EXTENSION,(char *)ex) -#define d2i_X509_fp(fp,x509) (X509 *)ASN1_d2i_fp((char *(*)())X509_new, \ - (char *(*)())d2i_X509, (fp),(unsigned char **)(x509)) -#define i2d_X509_fp(fp,x509) ASN1_i2d_fp(i2d_X509,fp,(unsigned char *)x509) -#define d2i_X509_bio(bp,x509) (X509 *)ASN1_d2i_bio((char *(*)())X509_new, \ - (char *(*)())d2i_X509, (bp),(unsigned char **)(x509)) -#define i2d_X509_bio(bp,x509) ASN1_i2d_bio(i2d_X509,bp,(unsigned char *)x509) - -#define X509_CRL_dup(crl) (X509_CRL *)ASN1_dup((int (*)())i2d_X509_CRL, \ - (char *(*)())d2i_X509_CRL,(char *)crl) -#define d2i_X509_CRL_fp(fp,crl) (X509_CRL *)ASN1_d2i_fp((char *(*)()) \ - X509_CRL_new,(char *(*)())d2i_X509_CRL, (fp),\ - (unsigned char **)(crl)) -#define i2d_X509_CRL_fp(fp,crl) ASN1_i2d_fp(i2d_X509_CRL,fp,\ - (unsigned char *)crl) -#define d2i_X509_CRL_bio(bp,crl) (X509_CRL *)ASN1_d2i_bio((char *(*)()) \ - X509_CRL_new,(char *(*)())d2i_X509_CRL, (bp),\ - (unsigned char **)(crl)) -#define i2d_X509_CRL_bio(bp,crl) ASN1_i2d_bio(i2d_X509_CRL,bp,\ - (unsigned char *)crl) - -#define PKCS7_dup(p7) (PKCS7 *)ASN1_dup((int (*)())i2d_PKCS7, \ - (char *(*)())d2i_PKCS7,(char *)p7) -#define d2i_PKCS7_fp(fp,p7) (PKCS7 *)ASN1_d2i_fp((char *(*)()) \ - PKCS7_new,(char *(*)())d2i_PKCS7, (fp),\ - (unsigned char **)(p7)) -#define i2d_PKCS7_fp(fp,p7) ASN1_i2d_fp(i2d_PKCS7,fp,\ - (unsigned char *)p7) -#define d2i_PKCS7_bio(bp,p7) (PKCS7 *)ASN1_d2i_bio((char *(*)()) \ - PKCS7_new,(char *(*)())d2i_PKCS7, (bp),\ - (unsigned char **)(p7)) -#define i2d_PKCS7_bio(bp,p7) ASN1_i2d_bio(i2d_PKCS7,bp,\ - (unsigned char *)p7) - -#define X509_REQ_dup(req) (X509_REQ *)ASN1_dup((int (*)())i2d_X509_REQ, \ - (char *(*)())d2i_X509_REQ,(char *)req) -#define d2i_X509_REQ_fp(fp,req) (X509_REQ *)ASN1_d2i_fp((char *(*)())\ - X509_REQ_new, (char *(*)())d2i_X509_REQ, (fp),\ - (unsigned char **)(req)) -#define i2d_X509_REQ_fp(fp,req) ASN1_i2d_fp(i2d_X509_REQ,fp,\ - (unsigned char *)req) -#define d2i_X509_REQ_bio(bp,req) (X509_REQ *)ASN1_d2i_bio((char *(*)())\ - X509_REQ_new, (char *(*)())d2i_X509_REQ, (bp),\ - (unsigned char **)(req)) -#define i2d_X509_REQ_bio(bp,req) ASN1_i2d_bio(i2d_X509_REQ,bp,\ - (unsigned char *)req) - -#define RSAPublicKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPublicKey, \ - (char *(*)())d2i_RSAPublicKey,(char *)rsa) -#define RSAPrivateKey_dup(rsa) (RSA *)ASN1_dup((int (*)())i2d_RSAPrivateKey, \ - (char *(*)())d2i_RSAPrivateKey,(char *)rsa) - -#define d2i_RSAPrivateKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\ - RSA_new,(char *(*)())d2i_RSAPrivateKey, (fp), \ - (unsigned char **)(rsa)) -#define i2d_RSAPrivateKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPrivateKey,fp, \ - (unsigned char *)rsa) -#define d2i_RSAPrivateKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\ - RSA_new,(char *(*)())d2i_RSAPrivateKey, (bp), \ - (unsigned char **)(rsa)) -#define i2d_RSAPrivateKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPrivateKey,bp, \ - (unsigned char *)rsa) - -#define d2i_RSAPublicKey_fp(fp,rsa) (RSA *)ASN1_d2i_fp((char *(*)())\ - RSA_new,(char *(*)())d2i_RSAPublicKey, (fp), \ - (unsigned char **)(rsa)) -#define i2d_RSAPublicKey_fp(fp,rsa) ASN1_i2d_fp(i2d_RSAPublicKey,fp, \ - (unsigned char *)rsa) -#define d2i_RSAPublicKey_bio(bp,rsa) (RSA *)ASN1_d2i_bio((char *(*)())\ - RSA_new,(char *(*)())d2i_RSAPublicKey, (bp), \ - (unsigned char **)(rsa)) -#define i2d_RSAPublicKey_bio(bp,rsa) ASN1_i2d_bio(i2d_RSAPublicKey,bp, \ - (unsigned char *)rsa) - -#define d2i_DSAPrivateKey_fp(fp,dsa) (DSA *)ASN1_d2i_fp((char *(*)())\ - DSA_new,(char *(*)())d2i_DSAPrivateKey, (fp), \ - (unsigned char **)(dsa)) -#define i2d_DSAPrivateKey_fp(fp,dsa) ASN1_i2d_fp(i2d_DSAPrivateKey,fp, \ - (unsigned char *)dsa) -#define d2i_DSAPrivateKey_bio(bp,dsa) (DSA *)ASN1_d2i_bio((char *(*)())\ - DSA_new,(char *(*)())d2i_DSAPrivateKey, (bp), \ - (unsigned char **)(dsa)) -#define i2d_DSAPrivateKey_bio(bp,dsa) ASN1_i2d_bio(i2d_DSAPrivateKey,bp, \ - (unsigned char *)dsa) - -#define X509_ALGOR_dup(xn) (X509_ALGOR *)ASN1_dup((int (*)())i2d_X509_ALGOR,\ - (char *(*)())d2i_X509_ALGOR,(char *)xn) - -#define X509_NAME_dup(xn) (X509_NAME *)ASN1_dup((int (*)())i2d_X509_NAME, \ - (char *(*)())d2i_X509_NAME,(char *)xn) -#define X509_NAME_ENTRY_dup(ne) (X509_NAME_ENTRY *)ASN1_dup( \ - (int (*)())i2d_X509_NAME_ENTRY, \ - (char *(*)())d2i_X509_NAME_ENTRY,\ - (char *)ne) - -#define X509_digest(data,type,md,len) \ - ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len) -#define X509_NAME_digest(data,type,md,len) \ - ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len) -#ifndef PKCS7_ISSUER_AND_SERIAL_digest -#define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \ - ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\ - (char *)data,md,len) -#endif -#endif - #define X509_EXT_PACK_UNKNOWN 1 #define X509_EXT_PACK_STRING 2 -#define X509_get_version(x) ASN1_INTEGER_get((x)->cert_info->version) -/* #define X509_get_serialNumber(x) ((x)->cert_info->serialNumber) */ -#define X509_get_notBefore(x) ((x)->cert_info->validity->notBefore) -#define X509_get_notAfter(x) ((x)->cert_info->validity->notAfter) #define X509_extract_key(x) X509_get_pubkey(x) /*****/ -#define X509_REQ_get_version(x) ASN1_INTEGER_get((x)->req_info->version) -#define X509_REQ_get_subject_name(x) ((x)->req_info->subject) #define X509_REQ_extract_key(a) X509_REQ_get_pubkey(a) #define X509_name_cmp(a,b) X509_NAME_cmp((a),(b)) -#define X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm)) -#define X509_CRL_get_version(x) ASN1_INTEGER_get((x)->crl->version) -#define X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate) -#define X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate) -#define X509_CRL_get_issuer(x) ((x)->crl->issuer) -#define X509_CRL_get_REVOKED(x) ((x)->crl->revoked) +int X509_CRL_up_ref(X509_CRL *x); +int X509_CRL_get_signature_nid(const X509_CRL *crl); + +const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl); +long X509_CRL_get_version(const X509_CRL *crl); +const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl); +const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl); +ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl); +ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl); +X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl); +STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl); +void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg); + +int X509_REQ_get_signature_nid(const X509_REQ *req); + +void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg); + +void X509_CRL_set_default_method(const X509_CRL_METHOD *meth); +X509_CRL_METHOD *X509_CRL_METHOD_new( + int (*crl_init)(X509_CRL *crl), + int (*crl_free)(X509_CRL *crl), + int (*crl_lookup)(X509_CRL *crl, X509_REVOKED **ret, + ASN1_INTEGER *ser, X509_NAME *issuer), + int (*crl_verify)(X509_CRL *crl, EVP_PKEY *pk)); +void X509_CRL_METHOD_free(X509_CRL_METHOD *m); + +void X509_CRL_set_meth_data(X509_CRL *crl, void *dat); +void *X509_CRL_get_meth_data(X509_CRL *crl); /* This one is only used so that a binary form can output, as in * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) */ @@ -700,7 +624,6 @@ extern "C" { const char *X509_verify_cert_error_string(long n); -#ifndef SSLEAY_MACROS #ifndef OPENSSL_NO_EVP int X509_verify(X509 *a, EVP_PKEY *r); @@ -715,11 +638,16 @@ int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey); int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki); -int X509_signature_print(BIO *bp,X509_ALGOR *alg, ASN1_STRING *sig); +int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent); +int X509_signature_print(BIO *bp, const X509_ALGOR *alg, + const ASN1_STRING *sig); int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); +int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx); int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md); +int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx); int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md); +int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx); int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md); int X509_pubkey_digest(const X509 *data,const EVP_MD *type, @@ -734,7 +662,6 @@ int X509_NAME_digest(const X509_NAME *data,const EVP_MD *type, unsigned char *md, unsigned int *len); #endif -#ifndef OPENSSL_NO_FP_API X509 *d2i_X509_fp(FILE *fp, X509 **x509); int i2d_X509_fp(FILE *fp,X509 *x509); X509_CRL *d2i_X509_CRL_fp(FILE *fp,X509_CRL **crl); @@ -752,9 +679,14 @@ int i2d_RSA_PUBKEY_fp(FILE *fp,RSA *rsa); #ifndef OPENSSL_NO_DSA DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa); int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa); -DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa); int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa); #endif +#ifndef OPENSSL_NO_EC +EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey); +int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey); +EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey); +int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey); +#endif X509_SIG *d2i_PKCS8_fp(FILE *fp,X509_SIG **p8); int i2d_PKCS8_fp(FILE *fp,X509_SIG *p8); PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, @@ -765,7 +697,6 @@ int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey); EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a); int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey); EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a); -#endif #ifndef OPENSSL_NO_BIO X509 *d2i_X509_bio(BIO *bp,X509 **x509); @@ -788,6 +719,12 @@ int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa); DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa); int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa); #endif +#ifndef OPENSSL_NO_EC +EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey); +int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *eckey); +EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey); +int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey); +#endif X509_SIG *d2i_PKCS8_bio(BIO *bp,X509_SIG **p8); int i2d_PKCS8_bio(BIO *bp,X509_SIG *p8); PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, @@ -806,18 +743,21 @@ X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex); X509_CRL *X509_CRL_dup(X509_CRL *crl); X509_REQ *X509_REQ_dup(X509_REQ *req); X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn); +int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval); +void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype, const void **ppval, + const X509_ALGOR *algor); +void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md); +int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b); + X509_NAME *X509_NAME_dup(X509_NAME *xn); +int X509_NAME_get0_der(X509_NAME *nm, const unsigned char **pder, size_t *pderlen); X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne); -#ifndef OPENSSL_NO_RSA -RSA *RSAPublicKey_dup(RSA *rsa); -RSA *RSAPrivateKey_dup(RSA *rsa); -#endif -#endif /* !SSLEAY_MACROS */ - -int X509_cmp_time(ASN1_TIME *s, time_t *t); -int X509_cmp_current_time(ASN1_TIME *s); +int X509_cmp_time(const ASN1_TIME *s, time_t *t); +int X509_cmp_current_time(const ASN1_TIME *s); ASN1_TIME * X509_time_adj(ASN1_TIME *s, long adj, time_t *t); +ASN1_TIME * X509_time_adj_ex(ASN1_TIME *s, + int offset_day, long offset_sec, time_t *t); ASN1_TIME * X509_gmtime_adj(ASN1_TIME *s, long adj); const char * X509_get_default_cert_area(void ); @@ -830,95 +770,187 @@ const char * X509_get_default_private_dir(void ); X509_REQ * X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); X509 * X509_REQ_to_X509(X509_REQ *r, int days,EVP_PKEY *pkey); -DECLARE_ASN1_FUNCTIONS(X509_ALGOR) -DECLARE_ASN1_FUNCTIONS(X509_VAL) - -DECLARE_ASN1_FUNCTIONS(X509_PUBKEY) +X509_ALGOR *X509_ALGOR_new(void); +void X509_ALGOR_free(X509_ALGOR *a); +X509_ALGOR *d2i_X509_ALGOR(X509_ALGOR **a, const unsigned char **in, long len); +int i2d_X509_ALGOR(X509_ALGOR *a, unsigned char **out); +extern const ASN1_ITEM X509_ALGOR_it; +X509_ALGORS *d2i_X509_ALGORS(X509_ALGORS **a, const unsigned char **in, long len); +int i2d_X509_ALGORS(X509_ALGORS *a, unsigned char **out); +extern const ASN1_ITEM X509_ALGORS_it; +X509_VAL *X509_VAL_new(void); +void X509_VAL_free(X509_VAL *a); +X509_VAL *d2i_X509_VAL(X509_VAL **a, const unsigned char **in, long len); +int i2d_X509_VAL(X509_VAL *a, unsigned char **out); +extern const ASN1_ITEM X509_VAL_it; + +X509_PUBKEY *X509_PUBKEY_new(void); +void X509_PUBKEY_free(X509_PUBKEY *a); +X509_PUBKEY *d2i_X509_PUBKEY(X509_PUBKEY **a, const unsigned char **in, long len); +int i2d_X509_PUBKEY(X509_PUBKEY *a, unsigned char **out); +extern const ASN1_ITEM X509_PUBKEY_it; int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey); EVP_PKEY * X509_PUBKEY_get(X509_PUBKEY *key); +EVP_PKEY * X509_PUBKEY_get0(X509_PUBKEY *key); int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain); int i2d_PUBKEY(EVP_PKEY *a,unsigned char **pp); -EVP_PKEY * d2i_PUBKEY(EVP_PKEY **a,unsigned char **pp, +EVP_PKEY * d2i_PUBKEY(EVP_PKEY **a,const unsigned char **pp, long length); #ifndef OPENSSL_NO_RSA int i2d_RSA_PUBKEY(RSA *a,unsigned char **pp); -RSA * d2i_RSA_PUBKEY(RSA **a,unsigned char **pp, +RSA * d2i_RSA_PUBKEY(RSA **a,const unsigned char **pp, long length); #endif #ifndef OPENSSL_NO_DSA int i2d_DSA_PUBKEY(DSA *a,unsigned char **pp); -DSA * d2i_DSA_PUBKEY(DSA **a,unsigned char **pp, +DSA * d2i_DSA_PUBKEY(DSA **a,const unsigned char **pp, + long length); +#endif +#ifndef OPENSSL_NO_EC +int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp); +EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length); #endif -DECLARE_ASN1_FUNCTIONS(X509_SIG) -DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO) -DECLARE_ASN1_FUNCTIONS(X509_REQ) - -DECLARE_ASN1_FUNCTIONS(X509_ATTRIBUTE) +X509_SIG *X509_SIG_new(void); +void X509_SIG_free(X509_SIG *a); +X509_SIG *d2i_X509_SIG(X509_SIG **a, const unsigned char **in, long len); +int i2d_X509_SIG(X509_SIG *a, unsigned char **out); +extern const ASN1_ITEM X509_SIG_it; +X509_REQ_INFO *X509_REQ_INFO_new(void); +void X509_REQ_INFO_free(X509_REQ_INFO *a); +X509_REQ_INFO *d2i_X509_REQ_INFO(X509_REQ_INFO **a, const unsigned char **in, long len); +int i2d_X509_REQ_INFO(X509_REQ_INFO *a, unsigned char **out); +extern const ASN1_ITEM X509_REQ_INFO_it; +X509_REQ *X509_REQ_new(void); +void X509_REQ_free(X509_REQ *a); +X509_REQ *d2i_X509_REQ(X509_REQ **a, const unsigned char **in, long len); +int i2d_X509_REQ(X509_REQ *a, unsigned char **out); +extern const ASN1_ITEM X509_REQ_it; + +X509_ATTRIBUTE *X509_ATTRIBUTE_new(void); +void X509_ATTRIBUTE_free(X509_ATTRIBUTE *a); +X509_ATTRIBUTE *d2i_X509_ATTRIBUTE(X509_ATTRIBUTE **a, const unsigned char **in, long len); +int i2d_X509_ATTRIBUTE(X509_ATTRIBUTE *a, unsigned char **out); +extern const ASN1_ITEM X509_ATTRIBUTE_it; X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value); -DECLARE_ASN1_FUNCTIONS(X509_EXTENSION) - -DECLARE_ASN1_FUNCTIONS(X509_NAME_ENTRY) - -DECLARE_ASN1_FUNCTIONS(X509_NAME) +X509_EXTENSION *X509_EXTENSION_new(void); +void X509_EXTENSION_free(X509_EXTENSION *a); +X509_EXTENSION *d2i_X509_EXTENSION(X509_EXTENSION **a, const unsigned char **in, long len); +int i2d_X509_EXTENSION(X509_EXTENSION *a, unsigned char **out); +extern const ASN1_ITEM X509_EXTENSION_it; +X509_EXTENSIONS *d2i_X509_EXTENSIONS(X509_EXTENSIONS **a, const unsigned char **in, long len); +int i2d_X509_EXTENSIONS(X509_EXTENSIONS *a, unsigned char **out); +extern const ASN1_ITEM X509_EXTENSIONS_it; + +X509_NAME_ENTRY *X509_NAME_ENTRY_new(void); +void X509_NAME_ENTRY_free(X509_NAME_ENTRY *a); +X509_NAME_ENTRY *d2i_X509_NAME_ENTRY(X509_NAME_ENTRY **a, const unsigned char **in, long len); +int i2d_X509_NAME_ENTRY(X509_NAME_ENTRY *a, unsigned char **out); +extern const ASN1_ITEM X509_NAME_ENTRY_it; + +X509_NAME *X509_NAME_new(void); +void X509_NAME_free(X509_NAME *a); +X509_NAME *d2i_X509_NAME(X509_NAME **a, const unsigned char **in, long len); +int i2d_X509_NAME(X509_NAME *a, unsigned char **out); +extern const ASN1_ITEM X509_NAME_it; int X509_NAME_set(X509_NAME **xn, X509_NAME *name); -DECLARE_ASN1_FUNCTIONS(X509_CINF) - -DECLARE_ASN1_FUNCTIONS(X509) -DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX) +X509_CINF *X509_CINF_new(void); +void X509_CINF_free(X509_CINF *a); +X509_CINF *d2i_X509_CINF(X509_CINF **a, const unsigned char **in, long len); +int i2d_X509_CINF(X509_CINF *a, unsigned char **out); +extern const ASN1_ITEM X509_CINF_it; + +X509 *X509_new(void); +void X509_free(X509 *a); +X509 *d2i_X509(X509 **a, const unsigned char **in, long len); +int i2d_X509(X509 *a, unsigned char **out); +extern const ASN1_ITEM X509_it; +X509_CERT_AUX *X509_CERT_AUX_new(void); +void X509_CERT_AUX_free(X509_CERT_AUX *a); +X509_CERT_AUX *d2i_X509_CERT_AUX(X509_CERT_AUX **a, const unsigned char **in, long len); +int i2d_X509_CERT_AUX(X509_CERT_AUX *a, unsigned char **out); +extern const ASN1_ITEM X509_CERT_AUX_it; + +X509_CERT_PAIR *X509_CERT_PAIR_new(void); +void X509_CERT_PAIR_free(X509_CERT_PAIR *a); +X509_CERT_PAIR *d2i_X509_CERT_PAIR(X509_CERT_PAIR **a, const unsigned char **in, long len); +int i2d_X509_CERT_PAIR(X509_CERT_PAIR *a, unsigned char **out); +extern const ASN1_ITEM X509_CERT_PAIR_it; int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); int X509_set_ex_data(X509 *r, int idx, void *arg); void *X509_get_ex_data(X509 *r, int idx); int i2d_X509_AUX(X509 *a,unsigned char **pp); -X509 * d2i_X509_AUX(X509 **a,unsigned char **pp,long length); - -int X509_alias_set1(X509 *x, unsigned char *name, int len); -int X509_keyid_set1(X509 *x, unsigned char *id, int len); -unsigned char * X509_alias_get0(X509 *x, int *len); +X509 * d2i_X509_AUX(X509 **a,const unsigned char **pp,long length); +void X509_get0_signature(const ASN1_BIT_STRING **psig, + const X509_ALGOR **palg, const X509 *x); +int X509_get_signature_nid(const X509 *x); + +int X509_alias_set1(X509 *x, const unsigned char *name, int len); +int X509_keyid_set1(X509 *x, const unsigned char *id, int len); +unsigned char *X509_alias_get0(X509 *x, int *len); +unsigned char *X509_keyid_get0(X509 *x, int *len); int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int); int X509_TRUST_set(int *t, int trust); -int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj); -int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj); +int X509_add1_trust_object(X509 *x, const ASN1_OBJECT *obj); +int X509_add1_reject_object(X509 *x, const ASN1_OBJECT *obj); void X509_trust_clear(X509 *x); void X509_reject_clear(X509 *x); -DECLARE_ASN1_FUNCTIONS(X509_REVOKED) -DECLARE_ASN1_FUNCTIONS(X509_CRL_INFO) -DECLARE_ASN1_FUNCTIONS(X509_CRL) +X509_REVOKED *X509_REVOKED_new(void); +void X509_REVOKED_free(X509_REVOKED *a); +X509_REVOKED *X509_REVOKED_dup(X509_REVOKED *a); +X509_REVOKED *d2i_X509_REVOKED(X509_REVOKED **a, const unsigned char **in, long len); +int i2d_X509_REVOKED(X509_REVOKED *a, unsigned char **out); +extern const ASN1_ITEM X509_REVOKED_it; + +X509_CRL_INFO *X509_CRL_INFO_new(void); +void X509_CRL_INFO_free(X509_CRL_INFO *a); +X509_CRL_INFO *d2i_X509_CRL_INFO(X509_CRL_INFO **a, const unsigned char **in, long len); +int i2d_X509_CRL_INFO(X509_CRL_INFO *a, unsigned char **out); +extern const ASN1_ITEM X509_CRL_INFO_it; + +X509_CRL *X509_CRL_new(void); +void X509_CRL_free(X509_CRL *a); +X509_CRL *d2i_X509_CRL(X509_CRL **a, const unsigned char **in, long len); +int i2d_X509_CRL(X509_CRL *a, unsigned char **out); +extern const ASN1_ITEM X509_CRL_it; int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev); +int X509_CRL_get0_by_serial(X509_CRL *crl, + X509_REVOKED **ret, ASN1_INTEGER *serial); +int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x); X509_PKEY * X509_PKEY_new(void ); void X509_PKEY_free(X509_PKEY *a); -int i2d_X509_PKEY(X509_PKEY *a,unsigned char **pp); -X509_PKEY * d2i_X509_PKEY(X509_PKEY **a,unsigned char **pp,long length); -DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI) -DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC) -DECLARE_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE) +NETSCAPE_SPKI *NETSCAPE_SPKI_new(void); +void NETSCAPE_SPKI_free(NETSCAPE_SPKI *a); +NETSCAPE_SPKI *d2i_NETSCAPE_SPKI(NETSCAPE_SPKI **a, const unsigned char **in, long len); +int i2d_NETSCAPE_SPKI(NETSCAPE_SPKI *a, unsigned char **out); +extern const ASN1_ITEM NETSCAPE_SPKI_it; +NETSCAPE_SPKAC *NETSCAPE_SPKAC_new(void); +void NETSCAPE_SPKAC_free(NETSCAPE_SPKAC *a); +NETSCAPE_SPKAC *d2i_NETSCAPE_SPKAC(NETSCAPE_SPKAC **a, const unsigned char **in, long len); +int i2d_NETSCAPE_SPKAC(NETSCAPE_SPKAC *a, unsigned char **out); +extern const ASN1_ITEM NETSCAPE_SPKAC_it; +NETSCAPE_CERT_SEQUENCE *NETSCAPE_CERT_SEQUENCE_new(void); +void NETSCAPE_CERT_SEQUENCE_free(NETSCAPE_CERT_SEQUENCE *a); +NETSCAPE_CERT_SEQUENCE *d2i_NETSCAPE_CERT_SEQUENCE(NETSCAPE_CERT_SEQUENCE **a, const unsigned char **in, long len); +int i2d_NETSCAPE_CERT_SEQUENCE(NETSCAPE_CERT_SEQUENCE *a, unsigned char **out); +extern const ASN1_ITEM NETSCAPE_CERT_SEQUENCE_it; #ifndef OPENSSL_NO_EVP X509_INFO * X509_INFO_new(void); void X509_INFO_free(X509_INFO *a); -char * X509_NAME_oneline(X509_NAME *a,char *buf,int size); - -int ASN1_verify(int (*i2d)(), X509_ALGOR *algor1, - ASN1_BIT_STRING *signature,char *data,EVP_PKEY *pkey); - -int ASN1_digest(int (*i2d)(),const EVP_MD *type,char *data, - unsigned char *md,unsigned int *len); - -int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2, - ASN1_BIT_STRING *signature, - char *data,EVP_PKEY *pkey, const EVP_MD *type); +char * X509_NAME_oneline(const X509_NAME *a, char *buf, int size); int ASN1_item_digest(const ASN1_ITEM *it,const EVP_MD *type,void *data, unsigned char *md,unsigned int *len); @@ -929,24 +961,44 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *algor1, int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *data, EVP_PKEY *pkey, const EVP_MD *type); +int ASN1_item_sign_ctx(const ASN1_ITEM *it, + X509_ALGOR *algor1, X509_ALGOR *algor2, + ASN1_BIT_STRING *signature, void *asn, EVP_MD_CTX *ctx); #endif -int X509_set_version(X509 *x,long version); +const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x); +const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x); +int X509_set_version(X509 *x, long version); +long X509_get_version(const X509 *x); int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial); ASN1_INTEGER * X509_get_serialNumber(X509 *x); +const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x); int X509_set_issuer_name(X509 *x, X509_NAME *name); -X509_NAME * X509_get_issuer_name(X509 *a); +X509_NAME * X509_get_issuer_name(const X509 *a); int X509_set_subject_name(X509 *x, X509_NAME *name); -X509_NAME * X509_get_subject_name(X509 *a); -int X509_set_notBefore(X509 *x, ASN1_TIME *tm); -int X509_set_notAfter(X509 *x, ASN1_TIME *tm); +X509_NAME * X509_get_subject_name(const X509 *a); +int X509_set_notBefore(X509 *x, const ASN1_TIME *tm); +int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm); +int X509_set_notAfter(X509 *x, const ASN1_TIME *tm); +int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm); +const ASN1_TIME *X509_get0_notBefore(const X509 *x); +ASN1_TIME *X509_getm_notBefore(const X509 *x); +const ASN1_TIME *X509_get0_notAfter(const X509 *x); +ASN1_TIME *X509_getm_notAfter(const X509 *x); int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); EVP_PKEY * X509_get_pubkey(X509 *x); -ASN1_BIT_STRING * X509_get0_pubkey_bitstr(const X509 *x); -int X509_certificate_type(X509 *x,EVP_PKEY *pubkey /* optional */); +EVP_PKEY * X509_get0_pubkey(const X509 *x); +ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x); +int X509_certificate_type(const X509 *x, const EVP_PKEY *pubkey); +int X509_get_signature_type(const X509 *x); + +#define X509_get_notBefore X509_getm_notBefore +#define X509_get_notAfter X509_getm_notAfter int X509_REQ_set_version(X509_REQ *x,long version); -int X509_REQ_set_subject_name(X509_REQ *req,X509_NAME *name); +long X509_REQ_get_version(const X509_REQ *x); +int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name); +X509_NAME *X509_REQ_get_subject_name(const X509_REQ *x); int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); EVP_PKEY * X509_REQ_get_pubkey(X509_REQ *req); int X509_REQ_extension_nid(int nid); @@ -959,7 +1011,7 @@ int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts); int X509_REQ_get_attr_count(const X509_REQ *req); int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos); -int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj, +int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, const ASN1_OBJECT *obj, int lastpos); X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc); X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc); @@ -976,14 +1028,21 @@ int X509_REQ_add1_attr_by_txt(X509_REQ *req, int X509_CRL_set_version(X509_CRL *x, long version); int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name); -int X509_CRL_set_lastUpdate(X509_CRL *x, ASN1_TIME *tm); -int X509_CRL_set_nextUpdate(X509_CRL *x, ASN1_TIME *tm); +int X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm); +int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm); +int X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm); +int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm); int X509_CRL_sort(X509_CRL *crl); -int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial); +const STACK_OF(X509_EXTENSION) *X509_REVOKED_get0_extensions(const X509_REVOKED *x); +const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *x); +const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *x); int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm); +int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial); + +int X509_REQ_check_private_key(X509_REQ *x509,EVP_PKEY *pkey); -int X509_check_private_key(X509 *x509,EVP_PKEY *pkey); +int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey); int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b); unsigned long X509_issuer_and_serial_hash(X509 *a); @@ -994,70 +1053,80 @@ unsigned long X509_issuer_name_hash(X509 *a); int X509_subject_name_cmp(const X509 *a, const X509 *b); unsigned long X509_subject_name_hash(X509 *x); +#ifndef OPENSSL_NO_MD5 +unsigned long X509_issuer_name_hash_old(X509 *a); +unsigned long X509_subject_name_hash_old(X509 *x); +#endif + int X509_cmp(const X509 *a, const X509 *b); int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b); unsigned long X509_NAME_hash(X509_NAME *x); +unsigned long X509_NAME_hash_old(X509_NAME *x); int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b); -#ifndef OPENSSL_NO_FP_API +int X509_CRL_match(const X509_CRL *a, const X509_CRL *b); int X509_print_ex_fp(FILE *bp,X509 *x, unsigned long nmflag, unsigned long cflag); int X509_print_fp(FILE *bp,X509 *x); int X509_CRL_print_fp(FILE *bp,X509_CRL *x); int X509_REQ_print_fp(FILE *bp,X509_REQ *req); -int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags); -#endif +int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent, + unsigned long flags); #ifndef OPENSSL_NO_BIO -int X509_NAME_print(BIO *bp, X509_NAME *name, int obase); -int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags); +int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase); +int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent, + unsigned long flags); int X509_print_ex(BIO *bp,X509 *x, unsigned long nmflag, unsigned long cflag); int X509_print(BIO *bp,X509 *x); int X509_ocspid_print(BIO *bp,X509 *x); int X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent); int X509_CRL_print(BIO *bp,X509_CRL *x); +int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, unsigned long cflag); int X509_REQ_print(BIO *bp,X509_REQ *req); #endif -int X509_NAME_entry_count(X509_NAME *name); +int X509_NAME_entry_count(const X509_NAME *name); int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf,int len); -int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, - char *buf,int len); +int X509_NAME_get_text_by_OBJ(X509_NAME *name, + const ASN1_OBJECT *obj, char *buf,int len); /* NOTE: you should be passsing -1, not 0 as lastpos. The functions that use * lastpos, search after that position on. */ -int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos); -int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj, +int X509_NAME_get_index_by_NID(const X509_NAME *name, int nid, int lastpos); -X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc); +int X509_NAME_get_index_by_OBJ(const X509_NAME *name, + const ASN1_OBJECT *obj, int lastpos); +X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc); X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); -int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne, +int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne, int loc, int set); -int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, - unsigned char *bytes, int len, int loc, int set); +int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, + int type, const unsigned char *bytes, int len, int loc, int set); int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, - unsigned char *bytes, int len, int loc, int set); + const unsigned char *bytes, int len, int loc, int set); X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, - char *field, int type, unsigned char *bytes, int len); + const char *field, int type, const unsigned char *bytes, int len); X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, - int type,unsigned char *bytes, int len); -int X509_NAME_add_entry_by_txt(X509_NAME *name, char *field, int type, - unsigned char *bytes, int len, int loc, int set); + int type, const unsigned char *bytes, int len); +int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, + const unsigned char *bytes, int len, int loc, int set); X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, - ASN1_OBJECT *obj, int type,unsigned char *bytes, - int len); + const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len); int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, - ASN1_OBJECT *obj); + const ASN1_OBJECT *obj); int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, - unsigned char *bytes, int len); -ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne); -ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne); + const unsigned char *bytes, int len); +ASN1_OBJECT * X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne); +ASN1_STRING * X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne); +int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne); int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x); int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, int nid, int lastpos); int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x, - ASN1_OBJECT *obj,int lastpos); + const ASN1_OBJECT *obj, int lastpos); int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x, int crit, int lastpos); X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc); @@ -1065,56 +1134,67 @@ X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc); STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, X509_EXTENSION *ex, int loc); -int X509_get_ext_count(X509 *x); -int X509_get_ext_by_NID(X509 *x, int nid, int lastpos); -int X509_get_ext_by_OBJ(X509 *x,ASN1_OBJECT *obj,int lastpos); -int X509_get_ext_by_critical(X509 *x, int crit, int lastpos); -X509_EXTENSION *X509_get_ext(X509 *x, int loc); +int X509_get_ext_count(const X509 *x); +int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos); +int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj, + int lastpos); +int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos); +X509_EXTENSION *X509_get_ext(const X509 *x, int loc); X509_EXTENSION *X509_delete_ext(X509 *x, int loc); int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); -void * X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx); +void * X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx); int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, unsigned long flags); -int X509_CRL_get_ext_count(X509_CRL *x); -int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos); -int X509_CRL_get_ext_by_OBJ(X509_CRL *x,ASN1_OBJECT *obj,int lastpos); -int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos); -X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc); +int X509_CRL_get_ext_count(const X509_CRL *x); +int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, + int lastpos); +int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, + const ASN1_OBJECT *obj, int lastpos); +int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, + int lastpos); +X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc); X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc); int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc); -void * X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx); -int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit, - unsigned long flags); - -int X509_REVOKED_get_ext_count(X509_REVOKED *x); -int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos); -int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x,ASN1_OBJECT *obj,int lastpos); -int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos); -X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc); +void * X509_CRL_get_ext_d2i(const X509_CRL *x, int nid, int *crit, + int *idx); +int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, + int crit, unsigned long flags); + +int X509_REVOKED_get_ext_count(const X509_REVOKED *x); +int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, + int lastpos); +int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, + const ASN1_OBJECT *obj, int lastpos); +int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, + int crit, int lastpos); +X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc); X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc); -int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc); -void * X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx); -int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit, - unsigned long flags); +int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, + int loc); +void * X509_REVOKED_get_ext_d2i(const X509_REVOKED *x, int nid, + int *crit, int *idx); +int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, + int crit, unsigned long flags); X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, int nid, int crit, ASN1_OCTET_STRING *data); X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, - ASN1_OBJECT *obj,int crit,ASN1_OCTET_STRING *data); -int X509_EXTENSION_set_object(X509_EXTENSION *ex,ASN1_OBJECT *obj); + const ASN1_OBJECT *obj, int crit, ASN1_OCTET_STRING *data); +int X509_EXTENSION_set_object(X509_EXTENSION *ex, + const ASN1_OBJECT *obj); int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit); int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data); ASN1_OBJECT * X509_EXTENSION_get_object(X509_EXTENSION *ex); ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne); -int X509_EXTENSION_get_critical(X509_EXTENSION *ex); +int X509_EXTENSION_get_critical(const X509_EXTENSION *ex); int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x); int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid, int lastpos); -int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, ASN1_OBJECT *obj, - int lastpos); +int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, + const ASN1_OBJECT *obj, int lastpos); X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc); X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc); STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, @@ -1128,6 +1208,8 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x, STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x, const char *attrname, int type, const unsigned char *bytes, int len); +void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x, + const ASN1_OBJECT *obj, int lastpos, int type); X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, int atrtype, const void *data, int len); X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr, @@ -1138,10 +1220,28 @@ int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj); int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int len); void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, int atrtype, void *data); -int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr); +int X509_ATTRIBUTE_count(const X509_ATTRIBUTE *attr); ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr); ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx); +int EVP_PKEY_get_attr_count(const EVP_PKEY *key); +int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, + int lastpos); +int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, const ASN1_OBJECT *obj, + int lastpos); +X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc); +X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc); +int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr); +int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key, + const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len); +int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key, + int nid, int type, + const unsigned char *bytes, int len); +int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key, + const char *attrname, int type, + const unsigned char *bytes, int len); + int X509_verify_cert(X509_STORE_CTX *ctx); /* lookup a cert from a X509 STACK */ @@ -1149,33 +1249,77 @@ X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk,X509_NAME *name, ASN1_INTEGER *serial); X509 *X509_find_by_subject(STACK_OF(X509) *sk,X509_NAME *name); -DECLARE_ASN1_FUNCTIONS(PBEPARAM) -DECLARE_ASN1_FUNCTIONS(PBE2PARAM) -DECLARE_ASN1_FUNCTIONS(PBKDF2PARAM) - -X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt, int saltlen); +PBEPARAM *PBEPARAM_new(void); +void PBEPARAM_free(PBEPARAM *a); +PBEPARAM *d2i_PBEPARAM(PBEPARAM **a, const unsigned char **in, long len); +int i2d_PBEPARAM(PBEPARAM *a, unsigned char **out); +extern const ASN1_ITEM PBEPARAM_it; +PBE2PARAM *PBE2PARAM_new(void); +void PBE2PARAM_free(PBE2PARAM *a); +PBE2PARAM *d2i_PBE2PARAM(PBE2PARAM **a, const unsigned char **in, long len); +int i2d_PBE2PARAM(PBE2PARAM *a, unsigned char **out); +extern const ASN1_ITEM PBE2PARAM_it; +PBKDF2PARAM *PBKDF2PARAM_new(void); +void PBKDF2PARAM_free(PBKDF2PARAM *a); +PBKDF2PARAM *d2i_PBKDF2PARAM(PBKDF2PARAM **a, const unsigned char **in, long len); +int i2d_PBKDF2PARAM(PBKDF2PARAM *a, unsigned char **out); +extern const ASN1_ITEM PBKDF2PARAM_it; + +int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, + const unsigned char *salt, int saltlen); + +X509_ALGOR *PKCS5_pbe_set(int alg, int iter, + const unsigned char *salt, int saltlen); X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, unsigned char *salt, int saltlen); +X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, + unsigned char *salt, int saltlen, + unsigned char *aiv, int prf_nid); + +X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, + int prf_nid, int keylen); /* PKCS#8 utilities */ -DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO) +PKCS8_PRIV_KEY_INFO *PKCS8_PRIV_KEY_INFO_new(void); +void PKCS8_PRIV_KEY_INFO_free(PKCS8_PRIV_KEY_INFO *a); +PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO(PKCS8_PRIV_KEY_INFO **a, const unsigned char **in, long len); +int i2d_PKCS8_PRIV_KEY_INFO(PKCS8_PRIV_KEY_INFO *a, unsigned char **out); +extern const ASN1_ITEM PKCS8_PRIV_KEY_INFO_it; -EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8); +EVP_PKEY *EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO *p8); PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey); -PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken); -PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken); + +int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, int version, + int ptype, void *pval, unsigned char *penc, int penclen); +int PKCS8_pkey_get0(const ASN1_OBJECT **ppkalg, const unsigned char **pk, + int *ppklen, const X509_ALGOR **pa, const PKCS8_PRIV_KEY_INFO *p8); + +const STACK_OF(X509_ATTRIBUTE) *PKCS8_pkey_get0_attrs(const PKCS8_PRIV_KEY_INFO *p8); +int PKCS8_pkey_add1_attr_by_NID(PKCS8_PRIV_KEY_INFO *p8, int nid, int type, + const unsigned char *bytes, int len); + +int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, + int ptype, void *pval, + unsigned char *penc, int penclen); +int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, + const unsigned char **pk, int *ppklen, + X509_ALGOR **pa, + X509_PUBKEY *pub); int X509_check_trust(X509 *x, int id, int flags); int X509_TRUST_get_count(void); X509_TRUST * X509_TRUST_get0(int idx); int X509_TRUST_get_by_id(int id); int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int), - char *name, int arg1, void *arg2); + const char *name, int arg1, void *arg2); void X509_TRUST_cleanup(void); -int X509_TRUST_get_flags(X509_TRUST *xp); -char *X509_TRUST_get0_name(X509_TRUST *xp); -int X509_TRUST_get_trust(X509_TRUST *xp); +int X509_TRUST_get_flags(const X509_TRUST *xp); +char *X509_TRUST_get0_name(const X509_TRUST *xp); +int X509_TRUST_get_trust(const X509_TRUST *xp); + +int X509_up_ref(X509 *x); +STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain); /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes @@ -1188,18 +1332,20 @@ void ERR_load_X509_strings(void); /* Function codes. */ #define X509_F_ADD_CERT_DIR 100 #define X509_F_BY_FILE_CTRL 101 +#define X509_F_CHECK_POLICY 145 #define X509_F_DIR_CTRL 102 #define X509_F_GET_CERT_BY_SUBJECT 103 #define X509_F_NETSCAPE_SPKI_B64_DECODE 129 #define X509_F_NETSCAPE_SPKI_B64_ENCODE 130 +#define X509_F_X509AT_ADD1_ATTR 135 #define X509_F_X509V3_ADD_EXT 104 -#define X509_F_X509_ADD_ATTR 135 #define X509_F_X509_ATTRIBUTE_CREATE_BY_NID 136 #define X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ 137 #define X509_F_X509_ATTRIBUTE_CREATE_BY_TXT 140 #define X509_F_X509_ATTRIBUTE_GET0_DATA 139 #define X509_F_X509_ATTRIBUTE_SET1_DATA 138 #define X509_F_X509_CHECK_PRIVATE_KEY 128 +#define X509_F_X509_CRL_PRINT_FP 147 #define X509_F_X509_EXTENSION_CREATE_BY_NID 108 #define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109 #define X509_F_X509_GET_PUBKEY_PARAMETERS 110 @@ -1212,14 +1358,16 @@ void ERR_load_X509_strings(void); #define X509_F_X509_NAME_ENTRY_SET_OBJECT 115 #define X509_F_X509_NAME_ONELINE 116 #define X509_F_X509_NAME_PRINT 117 -#define X509_F_X509_PRINT_FP 118 +#define X509_F_X509_PRINT_EX_FP 118 #define X509_F_X509_PUBKEY_GET 119 #define X509_F_X509_PUBKEY_SET 120 -#define X509_F_X509_REQ_PRINT 121 +#define X509_F_X509_REQ_CHECK_PRIVATE_KEY 144 +#define X509_F_X509_REQ_PRINT_EX 121 #define X509_F_X509_REQ_PRINT_FP 122 #define X509_F_X509_REQ_TO_X509 123 #define X509_F_X509_STORE_ADD_CERT 124 #define X509_F_X509_STORE_ADD_CRL 125 +#define X509_F_X509_STORE_CTX_GET1_ISSUER 146 #define X509_F_X509_STORE_CTX_INIT 143 #define X509_F_X509_STORE_CTX_NEW 142 #define X509_F_X509_STORE_CTX_PURPOSE_INHERIT 134 @@ -1241,7 +1389,10 @@ void ERR_load_X509_strings(void); #define X509_R_KEY_VALUES_MISMATCH 116 #define X509_R_LOADING_CERT_DIR 103 #define X509_R_LOADING_DEFAULTS 104 +#define X509_R_METHOD_NOT_SUPPORTED 124 #define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105 +#define X509_R_PUBLIC_KEY_DECODE_ERROR 125 +#define X509_R_PUBLIC_KEY_ENCODE_ERROR 126 #define X509_R_SHOULD_RETRY 106 #define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 107 #define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 108 diff --git a/src/lib/libcrypto/x509/x509_att.c b/src/lib/libcrypto/x509/x509_att.c index 0bae3d32a1a..1479b918c76 100644 --- a/src/lib/libcrypto/x509/x509_att.c +++ b/src/lib/libcrypto/x509/x509_att.c @@ -1,25 +1,25 @@ -/* crypto/x509/x509_att.c */ +/* $OpenBSD: x509_att.c,v 1.17 2018/05/18 19:21:33 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,270 +57,343 @@ */ #include -#include -#include "cryptlib.h" + #include -#include +#include #include +#include +#include #include #include -int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x) +int +X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x) { - if (!x) return 0; - return(sk_X509_ATTRIBUTE_num(x)); + return sk_X509_ATTRIBUTE_num(x); } -int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid, - int lastpos) +int +X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid, int lastpos) { ASN1_OBJECT *obj; - obj=OBJ_nid2obj(nid); - if (obj == NULL) return(-2); - return(X509at_get_attr_by_OBJ(x,obj,lastpos)); + obj = OBJ_nid2obj(nid); + if (obj == NULL) + return (-2); + return (X509at_get_attr_by_OBJ(x, obj, lastpos)); } -int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, ASN1_OBJECT *obj, - int lastpos) +int +X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, + const ASN1_OBJECT *obj, int lastpos) { int n; X509_ATTRIBUTE *ex; - if (sk == NULL) return(-1); + if (sk == NULL) + return (-1); lastpos++; if (lastpos < 0) - lastpos=0; - n=sk_X509_ATTRIBUTE_num(sk); - for ( ; lastpos < n; lastpos++) - { - ex=sk_X509_ATTRIBUTE_value(sk,lastpos); - if (OBJ_cmp(ex->object,obj) == 0) - return(lastpos); - } - return(-1); + lastpos = 0; + n = sk_X509_ATTRIBUTE_num(sk); + for (; lastpos < n; lastpos++) { + ex = sk_X509_ATTRIBUTE_value(sk, lastpos); + if (OBJ_cmp(ex->object, obj) == 0) + return (lastpos); + } + return (-1); } -X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc) +X509_ATTRIBUTE * +X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc) { if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0) return NULL; else - return sk_X509_ATTRIBUTE_value(x,loc); + return sk_X509_ATTRIBUTE_value(x, loc); } -X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc) +X509_ATTRIBUTE * +X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc) { X509_ATTRIBUTE *ret; if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0) - return(NULL); - ret=sk_X509_ATTRIBUTE_delete(x,loc); - return(ret); + return (NULL); + ret = sk_X509_ATTRIBUTE_delete(x, loc); + return (ret); } -STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, - X509_ATTRIBUTE *attr) +STACK_OF(X509_ATTRIBUTE) * +X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, X509_ATTRIBUTE *attr) { - X509_ATTRIBUTE *new_attr=NULL; - STACK_OF(X509_ATTRIBUTE) *sk=NULL; + X509_ATTRIBUTE *new_attr = NULL; + STACK_OF(X509_ATTRIBUTE) *sk = NULL; + + if (x == NULL) { + X509error(ERR_R_PASSED_NULL_PARAMETER); + return (NULL); + } - if ((x != NULL) && (*x == NULL)) - { - if ((sk=sk_X509_ATTRIBUTE_new_null()) == NULL) + if (*x == NULL) { + if ((sk = sk_X509_ATTRIBUTE_new_null()) == NULL) goto err; - } - else - sk= *x; + } else + sk = *x; - if ((new_attr=X509_ATTRIBUTE_dup(attr)) == NULL) + if ((new_attr = X509_ATTRIBUTE_dup(attr)) == NULL) goto err2; - if (!sk_X509_ATTRIBUTE_push(sk,new_attr)) + if (!sk_X509_ATTRIBUTE_push(sk, new_attr)) goto err; - if ((x != NULL) && (*x == NULL)) - *x=sk; - return(sk); + if (*x == NULL) + *x = sk; + return (sk); + err: - X509err(X509_F_X509_ADD_ATTR,ERR_R_MALLOC_FAILURE); + X509error(ERR_R_MALLOC_FAILURE); err2: - if (new_attr != NULL) X509_ATTRIBUTE_free(new_attr); - if (sk != NULL) sk_X509_ATTRIBUTE_free(sk); - return(NULL); + if (new_attr != NULL) + X509_ATTRIBUTE_free(new_attr); + if (sk != NULL && sk != *x) + sk_X509_ATTRIBUTE_free(sk); + return (NULL); } -STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x, - const ASN1_OBJECT *obj, int type, - const unsigned char *bytes, int len) +STACK_OF(X509_ATTRIBUTE) * +X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x, const ASN1_OBJECT *obj, + int type, const unsigned char *bytes, int len) { X509_ATTRIBUTE *attr; STACK_OF(X509_ATTRIBUTE) *ret; + attr = X509_ATTRIBUTE_create_by_OBJ(NULL, obj, type, bytes, len); - if(!attr) return 0; + if (!attr) + return 0; ret = X509at_add1_attr(x, attr); X509_ATTRIBUTE_free(attr); return ret; } -STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x, - int nid, int type, - const unsigned char *bytes, int len) +STACK_OF(X509_ATTRIBUTE) * +X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x, int nid, int type, + const unsigned char *bytes, int len) { X509_ATTRIBUTE *attr; STACK_OF(X509_ATTRIBUTE) *ret; + attr = X509_ATTRIBUTE_create_by_NID(NULL, nid, type, bytes, len); - if(!attr) return 0; + if (!attr) + return 0; ret = X509at_add1_attr(x, attr); X509_ATTRIBUTE_free(attr); return ret; } -STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x, - const char *attrname, int type, - const unsigned char *bytes, int len) +STACK_OF(X509_ATTRIBUTE) * +X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x, const char *attrname, + int type, const unsigned char *bytes, int len) { X509_ATTRIBUTE *attr; STACK_OF(X509_ATTRIBUTE) *ret; + attr = X509_ATTRIBUTE_create_by_txt(NULL, attrname, type, bytes, len); - if(!attr) return 0; + if (!attr) + return 0; ret = X509at_add1_attr(x, attr); X509_ATTRIBUTE_free(attr); return ret; } -X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, - int atrtype, const void *data, int len) +void * +X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x, const ASN1_OBJECT *obj, + int lastpos, int type) +{ + int i; + X509_ATTRIBUTE *at; + + i = X509at_get_attr_by_OBJ(x, obj, lastpos); + if (i == -1) + return NULL; + if ((lastpos <= -2) && (X509at_get_attr_by_OBJ(x, obj, i) != -1)) + return NULL; + at = X509at_get_attr(x, i); + if (lastpos <= -3 && (X509_ATTRIBUTE_count(at) != 1)) + return NULL; + return X509_ATTRIBUTE_get0_data(at, 0, type, NULL); +} + +X509_ATTRIBUTE * +X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, int atrtype, + const void *data, int len) { ASN1_OBJECT *obj; X509_ATTRIBUTE *ret; - obj=OBJ_nid2obj(nid); - if (obj == NULL) - { - X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_NID,X509_R_UNKNOWN_NID); - return(NULL); - } - ret=X509_ATTRIBUTE_create_by_OBJ(attr,obj,atrtype,data,len); - if (ret == NULL) ASN1_OBJECT_free(obj); - return(ret); + obj = OBJ_nid2obj(nid); + if (obj == NULL) { + X509error(X509_R_UNKNOWN_NID); + return (NULL); + } + ret = X509_ATTRIBUTE_create_by_OBJ(attr, obj, atrtype, data, len); + if (ret == NULL) + ASN1_OBJECT_free(obj); + return (ret); } -X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr, - const ASN1_OBJECT *obj, int atrtype, const void *data, int len) +X509_ATTRIBUTE * +X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr, const ASN1_OBJECT *obj, + int atrtype, const void *data, int len) { X509_ATTRIBUTE *ret; - if ((attr == NULL) || (*attr == NULL)) - { - if ((ret=X509_ATTRIBUTE_new()) == NULL) - { - X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ,ERR_R_MALLOC_FAILURE); - return(NULL); - } + if ((attr == NULL) || (*attr == NULL)) { + if ((ret = X509_ATTRIBUTE_new()) == NULL) { + X509error(ERR_R_MALLOC_FAILURE); + return (NULL); } - else + } else ret= *attr; - if (!X509_ATTRIBUTE_set1_object(ret,obj)) + if (!X509_ATTRIBUTE_set1_object(ret, obj)) goto err; - if (!X509_ATTRIBUTE_set1_data(ret,atrtype,data,len)) + if (!X509_ATTRIBUTE_set1_data(ret, atrtype, data, len)) goto err; - - if ((attr != NULL) && (*attr == NULL)) *attr=ret; - return(ret); + + if ((attr != NULL) && (*attr == NULL)) + *attr = ret; + return (ret); + err: if ((attr == NULL) || (ret != *attr)) X509_ATTRIBUTE_free(ret); - return(NULL); + return (NULL); } -X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr, - const char *atrname, int type, const unsigned char *bytes, int len) - { +X509_ATTRIBUTE * +X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr, const char *atrname, + int type, const unsigned char *bytes, int len) +{ ASN1_OBJECT *obj; X509_ATTRIBUTE *nattr; - obj=OBJ_txt2obj(atrname, 0); - if (obj == NULL) - { - X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT, - X509_R_INVALID_FIELD_NAME); - ERR_add_error_data(2, "name=", atrname); - return(NULL); - } - nattr = X509_ATTRIBUTE_create_by_OBJ(attr,obj,type,bytes,len); + obj = OBJ_txt2obj(atrname, 0); + if (obj == NULL) { + X509error(X509_R_INVALID_FIELD_NAME); + ERR_asprintf_error_data("name=%s", atrname); + return (NULL); + } + nattr = X509_ATTRIBUTE_create_by_OBJ(attr, obj, type, bytes, len); ASN1_OBJECT_free(obj); return nattr; - } +} -int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj) +int +X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj) { if ((attr == NULL) || (obj == NULL)) - return(0); + return (0); ASN1_OBJECT_free(attr->object); - attr->object=OBJ_dup(obj); - return(1); + attr->object = OBJ_dup(obj); + return attr->object != NULL; } -int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int len) +int +X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, + int len) { - ASN1_TYPE *ttmp; - ASN1_STRING *stmp; - int atype; - if (!attr) return 0; - if(attrtype & MBSTRING_FLAG) { + ASN1_TYPE *ttmp = NULL; + ASN1_STRING *stmp = NULL; + int atype = 0; + + if (!attr) + return 0; + if (attrtype & MBSTRING_FLAG) { stmp = ASN1_STRING_set_by_NID(NULL, data, len, attrtype, - OBJ_obj2nid(attr->object)); - if(!stmp) { - X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_ASN1_LIB); + OBJ_obj2nid(attr->object)); + if (!stmp) { + X509error(ERR_R_ASN1_LIB); return 0; } atype = stmp->type; - } else { - if(!(stmp = ASN1_STRING_type_new(attrtype))) goto err; - if(!ASN1_STRING_set(stmp, data, len)) goto err; + } else if (len != -1){ + if (!(stmp = ASN1_STRING_type_new(attrtype))) + goto err; + if (!ASN1_STRING_set(stmp, data, len)) + goto err; atype = attrtype; } - if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err; - if(!(ttmp = ASN1_TYPE_new())) goto err; - if(!sk_ASN1_TYPE_push(attr->value.set, ttmp)) goto err; + if (!(attr->value.set = sk_ASN1_TYPE_new_null())) + goto err; attr->single = 0; - ASN1_TYPE_set(ttmp, atype, stmp); + /* This is a bit naughty because the attribute should really have + * at least one value but some types use and zero length SET and + * require this. + */ + if (attrtype == 0) { + ASN1_STRING_free(stmp); + return 1; + } + + if (!(ttmp = ASN1_TYPE_new())) + goto err; + if ((len == -1) && !(attrtype & MBSTRING_FLAG)) { + if (!ASN1_TYPE_set1(ttmp, attrtype, data)) + goto err; + } else + ASN1_TYPE_set(ttmp, atype, stmp); + if (!sk_ASN1_TYPE_push(attr->value.set, ttmp)) + goto err; return 1; - err: - X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_MALLOC_FAILURE); + +err: + ASN1_TYPE_free(ttmp); + ASN1_STRING_free(stmp); + X509error(ERR_R_MALLOC_FAILURE); return 0; } -int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr) +int +X509_ATTRIBUTE_count(const X509_ATTRIBUTE *attr) { - if(!attr->single) return sk_ASN1_TYPE_num(attr->value.set); - if(attr->value.single) return 1; + if (!attr->single) + return sk_ASN1_TYPE_num(attr->value.set); + if (attr->value.single) + return 1; return 0; } -ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr) +ASN1_OBJECT * +X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr) { - if (attr == NULL) return(NULL); - return(attr->object); + if (attr == NULL) + return (NULL); + return (attr->object); } -void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, - int atrtype, void *data) +void * +X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, int atrtype, void *data) { ASN1_TYPE *ttmp; + ttmp = X509_ATTRIBUTE_get0_type(attr, idx); - if(!ttmp) return NULL; - if(atrtype != ASN1_TYPE_get(ttmp)){ - X509err(X509_F_X509_ATTRIBUTE_GET0_DATA, X509_R_WRONG_TYPE); + if (!ttmp) + return NULL; + if (atrtype != ASN1_TYPE_get(ttmp)){ + X509error(X509_R_WRONG_TYPE); return NULL; } return ttmp->value.ptr; } -ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx) +ASN1_TYPE * +X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx) { - if (attr == NULL) return(NULL); - if(idx >= X509_ATTRIBUTE_count(attr)) return NULL; - if(!attr->single) return sk_ASN1_TYPE_value(attr->value.set, idx); - else return attr->value.single; + if (attr == NULL) + return (NULL); + if (idx >= X509_ATTRIBUTE_count(attr)) + return NULL; + if (!attr->single) + return sk_ASN1_TYPE_value(attr->value.set, idx); + else + return attr->value.single; } diff --git a/src/lib/libcrypto/x509/x509_cmp.c b/src/lib/libcrypto/x509/x509_cmp.c index cd20b6d66f9..6d6e8408994 100644 --- a/src/lib/libcrypto/x509/x509_cmp.c +++ b/src/lib/libcrypto/x509/x509_cmp.c @@ -1,25 +1,25 @@ -/* crypto/x509/x509_cmp.c */ +/* $OpenBSD: x509_cmp.c,v 1.35 2019/03/13 20:34:00 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,95 +49,152 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ +#include #include -#include "cryptlib.h" +#include + +#include + #include +#include #include #include #include -int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b) - { +int +X509_issuer_and_serial_cmp(const X509 *a, const X509 *b) +{ int i; - X509_CINF *ai,*bi; + X509_CINF *ai, *bi; - ai=a->cert_info; - bi=b->cert_info; - i=M_ASN1_INTEGER_cmp(ai->serialNumber,bi->serialNumber); - if (i) return(i); - return(X509_NAME_cmp(ai->issuer,bi->issuer)); - } + ai = a->cert_info; + bi = b->cert_info; + i = ASN1_INTEGER_cmp(ai->serialNumber, bi->serialNumber); + if (i) + return (i); + return (X509_NAME_cmp(ai->issuer, bi->issuer)); +} #ifndef OPENSSL_NO_MD5 -unsigned long X509_issuer_and_serial_hash(X509 *a) - { - unsigned long ret=0; +unsigned long +X509_issuer_and_serial_hash(X509 *a) +{ + unsigned long ret = 0; EVP_MD_CTX ctx; unsigned char md[16]; - char str[256]; + char *f; EVP_MD_CTX_init(&ctx); - X509_NAME_oneline(a->cert_info->issuer,str,256); - ret=strlen(str); - EVP_DigestInit_ex(&ctx, EVP_md5(), NULL); - EVP_DigestUpdate(&ctx,(unsigned char *)str,ret); - EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data, - (unsigned long)a->cert_info->serialNumber->length); - EVP_DigestFinal_ex(&ctx,&(md[0]),NULL); - ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| - ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) - )&0xffffffffL; + f = X509_NAME_oneline(a->cert_info->issuer, NULL, 0); + if (f == NULL) + goto err; + if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL)) + goto err; + if (!EVP_DigestUpdate(&ctx, (unsigned char *)f, strlen(f))) + goto err; + free(f); + f = NULL; + if (!EVP_DigestUpdate(&ctx, + (unsigned char *)a->cert_info->serialNumber->data, + (unsigned long)a->cert_info->serialNumber->length)) + goto err; + if (!EVP_DigestFinal_ex(&ctx, &(md[0]), NULL)) + goto err; + ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) | + ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L)) & + 0xffffffffL; + +err: EVP_MD_CTX_cleanup(&ctx); - return(ret); - } + free(f); + return (ret); +} #endif - -int X509_issuer_name_cmp(const X509 *a, const X509 *b) - { - return(X509_NAME_cmp(a->cert_info->issuer,b->cert_info->issuer)); - } -int X509_subject_name_cmp(const X509 *a, const X509 *b) - { - return(X509_NAME_cmp(a->cert_info->subject,b->cert_info->subject)); - } +int +X509_issuer_name_cmp(const X509 *a, const X509 *b) +{ + return (X509_NAME_cmp(a->cert_info->issuer, b->cert_info->issuer)); +} -int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b) - { - return(X509_NAME_cmp(a->crl->issuer,b->crl->issuer)); - } +int +X509_subject_name_cmp(const X509 *a, const X509 *b) +{ + return (X509_NAME_cmp(a->cert_info->subject, b->cert_info->subject)); +} -X509_NAME *X509_get_issuer_name(X509 *a) - { - return(a->cert_info->issuer); - } +int +X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b) +{ + return (X509_NAME_cmp(a->crl->issuer, b->crl->issuer)); +} -unsigned long X509_issuer_name_hash(X509 *x) - { - return(X509_NAME_hash(x->cert_info->issuer)); - } +#ifndef OPENSSL_NO_SHA +int +X509_CRL_match(const X509_CRL *a, const X509_CRL *b) +{ + return memcmp(a->sha1_hash, b->sha1_hash, 20); +} +#endif -X509_NAME *X509_get_subject_name(X509 *a) - { - return(a->cert_info->subject); - } +X509_NAME * +X509_get_issuer_name(const X509 *a) +{ + return (a->cert_info->issuer); +} -ASN1_INTEGER *X509_get_serialNumber(X509 *a) - { - return(a->cert_info->serialNumber); - } +unsigned long +X509_issuer_name_hash(X509 *x) +{ + return (X509_NAME_hash(x->cert_info->issuer)); +} -unsigned long X509_subject_name_hash(X509 *x) - { - return(X509_NAME_hash(x->cert_info->subject)); - } +#ifndef OPENSSL_NO_MD5 +unsigned long +X509_issuer_name_hash_old(X509 *x) +{ + return (X509_NAME_hash_old(x->cert_info->issuer)); +} +#endif + +X509_NAME * +X509_get_subject_name(const X509 *a) +{ + return (a->cert_info->subject); +} + +ASN1_INTEGER * +X509_get_serialNumber(X509 *a) +{ + return (a->cert_info->serialNumber); +} + +const ASN1_INTEGER * +X509_get0_serialNumber(const X509 *a) +{ + return (a->cert_info->serialNumber); +} + +unsigned long +X509_subject_name_hash(X509 *x) +{ + return (X509_NAME_hash(x->cert_info->subject)); +} + +#ifndef OPENSSL_NO_MD5 +unsigned long +X509_subject_name_hash_old(X509 *x) +{ + return (X509_NAME_hash_old(x->cert_info->subject)); +} +#endif #ifndef OPENSSL_NO_SHA /* Compare two certificates: they must be identical for @@ -149,7 +206,8 @@ unsigned long X509_subject_name_hash(X509 *x) * where the "depth-first" constification tree has to halt * with an evil cast. */ -int X509_cmp(const X509 *a, const X509 *b) +int +X509_cmp(const X509 *a, const X509 *b) { /* ensure hash is valid */ X509_check_purpose((X509 *)a, -1, 0); @@ -159,155 +217,181 @@ int X509_cmp(const X509 *a, const X509 *b) } #endif -int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b) - { - int i,j; - X509_NAME_ENTRY *na,*nb; - - if (sk_X509_NAME_ENTRY_num(a->entries) - != sk_X509_NAME_ENTRY_num(b->entries)) - return sk_X509_NAME_ENTRY_num(a->entries) - -sk_X509_NAME_ENTRY_num(b->entries); - for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--) - { - na=sk_X509_NAME_ENTRY_value(a->entries,i); - nb=sk_X509_NAME_ENTRY_value(b->entries,i); - j=na->value->length-nb->value->length; - if (j) return(j); - j=memcmp(na->value->data,nb->value->data, - na->value->length); - if (j) return(j); - j=na->set-nb->set; - if (j) return(j); - } - - /* We will check the object types after checking the values - * since the values will more often be different than the object - * types. */ - for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--) - { - na=sk_X509_NAME_ENTRY_value(a->entries,i); - nb=sk_X509_NAME_ENTRY_value(b->entries,i); - j=OBJ_cmp(na->object,nb->object); - if (j) return(j); - } - return(0); +int +X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b) +{ + int ret; + + /* Ensure canonical encoding is present and up to date */ + if (!a->canon_enc || a->modified) { + ret = i2d_X509_NAME((X509_NAME *)a, NULL); + if (ret < 0) + return -2; + } + if (!b->canon_enc || b->modified) { + ret = i2d_X509_NAME((X509_NAME *)b, NULL); + if (ret < 0) + return -2; } + ret = a->canon_enclen - b->canon_enclen; + if (ret) + return ret; + return memcmp(a->canon_enc, b->canon_enc, a->canon_enclen); +} + +unsigned long +X509_NAME_hash(X509_NAME *x) +{ + unsigned long ret = 0; + unsigned char md[SHA_DIGEST_LENGTH]; + + /* Make sure X509_NAME structure contains valid cached encoding */ + i2d_X509_NAME(x, NULL); + if (!EVP_Digest(x->canon_enc, x->canon_enclen, md, NULL, EVP_sha1(), + NULL)) + return 0; + + ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) | + ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L)) & + 0xffffffffL; + return (ret); +} + #ifndef OPENSSL_NO_MD5 /* I now DER encode the name and hash it. Since I cache the DER encoding, * this is reasonably efficient. */ -unsigned long X509_NAME_hash(X509_NAME *x) - { - unsigned long ret=0; + +unsigned long +X509_NAME_hash_old(X509_NAME *x) +{ + EVP_MD_CTX md_ctx; + unsigned long ret = 0; unsigned char md[16]; /* Make sure X509_NAME structure contains valid cached encoding */ - i2d_X509_NAME(x,NULL); - EVP_Digest(x->bytes->data, x->bytes->length, md, NULL, EVP_md5(), NULL); + i2d_X509_NAME(x, NULL); + EVP_MD_CTX_init(&md_ctx); + if (EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL) && + EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length) && + EVP_DigestFinal_ex(&md_ctx, md, NULL)) + ret = (((unsigned long)md[0]) | + ((unsigned long)md[1] << 8L) | + ((unsigned long)md[2] << 16L) | + ((unsigned long)md[3] << 24L)) & + 0xffffffffL; + EVP_MD_CTX_cleanup(&md_ctx); - ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| - ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) - )&0xffffffffL; - return(ret); - } + return (ret); +} #endif /* Search a stack of X509 for a match */ -X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name, - ASN1_INTEGER *serial) - { +X509 * +X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name, + ASN1_INTEGER *serial) +{ int i; X509_CINF cinf; - X509 x,*x509=NULL; + X509 x, *x509 = NULL; - if(!sk) return NULL; + if (!sk) + return NULL; - x.cert_info= &cinf; - cinf.serialNumber=serial; - cinf.issuer=name; + x.cert_info = &cinf; + cinf.serialNumber = serial; + cinf.issuer = name; - for (i=0; icert_info == NULL)) - return(NULL); - return(X509_PUBKEY_get(x->cert_info->key)); - } +EVP_PKEY * +X509_get_pubkey(X509 *x) +{ + if (x == NULL || x->cert_info == NULL) + return (NULL); + return (X509_PUBKEY_get(x->cert_info->key)); +} -ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x) - { - if(!x) return NULL; +EVP_PKEY * +X509_get0_pubkey(const X509 *x) +{ + if (x == NULL || x->cert_info == NULL) + return (NULL); + return (X509_PUBKEY_get0(x->cert_info->key)); +} + +ASN1_BIT_STRING * +X509_get0_pubkey_bitstr(const X509 *x) +{ + if (!x) + return NULL; return x->cert_info->key->public_key; - } +} + +int +X509_check_private_key(const X509 *x, const EVP_PKEY *k) +{ + const EVP_PKEY *xk; + int ret; + + xk = X509_get0_pubkey(x); -int X509_check_private_key(X509 *x, EVP_PKEY *k) - { - EVP_PKEY *xk=NULL; - int ok=0; - - xk=X509_get_pubkey(x); - if (xk->type != k->type) - { - X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH); - goto err; - } - switch (k->type) - { -#ifndef OPENSSL_NO_RSA - case EVP_PKEY_RSA: - if (BN_cmp(xk->pkey.rsa->n,k->pkey.rsa->n) != 0 - || BN_cmp(xk->pkey.rsa->e,k->pkey.rsa->e) != 0) - { - X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH); - goto err; - } + if (xk) + ret = EVP_PKEY_cmp(xk, k); + else + ret = -2; + + switch (ret) { + case 1: break; -#endif -#ifndef OPENSSL_NO_DSA - case EVP_PKEY_DSA: - if (BN_cmp(xk->pkey.dsa->pub_key,k->pkey.dsa->pub_key) != 0) - { - X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH); - goto err; - } + case 0: + X509error(X509_R_KEY_VALUES_MISMATCH); break; -#endif -#ifndef OPENSSL_NO_DH - case EVP_PKEY_DH: - /* No idea */ - X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY); - goto err; -#endif - default: - X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE); - goto err; - } - - ok=1; -err: - EVP_PKEY_free(xk); - return(ok); + case -1: + X509error(X509_R_KEY_TYPE_MISMATCH); + break; + case -2: + X509error(X509_R_UNKNOWN_KEY_TYPE); } + if (ret > 0) + return 1; + return 0; +} + +/* + * Not strictly speaking an "up_ref" as a STACK doesn't have a reference + * count but it has the same effect by duping the STACK and upping the ref of + * each X509 structure. + */ +STACK_OF(X509) * +X509_chain_up_ref(STACK_OF(X509) *chain) +{ + STACK_OF(X509) *ret; + size_t i; + + ret = sk_X509_dup(chain); + for (i = 0; i < sk_X509_num(ret); i++) + X509_up_ref(sk_X509_value(ret, i)); + + return ret; +} diff --git a/src/lib/libcrypto/x509/x509_d2.c b/src/lib/libcrypto/x509/x509_d2.c index 51410cfd1a9..5b0f80adda9 100644 --- a/src/lib/libcrypto/x509/x509_d2.c +++ b/src/lib/libcrypto/x509/x509_d2.c @@ -1,25 +1,25 @@ -/* crypto/x509/x509_d2.c */ +/* $OpenBSD: x509_d2.c,v 1.10 2015/01/22 09:06:39 reyk Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,51 +57,72 @@ */ #include -#include "cryptlib.h" +#include + #include +#include #include -#ifndef OPENSSL_NO_STDIO -int X509_STORE_set_default_paths(X509_STORE *ctx) - { +int +X509_STORE_set_default_paths(X509_STORE *ctx) +{ X509_LOOKUP *lookup; - lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file()); - if (lookup == NULL) return(0); - X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT); + lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_file()); + if (lookup == NULL) + return (0); + X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT); + + lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_hash_dir()); + if (lookup == NULL) + return (0); + X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT); - lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir()); - if (lookup == NULL) return(0); - X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT); - /* clear any errors */ ERR_clear_error(); - return(1); - } + return (1); +} -int X509_STORE_load_locations(X509_STORE *ctx, const char *file, - const char *path) - { +int +X509_STORE_load_locations(X509_STORE *ctx, const char *file, const char *path) +{ X509_LOOKUP *lookup; - if (file != NULL) - { - lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file()); - if (lookup == NULL) return(0); - if (X509_LOOKUP_load_file(lookup,file,X509_FILETYPE_PEM) != 1) - return(0); - } - if (path != NULL) - { - lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir()); - if (lookup == NULL) return(0); - if (X509_LOOKUP_add_dir(lookup,path,X509_FILETYPE_PEM) != 1) - return(0); - } - if ((path == NULL) && (file == NULL)) - return(0); - return(1); + if (file != NULL) { + lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_file()); + if (lookup == NULL) + return (0); + if (X509_LOOKUP_load_file(lookup, file, X509_FILETYPE_PEM) != 1) + return (0); + } + if (path != NULL) { + lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_hash_dir()); + if (lookup == NULL) + return (0); + if (X509_LOOKUP_add_dir(lookup, path, X509_FILETYPE_PEM) != 1) + return (0); } + if ((path == NULL) && (file == NULL)) + return (0); + return (1); +} + +int +X509_STORE_load_mem(X509_STORE *ctx, void *buf, int len) +{ + X509_LOOKUP *lookup; + struct iovec iov; + + lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_mem()); + if (lookup == NULL) + return (0); + + iov.iov_base = buf; + iov.iov_len = len; + + if (X509_LOOKUP_add_mem(lookup, &iov, X509_FILETYPE_PEM) != 1) + return (0); -#endif + return (1); +} diff --git a/src/lib/libcrypto/x509/x509_def.c b/src/lib/libcrypto/x509/x509_def.c index e0ac151a768..5e570eb9a24 100644 --- a/src/lib/libcrypto/x509/x509_def.c +++ b/src/lib/libcrypto/x509/x509_def.c @@ -1,25 +1,25 @@ -/* crypto/x509/x509_def.c */ +/* $OpenBSD: x509_def.c,v 1.5 2014/06/12 15:49:31 deraadt Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -61,21 +61,38 @@ #include #include -const char *X509_get_default_private_dir(void) - { return(X509_PRIVATE_DIR); } - -const char *X509_get_default_cert_area(void) - { return(X509_CERT_AREA); } +const char * +X509_get_default_private_dir(void) +{ + return (X509_PRIVATE_DIR); +} -const char *X509_get_default_cert_dir(void) - { return(X509_CERT_DIR); } +const char * +X509_get_default_cert_area(void) +{ + return (X509_CERT_AREA); +} -const char *X509_get_default_cert_file(void) - { return(X509_CERT_FILE); } +const char * +X509_get_default_cert_dir(void) +{ + return (X509_CERT_DIR); +} -const char *X509_get_default_cert_dir_env(void) - { return(X509_CERT_DIR_EVP); } +const char * +X509_get_default_cert_file(void) +{ + return (X509_CERT_FILE); +} -const char *X509_get_default_cert_file_env(void) - { return(X509_CERT_FILE_EVP); } +const char * +X509_get_default_cert_dir_env(void) +{ + return (X509_CERT_DIR_EVP); +} +const char * +X509_get_default_cert_file_env(void) +{ + return (X509_CERT_FILE_EVP); +} diff --git a/src/lib/libcrypto/x509/x509_err.c b/src/lib/libcrypto/x509/x509_err.c index 5bbf4acf765..3b321376ad0 100644 --- a/src/lib/libcrypto/x509/x509_err.c +++ b/src/lib/libcrypto/x509/x509_err.c @@ -1,13 +1,13 @@ -/* crypto/x509/x509_err.c */ +/* $OpenBSD: x509_err.c,v 1.13 2017/01/29 17:49:23 beck Exp $ */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -59,98 +59,62 @@ */ #include + +#include + #include #include /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -static ERR_STRING_DATA X509_str_functs[]= - { -{ERR_PACK(0,X509_F_ADD_CERT_DIR,0), "ADD_CERT_DIR"}, -{ERR_PACK(0,X509_F_BY_FILE_CTRL,0), "BY_FILE_CTRL"}, -{ERR_PACK(0,X509_F_DIR_CTRL,0), "DIR_CTRL"}, -{ERR_PACK(0,X509_F_GET_CERT_BY_SUBJECT,0), "GET_CERT_BY_SUBJECT"}, -{ERR_PACK(0,X509_F_NETSCAPE_SPKI_B64_DECODE,0), "NETSCAPE_SPKI_b64_decode"}, -{ERR_PACK(0,X509_F_NETSCAPE_SPKI_B64_ENCODE,0), "NETSCAPE_SPKI_b64_encode"}, -{ERR_PACK(0,X509_F_X509V3_ADD_EXT,0), "X509v3_add_ext"}, -{ERR_PACK(0,X509_F_X509_ADD_ATTR,0), "X509_ADD_ATTR"}, -{ERR_PACK(0,X509_F_X509_ATTRIBUTE_CREATE_BY_NID,0), "X509_ATTRIBUTE_create_by_NID"}, -{ERR_PACK(0,X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ,0), "X509_ATTRIBUTE_create_by_OBJ"}, -{ERR_PACK(0,X509_F_X509_ATTRIBUTE_CREATE_BY_TXT,0), "X509_ATTRIBUTE_create_by_txt"}, -{ERR_PACK(0,X509_F_X509_ATTRIBUTE_GET0_DATA,0), "X509_ATTRIBUTE_get0_data"}, -{ERR_PACK(0,X509_F_X509_ATTRIBUTE_SET1_DATA,0), "X509_ATTRIBUTE_set1_data"}, -{ERR_PACK(0,X509_F_X509_CHECK_PRIVATE_KEY,0), "X509_check_private_key"}, -{ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_NID,0), "X509_EXTENSION_create_by_NID"}, -{ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_OBJ,0), "X509_EXTENSION_create_by_OBJ"}, -{ERR_PACK(0,X509_F_X509_GET_PUBKEY_PARAMETERS,0), "X509_get_pubkey_parameters"}, -{ERR_PACK(0,X509_F_X509_LOAD_CERT_CRL_FILE,0), "X509_load_cert_crl_file"}, -{ERR_PACK(0,X509_F_X509_LOAD_CERT_FILE,0), "X509_load_cert_file"}, -{ERR_PACK(0,X509_F_X509_LOAD_CRL_FILE,0), "X509_load_crl_file"}, -{ERR_PACK(0,X509_F_X509_NAME_ADD_ENTRY,0), "X509_NAME_add_entry"}, -{ERR_PACK(0,X509_F_X509_NAME_ENTRY_CREATE_BY_NID,0), "X509_NAME_ENTRY_create_by_NID"}, -{ERR_PACK(0,X509_F_X509_NAME_ENTRY_CREATE_BY_TXT,0), "X509_NAME_ENTRY_create_by_txt"}, -{ERR_PACK(0,X509_F_X509_NAME_ENTRY_SET_OBJECT,0), "X509_NAME_ENTRY_set_object"}, -{ERR_PACK(0,X509_F_X509_NAME_ONELINE,0), "X509_NAME_oneline"}, -{ERR_PACK(0,X509_F_X509_NAME_PRINT,0), "X509_NAME_print"}, -{ERR_PACK(0,X509_F_X509_PRINT_FP,0), "X509_print_fp"}, -{ERR_PACK(0,X509_F_X509_PUBKEY_GET,0), "X509_PUBKEY_get"}, -{ERR_PACK(0,X509_F_X509_PUBKEY_SET,0), "X509_PUBKEY_set"}, -{ERR_PACK(0,X509_F_X509_REQ_PRINT,0), "X509_REQ_print"}, -{ERR_PACK(0,X509_F_X509_REQ_PRINT_FP,0), "X509_REQ_print_fp"}, -{ERR_PACK(0,X509_F_X509_REQ_TO_X509,0), "X509_REQ_to_X509"}, -{ERR_PACK(0,X509_F_X509_STORE_ADD_CERT,0), "X509_STORE_add_cert"}, -{ERR_PACK(0,X509_F_X509_STORE_ADD_CRL,0), "X509_STORE_add_crl"}, -{ERR_PACK(0,X509_F_X509_STORE_CTX_INIT,0), "X509_STORE_CTX_init"}, -{ERR_PACK(0,X509_F_X509_STORE_CTX_NEW,0), "X509_STORE_CTX_new"}, -{ERR_PACK(0,X509_F_X509_STORE_CTX_PURPOSE_INHERIT,0), "X509_STORE_CTX_purpose_inherit"}, -{ERR_PACK(0,X509_F_X509_TO_X509_REQ,0), "X509_to_X509_REQ"}, -{ERR_PACK(0,X509_F_X509_TRUST_ADD,0), "X509_TRUST_add"}, -{ERR_PACK(0,X509_F_X509_TRUST_SET,0), "X509_TRUST_set"}, -{ERR_PACK(0,X509_F_X509_VERIFY_CERT,0), "X509_verify_cert"}, -{0,NULL} - }; -static ERR_STRING_DATA X509_str_reasons[]= - { -{X509_R_BAD_X509_FILETYPE ,"bad x509 filetype"}, -{X509_R_BASE64_DECODE_ERROR ,"base64 decode error"}, -{X509_R_CANT_CHECK_DH_KEY ,"cant check dh key"}, -{X509_R_CERT_ALREADY_IN_HASH_TABLE ,"cert already in hash table"}, -{X509_R_ERR_ASN1_LIB ,"err asn1 lib"}, -{X509_R_INVALID_DIRECTORY ,"invalid directory"}, -{X509_R_INVALID_FIELD_NAME ,"invalid field name"}, -{X509_R_INVALID_TRUST ,"invalid trust"}, -{X509_R_KEY_TYPE_MISMATCH ,"key type mismatch"}, -{X509_R_KEY_VALUES_MISMATCH ,"key values mismatch"}, -{X509_R_LOADING_CERT_DIR ,"loading cert dir"}, -{X509_R_LOADING_DEFAULTS ,"loading defaults"}, -{X509_R_NO_CERT_SET_FOR_US_TO_VERIFY ,"no cert set for us to verify"}, -{X509_R_SHOULD_RETRY ,"should retry"}, -{X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN,"unable to find parameters in chain"}, -{X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY ,"unable to get certs public key"}, -{X509_R_UNKNOWN_KEY_TYPE ,"unknown key type"}, -{X509_R_UNKNOWN_NID ,"unknown nid"}, -{X509_R_UNKNOWN_PURPOSE_ID ,"unknown purpose id"}, -{X509_R_UNKNOWN_TRUST_ID ,"unknown trust id"}, -{X509_R_UNSUPPORTED_ALGORITHM ,"unsupported algorithm"}, -{X509_R_WRONG_LOOKUP_TYPE ,"wrong lookup type"}, -{X509_R_WRONG_TYPE ,"wrong type"}, -{0,NULL} - }; +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509,0,reason) -#endif +static ERR_STRING_DATA X509_str_functs[] = { + {ERR_FUNC(0xfff), "CRYPTO_internal"}, + {0, NULL} +}; -void ERR_load_X509_strings(void) - { - static int init=1; +static ERR_STRING_DATA X509_str_reasons[] = { + {ERR_REASON(X509_R_BAD_X509_FILETYPE) , "bad x509 filetype"}, + {ERR_REASON(X509_R_BASE64_DECODE_ERROR) , "base64 decode error"}, + {ERR_REASON(X509_R_CANT_CHECK_DH_KEY) , "cant check dh key"}, + {ERR_REASON(X509_R_CERT_ALREADY_IN_HASH_TABLE), "cert already in hash table"}, + {ERR_REASON(X509_R_ERR_ASN1_LIB) , "err asn1 lib"}, + {ERR_REASON(X509_R_INVALID_DIRECTORY) , "invalid directory"}, + {ERR_REASON(X509_R_INVALID_FIELD_NAME) , "invalid field name"}, + {ERR_REASON(X509_R_INVALID_TRUST) , "invalid trust"}, + {ERR_REASON(X509_R_KEY_TYPE_MISMATCH) , "key type mismatch"}, + {ERR_REASON(X509_R_KEY_VALUES_MISMATCH) , "key values mismatch"}, + {ERR_REASON(X509_R_LOADING_CERT_DIR) , "loading cert dir"}, + {ERR_REASON(X509_R_LOADING_DEFAULTS) , "loading defaults"}, + {ERR_REASON(X509_R_METHOD_NOT_SUPPORTED) , "method not supported"}, + {ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY), "no cert set for us to verify"}, + {ERR_REASON(X509_R_PUBLIC_KEY_DECODE_ERROR), "public key decode error"}, + {ERR_REASON(X509_R_PUBLIC_KEY_ENCODE_ERROR), "public key encode error"}, + {ERR_REASON(X509_R_SHOULD_RETRY) , "should retry"}, + {ERR_REASON(X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN), "unable to find parameters in chain"}, + {ERR_REASON(X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY), "unable to get certs public key"}, + {ERR_REASON(X509_R_UNKNOWN_KEY_TYPE) , "unknown key type"}, + {ERR_REASON(X509_R_UNKNOWN_NID) , "unknown nid"}, + {ERR_REASON(X509_R_UNKNOWN_PURPOSE_ID) , "unknown purpose id"}, + {ERR_REASON(X509_R_UNKNOWN_TRUST_ID) , "unknown trust id"}, + {ERR_REASON(X509_R_UNSUPPORTED_ALGORITHM), "unsupported algorithm"}, + {ERR_REASON(X509_R_WRONG_LOOKUP_TYPE) , "wrong lookup type"}, + {ERR_REASON(X509_R_WRONG_TYPE) , "wrong type"}, + {0, NULL} +}; - if (init) - { - init=0; -#ifndef OPENSSL_NO_ERR - ERR_load_strings(ERR_LIB_X509,X509_str_functs); - ERR_load_strings(ERR_LIB_X509,X509_str_reasons); #endif - } +void +ERR_load_X509_strings(void) +{ +#ifndef OPENSSL_NO_ERR + if (ERR_func_error_string(X509_str_functs[0].error) == NULL) { + ERR_load_strings(0, X509_str_functs); + ERR_load_strings(0, X509_str_reasons); } +#endif +} diff --git a/src/lib/libcrypto/x509/x509_ext.c b/src/lib/libcrypto/x509/x509_ext.c index e7fdacb5e45..21374a26e20 100644 --- a/src/lib/libcrypto/x509/x509_ext.c +++ b/src/lib/libcrypto/x509/x509_ext.c @@ -1,25 +1,25 @@ -/* crypto/x509/x509_ext.c */ +/* $OpenBSD: x509_ext.c,v 1.12 2018/05/18 19:28:27 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,154 +57,177 @@ */ #include -#include -#include "cryptlib.h" + #include -#include #include +#include +#include #include #include +int +X509_CRL_get_ext_count(const X509_CRL *x) +{ + return (X509v3_get_ext_count(x->crl->extensions)); +} -int X509_CRL_get_ext_count(X509_CRL *x) - { - return(X509v3_get_ext_count(x->crl->extensions)); - } - -int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos) - { - return(X509v3_get_ext_by_NID(x->crl->extensions,nid,lastpos)); - } +int +X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos) +{ + return (X509v3_get_ext_by_NID(x->crl->extensions, nid, lastpos)); +} -int X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, int lastpos) - { - return(X509v3_get_ext_by_OBJ(x->crl->extensions,obj,lastpos)); - } +int +X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj, int lastpos) +{ + return (X509v3_get_ext_by_OBJ(x->crl->extensions, obj, lastpos)); +} -int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos) - { - return(X509v3_get_ext_by_critical(x->crl->extensions,crit,lastpos)); - } +int +X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos) +{ + return (X509v3_get_ext_by_critical(x->crl->extensions, crit, lastpos)); +} -X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc) - { - return(X509v3_get_ext(x->crl->extensions,loc)); - } +X509_EXTENSION * +X509_CRL_get_ext(const X509_CRL *x, int loc) +{ + return (X509v3_get_ext(x->crl->extensions, loc)); +} -X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc) - { - return(X509v3_delete_ext(x->crl->extensions,loc)); - } +X509_EXTENSION * +X509_CRL_delete_ext(X509_CRL *x, int loc) +{ + return (X509v3_delete_ext(x->crl->extensions, loc)); +} -void *X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx) +void * +X509_CRL_get_ext_d2i(const X509_CRL *x, int nid, int *crit, int *idx) { return X509V3_get_d2i(x->crl->extensions, nid, crit, idx); } -int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit, - unsigned long flags) +int +X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit, + unsigned long flags) { return X509V3_add1_i2d(&x->crl->extensions, nid, value, crit, flags); } -int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc) - { - return(X509v3_add_ext(&(x->crl->extensions),ex,loc) != NULL); - } +int +X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc) +{ + return (X509v3_add_ext(&(x->crl->extensions), ex, loc) != NULL); +} -int X509_get_ext_count(X509 *x) - { - return(X509v3_get_ext_count(x->cert_info->extensions)); - } +int +X509_get_ext_count(const X509 *x) +{ + return (X509v3_get_ext_count(x->cert_info->extensions)); +} -int X509_get_ext_by_NID(X509 *x, int nid, int lastpos) - { - return(X509v3_get_ext_by_NID(x->cert_info->extensions,nid,lastpos)); - } +int +X509_get_ext_by_NID(const X509 *x, int nid, int lastpos) +{ + return (X509v3_get_ext_by_NID(x->cert_info->extensions, nid, lastpos)); +} -int X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos) - { - return(X509v3_get_ext_by_OBJ(x->cert_info->extensions,obj,lastpos)); - } +int +X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj, int lastpos) +{ + return (X509v3_get_ext_by_OBJ(x->cert_info->extensions, obj, lastpos)); +} -int X509_get_ext_by_critical(X509 *x, int crit, int lastpos) - { - return(X509v3_get_ext_by_critical(x->cert_info->extensions,crit,lastpos)); - } +int +X509_get_ext_by_critical(const X509 *x, int crit, int lastpos) +{ + return (X509v3_get_ext_by_critical(x->cert_info->extensions, crit, + lastpos)); +} -X509_EXTENSION *X509_get_ext(X509 *x, int loc) - { - return(X509v3_get_ext(x->cert_info->extensions,loc)); - } +X509_EXTENSION * +X509_get_ext(const X509 *x, int loc) +{ + return (X509v3_get_ext(x->cert_info->extensions, loc)); +} -X509_EXTENSION *X509_delete_ext(X509 *x, int loc) - { - return(X509v3_delete_ext(x->cert_info->extensions,loc)); - } +X509_EXTENSION * +X509_delete_ext(X509 *x, int loc) +{ + return (X509v3_delete_ext(x->cert_info->extensions, loc)); +} -int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc) - { - return(X509v3_add_ext(&(x->cert_info->extensions),ex,loc) != NULL); - } +int +X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc) +{ + return (X509v3_add_ext(&(x->cert_info->extensions), ex, loc) != NULL); +} -void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx) +void * +X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx) { return X509V3_get_d2i(x->cert_info->extensions, nid, crit, idx); } -int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, - unsigned long flags) +int +X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, unsigned long flags) { return X509V3_add1_i2d(&x->cert_info->extensions, nid, value, crit, - flags); + flags); } -int X509_REVOKED_get_ext_count(X509_REVOKED *x) - { - return(X509v3_get_ext_count(x->extensions)); - } +int +X509_REVOKED_get_ext_count(const X509_REVOKED *x) +{ + return (X509v3_get_ext_count(x->extensions)); +} -int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos) - { - return(X509v3_get_ext_by_NID(x->extensions,nid,lastpos)); - } +int +X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, int lastpos) +{ + return (X509v3_get_ext_by_NID(x->extensions, nid, lastpos)); +} -int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x, ASN1_OBJECT *obj, - int lastpos) - { - return(X509v3_get_ext_by_OBJ(x->extensions,obj,lastpos)); - } +int +X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, const ASN1_OBJECT *obj, + int lastpos) +{ + return (X509v3_get_ext_by_OBJ(x->extensions, obj, lastpos)); +} -int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos) - { - return(X509v3_get_ext_by_critical(x->extensions,crit,lastpos)); - } +int +X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, int crit, int lastpos) +{ + return (X509v3_get_ext_by_critical(x->extensions, crit, lastpos)); +} -X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc) - { - return(X509v3_get_ext(x->extensions,loc)); - } +X509_EXTENSION * +X509_REVOKED_get_ext(const X509_REVOKED *x, int loc) +{ + return (X509v3_get_ext(x->extensions, loc)); +} -X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc) - { - return(X509v3_delete_ext(x->extensions,loc)); - } +X509_EXTENSION * +X509_REVOKED_delete_ext(X509_REVOKED *x, int loc) +{ + return (X509v3_delete_ext(x->extensions, loc)); +} -int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc) - { - return(X509v3_add_ext(&(x->extensions),ex,loc) != NULL); - } +int +X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc) +{ + return (X509v3_add_ext(&(x->extensions), ex, loc) != NULL); +} -void *X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx) +void * +X509_REVOKED_get_ext_d2i(const X509_REVOKED *x, int nid, int *crit, int *idx) { return X509V3_get_d2i(x->extensions, nid, crit, idx); } -int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit, - unsigned long flags) +int +X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit, + unsigned long flags) { return X509V3_add1_i2d(&x->extensions, nid, value, crit, flags); } - -IMPLEMENT_STACK_OF(X509_EXTENSION) -IMPLEMENT_ASN1_SET_OF(X509_EXTENSION) diff --git a/src/lib/libcrypto/x509/x509_lcl.h b/src/lib/libcrypto/x509/x509_lcl.h new file mode 100644 index 00000000000..3e83b66dd61 --- /dev/null +++ b/src/lib/libcrypto/x509/x509_lcl.h @@ -0,0 +1,63 @@ +/* x509_lcl.h */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2013. + */ +/* ==================================================================== + * Copyright (c) 2013 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +__BEGIN_HIDDEN_DECLS + +int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int quiet); + +__END_HIDDEN_DECLS diff --git a/src/lib/libcrypto/x509/x509_lu.c b/src/lib/libcrypto/x509/x509_lu.c index b780dae5e29..f21103c700d 100644 --- a/src/lib/libcrypto/x509/x509_lu.c +++ b/src/lib/libcrypto/x509/x509_lu.c @@ -1,25 +1,25 @@ -/* crypto/x509/x509_lu.c */ +/* $OpenBSD: x509_lu.c,v 1.30 2018/08/24 19:21:09 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,140 +57,156 @@ */ #include -#include "cryptlib.h" + +#include #include #include #include +#include "x509_lcl.h" -X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method) - { +static void X509_OBJECT_dec_ref_count(X509_OBJECT *a); + +X509_LOOKUP * +X509_LOOKUP_new(X509_LOOKUP_METHOD *method) +{ X509_LOOKUP *ret; - ret=(X509_LOOKUP *)OPENSSL_malloc(sizeof(X509_LOOKUP)); - if (ret == NULL) return NULL; - - ret->init=0; - ret->skip=0; - ret->method=method; - ret->method_data=NULL; - ret->store_ctx=NULL; - if ((method->new_item != NULL) && !method->new_item(ret)) - { - OPENSSL_free(ret); + ret = malloc(sizeof(X509_LOOKUP)); + if (ret == NULL) return NULL; - } - return ret; - } -void X509_LOOKUP_free(X509_LOOKUP *ctx) - { - if (ctx == NULL) return; - if ( (ctx->method != NULL) && - (ctx->method->free != NULL)) - ctx->method->free(ctx); - OPENSSL_free(ctx); + ret->init = 0; + ret->skip = 0; + ret->method = method; + ret->method_data = NULL; + ret->store_ctx = NULL; + if ((method->new_item != NULL) && !method->new_item(ret)) { + free(ret); + return NULL; } + return ret; +} + +void +X509_LOOKUP_free(X509_LOOKUP *ctx) +{ + if (ctx == NULL) + return; + if ((ctx->method != NULL) && (ctx->method->free != NULL)) + (*ctx->method->free)(ctx); + free(ctx); +} -int X509_LOOKUP_init(X509_LOOKUP *ctx) - { - if (ctx->method == NULL) return 0; +int +X509_LOOKUP_init(X509_LOOKUP *ctx) +{ + if (ctx->method == NULL) + return 0; if (ctx->method->init != NULL) return ctx->method->init(ctx); else return 1; - } +} -int X509_LOOKUP_shutdown(X509_LOOKUP *ctx) - { - if (ctx->method == NULL) return 0; +int +X509_LOOKUP_shutdown(X509_LOOKUP *ctx) +{ + if (ctx->method == NULL) + return 0; if (ctx->method->shutdown != NULL) return ctx->method->shutdown(ctx); else return 1; - } +} -int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, - char **ret) - { - if (ctx->method == NULL) return -1; +int +X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, + char **ret) +{ + if (ctx->method == NULL) + return -1; if (ctx->method->ctrl != NULL) - return ctx->method->ctrl(ctx,cmd,argc,argl,ret); + return ctx->method->ctrl(ctx, cmd, argc, argl, ret); else return 1; - } +} -int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name, - X509_OBJECT *ret) - { +int +X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name, + X509_OBJECT *ret) +{ if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL)) return X509_LU_FAIL; - if (ctx->skip) return 0; - return ctx->method->get_by_subject(ctx,type,name,ret); - } + if (ctx->skip) + return 0; + return ctx->method->get_by_subject(ctx, type, name, ret); +} -int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name, - ASN1_INTEGER *serial, X509_OBJECT *ret) - { +int +X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name, + ASN1_INTEGER *serial, X509_OBJECT *ret) +{ if ((ctx->method == NULL) || - (ctx->method->get_by_issuer_serial == NULL)) + (ctx->method->get_by_issuer_serial == NULL)) return X509_LU_FAIL; - return ctx->method->get_by_issuer_serial(ctx,type,name,serial,ret); - } + return ctx->method->get_by_issuer_serial(ctx, type, name, serial, ret); +} -int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type, - unsigned char *bytes, int len, X509_OBJECT *ret) - { +int +X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type, + const unsigned char *bytes, int len, X509_OBJECT *ret) +{ if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL)) return X509_LU_FAIL; - return ctx->method->get_by_fingerprint(ctx,type,bytes,len,ret); - } + return ctx->method->get_by_fingerprint(ctx, type, bytes, len, ret); +} -int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len, - X509_OBJECT *ret) - { +int +X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, const char *str, int len, + X509_OBJECT *ret) +{ if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL)) return X509_LU_FAIL; - return ctx->method->get_by_alias(ctx,type,str,len,ret); - } + return ctx->method->get_by_alias(ctx, type, str, len, ret); +} - -static int x509_object_cmp(const X509_OBJECT * const *a, const X509_OBJECT * const *b) - { - int ret; - - ret=((*a)->type - (*b)->type); - if (ret) return ret; - switch ((*a)->type) - { - case X509_LU_X509: - ret=X509_subject_name_cmp((*a)->data.x509,(*b)->data.x509); - break; - case X509_LU_CRL: - ret=X509_CRL_cmp((*a)->data.crl,(*b)->data.crl); - break; +static int +x509_object_cmp(const X509_OBJECT * const *a, const X509_OBJECT * const *b) +{ + int ret; + + ret = ((*a)->type - (*b)->type); + if (ret) + return ret; + switch ((*a)->type) { + case X509_LU_X509: + ret = X509_subject_name_cmp((*a)->data.x509, (*b)->data.x509); + break; + case X509_LU_CRL: + ret = X509_CRL_cmp((*a)->data.crl, (*b)->data.crl); + break; default: /* abort(); */ return 0; - } - return ret; } + return ret; +} -X509_STORE *X509_STORE_new(void) - { +X509_STORE * +X509_STORE_new(void) +{ X509_STORE *ret; - if ((ret=(X509_STORE *)OPENSSL_malloc(sizeof(X509_STORE))) == NULL) + if ((ret = malloc(sizeof(X509_STORE))) == NULL) return NULL; ret->objs = sk_X509_OBJECT_new(x509_object_cmp); - ret->cache=1; - ret->get_cert_methods=sk_X509_LOOKUP_new_null(); - ret->verify=0; - ret->verify_cb=0; + ret->cache = 1; + ret->get_cert_methods = sk_X509_LOOKUP_new_null(); + ret->verify = 0; + ret->verify_cb = 0; - ret->purpose = 0; - ret->trust = 0; - - ret->flags = 0; + if ((ret->param = X509_VERIFY_PARAM_new()) == NULL) + goto err; ret->get_issuer = 0; ret->check_issued = 0; @@ -198,285 +214,472 @@ X509_STORE *X509_STORE_new(void) ret->get_crl = 0; ret->check_crl = 0; ret->cert_crl = 0; + ret->lookup_certs = 0; + ret->lookup_crls = 0; ret->cleanup = 0; - CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data); - ret->references=1; - ret->depth=0; + if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data)) + goto err; + + ret->references = 1; return ret; - } -static void cleanup(X509_OBJECT *a) - { - if (a->type == X509_LU_X509) - { - X509_free(a->data.x509); - } - else if (a->type == X509_LU_CRL) - { - X509_CRL_free(a->data.crl); - } - else - { - /* abort(); */ - } +err: + X509_VERIFY_PARAM_free(ret->param); + sk_X509_LOOKUP_free(ret->get_cert_methods); + sk_X509_OBJECT_free(ret->objs); + free(ret); + return NULL; +} - OPENSSL_free(a); - } +static void +X509_OBJECT_free(X509_OBJECT *a) +{ + X509_OBJECT_free_contents(a); + free(a); +} -void X509_STORE_free(X509_STORE *vfy) - { +void +X509_STORE_free(X509_STORE *vfy) +{ int i; STACK_OF(X509_LOOKUP) *sk; X509_LOOKUP *lu; if (vfy == NULL) - return; + return; + + i = CRYPTO_add(&vfy->references, -1, CRYPTO_LOCK_X509_STORE); + if (i > 0) + return; - sk=vfy->get_cert_methods; - for (i=0; iget_cert_methods; + for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) { + lu = sk_X509_LOOKUP_value(sk, i); X509_LOOKUP_shutdown(lu); X509_LOOKUP_free(lu); - } + } sk_X509_LOOKUP_free(sk); - sk_X509_OBJECT_pop_free(vfy->objs, cleanup); + sk_X509_OBJECT_pop_free(vfy->objs, X509_OBJECT_free); CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data); - OPENSSL_free(vfy); - } + X509_VERIFY_PARAM_free(vfy->param); + free(vfy); +} + +int +X509_STORE_up_ref(X509_STORE *x) +{ + int refs = CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_STORE); + return (refs > 1) ? 1 : 0; +} -X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m) - { +X509_LOOKUP * +X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m) +{ int i; STACK_OF(X509_LOOKUP) *sk; X509_LOOKUP *lu; - sk=v->get_cert_methods; - for (i=0; imethod) - { + sk = v->get_cert_methods; + for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) { + lu = sk_X509_LOOKUP_value(sk, i); + if (m == lu->method) { return lu; - } } + } /* a new one */ - lu=X509_LOOKUP_new(m); + lu = X509_LOOKUP_new(m); if (lu == NULL) return NULL; - else - { - lu->store_ctx=v; - if (sk_X509_LOOKUP_push(v->get_cert_methods,lu)) + else { + lu->store_ctx = v; + if (sk_X509_LOOKUP_push(v->get_cert_methods, lu)) return lu; - else - { + else { X509_LOOKUP_free(lu); return NULL; - } } } +} -int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name, - X509_OBJECT *ret) - { - X509_STORE *ctx=vs->ctx; +int +X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name, + X509_OBJECT *ret) +{ + X509_STORE *ctx = vs->ctx; X509_LOOKUP *lu; - X509_OBJECT stmp,*tmp; - int i,j; - - tmp=X509_OBJECT_retrieve_by_subject(ctx->objs,type,name); - - if (tmp == NULL) - { - for (i=vs->current_method; iget_cert_methods); i++) - { - lu=sk_X509_LOOKUP_value(ctx->get_cert_methods,i); - j=X509_LOOKUP_by_subject(lu,type,name,&stmp); - if (j < 0) - { - vs->current_method=j; + X509_OBJECT stmp, *tmp; + int i, j; + + CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); + tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name); + CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + + if (tmp == NULL || type == X509_LU_CRL) { + for (i = vs->current_method; + i < sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) { + lu = sk_X509_LOOKUP_value(ctx->get_cert_methods, i); + j = X509_LOOKUP_by_subject(lu, type, name, &stmp); + if (j < 0) { + vs->current_method = j; return j; - } - else if (j) - { - tmp= &stmp; + } else if (j) { + tmp = &stmp; break; - } } - vs->current_method=0; + } + vs->current_method = 0; if (tmp == NULL) return 0; - } + } /* if (ret->data.ptr != NULL) X509_OBJECT_free_contents(ret); */ - ret->type=tmp->type; - ret->data.ptr=tmp->data.ptr; + ret->type = tmp->type; + ret->data.ptr = tmp->data.ptr; X509_OBJECT_up_ref_count(ret); return 1; - } +} -int X509_STORE_add_cert(X509_STORE *ctx, X509 *x) - { +int +X509_STORE_add_cert(X509_STORE *ctx, X509 *x) +{ X509_OBJECT *obj; - int ret=1; + int ret = 1; - if (x == NULL) return 0; - obj=(X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT)); - if (obj == NULL) - { - X509err(X509_F_X509_STORE_ADD_CERT,ERR_R_MALLOC_FAILURE); + if (x == NULL) return 0; - } - obj->type=X509_LU_X509; - obj->data.x509=x; + obj = malloc(sizeof(X509_OBJECT)); + if (obj == NULL) { + X509error(ERR_R_MALLOC_FAILURE); + return 0; + } + obj->type = X509_LU_X509; + obj->data.x509 = x; CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); X509_OBJECT_up_ref_count(obj); + if (X509_OBJECT_retrieve_match(ctx->objs, obj)) { + X509error(X509_R_CERT_ALREADY_IN_HASH_TABLE); + ret = 0; + } else { + if (sk_X509_OBJECT_push(ctx->objs, obj) == 0) { + X509error(ERR_R_MALLOC_FAILURE); + ret = 0; + } + } - if (X509_OBJECT_retrieve_match(ctx->objs, obj)) - { - X509_OBJECT_free_contents(obj); - OPENSSL_free(obj); - X509err(X509_F_X509_STORE_ADD_CERT,X509_R_CERT_ALREADY_IN_HASH_TABLE); - ret=0; - } - else sk_X509_OBJECT_push(ctx->objs, obj); + if (ret == 0) + X509_OBJECT_dec_ref_count(obj); CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); - return ret; + if (ret == 0) { + obj->data.x509 = NULL; /* owned by the caller */ + X509_OBJECT_free(obj); } -int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x) - { + return ret; +} + +int +X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x) +{ X509_OBJECT *obj; - int ret=1; + int ret = 1; - if (x == NULL) return 0; - obj=(X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT)); - if (obj == NULL) - { - X509err(X509_F_X509_STORE_ADD_CRL,ERR_R_MALLOC_FAILURE); + if (x == NULL) return 0; - } - obj->type=X509_LU_CRL; - obj->data.crl=x; + obj = malloc(sizeof(X509_OBJECT)); + if (obj == NULL) { + X509error(ERR_R_MALLOC_FAILURE); + return 0; + } + obj->type = X509_LU_CRL; + obj->data.crl = x; CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); X509_OBJECT_up_ref_count(obj); - if (X509_OBJECT_retrieve_match(ctx->objs, obj)) - { - X509_OBJECT_free_contents(obj); - OPENSSL_free(obj); - X509err(X509_F_X509_STORE_ADD_CRL,X509_R_CERT_ALREADY_IN_HASH_TABLE); - ret=0; + if (X509_OBJECT_retrieve_match(ctx->objs, obj)) { + X509error(X509_R_CERT_ALREADY_IN_HASH_TABLE); + ret = 0; + } else { + if (sk_X509_OBJECT_push(ctx->objs, obj) == 0) { + X509error(ERR_R_MALLOC_FAILURE); + ret = 0; } - else sk_X509_OBJECT_push(ctx->objs, obj); + } + + if (ret == 0) + X509_OBJECT_dec_ref_count(obj); CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); - return ret; + if (ret == 0) { + obj->data.crl = NULL; /* owned by the caller */ + X509_OBJECT_free(obj); } -void X509_OBJECT_up_ref_count(X509_OBJECT *a) - { - switch (a->type) - { + return ret; +} + +static void +X509_OBJECT_dec_ref_count(X509_OBJECT *a) +{ + switch (a->type) { case X509_LU_X509: - CRYPTO_add(&a->data.x509->references,1,CRYPTO_LOCK_X509); + CRYPTO_add(&a->data.x509->references, -1, CRYPTO_LOCK_X509); break; case X509_LU_CRL: - CRYPTO_add(&a->data.crl->references,1,CRYPTO_LOCK_X509_CRL); + CRYPTO_add(&a->data.crl->references, -1, CRYPTO_LOCK_X509_CRL); break; - } } +} + +int +X509_OBJECT_up_ref_count(X509_OBJECT *a) +{ + switch (a->type) { + case X509_LU_X509: + return X509_up_ref(a->data.x509); + case X509_LU_CRL: + return X509_CRL_up_ref(a->data.crl); + } + return 1; +} -void X509_OBJECT_free_contents(X509_OBJECT *a) - { - switch (a->type) - { +int +X509_OBJECT_get_type(const X509_OBJECT *a) +{ + return a->type; +} + +void +X509_OBJECT_free_contents(X509_OBJECT *a) +{ + switch (a->type) { case X509_LU_X509: X509_free(a->data.x509); break; case X509_LU_CRL: X509_CRL_free(a->data.crl); break; - } } +} -int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type, - X509_NAME *name) - { +static int +x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, int type, X509_NAME *name, + int *pnmatch) +{ X509_OBJECT stmp; X509 x509_s; X509_CINF cinf_s; X509_CRL crl_s; X509_CRL_INFO crl_info_s; + int idx; - stmp.type=type; - switch (type) - { + stmp.type = type; + switch (type) { case X509_LU_X509: - stmp.data.x509= &x509_s; - x509_s.cert_info= &cinf_s; - cinf_s.subject=name; + stmp.data.x509 = &x509_s; + x509_s.cert_info = &cinf_s; + cinf_s.subject = name; break; case X509_LU_CRL: - stmp.data.crl= &crl_s; - crl_s.crl= &crl_info_s; - crl_info_s.issuer=name; + stmp.data.crl = &crl_s; + crl_s.crl = &crl_info_s; + crl_info_s.issuer = name; break; default: /* abort(); */ return -1; - } + } - return sk_X509_OBJECT_find(h,&stmp); + idx = sk_X509_OBJECT_find(h, &stmp); + if (idx >= 0 && pnmatch) { + int tidx; + const X509_OBJECT *tobj, *pstmp; + *pnmatch = 1; + pstmp = &stmp; + for (tidx = idx + 1; tidx < sk_X509_OBJECT_num(h); tidx++) { + tobj = sk_X509_OBJECT_value(h, tidx); + if (x509_object_cmp(&tobj, &pstmp)) + break; + (*pnmatch)++; + } } + return idx; +} + +int +X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type, X509_NAME *name) +{ + return x509_object_idx_cnt(h, type, name, NULL); +} -X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, int type, - X509_NAME *name) +X509_OBJECT * +X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, int type, + X509_NAME *name) { int idx; + idx = X509_OBJECT_idx_by_subject(h, type, name); - if (idx==-1) return NULL; + if (idx == -1) + return NULL; return sk_X509_OBJECT_value(h, idx); } -X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x) +X509 * +X509_OBJECT_get0_X509(const X509_OBJECT *xo) +{ + if (xo != NULL && xo->type == X509_LU_X509) + return xo->data.x509; + return NULL; +} + +X509_CRL * +X509_OBJECT_get0_X509_CRL(X509_OBJECT *xo) +{ + if (xo != NULL && xo->type == X509_LU_CRL) + return xo->data.crl; + return NULL; +} + +STACK_OF(X509) * +X509_STORE_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm) +{ + int i, idx, cnt; + STACK_OF(X509) *sk; + X509 *x; + X509_OBJECT *obj; + + sk = sk_X509_new_null(); + if (sk == NULL) + return NULL; + CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); + idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_X509, nm, &cnt); + if (idx < 0) { + /* Nothing found in cache: do lookup to possibly add new + * objects to cache + */ + X509_OBJECT xobj; + CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + if (!X509_STORE_get_by_subject(ctx, X509_LU_X509, nm, &xobj)) { + sk_X509_free(sk); + return NULL; + } + X509_OBJECT_free_contents(&xobj); + CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); + idx = x509_object_idx_cnt(ctx->ctx->objs, + X509_LU_X509, nm, &cnt); + if (idx < 0) { + CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + sk_X509_free(sk); + return NULL; + } + } + for (i = 0; i < cnt; i++, idx++) { + obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx); + x = obj->data.x509; + CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); + if (!sk_X509_push(sk, x)) { + CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + X509_free(x); + sk_X509_pop_free(sk, X509_free); + return NULL; + } + } + CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + return sk; + +} + +STACK_OF(X509_CRL) * +X509_STORE_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm) +{ + int i, idx, cnt; + STACK_OF(X509_CRL) *sk; + X509_CRL *x; + X509_OBJECT *obj, xobj; + + sk = sk_X509_CRL_new_null(); + if (sk == NULL) + return NULL; + CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); + /* Check cache first */ + idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_CRL, nm, &cnt); + + /* Always do lookup to possibly add new CRLs to cache + */ + CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + if (!X509_STORE_get_by_subject(ctx, X509_LU_CRL, nm, &xobj)) { + sk_X509_CRL_free(sk); + return NULL; + } + X509_OBJECT_free_contents(&xobj); + CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); + idx = x509_object_idx_cnt(ctx->ctx->objs, X509_LU_CRL, nm, &cnt); + if (idx < 0) { + CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + sk_X509_CRL_free(sk); + return NULL; + } + + for (i = 0; i < cnt; i++, idx++) { + obj = sk_X509_OBJECT_value(ctx->ctx->objs, idx); + x = obj->data.crl; + CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_CRL); + if (!sk_X509_CRL_push(sk, x)) { + CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + X509_CRL_free(x); + sk_X509_CRL_pop_free(sk, X509_CRL_free); + return NULL; + } + } + CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + return sk; +} + +X509_OBJECT * +X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x) { int idx, i; X509_OBJECT *obj; + idx = sk_X509_OBJECT_find(h, x); - if (idx == -1) return NULL; - if (x->type != X509_LU_X509) return sk_X509_OBJECT_value(h, idx); - for (i = idx; i < sk_X509_OBJECT_num(h); i++) - { + if (idx == -1) + return NULL; + if ((x->type != X509_LU_X509) && (x->type != X509_LU_CRL)) + return sk_X509_OBJECT_value(h, idx); + for (i = idx; i < sk_X509_OBJECT_num(h); i++) { obj = sk_X509_OBJECT_value(h, i); - if (x509_object_cmp((const X509_OBJECT **)&obj, (const X509_OBJECT **)&x)) + if (x509_object_cmp((const X509_OBJECT **)&obj, + (const X509_OBJECT **)&x)) return NULL; - if ((x->type != X509_LU_X509) || !X509_cmp(obj->data.x509, x->data.x509)) + if (x->type == X509_LU_X509) { + if (!X509_cmp(obj->data.x509, x->data.x509)) + return obj; + } else if (x->type == X509_LU_CRL) { + if (!X509_CRL_match(obj->data.crl, x->data.crl)) + return obj; + } else return obj; - } + } return NULL; } - /* Try to get issuer certificate from store. Due to limitations * of the API this can only retrieve a single certificate matching * a given subject name. However it will fill the cache with all - * matching certificates, so we can examine the cache for all + * matching certificates, so we can examine the cache for all * matches. * * Return values are: @@ -484,74 +687,129 @@ X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x * 0 certificate not found. * -1 some other error. */ - - -int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) +int +X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) { X509_NAME *xn; X509_OBJECT obj, *pobj; - int i, ok, idx; - xn=X509_get_issuer_name(x); - ok=X509_STORE_get_by_subject(ctx,X509_LU_X509,xn,&obj); - if (ok != X509_LU_X509) - { - if (ok == X509_LU_RETRY) - { + int i, ok, idx, ret; + + *issuer = NULL; + xn = X509_get_issuer_name(x); + ok = X509_STORE_get_by_subject(ctx, X509_LU_X509, xn, &obj); + if (ok != X509_LU_X509) { + if (ok == X509_LU_RETRY) { X509_OBJECT_free_contents(&obj); - X509err(X509_F_X509_VERIFY_CERT,X509_R_SHOULD_RETRY); + X509error(X509_R_SHOULD_RETRY); return -1; - } - else if (ok != X509_LU_FAIL) - { + } else if (ok != X509_LU_FAIL) { X509_OBJECT_free_contents(&obj); /* not good :-(, break anyway */ return -1; - } - return 0; } + return 0; + } /* If certificate matches all OK */ - if (ctx->check_issued(ctx, x, obj.data.x509)) - { - *issuer = obj.data.x509; - return 1; + if (ctx->check_issued(ctx, x, obj.data.x509)) { + if (x509_check_cert_time(ctx, obj.data.x509, 1)) { + *issuer = obj.data.x509; + return 1; } + } X509_OBJECT_free_contents(&obj); - /* Else find index of first matching cert */ + + /* Else find index of first cert accepted by 'check_issued' */ + ret = 0; + CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn); - /* This shouldn't normally happen since we already have one match */ - if (idx == -1) return 0; - - /* Look through all matching certificates for a suitable issuer */ - for (i = idx; i < sk_X509_OBJECT_num(ctx->ctx->objs); i++) - { - pobj = sk_X509_OBJECT_value(ctx->ctx->objs, i); - /* See if we've ran out of matches */ - if (pobj->type != X509_LU_X509) return 0; - if (X509_NAME_cmp(xn, X509_get_subject_name(pobj->data.x509))) return 0; - if (ctx->check_issued(ctx, x, pobj->data.x509)) - { - *issuer = pobj->data.x509; - X509_OBJECT_up_ref_count(pobj); - return 1; + if (idx != -1) /* should be true as we've had at least one match */ { + /* Look through all matching certs for suitable issuer */ + for (i = idx; i < sk_X509_OBJECT_num(ctx->ctx->objs); i++) { + pobj = sk_X509_OBJECT_value(ctx->ctx->objs, i); + /* See if we've run past the matches */ + if (pobj->type != X509_LU_X509) + break; + if (X509_NAME_cmp(xn, + X509_get_subject_name(pobj->data.x509))) + break; + if (ctx->check_issued(ctx, x, pobj->data.x509)) { + *issuer = pobj->data.x509; + ret = 1; + /* + * If times check, exit with match, + * otherwise keep looking. Leave last + * match in issuer so we return nearest + * match if no certificate time is OK. + */ + if (x509_check_cert_time(ctx, *issuer, 1)) + break; } } - return 0; + } + CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + if (*issuer) + CRYPTO_add(&(*issuer)->references, 1, CRYPTO_LOCK_X509); + return ret; } -void X509_STORE_set_flags(X509_STORE *ctx, long flags) - { - ctx->flags |= flags; - } +STACK_OF(X509_OBJECT) * +X509_STORE_get0_objects(X509_STORE *xs) +{ + return xs->objs; +} -int X509_STORE_set_purpose(X509_STORE *ctx, int purpose) - { - return X509_PURPOSE_set(&ctx->purpose, purpose); - } +void * +X509_STORE_get_ex_data(X509_STORE *xs, int idx) +{ + return CRYPTO_get_ex_data(&xs->ex_data, idx); +} -int X509_STORE_set_trust(X509_STORE *ctx, int trust) - { - return X509_TRUST_set(&ctx->trust, trust); - } +int +X509_STORE_set_ex_data(X509_STORE *xs, int idx, void *data) +{ + return CRYPTO_set_ex_data(&xs->ex_data, idx, data); +} + +int +X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags) +{ + return X509_VERIFY_PARAM_set_flags(ctx->param, flags); +} + +int +X509_STORE_set_depth(X509_STORE *ctx, int depth) +{ + X509_VERIFY_PARAM_set_depth(ctx->param, depth); + return 1; +} -IMPLEMENT_STACK_OF(X509_LOOKUP) -IMPLEMENT_STACK_OF(X509_OBJECT) +int +X509_STORE_set_purpose(X509_STORE *ctx, int purpose) +{ + return X509_VERIFY_PARAM_set_purpose(ctx->param, purpose); +} + +int +X509_STORE_set_trust(X509_STORE *ctx, int trust) +{ + return X509_VERIFY_PARAM_set_trust(ctx->param, trust); +} + +int +X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *param) +{ + return X509_VERIFY_PARAM_set1(ctx->param, param); +} + +X509_VERIFY_PARAM * +X509_STORE_get0_param(X509_STORE *ctx) +{ + return ctx->param; +} + +void +X509_STORE_set_verify_cb(X509_STORE *ctx, + int (*verify_cb)(int, X509_STORE_CTX *)) +{ + ctx->verify_cb = verify_cb; +} diff --git a/src/lib/libcrypto/x509/x509_obj.c b/src/lib/libcrypto/x509/x509_obj.c index 1e718f76eb2..5c537990206 100644 --- a/src/lib/libcrypto/x509/x509_obj.c +++ b/src/lib/libcrypto/x509/x509_obj.c @@ -1,25 +1,25 @@ -/* crypto/x509/x509_obj.c */ +/* $OpenBSD: x509_obj.c,v 1.18 2018/05/18 18:19:31 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,170 +57,123 @@ */ #include -#include "cryptlib.h" +#include + +#include +#include #include #include #include -#include -char *X509_NAME_oneline(X509_NAME *a, char *buf, int len) - { +char * +X509_NAME_oneline(const X509_NAME *a, char *buf, int len) +{ X509_NAME_ENTRY *ne; -int i; - int n,lold,l,l1,l2,num,j,type; + int i; + int n, lold, l, l1, l2, num, j, type; const char *s; char *p; unsigned char *q; - BUF_MEM *b=NULL; - static char hex[17]="0123456789ABCDEF"; + BUF_MEM *b = NULL; + static const char hex[17] = "0123456789ABCDEF"; int gs_doit[4]; char tmp_buf[80]; -#ifdef CHARSET_EBCDIC - char ebcdic_buf[1024]; -#endif - if (buf == NULL) - { - if ((b=BUF_MEM_new()) == NULL) goto err; - if (!BUF_MEM_grow(b,200)) goto err; - b->data[0]='\0'; - len=200; - } - if (a == NULL) - { - if(b) - { - buf=b->data; - OPENSSL_free(b); + if (buf == NULL) { + if ((b = BUF_MEM_new()) == NULL) + goto err; + if (!BUF_MEM_grow(b, 200)) + goto err; + b->data[0] = '\0'; + len = 200; + } + if (a == NULL) { + if (b) { + buf = b->data; + free(b); } - strncpy(buf,"NO X509_NAME",len); - buf[len-1]='\0'; - return buf; - } + strlcpy(buf, "NO X509_NAME", len); + return buf; + } len--; /* space for '\0' */ - l=0; - for (i=0; ientries); i++) - { - ne=sk_X509_NAME_ENTRY_value(a->entries,i); - n=OBJ_obj2nid(ne->object); - if ((n == NID_undef) || ((s=OBJ_nid2sn(n)) == NULL)) - { - i2t_ASN1_OBJECT(tmp_buf,sizeof(tmp_buf),ne->object); - s=tmp_buf; - } - l1=strlen(s); - - type=ne->value->type; - num=ne->value->length; - q=ne->value->data; -#ifdef CHARSET_EBCDIC - if (type == V_ASN1_GENERALSTRING || - type == V_ASN1_VISIBLESTRING || - type == V_ASN1_PRINTABLESTRING || - type == V_ASN1_TELETEXSTRING || - type == V_ASN1_VISIBLESTRING || - type == V_ASN1_IA5STRING) { - ascii2ebcdic(ebcdic_buf, q, - (num > sizeof ebcdic_buf) - ? sizeof ebcdic_buf : num); - q=ebcdic_buf; + l = 0; + for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) { + ne = sk_X509_NAME_ENTRY_value(a->entries, i); + n = OBJ_obj2nid(ne->object); + if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) { + i2t_ASN1_OBJECT(tmp_buf, sizeof(tmp_buf), ne->object); + s = tmp_buf; } -#endif + l1 = strlen(s); - if ((type == V_ASN1_GENERALSTRING) && ((num%4) == 0)) - { - gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=0; - for (j=0; jvalue->type; + num = ne->value->length; + q = ne->value->data; + if ((type == V_ASN1_GENERALSTRING) && ((num % 4) == 0)) { + gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 0; + for (j = 0; j < num; j++) + if (q[j] != 0) + gs_doit[j & 3] = 1; if (gs_doit[0]|gs_doit[1]|gs_doit[2]) - gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=1; - else - { - gs_doit[0]=gs_doit[1]=gs_doit[2]=0; - gs_doit[3]=1; - } + gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 1; + else { + gs_doit[0] = gs_doit[1] = gs_doit[2] = 0; + gs_doit[3] = 1; } - else - gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=1; + } else + gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 1; - for (l2=j=0; j '~')) l2+=3; -#else - if ((os_toascii[q[j]] < os_toascii[' ']) || - (os_toascii[q[j]] > os_toascii['~'])) l2+=3; -#endif - } + if ((q[j] < ' ') || (q[j] > '~')) + l2 += 3; + } - lold=l; - l+=1+l1+1+l2; - if (b != NULL) - { - if (!BUF_MEM_grow(b,l+1)) goto err; - p= &(b->data[lold]); - } - else if (l > len) - { + lold = l; + l += 1 + l1 + 1 + l2; + if (b != NULL) { + if (!BUF_MEM_grow(b, l + 1)) + goto err; + p = &(b->data[lold]); + } else if (l > len) { break; - } - else - p= &(buf[lold]); - *(p++)='/'; - memcpy(p,s,(unsigned int)l1); p+=l1; - *(p++)='='; - -#ifndef CHARSET_EBCDIC /* q was assigned above already. */ - q=ne->value->data; -#endif - - for (j=0; j '~')) - { - *(p++)='\\'; - *(p++)='x'; - *(p++)=hex[(n>>4)&0x0f]; - *(p++)=hex[n&0x0f]; - } - else - *(p++)=n; -#else - n=os_toascii[q[j]]; - if ((n < os_toascii[' ']) || - (n > os_toascii['~'])) - { - *(p++)='\\'; - *(p++)='x'; - *(p++)=hex[(n>>4)&0x0f]; - *(p++)=hex[n&0x0f]; - } - else - *(p++)=q[j]; -#endif - } - *p='\0'; - } - if (b != NULL) - { - p=b->data; - OPENSSL_free(b); + } else + p = &(buf[lold]); + *(p++) = '/'; + memcpy(p, s, l1); + p += l1; + *(p++) = '='; + q = ne->value->data; + for (j = 0; j < num; j++) { + if (!gs_doit[j & 3]) + continue; + n = q[j]; + if ((n < ' ') || (n > '~')) { + *(p++) = '\\'; + *(p++) = 'x'; + *(p++) = hex[(n >> 4) & 0x0f]; + *(p++) = hex[n & 0x0f]; + } else + *(p++) = n; } - else - p=buf; - if (i == 0) *p = '\0'; - return(p); -err: - X509err(X509_F_X509_NAME_ONELINE,ERR_R_MALLOC_FAILURE); - if (b != NULL) BUF_MEM_free(b); - return(NULL); } + if (b != NULL) { + p = b->data; + free(b); + } else + p = buf; + if (i == 0) + *p = '\0'; + return (p); +err: + X509error(ERR_R_MALLOC_FAILURE); + if (b != NULL) + BUF_MEM_free(b); + return (NULL); +} diff --git a/src/lib/libcrypto/x509/x509_r2x.c b/src/lib/libcrypto/x509/x509_r2x.c index db051033d9b..525163bc3e5 100644 --- a/src/lib/libcrypto/x509/x509_r2x.c +++ b/src/lib/libcrypto/x509/x509_r2x.c @@ -1,25 +1,25 @@ -/* crypto/x509/x509_r2x.c */ +/* $OpenBSD: x509_r2x.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,54 +57,59 @@ */ #include -#include "cryptlib.h" + +#include #include +#include +#include #include -#include -#include #include -#include +#include -X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey) - { - X509 *ret=NULL; - X509_CINF *xi=NULL; +X509 * +X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey) +{ + X509 *ret = NULL; + X509_CINF *xi = NULL; X509_NAME *xn; - if ((ret=X509_new()) == NULL) - { - X509err(X509_F_X509_REQ_TO_X509,ERR_R_MALLOC_FAILURE); + if ((ret = X509_new()) == NULL) { + X509error(ERR_R_MALLOC_FAILURE); goto err; - } + } /* duplicate the request */ - xi=ret->cert_info; + xi = ret->cert_info; - if (sk_X509_ATTRIBUTE_num(r->req_info->attributes) != 0) - { - if ((xi->version=M_ASN1_INTEGER_new()) == NULL) goto err; - if (!ASN1_INTEGER_set(xi->version,2)) goto err; + if (sk_X509_ATTRIBUTE_num(r->req_info->attributes) != 0) { + if ((xi->version = ASN1_INTEGER_new()) == NULL) + goto err; + if (!ASN1_INTEGER_set(xi->version, 2)) + goto err; /* xi->extensions=ri->attributes; <- bad, should not ever be done ri->attributes=NULL; */ - } + } - xn=X509_REQ_get_subject_name(r); - X509_set_subject_name(ret,X509_NAME_dup(xn)); - X509_set_issuer_name(ret,X509_NAME_dup(xn)); + xn = X509_REQ_get_subject_name(r); + if (X509_set_subject_name(ret, X509_NAME_dup(xn)) == 0) + goto err; + if (X509_set_issuer_name(ret, X509_NAME_dup(xn)) == 0) + goto err; - X509_gmtime_adj(xi->validity->notBefore,0); - X509_gmtime_adj(xi->validity->notAfter,(long)60*60*24*days); + if (X509_gmtime_adj(xi->validity->notBefore, 0) == NULL) + goto err; + if (X509_gmtime_adj(xi->validity->notAfter, + (long)60 * 60 * 24 * days) == NULL) + goto err; - X509_set_pubkey(ret,X509_REQ_get_pubkey(r)); + X509_set_pubkey(ret, X509_REQ_get_pubkey(r)); - if (!X509_sign(ret,pkey,EVP_md5())) + if (!X509_sign(ret, pkey, EVP_md5())) goto err; - if (0) - { + if (0) { err: X509_free(ret); - ret=NULL; - } - return(ret); + ret = NULL; } - + return (ret); +} diff --git a/src/lib/libcrypto/x509/x509_req.c b/src/lib/libcrypto/x509/x509_req.c index 0affa3bf306..b44306b00dd 100644 --- a/src/lib/libcrypto/x509/x509_req.c +++ b/src/lib/libcrypto/x509/x509_req.c @@ -1,25 +1,25 @@ -/* crypto/x509/x509_req.c */ +/* $OpenBSD: x509_req.c,v 1.21 2018/05/13 06:48:00 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,222 +57,287 @@ */ #include -#include "cryptlib.h" + +#include + +#include +#include #include +#include +#include #include -#include -#include #include -#include #include +#include -X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) - { +X509_REQ * +X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) +{ X509_REQ *ret; X509_REQ_INFO *ri; int i; EVP_PKEY *pktmp; - ret=X509_REQ_new(); - if (ret == NULL) - { - X509err(X509_F_X509_TO_X509_REQ,ERR_R_MALLOC_FAILURE); + ret = X509_REQ_new(); + if (ret == NULL) { + X509error(ERR_R_MALLOC_FAILURE); goto err; - } + } - ri=ret->req_info; + ri = ret->req_info; - ri->version->length=1; - ri->version->data=(unsigned char *)OPENSSL_malloc(1); - if (ri->version->data == NULL) goto err; - ri->version->data[0]=0; /* version == 0 */ + if ((ri->version = ASN1_INTEGER_new()) == NULL) + goto err; + if (ASN1_INTEGER_set(ri->version, 0) == 0) + goto err; - if (!X509_REQ_set_subject_name(ret,X509_get_subject_name(x))) + if (!X509_REQ_set_subject_name(ret, X509_get_subject_name(x))) goto err; - pktmp = X509_get_pubkey(x); - i=X509_REQ_set_pubkey(ret,pktmp); + if ((pktmp = X509_get_pubkey(x)) == NULL) + goto err; + + i = X509_REQ_set_pubkey(ret, pktmp); EVP_PKEY_free(pktmp); - if (!i) goto err; + if (!i) + goto err; - if (pkey != NULL) - { - if (!X509_REQ_sign(ret,pkey,md)) + if (pkey != NULL) { + if (!X509_REQ_sign(ret, pkey, md)) goto err; - } - return(ret); + } + return (ret); + err: X509_REQ_free(ret); - return(NULL); - } + return (NULL); +} -EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req) - { +EVP_PKEY * +X509_REQ_get_pubkey(X509_REQ *req) +{ if ((req == NULL) || (req->req_info == NULL)) - return(NULL); - return(X509_PUBKEY_get(req->req_info->pubkey)); + return (NULL); + return (X509_PUBKEY_get(req->req_info->pubkey)); +} + +int +X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k) +{ + EVP_PKEY *xk = NULL; + int ok = 0; + + xk = X509_REQ_get_pubkey(x); + switch (EVP_PKEY_cmp(xk, k)) { + case 1: + ok = 1; + break; + case 0: + X509error(X509_R_KEY_VALUES_MISMATCH); + break; + case -1: + X509error(X509_R_KEY_TYPE_MISMATCH); + break; + case -2: +#ifndef OPENSSL_NO_EC + if (k->type == EVP_PKEY_EC) { + X509error(ERR_R_EC_LIB); + break; + } +#endif +#ifndef OPENSSL_NO_DH + if (k->type == EVP_PKEY_DH) { + /* No idea */ + X509error(X509_R_CANT_CHECK_DH_KEY); + break; + } +#endif + X509error(X509_R_UNKNOWN_KEY_TYPE); } + EVP_PKEY_free(xk); + return (ok); +} + /* It seems several organisations had the same idea of including a list of * extensions in a certificate request. There are at least two OIDs that are * used and there may be more: so the list is configurable. */ -static int ext_nid_list[] = { NID_ms_ext_req, NID_ext_req, NID_undef}; +static int ext_nid_list[] = {NID_ext_req, NID_ms_ext_req, NID_undef}; static int *ext_nids = ext_nid_list; -int X509_REQ_extension_nid(int req_nid) +int +X509_REQ_extension_nid(int req_nid) { int i, nid; - for(i = 0; ; i++) { + + for (i = 0; ; i++) { nid = ext_nids[i]; - if(nid == NID_undef) return 0; - else if (req_nid == nid) return 1; + if (nid == NID_undef) + return 0; + else if (req_nid == nid) + return 1; } } -int *X509_REQ_get_extension_nids(void) +int * +X509_REQ_get_extension_nids(void) { return ext_nids; } - -void X509_REQ_set_extension_nids(int *nids) + +void +X509_REQ_set_extension_nids(int *nids) { ext_nids = nids; } -STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req) +STACK_OF(X509_EXTENSION) * +X509_REQ_get_extensions(X509_REQ *req) { X509_ATTRIBUTE *attr; - STACK_OF(X509_ATTRIBUTE) *sk; ASN1_TYPE *ext = NULL; - int i; - unsigned char *p; - if ((req == NULL) || (req->req_info == NULL)) - return(NULL); - sk=req->req_info->attributes; - if (!sk) return NULL; - for(i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) { - attr = sk_X509_ATTRIBUTE_value(sk, i); - if(X509_REQ_extension_nid(OBJ_obj2nid(attr->object))) { - if(attr->single) ext = attr->value.single; - else if(sk_ASN1_TYPE_num(attr->value.set)) - ext = sk_ASN1_TYPE_value(attr->value.set, 0); - break; - } + int idx, *pnid; + const unsigned char *p; + + if ((req == NULL) || (req->req_info == NULL) || !ext_nids) + return (NULL); + for (pnid = ext_nids; *pnid != NID_undef; pnid++) { + idx = X509_REQ_get_attr_by_NID(req, *pnid, -1); + if (idx == -1) + continue; + attr = X509_REQ_get_attr(req, idx); + if (attr->single) + ext = attr->value.single; + else if (sk_ASN1_TYPE_num(attr->value.set)) + ext = sk_ASN1_TYPE_value(attr->value.set, 0); + break; } - if(!ext || (ext->type != V_ASN1_SEQUENCE)) return NULL; + if (!ext || (ext->type != V_ASN1_SEQUENCE)) + return NULL; p = ext->value.sequence->data; - return d2i_ASN1_SET_OF_X509_EXTENSION(NULL, &p, - ext->value.sequence->length, - d2i_X509_EXTENSION, X509_EXTENSION_free, - V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); + return (STACK_OF(X509_EXTENSION) *)ASN1_item_d2i(NULL, &p, + ext->value.sequence->length, &X509_EXTENSIONS_it); } /* Add a STACK_OF extensions to a certificate request: allow alternative OIDs * in case we want to create a non standard one. */ -int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, - int nid) +int +X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, + int nid) { - unsigned char *p = NULL, *q; - long len; ASN1_TYPE *at = NULL; X509_ATTRIBUTE *attr = NULL; - if(!(at = ASN1_TYPE_new()) || - !(at->value.sequence = ASN1_STRING_new())) goto err; + + if (!(at = ASN1_TYPE_new()) || + !(at->value.sequence = ASN1_STRING_new())) + goto err; at->type = V_ASN1_SEQUENCE; /* Generate encoding of extensions */ - len = i2d_ASN1_SET_OF_X509_EXTENSION(exts, NULL, i2d_X509_EXTENSION, - V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE); - if(!(p = OPENSSL_malloc(len))) goto err; - q = p; - i2d_ASN1_SET_OF_X509_EXTENSION(exts, &q, i2d_X509_EXTENSION, - V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE); - at->value.sequence->data = p; - p = NULL; - at->value.sequence->length = len; - if(!(attr = X509_ATTRIBUTE_new())) goto err; - if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err; - if(!sk_ASN1_TYPE_push(attr->value.set, at)) goto err; + at->value.sequence->length = ASN1_item_i2d((ASN1_VALUE *)exts, + &at->value.sequence->data, &X509_EXTENSIONS_it); + if (!(attr = X509_ATTRIBUTE_new())) + goto err; + if (!(attr->value.set = sk_ASN1_TYPE_new_null())) + goto err; + if (!sk_ASN1_TYPE_push(attr->value.set, at)) + goto err; at = NULL; attr->single = 0; attr->object = OBJ_nid2obj(nid); - if(!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) goto err; + if (!req->req_info->attributes) { + if (!(req->req_info->attributes = sk_X509_ATTRIBUTE_new_null())) + goto err; + } + if (!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) + goto err; return 1; - err: - if(p) OPENSSL_free(p); + +err: X509_ATTRIBUTE_free(attr); ASN1_TYPE_free(at); return 0; } + /* This is the normal usage: use the "official" OID */ -int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts) +int +X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts) { return X509_REQ_add_extensions_nid(req, exts, NID_ext_req); } /* Request attribute functions */ -int X509_REQ_get_attr_count(const X509_REQ *req) +int +X509_REQ_get_attr_count(const X509_REQ *req) { return X509at_get_attr_count(req->req_info->attributes); } -int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, - int lastpos) +int +X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos) { return X509at_get_attr_by_NID(req->req_info->attributes, nid, lastpos); } -int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj, - int lastpos) +int +X509_REQ_get_attr_by_OBJ(const X509_REQ *req, const ASN1_OBJECT *obj, + int lastpos) { return X509at_get_attr_by_OBJ(req->req_info->attributes, obj, lastpos); } -X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc) +X509_ATTRIBUTE * +X509_REQ_get_attr(const X509_REQ *req, int loc) { return X509at_get_attr(req->req_info->attributes, loc); } -X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc) +X509_ATTRIBUTE * +X509_REQ_delete_attr(X509_REQ *req, int loc) { return X509at_delete_attr(req->req_info->attributes, loc); } -int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr) +int +X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr) { - if(X509at_add1_attr(&req->req_info->attributes, attr)) return 1; + if (X509at_add1_attr(&req->req_info->attributes, attr)) + return 1; return 0; } -int X509_REQ_add1_attr_by_OBJ(X509_REQ *req, - const ASN1_OBJECT *obj, int type, - const unsigned char *bytes, int len) +int +X509_REQ_add1_attr_by_OBJ(X509_REQ *req, const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len) { - if(X509at_add1_attr_by_OBJ(&req->req_info->attributes, obj, - type, bytes, len)) return 1; + if (X509at_add1_attr_by_OBJ(&req->req_info->attributes, obj, + type, bytes, len)) + return 1; return 0; } -int X509_REQ_add1_attr_by_NID(X509_REQ *req, - int nid, int type, - const unsigned char *bytes, int len) +int +X509_REQ_add1_attr_by_NID(X509_REQ *req, int nid, int type, + const unsigned char *bytes, int len) { - if(X509at_add1_attr_by_NID(&req->req_info->attributes, nid, - type, bytes, len)) return 1; + if (X509at_add1_attr_by_NID(&req->req_info->attributes, nid, + type, bytes, len)) + return 1; return 0; } -int X509_REQ_add1_attr_by_txt(X509_REQ *req, - const char *attrname, int type, - const unsigned char *bytes, int len) +int +X509_REQ_add1_attr_by_txt(X509_REQ *req, const char *attrname, int type, + const unsigned char *bytes, int len) { - if(X509at_add1_attr_by_txt(&req->req_info->attributes, attrname, - type, bytes, len)) return 1; + if (X509at_add1_attr_by_txt(&req->req_info->attributes, attrname, + type, bytes, len)) + return 1; return 0; } diff --git a/src/lib/libcrypto/x509/x509_set.c b/src/lib/libcrypto/x509/x509_set.c index aaf61ca062b..1a4b583ab72 100644 --- a/src/lib/libcrypto/x509/x509_set.c +++ b/src/lib/libcrypto/x509/x509_set.c @@ -1,25 +1,25 @@ -/* crypto/x509/x509_set.c */ +/* $OpenBSD: x509_set.c,v 1.17 2018/08/24 19:55:58 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,94 +57,162 @@ */ #include -#include "cryptlib.h" + #include -#include #include +#include #include -int X509_set_version(X509 *x, long version) - { - if (x == NULL) return(0); - if (x->cert_info->version == NULL) - { - if ((x->cert_info->version=M_ASN1_INTEGER_new()) == NULL) - return(0); - } - return(ASN1_INTEGER_set(x->cert_info->version,version)); +const STACK_OF(X509_EXTENSION) * +X509_get0_extensions(const X509 *x) +{ + return x->cert_info->extensions; +} + +const X509_ALGOR * +X509_get0_tbs_sigalg(const X509 *x) +{ + return x->cert_info->signature; +} + +int +X509_set_version(X509 *x, long version) +{ + if (x == NULL) + return (0); + if (x->cert_info->version == NULL) { + if ((x->cert_info->version = ASN1_INTEGER_new()) == NULL) + return (0); } + return (ASN1_INTEGER_set(x->cert_info->version, version)); +} -int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial) - { +long +X509_get_version(const X509 *x) +{ + return ASN1_INTEGER_get(x->cert_info->version); +} + +int +X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial) +{ ASN1_INTEGER *in; - if (x == NULL) return(0); - in=x->cert_info->serialNumber; - if (in != serial) - { - in=M_ASN1_INTEGER_dup(serial); - if (in != NULL) - { - M_ASN1_INTEGER_free(x->cert_info->serialNumber); - x->cert_info->serialNumber=in; - } + if (x == NULL) + return (0); + in = x->cert_info->serialNumber; + if (in != serial) { + in = ASN1_INTEGER_dup(serial); + if (in != NULL) { + ASN1_INTEGER_free(x->cert_info->serialNumber); + x->cert_info->serialNumber = in; } - return(in != NULL); } + return (in != NULL); +} -int X509_set_issuer_name(X509 *x, X509_NAME *name) - { - if ((x == NULL) || (x->cert_info == NULL)) return(0); - return(X509_NAME_set(&x->cert_info->issuer,name)); - } +int +X509_set_issuer_name(X509 *x, X509_NAME *name) +{ + if ((x == NULL) || (x->cert_info == NULL)) + return (0); + return (X509_NAME_set(&x->cert_info->issuer, name)); +} -int X509_set_subject_name(X509 *x, X509_NAME *name) - { - if ((x == NULL) || (x->cert_info == NULL)) return(0); - return(X509_NAME_set(&x->cert_info->subject,name)); - } +int +X509_set_subject_name(X509 *x, X509_NAME *name) +{ + if (x == NULL || x->cert_info == NULL) + return (0); + return (X509_NAME_set(&x->cert_info->subject, name)); +} + +const ASN1_TIME * +X509_get0_notBefore(const X509 *x) +{ + return X509_getm_notBefore(x); +} + +ASN1_TIME * +X509_getm_notBefore(const X509 *x) +{ + if (x == NULL || x->cert_info == NULL || x->cert_info->validity == NULL) + return (NULL); + return x->cert_info->validity->notBefore; +} -int X509_set_notBefore(X509 *x, ASN1_TIME *tm) - { +int +X509_set_notBefore(X509 *x, const ASN1_TIME *tm) +{ ASN1_TIME *in; - if ((x == NULL) || (x->cert_info->validity == NULL)) return(0); - in=x->cert_info->validity->notBefore; - if (in != tm) - { - in=M_ASN1_TIME_dup(tm); - if (in != NULL) - { - M_ASN1_TIME_free(x->cert_info->validity->notBefore); - x->cert_info->validity->notBefore=in; - } + if (x == NULL || x->cert_info->validity == NULL) + return (0); + in = x->cert_info->validity->notBefore; + if (in != tm) { + in = ASN1_STRING_dup(tm); + if (in != NULL) { + ASN1_TIME_free(x->cert_info->validity->notBefore); + x->cert_info->validity->notBefore = in; } - return(in != NULL); } + return (in != NULL); +} -int X509_set_notAfter(X509 *x, ASN1_TIME *tm) - { +int +X509_set1_notBefore(X509 *x, const ASN1_TIME *tm) +{ + return X509_set_notBefore(x, tm); +} + +const ASN1_TIME * +X509_get0_notAfter(const X509 *x) +{ + return X509_getm_notAfter(x); +} + +ASN1_TIME * +X509_getm_notAfter(const X509 *x) +{ + if (x == NULL || x->cert_info == NULL || x->cert_info->validity == NULL) + return (NULL); + return x->cert_info->validity->notAfter; +} + +int +X509_set_notAfter(X509 *x, const ASN1_TIME *tm) +{ ASN1_TIME *in; - if ((x == NULL) || (x->cert_info->validity == NULL)) return(0); - in=x->cert_info->validity->notAfter; - if (in != tm) - { - in=M_ASN1_TIME_dup(tm); - if (in != NULL) - { - M_ASN1_TIME_free(x->cert_info->validity->notAfter); - x->cert_info->validity->notAfter=in; - } + if (x == NULL || x->cert_info->validity == NULL) + return (0); + in = x->cert_info->validity->notAfter; + if (in != tm) { + in = ASN1_STRING_dup(tm); + if (in != NULL) { + ASN1_TIME_free(x->cert_info->validity->notAfter); + x->cert_info->validity->notAfter = in; } - return(in != NULL); - } - -int X509_set_pubkey(X509 *x, EVP_PKEY *pkey) - { - if ((x == NULL) || (x->cert_info == NULL)) return(0); - return(X509_PUBKEY_set(&(x->cert_info->key),pkey)); } + return (in != NULL); +} +int +X509_set1_notAfter(X509 *x, const ASN1_TIME *tm) +{ + return X509_set_notAfter(x, tm); +} +int +X509_set_pubkey(X509 *x, EVP_PKEY *pkey) +{ + if ((x == NULL) || (x->cert_info == NULL)) + return (0); + return (X509_PUBKEY_set(&(x->cert_info->key), pkey)); +} +int +X509_get_signature_type(const X509 *x) +{ + return EVP_PKEY_type(OBJ_obj2nid(x->sig_alg->algorithm)); +} diff --git a/src/lib/libcrypto/x509/x509_trs.c b/src/lib/libcrypto/x509/x509_trs.c index 17d69ac005b..651dc82a520 100644 --- a/src/lib/libcrypto/x509/x509_trs.c +++ b/src/lib/libcrypto/x509/x509_trs.c @@ -1,5 +1,5 @@ -/* x509_trs.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: x509_trs.c,v 1.23 2018/05/18 18:40:38 tb Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,12 +57,12 @@ */ #include -#include "cryptlib.h" -#include +#include +#include +#include -static int tr_cmp(const X509_TRUST * const *a, - const X509_TRUST * const *b); +static int tr_cmp(const X509_TRUST * const *a, const X509_TRUST * const *b); static void trtable_free(X509_TRUST *p); static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags); @@ -78,87 +78,121 @@ static int (*default_trust)(int id, X509 *x, int flags) = obj_trust; */ static X509_TRUST trstandard[] = { -{X509_TRUST_COMPAT, 0, trust_compat, "compatible", 0, NULL}, -{X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL}, -{X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth, NULL}, -{X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL}, -{X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign, NULL}, -{X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP, NULL} + {X509_TRUST_COMPAT, 0, trust_compat, "compatible", 0, NULL}, + {X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL}, + {X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth, NULL}, + {X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL}, + {X509_TRUST_OBJECT_SIGN, 0, trust_1oidany, "Object Signer", NID_code_sign, NULL}, + {X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign, NULL}, + {X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP, NULL}, + {X509_TRUST_TSA, 0, trust_1oidany, "TSA server", NID_time_stamp, NULL} }; #define X509_TRUST_COUNT (sizeof(trstandard)/sizeof(X509_TRUST)) -IMPLEMENT_STACK_OF(X509_TRUST) - static STACK_OF(X509_TRUST) *trtable = NULL; -static int tr_cmp(const X509_TRUST * const *a, - const X509_TRUST * const *b) +static int +tr_cmp(const X509_TRUST * const *a, const X509_TRUST * const *b) { return (*a)->trust - (*b)->trust; } -int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int) +int +(*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int) { int (*oldtrust)(int , X509 *, int); + oldtrust = default_trust; default_trust = trust; return oldtrust; } - -int X509_check_trust(X509 *x, int id, int flags) +int +X509_check_trust(X509 *x, int id, int flags) { X509_TRUST *pt; int idx; - if(id == -1) return 1; + + if (id == -1) + return 1; + /* + * XXX beck/jsing This enables self signed certs to be trusted for + * an unspecified id/trust flag value (this is NOT the + * X509_TRUST_DEFAULT), which was the longstanding + * openssl behaviour. boringssl does not have this behaviour. + * + * This should be revisited, but changing the default "not default" + * may break things. + */ + if (id == 0) { + int rv; + rv = obj_trust(NID_anyExtendedKeyUsage, x, 0); + if (rv != X509_TRUST_UNTRUSTED) + return rv; + return trust_compat(NULL, x, 0); + } idx = X509_TRUST_get_by_id(id); - if(idx == -1) return default_trust(id, x, flags); + if (idx == -1) + return default_trust(id, x, flags); pt = X509_TRUST_get0(idx); return pt->check_trust(pt, x, flags); } -int X509_TRUST_get_count(void) +int +X509_TRUST_get_count(void) { - if(!trtable) return X509_TRUST_COUNT; + if (!trtable) + return X509_TRUST_COUNT; return sk_X509_TRUST_num(trtable) + X509_TRUST_COUNT; } -X509_TRUST * X509_TRUST_get0(int idx) +X509_TRUST * +X509_TRUST_get0(int idx) { - if(idx < 0) return NULL; - if(idx < X509_TRUST_COUNT) return trstandard + idx; + if (idx < 0) + return NULL; + if (idx < (int)X509_TRUST_COUNT) + return trstandard + idx; return sk_X509_TRUST_value(trtable, idx - X509_TRUST_COUNT); } -int X509_TRUST_get_by_id(int id) +int +X509_TRUST_get_by_id(int id) { X509_TRUST tmp; int idx; - if((id >= X509_TRUST_MIN) && (id <= X509_TRUST_MAX)) - return id - X509_TRUST_MIN; + + if ((id >= X509_TRUST_MIN) && (id <= X509_TRUST_MAX)) + return id - X509_TRUST_MIN; tmp.trust = id; - if(!trtable) return -1; + if (!trtable) + return -1; idx = sk_X509_TRUST_find(trtable, &tmp); - if(idx == -1) return -1; + if (idx == -1) + return -1; return idx + X509_TRUST_COUNT; } -int X509_TRUST_set(int *t, int trust) +int +X509_TRUST_set(int *t, int trust) { - if(X509_TRUST_get_by_id(trust) == -1) { - X509err(X509_F_X509_TRUST_SET, X509_R_INVALID_TRUST); + if (X509_TRUST_get_by_id(trust) == -1) { + X509error(X509_R_INVALID_TRUST); return 0; } *t = trust; return 1; } -int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int), - char *name, int arg1, void *arg2) +int +X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int), + const char *name, int arg1, void *arg2) { int idx; X509_TRUST *trtmp; + char *name_dup; + /* This is set according to what we change: application can't set it */ flags &= ~X509_TRUST_DYNAMIC; /* This will always be set for application modified trust entries */ @@ -166,21 +200,28 @@ int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int), /* Get existing entry if any */ idx = X509_TRUST_get_by_id(id); /* Need a new entry */ - if(idx == -1) { - if(!(trtmp = OPENSSL_malloc(sizeof(X509_TRUST)))) { - X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE); + if (idx == -1) { + if (!(trtmp = malloc(sizeof(X509_TRUST)))) { + X509error(ERR_R_MALLOC_FAILURE); return 0; } trtmp->flags = X509_TRUST_DYNAMIC; - } else trtmp = X509_TRUST_get0(idx); + } else { + trtmp = X509_TRUST_get0(idx); + if (trtmp == NULL) { + X509error(X509_R_INVALID_TRUST); + return 0; + } + } + + if ((name_dup = strdup(name)) == NULL) + goto err; - /* OPENSSL_free existing name if dynamic */ - if(trtmp->flags & X509_TRUST_DYNAMIC_NAME) OPENSSL_free(trtmp->name); + /* free existing name if dynamic */ + if (trtmp->flags & X509_TRUST_DYNAMIC_NAME) + free(trtmp->name); /* dup supplied name */ - if(!(trtmp->name = BUF_strdup(name))) { - X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE); - return 0; - } + trtmp->name = name_dup; /* Keep the dynamic flag of existing entry */ trtmp->flags &= X509_TRUST_DYNAMIC; /* Set all other flags */ @@ -191,57 +232,69 @@ int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int), trtmp->arg1 = arg1; trtmp->arg2 = arg2; - /* If its a new entry manage the dynamic table */ - if(idx == -1) { - if(!trtable && !(trtable = sk_X509_TRUST_new(tr_cmp))) { - X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE); - return 0; - } - if (!sk_X509_TRUST_push(trtable, trtmp)) { - X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE); - return 0; - } + /* If it's a new entry, manage the dynamic table */ + if (idx == -1) { + if (trtable == NULL && + (trtable = sk_X509_TRUST_new(tr_cmp)) == NULL) + goto err; + if (sk_X509_TRUST_push(trtable, trtmp) == 0) + goto err; } return 1; + +err: + free(name_dup); + if (idx == -1) + free(trtmp); + X509error(ERR_R_MALLOC_FAILURE); + return 0; } -static void trtable_free(X509_TRUST *p) - { - if(!p) return; - if (p->flags & X509_TRUST_DYNAMIC) - { +static void +trtable_free(X509_TRUST *p) +{ + if (!p) + return; + if (p->flags & X509_TRUST_DYNAMIC) { if (p->flags & X509_TRUST_DYNAMIC_NAME) - OPENSSL_free(p->name); - OPENSSL_free(p); - } + free(p->name); + free(p); } +} -void X509_TRUST_cleanup(void) +void +X509_TRUST_cleanup(void) { - int i; - for(i = 0; i < X509_TRUST_COUNT; i++) trtable_free(trstandard + i); + unsigned int i; + + for (i = 0; i < X509_TRUST_COUNT; i++) + trtable_free(trstandard + i); sk_X509_TRUST_pop_free(trtable, trtable_free); trtable = NULL; } -int X509_TRUST_get_flags(X509_TRUST *xp) +int +X509_TRUST_get_flags(const X509_TRUST *xp) { return xp->flags; } -char *X509_TRUST_get0_name(X509_TRUST *xp) +char * +X509_TRUST_get0_name(const X509_TRUST *xp) { return xp->name; } -int X509_TRUST_get_trust(X509_TRUST *xp) +int +X509_TRUST_get_trust(const X509_TRUST *xp) { return xp->trust; } -static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags) +static int +trust_1oidany(X509_TRUST *trust, X509 *x, int flags) { - if(x->aux && (x->aux->trust || x->aux->reject)) + if (x->aux && (x->aux->trust || x->aux->reject)) return obj_trust(trust->arg1, x, flags); /* we don't have any trust settings: for compatibility * we return trusted if it is self signed @@ -249,38 +302,47 @@ static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags) return trust_compat(trust, x, flags); } -static int trust_1oid(X509_TRUST *trust, X509 *x, int flags) +static int +trust_1oid(X509_TRUST *trust, X509 *x, int flags) { - if(x->aux) return obj_trust(trust->arg1, x, flags); + if (x->aux) + return obj_trust(trust->arg1, x, flags); return X509_TRUST_UNTRUSTED; } -static int trust_compat(X509_TRUST *trust, X509 *x, int flags) +static int +trust_compat(X509_TRUST *trust, X509 *x, int flags) { X509_check_purpose(x, -1, 0); - if(x->ex_flags & EXFLAG_SS) return X509_TRUST_TRUSTED; - else return X509_TRUST_UNTRUSTED; + if (x->ex_flags & EXFLAG_SS) + return X509_TRUST_TRUSTED; + else + return X509_TRUST_UNTRUSTED; } -static int obj_trust(int id, X509 *x, int flags) +static int +obj_trust(int id, X509 *x, int flags) { ASN1_OBJECT *obj; int i; X509_CERT_AUX *ax; + ax = x->aux; - if(!ax) return X509_TRUST_UNTRUSTED; - if(ax->reject) { - for(i = 0; i < sk_ASN1_OBJECT_num(ax->reject); i++) { + if (!ax) + return X509_TRUST_UNTRUSTED; + if (ax->reject) { + for (i = 0; i < sk_ASN1_OBJECT_num(ax->reject); i++) { obj = sk_ASN1_OBJECT_value(ax->reject, i); - if(OBJ_obj2nid(obj) == id) return X509_TRUST_REJECTED; + if (OBJ_obj2nid(obj) == id) + return X509_TRUST_REJECTED; } - } - if(ax->trust) { - for(i = 0; i < sk_ASN1_OBJECT_num(ax->trust); i++) { + } + if (ax->trust) { + for (i = 0; i < sk_ASN1_OBJECT_num(ax->trust); i++) { obj = sk_ASN1_OBJECT_value(ax->trust, i); - if(OBJ_obj2nid(obj) == id) return X509_TRUST_TRUSTED; + if (OBJ_obj2nid(obj) == id) + return X509_TRUST_TRUSTED; } } return X509_TRUST_UNTRUSTED; } - diff --git a/src/lib/libcrypto/x509/x509_txt.c b/src/lib/libcrypto/x509/x509_txt.c index 4f83db8ba2f..14fa2378c4d 100644 --- a/src/lib/libcrypto/x509/x509_txt.c +++ b/src/lib/libcrypto/x509/x509_txt.c @@ -1,25 +1,25 @@ -/* crypto/x509/x509_txt.c */ +/* $OpenBSD: x509_txt.c,v 1.19 2014/07/11 08:44:49 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,31 +49,30 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ +#include #include #include -#include -#include "cryptlib.h" -#include +#include #include #include -#include -#include +#include #include +#include -const char *X509_verify_cert_error_string(long n) - { +const char * +X509_verify_cert_error_string(long n) +{ static char buf[100]; - switch ((int)n) - { + switch ((int)n) { case X509_V_OK: return("ok"); case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: @@ -122,8 +121,14 @@ const char *X509_verify_cert_error_string(long n) return("certificate revoked"); case X509_V_ERR_INVALID_CA: return ("invalid CA certificate"); + case X509_V_ERR_INVALID_NON_CA: + return ("invalid non-CA certificate (has CA markings)"); case X509_V_ERR_PATH_LENGTH_EXCEEDED: return ("path length constraint exceeded"); + case X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED: + return("proxy path length constraint exceeded"); + case X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED: + return("proxy certificates not allowed, please set the appropriate flag"); case X509_V_ERR_INVALID_PURPOSE: return ("unsupported certificate purpose"); case X509_V_ERR_CERT_UNTRUSTED: @@ -140,17 +145,45 @@ const char *X509_verify_cert_error_string(long n) return("authority and issuer serial number mismatch"); case X509_V_ERR_KEYUSAGE_NO_CERTSIGN: return("key usage does not include certificate signing"); - case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER: return("unable to get CRL issuer certificate"); - case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION: return("unhandled critical extension"); + case X509_V_ERR_KEYUSAGE_NO_CRL_SIGN: + return("key usage does not include CRL signing"); + case X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE: + return("key usage does not include digital signature"); + case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION: + return("unhandled critical CRL extension"); + case X509_V_ERR_INVALID_EXTENSION: + return("invalid or inconsistent certificate extension"); + case X509_V_ERR_INVALID_POLICY_EXTENSION: + return("invalid or inconsistent certificate policy extension"); + case X509_V_ERR_NO_EXPLICIT_POLICY: + return("no explicit policy"); + case X509_V_ERR_DIFFERENT_CRL_SCOPE: + return("Different CRL scope"); + case X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE: + return("Unsupported extension feature"); + case X509_V_ERR_UNNESTED_RESOURCE: + return("RFC 3779 resource not subset of parent's resources"); + case X509_V_ERR_PERMITTED_VIOLATION: + return("permitted subtree violation"); + case X509_V_ERR_EXCLUDED_VIOLATION: + return("excluded subtree violation"); + case X509_V_ERR_SUBTREE_MINMAX: + return("name constraints minimum and maximum not supported"); + case X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: + return("unsupported name constraint type"); + case X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: + return("unsupported or invalid name constraint syntax"); + case X509_V_ERR_UNSUPPORTED_NAME_SYNTAX: + return("unsupported or invalid name syntax"); + case X509_V_ERR_CRL_PATH_VALIDATION_ERROR: + return("CRL path validation error"); default: - sprintf(buf,"error number %ld",n); + (void) snprintf(buf, sizeof buf, "error number %ld", n); return(buf); - } } - - +} diff --git a/src/lib/libcrypto/x509/x509_v3.c b/src/lib/libcrypto/x509/x509_v3.c index b5f7daa2e58..524d5511ed2 100644 --- a/src/lib/libcrypto/x509/x509_v3.c +++ b/src/lib/libcrypto/x509/x509_v3.c @@ -1,25 +1,25 @@ -/* crypto/x509/x509_v3.c */ +/* $OpenBSD: x509_v3.c,v 1.17 2018/05/19 10:54:40 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,212 +57,242 @@ */ #include -#include -#include "cryptlib.h" + #include -#include +#include #include +#include +#include #include #include -int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x) - { - if (x == NULL) return(0); - return(sk_X509_EXTENSION_num(x)); - } +int +X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x) +{ + if (x == NULL) + return (0); + return (sk_X509_EXTENSION_num(x)); +} -int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, int nid, - int lastpos) - { +int +X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, int nid, int lastpos) +{ ASN1_OBJECT *obj; - obj=OBJ_nid2obj(nid); - if (obj == NULL) return(-2); - return(X509v3_get_ext_by_OBJ(x,obj,lastpos)); - } + obj = OBJ_nid2obj(nid); + if (obj == NULL) + return (-2); + return (X509v3_get_ext_by_OBJ(x, obj, lastpos)); +} -int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *sk, ASN1_OBJECT *obj, - int lastpos) - { +int +X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *sk, + const ASN1_OBJECT *obj, int lastpos) +{ int n; X509_EXTENSION *ex; - if (sk == NULL) return(-1); + if (sk == NULL) + return (-1); lastpos++; if (lastpos < 0) - lastpos=0; - n=sk_X509_EXTENSION_num(sk); - for ( ; lastpos < n; lastpos++) - { - ex=sk_X509_EXTENSION_value(sk,lastpos); - if (OBJ_cmp(ex->object,obj) == 0) - return(lastpos); - } - return(-1); + lastpos = 0; + n = sk_X509_EXTENSION_num(sk); + for (; lastpos < n; lastpos++) { + ex = sk_X509_EXTENSION_value(sk, lastpos); + if (OBJ_cmp(ex->object, obj) == 0) + return (lastpos); } + return (-1); +} -int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *sk, int crit, - int lastpos) - { +int +X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *sk, int crit, + int lastpos) +{ int n; X509_EXTENSION *ex; - if (sk == NULL) return(-1); + if (sk == NULL) + return (-1); lastpos++; if (lastpos < 0) - lastpos=0; - n=sk_X509_EXTENSION_num(sk); - for ( ; lastpos < n; lastpos++) - { - ex=sk_X509_EXTENSION_value(sk,lastpos); - if ( ((ex->critical > 0) && crit) || - (!(ex->critical <= 0) && !crit)) - return(lastpos); - } - return(-1); + lastpos = 0; + n = sk_X509_EXTENSION_num(sk); + for (; lastpos < n; lastpos++) { + ex = sk_X509_EXTENSION_value(sk, lastpos); + if (((ex->critical > 0) && crit) || + ((ex->critical <= 0) && !crit)) + return (lastpos); } + return (-1); +} -X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc) - { +X509_EXTENSION * +X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc) +{ if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0) return NULL; else - return sk_X509_EXTENSION_value(x,loc); - } + return sk_X509_EXTENSION_value(x, loc); +} -X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc) - { +X509_EXTENSION * +X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc) +{ X509_EXTENSION *ret; if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0) - return(NULL); - ret=sk_X509_EXTENSION_delete(x,loc); - return(ret); - } + return (NULL); + ret = sk_X509_EXTENSION_delete(x, loc); + return (ret); +} -STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, - X509_EXTENSION *ex, int loc) - { - X509_EXTENSION *new_ex=NULL; +STACK_OF(X509_EXTENSION) * +X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, X509_EXTENSION *ex, int loc) +{ + X509_EXTENSION *new_ex = NULL; int n; - STACK_OF(X509_EXTENSION) *sk=NULL; + STACK_OF(X509_EXTENSION) *sk = NULL; + + if (x == NULL) { + X509error(ERR_R_PASSED_NULL_PARAMETER); + goto err2; + } - if ((x != NULL) && (*x == NULL)) - { - if ((sk=sk_X509_EXTENSION_new_null()) == NULL) + if (*x == NULL) { + if ((sk = sk_X509_EXTENSION_new_null()) == NULL) goto err; - } - else + } else sk= *x; - n=sk_X509_EXTENSION_num(sk); - if (loc > n) loc=n; - else if (loc < 0) loc=n; + n = sk_X509_EXTENSION_num(sk); + if (loc > n) + loc = n; + else if (loc < 0) + loc = n; - if ((new_ex=X509_EXTENSION_dup(ex)) == NULL) + if ((new_ex = X509_EXTENSION_dup(ex)) == NULL) goto err2; - if (!sk_X509_EXTENSION_insert(sk,new_ex,loc)) + if (!sk_X509_EXTENSION_insert(sk, new_ex, loc)) goto err; - if ((x != NULL) && (*x == NULL)) - *x=sk; - return(sk); + if (*x == NULL) + *x = sk; + return (sk); + err: - X509err(X509_F_X509V3_ADD_EXT,ERR_R_MALLOC_FAILURE); + X509error(ERR_R_MALLOC_FAILURE); err2: - if (new_ex != NULL) X509_EXTENSION_free(new_ex); - if (sk != NULL) sk_X509_EXTENSION_free(sk); - return(NULL); - } + if (new_ex != NULL) + X509_EXTENSION_free(new_ex); + if (sk != NULL && (x != NULL && sk != *x)) + sk_X509_EXTENSION_free(sk); + return (NULL); +} -X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, int nid, - int crit, ASN1_OCTET_STRING *data) - { +X509_EXTENSION * +X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, int nid, int crit, + ASN1_OCTET_STRING *data) +{ ASN1_OBJECT *obj; X509_EXTENSION *ret; - obj=OBJ_nid2obj(nid); - if (obj == NULL) - { - X509err(X509_F_X509_EXTENSION_CREATE_BY_NID,X509_R_UNKNOWN_NID); - return(NULL); - } - ret=X509_EXTENSION_create_by_OBJ(ex,obj,crit,data); - if (ret == NULL) ASN1_OBJECT_free(obj); - return(ret); + obj = OBJ_nid2obj(nid); + if (obj == NULL) { + X509error(X509_R_UNKNOWN_NID); + return (NULL); } + ret = X509_EXTENSION_create_by_OBJ(ex, obj, crit, data); + if (ret == NULL) + ASN1_OBJECT_free(obj); + return (ret); +} -X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, - ASN1_OBJECT *obj, int crit, ASN1_OCTET_STRING *data) - { +X509_EXTENSION * +X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, const ASN1_OBJECT *obj, + int crit, ASN1_OCTET_STRING *data) +{ X509_EXTENSION *ret; - if ((ex == NULL) || (*ex == NULL)) - { - if ((ret=X509_EXTENSION_new()) == NULL) - { - X509err(X509_F_X509_EXTENSION_CREATE_BY_OBJ,ERR_R_MALLOC_FAILURE); - return(NULL); - } + if ((ex == NULL) || (*ex == NULL)) { + if ((ret = X509_EXTENSION_new()) == NULL) { + X509error(ERR_R_MALLOC_FAILURE); + return (NULL); } - else + } else ret= *ex; - if (!X509_EXTENSION_set_object(ret,obj)) + if (!X509_EXTENSION_set_object(ret, obj)) goto err; - if (!X509_EXTENSION_set_critical(ret,crit)) + if (!X509_EXTENSION_set_critical(ret, crit)) goto err; - if (!X509_EXTENSION_set_data(ret,data)) + if (!X509_EXTENSION_set_data(ret, data)) goto err; - - if ((ex != NULL) && (*ex == NULL)) *ex=ret; - return(ret); + + if ((ex != NULL) && (*ex == NULL)) + *ex = ret; + return (ret); + err: if ((ex == NULL) || (ret != *ex)) X509_EXTENSION_free(ret); - return(NULL); - } + return (NULL); +} -int X509_EXTENSION_set_object(X509_EXTENSION *ex, ASN1_OBJECT *obj) - { +int +X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj) +{ if ((ex == NULL) || (obj == NULL)) - return(0); + return (0); ASN1_OBJECT_free(ex->object); - ex->object=OBJ_dup(obj); - return(1); - } + ex->object = OBJ_dup(obj); + return ex->object != NULL; +} -int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit) - { - if (ex == NULL) return(0); - ex->critical=(crit)?0xFF:-1; - return(1); - } +int +X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit) +{ + if (ex == NULL) + return (0); + ex->critical = (crit) ? 0xFF : -1; + return (1); +} -int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data) - { +int +X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data) +{ int i; - if (ex == NULL) return(0); - i=M_ASN1_OCTET_STRING_set(ex->value,data->data,data->length); - if (!i) return(0); - return(1); - } + if (ex == NULL) + return (0); + i = ASN1_STRING_set(ex->value, data->data, data->length); + if (!i) + return (0); + return (1); +} -ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex) - { - if (ex == NULL) return(NULL); - return(ex->object); - } +ASN1_OBJECT * +X509_EXTENSION_get_object(X509_EXTENSION *ex) +{ + if (ex == NULL) + return (NULL); + return (ex->object); +} -ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ex) - { - if (ex == NULL) return(NULL); - return(ex->value); - } +ASN1_OCTET_STRING * +X509_EXTENSION_get_data(X509_EXTENSION *ex) +{ + if (ex == NULL) + return (NULL); + return (ex->value); +} -int X509_EXTENSION_get_critical(X509_EXTENSION *ex) - { - if (ex == NULL) return(0); - if(ex->critical > 0) return 1; +int +X509_EXTENSION_get_critical(const X509_EXTENSION *ex) +{ + if (ex == NULL) + return (0); + if (ex->critical > 0) + return 1; return 0; - } +} diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c index db12f7bd35e..ea35ce791dc 100644 --- a/src/lib/libcrypto/x509/x509_vfy.c +++ b/src/lib/libcrypto/x509/x509_vfy.c @@ -1,25 +1,25 @@ -/* crypto/x509/x509_vfy.c */ +/* $OpenBSD: x509_vfy.c,v 1.72 2019/03/06 05:06:58 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,925 +49,2070 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ +#include #include +#include #include -#include +#include -#include "cryptlib.h" -#include -#include +#include + +#include #include +#include +#include #include -#include +#include +#include #include #include -#include +#include "asn1_locl.h" +#include "vpm_int.h" +#include "x509_lcl.h" + +/* CRL score values */ + +/* No unhandled critical extensions */ + +#define CRL_SCORE_NOCRITICAL 0x100 + +/* certificate is within CRL scope */ + +#define CRL_SCORE_SCOPE 0x080 + +/* CRL times valid */ + +#define CRL_SCORE_TIME 0x040 + +/* Issuer name matches certificate */ + +#define CRL_SCORE_ISSUER_NAME 0x020 + +/* If this score or above CRL is probably valid */ + +#define CRL_SCORE_VALID (CRL_SCORE_NOCRITICAL|CRL_SCORE_TIME|CRL_SCORE_SCOPE) + +/* CRL issuer is certificate issuer */ + +#define CRL_SCORE_ISSUER_CERT 0x018 + +/* CRL issuer is on certificate path */ + +#define CRL_SCORE_SAME_PATH 0x008 + +/* CRL issuer matches CRL AKID */ -static int null_callback(int ok,X509_STORE_CTX *e); +#define CRL_SCORE_AKID 0x004 + +/* Have a delta CRL with valid times */ + +#define CRL_SCORE_TIME_DELTA 0x002 + +static int null_callback(int ok, X509_STORE_CTX *e); static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x); -static int check_chain_purpose(X509_STORE_CTX *ctx); +static int check_chain_extensions(X509_STORE_CTX *ctx); +static int check_name_constraints(X509_STORE_CTX *ctx); static int check_trust(X509_STORE_CTX *ctx); static int check_revocation(X509_STORE_CTX *ctx); static int check_cert(X509_STORE_CTX *ctx); +static int check_policy(X509_STORE_CTX *ctx); + +static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer, + unsigned int *preasons, X509_CRL *crl, X509 *x); +static int get_crl_delta(X509_STORE_CTX *ctx, + X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x); +static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pcrl_score, + X509_CRL *base, STACK_OF(X509_CRL) *crls); +static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl, X509 **pissuer, + int *pcrl_score); +static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score, + unsigned int *preasons); +static int check_crl_path(X509_STORE_CTX *ctx, X509 *x); +static int check_crl_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *cert_path, + STACK_OF(X509) *crl_path); +static int X509_cmp_time_internal(const ASN1_TIME *ctm, time_t *cmp_time, + int clamp_notafter); + static int internal_verify(X509_STORE_CTX *ctx); -const char *X509_version="X.509" OPENSSL_VERSION_PTEXT; +int ASN1_time_tm_clamp_notafter(struct tm *tm); -static int null_callback(int ok, X509_STORE_CTX *e) - { +static int +null_callback(int ok, X509_STORE_CTX *e) +{ return ok; - } +} #if 0 -static int x509_subject_cmp(X509 **a, X509 **b) - { - return X509_subject_name_cmp(*a,*b); - } +static int +x509_subject_cmp(X509 **a, X509 **b) +{ + return X509_subject_name_cmp(*a, *b); +} #endif -int X509_verify_cert(X509_STORE_CTX *ctx) - { - X509 *x,*xtmp,*chain_ss=NULL; - X509_NAME *xn; - int depth,i,ok=0; - int num; - int (*cb)(); - STACK_OF(X509) *sktmp=NULL; - - if (ctx->cert == NULL) - { - X509err(X509_F_X509_VERIFY_CERT,X509_R_NO_CERT_SET_FOR_US_TO_VERIFY); +/* Return 1 if a certificate is self signed */ +static int +cert_self_signed(X509 *x) +{ + X509_check_purpose(x, -1, 0); + if (x->ex_flags & EXFLAG_SS) + return 1; + else + return 0; +} + +static int +check_id_error(X509_STORE_CTX *ctx, int errcode) +{ + ctx->error = errcode; + ctx->current_cert = ctx->cert; + ctx->error_depth = 0; + return ctx->verify_cb(0, ctx); +} + +static int +check_hosts(X509 *x, X509_VERIFY_PARAM_ID *id) +{ + size_t i, n; + char *name; + + n = sk_OPENSSL_STRING_num(id->hosts); + free(id->peername); + id->peername = NULL; + + for (i = 0; i < n; ++i) { + name = sk_OPENSSL_STRING_value(id->hosts, i); + if (X509_check_host(x, name, strlen(name), id->hostflags, + &id->peername) > 0) + return 1; + } + return n == 0; +} + +static int +check_id(X509_STORE_CTX *ctx) +{ + X509_VERIFY_PARAM *vpm = ctx->param; + X509_VERIFY_PARAM_ID *id = vpm->id; + X509 *x = ctx->cert; + + if (id->hosts && check_hosts(x, id) <= 0) { + if (!check_id_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH)) + return 0; + } + if (id->email != NULL && X509_check_email(x, id->email, id->emaillen, 0) + <= 0) { + if (!check_id_error(ctx, X509_V_ERR_EMAIL_MISMATCH)) + return 0; + } + if (id->ip != NULL && X509_check_ip(x, id->ip, id->iplen, 0) <= 0) { + if (!check_id_error(ctx, X509_V_ERR_IP_ADDRESS_MISMATCH)) + return 0; + } + return 1; +} + +int +X509_verify_cert(X509_STORE_CTX *ctx) +{ + X509 *x, *xtmp, *xtmp2, *chain_ss = NULL; + int bad_chain = 0; + X509_VERIFY_PARAM *param = ctx->param; + int depth, i, ok = 0; + int num, j, retry, trust; + int (*cb) (int xok, X509_STORE_CTX *xctx); + STACK_OF(X509) *sktmp = NULL; + + if (ctx->cert == NULL) { + X509error(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY); + ctx->error = X509_V_ERR_INVALID_CALL; return -1; - } + } + if (ctx->chain != NULL) { + /* + * This X509_STORE_CTX has already been used to verify + * a cert. We cannot do another one. + */ + X509error(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + ctx->error = X509_V_ERR_INVALID_CALL; + return -1; + } + if (ctx->param->id->poisoned) { + /* + * This X509_STORE_CTX had failures setting + * up verify parameters. We can not use it. + */ + X509error(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + ctx->error = X509_V_ERR_INVALID_CALL; + return -1; + } + if (ctx->error != X509_V_ERR_INVALID_CALL) { + /* + * This X509_STORE_CTX has not been properly initialized. + */ + X509error(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + ctx->error = X509_V_ERR_INVALID_CALL; + return -1; + } + ctx->error = X509_V_OK; /* Initialize to OK */ - cb=ctx->verify_cb; + cb = ctx->verify_cb; - /* first we make sure the chain we are going to build is - * present and that the first entry is in place */ - if (ctx->chain == NULL) - { - if ( ((ctx->chain=sk_X509_new_null()) == NULL) || - (!sk_X509_push(ctx->chain,ctx->cert))) - { - X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE); - goto end; - } - CRYPTO_add(&ctx->cert->references,1,CRYPTO_LOCK_X509); - ctx->last_untrusted=1; - } + /* + * First we make sure the chain we are going to build is + * present and that the first entry is in place. + */ + ctx->chain = sk_X509_new_null(); + if (ctx->chain == NULL || !sk_X509_push(ctx->chain, ctx->cert)) { + X509error(ERR_R_MALLOC_FAILURE); + ctx->error = X509_V_ERR_OUT_OF_MEM; + goto end; + } + X509_up_ref(ctx->cert); + ctx->last_untrusted = 1; /* We use a temporary STACK so we can chop and hack at it */ - if (ctx->untrusted != NULL - && (sktmp=sk_X509_dup(ctx->untrusted)) == NULL) - { - X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE); + if (ctx->untrusted != NULL && + (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) { + X509error(ERR_R_MALLOC_FAILURE); + ctx->error = X509_V_ERR_OUT_OF_MEM; goto end; - } - - num=sk_X509_num(ctx->chain); - x=sk_X509_value(ctx->chain,num-1); - depth=ctx->depth; + } + num = sk_X509_num(ctx->chain); + x = sk_X509_value(ctx->chain, num - 1); + depth = param->depth; - for (;;) - { + for (;;) { /* If we have enough, we break */ - if (depth < num) break; /* FIXME: If this happens, we should take - * note of it and, if appropriate, use the - * X509_V_ERR_CERT_CHAIN_TOO_LONG error - * code later. - */ - + /* FIXME: If this happens, we should take + * note of it and, if appropriate, use the + * X509_V_ERR_CERT_CHAIN_TOO_LONG error code + * later. + */ + if (depth < num) + break; /* If we are self signed, we break */ - xn=X509_get_issuer_name(x); - if (ctx->check_issued(ctx, x,x)) break; - + if (cert_self_signed(x)) + break; + /* + * If asked see if we can find issuer in trusted store first + */ + if (ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) { + ok = ctx->get_issuer(&xtmp, ctx, x); + if (ok < 0) { + ctx->error = X509_V_ERR_STORE_LOOKUP; + goto end; + } + /* + * If successful for now free up cert so it + * will be picked up again later. + */ + if (ok > 0) { + X509_free(xtmp); + break; + } + } /* If we were passed a cert chain, use it first */ - if (ctx->untrusted != NULL) - { - xtmp=find_issuer(ctx, sktmp,x); - if (xtmp != NULL) - { - if (!sk_X509_push(ctx->chain,xtmp)) - { - X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE); + if (ctx->untrusted != NULL) { + xtmp = find_issuer(ctx, sktmp, x); + if (xtmp != NULL) { + if (!sk_X509_push(ctx->chain, xtmp)) { + X509error(ERR_R_MALLOC_FAILURE); + ctx->error = X509_V_ERR_OUT_OF_MEM; + ok = 0; goto end; - } - CRYPTO_add(&xtmp->references,1,CRYPTO_LOCK_X509); - sk_X509_delete_ptr(sktmp,xtmp); + } + X509_up_ref(xtmp); + (void)sk_X509_delete_ptr(sktmp, xtmp); ctx->last_untrusted++; - x=xtmp; + x = xtmp; num++; - /* reparse the full chain for - * the next one */ + /* + * reparse the full chain for the next one + */ continue; - } } - break; } + break; + } + /* Remember how many untrusted certs we have */ + j = num; - /* at this point, chain should contain a list of untrusted + /* + * At this point, chain should contain a list of untrusted * certificates. We now need to add at least one trusted one, - * if possible, otherwise we complain. */ - - /* Examine last certificate in chain and see if it - * is self signed. - */ - - i=sk_X509_num(ctx->chain); - x=sk_X509_value(ctx->chain,i-1); - xn = X509_get_subject_name(x); - if (ctx->check_issued(ctx, x, x)) - { - /* we have a self signed certificate */ - if (sk_X509_num(ctx->chain) == 1) - { - /* We have a single self signed certificate: see if - * we can find it in the store. We must have an exact - * match to avoid possible impersonation. - */ - ok = ctx->get_issuer(&xtmp, ctx, x); - if ((ok <= 0) || X509_cmp(x, xtmp)) - { - ctx->error=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT; - ctx->current_cert=x; - ctx->error_depth=i-1; - if (ok == 1) X509_free(xtmp); - ok=cb(0,ctx); - if (!ok) goto end; - } - else - { - /* We have a match: replace certificate with store version - * so we get any trust settings. + * if possible, otherwise we complain. + */ + + do { + /* + * Examine last certificate in chain and see if it is + * self signed. + */ + i = sk_X509_num(ctx->chain); + x = sk_X509_value(ctx->chain, i - 1); + if (cert_self_signed(x)) { + /* we have a self signed certificate */ + if (i == 1) { + /* + * We have a single self signed + * certificate: see if we can find it + * in the store. We must have an exact + * match to avoid possible + * impersonation. */ - X509_free(x); - x = xtmp; - sk_X509_set(ctx->chain, i - 1, x); - ctx->last_untrusted=0; + ok = ctx->get_issuer(&xtmp, ctx, x); + if ((ok <= 0) || X509_cmp(x, xtmp)) { + ctx->error = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT; + ctx->current_cert = x; + ctx->error_depth = i - 1; + if (ok == 1) + X509_free(xtmp); + bad_chain = 1; + ok = cb(0, ctx); + if (!ok) + goto end; + } else { + /* + * We have a match: replace + * certificate with store + * version so we get any trust + * settings. + */ + X509_free(x); + x = xtmp; + (void)sk_X509_set(ctx->chain, i - 1, x); + ctx->last_untrusted = 0; } - } - else - { - /* extract and save self signed certificate for later use */ - chain_ss=sk_X509_pop(ctx->chain); - ctx->last_untrusted--; - num--; - x=sk_X509_value(ctx->chain,num-1); + } else { + /* + * extract and save self signed + * certificate for later use + */ + chain_ss = sk_X509_pop(ctx->chain); + ctx->last_untrusted--; + num--; + j--; + x = sk_X509_value(ctx->chain, num - 1); } } + /* We now lookup certs from the certificate store */ + for (;;) { + /* If we have enough, we break */ + if (depth < num) + break; + /* If we are self signed, we break */ + if (cert_self_signed(x)) + break; + ok = ctx->get_issuer(&xtmp, ctx, x); - /* We now lookup certs from the certificate store */ - for (;;) - { - /* If we have enough, we break */ - if (depth < num) break; - - /* If we are self signed, we break */ - xn=X509_get_issuer_name(x); - if (ctx->check_issued(ctx,x,x)) break; - - ok = ctx->get_issuer(&xtmp, ctx, x); + if (ok < 0) { + ctx->error = X509_V_ERR_STORE_LOOKUP; + goto end; + } + if (ok == 0) + break; + x = xtmp; + if (!sk_X509_push(ctx->chain, x)) { + X509_free(xtmp); + X509error(ERR_R_MALLOC_FAILURE); + ctx->error = X509_V_ERR_OUT_OF_MEM; + ok = 0; + goto end; + } + num++; + } - if (ok < 0) return ok; - if (ok == 0) break; + /* we now have our chain, lets check it... */ + trust = check_trust(ctx); - x = xtmp; - if (!sk_X509_push(ctx->chain,x)) - { - X509_free(xtmp); - X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE); - return 0; + /* If explicitly rejected error */ + if (trust == X509_TRUST_REJECTED) { + ok = 0; + goto end; + } + /* + * If it's not explicitly trusted then check if there + * is an alternative chain that could be used. We only + * do this if we haven't already checked via + * TRUSTED_FIRST and the user hasn't switched off + * alternate chain checking + */ + retry = 0; + if (trust != X509_TRUST_TRUSTED && + !(ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST) && + !(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) { + while (j-- > 1) { + xtmp2 = sk_X509_value(ctx->chain, j - 1); + ok = ctx->get_issuer(&xtmp, ctx, xtmp2); + if (ok < 0) + goto end; + /* Check if we found an alternate chain */ + if (ok > 0) { + /* + * Free up the found cert + * we'll add it again later + */ + X509_free(xtmp); + /* + * Dump all the certs above + * this point - we've found an + * alternate chain + */ + while (num > j) { + xtmp = sk_X509_pop(ctx->chain); + X509_free(xtmp); + num--; + } + ctx->last_untrusted = sk_X509_num(ctx->chain); + retry = 1; + break; + } } - num++; } + } while (retry); - /* we now have our chain, lets check it... */ - xn=X509_get_issuer_name(x); - - /* Is last certificate looked up self signed? */ - if (!ctx->check_issued(ctx,x,x)) - { - if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) - { + /* + * If not explicitly trusted then indicate error unless it's a single + * self signed certificate in which case we've indicated an error already + * and set bad_chain == 1 + */ + if (trust != X509_TRUST_TRUSTED && !bad_chain) { + if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) { if (ctx->last_untrusted >= num) - ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY; + ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY; else - ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT; - ctx->current_cert=x; + ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT; + ctx->current_cert = x; + } else { + if (!sk_X509_push(ctx->chain, chain_ss)) { + X509error(ERR_R_MALLOC_FAILURE); + ctx->error = X509_V_ERR_OUT_OF_MEM; + ok = 0; + goto end; } - else - { - - sk_X509_push(ctx->chain,chain_ss); num++; - ctx->last_untrusted=num; - ctx->current_cert=chain_ss; - ctx->error=X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN; - chain_ss=NULL; - } - - ctx->error_depth=num-1; - ok=cb(0,ctx); - if (!ok) goto end; + ctx->last_untrusted = num; + ctx->current_cert = chain_ss; + ctx->error = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN; + chain_ss = NULL; } - /* We have the chain complete: now we need to check its purpose */ - if (ctx->purpose > 0) ok = check_chain_purpose(ctx); - - if (!ok) goto end; - - /* The chain extensions are OK: check trust */ - - if (ctx->trust > 0) ok = check_trust(ctx); + ctx->error_depth = num - 1; + bad_chain = 1; + ok = cb(0, ctx); + if (!ok) + goto end; + } - if (!ok) goto end; + /* We have the chain complete: now we need to check its purpose */ + ok = check_chain_extensions(ctx); + if (!ok) + goto end; - /* We may as well copy down any DSA parameters that are required */ - X509_get_pubkey_parameters(NULL,ctx->chain); + /* Check name constraints */ + ok = check_name_constraints(ctx); + if (!ok) + goto end; - /* Check revocation status: we do this after copying parameters - * because they may be needed for CRL signature verification. + ok = check_id(ctx); + if (!ok) + goto end; + /* + * Check revocation status: we do this after copying parameters because + * they may be needed for CRL signature verification. */ - ok = ctx->check_revocation(ctx); - if(!ok) goto end; + if (!ok) + goto end; - /* At this point, we have a chain and just need to verify it */ + /* At this point, we have a chain and need to verify it */ if (ctx->verify != NULL) - ok=ctx->verify(ctx); + ok = ctx->verify(ctx); else - ok=internal_verify(ctx); - if (0) - { -end: - X509_get_pubkey_parameters(NULL,ctx->chain); - } - if (sktmp != NULL) sk_X509_free(sktmp); - if (chain_ss != NULL) X509_free(chain_ss); - return ok; - } + ok = internal_verify(ctx); + if (!ok) + goto end; + + /* If we get this far evaluate policies */ + if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK)) + ok = ctx->check_policy(ctx); + + end: + sk_X509_free(sktmp); + X509_free(chain_ss); + /* Safety net, error returns must set ctx->error */ + if (ok <= 0 && ctx->error == X509_V_OK) + ctx->error = X509_V_ERR_UNSPECIFIED; + return ok; +} /* Given a STACK_OF(X509) find the issuer of cert (if any) */ -static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x) +static X509 * +find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x) { int i; - X509 *issuer; - for (i = 0; i < sk_X509_num(sk); i++) - { + X509 *issuer, *rv = NULL; + + for (i = 0; i < sk_X509_num(sk); i++) { issuer = sk_X509_value(sk, i); - if (ctx->check_issued(ctx, x, issuer)) - return issuer; + if (ctx->check_issued(ctx, x, issuer)) { + rv = issuer; + if (x509_check_cert_time(ctx, rv, -1)) + break; } - return NULL; + } + return rv; } /* Given a possible certificate and issuer check them */ -static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer) +static int +check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer) { int ret; + ret = X509_check_issued(issuer, x); if (ret == X509_V_OK) return 1; /* If we haven't asked for issuer errors don't set ctx */ - if (!(ctx->flags & X509_V_FLAG_CB_ISSUER_CHECK)) + if (!(ctx->param->flags & X509_V_FLAG_CB_ISSUER_CHECK)) return 0; ctx->error = ret; ctx->current_cert = x; ctx->current_issuer = issuer; return ctx->verify_cb(0, ctx); - return 0; } /* Alternative lookup method: look from a STACK stored in other_ctx */ -static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) +static int +get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) { *issuer = find_issuer(ctx, ctx->other_ctx, x); - if (*issuer) - { - CRYPTO_add(&(*issuer)->references,1,CRYPTO_LOCK_X509); + if (*issuer) { + CRYPTO_add(&(*issuer)->references, 1, CRYPTO_LOCK_X509); return 1; - } - else + } else return 0; } - /* Check a certificate chains extensions for consistency * with the supplied purpose */ -static int check_chain_purpose(X509_STORE_CTX *ctx) +static int +check_chain_extensions(X509_STORE_CTX *ctx) { #ifdef OPENSSL_NO_CHAIN_VERIFY return 1; #else - int i, ok=0; + int i, ok = 0, must_be_ca, plen = 0; X509 *x; - int (*cb)(); - cb=ctx->verify_cb; + int (*cb)(int xok, X509_STORE_CTX *xctx); + int proxy_path_length = 0; + int purpose; + int allow_proxy_certs; + + cb = ctx->verify_cb; + + /* must_be_ca can have 1 of 3 values: + -1: we accept both CA and non-CA certificates, to allow direct + use of self-signed certificates (which are marked as CA). + 0: we only accept non-CA certificates. This is currently not + used, but the possibility is present for future extensions. + 1: we only accept CA certificates. This is currently used for + all certificates in the chain except the leaf certificate. + */ + must_be_ca = -1; + + /* CRL path validation */ + if (ctx->parent) { + allow_proxy_certs = 0; + purpose = X509_PURPOSE_CRL_SIGN; + } else { + allow_proxy_certs = + !!(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS); + purpose = ctx->param->purpose; + } + /* Check all untrusted certificates */ - for (i = 0; i < ctx->last_untrusted; i++) - { + for (i = 0; i < ctx->last_untrusted; i++) { + int ret; x = sk_X509_value(ctx->chain, i); - if (!(ctx->flags & X509_V_FLAG_IGNORE_CRITICAL) - && (x->ex_flags & EXFLAG_CRITICAL)) - { + if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) && + (x->ex_flags & EXFLAG_CRITICAL)) { ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION; ctx->error_depth = i; ctx->current_cert = x; - ok=cb(0,ctx); - if (!ok) goto end; - } - if (!X509_check_purpose(x, ctx->purpose, i)) - { - if (i) + ok = cb(0, ctx); + if (!ok) + goto end; + } + if (!allow_proxy_certs && (x->ex_flags & EXFLAG_PROXY)) { + ctx->error = X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED; + ctx->error_depth = i; + ctx->current_cert = x; + ok = cb(0, ctx); + if (!ok) + goto end; + } + ret = X509_check_ca(x); + switch (must_be_ca) { + case -1: + if ((ctx->param->flags & X509_V_FLAG_X509_STRICT) && + (ret != 1) && (ret != 0)) { + ret = 0; ctx->error = X509_V_ERR_INVALID_CA; - else - ctx->error = X509_V_ERR_INVALID_PURPOSE; + } else + ret = 1; + break; + case 0: + if (ret != 0) { + ret = 0; + ctx->error = X509_V_ERR_INVALID_NON_CA; + } else + ret = 1; + break; + default: + if ((ret == 0) || + ((ctx->param->flags & X509_V_FLAG_X509_STRICT) && + (ret != 1))) { + ret = 0; + ctx->error = X509_V_ERR_INVALID_CA; + } else + ret = 1; + break; + } + if (ret == 0) { ctx->error_depth = i; ctx->current_cert = x; - ok=cb(0,ctx); - if (!ok) goto end; + ok = cb(0, ctx); + if (!ok) + goto end; + } + if (ctx->param->purpose > 0) { + ret = X509_check_purpose(x, purpose, must_be_ca > 0); + if ((ret == 0) || + ((ctx->param->flags & X509_V_FLAG_X509_STRICT) && + (ret != 1))) { + ctx->error = X509_V_ERR_INVALID_PURPOSE; + ctx->error_depth = i; + ctx->current_cert = x; + ok = cb(0, ctx); + if (!ok) + goto end; } - /* Check pathlen */ - if ((i > 1) && (x->ex_pathlen != -1) - && (i > (x->ex_pathlen + 1))) - { + } + /* Check pathlen if not self issued */ + if ((i > 1) && !(x->ex_flags & EXFLAG_SI) && + (x->ex_pathlen != -1) && + (plen > (x->ex_pathlen + proxy_path_length + 1))) { ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED; ctx->error_depth = i; ctx->current_cert = x; - ok=cb(0,ctx); - if (!ok) goto end; - } + ok = cb(0, ctx); + if (!ok) + goto end; } + /* Increment path length if not self issued */ + if (!(x->ex_flags & EXFLAG_SI)) + plen++; + /* If this certificate is a proxy certificate, the next + certificate must be another proxy certificate or a EE + certificate. If not, the next certificate must be a + CA certificate. */ + if (x->ex_flags & EXFLAG_PROXY) { + if (x->ex_pcpathlen != -1 && i > x->ex_pcpathlen) { + ctx->error = + X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED; + ctx->error_depth = i; + ctx->current_cert = x; + ok = cb(0, ctx); + if (!ok) + goto end; + } + proxy_path_length++; + must_be_ca = 0; + } else + must_be_ca = 1; + } ok = 1; - end: + +end: return ok; #endif } -static int check_trust(X509_STORE_CTX *ctx) +static int +check_name_constraints(X509_STORE_CTX *ctx) { -#ifdef OPENSSL_NO_CHAIN_VERIFY - return 1; -#else - int i, ok; X509 *x; - int (*cb)(); - cb=ctx->verify_cb; -/* For now just check the last certificate in the chain */ - i = sk_X509_num(ctx->chain) - 1; - x = sk_X509_value(ctx->chain, i); - ok = X509_check_trust(x, ctx->trust, 0); - if (ok == X509_TRUST_TRUSTED) - return 1; - ctx->error_depth = i; - ctx->current_cert = x; - if (ok == X509_TRUST_REJECTED) - ctx->error = X509_V_ERR_CERT_REJECTED; + int i, j, rv; + + /* Check name constraints for all certificates */ + for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) { + x = sk_X509_value(ctx->chain, i); + /* Ignore self issued certs unless last in chain */ + if (i && (x->ex_flags & EXFLAG_SI)) + continue; + /* Check against constraints for all certificates higher in + * chain including trust anchor. Trust anchor not strictly + * speaking needed but if it includes constraints it is to be + * assumed it expects them to be obeyed. + */ + for (j = sk_X509_num(ctx->chain) - 1; j > i; j--) { + NAME_CONSTRAINTS *nc = sk_X509_value(ctx->chain, j)->nc; + if (nc) { + rv = NAME_CONSTRAINTS_check(x, nc); + if (rv != X509_V_OK) { + ctx->error = rv; + ctx->error_depth = i; + ctx->current_cert = x; + if (!ctx->verify_cb(0, ctx)) + return 0; + } + } + } + } + return 1; +} + +/* Given a certificate try and find an exact match in the store */ + +static X509 *lookup_cert_match(X509_STORE_CTX *ctx, X509 *x) +{ + STACK_OF(X509) *certs; + X509 *xtmp = NULL; + size_t i; + + /* Lookup all certs with matching subject name */ + certs = ctx->lookup_certs(ctx, X509_get_subject_name(x)); + if (certs == NULL) + return NULL; + + /* Look for exact match */ + for (i = 0; i < sk_X509_num(certs); i++) { + xtmp = sk_X509_value(certs, i); + if (!X509_cmp(xtmp, x)) + break; + } + + if (i < sk_X509_num(certs)) + X509_up_ref(xtmp); else - ctx->error = X509_V_ERR_CERT_UNTRUSTED; - ok = cb(0, ctx); - return ok; -#endif + xtmp = NULL; + + sk_X509_pop_free(certs, X509_free); + return xtmp; +} + +static int check_trust(X509_STORE_CTX *ctx) +{ + size_t i; + int ok; + X509 *x = NULL; + int (*cb) (int xok, X509_STORE_CTX *xctx); + + cb = ctx->verify_cb; + /* Check all trusted certificates in chain */ + for (i = ctx->last_untrusted; i < sk_X509_num(ctx->chain); i++) { + x = sk_X509_value(ctx->chain, i); + ok = X509_check_trust(x, ctx->param->trust, 0); + + /* If explicitly trusted return trusted */ + if (ok == X509_TRUST_TRUSTED) + return X509_TRUST_TRUSTED; + /* + * If explicitly rejected notify callback and reject if not + * overridden. + */ + if (ok == X509_TRUST_REJECTED) { + ctx->error_depth = i; + ctx->current_cert = x; + ctx->error = X509_V_ERR_CERT_REJECTED; + ok = cb(0, ctx); + if (!ok) + return X509_TRUST_REJECTED; + } + } + /* + * If we accept partial chains and have at least one trusted certificate + * return success. + */ + if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) { + X509 *mx; + if (ctx->last_untrusted < (int)sk_X509_num(ctx->chain)) + return X509_TRUST_TRUSTED; + x = sk_X509_value(ctx->chain, 0); + mx = lookup_cert_match(ctx, x); + if (mx) { + (void)sk_X509_set(ctx->chain, 0, mx); + X509_free(x); + ctx->last_untrusted = 0; + return X509_TRUST_TRUSTED; + } + } + + /* + * If no trusted certs in chain at all return untrusted and allow + * standard (no issuer cert) etc errors to be indicated. + */ + return X509_TRUST_UNTRUSTED; } -static int check_revocation(X509_STORE_CTX *ctx) - { +static int +check_revocation(X509_STORE_CTX *ctx) +{ int i, last, ok; - if (!(ctx->flags & X509_V_FLAG_CRL_CHECK)) + + if (!(ctx->param->flags & X509_V_FLAG_CRL_CHECK)) return 1; - if (ctx->flags & X509_V_FLAG_CRL_CHECK_ALL) - last = 0; - else + if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL) last = sk_X509_num(ctx->chain) - 1; - for(i = 0; i <= last; i++) - { + else { + /* If checking CRL paths this isn't the EE certificate */ + if (ctx->parent) + return 1; + last = 0; + } + for (i = 0; i <= last; i++) { ctx->error_depth = i; ok = check_cert(ctx); - if (!ok) return ok; - } - return 1; + if (!ok) + return ok; } + return 1; +} -static int check_cert(X509_STORE_CTX *ctx) - { - X509_CRL *crl = NULL; +static int +check_cert(X509_STORE_CTX *ctx) +{ + X509_CRL *crl = NULL, *dcrl = NULL; X509 *x; - int ok, cnum; + int ok = 0, cnum; + unsigned int last_reasons; + cnum = ctx->error_depth; x = sk_X509_value(ctx->chain, cnum); ctx->current_cert = x; - /* Try to retrieve relevant CRL */ - ok = ctx->get_crl(ctx, &crl, x); - /* If error looking up CRL, nothing we can do except - * notify callback - */ - if(!ok) - { - ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL; - ok = ctx->verify_cb(0, ctx); - goto err; + ctx->current_issuer = NULL; + ctx->current_crl_score = 0; + ctx->current_reasons = 0; + while (ctx->current_reasons != CRLDP_ALL_REASONS) { + last_reasons = ctx->current_reasons; + /* Try to retrieve relevant CRL */ + if (ctx->get_crl) + ok = ctx->get_crl(ctx, &crl, x); + else + ok = get_crl_delta(ctx, &crl, &dcrl, x); + /* If error looking up CRL, nothing we can do except + * notify callback + */ + if (!ok) { + ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL; + ok = ctx->verify_cb(0, ctx); + goto err; + } + ctx->current_crl = crl; + ok = ctx->check_crl(ctx, crl); + if (!ok) + goto err; + + if (dcrl) { + ok = ctx->check_crl(ctx, dcrl); + if (!ok) + goto err; + ok = ctx->cert_crl(ctx, dcrl, x); + if (!ok) + goto err; + } else + ok = 1; + + /* Don't look in full CRL if delta reason is removefromCRL */ + if (ok != 2) { + ok = ctx->cert_crl(ctx, crl, x); + if (!ok) + goto err; } - ctx->current_crl = crl; - ok = ctx->check_crl(ctx, crl); - if (!ok) goto err; - ok = ctx->cert_crl(ctx, crl, x); - err: + + ctx->current_crl = NULL; + X509_CRL_free(crl); + X509_CRL_free(dcrl); + crl = NULL; + dcrl = NULL; + /* If reasons not updated we wont get anywhere by + * another iteration, so exit loop. + */ + if (last_reasons == ctx->current_reasons) { + ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL; + ok = ctx->verify_cb(0, ctx); + goto err; + } + } + +err: ctx->current_crl = NULL; X509_CRL_free(crl); + X509_CRL_free(dcrl); return ok; +} - } +/* Check CRL times against values in X509_STORE_CTX */ + +static int +check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify) +{ + time_t *ptime = NULL; + int i; + + if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME) + return (1); + + if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) + ptime = &ctx->param->check_time; + + if (notify) + ctx->current_crl = crl; + + i = X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime); + if (i == 0) { + if (!notify) + return 0; + ctx->error = X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD; + if (!ctx->verify_cb(0, ctx)) + return 0; + } + + if (i > 0) { + if (!notify) + return 0; + ctx->error = X509_V_ERR_CRL_NOT_YET_VALID; + if (!ctx->verify_cb(0, ctx)) + return 0; + } + + if (X509_CRL_get_nextUpdate(crl)) { + i = X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime); + + if (i == 0) { + if (!notify) + return 0; + ctx->error = X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD; + if (!ctx->verify_cb(0, ctx)) + return 0; + } + /* Ignore expiry of base CRL is delta is valid */ + if ((i < 0) && + !(ctx->current_crl_score & CRL_SCORE_TIME_DELTA)) { + if (!notify) + return 0; + ctx->error = X509_V_ERR_CRL_HAS_EXPIRED; + if (!ctx->verify_cb(0, ctx)) + return 0; + } + } + + if (notify) + ctx->current_crl = NULL; -/* Retrieve CRL corresponding to certificate: currently just a - * subject lookup: maybe use AKID later... - * Also might look up any included CRLs too (e.g PKCS#7 signedData). - */ -static int get_crl(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x) - { - int ok; - X509_OBJECT xobj; - ok = X509_STORE_get_by_subject(ctx, X509_LU_CRL, X509_get_issuer_name(x), &xobj); - if (!ok) return 0; - *crl = xobj.data.crl; return 1; +} + +static int +get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl, + X509 **pissuer, int *pscore, unsigned int *preasons, + STACK_OF(X509_CRL) *crls) +{ + int i, crl_score, best_score = *pscore; + unsigned int reasons, best_reasons = 0; + X509 *x = ctx->current_cert; + X509_CRL *crl, *best_crl = NULL; + X509 *crl_issuer = NULL, *best_crl_issuer = NULL; + + for (i = 0; i < sk_X509_CRL_num(crls); i++) { + crl = sk_X509_CRL_value(crls, i); + reasons = *preasons; + crl_score = get_crl_score(ctx, &crl_issuer, &reasons, crl, x); + + if (crl_score > best_score) { + best_crl = crl; + best_crl_issuer = crl_issuer; + best_score = crl_score; + best_reasons = reasons; + } } + if (best_crl) { + if (*pcrl) + X509_CRL_free(*pcrl); + *pcrl = best_crl; + *pissuer = best_crl_issuer; + *pscore = best_score; + *preasons = best_reasons; + CRYPTO_add(&best_crl->references, 1, CRYPTO_LOCK_X509_CRL); + if (*pdcrl) { + X509_CRL_free(*pdcrl); + *pdcrl = NULL; + } + get_delta_sk(ctx, pdcrl, pscore, best_crl, crls); + } + + if (best_score >= CRL_SCORE_VALID) + return 1; + + return 0; +} + +/* Compare two CRL extensions for delta checking purposes. They should be + * both present or both absent. If both present all fields must be identical. + */ + +static int +crl_extension_match(X509_CRL *a, X509_CRL *b, int nid) +{ + ASN1_OCTET_STRING *exta, *extb; + int i; + + i = X509_CRL_get_ext_by_NID(a, nid, -1); + if (i >= 0) { + /* Can't have multiple occurrences */ + if (X509_CRL_get_ext_by_NID(a, nid, i) != -1) + return 0; + exta = X509_EXTENSION_get_data(X509_CRL_get_ext(a, i)); + } else + exta = NULL; + + i = X509_CRL_get_ext_by_NID(b, nid, -1); + + if (i >= 0) { + if (X509_CRL_get_ext_by_NID(b, nid, i) != -1) + return 0; + extb = X509_EXTENSION_get_data(X509_CRL_get_ext(b, i)); + } else + extb = NULL; + + if (!exta && !extb) + return 1; + + if (!exta || !extb) + return 0; + + if (ASN1_OCTET_STRING_cmp(exta, extb)) + return 0; + + return 1; +} + +/* See if a base and delta are compatible */ + +static int +check_delta_base(X509_CRL *delta, X509_CRL *base) +{ + /* Delta CRL must be a delta */ + if (!delta->base_crl_number) + return 0; + /* Base must have a CRL number */ + if (!base->crl_number) + return 0; + /* Issuer names must match */ + if (X509_NAME_cmp(X509_CRL_get_issuer(base), + X509_CRL_get_issuer(delta))) + return 0; + /* AKID and IDP must match */ + if (!crl_extension_match(delta, base, NID_authority_key_identifier)) + return 0; + if (!crl_extension_match(delta, base, NID_issuing_distribution_point)) + return 0; + /* Delta CRL base number must not exceed Full CRL number. */ + if (ASN1_INTEGER_cmp(delta->base_crl_number, base->crl_number) > 0) + return 0; + /* Delta CRL number must exceed full CRL number */ + if (ASN1_INTEGER_cmp(delta->crl_number, base->crl_number) > 0) + return 1; + return 0; +} + +/* For a given base CRL find a delta... maybe extend to delta scoring + * or retrieve a chain of deltas... + */ + +static void +get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pscore, X509_CRL *base, + STACK_OF(X509_CRL) *crls) +{ + X509_CRL *delta; + int i; + + if (!(ctx->param->flags & X509_V_FLAG_USE_DELTAS)) + return; + if (!((ctx->current_cert->ex_flags | base->flags) & EXFLAG_FRESHEST)) + return; + for (i = 0; i < sk_X509_CRL_num(crls); i++) { + delta = sk_X509_CRL_value(crls, i); + if (check_delta_base(delta, base)) { + if (check_crl_time(ctx, delta, 0)) + *pscore |= CRL_SCORE_TIME_DELTA; + CRYPTO_add(&delta->references, 1, CRYPTO_LOCK_X509_CRL); + *dcrl = delta; + return; + } + } + *dcrl = NULL; +} + +/* For a given CRL return how suitable it is for the supplied certificate 'x'. + * The return value is a mask of several criteria. + * If the issuer is not the certificate issuer this is returned in *pissuer. + * The reasons mask is also used to determine if the CRL is suitable: if + * no new reasons the CRL is rejected, otherwise reasons is updated. + */ + +static int +get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer, unsigned int *preasons, + X509_CRL *crl, X509 *x) +{ + int crl_score = 0; + unsigned int tmp_reasons = *preasons, crl_reasons; + + /* First see if we can reject CRL straight away */ + + /* Invalid IDP cannot be processed */ + if (crl->idp_flags & IDP_INVALID) + return 0; + /* Reason codes or indirect CRLs need extended CRL support */ + if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT)) { + if (crl->idp_flags & (IDP_INDIRECT | IDP_REASONS)) + return 0; + } else if (crl->idp_flags & IDP_REASONS) { + /* If no new reasons reject */ + if (!(crl->idp_reasons & ~tmp_reasons)) + return 0; + } + /* Don't process deltas at this stage */ + else if (crl->base_crl_number) + return 0; + /* If issuer name doesn't match certificate need indirect CRL */ + if (X509_NAME_cmp(X509_get_issuer_name(x), X509_CRL_get_issuer(crl))) { + if (!(crl->idp_flags & IDP_INDIRECT)) + return 0; + } else + crl_score |= CRL_SCORE_ISSUER_NAME; + + if (!(crl->flags & EXFLAG_CRITICAL)) + crl_score |= CRL_SCORE_NOCRITICAL; + + /* Check expiry */ + if (check_crl_time(ctx, crl, 0)) + crl_score |= CRL_SCORE_TIME; + + /* Check authority key ID and locate certificate issuer */ + crl_akid_check(ctx, crl, pissuer, &crl_score); + + /* If we can't locate certificate issuer at this point forget it */ + + if (!(crl_score & CRL_SCORE_AKID)) + return 0; + + /* Check cert for matching CRL distribution points */ + + if (crl_crldp_check(x, crl, crl_score, &crl_reasons)) { + /* If no new reasons reject */ + if (!(crl_reasons & ~tmp_reasons)) + return 0; + tmp_reasons |= crl_reasons; + crl_score |= CRL_SCORE_SCOPE; + } + + *preasons = tmp_reasons; + + return crl_score; +} + +static void +crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl, X509 **pissuer, + int *pcrl_score) +{ + X509 *crl_issuer = NULL; + X509_NAME *cnm = X509_CRL_get_issuer(crl); + int cidx = ctx->error_depth; + int i; + + if (cidx != sk_X509_num(ctx->chain) - 1) + cidx++; + + crl_issuer = sk_X509_value(ctx->chain, cidx); + + if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) { + if (*pcrl_score & CRL_SCORE_ISSUER_NAME) { + *pcrl_score |= CRL_SCORE_AKID|CRL_SCORE_ISSUER_CERT; + *pissuer = crl_issuer; + return; + } + } + + for (cidx++; cidx < sk_X509_num(ctx->chain); cidx++) { + crl_issuer = sk_X509_value(ctx->chain, cidx); + if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm)) + continue; + if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) { + *pcrl_score |= CRL_SCORE_AKID|CRL_SCORE_SAME_PATH; + *pissuer = crl_issuer; + return; + } + } + + /* Anything else needs extended CRL support */ + + if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT)) + return; + + /* Otherwise the CRL issuer is not on the path. Look for it in the + * set of untrusted certificates. + */ + for (i = 0; i < sk_X509_num(ctx->untrusted); i++) { + crl_issuer = sk_X509_value(ctx->untrusted, i); + if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm)) + continue; + if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) { + *pissuer = crl_issuer; + *pcrl_score |= CRL_SCORE_AKID; + return; + } + } +} + +/* Check the path of a CRL issuer certificate. This creates a new + * X509_STORE_CTX and populates it with most of the parameters from the + * parent. This could be optimised somewhat since a lot of path checking + * will be duplicated by the parent, but this will rarely be used in + * practice. + */ + +static int +check_crl_path(X509_STORE_CTX *ctx, X509 *x) +{ + X509_STORE_CTX crl_ctx; + int ret; + + /* Don't allow recursive CRL path validation */ + if (ctx->parent) + return 0; + if (!X509_STORE_CTX_init(&crl_ctx, ctx->ctx, x, ctx->untrusted)) { + ret = -1; + goto err; + } + + crl_ctx.crls = ctx->crls; + /* Copy verify params across */ + X509_STORE_CTX_set0_param(&crl_ctx, ctx->param); + + crl_ctx.parent = ctx; + crl_ctx.verify_cb = ctx->verify_cb; + + /* Verify CRL issuer */ + ret = X509_verify_cert(&crl_ctx); + + if (ret <= 0) + goto err; + + /* Check chain is acceptable */ + ret = check_crl_chain(ctx, ctx->chain, crl_ctx.chain); + +err: + X509_STORE_CTX_cleanup(&crl_ctx); + return ret; +} + +/* RFC3280 says nothing about the relationship between CRL path + * and certificate path, which could lead to situations where a + * certificate could be revoked or validated by a CA not authorised + * to do so. RFC5280 is more strict and states that the two paths must + * end in the same trust anchor, though some discussions remain... + * until this is resolved we use the RFC5280 version + */ + +static int +check_crl_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *cert_path, + STACK_OF(X509) *crl_path) +{ + X509 *cert_ta, *crl_ta; + + cert_ta = sk_X509_value(cert_path, sk_X509_num(cert_path) - 1); + crl_ta = sk_X509_value(crl_path, sk_X509_num(crl_path) - 1); + if (!X509_cmp(cert_ta, crl_ta)) + return 1; + return 0; +} + +/* Check for match between two dist point names: three separate cases. + * 1. Both are relative names and compare X509_NAME types. + * 2. One full, one relative. Compare X509_NAME to GENERAL_NAMES. + * 3. Both are full names and compare two GENERAL_NAMES. + * 4. One is NULL: automatic match. + */ + +static int +idp_check_dp(DIST_POINT_NAME *a, DIST_POINT_NAME *b) +{ + X509_NAME *nm = NULL; + GENERAL_NAMES *gens = NULL; + GENERAL_NAME *gena, *genb; + int i, j; + + if (!a || !b) + return 1; + if (a->type == 1) { + if (!a->dpname) + return 0; + /* Case 1: two X509_NAME */ + if (b->type == 1) { + if (!b->dpname) + return 0; + if (!X509_NAME_cmp(a->dpname, b->dpname)) + return 1; + else + return 0; + } + /* Case 2: set name and GENERAL_NAMES appropriately */ + nm = a->dpname; + gens = b->name.fullname; + } else if (b->type == 1) { + if (!b->dpname) + return 0; + /* Case 2: set name and GENERAL_NAMES appropriately */ + gens = a->name.fullname; + nm = b->dpname; + } + + /* Handle case 2 with one GENERAL_NAMES and one X509_NAME */ + if (nm) { + for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) { + gena = sk_GENERAL_NAME_value(gens, i); + if (gena->type != GEN_DIRNAME) + continue; + if (!X509_NAME_cmp(nm, gena->d.directoryName)) + return 1; + } + return 0; + } + + /* Else case 3: two GENERAL_NAMES */ + + for (i = 0; i < sk_GENERAL_NAME_num(a->name.fullname); i++) { + gena = sk_GENERAL_NAME_value(a->name.fullname, i); + for (j = 0; j < sk_GENERAL_NAME_num(b->name.fullname); j++) { + genb = sk_GENERAL_NAME_value(b->name.fullname, j); + if (!GENERAL_NAME_cmp(gena, genb)) + return 1; + } + } + + return 0; +} + +static int +crldp_check_crlissuer(DIST_POINT *dp, X509_CRL *crl, int crl_score) +{ + int i; + X509_NAME *nm = X509_CRL_get_issuer(crl); + + /* If no CRLissuer return is successful iff don't need a match */ + if (!dp->CRLissuer) + return !!(crl_score & CRL_SCORE_ISSUER_NAME); + for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++) { + GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i); + if (gen->type != GEN_DIRNAME) + continue; + if (!X509_NAME_cmp(gen->d.directoryName, nm)) + return 1; + } + return 0; +} + +/* Check CRLDP and IDP */ + +static int +crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score, unsigned int *preasons) +{ + int i; + + if (crl->idp_flags & IDP_ONLYATTR) + return 0; + if (x->ex_flags & EXFLAG_CA) { + if (crl->idp_flags & IDP_ONLYUSER) + return 0; + } else { + if (crl->idp_flags & IDP_ONLYCA) + return 0; + } + *preasons = crl->idp_reasons; + for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++) { + DIST_POINT *dp = sk_DIST_POINT_value(x->crldp, i); + if (crldp_check_crlissuer(dp, crl, crl_score)) { + if (!crl->idp || + idp_check_dp(dp->distpoint, crl->idp->distpoint)) { + *preasons &= dp->dp_reasons; + return 1; + } + } + } + if ((!crl->idp || !crl->idp->distpoint) && + (crl_score & CRL_SCORE_ISSUER_NAME)) + return 1; + return 0; +} + +/* Retrieve CRL corresponding to current certificate. + * If deltas enabled try to find a delta CRL too + */ + +static int +get_crl_delta(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x) +{ + int ok; + X509 *issuer = NULL; + int crl_score = 0; + unsigned int reasons; + X509_CRL *crl = NULL, *dcrl = NULL; + STACK_OF(X509_CRL) *skcrl; + X509_NAME *nm = X509_get_issuer_name(x); + + reasons = ctx->current_reasons; + ok = get_crl_sk(ctx, &crl, &dcrl, &issuer, &crl_score, &reasons, + ctx->crls); + if (ok) + goto done; + + /* Lookup CRLs from store */ + skcrl = ctx->lookup_crls(ctx, nm); + + /* If no CRLs found and a near match from get_crl_sk use that */ + if (!skcrl && crl) + goto done; + + get_crl_sk(ctx, &crl, &dcrl, &issuer, &crl_score, &reasons, skcrl); + + sk_X509_CRL_pop_free(skcrl, X509_CRL_free); + +done: + + /* If we got any kind of CRL use it and return success */ + if (crl) { + ctx->current_issuer = issuer; + ctx->current_crl_score = crl_score; + ctx->current_reasons = reasons; + *pcrl = crl; + *pdcrl = dcrl; + return 1; + } + + return 0; +} + /* Check CRL validity */ -static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) - { +static int +check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) +{ X509 *issuer = NULL; EVP_PKEY *ikey = NULL; - int ok = 0, chnum, cnum, i; - time_t *ptime; + int ok = 0, chnum, cnum; + cnum = ctx->error_depth; chnum = sk_X509_num(ctx->chain) - 1; - /* Find CRL issuer: if not last certificate then issuer - * is next certificate in chain. - */ - if(cnum < chnum) + /* if we have an alternative CRL issuer cert use that */ + if (ctx->current_issuer) { + issuer = ctx->current_issuer; + } else if (cnum < chnum) { + /* Else find CRL issuer: if not last certificate then issuer + * is next certificate in chain. + */ issuer = sk_X509_value(ctx->chain, cnum + 1); - else - { + } else { issuer = sk_X509_value(ctx->chain, chnum); /* If not self signed, can't check signature */ - if(!ctx->check_issued(ctx, issuer, issuer)) - { + if (!ctx->check_issued(ctx, issuer, issuer)) { ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER; ok = ctx->verify_cb(0, ctx); - if(!ok) goto err; - } + if (!ok) + goto err; } + } - if(issuer) - { + if (issuer) { + /* Skip most tests for deltas because they have already + * been done + */ + if (!crl->base_crl_number) { + /* Check for cRLSign bit if keyUsage present */ + if ((issuer->ex_flags & EXFLAG_KUSAGE) && + !(issuer->ex_kusage & KU_CRL_SIGN)) { + ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN; + ok = ctx->verify_cb(0, ctx); + if (!ok) + goto err; + } - /* Attempt to get issuer certificate public key */ - ikey = X509_get_pubkey(issuer); + if (!(ctx->current_crl_score & CRL_SCORE_SCOPE)) { + ctx->error = X509_V_ERR_DIFFERENT_CRL_SCOPE; + ok = ctx->verify_cb(0, ctx); + if (!ok) + goto err; + } - if(!ikey) - { - ctx->error=X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY; - ok = ctx->verify_cb(0, ctx); - if (!ok) goto err; + if (!(ctx->current_crl_score & CRL_SCORE_SAME_PATH)) { + if (check_crl_path(ctx, + ctx->current_issuer) <= 0) { + ctx->error = X509_V_ERR_CRL_PATH_VALIDATION_ERROR; + ok = ctx->verify_cb(0, ctx); + if (!ok) + goto err; + } } - else - { - /* Verify CRL signature */ - if(X509_CRL_verify(crl, ikey) <= 0) - { - ctx->error=X509_V_ERR_CRL_SIGNATURE_FAILURE; + + if (crl->idp_flags & IDP_INVALID) { + ctx->error = X509_V_ERR_INVALID_EXTENSION; ok = ctx->verify_cb(0, ctx); - if (!ok) goto err; - } + if (!ok) + goto err; } - } - /* OK, CRL signature valid check times */ - if (ctx->flags & X509_V_FLAG_USE_CHECK_TIME) - ptime = &ctx->check_time; - else - ptime = NULL; - i=X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime); - if (i == 0) - { - ctx->error=X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD; - ok = ctx->verify_cb(0, ctx); - if (!ok) goto err; } - if (i > 0) - { - ctx->error=X509_V_ERR_CRL_NOT_YET_VALID; - ok = ctx->verify_cb(0, ctx); - if (!ok) goto err; + if (!(ctx->current_crl_score & CRL_SCORE_TIME)) { + ok = check_crl_time(ctx, crl, 1); + if (!ok) + goto err; } - if(X509_CRL_get_nextUpdate(crl)) - { - i=X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime); - - if (i == 0) - { - ctx->error=X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD; - ok = ctx->verify_cb(0, ctx); - if (!ok) goto err; - } + /* Attempt to get issuer certificate public key */ + ikey = X509_get_pubkey(issuer); - if (i < 0) - { - ctx->error=X509_V_ERR_CRL_HAS_EXPIRED; + if (!ikey) { + ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY; ok = ctx->verify_cb(0, ctx); - if (!ok) goto err; + if (!ok) + goto err; + } else { + /* Verify CRL signature */ + if (X509_CRL_verify(crl, ikey) <= 0) { + ctx->error = X509_V_ERR_CRL_SIGNATURE_FAILURE; + ok = ctx->verify_cb(0, ctx); + if (!ok) + goto err; } } + } ok = 1; - err: +err: EVP_PKEY_free(ikey); return ok; - } +} /* Check certificate against CRL */ -static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x) - { - int idx, ok; - X509_REVOKED rtmp; - /* Look for serial number of certificate in CRL */ - rtmp.serialNumber = X509_get_serialNumber(x); - idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp); - /* Not found: OK */ - if(idx == -1) return 1; - /* Otherwise revoked: want something cleverer than - * this to handle entry extensions in V2 CRLs. +static int +cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x) +{ + int ok; + X509_REVOKED *rev; + + /* The rules changed for this... previously if a CRL contained + * unhandled critical extensions it could still be used to indicate + * a certificate was revoked. This has since been changed since + * critical extension can change the meaning of CRL entries. */ - ctx->error = X509_V_ERR_CERT_REVOKED; - ok = ctx->verify_cb(0, ctx); - return ok; + if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) && + (crl->flags & EXFLAG_CRITICAL)) { + ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION; + ok = ctx->verify_cb(0, ctx); + if (!ok) + return 0; + } + /* Look for serial number of certificate in CRL + * If found make sure reason is not removeFromCRL. + */ + if (X509_CRL_get0_by_cert(crl, &rev, x)) { + if (rev->reason == CRL_REASON_REMOVE_FROM_CRL) + return 2; + ctx->error = X509_V_ERR_CERT_REVOKED; + ok = ctx->verify_cb(0, ctx); + if (!ok) + return 0; + } + + return 1; +} + +static int +check_policy(X509_STORE_CTX *ctx) +{ + int ret; + + if (ctx->parent) + return 1; + ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain, + ctx->param->policies, ctx->param->flags); + if (ret == 0) { + X509error(ERR_R_MALLOC_FAILURE); + return 0; + } + /* Invalid or inconsistent extensions */ + if (ret == -1) { + /* Locate certificates with bad extensions and notify + * callback. + */ + X509 *x; + int i; + for (i = 1; i < sk_X509_num(ctx->chain); i++) { + x = sk_X509_value(ctx->chain, i); + if (!(x->ex_flags & EXFLAG_INVALID_POLICY)) + continue; + ctx->current_cert = x; + ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION; + if (!ctx->verify_cb(0, ctx)) + return 0; + } + return 1; + } + if (ret == -2) { + ctx->current_cert = NULL; + ctx->error = X509_V_ERR_NO_EXPLICIT_POLICY; + return ctx->verify_cb(0, ctx); + } + + if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY) { + ctx->current_cert = NULL; + ctx->error = X509_V_OK; + if (!ctx->verify_cb(2, ctx)) + return 0; } -static int internal_verify(X509_STORE_CTX *ctx) - { - int i,ok=0,n; - X509 *xs,*xi; - EVP_PKEY *pkey=NULL; + return 1; +} + +/* + * Inform the verify callback of an error. + * + * If x is not NULL it is the error cert, otherwise use the chain cert + * at depth. + * + * If err is not X509_V_OK, that's the error value, otherwise leave + * unchanged (presumably set by the caller). + * + * Returns 0 to abort verification with an error, non-zero to continue. + */ +static int +verify_cb_cert(X509_STORE_CTX *ctx, X509 *x, int depth, int err) +{ + ctx->error_depth = depth; + ctx->current_cert = (x != NULL) ? x : sk_X509_value(ctx->chain, depth); + if (err != X509_V_OK) + ctx->error = err; + return ctx->verify_cb(0, ctx); +} + +/* + * Check certificate validity times. + * + * If depth >= 0, invoke verification callbacks on error, otherwise just return + * the validation status. + * + * Return 1 on success, 0 otherwise. + */ +int +x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth) +{ time_t *ptime; - int (*cb)(); + int i; + + if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) + ptime = &ctx->param->check_time; + else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME) + return 1; + else + ptime = NULL; + + i = X509_cmp_time(X509_get_notBefore(x), ptime); + if (i >= 0 && depth < 0) + return 0; + if (i == 0 && !verify_cb_cert(ctx, x, depth, + X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD)) + return 0; + if (i > 0 && !verify_cb_cert(ctx, x, depth, + X509_V_ERR_CERT_NOT_YET_VALID)) + return 0; + + i = X509_cmp_time_internal(X509_get_notAfter(x), ptime, 1); + if (i <= 0 && depth < 0) + return 0; + if (i == 0 && !verify_cb_cert(ctx, x, depth, + X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD)) + return 0; + if (i < 0 && !verify_cb_cert(ctx, x, depth, + X509_V_ERR_CERT_HAS_EXPIRED)) + return 0; + return 1; +} - cb=ctx->verify_cb; +static int +internal_verify(X509_STORE_CTX *ctx) +{ + int n = sk_X509_num(ctx->chain) - 1; + X509 *xi = sk_X509_value(ctx->chain, n); + X509 *xs; - n=sk_X509_num(ctx->chain); - ctx->error_depth=n-1; - n--; - xi=sk_X509_value(ctx->chain,n); - if (ctx->flags & X509_V_FLAG_USE_CHECK_TIME) - ptime = &ctx->check_time; - else - ptime = NULL; if (ctx->check_issued(ctx, xi, xi)) - xs=xi; - else - { - if (n <= 0) - { - ctx->error=X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE; - ctx->current_cert=xi; - ok=cb(0,ctx); - goto end; - } - else - { - n--; - ctx->error_depth=n; - xs=sk_X509_value(ctx->chain,n); - } + xs = xi; + else { + if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) { + xs = xi; + goto check_cert; } + if (n <= 0) + return verify_cb_cert(ctx, xi, 0, + X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE); + n--; + ctx->error_depth = n; + xs = sk_X509_value(ctx->chain, n); + } -/* ctx->error=0; not needed */ - while (n >= 0) - { - ctx->error_depth=n; - if (!xs->valid) - { - if ((pkey=X509_get_pubkey(xi)) == NULL) - { - ctx->error=X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY; - ctx->current_cert=xi; - ok=(*cb)(0,ctx); - if (!ok) goto end; - } - if (X509_verify(xs,pkey) <= 0) - /* XXX For the final trusted self-signed cert, - * this is a waste of time. That check should - * optional so that e.g. 'openssl x509' can be - * used to detect invalid self-signatures, but - * we don't verify again and again in SSL - * handshakes and the like once the cert has - * been declared trusted. */ - { - ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE; - ctx->current_cert=xs; - ok=(*cb)(0,ctx); - if (!ok) - { + /* + * Do not clear ctx->error=0, it must be "sticky", only the + * user's callback is allowed to reset errors (at its own + * peril). + */ + while (n >= 0) { + + /* + * Skip signature check for self signed certificates + * unless explicitly asked for. It doesn't add any + * security and just wastes time. If the issuer's + * public key is unusable, report the issuer + * certificate and its depth (rather than the depth of + * the subject). + */ + if (xs != xi || (ctx->param->flags & + X509_V_FLAG_CHECK_SS_SIGNATURE)) { + EVP_PKEY *pkey; + if ((pkey = X509_get_pubkey(xi)) == NULL) { + if (!verify_cb_cert(ctx, xi, xi != xs ? n+1 : n, + X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY)) + return 0; + } else if (X509_verify(xs, pkey) <= 0) { + if (!verify_cb_cert(ctx, xs, n, + X509_V_ERR_CERT_SIGNATURE_FAILURE)) { EVP_PKEY_free(pkey); - goto end; - } + return 0; } - EVP_PKEY_free(pkey); - pkey=NULL; - - i=X509_cmp_time(X509_get_notBefore(xs), ptime); - if (i == 0) - { - ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD; - ctx->current_cert=xs; - ok=(*cb)(0,ctx); - if (!ok) goto end; - } - if (i > 0) - { - ctx->error=X509_V_ERR_CERT_NOT_YET_VALID; - ctx->current_cert=xs; - ok=(*cb)(0,ctx); - if (!ok) goto end; - } - xs->valid=1; - } - - i=X509_cmp_time(X509_get_notAfter(xs), ptime); - if (i == 0) - { - ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD; - ctx->current_cert=xs; - ok=(*cb)(0,ctx); - if (!ok) goto end; - } - - if (i < 0) - { - ctx->error=X509_V_ERR_CERT_HAS_EXPIRED; - ctx->current_cert=xs; - ok=(*cb)(0,ctx); - if (!ok) goto end; } + EVP_PKEY_free(pkey); + } +check_cert: + /* Calls verify callback as needed */ + if (!x509_check_cert_time(ctx, xs, n)) + return 0; - /* The last error (if any) is still in the error value */ - ctx->current_cert=xs; - ok=(*cb)(1,ctx); - if (!ok) goto end; + /* + * Signal success at this depth. However, the + * previous error (if any) is retained. + */ + ctx->current_issuer = xi; + ctx->current_cert = xs; + ctx->error_depth = n; + if (!ctx->verify_cb(1, ctx)) + return 0; - n--; - if (n >= 0) - { - xi=xs; - xs=sk_X509_value(ctx->chain,n); - } + if (--n >= 0) { + xi = xs; + xs = sk_X509_value(ctx->chain, n); } - ok=1; -end: - return ok; } + return 1; +} -int X509_cmp_current_time(ASN1_TIME *ctm) +int +X509_cmp_current_time(const ASN1_TIME *ctm) { return X509_cmp_time(ctm, NULL); } -int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time) - { - char *str; - ASN1_TIME atm; - time_t offset; - char buff1[24],buff2[24],*p; - int i,j; - - p=buff1; - i=ctm->length; - str=(char *)ctm->data; - if (ctm->type == V_ASN1_UTCTIME) - { - if ((i < 11) || (i > 17)) return 0; - memcpy(p,str,10); - p+=10; - str+=10; - } - else - { - if (i < 13) return 0; - memcpy(p,str,12); - p+=12; - str+=12; - } +/* + * Compare a possibly unvalidated ASN1_TIME string against a time_t + * using RFC 5280 rules for the time string. If *cmp_time is NULL + * the current system time is used. + * + * XXX NOTE that unlike what you expect a "cmp" function to do in C, + * XXX this one is "special", and returns 0 for error. + * + * Returns: + * -1 if the ASN1_time is earlier than OR the same as *cmp_time. + * 1 if the ASN1_time is later than *cmp_time. + * 0 on error. + */ +static int +X509_cmp_time_internal(const ASN1_TIME *ctm, time_t *cmp_time, int clamp_notafter) +{ + time_t time1, time2; + struct tm tm1, tm2; + int ret = 0; + int type; - if ((*str == 'Z') || (*str == '-') || (*str == '+')) - { *(p++)='0'; *(p++)='0'; } + if (cmp_time == NULL) + time2 = time(NULL); else - { - *(p++)= *(str++); - *(p++)= *(str++); - /* Skip any fractional seconds... */ - if (*str == '.') - { - str++; - while ((*str >= '0') && (*str <= '9')) str++; - } - - } - *(p++)='Z'; - *(p++)='\0'; + time2 = *cmp_time; - if (*str == 'Z') - offset=0; - else - { - if ((*str != '+') && (str[5] != '-')) - return 0; - offset=((str[1]-'0')*10+(str[2]-'0'))*60; - offset+=(str[3]-'0')*10+(str[4]-'0'); - if (*str == '-') - offset= -offset; - } - atm.type=ctm->type; - atm.length=sizeof(buff2); - atm.data=(unsigned char *)buff2; + memset(&tm1, 0, sizeof(tm1)); - X509_time_adj(&atm,-offset*60, cmp_time); + type = ASN1_time_parse(ctm->data, ctm->length, &tm1, ctm->type); + if (type == -1) + goto out; /* invalid time */ - if (ctm->type == V_ASN1_UTCTIME) - { - i=(buff1[0]-'0')*10+(buff1[1]-'0'); - if (i < 50) i+=100; /* cf. RFC 2459 */ - j=(buff2[0]-'0')*10+(buff2[1]-'0'); - if (j < 50) j+=100; + /* RFC 5280 section 4.1.2.5 */ + if (tm1.tm_year < 150 && type != V_ASN1_UTCTIME) + goto out; + if (tm1.tm_year >= 150 && type != V_ASN1_GENERALIZEDTIME) + goto out; - if (i < j) return -1; - if (i > j) return 1; - } - i=strcmp(buff1,buff2); - if (i == 0) /* wait a second then return younger :-) */ - return -1; - else - return i; + if (clamp_notafter) { + /* Allow for completely broken operating systems. */ + if (!ASN1_time_tm_clamp_notafter(&tm1)) + goto out; } -ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj) + /* + * Defensively fail if the time string is not representable as + * a time_t. A time_t must be sane if you care about times after + * Jan 19 2038. + */ + if ((time1 = timegm(&tm1)) == -1) + goto out; + + if (gmtime_r(&time2, &tm2) == NULL) + goto out; + + ret = ASN1_time_tm_cmp(&tm1, &tm2); + if (ret == 0) + ret = -1; /* 0 is used for error, so map same to less than */ + out: + return (ret); +} + +int +X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time) +{ + return X509_cmp_time_internal(ctm, cmp_time, 0); +} + + +ASN1_TIME * +X509_gmtime_adj(ASN1_TIME *s, long adj) { return X509_time_adj(s, adj, NULL); } -ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *in_tm) - { - time_t t; - int type = -1; +ASN1_TIME * +X509_time_adj(ASN1_TIME *s, long offset_sec, time_t *in_time) +{ + return X509_time_adj_ex(s, 0, offset_sec, in_time); +} - if (in_tm) t = *in_tm; - else time(&t); +ASN1_TIME * +X509_time_adj_ex(ASN1_TIME *s, int offset_day, long offset_sec, time_t *in_time) +{ + time_t t; + if (in_time == NULL) + t = time(NULL); + else + t = *in_time; - t+=adj; - if (s) type = s->type; - if (type == V_ASN1_UTCTIME) return ASN1_UTCTIME_set(s,t); - if (type == V_ASN1_GENERALIZEDTIME) return ASN1_GENERALIZEDTIME_set(s, t); - return ASN1_TIME_set(s, t); - } + return ASN1_TIME_adj(s, t, offset_day, offset_sec); +} -int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain) - { - EVP_PKEY *ktmp=NULL,*ktmp2; - int i,j; +int +X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain) +{ + EVP_PKEY *ktmp = NULL, *ktmp2; + int i, j; - if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey)) return 1; + if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey)) + return 1; - for (i=0; i= 0; j--) - { - ktmp2=X509_get_pubkey(sk_X509_value(chain,j)); - EVP_PKEY_copy_parameters(ktmp2,ktmp); + for (j = i - 1; j >= 0; j--) { + ktmp2 = X509_get_pubkey(sk_X509_value(chain, j)); + EVP_PKEY_copy_parameters(ktmp2, ktmp); EVP_PKEY_free(ktmp2); - } - - if (pkey != NULL) EVP_PKEY_copy_parameters(pkey,ktmp); + } + + if (pkey != NULL) + EVP_PKEY_copy_parameters(pkey, ktmp); EVP_PKEY_free(ktmp); return 1; - } +} -int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, - CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) - { +int +X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) +{ /* This function is (usually) called only once, by * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c). */ - return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, argl, argp, - new_func, dup_func, free_func); - } + return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, + argl, argp, new_func, dup_func, free_func); +} -int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data) - { - return CRYPTO_set_ex_data(&ctx->ex_data,idx,data); - } +int +X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data) +{ + return CRYPTO_set_ex_data(&ctx->ex_data, idx, data); +} -void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx) - { - return CRYPTO_get_ex_data(&ctx->ex_data,idx); - } +void * +X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx) +{ + return CRYPTO_get_ex_data(&ctx->ex_data, idx); +} -int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx) - { +int +X509_STORE_CTX_get_error(X509_STORE_CTX *ctx) +{ return ctx->error; - } +} -void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err) - { - ctx->error=err; - } +void +X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err) +{ + ctx->error = err; +} -int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx) - { +int +X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx) +{ return ctx->error_depth; - } +} -X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx) - { +X509 * +X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx) +{ return ctx->current_cert; - } +} -STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx) - { +STACK_OF(X509) * +X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx) +{ return ctx->chain; - } +} + +STACK_OF(X509) * +X509_STORE_CTX_get0_chain(X509_STORE_CTX *xs) +{ + return xs->chain; +} -STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx) - { +STACK_OF(X509) * +X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx) +{ int i; X509 *x; STACK_OF(X509) *chain; - if (!ctx->chain || !(chain = sk_X509_dup(ctx->chain))) return NULL; - for (i = 0; i < sk_X509_num(chain); i++) - { + + if (!ctx->chain || !(chain = sk_X509_dup(ctx->chain))) + return NULL; + for (i = 0; i < sk_X509_num(chain); i++) { x = sk_X509_value(chain, i); CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); - } - return chain; } + return chain; +} -void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x) - { - ctx->cert=x; - } +X509 * +X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx) +{ + return ctx->current_issuer; +} -void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) - { - ctx->untrusted=sk; - } +X509_CRL * +X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx) +{ + return ctx->current_crl; +} + +X509_STORE_CTX * +X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx) +{ + return ctx->parent; +} + +X509_STORE * +X509_STORE_CTX_get0_store(X509_STORE_CTX *xs) +{ + return xs->ctx; +} + +void +X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x) +{ + ctx->cert = x; +} + +void +X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) +{ + ctx->untrusted = sk; +} + +void +X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk) +{ + ctx->crls = sk; +} -int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose) - { +int +X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose) +{ return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0); - } +} -int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust) - { +int +X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust) +{ return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust); - } +} /* This function is used to set the X509_STORE_CTX purpose and trust * values. This is intended to be used when another structure has its @@ -979,130 +2124,126 @@ int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust) * aren't set then we use the default of SSL client/server. */ -int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, - int purpose, int trust) +int +X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, + int purpose, int trust) { int idx; + /* If purpose not set use default */ - if (!purpose) purpose = def_purpose; + if (!purpose) + purpose = def_purpose; /* If we have a purpose then check it is valid */ - if (purpose) - { + if (purpose) { X509_PURPOSE *ptmp; idx = X509_PURPOSE_get_by_id(purpose); - if (idx == -1) - { - X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT, - X509_R_UNKNOWN_PURPOSE_ID); + if (idx == -1) { + X509error(X509_R_UNKNOWN_PURPOSE_ID); return 0; - } + } ptmp = X509_PURPOSE_get0(idx); - if (ptmp->trust == X509_TRUST_DEFAULT) - { + if (ptmp->trust == X509_TRUST_DEFAULT) { idx = X509_PURPOSE_get_by_id(def_purpose); - if (idx == -1) - { - X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT, - X509_R_UNKNOWN_PURPOSE_ID); + if (idx == -1) { + X509error(X509_R_UNKNOWN_PURPOSE_ID); return 0; - } - ptmp = X509_PURPOSE_get0(idx); } - /* If trust not set then get from purpose default */ - if (!trust) trust = ptmp->trust; + ptmp = X509_PURPOSE_get0(idx); } - if (trust) - { + /* If trust not set then get from purpose default */ + if (!trust) + trust = ptmp->trust; + } + if (trust) { idx = X509_TRUST_get_by_id(trust); - if (idx == -1) - { - X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT, - X509_R_UNKNOWN_TRUST_ID); + if (idx == -1) { + X509error(X509_R_UNKNOWN_TRUST_ID); return 0; - } } + } - if (purpose && !ctx->purpose) ctx->purpose = purpose; - if (trust && !ctx->trust) ctx->trust = trust; + if (purpose && !ctx->param->purpose) + ctx->param->purpose = purpose; + if (trust && !ctx->param->trust) + ctx->param->trust = trust; return 1; } -X509_STORE_CTX *X509_STORE_CTX_new(void) +X509_STORE_CTX * +X509_STORE_CTX_new(void) { X509_STORE_CTX *ctx; - ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX)); - if (!ctx) - { - X509err(X509_F_X509_STORE_CTX_NEW,ERR_R_MALLOC_FAILURE); + + ctx = calloc(1, sizeof(X509_STORE_CTX)); + if (!ctx) { + X509error(ERR_R_MALLOC_FAILURE); return NULL; - } - memset(ctx, 0, sizeof(X509_STORE_CTX)); + } return ctx; } -void X509_STORE_CTX_free(X509_STORE_CTX *ctx) +void +X509_STORE_CTX_free(X509_STORE_CTX *ctx) { + if (ctx == NULL) + return; + X509_STORE_CTX_cleanup(ctx); - OPENSSL_free(ctx); -} - -int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, - STACK_OF(X509) *chain) - { - ctx->ctx=store; - ctx->current_method=0; - ctx->cert=x509; - ctx->untrusted=chain; - ctx->last_untrusted=0; - ctx->check_time=0; - ctx->other_ctx=NULL; - ctx->valid=0; - ctx->chain=NULL; - ctx->depth=9; - ctx->error=0; - ctx->error_depth=0; - ctx->current_cert=NULL; - ctx->current_issuer=NULL; + free(ctx); +} - /* Inherit callbacks and flags from X509_STORE if not set - * use defaults. +int +X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, + STACK_OF(X509) *chain) +{ + int param_ret = 1; + + /* + * Make sure everything is initialized properly even in case of an + * early return due to an error. + * + * While this 'ctx' can be reused, X509_STORE_CTX_cleanup() will have + * freed everything and memset ex_data anyway. This also allows us + * to safely use X509_STORE_CTX variables from the stack which will + * have uninitialized data. */ + memset(ctx, 0, sizeof(*ctx)); + /* + * Start with this set to not valid - it will be set to valid + * in X509_verify_cert. + */ + ctx->error = X509_V_ERR_INVALID_CALL; - if (store) - { - ctx->purpose=store->purpose; - ctx->trust=store->trust; - ctx->flags = store->flags; - ctx->cleanup = store->cleanup; - } + /* + * Set values other than 0. Keep this in the same order as + * X509_STORE_CTX except for values that may fail. All fields that + * may fail should go last to make sure 'ctx' is as consistent as + * possible even on early exits. + */ + ctx->ctx = store; + ctx->cert = x509; + ctx->untrusted = chain; + + if (store && store->verify) + ctx->verify = store->verify; else - { - ctx->purpose = 0; - ctx->trust = 0; - ctx->flags = 0; - ctx->cleanup = 0; - } + ctx->verify = internal_verify; - if (store && store->check_issued) - ctx->check_issued = store->check_issued; + if (store && store->verify_cb) + ctx->verify_cb = store->verify_cb; else - ctx->check_issued = check_issued; + ctx->verify_cb = null_callback; if (store && store->get_issuer) ctx->get_issuer = store->get_issuer; else ctx->get_issuer = X509_STORE_CTX_get1_issuer; - if (store && store->verify_cb) - ctx->verify_cb = store->verify_cb; - else - ctx->verify_cb = null_callback; - - if (store && store->verify) - ctx->verify = store->verify; + if (store && store->check_issued) + ctx->check_issued = store->check_issued; else - ctx->verify = internal_verify; + ctx->check_issued = check_issued; if (store && store->check_revocation) ctx->check_revocation = store->check_revocation; @@ -1112,7 +2253,7 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, if (store && store->get_crl) ctx->get_crl = store->get_crl; else - ctx->get_crl = get_crl; + ctx->get_crl = NULL; if (store && store->check_crl) ctx->check_crl = store->check_crl; @@ -1124,64 +2265,169 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, else ctx->cert_crl = cert_crl; + ctx->check_policy = check_policy; + + if (store && store->lookup_certs) + ctx->lookup_certs = store->lookup_certs; + else + ctx->lookup_certs = X509_STORE_get1_certs; + + if (store && store->lookup_crls) + ctx->lookup_crls = store->lookup_crls; + else + ctx->lookup_crls = X509_STORE_get1_crls; + + if (store && store->cleanup) + ctx->cleanup = store->cleanup; + else + ctx->cleanup = NULL; - /* This memset() can't make any sense anyway, so it's removed. As - * X509_STORE_CTX_cleanup does a proper "free" on the ex_data, we put a - * corresponding "new" here and remove this bogus initialisation. */ - /* memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA)); */ - if(!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, - &(ctx->ex_data))) - { - OPENSSL_free(ctx); - X509err(X509_F_X509_STORE_CTX_INIT,ERR_R_MALLOC_FAILURE); + ctx->param = X509_VERIFY_PARAM_new(); + if (!ctx->param) { + X509error(ERR_R_MALLOC_FAILURE); + return 0; + } + + /* Inherit callbacks and flags from X509_STORE if not set + * use defaults. + */ + if (store) + param_ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param); + else + ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT|X509_VP_FLAG_ONCE; + + if (param_ret) + param_ret = X509_VERIFY_PARAM_inherit(ctx->param, + X509_VERIFY_PARAM_lookup("default")); + + if (param_ret == 0) { + X509error(ERR_R_MALLOC_FAILURE); + return 0; + } + + if (CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, + &(ctx->ex_data)) == 0) { + X509error(ERR_R_MALLOC_FAILURE); return 0; - } - return 1; } + return 1; +} /* Set alternative lookup method: just a STACK of trusted certificates. * This avoids X509_STORE nastiness where it isn't needed. */ -void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) +void +X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) { ctx->other_ctx = sk; ctx->get_issuer = get_issuer_sk; } -void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx) - { - if (ctx->cleanup) ctx->cleanup(ctx); - if (ctx->chain != NULL) - { - sk_X509_pop_free(ctx->chain,X509_free); - ctx->chain=NULL; - } - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data)); - memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA)); - } +void +X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) +{ + X509_STORE_CTX_trusted_stack(ctx, sk); +} -void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags) - { - ctx->flags |= flags; +void +X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx) +{ + if (ctx->cleanup) + ctx->cleanup(ctx); + if (ctx->param != NULL) { + if (ctx->parent == NULL) + X509_VERIFY_PARAM_free(ctx->param); + ctx->param = NULL; } - -void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, long flags, time_t t) - { - ctx->check_time = t; - ctx->flags |= X509_V_FLAG_USE_CHECK_TIME; + if (ctx->tree != NULL) { + X509_policy_tree_free(ctx->tree); + ctx->tree = NULL; } - -void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, - int (*verify_cb)(int, X509_STORE_CTX *)) - { - ctx->verify_cb=verify_cb; + if (ctx->chain != NULL) { + sk_X509_pop_free(ctx->chain, X509_free); + ctx->chain = NULL; } + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, + ctx, &(ctx->ex_data)); + memset(&ctx->ex_data, 0, sizeof(CRYPTO_EX_DATA)); +} + +void +X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth) +{ + X509_VERIFY_PARAM_set_depth(ctx->param, depth); +} + +void +X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags) +{ + X509_VERIFY_PARAM_set_flags(ctx->param, flags); +} + +void +X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, time_t t) +{ + X509_VERIFY_PARAM_set_time(ctx->param, t); +} + +void +X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, + int (*verify_cb)(int, X509_STORE_CTX *)) +{ + ctx->verify_cb = verify_cb; +} + +X509 * +X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx) +{ + return ctx->cert; +} + +STACK_OF(X509) * +X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx) +{ + return ctx->untrusted; +} -IMPLEMENT_STACK_OF(X509) -IMPLEMENT_ASN1_SET_OF(X509) +void +X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) +{ + ctx->untrusted = sk; +} + +X509_POLICY_TREE * +X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx) +{ + return ctx->tree; +} + +int +X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx) +{ + return ctx->explicit_policy; +} -IMPLEMENT_STACK_OF(X509_NAME) +int +X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name) +{ + const X509_VERIFY_PARAM *param; + param = X509_VERIFY_PARAM_lookup(name); + if (!param) + return 0; + return X509_VERIFY_PARAM_inherit(ctx->param, param); +} + +X509_VERIFY_PARAM * +X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx) +{ + return ctx->param; +} -IMPLEMENT_STACK_OF(X509_ATTRIBUTE) -IMPLEMENT_ASN1_SET_OF(X509_ATTRIBUTE) +void +X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param) +{ + if (ctx->param) + X509_VERIFY_PARAM_free(ctx->param); + ctx->param = param; +} diff --git a/src/lib/libcrypto/x509/x509_vfy.h b/src/lib/libcrypto/x509/x509_vfy.h index f0be21f4525..c5eae9d3983 100644 --- a/src/lib/libcrypto/x509/x509_vfy.h +++ b/src/lib/libcrypto/x509/x509_vfy.h @@ -1,4 +1,4 @@ -/* crypto/x509/x509_vfy.h */ +/* $OpenBSD: x509_vfy.h,v 1.30 2018/08/24 19:21:09 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -65,26 +65,18 @@ #ifndef HEADER_X509_VFY_H #define HEADER_X509_VFY_H +#include + #ifndef OPENSSL_NO_LHASH #include #endif #include #include -#include #ifdef __cplusplus extern "C" { #endif -/* Outer object */ -typedef struct x509_hash_dir_st - { - int num_dirs; - char **dirs; - int *dirs_type; - int num_dirs_alloced; - } X509_HASH_DIR_CTX; - typedef struct x509_file_st { int num_paths; /* number of paths to files or directories */ @@ -142,19 +134,40 @@ typedef struct x509_lookup_method_st void (*free)(X509_LOOKUP *ctx); int (*init)(X509_LOOKUP *ctx); int (*shutdown)(X509_LOOKUP *ctx); - int (*ctrl)(X509_LOOKUP *ctx,int cmd,const char *argc,long argl, - char **ret); - int (*get_by_subject)(X509_LOOKUP *ctx,int type,X509_NAME *name, - X509_OBJECT *ret); - int (*get_by_issuer_serial)(X509_LOOKUP *ctx,int type,X509_NAME *name, - ASN1_INTEGER *serial,X509_OBJECT *ret); - int (*get_by_fingerprint)(X509_LOOKUP *ctx,int type, - unsigned char *bytes,int len, - X509_OBJECT *ret); - int (*get_by_alias)(X509_LOOKUP *ctx,int type,char *str,int len, - X509_OBJECT *ret); + int (*ctrl)(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, + char **ret); + int (*get_by_subject)(X509_LOOKUP *ctx, int type, X509_NAME *name, + X509_OBJECT *ret); + int (*get_by_issuer_serial)(X509_LOOKUP *ctx, int type, X509_NAME *name, + ASN1_INTEGER *serial,X509_OBJECT *ret); + int (*get_by_fingerprint)(X509_LOOKUP *ctx, int type, + const unsigned char *bytes, int len, X509_OBJECT *ret); + int (*get_by_alias)(X509_LOOKUP *ctx, int type, const char *str, + int len, X509_OBJECT *ret); } X509_LOOKUP_METHOD; +typedef struct X509_VERIFY_PARAM_ID_st X509_VERIFY_PARAM_ID; + +/* This structure hold all parameters associated with a verify operation + * by including an X509_VERIFY_PARAM structure in related structures the + * parameters used can be customized + */ + +typedef struct X509_VERIFY_PARAM_st + { + char *name; + time_t check_time; /* Time to use */ + unsigned long inh_flags; /* Inheritance flags */ + unsigned long flags; /* Various verify flags */ + int purpose; /* purpose to check untrusted certificates */ + int trust; /* trust setting to check */ + int depth; /* Verify depth */ + STACK_OF(ASN1_OBJECT) *policies; /* Permissible policies */ + X509_VERIFY_PARAM_ID *id; /* opaque ID data */ +} X509_VERIFY_PARAM; + +DECLARE_STACK_OF(X509_VERIFY_PARAM) + /* This is used to hold everything. It is used for all certificate * validation. Once we have a certificate chain, the 'verify' * function is then called to actually check the cert chain. */ @@ -167,13 +180,8 @@ struct x509_store_st /* These are external lookup methods */ STACK_OF(X509_LOOKUP) *get_cert_methods; - /* The following fields are not used by X509_STORE but are - * inherited by X509_STORE_CTX when it is initialised. - */ + X509_VERIFY_PARAM *param; - unsigned long flags; /* Various verify flags */ - int purpose; - int trust; /* Callbacks for various operations */ int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */ int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */ @@ -183,14 +191,15 @@ struct x509_store_st int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */ int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */ int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */ + STACK_OF(X509) * (*lookup_certs)(X509_STORE_CTX *ctx, X509_NAME *nm); + STACK_OF(X509_CRL) * (*lookup_crls)(X509_STORE_CTX *ctx, X509_NAME *nm); int (*cleanup)(X509_STORE_CTX *ctx); CRYPTO_EX_DATA ex_data; int references; - int depth; /* how deep to look (still unused -- X509_STORE_CTX's depth is used) */ } /* X509_STORE */; -#define X509_STORE_set_depth(ctx,d) ((ctx)->depth=(d)) +int X509_STORE_set_depth(X509_STORE *store, int depth); #define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func)) #define X509_STORE_set_verify_func(ctx,func) ((ctx)->verify=(func)) @@ -217,10 +226,9 @@ struct x509_store_ctx_st /* X509_STORE_CTX */ /* The following are set by the caller */ X509 *cert; /* The cert to check */ STACK_OF(X509) *untrusted; /* chain of X509s - untrusted - passed in */ - int purpose; /* purpose to check untrusted certificates */ - int trust; /* trust setting to check */ - time_t check_time; /* time to make verify at */ - unsigned long flags; /* Various verify flags */ + STACK_OF(X509_CRL) *crls; /* set of CRLs passed in */ + + X509_VERIFY_PARAM *param; void *other_ctx; /* Other info for use with get_issuer() */ /* Callbacks for various operations */ @@ -232,13 +240,18 @@ struct x509_store_ctx_st /* X509_STORE_CTX */ int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */ int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */ int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */ + int (*check_policy)(X509_STORE_CTX *ctx); + STACK_OF(X509) * (*lookup_certs)(X509_STORE_CTX *ctx, X509_NAME *nm); + STACK_OF(X509_CRL) * (*lookup_crls)(X509_STORE_CTX *ctx, X509_NAME *nm); int (*cleanup)(X509_STORE_CTX *ctx); /* The following is built up */ - int depth; /* how far to go looking up certs */ int valid; /* if 0, rebuild chain */ int last_untrusted; /* index of last untrusted cert */ STACK_OF(X509) *chain; /* chain of X509s - built up and trusted */ + X509_POLICY_TREE *tree; /* Valid policy tree */ + + int explicit_policy; /* Require explicit policy value */ /* When something goes wrong, this is why */ int error_depth; @@ -247,10 +260,15 @@ struct x509_store_ctx_st /* X509_STORE_CTX */ X509 *current_issuer; /* cert currently being tested as valid issuer */ X509_CRL *current_crl; /* current CRL */ + int current_crl_score; /* score of current CRL */ + unsigned int current_reasons; /* Reason mask */ + + X509_STORE_CTX *parent; /* For CRL path validation: parent context */ + CRYPTO_EX_DATA ex_data; } /* X509_STORE_CTX */; -#define X509_STORE_CTX_set_depth(ctx,d) ((ctx)->depth=(d)) +void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); #define X509_STORE_CTX_set_app_data(ctx,data) \ X509_STORE_CTX_set_ex_data(ctx,0,data) @@ -259,6 +277,7 @@ struct x509_store_ctx_st /* X509_STORE_CTX */ #define X509_L_FILE_LOAD 1 #define X509_L_ADD_DIR 2 +#define X509_L_MEM 3 #define X509_LOOKUP_load_file(x,name,type) \ X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL) @@ -266,9 +285,12 @@ struct x509_store_ctx_st /* X509_STORE_CTX */ #define X509_LOOKUP_add_dir(x,name,type) \ X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL) -#define X509_V_OK 0 -/* illegal error (for uninitialized values, to avoid X509_V_OK): 1 */ +#define X509_LOOKUP_add_mem(x,iov,type) \ + X509_LOOKUP_ctrl((x),X509_L_MEM,(const char *)(iov),\ + (long)(type),NULL) +#define X509_V_OK 0 +#define X509_V_ERR_UNSPECIFIED 1 #define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2 #define X509_V_ERR_UNABLE_TO_GET_CRL 3 #define X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE 4 @@ -276,7 +298,7 @@ struct x509_store_ctx_st /* X509_STORE_CTX */ #define X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY 6 #define X509_V_ERR_CERT_SIGNATURE_FAILURE 7 #define X509_V_ERR_CRL_SIGNATURE_FAILURE 8 -#define X509_V_ERR_CERT_NOT_YET_VALID 9 +#define X509_V_ERR_CERT_NOT_YET_VALID 9 #define X509_V_ERR_CERT_HAS_EXPIRED 10 #define X509_V_ERR_CRL_NOT_YET_VALID 11 #define X509_V_ERR_CRL_HAS_EXPIRED 12 @@ -304,30 +326,130 @@ struct x509_store_ctx_st /* X509_STORE_CTX */ #define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33 #define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34 +#define X509_V_ERR_KEYUSAGE_NO_CRL_SIGN 35 +#define X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION 36 +#define X509_V_ERR_INVALID_NON_CA 37 +#define X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED 38 +#define X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE 39 +#define X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED 40 + +#define X509_V_ERR_INVALID_EXTENSION 41 +#define X509_V_ERR_INVALID_POLICY_EXTENSION 42 +#define X509_V_ERR_NO_EXPLICIT_POLICY 43 +#define X509_V_ERR_DIFFERENT_CRL_SCOPE 44 +#define X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE 45 + +#define X509_V_ERR_UNNESTED_RESOURCE 46 + +#define X509_V_ERR_PERMITTED_VIOLATION 47 +#define X509_V_ERR_EXCLUDED_VIOLATION 48 +#define X509_V_ERR_SUBTREE_MINMAX 49 +#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE 51 +#define X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX 52 +#define X509_V_ERR_UNSUPPORTED_NAME_SYNTAX 53 +#define X509_V_ERR_CRL_PATH_VALIDATION_ERROR 54 /* The application is not happy */ #define X509_V_ERR_APPLICATION_VERIFICATION 50 +/* Host, email and IP check errors */ +#define X509_V_ERR_HOSTNAME_MISMATCH 62 +#define X509_V_ERR_EMAIL_MISMATCH 63 +#define X509_V_ERR_IP_ADDRESS_MISMATCH 64 + +/* Caller error */ +#define X509_V_ERR_INVALID_CALL 65 +/* Issuer lookup error */ +#define X509_V_ERR_STORE_LOOKUP 66 + /* Certificate verify flags */ -#define X509_V_FLAG_CB_ISSUER_CHECK 0x1 /* Send issuer+subject checks to verify_cb */ -#define X509_V_FLAG_USE_CHECK_TIME 0x2 /* Use check time instead of current time */ -#define X509_V_FLAG_CRL_CHECK 0x4 /* Lookup CRLs */ -#define X509_V_FLAG_CRL_CHECK_ALL 0x8 /* Lookup CRLs for whole chain */ -#define X509_V_FLAG_IGNORE_CRITICAL 0x10 /* Ignore unhandled critical extensions */ +/* Send issuer+subject checks to verify_cb */ +#define X509_V_FLAG_CB_ISSUER_CHECK 0x1 +/* Use check time instead of current time */ +#define X509_V_FLAG_USE_CHECK_TIME 0x2 +/* Lookup CRLs */ +#define X509_V_FLAG_CRL_CHECK 0x4 +/* Lookup CRLs for whole chain */ +#define X509_V_FLAG_CRL_CHECK_ALL 0x8 +/* Ignore unhandled critical extensions */ +#define X509_V_FLAG_IGNORE_CRITICAL 0x10 +/* Disable workarounds for broken certificates */ +#define X509_V_FLAG_X509_STRICT 0x20 +/* Enable proxy certificate validation */ +#define X509_V_FLAG_ALLOW_PROXY_CERTS 0x40 +/* Enable policy checking */ +#define X509_V_FLAG_POLICY_CHECK 0x80 +/* Policy variable require-explicit-policy */ +#define X509_V_FLAG_EXPLICIT_POLICY 0x100 +/* Policy variable inhibit-any-policy */ +#define X509_V_FLAG_INHIBIT_ANY 0x200 +/* Policy variable inhibit-policy-mapping */ +#define X509_V_FLAG_INHIBIT_MAP 0x400 +/* Notify callback that policy is OK */ +#define X509_V_FLAG_NOTIFY_POLICY 0x800 +/* Extended CRL features such as indirect CRLs, alternate CRL signing keys */ +#define X509_V_FLAG_EXTENDED_CRL_SUPPORT 0x1000 +/* Delta CRL support */ +#define X509_V_FLAG_USE_DELTAS 0x2000 +/* Check selfsigned CA signature */ +#define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000 +/* Use trusted store first */ +#define X509_V_FLAG_TRUSTED_FIRST 0x8000 +/* Allow partial chains if at least one certificate is in trusted store */ +#define X509_V_FLAG_PARTIAL_CHAIN 0x80000 + +/* If the initial chain is not trusted, do not attempt to build an alternative + * chain. Alternate chain checking was introduced in 1.0.2b. Setting this flag + * will force the behaviour to match that of previous versions. */ +#define X509_V_FLAG_NO_ALT_CHAINS 0x100000 + +/* Do not check certificate or CRL validity against current time. */ +#define X509_V_FLAG_NO_CHECK_TIME 0x200000 + +#define X509_VP_FLAG_DEFAULT 0x1 +#define X509_VP_FLAG_OVERWRITE 0x2 +#define X509_VP_FLAG_RESET_FLAGS 0x4 +#define X509_VP_FLAG_LOCKED 0x8 +#define X509_VP_FLAG_ONCE 0x10 + +/* Internal use: mask of policy related options */ +#define X509_V_FLAG_POLICY_MASK (X509_V_FLAG_POLICY_CHECK \ + | X509_V_FLAG_EXPLICIT_POLICY \ + | X509_V_FLAG_INHIBIT_ANY \ + | X509_V_FLAG_INHIBIT_MAP) int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type, X509_NAME *name); X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,int type,X509_NAME *name); X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x); -void X509_OBJECT_up_ref_count(X509_OBJECT *a); +int X509_OBJECT_up_ref_count(X509_OBJECT *a); +int X509_OBJECT_get_type(const X509_OBJECT *a); void X509_OBJECT_free_contents(X509_OBJECT *a); -X509_STORE *X509_STORE_new(void ); -void X509_STORE_free(X509_STORE *v); +X509 *X509_OBJECT_get0_X509(const X509_OBJECT *xo); +X509_CRL *X509_OBJECT_get0_X509_CRL(X509_OBJECT *xo); -void X509_STORE_set_flags(X509_STORE *ctx, long flags); +X509_STORE *X509_STORE_new(void); +void X509_STORE_free(X509_STORE *v); +int X509_STORE_up_ref(X509_STORE *x); +STACK_OF(X509)* X509_STORE_get1_certs(X509_STORE_CTX *st, X509_NAME *nm); +STACK_OF(X509_CRL)* X509_STORE_get1_crls(X509_STORE_CTX *st, X509_NAME *nm); +STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *xs); +void *X509_STORE_get_ex_data(X509_STORE *xs, int idx); +int X509_STORE_set_ex_data(X509_STORE *xs, int idx, void *data); + +#define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \ + CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, (l), (p), \ + (newf), (dupf), (freef)) + +int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags); int X509_STORE_set_purpose(X509_STORE *ctx, int purpose); int X509_STORE_set_trust(X509_STORE *ctx, int trust); +int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm); +X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx); + +void X509_STORE_set_verify_cb(X509_STORE *ctx, + int (*verify_cb)(int, X509_STORE_CTX *)); X509_STORE_CTX *X509_STORE_CTX_new(void); @@ -336,13 +458,20 @@ int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); void X509_STORE_CTX_free(X509_STORE_CTX *ctx); int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, STACK_OF(X509) *chain); +X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx); +STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *xs); +X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *xs); +STACK_OF(X509) *X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); +void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx); X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m); X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void); X509_LOOKUP_METHOD *X509_LOOKUP_file(void); +X509_LOOKUP_METHOD *X509_LOOKUP_mem(void); int X509_STORE_add_cert(X509_STORE *ctx, X509 *x); int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x); @@ -353,11 +482,9 @@ int X509_STORE_get_by_subject(X509_STORE_CTX *vs,int type,X509_NAME *name, int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, char **ret); -#ifndef OPENSSL_NO_STDIO int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type); int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type); int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type); -#endif X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method); @@ -368,16 +495,15 @@ int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name, int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name, ASN1_INTEGER *serial, X509_OBJECT *ret); int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type, - unsigned char *bytes, int len, X509_OBJECT *ret); -int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, + const unsigned char *bytes, int len, X509_OBJECT *ret); +int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, const char *str, int len, X509_OBJECT *ret); int X509_LOOKUP_shutdown(X509_LOOKUP *ctx); -#ifndef OPENSSL_NO_STDIO int X509_STORE_load_locations (X509_STORE *ctx, const char *file, const char *dir); +int X509_STORE_load_mem(X509_STORE *ctx, void *buf, int len); int X509_STORE_set_default_paths(X509_STORE *ctx); -#endif int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); @@ -387,18 +513,100 @@ int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s); int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); X509 * X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); +X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx); +X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx); +X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx); STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx); STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx); void X509_STORE_CTX_set_cert(X509_STORE_CTX *c,X509 *x); void X509_STORE_CTX_set_chain(X509_STORE_CTX *c,STACK_OF(X509) *sk); +void X509_STORE_CTX_set0_crls(X509_STORE_CTX *c,STACK_OF(X509_CRL) *sk); int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose); int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust); int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, int purpose, int trust); -void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags); -void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, long flags, time_t t); +void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags); +void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, + time_t t); void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, int (*verify_cb)(int, X509_STORE_CTX *)); + +X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx); +int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx); + +X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx); +void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param); +int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name); + +/* X509_VERIFY_PARAM functions */ + +X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void); +void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param); +int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *to, + const X509_VERIFY_PARAM *from); +int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to, + const X509_VERIFY_PARAM *from); +int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name); +int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags); +int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, + unsigned long flags); +unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param); +int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose); +int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust); +void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth); +void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t); +int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, + ASN1_OBJECT *policy); +int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, + STACK_OF(ASN1_OBJECT) *policies); +int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param); +int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, const char *name, + size_t namelen); +int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, const char *name, + size_t namelen); +void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, + unsigned int flags); +char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param); +int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, const char *email, + size_t emaillen); +int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, const unsigned char *ip, + size_t iplen); +int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc); +const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param); +const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id); +int X509_VERIFY_PARAM_get_count(void); + +int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param); +const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name); +void X509_VERIFY_PARAM_table_cleanup(void); + +int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy, + STACK_OF(X509) *certs, + STACK_OF(ASN1_OBJECT) *policy_oids, + unsigned int flags); + +void X509_policy_tree_free(X509_POLICY_TREE *tree); + +int X509_policy_tree_level_count(const X509_POLICY_TREE *tree); +X509_POLICY_LEVEL * + X509_policy_tree_get0_level(const X509_POLICY_TREE *tree, int i); + +STACK_OF(X509_POLICY_NODE) * + X509_policy_tree_get0_policies(const X509_POLICY_TREE *tree); + +STACK_OF(X509_POLICY_NODE) * + X509_policy_tree_get0_user_policies(const X509_POLICY_TREE *tree); + +int X509_policy_level_node_count(X509_POLICY_LEVEL *level); + +X509_POLICY_NODE *X509_policy_level_get0_node(X509_POLICY_LEVEL *level, int i); + +const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node); + +STACK_OF(POLICYQUALINFO) * + X509_policy_node_get0_qualifiers(const X509_POLICY_NODE *node); +const X509_POLICY_NODE * + X509_policy_node_get0_parent(const X509_POLICY_NODE *node); #ifdef __cplusplus } diff --git a/src/lib/libcrypto/x509/x509_vpm.c b/src/lib/libcrypto/x509/x509_vpm.c new file mode 100644 index 00000000000..baebcf7bca8 --- /dev/null +++ b/src/lib/libcrypto/x509/x509_vpm.c @@ -0,0 +1,714 @@ +/* $OpenBSD: x509_vpm.c,v 1.18 2018/04/06 07:08:20 beck Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2004. + */ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include + +#include +#include +#include +#include +#include +#include + +#include "vpm_int.h" + +/* X509_VERIFY_PARAM functions */ + +int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, const char *email, + size_t emaillen); +int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, const unsigned char *ip, + size_t iplen); + +#define SET_HOST 0 +#define ADD_HOST 1 + +static void +str_free(char *s) +{ + free(s); +} + +#define string_stack_free(sk) sk_OPENSSL_STRING_pop_free(sk, str_free) + + +/* + * Post 1.0.1 sk function "deep_copy". For the moment we simply make + * these take void * and use them directly without a glorious blob of + * obfuscating macros of dubious value in front of them. All this in + * preparation for a rototilling of safestack.h (likely inspired by + * this). + */ +static void * +sk_deep_copy(void *sk_void, void *copy_func_void, void *free_func_void) +{ + _STACK *sk = sk_void; + void *(*copy_func)(void *) = copy_func_void; + void (*free_func)(void *) = free_func_void; + _STACK *ret = sk_dup(sk); + size_t i; + + if (ret == NULL) + return NULL; + + for (i = 0; i < ret->num; i++) { + if (ret->data[i] == NULL) + continue; + ret->data[i] = copy_func(ret->data[i]); + if (ret->data[i] == NULL) { + size_t j; + for (j = 0; j < i; j++) { + if (ret->data[j] != NULL) + free_func(ret->data[j]); + } + sk_free(ret); + return NULL; + } + } + + return ret; +} + +static int +x509_param_set_hosts_internal(X509_VERIFY_PARAM_ID *id, int mode, + const char *name, size_t namelen) +{ + char *copy; + + if (name != NULL && namelen == 0) + namelen = strlen(name); + /* + * Refuse names with embedded NUL bytes. + */ + if (name && memchr(name, '\0', namelen)) + return 0; + + if (mode == SET_HOST && id->hosts) { + string_stack_free(id->hosts); + id->hosts = NULL; + } + if (name == NULL || namelen == 0) + return 1; + copy = strndup(name, namelen); + if (copy == NULL) + return 0; + + if (id->hosts == NULL && + (id->hosts = sk_OPENSSL_STRING_new_null()) == NULL) { + free(copy); + return 0; + } + + if (!sk_OPENSSL_STRING_push(id->hosts, copy)) { + free(copy); + if (sk_OPENSSL_STRING_num(id->hosts) == 0) { + sk_OPENSSL_STRING_free(id->hosts); + id->hosts = NULL; + } + return 0; + } + + return 1; +} + +static void +x509_verify_param_zero(X509_VERIFY_PARAM *param) +{ + X509_VERIFY_PARAM_ID *paramid; + if (!param) + return; + param->name = NULL; + param->purpose = 0; + param->trust = 0; + /*param->inh_flags = X509_VP_FLAG_DEFAULT;*/ + param->inh_flags = 0; + param->flags = 0; + param->depth = -1; + if (param->policies) { + sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); + param->policies = NULL; + } + paramid = param->id; + if (paramid->hosts) { + string_stack_free(paramid->hosts); + paramid->hosts = NULL; + } + free(paramid->peername); + paramid->peername = NULL; + free(paramid->email); + paramid->email = NULL; + paramid->emaillen = 0; + free(paramid->ip); + paramid->ip = NULL; + paramid->iplen = 0; + paramid->poisoned = 0; +} + +X509_VERIFY_PARAM * +X509_VERIFY_PARAM_new(void) +{ + X509_VERIFY_PARAM *param; + X509_VERIFY_PARAM_ID *paramid; + param = calloc(1, sizeof(X509_VERIFY_PARAM)); + if (param == NULL) + return NULL; + paramid = calloc (1, sizeof(X509_VERIFY_PARAM_ID)); + if (paramid == NULL) { + free(param); + return NULL; + } + param->id = paramid; + x509_verify_param_zero(param); + return param; +} + +void +X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param) +{ + if (param == NULL) + return; + x509_verify_param_zero(param); + free(param->id); + free(param); +} + +/* This function determines how parameters are "inherited" from one structure + * to another. There are several different ways this can happen. + * + * 1. If a child structure needs to have its values initialized from a parent + * they are simply copied across. For example SSL_CTX copied to SSL. + * 2. If the structure should take on values only if they are currently unset. + * For example the values in an SSL structure will take appropriate value + * for SSL servers or clients but only if the application has not set new + * ones. + * + * The "inh_flags" field determines how this function behaves. + * + * Normally any values which are set in the default are not copied from the + * destination and verify flags are ORed together. + * + * If X509_VP_FLAG_DEFAULT is set then anything set in the source is copied + * to the destination. Effectively the values in "to" become default values + * which will be used only if nothing new is set in "from". + * + * If X509_VP_FLAG_OVERWRITE is set then all value are copied across whether + * they are set or not. Flags is still Ored though. + * + * If X509_VP_FLAG_RESET_FLAGS is set then the flags value is copied instead + * of ORed. + * + * If X509_VP_FLAG_LOCKED is set then no values are copied. + * + * If X509_VP_FLAG_ONCE is set then the current inh_flags setting is zeroed + * after the next call. + */ + +/* Macro to test if a field should be copied from src to dest */ + +#define test_x509_verify_param_copy(field, def) \ + (to_overwrite || \ + ((src->field != def) && (to_default || (dest->field == def)))) + +/* As above but for ID fields */ + +#define test_x509_verify_param_copy_id(idf, def) \ + test_x509_verify_param_copy(id->idf, def) + +/* Macro to test and copy a field if necessary */ + +#define x509_verify_param_copy(field, def) \ + if (test_x509_verify_param_copy(field, def)) \ + dest->field = src->field + +int +X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest, const X509_VERIFY_PARAM *src) +{ + unsigned long inh_flags; + int to_default, to_overwrite; + X509_VERIFY_PARAM_ID *id; + + if (!src) + return 1; + id = src->id; + inh_flags = dest->inh_flags | src->inh_flags; + + if (inh_flags & X509_VP_FLAG_ONCE) + dest->inh_flags = 0; + + if (inh_flags & X509_VP_FLAG_LOCKED) + return 1; + + if (inh_flags & X509_VP_FLAG_DEFAULT) + to_default = 1; + else + to_default = 0; + + if (inh_flags & X509_VP_FLAG_OVERWRITE) + to_overwrite = 1; + else + to_overwrite = 0; + + x509_verify_param_copy(purpose, 0); + x509_verify_param_copy(trust, 0); + x509_verify_param_copy(depth, -1); + + /* If overwrite or check time not set, copy across */ + + if (to_overwrite || !(dest->flags & X509_V_FLAG_USE_CHECK_TIME)) { + dest->check_time = src->check_time; + dest->flags &= ~X509_V_FLAG_USE_CHECK_TIME; + /* Don't need to copy flag: that is done below */ + } + + if (inh_flags & X509_VP_FLAG_RESET_FLAGS) + dest->flags = 0; + + dest->flags |= src->flags; + + if (test_x509_verify_param_copy(policies, NULL)) { + if (!X509_VERIFY_PARAM_set1_policies(dest, src->policies)) + return 0; + } + + /* Copy the host flags if and only if we're copying the host list */ + if (test_x509_verify_param_copy_id(hosts, NULL)) { + if (dest->id->hosts) { + string_stack_free(dest->id->hosts); + dest->id->hosts = NULL; + } + if (id->hosts) { + dest->id->hosts = + sk_deep_copy(id->hosts, strdup, str_free); + if (dest->id->hosts == NULL) + return 0; + dest->id->hostflags = id->hostflags; + } + } + + if (test_x509_verify_param_copy_id(email, NULL)) { + if (!X509_VERIFY_PARAM_set1_email(dest, id->email, + id->emaillen)) + return 0; + } + + if (test_x509_verify_param_copy_id(ip, NULL)) { + if (!X509_VERIFY_PARAM_set1_ip(dest, id->ip, id->iplen)) + return 0; + } + + return 1; +} + +int +X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to, const X509_VERIFY_PARAM *from) +{ + unsigned long save_flags = to->inh_flags; + int ret; + + to->inh_flags |= X509_VP_FLAG_DEFAULT; + ret = X509_VERIFY_PARAM_inherit(to, from); + to->inh_flags = save_flags; + return ret; +} + +static int +x509_param_set1_internal(char **pdest, size_t *pdestlen, const char *src, + size_t srclen, int nonul) +{ + char *tmp; + + if (src == NULL) + return 0; + + if (srclen == 0) { + srclen = strlen(src); + if (srclen == 0) + return 0; + if ((tmp = strdup(src)) == NULL) + return 0; + } else { + if (nonul && memchr(src, '\0', srclen)) + return 0; + if ((tmp = malloc(srclen)) == NULL) + return 0; + memcpy(tmp, src, srclen); + } + + if (*pdest) + free(*pdest); + *pdest = tmp; + if (pdestlen) + *pdestlen = srclen; + return 1; +} + +int +X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name) +{ + free(param->name); + param->name = NULL; + if (name == NULL) + return 1; + param->name = strdup(name); + if (param->name) + return 1; + return 0; +} + +int +X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags) +{ + param->flags |= flags; + if (flags & X509_V_FLAG_POLICY_MASK) + param->flags |= X509_V_FLAG_POLICY_CHECK; + return 1; +} + +int +X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, unsigned long flags) +{ + param->flags &= ~flags; + return 1; +} + +unsigned long +X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param) +{ + return param->flags; +} + +int +X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose) +{ + return X509_PURPOSE_set(¶m->purpose, purpose); +} + +int +X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust) +{ + return X509_TRUST_set(¶m->trust, trust); +} + +void +X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth) +{ + param->depth = depth; +} + +void +X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t) +{ + param->check_time = t; + param->flags |= X509_V_FLAG_USE_CHECK_TIME; +} + +int +X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, ASN1_OBJECT *policy) +{ + if (!param->policies) { + param->policies = sk_ASN1_OBJECT_new_null(); + if (!param->policies) + return 0; + } + if (!sk_ASN1_OBJECT_push(param->policies, policy)) + return 0; + return 1; +} + +int +X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, + STACK_OF(ASN1_OBJECT) *policies) +{ + int i; + ASN1_OBJECT *oid, *doid; + + if (!param) + return 0; + if (param->policies) + sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); + + if (!policies) { + param->policies = NULL; + return 1; + } + + param->policies = sk_ASN1_OBJECT_new_null(); + if (!param->policies) + return 0; + + for (i = 0; i < sk_ASN1_OBJECT_num(policies); i++) { + oid = sk_ASN1_OBJECT_value(policies, i); + doid = OBJ_dup(oid); + if (!doid) + return 0; + if (!sk_ASN1_OBJECT_push(param->policies, doid)) { + ASN1_OBJECT_free(doid); + return 0; + } + } + param->flags |= X509_V_FLAG_POLICY_CHECK; + return 1; +} + +int +X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param, + const char *name, size_t namelen) +{ + if (x509_param_set_hosts_internal(param->id, SET_HOST, name, namelen)) + return 1; + param->id->poisoned = 1; + return 0; +} + +int +X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param, + const char *name, size_t namelen) +{ + if (x509_param_set_hosts_internal(param->id, ADD_HOST, name, namelen)) + return 1; + param->id->poisoned = 1; + return 0; +} + +void +X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param, unsigned int flags) +{ + param->id->hostflags = flags; +} + +char * +X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param) +{ + return param->id->peername; +} + +int +X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param, const char *email, + size_t emaillen) +{ + if (x509_param_set1_internal(¶m->id->email, ¶m->id->emaillen, + email, emaillen, 1)) + return 1; + param->id->poisoned = 1; + return 0; +} + +int +X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, const unsigned char *ip, + size_t iplen) +{ + if (iplen != 4 && iplen != 16) + goto err; + if (x509_param_set1_internal((char **)¶m->id->ip, ¶m->id->iplen, + (char *)ip, iplen, 0)) + return 1; + err: + param->id->poisoned = 1; + return 0; +} + +int +X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc) +{ + unsigned char ipout[16]; + size_t iplen; + + iplen = (size_t)a2i_ipadd(ipout, ipasc); + return X509_VERIFY_PARAM_set1_ip(param, ipout, iplen); +} + +int +X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param) +{ + return param->depth; +} + +const char * +X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param) +{ + return param->name; +} + +static const X509_VERIFY_PARAM_ID _empty_id = { NULL }; + +#define vpm_empty_id (X509_VERIFY_PARAM_ID *)&_empty_id + +/* + * Default verify parameters: these are used for various applications and can + * be overridden by the user specified table. + */ + +static const X509_VERIFY_PARAM default_table[] = { + { + .name = "default", + .depth = 100, + .trust = 0, /* XXX This is not the default trust value */ + .id = vpm_empty_id + }, + { + .name = "pkcs7", + .purpose = X509_PURPOSE_SMIME_SIGN, + .trust = X509_TRUST_EMAIL, + .depth = -1, + .id = vpm_empty_id + }, + { + .name = "smime_sign", + .purpose = X509_PURPOSE_SMIME_SIGN, + .trust = X509_TRUST_EMAIL, + .depth = -1, + .id = vpm_empty_id + }, + { + .name = "ssl_client", + .purpose = X509_PURPOSE_SSL_CLIENT, + .trust = X509_TRUST_SSL_CLIENT, + .depth = -1, + .id = vpm_empty_id + }, + { + .name = "ssl_server", + .purpose = X509_PURPOSE_SSL_SERVER, + .trust = X509_TRUST_SSL_SERVER, + .depth = -1, + .id = vpm_empty_id + } +}; + +static STACK_OF(X509_VERIFY_PARAM) *param_table = NULL; + +static int +param_cmp(const X509_VERIFY_PARAM * const *a, + const X509_VERIFY_PARAM * const *b) +{ + return strcmp((*a)->name, (*b)->name); +} + +int +X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param) +{ + X509_VERIFY_PARAM *ptmp; + if (!param_table) { + param_table = sk_X509_VERIFY_PARAM_new(param_cmp); + if (!param_table) + return 0; + } else { + size_t idx; + + if ((idx = sk_X509_VERIFY_PARAM_find(param_table, param)) + != -1) { + ptmp = sk_X509_VERIFY_PARAM_value(param_table, + idx); + X509_VERIFY_PARAM_free(ptmp); + (void)sk_X509_VERIFY_PARAM_delete(param_table, + idx); + } + } + if (!sk_X509_VERIFY_PARAM_push(param_table, param)) + return 0; + return 1; +} + +int +X509_VERIFY_PARAM_get_count(void) +{ + int num = sizeof(default_table) / sizeof(X509_VERIFY_PARAM); + if (param_table) + num += sk_X509_VERIFY_PARAM_num(param_table); + return num; +} + +const +X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id) +{ + int num = sizeof(default_table) / sizeof(X509_VERIFY_PARAM); + if (id < num) + return default_table + id; + return sk_X509_VERIFY_PARAM_value(param_table, id - num); +} + +const +X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name) +{ + X509_VERIFY_PARAM pm; + unsigned int i, limit; + + pm.name = (char *)name; + if (param_table) { + size_t idx; + if ((idx = sk_X509_VERIFY_PARAM_find(param_table, &pm)) != -1) + return sk_X509_VERIFY_PARAM_value(param_table, idx); + } + + limit = sizeof(default_table) / sizeof(X509_VERIFY_PARAM); + for (i = 0; i < limit; i++) { + if (strcmp(default_table[i].name, name) == 0) { + return &default_table[i]; + } + } + return NULL; +} + +void +X509_VERIFY_PARAM_table_cleanup(void) +{ + if (param_table) + sk_X509_VERIFY_PARAM_pop_free(param_table, + X509_VERIFY_PARAM_free); + param_table = NULL; +} diff --git a/src/lib/libcrypto/x509/x509cset.c b/src/lib/libcrypto/x509/x509cset.c index 6cac440ea93..182dd8a9542 100644 --- a/src/lib/libcrypto/x509/x509cset.c +++ b/src/lib/libcrypto/x509/x509cset.c @@ -1,5 +1,5 @@ -/* crypto/x509/x509cset.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: x509cset.c,v 1.14 2018/02/22 17:01:44 jsing Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2001. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,113 +57,154 @@ */ #include -#include "cryptlib.h" + #include -#include #include +#include #include -int X509_CRL_set_version(X509_CRL *x, long version) - { - if (x == NULL) return(0); - if (x->crl->version == NULL) - { - if ((x->crl->version=M_ASN1_INTEGER_new()) == NULL) - return(0); - } - return(ASN1_INTEGER_set(x->crl->version,version)); - } +int +X509_CRL_up_ref(X509_CRL *x) +{ + int refs = CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_CRL); + return (refs > 1) ? 1 : 0; +} -int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name) - { - if ((x == NULL) || (x->crl == NULL)) return(0); - return(X509_NAME_set(&x->crl->issuer,name)); +int +X509_CRL_set_version(X509_CRL *x, long version) +{ + if (x == NULL) + return (0); + if (x->crl->version == NULL) { + if ((x->crl->version = ASN1_INTEGER_new()) == NULL) + return (0); } + return (ASN1_INTEGER_set(x->crl->version, version)); +} +int +X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name) +{ + if ((x == NULL) || (x->crl == NULL)) + return (0); + return (X509_NAME_set(&x->crl->issuer, name)); +} -int X509_CRL_set_lastUpdate(X509_CRL *x, ASN1_TIME *tm) - { +int +X509_CRL_set_lastUpdate(X509_CRL *x, const ASN1_TIME *tm) +{ ASN1_TIME *in; - if (x == NULL) return(0); - in=x->crl->lastUpdate; - if (in != tm) - { - in=M_ASN1_TIME_dup(tm); - if (in != NULL) - { - M_ASN1_TIME_free(x->crl->lastUpdate); - x->crl->lastUpdate=in; - } + if (x == NULL) + return (0); + in = x->crl->lastUpdate; + if (in != tm) { + in = ASN1_STRING_dup(tm); + if (in != NULL) { + ASN1_TIME_free(x->crl->lastUpdate); + x->crl->lastUpdate = in; } - return(in != NULL); } + return (in != NULL); +} + +int +X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm) +{ + return X509_CRL_set_lastUpdate(x, tm); +} -int X509_CRL_set_nextUpdate(X509_CRL *x, ASN1_TIME *tm) - { +int +X509_CRL_set_nextUpdate(X509_CRL *x, const ASN1_TIME *tm) +{ ASN1_TIME *in; - if (x == NULL) return(0); - in=x->crl->nextUpdate; - if (in != tm) - { - in=M_ASN1_TIME_dup(tm); - if (in != NULL) - { - M_ASN1_TIME_free(x->crl->nextUpdate); - x->crl->nextUpdate=in; - } + if (x == NULL) + return (0); + in = x->crl->nextUpdate; + if (in != tm) { + in = ASN1_STRING_dup(tm); + if (in != NULL) { + ASN1_TIME_free(x->crl->nextUpdate); + x->crl->nextUpdate = in; } - return(in != NULL); } + return (in != NULL); +} + +int +X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm) +{ + return X509_CRL_set_nextUpdate(x, tm); +} -int X509_CRL_sort(X509_CRL *c) - { +int +X509_CRL_sort(X509_CRL *c) +{ int i; X509_REVOKED *r; + /* sort the data so it will be written in serial * number order */ sk_X509_REVOKED_sort(c->crl->revoked); - for (i=0; icrl->revoked); i++) - { - r=sk_X509_REVOKED_value(c->crl->revoked,i); - r->sequence=i; - } - return 1; + for (i = 0; i < sk_X509_REVOKED_num(c->crl->revoked); i++) { + r = sk_X509_REVOKED_value(c->crl->revoked, i); + r->sequence = i; } + c->crl->enc.modified = 1; + return 1; +} + +const STACK_OF(X509_EXTENSION) * +X509_REVOKED_get0_extensions(const X509_REVOKED *x) +{ + return x->extensions; +} + +const ASN1_TIME * +X509_REVOKED_get0_revocationDate(const X509_REVOKED *x) +{ + return x->revocationDate; +} + +const ASN1_INTEGER * +X509_REVOKED_get0_serialNumber(const X509_REVOKED *x) +{ + return x->serialNumber; +} -int X509_REVOKED_set_revocationDate(X509_REVOKED *x, ASN1_TIME *tm) - { +int +X509_REVOKED_set_revocationDate(X509_REVOKED *x, ASN1_TIME *tm) +{ ASN1_TIME *in; - if (x == NULL) return(0); - in=x->revocationDate; - if (in != tm) - { - in=M_ASN1_TIME_dup(tm); - if (in != NULL) - { - M_ASN1_TIME_free(x->revocationDate); - x->revocationDate=in; - } + if (x == NULL) + return (0); + in = x->revocationDate; + if (in != tm) { + in = ASN1_STRING_dup(tm); + if (in != NULL) { + ASN1_TIME_free(x->revocationDate); + x->revocationDate = in; } - return(in != NULL); } + return (in != NULL); +} -int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial) - { +int +X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial) +{ ASN1_INTEGER *in; - if (x == NULL) return(0); - in=x->serialNumber; - if (in != serial) - { - in=M_ASN1_INTEGER_dup(serial); - if (in != NULL) - { - M_ASN1_INTEGER_free(x->serialNumber); - x->serialNumber=in; - } + if (x == NULL) + return (0); + in = x->serialNumber; + if (in != serial) { + in = ASN1_INTEGER_dup(serial); + if (in != NULL) { + ASN1_INTEGER_free(x->serialNumber); + x->serialNumber = in; } - return(in != NULL); } + return (in != NULL); +} diff --git a/src/lib/libcrypto/x509/x509name.c b/src/lib/libcrypto/x509/x509name.c index 4c20e03eced..3649d6ab7cd 100644 --- a/src/lib/libcrypto/x509/x509name.c +++ b/src/lib/libcrypto/x509/x509name.c @@ -1,25 +1,25 @@ -/* crypto/x509/x509name.c */ +/* $OpenBSD: x509name.c,v 1.26 2018/05/30 15:35:45 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,105 +57,122 @@ */ #include -#include -#include "cryptlib.h" +#include + #include -#include +#include #include +#include +#include #include -int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len) - { +int +X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len) +{ ASN1_OBJECT *obj; - obj=OBJ_nid2obj(nid); - if (obj == NULL) return(-1); - return(X509_NAME_get_text_by_OBJ(name,obj,buf,len)); - } + obj = OBJ_nid2obj(nid); + if (obj == NULL) + return (-1); + return (X509_NAME_get_text_by_OBJ(name, obj, buf, len)); +} -int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf, - int len) - { +int +X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, char *buf, + int len) +{ int i; ASN1_STRING *data; - i=X509_NAME_get_index_by_OBJ(name,obj,-1); - if (i < 0) return(-1); - data=X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name,i)); - i=(data->length > (len-1))?(len-1):data->length; - if (buf == NULL) return(data->length); - memcpy(buf,data->data,i); - buf[i]='\0'; - return(i); + i = X509_NAME_get_index_by_OBJ(name, obj, -1); + if (i < 0) + return (-1); + data = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, i)); + i = (data->length > (len - 1)) ? (len - 1) : data->length; + if (buf == NULL) + return (data->length); + if (i >= 0) { + memcpy(buf, data->data, i); + buf[i] = '\0'; } + return (i); +} -int X509_NAME_entry_count(X509_NAME *name) - { - if (name == NULL) return(0); - return(sk_X509_NAME_ENTRY_num(name->entries)); - } +int +X509_NAME_entry_count(const X509_NAME *name) +{ + if (name == NULL) + return (0); + return (sk_X509_NAME_ENTRY_num(name->entries)); +} -int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos) - { +int +X509_NAME_get_index_by_NID(const X509_NAME *name, int nid, int lastpos) +{ ASN1_OBJECT *obj; - obj=OBJ_nid2obj(nid); - if (obj == NULL) return(-2); - return(X509_NAME_get_index_by_OBJ(name,obj,lastpos)); - } + obj = OBJ_nid2obj(nid); + if (obj == NULL) + return (-2); + return (X509_NAME_get_index_by_OBJ(name, obj, lastpos)); +} /* NOTE: you should be passsing -1, not 0 as lastpos */ -int X509_NAME_get_index_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, - int lastpos) - { +int +X509_NAME_get_index_by_OBJ(const X509_NAME *name, const ASN1_OBJECT *obj, + int lastpos) +{ int n; X509_NAME_ENTRY *ne; STACK_OF(X509_NAME_ENTRY) *sk; - if (name == NULL) return(-1); + if (name == NULL) + return (-1); if (lastpos < 0) - lastpos= -1; - sk=name->entries; - n=sk_X509_NAME_ENTRY_num(sk); - for (lastpos++; lastpos < n; lastpos++) - { - ne=sk_X509_NAME_ENTRY_value(sk,lastpos); - if (OBJ_cmp(ne->object,obj) == 0) - return(lastpos); - } - return(-1); + lastpos = -1; + sk = name->entries; + n = sk_X509_NAME_ENTRY_num(sk); + for (lastpos++; lastpos < n; lastpos++) { + ne = sk_X509_NAME_ENTRY_value(sk, lastpos); + if (OBJ_cmp(ne->object, obj) == 0) + return (lastpos); } + return (-1); +} -X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc) - { - if(name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc - || loc < 0) - return(NULL); +X509_NAME_ENTRY * +X509_NAME_get_entry(const X509_NAME *name, int loc) +{ + if (name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc || + loc < 0) + return (NULL); else - return(sk_X509_NAME_ENTRY_value(name->entries,loc)); - } + return (sk_X509_NAME_ENTRY_value(name->entries, loc)); +} -X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc) - { +X509_NAME_ENTRY * +X509_NAME_delete_entry(X509_NAME *name, int loc) +{ X509_NAME_ENTRY *ret; - int i,n,set_prev,set_next; + int i, n, set_prev, set_next; STACK_OF(X509_NAME_ENTRY) *sk; - if (name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc - || loc < 0) - return(NULL); - sk=name->entries; - ret=sk_X509_NAME_ENTRY_delete(sk,loc); - n=sk_X509_NAME_ENTRY_num(sk); - name->modified=1; - if (loc == n) return(ret); + if (name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc || + loc < 0) + return (NULL); + sk = name->entries; + ret = sk_X509_NAME_ENTRY_delete(sk, loc); + n = sk_X509_NAME_ENTRY_num(sk); + name->modified = 1; + if (loc == n) + return (ret); /* else we need to fixup the set field */ if (loc != 0) - set_prev=(sk_X509_NAME_ENTRY_value(sk,loc-1))->set; + set_prev = (sk_X509_NAME_ENTRY_value(sk, loc - 1))->set; else - set_prev=ret->set-1; - set_next=sk_X509_NAME_ENTRY_value(sk,loc)->set; + set_prev = ret->set - 1; + set_next = sk_X509_NAME_ENTRY_value(sk, loc)->set; /* set_prev is the previous set * set is the current set @@ -165,43 +182,52 @@ X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc) * next 1 1 2 2 2 2 3 2 * so basically only if prev and next differ by 2, then * re-number down by 1 */ - if (set_prev+1 < set_next) - for (i=loc; iset--; - return(ret); - } + if (set_prev + 1 < set_next) + for (i = loc; i < n; i++) + sk_X509_NAME_ENTRY_value(sk, i)->set--; + return (ret); +} -int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, - unsigned char *bytes, int len, int loc, int set) +int +X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len, int loc, int set) { X509_NAME_ENTRY *ne; int ret; + ne = X509_NAME_ENTRY_create_by_OBJ(NULL, obj, type, bytes, len); - if(!ne) return 0; + if (!ne) + return 0; ret = X509_NAME_add_entry(name, ne, loc, set); X509_NAME_ENTRY_free(ne); return ret; } -int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, - unsigned char *bytes, int len, int loc, int set) +int +X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, + const unsigned char *bytes, int len, int loc, int set) { X509_NAME_ENTRY *ne; int ret; + ne = X509_NAME_ENTRY_create_by_NID(NULL, nid, type, bytes, len); - if(!ne) return 0; + if (!ne) + return 0; ret = X509_NAME_add_entry(name, ne, loc, set); X509_NAME_ENTRY_free(ne); return ret; } -int X509_NAME_add_entry_by_txt(X509_NAME *name, char *field, int type, - unsigned char *bytes, int len, int loc, int set) +int +X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, + const unsigned char *bytes, int len, int loc, int set) { X509_NAME_ENTRY *ne; int ret; + ne = X509_NAME_ENTRY_create_by_txt(NULL, field, type, bytes, len); - if(!ne) return 0; + if (!ne) + return 0; ret = X509_NAME_add_entry(name, ne, loc, set); X509_NAME_ENTRY_free(ne); return ret; @@ -209,175 +235,179 @@ int X509_NAME_add_entry_by_txt(X509_NAME *name, char *field, int type, /* if set is -1, append to previous set, 0 'a new one', and 1, * prepend to the guy we are about to stomp on. */ -int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc, - int set) - { - X509_NAME_ENTRY *new_name=NULL; - int n,i,inc; +int +X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne, int loc, + int set) +{ + X509_NAME_ENTRY *new_name = NULL; + int n, i, inc; STACK_OF(X509_NAME_ENTRY) *sk; - if (name == NULL) return(0); - sk=name->entries; - n=sk_X509_NAME_ENTRY_num(sk); - if (loc > n) loc=n; - else if (loc < 0) loc=n; - - name->modified=1; - - if (set == -1) - { - if (loc == 0) - { - set=0; - inc=1; - } - else - { - set=sk_X509_NAME_ENTRY_value(sk,loc-1)->set; - inc=0; - } - } - else /* if (set >= 0) */ - { - if (loc >= n) - { + if (name == NULL) + return (0); + sk = name->entries; + n = sk_X509_NAME_ENTRY_num(sk); + if (loc > n) + loc = n; + else if (loc < 0) + loc = n; + inc = (set == 0); + name->modified = 1; + + if (set == -1) { + if (loc == 0) { + set = 0; + inc = 1; + } else + set = sk_X509_NAME_ENTRY_value(sk, loc - 1)->set; + } else /* if (set >= 0) */ { + if (loc >= n) { if (loc != 0) - set=sk_X509_NAME_ENTRY_value(sk,loc-1)->set+1; + set = sk_X509_NAME_ENTRY_value(sk, loc - 1)->set + 1; else - set=0; - } - else - set=sk_X509_NAME_ENTRY_value(sk,loc)->set; - inc=(set == 0)?1:0; - } + set = 0; + } else + set = sk_X509_NAME_ENTRY_value(sk, loc)->set; + } - if ((new_name=X509_NAME_ENTRY_dup(ne)) == NULL) + /* OpenSSL has ASN1-generated X509_NAME_ENTRY_dup() without const. */ + if ((new_name = X509_NAME_ENTRY_dup((X509_NAME_ENTRY *)ne)) == NULL) goto err; - new_name->set=set; - if (!sk_X509_NAME_ENTRY_insert(sk,new_name,loc)) - { - X509err(X509_F_X509_NAME_ADD_ENTRY,ERR_R_MALLOC_FAILURE); + new_name->set = set; + if (!sk_X509_NAME_ENTRY_insert(sk, new_name, loc)) { + X509error(ERR_R_MALLOC_FAILURE); goto err; - } - if (inc) - { - n=sk_X509_NAME_ENTRY_num(sk); - for (i=loc+1; iset+=1; - } - return(1); + } + if (inc) { + n = sk_X509_NAME_ENTRY_num(sk); + for (i = loc + 1; i < n; i++) + sk_X509_NAME_ENTRY_value(sk, i)->set += 1; + } + return (1); + err: if (new_name != NULL) X509_NAME_ENTRY_free(new_name); - return(0); - } + return (0); +} -X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, - char *field, int type, unsigned char *bytes, int len) - { +X509_NAME_ENTRY * +X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, + const char *field, int type, const unsigned char *bytes, int len) +{ ASN1_OBJECT *obj; X509_NAME_ENTRY *nentry; - obj=OBJ_txt2obj(field, 0); - if (obj == NULL) - { - X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT, - X509_R_INVALID_FIELD_NAME); - ERR_add_error_data(2, "name=", field); - return(NULL); - } - nentry = X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len); + obj = OBJ_txt2obj(field, 0); + if (obj == NULL) { + X509error(X509_R_INVALID_FIELD_NAME); + ERR_asprintf_error_data("name=%s", field); + return (NULL); + } + nentry = X509_NAME_ENTRY_create_by_OBJ(ne, obj, type, bytes, len); ASN1_OBJECT_free(obj); return nentry; - } +} -X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, - int type, unsigned char *bytes, int len) - { +X509_NAME_ENTRY * +X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, int type, + const unsigned char *bytes, int len) +{ ASN1_OBJECT *obj; X509_NAME_ENTRY *nentry; - obj=OBJ_nid2obj(nid); - if (obj == NULL) - { - X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_NID,X509_R_UNKNOWN_NID); - return(NULL); - } - nentry = X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len); + obj = OBJ_nid2obj(nid); + if (obj == NULL) { + X509error(X509_R_UNKNOWN_NID); + return (NULL); + } + nentry = X509_NAME_ENTRY_create_by_OBJ(ne, obj, type, bytes, len); ASN1_OBJECT_free(obj); return nentry; - } +} -X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, - ASN1_OBJECT *obj, int type, unsigned char *bytes, int len) - { +X509_NAME_ENTRY * +X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, const ASN1_OBJECT *obj, + int type, const unsigned char *bytes, int len) +{ X509_NAME_ENTRY *ret; - if ((ne == NULL) || (*ne == NULL)) - { - if ((ret=X509_NAME_ENTRY_new()) == NULL) - return(NULL); - } - else + if ((ne == NULL) || (*ne == NULL)) { + if ((ret = X509_NAME_ENTRY_new()) == NULL) + return (NULL); + } else ret= *ne; - if (!X509_NAME_ENTRY_set_object(ret,obj)) + if (!X509_NAME_ENTRY_set_object(ret, obj)) goto err; - if (!X509_NAME_ENTRY_set_data(ret,type,bytes,len)) + if (!X509_NAME_ENTRY_set_data(ret, type, bytes, len)) goto err; - if ((ne != NULL) && (*ne == NULL)) *ne=ret; - return(ret); + if ((ne != NULL) && (*ne == NULL)) + *ne = ret; + return (ret); + err: if ((ne == NULL) || (ret != *ne)) X509_NAME_ENTRY_free(ret); - return(NULL); - } + return (NULL); +} -int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj) - { - if ((ne == NULL) || (obj == NULL)) - { - X509err(X509_F_X509_NAME_ENTRY_SET_OBJECT,ERR_R_PASSED_NULL_PARAMETER); - return(0); - } - ASN1_OBJECT_free(ne->object); - ne->object=OBJ_dup(obj); - return((ne->object == NULL)?0:1); +int +X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj) +{ + if ((ne == NULL) || (obj == NULL)) { + X509error(ERR_R_PASSED_NULL_PARAMETER); + return (0); } + ASN1_OBJECT_free(ne->object); + ne->object = OBJ_dup(obj); + return ((ne->object == NULL) ? 0 : 1); +} -int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, - unsigned char *bytes, int len) - { +int +X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, + const unsigned char *bytes, int len) +{ int i; - if ((ne == NULL) || ((bytes == NULL) && (len != 0))) return(0); - if((type > 0) && (type & MBSTRING_FLAG)) - return ASN1_STRING_set_by_NID(&ne->value, bytes, - len, type, - OBJ_obj2nid(ne->object)) ? 1 : 0; - if (len < 0) len=strlen((char *)bytes); - i=ASN1_STRING_set(ne->value,bytes,len); - if (!i) return(0); - if (type != V_ASN1_UNDEF) - { + if ((ne == NULL) || ((bytes == NULL) && (len != 0))) + return (0); + if ((type > 0) && (type & MBSTRING_FLAG)) + return ASN1_STRING_set_by_NID(&ne->value, bytes, len, type, + OBJ_obj2nid(ne->object)) ? 1 : 0; + if (len < 0) + len = strlen((const char *)bytes); + i = ASN1_STRING_set(ne->value, bytes, len); + if (!i) + return (0); + if (type != V_ASN1_UNDEF) { if (type == V_ASN1_APP_CHOOSE) - ne->value->type=ASN1_PRINTABLE_type(bytes,len); + ne->value->type = ASN1_PRINTABLE_type(bytes, len); else - ne->value->type=type; - } - return(1); + ne->value->type = type; } + return (1); +} -ASN1_OBJECT *X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne) - { - if (ne == NULL) return(NULL); - return(ne->object); - } +ASN1_OBJECT * +X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne) +{ + if (ne == NULL) + return (NULL); + return (ne->object); +} -ASN1_STRING *X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne) - { - if (ne == NULL) return(NULL); - return(ne->value); - } +ASN1_STRING * +X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne) +{ + if (ne == NULL) + return (NULL); + return (ne->value); +} +int +X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne) +{ + return (ne->set); +} diff --git a/src/lib/libcrypto/x509/x509rset.c b/src/lib/libcrypto/x509/x509rset.c index d9f6b573729..de02a400389 100644 --- a/src/lib/libcrypto/x509/x509rset.c +++ b/src/lib/libcrypto/x509/x509rset.c @@ -1,25 +1,25 @@ -/* crypto/x509/x509rset.c */ +/* $OpenBSD: x509rset.c,v 1.7 2018/08/24 19:55:58 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,27 +57,44 @@ */ #include -#include "cryptlib.h" + #include -#include #include +#include #include -int X509_REQ_set_version(X509_REQ *x, long version) - { - if (x == NULL) return(0); - return(ASN1_INTEGER_set(x->req_info->version,version)); - } +int +X509_REQ_set_version(X509_REQ *x, long version) +{ + if (x == NULL) + return (0); + return (ASN1_INTEGER_set(x->req_info->version, version)); +} + +long +X509_REQ_get_version(const X509_REQ *x) +{ + return ASN1_INTEGER_get(x->req_info->version); +} -int X509_REQ_set_subject_name(X509_REQ *x, X509_NAME *name) - { - if ((x == NULL) || (x->req_info == NULL)) return(0); - return(X509_NAME_set(&x->req_info->subject,name)); - } +int +X509_REQ_set_subject_name(X509_REQ *x, X509_NAME *name) +{ + if ((x == NULL) || (x->req_info == NULL)) + return (0); + return (X509_NAME_set(&x->req_info->subject, name)); +} -int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey) - { - if ((x == NULL) || (x->req_info == NULL)) return(0); - return(X509_PUBKEY_set(&x->req_info->pubkey,pkey)); - } +X509_NAME * +X509_REQ_get_subject_name(const X509_REQ *x) +{ + return x->req_info->subject; +} +int +X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey) +{ + if ((x == NULL) || (x->req_info == NULL)) + return (0); + return (X509_PUBKEY_set(&x->req_info->pubkey, pkey)); +} diff --git a/src/lib/libcrypto/x509/x509spki.c b/src/lib/libcrypto/x509/x509spki.c index 4c3af946ec7..3a1c37cd864 100644 --- a/src/lib/libcrypto/x509/x509spki.c +++ b/src/lib/libcrypto/x509/x509spki.c @@ -1,5 +1,5 @@ -/* x509spki.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: x509spki.c,v 1.13 2017/01/29 17:49:23 beck Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,64 +57,75 @@ */ #include -#include "cryptlib.h" +#include + +#include #include -int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey) +int +NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey) { - if ((x == NULL) || (x->spkac == NULL)) return(0); - return(X509_PUBKEY_set(&(x->spkac->pubkey),pkey)); + if ((x == NULL) || (x->spkac == NULL)) + return (0); + return (X509_PUBKEY_set(&(x->spkac->pubkey), pkey)); } -EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x) +EVP_PKEY * +NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x) { if ((x == NULL) || (x->spkac == NULL)) - return(NULL); - return(X509_PUBKEY_get(x->spkac->pubkey)); + return (NULL); + return (X509_PUBKEY_get(x->spkac->pubkey)); } /* Load a Netscape SPKI from a base64 encoded string */ -NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len) +NETSCAPE_SPKI * +NETSCAPE_SPKI_b64_decode(const char *str, int len) { - unsigned char *spki_der, *p; + unsigned char *spki_der; + const unsigned char *p; int spki_len; NETSCAPE_SPKI *spki; - if(len <= 0) len = strlen(str); - if (!(spki_der = OPENSSL_malloc(len + 1))) { - X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, ERR_R_MALLOC_FAILURE); + + if (len <= 0) + len = strlen(str); + if (!(spki_der = malloc(len + 1))) { + X509error(ERR_R_MALLOC_FAILURE); return NULL; } spki_len = EVP_DecodeBlock(spki_der, (const unsigned char *)str, len); - if(spki_len < 0) { - X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, - X509_R_BASE64_DECODE_ERROR); - OPENSSL_free(spki_der); + if (spki_len < 0) { + X509error(X509_R_BASE64_DECODE_ERROR); + free(spki_der); return NULL; } p = spki_der; spki = d2i_NETSCAPE_SPKI(NULL, &p, spki_len); - OPENSSL_free(spki_der); + free(spki_der); return spki; } /* Generate a base64 encoded string from an SPKI */ -char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki) +char * +NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki) { unsigned char *der_spki, *p; char *b64_str; int der_len; der_len = i2d_NETSCAPE_SPKI(spki, NULL); - der_spki = OPENSSL_malloc(der_len); - b64_str = OPENSSL_malloc(der_len * 2); - if(!der_spki || !b64_str) { - X509err(X509_F_NETSCAPE_SPKI_B64_ENCODE, ERR_R_MALLOC_FAILURE); + der_spki = malloc(der_len); + b64_str = reallocarray(NULL, der_len, 2); + if (!der_spki || !b64_str) { + X509error(ERR_R_MALLOC_FAILURE); + free(der_spki); + free(b64_str); return NULL; } p = der_spki; i2d_NETSCAPE_SPKI(spki, &p); EVP_EncodeBlock((unsigned char *)b64_str, der_spki, der_len); - OPENSSL_free(der_spki); + free(der_spki); return b64_str; } diff --git a/src/lib/libcrypto/x509/x509type.c b/src/lib/libcrypto/x509/x509type.c index 8e78b344581..315a5c2326f 100644 --- a/src/lib/libcrypto/x509/x509type.c +++ b/src/lib/libcrypto/x509/x509type.c @@ -1,25 +1,25 @@ -/* crypto/x509/x509type.c */ +/* $OpenBSD: x509type.c,v 1.13 2018/05/30 15:59:33 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,58 +57,67 @@ */ #include -#include "cryptlib.h" + #include #include #include -int X509_certificate_type(X509 *x, EVP_PKEY *pkey) - { - EVP_PKEY *pk; - int ret=0,i; - - if (x == NULL) return(0); +int +X509_certificate_type(const X509 *x, const EVP_PKEY *pkey) +{ + const EVP_PKEY *pk = pkey; + int ret = 0, i; - if (pkey == NULL) - pk=X509_get_pubkey(x); - else - pk=pkey; + if (x == NULL) + return (0); - if (pk == NULL) return(0); + if (pk == NULL) { + if ((pk = X509_get0_pubkey(x)) == NULL) + return (0); + } - switch (pk->type) - { + switch (pk->type) { case EVP_PKEY_RSA: - ret=EVP_PK_RSA|EVP_PKT_SIGN; -/* if (!sign only extension) */ - ret|=EVP_PKT_ENC; - break; - case EVP_PKEY_DSA: - ret=EVP_PK_DSA|EVP_PKT_SIGN; + ret = EVP_PK_RSA|EVP_PKT_SIGN|EVP_PKT_ENC; break; - case EVP_PKEY_DH: - ret=EVP_PK_DH|EVP_PKT_EXCH; + case EVP_PKEY_DSA: + ret = EVP_PK_DSA|EVP_PKT_SIGN; break; - default: + case EVP_PKEY_EC: + ret = EVP_PK_EC|EVP_PKT_SIGN|EVP_PKT_EXCH; break; - } - - i=X509_get_signature_type(x); - switch (i) - { - case EVP_PKEY_RSA: - ret|=EVP_PKS_RSA; + case EVP_PKEY_DH: + ret = EVP_PK_DH|EVP_PKT_EXCH; break; - case EVP_PKS_DSA: - ret|=EVP_PKS_DSA; + case NID_id_GostR3410_94: + case NID_id_GostR3410_2001: + ret = EVP_PKT_EXCH|EVP_PKT_SIGN; break; default: break; - } + } - if (EVP_PKEY_size(pk) <= 512) - ret|=EVP_PKT_EXP; - if(pkey==NULL) EVP_PKEY_free(pk); - return(ret); + i = OBJ_obj2nid(x->sig_alg->algorithm); + if (i && OBJ_find_sigid_algs(i, NULL, &i)) { + switch (i) { + case NID_rsaEncryption: + case NID_rsa: + ret |= EVP_PKS_RSA; + break; + case NID_dsa: + case NID_dsa_2: + ret |= EVP_PKS_DSA; + break; + case NID_X9_62_id_ecPublicKey: + ret |= EVP_PKS_EC; + break; + default: + break; + } } + /* /8 because it's 1024 bits we look for, not bytes */ + if (EVP_PKEY_size(pk) <= 1024 / 8) + ret |= EVP_PKT_EXP; + return (ret); +} diff --git a/src/lib/libcrypto/x509/x_all.c b/src/lib/libcrypto/x509/x_all.c index fb5015cd4de..36c12b80e5e 100644 --- a/src/lib/libcrypto/x509/x_all.c +++ b/src/lib/libcrypto/x509/x_all.c @@ -1,25 +1,25 @@ -/* crypto/x509/x_all.c */ +/* $OpenBSD: x_all.c,v 1.23 2016/12/30 15:24:51 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,7 +49,7 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence @@ -57,432 +57,553 @@ */ #include -#undef SSLEAY_MACROS -#include -#include "cryptlib.h" -#include + +#include + #include +#include #include +#include #include -int X509_verify(X509 *a, EVP_PKEY *r) - { - return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF),a->sig_alg, - a->signature,a->cert_info,r)); - } - -int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r) - { - return( ASN1_item_verify(ASN1_ITEM_rptr(X509_REQ_INFO), - a->sig_alg,a->signature,a->req_info,r)); - } - -int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r) - { - return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO), - a->sig_alg, a->signature,a->crl,r)); - } - -int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r) - { - return(ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC), - a->sig_algor,a->signature,a->spkac,r)); - } - -int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) - { - return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), x->cert_info->signature, - x->sig_alg, x->signature, x->cert_info,pkey,md)); - } - -int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md) - { - return(ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO),x->sig_alg, NULL, - x->signature, x->req_info,pkey,md)); - } - -int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md) - { - return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO),x->crl->sig_alg, - x->sig_alg, x->signature, x->crl,pkey,md)); - } - -int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md) - { - return(ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), x->sig_algor,NULL, - x->signature, x->spkac,pkey,md)); - } - -#ifndef OPENSSL_NO_FP_API -X509 *d2i_X509_fp(FILE *fp, X509 **x509) - { - return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509), fp, x509); - } - -int i2d_X509_fp(FILE *fp, X509 *x509) - { - return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509), fp, x509); - } +#ifndef OPENSSL_NO_DSA +#include #endif - -X509 *d2i_X509_bio(BIO *bp, X509 **x509) - { - return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509), bp, x509); - } - -int i2d_X509_bio(BIO *bp, X509 *x509) - { - return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509), bp, x509); - } - -#ifndef OPENSSL_NO_FP_API -X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl) - { - return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl); - } - -int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl) - { - return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl); - } +#ifndef OPENSSL_NO_RSA +#include #endif -X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl) - { - return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl); - } - -int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl) - { - return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl); - } - -#ifndef OPENSSL_NO_FP_API -PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7) - { - return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS7), fp, p7); - } - -int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7) - { - return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS7), fp, p7); - } -#endif +X509 * +d2i_X509_bio(BIO *bp, X509 **x509) +{ + return ASN1_item_d2i_bio(&X509_it, bp, x509); +} -PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7) - { - return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS7), bp, p7); - } - -int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7) - { - return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS7), bp, p7); - } - -#ifndef OPENSSL_NO_FP_API -X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req) - { - return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ), fp, req); - } - -int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req) - { - return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_REQ), fp, req); - } -#endif +int +i2d_X509_bio(BIO *bp, X509 *x509) +{ + return ASN1_item_i2d_bio(&X509_it, bp, x509); +} + +X509 * +d2i_X509_fp(FILE *fp, X509 **x509) +{ + return ASN1_item_d2i_fp(&X509_it, fp, x509); +} + +int +i2d_X509_fp(FILE *fp, X509 *x509) +{ + return ASN1_item_i2d_fp(&X509_it, fp, x509); +} -X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req) - { - return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_REQ), bp, req); - } +X509_CRL * +d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl) +{ + return ASN1_item_d2i_bio(&X509_CRL_it, bp, crl); +} -int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req) - { - return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_REQ), bp, req); - } +int +i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl) +{ + return ASN1_item_i2d_bio(&X509_CRL_it, bp, crl); +} + +X509_CRL * +d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl) +{ + return ASN1_item_d2i_fp(&X509_CRL_it, fp, crl); +} + +int +i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl) +{ + return ASN1_item_i2d_fp(&X509_CRL_it, fp, crl); +} + +PKCS7 * +d2i_PKCS7_bio(BIO *bp, PKCS7 **p7) +{ + return ASN1_item_d2i_bio(&PKCS7_it, bp, p7); +} + +int +i2d_PKCS7_bio(BIO *bp, PKCS7 *p7) +{ + return ASN1_item_i2d_bio(&PKCS7_it, bp, p7); +} + +PKCS7 * +d2i_PKCS7_fp(FILE *fp, PKCS7 **p7) +{ + return ASN1_item_d2i_fp(&PKCS7_it, fp, p7); +} + +int +i2d_PKCS7_fp(FILE *fp, PKCS7 *p7) +{ + return ASN1_item_i2d_fp(&PKCS7_it, fp, p7); +} + +X509_REQ * +d2i_X509_REQ_bio(BIO *bp, X509_REQ **req) +{ + return ASN1_item_d2i_bio(&X509_REQ_it, bp, req); +} + +int +i2d_X509_REQ_bio(BIO *bp, X509_REQ *req) +{ + return ASN1_item_i2d_bio(&X509_REQ_it, bp, req); +} + +X509_REQ * +d2i_X509_REQ_fp(FILE *fp, X509_REQ **req) +{ + return ASN1_item_d2i_fp(&X509_REQ_it, fp, req); +} + +int +i2d_X509_REQ_fp(FILE *fp, X509_REQ *req) +{ + return ASN1_item_i2d_fp(&X509_REQ_it, fp, req); +} #ifndef OPENSSL_NO_RSA +RSA * +d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa) +{ + return ASN1_item_d2i_bio(&RSAPrivateKey_it, bp, rsa); +} -#ifndef OPENSSL_NO_FP_API -RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa) - { - return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa); - } - -int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa) - { - return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa); - } - -RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa) - { - return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa); - } - - -RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa) - { - return((RSA *)ASN1_d2i_fp((char *(*)()) - RSA_new,(char *(*)())d2i_RSA_PUBKEY, (fp), - (unsigned char **)(rsa))); - } - -int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa) - { - return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa); - } - -int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa) - { - return(ASN1_i2d_fp(i2d_RSA_PUBKEY,fp,(unsigned char *)rsa)); - } -#endif +int +i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa) +{ + return ASN1_item_i2d_bio(&RSAPrivateKey_it, bp, rsa); +} + +RSA * +d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa) +{ + return ASN1_item_d2i_fp(&RSAPrivateKey_it, fp, rsa); +} + +int +i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa) +{ + return ASN1_item_i2d_fp(&RSAPrivateKey_it, fp, rsa); +} + +RSA * +d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa) +{ + return ASN1_item_d2i_bio(&RSAPublicKey_it, bp, rsa); +} + +int +i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa) +{ + return ASN1_item_i2d_bio(&RSAPublicKey_it, bp, rsa); +} + +RSA * +d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa) +{ + return ASN1_item_d2i_fp(&RSAPublicKey_it, fp, rsa); +} + +int +i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa) +{ + return ASN1_item_i2d_fp(&RSAPublicKey_it, fp, rsa); +} + +RSA * +d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa) +{ + return ASN1_d2i_bio_of(RSA, RSA_new, d2i_RSA_PUBKEY, bp, rsa); +} + +int +i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa) +{ + return ASN1_i2d_bio_of(RSA, i2d_RSA_PUBKEY, bp, rsa); +} + +int +i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa) +{ + return ASN1_i2d_fp((I2D_OF(void))i2d_RSA_PUBKEY, fp, rsa); +} -RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa) - { - return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa); - } - -int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa) - { - return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa); - } - -RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa) - { - return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa); - } - - -RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa) - { - return((RSA *)ASN1_d2i_bio((char *(*)()) - RSA_new,(char *(*)())d2i_RSA_PUBKEY, (bp), - (unsigned char **)(rsa))); - } - -int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa) - { - return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa); - } - -int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa) - { - return(ASN1_i2d_bio(i2d_RSA_PUBKEY,bp,(unsigned char *)rsa)); - } +RSA * +d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa) +{ + return ASN1_d2i_fp((void *(*)(void))RSA_new, + (D2I_OF(void))d2i_RSA_PUBKEY, fp, (void **)rsa); +} #endif #ifndef OPENSSL_NO_DSA -#ifndef OPENSSL_NO_FP_API -DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa) - { - return((DSA *)ASN1_d2i_fp((char *(*)()) - DSA_new,(char *(*)())d2i_DSAPrivateKey, (fp), - (unsigned char **)(dsa))); - } - -int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa) - { - return(ASN1_i2d_fp(i2d_DSAPrivateKey,fp,(unsigned char *)dsa)); - } - -DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa) - { - return((DSA *)ASN1_d2i_fp((char *(*)()) - DSA_new,(char *(*)())d2i_DSA_PUBKEY, (fp), - (unsigned char **)(dsa))); - } - -int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa) - { - return(ASN1_i2d_fp(i2d_DSA_PUBKEY,fp,(unsigned char *)dsa)); - } -#endif +DSA * +d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa) +{ + return ASN1_item_d2i_bio(&DSAPrivateKey_it, bp, dsa); +} -DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa) - { - return((DSA *)ASN1_d2i_bio((char *(*)()) - DSA_new,(char *(*)())d2i_DSAPrivateKey, (bp), - (unsigned char **)(dsa))); - } - -int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa) - { - return(ASN1_i2d_bio(i2d_DSAPrivateKey,bp,(unsigned char *)dsa)); - } - -DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa) - { - return((DSA *)ASN1_d2i_bio((char *(*)()) - DSA_new,(char *(*)())d2i_DSA_PUBKEY, (bp), - (unsigned char **)(dsa))); - } - -int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa) - { - return(ASN1_i2d_bio(i2d_DSA_PUBKEY,bp,(unsigned char *)dsa)); - } +int +i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa) +{ + return ASN1_item_i2d_bio(&DSAPrivateKey_it, bp, dsa); +} -#endif +DSA * +d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa) +{ + return ASN1_item_d2i_fp(&DSAPrivateKey_it, fp, dsa); +} -int X509_pubkey_digest(const X509 *data, const EVP_MD *type, unsigned char *md, - unsigned int *len) - { - ASN1_BIT_STRING *key; - key = X509_get0_pubkey_bitstr(data); - if(!key) return 0; - return EVP_Digest(key->data, key->length, md, len, type, NULL); - } - -int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md, - unsigned int *len) - { - return(ASN1_item_digest(ASN1_ITEM_rptr(X509),type,(char *)data,md,len)); - } - -int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md, - unsigned int *len) - { - return(ASN1_item_digest(ASN1_ITEM_rptr(X509_CRL),type,(char *)data,md,len)); - } - -int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, unsigned char *md, - unsigned int *len) - { - return(ASN1_item_digest(ASN1_ITEM_rptr(X509_REQ),type,(char *)data,md,len)); - } - -int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, unsigned char *md, - unsigned int *len) - { - return(ASN1_item_digest(ASN1_ITEM_rptr(X509_NAME),type,(char *)data,md,len)); - } - -int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, const EVP_MD *type, - unsigned char *md, unsigned int *len) - { - return(ASN1_item_digest(ASN1_ITEM_rptr(PKCS7_ISSUER_AND_SERIAL),type, - (char *)data,md,len)); - } - - -#ifndef OPENSSL_NO_FP_API -X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8) - { - return((X509_SIG *)ASN1_d2i_fp((char *(*)())X509_SIG_new, - (char *(*)())d2i_X509_SIG, (fp),(unsigned char **)(p8))); - } - -int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8) - { - return(ASN1_i2d_fp(i2d_X509_SIG,fp,(unsigned char *)p8)); - } +int +i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa) +{ + return ASN1_item_i2d_fp(&DSAPrivateKey_it, fp, dsa); +} + +DSA * +d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa) +{ + return ASN1_d2i_bio_of(DSA, DSA_new, d2i_DSA_PUBKEY, bp, dsa); +} + +int +i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa) +{ + return ASN1_i2d_bio_of(DSA, i2d_DSA_PUBKEY, bp, dsa); +} + +DSA * +d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa) +{ + return ASN1_d2i_fp_of(DSA, DSA_new, d2i_DSA_PUBKEY, fp, dsa); +} + +int +i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa) +{ + return ASN1_i2d_fp_of(DSA, i2d_DSA_PUBKEY, fp, dsa); +} #endif -X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8) - { - return((X509_SIG *)ASN1_d2i_bio((char *(*)())X509_SIG_new, - (char *(*)())d2i_X509_SIG, (bp),(unsigned char **)(p8))); - } - -int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8) - { - return(ASN1_i2d_bio(i2d_X509_SIG,bp,(unsigned char *)p8)); - } - -#ifndef OPENSSL_NO_FP_API -PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, - PKCS8_PRIV_KEY_INFO **p8inf) - { - return((PKCS8_PRIV_KEY_INFO *)ASN1_d2i_fp( - (char *(*)())PKCS8_PRIV_KEY_INFO_new, - (char *(*)())d2i_PKCS8_PRIV_KEY_INFO, (fp), - (unsigned char **)(p8inf))); - } - -int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf) - { - return(ASN1_i2d_fp(i2d_PKCS8_PRIV_KEY_INFO,fp,(unsigned char *)p8inf)); - } - -int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key) - { - PKCS8_PRIV_KEY_INFO *p8inf; - int ret; - p8inf = EVP_PKEY2PKCS8(key); - if(!p8inf) return 0; - ret = i2d_PKCS8_PRIV_KEY_INFO_fp(fp, p8inf); - PKCS8_PRIV_KEY_INFO_free(p8inf); - return ret; - } +#ifndef OPENSSL_NO_EC +EC_KEY * +d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey) +{ + return ASN1_d2i_bio_of(EC_KEY, EC_KEY_new, d2i_ECPrivateKey, bp, eckey); +} + +int +i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey) +{ + return ASN1_i2d_bio_of(EC_KEY, i2d_ECPrivateKey, bp, eckey); +} -int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey) - { - return(ASN1_i2d_fp(i2d_PrivateKey,fp,(unsigned char *)pkey)); - } +EC_KEY * +d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey) +{ + return ASN1_d2i_fp_of(EC_KEY, EC_KEY_new, d2i_ECPrivateKey, fp, eckey); +} -EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a) +int +i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey) { - return((EVP_PKEY *)ASN1_d2i_fp((char *(*)())EVP_PKEY_new, - (char *(*)())d2i_AutoPrivateKey, (fp),(unsigned char **)(a))); + return ASN1_i2d_fp_of(EC_KEY, i2d_ECPrivateKey, fp, eckey); } -int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey) - { - return(ASN1_i2d_fp(i2d_PUBKEY,fp,(unsigned char *)pkey)); - } +EC_KEY * +d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey) +{ + return ASN1_d2i_bio_of(EC_KEY, EC_KEY_new, d2i_EC_PUBKEY, bp, eckey); +} -EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a) +int +i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *ecdsa) { - return((EVP_PKEY *)ASN1_d2i_fp((char *(*)())EVP_PKEY_new, - (char *(*)())d2i_PUBKEY, (fp),(unsigned char **)(a))); + return ASN1_i2d_bio_of(EC_KEY, i2d_EC_PUBKEY, bp, ecdsa); +} +EC_KEY * +d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey) +{ + return ASN1_d2i_fp_of(EC_KEY, EC_KEY_new, d2i_EC_PUBKEY, fp, eckey); } +int +i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey) +{ + return ASN1_i2d_fp_of(EC_KEY, i2d_EC_PUBKEY, fp, eckey); +} #endif -PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, - PKCS8_PRIV_KEY_INFO **p8inf) - { - return((PKCS8_PRIV_KEY_INFO *)ASN1_d2i_bio( - (char *(*)())PKCS8_PRIV_KEY_INFO_new, - (char *(*)())d2i_PKCS8_PRIV_KEY_INFO, (bp), - (unsigned char **)(p8inf))); - } - -int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf) - { - return(ASN1_i2d_bio(i2d_PKCS8_PRIV_KEY_INFO,bp,(unsigned char *)p8inf)); - } - -int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key) - { +X509_SIG * +d2i_PKCS8_bio(BIO *bp, X509_SIG **p8) +{ + return ASN1_item_d2i_bio(&X509_SIG_it, bp, p8); +} + +int +i2d_PKCS8_bio(BIO *bp, X509_SIG *p8) +{ + return ASN1_item_i2d_bio(&X509_SIG_it, bp, p8); +} + +X509_SIG * +d2i_PKCS8_fp(FILE *fp, X509_SIG **p8) +{ + return ASN1_item_d2i_fp(&X509_SIG_it, fp, p8); +} + +int +i2d_PKCS8_fp(FILE *fp, X509_SIG *p8) +{ + return ASN1_item_i2d_fp(&X509_SIG_it, fp, p8); +} + +PKCS8_PRIV_KEY_INFO * +d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO **p8inf) +{ + return ASN1_item_d2i_bio(&PKCS8_PRIV_KEY_INFO_it, bp, + p8inf); +} + +int +i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf) +{ + return ASN1_item_i2d_bio(&PKCS8_PRIV_KEY_INFO_it, bp, + p8inf); +} + +PKCS8_PRIV_KEY_INFO * +d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO **p8inf) +{ + return ASN1_item_d2i_fp(&PKCS8_PRIV_KEY_INFO_it, fp, + p8inf); +} + +int +i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf) +{ + return ASN1_item_i2d_fp(&PKCS8_PRIV_KEY_INFO_it, fp, + p8inf); +} + +EVP_PKEY * +d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a) +{ + return ASN1_d2i_bio_of(EVP_PKEY, EVP_PKEY_new, d2i_AutoPrivateKey, + bp, a); +} + +int +i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey) +{ + return ASN1_i2d_bio_of(EVP_PKEY, i2d_PrivateKey, bp, pkey); +} + +EVP_PKEY * +d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a) +{ + return ASN1_d2i_fp_of(EVP_PKEY, EVP_PKEY_new, d2i_AutoPrivateKey, + fp, a); +} + +int +i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey) +{ + return ASN1_i2d_fp_of(EVP_PKEY, i2d_PrivateKey, fp, pkey); +} + +EVP_PKEY * +d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a) +{ + return ASN1_d2i_bio_of(EVP_PKEY, EVP_PKEY_new, d2i_PUBKEY, bp, a); +} + +int +i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey) +{ + return ASN1_i2d_bio_of(EVP_PKEY, i2d_PUBKEY, bp, pkey); +} + +int +i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey) +{ + return ASN1_i2d_fp_of(EVP_PKEY, i2d_PUBKEY, fp, pkey); +} + +EVP_PKEY * +d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a) +{ + return ASN1_d2i_fp_of(EVP_PKEY, EVP_PKEY_new, d2i_PUBKEY, fp, a); +} + +int +i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key) +{ PKCS8_PRIV_KEY_INFO *p8inf; int ret; + p8inf = EVP_PKEY2PKCS8(key); - if(!p8inf) return 0; + if (!p8inf) + return 0; ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf); PKCS8_PRIV_KEY_INFO_free(p8inf); return ret; - } - -int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey) - { - return(ASN1_i2d_bio(i2d_PrivateKey,bp,(unsigned char *)pkey)); - } - -EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a) - { - return((EVP_PKEY *)ASN1_d2i_bio((char *(*)())EVP_PKEY_new, - (char *(*)())d2i_AutoPrivateKey, (bp),(unsigned char **)(a))); - } - -int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey) - { - return(ASN1_i2d_bio(i2d_PUBKEY,bp,(unsigned char *)pkey)); - } - -EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a) - { - return((EVP_PKEY *)ASN1_d2i_bio((char *(*)())EVP_PKEY_new, - (char *(*)())d2i_PUBKEY, (bp),(unsigned char **)(a))); - } +} + +int +i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key) +{ + PKCS8_PRIV_KEY_INFO *p8inf; + int ret; + p8inf = EVP_PKEY2PKCS8(key); + if (!p8inf) + return 0; + ret = i2d_PKCS8_PRIV_KEY_INFO_fp(fp, p8inf); + PKCS8_PRIV_KEY_INFO_free(p8inf); + return ret; +} + +int +X509_verify(X509 *a, EVP_PKEY *r) +{ + if (X509_ALGOR_cmp(a->sig_alg, a->cert_info->signature)) + return 0; + return(ASN1_item_verify(&X509_CINF_it, a->sig_alg, + a->signature, a->cert_info, r)); +} + +int +X509_REQ_verify(X509_REQ *a, EVP_PKEY *r) +{ + return (ASN1_item_verify(&X509_REQ_INFO_it, + a->sig_alg, a->signature, a->req_info, r)); +} + +int +NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r) +{ + return (ASN1_item_verify(&NETSCAPE_SPKAC_it, + a->sig_algor, a->signature, a->spkac, r)); +} + +int +X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) +{ + x->cert_info->enc.modified = 1; + return (ASN1_item_sign(&X509_CINF_it, + x->cert_info->signature, x->sig_alg, x->signature, + x->cert_info, pkey, md)); +} + +int +X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx) +{ + x->cert_info->enc.modified = 1; + return ASN1_item_sign_ctx(&X509_CINF_it, + x->cert_info->signature, x->sig_alg, x->signature, + x->cert_info, ctx); +} + +int +X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md) +{ + return (ASN1_item_sign(&X509_REQ_INFO_it, + x->sig_alg, NULL, x->signature, x->req_info, pkey, md)); +} + +int +X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx) +{ + return ASN1_item_sign_ctx(&X509_REQ_INFO_it, + x->sig_alg, NULL, x->signature, x->req_info, ctx); +} + +int +X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md) +{ + x->crl->enc.modified = 1; + return(ASN1_item_sign(&X509_CRL_INFO_it, x->crl->sig_alg, + x->sig_alg, x->signature, x->crl, pkey, md)); +} + +int +X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx) +{ + x->crl->enc.modified = 1; + return ASN1_item_sign_ctx(&X509_CRL_INFO_it, + x->crl->sig_alg, x->sig_alg, x->signature, x->crl, ctx); +} + +int +NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md) +{ + return (ASN1_item_sign(&NETSCAPE_SPKAC_it, + x->sig_algor, NULL, x->signature, x->spkac, pkey, md)); +} + +int +X509_pubkey_digest(const X509 *data, const EVP_MD *type, unsigned char *md, + unsigned int *len) +{ + ASN1_BIT_STRING *key; + key = X509_get0_pubkey_bitstr(data); + if (!key) + return 0; + return EVP_Digest(key->data, key->length, md, len, type, NULL); +} + +int +X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md, + unsigned int *len) +{ + return (ASN1_item_digest(&X509_it, type, (char *)data, + md, len)); +} + +int +X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md, + unsigned int *len) +{ + return (ASN1_item_digest(&X509_CRL_it, type, (char *)data, + md, len)); +} + +int +X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, unsigned char *md, + unsigned int *len) +{ + return (ASN1_item_digest(&X509_REQ_it, type, (char *)data, + md, len)); +} + +int +X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, unsigned char *md, + unsigned int *len) +{ + return (ASN1_item_digest(&X509_NAME_it, type, (char *)data, + md, len)); +} + +int +PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, + const EVP_MD *type, unsigned char *md, unsigned int *len) +{ + return(ASN1_item_digest(&PKCS7_ISSUER_AND_SERIAL_it, type, + (char *)data, md, len)); +} + +int +X509_up_ref(X509 *x) +{ + int i = CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); + return i > 1 ? 1 : 0; +} diff --git a/src/lib/libssl/x509v3.cnf b/src/lib/libcrypto/x509v3.cnf similarity index 77% rename from src/lib/libssl/x509v3.cnf rename to src/lib/libcrypto/x509v3.cnf index e4300886710..d12d7328557 100644 --- a/src/lib/libssl/x509v3.cnf +++ b/src/lib/libcrypto/x509v3.cnf @@ -1,12 +1,13 @@ # default settings CERTPATHLEN = 1 -CERTUSAGE = digitalSignature,keyCertSign +CERTUSAGE = digitalSignature,keyCertSign,cRLSign +EXTCERTUSAGE = serverAuth,clientAuth CERTIP = 0.0.0.0 CERTFQDN = nohost.nodomain # This section should be referenced when building an x509v3 CA # Certificate. -# The default path length and the key usage can be overriden +# The default path length and the key usage can be overridden # modified by setting the CERTPATHLEN and CERTUSAGE environment # variables. [x509v3_CA] @@ -18,9 +19,11 @@ keyUsage=$ENV::CERTUSAGE # The address must be provided in the CERTIP environment variable [x509v3_IPAddr] subjectAltName=IP:$ENV::CERTIP +extendedKeyUsage=$ENV::EXTCERTUSAGE # This section should be referenced to add a FQDN hostname # as an alternate subject name, needed by isakmpd # The address must be provided in the CERTFQDN environment variable [x509v3_FQDN] subjectAltName=DNS:$ENV::CERTFQDN +extendedKeyUsage=$ENV::EXTCERTUSAGE diff --git a/src/lib/libcrypto/x509v3/Makefile.ssl b/src/lib/libcrypto/x509v3/Makefile.ssl deleted file mode 100644 index 40fe46f9830..00000000000 --- a/src/lib/libcrypto/x509v3/Makefile.ssl +++ /dev/null @@ -1,420 +0,0 @@ -# -# SSLeay/crypto/x509v3/Makefile -# - -DIR= x509v3 -TOP= ../.. -CC= cc -INCLUDES= -I.. -I$(TOP) -I../../include -CFLAG=-g -INSTALL_PREFIX= -OPENSSLDIR= /usr/local/ssl -INSTALLTOP=/usr/local/ssl -MAKE= make -f Makefile.ssl -MAKEDEPPROG= makedepend -MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) -MAKEFILE= Makefile.ssl -AR= ar r - -CFLAGS= $(INCLUDES) $(CFLAG) - -GENERAL=Makefile README -TEST= -APPS= - -LIB=$(TOP)/libcrypto.a -LIBSRC= v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c v3_lib.c \ -v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c v3_pku.c \ -v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c v3_info.c \ -v3_ocsp.c v3_akeya.c -LIBOBJ= v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \ -v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o \ -v3_int.o v3_enum.o v3_sxnet.o v3_cpols.o v3_crld.o v3_purp.o v3_info.o \ -v3_ocsp.o v3_akeya.o - -SRC= $(LIBSRC) - -EXHEADER= x509v3.h -HEADER= $(EXHEADER) - -ALL= $(GENERAL) $(SRC) $(HEADER) - -top: - (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) - -all: lib - -lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) || echo Never mind. - @touch lib - -files: - $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO - -links: - @sh $(TOP)/util/point.sh Makefile.ssl Makefile - @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) - @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) - @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) - -install: - @for i in $(EXHEADER) ; \ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; - -tags: - ctags $(SRC) - -tests: - -lint: - lint -DLINT $(INCLUDES) $(SRC)>fluff - -depend: - $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) - -dclean: - $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new - mv -f Makefile.new $(MAKEFILE) - -clean: - rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff - -# DO NOT DELETE THIS LINE -- make depend depends on it. - -v3_akey.o: ../../e_os.h ../../include/openssl/asn1.h -v3_akey.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -v3_akey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -v3_akey.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -v3_akey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -v3_akey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -v3_akey.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -v3_akey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -v3_akey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -v3_akey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -v3_akey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -v3_akey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_akey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_akey.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_akey.o: ../cryptlib.h v3_akey.c -v3_akeya.o: ../../e_os.h ../../include/openssl/asn1.h -v3_akeya.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -v3_akeya.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -v3_akeya.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -v3_akeya.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -v3_akeya.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -v3_akeya.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -v3_akeya.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -v3_akeya.o: ../../include/openssl/opensslconf.h -v3_akeya.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_akeya.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -v3_akeya.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -v3_akeya.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -v3_akeya.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_akeya.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_akeya.c -v3_alt.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -v3_alt.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -v3_alt.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -v3_alt.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -v3_alt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -v3_alt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -v3_alt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -v3_alt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -v3_alt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -v3_alt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -v3_alt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_alt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_alt.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_alt.o: ../cryptlib.h v3_alt.c -v3_bcons.o: ../../e_os.h ../../include/openssl/asn1.h -v3_bcons.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -v3_bcons.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -v3_bcons.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -v3_bcons.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -v3_bcons.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -v3_bcons.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -v3_bcons.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -v3_bcons.o: ../../include/openssl/opensslconf.h -v3_bcons.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_bcons.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -v3_bcons.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -v3_bcons.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -v3_bcons.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_bcons.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_bcons.c -v3_bitst.o: ../../e_os.h ../../include/openssl/asn1.h -v3_bitst.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -v3_bitst.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h -v3_bitst.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -v3_bitst.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -v3_bitst.o: ../../include/openssl/err.h ../../include/openssl/evp.h -v3_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -v3_bitst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -v3_bitst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -v3_bitst.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_bitst.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_bitst.c -v3_conf.o: ../../e_os.h ../../include/openssl/asn1.h -v3_conf.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -v3_conf.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h -v3_conf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -v3_conf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -v3_conf.o: ../../include/openssl/err.h ../../include/openssl/evp.h -v3_conf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_conf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_conf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_conf.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -v3_conf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -v3_conf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -v3_conf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_conf.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_conf.c -v3_cpols.o: ../../e_os.h ../../include/openssl/asn1.h -v3_cpols.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -v3_cpols.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -v3_cpols.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -v3_cpols.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -v3_cpols.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -v3_cpols.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -v3_cpols.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -v3_cpols.o: ../../include/openssl/opensslconf.h -v3_cpols.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_cpols.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -v3_cpols.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -v3_cpols.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -v3_cpols.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_cpols.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_cpols.c -v3_crld.o: ../../e_os.h ../../include/openssl/asn1.h -v3_crld.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -v3_crld.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -v3_crld.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -v3_crld.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -v3_crld.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -v3_crld.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -v3_crld.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -v3_crld.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -v3_crld.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -v3_crld.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -v3_crld.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_crld.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_crld.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_crld.o: ../cryptlib.h v3_crld.c -v3_enum.o: ../../e_os.h ../../include/openssl/asn1.h -v3_enum.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -v3_enum.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h -v3_enum.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -v3_enum.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -v3_enum.o: ../../include/openssl/err.h ../../include/openssl/evp.h -v3_enum.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_enum.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_enum.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_enum.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -v3_enum.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -v3_enum.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -v3_enum.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_enum.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_enum.c -v3_extku.o: ../../e_os.h ../../include/openssl/asn1.h -v3_extku.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -v3_extku.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -v3_extku.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -v3_extku.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -v3_extku.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -v3_extku.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -v3_extku.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -v3_extku.o: ../../include/openssl/opensslconf.h -v3_extku.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_extku.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -v3_extku.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -v3_extku.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -v3_extku.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_extku.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_extku.c -v3_genn.o: ../../e_os.h ../../include/openssl/asn1.h -v3_genn.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -v3_genn.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -v3_genn.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -v3_genn.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -v3_genn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -v3_genn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -v3_genn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -v3_genn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -v3_genn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -v3_genn.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -v3_genn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_genn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_genn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_genn.o: ../cryptlib.h v3_genn.c -v3_ia5.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -v3_ia5.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -v3_ia5.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -v3_ia5.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -v3_ia5.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -v3_ia5.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -v3_ia5.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -v3_ia5.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -v3_ia5.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -v3_ia5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -v3_ia5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_ia5.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_ia5.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_ia5.o: ../cryptlib.h v3_ia5.c -v3_info.o: ../../e_os.h ../../include/openssl/asn1.h -v3_info.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -v3_info.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -v3_info.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -v3_info.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -v3_info.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -v3_info.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -v3_info.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -v3_info.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -v3_info.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -v3_info.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -v3_info.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_info.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_info.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_info.o: ../cryptlib.h v3_info.c -v3_int.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -v3_int.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -v3_int.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -v3_int.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -v3_int.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -v3_int.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -v3_int.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -v3_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -v3_int.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -v3_int.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -v3_int.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_int.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_int.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_int.o: ../cryptlib.h v3_int.c -v3_lib.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -v3_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -v3_lib.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -v3_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -v3_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -v3_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -v3_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -v3_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -v3_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -v3_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -v3_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_lib.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_lib.o: ../cryptlib.h ext_dat.h v3_lib.c -v3_ocsp.o: ../../e_os.h ../../include/openssl/asn1.h -v3_ocsp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -v3_ocsp.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h -v3_ocsp.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -v3_ocsp.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -v3_ocsp.o: ../../include/openssl/err.h ../../include/openssl/evp.h -v3_ocsp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_ocsp.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h -v3_ocsp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -v3_ocsp.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -v3_ocsp.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -v3_ocsp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_ocsp.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_ocsp.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_ocsp.o: ../cryptlib.h v3_ocsp.c -v3_pku.o: ../../e_os.h ../../include/openssl/asn1.h -v3_pku.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -v3_pku.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -v3_pku.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -v3_pku.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -v3_pku.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -v3_pku.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -v3_pku.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -v3_pku.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -v3_pku.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -v3_pku.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -v3_pku.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_pku.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_pku.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_pku.o: ../cryptlib.h v3_pku.c -v3_prn.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -v3_prn.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -v3_prn.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -v3_prn.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -v3_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -v3_prn.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -v3_prn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -v3_prn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -v3_prn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -v3_prn.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -v3_prn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_prn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_prn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_prn.o: ../cryptlib.h v3_prn.c -v3_purp.o: ../../e_os.h ../../include/openssl/asn1.h -v3_purp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -v3_purp.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h -v3_purp.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -v3_purp.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -v3_purp.o: ../../include/openssl/err.h ../../include/openssl/evp.h -v3_purp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_purp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_purp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_purp.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -v3_purp.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -v3_purp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -v3_purp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_purp.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_purp.c -v3_skey.o: ../../e_os.h ../../include/openssl/asn1.h -v3_skey.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -v3_skey.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h -v3_skey.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h -v3_skey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -v3_skey.o: ../../include/openssl/err.h ../../include/openssl/evp.h -v3_skey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_skey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -v3_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_skey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -v3_skey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -v3_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -v3_skey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_skey.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_skey.c -v3_sxnet.o: ../../e_os.h ../../include/openssl/asn1.h -v3_sxnet.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -v3_sxnet.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -v3_sxnet.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -v3_sxnet.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -v3_sxnet.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -v3_sxnet.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -v3_sxnet.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -v3_sxnet.o: ../../include/openssl/opensslconf.h -v3_sxnet.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -v3_sxnet.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -v3_sxnet.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -v3_sxnet.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -v3_sxnet.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_sxnet.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_sxnet.c -v3_utl.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -v3_utl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -v3_utl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -v3_utl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -v3_utl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -v3_utl.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -v3_utl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -v3_utl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -v3_utl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -v3_utl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -v3_utl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3_utl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3_utl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_utl.o: ../cryptlib.h v3_utl.c -v3err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -v3err.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -v3err.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -v3err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h -v3err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -v3err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -v3err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -v3err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -v3err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -v3err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h -v3err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -v3err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -v3err.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3err.o: v3err.c diff --git a/src/lib/libcrypto/x509v3/ext_dat.h b/src/lib/libcrypto/x509v3/ext_dat.h index 586f116db5a..1bacb0d5a13 100644 --- a/src/lib/libcrypto/x509v3/ext_dat.h +++ b/src/lib/libcrypto/x509v3/ext_dat.h @@ -1,16 +1,16 @@ -/* ext_dat.h */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: ext_dat.h,v 1.13 2016/12/21 15:49:29 jsing Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -55,55 +55,79 @@ * Hudson (tjh@cryptsoft.com). * */ + +#include + +__BEGIN_HIDDEN_DECLS + /* This file contains a table of "standard" extensions */ extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku; extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info, v3_sinfo; extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id; -extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate, v3_cpols, v3_crld; +extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate; +extern X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld, v3_freshest_crl; extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff; extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc; -extern X509V3_EXT_METHOD v3_crl_hold; +extern X509V3_EXT_METHOD v3_crl_hold, v3_pci; +extern X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints; +extern X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp, v3_idp; +extern X509V3_EXT_METHOD v3_addr, v3_asid; /* This table will be searched using OBJ_bsearch so it *must* kept in * order of the ext_nid values. */ -static X509V3_EXT_METHOD *standard_exts[] = { -&v3_nscert, -&v3_ns_ia5_list[0], -&v3_ns_ia5_list[1], -&v3_ns_ia5_list[2], -&v3_ns_ia5_list[3], -&v3_ns_ia5_list[4], -&v3_ns_ia5_list[5], -&v3_ns_ia5_list[6], -&v3_skey_id, -&v3_key_usage, -&v3_pkey_usage_period, -&v3_alt[0], -&v3_alt[1], -&v3_bcons, -&v3_crl_num, -&v3_cpols, -&v3_akey_id, -&v3_crld, -&v3_ext_ku, -&v3_crl_reason, -&v3_crl_invdate, -&v3_sxnet, -&v3_info, -&v3_ocsp_nonce, -&v3_ocsp_crlid, -&v3_ocsp_accresp, -&v3_ocsp_nocheck, -&v3_ocsp_acutoff, -&v3_ocsp_serviceloc, -&v3_crl_hold, -&v3_sinfo +static const X509V3_EXT_METHOD *standard_exts[] = { + &v3_nscert, + &v3_ns_ia5_list[0], + &v3_ns_ia5_list[1], + &v3_ns_ia5_list[2], + &v3_ns_ia5_list[3], + &v3_ns_ia5_list[4], + &v3_ns_ia5_list[5], + &v3_ns_ia5_list[6], + &v3_skey_id, + &v3_key_usage, + &v3_pkey_usage_period, + &v3_alt[0], + &v3_alt[1], + &v3_bcons, + &v3_crl_num, + &v3_cpols, + &v3_akey_id, + &v3_crld, + &v3_ext_ku, + &v3_delta_crl, + &v3_crl_reason, +#ifndef OPENSSL_NO_OCSP + &v3_crl_invdate, +#endif + &v3_sxnet, + &v3_info, +#ifndef OPENSSL_NO_OCSP + &v3_ocsp_nonce, + &v3_ocsp_crlid, + &v3_ocsp_accresp, + &v3_ocsp_nocheck, + &v3_ocsp_acutoff, + &v3_ocsp_serviceloc, +#endif + &v3_sinfo, + &v3_policy_constraints, +#ifndef OPENSSL_NO_OCSP + &v3_crl_hold, +#endif + &v3_pci, + &v3_name_constraints, + &v3_policy_mappings, + &v3_inhibit_anyp, + &v3_idp, + &v3_alt[2], + &v3_freshest_crl, }; /* Number of standard extensions */ - #define STANDARD_EXTENSION_COUNT (sizeof(standard_exts)/sizeof(X509V3_EXT_METHOD *)) +__END_HIDDEN_DECLS diff --git a/src/lib/libcrypto/x509v3/pcy_cache.c b/src/lib/libcrypto/x509v3/pcy_cache.c new file mode 100644 index 00000000000..9c8ba8298bc --- /dev/null +++ b/src/lib/libcrypto/x509v3/pcy_cache.c @@ -0,0 +1,271 @@ +/* $OpenBSD: pcy_cache.c,v 1.5 2014/07/11 08:44:49 jsing Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2004. + */ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include + +#include "pcy_int.h" + +static int policy_data_cmp(const X509_POLICY_DATA * const *a, + const X509_POLICY_DATA * const *b); +static int policy_cache_set_int(long *out, ASN1_INTEGER *value); + +/* Set cache entry according to CertificatePolicies extension. + * Note: this destroys the passed CERTIFICATEPOLICIES structure. + */ + +static int +policy_cache_create(X509 *x, CERTIFICATEPOLICIES *policies, int crit) +{ + int i; + int ret = 0; + X509_POLICY_CACHE *cache = x->policy_cache; + X509_POLICY_DATA *data = NULL; + POLICYINFO *policy; + + if (sk_POLICYINFO_num(policies) == 0) + goto bad_policy; + cache->data = sk_X509_POLICY_DATA_new(policy_data_cmp); + if (!cache->data) + goto bad_policy; + for (i = 0; i < sk_POLICYINFO_num(policies); i++) { + policy = sk_POLICYINFO_value(policies, i); + data = policy_data_new(policy, NULL, crit); + if (!data) + goto bad_policy; + /* Duplicate policy OIDs are illegal: reject if matches + * found. + */ + if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) { + if (cache->anyPolicy) { + ret = -1; + goto bad_policy; + } + cache->anyPolicy = data; + } else if (sk_X509_POLICY_DATA_find(cache->data, data) != -1) { + ret = -1; + goto bad_policy; + } else if (!sk_X509_POLICY_DATA_push(cache->data, data)) + goto bad_policy; + data = NULL; + } + ret = 1; + +bad_policy: + if (ret == -1) + x->ex_flags |= EXFLAG_INVALID_POLICY; + if (data) + policy_data_free(data); + sk_POLICYINFO_pop_free(policies, POLICYINFO_free); + if (ret <= 0) { + sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free); + cache->data = NULL; + } + return ret; +} + +static int +policy_cache_new(X509 *x) +{ + X509_POLICY_CACHE *cache; + ASN1_INTEGER *ext_any = NULL; + POLICY_CONSTRAINTS *ext_pcons = NULL; + CERTIFICATEPOLICIES *ext_cpols = NULL; + POLICY_MAPPINGS *ext_pmaps = NULL; + int i; + + cache = malloc(sizeof(X509_POLICY_CACHE)); + if (!cache) + return 0; + cache->anyPolicy = NULL; + cache->data = NULL; + cache->any_skip = -1; + cache->explicit_skip = -1; + cache->map_skip = -1; + + x->policy_cache = cache; + + /* Handle requireExplicitPolicy *first*. Need to process this + * even if we don't have any policies. + */ + ext_pcons = X509_get_ext_d2i(x, NID_policy_constraints, &i, NULL); + + if (!ext_pcons) { + if (i != -1) + goto bad_cache; + } else { + if (!ext_pcons->requireExplicitPolicy && + !ext_pcons->inhibitPolicyMapping) + goto bad_cache; + if (!policy_cache_set_int(&cache->explicit_skip, + ext_pcons->requireExplicitPolicy)) + goto bad_cache; + if (!policy_cache_set_int(&cache->map_skip, + ext_pcons->inhibitPolicyMapping)) + goto bad_cache; + } + + /* Process CertificatePolicies */ + + ext_cpols = X509_get_ext_d2i(x, NID_certificate_policies, &i, NULL); + /* If no CertificatePolicies extension or problem decoding then + * there is no point continuing because the valid policies will be + * NULL. + */ + if (!ext_cpols) { + /* If not absent some problem with extension */ + if (i != -1) + goto bad_cache; + return 1; + } + + i = policy_cache_create(x, ext_cpols, i); + + /* NB: ext_cpols freed by policy_cache_set_policies */ + + if (i <= 0) + return i; + + ext_pmaps = X509_get_ext_d2i(x, NID_policy_mappings, &i, NULL); + + if (!ext_pmaps) { + /* If not absent some problem with extension */ + if (i != -1) + goto bad_cache; + } else { + i = policy_cache_set_mapping(x, ext_pmaps); + if (i <= 0) + goto bad_cache; + } + + ext_any = X509_get_ext_d2i(x, NID_inhibit_any_policy, &i, NULL); + + if (!ext_any) { + if (i != -1) + goto bad_cache; + } else if (!policy_cache_set_int(&cache->any_skip, ext_any)) + goto bad_cache; + + if (0) { +bad_cache: + x->ex_flags |= EXFLAG_INVALID_POLICY; + } + + if (ext_pcons) + POLICY_CONSTRAINTS_free(ext_pcons); + + if (ext_any) + ASN1_INTEGER_free(ext_any); + + return 1; +} + +void +policy_cache_free(X509_POLICY_CACHE *cache) +{ + if (!cache) + return; + if (cache->anyPolicy) + policy_data_free(cache->anyPolicy); + if (cache->data) + sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free); + free(cache); +} + +const X509_POLICY_CACHE * +policy_cache_set(X509 *x) +{ + if (x->policy_cache == NULL) { + CRYPTO_w_lock(CRYPTO_LOCK_X509); + policy_cache_new(x); + CRYPTO_w_unlock(CRYPTO_LOCK_X509); + } + + return x->policy_cache; +} + +X509_POLICY_DATA * +policy_cache_find_data(const X509_POLICY_CACHE *cache, const ASN1_OBJECT *id) +{ + int idx; + X509_POLICY_DATA tmp; + + tmp.valid_policy = (ASN1_OBJECT *)id; + idx = sk_X509_POLICY_DATA_find(cache->data, &tmp); + if (idx == -1) + return NULL; + return sk_X509_POLICY_DATA_value(cache->data, idx); +} + +static int +policy_data_cmp(const X509_POLICY_DATA * const *a, + const X509_POLICY_DATA * const *b) +{ + return OBJ_cmp((*a)->valid_policy, (*b)->valid_policy); +} + +static int +policy_cache_set_int(long *out, ASN1_INTEGER *value) +{ + if (value == NULL) + return 1; + if (value->type == V_ASN1_NEG_INTEGER) + return 0; + *out = ASN1_INTEGER_get(value); + return 1; +} diff --git a/src/lib/libcrypto/x509v3/pcy_data.c b/src/lib/libcrypto/x509v3/pcy_data.c new file mode 100644 index 00000000000..b3699b02807 --- /dev/null +++ b/src/lib/libcrypto/x509v3/pcy_data.c @@ -0,0 +1,129 @@ +/* $OpenBSD: pcy_data.c,v 1.9 2015/07/15 16:53:42 miod Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2004. + */ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include + +#include "pcy_int.h" + +/* Policy Node routines */ + +void +policy_data_free(X509_POLICY_DATA *data) +{ + ASN1_OBJECT_free(data->valid_policy); + /* Don't free qualifiers if shared */ + if (!(data->flags & POLICY_DATA_FLAG_SHARED_QUALIFIERS)) + sk_POLICYQUALINFO_pop_free(data->qualifier_set, + POLICYQUALINFO_free); + sk_ASN1_OBJECT_pop_free(data->expected_policy_set, ASN1_OBJECT_free); + free(data); +} + +/* Create a data based on an existing policy. If 'id' is NULL use the + * oid in the policy, otherwise use 'id'. This behaviour covers the two + * types of data in RFC3280: data with from a CertificatePolcies extension + * and additional data with just the qualifiers of anyPolicy and ID from + * another source. + */ + +X509_POLICY_DATA * +policy_data_new(POLICYINFO *policy, const ASN1_OBJECT *cid, int crit) +{ + X509_POLICY_DATA *ret = NULL; + ASN1_OBJECT *id = NULL; + + if (policy == NULL && cid == NULL) + return NULL; + if (cid != NULL) { + id = OBJ_dup(cid); + if (id == NULL) + return NULL; + } + ret = malloc(sizeof(X509_POLICY_DATA)); + if (ret == NULL) + goto err; + ret->expected_policy_set = sk_ASN1_OBJECT_new_null(); + if (ret->expected_policy_set == NULL) + goto err; + + if (crit) + ret->flags = POLICY_DATA_FLAG_CRITICAL; + else + ret->flags = 0; + + if (id != NULL) + ret->valid_policy = id; + else { + ret->valid_policy = policy->policyid; + policy->policyid = NULL; + } + + if (policy != NULL) { + ret->qualifier_set = policy->qualifiers; + policy->qualifiers = NULL; + } else + ret->qualifier_set = NULL; + + return ret; + +err: + free(ret); + ASN1_OBJECT_free(id); + return NULL; +} diff --git a/src/lib/libcrypto/x509v3/pcy_int.h b/src/lib/libcrypto/x509v3/pcy_int.h new file mode 100644 index 00000000000..92b94e2911a --- /dev/null +++ b/src/lib/libcrypto/x509v3/pcy_int.h @@ -0,0 +1,209 @@ +/* $OpenBSD: pcy_int.h,v 1.5 2016/12/21 15:49:29 jsing Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2004. + */ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +__BEGIN_HIDDEN_DECLS + +typedef struct X509_POLICY_DATA_st X509_POLICY_DATA; + +DECLARE_STACK_OF(X509_POLICY_DATA) + +/* Internal structures */ + +/* This structure and the field names correspond to the Policy 'node' of + * RFC3280. NB this structure contains no pointers to parent or child + * data: X509_POLICY_NODE contains that. This means that the main policy data + * can be kept static and cached with the certificate. + */ + +struct X509_POLICY_DATA_st { + unsigned int flags; + /* Policy OID and qualifiers for this data */ + ASN1_OBJECT *valid_policy; + STACK_OF(POLICYQUALINFO) *qualifier_set; + STACK_OF(ASN1_OBJECT) *expected_policy_set; +}; + +/* X509_POLICY_DATA flags values */ + +/* This flag indicates the structure has been mapped using a policy mapping + * extension. If policy mapping is not active its references get deleted. + */ + +#define POLICY_DATA_FLAG_MAPPED 0x1 + +/* This flag indicates the data doesn't correspond to a policy in Certificate + * Policies: it has been mapped to any policy. + */ + +#define POLICY_DATA_FLAG_MAPPED_ANY 0x2 + +/* AND with flags to see if any mapping has occurred */ + +#define POLICY_DATA_FLAG_MAP_MASK 0x3 + +/* qualifiers are shared and shouldn't be freed */ + +#define POLICY_DATA_FLAG_SHARED_QUALIFIERS 0x4 + +/* Parent node is an extra node and should be freed */ + +#define POLICY_DATA_FLAG_EXTRA_NODE 0x8 + +/* Corresponding CertificatePolicies is critical */ + +#define POLICY_DATA_FLAG_CRITICAL 0x10 + +/* This structure is cached with a certificate */ + +struct X509_POLICY_CACHE_st { + /* anyPolicy data or NULL if no anyPolicy */ + X509_POLICY_DATA *anyPolicy; + /* other policy data */ + STACK_OF(X509_POLICY_DATA) *data; + /* If InhibitAnyPolicy present this is its value or -1 if absent. */ + long any_skip; + /* If policyConstraints and requireExplicitPolicy present this is its + * value or -1 if absent. + */ + long explicit_skip; + /* If policyConstraints and policyMapping present this is its + * value or -1 if absent. + */ + long map_skip; +}; + +/*#define POLICY_CACHE_FLAG_CRITICAL POLICY_DATA_FLAG_CRITICAL*/ + +/* This structure represents the relationship between nodes */ + +struct X509_POLICY_NODE_st { + /* node data this refers to */ + const X509_POLICY_DATA *data; + /* Parent node */ + X509_POLICY_NODE *parent; + /* Number of child nodes */ + int nchild; +}; + +struct X509_POLICY_LEVEL_st { + /* Cert for this level */ + X509 *cert; + /* nodes at this level */ + STACK_OF(X509_POLICY_NODE) *nodes; + /* anyPolicy node */ + X509_POLICY_NODE *anyPolicy; + /* Extra data */ + /*STACK_OF(X509_POLICY_DATA) *extra_data;*/ + unsigned int flags; +}; + +struct X509_POLICY_TREE_st { + /* This is the tree 'level' data */ + X509_POLICY_LEVEL *levels; + int nlevel; + /* Extra policy data when additional nodes (not from the certificate) + * are required. + */ + STACK_OF(X509_POLICY_DATA) *extra_data; + /* This is the authority constained policy set */ + STACK_OF(X509_POLICY_NODE) *auth_policies; + STACK_OF(X509_POLICY_NODE) *user_policies; + unsigned int flags; +}; + +/* Set if anyPolicy present in user policies */ +#define POLICY_FLAG_ANY_POLICY 0x2 + +/* Useful macros */ + +#define node_data_critical(data) (data->flags & POLICY_DATA_FLAG_CRITICAL) +#define node_critical(node) node_data_critical(node->data) + +/* Internal functions */ + +X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, const ASN1_OBJECT *id, + int crit); +void policy_data_free(X509_POLICY_DATA *data); + +X509_POLICY_DATA *policy_cache_find_data(const X509_POLICY_CACHE *cache, + const ASN1_OBJECT *id); +int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps); + + +STACK_OF(X509_POLICY_NODE) *policy_node_cmp_new(void); + +void policy_cache_init(void); + +void policy_cache_free(X509_POLICY_CACHE *cache); + +X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level, + const X509_POLICY_NODE *parent, const ASN1_OBJECT *id); + +X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk, + const ASN1_OBJECT *id); + +int level_add_node(X509_POLICY_LEVEL *level, + const X509_POLICY_DATA *data, X509_POLICY_NODE *parent, + X509_POLICY_TREE *tree, X509_POLICY_NODE **nodep); +void policy_node_free(X509_POLICY_NODE *node); +int policy_node_match(const X509_POLICY_LEVEL *lvl, + const X509_POLICY_NODE *node, const ASN1_OBJECT *oid); + +const X509_POLICY_CACHE *policy_cache_set(X509 *x); + +__END_HIDDEN_DECLS diff --git a/src/lib/libcrypto/x509v3/pcy_lib.c b/src/lib/libcrypto/x509v3/pcy_lib.c new file mode 100644 index 00000000000..6f370640639 --- /dev/null +++ b/src/lib/libcrypto/x509v3/pcy_lib.c @@ -0,0 +1,157 @@ +/* $OpenBSD: pcy_lib.c,v 1.5 2015/02/07 13:19:15 doug Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2004. + */ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include + +#include "pcy_int.h" + +/* accessor functions */ + +/* X509_POLICY_TREE stuff */ + +int +X509_policy_tree_level_count(const X509_POLICY_TREE *tree) +{ + if (!tree) + return 0; + return tree->nlevel; +} + +X509_POLICY_LEVEL * +X509_policy_tree_get0_level(const X509_POLICY_TREE *tree, int i) +{ + if (!tree || (i < 0) || (i >= tree->nlevel)) + return NULL; + return tree->levels + i; +} + +STACK_OF(X509_POLICY_NODE) * +X509_policy_tree_get0_policies(const X509_POLICY_TREE *tree) +{ + if (!tree) + return NULL; + return tree->auth_policies; +} + +STACK_OF(X509_POLICY_NODE) * +X509_policy_tree_get0_user_policies(const X509_POLICY_TREE *tree) +{ + if (!tree) + return NULL; + if (tree->flags & POLICY_FLAG_ANY_POLICY) + return tree->auth_policies; + else + return tree->user_policies; +} + +/* X509_POLICY_LEVEL stuff */ + +int +X509_policy_level_node_count(X509_POLICY_LEVEL *level) +{ + int n; + if (!level) + return 0; + if (level->anyPolicy) + n = 1; + else + n = 0; + if (level->nodes) + n += sk_X509_POLICY_NODE_num(level->nodes); + return n; +} + +X509_POLICY_NODE * +X509_policy_level_get0_node(X509_POLICY_LEVEL *level, int i) +{ + if (!level) + return NULL; + if (level->anyPolicy) { + if (i == 0) + return level->anyPolicy; + i--; + } + return sk_X509_POLICY_NODE_value(level->nodes, i); +} + +/* X509_POLICY_NODE stuff */ + +const ASN1_OBJECT * +X509_policy_node_get0_policy(const X509_POLICY_NODE *node) +{ + if (!node) + return NULL; + return node->data->valid_policy; +} + +STACK_OF(POLICYQUALINFO) * +X509_policy_node_get0_qualifiers(const X509_POLICY_NODE *node) +{ + if (!node) + return NULL; + return node->data->qualifier_set; +} + +const X509_POLICY_NODE * +X509_policy_node_get0_parent(const X509_POLICY_NODE *node) +{ + if (!node) + return NULL; + return node->parent; +} diff --git a/src/lib/libcrypto/x509v3/pcy_map.c b/src/lib/libcrypto/x509v3/pcy_map.c new file mode 100644 index 00000000000..6ee1ffe895a --- /dev/null +++ b/src/lib/libcrypto/x509v3/pcy_map.c @@ -0,0 +1,126 @@ +/* $OpenBSD: pcy_map.c,v 1.4 2014/07/11 08:44:49 jsing Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2004. + */ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include + +#include "pcy_int.h" + +/* Set policy mapping entries in cache. + * Note: this modifies the passed POLICY_MAPPINGS structure + */ + +int +policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps) +{ + POLICY_MAPPING *map; + X509_POLICY_DATA *data; + X509_POLICY_CACHE *cache = x->policy_cache; + int i; + int ret = 0; + + if (sk_POLICY_MAPPING_num(maps) == 0) { + ret = -1; + goto bad_mapping; + } + for (i = 0; i < sk_POLICY_MAPPING_num(maps); i++) { + map = sk_POLICY_MAPPING_value(maps, i); + /* Reject if map to or from anyPolicy */ + if ((OBJ_obj2nid(map->subjectDomainPolicy) == NID_any_policy) || + (OBJ_obj2nid(map->issuerDomainPolicy) == NID_any_policy)) { + ret = -1; + goto bad_mapping; + } + + /* Attempt to find matching policy data */ + data = policy_cache_find_data(cache, map->issuerDomainPolicy); + /* If we don't have anyPolicy can't map */ + if (!data && !cache->anyPolicy) + continue; + + /* Create a NODE from anyPolicy */ + if (!data) { + data = policy_data_new(NULL, map->issuerDomainPolicy, + cache->anyPolicy->flags & + POLICY_DATA_FLAG_CRITICAL); + if (!data) + goto bad_mapping; + data->qualifier_set = cache->anyPolicy->qualifier_set; + /*map->issuerDomainPolicy = NULL;*/ + data->flags |= POLICY_DATA_FLAG_MAPPED_ANY; + data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS; + if (!sk_X509_POLICY_DATA_push(cache->data, data)) { + policy_data_free(data); + goto bad_mapping; + } + } else + data->flags |= POLICY_DATA_FLAG_MAPPED; + if (!sk_ASN1_OBJECT_push(data->expected_policy_set, + map->subjectDomainPolicy)) + goto bad_mapping; + map->subjectDomainPolicy = NULL; + } + + ret = 1; + +bad_mapping: + if (ret == -1) + x->ex_flags |= EXFLAG_INVALID_POLICY; + sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free); + return ret; +} diff --git a/src/lib/libcrypto/x509v3/pcy_node.c b/src/lib/libcrypto/x509v3/pcy_node.c new file mode 100644 index 00000000000..ba22b267bfe --- /dev/null +++ b/src/lib/libcrypto/x509v3/pcy_node.c @@ -0,0 +1,199 @@ +/* $OpenBSD: pcy_node.c,v 1.6 2015/07/18 00:01:05 beck Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2004. + */ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include +#include + +#include "pcy_int.h" + +static int +node_cmp(const X509_POLICY_NODE * const *a, const X509_POLICY_NODE * const *b) +{ + return OBJ_cmp((*a)->data->valid_policy, (*b)->data->valid_policy); +} + +STACK_OF(X509_POLICY_NODE) *policy_node_cmp_new(void) +{ + return sk_X509_POLICY_NODE_new(node_cmp); +} + +X509_POLICY_NODE * +tree_find_sk(STACK_OF(X509_POLICY_NODE) *nodes, const ASN1_OBJECT *id) +{ + X509_POLICY_DATA n; + X509_POLICY_NODE l; + int idx; + + n.valid_policy = (ASN1_OBJECT *)id; + l.data = &n; + + idx = sk_X509_POLICY_NODE_find(nodes, &l); + if (idx == -1) + return NULL; + + return sk_X509_POLICY_NODE_value(nodes, idx); +} + +X509_POLICY_NODE * +level_find_node(const X509_POLICY_LEVEL *level, const X509_POLICY_NODE *parent, + const ASN1_OBJECT *id) +{ + X509_POLICY_NODE *node; + int i; + + for (i = 0; i < sk_X509_POLICY_NODE_num(level->nodes); i++) { + node = sk_X509_POLICY_NODE_value(level->nodes, i); + if (node->parent == parent) { + if (!OBJ_cmp(node->data->valid_policy, id)) + return node; + } + } + return NULL; +} + + +int +level_add_node(X509_POLICY_LEVEL *level, const X509_POLICY_DATA *data, + X509_POLICY_NODE *parent, X509_POLICY_TREE *tree, X509_POLICY_NODE **nodep) +{ + X509_POLICY_NODE *node = NULL; + + if (level) { + node = malloc(sizeof(X509_POLICY_NODE)); + if (!node) + goto node_error; + node->data = data; + node->parent = parent; + node->nchild = 0; + if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) { + if (level->anyPolicy) + goto node_error; + level->anyPolicy = node; + if (parent) + parent->nchild++; + } else { + + if (!level->nodes) + level->nodes = policy_node_cmp_new(); + if (!level->nodes) + goto node_error; + if (!sk_X509_POLICY_NODE_push(level->nodes, node)) + goto node_error; + if (parent) + parent->nchild++; + } + } + + if (tree) { + if (!tree->extra_data) + tree->extra_data = sk_X509_POLICY_DATA_new_null(); + if (!tree->extra_data) + goto node_error_cond; + if (!sk_X509_POLICY_DATA_push(tree->extra_data, data)) + goto node_error_cond; + } + + if (nodep) + *nodep = node; + + return 1; + +node_error_cond: + if (level) + node = NULL; +node_error: + policy_node_free(node); + node = NULL; + if (nodep) + *nodep = node; + return 0; +} + +void +policy_node_free(X509_POLICY_NODE *node) +{ + free(node); +} + +/* See if a policy node matches a policy OID. If mapping enabled look through + * expected policy set otherwise just valid policy. + */ + +int +policy_node_match(const X509_POLICY_LEVEL *lvl, const X509_POLICY_NODE *node, + const ASN1_OBJECT *oid) +{ + int i; + ASN1_OBJECT *policy_oid; + const X509_POLICY_DATA *x = node->data; + + if ((lvl->flags & X509_V_FLAG_INHIBIT_MAP) || + !(x->flags & POLICY_DATA_FLAG_MAP_MASK)) { + if (!OBJ_cmp(x->valid_policy, oid)) + return 1; + return 0; + } + + for (i = 0; i < sk_ASN1_OBJECT_num(x->expected_policy_set); i++) { + policy_oid = sk_ASN1_OBJECT_value(x->expected_policy_set, i); + if (!OBJ_cmp(policy_oid, oid)) + return 1; + } + return 0; +} diff --git a/src/lib/libcrypto/x509v3/pcy_tree.c b/src/lib/libcrypto/x509v3/pcy_tree.c new file mode 100644 index 00000000000..a56c183bc96 --- /dev/null +++ b/src/lib/libcrypto/x509v3/pcy_tree.c @@ -0,0 +1,770 @@ +/* $OpenBSD: pcy_tree.c,v 1.17 2016/11/05 15:21:20 miod Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2004. + */ +/* ==================================================================== + * Copyright (c) 2004 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include + +#include "pcy_int.h" + +/* Enable this to print out the complete policy tree at various point during + * evaluation. + */ + +/*#define OPENSSL_POLICY_DEBUG*/ + +#ifdef OPENSSL_POLICY_DEBUG + +static void +expected_print(BIO *err, X509_POLICY_LEVEL *lev, X509_POLICY_NODE *node, + int indent) +{ + if ((lev->flags & X509_V_FLAG_INHIBIT_MAP) || + !(node->data->flags & POLICY_DATA_FLAG_MAP_MASK)) + BIO_puts(err, " Not Mapped\n"); + else { + int i; + STACK_OF(ASN1_OBJECT) *pset = node->data->expected_policy_set; + ASN1_OBJECT *oid; + BIO_puts(err, " Expected: "); + for (i = 0; i < sk_ASN1_OBJECT_num(pset); i++) { + oid = sk_ASN1_OBJECT_value(pset, i); + if (i) + BIO_puts(err, ", "); + i2a_ASN1_OBJECT(err, oid); + } + BIO_puts(err, "\n"); + } +} + +static void +tree_print(char *str, X509_POLICY_TREE *tree, X509_POLICY_LEVEL *curr) +{ + X509_POLICY_LEVEL *plev; + X509_POLICY_NODE *node; + int i; + BIO *err; + + if ((err = BIO_new_fp(stderr, BIO_NOCLOSE)) == NULL) + return; + + if (!curr) + curr = tree->levels + tree->nlevel; + else + curr++; + BIO_printf(err, "Level print after %s\n", str); + BIO_printf(err, "Printing Up to Level %ld\n", curr - tree->levels); + for (plev = tree->levels; plev != curr; plev++) { + BIO_printf(err, "Level %ld, flags = %x\n", + plev - tree->levels, plev->flags); + for (i = 0; i < sk_X509_POLICY_NODE_num(plev->nodes); i++) { + node = sk_X509_POLICY_NODE_value(plev->nodes, i); + X509_POLICY_NODE_print(err, node, 2); + expected_print(err, plev, node, 2); + BIO_printf(err, " Flags: %x\n", node->data->flags); + } + if (plev->anyPolicy) + X509_POLICY_NODE_print(err, plev->anyPolicy, 2); + } + + BIO_free(err); +} +#else + +#define tree_print(a,b,c) /* */ + +#endif + +/* Initialize policy tree. Return values: + * 0 Some internal error occured. + * -1 Inconsistent or invalid extensions in certificates. + * 1 Tree initialized OK. + * 2 Policy tree is empty. + * 5 Tree OK and requireExplicitPolicy true. + * 6 Tree empty and requireExplicitPolicy true. + */ + +static int +tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, unsigned int flags) +{ + X509_POLICY_TREE *tree; + X509_POLICY_LEVEL *level; + const X509_POLICY_CACHE *cache; + X509_POLICY_DATA *data = NULL; + X509 *x; + int ret = 1; + int i, n; + int explicit_policy; + int any_skip; + int map_skip; + + *ptree = NULL; + n = sk_X509_num(certs); + + if (flags & X509_V_FLAG_EXPLICIT_POLICY) + explicit_policy = 0; + else + explicit_policy = n + 1; + + if (flags & X509_V_FLAG_INHIBIT_ANY) + any_skip = 0; + else + any_skip = n + 1; + + if (flags & X509_V_FLAG_INHIBIT_MAP) + map_skip = 0; + else + map_skip = n + 1; + + /* Can't do anything with just a trust anchor */ + if (n == 1) + return 1; + /* First setup policy cache in all certificates apart from the + * trust anchor. Note any bad cache results on the way. Also can + * calculate explicit_policy value at this point. + */ + for (i = n - 2; i >= 0; i--) { + x = sk_X509_value(certs, i); + X509_check_purpose(x, -1, -1); + cache = policy_cache_set(x); + /* If cache NULL something bad happened: return immediately */ + if (cache == NULL) + return 0; + /* If inconsistent extensions keep a note of it but continue */ + if (x->ex_flags & EXFLAG_INVALID_POLICY) + ret = -1; + /* Otherwise if we have no data (hence no CertificatePolicies) + * and haven't already set an inconsistent code note it. + */ + else if ((ret == 1) && !cache->data) + ret = 2; + if (explicit_policy > 0) { + if (!(x->ex_flags & EXFLAG_SI)) + explicit_policy--; + if ((cache->explicit_skip != -1) && + (cache->explicit_skip < explicit_policy)) + explicit_policy = cache->explicit_skip; + } + } + + if (ret != 1) { + if (ret == 2 && !explicit_policy) + return 6; + return ret; + } + + + /* If we get this far initialize the tree */ + + tree = malloc(sizeof(X509_POLICY_TREE)); + + if (!tree) + return 0; + + tree->flags = 0; + tree->levels = calloc(n, sizeof(X509_POLICY_LEVEL)); + tree->nlevel = 0; + tree->extra_data = NULL; + tree->auth_policies = NULL; + tree->user_policies = NULL; + + if (!tree->levels) { + free(tree); + return 0; + } + + tree->nlevel = n; + + level = tree->levels; + + /* Root data: initialize to anyPolicy */ + + data = policy_data_new(NULL, OBJ_nid2obj(NID_any_policy), 0); + + if (!data || !level_add_node(level, data, NULL, tree, NULL)) + goto bad_tree; + + for (i = n - 2; i >= 0; i--) { + level++; + x = sk_X509_value(certs, i); + cache = policy_cache_set(x); + CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); + level->cert = x; + + if (!cache->anyPolicy) + level->flags |= X509_V_FLAG_INHIBIT_ANY; + + /* Determine inhibit any and inhibit map flags */ + if (any_skip == 0) { + /* Any matching allowed if certificate is self + * issued and not the last in the chain. + */ + if (!(x->ex_flags & EXFLAG_SI) || (i == 0)) + level->flags |= X509_V_FLAG_INHIBIT_ANY; + } else { + if (!(x->ex_flags & EXFLAG_SI)) + any_skip--; + if ((cache->any_skip >= 0) && + (cache->any_skip < any_skip)) + any_skip = cache->any_skip; + } + + if (map_skip == 0) + level->flags |= X509_V_FLAG_INHIBIT_MAP; + else { + if (!(x->ex_flags & EXFLAG_SI)) + map_skip--; + if ((cache->map_skip >= 0) && + (cache->map_skip < map_skip)) + map_skip = cache->map_skip; + } + + } + + *ptree = tree; + + if (explicit_policy) + return 1; + else + return 5; + +bad_tree: + X509_policy_tree_free(tree); + + return 0; +} + +static int +tree_link_matching_nodes(X509_POLICY_LEVEL *curr, const X509_POLICY_DATA *data) +{ + X509_POLICY_LEVEL *last = curr - 1; + X509_POLICY_NODE *node; + int i, matched = 0; + + /* Iterate through all in nodes linking matches */ + for (i = 0; i < sk_X509_POLICY_NODE_num(last->nodes); i++) { + node = sk_X509_POLICY_NODE_value(last->nodes, i); + if (policy_node_match(last, node, data->valid_policy)) { + if (!level_add_node(curr, data, node, NULL, NULL)) + return 0; + matched = 1; + } + } + if (!matched && last->anyPolicy) { + if (!level_add_node(curr, data, last->anyPolicy, NULL, NULL)) + return 0; + } + return 1; +} + +/* This corresponds to RFC3280 6.1.3(d)(1): + * link any data from CertificatePolicies onto matching parent + * or anyPolicy if no match. + */ + +static int +tree_link_nodes(X509_POLICY_LEVEL *curr, const X509_POLICY_CACHE *cache) +{ + int i; + X509_POLICY_DATA *data; + + for (i = 0; i < sk_X509_POLICY_DATA_num(cache->data); i++) { + data = sk_X509_POLICY_DATA_value(cache->data, i); + /* Look for matching nodes in previous level */ + if (!tree_link_matching_nodes(curr, data)) + return 0; + } + return 1; +} + +/* This corresponds to RFC3280 6.1.3(d)(2): + * Create new data for any unmatched policies in the parent and link + * to anyPolicy. + */ + +static int +tree_add_unmatched(X509_POLICY_LEVEL *curr, const X509_POLICY_CACHE *cache, + const ASN1_OBJECT *id, X509_POLICY_NODE *node, X509_POLICY_TREE *tree) +{ + X509_POLICY_DATA *data; + + if (id == NULL) + id = node->data->valid_policy; + /* Create a new node with qualifiers from anyPolicy and + * id from unmatched node. + */ + data = policy_data_new(NULL, id, node_critical(node)); + + if (data == NULL) + return 0; + /* Curr may not have anyPolicy */ + data->qualifier_set = cache->anyPolicy->qualifier_set; + data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS; + if (!level_add_node(curr, data, node, tree, NULL)) { + policy_data_free(data); + return 0; + } + + return 1; +} + +static int +tree_link_unmatched(X509_POLICY_LEVEL *curr, const X509_POLICY_CACHE *cache, + X509_POLICY_NODE *node, X509_POLICY_TREE *tree) +{ + const X509_POLICY_LEVEL *last = curr - 1; + int i; + + if ((last->flags & X509_V_FLAG_INHIBIT_MAP) || + !(node->data->flags & POLICY_DATA_FLAG_MAPPED)) { + /* If no policy mapping: matched if one child present */ + if (node->nchild) + return 1; + if (!tree_add_unmatched(curr, cache, NULL, node, tree)) + return 0; + /* Add it */ + } else { + /* If mapping: matched if one child per expected policy set */ + STACK_OF(ASN1_OBJECT) *expset = node->data->expected_policy_set; + if (node->nchild == sk_ASN1_OBJECT_num(expset)) + return 1; + /* Locate unmatched nodes */ + for (i = 0; i < sk_ASN1_OBJECT_num(expset); i++) { + ASN1_OBJECT *oid = sk_ASN1_OBJECT_value(expset, i); + if (level_find_node(curr, node, oid)) + continue; + if (!tree_add_unmatched(curr, cache, oid, node, tree)) + return 0; + } + } + + return 1; +} + +static int +tree_link_any(X509_POLICY_LEVEL *curr, const X509_POLICY_CACHE *cache, + X509_POLICY_TREE *tree) +{ + int i; + X509_POLICY_NODE *node; + X509_POLICY_LEVEL *last = curr - 1; + + for (i = 0; i < sk_X509_POLICY_NODE_num(last->nodes); i++) { + node = sk_X509_POLICY_NODE_value(last->nodes, i); + + if (!tree_link_unmatched(curr, cache, node, tree)) + return 0; + } + /* Finally add link to anyPolicy */ + if (last->anyPolicy) { + if (!level_add_node(curr, cache->anyPolicy, + last->anyPolicy, NULL, NULL)) + return 0; + } + return 1; +} + +/* Prune the tree: delete any child mapped child data on the current level + * then proceed up the tree deleting any data with no children. If we ever + * have no data on a level we can halt because the tree will be empty. + */ + +static int +tree_prune(X509_POLICY_TREE *tree, X509_POLICY_LEVEL *curr) +{ + STACK_OF(X509_POLICY_NODE) *nodes; + X509_POLICY_NODE *node; + int i; + + nodes = curr->nodes; + if (curr->flags & X509_V_FLAG_INHIBIT_MAP) { + for (i = sk_X509_POLICY_NODE_num(nodes) - 1; i >= 0; i--) { + node = sk_X509_POLICY_NODE_value(nodes, i); + /* Delete any mapped data: see RFC3280 XXXX */ + if (node->data->flags & POLICY_DATA_FLAG_MAP_MASK) { + node->parent->nchild--; + free(node); + (void)sk_X509_POLICY_NODE_delete(nodes, i); + } + } + } + + for (;;) { + --curr; + nodes = curr->nodes; + for (i = sk_X509_POLICY_NODE_num(nodes) - 1; i >= 0; i--) { + node = sk_X509_POLICY_NODE_value(nodes, i); + if (node->nchild == 0) { + node->parent->nchild--; + free(node); + (void)sk_X509_POLICY_NODE_delete(nodes, i); + } + } + if (curr->anyPolicy && !curr->anyPolicy->nchild) { + if (curr->anyPolicy->parent) + curr->anyPolicy->parent->nchild--; + free(curr->anyPolicy); + curr->anyPolicy = NULL; + } + if (curr == tree->levels) { + /* If we zapped anyPolicy at top then tree is empty */ + if (!curr->anyPolicy) + return 2; + return 1; + } + } + + return 1; +} + +static int +tree_add_auth_node(STACK_OF(X509_POLICY_NODE) **pnodes, X509_POLICY_NODE *pcy) +{ + if (!*pnodes) { + *pnodes = policy_node_cmp_new(); + if (!*pnodes) + return 0; + } else if (sk_X509_POLICY_NODE_find(*pnodes, pcy) != -1) + return 1; + + if (!sk_X509_POLICY_NODE_push(*pnodes, pcy)) + return 0; + + return 1; +} + +/* Calculate the authority set based on policy tree. + * The 'pnodes' parameter is used as a store for the set of policy nodes + * used to calculate the user set. If the authority set is not anyPolicy + * then pnodes will just point to the authority set. If however the authority + * set is anyPolicy then the set of valid policies (other than anyPolicy) + * is store in pnodes. The return value of '2' is used in this case to indicate + * that pnodes should be freed. + */ + +static int +tree_calculate_authority_set(X509_POLICY_TREE *tree, + STACK_OF(X509_POLICY_NODE) **pnodes) +{ + X509_POLICY_LEVEL *curr; + X509_POLICY_NODE *node, *anyptr; + STACK_OF(X509_POLICY_NODE) **addnodes; + int i, j; + + curr = tree->levels + tree->nlevel - 1; + + /* If last level contains anyPolicy set is anyPolicy */ + if (curr->anyPolicy) { + if (!tree_add_auth_node(&tree->auth_policies, curr->anyPolicy)) + return 0; + addnodes = pnodes; + } else + /* Add policies to authority set */ + addnodes = &tree->auth_policies; + + curr = tree->levels; + for (i = 1; i < tree->nlevel; i++) { + /* If no anyPolicy node on this this level it can't + * appear on lower levels so end search. + */ + if (!(anyptr = curr->anyPolicy)) + break; + curr++; + for (j = 0; j < sk_X509_POLICY_NODE_num(curr->nodes); j++) { + node = sk_X509_POLICY_NODE_value(curr->nodes, j); + if ((node->parent == anyptr) && + !tree_add_auth_node(addnodes, node)) + return 0; + } + } + + if (addnodes == pnodes) + return 2; + + *pnodes = tree->auth_policies; + + return 1; +} + +static int +tree_calculate_user_set(X509_POLICY_TREE *tree, + STACK_OF(ASN1_OBJECT) *policy_oids, STACK_OF(X509_POLICY_NODE) *auth_nodes) +{ + int i; + X509_POLICY_NODE *node; + ASN1_OBJECT *oid; + X509_POLICY_NODE *anyPolicy; + X509_POLICY_DATA *extra; + + /* Check if anyPolicy present in authority constrained policy set: + * this will happen if it is a leaf node. + */ + + if (sk_ASN1_OBJECT_num(policy_oids) <= 0) + return 1; + + anyPolicy = tree->levels[tree->nlevel - 1].anyPolicy; + + for (i = 0; i < sk_ASN1_OBJECT_num(policy_oids); i++) { + oid = sk_ASN1_OBJECT_value(policy_oids, i); + if (OBJ_obj2nid(oid) == NID_any_policy) { + tree->flags |= POLICY_FLAG_ANY_POLICY; + return 1; + } + } + + for (i = 0; i < sk_ASN1_OBJECT_num(policy_oids); i++) { + oid = sk_ASN1_OBJECT_value(policy_oids, i); + node = tree_find_sk(auth_nodes, oid); + if (!node) { + if (!anyPolicy) + continue; + /* Create a new node with policy ID from user set + * and qualifiers from anyPolicy. + */ + extra = policy_data_new(NULL, oid, + node_critical(anyPolicy)); + if (!extra) + return 0; + extra->qualifier_set = anyPolicy->data->qualifier_set; + extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS | + POLICY_DATA_FLAG_EXTRA_NODE; + (void) level_add_node(NULL, extra, anyPolicy->parent, + tree, &node); + } + if (!tree->user_policies) { + tree->user_policies = sk_X509_POLICY_NODE_new_null(); + if (!tree->user_policies) + return 1; + } + if (!sk_X509_POLICY_NODE_push(tree->user_policies, node)) + return 0; + } + return 1; +} + +static int +tree_evaluate(X509_POLICY_TREE *tree) +{ + int ret, i; + X509_POLICY_LEVEL *curr = tree->levels + 1; + const X509_POLICY_CACHE *cache; + + for (i = 1; i < tree->nlevel; i++, curr++) { + cache = policy_cache_set(curr->cert); + if (!tree_link_nodes(curr, cache)) + return 0; + + if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY) && + !tree_link_any(curr, cache, tree)) + return 0; + tree_print("before tree_prune()", tree, curr); + ret = tree_prune(tree, curr); + if (ret != 1) + return ret; + } + + return 1; +} + +static void +exnode_free(X509_POLICY_NODE *node) +{ + if (node->data && (node->data->flags & POLICY_DATA_FLAG_EXTRA_NODE)) + free(node); +} + +void +X509_policy_tree_free(X509_POLICY_TREE *tree) +{ + X509_POLICY_LEVEL *curr; + int i; + + if (!tree) + return; + + sk_X509_POLICY_NODE_free(tree->auth_policies); + sk_X509_POLICY_NODE_pop_free(tree->user_policies, exnode_free); + + for (i = 0, curr = tree->levels; i < tree->nlevel; i++, curr++) { + X509_free(curr->cert); + if (curr->nodes) + sk_X509_POLICY_NODE_pop_free(curr->nodes, + policy_node_free); + if (curr->anyPolicy) + policy_node_free(curr->anyPolicy); + } + + if (tree->extra_data) + sk_X509_POLICY_DATA_pop_free(tree->extra_data, + policy_data_free); + + free(tree->levels); + free(tree); +} + +/* Application policy checking function. + * Return codes: + * 0 Internal Error. + * 1 Successful. + * -1 One or more certificates contain invalid or inconsistent extensions + * -2 User constrained policy set empty and requireExplicit true. + */ + +int +X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy, + STACK_OF(X509) *certs, STACK_OF(ASN1_OBJECT) *policy_oids, + unsigned int flags) +{ + int ret, ret2; + X509_POLICY_TREE *tree = NULL; + STACK_OF(X509_POLICY_NODE) *nodes, *auth_nodes = NULL; + + *ptree = NULL; + *pexplicit_policy = 0; + ret = tree_init(&tree, certs, flags); + + switch (ret) { + + /* Tree empty requireExplicit False: OK */ + case 2: + return 1; + + /* Some internal error */ + case -1: + return -1; + + /* Some internal error */ + case 0: + return 0; + + /* Tree empty requireExplicit True: Error */ + + case 6: + *pexplicit_policy = 1; + return -2; + + /* Tree OK requireExplicit True: OK and continue */ + case 5: + *pexplicit_policy = 1; + break; + + /* Tree OK: continue */ + + case 1: + if (!tree) + /* + * tree_init() returns success and a null tree + * if it's just looking at a trust anchor. + * I'm not sure that returning success here is + * correct, but I'm sure that reporting this + * as an internal error which our caller + * interprets as a malloc failure is wrong. + */ + return 1; + break; + } + + if (!tree) + goto error; + ret = tree_evaluate(tree); + + tree_print("tree_evaluate()", tree, NULL); + + if (ret <= 0) + goto error; + + /* Return value 2 means tree empty */ + if (ret == 2) { + X509_policy_tree_free(tree); + if (*pexplicit_policy) + return -2; + else + return 1; + } + + /* Tree is not empty: continue */ + + ret = tree_calculate_authority_set(tree, &auth_nodes); + if (ret == 0) + goto error; + + ret2 = tree_calculate_user_set(tree, policy_oids, auth_nodes); + + /* Return value 2 means auth_nodes needs to be freed */ + if (ret == 2) + sk_X509_POLICY_NODE_free(auth_nodes); + + if (ret2 == 0) + goto error; + + if (tree) + *ptree = tree; + + if (*pexplicit_policy) { + nodes = X509_policy_tree_get0_user_policies(tree); + if (sk_X509_POLICY_NODE_num(nodes) <= 0) + return -2; + } + + return 1; + +error: + X509_policy_tree_free(tree); + + return 0; +} diff --git a/src/lib/libcrypto/x509v3/tabtest.c b/src/lib/libcrypto/x509v3/tabtest.c deleted file mode 100644 index dad0d38dd53..00000000000 --- a/src/lib/libcrypto/x509v3/tabtest.c +++ /dev/null @@ -1,88 +0,0 @@ -/* tabtest.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 1999. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -/* Simple program to check the ext_dat.h is correct and print out - * problems if it is not. - */ - -#include - -#include - -#include "ext_dat.h" - -main() -{ - int i, prev = -1, bad = 0; - X509V3_EXT_METHOD **tmp; - i = sizeof(standard_exts) / sizeof(X509V3_EXT_METHOD *); - if(i != STANDARD_EXTENSION_COUNT) - fprintf(stderr, "Extension number invalid expecting %d\n", i); - tmp = standard_exts; - for(i = 0; i < STANDARD_EXTENSION_COUNT; i++, tmp++) { - if((*tmp)->ext_nid < prev) bad = 1; - prev = (*tmp)->ext_nid; - - } - if(bad) { - tmp = standard_exts; - fprintf(stderr, "Extensions out of order!\n"); - for(i = 0; i < STANDARD_EXTENSION_COUNT; i++, tmp++) - printf("%d : %s\n", (*tmp)->ext_nid, OBJ_nid2sn((*tmp)->ext_nid)); - } else fprintf(stderr, "Order OK\n"); -} diff --git a/src/lib/libcrypto/x509v3/v3_akey.c b/src/lib/libcrypto/x509v3/v3_akey.c index 97e686f97af..e2e5730c7d4 100644 --- a/src/lib/libcrypto/x509v3/v3_akey.c +++ b/src/lib/libcrypto/x509v3/v3_akey.c @@ -1,5 +1,5 @@ -/* v3_akey.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: v3_akey.c,v 1.19 2017/01/29 17:49:23 beck Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,43 +57,54 @@ */ #include -#include "cryptlib.h" -#include +#include + #include #include +#include +#include #include static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, - AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist); + AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist); static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values); - -X509V3_EXT_METHOD v3_akey_id = { -NID_authority_key_identifier, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID), -0,0,0,0, -0,0, -(X509V3_EXT_I2V)i2v_AUTHORITY_KEYID, -(X509V3_EXT_V2I)v2i_AUTHORITY_KEYID, -0,0, -NULL + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values); + +const X509V3_EXT_METHOD v3_akey_id = { + .ext_nid = NID_authority_key_identifier, + .ext_flags = X509V3_EXT_MULTILINE, + .it = &AUTHORITY_KEYID_it, + .ext_new = NULL, + .ext_free = NULL, + .d2i = NULL, + .i2d = NULL, + .i2s = NULL, + .s2i = NULL, + .i2v = (X509V3_EXT_I2V)i2v_AUTHORITY_KEYID, + .v2i = (X509V3_EXT_V2I)v2i_AUTHORITY_KEYID, + .i2r = NULL, + .r2i = NULL, + .usr_data = NULL, }; -static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, - AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist) +static +STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, + AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist) { char *tmp; - if(akeyid->keyid) { + + if (akeyid->keyid) { tmp = hex_to_string(akeyid->keyid->data, akeyid->keyid->length); X509V3_add_value("keyid", tmp, &extlist); - OPENSSL_free(tmp); + free(tmp); } - if(akeyid->issuer) + if (akeyid->issuer) extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist); - if(akeyid->serial) { + if (akeyid->serial) { tmp = hex_to_string(akeyid->serial->data, - akeyid->serial->length); + akeyid->serial->length); X509V3_add_value("serial", tmp, &extlist); - OPENSSL_free(tmp); + free(tmp); } return extlist; } @@ -106,85 +117,94 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, * this is always included. */ -static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values) +static AUTHORITY_KEYID * +v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *values) { -char keyid=0, issuer=0; -int i; -CONF_VALUE *cnf; -ASN1_OCTET_STRING *ikeyid = NULL; -X509_NAME *isname = NULL; -GENERAL_NAMES * gens = NULL; -GENERAL_NAME *gen = NULL; -ASN1_INTEGER *serial = NULL; -X509_EXTENSION *ext; -X509 *cert; -AUTHORITY_KEYID *akeyid; -for(i = 0; i < sk_CONF_VALUE_num(values); i++) { - cnf = sk_CONF_VALUE_value(values, i); - if(!strcmp(cnf->name, "keyid")) { - keyid = 1; - if(cnf->value && !strcmp(cnf->value, "always")) keyid = 2; - } else if(!strcmp(cnf->name, "issuer")) { - issuer = 1; - if(cnf->value && !strcmp(cnf->value, "always")) issuer = 2; - } else { - X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNKNOWN_OPTION); - ERR_add_error_data(2, "name=", cnf->name); - return NULL; + char keyid = 0, issuer = 0; + int i; + CONF_VALUE *cnf; + ASN1_OCTET_STRING *ikeyid = NULL; + X509_NAME *isname = NULL; + STACK_OF(GENERAL_NAME) *gens = NULL; + GENERAL_NAME *gen = NULL; + ASN1_INTEGER *serial = NULL; + X509_EXTENSION *ext; + X509 *cert; + AUTHORITY_KEYID *akeyid = NULL; + + for (i = 0; i < sk_CONF_VALUE_num(values); i++) { + cnf = sk_CONF_VALUE_value(values, i); + if (!strcmp(cnf->name, "keyid")) { + keyid = 1; + if (cnf->value && !strcmp(cnf->value, "always")) + keyid = 2; + } + else if (!strcmp(cnf->name, "issuer")) { + issuer = 1; + if (cnf->value && !strcmp(cnf->value, "always")) + issuer = 2; + } else { + X509V3error(X509V3_R_UNKNOWN_OPTION); + ERR_asprintf_error_data("name=%s", cnf->name); + return NULL; + } } -} - -if(!ctx || !ctx->issuer_cert) { - if(ctx && (ctx->flags==CTX_TEST)) return AUTHORITY_KEYID_new(); - X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_NO_ISSUER_CERTIFICATE); - return NULL; -} -cert = ctx->issuer_cert; - -if(keyid) { - i = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1); - if((i >= 0) && (ext = X509_get_ext(cert, i))) - ikeyid = X509V3_EXT_d2i(ext); - if(keyid==2 && !ikeyid) { - X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_KEYID); + if (!ctx || !ctx->issuer_cert) { + if (ctx && (ctx->flags == CTX_TEST)) + return AUTHORITY_KEYID_new(); + X509V3error(X509V3_R_NO_ISSUER_CERTIFICATE); return NULL; } -} -if((issuer && !ikeyid) || (issuer == 2)) { - isname = X509_NAME_dup(X509_get_issuer_name(cert)); - serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert)); - if(!isname || !serial) { - X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS); - goto err; + cert = ctx->issuer_cert; + + if (keyid) { + i = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1); + if ((i >= 0) && (ext = X509_get_ext(cert, i))) + ikeyid = X509V3_EXT_d2i(ext); + if (keyid == 2 && !ikeyid) { + X509V3error(X509V3_R_UNABLE_TO_GET_ISSUER_KEYID); + return NULL; + } } -} -if(!(akeyid = AUTHORITY_KEYID_new())) goto err; + if ((issuer && !ikeyid) || (issuer == 2)) { + isname = X509_NAME_dup(X509_get_issuer_name(cert)); + serial = ASN1_INTEGER_dup(X509_get_serialNumber(cert)); + if (!isname || !serial) { + X509V3error(X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS); + goto err; + } + } -if(isname) { - if(!(gens = sk_GENERAL_NAME_new_null()) || !(gen = GENERAL_NAME_new()) - || !sk_GENERAL_NAME_push(gens, gen)) { - X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,ERR_R_MALLOC_FAILURE); + if (!(akeyid = AUTHORITY_KEYID_new())) goto err; + + if (isname) { + if (!(gens = sk_GENERAL_NAME_new_null()) || + !(gen = GENERAL_NAME_new()) || + !sk_GENERAL_NAME_push(gens, gen)) { + X509V3error(ERR_R_MALLOC_FAILURE); + goto err; + } + gen->type = GEN_DIRNAME; + gen->d.dirn = isname; } - gen->type = GEN_DIRNAME; - gen->d.dirn = isname; -} -akeyid->issuer = gens; -akeyid->serial = serial; -akeyid->keyid = ikeyid; + akeyid->issuer = gens; + akeyid->serial = serial; + akeyid->keyid = ikeyid; -return akeyid; + return akeyid; err: -X509_NAME_free(isname); -M_ASN1_INTEGER_free(serial); -M_ASN1_OCTET_STRING_free(ikeyid); -return NULL; - + AUTHORITY_KEYID_free(akeyid); + GENERAL_NAME_free(gen); + sk_GENERAL_NAME_free(gens); + X509_NAME_free(isname); + ASN1_INTEGER_free(serial); + ASN1_OCTET_STRING_free(ikeyid); + return NULL; } - diff --git a/src/lib/libcrypto/x509v3/v3_akeya.c b/src/lib/libcrypto/x509v3/v3_akeya.c index 2aafa26ba71..83ef1b58387 100644 --- a/src/lib/libcrypto/x509v3/v3_akeya.c +++ b/src/lib/libcrypto/x509v3/v3_akeya.c @@ -1,5 +1,5 @@ -/* v3_akey_asn1.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: v3_akeya.c,v 1.7 2015/07/25 16:00:14 jsing Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,16 +57,68 @@ */ #include -#include "cryptlib.h" -#include + #include #include +#include #include -ASN1_SEQUENCE(AUTHORITY_KEYID) = { - ASN1_IMP_OPT(AUTHORITY_KEYID, keyid, ASN1_OCTET_STRING, 0), - ASN1_IMP_SEQUENCE_OF_OPT(AUTHORITY_KEYID, issuer, GENERAL_NAME, 1), - ASN1_IMP_OPT(AUTHORITY_KEYID, serial, ASN1_INTEGER, 2) -} ASN1_SEQUENCE_END(AUTHORITY_KEYID) +static const ASN1_TEMPLATE AUTHORITY_KEYID_seq_tt[] = { + { + .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(AUTHORITY_KEYID, keyid), + .field_name = "keyid", + .item = &ASN1_OCTET_STRING_it, + }, + { + .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL, + .tag = 1, + .offset = offsetof(AUTHORITY_KEYID, issuer), + .field_name = "issuer", + .item = &GENERAL_NAME_it, + }, + { + .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL, + .tag = 2, + .offset = offsetof(AUTHORITY_KEYID, serial), + .field_name = "serial", + .item = &ASN1_INTEGER_it, + }, +}; + +const ASN1_ITEM AUTHORITY_KEYID_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = AUTHORITY_KEYID_seq_tt, + .tcount = sizeof(AUTHORITY_KEYID_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(AUTHORITY_KEYID), + .sname = "AUTHORITY_KEYID", +}; + + +AUTHORITY_KEYID * +d2i_AUTHORITY_KEYID(AUTHORITY_KEYID **a, const unsigned char **in, long len) +{ + return (AUTHORITY_KEYID *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &AUTHORITY_KEYID_it); +} + +int +i2d_AUTHORITY_KEYID(AUTHORITY_KEYID *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &AUTHORITY_KEYID_it); +} + +AUTHORITY_KEYID * +AUTHORITY_KEYID_new(void) +{ + return (AUTHORITY_KEYID *)ASN1_item_new(&AUTHORITY_KEYID_it); +} -IMPLEMENT_ASN1_FUNCTIONS(AUTHORITY_KEYID) +void +AUTHORITY_KEYID_free(AUTHORITY_KEYID *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &AUTHORITY_KEYID_it); +} diff --git a/src/lib/libcrypto/x509v3/v3_alt.c b/src/lib/libcrypto/x509v3/v3_alt.c index 0e9e7dcb4fd..08063d191b0 100644 --- a/src/lib/libcrypto/x509v3/v3_alt.c +++ b/src/lib/libcrypto/x509v3/v3_alt.c @@ -1,16 +1,16 @@ -/* v3_alt.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 1999. +/* $OpenBSD: v3_alt.c,v 1.28 2018/05/18 19:34:37 tb Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,144 +57,212 @@ */ #include -#include "cryptlib.h" +#include + #include +#include #include -static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); -static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); +static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); +static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p); static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens); -X509V3_EXT_METHOD v3_alt[] = { -{ NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES), -0,0,0,0, -0,0, -(X509V3_EXT_I2V)i2v_GENERAL_NAMES, -(X509V3_EXT_V2I)v2i_subject_alt, -NULL, NULL, NULL}, - -{ NID_issuer_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES), -0,0,0,0, -0,0, -(X509V3_EXT_I2V)i2v_GENERAL_NAMES, -(X509V3_EXT_V2I)v2i_issuer_alt, -NULL, NULL, NULL}, +static int do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx); +static int do_dirname(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx); + +const X509V3_EXT_METHOD v3_alt[] = { + { + .ext_nid = NID_subject_alt_name, + .ext_flags = 0, + .it = &GENERAL_NAMES_it, + .ext_new = NULL, + .ext_free = NULL, + .d2i = NULL, + .i2d = NULL, + .i2s = NULL, + .s2i = NULL, + .i2v = (X509V3_EXT_I2V)i2v_GENERAL_NAMES, + .v2i = (X509V3_EXT_V2I)v2i_subject_alt, + .i2r = NULL, + .r2i = NULL, + .usr_data = NULL, + }, + { + .ext_nid = NID_issuer_alt_name, + .ext_flags = 0, + .it = &GENERAL_NAMES_it, + .ext_new = NULL, + .ext_free = NULL, + .d2i = NULL, + .i2d = NULL, + .i2s = NULL, + .s2i = NULL, + .i2v = (X509V3_EXT_I2V)i2v_GENERAL_NAMES, + .v2i = (X509V3_EXT_V2I)v2i_issuer_alt, + .i2r = NULL, + .r2i = NULL, + .usr_data = NULL, + }, + { + .ext_nid = NID_certificate_issuer, + .ext_flags = 0, + .it = &GENERAL_NAMES_it, + .ext_new = NULL, + .ext_free = NULL, + .d2i = NULL, + .i2d = NULL, + .i2s = NULL, + .s2i = NULL, + .i2v = (X509V3_EXT_I2V)i2v_GENERAL_NAMES, + .v2i = NULL, + .i2r = NULL, + .r2i = NULL, + .usr_data = NULL, + }, }; -STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, - GENERAL_NAMES *gens, STACK_OF(CONF_VALUE) *ret) +STACK_OF(CONF_VALUE) * +i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, GENERAL_NAMES *gens, + STACK_OF(CONF_VALUE) *ret) { int i; GENERAL_NAME *gen; - for(i = 0; i < sk_GENERAL_NAME_num(gens); i++) { + + for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) { gen = sk_GENERAL_NAME_value(gens, i); ret = i2v_GENERAL_NAME(method, gen, ret); } - if(!ret) return sk_CONF_VALUE_new_null(); + if (!ret) + return sk_CONF_VALUE_new_null(); return ret; } -STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, - GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret) +STACK_OF(CONF_VALUE) * +i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen, + STACK_OF(CONF_VALUE) *ret) { unsigned char *p; - char oline[256]; - switch (gen->type) - { - case GEN_OTHERNAME: - X509V3_add_value("othername","", &ret); + char oline[256], htmp[5]; + int i; + + switch (gen->type) { + case GEN_OTHERNAME: + X509V3_add_value("othername", "", &ret); break; - case GEN_X400: - X509V3_add_value("X400Name","", &ret); + case GEN_X400: + X509V3_add_value("X400Name", "", &ret); break; - case GEN_EDIPARTY: - X509V3_add_value("EdiPartyName","", &ret); + case GEN_EDIPARTY: + X509V3_add_value("EdiPartyName", "", &ret); break; - case GEN_EMAIL: - X509V3_add_value_uchar("email",gen->d.ia5->data, &ret); + case GEN_EMAIL: + X509V3_add_value_uchar("email", gen->d.ia5->data, &ret); break; - case GEN_DNS: - X509V3_add_value_uchar("DNS",gen->d.ia5->data, &ret); + case GEN_DNS: + X509V3_add_value_uchar("DNS", gen->d.ia5->data, &ret); break; - case GEN_URI: - X509V3_add_value_uchar("URI",gen->d.ia5->data, &ret); + case GEN_URI: + X509V3_add_value_uchar("URI", gen->d.ia5->data, &ret); break; - case GEN_DIRNAME: + case GEN_DIRNAME: X509_NAME_oneline(gen->d.dirn, oline, 256); - X509V3_add_value("DirName",oline, &ret); + X509V3_add_value("DirName", oline, &ret); break; - case GEN_IPADD: + case GEN_IPADD: p = gen->d.ip->data; - /* BUG: doesn't support IPV6 */ - if(gen->d.ip->length != 4) { - X509V3_add_value("IP Address","", &ret); + if (gen->d.ip->length == 4) + (void) snprintf(oline, sizeof oline, + "%d.%d.%d.%d", p[0], p[1], p[2], p[3]); + else if (gen->d.ip->length == 16) { + oline[0] = 0; + for (i = 0; i < 8; i++) { + (void) snprintf(htmp, sizeof htmp, + "%X", p[0] << 8 | p[1]); + p += 2; + strlcat(oline, htmp, sizeof(oline)); + if (i != 7) + strlcat(oline, ":", sizeof(oline)); + } + } else { + X509V3_add_value("IP Address", "", &ret); break; } - sprintf(oline, "%d.%d.%d.%d", p[0], p[1], p[2], p[3]); - X509V3_add_value("IP Address",oline, &ret); + X509V3_add_value("IP Address", oline, &ret); break; - case GEN_RID: + case GEN_RID: i2t_ASN1_OBJECT(oline, 256, gen->d.rid); - X509V3_add_value("Registered ID",oline, &ret); + X509V3_add_value("Registered ID", oline, &ret); break; } return ret; } -int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen) +int +GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen) { unsigned char *p; - switch (gen->type) - { - case GEN_OTHERNAME: + int i; + + switch (gen->type) { + case GEN_OTHERNAME: BIO_printf(out, "othername:"); break; - case GEN_X400: + case GEN_X400: BIO_printf(out, "X400Name:"); break; - case GEN_EDIPARTY: + case GEN_EDIPARTY: /* Maybe fix this: it is supported now */ BIO_printf(out, "EdiPartyName:"); break; - case GEN_EMAIL: - BIO_printf(out, "email:%s",gen->d.ia5->data); + case GEN_EMAIL: + BIO_printf(out, "email:%s", gen->d.ia5->data); break; - case GEN_DNS: - BIO_printf(out, "DNS:%s",gen->d.ia5->data); + case GEN_DNS: + BIO_printf(out, "DNS:%s", gen->d.ia5->data); break; - case GEN_URI: - BIO_printf(out, "URI:%s",gen->d.ia5->data); + case GEN_URI: + BIO_printf(out, "URI:%s", gen->d.ia5->data); break; - case GEN_DIRNAME: + case GEN_DIRNAME: BIO_printf(out, "DirName: "); X509_NAME_print_ex(out, gen->d.dirn, 0, XN_FLAG_ONELINE); break; - case GEN_IPADD: + case GEN_IPADD: p = gen->d.ip->data; - /* BUG: doesn't support IPV6 */ - if(gen->d.ip->length != 4) { - BIO_printf(out,"IP Address:"); + if (gen->d.ip->length == 4) + BIO_printf(out, "IP Address:%d.%d.%d.%d", + p[0], p[1], p[2], p[3]); + else if (gen->d.ip->length == 16) { + BIO_printf(out, "IP Address"); + for (i = 0; i < 8; i++) { + BIO_printf(out, ":%X", p[0] << 8 | p[1]); + p += 2; + } + BIO_puts(out, "\n"); + } else { + BIO_printf(out, "IP Address:"); break; } - BIO_printf(out, "IP Address:%d.%d.%d.%d", p[0], p[1], p[2], p[3]); break; - case GEN_RID: + case GEN_RID: BIO_printf(out, "Registered ID"); i2a_ASN1_OBJECT(out, gen->d.rid); break; @@ -202,256 +270,394 @@ int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen) return 1; } -static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) +static GENERAL_NAMES * +v2i_issuer_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *nval) { GENERAL_NAMES *gens = NULL; CONF_VALUE *cnf; int i; - if(!(gens = sk_GENERAL_NAME_new_null())) { - X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE); + + if ((gens = sk_GENERAL_NAME_new_null()) == NULL) { + X509V3error(ERR_R_MALLOC_FAILURE); return NULL; } - for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { + for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { cnf = sk_CONF_VALUE_value(nval, i); - if(!name_cmp(cnf->name, "issuer") && cnf->value && - !strcmp(cnf->value, "copy")) { - if(!copy_issuer(ctx, gens)) goto err; + if (name_cmp(cnf->name, "issuer") == 0 && cnf->value != NULL && + strcmp(cnf->value, "copy") == 0) { + if (!copy_issuer(ctx, gens)) + goto err; } else { GENERAL_NAME *gen; - if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) - goto err; - sk_GENERAL_NAME_push(gens, gen); + if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL) + goto err; + if (sk_GENERAL_NAME_push(gens, gen) == 0) { + GENERAL_NAME_free(gen); + goto err; + } } } return gens; - err: + +err: sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); return NULL; } /* Append subject altname of issuer to issuer alt name of subject */ -static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens) +static int +copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens) { GENERAL_NAMES *ialt; GENERAL_NAME *gen; X509_EXTENSION *ext; int i; - if(ctx && (ctx->flags == CTX_TEST)) return 1; - if(!ctx || !ctx->issuer_cert) { - X509V3err(X509V3_F_COPY_ISSUER,X509V3_R_NO_ISSUER_DETAILS); + + if (ctx && (ctx->flags == CTX_TEST)) + return 1; + if (!ctx || !ctx->issuer_cert) { + X509V3error(X509V3_R_NO_ISSUER_DETAILS); goto err; } - i = X509_get_ext_by_NID(ctx->issuer_cert, NID_subject_alt_name, -1); - if(i < 0) return 1; - if(!(ext = X509_get_ext(ctx->issuer_cert, i)) || - !(ialt = X509V3_EXT_d2i(ext)) ) { - X509V3err(X509V3_F_COPY_ISSUER,X509V3_R_ISSUER_DECODE_ERROR); + i = X509_get_ext_by_NID(ctx->issuer_cert, NID_subject_alt_name, -1); + if (i < 0) + return 1; + if (!(ext = X509_get_ext(ctx->issuer_cert, i)) || + !(ialt = X509V3_EXT_d2i(ext))) { + X509V3error(X509V3_R_ISSUER_DECODE_ERROR); goto err; } - for(i = 0; i < sk_GENERAL_NAME_num(ialt); i++) { + for (i = 0; i < sk_GENERAL_NAME_num(ialt); i++) { gen = sk_GENERAL_NAME_value(ialt, i); - if(!sk_GENERAL_NAME_push(gens, gen)) { - X509V3err(X509V3_F_COPY_ISSUER,ERR_R_MALLOC_FAILURE); + if (!sk_GENERAL_NAME_push(gens, gen)) { + X509V3error(ERR_R_MALLOC_FAILURE); goto err; } } sk_GENERAL_NAME_free(ialt); return 1; - - err: + +err: return 0; - + } -static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) +static GENERAL_NAMES * +v2i_subject_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *nval) { GENERAL_NAMES *gens = NULL; CONF_VALUE *cnf; int i; - if(!(gens = sk_GENERAL_NAME_new_null())) { - X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE); + + if (!(gens = sk_GENERAL_NAME_new_null())) { + X509V3error(ERR_R_MALLOC_FAILURE); return NULL; } - for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { + for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { cnf = sk_CONF_VALUE_value(nval, i); - if(!name_cmp(cnf->name, "email") && cnf->value && - !strcmp(cnf->value, "copy")) { - if(!copy_email(ctx, gens, 0)) goto err; - } else if(!name_cmp(cnf->name, "email") && cnf->value && - !strcmp(cnf->value, "move")) { - if(!copy_email(ctx, gens, 1)) goto err; + if (!name_cmp(cnf->name, "email") && cnf->value && + !strcmp(cnf->value, "copy")) { + if (!copy_email(ctx, gens, 0)) + goto err; + } else if (!name_cmp(cnf->name, "email") && cnf->value && + !strcmp(cnf->value, "move")) { + if (!copy_email(ctx, gens, 1)) + goto err; } else { GENERAL_NAME *gen; - if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) - goto err; - sk_GENERAL_NAME_push(gens, gen); + if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) + goto err; + if (sk_GENERAL_NAME_push(gens, gen) == 0) { + GENERAL_NAME_free(gen); + goto err; + } } } return gens; - err: + +err: sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); return NULL; } -/* Copy any email addresses in a certificate or request to +/* Copy any email addresses in a certificate or request to * GENERAL_NAMES */ -static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p) +static int +copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p) { X509_NAME *nm; ASN1_IA5STRING *email = NULL; X509_NAME_ENTRY *ne; GENERAL_NAME *gen = NULL; int i; - if(ctx->flags == CTX_TEST) return 1; - if(!ctx || (!ctx->subject_cert && !ctx->subject_req)) { - X509V3err(X509V3_F_COPY_EMAIL,X509V3_R_NO_SUBJECT_DETAILS); + + if (ctx != NULL && ctx->flags == CTX_TEST) + return 1; + if (!ctx || (!ctx->subject_cert && !ctx->subject_req)) { + X509V3error(X509V3_R_NO_SUBJECT_DETAILS); goto err; } /* Find the subject name */ - if(ctx->subject_cert) nm = X509_get_subject_name(ctx->subject_cert); - else nm = X509_REQ_get_subject_name(ctx->subject_req); + if (ctx->subject_cert) + nm = X509_get_subject_name(ctx->subject_cert); + else + nm = X509_REQ_get_subject_name(ctx->subject_req); /* Now add any email address(es) to STACK */ i = -1; - while((i = X509_NAME_get_index_by_NID(nm, - NID_pkcs9_emailAddress, i)) >= 0) { + while ((i = X509_NAME_get_index_by_NID(nm, + NID_pkcs9_emailAddress, i)) >= 0) { ne = X509_NAME_get_entry(nm, i); - email = M_ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne)); - if (move_p) - { - X509_NAME_delete_entry(nm, i); - i--; - } - if(!email || !(gen = GENERAL_NAME_new())) { - X509V3err(X509V3_F_COPY_EMAIL,ERR_R_MALLOC_FAILURE); + email = ASN1_STRING_dup(X509_NAME_ENTRY_get_data(ne)); + if (move_p) { + X509_NAME_delete_entry(nm, i); + X509_NAME_ENTRY_free(ne); + i--; + } + if (!email || !(gen = GENERAL_NAME_new())) { + X509V3error(ERR_R_MALLOC_FAILURE); goto err; } gen->d.ia5 = email; email = NULL; gen->type = GEN_EMAIL; - if(!sk_GENERAL_NAME_push(gens, gen)) { - X509V3err(X509V3_F_COPY_EMAIL,ERR_R_MALLOC_FAILURE); + if (!sk_GENERAL_NAME_push(gens, gen)) { + X509V3error(ERR_R_MALLOC_FAILURE); goto err; } gen = NULL; } - return 1; - - err: + +err: GENERAL_NAME_free(gen); - M_ASN1_IA5STRING_free(email); + ASN1_IA5STRING_free(email); return 0; - } -GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) +GENERAL_NAMES * +v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *nval) { GENERAL_NAME *gen; GENERAL_NAMES *gens = NULL; CONF_VALUE *cnf; int i; - if(!(gens = sk_GENERAL_NAME_new_null())) { - X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE); + + if (!(gens = sk_GENERAL_NAME_new_null())) { + X509V3error(ERR_R_MALLOC_FAILURE); return NULL; } - for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { + for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { cnf = sk_CONF_VALUE_value(nval, i); - if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) goto err; - sk_GENERAL_NAME_push(gens, gen); + if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) + goto err; + if (sk_GENERAL_NAME_push(gens, gen) == 0) { + GENERAL_NAME_free(gen); + goto err; + } } return gens; - err: + +err: sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); return NULL; } -GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, - CONF_VALUE *cnf) +GENERAL_NAME * +v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + CONF_VALUE *cnf) { -char is_string = 0; -int type; -GENERAL_NAME *gen = NULL; + return v2i_GENERAL_NAME_ex(NULL, method, ctx, cnf, 0); +} -char *name, *value; +GENERAL_NAME * +a2i_GENERAL_NAME(GENERAL_NAME *out, const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, int gen_type, const char *value, int is_nc) +{ + char is_string = 0; + GENERAL_NAME *gen = NULL; -name = cnf->name; -value = cnf->value; + if (!value) { + X509V3error(X509V3_R_MISSING_VALUE); + return NULL; + } -if(!value) { - X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_MISSING_VALUE); - return NULL; -} + if (out) + gen = out; + else { + gen = GENERAL_NAME_new(); + if (gen == NULL) { + X509V3error(ERR_R_MALLOC_FAILURE); + return NULL; + } + } -if(!(gen = GENERAL_NAME_new())) { - X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE); - return NULL; -} + switch (gen_type) { + case GEN_URI: + case GEN_EMAIL: + case GEN_DNS: + is_string = 1; + break; -if(!name_cmp(name, "email")) { - is_string = 1; - type = GEN_EMAIL; -} else if(!name_cmp(name, "URI")) { - is_string = 1; - type = GEN_URI; -} else if(!name_cmp(name, "DNS")) { - is_string = 1; - type = GEN_DNS; -} else if(!name_cmp(name, "RID")) { - ASN1_OBJECT *obj; - if(!(obj = OBJ_txt2obj(value,0))) { - X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_BAD_OBJECT); - ERR_add_error_data(2, "value=", value); - goto err; - } - gen->d.rid = obj; - type = GEN_RID; -} else if(!name_cmp(name, "IP")) { - int i1,i2,i3,i4; - unsigned char ip[4]; - if((sscanf(value, "%d.%d.%d.%d",&i1,&i2,&i3,&i4) != 4) || - (i1 < 0) || (i1 > 255) || (i2 < 0) || (i2 > 255) || - (i3 < 0) || (i3 > 255) || (i4 < 0) || (i4 > 255) ) { - X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_BAD_IP_ADDRESS); - ERR_add_error_data(2, "value=", value); + case GEN_RID: + { + ASN1_OBJECT *obj; + if (!(obj = OBJ_txt2obj(value, 0))) { + X509V3error(X509V3_R_BAD_OBJECT); + ERR_asprintf_error_data("value=%s", value); + goto err; + } + gen->d.rid = obj; + } + break; + + case GEN_IPADD: + if (is_nc) + gen->d.ip = a2i_IPADDRESS_NC(value); + else + gen->d.ip = a2i_IPADDRESS(value); + if (gen->d.ip == NULL) { + X509V3error(X509V3_R_BAD_IP_ADDRESS); + ERR_asprintf_error_data("value=%s", value); + goto err; + } + break; + + case GEN_DIRNAME: + if (!do_dirname(gen, value, ctx)) { + X509V3error(X509V3_R_DIRNAME_ERROR); + goto err; + } + break; + + case GEN_OTHERNAME: + if (!do_othername(gen, value, ctx)) { + X509V3error(X509V3_R_OTHERNAME_ERROR); + goto err; + } + break; + + default: + X509V3error(X509V3_R_UNSUPPORTED_TYPE); goto err; } - ip[0] = i1; ip[1] = i2 ; ip[2] = i3 ; ip[3] = i4; - if(!(gen->d.ip = M_ASN1_OCTET_STRING_new()) || - !ASN1_STRING_set(gen->d.ip, ip, 4)) { - X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE); + + if (is_string) { + if (!(gen->d.ia5 = ASN1_IA5STRING_new()) || + !ASN1_STRING_set(gen->d.ia5, value, strlen(value))) { + X509V3error(ERR_R_MALLOC_FAILURE); goto err; + } } - type = GEN_IPADD; -} else { - X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_UNSUPPORTED_OPTION); - ERR_add_error_data(2, "name=", name); - goto err; + + gen->type = gen_type; + + return gen; + +err: + if (out == NULL) + GENERAL_NAME_free(gen); + return NULL; } -if(is_string) { - if(!(gen->d.ia5 = M_ASN1_IA5STRING_new()) || - !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value, - strlen(value))) { - X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE); - goto err; +GENERAL_NAME * +v2i_GENERAL_NAME_ex(GENERAL_NAME *out, const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc) +{ + int type; + char *name, *value; + + name = cnf->name; + value = cnf->value; + + if (!value) { + X509V3error(X509V3_R_MISSING_VALUE); + return NULL; } + + if (!name_cmp(name, "email")) + type = GEN_EMAIL; + else if (!name_cmp(name, "URI")) + type = GEN_URI; + else if (!name_cmp(name, "DNS")) + type = GEN_DNS; + else if (!name_cmp(name, "RID")) + type = GEN_RID; + else if (!name_cmp(name, "IP")) + type = GEN_IPADD; + else if (!name_cmp(name, "dirName")) + type = GEN_DIRNAME; + else if (!name_cmp(name, "otherName")) + type = GEN_OTHERNAME; + else { + X509V3error(X509V3_R_UNSUPPORTED_OPTION); + ERR_asprintf_error_data("name=%s", name); + return NULL; + } + + return a2i_GENERAL_NAME(out, method, ctx, type, value, is_nc); } -gen->type = type; +static int +do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx) +{ + char *objtmp = NULL, *p; + int objlen; + + if (!(p = strchr(value, ';'))) + return 0; + if (!(gen->d.otherName = OTHERNAME_new())) + return 0; + /* Free this up because we will overwrite it. + * no need to free type_id because it is static + */ + ASN1_TYPE_free(gen->d.otherName->value); + if (!(gen->d.otherName->value = ASN1_generate_v3(p + 1, ctx))) + return 0; + objlen = p - value; + objtmp = malloc(objlen + 1); + if (objtmp) { + strlcpy(objtmp, value, objlen + 1); + gen->d.otherName->type_id = OBJ_txt2obj(objtmp, 0); + free(objtmp); + } else + gen->d.otherName->type_id = NULL; + if (!gen->d.otherName->type_id) + return 0; + return 1; +} -return gen; +static int +do_dirname(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx) +{ + int ret; + STACK_OF(CONF_VALUE) *sk; + X509_NAME *nm; -err: -GENERAL_NAME_free(gen); -return NULL; + if (!(nm = X509_NAME_new())) + return 0; + sk = X509V3_get_section(ctx, value); + if (!sk) { + X509V3error(X509V3_R_SECTION_NOT_FOUND); + ERR_asprintf_error_data("section=%s", value); + X509_NAME_free(nm); + return 0; + } + /* FIXME: should allow other character types... */ + ret = X509V3_NAME_from_section(nm, sk, MBSTRING_ASC); + if (!ret) + X509_NAME_free(nm); + gen->d.dirn = nm; + X509V3_section_free(ctx, sk); + + return ret; } diff --git a/src/lib/libcrypto/x509v3/v3_bcons.c b/src/lib/libcrypto/x509v3/v3_bcons.c index cbb012715e5..6c5823c44e9 100644 --- a/src/lib/libcrypto/x509v3/v3_bcons.c +++ b/src/lib/libcrypto/x509v3/v3_bcons.c @@ -1,5 +1,5 @@ -/* v3_bcons.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: v3_bcons.c,v 1.15 2017/01/29 17:49:23 beck Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -56,69 +56,129 @@ * */ - #include -#include "cryptlib.h" +#include + #include #include #include +#include #include -static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist); -static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values); - -X509V3_EXT_METHOD v3_bcons = { -NID_basic_constraints, 0, -ASN1_ITEM_ref(BASIC_CONSTRAINTS), -0,0,0,0, -0,0, -(X509V3_EXT_I2V)i2v_BASIC_CONSTRAINTS, -(X509V3_EXT_V2I)v2i_BASIC_CONSTRAINTS, -NULL,NULL, -NULL +static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, + BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist); +static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values); + +const X509V3_EXT_METHOD v3_bcons = { + .ext_nid = NID_basic_constraints, + .ext_flags = 0, + .it = &BASIC_CONSTRAINTS_it, + .ext_new = NULL, + .ext_free = NULL, + .d2i = NULL, + .i2d = NULL, + .i2s = NULL, + .s2i = NULL, + .i2v = (X509V3_EXT_I2V)i2v_BASIC_CONSTRAINTS, + .v2i = (X509V3_EXT_V2I)v2i_BASIC_CONSTRAINTS, + .i2r = NULL, + .r2i = NULL, + .usr_data = NULL, }; -ASN1_SEQUENCE(BASIC_CONSTRAINTS) = { - ASN1_OPT(BASIC_CONSTRAINTS, ca, ASN1_FBOOLEAN), - ASN1_OPT(BASIC_CONSTRAINTS, pathlen, ASN1_INTEGER) -} ASN1_SEQUENCE_END(BASIC_CONSTRAINTS) +static const ASN1_TEMPLATE BASIC_CONSTRAINTS_seq_tt[] = { + { + .flags = ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(BASIC_CONSTRAINTS, ca), + .field_name = "ca", + .item = &ASN1_FBOOLEAN_it, + }, + { + .flags = ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(BASIC_CONSTRAINTS, pathlen), + .field_name = "pathlen", + .item = &ASN1_INTEGER_it, + }, +}; -IMPLEMENT_ASN1_FUNCTIONS(BASIC_CONSTRAINTS) +const ASN1_ITEM BASIC_CONSTRAINTS_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = BASIC_CONSTRAINTS_seq_tt, + .tcount = sizeof(BASIC_CONSTRAINTS_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(BASIC_CONSTRAINTS), + .sname = "BASIC_CONSTRAINTS", +}; -static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, - BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist) +BASIC_CONSTRAINTS * +d2i_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS **a, const unsigned char **in, long len) +{ + return (BASIC_CONSTRAINTS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &BASIC_CONSTRAINTS_it); +} + +int +i2d_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &BASIC_CONSTRAINTS_it); +} + +BASIC_CONSTRAINTS * +BASIC_CONSTRAINTS_new(void) +{ + return (BASIC_CONSTRAINTS *)ASN1_item_new(&BASIC_CONSTRAINTS_it); +} + +void +BASIC_CONSTRAINTS_free(BASIC_CONSTRAINTS *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &BASIC_CONSTRAINTS_it); +} + + +static STACK_OF(CONF_VALUE) * +i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, BASIC_CONSTRAINTS *bcons, + STACK_OF(CONF_VALUE) *extlist) { X509V3_add_value_bool("CA", bcons->ca, &extlist); X509V3_add_value_int("pathlen", bcons->pathlen, &extlist); return extlist; } -static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values) +static BASIC_CONSTRAINTS * +v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *values) { - BASIC_CONSTRAINTS *bcons=NULL; + BASIC_CONSTRAINTS *bcons = NULL; CONF_VALUE *val; int i; - if(!(bcons = BASIC_CONSTRAINTS_new())) { - X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, ERR_R_MALLOC_FAILURE); + + if (!(bcons = BASIC_CONSTRAINTS_new())) { + X509V3error(ERR_R_MALLOC_FAILURE); return NULL; } - for(i = 0; i < sk_CONF_VALUE_num(values); i++) { + for (i = 0; i < sk_CONF_VALUE_num(values); i++) { val = sk_CONF_VALUE_value(values, i); - if(!strcmp(val->name, "CA")) { - if(!X509V3_get_value_bool(val, &bcons->ca)) goto err; - } else if(!strcmp(val->name, "pathlen")) { - if(!X509V3_get_value_int(val, &bcons->pathlen)) goto err; + if (!strcmp(val->name, "CA")) { + if (!X509V3_get_value_bool(val, &bcons->ca)) + goto err; + } else if (!strcmp(val->name, "pathlen")) { + if (!X509V3_get_value_int(val, &bcons->pathlen)) + goto err; } else { - X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, X509V3_R_INVALID_NAME); + X509V3error(X509V3_R_INVALID_NAME); X509V3_conf_err(val); goto err; } } return bcons; - err: + +err: BASIC_CONSTRAINTS_free(bcons); return NULL; } - diff --git a/src/lib/libcrypto/x509v3/v3_bitst.c b/src/lib/libcrypto/x509v3/v3_bitst.c index 16cf1255621..039faf2fd67 100644 --- a/src/lib/libcrypto/x509v3/v3_bitst.c +++ b/src/lib/libcrypto/x509v3/v3_bitst.c @@ -1,5 +1,5 @@ -/* v3_bitst.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: v3_bitst.c,v 1.14 2017/01/29 17:49:23 beck Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,86 +57,117 @@ */ #include -#include "cryptlib.h" +#include + #include +#include #include -static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); -static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, - ASN1_BIT_STRING *bits, - STACK_OF(CONF_VALUE) *extlist); - static BIT_STRING_BITNAME ns_cert_type_table[] = { -{0, "SSL Client", "client"}, -{1, "SSL Server", "server"}, -{2, "S/MIME", "email"}, -{3, "Object Signing", "objsign"}, -{4, "Unused", "reserved"}, -{5, "SSL CA", "sslCA"}, -{6, "S/MIME CA", "emailCA"}, -{7, "Object Signing CA", "objCA"}, -{-1, NULL, NULL} + {0, "SSL Client", "client"}, + {1, "SSL Server", "server"}, + {2, "S/MIME", "email"}, + {3, "Object Signing", "objsign"}, + {4, "Unused", "reserved"}, + {5, "SSL CA", "sslCA"}, + {6, "S/MIME CA", "emailCA"}, + {7, "Object Signing CA", "objCA"}, + {-1, NULL, NULL} }; static BIT_STRING_BITNAME key_usage_type_table[] = { -{0, "Digital Signature", "digitalSignature"}, -{1, "Non Repudiation", "nonRepudiation"}, -{2, "Key Encipherment", "keyEncipherment"}, -{3, "Data Encipherment", "dataEncipherment"}, -{4, "Key Agreement", "keyAgreement"}, -{5, "Certificate Sign", "keyCertSign"}, -{6, "CRL Sign", "cRLSign"}, -{7, "Encipher Only", "encipherOnly"}, -{8, "Decipher Only", "decipherOnly"}, -{-1, NULL, NULL} + {0, "Digital Signature", "digitalSignature"}, + {1, "Non Repudiation", "nonRepudiation"}, + {2, "Key Encipherment", "keyEncipherment"}, + {3, "Data Encipherment", "dataEncipherment"}, + {4, "Key Agreement", "keyAgreement"}, + {5, "Certificate Sign", "keyCertSign"}, + {6, "CRL Sign", "cRLSign"}, + {7, "Encipher Only", "encipherOnly"}, + {8, "Decipher Only", "decipherOnly"}, + {-1, NULL, NULL} }; +const X509V3_EXT_METHOD v3_nscert = { + .ext_nid = NID_netscape_cert_type, + .ext_flags = 0, + .it = &ASN1_BIT_STRING_it, + .ext_new = NULL, + .ext_free = NULL, + .d2i = NULL, + .i2d = NULL, + .i2s = NULL, + .s2i = NULL, + .i2v = (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, + .v2i = (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, + .i2r = NULL, + .r2i = NULL, + .usr_data = ns_cert_type_table, +}; +const X509V3_EXT_METHOD v3_key_usage = { + .ext_nid = NID_key_usage, + .ext_flags = 0, + .it = &ASN1_BIT_STRING_it, + .ext_new = NULL, + .ext_free = NULL, + .d2i = NULL, + .i2d = NULL, + .i2s = NULL, + .s2i = NULL, + .i2v = (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, + .v2i = (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, + .i2r = NULL, + .r2i = NULL, + .usr_data = key_usage_type_table, +}; -X509V3_EXT_METHOD v3_nscert = EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table); -X509V3_EXT_METHOD v3_key_usage = EXT_BITSTRING(NID_key_usage, key_usage_type_table); - -static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, - ASN1_BIT_STRING *bits, STACK_OF(CONF_VALUE) *ret) +STACK_OF(CONF_VALUE) * +i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, ASN1_BIT_STRING *bits, + STACK_OF(CONF_VALUE) *ret) { BIT_STRING_BITNAME *bnam; - for(bnam =method->usr_data; bnam->lname; bnam++) { - if(ASN1_BIT_STRING_get_bit(bits, bnam->bitnum)) + + for (bnam = method->usr_data; bnam->lname; bnam++) { + if (ASN1_BIT_STRING_get_bit(bits, bnam->bitnum)) X509V3_add_value(bnam->lname, NULL, &ret); } return ret; } - -static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) + +ASN1_BIT_STRING * +v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *nval) { CONF_VALUE *val; ASN1_BIT_STRING *bs; int i; BIT_STRING_BITNAME *bnam; - if(!(bs = M_ASN1_BIT_STRING_new())) { - X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,ERR_R_MALLOC_FAILURE); + + if (!(bs = ASN1_BIT_STRING_new())) { + X509V3error(ERR_R_MALLOC_FAILURE); return NULL; } - for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { + for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { val = sk_CONF_VALUE_value(nval, i); - for(bnam = method->usr_data; bnam->lname; bnam++) { - if(!strcmp(bnam->sname, val->name) || - !strcmp(bnam->lname, val->name) ) { - ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1); + for (bnam = method->usr_data; bnam->lname; bnam++) { + if (!strcmp(bnam->sname, val->name) || + !strcmp(bnam->lname, val->name) ) { + if (!ASN1_BIT_STRING_set_bit(bs, + bnam->bitnum, 1)) { + X509V3error(ERR_R_MALLOC_FAILURE); + ASN1_BIT_STRING_free(bs); + return NULL; + } break; } } - if(!bnam->lname) { - X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, - X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT); + if (!bnam->lname) { + X509V3error(X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT); X509V3_conf_err(val); - M_ASN1_BIT_STRING_free(bs); + ASN1_BIT_STRING_free(bs); return NULL; } } return bs; } - - diff --git a/src/lib/libcrypto/x509v3/v3_conf.c b/src/lib/libcrypto/x509v3/v3_conf.c index 1a3448e1217..78ff19808ba 100644 --- a/src/lib/libcrypto/x509v3/v3_conf.c +++ b/src/lib/libcrypto/x509v3/v3_conf.c @@ -1,16 +1,16 @@ -/* v3_conf.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: v3_conf.c,v 1.23 2018/05/18 19:34:37 tb Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,220 +57,258 @@ */ /* extension creation utilities */ - - -#include #include -#include "cryptlib.h" +#include +#include + #include +#include #include #include -static int v3_check_critical(char **value); -static int v3_check_generic(char **value); -static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value); -static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type); -static char *conf_lhash_get_string(void *db, char *section, char *value); -static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section); -static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid, - int crit, void *ext_struc); +static int v3_check_critical(const char **value); +static int v3_check_generic(const char **value); +static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, + int crit, const char *value); +static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value, + int crit, int type, X509V3_CTX *ctx); +static char *conf_lhash_get_string(void *db, const char *section, + const char *value); +static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, + const char *section); +static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid, + int crit, void *ext_struc); +static unsigned char *generic_asn1(const char *value, X509V3_CTX *ctx, + long *ext_len); + /* CONF *conf: Config file */ /* char *name: Name */ /* char *value: Value */ -X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, - char *value) - { +X509_EXTENSION * +X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name, + const char *value) +{ int crit; int ext_type; X509_EXTENSION *ret; + crit = v3_check_critical(&value); - if ((ext_type = v3_check_generic(&value))) - return v3_generic_extension(name, value, crit, ext_type); + if ((ext_type = v3_check_generic(&value))) + return v3_generic_extension(name, value, crit, ext_type, ctx); ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value); - if (!ret) - { - X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_ERROR_IN_EXTENSION); - ERR_add_error_data(4,"name=", name, ", value=", value); - } - return ret; + if (!ret) { + X509V3error(X509V3_R_ERROR_IN_EXTENSION); + ERR_asprintf_error_data("name=%s, value=%s", name, value); } + return ret; +} /* CONF *conf: Config file */ /* char *value: Value */ -X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, - char *value) - { +X509_EXTENSION * +X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, + const char *value) +{ int crit; int ext_type; + crit = v3_check_critical(&value); - if ((ext_type = v3_check_generic(&value))) + if ((ext_type = v3_check_generic(&value))) return v3_generic_extension(OBJ_nid2sn(ext_nid), - value, crit, ext_type); + value, crit, ext_type, ctx); return do_ext_nconf(conf, ctx, ext_nid, crit, value); - } +} /* CONF *conf: Config file */ /* char *value: Value */ -static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, - int crit, char *value) - { - X509V3_EXT_METHOD *method; +static X509_EXTENSION * +do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, + const char *value) +{ + const X509V3_EXT_METHOD *method; X509_EXTENSION *ext; - STACK_OF(CONF_VALUE) *nval; void *ext_struc; - if (ext_nid == NID_undef) - { - X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION_NAME); + + if (ext_nid == NID_undef) { + X509V3error(X509V3_R_UNKNOWN_EXTENSION_NAME); return NULL; - } - if (!(method = X509V3_EXT_get_nid(ext_nid))) - { - X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION); + } + if (!(method = X509V3_EXT_get_nid(ext_nid))) { + X509V3error(X509V3_R_UNKNOWN_EXTENSION); return NULL; - } + } /* Now get internal extension representation based on type */ - if (method->v2i) - { - if(*value == '@') nval = NCONF_get_section(conf, value + 1); - else nval = X509V3_parse_list(value); - if(!nval) - { - X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_INVALID_EXTENSION_STRING); - ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value); + if (method->v2i) { + STACK_OF(CONF_VALUE) *nval; + + if (*value == '@') + nval = NCONF_get_section(conf, value + 1); + else + nval = X509V3_parse_list(value); + if (sk_CONF_VALUE_num(nval) <= 0) { + X509V3error(X509V3_R_INVALID_EXTENSION_STRING); + ERR_asprintf_error_data("name=%s,section=%s", + OBJ_nid2sn(ext_nid), value); + if (*value != '@') + sk_CONF_VALUE_pop_free(nval, X509V3_conf_free); return NULL; - } - ext_struc = method->v2i(method, ctx, nval); - if(*value != '@') sk_CONF_VALUE_pop_free(nval, - X509V3_conf_free); - if(!ext_struc) return NULL; } - else if(method->s2i) - { - if(!(ext_struc = method->s2i(method, ctx, value))) return NULL; - } - else if(method->r2i) - { - if(!ctx->db) - { - X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_NO_CONFIG_DATABASE); + ext_struc = method->v2i(method, ctx, nval); + if (*value != '@') + sk_CONF_VALUE_pop_free(nval, X509V3_conf_free); + } else if (method->s2i) { + ext_struc = method->s2i(method, ctx, value); + } else if (method->r2i) { + if (!ctx->db || !ctx->db_meth) { + X509V3error(X509V3_R_NO_CONFIG_DATABASE); return NULL; - } - if(!(ext_struc = method->r2i(method, ctx, value))) return NULL; } - else - { - X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED); - ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid)); + ext_struc = method->r2i(method, ctx, value); + } else { + X509V3error(X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED); + ERR_asprintf_error_data("name=%s", OBJ_nid2sn(ext_nid)); + return NULL; + } + if (ext_struc == NULL) return NULL; - } - ext = do_ext_i2d(method, ext_nid, crit, ext_struc); - if(method->it) ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it)); - else method->ext_free(ext_struc); + ext = do_ext_i2d(method, ext_nid, crit, ext_struc); + if (method->it) + ASN1_item_free(ext_struc, method->it); + else + method->ext_free(ext_struc); return ext; +} - } - -static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid, - int crit, void *ext_struc) - { +static X509_EXTENSION * +do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid, int crit, + void *ext_struc) +{ unsigned char *ext_der; int ext_len; - ASN1_OCTET_STRING *ext_oct; + ASN1_OCTET_STRING *ext_oct = NULL; X509_EXTENSION *ext; + /* Convert internal representation to DER */ - if (method->it) - { + if (method->it) { ext_der = NULL; - ext_len = ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it)); - if (ext_len < 0) goto merr; - } - else - { + ext_len = ASN1_item_i2d(ext_struc, &ext_der, + method->it); + if (ext_len < 0) + goto merr; + } else { unsigned char *p; ext_len = method->i2d(ext_struc, NULL); - if(!(ext_der = OPENSSL_malloc(ext_len))) goto merr; + if (!(ext_der = malloc(ext_len))) + goto merr; p = ext_der; method->i2d(ext_struc, &p); - } - if (!(ext_oct = M_ASN1_OCTET_STRING_new())) goto merr; + } + if (!(ext_oct = ASN1_OCTET_STRING_new())) + goto merr; ext_oct->data = ext_der; ext_oct->length = ext_len; ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct); - if (!ext) goto merr; - M_ASN1_OCTET_STRING_free(ext_oct); + if (!ext) + goto merr; + ASN1_OCTET_STRING_free(ext_oct); return ext; - merr: - X509V3err(X509V3_F_DO_EXT_I2D,ERR_R_MALLOC_FAILURE); +merr: + ASN1_OCTET_STRING_free(ext_oct); + X509V3error(ERR_R_MALLOC_FAILURE); return NULL; - } +} /* Given an internal structure, nid and critical flag create an extension */ -X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc) - { - X509V3_EXT_METHOD *method; +X509_EXTENSION * +X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc) +{ + const X509V3_EXT_METHOD *method; + if (!(method = X509V3_EXT_get_nid(ext_nid))) { - X509V3err(X509V3_F_X509V3_EXT_I2D,X509V3_R_UNKNOWN_EXTENSION); + X509V3error(X509V3_R_UNKNOWN_EXTENSION); return NULL; } return do_ext_i2d(method, ext_nid, crit, ext_struc); } /* Check the extension string for critical flag */ -static int v3_check_critical(char **value) +static int +v3_check_critical(const char **value) { - char *p = *value; - if ((strlen(p) < 9) || strncmp(p, "critical,", 9)) return 0; - p+=9; - while(isspace((unsigned char)*p)) p++; - *value = p; + const char *p = *value; + + if ((strlen(p) < 9) || strncmp(p, "critical,", 9)) + return 0; + p += 9; + while (isspace((unsigned char)*p)) p++; + *value = p; return 1; } /* Check extension string for generic extension and return the type */ -static int v3_check_generic(char **value) +static int +v3_check_generic(const char **value) { - char *p = *value; - if ((strlen(p) < 4) || strncmp(p, "DER:,", 4)) return 0; - p+=4; - while (isspace((unsigned char)*p)) p++; + int gen_type = 0; + const char *p = *value; + + if ((strlen(p) >= 4) && !strncmp(p, "DER:", 4)) { + p += 4; + gen_type = 1; + } else if ((strlen(p) >= 5) && !strncmp(p, "ASN1:", 5)) { + p += 5; + gen_type = 2; + } else + return 0; + + while (isspace((unsigned char)*p)) + p++; *value = p; - return 1; + return gen_type; } /* Create a generic extension: for now just handle DER type */ -static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, - int crit, int type) - { - unsigned char *ext_der=NULL; - long ext_len; - ASN1_OBJECT *obj=NULL; - ASN1_OCTET_STRING *oct=NULL; - X509_EXTENSION *extension=NULL; - if (!(obj = OBJ_txt2obj(ext, 0))) - { - X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_NAME_ERROR); - ERR_add_error_data(2, "name=", ext); +static X509_EXTENSION * +v3_generic_extension(const char *ext, const char *value, int crit, int gen_type, + X509V3_CTX *ctx) +{ + unsigned char *ext_der = NULL; + long ext_len = 0; + ASN1_OBJECT *obj = NULL; + ASN1_OCTET_STRING *oct = NULL; + X509_EXTENSION *extension = NULL; + + if (!(obj = OBJ_txt2obj(ext, 0))) { + X509V3error(X509V3_R_EXTENSION_NAME_ERROR); + ERR_asprintf_error_data("name=%s", ext); goto err; - } + } - if (!(ext_der = string_to_hex(value, &ext_len))) - { - X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_VALUE_ERROR); - ERR_add_error_data(2, "value=", value); + if (gen_type == 1) + ext_der = string_to_hex(value, &ext_len); + else if (gen_type == 2) + ext_der = generic_asn1(value, ctx, &ext_len); + else { + ERR_asprintf_error_data("Unexpected generic extension type %d", gen_type); goto err; - } + } - if (!(oct = M_ASN1_OCTET_STRING_new())) - { - X509V3err(X509V3_F_V3_GENERIC_EXTENSION,ERR_R_MALLOC_FAILURE); + if (ext_der == NULL) { + X509V3error(X509V3_R_EXTENSION_VALUE_ERROR); + ERR_asprintf_error_data("value=%s", value); goto err; - } + } + + if (!(oct = ASN1_OCTET_STRING_new())) { + X509V3error(ERR_R_MALLOC_FAILURE); + goto err; + } oct->data = ext_der; oct->length = ext_len; @@ -278,68 +316,88 @@ static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct); - err: +err: ASN1_OBJECT_free(obj); - M_ASN1_OCTET_STRING_free(oct); - if(ext_der) OPENSSL_free(ext_der); + ASN1_OCTET_STRING_free(oct); + free(ext_der); return extension; +} - } +static unsigned char * +generic_asn1(const char *value, X509V3_CTX *ctx, long *ext_len) +{ + ASN1_TYPE *typ; + unsigned char *ext_der = NULL; + typ = ASN1_generate_v3(value, ctx); + if (typ == NULL) + return NULL; + *ext_len = i2d_ASN1_TYPE(typ, &ext_der); + ASN1_TYPE_free(typ); + return ext_der; +} /* This is the main function: add a bunch of extensions based on a config file * section to an extension STACK. */ - -int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, - STACK_OF(X509_EXTENSION) **sk) - { +int +X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section, + STACK_OF(X509_EXTENSION) **sk) +{ X509_EXTENSION *ext; STACK_OF(CONF_VALUE) *nval; - CONF_VALUE *val; + CONF_VALUE *val; int i; - if (!(nval = NCONF_get_section(conf, section))) return 0; - for (i = 0; i < sk_CONF_VALUE_num(nval); i++) - { + + if (!(nval = NCONF_get_section(conf, section))) + return 0; + for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { val = sk_CONF_VALUE_value(nval, i); if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value))) - return 0; - if (sk) X509v3_add_ext(sk, ext, -1); + return 0; + if (sk) + X509v3_add_ext(sk, ext, -1); X509_EXTENSION_free(ext); - } - return 1; } + return 1; +} /* Convenience functions to add extensions to a certificate, CRL and request */ -int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, - X509 *cert) - { +int +X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, + X509 *cert) +{ STACK_OF(X509_EXTENSION) **sk = NULL; + if (cert) sk = &cert->cert_info->extensions; return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); - } +} /* Same as above but for a CRL */ -int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, - X509_CRL *crl) - { +int +X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, + X509_CRL *crl) +{ STACK_OF(X509_EXTENSION) **sk = NULL; + if (crl) sk = &crl->crl->extensions; return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); - } +} /* Add extensions to certificate request */ -int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, - X509_REQ *req) - { +int +X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, + X509_REQ *req) +{ STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL; int i; + if (req) sk = &extlist; i = X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); @@ -348,138 +406,165 @@ int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, i = X509_REQ_add_extensions(req, extlist); sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free); return i; - } +} /* Config database functions */ -char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section) - { - if (ctx->db_meth->get_string) - return ctx->db_meth->get_string(ctx->db, name, section); - return NULL; +char * +X509V3_get_string(X509V3_CTX *ctx, const char *name, const char *section) +{ + if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string) { + X509V3error(X509V3_R_OPERATION_NOT_DEFINED); + return NULL; } + return ctx->db_meth->get_string(ctx->db, name, section); +} -STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section) - { - if (ctx->db_meth->get_section) - return ctx->db_meth->get_section(ctx->db, section); - return NULL; +STACK_OF(CONF_VALUE) * +X509V3_get_section(X509V3_CTX *ctx, const char *section) +{ + if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section) { + X509V3error(X509V3_R_OPERATION_NOT_DEFINED); + return NULL; } + return ctx->db_meth->get_section(ctx->db, section); +} -void X509V3_string_free(X509V3_CTX *ctx, char *str) - { - if (!str) return; +void +X509V3_string_free(X509V3_CTX *ctx, char *str) +{ + if (!str) + return; if (ctx->db_meth->free_string) - ctx->db_meth->free_string(ctx->db, str); - } + ctx->db_meth->free_string(ctx->db, str); +} -void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section) - { - if (!section) return; +void +X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section) +{ + if (!section) + return; if (ctx->db_meth->free_section) - ctx->db_meth->free_section(ctx->db, section); - } + ctx->db_meth->free_section(ctx->db, section); +} -static char *nconf_get_string(void *db, char *section, char *value) - { +static char * +nconf_get_string(void *db, const char *section, const char *value) +{ return NCONF_get_string(db, section, value); - } +} -static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, char *section) - { +static STACK_OF(CONF_VALUE) * +nconf_get_section(void *db, const char *section) +{ return NCONF_get_section(db, section); - } +} static X509V3_CONF_METHOD nconf_method = { -nconf_get_string, -nconf_get_section, -NULL, -NULL + nconf_get_string, + nconf_get_section, + NULL, + NULL }; -void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf) - { +void +X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf) +{ ctx->db_meth = &nconf_method; ctx->db = conf; - } +} -void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req, - X509_CRL *crl, int flags) - { +void +X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req, + X509_CRL *crl, int flags) +{ ctx->issuer_cert = issuer; ctx->subject_cert = subj; ctx->crl = crl; ctx->subject_req = req; ctx->flags = flags; - } +} /* Old conf compatibility functions */ -X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, - char *value) - { +X509_EXTENSION * +X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, const char *name, + const char *value) +{ CONF ctmp; + CONF_set_nconf(&ctmp, conf); return X509V3_EXT_nconf(&ctmp, ctx, name, value); - } +} /* LHASH *conf: Config file */ /* char *value: Value */ -X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, - char *value) - { +X509_EXTENSION * +X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, int ext_nid, + const char *value) +{ CONF ctmp; + CONF_set_nconf(&ctmp, conf); return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value); - } +} -static char *conf_lhash_get_string(void *db, char *section, char *value) - { +static char * +conf_lhash_get_string(void *db, const char *section, const char *value) +{ return CONF_get_string(db, section, value); - } +} -static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section) - { +static STACK_OF(CONF_VALUE) * +conf_lhash_get_section(void *db, const char *section) +{ return CONF_get_section(db, section); - } +} static X509V3_CONF_METHOD conf_lhash_method = { -conf_lhash_get_string, -conf_lhash_get_section, -NULL, -NULL + conf_lhash_get_string, + conf_lhash_get_section, + NULL, + NULL }; -void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash) - { +void +X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash) +{ ctx->db_meth = &conf_lhash_method; ctx->db = lhash; - } +} -int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, - X509 *cert) - { +int +X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + const char *section, X509 *cert) +{ CONF ctmp; + CONF_set_nconf(&ctmp, conf); return X509V3_EXT_add_nconf(&ctmp, ctx, section, cert); - } +} /* Same as above but for a CRL */ -int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, - X509_CRL *crl) - { +int +X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + const char *section, X509_CRL *crl) +{ CONF ctmp; + CONF_set_nconf(&ctmp, conf); return X509V3_EXT_CRL_add_nconf(&ctmp, ctx, section, crl); - } +} /* Add extensions to certificate request */ -int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, - X509_REQ *req) - { +int +X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + const char *section, X509_REQ *req) +{ CONF ctmp; + CONF_set_nconf(&ctmp, conf); return X509V3_EXT_REQ_add_nconf(&ctmp, ctx, section, req); - } +} diff --git a/src/lib/libcrypto/x509v3/v3_cpols.c b/src/lib/libcrypto/x509v3/v3_cpols.c index 0d4ab1f6803..34d3381d76f 100644 --- a/src/lib/libcrypto/x509v3/v3_cpols.c +++ b/src/lib/libcrypto/x509v3/v3_cpols.c @@ -1,16 +1,16 @@ -/* v3_cpols.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: v3_cpols.c,v 1.25 2017/01/29 17:49:23 beck Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,77 +57,350 @@ */ #include -#include "cryptlib.h" -#include +#include + #include #include +#include +#include #include +#include "pcy_int.h" + /* Certificate policies extension support: this one is a bit complex... */ -static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, BIO *out, int indent); -static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *value); -static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, int indent); +static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, + BIO *out, int indent); +static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, char *value); +static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, + int indent); static void print_notice(BIO *out, USERNOTICE *notice, int indent); static POLICYINFO *policy_section(X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *polstrs, int ia5org); + STACK_OF(CONF_VALUE) *polstrs, int ia5org); static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *unot, int ia5org); -static STACK_OF(ASN1_INTEGER) *nref_nos(STACK_OF(CONF_VALUE) *nos); - -X509V3_EXT_METHOD v3_cpols = { -NID_certificate_policies, 0,ASN1_ITEM_ref(CERTIFICATEPOLICIES), -0,0,0,0, -0,0, -0,0, -(X509V3_EXT_I2R)i2r_certpol, -(X509V3_EXT_R2I)r2i_certpol, -NULL + STACK_OF(CONF_VALUE) *unot, int ia5org); +static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos); + +const X509V3_EXT_METHOD v3_cpols = { + .ext_nid = NID_certificate_policies, + .ext_flags = 0, + .it = &CERTIFICATEPOLICIES_it, + .ext_new = NULL, + .ext_free = NULL, + .d2i = NULL, + .i2d = NULL, + .i2s = NULL, + .s2i = NULL, + .i2v = NULL, + .v2i = NULL, + .i2r = (X509V3_EXT_I2R)i2r_certpol, + .r2i = (X509V3_EXT_R2I)r2i_certpol, + .usr_data = NULL, }; -ASN1_ITEM_TEMPLATE(CERTIFICATEPOLICIES) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CERTIFICATEPOLICIES, POLICYINFO) -ASN1_ITEM_TEMPLATE_END(CERTIFICATEPOLICIES) +static const ASN1_TEMPLATE CERTIFICATEPOLICIES_item_tt = { + .flags = ASN1_TFLG_SEQUENCE_OF, + .tag = 0, + .offset = 0, + .field_name = "CERTIFICATEPOLICIES", + .item = &POLICYINFO_it, +}; -IMPLEMENT_ASN1_FUNCTIONS(CERTIFICATEPOLICIES) +const ASN1_ITEM CERTIFICATEPOLICIES_it = { + .itype = ASN1_ITYPE_PRIMITIVE, + .utype = -1, + .templates = &CERTIFICATEPOLICIES_item_tt, + .tcount = 0, + .funcs = NULL, + .size = 0, + .sname = "CERTIFICATEPOLICIES", +}; -ASN1_SEQUENCE(POLICYINFO) = { - ASN1_SIMPLE(POLICYINFO, policyid, ASN1_OBJECT), - ASN1_SEQUENCE_OF_OPT(POLICYINFO, qualifiers, POLICYQUALINFO) -} ASN1_SEQUENCE_END(POLICYINFO) -IMPLEMENT_ASN1_FUNCTIONS(POLICYINFO) +CERTIFICATEPOLICIES * +d2i_CERTIFICATEPOLICIES(CERTIFICATEPOLICIES **a, const unsigned char **in, long len) +{ + return (CERTIFICATEPOLICIES *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &CERTIFICATEPOLICIES_it); +} + +int +i2d_CERTIFICATEPOLICIES(CERTIFICATEPOLICIES *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &CERTIFICATEPOLICIES_it); +} + +CERTIFICATEPOLICIES * +CERTIFICATEPOLICIES_new(void) +{ + return (CERTIFICATEPOLICIES *)ASN1_item_new(&CERTIFICATEPOLICIES_it); +} + +void +CERTIFICATEPOLICIES_free(CERTIFICATEPOLICIES *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &CERTIFICATEPOLICIES_it); +} -ASN1_ADB_TEMPLATE(policydefault) = ASN1_SIMPLE(POLICYQUALINFO, d.other, ASN1_ANY); +static const ASN1_TEMPLATE POLICYINFO_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(POLICYINFO, policyid), + .field_name = "policyid", + .item = &ASN1_OBJECT_it, + }, + { + .flags = ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(POLICYINFO, qualifiers), + .field_name = "qualifiers", + .item = &POLICYQUALINFO_it, + }, +}; -ASN1_ADB(POLICYQUALINFO) = { - ADB_ENTRY(NID_id_qt_cps, ASN1_SIMPLE(POLICYQUALINFO, d.cpsuri, ASN1_IA5STRING)), - ADB_ENTRY(NID_id_qt_unotice, ASN1_SIMPLE(POLICYQUALINFO, d.usernotice, USERNOTICE)) -} ASN1_ADB_END(POLICYQUALINFO, 0, pqualid, 0, &policydefault_tt, NULL); +const ASN1_ITEM POLICYINFO_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = POLICYINFO_seq_tt, + .tcount = sizeof(POLICYINFO_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(POLICYINFO), + .sname = "POLICYINFO", +}; -ASN1_SEQUENCE(POLICYQUALINFO) = { - ASN1_SIMPLE(POLICYQUALINFO, pqualid, ASN1_OBJECT), - ASN1_ADB_OBJECT(POLICYQUALINFO) -} ASN1_SEQUENCE_END(POLICYQUALINFO) -IMPLEMENT_ASN1_FUNCTIONS(POLICYQUALINFO) +POLICYINFO * +d2i_POLICYINFO(POLICYINFO **a, const unsigned char **in, long len) +{ + return (POLICYINFO *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &POLICYINFO_it); +} -ASN1_SEQUENCE(USERNOTICE) = { - ASN1_OPT(USERNOTICE, noticeref, NOTICEREF), - ASN1_OPT(USERNOTICE, exptext, DISPLAYTEXT) -} ASN1_SEQUENCE_END(USERNOTICE) +int +i2d_POLICYINFO(POLICYINFO *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &POLICYINFO_it); +} -IMPLEMENT_ASN1_FUNCTIONS(USERNOTICE) +POLICYINFO * +POLICYINFO_new(void) +{ + return (POLICYINFO *)ASN1_item_new(&POLICYINFO_it); +} -ASN1_SEQUENCE(NOTICEREF) = { - ASN1_SIMPLE(NOTICEREF, organization, DISPLAYTEXT), - ASN1_SEQUENCE_OF(NOTICEREF, noticenos, ASN1_INTEGER) -} ASN1_SEQUENCE_END(NOTICEREF) +void +POLICYINFO_free(POLICYINFO *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &POLICYINFO_it); +} -IMPLEMENT_ASN1_FUNCTIONS(NOTICEREF) +static const ASN1_TEMPLATE policydefault_tt = { + .flags = 0, + .tag = 0, + .offset = offsetof(POLICYQUALINFO, d.other), + .field_name = "d.other", + .item = &ASN1_ANY_it, +}; -static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, char *value) +static const ASN1_ADB_TABLE POLICYQUALINFO_adbtbl[] = { + { + .value = NID_id_qt_cps, + .tt = { + .flags = 0, + .tag = 0, + .offset = offsetof(POLICYQUALINFO, d.cpsuri), + .field_name = "d.cpsuri", + .item = &ASN1_IA5STRING_it, + }, + + }, + { + .value = NID_id_qt_unotice, + .tt = { + .flags = 0, + .tag = 0, + .offset = offsetof(POLICYQUALINFO, d.usernotice), + .field_name = "d.usernotice", + .item = &USERNOTICE_it, + }, + + }, +}; + +static const ASN1_ADB POLICYQUALINFO_adb = { + .flags = 0, + .offset = offsetof(POLICYQUALINFO, pqualid), + .app_items = 0, + .tbl = POLICYQUALINFO_adbtbl, + .tblcount = sizeof(POLICYQUALINFO_adbtbl) / sizeof(ASN1_ADB_TABLE), + .default_tt = &policydefault_tt, + .null_tt = NULL, +}; + +static const ASN1_TEMPLATE POLICYQUALINFO_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(POLICYQUALINFO, pqualid), + .field_name = "pqualid", + .item = &ASN1_OBJECT_it, + }, + { + .flags = ASN1_TFLG_ADB_OID, + .tag = -1, + .offset = 0, + .field_name = "POLICYQUALINFO", + .item = (const ASN1_ITEM *)&POLICYQUALINFO_adb, + }, +}; + +const ASN1_ITEM POLICYQUALINFO_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = POLICYQUALINFO_seq_tt, + .tcount = sizeof(POLICYQUALINFO_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(POLICYQUALINFO), + .sname = "POLICYQUALINFO", +}; + + +POLICYQUALINFO * +d2i_POLICYQUALINFO(POLICYQUALINFO **a, const unsigned char **in, long len) +{ + return (POLICYQUALINFO *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &POLICYQUALINFO_it); +} + +int +i2d_POLICYQUALINFO(POLICYQUALINFO *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &POLICYQUALINFO_it); +} + +POLICYQUALINFO * +POLICYQUALINFO_new(void) +{ + return (POLICYQUALINFO *)ASN1_item_new(&POLICYQUALINFO_it); +} + +void +POLICYQUALINFO_free(POLICYQUALINFO *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &POLICYQUALINFO_it); +} + +static const ASN1_TEMPLATE USERNOTICE_seq_tt[] = { + { + .flags = ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(USERNOTICE, noticeref), + .field_name = "noticeref", + .item = &NOTICEREF_it, + }, + { + .flags = ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(USERNOTICE, exptext), + .field_name = "exptext", + .item = &DISPLAYTEXT_it, + }, +}; + +const ASN1_ITEM USERNOTICE_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = USERNOTICE_seq_tt, + .tcount = sizeof(USERNOTICE_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(USERNOTICE), + .sname = "USERNOTICE", +}; + + +USERNOTICE * +d2i_USERNOTICE(USERNOTICE **a, const unsigned char **in, long len) +{ + return (USERNOTICE *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &USERNOTICE_it); +} + +int +i2d_USERNOTICE(USERNOTICE *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &USERNOTICE_it); +} + +USERNOTICE * +USERNOTICE_new(void) +{ + return (USERNOTICE *)ASN1_item_new(&USERNOTICE_it); +} + +void +USERNOTICE_free(USERNOTICE *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &USERNOTICE_it); +} + +static const ASN1_TEMPLATE NOTICEREF_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(NOTICEREF, organization), + .field_name = "organization", + .item = &DISPLAYTEXT_it, + }, + { + .flags = ASN1_TFLG_SEQUENCE_OF, + .tag = 0, + .offset = offsetof(NOTICEREF, noticenos), + .field_name = "noticenos", + .item = &ASN1_INTEGER_it, + }, +}; + +const ASN1_ITEM NOTICEREF_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = NOTICEREF_seq_tt, + .tcount = sizeof(NOTICEREF_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(NOTICEREF), + .sname = "NOTICEREF", +}; + + +NOTICEREF * +d2i_NOTICEREF(NOTICEREF **a, const unsigned char **in, long len) +{ + return (NOTICEREF *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &NOTICEREF_it); +} + +int +i2d_NOTICEREF(NOTICEREF *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &NOTICEREF_it); +} + +NOTICEREF * +NOTICEREF_new(void) +{ + return (NOTICEREF *)ASN1_item_new(&NOTICEREF_it); +} + +void +NOTICEREF_free(NOTICEREF *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &NOTICEREF_it); +} + +static +STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + char *value) { STACK_OF(POLICYINFO) *pols = NULL; char *pstr; @@ -136,257 +409,307 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, STACK_OF(CONF_VALUE) *vals; CONF_VALUE *cnf; int i, ia5org; + pols = sk_POLICYINFO_new_null(); - vals = X509V3_parse_list(value); + if (pols == NULL) { + X509V3error(ERR_R_MALLOC_FAILURE); + return NULL; + } + vals = X509V3_parse_list(value); + if (vals == NULL) { + X509V3error(ERR_R_X509V3_LIB); + goto err; + } ia5org = 0; - for(i = 0; i < sk_CONF_VALUE_num(vals); i++) { + for (i = 0; i < sk_CONF_VALUE_num(vals); i++) { cnf = sk_CONF_VALUE_value(vals, i); - if(cnf->value || !cnf->name ) { - X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_POLICY_IDENTIFIER); + if (cnf->value || !cnf->name) { + X509V3error(X509V3_R_INVALID_POLICY_IDENTIFIER); X509V3_conf_err(cnf); goto err; } pstr = cnf->name; - if(!strcmp(pstr,"ia5org")) { + if (!strcmp(pstr, "ia5org")) { ia5org = 1; continue; - } else if(*pstr == '@') { + } else if (*pstr == '@') { STACK_OF(CONF_VALUE) *polsect; polsect = X509V3_get_section(ctx, pstr + 1); - if(!polsect) { - X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_SECTION); - + if (!polsect) { + X509V3error(X509V3_R_INVALID_SECTION); X509V3_conf_err(cnf); goto err; } pol = policy_section(ctx, polsect, ia5org); X509V3_section_free(ctx, polsect); - if(!pol) goto err; + if (!pol) + goto err; } else { - if(!(pobj = OBJ_txt2obj(cnf->name, 0))) { - X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_OBJECT_IDENTIFIER); + if (!(pobj = OBJ_txt2obj(cnf->name, 0))) { + X509V3error(X509V3_R_INVALID_OBJECT_IDENTIFIER); X509V3_conf_err(cnf); goto err; } pol = POLICYINFO_new(); pol->policyid = pobj; } - sk_POLICYINFO_push(pols, pol); + if (!sk_POLICYINFO_push(pols, pol)){ + POLICYINFO_free(pol); + X509V3error(ERR_R_MALLOC_FAILURE); + goto err; + } } sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); return pols; - err: + +err: + sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); sk_POLICYINFO_pop_free(pols, POLICYINFO_free); return NULL; } -static POLICYINFO *policy_section(X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *polstrs, int ia5org) +static POLICYINFO * +policy_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *polstrs, int ia5org) { int i; CONF_VALUE *cnf; POLICYINFO *pol; - POLICYQUALINFO *qual; - if(!(pol = POLICYINFO_new())) goto merr; - for(i = 0; i < sk_CONF_VALUE_num(polstrs); i++) { + POLICYQUALINFO *nqual = NULL; + + if ((pol = POLICYINFO_new()) == NULL) + goto merr; + for (i = 0; i < sk_CONF_VALUE_num(polstrs); i++) { cnf = sk_CONF_VALUE_value(polstrs, i); - if(!strcmp(cnf->name, "policyIdentifier")) { + if (strcmp(cnf->name, "policyIdentifier") == 0) { ASN1_OBJECT *pobj; - if(!(pobj = OBJ_txt2obj(cnf->value, 0))) { - X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_OBJECT_IDENTIFIER); + + if ((pobj = OBJ_txt2obj(cnf->value, 0)) == NULL) { + X509V3error(X509V3_R_INVALID_OBJECT_IDENTIFIER); X509V3_conf_err(cnf); goto err; } pol->policyid = pobj; - - } else if(!name_cmp(cnf->name, "CPS")) { - if(!pol->qualifiers) pol->qualifiers = - sk_POLICYQUALINFO_new_null(); - if(!(qual = POLICYQUALINFO_new())) goto merr; - if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) - goto merr; - qual->pqualid = OBJ_nid2obj(NID_id_qt_cps); - qual->d.cpsuri = M_ASN1_IA5STRING_new(); - if(!ASN1_STRING_set(qual->d.cpsuri, cnf->value, - strlen(cnf->value))) goto merr; - } else if(!name_cmp(cnf->name, "userNotice")) { + } else if (name_cmp(cnf->name, "CPS") == 0) { + if ((nqual = POLICYQUALINFO_new()) == NULL) + goto merr; + nqual->pqualid = OBJ_nid2obj(NID_id_qt_cps); + nqual->d.cpsuri = ASN1_IA5STRING_new(); + if (nqual->d.cpsuri == NULL) + goto merr; + if (ASN1_STRING_set(nqual->d.cpsuri, cnf->value, + strlen(cnf->value)) == 0) + goto merr; + + if (pol->qualifiers == NULL) { + pol->qualifiers = sk_POLICYQUALINFO_new_null(); + if (pol->qualifiers == NULL) + goto merr; + } + if (sk_POLICYQUALINFO_push(pol->qualifiers, nqual) == 0) + goto merr; + nqual = NULL; + } else if (name_cmp(cnf->name, "userNotice") == 0) { STACK_OF(CONF_VALUE) *unot; - if(*cnf->value != '@') { - X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_EXPECTED_A_SECTION_NAME); + POLICYQUALINFO *qual; + + if (*cnf->value != '@') { + X509V3error(X509V3_R_EXPECTED_A_SECTION_NAME); X509V3_conf_err(cnf); goto err; } unot = X509V3_get_section(ctx, cnf->value + 1); - if(!unot) { - X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_SECTION); - + if (unot == NULL) { + X509V3error(X509V3_R_INVALID_SECTION); X509V3_conf_err(cnf); goto err; } qual = notice_section(ctx, unot, ia5org); X509V3_section_free(ctx, unot); - if(!qual) goto err; - if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) - goto merr; - } else { - X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_OPTION); + if (qual == NULL) + goto err; + if (pol->qualifiers == NULL) { + pol->qualifiers = sk_POLICYQUALINFO_new_null(); + if (pol->qualifiers == NULL) + goto merr; + } + if (sk_POLICYQUALINFO_push(pol->qualifiers, qual) == 0) + goto merr; + } else { + X509V3error(X509V3_R_INVALID_OPTION); X509V3_conf_err(cnf); goto err; } } - if(!pol->policyid) { - X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_NO_POLICY_IDENTIFIER); + if (pol->policyid == NULL) { + X509V3error(X509V3_R_NO_POLICY_IDENTIFIER); goto err; } return pol; - merr: - X509V3err(X509V3_F_POLICY_SECTION,ERR_R_MALLOC_FAILURE); +merr: + X509V3error(ERR_R_MALLOC_FAILURE); - err: +err: + POLICYQUALINFO_free(nqual); POLICYINFO_free(pol); return NULL; - - } -static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *unot, int ia5org) +static POLICYQUALINFO * +notice_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *unot, int ia5org) { - int i; + int i, ret; CONF_VALUE *cnf; USERNOTICE *not; POLICYQUALINFO *qual; - if(!(qual = POLICYQUALINFO_new())) goto merr; + + if (!(qual = POLICYQUALINFO_new())) + goto merr; qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice); - if(!(not = USERNOTICE_new())) goto merr; + if (!(not = USERNOTICE_new())) + goto merr; qual->d.usernotice = not; - for(i = 0; i < sk_CONF_VALUE_num(unot); i++) { + for (i = 0; i < sk_CONF_VALUE_num(unot); i++) { cnf = sk_CONF_VALUE_value(unot, i); - if(!strcmp(cnf->name, "explicitText")) { - not->exptext = M_ASN1_VISIBLESTRING_new(); - if(!ASN1_STRING_set(not->exptext, cnf->value, - strlen(cnf->value))) goto merr; - } else if(!strcmp(cnf->name, "organization")) { + if (!strcmp(cnf->name, "explicitText")) { + if (not->exptext == NULL) { + not->exptext = ASN1_VISIBLESTRING_new(); + if (not->exptext == NULL) + goto merr; + } + if (!ASN1_STRING_set(not->exptext, cnf->value, + strlen(cnf->value))) + goto merr; + } else if (!strcmp(cnf->name, "organization")) { NOTICEREF *nref; - if(!not->noticeref) { - if(!(nref = NOTICEREF_new())) goto merr; + if (!not->noticeref) { + if (!(nref = NOTICEREF_new())) + goto merr; not->noticeref = nref; - } else nref = not->noticeref; - if(ia5org) nref->organization = M_ASN1_IA5STRING_new(); - else nref->organization = M_ASN1_VISIBLESTRING_new(); - if(!ASN1_STRING_set(nref->organization, cnf->value, - strlen(cnf->value))) goto merr; - } else if(!strcmp(cnf->name, "noticeNumbers")) { + } else + nref = not->noticeref; + if (ia5org) + nref->organization->type = V_ASN1_IA5STRING; + else + nref->organization->type = V_ASN1_VISIBLESTRING; + if (!ASN1_STRING_set(nref->organization, cnf->value, + strlen(cnf->value))) + goto merr; + } else if (!strcmp(cnf->name, "noticeNumbers")) { NOTICEREF *nref; STACK_OF(CONF_VALUE) *nos; - if(!not->noticeref) { - if(!(nref = NOTICEREF_new())) goto merr; + if (!not->noticeref) { + if (!(nref = NOTICEREF_new())) + goto merr; not->noticeref = nref; - } else nref = not->noticeref; + } else + nref = not->noticeref; nos = X509V3_parse_list(cnf->value); - if(!nos || !sk_CONF_VALUE_num(nos)) { - X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_NUMBERS); + if (!nos || !sk_CONF_VALUE_num(nos)) { + X509V3error(X509V3_R_INVALID_NUMBERS); X509V3_conf_err(cnf); + if (nos != NULL) + sk_CONF_VALUE_pop_free(nos, + X509V3_conf_free); goto err; } - nref->noticenos = nref_nos(nos); + ret = nref_nos(nref->noticenos, nos); sk_CONF_VALUE_pop_free(nos, X509V3_conf_free); - if(!nref->noticenos) goto err; + if (!ret) + goto err; } else { - X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_OPTION); - + X509V3error(X509V3_R_INVALID_OPTION); X509V3_conf_err(cnf); goto err; } } - if(not->noticeref && - (!not->noticeref->noticenos || !not->noticeref->organization)) { - X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_NEED_ORGANIZATION_AND_NUMBERS); - goto err; + if (not->noticeref && + (!not->noticeref->noticenos || !not->noticeref->organization)) { + X509V3error(X509V3_R_NEED_ORGANIZATION_AND_NUMBERS); + goto err; } return qual; - merr: - X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE); +merr: + X509V3error(ERR_R_MALLOC_FAILURE); - err: +err: POLICYQUALINFO_free(qual); return NULL; } -static STACK_OF(ASN1_INTEGER) *nref_nos(STACK_OF(CONF_VALUE) *nos) +static int +nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos) { - STACK_OF(ASN1_INTEGER) *nnums; CONF_VALUE *cnf; ASN1_INTEGER *aint; - int i; - if(!(nnums = sk_ASN1_INTEGER_new_null())) goto merr; - for(i = 0; i < sk_CONF_VALUE_num(nos); i++) { + for (i = 0; i < sk_CONF_VALUE_num(nos); i++) { cnf = sk_CONF_VALUE_value(nos, i); - if(!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) { - X509V3err(X509V3_F_NREF_NOS,X509V3_R_INVALID_NUMBER); + if (!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) { + X509V3error(X509V3_R_INVALID_NUMBER); goto err; } - if(!sk_ASN1_INTEGER_push(nnums, aint)) goto merr; + if (!sk_ASN1_INTEGER_push(nnums, aint)) + goto merr; } - return nnums; + return 1; - merr: - X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE); +merr: + X509V3error(ERR_R_MALLOC_FAILURE); - err: +err: sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free); - return NULL; + return 0; } - -static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, - BIO *out, int indent) +static int +i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, BIO *out, + int indent) { int i; POLICYINFO *pinfo; + /* First print out the policy OIDs */ - for(i = 0; i < sk_POLICYINFO_num(pol); i++) { + for (i = 0; i < sk_POLICYINFO_num(pol); i++) { pinfo = sk_POLICYINFO_value(pol, i); BIO_printf(out, "%*sPolicy: ", indent, ""); i2a_ASN1_OBJECT(out, pinfo->policyid); BIO_puts(out, "\n"); - if(pinfo->qualifiers) - print_qualifiers(out, pinfo->qualifiers, indent + 2); + if (pinfo->qualifiers) + print_qualifiers(out, pinfo->qualifiers, indent + 2); } return 1; } -static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, - int indent) +static void +print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, int indent) { POLICYQUALINFO *qualinfo; int i; - for(i = 0; i < sk_POLICYQUALINFO_num(quals); i++) { + + for (i = 0; i < sk_POLICYQUALINFO_num(quals); i++) { qualinfo = sk_POLICYQUALINFO_value(quals, i); - switch(OBJ_obj2nid(qualinfo->pqualid)) - { - case NID_id_qt_cps: + switch (OBJ_obj2nid(qualinfo->pqualid)) { + case NID_id_qt_cps: BIO_printf(out, "%*sCPS: %s\n", indent, "", - qualinfo->d.cpsuri->data); + qualinfo->d.cpsuri->data); break; - - case NID_id_qt_unotice: + + case NID_id_qt_unotice: BIO_printf(out, "%*sUser Notice:\n", indent, ""); print_notice(out, qualinfo->d.usernotice, indent + 2); break; - default: + default: BIO_printf(out, "%*sUnknown Qualifier: ", - indent + 2, ""); - + indent + 2, ""); + i2a_ASN1_OBJECT(out, qualinfo->pqualid); BIO_puts(out, "\n"); break; @@ -394,29 +717,48 @@ static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, } } -static void print_notice(BIO *out, USERNOTICE *notice, int indent) +static void +print_notice(BIO *out, USERNOTICE *notice, int indent) { int i; - if(notice->noticeref) { + + if (notice->noticeref) { NOTICEREF *ref; ref = notice->noticeref; BIO_printf(out, "%*sOrganization: %s\n", indent, "", - ref->organization->data); + ref->organization->data); BIO_printf(out, "%*sNumber%s: ", indent, "", - sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : ""); - for(i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) { + sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : ""); + for (i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) { ASN1_INTEGER *num; char *tmp; num = sk_ASN1_INTEGER_value(ref->noticenos, i); - if(i) BIO_puts(out, ", "); + if (i) + BIO_puts(out, ", "); tmp = i2s_ASN1_INTEGER(NULL, num); BIO_puts(out, tmp); - OPENSSL_free(tmp); + free(tmp); } BIO_puts(out, "\n"); } - if(notice->exptext) + if (notice->exptext) BIO_printf(out, "%*sExplicit Text: %s\n", indent, "", - notice->exptext->data); + notice->exptext->data); } +void +X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent) +{ + const X509_POLICY_DATA *dat = node->data; + + BIO_printf(out, "%*sPolicy: ", indent, ""); + + i2a_ASN1_OBJECT(out, dat->valid_policy); + BIO_puts(out, "\n"); + BIO_printf(out, "%*s%s\n", indent + 2, "", + node_data_critical(dat) ? "Critical" : "Non Critical"); + if (dat->qualifier_set) + print_qualifiers(out, dat->qualifier_set, indent + 2); + else + BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, ""); +} diff --git a/src/lib/libcrypto/x509v3/v3_crld.c b/src/lib/libcrypto/x509v3/v3_crld.c index 894a8b94d80..8660c1ee4b4 100644 --- a/src/lib/libcrypto/x509v3/v3_crld.c +++ b/src/lib/libcrypto/x509v3/v3_crld.c @@ -1,16 +1,16 @@ -/* v3_crld.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: v3_crld.c,v 1.22 2017/05/02 04:11:08 deraadt Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,106 +57,753 @@ */ #include -#include "cryptlib.h" -#include +#include + #include #include +#include +#include #include -static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method, - STACK_OF(DIST_POINT) *crld, STACK_OF(CONF_VALUE) *extlist); -static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); - -X509V3_EXT_METHOD v3_crld = { -NID_crl_distribution_points, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(CRL_DIST_POINTS), -0,0,0,0, -0,0, -(X509V3_EXT_I2V)i2v_crld, -(X509V3_EXT_V2I)v2i_crld, -0,0, -NULL +static void *v2i_crld(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); +static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out, + int indent); + +const X509V3_EXT_METHOD v3_crld = { + .ext_nid = NID_crl_distribution_points, + .ext_flags = 0, + .it = &CRL_DIST_POINTS_it, + .ext_new = NULL, + .ext_free = NULL, + .d2i = NULL, + .i2d = NULL, + .i2s = NULL, + .s2i = NULL, + .i2v = NULL, + .v2i = v2i_crld, + .i2r = i2r_crldp, + .r2i = NULL, + .usr_data = NULL, +}; + +const X509V3_EXT_METHOD v3_freshest_crl = { + .ext_nid = NID_freshest_crl, + .ext_flags = 0, + .it = &CRL_DIST_POINTS_it, + .ext_new = NULL, + .ext_free = NULL, + .d2i = NULL, + .i2d = NULL, + .i2s = NULL, + .s2i = NULL, + .i2v = NULL, + .v2i = v2i_crld, + .i2r = i2r_crldp, + .r2i = NULL, + .usr_data = NULL, }; -static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method, - STACK_OF(DIST_POINT) *crld, STACK_OF(CONF_VALUE) *exts) +static +STACK_OF(GENERAL_NAME) *gnames_from_sectname(X509V3_CTX *ctx, char *sect) +{ + STACK_OF(CONF_VALUE) *gnsect; + STACK_OF(GENERAL_NAME) *gens; + + if (*sect == '@') + gnsect = X509V3_get_section(ctx, sect + 1); + else + gnsect = X509V3_parse_list(sect); + if (!gnsect) { + X509V3error(X509V3_R_SECTION_NOT_FOUND); + return NULL; + } + gens = v2i_GENERAL_NAMES(NULL, ctx, gnsect); + if (*sect == '@') + X509V3_section_free(ctx, gnsect); + else + sk_CONF_VALUE_pop_free(gnsect, X509V3_conf_free); + return gens; +} + +static int +set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx, CONF_VALUE *cnf) +{ + STACK_OF(GENERAL_NAME) *fnm = NULL; + STACK_OF(X509_NAME_ENTRY) *rnm = NULL; + + if (!strncmp(cnf->name, "fullname", 9)) { + fnm = gnames_from_sectname(ctx, cnf->value); + if (!fnm) + goto err; + } else if (!strcmp(cnf->name, "relativename")) { + int ret; + STACK_OF(CONF_VALUE) *dnsect; + X509_NAME *nm; + nm = X509_NAME_new(); + if (!nm) + return -1; + dnsect = X509V3_get_section(ctx, cnf->value); + if (!dnsect) { + X509V3error(X509V3_R_SECTION_NOT_FOUND); + X509_NAME_free(nm); + return -1; + } + ret = X509V3_NAME_from_section(nm, dnsect, MBSTRING_ASC); + X509V3_section_free(ctx, dnsect); + rnm = nm->entries; + nm->entries = NULL; + X509_NAME_free(nm); + if (!ret || sk_X509_NAME_ENTRY_num(rnm) <= 0) + goto err; + /* Since its a name fragment can't have more than one + * RDNSequence + */ + if (sk_X509_NAME_ENTRY_value(rnm, + sk_X509_NAME_ENTRY_num(rnm) - 1)->set) { + X509V3error(X509V3_R_INVALID_MULTIPLE_RDNS); + goto err; + } + } else + return 0; + + if (*pdp) { + X509V3error(X509V3_R_DISTPOINT_ALREADY_SET); + goto err; + } + + *pdp = DIST_POINT_NAME_new(); + if (!*pdp) + goto err; + if (fnm) { + (*pdp)->type = 0; + (*pdp)->name.fullname = fnm; + } else { + (*pdp)->type = 1; + (*pdp)->name.relativename = rnm; + } + + return 1; + +err: + sk_GENERAL_NAME_pop_free(fnm, GENERAL_NAME_free); + sk_X509_NAME_ENTRY_pop_free(rnm, X509_NAME_ENTRY_free); + return -1; +} + +static const BIT_STRING_BITNAME reason_flags[] = { + {0, "Unused", "unused"}, + {1, "Key Compromise", "keyCompromise"}, + {2, "CA Compromise", "CACompromise"}, + {3, "Affiliation Changed", "affiliationChanged"}, + {4, "Superseded", "superseded"}, + {5, "Cessation Of Operation", "cessationOfOperation"}, + {6, "Certificate Hold", "certificateHold"}, + {7, "Privilege Withdrawn", "privilegeWithdrawn"}, + {8, "AA Compromise", "AACompromise"}, + {-1, NULL, NULL} +}; + +static int +set_reasons(ASN1_BIT_STRING **preas, char *value) +{ + STACK_OF(CONF_VALUE) *rsk = NULL; + const BIT_STRING_BITNAME *pbn; + const char *bnam; + int i, ret = 0; + + if (*preas != NULL) + return 0; + rsk = X509V3_parse_list(value); + if (rsk == NULL) + return 0; + for (i = 0; i < sk_CONF_VALUE_num(rsk); i++) { + bnam = sk_CONF_VALUE_value(rsk, i)->name; + if (!*preas) { + *preas = ASN1_BIT_STRING_new(); + if (!*preas) + goto err; + } + for (pbn = reason_flags; pbn->lname; pbn++) { + if (!strcmp(pbn->sname, bnam)) { + if (!ASN1_BIT_STRING_set_bit(*preas, + pbn->bitnum, 1)) + goto err; + break; + } + } + if (!pbn->lname) + goto err; + } + ret = 1; + +err: + sk_CONF_VALUE_pop_free(rsk, X509V3_conf_free); + return ret; +} + +static int +print_reasons(BIO *out, const char *rname, ASN1_BIT_STRING *rflags, int indent) +{ + int first = 1; + const BIT_STRING_BITNAME *pbn; + + BIO_printf(out, "%*s%s:\n%*s", indent, "", rname, indent + 2, ""); + for (pbn = reason_flags; pbn->lname; pbn++) { + if (ASN1_BIT_STRING_get_bit(rflags, pbn->bitnum)) { + if (first) + first = 0; + else + BIO_puts(out, ", "); + BIO_puts(out, pbn->lname); + } + } + if (first) + BIO_puts(out, "\n"); + else + BIO_puts(out, "\n"); + return 1; +} + +static DIST_POINT * +crldp_from_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) { - DIST_POINT *point; int i; - for(i = 0; i < sk_DIST_POINT_num(crld); i++) { - point = sk_DIST_POINT_value(crld, i); - if(point->distpoint) { - if(point->distpoint->type == 0) - exts = i2v_GENERAL_NAMES(NULL, - point->distpoint->name.fullname, exts); - else X509V3_add_value("RelativeName","", &exts); + CONF_VALUE *cnf; + DIST_POINT *point = NULL; + + point = DIST_POINT_new(); + if (!point) + goto err; + for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { + int ret; + cnf = sk_CONF_VALUE_value(nval, i); + ret = set_dist_point_name(&point->distpoint, ctx, cnf); + if (ret > 0) + continue; + if (ret < 0) + goto err; + if (!strcmp(cnf->name, "reasons")) { + if (!set_reasons(&point->reasons, cnf->value)) + goto err; + } + else if (!strcmp(cnf->name, "CRLissuer")) { + point->CRLissuer = + gnames_from_sectname(ctx, cnf->value); + if (!point->CRLissuer) + goto err; } - if(point->reasons) - X509V3_add_value("reasons","", &exts); - if(point->CRLissuer) - X509V3_add_value("CRLissuer","", &exts); } - return exts; + + return point; + +err: + DIST_POINT_free(point); + return NULL; } -static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) +static void * +v2i_crld(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *nval) { STACK_OF(DIST_POINT) *crld = NULL; GENERAL_NAMES *gens = NULL; GENERAL_NAME *gen = NULL; CONF_VALUE *cnf; int i; - if(!(crld = sk_DIST_POINT_new_null())) goto merr; - for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { + + if (!(crld = sk_DIST_POINT_new_null())) + goto merr; + for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { DIST_POINT *point; cnf = sk_CONF_VALUE_value(nval, i); - if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) goto err; - if(!(gens = GENERAL_NAMES_new())) goto merr; - if(!sk_GENERAL_NAME_push(gens, gen)) goto merr; - gen = NULL; - if(!(point = DIST_POINT_new())) goto merr; - if(!sk_DIST_POINT_push(crld, point)) { - DIST_POINT_free(point); - goto merr; + if (!cnf->value) { + STACK_OF(CONF_VALUE) *dpsect; + dpsect = X509V3_get_section(ctx, cnf->name); + if (!dpsect) + goto err; + point = crldp_from_section(ctx, dpsect); + X509V3_section_free(ctx, dpsect); + if (!point) + goto err; + if (!sk_DIST_POINT_push(crld, point)) { + DIST_POINT_free(point); + goto merr; + } + } else { + if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) + goto err; + if (!(gens = GENERAL_NAMES_new())) + goto merr; + if (!sk_GENERAL_NAME_push(gens, gen)) + goto merr; + gen = NULL; + if (!(point = DIST_POINT_new())) + goto merr; + if (!sk_DIST_POINT_push(crld, point)) { + DIST_POINT_free(point); + goto merr; + } + if (!(point->distpoint = DIST_POINT_NAME_new())) + goto merr; + point->distpoint->name.fullname = gens; + point->distpoint->type = 0; + gens = NULL; } - if(!(point->distpoint = DIST_POINT_NAME_new())) goto merr; - point->distpoint->name.fullname = gens; - point->distpoint->type = 0; - gens = NULL; } return crld; - merr: - X509V3err(X509V3_F_V2I_CRLD,ERR_R_MALLOC_FAILURE); - err: +merr: + X509V3error(ERR_R_MALLOC_FAILURE); +err: GENERAL_NAME_free(gen); GENERAL_NAMES_free(gens); sk_DIST_POINT_pop_free(crld, DIST_POINT_free); return NULL; } -IMPLEMENT_STACK_OF(DIST_POINT) -IMPLEMENT_ASN1_SET_OF(DIST_POINT) +static int +dpn_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) +{ + DIST_POINT_NAME *dpn = (DIST_POINT_NAME *)*pval; + + switch (operation) { + case ASN1_OP_NEW_POST: + dpn->dpname = NULL; + break; + + case ASN1_OP_FREE_POST: + if (dpn->dpname) + X509_NAME_free(dpn->dpname); + break; + } + return 1; +} + + +static const ASN1_AUX DIST_POINT_NAME_aux = { + .app_data = NULL, + .flags = 0, + .ref_offset = 0, + .ref_lock = 0, + .asn1_cb = dpn_cb, + .enc_offset = 0, +}; +static const ASN1_TEMPLATE DIST_POINT_NAME_ch_tt[] = { + { + .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SEQUENCE_OF, + .tag = 0, + .offset = offsetof(DIST_POINT_NAME, name.fullname), + .field_name = "name.fullname", + .item = &GENERAL_NAME_it, + }, + { + .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SET_OF, + .tag = 1, + .offset = offsetof(DIST_POINT_NAME, name.relativename), + .field_name = "name.relativename", + .item = &X509_NAME_ENTRY_it, + }, +}; + +const ASN1_ITEM DIST_POINT_NAME_it = { + .itype = ASN1_ITYPE_CHOICE, + .utype = offsetof(DIST_POINT_NAME, type), + .templates = DIST_POINT_NAME_ch_tt, + .tcount = sizeof(DIST_POINT_NAME_ch_tt) / sizeof(ASN1_TEMPLATE), + .funcs = &DIST_POINT_NAME_aux, + .size = sizeof(DIST_POINT_NAME), + .sname = "DIST_POINT_NAME", +}; + + + +DIST_POINT_NAME * +d2i_DIST_POINT_NAME(DIST_POINT_NAME **a, const unsigned char **in, long len) +{ + return (DIST_POINT_NAME *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &DIST_POINT_NAME_it); +} + +int +i2d_DIST_POINT_NAME(DIST_POINT_NAME *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &DIST_POINT_NAME_it); +} +DIST_POINT_NAME * +DIST_POINT_NAME_new(void) +{ + return (DIST_POINT_NAME *)ASN1_item_new(&DIST_POINT_NAME_it); +} -ASN1_CHOICE(DIST_POINT_NAME) = { - ASN1_IMP_SEQUENCE_OF(DIST_POINT_NAME, name.fullname, GENERAL_NAME, 0), - ASN1_IMP_SET_OF(DIST_POINT_NAME, name.relativename, X509_NAME_ENTRY, 1) -} ASN1_CHOICE_END(DIST_POINT_NAME) +void +DIST_POINT_NAME_free(DIST_POINT_NAME *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &DIST_POINT_NAME_it); +} -IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT_NAME) +static const ASN1_TEMPLATE DIST_POINT_seq_tt[] = { + { + .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(DIST_POINT, distpoint), + .field_name = "distpoint", + .item = &DIST_POINT_NAME_it, + }, + { + .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL, + .tag = 1, + .offset = offsetof(DIST_POINT, reasons), + .field_name = "reasons", + .item = &ASN1_BIT_STRING_it, + }, + { + .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL, + .tag = 2, + .offset = offsetof(DIST_POINT, CRLissuer), + .field_name = "CRLissuer", + .item = &GENERAL_NAME_it, + }, +}; -ASN1_SEQUENCE(DIST_POINT) = { - ASN1_EXP_OPT(DIST_POINT, distpoint, DIST_POINT_NAME, 0), - ASN1_IMP_OPT(DIST_POINT, reasons, ASN1_BIT_STRING, 1), - ASN1_IMP_SEQUENCE_OF_OPT(DIST_POINT, CRLissuer, GENERAL_NAME, 2) -} ASN1_SEQUENCE_END(DIST_POINT) +const ASN1_ITEM DIST_POINT_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = DIST_POINT_seq_tt, + .tcount = sizeof(DIST_POINT_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(DIST_POINT), + .sname = "DIST_POINT", +}; -IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT) -ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, DIST_POINT, DIST_POINT) -ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS) +DIST_POINT * +d2i_DIST_POINT(DIST_POINT **a, const unsigned char **in, long len) +{ + return (DIST_POINT *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &DIST_POINT_it); +} + +int +i2d_DIST_POINT(DIST_POINT *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &DIST_POINT_it); +} -IMPLEMENT_ASN1_FUNCTIONS(CRL_DIST_POINTS) +DIST_POINT * +DIST_POINT_new(void) +{ + return (DIST_POINT *)ASN1_item_new(&DIST_POINT_it); +} + +void +DIST_POINT_free(DIST_POINT *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &DIST_POINT_it); +} + +static const ASN1_TEMPLATE CRL_DIST_POINTS_item_tt = { + .flags = ASN1_TFLG_SEQUENCE_OF, + .tag = 0, + .offset = 0, + .field_name = "CRLDistributionPoints", + .item = &DIST_POINT_it, +}; + +const ASN1_ITEM CRL_DIST_POINTS_it = { + .itype = ASN1_ITYPE_PRIMITIVE, + .utype = -1, + .templates = &CRL_DIST_POINTS_item_tt, + .tcount = 0, + .funcs = NULL, + .size = 0, + .sname = "CRL_DIST_POINTS", +}; + + +CRL_DIST_POINTS * +d2i_CRL_DIST_POINTS(CRL_DIST_POINTS **a, const unsigned char **in, long len) +{ + return (CRL_DIST_POINTS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &CRL_DIST_POINTS_it); +} + +int +i2d_CRL_DIST_POINTS(CRL_DIST_POINTS *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &CRL_DIST_POINTS_it); +} + +CRL_DIST_POINTS * +CRL_DIST_POINTS_new(void) +{ + return (CRL_DIST_POINTS *)ASN1_item_new(&CRL_DIST_POINTS_it); +} + +void +CRL_DIST_POINTS_free(CRL_DIST_POINTS *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &CRL_DIST_POINTS_it); +} + +static const ASN1_TEMPLATE ISSUING_DIST_POINT_seq_tt[] = { + { + .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(ISSUING_DIST_POINT, distpoint), + .field_name = "distpoint", + .item = &DIST_POINT_NAME_it, + }, + { + .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL, + .tag = 1, + .offset = offsetof(ISSUING_DIST_POINT, onlyuser), + .field_name = "onlyuser", + .item = &ASN1_FBOOLEAN_it, + }, + { + .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL, + .tag = 2, + .offset = offsetof(ISSUING_DIST_POINT, onlyCA), + .field_name = "onlyCA", + .item = &ASN1_FBOOLEAN_it, + }, + { + .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL, + .tag = 3, + .offset = offsetof(ISSUING_DIST_POINT, onlysomereasons), + .field_name = "onlysomereasons", + .item = &ASN1_BIT_STRING_it, + }, + { + .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL, + .tag = 4, + .offset = offsetof(ISSUING_DIST_POINT, indirectCRL), + .field_name = "indirectCRL", + .item = &ASN1_FBOOLEAN_it, + }, + { + .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL, + .tag = 5, + .offset = offsetof(ISSUING_DIST_POINT, onlyattr), + .field_name = "onlyattr", + .item = &ASN1_FBOOLEAN_it, + }, +}; + +const ASN1_ITEM ISSUING_DIST_POINT_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = ISSUING_DIST_POINT_seq_tt, + .tcount = sizeof(ISSUING_DIST_POINT_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(ISSUING_DIST_POINT), + .sname = "ISSUING_DIST_POINT", +}; + + +ISSUING_DIST_POINT * +d2i_ISSUING_DIST_POINT(ISSUING_DIST_POINT **a, const unsigned char **in, long len) +{ + return (ISSUING_DIST_POINT *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &ISSUING_DIST_POINT_it); +} + +int +i2d_ISSUING_DIST_POINT(ISSUING_DIST_POINT *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &ISSUING_DIST_POINT_it); +} + +ISSUING_DIST_POINT * +ISSUING_DIST_POINT_new(void) +{ + return (ISSUING_DIST_POINT *)ASN1_item_new(&ISSUING_DIST_POINT_it); +} + +void +ISSUING_DIST_POINT_free(ISSUING_DIST_POINT *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &ISSUING_DIST_POINT_it); +} + +static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out, + int indent); +static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *nval); + +const X509V3_EXT_METHOD v3_idp = { + NID_issuing_distribution_point, X509V3_EXT_MULTILINE, + &ISSUING_DIST_POINT_it, + 0, 0, 0, 0, + 0, 0, + 0, + v2i_idp, + i2r_idp, 0, + NULL +}; + +static void * +v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *nval) +{ + ISSUING_DIST_POINT *idp = NULL; + CONF_VALUE *cnf; + char *name, *val; + int i, ret; + + idp = ISSUING_DIST_POINT_new(); + if (!idp) + goto merr; + for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { + cnf = sk_CONF_VALUE_value(nval, i); + name = cnf->name; + val = cnf->value; + ret = set_dist_point_name(&idp->distpoint, ctx, cnf); + if (ret > 0) + continue; + if (ret < 0) + goto err; + if (!strcmp(name, "onlyuser")) { + if (!X509V3_get_value_bool(cnf, &idp->onlyuser)) + goto err; + } + else if (!strcmp(name, "onlyCA")) { + if (!X509V3_get_value_bool(cnf, &idp->onlyCA)) + goto err; + } + else if (!strcmp(name, "onlyAA")) { + if (!X509V3_get_value_bool(cnf, &idp->onlyattr)) + goto err; + } + else if (!strcmp(name, "indirectCRL")) { + if (!X509V3_get_value_bool(cnf, &idp->indirectCRL)) + goto err; + } + else if (!strcmp(name, "onlysomereasons")) { + if (!set_reasons(&idp->onlysomereasons, val)) + goto err; + } else { + X509V3error(X509V3_R_INVALID_NAME); + X509V3_conf_err(cnf); + goto err; + } + } + return idp; + +merr: + X509V3error(ERR_R_MALLOC_FAILURE); +err: + ISSUING_DIST_POINT_free(idp); + return NULL; +} + +static int +print_gens(BIO *out, STACK_OF(GENERAL_NAME) *gens, int indent) +{ + int i; + + for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) { + BIO_printf(out, "%*s", indent + 2, ""); + GENERAL_NAME_print(out, sk_GENERAL_NAME_value(gens, i)); + BIO_puts(out, "\n"); + } + return 1; +} + +static int +print_distpoint(BIO *out, DIST_POINT_NAME *dpn, int indent) +{ + if (dpn->type == 0) { + BIO_printf(out, "%*sFull Name:\n", indent, ""); + print_gens(out, dpn->name.fullname, indent); + } else { + X509_NAME ntmp; + ntmp.entries = dpn->name.relativename; + BIO_printf(out, "%*sRelative Name:\n%*s", + indent, "", indent + 2, ""); + X509_NAME_print_ex(out, &ntmp, 0, XN_FLAG_ONELINE); + BIO_puts(out, "\n"); + } + return 1; +} + +static int +i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out, int indent) +{ + ISSUING_DIST_POINT *idp = pidp; + + if (idp->distpoint) + print_distpoint(out, idp->distpoint, indent); + if (idp->onlyuser > 0) + BIO_printf(out, "%*sOnly User Certificates\n", indent, ""); + if (idp->onlyCA > 0) + BIO_printf(out, "%*sOnly CA Certificates\n", indent, ""); + if (idp->indirectCRL > 0) + BIO_printf(out, "%*sIndirect CRL\n", indent, ""); + if (idp->onlysomereasons) + print_reasons(out, "Only Some Reasons", + idp->onlysomereasons, indent); + if (idp->onlyattr > 0) + BIO_printf(out, "%*sOnly Attribute Certificates\n", indent, ""); + if (!idp->distpoint && (idp->onlyuser <= 0) && (idp->onlyCA <= 0) && + (idp->indirectCRL <= 0) && !idp->onlysomereasons && + (idp->onlyattr <= 0)) + BIO_printf(out, "%*s\n", indent, ""); + + return 1; +} + +static int +i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out, int indent) +{ + STACK_OF(DIST_POINT) *crld = pcrldp; + DIST_POINT *point; + int i; + + for (i = 0; i < sk_DIST_POINT_num(crld); i++) { + BIO_puts(out, "\n"); + point = sk_DIST_POINT_value(crld, i); + if (point->distpoint) + print_distpoint(out, point->distpoint, indent); + if (point->reasons) + print_reasons(out, "Reasons", point->reasons, + indent); + if (point->CRLissuer) { + BIO_printf(out, "%*sCRL Issuer:\n", indent, ""); + print_gens(out, point->CRLissuer, indent); + } + } + return 1; +} + +int +DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname) +{ + int i; + STACK_OF(X509_NAME_ENTRY) *frag; + X509_NAME_ENTRY *ne; + + if (!dpn || (dpn->type != 1)) + return 1; + frag = dpn->name.relativename; + dpn->dpname = X509_NAME_dup(iname); + if (!dpn->dpname) + return 0; + for (i = 0; i < sk_X509_NAME_ENTRY_num(frag); i++) { + ne = sk_X509_NAME_ENTRY_value(frag, i); + if (!X509_NAME_add_entry(dpn->dpname, ne, -1, i ? 0 : 1)) { + X509_NAME_free(dpn->dpname); + dpn->dpname = NULL; + return 0; + } + } + /* generate cached encoding of name */ + if (i2d_X509_NAME(dpn->dpname, NULL) < 0) { + X509_NAME_free(dpn->dpname); + dpn->dpname = NULL; + return 0; + } + return 1; +} diff --git a/src/lib/libcrypto/x509v3/v3_enum.c b/src/lib/libcrypto/x509v3/v3_enum.c index 010c9d6260a..2ef3ea3e90b 100644 --- a/src/lib/libcrypto/x509v3/v3_enum.c +++ b/src/lib/libcrypto/x509v3/v3_enum.c @@ -1,5 +1,5 @@ -/* v3_enum.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: v3_enum.c,v 1.13 2018/05/19 10:37:02 tb Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,38 +57,51 @@ */ #include -#include "cryptlib.h" +#include #include static ENUMERATED_NAMES crl_reasons[] = { -{0, "Unspecified", "unspecified"}, -{1, "Key Compromise", "keyCompromise"}, -{2, "CA Compromise", "CACompromise"}, -{3, "Affiliation Changed", "affiliationChanged"}, -{4, "Superseded", "superseded"}, -{5, "Cessation Of Operation", "cessationOfOperation"}, -{6, "Certificate Hold", "certificateHold"}, -{8, "Remove From CRL", "removeFromCRL"}, -{-1, NULL, NULL} + {CRL_REASON_UNSPECIFIED, "Unspecified", "unspecified"}, + {CRL_REASON_KEY_COMPROMISE, "Key Compromise", "keyCompromise"}, + {CRL_REASON_CA_COMPROMISE, "CA Compromise", "CACompromise"}, + {CRL_REASON_AFFILIATION_CHANGED, "Affiliation Changed", "affiliationChanged"}, + {CRL_REASON_SUPERSEDED, "Superseded", "superseded"}, + {CRL_REASON_CESSATION_OF_OPERATION, + "Cessation Of Operation", "cessationOfOperation"}, + {CRL_REASON_CERTIFICATE_HOLD, "Certificate Hold", "certificateHold"}, + {CRL_REASON_REMOVE_FROM_CRL, "Remove From CRL", "removeFromCRL"}, + {CRL_REASON_PRIVILEGE_WITHDRAWN, "Privilege Withdrawn", "privilegeWithdrawn"}, + {CRL_REASON_AA_COMPROMISE, "AA Compromise", "AACompromise"}, + {-1, NULL, NULL} }; -X509V3_EXT_METHOD v3_crl_reason = { -NID_crl_reason, 0, ASN1_ITEM_ref(ASN1_ENUMERATED), -0,0,0,0, -(X509V3_EXT_I2S)i2s_ASN1_ENUMERATED_TABLE, -0, -0,0,0,0, -crl_reasons}; - +const X509V3_EXT_METHOD v3_crl_reason = { + .ext_nid = NID_crl_reason, + .ext_flags = 0, + .it = &ASN1_ENUMERATED_it, + .ext_new = NULL, + .ext_free = NULL, + .d2i = NULL, + .i2d = NULL, + .i2s = (X509V3_EXT_I2S)i2s_ASN1_ENUMERATED_TABLE, + .s2i = NULL, + .i2v = NULL, + .v2i = NULL, + .i2r = NULL, + .r2i = NULL, + .usr_data = crl_reasons, +}; -char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method, - ASN1_ENUMERATED *e) +char * +i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method, const ASN1_ENUMERATED *e) { ENUMERATED_NAMES *enam; long strval; + strval = ASN1_ENUMERATED_get(e); - for(enam = method->usr_data; enam->lname; enam++) { - if(strval == enam->bitnum) return BUF_strdup(enam->lname); + for (enam = method->usr_data; enam->lname; enam++) { + if (strval == enam->bitnum) + return strdup(enam->lname); } return i2s_ASN1_ENUMERATED(method, e); } diff --git a/src/lib/libcrypto/x509v3/v3_extku.c b/src/lib/libcrypto/x509v3/v3_extku.c index b1cfaba1aa8..527e80b28e6 100644 --- a/src/lib/libcrypto/x509v3/v3_extku.c +++ b/src/lib/libcrypto/x509v3/v3_extku.c @@ -1,5 +1,5 @@ -/* v3_extku.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: v3_extku.c,v 1.15 2017/01/29 17:49:23 beck Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -56,55 +56,107 @@ * */ - #include -#include "cryptlib.h" + #include #include +#include #include -static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); -static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method, - void *eku, STACK_OF(CONF_VALUE) *extlist); - -X509V3_EXT_METHOD v3_ext_ku = { - NID_ext_key_usage, 0, - ASN1_ITEM_ref(EXTENDED_KEY_USAGE), - 0,0,0,0, - 0,0, - i2v_EXTENDED_KEY_USAGE, - v2i_EXTENDED_KEY_USAGE, - 0,0, - NULL +static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); +static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE( + const X509V3_EXT_METHOD *method, void *eku, STACK_OF(CONF_VALUE) *extlist); + +const X509V3_EXT_METHOD v3_ext_ku = { + .ext_nid = NID_ext_key_usage, + .ext_flags = 0, + .it = &EXTENDED_KEY_USAGE_it, + .ext_new = NULL, + .ext_free = NULL, + .d2i = NULL, + .i2d = NULL, + .i2s = NULL, + .s2i = NULL, + .i2v = i2v_EXTENDED_KEY_USAGE, + .v2i = v2i_EXTENDED_KEY_USAGE, + .i2r = NULL, + .r2i = NULL, + .usr_data = NULL, }; /* NB OCSP acceptable responses also is a SEQUENCE OF OBJECT */ -X509V3_EXT_METHOD v3_ocsp_accresp = { - NID_id_pkix_OCSP_acceptableResponses, 0, - ASN1_ITEM_ref(EXTENDED_KEY_USAGE), - 0,0,0,0, - 0,0, - i2v_EXTENDED_KEY_USAGE, - v2i_EXTENDED_KEY_USAGE, - 0,0, - NULL +const X509V3_EXT_METHOD v3_ocsp_accresp = { + .ext_nid = NID_id_pkix_OCSP_acceptableResponses, + .ext_flags = 0, + .it = &EXTENDED_KEY_USAGE_it, + .ext_new = NULL, + .ext_free = NULL, + .d2i = NULL, + .i2d = NULL, + .i2s = NULL, + .s2i = NULL, + .i2v = i2v_EXTENDED_KEY_USAGE, + .v2i = v2i_EXTENDED_KEY_USAGE, + .i2r = NULL, + .r2i = NULL, + .usr_data = NULL, }; -ASN1_ITEM_TEMPLATE(EXTENDED_KEY_USAGE) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, EXTENDED_KEY_USAGE, ASN1_OBJECT) -ASN1_ITEM_TEMPLATE_END(EXTENDED_KEY_USAGE) +static const ASN1_TEMPLATE EXTENDED_KEY_USAGE_item_tt = { + .flags = ASN1_TFLG_SEQUENCE_OF, + .tag = 0, + .offset = 0, + .field_name = "EXTENDED_KEY_USAGE", + .item = &ASN1_OBJECT_it, +}; + +const ASN1_ITEM EXTENDED_KEY_USAGE_it = { + .itype = ASN1_ITYPE_PRIMITIVE, + .utype = -1, + .templates = &EXTENDED_KEY_USAGE_item_tt, + .tcount = 0, + .funcs = NULL, + .size = 0, + .sname = "EXTENDED_KEY_USAGE", +}; + + +EXTENDED_KEY_USAGE * +d2i_EXTENDED_KEY_USAGE(EXTENDED_KEY_USAGE **a, const unsigned char **in, long len) +{ + return (EXTENDED_KEY_USAGE *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &EXTENDED_KEY_USAGE_it); +} + +int +i2d_EXTENDED_KEY_USAGE(EXTENDED_KEY_USAGE *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &EXTENDED_KEY_USAGE_it); +} -IMPLEMENT_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE) +EXTENDED_KEY_USAGE * +EXTENDED_KEY_USAGE_new(void) +{ + return (EXTENDED_KEY_USAGE *)ASN1_item_new(&EXTENDED_KEY_USAGE_it); +} -static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method, - void *a, STACK_OF(CONF_VALUE) *ext_list) +void +EXTENDED_KEY_USAGE_free(EXTENDED_KEY_USAGE *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &EXTENDED_KEY_USAGE_it); +} + +static STACK_OF(CONF_VALUE) * +i2v_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, void *a, + STACK_OF(CONF_VALUE) *ext_list) { EXTENDED_KEY_USAGE *eku = a; int i; ASN1_OBJECT *obj; char obj_tmp[80]; - for(i = 0; i < sk_ASN1_OBJECT_num(eku); i++) { + + for (i = 0; i < sk_ASN1_OBJECT_num(eku); i++) { obj = sk_ASN1_OBJECT_value(eku, i); i2t_ASN1_OBJECT(obj_tmp, 80, obj); X509V3_add_value(NULL, obj_tmp, &ext_list); @@ -112,8 +164,9 @@ static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method, return ext_list; } -static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) +static void * +v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *nval) { EXTENDED_KEY_USAGE *extku; char *extval; @@ -121,22 +174,29 @@ static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method, CONF_VALUE *val; int i; - if(!(extku = sk_ASN1_OBJECT_new_null())) { - X509V3err(X509V3_F_V2I_EXT_KU,ERR_R_MALLOC_FAILURE); + if (!(extku = sk_ASN1_OBJECT_new_null())) { + X509V3error(ERR_R_MALLOC_FAILURE); return NULL; } - for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { + for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { val = sk_CONF_VALUE_value(nval, i); - if(val->value) extval = val->value; - else extval = val->name; - if(!(objtmp = OBJ_txt2obj(extval, 0))) { + if (val->value) + extval = val->value; + else + extval = val->name; + if (!(objtmp = OBJ_txt2obj(extval, 0))) { sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free); - X509V3err(X509V3_F_V2I_EXT_KU,X509V3_R_INVALID_OBJECT_IDENTIFIER); + X509V3error(X509V3_R_INVALID_OBJECT_IDENTIFIER); X509V3_conf_err(val); return NULL; } - sk_ASN1_OBJECT_push(extku, objtmp); + if (sk_ASN1_OBJECT_push(extku, objtmp) == 0) { + ASN1_OBJECT_free(objtmp); + sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free); + X509V3error(ERR_R_MALLOC_FAILURE); + return NULL; + } } return extku; } diff --git a/src/lib/libcrypto/x509v3/v3_genn.c b/src/lib/libcrypto/x509v3/v3_genn.c index 650b510980d..a6b7a18b17b 100644 --- a/src/lib/libcrypto/x509v3/v3_genn.c +++ b/src/lib/libcrypto/x509v3/v3_genn.c @@ -1,16 +1,16 @@ -/* v3_genn.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: v3_genn.c,v 1.12 2015/09/26 17:38:41 jsing Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -58,44 +58,417 @@ #include -#include "cryptlib.h" + #include #include #include -ASN1_SEQUENCE(OTHERNAME) = { - ASN1_SIMPLE(OTHERNAME, type_id, ASN1_OBJECT), +static const ASN1_TEMPLATE OTHERNAME_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(OTHERNAME, type_id), + .field_name = "type_id", + .item = &ASN1_OBJECT_it, + }, /* Maybe have a true ANY DEFINED BY later */ - ASN1_EXP(OTHERNAME, value, ASN1_ANY, 0) -} ASN1_SEQUENCE_END(OTHERNAME) + { + .flags = ASN1_TFLG_EXPLICIT, + .tag = 0, + .offset = offsetof(OTHERNAME, value), + .field_name = "value", + .item = &ASN1_ANY_it, + }, +}; + +const ASN1_ITEM OTHERNAME_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = OTHERNAME_seq_tt, + .tcount = sizeof(OTHERNAME_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(OTHERNAME), + .sname = "OTHERNAME", +}; + + +OTHERNAME * +d2i_OTHERNAME(OTHERNAME **a, const unsigned char **in, long len) +{ + return (OTHERNAME *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &OTHERNAME_it); +} + +int +i2d_OTHERNAME(OTHERNAME *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &OTHERNAME_it); +} + +OTHERNAME * +OTHERNAME_new(void) +{ + return (OTHERNAME *)ASN1_item_new(&OTHERNAME_it); +} -IMPLEMENT_ASN1_FUNCTIONS(OTHERNAME) +void +OTHERNAME_free(OTHERNAME *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &OTHERNAME_it); +} -ASN1_SEQUENCE(EDIPARTYNAME) = { - ASN1_IMP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0), - ASN1_IMP_OPT(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1) -} ASN1_SEQUENCE_END(EDIPARTYNAME) +static const ASN1_TEMPLATE EDIPARTYNAME_seq_tt[] = { + { + .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(EDIPARTYNAME, nameAssigner), + .field_name = "nameAssigner", + .item = &DIRECTORYSTRING_it, + }, + { + .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL, + .tag = 1, + .offset = offsetof(EDIPARTYNAME, partyName), + .field_name = "partyName", + .item = &DIRECTORYSTRING_it, + }, +}; -IMPLEMENT_ASN1_FUNCTIONS(EDIPARTYNAME) +const ASN1_ITEM EDIPARTYNAME_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = EDIPARTYNAME_seq_tt, + .tcount = sizeof(EDIPARTYNAME_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(EDIPARTYNAME), + .sname = "EDIPARTYNAME", +}; -ASN1_CHOICE(GENERAL_NAME) = { - ASN1_IMP(GENERAL_NAME, d.otherName, OTHERNAME, GEN_OTHERNAME), - ASN1_IMP(GENERAL_NAME, d.rfc822Name, ASN1_IA5STRING, GEN_EMAIL), - ASN1_IMP(GENERAL_NAME, d.dNSName, ASN1_IA5STRING, GEN_DNS), + +EDIPARTYNAME * +d2i_EDIPARTYNAME(EDIPARTYNAME **a, const unsigned char **in, long len) +{ + return (EDIPARTYNAME *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &EDIPARTYNAME_it); +} + +int +i2d_EDIPARTYNAME(EDIPARTYNAME *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &EDIPARTYNAME_it); +} + +EDIPARTYNAME * +EDIPARTYNAME_new(void) +{ + return (EDIPARTYNAME *)ASN1_item_new(&EDIPARTYNAME_it); +} + +void +EDIPARTYNAME_free(EDIPARTYNAME *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &EDIPARTYNAME_it); +} + +static const ASN1_TEMPLATE GENERAL_NAME_ch_tt[] = { + { + .flags = ASN1_TFLG_IMPLICIT, + .tag = GEN_OTHERNAME, + .offset = offsetof(GENERAL_NAME, d.otherName), + .field_name = "d.otherName", + .item = &OTHERNAME_it, + }, + { + .flags = ASN1_TFLG_IMPLICIT, + .tag = GEN_EMAIL, + .offset = offsetof(GENERAL_NAME, d.rfc822Name), + .field_name = "d.rfc822Name", + .item = &ASN1_IA5STRING_it, + }, + { + .flags = ASN1_TFLG_IMPLICIT, + .tag = GEN_DNS, + .offset = offsetof(GENERAL_NAME, d.dNSName), + .field_name = "d.dNSName", + .item = &ASN1_IA5STRING_it, + }, /* Don't decode this */ - ASN1_IMP(GENERAL_NAME, d.x400Address, ASN1_SEQUENCE, GEN_X400), + { + .flags = ASN1_TFLG_IMPLICIT, + .tag = GEN_X400, + .offset = offsetof(GENERAL_NAME, d.x400Address), + .field_name = "d.x400Address", + .item = &ASN1_SEQUENCE_it, + }, /* X509_NAME is a CHOICE type so use EXPLICIT */ - ASN1_EXP(GENERAL_NAME, d.directoryName, X509_NAME, GEN_DIRNAME), - ASN1_IMP(GENERAL_NAME, d.ediPartyName, EDIPARTYNAME, GEN_EDIPARTY), - ASN1_IMP(GENERAL_NAME, d.uniformResourceIdentifier, ASN1_IA5STRING, GEN_URI), - ASN1_IMP(GENERAL_NAME, d.iPAddress, ASN1_OCTET_STRING, GEN_IPADD), - ASN1_IMP(GENERAL_NAME, d.registeredID, ASN1_OBJECT, GEN_RID) -} ASN1_CHOICE_END(GENERAL_NAME) + { + .flags = ASN1_TFLG_EXPLICIT, + .tag = GEN_DIRNAME, + .offset = offsetof(GENERAL_NAME, d.directoryName), + .field_name = "d.directoryName", + .item = &X509_NAME_it, + }, + { + .flags = ASN1_TFLG_IMPLICIT, + .tag = GEN_EDIPARTY, + .offset = offsetof(GENERAL_NAME, d.ediPartyName), + .field_name = "d.ediPartyName", + .item = &EDIPARTYNAME_it, + }, + { + .flags = ASN1_TFLG_IMPLICIT, + .tag = GEN_URI, + .offset = offsetof(GENERAL_NAME, d.uniformResourceIdentifier), + .field_name = "d.uniformResourceIdentifier", + .item = &ASN1_IA5STRING_it, + }, + { + .flags = ASN1_TFLG_IMPLICIT, + .tag = GEN_IPADD, + .offset = offsetof(GENERAL_NAME, d.iPAddress), + .field_name = "d.iPAddress", + .item = &ASN1_OCTET_STRING_it, + }, + { + .flags = ASN1_TFLG_IMPLICIT, + .tag = GEN_RID, + .offset = offsetof(GENERAL_NAME, d.registeredID), + .field_name = "d.registeredID", + .item = &ASN1_OBJECT_it, + }, +}; + +const ASN1_ITEM GENERAL_NAME_it = { + .itype = ASN1_ITYPE_CHOICE, + .utype = offsetof(GENERAL_NAME, type), + .templates = GENERAL_NAME_ch_tt, + .tcount = sizeof(GENERAL_NAME_ch_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(GENERAL_NAME), + .sname = "GENERAL_NAME", +}; + + +GENERAL_NAME * +d2i_GENERAL_NAME(GENERAL_NAME **a, const unsigned char **in, long len) +{ + return (GENERAL_NAME *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &GENERAL_NAME_it); +} + +int +i2d_GENERAL_NAME(GENERAL_NAME *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &GENERAL_NAME_it); +} + +GENERAL_NAME * +GENERAL_NAME_new(void) +{ + return (GENERAL_NAME *)ASN1_item_new(&GENERAL_NAME_it); +} + +void +GENERAL_NAME_free(GENERAL_NAME *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &GENERAL_NAME_it); +} + +static const ASN1_TEMPLATE GENERAL_NAMES_item_tt = { + .flags = ASN1_TFLG_SEQUENCE_OF, + .tag = 0, + .offset = 0, + .field_name = "GeneralNames", + .item = &GENERAL_NAME_it, +}; + +const ASN1_ITEM GENERAL_NAMES_it = { + .itype = ASN1_ITYPE_PRIMITIVE, + .utype = -1, + .templates = &GENERAL_NAMES_item_tt, + .tcount = 0, + .funcs = NULL, + .size = 0, + .sname = "GENERAL_NAMES", +}; + + +GENERAL_NAMES * +d2i_GENERAL_NAMES(GENERAL_NAMES **a, const unsigned char **in, long len) +{ + return (GENERAL_NAMES *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &GENERAL_NAMES_it); +} + +int +i2d_GENERAL_NAMES(GENERAL_NAMES *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &GENERAL_NAMES_it); +} + +GENERAL_NAMES * +GENERAL_NAMES_new(void) +{ + return (GENERAL_NAMES *)ASN1_item_new(&GENERAL_NAMES_it); +} + +void +GENERAL_NAMES_free(GENERAL_NAMES *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &GENERAL_NAMES_it); +} + +GENERAL_NAME * +GENERAL_NAME_dup(GENERAL_NAME *a) +{ + return ASN1_item_dup(&GENERAL_NAME_it, a); +} + +/* Returns 0 if they are equal, != 0 otherwise. */ +int +GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b) +{ + int result = -1; + + if (!a || !b || a->type != b->type) + return -1; + switch (a->type) { + case GEN_X400: + case GEN_EDIPARTY: + result = ASN1_TYPE_cmp(a->d.other, b->d.other); + break; + + case GEN_OTHERNAME: + result = OTHERNAME_cmp(a->d.otherName, b->d.otherName); + break; + + case GEN_EMAIL: + case GEN_DNS: + case GEN_URI: + result = ASN1_STRING_cmp(a->d.ia5, b->d.ia5); + break; + + case GEN_DIRNAME: + result = X509_NAME_cmp(a->d.dirn, b->d.dirn); + break; + + case GEN_IPADD: + result = ASN1_OCTET_STRING_cmp(a->d.ip, b->d.ip); + break; + + case GEN_RID: + result = OBJ_cmp(a->d.rid, b->d.rid); + break; + } + return result; +} + +/* Returns 0 if they are equal, != 0 otherwise. */ +int +OTHERNAME_cmp(OTHERNAME *a, OTHERNAME *b) +{ + int result = -1; + + if (!a || !b) + return -1; + /* Check their type first. */ + if ((result = OBJ_cmp(a->type_id, b->type_id)) != 0) + return result; + /* Check the value. */ + result = ASN1_TYPE_cmp(a->value, b->value); + return result; +} + +void +GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value) +{ + switch (type) { + case GEN_X400: + case GEN_EDIPARTY: + a->d.other = value; + break; + + case GEN_OTHERNAME: + a->d.otherName = value; + break; + + case GEN_EMAIL: + case GEN_DNS: + case GEN_URI: + a->d.ia5 = value; + break; + + case GEN_DIRNAME: + a->d.dirn = value; + break; + + case GEN_IPADD: + a->d.ip = value; + break; + + case GEN_RID: + a->d.rid = value; + break; + } + a->type = type; +} + +void * +GENERAL_NAME_get0_value(GENERAL_NAME *a, int *ptype) +{ + if (ptype) + *ptype = a->type; + switch (a->type) { + case GEN_X400: + case GEN_EDIPARTY: + return a->d.other; + + case GEN_OTHERNAME: + return a->d.otherName; + + case GEN_EMAIL: + case GEN_DNS: + case GEN_URI: + return a->d.ia5; + + case GEN_DIRNAME: + return a->d.dirn; + + case GEN_IPADD: + return a->d.ip; + + case GEN_RID: + return a->d.rid; + + default: + return NULL; + } +} -IMPLEMENT_ASN1_FUNCTIONS(GENERAL_NAME) +int +GENERAL_NAME_set0_othername(GENERAL_NAME *gen, ASN1_OBJECT *oid, + ASN1_TYPE *value) +{ + OTHERNAME *oth; -ASN1_ITEM_TEMPLATE(GENERAL_NAMES) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, GeneralNames, GENERAL_NAME) -ASN1_ITEM_TEMPLATE_END(GENERAL_NAMES) + oth = OTHERNAME_new(); + if (!oth) + return 0; + oth->type_id = oid; + oth->value = value; + GENERAL_NAME_set0_value(gen, GEN_OTHERNAME, oth); + return 1; +} -IMPLEMENT_ASN1_FUNCTIONS(GENERAL_NAMES) +int +GENERAL_NAME_get0_otherName(GENERAL_NAME *gen, ASN1_OBJECT **poid, + ASN1_TYPE **pvalue) +{ + if (gen->type != GEN_OTHERNAME) + return 0; + if (poid) + *poid = gen->d.otherName->type_id; + if (pvalue) + *pvalue = gen->d.otherName->value; + return 1; +} diff --git a/src/lib/libcrypto/x509v3/v3_ia5.c b/src/lib/libcrypto/x509v3/v3_ia5.c index f9414456de2..a92041e6914 100644 --- a/src/lib/libcrypto/x509v3/v3_ia5.c +++ b/src/lib/libcrypto/x509v3/v3_ia5.c @@ -1,5 +1,5 @@ -/* v3_ia5.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: v3_ia5.c,v 1.17 2017/01/29 17:49:23 beck Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -56,58 +56,183 @@ * */ - #include -#include "cryptlib.h" +#include + #include #include +#include #include static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5); -static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); -X509V3_EXT_METHOD v3_ns_ia5_list[] = { -EXT_IA5STRING(NID_netscape_base_url), -EXT_IA5STRING(NID_netscape_revocation_url), -EXT_IA5STRING(NID_netscape_ca_revocation_url), -EXT_IA5STRING(NID_netscape_renewal_url), -EXT_IA5STRING(NID_netscape_ca_policy_url), -EXT_IA5STRING(NID_netscape_ssl_server_name), -EXT_IA5STRING(NID_netscape_comment), -EXT_END -}; +static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, char *str); +const X509V3_EXT_METHOD v3_ns_ia5_list[] = { + { + .ext_nid = NID_netscape_base_url, + .ext_flags = 0, + .it = &ASN1_IA5STRING_it, + .ext_new = NULL, + .ext_free = NULL, + .d2i = NULL, + .i2d = NULL, + .i2s = (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, + .s2i = (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, + .i2v = NULL, + .v2i = NULL, + .i2r = NULL, + .r2i = NULL, + .usr_data = NULL, + }, + { + .ext_nid = NID_netscape_revocation_url, + .ext_flags = 0, + .it = &ASN1_IA5STRING_it, + .ext_new = NULL, + .ext_free = NULL, + .d2i = NULL, + .i2d = NULL, + .i2s = (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, + .s2i = (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, + .i2v = NULL, + .v2i = NULL, + .i2r = NULL, + .r2i = NULL, + .usr_data = NULL, + }, + { + .ext_nid = NID_netscape_ca_revocation_url, + .ext_flags = 0, + .it = &ASN1_IA5STRING_it, + .ext_new = NULL, + .ext_free = NULL, + .d2i = NULL, + .i2d = NULL, + .i2s = (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, + .s2i = (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, + .i2v = NULL, + .v2i = NULL, + .i2r = NULL, + .r2i = NULL, + .usr_data = NULL, + }, + { + .ext_nid = NID_netscape_renewal_url, + .ext_flags = 0, + .it = &ASN1_IA5STRING_it, + .ext_new = NULL, + .ext_free = NULL, + .d2i = NULL, + .i2d = NULL, + .i2s = (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, + .s2i = (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, + .i2v = NULL, + .v2i = NULL, + .i2r = NULL, + .r2i = NULL, + .usr_data = NULL, + }, + { + .ext_nid = NID_netscape_ca_policy_url, + .ext_flags = 0, + .it = &ASN1_IA5STRING_it, + .ext_new = NULL, + .ext_free = NULL, + .d2i = NULL, + .i2d = NULL, + .i2s = (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, + .s2i = (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, + .i2v = NULL, + .v2i = NULL, + .i2r = NULL, + .r2i = NULL, + .usr_data = NULL, + }, + { + .ext_nid = NID_netscape_ssl_server_name, + .ext_flags = 0, + .it = &ASN1_IA5STRING_it, + .ext_new = NULL, + .ext_free = NULL, + .d2i = NULL, + .i2d = NULL, + .i2s = (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, + .s2i = (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, + .i2v = NULL, + .v2i = NULL, + .i2r = NULL, + .r2i = NULL, + .usr_data = NULL, + }, + { + .ext_nid = NID_netscape_comment, + .ext_flags = 0, + .it = &ASN1_IA5STRING_it, + .ext_new = NULL, + .ext_free = NULL, + .d2i = NULL, + .i2d = NULL, + .i2s = (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, + .s2i = (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, + .i2v = NULL, + .v2i = NULL, + .i2r = NULL, + .r2i = NULL, + .usr_data = NULL, + }, + { + .ext_nid = -1, + .ext_flags = 0, + .it = NULL, + .ext_new = NULL, + .ext_free = NULL, + .d2i = NULL, + .i2d = NULL, + .i2s = NULL, + .s2i = NULL, + .i2v = NULL, + .v2i = NULL, + .i2r = NULL, + .r2i = NULL, + .usr_data = NULL, + }, +}; -static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, - ASN1_IA5STRING *ia5) +static char * +i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5) { char *tmp; - if(!ia5 || !ia5->length) return NULL; - if (!(tmp = OPENSSL_malloc(ia5->length + 1))) return NULL; + + if (!ia5 || !ia5->length) + return NULL; + if (!(tmp = malloc(ia5->length + 1))) { + X509V3error(ERR_R_MALLOC_FAILURE); + return NULL; + } memcpy(tmp, ia5->data, ia5->length); tmp[ia5->length] = 0; return tmp; } -static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, char *str) +static ASN1_IA5STRING * +s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str) { ASN1_IA5STRING *ia5; - if(!str) { - X509V3err(X509V3_F_S2I_ASN1_IA5STRING,X509V3_R_INVALID_NULL_ARGUMENT); + if (!str) { + X509V3error(X509V3_R_INVALID_NULL_ARGUMENT); return NULL; } - if(!(ia5 = M_ASN1_IA5STRING_new())) goto err; - if(!ASN1_STRING_set((ASN1_STRING *)ia5, (unsigned char*)str, - strlen(str))) { - M_ASN1_IA5STRING_free(ia5); + if (!(ia5 = ASN1_IA5STRING_new())) + goto err; + if (!ASN1_STRING_set((ASN1_STRING *)ia5, (unsigned char*)str, + strlen(str))) { + ASN1_IA5STRING_free(ia5); goto err; } -#ifdef CHARSET_EBCDIC - ebcdic2ascii(ia5->data, ia5->data, ia5->length); -#endif /*CHARSET_EBCDIC*/ return ia5; - err: - X509V3err(X509V3_F_S2I_ASN1_IA5STRING,ERR_R_MALLOC_FAILURE); + +err: + X509V3error(ERR_R_MALLOC_FAILURE); return NULL; } - diff --git a/src/lib/libcrypto/x509v3/v3_info.c b/src/lib/libcrypto/x509v3/v3_info.c index 7f17f3231d1..ebacbf5b0a6 100644 --- a/src/lib/libcrypto/x509v3/v3_info.c +++ b/src/lib/libcrypto/x509v3/v3_info.c @@ -1,5 +1,5 @@ -/* v3_info.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: v3_info.c,v 1.26 2018/05/19 10:37:02 tb Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,136 +57,244 @@ */ #include -#include "cryptlib.h" -#include +#include + #include #include +#include +#include #include -static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, - AUTHORITY_INFO_ACCESS *ainfo, - STACK_OF(CONF_VALUE) *ret); -static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); - -X509V3_EXT_METHOD v3_info = -{ NID_info_access, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS), -0,0,0,0, -0,0, -(X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS, -(X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS, -0,0, -NULL}; - -X509V3_EXT_METHOD v3_sinfo = -{ NID_sinfo_access, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS), -0,0,0,0, -0,0, -(X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS, -(X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS, -0,0, -NULL}; - -ASN1_SEQUENCE(ACCESS_DESCRIPTION) = { - ASN1_SIMPLE(ACCESS_DESCRIPTION, method, ASN1_OBJECT), - ASN1_SIMPLE(ACCESS_DESCRIPTION, location, GENERAL_NAME) -} ASN1_SEQUENCE_END(ACCESS_DESCRIPTION) - -IMPLEMENT_ASN1_FUNCTIONS(ACCESS_DESCRIPTION) - -ASN1_ITEM_TEMPLATE(AUTHORITY_INFO_ACCESS) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, GeneralNames, ACCESS_DESCRIPTION) -ASN1_ITEM_TEMPLATE_END(AUTHORITY_INFO_ACCESS) - -IMPLEMENT_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS) - -static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, - AUTHORITY_INFO_ACCESS *ainfo, - STACK_OF(CONF_VALUE) *ret) +static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS( + X509V3_EXT_METHOD *method, AUTHORITY_INFO_ACCESS *ainfo, + STACK_OF(CONF_VALUE) *ret); +static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS( + X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); + +const X509V3_EXT_METHOD v3_info = { + .ext_nid = NID_info_access, + .ext_flags = X509V3_EXT_MULTILINE, + .it = &AUTHORITY_INFO_ACCESS_it, + .ext_new = NULL, + .ext_free = NULL, + .d2i = NULL, + .i2d = NULL, + .i2s = NULL, + .s2i = NULL, + .i2v = (X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS, + .v2i = (X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS, + .i2r = NULL, + .r2i = NULL, + .usr_data = NULL, +}; + +const X509V3_EXT_METHOD v3_sinfo = { + .ext_nid = NID_sinfo_access, + .ext_flags = X509V3_EXT_MULTILINE, + .it = &AUTHORITY_INFO_ACCESS_it, + .ext_new = NULL, + .ext_free = NULL, + .d2i = NULL, + .i2d = NULL, + .i2s = NULL, + .s2i = NULL, + .i2v = (X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS, + .v2i = (X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS, + .i2r = NULL, + .r2i = NULL, + .usr_data = NULL, +}; + +static const ASN1_TEMPLATE ACCESS_DESCRIPTION_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(ACCESS_DESCRIPTION, method), + .field_name = "method", + .item = &ASN1_OBJECT_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(ACCESS_DESCRIPTION, location), + .field_name = "location", + .item = &GENERAL_NAME_it, + }, +}; + +const ASN1_ITEM ACCESS_DESCRIPTION_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = ACCESS_DESCRIPTION_seq_tt, + .tcount = sizeof(ACCESS_DESCRIPTION_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(ACCESS_DESCRIPTION), + .sname = "ACCESS_DESCRIPTION", +}; + + +ACCESS_DESCRIPTION * +d2i_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION **a, const unsigned char **in, long len) +{ + return (ACCESS_DESCRIPTION *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &ACCESS_DESCRIPTION_it); +} + +int +i2d_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &ACCESS_DESCRIPTION_it); +} + +ACCESS_DESCRIPTION * +ACCESS_DESCRIPTION_new(void) +{ + return (ACCESS_DESCRIPTION *)ASN1_item_new(&ACCESS_DESCRIPTION_it); +} + +void +ACCESS_DESCRIPTION_free(ACCESS_DESCRIPTION *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &ACCESS_DESCRIPTION_it); +} + +static const ASN1_TEMPLATE AUTHORITY_INFO_ACCESS_item_tt = { + .flags = ASN1_TFLG_SEQUENCE_OF, + .tag = 0, + .offset = 0, + .field_name = "GeneralNames", + .item = &ACCESS_DESCRIPTION_it, +}; + +const ASN1_ITEM AUTHORITY_INFO_ACCESS_it = { + .itype = ASN1_ITYPE_PRIMITIVE, + .utype = -1, + .templates = &AUTHORITY_INFO_ACCESS_item_tt, + .tcount = 0, + .funcs = NULL, + .size = 0, + .sname = "AUTHORITY_INFO_ACCESS", +}; + + +AUTHORITY_INFO_ACCESS * +d2i_AUTHORITY_INFO_ACCESS(AUTHORITY_INFO_ACCESS **a, const unsigned char **in, long len) +{ + return (AUTHORITY_INFO_ACCESS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &AUTHORITY_INFO_ACCESS_it); +} + +int +i2d_AUTHORITY_INFO_ACCESS(AUTHORITY_INFO_ACCESS *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &AUTHORITY_INFO_ACCESS_it); +} + +AUTHORITY_INFO_ACCESS * +AUTHORITY_INFO_ACCESS_new(void) +{ + return (AUTHORITY_INFO_ACCESS *)ASN1_item_new(&AUTHORITY_INFO_ACCESS_it); +} + +void +AUTHORITY_INFO_ACCESS_free(AUTHORITY_INFO_ACCESS *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &AUTHORITY_INFO_ACCESS_it); +} + +static STACK_OF(CONF_VALUE) * +i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, + AUTHORITY_INFO_ACCESS *ainfo, STACK_OF(CONF_VALUE) *ret) { ACCESS_DESCRIPTION *desc; - int i; + int i, nlen; char objtmp[80], *ntmp; CONF_VALUE *vtmp; - for(i = 0; i < sk_ACCESS_DESCRIPTION_num(ainfo); i++) { + + for (i = 0; i < sk_ACCESS_DESCRIPTION_num(ainfo); i++) { desc = sk_ACCESS_DESCRIPTION_value(ainfo, i); ret = i2v_GENERAL_NAME(method, desc->location, ret); - if(!ret) break; + if (!ret) + break; vtmp = sk_CONF_VALUE_value(ret, i); - i2t_ASN1_OBJECT(objtmp, 80, desc->method); - ntmp = OPENSSL_malloc(strlen(objtmp) + strlen(vtmp->name) + 5); - if(!ntmp) { - X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS, - ERR_R_MALLOC_FAILURE); + i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method); + nlen = strlen(objtmp) + strlen(vtmp->name) + 5; + ntmp = malloc(nlen); + if (!ntmp) { + X509V3error(ERR_R_MALLOC_FAILURE); return NULL; } - strcpy(ntmp, objtmp); - strcat(ntmp, " - "); - strcat(ntmp, vtmp->name); - OPENSSL_free(vtmp->name); + strlcpy(ntmp, objtmp, nlen); + strlcat(ntmp, " - ", nlen); + strlcat(ntmp, vtmp->name, nlen); + free(vtmp->name); vtmp->name = ntmp; - + } - if(!ret) return sk_CONF_VALUE_new_null(); + if (!ret) + return sk_CONF_VALUE_new_null(); return ret; } -static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) +static AUTHORITY_INFO_ACCESS * +v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *nval) { AUTHORITY_INFO_ACCESS *ainfo = NULL; CONF_VALUE *cnf, ctmp; ACCESS_DESCRIPTION *acc; int i, objlen; char *objtmp, *ptmp; - if(!(ainfo = sk_ACCESS_DESCRIPTION_new_null())) { - X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE); + + if (!(ainfo = sk_ACCESS_DESCRIPTION_new_null())) { + X509V3error(ERR_R_MALLOC_FAILURE); return NULL; } - for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { + for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { cnf = sk_CONF_VALUE_value(nval, i); - if(!(acc = ACCESS_DESCRIPTION_new()) - || !sk_ACCESS_DESCRIPTION_push(ainfo, acc)) { - X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE); + if ((acc = ACCESS_DESCRIPTION_new()) == NULL) { + X509V3error(ERR_R_MALLOC_FAILURE); + goto err; + } + if (sk_ACCESS_DESCRIPTION_push(ainfo, acc) == 0) { + ACCESS_DESCRIPTION_free(acc); + X509V3error(ERR_R_MALLOC_FAILURE); goto err; } ptmp = strchr(cnf->name, ';'); - if(!ptmp) { - X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,X509V3_R_INVALID_SYNTAX); + if (!ptmp) { + X509V3error(X509V3_R_INVALID_SYNTAX); goto err; } objlen = ptmp - cnf->name; ctmp.name = ptmp + 1; ctmp.value = cnf->value; - if(!(acc->location = v2i_GENERAL_NAME(method, ctx, &ctmp))) - goto err; - if(!(objtmp = OPENSSL_malloc(objlen + 1))) { - X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE); + if (!v2i_GENERAL_NAME_ex(acc->location, method, ctx, &ctmp, 0)) + goto err; + if (!(objtmp = malloc(objlen + 1))) { + X509V3error(ERR_R_MALLOC_FAILURE); goto err; } - strncpy(objtmp, cnf->name, objlen); - objtmp[objlen] = 0; + strlcpy(objtmp, cnf->name, objlen + 1); acc->method = OBJ_txt2obj(objtmp, 0); - if(!acc->method) { - X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,X509V3_R_BAD_OBJECT); - ERR_add_error_data(2, "value=", objtmp); - OPENSSL_free(objtmp); + if (!acc->method) { + X509V3error(X509V3_R_BAD_OBJECT); + ERR_asprintf_error_data("value=%s", objtmp); + free(objtmp); goto err; } - OPENSSL_free(objtmp); - + free(objtmp); } return ainfo; - err: + +err: sk_ACCESS_DESCRIPTION_pop_free(ainfo, ACCESS_DESCRIPTION_free); return NULL; } -int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a) - { +int +i2a_ACCESS_DESCRIPTION(BIO *bp, const ACCESS_DESCRIPTION* a) +{ i2a_ASN1_OBJECT(bp, a->method); -#ifdef UNDEF - i2a_GENERAL_NAME(bp, a->location); -#endif return 2; - } +} diff --git a/src/lib/libcrypto/x509v3/v3_int.c b/src/lib/libcrypto/x509v3/v3_int.c index f34cbfb7315..f8a5e7df92b 100644 --- a/src/lib/libcrypto/x509v3/v3_int.c +++ b/src/lib/libcrypto/x509v3/v3_int.c @@ -1,16 +1,16 @@ -/* v3_int.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: v3_int.c,v 1.11 2016/12/30 15:54:49 jsing Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,13 +57,54 @@ */ #include -#include "cryptlib.h" + #include -X509V3_EXT_METHOD v3_crl_num = { -NID_crl_number, 0, ASN1_ITEM_ref(ASN1_INTEGER), -0,0,0,0, -(X509V3_EXT_I2S)i2s_ASN1_INTEGER, -0, -0,0,0,0, NULL}; +const X509V3_EXT_METHOD v3_crl_num = { + .ext_nid = NID_crl_number, + .ext_flags = 0, + .it = &ASN1_INTEGER_it, + .ext_new = NULL, + .ext_free = NULL, + .d2i = NULL, + .i2d = NULL, + .i2s = (X509V3_EXT_I2S)i2s_ASN1_INTEGER, + .s2i = NULL, + .i2v = NULL, + .v2i = NULL, + .i2r = NULL, + .r2i = NULL, + .usr_data = NULL, +}; + +const X509V3_EXT_METHOD v3_delta_crl = { + .ext_nid = NID_delta_crl, + .ext_flags = 0, + .it = &ASN1_INTEGER_it, + .ext_new = NULL, + .ext_free = NULL, + .d2i = NULL, + .i2d = NULL, + .i2s = (X509V3_EXT_I2S)i2s_ASN1_INTEGER, + .s2i = NULL, + .i2v = NULL, + .v2i = NULL, + .i2r = NULL, + .r2i = NULL, + .usr_data = NULL, +}; + +static void * +s2i_asn1_int(X509V3_EXT_METHOD *meth, X509V3_CTX *ctx, char *value) +{ + return s2i_ASN1_INTEGER(meth, value); +} +const X509V3_EXT_METHOD v3_inhibit_anyp = { + NID_inhibit_any_policy, 0, &ASN1_INTEGER_it, + 0, 0, 0, 0, + (X509V3_EXT_I2S)i2s_ASN1_INTEGER, + (X509V3_EXT_S2I)s2i_asn1_int, + 0, 0, 0, 0, + NULL +}; diff --git a/src/lib/libcrypto/x509v3/v3_lib.c b/src/lib/libcrypto/x509v3/v3_lib.c index 482ca8ccf5d..94f3e4b753b 100644 --- a/src/lib/libcrypto/x509v3/v3_lib.c +++ b/src/lib/libcrypto/x509v3/v3_lib.c @@ -1,5 +1,5 @@ -/* v3_lib.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: v3_lib.c,v 1.18 2018/05/19 10:41:53 tb Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -58,8 +58,9 @@ /* X509 v3 extension utilities */ #include -#include "cryptlib.h" + #include +#include #include #include "ext_dat.h" @@ -67,68 +68,100 @@ static STACK_OF(X509V3_EXT_METHOD) *ext_list = NULL; static int ext_cmp(const X509V3_EXT_METHOD * const *a, - const X509V3_EXT_METHOD * const *b); + const X509V3_EXT_METHOD * const *b); static void ext_list_free(X509V3_EXT_METHOD *ext); -int X509V3_EXT_add(X509V3_EXT_METHOD *ext) +int +X509V3_EXT_add(X509V3_EXT_METHOD *ext) { - if(!ext_list && !(ext_list = sk_X509V3_EXT_METHOD_new(ext_cmp))) { - X509V3err(X509V3_F_X509V3_EXT_ADD,ERR_R_MALLOC_FAILURE); + if (!ext_list && !(ext_list = sk_X509V3_EXT_METHOD_new(ext_cmp))) { + X509V3error(ERR_R_MALLOC_FAILURE); return 0; } - if(!sk_X509V3_EXT_METHOD_push(ext_list, ext)) { - X509V3err(X509V3_F_X509V3_EXT_ADD,ERR_R_MALLOC_FAILURE); + if (!sk_X509V3_EXT_METHOD_push(ext_list, ext)) { + X509V3error(ERR_R_MALLOC_FAILURE); return 0; } return 1; } -static int ext_cmp(const X509V3_EXT_METHOD * const *a, - const X509V3_EXT_METHOD * const *b) +static int +ext_cmp(const X509V3_EXT_METHOD * const *a, const X509V3_EXT_METHOD * const *b) { return ((*a)->ext_nid - (*b)->ext_nid); } -X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid) +static int ext_cmp_BSEARCH_CMP_FN(const void *, const void *); +static int ext_cmp(const X509V3_EXT_METHOD * const *, const X509V3_EXT_METHOD * const *); +static const X509V3_EXT_METHOD * *OBJ_bsearch_ext(const X509V3_EXT_METHOD * *key, const X509V3_EXT_METHOD * const *base, int num); + +static int +ext_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) +{ + const X509V3_EXT_METHOD * const *a = a_; + const X509V3_EXT_METHOD * const *b = b_; + return ext_cmp(a, b); +} + +static const X509V3_EXT_METHOD * * +OBJ_bsearch_ext(const X509V3_EXT_METHOD * *key, const X509V3_EXT_METHOD * const *base, int num) { - X509V3_EXT_METHOD tmp, *t = &tmp, **ret; + return (const X509V3_EXT_METHOD * *)OBJ_bsearch_(key, base, num, sizeof(const X509V3_EXT_METHOD *), + ext_cmp_BSEARCH_CMP_FN); +} + +const X509V3_EXT_METHOD * +X509V3_EXT_get_nid(int nid) +{ + X509V3_EXT_METHOD tmp; + const X509V3_EXT_METHOD *t = &tmp, * const *ret; int idx; - if(nid < 0) return NULL; + + if (nid < 0) + return NULL; tmp.ext_nid = nid; - ret = (X509V3_EXT_METHOD **) OBJ_bsearch((char *)&t, - (char *)standard_exts, STANDARD_EXTENSION_COUNT, - sizeof(X509V3_EXT_METHOD *), (int (*)(const void *, const void *))ext_cmp); - if(ret) return *ret; - if(!ext_list) return NULL; + ret = OBJ_bsearch_ext(&t, standard_exts, STANDARD_EXTENSION_COUNT); + if (ret) + return *ret; + if (!ext_list) + return NULL; idx = sk_X509V3_EXT_METHOD_find(ext_list, &tmp); - if(idx == -1) return NULL; + if (idx == -1) + return NULL; return sk_X509V3_EXT_METHOD_value(ext_list, idx); } -X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext) +const X509V3_EXT_METHOD * +X509V3_EXT_get(X509_EXTENSION *ext) { int nid; - if((nid = OBJ_obj2nid(ext->object)) == NID_undef) return NULL; + + if ((nid = OBJ_obj2nid(ext->object)) == NID_undef) + return NULL; return X509V3_EXT_get_nid(nid); } - -int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist) +int +X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist) { - for(;extlist->ext_nid!=-1;extlist++) - if(!X509V3_EXT_add(extlist)) return 0; + for (; extlist->ext_nid!=-1; extlist++) + if (!X509V3_EXT_add(extlist)) + return 0; return 1; } -int X509V3_EXT_add_alias(int nid_to, int nid_from) +int +X509V3_EXT_add_alias(int nid_to, int nid_from) { - X509V3_EXT_METHOD *ext, *tmpext; - if(!(ext = X509V3_EXT_get_nid(nid_from))) { - X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,X509V3_R_EXTENSION_NOT_FOUND); + const X509V3_EXT_METHOD *ext; + X509V3_EXT_METHOD *tmpext; + + if (!(ext = X509V3_EXT_get_nid(nid_from))) { + X509V3error(X509V3_R_EXTENSION_NOT_FOUND); return 0; } - if(!(tmpext = (X509V3_EXT_METHOD *)OPENSSL_malloc(sizeof(X509V3_EXT_METHOD)))) { - X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,ERR_R_MALLOC_FAILURE); + if (!(tmpext = malloc(sizeof(X509V3_EXT_METHOD)))) { + X509V3error(ERR_R_MALLOC_FAILURE); return 0; } *tmpext = *ext; @@ -137,35 +170,44 @@ int X509V3_EXT_add_alias(int nid_to, int nid_from) return X509V3_EXT_add(tmpext); } -void X509V3_EXT_cleanup(void) +void +X509V3_EXT_cleanup(void) { sk_X509V3_EXT_METHOD_pop_free(ext_list, ext_list_free); ext_list = NULL; } -static void ext_list_free(X509V3_EXT_METHOD *ext) +static void +ext_list_free(X509V3_EXT_METHOD *ext) { - if(ext->ext_flags & X509V3_EXT_DYNAMIC) OPENSSL_free(ext); + if (ext->ext_flags & X509V3_EXT_DYNAMIC) + free(ext); } /* Legacy function: we don't need to add standard extensions * any more because they are now kept in ext_dat.h. */ -int X509V3_add_standard_extensions(void) +int +X509V3_add_standard_extensions(void) { return 1; } /* Return an extension internal structure */ -void *X509V3_EXT_d2i(X509_EXTENSION *ext) +void * +X509V3_EXT_d2i(X509_EXTENSION *ext) { - X509V3_EXT_METHOD *method; - unsigned char *p; - if(!(method = X509V3_EXT_get(ext))) return NULL; + const X509V3_EXT_METHOD *method; + const unsigned char *p; + + if (!(method = X509V3_EXT_get(ext))) + return NULL; p = ext->value->data; - if(method->it) return ASN1_item_d2i(NULL, &p, ext->value->length, ASN1_ITEM_ptr(method->it)); + if (method->it) + return ASN1_item_d2i(NULL, &p, ext->value->length, + method->it); return method->d2i(NULL, &p, ext->value->length); } @@ -184,42 +226,53 @@ void *X509V3_EXT_d2i(X509_EXTENSION *ext) * -2 extension occurs more than once. */ -void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx) +void * +X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx) { int lastpos, i; X509_EXTENSION *ex, *found_ex = NULL; - if(!x) { - if(idx) *idx = -1; - if(crit) *crit = -1; + + if (!x) { + if (idx) + *idx = -1; + if (crit) + *crit = -1; return NULL; } - if(idx) lastpos = *idx + 1; - else lastpos = 0; - if(lastpos < 0) lastpos = 0; - for(i = lastpos; i < sk_X509_EXTENSION_num(x); i++) - { + if (idx) + lastpos = *idx + 1; + else + lastpos = 0; + if (lastpos < 0) + lastpos = 0; + for (i = lastpos; i < sk_X509_EXTENSION_num(x); i++) { ex = sk_X509_EXTENSION_value(x, i); - if(OBJ_obj2nid(ex->object) == nid) { - if(idx) { + if (OBJ_obj2nid(ex->object) == nid) { + if (idx) { *idx = i; + found_ex = ex; break; - } else if(found_ex) { + } else if (found_ex) { /* Found more than one */ - if(crit) *crit = -2; + if (crit) + *crit = -2; return NULL; } found_ex = ex; } } - if(found_ex) { + if (found_ex) { /* Found it */ - if(crit) *crit = X509_EXTENSION_get_critical(found_ex); + if (crit) + *crit = X509_EXTENSION_get_critical(found_ex); return X509V3_EXT_d2i(found_ex); } /* Extension not found */ - if(idx) *idx = -1; - if(crit) *crit = -1; + if (idx) + *idx = -1; + if (crit) + *crit = -1; return NULL; } @@ -228,8 +281,9 @@ void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx) * 'value' arguments (if relevant) are the extensions internal structure. */ -int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, - int crit, unsigned long flags) +int +X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, + int crit, unsigned long flags) { int extidx = -1; int errcode; @@ -239,30 +293,31 @@ int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, /* If appending we don't care if it exists, otherwise * look for existing extension. */ - if(ext_op != X509V3_ADD_APPEND) + if (ext_op != X509V3_ADD_APPEND) extidx = X509v3_get_ext_by_NID(*x, nid, -1); /* See if extension exists */ - if(extidx >= 0) { + if (extidx >= 0) { /* If keep existing, nothing to do */ - if(ext_op == X509V3_ADD_KEEP_EXISTING) + if (ext_op == X509V3_ADD_KEEP_EXISTING) return 1; /* If default then its an error */ - if(ext_op == X509V3_ADD_DEFAULT) { + if (ext_op == X509V3_ADD_DEFAULT) { errcode = X509V3_R_EXTENSION_EXISTS; goto err; } /* If delete, just delete it */ - if(ext_op == X509V3_ADD_DELETE) { - if(!sk_X509_EXTENSION_delete(*x, extidx)) return -1; + if (ext_op == X509V3_ADD_DELETE) { + if (!sk_X509_EXTENSION_delete(*x, extidx)) + return -1; return 1; } } else { - /* If replace existing or delete, error since + /* If replace existing or delete, error since * extension must exist */ - if((ext_op == X509V3_ADD_REPLACE_EXISTING) || - (ext_op == X509V3_ADD_DELETE)) { + if ((ext_op == X509V3_ADD_REPLACE_EXISTING) || + (ext_op == X509V3_ADD_DELETE)) { errcode = X509V3_R_EXTENSION_NOT_FOUND; goto err; } @@ -274,28 +329,29 @@ int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, ext = X509V3_EXT_i2d(nid, crit, value); - if(!ext) { - X509V3err(X509V3_F_X509V3_ADD_I2D, X509V3_R_ERROR_CREATING_EXTENSION); + if (!ext) { + X509V3error(X509V3_R_ERROR_CREATING_EXTENSION); return 0; } /* If extension exists replace it.. */ - if(extidx >= 0) { + if (extidx >= 0) { extmp = sk_X509_EXTENSION_value(*x, extidx); X509_EXTENSION_free(extmp); - if(!sk_X509_EXTENSION_set(*x, extidx, ext)) return -1; + if (!sk_X509_EXTENSION_set(*x, extidx, ext)) + return -1; return 1; } - if(!*x && !(*x = sk_X509_EXTENSION_new_null())) return -1; - if(!sk_X509_EXTENSION_push(*x, ext)) return -1; + if (!*x && !(*x = sk_X509_EXTENSION_new_null())) + return -1; + if (!sk_X509_EXTENSION_push(*x, ext)) + return -1; return 1; - err: - if(!(flags & X509V3_ADD_SILENT)) - X509V3err(X509V3_F_X509V3_ADD_I2D, errcode); +err: + if (!(flags & X509V3_ADD_SILENT)) + X509V3error(errcode); return 0; } - -IMPLEMENT_STACK_OF(X509V3_EXT_METHOD) diff --git a/src/lib/libcrypto/x509v3/v3_ncons.c b/src/lib/libcrypto/x509v3/v3_ncons.c new file mode 100644 index 00000000000..4913135cf9b --- /dev/null +++ b/src/lib/libcrypto/x509v3/v3_ncons.c @@ -0,0 +1,556 @@ +/* $OpenBSD: v3_ncons.c,v 1.13 2017/07/20 19:45:08 tedu Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include + +#include +#include +#include +#include + +static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); +static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, + void *a, BIO *bp, int ind); +static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method, + STACK_OF(GENERAL_SUBTREE) *trees, BIO *bp, int ind, char *name); +static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip); + +static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc); +static int nc_match_single(GENERAL_NAME *sub, GENERAL_NAME *gen); +static int nc_dn(X509_NAME *sub, X509_NAME *nm); +static int nc_dns(ASN1_IA5STRING *sub, ASN1_IA5STRING *dns); +static int nc_email(ASN1_IA5STRING *sub, ASN1_IA5STRING *eml); +static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base); + +const X509V3_EXT_METHOD v3_name_constraints = { + .ext_nid = NID_name_constraints, + .ext_flags = 0, + .it = &NAME_CONSTRAINTS_it, + .ext_new = NULL, + .ext_free = NULL, + .d2i = NULL, + .i2d = NULL, + .i2s = NULL, + .s2i = NULL, + .i2v = NULL, + .v2i = v2i_NAME_CONSTRAINTS, + .i2r = i2r_NAME_CONSTRAINTS, + .r2i = NULL, + .usr_data = NULL, +}; + +static const ASN1_TEMPLATE GENERAL_SUBTREE_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(GENERAL_SUBTREE, base), + .field_name = "base", + .item = &GENERAL_NAME_it, + }, + { + .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(GENERAL_SUBTREE, minimum), + .field_name = "minimum", + .item = &ASN1_INTEGER_it, + }, + { + .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL, + .tag = 1, + .offset = offsetof(GENERAL_SUBTREE, maximum), + .field_name = "maximum", + .item = &ASN1_INTEGER_it, + }, +}; + +const ASN1_ITEM GENERAL_SUBTREE_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = GENERAL_SUBTREE_seq_tt, + .tcount = sizeof(GENERAL_SUBTREE_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(GENERAL_SUBTREE), + .sname = "GENERAL_SUBTREE", +}; + +static const ASN1_TEMPLATE NAME_CONSTRAINTS_seq_tt[] = { + { + .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(NAME_CONSTRAINTS, permittedSubtrees), + .field_name = "permittedSubtrees", + .item = &GENERAL_SUBTREE_it, + }, + { + .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL, + .tag = 1, + .offset = offsetof(NAME_CONSTRAINTS, excludedSubtrees), + .field_name = "excludedSubtrees", + .item = &GENERAL_SUBTREE_it, + }, +}; + +const ASN1_ITEM NAME_CONSTRAINTS_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = NAME_CONSTRAINTS_seq_tt, + .tcount = sizeof(NAME_CONSTRAINTS_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(NAME_CONSTRAINTS), + .sname = "NAME_CONSTRAINTS", +}; + + +GENERAL_SUBTREE * +GENERAL_SUBTREE_new(void) +{ + return (GENERAL_SUBTREE*)ASN1_item_new(&GENERAL_SUBTREE_it); +} + +void +GENERAL_SUBTREE_free(GENERAL_SUBTREE *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &GENERAL_SUBTREE_it); +} + +NAME_CONSTRAINTS * +NAME_CONSTRAINTS_new(void) +{ + return (NAME_CONSTRAINTS*)ASN1_item_new(&NAME_CONSTRAINTS_it); +} + +void +NAME_CONSTRAINTS_free(NAME_CONSTRAINTS *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &NAME_CONSTRAINTS_it); +} + +static void * +v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *nval) +{ + int i; + CONF_VALUE tval, *val; + STACK_OF(GENERAL_SUBTREE) **ptree = NULL; + NAME_CONSTRAINTS *ncons = NULL; + GENERAL_SUBTREE *sub = NULL; + + ncons = NAME_CONSTRAINTS_new(); + if (!ncons) + goto memerr; + for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { + val = sk_CONF_VALUE_value(nval, i); + if (!strncmp(val->name, "permitted", 9) && val->name[9]) { + ptree = &ncons->permittedSubtrees; + tval.name = val->name + 10; + } else if (!strncmp(val->name, "excluded", 8) && val->name[8]) { + ptree = &ncons->excludedSubtrees; + tval.name = val->name + 9; + } else { + X509V3error(X509V3_R_INVALID_SYNTAX); + goto err; + } + tval.value = val->value; + sub = GENERAL_SUBTREE_new(); + if (!v2i_GENERAL_NAME_ex(sub->base, method, ctx, &tval, 1)) + goto err; + if (!*ptree) + *ptree = sk_GENERAL_SUBTREE_new_null(); + if (!*ptree || !sk_GENERAL_SUBTREE_push(*ptree, sub)) + goto memerr; + sub = NULL; + } + + return ncons; + +memerr: + X509V3error(ERR_R_MALLOC_FAILURE); +err: + NAME_CONSTRAINTS_free(ncons); + GENERAL_SUBTREE_free(sub); + return NULL; +} + +static int +i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a, BIO *bp, int ind) +{ + NAME_CONSTRAINTS *ncons = a; + + do_i2r_name_constraints(method, ncons->permittedSubtrees, + bp, ind, "Permitted"); + do_i2r_name_constraints(method, ncons->excludedSubtrees, + bp, ind, "Excluded"); + return 1; +} + +static int +do_i2r_name_constraints(const X509V3_EXT_METHOD *method, + STACK_OF(GENERAL_SUBTREE) *trees, BIO *bp, int ind, char *name) +{ + GENERAL_SUBTREE *tree; + int i; + + if (sk_GENERAL_SUBTREE_num(trees) > 0) + BIO_printf(bp, "%*s%s:\n", ind, "", name); + for (i = 0; i < sk_GENERAL_SUBTREE_num(trees); i++) { + tree = sk_GENERAL_SUBTREE_value(trees, i); + BIO_printf(bp, "%*s", ind + 2, ""); + if (tree->base->type == GEN_IPADD) + print_nc_ipadd(bp, tree->base->d.ip); + else + GENERAL_NAME_print(bp, tree->base); + BIO_puts(bp, "\n"); + } + return 1; +} + +static int +print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip) +{ + int i, len; + unsigned char *p; + + p = ip->data; + len = ip->length; + BIO_puts(bp, "IP:"); + if (len == 8) { + BIO_printf(bp, "%d.%d.%d.%d/%d.%d.%d.%d", + p[0], p[1], p[2], p[3], p[4], p[5], p[6], p[7]); + } else if (len == 32) { + for (i = 0; i < 16; i++) { + BIO_printf(bp, "%X", p[0] << 8 | p[1]); + p += 2; + if (i == 7) + BIO_puts(bp, "/"); + else if (i != 15) + BIO_puts(bp, ":"); + } + } else + BIO_printf(bp, "IP Address:"); + return 1; +} + +/* Check a certificate conforms to a specified set of constraints. + * Return values: + * X509_V_OK: All constraints obeyed. + * X509_V_ERR_PERMITTED_VIOLATION: Permitted subtree violation. + * X509_V_ERR_EXCLUDED_VIOLATION: Excluded subtree violation. + * X509_V_ERR_SUBTREE_MINMAX: Min or max values present and matching type. + * X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE: Unsupported constraint type. + * X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: bad unsupported constraint syntax. + * X509_V_ERR_UNSUPPORTED_NAME_SYNTAX: bad or unsupported syntax of name + */ + +int +NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc) +{ + int r, i; + X509_NAME *nm; + + nm = X509_get_subject_name(x); + + if (X509_NAME_entry_count(nm) > 0) { + GENERAL_NAME gntmp; + gntmp.type = GEN_DIRNAME; + gntmp.d.directoryName = nm; + + r = nc_match(&gntmp, nc); + + if (r != X509_V_OK) + return r; + + gntmp.type = GEN_EMAIL; + + /* Process any email address attributes in subject name */ + + for (i = -1;;) { + X509_NAME_ENTRY *ne; + i = X509_NAME_get_index_by_NID(nm, + NID_pkcs9_emailAddress, i); + if (i == -1) + break; + ne = X509_NAME_get_entry(nm, i); + gntmp.d.rfc822Name = X509_NAME_ENTRY_get_data(ne); + if (gntmp.d.rfc822Name->type != V_ASN1_IA5STRING) + return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; + + r = nc_match(&gntmp, nc); + + if (r != X509_V_OK) + return r; + } + + } + + for (i = 0; i < sk_GENERAL_NAME_num(x->altname); i++) { + GENERAL_NAME *gen = sk_GENERAL_NAME_value(x->altname, i); + r = nc_match(gen, nc); + if (r != X509_V_OK) + return r; + } + + return X509_V_OK; +} + +static int +nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc) +{ + GENERAL_SUBTREE *sub; + int i, r, match = 0; + + /* Permitted subtrees: if any subtrees exist of matching the type + * at least one subtree must match. + */ + + for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->permittedSubtrees); i++) { + sub = sk_GENERAL_SUBTREE_value(nc->permittedSubtrees, i); + if (gen->type != sub->base->type) + continue; + if (sub->minimum || sub->maximum) + return X509_V_ERR_SUBTREE_MINMAX; + /* If we already have a match don't bother trying any more */ + if (match == 2) + continue; + if (match == 0) + match = 1; + r = nc_match_single(gen, sub->base); + if (r == X509_V_OK) + match = 2; + else if (r != X509_V_ERR_PERMITTED_VIOLATION) + return r; + } + + if (match == 1) + return X509_V_ERR_PERMITTED_VIOLATION; + + /* Excluded subtrees: must not match any of these */ + + for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->excludedSubtrees); i++) { + sub = sk_GENERAL_SUBTREE_value(nc->excludedSubtrees, i); + if (gen->type != sub->base->type) + continue; + if (sub->minimum || sub->maximum) + return X509_V_ERR_SUBTREE_MINMAX; + + r = nc_match_single(gen, sub->base); + if (r == X509_V_OK) + return X509_V_ERR_EXCLUDED_VIOLATION; + else if (r != X509_V_ERR_PERMITTED_VIOLATION) + return r; + + } + + return X509_V_OK; +} + +static int +nc_match_single(GENERAL_NAME *gen, GENERAL_NAME *base) +{ + switch (base->type) { + case GEN_DIRNAME: + return nc_dn(gen->d.directoryName, base->d.directoryName); + + case GEN_DNS: + return nc_dns(gen->d.dNSName, base->d.dNSName); + + case GEN_EMAIL: + return nc_email(gen->d.rfc822Name, base->d.rfc822Name); + + case GEN_URI: + return nc_uri(gen->d.uniformResourceIdentifier, + base->d.uniformResourceIdentifier); + + default: + return X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE; + } +} + +/* directoryName name constraint matching. + * The canonical encoding of X509_NAME makes this comparison easy. It is + * matched if the subtree is a subset of the name. + */ + +static int +nc_dn(X509_NAME *nm, X509_NAME *base) +{ + /* Ensure canonical encodings are up to date. */ + if (nm->modified && i2d_X509_NAME(nm, NULL) < 0) + return X509_V_ERR_OUT_OF_MEM; + if (base->modified && i2d_X509_NAME(base, NULL) < 0) + return X509_V_ERR_OUT_OF_MEM; + if (base->canon_enclen > nm->canon_enclen) + return X509_V_ERR_PERMITTED_VIOLATION; + if (memcmp(base->canon_enc, nm->canon_enc, base->canon_enclen)) + return X509_V_ERR_PERMITTED_VIOLATION; + return X509_V_OK; +} + +static int +nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base) +{ + char *baseptr = (char *)base->data; + char *dnsptr = (char *)dns->data; + + /* Empty matches everything */ + if (!*baseptr) + return X509_V_OK; + /* Otherwise can add zero or more components on the left so + * compare RHS and if dns is longer and expect '.' as preceding + * character. + */ + if (dns->length > base->length) { + dnsptr += dns->length - base->length; + if (baseptr[0] != '.' && dnsptr[-1] != '.') + return X509_V_ERR_PERMITTED_VIOLATION; + } + + if (strcasecmp(baseptr, dnsptr)) + return X509_V_ERR_PERMITTED_VIOLATION; + + return X509_V_OK; +} + +static int +nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base) +{ + const char *baseptr = (char *)base->data; + const char *emlptr = (char *)eml->data; + const char *baseat = strchr(baseptr, '@'); + const char *emlat = strchr(emlptr, '@'); + + if (!emlat) + return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; + /* Special case: inital '.' is RHS match */ + if (!baseat && (*baseptr == '.')) { + if (eml->length > base->length) { + emlptr += eml->length - base->length; + if (!strcasecmp(baseptr, emlptr)) + return X509_V_OK; + } + return X509_V_ERR_PERMITTED_VIOLATION; + } + + /* If we have anything before '@' match local part */ + + if (baseat) { + if (baseat != baseptr) { + if ((baseat - baseptr) != (emlat - emlptr)) + return X509_V_ERR_PERMITTED_VIOLATION; + /* Case sensitive match of local part */ + if (strncmp(baseptr, emlptr, emlat - emlptr)) + return X509_V_ERR_PERMITTED_VIOLATION; + } + /* Position base after '@' */ + baseptr = baseat + 1; + } + emlptr = emlat + 1; + /* Just have hostname left to match: case insensitive */ + if (strcasecmp(baseptr, emlptr)) + return X509_V_ERR_PERMITTED_VIOLATION; + + return X509_V_OK; +} + +static int +nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base) +{ + const char *baseptr = (char *)base->data; + const char *hostptr = (char *)uri->data; + const char *p = strchr(hostptr, ':'); + int hostlen; + + /* Check for foo:// and skip past it */ + if (!p || (p[1] != '/') || (p[2] != '/')) + return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; + hostptr = p + 3; + + /* Determine length of hostname part of URI */ + + /* Look for a port indicator as end of hostname first */ + + p = strchr(hostptr, ':'); + /* Otherwise look for trailing slash */ + if (!p) + p = strchr(hostptr, '/'); + + if (!p) + hostlen = strlen(hostptr); + else + hostlen = p - hostptr; + + if (hostlen == 0) + return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; + + /* Special case: inital '.' is RHS match */ + if (*baseptr == '.') { + if (hostlen > base->length) { + p = hostptr + hostlen - base->length; + if (!strncasecmp(p, baseptr, base->length)) + return X509_V_OK; + } + return X509_V_ERR_PERMITTED_VIOLATION; + } + + if ((base->length != (int)hostlen) || + strncasecmp(hostptr, baseptr, hostlen)) + return X509_V_ERR_PERMITTED_VIOLATION; + + return X509_V_OK; +} diff --git a/src/lib/libcrypto/x509v3/v3_ocsp.c b/src/lib/libcrypto/x509v3/v3_ocsp.c index 083112314e6..8ebda2e770e 100644 --- a/src/lib/libcrypto/x509v3/v3_ocsp.c +++ b/src/lib/libcrypto/x509v3/v3_ocsp.c @@ -1,5 +1,5 @@ -/* v3_ocsp.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: v3_ocsp.c,v 1.15 2017/01/29 17:49:23 beck Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,133 +57,213 @@ */ #include -#include "cryptlib.h" -#include +#include + +#include + +#ifndef OPENSSL_NO_OCSP + #include +#include +#include #include #include /* OCSP extensions and a couple of CRL entry extensions */ -static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent); -static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent); -static int i2r_object(X509V3_EXT_METHOD *method, void *obj, BIO *out, int indent); +static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *nonce, + BIO *out, int indent); +static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *nonce, + BIO *out, int indent); +static int i2r_object(const X509V3_EXT_METHOD *method, void *obj, BIO *out, + int indent); static void *ocsp_nonce_new(void); static int i2d_ocsp_nonce(void *a, unsigned char **pp); -static void *d2i_ocsp_nonce(void *a, unsigned char **pp, long length); +static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length); static void ocsp_nonce_free(void *a); -static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent); - -static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent); -static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); -static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind); - -X509V3_EXT_METHOD v3_ocsp_crlid = { - NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID), - 0,0,0,0, - 0,0, - 0,0, - i2r_ocsp_crlid,0, - NULL +static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce, + BIO *out, int indent); + +static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, + void *nocheck, BIO *out, int indent); +static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + const char *str); +static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in, + BIO *bp, int ind); + +const X509V3_EXT_METHOD v3_ocsp_crlid = { + .ext_nid = NID_id_pkix_OCSP_CrlID, + .ext_flags = 0, + .it = &OCSP_CRLID_it, + .ext_new = NULL, + .ext_free = NULL, + .d2i = NULL, + .i2d = NULL, + .i2s = NULL, + .s2i = NULL, + .i2v = NULL, + .v2i = NULL, + .i2r = i2r_ocsp_crlid, + .r2i = NULL, + .usr_data = NULL, }; -X509V3_EXT_METHOD v3_ocsp_acutoff = { - NID_id_pkix_OCSP_archiveCutoff, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME), - 0,0,0,0, - 0,0, - 0,0, - i2r_ocsp_acutoff,0, - NULL +const X509V3_EXT_METHOD v3_ocsp_acutoff = { + .ext_nid = NID_id_pkix_OCSP_archiveCutoff, + .ext_flags = 0, + .it = &ASN1_GENERALIZEDTIME_it, + .ext_new = NULL, + .ext_free = NULL, + .d2i = NULL, + .i2d = NULL, + .i2s = NULL, + .s2i = NULL, + .i2v = NULL, + .v2i = NULL, + .i2r = i2r_ocsp_acutoff, + .r2i = NULL, + .usr_data = NULL, }; -X509V3_EXT_METHOD v3_crl_invdate = { - NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME), - 0,0,0,0, - 0,0, - 0,0, - i2r_ocsp_acutoff,0, - NULL +const X509V3_EXT_METHOD v3_crl_invdate = { + .ext_nid = NID_invalidity_date, + .ext_flags = 0, + .it = &ASN1_GENERALIZEDTIME_it, + .ext_new = NULL, + .ext_free = NULL, + .d2i = NULL, + .i2d = NULL, + .i2s = NULL, + .s2i = NULL, + .i2v = NULL, + .v2i = NULL, + .i2r = i2r_ocsp_acutoff, + .r2i = NULL, + .usr_data = NULL, }; -X509V3_EXT_METHOD v3_crl_hold = { - NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT), - 0,0,0,0, - 0,0, - 0,0, - i2r_object,0, - NULL +const X509V3_EXT_METHOD v3_crl_hold = { + .ext_nid = NID_hold_instruction_code, + .ext_flags = 0, + .it = &ASN1_OBJECT_it, + .ext_new = NULL, + .ext_free = NULL, + .d2i = NULL, + .i2d = NULL, + .i2s = NULL, + .s2i = NULL, + .i2v = NULL, + .v2i = NULL, + .i2r = i2r_object, + .r2i = NULL, + .usr_data = NULL, }; -X509V3_EXT_METHOD v3_ocsp_nonce = { - NID_id_pkix_OCSP_Nonce, 0, NULL, - ocsp_nonce_new, - ocsp_nonce_free, - d2i_ocsp_nonce, - i2d_ocsp_nonce, - 0,0, - 0,0, - i2r_ocsp_nonce,0, - NULL +const X509V3_EXT_METHOD v3_ocsp_nonce = { + .ext_nid = NID_id_pkix_OCSP_Nonce, + .ext_flags = 0, + .it = NULL, + .ext_new = ocsp_nonce_new, + .ext_free = ocsp_nonce_free, + .d2i = d2i_ocsp_nonce, + .i2d = i2d_ocsp_nonce, + .i2s = NULL, + .s2i = NULL, + .i2v = NULL, + .v2i = NULL, + .i2r = i2r_ocsp_nonce, + .r2i = NULL, + .usr_data = NULL, }; -X509V3_EXT_METHOD v3_ocsp_nocheck = { - NID_id_pkix_OCSP_noCheck, 0, ASN1_ITEM_ref(ASN1_NULL), - 0,0,0,0, - 0,s2i_ocsp_nocheck, - 0,0, - i2r_ocsp_nocheck,0, - NULL +const X509V3_EXT_METHOD v3_ocsp_nocheck = { + .ext_nid = NID_id_pkix_OCSP_noCheck, + .ext_flags = 0, + .it = &ASN1_NULL_it, + .ext_new = NULL, + .ext_free = NULL, + .d2i = NULL, + .i2d = NULL, + .i2s = NULL, + .s2i = s2i_ocsp_nocheck, + .i2v = NULL, + .v2i = NULL, + .i2r = i2r_ocsp_nocheck, + .r2i = NULL, + .usr_data = NULL, }; -X509V3_EXT_METHOD v3_ocsp_serviceloc = { - NID_id_pkix_OCSP_serviceLocator, 0, ASN1_ITEM_ref(OCSP_SERVICELOC), - 0,0,0,0, - 0,0, - 0,0, - i2r_ocsp_serviceloc,0, - NULL +const X509V3_EXT_METHOD v3_ocsp_serviceloc = { + .ext_nid = NID_id_pkix_OCSP_serviceLocator, + .ext_flags = 0, + .it = &OCSP_SERVICELOC_it, + .ext_new = NULL, + .ext_free = NULL, + .d2i = NULL, + .i2d = NULL, + .i2s = NULL, + .s2i = NULL, + .i2v = NULL, + .v2i = NULL, + .i2r = i2r_ocsp_serviceloc, + .r2i = NULL, + .usr_data = NULL, }; -static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind) +static int +i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind) { OCSP_CRLID *a = in; - if (a->crlUrl) - { - if (!BIO_printf(bp, "%*scrlUrl: ", ind, "")) goto err; - if (!ASN1_STRING_print(bp, (ASN1_STRING*)a->crlUrl)) goto err; - if (!BIO_write(bp, "\n", 1)) goto err; - } - if (a->crlNum) - { - if (!BIO_printf(bp, "%*scrlNum: ", ind, "")) goto err; - if (!i2a_ASN1_INTEGER(bp, a->crlNum)) goto err; - if (!BIO_write(bp, "\n", 1)) goto err; - } - if (a->crlTime) - { - if (!BIO_printf(bp, "%*scrlTime: ", ind, "")) goto err; - if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime)) goto err; - if (!BIO_write(bp, "\n", 1)) goto err; - } + if (a->crlUrl) { + if (BIO_printf(bp, "%*scrlUrl: ", ind, "") <= 0) + goto err; + if (!ASN1_STRING_print(bp, (ASN1_STRING*)a->crlUrl)) + goto err; + if (BIO_write(bp, "\n", 1) <= 0) + goto err; + } + if (a->crlNum) { + if (BIO_printf(bp, "%*scrlNum: ", ind, "") <= 0) + goto err; + if (i2a_ASN1_INTEGER(bp, a->crlNum) <= 0) + goto err; + if (BIO_write(bp, "\n", 1) <= 0) + goto err; + } + if (a->crlTime) { + if (BIO_printf(bp, "%*scrlTime: ", ind, "") <= 0) + goto err; + if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime)) + goto err; + if (BIO_write(bp, "\n", 1) <= 0) + goto err; + } return 1; - err: + +err: return 0; } -static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *cutoff, BIO *bp, int ind) +static int +i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *cutoff, BIO *bp, + int ind) { - if (!BIO_printf(bp, "%*s", ind, "")) return 0; - if(!ASN1_GENERALIZEDTIME_print(bp, cutoff)) return 0; + if (BIO_printf(bp, "%*s", ind, "") <= 0) + return 0; + if (!ASN1_GENERALIZEDTIME_print(bp, cutoff)) + return 0; return 1; } - -static int i2r_object(X509V3_EXT_METHOD *method, void *oid, BIO *bp, int ind) +static int +i2r_object(const X509V3_EXT_METHOD *method, void *oid, BIO *bp, int ind) { - if (!BIO_printf(bp, "%*s", ind, "")) return 0; - if(!i2a_ASN1_OBJECT(bp, oid)) return 0; + if (BIO_printf(bp, "%*s", ind, "") <= 0) + return 0; + if (i2a_ASN1_OBJECT(bp, oid) <= 0) + return 0; return 1; } @@ -191,82 +271,110 @@ static int i2r_object(X509V3_EXT_METHOD *method, void *oid, BIO *bp, int ind) * an ASN1 encoding at all: it just contains arbitrary data. */ -static void *ocsp_nonce_new(void) +static void * +ocsp_nonce_new(void) { return ASN1_OCTET_STRING_new(); } -static int i2d_ocsp_nonce(void *a, unsigned char **pp) +static int +i2d_ocsp_nonce(void *a, unsigned char **pp) { ASN1_OCTET_STRING *os = a; - if(pp) { + + if (pp) { memcpy(*pp, os->data, os->length); *pp += os->length; } return os->length; } -static void *d2i_ocsp_nonce(void *a, unsigned char **pp, long length) +static void * +d2i_ocsp_nonce(void *a, const unsigned char **pp, long length) { ASN1_OCTET_STRING *os, **pos; + pos = a; - if(!pos || !*pos) os = ASN1_OCTET_STRING_new(); - else os = *pos; - if(!ASN1_OCTET_STRING_set(os, *pp, length)) goto err; + if (pos == NULL || *pos == NULL) { + os = ASN1_OCTET_STRING_new(); + if (os == NULL) + goto err; + } else + os = *pos; + if (ASN1_OCTET_STRING_set(os, *pp, length) == 0) + goto err; *pp += length; - if(pos) *pos = os; + if (pos != NULL) + *pos = os; return os; - err: - if(os && (!pos || (*pos != os))) M_ASN1_OCTET_STRING_free(os); - OCSPerr(OCSP_F_D2I_OCSP_NONCE, ERR_R_MALLOC_FAILURE); +err: + if (pos == NULL || *pos != os) + ASN1_OCTET_STRING_free(os); + OCSPerror(ERR_R_MALLOC_FAILURE); return NULL; } -static void ocsp_nonce_free(void *a) +static void +ocsp_nonce_free(void *a) { - M_ASN1_OCTET_STRING_free(a); + ASN1_OCTET_STRING_free(a); } -static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent) +static int +i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce, BIO *out, + int indent) { - if(BIO_printf(out, "%*s", indent, "") <= 0) return 0; - if(i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0) return 0; + if (BIO_printf(out, "%*s", indent, "") <= 0) + return 0; + if (i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0) + return 0; return 1; } /* Nocheck is just a single NULL. Don't print anything and always set it */ -static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent) +static int +i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, void *nocheck, BIO *out, + int indent) { return 1; } -static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str) +static void * +s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + const char *str) { return ASN1_NULL_new(); } -static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind) - { +static int +i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind) +{ int i; OCSP_SERVICELOC *a = in; ACCESS_DESCRIPTION *ad; - if (BIO_printf(bp, "%*sIssuer: ", ind, "") <= 0) goto err; - if (X509_NAME_print_ex(bp, a->issuer, 0, XN_FLAG_ONELINE) <= 0) goto err; - for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++) - { - ad = sk_ACCESS_DESCRIPTION_value(a->locator,i); - if (BIO_printf(bp, "\n%*s", (2*ind), "") <= 0) - goto err; - if(i2a_ASN1_OBJECT(bp, ad->method) <= 0) goto err; - if(BIO_puts(bp, " - ") <= 0) goto err; - if(GENERAL_NAME_print(bp, ad->location) <= 0) goto err; - } + if (BIO_printf(bp, "%*sIssuer: ", ind, "") <= 0) + goto err; + if (X509_NAME_print_ex(bp, a->issuer, 0, XN_FLAG_ONELINE) <= 0) + goto err; + for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++) { + ad = sk_ACCESS_DESCRIPTION_value(a->locator, i); + if (BIO_printf(bp, "\n%*s", (2 * ind), "") <= 0) + goto err; + if (i2a_ASN1_OBJECT(bp, ad->method) <= 0) + goto err; + if (BIO_puts(bp, " - ") <= 0) + goto err; + if (GENERAL_NAME_print(bp, ad->location) <= 0) + goto err; + } return 1; + err: return 0; - } +} +#endif diff --git a/src/lib/libcrypto/x509v3/v3_pci.c b/src/lib/libcrypto/x509v3/v3_pci.c new file mode 100644 index 00000000000..437b3aee3df --- /dev/null +++ b/src/lib/libcrypto/x509v3/v3_pci.c @@ -0,0 +1,310 @@ +/* $OpenBSD: v3_pci.c,v 1.13 2017/05/02 04:11:08 deraadt Exp $ */ +/* Contributed to the OpenSSL Project 2004 + * by Richard Levitte (richard@levitte.org) + */ +/* Copyright (c) 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +#include + +#include +#include +#include + +static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *ext, + BIO *out, int indent); +static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, char *str); + +const X509V3_EXT_METHOD v3_pci = { + .ext_nid = NID_proxyCertInfo, + .ext_flags = 0, + .it = &PROXY_CERT_INFO_EXTENSION_it, + .ext_new = NULL, + .ext_free = NULL, + .d2i = NULL, + .i2d = NULL, + .i2s = NULL, + .s2i = NULL, + .i2v = NULL, + .v2i = NULL, + .i2r = (X509V3_EXT_I2R)i2r_pci, + .r2i = (X509V3_EXT_R2I)r2i_pci, + .usr_data = NULL, +}; + +static int +i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *pci, BIO *out, + int indent) +{ + BIO_printf(out, "%*sPath Length Constraint: ", indent, ""); + if (pci->pcPathLengthConstraint) + i2a_ASN1_INTEGER(out, pci->pcPathLengthConstraint); + else + BIO_printf(out, "infinite"); + BIO_puts(out, "\n"); + BIO_printf(out, "%*sPolicy Language: ", indent, ""); + i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage); + BIO_puts(out, "\n"); + if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data) + BIO_printf(out, "%*sPolicy Text: %s\n", indent, "", + pci->proxyPolicy->policy->data); + return 1; +} + +static int +process_pci_value(CONF_VALUE *val, ASN1_OBJECT **language, + ASN1_INTEGER **pathlen, ASN1_OCTET_STRING **policy) +{ + int free_policy = 0; + + if (strcmp(val->name, "language") == 0) { + if (*language) { + X509V3error(X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED); + X509V3_conf_err(val); + return 0; + } + if (!(*language = OBJ_txt2obj(val->value, 0))) { + X509V3error(X509V3_R_INVALID_OBJECT_IDENTIFIER); + X509V3_conf_err(val); + return 0; + } + } + else if (strcmp(val->name, "pathlen") == 0) { + if (*pathlen) { + X509V3error(X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED); + X509V3_conf_err(val); + return 0; + } + if (!X509V3_get_value_int(val, pathlen)) { + X509V3error(X509V3_R_POLICY_PATH_LENGTH); + X509V3_conf_err(val); + return 0; + } + } + else if (strcmp(val->name, "policy") == 0) { + unsigned char *tmp_data = NULL; + long val_len; + if (!*policy) { + *policy = ASN1_OCTET_STRING_new(); + if (!*policy) { + X509V3error(ERR_R_MALLOC_FAILURE); + X509V3_conf_err(val); + return 0; + } + free_policy = 1; + } + if (strncmp(val->value, "hex:", 4) == 0) { + unsigned char *tmp_data2 = + string_to_hex(val->value + 4, &val_len); + + if (!tmp_data2) { + X509V3error(X509V3_R_ILLEGAL_HEX_DIGIT); + X509V3_conf_err(val); + goto err; + } + + tmp_data = realloc((*policy)->data, + (*policy)->length + val_len + 1); + if (tmp_data) { + (*policy)->data = tmp_data; + memcpy(&(*policy)->data[(*policy)->length], + tmp_data2, val_len); + (*policy)->length += val_len; + (*policy)->data[(*policy)->length] = '\0'; + } else { + free(tmp_data2); + free((*policy)->data); + (*policy)->data = NULL; + (*policy)->length = 0; + X509V3error(ERR_R_MALLOC_FAILURE); + X509V3_conf_err(val); + goto err; + } + free(tmp_data2); + } + else if (strncmp(val->value, "file:", 5) == 0) { + unsigned char buf[2048]; + int n; + BIO *b = BIO_new_file(val->value + 5, "r"); + if (!b) { + X509V3error(ERR_R_BIO_LIB); + X509V3_conf_err(val); + goto err; + } + while ((n = BIO_read(b, buf, sizeof(buf))) > 0 || + (n == 0 && BIO_should_retry(b))) { + if (!n) + continue; + + tmp_data = realloc((*policy)->data, + (*policy)->length + n + 1); + + if (!tmp_data) + break; + + (*policy)->data = tmp_data; + memcpy(&(*policy)->data[(*policy)->length], + buf, n); + (*policy)->length += n; + (*policy)->data[(*policy)->length] = '\0'; + } + BIO_free_all(b); + + if (n < 0) { + X509V3error(ERR_R_BIO_LIB); + X509V3_conf_err(val); + goto err; + } + } + else if (strncmp(val->value, "text:", 5) == 0) { + val_len = strlen(val->value + 5); + tmp_data = realloc((*policy)->data, + (*policy)->length + val_len + 1); + if (tmp_data) { + (*policy)->data = tmp_data; + memcpy(&(*policy)->data[(*policy)->length], + val->value + 5, val_len); + (*policy)->length += val_len; + (*policy)->data[(*policy)->length] = '\0'; + } else { + free((*policy)->data); + (*policy)->data = NULL; + (*policy)->length = 0; + X509V3error(ERR_R_MALLOC_FAILURE); + X509V3_conf_err(val); + goto err; + } + } else { + X509V3error(X509V3_R_INCORRECT_POLICY_SYNTAX_TAG); + X509V3_conf_err(val); + goto err; + } + if (!tmp_data) { + X509V3error(ERR_R_MALLOC_FAILURE); + X509V3_conf_err(val); + goto err; + } + } + return 1; + +err: + if (free_policy) { + ASN1_OCTET_STRING_free(*policy); + *policy = NULL; + } + return 0; +} + +static PROXY_CERT_INFO_EXTENSION * +r2i_pci(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *value) +{ + PROXY_CERT_INFO_EXTENSION *pci = NULL; + STACK_OF(CONF_VALUE) *vals; + ASN1_OBJECT *language = NULL; + ASN1_INTEGER *pathlen = NULL; + ASN1_OCTET_STRING *policy = NULL; + int i, j; + + vals = X509V3_parse_list(value); + for (i = 0; i < sk_CONF_VALUE_num(vals); i++) { + CONF_VALUE *cnf = sk_CONF_VALUE_value(vals, i); + if (!cnf->name || (*cnf->name != '@' && !cnf->value)) { + X509V3error(X509V3_R_INVALID_PROXY_POLICY_SETTING); + X509V3_conf_err(cnf); + goto err; + } + if (*cnf->name == '@') { + STACK_OF(CONF_VALUE) *sect; + int success_p = 1; + + sect = X509V3_get_section(ctx, cnf->name + 1); + if (!sect) { + X509V3error(X509V3_R_INVALID_SECTION); + X509V3_conf_err(cnf); + goto err; + } + for (j = 0; success_p && + j < sk_CONF_VALUE_num(sect); j++) { + success_p = process_pci_value( + sk_CONF_VALUE_value(sect, j), + &language, &pathlen, &policy); + } + X509V3_section_free(ctx, sect); + if (!success_p) + goto err; + } else { + if (!process_pci_value(cnf, + &language, &pathlen, &policy)) { + X509V3_conf_err(cnf); + goto err; + } + } + } + + /* Language is mandatory */ + if (!language) { + X509V3error(X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED); + goto err; + } + i = OBJ_obj2nid(language); + if ((i == NID_Independent || i == NID_id_ppl_inheritAll) && policy) { + X509V3error(X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY); + goto err; + } + + pci = PROXY_CERT_INFO_EXTENSION_new(); + if (!pci) { + X509V3error(ERR_R_MALLOC_FAILURE); + goto err; + } + + pci->proxyPolicy->policyLanguage = language; + language = NULL; + pci->proxyPolicy->policy = policy; + policy = NULL; + pci->pcPathLengthConstraint = pathlen; + pathlen = NULL; + goto end; + +err: + ASN1_OBJECT_free(language); + language = NULL; + ASN1_INTEGER_free(pathlen); + pathlen = NULL; + ASN1_OCTET_STRING_free(policy); + policy = NULL; +end: + sk_CONF_VALUE_pop_free(vals, X509V3_conf_free); + return pci; +} diff --git a/src/lib/libcrypto/x509v3/v3_pcia.c b/src/lib/libcrypto/x509v3/v3_pcia.c new file mode 100644 index 00000000000..f9ec02c00a5 --- /dev/null +++ b/src/lib/libcrypto/x509v3/v3_pcia.c @@ -0,0 +1,145 @@ +/* $OpenBSD: v3_pcia.c,v 1.6 2015/07/25 16:00:14 jsing Exp $ */ +/* Contributed to the OpenSSL Project 2004 + * by Richard Levitte (richard@levitte.org) + */ +/* Copyright (c) 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +#include +#include + +static const ASN1_TEMPLATE PROXY_POLICY_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(PROXY_POLICY, policyLanguage), + .field_name = "policyLanguage", + .item = &ASN1_OBJECT_it, + }, + { + .flags = ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(PROXY_POLICY, policy), + .field_name = "policy", + .item = &ASN1_OCTET_STRING_it, + }, +}; + +const ASN1_ITEM PROXY_POLICY_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = PROXY_POLICY_seq_tt, + .tcount = sizeof(PROXY_POLICY_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(PROXY_POLICY), + .sname = "PROXY_POLICY", +}; + + +PROXY_POLICY * +d2i_PROXY_POLICY(PROXY_POLICY **a, const unsigned char **in, long len) +{ + return (PROXY_POLICY *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &PROXY_POLICY_it); +} + +int +i2d_PROXY_POLICY(PROXY_POLICY *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &PROXY_POLICY_it); +} + +PROXY_POLICY * +PROXY_POLICY_new(void) +{ + return (PROXY_POLICY *)ASN1_item_new(&PROXY_POLICY_it); +} + +void +PROXY_POLICY_free(PROXY_POLICY *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &PROXY_POLICY_it); +} + +static const ASN1_TEMPLATE PROXY_CERT_INFO_EXTENSION_seq_tt[] = { + { + .flags = ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(PROXY_CERT_INFO_EXTENSION, pcPathLengthConstraint), + .field_name = "pcPathLengthConstraint", + .item = &ASN1_INTEGER_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(PROXY_CERT_INFO_EXTENSION, proxyPolicy), + .field_name = "proxyPolicy", + .item = &PROXY_POLICY_it, + }, +}; + +const ASN1_ITEM PROXY_CERT_INFO_EXTENSION_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = PROXY_CERT_INFO_EXTENSION_seq_tt, + .tcount = sizeof(PROXY_CERT_INFO_EXTENSION_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(PROXY_CERT_INFO_EXTENSION), + .sname = "PROXY_CERT_INFO_EXTENSION", +}; + + +PROXY_CERT_INFO_EXTENSION * +d2i_PROXY_CERT_INFO_EXTENSION(PROXY_CERT_INFO_EXTENSION **a, const unsigned char **in, long len) +{ + return (PROXY_CERT_INFO_EXTENSION *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &PROXY_CERT_INFO_EXTENSION_it); +} + +int +i2d_PROXY_CERT_INFO_EXTENSION(PROXY_CERT_INFO_EXTENSION *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &PROXY_CERT_INFO_EXTENSION_it); +} + +PROXY_CERT_INFO_EXTENSION * +PROXY_CERT_INFO_EXTENSION_new(void) +{ + return (PROXY_CERT_INFO_EXTENSION *)ASN1_item_new(&PROXY_CERT_INFO_EXTENSION_it); +} + +void +PROXY_CERT_INFO_EXTENSION_free(PROXY_CERT_INFO_EXTENSION *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &PROXY_CERT_INFO_EXTENSION_it); +} diff --git a/src/lib/libcrypto/x509v3/v3_pcons.c b/src/lib/libcrypto/x509v3/v3_pcons.c new file mode 100644 index 00000000000..30487a4d18c --- /dev/null +++ b/src/lib/libcrypto/x509v3/v3_pcons.c @@ -0,0 +1,180 @@ +/* $OpenBSD: v3_pcons.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include + +#include +#include +#include +#include +#include + +static STACK_OF(CONF_VALUE) * +i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *bcons, + STACK_OF(CONF_VALUE) *extlist); +static void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values); + +const X509V3_EXT_METHOD v3_policy_constraints = { + .ext_nid = NID_policy_constraints, + .ext_flags = 0, + .it = &POLICY_CONSTRAINTS_it, + .ext_new = NULL, + .ext_free = NULL, + .d2i = NULL, + .i2d = NULL, + .i2s = NULL, + .s2i = NULL, + .i2v = i2v_POLICY_CONSTRAINTS, + .v2i = v2i_POLICY_CONSTRAINTS, + .i2r = NULL, + .r2i = NULL, + .usr_data = NULL, +}; + +static const ASN1_TEMPLATE POLICY_CONSTRAINTS_seq_tt[] = { + { + .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(POLICY_CONSTRAINTS, requireExplicitPolicy), + .field_name = "requireExplicitPolicy", + .item = &ASN1_INTEGER_it, + }, + { + .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL, + .tag = 1, + .offset = offsetof(POLICY_CONSTRAINTS, inhibitPolicyMapping), + .field_name = "inhibitPolicyMapping", + .item = &ASN1_INTEGER_it, + }, +}; + +const ASN1_ITEM POLICY_CONSTRAINTS_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = POLICY_CONSTRAINTS_seq_tt, + .tcount = sizeof(POLICY_CONSTRAINTS_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(POLICY_CONSTRAINTS), + .sname = "POLICY_CONSTRAINTS", +}; + + +POLICY_CONSTRAINTS * +POLICY_CONSTRAINTS_new(void) +{ + return (POLICY_CONSTRAINTS*)ASN1_item_new(&POLICY_CONSTRAINTS_it); +} + +void +POLICY_CONSTRAINTS_free(POLICY_CONSTRAINTS *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &POLICY_CONSTRAINTS_it); +} + +static STACK_OF(CONF_VALUE) * +i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a, + STACK_OF(CONF_VALUE) *extlist) +{ + POLICY_CONSTRAINTS *pcons = a; + + X509V3_add_value_int("Require Explicit Policy", + pcons->requireExplicitPolicy, &extlist); + X509V3_add_value_int("Inhibit Policy Mapping", + pcons->inhibitPolicyMapping, &extlist); + return extlist; +} + +static void * +v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *values) +{ + POLICY_CONSTRAINTS *pcons = NULL; + CONF_VALUE *val; + int i; + + if (!(pcons = POLICY_CONSTRAINTS_new())) { + X509V3error(ERR_R_MALLOC_FAILURE); + return NULL; + } + for (i = 0; i < sk_CONF_VALUE_num(values); i++) { + val = sk_CONF_VALUE_value(values, i); + if (!strcmp(val->name, "requireExplicitPolicy")) { + if (!X509V3_get_value_int(val, + &pcons->requireExplicitPolicy)) goto err; + } else if (!strcmp(val->name, "inhibitPolicyMapping")) { + if (!X509V3_get_value_int(val, + &pcons->inhibitPolicyMapping)) goto err; + } else { + X509V3error(X509V3_R_INVALID_NAME); + X509V3_conf_err(val); + goto err; + } + } + if (!pcons->inhibitPolicyMapping && !pcons->requireExplicitPolicy) { + X509V3error(X509V3_R_ILLEGAL_EMPTY_EXTENSION); + goto err; + } + + return pcons; + +err: + POLICY_CONSTRAINTS_free(pcons); + return NULL; +} diff --git a/src/lib/libcrypto/x509v3/v3_pku.c b/src/lib/libcrypto/x509v3/v3_pku.c index 49a2e4697ac..507b0cbd942 100644 --- a/src/lib/libcrypto/x509v3/v3_pku.c +++ b/src/lib/libcrypto/x509v3/v3_pku.c @@ -1,5 +1,5 @@ -/* v3_pku.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: v3_pku.c,v 1.13 2016/12/30 15:54:49 jsing Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,40 +57,98 @@ */ #include -#include "cryptlib.h" + #include #include #include -static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, PKEY_USAGE_PERIOD *usage, BIO *out, int indent); +static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, + PKEY_USAGE_PERIOD *usage, BIO *out, int indent); /* static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values); */ -X509V3_EXT_METHOD v3_pkey_usage_period = { -NID_private_key_usage_period, 0, ASN1_ITEM_ref(PKEY_USAGE_PERIOD), -0,0,0,0, -0,0,0,0, -(X509V3_EXT_I2R)i2r_PKEY_USAGE_PERIOD, NULL, -NULL +const X509V3_EXT_METHOD v3_pkey_usage_period = { + .ext_nid = NID_private_key_usage_period, + .ext_flags = 0, + .it = &PKEY_USAGE_PERIOD_it, + .ext_new = NULL, + .ext_free = NULL, + .d2i = NULL, + .i2d = NULL, + .i2s = NULL, + .s2i = NULL, + .i2v = NULL, + .v2i = NULL, + .i2r = (X509V3_EXT_I2R)i2r_PKEY_USAGE_PERIOD, + .r2i = NULL, + .usr_data = NULL, }; -ASN1_SEQUENCE(PKEY_USAGE_PERIOD) = { - ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notBefore, ASN1_GENERALIZEDTIME, 0), - ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notAfter, ASN1_GENERALIZEDTIME, 1) -} ASN1_SEQUENCE_END(PKEY_USAGE_PERIOD) +static const ASN1_TEMPLATE PKEY_USAGE_PERIOD_seq_tt[] = { + { + .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL, + .tag = 0, + .offset = offsetof(PKEY_USAGE_PERIOD, notBefore), + .field_name = "notBefore", + .item = &ASN1_GENERALIZEDTIME_it, + }, + { + .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL, + .tag = 1, + .offset = offsetof(PKEY_USAGE_PERIOD, notAfter), + .field_name = "notAfter", + .item = &ASN1_GENERALIZEDTIME_it, + }, +}; -IMPLEMENT_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD) +const ASN1_ITEM PKEY_USAGE_PERIOD_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = PKEY_USAGE_PERIOD_seq_tt, + .tcount = sizeof(PKEY_USAGE_PERIOD_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(PKEY_USAGE_PERIOD), + .sname = "PKEY_USAGE_PERIOD", +}; -static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, - PKEY_USAGE_PERIOD *usage, BIO *out, int indent) + +PKEY_USAGE_PERIOD * +d2i_PKEY_USAGE_PERIOD(PKEY_USAGE_PERIOD **a, const unsigned char **in, long len) +{ + return (PKEY_USAGE_PERIOD *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &PKEY_USAGE_PERIOD_it); +} + +int +i2d_PKEY_USAGE_PERIOD(PKEY_USAGE_PERIOD *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKEY_USAGE_PERIOD_it); +} + +PKEY_USAGE_PERIOD * +PKEY_USAGE_PERIOD_new(void) +{ + return (PKEY_USAGE_PERIOD *)ASN1_item_new(&PKEY_USAGE_PERIOD_it); +} + +void +PKEY_USAGE_PERIOD_free(PKEY_USAGE_PERIOD *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &PKEY_USAGE_PERIOD_it); +} + +static int +i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, PKEY_USAGE_PERIOD *usage, + BIO *out, int indent) { BIO_printf(out, "%*s", indent, ""); - if(usage->notBefore) { + if (usage->notBefore) { BIO_write(out, "Not Before: ", 12); ASN1_GENERALIZEDTIME_print(out, usage->notBefore); - if(usage->notAfter) BIO_write(out, ", ", 2); + if (usage->notAfter) + BIO_write(out, ", ", 2); } - if(usage->notAfter) { + if (usage->notAfter) { BIO_write(out, "Not After: ", 11); ASN1_GENERALIZEDTIME_print(out, usage->notAfter); } diff --git a/src/lib/libcrypto/x509v3/v3_pmaps.c b/src/lib/libcrypto/x509v3/v3_pmaps.c new file mode 100644 index 00000000000..32ef6be8661 --- /dev/null +++ b/src/lib/libcrypto/x509v3/v3_pmaps.c @@ -0,0 +1,218 @@ +/* $OpenBSD: v3_pmaps.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. + */ +/* ==================================================================== + * Copyright (c) 2003 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + + +#include + +#include +#include +#include +#include + +static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); +static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS( + const X509V3_EXT_METHOD *method, void *pmps, STACK_OF(CONF_VALUE) *extlist); + +const X509V3_EXT_METHOD v3_policy_mappings = { + .ext_nid = NID_policy_mappings, + .ext_flags = 0, + .it = &POLICY_MAPPINGS_it, + .ext_new = NULL, + .ext_free = NULL, + .d2i = NULL, + .i2d = NULL, + .i2s = NULL, + .s2i = NULL, + .i2v = i2v_POLICY_MAPPINGS, + .v2i = v2i_POLICY_MAPPINGS, + .i2r = NULL, + .r2i = NULL, + .usr_data = NULL, +}; + +static const ASN1_TEMPLATE POLICY_MAPPING_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(POLICY_MAPPING, issuerDomainPolicy), + .field_name = "issuerDomainPolicy", + .item = &ASN1_OBJECT_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(POLICY_MAPPING, subjectDomainPolicy), + .field_name = "subjectDomainPolicy", + .item = &ASN1_OBJECT_it, + }, +}; + +const ASN1_ITEM POLICY_MAPPING_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = POLICY_MAPPING_seq_tt, + .tcount = sizeof(POLICY_MAPPING_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(POLICY_MAPPING), + .sname = "POLICY_MAPPING", +}; + +static const ASN1_TEMPLATE POLICY_MAPPINGS_item_tt = { + .flags = ASN1_TFLG_SEQUENCE_OF, + .tag = 0, + .offset = 0, + .field_name = "POLICY_MAPPINGS", + .item = &POLICY_MAPPING_it, +}; + +const ASN1_ITEM POLICY_MAPPINGS_it = { + .itype = ASN1_ITYPE_PRIMITIVE, + .utype = -1, + .templates = &POLICY_MAPPINGS_item_tt, + .tcount = 0, + .funcs = NULL, + .size = 0, + .sname = "POLICY_MAPPINGS", +}; + + +POLICY_MAPPING * +POLICY_MAPPING_new(void) +{ + return (POLICY_MAPPING*)ASN1_item_new(&POLICY_MAPPING_it); +} + +void +POLICY_MAPPING_free(POLICY_MAPPING *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &POLICY_MAPPING_it); +} + +static STACK_OF(CONF_VALUE) * +i2v_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, void *a, + STACK_OF(CONF_VALUE) *ext_list) +{ + POLICY_MAPPINGS *pmaps = a; + POLICY_MAPPING *pmap; + int i; + char obj_tmp1[80]; + char obj_tmp2[80]; + + for (i = 0; i < sk_POLICY_MAPPING_num(pmaps); i++) { + pmap = sk_POLICY_MAPPING_value(pmaps, i); + i2t_ASN1_OBJECT(obj_tmp1, 80, pmap->issuerDomainPolicy); + i2t_ASN1_OBJECT(obj_tmp2, 80, pmap->subjectDomainPolicy); + X509V3_add_value(obj_tmp1, obj_tmp2, &ext_list); + } + return ext_list; +} + +static void * +v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *nval) +{ + POLICY_MAPPINGS *pmaps = NULL; + POLICY_MAPPING *pmap = NULL; + ASN1_OBJECT *obj1 = NULL, *obj2 = NULL; + CONF_VALUE *val; + int i, rc; + + if (!(pmaps = sk_POLICY_MAPPING_new_null())) { + X509V3error(ERR_R_MALLOC_FAILURE); + return NULL; + } + + for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { + val = sk_CONF_VALUE_value(nval, i); + if (!val->value || !val->name) { + rc = X509V3_R_INVALID_OBJECT_IDENTIFIER; + goto err; + } + obj1 = OBJ_txt2obj(val->name, 0); + obj2 = OBJ_txt2obj(val->value, 0); + if (!obj1 || !obj2) { + rc = X509V3_R_INVALID_OBJECT_IDENTIFIER; + goto err; + } + pmap = POLICY_MAPPING_new(); + if (!pmap) { + rc = ERR_R_MALLOC_FAILURE; + goto err; + } + pmap->issuerDomainPolicy = obj1; + pmap->subjectDomainPolicy = obj2; + obj1 = obj2 = NULL; + if (sk_POLICY_MAPPING_push(pmaps, pmap) == 0) { + rc = ERR_R_MALLOC_FAILURE; + goto err; + } + pmap = NULL; + } + return pmaps; + +err: + sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free); + X509V3error(rc); + if (rc == X509V3_R_INVALID_OBJECT_IDENTIFIER) + X509V3_conf_err(val); + ASN1_OBJECT_free(obj1); + ASN1_OBJECT_free(obj2); + POLICY_MAPPING_free(pmap); + return NULL; +} diff --git a/src/lib/libcrypto/x509v3/v3_prn.c b/src/lib/libcrypto/x509v3/v3_prn.c index aeaf6170fe4..f294c36b3ed 100644 --- a/src/lib/libcrypto/x509v3/v3_prn.c +++ b/src/lib/libcrypto/x509v3/v3_prn.c @@ -1,5 +1,5 @@ -/* v3_prn.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: v3_prn.c,v 1.20 2018/05/19 10:41:53 tb Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -58,176 +58,168 @@ /* X509 v3 extension utilities */ #include -#include "cryptlib.h" + #include #include /* Extension printing routines */ -static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent, int supported); +static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, + int indent, int supported); /* Print out a name+value stack */ -void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int ml) +void +X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int ml) { int i; CONF_VALUE *nval; - if(!val) return; - if(!ml || !sk_CONF_VALUE_num(val)) { + + if (!val) + return; + if (!ml || !sk_CONF_VALUE_num(val)) { BIO_printf(out, "%*s", indent, ""); - if(!sk_CONF_VALUE_num(val)) BIO_puts(out, "\n"); + if (!sk_CONF_VALUE_num(val)) + BIO_puts(out, "\n"); } - for(i = 0; i < sk_CONF_VALUE_num(val); i++) { - if(ml) BIO_printf(out, "%*s", indent, ""); - else if(i > 0) BIO_printf(out, ", "); - nval = sk_CONF_VALUE_value(val, i); - if(!nval->name) BIO_puts(out, nval->value); - else if(!nval->value) BIO_puts(out, nval->name); -#ifndef CHARSET_EBCDIC - else BIO_printf(out, "%s:%s", nval->name, nval->value); -#else - else { - int len; - char *tmp; - len = strlen(nval->value)+1; - tmp = OPENSSL_malloc(len); - if (tmp) - { - ascii2ebcdic(tmp, nval->value, len); - BIO_printf(out, "%s:%s", nval->name, tmp); - OPENSSL_free(tmp); - } - } -#endif - if(ml) BIO_puts(out, "\n"); + for (i = 0; i < sk_CONF_VALUE_num(val); i++) { + if (ml) + BIO_printf(out, "%*s", indent, ""); + else if (i > 0) BIO_printf(out, ", "); + nval = sk_CONF_VALUE_value(val, i); + if (!nval->name) + BIO_puts(out, nval->value); + else if (!nval->value) + BIO_puts(out, nval->name); + else + BIO_printf(out, "%s:%s", nval->name, nval->value); + if (ml) + BIO_puts(out, "\n"); } } /* Main routine: print out a general extension */ -int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent) +int +X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent) { void *ext_str = NULL; char *value = NULL; - unsigned char *p; - X509V3_EXT_METHOD *method; + const unsigned char *p; + const X509V3_EXT_METHOD *method; STACK_OF(CONF_VALUE) *nval = NULL; int ok = 1; - if(!(method = X509V3_EXT_get(ext))) + + if (!(method = X509V3_EXT_get(ext))) return unknown_ext_print(out, ext, flag, indent, 0); p = ext->value->data; - if(method->it) ext_str = ASN1_item_d2i(NULL, &p, ext->value->length, ASN1_ITEM_ptr(method->it)); - else ext_str = method->d2i(NULL, &p, ext->value->length); + if (method->it) + ext_str = ASN1_item_d2i(NULL, &p, ext->value->length, + method->it); + else + ext_str = method->d2i(NULL, &p, ext->value->length); - if(!ext_str) return unknown_ext_print(out, ext, flag, indent, 1); + if (!ext_str) + return unknown_ext_print(out, ext, flag, indent, 1); - if(method->i2s) { - if(!(value = method->i2s(method, ext_str))) { + if (method->i2s) { + if (!(value = method->i2s(method, ext_str))) { ok = 0; goto err; } -#ifndef CHARSET_EBCDIC BIO_printf(out, "%*s%s", indent, "", value); -#else - { - int len; - char *tmp; - len = strlen(value)+1; - tmp = OPENSSL_malloc(len); - if (tmp) - { - ascii2ebcdic(tmp, value, len); - BIO_printf(out, "%*s%s", indent, "", tmp); - OPENSSL_free(tmp); - } - } -#endif - } else if(method->i2v) { - if(!(nval = method->i2v(method, ext_str, NULL))) { + } else if (method->i2v) { + if (!(nval = method->i2v(method, ext_str, NULL))) { ok = 0; goto err; } X509V3_EXT_val_prn(out, nval, indent, - method->ext_flags & X509V3_EXT_MULTILINE); - } else if(method->i2r) { - if(!method->i2r(method, ext_str, out, indent)) ok = 0; - } else ok = 0; - - err: - sk_CONF_VALUE_pop_free(nval, X509V3_conf_free); - if(value) OPENSSL_free(value); - if(method->it) ASN1_item_free(ext_str, ASN1_ITEM_ptr(method->it)); - else method->ext_free(ext_str); - return ok; + method->ext_flags & X509V3_EXT_MULTILINE); + } else if (method->i2r) { + if (!method->i2r(method, ext_str, out, indent)) + ok = 0; + } else + ok = 0; + +err: + sk_CONF_VALUE_pop_free(nval, X509V3_conf_free); + free(value); + if (method->it) + ASN1_item_free(ext_str, method->it); + else + method->ext_free(ext_str); + return ok; } -int X509V3_extensions_print(BIO *bp, char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent) +int +X509V3_extensions_print(BIO *bp, const char *title, + const STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent) { int i, j; - if(sk_X509_EXTENSION_num(exts) <= 0) return 1; + if (sk_X509_EXTENSION_num(exts) <= 0) + return 1; - if(title) - { - BIO_printf(bp,"%*s%s:\n",indent, "", title); + if (title) { + BIO_printf(bp, "%*s%s:\n",indent, "", title); indent += 4; - } + } - for (i=0; ivalue); - } - if (BIO_write(bp,"\n",1) <= 0) return 0; + ASN1_STRING_print(bp, ex->value); } + if (BIO_write(bp, "\n",1) <= 0) + return 0; + } return 1; } -static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent, int supported) +static int +unknown_ext_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, + int indent, int supported) { - switch(flag & X509V3_EXT_UNKNOWN_MASK) { - - case X509V3_EXT_DEFAULT: + switch (flag & X509V3_EXT_UNKNOWN_MASK) { + case X509V3_EXT_DEFAULT: return 0; - - case X509V3_EXT_ERROR_UNKNOWN: - if(supported) + case X509V3_EXT_ERROR_UNKNOWN: + if (supported) BIO_printf(out, "%*s", indent, ""); else BIO_printf(out, "%*s", indent, ""); return 1; - - case X509V3_EXT_PARSE_UNKNOWN: - return ASN1_parse_dump(out, - ext->value->data, ext->value->length, indent, -1); - case X509V3_EXT_DUMP_UNKNOWN: - return BIO_dump_indent(out, (char *)ext->value->data, ext->value->length, indent); - - default: + case X509V3_EXT_PARSE_UNKNOWN: + return ASN1_parse_dump(out, + ext->value->data, ext->value->length, indent, -1); + case X509V3_EXT_DUMP_UNKNOWN: + return BIO_dump_indent(out, (char *)ext->value->data, + ext->value->length, indent); + default: return 1; } } - -#ifndef OPENSSL_NO_FP_API -int X509V3_EXT_print_fp(FILE *fp, X509_EXTENSION *ext, int flag, int indent) + +int +X509V3_EXT_print_fp(FILE *fp, X509_EXTENSION *ext, int flag, int indent) { BIO *bio_tmp; int ret; - if(!(bio_tmp = BIO_new_fp(fp, BIO_NOCLOSE))) return 0; + + if (!(bio_tmp = BIO_new_fp(fp, BIO_NOCLOSE))) + return 0; ret = X509V3_EXT_print(bio_tmp, ext, flag, indent); BIO_free(bio_tmp); return ret; } -#endif diff --git a/src/lib/libcrypto/x509v3/v3_purp.c b/src/lib/libcrypto/x509v3/v3_purp.c index b739e4fd837..0fdec224a38 100644 --- a/src/lib/libcrypto/x509v3/v3_purp.c +++ b/src/lib/libcrypto/x509v3/v3_purp.c @@ -1,16 +1,16 @@ -/* v3_purp.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: v3_purp.c,v 1.31 2018/05/18 18:30:03 tb Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2001. */ /* ==================================================================== - * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,26 +57,44 @@ */ #include -#include "cryptlib.h" +#include + +#include + +#include #include #include +#define V1_ROOT (EXFLAG_V1|EXFLAG_SS) +#define ku_reject(x, usage) \ + (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage))) +#define xku_reject(x, usage) \ + (((x)->ex_flags & EXFLAG_XKUSAGE) && !((x)->ex_xkusage & (usage))) +#define ns_reject(x, usage) \ + (((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage))) + static void x509v3_cache_extensions(X509 *x); -static int ca_check(const X509 *x); static int check_ssl_ca(const X509 *x); -static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca); -static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca); -static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca); +static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, + int ca); +static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, + int ca); +static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, + int ca); static int purpose_smime(const X509 *x, int ca); -static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int ca); -static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, int ca); -static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca); +static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, + int ca); +static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, + int ca); +static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, + int ca); +static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x, + int ca); static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca); static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca); -static int xp_cmp(const X509_PURPOSE * const *a, - const X509_PURPOSE * const *b); +static int xp_cmp(const X509_PURPOSE * const *a, const X509_PURPOSE * const *b); static void xptable_free(X509_PURPOSE *p); static X509_PURPOSE xstandard[] = { @@ -88,16 +106,15 @@ static X509_PURPOSE xstandard[] = { {X509_PURPOSE_CRL_SIGN, X509_TRUST_COMPAT, 0, check_purpose_crl_sign, "CRL signing", "crlsign", NULL}, {X509_PURPOSE_ANY, X509_TRUST_DEFAULT, 0, no_check, "Any Purpose", "any", NULL}, {X509_PURPOSE_OCSP_HELPER, X509_TRUST_COMPAT, 0, ocsp_helper, "OCSP helper", "ocsphelper", NULL}, + {X509_PURPOSE_TIMESTAMP_SIGN, X509_TRUST_TSA, 0, check_purpose_timestamp_sign, "Time Stamp signing", "timestampsign", NULL}, }; #define X509_PURPOSE_COUNT (sizeof(xstandard)/sizeof(X509_PURPOSE)) -IMPLEMENT_STACK_OF(X509_PURPOSE) - static STACK_OF(X509_PURPOSE) *xptable = NULL; -static int xp_cmp(const X509_PURPOSE * const *a, - const X509_PURPOSE * const *b) +static int +xp_cmp(const X509_PURPOSE * const *a, const X509_PURPOSE * const *b) { return (*a)->purpose - (*b)->purpose; } @@ -105,75 +122,102 @@ static int xp_cmp(const X509_PURPOSE * const *a, /* As much as I'd like to make X509_check_purpose use a "const" X509* * I really can't because it does recalculate hashes and do other non-const * things. */ -int X509_check_purpose(X509 *x, int id, int ca) +int +X509_check_purpose(X509 *x, int id, int ca) { int idx; const X509_PURPOSE *pt; - if(!(x->ex_flags & EXFLAG_SET)) { + + if (!(x->ex_flags & EXFLAG_SET)) { CRYPTO_w_lock(CRYPTO_LOCK_X509); x509v3_cache_extensions(x); CRYPTO_w_unlock(CRYPTO_LOCK_X509); } - if(id == -1) return 1; + if (id == -1) + return 1; idx = X509_PURPOSE_get_by_id(id); - if(idx == -1) return -1; + if (idx == -1) + return -1; pt = X509_PURPOSE_get0(idx); return pt->check_purpose(pt, x, ca); } -int X509_PURPOSE_set(int *p, int purpose) +int +X509_PURPOSE_set(int *p, int purpose) { - if(X509_PURPOSE_get_by_id(purpose) == -1) { - X509V3err(X509V3_F_X509_PURPOSE_SET, X509V3_R_INVALID_PURPOSE); + if (X509_PURPOSE_get_by_id(purpose) == -1) { + X509V3error(X509V3_R_INVALID_PURPOSE); return 0; } *p = purpose; return 1; } -int X509_PURPOSE_get_count(void) +int +X509_PURPOSE_get_count(void) { - if(!xptable) return X509_PURPOSE_COUNT; + if (!xptable) + return X509_PURPOSE_COUNT; return sk_X509_PURPOSE_num(xptable) + X509_PURPOSE_COUNT; } -X509_PURPOSE * X509_PURPOSE_get0(int idx) +X509_PURPOSE * +X509_PURPOSE_get0(int idx) { - if(idx < 0) return NULL; - if(idx < X509_PURPOSE_COUNT) return xstandard + idx; + if (idx < 0) + return NULL; + if (idx < (int)X509_PURPOSE_COUNT) + return xstandard + idx; return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT); } -int X509_PURPOSE_get_by_sname(char *sname) +int +X509_PURPOSE_get_by_sname(const char *sname) { int i; X509_PURPOSE *xptmp; - for(i = 0; i < X509_PURPOSE_get_count(); i++) { + + for (i = 0; i < X509_PURPOSE_get_count(); i++) { xptmp = X509_PURPOSE_get0(i); - if(!strcmp(xptmp->sname, sname)) return i; + if (!strcmp(xptmp->sname, sname)) + return i; } return -1; } -int X509_PURPOSE_get_by_id(int purpose) +int +X509_PURPOSE_get_by_id(int purpose) { X509_PURPOSE tmp; int idx; - if((purpose >= X509_PURPOSE_MIN) && (purpose <= X509_PURPOSE_MAX)) + + if ((purpose >= X509_PURPOSE_MIN) && (purpose <= X509_PURPOSE_MAX)) return purpose - X509_PURPOSE_MIN; tmp.purpose = purpose; - if(!xptable) return -1; + if (!xptable) + return -1; idx = sk_X509_PURPOSE_find(xptable, &tmp); - if(idx == -1) return -1; + if (idx == -1) + return -1; return idx + X509_PURPOSE_COUNT; } -int X509_PURPOSE_add(int id, int trust, int flags, - int (*ck)(const X509_PURPOSE *, const X509 *, int), - char *name, char *sname, void *arg) +int +X509_PURPOSE_add(int id, int trust, int flags, + int (*ck)(const X509_PURPOSE *, const X509 *, int), const char *name, + const char *sname, void *arg) { int idx; X509_PURPOSE *ptmp; + char *name_dup, *sname_dup; + + name_dup = sname_dup = NULL; + + if (name == NULL || sname == NULL) { + X509V3error(X509V3_R_INVALID_NULL_ARGUMENT); + return 0; + } + /* This is set according to what we change: application can't set it */ flags &= ~X509_PURPOSE_DYNAMIC; /* This will always be set for application modified trust entries */ @@ -181,26 +225,28 @@ int X509_PURPOSE_add(int id, int trust, int flags, /* Get existing entry if any */ idx = X509_PURPOSE_get_by_id(id); /* Need a new entry */ - if(idx == -1) { - if(!(ptmp = OPENSSL_malloc(sizeof(X509_PURPOSE)))) { - X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE); + if (idx == -1) { + if ((ptmp = malloc(sizeof(X509_PURPOSE))) == NULL) { + X509V3error(ERR_R_MALLOC_FAILURE); return 0; } ptmp->flags = X509_PURPOSE_DYNAMIC; - } else ptmp = X509_PURPOSE_get0(idx); - - /* OPENSSL_free existing name if dynamic */ - if(ptmp->flags & X509_PURPOSE_DYNAMIC_NAME) { - OPENSSL_free(ptmp->name); - OPENSSL_free(ptmp->sname); + } else + ptmp = X509_PURPOSE_get0(idx); + + if ((name_dup = strdup(name)) == NULL) + goto err; + if ((sname_dup = strdup(sname)) == NULL) + goto err; + + /* free existing name if dynamic */ + if (ptmp->flags & X509_PURPOSE_DYNAMIC_NAME) { + free(ptmp->name); + free(ptmp->sname); } /* dup supplied name */ - ptmp->name = BUF_strdup(name); - ptmp->sname = BUF_strdup(sname); - if(!ptmp->name || !ptmp->sname) { - X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE); - return 0; - } + ptmp->name = name_dup; + ptmp->sname = sname_dup; /* Keep the dynamic flag of existing entry */ ptmp->flags &= X509_PURPOSE_DYNAMIC; /* Set all other flags */ @@ -212,67 +258,101 @@ int X509_PURPOSE_add(int id, int trust, int flags, ptmp->usr_data = arg; /* If its a new entry manage the dynamic table */ - if(idx == -1) { - if(!xptable && !(xptable = sk_X509_PURPOSE_new(xp_cmp))) { - X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE); - return 0; - } - if (!sk_X509_PURPOSE_push(xptable, ptmp)) { - X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE); - return 0; - } + if (idx == -1) { + if (xptable == NULL && + (xptable = sk_X509_PURPOSE_new(xp_cmp)) == NULL) + goto err; + if (sk_X509_PURPOSE_push(xptable, ptmp) == 0) + goto err; } return 1; + +err: + free(name_dup); + free(sname_dup); + if (idx == -1) + free(ptmp); + X509V3error(ERR_R_MALLOC_FAILURE); + return 0; } -static void xptable_free(X509_PURPOSE *p) - { - if(!p) return; - if (p->flags & X509_PURPOSE_DYNAMIC) - { +static void +xptable_free(X509_PURPOSE *p) +{ + if (!p) + return; + if (p->flags & X509_PURPOSE_DYNAMIC) { if (p->flags & X509_PURPOSE_DYNAMIC_NAME) { - OPENSSL_free(p->name); - OPENSSL_free(p->sname); - } - OPENSSL_free(p); + free(p->name); + free(p->sname); } + free(p); } +} -void X509_PURPOSE_cleanup(void) +void +X509_PURPOSE_cleanup(void) { - int i; + unsigned int i; + sk_X509_PURPOSE_pop_free(xptable, xptable_free); - for(i = 0; i < X509_PURPOSE_COUNT; i++) xptable_free(xstandard + i); + for(i = 0; i < X509_PURPOSE_COUNT; i++) + xptable_free(xstandard + i); xptable = NULL; } -int X509_PURPOSE_get_id(X509_PURPOSE *xp) +int +X509_PURPOSE_get_id(const X509_PURPOSE *xp) { return xp->purpose; } -char *X509_PURPOSE_get0_name(X509_PURPOSE *xp) +char * +X509_PURPOSE_get0_name(const X509_PURPOSE *xp) { return xp->name; } -char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp) +char * +X509_PURPOSE_get0_sname(const X509_PURPOSE *xp) { return xp->sname; } -int X509_PURPOSE_get_trust(X509_PURPOSE *xp) +int +X509_PURPOSE_get_trust(const X509_PURPOSE *xp) { return xp->trust; } -static int nid_cmp(int *a, int *b) - { +static int +nid_cmp(const int *a, const int *b) +{ return *a - *b; - } +} -int X509_supported_extension(X509_EXTENSION *ex) - { +static int nid_cmp_BSEARCH_CMP_FN(const void *, const void *); +static int nid_cmp(int const *, int const *); +static int *OBJ_bsearch_nid(int *key, int const *base, int num); + +static int +nid_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) +{ + int const *a = a_; + int const *b = b_; + return nid_cmp(a, b); +} + +static int * +OBJ_bsearch_nid(int *key, int const *base, int num) +{ + return (int *)OBJ_bsearch_(key, base, num, sizeof(int), + nid_cmp_BSEARCH_CMP_FN); +} + +int +X509_supported_extension(X509_EXTENSION *ex) +{ /* This table is a list of the NIDs of supported extensions: * that is those which are used by the verify process. If * an extension is critical and doesn't appear in this list @@ -281,127 +361,224 @@ int X509_supported_extension(X509_EXTENSION *ex) * searched using bsearch. */ - static int supported_nids[] = { + static const int supported_nids[] = { NID_netscape_cert_type, /* 71 */ - NID_key_usage, /* 83 */ + NID_key_usage, /* 83 */ NID_subject_alt_name, /* 85 */ NID_basic_constraints, /* 87 */ - NID_ext_key_usage /* 126 */ + NID_certificate_policies, /* 89 */ + NID_ext_key_usage, /* 126 */ + NID_policy_constraints, /* 401 */ + NID_proxyCertInfo, /* 663 */ + NID_name_constraints, /* 666 */ + NID_policy_mappings, /* 747 */ + NID_inhibit_any_policy /* 748 */ }; - int ex_nid; - - ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex)); + int ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex)); - if (ex_nid == NID_undef) + if (ex_nid == NID_undef) return 0; - if (OBJ_bsearch((char *)&ex_nid, (char *)supported_nids, - sizeof(supported_nids)/sizeof(int), sizeof(int), - (int (*)(const void *, const void *))nid_cmp)) + if (OBJ_bsearch_nid(&ex_nid, supported_nids, + sizeof(supported_nids) / sizeof(int))) return 1; return 0; +} + +static void +setup_dp(X509 *x, DIST_POINT *dp) +{ + X509_NAME *iname = NULL; + int i; + + if (dp->reasons) { + if (dp->reasons->length > 0) + dp->dp_reasons = dp->reasons->data[0]; + if (dp->reasons->length > 1) + dp->dp_reasons |= (dp->reasons->data[1] << 8); + dp->dp_reasons &= CRLDP_ALL_REASONS; + } else + dp->dp_reasons = CRLDP_ALL_REASONS; + if (!dp->distpoint || (dp->distpoint->type != 1)) + return; + for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++) { + GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i); + if (gen->type == GEN_DIRNAME) { + iname = gen->d.directoryName; + break; + } } - + if (!iname) + iname = X509_get_issuer_name(x); + + DIST_POINT_set_dpname(dp->distpoint, iname); + +} -static void x509v3_cache_extensions(X509 *x) +static void +setup_crldp(X509 *x) +{ + int i; + + x->crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, NULL, NULL); + for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++) + setup_dp(x, sk_DIST_POINT_value(x->crldp, i)); +} + +static void +x509v3_cache_extensions(X509 *x) { BASIC_CONSTRAINTS *bs; + PROXY_CERT_INFO_EXTENSION *pci; ASN1_BIT_STRING *usage; ASN1_BIT_STRING *ns; EXTENDED_KEY_USAGE *extusage; X509_EXTENSION *ex; - int i; - if(x->ex_flags & EXFLAG_SET) return; + + if (x->ex_flags & EXFLAG_SET) + return; + #ifndef OPENSSL_NO_SHA X509_digest(x, EVP_sha1(), x->sha1_hash, NULL); #endif - /* Does subject name match issuer ? */ - if(!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x))) - x->ex_flags |= EXFLAG_SS; + /* V1 should mean no extensions ... */ - if(!X509_get_version(x)) x->ex_flags |= EXFLAG_V1; + if (!X509_get_version(x)) + x->ex_flags |= EXFLAG_V1; + /* Handle basic constraints */ - if((bs=X509_get_ext_d2i(x, NID_basic_constraints, NULL, NULL))) { - if(bs->ca) x->ex_flags |= EXFLAG_CA; - if(bs->pathlen) { - if((bs->pathlen->type == V_ASN1_NEG_INTEGER) - || !bs->ca) { + if ((bs = X509_get_ext_d2i(x, NID_basic_constraints, NULL, NULL))) { + if (bs->ca) + x->ex_flags |= EXFLAG_CA; + if (bs->pathlen) { + if ((bs->pathlen->type == V_ASN1_NEG_INTEGER) || + !bs->ca) { x->ex_flags |= EXFLAG_INVALID; x->ex_pathlen = 0; - } else x->ex_pathlen = ASN1_INTEGER_get(bs->pathlen); - } else x->ex_pathlen = -1; + } else + x->ex_pathlen = ASN1_INTEGER_get(bs->pathlen); + } else + x->ex_pathlen = -1; BASIC_CONSTRAINTS_free(bs); x->ex_flags |= EXFLAG_BCONS; } + + /* Handle proxy certificates */ + if ((pci = X509_get_ext_d2i(x, NID_proxyCertInfo, NULL, NULL))) { + if (x->ex_flags & EXFLAG_CA || + X509_get_ext_by_NID(x, NID_subject_alt_name, -1) >= 0 || + X509_get_ext_by_NID(x, NID_issuer_alt_name, -1) >= 0) { + x->ex_flags |= EXFLAG_INVALID; + } + if (pci->pcPathLengthConstraint) { + if (pci->pcPathLengthConstraint->type == + V_ASN1_NEG_INTEGER) { + x->ex_flags |= EXFLAG_INVALID; + x->ex_pcpathlen = 0; + } else + x->ex_pcpathlen = + ASN1_INTEGER_get(pci-> + pcPathLengthConstraint); + } else + x->ex_pcpathlen = -1; + PROXY_CERT_INFO_EXTENSION_free(pci); + x->ex_flags |= EXFLAG_PROXY; + } + /* Handle key usage */ - if((usage=X509_get_ext_d2i(x, NID_key_usage, NULL, NULL))) { - if(usage->length > 0) { + if ((usage = X509_get_ext_d2i(x, NID_key_usage, NULL, NULL))) { + if (usage->length > 0) { x->ex_kusage = usage->data[0]; - if(usage->length > 1) + if (usage->length > 1) x->ex_kusage |= usage->data[1] << 8; - } else x->ex_kusage = 0; + } else + x->ex_kusage = 0; x->ex_flags |= EXFLAG_KUSAGE; ASN1_BIT_STRING_free(usage); } x->ex_xkusage = 0; - if((extusage=X509_get_ext_d2i(x, NID_ext_key_usage, NULL, NULL))) { + if ((extusage = X509_get_ext_d2i(x, NID_ext_key_usage, NULL, NULL))) { x->ex_flags |= EXFLAG_XKUSAGE; - for(i = 0; i < sk_ASN1_OBJECT_num(extusage); i++) { - switch(OBJ_obj2nid(sk_ASN1_OBJECT_value(extusage,i))) { - case NID_server_auth: + for (i = 0; i < sk_ASN1_OBJECT_num(extusage); i++) { + switch (OBJ_obj2nid(sk_ASN1_OBJECT_value(extusage, i))) { + case NID_server_auth: x->ex_xkusage |= XKU_SSL_SERVER; break; - case NID_client_auth: + case NID_client_auth: x->ex_xkusage |= XKU_SSL_CLIENT; break; - case NID_email_protect: + case NID_email_protect: x->ex_xkusage |= XKU_SMIME; break; - case NID_code_sign: + case NID_code_sign: x->ex_xkusage |= XKU_CODE_SIGN; break; - case NID_ms_sgc: - case NID_ns_sgc: + case NID_ms_sgc: + case NID_ns_sgc: x->ex_xkusage |= XKU_SGC; break; - case NID_OCSP_sign: + case NID_OCSP_sign: x->ex_xkusage |= XKU_OCSP_SIGN; break; - case NID_time_stamp: + case NID_time_stamp: x->ex_xkusage |= XKU_TIMESTAMP; break; + + case NID_dvcs: + x->ex_xkusage |= XKU_DVCS; + break; } } sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free); } - if((ns=X509_get_ext_d2i(x, NID_netscape_cert_type, NULL, NULL))) { - if(ns->length > 0) x->ex_nscert = ns->data[0]; - else x->ex_nscert = 0; + if ((ns = X509_get_ext_d2i(x, NID_netscape_cert_type, NULL, NULL))) { + if (ns->length > 0) + x->ex_nscert = ns->data[0]; + else + x->ex_nscert = 0; x->ex_flags |= EXFLAG_NSCERT; ASN1_BIT_STRING_free(ns); } - x->skid =X509_get_ext_d2i(x, NID_subject_key_identifier, NULL, NULL); - x->akid =X509_get_ext_d2i(x, NID_authority_key_identifier, NULL, NULL); - for (i = 0; i < X509_get_ext_count(x); i++) - { + + x->skid = X509_get_ext_d2i(x, NID_subject_key_identifier, NULL, NULL); + x->akid = X509_get_ext_d2i(x, NID_authority_key_identifier, NULL, NULL); + + /* Does subject name match issuer? */ + if (!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x))) { + x->ex_flags |= EXFLAG_SI; + /* If SKID matches AKID also indicate self signed. */ + if (X509_check_akid(x, x->akid) == X509_V_OK && + !ku_reject(x, KU_KEY_CERT_SIGN)) + x->ex_flags |= EXFLAG_SS; + } + + x->altname = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL); + x->nc = X509_get_ext_d2i(x, NID_name_constraints, &i, NULL); + if (!x->nc && (i != -1)) + x->ex_flags |= EXFLAG_INVALID; + setup_crldp(x); + + for (i = 0; i < X509_get_ext_count(x); i++) { ex = X509_get_ext(x, i); + if (OBJ_obj2nid(X509_EXTENSION_get_object(ex)) == + NID_freshest_crl) + x->ex_flags |= EXFLAG_FRESHEST; if (!X509_EXTENSION_get_critical(ex)) continue; - if (!X509_supported_extension(ex)) - { + if (!X509_supported_extension(ex)) { x->ex_flags |= EXFLAG_CRITICAL; break; - } } + } x->ex_flags |= EXFLAG_SET; } @@ -411,158 +588,232 @@ static void x509v3_cache_extensions(X509 *x) * 1 is a CA * 2 basicConstraints absent so "maybe" a CA * 3 basicConstraints absent but self signed V1. + * 4 basicConstraints absent but keyUsage present and keyCertSign asserted. */ -#define V1_ROOT (EXFLAG_V1|EXFLAG_SS) -#define ku_reject(x, usage) \ - (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage))) -#define xku_reject(x, usage) \ - (((x)->ex_flags & EXFLAG_XKUSAGE) && !((x)->ex_xkusage & (usage))) -#define ns_reject(x, usage) \ - (((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage))) - -static int ca_check(const X509 *x) +static int +check_ca(const X509 *x) { /* keyUsage if present should allow cert signing */ - if(ku_reject(x, KU_KEY_CERT_SIGN)) return 0; - if(x->ex_flags & EXFLAG_BCONS) { - if(x->ex_flags & EXFLAG_CA) return 1; + if (ku_reject(x, KU_KEY_CERT_SIGN)) + return 0; + if (x->ex_flags & EXFLAG_BCONS) { + if (x->ex_flags & EXFLAG_CA) + return 1; /* If basicConstraints says not a CA then say so */ - else return 0; + else + return 0; } else { - if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3; + /* we support V1 roots for... uh, I don't really know why. */ + if ((x->ex_flags & V1_ROOT) == V1_ROOT) + return 3; /* If key usage present it must have certSign so tolerate it */ - else if (x->ex_flags & EXFLAG_KUSAGE) return 3; - else return 2; + else if (x->ex_flags & EXFLAG_KUSAGE) + return 4; + /* Older certificates could have Netscape-specific CA types */ + else if (x->ex_flags & EXFLAG_NSCERT && + x->ex_nscert & NS_ANY_CA) + return 5; + /* can this still be regarded a CA certificate? I doubt it */ + return 0; } } +int +X509_check_ca(X509 *x) +{ + if (!(x->ex_flags & EXFLAG_SET)) { + CRYPTO_w_lock(CRYPTO_LOCK_X509); + x509v3_cache_extensions(x); + CRYPTO_w_unlock(CRYPTO_LOCK_X509); + } + + return check_ca(x); +} + /* Check SSL CA: common checks for SSL client and server */ -static int check_ssl_ca(const X509 *x) +static int +check_ssl_ca(const X509 *x) { int ca_ret; - ca_ret = ca_check(x); - if(!ca_ret) return 0; + + ca_ret = check_ca(x); + if (!ca_ret) + return 0; /* check nsCertType if present */ - if(x->ex_flags & EXFLAG_NSCERT) { - if(x->ex_nscert & NS_SSL_CA) return ca_ret; + if (ca_ret != 5 || x->ex_nscert & NS_SSL_CA) + return ca_ret; + else return 0; - } - if(ca_ret != 2) return ca_ret; - else return 0; } - -static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca) +static int +check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca) { - if(xku_reject(x,XKU_SSL_CLIENT)) return 0; - if(ca) return check_ssl_ca(x); + if (xku_reject(x, XKU_SSL_CLIENT)) + return 0; + if (ca) + return check_ssl_ca(x); /* We need to do digital signatures with it */ - if(ku_reject(x,KU_DIGITAL_SIGNATURE)) return 0; - /* nsCertType if present should allow SSL client use */ - if(ns_reject(x, NS_SSL_CLIENT)) return 0; + if (ku_reject(x, KU_DIGITAL_SIGNATURE)) + return 0; + /* nsCertType if present should allow SSL client use */ + if (ns_reject(x, NS_SSL_CLIENT)) + return 0; return 1; } -static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca) +static int +check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca) { - if(xku_reject(x,XKU_SSL_SERVER|XKU_SGC)) return 0; - if(ca) return check_ssl_ca(x); + if (xku_reject(x, XKU_SSL_SERVER|XKU_SGC)) + return 0; + if (ca) + return check_ssl_ca(x); - if(ns_reject(x, NS_SSL_SERVER)) return 0; + if (ns_reject(x, NS_SSL_SERVER)) + return 0; /* Now as for keyUsage: we'll at least need to sign OR encipher */ - if(ku_reject(x, KU_DIGITAL_SIGNATURE|KU_KEY_ENCIPHERMENT)) return 0; - - return 1; + if (ku_reject(x, KU_DIGITAL_SIGNATURE|KU_KEY_ENCIPHERMENT)) + return 0; + return 1; } -static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca) +static int +check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca) { int ret; + ret = check_purpose_ssl_server(xp, x, ca); - if(!ret || ca) return ret; + if (!ret || ca) + return ret; /* We need to encipher or Netscape complains */ - if(ku_reject(x, KU_KEY_ENCIPHERMENT)) return 0; + if (ku_reject(x, KU_KEY_ENCIPHERMENT)) + return 0; return ret; } /* common S/MIME checks */ -static int purpose_smime(const X509 *x, int ca) +static int +purpose_smime(const X509 *x, int ca) { - if(xku_reject(x,XKU_SMIME)) return 0; - if(ca) { + if (xku_reject(x, XKU_SMIME)) + return 0; + if (ca) { int ca_ret; - ca_ret = ca_check(x); - if(!ca_ret) return 0; + ca_ret = check_ca(x); + if (!ca_ret) + return 0; /* check nsCertType if present */ - if(x->ex_flags & EXFLAG_NSCERT) { - if(x->ex_nscert & NS_SMIME_CA) return ca_ret; + if (ca_ret != 5 || x->ex_nscert & NS_SMIME_CA) + return ca_ret; + else return 0; - } - if(ca_ret != 2) return ca_ret; - else return 0; } - if(x->ex_flags & EXFLAG_NSCERT) { - if(x->ex_nscert & NS_SMIME) return 1; + if (x->ex_flags & EXFLAG_NSCERT) { + if (x->ex_nscert & NS_SMIME) + return 1; /* Workaround for some buggy certificates */ - if(x->ex_nscert & NS_SSL_CLIENT) return 2; + if (x->ex_nscert & NS_SSL_CLIENT) + return 2; return 0; } return 1; } -static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int ca) +static int +check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int ca) { int ret; + ret = purpose_smime(x, ca); - if(!ret || ca) return ret; - if(ku_reject(x, KU_DIGITAL_SIGNATURE|KU_NON_REPUDIATION)) return 0; + if (!ret || ca) + return ret; + if (ku_reject(x, KU_DIGITAL_SIGNATURE|KU_NON_REPUDIATION)) + return 0; return ret; } -static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, int ca) +static int +check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, int ca) { int ret; + ret = purpose_smime(x, ca); - if(!ret || ca) return ret; - if(ku_reject(x, KU_KEY_ENCIPHERMENT)) return 0; + if (!ret || ca) + return ret; + if (ku_reject(x, KU_KEY_ENCIPHERMENT)) + return 0; return ret; } -static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca) +static int +check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca) { - if(ca) { + if (ca) { int ca_ret; - if((ca_ret = ca_check(x)) != 2) return ca_ret; - else return 0; + if ((ca_ret = check_ca(x)) != 2) + return ca_ret; + else + return 0; } - if(ku_reject(x, KU_CRL_SIGN)) return 0; + if (ku_reject(x, KU_CRL_SIGN)) + return 0; return 1; } /* OCSP helper: this is *not* a full OCSP check. It just checks that * each CA is valid. Additional checks must be made on the chain. */ +static int +ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca) +{ + /* Must be a valid CA. Should we really support the "I don't know" + value (2)? */ + if (ca) + return check_ca(x); + /* leaf certificate is checked in OCSP_verify() */ + return 1; +} -static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca) +static int +check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x, int ca) { - /* Must be a valid CA */ - if(ca) { - int ca_ret; - ca_ret = ca_check(x); - if(ca_ret != 2) return ca_ret; - if(x->ex_flags & EXFLAG_NSCERT) { - if(x->ex_nscert & NS_ANY_CA) return ca_ret; - return 0; - } + int i_ext; + + /* If ca is true we must return if this is a valid CA certificate. */ + if (ca) + return check_ca(x); + + /* + * Check the optional key usage field: + * if Key Usage is present, it must be one of digitalSignature + * and/or nonRepudiation (other values are not consistent and shall + * be rejected). + */ + if ((x->ex_flags & EXFLAG_KUSAGE) && + ((x->ex_kusage & ~(KU_NON_REPUDIATION | KU_DIGITAL_SIGNATURE)) || + !(x->ex_kusage & (KU_NON_REPUDIATION | KU_DIGITAL_SIGNATURE)))) + return 0; + + /* Only time stamp key usage is permitted and it's required. */ + if (!(x->ex_flags & EXFLAG_XKUSAGE) || x->ex_xkusage != XKU_TIMESTAMP) return 0; + + /* Extended Key Usage MUST be critical */ + i_ext = X509_get_ext_by_NID((X509 *) x, NID_ext_key_usage, -1); + if (i_ext >= 0) { + X509_EXTENSION *ext = X509_get_ext((X509 *) x, i_ext); + if (!X509_EXTENSION_get_critical(ext)) + return 0; } - /* leaf certificate is checked in OCSP_verify() */ + return 1; } -static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca) +static int +no_check(const X509_PURPOSE *xp, const X509 *x, int ca) { return 1; } @@ -579,47 +830,64 @@ static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca) * codes for X509_verify_cert() */ -int X509_check_issued(X509 *issuer, X509 *subject) +int +X509_check_issued(X509 *issuer, X509 *subject) { - if(X509_NAME_cmp(X509_get_subject_name(issuer), - X509_get_issuer_name(subject))) - return X509_V_ERR_SUBJECT_ISSUER_MISMATCH; + if (X509_NAME_cmp(X509_get_subject_name(issuer), + X509_get_issuer_name(subject))) + return X509_V_ERR_SUBJECT_ISSUER_MISMATCH; x509v3_cache_extensions(issuer); x509v3_cache_extensions(subject); - if(subject->akid) { - /* Check key ids (if present) */ - if(subject->akid->keyid && issuer->skid && - ASN1_OCTET_STRING_cmp(subject->akid->keyid, issuer->skid) ) - return X509_V_ERR_AKID_SKID_MISMATCH; - /* Check serial number */ - if(subject->akid->serial && - ASN1_INTEGER_cmp(X509_get_serialNumber(issuer), - subject->akid->serial)) - return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH; - /* Check issuer name */ - if(subject->akid->issuer) { - /* Ugh, for some peculiar reason AKID includes - * SEQUENCE OF GeneralName. So look for a DirName. - * There may be more than one but we only take any - * notice of the first. - */ - GENERAL_NAMES *gens; - GENERAL_NAME *gen; - X509_NAME *nm = NULL; - int i; - gens = subject->akid->issuer; - for(i = 0; i < sk_GENERAL_NAME_num(gens); i++) { - gen = sk_GENERAL_NAME_value(gens, i); - if(gen->type == GEN_DIRNAME) { - nm = gen->d.dirn; - break; - } + + if (subject->akid) { + int ret = X509_check_akid(issuer, subject->akid); + if (ret != X509_V_OK) + return ret; + } + + if (subject->ex_flags & EXFLAG_PROXY) { + if (ku_reject(issuer, KU_DIGITAL_SIGNATURE)) + return X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE; + } else if (ku_reject(issuer, KU_KEY_CERT_SIGN)) + return X509_V_ERR_KEYUSAGE_NO_CERTSIGN; + return X509_V_OK; +} + +int +X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid) +{ + if (!akid) + return X509_V_OK; + + /* Check key ids (if present) */ + if (akid->keyid && issuer->skid && + ASN1_OCTET_STRING_cmp(akid->keyid, issuer->skid) ) + return X509_V_ERR_AKID_SKID_MISMATCH; + /* Check serial number */ + if (akid->serial && + ASN1_INTEGER_cmp(X509_get_serialNumber(issuer), akid->serial)) + return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH; + /* Check issuer name */ + if (akid->issuer) { + /* Ugh, for some peculiar reason AKID includes + * SEQUENCE OF GeneralName. So look for a DirName. + * There may be more than one but we only take any + * notice of the first. + */ + GENERAL_NAMES *gens; + GENERAL_NAME *gen; + X509_NAME *nm = NULL; + int i; + gens = akid->issuer; + for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) { + gen = sk_GENERAL_NAME_value(gens, i); + if (gen->type == GEN_DIRNAME) { + nm = gen->d.dirn; + break; } - if(nm && X509_NAME_cmp(nm, X509_get_issuer_name(issuer))) - return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH; } + if (nm && X509_NAME_cmp(nm, X509_get_issuer_name(issuer))) + return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH; } - if(ku_reject(issuer, KU_KEY_CERT_SIGN)) return X509_V_ERR_KEYUSAGE_NO_CERTSIGN; return X509_V_OK; } - diff --git a/src/lib/libcrypto/x509v3/v3_skey.c b/src/lib/libcrypto/x509v3/v3_skey.c index c0f044ac1b9..aec2d5b7eca 100644 --- a/src/lib/libcrypto/x509v3/v3_skey.c +++ b/src/lib/libcrypto/x509v3/v3_skey.c @@ -1,5 +1,5 @@ -/* v3_skey.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: v3_skey.c,v 1.16 2018/05/19 10:37:02 tb Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -56,89 +56,106 @@ * */ - #include -#include "cryptlib.h" +#include + +#include #include -static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); -X509V3_EXT_METHOD v3_skey_id = { -NID_subject_key_identifier, 0, ASN1_ITEM_ref(ASN1_OCTET_STRING), -0,0,0,0, -(X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING, -(X509V3_EXT_S2I)s2i_skey_id, -0,0,0,0, -NULL}; - -char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, - ASN1_OCTET_STRING *oct) +static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, char *str); + +const X509V3_EXT_METHOD v3_skey_id = { + .ext_nid = NID_subject_key_identifier, + .ext_flags = 0, + .it = &ASN1_OCTET_STRING_it, + .ext_new = NULL, + .ext_free = NULL, + .d2i = NULL, + .i2d = NULL, + .i2s = (X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING, + .s2i = (X509V3_EXT_S2I)s2i_skey_id, + .i2v = NULL, + .v2i = NULL, + .i2r = NULL, + .r2i = NULL, + .usr_data = NULL, +}; + +char * +i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, const ASN1_OCTET_STRING *oct) { return hex_to_string(oct->data, oct->length); } -ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, char *str) +ASN1_OCTET_STRING * +s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + const char *str) { ASN1_OCTET_STRING *oct; long length; - if(!(oct = M_ASN1_OCTET_STRING_new())) { - X509V3err(X509V3_F_S2I_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE); + if (!(oct = ASN1_OCTET_STRING_new())) { + X509V3error(ERR_R_MALLOC_FAILURE); return NULL; } - if(!(oct->data = string_to_hex(str, &length))) { - M_ASN1_OCTET_STRING_free(oct); + if (!(oct->data = string_to_hex(str, &length))) { + ASN1_OCTET_STRING_free(oct); return NULL; } oct->length = length; return oct; - } -static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, char *str) +static ASN1_OCTET_STRING * +s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str) { ASN1_OCTET_STRING *oct; ASN1_BIT_STRING *pk; unsigned char pkey_dig[EVP_MAX_MD_SIZE]; unsigned int diglen; - if(strcmp(str, "hash")) return s2i_ASN1_OCTET_STRING(method, ctx, str); + if (strcmp(str, "hash")) + return s2i_ASN1_OCTET_STRING(method, ctx, str); - if(!(oct = M_ASN1_OCTET_STRING_new())) { - X509V3err(X509V3_F_S2I_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE); + if (!(oct = ASN1_OCTET_STRING_new())) { + X509V3error(ERR_R_MALLOC_FAILURE); return NULL; } - if(ctx && (ctx->flags == CTX_TEST)) return oct; + if (ctx && (ctx->flags == CTX_TEST)) + return oct; - if(!ctx || (!ctx->subject_req && !ctx->subject_cert)) { - X509V3err(X509V3_F_S2I_ASN1_SKEY_ID,X509V3_R_NO_PUBLIC_KEY); + if (!ctx || (!ctx->subject_req && !ctx->subject_cert)) { + X509V3error(X509V3_R_NO_PUBLIC_KEY); goto err; } - if(ctx->subject_req) + if (ctx->subject_req) pk = ctx->subject_req->req_info->pubkey->public_key; - else pk = ctx->subject_cert->cert_info->key->public_key; + else + pk = ctx->subject_cert->cert_info->key->public_key; - if(!pk) { - X509V3err(X509V3_F_S2I_ASN1_SKEY_ID,X509V3_R_NO_PUBLIC_KEY); + if (!pk) { + X509V3error(X509V3_R_NO_PUBLIC_KEY); goto err; } - EVP_Digest(pk->data, pk->length, pkey_dig, &diglen, EVP_sha1(), NULL); + if (!EVP_Digest(pk->data, pk->length, pkey_dig, &diglen, + EVP_sha1(), NULL)) + goto err; - if(!M_ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) { - X509V3err(X509V3_F_S2I_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE); + if (!ASN1_STRING_set(oct, pkey_dig, diglen)) { + X509V3error(ERR_R_MALLOC_FAILURE); goto err; } return oct; - - err: - M_ASN1_OCTET_STRING_free(oct); + +err: + ASN1_OCTET_STRING_free(oct); return NULL; } diff --git a/src/lib/libcrypto/x509v3/v3_sxnet.c b/src/lib/libcrypto/x509v3/v3_sxnet.c index d3f4ba3a724..400bc263465 100644 --- a/src/lib/libcrypto/x509v3/v3_sxnet.c +++ b/src/lib/libcrypto/x509v3/v3_sxnet.c @@ -1,5 +1,5 @@ -/* v3_sxnet.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: v3_sxnet.c,v 1.22 2019/03/13 20:34:00 tb Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,65 +57,168 @@ */ #include -#include "cryptlib.h" -#include +#include + #include #include +#include +#include #include /* Support for Thawte strong extranet extension */ #define SXNET_TEST -static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, int indent); +static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, + int indent); #ifdef SXNET_TEST static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *nval); + STACK_OF(CONF_VALUE) *nval); #endif -X509V3_EXT_METHOD v3_sxnet = { -NID_sxnet, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(SXNET), -0,0,0,0, -0,0, -0, + +const X509V3_EXT_METHOD v3_sxnet = { + .ext_nid = NID_sxnet, + .ext_flags = X509V3_EXT_MULTILINE, + .it = &SXNET_it, + .ext_new = NULL, + .ext_free = NULL, + .d2i = NULL, + .i2d = NULL, + .i2s = NULL, + .s2i = NULL, + .i2v = NULL, #ifdef SXNET_TEST -(X509V3_EXT_V2I)sxnet_v2i, + .v2i = (X509V3_EXT_V2I)sxnet_v2i, #else -0, + .v2i = NULL, #endif -(X509V3_EXT_I2R)sxnet_i2r, -0, -NULL + .i2r = (X509V3_EXT_I2R)sxnet_i2r, + .r2i = NULL, + .usr_data = NULL, }; -ASN1_SEQUENCE(SXNETID) = { - ASN1_SIMPLE(SXNETID, zone, ASN1_INTEGER), - ASN1_SIMPLE(SXNETID, user, ASN1_OCTET_STRING) -} ASN1_SEQUENCE_END(SXNETID) +static const ASN1_TEMPLATE SXNETID_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(SXNETID, zone), + .field_name = "zone", + .item = &ASN1_INTEGER_it, + }, + { + .flags = 0, + .tag = 0, + .offset = offsetof(SXNETID, user), + .field_name = "user", + .item = &ASN1_OCTET_STRING_it, + }, +}; -IMPLEMENT_ASN1_FUNCTIONS(SXNETID) +const ASN1_ITEM SXNETID_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = SXNETID_seq_tt, + .tcount = sizeof(SXNETID_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(SXNETID), + .sname = "SXNETID", +}; -ASN1_SEQUENCE(SXNET) = { - ASN1_SIMPLE(SXNET, version, ASN1_INTEGER), - ASN1_SEQUENCE_OF(SXNET, ids, SXNETID) -} ASN1_SEQUENCE_END(SXNET) -IMPLEMENT_ASN1_FUNCTIONS(SXNET) +SXNETID * +d2i_SXNETID(SXNETID **a, const unsigned char **in, long len) +{ + return (SXNETID *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &SXNETID_it); +} -static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, - int indent) +int +i2d_SXNETID(SXNETID *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &SXNETID_it); +} + +SXNETID * +SXNETID_new(void) +{ + return (SXNETID *)ASN1_item_new(&SXNETID_it); +} + +void +SXNETID_free(SXNETID *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &SXNETID_it); +} + +static const ASN1_TEMPLATE SXNET_seq_tt[] = { + { + .flags = 0, + .tag = 0, + .offset = offsetof(SXNET, version), + .field_name = "version", + .item = &ASN1_INTEGER_it, + }, + { + .flags = ASN1_TFLG_SEQUENCE_OF, + .tag = 0, + .offset = offsetof(SXNET, ids), + .field_name = "ids", + .item = &SXNETID_it, + }, +}; + +const ASN1_ITEM SXNET_it = { + .itype = ASN1_ITYPE_SEQUENCE, + .utype = V_ASN1_SEQUENCE, + .templates = SXNET_seq_tt, + .tcount = sizeof(SXNET_seq_tt) / sizeof(ASN1_TEMPLATE), + .funcs = NULL, + .size = sizeof(SXNET), + .sname = "SXNET", +}; + + +SXNET * +d2i_SXNET(SXNET **a, const unsigned char **in, long len) +{ + return (SXNET *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, + &SXNET_it); +} + +int +i2d_SXNET(SXNET *a, unsigned char **out) +{ + return ASN1_item_i2d((ASN1_VALUE *)a, out, &SXNET_it); +} + +SXNET * +SXNET_new(void) +{ + return (SXNET *)ASN1_item_new(&SXNET_it); +} + +void +SXNET_free(SXNET *a) +{ + ASN1_item_free((ASN1_VALUE *)a, &SXNET_it); +} + +static int +sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, int indent) { long v; char *tmp; SXNETID *id; int i; + v = ASN1_INTEGER_get(sx->version); - BIO_printf(out, "%*sVersion: %d (0x%X)", indent, "", v + 1, v); - for(i = 0; i < sk_SXNETID_num(sx->ids); i++) { + BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", v + 1, v); + for (i = 0; i < sk_SXNETID_num(sx->ids); i++) { id = sk_SXNETID_value(sx->ids, i); tmp = i2s_ASN1_INTEGER(NULL, id->zone); BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp); - OPENSSL_free(tmp); - M_ASN1_OCTET_STRING_print(out, id->user); + free(tmp); + ASN1_STRING_print(out, id->user); } return 1; } @@ -127,34 +230,35 @@ static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, * they should really be separate values for each user. */ - -static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, - STACK_OF(CONF_VALUE) *nval) +static SXNET * +sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + STACK_OF(CONF_VALUE) *nval) { CONF_VALUE *cnf; SXNET *sx = NULL; int i; - for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { + + for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { cnf = sk_CONF_VALUE_value(nval, i); - if(!SXNET_add_id_asc(&sx, cnf->name, cnf->value, -1)) - return NULL; + if (!SXNET_add_id_asc(&sx, cnf->name, cnf->value, -1)) + return NULL; } return sx; } - - + #endif /* Strong Extranet utility functions */ /* Add an id given the zone as an ASCII number */ -int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, - int userlen) +int +SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user, int userlen) { ASN1_INTEGER *izone = NULL; - if(!(izone = s2i_ASN1_INTEGER(NULL, zone))) { - X509V3err(X509V3_F_SXNET_ADD_ASC,X509V3_R_ERROR_CONVERTING_ZONE); + + if (!(izone = s2i_ASN1_INTEGER(NULL, zone))) { + X509V3error(X509V3_R_ERROR_CONVERTING_ZONE); return 0; } return SXNET_add_id_INTEGER(psx, izone, user, userlen); @@ -162,17 +266,19 @@ int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, /* Add an id given the zone as an unsigned long */ -int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, - int userlen) +int +SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user, + int userlen) { ASN1_INTEGER *izone = NULL; - if(!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) { - X509V3err(X509V3_F_SXNET_ADD_ID_ULONG,ERR_R_MALLOC_FAILURE); - M_ASN1_INTEGER_free(izone); + + if (!(izone = ASN1_INTEGER_new()) || + !ASN1_INTEGER_set(izone, lzone)) { + X509V3error(ERR_R_MALLOC_FAILURE); + ASN1_INTEGER_free(izone); return 0; } return SXNET_add_id_INTEGER(psx, izone, user, userlen); - } /* Add an id given the zone as an ASN1_INTEGER. @@ -180,83 +286,98 @@ int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, * free it up afterwards. */ -int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user, - int userlen) +int +SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, const char *user, + int userlen) { SXNET *sx = NULL; SXNETID *id = NULL; - if(!psx || !zone || !user) { - X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_INVALID_NULL_ARGUMENT); + + if (!psx || !zone || !user) { + X509V3error(X509V3_R_INVALID_NULL_ARGUMENT); return 0; } - if(userlen == -1) userlen = strlen(user); - if(userlen > 64) { - X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_USER_TOO_LONG); + if (userlen == -1) + userlen = strlen(user); + if (userlen > 64) { + X509V3error(X509V3_R_USER_TOO_LONG); return 0; } - if(!*psx) { - if(!(sx = SXNET_new())) goto err; - if(!ASN1_INTEGER_set(sx->version, 0)) goto err; + if (!*psx) { + if (!(sx = SXNET_new())) + goto err; + if (!ASN1_INTEGER_set(sx->version, 0)) + goto err; *psx = sx; - } else sx = *psx; - if(SXNET_get_id_INTEGER(sx, zone)) { - X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_DUPLICATE_ZONE_ID); + } else + sx = *psx; + if (SXNET_get_id_INTEGER(sx, zone)) { + X509V3error(X509V3_R_DUPLICATE_ZONE_ID); return 0; } - if(!(id = SXNETID_new())) goto err; - if(userlen == -1) userlen = strlen(user); - - if(!M_ASN1_OCTET_STRING_set(id->user, user, userlen)) goto err; - if(!sk_SXNETID_push(sx->ids, id)) goto err; + if (!(id = SXNETID_new())) + goto err; + if (userlen == -1) + userlen = strlen(user); + + if (!ASN1_STRING_set(id->user, user, userlen)) + goto err; + if (!sk_SXNETID_push(sx->ids, id)) + goto err; id->zone = zone; return 1; - - err: - X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,ERR_R_MALLOC_FAILURE); + +err: + X509V3error(ERR_R_MALLOC_FAILURE); SXNETID_free(id); SXNET_free(sx); *psx = NULL; return 0; } -ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone) +ASN1_OCTET_STRING * +SXNET_get_id_asc(SXNET *sx, const char *zone) { ASN1_INTEGER *izone = NULL; ASN1_OCTET_STRING *oct; - if(!(izone = s2i_ASN1_INTEGER(NULL, zone))) { - X509V3err(X509V3_F_SXNET_GET_ID_ASC,X509V3_R_ERROR_CONVERTING_ZONE); + + if (!(izone = s2i_ASN1_INTEGER(NULL, zone))) { + X509V3error(X509V3_R_ERROR_CONVERTING_ZONE); return NULL; } oct = SXNET_get_id_INTEGER(sx, izone); - M_ASN1_INTEGER_free(izone); + ASN1_INTEGER_free(izone); return oct; } -ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone) +ASN1_OCTET_STRING * +SXNET_get_id_ulong(SXNET *sx, unsigned long lzone) { ASN1_INTEGER *izone = NULL; ASN1_OCTET_STRING *oct; - if(!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) { - X509V3err(X509V3_F_SXNET_GET_ID_ULONG,ERR_R_MALLOC_FAILURE); - M_ASN1_INTEGER_free(izone); + + if (!(izone = ASN1_INTEGER_new()) || + !ASN1_INTEGER_set(izone, lzone)) { + X509V3error(ERR_R_MALLOC_FAILURE); + ASN1_INTEGER_free(izone); return NULL; } oct = SXNET_get_id_INTEGER(sx, izone); - M_ASN1_INTEGER_free(izone); + ASN1_INTEGER_free(izone); return oct; } -ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone) +ASN1_OCTET_STRING * +SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone) { SXNETID *id; int i; - for(i = 0; i < sk_SXNETID_num(sx->ids); i++) { + + for (i = 0; i < sk_SXNETID_num(sx->ids); i++) { id = sk_SXNETID_value(sx->ids, i); - if(!M_ASN1_INTEGER_cmp(id->zone, zone)) return id->user; + if (!ASN1_INTEGER_cmp(id->zone, zone)) + return id->user; } return NULL; } - -IMPLEMENT_STACK_OF(SXNETID) -IMPLEMENT_ASN1_SET_OF(SXNETID) diff --git a/src/lib/libcrypto/x509v3/v3_utl.c b/src/lib/libcrypto/x509v3/v3_utl.c index 283e943e462..4f8d16fd00c 100644 --- a/src/lib/libcrypto/x509v3/v3_utl.c +++ b/src/lib/libcrypto/x509v3/v3_utl.c @@ -1,16 +1,16 @@ -/* v3_utl.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 1999. +/* $OpenBSD: v3_utl.c,v 1.31 2018/05/19 10:50:08 tb Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -57,177 +57,225 @@ */ /* X509 v3 extension utilities */ - -#include #include -#include "cryptlib.h" +#include +#include + +#include #include +#include #include static char *strip_spaces(char *name); static int sk_strcmp(const char * const *a, const char * const *b); -static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens); -static void str_free(void *str); -static int append_ia5(STACK **sk, ASN1_IA5STRING *email); +static STACK_OF(OPENSSL_STRING) *get_email(X509_NAME *name, + GENERAL_NAMES *gens); +static void str_free(OPENSSL_STRING str); +static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, ASN1_IA5STRING *email); + +static int ipv4_from_asc(unsigned char *v4, const char *in); +static int ipv6_from_asc(unsigned char *v6, const char *in); +static int ipv6_cb(const char *elem, int len, void *usr); +static int ipv6_hex(unsigned char *out, const char *in, int inlen); /* Add a CONF_VALUE name value pair to stack */ -int X509V3_add_value(const char *name, const char *value, - STACK_OF(CONF_VALUE) **extlist) +int +X509V3_add_value(const char *name, const char *value, + STACK_OF(CONF_VALUE) **extlist) { CONF_VALUE *vtmp = NULL; char *tname = NULL, *tvalue = NULL; - if(name && !(tname = BUF_strdup(name))) goto err; - if(value && !(tvalue = BUF_strdup(value))) goto err;; - if(!(vtmp = (CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE)))) goto err; - if(!*extlist && !(*extlist = sk_CONF_VALUE_new_null())) goto err; + + if (name && !(tname = strdup(name))) + goto err; + if (value && !(tvalue = strdup(value))) + goto err; + if (!(vtmp = malloc(sizeof(CONF_VALUE)))) + goto err; + if (!*extlist && !(*extlist = sk_CONF_VALUE_new_null())) + goto err; vtmp->section = NULL; vtmp->name = tname; vtmp->value = tvalue; - if(!sk_CONF_VALUE_push(*extlist, vtmp)) goto err; + if (!sk_CONF_VALUE_push(*extlist, vtmp)) + goto err; return 1; - err: - X509V3err(X509V3_F_X509V3_ADD_VALUE,ERR_R_MALLOC_FAILURE); - if(vtmp) OPENSSL_free(vtmp); - if(tname) OPENSSL_free(tname); - if(tvalue) OPENSSL_free(tvalue); + +err: + X509V3error(ERR_R_MALLOC_FAILURE); + free(vtmp); + free(tname); + free(tvalue); return 0; } -int X509V3_add_value_uchar(const char *name, const unsigned char *value, - STACK_OF(CONF_VALUE) **extlist) - { - return X509V3_add_value(name,(const char *)value,extlist); - } +int +X509V3_add_value_uchar(const char *name, const unsigned char *value, + STACK_OF(CONF_VALUE) **extlist) +{ + return X509V3_add_value(name, (const char *)value, extlist); +} /* Free function for STACK_OF(CONF_VALUE) */ -void X509V3_conf_free(CONF_VALUE *conf) +void +X509V3_conf_free(CONF_VALUE *conf) { - if(!conf) return; - if(conf->name) OPENSSL_free(conf->name); - if(conf->value) OPENSSL_free(conf->value); - if(conf->section) OPENSSL_free(conf->section); - OPENSSL_free(conf); + if (!conf) + return; + free(conf->name); + free(conf->value); + free(conf->section); + free(conf); } -int X509V3_add_value_bool(const char *name, int asn1_bool, - STACK_OF(CONF_VALUE) **extlist) +int +X509V3_add_value_bool(const char *name, int asn1_bool, + STACK_OF(CONF_VALUE) **extlist) { - if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist); + if (asn1_bool) + return X509V3_add_value(name, "TRUE", extlist); return X509V3_add_value(name, "FALSE", extlist); } -int X509V3_add_value_bool_nf(char *name, int asn1_bool, - STACK_OF(CONF_VALUE) **extlist) +int +X509V3_add_value_bool_nf(const char *name, int asn1_bool, + STACK_OF(CONF_VALUE) **extlist) { - if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist); + if (asn1_bool) + return X509V3_add_value(name, "TRUE", extlist); return 1; } -char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, ASN1_ENUMERATED *a) +char * +i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, const ASN1_ENUMERATED *a) { BIGNUM *bntmp = NULL; char *strtmp = NULL; - if(!a) return NULL; - if(!(bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) || - !(strtmp = BN_bn2dec(bntmp)) ) - X509V3err(X509V3_F_I2S_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE); + + if (!a) + return NULL; + if (!(bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) || + !(strtmp = BN_bn2dec(bntmp))) + X509V3error(ERR_R_MALLOC_FAILURE); BN_free(bntmp); return strtmp; } -char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, ASN1_INTEGER *a) +char * +i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, const ASN1_INTEGER *a) { BIGNUM *bntmp = NULL; char *strtmp = NULL; - if(!a) return NULL; - if(!(bntmp = ASN1_INTEGER_to_BN(a, NULL)) || - !(strtmp = BN_bn2dec(bntmp)) ) - X509V3err(X509V3_F_I2S_ASN1_INTEGER,ERR_R_MALLOC_FAILURE); + + if (!a) + return NULL; + if (!(bntmp = ASN1_INTEGER_to_BN(a, NULL)) || + !(strtmp = BN_bn2dec(bntmp))) + X509V3error(ERR_R_MALLOC_FAILURE); BN_free(bntmp); return strtmp; } -ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value) +ASN1_INTEGER * +s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, const char *value) { BIGNUM *bn = NULL; ASN1_INTEGER *aint; int isneg, ishex; int ret; - bn = BN_new(); + if (!value) { - X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_INVALID_NULL_VALUE); + X509V3error(X509V3_R_INVALID_NULL_VALUE); return 0; } + bn = BN_new(); if (value[0] == '-') { value++; isneg = 1; - } else isneg = 0; + } else + isneg = 0; if (value[0] == '0' && ((value[1] == 'x') || (value[1] == 'X'))) { value += 2; ishex = 1; - } else ishex = 0; + } else + ishex = 0; - if (ishex) ret = BN_hex2bn(&bn, value); - else ret = BN_dec2bn(&bn, value); + if (ishex) + ret = BN_hex2bn(&bn, value); + else + ret = BN_dec2bn(&bn, value); - if (!ret) { - X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_DEC2BN_ERROR); + if (!ret || value[ret]) { + BN_free(bn); + X509V3error(X509V3_R_BN_DEC2BN_ERROR); return 0; } - if (isneg && BN_is_zero(bn)) isneg = 0; + if (isneg && BN_is_zero(bn)) + isneg = 0; aint = BN_to_ASN1_INTEGER(bn, NULL); BN_free(bn); if (!aint) { - X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_TO_ASN1_INTEGER_ERROR); + X509V3error(X509V3_R_BN_TO_ASN1_INTEGER_ERROR); return 0; } - if (isneg) aint->type |= V_ASN1_NEG; + if (isneg) + aint->type |= V_ASN1_NEG; return aint; } -int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint, - STACK_OF(CONF_VALUE) **extlist) +int +X509V3_add_value_int(const char *name, const ASN1_INTEGER *aint, + STACK_OF(CONF_VALUE) **extlist) { char *strtmp; int ret; - if(!aint) return 1; - if(!(strtmp = i2s_ASN1_INTEGER(NULL, aint))) return 0; + + if (!aint) + return 1; + if (!(strtmp = i2s_ASN1_INTEGER(NULL, aint))) + return 0; ret = X509V3_add_value(name, strtmp, extlist); - OPENSSL_free(strtmp); + free(strtmp); return ret; } -int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool) +int +X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool) { char *btmp; - if(!(btmp = value->value)) goto err; - if(!strcmp(btmp, "TRUE") || !strcmp(btmp, "true") - || !strcmp(btmp, "Y") || !strcmp(btmp, "y") - || !strcmp(btmp, "YES") || !strcmp(btmp, "yes")) { + + if (!(btmp = value->value)) + goto err; + if (!strcmp(btmp, "TRUE") || !strcmp(btmp, "true") || + !strcmp(btmp, "Y") || !strcmp(btmp, "y") || + !strcmp(btmp, "YES") || !strcmp(btmp, "yes")) { *asn1_bool = 0xff; return 1; - } else if(!strcmp(btmp, "FALSE") || !strcmp(btmp, "false") - || !strcmp(btmp, "N") || !strcmp(btmp, "n") - || !strcmp(btmp, "NO") || !strcmp(btmp, "no")) { + } else if (!strcmp(btmp, "FALSE") || !strcmp(btmp, "false") || + !strcmp(btmp, "N") || !strcmp(btmp, "n") || + !strcmp(btmp, "NO") || !strcmp(btmp, "no")) { *asn1_bool = 0; return 1; } - err: - X509V3err(X509V3_F_X509V3_GET_VALUE_BOOL,X509V3_R_INVALID_BOOLEAN_STRING); + +err: + X509V3error(X509V3_R_INVALID_BOOLEAN_STRING); X509V3_conf_err(value); return 0; } -int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint) +int +X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint) { ASN1_INTEGER *itmp; - if(!(itmp = s2i_ASN1_INTEGER(NULL, value->value))) { + + if (!(itmp = s2i_ASN1_INTEGER(NULL, value->value))) { X509V3_conf_err(value); return 0; } @@ -240,56 +288,57 @@ int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint) /*#define DEBUG*/ -STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) +STACK_OF(CONF_VALUE) * +X509V3_parse_list(const char *line) { char *p, *q, c; char *ntmp, *vtmp; STACK_OF(CONF_VALUE) *values = NULL; char *linebuf; int state; + /* We are going to modify the line so copy it first */ - linebuf = BUF_strdup(line); + if ((linebuf = strdup(line)) == NULL) { + X509V3error(ERR_R_MALLOC_FAILURE); + goto err; + } state = HDR_NAME; ntmp = NULL; + /* Go through all characters */ - for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) { + for (p = linebuf, q = linebuf; (c = *p) && (c != '\r') && + (c != '\n'); p++) { - switch(state) { - case HDR_NAME: - if(c == ':') { + switch (state) { + case HDR_NAME: + if (c == ':') { state = HDR_VALUE; *p = 0; ntmp = strip_spaces(q); - if(!ntmp) { - X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME); + if (!ntmp) { + X509V3error(X509V3_R_INVALID_NULL_NAME); goto err; } q = p + 1; - } else if(c == ',') { + } else if (c == ',') { *p = 0; ntmp = strip_spaces(q); q = p + 1; -#if 0 - printf("%s\n", ntmp); -#endif - if(!ntmp) { - X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME); + if (!ntmp) { + X509V3error(X509V3_R_INVALID_NULL_NAME); goto err; } X509V3_add_value(ntmp, NULL, &values); } - break ; + break; - case HDR_VALUE: - if(c == ',') { + case HDR_VALUE: + if (c == ',') { state = HDR_NAME; *p = 0; vtmp = strip_spaces(q); -#if 0 - printf("%s\n", ntmp); -#endif - if(!vtmp) { - X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE); + if (!vtmp) { + X509V3error(X509V3_R_INVALID_NULL_VALUE); goto err; } X509V3_add_value(ntmp, vtmp, &values); @@ -300,81 +349,79 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) } } - if(state == HDR_VALUE) { + if (state == HDR_VALUE) { vtmp = strip_spaces(q); -#if 0 - printf("%s=%s\n", ntmp, vtmp); -#endif - if(!vtmp) { - X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE); + if (!vtmp) { + X509V3error(X509V3_R_INVALID_NULL_VALUE); goto err; } X509V3_add_value(ntmp, vtmp, &values); } else { ntmp = strip_spaces(q); -#if 0 - printf("%s\n", ntmp); -#endif - if(!ntmp) { - X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME); + if (!ntmp) { + X509V3error(X509V3_R_INVALID_NULL_NAME); goto err; } X509V3_add_value(ntmp, NULL, &values); } -OPENSSL_free(linebuf); -return values; + free(linebuf); + return values; err: -OPENSSL_free(linebuf); -sk_CONF_VALUE_pop_free(values, X509V3_conf_free); -return NULL; + free(linebuf); + sk_CONF_VALUE_pop_free(values, X509V3_conf_free); + return NULL; } /* Delete leading and trailing spaces from a string */ -static char *strip_spaces(char *name) +static char * +strip_spaces(char *name) { char *p, *q; + /* Skip over leading spaces */ p = name; - while(*p && isspace((unsigned char)*p)) p++; - if(!*p) return NULL; + while (*p && isspace((unsigned char)*p)) + p++; + if (!*p) + return NULL; q = p + strlen(p) - 1; - while((q != p) && isspace((unsigned char)*q)) q--; - if(p != q) q[1] = 0; - if(!*p) return NULL; + while ((q != p) && isspace((unsigned char)*q)) + q--; + if (p != q) + q[1] = 0; + if (!*p) + return NULL; return p; } /* hex string utilities */ -/* Given a buffer of length 'len' return a OPENSSL_malloc'ed string with its +/* Given a buffer of length 'len' return a malloc'ed string with its * hex representation - * @@@ (Contents of buffer are always kept in ASCII, also on EBCDIC machines) */ - -char *hex_to_string(unsigned char *buffer, long len) +char * +hex_to_string(const unsigned char *buffer, long len) { char *tmp, *q; - unsigned char *p; + const unsigned char *p; int i; - static char hexdig[] = "0123456789ABCDEF"; - if(!buffer || !len) return NULL; - if(!(tmp = OPENSSL_malloc(len * 3 + 1))) { - X509V3err(X509V3_F_HEX_TO_STRING,ERR_R_MALLOC_FAILURE); + static const char hexdig[] = "0123456789ABCDEF"; + + if (!buffer || !len) + return NULL; + if (!(tmp = malloc(len * 3 + 1))) { + X509V3error(ERR_R_MALLOC_FAILURE); return NULL; } q = tmp; - for(i = 0, p = buffer; i < len; i++,p++) { + for (i = 0, p = buffer; i < len; i++, p++) { *q++ = hexdig[(*p >> 4) & 0xf]; *q++ = hexdig[*p & 0xf]; *q++ = ':'; } q[-1] = 0; -#ifdef CHARSET_EBCDIC - ebcdic2ascii(tmp, tmp, q - tmp - 1); -#endif - return tmp; } @@ -382,95 +429,128 @@ char *hex_to_string(unsigned char *buffer, long len) * a buffer */ -unsigned char *string_to_hex(char *str, long *len) +unsigned char * +string_to_hex(const char *str, long *len) { unsigned char *hexbuf, *q; unsigned char ch, cl, *p; - if(!str) { - X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_INVALID_NULL_ARGUMENT); + if (!str) { + X509V3error(X509V3_R_INVALID_NULL_ARGUMENT); return NULL; } - if(!(hexbuf = OPENSSL_malloc(strlen(str) >> 1))) goto err; - for(p = (unsigned char *)str, q = hexbuf; *p;) { + if (!(hexbuf = malloc(strlen(str) >> 1))) + goto err; + for (p = (unsigned char *)str, q = hexbuf; *p; ) { ch = *p++; -#ifdef CHARSET_EBCDIC - ch = os_toebcdic[ch]; -#endif - if(ch == ':') continue; + if (ch == ':') + continue; cl = *p++; -#ifdef CHARSET_EBCDIC - cl = os_toebcdic[cl]; -#endif - if(!cl) { - X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ODD_NUMBER_OF_DIGITS); - OPENSSL_free(hexbuf); + if (!cl) { + X509V3error(X509V3_R_ODD_NUMBER_OF_DIGITS); + free(hexbuf); return NULL; } - if(isupper(ch)) ch = tolower(ch); - if(isupper(cl)) cl = tolower(cl); + ch = tolower(ch); + cl = tolower(cl); - if((ch >= '0') && (ch <= '9')) ch -= '0'; - else if ((ch >= 'a') && (ch <= 'f')) ch -= 'a' - 10; - else goto badhex; + if ((ch >= '0') && (ch <= '9')) + ch -= '0'; + else if ((ch >= 'a') && (ch <= 'f')) + ch -= 'a' - 10; + else + goto badhex; - if((cl >= '0') && (cl <= '9')) cl -= '0'; - else if ((cl >= 'a') && (cl <= 'f')) cl -= 'a' - 10; - else goto badhex; + if ((cl >= '0') && (cl <= '9')) + cl -= '0'; + else if ((cl >= 'a') && (cl <= 'f')) + cl -= 'a' - 10; + else + goto badhex; *q++ = (ch << 4) | cl; } - if(len) *len = q - hexbuf; + if (len) + *len = q - hexbuf; return hexbuf; - err: - if(hexbuf) OPENSSL_free(hexbuf); - X509V3err(X509V3_F_STRING_TO_HEX,ERR_R_MALLOC_FAILURE); +err: + free(hexbuf); + X509V3error(ERR_R_MALLOC_FAILURE); return NULL; - badhex: - OPENSSL_free(hexbuf); - X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ILLEGAL_HEX_DIGIT); +badhex: + free(hexbuf); + X509V3error(X509V3_R_ILLEGAL_HEX_DIGIT); return NULL; - } /* V2I name comparison function: returns zero if 'name' matches * cmp or cmp.* */ -int name_cmp(const char *name, const char *cmp) +int +name_cmp(const char *name, const char *cmp) { int len, ret; char c; + len = strlen(cmp); - if((ret = strncmp(name, cmp, len))) return ret; + if ((ret = strncmp(name, cmp, len))) + return ret; c = name[len]; - if(!c || (c=='.')) return 0; + if (!c || (c=='.')) + return 0; return 1; } -static int sk_strcmp(const char * const *a, const char * const *b) +static int +sk_strcmp(const char * const *a, const char * const *b) { return strcmp(*a, *b); } -STACK *X509_get1_email(X509 *x) +STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x) { GENERAL_NAMES *gens; - STACK *ret; + STACK_OF(OPENSSL_STRING) *ret; + gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL); ret = get_email(X509_get_subject_name(x), gens); sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); return ret; } -STACK *X509_REQ_get1_email(X509_REQ *x) +STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x) +{ + AUTHORITY_INFO_ACCESS *info; + STACK_OF(OPENSSL_STRING) *ret = NULL; + int i; + + info = X509_get_ext_d2i(x, NID_info_access, NULL, NULL); + if (!info) + return NULL; + for (i = 0; i < sk_ACCESS_DESCRIPTION_num(info); i++) { + ACCESS_DESCRIPTION *ad = sk_ACCESS_DESCRIPTION_value(info, i); + if (OBJ_obj2nid(ad->method) == NID_ad_OCSP) { + if (ad->location->type == GEN_URI) { + if (!append_ia5(&ret, + ad->location->d.uniformResourceIdentifier)) + break; + } + } + } + AUTHORITY_INFO_ACCESS_free(info); + return ret; +} + +STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x) { GENERAL_NAMES *gens; STACK_OF(X509_EXTENSION) *exts; - STACK *ret; + STACK_OF(OPENSSL_STRING) *ret; + exts = X509_REQ_get_extensions(x); gens = X509V3_get_d2i(exts, NID_subject_alt_name, NULL, NULL); ret = get_email(X509_REQ_get_subject_name(x), gens); @@ -480,48 +560,61 @@ STACK *X509_REQ_get1_email(X509_REQ *x) } -static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens) +static +STACK_OF(OPENSSL_STRING) *get_email(X509_NAME *name, GENERAL_NAMES *gens) { - STACK *ret = NULL; + STACK_OF(OPENSSL_STRING) *ret = NULL; X509_NAME_ENTRY *ne; ASN1_IA5STRING *email; GENERAL_NAME *gen; int i; + /* Now add any email address(es) to STACK */ i = -1; + /* First supplied X509_NAME */ - while((i = X509_NAME_get_index_by_NID(name, - NID_pkcs9_emailAddress, i)) > 0) { + while ((i = X509_NAME_get_index_by_NID(name, + NID_pkcs9_emailAddress, i)) >= 0) { ne = X509_NAME_get_entry(name, i); email = X509_NAME_ENTRY_get_data(ne); - if(!append_ia5(&ret, email)) return NULL; + if (!append_ia5(&ret, email)) + return NULL; } - for(i = 0; i < sk_GENERAL_NAME_num(gens); i++) - { + for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) { gen = sk_GENERAL_NAME_value(gens, i); - if(gen->type != GEN_EMAIL) continue; - if(!append_ia5(&ret, gen->d.ia5)) return NULL; + if (gen->type != GEN_EMAIL) + continue; + if (!append_ia5(&ret, gen->d.ia5)) + return NULL; } return ret; } -static void str_free(void *str) +static void +str_free(OPENSSL_STRING str) { - OPENSSL_free(str); + free(str); } -static int append_ia5(STACK **sk, ASN1_IA5STRING *email) +static int +append_ia5(STACK_OF(OPENSSL_STRING) **sk, ASN1_IA5STRING *email) { char *emtmp; + /* First some sanity checks */ - if(email->type != V_ASN1_IA5STRING) return 1; - if(!email->data || !email->length) return 1; - if(!*sk) *sk = sk_new(sk_strcmp); - if(!*sk) return 0; + if (email->type != V_ASN1_IA5STRING) + return 1; + if (!email->data || !email->length) + return 1; + if (!*sk) + *sk = sk_OPENSSL_STRING_new(sk_strcmp); + if (!*sk) + return 0; /* Don't add duplicates */ - if(sk_find(*sk, (char *)email->data) != -1) return 1; - emtmp = BUF_strdup((char *)email->data); - if(!emtmp || !sk_push(*sk, emtmp)) { + if (sk_OPENSSL_STRING_find(*sk, (char *)email->data) != -1) + return 1; + emtmp = strdup((char *)email->data); + if (!emtmp || !sk_OPENSSL_STRING_push(*sk, emtmp)) { X509_email_free(*sk); *sk = NULL; return 0; @@ -529,7 +622,721 @@ static int append_ia5(STACK **sk, ASN1_IA5STRING *email) return 1; } -void X509_email_free(STACK *sk) +void +X509_email_free(STACK_OF(OPENSSL_STRING) *sk) +{ + sk_OPENSSL_STRING_pop_free(sk, str_free); +} + +typedef int (*equal_fn) (const unsigned char *pattern, size_t pattern_len, + const unsigned char *subject, size_t subject_len, unsigned int flags); + +/* Skip pattern prefix to match "wildcard" subject */ +static void skip_prefix(const unsigned char **p, size_t *plen, + const unsigned char *subject, size_t subject_len, unsigned int flags) +{ + const unsigned char *pattern = *p; + size_t pattern_len = *plen; + + /* + * If subject starts with a leading '.' followed by more octets, and + * pattern is longer, compare just an equal-length suffix with the + * full subject (starting at the '.'), provided the prefix contains + * no NULs. + */ + if ((flags & _X509_CHECK_FLAG_DOT_SUBDOMAINS) == 0) + return; + + while (pattern_len > subject_len && *pattern) { + if ((flags & X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS) && + *pattern == '.') + break; + ++pattern; + --pattern_len; + } + + /* Skip if entire prefix acceptable */ + if (pattern_len == subject_len) { + *p = pattern; + *plen = pattern_len; + } +} + +/* + * Open/BoringSSL uses memcmp for "equal_case" while their + * "equal_nocase" function is a hand-rolled strncasecmp that does not + * allow \0 in the pattern. Since an embedded \0 is likely a sign of + * problems, we simply don't allow it in either case, and then we use + * standard libc funcitons. + */ + +/* Compare using strncasecmp */ +static int equal_nocase(const unsigned char *pattern, size_t pattern_len, + const unsigned char *subject, size_t subject_len, + unsigned int flags) +{ + if (memchr(pattern, '\0', pattern_len) != NULL) + return 0; + if (memchr(subject, '\0', subject_len) != NULL) + return 0; + skip_prefix(&pattern, &pattern_len, subject, subject_len, flags); + if (pattern_len != subject_len) + return 0; + return (strncasecmp(pattern, subject, pattern_len) == 0); +} + +/* Compare using strncmp. */ +static int equal_case(const unsigned char *pattern, size_t pattern_len, + const unsigned char *subject, size_t subject_len, + unsigned int flags) +{ + if (memchr(pattern, 0, pattern_len) != NULL) + return 0; + if (memchr(subject, 0, subject_len) != NULL) + return 0; + skip_prefix(&pattern, &pattern_len, subject, subject_len, flags); + if (pattern_len != subject_len) + return 0; + return (strncmp(pattern, subject, pattern_len) == 0); +} + +/* + * RFC 5280, section 7.5, requires that only the domain is compared in a + * case-insensitive manner. + */ +static int equal_email(const unsigned char *a, size_t a_len, + const unsigned char *b, size_t b_len, + unsigned int unused_flags) +{ + size_t pos = a_len; + if (a_len != b_len) + return 0; + /* + * We search backwards for the '@' character, so that we do not have to + * deal with quoted local-parts. The domain part is compared in a + * case-insensitive manner. + */ + while (pos > 0) { + pos--; + if (a[pos] == '@' || b[pos] == '@') { + if (!equal_nocase(a + pos, a_len - pos, b + pos, a_len - pos, 0)) + return 0; + break; + } + } + if (pos == 0) + pos = a_len; + return equal_case(a, pos, b, pos, 0); +} + +/* + * Compare the prefix and suffix with the subject, and check that the + * characters in-between are valid. + */ +static int wildcard_match(const unsigned char *prefix, size_t prefix_len, + const unsigned char *suffix, size_t suffix_len, + const unsigned char *subject, size_t subject_len, unsigned int flags) +{ + const unsigned char *wildcard_start; + const unsigned char *wildcard_end; + const unsigned char *p; + int allow_multi = 0; + int allow_idna = 0; + + if (subject_len < prefix_len + suffix_len) + return 0; + if (!equal_nocase(prefix, prefix_len, subject, prefix_len, flags)) + return 0; + wildcard_start = subject + prefix_len; + wildcard_end = subject + (subject_len - suffix_len); + if (!equal_nocase(wildcard_end, suffix_len, suffix, suffix_len, flags)) + return 0; + /* + * If the wildcard makes up the entire first label, it must match at + * least one character. + */ + if (prefix_len == 0 && *suffix == '.') { + if (wildcard_start == wildcard_end) + return 0; + allow_idna = 1; + if (flags & X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS) + allow_multi = 1; + } + /* IDNA labels cannot match partial wildcards */ + if (!allow_idna && + subject_len >= 4 + && strncasecmp((char *)subject, "xn--", 4) == 0) + return 0; + /* The wildcard may match a literal '*' */ + if (wildcard_end == wildcard_start + 1 && *wildcard_start == '*') + return 1; + /* + * Check that the part matched by the wildcard contains only + * permitted characters and only matches a single label unless + * allow_multi is set. + */ + for (p = wildcard_start; p != wildcard_end; ++p) + if (!(('0' <= *p && *p <= '9') || ('A' <= *p && *p <= 'Z') || + ('a' <= *p && *p <= 'z') || *p == '-' || + (allow_multi && *p == '.'))) + return 0; + return 1; +} + +#define LABEL_START (1 << 0) +#define LABEL_END (1 << 1) +#define LABEL_HYPHEN (1 << 2) +#define LABEL_IDNA (1 << 3) + +static const unsigned char *valid_star(const unsigned char *p, size_t len, + unsigned int flags) +{ + const unsigned char *star = 0; + size_t i; + int state = LABEL_START; + int dots = 0; + for (i = 0; i < len; ++i) { + /* + * Locate first and only legal wildcard, either at the start + * or end of a non-IDNA first and not final label. + */ + if (p[i] == '*') { + int atstart = (state & LABEL_START); + int atend = (i == len - 1 || p[i + 1] == '.'); + /* + * At most one wildcard per pattern. + * No wildcards in IDNA labels. + * No wildcards after the first label. + */ + if (star != NULL || (state & LABEL_IDNA) != 0 || dots) + return NULL; + /* Only full-label '*.example.com' wildcards? */ + if ((flags & X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS) + && (!atstart || !atend)) + return NULL; + /* No 'foo*bar' wildcards */ + if (!atstart && !atend) + return NULL; + star = &p[i]; + state &= ~LABEL_START; + } else if ((state & LABEL_START) != 0) { + /* + * At the start of a label, skip any "xn--" and + * remain in the LABEL_START state, but set the + * IDNA label state + */ + if ((state & LABEL_IDNA) == 0 && len - i >= 4 + && strncasecmp((char *)&p[i], "xn--", 4) == 0) { + i += 3; + state |= LABEL_IDNA; + continue; + } + /* Labels must start with a letter or digit */ + state &= ~LABEL_START; + if (('a' <= p[i] && p[i] <= 'z') + || ('A' <= p[i] && p[i] <= 'Z') + || ('0' <= p[i] && p[i] <= '9')) + continue; + return NULL; + } else if (('a' <= p[i] && p[i] <= 'z') + || ('A' <= p[i] && p[i] <= 'Z') + || ('0' <= p[i] && p[i] <= '9')) { + state &= LABEL_IDNA; + continue; + } else if (p[i] == '.') { + if (state & (LABEL_HYPHEN | LABEL_START)) + return NULL; + state = LABEL_START; + ++dots; + } else if (p[i] == '-') { + /* no domain/subdomain starts with '-' */ + if ((state & LABEL_START) != 0) + return NULL; + state |= LABEL_HYPHEN; + } else + return NULL; + } + + /* + * The final label must not end in a hyphen or ".", and + * there must be at least two dots after the star. + */ + if ((state & (LABEL_START | LABEL_HYPHEN)) != 0 || dots < 2) + return NULL; + return star; +} + +/* Compare using wildcards. */ +static int equal_wildcard(const unsigned char *pattern, size_t pattern_len, + const unsigned char *subject, size_t subject_len, unsigned int flags) +{ + const unsigned char *star = NULL; + + /* + * Subject names starting with '.' can only match a wildcard pattern + * via a subject sub-domain pattern suffix match. + */ + if (!(subject_len > 1 && subject[0] == '.')) + star = valid_star(pattern, pattern_len, flags); + if (star == NULL) + return equal_nocase(pattern, pattern_len, + subject, subject_len, flags); + return wildcard_match(pattern, star - pattern, + star + 1, (pattern + pattern_len) - star - 1, + subject, subject_len, flags); +} + +/* + * Compare an ASN1_STRING to a supplied string. If they match return 1. If + * cmp_type > 0 only compare if string matches the type, otherwise convert it + * to UTF8. + */ + +static int +do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal, + unsigned int flags, const char *b, size_t blen, char **peername) +{ + int rv = 0; + + if (!a->data || !a->length) + return 0; + if (cmp_type > 0) { + if (cmp_type != a->type) + return 0; + if (cmp_type == V_ASN1_IA5STRING) + rv = equal(a->data, a->length, (unsigned char *)b, + blen, flags); + else if (a->length == (int)blen && !memcmp(a->data, b, blen)) + rv = 1; + if (rv > 0 && peername && + (*peername = strndup((char *)a->data, a->length)) == NULL) + rv = -1; + } else { + int astrlen; + unsigned char *astr; + astrlen = ASN1_STRING_to_UTF8(&astr, a); + if (astrlen < 0) + return -1; + rv = equal(astr, astrlen, (unsigned char *)b, blen, flags); + if (rv > 0 && peername && + (*peername = strndup((char *)astr, astrlen)) == NULL) + rv = -1; + free(astr); + } + return rv; +} + +static int do_x509_check(X509 *x, const char *chk, size_t chklen, + unsigned int flags, int check_type, char **peername) +{ + GENERAL_NAMES *gens = NULL; + X509_NAME *name = NULL; + size_t i; + int j; + int cnid = NID_undef; + int alt_type; + int san_present = 0; + int rv = 0; + equal_fn equal; + + /* See below, this flag is internal-only */ + flags &= ~_X509_CHECK_FLAG_DOT_SUBDOMAINS; + if (check_type == GEN_EMAIL) { + cnid = NID_pkcs9_emailAddress; + alt_type = V_ASN1_IA5STRING; + equal = equal_email; + } else if (check_type == GEN_DNS) { + cnid = NID_commonName; + /* Implicit client-side DNS sub-domain pattern */ + if (chklen > 1 && chk[0] == '.') + flags |= _X509_CHECK_FLAG_DOT_SUBDOMAINS; + alt_type = V_ASN1_IA5STRING; + if (flags & X509_CHECK_FLAG_NO_WILDCARDS) + equal = equal_nocase; + else + equal = equal_wildcard; + } else { + alt_type = V_ASN1_OCTET_STRING; + equal = equal_case; + } + + gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL); + if (gens != NULL) { + for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) { + GENERAL_NAME *gen; + ASN1_STRING *cstr; + gen = sk_GENERAL_NAME_value(gens, i); + if (gen->type != check_type) + continue; + san_present = 1; + if (check_type == GEN_EMAIL) + cstr = gen->d.rfc822Name; + else if (check_type == GEN_DNS) + cstr = gen->d.dNSName; + else + cstr = gen->d.iPAddress; + /* Positive on success, negative on error! */ + if ((rv = do_check_string(cstr, alt_type, equal, flags, + chk, chklen, peername)) != 0) + break; + } + GENERAL_NAMES_free(gens); + if (rv != 0) + return rv; + if (cnid == NID_undef || + (san_present && + !(flags & X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT))) + return 0; + } + + /* We're done if CN-ID is not pertinent */ + if (cnid == NID_undef) + return 0; + + j = -1; + name = X509_get_subject_name(x); + while ((j = X509_NAME_get_index_by_NID(name, cnid, j)) >= 0) { + X509_NAME_ENTRY *ne; + ASN1_STRING *str; + if ((ne = X509_NAME_get_entry(name, j)) == NULL) + return -1; + if ((str = X509_NAME_ENTRY_get_data(ne)) == NULL) + return -1; + /* Positive on success, negative on error! */ + if ((rv = do_check_string(str, -1, equal, flags, + chk, chklen, peername)) != 0) + return rv; + } + return 0; +} + +int X509_check_host(X509 *x, const char *chk, size_t chklen, + unsigned int flags, char **peername) +{ + if (chk == NULL) + return -2; + if (chklen == 0) + chklen = strlen(chk); + else if (memchr(chk, '\0', chklen)) + return -2; + return do_x509_check(x, chk, chklen, flags, GEN_DNS, peername); +} + +int X509_check_email(X509 *x, const char *chk, size_t chklen, + unsigned int flags) +{ + if (chk == NULL) + return -2; + if (chklen == 0) + chklen = strlen(chk); + else if (memchr(chk, '\0', chklen)) + return -2; + return do_x509_check(x, chk, chklen, flags, GEN_EMAIL, NULL); +} + +int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen, + unsigned int flags) +{ + if (chk == NULL) + return -2; + return do_x509_check(x, (char *)chk, chklen, flags, GEN_IPADD, NULL); +} + +int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags) +{ + unsigned char ipout[16]; + size_t iplen; + + if (ipasc == NULL) + return -2; + iplen = (size_t)a2i_ipadd(ipout, ipasc); + if (iplen == 0) + return -2; + return do_x509_check(x, (char *)ipout, iplen, flags, GEN_IPADD, NULL); +} + +/* Convert IP addresses both IPv4 and IPv6 into an + * OCTET STRING compatible with RFC3280. + */ + +ASN1_OCTET_STRING * +a2i_IPADDRESS(const char *ipasc) +{ + unsigned char ipout[16]; + ASN1_OCTET_STRING *ret; + int iplen; + + /* If string contains a ':' assume IPv6 */ + + iplen = a2i_ipadd(ipout, ipasc); + + if (!iplen) + return NULL; + + ret = ASN1_OCTET_STRING_new(); + if (!ret) + return NULL; + if (!ASN1_OCTET_STRING_set(ret, ipout, iplen)) { + ASN1_OCTET_STRING_free(ret); + return NULL; + } + return ret; +} + +ASN1_OCTET_STRING * +a2i_IPADDRESS_NC(const char *ipasc) +{ + ASN1_OCTET_STRING *ret = NULL; + unsigned char ipout[32]; + char *iptmp = NULL, *p; + int iplen1, iplen2; + + p = strchr(ipasc, '/'); + if (!p) + return NULL; + iptmp = strdup(ipasc); + if (!iptmp) + return NULL; + p = iptmp + (p - ipasc); + *p++ = 0; + + iplen1 = a2i_ipadd(ipout, iptmp); + + if (!iplen1) + goto err; + + iplen2 = a2i_ipadd(ipout + iplen1, p); + + free(iptmp); + iptmp = NULL; + + if (!iplen2 || (iplen1 != iplen2)) + goto err; + + ret = ASN1_OCTET_STRING_new(); + if (!ret) + goto err; + if (!ASN1_OCTET_STRING_set(ret, ipout, iplen1 + iplen2)) + goto err; + + return ret; + +err: + free(iptmp); + if (ret) + ASN1_OCTET_STRING_free(ret); + return NULL; +} + + +int +a2i_ipadd(unsigned char *ipout, const char *ipasc) +{ + /* If string contains a ':' assume IPv6 */ + + if (strchr(ipasc, ':')) { + if (!ipv6_from_asc(ipout, ipasc)) + return 0; + return 16; + } else { + if (!ipv4_from_asc(ipout, ipasc)) + return 0; + return 4; + } +} + +static int +ipv4_from_asc(unsigned char *v4, const char *in) +{ + int a0, a1, a2, a3; + if (sscanf(in, "%d.%d.%d.%d", &a0, &a1, &a2, &a3) != 4) + return 0; + if ((a0 < 0) || (a0 > 255) || (a1 < 0) || (a1 > 255) || + (a2 < 0) || (a2 > 255) || (a3 < 0) || (a3 > 255)) + return 0; + v4[0] = a0; + v4[1] = a1; + v4[2] = a2; + v4[3] = a3; + return 1; +} + +typedef struct { + /* Temporary store for IPV6 output */ + unsigned char tmp[16]; + /* Total number of bytes in tmp */ + int total; + /* The position of a zero (corresponding to '::') */ + int zero_pos; + /* Number of zeroes */ + int zero_cnt; +} IPV6_STAT; + + +static int +ipv6_from_asc(unsigned char *v6, const char *in) +{ + IPV6_STAT v6stat; + + v6stat.total = 0; + v6stat.zero_pos = -1; + v6stat.zero_cnt = 0; + + /* Treat the IPv6 representation as a list of values + * separated by ':'. The presence of a '::' will parse + * as one, two or three zero length elements. + */ + if (!CONF_parse_list(in, ':', 0, ipv6_cb, &v6stat)) + return 0; + + /* Now for some sanity checks */ + + if (v6stat.zero_pos == -1) { + /* If no '::' must have exactly 16 bytes */ + if (v6stat.total != 16) + return 0; + } else { + /* If '::' must have less than 16 bytes */ + if (v6stat.total == 16) + return 0; + /* More than three zeroes is an error */ + if (v6stat.zero_cnt > 3) + return 0; + /* Can only have three zeroes if nothing else present */ + else if (v6stat.zero_cnt == 3) { + if (v6stat.total > 0) + return 0; + } + /* Can only have two zeroes if at start or end */ + else if (v6stat.zero_cnt == 2) { + if ((v6stat.zero_pos != 0) && + (v6stat.zero_pos != v6stat.total)) + return 0; + } else + /* Can only have one zero if *not* start or end */ + { + if ((v6stat.zero_pos == 0) || + (v6stat.zero_pos == v6stat.total)) + return 0; + } + } + + /* Format result */ + + if (v6stat.zero_pos >= 0) { + /* Copy initial part */ + memcpy(v6, v6stat.tmp, v6stat.zero_pos); + /* Zero middle */ + memset(v6 + v6stat.zero_pos, 0, 16 - v6stat.total); + /* Copy final part */ + if (v6stat.total != v6stat.zero_pos) + memcpy(v6 + v6stat.zero_pos + 16 - v6stat.total, + v6stat.tmp + v6stat.zero_pos, + v6stat.total - v6stat.zero_pos); + } else + memcpy(v6, v6stat.tmp, 16); + + return 1; +} + +static int +ipv6_cb(const char *elem, int len, void *usr) +{ + IPV6_STAT *s = usr; + + /* Error if 16 bytes written */ + if (s->total == 16) + return 0; + if (len == 0) { + /* Zero length element, corresponds to '::' */ + if (s->zero_pos == -1) + s->zero_pos = s->total; + /* If we've already got a :: its an error */ + else if (s->zero_pos != s->total) + return 0; + s->zero_cnt++; + } else { + /* If more than 4 characters could be final a.b.c.d form */ + if (len > 4) { + /* Need at least 4 bytes left */ + if (s->total > 12) + return 0; + /* Must be end of string */ + if (elem[len]) + return 0; + if (!ipv4_from_asc(s->tmp + s->total, elem)) + return 0; + s->total += 4; + } else { + if (!ipv6_hex(s->tmp + s->total, elem, len)) + return 0; + s->total += 2; + } + } + return 1; +} + +/* Convert a string of up to 4 hex digits into the corresponding + * IPv6 form. + */ + +static int +ipv6_hex(unsigned char *out, const char *in, int inlen) { - sk_pop_free(sk, str_free); + unsigned char c; + unsigned int num = 0; + + if (inlen > 4) + return 0; + while (inlen--) { + c = *in++; + num <<= 4; + if ((c >= '0') && (c <= '9')) + num |= c - '0'; + else if ((c >= 'A') && (c <= 'F')) + num |= c - 'A' + 10; + else if ((c >= 'a') && (c <= 'f')) + num |= c - 'a' + 10; + else + return 0; + } + out[0] = num >> 8; + out[1] = num & 0xff; + return 1; +} + +int +X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk, + unsigned long chtype) +{ + CONF_VALUE *v; + int i, mval; + char *p, *type; + + if (!nm) + return 0; + + for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++) { + v = sk_CONF_VALUE_value(dn_sk, i); + type = v->name; + /* Skip past any leading X. X: X, etc to allow for + * multiple instances + */ + for (p = type; *p; p++) + if ((*p == ':') || (*p == ',') || (*p == '.')) { + p++; + if (*p) + type = p; + break; + } + if (*type == '+') { + mval = -1; + type++; + } else + mval = 0; + if (!X509_NAME_add_entry_by_txt(nm, type, chtype, + (unsigned char *) v->value, -1, -1, mval)) + return 0; + } + return 1; } diff --git a/src/lib/libcrypto/x509v3/v3conf.c b/src/lib/libcrypto/x509v3/v3conf.c deleted file mode 100644 index 67ee14f3348..00000000000 --- a/src/lib/libcrypto/x509v3/v3conf.c +++ /dev/null @@ -1,127 +0,0 @@ -/* v3conf.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 1999. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - - -#include -#include "cryptlib.h" -#include -#include -#include -#include - -/* Test application to add extensions from a config file */ - -int main(int argc, char **argv) -{ - LHASH *conf; - X509 *cert; - FILE *inf; - char *conf_file; - int i; - int count; - X509_EXTENSION *ext; - X509V3_add_standard_extensions(); - ERR_load_crypto_strings(); - if(!argv[1]) { - fprintf(stderr, "Usage: v3conf cert.pem [file.cnf]\n"); - exit(1); - } - conf_file = argv[2]; - if(!conf_file) conf_file = "test.cnf"; - conf = CONF_load(NULL, "test.cnf", NULL); - if(!conf) { - fprintf(stderr, "Error opening Config file %s\n", conf_file); - ERR_print_errors_fp(stderr); - exit(1); - } - - inf = fopen(argv[1], "r"); - if(!inf) { - fprintf(stderr, "Can't open certificate file %s\n", argv[1]); - exit(1); - } - cert = PEM_read_X509(inf, NULL, NULL); - if(!cert) { - fprintf(stderr, "Error reading certificate file %s\n", argv[1]); - exit(1); - } - fclose(inf); - - sk_pop_free(cert->cert_info->extensions, X509_EXTENSION_free); - cert->cert_info->extensions = NULL; - - if(!X509V3_EXT_add_conf(conf, NULL, "test_section", cert)) { - fprintf(stderr, "Error adding extensions\n"); - ERR_print_errors_fp(stderr); - exit(1); - } - - count = X509_get_ext_count(cert); - printf("%d extensions\n", count); - for(i = 0; i < count; i++) { - ext = X509_get_ext(cert, i); - printf("%s", OBJ_nid2ln(OBJ_obj2nid(ext->object))); - if(ext->critical) printf(",critical:\n"); - else printf(":\n"); - X509V3_EXT_print_fp(stdout, ext, 0); - printf("\n"); - - } - return 0; -} - diff --git a/src/lib/libcrypto/x509v3/v3err.c b/src/lib/libcrypto/x509v3/v3err.c index 6458e95bb91..a49632a0698 100644 --- a/src/lib/libcrypto/x509v3/v3err.c +++ b/src/lib/libcrypto/x509v3/v3err.c @@ -1,13 +1,13 @@ -/* crypto/x509v3/v3err.c */ +/* $OpenBSD: v3err.c,v 1.11 2014/07/10 22:45:58 jsing Exp $ */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -59,123 +59,168 @@ */ #include + +#include + #include #include /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -static ERR_STRING_DATA X509V3_str_functs[]= - { -{ERR_PACK(0,X509V3_F_COPY_EMAIL,0), "COPY_EMAIL"}, -{ERR_PACK(0,X509V3_F_COPY_ISSUER,0), "COPY_ISSUER"}, -{ERR_PACK(0,X509V3_F_DO_EXT_CONF,0), "DO_EXT_CONF"}, -{ERR_PACK(0,X509V3_F_DO_EXT_I2D,0), "DO_EXT_I2D"}, -{ERR_PACK(0,X509V3_F_HEX_TO_STRING,0), "hex_to_string"}, -{ERR_PACK(0,X509V3_F_I2S_ASN1_ENUMERATED,0), "i2s_ASN1_ENUMERATED"}, -{ERR_PACK(0,X509V3_F_I2S_ASN1_INTEGER,0), "i2s_ASN1_INTEGER"}, -{ERR_PACK(0,X509V3_F_I2V_AUTHORITY_INFO_ACCESS,0), "I2V_AUTHORITY_INFO_ACCESS"}, -{ERR_PACK(0,X509V3_F_NOTICE_SECTION,0), "NOTICE_SECTION"}, -{ERR_PACK(0,X509V3_F_NREF_NOS,0), "NREF_NOS"}, -{ERR_PACK(0,X509V3_F_POLICY_SECTION,0), "POLICY_SECTION"}, -{ERR_PACK(0,X509V3_F_R2I_CERTPOL,0), "R2I_CERTPOL"}, -{ERR_PACK(0,X509V3_F_S2I_ASN1_IA5STRING,0), "S2I_ASN1_IA5STRING"}, -{ERR_PACK(0,X509V3_F_S2I_ASN1_INTEGER,0), "s2i_ASN1_INTEGER"}, -{ERR_PACK(0,X509V3_F_S2I_ASN1_OCTET_STRING,0), "s2i_ASN1_OCTET_STRING"}, -{ERR_PACK(0,X509V3_F_S2I_ASN1_SKEY_ID,0), "S2I_ASN1_SKEY_ID"}, -{ERR_PACK(0,X509V3_F_S2I_S2I_SKEY_ID,0), "S2I_S2I_SKEY_ID"}, -{ERR_PACK(0,X509V3_F_STRING_TO_HEX,0), "string_to_hex"}, -{ERR_PACK(0,X509V3_F_SXNET_ADD_ASC,0), "SXNET_ADD_ASC"}, -{ERR_PACK(0,X509V3_F_SXNET_ADD_ID_INTEGER,0), "SXNET_add_id_INTEGER"}, -{ERR_PACK(0,X509V3_F_SXNET_ADD_ID_ULONG,0), "SXNET_add_id_ulong"}, -{ERR_PACK(0,X509V3_F_SXNET_GET_ID_ASC,0), "SXNET_get_id_asc"}, -{ERR_PACK(0,X509V3_F_SXNET_GET_ID_ULONG,0), "SXNET_get_id_ulong"}, -{ERR_PACK(0,X509V3_F_V2I_ACCESS_DESCRIPTION,0), "V2I_ACCESS_DESCRIPTION"}, -{ERR_PACK(0,X509V3_F_V2I_ASN1_BIT_STRING,0), "V2I_ASN1_BIT_STRING"}, -{ERR_PACK(0,X509V3_F_V2I_AUTHORITY_KEYID,0), "V2I_AUTHORITY_KEYID"}, -{ERR_PACK(0,X509V3_F_V2I_BASIC_CONSTRAINTS,0), "V2I_BASIC_CONSTRAINTS"}, -{ERR_PACK(0,X509V3_F_V2I_CRLD,0), "V2I_CRLD"}, -{ERR_PACK(0,X509V3_F_V2I_EXT_KU,0), "V2I_EXT_KU"}, -{ERR_PACK(0,X509V3_F_V2I_GENERAL_NAME,0), "v2i_GENERAL_NAME"}, -{ERR_PACK(0,X509V3_F_V2I_GENERAL_NAMES,0), "v2i_GENERAL_NAMES"}, -{ERR_PACK(0,X509V3_F_V3_GENERIC_EXTENSION,0), "V3_GENERIC_EXTENSION"}, -{ERR_PACK(0,X509V3_F_X509V3_ADD_I2D,0), "X509V3_ADD_I2D"}, -{ERR_PACK(0,X509V3_F_X509V3_ADD_VALUE,0), "X509V3_add_value"}, -{ERR_PACK(0,X509V3_F_X509V3_EXT_ADD,0), "X509V3_EXT_add"}, -{ERR_PACK(0,X509V3_F_X509V3_EXT_ADD_ALIAS,0), "X509V3_EXT_add_alias"}, -{ERR_PACK(0,X509V3_F_X509V3_EXT_CONF,0), "X509V3_EXT_conf"}, -{ERR_PACK(0,X509V3_F_X509V3_EXT_I2D,0), "X509V3_EXT_i2d"}, -{ERR_PACK(0,X509V3_F_X509V3_GET_VALUE_BOOL,0), "X509V3_get_value_bool"}, -{ERR_PACK(0,X509V3_F_X509V3_PARSE_LIST,0), "X509V3_parse_list"}, -{ERR_PACK(0,X509V3_F_X509_PURPOSE_ADD,0), "X509_PURPOSE_add"}, -{ERR_PACK(0,X509V3_F_X509_PURPOSE_SET,0), "X509_PURPOSE_set"}, -{0,NULL} - }; -static ERR_STRING_DATA X509V3_str_reasons[]= - { -{X509V3_R_BAD_IP_ADDRESS ,"bad ip address"}, -{X509V3_R_BAD_OBJECT ,"bad object"}, -{X509V3_R_BN_DEC2BN_ERROR ,"bn dec2bn error"}, -{X509V3_R_BN_TO_ASN1_INTEGER_ERROR ,"bn to asn1 integer error"}, -{X509V3_R_DUPLICATE_ZONE_ID ,"duplicate zone id"}, -{X509V3_R_ERROR_CONVERTING_ZONE ,"error converting zone"}, -{X509V3_R_ERROR_CREATING_EXTENSION ,"error creating extension"}, -{X509V3_R_ERROR_IN_EXTENSION ,"error in extension"}, -{X509V3_R_EXPECTED_A_SECTION_NAME ,"expected a section name"}, -{X509V3_R_EXTENSION_EXISTS ,"extension exists"}, -{X509V3_R_EXTENSION_NAME_ERROR ,"extension name error"}, -{X509V3_R_EXTENSION_NOT_FOUND ,"extension not found"}, -{X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED,"extension setting not supported"}, -{X509V3_R_EXTENSION_VALUE_ERROR ,"extension value error"}, -{X509V3_R_ILLEGAL_HEX_DIGIT ,"illegal hex digit"}, -{X509V3_R_INVALID_BOOLEAN_STRING ,"invalid boolean string"}, -{X509V3_R_INVALID_EXTENSION_STRING ,"invalid extension string"}, -{X509V3_R_INVALID_NAME ,"invalid name"}, -{X509V3_R_INVALID_NULL_ARGUMENT ,"invalid null argument"}, -{X509V3_R_INVALID_NULL_NAME ,"invalid null name"}, -{X509V3_R_INVALID_NULL_VALUE ,"invalid null value"}, -{X509V3_R_INVALID_NUMBER ,"invalid number"}, -{X509V3_R_INVALID_NUMBERS ,"invalid numbers"}, -{X509V3_R_INVALID_OBJECT_IDENTIFIER ,"invalid object identifier"}, -{X509V3_R_INVALID_OPTION ,"invalid option"}, -{X509V3_R_INVALID_POLICY_IDENTIFIER ,"invalid policy identifier"}, -{X509V3_R_INVALID_PURPOSE ,"invalid purpose"}, -{X509V3_R_INVALID_SECTION ,"invalid section"}, -{X509V3_R_INVALID_SYNTAX ,"invalid syntax"}, -{X509V3_R_ISSUER_DECODE_ERROR ,"issuer decode error"}, -{X509V3_R_MISSING_VALUE ,"missing value"}, -{X509V3_R_NEED_ORGANIZATION_AND_NUMBERS ,"need organization and numbers"}, -{X509V3_R_NO_CONFIG_DATABASE ,"no config database"}, -{X509V3_R_NO_ISSUER_CERTIFICATE ,"no issuer certificate"}, -{X509V3_R_NO_ISSUER_DETAILS ,"no issuer details"}, -{X509V3_R_NO_POLICY_IDENTIFIER ,"no policy identifier"}, -{X509V3_R_NO_PUBLIC_KEY ,"no public key"}, -{X509V3_R_NO_SUBJECT_DETAILS ,"no subject details"}, -{X509V3_R_ODD_NUMBER_OF_DIGITS ,"odd number of digits"}, -{X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS ,"unable to get issuer details"}, -{X509V3_R_UNABLE_TO_GET_ISSUER_KEYID ,"unable to get issuer keyid"}, -{X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT ,"unknown bit string argument"}, -{X509V3_R_UNKNOWN_EXTENSION ,"unknown extension"}, -{X509V3_R_UNKNOWN_EXTENSION_NAME ,"unknown extension name"}, -{X509V3_R_UNKNOWN_OPTION ,"unknown option"}, -{X509V3_R_UNSUPPORTED_OPTION ,"unsupported option"}, -{X509V3_R_USER_TOO_LONG ,"user too long"}, -{0,NULL} - }; +#define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509V3,func,0) +#define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509V3,0,reason) -#endif +static ERR_STRING_DATA X509V3_str_functs[] = { + {ERR_FUNC(X509V3_F_A2I_GENERAL_NAME), "A2I_GENERAL_NAME"}, + {ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE), "ASIDENTIFIERCHOICE_CANONIZE"}, + {ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL), "ASIDENTIFIERCHOICE_IS_CANONICAL"}, + {ERR_FUNC(X509V3_F_COPY_EMAIL), "COPY_EMAIL"}, + {ERR_FUNC(X509V3_F_COPY_ISSUER), "COPY_ISSUER"}, + {ERR_FUNC(X509V3_F_DO_DIRNAME), "DO_DIRNAME"}, + {ERR_FUNC(X509V3_F_DO_EXT_CONF), "DO_EXT_CONF"}, + {ERR_FUNC(X509V3_F_DO_EXT_I2D), "DO_EXT_I2D"}, + {ERR_FUNC(X509V3_F_DO_EXT_NCONF), "DO_EXT_NCONF"}, + {ERR_FUNC(X509V3_F_DO_I2V_NAME_CONSTRAINTS), "DO_I2V_NAME_CONSTRAINTS"}, + {ERR_FUNC(X509V3_F_GNAMES_FROM_SECTNAME), "GNAMES_FROM_SECTNAME"}, + {ERR_FUNC(X509V3_F_HEX_TO_STRING), "hex_to_string"}, + {ERR_FUNC(X509V3_F_I2S_ASN1_ENUMERATED), "i2s_ASN1_ENUMERATED"}, + {ERR_FUNC(X509V3_F_I2S_ASN1_IA5STRING), "I2S_ASN1_IA5STRING"}, + {ERR_FUNC(X509V3_F_I2S_ASN1_INTEGER), "i2s_ASN1_INTEGER"}, + {ERR_FUNC(X509V3_F_I2V_AUTHORITY_INFO_ACCESS), "I2V_AUTHORITY_INFO_ACCESS"}, + {ERR_FUNC(X509V3_F_NOTICE_SECTION), "NOTICE_SECTION"}, + {ERR_FUNC(X509V3_F_NREF_NOS), "NREF_NOS"}, + {ERR_FUNC(X509V3_F_POLICY_SECTION), "POLICY_SECTION"}, + {ERR_FUNC(X509V3_F_PROCESS_PCI_VALUE), "PROCESS_PCI_VALUE"}, + {ERR_FUNC(X509V3_F_R2I_CERTPOL), "R2I_CERTPOL"}, + {ERR_FUNC(X509V3_F_R2I_PCI), "R2I_PCI"}, + {ERR_FUNC(X509V3_F_S2I_ASN1_IA5STRING), "S2I_ASN1_IA5STRING"}, + {ERR_FUNC(X509V3_F_S2I_ASN1_INTEGER), "s2i_ASN1_INTEGER"}, + {ERR_FUNC(X509V3_F_S2I_ASN1_OCTET_STRING), "s2i_ASN1_OCTET_STRING"}, + {ERR_FUNC(X509V3_F_S2I_ASN1_SKEY_ID), "S2I_ASN1_SKEY_ID"}, + {ERR_FUNC(X509V3_F_S2I_SKEY_ID), "S2I_SKEY_ID"}, + {ERR_FUNC(X509V3_F_SET_DIST_POINT_NAME), "SET_DIST_POINT_NAME"}, + {ERR_FUNC(X509V3_F_STRING_TO_HEX), "string_to_hex"}, + {ERR_FUNC(X509V3_F_SXNET_ADD_ID_ASC), "SXNET_add_id_asc"}, + {ERR_FUNC(X509V3_F_SXNET_ADD_ID_INTEGER), "SXNET_add_id_INTEGER"}, + {ERR_FUNC(X509V3_F_SXNET_ADD_ID_ULONG), "SXNET_add_id_ulong"}, + {ERR_FUNC(X509V3_F_SXNET_GET_ID_ASC), "SXNET_get_id_asc"}, + {ERR_FUNC(X509V3_F_SXNET_GET_ID_ULONG), "SXNET_get_id_ulong"}, + {ERR_FUNC(X509V3_F_V2I_ASIDENTIFIERS), "V2I_ASIDENTIFIERS"}, + {ERR_FUNC(X509V3_F_V2I_ASN1_BIT_STRING), "v2i_ASN1_BIT_STRING"}, + {ERR_FUNC(X509V3_F_V2I_AUTHORITY_INFO_ACCESS), "V2I_AUTHORITY_INFO_ACCESS"}, + {ERR_FUNC(X509V3_F_V2I_AUTHORITY_KEYID), "V2I_AUTHORITY_KEYID"}, + {ERR_FUNC(X509V3_F_V2I_BASIC_CONSTRAINTS), "V2I_BASIC_CONSTRAINTS"}, + {ERR_FUNC(X509V3_F_V2I_CRLD), "V2I_CRLD"}, + {ERR_FUNC(X509V3_F_V2I_EXTENDED_KEY_USAGE), "V2I_EXTENDED_KEY_USAGE"}, + {ERR_FUNC(X509V3_F_V2I_GENERAL_NAMES), "v2i_GENERAL_NAMES"}, + {ERR_FUNC(X509V3_F_V2I_GENERAL_NAME_EX), "v2i_GENERAL_NAME_ex"}, + {ERR_FUNC(X509V3_F_V2I_IDP), "V2I_IDP"}, + {ERR_FUNC(X509V3_F_V2I_IPADDRBLOCKS), "V2I_IPADDRBLOCKS"}, + {ERR_FUNC(X509V3_F_V2I_ISSUER_ALT), "V2I_ISSUER_ALT"}, + {ERR_FUNC(X509V3_F_V2I_NAME_CONSTRAINTS), "V2I_NAME_CONSTRAINTS"}, + {ERR_FUNC(X509V3_F_V2I_POLICY_CONSTRAINTS), "V2I_POLICY_CONSTRAINTS"}, + {ERR_FUNC(X509V3_F_V2I_POLICY_MAPPINGS), "V2I_POLICY_MAPPINGS"}, + {ERR_FUNC(X509V3_F_V2I_SUBJECT_ALT), "V2I_SUBJECT_ALT"}, + {ERR_FUNC(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL), "V3_ADDR_VALIDATE_PATH_INTERNAL"}, + {ERR_FUNC(X509V3_F_V3_GENERIC_EXTENSION), "V3_GENERIC_EXTENSION"}, + {ERR_FUNC(X509V3_F_X509V3_ADD1_I2D), "X509V3_add1_i2d"}, + {ERR_FUNC(X509V3_F_X509V3_ADD_VALUE), "X509V3_add_value"}, + {ERR_FUNC(X509V3_F_X509V3_EXT_ADD), "X509V3_EXT_add"}, + {ERR_FUNC(X509V3_F_X509V3_EXT_ADD_ALIAS), "X509V3_EXT_add_alias"}, + {ERR_FUNC(X509V3_F_X509V3_EXT_CONF), "X509V3_EXT_conf"}, + {ERR_FUNC(X509V3_F_X509V3_EXT_I2D), "X509V3_EXT_i2d"}, + {ERR_FUNC(X509V3_F_X509V3_EXT_NCONF), "X509V3_EXT_nconf"}, + {ERR_FUNC(X509V3_F_X509V3_GET_SECTION), "X509V3_get_section"}, + {ERR_FUNC(X509V3_F_X509V3_GET_STRING), "X509V3_get_string"}, + {ERR_FUNC(X509V3_F_X509V3_GET_VALUE_BOOL), "X509V3_get_value_bool"}, + {ERR_FUNC(X509V3_F_X509V3_PARSE_LIST), "X509V3_parse_list"}, + {ERR_FUNC(X509V3_F_X509_PURPOSE_ADD), "X509_PURPOSE_add"}, + {ERR_FUNC(X509V3_F_X509_PURPOSE_SET), "X509_PURPOSE_set"}, + {0, NULL} +}; -void ERR_load_X509V3_strings(void) - { - static int init=1; +static ERR_STRING_DATA X509V3_str_reasons[] = { + {ERR_REASON(X509V3_R_BAD_IP_ADDRESS) , "bad ip address"}, + {ERR_REASON(X509V3_R_BAD_OBJECT) , "bad object"}, + {ERR_REASON(X509V3_R_BN_DEC2BN_ERROR) , "bn dec2bn error"}, + {ERR_REASON(X509V3_R_BN_TO_ASN1_INTEGER_ERROR), "bn to asn1 integer error"}, + {ERR_REASON(X509V3_R_DIRNAME_ERROR) , "dirname error"}, + {ERR_REASON(X509V3_R_DISTPOINT_ALREADY_SET), "distpoint already set"}, + {ERR_REASON(X509V3_R_DUPLICATE_ZONE_ID) , "duplicate zone id"}, + {ERR_REASON(X509V3_R_ERROR_CONVERTING_ZONE), "error converting zone"}, + {ERR_REASON(X509V3_R_ERROR_CREATING_EXTENSION), "error creating extension"}, + {ERR_REASON(X509V3_R_ERROR_IN_EXTENSION) , "error in extension"}, + {ERR_REASON(X509V3_R_EXPECTED_A_SECTION_NAME), "expected a section name"}, + {ERR_REASON(X509V3_R_EXTENSION_EXISTS) , "extension exists"}, + {ERR_REASON(X509V3_R_EXTENSION_NAME_ERROR), "extension name error"}, + {ERR_REASON(X509V3_R_EXTENSION_NOT_FOUND), "extension not found"}, + {ERR_REASON(X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED), "extension setting not supported"}, + {ERR_REASON(X509V3_R_EXTENSION_VALUE_ERROR), "extension value error"}, + {ERR_REASON(X509V3_R_ILLEGAL_EMPTY_EXTENSION), "illegal empty extension"}, + {ERR_REASON(X509V3_R_ILLEGAL_HEX_DIGIT) , "illegal hex digit"}, + {ERR_REASON(X509V3_R_INCORRECT_POLICY_SYNTAX_TAG), "incorrect policy syntax tag"}, + {ERR_REASON(X509V3_R_INVALID_MULTIPLE_RDNS), "invalid multiple rdns"}, + {ERR_REASON(X509V3_R_INVALID_ASNUMBER) , "invalid asnumber"}, + {ERR_REASON(X509V3_R_INVALID_ASRANGE) , "invalid asrange"}, + {ERR_REASON(X509V3_R_INVALID_BOOLEAN_STRING), "invalid boolean string"}, + {ERR_REASON(X509V3_R_INVALID_EXTENSION_STRING), "invalid extension string"}, + {ERR_REASON(X509V3_R_INVALID_INHERITANCE), "invalid inheritance"}, + {ERR_REASON(X509V3_R_INVALID_IPADDRESS) , "invalid ipaddress"}, + {ERR_REASON(X509V3_R_INVALID_NAME) , "invalid name"}, + {ERR_REASON(X509V3_R_INVALID_NULL_ARGUMENT), "invalid null argument"}, + {ERR_REASON(X509V3_R_INVALID_NULL_NAME) , "invalid null name"}, + {ERR_REASON(X509V3_R_INVALID_NULL_VALUE) , "invalid null value"}, + {ERR_REASON(X509V3_R_INVALID_NUMBER) , "invalid number"}, + {ERR_REASON(X509V3_R_INVALID_NUMBERS) , "invalid numbers"}, + {ERR_REASON(X509V3_R_INVALID_OBJECT_IDENTIFIER), "invalid object identifier"}, + {ERR_REASON(X509V3_R_INVALID_OPTION) , "invalid option"}, + {ERR_REASON(X509V3_R_INVALID_POLICY_IDENTIFIER), "invalid policy identifier"}, + {ERR_REASON(X509V3_R_INVALID_PROXY_POLICY_SETTING), "invalid proxy policy setting"}, + {ERR_REASON(X509V3_R_INVALID_PURPOSE) , "invalid purpose"}, + {ERR_REASON(X509V3_R_INVALID_SAFI) , "invalid safi"}, + {ERR_REASON(X509V3_R_INVALID_SECTION) , "invalid section"}, + {ERR_REASON(X509V3_R_INVALID_SYNTAX) , "invalid syntax"}, + {ERR_REASON(X509V3_R_ISSUER_DECODE_ERROR), "issuer decode error"}, + {ERR_REASON(X509V3_R_MISSING_VALUE) , "missing value"}, + {ERR_REASON(X509V3_R_NEED_ORGANIZATION_AND_NUMBERS), "need organization and numbers"}, + {ERR_REASON(X509V3_R_NO_CONFIG_DATABASE) , "no config database"}, + {ERR_REASON(X509V3_R_NO_ISSUER_CERTIFICATE), "no issuer certificate"}, + {ERR_REASON(X509V3_R_NO_ISSUER_DETAILS) , "no issuer details"}, + {ERR_REASON(X509V3_R_NO_POLICY_IDENTIFIER), "no policy identifier"}, + {ERR_REASON(X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED), "no proxy cert policy language defined"}, + {ERR_REASON(X509V3_R_NO_PUBLIC_KEY) , "no public key"}, + {ERR_REASON(X509V3_R_NO_SUBJECT_DETAILS) , "no subject details"}, + {ERR_REASON(X509V3_R_ODD_NUMBER_OF_DIGITS), "odd number of digits"}, + {ERR_REASON(X509V3_R_OPERATION_NOT_DEFINED), "operation not defined"}, + {ERR_REASON(X509V3_R_OTHERNAME_ERROR) , "othername error"}, + {ERR_REASON(X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED), "policy language already defined"}, + {ERR_REASON(X509V3_R_POLICY_PATH_LENGTH) , "policy path length"}, + {ERR_REASON(X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED), "policy path length already defined"}, + {ERR_REASON(X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED), "policy syntax not currently supported"}, + {ERR_REASON(X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY), "policy when proxy language requires no policy"}, + {ERR_REASON(X509V3_R_SECTION_NOT_FOUND) , "section not found"}, + {ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS), "unable to get issuer details"}, + {ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_KEYID), "unable to get issuer keyid"}, + {ERR_REASON(X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT), "unknown bit string argument"}, + {ERR_REASON(X509V3_R_UNKNOWN_EXTENSION) , "unknown extension"}, + {ERR_REASON(X509V3_R_UNKNOWN_EXTENSION_NAME), "unknown extension name"}, + {ERR_REASON(X509V3_R_UNKNOWN_OPTION) , "unknown option"}, + {ERR_REASON(X509V3_R_UNSUPPORTED_OPTION) , "unsupported option"}, + {ERR_REASON(X509V3_R_UNSUPPORTED_TYPE) , "unsupported type"}, + {ERR_REASON(X509V3_R_USER_TOO_LONG) , "user too long"}, + {0, NULL} +}; - if (init) - { - init=0; -#ifndef OPENSSL_NO_ERR - ERR_load_strings(ERR_LIB_X509V3,X509V3_str_functs); - ERR_load_strings(ERR_LIB_X509V3,X509V3_str_reasons); #endif - } +void +ERR_load_X509V3_strings(void) +{ +#ifndef OPENSSL_NO_ERR + if (ERR_func_error_string(X509V3_str_functs[0].error) == NULL) { + ERR_load_strings(0, X509V3_str_functs); + ERR_load_strings(0, X509V3_str_reasons); } +#endif +} diff --git a/src/lib/libcrypto/x509v3/v3prin.c b/src/lib/libcrypto/x509v3/v3prin.c deleted file mode 100644 index b529814319b..00000000000 --- a/src/lib/libcrypto/x509v3/v3prin.c +++ /dev/null @@ -1,99 +0,0 @@ -/* v3prin.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 1999. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - - - -#include -#include -#include -#include -#include - -int main(int argc, char **argv) -{ - X509 *cert; - FILE *inf; - int i, count; - X509_EXTENSION *ext; - X509V3_add_standard_extensions(); - ERR_load_crypto_strings(); - if(!argv[1]) { - fprintf(stderr, "Usage v3prin cert.pem\n"); - exit(1); - } - if(!(inf = fopen(argv[1], "r"))) { - fprintf(stderr, "Can't open %s\n", argv[1]); - exit(1); - } - if(!(cert = PEM_read_X509(inf, NULL, NULL))) { - fprintf(stderr, "Can't read certificate %s\n", argv[1]); - ERR_print_errors_fp(stderr); - exit(1); - } - fclose(inf); - count = X509_get_ext_count(cert); - printf("%d extensions\n", count); - for(i = 0; i < count; i++) { - ext = X509_get_ext(cert, i); - printf("%s\n", OBJ_nid2ln(OBJ_obj2nid(ext->object))); - if(!X509V3_EXT_print_fp(stdout, ext, 0, 0)) ERR_print_errors_fp(stderr); - printf("\n"); - - } - return 0; -} diff --git a/src/lib/libcrypto/x509v3/x509v3.h b/src/lib/libcrypto/x509v3/x509v3.h index daecc55271e..5d6c5887308 100644 --- a/src/lib/libcrypto/x509v3/x509v3.h +++ b/src/lib/libcrypto/x509v3/x509v3.h @@ -1,9 +1,9 @@ -/* x509v3.h */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* $OpenBSD: x509v3.h,v 1.30 2018/05/19 10:50:08 tb Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -58,6 +58,8 @@ #ifndef HEADER_X509V3_H #define HEADER_X509V3_H +#include + #include #include #include @@ -74,14 +76,21 @@ struct v3_ext_ctx; typedef void * (*X509V3_EXT_NEW)(void); typedef void (*X509V3_EXT_FREE)(void *); -typedef void * (*X509V3_EXT_D2I)(void *, unsigned char ** , long); +typedef void * (*X509V3_EXT_D2I)(void *, const unsigned char ** , long); typedef int (*X509V3_EXT_I2D)(void *, unsigned char **); -typedef STACK_OF(CONF_VALUE) * (*X509V3_EXT_I2V)(struct v3_ext_method *method, void *ext, STACK_OF(CONF_VALUE) *extlist); -typedef void * (*X509V3_EXT_V2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, STACK_OF(CONF_VALUE) *values); -typedef char * (*X509V3_EXT_I2S)(struct v3_ext_method *method, void *ext); -typedef void * (*X509V3_EXT_S2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str); -typedef int (*X509V3_EXT_I2R)(struct v3_ext_method *method, void *ext, BIO *out, int indent); -typedef void * (*X509V3_EXT_R2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str); +typedef STACK_OF(CONF_VALUE) * + (*X509V3_EXT_I2V)(const struct v3_ext_method *method, void *ext, + STACK_OF(CONF_VALUE) *extlist); +typedef void * (*X509V3_EXT_V2I)(const struct v3_ext_method *method, + struct v3_ext_ctx *ctx, + STACK_OF(CONF_VALUE) *values); +typedef char * (*X509V3_EXT_I2S)(const struct v3_ext_method *method, void *ext); +typedef void * (*X509V3_EXT_S2I)(const struct v3_ext_method *method, + struct v3_ext_ctx *ctx, const char *str); +typedef int (*X509V3_EXT_I2R)(const struct v3_ext_method *method, void *ext, + BIO *out, int indent); +typedef void * (*X509V3_EXT_R2I)(const struct v3_ext_method *method, + struct v3_ext_ctx *ctx, const char *str); /* V3 extension structure */ @@ -112,9 +121,9 @@ void *usr_data; /* Any extension specific data */ }; typedef struct X509V3_CONF_METHOD_st { -char * (*get_string)(void *db, char *section, char *value); -STACK_OF(CONF_VALUE) * (*get_section)(void *db, char *section); -void (*free_string)(void *db, char * string); +char *(*get_string)(void *db, const char *section, const char *value); +STACK_OF(CONF_VALUE) *(*get_section)(void *db, const char *section); +void (*free_string)(void *db, char *string); void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section); } X509V3_CONF_METHOD; @@ -132,7 +141,6 @@ void *db; }; typedef struct v3_ext_method X509V3_EXT_METHOD; -typedef struct v3_ext_ctx X509V3_CTX; DECLARE_STACK_OF(X509V3_EXT_METHOD) @@ -210,10 +218,8 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE; DECLARE_STACK_OF(GENERAL_NAME) -DECLARE_ASN1_SET_OF(GENERAL_NAME) DECLARE_STACK_OF(ACCESS_DESCRIPTION) -DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION) typedef struct DIST_POINT_NAME_st { int type; @@ -221,24 +227,40 @@ union { GENERAL_NAMES *fullname; STACK_OF(X509_NAME_ENTRY) *relativename; } name; +/* If relativename then this contains the full distribution point name */ +X509_NAME *dpname; } DIST_POINT_NAME; - -typedef struct DIST_POINT_st { +/* All existing reasons */ +#define CRLDP_ALL_REASONS 0x807f + +#define CRL_REASON_NONE -1 +#define CRL_REASON_UNSPECIFIED 0 +#define CRL_REASON_KEY_COMPROMISE 1 +#define CRL_REASON_CA_COMPROMISE 2 +#define CRL_REASON_AFFILIATION_CHANGED 3 +#define CRL_REASON_SUPERSEDED 4 +#define CRL_REASON_CESSATION_OF_OPERATION 5 +#define CRL_REASON_CERTIFICATE_HOLD 6 +#define CRL_REASON_REMOVE_FROM_CRL 8 +#define CRL_REASON_PRIVILEGE_WITHDRAWN 9 +#define CRL_REASON_AA_COMPROMISE 10 + +struct DIST_POINT_st { DIST_POINT_NAME *distpoint; ASN1_BIT_STRING *reasons; GENERAL_NAMES *CRLissuer; -} DIST_POINT; +int dp_reasons; +}; typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS; DECLARE_STACK_OF(DIST_POINT) -DECLARE_ASN1_SET_OF(DIST_POINT) -typedef struct AUTHORITY_KEYID_st { +struct AUTHORITY_KEYID_st { ASN1_OCTET_STRING *keyid; GENERAL_NAMES *issuer; ASN1_INTEGER *serial; -} AUTHORITY_KEYID; +}; /* Strong extranet structures */ @@ -248,7 +270,6 @@ typedef struct SXNET_ID_st { } SXNETID; DECLARE_STACK_OF(SXNETID) -DECLARE_ASN1_SET_OF(SXNETID) typedef struct SXNET_st { ASN1_INTEGER *version; @@ -275,7 +296,6 @@ typedef struct POLICYQUALINFO_st { } POLICYQUALINFO; DECLARE_STACK_OF(POLICYQUALINFO) -DECLARE_ASN1_SET_OF(POLICYQUALINFO) typedef struct POLICYINFO_st { ASN1_OBJECT *policyid; @@ -285,16 +305,93 @@ typedef struct POLICYINFO_st { typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES; DECLARE_STACK_OF(POLICYINFO) -DECLARE_ASN1_SET_OF(POLICYINFO) -#define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \ -",name:", val->name, ",value:", val->value); +typedef struct POLICY_MAPPING_st { + ASN1_OBJECT *issuerDomainPolicy; + ASN1_OBJECT *subjectDomainPolicy; +} POLICY_MAPPING; + +DECLARE_STACK_OF(POLICY_MAPPING) + +typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS; + +typedef struct GENERAL_SUBTREE_st { + GENERAL_NAME *base; + ASN1_INTEGER *minimum; + ASN1_INTEGER *maximum; +} GENERAL_SUBTREE; + +DECLARE_STACK_OF(GENERAL_SUBTREE) + +struct NAME_CONSTRAINTS_st { + STACK_OF(GENERAL_SUBTREE) *permittedSubtrees; + STACK_OF(GENERAL_SUBTREE) *excludedSubtrees; +}; + +typedef struct POLICY_CONSTRAINTS_st { + ASN1_INTEGER *requireExplicitPolicy; + ASN1_INTEGER *inhibitPolicyMapping; +} POLICY_CONSTRAINTS; + +/* Proxy certificate structures, see RFC 3820 */ +typedef struct PROXY_POLICY_st + { + ASN1_OBJECT *policyLanguage; + ASN1_OCTET_STRING *policy; + } PROXY_POLICY; + +typedef struct PROXY_CERT_INFO_EXTENSION_st + { + ASN1_INTEGER *pcPathLengthConstraint; + PROXY_POLICY *proxyPolicy; + } PROXY_CERT_INFO_EXTENSION; + +PROXY_POLICY *PROXY_POLICY_new(void); +void PROXY_POLICY_free(PROXY_POLICY *a); +PROXY_POLICY *d2i_PROXY_POLICY(PROXY_POLICY **a, const unsigned char **in, long len); +int i2d_PROXY_POLICY(PROXY_POLICY *a, unsigned char **out); +extern const ASN1_ITEM PROXY_POLICY_it; +PROXY_CERT_INFO_EXTENSION *PROXY_CERT_INFO_EXTENSION_new(void); +void PROXY_CERT_INFO_EXTENSION_free(PROXY_CERT_INFO_EXTENSION *a); +PROXY_CERT_INFO_EXTENSION *d2i_PROXY_CERT_INFO_EXTENSION(PROXY_CERT_INFO_EXTENSION **a, const unsigned char **in, long len); +int i2d_PROXY_CERT_INFO_EXTENSION(PROXY_CERT_INFO_EXTENSION *a, unsigned char **out); +extern const ASN1_ITEM PROXY_CERT_INFO_EXTENSION_it; + +struct ISSUING_DIST_POINT_st + { + DIST_POINT_NAME *distpoint; + int onlyuser; + int onlyCA; + ASN1_BIT_STRING *onlysomereasons; + int indirectCRL; + int onlyattr; + }; + +/* Values in idp_flags field */ +/* IDP present */ +#define IDP_PRESENT 0x1 +/* IDP values inconsistent */ +#define IDP_INVALID 0x2 +/* onlyuser true */ +#define IDP_ONLYUSER 0x4 +/* onlyCA true */ +#define IDP_ONLYCA 0x8 +/* onlyattr true */ +#define IDP_ONLYATTR 0x10 +/* indirectCRL true */ +#define IDP_INDIRECT 0x20 +/* onlysomereasons present */ +#define IDP_REASONS 0x40 + +#define X509V3_conf_err(val) ERR_asprintf_error_data( \ + "section:%s,name:%s,value:%s", val->section, \ + val->name, val->value); #define X509V3_set_ctx_test(ctx) \ X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST) #define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL; -#define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \ +#define EXT_BITSTRING(nid, table) { nid, 0, &ASN1_BIT_STRING_it, \ 0,0,0,0, \ 0,0, \ (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \ @@ -302,7 +399,7 @@ DECLARE_ASN1_SET_OF(POLICYINFO) NULL, NULL, \ table} -#define EXT_IA5STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), \ +#define EXT_IA5STRING(nid) { nid, 0, &ASN1_IA5STRING_it, \ 0,0,0,0, \ (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \ (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \ @@ -314,17 +411,21 @@ DECLARE_ASN1_SET_OF(POLICYINFO) /* X509_PURPOSE stuff */ -#define EXFLAG_BCONS 0x1 -#define EXFLAG_KUSAGE 0x2 -#define EXFLAG_XKUSAGE 0x4 -#define EXFLAG_NSCERT 0x8 - -#define EXFLAG_CA 0x10 -#define EXFLAG_SS 0x20 -#define EXFLAG_V1 0x40 -#define EXFLAG_INVALID 0x80 -#define EXFLAG_SET 0x100 -#define EXFLAG_CRITICAL 0x200 +#define EXFLAG_BCONS 0x0001 +#define EXFLAG_KUSAGE 0x0002 +#define EXFLAG_XKUSAGE 0x0004 +#define EXFLAG_NSCERT 0x0008 + +#define EXFLAG_CA 0x0010 +#define EXFLAG_SI 0x0020 /* Self issued. */ +#define EXFLAG_V1 0x0040 +#define EXFLAG_INVALID 0x0080 +#define EXFLAG_SET 0x0100 +#define EXFLAG_CRITICAL 0x0200 +#define EXFLAG_PROXY 0x0400 +#define EXFLAG_INVALID_POLICY 0x0800 +#define EXFLAG_FRESHEST 0x1000 +#define EXFLAG_SS 0x2000 /* Self signed. */ #define KU_DIGITAL_SIGNATURE 0x0080 #define KU_NON_REPUDIATION 0x0040 @@ -352,6 +453,7 @@ DECLARE_ASN1_SET_OF(POLICYINFO) #define XKU_SGC 0x10 #define XKU_OCSP_SIGN 0x20 #define XKU_TIMESTAMP 0x40 +#define XKU_DVCS 0x80 #define X509_PURPOSE_DYNAMIC 0x1 #define X509_PURPOSE_DYNAMIC_NAME 0x2 @@ -375,9 +477,10 @@ typedef struct x509_purpose_st { #define X509_PURPOSE_CRL_SIGN 6 #define X509_PURPOSE_ANY 7 #define X509_PURPOSE_OCSP_HELPER 8 +#define X509_PURPOSE_TIMESTAMP_SIGN 9 #define X509_PURPOSE_MIN 1 -#define X509_PURPOSE_MAX 8 +#define X509_PURPOSE_MAX 9 /* Flags for X509V3_EXT_print() */ @@ -404,84 +507,232 @@ typedef struct x509_purpose_st { DECLARE_STACK_OF(X509_PURPOSE) -DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS) +BASIC_CONSTRAINTS *BASIC_CONSTRAINTS_new(void); +void BASIC_CONSTRAINTS_free(BASIC_CONSTRAINTS *a); +BASIC_CONSTRAINTS *d2i_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS **a, const unsigned char **in, long len); +int i2d_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS *a, unsigned char **out); +extern const ASN1_ITEM BASIC_CONSTRAINTS_it; + +SXNET *SXNET_new(void); +void SXNET_free(SXNET *a); +SXNET *d2i_SXNET(SXNET **a, const unsigned char **in, long len); +int i2d_SXNET(SXNET *a, unsigned char **out); +extern const ASN1_ITEM SXNET_it; +SXNETID *SXNETID_new(void); +void SXNETID_free(SXNETID *a); +SXNETID *d2i_SXNETID(SXNETID **a, const unsigned char **in, long len); +int i2d_SXNETID(SXNETID *a, unsigned char **out); +extern const ASN1_ITEM SXNETID_it; + +int SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user, + int userlen); +int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user, + int userlen); +int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, const char *user, + int userlen); + +ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, const char *zone); +ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone); +ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone); -DECLARE_ASN1_FUNCTIONS(SXNET) -DECLARE_ASN1_FUNCTIONS(SXNETID) +AUTHORITY_KEYID *AUTHORITY_KEYID_new(void); +void AUTHORITY_KEYID_free(AUTHORITY_KEYID *a); +AUTHORITY_KEYID *d2i_AUTHORITY_KEYID(AUTHORITY_KEYID **a, const unsigned char **in, long len); +int i2d_AUTHORITY_KEYID(AUTHORITY_KEYID *a, unsigned char **out); +extern const ASN1_ITEM AUTHORITY_KEYID_it; -int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen); -int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, int userlen); -int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, char *user, int userlen); +PKEY_USAGE_PERIOD *PKEY_USAGE_PERIOD_new(void); +void PKEY_USAGE_PERIOD_free(PKEY_USAGE_PERIOD *a); +PKEY_USAGE_PERIOD *d2i_PKEY_USAGE_PERIOD(PKEY_USAGE_PERIOD **a, const unsigned char **in, long len); +int i2d_PKEY_USAGE_PERIOD(PKEY_USAGE_PERIOD *a, unsigned char **out); +extern const ASN1_ITEM PKEY_USAGE_PERIOD_it; -ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone); -ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone); -ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone); +GENERAL_NAME *GENERAL_NAME_new(void); +void GENERAL_NAME_free(GENERAL_NAME *a); +GENERAL_NAME *d2i_GENERAL_NAME(GENERAL_NAME **a, const unsigned char **in, long len); +int i2d_GENERAL_NAME(GENERAL_NAME *a, unsigned char **out); +extern const ASN1_ITEM GENERAL_NAME_it; +GENERAL_NAME *GENERAL_NAME_dup(GENERAL_NAME *a); +int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b); -DECLARE_ASN1_FUNCTIONS(AUTHORITY_KEYID) -DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD) -DECLARE_ASN1_FUNCTIONS(GENERAL_NAME) +ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); +STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, + ASN1_BIT_STRING *bits, + STACK_OF(CONF_VALUE) *extlist); STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret); int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen); -DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES) +GENERAL_NAMES *GENERAL_NAMES_new(void); +void GENERAL_NAMES_free(GENERAL_NAMES *a); +GENERAL_NAMES *d2i_GENERAL_NAMES(GENERAL_NAMES **a, const unsigned char **in, long len); +int i2d_GENERAL_NAMES(GENERAL_NAMES *a, unsigned char **out); +extern const ASN1_ITEM GENERAL_NAMES_it; STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, GENERAL_NAMES *gen, STACK_OF(CONF_VALUE) *extlist); -GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); - -DECLARE_ASN1_FUNCTIONS(OTHERNAME) -DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME) - -char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *ia5); -ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); - -DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE) -int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a); - -DECLARE_ASN1_FUNCTIONS(CERTIFICATEPOLICIES) -DECLARE_ASN1_FUNCTIONS(POLICYINFO) -DECLARE_ASN1_FUNCTIONS(POLICYQUALINFO) -DECLARE_ASN1_FUNCTIONS(USERNOTICE) -DECLARE_ASN1_FUNCTIONS(NOTICEREF) - -DECLARE_ASN1_FUNCTIONS(CRL_DIST_POINTS) -DECLARE_ASN1_FUNCTIONS(DIST_POINT) -DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME) - -DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION) -DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS) +GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); + +OTHERNAME *OTHERNAME_new(void); +void OTHERNAME_free(OTHERNAME *a); +OTHERNAME *d2i_OTHERNAME(OTHERNAME **a, const unsigned char **in, long len); +int i2d_OTHERNAME(OTHERNAME *a, unsigned char **out); +extern const ASN1_ITEM OTHERNAME_it; +EDIPARTYNAME *EDIPARTYNAME_new(void); +void EDIPARTYNAME_free(EDIPARTYNAME *a); +EDIPARTYNAME *d2i_EDIPARTYNAME(EDIPARTYNAME **a, const unsigned char **in, long len); +int i2d_EDIPARTYNAME(EDIPARTYNAME *a, unsigned char **out); +extern const ASN1_ITEM EDIPARTYNAME_it; +int OTHERNAME_cmp(OTHERNAME *a, OTHERNAME *b); +void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value); +void *GENERAL_NAME_get0_value(GENERAL_NAME *a, int *ptype); +int GENERAL_NAME_set0_othername(GENERAL_NAME *gen, + ASN1_OBJECT *oid, ASN1_TYPE *value); +int GENERAL_NAME_get0_otherName(GENERAL_NAME *gen, + ASN1_OBJECT **poid, ASN1_TYPE **pvalue); + +char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, + const ASN1_OCTET_STRING *ia5); +ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, const char *str); + +EXTENDED_KEY_USAGE *EXTENDED_KEY_USAGE_new(void); +void EXTENDED_KEY_USAGE_free(EXTENDED_KEY_USAGE *a); +EXTENDED_KEY_USAGE *d2i_EXTENDED_KEY_USAGE(EXTENDED_KEY_USAGE **a, const unsigned char **in, long len); +int i2d_EXTENDED_KEY_USAGE(EXTENDED_KEY_USAGE *a, unsigned char **out); +extern const ASN1_ITEM EXTENDED_KEY_USAGE_it; +int i2a_ACCESS_DESCRIPTION(BIO *bp, const ACCESS_DESCRIPTION* a); + +CERTIFICATEPOLICIES *CERTIFICATEPOLICIES_new(void); +void CERTIFICATEPOLICIES_free(CERTIFICATEPOLICIES *a); +CERTIFICATEPOLICIES *d2i_CERTIFICATEPOLICIES(CERTIFICATEPOLICIES **a, const unsigned char **in, long len); +int i2d_CERTIFICATEPOLICIES(CERTIFICATEPOLICIES *a, unsigned char **out); +extern const ASN1_ITEM CERTIFICATEPOLICIES_it; +POLICYINFO *POLICYINFO_new(void); +void POLICYINFO_free(POLICYINFO *a); +POLICYINFO *d2i_POLICYINFO(POLICYINFO **a, const unsigned char **in, long len); +int i2d_POLICYINFO(POLICYINFO *a, unsigned char **out); +extern const ASN1_ITEM POLICYINFO_it; +POLICYQUALINFO *POLICYQUALINFO_new(void); +void POLICYQUALINFO_free(POLICYQUALINFO *a); +POLICYQUALINFO *d2i_POLICYQUALINFO(POLICYQUALINFO **a, const unsigned char **in, long len); +int i2d_POLICYQUALINFO(POLICYQUALINFO *a, unsigned char **out); +extern const ASN1_ITEM POLICYQUALINFO_it; +USERNOTICE *USERNOTICE_new(void); +void USERNOTICE_free(USERNOTICE *a); +USERNOTICE *d2i_USERNOTICE(USERNOTICE **a, const unsigned char **in, long len); +int i2d_USERNOTICE(USERNOTICE *a, unsigned char **out); +extern const ASN1_ITEM USERNOTICE_it; +NOTICEREF *NOTICEREF_new(void); +void NOTICEREF_free(NOTICEREF *a); +NOTICEREF *d2i_NOTICEREF(NOTICEREF **a, const unsigned char **in, long len); +int i2d_NOTICEREF(NOTICEREF *a, unsigned char **out); +extern const ASN1_ITEM NOTICEREF_it; + +CRL_DIST_POINTS *CRL_DIST_POINTS_new(void); +void CRL_DIST_POINTS_free(CRL_DIST_POINTS *a); +CRL_DIST_POINTS *d2i_CRL_DIST_POINTS(CRL_DIST_POINTS **a, const unsigned char **in, long len); +int i2d_CRL_DIST_POINTS(CRL_DIST_POINTS *a, unsigned char **out); +extern const ASN1_ITEM CRL_DIST_POINTS_it; +DIST_POINT *DIST_POINT_new(void); +void DIST_POINT_free(DIST_POINT *a); +DIST_POINT *d2i_DIST_POINT(DIST_POINT **a, const unsigned char **in, long len); +int i2d_DIST_POINT(DIST_POINT *a, unsigned char **out); +extern const ASN1_ITEM DIST_POINT_it; +DIST_POINT_NAME *DIST_POINT_NAME_new(void); +void DIST_POINT_NAME_free(DIST_POINT_NAME *a); +DIST_POINT_NAME *d2i_DIST_POINT_NAME(DIST_POINT_NAME **a, const unsigned char **in, long len); +int i2d_DIST_POINT_NAME(DIST_POINT_NAME *a, unsigned char **out); +extern const ASN1_ITEM DIST_POINT_NAME_it; +ISSUING_DIST_POINT *ISSUING_DIST_POINT_new(void); +void ISSUING_DIST_POINT_free(ISSUING_DIST_POINT *a); +ISSUING_DIST_POINT *d2i_ISSUING_DIST_POINT(ISSUING_DIST_POINT **a, const unsigned char **in, long len); +int i2d_ISSUING_DIST_POINT(ISSUING_DIST_POINT *a, unsigned char **out); +extern const ASN1_ITEM ISSUING_DIST_POINT_it; + +int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname); + +int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc); + +ACCESS_DESCRIPTION *ACCESS_DESCRIPTION_new(void); +void ACCESS_DESCRIPTION_free(ACCESS_DESCRIPTION *a); +ACCESS_DESCRIPTION *d2i_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION **a, const unsigned char **in, long len); +int i2d_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION *a, unsigned char **out); +extern const ASN1_ITEM ACCESS_DESCRIPTION_it; +AUTHORITY_INFO_ACCESS *AUTHORITY_INFO_ACCESS_new(void); +void AUTHORITY_INFO_ACCESS_free(AUTHORITY_INFO_ACCESS *a); +AUTHORITY_INFO_ACCESS *d2i_AUTHORITY_INFO_ACCESS(AUTHORITY_INFO_ACCESS **a, const unsigned char **in, long len); +int i2d_AUTHORITY_INFO_ACCESS(AUTHORITY_INFO_ACCESS *a, unsigned char **out); +extern const ASN1_ITEM AUTHORITY_INFO_ACCESS_it; + +extern const ASN1_ITEM POLICY_MAPPING_it; +POLICY_MAPPING *POLICY_MAPPING_new(void); +void POLICY_MAPPING_free(POLICY_MAPPING *a); +extern const ASN1_ITEM POLICY_MAPPINGS_it; + +extern const ASN1_ITEM GENERAL_SUBTREE_it; +GENERAL_SUBTREE *GENERAL_SUBTREE_new(void); +void GENERAL_SUBTREE_free(GENERAL_SUBTREE *a); + +extern const ASN1_ITEM NAME_CONSTRAINTS_it; +NAME_CONSTRAINTS *NAME_CONSTRAINTS_new(void); +void NAME_CONSTRAINTS_free(NAME_CONSTRAINTS *a); + +POLICY_CONSTRAINTS *POLICY_CONSTRAINTS_new(void); +void POLICY_CONSTRAINTS_free(POLICY_CONSTRAINTS *a); +extern const ASN1_ITEM POLICY_CONSTRAINTS_it; + +GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, + const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + int gen_type, const char *value, int is_nc); #ifdef HEADER_CONF_H -GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, CONF_VALUE *cnf); +GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, + CONF_VALUE *cnf); +GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, + const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc); void X509V3_conf_free(CONF_VALUE *val); -X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value); -X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value); -int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, STACK_OF(X509_EXTENSION) **sk); -int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert); -int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_REQ *req); -int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl); - -X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, char *value); -X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, char *value); -int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509 *cert); -int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_REQ *req); -int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl); - -int X509V3_add_value_bool_nf(char *name, int asn1_bool, - STACK_OF(CONF_VALUE) **extlist); -int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool); -int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint); +X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, + const char *value); +X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name, + const char *value); +int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section, + STACK_OF(X509_EXTENSION) **sk); +int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, + X509 *cert); +int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, + X509_REQ *req); +int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, + X509_CRL *crl); + +X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + int ext_nid, const char *value); +X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + const char *name, const char *value); +int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + const char *section, X509 *cert); +int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + const char *section, X509_REQ *req); +int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx, + const char *section, X509_CRL *crl); + +int X509V3_add_value_bool_nf(const char *name, int asn1_bool, + STACK_OF(CONF_VALUE) **extlist); +int X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool); +int X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint); void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf); -void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash); +void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash); #endif -char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section); -STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section); +char *X509V3_get_string(X509V3_CTX *ctx, const char *name, + const char *section); +STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, const char *section); void X509V3_string_free(X509V3_CTX *ctx, char *str); void X509V3_section_free( X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section); void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject, @@ -493,30 +744,32 @@ int X509V3_add_value_uchar(const char *name, const unsigned char *value, STACK_OF(CONF_VALUE) **extlist); int X509V3_add_value_bool(const char *name, int asn1_bool, STACK_OF(CONF_VALUE) **extlist); -int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint, +int X509V3_add_value_int(const char *name, const ASN1_INTEGER *aint, STACK_OF(CONF_VALUE) **extlist); -char * i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint); -ASN1_INTEGER * s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value); -char * i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint); -char * i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint); +char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const ASN1_INTEGER *aint); +ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const char *value); +char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, const ASN1_ENUMERATED *aint); +char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth, + const ASN1_ENUMERATED *aint); int X509V3_EXT_add(X509V3_EXT_METHOD *ext); int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist); int X509V3_EXT_add_alias(int nid_to, int nid_from); void X509V3_EXT_cleanup(void); -X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext); -X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid); +const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext); +const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid); int X509V3_add_standard_extensions(void); STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line); void *X509V3_EXT_d2i(X509_EXTENSION *ext); -void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx); +void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit, + int *idx); X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit, unsigned long flags); -char *hex_to_string(unsigned char *buffer, long len); -unsigned char *string_to_hex(char *str, long *len); +char *hex_to_string(const unsigned char *buffer, long len); +unsigned char *string_to_hex(const char *str, long *len); int name_cmp(const char *name, const char *cmp); void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, @@ -524,28 +777,68 @@ void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent); int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent); -int X509V3_extensions_print(BIO *out, char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent); +int X509V3_extensions_print(BIO *out, const char *title, + const STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent); +int X509_check_ca(X509 *x); int X509_check_purpose(X509 *x, int id, int ca); int X509_supported_extension(X509_EXTENSION *ex); int X509_PURPOSE_set(int *p, int purpose); int X509_check_issued(X509 *issuer, X509 *subject); +int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid); int X509_PURPOSE_get_count(void); X509_PURPOSE * X509_PURPOSE_get0(int idx); -int X509_PURPOSE_get_by_sname(char *sname); +int X509_PURPOSE_get_by_sname(const char *sname); int X509_PURPOSE_get_by_id(int id); int X509_PURPOSE_add(int id, int trust, int flags, int (*ck)(const X509_PURPOSE *, const X509 *, int), - char *name, char *sname, void *arg); -char *X509_PURPOSE_get0_name(X509_PURPOSE *xp); -char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp); -int X509_PURPOSE_get_trust(X509_PURPOSE *xp); + const char *name, const char *sname, void *arg); +char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp); +char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp); +int X509_PURPOSE_get_trust(const X509_PURPOSE *xp); void X509_PURPOSE_cleanup(void); -int X509_PURPOSE_get_id(X509_PURPOSE *); +int X509_PURPOSE_get_id(const X509_PURPOSE *); + +STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x); +STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x); +void X509_email_free(STACK_OF(OPENSSL_STRING) *sk); +STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x); + +/* Flags for X509_check_* functions */ +/* Always check subject name for host match even if subject alt names present */ +#define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT 0x1 +/* Disable wildcard matching for dnsName fields and common name. */ +#define X509_CHECK_FLAG_NO_WILDCARDS 0x2 +/* Wildcards must not match a partial label. */ +#define X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS 0x4 +/* Allow (non-partial) wildcards to match multiple labels. */ +#define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS 0x8 +/* Constraint verifier subdomain patterns to match a single labels. */ +#define X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS 0x10 + +/* + * Match reference identifiers starting with "." to any sub-domain. + * This is a non-public flag, turned on implicitly when the subject + * reference identity is a DNS name. + */ +#define _X509_CHECK_FLAG_DOT_SUBDOMAINS 0x8000 + +int X509_check_host(X509 *x, const char *chk, size_t chklen, + unsigned int flags, char **peername); +int X509_check_email(X509 *x, const char *chk, size_t chklen, + unsigned int flags); +int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen, + unsigned int flags); +int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags); + +ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc); +ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc); +int a2i_ipadd(unsigned char *ipout, const char *ipasc); +int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk, + unsigned long chtype); -STACK *X509_get1_email(X509 *x); -STACK *X509_REQ_get1_email(X509_REQ *x); -void X509_email_free(STACK *sk); +void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent); +DECLARE_STACK_OF(X509_POLICY_NODE) /* BEGIN ERROR CODES */ @@ -557,44 +850,67 @@ void ERR_load_X509V3_strings(void); /* Error codes for the X509V3 functions. */ /* Function codes. */ +#define X509V3_F_A2I_GENERAL_NAME 164 +#define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE 161 +#define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL 162 #define X509V3_F_COPY_EMAIL 122 #define X509V3_F_COPY_ISSUER 123 +#define X509V3_F_DO_DIRNAME 144 #define X509V3_F_DO_EXT_CONF 124 #define X509V3_F_DO_EXT_I2D 135 +#define X509V3_F_DO_EXT_NCONF 151 +#define X509V3_F_DO_I2V_NAME_CONSTRAINTS 148 +#define X509V3_F_GNAMES_FROM_SECTNAME 156 #define X509V3_F_HEX_TO_STRING 111 #define X509V3_F_I2S_ASN1_ENUMERATED 121 +#define X509V3_F_I2S_ASN1_IA5STRING 149 #define X509V3_F_I2S_ASN1_INTEGER 120 #define X509V3_F_I2V_AUTHORITY_INFO_ACCESS 138 #define X509V3_F_NOTICE_SECTION 132 #define X509V3_F_NREF_NOS 133 #define X509V3_F_POLICY_SECTION 131 +#define X509V3_F_PROCESS_PCI_VALUE 150 #define X509V3_F_R2I_CERTPOL 130 +#define X509V3_F_R2I_PCI 155 #define X509V3_F_S2I_ASN1_IA5STRING 100 #define X509V3_F_S2I_ASN1_INTEGER 108 #define X509V3_F_S2I_ASN1_OCTET_STRING 112 #define X509V3_F_S2I_ASN1_SKEY_ID 114 -#define X509V3_F_S2I_S2I_SKEY_ID 115 +#define X509V3_F_S2I_SKEY_ID 115 +#define X509V3_F_SET_DIST_POINT_NAME 158 #define X509V3_F_STRING_TO_HEX 113 -#define X509V3_F_SXNET_ADD_ASC 125 +#define X509V3_F_SXNET_ADD_ID_ASC 125 #define X509V3_F_SXNET_ADD_ID_INTEGER 126 #define X509V3_F_SXNET_ADD_ID_ULONG 127 #define X509V3_F_SXNET_GET_ID_ASC 128 #define X509V3_F_SXNET_GET_ID_ULONG 129 -#define X509V3_F_V2I_ACCESS_DESCRIPTION 139 +#define X509V3_F_V2I_ASIDENTIFIERS 163 #define X509V3_F_V2I_ASN1_BIT_STRING 101 +#define X509V3_F_V2I_AUTHORITY_INFO_ACCESS 139 #define X509V3_F_V2I_AUTHORITY_KEYID 119 #define X509V3_F_V2I_BASIC_CONSTRAINTS 102 #define X509V3_F_V2I_CRLD 134 -#define X509V3_F_V2I_EXT_KU 103 -#define X509V3_F_V2I_GENERAL_NAME 117 +#define X509V3_F_V2I_EXTENDED_KEY_USAGE 103 #define X509V3_F_V2I_GENERAL_NAMES 118 +#define X509V3_F_V2I_GENERAL_NAME_EX 117 +#define X509V3_F_V2I_IDP 157 +#define X509V3_F_V2I_IPADDRBLOCKS 159 +#define X509V3_F_V2I_ISSUER_ALT 153 +#define X509V3_F_V2I_NAME_CONSTRAINTS 147 +#define X509V3_F_V2I_POLICY_CONSTRAINTS 146 +#define X509V3_F_V2I_POLICY_MAPPINGS 145 +#define X509V3_F_V2I_SUBJECT_ALT 154 +#define X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL 160 #define X509V3_F_V3_GENERIC_EXTENSION 116 -#define X509V3_F_X509V3_ADD_I2D 140 +#define X509V3_F_X509V3_ADD1_I2D 140 #define X509V3_F_X509V3_ADD_VALUE 105 #define X509V3_F_X509V3_EXT_ADD 104 #define X509V3_F_X509V3_EXT_ADD_ALIAS 106 #define X509V3_F_X509V3_EXT_CONF 107 #define X509V3_F_X509V3_EXT_I2D 136 +#define X509V3_F_X509V3_EXT_NCONF 152 +#define X509V3_F_X509V3_GET_SECTION 142 +#define X509V3_F_X509V3_GET_STRING 143 #define X509V3_F_X509V3_GET_VALUE_BOOL 110 #define X509V3_F_X509V3_PARSE_LIST 109 #define X509V3_F_X509_PURPOSE_ADD 137 @@ -605,6 +921,8 @@ void ERR_load_X509V3_strings(void); #define X509V3_R_BAD_OBJECT 119 #define X509V3_R_BN_DEC2BN_ERROR 100 #define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 101 +#define X509V3_R_DIRNAME_ERROR 149 +#define X509V3_R_DISTPOINT_ALREADY_SET 160 #define X509V3_R_DUPLICATE_ZONE_ID 133 #define X509V3_R_ERROR_CONVERTING_ZONE 131 #define X509V3_R_ERROR_CREATING_EXTENSION 144 @@ -615,9 +933,16 @@ void ERR_load_X509V3_strings(void); #define X509V3_R_EXTENSION_NOT_FOUND 102 #define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED 103 #define X509V3_R_EXTENSION_VALUE_ERROR 116 +#define X509V3_R_ILLEGAL_EMPTY_EXTENSION 151 #define X509V3_R_ILLEGAL_HEX_DIGIT 113 +#define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG 152 +#define X509V3_R_INVALID_MULTIPLE_RDNS 161 +#define X509V3_R_INVALID_ASNUMBER 162 +#define X509V3_R_INVALID_ASRANGE 163 #define X509V3_R_INVALID_BOOLEAN_STRING 104 #define X509V3_R_INVALID_EXTENSION_STRING 105 +#define X509V3_R_INVALID_INHERITANCE 165 +#define X509V3_R_INVALID_IPADDRESS 166 #define X509V3_R_INVALID_NAME 106 #define X509V3_R_INVALID_NULL_ARGUMENT 107 #define X509V3_R_INVALID_NULL_NAME 108 @@ -627,7 +952,9 @@ void ERR_load_X509V3_strings(void); #define X509V3_R_INVALID_OBJECT_IDENTIFIER 110 #define X509V3_R_INVALID_OPTION 138 #define X509V3_R_INVALID_POLICY_IDENTIFIER 134 +#define X509V3_R_INVALID_PROXY_POLICY_SETTING 153 #define X509V3_R_INVALID_PURPOSE 146 +#define X509V3_R_INVALID_SAFI 164 #define X509V3_R_INVALID_SECTION 135 #define X509V3_R_INVALID_SYNTAX 143 #define X509V3_R_ISSUER_DECODE_ERROR 126 @@ -637,9 +964,18 @@ void ERR_load_X509V3_strings(void); #define X509V3_R_NO_ISSUER_CERTIFICATE 121 #define X509V3_R_NO_ISSUER_DETAILS 127 #define X509V3_R_NO_POLICY_IDENTIFIER 139 +#define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED 154 #define X509V3_R_NO_PUBLIC_KEY 114 #define X509V3_R_NO_SUBJECT_DETAILS 125 #define X509V3_R_ODD_NUMBER_OF_DIGITS 112 +#define X509V3_R_OPERATION_NOT_DEFINED 148 +#define X509V3_R_OTHERNAME_ERROR 147 +#define X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED 155 +#define X509V3_R_POLICY_PATH_LENGTH 156 +#define X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED 157 +#define X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED 158 +#define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159 +#define X509V3_R_SECTION_NOT_FOUND 150 #define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 122 #define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID 123 #define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT 111 @@ -647,6 +983,7 @@ void ERR_load_X509V3_strings(void); #define X509V3_R_UNKNOWN_EXTENSION_NAME 130 #define X509V3_R_UNKNOWN_OPTION 120 #define X509V3_R_UNSUPPORTED_OPTION 117 +#define X509V3_R_UNSUPPORTED_TYPE 167 #define X509V3_R_USER_TOO_LONG 132 #ifdef __cplusplus diff --git a/src/lib/libcrypto/x86_64cpuid.pl b/src/lib/libcrypto/x86_64cpuid.pl new file mode 100644 index 00000000000..6558dedb6be --- /dev/null +++ b/src/lib/libcrypto/x86_64cpuid.pl @@ -0,0 +1,202 @@ +#!/usr/bin/env perl + +$flavour = shift; +$output = shift; +if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or +( $xlate="${dir}perlasm/x86_64-xlate.pl" and -f $xlate) or +die "can't locate x86_64-xlate.pl"; + +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; + +($arg1,$arg2,$arg3,$arg4)=("%rdi","%rsi","%rdx","%rcx"); # Unix order + +print<<___; +.extern OPENSSL_cpuid_setup +.hidden OPENSSL_cpuid_setup +.section .init + call OPENSSL_cpuid_setup + +.extern OPENSSL_ia32cap_P +.hidden OPENSSL_ia32cap_P + +.text + +.globl OPENSSL_atomic_add +.type OPENSSL_atomic_add,\@abi-omnipotent +.align 16 +OPENSSL_atomic_add: + movl ($arg1),%eax +.Lspin: leaq ($arg2,%rax),%r8 + .byte 0xf0 # lock + cmpxchgl %r8d,($arg1) + jne .Lspin + movl %r8d,%eax + .byte 0x48,0x98 # cltq/cdqe + ret +.size OPENSSL_atomic_add,.-OPENSSL_atomic_add + +.globl OPENSSL_ia32_cpuid +.type OPENSSL_ia32_cpuid,\@abi-omnipotent +.align 16 +OPENSSL_ia32_cpuid: + mov %rbx,%r8 # save %rbx + + xor %eax,%eax + cpuid + mov %eax,%r11d # max value for standard query level + + xor %eax,%eax + cmp \$0x756e6547,%ebx # "Genu" + setne %al + mov %eax,%r9d + cmp \$0x49656e69,%edx # "ineI" + setne %al + or %eax,%r9d + cmp \$0x6c65746e,%ecx # "ntel" + setne %al + or %eax,%r9d # 0 indicates Intel CPU + jz .Lintel + + cmp \$0x68747541,%ebx # "Auth" + setne %al + mov %eax,%r10d + cmp \$0x69746E65,%edx # "enti" + setne %al + or %eax,%r10d + cmp \$0x444D4163,%ecx # "cAMD" + setne %al + or %eax,%r10d # 0 indicates AMD CPU + jnz .Lintel + + # AMD specific + mov \$0x80000000,%eax + cpuid + cmp \$0x80000001,%eax + jb .Lintel + mov %eax,%r10d + mov \$0x80000001,%eax + cpuid + and \$IA32CAP_MASK1_AMD_XOP,%r9d # isolate AMD XOP bit + or \$1,%r9d # make sure %r9d is not zero + + cmp \$0x80000008,%r10d + jb .Lintel + + mov \$0x80000008,%eax + cpuid + movzb %cl,%r10 # number of cores - 1 + inc %r10 # number of cores + + mov \$1,%eax + cpuid + bt \$IA32CAP_BIT0_HT,%edx # test hyper-threading bit + jnc .Lgeneric + shr \$16,%ebx # number of logical processors + cmp %r10b,%bl + ja .Lgeneric + xor \$IA32CAP_MASK0_HT,%edx + jmp .Lgeneric + +.Lintel: + cmp \$4,%r11d + mov \$-1,%r10d + jb .Lnocacheinfo + + mov \$4,%eax + mov \$0,%ecx # query L1D + cpuid + mov %eax,%r10d + shr \$14,%r10d + and \$0xfff,%r10d # number of cores -1 per L1D + +.Lnocacheinfo: + mov \$1,%eax + cpuid + # force reserved bits to 0 + and \$(~(IA32CAP_MASK0_INTELP4 | IA32CAP_MASK0_INTEL)),%edx + cmp \$0,%r9d + jne .Lnotintel + # set reserved bit#30 on Intel CPUs + or \$IA32CAP_MASK0_INTEL,%edx + and \$15,%ah + cmp \$15,%ah # examine Family ID + jne .Lnotintel + # set reserved bit#20 to engage RC4_CHAR + or \$IA32CAP_MASK0_INTELP4,%edx +.Lnotintel: + bt \$IA32CAP_BIT0_HT,%edx # test hyper-threading bit + jnc .Lgeneric + xor \$IA32CAP_MASK0_HT,%edx + cmp \$0,%r10d + je .Lgeneric + + or \$IA32CAP_MASK0_HT,%edx + shr \$16,%ebx + cmp \$1,%bl # see if cache is shared + ja .Lgeneric + xor \$IA32CAP_MASK0_HT,%edx # clear hyper-threading bit if not + +.Lgeneric: + and \$IA32CAP_MASK1_AMD_XOP,%r9d # isolate AMD XOP flag + and \$(~IA32CAP_MASK1_AMD_XOP),%ecx + or %ecx,%r9d # merge AMD XOP flag + + mov %edx,%r10d # %r9d:%r10d is copy of %ecx:%edx + bt \$IA32CAP_BIT1_OSXSAVE,%r9d # check OSXSAVE bit + jnc .Lclear_avx + xor %ecx,%ecx # XCR0 + .byte 0x0f,0x01,0xd0 # xgetbv + and \$6,%eax # isolate XMM and YMM state support + cmp \$6,%eax + je .Ldone +.Lclear_avx: + mov \$(~(IA32CAP_MASK1_AVX | IA32CAP_MASK1_FMA3 | IA32CAP_MASK1_AMD_XOP)),%eax + and %eax,%r9d # clear AVX, FMA and AMD XOP bits +.Ldone: + shl \$32,%r9 + mov %r10d,%eax + mov %r8,%rbx # restore %rbx + or %r9,%rax + ret +.size OPENSSL_ia32_cpuid,.-OPENSSL_ia32_cpuid +___ + +print<<___; +.globl OPENSSL_wipe_cpu +.type OPENSSL_wipe_cpu,\@abi-omnipotent +.align 16 +OPENSSL_wipe_cpu: + pxor %xmm0,%xmm0 + pxor %xmm1,%xmm1 + pxor %xmm2,%xmm2 + pxor %xmm3,%xmm3 + pxor %xmm4,%xmm4 + pxor %xmm5,%xmm5 + pxor %xmm6,%xmm6 + pxor %xmm7,%xmm7 + pxor %xmm8,%xmm8 + pxor %xmm9,%xmm9 + pxor %xmm10,%xmm10 + pxor %xmm11,%xmm11 + pxor %xmm12,%xmm12 + pxor %xmm13,%xmm13 + pxor %xmm14,%xmm14 + pxor %xmm15,%xmm15 + xorq %rcx,%rcx + xorq %rdx,%rdx + xorq %rsi,%rsi + xorq %rdi,%rdi + xorq %r8,%r8 + xorq %r9,%r9 + xorq %r10,%r10 + xorq %r11,%r11 + leaq 8(%rsp),%rax + ret +.size OPENSSL_wipe_cpu,.-OPENSSL_wipe_cpu +___ + +close STDOUT; # flush diff --git a/src/lib/libcrypto/x86_arch.h b/src/lib/libcrypto/x86_arch.h new file mode 100644 index 00000000000..5b2cf97546f --- /dev/null +++ b/src/lib/libcrypto/x86_arch.h @@ -0,0 +1,90 @@ +/* $OpenBSD: x86_arch.h,v 1.1 2016/11/04 17:30:30 miod Exp $ */ +/* + * Copyright (c) 2016 Miodrag Vallat. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * The knowledge of the layout of OPENSSL_ia32cap_P is internal to libcrypto + * (and, to some extent, to libssl), and may change in the future without + * notice. + */ + +/* + * OPENSSL_ia32cap_P is computed at runtime by OPENSSL_ia32_cpuid(). + * + * On processors which lack the cpuid instruction, the value is always + * zero (this only matters on 32-bit processors, of course). + * + * On processors which support the cpuid instruction, after running + * "cpuid 1", the value of %edx is written to the low word of OPENSSL_ia32cap_P, + * and the value of %ecx is written to its high word. + * + * Further processing is done to set or clear specific bits, depending + * upon the exact processor type. + * + * Assembly routines usually address OPENSSL_ia32cap_P as two 32-bit words, + * hence two sets of bit numbers and masks. OPENSSL_cpu_caps() returns the + * complete 64-bit word. + */ + +/* bit numbers for the low word */ +#define IA32CAP_BIT0_FPU 0 +#define IA32CAP_BIT0_MMX 23 +#define IA32CAP_BIT0_FXSR 24 +#define IA32CAP_BIT0_SSE 25 +#define IA32CAP_BIT0_SSE2 26 +#define IA32CAP_BIT0_HT 28 + +/* the following bits are not obtained from cpuid */ +#define IA32CAP_BIT0_INTELP4 20 +#define IA32CAP_BIT0_INTEL 30 + +/* bit numbers for the high word */ +#define IA32CAP_BIT1_PCLMUL 1 +#define IA32CAP_BIT1_SSSE3 9 +#define IA32CAP_BIT1_FMA3 12 +#define IA32CAP_BIT1_AESNI 25 +#define IA32CAP_BIT1_OSXSAVE 27 +#define IA32CAP_BIT1_AVX 28 + +#define IA32CAP_BIT1_AMD_XOP 11 + +/* bit masks for the low word */ +#define IA32CAP_MASK0_MMX (1 << IA32CAP_BIT0_MMX) +#define IA32CAP_MASK0_FXSR (1 << IA32CAP_BIT0_FXSR) +#define IA32CAP_MASK0_SSE (1 << IA32CAP_BIT0_SSE) +#define IA32CAP_MASK0_SSE2 (1 << IA32CAP_BIT0_SSE2) +#define IA32CAP_MASK0_HT (1 << IA32CAP_BIT0_HT) + +#define IA32CAP_MASK0_INTELP4 (1 << IA32CAP_BIT0_INTELP4) +#define IA32CAP_MASK0_INTEL (1 << IA32CAP_BIT0_INTEL) + +/* bit masks for the high word */ +#define IA32CAP_MASK1_PCLMUL (1 << IA32CAP_BIT1_PCLMUL) +#define IA32CAP_MASK1_SSSE3 (1 << IA32CAP_BIT1_SSSE3) +#define IA32CAP_MASK1_FMA3 (1 << IA32CAP_BIT1_FMA3) +#define IA32CAP_MASK1_AESNI (1 << IA32CAP_BIT1_AESNI) +#define IA32CAP_MASK1_AVX (1 << IA32CAP_BIT1_AVX) + +#define IA32CAP_MASK1_AMD_XOP (1 << IA32CAP_BIT1_AMD_XOP) + +/* bit masks for OPENSSL_cpu_caps() */ +#define CPUCAP_MASK_MMX IA32CAP_MASK0_MMX +#define CPUCAP_MASK_FXSR IA32CAP_MASK0_FXSR +#define CPUCAP_MASK_SSE IA32CAP_MASK0_SSE +#define CPUCAP_MASK_INTELP4 IA32CAP_MASK0_INTELP4 +#define CPUCAP_MASK_PCLMUL (1ULL << (32 + IA32CAP_BIT1_PCLMUL)) +#define CPUCAP_MASK_SSSE3 (1ULL << (32 + IA32CAP_BIT1_SSSE3)) +#define CPUCAP_MASK_AESNI (1ULL << (32 + IA32CAP_BIT1_AESNI)) diff --git a/src/lib/libcrypto/x86cpuid.pl b/src/lib/libcrypto/x86cpuid.pl new file mode 100644 index 00000000000..8b9570fc726 --- /dev/null +++ b/src/lib/libcrypto/x86cpuid.pl @@ -0,0 +1,202 @@ +#!/usr/bin/env perl + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +push(@INC, "${dir}perlasm", "perlasm"); +require "x86asm.pl"; + +&asm_init($ARGV[0],"x86cpuid"); + +for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } + +&function_begin("OPENSSL_ia32_cpuid"); + &xor ("edx","edx"); + &pushf (); + &pop ("eax"); + &mov ("ecx","eax"); + &xor ("eax",1<<21); + &push ("eax"); + &popf (); + &pushf (); + &pop ("eax"); + &xor ("ecx","eax"); + &xor ("eax","eax"); + &bt ("ecx",21); + &jnc (&label("nocpuid")); + &cpuid (); + &mov ("edi","eax"); # max value for standard query level + + &xor ("eax","eax"); + &cmp ("ebx",0x756e6547); # "Genu" + &setne (&LB("eax")); + &mov ("ebp","eax"); + &cmp ("edx",0x49656e69); # "ineI" + &setne (&LB("eax")); + &or ("ebp","eax"); + &cmp ("ecx",0x6c65746e); # "ntel" + &setne (&LB("eax")); + &or ("ebp","eax"); # 0 indicates Intel CPU + &jz (&label("intel")); + + &cmp ("ebx",0x68747541); # "Auth" + &setne (&LB("eax")); + &mov ("esi","eax"); + &cmp ("edx",0x69746E65); # "enti" + &setne (&LB("eax")); + &or ("esi","eax"); + &cmp ("ecx",0x444D4163); # "cAMD" + &setne (&LB("eax")); + &or ("esi","eax"); # 0 indicates AMD CPU + &jnz (&label("intel")); + + # AMD specific + &mov ("eax",0x80000000); + &cpuid (); + &cmp ("eax",0x80000001); + &jb (&label("intel")); + &mov ("esi","eax"); + &mov ("eax",0x80000001); + &cpuid (); + &and ("ecx","\$IA32CAP_MASK1_AMD_XOP"); # isolate AMD XOP bit + &or ("ecx",1); # make sure ecx is not zero + &mov ("ebp","ecx"); + + &cmp ("esi",0x80000008); + &jb (&label("intel")); + + &mov ("eax",0x80000008); + &cpuid (); + &movz ("esi",&LB("ecx")); # number of cores - 1 + &inc ("esi"); # number of cores + + &mov ("eax",1); + &xor ("ecx","ecx"); + &cpuid (); + &bt ("edx","\$IA32CAP_BIT0_HT"); + &jnc (&label("generic")); + &shr ("ebx",16); + &and ("ebx",0xff); + &cmp ("ebx","esi"); + &ja (&label("generic")); + &xor ("edx","\$IA32CAP_MASK0_HT"); # clear hyper-threading bit + &jmp (&label("generic")); + +&set_label("intel"); + &cmp ("edi",4); + &mov ("edi",-1); + &jb (&label("nocacheinfo")); + + &mov ("eax",4); + &mov ("ecx",0); # query L1D + &cpuid (); + &mov ("edi","eax"); + &shr ("edi",14); + &and ("edi",0xfff); # number of cores -1 per L1D + +&set_label("nocacheinfo"); + &mov ("eax",1); + &xor ("ecx","ecx"); + &cpuid (); + # force reserved bits to 0. + &and ("edx","\$~(IA32CAP_MASK0_INTELP4 | IA32CAP_MASK0_INTEL)"); + &cmp ("ebp",0); + &jne (&label("notintel")); + # set reserved bit#30 on Intel CPUs + &or ("edx","\$IA32CAP_MASK0_INTEL"); + &and (&HB("eax"),15); # family ID + &cmp (&HB("eax"),15); # P4? + &jne (&label("notintel")); + # set reserved bit#20 to engage RC4_CHAR + &or ("edx","\$IA32CAP_MASK0_INTELP4"); +&set_label("notintel"); + &bt ("edx","\$IA32CAP_BIT0_HT"); # test hyper-threading bit + &jnc (&label("generic")); + &xor ("edx","\$IA32CAP_MASK0_HT"); + &cmp ("edi",0); + &je (&label("generic")); + + &or ("edx","\$IA32CAP_MASK0_HT"); + &shr ("ebx",16); + &cmp (&LB("ebx"),1); # see if cache is shared + &ja (&label("generic")); + &xor ("edx","\$IA32CAP_MASK0_HT"); # clear hyper-threading bit if not + +&set_label("generic"); + &and ("ebp","\$IA32CAP_MASK1_AMD_XOP"); # isolate AMD XOP flag + # force reserved bits to 0. + &and ("ecx","\$~IA32CAP_MASK1_AMD_XOP"); + &mov ("esi","edx"); + &or ("ebp","ecx"); # merge AMD XOP flag + + &bt ("ecx","\$IA32CAP_BIT1_OSXSAVE"); # check OSXSAVE bit + &jnc (&label("clear_avx")); + &xor ("ecx","ecx"); + &data_byte(0x0f,0x01,0xd0); # xgetbv + &and ("eax",6); + &cmp ("eax",6); + &je (&label("done")); + &cmp ("eax",2); + &je (&label("clear_avx")); +&set_label("clear_xmm"); + # clear AESNI and PCLMULQDQ bits. + &and ("ebp","\$~(IA32CAP_MASK1_AESNI | IA32CAP_MASK1_PCLMUL)"); + # clear FXSR. + &and ("esi","\$~IA32CAP_MASK0_FXSR"); +&set_label("clear_avx"); + # clear AVX, FMA3 and AMD XOP bits. + &and ("ebp","\$~(IA32CAP_MASK1_AVX | IA32CAP_MASK1_FMA3 | IA32CAP_MASK1_AMD_XOP)"); +&set_label("done"); + &mov ("eax","esi"); + &mov ("edx","ebp"); +&set_label("nocpuid"); +&function_end("OPENSSL_ia32_cpuid"); + +&external_label("OPENSSL_ia32cap_P"); + +&function_begin_B("OPENSSL_wipe_cpu",""); + &xor ("eax","eax"); + &xor ("edx","edx"); + &picmeup("ecx","OPENSSL_ia32cap_P"); + &mov ("ecx",&DWP(0,"ecx")); + &bt (&DWP(0,"ecx"),"\$IA32CAP_BIT0_FPU"); + &jnc (&label("no_x87")); + if ($sse2) { + # Check SSE2 and FXSR bits. + &and ("ecx", "\$(IA32CAP_MASK0_FXSR | IA32CAP_MASK0_SSE2)"); + &cmp ("ecx", "\$(IA32CAP_MASK0_FXSR | IA32CAP_MASK0_SSE2)"); + &jne (&label("no_sse2")); + &pxor ("xmm0","xmm0"); + &pxor ("xmm1","xmm1"); + &pxor ("xmm2","xmm2"); + &pxor ("xmm3","xmm3"); + &pxor ("xmm4","xmm4"); + &pxor ("xmm5","xmm5"); + &pxor ("xmm6","xmm6"); + &pxor ("xmm7","xmm7"); + &set_label("no_sse2"); + } + # just a bunch of fldz to zap the fp/mm bank followed by finit... + &data_word(0xeed9eed9,0xeed9eed9,0xeed9eed9,0xeed9eed9,0x90e3db9b); +&set_label("no_x87"); + &lea ("eax",&DWP(4,"esp")); + &ret (); +&function_end_B("OPENSSL_wipe_cpu"); + +&function_begin_B("OPENSSL_atomic_add"); + &mov ("edx",&DWP(4,"esp")); # fetch the pointer, 1st arg + &mov ("ecx",&DWP(8,"esp")); # fetch the increment, 2nd arg + &push ("ebx"); + &nop (); + &mov ("eax",&DWP(0,"edx")); +&set_label("spin"); + &lea ("ebx",&DWP(0,"eax","ecx")); + &nop (); + &data_word(0x1ab10ff0); # lock; cmpxchg %ebx,(%edx) # %eax is envolved and is always reloaded + &jne (&label("spin")); + &mov ("eax","ebx"); # OpenSSL expects the new value + &pop ("ebx"); + &ret (); +&function_end_B("OPENSSL_atomic_add"); + +&initseg("OPENSSL_cpuid_setup"); + +&asm_finish(); diff --git a/src/lib/libssl/LICENSE b/src/lib/libssl/LICENSE index 7b93e0dbcea..892e14a4500 100644 --- a/src/lib/libssl/LICENSE +++ b/src/lib/libssl/LICENSE @@ -1,18 +1,24 @@ + LibReSSL files are retained under the copyright of the authors. New + additions are ISC licensed as per OpenBSD's normal licensing policy, + or are placed in the public domain. + + The OpenSSL code is distributed under the terms of the original OpenSSL + licenses which follow: + LICENSE ISSUES ============== The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. - See below for the actual license texts. Actually both licenses are BSD-style - Open Source licenses. In case of any license issues related to OpenSSL - please contact openssl-core@openssl.org. + See below for the actual license texts. In case of any license issues + related to OpenSSL please contact openssl-core@openssl.org. OpenSSL License --------------- /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2011 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/src/lib/libssl/Makefile b/src/lib/libssl/Makefile index 80fb532c3ce..2ede8a77b07 100644 --- a/src/lib/libssl/Makefile +++ b/src/lib/libssl/Makefile @@ -1,11 +1,111 @@ -# $OpenBSD: Makefile,v 1.13 2002/09/03 18:59:55 markus Exp $ +# $OpenBSD: Makefile,v 1.56 2019/02/09 15:30:52 jsing Exp $ -SUBDIR=crypto ssl man +.include +.ifndef NOMAN +SUBDIR= man +.endif -distribution: - ${INSTALL} ${INSTALL_COPY} -g ${BINGRP} -m 444 \ - ${.CURDIR}/openssl.cnf ${DESTDIR}/etc/ssl/openssl.cnf && \ - ${INSTALL} ${INSTALL_COPY} -g ${BINGRP} -m 444 \ - ${.CURDIR}/x509v3.cnf ${DESTDIR}/etc/ssl/x509v3.cnf +PC_FILES=openssl.pc libssl.pc + +CLEANFILES=${PC_FILES} ${VERSION_SCRIPT} + +LIB= ssl + +CFLAGS+= -Wall -Wundef +.if ${COMPILER_VERSION:L} == "clang" +CFLAGS+= -Werror +.endif +CFLAGS+= -DLIBRESSL_INTERNAL +.ifdef TLS1_3 +CFLAGS+= -DLIBRESSL_HAS_TLS1_3 +.endif +CFLAGS+= -I${.CURDIR} + +LDADD+= -L${BSDOBJDIR}/lib/libcrypto -lcrypto + +VERSION_SCRIPT= Symbols.map +SYMBOL_LIST= ${.CURDIR}/Symbols.list + +SRCS= \ + bio_ssl.c \ + bs_ber.c \ + bs_cbb.c \ + bs_cbs.c \ + d1_both.c \ + d1_clnt.c \ + d1_enc.c \ + d1_lib.c \ + d1_pkt.c \ + d1_srtp.c \ + d1_srvr.c \ + pqueue.c \ + s3_cbc.c \ + s3_lib.c \ + ssl_algs.c \ + ssl_asn1.c \ + ssl_both.c \ + ssl_cert.c \ + ssl_ciph.c \ + ssl_ciphers.c \ + ssl_clnt.c \ + ssl_err.c \ + ssl_init.c \ + ssl_lib.c \ + ssl_methods.c \ + ssl_packet.c \ + ssl_pkt.c \ + ssl_rsa.c \ + ssl_sess.c \ + ssl_sigalgs.c \ + ssl_srvr.c \ + ssl_stat.c \ + ssl_tlsext.c \ + ssl_transcript.c \ + ssl_txt.c \ + ssl_versions.c \ + t1_enc.c \ + t1_lib.c \ + tls13_buffer.c \ + tls13_client.c \ + tls13_handshake.c \ + tls13_handshake_msg.c \ + tls13_key_schedule.c \ + tls13_lib.c \ + tls13_record.c \ + tls13_record_layer.c + +HDRS= dtls1.h srtp.h ssl.h ssl2.h ssl23.h ssl3.h tls1.h + +.PATH: ${.CURDIR} + +includes: + @test -d ${DESTDIR}/usr/include/openssl || \ + mkdir ${DESTDIR}/usr/include/openssl + @cd ${.CURDIR}; for i in $(HDRS); do \ + j="cmp -s $$i ${DESTDIR}/usr/include/openssl/`basename $$i` || \ + ${INSTALL} ${INSTALL_COPY} -o ${BINOWN} -g ${BINGRP} -m 444 $$i\ + ${DESTDIR}/usr/include/openssl"; \ + echo $$j; \ + eval "$$j"; \ + done; + +${VERSION_SCRIPT}: ${SYMBOL_LIST} + { printf '{\n\tglobal:\n'; \ + sed '/^[._a-zA-Z]/s/$$/;/; s/^/ /' ${SYMBOL_LIST}; \ + printf '\n\tlocal:\n\t\t*;\n};\n'; } >$@.tmp && mv $@.tmp $@ + +.include + +all: ${PC_FILES} +${PC_FILES}: ${.CURDIR}/../libcrypto/opensslv.h + /bin/sh ${.CURDIR}/generate_pkgconfig.sh -c ${.CURDIR} -o ${.OBJDIR} + +beforeinstall: + nm -o lib${LIB}.a | egrep -w 'printf|fprintf' && \ + (echo please fix stdio usage in this library; false) || true +.for p in ${PC_FILES} + ${INSTALL} ${INSTALL_COPY} -o root -g ${SHAREGRP} \ + -m ${SHAREMODE} ${.OBJDIR}/$p ${DESTDIR}/usr/lib/pkgconfig/ +.endfor .include diff --git a/src/lib/libssl/Symbols.list b/src/lib/libssl/Symbols.list new file mode 100644 index 00000000000..425d71126bf --- /dev/null +++ b/src/lib/libssl/Symbols.list @@ -0,0 +1,310 @@ +/* BIO glue */ +BIO_f_ssl +BIO_new_buffer_ssl_connect +BIO_new_ssl +BIO_new_ssl_connect +BIO_ssl_copy_session_id +BIO_ssl_shutdown + +/* methods */ +DTLS_client_method +DTLS_method +DTLS_server_method +DTLSv1_client_method +DTLSv1_method +DTLSv1_server_method +SSLv23_client_method +SSLv23_method +SSLv23_server_method +TLS_client_method +TLS_method +TLS_server_method +TLSv1_1_client_method +TLSv1_1_method +TLSv1_1_server_method +TLSv1_2_client_method +TLSv1_2_method +TLSv1_2_server_method +TLSv1_client_method +TLSv1_method +TLSv1_server_method + +/* session import/export */ +PEM_read_SSL_SESSION +PEM_read_bio_SSL_SESSION +PEM_write_SSL_SESSION +PEM_write_bio_SSL_SESSION +d2i_SSL_SESSION +i2d_SSL_SESSION + +/* setup */ +ERR_load_SSL_strings + +/* general API */ +SSL_CIPHER_description +SSL_CIPHER_get_auth_nid +SSL_CIPHER_get_bits +SSL_CIPHER_get_by_id +SSL_CIPHER_get_by_value +SSL_CIPHER_get_cipher_nid +SSL_CIPHER_get_digest_nid +SSL_CIPHER_get_id +SSL_CIPHER_get_kx_nid +SSL_CIPHER_get_name +SSL_CIPHER_get_value +SSL_CIPHER_get_version +SSL_CIPHER_is_aead +SSL_COMP_add_compression_method +SSL_COMP_get_compression_methods +SSL_COMP_get_name +SSL_CTX_add_client_CA +SSL_CTX_add_session +SSL_CTX_callback_ctrl +SSL_CTX_check_private_key +SSL_CTX_ctrl +SSL_CTX_flush_sessions +SSL_CTX_free +SSL_CTX_get0_certificate +SSL_CTX_get0_param +SSL_CTX_get_cert_store +SSL_CTX_get_ciphers +SSL_CTX_get_client_CA_list +SSL_CTX_get_client_cert_cb +SSL_CTX_get_default_passwd_cb +SSL_CTX_get_default_passwd_cb_userdata +SSL_CTX_get_ex_data +SSL_CTX_get_ex_new_index +SSL_CTX_get_info_callback +SSL_CTX_get_max_proto_version +SSL_CTX_get_min_proto_version +SSL_CTX_get_quiet_shutdown +SSL_CTX_get_timeout +SSL_CTX_get_verify_callback +SSL_CTX_get_verify_depth +SSL_CTX_get_verify_mode +SSL_CTX_load_verify_locations +SSL_CTX_load_verify_mem +SSL_CTX_new +SSL_CTX_remove_session +SSL_CTX_sess_get_get_cb +SSL_CTX_sess_get_new_cb +SSL_CTX_sess_get_remove_cb +SSL_CTX_sess_set_get_cb +SSL_CTX_sess_set_new_cb +SSL_CTX_sess_set_remove_cb +SSL_CTX_sessions +SSL_CTX_set1_groups +SSL_CTX_set1_groups_list +SSL_CTX_set1_param +SSL_CTX_set_alpn_protos +SSL_CTX_set_alpn_select_cb +SSL_CTX_set_cert_store +SSL_CTX_set_cert_verify_callback +SSL_CTX_set_cipher_list +SSL_CTX_set_client_CA_list +SSL_CTX_set_client_cert_cb +SSL_CTX_set_client_cert_engine +SSL_CTX_set_cookie_generate_cb +SSL_CTX_set_cookie_verify_cb +SSL_CTX_set_default_passwd_cb +SSL_CTX_set_default_passwd_cb_userdata +SSL_CTX_set_default_verify_paths +SSL_CTX_set_ex_data +SSL_CTX_set_generate_session_id +SSL_CTX_set_info_callback +SSL_CTX_set_max_proto_version +SSL_CTX_set_min_proto_version +SSL_CTX_set_msg_callback +SSL_CTX_set_next_proto_select_cb +SSL_CTX_set_next_protos_advertised_cb +SSL_CTX_set_purpose +SSL_CTX_set_quiet_shutdown +SSL_CTX_set_session_id_context +SSL_CTX_set_ssl_version +SSL_CTX_set_timeout +SSL_CTX_set_tlsext_use_srtp +SSL_CTX_set_tmp_dh_callback +SSL_CTX_set_tmp_ecdh_callback +SSL_CTX_set_tmp_rsa_callback +SSL_CTX_set_trust +SSL_CTX_set_verify +SSL_CTX_set_verify_depth +SSL_CTX_up_ref +SSL_CTX_use_PrivateKey +SSL_CTX_use_PrivateKey_ASN1 +SSL_CTX_use_PrivateKey_file +SSL_CTX_use_RSAPrivateKey +SSL_CTX_use_RSAPrivateKey_ASN1 +SSL_CTX_use_RSAPrivateKey_file +SSL_CTX_use_certificate +SSL_CTX_use_certificate_ASN1 +SSL_CTX_use_certificate_chain_file +SSL_CTX_use_certificate_chain_mem +SSL_CTX_use_certificate_file +SSL_SESSION_free +SSL_SESSION_get0_id_context +SSL_SESSION_get0_peer +SSL_SESSION_get_compress_id +SSL_SESSION_get_ex_data +SSL_SESSION_get_ex_new_index +SSL_SESSION_get_id +SSL_SESSION_get_master_key +SSL_SESSION_get_protocol_version +SSL_SESSION_get_ticket_lifetime_hint +SSL_SESSION_get_time +SSL_SESSION_get_timeout +SSL_SESSION_has_ticket +SSL_SESSION_new +SSL_SESSION_print +SSL_SESSION_print_fp +SSL_SESSION_set1_id +SSL_SESSION_set1_id_context +SSL_SESSION_set_ex_data +SSL_SESSION_set_time +SSL_SESSION_set_timeout +SSL_SESSION_up_ref +SSL_accept +SSL_add_client_CA +SSL_add_dir_cert_subjects_to_stack +SSL_add_file_cert_subjects_to_stack +SSL_alert_desc_string +SSL_alert_desc_string_long +SSL_alert_type_string +SSL_alert_type_string_long +SSL_cache_hit +SSL_callback_ctrl +SSL_check_private_key +SSL_clear +SSL_connect +SSL_copy_session_id +SSL_ctrl +SSL_do_handshake +SSL_dup +SSL_dup_CA_list +SSL_export_keying_material +SSL_free +SSL_get0_alpn_selected +SSL_get0_next_proto_negotiated +SSL_get0_param +SSL_get1_session +SSL_get1_supported_ciphers +SSL_get_SSL_CTX +SSL_get_certificate +SSL_get_cipher_list +SSL_get_ciphers +SSL_get_client_CA_list +SSL_get_client_ciphers +SSL_get_client_random +SSL_get_current_cipher +SSL_get_current_compression +SSL_get_current_expansion +SSL_get_default_timeout +SSL_get_error +SSL_get_ex_data +SSL_get_ex_data_X509_STORE_CTX_idx +SSL_get_ex_new_index +SSL_get_fd +SSL_get_finished +SSL_get_info_callback +SSL_get_max_proto_version +SSL_get_min_proto_version +SSL_get_peer_cert_chain +SSL_get_peer_certificate +SSL_get_peer_finished +SSL_get_privatekey +SSL_get_quiet_shutdown +SSL_get_rbio +SSL_get_read_ahead +SSL_get_rfd +SSL_get_selected_srtp_profile +SSL_get_server_random +SSL_get_servername +SSL_get_servername_type +SSL_get_session +SSL_get_shared_ciphers +SSL_get_shutdown +SSL_get_srtp_profiles +SSL_get_ssl_method +SSL_get_verify_callback +SSL_get_verify_depth +SSL_get_verify_mode +SSL_get_verify_result +SSL_get_version +SSL_get_wbio +SSL_get_wfd +SSL_has_matching_session_id +SSL_is_server +SSL_library_init +SSL_load_client_CA_file +SSL_load_error_strings +SSL_new +SSL_peek +SSL_pending +SSL_read +SSL_renegotiate +SSL_renegotiate_abbreviated +SSL_renegotiate_pending +SSL_rstate_string +SSL_rstate_string_long +SSL_select_next_proto +SSL_set1_groups +SSL_set1_groups_list +SSL_set1_host +SSL_set1_param +SSL_set_SSL_CTX +SSL_set_accept_state +SSL_set_alpn_protos +SSL_set_bio +SSL_set_cipher_list +SSL_set_client_CA_list +SSL_set_connect_state +SSL_set_debug +SSL_set_ex_data +SSL_set_fd +SSL_set_generate_session_id +SSL_set_info_callback +SSL_set_max_proto_version +SSL_set_min_proto_version +SSL_set_msg_callback +SSL_set_purpose +SSL_set_quiet_shutdown +SSL_set_read_ahead +SSL_set_rfd +SSL_set_session +SSL_set_session_id_context +SSL_set_session_secret_cb +SSL_set_session_ticket_ext +SSL_set_session_ticket_ext_cb +SSL_set_shutdown +SSL_set_ssl_method +SSL_set_state +SSL_set_tlsext_use_srtp +SSL_set_tmp_dh_callback +SSL_set_tmp_ecdh_callback +SSL_set_tmp_rsa_callback +SSL_set_trust +SSL_set_verify +SSL_set_verify_depth +SSL_set_verify_result +SSL_set_wfd +SSL_shutdown +SSL_state +SSL_state_string +SSL_state_string_long +SSL_up_ref +SSL_use_PrivateKey +SSL_use_PrivateKey_ASN1 +SSL_use_PrivateKey_file +SSL_use_RSAPrivateKey +SSL_use_RSAPrivateKey_ASN1 +SSL_use_RSAPrivateKey_file +SSL_use_certificate +SSL_use_certificate_ASN1 +SSL_use_certificate_file +SSL_version +SSL_version_str +SSL_want +SSL_write + +/* OpenSSL compatible init */ +OPENSSL_init_ssl diff --git a/src/lib/libssl/bio_ssl.c b/src/lib/libssl/bio_ssl.c index 467e1499470..93cfa0d2a42 100644 --- a/src/lib/libssl/bio_ssl.c +++ b/src/lib/libssl/bio_ssl.c @@ -1,25 +1,25 @@ -/* ssl/bio_ssl.c */ +/* $OpenBSD: bio_ssl.c,v 1.29 2018/08/24 20:30:21 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,22 +49,25 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ +#include #include #include #include -#include -#include + #include +#include #include #include +#include "ssl_locl.h" + static int ssl_write(BIO *h, const char *buf, int num); static int ssl_read(BIO *h, char *buf, int size); static int ssl_puts(BIO *h, const char *str); @@ -72,128 +75,111 @@ static long ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2); static int ssl_new(BIO *h); static int ssl_free(BIO *data); static long ssl_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); -typedef struct bio_ssl_st - { +typedef struct bio_ssl_st { SSL *ssl; /* The ssl handle :-) */ /* re-negotiate every time the total number of bytes is this size */ int num_renegotiates; unsigned long renegotiate_count; unsigned long byte_count; unsigned long renegotiate_timeout; - unsigned long last_time; - } BIO_SSL; - -static BIO_METHOD methods_sslp= - { - BIO_TYPE_SSL,"ssl", - ssl_write, - ssl_read, - ssl_puts, - NULL, /* ssl_gets, */ - ssl_ctrl, - ssl_new, - ssl_free, - ssl_callback_ctrl, - }; - -BIO_METHOD *BIO_f_ssl(void) - { - return(&methods_sslp); - } - -static int ssl_new(BIO *bi) - { + time_t last_time; +} BIO_SSL; + +static const BIO_METHOD methods_sslp = { + .type = BIO_TYPE_SSL, + .name = "ssl", + .bwrite = ssl_write, + .bread = ssl_read, + .bputs = ssl_puts, + .ctrl = ssl_ctrl, + .create = ssl_new, + .destroy = ssl_free, + .callback_ctrl = ssl_callback_ctrl, +}; + +const BIO_METHOD * +BIO_f_ssl(void) +{ + return (&methods_sslp); +} + +static int +ssl_new(BIO *bi) +{ BIO_SSL *bs; - bs=(BIO_SSL *)OPENSSL_malloc(sizeof(BIO_SSL)); - if (bs == NULL) - { - BIOerr(BIO_F_SSL_NEW,ERR_R_MALLOC_FAILURE); - return(0); - } - memset(bs,0,sizeof(BIO_SSL)); - bi->init=0; - bi->ptr=(char *)bs; - bi->flags=0; - return(1); + bs = calloc(1, sizeof(BIO_SSL)); + if (bs == NULL) { + SSLerrorx(ERR_R_MALLOC_FAILURE); + return (0); } - -static int ssl_free(BIO *a) - { + bi->init = 0; + bi->ptr = (char *)bs; + bi->flags = 0; + return (1); +} + +static int +ssl_free(BIO *a) +{ BIO_SSL *bs; - if (a == NULL) return(0); - bs=(BIO_SSL *)a->ptr; - if (bs->ssl != NULL) SSL_shutdown(bs->ssl); - if (a->shutdown) - { + if (a == NULL) + return (0); + bs = (BIO_SSL *)a->ptr; + if (bs->ssl != NULL) + SSL_shutdown(bs->ssl); + if (a->shutdown) { if (a->init && (bs->ssl != NULL)) SSL_free(bs->ssl); - a->init=0; - a->flags=0; - } - if (a->ptr != NULL) - OPENSSL_free(a->ptr); - return(1); + a->init = 0; + a->flags = 0; } - -static int ssl_read(BIO *b, char *out, int outl) - { - int ret=1; + free(a->ptr); + return (1); +} + +static int +ssl_read(BIO *b, char *out, int outl) +{ + int ret = 1; BIO_SSL *sb; SSL *ssl; - int retry_reason=0; - int r=0; + int retry_reason = 0; + int r = 0; - if (out == NULL) return(0); - sb=(BIO_SSL *)b->ptr; - ssl=sb->ssl; + if (out == NULL) + return (0); + sb = (BIO_SSL *)b->ptr; + ssl = sb->ssl; BIO_clear_retry_flags(b); -#if 0 - if (!SSL_is_init_finished(ssl)) - { -/* ret=SSL_do_handshake(ssl); */ - if (ret > 0) - { + ret = SSL_read(ssl, out, outl); - outflags=(BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY); - ret= -1; - goto end; - } - } -#endif -/* if (ret > 0) */ - ret=SSL_read(ssl,out,outl); - - switch (SSL_get_error(ssl,ret)) - { + switch (SSL_get_error(ssl, ret)) { case SSL_ERROR_NONE: - if (ret <= 0) break; - if (sb->renegotiate_count > 0) - { - sb->byte_count+=ret; - if (sb->byte_count > sb->renegotiate_count) - { - sb->byte_count=0; + if (ret <= 0) + break; + if (sb->renegotiate_count > 0) { + sb->byte_count += ret; + if (sb->byte_count > sb->renegotiate_count) { + sb->byte_count = 0; sb->num_renegotiates++; SSL_renegotiate(ssl); - r=1; - } + r = 1; } - if ((sb->renegotiate_timeout > 0) && (!r)) - { - unsigned long tm; - - tm=(unsigned long)time(NULL); - if (tm > sb->last_time+sb->renegotiate_timeout) - { - sb->last_time=tm; + } + if ((sb->renegotiate_timeout > 0) && (!r)) { + time_t tm; + + tm = time(NULL); + if (tm > sb->last_time + sb->renegotiate_timeout) { + sb->last_time = tm; sb->num_renegotiates++; SSL_renegotiate(ssl); - } } + } break; case SSL_ERROR_WANT_READ: @@ -204,71 +190,69 @@ static int ssl_read(BIO *b, char *out, int outl) break; case SSL_ERROR_WANT_X509_LOOKUP: BIO_set_retry_special(b); - retry_reason=BIO_RR_SSL_X509_LOOKUP; + retry_reason = BIO_RR_SSL_X509_LOOKUP; break; case SSL_ERROR_WANT_ACCEPT: BIO_set_retry_special(b); - retry_reason=BIO_RR_ACCEPT; + retry_reason = BIO_RR_ACCEPT; break; case SSL_ERROR_WANT_CONNECT: BIO_set_retry_special(b); - retry_reason=BIO_RR_CONNECT; + retry_reason = BIO_RR_CONNECT; break; case SSL_ERROR_SYSCALL: case SSL_ERROR_SSL: case SSL_ERROR_ZERO_RETURN: default: break; - } - - b->retry_reason=retry_reason; - return(ret); } -static int ssl_write(BIO *b, const char *out, int outl) - { - int ret,r=0; - int retry_reason=0; + b->retry_reason = retry_reason; + return (ret); +} + +static int +ssl_write(BIO *b, const char *out, int outl) +{ + int ret, r = 0; + int retry_reason = 0; SSL *ssl; BIO_SSL *bs; - if (out == NULL) return(0); - bs=(BIO_SSL *)b->ptr; - ssl=bs->ssl; + if (out == NULL) + return (0); + bs = (BIO_SSL *)b->ptr; + ssl = bs->ssl; BIO_clear_retry_flags(b); /* ret=SSL_do_handshake(ssl); if (ret > 0) */ - ret=SSL_write(ssl,out,outl); + ret = SSL_write(ssl, out, outl); - switch (SSL_get_error(ssl,ret)) - { + switch (SSL_get_error(ssl, ret)) { case SSL_ERROR_NONE: - if (ret <= 0) break; - if (bs->renegotiate_count > 0) - { - bs->byte_count+=ret; - if (bs->byte_count > bs->renegotiate_count) - { - bs->byte_count=0; + if (ret <= 0) + break; + if (bs->renegotiate_count > 0) { + bs->byte_count += ret; + if (bs->byte_count > bs->renegotiate_count) { + bs->byte_count = 0; bs->num_renegotiates++; SSL_renegotiate(ssl); - r=1; - } + r = 1; } - if ((bs->renegotiate_timeout > 0) && (!r)) - { - unsigned long tm; - - tm=(unsigned long)time(NULL); - if (tm > bs->last_time+bs->renegotiate_timeout) - { - bs->last_time=tm; + } + if ((bs->renegotiate_timeout > 0) && (!r)) { + time_t tm; + + tm = time(NULL); + if (tm > bs->last_time + bs->renegotiate_timeout) { + bs->last_time = tm; bs->num_renegotiates++; SSL_renegotiate(ssl); - } } + } break; case SSL_ERROR_WANT_WRITE: BIO_set_retry_write(b); @@ -278,53 +262,55 @@ static int ssl_write(BIO *b, const char *out, int outl) break; case SSL_ERROR_WANT_X509_LOOKUP: BIO_set_retry_special(b); - retry_reason=BIO_RR_SSL_X509_LOOKUP; + retry_reason = BIO_RR_SSL_X509_LOOKUP; break; case SSL_ERROR_WANT_CONNECT: BIO_set_retry_special(b); - retry_reason=BIO_RR_CONNECT; + retry_reason = BIO_RR_CONNECT; case SSL_ERROR_SYSCALL: case SSL_ERROR_SSL: default: break; - } - - b->retry_reason=retry_reason; - return(ret); } -static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr) - { - SSL **sslp,*ssl; + b->retry_reason = retry_reason; + return (ret); +} + +static long +ssl_ctrl(BIO *b, int cmd, long num, void *ptr) +{ + SSL **sslp, *ssl; BIO_SSL *bs; - BIO *dbio,*bio; - long ret=1; + BIO *dbio, *bio; + long ret = 1; - bs=(BIO_SSL *)b->ptr; - ssl=bs->ssl; + bs = (BIO_SSL *)b->ptr; + ssl = bs->ssl; if ((ssl == NULL) && (cmd != BIO_C_SET_SSL)) - return(0); - switch (cmd) - { + return (0); + switch (cmd) { case BIO_CTRL_RESET: SSL_shutdown(ssl); - if (ssl->handshake_func == ssl->method->ssl_connect) + if (ssl->internal->handshake_func == + ssl->method->internal->ssl_connect) SSL_set_connect_state(ssl); - else if (ssl->handshake_func == ssl->method->ssl_accept) + else if (ssl->internal->handshake_func == + ssl->method->internal->ssl_accept) SSL_set_accept_state(ssl); SSL_clear(ssl); if (b->next_bio != NULL) - ret=BIO_ctrl(b->next_bio,cmd,num,ptr); + ret = BIO_ctrl(b->next_bio, cmd, num, ptr); else if (ssl->rbio != NULL) - ret=BIO_ctrl(ssl->rbio,cmd,num,ptr); + ret = BIO_ctrl(ssl->rbio, cmd, num, ptr); else - ret=1; + ret = 1; break; case BIO_CTRL_INFO: - ret=0; + ret = 0; break; case BIO_C_SSL_MODE: if (num) /* client mode */ @@ -333,260 +319,272 @@ static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr) SSL_set_accept_state(ssl); break; case BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT: - ret=bs->renegotiate_timeout; - if (num < 60) num=5; - bs->renegotiate_timeout=(unsigned long)num; - bs->last_time=(unsigned long)time(NULL); + ret = bs->renegotiate_timeout; + if (num < 60) + num = 5; + bs->renegotiate_timeout = (unsigned long)num; + bs->last_time = time(NULL); break; case BIO_C_SET_SSL_RENEGOTIATE_BYTES: - ret=bs->renegotiate_count; + ret = bs->renegotiate_count; if ((long)num >=512) - bs->renegotiate_count=(unsigned long)num; + bs->renegotiate_count = (unsigned long)num; break; case BIO_C_GET_SSL_NUM_RENEGOTIATES: - ret=bs->num_renegotiates; + ret = bs->num_renegotiates; break; case BIO_C_SET_SSL: - if (ssl != NULL) + if (ssl != NULL) { ssl_free(b); - b->shutdown=(int)num; - ssl=(SSL *)ptr; - ((BIO_SSL *)b->ptr)->ssl=ssl; - bio=SSL_get_rbio(ssl); - if (bio != NULL) - { + if (!ssl_new(b)) + return 0; + } + b->shutdown = (int)num; + ssl = (SSL *)ptr; + ((BIO_SSL *)b->ptr)->ssl = ssl; + bio = SSL_get_rbio(ssl); + if (bio != NULL) { if (b->next_bio != NULL) - BIO_push(bio,b->next_bio); - b->next_bio=bio; - CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO); - } - b->init=1; + BIO_push(bio, b->next_bio); + b->next_bio = bio; + CRYPTO_add(&bio->references, 1, CRYPTO_LOCK_BIO); + } + b->init = 1; break; case BIO_C_GET_SSL: - if (ptr != NULL) - { - sslp=(SSL **)ptr; - *sslp=ssl; - } - else - ret=0; + if (ptr != NULL) { + sslp = (SSL **)ptr; + *sslp = ssl; + } else + ret = 0; break; case BIO_CTRL_GET_CLOSE: - ret=b->shutdown; + ret = b->shutdown; break; case BIO_CTRL_SET_CLOSE: - b->shutdown=(int)num; + b->shutdown = (int)num; break; case BIO_CTRL_WPENDING: - ret=BIO_ctrl(ssl->wbio,cmd,num,ptr); + ret = BIO_ctrl(ssl->wbio, cmd, num, ptr); break; case BIO_CTRL_PENDING: - ret=SSL_pending(ssl); + ret = SSL_pending(ssl); if (ret == 0) - ret=BIO_pending(ssl->rbio); + ret = BIO_pending(ssl->rbio); break; case BIO_CTRL_FLUSH: BIO_clear_retry_flags(b); - ret=BIO_ctrl(ssl->wbio,cmd,num,ptr); + ret = BIO_ctrl(ssl->wbio, cmd, num, ptr); BIO_copy_next_retry(b); break; case BIO_CTRL_PUSH: - if ((b->next_bio != NULL) && (b->next_bio != ssl->rbio)) - { - SSL_set_bio(ssl,b->next_bio,b->next_bio); - CRYPTO_add(&b->next_bio->references,1,CRYPTO_LOCK_BIO); - } + if ((b->next_bio != NULL) && (b->next_bio != ssl->rbio)) { + SSL_set_bio(ssl, b->next_bio, b->next_bio); + CRYPTO_add(&b->next_bio->references, 1, + CRYPTO_LOCK_BIO); + } break; case BIO_CTRL_POP: - /* ugly bit of a hack */ - if (ssl->rbio != ssl->wbio) /* we are in trouble :-( */ - { - BIO_free_all(ssl->wbio); - } - ssl->wbio=NULL; - ssl->rbio=NULL; + /* Only detach if we are the BIO explicitly being popped */ + if (b == ptr) { + /* Shouldn't happen in practice because the + * rbio and wbio are the same when pushed. + */ + if (ssl->rbio != ssl->wbio) + BIO_free_all(ssl->wbio); + if (b->next_bio != NULL) + CRYPTO_add(&b->next_bio->references, -1, CRYPTO_LOCK_BIO); + ssl->wbio = NULL; + ssl->rbio = NULL; + } break; case BIO_C_DO_STATE_MACHINE: BIO_clear_retry_flags(b); - b->retry_reason=0; - ret=(int)SSL_do_handshake(ssl); + b->retry_reason = 0; + ret = (int)SSL_do_handshake(ssl); - switch (SSL_get_error(ssl,(int)ret)) - { + switch (SSL_get_error(ssl, (int)ret)) { case SSL_ERROR_WANT_READ: BIO_set_flags(b, - BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY); + BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY); break; case SSL_ERROR_WANT_WRITE: BIO_set_flags(b, - BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY); + BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY); break; case SSL_ERROR_WANT_CONNECT: BIO_set_flags(b, - BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY); - b->retry_reason=b->next_bio->retry_reason; + BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY); + b->retry_reason = b->next_bio->retry_reason; break; default: break; - } + } break; case BIO_CTRL_DUP: - dbio=(BIO *)ptr; + dbio = (BIO *)ptr; if (((BIO_SSL *)dbio->ptr)->ssl != NULL) SSL_free(((BIO_SSL *)dbio->ptr)->ssl); - ((BIO_SSL *)dbio->ptr)->ssl=SSL_dup(ssl); - ((BIO_SSL *)dbio->ptr)->renegotiate_count= - ((BIO_SSL *)b->ptr)->renegotiate_count; - ((BIO_SSL *)dbio->ptr)->byte_count= - ((BIO_SSL *)b->ptr)->byte_count; - ((BIO_SSL *)dbio->ptr)->renegotiate_timeout= - ((BIO_SSL *)b->ptr)->renegotiate_timeout; - ((BIO_SSL *)dbio->ptr)->last_time= - ((BIO_SSL *)b->ptr)->last_time; - ret=(((BIO_SSL *)dbio->ptr)->ssl != NULL); + ((BIO_SSL *)dbio->ptr)->ssl = SSL_dup(ssl); + ((BIO_SSL *)dbio->ptr)->renegotiate_count = + ((BIO_SSL *)b->ptr)->renegotiate_count; + ((BIO_SSL *)dbio->ptr)->byte_count = + ((BIO_SSL *)b->ptr)->byte_count; + ((BIO_SSL *)dbio->ptr)->renegotiate_timeout = + ((BIO_SSL *)b->ptr)->renegotiate_timeout; + ((BIO_SSL *)dbio->ptr)->last_time = + ((BIO_SSL *)b->ptr)->last_time; + ret = (((BIO_SSL *)dbio->ptr)->ssl != NULL); break; case BIO_C_GET_FD: - ret=BIO_ctrl(ssl->rbio,cmd,num,ptr); + ret = BIO_ctrl(ssl->rbio, cmd, num, ptr); break; case BIO_CTRL_SET_CALLBACK: { -#if 0 /* FIXME: Should this be used? -- Richard Levitte */ - BIOerr(SSL_F_SSL_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - ret = -1; -#else - ret=0; -#endif + ret = 0; } break; case BIO_CTRL_GET_CALLBACK: { - void (**fptr)(); + void (**fptr)(const SSL *xssl, int type, int val); - fptr=(void (**)())ptr; - *fptr=SSL_get_info_callback(ssl); + fptr = (void (**)(const SSL *xssl, int type, int val)) + ptr; + *fptr = SSL_get_info_callback(ssl); } break; default: - ret=BIO_ctrl(ssl->rbio,cmd,num,ptr); + ret = BIO_ctrl(ssl->rbio, cmd, num, ptr); break; - } - return(ret); } + return (ret); +} -static long ssl_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) - { +static long +ssl_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) +{ SSL *ssl; BIO_SSL *bs; - long ret=1; + long ret = 1; - bs=(BIO_SSL *)b->ptr; - ssl=bs->ssl; - switch (cmd) - { + bs = (BIO_SSL *)b->ptr; + ssl = bs->ssl; + switch (cmd) { case BIO_CTRL_SET_CALLBACK: { /* FIXME: setting this via a completely different prototype seems like a crap idea */ - SSL_set_info_callback(ssl,(void (*)(const SSL *,int,int))fp); + SSL_set_info_callback(ssl, + (void (*)(const SSL *, int, int))fp); } break; default: - ret=BIO_callback_ctrl(ssl->rbio,cmd,fp); + ret = BIO_callback_ctrl(ssl->rbio, cmd, fp); break; - } - return(ret); } + return (ret); +} -static int ssl_puts(BIO *bp, const char *str) - { - int n,ret; +static int +ssl_puts(BIO *bp, const char *str) +{ + int n, ret; - n=strlen(str); - ret=BIO_write(bp,str,n); - return(ret); - } + n = strlen(str); + ret = BIO_write(bp, str, n); + return (ret); +} -BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx) - { - BIO *ret=NULL,*buf=NULL,*ssl=NULL; +BIO * +BIO_new_buffer_ssl_connect(SSL_CTX *ctx) +{ + BIO *ret = NULL, *buf = NULL, *ssl = NULL; - if ((buf=BIO_new(BIO_f_buffer())) == NULL) - return(NULL); - if ((ssl=BIO_new_ssl_connect(ctx)) == NULL) + if ((buf = BIO_new(BIO_f_buffer())) == NULL) + goto err; + if ((ssl = BIO_new_ssl_connect(ctx)) == NULL) goto err; - if ((ret=BIO_push(buf,ssl)) == NULL) + if ((ret = BIO_push(buf, ssl)) == NULL) goto err; - return(ret); + return (ret); + err: - if (buf != NULL) BIO_free(buf); - if (ssl != NULL) BIO_free(ssl); - return(NULL); - } + BIO_free(buf); + BIO_free(ssl); + return (NULL); +} -BIO *BIO_new_ssl_connect(SSL_CTX *ctx) - { - BIO *ret=NULL,*con=NULL,*ssl=NULL; +BIO * +BIO_new_ssl_connect(SSL_CTX *ctx) +{ + BIO *ret = NULL, *con = NULL, *ssl = NULL; - if ((con=BIO_new(BIO_s_connect())) == NULL) - return(NULL); - if ((ssl=BIO_new_ssl(ctx,1)) == NULL) + if ((con = BIO_new(BIO_s_connect())) == NULL) goto err; - if ((ret=BIO_push(ssl,con)) == NULL) + if ((ssl = BIO_new_ssl(ctx, 1)) == NULL) goto err; - return(ret); -err: - if (con != NULL) BIO_free(con); - if (ret != NULL) BIO_free(ret); - return(NULL); - } + if ((ret = BIO_push(ssl, con)) == NULL) + goto err; + return (ret); -BIO *BIO_new_ssl(SSL_CTX *ctx, int client) - { +err: + BIO_free(con); + BIO_free(ssl); + return (NULL); +} + +BIO * +BIO_new_ssl(SSL_CTX *ctx, int client) +{ BIO *ret; SSL *ssl; - if ((ret=BIO_new(BIO_f_ssl())) == NULL) - return(NULL); - if ((ssl=SSL_new(ctx)) == NULL) - { - BIO_free(ret); - return(NULL); - } + if ((ret = BIO_new(BIO_f_ssl())) == NULL) + goto err; + if ((ssl = SSL_new(ctx)) == NULL) + goto err; + if (client) SSL_set_connect_state(ssl); else SSL_set_accept_state(ssl); - - BIO_set_ssl(ret,ssl,BIO_CLOSE); - return(ret); - } -int BIO_ssl_copy_session_id(BIO *t, BIO *f) - { - t=BIO_find_type(t,BIO_TYPE_SSL); - f=BIO_find_type(f,BIO_TYPE_SSL); - if ((t == NULL) || (f == NULL)) - return(0); - if ( (((BIO_SSL *)t->ptr)->ssl == NULL) || - (((BIO_SSL *)f->ptr)->ssl == NULL)) - return(0); - SSL_copy_session_id(((BIO_SSL *)t->ptr)->ssl,((BIO_SSL *)f->ptr)->ssl); - return(1); - } + BIO_set_ssl(ret, ssl, BIO_CLOSE); + return (ret); -void BIO_ssl_shutdown(BIO *b) - { +err: + BIO_free(ret); + return (NULL); +} + +int +BIO_ssl_copy_session_id(BIO *t, BIO *f) +{ + t = BIO_find_type(t, BIO_TYPE_SSL); + f = BIO_find_type(f, BIO_TYPE_SSL); + if ((t == NULL) || (f == NULL)) + return (0); + if ((((BIO_SSL *)t->ptr)->ssl == NULL) || + (((BIO_SSL *)f->ptr)->ssl == NULL)) + return (0); + if (!SSL_copy_session_id(((BIO_SSL *)t->ptr)->ssl, + ((BIO_SSL *)f->ptr)->ssl)) + return (0); + return (1); +} + +void +BIO_ssl_shutdown(BIO *b) +{ SSL *s; - while (b != NULL) - { - if (b->method->type == BIO_TYPE_SSL) - { - s=((BIO_SSL *)b->ptr)->ssl; + while (b != NULL) { + if (b->method->type == BIO_TYPE_SSL) { + s = ((BIO_SSL *)b->ptr)->ssl; SSL_shutdown(s); break; - } - b=b->next_bio; } + b = b->next_bio; } +} diff --git a/src/lib/libssl/bs_ber.c b/src/lib/libssl/bs_ber.c new file mode 100644 index 00000000000..7863b8be0cd --- /dev/null +++ b/src/lib/libssl/bs_ber.c @@ -0,0 +1,270 @@ +/* $OpenBSD: bs_ber.c,v 1.9 2016/12/03 12:34:35 jsing Exp $ */ +/* + * Copyright (c) 2014, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include + +#include + +#include "bytestring.h" + +/* + * kMaxDepth is a just a sanity limit. The code should be such that the length + * of the input being processes always decreases. None the less, a very large + * input could otherwise cause the stack to overflow. + */ +static const unsigned int kMaxDepth = 2048; + +/* Non-strict version that allows a relaxed DER with indefinite form. */ +static int +cbs_nonstrict_get_any_asn1_element(CBS *cbs, CBS *out, unsigned int *out_tag, + size_t *out_header_len) +{ + return cbs_get_any_asn1_element_internal(cbs, out, + out_tag, out_header_len, 0); +} + +/* + * cbs_find_indefinite walks an ASN.1 structure in |orig_in| and sets + * |*indefinite_found| depending on whether an indefinite length element was + * found. The value of |orig_in| is not modified. + * + * Returns one on success (i.e. |*indefinite_found| was set) and zero on error. + */ +static int +cbs_find_indefinite(const CBS *orig_in, char *indefinite_found, + unsigned int depth) +{ + CBS in; + + if (depth > kMaxDepth) + return 0; + + CBS_init(&in, CBS_data(orig_in), CBS_len(orig_in)); + + while (CBS_len(&in) > 0) { + CBS contents; + unsigned int tag; + size_t header_len; + + if (!cbs_nonstrict_get_any_asn1_element(&in, &contents, &tag, + &header_len)) + return 0; + + /* Indefinite form not allowed by DER. */ + if (CBS_len(&contents) == header_len && header_len > 0 && + CBS_data(&contents)[header_len - 1] == 0x80) { + *indefinite_found = 1; + return 1; + } + if (tag & CBS_ASN1_CONSTRUCTED) { + if (!CBS_skip(&contents, header_len) || + !cbs_find_indefinite(&contents, indefinite_found, + depth + 1)) + return 0; + } + } + + *indefinite_found = 0; + return 1; +} + +/* + * is_primitive_type returns true if |tag| likely a primitive type. Normally + * one can just test the "constructed" bit in the tag but, in BER, even + * primitive tags can have the constructed bit if they have indefinite + * length. + */ +static char +is_primitive_type(unsigned int tag) +{ + return (tag & 0xc0) == 0 && + (tag & 0x1f) != (CBS_ASN1_SEQUENCE & 0x1f) && + (tag & 0x1f) != (CBS_ASN1_SET & 0x1f); +} + +/* + * is_eoc returns true if |header_len| and |contents|, as returned by + * |cbs_nonstrict_get_any_asn1_element|, indicate an "end of contents" (EOC) + * value. + */ +static char +is_eoc(size_t header_len, CBS *contents) +{ + const unsigned char eoc[] = {0x0, 0x0}; + + return header_len == 2 && CBS_mem_equal(contents, eoc, 2); +} + +/* + * cbs_convert_indefinite reads data with DER encoding (but relaxed to allow + * indefinite form) from |in| and writes definite form DER data to |out|. If + * |squash_header| is set then the top-level of elements from |in| will not + * have their headers written. This is used when concatenating the fragments of + * an indefinite length, primitive value. If |looking_for_eoc| is set then any + * EOC elements found will cause the function to return after consuming it. + * It returns one on success and zero on error. + */ +static int +cbs_convert_indefinite(CBS *in, CBB *out, char squash_header, + char looking_for_eoc, unsigned int depth) +{ + if (depth > kMaxDepth) + return 0; + + while (CBS_len(in) > 0) { + CBS contents; + unsigned int tag; + size_t header_len; + CBB *out_contents, out_contents_storage; + + if (!cbs_nonstrict_get_any_asn1_element(in, &contents, &tag, + &header_len)) + return 0; + + out_contents = out; + + if (CBS_len(&contents) == header_len) { + if (is_eoc(header_len, &contents)) + return looking_for_eoc; + + if (header_len > 0 && + CBS_data(&contents)[header_len - 1] == 0x80) { + /* + * This is an indefinite length element. If + * it's a SEQUENCE or SET then we just need to + * write the out the contents as normal, but + * with a concrete length prefix. + * + * If it's a something else then the contents + * will be a series of DER elements of the same + * type which need to be concatenated. + */ + const char context_specific = (tag & 0xc0) + == 0x80; + char squash_child_headers = + is_primitive_type(tag); + + /* + * This is a hack, but it sufficies to handle + * NSS's output. If we find an indefinite + * length, context-specific tag with a definite, + * primtive tag inside it, then we assume that + * the context-specific tag is implicit and the + * tags within are fragments of a primitive type + * that need to be concatenated. + */ + if (context_specific && + (tag & CBS_ASN1_CONSTRUCTED)) { + CBS in_copy, inner_contents; + unsigned int inner_tag; + size_t inner_header_len; + + CBS_init(&in_copy, CBS_data(in), + CBS_len(in)); + if (!cbs_nonstrict_get_any_asn1_element( + &in_copy, &inner_contents, + &inner_tag, &inner_header_len)) + return 0; + + if (CBS_len(&inner_contents) > + inner_header_len && + is_primitive_type(inner_tag)) + squash_child_headers = 1; + } + + if (!squash_header) { + unsigned int out_tag = tag; + + if (squash_child_headers) + out_tag &= + ~CBS_ASN1_CONSTRUCTED; + + if (!CBB_add_asn1(out, + &out_contents_storage, out_tag)) + return 0; + + out_contents = &out_contents_storage; + } + + if (!cbs_convert_indefinite(in, out_contents, + squash_child_headers, + 1 /* looking for eoc */, depth + 1)) + return 0; + + if (out_contents != out && !CBB_flush(out)) + return 0; + + continue; + } + } + + if (!squash_header) { + if (!CBB_add_asn1(out, &out_contents_storage, tag)) + return 0; + + out_contents = &out_contents_storage; + } + + if (!CBS_skip(&contents, header_len)) + return 0; + + if (tag & CBS_ASN1_CONSTRUCTED) { + if (!cbs_convert_indefinite(&contents, out_contents, + 0 /* don't squash header */, + 0 /* not looking for eoc */, depth + 1)) + return 0; + } else { + if (!CBB_add_bytes(out_contents, CBS_data(&contents), + CBS_len(&contents))) + return 0; + } + + if (out_contents != out && !CBB_flush(out)) + return 0; + } + + return looking_for_eoc == 0; +} + +int +CBS_asn1_indefinite_to_definite(CBS *in, uint8_t **out, size_t *out_len) +{ + CBB cbb; + + /* + * First, do a quick walk to find any indefinite-length elements. Most + * of the time we hope that there aren't any and thus we can quickly + * return. + */ + char conversion_needed; + if (!cbs_find_indefinite(in, &conversion_needed, 0)) + return 0; + + if (!conversion_needed) { + *out = NULL; + *out_len = 0; + return 1; + } + + if (!CBB_init(&cbb, CBS_len(in))) + return 0; + if (!cbs_convert_indefinite(in, &cbb, 0, 0, 0)) { + CBB_cleanup(&cbb); + return 0; + } + + return CBB_finish(&cbb, out, out_len); +} diff --git a/src/lib/libssl/bs_cbb.c b/src/lib/libssl/bs_cbb.c new file mode 100644 index 00000000000..a34e822c942 --- /dev/null +++ b/src/lib/libssl/bs_cbb.c @@ -0,0 +1,468 @@ +/* $OpenBSD: bs_cbb.c,v 1.20 2019/01/23 22:20:40 beck Exp $ */ +/* + * Copyright (c) 2014, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include +#include + +#include + +#include "bytestring.h" + +#define CBB_INITIAL_SIZE 64 + +static int +cbb_init(CBB *cbb, uint8_t *buf, size_t cap) +{ + struct cbb_buffer_st *base; + + base = malloc(sizeof(struct cbb_buffer_st)); + if (base == NULL) + return 0; + + base->buf = buf; + base->len = 0; + base->cap = cap; + base->can_resize = 1; + + cbb->base = base; + cbb->is_top_level = 1; + + return 1; +} + +int +CBB_init(CBB *cbb, size_t initial_capacity) +{ + uint8_t *buf = NULL; + + memset(cbb, 0, sizeof(*cbb)); + + if (initial_capacity == 0) + initial_capacity = CBB_INITIAL_SIZE; + + if ((buf = malloc(initial_capacity)) == NULL) + return 0; + + if (!cbb_init(cbb, buf, initial_capacity)) { + free(buf); + return 0; + } + + return 1; +} + +int +CBB_init_fixed(CBB *cbb, uint8_t *buf, size_t len) +{ + memset(cbb, 0, sizeof(*cbb)); + + if (!cbb_init(cbb, buf, len)) + return 0; + + cbb->base->can_resize = 0; + + return 1; +} + +void +CBB_cleanup(CBB *cbb) +{ + if (cbb->base) { + if (cbb->base->can_resize) + freezero(cbb->base->buf, cbb->base->cap); + free(cbb->base); + } + cbb->base = NULL; + cbb->child = NULL; +} + +static int +cbb_buffer_add(struct cbb_buffer_st *base, uint8_t **out, size_t len) +{ + size_t newlen; + + if (base == NULL) + return 0; + + newlen = base->len + len; + if (newlen < base->len) + /* Overflow */ + return 0; + + if (newlen > base->cap) { + size_t newcap = base->cap * 2; + uint8_t *newbuf; + + if (!base->can_resize) + return 0; + + if (newcap < base->cap || newcap < newlen) + newcap = newlen; + + newbuf = recallocarray(base->buf, base->cap, newcap, 1); + if (newbuf == NULL) + return 0; + + base->buf = newbuf; + base->cap = newcap; + } + + if (out) + *out = base->buf + base->len; + + base->len = newlen; + return 1; +} + +static int +cbb_add_u(CBB *cbb, uint32_t v, size_t len_len) +{ + uint8_t *buf; + size_t i; + + if (len_len == 0) + return 1; + + if (len_len > 4) + return 0; + + if (!CBB_flush(cbb) || !cbb_buffer_add(cbb->base, &buf, len_len)) + return 0; + + for (i = len_len - 1; i < len_len; i--) { + buf[i] = v; + v >>= 8; + } + return 1; +} + +int +CBB_finish(CBB *cbb, uint8_t **out_data, size_t *out_len) +{ + if (!cbb->is_top_level) + return 0; + + if (!CBB_flush(cbb)) + return 0; + + if (cbb->base->can_resize && (out_data == NULL || out_len == NULL)) + /* + * |out_data| and |out_len| can only be NULL if the CBB is + * fixed. + */ + return 0; + + if (out_data != NULL) + *out_data = cbb->base->buf; + + if (out_len != NULL) + *out_len = cbb->base->len; + + cbb->base->buf = NULL; + CBB_cleanup(cbb); + return 1; +} + +/* + * CBB_flush recurses and then writes out any pending length prefix. The current + * length of the underlying base is taken to be the length of the + * length-prefixed data. + */ +int +CBB_flush(CBB *cbb) +{ + size_t child_start, i, len; + + if (cbb->base == NULL) + return 0; + + if (cbb->child == NULL || cbb->pending_len_len == 0) + return 1; + + child_start = cbb->offset + cbb->pending_len_len; + + if (!CBB_flush(cbb->child) || child_start < cbb->offset || + cbb->base->len < child_start) + return 0; + + len = cbb->base->len - child_start; + + if (cbb->pending_is_asn1) { + /* + * For ASN.1, we assumed that we were using short form which + * only requires a single byte for the length octet. + * + * If it turns out that we need long form, we have to move + * the contents along in order to make space for more length + * octets. + */ + size_t len_len = 1; /* total number of length octets */ + uint8_t initial_length_byte; + + /* We already wrote 1 byte for the length. */ + if (cbb->pending_len_len != 1) + return 0; + + /* Check for long form */ + if (len > 0xfffffffe) + return 0; /* 0xffffffff is reserved */ + else if (len > 0xffffff) + len_len = 5; + else if (len > 0xffff) + len_len = 4; + else if (len > 0xff) + len_len = 3; + else if (len > 0x7f) + len_len = 2; + + if (len_len == 1) { + /* For short form, the initial byte is the length. */ + initial_length_byte = len; + len = 0; + + } else { + /* + * For long form, the initial byte is the number of + * subsequent length octets (plus bit 8 set). + */ + initial_length_byte = 0x80 | (len_len - 1); + + /* + * We need to move the contents along in order to make + * space for the long form length octets. + */ + size_t extra_bytes = len_len - 1; + if (!cbb_buffer_add(cbb->base, NULL, extra_bytes)) + return 0; + + memmove(cbb->base->buf + child_start + extra_bytes, + cbb->base->buf + child_start, len); + } + cbb->base->buf[cbb->offset++] = initial_length_byte; + cbb->pending_len_len = len_len - 1; + } + + for (i = cbb->pending_len_len - 1; i < cbb->pending_len_len; i--) { + cbb->base->buf[cbb->offset + i] = len; + len >>= 8; + } + if (len != 0) + return 0; + + cbb->child->base = NULL; + cbb->child = NULL; + cbb->pending_len_len = 0; + cbb->pending_is_asn1 = 0; + cbb->offset = 0; + + return 1; +} + +void +CBB_discard_child(CBB *cbb) +{ + if (cbb->child == NULL) + return; + + cbb->base->len = cbb->offset; + + cbb->child->base = NULL; + cbb->child = NULL; + cbb->pending_len_len = 0; + cbb->pending_is_asn1 = 0; + cbb->offset = 0; +} + +static int +cbb_add_length_prefixed(CBB *cbb, CBB *out_contents, size_t len_len) +{ + uint8_t *prefix_bytes; + + if (!CBB_flush(cbb)) + return 0; + + cbb->offset = cbb->base->len; + if (!cbb_buffer_add(cbb->base, &prefix_bytes, len_len)) + return 0; + + memset(prefix_bytes, 0, len_len); + memset(out_contents, 0, sizeof(CBB)); + out_contents->base = cbb->base; + cbb->child = out_contents; + cbb->pending_len_len = len_len; + cbb->pending_is_asn1 = 0; + + return 1; +} + +int +CBB_add_u8_length_prefixed(CBB *cbb, CBB *out_contents) +{ + return cbb_add_length_prefixed(cbb, out_contents, 1); +} + +int +CBB_add_u16_length_prefixed(CBB *cbb, CBB *out_contents) +{ + return cbb_add_length_prefixed(cbb, out_contents, 2); +} + +int +CBB_add_u24_length_prefixed(CBB *cbb, CBB *out_contents) +{ + return cbb_add_length_prefixed(cbb, out_contents, 3); +} + +int +CBB_add_asn1(CBB *cbb, CBB *out_contents, unsigned int tag) +{ + if (tag > UINT8_MAX) + return 0; + + /* Long form identifier octets are not supported. */ + if ((tag & 0x1f) == 0x1f) + return 0; + + /* Short-form identifier octet only needs a single byte */ + if (!CBB_flush(cbb) || !CBB_add_u8(cbb, tag)) + return 0; + + /* + * Add 1 byte to cover the short-form length octet case. If it turns + * out we need long-form, it will be extended later. + */ + cbb->offset = cbb->base->len; + if (!CBB_add_u8(cbb, 0)) + return 0; + + memset(out_contents, 0, sizeof(CBB)); + out_contents->base = cbb->base; + cbb->child = out_contents; + cbb->pending_len_len = 1; + cbb->pending_is_asn1 = 1; + + return 1; +} + +int +CBB_add_bytes(CBB *cbb, const uint8_t *data, size_t len) +{ + uint8_t *dest; + + if (!CBB_add_space(cbb, &dest, len)) + return 0; + + memcpy(dest, data, len); + return 1; +} + +int +CBB_add_space(CBB *cbb, uint8_t **out_data, size_t len) +{ + if (!CBB_flush(cbb) || !cbb_buffer_add(cbb->base, out_data, len)) + return 0; + + return 1; +} + +int +CBB_add_u8(CBB *cbb, size_t value) +{ + if (value > UINT8_MAX) + return 0; + + return cbb_add_u(cbb, (uint32_t)value, 1); +} + +int +CBB_add_u16(CBB *cbb, size_t value) +{ + if (value > UINT16_MAX) + return 0; + + return cbb_add_u(cbb, (uint32_t)value, 2); +} + +int +CBB_add_u24(CBB *cbb, size_t value) +{ + if (value > 0xffffffUL) + return 0; + + return cbb_add_u(cbb, (uint32_t)value, 3); +} + +int +CBB_add_u32(CBB *cbb, size_t value) +{ + if (value > 0xffffffffUL) + return 0; + + return cbb_add_u(cbb, (uint32_t)value, 4); +} + +int +CBB_add_asn1_uint64(CBB *cbb, uint64_t value) +{ + CBB child; + size_t i; + int started = 0; + + if (!CBB_add_asn1(cbb, &child, CBS_ASN1_INTEGER)) + return 0; + + for (i = 0; i < 8; i++) { + uint8_t byte = (value >> 8 * (7 - i)) & 0xff; + + /* + * ASN.1 restriction: first 9 bits cannot be all zeroes or + * all ones. Since this function only encodes unsigned + * integers, the only concerns are not encoding leading + * zeros and adding a padding byte if necessary. + * + * In practice, this means: + * 1) Skip leading octets of all zero bits in the value + * 2) After skipping the leading zero octets, if the next 9 + * bits are all ones, add an all zero prefix octet (and + * set the high bit of the prefix octet if negative). + * + * Additionally, for an unsigned value, add an all zero + * prefix if the high bit of the first octet would be one. + */ + if (!started) { + if (byte == 0) + /* Don't encode leading zeros. */ + continue; + + /* + * If the high bit is set, add a padding byte to make it + * unsigned. + */ + if ((byte & 0x80) && !CBB_add_u8(&child, 0)) + return 0; + + started = 1; + } + if (!CBB_add_u8(&child, byte)) + return 0; + } + + /* 0 is encoded as a single 0, not the empty string. */ + if (!started && !CBB_add_u8(&child, 0)) + return 0; + + return CBB_flush(cbb); +} diff --git a/src/lib/libssl/bs_cbs.c b/src/lib/libssl/bs_cbs.c new file mode 100644 index 00000000000..5c3b9e3ec6c --- /dev/null +++ b/src/lib/libssl/bs_cbs.c @@ -0,0 +1,508 @@ +/* $OpenBSD: bs_cbs.c,v 1.18 2019/01/23 22:20:40 beck Exp $ */ +/* + * Copyright (c) 2014, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include +#include + +#include +#include +#include + +#include "bytestring.h" + +void +CBS_init(CBS *cbs, const uint8_t *data, size_t len) +{ + cbs->data = data; + cbs->initial_len = len; + cbs->len = len; +} + +void +CBS_dup(const CBS *cbs, CBS *out) +{ + CBS_init(out, CBS_data(cbs), CBS_len(cbs)); + out->initial_len = cbs->initial_len; +} + +static int +cbs_get(CBS *cbs, const uint8_t **p, size_t n) +{ + if (cbs->len < n) + return 0; + + *p = cbs->data; + cbs->data += n; + cbs->len -= n; + return 1; +} + +size_t +CBS_offset(const CBS *cbs) +{ + return cbs->initial_len - cbs->len; +} + +int +CBS_skip(CBS *cbs, size_t len) +{ + const uint8_t *dummy; + return cbs_get(cbs, &dummy, len); +} + +const uint8_t * +CBS_data(const CBS *cbs) +{ + return cbs->data; +} + +size_t +CBS_len(const CBS *cbs) +{ + return cbs->len; +} + +int +CBS_stow(const CBS *cbs, uint8_t **out_ptr, size_t *out_len) +{ + free(*out_ptr); + *out_ptr = NULL; + *out_len = 0; + + if (cbs->len == 0) + return 1; + + if ((*out_ptr = malloc(cbs->len)) == NULL) + return 0; + + memcpy(*out_ptr, cbs->data, cbs->len); + + *out_len = cbs->len; + return 1; +} + +int +CBS_strdup(const CBS *cbs, char **out_ptr) +{ + free(*out_ptr); + *out_ptr = strndup((const char *)cbs->data, cbs->len); + return (*out_ptr != NULL); +} + +int +CBS_write_bytes(const CBS *cbs, uint8_t *dst, size_t dst_len, size_t *copied) +{ + if (dst_len < cbs->len) + return 0; + + memmove(dst, cbs->data, cbs->len); + + if (copied != NULL) + *copied = cbs->len; + + return 1; +} + +int +CBS_contains_zero_byte(const CBS *cbs) +{ + return memchr(cbs->data, 0, cbs->len) != NULL; +} + +int +CBS_mem_equal(const CBS *cbs, const uint8_t *data, size_t len) +{ + if (len != cbs->len) + return 0; + + return timingsafe_memcmp(cbs->data, data, len) == 0; +} + +static int +cbs_get_u(CBS *cbs, uint32_t *out, size_t len) +{ + uint32_t result = 0; + size_t i; + const uint8_t *data; + + if (len < 1 || len > 4) + return 0; + + if (!cbs_get(cbs, &data, len)) + return 0; + + for (i = 0; i < len; i++) { + result <<= 8; + result |= data[i]; + } + *out = result; + return 1; +} + +int +CBS_get_u8(CBS *cbs, uint8_t *out) +{ + const uint8_t *v; + + if (!cbs_get(cbs, &v, 1)) + return 0; + + *out = *v; + return 1; +} + +int +CBS_get_u16(CBS *cbs, uint16_t *out) +{ + uint32_t v; + + if (!cbs_get_u(cbs, &v, 2)) + return 0; + + *out = v; + return 1; +} + +int +CBS_get_u24(CBS *cbs, uint32_t *out) +{ + return cbs_get_u(cbs, out, 3); +} + +int +CBS_get_u32(CBS *cbs, uint32_t *out) +{ + return cbs_get_u(cbs, out, 4); +} + +int +CBS_get_bytes(CBS *cbs, CBS *out, size_t len) +{ + const uint8_t *v; + + if (!cbs_get(cbs, &v, len)) + return 0; + + CBS_init(out, v, len); + return 1; +} + +static int +cbs_get_length_prefixed(CBS *cbs, CBS *out, size_t len_len) +{ + uint32_t len; + + if (!cbs_get_u(cbs, &len, len_len)) + return 0; + + return CBS_get_bytes(cbs, out, len); +} + +int +CBS_get_u8_length_prefixed(CBS *cbs, CBS *out) +{ + return cbs_get_length_prefixed(cbs, out, 1); +} + +int +CBS_get_u16_length_prefixed(CBS *cbs, CBS *out) +{ + return cbs_get_length_prefixed(cbs, out, 2); +} + +int +CBS_get_u24_length_prefixed(CBS *cbs, CBS *out) +{ + return cbs_get_length_prefixed(cbs, out, 3); +} + +int +CBS_get_any_asn1_element(CBS *cbs, CBS *out, unsigned int *out_tag, + size_t *out_header_len) +{ + return cbs_get_any_asn1_element_internal(cbs, out, out_tag, + out_header_len, 1); +} + +/* + * Review X.690 for details on ASN.1 DER encoding. + * + * If non-strict mode is enabled, then DER rules are relaxed + * for indefinite constructs (violates DER but a little closer to BER). + * Non-strict mode should only be used by bs_ber.c + * + * Sections 8, 10 and 11 for DER encoding + */ +int +cbs_get_any_asn1_element_internal(CBS *cbs, CBS *out, unsigned int *out_tag, + size_t *out_header_len, int strict) +{ + uint8_t tag, length_byte; + CBS header = *cbs; + CBS throwaway; + size_t len; + + if (out == NULL) + out = &throwaway; + + /* + * Get identifier octet and length octet. Only 1 octet for each + * is a CBS limitation. + */ + if (!CBS_get_u8(&header, &tag) || !CBS_get_u8(&header, &length_byte)) + return 0; + + /* CBS limitation: long form tags are not supported. */ + if ((tag & 0x1f) == 0x1f) + return 0; + + if (out_tag != NULL) + *out_tag = tag; + + if ((length_byte & 0x80) == 0) { + /* Short form length. */ + len = ((size_t) length_byte) + 2; + if (out_header_len != NULL) + *out_header_len = 2; + + } else { + /* Long form length. */ + const size_t num_bytes = length_byte & 0x7f; + uint32_t len32; + + /* ASN.1 reserved value for future extensions */ + if (num_bytes == 0x7f) + return 0; + + /* Handle indefinite form length */ + if (num_bytes == 0) { + /* DER encoding doesn't allow for indefinite form. */ + if (strict) + return 0; + + /* Primitive cannot use indefinite in BER or DER. */ + if ((tag & CBS_ASN1_CONSTRUCTED) == 0) + return 0; + + /* Constructed, indefinite length allowed in BER. */ + if (out_header_len != NULL) + *out_header_len = 2; + return CBS_get_bytes(cbs, out, 2); + } + + /* CBS limitation. */ + if (num_bytes > 4) + return 0; + + if (!cbs_get_u(&header, &len32, num_bytes)) + return 0; + + /* DER has a minimum length octet requirement. */ + if (len32 < 128) + /* Should have used short form instead */ + return 0; + + if ((len32 >> ((num_bytes - 1) * 8)) == 0) + /* Length should have been at least one byte shorter. */ + return 0; + + len = len32; + if (len + 2 + num_bytes < len) + /* Overflow. */ + return 0; + + len += 2 + num_bytes; + if (out_header_len != NULL) + *out_header_len = 2 + num_bytes; + } + + return CBS_get_bytes(cbs, out, len); +} + +static int +cbs_get_asn1(CBS *cbs, CBS *out, unsigned int tag_value, int skip_header) +{ + size_t header_len; + unsigned int tag; + CBS throwaway; + + if (out == NULL) + out = &throwaway; + + if (!CBS_get_any_asn1_element(cbs, out, &tag, &header_len) || + tag != tag_value) + return 0; + + if (skip_header && !CBS_skip(out, header_len)) + return 0; + + return 1; +} + +int +CBS_get_asn1(CBS *cbs, CBS *out, unsigned int tag_value) +{ + return cbs_get_asn1(cbs, out, tag_value, 1 /* skip header */); +} + +int +CBS_get_asn1_element(CBS *cbs, CBS *out, unsigned int tag_value) +{ + return cbs_get_asn1(cbs, out, tag_value, 0 /* include header */); +} + +int +CBS_peek_asn1_tag(const CBS *cbs, unsigned int tag_value) +{ + if (CBS_len(cbs) < 1) + return 0; + + /* + * Tag number 31 indicates the start of a long form number. + * This is valid in ASN.1, but CBS only supports short form. + */ + if ((tag_value & 0x1f) == 0x1f) + return 0; + + return CBS_data(cbs)[0] == tag_value; +} + +/* Encoding details are in ASN.1: X.690 section 8.3 */ +int +CBS_get_asn1_uint64(CBS *cbs, uint64_t *out) +{ + CBS bytes; + const uint8_t *data; + size_t i, len; + + if (!CBS_get_asn1(cbs, &bytes, CBS_ASN1_INTEGER)) + return 0; + + *out = 0; + data = CBS_data(&bytes); + len = CBS_len(&bytes); + + if (len == 0) + /* An INTEGER is encoded with at least one content octet. */ + return 0; + + if ((data[0] & 0x80) != 0) + /* Negative number. */ + return 0; + + if (data[0] == 0 && len > 1 && (data[1] & 0x80) == 0) + /* Violates smallest encoding rule: excessive leading zeros. */ + return 0; + + for (i = 0; i < len; i++) { + if ((*out >> 56) != 0) + /* Too large to represent as a uint64_t. */ + return 0; + + *out <<= 8; + *out |= data[i]; + } + + return 1; +} + +int +CBS_get_optional_asn1(CBS *cbs, CBS *out, int *out_present, unsigned int tag) +{ + if (CBS_peek_asn1_tag(cbs, tag)) { + if (!CBS_get_asn1(cbs, out, tag)) + return 0; + + *out_present = 1; + } else { + *out_present = 0; + } + return 1; +} + +int +CBS_get_optional_asn1_octet_string(CBS *cbs, CBS *out, int *out_present, + unsigned int tag) +{ + CBS child; + int present; + + if (!CBS_get_optional_asn1(cbs, &child, &present, tag)) + return 0; + + if (present) { + if (!CBS_get_asn1(&child, out, CBS_ASN1_OCTETSTRING) || + CBS_len(&child) != 0) + return 0; + } else { + CBS_init(out, NULL, 0); + } + if (out_present) + *out_present = present; + + return 1; +} + +int +CBS_get_optional_asn1_uint64(CBS *cbs, uint64_t *out, unsigned int tag, + uint64_t default_value) +{ + CBS child; + int present; + + if (!CBS_get_optional_asn1(cbs, &child, &present, tag)) + return 0; + + if (present) { + if (!CBS_get_asn1_uint64(&child, out) || + CBS_len(&child) != 0) + return 0; + } else { + *out = default_value; + } + return 1; +} + +int +CBS_get_optional_asn1_bool(CBS *cbs, int *out, unsigned int tag, + int default_value) +{ + CBS child, child2; + int present; + + if (!CBS_get_optional_asn1(cbs, &child, &present, tag)) + return 0; + + if (present) { + uint8_t boolean; + + if (!CBS_get_asn1(&child, &child2, CBS_ASN1_BOOLEAN) || + CBS_len(&child2) != 1 || CBS_len(&child) != 0) + return 0; + + boolean = CBS_data(&child2)[0]; + if (boolean == 0) + *out = 0; + else if (boolean == 0xff) + *out = 1; + else + return 0; + + } else { + *out = default_value; + } + return 1; +} diff --git a/src/lib/libssl/bytestring.h b/src/lib/libssl/bytestring.h new file mode 100644 index 00000000000..20ee43999d5 --- /dev/null +++ b/src/lib/libssl/bytestring.h @@ -0,0 +1,519 @@ +/* $OpenBSD: bytestring.h,v 1.17 2018/08/16 18:39:37 jsing Exp $ */ +/* + * Copyright (c) 2014, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#ifndef OPENSSL_HEADER_BYTESTRING_H +#define OPENSSL_HEADER_BYTESTRING_H + +#include +#include + +#include + +__BEGIN_HIDDEN_DECLS + +/* + * Bytestrings are used for parsing and building TLS and ASN.1 messages. + * + * A "CBS" (CRYPTO ByteString) represents a string of bytes in memory and + * provides utility functions for safely parsing length-prefixed structures + * like TLS and ASN.1 from it. + * + * A "CBB" (CRYPTO ByteBuilder) is a memory buffer that grows as needed and + * provides utility functions for building length-prefixed messages. + */ + +/* CRYPTO ByteString */ +typedef struct cbs_st { + const uint8_t *data; + size_t initial_len; + size_t len; +} CBS; + +/* + * CBS_init sets |cbs| to point to |data|. It does not take ownership of + * |data|. + */ +void CBS_init(CBS *cbs, const uint8_t *data, size_t len); + +/* + * CBS_skip advances |cbs| by |len| bytes. It returns one on success and zero + * otherwise. + */ +int CBS_skip(CBS *cbs, size_t len); + +/* + * CBS_data returns a pointer to the contents of |cbs|. + */ +const uint8_t *CBS_data(const CBS *cbs); + +/* + * CBS_len returns the number of bytes remaining in |cbs|. + */ +size_t CBS_len(const CBS *cbs); + +/* + * CBS_offset returns the current offset into the original data of |cbs|. + */ +size_t CBS_offset(const CBS *cbs); + +/* + * CBS_stow copies the current contents of |cbs| into |*out_ptr| and + * |*out_len|. If |*out_ptr| is not NULL, the contents are freed with + * free. It returns one on success and zero on allocation failure. On + * success, |*out_ptr| should be freed with free. If |cbs| is empty, + * |*out_ptr| will be NULL. + */ +int CBS_stow(const CBS *cbs, uint8_t **out_ptr, size_t *out_len); + +/* + * CBS_strdup copies the current contents of |cbs| into |*out_ptr| as a + * NUL-terminated C string. If |*out_ptr| is not NULL, the contents are freed + * with free. It returns one on success and zero on allocation + * failure. On success, |*out_ptr| should be freed with free. + * + * NOTE: If |cbs| contains NUL bytes, the string will be truncated. Call + * |CBS_contains_zero_byte(cbs)| to check for NUL bytes. + */ +int CBS_strdup(const CBS *cbs, char **out_ptr); + +/* + * CBS_write_bytes writes all of the remaining data from |cbs| into |dst| + * if it is at most |dst_len| bytes. If |copied| is not NULL, it will be set + * to the amount copied. It returns one on success and zero otherwise. + */ +int CBS_write_bytes(const CBS *cbs, uint8_t *dst, size_t dst_len, + size_t *copied); + +/* + * CBS_contains_zero_byte returns one if the current contents of |cbs| contains + * a NUL byte and zero otherwise. + */ +int CBS_contains_zero_byte(const CBS *cbs); + +/* + * CBS_mem_equal compares the current contents of |cbs| with the |len| bytes + * starting at |data|. If they're equal, it returns one, otherwise zero. If the + * lengths match, it uses a constant-time comparison. + */ +int CBS_mem_equal(const CBS *cbs, const uint8_t *data, size_t len); + +/* + * CBS_get_u8 sets |*out| to the next uint8_t from |cbs| and advances |cbs|. It + * returns one on success and zero on error. + */ +int CBS_get_u8(CBS *cbs, uint8_t *out); + +/* + * CBS_get_u16 sets |*out| to the next, big-endian uint16_t from |cbs| and + * advances |cbs|. It returns one on success and zero on error. + */ +int CBS_get_u16(CBS *cbs, uint16_t *out); + +/* + * CBS_get_u24 sets |*out| to the next, big-endian 24-bit value from |cbs| and + * advances |cbs|. It returns one on success and zero on error. + */ +int CBS_get_u24(CBS *cbs, uint32_t *out); + +/* + * CBS_get_u32 sets |*out| to the next, big-endian uint32_t value from |cbs| + * and advances |cbs|. It returns one on success and zero on error. + */ +int CBS_get_u32(CBS *cbs, uint32_t *out); + +/* + * CBS_get_bytes sets |*out| to the next |len| bytes from |cbs| and advances + * |cbs|. It returns one on success and zero on error. + */ +int CBS_get_bytes(CBS *cbs, CBS *out, size_t len); + +/* + * CBS_get_u8_length_prefixed sets |*out| to the contents of an 8-bit, + * length-prefixed value from |cbs| and advances |cbs| over it. It returns one + * on success and zero on error. + */ +int CBS_get_u8_length_prefixed(CBS *cbs, CBS *out); + +/* + * CBS_get_u16_length_prefixed sets |*out| to the contents of a 16-bit, + * big-endian, length-prefixed value from |cbs| and advances |cbs| over it. It + * returns one on success and zero on error. + */ +int CBS_get_u16_length_prefixed(CBS *cbs, CBS *out); + +/* + * CBS_get_u24_length_prefixed sets |*out| to the contents of a 24-bit, + * big-endian, length-prefixed value from |cbs| and advances |cbs| over it. It + * returns one on success and zero on error. + */ +int CBS_get_u24_length_prefixed(CBS *cbs, CBS *out); + + +/* Parsing ASN.1 */ + +/* + * While an identifier can be multiple octets, this library only handles the + * single octet variety currently. This limits support up to tag number 30 + * since tag number 31 is a reserved value to indicate multiple octets. + */ + +/* Bits 8 and 7: class tag type: See X.690 section 8.1.2.2. */ +#define CBS_ASN1_UNIVERSAL 0x00 +#define CBS_ASN1_APPLICATION 0x40 +#define CBS_ASN1_CONTEXT_SPECIFIC 0x80 +#define CBS_ASN1_PRIVATE 0xc0 + +/* Bit 6: Primitive or constructed: See X.690 section 8.1.2.3. */ +#define CBS_ASN1_PRIMITIVE 0x00 +#define CBS_ASN1_CONSTRUCTED 0x20 + +/* + * Bits 5 to 1 are the tag number. See X.680 section 8.6 for tag numbers of + * the universal class. + */ + +/* + * Common universal identifier octets. + * See X.690 section 8.1 and X.680 section 8.6 for universal tag numbers. + * + * Note: These definitions are the cause of some of the strange behavior in + * CBS's bs_ber.c. + * + * In BER, it is the sender's option to use primitive or constructed for + * bitstring (X.690 section 8.6.1) and octetstring (X.690 section 8.7.1). + * + * In DER, bitstring and octetstring are required to be primitive + * (X.690 section 10.2). + */ +#define CBS_ASN1_BOOLEAN (CBS_ASN1_UNIVERSAL | CBS_ASN1_PRIMITIVE | 0x1) +#define CBS_ASN1_INTEGER (CBS_ASN1_UNIVERSAL | CBS_ASN1_PRIMITIVE | 0x2) +#define CBS_ASN1_BITSTRING (CBS_ASN1_UNIVERSAL | CBS_ASN1_PRIMITIVE | 0x3) +#define CBS_ASN1_OCTETSTRING (CBS_ASN1_UNIVERSAL | CBS_ASN1_PRIMITIVE | 0x4) +#define CBS_ASN1_OBJECT (CBS_ASN1_UNIVERSAL | CBS_ASN1_PRIMITIVE | 0x6) +#define CBS_ASN1_ENUMERATED (CBS_ASN1_UNIVERSAL | CBS_ASN1_PRIMITIVE | 0xa) +#define CBS_ASN1_SEQUENCE (CBS_ASN1_UNIVERSAL | CBS_ASN1_CONSTRUCTED | 0x10) +#define CBS_ASN1_SET (CBS_ASN1_UNIVERSAL | CBS_ASN1_CONSTRUCTED | 0x11) + +/* + * CBS_get_asn1 sets |*out| to the contents of DER-encoded, ASN.1 element (not + * including tag and length bytes) and advances |cbs| over it. The ASN.1 + * element must match |tag_value|. It returns one on success and zero + * on error. + * + * Tag numbers greater than 30 are not supported (i.e. short form only). + */ +int CBS_get_asn1(CBS *cbs, CBS *out, unsigned int tag_value); + +/* + * CBS_get_asn1_element acts like |CBS_get_asn1| but |out| will include the + * ASN.1 header bytes too. + */ +int CBS_get_asn1_element(CBS *cbs, CBS *out, unsigned int tag_value); + +/* + * CBS_peek_asn1_tag looks ahead at the next ASN.1 tag and returns one + * if the next ASN.1 element on |cbs| would have tag |tag_value|. If + * |cbs| is empty or the tag does not match, it returns zero. Note: if + * it returns one, CBS_get_asn1 may still fail if the rest of the + * element is malformed. + */ +int CBS_peek_asn1_tag(const CBS *cbs, unsigned int tag_value); + +/* + * CBS_get_any_asn1_element sets |*out| to contain the next ASN.1 element from + * |*cbs| (including header bytes) and advances |*cbs|. It sets |*out_tag| to + * the tag number and |*out_header_len| to the length of the ASN.1 header. + * Each of |out|, |out_tag|, and |out_header_len| may be NULL to ignore + * the value. + * + * Tag numbers greater than 30 are not supported (i.e. short form only). + */ +int CBS_get_any_asn1_element(CBS *cbs, CBS *out, unsigned int *out_tag, + size_t *out_header_len); + +/* + * CBS_get_asn1_uint64 gets an ASN.1 INTEGER from |cbs| using |CBS_get_asn1| + * and sets |*out| to its value. It returns one on success and zero on error, + * where error includes the integer being negative, or too large to represent + * in 64 bits. + */ +int CBS_get_asn1_uint64(CBS *cbs, uint64_t *out); + +/* + * CBS_get_optional_asn1 gets an optional explicitly-tagged element + * from |cbs| tagged with |tag| and sets |*out| to its contents. If + * present, it sets |*out_present| to one, otherwise zero. It returns + * one on success, whether or not the element was present, and zero on + * decode failure. + */ +int CBS_get_optional_asn1(CBS *cbs, CBS *out, int *out_present, + unsigned int tag); + +/* + * CBS_get_optional_asn1_octet_string gets an optional + * explicitly-tagged OCTET STRING from |cbs|. If present, it sets + * |*out| to the string and |*out_present| to one. Otherwise, it sets + * |*out| to empty and |*out_present| to zero. |out_present| may be + * NULL. It returns one on success, whether or not the element was + * present, and zero on decode failure. + */ +int CBS_get_optional_asn1_octet_string(CBS *cbs, CBS *out, int *out_present, + unsigned int tag); + +/* + * CBS_get_optional_asn1_uint64 gets an optional explicitly-tagged + * INTEGER from |cbs|. If present, it sets |*out| to the + * value. Otherwise, it sets |*out| to |default_value|. It returns one + * on success, whether or not the element was present, and zero on + * decode failure. + */ +int CBS_get_optional_asn1_uint64(CBS *cbs, uint64_t *out, unsigned int tag, + uint64_t default_value); + +/* + * CBS_get_optional_asn1_bool gets an optional, explicitly-tagged BOOLEAN from + * |cbs|. If present, it sets |*out| to either zero or one, based on the + * boolean. Otherwise, it sets |*out| to |default_value|. It returns one on + * success, whether or not the element was present, and zero on decode + * failure. + */ +int CBS_get_optional_asn1_bool(CBS *cbs, int *out, unsigned int tag, + int default_value); + + +/* + * CRYPTO ByteBuilder. + * + * |CBB| objects allow one to build length-prefixed serialisations. A |CBB| + * object is associated with a buffer and new buffers are created with + * |CBB_init|. Several |CBB| objects can point at the same buffer when a + * length-prefix is pending, however only a single |CBB| can be 'current' at + * any one time. For example, if one calls |CBB_add_u8_length_prefixed| then + * the new |CBB| points at the same buffer as the original. But if the original + * |CBB| is used then the length prefix is written out and the new |CBB| must + * not be used again. + * + * If one needs to force a length prefix to be written out because a |CBB| is + * going out of scope, use |CBB_flush|. + */ + +struct cbb_buffer_st { + uint8_t *buf; + + /* The number of valid bytes. */ + size_t len; + + /* The size of buf. */ + size_t cap; + + /* + * One iff |buf| is owned by this object. If not then |buf| cannot be + * resized. + */ + char can_resize; +}; + +typedef struct cbb_st { + struct cbb_buffer_st *base; + + /* + * offset is the offset from the start of |base->buf| to the position of any + * pending length-prefix. + */ + size_t offset; + + /* child points to a child CBB if a length-prefix is pending. */ + struct cbb_st *child; + + /* + * pending_len_len contains the number of bytes in a pending length-prefix, + * or zero if no length-prefix is pending. + */ + uint8_t pending_len_len; + + char pending_is_asn1; + + /* + * is_top_level is true iff this is a top-level |CBB| (as opposed to a child + * |CBB|). Top-level objects are valid arguments for |CBB_finish|. + */ + char is_top_level; +} CBB; + +/* + * CBB_init initialises |cbb| with |initial_capacity|. Since a |CBB| grows as + * needed, the |initial_capacity| is just a hint. It returns one on success or + * zero on error. + */ +int CBB_init(CBB *cbb, size_t initial_capacity); + +/* + * CBB_init_fixed initialises |cbb| to write to |len| bytes at |buf|. Since + * |buf| cannot grow, trying to write more than |len| bytes will cause CBB + * functions to fail. It returns one on success or zero on error. + */ +int CBB_init_fixed(CBB *cbb, uint8_t *buf, size_t len); + +/* + * CBB_cleanup frees all resources owned by |cbb| and other |CBB| objects + * writing to the same buffer. This should be used in an error case where a + * serialisation is abandoned. + */ +void CBB_cleanup(CBB *cbb); + +/* + * CBB_finish completes any pending length prefix and sets |*out_data| to a + * malloced buffer and |*out_len| to the length of that buffer. The caller + * takes ownership of the buffer and, unless the buffer was fixed with + * |CBB_init_fixed|, must call |free| when done. + * + * It can only be called on a "top level" |CBB|, i.e. one initialised with + * |CBB_init| or |CBB_init_fixed|. It returns one on success and zero on + * error. + */ +int CBB_finish(CBB *cbb, uint8_t **out_data, size_t *out_len); + +/* + * CBB_flush causes any pending length prefixes to be written out and any child + * |CBB| objects of |cbb| to be invalidated. It returns one on success or zero + * on error. + */ +int CBB_flush(CBB *cbb); + +/* + * CBB_discard_child discards the current unflushed child of |cbb|. Neither the + * child's contents nor the length prefix will be included in the output. + */ +void CBB_discard_child(CBB *cbb); + +/* + * CBB_add_u8_length_prefixed sets |*out_contents| to a new child of |cbb|. The + * data written to |*out_contents| will be prefixed in |cbb| with an 8-bit + * length. It returns one on success or zero on error. + */ +int CBB_add_u8_length_prefixed(CBB *cbb, CBB *out_contents); + +/* + * CBB_add_u16_length_prefixed sets |*out_contents| to a new child of |cbb|. + * The data written to |*out_contents| will be prefixed in |cbb| with a 16-bit, + * big-endian length. It returns one on success or zero on error. + */ +int CBB_add_u16_length_prefixed(CBB *cbb, CBB *out_contents); + +/* + * CBB_add_u24_length_prefixed sets |*out_contents| to a new child of |cbb|. + * The data written to |*out_contents| will be prefixed in |cbb| with a 24-bit, + * big-endian length. It returns one on success or zero on error. + */ +int CBB_add_u24_length_prefixed(CBB *cbb, CBB *out_contents); + +/* + * CBB_add_asn sets |*out_contents| to a |CBB| into which the contents of an + * ASN.1 object can be written. The |tag| argument will be used as the tag for + * the object. Passing in |tag| number 31 will return in an error since only + * single octet identifiers are supported. It returns one on success or zero + * on error. + */ +int CBB_add_asn1(CBB *cbb, CBB *out_contents, unsigned int tag); + +/* + * CBB_add_bytes appends |len| bytes from |data| to |cbb|. It returns one on + * success and zero otherwise. + */ +int CBB_add_bytes(CBB *cbb, const uint8_t *data, size_t len); + +/* + * CBB_add_space appends |len| bytes to |cbb| and sets |*out_data| to point to + * the beginning of that space. The caller must then write |len| bytes of + * actual contents to |*out_data|. It returns one on success and zero + * otherwise. + */ +int CBB_add_space(CBB *cbb, uint8_t **out_data, size_t len); + +/* + * CBB_add_u8 appends an 8-bit number from |value| to |cbb|. It returns one on + * success and zero otherwise. + */ +int CBB_add_u8(CBB *cbb, size_t value); + +/* + * CBB_add_u8 appends a 16-bit, big-endian number from |value| to |cbb|. It + * returns one on success and zero otherwise. + */ +int CBB_add_u16(CBB *cbb, size_t value); + +/* + * CBB_add_u24 appends a 24-bit, big-endian number from |value| to |cbb|. It + * returns one on success and zero otherwise. + */ +int CBB_add_u24(CBB *cbb, size_t value); + +/* + * CBB_add_u32 appends a 32-bit, big-endian number from |value| to |cbb|. It + * returns one on success and zero otherwise. + */ +int CBB_add_u32(CBB *cbb, size_t value); + +/* + * CBB_add_asn1_uint64 writes an ASN.1 INTEGER into |cbb| using |CBB_add_asn1| + * and writes |value| in its contents. It returns one on success and zero on + * error. + */ +int CBB_add_asn1_uint64(CBB *cbb, uint64_t value); + +#ifdef LIBRESSL_INTERNAL +/* + * CBS_dup sets |out| to point to cbs's |data| and |len|. It results in two + * CBS that point to the same buffer. + */ +void CBS_dup(const CBS *cbs, CBS *out); + +/* + * cbs_get_any_asn1_element sets |*out| to contain the next ASN.1 element from + * |*cbs| (including header bytes) and advances |*cbs|. It sets |*out_tag| to + * the tag number and |*out_header_len| to the length of the ASN.1 header. If + * strict mode is disabled and the element has indefinite length then |*out| + * will only contain the header. Each of |out|, |out_tag|, and + * |out_header_len| may be NULL to ignore the value. + * + * Tag numbers greater than 30 are not supported (i.e. short form only). + */ +int cbs_get_any_asn1_element_internal(CBS *cbs, CBS *out, unsigned int *out_tag, + size_t *out_header_len, int strict); + +/* + * CBS_asn1_indefinite_to_definite reads an ASN.1 structure from |in|. If it + * finds indefinite-length elements that otherwise appear to be valid DER, it + * attempts to convert the DER-like data to DER and sets |*out| and + * |*out_length| to describe a malloced buffer containing the DER data. + * Additionally, |*in| will be advanced over the ASN.1 data. + * + * If it doesn't find any indefinite-length elements then it sets |*out| to + * NULL and |*in| is unmodified. + * + * This is NOT a conversion from BER to DER. There are many restrictions when + * dealing with DER data. This is only concerned with one: indefinite vs. + * definite form. However, this suffices to handle the PKCS#7 and PKCS#12 output + * from NSS. + * + * It returns one on success and zero otherwise. + */ +int CBS_asn1_indefinite_to_definite(CBS *in, uint8_t **out, size_t *out_len); +#endif /* LIBRESSL_INTERNAL */ + +__END_HIDDEN_DECLS + +#endif /* OPENSSL_HEADER_BYTESTRING_H */ diff --git a/src/lib/libssl/crypto/Makefile b/src/lib/libssl/crypto/Makefile deleted file mode 100644 index 15c310f2ee4..00000000000 --- a/src/lib/libssl/crypto/Makefile +++ /dev/null @@ -1,307 +0,0 @@ -# $OpenBSD: Makefile,v 1.25 2002/09/03 18:59:55 markus Exp $ - -LIB= crypto - -SSLEAYDIST= src -SSL_SRC= ${.CURDIR}/../${SSLEAYDIST} -LCRYPTO_SRC= ${SSL_SRC}/crypto - -.if ${MACHINE_ARCH} == "i386" -CFLAGS+= -DL_ENDIAN -.else -.if ${MACHINE_ARCH} == "mips" -CFLAGS+= -DL_ENDIAN -.else -.if ${MACHINE_ARCH} == "vax" -CFLAGS+= -DL_ENDIAN -.else -.if ${MACHINE_ARCH} == "alpha" -# no ENDIAN stuff defined for alpha -.else -CFLAGS+= -DB_ENDIAN -.endif -.endif -.endif -.endif - -CFLAGS+= -DOPENSSL_NO_IDEA -DTERMIOS -DANSI_SOURCE -DNO_ERR -DOPENSSL_NO_ASM -CFLAGS+= -DOPENSSL_NO_RC5 -DOPENSSL_NO_KRB5 -DSO_DLFCN -DHAVE_DLFCN_H -CFLAGS+= -DNO_WINDOWS_BRAINDEATH -CFLAGS+= -DOPENSSL_NO_HW_CSWIFT -DOPENSSL_NO_HW_NCIPHER -DOPENSSL_NO_HW_ATALLA -CFLAGS+= -DOPENSSL_NO_HW_NURON -DOPENSSL_NO_HW_UBSEC -DOPENSSL_NO_HW_AEP -CFLAGS+= -DOPENSSL_NO_HW_SUREWARE -CFLAGS+= -I${.CURDIR}/../${SSLEAYDIST} -CFLAGS+= -I${LCRYPTO_SRC} -SRCS+= o_time.c -SRCS+= cryptlib.c ex_data.c cpt_err.c mem.c mem_dbg.c tmdiff.c cversion.c uid.c -CFLAGS+= -I${LCRYPTO_SRC}/md2 -SRCS+= md2_dgst.c md2_one.c -CFLAGS+= -I${LCRYPTO_SRC}/md5 -SRCS+= md5_dgst.c md5_one.c -CFLAGS+= -I${LCRYPTO_SRC}/sha -SRCS+= sha_dgst.c sha1dgst.c sha_one.c sha1_one.c -CFLAGS+= -I${LCRYPTO_SRC}/mdc2 -SRCS+= mdc2dgst.c mdc2_one.c -CFLAGS+= -I${LCRYPTO_SRC}/hmac -SRCS+= hmac.c -CFLAGS+= -I${LCRYPTO_SRC}/ripemd -SRCS+= rmd_dgst.c rmd_one.c -CFLAGS+= -I${LCRYPTO_SRC}/aes -SRCS+= aes_cbc.c aes_cfb.c aes_ctr.c aes_ecb.c aes_ofb.c aes_misc.c aes_core.c -CFLAGS+= -I${LCRYPTO_SRC}/des -SRCS+= cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c \ - ecb3_enc.c ecb_enc.c enc_read.c enc_writ.c \ - fcrypt.c ofb64enc.c ofb_enc.c pcbc_enc.c \ - qud_cksm.c rand_key.c rpc_enc.c set_key.c \ - des_enc.c des_old.c fcrypt_b.c \ - fcrypt.c xcbc_enc.c ede_cbcm_enc.c \ - str2key.c cfb64ede.c ofb64ede.c \ - des_old.c read2pwd.c -CFLAGS+= -I${LCRYPTO_SRC}/rc2 -SRCS+= rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c -SRCS+= rc2ofb64.c -CFLAGS+= -I${LCRYPTO_SRC}/rc4 -SRCS+= rc4_skey.c rc4_enc.c -#CFLAGS+= -I${LCRYPTO_SRC}/rc5 -#SRCS+= rc5_skey.c rc5_ecb.c rc5cfb64.c rc5cfb64.c -#SRCS+= rc5ofb64.c rc5_enc.c -#CFLAGS+= -I${LCRYPTO_SRC}/idea -#SRCS+= i_cbc.c i_cfb64.c i_ofb64.c i_ecb.c -#SRCS+= i_skey.c -CFLAGS+= -I${LCRYPTO_SRC}/bf -SRCS+= bf_skey.c bf_ecb.c bf_cfb64.c bf_ofb64.c bf_enc.c -CFLAGS+= -I${LCRYPTO_SRC}/cast -SRCS+= c_skey.c c_ecb.c c_cfb64.c c_ofb64.c c_enc.c -CFLAGS+= -I${LCRYPTO_SRC}/bn -SRCS+= bn_add.c bn_div.c bn_exp.c bn_lib.c -SRCS+= bn_mul.c bn_print.c bn_rand.c bn_shift.c -SRCS+= bn_word.c bn_blind.c bn_gcd.c bn_prime.c bn_err.c -SRCS+= bn_sqr.c bn_recp.c bn_mont.c bn_mpi.c bn_asm.c bn_mod.c -SRCS+= bn_exp2.c bn_ctx.c -SRCS+= bn_sqrt.c bn_kron.c -CFLAGS+= -I${LCRYPTO_SRC}/rsa -SRCS+= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c -SRCS+= rsa_saos.c rsa_err.c rsa_pk1.c rsa_ssl.c -SRCS+= rsa_none.c rsa_chk.c rsa_oaep.c rsa_null.c rsa_asn1.c -CFLAGS+= -I${LCRYPTO_SRC}/dsa -SRCS+= dsa_gen.c dsa_key.c dsa_lib.c dsa_vrf.c -SRCS+= dsa_sign.c dsa_err.c dsa_asn1.c dsa_ossl.c -CFLAGS+= -I${LCRYPTO_SRC}/dh -SRCS+= dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c dh_asn1.c -CFLAGS+= -I${LCRYPTO_SRC}/buffer -SRCS+= buffer.c buf_err.c -CFLAGS+= -I${LCRYPTO_SRC}/bio -SRCS+= bio_lib.c bio_cb.c bio_err.c bss_mem.c -SRCS+= bss_null.c bss_fd.c bss_file.c bss_sock.c -SRCS+= bss_conn.c bf_null.c bf_buff.c -SRCS+= b_print.c b_dump.c b_sock.c bss_acpt.c -SRCS+= bf_nbio.c bss_bio.c bss_log.c -CFLAGS+= -I${LCRYPTO_SRC}/stack -SRCS+= stack.c -CFLAGS+= -I${LCRYPTO_SRC}/lhash -SRCS+= lhash.c lh_stats.c -CFLAGS+= -I${LCRYPTO_SRC}/rand -SRCS+= md_rand.c randfile.c rand_lib.c rand_egd.c rand_err.c rand_unix.c -CFLAGS+= -I${LCRYPTO_SRC}/err -SRCS+= err.c err_all.c err_prn.c -CFLAGS+= -I${LCRYPTO_SRC}/objects -SRCS+= obj_dat.c obj_lib.c obj_err.c o_names.c -CFLAGS+= -I${LCRYPTO_SRC}/evp -SRCS+= bio_b64.c e_bf.c m_sha.c p_open.c -SRCS+= bio_enc.c e_cast.c e_xcbc_d.c m_dss.c m_sha1.c p_seal.c -SRCS+= bio_md.c e_des.c encode.c m_dss1.c names.c p_sign.c -SRCS+= bio_ok.c e_des3.c evp_enc.c m_md2.c p_verify.c -SRCS+= c_all.c evp_err.c m_md4.c p5_crpt.c -SRCS+= c_allc.c evp_key.c m_md5.c p5_crpt2.c -SRCS+= c_alld.c e_null.c evp_lib.c m_mdc2.c p_dec.c -SRCS+= digest.c e_rc2.c evp_pbe.c m_null.c p_enc.c -SRCS+= e_aes.c e_rc4.c evp_pkey.c m_ripemd.c p_lib.c -CFLAGS+= -I${LCRYPTO_SRC}/md4 -SRCS+= md4_dgst.c md4_one.c -CFLAGS+= -I${LCRYPTO_SRC}/pem -SRCS+= pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_pkey.c -SRCS+= pem_all.c pem_err.c pem_x509.c pem_pk8.c pem_oth.c pem_xaux.c -CFLAGS+= -I${LCRYPTO_SRC}/ui -SRCS+= ui_err.c ui_lib.c ui_openssl.c ui_compat.c ui_util.c -CFLAGS+= -I${LCRYPTO_SRC}/asn1 -SRCS+= a_bitstr.c a_mbstr.c a_utctm.c f_enum.c t_bitst.c x_name.c -SRCS+= a_bool.c a_meth.c a_utf8.c f_int.c t_crl.c tasn_typ.c x_pkey.c -SRCS+= a_bytes.c a_object.c a_verify.c f_string.c t_pkey.c tasn_utl.c x_pubkey.c -SRCS+= a_d2i_fp.c a_octet.c asn1_err.c i2d_pr.c t_req.c x_algor.c x_req.c -SRCS+= a_digest.c a_print.c asn1_lib.c i2d_pu.c t_spki.c x_attrib.c x_sig.c -SRCS+= a_dup.c a_set.c asn1_par.c n_pkey.c t_x509.c x_bignum.c x_spki.c -SRCS+= a_enum.c a_sign.c asn_pack.c nsseq.c t_x509a.c x_val.c -SRCS+= a_gentm.c a_strex.c d2i_pr.c p5_pbe.c tasn_dec.c x_crl.c x_x509.c -SRCS+= a_hdr.c a_strnid.c d2i_pu.c p5_pbev2.c tasn_enc.c x_exten.c x_x509a.c -SRCS+= a_i2d_fp.c a_time.c evp_asn1.c tasn_fre.c x_info.c -SRCS+=a_int.c a_type.c p8_pkey.c tasn_new.c x_long.c asn_moid.c -CFLAGS+= -I${LCRYPTO_SRC}/x509 -SRCS+= x509_d2.c x509_lu.c x509_set.c x509_vfy.c x509spki.c by_dir.c -SRCS+= x509_def.c x509_obj.c x509_trs.c x509cset.c x509type.c by_file.c -SRCS+= x509_att.c x509_err.c x509_r2x.c x509_txt.c x509name.c x_all.c -SRCS+= x509_cmp.c x509_ext.c x509_req.c x509_v3.c x509rset.c -CFLAGS+= -I${LCRYPTO_SRC}/x509v3 -SRCS+= v3_akey.c v3_alt.c v3_bcons.c v3_bitst.c v3_conf.c v3_cpols.c -SRCS+= v3_crld.c v3_enum.c v3_extku.c v3_genn.c v3_ia5.c v3_int.c -SRCS+= v3_lib.c v3_pku.c v3_prn.c v3_skey.c v3_sxnet.c v3_utl.c -SRCS+= v3err.c v3_info.c v3_purp.c v3_ocsp.c v3_akeya.c -CFLAGS+= -I${LCRYPTO_SRC}/conf -SRCS+= conf_err.c conf_lib.c conf_def.c conf_api.c conf_mod.c conf_mall.c -CFLAGS+= -I${LCRYPTO_SRC}/txt_db -SRCS+= txt_db.c -CFLAGS+= -I${LCRYPTO_SRC}/pkcs7 -SRCS+= pk7_lib.c pkcs7err.c -SRCS+= pk7_asn1.c pk7_doit.c pk7_mime.c -SRCS+= pk7_attr.c pk7_smime.c -CFLAGS+= -I${LCRYPTO_SRC}/comp -SRCS+= c_rle.c c_zlib.c comp_lib.c -CFLAGS+= -I${LCRYPTO_SRC}/pkcs12 -SRCS+= p12_add.c p12_crpt.c p12_init.c p12_mutl.c p12_p8e.c -SRCS+= p12_asn.c p12_crt.c p12_key.c p12_npas.c p12_utl.c -SRCS+= p12_attr.c p12_decr.c p12_kiss.c p12_p8d.c pk12err.c -CFLAGS+= -I${LCRYPTO_SRC}/engine -SRCS+= eng_all.c eng_openssl.c eng_ctrl.c eng_pkey.c -SRCS+= eng_dyn.c eng_table.c tb_cipher.c eng_err.c tb_rsa.c -SRCS+= hw_cryptodev.c eng_cnf.c -SRCS+= tb_dh.c eng_fat.c tb_digest.c eng_init.c -SRCS+= tb_dsa.c eng_lib.c tb_rand.c eng_list.c -SRCs+= tb_rsa.c -CFLAGS+= -I${LCRYPTO_SRC}/dso -SRCS+= dso_dl.c dso_dlfcn.c dso_err.c dso_lib.c dso_null.c -SRCS+= dso_openssl.c dso_win32.c dso_vms.c -CFLAGS+= -I${LCRYPTO_SRC}/oscp -SRCS+= ocsp_asn.c ocsp_err.c ocsp_ht.c ocsp_prn.c ocsp_vfy.c -SRCS+= ocsp_cl.c ocsp_ext.c ocsp_lib.c ocsp_srv.c -CFLAGS+= -I${LCRYPTO_SRC}/ec -SRCS+= ec_cvt.c ec_lib.c ecp_mont.c ecp_recp.c -SRCS+= ec_err.c ec_mult.c ecp_nist.c ecp_smpl.c - -.PATH: ${LCRYPTO_SRC}/md2 ${LCRYPTO_SRC}/md5 ${LCRYPTO_SRC}/sha \ - ${LCRYPTO_SRC}/mdc2 ${LCRYPTO_SRC}/hmac ${LCRYPTO_SRC}/ripemd \ - ${LCRYPTO_SRC}/des ${LCRYPTO_SRC}/rc2 ${LCRYPTO_SRC}/rc4 \ - ${LCRYPTO_SRC}/rc5 ${LCRYPTO_SRC}/idea ${LCRYPTO_SRC}/bf \ - ${LCRYPTO_SRC}/cast ${LCRYPTO_SRC}/bn ${LCRYPTO_SRC}/rsa \ - ${LCRYPTO_SRC}/dsa ${LCRYPTO_SRC}/dh ${LCRYPTO_SRC}/buffer \ - ${LCRYPTO_SRC}/bio ${LCRYPTO_SRC}/stack ${LCRYPTO_SRC}/lhash \ - ${LCRYPTO_SRC}/rand ${LCRYPTO_SRC}/err ${LCRYPTO_SRC}/objects \ - ${LCRYPTO_SRC}/evp ${LCRYPTO_SRC}/pem ${LCRYPTO_SRC}/asn1 \ - ${LCRYPTO_SRC}/asn1 ${LCRYPTO_SRC}/x509 ${LCRYPTO_SRC}/conf \ - ${LCRYPTO_SRC}/pkcs7 ${LCRYPTO_SRC}/x509v3 ${LCRYPTO_SRC}/pkcs12 \ - ${LCRYPTO_SRC}/comp ${LCRYPTO_SRC}/txt_db ${LCRYPTO_SRC}/md4 \ - ${LCRYPTO_SRC}/engine ${LCRYPTO_SRC}/dso ${LCRYPTO_SRC}/ui \ - ${LCRYPTO_SRC}/ocsp ${LCRYPTO_SRC}/ec ${LCRYPTO_SRC}/aes ${LCRYPTO_SRC} - -HDRS=\ - crypto/aes/aes.h \ - crypto/asn1/asn1.h \ - crypto/asn1/asn1_mac.h \ - crypto/asn1/asn1t.h \ - crypto/bf/blowfish.h \ - crypto/bio/bio.h \ - crypto/bn/bn.h \ - crypto/buffer/buffer.h \ - crypto/cast/cast.h \ - crypto/comp/comp.h \ - crypto/conf/conf.h \ - crypto/conf/conf_api.h \ - crypto/crypto.h \ - crypto/des/des.h \ - crypto/des/des_old.h \ - crypto/dh/dh.h \ - crypto/dsa/dsa.h \ - crypto/dso/dso.h \ - crypto/ebcdic.h \ - crypto/ec/ec.h \ - crypto/engine/engine.h \ - crypto/err/err.h \ - crypto/evp/evp.h \ - crypto/hmac/hmac.h \ - crypto/idea/idea.h \ - crypto/lhash/lhash.h \ - crypto/md2/md2.h \ - crypto/md4/md4.h \ - crypto/md5/md5.h \ - crypto/mdc2/mdc2.h \ - crypto/objects/objects.h \ - crypto/ocsp/ocsp.h \ - crypto/opensslv.h \ - crypto/ossl_typ.h \ - crypto/pem/pem.h \ - crypto/pem/pem2.h \ - crypto/pkcs12/pkcs12.h \ - crypto/pkcs7/pkcs7.h \ - crypto/rand/rand.h \ - crypto/rc2/rc2.h \ - crypto/rc4/rc4.h \ - crypto/rc5/rc5.h \ - crypto/ripemd/ripemd.h \ - crypto/rsa/rsa.h \ - crypto/sha/sha.h \ - crypto/stack/safestack.h \ - crypto/stack/stack.h \ - crypto/symhacks.h \ - crypto/tmdiff.h \ - crypto/txt_db/txt_db.h \ - crypto/ui/ui.h \ - crypto/ui/ui_compat.h \ - crypto/x509/x509.h \ - crypto/x509/x509_vfy.h \ - crypto/x509v3/x509v3.h \ - e_os2.h - -HDRS_GEN=\ - ${.CURDIR}/arch/${MACHINE_ARCH}/opensslconf.h \ - ${.OBJDIR}/obj_mac.h - -includes: obj_mac.h - @test -d ${DESTDIR}/usr/include/ssl || mkdir ${DESTDIR}/usr/include/ssl - @d=`mktemp -d /tmp/libsslXXXXXXXXXX`; \ - for i in $(HDRS); do \ - f=`basename $$i`; \ - j="sed 's/$$d/$$f && \ - (cmp -s $$d/$$f ${DESTDIR}/usr/include/ssl/$$f || \ - ${INSTALL} ${INSTALL_COPY} -o ${BINOWN} -g ${BINGRP} -m 444 \ - $$d/$$f ${DESTDIR}/usr/include/ssl)"; \ - echo $$j; \ - eval "$$j"; \ - done; \ - for i in $(HDRS_GEN); do \ - f=`basename $$i`; \ - j="sed 's/$$d/$$f && \ - (cmp -s $$d/$$f ${DESTDIR}/usr/include/ssl/$$f || \ - ${INSTALL} ${INSTALL_COPY} -o ${BINOWN} -g ${BINGRP} -m 444 \ - $$d/$$f ${DESTDIR}/usr/include/ssl)"; \ - echo $$j; \ - eval "$$j"; \ - done; \ - rm -rf $$d - -# generated -CFLAGS+= -I${.OBJDIR} - -GENERATED=obj_mac.h obj_dat.h -CLEANFILES=${GENERATED} -SSL_OBJECTS=${SSL_SRC}/crypto/objects - -obj_mac.h: ${SSL_OBJECTS}/objects.h - /usr/bin/perl ${SSL_OBJECTS}/objects.pl ${SSL_OBJECTS}/objects.txt ${SSL_OBJECTS}/obj_mac.num obj_mac.h -obj_dat.h: obj_mac.h - /usr/bin/perl ${SSL_OBJECTS}/obj_dat.pl obj_mac.h obj_dat.h - -.if (${MACHINE_ARCH} == "vax") -# egcs bombs optimising this file on vax -a_strnid.o: - ${CC} ${CFLAGS} -O0 ${CPPFLAGS} -c ${.IMPSRC} -a_strnid.po: - ${CC} ${CFLAGS} -O0 ${CPPFLAGS} -c ${.IMPSRC} -o $@ -des_enc.o: - ${CC} ${CFLAGS} -O1 ${CPPFLAGS} -c ${.IMPSRC} -des_enc.po: - ${CC} ${CFLAGS} -O1 ${CPPFLAGS} -c ${.IMPSRC} -o $@ -.endif - -all beforedepend: ${GENERATED} - -.include diff --git a/src/lib/libssl/crypto/arch/alpha/opensslconf.h b/src/lib/libssl/crypto/arch/alpha/opensslconf.h deleted file mode 100644 index c33ccc8a0f9..00000000000 --- a/src/lib/libssl/crypto/arch/alpha/opensslconf.h +++ /dev/null @@ -1,180 +0,0 @@ -/* opensslconf.h */ -/* WARNING: Generated automatically from opensslconf.h.in by Configure. */ - -/* OpenSSL was configured with the following options: */ -#ifndef OPENSSL_DOING_MAKEDEPEND - -#ifndef OPENSSL_NO_KRB5 -# define OPENSSL_NO_KRB5 -#endif - -#endif /* OPENSSL_DOING_MAKEDEPEND */ - -/* The OPENSSL_NO_* macros are also defined as NO_* if the application - asks for it. This is a transient feature that is provided for those - who haven't had the time to do the appropriate changes in their - applications. */ -#ifdef OPENSSL_ALGORITHM_DEFINES -# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5) -# define NO_KRB5 -# endif -#endif - -/* crypto/opensslconf.h.in */ - -/* Generate 80386 code? */ -#undef I386_ONLY - -#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ -#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) -#define OPENSSLDIR "/etc/ssl" -#endif -#endif - -#undef OPENSSL_UNISTD -#define OPENSSL_UNISTD - -#undef OPENSSL_EXPORT_VAR_AS_FUNCTION - -#if defined(HEADER_IDEA_H) && !defined(IDEA_INT) -#define IDEA_INT unsigned int -#endif - -#if defined(HEADER_MD2_H) && !defined(MD2_INT) -#define MD2_INT unsigned int -#endif - -#if defined(HEADER_RC2_H) && !defined(RC2_INT) -/* I need to put in a mod for the alpha - eay */ -#define RC2_INT unsigned int -#endif - -#if defined(HEADER_RC4_H) -#if !defined(RC4_INT) -/* using int types make the structure larger but make the code faster - * on most boxes I have tested - up to %20 faster. */ -/* - * I don't know what does "most" mean, but declaring "int" is a must on: - * - Intel P6 because partial register stalls are very expensive; - * - elder Alpha because it lacks byte load/store instructions; - */ -#define RC4_INT unsigned int -#endif -#if !defined(RC4_CHUNK) -/* - * This enables code handling data aligned at natural CPU word - * boundary. See crypto/rc4/rc4_enc.c for further details. - */ -#undef RC4_CHUNK -#endif -#endif - -#if (defined(HEADER_DES_H) || defined(HEADER_DES_OLD_H)) && !defined(DES_LONG) -/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a - * %20 speed up (longs are 8 bytes, int's are 4). */ -#ifndef DES_LONG -#define DES_LONG unsigned int -#endif -#endif - -#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) -#define CONFIG_HEADER_BN_H -#undef BN_LLONG - -/* Should we define BN_DIV2W here? */ - -/* Only one for the following should be defined */ -/* The prime number generation stuff may not work when - * EIGHT_BIT but I don't care since I've only used this mode - * for debuging the bignum libraries */ -#define SIXTY_FOUR_BIT_LONG -#undef SIXTY_FOUR_BIT -#undef THIRTY_TWO_BIT -#undef SIXTEEN_BIT -#undef EIGHT_BIT -#endif - -#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) -#define CONFIG_HEADER_RC4_LOCL_H -/* if this is defined data[i] is used instead of *data, this is a %20 - * speedup on x86 */ -#undef RC4_INDEX -#endif - -#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H) -#define CONFIG_HEADER_BF_LOCL_H -#undef BF_PTR -#endif /* HEADER_BF_LOCL_H */ - -#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H) -#define CONFIG_HEADER_DES_LOCL_H -#ifndef DES_DEFAULT_OPTIONS -/* the following is tweaked from a config script, that is why it is a - * protected undef/define */ -#ifndef DES_PTR -#define DES_PTR -#endif - -/* This helps C compiler generate the correct code for multiple functional - * units. It reduces register dependancies at the expense of 2 more - * registers */ -#ifndef DES_RISC1 -#undef DES_RISC1 -#endif - -#ifndef DES_RISC2 -#define DES_RISC2 -#endif - -#if defined(DES_RISC1) && defined(DES_RISC2) -YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! -#endif - -/* Unroll the inner loop, this sometimes helps, sometimes hinders. - * Very mucy CPU dependant */ -#ifndef DES_UNROLL -#undef DES_UNROLL -#endif - -/* These default values were supplied by - * Peter Gutman - * They are only used if nothing else has been defined */ -#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL) -/* Special defines which change the way the code is built depending on the - CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find - even newer MIPS CPU's, but at the moment one size fits all for - optimization options. Older Sparc's work better with only UNROLL, but - there's no way to tell at compile time what it is you're running on */ - -#if defined( sun ) /* Newer Sparc's */ -# define DES_PTR -# define DES_RISC1 -# define DES_UNROLL -#elif defined( __ultrix ) /* Older MIPS */ -# define DES_PTR -# define DES_RISC2 -# define DES_UNROLL -#elif defined( __osf1__ ) /* Alpha */ -# define DES_PTR -# define DES_RISC2 -#elif defined ( _AIX ) /* RS6000 */ - /* Unknown */ -#elif defined( __hpux ) /* HP-PA */ - /* Unknown */ -#elif defined( __aux ) /* 68K */ - /* Unknown */ -#elif defined( __dgux ) /* 88K (but P6 in latest boxes) */ -# define DES_UNROLL -#elif defined( __sgi ) /* Newer MIPS */ -# define DES_PTR -# define DES_RISC2 -# define DES_UNROLL -#elif defined(i386) || defined(__i386__) /* x86 boxes, should be gcc */ -# define DES_PTR -# define DES_RISC1 -# define DES_UNROLL -#endif /* Systems-specific speed defines */ -#endif - -#endif /* DES_DEFAULT_OPTIONS */ -#endif /* HEADER_DES_LOCL_H */ diff --git a/src/lib/libssl/crypto/arch/hppa/opensslconf.h b/src/lib/libssl/crypto/arch/hppa/opensslconf.h deleted file mode 100644 index 0334dbdfc60..00000000000 --- a/src/lib/libssl/crypto/arch/hppa/opensslconf.h +++ /dev/null @@ -1,180 +0,0 @@ -/* opensslconf.h */ -/* WARNING: Generated automatically from opensslconf.h.in by Configure. */ - -/* OpenSSL was configured with the following options: */ -#ifndef OPENSSL_DOING_MAKEDEPEND - -#ifndef OPENSSL_NO_KRB5 -# define OPENSSL_NO_KRB5 -#endif - -#endif /* OPENSSL_DOING_MAKEDEPEND */ - -/* The OPENSSL_NO_* macros are also defined as NO_* if the application - asks for it. This is a transient feature that is provided for those - who haven't had the time to do the appropriate changes in their - applications. */ -#ifdef OPENSSL_ALGORITHM_DEFINES -# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5) -# define NO_KRB5 -# endif -#endif - -/* crypto/opensslconf.h.in */ - -/* Generate 80386 code? */ -#undef I386_ONLY - -#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ -#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) -#define OPENSSLDIR "/etc/ssl" -#endif -#endif - -#undef OPENSSL_UNISTD -#define OPENSSL_UNISTD - -#undef OPENSSL_EXPORT_VAR_AS_FUNCTION - -#if defined(HEADER_IDEA_H) && !defined(IDEA_INT) -#define IDEA_INT unsigned int -#endif - -#if defined(HEADER_MD2_H) && !defined(MD2_INT) -#define MD2_INT unsigned int -#endif - -#if defined(HEADER_RC2_H) && !defined(RC2_INT) -/* I need to put in a mod for the alpha - eay */ -#define RC2_INT unsigned int -#endif - -#if defined(HEADER_RC4_H) -#if !defined(RC4_INT) -/* using int types make the structure larger but make the code faster - * on most boxes I have tested - up to %20 faster. */ -/* - * I don't know what does "most" mean, but declaring "int" is a must on: - * - Intel P6 because partial register stalls are very expensive; - * - elder Alpha because it lacks byte load/store instructions; - */ -#define RC4_INT unsigned int -#endif -#if !defined(RC4_CHUNK) -/* - * This enables code handling data aligned at natural CPU word - * boundary. See crypto/rc4/rc4_enc.c for further details. - */ -#undef RC4_CHUNK -#endif -#endif - -#if (defined(HEADER_DES_H) || defined(HEADER_DES_OLD_H)) && !defined(DES_LONG) -/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a - * %20 speed up (longs are 8 bytes, int's are 4). */ -#ifndef DES_LONG -#define DES_LONG unsigned long -#endif -#endif - -#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) -#define CONFIG_HEADER_BN_H -#define BN_LLONG - -/* Should we define BN_DIV2W here? */ - -/* Only one for the following should be defined */ -/* The prime number generation stuff may not work when - * EIGHT_BIT but I don't care since I've only used this mode - * for debuging the bignum libraries */ -#undef SIXTY_FOUR_BIT_LONG -#undef SIXTY_FOUR_BIT -#define THIRTY_TWO_BIT -#undef SIXTEEN_BIT -#undef EIGHT_BIT -#endif - -#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) -#define CONFIG_HEADER_RC4_LOCL_H -/* if this is defined data[i] is used instead of *data, this is a %20 - * speedup on x86 */ -#define RC4_INDEX -#endif - -#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H) -#define CONFIG_HEADER_BF_LOCL_H -#undef BF_PTR -#endif /* HEADER_BF_LOCL_H */ - -#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H) -#define CONFIG_HEADER_DES_LOCL_H -#ifndef DES_DEFAULT_OPTIONS -/* the following is tweaked from a config script, that is why it is a - * protected undef/define */ -#ifndef DES_PTR -#undef DES_PTR -#endif - -/* This helps C compiler generate the correct code for multiple functional - * units. It reduces register dependancies at the expense of 2 more - * registers */ -#ifndef DES_RISC1 -#undef DES_RISC1 -#endif - -#ifndef DES_RISC2 -#undef DES_RISC2 -#endif - -#if defined(DES_RISC1) && defined(DES_RISC2) -YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! -#endif - -/* Unroll the inner loop, this sometimes helps, sometimes hinders. - * Very mucy CPU dependant */ -#ifndef DES_UNROLL -#define DES_UNROLL -#endif - -/* These default values were supplied by - * Peter Gutman - * They are only used if nothing else has been defined */ -#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL) -/* Special defines which change the way the code is built depending on the - CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find - even newer MIPS CPU's, but at the moment one size fits all for - optimization options. Older Sparc's work better with only UNROLL, but - there's no way to tell at compile time what it is you're running on */ - -#if defined( sun ) /* Newer Sparc's */ -# define DES_PTR -# define DES_RISC1 -# define DES_UNROLL -#elif defined( __ultrix ) /* Older MIPS */ -# define DES_PTR -# define DES_RISC2 -# define DES_UNROLL -#elif defined( __osf1__ ) /* Alpha */ -# define DES_PTR -# define DES_RISC2 -#elif defined ( _AIX ) /* RS6000 */ - /* Unknown */ -#elif defined( __hpux ) /* HP-PA */ - /* Unknown */ -#elif defined( __aux ) /* 68K */ - /* Unknown */ -#elif defined( __dgux ) /* 88K (but P6 in latest boxes) */ -# define DES_UNROLL -#elif defined( __sgi ) /* Newer MIPS */ -# define DES_PTR -# define DES_RISC2 -# define DES_UNROLL -#elif defined(i386) || defined(__i386__) /* x86 boxes, should be gcc */ -# define DES_PTR -# define DES_RISC1 -# define DES_UNROLL -#endif /* Systems-specific speed defines */ -#endif - -#endif /* DES_DEFAULT_OPTIONS */ -#endif /* HEADER_DES_LOCL_H */ diff --git a/src/lib/libssl/crypto/arch/i386/opensslconf.h b/src/lib/libssl/crypto/arch/i386/opensslconf.h deleted file mode 100644 index 7361ac56a1a..00000000000 --- a/src/lib/libssl/crypto/arch/i386/opensslconf.h +++ /dev/null @@ -1,180 +0,0 @@ -/* opensslconf.h */ -/* WARNING: Generated automatically from opensslconf.h.in by Configure. */ - -/* OpenSSL was configured with the following options: */ -#ifndef OPENSSL_DOING_MAKEDEPEND - -#ifndef OPENSSL_NO_KRB5 -# define OPENSSL_NO_KRB5 -#endif - -#endif /* OPENSSL_DOING_MAKEDEPEND */ - -/* The OPENSSL_NO_* macros are also defined as NO_* if the application - asks for it. This is a transient feature that is provided for those - who haven't had the time to do the appropriate changes in their - applications. */ -#ifdef OPENSSL_ALGORITHM_DEFINES -# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5) -# define NO_KRB5 -# endif -#endif - -/* crypto/opensslconf.h.in */ - -/* Generate 80386 code? */ -#undef I386_ONLY - -#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ -#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) -#define OPENSSLDIR "/etc/ssl" -#endif -#endif - -#undef OPENSSL_UNISTD -#define OPENSSL_UNISTD - -#undef OPENSSL_EXPORT_VAR_AS_FUNCTION - -#if defined(HEADER_IDEA_H) && !defined(IDEA_INT) -#define IDEA_INT unsigned int -#endif - -#if defined(HEADER_MD2_H) && !defined(MD2_INT) -#define MD2_INT unsigned int -#endif - -#if defined(HEADER_RC2_H) && !defined(RC2_INT) -/* I need to put in a mod for the alpha - eay */ -#define RC2_INT unsigned int -#endif - -#if defined(HEADER_RC4_H) -#if !defined(RC4_INT) -/* using int types make the structure larger but make the code faster - * on most boxes I have tested - up to %20 faster. */ -/* - * I don't know what does "most" mean, but declaring "int" is a must on: - * - Intel P6 because partial register stalls are very expensive; - * - elder Alpha because it lacks byte load/store instructions; - */ -#define RC4_INT unsigned int -#endif -#if !defined(RC4_CHUNK) -/* - * This enables code handling data aligned at natural CPU word - * boundary. See crypto/rc4/rc4_enc.c for further details. - */ -#undef RC4_CHUNK -#endif -#endif - -#if (defined(HEADER_DES_H) || defined(HEADER_DES_OLD_H)) && !defined(DES_LONG) -/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a - * %20 speed up (longs are 8 bytes, int's are 4). */ -#ifndef DES_LONG -#define DES_LONG unsigned long -#endif -#endif - -#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) -#define CONFIG_HEADER_BN_H -#define BN_LLONG - -/* Should we define BN_DIV2W here? */ - -/* Only one for the following should be defined */ -/* The prime number generation stuff may not work when - * EIGHT_BIT but I don't care since I've only used this mode - * for debuging the bignum libraries */ -#undef SIXTY_FOUR_BIT_LONG -#undef SIXTY_FOUR_BIT -#define THIRTY_TWO_BIT -#undef SIXTEEN_BIT -#undef EIGHT_BIT -#endif - -#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) -#define CONFIG_HEADER_RC4_LOCL_H -/* if this is defined data[i] is used instead of *data, this is a %20 - * speedup on x86 */ -#define RC4_INDEX -#endif - -#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H) -#define CONFIG_HEADER_BF_LOCL_H -#undef BF_PTR -#endif /* HEADER_BF_LOCL_H */ - -#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H) -#define CONFIG_HEADER_DES_LOCL_H -#ifndef DES_DEFAULT_OPTIONS -/* the following is tweaked from a config script, that is why it is a - * protected undef/define */ -#ifndef DES_PTR -#define DES_PTR -#endif - -/* This helps C compiler generate the correct code for multiple functional - * units. It reduces register dependancies at the expense of 2 more - * registers */ -#ifndef DES_RISC1 -#define DES_RISC1 -#endif - -#ifndef DES_RISC2 -#undef DES_RISC2 -#endif - -#if defined(DES_RISC1) && defined(DES_RISC2) -YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! -#endif - -/* Unroll the inner loop, this sometimes helps, sometimes hinders. - * Very mucy CPU dependant */ -#ifndef DES_UNROLL -#define DES_UNROLL -#endif - -/* These default values were supplied by - * Peter Gutman - * They are only used if nothing else has been defined */ -#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL) -/* Special defines which change the way the code is built depending on the - CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find - even newer MIPS CPU's, but at the moment one size fits all for - optimization options. Older Sparc's work better with only UNROLL, but - there's no way to tell at compile time what it is you're running on */ - -#if defined( sun ) /* Newer Sparc's */ -# define DES_PTR -# define DES_RISC1 -# define DES_UNROLL -#elif defined( __ultrix ) /* Older MIPS */ -# define DES_PTR -# define DES_RISC2 -# define DES_UNROLL -#elif defined( __osf1__ ) /* Alpha */ -# define DES_PTR -# define DES_RISC2 -#elif defined ( _AIX ) /* RS6000 */ - /* Unknown */ -#elif defined( __hpux ) /* HP-PA */ - /* Unknown */ -#elif defined( __aux ) /* 68K */ - /* Unknown */ -#elif defined( __dgux ) /* 88K (but P6 in latest boxes) */ -# define DES_UNROLL -#elif defined( __sgi ) /* Newer MIPS */ -# define DES_PTR -# define DES_RISC2 -# define DES_UNROLL -#elif defined(i386) || defined(__i386__) /* x86 boxes, should be gcc */ -# define DES_PTR -# define DES_RISC1 -# define DES_UNROLL -#endif /* Systems-specific speed defines */ -#endif - -#endif /* DES_DEFAULT_OPTIONS */ -#endif /* HEADER_DES_LOCL_H */ diff --git a/src/lib/libssl/crypto/arch/m68k/opensslconf.h b/src/lib/libssl/crypto/arch/m68k/opensslconf.h deleted file mode 100644 index 47a6dd85966..00000000000 --- a/src/lib/libssl/crypto/arch/m68k/opensslconf.h +++ /dev/null @@ -1,180 +0,0 @@ -/* opensslconf.h */ -/* WARNING: Generated automatically from opensslconf.h.in by Configure. */ - -/* OpenSSL was configured with the following options: */ -#ifndef OPENSSL_DOING_MAKEDEPEND - -#ifndef OPENSSL_NO_KRB5 -# define OPENSSL_NO_KRB5 -#endif - -#endif /* OPENSSL_DOING_MAKEDEPEND */ - -/* The OPENSSL_NO_* macros are also defined as NO_* if the application - asks for it. This is a transient feature that is provided for those - who haven't had the time to do the appropriate changes in their - applications. */ -#ifdef OPENSSL_ALGORITHM_DEFINES -# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5) -# define NO_KRB5 -# endif -#endif - -/* crypto/opensslconf.h.in */ - -/* Generate 80386 code? */ -#undef I386_ONLY - -#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ -#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) -#define OPENSSLDIR "/etc/ssl" -#endif -#endif - -#undef OPENSSL_UNISTD -#define OPENSSL_UNISTD - -#undef OPENSSL_EXPORT_VAR_AS_FUNCTION - -#if defined(HEADER_IDEA_H) && !defined(IDEA_INT) -#define IDEA_INT unsigned int -#endif - -#if defined(HEADER_MD2_H) && !defined(MD2_INT) -#define MD2_INT unsigned int -#endif - -#if defined(HEADER_RC2_H) && !defined(RC2_INT) -/* I need to put in a mod for the alpha - eay */ -#define RC2_INT unsigned int -#endif - -#if defined(HEADER_RC4_H) -#if !defined(RC4_INT) -/* using int types make the structure larger but make the code faster - * on most boxes I have tested - up to %20 faster. */ -/* - * I don't know what does "most" mean, but declaring "int" is a must on: - * - Intel P6 because partial register stalls are very expensive; - * - elder Alpha because it lacks byte load/store instructions; - */ -#define RC4_INT unsigned int -#endif -#if !defined(RC4_CHUNK) -/* - * This enables code handling data aligned at natural CPU word - * boundary. See crypto/rc4/rc4_enc.c for further details. - */ -#undef RC4_CHUNK -#endif -#endif - -#if (defined(HEADER_DES_H) || defined(HEADER_DES_OLD_H)) && !defined(DES_LONG) -/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a - * %20 speed up (longs are 8 bytes, int's are 4). */ -#ifndef DES_LONG -#define DES_LONG unsigned int -#endif -#endif - -#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) -#define CONFIG_HEADER_BN_H -#define BN_LLONG - -/* Should we define BN_DIV2W here? */ - -/* Only one for the following should be defined */ -/* The prime number generation stuff may not work when - * EIGHT_BIT but I don't care since I've only used this mode - * for debuging the bignum libraries */ -#undef SIXTY_FOUR_BIT_LONG -#undef SIXTY_FOUR_BIT -#define THIRTY_TWO_BIT -#undef SIXTEEN_BIT -#undef EIGHT_BIT -#endif - -#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) -#define CONFIG_HEADER_RC4_LOCL_H -/* if this is defined data[i] is used instead of *data, this is a %20 - * speedup on x86 */ -#define RC4_INDEX -#endif - -#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H) -#define CONFIG_HEADER_BF_LOCL_H -#undef BF_PTR -#endif /* HEADER_BF_LOCL_H */ - -#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H) -#define CONFIG_HEADER_DES_LOCL_H -#ifndef DES_DEFAULT_OPTIONS -/* the following is tweaked from a config script, that is why it is a - * protected undef/define */ -#ifndef DES_PTR -#undef DES_PTR -#endif - -/* This helps C compiler generate the correct code for multiple functional - * units. It reduces register dependancies at the expense of 2 more - * registers */ -#ifndef DES_RISC1 -#undef DES_RISC1 -#endif - -#ifndef DES_RISC2 -#undef DES_RISC2 -#endif - -#if defined(DES_RISC1) && defined(DES_RISC2) -YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! -#endif - -/* Unroll the inner loop, this sometimes helps, sometimes hinders. - * Very mucy CPU dependant */ -#ifndef DES_UNROLL -#define DES_UNROLL -#endif - -/* These default values were supplied by - * Peter Gutman - * They are only used if nothing else has been defined */ -#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL) -/* Special defines which change the way the code is built depending on the - CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find - even newer MIPS CPU's, but at the moment one size fits all for - optimization options. Older Sparc's work better with only UNROLL, but - there's no way to tell at compile time what it is you're running on */ - -#if defined( sun ) /* Newer Sparc's */ -# define DES_PTR -# define DES_RISC1 -# define DES_UNROLL -#elif defined( __ultrix ) /* Older MIPS */ -# define DES_PTR -# define DES_RISC2 -# define DES_UNROLL -#elif defined( __osf1__ ) /* Alpha */ -# define DES_PTR -# define DES_RISC2 -#elif defined ( _AIX ) /* RS6000 */ - /* Unknown */ -#elif defined( __hpux ) /* HP-PA */ - /* Unknown */ -#elif defined( __aux ) /* 68K */ - /* Unknown */ -#elif defined( __dgux ) /* 88K (but P6 in latest boxes) */ -# define DES_UNROLL -#elif defined( __sgi ) /* Newer MIPS */ -# define DES_PTR -# define DES_RISC2 -# define DES_UNROLL -#elif defined(i386) || defined(__i386__) /* x86 boxes, should be gcc */ -# define DES_PTR -# define DES_RISC1 -# define DES_UNROLL -#endif /* Systems-specific speed defines */ -#endif - -#endif /* DES_DEFAULT_OPTIONS */ -#endif /* HEADER_DES_LOCL_H */ diff --git a/src/lib/libssl/crypto/arch/m88k/opensslconf.h b/src/lib/libssl/crypto/arch/m88k/opensslconf.h deleted file mode 100644 index 47a6dd85966..00000000000 --- a/src/lib/libssl/crypto/arch/m88k/opensslconf.h +++ /dev/null @@ -1,180 +0,0 @@ -/* opensslconf.h */ -/* WARNING: Generated automatically from opensslconf.h.in by Configure. */ - -/* OpenSSL was configured with the following options: */ -#ifndef OPENSSL_DOING_MAKEDEPEND - -#ifndef OPENSSL_NO_KRB5 -# define OPENSSL_NO_KRB5 -#endif - -#endif /* OPENSSL_DOING_MAKEDEPEND */ - -/* The OPENSSL_NO_* macros are also defined as NO_* if the application - asks for it. This is a transient feature that is provided for those - who haven't had the time to do the appropriate changes in their - applications. */ -#ifdef OPENSSL_ALGORITHM_DEFINES -# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5) -# define NO_KRB5 -# endif -#endif - -/* crypto/opensslconf.h.in */ - -/* Generate 80386 code? */ -#undef I386_ONLY - -#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ -#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) -#define OPENSSLDIR "/etc/ssl" -#endif -#endif - -#undef OPENSSL_UNISTD -#define OPENSSL_UNISTD - -#undef OPENSSL_EXPORT_VAR_AS_FUNCTION - -#if defined(HEADER_IDEA_H) && !defined(IDEA_INT) -#define IDEA_INT unsigned int -#endif - -#if defined(HEADER_MD2_H) && !defined(MD2_INT) -#define MD2_INT unsigned int -#endif - -#if defined(HEADER_RC2_H) && !defined(RC2_INT) -/* I need to put in a mod for the alpha - eay */ -#define RC2_INT unsigned int -#endif - -#if defined(HEADER_RC4_H) -#if !defined(RC4_INT) -/* using int types make the structure larger but make the code faster - * on most boxes I have tested - up to %20 faster. */ -/* - * I don't know what does "most" mean, but declaring "int" is a must on: - * - Intel P6 because partial register stalls are very expensive; - * - elder Alpha because it lacks byte load/store instructions; - */ -#define RC4_INT unsigned int -#endif -#if !defined(RC4_CHUNK) -/* - * This enables code handling data aligned at natural CPU word - * boundary. See crypto/rc4/rc4_enc.c for further details. - */ -#undef RC4_CHUNK -#endif -#endif - -#if (defined(HEADER_DES_H) || defined(HEADER_DES_OLD_H)) && !defined(DES_LONG) -/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a - * %20 speed up (longs are 8 bytes, int's are 4). */ -#ifndef DES_LONG -#define DES_LONG unsigned int -#endif -#endif - -#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) -#define CONFIG_HEADER_BN_H -#define BN_LLONG - -/* Should we define BN_DIV2W here? */ - -/* Only one for the following should be defined */ -/* The prime number generation stuff may not work when - * EIGHT_BIT but I don't care since I've only used this mode - * for debuging the bignum libraries */ -#undef SIXTY_FOUR_BIT_LONG -#undef SIXTY_FOUR_BIT -#define THIRTY_TWO_BIT -#undef SIXTEEN_BIT -#undef EIGHT_BIT -#endif - -#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) -#define CONFIG_HEADER_RC4_LOCL_H -/* if this is defined data[i] is used instead of *data, this is a %20 - * speedup on x86 */ -#define RC4_INDEX -#endif - -#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H) -#define CONFIG_HEADER_BF_LOCL_H -#undef BF_PTR -#endif /* HEADER_BF_LOCL_H */ - -#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H) -#define CONFIG_HEADER_DES_LOCL_H -#ifndef DES_DEFAULT_OPTIONS -/* the following is tweaked from a config script, that is why it is a - * protected undef/define */ -#ifndef DES_PTR -#undef DES_PTR -#endif - -/* This helps C compiler generate the correct code for multiple functional - * units. It reduces register dependancies at the expense of 2 more - * registers */ -#ifndef DES_RISC1 -#undef DES_RISC1 -#endif - -#ifndef DES_RISC2 -#undef DES_RISC2 -#endif - -#if defined(DES_RISC1) && defined(DES_RISC2) -YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! -#endif - -/* Unroll the inner loop, this sometimes helps, sometimes hinders. - * Very mucy CPU dependant */ -#ifndef DES_UNROLL -#define DES_UNROLL -#endif - -/* These default values were supplied by - * Peter Gutman - * They are only used if nothing else has been defined */ -#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL) -/* Special defines which change the way the code is built depending on the - CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find - even newer MIPS CPU's, but at the moment one size fits all for - optimization options. Older Sparc's work better with only UNROLL, but - there's no way to tell at compile time what it is you're running on */ - -#if defined( sun ) /* Newer Sparc's */ -# define DES_PTR -# define DES_RISC1 -# define DES_UNROLL -#elif defined( __ultrix ) /* Older MIPS */ -# define DES_PTR -# define DES_RISC2 -# define DES_UNROLL -#elif defined( __osf1__ ) /* Alpha */ -# define DES_PTR -# define DES_RISC2 -#elif defined ( _AIX ) /* RS6000 */ - /* Unknown */ -#elif defined( __hpux ) /* HP-PA */ - /* Unknown */ -#elif defined( __aux ) /* 68K */ - /* Unknown */ -#elif defined( __dgux ) /* 88K (but P6 in latest boxes) */ -# define DES_UNROLL -#elif defined( __sgi ) /* Newer MIPS */ -# define DES_PTR -# define DES_RISC2 -# define DES_UNROLL -#elif defined(i386) || defined(__i386__) /* x86 boxes, should be gcc */ -# define DES_PTR -# define DES_RISC1 -# define DES_UNROLL -#endif /* Systems-specific speed defines */ -#endif - -#endif /* DES_DEFAULT_OPTIONS */ -#endif /* HEADER_DES_LOCL_H */ diff --git a/src/lib/libssl/crypto/arch/mips/opensslconf.h b/src/lib/libssl/crypto/arch/mips/opensslconf.h deleted file mode 100644 index 2b030ba0880..00000000000 --- a/src/lib/libssl/crypto/arch/mips/opensslconf.h +++ /dev/null @@ -1,180 +0,0 @@ -/* opensslconf.h */ -/* WARNING: Generated automatically from opensslconf.h.in by Configure. */ - -/* OpenSSL was configured with the following options: */ -#ifndef OPENSSL_DOING_MAKEDEPEND - -#ifndef OPENSSL_NO_KRB5 -# define OPENSSL_NO_KRB5 -#endif - -#endif /* OPENSSL_DOING_MAKEDEPEND */ - -/* The OPENSSL_NO_* macros are also defined as NO_* if the application - asks for it. This is a transient feature that is provided for those - who haven't had the time to do the appropriate changes in their - applications. */ -#ifdef OPENSSL_ALGORITHM_DEFINES -# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5) -# define NO_KRB5 -# endif -#endif - -/* crypto/opensslconf.h.in */ - -/* Generate 80386 code? */ -#undef I386_ONLY - -#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ -#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) -#define OPENSSLDIR "/etc/ssl" -#endif -#endif - -#undef OPENSSL_UNISTD -#define OPENSSL_UNISTD - -#undef OPENSSL_EXPORT_VAR_AS_FUNCTION - -#if defined(HEADER_IDEA_H) && !defined(IDEA_INT) -#define IDEA_INT unsigned int -#endif - -#if defined(HEADER_MD2_H) && !defined(MD2_INT) -#define MD2_INT unsigned int -#endif - -#if defined(HEADER_RC2_H) && !defined(RC2_INT) -/* I need to put in a mod for the alpha - eay */ -#define RC2_INT unsigned int -#endif - -#if defined(HEADER_RC4_H) -#if !defined(RC4_INT) -/* using int types make the structure larger but make the code faster - * on most boxes I have tested - up to %20 faster. */ -/* - * I don't know what does "most" mean, but declaring "int" is a must on: - * - Intel P6 because partial register stalls are very expensive; - * - elder Alpha because it lacks byte load/store instructions; - */ -#define RC4_INT unsigned int -#endif -#if !defined(RC4_CHUNK) -/* - * This enables code handling data aligned at natural CPU word - * boundary. See crypto/rc4/rc4_enc.c for further details. - */ -#undef RC4_CHUNK -#endif -#endif - -#if (defined(HEADER_DES_H) || defined(HEADER_DES_OLD_H)) && !defined(DES_LONG) -/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a - * %20 speed up (longs are 8 bytes, int's are 4). */ -#ifndef DES_LONG -#define DES_LONG unsigned int -#endif -#endif - -#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) -#define CONFIG_HEADER_BN_H -#define BN_LLONG - -/* Should we define BN_DIV2W here? */ - -/* Only one for the following should be defined */ -/* The prime number generation stuff may not work when - * EIGHT_BIT but I don't care since I've only used this mode - * for debuging the bignum libraries */ -#undef SIXTY_FOUR_BIT_LONG -#undef SIXTY_FOUR_BIT -#define THIRTY_TWO_BIT -#undef SIXTEEN_BIT -#undef EIGHT_BIT -#endif - -#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) -#define CONFIG_HEADER_RC4_LOCL_H -/* if this is defined data[i] is used instead of *data, this is a %20 - * speedup on x86 */ -#define RC4_INDEX -#endif - -#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H) -#define CONFIG_HEADER_BF_LOCL_H -#undef BF_PTR -#endif /* HEADER_BF_LOCL_H */ - -#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H) -#define CONFIG_HEADER_DES_LOCL_H -#ifndef DES_DEFAULT_OPTIONS -/* the following is tweaked from a config script, that is why it is a - * protected undef/define */ -#ifndef DES_PTR -#undef DES_PTR -#endif - -/* This helps C compiler generate the correct code for multiple functional - * units. It reduces register dependancies at the expense of 2 more - * registers */ -#ifndef DES_RISC1 -#undef DES_RISC1 -#endif - -#ifndef DES_RISC2 -#define DES_RISC2 -#endif - -#if defined(DES_RISC1) && defined(DES_RISC2) -YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! -#endif - -/* Unroll the inner loop, this sometimes helps, sometimes hinders. - * Very mucy CPU dependant */ -#ifndef DES_UNROLL -#define DES_UNROLL -#endif - -/* These default values were supplied by - * Peter Gutman - * They are only used if nothing else has been defined */ -#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL) -/* Special defines which change the way the code is built depending on the - CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find - even newer MIPS CPU's, but at the moment one size fits all for - optimization options. Older Sparc's work better with only UNROLL, but - there's no way to tell at compile time what it is you're running on */ - -#if defined( sun ) /* Newer Sparc's */ -# define DES_PTR -# define DES_RISC1 -# define DES_UNROLL -#elif defined( __ultrix ) /* Older MIPS */ -# define DES_PTR -# define DES_RISC2 -# define DES_UNROLL -#elif defined( __osf1__ ) /* Alpha */ -# define DES_PTR -# define DES_RISC2 -#elif defined ( _AIX ) /* RS6000 */ - /* Unknown */ -#elif defined( __hpux ) /* HP-PA */ - /* Unknown */ -#elif defined( __aux ) /* 68K */ - /* Unknown */ -#elif defined( __dgux ) /* 88K (but P6 in latest boxes) */ -# define DES_UNROLL -#elif defined( __sgi ) /* Newer MIPS */ -# define DES_PTR -# define DES_RISC2 -# define DES_UNROLL -#elif defined(i386) || defined(__i386__) /* x86 boxes, should be gcc */ -# define DES_PTR -# define DES_RISC1 -# define DES_UNROLL -#endif /* Systems-specific speed defines */ -#endif - -#endif /* DES_DEFAULT_OPTIONS */ -#endif /* HEADER_DES_LOCL_H */ diff --git a/src/lib/libssl/crypto/arch/powerpc/opensslconf.h b/src/lib/libssl/crypto/arch/powerpc/opensslconf.h deleted file mode 100644 index 47a6dd85966..00000000000 --- a/src/lib/libssl/crypto/arch/powerpc/opensslconf.h +++ /dev/null @@ -1,180 +0,0 @@ -/* opensslconf.h */ -/* WARNING: Generated automatically from opensslconf.h.in by Configure. */ - -/* OpenSSL was configured with the following options: */ -#ifndef OPENSSL_DOING_MAKEDEPEND - -#ifndef OPENSSL_NO_KRB5 -# define OPENSSL_NO_KRB5 -#endif - -#endif /* OPENSSL_DOING_MAKEDEPEND */ - -/* The OPENSSL_NO_* macros are also defined as NO_* if the application - asks for it. This is a transient feature that is provided for those - who haven't had the time to do the appropriate changes in their - applications. */ -#ifdef OPENSSL_ALGORITHM_DEFINES -# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5) -# define NO_KRB5 -# endif -#endif - -/* crypto/opensslconf.h.in */ - -/* Generate 80386 code? */ -#undef I386_ONLY - -#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ -#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) -#define OPENSSLDIR "/etc/ssl" -#endif -#endif - -#undef OPENSSL_UNISTD -#define OPENSSL_UNISTD - -#undef OPENSSL_EXPORT_VAR_AS_FUNCTION - -#if defined(HEADER_IDEA_H) && !defined(IDEA_INT) -#define IDEA_INT unsigned int -#endif - -#if defined(HEADER_MD2_H) && !defined(MD2_INT) -#define MD2_INT unsigned int -#endif - -#if defined(HEADER_RC2_H) && !defined(RC2_INT) -/* I need to put in a mod for the alpha - eay */ -#define RC2_INT unsigned int -#endif - -#if defined(HEADER_RC4_H) -#if !defined(RC4_INT) -/* using int types make the structure larger but make the code faster - * on most boxes I have tested - up to %20 faster. */ -/* - * I don't know what does "most" mean, but declaring "int" is a must on: - * - Intel P6 because partial register stalls are very expensive; - * - elder Alpha because it lacks byte load/store instructions; - */ -#define RC4_INT unsigned int -#endif -#if !defined(RC4_CHUNK) -/* - * This enables code handling data aligned at natural CPU word - * boundary. See crypto/rc4/rc4_enc.c for further details. - */ -#undef RC4_CHUNK -#endif -#endif - -#if (defined(HEADER_DES_H) || defined(HEADER_DES_OLD_H)) && !defined(DES_LONG) -/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a - * %20 speed up (longs are 8 bytes, int's are 4). */ -#ifndef DES_LONG -#define DES_LONG unsigned int -#endif -#endif - -#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) -#define CONFIG_HEADER_BN_H -#define BN_LLONG - -/* Should we define BN_DIV2W here? */ - -/* Only one for the following should be defined */ -/* The prime number generation stuff may not work when - * EIGHT_BIT but I don't care since I've only used this mode - * for debuging the bignum libraries */ -#undef SIXTY_FOUR_BIT_LONG -#undef SIXTY_FOUR_BIT -#define THIRTY_TWO_BIT -#undef SIXTEEN_BIT -#undef EIGHT_BIT -#endif - -#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) -#define CONFIG_HEADER_RC4_LOCL_H -/* if this is defined data[i] is used instead of *data, this is a %20 - * speedup on x86 */ -#define RC4_INDEX -#endif - -#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H) -#define CONFIG_HEADER_BF_LOCL_H -#undef BF_PTR -#endif /* HEADER_BF_LOCL_H */ - -#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H) -#define CONFIG_HEADER_DES_LOCL_H -#ifndef DES_DEFAULT_OPTIONS -/* the following is tweaked from a config script, that is why it is a - * protected undef/define */ -#ifndef DES_PTR -#undef DES_PTR -#endif - -/* This helps C compiler generate the correct code for multiple functional - * units. It reduces register dependancies at the expense of 2 more - * registers */ -#ifndef DES_RISC1 -#undef DES_RISC1 -#endif - -#ifndef DES_RISC2 -#undef DES_RISC2 -#endif - -#if defined(DES_RISC1) && defined(DES_RISC2) -YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! -#endif - -/* Unroll the inner loop, this sometimes helps, sometimes hinders. - * Very mucy CPU dependant */ -#ifndef DES_UNROLL -#define DES_UNROLL -#endif - -/* These default values were supplied by - * Peter Gutman - * They are only used if nothing else has been defined */ -#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL) -/* Special defines which change the way the code is built depending on the - CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find - even newer MIPS CPU's, but at the moment one size fits all for - optimization options. Older Sparc's work better with only UNROLL, but - there's no way to tell at compile time what it is you're running on */ - -#if defined( sun ) /* Newer Sparc's */ -# define DES_PTR -# define DES_RISC1 -# define DES_UNROLL -#elif defined( __ultrix ) /* Older MIPS */ -# define DES_PTR -# define DES_RISC2 -# define DES_UNROLL -#elif defined( __osf1__ ) /* Alpha */ -# define DES_PTR -# define DES_RISC2 -#elif defined ( _AIX ) /* RS6000 */ - /* Unknown */ -#elif defined( __hpux ) /* HP-PA */ - /* Unknown */ -#elif defined( __aux ) /* 68K */ - /* Unknown */ -#elif defined( __dgux ) /* 88K (but P6 in latest boxes) */ -# define DES_UNROLL -#elif defined( __sgi ) /* Newer MIPS */ -# define DES_PTR -# define DES_RISC2 -# define DES_UNROLL -#elif defined(i386) || defined(__i386__) /* x86 boxes, should be gcc */ -# define DES_PTR -# define DES_RISC1 -# define DES_UNROLL -#endif /* Systems-specific speed defines */ -#endif - -#endif /* DES_DEFAULT_OPTIONS */ -#endif /* HEADER_DES_LOCL_H */ diff --git a/src/lib/libssl/crypto/arch/sparc/opensslconf.h b/src/lib/libssl/crypto/arch/sparc/opensslconf.h deleted file mode 100644 index 47a6dd85966..00000000000 --- a/src/lib/libssl/crypto/arch/sparc/opensslconf.h +++ /dev/null @@ -1,180 +0,0 @@ -/* opensslconf.h */ -/* WARNING: Generated automatically from opensslconf.h.in by Configure. */ - -/* OpenSSL was configured with the following options: */ -#ifndef OPENSSL_DOING_MAKEDEPEND - -#ifndef OPENSSL_NO_KRB5 -# define OPENSSL_NO_KRB5 -#endif - -#endif /* OPENSSL_DOING_MAKEDEPEND */ - -/* The OPENSSL_NO_* macros are also defined as NO_* if the application - asks for it. This is a transient feature that is provided for those - who haven't had the time to do the appropriate changes in their - applications. */ -#ifdef OPENSSL_ALGORITHM_DEFINES -# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5) -# define NO_KRB5 -# endif -#endif - -/* crypto/opensslconf.h.in */ - -/* Generate 80386 code? */ -#undef I386_ONLY - -#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ -#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) -#define OPENSSLDIR "/etc/ssl" -#endif -#endif - -#undef OPENSSL_UNISTD -#define OPENSSL_UNISTD - -#undef OPENSSL_EXPORT_VAR_AS_FUNCTION - -#if defined(HEADER_IDEA_H) && !defined(IDEA_INT) -#define IDEA_INT unsigned int -#endif - -#if defined(HEADER_MD2_H) && !defined(MD2_INT) -#define MD2_INT unsigned int -#endif - -#if defined(HEADER_RC2_H) && !defined(RC2_INT) -/* I need to put in a mod for the alpha - eay */ -#define RC2_INT unsigned int -#endif - -#if defined(HEADER_RC4_H) -#if !defined(RC4_INT) -/* using int types make the structure larger but make the code faster - * on most boxes I have tested - up to %20 faster. */ -/* - * I don't know what does "most" mean, but declaring "int" is a must on: - * - Intel P6 because partial register stalls are very expensive; - * - elder Alpha because it lacks byte load/store instructions; - */ -#define RC4_INT unsigned int -#endif -#if !defined(RC4_CHUNK) -/* - * This enables code handling data aligned at natural CPU word - * boundary. See crypto/rc4/rc4_enc.c for further details. - */ -#undef RC4_CHUNK -#endif -#endif - -#if (defined(HEADER_DES_H) || defined(HEADER_DES_OLD_H)) && !defined(DES_LONG) -/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a - * %20 speed up (longs are 8 bytes, int's are 4). */ -#ifndef DES_LONG -#define DES_LONG unsigned int -#endif -#endif - -#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) -#define CONFIG_HEADER_BN_H -#define BN_LLONG - -/* Should we define BN_DIV2W here? */ - -/* Only one for the following should be defined */ -/* The prime number generation stuff may not work when - * EIGHT_BIT but I don't care since I've only used this mode - * for debuging the bignum libraries */ -#undef SIXTY_FOUR_BIT_LONG -#undef SIXTY_FOUR_BIT -#define THIRTY_TWO_BIT -#undef SIXTEEN_BIT -#undef EIGHT_BIT -#endif - -#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) -#define CONFIG_HEADER_RC4_LOCL_H -/* if this is defined data[i] is used instead of *data, this is a %20 - * speedup on x86 */ -#define RC4_INDEX -#endif - -#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H) -#define CONFIG_HEADER_BF_LOCL_H -#undef BF_PTR -#endif /* HEADER_BF_LOCL_H */ - -#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H) -#define CONFIG_HEADER_DES_LOCL_H -#ifndef DES_DEFAULT_OPTIONS -/* the following is tweaked from a config script, that is why it is a - * protected undef/define */ -#ifndef DES_PTR -#undef DES_PTR -#endif - -/* This helps C compiler generate the correct code for multiple functional - * units. It reduces register dependancies at the expense of 2 more - * registers */ -#ifndef DES_RISC1 -#undef DES_RISC1 -#endif - -#ifndef DES_RISC2 -#undef DES_RISC2 -#endif - -#if defined(DES_RISC1) && defined(DES_RISC2) -YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! -#endif - -/* Unroll the inner loop, this sometimes helps, sometimes hinders. - * Very mucy CPU dependant */ -#ifndef DES_UNROLL -#define DES_UNROLL -#endif - -/* These default values were supplied by - * Peter Gutman - * They are only used if nothing else has been defined */ -#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL) -/* Special defines which change the way the code is built depending on the - CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find - even newer MIPS CPU's, but at the moment one size fits all for - optimization options. Older Sparc's work better with only UNROLL, but - there's no way to tell at compile time what it is you're running on */ - -#if defined( sun ) /* Newer Sparc's */ -# define DES_PTR -# define DES_RISC1 -# define DES_UNROLL -#elif defined( __ultrix ) /* Older MIPS */ -# define DES_PTR -# define DES_RISC2 -# define DES_UNROLL -#elif defined( __osf1__ ) /* Alpha */ -# define DES_PTR -# define DES_RISC2 -#elif defined ( _AIX ) /* RS6000 */ - /* Unknown */ -#elif defined( __hpux ) /* HP-PA */ - /* Unknown */ -#elif defined( __aux ) /* 68K */ - /* Unknown */ -#elif defined( __dgux ) /* 88K (but P6 in latest boxes) */ -# define DES_UNROLL -#elif defined( __sgi ) /* Newer MIPS */ -# define DES_PTR -# define DES_RISC2 -# define DES_UNROLL -#elif defined(i386) || defined(__i386__) /* x86 boxes, should be gcc */ -# define DES_PTR -# define DES_RISC1 -# define DES_UNROLL -#endif /* Systems-specific speed defines */ -#endif - -#endif /* DES_DEFAULT_OPTIONS */ -#endif /* HEADER_DES_LOCL_H */ diff --git a/src/lib/libssl/crypto/arch/sparc64/opensslconf.h b/src/lib/libssl/crypto/arch/sparc64/opensslconf.h deleted file mode 100644 index 053308653bb..00000000000 --- a/src/lib/libssl/crypto/arch/sparc64/opensslconf.h +++ /dev/null @@ -1,180 +0,0 @@ -/* opensslconf.h */ -/* WARNING: Generated automatically from opensslconf.h.in by Configure. */ - -/* OpenSSL was configured with the following options: */ -#ifndef OPENSSL_DOING_MAKEDEPEND - -#ifndef OPENSSL_NO_KRB5 -# define OPENSSL_NO_KRB5 -#endif - -#endif /* OPENSSL_DOING_MAKEDEPEND */ - -/* The OPENSSL_NO_* macros are also defined as NO_* if the application - asks for it. This is a transient feature that is provided for those - who haven't had the time to do the appropriate changes in their - applications. */ -#ifdef OPENSSL_ALGORITHM_DEFINES -# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5) -# define NO_KRB5 -# endif -#endif - -/* crypto/opensslconf.h.in */ - -/* Generate 80386 code? */ -#undef I386_ONLY - -#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ -#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) -#define OPENSSLDIR "/etc/ssl" -#endif -#endif - -#undef OPENSSL_UNISTD -#define OPENSSL_UNISTD - -#undef OPENSSL_EXPORT_VAR_AS_FUNCTION - -#if defined(HEADER_IDEA_H) && !defined(IDEA_INT) -#define IDEA_INT unsigned int -#endif - -#if defined(HEADER_MD2_H) && !defined(MD2_INT) -#define MD2_INT unsigned int -#endif - -#if defined(HEADER_RC2_H) && !defined(RC2_INT) -/* I need to put in a mod for the alpha - eay */ -#define RC2_INT unsigned int -#endif - -#if defined(HEADER_RC4_H) -#if !defined(RC4_INT) -/* using int types make the structure larger but make the code faster - * on most boxes I have tested - up to %20 faster. */ -/* - * I don't know what does "most" mean, but declaring "int" is a must on: - * - Intel P6 because partial register stalls are very expensive; - * - elder Alpha because it lacks byte load/store instructions; - */ -#define RC4_INT unsigned int -#endif -#if !defined(RC4_CHUNK) -/* - * This enables code handling data aligned at natural CPU word - * boundary. See crypto/rc4/rc4_enc.c for further details. - */ -#undef RC4_CHUNK -#endif -#endif - -#if (defined(HEADER_DES_H) || defined(HEADER_DES_OLD_H)) && !defined(DES_LONG) -/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a - * %20 speed up (longs are 8 bytes, int's are 4). */ -#ifndef DES_LONG -#define DES_LONG unsigned int -#endif -#endif - -#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) -#define CONFIG_HEADER_BN_H -#undef BN_LLONG - -/* Should we define BN_DIV2W here? */ - -/* Only one for the following should be defined */ -/* The prime number generation stuff may not work when - * EIGHT_BIT but I don't care since I've only used this mode - * for debuging the bignum libraries */ -#define SIXTY_FOUR_BIT_LONG -#undef SIXTY_FOUR_BIT -#undef THIRTY_TWO_BIT -#undef SIXTEEN_BIT -#undef EIGHT_BIT -#endif - -#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) -#define CONFIG_HEADER_RC4_LOCL_H -/* if this is defined data[i] is used instead of *data, this is a %20 - * speedup on x86 */ -#undef RC4_INDEX -#endif - -#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H) -#define CONFIG_HEADER_BF_LOCL_H -#define BF_PTR -#endif /* HEADER_BF_LOCL_H */ - -#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H) -#define CONFIG_HEADER_DES_LOCL_H -#ifndef DES_DEFAULT_OPTIONS -/* the following is tweaked from a config script, that is why it is a - * protected undef/define */ -#ifndef DES_PTR -#define DES_PTR -#endif - -/* This helps C compiler generate the correct code for multiple functional - * units. It reduces register dependancies at the expense of 2 more - * registers */ -#ifndef DES_RISC1 -#undef DES_RISC1 -#endif - -#ifndef DES_RISC2 -#define DES_RISC2 -#endif - -#if defined(DES_RISC1) && defined(DES_RISC2) -YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! -#endif - -/* Unroll the inner loop, this sometimes helps, sometimes hinders. - * Very mucy CPU dependant */ -#ifndef DES_UNROLL -#undef DES_UNROLL -#endif - -/* These default values were supplied by - * Peter Gutman - * They are only used if nothing else has been defined */ -#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL) -/* Special defines which change the way the code is built depending on the - CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find - even newer MIPS CPU's, but at the moment one size fits all for - optimization options. Older Sparc's work better with only UNROLL, but - there's no way to tell at compile time what it is you're running on */ - -#if defined( sun ) /* Newer Sparc's */ -# define DES_PTR -# define DES_RISC1 -# define DES_UNROLL -#elif defined( __ultrix ) /* Older MIPS */ -# define DES_PTR -# define DES_RISC2 -# define DES_UNROLL -#elif defined( __osf1__ ) /* Alpha */ -# define DES_PTR -# define DES_RISC2 -#elif defined ( _AIX ) /* RS6000 */ - /* Unknown */ -#elif defined( __hpux ) /* HP-PA */ - /* Unknown */ -#elif defined( __aux ) /* 68K */ - /* Unknown */ -#elif defined( __dgux ) /* 88K (but P6 in latest boxes) */ -# define DES_UNROLL -#elif defined( __sgi ) /* Newer MIPS */ -# define DES_PTR -# define DES_RISC2 -# define DES_UNROLL -#elif defined(i386) || defined(__i386__) /* x86 boxes, should be gcc */ -# define DES_PTR -# define DES_RISC1 -# define DES_UNROLL -#endif /* Systems-specific speed defines */ -#endif - -#endif /* DES_DEFAULT_OPTIONS */ -#endif /* HEADER_DES_LOCL_H */ diff --git a/src/lib/libssl/crypto/arch/vax/opensslconf.h b/src/lib/libssl/crypto/arch/vax/opensslconf.h deleted file mode 100644 index 47a6dd85966..00000000000 --- a/src/lib/libssl/crypto/arch/vax/opensslconf.h +++ /dev/null @@ -1,180 +0,0 @@ -/* opensslconf.h */ -/* WARNING: Generated automatically from opensslconf.h.in by Configure. */ - -/* OpenSSL was configured with the following options: */ -#ifndef OPENSSL_DOING_MAKEDEPEND - -#ifndef OPENSSL_NO_KRB5 -# define OPENSSL_NO_KRB5 -#endif - -#endif /* OPENSSL_DOING_MAKEDEPEND */ - -/* The OPENSSL_NO_* macros are also defined as NO_* if the application - asks for it. This is a transient feature that is provided for those - who haven't had the time to do the appropriate changes in their - applications. */ -#ifdef OPENSSL_ALGORITHM_DEFINES -# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5) -# define NO_KRB5 -# endif -#endif - -/* crypto/opensslconf.h.in */ - -/* Generate 80386 code? */ -#undef I386_ONLY - -#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */ -#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR) -#define OPENSSLDIR "/etc/ssl" -#endif -#endif - -#undef OPENSSL_UNISTD -#define OPENSSL_UNISTD - -#undef OPENSSL_EXPORT_VAR_AS_FUNCTION - -#if defined(HEADER_IDEA_H) && !defined(IDEA_INT) -#define IDEA_INT unsigned int -#endif - -#if defined(HEADER_MD2_H) && !defined(MD2_INT) -#define MD2_INT unsigned int -#endif - -#if defined(HEADER_RC2_H) && !defined(RC2_INT) -/* I need to put in a mod for the alpha - eay */ -#define RC2_INT unsigned int -#endif - -#if defined(HEADER_RC4_H) -#if !defined(RC4_INT) -/* using int types make the structure larger but make the code faster - * on most boxes I have tested - up to %20 faster. */ -/* - * I don't know what does "most" mean, but declaring "int" is a must on: - * - Intel P6 because partial register stalls are very expensive; - * - elder Alpha because it lacks byte load/store instructions; - */ -#define RC4_INT unsigned int -#endif -#if !defined(RC4_CHUNK) -/* - * This enables code handling data aligned at natural CPU word - * boundary. See crypto/rc4/rc4_enc.c for further details. - */ -#undef RC4_CHUNK -#endif -#endif - -#if (defined(HEADER_DES_H) || defined(HEADER_DES_OLD_H)) && !defined(DES_LONG) -/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a - * %20 speed up (longs are 8 bytes, int's are 4). */ -#ifndef DES_LONG -#define DES_LONG unsigned int -#endif -#endif - -#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) -#define CONFIG_HEADER_BN_H -#define BN_LLONG - -/* Should we define BN_DIV2W here? */ - -/* Only one for the following should be defined */ -/* The prime number generation stuff may not work when - * EIGHT_BIT but I don't care since I've only used this mode - * for debuging the bignum libraries */ -#undef SIXTY_FOUR_BIT_LONG -#undef SIXTY_FOUR_BIT -#define THIRTY_TWO_BIT -#undef SIXTEEN_BIT -#undef EIGHT_BIT -#endif - -#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H) -#define CONFIG_HEADER_RC4_LOCL_H -/* if this is defined data[i] is used instead of *data, this is a %20 - * speedup on x86 */ -#define RC4_INDEX -#endif - -#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H) -#define CONFIG_HEADER_BF_LOCL_H -#undef BF_PTR -#endif /* HEADER_BF_LOCL_H */ - -#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H) -#define CONFIG_HEADER_DES_LOCL_H -#ifndef DES_DEFAULT_OPTIONS -/* the following is tweaked from a config script, that is why it is a - * protected undef/define */ -#ifndef DES_PTR -#undef DES_PTR -#endif - -/* This helps C compiler generate the correct code for multiple functional - * units. It reduces register dependancies at the expense of 2 more - * registers */ -#ifndef DES_RISC1 -#undef DES_RISC1 -#endif - -#ifndef DES_RISC2 -#undef DES_RISC2 -#endif - -#if defined(DES_RISC1) && defined(DES_RISC2) -YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!! -#endif - -/* Unroll the inner loop, this sometimes helps, sometimes hinders. - * Very mucy CPU dependant */ -#ifndef DES_UNROLL -#define DES_UNROLL -#endif - -/* These default values were supplied by - * Peter Gutman - * They are only used if nothing else has been defined */ -#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL) -/* Special defines which change the way the code is built depending on the - CPU and OS. For SGI machines you can use _MIPS_SZLONG (32 or 64) to find - even newer MIPS CPU's, but at the moment one size fits all for - optimization options. Older Sparc's work better with only UNROLL, but - there's no way to tell at compile time what it is you're running on */ - -#if defined( sun ) /* Newer Sparc's */ -# define DES_PTR -# define DES_RISC1 -# define DES_UNROLL -#elif defined( __ultrix ) /* Older MIPS */ -# define DES_PTR -# define DES_RISC2 -# define DES_UNROLL -#elif defined( __osf1__ ) /* Alpha */ -# define DES_PTR -# define DES_RISC2 -#elif defined ( _AIX ) /* RS6000 */ - /* Unknown */ -#elif defined( __hpux ) /* HP-PA */ - /* Unknown */ -#elif defined( __aux ) /* 68K */ - /* Unknown */ -#elif defined( __dgux ) /* 88K (but P6 in latest boxes) */ -# define DES_UNROLL -#elif defined( __sgi ) /* Newer MIPS */ -# define DES_PTR -# define DES_RISC2 -# define DES_UNROLL -#elif defined(i386) || defined(__i386__) /* x86 boxes, should be gcc */ -# define DES_PTR -# define DES_RISC1 -# define DES_UNROLL -#endif /* Systems-specific speed defines */ -#endif - -#endif /* DES_DEFAULT_OPTIONS */ -#endif /* HEADER_DES_LOCL_H */ diff --git a/src/lib/libssl/crypto/shlib_version b/src/lib/libssl/crypto/shlib_version deleted file mode 100644 index 9c1551636c5..00000000000 --- a/src/lib/libssl/crypto/shlib_version +++ /dev/null @@ -1,2 +0,0 @@ -major=6 -minor=0 diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c new file mode 100644 index 00000000000..8f3cc610b89 --- /dev/null +++ b/src/lib/libssl/d1_both.c @@ -0,0 +1,1255 @@ +/* $OpenBSD: d1_both.c,v 1.57 2019/02/10 16:42:35 phessler Exp $ */ +/* + * DTLS implementation written by Nagendra Modadugu + * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. + */ +/* ==================================================================== + * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include +#include + +#include "ssl_locl.h" + +#include +#include +#include +#include + +#include "pqueue.h" +#include "bytestring.h" + +#define RSMBLY_BITMASK_SIZE(msg_len) (((msg_len) + 7) / 8) + +#define RSMBLY_BITMASK_MARK(bitmask, start, end) { \ + if ((end) - (start) <= 8) { \ + long ii; \ + for (ii = (start); ii < (end); ii++) bitmask[((ii) >> 3)] |= (1 << ((ii) & 7)); \ + } else { \ + long ii; \ + bitmask[((start) >> 3)] |= bitmask_start_values[((start) & 7)]; \ + for (ii = (((start) >> 3) + 1); ii < ((((end) - 1)) >> 3); ii++) bitmask[ii] = 0xff; \ + bitmask[(((end) - 1) >> 3)] |= bitmask_end_values[((end) & 7)]; \ + } } + +#define RSMBLY_BITMASK_IS_COMPLETE(bitmask, msg_len, is_complete) { \ + long ii; \ + OPENSSL_assert((msg_len) > 0); \ + is_complete = 1; \ + if (bitmask[(((msg_len) - 1) >> 3)] != bitmask_end_values[((msg_len) & 7)]) is_complete = 0; \ + if (is_complete) for (ii = (((msg_len) - 1) >> 3) - 1; ii >= 0 ; ii--) \ + if (bitmask[ii] != 0xff) { is_complete = 0; break; } } + +static unsigned char bitmask_start_values[] = { + 0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80 +}; +static unsigned char bitmask_end_values[] = { + 0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f +}; + +/* XDTLS: figure out the right values */ +static unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28}; + +static unsigned int dtls1_guess_mtu(unsigned int curr_mtu); +static void dtls1_fix_message_header(SSL *s, unsigned long frag_off, + unsigned long frag_len); +static int dtls1_write_message_header(const struct hm_header_st *msg_hdr, + unsigned long frag_off, unsigned long frag_len, unsigned char *p); +static long dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, + int *ok); + +static hm_fragment * +dtls1_hm_fragment_new(unsigned long frag_len, int reassembly) +{ + hm_fragment *frag = NULL; + unsigned char *buf = NULL; + unsigned char *bitmask = NULL; + + frag = malloc(sizeof(hm_fragment)); + if (frag == NULL) + return NULL; + + if (frag_len) { + buf = malloc(frag_len); + if (buf == NULL) { + free(frag); + return NULL; + } + } + + /* zero length fragment gets zero frag->fragment */ + frag->fragment = buf; + + /* Initialize reassembly bitmask if necessary */ + if (reassembly) { + bitmask = malloc(RSMBLY_BITMASK_SIZE(frag_len)); + if (bitmask == NULL) { + free(buf); + free(frag); + return NULL; + } + memset(bitmask, 0, RSMBLY_BITMASK_SIZE(frag_len)); + } + + frag->reassembly = bitmask; + + return frag; +} + +static void +dtls1_hm_fragment_free(hm_fragment *frag) +{ + if (frag == NULL) + return; + + if (frag->msg_header.is_ccs) { + EVP_CIPHER_CTX_free( + frag->msg_header.saved_retransmit_state.enc_write_ctx); + EVP_MD_CTX_free( + frag->msg_header.saved_retransmit_state.write_hash); + } + free(frag->fragment); + free(frag->reassembly); + free(frag); +} + +/* send s->internal->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */ +int +dtls1_do_write(SSL *s, int type) +{ + int ret; + int curr_mtu; + unsigned int len, frag_off, mac_size, blocksize; + + /* AHA! Figure out the MTU, and stick to the right size */ + if (D1I(s)->mtu < dtls1_min_mtu() && + !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) { + D1I(s)->mtu = BIO_ctrl(SSL_get_wbio(s), + BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); + + /* + * I've seen the kernel return bogus numbers when it + * doesn't know the MTU (ie., the initial write), so just + * make sure we have a reasonable number + */ + if (D1I(s)->mtu < dtls1_min_mtu()) { + D1I(s)->mtu = 0; + D1I(s)->mtu = dtls1_guess_mtu(D1I(s)->mtu); + BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU, + D1I(s)->mtu, NULL); + } + } + + OPENSSL_assert(D1I(s)->mtu >= dtls1_min_mtu()); + /* should have something reasonable now */ + + if (s->internal->init_off == 0 && type == SSL3_RT_HANDSHAKE) + OPENSSL_assert(s->internal->init_num == + (int)D1I(s)->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH); + + if (s->internal->write_hash) + mac_size = EVP_MD_CTX_size(s->internal->write_hash); + else + mac_size = 0; + + if (s->internal->enc_write_ctx && + (EVP_CIPHER_mode( s->internal->enc_write_ctx->cipher) & EVP_CIPH_CBC_MODE)) + blocksize = 2 * EVP_CIPHER_block_size(s->internal->enc_write_ctx->cipher); + else + blocksize = 0; + + frag_off = 0; + while (s->internal->init_num) { + curr_mtu = D1I(s)->mtu - BIO_wpending(SSL_get_wbio(s)) - + DTLS1_RT_HEADER_LENGTH - mac_size - blocksize; + + if (curr_mtu <= DTLS1_HM_HEADER_LENGTH) { + /* grr.. we could get an error if MTU picked was wrong */ + ret = BIO_flush(SSL_get_wbio(s)); + if (ret <= 0) + return ret; + curr_mtu = D1I(s)->mtu - DTLS1_RT_HEADER_LENGTH - + mac_size - blocksize; + } + + if (s->internal->init_num > curr_mtu) + len = curr_mtu; + else + len = s->internal->init_num; + + + /* XDTLS: this function is too long. split out the CCS part */ + if (type == SSL3_RT_HANDSHAKE) { + if (s->internal->init_off != 0) { + OPENSSL_assert(s->internal->init_off > DTLS1_HM_HEADER_LENGTH); + s->internal->init_off -= DTLS1_HM_HEADER_LENGTH; + s->internal->init_num += DTLS1_HM_HEADER_LENGTH; + + if (s->internal->init_num > curr_mtu) + len = curr_mtu; + else + len = s->internal->init_num; + } + + dtls1_fix_message_header(s, frag_off, + len - DTLS1_HM_HEADER_LENGTH); + + if (!dtls1_write_message_header(&D1I(s)->w_msg_hdr, + D1I(s)->w_msg_hdr.frag_off, D1I(s)->w_msg_hdr.frag_len, + (unsigned char *)&s->internal->init_buf->data[s->internal->init_off])) + return -1; + + OPENSSL_assert(len >= DTLS1_HM_HEADER_LENGTH); + } + + ret = dtls1_write_bytes(s, type, + &s->internal->init_buf->data[s->internal->init_off], len); + if (ret < 0) { + /* + * Might need to update MTU here, but we don't know + * which previous packet caused the failure -- so + * can't really retransmit anything. continue as + * if everything is fine and wait for an alert to + * handle the retransmit + */ + if (BIO_ctrl(SSL_get_wbio(s), + BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0) + D1I(s)->mtu = BIO_ctrl(SSL_get_wbio(s), + BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); + else + return (-1); + } else { + + /* + * Bad if this assert fails, only part of the + * handshake message got sent. but why would + * this happen? + */ + OPENSSL_assert(len == (unsigned int)ret); + + if (type == SSL3_RT_HANDSHAKE && + !D1I(s)->retransmitting) { + /* + * Should not be done for 'Hello Request's, + * but in that case we'll ignore the result + * anyway + */ + unsigned char *p = (unsigned char *)&s->internal->init_buf->data[s->internal->init_off]; + const struct hm_header_st *msg_hdr = &D1I(s)->w_msg_hdr; + int xlen; + + if (frag_off == 0) { + /* + * Reconstruct message header is if it + * is being sent in single fragment + */ + if (!dtls1_write_message_header(msg_hdr, + 0, msg_hdr->msg_len, p)) + return (-1); + xlen = ret; + } else { + p += DTLS1_HM_HEADER_LENGTH; + xlen = ret - DTLS1_HM_HEADER_LENGTH; + } + + tls1_transcript_record(s, p, xlen); + } + + if (ret == s->internal->init_num) { + if (s->internal->msg_callback) + s->internal->msg_callback(1, s->version, type, + s->internal->init_buf->data, + (size_t)(s->internal->init_off + s->internal->init_num), + s, s->internal->msg_callback_arg); + + s->internal->init_off = 0; + /* done writing this message */ + s->internal->init_num = 0; + + return (1); + } + s->internal->init_off += ret; + s->internal->init_num -= ret; + frag_off += (ret -= DTLS1_HM_HEADER_LENGTH); + } + } + return (0); +} + + +/* + * Obtain handshake message of message type 'mt' (any if mt == -1), + * maximum acceptable body length 'max'. + * Read an entire handshake message. Handshake messages arrive in + * fragments. + */ +long +dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) +{ + int i, al; + struct hm_header_st *msg_hdr; + unsigned char *p; + unsigned long msg_len; + + /* + * s3->internal->tmp is used to store messages that are unexpected, caused + * by the absence of an optional handshake message + */ + if (S3I(s)->tmp.reuse_message) { + S3I(s)->tmp.reuse_message = 0; + if ((mt >= 0) && (S3I(s)->tmp.message_type != mt)) { + al = SSL_AD_UNEXPECTED_MESSAGE; + SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); + goto f_err; + } + *ok = 1; + s->internal->init_msg = s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH; + s->internal->init_num = (int)S3I(s)->tmp.message_size; + return s->internal->init_num; + } + + msg_hdr = &D1I(s)->r_msg_hdr; + memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); + +again: + i = dtls1_get_message_fragment(s, st1, stn, max, ok); + if (i == DTLS1_HM_BAD_FRAGMENT || + i == DTLS1_HM_FRAGMENT_RETRY) /* bad fragment received */ + goto again; + else if (i <= 0 && !*ok) + return i; + + p = (unsigned char *)s->internal->init_buf->data; + msg_len = msg_hdr->msg_len; + + /* reconstruct message header */ + if (!dtls1_write_message_header(msg_hdr, 0, msg_len, p)) + return -1; + + msg_len += DTLS1_HM_HEADER_LENGTH; + + tls1_transcript_record(s, p, msg_len); + if (s->internal->msg_callback) + s->internal->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, msg_len, + s, s->internal->msg_callback_arg); + + memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); + + /* Don't change sequence numbers while listening */ + if (!D1I(s)->listen) + D1I(s)->handshake_read_seq++; + + s->internal->init_msg = s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH; + return s->internal->init_num; + +f_err: + ssl3_send_alert(s, SSL3_AL_FATAL, al); + *ok = 0; + return -1; +} + + +static int +dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max) +{ + size_t frag_off, frag_len, msg_len; + + msg_len = msg_hdr->msg_len; + frag_off = msg_hdr->frag_off; + frag_len = msg_hdr->frag_len; + + /* sanity checking */ + if ((frag_off + frag_len) > msg_len) { + SSLerror(s, SSL_R_EXCESSIVE_MESSAGE_SIZE); + return SSL_AD_ILLEGAL_PARAMETER; + } + + if ((frag_off + frag_len) > (unsigned long)max) { + SSLerror(s, SSL_R_EXCESSIVE_MESSAGE_SIZE); + return SSL_AD_ILLEGAL_PARAMETER; + } + + if ( D1I(s)->r_msg_hdr.frag_off == 0) /* first fragment */ + { + /* + * msg_len is limited to 2^24, but is effectively checked + * against max above + */ + if (!BUF_MEM_grow_clean(s->internal->init_buf, + msg_len + DTLS1_HM_HEADER_LENGTH)) { + SSLerror(s, ERR_R_BUF_LIB); + return SSL_AD_INTERNAL_ERROR; + } + + S3I(s)->tmp.message_size = msg_len; + D1I(s)->r_msg_hdr.msg_len = msg_len; + S3I(s)->tmp.message_type = msg_hdr->type; + D1I(s)->r_msg_hdr.type = msg_hdr->type; + D1I(s)->r_msg_hdr.seq = msg_hdr->seq; + } else if (msg_len != D1I(s)->r_msg_hdr.msg_len) { + /* + * They must be playing with us! BTW, failure to enforce + * upper limit would open possibility for buffer overrun. + */ + SSLerror(s, SSL_R_EXCESSIVE_MESSAGE_SIZE); + return SSL_AD_ILLEGAL_PARAMETER; + } + + return 0; /* no error */ +} + +static int +dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok) +{ + /* + * (0) check whether the desired fragment is available + * if so: + * (1) copy over the fragment to s->internal->init_buf->data[] + * (2) update s->internal->init_num + */ + pitem *item; + hm_fragment *frag; + int al; + + *ok = 0; + item = pqueue_peek(D1I(s)->buffered_messages); + if (item == NULL) + return 0; + + frag = (hm_fragment *)item->data; + + /* Don't return if reassembly still in progress */ + if (frag->reassembly != NULL) + return 0; + + if (D1I(s)->handshake_read_seq == frag->msg_header.seq) { + unsigned long frag_len = frag->msg_header.frag_len; + pqueue_pop(D1I(s)->buffered_messages); + + al = dtls1_preprocess_fragment(s, &frag->msg_header, max); + + if (al == 0) /* no alert */ + { + unsigned char *p = (unsigned char *)s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH; + memcpy(&p[frag->msg_header.frag_off], + frag->fragment, frag->msg_header.frag_len); + } + + dtls1_hm_fragment_free(frag); + pitem_free(item); + + if (al == 0) { + *ok = 1; + return frag_len; + } + + ssl3_send_alert(s, SSL3_AL_FATAL, al); + s->internal->init_num = 0; + *ok = 0; + return -1; + } else + return 0; +} + +/* + * dtls1_max_handshake_message_len returns the maximum number of bytes + * permitted in a DTLS handshake message for |s|. The minimum is 16KB, + * but may be greater if the maximum certificate list size requires it. + */ +static unsigned long +dtls1_max_handshake_message_len(const SSL *s) +{ + unsigned long max_len; + + max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH; + if (max_len < (unsigned long)s->internal->max_cert_list) + return s->internal->max_cert_list; + return max_len; +} + +static int +dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok) +{ + hm_fragment *frag = NULL; + pitem *item = NULL; + int i = -1, is_complete; + unsigned char seq64be[8]; + unsigned long frag_len = msg_hdr->frag_len; + + if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len || + msg_hdr->msg_len > dtls1_max_handshake_message_len(s)) + goto err; + + if (frag_len == 0) { + i = DTLS1_HM_FRAGMENT_RETRY; + goto err; + } + + /* Try to find item in queue */ + memset(seq64be, 0, sizeof(seq64be)); + seq64be[6] = (unsigned char)(msg_hdr->seq >> 8); + seq64be[7] = (unsigned char)msg_hdr->seq; + item = pqueue_find(D1I(s)->buffered_messages, seq64be); + + if (item == NULL) { + frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1); + if (frag == NULL) + goto err; + memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr)); + frag->msg_header.frag_len = frag->msg_header.msg_len; + frag->msg_header.frag_off = 0; + } else { + frag = (hm_fragment*)item->data; + if (frag->msg_header.msg_len != msg_hdr->msg_len) { + item = NULL; + frag = NULL; + goto err; + } + } + + /* + * If message is already reassembled, this must be a + * retransmit and can be dropped. + */ + if (frag->reassembly == NULL) { + unsigned char devnull [256]; + + while (frag_len) { + i = s->method->internal->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, + devnull, frag_len > sizeof(devnull) ? + sizeof(devnull) : frag_len, 0); + if (i <= 0) + goto err; + frag_len -= i; + } + i = DTLS1_HM_FRAGMENT_RETRY; + goto err; + } + + /* read the body of the fragment (header has already been read */ + i = s->method->internal->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, + frag->fragment + msg_hdr->frag_off, frag_len, 0); + if (i <= 0 || (unsigned long)i != frag_len) + goto err; + + RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off, + (long)(msg_hdr->frag_off + frag_len)); + + RSMBLY_BITMASK_IS_COMPLETE(frag->reassembly, (long)msg_hdr->msg_len, + is_complete); + + if (is_complete) { + free(frag->reassembly); + frag->reassembly = NULL; + } + + if (item == NULL) { + memset(seq64be, 0, sizeof(seq64be)); + seq64be[6] = (unsigned char)(msg_hdr->seq >> 8); + seq64be[7] = (unsigned char)(msg_hdr->seq); + + item = pitem_new(seq64be, frag); + if (item == NULL) { + i = -1; + goto err; + } + + pqueue_insert(D1I(s)->buffered_messages, item); + } + + return DTLS1_HM_FRAGMENT_RETRY; + +err: + if (item == NULL && frag != NULL) + dtls1_hm_fragment_free(frag); + *ok = 0; + return i; +} + + +static int +dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok) +{ + int i = -1; + hm_fragment *frag = NULL; + pitem *item = NULL; + unsigned char seq64be[8]; + unsigned long frag_len = msg_hdr->frag_len; + + if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len) + goto err; + + /* Try to find item in queue, to prevent duplicate entries */ + memset(seq64be, 0, sizeof(seq64be)); + seq64be[6] = (unsigned char) (msg_hdr->seq >> 8); + seq64be[7] = (unsigned char) msg_hdr->seq; + item = pqueue_find(D1I(s)->buffered_messages, seq64be); + + /* + * If we already have an entry and this one is a fragment, + * don't discard it and rather try to reassemble it. + */ + if (item != NULL && frag_len < msg_hdr->msg_len) + item = NULL; + + /* + * Discard the message if sequence number was already there, is + * too far in the future, already in the queue or if we received + * a FINISHED before the SERVER_HELLO, which then must be a stale + * retransmit. + */ + if (msg_hdr->seq <= D1I(s)->handshake_read_seq || + msg_hdr->seq > D1I(s)->handshake_read_seq + 10 || item != NULL || + (D1I(s)->handshake_read_seq == 0 && + msg_hdr->type == SSL3_MT_FINISHED)) { + unsigned char devnull [256]; + + while (frag_len) { + i = s->method->internal->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, + devnull, frag_len > sizeof(devnull) ? + sizeof(devnull) : frag_len, 0); + if (i <= 0) + goto err; + frag_len -= i; + } + } else { + if (frag_len < msg_hdr->msg_len) + return dtls1_reassemble_fragment(s, msg_hdr, ok); + + if (frag_len > dtls1_max_handshake_message_len(s)) + goto err; + + frag = dtls1_hm_fragment_new(frag_len, 0); + if (frag == NULL) + goto err; + + memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr)); + + if (frag_len) { + /* read the body of the fragment (header has already been read */ + i = s->method->internal->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, + frag->fragment, frag_len, 0); + if (i <= 0 || (unsigned long)i != frag_len) + goto err; + } + + memset(seq64be, 0, sizeof(seq64be)); + seq64be[6] = (unsigned char)(msg_hdr->seq >> 8); + seq64be[7] = (unsigned char)(msg_hdr->seq); + + item = pitem_new(seq64be, frag); + if (item == NULL) + goto err; + + pqueue_insert(D1I(s)->buffered_messages, item); + } + + return DTLS1_HM_FRAGMENT_RETRY; + +err: + if (item == NULL && frag != NULL) + dtls1_hm_fragment_free(frag); + *ok = 0; + return i; +} + + +static long +dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) +{ + unsigned char wire[DTLS1_HM_HEADER_LENGTH]; + unsigned long len, frag_off, frag_len; + int i, al; + struct hm_header_st msg_hdr; + +again: + /* see if we have the required fragment already */ + if ((frag_len = dtls1_retrieve_buffered_fragment(s, max, ok)) || *ok) { + if (*ok) + s->internal->init_num = frag_len; + return frag_len; + } + + /* read handshake message header */ + i = s->method->internal->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, wire, + DTLS1_HM_HEADER_LENGTH, 0); + if (i <= 0) /* nbio, or an error */ + { + s->internal->rwstate = SSL_READING; + *ok = 0; + return i; + } + /* Handshake fails if message header is incomplete */ + if (i != DTLS1_HM_HEADER_LENGTH || + /* parse the message fragment header */ + dtls1_get_message_header(wire, &msg_hdr) == 0) { + al = SSL_AD_UNEXPECTED_MESSAGE; + SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); + goto f_err; + } + + /* + * if this is a future (or stale) message it gets buffered + * (or dropped)--no further processing at this time + * While listening, we accept seq 1 (ClientHello with cookie) + * although we're still expecting seq 0 (ClientHello) + */ + if (msg_hdr.seq != D1I(s)->handshake_read_seq && + !(D1I(s)->listen && msg_hdr.seq == 1)) + return dtls1_process_out_of_seq_message(s, &msg_hdr, ok); + + len = msg_hdr.msg_len; + frag_off = msg_hdr.frag_off; + frag_len = msg_hdr.frag_len; + + if (frag_len && frag_len < len) + return dtls1_reassemble_fragment(s, &msg_hdr, ok); + + if (!s->server && D1I(s)->r_msg_hdr.frag_off == 0 && + wire[0] == SSL3_MT_HELLO_REQUEST) { + /* + * The server may always send 'Hello Request' messages -- + * we are doing a handshake anyway now, so ignore them + * if their format is correct. Does not count for + * 'Finished' MAC. + */ + if (wire[1] == 0 && wire[2] == 0 && wire[3] == 0) { + if (s->internal->msg_callback) + s->internal->msg_callback(0, s->version, + SSL3_RT_HANDSHAKE, wire, + DTLS1_HM_HEADER_LENGTH, s, + s->internal->msg_callback_arg); + + s->internal->init_num = 0; + goto again; + } + else /* Incorrectly formated Hello request */ + { + al = SSL_AD_UNEXPECTED_MESSAGE; + SSLerror(s, SSL_R_UNEXPECTED_MESSAGE); + goto f_err; + } + } + + if ((al = dtls1_preprocess_fragment(s, &msg_hdr, max))) + goto f_err; + + /* XDTLS: ressurect this when restart is in place */ + S3I(s)->hs.state = stn; + + if (frag_len > 0) { + unsigned char *p = (unsigned char *)s->internal->init_buf->data + DTLS1_HM_HEADER_LENGTH; + + i = s->method->internal->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, + &p[frag_off], frag_len, 0); + /* XDTLS: fix this--message fragments cannot span multiple packets */ + if (i <= 0) { + s->internal->rwstate = SSL_READING; + *ok = 0; + return i; + } + } else + i = 0; + + /* + * XDTLS: an incorrectly formatted fragment should cause the + * handshake to fail + */ + if (i != (int)frag_len) { + al = SSL3_AD_ILLEGAL_PARAMETER; + SSLerror(s, SSL3_AD_ILLEGAL_PARAMETER); + goto f_err; + } + + *ok = 1; + + /* + * Note that s->internal->init_num is *not* used as current offset in + * s->internal->init_buf->data, but as a counter summing up fragments' + * lengths: as soon as they sum up to handshake packet + * length, we assume we have got all the fragments. + */ + s->internal->init_num = frag_len; + return frag_len; + +f_err: + ssl3_send_alert(s, SSL3_AL_FATAL, al); + s->internal->init_num = 0; + + *ok = 0; + return (-1); +} + +int +dtls1_read_failed(SSL *s, int code) +{ + if (code > 0) { +#ifdef DEBUG + fprintf(stderr, "invalid state reached %s:%d", + __FILE__, __LINE__); +#endif + return 1; + } + + if (!dtls1_is_timer_expired(s)) { + /* + * not a timeout, none of our business, let higher layers + * handle this. in fact it's probably an error + */ + return code; + } + + if (!SSL_in_init(s)) /* done, no need to send a retransmit */ + { + BIO_set_flags(SSL_get_rbio(s), BIO_FLAGS_READ); + return code; + } + + return dtls1_handle_timeout(s); +} + +int +dtls1_get_queue_priority(unsigned short seq, int is_ccs) +{ + /* + * The index of the retransmission queue actually is the message + * sequence number, since the queue only contains messages of a + * single handshake. However, the ChangeCipherSpec has no message + * sequence number and so using only the sequence will result in + * the CCS and Finished having the same index. To prevent this, the + * sequence number is multiplied by 2. In case of a CCS 1 is + * subtracted. This does not only differ CSS and Finished, it also + * maintains the order of the index (important for priority queues) + * and fits in the unsigned short variable. + */ + return seq * 2 - is_ccs; +} + +int +dtls1_retransmit_buffered_messages(SSL *s) +{ + pqueue sent = s->d1->sent_messages; + piterator iter; + pitem *item; + hm_fragment *frag; + int found = 0; + + iter = pqueue_iterator(sent); + + for (item = pqueue_next(&iter); item != NULL; + item = pqueue_next(&iter)) { + frag = (hm_fragment *)item->data; + if (dtls1_retransmit_message(s, + (unsigned short)dtls1_get_queue_priority( + frag->msg_header.seq, frag->msg_header.is_ccs), 0, + &found) <= 0 && found) { +#ifdef DEBUG + fprintf(stderr, "dtls1_retransmit_message() failed\n"); +#endif + return -1; + } + } + + return 1; +} + +int +dtls1_buffer_message(SSL *s, int is_ccs) +{ + pitem *item; + hm_fragment *frag; + unsigned char seq64be[8]; + + /* Buffer the messsage in order to handle DTLS retransmissions. */ + + /* + * This function is called immediately after a message has + * been serialized + */ + OPENSSL_assert(s->internal->init_off == 0); + + frag = dtls1_hm_fragment_new(s->internal->init_num, 0); + if (frag == NULL) + return 0; + + memcpy(frag->fragment, s->internal->init_buf->data, s->internal->init_num); + + if (is_ccs) { + OPENSSL_assert(D1I(s)->w_msg_hdr.msg_len + + ((s->version == DTLS1_VERSION) ? + DTLS1_CCS_HEADER_LENGTH : 3) == (unsigned int)s->internal->init_num); + } else { + OPENSSL_assert(D1I(s)->w_msg_hdr.msg_len + + DTLS1_HM_HEADER_LENGTH == (unsigned int)s->internal->init_num); + } + + frag->msg_header.msg_len = D1I(s)->w_msg_hdr.msg_len; + frag->msg_header.seq = D1I(s)->w_msg_hdr.seq; + frag->msg_header.type = D1I(s)->w_msg_hdr.type; + frag->msg_header.frag_off = 0; + frag->msg_header.frag_len = D1I(s)->w_msg_hdr.msg_len; + frag->msg_header.is_ccs = is_ccs; + + /* save current state*/ + frag->msg_header.saved_retransmit_state.enc_write_ctx = s->internal->enc_write_ctx; + frag->msg_header.saved_retransmit_state.write_hash = s->internal->write_hash; + frag->msg_header.saved_retransmit_state.session = s->session; + frag->msg_header.saved_retransmit_state.epoch = D1I(s)->w_epoch; + + memset(seq64be, 0, sizeof(seq64be)); + seq64be[6] = (unsigned char)(dtls1_get_queue_priority( + frag->msg_header.seq, frag->msg_header.is_ccs) >> 8); + seq64be[7] = (unsigned char)(dtls1_get_queue_priority( + frag->msg_header.seq, frag->msg_header.is_ccs)); + + item = pitem_new(seq64be, frag); + if (item == NULL) { + dtls1_hm_fragment_free(frag); + return 0; + } + + pqueue_insert(s->d1->sent_messages, item); + return 1; +} + +int +dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, + int *found) +{ + int ret; + /* XDTLS: for now assuming that read/writes are blocking */ + pitem *item; + hm_fragment *frag; + unsigned long header_length; + unsigned char seq64be[8]; + struct dtls1_retransmit_state saved_state; + unsigned char save_write_sequence[8]; + + /* + OPENSSL_assert(s->internal->init_num == 0); + OPENSSL_assert(s->internal->init_off == 0); + */ + + /* XDTLS: the requested message ought to be found, otherwise error */ + memset(seq64be, 0, sizeof(seq64be)); + seq64be[6] = (unsigned char)(seq >> 8); + seq64be[7] = (unsigned char)seq; + + item = pqueue_find(s->d1->sent_messages, seq64be); + if (item == NULL) { +#ifdef DEBUG + fprintf(stderr, "retransmit: message %d non-existent\n", seq); +#endif + *found = 0; + return 0; + } + + *found = 1; + frag = (hm_fragment *)item->data; + + if (frag->msg_header.is_ccs) + header_length = DTLS1_CCS_HEADER_LENGTH; + else + header_length = DTLS1_HM_HEADER_LENGTH; + + memcpy(s->internal->init_buf->data, frag->fragment, + frag->msg_header.msg_len + header_length); + s->internal->init_num = frag->msg_header.msg_len + header_length; + + dtls1_set_message_header_int(s, frag->msg_header.type, + frag->msg_header.msg_len, frag->msg_header.seq, 0, + frag->msg_header.frag_len); + + /* save current state */ + saved_state.enc_write_ctx = s->internal->enc_write_ctx; + saved_state.write_hash = s->internal->write_hash; + saved_state.session = s->session; + saved_state.epoch = D1I(s)->w_epoch; + + D1I(s)->retransmitting = 1; + + /* restore state in which the message was originally sent */ + s->internal->enc_write_ctx = frag->msg_header.saved_retransmit_state.enc_write_ctx; + s->internal->write_hash = frag->msg_header.saved_retransmit_state.write_hash; + s->session = frag->msg_header.saved_retransmit_state.session; + D1I(s)->w_epoch = frag->msg_header.saved_retransmit_state.epoch; + + if (frag->msg_header.saved_retransmit_state.epoch == + saved_state.epoch - 1) { + memcpy(save_write_sequence, S3I(s)->write_sequence, + sizeof(S3I(s)->write_sequence)); + memcpy(S3I(s)->write_sequence, D1I(s)->last_write_sequence, + sizeof(S3I(s)->write_sequence)); + } + + ret = dtls1_do_write(s, frag->msg_header.is_ccs ? + SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE); + + /* restore current state */ + s->internal->enc_write_ctx = saved_state.enc_write_ctx; + s->internal->write_hash = saved_state.write_hash; + s->session = saved_state.session; + D1I(s)->w_epoch = saved_state.epoch; + + if (frag->msg_header.saved_retransmit_state.epoch == + saved_state.epoch - 1) { + memcpy(D1I(s)->last_write_sequence, S3I(s)->write_sequence, + sizeof(S3I(s)->write_sequence)); + memcpy(S3I(s)->write_sequence, save_write_sequence, + sizeof(S3I(s)->write_sequence)); + } + + D1I(s)->retransmitting = 0; + + (void)BIO_flush(SSL_get_wbio(s)); + return ret; +} + +/* call this function when the buffered messages are no longer needed */ +void +dtls1_clear_record_buffer(SSL *s) +{ + pitem *item; + + for(item = pqueue_pop(s->d1->sent_messages); item != NULL; + item = pqueue_pop(s->d1->sent_messages)) { + dtls1_hm_fragment_free((hm_fragment *)item->data); + pitem_free(item); + } +} + +void +dtls1_set_message_header(SSL *s, unsigned char mt, unsigned long len, + unsigned long frag_off, unsigned long frag_len) +{ + /* Don't change sequence numbers while listening */ + if (frag_off == 0 && !D1I(s)->listen) { + D1I(s)->handshake_write_seq = D1I(s)->next_handshake_write_seq; + D1I(s)->next_handshake_write_seq++; + } + + dtls1_set_message_header_int(s, mt, len, D1I(s)->handshake_write_seq, + frag_off, frag_len); +} + +/* don't actually do the writing, wait till the MTU has been retrieved */ +void +dtls1_set_message_header_int(SSL *s, unsigned char mt, unsigned long len, + unsigned short seq_num, unsigned long frag_off, unsigned long frag_len) +{ + struct hm_header_st *msg_hdr = &D1I(s)->w_msg_hdr; + + msg_hdr->type = mt; + msg_hdr->msg_len = len; + msg_hdr->seq = seq_num; + msg_hdr->frag_off = frag_off; + msg_hdr->frag_len = frag_len; +} + +static void +dtls1_fix_message_header(SSL *s, unsigned long frag_off, unsigned long frag_len) +{ + struct hm_header_st *msg_hdr = &D1I(s)->w_msg_hdr; + + msg_hdr->frag_off = frag_off; + msg_hdr->frag_len = frag_len; +} + +static int +dtls1_write_message_header(const struct hm_header_st *msg_hdr, + unsigned long frag_off, unsigned long frag_len, unsigned char *p) +{ + CBB cbb; + + /* We assume DTLS1_HM_HEADER_LENGTH bytes are available for now... */ + if (!CBB_init_fixed(&cbb, p, DTLS1_HM_HEADER_LENGTH)) + return 0; + if (!CBB_add_u8(&cbb, msg_hdr->type)) + goto err; + if (!CBB_add_u24(&cbb, msg_hdr->msg_len)) + goto err; + if (!CBB_add_u16(&cbb, msg_hdr->seq)) + goto err; + if (!CBB_add_u24(&cbb, frag_off)) + goto err; + if (!CBB_add_u24(&cbb, frag_len)) + goto err; + if (!CBB_finish(&cbb, NULL, NULL)) + goto err; + + return 1; + + err: + CBB_cleanup(&cbb); + return 0; +} + +unsigned int +dtls1_min_mtu(void) +{ + return (g_probable_mtu[(sizeof(g_probable_mtu) / + sizeof(g_probable_mtu[0])) - 1]); +} + +static unsigned int +dtls1_guess_mtu(unsigned int curr_mtu) +{ + unsigned int i; + + if (curr_mtu == 0) + return g_probable_mtu[0]; + + for (i = 0; i < sizeof(g_probable_mtu) / sizeof(g_probable_mtu[0]); i++) + if (curr_mtu > g_probable_mtu[i]) + return g_probable_mtu[i]; + + return curr_mtu; +} + +int +dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr) +{ + CBS header; + uint32_t msg_len, frag_off, frag_len; + uint16_t seq; + uint8_t type; + + CBS_init(&header, data, sizeof(*msg_hdr)); + + memset(msg_hdr, 0, sizeof(*msg_hdr)); + + if (!CBS_get_u8(&header, &type)) + return 0; + if (!CBS_get_u24(&header, &msg_len)) + return 0; + if (!CBS_get_u16(&header, &seq)) + return 0; + if (!CBS_get_u24(&header, &frag_off)) + return 0; + if (!CBS_get_u24(&header, &frag_len)) + return 0; + + msg_hdr->type = type; + msg_hdr->msg_len = msg_len; + msg_hdr->seq = seq; + msg_hdr->frag_off = frag_off; + msg_hdr->frag_len = frag_len; + + return 1; +} + +void +dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr) +{ + memset(ccs_hdr, 0x00, sizeof(struct ccs_header_st)); + + ccs_hdr->type = *(data++); +} diff --git a/src/lib/libssl/d1_clnt.c b/src/lib/libssl/d1_clnt.c new file mode 100644 index 00000000000..ee21a1bebc3 --- /dev/null +++ b/src/lib/libssl/d1_clnt.c @@ -0,0 +1,185 @@ +/* $OpenBSD: d1_clnt.c,v 1.82 2018/11/05 05:45:15 jsing Exp $ */ +/* + * DTLS implementation written by Nagendra Modadugu + * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. + */ +/* ==================================================================== + * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include +#include + +#include "ssl_locl.h" + +#include +#include +#include +#include +#include +#include + +#include "bytestring.h" + +int +dtls1_get_hello_verify(SSL *s) +{ + long n; + int al, ok = 0; + size_t cookie_len; + uint16_t ssl_version; + CBS hello_verify_request, cookie; + + n = s->method->internal->ssl_get_message(s, DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A, + DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B, -1, s->internal->max_cert_list, &ok); + + if (!ok) + return ((int)n); + + if (S3I(s)->tmp.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) { + D1I(s)->send_cookie = 0; + S3I(s)->tmp.reuse_message = 1; + return (1); + } + + if (n < 0) + goto truncated; + + CBS_init(&hello_verify_request, s->internal->init_msg, n); + + if (!CBS_get_u16(&hello_verify_request, &ssl_version)) + goto truncated; + + if (ssl_version != s->version) { + SSLerror(s, SSL_R_WRONG_SSL_VERSION); + s->version = (s->version & 0xff00) | (ssl_version & 0xff); + al = SSL_AD_PROTOCOL_VERSION; + goto f_err; + } + + if (!CBS_get_u8_length_prefixed(&hello_verify_request, &cookie)) + goto truncated; + + if (!CBS_write_bytes(&cookie, D1I(s)->cookie, + sizeof(D1I(s)->cookie), &cookie_len)) { + D1I(s)->cookie_len = 0; + al = SSL_AD_ILLEGAL_PARAMETER; + goto f_err; + } + D1I(s)->cookie_len = cookie_len; + D1I(s)->send_cookie = 1; + + return 1; + +truncated: + al = SSL_AD_DECODE_ERROR; +f_err: + ssl3_send_alert(s, SSL3_AL_FATAL, al); + return -1; +} diff --git a/src/lib/libssl/d1_enc.c b/src/lib/libssl/d1_enc.c new file mode 100644 index 00000000000..20686d29631 --- /dev/null +++ b/src/lib/libssl/d1_enc.c @@ -0,0 +1,212 @@ +/* $OpenBSD: d1_enc.c,v 1.14 2017/01/23 08:08:06 beck Exp $ */ +/* + * DTLS implementation written by Nagendra Modadugu + * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. + */ +/* ==================================================================== + * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include + +#include "ssl_locl.h" + +#include +#include +#include + +/* dtls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively. + * + * Returns: + * 0: (in non-constant time) if the record is publically invalid (i.e. too + * short etc). + * 1: if the record's padding is valid / the encryption was successful. + * -1: if the record's padding/AEAD-authenticator is invalid or, if sending, + * an internal error occured. */ +int +dtls1_enc(SSL *s, int send) +{ + SSL3_RECORD *rec; + EVP_CIPHER_CTX *ds; + unsigned long l; + int bs, i, j, k, mac_size = 0; + const EVP_CIPHER *enc; + + if (send) { + if (EVP_MD_CTX_md(s->internal->write_hash)) { + mac_size = EVP_MD_CTX_size(s->internal->write_hash); + if (mac_size < 0) + return -1; + } + ds = s->internal->enc_write_ctx; + rec = &(S3I(s)->wrec); + if (s->internal->enc_write_ctx == NULL) + enc = NULL; + else { + enc = EVP_CIPHER_CTX_cipher(s->internal->enc_write_ctx); + if (rec->data != rec->input) { +#ifdef DEBUG + /* we can't write into the input stream */ + fprintf(stderr, "%s:%d: rec->data != rec->input\n", + __FILE__, __LINE__); +#endif + } else if (EVP_CIPHER_block_size(ds->cipher) > 1) { + arc4random_buf(rec->input, + EVP_CIPHER_block_size(ds->cipher)); + } + } + } else { + if (EVP_MD_CTX_md(s->read_hash)) { + mac_size = EVP_MD_CTX_size(s->read_hash); + OPENSSL_assert(mac_size >= 0); + } + ds = s->enc_read_ctx; + rec = &(S3I(s)->rrec); + if (s->enc_read_ctx == NULL) + enc = NULL; + else + enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx); + } + + + if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) { + memmove(rec->data, rec->input, rec->length); + rec->input = rec->data; + } else { + l = rec->length; + bs = EVP_CIPHER_block_size(ds->cipher); + + if ((bs != 1) && send) { + i = bs - ((int)l % bs); + + /* Add weird padding of upto 256 bytes */ + + /* we need to add 'i' padding bytes of value j */ + j = i - 1; + for (k = (int)l; k < (int)(l + i); k++) + rec->input[k] = j; + l += i; + rec->length += i; + } + + + if (!send) { + if (l == 0 || l % bs != 0) + return 0; + } + + EVP_Cipher(ds, rec->data, rec->input, l); + + + if ((bs != 1) && !send) + return tls1_cbc_remove_padding(s, rec, bs, mac_size); + } + return (1); +} + diff --git a/src/lib/libssl/d1_lib.c b/src/lib/libssl/d1_lib.c new file mode 100644 index 00000000000..7e919a6c9bb --- /dev/null +++ b/src/lib/libssl/d1_lib.c @@ -0,0 +1,465 @@ +/* $OpenBSD: d1_lib.c,v 1.42 2017/04/10 17:27:33 jsing Exp $ */ +/* + * DTLS implementation written by Nagendra Modadugu + * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. + */ +/* ==================================================================== + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include +#include + +#include + +#include + +#include + +#include "pqueue.h" +#include "ssl_locl.h" + +static int dtls1_listen(SSL *s, struct sockaddr *client); + +SSL3_ENC_METHOD DTLSv1_enc_data = { + .enc = dtls1_enc, + .enc_flags = SSL_ENC_FLAG_EXPLICIT_IV, +}; + +long +dtls1_default_timeout(void) +{ + /* 2 hours, the 24 hours mentioned in the DTLSv1 spec + * is way too long for http, the cache would over fill */ + return (60*60*2); +} + +int +dtls1_new(SSL *s) +{ + DTLS1_STATE *d1; + + if (!ssl3_new(s)) + return (0); + if ((d1 = calloc(1, sizeof(*d1))) == NULL) { + ssl3_free(s); + return (0); + } + if ((d1->internal = calloc(1, sizeof(*d1->internal))) == NULL) { + free(d1); + ssl3_free(s); + return (0); + } + + /* d1->handshake_epoch=0; */ + + d1->internal->unprocessed_rcds.q = pqueue_new(); + d1->internal->processed_rcds.q = pqueue_new(); + d1->internal->buffered_messages = pqueue_new(); + d1->sent_messages = pqueue_new(); + d1->internal->buffered_app_data.q = pqueue_new(); + + if (s->server) { + d1->internal->cookie_len = sizeof(D1I(s)->cookie); + } + + if (!d1->internal->unprocessed_rcds.q || !d1->internal->processed_rcds.q || + !d1->internal->buffered_messages || !d1->sent_messages || + !d1->internal->buffered_app_data.q) { + pqueue_free(d1->internal->unprocessed_rcds.q); + pqueue_free(d1->internal->processed_rcds.q); + pqueue_free(d1->internal->buffered_messages); + pqueue_free(d1->sent_messages); + pqueue_free(d1->internal->buffered_app_data.q); + free(d1); + ssl3_free(s); + return (0); + } + + s->d1 = d1; + s->method->internal->ssl_clear(s); + return (1); +} + +static void +dtls1_clear_queues(SSL *s) +{ + pitem *item = NULL; + hm_fragment *frag = NULL; + DTLS1_RECORD_DATA *rdata; + + while ((item = pqueue_pop(D1I(s)->unprocessed_rcds.q)) != NULL) { + rdata = (DTLS1_RECORD_DATA *) item->data; + free(rdata->rbuf.buf); + free(item->data); + pitem_free(item); + } + + while ((item = pqueue_pop(D1I(s)->processed_rcds.q)) != NULL) { + rdata = (DTLS1_RECORD_DATA *) item->data; + free(rdata->rbuf.buf); + free(item->data); + pitem_free(item); + } + + while ((item = pqueue_pop(D1I(s)->buffered_messages)) != NULL) { + frag = (hm_fragment *)item->data; + free(frag->fragment); + free(frag); + pitem_free(item); + } + + while ((item = pqueue_pop(s->d1->sent_messages)) != NULL) { + frag = (hm_fragment *)item->data; + free(frag->fragment); + free(frag); + pitem_free(item); + } + + while ((item = pqueue_pop(D1I(s)->buffered_app_data.q)) != NULL) { + rdata = (DTLS1_RECORD_DATA *) item->data; + free(rdata->rbuf.buf); + free(item->data); + pitem_free(item); + } +} + +void +dtls1_free(SSL *s) +{ + if (s == NULL) + return; + + ssl3_free(s); + + dtls1_clear_queues(s); + + pqueue_free(D1I(s)->unprocessed_rcds.q); + pqueue_free(D1I(s)->processed_rcds.q); + pqueue_free(D1I(s)->buffered_messages); + pqueue_free(s->d1->sent_messages); + pqueue_free(D1I(s)->buffered_app_data.q); + + freezero(s->d1->internal, sizeof(*s->d1->internal)); + freezero(s->d1, sizeof(*s->d1)); + + s->d1 = NULL; +} + +void +dtls1_clear(SSL *s) +{ + struct dtls1_state_internal_st *internal; + pqueue unprocessed_rcds; + pqueue processed_rcds; + pqueue buffered_messages; + pqueue sent_messages; + pqueue buffered_app_data; + unsigned int mtu; + + if (s->d1) { + unprocessed_rcds = D1I(s)->unprocessed_rcds.q; + processed_rcds = D1I(s)->processed_rcds.q; + buffered_messages = D1I(s)->buffered_messages; + sent_messages = s->d1->sent_messages; + buffered_app_data = D1I(s)->buffered_app_data.q; + mtu = D1I(s)->mtu; + + dtls1_clear_queues(s); + + memset(s->d1->internal, 0, sizeof(*s->d1->internal)); + internal = s->d1->internal; + memset(s->d1, 0, sizeof(*s->d1)); + s->d1->internal = internal; + + if (s->server) { + D1I(s)->cookie_len = sizeof(D1I(s)->cookie); + } + + if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU) { + D1I(s)->mtu = mtu; + } + + D1I(s)->unprocessed_rcds.q = unprocessed_rcds; + D1I(s)->processed_rcds.q = processed_rcds; + D1I(s)->buffered_messages = buffered_messages; + s->d1->sent_messages = sent_messages; + D1I(s)->buffered_app_data.q = buffered_app_data; + } + + ssl3_clear(s); + + s->version = DTLS1_VERSION; +} + +long +dtls1_ctrl(SSL *s, int cmd, long larg, void *parg) +{ + int ret = 0; + + switch (cmd) { + case DTLS_CTRL_GET_TIMEOUT: + if (dtls1_get_timeout(s, (struct timeval*) parg) != NULL) { + ret = 1; + } + break; + case DTLS_CTRL_HANDLE_TIMEOUT: + ret = dtls1_handle_timeout(s); + break; + case DTLS_CTRL_LISTEN: + ret = dtls1_listen(s, parg); + break; + + default: + ret = ssl3_ctrl(s, cmd, larg, parg); + break; + } + return (ret); +} + +/* + * As it's impossible to use stream ciphers in "datagram" mode, this + * simple filter is designed to disengage them in DTLS. Unfortunately + * there is no universal way to identify stream SSL_CIPHER, so we have + * to explicitly list their SSL_* codes. Currently RC4 is the only one + * available, but if new ones emerge, they will have to be added... + */ +const SSL_CIPHER * +dtls1_get_cipher(unsigned int u) +{ + const SSL_CIPHER *ciph = ssl3_get_cipher(u); + + if (ciph != NULL) { + if (ciph->algorithm_enc == SSL_RC4) + return NULL; + } + + return ciph; +} + +void +dtls1_start_timer(SSL *s) +{ + + /* If timer is not set, initialize duration with 1 second */ + if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) { + s->d1->timeout_duration = 1; + } + + /* Set timeout to current time */ + gettimeofday(&(s->d1->next_timeout), NULL); + + /* Add duration to current time */ + s->d1->next_timeout.tv_sec += s->d1->timeout_duration; + BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, + &s->d1->next_timeout); +} + +struct timeval* +dtls1_get_timeout(SSL *s, struct timeval* timeleft) +{ + struct timeval timenow; + + /* If no timeout is set, just return NULL */ + if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) { + return NULL; + } + + /* Get current time */ + gettimeofday(&timenow, NULL); + + /* If timer already expired, set remaining time to 0 */ + if (s->d1->next_timeout.tv_sec < timenow.tv_sec || + (s->d1->next_timeout.tv_sec == timenow.tv_sec && + s->d1->next_timeout.tv_usec <= timenow.tv_usec)) { + memset(timeleft, 0, sizeof(struct timeval)); + return timeleft; + } + + /* Calculate time left until timer expires */ + memcpy(timeleft, &(s->d1->next_timeout), sizeof(struct timeval)); + timeleft->tv_sec -= timenow.tv_sec; + timeleft->tv_usec -= timenow.tv_usec; + if (timeleft->tv_usec < 0) { + timeleft->tv_sec--; + timeleft->tv_usec += 1000000; + } + + /* If remaining time is less than 15 ms, set it to 0 + * to prevent issues because of small devergences with + * socket timeouts. + */ + if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000) { + memset(timeleft, 0, sizeof(struct timeval)); + } + + + return timeleft; +} + +int +dtls1_is_timer_expired(SSL *s) +{ + struct timeval timeleft; + + /* Get time left until timeout, return false if no timer running */ + if (dtls1_get_timeout(s, &timeleft) == NULL) { + return 0; + } + + /* Return false if timer is not expired yet */ + if (timeleft.tv_sec > 0 || timeleft.tv_usec > 0) { + return 0; + } + + /* Timer expired, so return true */ + return 1; +} + +void +dtls1_double_timeout(SSL *s) +{ + s->d1->timeout_duration *= 2; + if (s->d1->timeout_duration > 60) + s->d1->timeout_duration = 60; + dtls1_start_timer(s); +} + +void +dtls1_stop_timer(SSL *s) +{ + /* Reset everything */ + memset(&(D1I(s)->timeout), 0, sizeof(struct dtls1_timeout_st)); + memset(&(s->d1->next_timeout), 0, sizeof(struct timeval)); + s->d1->timeout_duration = 1; + BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, + &(s->d1->next_timeout)); + /* Clear retransmission buffer */ + dtls1_clear_record_buffer(s); +} + +int +dtls1_check_timeout_num(SSL *s) +{ + D1I(s)->timeout.num_alerts++; + + /* Reduce MTU after 2 unsuccessful retransmissions */ + if (D1I(s)->timeout.num_alerts > 2) { + D1I(s)->mtu = BIO_ctrl(SSL_get_wbio(s), + BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL); + + } + + if (D1I(s)->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) { + /* fail the connection, enough alerts have been sent */ + SSLerror(s, SSL_R_READ_TIMEOUT_EXPIRED); + return -1; + } + + return 0; +} + +int +dtls1_handle_timeout(SSL *s) +{ + /* if no timer is expired, don't do anything */ + if (!dtls1_is_timer_expired(s)) { + return 0; + } + + dtls1_double_timeout(s); + + if (dtls1_check_timeout_num(s) < 0) + return -1; + + D1I(s)->timeout.read_timeouts++; + if (D1I(s)->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) { + D1I(s)->timeout.read_timeouts = 1; + } + + dtls1_start_timer(s); + return dtls1_retransmit_buffered_messages(s); +} + +int +dtls1_listen(SSL *s, struct sockaddr *client) +{ + int ret; + + /* Ensure there is no state left over from a previous invocation */ + SSL_clear(s); + + SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE); + D1I(s)->listen = 1; + + ret = SSL_accept(s); + if (ret <= 0) + return ret; + + (void)BIO_dgram_get_peer(SSL_get_rbio(s), client); + return 1; +} + +void +dtls1_build_sequence_number(unsigned char *dst, unsigned char *seq, + unsigned short epoch) +{ + unsigned char dtlsseq[SSL3_SEQUENCE_SIZE]; + unsigned char *p; + + p = dtlsseq; + s2n(epoch, p); + memcpy(p, &seq[2], SSL3_SEQUENCE_SIZE - 2); + memcpy(dst, dtlsseq, SSL3_SEQUENCE_SIZE); +} diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c new file mode 100644 index 00000000000..b406b62536e --- /dev/null +++ b/src/lib/libssl/d1_pkt.c @@ -0,0 +1,1455 @@ +/* $OpenBSD: d1_pkt.c,v 1.66 2018/12/03 17:16:12 tb Exp $ */ +/* + * DTLS implementation written by Nagendra Modadugu + * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. + */ +/* ==================================================================== + * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include + +#include +#include + +#include "ssl_locl.h" + +#include +#include + +#include "pqueue.h" +#include "bytestring.h" + +static int do_dtls1_write(SSL *s, int type, const unsigned char *buf, + unsigned int len); + + +/* mod 128 saturating subtract of two 64-bit values in big-endian order */ +static int +satsub64be(const unsigned char *v1, const unsigned char *v2) +{ + int ret, sat, brw, i; + + if (sizeof(long) == 8) + do { + long l; + + if (BYTE_ORDER == LITTLE_ENDIAN) + break; + /* not reached on little-endians */ + /* following test is redundant, because input is + * always aligned, but I take no chances... */ + if (((size_t)v1 | (size_t)v2) & 0x7) + break; + + l = *((long *)v1); + l -= *((long *)v2); + if (l > 128) + return 128; + else if (l<-128) + return -128; + else + return (int)l; + } while (0); + + ret = (int)v1[7] - (int)v2[7]; + sat = 0; + brw = ret >> 8; /* brw is either 0 or -1 */ + if (ret & 0x80) { + for (i = 6; i >= 0; i--) { + brw += (int)v1[i]-(int)v2[i]; + sat |= ~brw; + brw >>= 8; + } + } else { + for (i = 6; i >= 0; i--) { + brw += (int)v1[i]-(int)v2[i]; + sat |= brw; + brw >>= 8; + } + } + brw <<= 8; /* brw is either 0 or -256 */ + + if (sat & 0xff) + return brw | 0x80; + else + return brw + (ret & 0xFF); +} + +static int have_handshake_fragment(SSL *s, int type, unsigned char *buf, + int len, int peek); +static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap); +static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap); +static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, + unsigned int *is_next_epoch); +static int dtls1_buffer_record(SSL *s, record_pqueue *q, + unsigned char *priority); +static int dtls1_process_record(SSL *s); + +/* copy buffered record into SSL structure */ +static int +dtls1_copy_record(SSL *s, pitem *item) +{ + DTLS1_RECORD_DATA *rdata; + + rdata = (DTLS1_RECORD_DATA *)item->data; + + free(S3I(s)->rbuf.buf); + + s->internal->packet = rdata->packet; + s->internal->packet_length = rdata->packet_length; + memcpy(&(S3I(s)->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER)); + memcpy(&(S3I(s)->rrec), &(rdata->rrec), sizeof(SSL3_RECORD)); + + /* Set proper sequence number for mac calculation */ + memcpy(&(S3I(s)->read_sequence[2]), &(rdata->packet[5]), 6); + + return (1); +} + + +static int +dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) +{ + DTLS1_RECORD_DATA *rdata; + pitem *item; + + /* Limit the size of the queue to prevent DOS attacks */ + if (pqueue_size(queue->q) >= 100) + return 0; + + rdata = malloc(sizeof(DTLS1_RECORD_DATA)); + item = pitem_new(priority, rdata); + if (rdata == NULL || item == NULL) + goto init_err; + + rdata->packet = s->internal->packet; + rdata->packet_length = s->internal->packet_length; + memcpy(&(rdata->rbuf), &(S3I(s)->rbuf), sizeof(SSL3_BUFFER)); + memcpy(&(rdata->rrec), &(S3I(s)->rrec), sizeof(SSL3_RECORD)); + + item->data = rdata; + + + s->internal->packet = NULL; + s->internal->packet_length = 0; + memset(&(S3I(s)->rbuf), 0, sizeof(SSL3_BUFFER)); + memset(&(S3I(s)->rrec), 0, sizeof(SSL3_RECORD)); + + if (!ssl3_setup_buffers(s)) + goto err; + + /* insert should not fail, since duplicates are dropped */ + if (pqueue_insert(queue->q, item) == NULL) + goto err; + + return (1); + +err: + free(rdata->rbuf.buf); + +init_err: + SSLerror(s, ERR_R_INTERNAL_ERROR); + free(rdata); + pitem_free(item); + return (-1); +} + + +static int +dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue) +{ + pitem *item; + + item = pqueue_pop(queue->q); + if (item) { + dtls1_copy_record(s, item); + + free(item->data); + pitem_free(item); + + return (1); + } + + return (0); +} + + +/* retrieve a buffered record that belongs to the new epoch, i.e., not processed + * yet */ +#define dtls1_get_unprocessed_record(s) \ + dtls1_retrieve_buffered_record((s), \ + &((D1I(s))->unprocessed_rcds)) + +/* retrieve a buffered record that belongs to the current epoch, ie, processed */ +#define dtls1_get_processed_record(s) \ + dtls1_retrieve_buffered_record((s), \ + &((D1I(s))->processed_rcds)) + +static int +dtls1_process_buffered_records(SSL *s) +{ + pitem *item; + + item = pqueue_peek(D1I(s)->unprocessed_rcds.q); + if (item) { + /* Check if epoch is current. */ + if (D1I(s)->unprocessed_rcds.epoch != D1I(s)->r_epoch) + return (1); + /* Nothing to do. */ + + /* Process all the records. */ + while (pqueue_peek(D1I(s)->unprocessed_rcds.q)) { + dtls1_get_unprocessed_record(s); + if (! dtls1_process_record(s)) + return (0); + if (dtls1_buffer_record(s, &(D1I(s)->processed_rcds), + S3I(s)->rrec.seq_num) < 0) + return (-1); + } + } + + /* sync epoch numbers once all the unprocessed records + * have been processed */ + D1I(s)->processed_rcds.epoch = D1I(s)->r_epoch; + D1I(s)->unprocessed_rcds.epoch = D1I(s)->r_epoch + 1; + + return (1); +} + +static int +dtls1_process_record(SSL *s) +{ + int i, al; + int enc_err; + SSL_SESSION *sess; + SSL3_RECORD *rr; + unsigned int mac_size, orig_len; + unsigned char md[EVP_MAX_MD_SIZE]; + + rr = &(S3I(s)->rrec); + sess = s->session; + + /* At this point, s->internal->packet_length == SSL3_RT_HEADER_LNGTH + rr->length, + * and we have that many bytes in s->internal->packet + */ + rr->input = &(s->internal->packet[DTLS1_RT_HEADER_LENGTH]); + + /* ok, we can now read from 's->internal->packet' data into 'rr' + * rr->input points at rr->length bytes, which + * need to be copied into rr->data by either + * the decryption or by the decompression + * When the data is 'copied' into the rr->data buffer, + * rr->input will be pointed at the new buffer */ + + /* We now have - encrypted [ MAC [ compressed [ plain ] ] ] + * rr->length bytes of encrypted compressed stuff. */ + + /* check is not needed I believe */ + if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) { + al = SSL_AD_RECORD_OVERFLOW; + SSLerror(s, SSL_R_ENCRYPTED_LENGTH_TOO_LONG); + goto f_err; + } + + /* decrypt in place in 'rr->input' */ + rr->data = rr->input; + + enc_err = s->method->internal->ssl3_enc->enc(s, 0); + /* enc_err is: + * 0: (in non-constant time) if the record is publically invalid. + * 1: if the padding is valid + * -1: if the padding is invalid */ + if (enc_err == 0) { + /* For DTLS we simply ignore bad packets. */ + rr->length = 0; + s->internal->packet_length = 0; + goto err; + } + + + /* r->length is now the compressed data plus mac */ + if ((sess != NULL) && (s->enc_read_ctx != NULL) && + (EVP_MD_CTX_md(s->read_hash) != NULL)) { + /* s->read_hash != NULL => mac_size != -1 */ + unsigned char *mac = NULL; + unsigned char mac_tmp[EVP_MAX_MD_SIZE]; + mac_size = EVP_MD_CTX_size(s->read_hash); + OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE); + + /* kludge: *_cbc_remove_padding passes padding length in rr->type */ + orig_len = rr->length + ((unsigned int)rr->type >> 8); + + /* orig_len is the length of the record before any padding was + * removed. This is public information, as is the MAC in use, + * therefore we can safely process the record in a different + * amount of time if it's too short to possibly contain a MAC. + */ + if (orig_len < mac_size || + /* CBC records must have a padding length byte too. */ + (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE && + orig_len < mac_size + 1)) { + al = SSL_AD_DECODE_ERROR; + SSLerror(s, SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } + + if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) { + /* We update the length so that the TLS header bytes + * can be constructed correctly but we need to extract + * the MAC in constant time from within the record, + * without leaking the contents of the padding bytes. + * */ + mac = mac_tmp; + ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len); + rr->length -= mac_size; + } else { + /* In this case there's no padding, so |orig_len| + * equals |rec->length| and we checked that there's + * enough bytes for |mac_size| above. */ + rr->length -= mac_size; + mac = &rr->data[rr->length]; + } + + i = tls1_mac(s, md, 0 /* not send */); + if (i < 0 || mac == NULL || timingsafe_memcmp(md, mac, (size_t)mac_size) != 0) + enc_err = -1; + if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size) + enc_err = -1; + } + + if (enc_err < 0) { + /* decryption failed, silently discard message */ + rr->length = 0; + s->internal->packet_length = 0; + goto err; + } + + if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH) { + al = SSL_AD_RECORD_OVERFLOW; + SSLerror(s, SSL_R_DATA_LENGTH_TOO_LONG); + goto f_err; + } + + rr->off = 0; + /* So at this point the following is true + * ssl->s3->internal->rrec.type is the type of record + * ssl->s3->internal->rrec.length == number of bytes in record + * ssl->s3->internal->rrec.off == offset to first valid byte + * ssl->s3->internal->rrec.data == where to take bytes from, increment + * after use :-). + */ + + /* we have pulled in a full packet so zero things */ + s->internal->packet_length = 0; + return (1); + +f_err: + ssl3_send_alert(s, SSL3_AL_FATAL, al); +err: + return (0); +} + + +/* Call this to get a new input record. + * It will return <= 0 if more data is needed, normally due to an error + * or non-blocking IO. + * When it finishes, one packet has been decoded and can be found in + * ssl->s3->internal->rrec.type - is the type of record + * ssl->s3->internal->rrec.data, - data + * ssl->s3->internal->rrec.length, - number of bytes + */ +/* used only by dtls1_read_bytes */ +int +dtls1_get_record(SSL *s) +{ + SSL3_RECORD *rr; + unsigned char *p = NULL; + DTLS1_BITMAP *bitmap; + unsigned int is_next_epoch; + int n; + + rr = &(S3I(s)->rrec); + + /* The epoch may have changed. If so, process all the + * pending records. This is a non-blocking operation. */ + if (dtls1_process_buffered_records(s) < 0) + return (-1); + + /* if we're renegotiating, then there may be buffered records */ + if (dtls1_get_processed_record(s)) + return 1; + + /* get something from the wire */ + if (0) { +again: + /* dump this record on all retries */ + rr->length = 0; + s->internal->packet_length = 0; + } + + /* check if we have the header */ + if ((s->internal->rstate != SSL_ST_READ_BODY) || + (s->internal->packet_length < DTLS1_RT_HEADER_LENGTH)) { + CBS header, seq_no; + uint16_t epoch, len, ssl_version; + uint8_t type; + + n = ssl3_packet_read(s, DTLS1_RT_HEADER_LENGTH); + if (n <= 0) + return (n); + + /* If this packet contained a partial record, dump it. */ + if (n != DTLS1_RT_HEADER_LENGTH) + goto again; + + s->internal->rstate = SSL_ST_READ_BODY; + + CBS_init(&header, s->internal->packet, s->internal->packet_length); + + /* Pull apart the header into the DTLS1_RECORD */ + if (!CBS_get_u8(&header, &type)) + goto again; + if (!CBS_get_u16(&header, &ssl_version)) + goto again; + + /* sequence number is 64 bits, with top 2 bytes = epoch */ + if (!CBS_get_u16(&header, &epoch) || + !CBS_get_bytes(&header, &seq_no, 6)) + goto again; + + if (!CBS_write_bytes(&seq_no, &(S3I(s)->read_sequence[2]), + sizeof(S3I(s)->read_sequence) - 2, NULL)) + goto again; + if (!CBS_get_u16(&header, &len)) + goto again; + + rr->type = type; + rr->epoch = epoch; + rr->length = len; + + /* unexpected version, silently discard */ + if (!s->internal->first_packet && ssl_version != s->version) + goto again; + + /* wrong version, silently discard record */ + if ((ssl_version & 0xff00) != (s->version & 0xff00)) + goto again; + + /* record too long, silently discard it */ + if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) + goto again; + + /* now s->internal->rstate == SSL_ST_READ_BODY */ + p = (unsigned char *)CBS_data(&header); + } + + /* s->internal->rstate == SSL_ST_READ_BODY, get and decode the data */ + + n = ssl3_packet_extend(s, DTLS1_RT_HEADER_LENGTH + rr->length); + if (n <= 0) + return (n); + + /* If this packet contained a partial record, dump it. */ + if (n != DTLS1_RT_HEADER_LENGTH + rr->length) + goto again; + + s->internal->rstate = SSL_ST_READ_HEADER; /* set state for later operations */ + + /* match epochs. NULL means the packet is dropped on the floor */ + bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch); + if (bitmap == NULL) + goto again; + + /* + * Check whether this is a repeat, or aged record. + * Don't check if we're listening and this message is + * a ClientHello. They can look as if they're replayed, + * since they arrive from different connections and + * would be dropped unnecessarily. + */ + if (!(D1I(s)->listen && rr->type == SSL3_RT_HANDSHAKE && + p != NULL && *p == SSL3_MT_CLIENT_HELLO) && + !dtls1_record_replay_check(s, bitmap)) + goto again; + + /* just read a 0 length packet */ + if (rr->length == 0) + goto again; + + /* If this record is from the next epoch (either HM or ALERT), + * and a handshake is currently in progress, buffer it since it + * cannot be processed at this time. However, do not buffer + * anything while listening. + */ + if (is_next_epoch) { + if ((SSL_in_init(s) || s->internal->in_handshake) && !D1I(s)->listen) { + if (dtls1_buffer_record(s, &(D1I(s)->unprocessed_rcds), + rr->seq_num) < 0) + return (-1); + /* Mark receipt of record. */ + dtls1_record_bitmap_update(s, bitmap); + } + goto again; + } + + if (!dtls1_process_record(s)) + goto again; + + /* Mark receipt of record. */ + dtls1_record_bitmap_update(s, bitmap); + + return (1); +} + +/* Return up to 'len' payload bytes received in 'type' records. + * 'type' is one of the following: + * + * - SSL3_RT_HANDSHAKE (when ssl3_get_message calls us) + * - SSL3_RT_APPLICATION_DATA (when ssl3_read calls us) + * - 0 (during a shutdown, no data has to be returned) + * + * If we don't have stored data to work from, read a SSL/TLS record first + * (possibly multiple records if we still don't have anything to return). + * + * This function must handle any surprises the peer may have for us, such as + * Alert records (e.g. close_notify), ChangeCipherSpec records (not really + * a surprise, but handled as if it were), or renegotiation requests. + * Also if record payloads contain fragments too small to process, we store + * them until there is enough for the respective protocol (the record protocol + * may use arbitrary fragmentation and even interleaving): + * Change cipher spec protocol + * just 1 byte needed, no need for keeping anything stored + * Alert protocol + * 2 bytes needed (AlertLevel, AlertDescription) + * Handshake protocol + * 4 bytes needed (HandshakeType, uint24 length) -- we just have + * to detect unexpected Client Hello and Hello Request messages + * here, anything else is handled by higher layers + * Application data protocol + * none of our business + */ +int +dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) +{ + int al, i, j, ret; + unsigned int n; + SSL3_RECORD *rr; + void (*cb)(const SSL *ssl, int type2, int val) = NULL; + + if (S3I(s)->rbuf.buf == NULL) /* Not initialized yet */ + if (!ssl3_setup_buffers(s)) + return (-1); + + if ((type && + type != SSL3_RT_APPLICATION_DATA && type != SSL3_RT_HANDSHAKE) || + (peek && (type != SSL3_RT_APPLICATION_DATA))) { + SSLerror(s, ERR_R_INTERNAL_ERROR); + return -1; + } + + /* check whether there's a handshake message (client hello?) waiting */ + if ((ret = have_handshake_fragment(s, type, buf, len, peek))) + return ret; + + /* Now D1I(s)->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */ + + if (!s->internal->in_handshake && SSL_in_init(s)) + { + /* type == SSL3_RT_APPLICATION_DATA */ + i = s->internal->handshake_func(s); + if (i < 0) + return (i); + if (i == 0) { + SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE); + return (-1); + } + } + + start: + s->internal->rwstate = SSL_NOTHING; + + /* S3I(s)->rrec.type - is the type of record + * S3I(s)->rrec.data, - data + * S3I(s)->rrec.off, - offset into 'data' for next read + * S3I(s)->rrec.length, - number of bytes. */ + rr = &(S3I(s)->rrec); + + /* We are not handshaking and have no data yet, + * so process data buffered during the last handshake + * in advance, if any. + */ + if (S3I(s)->hs.state == SSL_ST_OK && rr->length == 0) { + pitem *item; + item = pqueue_pop(D1I(s)->buffered_app_data.q); + if (item) { + + dtls1_copy_record(s, item); + + free(item->data); + pitem_free(item); + } + } + + /* Check for timeout */ + if (dtls1_handle_timeout(s) > 0) + goto start; + + /* get new packet if necessary */ + if ((rr->length == 0) || (s->internal->rstate == SSL_ST_READ_BODY)) { + ret = dtls1_get_record(s); + if (ret <= 0) { + ret = dtls1_read_failed(s, ret); + /* anything other than a timeout is an error */ + if (ret <= 0) + return (ret); + else + goto start; + } + } + + if (D1I(s)->listen && rr->type != SSL3_RT_HANDSHAKE) { + rr->length = 0; + goto start; + } + + /* we now have a packet which can be read and processed */ + + if (S3I(s)->change_cipher_spec /* set when we receive ChangeCipherSpec, + * reset by ssl3_get_finished */ + && (rr->type != SSL3_RT_HANDSHAKE)) { + /* We now have application data between CCS and Finished. + * Most likely the packets were reordered on their way, so + * buffer the application data for later processing rather + * than dropping the connection. + */ + if (dtls1_buffer_record(s, &(D1I(s)->buffered_app_data), + rr->seq_num) < 0) { + SSLerror(s, ERR_R_INTERNAL_ERROR); + return (-1); + } + rr->length = 0; + goto start; + } + + /* If the other end has shut down, throw anything we read away + * (even in 'peek' mode) */ + if (s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) { + rr->length = 0; + s->internal->rwstate = SSL_NOTHING; + return (0); + } + + + if (type == rr->type) /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */ + { + /* make sure that we are not getting application data when we + * are doing a handshake for the first time */ + if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && + (s->enc_read_ctx == NULL)) { + al = SSL_AD_UNEXPECTED_MESSAGE; + SSLerror(s, SSL_R_APP_DATA_IN_HANDSHAKE); + goto f_err; + } + + if (len <= 0) + return (len); + + if ((unsigned int)len > rr->length) + n = rr->length; + else + n = (unsigned int)len; + + memcpy(buf, &(rr->data[rr->off]), n); + if (!peek) { + rr->length -= n; + rr->off += n; + if (rr->length == 0) { + s->internal->rstate = SSL_ST_READ_HEADER; + rr->off = 0; + } + } + + return (n); + } + + + /* If we get here, then type != rr->type; if we have a handshake + * message, then it was unexpected (Hello Request or Client Hello). */ + + /* In case of record types for which we have 'fragment' storage, + * fill that so that we can process the data at a fixed place. + */ + { + unsigned int k, dest_maxlen = 0; + unsigned char *dest = NULL; + unsigned int *dest_len = NULL; + + if (rr->type == SSL3_RT_HANDSHAKE) { + dest_maxlen = sizeof D1I(s)->handshake_fragment; + dest = D1I(s)->handshake_fragment; + dest_len = &D1I(s)->handshake_fragment_len; + } else if (rr->type == SSL3_RT_ALERT) { + dest_maxlen = sizeof(D1I(s)->alert_fragment); + dest = D1I(s)->alert_fragment; + dest_len = &D1I(s)->alert_fragment_len; + } + /* else it's a CCS message, or application data or wrong */ + else if (rr->type != SSL3_RT_CHANGE_CIPHER_SPEC) { + /* Application data while renegotiating + * is allowed. Try again reading. + */ + if (rr->type == SSL3_RT_APPLICATION_DATA) { + BIO *bio; + S3I(s)->in_read_app_data = 2; + bio = SSL_get_rbio(s); + s->internal->rwstate = SSL_READING; + BIO_clear_retry_flags(bio); + BIO_set_retry_read(bio); + return (-1); + } + + /* Not certain if this is the right error handling */ + al = SSL_AD_UNEXPECTED_MESSAGE; + SSLerror(s, SSL_R_UNEXPECTED_RECORD); + goto f_err; + } + + if (dest_maxlen > 0) { + /* XDTLS: In a pathalogical case, the Client Hello + * may be fragmented--don't always expect dest_maxlen bytes */ + if (rr->length < dest_maxlen) { + s->internal->rstate = SSL_ST_READ_HEADER; + rr->length = 0; + goto start; + } + + /* now move 'n' bytes: */ + for ( k = 0; k < dest_maxlen; k++) { + dest[k] = rr->data[rr->off++]; + rr->length--; + } + *dest_len = dest_maxlen; + } + } + + /* D1I(s)->handshake_fragment_len == 12 iff rr->type == SSL3_RT_HANDSHAKE; + * D1I(s)->alert_fragment_len == 7 iff rr->type == SSL3_RT_ALERT. + * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */ + + /* If we are a client, check for an incoming 'Hello Request': */ + if ((!s->server) && + (D1I(s)->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) && + (D1I(s)->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) && + (s->session != NULL) && (s->session->cipher != NULL)) { + D1I(s)->handshake_fragment_len = 0; + + if ((D1I(s)->handshake_fragment[1] != 0) || + (D1I(s)->handshake_fragment[2] != 0) || + (D1I(s)->handshake_fragment[3] != 0)) { + al = SSL_AD_DECODE_ERROR; + SSLerror(s, SSL_R_BAD_HELLO_REQUEST); + goto f_err; + } + + /* no need to check sequence number on HELLO REQUEST messages */ + + if (s->internal->msg_callback) + s->internal->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, + D1I(s)->handshake_fragment, 4, s, s->internal->msg_callback_arg); + + if (SSL_is_init_finished(s) && + !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && + !S3I(s)->renegotiate) { + D1I(s)->handshake_read_seq++; + s->internal->new_session = 1; + ssl3_renegotiate(s); + if (ssl3_renegotiate_check(s)) { + i = s->internal->handshake_func(s); + if (i < 0) + return (i); + if (i == 0) { + SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE); + return (-1); + } + + if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) { + if (S3I(s)->rbuf.left == 0) /* no read-ahead left? */ + { + BIO *bio; + /* In the case where we try to read application data, + * but we trigger an SSL handshake, we return -1 with + * the retry option set. Otherwise renegotiation may + * cause nasty problems in the blocking world */ + s->internal->rwstate = SSL_READING; + bio = SSL_get_rbio(s); + BIO_clear_retry_flags(bio); + BIO_set_retry_read(bio); + return (-1); + } + } + } + } + /* we either finished a handshake or ignored the request, + * now try again to obtain the (application) data we were asked for */ + goto start; + } + + if (D1I(s)->alert_fragment_len >= DTLS1_AL_HEADER_LENGTH) { + int alert_level = D1I(s)->alert_fragment[0]; + int alert_descr = D1I(s)->alert_fragment[1]; + + D1I(s)->alert_fragment_len = 0; + + if (s->internal->msg_callback) + s->internal->msg_callback(0, s->version, SSL3_RT_ALERT, + D1I(s)->alert_fragment, 2, s, s->internal->msg_callback_arg); + + if (s->internal->info_callback != NULL) + cb = s->internal->info_callback; + else if (s->ctx->internal->info_callback != NULL) + cb = s->ctx->internal->info_callback; + + if (cb != NULL) { + j = (alert_level << 8) | alert_descr; + cb(s, SSL_CB_READ_ALERT, j); + } + + if (alert_level == 1) /* warning */ + { + S3I(s)->warn_alert = alert_descr; + if (alert_descr == SSL_AD_CLOSE_NOTIFY) { + s->internal->shutdown |= SSL_RECEIVED_SHUTDOWN; + return (0); + } + } else if (alert_level == 2) /* fatal */ + { + s->internal->rwstate = SSL_NOTHING; + S3I(s)->fatal_alert = alert_descr; + SSLerror(s, SSL_AD_REASON_OFFSET + alert_descr); + ERR_asprintf_error_data("SSL alert number %d", + alert_descr); + s->internal->shutdown|=SSL_RECEIVED_SHUTDOWN; + SSL_CTX_remove_session(s->ctx, s->session); + return (0); + } else { + al = SSL_AD_ILLEGAL_PARAMETER; + SSLerror(s, SSL_R_UNKNOWN_ALERT_TYPE); + goto f_err; + } + + goto start; + } + + if (s->internal->shutdown & SSL_SENT_SHUTDOWN) /* but we have not received a shutdown */ + { + s->internal->rwstate = SSL_NOTHING; + rr->length = 0; + return (0); + } + + if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) { + struct ccs_header_st ccs_hdr; + unsigned int ccs_hdr_len = DTLS1_CCS_HEADER_LENGTH; + + dtls1_get_ccs_header(rr->data, &ccs_hdr); + + /* 'Change Cipher Spec' is just a single byte, so we know + * exactly what the record payload has to look like */ + /* XDTLS: check that epoch is consistent */ + if ((rr->length != ccs_hdr_len) || + (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS)) { + al = SSL_AD_DECODE_ERROR; + SSLerror(s, SSL_R_BAD_CHANGE_CIPHER_SPEC); + goto f_err; + } + + rr->length = 0; + + if (s->internal->msg_callback) + s->internal->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, + rr->data, 1, s, s->internal->msg_callback_arg); + + /* We can't process a CCS now, because previous handshake + * messages are still missing, so just drop it. + */ + if (!D1I(s)->change_cipher_spec_ok) { + goto start; + } + + D1I(s)->change_cipher_spec_ok = 0; + + S3I(s)->change_cipher_spec = 1; + if (!ssl3_do_change_cipher_spec(s)) + goto err; + + /* do this whenever CCS is processed */ + dtls1_reset_seq_numbers(s, SSL3_CC_READ); + + goto start; + } + + /* Unexpected handshake message (Client Hello, or protocol violation) */ + if ((D1I(s)->handshake_fragment_len >= DTLS1_HM_HEADER_LENGTH) && + !s->internal->in_handshake) { + struct hm_header_st msg_hdr; + + /* this may just be a stale retransmit */ + if (!dtls1_get_message_header(rr->data, &msg_hdr)) + return -1; + if (rr->epoch != D1I(s)->r_epoch) { + rr->length = 0; + goto start; + } + + /* If we are server, we may have a repeated FINISHED of the + * client here, then retransmit our CCS and FINISHED. + */ + if (msg_hdr.type == SSL3_MT_FINISHED) { + if (dtls1_check_timeout_num(s) < 0) + return -1; + + dtls1_retransmit_buffered_messages(s); + rr->length = 0; + goto start; + } + + if (((S3I(s)->hs.state&SSL_ST_MASK) == SSL_ST_OK) && + !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) { + S3I(s)->hs.state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT; + s->internal->renegotiate = 1; + s->internal->new_session = 1; + } + i = s->internal->handshake_func(s); + if (i < 0) + return (i); + if (i == 0) { + SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE); + return (-1); + } + + if (!(s->internal->mode & SSL_MODE_AUTO_RETRY)) { + if (S3I(s)->rbuf.left == 0) /* no read-ahead left? */ + { + BIO *bio; + /* In the case where we try to read application data, + * but we trigger an SSL handshake, we return -1 with + * the retry option set. Otherwise renegotiation may + * cause nasty problems in the blocking world */ + s->internal->rwstate = SSL_READING; + bio = SSL_get_rbio(s); + BIO_clear_retry_flags(bio); + BIO_set_retry_read(bio); + return (-1); + } + } + goto start; + } + + switch (rr->type) { + default: + /* TLS just ignores unknown message types */ + if (s->version == TLS1_VERSION) { + rr->length = 0; + goto start; + } + al = SSL_AD_UNEXPECTED_MESSAGE; + SSLerror(s, SSL_R_UNEXPECTED_RECORD); + goto f_err; + case SSL3_RT_CHANGE_CIPHER_SPEC: + case SSL3_RT_ALERT: + case SSL3_RT_HANDSHAKE: + /* we already handled all of these, with the possible exception + * of SSL3_RT_HANDSHAKE when s->internal->in_handshake is set, but that + * should not happen when type != rr->type */ + al = SSL_AD_UNEXPECTED_MESSAGE; + SSLerror(s, ERR_R_INTERNAL_ERROR); + goto f_err; + case SSL3_RT_APPLICATION_DATA: + /* At this point, we were expecting handshake data, + * but have application data. If the library was + * running inside ssl3_read() (i.e. in_read_app_data + * is set) and it makes sense to read application data + * at this point (session renegotiation not yet started), + * we will indulge it. + */ + if (S3I(s)->in_read_app_data && + (S3I(s)->total_renegotiations != 0) && + (((S3I(s)->hs.state & SSL_ST_CONNECT) && + (S3I(s)->hs.state >= SSL3_ST_CW_CLNT_HELLO_A) && + (S3I(s)->hs.state <= SSL3_ST_CR_SRVR_HELLO_A)) || ( + (S3I(s)->hs.state & SSL_ST_ACCEPT) && + (S3I(s)->hs.state <= SSL3_ST_SW_HELLO_REQ_A) && + (S3I(s)->hs.state >= SSL3_ST_SR_CLNT_HELLO_A)))) { + S3I(s)->in_read_app_data = 2; + return (-1); + } else { + al = SSL_AD_UNEXPECTED_MESSAGE; + SSLerror(s, SSL_R_UNEXPECTED_RECORD); + goto f_err; + } + } + /* not reached */ + + f_err: + ssl3_send_alert(s, SSL3_AL_FATAL, al); + err: + return (-1); +} + +int +dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len) +{ + int i; + + if (SSL_in_init(s) && !s->internal->in_handshake) + { + i = s->internal->handshake_func(s); + if (i < 0) + return (i); + if (i == 0) { + SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE); + return -1; + } + } + + if (len > SSL3_RT_MAX_PLAIN_LENGTH) { + SSLerror(s, SSL_R_DTLS_MESSAGE_TOO_BIG); + return -1; + } + + i = dtls1_write_bytes(s, type, buf_, len); + return i; +} + + + /* this only happens when a client hello is received and a handshake + * is started. */ +static int +have_handshake_fragment(SSL *s, int type, unsigned char *buf, + int len, int peek) +{ + + if ((type == SSL3_RT_HANDSHAKE) && (D1I(s)->handshake_fragment_len > 0)) + /* (partially) satisfy request from storage */ + { + unsigned char *src = D1I(s)->handshake_fragment; + unsigned char *dst = buf; + unsigned int k, n; + + /* peek == 0 */ + n = 0; + while ((len > 0) && (D1I(s)->handshake_fragment_len > 0)) { + *dst++ = *src++; + len--; + D1I(s)->handshake_fragment_len--; + n++; + } + /* move any remaining fragment bytes: */ + for (k = 0; k < D1I(s)->handshake_fragment_len; k++) + D1I(s)->handshake_fragment[k] = *src++; + return n; + } + + return 0; +} + + +/* Call this to write data in records of type 'type' + * It will return <= 0 if not all data has been sent or non-blocking IO. + */ +int +dtls1_write_bytes(SSL *s, int type, const void *buf, int len) +{ + int i; + + OPENSSL_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH); + s->internal->rwstate = SSL_NOTHING; + i = do_dtls1_write(s, type, buf, len); + return i; +} + +int +do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len) +{ + unsigned char *p, *pseq; + int i, mac_size, clear = 0; + int prefix_len = 0; + SSL3_RECORD *wr; + SSL3_BUFFER *wb; + SSL_SESSION *sess; + int bs; + + /* first check if there is a SSL3_BUFFER still being written + * out. This will happen with non blocking IO */ + if (S3I(s)->wbuf.left != 0) { + OPENSSL_assert(0); /* XDTLS: want to see if we ever get here */ + return (ssl3_write_pending(s, type, buf, len)); + } + + /* If we have an alert to send, lets send it */ + if (S3I(s)->alert_dispatch) { + i = s->method->ssl_dispatch_alert(s); + if (i <= 0) + return (i); + /* if it went, fall through and send more stuff */ + } + + if (len == 0) + return 0; + + wr = &(S3I(s)->wrec); + wb = &(S3I(s)->wbuf); + sess = s->session; + + if ((sess == NULL) || (s->internal->enc_write_ctx == NULL) || + (EVP_MD_CTX_md(s->internal->write_hash) == NULL)) + clear = 1; + + if (clear) + mac_size = 0; + else { + mac_size = EVP_MD_CTX_size(s->internal->write_hash); + if (mac_size < 0) + goto err; + } + + /* DTLS implements explicit IV, so no need for empty fragments. */ + + p = wb->buf + prefix_len; + + /* write the header */ + + *(p++) = type&0xff; + wr->type = type; + + *(p++) = (s->version >> 8); + *(p++) = s->version&0xff; + + /* field where we are to write out packet epoch, seq num and len */ + pseq = p; + + p += 10; + + /* lets setup the record stuff. */ + + /* Make space for the explicit IV in case of CBC. + * (this is a bit of a boundary violation, but what the heck). + */ + if (s->internal->enc_write_ctx && + (EVP_CIPHER_mode(s->internal->enc_write_ctx->cipher) & EVP_CIPH_CBC_MODE)) + bs = EVP_CIPHER_block_size(s->internal->enc_write_ctx->cipher); + else + bs = 0; + + wr->data = p + bs; + /* make room for IV in case of CBC */ + wr->length = (int)len; + wr->input = (unsigned char *)buf; + + /* we now 'read' from wr->input, wr->length bytes into + * wr->data */ + + memcpy(wr->data, wr->input, wr->length); + wr->input = wr->data; + + /* we should still have the output to wr->data and the input + * from wr->input. Length should be wr->length. + * wr->data still points in the wb->buf */ + + if (mac_size != 0) { + if (tls1_mac(s, &(p[wr->length + bs]), 1) < 0) + goto err; + wr->length += mac_size; + } + + /* this is true regardless of mac size */ + wr->input = p; + wr->data = p; + + + /* ssl3_enc can only have an error on read */ + if (bs) /* bs != 0 in case of CBC */ + { + arc4random_buf(p, bs); + /* master IV and last CBC residue stand for + * the rest of randomness */ + wr->length += bs; + } + + s->method->internal->ssl3_enc->enc(s, 1); + + /* record length after mac and block padding */ +/* if (type == SSL3_RT_APPLICATION_DATA || + (type == SSL3_RT_ALERT && ! SSL_in_init(s))) */ + + /* there's only one epoch between handshake and app data */ + + s2n(D1I(s)->w_epoch, pseq); + + /* XDTLS: ?? */ +/* else + s2n(D1I(s)->handshake_epoch, pseq); +*/ + + memcpy(pseq, &(S3I(s)->write_sequence[2]), 6); + pseq += 6; + s2n(wr->length, pseq); + + /* we should now have + * wr->data pointing to the encrypted data, which is + * wr->length long */ + wr->type=type; /* not needed but helps for debugging */ + wr->length += DTLS1_RT_HEADER_LENGTH; + + tls1_record_sequence_increment(S3I(s)->write_sequence); + + /* now let's set up wb */ + wb->left = prefix_len + wr->length; + wb->offset = 0; + + /* memorize arguments so that ssl3_write_pending can detect bad write retries later */ + S3I(s)->wpend_tot = len; + S3I(s)->wpend_buf = buf; + S3I(s)->wpend_type = type; + S3I(s)->wpend_ret = len; + + /* we now just need to write the buffer */ + return ssl3_write_pending(s, type, buf, len); +err: + return -1; +} + + + +static int +dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap) +{ + int cmp; + unsigned int shift; + const unsigned char *seq = S3I(s)->read_sequence; + + cmp = satsub64be(seq, bitmap->max_seq_num); + if (cmp > 0) { + memcpy (S3I(s)->rrec.seq_num, seq, 8); + return 1; /* this record in new */ + } + shift = -cmp; + if (shift >= sizeof(bitmap->map)*8) + return 0; /* stale, outside the window */ + else if (bitmap->map & (1UL << shift)) + return 0; /* record previously received */ + + memcpy(S3I(s)->rrec.seq_num, seq, 8); + return 1; +} + + +static void +dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap) +{ + int cmp; + unsigned int shift; + const unsigned char *seq = S3I(s)->read_sequence; + + cmp = satsub64be(seq, bitmap->max_seq_num); + if (cmp > 0) { + shift = cmp; + if (shift < sizeof(bitmap->map)*8) + bitmap->map <<= shift, bitmap->map |= 1UL; + else + bitmap->map = 1UL; + memcpy(bitmap->max_seq_num, seq, 8); + } else { + shift = -cmp; + if (shift < sizeof(bitmap->map) * 8) + bitmap->map |= 1UL << shift; + } +} + + +int +dtls1_dispatch_alert(SSL *s) +{ + int i, j; + void (*cb)(const SSL *ssl, int type, int val) = NULL; + unsigned char buf[DTLS1_AL_HEADER_LENGTH]; + unsigned char *ptr = &buf[0]; + + S3I(s)->alert_dispatch = 0; + + memset(buf, 0x00, sizeof(buf)); + *ptr++ = S3I(s)->send_alert[0]; + *ptr++ = S3I(s)->send_alert[1]; + + i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf)); + if (i <= 0) { + S3I(s)->alert_dispatch = 1; + /* fprintf( stderr, "not done with alert\n" ); */ + } else { + if (S3I(s)->send_alert[0] == SSL3_AL_FATAL) + (void)BIO_flush(s->wbio); + + if (s->internal->msg_callback) + s->internal->msg_callback(1, s->version, SSL3_RT_ALERT, + S3I(s)->send_alert, 2, s, s->internal->msg_callback_arg); + + if (s->internal->info_callback != NULL) + cb = s->internal->info_callback; + else if (s->ctx->internal->info_callback != NULL) + cb = s->ctx->internal->info_callback; + + if (cb != NULL) { + j = (S3I(s)->send_alert[0]<<8)|S3I(s)->send_alert[1]; + cb(s, SSL_CB_WRITE_ALERT, j); + } + } + return (i); +} + + +static DTLS1_BITMAP * +dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr, unsigned int *is_next_epoch) +{ + + *is_next_epoch = 0; + + /* In current epoch, accept HM, CCS, DATA, & ALERT */ + if (rr->epoch == D1I(s)->r_epoch) + return &D1I(s)->bitmap; + + /* Only HM and ALERT messages can be from the next epoch */ + else if (rr->epoch == (unsigned long)(D1I(s)->r_epoch + 1) && + (rr->type == SSL3_RT_HANDSHAKE || rr->type == SSL3_RT_ALERT)) { + *is_next_epoch = 1; + return &D1I(s)->next_bitmap; + } + + return NULL; +} + +void +dtls1_reset_seq_numbers(SSL *s, int rw) +{ + unsigned char *seq; + unsigned int seq_bytes = sizeof(S3I(s)->read_sequence); + + if (rw & SSL3_CC_READ) { + seq = S3I(s)->read_sequence; + D1I(s)->r_epoch++; + memcpy(&(D1I(s)->bitmap), &(D1I(s)->next_bitmap), sizeof(DTLS1_BITMAP)); + memset(&(D1I(s)->next_bitmap), 0x00, sizeof(DTLS1_BITMAP)); + } else { + seq = S3I(s)->write_sequence; + memcpy(D1I(s)->last_write_sequence, seq, sizeof(S3I(s)->write_sequence)); + D1I(s)->w_epoch++; + } + + memset(seq, 0x00, seq_bytes); +} diff --git a/src/lib/libssl/d1_srtp.c b/src/lib/libssl/d1_srtp.c new file mode 100644 index 00000000000..4b1b24a3c1f --- /dev/null +++ b/src/lib/libssl/d1_srtp.c @@ -0,0 +1,250 @@ +/* $OpenBSD: d1_srtp.c,v 1.23 2018/11/09 04:35:09 tb Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* + * DTLS code by Eric Rescorla + * + * Copyright (C) 2006, Network Resonance, Inc. + * Copyright (C) 2011, RTFM, Inc. + */ + +#include + +#include + +#include "ssl_locl.h" + +#ifndef OPENSSL_NO_SRTP + +#include "bytestring.h" +#include "srtp.h" + +static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = { + { + "SRTP_AES128_CM_SHA1_80", + SRTP_AES128_CM_SHA1_80, + }, + { + "SRTP_AES128_CM_SHA1_32", + SRTP_AES128_CM_SHA1_32, + }, + {0} +}; + +int +srtp_find_profile_by_name(char *profile_name, SRTP_PROTECTION_PROFILE **pptr, + unsigned len) +{ + SRTP_PROTECTION_PROFILE *p; + + p = srtp_known_profiles; + while (p->name) { + if ((len == strlen(p->name)) && + !strncmp(p->name, profile_name, len)) { + *pptr = p; + return 0; + } + + p++; + } + + return 1; +} + +int +srtp_find_profile_by_num(unsigned profile_num, SRTP_PROTECTION_PROFILE **pptr) +{ + SRTP_PROTECTION_PROFILE *p; + + p = srtp_known_profiles; + while (p->name) { + if (p->id == profile_num) { + *pptr = p; + return 0; + } + p++; + } + + return 1; +} + +static int +ssl_ctx_make_profiles(const char *profiles_string, + STACK_OF(SRTP_PROTECTION_PROFILE) **out) +{ + STACK_OF(SRTP_PROTECTION_PROFILE) *profiles; + + char *col; + char *ptr = (char *)profiles_string; + + SRTP_PROTECTION_PROFILE *p; + + if (!(profiles = sk_SRTP_PROTECTION_PROFILE_new_null())) { + SSLerrorx(SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES); + return 1; + } + + do { + col = strchr(ptr, ':'); + + if (!srtp_find_profile_by_name(ptr, &p, + col ? col - ptr : (int)strlen(ptr))) { + sk_SRTP_PROTECTION_PROFILE_push(profiles, p); + } else { + SSLerrorx(SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE); + sk_SRTP_PROTECTION_PROFILE_free(profiles); + return 1; + } + + if (col) + ptr = col + 1; + } while (col); + + sk_SRTP_PROTECTION_PROFILE_free(*out); + *out = profiles; + + return 0; +} + +int +SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles) +{ + return ssl_ctx_make_profiles(profiles, &ctx->internal->srtp_profiles); +} + +int +SSL_set_tlsext_use_srtp(SSL *s, const char *profiles) +{ + return ssl_ctx_make_profiles(profiles, &s->internal->srtp_profiles); +} + + +STACK_OF(SRTP_PROTECTION_PROFILE) * +SSL_get_srtp_profiles(SSL *s) +{ + if (s != NULL) { + if (s->internal->srtp_profiles != NULL) { + return s->internal->srtp_profiles; + } else if ((s->ctx != NULL) && + (s->ctx->internal->srtp_profiles != NULL)) { + return s->ctx->internal->srtp_profiles; + } + } + + return NULL; +} + +SRTP_PROTECTION_PROFILE * +SSL_get_selected_srtp_profile(SSL *s) +{ + return s->internal->srtp_profile; +} + +#endif diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c new file mode 100644 index 00000000000..1a1ee5429e4 --- /dev/null +++ b/src/lib/libssl/d1_srvr.c @@ -0,0 +1,165 @@ +/* $OpenBSD: d1_srvr.c,v 1.95 2018/11/05 05:45:15 jsing Exp $ */ +/* + * DTLS implementation written by Nagendra Modadugu + * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. + */ +/* ==================================================================== + * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include + +#include "ssl_locl.h" + +#include +#include +#include +#include +#include +#include +#include + +int +dtls1_send_hello_verify_request(SSL *s) +{ + CBB cbb, verify, cookie; + + memset(&cbb, 0, sizeof(cbb)); + + if (S3I(s)->hs.state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) { + if (s->ctx->internal->app_gen_cookie_cb == NULL || + s->ctx->internal->app_gen_cookie_cb(s, D1I(s)->cookie, + &(D1I(s)->cookie_len)) == 0) { + SSLerror(s, ERR_R_INTERNAL_ERROR); + return 0; + } + + if (!ssl3_handshake_msg_start(s, &cbb, &verify, + DTLS1_MT_HELLO_VERIFY_REQUEST)) + goto err; + if (!CBB_add_u16(&verify, s->version)) + goto err; + if (!CBB_add_u8_length_prefixed(&verify, &cookie)) + goto err; + if (!CBB_add_bytes(&cookie, D1I(s)->cookie, D1I(s)->cookie_len)) + goto err; + if (!ssl3_handshake_msg_finish(s, &cbb)) + goto err; + + S3I(s)->hs.state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B; + } + + /* S3I(s)->hs.state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */ + return (ssl3_handshake_write(s)); + + err: + CBB_cleanup(&cbb); + + return (-1); +} diff --git a/src/lib/libssl/doc/openssl.cnf b/src/lib/libssl/doc/openssl.cnf index eca51c33228..ed4bde52e8a 100644 --- a/src/lib/libssl/doc/openssl.cnf +++ b/src/lib/libssl/doc/openssl.cnf @@ -6,7 +6,6 @@ # This definition stops the following lines choking if HOME isn't # defined. HOME = . -RANDFILE = $ENV::HOME/.rnd # Extra OBJECT IDENTIFIER info: #oid_file = $ENV::HOME/.oid @@ -15,18 +14,23 @@ oid_section = new_oids # To use this configuration file with the "-extfile" option of the # "openssl x509" utility, name here the section containing the # X.509v3 extensions to use: -# extensions = +# extensions = # (Alternatively, use a configuration file that has only # X.509v3 extensions in its main [= default] section.) [ new_oids ] -# We can add new OIDs in here for use by 'ca' and 'req'. +# We can add new OIDs in here for use by 'ca', 'req' and 'ts'. # Add a simple OID like this: # testoid1=1.2.3.4 # Or use config file substitution like this: # testoid2=${testoid1}.5.6 +# Policies used by the TSA examples. +tsa_policy1 = 1.2.3.4.1 +tsa_policy2 = 1.2.3.4.5.6 +tsa_policy3 = 1.2.3.4.5.7 + #################################################################### [ ca ] default_ca = CA_default # The default ca section @@ -38,13 +42,16 @@ dir = ./demoCA # Where everything is kept certs = $dir/certs # Where the issued certs are kept crl_dir = $dir/crl # Where the issued crl are kept database = $dir/index.txt # database index file. +#unique_subject = no # Set to 'no' to allow creation of + # several ctificates with same subject. new_certs_dir = $dir/newcerts # default place for new certs. certificate = $dir/cacert.pem # The CA certificate serial = $dir/serial # The current serial number +crlnumber = $dir/crlnumber # the current crl number + # must be commented out to leave a V1 CRL crl = $dir/crl.pem # The current CRL private_key = $dir/private/cakey.pem# The private key -RANDFILE = $dir/private/.rand # private random number file x509_extensions = usr_cert # The extentions to add to the cert @@ -58,11 +65,12 @@ cert_opt = ca_default # Certificate field options # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs # so this is commented out by default to leave a V1 CRL. +# crlnumber must also be commented out to leave a V1 CRL. # crl_extensions = crl_ext default_days = 365 # how long to certify for default_crl_days= 30 # how long before next CRL -default_md = md5 # which md to use. +default_md = default # use public key default MD preserve = no # keep passed DN ordering # A few difference way of specifying how similar the request should look @@ -103,15 +111,14 @@ x509_extensions = v3_ca # The extentions to add to the self signed cert # input_password = secret # output_password = secret -# This sets a mask for permitted string types. There are several options. +# This sets a mask for permitted string types. There are several options. # default: PrintableString, T61String, BMPString. -# pkix : PrintableString, BMPString. -# utf8only: only UTF8Strings. +# pkix : PrintableString, BMPString (PKIX recommendation before 2004) +# utf8only: only UTF8Strings (PKIX recommendation after 2004). # nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). # MASK:XXXX a literal mask value. -# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings -# so use this option with caution! -string_mask = nombstr +# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. +string_mask = utf8only # req_extensions = v3_req # The extensions to add to a certificate request @@ -136,7 +143,7 @@ localityName = Locality Name (eg, city) organizationalUnitName = Organizational Unit Name (eg, section) #organizationalUnitName_default = -commonName = Common Name (eg, YOUR name) +commonName = Common Name (e.g. server FQDN or YOUR name) commonName_max = 64 emailAddress = Email Address @@ -183,7 +190,7 @@ nsComment = "OpenSSL Generated Certificate" # PKIX recommendations harmless if included in all certificates. subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid,issuer:always +authorityKeyIdentifier=keyid,issuer # This stuff is for subjectAltName and issuerAltname. # Import the email address. @@ -202,6 +209,9 @@ authorityKeyIdentifier=keyid,issuer:always #nsCaPolicyUrl #nsSslServerName +# This is required for TSA certificates. +# extendedKeyUsage = critical,timeStamping + [ v3_req ] # Extensions to add to a certificate request @@ -219,7 +229,7 @@ keyUsage = nonRepudiation, digitalSignature, keyEncipherment subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid:always,issuer:always +authorityKeyIdentifier=keyid:always,issuer # This is what PKIX recommends but some broken software chokes on critical # extensions. @@ -252,4 +262,87 @@ basicConstraints = CA:true # Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. # issuerAltName=issuer:copy -authorityKeyIdentifier=keyid:always,issuer:always +authorityKeyIdentifier=keyid:always + +[ proxy_cert_ext ] +# These extensions should be added when creating a proxy certificate + +# This goes against PKIX guidelines but some CAs do it and some software +# requires this to avoid interpreting an end user certificate as a CA. + +basicConstraints=CA:FALSE + +# Here are some examples of the usage of nsCertType. If it is omitted +# the certificate can be used for anything *except* object signing. + +# This is OK for an SSL server. +# nsCertType = server + +# For an object signing certificate this would be used. +# nsCertType = objsign + +# For normal client use this is typical +# nsCertType = client, email + +# and for everything including object signing: +# nsCertType = client, email, objsign + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid,issuer + +# This stuff is for subjectAltName and issuerAltname. +# Import the email address. +# subjectAltName=email:copy +# An alternative to produce certificates that aren't +# deprecated according to PKIX. +# subjectAltName=email:move + +# Copy subject details +# issuerAltName=issuer:copy + +#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem +#nsBaseUrl +#nsRevocationUrl +#nsRenewalUrl +#nsCaPolicyUrl +#nsSslServerName + +# This really needs to be in place for it to be a proxy certificate. +proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo + +#################################################################### +[ tsa ] + +default_tsa = tsa_config1 # the default TSA section + +[ tsa_config1 ] + +# These are used by the TSA reply generation only. +dir = ./demoCA # TSA root directory +serial = $dir/tsaserial # The current serial number (mandatory) +crypto_device = builtin # OpenSSL engine to use for signing +signer_cert = $dir/tsacert.pem # The TSA signing certificate + # (optional) +certs = $dir/cacert.pem # Certificate chain to include in reply + # (optional) +signer_key = $dir/private/tsakey.pem # The TSA private key (optional) + +default_policy = tsa_policy1 # Policy if request did not specify it + # (optional) +other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) +digests = md5, sha1 # Acceptable message digests (mandatory) +accuracy = secs:1, millisecs:500, microsecs:100 # (optional) +clock_precision_digits = 0 # number of digits after dot. (optional) +ordering = yes # Is ordering defined for timestamps? + # (optional, default: no) +tsa_name = yes # Must the TSA name be included in the reply? + # (optional, default: no) +ess_cert_id_chain = no # Must the ESS cert id chain be included? + # (optional, default: no) diff --git a/src/lib/libssl/doc/openssl.txt b/src/lib/libssl/doc/openssl.txt index 5da519e7e46..f8817b0a719 100644 --- a/src/lib/libssl/doc/openssl.txt +++ b/src/lib/libssl/doc/openssl.txt @@ -154,8 +154,22 @@ for example contain data in multiple sections. The correct syntax to use is defined by the extension code itself: check out the certificate policies extension for an example. -In addition it is also possible to use the word DER to include arbitrary -data in any extension. +There are two ways to encode arbitrary extensions. + +The first way is to use the word ASN1 followed by the extension content +using the same syntax as ASN1_generate_nconf(). For example: + +1.2.3.4=critical,ASN1:UTF8String:Some random data + +1.2.3.4=ASN1:SEQUENCE:seq_sect + +[seq_sect] + +field1 = UTF8:field1 +field2 = UTF8:field2 + +It is also possible to use the word DER to include arbitrary data in any +extension. 1.2.3.4=critical,DER:01:02:03:04 1.2.3.4=DER:01020304 @@ -336,16 +350,21 @@ Subject Alternative Name. The subject alternative name extension allows various literal values to be included in the configuration file. These include "email" (an email address) "URI" a uniform resource indicator, "DNS" (a DNS domain name), RID (a -registered ID: OBJECT IDENTIFIER) and IP (and IP address). +registered ID: OBJECT IDENTIFIER), IP (and IP address) and otherName. Also the email option include a special 'copy' value. This will automatically include and email addresses contained in the certificate subject name in the extension. +otherName can include arbitrary data associated with an OID: the value +should be the OID followed by a semicolon and the content in standard +ASN1_generate_nconf() format. + Examples: -subjectAltName=email:copy,email:my@other.address,URL:http://my.url.here/ +subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/ subjectAltName=email:my@other.address,RID:1.2.3.4 +subjectAltName=otherName:1.2.3.4;UTF8:some other identifier Issuer Alternative Name. @@ -759,7 +778,7 @@ called. The X509V3_EXT_METHOD structure is described below. -strut { +struct { int ext_nid; int ext_flags; X509V3_EXT_NEW ext_new; diff --git a/src/lib/libssl/doc/standards.txt b/src/lib/libssl/doc/standards.txt index 596d9001e64..7bada8d35f2 100644 --- a/src/lib/libssl/doc/standards.txt +++ b/src/lib/libssl/doc/standards.txt @@ -42,20 +42,9 @@ whole or at least great parts) in OpenSSL. 2268 A Description of the RC2(r) Encryption Algorithm. R. Rivest. January 1998. (Format: TXT=19048 bytes) (Status: INFORMATIONAL) -2314 PKCS 10: Certification Request Syntax Version 1.5. B. Kaliski. - March 1998. (Format: TXT=15814 bytes) (Status: INFORMATIONAL) - 2315 PKCS 7: Cryptographic Message Syntax Version 1.5. B. Kaliski. March 1998. (Format: TXT=69679 bytes) (Status: INFORMATIONAL) -2437 PKCS #1: RSA Cryptography Specifications Version 2.0. B. Kaliski, - J. Staddon. October 1998. (Format: TXT=73529 bytes) (Obsoletes - RFC2313) (Status: INFORMATIONAL) - -2459 Internet X.509 Public Key Infrastructure Certificate and CRL - Profile. R. Housley, W. Ford, W. Polk, D. Solo. January 1999. - (Format: TXT=278438 bytes) (Status: PROPOSED STANDARD) - PKCS#8: Private-Key Information Syntax Standard PKCS#12: Personal Information Exchange Syntax Standard, version 1.0. @@ -65,6 +54,64 @@ PKCS#12: Personal Information Exchange Syntax Standard, version 1.0. C. Adams. June 1999. (Format: TXT=43243 bytes) (Status: PROPOSED STANDARD) +2712 Addition of Kerberos Cipher Suites to Transport Layer Security + (TLS). A. Medvinsky, M. Hur. October 1999. (Format: TXT=13763 bytes) + (Status: PROPOSED STANDARD) + +2898 PKCS #5: Password-Based Cryptography Specification Version 2.0. + B. Kaliski. September 2000. (Format: TXT=68692 bytes) (Status: + INFORMATIONAL) + +2986 PKCS #10: Certification Request Syntax Specification Version 1.7. + M. Nystrom, B. Kaliski. November 2000. (Format: TXT=27794 bytes) + (Obsoletes RFC2314) (Status: INFORMATIONAL) + +3174 US Secure Hash Algorithm 1 (SHA1). D. Eastlake 3rd, P. Jones. + September 2001. (Format: TXT=35525 bytes) (Status: INFORMATIONAL) + +3161 Internet X.509 Public Key Infrastructure, Time-Stamp Protocol (TSP) + C. Adams, P. Cain, D. Pinkas, R. Zuccherato. August 2001 + (Status: PROPOSED STANDARD) + +3268 Advanced Encryption Standard (AES) Ciphersuites for Transport + Layer Security (TLS). P. Chown. June 2002. (Format: TXT=13530 bytes) + (Status: PROPOSED STANDARD) + +3279 Algorithms and Identifiers for the Internet X.509 Public Key + Infrastructure Certificate and Certificate Revocation List (CRL) + Profile. L. Bassham, W. Polk, R. Housley. April 2002. (Format: + TXT=53833 bytes) (Status: PROPOSED STANDARD) + +3280 Internet X.509 Public Key Infrastructure Certificate and + Certificate Revocation List (CRL) Profile. R. Housley, W. Polk, W. + Ford, D. Solo. April 2002. (Format: TXT=295556 bytes) (Obsoletes + RFC2459) (Status: PROPOSED STANDARD) + +3447 Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography + Specifications Version 2.1. J. Jonsson, B. Kaliski. February 2003. + (Format: TXT=143173 bytes) (Obsoletes RFC2437) (Status: + INFORMATIONAL) + +3713 A Description of the Camellia Encryption Algorithm. M. Matsui, + J. Nakajima, S. Moriai. April 2004. (Format: TXT=25031 bytes) + (Status: INFORMATIONAL) + +3820 Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate + Profile. S. Tuecke, V. Welch, D. Engert, L. Pearlman, M. Thompson. + June 2004. (Format: TXT=86374 bytes) (Status: PROPOSED STANDARD) + +4132 Addition of Camellia Cipher Suites to Transport Layer Security + (TLS). S. Moriai, A. Kato, M. Kanda. July 2005. (Format: TXT=13590 + bytes) (Status: PROPOSED STANDARD) + +4162 Addition of SEED Cipher Suites to Transport Layer Security (TLS). + H.J. Lee, J.H. Yoon, J.I. Lee. August 2005. (Format: TXT=10578 bytes) + (Status: PROPOSED STANDARD) + +4269 The SEED Encryption Algorithm. H.J. Lee, S.J. Lee, J.H. Yoon, + D.H. Cheon, J.I. Lee. December 2005. (Format: TXT=34390 bytes) + (Obsoletes RFC4009) (Status: INFORMATIONAL) + Related: -------- @@ -90,23 +137,60 @@ STARTTLS documents. Certification and Related Services. B. Kaliski. February 1993. (Format: TXT=17537 bytes) (Status: PROPOSED STANDARD) -2256 A Summary of the X.500(96) User Schema for use with LDAPv3. M. - Wahl. December 1997. (Format: TXT=32377 bytes) (Status: PROPOSED - STANDARD) +2025 The Simple Public-Key GSS-API Mechanism (SPKM). C. Adams. October + 1996. (Format: TXT=101692 bytes) (Status: PROPOSED STANDARD) -2487 SMTP Service Extension for Secure SMTP over TLS. P. Hoffman. - January 1999. (Format: TXT=15120 bytes) (Status: PROPOSED STANDARD) +2510 Internet X.509 Public Key Infrastructure Certificate Management + Protocols. C. Adams, S. Farrell. March 1999. (Format: TXT=158178 + bytes) (Status: PROPOSED STANDARD) + +2511 Internet X.509 Certificate Request Message Format. M. Myers, C. + Adams, D. Solo, D. Kemp. March 1999. (Format: TXT=48278 bytes) + (Status: PROPOSED STANDARD) + +2527 Internet X.509 Public Key Infrastructure Certificate Policy and + Certification Practices Framework. S. Chokhani, W. Ford. March 1999. + (Format: TXT=91860 bytes) (Status: INFORMATIONAL) + +2538 Storing Certificates in the Domain Name System (DNS). D. Eastlake + 3rd, O. Gudmundsson. March 1999. (Format: TXT=19857 bytes) (Status: + PROPOSED STANDARD) + +2539 Storage of Diffie-Hellman Keys in the Domain Name System (DNS). + D. Eastlake 3rd. March 1999. (Format: TXT=21049 bytes) (Status: + PROPOSED STANDARD) + +2559 Internet X.509 Public Key Infrastructure Operational Protocols - + LDAPv2. S. Boeyen, T. Howes, P. Richard. April 1999. (Format: + TXT=22889 bytes) (Updates RFC1778) (Status: PROPOSED STANDARD) 2585 Internet X.509 Public Key Infrastructure Operational Protocols: FTP and HTTP. R. Housley, P. Hoffman. May 1999. (Format: TXT=14813 bytes) (Status: PROPOSED STANDARD) +2587 Internet X.509 Public Key Infrastructure LDAPv2 Schema. S. + Boeyen, T. Howes, P. Richard. June 1999. (Format: TXT=15102 bytes) + (Status: PROPOSED STANDARD) + 2595 Using TLS with IMAP, POP3 and ACAP. C. Newman. June 1999. (Format: TXT=32440 bytes) (Status: PROPOSED STANDARD) -2712 Addition of Kerberos Cipher Suites to Transport Layer Security - (TLS). A. Medvinsky, M. Hur. October 1999. (Format: TXT=13763 bytes) - (Status: PROPOSED STANDARD) +2631 Diffie-Hellman Key Agreement Method. E. Rescorla. June 1999. + (Format: TXT=25932 bytes) (Status: PROPOSED STANDARD) + +2632 S/MIME Version 3 Certificate Handling. B. Ramsdell, Ed.. June + 1999. (Format: TXT=27925 bytes) (Status: PROPOSED STANDARD) + +2716 PPP EAP TLS Authentication Protocol. B. Aboba, D. Simon. October + 1999. (Format: TXT=50108 bytes) (Status: EXPERIMENTAL) + +2773 Encryption using KEA and SKIPJACK. R. Housley, P. Yee, W. Nace. + February 2000. (Format: TXT=20008 bytes) (Updates RFC0959) (Status: + EXPERIMENTAL) + +2797 Certificate Management Messages over CMS. M. Myers, X. Liu, J. + Schaad, J. Weinstein. April 2000. (Format: TXT=103357 bytes) (Status: + PROPOSED STANDARD) 2817 Upgrading to TLS Within HTTP/1.1. R. Khare, S. Lawrence. May 2000. (Format: TXT=27598 bytes) (Updates RFC2616) (Status: PROPOSED @@ -115,7 +199,82 @@ STARTTLS documents. 2818 HTTP Over TLS. E. Rescorla. May 2000. (Format: TXT=15170 bytes) (Status: INFORMATIONAL) - "Securing FTP with TLS", 01/27/2000, +2876 Use of the KEA and SKIPJACK Algorithms in CMS. J. Pawling. July + 2000. (Format: TXT=29265 bytes) (Status: INFORMATIONAL) + +2984 Use of the CAST-128 Encryption Algorithm in CMS. C. Adams. + October 2000. (Format: TXT=11591 bytes) (Status: PROPOSED STANDARD) + +2985 PKCS #9: Selected Object Classes and Attribute Types Version 2.0. + M. Nystrom, B. Kaliski. November 2000. (Format: TXT=70703 bytes) + (Status: INFORMATIONAL) + +3029 Internet X.509 Public Key Infrastructure Data Validation and + Certification Server Protocols. C. Adams, P. Sylvester, M. Zolotarev, + R. Zuccherato. February 2001. (Format: TXT=107347 bytes) (Status: + EXPERIMENTAL) + +3039 Internet X.509 Public Key Infrastructure Qualified Certificates + Profile. S. Santesson, W. Polk, P. Barzin, M. Nystrom. January 2001. + (Format: TXT=67619 bytes) (Status: PROPOSED STANDARD) + +3058 Use of the IDEA Encryption Algorithm in CMS. S. Teiwes, P. + Hartmann, D. Kuenzi. February 2001. (Format: TXT=17257 bytes) + (Status: INFORMATIONAL) + +3161 Internet X.509 Public Key Infrastructure Time-Stamp Protocol + (TSP). C. Adams, P. Cain, D. Pinkas, R. Zuccherato. August 2001. + (Format: TXT=54585 bytes) (Status: PROPOSED STANDARD) + +3185 Reuse of CMS Content Encryption Keys. S. Farrell, S. Turner. + October 2001. (Format: TXT=20404 bytes) (Status: PROPOSED STANDARD) + +3207 SMTP Service Extension for Secure SMTP over Transport Layer + Security. P. Hoffman. February 2002. (Format: TXT=18679 bytes) + (Obsoletes RFC2487) (Status: PROPOSED STANDARD) + +3217 Triple-DES and RC2 Key Wrapping. R. Housley. December 2001. + (Format: TXT=19855 bytes) (Status: INFORMATIONAL) + +3274 Compressed Data Content Type for Cryptographic Message Syntax + (CMS). P. Gutmann. June 2002. (Format: TXT=11276 bytes) (Status: + PROPOSED STANDARD) + +3278 Use of Elliptic Curve Cryptography (ECC) Algorithms in + Cryptographic Message Syntax (CMS). S. Blake-Wilson, D. Brown, P. + Lambert. April 2002. (Format: TXT=33779 bytes) (Status: + INFORMATIONAL) + +3281 An Internet Attribute Certificate Profile for Authorization. S. + Farrell, R. Housley. April 2002. (Format: TXT=90580 bytes) (Status: + PROPOSED STANDARD) + +3369 Cryptographic Message Syntax (CMS). R. Housley. August 2002. + (Format: TXT=113975 bytes) (Obsoletes RFC2630, RFC3211) (Status: + PROPOSED STANDARD) + +3370 Cryptographic Message Syntax (CMS) Algorithms. R. Housley. August + 2002. (Format: TXT=51001 bytes) (Obsoletes RFC2630, RFC3211) (Status: + PROPOSED STANDARD) + +3377 Lightweight Directory Access Protocol (v3): Technical + Specification. J. Hodges, R. Morgan. September 2002. (Format: + TXT=9981 bytes) (Updates RFC2251, RFC2252, RFC2253, RFC2254, RFC2255, + RFC2256, RFC2829, RFC2830) (Status: PROPOSED STANDARD) + +3394 Advanced Encryption Standard (AES) Key Wrap Algorithm. J. Schaad, + R. Housley. September 2002. (Format: TXT=73072 bytes) (Status: + INFORMATIONAL) + +3436 Transport Layer Security over Stream Control Transmission + Protocol. A. Jungmaier, E. Rescorla, M. Tuexen. December 2002. + (Format: TXT=16333 bytes) (Status: PROPOSED STANDARD) + +3657 Use of the Camellia Encryption Algorithm in Cryptographic + Message Syntax (CMS). S. Moriai, A. Kato. January 2004. + (Format: TXT=26282 bytes) (Status: PROPOSED STANDARD) + +"Securing FTP with TLS", 01/27/2000, To be implemented: @@ -124,7 +283,3 @@ To be implemented: These are documents that describe things that are planed to be implemented in the hopefully short future. -2712 Addition of Kerberos Cipher Suites to Transport Layer Security - (TLS). A. Medvinsky, M. Hur. October 1999. (Format: TXT=13763 bytes) - (Status: PROPOSED STANDARD) - diff --git a/src/lib/libssl/dtls1.h b/src/lib/libssl/dtls1.h new file mode 100644 index 00000000000..cc672a59345 --- /dev/null +++ b/src/lib/libssl/dtls1.h @@ -0,0 +1,182 @@ +/* $OpenBSD: dtls1.h,v 1.22 2018/08/24 19:35:05 jsing Exp $ */ +/* + * DTLS implementation written by Nagendra Modadugu + * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. + */ +/* ==================================================================== + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_DTLS1_H +#define HEADER_DTLS1_H + +#include + +#include +#include +#include + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#define DTLS1_VERSION 0xFEFF + +/* lengths of messages */ +#define DTLS1_COOKIE_LENGTH 256 + +#define DTLS1_RT_HEADER_LENGTH 13 + +#define DTLS1_HM_HEADER_LENGTH 12 + +#define DTLS1_HM_BAD_FRAGMENT -2 +#define DTLS1_HM_FRAGMENT_RETRY -3 + +#define DTLS1_CCS_HEADER_LENGTH 1 + +#define DTLS1_AL_HEADER_LENGTH 2 + +#ifndef OPENSSL_NO_SSL_INTERN + + +typedef struct dtls1_bitmap_st { + unsigned long map; /* track 32 packets on 32-bit systems + and 64 - on 64-bit systems */ + unsigned char max_seq_num[8]; /* max record number seen so far, + 64-bit value in big-endian + encoding */ +} DTLS1_BITMAP; + +struct dtls1_retransmit_state { + EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ + EVP_MD_CTX *write_hash; /* used for mac generation */ + SSL_SESSION *session; + unsigned short epoch; +}; + +struct hm_header_st { + unsigned char type; + unsigned long msg_len; + unsigned short seq; + unsigned long frag_off; + unsigned long frag_len; + unsigned int is_ccs; + struct dtls1_retransmit_state saved_retransmit_state; +}; + +struct ccs_header_st { + unsigned char type; + unsigned short seq; +}; + +struct dtls1_timeout_st { + /* Number of read timeouts so far */ + unsigned int read_timeouts; + + /* Number of write timeouts so far */ + unsigned int write_timeouts; + + /* Number of alerts received so far */ + unsigned int num_alerts; +}; + +struct _pqueue; + +typedef struct record_pqueue_st { + unsigned short epoch; + struct _pqueue *q; +} record_pqueue; + +typedef struct hm_fragment_st { + struct hm_header_st msg_header; + unsigned char *fragment; + unsigned char *reassembly; +} hm_fragment; + +struct dtls1_state_internal_st; + +typedef struct dtls1_state_st { + /* Buffered (sent) handshake records */ + struct _pqueue *sent_messages; + + /* Indicates when the last handshake msg or heartbeat sent will timeout */ + struct timeval next_timeout; + + /* Timeout duration */ + unsigned short timeout_duration; + + struct dtls1_state_internal_st *internal; +} DTLS1_STATE; + +typedef struct dtls1_record_data_st { + unsigned char *packet; + unsigned int packet_length; + SSL3_BUFFER rbuf; + SSL3_RECORD rrec; +} DTLS1_RECORD_DATA; + +#endif + +/* Timeout multipliers (timeout slice is defined in apps/timeouts.h */ +#define DTLS1_TMO_READ_COUNT 2 +#define DTLS1_TMO_WRITE_COUNT 2 + +#define DTLS1_TMO_ALERT_COUNT 12 + +#ifdef __cplusplus +} +#endif +#endif diff --git a/src/lib/libssl/generate_pkgconfig.sh b/src/lib/libssl/generate_pkgconfig.sh new file mode 100644 index 00000000000..de14a121fc8 --- /dev/null +++ b/src/lib/libssl/generate_pkgconfig.sh @@ -0,0 +1,90 @@ +#!/bin/sh +# +# $OpenBSD: generate_pkgconfig.sh,v 1.9 2016/09/03 12:42:42 beck Exp $ +# +# Copyright (c) 2010,2011 Jasper Lievisse Adriaanse +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +# +# Generate pkg-config files for OpenSSL. + +usage() { + echo "usage: ${0##*/} -c current_directory -o obj_directory" + exit 1 +} + +curdir= +objdir= +while getopts "c:o:" flag; do + case "$flag" in + c) + curdir=$OPTARG + ;; + o) + objdir=$OPTARG + ;; + *) + usage + ;; + esac +done + +[ -n "${curdir}" ] || usage +if [ ! -d "${curdir}" ]; then + echo "${0##*/}: ${curdir}: not found" + exit 1 +fi +[ -n "${objdir}" ] || usage +if [ ! -w "${objdir}" ]; then + echo "${0##*/}: ${objdir}: not found or not writable" + exit 1 +fi + +version_re="s/^#define[[:blank:]]+SHLIB_VERSION_NUMBER[[:blank:]]+\"(.*)\".*/\1/p" +version_file=${curdir}/../libcrypto/opensslv.h +lib_version=$(sed -nE ${version_re} ${version_file}) + +# Put -I${includedir} into Cflags so configure script tests like +# test -n "`pkg-config --cflags openssl`" +# don't assume that OpenSSL isn't available. + +pc_file="${objdir}/libssl.pc" +cat > ${pc_file} << __EOF__ +prefix=/usr +exec_prefix=\${prefix} +libdir=\${exec_prefix}/lib +includedir=\${prefix}/include + +Name: OpenSSL +Description: Secure Sockets Layer and cryptography libraries +Version: ${lib_version} +Requires: +Libs: -L\${libdir} -lssl -lcrypto +Cflags: -I\${includedir} +__EOF__ + + +pc_file="${objdir}/openssl.pc" +cat > ${pc_file} << __EOF__ +prefix=/usr +exec_prefix=\${prefix} +libdir=\${exec_prefix}/lib +includedir=\${prefix}/include + +Name: OpenSSL +Description: Secure Sockets Layer and cryptography libraries and tools +Version: ${lib_version} +Requires: +Libs: -L\${libdir} -lssl -lcrypto +Cflags: -I\${includedir} +__EOF__ diff --git a/src/lib/libssl/man/BIO_f_ssl.3 b/src/lib/libssl/man/BIO_f_ssl.3 new file mode 100644 index 00000000000..ef579c731b0 --- /dev/null +++ b/src/lib/libssl/man/BIO_f_ssl.3 @@ -0,0 +1,608 @@ +.\" $OpenBSD: BIO_f_ssl.3,v 1.10 2018/05/01 16:45:38 schwarze Exp $ +.\" full merge up to: OpenSSL f672aee4 Feb 9 11:52:40 2016 -0500 +.\" selective merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2000, 2003, 2009, 2014-2016 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: May 1 2018 $ +.Dt BIO_F_SSL 3 +.Os +.Sh NAME +.Nm BIO_f_ssl , +.Nm BIO_set_ssl , +.Nm BIO_get_ssl , +.Nm BIO_set_ssl_mode , +.Nm BIO_set_ssl_renegotiate_bytes , +.Nm BIO_get_num_renegotiates , +.Nm BIO_set_ssl_renegotiate_timeout , +.Nm BIO_new_ssl , +.Nm BIO_new_ssl_connect , +.Nm BIO_new_buffer_ssl_connect , +.Nm BIO_ssl_copy_session_id , +.Nm BIO_ssl_shutdown , +.Nm BIO_do_handshake +.Nd SSL BIO +.Sh SYNOPSIS +.In openssl/bio.h +.In openssl/ssl.h +.Ft const BIO_METHOD * +.Fn BIO_f_ssl void +.Ft long +.Fo BIO_set_ssl +.Fa "BIO *b" +.Fa "SSL *ssl" +.Fa "long c" +.Fc +.Ft long +.Fo BIO_get_ssl +.Fa "BIO *b" +.Fa "SSL *sslp" +.Fc +.Ft long +.Fo BIO_set_ssl_mode +.Fa "BIO *b" +.Fa "long client" +.Fc +.Ft long +.Fo BIO_set_ssl_renegotiate_bytes +.Fa "BIO *b" +.Fa "long num" +.Fc +.Ft long +.Fo BIO_set_ssl_renegotiate_timeout +.Fa "BIO *b" +.Fa "long seconds" +.Fc +.Ft long +.Fo BIO_get_num_renegotiates +.Fa "BIO *b" +.Fc +.Ft BIO * +.Fn BIO_new_ssl "SSL_CTX *ctx" "int client" +.Ft BIO * +.Fn BIO_new_ssl_connect "SSL_CTX *ctx" +.Ft BIO * +.Fn BIO_new_buffer_ssl_connect "SSL_CTX *ctx" +.Ft int +.Fn BIO_ssl_copy_session_id "BIO *to" "BIO *from" +.Ft void +.Fn BIO_ssl_shutdown "BIO *bio" +.Ft long +.Fn BIO_do_handshake "BIO *b" +.Sh DESCRIPTION +.Fn BIO_f_ssl +returns the +.Vt SSL +.Vt BIO +method. +This is a filter +.Vt BIO +which is a wrapper around the OpenSSL +.Vt SSL +routines adding a +.Vt BIO +.Dq flavor +to SSL I/O. +.Pp +I/O performed on an +.Vt SSL +.Vt BIO +communicates using the SSL protocol with +the +.Vt SSL Ns 's +read and write +.Vt BIO Ns s . +If an SSL connection is not established then an attempt is made to establish +one on the first I/O call. +.Pp +If a +.Vt BIO +is appended to an +.Vt SSL +.Vt BIO +using +.Xr BIO_push 3 +it is automatically used as the +.Vt SSL +.Vt BIO Ns 's read and write +.Vt BIO Ns s . +.Pp +Calling +.Xr BIO_reset 3 +on an +.Vt SSL +.Vt BIO +closes down any current SSL connection by calling +.Xr SSL_shutdown 3 . +.Xr BIO_reset 3 +is then sent to the next +.Vt BIO +in the chain; this will typically disconnect the underlying transport. +The +.Vt SSL +.Vt BIO +is then reset to the initial accept or connect state. +.Pp +If the close flag is set when an +.Vt SSL +.Vt BIO +is freed then the internal +.Vt SSL +structure is also freed using +.Xr SSL_free 3 . +.Pp +.Fn BIO_set_ssl +sets the internal +.Vt SSL +pointer of +.Vt BIO +.Fa b +to +.Fa ssl +using +the close flag +.Fa c . +.Pp +.Fn BIO_get_ssl +retrieves the +.Vt SSL +pointer of +.Vt BIO +.Fa b ; +it can then be manipulated using the standard SSL library functions. +.Pp +.Fn BIO_set_ssl_mode +sets the +.Vt SSL +.Vt BIO +mode to +.Fa client . +If +.Fa client +is 1, client mode is set. +If +.Fa client +is 0, server mode is set. +.Pp +.Fn BIO_set_ssl_renegotiate_bytes +sets the renegotiate byte count to +.Fa num . +When set after every +.Fa num +bytes of I/O (read and write) the SSL session is automatically renegotiated. +.Fa num +must be at least 512 bytes. +.Pp +.Fn BIO_set_ssl_renegotiate_timeout +sets the renegotiate timeout to +.Fa seconds . +When the renegotiate timeout elapses the session is automatically renegotiated. +.Pp +.Fn BIO_get_num_renegotiates +returns the total number of session renegotiations due to I/O or timeout. +.Pp +.Fn BIO_new_ssl +allocates an +.Vt SSL +.Vt BIO +using +.Vt SSL_CTX +.Va ctx +and using client mode if +.Fa client +is nonzero. +.Pp +.Fn BIO_new_ssl_connect +creates a new +.Vt BIO +chain consisting of an +.Vt SSL +.Vt BIO +(using +.Fa ctx ) +followed by a connect BIO. +.Pp +.Fn BIO_new_buffer_ssl_connect +creates a new +.Vt BIO +chain consisting of a buffering +.Vt BIO , +an +.Vt SSL +.Vt BIO +(using +.Fa ctx ) +and a connect +.Vt BIO . +.Pp +.Fn BIO_ssl_copy_session_id +copies an SSL session id between +.Vt BIO +chains +.Fa from +and +.Fa to . +It does this by locating the +.Vt SSL +.Vt BIO Ns s +in each chain and calling +.Xr SSL_copy_session_id 3 +on the internal +.Vt SSL +pointer. +.Pp +.Fn BIO_ssl_shutdown +closes down an SSL connection on +.Vt BIO +chain +.Fa bio . +It does this by locating the +.Vt SSL +.Vt BIO +in the +chain and calling +.Xr SSL_shutdown 3 +on its internal +.Vt SSL +pointer. +.Pp +.Fn BIO_do_handshake +attempts to complete an SSL handshake on the supplied +.Vt BIO +and establish the SSL connection. +It returns 1 if the connection was established successfully. +A zero or negative value is returned if the connection could not be +established; the call +.Xr BIO_should_retry 3 +should be used for non blocking connect +.Vt BIO Ns s +to determine if the call should be retried. +If an SSL connection has already been established this call has no effect. +.Pp +.Vt SSL +.Vt BIO Ns s +are exceptional in that if the underlying transport is non-blocking they can +still request a retry in exceptional circumstances. +Specifically this will happen if a session renegotiation takes place during a +.Xr BIO_read 3 +operation. +One case where this happens is when step up occurs. +.Pp +In OpenSSL 0.9.6 and later the SSL flag +.Dv SSL_AUTO_RETRY +can be set to disable this behaviour. +In other words, when this flag is set an +.Vt SSL +.Vt BIO +using a blocking transport will never request a retry. +.Pp +Since unknown +.Xr BIO_ctrl 3 +operations are sent through filter +.Vt BIO Ns s +the server name and port can be set using +.Xr BIO_set_conn_hostname 3 +and +.Xr BIO_set_conn_port 3 +on the +.Vt BIO +returned by +.Fn BIO_new_ssl_connect +without having to locate the connect +.Vt BIO +first. +.Pp +Applications do not have to call +.Fn BIO_do_handshake +but may wish to do so to separate the handshake process from other I/O +processing. +.Pp +.Fn BIO_set_ssl , +.Fn BIO_get_ssl , +.Fn BIO_set_ssl_mode , +.Fn BIO_set_ssl_renegotiate_bytes , +.Fn BIO_set_ssl_renegotiate_timeout , +.Fn BIO_get_num_renegotiates , +and +.Fn BIO_do_handshake +are implemented as macros. +.Sh RETURN VALUES +.Fn BIO_f_ssl +returns a pointer to a static +.Vt BIO_METHOD +structure. +.Pp +.Fn BIO_set_ssl , +.Fn BIO_get_ssl , +.Fn BIO_set_ssl_mode , +.Fn BIO_set_ssl_renegotiate_bytes , +.Fn BIO_set_ssl_renegotiate_timeout , +and +.Fn BIO_get_num_renegotiates +return 1 on success or a value less than or equal to 0 +if an error occurred. +.Pp +.Fn BIO_new_ssl , +.Fn BIO_new_ssl_connect , +and +.Fn BIO_new_buffer_ssl_connect +returns a pointer to a newly allocated +.Vt BIO +chain or +.Dv NULL +if an error occurred. +.Pp +.Fn BIO_ssl_copy_session_id +returns 1 on success or 0 on error. +.Pp +.Fn BIO_do_handshake +returns 1 if the connection was established successfully +or a value less than or equal to 0 otherwise. +.Sh EXAMPLES +This SSL/TLS client example attempts to retrieve a page from an SSL/TLS web +server. +The I/O routines are identical to those of the unencrypted example in +.Xr BIO_s_connect 3 . +.Bd -literal +BIO *sbio, *out; +int len; +char tmpbuf[1024]; +SSL_CTX *ctx; +SSL *ssl; + +ERR_load_crypto_strings(); +ERR_load_SSL_strings(); +OpenSSL_add_all_algorithms(); + +/* + * We would seed the PRNG here if the platform didn't do it automatically + */ + +ctx = SSL_CTX_new(SSLv23_client_method()); + +/* + * We'd normally set some stuff like the verify paths and mode here because + * as things stand this will connect to any server whose certificate is + * signed by any CA. + */ + +sbio = BIO_new_ssl_connect(ctx); + +BIO_get_ssl(sbio, &ssl); + +if (!ssl) { + fprintf(stderr, "Can't locate SSL pointer\en"); + /* whatever ... */ +} + +/* Don't want any retries */ +SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); + +/* We might want to do other things with ssl here */ + +BIO_set_conn_hostname(sbio, "localhost:https"); + +out = BIO_new_fp(stdout, BIO_NOCLOSE); +if (BIO_do_connect(sbio) <= 0) { + fprintf(stderr, "Error connecting to server\en"); + ERR_print_errors_fp(stderr); + /* whatever ... */ +} + +if (BIO_do_handshake(sbio) <= 0) { + fprintf(stderr, "Error establishing SSL connection\en"); + ERR_print_errors_fp(stderr); + /* whatever ... */ +} + +/* Could examine ssl here to get connection info */ + +BIO_puts(sbio, "GET / HTTP/1.0\en\en"); +for (;;) { + len = BIO_read(sbio, tmpbuf, 1024); + if(len <= 0) break; + BIO_write(out, tmpbuf, len); +} +BIO_free_all(sbio); +BIO_free(out); +.Ed +.Pp +Here is a simple server example. +It makes use of a buffering +.Vt BIO +to allow lines to be read from the +.Vt SSL +.Vt BIO +using +.Xr BIO_gets 3 . +It creates a pseudo web page containing the actual request from a client and +also echoes the request to standard output. +.Bd -literal +BIO *sbio, *bbio, *acpt, *out; +int len; +char tmpbuf[1024]; +SSL_CTX *ctx; +SSL *ssl; + +ERR_load_crypto_strings(); +ERR_load_SSL_strings(); +OpenSSL_add_all_algorithms(); + +/* Might seed PRNG here */ + +ctx = SSL_CTX_new(SSLv23_server_method()); + +if (!SSL_CTX_use_certificate_file(ctx,"server.pem",SSL_FILETYPE_PEM) + || !SSL_CTX_use_PrivateKey_file(ctx,"server.pem",SSL_FILETYPE_PEM) + || !SSL_CTX_check_private_key(ctx)) { + fprintf(stderr, "Error setting up SSL_CTX\en"); + ERR_print_errors_fp(stderr); + return 0; +} + +/* + * Might do other things here like setting verify locations and DH and/or + * RSA temporary key callbacks + */ + +/* New SSL BIO setup as server */ +sbio = BIO_new_ssl(ctx,0); + +BIO_get_ssl(sbio, &ssl); + +if (!ssl) { + fprintf(stderr, "Can't locate SSL pointer\en"); + /* whatever ... */ +} + +/* Don't want any retries */ +SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); + +/* Create the buffering BIO */ + +bbio = BIO_new(BIO_f_buffer()); + +/* Add to chain */ +sbio = BIO_push(bbio, sbio); + +acpt = BIO_new_accept("4433"); + +/* + * By doing this when a new connection is established we automatically + * have sbio inserted into it. The BIO chain is now 'swallowed' by the + * accept BIO and will be freed when the accept BIO is freed. + */ + +BIO_set_accept_bios(acpt,sbio); + +out = BIO_new_fp(stdout, BIO_NOCLOSE); + +/* Wait for incoming connection */ +if (BIO_do_accept(acpt) <= 0) { + fprintf(stderr, "Error setting up accept BIO\en"); + ERR_print_errors_fp(stderr); + return 0; +} + +/* We only want one connection so remove and free accept BIO */ + +sbio = BIO_pop(acpt); + +BIO_free_all(acpt); + +if (BIO_do_handshake(sbio) <= 0) { + fprintf(stderr, "Error in SSL handshake\en"); + ERR_print_errors_fp(stderr); + return 0; +} + +BIO_puts(sbio, "HTTP/1.0 200 OK\er\enContent-type: text/plain\er\en\er\en"); +BIO_puts(sbio, "\er\enConnection Established\er\enRequest headers:\er\en"); +BIO_puts(sbio, "--------------------------------------------------\er\en"); + +for (;;) { + len = BIO_gets(sbio, tmpbuf, 1024); + if (len <= 0) + break; + BIO_write(sbio, tmpbuf, len); + BIO_write(out, tmpbuf, len); + /* Look for blank line signifying end of headers */ + if ((tmpbuf[0] == '\er') || (tmpbuf[0] == '\en')) + break; +} + +BIO_puts(sbio, "--------------------------------------------------\er\en"); +BIO_puts(sbio, "\er\en"); + +/* Since there is a buffering BIO present we had better flush it */ +BIO_flush(sbio); + +BIO_free_all(sbio); +.Ed +.Sh HISTORY +.Fn BIO_f_ssl , +.Fn BIO_set_ssl , +and +.Fn BIO_get_ssl +first appeared in SSLeay 0.6.0. +.Fn BIO_set_ssl_mode , +.Fn BIO_new_ssl , +and +.Fn BIO_ssl_copy_session_id +first appeared in SSLeay 0.8.0. +.Fn BIO_ssl_shutdown +and +.Fn BIO_do_handshake +first appeared in SSLeay 0.8.1. +.Fn BIO_set_ssl_renegotiate_bytes , +.Fn BIO_get_num_renegotiates , +.Fn BIO_set_ssl_renegotiate_timeout , +.Fn BIO_new_ssl_connect , +and +.Fn BIO_new_buffer_ssl_connect +first appeared in SSLeay 0.9.0. +All these functions have been available since +.Ox 2.4 . +.Pp +In OpenSSL versions before 1.0.0 the +.Xr BIO_pop 3 +call was handled incorrectly: +the I/O BIO reference count was incorrectly incremented (instead of +decremented) and dissociated with the +.Vt SSL +.Vt BIO +even if the +.Vt SSL +.Vt BIO +was not +explicitly being popped (e.g., a pop higher up the chain). +Applications which included workarounds for this bug (e.g., freeing BIOs more +than once) should be modified to handle this fix or they may free up an already +freed +.Vt BIO . diff --git a/src/lib/libssl/man/DTLSv1_listen.3 b/src/lib/libssl/man/DTLSv1_listen.3 new file mode 100644 index 00000000000..047ec0a7ffc --- /dev/null +++ b/src/lib/libssl/man/DTLSv1_listen.3 @@ -0,0 +1,187 @@ +.\" $OpenBSD: DTLSv1_listen.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL 7795475f Dec 18 13:18:31 2015 -0500 +.\" +.\" This file was written by Matt Caswell . +.\" Copyright (c) 2015 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt DTLSV1_LISTEN 3 +.Os +.Sh NAME +.Nm DTLSv1_listen +.Nd listen for incoming DTLS connections +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft int +.Fo DTLSv1_listen +.Fa "SSL *ssl" +.Fa "struct sockaddr *peer" +.Fc +.Sh DESCRIPTION +.Fn DTLSv1_listen +listens for new incoming DTLS connections. +If a ClientHello is received that does not contain a cookie, then +.Fn DTLSv1_listen +responds with a HelloVerifyRequest. +If a ClientHello is received with a cookie that is verified, then +control is returned to user code to enable the handshake to be +completed (for example by using +.Xr SSL_accept 3 ) . +.Pp +.Fn DTLSv1_listen +is currently implemented as a macro. +.Pp +Datagram based protocols can be susceptible to Denial of Service +attacks. +A DTLS attacker could, for example, submit a series of handshake +initiation requests that cause the server to allocate state (and +possibly perform cryptographic operations) thus consuming server +resources. +The attacker could also (with UDP) quite simply forge the source IP +address in such an attack. +.Pp +As a counter measure to that DTLS includes a stateless cookie mechanism. +The idea is that when a client attempts to connect to a server it sends +a ClientHello message. +The server responds with a HelloVerifyRequest which contains a unique +cookie. +The client then resends the ClientHello, but this time includes the +cookie in the message thus proving that the client is capable of +receiving messages sent to that address. +All of this can be done by the server without allocating any state, and +thus without consuming expensive resources. +.Pp +OpenSSL implements this capability via the +.Fn DTLSv1_listen +function. +The +.Fa ssl +parameter should be a newly allocated +.Vt SSL +object with its read and write BIOs set, in the same way as might +be done for a call to +.Xr SSL_accept 3 . +Typically the read BIO will be in an "unconnected" state and thus +capable of receiving messages from any peer. +.Pp +When a ClientHello is received that contains a cookie that has been +verified, then +.Fn DTLSv1_listen +will return with the +.Fa ssl +parameter updated into a state where the handshake can be continued by a +call to (for example) +.Xr SSL_accept 3 . +Additionally the +.Vt struct sockaddr +pointed to by +.Fa peer +will be filled in with details of the peer that sent the ClientHello. +It is the calling code's responsibility to ensure that the +.Fa peer +location is sufficiently large to accommodate the addressing scheme in use. +For example this might be done by allocating space for a +.Vt struct sockaddr_storage +and casting the pointer to it to a +.Vt struct sockaddr * +for the call to +.Fn DTLSv1_listen . +Typically user code is expected to "connect" the underlying socket +to the peer and continue the handshake in a connected state. +.Pp +Prior to calling +.Fn DTLSv1_listen +user code must ensure that cookie generation and verification callbacks +have been set up using +.Fn SSL_CTX_set_cookie_generate_cb +and +.Fn SSL_CTX_set_cookie_verify_cb +respectively. +.Pp +Since +.Fn DTLSv1_listen +operates entirely statelessly whilst processing incoming ClientHellos, +it is unable to process fragmented messages (since this would require +the allocation of state). +An implication of this is that +.Fn DTLSv1_listen +only supports ClientHellos that fit inside a single datagram. +.Sh RETURN VALUES +From OpenSSL 1.1.0 a return value of >= 1 indicates success. +In this instance the +.Fa peer +value will be filled in and the +.Fa ssl +object set up ready to continue the handshake. +.Pp +A return value of 0 indicates a non-fatal error. +This could (for example) be because of non-blocking IO, or some invalid +message having been received from a peer. +Errors may be placed on the OpenSSL error queue with further information +if appropriate. +Typically user code is expected to retry the call to +.Fn DTLSv1_listen +in the event of a non-fatal error. +Any old errors on the error queue will be cleared in the subsequent +call. +.Pp +A return value of <0 indicates a fatal error. +This could (for example) be because of a failure to allocate sufficient +memory for the operation. +.Pp +Prior to OpenSSL 1.1.0 fatal and non-fatal errors both produce return +codes <= 0 (in typical implementations user code treats all errors as +non-fatal), whilst return codes >0 indicate success. +.Sh SEE ALSO +.Xr BIO_new 3 , +.Xr ssl 3 , +.Xr SSL_accept 3 , +.Xr SSL_get_error 3 +.Sh HISTORY +.Fn DTLSv1_listen +first appeared in OpenSSL 0.9.8m and has been available since +.Ox 4.9 . diff --git a/src/lib/libssl/man/Makefile b/src/lib/libssl/man/Makefile index a9e097ef3e6..375e5fba2bf 100644 --- a/src/lib/libssl/man/Makefile +++ b/src/lib/libssl/man/Makefile @@ -1,898 +1,124 @@ -# $OpenBSD: Makefile,v 1.1 2002/09/03 18:59:56 markus Exp $ - -.include # for NOMAN - -.ifndef NOMAN -MANALL= \ - BN_CTX_new.cat3 \ - BN_CTX_start.cat3 \ - BN_add.cat3 \ - BN_add_word.cat3 \ - BN_bn2bin.cat3 \ - BN_cmp.cat3 \ - BN_copy.cat3 \ - BN_generate_prime.cat3 \ - BN_mod_inverse.cat3 \ - BN_mod_mul_montgomery.cat3 \ - BN_mod_mul_reciprocal.cat3 \ - BN_new.cat3 \ - BN_num_bytes.cat3 \ - BN_rand.cat3 \ - BN_set_bit.cat3 \ - BN_swap.cat3 \ - BN_zero.cat3 \ - BUF_MEM_new.cat3 \ - BUF_MEM_new.cat3 \ - CRYPTO_set_ex_data.cat3 \ - CRYPTO_set_locking_callback.cat3 \ - DH_generate_key.cat3 \ - DH_generate_parameters.cat3 \ - DH_get_ex_new_index.cat3 \ - DH_new.cat3 \ - DH_set_method.cat3 \ - DH_size.cat3 \ - DSA_SIG_new.cat3 \ - DSA_do_sign.cat3 \ - DSA_dup_DH.cat3 \ - DSA_generate_key.cat3 \ - DSA_generate_parameters.cat3 \ - DSA_get_ex_new_index.cat3 \ - DSA_new.cat3 \ - DSA_set_method.cat3 \ - DSA_sign.cat3 \ - DSA_size.cat3 \ - ERR_GET_LIB.cat3 \ - ERR_clear_error.cat3 \ - ERR_error_string.cat3 \ - ERR_get_error.cat3 \ - ERR_load_crypto_strings.cat3 \ - ERR_load_strings.cat3 \ - ERR_print_errors.cat3 \ - ERR_put_error.cat3 \ - ERR_remove_state.cat3 \ - EVP_BytesToKey.cat3 \ - EVP_DigestInit.cat3 \ - EVP_EncryptInit.cat3 \ - EVP_OpenInit.cat3 \ - EVP_SealInit.cat3 \ - EVP_SignInit.cat3 \ - EVP_VerifyInit.cat3 \ - HMAC.cat3 \ - MD5.cat3 \ - MDC2.cat3 \ - OPENSSL_VERSION_NUMBER.cat3 \ - OpenSSL_add_all_algorithms.cat3 \ - RAND_add.cat3 \ - RAND_bytes.cat3 \ - RAND_cleanup.cat3 \ - RAND_egd.cat3 \ - RAND_load_file.cat3 \ - RAND_set_rand_method.cat3 \ - RC4.cat3 \ - RIPEMD160.cat3 \ - RSA_blinding_on.cat3 \ - RSA_check_key.cat3 \ - RSA_generate_key.cat3 \ - RSA_get_ex_new_index.cat3 \ - RSA_new.cat3 \ - RSA_padding_add_PKCS1_type_1.cat3 \ - RSA_print.cat3 \ - RSA_private_encrypt.cat3 \ - RSA_public_encrypt.cat3 \ - RSA_set_method.cat3 \ - RSA_sign.cat3 \ - RSA_sign_ASN1_OCTET_STRING.cat3 \ - RSA_size.cat3 \ - SHA1.cat3 \ - SSL_CIPHER_get_name.cat3 \ - SSL_COMP_add_compression_method.cat3 \ - SSL_CTX_add_extra_chain_cert.cat3 \ - SSL_CTX_add_session.cat3 \ - SSL_CTX_ctrl.cat3 \ - SSL_CTX_flush_sessions.cat3 \ - SSL_CTX_free.cat3 \ - SSL_CTX_get_ex_new_index.cat3 \ - SSL_CTX_get_verify_mode.cat3 \ - SSL_CTX_load_verify_locations.cat3 \ - SSL_CTX_new.cat3 \ - SSL_CTX_sess_number.cat3 \ - SSL_CTX_sess_set_cache_size.cat3 \ - SSL_CTX_sess_set_get_cb.cat3 \ - SSL_CTX_sessions.cat3 \ - SSL_CTX_set_cert_store.cat3 \ - SSL_CTX_set_cert_verify_callback.cat3 \ - SSL_CTX_set_cipher_list.cat3 \ - SSL_CTX_set_client_CA_list.cat3 \ - SSL_CTX_set_client_cert_cb.cat3 \ - SSL_CTX_set_default_passwd_cb.cat3 \ - SSL_CTX_set_generate_session_id.cat3 \ - SSL_CTX_set_info_callback.cat3 \ - SSL_CTX_set_max_cert_list.cat3 \ - SSL_CTX_set_mode.cat3 \ - SSL_CTX_set_msg_callback.cat3 \ - SSL_CTX_set_options.cat3 \ - SSL_CTX_set_quiet_shutdown.cat3 \ - SSL_CTX_set_session_cache_mode.cat3 \ - SSL_CTX_set_session_id_context.cat3 \ - SSL_CTX_set_ssl_version.cat3 \ - SSL_CTX_set_timeout.cat3 \ - SSL_CTX_set_tmp_dh_callback.cat3 \ - SSL_CTX_set_tmp_rsa_callback.cat3 \ - SSL_CTX_set_verify.cat3 \ - SSL_CTX_use_certificate.cat3 \ - SSL_SESSION_free.cat3 \ - SSL_SESSION_get_ex_new_index.cat3 \ - SSL_SESSION_get_time.cat3 \ - SSL_accept.cat3 \ - SSL_alert_type_string.cat3 \ - SSL_clear.cat3 \ - SSL_connect.cat3 \ - SSL_free.cat3 \ - SSL_get_SSL_CTX.cat3 \ - SSL_get_ciphers.cat3 \ - SSL_get_client_CA_list.cat3 \ - SSL_get_current_cipher.cat3 \ - SSL_get_default_timeout.cat3 \ - SSL_get_error.cat3 \ - SSL_get_ex_data_X509_STORE_CTX_idx.cat3 \ - SSL_get_ex_new_index.cat3 \ - SSL_get_fd.cat3 \ - SSL_get_peer_cert_chain.cat3 \ - SSL_get_peer_certificate.cat3 \ - SSL_get_rbio.cat3 \ - SSL_get_session.cat3 \ - SSL_get_verify_result.cat3 \ - SSL_get_version.cat3 \ - SSL_library_init.cat3 \ - SSL_load_client_CA_file.cat3 \ - SSL_new.cat3 \ - SSL_pending.cat3 \ - SSL_read.cat3 \ - SSL_rstate_string.cat3 \ - SSL_session_reused.cat3 \ - SSL_set_bio.cat3 \ - SSL_set_connect_state.cat3 \ - SSL_set_fd.cat3 \ - SSL_set_session.cat3 \ - SSL_set_shutdown.cat3 \ - SSL_set_verify_result.cat3 \ - SSL_shutdown.cat3 \ - SSL_state_string.cat3 \ - SSL_want.cat3 \ - SSL_write.cat3 \ - blowfish.cat3 \ - bn.cat3 \ - bn_internal.cat3 \ - crypto.cat3 \ - d2i_DHparams.cat3 \ - d2i_RSAPublicKey.cat3 \ - d2i_SSL_SESSION.cat3 \ - des_modes.cat7 \ - des_random_key.cat3 \ - dh.cat3 \ - dsa.cat3 \ - lh_stats.cat3 \ - lhash.cat3 \ - openssl.cat1 \ - rsa.cat3 \ - ssl.cat3 - -.if MANPS -PSALL= ${MANALL:S/.cat1/.ps1/g:S/.cat2/.ps2/g:S/.cat3/.ps3/g:S/.cat4/.ps4/g:S/.cat5/.ps5/g:S/.cat6/.ps6/g:S/.cat7/.ps7/g:S/.cat8/.ps8/g:S/.cat9/.ps9/g} -.endif - -# these are is a real problem, since they re-document functions described in -# other pages. -# -# err.pod -> ERR_get_error.pod -# ERR_peek_error ERR_get_error_line -# ERR_peek_error_line ERR_get_error_line_data ERR_peek_error_line_data -# ERR_GET_LIB ERR_GET_FUNC ERR_GET_REASON ERR_clear_error ERR_error_string -# ERR_lib_error_string ERR_func_error_string ERR_reason_error_string -# ERR_print_errors ERR_print_errors_fp ERR_load_crypto_strings ERR_free_strings -# ERR_remove_state ERR_put_error ERR_add_error_data ERR_load_strings ERR_PACK -# ERR_get_next_error_library -# -# rand.pod -> RAND_bytes.pod -# RAND_pseudo_bytes RAND_seed RAND_add RAND_status RAND_event -# RAND_screen RAND_load_file RAND_write_file RAND_file_name RAND_egd -# RAND_set_rand_method RAND_get_rand_method RAND_SSLeay RAND_cleanup - -# buffer.pod -> BUF_MEM_new.pod -# BUF_MEM_free BUF_MEM_grow BUF_strdup -BUF_MEM_new.cat3: buffer.pod - ( cp ${.ALLSRC} BUF_MEM_new.pm && pod2man --section=3 --official \ - --center='OpenSSL' --release="OpenBSD `uname -r`" \ - BUF_MEM_new.pm ) | nroff -Tascii -man > ${.TARGET} -.if MANPS -BUF_MEM_new.ps3: buffer.pod - ( cp ${.ALLSRC} BUF_MEM_new.pm && pod2man --section=3 --official \ - --center='OpenSSL' --release="OpenBSD `uname -r`" \ - BUF_MEM_new.pm ) | nroff -Tps -man > ${.TARGET} -.endif - -# rc4.pod -> RC4.pod -# RC4_set_key -RC4.cat3: rc4.pod - ( cp ${.ALLSRC} RC4.pm && pod2man --section=3 --official \ - --center='OpenSSL' --release="OpenBSD `uname -r`" \ - RC4.pm ) | nroff -Tascii -man > ${.TARGET} -.if MANPS -RC4.ps3: rc4.pod - ( cp ${.ALLSRC} RC4.pm && pod2man --section=3 --official \ - --center='OpenSSL' --release="OpenBSD `uname -r`" \ - RC4.pm ) | nroff -Tps -man > ${.TARGET} -.endif - -# threads.pod -> CRYPTO_set_locking_callback.pod -# CRYPTO_set_id_callback CRYPTO_num_locks -CRYPTO_set_locking_callback.cat3: threads.pod - ( cp ${.ALLSRC} CRYPTO_set_locking_callback.pm && \ - pod2man --section=3 --official \ - --center='OpenSSL' --release="OpenBSD `uname -r`" \ - CRYPTO_set_locking_callback.pm ) | nroff -Tascii -man > ${.TARGET} -.if MANPS -CRYPTO_set_locking_callback.ps3: threads.pod - ( cp ${.ALLSRC} CRYPTO_set_locking_callback.pm && \ - pod2man --section=3 --official \ - --center='OpenSSL' --release="OpenBSD `uname -r`" \ - CRYPTO_set_locking_callback.pm ) | nroff -Tps -man > ${.TARGET} -.endif - -# ripemd.pod -> RIPEMD160.pod -# RIPEMD160_Init RIPEMD160_Update RIPEMD160_Final -RIPEMD160.cat3: ripemd.pod - ( cp ${.ALLSRC} RIPEMD160.pm && pod2man --section=3 --official \ - --center='OpenSSL' --release="OpenBSD `uname -r`" \ - RIPEMD160.pm ) | nroff -Tascii -man > ${.TARGET} -.if MANPS -RIPEMD160.ps3: ripemd.pod - ( cp ${.ALLSRC} RIPEMD160.pm && pod2man --section=3 --official \ - --center='OpenSSL' --release="OpenBSD `uname -r`" \ - RIPEMD160.pm ) | nroff -Tps -man > ${.TARGET} -.endif - -# sha.pod -> SHA1.pod -SHA1.cat3: sha.pod - ( cp ${.ALLSRC} SHA1.pm && pod2man --section=3 --official \ - --center='OpenSSL' --release="OpenBSD `uname -r`" \ - SHA1.pm ) | nroff -Tascii -man > ${.TARGET} -.if MANPS -SHA1.ps3: sha.pod - ( cp ${.ALLSRC} SHA1.pm && pod2man --section=3 --official \ - --center='OpenSSL' --release="OpenBSD `uname -r`" \ - SHA1.pm ) | nroff -Tps -man > ${.TARGET} -.endif - -# md5.pod -> MD5.pod -MD5.cat3: md5.pod - ( cp ${.ALLSRC} MD5.pm && pod2man --section=3 --official \ - --center='OpenSSL' --release="OpenBSD `uname -r`" \ - MD5.pm ) | nroff -Tascii -man > ${.TARGET} -.if MANPS -MD5.ps3: md5.pod - ( cp ${.ALLSRC} MD5.pm && pod2man --section=3 --official \ - --center='OpenSSL' --release="OpenBSD `uname -r`" \ - MD5.pm ) | nroff -Tps -man > ${.TARGET} -.endif - -# mdc2.pod -> MDC2.pod -MDC2.cat3: mdc2.pod - ( cp ${.ALLSRC} MDC2.pm && pod2man --section=3 --official \ - --center='OpenSSL' --release="OpenBSD `uname -r`" \ - MDC2.pm ) | nroff -Tascii -man > ${.TARGET} -.if MANPS -MDC2.ps3: mdc2.pod - ( cp ${.ALLSRC} MDC2.pm && pod2man --section=3 --official \ - --center='OpenSSL' --release="OpenBSD `uname -r`" \ - MDC2.pm ) | nroff -Tps -man > ${.TARGET} -.endif - -# hmac.pod -> HMAC.pod -HMAC.cat3: hmac.pod - ( cp ${.ALLSRC} HMAC.pm && pod2man --section=3 --official \ - --center='OpenSSL' --release="OpenBSD `uname -r`" \ - HMAC.pm ) | nroff -Tascii -man > ${.TARGET} -.if MANPS -HMAC.ps3: hmac.pod - ( cp ${.ALLSRC} HMAC.pm && pod2man --section=3 --official \ - --center='OpenSSL' --release="OpenBSD `uname -r`" \ - HMAC.pm ) | nroff -Tps -man > ${.TARGET} -.endif - -# des.pod -> des_random_key, des_set_key, des_key_sched, des_set_key_checked, -# des_set_key_unchecked, des_set_odd_parity, des_is_weak_key, des_ecb_encrypt, -# des_ecb2_encrypt, des_ecb3_encrypt, des_ncbc_encrypt, des_cfb_encrypt, -# des_ofb_encrypt, des_pcbc_encrypt, des_cfb64_encrypt, des_ofb64_encrypt, -# des_xcbc_encrypt, des_ede2_cbc_encrypt, des_ede2_cfb64_encrypt, -# des_ede2_ofb64_encrypt, des_ede3_cbc_encrypt, des_ede3_cbcm_encrypt, -# des_ede3_cfb64_encrypt, des_ede3_ofb64_encrypt, des_read_password, -# des_read_2passwords, des_read_pw_string, des_cbc_cksum, des_quad_cksum, -# des_string_to_key, des_string_to_2keys, des_fcrypt, des_crypt, -# des_enc_read, des_enc_write -des_random_key.cat3: des.pod - ( cp ${.ALLSRC} des_random_key.pm && pod2man --section=3 --official \ - --center='OpenSSL' --release="OpenBSD `uname -r`" \ - des_random_key.pm ) | nroff -Tascii -man > ${.TARGET} -.if MANPS -des_random_key.ps3: des.pod - ( cp ${.ALLSRC} des_random_key.pm && pod2man --section=3 --official \ - --center='OpenSSL' --release="OpenBSD `uname -r`" \ - des_random_key.pm ) | nroff -Tps -man > ${.TARGET} -.endif - -MLINKS+=\ - BN_CTX_new.3 BN_CTX_free.3 \ - BN_CTX_new.3 BN_CTX_init.3 \ - BN_CTX_start.3 BN_CTX_end.3 \ - BN_CTX_start.3 BN_CTX_get.3 \ - BN_add.3 BN_div.3 \ - BN_add.3 BN_exp.3 \ - BN_add.3 BN_gcd.3 \ - BN_add.3 BN_mod.3 \ - BN_add.3 BN_mod_exp.3 \ - BN_add.3 BN_mod_mul.3 \ - BN_add.3 BN_mul.3 \ - BN_add.3 BN_sqr.3 \ - BN_add.3 BN_sub.3 \ - BN_add_word.3 BN_div_word.3 \ - BN_add_word.3 BN_mod_word.3 \ - BN_add_word.3 BN_mul_word.3 \ - BN_add_word.3 BN_sub_word.3 \ - BN_bn2bin.3 BN_bin2bn.3 \ - BN_bn2bin.3 BN_bn2dec.3 \ - BN_bn2bin.3 BN_bn2hex.3 \ - BN_bn2bin.3 BN_bn2mpi.3 \ - BN_bn2bin.3 BN_dec2bn.3 \ - BN_bn2bin.3 BN_hex2bn.3 \ - BN_bn2bin.3 BN_mpi2bn.3 \ - BN_bn2bin.3 BN_print.3 \ - BN_bn2bin.3 BN_print_fp.3 \ - BN_cmp.3 BN_is_odd.3 \ - BN_cmp.3 BN_is_one.3 \ - BN_cmp.3 BN_is_word.3 \ - BN_cmp.3 BN_is_zero.3 \ - BN_cmp.3 BN_ucmp.3 \ - BN_copy.3 BN_dup.3 \ - BN_generate_prime.3 BN_is_prime.3 \ - BN_generate_prime.3 BN_is_prime_fasttest.3 \ - BN_mod_mul_montgomery.3 BN_MONT_CTX_copy.3 \ - BN_mod_mul_montgomery.3 BN_MONT_CTX_free.3 \ - BN_mod_mul_montgomery.3 BN_MONT_CTX_init.3 \ - BN_mod_mul_montgomery.3 BN_MONT_CTX_new.3 \ - BN_mod_mul_montgomery.3 BN_MONT_CTX_set.3 \ - BN_mod_mul_montgomery.3 BN_from_montgomery.3 \ - BN_mod_mul_montgomery.3 BN_to_montgomery.3 \ - BN_mod_mul_reciprocal.3 BN_RECP_CTX_free.3 \ - BN_mod_mul_reciprocal.3 BN_RECP_CTX_init.3 \ - BN_mod_mul_reciprocal.3 BN_RECP_CTX_new.3 \ - BN_mod_mul_reciprocal.3 BN_RECP_CTX_set.3 \ - BN_mod_mul_reciprocal.3 BN_div_recp.3 \ - BN_new.3 BN_clear.3 \ - BN_new.3 BN_clear_free.3 \ - BN_new.3 BN_free.3 \ - BN_new.3 BN_init.3 \ - BN_num_bytes.3 BN_num_bits.3 \ - BN_num_bytes.3 BN_num_bits_word.3 \ - BN_rand.3 BN_pseudo_rand.3 \ - BN_rand.3 BN_rand_range.3 \ - BN_set_bit.3 BN_clear_bit.3 \ - BN_set_bit.3 BN_is_bit_set.3 \ - BN_set_bit.3 BN_lshift.3 \ - BN_set_bit.3 BN_lshift1.3 \ - BN_set_bit.3 BN_mask_bits.3 \ - BN_set_bit.3 BN_rshift.3 \ - BN_set_bit.3 BN_rshift1.3 \ - BN_zero.3 BN_get_word.3 \ - BN_zero.3 BN_one.3 \ - BN_zero.3 BN_set_word.3 \ - BN_zero.3 BN_value_one.3 \ - BUF_MEM_new.3 BUF_MEM_free.3 \ - BUF_MEM_new.3 BUF_MEM_grow.3 \ - BUF_MEM_new.3 BUF_strdup.3 \ - CRYPTO_set_ex_data.3 CRYPTO_get_ex_data.3 \ - CRYPTO_set_locking_callback.3 CRYPTO_add.3 \ - CRYPTO_set_locking_callback.3 CRYPTO_add_lock.3 \ - CRYPTO_set_locking_callback.3 CRYPTO_destroy_dynlockid.3 \ - CRYPTO_set_locking_callback.3 CRYPTO_get_new_dynlockid.3 \ - CRYPTO_set_locking_callback.3 CRYPTO_lock.3 \ - CRYPTO_set_locking_callback.3 CRYPTO_num_locks.3 \ - CRYPTO_set_locking_callback.3 CRYPTO_r_lock.3 \ - CRYPTO_set_locking_callback.3 CRYPTO_r_unlock.3 \ - CRYPTO_set_locking_callback.3 CRYPTO_set_dynlock_create_callback.3 \ - CRYPTO_set_locking_callback.3 CRYPTO_set_dynlock_destroy_callback.3 \ - CRYPTO_set_locking_callback.3 CRYPTO_set_dynlock_lock_callback.3 \ - CRYPTO_set_locking_callback.3 CRYPTO_set_id_callback.3 \ - CRYPTO_set_locking_callback.3 CRYPTO_w_lock.3 \ - CRYPTO_set_locking_callback.3 CRYPTO_w_unlock.3 \ - DH_generate_key.3 DH_compute_key.3 \ - DH_generate_parameters.3 DH_check.3 \ - DH_get_ex_new_index.3 DH_get_ex_data.3 \ - DH_get_ex_new_index.3 DH_set_ex_data.3 \ - DH_new.3 DH_free.3 \ - DH_set_method.3 DH_OpenSSL.3 \ - DH_set_method.3 DH_get_default_method.3 \ - DH_set_method.3 DH_get_default_openssl_method.3 \ - DH_set_method.3 DH_new_method.3 \ - DH_set_method.3 DH_set_default_method.3 \ - DH_set_method.3 DH_set_default_openssl_method.3 \ - DSA_new.3 DSA_free.3 \ - DSA_set_method.3 DSA_OpenSSL.3 \ - DSA_set_method.3 DSA_get_default_method.3 \ - DSA_set_method.3 DSA_get_default_openssl_method.3 \ - DSA_set_method.3 DSA_new_method.3 \ - DSA_set_method.3 DSA_set_default_method.3 \ - DSA_set_method.3 DSA_set_default_openssl_method.3 \ - DSA_sign.3 DSA_sign_setup.3 \ - DSA_sign.3 DSA_verify.3 \ - ERR_GET_LIB.3 ERR_GET_FUNC.3 \ - ERR_GET_LIB.3 ERR_GET_REASON.3 \ - ERR_error_string.3 ERR_error_string_n.3 \ - ERR_error_string.3 ERR_func_error_string.3 \ - ERR_error_string.3 ERR_lib_error_string.3 \ - ERR_error_string.3 ERR_reason_error_string.3 \ - ERR_get_error.3 ERR_get_error_line.3 \ - ERR_get_error.3 ERR_get_error_line_data.3 \ - ERR_get_error.3 ERR_peek_error.3 \ - ERR_get_error.3 ERR_peek_error_line.3 \ - ERR_get_error.3 ERR_peek_error_line_data.3 \ - ERR_load_crypto_strings.3 ERR_free_strings.3 \ - ERR_load_crypto_strings.3 SSL_load_error_strings.3 \ - ERR_load_strings.3 ERR_PACK.3 \ - ERR_load_strings.3 ERR_get_next_error_library.3 \ - ERR_print_errors.3 ERR_print_errors_fp.3 \ - ERR_put_error.3 ERR_add_error_data.3 \ - EVP_DigestInit.3 EVP_DigestFinal.3 \ - EVP_DigestInit.3 EVP_DigestUpdate.3 \ - EVP_DigestInit.3 EVP_MD_CTX_block_size.3 \ - EVP_DigestInit.3 EVP_MD_CTX_copy.3 \ - EVP_DigestInit.3 EVP_MD_CTX_md.3 \ - EVP_DigestInit.3 EVP_MD_CTX_size.3 \ - EVP_DigestInit.3 EVP_MD_CTX_type.3 \ - EVP_DigestInit.3 EVP_MD_block_size.3 \ - EVP_DigestInit.3 EVP_MD_block_size.3 \ - EVP_DigestInit.3 EVP_MD_pkey_type.3 \ - EVP_DigestInit.3 EVP_MD_size.3 \ - EVP_DigestInit.3 EVP_MD_size.3 \ - EVP_DigestInit.3 EVP_MD_type.3 \ - EVP_DigestInit.3 EVP_MD_type.3 \ - EVP_DigestInit.3 EVP_dss.3 \ - EVP_DigestInit.3 EVP_dss1.3 \ - EVP_DigestInit.3 EVP_get_digestbyname.3 \ - EVP_DigestInit.3 EVP_get_digestbyname.3 \ - EVP_DigestInit.3 EVP_get_digestbynid.3 \ - EVP_DigestInit.3 EVP_get_digestbynid.3 \ - EVP_DigestInit.3 EVP_get_digestbyobj.3 \ - EVP_DigestInit.3 EVP_md2.3 \ - EVP_DigestInit.3 EVP_md5.3 \ - EVP_DigestInit.3 EVP_md_null.3 \ - EVP_DigestInit.3 EVP_mdc2.3 \ - EVP_DigestInit.3 EVP_ripemd160.3 \ - EVP_DigestInit.3 EVP_sha.3 \ - EVP_DigestInit.3 EVP_sha1.3 \ - EVP_DigestInit.3 OBJ_nid2sn.3 \ - EVP_DigestInit.3 OBJ_obj2nid.3 \ - EVP_EncryptInit.3 EVP_CIPHER_CTX_block_size.3 \ - EVP_EncryptInit.3 EVP_CIPHER_CTX_cipher.3 \ - EVP_EncryptInit.3 EVP_CIPHER_CTX_cipher.3 \ - EVP_EncryptInit.3 EVP_CIPHER_CTX_cleanup.3 \ - EVP_EncryptInit.3 EVP_CIPHER_CTX_ctrl.3 \ - EVP_EncryptInit.3 EVP_CIPHER_CTX_iv_length.3 \ - EVP_EncryptInit.3 EVP_CIPHER_CTX_key_length.3 \ - EVP_EncryptInit.3 EVP_CIPHER_CTX_nid.3 \ - EVP_EncryptInit.3 EVP_CIPHER_CTX_set_key_length.3 \ - EVP_EncryptInit.3 EVP_CIPHER_CTX_type.3 \ - EVP_EncryptInit.3 EVP_CIPHER_asn1_to_param.3 \ - EVP_EncryptInit.3 EVP_CIPHER_block_size.3 \ - EVP_EncryptInit.3 EVP_CIPHER_iv_length.3 \ - EVP_EncryptInit.3 EVP_CIPHER_key_length.3 \ - EVP_EncryptInit.3 EVP_CIPHER_nid.3 \ - EVP_EncryptInit.3 EVP_CIPHER_param_to_asn1.3 \ - EVP_EncryptInit.3 EVP_CIPHER_type.3 \ - EVP_EncryptInit.3 EVP_CIPHER_type.3 \ - EVP_EncryptInit.3 EVP_CipherFinal.3 \ - EVP_EncryptInit.3 EVP_CipherInit.3 \ - EVP_EncryptInit.3 EVP_CipherUpdate.3 \ - EVP_EncryptInit.3 EVP_DecryptFinal.3 \ - EVP_EncryptInit.3 EVP_DecryptInit.3 \ - EVP_EncryptInit.3 EVP_DecryptUpdate.3 \ - EVP_EncryptInit.3 EVP_EncryptFinal.3 \ - EVP_EncryptInit.3 EVP_EncryptUpdate.3 \ - EVP_EncryptInit.3 EVP_get_cipherbyname.3 \ - EVP_EncryptInit.3 EVP_get_cipherbyname.3 \ - EVP_EncryptInit.3 EVP_get_cipherbynid.3 \ - EVP_EncryptInit.3 EVP_get_cipherbynid.3 \ - EVP_EncryptInit.3 EVP_get_cipherbyobj.3 \ - EVP_EncryptInit.3 OBJ_nid2sn.3 \ - EVP_EncryptInit.3 OBJ_obj2nid.3 \ - EVP_OpenInit.3 EVP_OpenFinal.3 \ - EVP_OpenInit.3 EVP_OpenUpdate.3 \ - EVP_SealInit.3 EVP_SealFinal.3 \ - EVP_SealInit.3 EVP_SealUpdate.3 \ - EVP_SignInit.3 EVP_PKEY_size.3 \ - EVP_SignInit.3 EVP_SignFinal.3 \ - EVP_SignInit.3 EVP_SignUpdate.3 \ - EVP_VerifyInit.3 EVP_VerifyFinal.3 \ - EVP_VerifyInit.3 EVP_VerifyUpdate.3 \ - HMAC.3 HMAC_Final.3 \ - HMAC.3 HMAC_Init.3 \ - HMAC.3 HMAC_Update.3 \ - HMAC.3 HMAC_cleanup.3 \ - MD5.3 MD2.3 \ - MD5.3 MD2_Final.3 \ - MD5.3 MD2_Init.3 \ - MD5.3 MD2_Update.3 \ - MD5.3 MD4.3 \ - MD5.3 MD4_Final.3 \ - MD5.3 MD4_Init.3 \ - MD5.3 MD4_Update.3 \ - MD5.3 MD5_Final.3 \ - MD5.3 MD5_Init.3 \ - MD5.3 MD5_Update.3 \ - MDC2.3 MDC2_Final.3 \ - MDC2.3 MDC2_Init.3 \ - MDC2.3 MDC2_Update.3 \ - OPENSSL_VERSION_NUMBER.3 SSLeay.3 \ - OPENSSL_VERSION_NUMBER.3 SSLeay_version.3 \ - OpenSSL_add_all_algorithms.3 EVP_cleanup.3 \ - OpenSSL_add_all_algorithms.3 OpenSSL_add_all_ciphers.3 \ - OpenSSL_add_all_algorithms.3 OpenSSL_add_all_digests.3 \ - RAND_add.3 RAND_event.3 \ - RAND_add.3 RAND_screen.3 \ - RAND_add.3 RAND_seed.3 \ - RAND_add.3 RAND_status.3 \ - RAND_bytes.3 RAND_pseudo_bytes.3 \ - RAND_bytes.3 RAND_pseudo_bytes.3 \ - RAND_egd.3 RAND_egd_bytes.3 \ - RAND_load_file.3 RAND_file_name.3 \ - RAND_load_file.3 RAND_file_name.3 \ - RAND_load_file.3 RAND_write_file.3 \ - RAND_load_file.3 RAND_write_file.3 \ - RAND_set_rand_method.3 RAND_SSLeay.3 \ - RAND_set_rand_method.3 RAND_SSLeay.3 \ - RAND_set_rand_method.3 RAND_get_rand_method.3 \ - RAND_set_rand_method.3 RAND_get_rand_method.3 \ - RC4.3 RC4_set_key.3 \ - RIPEMD160.3 RIPEMD160_Final.3 \ - RIPEMD160.3 RIPEMD160_Init.3 \ - RIPEMD160.3 RIPEMD160_Update.3 \ - RSA_blinding_on.3 RSA_blinding_off.3 \ - RSA_get_ex_new_index.3 RSA_get_ex_data.3 \ - RSA_get_ex_new_index.3 RSA_set_ex_data.3 \ - RSA_new.3 RSA_free.3 \ - RSA_padding_add_PKCS1_type_1.3 RSA_padding_add_PKCS1_OAEP.3 \ - RSA_padding_add_PKCS1_type_1.3 RSA_padding_add_PKCS1_type_2.3 \ - RSA_padding_add_PKCS1_type_1.3 RSA_padding_add_SSLv23.3 \ - RSA_padding_add_PKCS1_type_1.3 RSA_padding_add_none.3 \ - RSA_padding_add_PKCS1_type_1.3 RSA_padding_check_PKCS1_OAEP.3 \ - RSA_padding_add_PKCS1_type_1.3 RSA_padding_check_PKCS1_type_1.3 \ - RSA_padding_add_PKCS1_type_1.3 RSA_padding_check_PKCS1_type_2.3 \ - RSA_padding_add_PKCS1_type_1.3 RSA_padding_check_SSLv23.3 \ - RSA_padding_add_PKCS1_type_1.3 RSA_padding_check_none.3 \ - RSA_print.3 DHparams_print.3 \ - RSA_print.3 DHparams_print.3 \ - RSA_print.3 DHparams_print_fp.3 \ - RSA_print.3 DHparams_print_fp.3 \ - RSA_print.3 DSA_print.3 \ - RSA_print.3 DSA_print_fp.3 \ - RSA_print.3 DSA_print_fp.3 \ - RSA_print.3 DSAparams_print.3 \ - RSA_print.3 DSAparams_print.3 \ - RSA_print.3 DSAparams_print_fp.3 \ - RSA_print.3 DSAparams_print_fp.3 \ - RSA_print.3 RSA_print_fp.3 \ - RSA_print.3 RSA_print_fp.3 \ - RSA_private_encrypt.3 RSA_public_decrypt.3 \ - RSA_public_encrypt.3 RSA_private_decrypt.3 \ - RSA_set_method.3 RSA_PKCS1_RSAref.3 \ - RSA_set_method.3 RSA_PKCS1_SSLeay.3 \ - RSA_set_method.3 RSA_flags.3 \ - RSA_set_method.3 RSA_get_default_method.3 \ - RSA_set_method.3 RSA_get_default_openssl_method.3 \ - RSA_set_method.3 RSA_get_method.3 \ - RSA_set_method.3 RSA_new_method.3 \ - RSA_set_method.3 RSA_null_method.3 \ - RSA_set_method.3 RSA_set_default_method.3 \ - RSA_set_method.3 RSA_set_default_openssl_method.3 \ - RSA_sign.3 RSA_verify.3 \ - RSA_sign_ASN1_OCTET_STRING.3 RSA_verify_ASN1_OCTET_STRING.3 \ - SHA1.3 SHA1_Final.3 \ - SHA1.3 SHA1_Init.3 \ - SHA1.3 SHA1_Update.3 \ - SSL_CIPHER_get_name.3 SSL_CIPHER_description.3 \ - SSL_CIPHER_get_name.3 SSL_CIPHER_get_bits.3 \ - SSL_CIPHER_get_name.3 SSL_CIPHER_get_version.3 \ - SSL_CTX_add_session.3 SSL_CTX_remove_session.3 \ - SSL_CTX_add_session.3 SSL_add_session.3 \ - SSL_CTX_add_session.3 SSL_remove_session.3 \ - SSL_CTX_ctrl.3 SSL_CTX_callback_ctrl.3 \ - SSL_CTX_ctrl.3 SSL_callback_ctrl.3 \ - SSL_CTX_ctrl.3 SSL_ctrl.3 \ - SSL_CTX_flush_sessions.3 SSL_flush_sessions.3 \ - SSL_CTX_get_ex_new_index.3 SSL_CTX_get_ex_data.3 \ - SSL_CTX_get_ex_new_index.3 SSL_CTX_set_ex_data.3 \ - SSL_CTX_get_verify_mode.3 SSL_CTX_get_verify_callback.3 \ - SSL_CTX_get_verify_mode.3 SSL_CTX_get_verify_depth.3 \ - SSL_CTX_get_verify_mode.3 SSL_get_verify_callback.3 \ - SSL_CTX_get_verify_mode.3 SSL_get_verify_depth.3 \ - SSL_CTX_get_verify_mode.3 SSL_get_verify_mode.3 \ - SSL_CTX_sess_number.3 SSL_CTX_sess_accept.3 \ - SSL_CTX_sess_number.3 SSL_CTX_sess_accept_good.3 \ - SSL_CTX_sess_number.3 SSL_CTX_sess_accept_renegotiate.3 \ - SSL_CTX_sess_number.3 SSL_CTX_sess_cache_full.3 \ - SSL_CTX_sess_number.3 SSL_CTX_sess_cb_hits.3 \ - SSL_CTX_sess_number.3 SSL_CTX_sess_connect.3 \ - SSL_CTX_sess_number.3 SSL_CTX_sess_connect_good.3 \ - SSL_CTX_sess_number.3 SSL_CTX_sess_connect_renegotiate.3 \ - SSL_CTX_sess_number.3 SSL_CTX_sess_hits.3 \ - SSL_CTX_sess_number.3 SSL_CTX_sess_misses.3 \ - SSL_CTX_sess_number.3 SSL_CTX_sess_timeouts.3 \ - SSL_CTX_sess_set_cache_size.3 SSL_CTX_sess_get_cache_size.3 \ - SSL_CTX_sess_set_get_cb.3 SSL_CTX_sess_get_get_cb.3 \ - SSL_CTX_sess_set_get_cb.3 SSL_CTX_sess_get_new_cb.3 \ - SSL_CTX_sess_set_get_cb.3 SSL_CTX_sess_get_remove_cb.3 \ - SSL_CTX_sess_set_get_cb.3 SSL_CTX_sess_set_new_cb.3 \ - SSL_CTX_sess_set_get_cb.3 SSL_CTX_sess_set_remove.3 \ - SSL_CTX_set_cert_store.3 SSL_CTX_get_cert_store.3 \ - SSL_CTX_set_cipher_list.3 SSL_set_cipher_list.3 \ - SSL_CTX_set_client_CA_list.3 SSL_CTX_add_client_CA.3 \ - SSL_CTX_set_client_CA_list.3 SSL_add_client_CA.3 \ - SSL_CTX_set_client_CA_list.3 SSL_set_client_CA_list.3 \ +# $OpenBSD: Makefile,v 1.65 2018/03/17 18:52:42 schwarze Exp $ + +.include + +MAN = BIO_f_ssl.3 \ + DTLSv1_listen.3 \ + OPENSSL_init_ssl.3 \ + PEM_read_SSL_SESSION.3 \ + SSL_CIPHER_get_name.3 \ + SSL_COMP_add_compression_method.3 \ + SSL_CTX_add_extra_chain_cert.3 \ + SSL_CTX_add_session.3 \ + SSL_CTX_ctrl.3 \ + SSL_CTX_flush_sessions.3 \ + SSL_CTX_free.3 \ + SSL_CTX_get_ex_new_index.3 \ + SSL_CTX_get_verify_mode.3 \ + SSL_CTX_get0_certificate.3 \ + SSL_CTX_load_verify_locations.3 \ + SSL_CTX_new.3 \ + SSL_CTX_sess_number.3 \ + SSL_CTX_sess_set_cache_size.3 \ + SSL_CTX_sess_set_get_cb.3 \ + SSL_CTX_sessions.3 \ + SSL_CTX_set_alpn_select_cb.3 \ + SSL_CTX_set_cert_store.3 \ + SSL_CTX_set_cert_verify_callback.3 \ + SSL_CTX_set_cipher_list.3 \ + SSL_CTX_set_client_CA_list.3 \ + SSL_CTX_set_client_cert_cb.3 \ SSL_CTX_set_default_passwd_cb.3 \ - SSL_CTX_set_default_passwd_cb_userdata.3 \ - SSL_CTX_set_max_cert_list.3 SSL_CTX_get_max_cert_list.3 \ - SSL_CTX_set_max_cert_list.3 SSL_get_max_cert_list.3 \ - SSL_CTX_set_max_cert_list.3 SSL_set_max_cert_list.3 \ - SSL_CTX_set_mode.3 SSL_CTX_get_mode.3 \ - SSL_CTX_set_mode.3 SSL_get_mode.3 \ - SSL_CTX_set_mode.3 SSL_set_mode.3 \ - SSL_CTX_set_msg_callback.3 SSL_CTX_set_msg_callback_arg.3 \ - SSL_CTX_set_msg_callback.3 SSL_set_msg_callback.3 \ - SSL_CTX_set_msg_callback.3 SSL_set_msg_callback_arg.3 \ - SSL_CTX_set_options.3 SSL_CTX_get_options.3 \ - SSL_CTX_set_options.3 SSL_get_options.3 \ - SSL_CTX_set_options.3 SSL_set_options.3 \ - SSL_CTX_set_quiet_shutdown.3 SSL_CTX_get_quiet_shutdown.3 \ - SSL_CTX_set_quiet_shutdown.3 SSL_get_quiet_shutdown.3 \ - SSL_CTX_set_quiet_shutdown.3 SSL_set_quiet_shutdown.3 \ - SSL_CTX_set_session_cache_mode.3 SSL_CTX_get_session_cache_mode.3 \ - SSL_CTX_set_session_id_context.3 SSL_set_session_id_context.3 \ - SSL_CTX_set_ssl_version.3 SSL_get_ssl_method.3 \ - SSL_CTX_set_ssl_version.3 SSL_set_ssl_method.3 \ - SSL_CTX_set_timeout.3 SSL_CTX_get_timeout.3 \ - SSL_CTX_set_tmp_dh_callback.3 SSL_CTX_set_tmp_dh.3 \ - SSL_CTX_set_tmp_dh_callback.3 SSL_set_tmp_dh.3 \ - SSL_CTX_set_tmp_dh_callback.3 SSL_set_tmp_dh_callback.3 \ - SSL_CTX_set_tmp_rsa_callback.3 SSL_CTX_need_tmp_rsa.3 \ - SSL_CTX_set_tmp_rsa_callback.3 SSL_CTX_set_tmp_rsa.3 \ - SSL_CTX_set_tmp_rsa_callback.3 SSL_need_tmp_rsa.3 \ - SSL_CTX_set_tmp_rsa_callback.3 SSL_set_tmp_rsa.3 \ - SSL_CTX_set_tmp_rsa_callback.3 SSL_set_tmp_rsa_callback.3 \ - SSL_CTX_set_verify.3 SSL_CTX_set_verify_depth.3 \ - SSL_CTX_set_verify.3 SSL_set_verify.3 \ - SSL_CTX_set_verify.3 SSL_set_verify_depth.3 \ - SSL_CTX_use_certificate.3 SSL_CTX_check_private_key.3 \ - SSL_CTX_use_certificate.3 SSL_CTX_use_PrivateKey.3 \ - SSL_CTX_use_certificate.3 SSL_CTX_use_PrivateKey_ASN1.3 \ - SSL_CTX_use_certificate.3 SSL_CTX_use_PrivateKey_file.3 \ - SSL_CTX_use_certificate.3 SSL_CTX_use_RSAPrivateKey.3 \ - SSL_CTX_use_certificate.3 SSL_CTX_use_RSAPrivateKey_ASN1.3 \ - SSL_CTX_use_certificate.3 SSL_CTX_use_RSAPrivateKey_file.3 \ - SSL_CTX_use_certificate.3 SSL_CTX_use_certificate_ASN1.3 \ - SSL_CTX_use_certificate.3 SSL_CTX_use_certificate_chain_file.3 \ - SSL_CTX_use_certificate.3 SSL_CTX_use_certificate_file.3 \ - SSL_CTX_use_certificate.3 SSL_check_private_key.3 \ - SSL_CTX_use_certificate.3 SSL_use_PrivateKey.3 \ - SSL_CTX_use_certificate.3 SSL_use_PrivateKey_ASN1.3 \ - SSL_CTX_use_certificate.3 SSL_use_PrivateKey_file.3 \ - SSL_CTX_use_certificate.3 SSL_use_RSAPrivateKey.3 \ - SSL_CTX_use_certificate.3 SSL_use_RSAPrivateKey_ASN1.3 \ - SSL_CTX_use_certificate.3 SSL_use_RSAPrivateKey_file.3 \ - SSL_CTX_use_certificate.3 SSL_use_certificate.3 \ - SSL_CTX_use_certificate.3 SSL_use_certificate_ASN1.3 \ - SSL_CTX_use_certificate.3 SSL_use_certificate_file.3 \ - SSL_SESSION_get_ex_new_index.3 SSL_SESSION_get_ex_data.3 \ - SSL_SESSION_get_ex_new_index.3 SSL_SESSION_set_ex_data.3 \ - SSL_SESSION_get_time.3 SSL_SESSION_get_timeout.3 \ - SSL_SESSION_get_time.3 SSL_SESSION_set_time.3 \ - SSL_SESSION_get_time.3 SSL_SESSION_set_timeout.3 \ - SSL_SESSION_get_time.3 SSL_get_time.3 \ - SSL_SESSION_get_time.3 SSL_get_timeout.3 \ - SSL_SESSION_get_time.3 SSL_set_time.3 \ - SSL_SESSION_get_time.3 SSL_set_timeout.3 \ - SSL_alert_type_string.3 SSL_alert_desc_string.3 \ - SSL_alert_type_string.3 SSL_alert_desc_string_long.3 \ - SSL_alert_type_string.3 SSL_alert_type_string_long.3 \ - SSL_get_ciphers.3 SSL_get_cipher_list.3 \ - SSL_get_client_CA_list.3 SSL_CTX_get_client_CA_list.3 \ - SSL_get_current_cipher.3 SSL_get_cipher.3 \ - SSL_get_current_cipher.3 SSL_get_cipher_bits.3 \ - SSL_get_current_cipher.3 SSL_get_cipher_name.3 \ - SSL_get_current_cipher.3 SSL_get_cipher_version.3 \ - SSL_get_ex_new_index.3 SSL_get_ex_data.3 \ - SSL_get_ex_new_index.3 SSL_set_ex_data.3 \ - SSL_get_fd.3 SSL_get_rfd.3 \ - SSL_get_fd.3 SSL_get_wfd.3 \ - SSL_get_rbio.3 SSL_get_wbio.3 \ - SSL_get_session.3 SSL_get0_session.3 \ - SSL_get_session.3 SSL_get1_session.3 \ - SSL_library_init.3 OpenSSL_add_ssl_algorithms.3 \ - SSL_library_init.3 SSLeay_add_ssl_algorithms.3 \ - SSL_rstate_string.3 SSL_rstate_string_long.3 \ - SSL_set_connect_state.3 SSL_set_accept_state.3 \ - SSL_set_fd.3 SSL_set_rfd.3 \ - SSL_set_fd.3 SSL_set_wfd.3 \ - SSL_set_shutdown.3 SSL_get_shutdown.3 \ - SSL_state_string.3 SSL_state_string_long.3 \ - SSL_want.3 SSL_want_nothing.3 \ - SSL_want.3 SSL_want_read.3 \ - SSL_want.3 SSL_want_write.3 \ - SSL_want.3 SSL_want_x509_lookup.3 \ - blowfish.3 BF_cbc.3 \ - blowfish.3 BF_cbc_encrypt.3 \ - blowfish.3 BF_cfb64_encrypt.3 \ - blowfish.3 BF_decrypt.3 \ - blowfish.3 BF_ecb.3 \ - blowfish.3 BF_ecb_encrypt.3 \ - blowfish.3 BF_encrypt.3 \ - blowfish.3 BF_ofb64_encrypt.3 \ - blowfish.3 BF_options.3 \ - blowfish.3 BF_set_key.3 \ - bn_internal.3 bn_add_words.3 \ - bn_internal.3 bn_check_top.3 \ - bn_internal.3 bn_cmp_words.3 \ - bn_internal.3 bn_div_words.3 \ - bn_internal.3 bn_dump.3 \ - bn_internal.3 bn_expand.3 \ - bn_internal.3 bn_expand2.3 \ - bn_internal.3 bn_fix_top.3 \ - bn_internal.3 bn_mul_add_words.3 \ - bn_internal.3 bn_mul_comba4.3 \ - bn_internal.3 bn_mul_comba8.3 \ - bn_internal.3 bn_mul_high.3 \ - bn_internal.3 bn_mul_low_normal.3 \ - bn_internal.3 bn_mul_low_recursive.3 \ - bn_internal.3 bn_mul_normal.3 \ - bn_internal.3 bn_mul_part_recursive.3 \ - bn_internal.3 bn_mul_recursive.3 \ - bn_internal.3 bn_mul_words.3 \ - bn_internal.3 bn_print.3 \ - bn_internal.3 bn_set_high.3 \ - bn_internal.3 bn_set_low.3 \ - bn_internal.3 bn_set_max.3 \ - bn_internal.3 bn_sqr_comba4.3 \ - bn_internal.3 bn_sqr_comba8.3 \ - bn_internal.3 bn_sqr_normal.3 \ - bn_internal.3 bn_sqr_recursive.3 \ - bn_internal.3 bn_sqr_words.3 \ - bn_internal.3 bn_sub_words.3 \ - bn_internal.3 bn_wexpand.3 \ - bn_internal.3 mul.3 \ - bn_internal.3 mul_add.3 \ - bn_internal.3 sqr.3 \ - d2i_DHparams.3 i2d_DHparams.3 \ - d2i_RSAPublicKey.3 d2i_Netscape_RSA.3 \ - d2i_RSAPublicKey.3 d2i_RSAPrivateKey.3 \ - d2i_RSAPublicKey.3 i2d_Netscape_RSA.3 \ - d2i_RSAPublicKey.3 i2d_RSAPrivateKey.3 \ - d2i_RSAPublicKey.3 i2d_RSAPublicKey.3 \ - d2i_SSL_SESSION.3 i2d_SSL_SESSION.3 \ - des_crypt.3 des_string_to_2keys.3 \ - des_random_key.3 des_cbc_cksum.3 \ - des_random_key.3 des_cfb64_encrypt.3 \ - des_random_key.3 des_cfb_encrypt.3 \ - des_random_key.3 des_crypt.3 \ - des_random_key.3 des_ecb2_encrypt.3 \ - des_random_key.3 des_ecb3_encrypt.3 \ - des_random_key.3 des_ecb_encrypt.3 \ - des_random_key.3 des_ede2_cbc_encrypt.3 \ - des_random_key.3 des_ede2_cfb64_encrypt.3 \ - des_random_key.3 des_ede2_ofb64_encrypt.3 \ - des_random_key.3 des_ede3_cbc_encrypt.3 \ - des_random_key.3 des_ede3_cbcm_encrypt.3 \ - des_random_key.3 des_ede3_cfb64_encrypt.3 \ - des_random_key.3 des_ede3_ofb64_encrypt.3 \ - des_random_key.3 des_enc_read.3 \ - des_random_key.3 des_enc_write.3 \ - des_random_key.3 des_fcrypt.3 \ - des_random_key.3 des_is_weak_key.3 \ - des_random_key.3 des_key_sched.3 \ - des_random_key.3 des_ncbc_encrypt.3 \ - des_random_key.3 des_ofb64_encrypt.3 \ - des_random_key.3 des_ofb_encrypt.3 \ - des_random_key.3 des_pcbc_encrypt.3 \ - des_random_key.3 des_quad_cksum.3 \ - des_random_key.3 des_read_2passwords.3 \ - des_random_key.3 des_read_password.3 \ - des_random_key.3 des_read_pw_string.3 \ - des_random_key.3 des_set_key.3 \ - des_random_key.3 des_set_key_checked.3 \ - des_random_key.3 des_set_key_unchecked.3 \ - des_random_key.3 des_set_odd_parity.3 \ - des_random_key.3 des_string_to_2keys.3 \ - des_random_key.3 des_string_to_key.3 \ - des_random_key.3 des_xcbc_encrypt.3 \ - dsa.3 DSA_OpenSSL.3 \ - dsa.3 DSA_SIG_free.3 \ - dsa.3 DSA_do_verify.3 \ - dsa.3 DSA_free.3 \ - dsa.3 DSA_get_default_method.3 \ - dsa.3 DSA_get_ex_data.3 \ - dsa.3 DSA_new_method.3 \ - dsa.3 DSA_set_default_method.3 \ - dsa.3 DSA_set_ex_data.3 \ - dsa.3 DSA_sign_setup.3 \ - dsa.3 DSA_verify.3 \ - dsa.3 d2i_DSAPrivateKey.3 \ - dsa.3 d2i_DSAPublicKey.3 \ - dsa.3 d2i_DSA_SIG.3 \ - dsa.3 d2i_DSAparams.3 \ - dsa.3 i2d_DSAPrivateKey.3 \ - dsa.3 i2d_DSAPublicKey.3 \ - dsa.3 i2d_DSA_SIG.3 \ - dsa.3 i2d_DSAparams.3 \ - lh_stats.3 lh_node_stats.3 \ - lh_stats.3 lh_node_stats_bio.3 \ - lh_stats.3 lh_node_usage_stats.3 \ - lh_stats.3 lh_node_usage_stats_bio.3 \ - lh_stats.3 lh_stats_bio.3 \ - lhash.3 lh_delete.3 \ - lhash.3 lh_doall.3 \ - lhash.3 lh_doall_arg.3 \ - lhash.3 lh_error.3 \ - lhash.3 lh_free.3 \ - lhash.3 lh_insert.3 \ - lhash.3 lh_new.3 \ - lhash.3 lh_retrieve.3 + SSL_CTX_set_generate_session_id.3 \ + SSL_CTX_set_info_callback.3 \ + SSL_CTX_set_max_cert_list.3 \ + SSL_CTX_set_min_proto_version.3 \ + SSL_CTX_set_mode.3 \ + SSL_CTX_set_msg_callback.3 \ + SSL_CTX_set_options.3 \ + SSL_CTX_set_quiet_shutdown.3 \ + SSL_CTX_set_read_ahead.3 \ + SSL_CTX_set_session_cache_mode.3 \ + SSL_CTX_set_session_id_context.3 \ + SSL_CTX_set_ssl_version.3 \ + SSL_CTX_set_timeout.3 \ + SSL_CTX_set_tlsext_servername_callback.3 \ + SSL_CTX_set_tlsext_status_cb.3 \ + SSL_CTX_set_tlsext_ticket_key_cb.3 \ + SSL_CTX_set_tlsext_use_srtp.3 \ + SSL_CTX_set_tmp_dh_callback.3 \ + SSL_CTX_set_tmp_rsa_callback.3 \ + SSL_CTX_set_verify.3 \ + SSL_CTX_set1_groups.3 \ + SSL_CTX_use_certificate.3 \ + SSL_SESSION_free.3 \ + SSL_SESSION_get_compress_id.3 \ + SSL_SESSION_get_ex_new_index.3 \ + SSL_SESSION_get_id.3 \ + SSL_SESSION_get_protocol_version.3 \ + SSL_SESSION_get_time.3 \ + SSL_SESSION_get0_peer.3 \ + SSL_SESSION_has_ticket.3 \ + SSL_SESSION_new.3 \ + SSL_SESSION_print.3 \ + SSL_SESSION_set1_id_context.3 \ + SSL_accept.3 \ + SSL_alert_type_string.3 \ + SSL_clear.3 \ + SSL_connect.3 \ + SSL_copy_session_id.3 \ + SSL_do_handshake.3 \ + SSL_dup.3 \ + SSL_dup_CA_list.3 \ + SSL_export_keying_material.3 \ + SSL_free.3 \ + SSL_get_SSL_CTX.3 \ + SSL_get_certificate.3 \ + SSL_get_ciphers.3 \ + SSL_get_client_CA_list.3 \ + SSL_get_client_random.3 \ + SSL_get_current_cipher.3 \ + SSL_get_default_timeout.3 \ + SSL_get_error.3 \ + SSL_get_ex_data_X509_STORE_CTX_idx.3 \ + SSL_get_ex_new_index.3 \ + SSL_get_fd.3 \ + SSL_get_peer_cert_chain.3 \ + SSL_get_peer_certificate.3 \ + SSL_get_rbio.3 \ + SSL_get_server_tmp_key.3 \ + SSL_get_session.3 \ + SSL_get_shared_ciphers.3 \ + SSL_get_state.3 \ + SSL_get_verify_result.3 \ + SSL_get_version.3 \ + SSL_library_init.3 \ + SSL_load_client_CA_file.3 \ + SSL_new.3 \ + SSL_num_renegotiations.3 \ + SSL_pending.3 \ + SSL_read.3 \ + SSL_renegotiate.3 \ + SSL_rstate_string.3 \ + SSL_session_reused.3 \ + SSL_set1_param.3 \ + SSL_set_bio.3 \ + SSL_set_connect_state.3 \ + SSL_set_fd.3 \ + SSL_set_max_send_fragment.3 \ + SSL_set_session.3 \ + SSL_set_shutdown.3 \ + SSL_set_tmp_ecdh.3 \ + SSL_set_verify_result.3 \ + SSL_shutdown.3 \ + SSL_state_string.3 \ + SSL_want.3 \ + SSL_write.3 \ + d2i_SSL_SESSION.3 \ + ssl.3 + +all clean cleandir depend includes obj tags: + +install: maninstall .include -.else -maninstall: - -.endif - -# XXX .PATH order is critical because of non-unique filenames -.PATH: ${.CURDIR}/../src/doc/crypto ${.CURDIR}/../src/doc/ssl ${.CURDIR}/../src/doc/apps -.SUFFIXES: .pod -.pod.cat3: - ( cd `dirname ${.ALLSRC}` && pod2man --section=3 --official \ - --center='OpenSSL' --release="OpenBSD `uname -r`" \ - `basename ${.ALLSRC}` ) | nroff -Tascii -man > ${.TARGET} -.pod.cat7: - ( cd `dirname ${.ALLSRC}` && pod2man --section=7 --official \ - --center='OpenSSL' --release="OpenBSD `uname -r`" \ - `basename ${.ALLSRC}` ) | nroff -Tascii -man > ${.TARGET} -.pod.cat1: - ( cd `dirname ${.ALLSRC}` && pod2man --section=1 --official \ - --center='OpenSSL' --release="OpenBSD `uname -r`" \ - `basename ${.ALLSRC}` ) | nroff -Tascii -man > ${.TARGET} - -.pod.ps3: - ( cd `dirname ${.ALLSRC}` && pod2man --section=3 --official \ - --center='OpenSSL' --release="OpenBSD `uname -r`" \ - `basename ${.ALLSRC}` ) | nroff -Tps -man > ${.TARGET} -.pod.ps7: - ( cd `dirname ${.ALLSRC}` && pod2man --section=7 --official \ - --center='OpenSSL' --release="OpenBSD `uname -r`" \ - `basename ${.ALLSRC}` ) | nroff -Tps -man > ${.TARGET} -.pod.ps1: - ( cd `dirname ${.ALLSRC}` && pod2man --section=1 --official \ - --center='OpenSSL' --release="OpenBSD `uname -r`" \ - `basename ${.ALLSRC}` ) | nroff -Tps -man > ${.TARGET} - -.include -.include - -CLEANFILES+=\ - BUF_MEM_new.pm \ - CRYPTO_set_locking_callback.pm \ - HMAC.pm \ - MDC2.pm \ - RC4.pm \ - RIPEMD160.pm \ - SHA1.pm \ - des_random_key.pm \ - MD5.pm \ - -clean: - rm -f ${CLEANFILES} diff --git a/src/lib/libssl/man/OPENSSL_init_ssl.3 b/src/lib/libssl/man/OPENSSL_init_ssl.3 new file mode 100644 index 00000000000..7530dbe4a33 --- /dev/null +++ b/src/lib/libssl/man/OPENSSL_init_ssl.3 @@ -0,0 +1,61 @@ +.\" $OpenBSD: OPENSSL_init_ssl.3,v 1.2 2018/03/24 00:55:37 schwarze Exp $ +.\" Copyright (c) 2018 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 24 2018 $ +.Dt OPENSSL_INIT_SSL 3 +.Os +.Sh NAME +.Nm OPENSSL_init_ssl +.Nd initialise the crypto and ssl libraries +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft int +.Fo OPENSSL_init_ssl +.Fa "uint64_t options" +.Fa "const void *dummy" +.Fc +.Sh DESCRIPTION +.Fn OPENSSL_init_ssl +calls +.Xr OPENSSL_init_crypto 3 +and also allocates various resources used internally by the ssl library. +.Pp +Calling it is never useful because it is automatically called +internally when needed. +.Pp +The +.Fa options +argument is passed on to +.Xr OPENSSL_init_crypto 3 +and the +.Fa dummy +argument is ignored. +.Pp +If this function is called more than once, +none of the calls except the first one have any effect. +.Sh RETURN VALUES +.Fn OPENSSL_init_ssl +is intended to return 1 on success or 0 on error. +.Sh SEE ALSO +.Xr CONF_modules_load_file 3 , +.Xr OPENSSL_init_crypto 3 +.Sh HISTORY +.Fn OPENSSL_init_ssl +first appeared in OpenSSL 1.1.0 and has been available since +.Ox 6.3 . +.Sh BUGS +.Fn OPENSSL_init_ssl +silently ignores even more configuration failures than +.Xr OPENSSL_init_crypto 3 . diff --git a/src/lib/libssl/man/PEM_read_SSL_SESSION.3 b/src/lib/libssl/man/PEM_read_SSL_SESSION.3 new file mode 100644 index 00000000000..b9987ebfb04 --- /dev/null +++ b/src/lib/libssl/man/PEM_read_SSL_SESSION.3 @@ -0,0 +1,146 @@ +.\" $OpenBSD: PEM_read_SSL_SESSION.3,v 1.3 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL doc/man3/PEM_read_CMS.pod b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Rich Salz . +.\" Copyright (c) 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt PEM_READ_SSL_SESSION 3 +.Os +.Sh NAME +.Nm PEM_read_SSL_SESSION , +.Nm PEM_read_bio_SSL_SESSION , +.Nm PEM_write_SSL_SESSION , +.Nm PEM_write_bio_SSL_SESSION +.Nd encode and decode SSL session objects in PEM format +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft SSL_SESSION * +.Fo PEM_read_SSL_SESSION +.Fa "FILE *fp" +.Fa "SSL_SESSION **a" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft SSL_SESSION * +.Fo PEM_read_bio_SSL_SESSION +.Fa "BIO *bp" +.Fa "SSL_SESSION **a" +.Fa "pem_password_cb *cb" +.Fa "void *u" +.Fc +.Ft int +.Fo PEM_write_SSL_SESSION +.Fa "FILE *fp" +.Fa "const SSL_SESSION *a" +.Fc +.Ft int +.Fo PEM_write_bio_SSL_SESSION +.Fa "BIO *bp" +.Fa "const SSL_SESSION *a" +.Fc +.Sh DESCRIPTION +These routines convert between local instances of ASN.1 +.Vt SSL_SESSION +objects and the PEM encoding. +.Pp +.Fn PEM_read_SSL_SESSION +reads a PEM-encoded +.Vt SSL_SESSION +object from the file +.Fa fp +and returns it. +The +.Fa cb +and +.Fa u +parameters are as described in +.Xr PEM_read_bio_PrivateKey 3 . +.Pp +.Fn PEM_read_bio_SSL_SESSION +is similar to +.Fn PEM_read_SSL_SESSION +but reads from the BIO +.Fa bp . +.Pp +.Fn PEM_write_SSL_SESSION +writes the PEM encoding of the object +.Fa a +to the file +.Fa fp . +.Pp +.Fn PEM_write_bio_SSL_SESSION +similarly writes to the BIO +.Fa bp . +.Sh RETURN VALUES +.Fn PEM_read_SSL_SESSION +and +.Fn PEM_read_bio_SSL_SESSION +return a pointer to an allocated object, which should be released by +calling +.Xr SSL_SESSION_free 3 , +or +.Dv NULL +on error. +.Pp +.Fn PEM_write_SSL_SESSION +and +.Fn PEM_write_bio_SSL_SESSION +return the number of bytes written or 0 on error. +.Sh SEE ALSO +.Xr PEM_read 3 +.Sh HISTORY +.Fn PEM_read_SSL_SESSION +and +.Fn PEM_write_SSL_SESSION +first appeared in SSLeay 0.5.2. +.Fn PEM_read_bio_SSL_SESSION +and +.Fn PEM_write_bio_SSL_SESSION +first appeared in SSLeay 0.6.0. +These functions have been available since +.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_CIPHER_get_name.3 b/src/lib/libssl/man/SSL_CIPHER_get_name.3 new file mode 100644 index 00000000000..37707566e46 --- /dev/null +++ b/src/lib/libssl/man/SSL_CIPHER_get_name.3 @@ -0,0 +1,353 @@ +.\" $OpenBSD: SSL_CIPHER_get_name.3,v 1.10 2018/04/25 13:51:34 schwarze Exp $ +.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" selective merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800 +.\" +.\" This file was written by Lutz Jaenicke , +.\" Dr. Stephen Henson , Todd Short , +.\" and Paul Yang . +.\" Copyright (c) 2000, 2005, 2009, 2013, 2014, 2015, 2016, 2017 +.\" The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: April 25 2018 $ +.Dt SSL_CIPHER_GET_NAME 3 +.Os +.Sh NAME +.Nm SSL_CIPHER_get_name , +.Nm SSL_CIPHER_get_bits , +.Nm SSL_CIPHER_get_version , +.Nm SSL_CIPHER_get_cipher_nid , +.Nm SSL_CIPHER_get_digest_nid , +.Nm SSL_CIPHER_get_kx_nid , +.Nm SSL_CIPHER_get_auth_nid , +.Nm SSL_CIPHER_is_aead , +.Nm SSL_CIPHER_get_id , +.Nm SSL_CIPHER_description +.Nd get SSL_CIPHER properties +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft const char * +.Fn SSL_CIPHER_get_name "const SSL_CIPHER *cipher" +.Ft int +.Fn SSL_CIPHER_get_bits "const SSL_CIPHER *cipher" "int *alg_bits" +.Ft const char * +.Fn SSL_CIPHER_get_version "const SSL_CIPHER *cipher" +.Ft int +.Fn SSL_CIPHER_get_cipher_nid "const SSL_CIPHER *cipher" +.Ft int +.Fn SSL_CIPHER_get_digest_nid "const SSL_CIPHER *cipher" +.Ft int +.Fn SSL_CIPHER_get_kx_nid "const SSL_CIPHER *cipher" +.Ft int +.Fn SSL_CIPHER_get_auth_nid "const SSL_CIPHER *cipher" +.Ft int +.Fn SSL_CIPHER_is_aead "const SSL_CIPHER *cipher" +.Ft unsigned long +.Fn SSL_CIPHER_get_id "const SSL_CIPHER *cipher" +.Ft char * +.Fn SSL_CIPHER_description "const SSL_CIPHER *cipher" "char *buf" "int size" +.Sh DESCRIPTION +.Fn SSL_CIPHER_get_name +returns a pointer to the name of +.Fa cipher . +.Pp +.Fn SSL_CIPHER_get_bits +returns the number of secret bits used for +.Fa cipher . +If +.Fa alg_bits +is not +.Dv NULL , +the number of bits processed by the chosen algorithm is stored into it. +.Pp +.Fn SSL_CIPHER_get_version +returns a string which indicates the SSL/TLS protocol version that first +defined the cipher. +This is currently +.Qq TLSv1/SSLv3 . +In some cases it should possibly return +.Qq TLSv1.2 +but the function does not; use +.Fn SSL_CIPHER_description +instead. +.Pp +.Fn SSL_CIPHER_get_cipher_nid +returns the cipher NID corresponding to the +.Fa cipher . +If there is no cipher (e.g. for cipher suites with no encryption), then +.Dv NID_undef +is returned. +.Pp +.Fn SSL_CIPHER_get_digest_nid +returns the digest NID corresponding to the MAC used by the +.Fa cipher +during record encryption/decryption. +If there is no digest (e.g. for AEAD cipher suites), then +.Dv NID_undef +is returned. +.Pp +.Fn SSL_CIPHER_get_kx_nid +returns the key exchange NID corresponding to the method used by the +.Fa cipher . +If there is no key exchange, then +.Dv NID_undef +is returned. +Examples of possible return values include +.Dv NID_kx_rsa , +.Dv NID_kx_dhe , +and +.Dv NID_kx_ecdhe . +.Pp +.Fn SSL_CIPHER_get_auth_nid +returns the authentication NID corresponding to the method used by the +.Fa cipher . +If there is no authentication, +.Dv NID_undef +is returned. +Examples of possible return values include +.Dv NID_auth_rsa +and +.Dv NID_auth_ecdsa . +.Pp +.Fn SSL_CIPHER_is_aead +returns 1 if the +.Fa cipher +is AEAD (e.g. GCM or ChaCha20/Poly1305), or 0 if it is not AEAD. +.Pp +.Fn SSL_CIPHER_get_id +returns the ID of the given +.Fa cipher , +which must not be +.Dv NULL . +The ID here is an OpenSSL-specific concept, which stores a prefix +of 0x0300 in the higher two bytes and the IANA-specified chipher +suite ID in the lower two bytes. +For instance, TLS_RSA_WITH_NULL_MD5 has IANA ID "0x00, 0x01", so +.Fn SSL_CIPHER_get_id +returns 0x03000001. +.Pp +.Fn SSL_CIPHER_description +copies a textual description of +.Fa cipher +into the buffer +.Fa buf , +which must be at least +.Fa size +bytes long. +The +.Fa cipher +argument must not be a +.Dv NULL +pointer. +If +.Fa buf +is +.Dv NULL , +a buffer is allocated using +.Xr asprintf 3 ; +that buffer should be freed using the +.Xr free 3 +function. +If +.Fa len +is too small to hold the description, a pointer to the static string +.Qq Buffer too small +is returned. +If memory allocation fails, which can happen even if a +.Fa buf +of sufficient size is provided, a pointer to the static string +.Qq OPENSSL_malloc Error +is returned and the content of +.Fa buf +remains unchanged. +.Pp +The string returned by +.Fn SSL_CIPHER_description +consists of several fields separated by whitespace: +.Bl -tag -width Ds +.It Aq Ar ciphername +Textual representation of the cipher name. +.It Aq Ar protocol version +Protocol version: +.Sy SSLv3 +or +.Sy TLSv1.2 . +The TLSv1.0 ciphers are flagged with SSLv3. +No new ciphers were added by TLSv1.1. +.It Kx= Ns Aq Ar key exchange +Key exchange method: +.Sy DH , +.Sy ECDH , +.Sy GOST , +or +.Sy RSA . +.It Au= Ns Aq Ar authentication +Authentication method: +.Sy DSS , +.Sy ECDSA , +.Sy GOST01 , +.Sy RSA , +or +.Sy None . +.Sy None +is the representation of anonymous ciphers. +.It Enc= Ns Aq Ar symmetric encryption method +Encryption method with number of secret bits: +.Sy DES(56) , +.Sy 3DES(168) , +.Sy RC4(64) , +.Sy RC4(128) , +.Sy IDEA(128) , +.Sy AES(128) , +.Sy AES(256) , +.Sy AESCGM(128) , +.Sy AESCGM(256) , +.Sy Camellia(128) , +.Sy Camellia(256) , +.Sy ChaCha20-Poly1305 , +.Sy ChaCha20-Poly1305-Old , +.Sy GOST-28178-89-CNT , +or +.Sy None . +.It Mac= Ns Aq Ar message authentication code +Message digest: +.Sy MD5 , +.Sy SHA1 , +.Sy SHA256 , +.Sy SHA384 , +.Sy AEAD , +.Sy GOST94 , +.Sy GOST89IMIT , +.Sy STREEBOG256 , +.Sy STREEBOG512 . +.El +.Sh RETURN VALUES +.Fn SSL_CIPHER_get_name +returns an internal pointer to a NUL-terminated string. +.Fn SSL_CIPHER_get_version +returns a pointer to a static NUL-terminated string. +If +.Fa cipher +is a +.Dv NULL +pointer, both functions return a pointer to the static string +.Qq Pq NONE . +.Pp +.Fn SSL_CIPHER_get_bits +returns a positive integer representing the number of secret bits +or 0 if +.Fa cipher +is a +.Dv NULL +pointer. +.Pp +.Fn SSL_CIPHER_get_cipher_nid , +.Fn SSL_CIPHER_get_digest_nid , +.Fn SSL_CIPHER_get_kx_nid , +and +.Fn SSL_CIPHER_get_auth_nid +return an NID constant or +.Dv NID_undef +if an error occurred. +.Pp +.Fn SSL_CIPHER_is_aead +returns 1 if the +.Fa cipher +is AEAD or 0 otherwise. +.Pp +.Fn SSL_CIPHER_get_id +returns a 32-bit unsigned integer. +.Pp +.Fn SSL_CIPHER_description +returns +.Fa buf +or a newly allocated string on success or a pointer to a static +string on error. +.Sh EXAMPLES +An example for the output of +.Fn SSL_CIPHER_description : +.Bd -literal +ECDHE-RSA-AES256-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD +.Ed +.Pp +A complete list can be retrieved by invoking the following command: +.Pp +.Dl $ openssl ciphers -v ALL +.Sh SEE ALSO +.Xr openssl 1 , +.Xr ssl 3 , +.Xr SSL_get_ciphers 3 , +.Xr SSL_get_current_cipher 3 +.Sh HISTORY +.Fn SSL_CIPHER_description +first appeared in SSLeay 0.8.0. +.Fn SSL_CIPHER_get_name , +.Fn SSL_CIPHER_get_bits , +and +.Fn SSL_CIPHER_get_version +first appeared in SSLeay 0.8.1. +These functions have been available since +.Ox 2.4 . +.Pp +.Fn SSL_CIPHER_get_id +first appeared in OpenSSL 1.0.1 and has been available since +.Ox 5.3 . +.Pp +.Fn SSL_CIPHER_get_cipher_nid , +.Fn SSL_CIPHER_get_digest_nid , +.Fn SSL_CIPHER_get_kx_nid , +.Fn SSL_CIPHER_get_auth_nid , +and +.Fn SSL_CIPHER_is_aead +first appeared in OpenSSL 1.1.0 and have been available since +.Ox 6.3 . +.Sh BUGS +If +.Fn SSL_CIPHER_description +cannot handle a built-in cipher, +the according description of the cipher property is +.Qq unknown . +This case should not occur. diff --git a/src/lib/libssl/man/SSL_COMP_add_compression_method.3 b/src/lib/libssl/man/SSL_COMP_add_compression_method.3 new file mode 100644 index 00000000000..e5421852d29 --- /dev/null +++ b/src/lib/libssl/man/SSL_COMP_add_compression_method.3 @@ -0,0 +1,56 @@ +.\" $OpenBSD: SSL_COMP_add_compression_method.3,v 1.4 2018/03/23 00:10:28 schwarze Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt SSL_COMP_ADD_COMPRESSION_METHOD 3 +.Os +.Sh NAME +.Nm SSL_COMP_add_compression_method , +.Nm SSL_COMP_get_compression_methods +.Nd handle SSL/TLS integrated compression methods +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft int +.Fn SSL_COMP_add_compression_method "int id" "COMP_METHOD *cm" +.Ft STACK_OF(SSL_COMP) * +.Fn SSL_COMP_get_compression_methods void +.Sh DESCRIPTION +These functions are deprecated and have no effect. +They are provided purely for compatibility with legacy application code. +.Pp +.Fn SSL_COMP_add_compression_method +used to add the compression method +.Fa cm +with the identifier +.Fa id +to the list of available compression methods. +.Pp +.Fn SSL_COMP_get_compression_methods +used to return a stack of available compression methods. +.Sh RETURN VALUES +.Fn SSL_COMP_add_compression_method +always returns 1. +.Fn SSL_COMP_get_compression_methods +always returns +.Dv NULL . +.Sh HISTORY +.Fn SSL_COMP_add_compression_method +first appeared in OpenSSL 0.9.2b and has been available since +.Ox 2.6 . +.Pp +.Fn SSL_COMP_get_compression_methods +first appeared in OpenSSL 0.9.8 and has been available since +.Ox 4.5 . diff --git a/src/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 b/src/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 new file mode 100644 index 00000000000..1feee4265cf --- /dev/null +++ b/src/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 @@ -0,0 +1,122 @@ +.\" $OpenBSD: SSL_CTX_add_extra_chain_cert.3,v 1.5 2018/03/23 05:50:30 schwarze Exp $ +.\" OpenSSL f0d6ee6be Feb 15 07:41:42 2002 +0000 +.\" +.\" This file was written by Lutz Jaenicke and +.\" Dr. Stephen Henson . +.\" Copyright (c) 2000, 2002, 2013, 2015 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt SSL_CTX_ADD_EXTRA_CHAIN_CERT 3 +.Os +.Sh NAME +.Nm SSL_CTX_add_extra_chain_cert , +.Nm SSL_CTX_clear_extra_chain_certs +.Nd add or clear extra chain certificates +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft long +.Fn SSL_CTX_add_extra_chain_cert "SSL_CTX *ctx" "X509 *x509" +.Ft long +.Fn SSL_CTX_clear_extra_chain_certs "SSL_CTX *ctx" +.Sh DESCRIPTION +.Fn SSL_CTX_add_extra_chain_cert +adds the certificate +.Fa x509 +to the extra chain certificates associated with +.Fa ctx . +Several certificates can be added one after another. +.Pp +.Fn SSL_CTX_clear_extra_chain_certs +clears all extra chain certificates associated with +.Fa ctx . +.Pp +These functions are implemented as macros. +.Pp +When sending a certificate chain, extra chain certificates are sent +in order following the end entity certificate. +.Pp +If no chain is specified, the library will try to complete the chain from the +available CA certificates in the trusted CA storage, see +.Xr SSL_CTX_load_verify_locations 3 . +.Pp +The x509 certificate provided to +.Fn SSL_CTX_add_extra_chain_cert +will be freed by the library when the +.Vt SSL_CTX +is destroyed. +An application should not free the +.Fa x509 +object. +.Sh RETURN VALUES +.Fn SSL_CTX_add_extra_chain_cert +and +.Fn SSL_CTX_clear_extra_chain_certs +return 1 on success or 0 for failure. +Check out the error stack to find out the reason for failure. +.Sh SEE ALSO +.Xr SSL_CTX_ctrl 3 , +.Xr SSL_CTX_load_verify_locations 3 , +.Xr SSL_CTX_set_client_cert_cb 3 , +.Xr SSL_CTX_use_certificate 3 +.Sh HISTORY +.Fn SSL_CTX_add_extra_chain_cert +first appeared in SSLeay 0.9.1 and has been available since +.Ox 2.6 . +.Pp +.Fn SSL_CTX_clear_extra_chain_certs +first appeared in OpenSSL 1.0.1 and has been available since +.Ox 5.3 . +.Sh CAVEATS +Only one set of extra chain certificates can be specified per +.Vt SSL_CTX +structure. +Different chains for different certificates (for example if both +RSA and DSA certificates are specified by the same server) or +different SSL structures with the same parent +.Vt SSL_CTX +cannot be specified using this function. diff --git a/src/lib/libssl/man/SSL_CTX_add_session.3 b/src/lib/libssl/man/SSL_CTX_add_session.3 new file mode 100644 index 00000000000..443bdb542a4 --- /dev/null +++ b/src/lib/libssl/man/SSL_CTX_add_session.3 @@ -0,0 +1,132 @@ +.\" $OpenBSD: SSL_CTX_add_session.3,v 1.5 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL SSL_CTX_add_session.pod 1722496f Jun 8 15:18:38 2017 -0400 +.\" +.\" This file was written by Lutz Jaenicke and +.\" Geoff Thorpe . +.\" Copyright (c) 2001, 2002, 2014 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_CTX_ADD_SESSION 3 +.Os +.Sh NAME +.Nm SSL_CTX_add_session , +.Nm SSL_CTX_remove_session +.Nd manipulate session cache +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft int +.Fn SSL_CTX_add_session "SSL_CTX *ctx" "SSL_SESSION *c" +.Ft int +.Fn SSL_CTX_remove_session "SSL_CTX *ctx" "SSL_SESSION *c" +.Sh DESCRIPTION +.Fn SSL_CTX_add_session +adds the session +.Fa c +to the context +.Fa ctx . +The reference count for session +.Fa c +is incremented by 1. +If a session with the same session id already exists, +the old session is removed by calling +.Xr SSL_SESSION_free 3 . +.Pp +.Fn SSL_CTX_remove_session +removes the session +.Fa c +from the context +.Fa ctx +and marks it as non-resumable. +.Xr SSL_SESSION_free 3 +is called once for +.Fa c . +.Pp +When adding a new session to the internal session cache, it is examined +whether a session with the same session id already exists. +In this case it is assumed that both sessions are identical. +If the same session is stored in a different +.Vt SSL_SESSION +object, the old session is removed and replaced by the new session. +If the session is actually identical (the +.Vt SSL_SESSION +object is identical), +.Fn SSL_CTX_add_session +is a no-op, and the return value is 0. +.Pp +If a server +.Vt SSL_CTX +is configured with the +.Dv SSL_SESS_CACHE_NO_INTERNAL_STORE +flag then the internal cache will not be populated automatically by new +sessions negotiated by the SSL/TLS implementation, even though the internal +cache will be searched automatically for session-resume requests (the +latter can be suppressed by +.Dv SSL_SESS_CACHE_NO_INTERNAL_LOOKUP ) . +So the application can use +.Fn SSL_CTX_add_session +directly to have full control over the sessions that can be resumed if desired. +.Sh RETURN VALUES +The following values are returned by all functions: +.Bl -tag -width Ds +.It 0 +The operation failed. +In case of the add operation, it was tried to add the same (identical) session +twice. +In case of the remove operation, the session was not found in the cache. +.It 1 +The operation succeeded. +.El +.Sh SEE ALSO +.Xr ssl 3 , +.Xr SSL_CTX_set_session_cache_mode 3 , +.Xr SSL_SESSION_free 3 +.Sh HISTORY +.Fn SSL_CTX_add_session +and +.Fn SSL_CTX_remove_session +first appeared in SSLeay 0.8.0 and have been available since +.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_CTX_ctrl.3 b/src/lib/libssl/man/SSL_CTX_ctrl.3 new file mode 100644 index 00000000000..c91ddff374d --- /dev/null +++ b/src/lib/libssl/man/SSL_CTX_ctrl.3 @@ -0,0 +1,122 @@ +.\" $OpenBSD: SSL_CTX_ctrl.3,v 1.7 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2001 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_CTX_CTRL 3 +.Os +.Sh NAME +.Nm SSL_CTX_ctrl , +.Nm SSL_CTX_callback_ctrl , +.Nm SSL_ctrl , +.Nm SSL_callback_ctrl +.Nd internal handling functions for SSL_CTX and SSL objects +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft long +.Fn SSL_CTX_ctrl "SSL_CTX *ctx" "int cmd" "long larg" "void *parg" +.Ft long +.Fn SSL_CTX_callback_ctrl "SSL_CTX *" "int cmd" "void (*fp)()" +.Ft long +.Fn SSL_ctrl "SSL *ssl" "int cmd" "long larg" "void *parg" +.Ft long +.Fn SSL_callback_ctrl "SSL *" "int cmd" "void (*fp)()" +.Sh DESCRIPTION +The +.Fn SSL_*_ctrl +family of functions is used to manipulate settings of +the +.Vt SSL_CTX +and +.Vt SSL +objects. +Depending on the command +.Fa cmd +the arguments +.Fa larg , +.Fa parg , +or +.Fa fp +are evaluated. +These functions should never be called directly. +All functionalities needed are made available via other functions or macros. +.Sh RETURN VALUES +The return values of the +.Fn SSL*_ctrl +functions depend on the command supplied via the +.Fn cmd +parameter. +.Sh SEE ALSO +.Xr ssl 3 , +.Xr SSL_CTX_add_extra_chain_cert 3 , +.Xr SSL_CTX_sess_number 3 , +.Xr SSL_CTX_sess_set_cache_size 3 , +.Xr SSL_CTX_set_max_cert_list 3 , +.Xr SSL_CTX_set_mode 3 , +.Xr SSL_CTX_set_options 3 , +.Xr SSL_CTX_set_session_cache_mode 3 , +.Xr SSL_CTX_set_tlsext_servername_callback 3 , +.Xr SSL_CTX_set_tlsext_status_cb 3 , +.Xr SSL_CTX_set_tlsext_ticket_key_cb 3 , +.Xr SSL_get_server_tmp_key 3 , +.Xr SSL_num_renegotiations 3 , +.Xr SSL_session_reused 3 , +.Xr SSL_set_max_send_fragment 3 +.Sh HISTORY +.Fn SSL_CTX_ctrl +and +.Fn SSL_ctrl +first appeared in SSLeay 0.8.0 and have been available since +.Ox 2.4 . +.Pp +.Fn SSL_CTX_callback_ctrl +and +.Fn SSL_callback_ctrl +first appeared in OpenSSL 0.9.5 and have been available since +.Ox 2.7 . diff --git a/src/lib/libssl/man/SSL_CTX_flush_sessions.3 b/src/lib/libssl/man/SSL_CTX_flush_sessions.3 new file mode 100644 index 00000000000..2ef781cb4a8 --- /dev/null +++ b/src/lib/libssl/man/SSL_CTX_flush_sessions.3 @@ -0,0 +1,100 @@ +.\" $OpenBSD: SSL_CTX_flush_sessions.3,v 1.5 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL SSL_CTX_flush_sessions.pod 1722496f Jun 8 15:18:38 2017 -0400 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2001 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_CTX_FLUSH_SESSIONS 3 +.Os +.Sh NAME +.Nm SSL_CTX_flush_sessions +.Nd remove expired sessions +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft void +.Fn SSL_CTX_flush_sessions "SSL_CTX *ctx" "long tm" +.Sh DESCRIPTION +.Fn SSL_CTX_flush_sessions +causes a run through the session cache of +.Fa ctx +to remove sessions expired at time +.Fa tm . +.Pp +If enabled, the internal session cache will collect all sessions established +up to the specified maximum number (see +.Xr SSL_CTX_sess_set_cache_size 3 ) . +As sessions will not be reused once they are expired, they should be +removed from the cache to save resources. +This can either be done automatically whenever 255 new sessions were +established (see +.Xr SSL_CTX_set_session_cache_mode 3 ) +or manually by calling +.Fn SSL_CTX_flush_sessions . +.Pp +The parameter +.Fa tm +specifies the time which should be used for the +expiration test, in most cases the actual time given by +.Fn time 0 +will be used. +.Pp +.Fn SSL_CTX_flush_sessions +will only check sessions stored in the internal cache. +When a session is found and removed, the +.Va remove_session_cb +is however called to synchronize with the external cache (see +.Xr SSL_CTX_sess_set_get_cb 3 ) . +.Sh SEE ALSO +.Xr ssl 3 , +.Xr SSL_CTX_sess_set_get_cb 3 , +.Xr SSL_CTX_set_session_cache_mode 3 , +.Xr SSL_CTX_set_timeout 3 +.Sh HISTORY +.Fn SSL_CTX_flush_sessions +first appeared in SSLeay 0.8.0 and has been available since +.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_CTX_free.3 b/src/lib/libssl/man/SSL_CTX_free.3 new file mode 100644 index 00000000000..47f247631b2 --- /dev/null +++ b/src/lib/libssl/man/SSL_CTX_free.3 @@ -0,0 +1,101 @@ +.\" $OpenBSD: SSL_CTX_free.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2000, 2001, 2003 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_CTX_FREE 3 +.Os +.Sh NAME +.Nm SSL_CTX_free +.Nd free an allocated SSL_CTX object +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft void +.Fn SSL_CTX_free "SSL_CTX *ctx" +.Sh DESCRIPTION +.Fn SSL_CTX_free +decrements the reference count of +.Fa ctx , +and removes the +.Vt SSL_CTX +object pointed to by +.Fa ctx +and frees up the allocated memory if the reference count has reached 0. +If +.Fa ctx +is a +.Dv NULL +pointer, no action occurs. +.Pp +It also calls the +.Xr free 3 Ns ing +procedures for indirectly affected items, if applicable: +the session cache, the list of ciphers, the list of Client CAs, +the certificates and keys. +.Sh WARNINGS +If a session-remove callback is set +.Pq Xr SSL_CTX_sess_set_remove_cb 3 , +this callback will be called for each session being freed from +.Fa ctx Ns 's +session cache. +This implies that all corresponding sessions from an external session cache are +removed as well. +If this is not desired, the user should explicitly unset the callback by +calling +.Fn SSL_CTX_sess_set_remove_cb ctx NULL +prior to calling +.Fn SSL_CTX_free . +.Sh SEE ALSO +.Xr ssl 3 , +.Xr SSL_CTX_new 3 , +.Xr SSL_CTX_sess_set_get_cb 3 +.Sh HISTORY +.Fn SSL_CTX_free +first appeared in SSLeay 0.5.1 and has been available since +.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_CTX_get0_certificate.3 b/src/lib/libssl/man/SSL_CTX_get0_certificate.3 new file mode 100644 index 00000000000..d63ad572b18 --- /dev/null +++ b/src/lib/libssl/man/SSL_CTX_get0_certificate.3 @@ -0,0 +1,50 @@ +.\" $OpenBSD: SSL_CTX_get0_certificate.3,v 1.2 2018/03/23 14:28:16 schwarze Exp $ +.\" +.\" Copyright (c) 2018 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt SSL_CTX_GET0_CERTIFICATE 3 +.Os +.Sh NAME +.Nm SSL_CTX_get0_certificate +.Nd get the active certificate from an SSL context +.Sh SYNOPSIS +.Ft X509 * +.Fo SSL_CTX_get0_certificate +.Fa "const SSL_CTX *ctx" +.Fc +.Sh DESCRIPTION +The +.Fn SSL_CTX_get0_certificate +function returns an internal pointer +to the ASN.1 certificate currently active in +.Fa ctx +or +.Dv NULL +if none was installed with +.Xr SSL_CTX_use_certificate 3 +or similar functions. +.Pp +The returned pointer must not be freed by the caller. +.Sh SEE ALSO +.Xr SSL_CTX_new 3 , +.Xr SSL_CTX_use_certificate 3 , +.Xr X509_get_pubkey 3 , +.Xr X509_get_subject_name 3 , +.Xr X509_new 3 +.Sh HISTORY +.Fn SSL_CTX_get0_certificate +first appeared in OpenSSL 1.0.2 and have been available since +.Ox 6.3 . diff --git a/src/lib/libssl/man/SSL_CTX_get_ex_new_index.3 b/src/lib/libssl/man/SSL_CTX_get_ex_new_index.3 new file mode 100644 index 00000000000..3dbaf2e981c --- /dev/null +++ b/src/lib/libssl/man/SSL_CTX_get_ex_new_index.3 @@ -0,0 +1,124 @@ +.\" $OpenBSD: SSL_CTX_get_ex_new_index.3,v 1.3 2018/03/21 08:06:34 schwarze Exp $ +.\" OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2001, 2005 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 21 2018 $ +.Dt SSL_CTX_GET_EX_NEW_INDEX 3 +.Os +.Sh NAME +.Nm SSL_CTX_get_ex_new_index , +.Nm SSL_CTX_set_ex_data , +.Nm SSL_CTX_get_ex_data +.Nd internal application specific data functions +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft int +.Fo SSL_CTX_get_ex_new_index +.Fa "long argl" +.Fa "void *argp" +.Fa "CRYPTO_EX_new *new_func" +.Fa "CRYPTO_EX_dup *dup_func" +.Fa "CRYPTO_EX_free *free_func" +.Fc +.Ft int +.Fn SSL_CTX_set_ex_data "SSL_CTX *ctx" "int idx" "void *arg" +.Ft void * +.Fn SSL_CTX_get_ex_data "const SSL_CTX *ctx" "int idx" +.Bd -literal + typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp); + typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp); + typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, + int idx, long argl, void *argp); +.Ed +.Sh DESCRIPTION +Several OpenSSL structures can have application specific data attached to them. +These functions are used internally by OpenSSL to manipulate application +specific data attached to a specific structure. +.Pp +.Fn SSL_CTX_get_ex_new_index +is used to register a new index for application specific data. +.Pp +.Fn SSL_CTX_set_ex_data +is used to store application data at +.Fa arg +for +.Fa idx +into the +.Fa ctx +object. +.Pp +.Fn SSL_CTX_get_ex_data +is used to retrieve the information for +.Fa idx +from +.Fa ctx . +.Pp +A detailed description for the +.Fn *_get_ex_new_index +functionality can be found in +.Xr RSA_get_ex_new_index 3 . +The +.Fn *_get_ex_data +and +.Fn *_set_ex_data +functionality is described in +.Xr CRYPTO_set_ex_data 3 . +.Sh SEE ALSO +.Xr CRYPTO_set_ex_data 3 , +.Xr RSA_get_ex_new_index 3 , +.Xr ssl 3 +.Sh HISTORY +.Fn SSL_CTX_get_ex_new_index , +.Fn SSL_CTX_set_ex_data , +and +.Fn SSL_CTX_get_ex_data +first appeared in SSLeay 0.9.0 and have been available since +.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_CTX_get_verify_mode.3 b/src/lib/libssl/man/SSL_CTX_get_verify_mode.3 new file mode 100644 index 00000000000..7c877750695 --- /dev/null +++ b/src/lib/libssl/man/SSL_CTX_get_verify_mode.3 @@ -0,0 +1,131 @@ +.\" $OpenBSD: SSL_CTX_get_verify_mode.3,v 1.5 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2000, 2005 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_CTX_GET_VERIFY_MODE 3 +.Os +.Sh NAME +.Nm SSL_CTX_get_verify_mode , +.Nm SSL_get_verify_mode , +.Nm SSL_CTX_get_verify_depth , +.Nm SSL_get_verify_depth , +.Nm SSL_get_verify_callback , +.Nm SSL_CTX_get_verify_callback +.Nd get currently set verification parameters +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft int +.Fn SSL_CTX_get_verify_mode "const SSL_CTX *ctx" +.Ft int +.Fn SSL_get_verify_mode "const SSL *ssl" +.Ft int +.Fn SSL_CTX_get_verify_depth "const SSL_CTX *ctx" +.Ft int +.Fn SSL_get_verify_depth "const SSL *ssl" +.Ft int +.Fo "(*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))" +.Fa int "X509_STORE_CTX *" +.Fc +.Ft int +.Fo "(*SSL_get_verify_callback(const SSL *ssl))" +.Fa int "X509_STORE_CTX *" +.Fc +.Sh DESCRIPTION +.Fn SSL_CTX_get_verify_mode +returns the verification mode currently set in +.Fa ctx . +.Pp +.Fn SSL_get_verify_mode +returns the verification mode currently set in +.Fa ssl . +.Pp +.Fn SSL_CTX_get_verify_depth +returns the verification depth limit currently set +in +.Fa ctx . +If no limit has been explicitly set, +\(mi1 is returned and the default value will be used. +.Pp +.Fn SSL_get_verify_depth +returns the verification depth limit currently set in +.Fa ssl . +If no limit has been explicitly set, +\(mi1 is returned and the default value will be used. +.Pp +.Fn SSL_CTX_get_verify_callback +returns a function pointer to the verification callback currently set in +.Fa ctx . +If no callback was explicitly set, the +.Dv NULL +pointer is returned and the default callback will be used. +.Pp +.Fn SSL_get_verify_callback +returns a function pointer to the verification callback currently set in +.Fa ssl . +If no callback was explicitly set, the +.Dv NULL +pointer is returned and the default callback will be used. +.Sh SEE ALSO +.Xr ssl 3 , +.Xr SSL_CTX_set_verify 3 +.Sh HISTORY +.Fn SSL_CTX_get_verify_mode , +.Fn SSL_get_verify_mode , +.Fn SSL_get_verify_callback , +and +.Fn SSL_CTX_get_verify_callback +first appeared in SSLeay 0.8.0 and have been available since +.Ox 2.4 . +.Pp +.Fn SSL_CTX_get_verify_depth +and +.Fn SSL_get_verify_depth +first appeared in OpenSSL 0.9.3 and have been available since +.Ox 2.6 . diff --git a/src/lib/libssl/man/SSL_CTX_load_verify_locations.3 b/src/lib/libssl/man/SSL_CTX_load_verify_locations.3 new file mode 100644 index 00000000000..373df2402ec --- /dev/null +++ b/src/lib/libssl/man/SSL_CTX_load_verify_locations.3 @@ -0,0 +1,238 @@ +.\" $OpenBSD: SSL_CTX_load_verify_locations.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2000, 2001, 2015, 2016 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_CTX_LOAD_VERIFY_LOCATIONS 3 +.Os +.Sh NAME +.Nm SSL_CTX_load_verify_locations , +.Nm SSL_CTX_set_default_verify_paths +.Nd set default locations for trusted CA certificates +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft int +.Fo SSL_CTX_load_verify_locations +.Fa "SSL_CTX *ctx" "const char *CAfile" "const char *CApath" +.Fc +.Ft int +.Fo SSL_CTX_set_default_verify_paths +.Fa "SSL_CTX *ctx" +.Fc +.Sh DESCRIPTION +.Fn SSL_CTX_load_verify_locations +specifies the locations for +.Fa ctx , +at which CA certificates for verification purposes are located. +The certificates available via +.Fa CAfile +and +.Fa CApath +are trusted. +.Pp +.Fn SSL_CTX_set_default_verify_paths +specifies that the default locations from which CA certificates are +loaded should be used. +There is one default directory and one default file. +The default CA certificates directory is called +.Pa certs +in the default OpenSSL directory. +The default CA certificates file is called +.Pa cert.pem +in the default OpenSSL directory. +.Pp +If +.Fa CAfile +is not +.Dv NULL , +it points to a file of CA certificates in PEM format. +The file can contain several CA certificates identified by sequences of: +.Bd -literal + -----BEGIN CERTIFICATE----- + ... (CA certificate in base64 encoding) ... + -----END CERTIFICATE----- +.Ed +.Pp +Before, between, and after the certificates arbitrary text is allowed which can +be used, e.g., for descriptions of the certificates. +.Pp +The +.Fa CAfile +is processed on execution of the +.Fn SSL_CTX_load_verify_locations +function. +.Pp +If +.Fa CApath +is not NULL, it points to a directory containing CA certificates in PEM format. +The files each contain one CA certificate. +The files are looked up by the CA subject name hash value, +which must hence be available. +If more than one CA certificate with the same name hash value exist, +the extension must be different (e.g., +.Pa 9d66eef0.0 , +.Pa 9d66eef0.1 , +etc.). +The search is performed in the ordering of the extension number, +regardless of other properties of the certificates. +.Pp +The certificates in +.Fa CApath +are only looked up when required, e.g., when building the certificate chain or +when actually performing the verification of a peer certificate. +.Pp +When looking up CA certificates, the OpenSSL library will first search the +certificates in +.Fa CAfile , +then those in +.Fa CApath . +Certificate matching is done based on the subject name, the key identifier (if +present), and the serial number as taken from the certificate to be verified. +If these data do not match, the next certificate will be tried. +If a first certificate matching the parameters is found, +the verification process will be performed; +no other certificates for the same parameters will be searched in case of +failure. +.Pp +In server mode, when requesting a client certificate, the server must send +the list of CAs of which it will accept client certificates. +This list is not influenced by the contents of +.Fa CAfile +or +.Fa CApath +and must explicitly be set using the +.Xr SSL_CTX_set_client_CA_list 3 +family of functions. +.Pp +When building its own certificate chain, an OpenSSL client/server will try to +fill in missing certificates from +.Fa CAfile Ns / Fa CApath , +if the +certificate chain was not explicitly specified (see +.Xr SSL_CTX_add_extra_chain_cert 3 +and +.Xr SSL_CTX_use_certificate 3 ) . +.Sh RETURN VALUES +For +.Fn SSL_CTX_load_verify_locations , +the following return values can occur: +.Bl -tag -width Ds +.It 0 +The operation failed because +.Fa CAfile +and +.Fa CApath +are +.Dv NULL +or the processing at one of the locations specified failed. +Check the error stack to find out the reason. +.It 1 +The operation succeeded. +.El +.Pp +.Fn SSL_CTX_set_default_verify_paths +returns 1 on success or 0 on failure. +A missing default location is still treated as a success. +.Sh EXAMPLES +Generate a CA certificate file with descriptive text from the CA certificates +.Pa ca1.pem +.Pa ca2.pem +.Pa ca3.pem : +.Bd -literal +#!/bin/sh +rm CAfile.pem +for i in ca1.pem ca2.pem ca3.pem; do + openssl x509 -in $i -text >> CAfile.pem +done +.Ed +.Pp +Prepare the directory /some/where/certs containing several CA certificates +for use as +.Fa CApath : +.Bd -literal +$ cd /some/where/certs +$ rm -f *.[0-9]* *.r[0-9]* +$ for c in *.pem; do +> [ "$c" = "*.pem" ] && continue +> hash=$(openssl x509 -noout -hash -in "$c") +> if egrep -q -- '-BEGIN( X509 | TRUSTED | )CERTIFICATE-' "$c"; then +> suf=0 +> while [ -e $hash.$suf ]; do suf=$(( $suf + 1 )); done +> ln -s "$c" $hash.$suf +> fi +> if egrep -q -- '-BEGIN X509 CRL-' "$c"; then +> suf=0 +> while [ -e $hash.r$suf ]; do suf=$(( $suf + 1 )); done +> ln -s "$c" $hash.r$suf +> fi +> done +.Ed +.Sh SEE ALSO +.Xr ssl 3 , +.Xr SSL_CTX_add_extra_chain_cert 3 , +.Xr SSL_CTX_set_cert_store 3 , +.Xr SSL_CTX_set_client_CA_list 3 , +.Xr SSL_CTX_use_certificate 3 , +.Xr SSL_get_client_CA_list 3 +.Sh HISTORY +.Fn SSL_CTX_load_verify_locations +and +.Fn SSL_CTX_set_default_verify_paths +first appeared in SSLeay 0.8.0 and have been available since +.Ox 2.4 . +.Sh CAVEATS +If several CA certificates matching the name, key identifier, and serial +number condition are available, only the first one will be examined. +This may lead to unexpected results if the same CA certificate is available +with different expiration dates. +If a +.Dq certificate expired +verification error occurs, no other certificate will be searched. +Make sure to not have expired certificates mixed with valid ones. diff --git a/src/lib/libssl/man/SSL_CTX_new.3 b/src/lib/libssl/man/SSL_CTX_new.3 new file mode 100644 index 00000000000..35fe702fb62 --- /dev/null +++ b/src/lib/libssl/man/SSL_CTX_new.3 @@ -0,0 +1,306 @@ +.\" $OpenBSD: SSL_CTX_new.3,v 1.11 2019/03/18 06:23:38 schwarze Exp $ +.\" full merge up to: OpenSSL 21cd6e00 Oct 21 14:40:15 2015 +0100 +.\" selective merge up to: OpenSSL 1212818e Sep 11 13:22:14 2018 +0100 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2000, 2005, 2012, 2013, 2015, 2016 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 18 2019 $ +.Dt SSL_CTX_NEW 3 +.Os +.Sh NAME +.Nm SSL_CTX_new , +.Nm SSL_CTX_up_ref , +.Nm TLS_method , +.Nm TLS_server_method , +.Nm TLS_client_method , +.Nm SSLv23_method , +.Nm SSLv23_server_method , +.Nm SSLv23_client_method , +.Nm TLSv1_method , +.Nm TLSv1_server_method , +.Nm TLSv1_client_method , +.Nm TLSv1_1_method , +.Nm TLSv1_1_server_method , +.Nm TLSv1_1_client_method , +.Nm TLSv1_2_method , +.Nm TLSv1_2_server_method , +.Nm TLSv1_2_client_method , +.Nm DTLS_method , +.Nm DTLS_server_method , +.Nm DTLS_client_method , +.Nm DTLSv1_method , +.Nm DTLSv1_server_method , +.Nm DTLSv1_client_method +.Nd create a new SSL_CTX object as framework for TLS/SSL enabled functions +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft SSL_CTX * +.Fn SSL_CTX_new "const SSL_METHOD *method" +.Ft int +.Fn SSL_CTX_up_ref "SSL_CTX *ctx" +.Ft const SSL_METHOD * +.Fn TLS_method void +.Ft const SSL_METHOD * +.Fn TLS_server_method void +.Ft const SSL_METHOD * +.Fn TLS_client_method void +.Ft const SSL_METHOD * +.Fn SSLv23_method void +.Ft const SSL_METHOD * +.Fn SSLv23_server_method void +.Ft const SSL_METHOD * +.Fn SSLv23_client_method void +.Ft const SSL_METHOD * +.Fn TLSv1_method void +.Ft const SSL_METHOD * +.Fn TLSv1_server_method void +.Ft const SSL_METHOD * +.Fn TLSv1_client_method void +.Ft const SSL_METHOD * +.Fn TLSv1_1_method void +.Ft const SSL_METHOD * +.Fn TLSv1_1_server_method void +.Ft const SSL_METHOD * +.Fn TLSv1_1_client_method void +.Ft const SSL_METHOD * +.Fn TLSv1_2_method void +.Ft const SSL_METHOD * +.Fn TLSv1_2_server_method void +.Ft const SSL_METHOD * +.Fn TLSv1_2_client_method void +.Ft const SSL_METHOD * +.Fn DTLS_method void +.Ft const SSL_METHOD * +.Fn DTLS_server_method void +.Ft const SSL_METHOD * +.Fn DTLS_client_method void +.Ft const SSL_METHOD * +.Fn DTLSv1_method void +.Ft const SSL_METHOD * +.Fn DTLSv1_server_method void +.Ft const SSL_METHOD * +.Fn DTLSv1_client_method void +.Sh DESCRIPTION +.Fn SSL_CTX_new +creates a new +.Vt SSL_CTX +object as framework to establish TLS/SSL or DTLS enabled connections. +It initializes the list of ciphers, the session cache setting, the +callbacks, the keys and certificates, and the options to its default +values. +.Pp +An +.Vt SSL_CTX +object is reference counted. +Creating a new +.Vt SSL_CTX +object sets its reference count to 1. +Calling +.Fn SSL_CTX_up_ref +on it increments the reference count by 1. +Calling +.Xr SSL_CTX_free 3 +on it decrements the reference count by 1. +When the reference count drops to zero, +any memory or resources allocated to the +.Vt SSL_CTX +object are freed. +.Pp +The +.Vt SSL_CTX +object uses +.Fa method +as its connection method. +The methods exist in a generic type (for client and server use), +a server only type, and a client only type. +.Fa method +can be of the following types: +.Bl -tag -width Ds +.It Xo +.Fn TLS_method , +.Fn TLS_server_method , +.Fn TLS_client_method +.Xc +These are the general-purpose version-flexible SSL/TLS methods. +The actual protocol version used will be negotiated to the highest +version mutually supported by the client and the server. +The supported protocols are TLSv1, TLSv1.1 and TLSv1.2. +Applications should use these methods and avoid the version-specific +methods described below. +.It Xo +.Fn SSLv23_method , +.Fn SSLv23_server_method , +.Fn SSLv23_client_method +.Xc +Use of these functions is deprecated. +They have been replaced with the above +.Fn TLS_method , +.Fn TLS_server_method , +and +.Fn TLS_client_method , +respectively. +New code should use those functions instead. +.It Xo +.Fn TLSv1_method , +.Fn TLSv1_server_method , +.Fn TLSv1_client_method +.Xc +A TLS/SSL connection established with these methods will only +understand the TLSv1 protocol. +.It Xo +.Fn TLSv1_1_method , +.Fn TLSv1_1_server_method , +.Fn TLSv1_1_client_method +.Xc +A TLS/SSL connection established with these methods will only +understand the TLSv1.1 protocol. +.It Xo +.Fn TLSv1_2_method , +.Fn TLSv1_2_server_method , +.Fn TLSv1_2_client_method +.Xc +A TLS/SSL connection established with these methods will only +understand the TLSv1.2 protocol. +.It Xo +.Fn DTLS_method , +.Fn DTLS_server_method , +.Fn DTLS_client_method +.Xc +These are the version-flexible DTLS methods. +The currently supported protocol is DTLS 1.0. +.It Xo +.Fn DTLSv1_method , +.Fn DTLSv1_server_method , +.Fn DTLSv1_client_method +.Xc +These are the version-specific methods for DTLSv1. +.El +.Pp +The list of protocols available can also be limited using the +.Dv SSL_OP_NO_TLSv1 , +.Dv SSL_OP_NO_TLSv1_1 , +and +.Dv SSL_OP_NO_TLSv1_2 +options of the +.Xr SSL_CTX_set_options 3 +or +.Xr SSL_set_options 3 +functions, but this approach is not recommended. +Clients should avoid creating "holes" in the set of protocols they support. +When disabling a protocol, make sure that you also disable either +all previous or all subsequent protocol versions. +In clients, when a protocol version is disabled without disabling +all previous protocol versions, the effect is to also disable all +subsequent protocol versions. +.Sh RETURN VALUES +.Fn SSL_CTX_new +returns a pointer to the newly allocated object or +.Dv NULL +on failure. +Check the error stack to find out the reason for failure. +.Pp +.Fn SSL_CTX_up_ref +returns 1 for success or 0 for failure. +.Sh SEE ALSO +.Xr ssl 3 , +.Xr SSL_accept 3 , +.Xr SSL_CTX_free 3 , +.Xr SSL_CTX_set_min_proto_version 3 , +.Xr SSL_CTX_set_options 3 , +.Xr SSL_set_connect_state 3 +.Sh HISTORY +.Fn SSL_CTX_new +first appeared in SSLeay 0.5.1. +.Fn SSLv23_method , +.Fn SSLv23_server_method , +and +.Fn SSLv23_client_method +first appeared in SSLeay 0.8.0. +.Fn TLSv1_method , +.Fn TLSv1_server_method , +and +.Fn TLSv1_client_method +first appeared in SSLeay 0.9.0. +All these functions have been available since +.Ox 2.4 . +.Pp +.Fn DTLSv1_method , +.Fn DTLSv1_server_method , +and +.Fn DTLSv1_client_method +first appeared in OpenSSL 0.9.8 and have been available since +.Ox 4.5 . +.Pp +.Fn TLSv1_1_method , +.Fn TLSv1_1_server_method , +.Fn TLSv1_1_client_method , +.Fn TLSv1_2_method , +.Fn TLSv1_2_server_method , +and +.Fn TLSv1_2_client_method +first appeared in OpenSSL 1.0.1 and have been available since +.Ox 5.3 . +.Pp +.Fn DTLS_method , +.Fn DTLS_server_method , +and +.Fn DTLS_client_method +first appeared in OpenSSL 1.0.2 and have been available since +.Ox 6.5 . +.Pp +.Fn TLS_method , +.Fn TLS_server_method , +and +.Fn TLS_client_method +first appeared in OpenSSL 1.1.0 and have been available since +.Ox 5.8 . +.Pp +.Fn SSL_CTX_up_ref +first appeared in OpenSSL 1.1.0 and has been available since +.Ox 6.3 . diff --git a/src/lib/libssl/man/SSL_CTX_sess_number.3 b/src/lib/libssl/man/SSL_CTX_sess_number.3 new file mode 100644 index 00000000000..4c0e0c37676 --- /dev/null +++ b/src/lib/libssl/man/SSL_CTX_sess_number.3 @@ -0,0 +1,167 @@ +.\" $OpenBSD: SSL_CTX_sess_number.3,v 1.8 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL SSL_CTX_sess_number.pod 7bd27895 Mar 29 11:45:29 2017 +1000 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2001 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_CTX_SESS_NUMBER 3 +.Os +.Sh NAME +.Nm SSL_CTX_sess_number , +.Nm SSL_CTX_sess_connect , +.Nm SSL_CTX_sess_connect_good , +.Nm SSL_CTX_sess_connect_renegotiate , +.Nm SSL_CTX_sess_accept , +.Nm SSL_CTX_sess_accept_good , +.Nm SSL_CTX_sess_accept_renegotiate , +.Nm SSL_CTX_sess_hits , +.Nm SSL_CTX_sess_cb_hits , +.Nm SSL_CTX_sess_misses , +.Nm SSL_CTX_sess_timeouts , +.Nm SSL_CTX_sess_cache_full +.Nd obtain session cache statistics +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft long +.Fn SSL_CTX_sess_number "SSL_CTX *ctx" +.Ft long +.Fn SSL_CTX_sess_connect "SSL_CTX *ctx" +.Ft long +.Fn SSL_CTX_sess_connect_good "SSL_CTX *ctx" +.Ft long +.Fn SSL_CTX_sess_connect_renegotiate "SSL_CTX *ctx" +.Ft long +.Fn SSL_CTX_sess_accept "SSL_CTX *ctx" +.Ft long +.Fn SSL_CTX_sess_accept_good "SSL_CTX *ctx" +.Ft long +.Fn SSL_CTX_sess_accept_renegotiate "SSL_CTX *ctx" +.Ft long +.Fn SSL_CTX_sess_hits "SSL_CTX *ctx" +.Ft long +.Fn SSL_CTX_sess_cb_hits "SSL_CTX *ctx" +.Ft long +.Fn SSL_CTX_sess_misses "SSL_CTX *ctx" +.Ft long +.Fn SSL_CTX_sess_timeouts "SSL_CTX *ctx" +.Ft long +.Fn SSL_CTX_sess_cache_full "SSL_CTX *ctx" +.Sh DESCRIPTION +.Fn SSL_CTX_sess_number +returns the current number of sessions in the internal session cache. +.Pp +.Fn SSL_CTX_sess_connect +returns the number of started SSL/TLS handshakes in client mode. +.Pp +.Fn SSL_CTX_sess_connect_good +returns the number of successfully established SSL/TLS sessions in client mode. +.Pp +.Fn SSL_CTX_sess_connect_renegotiate +returns the number of started renegotiations in client mode. +.Pp +.Fn SSL_CTX_sess_accept +returns the number of started SSL/TLS handshakes in server mode. +.Pp +.Fn SSL_CTX_sess_accept_good +returns the number of successfully established SSL/TLS sessions in server mode. +.Pp +.Fn SSL_CTX_sess_accept_renegotiate +returns the number of started renegotiations in server mode. +.Pp +.Fn SSL_CTX_sess_hits +returns the number of successfully reused sessions. +In client mode a session set with +.Xr SSL_set_session 3 +successfully reused is counted as a hit. +In server mode a session successfully retrieved from internal or external cache +is counted as a hit. +.Pp +.Fn SSL_CTX_sess_cb_hits +returns the number of successfully retrieved sessions from the external session +cache in server mode. +.Pp +.Fn SSL_CTX_sess_misses +returns the number of sessions proposed by clients that were not found in the +internal session cache in server mode. +.Pp +.Fn SSL_CTX_sess_timeouts +returns the number of sessions proposed by clients and either found in the +internal or external session cache in server mode, +but that were invalid due to timeout. +These sessions are not included in the +.Fn SSL_CTX_sess_hits +count. +.Pp +.Fn SSL_CTX_sess_cache_full +returns the number of sessions that were removed because the maximum session +cache size was exceeded. +.Sh SEE ALSO +.Xr SSL_CTX_ctrl 3 , +.Xr SSL_CTX_sess_set_cache_size 3 , +.Xr SSL_CTX_set_session_cache_mode 3 , +.Xr SSL_set_session 3 +.Sh HISTORY +.Fn SSL_CTX_sess_number , +.Fn SSL_CTX_sess_connect , +.Fn SSL_CTX_sess_connect_good , +.Fn SSL_CTX_sess_accept , +.Fn SSL_CTX_sess_accept_good , +.Fn SSL_CTX_sess_hits , +.Fn SSL_CTX_sess_misses , +and +.Fn SSL_CTX_sess_timeouts +first appeared in SSLeay 0.5.2. +.Fn SSL_CTX_sess_cb_hits +first appeared in SSLeay 0.6.0. +.Fn SSL_CTX_sess_connect_renegotiate , +.Fn SSL_CTX_sess_accept_renegotiate , +and +.Fn SSL_CTX_sess_cache_full +first appeared in SSLeay 0.9.0. +All these functions have been available since +.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 b/src/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 new file mode 100644 index 00000000000..0b9e69a6745 --- /dev/null +++ b/src/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 @@ -0,0 +1,108 @@ +.\" $OpenBSD: SSL_CTX_sess_set_cache_size.3,v 1.4 2018/03/21 08:06:34 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2001, 2002, 2014 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 21 2018 $ +.Dt SSL_CTX_SESS_SET_CACHE_SIZE 3 +.Os +.Sh NAME +.Nm SSL_CTX_sess_set_cache_size , +.Nm SSL_CTX_sess_get_cache_size +.Nd manipulate session cache size +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft long +.Fn SSL_CTX_sess_set_cache_size "SSL_CTX *ctx" "long t" +.Ft long +.Fn SSL_CTX_sess_get_cache_size "SSL_CTX *ctx" +.Sh DESCRIPTION +.Fn SSL_CTX_sess_set_cache_size +sets the size of the internal session cache of context +.Fa ctx +to +.Fa t . +.Pp +.Fn SSL_CTX_sess_get_cache_size +returns the currently valid session cache size. +.Pp +The internal session cache size is +.Dv SSL_SESSION_CACHE_MAX_SIZE_DEFAULT , +currently 1024\(mu20, so that up to 20000 sessions can be held. +This size can be modified using the +.Fn SSL_CTX_sess_set_cache_size +call. +A special case is the size 0, which is used for unlimited size. +.Pp +If adding the session makes the cache exceed its size, then unused +sessions are dropped from the end of the cache. +Cache space may also be reclaimed by calling +.Xr SSL_CTX_flush_sessions 3 +to remove expired sessions. +.Pp +If the size of the session cache is reduced and more sessions are already in +the session cache, +old session will be removed the next time a session shall be added. +This removal is not synchronized with the expiration of sessions. +.Sh RETURN VALUES +.Fn SSL_CTX_sess_set_cache_size +returns the previously valid size. +.Pp +.Fn SSL_CTX_sess_get_cache_size +returns the currently valid size. +.Sh SEE ALSO +.Xr SSL_CTX_ctrl 3 , +.Xr SSL_CTX_flush_sessions 3 , +.Xr SSL_CTX_sess_number 3 , +.Xr SSL_CTX_set_session_cache_mode 3 +.Sh HISTORY +.Fn SSL_CTX_sess_set_cache_size +and +.Fn SSL_CTX_sess_get_cache_size +first appeared in SSLeay 0.9.0 and have been available since +.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 b/src/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 new file mode 100644 index 00000000000..5b2b4ba9da4 --- /dev/null +++ b/src/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 @@ -0,0 +1,220 @@ +.\" $OpenBSD: SSL_CTX_sess_set_get_cb.3,v 1.6 2018/04/25 14:07:57 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2001, 2002, 2003, 2016 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: April 25 2018 $ +.Dt SSL_CTX_SESS_SET_GET_CB 3 +.Os +.Sh NAME +.Nm SSL_CTX_sess_set_new_cb , +.Nm SSL_CTX_sess_set_remove_cb , +.Nm SSL_CTX_sess_set_get_cb , +.Nm SSL_CTX_sess_get_new_cb , +.Nm SSL_CTX_sess_get_remove_cb , +.Nm SSL_CTX_sess_get_get_cb +.Nd provide callback functions for server side external session caching +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft void +.Fo SSL_CTX_sess_set_new_cb +.Fa "SSL_CTX *ctx" +.Fa "int (*new_session_cb)(SSL *, SSL_SESSION *)" +.Fc +.Ft void +.Fo SSL_CTX_sess_set_remove_cb +.Fa "SSL_CTX *ctx" +.Fa "void (*remove_session_cb)(SSL_CTX *ctx, SSL_SESSION *)" +.Fc +.Ft void +.Fo SSL_CTX_sess_set_get_cb +.Fa "SSL_CTX *ctx" +.Fa "SSL_SESSION (*get_session_cb)(SSL *, const unsigned char *, int, int *)" +.Fc +.Ft int +.Fo "(*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))" +.Fa "SSL *ssl" +.Fa "SSL_SESSION *sess" +.Fc +.Ft void +.Fo "(*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))" +.Fa "SSL_CTX *ctx" +.Fa "SSL_SESSION *sess" +.Fc +.Ft SSL_SESSION * +.Fo "(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))" +.Fa "SSL *ssl" +.Fa "const unsigned char *data" +.Fa "int len" +.Fa "int *copy" +.Fc +.Ft int +.Fo "(*new_session_cb)" +.Fa "SSL *ssl" +.Fa "SSL_SESSION *sess" +.Fc +.Ft void +.Fo "(*remove_session_cb)" +.Fa "SSL_CTX *ctx" +.Fa "SSL_SESSION *sess" +.Fc +.Ft SSL_SESSION * +.Fo "(*get_session_cb)" +.Fa "SSL *ssl" +.Fa "unsigned char *data" +.Fa "int len" +.Fa "int *copy" +.Fc +.Sh DESCRIPTION +.Fn SSL_CTX_sess_set_new_cb +sets the callback function which is automatically called whenever a new session +was negotiated. +.Pp +.Fn SSL_CTX_sess_set_remove_cb +sets the callback function which is automatically called whenever a session is +removed by the SSL engine (because it is considered faulty or the session has +become obsolete because of exceeding the timeout value). +.Pp +.Fn SSL_CTX_sess_set_get_cb +sets the callback function which is called whenever a SSL/TLS client proposes +to resume a session but the session cannot be found in the internal session +cache (see +.Xr SSL_CTX_set_session_cache_mode 3 ) . +(SSL/TLS server only.) +.Pp +.Fn SSL_CTX_sess_get_new_cb , +.Fn SSL_CTX_sess_get_remove_cb , +and +.Fn SSL_CTX_sess_get_get_cb +retrieve the function pointers of the provided callback functions. +If a callback function has not been set, the +.Dv NULL +pointer is returned. +.Pp +In order to allow external session caching, synchronization with the internal +session cache is realized via callback functions. +Inside these callback functions, session can be saved to disk or put into a +database using the +.Xr d2i_SSL_SESSION 3 +interface. +.Pp +The +.Fn new_session_cb +function is called whenever a new session has been negotiated and session +caching is enabled (see +.Xr SSL_CTX_set_session_cache_mode 3 ) . +The +.Fn new_session_cb +is passed the +.Fa ssl +connection and the ssl session +.Fa sess . +If the callback returns 0, the session will be immediately removed again. +.Pp +The +.Fn remove_session_cb +is called whenever the SSL engine removes a session from the internal cache. +This happens when the session is removed because it is expired or when a +connection was not shut down cleanly. +It also happens for all sessions in the internal session cache when +.Xr SSL_CTX_free 3 +is called. +The +.Fn remove_session_cb +function is passed the +.Fa ctx +and the +.Vt ssl +session +.Fa sess . +It does not provide any feedback. +.Pp +The +.Fn get_session_cb +function is only called on SSL/TLS servers with the session id proposed by the +client. +The +.Fn get_session_cb +function is always called, also when session caching was disabled. +The +.Fn get_session_cb +is passed the +.Fa ssl +connection, the session id of length +.Fa length +at the memory location +.Fa data . +With the parameter +.Fa copy +the callback can require the SSL engine to increment the reference count of the +.Vt SSL_SESSION +object, +Normally the reference count is not incremented and therefore the session must +not be explicitly freed with +.Xr SSL_SESSION_free 3 . +.Sh SEE ALSO +.Xr d2i_SSL_SESSION 3 , +.Xr ssl 3 , +.Xr SSL_CTX_flush_sessions 3 , +.Xr SSL_CTX_free 3 , +.Xr SSL_CTX_set_session_cache_mode 3 , +.Xr SSL_SESSION_free 3 +.Sh HISTORY +.Fn SSL_CTX_sess_set_new_cb , +.Fn SSL_CTX_sess_set_get_cb , +.Fn SSL_CTX_sess_get_new_cb , +and +.Fn SSL_CTX_sess_get_get_cb +first appeared in SSLeay 0.6.0. +.Fn SSL_CTX_sess_set_remove_cb +and +.Fn SSL_CTX_sess_get_remove_cb +first appeared in SSLeay 0.8.0. +These functions have been available since +.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_CTX_sessions.3 b/src/lib/libssl/man/SSL_CTX_sessions.3 new file mode 100644 index 00000000000..964d1a7346c --- /dev/null +++ b/src/lib/libssl/man/SSL_CTX_sessions.3 @@ -0,0 +1,86 @@ +.\" $OpenBSD: SSL_CTX_sessions.3,v 1.5 2018/04/25 14:19:39 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2001 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: April 25 2018 $ +.Dt SSL_CTX_SESSIONS 3 +.Os +.Sh NAME +.Nm SSL_CTX_sessions +.Nd access internal session cache +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft LHASH_OF(SSL_SESSION) * +.Fn SSL_CTX_sessions "SSL_CTX *ctx" +.Sh DESCRIPTION +.Fn SSL_CTX_sessions +returns a pointer to the lhash databases containing the internal session cache +for +.Fa ctx . +.Pp +The sessions in the internal session cache are kept in an +lhash-type database +(see +.Xr lh_new 3 ) . +It is possible to directly access this database, e.g., for searching. +In parallel, +the sessions form a linked list which is maintained separately from the +lhash operations, +so that the database must not be modified directly but by using the +.Xr SSL_CTX_add_session 3 +family of functions. +.Sh SEE ALSO +.Xr lh_new 3 , +.Xr ssl 3 , +.Xr SSL_CTX_add_session 3 , +.Xr SSL_CTX_set_session_cache_mode 3 +.Sh HISTORY +.Fn SSL_CTX_sessions +first appeared in SSLeay 0.5.2 and has been available since +.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_CTX_set1_groups.3 b/src/lib/libssl/man/SSL_CTX_set1_groups.3 new file mode 100644 index 00000000000..0d1eb36ea75 --- /dev/null +++ b/src/lib/libssl/man/SSL_CTX_set1_groups.3 @@ -0,0 +1,163 @@ +.\" $OpenBSD: SSL_CTX_set1_groups.3,v 1.2 2017/08/19 19:36:39 schwarze Exp $ +.\" OpenSSL SSL_CTX_set1_curves.pod de4d764e Nov 9 14:51:06 2016 +0000 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2013, 2014, 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: August 19 2017 $ +.Dt SSL_CTX_SET1_GROUPS 3 +.Os +.Sh NAME +.Nm SSL_CTX_set1_groups , +.Nm SSL_CTX_set1_groups_list , +.Nm SSL_set1_groups , +.Nm SSL_set1_groups_list , +.Nm SSL_CTX_set1_curves , +.Nm SSL_CTX_set1_curves_list , +.Nm SSL_set1_curves , +.Nm SSL_set1_curves_list +.Nd choose supported EC groups +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft int +.Fo SSL_CTX_set1_groups +.Fa "SSL_CTX *ctx" +.Fa "const int *glist" +.Fa "size_t glistlen" +.Fc +.Ft int +.Fo SSL_CTX_set1_groups_list +.Fa "SSL_CTX *ctx" +.Fa "const char *list" +.Fc +.Ft int +.Fo SSL_set1_groups +.Fa "SSL *ssl" +.Fa "const int *glist" +.Fa "size_t glistlen" +.Fc +.Ft int +.Fo SSL_set1_groups_list +.Fa "SSL *ssl" +.Fa "const char *list" +.Fc +.Ft int +.Fo SSL_CTX_set1_curves +.Fa "SSL_CTX *ctx" +.Fa "const int *clist" +.Fa "size_t clistlen" +.Fc +.Ft int +.Fo SSL_CTX_set1_curves_list +.Fa "SSL_CTX *ctx" +.Fa "const char *list" +.Fc +.Ft int +.Fo SSL_set1_curves +.Fa "SSL *ssl" +.Fa "const int *clist" +.Fa "size_t clistlen" +.Fc +.Ft int +.Fo SSL_set1_curves_list +.Fa "SSL *ssl" +.Fa "const char *list" +.Fc +.Sh DESCRIPTION +.Fn SSL_CTX_set1_groups +sets the supported groups for +.Fa ctx +to the +.Fa glistlen +groups in the array +.Fa glist . +The array consists of group NIDs in preference order. +For a TLS client, the groups are used directly in the supported groups +extension. +For a TLS server, the groups are used to determine the set of shared +groups. +.Pp +.Fn SSL_CTX_set1_groups_list +sets the supported groups for +.Fa ctx +to the +.Fa list +represented as a colon separated list of group NIDs or names, for example +"P-521:P-384:P-256". +.Pp +.Fn SSL_set1_groups +and +.Fn SSL_set1_groups_list +are similar except that they set supported groups for the SSL structure +.Fa ssl +only. +.Pp +The curve functions are deprecated synonyms for the equivalently +named group functions and are identical in every respect except +that they are implemented as macros. +They exist because prior to TLS1.3, there was only the concept of +supported curves. +In TLS1.3, this was renamed to supported groups and extended to include +Diffie Hellman groups. +.Pp +If an application wishes to make use of several of these functions for +configuration purposes either on a command line or in a file, it should +consider using the SSL_CONF interface instead of manually parsing +options. +.Sh RETURN VALUES +All these functions return 1 for success or 0 for failure. +.Sh SEE ALSO +.Xr ssl 3 , +.Xr SSL_CTX_add_extra_chain_cert 3 , +.Xr SSL_CTX_set_cipher_list 3 , +.Xr SSL_CTX_set_options 3 , +.Xr SSL_new 3 +.Sh HISTORY +The curve functions first appeared in OpenSSL 1.0.2 +and the group functions in OpenSSL 1.1.1. +Both have been available since +.Ox 6.1 . diff --git a/src/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3 b/src/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3 new file mode 100644 index 00000000000..540fd011f55 --- /dev/null +++ b/src/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3 @@ -0,0 +1,273 @@ +.\" $OpenBSD: SSL_CTX_set_alpn_select_cb.3,v 1.7 2018/03/23 14:28:16 schwarze Exp $ +.\" OpenSSL 87b81496 Apr 19 12:38:27 2017 -0400 +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Todd Short . +.\" Copyright (c) 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt SSL_CTX_SET_ALPN_SELECT_CB 3 +.Os +.Sh NAME +.Nm SSL_CTX_set_alpn_protos , +.Nm SSL_set_alpn_protos , +.Nm SSL_CTX_set_alpn_select_cb , +.Nm SSL_select_next_proto , +.Nm SSL_get0_alpn_selected +.Nd handle application layer protocol negotiation (ALPN) +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft int +.Fo SSL_CTX_set_alpn_protos +.Fa "SSL_CTX *ctx" +.Fa "const unsigned char *protos" +.Fa "unsigned int protos_len" +.Fc +.Ft int +.Fo SSL_set_alpn_protos +.Fa "SSL *ssl" +.Fa "const unsigned char *protos" +.Fa "unsigned int protos_len" +.Fc +.Ft void +.Fo SSL_CTX_set_alpn_select_cb +.Fa "SSL_CTX *ctx" +.Fa "int (*cb)(SSL *ssl, const unsigned char **out,\ + unsigned char *outlen, const unsigned char *in,\ + unsigned int inlen, void *arg)" +.Fa "void *arg" +.Fc +.Ft int +.Fo SSL_select_next_proto +.Fa "unsigned char **out" +.Fa "unsigned char *outlen" +.Fa "const unsigned char *server" +.Fa "unsigned int server_len" +.Fa "const unsigned char *client" +.Fa "unsigned int client_len" +.Fc +.Ft void +.Fo SSL_get0_alpn_selected +.Fa "const SSL *ssl" +.Fa "const unsigned char **data" +.Fa "unsigned int *len" +.Fc +.Sh DESCRIPTION +.Fn SSL_CTX_set_alpn_protos +and +.Fn SSL_set_alpn_protos +are used by the client to set the list of protocols available to be +negotiated. +The +.Fa protos +must be in protocol-list format, described below. +The length of +.Fa protos +is specified in +.Fa protos_len . +.Pp +.Fn SSL_CTX_set_alpn_select_cb +sets the application callback +.Fa cb +used by a server to select which protocol to use for the incoming +connection. +When +.Fa cb +is +.Dv NULL , +ALPN is not used. +The +.Fa arg +value is a pointer which is passed to the application callback. +.Pp +.Fa cb +is the application defined callback. +The +.Fa in , +.Fa inlen +parameters are a vector in protocol-list format. +The value of the +.Fa out , +.Fa outlen +vector should be set to the value of a single protocol selected from the +.Fa in , +.Fa inlen +vector. +The +.Fa out +buffer may point directly into +.Fa in , +or to a buffer that outlives the handshake. +The +.Fa arg +parameter is the pointer set via +.Fn SSL_CTX_set_alpn_select_cb . +.Pp +.Fn SSL_select_next_proto +is a helper function used to select protocols. +It implements the standard protocol selection. +It is expected that this function is called from the application +callback +.Fa cb . +The protocol data in +.Fa server , +.Fa server_len +and +.Fa client , +.Fa client_len +must be in the protocol-list format described below. +The first item in the +.Fa server , +.Fa server_len +list that matches an item in the +.Fa client , +.Fa client_len +list is selected, and returned in +.Fa out , +.Fa outlen . +The +.Fa out +value will point into either +.Fa server +or +.Fa client , +so it should be copied immediately. +If no match is found, the first item in +.Fa client , +.Fa client_len +is returned in +.Fa out , +.Fa outlen . +.Pp +.Fn SSL_get0_alpn_selected +returns a pointer to the selected protocol in +.Fa data +with length +.Fa len . +It is not NUL-terminated. +.Fa data +is set to +.Dv NULL +and +.Fa len +is set to 0 if no protocol has been selected. +.Fa data +must not be freed. +.Pp +The protocol-lists must be in wire-format, which is defined as a vector +of non-empty, 8-bit length-prefixed byte strings. +The length-prefix byte is not included in the length. +Each string is limited to 255 bytes. +A byte-string length of 0 is invalid. +A truncated byte-string is invalid. +The length of the vector is not in the vector itself, but in a separate +variable. +.Pp +For example: +.Bd -literal +unsigned char vector[] = { + 6, 's', 'p', 'd', 'y', '/', '1', + 8, 'h', 't', 't', 'p', '/', '1', '.', '1' +}; +unsigned int length = sizeof(vector); +.Ed +.Pp +The ALPN callback is executed after the servername callback; as that +servername callback may update the SSL_CTX, and subsequently, the ALPN +callback. +.Pp +If there is no ALPN proposed in the ClientHello, the ALPN callback is +not invoked. +.Sh RETURN VALUES +.Fn SSL_CTX_set_alpn_protos +and +.Fn SSL_set_alpn_protos +return 0 on success or non-zero on failure. +WARNING: these functions reverse the return value convention. +.Pp +.Fn SSL_select_next_proto +returns one of the following: +.Bl -tag -width Ds +.It OPENSSL_NPN_NEGOTIATED +A match was found and is returned in +.Fa out , +.Fa outlen . +.It OPENSSL_NPN_NO_OVERLAP +No match was found. +The first item in +.Fa client , +.Fa client_len +is returned in +.Fa out , +.Fa outlen . +.El +.Pp +The ALPN select callback +.Fa cb +must return one of the following: +.Bl -tag -width Ds +.It SSL_TLSEXT_ERR_OK +ALPN protocol selected. +.It SSL_TLSEXT_ERR_NOACK +ALPN protocol not selected. +.El +.Sh SEE ALSO +.Xr ssl 3 , +.Xr SSL_CTX_set_tlsext_servername_arg 3 , +.Xr SSL_CTX_set_tlsext_servername_callback 3 +.Sh HISTORY +.Fn SSL_select_next_proto +first appeared in OpenSSL 1.0.1 and has been available since +.Ox 5.3 . +.Pp +.Fn SSL_CTX_set_alpn_protos , +.Fn SSL_set_alpn_protos , +.Fn SSL_CTX_set_alpn_select_cb , +and +.Fn SSL_get0_alpn_selected +first appeared in OpenSSL 1.0.2 and have been available since +.Ox 5.7 . diff --git a/src/lib/libssl/man/SSL_CTX_set_cert_store.3 b/src/lib/libssl/man/SSL_CTX_set_cert_store.3 new file mode 100644 index 00000000000..b23e3c4a12b --- /dev/null +++ b/src/lib/libssl/man/SSL_CTX_set_cert_store.3 @@ -0,0 +1,130 @@ +.\" $OpenBSD: SSL_CTX_set_cert_store.3,v 1.7 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2001, 2002, 2005 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_CTX_SET_CERT_STORE 3 +.Os +.Sh NAME +.Nm SSL_CTX_set_cert_store , +.Nm SSL_CTX_get_cert_store +.Nd manipulate X509 certificate verification storage +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft void +.Fn SSL_CTX_set_cert_store "SSL_CTX *ctx" "X509_STORE *store" +.Ft X509_STORE * +.Fn SSL_CTX_get_cert_store "const SSL_CTX *ctx" +.Sh DESCRIPTION +.Fn SSL_CTX_set_cert_store +sets the verification storage of +.Fa ctx +to or replaces it with +.Fa store . +If another +.Vt X509_STORE +object is currently set in +.Fa ctx , +it will be freed. +.Pp +.Fn SSL_CTX_get_cert_store +returns a pointer to the current certificate verification storage. +.Pp +In order to verify the certificates presented by the peer, trusted CA +certificates must be accessed. +These CA certificates are made available via lookup methods, handled inside the +.Vt X509_STORE . +From the +.Vt X509_STORE +the +.Vt X509_STORE_CTX +used when verifying certificates is created. +.Pp +Typically the trusted certificate store is handled indirectly via using +.Xr SSL_CTX_load_verify_locations 3 . +Using the +.Fn SSL_CTX_set_cert_store +and +.Fn SSL_CTX_get_cert_store +functions it is possible to manipulate the +.Vt X509_STORE +object beyond the +.Xr SSL_CTX_load_verify_locations 3 +call. +.Pp +Currently no detailed documentation on how to use the +.Vt X509_STORE +object is available. +Not all members of the +.Vt X509_STORE +are used when the verification takes place. +So will, for example, the +.Fn verify_callback +be overridden with the +.Fn verify_callback +set via the +.Xr SSL_CTX_set_verify 3 +family of functions. +This document must therefore be updated when documentation about the +.Vt X509_STORE +object and its handling becomes available. +.Sh RETURN VALUES +.Fn SSL_CTX_get_cert_store +returns the current setting. +.Sh SEE ALSO +.Xr ssl 3 , +.Xr SSL_CTX_load_verify_locations 3 , +.Xr SSL_CTX_set_verify 3 , +.Xr X509_STORE_new 3 +.Sh HISTORY +.Fn SSL_CTX_set_cert_store +and +.Fn SSL_CTX_get_cert_store +first appeared in SSLeay 0.8.1 and have been available since +.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 b/src/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 new file mode 100644 index 00000000000..e3ca5ff4ffc --- /dev/null +++ b/src/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 @@ -0,0 +1,163 @@ +.\" $OpenBSD: SSL_CTX_set_cert_verify_callback.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2001, 2002 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_CTX_SET_CERT_VERIFY_CALLBACK 3 +.Os +.Sh NAME +.Nm SSL_CTX_set_cert_verify_callback +.Nd set peer certificate verification procedure +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft void +.Fo SSL_CTX_set_cert_verify_callback +.Fa "SSL_CTX *ctx" +.Fa "int (*callback)(X509_STORE_CTX *, void *)" +.Fa "void *arg" +.Fc +.Sh DESCRIPTION +.Fn SSL_CTX_set_cert_verify_callback +sets the verification callback function for +.Fa ctx . +.Vt SSL +objects that are created from +.Fa ctx +inherit the setting valid at the time when +.Xr SSL_new 3 +is called. +.Sh NOTES +Whenever a certificate is verified during a SSL/TLS handshake, +a verification function is called. +If the application does not explicitly specify a verification callback +function, the built-in verification function is used. +If a verification callback +.Fa callback +is specified via +.Fn SSL_CTX_set_cert_verify_callback , +the supplied callback function is called instead. +By setting +.Fa callback +to +.Dv NULL , +the default behaviour is restored. +.Pp +When the verification must be performed, +.Fa callback +will be called with the arguments +.Fn callback "X509_STORE_CTX *x509_store_ctx" "void *arg" . +The argument +.Fa arg +is specified by the application when setting +.Fa callback . +.Pp +.Fa callback +should return 1 to indicate verification success and 0 to indicate verification +failure. +If +.Dv SSL_VERIFY_PEER +is set and +.Fa callback +returns 0, the handshake will fail. +As the verification procedure may allow the connection to continue in case of +failure (by always returning 1) the verification result must be set in any case +using the +.Fa error +member of +.Fa x509_store_ctx +so that the calling application will be informed about the detailed result of +the verification procedure! +.Pp +Within +.Fa x509_store_ctx , +.Fa callback +has access to the +.Fa verify_callback +function set using +.Xr SSL_CTX_set_verify 3 . +.Sh SEE ALSO +.Xr ssl 3 , +.Xr SSL_CTX_load_verify_locations 3 , +.Xr SSL_CTX_set_verify 3 , +.Xr SSL_get_verify_result 3 +.Sh HISTORY +.Fn SSL_CTX_set_cert_verify_callback +first appeared in SSLeay 0.6.1 and has been available since +.Ox 2.4 . +.Pp +Previous to OpenSSL 0.9.7, the +.Fa arg +argument to +.Fn SSL_CTX_set_cert_verify_callback +was ignored, and +.Fa callback +was called +simply as +.Ft int +.Fn (*callback) "X509_STORE_CTX *" . +To compile software written for previous versions of OpenSSL, +a dummy argument will have to be added to +.Fa callback . +.Sh CAVEATS +Do not mix the verification callback described in this function with the +.Fa verify_callback +function called during the verification process. +The latter is set using the +.Xr SSL_CTX_set_verify 3 +family of functions. +.Pp +Providing a complete verification procedure including certificate purpose +settings, etc., is a complex task. +The built-in procedure is quite powerful and in most cases it should be +sufficient to modify its behaviour using the +.Fa verify_callback +function. +.Sh BUGS +.Fn SSL_CTX_set_cert_verify_callback +does not provide diagnostic information. diff --git a/src/lib/libssl/man/SSL_CTX_set_cipher_list.3 b/src/lib/libssl/man/SSL_CTX_set_cipher_list.3 new file mode 100644 index 00000000000..a64826e5782 --- /dev/null +++ b/src/lib/libssl/man/SSL_CTX_set_cipher_list.3 @@ -0,0 +1,373 @@ +.\" $OpenBSD: SSL_CTX_set_cipher_list.3,v 1.7 2018/04/10 21:37:20 schwarze Exp $ +.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file is a derived work. +.\" The changes are covered by the following Copyright and license: +.\" +.\" Copyright (c) 2018 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" The original file was written by Lutz Jaenicke . +.\" Copyright (c) 2000, 2001, 2013 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: April 10 2018 $ +.Dt SSL_CTX_SET_CIPHER_LIST 3 +.Os +.Sh NAME +.Nm SSL_CTX_set_cipher_list , +.Nm SSL_set_cipher_list +.Nd choose list of available SSL_CIPHERs +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft int +.Fn SSL_CTX_set_cipher_list "SSL_CTX *ctx" "const char *control" +.Ft int +.Fn SSL_set_cipher_list "SSL *ssl" "const char *control" +.Sh DESCRIPTION +.Fn SSL_CTX_set_cipher_list +sets the list of available cipher suites for +.Fa ctx +using the +.Fa control +string. +The list of cipher suites is inherited by all +.Fa ssl +objects created from +.Fa ctx . +.Pp +.Fn SSL_set_cipher_list +sets the list of cipher suites only for +.Fa ssl . +.Pp +The control string consists of one or more control words +separated by colon characters +.Pq Ql \&: . +Space +.Pq Ql \ \& , +semicolon +.Pq Ql \&; , +and comma +.Pq Ql \&, +characters can also be used as separators. +Each control words selects a set of cipher suites +and can take one of the following optional prefix characters: +.Bl -tag -width Ds +.It \&No prefix: +Those of the selected cipher suites that have not been made available +yet are added to the end of the list of available cipher suites, +preserving their order. +.It Prefixed minus sign Pq Ql \- : +Those of the selected cipher suites that have been made available +earlier are moved back from the list of available cipher suites to +the beginning of the list of unavailable cipher suites, +also preserving their order. +.It Prefixed plus sign Pq Ql + : +Those of the selected cipher suites have been made available earlier +are moved to end of the list of available cipher suites, reducing +their priority, but preserving the order among themselves. +.It Prefixed exclamation mark Pq Ql \&! : +The selected cipher suites are permanently deleted, no matter whether +they had earlier been made available or not, and can no longer +be added or re-added by later words. +.El +.Pp +The following special words can only be used without a prefix: +.Bl -tag -width Ds +.It Cm DEFAULT +An alias for +.Sm off +.Cm ALL No :! Cm aNULL No :! Cm eNULL . +.Sm on +It can only be used as the first word. +.It Cm @STRENGTH +Sort the list by decreasing encryption strength, +preserving the order of cipher suites that have the same strength. +It is usally given as the last word. +.El +.Pp +The following words can be used to select groups of cipher suites, +with or without a prefix character. +If two or more of these words are joined with plus signs +.Pq Ql + +to form a longer word, only the intersection of the specified sets +is selected. +.Bl -tag -width Ds +.It Cm ADH +Cipher suites using ephemeral DH for key exchange +without doing any server authentication. +Equivalent to +.Cm kEDH Ns + Ns Cm aNULL . +.It Cm aDSS +Cipher suites using DSS server authentication. +LibreSSL does not provide any such cipher suites. +.It Cm AEAD +Cipher suites using Authenticated Encryption with Additional Data. +.It Cm AECDH +Cipher suites using ephemeral ECDH for key exchange +without doing any server authentication. +Equivalent to +.Cm kEECDH Ns + Ns Cm aNULL . +.It Cm aECDSA +Cipher suites using ECDSA server authentication. +.It Cm AES +Cipher suites using AES or AESGCM for symmetric encryption. +.It Cm AES128 +Cipher suites using AES(128) or AESGCM(128) for symmetric encryption. +.It Cm AES256 +Cipher suites using AES(256) or AESGCM(256) for symmetric encryption. +.It Cm AESGCM +Cipher suites using AESGCM for symmetric encryption. +.It Cm aGOST +An alias for +.Cm aGOST01 . +.It Cm aGOST01 +Cipher suites using GOST R 34.10-2001 server authentication. +.It Cm ALL +All cipher suites except those selected by +.Cm eNULL . +.It Cm aNULL +Cipher suites that don't do any server authentication. +Not enabled by +.Cm DEFAULT . +Beware of man-in-the-middle attacks. +.It Cm aRSA +Cipher suites using RSA server authentication. +.It Cm CAMELLIA +Cipher suites using Camellia for symmetric encryption. +.It Cm CAMELLIA128 +Cipher suites using Camellia(128) for symmetric encryption. +.It Cm CAMELLIA256 +Cipher suites using Camellia(256) for symmetric encryption. +.It Cm CHACHA20 +Cipher suites using ChaCha20-Poly1305 for symmetric encryption. +.It Cm COMPLEMENTOFALL +Cipher suites that are not included in +.Cm ALL . +Currently an alias for +.Cm eNULL . +.It Cm COMPLEMENTOFDEFAULT +Cipher suites that are included in +.Cm ALL , +but not included in +.Cm DEFAULT . +Currently similar to +.Cm aNULL Ns :! Ns Cm eNULL +except for the order of the cipher suites which are +.Em not +selected. +.It Cm DES +Cipher suites using single DES for symmetric encryption. +.It Cm 3DES +Cipher suites using triple DES for symmetric encryption. +.It Cm DH +An alias for +.Cm kEDH . +.It Cm DHE +Cipher suites using ephemeral DH for key exchange, +but excluding those that don't do any server authentication. +Similar to +.Cm kEDH Ns :! Ns Cm aNULL +except for the order of the cipher suites which are +.Em not +selected. +.It Cm DSS +An alias for +.Cm aDSS . +.It Cm ECDH +An alias for +.Cm kEECHD . +.It Cm ECDHE +Cipher suites using ephemeral ECDH for key exchange, +but excluding those that don't do any server authentication. +Similar to +.Cm kEECDH Ns :! Ns Cm aNULL +except for the order of the cipher suites which are +.Em not +selected. +.It Cm ECDSA +An alias for +.Cm aECDSA . +.It Cm EDH +An alias for +.Cm DHE . +.It Cm EECHD +An alias for +.Cm ECDHE . +.It Cm eNULL +Cipher suites that do not use any encryption. +Not enabled by +.Cm DEFAULT , +and not even included in +.Cm ALL . +.It Cm GOST89MAC +Cipher suites using GOST 28147-89 for message authentication +instead of HMAC. +.It Cm GOST94 +Cipher suites using HMAC based on GOST R 34.11-94 +for message authentication. +.It Cm HIGH +Cipher suites of high strength. +Currently, these are cipher suites using +.Cm CHACHA20 , +.Cm AES , +.Cm CAMELLIA , +or GOST-28178-89-CNT symmetric encryption. +.It Cm IDEA +Cipher suites using IDEA for symmetric encryption. +LibreSSL does not provide any such cipher suites. +.It Cm kEDH +Cipher suites using ephemeral DH for key exchange. +.It Cm kEECDH +Cipher suites using ephemeral ECDH for key exchange. +.It Cm kGOST +Cipher suites using VKO 34.10 key exchange, specified in RFC 4357. +.It Cm kRSA +Cipher suites using RSA key exchange. +.It Cm LOW +Cipher suites of low strength. +Currently, these are cipher suites using +.Cm DES +or +.Cm RC4 +symmetric encryption. +.It Cm MD5 +Cipher suites using MD5 for message authentication. +.It Cm MEDIUM +Cipher suites of medium strength. +Currently, these are cipher suites using +.Cm 3DES +symmetric encryption. +.It Cm NULL +An alias for +.Cm eNULL . +.It Cm RC4 +Cipher suites using RC4 for symmetric encryption. +.It Cm RSA +Cipher suites using RSA for both key exchange and server authentication. +Equivalent to +.Cm kRSA Ns + Ns Cm aRSA . +.It Cm SHA +An alias for +.Cm SHA1 . +.It Cm SHA1 +Cipher suites using SHA1 for message authentication. +.It Cm SHA256 +Cipher suites using SHA256 for message authentication. +.It Cm SHA384 +Cipher suites using SHA384 for message authentication. +.It Cm SSLv3 +An alias for +.Cm TLSv1 . +.It Cm STREEBOG256 +Cipher suites using STREEBOG256 for message authentication. +.It Cm TLSv1 +Cipher suites usable with any TLS protocol. +.It Cm TLSv1.2 +Cipher suites for the TLSv1.2 protocol. +.El +.Pp +The full words returned by the +.Xr openssl 1 +.Cm ciphers +command can be used to select individual cipher suites. +.Pp +Unknown words are silently ignored, selecting no cipher suites. +Failure is only flagged if the +.Fa control +string contains invalid bytes +or if no matching cipher suites are available at all. +.Pp +On the client side, including a cipher suite into the list of +available cipher suites is sufficient for using it. +On the server side, all cipher suites have additional requirements. +ADH ciphers don't need a certificate, but DH-parameters must have been set. +All other cipher suites need a corresponding certificate and key. +.Pp +A RSA cipher can only be chosen when a RSA certificate is available. +RSA ciphers using DHE need a certificate and key and additional DH-parameters +(see +.Xr SSL_CTX_set_tmp_dh_callback 3 ) . +.Pp +A DSA cipher can only be chosen when a DSA certificate is available. +DSA ciphers always use DH key exchange and therefore need DH-parameters (see +.Xr SSL_CTX_set_tmp_dh_callback 3 ) . +.Pp +When these conditions are not met +for any cipher suite in the list (for example, a +client only supports export RSA ciphers with an asymmetric key length of 512 +bits and the server is not configured to use temporary RSA keys), the +.Dq no shared cipher +.Pq Dv SSL_R_NO_SHARED_CIPHER +error is generated and the handshake will fail. +.Sh RETURN VALUES +.Fn SSL_CTX_set_cipher_list +and +.Fn SSL_set_cipher_list +return 1 if any cipher suite could be selected and 0 on complete failure. +.Sh SEE ALSO +.Xr ssl 3 , +.Xr SSL_CTX_set1_groups 3 , +.Xr SSL_CTX_set_tmp_dh_callback 3 , +.Xr SSL_CTX_use_certificate 3 , +.Xr SSL_get_ciphers 3 +.Sh HISTORY +.Fn SSL_CTX_set_cipher_list +and +.Fn SSL_set_cipher_list +first appeared in SSLeay 0.5.2 and have been available since +.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_CTX_set_client_CA_list.3 b/src/lib/libssl/man/SSL_CTX_set_client_CA_list.3 new file mode 100644 index 00000000000..274a673b0f1 --- /dev/null +++ b/src/lib/libssl/man/SSL_CTX_set_client_CA_list.3 @@ -0,0 +1,188 @@ +.\" $OpenBSD: SSL_CTX_set_client_CA_list.3,v 1.5 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2000, 2001, 2013 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_CTX_SET_CLIENT_CA_LIST 3 +.Os +.Sh NAME +.Nm SSL_CTX_set_client_CA_list , +.Nm SSL_set_client_CA_list , +.Nm SSL_CTX_add_client_CA , +.Nm SSL_add_client_CA +.Nd set list of CAs sent to the client when requesting a client certificate +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft void +.Fn SSL_CTX_set_client_CA_list "SSL_CTX *ctx" "STACK_OF(X509_NAME) *list" +.Ft void +.Fn SSL_set_client_CA_list "SSL *s" "STACK_OF(X509_NAME) *list" +.Ft int +.Fn SSL_CTX_add_client_CA "SSL_CTX *ctx" "X509 *cacert" +.Ft int +.Fn SSL_add_client_CA "SSL *ssl" "X509 *cacert" +.Sh DESCRIPTION +.Fn SSL_CTX_set_client_CA_list +sets the +.Fa list +of CAs sent to the client when requesting a client certificate for +.Fa ctx . +.Pp +.Fn SSL_set_client_CA_list +sets the +.Fa list +of CAs sent to the client when requesting a client certificate for the chosen +.Fa ssl , +overriding the setting valid for +.Fa ssl Ns 's +.Vt SSL_CTX +object. +.Pp +.Fn SSL_CTX_add_client_CA +adds the CA name extracted from +.Fa cacert +to the list of CAs sent to the client when requesting a client certificate for +.Fa ctx . +.Pp +.Fn SSL_add_client_CA +adds the CA name extracted from +.Fa cacert +to the list of CAs sent to the client when requesting a client certificate for +the chosen +.Fa ssl , +overriding the setting valid for +.Fa ssl Ns 's +.Va SSL_CTX +object. +.Pp +When a TLS/SSL server requests a client certificate (see +.Fn SSL_CTX_set_verify ) , +it sends a list of CAs for which it will accept certificates to the client. +.Pp +This list must explicitly be set using +.Fn SSL_CTX_set_client_CA_list +for +.Fa ctx +and +.Fn SSL_set_client_CA_list +for the specific +.Fa ssl . +The list specified overrides the previous setting. +The CAs listed do not become trusted +.Po +.Fa list +only contains the names, not the complete certificates +.Pc ; +use +.Xr SSL_CTX_load_verify_locations 3 +to additionally load them for verification. +.Pp +If the list of acceptable CAs is compiled in a file, the +.Xr SSL_load_client_CA_file 3 +function can be used to help importing the necessary data. +.Pp +.Fn SSL_CTX_add_client_CA +and +.Fn SSL_add_client_CA +can be used to add additional items the list of client CAs. +If no list was specified before using +.Fn SSL_CTX_set_client_CA_list +or +.Fn SSL_set_client_CA_list , +a new client CA list for +.Fa ctx +or +.Fa ssl +(as appropriate) is opened. +.Pp +These functions are only useful for TLS/SSL servers. +.Sh RETURN VALUES +.Fn SSL_CTX_set_client_CA_list +and +.Fn SSL_set_client_CA_list +do not return diagnostic information. +.Pp +.Fn SSL_CTX_add_client_CA +and +.Fn SSL_add_client_CA +have the following return values: +.Bl -tag -width Ds +.It 0 +A failure while manipulating the +.Dv STACK_OF Ns +.Pq Vt X509_NAME +object occurred or the +.Vt X509_NAME +could not be extracted from +.Fa cacert . +Check the error stack to find out the reason. +.It 1 +The operation succeeded. +.El +.Sh EXAMPLES +Scan all certificates in +.Fa CAfile +and list them as acceptable CAs: +.Bd -literal +SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile)); +.Ed +.Sh SEE ALSO +.Xr ssl 3 , +.Xr SSL_CTX_load_verify_locations 3 , +.Xr SSL_get_client_CA_list 3 , +.Xr SSL_load_client_CA_file 3 , +.Xr X509_NAME_new 3 +.Sh HISTORY +.Fn SSL_CTX_set_client_CA_list , +.Fn SSL_set_client_CA_list , +.Fn SSL_CTX_add_client_CA , +and +.Fn SSL_add_client_CA +first appeared in SSLeay 0.8.0 and have been available since +.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 b/src/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 new file mode 100644 index 00000000000..a2433b5e92f --- /dev/null +++ b/src/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 @@ -0,0 +1,191 @@ +.\" $OpenBSD: SSL_CTX_set_client_cert_cb.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2002 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_CTX_SET_CLIENT_CERT_CB 3 +.Os +.Sh NAME +.Nm SSL_CTX_set_client_cert_cb , +.Nm SSL_CTX_get_client_cert_cb +.Nd handle client certificate callback function +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft void +.Fo SSL_CTX_set_client_cert_cb +.Fa "SSL_CTX *ctx" +.Fa "int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)" +.Fc +.Ft int +.Fo "(*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))" +.Fa "SSL *ssl" "X509 **x509" "EVP_PKEY **pkey" +.Fc +.Ft int +.Fn "(*client_cert_cb)" "SSL *ssl" "X509 **x509" "EVP_PKEY **pkey" +.Sh DESCRIPTION +.Fn SSL_CTX_set_client_cert_cb +sets the +.Fa client_cert_cb() +callback that is called when a client certificate is requested by a server and +no certificate was yet set for the SSL object. +.Pp +When +.Fa client_cert_cb +is +.Dv NULL , +no callback function is used. +.Pp +.Fn SSL_CTX_get_client_cert_cb +returns a pointer to the currently set callback function. +.Pp +.Fn client_cert_cb +is the application-defined callback. +If it wants to set a certificate, +a certificate/private key combination must be set using the +.Fa x509 +and +.Fa pkey +arguments and 1 must be returned. +The certificate will be installed into +.Fa ssl . +If no certificate should be set, +0 has to be returned and no certificate will be sent. +A negative return value will suspend the handshake and the handshake function +will return immediately. +.Xr SSL_get_error 3 +will return +.Dv SSL_ERROR_WANT_X509_LOOKUP +to indicate that the handshake was suspended. +The next call to the handshake function will again lead to the call of +.Fa client_cert_cb() . +It is the job of the +.Fa client_cert_cb() +to store information +about the state of the last call, if required to continue. +.Pp +During a handshake (or renegotiation) +a server may request a certificate from the client. +A client certificate must only be sent when the server did send the request. +.Pp +When a certificate has been set using the +.Xr SSL_CTX_use_certificate 3 +family of functions, +it will be sent to the server. +The TLS standard requires that only a certificate is sent if it matches the +list of acceptable CAs sent by the server. +This constraint is violated by the default behavior of the OpenSSL library. +Using the callback function it is possible to implement a proper selection +routine or to allow a user interaction to choose the certificate to be sent. +.Pp +If a callback function is defined and no certificate was yet defined for the +.Vt SSL +object, the callback function will be called. +If the callback function returns a certificate, the OpenSSL library +will try to load the private key and certificate data into the +.Vt SSL +object using the +.Fn SSL_use_certificate +and +.Fn SSL_use_private_key +functions. +Thus it will permanently install the certificate and key for this SSL object. +It will not be reset by calling +.Xr SSL_clear 3 . +If the callback returns no certificate, the OpenSSL library will not send a +certificate. +.Sh SEE ALSO +.Xr ssl 3 , +.Xr SSL_clear 3 , +.Xr SSL_CTX_add_extra_chain_cert 3 , +.Xr SSL_CTX_use_certificate 3 , +.Xr SSL_free 3 , +.Xr SSL_get_client_CA_list 3 +.Sh HISTORY +.Fn SSL_CTX_set_client_cert_cb +and +.Fn SSL_CTX_get_client_cert_cb +first appeared in SSLeay 0.6.6 and have been available since +.Ox 2.4 . +.Sh BUGS +The +.Fa client_cert_cb() +cannot return a complete certificate chain; +it can only return one client certificate. +If the chain only has a length of 2, +the root CA certificate may be omitted according to the TLS standard and +thus a standard conforming answer can be sent to the server. +For a longer chain, the client must send the complete chain +(with the option to leave out the root CA certificate). +This can be accomplished only by either adding the intermediate CA certificates +into the trusted certificate store for the +.Vt SSL_CTX +object (resulting in having to add CA certificates that otherwise maybe would +not be trusted), or by adding the chain certificates using the +.Xr SSL_CTX_add_extra_chain_cert 3 +function, which is only available for the +.Vt SSL_CTX +object as a whole and that therefore probably can only apply for one client +certificate, making the concept of the callback function +(to allow the choice from several certificates) questionable. +.Pp +Once the +.Vt SSL +object has been used in conjunction with the callback function, +the certificate will be set for the +.Vt SSL +object and will not be cleared even when +.Xr SSL_clear 3 +is called. +It is therefore +.Em mandatory +to destroy the +.Vt SSL +object using +.Xr SSL_free 3 +and create a new one to return to the previous state. diff --git a/src/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 b/src/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 new file mode 100644 index 00000000000..7ab9633f5c1 --- /dev/null +++ b/src/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 @@ -0,0 +1,171 @@ +.\" $OpenBSD: SSL_CTX_set_default_passwd_cb.3,v 1.7 2018/04/02 02:06:14 schwarze Exp $ +.\" full merge up to: OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400 +.\" selective merge up to: OpenSSL 2947af32 Nov 19 00:10:05 2016 +0100 +.\" +.\" This file was written by Lutz Jaenicke +.\" and Christian Heimes . +.\" Copyright (c) 2000, 2001, 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: April 2 2018 $ +.Dt SSL_CTX_SET_DEFAULT_PASSWD_CB 3 +.Os +.Sh NAME +.Nm SSL_CTX_set_default_passwd_cb , +.Nm SSL_CTX_set_default_passwd_cb_userdata , +.Nm SSL_CTX_get_default_passwd_cb , +.Nm SSL_CTX_get_default_passwd_cb_userdata , +.Nm pem_password_cb +.Nd set or get passwd callback for encrypted PEM file handling +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft void +.Fn SSL_CTX_set_default_passwd_cb "SSL_CTX *ctx" "pem_password_cb *cb" +.Ft void +.Fn SSL_CTX_set_default_passwd_cb_userdata "SSL_CTX *ctx" "void *u" +.Ft pem_password_cb * +.Fn SSL_CTX_get_default_passwd_cb "SSL_CTX *ctx" +.Ft void * +.Fn SSL_CTX_get_default_passwd_cb_userdata "SSL_CTX *ctx" +.In openssl/pem.h +.Ft typedef int +.Fn pem_password_cb "char *buf" "int size" "int rwflag" "void *userdata" +.Sh DESCRIPTION +.Fn SSL_CTX_set_default_passwd_cb +sets the default password callback called when loading/storing a PEM +certificate with encryption. +.Pp +.Fn SSL_CTX_set_default_passwd_cb_userdata +sets a pointer to userdata +.Fa u +which will be provided to the password callback on invocation. +.Pp +The +password callback +.Fa cb , +which must be provided by the application, +hands back the password to be used during decryption. +On invocation a pointer to +.Fa userdata +is provided. +The password callback must write the password into the provided buffer +.Fa buf +which is of size +.Fa size . +The actual length of the password must be returned to the calling function. +.Fa rwflag +indicates whether the callback is used for reading/decryption +.Pq Fa rwflag No = 0 +or writing/encryption +.Pq Fa rwflag No = 1 . +.Pp +When loading or storing private keys, a password might be supplied to protect +the private key. +The way this password can be supplied may depend on the application. +If only one private key is handled, it can be practical to have the +callback handle the password dialog interactively. +If several keys have to be handled, it can be practical to ask for the password +once, then keep it in memory and use it several times. +In the last case, the password could be stored into the +.Fa userdata +storage and the callback only returns the password already stored. +.Pp +When asking for the password interactively, the callback can use +.Fa rwflag +to check whether an item shall be encrypted +.Pq Fa rwflag No = 1 . +In this case the password dialog may ask for the same password twice for +comparison in order to catch typos which would make decryption impossible. +.Pp +Other items in PEM formatting (certificates) can also be encrypted; it is +however atypical, as certificate information is considered public. +.Sh RETURN VALUES +.Fn SSL_CTX_get_default_passwd_cb +returns a function pointer to the password callback currently set in +.Fa ctx , +or +.Dv NULL +if none is set. +.Pp +.Fn SSL_CTX_get_default_passwd_cb_userdata +returns a pointer to the userdata currently set in +.Fa ctx , +or +.Dv NULL +if none is set. +.Sh EXAMPLES +The following example returns the password provided as +.Fa userdata +to the calling function. +The password is considered to be a +.Sq \e0 +terminated string. +If the password does not fit into the buffer, the password is truncated. +.Bd -literal +int pem_passwd_cb(char *buf, int size, int rwflag, void *password) +{ + strncpy(buf, (char *)password, size); + buf[size - 1] = '\e0'; + return strlen(buf); +} +.Ed +.Sh SEE ALSO +.Xr ssl 3 , +.Xr SSL_CTX_use_certificate 3 +.Sh HISTORY +.Fn SSL_CTX_set_default_passwd_cb +first appeared in SSLeay 0.6.2 and has been available since +.Ox 2.4 . +.Pp +.Fn SSL_CTX_set_default_passwd_cb_userdata +first appeared in OpenSSL 0.9.4 and has been available since +.Ox 2.6 . +.Pp +.Fn SSL_CTX_get_default_passwd_cb +and +.Fn SSL_CTX_get_default_passwd_cb_userdata +first appeared in OpenSSL 1.1.0 and have been available since +.Ox 6.3 . diff --git a/src/lib/libssl/man/SSL_CTX_set_generate_session_id.3 b/src/lib/libssl/man/SSL_CTX_set_generate_session_id.3 new file mode 100644 index 00000000000..d85383d776b --- /dev/null +++ b/src/lib/libssl/man/SSL_CTX_set_generate_session_id.3 @@ -0,0 +1,221 @@ +.\" $OpenBSD: SSL_CTX_set_generate_session_id.3,v 1.5 2018/03/22 21:09:18 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2001, 2014 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 22 2018 $ +.Dt SSL_CTX_SET_GENERATE_SESSION_ID 3 +.Os +.Sh NAME +.Nm SSL_CTX_set_generate_session_id , +.Nm SSL_set_generate_session_id , +.Nm SSL_has_matching_session_id , +.Nm GEN_SESSION_CB +.Nd manipulate generation of SSL session IDs (server only) +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft typedef int +.Fo (*GEN_SESSION_CB) +.Fa "const SSL *ssl" +.Fa "unsigned char *id" +.Fa "unsigned int *id_len" +.Fc +.Ft int +.Fn SSL_CTX_set_generate_session_id "SSL_CTX *ctx" "GEN_SESSION_CB cb" +.Ft int +.Fn SSL_set_generate_session_id "SSL *ssl" "GEN_SESSION_CB cb" +.Ft int +.Fo SSL_has_matching_session_id +.Fa "const SSL *ssl" "const unsigned char *id" "unsigned int id_len" +.Fc +.Sh DESCRIPTION +.Fn SSL_CTX_set_generate_session_id +sets the callback function for generating new session ids for SSL/TLS sessions +for +.Fa ctx +to be +.Fa cb . +.Pp +.Fn SSL_set_generate_session_id +sets the callback function for generating new session ids for SSL/TLS sessions +for +.Fa ssl +to be +.Fa cb . +.Pp +.Fn SSL_has_matching_session_id +checks, whether a session with id +.Fa id +(of length +.Fa id_len ) +is already contained in the internal session cache +of the parent context of +.Fa ssl . +.Pp +When a new session is established between client and server, +the server generates a session id. +The session id is an arbitrary sequence of bytes. +The length of the session id is between 1 and 32 bytes. +The session id is not security critical but must be unique for the server. +Additionally, the session id is transmitted in the clear when reusing the +session so it must not contain sensitive information. +.Pp +Without a callback being set, an OpenSSL server will generate a unique session +id from pseudo random numbers of the maximum possible length. +Using the callback function, the session id can be changed to contain +additional information like, e.g., a host id in order to improve load balancing +or external caching techniques. +.Pp +The callback function receives a pointer to the memory location to put +.Fa id +into and a pointer to the maximum allowed length +.Fa id_len . +The buffer at location +.Fa id +is only guaranteed to have the size +.Fa id_len . +The callback is only allowed to generate a shorter id and reduce +.Fa id_len ; +the callback +.Em must never +increase +.Fa id_len +or write to the location +.Fa id +exceeding the given limit. +.Pp +The location +.Fa id +is filled with 0x00 before the callback is called, +so the callback may only fill part of the possible length and leave +.Fa id_len +untouched while maintaining reproducibility. +.Pp +Since the sessions must be distinguished, session ids must be unique. +Without the callback a random number is used, +so that the probability of generating the same session id is extremely small +(2^256 for TLSv1). +In order to ensure the uniqueness of the generated session id, +the callback must call +.Fn SSL_has_matching_session_id +and generate another id if a conflict occurs. +If an id conflict is not resolved, the handshake will fail. +If the application codes, e.g., a unique host id, a unique process number, and +a unique sequence number into the session id, uniqueness could easily be +achieved without randomness added (it should however be taken care that +no confidential information is leaked this way). +If the application cannot guarantee uniqueness, +it is recommended to use the maximum +.Fa id_len +and fill in the bytes not used to code special information with random data to +avoid collisions. +.Pp +.Fn SSL_has_matching_session_id +will only query the internal session cache, not the external one. +Since the session id is generated before the handshake is completed, +it is not immediately added to the cache. +If another thread is using the same internal session cache, +a race condition can occur in that another thread generates the same session id. +Collisions can also occur when using an external session cache, +since the external cache is not tested with +.Fn SSL_has_matching_session_id +and the same race condition applies. +.Pp +The callback must return 0 if it cannot generate a session id for whatever +reason and return 1 on success. +.Sh RETURN VALUES +.Fn SSL_CTX_set_generate_session_id +and +.Fn SSL_set_generate_session_id +always return 1. +.Pp +.Fn SSL_has_matching_session_id +returns 1 if another session with the same id is already in the cache. +.Sh EXAMPLES +The callback function listed will generate a session id with the server id +given, and will fill the rest with pseudo random bytes: +.Bd -literal +const char session_id_prefix = "www-18"; + +#define MAX_SESSION_ID_ATTEMPTS 10 +static int +generate_session_id(const SSL *ssl, unsigned char *id, + unsigned int *id_len) +{ + unsigned int count = 0; + + do { + RAND_pseudo_bytes(id, *id_len); + /* + * Prefix the session_id with the required prefix. NB: If + * our prefix is too long, clip it \(en but there will be + * worse effects anyway, e.g., the server could only + * possibly create one session ID (the prefix!) so all + * future session negotiations will fail due to conflicts. + */ + memcpy(id, session_id_prefix, + (strlen(session_id_prefix) < *id_len) ? + strlen(session_id_prefix) : *id_len); + } while (SSL_has_matching_session_id(ssl, id, *id_len) && + (++count < MAX_SESSION_ID_ATTEMPTS)); + + if (count >= MAX_SESSION_ID_ATTEMPTS) + return 0; + return 1; +} +.Ed +.Sh SEE ALSO +.Xr ssl 3 , +.Xr SSL_get_version 3 +.Sh HISTORY +.Fn SSL_CTX_set_generate_session_id , +.Fn SSL_set_generate_session_id +and +.Fn SSL_has_matching_session_id +first appeared in OpenSSL 0.9.7 and have been available since +.Ox 3.2 . diff --git a/src/lib/libssl/man/SSL_CTX_set_info_callback.3 b/src/lib/libssl/man/SSL_CTX_set_info_callback.3 new file mode 100644 index 00000000000..76eb8bee613 --- /dev/null +++ b/src/lib/libssl/man/SSL_CTX_set_info_callback.3 @@ -0,0 +1,233 @@ +.\" $OpenBSD: SSL_CTX_set_info_callback.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2001, 2005, 2014 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_CTX_SET_INFO_CALLBACK 3 +.Os +.Sh NAME +.Nm SSL_CTX_set_info_callback , +.Nm SSL_CTX_get_info_callback , +.Nm SSL_set_info_callback , +.Nm SSL_get_info_callback +.Nd handle information callback for SSL connections +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft void +.Fo SSL_CTX_set_info_callback +.Fa "SSL_CTX *ctx" +.Fa "void (*callback)(const SSL *ssl, int where, int ret)" +.Fc +.Ft void +.Fo "(*SSL_CTX_get_info_callback(const SSL_CTX *ctx))" +.Fa "const SSL *ssl" +.Fa "int where" +.Fa "int ret" +.Fc +.Ft void +.Fo SSL_set_info_callback +.Fa "SSL *ssl" +.Fa "void (*callback)(const SSL *ssl, int where, int ret)" +.Fc +.Ft void +.Fo "(*SSL_get_info_callback(const SSL *ssl))" +.Fa "const SSL *ssl" +.Fa "int where" +.Fa "int ret" +.Fc +.Sh DESCRIPTION +.Fn SSL_CTX_set_info_callback +sets the +.Fa callback +function that can be used to obtain state information for SSL objects created +from +.Fa ctx +during connection setup and use. +The setting for +.Fa ctx +is overridden from the setting for a specific SSL object, if specified. +When +.Fa callback +is +.Dv NULL , +no callback function is used. +.Pp +.Fn SSL_set_info_callback +sets the +.Fa callback +function that can be used to +obtain state information for +.Fa ssl +during connection setup and use. +When +.Fa callback +is +.Dv NULL , +the callback setting currently valid for +.Fa ctx +is used. +.Pp +.Fn SSL_CTX_get_info_callback +returns a pointer to the currently set information callback function for +.Fa ctx . +.Pp +.Fn SSL_get_info_callback +returns a pointer to the currently set information callback function for +.Fa ssl . +.Pp +When setting up a connection and during use, +it is possible to obtain state information from the SSL/TLS engine. +When set, an information callback function is called whenever the state changes, +an alert appears, or an error occurs. +.Pp +The callback function is called as +.Fn callback "SSL *ssl" "int where" "int ret" . +The +.Fa where +argument specifies information about where (in which context) +the callback function was called. +If +.Fa ret +is 0, an error condition occurred. +If an alert is handled, +.Dv SSL_CB_ALERT +is set and +.Fa ret +specifies the alert information. +.Pp +.Fa where +is a bitmask made up of the following bits: +.Bl -tag -width Ds +.It Dv SSL_CB_LOOP +Callback has been called to indicate state change inside a loop. +.It Dv SSL_CB_EXIT +Callback has been called to indicate error exit of a handshake function. +(May be soft error with retry option for non-blocking setups.) +.It Dv SSL_CB_READ +Callback has been called during read operation. +.It Dv SSL_CB_WRITE +Callback has been called during write operation. +.It Dv SSL_CB_ALERT +Callback has been called due to an alert being sent or received. +.It Dv SSL_CB_READ_ALERT +.It Dv SSL_CB_WRITE_ALERT +.It Dv SSL_CB_ACCEPT_LOOP +.It Dv SSL_CB_ACCEPT_EXIT +.It Dv SSL_CB_CONNECT_LOOP +.It Dv SSL_CB_CONNECT_EXIT +.It Dv SSL_CB_HANDSHAKE_START +Callback has been called because a new handshake is started. +.It Dv SSL_CB_HANDSHAKE_DONE +Callback has been called because a handshake is finished. +.El +.Pp +The current state information can be obtained using the +.Xr SSL_state_string 3 +family of functions. +.Pp +The +.Fa ret +information can be evaluated using the +.Xr SSL_alert_type_string 3 +family of functions. +.Sh RETURN VALUES +.Fn SSL_CTX_get_info_callback +and +.Fn SSL_get_info_callback +return a pointer to the current callback or +.Dv NULL +if none is set. +.Sh EXAMPLES +The following example callback function prints state strings, +information about alerts being handled and error messages to the +.Va bio_err +.Vt BIO . +.Bd -literal +void +apps_ssl_info_callback(SSL *s, int where, int ret) +{ + const char *str; + int w; + + w = where & ~SSL_ST_MASK; + + if (w & SSL_ST_CONNECT) + str = "SSL_connect"; + else if (w & SSL_ST_ACCEPT) + str = "SSL_accept"; + else + str = "undefined"; + + if (where & SSL_CB_LOOP) { + BIO_printf(bio_err, "%s:%s\en", str, + SSL_state_string_long(s)); + } else if (where & SSL_CB_ALERT) { + str = (where & SSL_CB_READ) ? "read" : "write"; + BIO_printf(bio_err, "SSL3 alert %s:%s:%s\en", str, + SSL_alert_type_string_long(ret), + SSL_alert_desc_string_long(ret)); + } else if (where & SSL_CB_EXIT) { + if (ret == 0) + BIO_printf(bio_err, "%s:failed in %s\en", + str, SSL_state_string_long(s)); + else if (ret < 0) { + BIO_printf(bio_err, "%s:error in %s\en", + str, SSL_state_string_long(s)); + } + } +} +.Ed +.Sh SEE ALSO +.Xr ssl 3 , +.Xr SSL_alert_type_string 3 , +.Xr SSL_state_string 3 +.Sh HISTORY +These functions first appeared in SSLeay 0.6.0 +and have been available since +.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_CTX_set_max_cert_list.3 b/src/lib/libssl/man/SSL_CTX_set_max_cert_list.3 new file mode 100644 index 00000000000..7714e1d10e9 --- /dev/null +++ b/src/lib/libssl/man/SSL_CTX_set_max_cert_list.3 @@ -0,0 +1,153 @@ +.\" $OpenBSD: SSL_CTX_set_max_cert_list.3,v 1.4 2018/03/22 21:09:18 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2001 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 22 2018 $ +.Dt SSL_CTX_SET_MAX_CERT_LIST 3 +.Os +.Sh NAME +.Nm SSL_CTX_set_max_cert_list , +.Nm SSL_CTX_get_max_cert_list , +.Nm SSL_set_max_cert_list , +.Nm SSL_get_max_cert_list +.Nd manipulate allowed size for the peer's certificate chain +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft long +.Fn SSL_CTX_set_max_cert_list "SSL_CTX *ctx" "long size" +.Ft long +.Fn SSL_CTX_get_max_cert_list "SSL_CTX *ctx" +.Ft long +.Fn SSL_set_max_cert_list "SSL *ssl" "long size" +.Ft long +.Fn SSL_get_max_cert_list "SSL *ctx" +.Sh DESCRIPTION +.Fn SSL_CTX_set_max_cert_list +sets the maximum size allowed for the peer's certificate chain for all +.Vt SSL +objects created from +.Fa ctx +to be +.Fa size +bytes. +The +.Vt SSL +objects inherit the setting valid for +.Fa ctx +at the time +.Xr SSL_new 3 +is being called. +.Pp +.Fn SSL_CTX_get_max_cert_list +returns the currently set maximum size for +.Fa ctx . +.Pp +.Fn SSL_set_max_cert_list +sets the maximum size allowed for the peer's certificate chain for +.Fa ssl +to be +.Fa size +bytes. +This setting stays valid until a new value is set. +.Pp +.Fn SSL_get_max_cert_list +returns the currently set maximum size for +.Fa ssl . +.Sh NOTES +During the handshake process, the peer may send a certificate chain. +The TLS/SSL standard does not give any maximum size of the certificate chain. +The OpenSSL library handles incoming data by a dynamically allocated buffer. +In order to prevent this buffer from growing without bound due to data +received from a faulty or malicious peer, a maximum size for the certificate +chain is set. +.Pp +The default value for the maximum certificate chain size is 100kB (30kB +on the 16bit DOS platform). +This should be sufficient for usual certificate chains +(OpenSSL's default maximum chain length is 10, see +.Xr SSL_CTX_set_verify 3 , +and certificates without special extensions have a typical size of 1-2kB). +.Pp +For special applications it can be necessary to extend the maximum certificate +chain size allowed to be sent by the peer. +See for example the work on +.%T "Internet X.509 Public Key Infrastructure Proxy Certificate Profile" +and +.%T "TLS Delegation Protocol" +at +.Lk https://www.ietf.org/ +and +.Lk http://www.globus.org/ . +.Pp +Under normal conditions it should never be necessary to set a value smaller +than the default, as the buffer is handled dynamically and only uses the +memory actually required by the data sent by the peer. +.Pp +If the maximum certificate chain size allowed is exceeded, the handshake will +fail with a +.Dv SSL_R_EXCESSIVE_MESSAGE_SIZE +error. +.Sh RETURN VALUES +.Fn SSL_CTX_set_max_cert_list +and +.Fn SSL_set_max_cert_list +return the previously set value. +.Pp +.Fn SSL_CTX_get_max_cert_list +and +.Fn SSL_get_max_cert_list +return the currently set value. +.Sh SEE ALSO +.Xr SSL_CTX_ctrl 3 , +.Xr SSL_CTX_set_verify 3 , +.Xr SSL_new 3 +.Sh HISTORY +These functions first appeared in OpenSSL 0.9.7 +and have been available since +.Ox 3.2 . diff --git a/src/lib/libssl/man/SSL_CTX_set_min_proto_version.3 b/src/lib/libssl/man/SSL_CTX_set_min_proto_version.3 new file mode 100644 index 00000000000..b1b313ffaf1 --- /dev/null +++ b/src/lib/libssl/man/SSL_CTX_set_min_proto_version.3 @@ -0,0 +1,154 @@ +.\" $OpenBSD: SSL_CTX_set_min_proto_version.3,v 1.3 2018/03/24 00:55:37 schwarze Exp $ +.\" full merge up to: OpenSSL 3edabd3c Sep 14 09:28:39 2017 +0200 +.\" +.\" This file was written by Kurt Roeckx and +.\" Christian Heimes . +.\" Copyright (c) 2015, 2017 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 24 2018 $ +.Dt SSL_CTX_SET_MIN_PROTO_VERSION 3 +.Os +.Sh NAME +.Nm SSL_CTX_set_min_proto_version , +.Nm SSL_CTX_set_max_proto_version , +.Nm SSL_CTX_get_min_proto_version , +.Nm SSL_CTX_get_max_proto_version , +.Nm SSL_set_min_proto_version , +.Nm SSL_set_max_proto_version , +.Nm SSL_get_min_proto_version , +.Nm SSL_get_max_proto_version +.Nd get and set minimum and maximum supported protocol version +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft int +.Fo SSL_CTX_set_min_proto_version +.Fa "SSL_CTX *ctx" +.Fa "uint16_t version" +.Fc +.Ft int +.Fo SSL_CTX_set_max_proto_version +.Fa "SSL_CTX *ctx" +.Fa "uint16_t version" +.Fc +.Ft int +.Fo SSL_CTX_get_min_proto_version +.Fa "SSL_CTX *ctx" +.Fc +.Ft int +.Fo SSL_CTX_get_max_proto_version +.Fa "SSL_CTX *ctx" +.Fc +.Ft int +.Fo SSL_set_min_proto_version +.Fa "SSL *ssl" +.Fa "uint16_t version" +.Fc +.Ft int +.Fo SSL_set_max_proto_version +.Fa "SSL *ssl" +.Fa "uint16_t version" +.Fc +.Ft int +.Fo SSL_get_min_proto_version +.Fa "SSL *ssl" +.Fc +.Ft int +.Fo SSL_get_max_proto_version +.Fa "SSL *ssl" +.Fc +.Sh DESCRIPTION +These functions get or set the minimum and maximum supported protocol +versions for +.Fa ctx +or +.Fa ssl . +This works in combination with the options set via +.Xr SSL_CTX_set_options 3 +that also make it possible to disable specific protocol versions. +Use these functions instead of disabling specific protocol versions. +.Pp +Setting the minimum or maximum version to 0 will enable protocol +versions down to the lowest or up to the highest version supported +by the library, respectively. +.Pp +Currently supported versions are +.Sy TLS1_VERSION , +.Sy TLS1_1_VERSION , +and +.Sy TLS1_2_VERSION +for TLS and +.Sy DTLS1_VERSION +for DTLS. +.Pp +In other implementations, these functions may be implemented as macros. +.Sh RETURN VALUES +The setter functions return 1 on success or 0 on failure. +.Pp +The getter functions return the configured version or 0 if +.Fa ctx +or +.Fa ssl +has been configured to automatically use the lowest or highest +version supported by the library. +.Sh SEE ALSO +.Xr ssl 3 , +.Xr SSL_CTX_new 3 , +.Xr SSL_CTX_set_options 3 +.Sh HISTORY +The setter functions first appeared in BoringSSL in December 2014, +with shorter names without the +.Sy proto_ +part. +Two years later, OpenSSL included them in their 1.1.0 release, +gratuitiously changing the names; Google shrugged and adopted +the longer names one month later. +They have been available since +.Ox 6.2 . +.Pp +The getter functions first appeared in OpenSSL 1.1.0g +and have been available since +.Ox 6.3 . diff --git a/src/lib/libssl/man/SSL_CTX_set_mode.3 b/src/lib/libssl/man/SSL_CTX_set_mode.3 new file mode 100644 index 00000000000..2d9e57f2dad --- /dev/null +++ b/src/lib/libssl/man/SSL_CTX_set_mode.3 @@ -0,0 +1,177 @@ +.\" $OpenBSD: SSL_CTX_set_mode.3,v 1.4 2018/03/21 21:20:26 schwarze Exp $ +.\" OpenSSL 8671b898 Jun 3 02:48:34 2008 +0000 +.\" +.\" This file was written by Lutz Jaenicke and +.\" Ben Laurie . +.\" Copyright (c) 2001, 2008 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 21 2018 $ +.Dt SSL_CTX_SET_MODE 3 +.Os +.Sh NAME +.Nm SSL_CTX_set_mode , +.Nm SSL_set_mode , +.Nm SSL_CTX_get_mode , +.Nm SSL_get_mode +.Nd manipulate SSL engine mode +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft long +.Fn SSL_CTX_set_mode "SSL_CTX *ctx" "long mode" +.Ft long +.Fn SSL_set_mode "SSL *ssl" "long mode" +.Ft long +.Fn SSL_CTX_get_mode "SSL_CTX *ctx" +.Ft long +.Fn SSL_get_mode "SSL *ssl" +.Sh DESCRIPTION +.Fn SSL_CTX_set_mode +adds the mode set via bitmask in +.Fa mode +to +.Fa ctx . +Options already set before are not cleared. +.Pp +.Fn SSL_set_mode +adds the mode set via bitmask in +.Fa mode +to +.Fa ssl . +Options already set before are not cleared. +.Pp +.Fn SSL_CTX_get_mode +returns the mode set for +.Fa ctx . +.Pp +.Fn SSL_get_mode +returns the mode set for +.Fa ssl . +.Sh NOTES +The following mode changes are available: +.Bl -tag -width Ds +.It Dv SSL_MODE_ENABLE_PARTIAL_WRITE +Allow +.Fn SSL_write ... n +to return +.Ms r +with +.EQ +0 < r < n +.EN +(i.e., report success when just a single record has been written). +When not set (the default), +.Xr SSL_write 3 +will only report success once the complete chunk was written. +Once +.Xr SSL_write 3 +returns with +.Ms r , +.Ms r +bytes have been successfully written and the next call to +.Xr SSL_write 3 +must only send the +.Ms n \(mi r +bytes left, imitating the behaviour of +.Xr write 2 . +.It Dv SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER +Make it possible to retry +.Xr SSL_write 3 +with changed buffer location (the buffer contents must stay the same). +This is not the default to avoid the misconception that non-blocking +.Xr SSL_write 3 +behaves like non-blocking +.Xr write 2 . +.It Dv SSL_MODE_AUTO_RETRY +Never bother the application with retries if the transport is blocking. +If a renegotiation take place during normal operation, a +.Xr SSL_read 3 +or +.Xr SSL_write 3 +would return +with \(mi1 and indicate the need to retry with +.Dv SSL_ERROR_WANT_READ . +In a non-blocking environment applications must be prepared to handle +incomplete read/write operations. +In a blocking environment, applications are not always prepared to deal with +read/write operations returning without success report. +The flag +.Dv SSL_MODE_AUTO_RETRY +will cause read/write operations to only return after the handshake and +successful completion. +.It Dv SSL_MODE_RELEASE_BUFFERS +When we no longer need a read buffer or a write buffer for a given +.Vt SSL , +then release the memory we were using to hold it. +Using this flag can save around 34k per idle SSL connection. +This flag has no effect on SSL v2 connections, or on DTLS connections. +.El +.Sh RETURN VALUES +.Fn SSL_CTX_set_mode +and +.Fn SSL_set_mode +return the new mode bitmask after adding +.Fa mode . +.Pp +.Fn SSL_CTX_get_mode +and +.Fn SSL_get_mode +return the current bitmask. +.Sh SEE ALSO +.Xr SSL_CTX_ctrl 3 , +.Xr SSL_read 3 , +.Xr SSL_write 3 +.Sh HISTORY +.Fn SSL_CTX_set_mode , +.Fn SSL_set_mode , +.Fn SSL_CTX_get_mode , +and +.Fn SSL_get_mode +first appeared in OpenSSL 0.9.4 and have been available since +.Ox 2.6 . +.Pp +.Dv SSL_MODE_AUTO_RETRY +was added in OpenSSL 0.9.6. diff --git a/src/lib/libssl/man/SSL_CTX_set_msg_callback.3 b/src/lib/libssl/man/SSL_CTX_set_msg_callback.3 new file mode 100644 index 00000000000..a8af1a3454c --- /dev/null +++ b/src/lib/libssl/man/SSL_CTX_set_msg_callback.3 @@ -0,0 +1,182 @@ +.\" $OpenBSD: SSL_CTX_set_msg_callback.3,v 1.4 2018/03/22 21:09:18 schwarze Exp $ +.\" OpenSSL SSL_CTX_set_msg_callback.pod e9b77246 Jan 20 19:58:49 2017 +0100 +.\" OpenSSL SSL_CTX_set_msg_callback.pod b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Bodo Moeller . +.\" Copyright (c) 2001, 2014, 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 22 2018 $ +.Dt SSL_CTX_SET_MSG_CALLBACK 3 +.Os +.Sh NAME +.Nm SSL_CTX_set_msg_callback , +.Nm SSL_CTX_set_msg_callback_arg , +.Nm SSL_set_msg_callback , +.Nm SSL_set_msg_callback_arg +.Nd install callback for observing protocol messages +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft void +.Fo SSL_CTX_set_msg_callback +.Fa "SSL_CTX *ctx" +.Fa "void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)" +.Fc +.Ft void +.Fn SSL_CTX_set_msg_callback_arg "SSL_CTX *ctx" "void *arg" +.Ft void +.Fo SSL_set_msg_callback +.Fa "SSL *ssl" +.Fa "void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)" +.Fc +.Ft void +.Fn SSL_set_msg_callback_arg "SSL *ssl" "void *arg" +.Sh DESCRIPTION +.Fn SSL_CTX_set_msg_callback +or +.Fn SSL_set_msg_callback +can be used to define a message callback function +.Fa cb +for observing all SSL/TLS protocol messages (such as handshake messages) +that are received or sent. +.Fn SSL_CTX_set_msg_callback_arg +and +.Fn SSL_set_msg_callback_arg +can be used to set argument +.Fa arg +to the callback function, which is available for arbitrary application use. +.Pp +.Fn SSL_CTX_set_msg_callback +and +.Fn SSL_CTX_set_msg_callback_arg +specify default settings that will be copied to new +.Vt SSL +objects by +.Xr SSL_new 3 . +.Fn SSL_set_msg_callback +and +.Fn SSL_set_msg_callback_arg +modify the actual settings of an +.Vt SSL +object. +Using a +.Dv NULL +pointer for +.Fa cb +disables the message callback. +.Pp +When +.Fa cb +is called by the SSL/TLS library for a protocol message, +the function arguments have the following meaning: +.Bl -tag -width Ds +.It Fa write_p +This flag is 0 when a protocol message has been received and 1 when a protocol +message has been sent. +.It Fa version +The protocol version according to which the protocol message is +interpreted by the library, such as +.Dv TLS1_VERSION , +.Dv TLS1_1_VERSION , +.Dv TLS1_2_VERSION , +or +.Dv DTLS1_VERSION . +.It Fa content_type +This is one of the +.Em ContentType +values defined in the protocol specification +.Po +.Dv SSL3_RT_CHANGE_CIPHER_SPEC , +.Dv SSL3_RT_ALERT , +.Dv SSL3_RT_HANDSHAKE , +but never +.Dv SSL3_RT_APPLICATION_DATA +because the callback will only be called for protocol messages. +.Pc +.It Fa buf , Fa len +.Fa buf +points to a buffer containing the protocol message, which consists of +.Fa len +bytes. +The buffer is no longer valid after the callback function has returned. +.It Fa ssl +The +.Vt SSL +object that received or sent the message. +.It Fa arg +The user-defined argument optionally defined by +.Fn SSL_CTX_set_msg_callback_arg +or +.Fn SSL_set_msg_callback_arg . +.El +.Pp +Protocol messages are passed to the callback function after decryption +and fragment collection where applicable. +(Thus record boundaries are not visible.) +.Pp +If processing a received protocol message results in an error, +the callback function may not be called. +For example, the callback function will never see messages that are considered +too large to be processed. +.Pp +Due to automatic protocol version negotiation, +.Fa version +is not necessarily the protocol version used by the sender of the message: +If a TLS 1.0 ClientHello message is received by an SSL 3.0-only server, +.Fa version +will be +.Dv SSL3_VERSION . +.Sh SEE ALSO +.Xr ssl 3 , +.Xr SSL_new 3 +.Sh HISTORY +.Fn SSL_CTX_set_msg_callback , +.Fn SSL_CTX_set_msg_callback_arg , +.Fn SSL_set_msg_callback +and +.Fn SSL_set_msg_callback_arg +first appeared in OpenSSL 0.9.7 and have been available since +.Ox 3.2 . diff --git a/src/lib/libssl/man/SSL_CTX_set_options.3 b/src/lib/libssl/man/SSL_CTX_set_options.3 new file mode 100644 index 00000000000..4535eee573c --- /dev/null +++ b/src/lib/libssl/man/SSL_CTX_set_options.3 @@ -0,0 +1,360 @@ +.\" $OpenBSD: SSL_CTX_set_options.3,v 1.12 2018/04/11 18:05:49 schwarze Exp $ +.\" full merge up to: OpenSSL 7946ab33 Dec 6 17:56:41 2015 +0100 +.\" selective merge up to: OpenSSL edb79c3a Mar 29 10:07:14 2017 +1000 +.\" +.\" This file was written by Lutz Jaenicke , +.\" Bodo Moeller , and +.\" Dr. Stephen Henson . +.\" Copyright (c) 2001-2003, 2005, 2007, 2009, 2010, 2013-2015 +.\" The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: April 11 2018 $ +.Dt SSL_CTX_SET_OPTIONS 3 +.Os +.Sh NAME +.Nm SSL_CTX_set_options , +.Nm SSL_set_options , +.Nm SSL_CTX_clear_options , +.Nm SSL_clear_options , +.Nm SSL_CTX_get_options , +.Nm SSL_get_options , +.Nm SSL_get_secure_renegotiation_support +.Nd manipulate SSL options +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft long +.Fn SSL_CTX_set_options "SSL_CTX *ctx" "long options" +.Ft long +.Fn SSL_set_options "SSL *ssl" "long options" +.Ft long +.Fn SSL_CTX_clear_options "SSL_CTX *ctx" "long options" +.Ft long +.Fn SSL_clear_options "SSL *ssl" "long options" +.Ft long +.Fn SSL_CTX_get_options "SSL_CTX *ctx" +.Ft long +.Fn SSL_get_options "SSL *ssl" +.Ft long +.Fn SSL_get_secure_renegotiation_support "SSL *ssl" +.Sh DESCRIPTION +.Fn SSL_CTX_set_options +adds the options set via bitmask in +.Fa options +to +.Fa ctx . +Options already set before are not cleared! +.Pp +.Fn SSL_set_options +adds the options set via bitmask in +.Fa options +to +.Fa ssl . +Options already set before are not cleared! +.Pp +.Fn SSL_CTX_clear_options +clears the options set via bitmask in +.Fa options +to +.Fa ctx . +.Pp +.Fn SSL_clear_options +clears the options set via bitmask in +.Fa options +to +.Fa ssl . +.Pp +.Fn SSL_CTX_get_options +returns the options set for +.Fa ctx . +.Pp +.Fn SSL_get_options +returns the options set for +.Fa ssl . +.Pp +.Fn SSL_get_secure_renegotiation_support +indicates whether the peer supports secure renegotiation. +.Pp +All these functions are implemented using macros. +.Pp +The behaviour of the SSL library can be changed by setting several options. +The options are coded as bitmasks and can be combined by a bitwise OR +operation (|). +.Pp +.Fn SSL_CTX_set_options +and +.Fn SSL_set_options +affect the (external) protocol behaviour of the SSL library. +The (internal) behaviour of the API can be changed by using the similar +.Xr SSL_CTX_set_mode 3 +and +.Xr SSL_set_mode 3 +functions. +.Pp +During a handshake, the option settings of the SSL object are used. +When a new SSL object is created from a context using +.Xr SSL_new 3 , +the current option setting is copied. +Changes to +.Fa ctx +do not affect already created +.Vt SSL +objects. +.Fn SSL_clear +does not affect the settings. +.Pp +The following +.Em bug workaround +options are available: +.Bl -tag -width Ds +.It Dv SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS +Disables a countermeasure against a TLS 1.0 protocol vulnerability +affecting CBC ciphers, which cannot be handled by some broken SSL +implementations. +This option has no effect for connections using other ciphers. +.It Dv SSL_OP_ALL +This is currently an alias for +.Dv SSL_OP_LEGACY_SERVER_CONNECT . +.El +.Pp +It is usually safe to use +.Dv SSL_OP_ALL +to enable the bug workaround options if compatibility with somewhat broken +implementations is desired. +.Pp +The following +.Em modifying +options are available: +.Bl -tag -width Ds +.It Dv SSL_OP_CIPHER_SERVER_PREFERENCE +When choosing a cipher, use the server's preferences instead of the client +preferences. +When not set, the server will always follow the client's preferences. +When set, the server will choose following its own preferences. +.It Dv SSL_OP_COOKIE_EXCHANGE +Turn on Cookie Exchange as described in RFC4347 Section 4.2.1. +Only affects DTLS connections. +.It Dv SSL_OP_LEGACY_SERVER_CONNECT +Allow legacy insecure renegotiation between OpenSSL and unpatched servers +.Em only : +this option is currently set by default. +See the +.Sx SECURE RENEGOTIATION +section for more details. +.It Dv SSL_OP_NO_QUERY_MTU +Do not query the MTU. +Only affects DTLS connections. +.It Dv SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION +When performing renegotiation as a server, always start a new session (i.e., +session resumption requests are only accepted in the initial handshake). +This option is not needed for clients. +.It Dv SSL_OP_NO_TICKET +Normally clients and servers will, where possible, transparently make use of +RFC4507bis tickets for stateless session resumption. +.Pp +If this option is set this functionality is disabled and tickets will not be +used by clients or servers. +.It Dv SSL_OP_NO_TLSv1 +Do not use the TLSv1.0 protocol. +Deprecated; use +.Xr SSL_CTX_set_min_proto_version 3 +instead. +.It Dv SSL_OP_NO_TLSv1_1 +Do not use the TLSv1.1 protocol. +.It Dv SSL_OP_NO_TLSv1_2 +Do not use the TLSv1.2 protocol. +Deprecated; use +.Xr SSL_CTX_set_max_proto_version 3 +instead. +.El +.Pp +The following options used to be supported at some point in the past +and no longer have any effect: +.Dv SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION , +.Dv SSL_OP_EPHEMERAL_RSA , +.Dv SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER , +.Dv SSL_OP_MICROSOFT_SESS_ID_BUG , +.Dv SSL_OP_NETSCAPE_CA_DN_BUG , +.Dv SSL_OP_NETSCAPE_CHALLENGE_BUG , +.Dv SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG , +.Dv SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG , +.Dv SSL_OP_NO_COMPRESSION , +.Dv SSL_OP_NO_SSLv2 , +.Dv SSL_OP_NO_SSLv3 , +.Dv SSL_OP_PKCS1_CHECK_1 , +.Dv SSL_OP_PKCS1_CHECK_2 , +.Dv SSL_OP_SAFARI_ECDHE_ECDSA_BUG , +.Dv SSL_OP_SINGLE_DH_USE , +.Dv SSL_OP_SINGLE_ECDH_USE , +.Dv SSL_OP_SSLEAY_080_CLIENT_DH_BUG , +.Dv SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG , +.Dv SSL_OP_TLS_BLOCK_PADDING_BUG , +.Dv SSL_OP_TLS_D5_BUG , +.Dv SSL_OP_TLS_ROLLBACK_BUG , +.Dv SSL_OP_TLSEXT_PADDING . +.Sh SECURE RENEGOTIATION +OpenSSL 0.9.8m and later always attempts to use secure renegotiation as +described in RFC5746. +This counters the prefix attack described in CVE-2009-3555 and elsewhere. +.Pp +This attack has far-reaching consequences which application writers should be +aware of. +In the description below an implementation supporting secure renegotiation is +referred to as +.Dq patched . +A server not supporting secure +renegotiation is referred to as +.Dq unpatched . +.Pp +The following sections describe the operations permitted by OpenSSL's secure +renegotiation implementation. +.Ss Patched client and server +Connections and renegotiation are always permitted by OpenSSL implementations. +.Ss Unpatched client and patched OpenSSL server +The initial connection succeeds but client renegotiation is denied by the +server with a +.Em no_renegotiation +warning alert. +.Pp +If the patched OpenSSL server attempts to renegotiate a fatal +.Em handshake_failure +alert is sent. +This is because the server code may be unaware of the unpatched nature of the +client. +.Pp +Note that a bug in OpenSSL clients earlier than 0.9.8m (all of which +are unpatched) will result in the connection hanging if it receives a +.Em no_renegotiation +alert. +OpenSSL versions 0.9.8m and later will regard a +.Em no_renegotiation +alert as fatal and respond with a fatal +.Em handshake_failure +alert. +This is because the OpenSSL API currently has no provision to indicate to an +application that a renegotiation attempt was refused. +.Ss Patched OpenSSL client and unpatched server +If the option +.Dv SSL_OP_LEGACY_SERVER_CONNECT +is set then initial connections and renegotiation between patched OpenSSL +clients and unpatched servers succeeds. +If neither option is set then initial connections to unpatched servers will +fail. +.Pp +The option +.Dv SSL_OP_LEGACY_SERVER_CONNECT +is currently set by default even though it has security implications: +otherwise it would be impossible to connect to unpatched servers (i.e., all of +them initially) and this is clearly not acceptable. +Renegotiation is permitted because this does not add any additional security +issues: during an attack clients do not see any renegotiations anyway. +.Pp +As more servers become patched the option +.Dv SSL_OP_LEGACY_SERVER_CONNECT +will +.Em not +be set by default in a future version of OpenSSL. +.Pp +OpenSSL client applications wishing to ensure they can connect to unpatched +servers should always +.Em set +.Dv SSL_OP_LEGACY_SERVER_CONNECT . +.Pp +OpenSSL client applications that want to ensure they can +.Em not +connect to unpatched servers (and thus avoid any security issues) should always +.Em clear +.Dv SSL_OP_LEGACY_SERVER_CONNECT +using +.Fn SSL_CTX_clear_options +or +.Fn SSL_clear_options . +.Sh RETURN VALUES +.Fn SSL_CTX_set_options +and +.Fn SSL_set_options +return the new options bitmask after adding +.Fa options . +.Pp +.Fn SSL_CTX_clear_options +and +.Fn SSL_clear_options +return the new options bitmask after clearing +.Fa options . +.Pp +.Fn SSL_CTX_get_options +and +.Fn SSL_get_options +return the current bitmask. +.Pp +.Fn SSL_get_secure_renegotiation_support +returns 1 is the peer supports secure renegotiation and 0 if it does not. +.Sh SEE ALSO +.Xr openssl 1 , +.Xr ssl 3 , +.Xr SSL_clear 3 , +.Xr SSL_CTX_ctrl 3 , +.Xr SSL_CTX_set_min_proto_version 3 , +.Xr SSL_new 3 +.Sh HISTORY +.Fn SSL_CTX_set_options +and +.Fn SSL_set_options +first appeared in SSLeay 0.9.0 and have been available since +.Ox 2.4 . +.Pp +.Fn SSL_CTX_get_options +and +.Fn SSL_get_options +first appeared in OpenSSL 0.9.2b and have been available since +.Ox 2.6 . +.Pp +.Fn SSL_CTX_clear_options , +.Fn SSL_clear_options , +and +.Fn SSL_get_secure_renegotiation_support +first appeared in OpenSSL 0.9.8m and have been available since +.Ox 4.9 . diff --git a/src/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 b/src/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 new file mode 100644 index 00000000000..feea399bca7 --- /dev/null +++ b/src/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 @@ -0,0 +1,166 @@ +.\" $OpenBSD: SSL_CTX_set_quiet_shutdown.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2001, 2005 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_CTX_SET_QUIET_SHUTDOWN 3 +.Os +.Sh NAME +.Nm SSL_CTX_set_quiet_shutdown , +.Nm SSL_CTX_get_quiet_shutdown , +.Nm SSL_set_quiet_shutdown , +.Nm SSL_get_quiet_shutdown +.Nd manipulate shutdown behaviour +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft void +.Fn SSL_CTX_set_quiet_shutdown "SSL_CTX *ctx" "int mode" +.Ft int +.Fn SSL_CTX_get_quiet_shutdown "const SSL_CTX *ctx" +.Ft void +.Fn SSL_set_quiet_shutdown "SSL *ssl" "int mode" +.Ft int +.Fn SSL_get_quiet_shutdown "const SSL *ssl" +.Sh DESCRIPTION +.Fn SSL_CTX_set_quiet_shutdown +sets the +.Dq quiet shutdown +flag for +.Fa ctx +to be +.Fa mode . +.Vt SSL +objects created from +.Fa ctx +inherit the +.Fa mode +valid at the time +.Xr SSL_new 3 +is called. +.Fa mode +may be 0 or 1. +.Pp +.Fn SSL_CTX_get_quiet_shutdown +returns the +.Dq quiet shutdown +setting of +.Fa ctx . +.Pp +.Fn SSL_set_quiet_shutdown +sets the +.Dq quiet shutdown +flag for +.Fa ssl +to be +.Fa mode . +The setting stays valid until +.Fa ssl +is removed with +.Xr SSL_free 3 +or +.Fn SSL_set_quiet_shutdown +is called again. +It is not changed when +.Xr SSL_clear 3 +is called. +.Fa mode +may be 0 or 1. +.Pp +.Fn SSL_get_quiet_shutdown +returns the +.Dq quiet shutdown +setting of +.Fa ssl . +.Sh NOTES +Normally when a SSL connection is finished, the parties must send out +.Dq close notify +alert messages using +.Xr SSL_shutdown 3 +for a clean shutdown. +.Pp +When setting the +.Dq quiet shutdown +flag to 1, +.Xr SSL_shutdown 3 +will set the internal flags to +.Dv SSL_SENT_SHUTDOWN Ns | Ns Dv SSL_RECEIVED_SHUTDOWN +.Po +.Xr SSL_shutdown 3 +then behaves like +.Xr SSL_set_shutdown 3 +called with +.Dv SSL_SENT_SHUTDOWN Ns | Ns Dv SSL_RECEIVED_SHUTDOWN +.Pc . +The session is thus considered to be shut down, but no +.Dq close notify +alert is sent to the peer. +This behaviour violates the TLS standard. +.Pp +The default is normal shutdown behaviour as described by the TLS standard. +.Sh RETURN VALUES +.Fn SSL_CTX_set_quiet_shutdown +and +.Fn SSL_set_quiet_shutdown +do not return diagnostic information. +.Pp +.Fn SSL_CTX_get_quiet_shutdown +and +.Fn SSL_get_quiet_shutdown +return the current setting. +.Sh SEE ALSO +.Xr ssl 3 , +.Xr SSL_clear 3 , +.Xr SSL_free 3 , +.Xr SSL_new 3 , +.Xr SSL_set_shutdown 3 , +.Xr SSL_shutdown 3 +.Sh HISTORY +These functions first appeared in SSLeay 0.8.1 +and have been available since +.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_CTX_set_read_ahead.3 b/src/lib/libssl/man/SSL_CTX_set_read_ahead.3 new file mode 100644 index 00000000000..eae76eb4723 --- /dev/null +++ b/src/lib/libssl/man/SSL_CTX_set_read_ahead.3 @@ -0,0 +1,144 @@ +.\" $OpenBSD: SSL_CTX_set_read_ahead.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Matt Caswell . +.\" Copyright (c) 2015, 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_CTX_SET_READ_AHEAD 3 +.Os +.Sh NAME +.Nm SSL_CTX_set_read_ahead , +.Nm SSL_CTX_get_read_ahead , +.Nm SSL_set_read_ahead , +.Nm SSL_get_read_ahead , +.Nm SSL_CTX_get_default_read_ahead +.Nd manage whether to read as many input bytes as possible +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft void +.Fo SSL_CTX_set_read_ahead +.Fa "SSL_CTX *ctx" +.Fa "int yes" +.Fc +.Ft long +.Fo SSL_CTX_get_read_ahead +.Fa "SSL_CTX *ctx" +.Fc +.Ft void +.Fo SSL_set_read_ahead +.Fa "SSL *s" +.Fa "int yes" +.Fc +.Ft long +.Fo SSL_get_read_ahead +.Fa "const SSL *s" +.Fc +.Ft long +.Fo SSL_CTX_get_default_read_ahead +.Fa "SSL_CTX *ctx" +.Fc +.Sh DESCRIPTION +.Fn SSL_CTX_set_read_ahead +and +.Fn SSL_set_read_ahead +set whether as many input bytes as possible are read for non-blocking +reads. +For example if +.Ar x +bytes are currently required by OpenSSL, but +.Ar y +bytes are available from the underlying BIO (where +.Ar y No > Ar x ) , +then OpenSSL will read all +.Ar y +bytes into its buffer (provided that the buffer is large enough) if +reading ahead is on, or +.Ar x +bytes otherwise. +The parameter +.Fa yes +should be 0 to ensure reading ahead is off, or non zero otherwise. +.Pp +.Fn SSL_CTX_get_read_ahead +and +.Fn SSL_get_read_ahead +indicate whether reading ahead is set or not. +.Pp +.Fn SSL_CTX_get_default_read_ahead +is identical to +.Fn SSL_CTX_get_read_ahead . +.Pp +These functions are implemented as macros. +.Pp +These functions have no effect when used with DTLS. +.Sh RETURN VALUES +.Fn SSL_CTX_get_read_ahead +and +.Fn SSL_get_read_ahead +return 0 if reading ahead is off or non-zero otherwise, +except that the return values are undefined for DTLS. +.Sh SEE ALSO +.Xr ssl 3 , +.Xr SSL_pending 3 +.Sh HISTORY +.Fn SSL_set_read_ahead +and +.Fn SSL_get_read_ahead +appeared in SSLeay 0.4 or earlier and have been available since +.Ox 2.4 . +.Pp +.Fn SSL_CTX_set_read_ahead , +.Fn SSL_CTX_get_read_ahead , +and +.Fn SSL_CTX_get_default_read_ahead +first appeared in OpenSSL 0.9.2b and have been available since +.Ox 2.6 . +.Sh CAVEATS +Switching read ahead on can impact the behaviour of the +.Xr SSL_pending 3 +function. diff --git a/src/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 b/src/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 new file mode 100644 index 00000000000..0f8ee90b0af --- /dev/null +++ b/src/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 @@ -0,0 +1,197 @@ +.\" $OpenBSD: SSL_CTX_set_session_cache_mode.3,v 1.6 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL 67adf0a7 Dec 25 19:58:38 2016 +0100 +.\" +.\" This file was written by Lutz Jaenicke and +.\" Geoff Thorpe . +.\" Copyright (c) 2001, 2002 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_CTX_SET_SESSION_CACHE_MODE 3 +.Os +.Sh NAME +.Nm SSL_CTX_set_session_cache_mode , +.Nm SSL_CTX_get_session_cache_mode +.Nd enable/disable session caching +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft long +.Fn SSL_CTX_set_session_cache_mode "SSL_CTX ctx" "long mode" +.Ft long +.Fn SSL_CTX_get_session_cache_mode "SSL_CTX ctx" +.Sh DESCRIPTION +.Fn SSL_CTX_set_session_cache_mode +enables/disables session caching by setting the operational mode for +.Ar ctx +to +.Ar mode . +.Pp +.Fn SSL_CTX_get_session_cache_mode +returns the currently used cache mode. +.Pp +The OpenSSL library can store/retrieve SSL/TLS sessions for later reuse. +The sessions can be held in memory for each +.Fa ctx , +if more than one +.Vt SSL_CTX +object is being maintained, the sessions are unique for each +.Vt SSL_CTX +object. +.Pp +In order to reuse a session, a client must send the session's id to the server. +It can only send exactly one id. +The server then either agrees to reuse the session or it starts a full +handshake (to create a new session). +.Pp +A server will look up the session in its internal session storage. +If the session is not found in internal storage or lookups for the internal +storage have been deactivated +.Pq Dv SSL_SESS_CACHE_NO_INTERNAL_LOOKUP , +the server will try the external storage if available. +.Pp +Since a client may try to reuse a session intended for use in a different +context, the session id context must be set by the server (see +.Xr SSL_CTX_set_session_id_context 3 ) . +.Pp +The following session cache modes and modifiers are available: +.Bl -tag -width Ds +.It Dv SSL_SESS_CACHE_OFF +No session caching for client or server takes place. +.It Dv SSL_SESS_CACHE_CLIENT +Client sessions are added to the session cache. +As there is no reliable way for the OpenSSL library to know whether a session +should be reused or which session to choose (due to the abstract BIO layer the +SSL engine does not have details about the connection), +the application must select the session to be reused by using the +.Xr SSL_set_session 3 +function. +This option is not activated by default. +.It Dv SSL_SESS_CACHE_SERVER +Server sessions are added to the session cache. +When a client proposes a session to be reused, the server looks for the +corresponding session in (first) the internal session cache (unless +.Dv SSL_SESS_CACHE_NO_INTERNAL_LOOKUP +is set), then (second) in the external cache if available. +If the session is found, the server will try to reuse the session. +This is the default. +.It Dv SSL_SESS_CACHE_BOTH +Enable both +.Dv SSL_SESS_CACHE_CLIENT +and +.Dv SSL_SESS_CACHE_SERVER +at the same time. +.It Dv SSL_SESS_CACHE_NO_AUTO_CLEAR +Normally the session cache is checked for expired sessions every 255 +connections using the +.Xr SSL_CTX_flush_sessions 3 +function. +Since this may lead to a delay which cannot be controlled, +the automatic flushing may be disabled and +.Xr SSL_CTX_flush_sessions 3 +can be called explicitly by the application. +.It Dv SSL_SESS_CACHE_NO_INTERNAL_LOOKUP +By setting this flag, session-resume operations in an SSL/TLS server will not +automatically look up sessions in the internal cache, +even if sessions are automatically stored there. +If external session caching callbacks are in use, +this flag guarantees that all lookups are directed to the external cache. +As automatic lookup only applies for SSL/TLS servers, +the flag has no effect on clients. +.It Dv SSL_SESS_CACHE_NO_INTERNAL_STORE +Depending on the presence of +.Dv SSL_SESS_CACHE_CLIENT +and/or +.Dv SSL_SESS_CACHE_SERVER , +sessions negotiated in an SSL/TLS handshake may be cached for possible reuse. +Normally a new session is added to the internal cache as well as any external +session caching (callback) that is configured for the +.Vt SSL_CTX . +This flag will prevent sessions being stored in the internal cache +(though the application can add them manually using +.Xr SSL_CTX_add_session 3 ) . +Note: +in any SSL/TLS servers where external caching is configured, any successful +session lookups in the external cache (e.g., for session-resume requests) would +normally be copied into the local cache before processing continues \(en this +flag prevents these additions to the internal cache as well. +.It Dv SSL_SESS_CACHE_NO_INTERNAL +Enable both +.Dv SSL_SESS_CACHE_NO_INTERNAL_LOOKUP +and +.Dv SSL_SESS_CACHE_NO_INTERNAL_STORE +at the same time. +.El +.Pp +The default mode is +.Dv SSL_SESS_CACHE_SERVER . +.Sh RETURN VALUES +.Fn SSL_CTX_set_session_cache_mode +returns the previously set cache mode. +.Pp +.Fn SSL_CTX_get_session_cache_mode +returns the currently set cache mode. +.Sh SEE ALSO +.Xr SSL_CTX_add_session 3 , +.Xr SSL_CTX_ctrl 3 , +.Xr SSL_CTX_flush_sessions 3 , +.Xr SSL_CTX_sess_number 3 , +.Xr SSL_CTX_sess_set_cache_size 3 , +.Xr SSL_CTX_sess_set_get_cb 3 , +.Xr SSL_CTX_set_session_id_context 3 , +.Xr SSL_CTX_set_timeout 3 , +.Xr SSL_session_reused 3 , +.Xr SSL_set_session 3 +.Sh HISTORY +.Fn SSL_CTX_set_session_cache_mode +and +.Fn SSL_CTX_get_session_cache_mode +first appeared in SSLeay 0.6.1 and have been available since +.Ox 2.4 . +.Pp +.Dv SSL_SESS_CACHE_NO_INTERNAL_STORE +and +.Dv SSL_SESS_CACHE_NO_INTERNAL +were introduced in OpenSSL 0.9.6h. diff --git a/src/lib/libssl/man/SSL_CTX_set_session_id_context.3 b/src/lib/libssl/man/SSL_CTX_set_session_id_context.3 new file mode 100644 index 00000000000..bbc0102ad8f --- /dev/null +++ b/src/lib/libssl/man/SSL_CTX_set_session_id_context.3 @@ -0,0 +1,160 @@ +.\" $OpenBSD: SSL_CTX_set_session_id_context.3,v 1.5 2018/03/21 17:58:58 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2001, 2004 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 21 2018 $ +.Dt SSL_CTX_SET_SESSION_ID_CONTEXT 3 +.Os +.Sh NAME +.Nm SSL_CTX_set_session_id_context , +.Nm SSL_set_session_id_context +.Nd set context within which session can be reused (server side only) +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft int +.Fo SSL_CTX_set_session_id_context +.Fa "SSL_CTX *ctx" +.Fa "const unsigned char *sid_ctx" +.Fa "unsigned int sid_ctx_len" +.Fc +.Ft int +.Fo SSL_set_session_id_context +.Fa "SSL *ssl" +.Fa "const unsigned char *sid_ctx" +.Fa "unsigned int sid_ctx_len" +.Fc +.Sh DESCRIPTION +.Fn SSL_CTX_set_session_id_context +sets the context +.Fa sid_ctx +of length +.Fa sid_ctx_len +within which a session can be reused for the +.Fa ctx +object. +.Pp +.Fn SSL_set_session_id_context +sets the context +.Fa sid_ctx +of length +.Fa sid_ctx_len +within which a session can be reused for the +.Fa ssl +object. +.Sh NOTES +Sessions are generated within a certain context. +When exporting/importing sessions with +.Xr i2d_SSL_SESSION 3 +and +.Xr d2i_SSL_SESSION 3 , +it would be possible to re-import a session generated from another context +(e.g., another application), which might lead to malfunctions. +Therefore each application must set its own session id context +.Fa sid_ctx +which is used to distinguish the contexts and is stored in exported sessions. +The +.Fa sid_ctx +can be any kind of binary data with a given length; it is therefore possible +to use, for instance, the name of the application, the hostname, the service +name... +.Pp +The session id context becomes part of the session. +The session id context is set by the SSL/TLS server. +The +.Fn SSL_CTX_set_session_id_context +and +.Fn SSL_set_session_id_context +functions are therefore only useful on the server side. +.Pp +OpenSSL clients will check the session id context returned by the server when +reusing a session. +.Pp +The maximum length of the +.Fa sid_ctx +is limited to +.Dv SSL_MAX_SSL_SESSION_ID_LENGTH . +.Sh WARNINGS +If the session id context is not set on an SSL/TLS server and client +certificates are used, stored sessions will not be reused but a fatal error +will be flagged and the handshake will fail. +.Pp +If a server returns a different session id context to an OpenSSL client +when reusing a session, an error will be flagged and the handshake will +fail. +OpenSSL servers will always return the correct session id context, +as an OpenSSL server checks the session id context itself before reusing +a session as described above. +.Sh RETURN VALUES +.Fn SSL_CTX_set_session_id_context +and +.Fn SSL_set_session_id_context +return the following values: +.Bl -tag -width Ds +.It 0 +The length +.Fa sid_ctx_len +of the session id context +.Fa sid_ctx +exceeded +the maximum allowed length of +.Dv SSL_MAX_SSL_SESSION_ID_LENGTH . +The error is logged to the error stack. +.It 1 +The operation succeeded. +.El +.Sh SEE ALSO +.Xr ssl 3 , +.Xr SSL_SESSION_set1_id_context 3 +.Sh HISTORY +.Fn SSL_set_session_id_context +first appeared in OpenSSL 0.9.2b. +.Fn SSL_CTX_set_session_id_context +first appeared in OpenSSL 0.9.3. +Both functions have been available since +.Ox 2.6 . diff --git a/src/lib/libssl/man/SSL_CTX_set_ssl_version.3 b/src/lib/libssl/man/SSL_CTX_set_ssl_version.3 new file mode 100644 index 00000000000..eb29af620c2 --- /dev/null +++ b/src/lib/libssl/man/SSL_CTX_set_ssl_version.3 @@ -0,0 +1,135 @@ +.\" $OpenBSD: SSL_CTX_set_ssl_version.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2000, 2001, 2005 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_CTX_SET_SSL_VERSION 3 +.Os +.Sh NAME +.Nm SSL_CTX_set_ssl_version , +.Nm SSL_set_ssl_method , +.Nm SSL_get_ssl_method +.Nd choose a new TLS/SSL method +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft int +.Fn SSL_CTX_set_ssl_version "SSL_CTX *ctx" "const SSL_METHOD *method" +.Ft int +.Fn SSL_set_ssl_method "SSL *s" "const SSL_METHOD *method" +.Ft const SSL_METHOD * +.Fn SSL_get_ssl_method "SSL *ssl" +.Sh DESCRIPTION +.Fn SSL_CTX_set_ssl_version +sets a new default TLS/SSL +.Fa method +for +.Vt SSL +objects newly created from this +.Fa ctx . +.Vt SSL +objects already created with +.Xr SSL_new 3 +are not affected, except when +.Xr SSL_clear 3 +is called. +.Pp +.Fn SSL_set_ssl_method +sets a new TLS/SSL +.Fa method +for a particular +.Vt SSL +object +.Fa s . +It may be reset when +.Xr SSL_clear 3 +is called. +.Pp +.Fn SSL_get_ssl_method +returns a function pointer to the TLS/SSL method set in +.Fa ssl . +.Pp +The available +.Fa method +choices are described in +.Xr SSL_CTX_new 3 . +.Pp +When +.Xr SSL_clear 3 +is called and no session is connected to an +.Vt SSL +object, the method of the +.Vt SSL +object is reset to the method currently set in the corresponding +.Vt SSL_CTX +object. +.Sh RETURN VALUES +The following return values can occur for +.Fn SSL_CTX_set_ssl_version +and +.Fn SSL_set_ssl_method : +.Bl -tag -width Ds +.It 0 +The new choice failed. +Check the error stack to find out the reason. +.It 1 +The operation succeeded. +.El +.Sh SEE ALSO +.Xr ssl 3 , +.Xr SSL_clear 3 , +.Xr SSL_CTX_new 3 , +.Xr SSL_new 3 , +.Xr SSL_set_connect_state 3 +.Sh HISTORY +.Fn SSL_CTX_set_ssl_version , +.Fn SSL_set_ssl_method , +and +.Fn SSL_get_ssl_method +first appeared in SSLeay 0.8.0 and have been available since +.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_CTX_set_timeout.3 b/src/lib/libssl/man/SSL_CTX_set_timeout.3 new file mode 100644 index 00000000000..ab99e2016ed --- /dev/null +++ b/src/lib/libssl/man/SSL_CTX_set_timeout.3 @@ -0,0 +1,118 @@ +.\" $OpenBSD: SSL_CTX_set_timeout.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2001 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_CTX_SET_TIMEOUT 3 +.Os +.Sh NAME +.Nm SSL_CTX_set_timeout , +.Nm SSL_CTX_get_timeout +.Nd manipulate timeout values for session caching +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft long +.Fn SSL_CTX_set_timeout "SSL_CTX *ctx" "long t" +.Ft long +.Fn SSL_CTX_get_timeout "SSL_CTX *ctx" +.Sh DESCRIPTION +.Fn SSL_CTX_set_timeout +sets the timeout for newly created sessions for +.Fa ctx +to +.Fa t . +The timeout value +.Fa t +must be given in seconds. +.Pp +.Fn SSL_CTX_get_timeout +returns the currently set timeout value for +.Fa ctx . +.Pp +Whenever a new session is created, it is assigned a maximum lifetime. +This lifetime is specified by storing the creation time of the session and the +timeout value valid at this time. +If the actual time is later than creation time plus timeout, +the session is not reused. +.Pp +Due to this realization, all sessions behave according to the timeout value +valid at the time of the session negotiation. +Changes of the timeout value do not affect already established sessions. +.Pp +The expiration time of a single session can be modified using the +.Xr SSL_SESSION_get_time 3 +family of functions. +.Pp +Expired sessions are removed from the internal session cache, whenever +.Xr SSL_CTX_flush_sessions 3 +is called, either directly by the application or automatically (see +.Xr SSL_CTX_set_session_cache_mode 3 ) . +.Pp +The default value for session timeout is decided on a per-protocol basis; see +.Xr SSL_get_default_timeout 3 . +All currently supported protocols have the same default timeout value of 300 +seconds. +.Sh RETURN VALUES +.Fn SSL_CTX_set_timeout +returns the previously set timeout value. +.Pp +.Fn SSL_CTX_get_timeout +returns the currently set timeout value. +.Sh SEE ALSO +.Xr ssl 3 , +.Xr SSL_CTX_flush_sessions 3 , +.Xr SSL_CTX_set_session_cache_mode 3 , +.Xr SSL_get_default_timeout 3 , +.Xr SSL_SESSION_get_time 3 +.Sh HISTORY +.Fn SSL_CTX_set_timeout +and +.Fn SSL_CTX_get_timeout +first appeared in SSLeay 0.6.1 and have been available since +.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_CTX_set_tlsext_servername_callback.3 b/src/lib/libssl/man/SSL_CTX_set_tlsext_servername_callback.3 new file mode 100644 index 00000000000..71449bd080f --- /dev/null +++ b/src/lib/libssl/man/SSL_CTX_set_tlsext_servername_callback.3 @@ -0,0 +1,152 @@ +.\" $OpenBSD: SSL_CTX_set_tlsext_servername_callback.3,v 1.3 2018/03/23 01:06:56 schwarze Exp $ +.\" OpenSSL 190b9a03 Jun 28 15:46:13 2017 +0800 +.\" OpenSSL 8c55c461 Mar 29 08:34:37 2017 +1000 +.\" +.\" This file was written by Jon Spillett +.\" and Paul Yang . +.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt SSL_CTX_SET_TLSEXT_SERVERNAME_CALLBACK 3 +.Os +.Sh NAME +.Nm SSL_CTX_set_tlsext_servername_callback , +.Nm SSL_CTX_set_tlsext_servername_arg , +.Nm SSL_get_servername_type , +.Nm SSL_get_servername , +.Nm SSL_set_tlsext_host_name +.Nd handle server name indication (SNI) +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft long +.Fo SSL_CTX_set_tlsext_servername_callback +.Fa "SSL_CTX *ctx" +.Fa "int (*cb)(SSL_CTX *, int *, void *)" +.Fc +.Ft long +.Fo SSL_CTX_set_tlsext_servername_arg +.Fa "SSL_CTX *ctx" +.Fa "void *arg" +.Fc +.Ft const char * +.Fo SSL_get_servername +.Fa "const SSL *s" +.Fa "const int type" +.Fc +.Ft int +.Fo SSL_get_servername_type +.Fa "const SSL *s" +.Fc +.Ft int +.Fo SSL_set_tlsext_host_name +.Fa "const SSL *s" +.Fa "const char *name" +.Fc +.Sh DESCRIPTION +.Fn SSL_CTX_set_tlsext_servername_callback +sets the application callback +.Fa cb +used by a server to perform any actions or configuration required based +on the servername extension received in the incoming connection. +When +.Fa cb +is +.Dv NULL , +SNI is not used. +The +.Fa arg +value is a pointer which is passed to the application callback. +.Pp +.Fn SSL_CTX_set_tlsext_servername_arg +sets a context-specific argument to be passed into the callback for +.Fa ctx . +.Pp +.Fn SSL_set_tlsext_host_name +sets the server name indication ClientHello extension +to contain the value +.Fa name , +or clears it if +.Fa name +is +.Dv NULL . +The type of server name indication +extension is set to +.Dv TLSEXT_NAMETYPE_host_name +as defined in RFC 3546. +.Pp +All three functions are implemented as macros. +.Pp +The ALPN and SNI callbacks are both executed during Client Hello +processing. +The servername callback is executed first, followed by the ALPN +callback. +.Sh RETURN VALUES +.Fn SSL_CTX_set_tlsext_servername_callback +and +.Fn SSL_CTX_set_tlsext_servername_arg +always return 1 indicating success. +.Pp +.Fn SSL_get_servername +returns a servername extension value of the specified type if provided +in the Client Hello, or +.Dv NULL +otherwise. +.Pp +.Fn SSL_get_servername_type +returns the servername type or -1 if no servername is present. +Currently the only supported type (defined in RFC 3546) is +.Dv TLSEXT_NAMETYPE_host_name . +.Pp +.Fn SSL_set_tlsext_host_name +returns 1 on success or 0 in case of an error. +.Sh SEE ALSO +.Xr SSL_CTX_callback_ctrl 3 , +.Xr SSL_CTX_set_alpn_select_cb 3 +.Sh HISTORY +These functions first appeared in OpenSSL 0.9.8f +and have been available since +.Ox 4.5 . diff --git a/src/lib/libssl/man/SSL_CTX_set_tlsext_status_cb.3 b/src/lib/libssl/man/SSL_CTX_set_tlsext_status_cb.3 new file mode 100644 index 00000000000..b57c28b5a94 --- /dev/null +++ b/src/lib/libssl/man/SSL_CTX_set_tlsext_status_cb.3 @@ -0,0 +1,205 @@ +.\" $OpenBSD: SSL_CTX_set_tlsext_status_cb.3,v 1.6 2018/03/24 00:11:37 schwarze Exp $ +.\" full merge up to: OpenSSL 43c34894 Nov 30 16:04:51 2015 +0000 +.\" selective merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100 +.\" +.\" This file was written by Matt Caswell . +.\" Copyright (c) 2015, 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 24 2018 $ +.Dt SSL_CTX_SET_TLSEXT_STATUS_CB 3 +.Os +.Sh NAME +.Nm SSL_CTX_set_tlsext_status_cb , +.Nm SSL_CTX_get_tlsext_status_cb , +.Nm SSL_CTX_set_tlsext_status_arg , +.Nm SSL_CTX_get_tlsext_status_arg , +.Nm SSL_set_tlsext_status_type , +.Nm SSL_get_tlsext_status_ocsp_resp , +.Nm SSL_set_tlsext_status_ocsp_resp +.Nd OCSP Certificate Status Request functions +.Sh SYNOPSIS +.In openssl/tls1.h +.Ft long +.Fo SSL_CTX_set_tlsext_status_cb +.Fa "SSL_CTX *ctx" +.Fa "int (*callback)(SSL *, void *)" +.Fc +.Ft long +.Fo SSL_CTX_get_tlsext_status_cb +.Fa "SSL_CTX *ctx" +.Fa "int (*callback)(SSL *, void *)" +.Fc +.Ft long +.Fo SSL_CTX_set_tlsext_status_arg +.Fa "SSL_CTX *ctx" +.Fa "void *arg" +.Fc +.Ft long +.Fo SSL_CTX_get_tlsext_status_arg +.Fa "SSL_CTX *ctx" +.Fa "void **arg" +.Fc +.Ft long +.Fo SSL_set_tlsext_status_type +.Fa "SSL *s" +.Fa "int type" +.Fc +.Ft long +.Fo SSL_get_tlsext_status_ocsp_resp +.Fa ssl +.Fa "unsigned char **resp" +.Fc +.Ft long +.Fo SSL_set_tlsext_status_ocsp_resp +.Fa ssl +.Fa "unsigned char *resp" +.Fa "int len" +.Fc +.Sh DESCRIPTION +A client application may request that a server send back an OCSP status +response (also known as OCSP stapling). +To do so the client should call the +.Fn SSL_set_tlsext_status_type +function on an individual +.Vt SSL +object prior to the start of the handshake. +Currently the only supported type is +.Dv TLSEXT_STATUSTYPE_ocsp . +This value should be passed in the +.Fa type +argument. +.Pp +The client should additionally provide a callback function to decide +what to do with the returned OCSP response by calling +.Fn SSL_CTX_set_tlsext_status_cb . +The callback function should determine whether the returned OCSP +response is acceptable or not. +The callback will be passed as an argument the value previously set via +a call to +.Fn SSL_CTX_set_tlsext_status_arg . +Note that the callback will not be called in the event of a handshake +where session resumption occurs (because there are no Certificates +exchanged in such a handshake). +.Pp +The callback previously set via +.Fn SSL_CTX_set_tlsext_status_cb +can be retrieved by calling +.Fn SSL_CTX_get_tlsext_status_cb , +and the argument by calling +.Fn SSL_CTX_get_tlsext_status_arg . +.Pp +The response returned by the server can be obtained via a call to +.Fn SSL_get_tlsext_status_ocsp_resp . +The value +.Pf * Fa resp +will be updated to point to the OCSP response data and the return value +will be the length of that data. +If the server has not provided any response data, then +.Pf * Fa resp +will be +.Dv NULL +and the return value from +.Fn SSL_get_tlsext_status_ocsp_resp +will be -1. +.Pp +A server application must also call the +.Fn SSL_CTX_set_tlsext_status_cb +function if it wants to be able to provide clients with OCSP Certificate +Status responses. +Typically the server callback would obtain the server certificate that +is being sent back to the client via a call to +.Xr SSL_get_certificate 3 , +obtain the OCSP response to be sent back, and then set that response +data by calling +.Fn SSL_set_tlsext_status_ocsp_resp . +A pointer to the response data should be provided in the +.Fa resp +argument, and the length of that data should be in the +.Fa len +argument. +.Sh RETURN VALUES +The callback when used on the client side should return a negative +value on error, 0 if the response is not acceptable (in which case +the handshake will fail), or a positive value if it is acceptable. +.Pp +The callback when used on the server side should return with either +.Dv SSL_TLSEXT_ERR_OK +(meaning that the OCSP response that has been set should be returned), +.Dv SSL_TLSEXT_ERR_NOACK +(meaning that an OCSP response should not be returned), or +.Dv SSL_TLSEXT_ERR_ALERT_FATAL +(meaning that a fatal error has occurred). +.Pp +.Fn SSL_CTX_set_tlsext_status_cb , +.Fn SSL_CTX_get_tlsext_status_cb , +.Fn SSL_CTX_set_tlsext_status_arg , +.Fn SSL_CTX_get_tlsext_status_arg , +.Fn SSL_set_tlsext_status_type , +and +.Fn SSL_set_tlsext_status_ocsp_resp +always return 1, indicating success. +.Pp +.Fn SSL_get_tlsext_status_ocsp_resp +returns the length of the OCSP response data +or \-1 if there is no OCSP response data. +.Sh SEE ALSO +.Xr SSL_CTX_callback_ctrl 3 +.Sh HISTORY +.Fn SSL_CTX_set_tlsext_status_cb , +.Fn SSL_CTX_set_tlsext_status_arg , +.Fn SSL_set_tlsext_status_type , +.Fn SSL_get_tlsext_status_ocsp_resp , +and +.Fn SSL_set_tlsext_status_ocsp_resp +first appeared in OpenSSL 0.9.8h and have been available since +.Ox 4.5 . +.Pp +.Fn SSL_CTX_get_tlsext_status_cb +and +.Fn SSL_CTX_get_tlsext_status_arg +first appeared in OpenSSL 1.1.0 and have been available since +.Ox 6.3 . diff --git a/src/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 b/src/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 new file mode 100644 index 00000000000..80aeaeb44a2 --- /dev/null +++ b/src/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 @@ -0,0 +1,299 @@ +.\" $OpenBSD: SSL_CTX_set_tlsext_ticket_key_cb.3,v 1.4 2018/03/23 01:06:56 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Rich Salz +.\" Copyright (c) 2014, 2015, 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt SSL_CTX_SET_TLSEXT_TICKET_KEY_CB 3 +.Os +.Sh NAME +.Nm SSL_CTX_set_tlsext_ticket_key_cb +.Nd set a callback for session ticket processing +.Sh SYNOPSIS +.In openssl/tls1.h +.Ft long +.Fo SSL_CTX_set_tlsext_ticket_key_cb +.Fa "SSL_CTX sslctx" +.Fa "int (*cb)(SSL *s, unsigned char key_name[16],\ + unsigned char iv[EVP_MAX_IV_LENGTH],\ + EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc)" +.Fc +.Sh DESCRIPTION +.Fn SSL_CTX_set_tlsext_ticket_key_cb +sets a callback function +.Fa cb +for handling session tickets for the ssl context +.Fa sslctx . +Session tickets, defined in RFC5077, provide an enhanced session +resumption capability where the server implementation is not required to +maintain per session state. +.Pp +The callback function +.Fa cb +will be called for every client instigated TLS session when session +ticket extension is presented in the TLS hello message. +It is the responsibility of this function to create or retrieve the +cryptographic parameters and to maintain their state. +.Pp +The OpenSSL library uses the callback function to help implement a +common TLS ticket construction state according to RFC5077 Section 4 such +that per session state is unnecessary and a small set of cryptographic +variables needs to be maintained by the callback function +implementation. +.Pp +In order to reuse a session, a TLS client must send a session ticket +extension to the server. +The client can only send exactly one session ticket. +The server, through the callback function, either agrees to reuse the +session ticket information or it starts a full TLS handshake to create a +new session ticket. +.Pp +Before the callback function is started, +.Fa ctx +and +.Fa hctx +have been initialised with +.Xr EVP_CIPHER_CTX_init 3 +and +.Xr HMAC_CTX_init 3 , +respectively. +.Pp +For new sessions tickets, when the client doesn't present a session +ticket, or an attempted retrieval of the ticket failed, or a renew +option was indicated, the callback function will be called with +.Fa enc +equal to 1. +The OpenSSL library expects that the function will set an arbitrary +.Fa key_name , +initialize +.Fa iv , +and set the cipher context +.Fa ctx +and the hash context +.Fa hctx . +.Pp +The +.Fa key_name +is 16 characters long and is used as a key identifier. +.Pp +The +.Fa iv +length is the length of the IV of the corresponding cipher. +The maximum IV length is +.Dv EVP_MAX_IV_LENGTH +bytes defined in +.In opsenssl/evp.h . +.Pp +The initialization vector +.Fa iv +should be a random value. +The cipher context +.Fa ctx +should use the initialisation vector +.Fa iv . +The cipher context can be set using +.Xr EVP_EncryptInit_ex 3 . +The hmac context can be set using +.Xr HMAC_Init_ex 3 . +.Pp +When the client presents a session ticket, the callback function +with be called with +.Fa enc +set to 0 indicating that the +.Fa cb +function should retrieve a set of parameters. +In this case +.Fa key_name +and +.Fa iv +have already been parsed out of the session ticket. +The OpenSSL library expects that the +.Em key_name +will be used to retrieve a cryptographic parameters and that the +cryptographic context +.Fa ctx +will be set with the retrieved parameters and the initialization vector +.Fa iv +using a function like +.Xr EVP_DecryptInit_ex 3 . +The +.Fa hctx +needs to be set using +.Xr HMAC_Init_ex 3 . +.Pp +If the +.Fa key_name +is still valid but a renewal of the ticket is required, the callback +function should return 2. +The library will call the callback again with an argument of +.Fa enc +equal to 1 to set the new ticket. +.Pp +The return value of the +.Fa cb +function is used by OpenSSL to determine what further processing will +occur. +The following return values have meaning: +.Bl -tag -width Ds +.It 2 +This indicates that the +.Fa ctx +and +.Fa hctx +have been set and the session can continue on those parameters. +Additionally it indicates that the session ticket is in a renewal period +and should be replaced. +The OpenSSL library will call +.Fa cb +again with an +.Fa enc +argument of 1 to set the new ticket (see RFC5077 3.3 paragraph 2). +.It 1 +This indicates that the +.Fa ctx +and +.Fa hctx +have been set and the session can continue on those parameters. +.It 0 +This indicates that it was not possible to set/retrieve a session ticket +and the SSL/TLS session will continue by negotiating a set of +cryptographic parameters or using the alternate SSL/TLS resumption +mechanism, session ids. +.Pp +If called with +.Fa enc +equal to 0, the library will call the +.Fa cb +again to get a new set of parameters. +.It less than 0 +This indicates an error. +.El +.Pp +Session resumption shortcuts the TLS so that the client certificate +negotiation don't occur. +It makes up for this by storing client certificate and all other +negotiated state information encrypted within the ticket. +In a resumed session the applications will have all this state +information available exactly as if a full negotiation had occurred. +.Pp +If an attacker can obtain the key used to encrypt a session ticket, they +can obtain the master secret for any ticket using that key and decrypt +any traffic using that session: even if the ciphersuite supports forward +secrecy. +As a result applications may wish to use multiple keys and avoid using +long term keys stored in files. +.Pp +Applications can use longer keys to maintain a consistent level of +security. +For example if a ciphersuite uses 256 bit ciphers but only a 128 bit +ticket key the overall security is only 128 bits because breaking the +ticket key will enable an attacker to obtain the session keys. +.Sh RETURN VALUES +This function returns 0 to indicate that the callback function was set. +.Sh EXAMPLES +Reference Implementation: +.Bd -literal +SSL_CTX_set_tlsext_ticket_key_cb(SSL, ssl_tlsext_ticket_key_cb); +\&.... +static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16], + unsigned char *iv, EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc) +{ + if (enc) { /* create new session */ + if (RAND_bytes(iv, EVP_MAX_IV_LENGTH)) + return -1; /* insufficient random */ + + key = currentkey(); /* something you need to implement */ + if (!key) { + /* current key doesn't exist or isn't valid */ + key = createkey(); + /* something that you need to implement. + * createkey needs to initialise a name, + * an aes_key, a hmac_key, and optionally + * an expire time. */ + if (!key) /* key couldn't be created */ + return 0; + } + memcpy(key_name, key->name, 16); + + EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, + key->aes_key, iv); + HMAC_Init_ex(&hctx, key->hmac_key, 16, EVP_sha256(), NULL); + + return 1; + + } else { /* retrieve session */ + key = findkey(name); + + if (!key || key->expire < now()) + return 0; + + HMAC_Init_ex(&hctx, key->hmac_key, 16, EVP_sha256(), NULL); + EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, + key->aes_key, iv ); + + if (key->expire < (now() - RENEW_TIME)) + /* this session will get a new ticket + * even though the current is still valid */ + return 2; + + return 1; + } +} +.Ed +.Sh SEE ALSO +.Xr SSL_CTX_add_session 3 , +.Xr SSL_CTX_callback_ctrl 3 , +.Xr SSL_CTX_sess_number 3 , +.Xr SSL_CTX_sess_set_get_cb 3 , +.Xr SSL_CTX_set_session_id_context 3 , +.Xr SSL_session_reused 3 , +.Xr SSL_set_session 3 +.Sh HISTORY +.Fn SSL_CTX_set_tlsext_ticket_key_cb +first appeared in OpenSSL 0.9.8h and has been available since +.Ox 4.5 . diff --git a/src/lib/libssl/man/SSL_CTX_set_tlsext_use_srtp.3 b/src/lib/libssl/man/SSL_CTX_set_tlsext_use_srtp.3 new file mode 100644 index 00000000000..23786f7663b --- /dev/null +++ b/src/lib/libssl/man/SSL_CTX_set_tlsext_use_srtp.3 @@ -0,0 +1,192 @@ +.\" $OpenBSD: SSL_CTX_set_tlsext_use_srtp.3,v 1.3 2018/03/30 19:31:11 schwarze Exp $ +.\" full merge up to: OpenSSL b0edda11 Mar 20 13:00:17 2018 +0000 +.\" +.\" This file was written by Matt Caswell . +.\" Copyright (c) 2017 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 30 2018 $ +.Dt SSL_CTX_SET_TLSEXT_USE_SRTP 3 +.Os +.Sh NAME +.Nm SSL_CTX_set_tlsext_use_srtp , +.Nm SSL_set_tlsext_use_srtp , +.Nm SSL_get_srtp_profiles , +.Nm SSL_get_selected_srtp_profile +.Nd Configure and query SRTP support +.Sh SYNOPSIS +.In openssl/srtp.h +.Ft int +.Fo SSL_CTX_set_tlsext_use_srtp +.Fa "SSL_CTX *ctx" +.Fa "const char *profiles" +.Fc +.Ft int +.Fo SSL_set_tlsext_use_srtp +.Fa "SSL *ssl" +.Fa "const char *profiles" +.Fc +.Ft STACK_OF(SRTP_PROTECTION_PROFILE) * +.Fo SSL_get_srtp_profiles +.Fa "SSL *ssl" +.Fc +.Ft SRTP_PROTECTION_PROFILE * +.Fo SSL_get_selected_srtp_profile +.Fa "SSL *ssl" +.Fc +.Sh DESCRIPTION +SRTP is the Secure Real-Time Transport Protocol. +OpenSSL implements support for the "use_srtp" DTLS extension +defined in RFC5764. +This provides a mechanism for establishing SRTP keying material, +algorithms and parameters using DTLS. +This capability may be used as part of an implementation that +conforms to RFC5763. +OpenSSL does not implement SRTP itself or RFC5763. +Note that OpenSSL does not support the use of SRTP Master Key +Identifiers (MKIs). +Also note that this extension is only supported in DTLS. +Any SRTP configuration is ignored if a TLS connection is attempted. +.Pp +An OpenSSL client wishing to send the "use_srtp" extension should call +.Fn SSL_CTX_set_tlsext_use_srtp +to set its use for all +.Vt SSL +objects subsequently created from +.Fa ctx . +Alternatively a client may call +.Fn SSL_set_tlsext_use_srtp +to set its use for an individual +.Vt SSL +object. +The +.Fa profiles +parameter should point to a NUL-terminated, colon delimited list of +SRTP protection profile names. +.Pp +The currently supported protection profile names are: +.Bl -tag -width Ds +.It Dv SRTP_AES128_CM_SHA1_80 +This corresponds to SRTP_AES128_CM_HMAC_SHA1_80 defined in RFC5764. +.It Dv SRTP_AES128_CM_SHA1_32 +This corresponds to SRTP_AES128_CM_HMAC_SHA1_32 defined in RFC5764. +.El +.Pp +Supplying an unrecognised protection profile name results in an error. +.Pp +An OpenSSL server wishing to support the "use_srtp" extension should +also call +.Fn SSL_CTX_set_tlsext_use_srtp +or +.Fn SSL_set_tlsext_use_srtp +to indicate the protection profiles that it is willing to negotiate. +.Pp +The currently configured list of protection profiles for either a client +or a server can be obtained by calling +.Fn SSL_get_srtp_profiles . +This returns a stack of +.Vt SRTP_PROTECTION_PROFILE +objects. +The memory pointed to in the return value of this function should not be +freed by the caller. +.Pp +After a handshake has been completed, the negotiated SRTP protection +profile (if any) can be obtained (on the client or the server) by +calling +.Fn SSL_get_selected_srtp_profile . +This function returns +.Dv NULL +if no SRTP protection profile was negotiated. +The memory returned from this function should not be freed by the +caller. +.Pp +If an SRTP protection profile has been successfully negotiated, +then the SRTP keying material (on both the client and server) +should be obtained by calling +.Xr SSL_export_keying_material 3 +with a +.Fa label +of +.Qq EXTRACTOR-dtls_srtp , +a +.Fa context +of +.Dv NULL , +and a +.Fa use_context +argument of 0. +The total length of keying material obtained should be equal to two +times the sum of the master key length and the salt length as defined +for the protection profile in use. +This provides the client write master key, the server write master key, +the client write master salt and the server write master salt in that +order. +.Sh RETURN VALUES +Contrary to OpenSSL conventions, +.Fn SSL_CTX_set_tlsext_use_srtp +and +.Fn SSL_set_tlsext_use_srtp +return 0 on success or 1 on error. +.Pp +.Fn SSL_get_srtp_profiles +returns a stack of +.Vt SRTP_PROTECTION_PROFILE +objects on success or +.Dv NULL +on error or if no protection profiles have been configured. +.Pp +.Fn SSL_get_selected_srtp_profile +returns a pointer to an +.Vt SRTP_PROTECTION_PROFILE +object if one has been negotiated or +.Dv NULL +otherwise. +.Sh SEE ALSO +.Xr SSL_export_keying_material 3 +.Sh HISTORY +These functions first appeared in OpenSSL 1.0.1 +and have been available since +.Ox 5.3 . diff --git a/src/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 b/src/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 new file mode 100644 index 00000000000..b4f54eab3db --- /dev/null +++ b/src/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 @@ -0,0 +1,235 @@ +.\" $OpenBSD: SSL_CTX_set_tmp_dh_callback.3,v 1.7 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2001, 2014, 2015 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_CTX_SET_TMP_DH_CALLBACK 3 +.Os +.Sh NAME +.Nm SSL_CTX_set_tmp_dh_callback , +.Nm SSL_CTX_set_tmp_dh , +.Nm SSL_set_tmp_dh_callback , +.Nm SSL_set_tmp_dh +.Nd handle DH keys for ephemeral key exchange +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft void +.Fo SSL_CTX_set_tmp_dh_callback +.Fa "SSL_CTX *ctx" +.Fa "DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength)" +.Fc +.Ft long +.Fn SSL_CTX_set_tmp_dh "SSL_CTX *ctx" "DH *dh" +.Ft void +.Fo SSL_set_tmp_dh_callback +.Fa "SSL *ssl" +.Fa "DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength" +.Fc +.Ft long +.Fn SSL_set_tmp_dh "SSL *ssl" "DH *dh" +.Sh DESCRIPTION +.Fn SSL_CTX_set_tmp_dh_callback +sets the callback function for +.Fa ctx +to be used when a DH parameters are required to +.Fa tmp_dh_callback . +The callback is inherited by all +.Vt ssl +objects created from +.Fa ctx . +.Pp +.Fn SSL_CTX_set_tmp_dh +sets DH parameters to be used by +.Fa ctx . +The key is inherited by all +.Fa ssl +objects created from +.Fa ctx . +.Pp +.Fn SSL_set_tmp_dh_callback +sets the callback only for +.Fa ssl . +.Pp +.Fn SSL_set_tmp_dh +sets the parameters only for +.Fa ssl . +.Pp +These functions apply to SSL/TLS servers only. +.Pp +When using a cipher with RSA authentication, +an ephemeral DH key exchange can take place. +Ciphers with DSA keys always use ephemeral DH keys as well. +In these cases, the session data are negotiated using the ephemeral/temporary +DH key and the key supplied and certified by the certificate chain is only used +for signing. +Anonymous ciphers (without a permanent server key) also use ephemeral DH keys. +.Pp +Using ephemeral DH key exchange yields forward secrecy, +as the connection can only be decrypted when the DH key is known. +By generating a temporary DH key inside the server application that is lost +when the application is left, it becomes impossible for an attacker to decrypt +past sessions, even if he gets hold of the normal (certified) key, +as this key was only used for signing. +.Pp +In order to perform a DH key exchange the server must use a DH group +(DH parameters) and generate a DH key. +The server will always generate a new DH key during the negotiation. +.Pp +As generating DH parameters is extremely time consuming, an application should +not generate the parameters on the fly but supply the parameters. +DH parameters can be reused, +as the actual key is newly generated during the negotiation. +The risk in reusing DH parameters is that an attacker may specialize on a very +often used DH group. +Applications should therefore generate their own DH parameters during the +installation process using the +.Xr openssl 1 +.Cm dhparam +application. +This application guarantees that "strong" primes are used. +.Pp +Files +.Pa dh2048.pem +and +.Pa dh4096.pem +in the +.Pa apps +directory of the current version of the OpenSSL distribution contain the +.Sq SKIP +DH parameters, +which use safe primes and were generated verifiably pseudo-randomly. +These files can be converted into C code using the +.Fl C +option of the +.Xr openssl 1 +.Cm dhparam +application. +Generation of custom DH parameters during installation should still +be preferred to stop an attacker from specializing on a commonly +used group. +The file +.Pa dh1024.pem +contains old parameters that must not be used by applications. +.Pp +An application may either directly specify the DH parameters or can supply the +DH parameters via a callback function. +.Pp +Previous versions of the callback used +.Fa is_export +and +.Fa keylength +parameters to control parameter generation for export and non-export +cipher suites. +Modern servers that do not support export ciphersuites are advised +to either use +.Fn SSL_CTX_set_tmp_dh +or alternatively, use the callback but ignore +.Fa keylength +and +.Fa is_export +and simply supply at least 2048-bit parameters in the callback. +.Sh RETURN VALUES +.Fn SSL_CTX_set_tmp_dh_callback +and +.Fn SSL_set_tmp_dh_callback +do not return diagnostic output. +.Pp +.Fn SSL_CTX_set_tmp_dh +and +.Fn SSL_set_tmp_dh +do return 1 on success and 0 on failure. +Check the error queue to find out the reason of failure. +.Sh EXAMPLES +Set up DH parameters with a key length of 2048 bits. +Error handling is partly left out. +.Pp +Command-line parameter generation: +.Pp +.Dl openssl dhparam -out dh_param_2048.pem 2048 +.Pp +Code for setting up parameters during server initialization: +.Bd -literal +SSL_CTX ctx = SSL_CTX_new(); +\&... + +/* Set up ephemeral DH parameters. */ +DH *dh_2048 = NULL; +FILE *paramfile; +paramfile = fopen("dh_param_2048.pem", "r"); +if (paramfile) { + dh_2048 = PEM_read_DHparams(paramfile, NULL, NULL, NULL); + fclose(paramfile); +} else { + /* Error. */ +} +if (dh_2048 == NULL) { + /* Error. */ +} +if (SSL_CTX_set_tmp_dh(ctx, dh_2048) != 1) { + /* Error. */ +} +.Ed +.Sh SEE ALSO +.Xr openssl 1 , +.Xr ssl 3 , +.Xr SSL_CTX_set_cipher_list 3 , +.Xr SSL_CTX_set_options 3 , +.Xr SSL_set_tmp_ecdh 3 +.Sh HISTORY +.Fn SSL_CTX_set_tmp_dh_callback +and +.Fn SSL_CTX_set_tmp_dh +first appeared in SSLeay 0.8.0 and have been available since +.Ox 2.4 . +.Pp +.Fn SSL_set_tmp_dh_callback +and +.Fn SSL_set_tmp_dh +first appeared in OpenSSL 0.9.2b and have been available since +.Ox 2.6 . diff --git a/src/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 b/src/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 new file mode 100644 index 00000000000..0181634fe32 --- /dev/null +++ b/src/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 @@ -0,0 +1,114 @@ +.\" $OpenBSD: SSL_CTX_set_tmp_rsa_callback.3,v 1.8 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL 0b30fc90 Dec 19 15:23:05 2013 -0500 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2001, 2006, 2013 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_CTX_SET_TMP_RSA_CALLBACK 3 +.Os +.Sh NAME +.Nm SSL_CTX_set_tmp_rsa_callback , +.Nm SSL_CTX_set_tmp_rsa , +.Nm SSL_CTX_need_tmp_RSA , +.Nm SSL_set_tmp_rsa_callback , +.Nm SSL_set_tmp_rsa , +.Nm SSL_need_tmp_RSA +.Nd handle RSA keys for ephemeral key exchange +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft void +.Fo SSL_CTX_set_tmp_rsa_callback +.Fa "SSL_CTX *ctx" +.Fa "RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength)" +.Fc +.Ft long +.Fn SSL_CTX_set_tmp_rsa "SSL_CTX *ctx" "RSA *rsa" +.Ft long +.Fn SSL_CTX_need_tmp_RSA "SSL_CTX *ctx" +.Ft void +.Fo SSL_set_tmp_rsa_callback +.Fa "SSL_CTX *ctx" +.Fa "RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength)" +.Fc +.Ft long +.Fn SSL_set_tmp_rsa "SSL *ssl" "RSA *rsa" +.Ft long +.Fn SSL_need_tmp_RSA "SSL *ssl" +.Sh DESCRIPTION +Since they mattered only for deliberately insecure RSA authentication +mandated by historical U.S. export restrictions, these functions +are all deprecated and have no effect except that +.Fn SSL_CTX_set_tmp_rsa_callback , +.Fn SSL_CTX_set_tmp_rsa , +.Fn SSL_set_tmp_rsa_callback , +and +.Fn SSL_set_tmp_rsa +issue error messages when called. +.Sh RETURN VALUES +These functions always return 0, indicating failure. +.Sh SEE ALSO +.Xr ssl 3 , +.Xr SSL_CTX_set_cipher_list 3 , +.Xr SSL_CTX_set_options 3 , +.Xr SSL_CTX_set_tmp_dh_callback 3 , +.Xr SSL_new 3 , +.Xr SSL_set_tmp_ecdh 3 +.Sh HISTORY +.Fn SSL_CTX_set_tmp_rsa_callback , +.Fn SSL_CTX_set_tmp_rsa , +and +.Fn SSL_CTX_need_tmp_RSA +first appeared in SSLeay 0.8.0 and have been available since +.Ox 2.4 . +.Pp +.Fn SSL_set_tmp_rsa_callback +.Fn SSL_set_tmp_rsa , +and +.Fn SSL_need_tmp_RSA +first appeared in OpenSSL 0.9.2b and have been available since +.Ox 2.6 . diff --git a/src/lib/libssl/man/SSL_CTX_set_verify.3 b/src/lib/libssl/man/SSL_CTX_set_verify.3 new file mode 100644 index 00000000000..40a09de902a --- /dev/null +++ b/src/lib/libssl/man/SSL_CTX_set_verify.3 @@ -0,0 +1,478 @@ +.\" $OpenBSD: SSL_CTX_set_verify.3,v 1.7 2018/03/27 17:35:50 schwarze Exp $ +.\" full merge up to: OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400 +.\" selective merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2000, 2001, 2002, 2003, 2014 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_CTX_SET_VERIFY 3 +.Os +.Sh NAME +.Nm SSL_CTX_set_verify , +.Nm SSL_set_verify , +.Nm SSL_CTX_set_verify_depth , +.Nm SSL_set_verify_depth +.Nd set peer certificate verification parameters +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft void +.Fo SSL_CTX_set_verify +.Fa "SSL_CTX *ctx" +.Fa "int mode" +.Fa "int (*verify_callback)(int, X509_STORE_CTX *)" +.Fc +.Ft void +.Fo SSL_set_verify +.Fa "SSL *s" +.Fa "int mode" +.Fa "int (*verify_callback)(int, X509_STORE_CTX *)" +.Fc +.Ft void +.Fn SSL_CTX_set_verify_depth "SSL_CTX *ctx" "int depth" +.Ft void +.Fn SSL_set_verify_depth "SSL *s" "int depth" +.Ft int +.Fn verify_callback "int preverify_ok" "X509_STORE_CTX *x509_ctx" +.Sh DESCRIPTION +.Fn SSL_CTX_set_verify +sets the verification flags for +.Fa ctx +to be +.Fa mode +and +specifies the +.Fa verify_callback +function to be used. +If no callback function shall be specified, the +.Dv NULL +pointer can be used for +.Fa verify_callback . +.Pp +.Fn SSL_set_verify +sets the verification flags for +.Fa ssl +to be +.Fa mode +and specifies the +.Fa verify_callback +function to be used. +If no callback function shall be specified, the +.Dv NULL +pointer can be used for +.Fa verify_callback . +In this case last +.Fa verify_callback +set specifically for this +.Fa ssl +remains. +If no special callback was set before, the default callback for the underlying +.Fa ctx +is used, that was valid at the time +.Fa ssl +was created with +.Xr SSL_new 3 . +Within the callback function, +.Xr SSL_get_ex_data_X509_STORE_CTX_idx 3 +can be called to get the data index of the current +.Vt SSL +object that is doing the verification. +.Pp +.Fn SSL_CTX_set_verify_depth +sets the maximum +.Fa depth +for the certificate chain verification that shall be allowed for +.Fa ctx . +(See the +.Sx BUGS +section.) +.Pp +.Fn SSL_set_verify_depth +sets the maximum +.Fa depth +for the certificate chain verification that shall be allowed for +.Fa ssl . +(See the +.Sx BUGS +section.) +.Pp +The verification of certificates can be controlled by a set of bitwise ORed +.Fa mode +flags: +.Bl -tag -width Ds +.It Dv SSL_VERIFY_NONE +.Em Server mode: +the server will not send a client certificate request to the client, +so the client will not send a certificate. +.Pp +.Em Client mode: +if not using an anonymous cipher (by default disabled), +the server will send a certificate which will be checked. +The result of the certificate verification process can be checked after the +TLS/SSL handshake using the +.Xr SSL_get_verify_result 3 +function. +The handshake will be continued regardless of the verification result. +.It Dv SSL_VERIFY_PEER +.Em Server mode: +the server sends a client certificate request to the client. +The certificate returned (if any) is checked. +If the verification process fails, +the TLS/SSL handshake is immediately terminated with an alert message +containing the reason for the verification failure. +The behaviour can be controlled by the additional +.Dv SSL_VERIFY_FAIL_IF_NO_PEER_CERT +and +.Dv SSL_VERIFY_CLIENT_ONCE +flags. +.Pp +.Em Client mode: +the server certificate is verified. +If the verification process fails, +the TLS/SSL handshake is immediately terminated with an alert message +containing the reason for the verification failure. +If no server certificate is sent, because an anonymous cipher is used, +.Dv SSL_VERIFY_PEER +is ignored. +.It Dv SSL_VERIFY_FAIL_IF_NO_PEER_CERT +.Em Server mode: +if the client did not return a certificate, the TLS/SSL +handshake is immediately terminated with a +.Dq handshake failure +alert. +This flag must be used together with +.Dv SSL_VERIFY_PEER . +.Pp +.Em Client mode: +ignored +.It Dv SSL_VERIFY_CLIENT_ONCE +.Em Server mode: +only request a client certificate on the initial TLS/SSL handshake. +Do not ask for a client certificate again in case of a renegotiation. +This flag must be used together with +.Dv SSL_VERIFY_PEER . +.Pp +.Em Client mode: +ignored +.El +.Pp +Exactly one of the +.Fa mode +flags +.Dv SSL_VERIFY_NONE +and +.Dv SSL_VERIFY_PEER +must be set at any time. +.Pp +The actual verification procedure is performed either using the built-in +verification procedure or using another application provided verification +function set with +.Xr SSL_CTX_set_cert_verify_callback 3 . +The following descriptions apply in the case of the built-in procedure. +An application provided procedure also has access to the verify depth +information and the +.Fa verify_callback Ns () +function, but the way this information is used may be different. +.Pp +.Fn SSL_CTX_set_verify_depth +and +.Fn SSL_set_verify_depth +set the limit up to which depth certificates in a chain are used during the +verification procedure. +If the certificate chain is longer than allowed, +the certificates above the limit are ignored. +Error messages are generated as if these certificates would not be present, +most likely a +.Dv X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY +will be issued. +The depth count is +.Dq level 0: peer certificate , +.Dq level 1: CA certificate , +.Dq level 2: higher level CA certificate , +and so on. +Setting the maximum depth to 2 allows the levels 0, 1, and 2. +The default depth limit is 100, +allowing for the peer certificate and an additional 100 CA certificates. +.Pp +The +.Fa verify_callback +function is used to control the behaviour when the +.Dv SSL_VERIFY_PEER +flag is set. +It must be supplied by the application and receives two arguments: +.Fa preverify_ok +indicates whether the verification of the certificate in question was passed +(preverify_ok=1) or not (preverify_ok=0). +.Fa x509_ctx +is a pointer to the complete context used +for the certificate chain verification. +.Pp +The certificate chain is checked starting with the deepest nesting level +(the root CA certificate) and worked upward to the peer's certificate. +At each level signatures and issuer attributes are checked. +Whenever a verification error is found, the error number is stored in +.Fa x509_ctx +and +.Fa verify_callback +is called with +.Fa preverify_ok +equal to 0. +By applying +.Fn X509_CTX_store_* +functions +.Fa verify_callback +can locate the certificate in question and perform additional steps (see +.Sx EXAMPLES ) . +If no error is found for a certificate, +.Fa verify_callback +is called with +.Fa preverify_ok +equal to 1 before advancing to the next level. +.Pp +The return value of +.Fa verify_callback +controls the strategy of the further verification process. +If +.Fa verify_callback +returns 0, the verification process is immediately stopped with +.Dq verification failed +state. +If +.Dv SSL_VERIFY_PEER +is set, a verification failure alert is sent to the peer and the TLS/SSL +handshake is terminated. +If +.Fa verify_callback +returns 1, the verification process is continued. +If +.Fa verify_callback +always returns 1, +the TLS/SSL handshake will not be terminated with respect to verification +failures and the connection will be established. +The calling process can however retrieve the error code of the last +verification error using +.Xr SSL_get_verify_result 3 +or by maintaining its own error storage managed by +.Fa verify_callback . +.Pp +If no +.Fa verify_callback +is specified, the default callback will be used. +Its return value is identical to +.Fa preverify_ok , +so that any verification +failure will lead to a termination of the TLS/SSL handshake with an +alert message, if +.Dv SSL_VERIFY_PEER +is set. +.Sh EXAMPLES +The following code sequence realizes an example +.Fa verify_callback +function that will always continue the TLS/SSL handshake regardless of +verification failure, if wished. +The callback realizes a verification depth limit with more informational output. +.Pp +All verification errors are printed; +information about the certificate chain is printed on request. +The example is realized for a server that does allow but not require client +certificates. +.Pp +The example makes use of the ex_data technique to store application data +into/retrieve application data from the +.Vt SSL +structure (see +.Xr SSL_get_ex_new_index 3 , +.Xr SSL_get_ex_data_X509_STORE_CTX_idx 3 ) . +.Bd -literal +\&... + +typedef struct { + int verbose_mode; + int verify_depth; + int always_continue; +} mydata_t; +int mydata_index; +\&... +static int +verify_callback(int preverify_ok, X509_STORE_CTX *ctx) +{ + char buf[256]; + X509 *err_cert; + int err, depth; + SSL *ssl; + mydata_t *mydata; + + err_cert = X509_STORE_CTX_get_current_cert(ctx); + err = X509_STORE_CTX_get_error(ctx); + depth = X509_STORE_CTX_get_error_depth(ctx); + + /* + * Retrieve the pointer to the SSL of the connection currently + * treated * and the application specific data stored into the + * SSL object. + */ + ssl = X509_STORE_CTX_get_ex_data(ctx, + SSL_get_ex_data_X509_STORE_CTX_idx()); + mydata = SSL_get_ex_data(ssl, mydata_index); + + X509_NAME_oneline(X509_get_subject_name(err_cert), buf, 256); + + /* + * Catch a too long certificate chain. The depth limit set using + * SSL_CTX_set_verify_depth() is by purpose set to "limit+1" so + * that whenever the "depth>verify_depth" condition is met, we + * have violated the limit and want to log this error condition. + * We must do it here, because the CHAIN_TOO_LONG error would not + * be found explicitly; only errors introduced by cutting off the + * additional certificates would be logged. + */ + if (depth > mydata->verify_depth) { + preverify_ok = 0; + err = X509_V_ERR_CERT_CHAIN_TOO_LONG; + X509_STORE_CTX_set_error(ctx, err); + } + if (!preverify_ok) { + printf("verify error:num=%d:%s:depth=%d:%s\en", err, + X509_verify_cert_error_string(err), depth, buf); + } else if (mydata->verbose_mode) { + printf("depth=%d:%s\en", depth, buf); + } + + /* + * At this point, err contains the last verification error. + * We can use it for something special + */ + if (!preverify_ok && (err == + X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT)) { + X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), + buf, 256); + printf("issuer= %s\en", buf); + } + + if (mydata->always_continue) + return 1; + else + return preverify_ok; +} +\&... + +mydata_t mydata; + +\&... + +mydata_index = SSL_get_ex_new_index(0, "mydata index", NULL, NULL, NULL); + +\&... + +SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE, + verify_callback); + +/* + * Let the verify_callback catch the verify_depth error so that we get + * an appropriate error in the logfile. + */ +SSL_CTX_set_verify_depth(verify_depth + 1); + +/* + * Set up the SSL specific data into "mydata" and store it into the SSL + * structure. + */ +mydata.verify_depth = verify_depth; ... +SSL_set_ex_data(ssl, mydata_index, &mydata); + +\&... + +SSL_accept(ssl); /* check of success left out for clarity */ +if (peer = SSL_get_peer_certificate(ssl)) { + if (SSL_get_verify_result(ssl) == X509_V_OK) { + /* The client sent a certificate which verified OK */ + } +} +.Ed +.Sh SEE ALSO +.Xr ssl 3 , +.Xr SSL_CTX_get_verify_mode 3 , +.Xr SSL_CTX_load_verify_locations 3 , +.Xr SSL_CTX_set_cert_verify_callback 3 , +.Xr SSL_get_ex_data_X509_STORE_CTX_idx 3 , +.Xr SSL_get_ex_new_index 3 , +.Xr SSL_get_peer_certificate 3 , +.Xr SSL_get_verify_result 3 , +.Xr SSL_new 3 +.Sh HISTORY +.Fn SSL_set_verify +appeared in SSLeay 0.4 or earlier. +.Fn SSL_CTX_set_verify +first appeared in SSLeay 0.6.4. +Both functions have been available since +.Ox 2.4 . +.Pp +.Fn SSL_CTX_set_verify_depth +and +.Fn SSL_set_verify_depth +first appeared in OpenSSL 0.9.3 and have been available since +.Ox 2.6 . +.Sh BUGS +In client mode, it is not checked whether the +.Dv SSL_VERIFY_PEER +flag is set, but whether +.Dv SSL_VERIFY_NONE +is not set. +This can lead to unexpected behaviour, if the +.Dv SSL_VERIFY_PEER +and +.Dv SSL_VERIFY_NONE +are not used as required (exactly one must be set at any time). +.Pp +The certificate verification depth set with +.Fn SSL[_CTX]_verify_depth +stops the verification at a certain depth. +The error message produced will be that of an incomplete certificate chain and +not +.Dv X509_V_ERR_CERT_CHAIN_TOO_LONG +as may be expected. diff --git a/src/lib/libssl/man/SSL_CTX_use_certificate.3 b/src/lib/libssl/man/SSL_CTX_use_certificate.3 new file mode 100644 index 00000000000..b1b7df5a9af --- /dev/null +++ b/src/lib/libssl/man/SSL_CTX_use_certificate.3 @@ -0,0 +1,442 @@ +.\" $OpenBSD: SSL_CTX_use_certificate.3,v 1.9 2018/04/25 13:51:34 schwarze Exp $ +.\" OpenSSL e248596b Apr 8 22:49:57 2005 +0000 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2000, 2001, 2002, 2003, 2005 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: April 25 2018 $ +.Dt SSL_CTX_USE_CERTIFICATE 3 +.Os +.Sh NAME +.Nm SSL_CTX_use_certificate , +.Nm SSL_CTX_use_certificate_ASN1 , +.Nm SSL_CTX_use_certificate_file , +.Nm SSL_use_certificate , +.Nm SSL_use_certificate_ASN1 , +.Nm SSL_use_certificate_file , +.Nm SSL_CTX_use_certificate_chain_file , +.Nm SSL_CTX_use_certificate_chain_mem , +.Nm SSL_CTX_use_PrivateKey , +.Nm SSL_CTX_use_PrivateKey_ASN1 , +.Nm SSL_CTX_use_PrivateKey_file , +.Nm SSL_CTX_use_RSAPrivateKey , +.Nm SSL_CTX_use_RSAPrivateKey_ASN1 , +.Nm SSL_CTX_use_RSAPrivateKey_file , +.Nm SSL_use_PrivateKey_file , +.Nm SSL_use_PrivateKey_ASN1 , +.Nm SSL_use_PrivateKey , +.Nm SSL_use_RSAPrivateKey , +.Nm SSL_use_RSAPrivateKey_ASN1 , +.Nm SSL_use_RSAPrivateKey_file , +.Nm SSL_CTX_check_private_key , +.Nm SSL_check_private_key +.Nd load certificate and key data +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft int +.Fn SSL_CTX_use_certificate "SSL_CTX *ctx" "X509 *x" +.Ft int +.Fn SSL_CTX_use_certificate_ASN1 "SSL_CTX *ctx" "int len" "unsigned char *d" +.Ft int +.Fn SSL_CTX_use_certificate_file "SSL_CTX *ctx" "const char *file" "int type" +.Ft int +.Fn SSL_use_certificate "SSL *ssl" "X509 *x" +.Ft int +.Fn SSL_use_certificate_ASN1 "SSL *ssl" "unsigned char *d" "int len" +.Ft int +.Fn SSL_use_certificate_file "SSL *ssl" "const char *file" "int type" +.Ft int +.Fn SSL_CTX_use_certificate_chain_file "SSL_CTX *ctx" "const char *file" +.Ft int +.Fn SSL_CTX_use_certificate_chain_mem "SSL_CTX *ctx" "void *buf" "int len" +.Ft int +.Fn SSL_CTX_use_PrivateKey "SSL_CTX *ctx" "EVP_PKEY *pkey" +.Ft int +.Fo SSL_CTX_use_PrivateKey_ASN1 +.Fa "int pk" "SSL_CTX *ctx" "unsigned char *d" "long len" +.Fc +.Ft int +.Fn SSL_CTX_use_PrivateKey_file "SSL_CTX *ctx" "const char *file" "int type" +.Ft int +.Fn SSL_CTX_use_RSAPrivateKey "SSL_CTX *ctx" "RSA *rsa" +.Ft int +.Fn SSL_CTX_use_RSAPrivateKey_ASN1 "SSL_CTX *ctx" "unsigned char *d" "long len" +.Ft int +.Fn SSL_CTX_use_RSAPrivateKey_file "SSL_CTX *ctx" "const char *file" "int type" +.Ft int +.Fn SSL_use_PrivateKey "SSL *ssl" "EVP_PKEY *pkey" +.Ft int +.Fn SSL_use_PrivateKey_ASN1 "int pk" "SSL *ssl" "unsigned char *d" "long len" +.Ft int +.Fn SSL_use_PrivateKey_file "SSL *ssl" "const char *file" "int type" +.Ft int +.Fn SSL_use_RSAPrivateKey "SSL *ssl" "RSA *rsa" +.Ft int +.Fn SSL_use_RSAPrivateKey_ASN1 "SSL *ssl" "const unsigned char *d" "long len" +.Ft int +.Fn SSL_use_RSAPrivateKey_file "SSL *ssl" "const char *file" "int type" +.Ft int +.Fn SSL_CTX_check_private_key "const SSL_CTX *ctx" +.Ft int +.Fn SSL_check_private_key "const SSL *ssl" +.Sh DESCRIPTION +These functions load the certificates and private keys into the +.Vt SSL_CTX +or +.Vt SSL +object, respectively. +.Pp +The +.Fn SSL_CTX_* +class of functions loads the certificates and keys into the +.Vt SSL_CTX +object +.Fa ctx . +The information is passed to +.Vt SSL +objects +.Fa ssl +created from +.Fa ctx +with +.Xr SSL_new 3 +by copying, so that changes applied to +.Fa ctx +do not propagate to already existing +.Vt SSL +objects. +.Pp +The +.Fn SSL_* +class of functions only loads certificates and keys into a specific +.Vt SSL +object. +The specific information is kept when +.Xr SSL_clear 3 +is called for this +.Vt SSL +object. +.Pp +.Fn SSL_CTX_use_certificate +loads the certificate +.Fa x +into +.Fa ctx ; +.Fn SSL_use_certificate +loads +.Fa x +into +.Fa ssl . +The rest of the certificates needed to form the complete certificate chain can +be specified using the +.Xr SSL_CTX_add_extra_chain_cert 3 +function. +.Pp +.Fn SSL_CTX_use_certificate_ASN1 +loads the ASN1 encoded certificate from the memory location +.Fa d +(with length +.Fa len ) +into +.Fa ctx ; +.Fn SSL_use_certificate_ASN1 +loads the ASN1 encoded certificate into +.Fa ssl . +.Pp +.Fn SSL_CTX_use_certificate_file +loads the first certificate stored in +.Fa file +into +.Fa ctx . +The formatting +.Fa type +of the certificate must be specified from the known types +.Dv SSL_FILETYPE_PEM +and +.Dv SSL_FILETYPE_ASN1 . +.Fn SSL_use_certificate_file +loads the certificate from +.Fa file +into +.Fa ssl . +See the +.Sx NOTES +section on why +.Fn SSL_CTX_use_certificate_chain_file +should be preferred. +.Pp +The +.Fn SSL_CTX_use_certificate_chain* +functions load a certificate chain into +.Fa ctx . +The certificates must be in PEM format and must be sorted starting with the +subject's certificate (actual client or server certificate), +followed by intermediate CA certificates if applicable, +and ending at the highest level (root) CA. +There is no corresponding function working on a single +.Vt SSL +object. +.Pp +.Fn SSL_CTX_use_PrivateKey +adds +.Fa pkey +as private key to +.Fa ctx . +.Fn SSL_CTX_use_RSAPrivateKey +adds the private key +.Fa rsa +of type RSA to +.Fa ctx . +.Fn SSL_use_PrivateKey +adds +.Fa pkey +as private key to +.Fa ssl ; +.Fn SSL_use_RSAPrivateKey +adds +.Fa rsa +as private key of type RSA to +.Fa ssl . +If a certificate has already been set and the private does not belong to the +certificate, an error is returned. +To change a certificate private key pair, +the new certificate needs to be set with +.Fn SSL_use_certificate +or +.Fn SSL_CTX_use_certificate +before setting the private key with +.Fn SSL_CTX_use_PrivateKey +or +.Fn SSL_use_PrivateKey . +.Pp +.Fn SSL_CTX_use_PrivateKey_ASN1 +adds the private key of type +.Fa pk +stored at memory location +.Fa d +(length +.Fa len ) +to +.Fa ctx . +.Fn SSL_CTX_use_RSAPrivateKey_ASN1 +adds the private key of type RSA stored at memory location +.Fa d +(length +.Fa len ) +to +.Fa ctx . +.Fn SSL_use_PrivateKey_ASN1 +and +.Fn SSL_use_RSAPrivateKey_ASN1 +add the private key to +.Fa ssl . +.Pp +.Fn SSL_CTX_use_PrivateKey_file +adds the first private key found in +.Fa file +to +.Fa ctx . +The formatting +.Fa type +of the private key must be specified from the known types +.Dv SSL_FILETYPE_PEM +and +.Dv SSL_FILETYPE_ASN1 . +.Fn SSL_CTX_use_RSAPrivateKey_file +adds the first private RSA key found in +.Fa file +to +.Fa ctx . +.Fn SSL_use_PrivateKey_file +adds the first private key found in +.Fa file +to +.Fa ssl ; +.Fn SSL_use_RSAPrivateKey_file +adds the first private RSA key found to +.Fa ssl . +.Pp +The +.Fn SSL_CTX_check_private_key +function is seriously misnamed. +It compares the +.Em public +key components and parameters of an OpenSSL private key with the +corresponding certificate loaded into +.Fa ctx . +If more than one key/certificate pair (RSA/DSA) is installed, +the last item installed will be compared. +If, e.g., the last item was a RSA certificate or key, +the RSA key/certificate pair will be checked. +.Fn SSL_check_private_key +performs the same +.Em public +key comparison for +.Fa ssl . +If no key/certificate was explicitly added for this +.Fa ssl , +the last item added into +.Fa ctx +will be checked. +.Pp +Despite the name, neither +.Fn SSL_CTX_check_private_key +nor +.Fn SSL_check_private_key +checks whether the private key component is indeed a private key, +nor whether it matches the public key component. +They merely compare the public materials (e.g. exponent and modulus of +an RSA key) and/or key parameters (e.g. EC params of an EC key) of a +key pair. +.Sh NOTES +The internal certificate store of OpenSSL can hold two private key/certificate +pairs at a time: +one key/certificate of type RSA and one key/certificate of type DSA. +The certificate used depends on the cipher select, see also +.Xr SSL_CTX_set_cipher_list 3 . +.Pp +When reading certificates and private keys from file, files of type +.Dv SSL_FILETYPE_ASN1 +(also known as +.Em DER , +binary encoding) can only contain one certificate or private key; consequently, +.Fn SSL_CTX_use_certificate_chain_file +is only applicable to PEM formatting. +Files of type +.Dv SSL_FILETYPE_PEM +can contain more than one item. +.Pp +.Fn SSL_CTX_use_certificate_chain_file +adds the first certificate found in the file to the certificate store. +The other certificates are added to the store of chain certificates using +.Xr SSL_CTX_add_extra_chain_cert 3 . +There exists only one extra chain store, so that the same chain is appended +to both types of certificates, RSA and DSA! +If it is not intended to use both type of certificate at the same time, +it is recommended to use the +.Fn SSL_CTX_use_certificate_chain_file +instead of the +.Fn SSL_CTX_use_certificate_file +function in order to allow the use of complete certificate chains even when no +trusted CA storage is used or when the CA issuing the certificate shall not be +added to the trusted CA storage. +.Pp +If additional certificates are needed to complete the chain during the TLS +negotiation, CA certificates are additionally looked up in the locations of +trusted CA certificates (see +.Xr SSL_CTX_load_verify_locations 3 ) . +.Pp +The private keys loaded from file can be encrypted. +In order to successfully load encrypted keys, +a function returning the passphrase must have been supplied (see +.Xr SSL_CTX_set_default_passwd_cb 3 ) . +(Certificate files might be encrypted as well from the technical point of view, +it however does not make sense as the data in the certificate is considered +public anyway.) +.Sh RETURN VALUES +On success, the functions return 1. +Otherwise check out the error stack to find out the reason. +.Sh SEE ALSO +.Xr ssl 3 , +.Xr SSL_clear 3 , +.Xr SSL_CTX_add_extra_chain_cert 3 , +.Xr SSL_CTX_load_verify_locations 3 , +.Xr SSL_CTX_set_cipher_list 3 , +.Xr SSL_CTX_set_client_cert_cb 3 , +.Xr SSL_CTX_set_default_passwd_cb 3 , +.Xr SSL_new 3 , +.Xr X509_check_private_key 3 +.Sh HISTORY +.Fn SSL_use_certificate , +.Fn SSL_use_certificate_file , +.Fn SSL_use_RSAPrivateKey , +and +.Fn SSL_use_RSAPrivateKey_file +appeared in SSLeay 0.4 or earlier. +.Fn SSL_use_certificate_ASN1 +and +.Fn SSL_use_RSAPrivateKey_ASN1 +first appeared in SSLeay 0.5.1. +.Fn SSL_use_PrivateKey_file , +.Fn SSL_use_PrivateKey_ASN1 , +and +.Fn SSL_use_PrivateKey +first appeared in SSLeay 0.6.0. +.Fn SSL_CTX_use_certificate , +.Fn SSL_CTX_use_certificate_ASN1 , +.Fn SSL_CTX_use_certificate_file , +.Fn SSL_CTX_use_PrivateKey , +.Fn SSL_CTX_use_PrivateKey_ASN1 , +.Fn SSL_CTX_use_PrivateKey_file , +.Fn SSL_CTX_use_RSAPrivateKey , +.Fn SSL_CTX_use_RSAPrivateKey_ASN1 , +and +.Fn SSL_CTX_use_RSAPrivateKey_file +first appeared in SSLeay 0.6.1. +.Fn SSL_CTX_check_private_key +and +.Fn SSL_check_private_key +first appeared in SSLeay 0.6.5. +All these functions have been available since +.Ox 2.4 . +.Pp +.Fn SSL_CTX_use_certificate_chain_file +first appeared in OpenSSL 0.9.4 and has been available since +.Ox 2.6 . +.Pp +Support for DER encoded private keys +.Pq Dv SSL_FILETYPE_ASN1 +in +.Fn SSL_CTX_use_PrivateKey_file +and +.Fn SSL_use_PrivateKey_file +was added in 0.9.8. +.Pp +.Fn SSL_CTX_use_certificate_chain_mem +first appeared in +.Ox 5.7 . diff --git a/src/lib/libssl/man/SSL_SESSION_free.3 b/src/lib/libssl/man/SSL_SESSION_free.3 new file mode 100644 index 00000000000..14c6b3c43f3 --- /dev/null +++ b/src/lib/libssl/man/SSL_SESSION_free.3 @@ -0,0 +1,147 @@ +.\" $OpenBSD: SSL_SESSION_free.3,v 1.6 2018/03/27 17:35:50 schwarze Exp $ +.\" full merge up to: OpenSSL b31db505 Mar 24 16:01:50 2017 +0000 +.\" +.\" This file was written by Lutz Jaenicke +.\" and Matt Caswell . +.\" Copyright (c) 2000, 2001, 2009, 2017 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_SESSION_FREE 3 +.Os +.Sh NAME +.Nm SSL_SESSION_up_ref , +.Nm SSL_SESSION_free +.Nd SSL_SESSION reference counting +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft int +.Fn SSL_SESSION_up_ref "SSL_SESSION *session" +.Ft void +.Fn SSL_SESSION_free "SSL_SESSION *session" +.Sh DESCRIPTION +.Fn SSL_SESSION_up_ref +increments the reference count of the given +.Fa session +by 1. +.Pp +.Fn SSL_SESSION_free +decrements the reference count of the given +.Fa session +by 1. +If the reference count reaches 0, it frees the memory used by the +.Fa session . +If +.Fa session +is a +.Dv NULL +pointer, no action occurs. +.Pp +.Vt SSL_SESSION +objects are allocated when a TLS/SSL handshake operation is successfully +completed. +Depending on the settings, see +.Xr SSL_CTX_set_session_cache_mode 3 , +the +.Vt SSL_SESSION +objects are internally referenced by the +.Vt SSL_CTX +and linked into its session cache. +.Vt SSL +objects may be using the +.Vt SSL_SESSION +object; as a session may be reused, several +.Vt SSL +objects may be using one +.Vt SSL_SESSION +object at the same time. +It is therefore crucial to keep the reference count (usage information) correct +and not delete a +.Vt SSL_SESSION +object that is still used, as this may lead to program failures due to dangling +pointers. +These failures may also appear delayed, e.g., when an +.Vt SSL_SESSION +object is completely freed as the reference count incorrectly becomes 0, but it +is still referenced in the internal session cache and the cache list is +processed during a +.Xr SSL_CTX_flush_sessions 3 +operation. +.Pp +.Fn SSL_SESSION_free +must only be called for +.Vt SSL_SESSION +objects, for which the reference count was explicitly incremented (e.g., by +calling +.Xr SSL_get1_session 3 ; +see +.Xr SSL_get_session 3 ) +or when the +.Vt SSL_SESSION +object was generated outside a TLS handshake operation, e.g., by using +.Xr d2i_SSL_SESSION 3 . +It must not be called on other +.Vt SSL_SESSION +objects, as this would cause incorrect reference counts and therefore program +failures. +.Sh RETURN VALUES +.Fn SSL_SESSION_up_ref +returns 1 on success or 0 on error. +.Sh SEE ALSO +.Xr d2i_SSL_SESSION 3 , +.Xr SSL_CTX_flush_sessions 3 , +.Xr SSL_CTX_set_session_cache_mode 3 , +.Xr SSL_get_session 3 , +.Xr SSL_SESSION_new 3 +.Sh HISTORY +.Fn SSL_SESSION_free +first appeared in SSLeay 0.5.2 and has been available since +.Ox 2.4 . +.Pp +.Fn SSL_SESSION_up_ref +first appeared in OpenSSL 1.1.0 and has been available since +.Ox 6.3 . diff --git a/src/lib/libssl/man/SSL_SESSION_get0_peer.3 b/src/lib/libssl/man/SSL_SESSION_get0_peer.3 new file mode 100644 index 00000000000..6b1ef6680ed --- /dev/null +++ b/src/lib/libssl/man/SSL_SESSION_get0_peer.3 @@ -0,0 +1,80 @@ +.\" $OpenBSD: SSL_SESSION_get0_peer.3,v 1.2 2018/03/23 05:50:30 schwarze Exp $ +.\" OpenSSL SSL_SESSION_get0_peer.pod b31db505 Mar 24 16:01:50 2017 +0000 +.\" +.\" This file was written by Matt Caswell +.\" Copyright (c) 2017 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt SSL_SESSION_GET0_PEER 3 +.Os +.Sh NAME +.Nm SSL_SESSION_get0_peer +.Nd get details about peer's certificate for a session +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft X509 * +.Fo SSL_SESSION_get0_peer +.Fa "SSL_SESSION *s" +.Fc +.Sh DESCRIPTION +.Fn SSL_SESSION_get0_peer +returns a pointer to the peer certificate associated with the session +.Fa s +or +.Dv NULL +if no peer certificate is available. +The caller should not free the returned value, unless +.Xr X509_up_ref 3 +has also been called. +.Sh SEE ALSO +.Xr ssl 3 , +.Xr SSL_get_session 3 , +.Xr SSL_SESSION_new 3 +.Sh HISTORY +.Fn SSL_SESSION_get0_peer +first appeared in OpenSSL 1.0.1 and has been available since +.Ox 5.3 . diff --git a/src/lib/libssl/man/SSL_SESSION_get_compress_id.3 b/src/lib/libssl/man/SSL_SESSION_get_compress_id.3 new file mode 100644 index 00000000000..aedc216a15c --- /dev/null +++ b/src/lib/libssl/man/SSL_SESSION_get_compress_id.3 @@ -0,0 +1,78 @@ +.\" $OpenBSD: SSL_SESSION_get_compress_id.3,v 1.3 2018/03/23 05:50:30 schwarze Exp $ +.\" OpenSSL SSL_SESSION_get_compress_id.pod b31db505 Mar 24 16:01:50 2017 +.\" +.\" This file was written by Matt Caswell +.\" Copyright (c) 2017 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt SSL_SESSION_GET_COMPRESS_ID 3 +.Os +.Sh NAME +.Nm SSL_SESSION_get_compress_id +.Nd get details about the compression associated with a session +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft unsigned int +.Fo SSL_SESSION_get_compress_id +.Fa "const SSL_SESSION *s" +.Fc +.Sh DESCRIPTION +If compression has been negotiated for an ssl session, +.Fn SSL_SESSION_get_compress_id +returns the id for the compression method, or 0 otherwise. +The only built-in supported compression method is zlib, +which has an id of 1. +.Sh SEE ALSO +.Xr ssl 3 , +.Xr SSL_get_session 3 , +.Xr SSL_SESSION_get_id 3 , +.Xr SSL_SESSION_get_protocol_version 3 , +.Xr SSL_SESSION_new 3 +.Sh HISTORY +.Fn SSL_SESSION_get_compress_id +first appeared in OpenSSL 1.0.1 and has been available since +.Ox 5.3 . diff --git a/src/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 b/src/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 new file mode 100644 index 00000000000..9fd6949b6a1 --- /dev/null +++ b/src/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 @@ -0,0 +1,134 @@ +.\" $OpenBSD: SSL_SESSION_get_ex_new_index.3,v 1.3 2018/03/21 08:06:34 schwarze Exp $ +.\" OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2001, 2005 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 21 2018 $ +.Dt SSL_SESSION_GET_EX_NEW_INDEX 3 +.Os +.Sh NAME +.Nm SSL_SESSION_get_ex_new_index , +.Nm SSL_SESSION_set_ex_data , +.Nm SSL_SESSION_get_ex_data +.Nd internal application specific data functions +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft int +.Fo SSL_SESSION_get_ex_new_index +.Fa "long argl" +.Fa "void *argp" +.Fa "CRYPTO_EX_new *new_func" +.Fa "CRYPTO_EX_dup *dup_func" +.Fa "CRYPTO_EX_free *free_func" +.Fc +.Ft int +.Fn SSL_SESSION_set_ex_data "SSL_SESSION *session" "int idx" "void *arg" +.Ft void * +.Fn SSL_SESSION_get_ex_data "const SSL_SESSION *session" "int idx" +.Bd -literal + typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp); + typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp); + typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, + int idx, long argl, void *argp); +.Ed +.Sh DESCRIPTION +Several OpenSSL structures can have application specific data attached to them. +These functions are used internally by OpenSSL to manipulate +application-specific data attached to a specific structure. +.Pp +.Fn SSL_SESSION_get_ex_new_index +is used to register a new index for application-specific data. +.Pp +.Fn SSL_SESSION_set_ex_data +is used to store application data at +.Fa arg +for +.Fa idx +into the +.Fa session +object. +.Pp +.Fn SSL_SESSION_get_ex_data +is used to retrieve the information for +.Fa idx +from +.Fa session . +.Pp +A detailed description for the +.Fn *_get_ex_new_index +functionality +can be found in +.Xr RSA_get_ex_new_index 3 . +The +.Fn *_get_ex_data +and +.Fn *_set_ex_data +functionality is described in +.Xr CRYPTO_set_ex_data 3 . +.Sh WARNINGS +The application data is only maintained for sessions held in memory. +The application data is not included when dumping the session with +.Xr i2d_SSL_SESSION 3 +(and all functions indirectly calling the dump functions like +.Xr PEM_write_SSL_SESSION 3 +and +.Xr PEM_write_bio_SSL_SESSION 3 ) +and can therefore not be restored. +.Sh SEE ALSO +.Xr CRYPTO_set_ex_data 3 , +.Xr RSA_get_ex_new_index 3 , +.Xr ssl 3 +.Sh HISTORY +.Fn SSL_SESSION_get_ex_new_index , +.Fn SSL_SESSION_set_ex_data , +and +.Fn SSL_SESSION_get_ex_data +first appeared in SSLeay 0.9.0 and have been available since +.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_SESSION_get_id.3 b/src/lib/libssl/man/SSL_SESSION_get_id.3 new file mode 100644 index 00000000000..6d0de1e52e0 --- /dev/null +++ b/src/lib/libssl/man/SSL_SESSION_get_id.3 @@ -0,0 +1,112 @@ +.\" $OpenBSD: SSL_SESSION_get_id.3,v 1.6 2018/03/24 00:55:37 schwarze Exp $ +.\" full merge up to: +.\" OpenSSL SSL_SESSION_set1_id 17b60280 Dec 21 09:08:25 2017 +0100 +.\" +.\" This file was written by Remi Gacogne +.\" and Matt Caswell . +.\" Copyright (c) 2016, 2017 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 24 2018 $ +.Dt SSL_SESSION_GET_ID 3 +.Os +.Sh NAME +.Nm SSL_SESSION_get_id , +.Nm SSL_SESSION_set1_id +.Nd get and set the SSL session ID +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft const unsigned char * +.Fo SSL_SESSION_get_id +.Fa "const SSL_SESSION *s" +.Fa "unsigned int *len" +.Fc +.Ft int +.Fo SSL_SESSION_set1_id +.Fa "SSL_SESSION *s" +.Fa "const unsigned char *sid" +.Fa "unsigned int sid_len" +.Fc +.Sh DESCRIPTION +.Fn SSL_SESSION_get_id +returns a pointer to the internal session ID value for the session +.Fa s . +The length of the ID in bytes is stored in +.Pf * Fa len . +The length may be 0. +The caller should not free the returned pointer directly. +.Pp +.Fn SSL_SESSION_set1_id +sets the session ID for +.Fa s +to a copy of the +.Fa sid +of length +.Fa sid_len . +.Sh RETURN VALUES +.Fn SSL_SESSION_get_id +returns a pointer to the session ID value. +.Pp +.Fn SSL_SESSION_set1_id +returns 1 for success and 0 for failure, +for example if the supplied session ID length exceeds +.Dv SSL_MAX_SSL_SESSION_ID_LENGTH . +.Sh SEE ALSO +.Xr ssl 3 , +.Xr SSL_copy_session_id 3 , +.Xr SSL_get_session 3 , +.Xr SSL_SESSION_get_compress_id 3 , +.Xr SSL_SESSION_get_protocol_version 3 , +.Xr SSL_SESSION_has_ticket 3 , +.Xr SSL_SESSION_new 3 +.Sh HISTORY +.Fn SSL_SESSION_get_id +first appeared in OpenSSL 0.9.8 and has been available since +.Ox 4.5 . +.Pp +.Fn SSL_SESSION_set1_id +first appeared in OpenSSL 1.1.0 and has been available since +.Ox 6.3 . diff --git a/src/lib/libssl/man/SSL_SESSION_get_protocol_version.3 b/src/lib/libssl/man/SSL_SESSION_get_protocol_version.3 new file mode 100644 index 00000000000..f14c0490e91 --- /dev/null +++ b/src/lib/libssl/man/SSL_SESSION_get_protocol_version.3 @@ -0,0 +1,84 @@ +.\" $OpenBSD: SSL_SESSION_get_protocol_version.3,v 1.2 2018/03/24 00:55:37 schwarze Exp $ +.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by TJ Saunders +.\" Copyright (c) 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 24 2018 $ +.Dt SSL_SESSION_GET_PROTOCOL_VERSION 3 +.Os +.Sh NAME +.Nm SSL_SESSION_get_protocol_version +.Nd get the session protocol version +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft int +.Fo SSL_SESSION_get_protocol_version +.Fa "const SSL_SESSION *s" +.Fc +.Sh DESCRIPTION +.Fn SSL_SESSION_get_protocol_version +returns the protocol version number used by the session +.Fa s . +.Sh RETURN VALUES +.Fn SSL_SESSION_get_protocol_version +returns a constant like +.Dv TLS1_VERSION +or +.Dv TLS1_2_VERSION . +.Sh SEE ALSO +.Xr ssl 3 , +.Xr SSL_get_session 3 , +.Xr SSL_SESSION_get0_peer 3 , +.Xr SSL_SESSION_get_compress_id 3 , +.Xr SSL_SESSION_get_id 3 , +.Xr SSL_SESSION_get_time 3 , +.Xr SSL_SESSION_new 3 +.Sh HISTORY +.Fn SSL_SESSION_get_protocol_version +first appeared in OpenSSL 1.1.0 and has been available since +.Ox 6.3 . diff --git a/src/lib/libssl/man/SSL_SESSION_get_time.3 b/src/lib/libssl/man/SSL_SESSION_get_time.3 new file mode 100644 index 00000000000..fe6f0858ba1 --- /dev/null +++ b/src/lib/libssl/man/SSL_SESSION_get_time.3 @@ -0,0 +1,165 @@ +.\" $OpenBSD: SSL_SESSION_get_time.3,v 1.7 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2001, 2005, 2006, 2016 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_SESSION_GET_TIME 3 +.Os +.Sh NAME +.Nm SSL_SESSION_get_time , +.Nm SSL_SESSION_set_time , +.Nm SSL_SESSION_get_timeout , +.Nm SSL_SESSION_set_timeout , +.Nm SSL_get_time , +.Nm SSL_set_time , +.Nm SSL_get_timeout , +.Nm SSL_set_timeout +.Nd retrieve and manipulate session time and timeout settings +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft long +.Fn SSL_SESSION_get_time "const SSL_SESSION *s" +.Ft long +.Fn SSL_SESSION_set_time "SSL_SESSION *s" "long tm" +.Ft long +.Fn SSL_SESSION_get_timeout "const SSL_SESSION *s" +.Ft long +.Fn SSL_SESSION_set_timeout "SSL_SESSION *s" "long tm" +.Ft long +.Fn SSL_get_time "const SSL_SESSION *s" +.Ft long +.Fn SSL_set_time "SSL_SESSION *s" "long tm" +.Ft long +.Fn SSL_get_timeout "const SSL_SESSION *s" +.Ft long +.Fn SSL_set_timeout "SSL_SESSION *s" "long tm" +.Sh DESCRIPTION +.Fn SSL_SESSION_get_time +returns the time at which the session +.Fa s +was established. +The time is given in seconds since the Epoch and therefore compatible to the +time delivered by the +.Xr time 3 +call. +.Pp +.Fn SSL_SESSION_set_time +replaces the creation time of the session +.Fa s +with +the chosen value +.Fa tm . +.Pp +.Fn SSL_SESSION_get_timeout +returns the timeout value set for session +.Fa s +in seconds. +.Pp +.Fn SSL_SESSION_set_timeout +sets the timeout value for session +.Fa s +in seconds to +.Fa tm . +.Pp +The +.Fn SSL_get_time , +.Fn SSL_set_time , +.Fn SSL_get_timeout , +and +.Fn SSL_set_timeout +functions are synonyms for the +.Fn SSL_SESSION_* +counterparts. +.Sh NOTES +Sessions are expired by examining the creation time and the timeout value. +Both are set at creation time of the session to the actual time and the default +timeout value at creation, respectively, as set by +.Xr SSL_CTX_set_timeout 3 . +Using these functions it is possible to extend or shorten the lifetime of the +session. +.Sh RETURN VALUES +.Fn SSL_SESSION_get_time +and +.Fn SSL_SESSION_get_timeout +return the currently valid values. +.Pp +.Fn SSL_SESSION_set_time +and +.Fn SSL_SESSION_set_timeout +return 1 on success. +.Pp +If any of the function is passed the +.Dv NULL +pointer for the session +.Fa s , +0 is returned. +.Sh SEE ALSO +.Xr ssl 3 , +.Xr SSL_CTX_set_timeout 3 , +.Xr SSL_get_default_timeout 3 , +.Xr SSL_get_session 3 , +.Xr SSL_SESSION_has_ticket 3 , +.Xr SSL_SESSION_new 3 +.Sh HISTORY +.Fn SSL_get_time , +.Fn SSL_get_timeout , +and +.Fn SSL_set_timeout +appeared in SSLeay 0.4 or earlier. +.Fn SSL_set_time +first appeared in SSLeay 0.5.2. +.Fn SSL_SESSION_get_time , +.Fn SSL_SESSION_set_time , +.Fn SSL_SESSION_get_timeout , +and +.Fn SSL_SESSION_set_timeout +first appeared in SSLeay 0.9.0. +All these functions have been available since +.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_SESSION_has_ticket.3 b/src/lib/libssl/man/SSL_SESSION_has_ticket.3 new file mode 100644 index 00000000000..322b49feef6 --- /dev/null +++ b/src/lib/libssl/man/SSL_SESSION_has_ticket.3 @@ -0,0 +1,85 @@ +.\" $OpenBSD: SSL_SESSION_has_ticket.3,v 1.2 2018/03/24 00:55:37 schwarze Exp $ +.\" full merge up to: OpenSSL f2baac27 Feb 8 15:43:16 2015 +0000 +.\" selective merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800 +.\" +.\" This file was written by Matt Caswell . +.\" Copyright (c) 2015 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 24 2018 $ +.Dt SSL_SESSION_HAS_TICKET 3 +.Os +.Sh NAME +.Nm SSL_SESSION_has_ticket , +.Nm SSL_SESSION_get_ticket_lifetime_hint +.Nd get details about the ticket associated with a session +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft int +.Fo SSL_SESSION_has_ticket +.Fa "const SSL_SESSION *s" +.Fc +.Ft unsigned long +.Fo SSL_SESSION_get_ticket_lifetime_hint +.Fa "const SSL_SESSION *s" +.Fc +.Sh DESCRIPTION +.Fn SSL_SESSION_has_ticket +returns 1 if there is a Session Ticket associated with +.Fa s +or 0 otherwise. +.Pp +.Fn SSL_SESSION_get_ticket_lifetime_hint +returns the lifetime hint in seconds associated with the session ticket. +.Sh SEE ALSO +.Xr ssl 3 , +.Xr SSL_SESSION_get_id 3 , +.Xr SSL_SESSION_get_time 3 , +.Xr SSL_SESSION_new 3 +.Sh HISTORY +These functions first appeared in OpenSSL 1.1.0 +and have been available since +.Ox 6.3 . diff --git a/src/lib/libssl/man/SSL_SESSION_new.3 b/src/lib/libssl/man/SSL_SESSION_new.3 new file mode 100644 index 00000000000..ca269214292 --- /dev/null +++ b/src/lib/libssl/man/SSL_SESSION_new.3 @@ -0,0 +1,76 @@ +.\" $OpenBSD: SSL_SESSION_new.3,v 1.6 2018/03/27 17:35:50 schwarze Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_SESSION_NEW 3 +.Os +.Sh NAME +.Nm SSL_SESSION_new +.Nd construct a new SSL_SESSION object +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft SSL_SESSION * +.Fn SSL_SESSION_new void +.Sh DESCRIPTION +.Fn SSL_SESSION_new +allocates and initializes an new +.Vt SSL_SESSION +object. +The reference count is set to 1, the time to the current time, and +the timeout to five minutes. +.Pp +When the object is no longer needed, it can be destructed with +.Xr SSL_SESSION_free 3 . +.Pp +.Fn SSL_SESSION_new +is used internally, for example by +.Xr SSL_connect 3 . +.Sh RETURN VALUES +.Fn SSL_SESSION_new +returns the new +.Vt SSL_SESSION +object or +.Dv NULL +if insufficient memory is available. +.Pp +After failure, +.Xr ERR_get_error 3 +returns +.Dv ERR_R_MALLOC_FAILURE . +.Sh SEE ALSO +.Xr d2i_SSL_SESSION 3 , +.Xr PEM_read_SSL_SESSION 3 , +.Xr SSL_connect 3 , +.Xr SSL_copy_session_id 3 , +.Xr SSL_CTX_add_session 3 , +.Xr SSL_CTX_sess_set_get_cb 3 , +.Xr SSL_get_session 3 , +.Xr SSL_SESSION_free 3 , +.Xr SSL_SESSION_get0_peer 3 , +.Xr SSL_SESSION_get_compress_id 3 , +.Xr SSL_SESSION_get_ex_new_index 3 , +.Xr SSL_SESSION_get_id 3 , +.Xr SSL_SESSION_get_master_key 3 , +.Xr SSL_SESSION_get_protocol_version 3 , +.Xr SSL_SESSION_get_time 3 , +.Xr SSL_SESSION_has_ticket 3 , +.Xr SSL_SESSION_print 3 , +.Xr SSL_SESSION_set1_id_context 3 , +.Xr SSL_set_session 3 +.Sh HISTORY +.Fn SSL_SESSION_new +first appeared in SSLeay 0.5.2 and has been available since +.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_SESSION_print.3 b/src/lib/libssl/man/SSL_SESSION_print.3 new file mode 100644 index 00000000000..f9f22814695 --- /dev/null +++ b/src/lib/libssl/man/SSL_SESSION_print.3 @@ -0,0 +1,73 @@ +.\" $OpenBSD: SSL_SESSION_print.3,v 1.3 2018/03/27 17:35:50 schwarze Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_SESSION_PRINT 3 +.Os +.Sh NAME +.Nm SSL_SESSION_print , +.Nm SSL_SESSION_print_fp +.Nd print some properties of an SSL_SESSION object +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft int +.Fo SSL_SESSION_print +.Fa "BIO *bp" +.Fa "const SSL_SESSION *session" +.Fc +.Ft int +.Fo SSL_SESSION_print_fp +.Fa "FILE *fp" +.Fa "const SSL_SESSION *session" +.Fc +.Sh DESCRIPTION +.Fn SSL_SESSION_print +prints some properties of +.Fa session +in a human-readable format to the +.Fa "BIO *bp" , +including protocol version, cipher name, session ID, +session ID context, master key, session ticket lifetime hint, +session ticket, start time, timeout, and verify return code. +.Pp +.Fn SSL_SESSION_print_fp +does the same as +.Fn SSL_SESSION_print +except that it prints to the +.Fa "FILE *fp" . +.Sh RETURN VALUES +.Fn SSL_SESSION_print +and +.Fn SSL_SESSION_print_fp +return 1 for success or 0 for failure. +.Pp +In some cases, the reason for failure can be determined with +.Xr ERR_get_error 3 . +.Sh SEE ALSO +.Xr d2i_SSL_SESSION 3 , +.Xr PEM_read_SSL_SESSION 3 , +.Xr SSL_get_session 3 , +.Xr SSL_SESSION_free 3 , +.Xr SSL_SESSION_get_ex_new_index 3 , +.Xr SSL_SESSION_get_time 3 , +.Xr SSL_SESSION_new 3 +.Sh HISTORY +.Fn SSL_SESSION_print +first appeared in SSLeay 0.5.2. +.Fn SSL_SESSION_print_fp +first appeared in SSLeay 0.6.0. +Both functions have been available since +.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_SESSION_set1_id_context.3 b/src/lib/libssl/man/SSL_SESSION_set1_id_context.3 new file mode 100644 index 00000000000..dd7595bacab --- /dev/null +++ b/src/lib/libssl/man/SSL_SESSION_set1_id_context.3 @@ -0,0 +1,113 @@ +.\" $OpenBSD: SSL_SESSION_set1_id_context.3,v 1.4 2018/03/24 00:55:37 schwarze Exp $ +.\" full merge up to: +.\" OpenSSL SSL_SESSION_get0_id_context b31db505 Mar 24 16:01:50 2017 +.\" +.\" This file was written by Matt Caswell +.\" Copyright (c) 2017 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 24 2018 $ +.Dt SSL_SESSION_SET1_ID_CONTEXT 3 +.Os +.Sh NAME +.Nm SSL_SESSION_get0_id_context , +.Nm SSL_SESSION_set1_id_context +.Nd get and set the SSL ID context associated with a session +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft const unsigned char * +.Fo SSL_SESSION_get0_id_context +.Fa "const SSL_SESSION *s" +.Fa "unsigned int *len" +.Fc +.Ft int +.Fo SSL_SESSION_set1_id_context +.Fa "SSL_SESSION *s" +.Fa "const unsigned char *sid_ctx" +.Fa "unsigned int sid_ctx_len" +.Fc +.Sh DESCRIPTION +.Fn SSL_SESSION_get0_id_context +returns the ID context associated with +.Fa s . +The length of the ID context in bytes is written to +.Pf * Fa len +if +.Fa len +is not +.Dv NULL . +.Pp +.Fn SSL_SESSION_set1_id_context +takes a copy of the provided ID context given in +.Fa sid_ctx +and associates it with the session +.Fa s . +The length of the ID context is given by +.Fa sid_ctx_len +which must not exceed +.Dv SSL_MAX_SID_CTX_LENGTH +bytes. +.Sh RETURN VALUES +.Fn SSL_SESSION_get0_id_context +returns an internal pointer to an object maintained within +.Fa s +that should not be freed by the caller. +.Pp +.Fn SSL_SESSION_set1_id_context +returns 1 on success or 0 on error. +.Sh SEE ALSO +.Xr ssl 3 , +.Xr SSL_CTX_set_session_id_context 3 , +.Xr SSL_get_session 3 , +.Xr SSL_SESSION_new 3 +.Sh HISTORY +.Fn SSL_SESSION_set1_id_context +first appeared in OpenSSL 1.0.1 and has been available since +.Ox 5.3 . +.Pp +.Fn SSL_SESSION_get0_id_context +first appeared in OpenSSL 1.1.0 and has been available since +.Ox 6.3 . diff --git a/src/lib/libssl/man/SSL_accept.3 b/src/lib/libssl/man/SSL_accept.3 new file mode 100644 index 00000000000..4d36e536bc3 --- /dev/null +++ b/src/lib/libssl/man/SSL_accept.3 @@ -0,0 +1,155 @@ +.\" $OpenBSD: SSL_accept.3,v 1.5 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2000, 2001, 2002, 2003 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_ACCEPT 3 +.Os +.Sh NAME +.Nm SSL_accept +.Nd wait for a TLS/SSL client to initiate a TLS/SSL handshake +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft int +.Fn SSL_accept "SSL *ssl" +.Sh DESCRIPTION +.Fn SSL_accept +waits for a TLS/SSL client to initiate the TLS/SSL handshake. +The communication channel must already have been set and assigned to the +.Fa ssl +object by setting an underlying +.Vt BIO . +.Sh NOTES +The behaviour of +.Fn SSL_accept +depends on the underlying +.Vt BIO . +.Pp +If the underlying +.Vt BIO +is +.Em blocking , +.Fn SSL_accept +will only return once the handshake has been finished or an error occurred. +.Pp +If the underlying +.Vt BIO +is +.Em non-blocking , +.Fn SSL_accept +will also return when the underlying +.Vt BIO +could not satisfy the needs of +.Fn SSL_accept +to continue the handshake, indicating the problem by the return value \(mi1. +In this case a call to +.Xr SSL_get_error 3 +with the +return value of +.Fn SSL_accept +will yield +.Dv SSL_ERROR_WANT_READ +or +.Dv SSL_ERROR_WANT_WRITE . +The calling process then must repeat the call after taking appropriate action +to satisfy the needs of +.Fn SSL_accept . +The action depends on the underlying +.Dv BIO . +When using a non-blocking socket, nothing is to be done, but +.Xr select 2 +can be used to check for the required condition. +When using a buffering +.Vt BIO , +like a +.Vt BIO +pair, data must be written into or retrieved out of the +.Vt BIO +before being able to continue. +.Sh RETURN VALUES +The following return values can occur: +.Bl -tag -width Ds +.It 0 +The TLS/SSL handshake was not successful but was shut down controlled and by +the specifications of the TLS/SSL protocol. +Call +.Xr SSL_get_error 3 +with the return value +.Fa ret +to find out the reason. +.It 1 +The TLS/SSL handshake was successfully completed, +and a TLS/SSL connection has been established. +.It <0 +The TLS/SSL handshake was not successful because a fatal error occurred either +at the protocol level or a connection failure occurred. +The shutdown was not clean. +It can also occur of action is need to continue the operation for non-blocking +.Vt BIO Ns +s. +Call +.Xr SSL_get_error 3 +with the return value +.Fa ret +to find out the reason. +.El +.Sh SEE ALSO +.Xr BIO_new 3 , +.Xr ssl 3 , +.Xr SSL_connect 3 , +.Xr SSL_CTX_new 3 , +.Xr SSL_do_handshake 3 , +.Xr SSL_get_error 3 , +.Xr SSL_set_connect_state 3 , +.Xr SSL_shutdown 3 +.Sh HISTORY +.Fn SSL_accept +appeared in SSLeay 0.4 or earlier and has been available since +.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_alert_type_string.3 b/src/lib/libssl/man/SSL_alert_type_string.3 new file mode 100644 index 00000000000..79cbdaa9885 --- /dev/null +++ b/src/lib/libssl/man/SSL_alert_type_string.3 @@ -0,0 +1,244 @@ +.\" $OpenBSD: SSL_alert_type_string.3,v 1.5 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2001, 2011 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_ALERT_TYPE_STRING 3 +.Os +.Sh NAME +.Nm SSL_alert_type_string , +.Nm SSL_alert_type_string_long , +.Nm SSL_alert_desc_string , +.Nm SSL_alert_desc_string_long +.Nd get textual description of alert information +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft const char * +.Fn SSL_alert_type_string "int value" +.Ft const char * +.Fn SSL_alert_type_string_long "int value" +.Ft const char * +.Fn SSL_alert_desc_string "int value" +.Ft const char * +.Fn SSL_alert_desc_string_long "int value" +.Sh DESCRIPTION +.Fn SSL_alert_type_string +returns a one letter string indicating the type of the alert specified by +.Fa value . +.Pp +.Fn SSL_alert_type_string_long +returns a string indicating the type of the alert specified by +.Fa value . +.Pp +.Fn SSL_alert_desc_string +returns a two letter string as a short form describing the reason of the alert +specified by +.Fa value . +.Pp +.Fn SSL_alert_desc_string_long +returns a string describing the reason of the alert specified by +.Fa value . +.Pp +When one side of an SSL/TLS communication wants to inform the peer about +a special situation, it sends an alert. +The alert is sent as a special message and does not influence the normal data +stream (unless its contents results in the communication being canceled). +.Pp +A warning alert is sent, when a non-fatal error condition occurs. +The +.Dq close notify +alert is sent as a warning alert. +Other examples for non-fatal errors are certificate errors +.Po +.Dq certificate expired , +.Dq unsupported certificate +.Pc , +for which a warning alert may be sent. +(The sending party may, however, decide to send a fatal error.) +The receiving side may cancel the connection on reception of a warning alert at +its discretion. +.Pp +Several alert messages must be sent as fatal alert messages as specified +by the TLS RFC. +A fatal alert always leads to a connection abort. +.Sh RETURN VALUES +The following strings can occur for +.Fn SSL_alert_type_string +or +.Fn SSL_alert_type_string_long : +.Bl -tag -width Ds +.It \(dqW\(dq/\(dqwarning\(dq +.It \(dqF\(dq/\(dqfatal\(dq +.It \(dqU\(dq/\(dqunknown\(dq +This indicates that no support is available for this alert type. +Probably +.Fa value +does not contain a correct alert message. +.El +.Pp +The following strings can occur for +.Fn SSL_alert_desc_string +or +.Fn SSL_alert_desc_string_long : +.Bl -tag -width Ds +.It \(dqCN\(dq/\(dqclose notify\(dq +The connection shall be closed. +This is a warning alert. +.It \(dqUM\(dq/\(dqunexpected message\(dq +An inappropriate message was received. +This alert is always fatal and should never be observed in communication +between proper implementations. +.It \(dqBM\(dq/\(dqbad record mac\(dq +This alert is returned if a record is received with an incorrect MAC. +This message is always fatal. +.It \(dqDF\(dq/\(dqdecompression failure\(dq +The decompression function received improper input +(e.g., data that would expand to excessive length). +This message is always fatal. +.It \(dqHF\(dq/\(dqhandshake failure\(dq +Reception of a handshake_failure alert message indicates that the sender was +unable to negotiate an acceptable set of security parameters given the options +available. +This is a fatal error. +.It \(dqNC\(dq/\(dqno certificate\(dq +A client, that was asked to send a certificate, does not send a certificate +(SSLv3 only). +.It \(dqBC\(dq/\(dqbad certificate\(dq +A certificate was corrupt, contained signatures that did not verify correctly, +etc. +.It \(dqUC\(dq/\(dqunsupported certificate\(dq +A certificate was of an unsupported type. +.It \(dqCR\(dq/\(dqcertificate revoked\(dq +A certificate was revoked by its signer. +.It \(dqCE\(dq/\(dqcertificate expired\(dq +A certificate has expired or is not currently valid. +.It \(dqCU\(dq/\(dqcertificate unknown\(dq +Some other (unspecified) issue arose in processing the certificate, +rendering it unacceptable. +.It \(dqIP\(dq/\(dqillegal parameter\(dq +A field in the handshake was out of range or inconsistent with other fields. +This is always fatal. +.It \(dqDC\(dq/\(dqdecryption failed\(dq +A TLSCiphertext decrypted in an invalid way: either it wasn't an even multiple +of the block length or its padding values, when checked, weren't correct. +This message is always fatal. +.It \(dqRO\(dq/\(dqrecord overflow\(dq +A TLSCiphertext record was received which had a length more than +2^14+2048 bytes, or a record decrypted to a TLSCompressed record with more than +2^14+1024 bytes. +This message is always fatal. +.It \(dqCA\(dq/\(dqunknown CA\(dq +A valid certificate chain or partial chain was received, +but the certificate was not accepted because the CA certificate could not be +located or couldn't be matched with a known, trusted CA. +This message is always fatal. +.It \(dqAD\(dq/\(dqaccess denied\(dq +A valid certificate was received, but when access control was applied, +the sender decided not to proceed with negotiation. +This message is always fatal. +.It \(dqDE\(dq/\(dqdecode error\(dq +A message could not be decoded because some field was out of the specified +range or the length of the message was incorrect. +This message is always fatal. +.It \(dqCY\(dq/\(dqdecrypt error\(dq +A handshake cryptographic operation failed, including being unable to correctly +verify a signature, decrypt a key exchange, or validate a finished message. +.It \(dqER\(dq/\(dqexport restriction\(dq +A negotiation not in compliance with export restrictions was detected; +for example, attempting to transfer a 1024 bit ephemeral RSA key for the +RSA_EXPORT handshake method. +This message is always fatal. +.It \(dqPV\(dq/\(dqprotocol version\(dq +The protocol version the client has attempted to negotiate is recognized, +but not supported. +(For example, old protocol versions might be avoided for security reasons.) +This message is always fatal. +.It \(dqIS\(dq/\(dqinsufficient security\(dq +Returned instead of handshake_failure when a negotiation has failed +specifically because the server requires ciphers more secure than those +supported by the client. +This message is always fatal. +.It \(dqIE\(dq/\(dqinternal error\(dq +An internal error unrelated to the peer or the correctness of the protocol +makes it impossible to continue (such as a memory allocation failure). +This message is always fatal. +.It \(dqUS\(dq/\(dquser canceled\(dq +This handshake is being canceled for some reason unrelated to a protocol +failure. +If the user cancels an operation after the handshake is complete, +just closing the connection by sending a close_notify is more appropriate. +This alert should be followed by a close_notify. +This message is generally a warning. +.It \(dqNR\(dq/\(dqno renegotiation\(dq +Sent by the client in response to a hello request or by the server in response +to a client hello after initial handshaking. +Either of these would normally lead to renegotiation; when that is not +appropriate, the recipient should respond with this alert; at that point, +the original requester can decide whether to proceed with the connection. +One case where this would be appropriate would be where a server has spawned a +process to satisfy a request; the process might receive security parameters +(key length, authentication, etc.) at startup and it might be difficult to +communicate changes to these parameters after that point. +This message is always a warning. +.It \(dqUP\(dq/\(dqunknown PSK identity\(dq +Sent by the server to indicate that it does not recognize a PSK identity or an +SRP identity. +.It \(dqUK\(dq/\(dqunknown\(dq +This indicates that no description is available for this alert type. +Probably +.Fa value +does not contain a correct alert message. +.El +.Sh SEE ALSO +.Xr ssl 3 , +.Xr SSL_CTX_set_info_callback 3 +.Sh HISTORY +These functions first appeared in SSLeay 0.8.0 +and have been available since +.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_clear.3 b/src/lib/libssl/man/SSL_clear.3 new file mode 100644 index 00000000000..1f2f0a5e528 --- /dev/null +++ b/src/lib/libssl/man/SSL_clear.3 @@ -0,0 +1,144 @@ +.\" $OpenBSD: SSL_clear.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2000, 2001, 2002, 2011, 2015 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_CLEAR 3 +.Os +.Sh NAME +.Nm SSL_clear +.Nd reset SSL object to allow another connection +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft int +.Fn SSL_clear "SSL *ssl" +.Sh DESCRIPTION +Reset +.Fa ssl +to allow another connection. +All settings (method, ciphers, BIOs) are kept. +.Pp +.Fn SSL_clear +is used to prepare an +.Vt SSL +object for a new connection. +While all settings are kept, +a side effect is the handling of the current SSL session. +If a session is still +.Em open , +it is considered bad and will be removed from the session cache, +as required by RFC2246. +A session is considered open if +.Xr SSL_shutdown 3 +was not called for the connection or at least +.Xr SSL_set_shutdown 3 +was used to +set the +.Dv SSL_SENT_SHUTDOWN +state. +.Pp +If a session was closed cleanly, +the session object will be kept and all settings corresponding. +This explicitly means that for example the special method used during the +session will be kept for the next handshake. +So if the session was a TLSv1 session, a +.Vt SSL +client object will use a TLSv1 client method for the next handshake and a +.Vt SSL +server object will use a TLSv1 server method, even if +.Fn TLS_*_method Ns s +were chosen on startup. +This might lead to connection failures (see +.Xr SSL_new 3 ) +for a description of the method's properties. +.Sh RETURN VALUES +The following return values can occur: +.Bl -tag -width Ds +.It 0 +The +.Fn SSL_clear +operation could not be performed. +Check the error stack to find out the reason. +.It 1 +The +.Fn SSL_clear +operation was successful. +.El +.Sh SEE ALSO +.Xr ssl 3 , +.Xr SSL_CTX_set_client_cert_cb 3 , +.Xr SSL_CTX_set_options 3 , +.Xr SSL_free 3 , +.Xr SSL_new 3 , +.Xr SSL_set_shutdown 3 , +.Xr SSL_shutdown 3 +.Sh HISTORY +.Fn SSL_clear +first appeared in SSLeay 0.4.5b and has been available since +.Ox 2.4 . +.Sh CAVEATS +.Fn SSL_clear +resets the +.Vt SSL +object to allow for another connection. +The reset operation however keeps several settings of the last sessions +(some of these settings were made automatically during the last handshake). +It only makes sense for a new connection with the exact same peer that shares +these settings, +and may fail if that peer changes its settings between connections. +Use the sequence +.Xr SSL_get_session 3 ; +.Xr SSL_new 3 ; +.Xr SSL_set_session 3 ; +.Xr SSL_free 3 +instead to avoid such failures (or simply +.Xr SSL_free 3 ; +.Xr SSL_new 3 +if session reuse is not desired). diff --git a/src/lib/libssl/man/SSL_connect.3 b/src/lib/libssl/man/SSL_connect.3 new file mode 100644 index 00000000000..d5b962a4804 --- /dev/null +++ b/src/lib/libssl/man/SSL_connect.3 @@ -0,0 +1,154 @@ +.\" $OpenBSD: SSL_connect.3,v 1.6 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2000, 2001, 2002, 2003 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_CONNECT 3 +.Os +.Sh NAME +.Nm SSL_connect +.Nd initiate the TLS/SSL handshake with a TLS/SSL server +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft int +.Fn SSL_connect "SSL *ssl" +.Sh DESCRIPTION +.Fn SSL_connect +initiates the TLS/SSL handshake with a server. +The communication channel must already have been set and assigned to the +.Fa ssl +by setting an underlying +.Vt BIO . +.Pp +The behaviour of +.Fn SSL_connect +depends on the underlying +.Vt BIO . +.Pp +If the underlying +.Vt BIO +is +.Em blocking , +.Fn SSL_connect +will only return once the handshake has been finished or an error occurred. +.Pp +If the underlying +.Vt BIO +is +.Em non-blocking , +.Fn SSL_connect +will also return when the underlying +.Vt BIO +could not satisfy the needs of +.Fn SSL_connect +to continue the handshake, indicating the problem with the return value \(mi1. +In this case a call to +.Xr SSL_get_error 3 +with the return value of +.Fn SSL_connect +will yield +.Dv SSL_ERROR_WANT_READ +or +.Dv SSL_ERROR_WANT_WRITE . +The calling process then must repeat the call after taking appropriate action +to satisfy the needs of +.Fn SSL_connect . +The action depends on the underlying +.Vt BIO . +When using a non-blocking socket, nothing is to be done, but +.Xr select 2 +can be used to check for the required condition. +When using a buffering +.Vt BIO , +like a +.Vt BIO +pair, data must be written into or retrieved out of the +.Vt BIO +before being able to continue. +.Sh RETURN VALUES +The following return values can occur: +.Bl -tag -width Ds +.It 0 +The TLS/SSL handshake was not successful but was shut down controlled and +by the specifications of the TLS/SSL protocol. +Call +.Xr SSL_get_error 3 +with the return value +.Fa ret +to find out the reason. +.It 1 +The TLS/SSL handshake was successfully completed, +and a TLS/SSL connection has been established. +.It <0 +The TLS/SSL handshake was not successful, because either a fatal error occurred +at the protocol level or a connection failure occurred. +The shutdown was not clean. +It can also occur if action is needed to continue the operation for +non-blocking +.Vt BIO Ns s . +Call +.Xr SSL_get_error 3 +with the return value +.Fa ret +to find out the reason. +.El +.Sh SEE ALSO +.Xr BIO_new 3 , +.Xr ssl 3 , +.Xr SSL_accept 3 , +.Xr SSL_CTX_new 3 , +.Xr SSL_do_handshake 3 , +.Xr SSL_get_error 3 , +.Xr SSL_set_connect_state 3 , +.Xr SSL_shutdown 3 +.Sh HISTORY +.Fn SSL_connect +appeared in SSLeay 0.4 or earlier and has been available since +.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_copy_session_id.3 b/src/lib/libssl/man/SSL_copy_session_id.3 new file mode 100644 index 00000000000..65483799d4e --- /dev/null +++ b/src/lib/libssl/man/SSL_copy_session_id.3 @@ -0,0 +1,78 @@ +.\" $OpenBSD: SSL_copy_session_id.3,v 1.6 2018/08/24 21:29:51 jmc Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: August 24 2018 $ +.Dt SSL_COPY_SESSION_ID 3 +.Os +.Sh NAME +.Nm SSL_copy_session_id +.Nd copy session details between SSL objects +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft int +.Fo SSL_copy_session_id +.Fa "SSL *to" +.Fa "const SSL *from" +.Fc +.Sh DESCRIPTION +.Fn SSL_copy_session_id +copies the following data from +.Fa from +to +.Fa to : +.Bl -dash +.It +the pointer to the +.Vt SSL_SESSION +object, incrementing its reference count by 1 +.It +the pointer to the +.Vt SSL_METHOD +object; if that changes the method, protocol-specific data is +reinitialized +.It +the pointer to the +.Vt CERT +object, incrementing its reference count by 1 +.It +the session ID context +.El +.Pp +This function is used internally by +.Xr SSL_dup 3 +and by +.Xr BIO_ssl_copy_session_id 3 . +.Sh RETURN VALUES +.Fn SSL_copy_session_id +returns 1 on success and 0 on error. +.Sh SEE ALSO +.Xr BIO_ssl_copy_session_id 3 , +.Xr SSL_dup 3 , +.Xr SSL_get_session 3 , +.Xr SSL_SESSION_get_id 3 , +.Xr SSL_SESSION_new 3 , +.Xr SSL_set_session 3 , +.Xr SSL_set_session_id_context 3 +.Sh HISTORY +.Fn SSL_copy_session_id +appeared in SSLeay 0.4 or earlier and has been available since +.Ox 2.4 . +.Sh BUGS +Failures of +.Xr CRYPTO_add 3 +are silently ignored and may leave +.Fa to +in an invalid or inconsistent state. diff --git a/src/lib/libssl/man/SSL_do_handshake.3 b/src/lib/libssl/man/SSL_do_handshake.3 new file mode 100644 index 00000000000..e9327b4229f --- /dev/null +++ b/src/lib/libssl/man/SSL_do_handshake.3 @@ -0,0 +1,152 @@ +.\" $OpenBSD: SSL_do_handshake.3,v 1.6 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Martin Sjoegren . +.\" Copyright (c) 2002 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_DO_HANDSHAKE 3 +.Os +.Sh NAME +.Nm SSL_do_handshake +.Nd perform a TLS/SSL handshake +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft int +.Fn SSL_do_handshake "SSL *ssl" +.Sh DESCRIPTION +.Fn SSL_do_handshake +will wait for a SSL/TLS handshake to take place. +If the connection is in client mode, the handshake will be started. +The handshake routines may have to be explicitly set in advance using either +.Xr SSL_set_connect_state 3 +or +.Xr SSL_set_accept_state 3 . +.Pp +The behaviour of +.Fn SSL_do_handshake +depends on the underlying +.Vt BIO . +.Pp +If the underlying +.Vt BIO +is +.Em blocking , +.Fn SSL_do_handshake +will only return once the handshake has been finished or an error occurred. +.Pp +If the underlying +.Vt BIO +is +.Em non-blocking , +.Fn SSL_do_handshake +will also return when the underlying +.Vt BIO +could not satisfy the needs of +.Fn SSL_do_handshake +to continue the handshake. +In this case a call to +.Xr SSL_get_error 3 +with the return value of +.Fn SSL_do_handshake +will yield +.Dv SSL_ERROR_WANT_READ +or +.Dv SSL_ERROR_WANT_WRITE . +The calling process then must repeat the call after taking appropriate action +to satisfy the needs of +.Fn SSL_do_handshake . +The action depends on the underlying +.Vt BIO . +When using a non-blocking socket, nothing is to be done, but +.Xr select 2 +can be used to check for the required condition. +When using a buffering +.Vt BIO , +like a +.Vt BIO +pair, data must be written into or retrieved out of the +.Vt BIO +before being able to continue. +.Sh RETURN VALUES +The following return values can occur: +.Bl -tag -width Ds +.It 0 +The TLS/SSL handshake was not successful but was shut down controlled and +by the specifications of the TLS/SSL protocol. +Call +.Xr SSL_get_error 3 +with the return value +.Fa ret +to find out the reason. +.It 1 +The TLS/SSL handshake was successfully completed, +and a TLS/SSL connection has been established. +.It <0 +The TLS/SSL handshake was not successful because either a fatal error occurred +at the protocol level or a connection failure occurred. +The shutdown was not clean. +It can also occur if action is needed to continue the operation for +non-blocking +.Vt BIO Ns s . +Call +.Xr SSL_get_error 3 +with the return value +.Fa ret +to find out the reason. +.El +.Sh SEE ALSO +.Xr BIO_new 3 , +.Xr ssl 3 , +.Xr SSL_accept 3 , +.Xr SSL_connect 3 , +.Xr SSL_get_error 3 , +.Xr SSL_set_connect_state 3 +.Sh HISTORY +.Fn SSL_do_handshake +first appeared in SSLeay 0.8.0 and has been available since +.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_dup.3 b/src/lib/libssl/man/SSL_dup.3 new file mode 100644 index 00000000000..a752af13e30 --- /dev/null +++ b/src/lib/libssl/man/SSL_dup.3 @@ -0,0 +1,60 @@ +.\" $OpenBSD: SSL_dup.3,v 1.3 2018/03/27 17:35:50 schwarze Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_DUP 3 +.Os +.Sh NAME +.Nm SSL_dup +.Nd deep copy of an SSL object +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft SSL * +.Fo SSL_dup +.Fa "SSL *ssl" +.Fc +.Sh DESCRIPTION +.Fn SSL_dup +constructs a new +.Vt SSL +object in the same context as +.Fa ssl +and copies much of the contained data from +.Fa ssl +to the new +.Vt SSL +object, but many fields, for example tlsext data, are not copied. +.Pp +As an exception from deep copying, if a session is already established, +the new object shares +.Fa ssl->cert +with the original object. +.Sh RETURN VALUES +.Fn SSL_dup +returns the new +.Vt SSL +object or +.Dv NULL +on failure. +.Sh SEE ALSO +.Xr SSL_clear 3 , +.Xr SSL_copy_session_id 3 , +.Xr SSL_free 3 , +.Xr SSL_new 3 +.Sh HISTORY +.Fn SSL_dup +first appeared in SSLeay 0.8.0 and has been available since +.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_dup_CA_list.3 b/src/lib/libssl/man/SSL_dup_CA_list.3 new file mode 100644 index 00000000000..2c3250844fd --- /dev/null +++ b/src/lib/libssl/man/SSL_dup_CA_list.3 @@ -0,0 +1,53 @@ +.\" $OpenBSD: SSL_dup_CA_list.3,v 1.5 2018/04/25 13:51:34 schwarze Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: April 25 2018 $ +.Dt SSL_DUP_CA_LIST 3 +.Os +.Sh NAME +.Nm SSL_dup_CA_list +.Nd deep copy of a stack of X.509 Name objects +.\" The capital "N" in "Name" is intentional (X.509 syntax). +.Sh SYNOPSIS +.Ft STACK_OF(X509_NAME) * +.Fo SSL_dup_CA_list +.Fa "const STACK_OF(X509_NAME) *sk" +.Fc +.Sh DESCRIPTION +.Fn SSL_dup_CA_list +constructs a new +.Vt STACK_OF(X509_NAME) +object and places copies of all the +.Vt X509_NAME +objects found on +.Fa sk +on it. +.Sh RETURN VALUES +.Fn SSL_dup_CA_list +returns the new +.Vt STACK_OF(X509_NAME) +or +.Dv NULL +on failure. +.Sh SEE ALSO +.Xr SSL_CTX_set_client_CA_list 3 , +.Xr SSL_get_client_CA_list 3 , +.Xr SSL_load_client_CA_file 3 , +.Xr X509_NAME_new 3 +.Sh HISTORY +.Fn SSL_dup_CA_list +first appeared in SSLeay 0.8.0 and has been available since +.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_export_keying_material.3 b/src/lib/libssl/man/SSL_export_keying_material.3 new file mode 100644 index 00000000000..fe1ed748d57 --- /dev/null +++ b/src/lib/libssl/man/SSL_export_keying_material.3 @@ -0,0 +1,131 @@ +.\" $OpenBSD: SSL_export_keying_material.3,v 1.2 2018/03/23 05:50:30 schwarze Exp $ +.\" OpenSSL a599574b Jun 28 17:18:27 2017 +0100 +.\" OpenSSL 23cec1f4 Jun 21 13:55:02 2017 +0100 +.\" +.\" This file was written by Matt Caswell . +.\" Copyright (c) 2017 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt SSL_EXPORT_KEYING_MATERIAL 3 +.Os +.Sh NAME +.Nm SSL_export_keying_material +.Nd obtain keying material for application use +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft int +.Fo SSL_export_keying_material +.Fa "SSL *s" +.Fa "unsigned char *out" +.Fa "size_t olen" +.Fa "const char *label" +.Fa "size_t llen" +.Fa "const unsigned char *context" +.Fa "size_t contextlen" +.Fa "int use_context" +.Fc +.Sh DESCRIPTION +During the creation of a TLS or DTLS connection, +shared keying material is established between the two endpoints. +The function +.Fn SSL_export_keying_material +enables an application to use some of this keying material +for its own purposes in accordance with RFC 5705. +.Pp +An application may need to securely establish the context +within which this keying material will be used. +For example, this may include identifiers for the application session, +application algorithms or parameters, or the lifetime of the context. +The context value is left to the application but must be the same on +both sides of the communication. +.Pp +For a given SSL connection +.Fa s , +.Fa olen +bytes of data will be written to +.Fa out . +The application specific context should be supplied +in the location pointed to by +.Fa context +and should be +.Fa contextlen +bytes long. +Provision of a context is optional. +If the context should be omitted entirely, then +.Fa use_context +should be set to 0. +Otherwise it should be any other value. +If +.Fa use_context +is 0, then the values of +.Fa context +and +.Fa contextlen +are ignored. +.Pp +In TLSv1.2 and below, a zero length context is treated differently +from no context at all, and will result in different keying material +being returned. +.Pp +An application specific label should be provided in the location pointed +to by +.Fa label +and should be +.Fa llen +bytes long. +Typically this will be a value from the +.Lk https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#exporter-labels "IANA Exporter Label Registry" . +.Pp +Alternatively, labels beginning with "EXPERIMENTAL" are permitted by the +standard to be used without registration. +.Sh RETURN VALUES +.Fn SSL_export_keying_material +returns 1 on success or 0 or -1 on failure. +.Sh HISTORY +.Fn SSL_export_keying_material +first appeared in OpenSSL 1.0.1 and has been available since +.Ox 5.3 . diff --git a/src/lib/libssl/man/SSL_free.3 b/src/lib/libssl/man/SSL_free.3 new file mode 100644 index 00000000000..38694a06251 --- /dev/null +++ b/src/lib/libssl/man/SSL_free.3 @@ -0,0 +1,118 @@ +.\" $OpenBSD: SSL_free.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2000, 2001 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_FREE 3 +.Os +.Sh NAME +.Nm SSL_free +.Nd free an allocated SSL structure +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft void +.Fn SSL_free "SSL *ssl" +.Sh DESCRIPTION +.Fn SSL_free +decrements the reference count of +.Fa ssl , +and removes the +.Vt SSL +structure pointed to by +.Fa ssl +and frees up the allocated memory if the reference count has reached 0. +If +.Fa ssl +is a +.Dv NULL +pointer, no action occurs. +.Pp +.Fn SSL_free +also calls the +.Xr free 3 Ns +ing procedures for indirectly affected items, if applicable: the buffering +.Vt BIO , +the read and write +.Vt BIOs , +cipher lists specially created for this +.Fa ssl , +the +.Sy SSL_SESSION . +Do not explicitly free these indirectly freed up items before or after calling +.Fn SSL_free , +as trying to free things twice may lead to program failure. +.Pp +The +.Fa ssl +session has reference counts from two users: the +.Vt SSL +object, for which the reference count is removed by +.Fn SSL_free +and the internal session cache. +If the session is considered bad, because +.Xr SSL_shutdown 3 +was not called for the connection and +.Xr SSL_set_shutdown 3 +was not used to set the +.Vt SSL_SENT_SHUTDOWN +state, the session will also be removed from the session cache as required by +RFC2246. +.Sh RETURN VALUES +.Fn SSL_free +does not provide diagnostic information. +.Sh SEE ALSO +.Xr ssl 3 , +.Xr SSL_clear 3 , +.Xr SSL_new 3 , +.Xr SSL_set_shutdown 3 , +.Xr SSL_shutdown 3 +.Sh HISTORY +.Fn SSL_free +appeared in SSLeay 0.4 or earlier and has been available since +.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_get_SSL_CTX.3 b/src/lib/libssl/man/SSL_get_SSL_CTX.3 new file mode 100644 index 00000000000..60fda555bc2 --- /dev/null +++ b/src/lib/libssl/man/SSL_get_SSL_CTX.3 @@ -0,0 +1,79 @@ +.\" $OpenBSD: SSL_get_SSL_CTX.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2001, 2005 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_GET_SSL_CTX 3 +.Os +.Sh NAME +.Nm SSL_get_SSL_CTX +.Nd get the SSL_CTX from which an SSL is created +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft SSL_CTX * +.Fn SSL_get_SSL_CTX "const SSL *ssl" +.Sh DESCRIPTION +.Fn SSL_get_SSL_CTX +returns a pointer to the +.Vt SSL_CTX +object from which +.Fa ssl +was created with +.Xr SSL_new 3 . +.Sh RETURN VALUES +The pointer to the +.Vt SSL_CTX +object is returned. +.Sh SEE ALSO +.Xr ssl 3 , +.Xr SSL_new 3 +.Sh HISTORY +.Fn SSL_get_SSL_CTX +first appeared in SSLeay 0.5.1 and has been available since +.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_get_certificate.3 b/src/lib/libssl/man/SSL_get_certificate.3 new file mode 100644 index 00000000000..e3730c2150f --- /dev/null +++ b/src/lib/libssl/man/SSL_get_certificate.3 @@ -0,0 +1,63 @@ +.\" $OpenBSD: SSL_get_certificate.3,v 1.4 2018/04/25 13:51:34 schwarze Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: April 25 2018 $ +.Dt SSL_GET_CERTIFICATE 3 +.Os +.Sh NAME +.Nm SSL_get_certificate , +.Nm SSL_get_privatekey +.Nd get SSL certificate and private key +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft X509 * +.Fo SSL_get_certificate +.Fa "const SSL *ssl" +.Fc +.Ft EVP_PKEY * +.Fo SSL_get_privatekey +.Fa "const SSL *ssl" +.Fc +.Sh DESCRIPTION +These functions retrieve certificate and key data from an +.Vt SSL +object. +They return internal pointers that must not be freed by the application +program. +.Sh RETURN VALUES +.Fn SSL_get_certificate +returns the active X.509 certificate currently used by +.Fa ssl +or +.Dv NULL +if none is active. +.Pp +.Fn SSL_get_privatekey +returns the active private key currently used by +.Fa ssl +or +.Dv NULL +if none is active. +.Sh SEE ALSO +.Xr SSL_check_private_key 3 , +.Xr SSL_use_certificate 3 +.Sh HISTORY +.Fn SSL_get_certificate +first appeared in SSLeay 0.5.2a. +.Fn SSL_get_privatekey +first appeared in SSLeay 0.8.0. +Both functions have been available since +.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_get_ciphers.3 b/src/lib/libssl/man/SSL_get_ciphers.3 new file mode 100644 index 00000000000..07361da4610 --- /dev/null +++ b/src/lib/libssl/man/SSL_get_ciphers.3 @@ -0,0 +1,202 @@ +.\" $OpenBSD: SSL_get_ciphers.3,v 1.7 2019/01/22 01:18:24 tb Exp $ +.\" full merge up to: OpenSSL c3e64028 Mar 30 11:50:14 2005 +0000 +.\" selective merge up to: OpenSSL 83cf7abf May 29 13:07:08 2018 +0100 +.\" +.\" This file was written by Lutz Jaenicke , +.\" Nick Mathewson , and Kazuki Yamaguchi . +.\" Copyright (c) 2000, 2005, 2015, 2016 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: January 22 2019 $ +.Dt SSL_GET_CIPHERS 3 +.Os +.Sh NAME +.Nm SSL_get_ciphers , +.Nm SSL_CTX_get_ciphers , +.Nm SSL_get1_supported_ciphers , +.Nm SSL_get_client_ciphers , +.Nm SSL_get_cipher_list +.Nd get list of available SSL_CIPHERs +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft STACK_OF(SSL_CIPHER) * +.Fn SSL_get_ciphers "const SSL *ssl" +.Ft STACK_OF(SSL_CIPHER) * +.Fn SSL_CTX_get_ciphers "const SSL_CTX *ctx" +.Ft STACK_OF(SSL_CIPHER) * +.Fn SSL_get1_supported_ciphers "SSL *ssl" +.Ft STACK_OF(SSL_CIPHER) * +.Fn SSL_get_client_ciphers "const SSL *ssl" +.Ft const char * +.Fn SSL_get_cipher_list "const SSL *ssl" "int priority" +.Sh DESCRIPTION +.Fn SSL_get_ciphers +returns the stack of available +.Vt SSL_CIPHER Ns s +for +.Fa ssl , +sorted by preference. +If +.Fa ssl +is +.Dv NULL +or no ciphers are available, +.Dv NULL +is returned. +.Pp +.Fn SSL_CTX_get_ciphers +returns the stack of available +.Vt SSL_CIPHER Ns s +for +.Fa ctx . +.Pp +.Fn SSL_get1_supported_ciphers +returns the stack of enabled +.Vt SSL_CIPHER Ns s +for +.Fa ssl +as it would be sent in a ClientHello, sorted by preference. +The list depends on settings like the cipher list, the supported +protocol versions, the security level, and the enabled signature +algorithms. +The list of ciphers that would be sent in a ClientHello can differ +from the list of ciphers that would be acceptable when acting as a +server. +For example, +additional ciphers may be usable by a server if there is a gap in the +list of supported protocols, and some ciphers may not be usable by a +server if there is not a suitable certificate configured. +If +.Fa ssl +is +.Dv NULL +or no ciphers are available, +.Dv NULL +is returned. +.Pp +.Fn SSL_get_client_ciphers +returns the stack of available +.Vt SSL_CIPHER Ns s +matching the list received from the client on +.Fa ssl . +If +.Fa ssl +is +.Dv NULL , +no ciphers are available, or +.Fa ssl +is not operating in server mode, +.Dv NULL +is returned. +.Pp +.Fn SSL_get_ciphers , +.Fn SSL_CTX_get_ciphers , +and +.Fn SSL_get_client_ciphers +return pointers to internal cipher stacks, which will be freed +later on when the +.Vt SSL +or +.Vt SSL_CTX +object is freed. +Therefore, the calling code must not free the return value itself. +.Pp +The details of the ciphers obtained by +.Fn SSL_get_ciphers , +.Fn SSL_CTX_get_ciphers , +.Fn SSL_get1_supported_ciphers , +and +.Fn SSL_get_client_ciphers +can be obtained using the +.Xr SSL_CIPHER_get_name 3 +family of functions. +.Pp +.Fn SSL_get_cipher_list +returns a pointer to the name of the +.Vt SSL_CIPHER +listed for +.Fa ssl +with +.Fa priority . +If +.Fa ssl +is +.Dv NULL , +no ciphers are available, or there are fewer ciphers than +.Fa priority +available, +.Dv NULL +is returned. +.Pp +Call +.Fn SSL_get_cipher_list +with +.Fa priority +starting from 0 to obtain the sorted list of available ciphers, until +.Dv NULL +is returned. +.Sh SEE ALSO +.Xr ssl 3 , +.Xr SSL_CIPHER_get_name 3 , +.Xr SSL_CTX_set_cipher_list 3 +.Sh HISTORY +.Fn SSL_get_cipher_list +first appeared in SSLeay 0.5.2. +.Fn SSL_get_ciphers +first appeared in SSLeay 0.8.0. +Both functions have been available since +.Ox 2.4 . +.Pp +.Fn SSL_CTX_get_ciphers +first appeared in OpenSSL 1.1.0 and has been available since +.Ox 6.3 . +.Pp +.Fn SSL_get1_supported_ciphers +and +.Fn SSL_get_client_ciphers +first appeared in OpenSSL 1.1.0 and has been available since +.Ox 6.5 . diff --git a/src/lib/libssl/man/SSL_get_client_CA_list.3 b/src/lib/libssl/man/SSL_get_client_CA_list.3 new file mode 100644 index 00000000000..e80e5cb6f59 --- /dev/null +++ b/src/lib/libssl/man/SSL_get_client_CA_list.3 @@ -0,0 +1,96 @@ +.\" $OpenBSD: SSL_get_client_CA_list.3,v 1.5 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2000, 2001, 2002, 2005 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_GET_CLIENT_CA_LIST 3 +.Os +.Sh NAME +.Nm SSL_get_client_CA_list , +.Nm SSL_CTX_get_client_CA_list +.Nd get list of client CAs +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft STACK_OF(X509_NAME) * +.Fn SSL_get_client_CA_list "const SSL *s" +.Ft STACK_OF(X509_NAME) * +.Fn SSL_CTX_get_client_CA_list "const SSL_CTX *ctx" +.Sh DESCRIPTION +.Fn SSL_CTX_get_client_CA_list +returns the list of client CAs explicitly set for +.Fa ctx +using +.Xr SSL_CTX_set_client_CA_list 3 . +.Pp +.Fn SSL_get_client_CA_list +returns the list of client CAs explicitly set for +.Fa ssl +using +.Fn SSL_set_client_CA_list +or +.Fa ssl Ns 's +.Vt SSL_CTX +object with +.Xr SSL_CTX_set_client_CA_list 3 , +when in server mode. +In client mode, +.Fn SSL_get_client_CA_list +returns the list of client CAs sent from the server, if any. +.Sh SEE ALSO +.Xr ssl 3 , +.Xr SSL_CTX_set_client_CA_list 3 , +.Xr SSL_CTX_set_client_cert_cb 3 , +.Xr X509_NAME_new 3 +.Sh HISTORY +.Fn SSL_get_client_CA_list +and +.Fn SSL_CTX_get_client_CA_list +first appeared in SSLeay 0.8.0 and have been available since +.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_get_client_random.3 b/src/lib/libssl/man/SSL_get_client_random.3 new file mode 100644 index 00000000000..eda74db355d --- /dev/null +++ b/src/lib/libssl/man/SSL_get_client_random.3 @@ -0,0 +1,150 @@ +.\" $OpenBSD: SSL_get_client_random.3,v 1.2 2018/03/24 00:55:37 schwarze Exp $ +.\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100 +.\" +.\" This file was written by Nick Mathewson +.\" Copyright (c) 2015 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 24 2018 $ +.Dt SSL_GET_CLIENT_RANDOM 3 +.Os +.Sh NAME +.Nm SSL_get_client_random , +.Nm SSL_get_server_random , +.Nm SSL_SESSION_get_master_key +.Nd get internal TLS handshake random values and master key +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft size_t +.Fo SSL_get_client_random +.Fa "const SSL *ssl" +.Fa "unsigned char *out" +.Fa "size_t outlen" +.Fc +.Ft size_t +.Fo SSL_get_server_random +.Fa "const SSL *ssl" +.Fa "unsigned char *out" +.Fa "size_t outlen" +.Fc +.Ft size_t +.Fo SSL_SESSION_get_master_key +.Fa "const SSL_SESSION *session" +.Fa "unsigned char *out" +.Fa "size_t outlen" +.Fc +.Sh DESCRIPTION +.Fn SSL_get_client_random +extracts the random value that was sent from the client to the server +during the initial TLS handshake. +It copies at most +.Fa outlen +bytes of this value into the buffer +.Fa out . +If +.Fa outlen +is zero, nothing is copied. +.Pp +.Fn SSL_get_server_random +behaves the same, but extracts the random value that was sent +from the server to the client during the initial TLS handshake. +.Pp +.Fn SSL_SESSION_get_master_key +behaves the same, but extracts the master secret used to guarantee the +security of the TLS session. +The security of the TLS session depends on keeping the master key +secret: do not expose it, or any information about it, to anybody. +To calculate another secret value that depends on the master secret, +use +.Xr SSL_export_keying_material 3 +instead. +.Pp +All these functions expose internal values from the TLS handshake, +for use in low-level protocols. +Avoid using them unless implementing a feature +that requires access to the internal protocol details. +.Pp +Despite the names of +.Fn SSL_get_client_random +and +.Fn SSL_get_server_random , +they are not random number generators. +Instead, they return the mostly-random values that were already +generated and used in the TLS protocol. +.Pp +In current versions of the TLS protocols, +the length of client_random and server_random is always +.Dv SSL3_RANDOM_SIZE +bytes. +Support for other +.Fa outlen +arguments is provided for the unlikely event that a future +version or variant of TLS uses some other length. +.Pp +Finally, though the client_random and server_random values are called +.Dq random , +many TLS implementations generate four bytes of those values +based on their view of the current time. +.Sh RETURN VALUES +If +.Fa outlen +is greater than 0, these functions return the number of bytes +actually copied, which is less than or equal to +.Fa outlen . +If +.Fa outlen +is 0, these functions return the maximum number of bytes they would +copy \(em that is, the length of the underlying field. +.Sh SEE ALSO +.Xr ssl 3 , +.Xr SSL_export_keying_material 3 , +.Xr SSL_SESSION_get_id 3 , +.Xr SSL_SESSION_get_time 3 , +.Xr SSL_SESSION_new 3 +.Sh HISTORY +These functions first appeared in OpenSSL 1.1.0 +and have been available since +.Ox 6.3 . diff --git a/src/lib/libssl/man/SSL_get_current_cipher.3 b/src/lib/libssl/man/SSL_get_current_cipher.3 new file mode 100644 index 00000000000..6b951d03cad --- /dev/null +++ b/src/lib/libssl/man/SSL_get_current_cipher.3 @@ -0,0 +1,122 @@ +.\" $OpenBSD: SSL_get_current_cipher.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2000, 2005, 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_GET_CURRENT_CIPHER 3 +.Os +.Sh NAME +.Nm SSL_get_current_cipher , +.Nm SSL_get_cipher , +.Nm SSL_get_cipher_name , +.Nm SSL_get_cipher_bits , +.Nm SSL_get_cipher_version +.Nd get SSL_CIPHER of a connection +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft const SSL_CIPHER * +.Fn SSL_get_current_cipher "const SSL *ssl" +.Ft const char * +.Fn SSL_get_cipher "const SSL *ssl" +.Ft const char * +.Fn SSL_get_cipher_name "const SSL *ssl" +.Ft int +.Fn SSL_get_cipher_bits "const SSL *ssl" "int *np" +.Ft char * +.Fn SSL_get_cipher_version "const SSL *ssl" +.Sh DESCRIPTION +.Fn SSL_get_current_cipher +returns a pointer to an +.Vt SSL_CIPHER +object containing the description of the actually used cipher of a connection +established with the +.Fa ssl +object. +See +.Xr SSL_CIPHER_get_name 3 +for more details. +.Pp +.Fn SSL_get_cipher_name +obtains the name of the currently used cipher. +.Fn SSL_get_cipher +is identical to +.Fn SSL_get_cipher_name . +.Pp +.Fn SSL_get_cipher_bits +obtains the number of secret/algorithm bits used and +.Fn SSL_get_cipher_version +returns the protocol name. +.Pp +.Fn SSL_get_cipher , +.Fn SSL_get_cipher_name , +.Fn SSL_get_cipher_bits , +and +.Fn SSL_get_cipher_version +are implemented as macros. +.Sh RETURN VALUES +.Fn SSL_get_current_cipher +returns the cipher actually used, or +.Dv NULL +if no session has been established. +.Sh SEE ALSO +.Xr ssl 3 , +.Xr SSL_CIPHER_get_name 3 +.Sh HISTORY +.Fn SSL_get_cipher +appeared in SSLeay 0.4 or earlier. +.Fn SSL_get_cipher_bits +first appeared in SSLeay 0.6.4. +.Fn SSL_get_cipher_name +and +.Fn SSL_get_cipher_version +first appeared in SSLeay 0.8.0. +.Fn SSL_get_current_cipher +first appeared in SSLeay 0.8.1. +These functions have been available since +.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_get_default_timeout.3 b/src/lib/libssl/man/SSL_get_default_timeout.3 new file mode 100644 index 00000000000..47737d8ee09 --- /dev/null +++ b/src/lib/libssl/man/SSL_get_default_timeout.3 @@ -0,0 +1,85 @@ +.\" $OpenBSD: SSL_get_default_timeout.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2001, 2005 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_GET_DEFAULT_TIMEOUT 3 +.Os +.Sh NAME +.Nm SSL_get_default_timeout +.Nd get default session timeout value +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft long +.Fn SSL_get_default_timeout "const SSL *ssl" +.Sh DESCRIPTION +.Fn SSL_get_default_timeout +returns the default timeout value assigned to +.Vt SSL_SESSION +objects negotiated for the protocol valid for +.Fa ssl . +.Pp +Whenever a new session is negotiated, it is assigned a timeout value, +after which it will not be accepted for session reuse. +If the timeout value was not explicitly set using +.Xr SSL_CTX_set_timeout 3 , +the hardcoded default timeout for the protocol will be used. +.Pp +.Fn SSL_get_default_timeout +return this hardcoded value, which is 300 seconds for all currently supported +protocols (SSLv2, SSLv3, and TLSv1). +.Sh SEE ALSO +.Xr ssl 3 , +.Xr SSL_CTX_flush_sessions 3 , +.Xr SSL_CTX_set_session_cache_mode 3 , +.Xr SSL_SESSION_get_time 3 +.Sh HISTORY +.Fn SSL_get_default_timeout +first appeared in SSLeay 0.8.0 and has been available since +.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_get_error.3 b/src/lib/libssl/man/SSL_get_error.3 new file mode 100644 index 00000000000..5d325b3f563 --- /dev/null +++ b/src/lib/libssl/man/SSL_get_error.3 @@ -0,0 +1,217 @@ +.\" $OpenBSD: SSL_get_error.3,v 1.5 2018/04/29 07:37:01 guenther Exp $ +.\" OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400 +.\" +.\" This file was written by Bodo Moeller . +.\" Copyright (c) 2000, 2001, 2002, 2005 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: April 29 2018 $ +.Dt SSL_GET_ERROR 3 +.Os +.Sh NAME +.Nm SSL_get_error +.Nd obtain result code for TLS/SSL I/O operation +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft int +.Fn SSL_get_error "const SSL *ssl" "int ret" +.Sh DESCRIPTION +.Fn SSL_get_error +returns a result code (suitable for the C +.Dq switch +statement) for a preceding call to +.Xr SSL_connect 3 , +.Xr SSL_accept 3 , +.Xr SSL_do_handshake 3 , +.Xr SSL_read 3 , +.Xr SSL_peek 3 , +or +.Xr SSL_write 3 +on +.Fa ssl . +The value returned by that TLS/SSL I/O function must be passed to +.Fn SSL_get_error +in parameter +.Fa ret . +.Pp +In addition to +.Fa ssl +and +.Fa ret , +.Fn SSL_get_error +inspects the current thread's OpenSSL error queue. +Thus, +.Fn SSL_get_error +must be used in the same thread that performed the TLS/SSL I/O operation, +and no other OpenSSL function calls should appear in between. +The current thread's error queue must be empty before the TLS/SSL I/O operation +is attempted, or +.Fn SSL_get_error +will not work reliably. +.Sh RETURN VALUES +The following return values can currently occur: +.Bl -tag -width Ds +.It Dv SSL_ERROR_NONE +The TLS/SSL I/O operation completed. +This result code is returned if and only if +.Fa ret +> 0. +.It Dv SSL_ERROR_ZERO_RETURN +The TLS/SSL connection has been closed. +If the protocol version is SSL 3.0 or TLS 1.0, this result code is returned +only if a closure alert has occurred in the protocol, i.e., if the connection +has been closed cleanly. +Note that in this case +.Dv SSL_ERROR_ZERO_RETURN +does not necessarily indicate that the underlying transport has been closed. +.It Dv SSL_ERROR_WANT_READ , Dv SSL_ERROR_WANT_WRITE +The operation did not complete; +the same TLS/SSL I/O function should be called again later. +If, by then, the underlying +.Vt BIO +has data available for reading (if the result code is +.Dv SSL_ERROR_WANT_READ ) +or allows writing data +.Pq Dv SSL_ERROR_WANT_WRITE , +then some TLS/SSL protocol progress will take place, +i.e., at least part of a TLS/SSL record will be read or written. +Note that the retry may again lead to a +.Dv SSL_ERROR_WANT_READ +or +.Dv SSL_ERROR_WANT_WRITE +condition. +There is no fixed upper limit for the number of iterations that may be +necessary until progress becomes visible at application protocol level. +.Pp +For socket +.Fa BIO Ns +s (e.g., when +.Fn SSL_set_fd +was used), +.Xr select 2 +or +.Xr poll 2 +on the underlying socket can be used to find out when the TLS/SSL I/O function +should be retried. +.Pp +Caveat: Any TLS/SSL I/O function can lead to either of +.Dv SSL_ERROR_WANT_READ +and +.Dv SSL_ERROR_WANT_WRITE . +In particular, +.Xr SSL_read 3 +or +.Xr SSL_peek 3 +may want to write data and +.Xr SSL_write 3 +may want +to read data. +This is mainly because TLS/SSL handshakes may occur at any time during the +protocol (initiated by either the client or the server); +.Xr SSL_read 3 , +.Xr SSL_peek 3 , +and +.Xr SSL_write 3 +will handle any pending handshakes. +.It Dv SSL_ERROR_WANT_CONNECT , Dv SSL_ERROR_WANT_ACCEPT +The operation did not complete; the same TLS/SSL I/O function should be +called again later. +The underlying BIO was not connected yet to the peer and the call would block +in +.Xr connect 2 Ns / Ns +.Xr accept 2 . +The SSL function should be +called again when the connection is established. +These messages can only appear with a +.Xr BIO_s_connect 3 +or +.Xr BIO_s_accept 3 +.Vt BIO , +respectively. +In order to find out when the connection has been successfully established, +on many platforms +.Xr select 2 +or +.Xr poll 2 +for writing on the socket file descriptor can be used. +.It Dv SSL_ERROR_WANT_X509_LOOKUP +The operation did not complete because an application callback set by +.Xr SSL_CTX_set_client_cert_cb 3 +has asked to be called again. +The TLS/SSL I/O function should be called again later. +Details depend on the application. +.It Dv SSL_ERROR_SYSCALL +Some I/O error occurred. +The OpenSSL error queue may contain more information on the error. +If the error queue is empty (i.e., +.Fn ERR_get_error +returns 0), +.Fa ret +can be used to find out more about the error: +If +.Fa ret +== 0, an +.Dv EOF +was observed that violates the protocol. +If +.Fa ret +== \(mi1, the underlying +.Vt BIO +reported an +I/O error (for socket I/O on Unix systems, consult +.Dv errno +for details). +.It Dv SSL_ERROR_SSL +A failure in the SSL library occurred, usually a protocol error. +The OpenSSL error queue contains more information on the error. +.El +.Sh SEE ALSO +.Xr err 3 , +.Xr ssl 3 +.Sh HISTORY +.Fn SSL_get_error +first appeared in SSLeay 0.8.0 and have been available since +.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 b/src/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 new file mode 100644 index 00000000000..632ee01caa4 --- /dev/null +++ b/src/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 @@ -0,0 +1,116 @@ +.\" $OpenBSD: SSL_get_ex_data_X509_STORE_CTX_idx.3,v 1.3 2018/03/21 09:05:04 schwarze Exp $ +.\" OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2001 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 21 2018 $ +.Dt SSL_GET_EX_DATA_X509_STORE_CTX_IDX 3 +.Os +.Sh NAME +.Nm SSL_get_ex_data_X509_STORE_CTX_idx +.Nd get ex_data index to access SSL structure from X509_STORE_CTX +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft int +.Fn SSL_get_ex_data_X509_STORE_CTX_idx void +.Sh DESCRIPTION +.Fn SSL_get_ex_data_X509_STORE_CTX_idx +returns the index number under which the pointer to the +.Vt SSL +object is stored into the +.Vt X509_STORE_CTX +object. +.Sh NOTES +Whenever a +.Vt X509_STORE_CTX +object is created for the verification of the peer's certificate during a +handshake, a pointer to the +.Vt SSL +object is stored into the +.Vt X509_STORE_CTX +object to identify the connection affected. +To retrieve this pointer the +.Xr X509_STORE_CTX_get_ex_data 3 +function can be used with the correct index. +This index is globally the same for all +.Vt X509_STORE_CTX +objects and can be retrieved using +.Fn SSL_get_ex_data_X509_STORE_CTX_idx . +The index value is set when +.Fn SSL_get_ex_data_X509_STORE_CTX_idx +is first called either by the application program directly or indirectly during +other SSL setup functions or during the handshake. +.Pp +The value depends on other index values defined for +.Vt X509_STORE_CTX +objects before the SSL index is created. +.Sh RETURN VALUES +.Bl -tag -width Ds +.It \(>=0 +The index value to access the pointer. +.It <0 +An error occurred, check the error stack for a detailed error message. +.El +.Sh EXAMPLES +The index returned from +.Fn SSL_get_ex_data_X509_STORE_CTX_idx +provides access to +.Vt SSL +object for the connection during the +.Fn verify_callback +when checking the peer's certificate. +Please check the example in +.Xr SSL_CTX_set_verify 3 . +.Sh SEE ALSO +.Xr CRYPTO_set_ex_data 3 , +.Xr ssl 3 , +.Xr SSL_CTX_set_verify 3 +.Sh HISTORY +.Fn SSL_get_ex_data_X509_STORE_CTX_idx +first appeared in SSLeay 0.9.1 and has been available since +.Ox 2.6 . diff --git a/src/lib/libssl/man/SSL_get_ex_new_index.3 b/src/lib/libssl/man/SSL_get_ex_new_index.3 new file mode 100644 index 00000000000..cecd25fa44a --- /dev/null +++ b/src/lib/libssl/man/SSL_get_ex_new_index.3 @@ -0,0 +1,136 @@ +.\" $OpenBSD: SSL_get_ex_new_index.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2001, 2005 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_GET_EX_NEW_INDEX 3 +.Os +.Sh NAME +.Nm SSL_get_ex_new_index , +.Nm SSL_set_ex_data , +.Nm SSL_get_ex_data +.Nd internal application specific data functions +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft int +.Fo SSL_get_ex_new_index +.Fa "long argl" +.Fa "void *argp" +.Fa "CRYPTO_EX_new *new_func" +.Fa "CRYPTO_EX_dup *dup_func" +.Fa "CRYPTO_EX_free *free_func" +.Fc +.Ft int +.Fn SSL_set_ex_data "SSL *ssl" "int idx" "void *arg" +.Ft void * +.Fn SSL_get_ex_data "const SSL *ssl" "int idx" +.Bd -literal +typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp); +typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, + int idx, long argl, void *argp); +typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, + int idx, long argl, void *argp); +.Ed +.Sh DESCRIPTION +Several OpenSSL structures can have application specific data attached to them. +These functions are used internally by OpenSSL to manipulate application +specific data attached to a specific structure. +.Pp +.Fn SSL_get_ex_new_index +is used to register a new index for application specific data. +.Pp +.Fn SSL_set_ex_data +is used to store application data at +.Fa arg +for +.Fa idx +into the +.Fa ssl +object. +.Pp +.Fn SSL_get_ex_data +is used to retrieve the information for +.Fa idx +from +.Fa ssl . +.Pp +A detailed description for the +.Fn *_get_ex_new_index +functionality can be found in +.Xr RSA_get_ex_new_index 3 . +The +.Fn *_get_ex_data +and +.Fn *_set_ex_data +functionality is described in +.Xr CRYPTO_set_ex_data 3 . +.Sh EXAMPLES +An example of how to use the functionality is included in the example +.Fn verify_callback +in +.Xr SSL_CTX_set_verify 3 . +.Sh SEE ALSO +.Xr CRYPTO_set_ex_data 3 , +.Xr RSA_get_ex_new_index 3 , +.Xr ssl 3 , +.Xr SSL_CTX_set_verify 3 +.Sh HISTORY +Precursor functions +.Fn SSL_set_app_data +and +.Fn SSL_get_app_data +first appeared in SSLeay 0.6.1. +.Pp +.Fn SSL_get_ex_new_index , +.Fn SSL_set_ex_data , +and +.Fn SSL_get_ex_data +first appeared in SSLeay 0.9.0 and have been available since +.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_get_fd.3 b/src/lib/libssl/man/SSL_get_fd.3 new file mode 100644 index 00000000000..1e093424cb3 --- /dev/null +++ b/src/lib/libssl/man/SSL_get_fd.3 @@ -0,0 +1,103 @@ +.\" $OpenBSD: SSL_get_fd.3,v 1.6 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2000, 2005, 2013 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_GET_FD 3 +.Os +.Sh NAME +.Nm SSL_get_fd , +.Nm SSL_get_rfd , +.Nm SSL_get_wfd +.Nd get file descriptor linked to an SSL object +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft int +.Fn SSL_get_fd "const SSL *ssl" +.Ft int +.Fn SSL_get_rfd "const SSL *ssl" +.Ft int +.Fn SSL_get_wfd "const SSL *ssl" +.Sh DESCRIPTION +.Fn SSL_get_fd +returns the file descriptor which is linked to +.Fa ssl . +.Fn SSL_get_rfd +and +.Fn SSL_get_wfd +return the file descriptors for the read or the write channel, +which can be different. +If the read and the write channel are different, +.Fn SSL_get_fd +will return the file descriptor of the read channel. +.Sh RETURN VALUES +The following return values can occur: +.Bl -tag -width Ds +.It \(mi1 +The operation failed, because the underlying +.Vt BIO +is not of the correct type (suitable for file descriptors). +.It \(>=0 +The file descriptor linked to +.Fa ssl . +.El +.Sh SEE ALSO +.Xr BIO_new 3 , +.Xr ssl 3 , +.Xr SSL_set_fd 3 +.Sh HISTORY +.Fn SSL_get_fd +appeared in SSLeay 0.4 or earlier and has been available since +.Ox 2.4 . +.Pp +.Fn SSL_get_rfd +and +.Fn SSL_get_wfd +first appeared in OpenSSL 0.9.6c and have been available since +.Ox 3.2 . diff --git a/src/lib/libssl/man/SSL_get_peer_cert_chain.3 b/src/lib/libssl/man/SSL_get_peer_cert_chain.3 new file mode 100644 index 00000000000..eb2ae53dc43 --- /dev/null +++ b/src/lib/libssl/man/SSL_get_peer_cert_chain.3 @@ -0,0 +1,107 @@ +.\" $OpenBSD: SSL_get_peer_cert_chain.3,v 1.5 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL SSL_get_peer_cert_chain.pod 1f164c6f Jan 18 01:40:36 2017 +0100 +.\" OpenSSL SSL_get_peer_cert_chain.pod 9b86974e Aug 17 15:21:33 2015 -0400 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2000, 2005, 2014, 2016 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_GET_PEER_CERT_CHAIN 3 +.Os +.Sh NAME +.Nm SSL_get_peer_cert_chain +.Nd get the X509 certificate chain sent by the peer +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft STACK_OF(X509) * +.Fn SSL_get_peer_cert_chain "const SSL *ssl" +.Sh DESCRIPTION +.Fn SSL_get_peer_cert_chain +returns a pointer to +.Dv STACK_OF Ns Po Vt X509 Pc +certificates forming the certificate chain of the peer. +If called on the client side, the stack also contains the peer's certificate; +if called on the server side, the peer's certificate must be obtained +separately using +.Xr SSL_get_peer_certificate 3 . +If the peer did not present a certificate, +.Dv NULL +is returned. +.Pp +.Fn SSL_get_peer_cert_chain +returns the peer chain as sent by the peer: it only consists of +certificates the peer has sent (in the order the peer has sent them) +and it is not a verified chain. +.Pp +If the session is resumed, peers do not send certificates, so a +.Dv NULL +pointer is returned. +Applications can call +.Fn SSL_session_reused +to determine whether a session is resumed. +.Pp +The reference count of the +.Dv STACK_OF Ns Po Vt X509 Pc +object is not incremented. +If the corresponding session is freed, the pointer must not be used any longer. +.Sh RETURN VALUES +The following return values can occur: +.Bl -tag -width Ds +.It Dv NULL +No certificate was presented by the peer or no connection was established or +the certificate chain is no longer available when a session is reused. +.It Pointer to a Dv STACK_OF Ns Po X509 Pc +The return value points to the certificate chain presented by the peer. +.El +.Sh SEE ALSO +.Xr ssl 3 , +.Xr SSL_get_peer_certificate 3 +.Sh HISTORY +.Fn SSL_get_peer_cert_chain +first appeared in SSLeay 0.8.0 and has been available since +.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_get_peer_certificate.3 b/src/lib/libssl/man/SSL_get_peer_certificate.3 new file mode 100644 index 00000000000..5e7247f4d17 --- /dev/null +++ b/src/lib/libssl/man/SSL_get_peer_certificate.3 @@ -0,0 +1,104 @@ +.\" $OpenBSD: SSL_get_peer_certificate.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2000, 2001, 2005 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_GET_PEER_CERTIFICATE 3 +.Os +.Sh NAME +.Nm SSL_get_peer_certificate +.Nd get the X509 certificate of the peer +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft X509 * +.Fn SSL_get_peer_certificate "const SSL *ssl" +.Sh DESCRIPTION +.Fn SSL_get_peer_certificate +returns a pointer to the X509 certificate the peer presented. +If the peer did not present a certificate, +.Dv NULL +is returned. +.Pp +Due to the protocol definition, a TLS/SSL server will always send a +certificate, if present. +A client will only send a certificate when explicitly requested to do so by the +server (see +.Xr SSL_CTX_set_verify 3 ) . +If an anonymous cipher is used, no certificates are sent. +.Pp +That a certificate is returned does not indicate information about the +verification state. +Use +.Xr SSL_get_verify_result 3 +to check the verification state. +.Pp +The reference count of the +.Vt X509 +object is incremented by one, so that it will not be destroyed when the session +containing the peer certificate is freed. +The +.Vt X509 +object must be explicitly freed using +.Xr X509_free 3 . +.Sh RETURN VALUES +The following return values can occur: +.Bl -tag -width Ds +.It Dv NULL +No certificate was presented by the peer or no connection was established. +.It Pointer to an X509 certificate +The return value points to the certificate presented by the peer. +.El +.Sh SEE ALSO +.Xr ssl 3 , +.Xr SSL_CTX_set_verify 3 , +.Xr SSL_get_verify_result 3 +.Sh HISTORY +.Fn SSL_get_peer_certificate +appeared in SSLeay 0.4 or earlier and has been available since +.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_get_rbio.3 b/src/lib/libssl/man/SSL_get_rbio.3 new file mode 100644 index 00000000000..38096fbecf2 --- /dev/null +++ b/src/lib/libssl/man/SSL_get_rbio.3 @@ -0,0 +1,98 @@ +.\" $OpenBSD: SSL_get_rbio.3,v 1.5 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2000, 2013 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_GET_RBIO 3 +.Os +.Sh NAME +.Nm SSL_get_rbio , +.Nm SSL_get_wbio +.Nd get BIO linked to an SSL object +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft BIO * +.Fn SSL_get_rbio "SSL *ssl" +.Ft BIO * +.Fn SSL_get_wbio "SSL *ssl" +.Sh DESCRIPTION +.Fn SSL_get_rbio +and +.Fn SSL_get_wbio +return pointers to the +.Vt BIO Ns s +for the read or the write channel, which can be different. +The reference count of the +.Vt BIO +is not incremented. +.Sh RETURN VALUES +The following return values can occur: +.Bl -tag -width Ds +.It Dv NULL +No +.Vt BIO +was connected to the +.Vt SSL +object. +.It Any other pointer +The +.Vt BIO +linked to +.Fa ssl . +.El +.Sh SEE ALSO +.Xr BIO_new 3 , +.Xr ssl 3 , +.Xr SSL_set_bio 3 +.Sh HISTORY +.Fn SSL_get_rbio +and +.Fn SSL_get_wbio +first appeared in SSLeay 0.6.0 and have been available since +.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_get_server_tmp_key.3 b/src/lib/libssl/man/SSL_get_server_tmp_key.3 new file mode 100644 index 00000000000..6bd102e8632 --- /dev/null +++ b/src/lib/libssl/man/SSL_get_server_tmp_key.3 @@ -0,0 +1,88 @@ +.\" $OpenBSD: SSL_get_server_tmp_key.3,v 1.3 2018/03/24 00:55:37 schwarze Exp $ +.\" OpenSSL SSL_get_server_tmp_key.pod 508fafd8 Apr 3 15:41:21 2017 +0100 +.\" +.\" This file was written by Matt Caswell +.\" Copyright (c) 2017 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 24 2018 $ +.Dt SSL_GET_SERVER_TMP_KEY 3 +.Os +.Sh NAME +.Nm SSL_get_server_tmp_key +.Nd temporary server key during a handshake +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft long +.Fo SSL_get_server_tmp_key +.Fa "SSL *ssl" +.Fa "EVP_PKEY **key" +.Fc +.Sh DESCRIPTION +.Fn SSL_get_server_tmp_key +retrieves the temporary key provided by the server +and used during key exchange. +For example, if ECDHE is in use, +this represents the server's public ECDHE key. +.Pp +In case of success, a copy of the key is stored in +.Pf * Fa key . +It is the caller's responsibility to free this key after use using +.Xr EVP_PKEY_free 3 . +.Pp +This function may only be called by the client. +.Pp +This function is implemented as a macro. +.Sh RETURN VALUES +.Fn SSL_get_server_tmp_key +returns 1 on success or 0 on failure. +.Sh SEE ALSO +.Xr EVP_PKEY_free 3 , +.Xr SSL_ctrl 3 +.Sh HISTORY +.Fn SSL_get_server_tmp_key +first appeared in OpenSSL 1.0.2 and has been available since +.Ox 6.1 . diff --git a/src/lib/libssl/man/SSL_get_session.3 b/src/lib/libssl/man/SSL_get_session.3 new file mode 100644 index 00000000000..4cde129bc2b --- /dev/null +++ b/src/lib/libssl/man/SSL_get_session.3 @@ -0,0 +1,163 @@ +.\" $OpenBSD: SSL_get_session.3,v 1.7 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2000, 2001, 2005, 2013, 2016 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_GET_SESSION 3 +.Os +.Sh NAME +.Nm SSL_get_session , +.Nm SSL_get0_session , +.Nm SSL_get1_session +.Nd retrieve TLS/SSL session data +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft SSL_SESSION * +.Fn SSL_get_session "const SSL *ssl" +.Ft SSL_SESSION * +.Fn SSL_get0_session "const SSL *ssl" +.Ft SSL_SESSION * +.Fn SSL_get1_session "SSL *ssl" +.Sh DESCRIPTION +.Fn SSL_get_session +returns a pointer to the +.Vt SSL_SESSION +actually used in +.Fa ssl . +The reference count of the +.Vt SSL_SESSION +is not incremented, so that the pointer can become invalid by other operations. +.Pp +.Fn SSL_get0_session +is the same as +.Fn SSL_get_session . +.Pp +.Fn SSL_get1_session +is the same as +.Fn SSL_get_session , +but the reference count of the +.Vt SSL_SESSION +is incremented by one. +.Pp +The +.Fa ssl +session contains all information required to re-establish the connection +without a new handshake. +.Pp +.Fn SSL_get0_session +returns a pointer to the actual session. +As the reference counter is not incremented, +the pointer is only valid while the connection is in use. +If +.Xr SSL_clear 3 +or +.Xr SSL_free 3 +is called, the session may be removed completely (if considered bad), +and the pointer obtained will become invalid. +Even if the session is valid, +it can be removed at any time due to timeout during +.Xr SSL_CTX_flush_sessions 3 . +.Pp +If the data is to be kept, +.Fn SSL_get1_session +will increment the reference count, so that the session will not be implicitly +removed by other operations but stays in memory. +In order to remove the session +.Xr SSL_SESSION_free 3 +must be explicitly called once to decrement the reference count again. +.Pp +.Vt SSL_SESSION +objects keep internal link information about the session cache list when being +inserted into one +.Vt SSL_CTX +object's session cache. +One +.Vt SSL_SESSION +object, regardless of its reference count, must therefore only be used with one +.Vt SSL_CTX +object (and the +.Vt SSL +objects created from this +.Vt SSL_CTX +object). +.Sh RETURN VALUES +The following return values can occur: +.Bl -tag -width Ds +.It Dv NULL +There is no session available in +.Fa ssl . +.It Pointer to an Vt SSL_SESSION +The return value points to the data of an +.Vt SSL +session. +.El +.Sh SEE ALSO +.Xr ssl 3 , +.Xr SSL_clear 3 , +.Xr SSL_free 3 , +.Xr SSL_SESSION_free 3 , +.Xr SSL_SESSION_get0_peer 3 , +.Xr SSL_SESSION_get_compress_id 3 , +.Xr SSL_SESSION_get_id 3 , +.Xr SSL_SESSION_get_protocol_version 3 , +.Xr SSL_SESSION_get_time 3 , +.Xr SSL_SESSION_new 3 , +.Xr SSL_SESSION_print 3 , +.Xr SSL_set_session 3 +.Sh HISTORY +.Fn SSL_get_session +first appeared in SSLeay 0.5.2 and has been available since +.Ox 2.4 . +.Pp +.Fn SSL_get0_session +and +.Fn SSL_get1_session +first appeared in OpenSSL 0.9.5 and have been available since +.Ox 2.7 . diff --git a/src/lib/libssl/man/SSL_get_shared_ciphers.3 b/src/lib/libssl/man/SSL_get_shared_ciphers.3 new file mode 100644 index 00000000000..45228921f93 --- /dev/null +++ b/src/lib/libssl/man/SSL_get_shared_ciphers.3 @@ -0,0 +1,71 @@ +.\" $OpenBSD: SSL_get_shared_ciphers.3,v 1.3 2018/03/27 17:35:50 schwarze Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_GET_SHARED_CIPHERS 3 +.Os +.Sh NAME +.Nm SSL_get_shared_ciphers +.Nd ciphers supported by both client and server +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft char * +.Fo SSL_get_shared_ciphers +.Fa "const SSL *ssl" +.Fa "char *buf" +.Fa "int len" +.Fc +.Sh DESCRIPTION +.Fn SSL_get_shared_ciphers +puts the names of the ciphers that are supported by both the client +and the server of +.Fa ssl +into the buffer +.Fa buf . +Names are separated by colons. +At most +.Fa len +bytes are written to +.Fa buf +including the terminating NUL character. +.Sh RETURN VALUES +If +.Fa ssl +contains no session, if the session contains no shared ciphers, +or if +.Fa len +is less than 2, +.Fn SSL_get_shared_ciphers +returns +.Dv NULL . +Otherwise, it returns +.Fa buf . +.Sh HISTORY +.Fn SSL_get_shared_ciphers +first appeared in SSLeay 0.4.5b and has been available since +.Ox 2.4 . +.Sh BUGS +If the list is too long to fit into +.Fa len +bytes, it is silently truncated after the last cipher name that fits, +and all following ciphers are skipped. +If the buffer is very short such that even the first cipher name +does not fit, an empty string is returned even when some shared +ciphers are actually available. +.Pp +There is no easy way to find out how much space is required for +.Fa buf +or whether the supplied space was sufficient. diff --git a/src/lib/libssl/man/SSL_get_state.3 b/src/lib/libssl/man/SSL_get_state.3 new file mode 100644 index 00000000000..d284691af16 --- /dev/null +++ b/src/lib/libssl/man/SSL_get_state.3 @@ -0,0 +1,160 @@ +.\" $OpenBSD: SSL_get_state.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_GET_STATE 3 +.Os +.Sh NAME +.Nm SSL_get_state , +.Nm SSL_state , +.Nm SSL_in_accept_init , +.Nm SSL_in_before , +.Nm SSL_in_connect_init , +.Nm SSL_in_init , +.Nm SSL_is_init_finished +.Nd inspect the state of the SSL state machine +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft int +.Fo SSL_get_state +.Fa "const SSL *ssl" +.Fc +.Ft int +.Fo SSL_state +.Fa "const SSL *ssl" +.Fc +.Ft int +.Fo SSL_in_accept_init +.Fa "const SSL *ssl" +.Fc +.Ft int +.Fo SSL_in_before +.Fa "const SSL *ssl" +.Fc +.Ft int +.Fo SSL_in_connect_init +.Fa "const SSL *ssl" +.Fc +.Ft int +.Fo SSL_in_init +.Fa "const SSL *ssl" +.Fc +.Ft int +.Fo SSL_is_init_finished +.Fa "const SSL *ssl" +.Fc +.Sh DESCRIPTION +.Fn SSL_get_state +returns an encoded representation of the current state of the SSL +state machine. +.Fn SSL_state +is a deprecated alias for +.Fn SSL_get_state . +.Pp +The following bits may be set: +.Bl -tag -width Ds +.It Dv SSL_ST_ACCEPT +This bit is set by +.Xr SSL_accept 3 +and by +.Xr SSL_set_accept_state 3 . +It indicates that +.Fa ssl +is set up for server mode and no client initiated the TLS handshake yet. +The function +.Fn SSL_in_accept_init +returns non-zero if this bit is set or 0 otherwise. +.It Dv SSL_ST_BEFORE +This bit is set by the +.Xr SSL_accept 3 , +.Xr SSL_connect 3 , +.Xr SSL_set_accept_state 3 , +and +.Xr SSL_set_connect_state 3 +functions. +It indicates that the TLS handshake was not initiated yet. +The function +.Fn SSL_in_before +returns non-zero if this bit is set or 0 otherwise. +.It Dv SSL_ST_CONNECT +This bit is set by +.Xr SSL_connect 3 +and by +.Xr SSL_set_connect_state 3 . +It indicates that +.Fa ssl +is set up for client mode and no TLS handshake was initiated yet. +The function +.Fn SSL_in_connect_init +returns non-zero if this bit is set or 0 otherwise. +.El +.Pp +The following masks can be used: +.Bl -tag -width Ds +.It Dv SSL_ST_INIT +Set if +.Dv SSL_ST_ACCEPT +or +.Dv SSL_ST_CONNECT +is set. +The function +.Fn SSL_in_init +returns a non-zero value if one of these is set or 0 otherwise. +.It Dv SSL_ST_MASK +This mask includes all bits except +.Dv SSL_ST_ACCEPT , +.Dv SSL_ST_BEFORE , +and +.Dv SSL_ST_CONNECT . +.It Dv SSL_ST_OK +The state is set to this value when a connection is established. +The function +.Fn SSL_is_init_finished +returns a non-zero value if the state equals this constant, or 0 otherwise. +.It Dv SSL_ST_RENEGOTIATE +The program is about to renegotiate, for example when entering +.Xr SSL_read 3 +or +.Xr SSL_write 3 +right after +.Xr SSL_renegotiate 3 +was called. +.El +.Pp +The meaning of other bits is protocol-dependent. +Application programs usually do not need to inspect any of those +other bits. +.Pp +All these functions may be implemented as macros. +.Sh SEE ALSO +.Xr SSL_renegotiate 3 , +.Xr SSL_set_connect_state 3 +.Sh HISTORY +.Fn SSL_is_init_finished +first appeared in SSLeay 0.4.5b. +.Fn SSL_state +first appeared in SSLeay 0.5.2. +.Fn SSL_in_accept_init , +.Fn SSL_in_connect_init , +and +.Fn SSL_in_init +first appeared in SSLeay 0.6.0. +.Fn SSL_in_before +first appeared in SSLeay 0.8.0. +.Fn SSL_get_state +first appeared in SSLeay 0.9.0. +All these functions have been available since +.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_get_verify_result.3 b/src/lib/libssl/man/SSL_get_verify_result.3 new file mode 100644 index 00000000000..ec4df2d38e0 --- /dev/null +++ b/src/lib/libssl/man/SSL_get_verify_result.3 @@ -0,0 +1,100 @@ +.\" $OpenBSD: SSL_get_verify_result.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2000, 2001, 2005 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_GET_VERIFY_RESULT 3 +.Os +.Sh NAME +.Nm SSL_get_verify_result +.Nd get result of peer certificate verification +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft long +.Fn SSL_get_verify_result "const SSL *ssl" +.Sh DESCRIPTION +.Fn SSL_get_verify_result +returns the result of the verification of the X509 certificate presented by the +peer, if any. +.Pp +.Fn SSL_get_verify_result +can only return one error code while the verification of a certificate can fail +because of many reasons at the same time. +Only the last verification error that occurred during the processing is +available from +.Fn SSL_get_verify_result . +.Pp +The verification result is part of the established session and is restored when +a session is reused. +.Sh RETURN VALUES +The following return values can currently occur: +.Bl -tag -width Ds +.It Dv X509_V_OK +The verification succeeded or no peer certificate was presented. +.It Any other value +Documented in +.Xr openssl 1 . +.El +.Sh SEE ALSO +.Xr openssl 1 , +.Xr ssl 3 , +.Xr SSL_get_peer_certificate 3 , +.Xr SSL_set_verify_result 3 +.Sh HISTORY +.Fn SSL_get_verify_result +first appeared in SSLeay 0.6.1 and has been available since +.Ox 2.4 . +.Sh BUGS +If no peer certificate was presented, the returned result code is +.Dv X509_V_OK . +This is because no verification error occurred; +however, it does not indicate success. +.Fn SSL_get_verify_result +is only useful in connection with +.Xr SSL_get_peer_certificate 3 . diff --git a/src/lib/libssl/man/SSL_get_version.3 b/src/lib/libssl/man/SSL_get_version.3 new file mode 100644 index 00000000000..cc4297c5ba0 --- /dev/null +++ b/src/lib/libssl/man/SSL_get_version.3 @@ -0,0 +1,105 @@ +.\" $OpenBSD: SSL_get_version.3,v 1.7 2019/03/18 18:31:15 schwarze Exp $ +.\" full merge up to: OpenSSL bb9ad09e Jun 6 00:43:05 2016 -0400 +.\" selective merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2001, 2005, 2014 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 18 2019 $ +.Dt SSL_GET_VERSION 3 +.Os +.Sh NAME +.Nm SSL_get_version , +.Nm SSL_version +.\" The following are intentionally undocumented because +.\" - the longer term plan is to remove them +.\" - nothing appears to be using them in the wild +.\" - and they have the wrong namespace prefix +.\" Nm TLS1_get_version +.\" Nm TLS1_get_client_version +.Nd get the protocol version of a connection +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft const char * +.Fn SSL_get_version "const SSL *ssl" +.Ft int +.Fn SSL_version "const SSL *ssl" +.Sh DESCRIPTION +.Fn SSL_get_version +returns the name of the protocol used for the connection +.Fa ssl . +.Pp +.Fn SSL_version +returns an integer constant representing that protocol. +.Pp +These functions only return reliable results +after the initial handshake has been completed. +.Sh RETURN VALUES +The following strings or integers can be returned: +.Bl -tag -width Ds +.It Qo TLSv1 Qc No or Dv TLS1_VERSION +The connection uses the TLSv1.0 protocol. +.It Qo TLSv1.1 Qc No or Dv TLS1_1_VERSION +The connection uses the TLSv1.1 protocol. +.It Qo TLSv1.2 Qc No or Dv TLS1_2_VERSION +The connection uses the TLSv1.2 protocol. +.It Qo TLSv1.3 Qc No or Dv TLS1_3_VERSION +The connection uses the TLSv1.3 protocol. +.It Qo DTLSv1 Qc No or Dv DTLS1_VERSION +The connection uses the Datagram Transport Layer Security 1.0 protocol. +.It Qq unknown +This indicates an unknown protocol version; +it cannot currently happen with LibreSSL. +.El +.Sh SEE ALSO +.Xr ssl 3 +.Sh HISTORY +.Fn SSL_get_version +and +.Fn SSL_version +first appeared in SSLeay 0.8.0 and have been available since +.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_library_init.3 b/src/lib/libssl/man/SSL_library_init.3 new file mode 100644 index 00000000000..42f19adc28a --- /dev/null +++ b/src/lib/libssl/man/SSL_library_init.3 @@ -0,0 +1,110 @@ +.\" $OpenBSD: SSL_library_init.3,v 1.6 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2000, 2006, 2010 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_LIBRARY_INIT 3 +.Os +.Sh NAME +.Nm SSL_library_init , +.Nm OpenSSL_add_ssl_algorithms , +.Nm SSLeay_add_ssl_algorithms +.Nd initialize SSL library by registering algorithms +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft int +.Fn SSL_library_init void +.Ft int +.Fn OpenSSL_add_ssl_algorithms void +.Ft int +.Fn SSLeay_add_ssl_algorithms void +.Sh DESCRIPTION +.Fn SSL_library_init +registers the available SSL/TLS ciphers and digests. +.Pp +.Fn OpenSSL_add_ssl_algorithms +and +.Fn SSLeay_add_ssl_algorithms +are synonyms for +.Fn SSL_library_init +and are implemented as macros. +.Pp +.Fn SSL_library_init +must be called before any other action takes place. +.Fn SSL_library_init +is not reentrant. +.Pp +.Fn SSL_library_init +adds ciphers and digests used directly and indirectly by SSL/TLS. +.Sh RETURN VALUES +.Fn SSL_library_init +always returns 1, so it is safe to discard the return value. +.Sh EXAMPLES +A typical TLS/SSL application will start with the library initialization, and +provide readable error messages. +.Bd -literal +SSL_load_error_strings(); /* readable error messages */ +SSL_library_init(); /* initialize library */ +.Ed +.Sh SEE ALSO +.Xr RAND_add 3 , +.Xr ssl 3 , +.Xr SSL_load_error_strings 3 +.Sh HISTORY +.Fn SSLeay_add_ssl_algorithms +first appeared in SSLeay 0.8.0 and has been available since +.Ox 2.4 . +.Pp +.Fn SSL_library_init +first appeared in OpenSSL 0.9.2b and has been available since +.Ox 2.6 . +.Pp +.Fn OpenSSL_add_ssl_algorithms +first appeared in OpenSSL 0.9.5 and has been available since +.Ox 2.7 . diff --git a/src/lib/libssl/man/SSL_load_client_CA_file.3 b/src/lib/libssl/man/SSL_load_client_CA_file.3 new file mode 100644 index 00000000000..e893d63e28a --- /dev/null +++ b/src/lib/libssl/man/SSL_load_client_CA_file.3 @@ -0,0 +1,184 @@ +.\" $OpenBSD: SSL_load_client_CA_file.3,v 1.8 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file is a derived work. +.\" The changes are covered by the following Copyright and license: +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" The original file was written by Lutz Jaenicke . +.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_LOAD_CLIENT_CA_FILE 3 +.Os +.Sh NAME +.Nm SSL_load_client_CA_file , +.Nm SSL_add_file_cert_subjects_to_stack , +.Nm SSL_add_dir_cert_subjects_to_stack +.Nd load certificate names from files +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft STACK_OF(X509_NAME) * +.Fn SSL_load_client_CA_file "const char *file" +.Ft int +.Fo SSL_add_file_cert_subjects_to_stack +.Fa "STACK_OF(X509_NAME) *stack" +.Fa "const char *file" +.Fc +.Ft int +.Fo SSL_add_dir_cert_subjects_to_stack +.Fa "STACK_OF(X509_NAME) *stack" +.Fa "const char *dir" +.Fc +.Sh DESCRIPTION +.Fn SSL_load_client_CA_file +reads PEM formatted certificates from +.Fa file +and returns a new +.Vt STACK_OF(X509_NAME) +with the subject names found. +While the name suggests the specific usage as a support function for +.Xr SSL_CTX_set_client_CA_list 3 , +it is not limited to CA certificates. +.Pp +.Fn SSL_add_file_cert_subjects_to_stack +is similar except that the names are added to the existing +.Fa stack . +.Pp +.Fn SSL_add_dir_cert_subjects_to_stack +calls +.Fn SSL_add_file_cert_subjects_to_stack +on every file in the directory +.Fa dir . +.Pp +If a name is already on the stack, all these functions skip it and +do not add it again. +.Sh RETURN VALUES +.Fn SSL_load_client_CA_file +returns a pointer to the new +.Vt STACK_OF(X509_NAME) +or +.Dv NULL on failure . +.Pp +.Fn SSL_add_file_cert_subjects_to_stack +and +.Fn SSL_add_dir_cert_subjects_to_stack +return 1 for success or 0 for failure. +.Pp +All these functions treat empty files and directories as failures. +.Pp +In some cases of failure, the reason can be determined with +.Xr ERR_get_error 3 . +.Sh EXAMPLES +Load names of CAs from a file and use it as a client CA list: +.Bd -literal +SSL_CTX *ctx; +STACK_OF(X509_NAME) *cert_names; +\&... +cert_names = SSL_load_client_CA_file("/path/to/CAfile.pem"); +if (cert_names != NULL) + SSL_CTX_set_client_CA_list(ctx, cert_names); +else + error_handling(); +\&... +.Ed +.Sh SEE ALSO +.Xr PEM_read_bio_X509 3 , +.Xr SSL_CTX_set_client_CA_list 3 , +.Xr X509_get_subject_name 3 , +.Xr X509_NAME_new 3 +.Sh HISTORY +.Fn SSL_load_client_CA_file +first appeared in SSLeay 0.8.0 and has been available since +.Ox 2.4 . +.Pp +.Fn SSL_add_file_cert_subjects_to_stack +and +.Fn SSL_add_dir_cert_subjects_to_stack +first appeared in OpenSSL 0.9.2b and have been available since +.Ox 2.6 . +.Sh AUTHORS +.Fn SSL_add_file_cert_subjects_to_stack +and +.Fn SSL_add_dir_cert_subjects_to_stack +were written by +.An Ben Laurie Aq Mt ben@openssl.org +in 1999. +.Sh BUGS +In some cases of failure, for example for empty files and directories, +these functions fail to report an error, in the sense that +.Xr ERR_get_error 3 +does not work. +.Pp +Even in case of failure, for example when parsing one of the +files or certificates fails, +.Fn SSL_add_file_cert_subjects_to_stack +and +.Fn SSL_add_dir_cert_subjects_to_stack +may still have added some certificates to the stack. +.Pp +The behaviour of +.Fn SSL_add_dir_cert_subjects_to_stack +is non-deterministic. +If parsing one file fails, parsing of the whole directory is aborted. +Files in the directory are not parsed in any specific order. +For example, adding an empty file to +.Fa dir +may or may not cause some of the other files to be ignored. diff --git a/src/lib/libssl/man/SSL_new.3 b/src/lib/libssl/man/SSL_new.3 new file mode 100644 index 00000000000..f84eed7df89 --- /dev/null +++ b/src/lib/libssl/man/SSL_new.3 @@ -0,0 +1,109 @@ +.\" $OpenBSD: SSL_new.3,v 1.6 2018/03/27 17:35:50 schwarze Exp $ +.\" full merge up to: OpenSSL 1c7ae3dd Mar 29 19:17:55 2017 +1000 +.\" +.\" This file was written by Richard Levitte +.\" and Matt Caswell . +.\" Copyright (c) 2000, 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_NEW 3 +.Os +.Sh NAME +.Nm SSL_new , +.Nm SSL_up_ref +.Nd create a new SSL structure for a connection +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft SSL * +.Fn SSL_new "SSL_CTX *ctx" +.Ft int +.Fn SSL_up_ref "SSL *ssl" +.Sh DESCRIPTION +.Fn SSL_new +creates a new +.Vt SSL +structure which is needed to hold the data for a TLS/SSL connection. +The new structure inherits the settings of the underlying context +.Fa ctx : +connection method, options, verification settings, +timeout settings. +The reference count of the new structure is set to 1. +.Pp +.Fn SSL_up_ref +increments the reference count of +.Fa ssl +by 1. +.Sh RETURN VALUES +The following return values can occur: +.Bl -tag -width Ds +.It Dv NULL +The creation of a new +.Vt SSL +structure failed. +Check the error stack to find out the reason. +.It Pointer to an Vt SSL No structure +The return value points to an allocated +.Vt SSL +structure. +.El +.Pp +.Fn SSL_up_ref +returns 1 for success or 0 for failure. +.Sh SEE ALSO +.Xr ssl 3 , +.Xr SSL_clear 3 , +.Xr SSL_CTX_set_options 3 , +.Xr SSL_free 3 , +.Xr SSL_get_SSL_CTX 3 +.Sh HISTORY +.Fn SSL_new +appeared in SSLeay 0.4 or earlier and has been available since +.Ox 2.4 . +.Pp +.Fn SSL_up_ref +first appeared in OpenSSL 1.1.0 and has been available since +.Ox 6.3 . diff --git a/src/lib/libssl/man/SSL_num_renegotiations.3 b/src/lib/libssl/man/SSL_num_renegotiations.3 new file mode 100644 index 00000000000..7a864187f6b --- /dev/null +++ b/src/lib/libssl/man/SSL_num_renegotiations.3 @@ -0,0 +1,74 @@ +.\" $OpenBSD: SSL_num_renegotiations.3,v 1.4 2018/03/21 08:06:34 schwarze Exp $ +.\" +.\" Copyright (c) 2016 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 21 2018 $ +.Dt SSL_NUM_RENEGOTIATIONS 3 +.Os +.Sh NAME +.Nm SSL_num_renegotiations , +.Nm SSL_clear_num_renegotiations , +.Nm SSL_total_renegotiations +.Nd renegotiation counters +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft long +.Fo SSL_num_renegotiations +.Fa "SSL *ssl" +.Fc +.Ft long +.Fo SSL_clear_num_renegotiations +.Fa "SSL *ssl" +.Fc +.Ft long +.Fo SSL_total_renegotiations +.Fa "SSL *ssl" +.Fc +.Sh DESCRIPTION +.Fn SSL_num_renegotiations +reports the number of renegotiations initiated in +.Fa ssl +since +.Xr SSL_new 3 , +.Xr SSL_clear 3 , +or +.Fn SSL_clear_num_renegotiations +was last called on that object. +.Pp +.Fn SSL_clear_num_renegotiations +does the same and additionally resets the renegotiation counter to 0. +.Pp +.Fn SSL_total_renegotiations +reports the number of renegotiations initiated in +.Fa ssl +since +.Xr SSL_new 3 +or +.Xr SSL_clear 3 +was last called on that object. +.Pp +These functions are implemented as macros. +.Sh RETURN VALUES +All these functions return a number of renegotiations. +.Sh SEE ALSO +.Xr BIO_set_ssl_renegotiate_bytes 3 , +.Xr SSL_ctrl 3 , +.Xr SSL_read 3 , +.Xr SSL_renegotiate 3 , +.Xr SSL_write 3 +.Sh HISTORY +These functions first appeared in SSLeay 0.9.0 +and have been available since +.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_pending.3 b/src/lib/libssl/man/SSL_pending.3 new file mode 100644 index 00000000000..b3efa4260d9 --- /dev/null +++ b/src/lib/libssl/man/SSL_pending.3 @@ -0,0 +1,109 @@ +.\" $OpenBSD: SSL_pending.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400 +.\" +.\" This file was written by Lutz Jaenicke , +.\" Bodo Moeller , and Matt Caswell . +.\" Copyright (c) 2000, 2005, 2015, 2016 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_PENDING 3 +.Os +.Sh NAME +.Nm SSL_pending +.Nd obtain number of readable bytes buffered in an SSL object +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft int +.Fn SSL_pending "const SSL *ssl" +.Sh DESCRIPTION +Data is received in whole blocks known as records from the peer. +A whole record is processed, for example decrypted, in one go and +is buffered until it is read by the application via a call to +.Xr SSL_read 3 . +.Pp +.Fn SSL_pending +returns the number of bytes which are available inside +.Fa ssl +for immediate read. +.Pp +.Fn SSL_pending +takes into account only bytes from the TLS/SSL record that is +currently being processed (if any). +If the +.Fa ssl->read_ahead +flag is set (see +.Xr SSL_CTX_set_read_ahead 3 ) , +additional protocol bytes beyond the current record may have been +read containing more TLS/SSL records. +This also applies to DTLS. +These additional bytes will be buffered but will remain unprocessed +until they are needed. +As these bytes are still in an unprocessed state, +.Fn SSL_pending +will ignore them. +Therefore it is possible for no more bytes to be readable from the +underlying BIO (because the library has already read them) and for +.Fn SSL_pending +to return 0, even though readable application data bytes are available +(because the data is in unprocessed buffered records). +.Sh RETURN VALUES +.Fn SSL_pending +returns the number of buffered and processed application data +bytes that are pending and are available for immediate read. +.Sh SEE ALSO +.Xr ssl 3 , +.Xr SSL_CTX_set_read_ahead 3 , +.Xr SSL_read 3 +.Sh HISTORY +.Fn SSL_pending +appeared in SSLeay 0.4 or earlier and has been available since +.Ox 2.4 . +.Sh BUGS +Up to OpenSSL 0.9.6, +.Fn SSL_pending +did not check if the record type of pending data is application data. diff --git a/src/lib/libssl/man/SSL_read.3 b/src/lib/libssl/man/SSL_read.3 new file mode 100644 index 00000000000..d773065a81d --- /dev/null +++ b/src/lib/libssl/man/SSL_read.3 @@ -0,0 +1,232 @@ +.\" $OpenBSD: SSL_read.3,v 1.6 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" +.\" This file was written by Lutz Jaenicke and +.\" Matt Caswell . +.\" Copyright (c) 2000, 2001, 2008, 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_READ 3 +.Os +.Sh NAME +.Nm SSL_read , +.Nm SSL_peek +.Nd read bytes from a TLS/SSL connection +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft int +.Fn SSL_read "SSL *ssl" "void *buf" "int num" +.Ft int +.Fn SSL_peek "SSL *ssl" "void *buf" "int num" +.Sh DESCRIPTION +.Fn SSL_read +tries to read +.Fa num +bytes from the specified +.Fa ssl +into the buffer +.Fa buf . +.Pp +.Fn SSL_peek +is identical to +.Fn SSL_read +except that no bytes are removed from the underlying BIO during +the read, such that a subsequent call to +.Fn SSL_read +will yield at least the same bytes once again. +.Pp +In the following, +.Fn SSL_read +and +.Fn SSL_peek +are called +.Dq read functions . +.Pp +If necessary, a read function will negotiate a TLS/SSL session, if +not already explicitly performed by +.Xr SSL_connect 3 +or +.Xr SSL_accept 3 . +If the peer requests a re-negotiation, it will be performed +transparently during the read function operation. +The behaviour of the read functions depends on the underlying +.Vt BIO . +.Pp +For the transparent negotiation to succeed, the +.Fa ssl +must have been initialized to client or server mode. +This is done by calling +.Xr SSL_set_connect_state 3 +or +.Xr SSL_set_accept_state 3 +before the first call to a read function. +.Pp +The read functions works based on the SSL/TLS records. +The data are received in records (with a maximum record size of 16kB). +Only when a record has been completely received, it can be processed +(decrypted and checked for integrity). +Therefore data that was not retrieved at the last read call can +still be buffered inside the SSL layer and will be retrieved on the +next read call. +If +.Fa num +is higher than the number of bytes buffered, the read functions +will return with the bytes buffered. +If no more bytes are in the buffer, the read functions will trigger +the processing of the next record. +Only when the record has been received and processed completely +will the read functions return reporting success. +At most the contents of the record will be returned. +As the size of an SSL/TLS record may exceed the maximum packet size +of the underlying transport (e.g., TCP), it may be necessary to +read several packets from the transport layer before the record is +complete and the read call can succeed. +.Pp +If the underlying +.Vt BIO +is blocking, +a read function will only return once the read operation has been +finished or an error occurred, except when a renegotiation takes +place, in which case an +.Dv SSL_ERROR_WANT_READ +may occur. +This behavior can be controlled with the +.Dv SSL_MODE_AUTO_RETRY +flag of the +.Xr SSL_CTX_set_mode 3 +call. +.Pp +If the underlying +.Vt BIO +is non-blocking, a read function will also return when the underlying +.Vt BIO +could not satisfy the needs of the function to continue the operation. +In this case a call to +.Xr SSL_get_error 3 +with the return value of the read function will yield +.Dv SSL_ERROR_WANT_READ +or +.Dv SSL_ERROR_WANT_WRITE . +As at any time a re-negotiation is possible, a read function may +also cause write operations. +The calling process must then repeat the call after taking appropriate +action to satisfy the needs of the read function. +The action depends on the underlying +.Vt BIO . +When using a non-blocking socket, nothing is to be done, but +.Xr select 2 +can be used to check for the required condition. +When using a buffering +.Vt BIO , +like a +.Vt BIO +pair, data must be written into or retrieved out of the +.Vt BIO +before being able to continue. +.Pp +.Xr SSL_pending 3 +can be used to find out whether there are buffered bytes available for +immediate retrieval. +In this case a read function can be called without blocking or +actually receiving new data from the underlying socket. +.Pp +When a read function operation has to be repeated because of +.Dv SSL_ERROR_WANT_READ +or +.Dv SSL_ERROR_WANT_WRITE , +it must be repeated with the same arguments. +.Sh RETURN VALUES +The following return values can occur: +.Bl -tag -width Ds +.It >0 +The read operation was successful. +The return value is the number of bytes actually read from the +TLS/SSL connection. +.It 0 +The read operation was not successful. +The reason may either be a clean shutdown due to a +.Dq close notify +alert sent by the peer (in which case the +.Dv SSL_RECEIVED_SHUTDOWN +flag in the ssl shutdown state is set (see +.Xr SSL_shutdown 3 +and +.Xr SSL_set_shutdown 3 ) . +It is also possible that the peer simply shut down the underlying transport and +the shutdown is incomplete. +Call +.Fn SSL_get_error +with the return value to find out whether an error occurred or the connection +was shut down cleanly +.Pq Dv SSL_ERROR_ZERO_RETURN . +.It <0 +The read operation was not successful, because either an error occurred or +action must be taken by the calling process. +Call +.Fn SSL_get_error +with the return value to find out the reason. +.El +.Sh SEE ALSO +.Xr BIO_new 3 , +.Xr ssl 3 , +.Xr SSL_accept 3 , +.Xr SSL_connect 3 , +.Xr SSL_CTX_new 3 , +.Xr SSL_CTX_set_mode 3 , +.Xr SSL_get_error 3 , +.Xr SSL_pending 3 , +.Xr SSL_set_connect_state 3 , +.Xr SSL_set_shutdown 3 , +.Xr SSL_shutdown 3 , +.Xr SSL_write 3 +.Sh HISTORY +.Fn SSL_read +appeared in SSLeay 0.4 or earlier. +.Fn SSL_peek +first appeared in SSLeay 0.6.6. +Both functions have been available since +.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_renegotiate.3 b/src/lib/libssl/man/SSL_renegotiate.3 new file mode 100644 index 00000000000..cf6308f2838 --- /dev/null +++ b/src/lib/libssl/man/SSL_renegotiate.3 @@ -0,0 +1,165 @@ +.\" $OpenBSD: SSL_renegotiate.3,v 1.8 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL SSL_key_update.pod 4fbfe86a Feb 16 17:04:40 2017 +0000 +.\" +.\" This file is a derived work. +.\" Some parts are covered by the following Copyright and license: +.\" +.\" Copyright (c) 2016, 2017 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" Other parts were written by Matt Caswell . +.\" Copyright (c) 2017 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_RENEGOTIATE 3 +.Os +.Sh NAME +.Nm SSL_renegotiate , +.Nm SSL_renegotiate_abbreviated , +.Nm SSL_renegotiate_pending +.Nd initiate a new TLS handshake +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft int +.Fo SSL_renegotiate +.Fa "SSL *ssl" +.Fc +.Ft int +.Fo SSL_renegotiate_abbreviated +.Fa "SSL *ssl" +.Fc +.Ft int +.Fo SSL_renegotiate_pending +.Fa "SSL *ssl" +.Fc +.Sh DESCRIPTION +When called from the client side, +.Fn SSL_renegotiate +schedules a completely new handshake over an existing TLS connection. +The next time an I/O operation such as +.Fn SSL_read +or +.Fn SSL_write +takes place on the connection, a check is performed to confirm +that it is a suitable time to start a renegotiation. +If so, a new handshake is initiated immediately. +An existing session associated with the connection is not resumed. +.Pp +This function is automatically called by +.Xr SSL_read 3 +and +.Xr SSL_write 3 +whenever the renegotiation byte count set by +.Xr BIO_set_ssl_renegotiate_bytes 3 +or the timeout set by +.Xr BIO_set_ssl_renegotiate_timeout 3 +are exceeded. +.Pp +When called from the client side, +.Fn SSL_renegotiate_abbreviated +is similar to +.Fn SSL_renegotiate +except that resuming the session associated with the current +connection is attempted in the new handshake. +.Pp +When called from the server side, +.Fn SSL_renegotiate +and +.Fn SSL_renegotiate_abbreviated +behave identically. +They both schedule a request for a new handshake to be sent to the client. +The next time an I/O operation is performed, the same checks as on +the client side are performed and then, if appropriate, the request +is sent. +The client may or may not respond with a new handshake and it may +or may not attempt to resume an existing session. +If a new handshake is started, it is handled transparently during +any I/O function. +.Pp +If a LibreSSL client receives a renegotiation request from a server, +it is also handled transparently during any I/O function. +The client attempts to resume the current session in the new +handshake. +For historical reasons, DTLS clients do not attempt to resume +the session in the new handshake. +.Sh RETURN VALUES +.Fn SSL_renegotiate +and +.Fn SSL_renegotiate_abbreviated +return 1 on success or 0 on error. +.Pp +.Fn SSL_renegotiate_pending +returns 1 if a renegotiation or renegotiation request has been +scheduled but not yet acted on, or 0 otherwise. +.Sh SEE ALSO +.Xr SSL_do_handshake 3 , +.Xr SSL_num_renegotiations 3 , +.Xr SSL_read 3 , +.Xr SSL_write 3 +.Sh HISTORY +.Fn SSL_renegotiate +first appeared in SSLeay 0.8.0 and has been available since +.Ox 2.4 . +.Pp +.Fn SSL_renegotiate_pending +first appeared in OpenSSL 0.9.7 and has been available since +.Ox 3.2 . +.Pp +.Fn SSL_renegotiate_abbreviated +first appeared in OpenSSL 1.0.1 and has been available since +.Ox 5.3 . diff --git a/src/lib/libssl/man/SSL_rstate_string.3 b/src/lib/libssl/man/SSL_rstate_string.3 new file mode 100644 index 00000000000..99613ba3c08 --- /dev/null +++ b/src/lib/libssl/man/SSL_rstate_string.3 @@ -0,0 +1,108 @@ +.\" $OpenBSD: SSL_rstate_string.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2001 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_RSTATE_STRING 3 +.Os +.Sh NAME +.Nm SSL_rstate_string , +.Nm SSL_rstate_string_long +.Nd get textual description of state of an SSL object during read operation +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft const char * +.Fn SSL_rstate_string "SSL *ssl" +.Ft const char * +.Fn SSL_rstate_string_long "SSL *ssl" +.Sh DESCRIPTION +.Fn SSL_rstate_string +returns a 2-letter string indicating the current read state of the +.Vt SSL +object +.Fa ssl . +.Pp +.Fn SSL_rstate_string_long +returns a string indicating the current read state of the +.Vt SSL +object +.Fa ssl . +.Pp +When performing a read operation, the SSL/TLS engine must parse the record, +consisting of header and body. +When working in a blocking environment, +.Fn SSL_rstate_string[_long] +should always return +.Qo RD Qc Ns / Ns Qo read done Qc . +.Pp +This function should only seldom be needed in applications. +.Sh RETURN VALUES +.Fn SSL_rstate_string +and +.Fn SSL_rstate_string_long +can return the following values: +.Bl -tag -width Ds +.It Qo RH Qc Ns / Ns Qo read header Qc +The header of the record is being evaluated. +.It Qo RB Qc Ns / Ns Qo read body Qc +The body of the record is being evaluated. +.It Qo RD Qc Ns / Ns Qo read done Qc +The record has been completely processed. +.It Qo unknown Qc Ns / Ns Qo unknown Qc +The read state is unknown. +This should never happen. +.El +.Sh SEE ALSO +.Xr ssl 3 +.Sh HISTORY +.Fn SSL_rstate_string +and +.Fn SSL_rstate_string_long +first appeared in SSLeay 0.6.0 and have been available since +.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_session_reused.3 b/src/lib/libssl/man/SSL_session_reused.3 new file mode 100644 index 00000000000..0fdf776f607 --- /dev/null +++ b/src/lib/libssl/man/SSL_session_reused.3 @@ -0,0 +1,83 @@ +.\" $OpenBSD: SSL_session_reused.3,v 1.5 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2001 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_SESSION_REUSED 3 +.Os +.Sh NAME +.Nm SSL_session_reused +.Nd query whether a reused session was negotiated during handshake +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft int +.Fn SSL_session_reused "SSL *ssl" +.Sh DESCRIPTION +Query whether a reused session was negotiated during the handshake. +.Pp +During the negotiation, a client can propose to reuse a session. +The server then looks up the session in its cache. +If both client and server agree on the session, +it will be reused and a flag is set that can be queried by the application. +.Sh RETURN VALUES +The following return values can occur: +.Bl -tag -width Ds +.It 0 +A new session was negotiated. +.It 1 +A session was reused. +.El +.Sh SEE ALSO +.Xr SSL_ctrl 3 , +.Xr SSL_CTX_set_session_cache_mode 3 , +.Xr SSL_set_session 3 +.Sh HISTORY +.Fn SSL_session_reused +first appeared in SSLeay 0.8.0 and has been available since +.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_set1_param.3 b/src/lib/libssl/man/SSL_set1_param.3 new file mode 100644 index 00000000000..5697ac64249 --- /dev/null +++ b/src/lib/libssl/man/SSL_set1_param.3 @@ -0,0 +1,136 @@ +.\" $OpenBSD: SSL_set1_param.3,v 1.4 2018/03/23 14:28:16 schwarze Exp $ +.\" full merge up to: +.\" OpenSSL man3/SSL_CTX_get0_param 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" +.\" This file was written by Dr. Stephen Henson . +.\" Copyright (c) 2015 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt SSL_SET1_PARAM 3 +.Os +.Sh NAME +.Nm SSL_CTX_get0_param , +.Nm SSL_get0_param , +.Nm SSL_CTX_set1_param , +.Nm SSL_set1_param +.Nd get and set verification parameters +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft X509_VERIFY_PARAM * +.Fo SSL_CTX_get0_param +.Fa "SSL_CTX *ctx" +.Fc +.Ft X509_VERIFY_PARAM * +.Fo SSL_get0_param +.Fa "SSL *ssl" +.Fc +.Ft int +.Fo SSL_CTX_set1_param +.Fa "SSL_CTX *ctx" +.Fa "X509_VERIFY_PARAM *vpm" +.Fc +.Ft int +.Fo SSL_set1_param +.Fa "SSL *ssl" +.Fa "X509_VERIFY_PARAM *vpm" +.Fc +.Sh DESCRIPTION +.Fn SSL_CTX_get0_param +and +.Fn SSL_get0_param +retrieve an internal pointer to the verification parameters for +.Fa ctx +or +.Fa ssl , +respectively. +The returned pointer must not be freed by the calling application, +but the application can modify the parameters pointed to +to suit its needs: for example to add a hostname check. +.Pp +.Fn SSL_CTX_set1_param +and +.Fn SSL_set1_param +set the verification parameters to +.Fa vpm +for +.Fa ctx +or +.Fa ssl . +.Sh RETURN VALUES +.Fn SSL_CTX_get0_param +and +.Fn SSL_get0_param +return a pointer to an +.Vt X509_VERIFY_PARAM +structure. +.Pp +.Fn SSL_CTX_set1_param +and +.Fn SSL_set1_param +return 1 for success or 0 for failure. +.Sh EXAMPLES +Check that the hostname matches +.Pa www.foo.com +in the peer certificate: +.Bd -literal -offset indent +X509_VERIFY_PARAM *vpm = SSL_get0_param(ssl); +X509_VERIFY_PARAM_set1_host(vpm, "www.foo.com", 0); +.Ed +.Sh SEE ALSO +.Xr X509_VERIFY_PARAM_set_flags 3 +.Sh HISTORY +.Fn SSL_CTX_set1_param +and +.Fn SSL_set1_param +first appeared in OpenSSL 1.0.0 and have been available since +.Ox 4.9 . +.Pp +.Fn SSL_CTX_get0_param +and +.Fn SSL_get0_param +first appeared in OpenSSL 1.0.2 and have been available since +.Ox 6.3 . diff --git a/src/lib/libssl/man/SSL_set_bio.3 b/src/lib/libssl/man/SSL_set_bio.3 new file mode 100644 index 00000000000..f3ea507d005 --- /dev/null +++ b/src/lib/libssl/man/SSL_set_bio.3 @@ -0,0 +1,102 @@ +.\" $OpenBSD: SSL_set_bio.3,v 1.5 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL acb5b343 Sep 16 16:00:38 2000 +0000 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_SET_BIO 3 +.Os +.Sh NAME +.Nm SSL_set_bio +.Nd connect the SSL object with a BIO +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft void +.Fn SSL_set_bio "SSL *ssl" "BIO *rbio" "BIO *wbio" +.Sh DESCRIPTION +.Fn SSL_set_bio +connects the +.Vt BIO Ns +s +.Fa rbio +and +.Fa wbio +for the read and write operations of the TLS/SSL (encrypted) side of +.Fa ssl . +.Pp +The SSL engine inherits the behaviour of +.Fa rbio +and +.Fa wbio , +respectively. +If a +.Vt BIO +is non-blocking, the +.Fa ssl +will also have non-blocking behaviour. +.Pp +If there was already a +.Vt BIO +connected to +.Fa ssl , +.Xr BIO_free 3 +will be called (for both the reading and writing side, if different). +.Sh RETURN VALUES +.Fn SSL_set_bio +cannot fail. +.Sh SEE ALSO +.Xr BIO_new 3 , +.Xr ssl 3 , +.Xr SSL_accept 3 , +.Xr SSL_connect 3 , +.Xr SSL_get_rbio 3 , +.Xr SSL_shutdown 3 +.Sh HISTORY +.Fn SSL_set_bio +first appeared in SSLeay 0.6.0 and has been available since +.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_set_connect_state.3 b/src/lib/libssl/man/SSL_set_connect_state.3 new file mode 100644 index 00000000000..c2072c43705 --- /dev/null +++ b/src/lib/libssl/man/SSL_set_connect_state.3 @@ -0,0 +1,153 @@ +.\" $OpenBSD: SSL_set_connect_state.3,v 1.6 2018/03/27 17:35:50 schwarze Exp $ +.\" full merge up to OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" selective merge up to: OpenSSL dbd007d7 Jul 28 13:31:27 2017 +0800 +.\" +.\" This file was written by Lutz Jaenicke +.\" and Paul Yang . +.\" Copyright (c) 2001, 2017 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_SET_CONNECT_STATE 3 +.Os +.Sh NAME +.Nm SSL_set_connect_state , +.Nm SSL_set_accept_state , +.Nm SSL_is_server +.Nd prepare SSL object to work in client or server mode +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft void +.Fn SSL_set_connect_state "SSL *ssl" +.Ft void +.Fn SSL_set_accept_state "SSL *ssl" +.Ft int +.Fn SSL_is_server "const SSL *ssl" +.Sh DESCRIPTION +.Fn SSL_set_connect_state +sets +.Fa ssl +to work in client mode. +.Pp +.Fn SSL_set_accept_state +sets +.Fa ssl +to work in server mode. +.Pp +.Fn SSL_is_server +checks whether +.Fa ssl +is set to server mode. +.Pp +When the +.Vt SSL_CTX +object was created with +.Xr SSL_CTX_new 3 , +it was either assigned a dedicated client method, a dedicated server method, or +a generic method, that can be used for both client and server connections. +(The method might have been changed with +.Xr SSL_CTX_set_ssl_version 3 +or +.Xr SSL_set_ssl_method 3 . ) +.Pp +When beginning a new handshake, the SSL engine must know whether it must call +the connect (client) or accept (server) routines. +Even though it may be clear from the method chosen whether client or server +mode was requested, the handshake routines must be explicitly set. +.Pp +When using the +.Xr SSL_connect 3 +or +.Xr SSL_accept 3 +routines, the correct handshake routines are automatically set. +When performing a transparent negotiation using +.Xr SSL_write 3 +or +.Xr SSL_read 3 , +the handshake routines must be explicitly set in advance using either +.Fn SSL_set_connect_state +or +.Fn SSL_set_accept_state . +.Pp +If +.Fn SSL_is_server +is called before +.Fn SSL_set_connect_state +or +.Fn SSL_set_accept_state +was called either automatically or explicitly, +the result depends on what method was used when the +.Fa SSL_CTX +was created. +If a generic method or a dedicated server method was passed to +.Xr SSL_CTX_new 3 , +.Fn SSL_is_server +returns 1; otherwise, it returns 0. +.Sh RETURN VALUES +.Fn SSL_is_server +returns 1 if +.Fa ssl +is set to server mode or 0 if it is set to client mode. +.Sh SEE ALSO +.Xr ssl 3 , +.Xr SSL_accept 3 , +.Xr SSL_connect 3 , +.Xr SSL_CTX_new 3 , +.Xr SSL_CTX_set_ssl_version 3 , +.Xr SSL_do_handshake 3 , +.Xr SSL_new 3 , +.Xr SSL_read 3 , +.Xr SSL_write 3 +.Sh HISTORY +.Fn SSL_set_connect_state +and +.Fn SSL_set_accept_state +first appeared in SSLeay 0.6.0 and have been available since +.Ox 2.4 . +.Pp +.Fn SSL_is_server +first appeared in OpenSSL 1.0.2 and has been available since +.Ox 6.3 . diff --git a/src/lib/libssl/man/SSL_set_fd.3 b/src/lib/libssl/man/SSL_set_fd.3 new file mode 100644 index 00000000000..7b9727e9ad1 --- /dev/null +++ b/src/lib/libssl/man/SSL_set_fd.3 @@ -0,0 +1,129 @@ +.\" $OpenBSD: SSL_set_fd.3,v 1.5 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2000, 2013 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_SET_FD 3 +.Os +.Sh NAME +.Nm SSL_set_fd , +.Nm SSL_set_rfd , +.Nm SSL_set_wfd +.Nd connect the SSL object with a file descriptor +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft int +.Fn SSL_set_fd "SSL *ssl" "int fd" +.Ft int +.Fn SSL_set_rfd "SSL *ssl" "int fd" +.Ft int +.Fn SSL_set_wfd "SSL *ssl" "int fd" +.Sh DESCRIPTION +.Fn SSL_set_fd +sets the file descriptor +.Fa fd +as the input/output facility for the TLS/SSL (encrypted) side of +.Fa ssl . +.Fa fd +will typically be the socket file descriptor of a network connection. +.Pp +When performing the operation, a socket +.Vt BIO +is automatically created to interface between the +.Fa ssl +and +.Fa fd . +The +.Vt BIO +and hence the SSL engine inherit the behaviour of +.Fa fd . +If +.Fa fd +is non-blocking, the +.Fa ssl +will also have non-blocking behaviour. +.Pp +If there was already a +.Vt BIO +connected to +.Fa ssl , +.Xr BIO_free 3 +will be called (for both the reading and writing side, if different). +.Pp +.Fn SSL_set_rfd +and +.Fn SSL_set_wfd +perform the respective action, but only for the read channel or the write +channel, which can be set independently. +.Sh RETURN VALUES +The following return values can occur: +.Bl -tag -width Ds +.It 0 +The operation failed. +Check the error stack to find out why. +.It 1 +The operation succeeded. +.El +.Sh SEE ALSO +.Xr BIO_new 3 , +.Xr ssl 3 , +.Xr SSL_accept 3 , +.Xr SSL_connect 3 , +.Xr SSL_get_fd 3 , +.Xr SSL_set_bio 3 , +.Xr SSL_shutdown 3 +.Sh HISTORY +.Fn SSL_set_fd +appeared in SSLeay 0.4 or earlier. +.Fn SSL_set_rfd +and +.Fn SSL_set_wfd +first appeared in SSLeay 0.6.0. +These functions have been available since +.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_set_max_send_fragment.3 b/src/lib/libssl/man/SSL_set_max_send_fragment.3 new file mode 100644 index 00000000000..5a628405110 --- /dev/null +++ b/src/lib/libssl/man/SSL_set_max_send_fragment.3 @@ -0,0 +1,96 @@ +.\" $OpenBSD: SSL_set_max_send_fragment.3,v 1.4 2018/03/23 04:35:09 schwarze Exp $ +.\" OpenSSL doc/man3/SSL_CTX_set_split_send_fragment.pod +.\" OpenSSL 6782e5fd Oct 21 16:16:20 2016 +0100 +.\" +.\" This file was written by Matt Caswell . +.\" Copyright (c) 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt SSL_SET_MAX_SEND_FRAGMENT 3 +.Os +.Sh NAME +.Nm SSL_CTX_set_max_send_fragment , +.Nm SSL_set_max_send_fragment +.Nd control fragment sizes +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft long +.Fo SSL_CTX_set_max_send_fragment +.Fa "SSL_CTX *ctx" +.Fa "long m" +.Fc +.Ft long +.Fo SSL_set_max_send_fragment +.Fa "SSL *ssl" +.Fa "long m" +.Fc +.Sh DESCRIPTION +.Fn SSL_CTX_set_max_send_fragment +and +.Fn SSL_set_max_send_fragment +set the +.Sy max_send_fragment +parameter for SSL_CTX and SSL objects respectively. +This value restricts the amount of plaintext bytes that will be sent in +any one SSL/TLS record. +By default its value is SSL3_RT_MAX_PLAIN_LENGTH (16384). +These functions will only accept a value in the range 512 - +SSL3_RT_MAX_PLAIN_LENGTH. +.Pp +These functions are implemented using macros. +.Sh RETURN VALUES +These functions return 1 on success or 0 on failure. +.Sh SEE ALSO +.Xr SSL_ctrl 3 , +.Xr SSL_CTX_set_read_ahead 3 , +.Xr SSL_pending 3 +.Sh HISTORY +.Fn SSL_CTX_set_max_send_fragment +and +.Fn SSL_set_max_send_fragment +first appeared in OpenSSL 1.0.0 and have been available since +.Ox 4.9 . diff --git a/src/lib/libssl/man/SSL_set_session.3 b/src/lib/libssl/man/SSL_set_session.3 new file mode 100644 index 00000000000..7d85f5ad0c5 --- /dev/null +++ b/src/lib/libssl/man/SSL_set_session.3 @@ -0,0 +1,119 @@ +.\" $OpenBSD: SSL_set_session.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL 05ea606a May 20 20:52:46 2016 -0400 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2000, 2001, 2016 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_SET_SESSION 3 +.Os +.Sh NAME +.Nm SSL_set_session +.Nd set a TLS/SSL session to be used during TLS/SSL connect +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft int +.Fn SSL_set_session "SSL *ssl" "SSL_SESSION *session" +.Sh DESCRIPTION +.Fn SSL_set_session +sets +.Fa session +to be used when the TLS/SSL connection is to be established. +.Fn SSL_set_session +is only useful for TLS/SSL clients. +When the session is set, the reference count of +.Fa session +is incremented +by 1. +If the session is not reused, the reference count is decremented again during +.Fn SSL_connect . +Whether the session was reused can be queried with the +.Xr SSL_session_reused 3 +call. +.Pp +If there is already a session set inside +.Fa ssl +(because it was set with +.Fn SSL_set_session +before or because the same +.Fa ssl +was already used for a connection), +.Xr SSL_SESSION_free 3 +will be called for that session. +.Pp +.Vt SSL_SESSION +objects keep internal link information about the session cache list when being +inserted into one +.Vt SSL_CTX +object's session cache. +One +.Vt SSL_SESSION +object, regardless of its reference count, must therefore only be used with one +.Vt SSL_CTX +object (and the +.Vt SSL +objects created from this +.Vt SSL_CTX +object). +.Sh RETURN VALUES +The following return values can occur: +.Bl -tag -width Ds +.It 0 +The operation failed; check the error stack to find out the reason. +.It 1 +The operation succeeded. +.El +.Sh SEE ALSO +.Xr ssl 3 , +.Xr SSL_CTX_set_session_cache_mode 3 , +.Xr SSL_get_session 3 , +.Xr SSL_SESSION_free 3 , +.Xr SSL_session_reused 3 +.Sh HISTORY +.Fn SSL_set_session +first appeared in SSLeay 0.5.2 and has been available since +.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_set_shutdown.3 b/src/lib/libssl/man/SSL_set_shutdown.3 new file mode 100644 index 00000000000..1a4d9de4d3b --- /dev/null +++ b/src/lib/libssl/man/SSL_set_shutdown.3 @@ -0,0 +1,141 @@ +.\" $OpenBSD: SSL_set_shutdown.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2001, 2005 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_SET_SHUTDOWN 3 +.Os +.Sh NAME +.Nm SSL_set_shutdown , +.Nm SSL_get_shutdown +.Nd manipulate shutdown state of an SSL connection +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft void +.Fn SSL_set_shutdown "SSL *ssl" "int mode" +.Ft int +.Fn SSL_get_shutdown "const SSL *ssl" +.Sh DESCRIPTION +.Fn SSL_set_shutdown +sets the shutdown state of +.Fa ssl +to +.Fa mode . +.Pp +.Fn SSL_get_shutdown +returns the shutdown mode of +.Fa ssl . +.Pp +The shutdown state of an ssl connection is a bitmask of: +.Bl -tag -width Ds +.It 0 +No shutdown setting, yet. +.It Dv SSL_SENT_SHUTDOWN +A +.Dq close notify +shutdown alert was sent to the peer; the connection is being considered closed +and the session is closed and correct. +.It Dv SSL_RECEIVED_SHUTDOWN +A shutdown alert was received form the peer, either a normal +.Dq close notify +or a fatal error. +.El +.Pp +.Dv SSL_SENT_SHUTDOWN +and +.Dv SSL_RECEIVED_SHUTDOWN +can be set at the same time. +.Pp +The shutdown state of the connection is used to determine the state of the +.Fa ssl +session. +If the session is still open when +.Xr SSL_clear 3 +or +.Xr SSL_free 3 +is called, it is considered bad and removed according to RFC2246. +The actual condition for a correctly closed session is +.Dv SSL_SENT_SHUTDOWN +(according to the TLS RFC, it is acceptable to only send the +.Dq close notify +alert but to not wait for the peer's answer when the underlying connection is +closed). +.Fn SSL_set_shutdown +can be used to set this state without sending a close alert to the peer (see +.Xr SSL_shutdown 3 ) . +.Pp +If a +.Dq close notify +was received, +.Dv SSL_RECEIVED_SHUTDOWN +will be set, but to set +.Dv SSL_SENT_SHUTDOWN +the application must still call +.Xr SSL_shutdown 3 +or +.Fn SSL_set_shutdown +itself. +.Sh RETURN VALUES +.Fn SSL_set_shutdown +does not return diagnostic information. +.Pp +.Fn SSL_get_shutdown +returns the current setting. +.Sh SEE ALSO +.Xr ssl 3 , +.Xr SSL_clear 3 , +.Xr SSL_CTX_set_quiet_shutdown 3 , +.Xr SSL_free 3 , +.Xr SSL_shutdown 3 +.Sh HISTORY +.Fn SSL_set_shutdown +and +.Fn SSL_get_shutdown +first appeared in SSLeay 0.8.0 and have been available since +.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_set_tmp_ecdh.3 b/src/lib/libssl/man/SSL_set_tmp_ecdh.3 new file mode 100644 index 00000000000..e906bfdd0c5 --- /dev/null +++ b/src/lib/libssl/man/SSL_set_tmp_ecdh.3 @@ -0,0 +1,119 @@ +.\" $OpenBSD: SSL_set_tmp_ecdh.3,v 1.5 2018/03/23 14:28:16 schwarze Exp $ +.\" +.\" Copyright (c) 2017 Ingo Schwarze +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: March 23 2018 $ +.Dt SSL_SET_TMP_ECDH 3 +.Os +.Sh NAME +.Nm SSL_set_tmp_ecdh , +.Nm SSL_CTX_set_tmp_ecdh , +.Nm SSL_set_ecdh_auto , +.Nm SSL_CTX_set_ecdh_auto , +.Nm SSL_set_tmp_ecdh_callback , +.Nm SSL_CTX_set_tmp_ecdh_callback +.Nd select a curve for ECDH ephemeral key exchange +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft long +.Fo SSL_set_tmp_ecdh +.Fa "SSL *ssl" +.Fa "EC_KEY *ecdh" +.Fc +.Ft long +.Fo SSL_CTX_set_tmp_ecdh +.Fa "SSL_CTX *ctx" +.Fa "EC_KEY *ecdh" +.Fc +.Ft long +.Fo SSL_set_ecdh_auto +.Fa "SSL *ssl" +.Fa "int state" +.Fc +.Ft long +.Fo SSL_CTX_set_ecdh_auto +.Fa "SSL_CTX *ctx" +.Fa "int state" +.Fc +.Ft void +.Fo SSL_set_tmp_ecdh_callback +.Fa "SSL *ssl" +.Fa "EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength)" +.Fc +.Ft void +.Fo SSL_CTX_set_tmp_ecdh_callback +.Fa "SSL_CTX *ctx" +.Fa "EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength)" +.Fc +.Sh DESCRIPTION +Automatic EC curve selection and generation is always enabled in +LibreSSL, and applications cannot manually provide EC keys for use +with ECDHE key exchange. +.Pp +The only remaining effect of +.Fn SSL_set_tmp_ecdh +is that the curve of the given +.Fa ecdh +key becomes the only curve enabled for the +.Fa ssl +connection, so it is equivalent to calling +.Xr SSL_set1_groups_list 3 +with the same single curve name. +.Pp +.Fn SSL_CTX_set_tmp_ecdh +has the same effect on all connections that will be created from +.Fa ctx +in the future. +.Pp +The functions +.Fn SSL_set_ecdh_auto , +.Fn SSL_CTX_set_ecdh_auto , +.Fn SSL_set_tmp_ecdh_callback , +and +.Fn SSL_CTX_set_tmp_ecdh_callback +are deprecated and have no effect. +.Sh RETURN VALUES +.Fn SSL_set_tmp_ecdh +and +.Fn SSL_CTX_set_tmp_ecdh +return 1 on success or 0 on failure. +.Pp +.Fn SSL_set_ecdh_auto , +.Fn SSL_CTX_set_ecdh_auto , +.Fn SSL_set_tmp_ecdh_callback , +and +.Fn SSL_CTX_set_tmp_ecdh_callback +always return 1. +.Sh SEE ALSO +.Xr ssl 3 , +.Xr SSL_CTX_set1_groups 3 , +.Xr SSL_CTX_set_cipher_list 3 , +.Xr SSL_CTX_set_options 3 , +.Xr SSL_CTX_set_tmp_dh_callback 3 , +.Xr SSL_new 3 +.Sh HISTORY +.Fn SSL_set_tmp_ecdh , +.Fn SSL_CTX_set_tmp_ecdh , +.Fn SSL_set_tmp_ecdh_callback , +and +.Fn SSL_CTX_set_tmp_ecdh_callback +first appeared in OpenSSL 0.9.8 and have been available since +.Ox 4.5 . +.Pp +.Fn SSL_CTX_set_ecdh_auto +and +.Fn SSL_set_ecdh_auto +first appeared in OpenSSL 1.0.2 and have been available since +.Ox 5.7 . diff --git a/src/lib/libssl/man/SSL_set_verify_result.3 b/src/lib/libssl/man/SSL_set_verify_result.3 new file mode 100644 index 00000000000..1ff8101ff95 --- /dev/null +++ b/src/lib/libssl/man/SSL_set_verify_result.3 @@ -0,0 +1,93 @@ +.\" $OpenBSD: SSL_set_verify_result.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2000 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_SET_VERIFY_RESULT 3 +.Os +.Sh NAME +.Nm SSL_set_verify_result +.Nd override result of peer certificate verification +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft void +.Fn SSL_set_verify_result "SSL *ssl" "long verify_result" +.Sh DESCRIPTION +.Fn SSL_set_verify_result +sets +.Fa verify_result +of the object +.Fa ssl +to be the result of the verification of the X509 certificate presented by the +peer, if any. +.Pp +.Fn SSL_set_verify_result +overrides the verification result. +It only changes the verification result of the +.Fa ssl +object. +It does not become part of the established session, so if the session is to be +reused later, the original value will reappear. +.Pp +The valid codes for +.Fa verify_result +are documented in +.Xr openssl 1 . +.Sh RETURN VALUES +.Fn SSL_set_verify_result +does not provide a return value. +.Sh SEE ALSO +.Xr openssl 1 , +.Xr ssl 3 , +.Xr SSL_get_peer_certificate 3 , +.Xr SSL_get_verify_result 3 +.Sh HISTORY +.Fn SSL_set_verify_result +first appeared in SSLeay 0.6.1 and has been available since +.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_shutdown.3 b/src/lib/libssl/man/SSL_shutdown.3 new file mode 100644 index 00000000000..bfb1e91ea77 --- /dev/null +++ b/src/lib/libssl/man/SSL_shutdown.3 @@ -0,0 +1,253 @@ +.\" $OpenBSD: SSL_shutdown.3,v 1.5 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2000, 2001, 2004, 2014 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_SHUTDOWN 3 +.Os +.Sh NAME +.Nm SSL_shutdown +.Nd shut down a TLS/SSL connection +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft int +.Fn SSL_shutdown "SSL *ssl" +.Sh DESCRIPTION +.Fn SSL_shutdown +shuts down an active TLS/SSL connection. +It sends the +.Dq close notify +shutdown alert to the peer. +.Pp +.Fn SSL_shutdown +tries to send the +.Dq close notify +shutdown alert to the peer. +Whether the operation succeeds or not, the +.Dv SSL_SENT_SHUTDOWN +flag is set and a currently open session is considered closed and good and will +be kept in the session cache for further reuse. +.Pp +The shutdown procedure consists of 2 steps: the sending of the +.Dq close notify +shutdown alert and the reception of the peer's +.Dq close notify +shutdown alert. +According to the TLS standard, it is acceptable for an application to only send +its shutdown alert and then close the underlying connection without waiting for +the peer's response (this way resources can be saved, as the process can +already terminate or serve another connection). +When the underlying connection shall be used for more communications, +the complete shutdown procedure (bidirectional +.Dq close notify +alerts) must be performed, so that the peers stay synchronized. +.Pp +.Fn SSL_shutdown +supports both uni- and bidirectional shutdown by its 2 step behavior. +.Pp +When the application is the first party to send the +.Dq close notify +alert, +.Fn SSL_shutdown +will only send the alert and then set the +.Dv SSL_SENT_SHUTDOWN +flag (so that the session is considered good and will be kept in cache). +.Fn SSL_shutdown +will then return 0. +If a unidirectional shutdown is enough +(the underlying connection shall be closed anyway), this first call to +.Fn SSL_shutdown +is sufficient. +In order to complete the bidirectional shutdown handshake, +.Fn SSL_shutdown +must be called again. +The second call will make +.Fn SSL_shutdown +wait for the peer's +.Dq close notify +shutdown alert. +On success, the second call to +.Fn SSL_shutdown +will return 1. +.Pp +If the peer already sent the +.Dq close notify +alert and it was already processed implicitly inside another function +.Pq Xr SSL_read 3 , +the +.Dv SSL_RECEIVED_SHUTDOWN +flag is set. +.Fn SSL_shutdown +will send the +.Dq close notify +alert, set the +.Dv SSL_SENT_SHUTDOWN +flag and will immediately return with 1. +Whether +.Dv SSL_RECEIVED_SHUTDOWN +is already set can be checked using the +.Fn SSL_get_shutdown +(see also the +.Xr SSL_set_shutdown 3 +call). +.Pp +It is therefore recommended to check the return value of +.Fn SSL_shutdown +and call +.Fn SSL_shutdown +again, if the bidirectional shutdown is not yet complete (return value of the +first call is 0). +.Pp +The behaviour of +.Fn SSL_shutdown +additionally depends on the underlying +.Vt BIO . +.Pp +If the underlying +.Vt BIO +is +.Em blocking , +.Fn SSL_shutdown +will only return once the +handshake step has been finished or an error occurred. +.Pp +If the underlying +.Vt BIO +is +.Em non-blocking , +.Fn SSL_shutdown +will also return when the underlying +.Vt BIO +could not satisfy the needs of +.Fn SSL_shutdown +to continue the handshake. +In this case a call to +.Xr SSL_get_error 3 +with the +return value of +.Fn SSL_shutdown +will yield +.Dv SSL_ERROR_WANT_READ +or +.Dv SSL_ERROR_WANT_WRITE . +The calling process then must repeat the call after taking appropriate action +to satisfy the needs of +.Fn SSL_shutdown . +The action depends on the underlying +.Vt BIO . +When using a non-blocking socket, nothing is to be done, but +.Xr select 2 +can be used to check for the required condition. +When using a buffering +.Vt BIO , +like a +.Vt BIO +pair, data must be written into or retrieved out of the +.Vt BIO +before being able to continue. +.Pp +.Fn SSL_shutdown +can be modified to only set the connection to +.Dq shutdown +state but not actually send the +.Dq close notify +alert messages; see +.Xr SSL_CTX_set_quiet_shutdown 3 . +When +.Dq quiet shutdown +is enabled, +.Fn SSL_shutdown +will always succeed and return 1. +.Sh RETURN VALUES +The following return values can occur: +.Bl -tag -width Ds +.It 0 +The shutdown is not yet finished. +Call +.Fn SSL_shutdown +for a second time, if a bidirectional shutdown shall be performed. +The output of +.Xr SSL_get_error 3 +may be misleading, as an erroneous +.Dv SSL_ERROR_SYSCALL +may be flagged even though no error occurred. +.It 1 +The shutdown was successfully completed. +The +.Dq close notify +alert was sent and the peer's +.Dq close notify +alert was received. +.It \(mi1 +The shutdown was not successful because a fatal error occurred either +at the protocol level or a connection failure occurred. +It can also occur if action is need to continue the operation for non-blocking +.Vt BIO Ns +s. +Call +.Xr SSL_get_error 3 +with the return value +.Fa ret +to find out the reason. +.El +.Sh SEE ALSO +.Xr BIO_new 3 , +.Xr ssl 3 , +.Xr SSL_accept 3 , +.Xr SSL_clear 3 , +.Xr SSL_connect 3 , +.Xr SSL_CTX_set_quiet_shutdown 3 , +.Xr SSL_free 3 , +.Xr SSL_get_error 3 , +.Xr SSL_set_shutdown 3 +.Sh HISTORY +.Fn SSL_shutdown +first appeared in SSLeay 0.8.0 and has been available since +.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_state_string.3 b/src/lib/libssl/man/SSL_state_string.3 new file mode 100644 index 00000000000..10703354488 --- /dev/null +++ b/src/lib/libssl/man/SSL_state_string.3 @@ -0,0 +1,110 @@ +.\" $OpenBSD: SSL_state_string.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2001, 2005 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_STATE_STRING 3 +.Os +.Sh NAME +.Nm SSL_state_string , +.Nm SSL_state_string_long +.Nd get textual description of state of an SSL object +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft const char * +.Fn SSL_state_string "const SSL *ssl" +.Ft const char * +.Fn SSL_state_string_long "const SSL *ssl" +.Sh DESCRIPTION +.Fn SSL_state_string +returns a 6 letter string indicating the current state of the +.Vt SSL +object +.Fa ssl . +.Pp +.Fn SSL_state_string_long +returns a string indicating the current state of the +.Vt SSL +object +.Fa ssl . +.Pp +During its use, an +.Vt SSL +object passes several states. +The state is internally maintained. +Querying the state information is not very informative before or when a +connection has been established. +It however can be of significant interest during the handshake. +.Pp +When using non-blocking sockets, +the function call performing the handshake may return with +.Dv SSL_ERROR_WANT_READ +or +.Dv SSL_ERROR_WANT_WRITE +condition, so that +.Fn SSL_state_string[_long] +may be called. +.Pp +For both blocking or non-blocking sockets, +the details state information can be used within the +.Fn info_callback +function set with the +.Xr SSL_set_info_callback 3 +call. +.Sh RETURN VALUES +Detailed description of possible states to be included later. +.Sh SEE ALSO +.Xr ssl 3 , +.Xr SSL_CTX_set_info_callback 3 +.Sh HISTORY +.Fn SSL_state_string +and +.Fn SSL_state_string_long +first appeared in SSLeay 0.6.0 and have been available since +.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_want.3 b/src/lib/libssl/man/SSL_want.3 new file mode 100644 index 00000000000..24e8645ba88 --- /dev/null +++ b/src/lib/libssl/man/SSL_want.3 @@ -0,0 +1,161 @@ +.\" $OpenBSD: SSL_want.3,v 1.5 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2001, 2005 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_WANT 3 +.Os +.Sh NAME +.Nm SSL_want , +.Nm SSL_want_nothing , +.Nm SSL_want_read , +.Nm SSL_want_write , +.Nm SSL_want_x509_lookup +.Nd obtain state information TLS/SSL I/O operation +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft int +.Fn SSL_want "const SSL *ssl" +.Ft int +.Fn SSL_want_nothing "const SSL *ssl" +.Ft int +.Fn SSL_want_read "const SSL *ssl" +.Ft int +.Fn SSL_want_write "const SSL *ssl" +.Ft int +.Fn SSL_want_x509_lookup "const SSL *ssl" +.Sh DESCRIPTION +.Fn SSL_want +returns state information for the +.Vt SSL +object +.Fa ssl . +.Pp +The other +.Fn SSL_want_* +calls are shortcuts for the possible states returned by +.Fn SSL_want . +.Pp +.Fn SSL_want +examines the internal state information of the +.Vt SSL +object. +Its return values are similar to those of +.Xr SSL_get_error 3 . +Unlike +.Xr SSL_get_error 3 , +which also evaluates the error queue, +the results are obtained by examining an internal state flag only. +The information must therefore only be used for normal operation under +non-blocking I/O. +Error conditions are not handled and must be treated using +.Xr SSL_get_error 3 . +.Pp +The result returned by +.Fn SSL_want +should always be consistent with the result of +.Xr SSL_get_error 3 . +.Sh RETURN VALUES +The following return values can currently occur for +.Fn SSL_want : +.Bl -tag -width Ds +.It Dv SSL_NOTHING +There is no data to be written or to be read. +.It Dv SSL_WRITING +There are data in the SSL buffer that must be written to the underlying +.Vt BIO +layer in order to complete the actual +.Fn SSL_* +operation. +A call to +.Xr SSL_get_error 3 +should return +.Dv SSL_ERROR_WANT_WRITE . +.It Dv SSL_READING +More data must be read from the underlying +.Vt BIO +layer in order to +complete the actual +.Fn SSL_* +operation. +A call to +.Xr SSL_get_error 3 +should return +.Dv SSL_ERROR_WANT_READ . +.It Dv SSL_X509_LOOKUP +The operation did not complete because an application callback set by +.Xr SSL_CTX_set_client_cert_cb 3 +has asked to be called again. +A call to +.Xr SSL_get_error 3 +should return +.Dv SSL_ERROR_WANT_X509_LOOKUP . +.El +.Pp +.Fn SSL_want_nothing , +.Fn SSL_want_read , +.Fn SSL_want_write , +and +.Fn SSL_want_x509_lookup +return 1 when the corresponding condition is true or 0 otherwise. +.Sh SEE ALSO +.Xr err 3 , +.Xr ssl 3 , +.Xr SSL_get_error 3 +.Sh HISTORY +.Fn SSL_want , +.Fn SSL_want_nothing , +.Fn SSL_want_read , +and +.Fn SSL_want_write +first appeared in SSLeay 0.5.2. +.Fn SSL_want_x509_lookup +first appeared in SSLeay 0.6.0. +These functions have been available since +.Ox 2.4 . diff --git a/src/lib/libssl/man/SSL_write.3 b/src/lib/libssl/man/SSL_write.3 new file mode 100644 index 00000000000..d5e985e42a6 --- /dev/null +++ b/src/lib/libssl/man/SSL_write.3 @@ -0,0 +1,224 @@ +.\" $OpenBSD: SSL_write.3,v 1.5 2018/03/27 17:35:50 schwarze Exp $ +.\" OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2000, 2001, 2002 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 27 2018 $ +.Dt SSL_WRITE 3 +.Os +.Sh NAME +.Nm SSL_write +.Nd write bytes to a TLS/SSL connection +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft int +.Fn SSL_write "SSL *ssl" "const void *buf" "int num" +.Sh DESCRIPTION +.Fn SSL_write +writes +.Fa num +bytes from the buffer +.Fa buf +into the specified +.Fa ssl +connection. +.Pp +If necessary, +.Fn SSL_write +will negotiate a TLS/SSL session, if not already explicitly performed by +.Xr SSL_connect 3 +or +.Xr SSL_accept 3 . +If the peer requests a re-negotiation, +it will be performed transparently during the +.Fn SSL_write +operation. +The behaviour of +.Fn SSL_write +depends on the underlying +.Vt BIO . +.Pp +For the transparent negotiation to succeed, the +.Fa ssl +must have been initialized to client or server mode. +This is being done by calling +.Xr SSL_set_connect_state 3 +or +.Xr SSL_set_accept_state 3 +before the first call to an +.Xr SSL_read 3 +or +.Fn SSL_write +function. +.Pp +If the underlying +.Vt BIO +is +.Em blocking , +.Fn SSL_write +will only return once the write operation has been finished or an error +occurred, except when a renegotiation take place, in which case a +.Dv SSL_ERROR_WANT_READ +may occur. +This behaviour can be controlled with the +.Dv SSL_MODE_AUTO_RETRY +flag of the +.Xr SSL_CTX_set_mode 3 +call. +.Pp +If the underlying +.Vt BIO +is +.Em non-blocking , +.Fn SSL_write +will also return when the underlying +.Vt BIO +could not satisfy the needs of +.Fn SSL_write +to continue the operation. +In this case a call to +.Xr SSL_get_error 3 +with the return value of +.Fn SSL_write +will yield +.Dv SSL_ERROR_WANT_READ +or +.Dv SSL_ERROR_WANT_WRITE . +As at any time a re-negotiation is possible, a call to +.Fn SSL_write +can also cause read operations! +The calling process then must repeat the call after taking appropriate action +to satisfy the needs of +.Fn SSL_write . +The action depends on the underlying +.Vt BIO . +When using a non-blocking socket, nothing is to be done, but +.Xr select 2 +can be used to check for the required condition. +When using a buffering +.Vt BIO , +like a +.Vt BIO +pair, data must be written into or retrieved out of the BIO before being able +to continue. +.Pp +.Fn SSL_write +will only return with success when the complete contents of +.Fa buf +of length +.Fa num +have been written. +This default behaviour can be changed with the +.Dv SSL_MODE_ENABLE_PARTIAL_WRITE +option of +.Xr SSL_CTX_set_mode 3 . +When this flag is set, +.Fn SSL_write +will also return with success when a partial write has been successfully +completed. +In this case the +.Fn SSL_write +operation is considered completed. +The bytes are sent and a new +.Fn SSL_write +operation with a new buffer (with the already sent bytes removed) must be +started. +A partial write is performed with the size of a message block, +which is 16kB. +.Pp +When an +.Fn SSL_write +operation has to be repeated because +.Xr SSL_get_error 3 +returned +.Dv SSL_ERROR_WANT_READ +or +.Dv SSL_ERROR_WANT_WRITE , +it must be repeated with the same arguments. +.Pp +When calling +.Fn SSL_write +with +.Fa num Ns =0 +bytes to be sent, the behaviour is undefined. +.Sh RETURN VALUES +The following return values can occur: +.Bl -tag -width Ds +.It >0 +The write operation was successful. +The return value is the number of bytes actually written to the TLS/SSL +connection. +.It 0 +The write operation was not successful. +Probably the underlying connection was closed. +Call +.Xr SSL_get_error 3 +with the return value to find out whether an error occurred or the connection +was shut down cleanly +.Pq Dv SSL_ERROR_ZERO_RETURN . +.It <0 +The write operation was not successful, because either an error occurred or +action must be taken by the calling process. +Call +.Xr SSL_get_error 3 +with the return value to find out the reason. +.El +.Sh SEE ALSO +.Xr BIO_new 3 , +.Xr ssl 3 , +.Xr SSL_accept 3 , +.Xr SSL_connect 3 , +.Xr SSL_CTX_new 3 , +.Xr SSL_CTX_set_mode 3 , +.Xr SSL_get_error 3 , +.Xr SSL_read 3 , +.Xr SSL_set_connect_state 3 +.Sh HISTORY +.Fn SSL_write +appeared in SSLeay 0.4 or earlier and has been available since +.Ox 2.4 . diff --git a/src/lib/libssl/man/d2i_SSL_SESSION.3 b/src/lib/libssl/man/d2i_SSL_SESSION.3 new file mode 100644 index 00000000000..9c5c2285fa6 --- /dev/null +++ b/src/lib/libssl/man/d2i_SSL_SESSION.3 @@ -0,0 +1,181 @@ +.\" $OpenBSD: d2i_SSL_SESSION.3,v 1.6 2018/08/27 15:42:39 jsing Exp $ +.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100 +.\" +.\" This file was written by Lutz Jaenicke . +.\" Copyright (c) 2001, 2005, 2014 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: August 27 2018 $ +.Dt D2I_SSL_SESSION 3 +.Os +.Sh NAME +.Nm d2i_SSL_SESSION , +.Nm i2d_SSL_SESSION +.Nd convert SSL_SESSION object from/to ASN1 representation +.Sh SYNOPSIS +.In openssl/ssl.h +.Ft SSL_SESSION * +.Fn d2i_SSL_SESSION "SSL_SESSION **a" "const unsigned char **pp" "long length" +.Ft int +.Fn i2d_SSL_SESSION "SSL_SESSION *in" "unsigned char **pp" +.Sh DESCRIPTION +.Fn d2i_SSL_SESSION +transforms the external ASN1 representation of an SSL/TLS session, +stored as binary data at location +.Fa pp +with length +.Fa length , +into +an +.Vt SSL_SESSION +object. +.Pp +.Fn i2d_SSL_SESSION +transforms the +.Vt SSL_SESSION +object +.Fa in +into the ASN1 representation and stores it into the memory location pointed to +by +.Fa pp . +The length of the resulting ASN1 representation is returned. +If +.Fa pp +is the +.Dv NULL +pointer, only the length is calculated and returned. +.Sh NOTES +The +.Vt SSL_SESSION +object is built from several +.Xr malloc 3 Ns +-ed parts; it can therefore not be moved, copied or stored directly. +In order to store session data on disk or into a database, +it must be transformed into a binary ASN1 representation. +.Pp +When using +.Fn d2i_SSL_SESSION , +the +.Vt SSL_SESSION +object is automatically allocated. +The reference count is 1, so that the session must be explicitly removed using +.Xr SSL_SESSION_free 3 , +unless the +.Vt SSL_SESSION +object is completely taken over, when being called inside the +.Fn get_session_cb , +see +.Xr SSL_CTX_sess_set_get_cb 3 . +.Pp +.Vt SSL_SESSION +objects keep internal link information about the session cache list when being +inserted into one +.Vt SSL_CTX +object's session cache. +One +.Vt SSL_SESSION +object, regardless of its reference count, must therefore only be used with one +.Vt SSL_CTX +object (and the +.Vt SSL +objects created from this +.Vt SSL_CTX +object). +.Pp +When using +.Fn i2d_SSL_SESSION , +the memory location pointed to by +.Fa pp +must be large enough to hold the binary representation of the session. +There is no known limit on the size of the created ASN1 representation, +so call +.Fn i2d_SSL_SESSION +first with +.Fa pp Ns = Ns Dv NULL +to obtain the encoded size, before allocating the required amount of memory and +calling +.Fn i2d_SSL_SESSION +again. +Note that this will advance the value contained in +.Fa *pp +so it is necessary to save a copy of the original allocation. +For example: +.Bd -literal -offset indent +char *p, *pp; +int elen, len; + +elen = i2d_SSL_SESSION(sess, NULL); +p = pp = malloc(elen); +if (p != NULL) { + len = i2d_SSL_SESSION(sess, &pp); + assert(elen == len); + assert(p + len == pp); +} +.Ed +.Sh RETURN VALUES +.Fn d2i_SSL_SESSION +returns a pointer to the newly allocated +.Vt SSL_SESSION +object. +In case of failure a +.Dv NULL +pointer is returned and the error message can be retrieved from the error +stack. +.Pp +.Fn i2d_SSL_SESSION +returns the size of the ASN1 representation in bytes. +When the session is not valid, 0 is returned and no operation is performed. +.Sh SEE ALSO +.Xr d2i_X509 3 , +.Xr ssl 3 , +.Xr SSL_CTX_sess_set_get_cb 3 , +.Xr SSL_SESSION_free 3 +.Sh HISTORY +.Fn d2i_SSL_SESSION +and +.Fn i2d_SSL_SESSION +first appeared in SSLeay 0.5.2 and have been available since +.Ox 2.4 . diff --git a/src/lib/libssl/man/ssl.3 b/src/lib/libssl/man/ssl.3 new file mode 100644 index 00000000000..23f2f21b545 --- /dev/null +++ b/src/lib/libssl/man/ssl.3 @@ -0,0 +1,325 @@ +.\" $OpenBSD: ssl.3,v 1.14 2018/03/17 18:19:49 schwarze Exp $ +.\" full merge up to: OpenSSL e330f55d Nov 11 00:51:04 2016 +0100 +.\" selective merge up to: OpenSSL cbade361 Dec 12 13:14:45 2017 +0100 +.\" +.\" This file was written by Ralf S. Engelschall , +.\" Ben Laurie , and Ulf Moeller . +.\" Copyright (c) 1998-2002, 2005, 2013, 2015 The OpenSSL Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: March 17 2018 $ +.Dt SSL 3 +.Os +.Sh NAME +.Nm ssl +.Nd OpenSSL SSL/TLS library +.Sh DESCRIPTION +The OpenSSL +.Nm ssl +library implements the Transport Layer Security (TLS v1) protocols. +.Pp +At first the library must be initialized; see +.Xr SSL_library_init 3 . +.Pp +Then an +.Vt SSL_CTX +object is created as a framework to establish TLS/SSL enabled connections (see +.Xr SSL_CTX_new 3 ) . +Various options regarding certificates, algorithms, etc., can be set in this +object. +.Pp +When a network connection has been created, it can be assigned to an +.Vt SSL +object. +After the +.Vt SSL +object has been created using +.Xr SSL_new 3 , +.Xr SSL_set_fd 3 +or +.Xr SSL_set_bio 3 +can be used to associate the network connection with the object. +.Pp +Then the TLS/SSL handshake is performed using +.Xr SSL_accept 3 +or +.Xr SSL_connect 3 +respectively. +.Xr SSL_read 3 +and +.Xr SSL_write 3 +are used to read and write data on the TLS/SSL connection. +.Xr SSL_shutdown 3 +can be used to shut down the TLS/SSL connection. +.Sh DATA STRUCTURES +Currently the OpenSSL +.Nm ssl +library functions deal with the following data structures: +.Bl -tag -width Ds +.It Vt SSL_METHOD No (SSL Method) +That's a dispatch structure describing the internal +.Nm ssl +library methods/functions which implement the various protocol versions. +It's needed to create an +.Vt SSL_CTX . +See +.Xr TLS_method 3 +for constructors. +.It Vt SSL_CIPHER No (SSL Cipher) +This structure holds the algorithm information for a particular cipher which +is a core part of the SSL/TLS protocol. +The available ciphers are configured on an +.Vt SSL_CTX +basis and the actually used ones are then part of the +.Vt SSL_SESSION . +.It Vt SSL_CTX No (SSL Context) +That's the global context structure which is created by a server or client +once per program lifetime and which holds mainly default values for the +.Vt SSL +structures which are later created for the connections. +.It Vt SSL_SESSION No (SSL Session) +This is a structure containing the current TLS/SSL session details for a +connection: +.Vt SSL_CIPHER Ns s , +client and server certificates, keys, etc. +.It Vt SSL No (SSL Connection) +That's the main SSL/TLS structure which is created by a server or client per +established connection. +This actually is the core structure in the SSL API. +At run-time the application usually deals with this structure which has +links to mostly all other structures. +.El +.Sh HEADER FILES +Currently the OpenSSL +.Nm ssl +library provides the following C header files containing the prototypes for the +data structures and functions: +.Bl -tag -width Ds +.It Pa ssl.h +That's the common header file for the SSL/TLS API. +Include it into your program to make the API of the +.Nm ssl +library available. +It internally includes both more private SSL headers and headers from the +.Em crypto +library. +Whenever you need hardcore details on the internals of the SSL API, look inside +this header file. +.It Pa ssl2.h +That's the sub header file dealing with the SSLv2 protocol only. +.Bf Em + Usually you don't have to include it explicitly because it's already included +by +.Pa ssl.h . +.Ef +.It Pa ssl3.h +That's the sub header file dealing with the SSLv3 protocol only. +.Bf Em +Usually you don't have to include it explicitly because it's already included +by +.Pa ssl.h . +.Ef +.It Pa ssl23.h +That's the sub header file dealing with the combined use of the SSLv2 and SSLv3 +protocols. +.Bf Em +Usually you don't have to include it explicitly because it's already included +by +.Pa ssl.h . +.Ef +.It Pa tls1.h +That's the sub header file dealing with the TLSv1 protocol only. +.Bf Em +Usually you don't have to include it explicitly because it's already included +by +.Pa ssl.h . +.Ef +.El +.Sh API FUNCTIONS +.Ss Ciphers +The following pages describe functions acting on +.Vt SSL_CIPHER +objects: +.Xr SSL_get_ciphers 3 , +.Xr SSL_get_current_cipher 3 , +.Xr SSL_CIPHER_get_name 3 +.Ss Protocol contexts +The following pages describe functions acting on +.Vt SSL_CTX +objects. +Many of these pages also document variants providing similar +functionality for individual connection objects. +.Pp +Constructors and destructors: +.Xr SSL_CTX_new 3 , +.Xr SSL_CTX_set_ssl_version 3 , +.Xr SSL_CTX_free 3 +.Pp +Configuration functions: +.Xr SSL_CTX_ctrl 3 , +.Xr SSL_CTX_flush_sessions 3 , +.Xr SSL_CTX_get_verify_mode 3 , +.Xr SSL_CTX_load_verify_locations 3 , +.Xr SSL_CTX_sess_set_get_cb 3 , +.Xr SSL_CTX_set_alpn_select_cb 3 , +.Xr SSL_CTX_set_cert_store 3 , +.Xr SSL_CTX_set_cert_verify_callback 3 , +.Xr SSL_CTX_set_cipher_list 3 , +.Xr SSL_CTX_set_client_CA_list 3 , +.Xr SSL_CTX_set_client_cert_cb 3 , +.Xr SSL_CTX_set_default_passwd_cb 3 , +.Xr SSL_CTX_set_generate_session_id 3 , +.Xr SSL_CTX_set_info_callback 3 , +.Xr SSL_CTX_set_min_proto_version 3 , +.Xr SSL_CTX_set_msg_callback 3 , +.Xr SSL_CTX_set_options 3 , +.Xr SSL_CTX_set_quiet_shutdown 3 , +.Xr SSL_CTX_set_read_ahead 3 , +.Xr SSL_CTX_set_session_id_context 3 , +.Xr SSL_CTX_set_timeout 3 , +.Xr SSL_CTX_set_tmp_dh_callback 3 , +.Xr SSL_CTX_set_tmp_rsa_callback 3 , +.Xr SSL_CTX_set_verify 3 , +.Xr SSL_CTX_set1_groups 3 , +.Xr SSL_CTX_use_certificate 3 , +.Xr SSL_set_tmp_ecdh 3 , +.Xr SSL_set1_param 3 +.Pp +Accessors: +.Xr SSL_CTX_get_ex_new_index 3 , +.Xr SSL_CTX_sessions 3 , +.Xr SSL_get_client_CA_list 3 +.Ss Sessions +The following pages describe functions acting on +.Vt SSL_SESSION +objects. +.Pp +Constructors and destructors: +.Xr SSL_SESSION_new 3 , +.Xr SSL_SESSION_free 3 +.Pp +Accessors: +.Xr SSL_SESSION_get_compress_id 3 , +.Xr SSL_SESSION_get_ex_new_index 3 , +.Xr SSL_SESSION_get_id 3 , +.Xr SSL_SESSION_get_protocol_version 3 , +.Xr SSL_SESSION_get_time 3 , +.Xr SSL_SESSION_get0_peer 3 , +.Xr SSL_SESSION_has_ticket 3 , +.Xr SSL_SESSION_set1_id_context 3 +.Pp +Encoding and decoding: +.Xr d2i_SSL_SESSION 3 , +.Xr PEM_read_SSL_SESSION 3 , +.Xr SSL_SESSION_print 3 +.Pp +Use by other objects: +.Xr SSL_CTX_add_session 3 , +.Xr SSL_set_session 3 , +.Xr SSL_get_session 3 +.Ss Connections +The following pages describe functions acting on +.Vt SSL +connection objects: +.Pp +Constructors and destructors: +.Xr SSL_new 3 , +.Xr SSL_set_connect_state 3 , +.Xr SSL_dup 3 , +.Xr SSL_set_bio 3 , +.Xr SSL_set_fd 3 , +.Xr BIO_f_ssl 3 , +.Xr SSL_clear 3 , +.Xr SSL_free 3 +.Pp +I/O: +.Xr DTLSv1_listen 3 , +.Xr SSL_accept 3 , +.Xr SSL_connect 3 , +.Xr SSL_do_handshake 3 , +.Xr SSL_read 3 , +.Xr SSL_renegotiate 3 , +.Xr SSL_shutdown 3 , +.Xr SSL_write 3 +.Pp +Accessors: +.Xr SSL_copy_session_id 3 , +.Xr SSL_export_keying_material 3 , +.Xr SSL_get_SSL_CTX 3 , +.Xr SSL_get_certificate 3 , +.Xr SSL_get_client_random 3 , +.Xr SSL_get_default_timeout 3 , +.Xr SSL_get_error 3 , +.Xr SSL_get_ex_data_X509_STORE_CTX_idx 3 , +.Xr SSL_get_ex_new_index 3 , +.Xr SSL_get_fd 3 , +.Xr SSL_get_peer_cert_chain 3 , +.Xr SSL_get_peer_certificate 3 , +.Xr SSL_get_rbio 3 , +.Xr SSL_get_shared_ciphers 3 , +.Xr SSL_get_state 3 , +.Xr SSL_get_verify_result 3 , +.Xr SSL_get_version 3 , +.Xr SSL_pending 3 , +.Xr SSL_rstate_string 3 , +.Xr SSL_set_shutdown 3 , +.Xr SSL_set_verify_result 3 , +.Xr SSL_state_string 3 , +.Xr SSL_want 3 +.Pp +Utility functions: +.Xr SSL_alert_type_string 3 , +.Xr SSL_dup_CA_list 3 , +.Xr SSL_load_client_CA_file 3 +.Sh SEE ALSO +.Xr openssl 1 , +.Xr crypto 3 , +.Xr SSL_load_error_strings 3 +.Sh HISTORY +The +.Nm +document appeared in OpenSSL 0.9.2. diff --git a/src/lib/libssl/openssl.cnf b/src/lib/libssl/openssl.cnf deleted file mode 100644 index bb97b155b8d..00000000000 --- a/src/lib/libssl/openssl.cnf +++ /dev/null @@ -1,65 +0,0 @@ -# -# OpenSSL example configuration file. -# This is mostly being used for generation of certificate requests. -# - -RANDFILE = /dev/arandom - -#################################################################### -[ req ] -default_bits = 1024 -default_keyfile = privkey.pem -distinguished_name = req_distinguished_name -attributes = req_attributes - -[ req_distinguished_name ] -countryName = Country Name (2 letter code) -#countryName_default = AU -countryName_min = 2 -countryName_max = 2 - -stateOrProvinceName = State or Province Name (full name) -#stateOrProvinceName_default = Some-State - -localityName = Locality Name (eg, city) - -0.organizationName = Organization Name (eg, company) -#0.organizationName_default = Internet Widgits Pty Ltd - -# we can do this but it is not needed normally :-) -#1.organizationName = Second Organization Name (eg, company) -#1.organizationName_default = CryptSoft Pty Ltd - -organizationalUnitName = Organizational Unit Name (eg, section) -#organizationalUnitName_default = - -commonName = Common Name (eg, fully qualified host name) -commonName_max = 64 - -emailAddress = Email Address -emailAddress_max = 64 - -[ req_attributes ] -challengePassword = A challenge password -challengePassword_min = 4 -challengePassword_max = 20 - -unstructuredName = An optional company name - -[ x509v3_extensions ] - -nsCaRevocationUrl = http://www.cryptsoft.com/ca-crl.pem -nsComment = "This is a comment" - -# under ASN.1, the 0 bit would be encoded as 80 -nsCertType = 0x40 - -#nsBaseUrl -#nsRevocationUrl -#nsRenewalUrl -#nsCaPolicyUrl -#nsSslServerName -#nsCertSequence -#nsCertExt -#nsDataType - diff --git a/src/lib/libssl/pqueue.c b/src/lib/libssl/pqueue.c new file mode 100644 index 00000000000..602969deb0d --- /dev/null +++ b/src/lib/libssl/pqueue.c @@ -0,0 +1,201 @@ +/* $OpenBSD: pqueue.c,v 1.5 2014/06/12 15:49:31 deraadt Exp $ */ +/* + * DTLS implementation written by Nagendra Modadugu + * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. + */ +/* ==================================================================== + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include + +#include "pqueue.h" + +typedef struct _pqueue { + pitem *items; + int count; +} pqueue_s; + +pitem * +pitem_new(unsigned char *prio64be, void *data) +{ + pitem *item = malloc(sizeof(pitem)); + + if (item == NULL) + return NULL; + + memcpy(item->priority, prio64be, sizeof(item->priority)); + + item->data = data; + item->next = NULL; + + return item; +} + +void +pitem_free(pitem *item) +{ + free(item); +} + +pqueue_s * +pqueue_new(void) +{ + return calloc(1, sizeof(pqueue_s)); +} + +void +pqueue_free(pqueue_s *pq) +{ + free(pq); +} + +pitem * +pqueue_insert(pqueue_s *pq, pitem *item) +{ + pitem *curr, *next; + + if (pq->items == NULL) { + pq->items = item; + return item; + } + + for (curr = NULL, next = pq->items; next != NULL; + curr = next, next = next->next) { + /* we can compare 64-bit value in big-endian encoding + * with memcmp:-) */ + int cmp = memcmp(next->priority, item->priority, + sizeof(item->priority)); + if (cmp > 0) { /* next > item */ + item->next = next; + + if (curr == NULL) + pq->items = item; + else + curr->next = item; + + return item; + } else if (cmp == 0) /* duplicates not allowed */ + return NULL; + } + + item->next = NULL; + curr->next = item; + + return item; +} + +pitem * +pqueue_peek(pqueue_s *pq) +{ + return pq->items; +} + +pitem * +pqueue_pop(pqueue_s *pq) +{ + pitem *item = pq->items; + + if (pq->items != NULL) + pq->items = pq->items->next; + + return item; +} + +pitem * +pqueue_find(pqueue_s *pq, unsigned char *prio64be) +{ + pitem *next; + + for (next = pq->items; next != NULL; next = next->next) + if (memcmp(next->priority, prio64be, + sizeof(next->priority)) == 0) + return next; + + return NULL; +} + +pitem * +pqueue_iterator(pqueue_s *pq) +{ + return pqueue_peek(pq); +} + +pitem * +pqueue_next(pitem **item) +{ + pitem *ret; + + if (item == NULL || *item == NULL) + return NULL; + + /* *item != NULL */ + ret = *item; + *item = (*item)->next; + + return ret; +} + +int +pqueue_size(pqueue_s *pq) +{ + pitem *item = pq->items; + int count = 0; + + while (item != NULL) { + count++; + item = item->next; + } + return count; +} diff --git a/src/lib/libssl/pqueue.h b/src/lib/libssl/pqueue.h new file mode 100644 index 00000000000..cdda4a39614 --- /dev/null +++ b/src/lib/libssl/pqueue.h @@ -0,0 +1,93 @@ +/* $OpenBSD: pqueue.h,v 1.4 2016/11/04 18:28:58 guenther Exp $ */ + +/* + * DTLS implementation written by Nagendra Modadugu + * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. + */ +/* ==================================================================== + * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_PQUEUE_H +#define HEADER_PQUEUE_H + +__BEGIN_HIDDEN_DECLS + +typedef struct _pqueue *pqueue; + +typedef struct _pitem { + unsigned char priority[8]; /* 64-bit value in big-endian encoding */ + void *data; + struct _pitem *next; +} pitem; + +typedef struct _pitem *piterator; + +pitem *pitem_new(unsigned char *prio64be, void *data); +void pitem_free(pitem *item); + +pqueue pqueue_new(void); +void pqueue_free(pqueue pq); + +pitem *pqueue_insert(pqueue pq, pitem *item); +pitem *pqueue_peek(pqueue pq); +pitem *pqueue_pop(pqueue pq); +pitem *pqueue_find(pqueue pq, unsigned char *prio64be); +pitem *pqueue_iterator(pqueue pq); +pitem *pqueue_next(piterator *iter); + +int pqueue_size(pqueue pq); + +__END_HIDDEN_DECLS + +#endif /* ! HEADER_PQUEUE_H */ diff --git a/src/lib/libssl/s23_clnt.c b/src/lib/libssl/s23_clnt.c deleted file mode 100644 index b2be8340fb3..00000000000 --- a/src/lib/libssl/s23_clnt.c +++ /dev/null @@ -1,480 +0,0 @@ -/* ssl/s23_clnt.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include -#include -#include -#include "ssl_locl.h" - -static SSL_METHOD *ssl23_get_client_method(int ver); -static int ssl23_client_hello(SSL *s); -static int ssl23_get_server_hello(SSL *s); -static SSL_METHOD *ssl23_get_client_method(int ver) - { -#ifndef OPENSSL_NO_SSL2 - if (ver == SSL2_VERSION) - return(SSLv2_client_method()); -#endif - if (ver == SSL3_VERSION) - return(SSLv3_client_method()); - else if (ver == TLS1_VERSION) - return(TLSv1_client_method()); - else - return(NULL); - } - -SSL_METHOD *SSLv23_client_method(void) - { - static int init=1; - static SSL_METHOD SSLv23_client_data; - - if (init) - { - memcpy((char *)&SSLv23_client_data, - (char *)sslv23_base_method(),sizeof(SSL_METHOD)); - SSLv23_client_data.ssl_connect=ssl23_connect; - SSLv23_client_data.get_ssl_method=ssl23_get_client_method; - init=0; - } - return(&SSLv23_client_data); - } - -int ssl23_connect(SSL *s) - { - BUF_MEM *buf; - unsigned long Time=time(NULL); - void (*cb)(const SSL *ssl,int type,int val)=NULL; - int ret= -1; - int new_state,state; - - RAND_add(&Time,sizeof(Time),0); - ERR_clear_error(); - clear_sys_error(); - - if (s->info_callback != NULL) - cb=s->info_callback; - else if (s->ctx->info_callback != NULL) - cb=s->ctx->info_callback; - - s->in_handshake++; - if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); - - for (;;) - { - state=s->state; - - switch(s->state) - { - case SSL_ST_BEFORE: - case SSL_ST_CONNECT: - case SSL_ST_BEFORE|SSL_ST_CONNECT: - case SSL_ST_OK|SSL_ST_CONNECT: - - if (s->session != NULL) - { - SSLerr(SSL_F_SSL23_CONNECT,SSL_R_SSL23_DOING_SESSION_ID_REUSE); - ret= -1; - goto end; - } - s->server=0; - if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); - - /* s->version=TLS1_VERSION; */ - s->type=SSL_ST_CONNECT; - - if (s->init_buf == NULL) - { - if ((buf=BUF_MEM_new()) == NULL) - { - ret= -1; - goto end; - } - if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH)) - { - ret= -1; - goto end; - } - s->init_buf=buf; - } - - if (!ssl3_setup_buffers(s)) { ret= -1; goto end; } - - ssl3_init_finished_mac(s); - - s->state=SSL23_ST_CW_CLNT_HELLO_A; - s->ctx->stats.sess_connect++; - s->init_num=0; - break; - - case SSL23_ST_CW_CLNT_HELLO_A: - case SSL23_ST_CW_CLNT_HELLO_B: - - s->shutdown=0; - ret=ssl23_client_hello(s); - if (ret <= 0) goto end; - s->state=SSL23_ST_CR_SRVR_HELLO_A; - s->init_num=0; - - break; - - case SSL23_ST_CR_SRVR_HELLO_A: - case SSL23_ST_CR_SRVR_HELLO_B: - ret=ssl23_get_server_hello(s); - if (ret >= 0) cb=NULL; - goto end; - /* break; */ - - default: - SSLerr(SSL_F_SSL23_CONNECT,SSL_R_UNKNOWN_STATE); - ret= -1; - goto end; - /* break; */ - } - - if (s->debug) { (void)BIO_flush(s->wbio); } - - if ((cb != NULL) && (s->state != state)) - { - new_state=s->state; - s->state=state; - cb(s,SSL_CB_CONNECT_LOOP,1); - s->state=new_state; - } - } -end: - s->in_handshake--; - if (cb != NULL) - cb(s,SSL_CB_CONNECT_EXIT,ret); - return(ret); - } - - -static int ssl23_client_hello(SSL *s) - { - unsigned char *buf; - unsigned char *p,*d; - int i,ch_len; - int ret; - - buf=(unsigned char *)s->init_buf->data; - if (s->state == SSL23_ST_CW_CLNT_HELLO_A) - { -#if 0 - /* don't reuse session-id's */ - if (!ssl_get_new_session(s,0)) - { - return(-1); - } -#endif - - p=s->s3->client_random; - RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE); - - /* Do the message type and length last */ - d= &(buf[2]); - p=d+9; - - *(d++)=SSL2_MT_CLIENT_HELLO; - if (!(s->options & SSL_OP_NO_TLSv1)) - { - *(d++)=TLS1_VERSION_MAJOR; - *(d++)=TLS1_VERSION_MINOR; - s->client_version=TLS1_VERSION; - } - else if (!(s->options & SSL_OP_NO_SSLv3)) - { - *(d++)=SSL3_VERSION_MAJOR; - *(d++)=SSL3_VERSION_MINOR; - s->client_version=SSL3_VERSION; - } - else if (!(s->options & SSL_OP_NO_SSLv2)) - { - *(d++)=SSL2_VERSION_MAJOR; - *(d++)=SSL2_VERSION_MINOR; - s->client_version=SSL2_VERSION; - } - else - { - SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_PROTOCOLS_AVAILABLE); - return(-1); - } - - /* Ciphers supported */ - i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),p); - if (i == 0) - { - /* no ciphers */ - SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE); - return(-1); - } - s2n(i,d); - p+=i; - - /* put in the session-id, zero since there is no - * reuse. */ -#if 0 - s->session->session_id_length=0; -#endif - s2n(0,d); - - if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG) - ch_len=SSL2_CHALLENGE_LENGTH; - else - ch_len=SSL2_MAX_CHALLENGE_LENGTH; - - /* write out sslv2 challenge */ - if (SSL3_RANDOM_SIZE < ch_len) - i=SSL3_RANDOM_SIZE; - else - i=ch_len; - s2n(i,d); - memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE); - RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i); - memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i); - p+=i; - - i= p- &(buf[2]); - buf[0]=((i>>8)&0xff)|0x80; - buf[1]=(i&0xff); - - s->state=SSL23_ST_CW_CLNT_HELLO_B; - /* number of bytes to write */ - s->init_num=i+2; - s->init_off=0; - - ssl3_finish_mac(s,&(buf[2]),i); - } - - /* SSL3_ST_CW_CLNT_HELLO_B */ - ret = ssl23_write_bytes(s); - if (ret >= 2) - if (s->msg_callback) - s->msg_callback(1, SSL2_VERSION, 0, s->init_buf->data+2, ret-2, s, s->msg_callback_arg); /* CLIENT-HELLO */ - return ret; - } - -static int ssl23_get_server_hello(SSL *s) - { - char buf[8]; - unsigned char *p; - int i; - int n; - - n=ssl23_read_bytes(s,7); - - if (n != 7) return(n); - p=s->packet; - - memcpy(buf,p,n); - - if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) && - (p[5] == 0x00) && (p[6] == 0x02)) - { -#ifdef OPENSSL_NO_SSL2 - SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); - goto err; -#else - /* we are talking sslv2 */ - /* we need to clean up the SSLv3 setup and put in the - * sslv2 stuff. */ - int ch_len; - - if (s->options & SSL_OP_NO_SSLv2) - { - SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); - goto err; - } - if (s->s2 == NULL) - { - if (!ssl2_new(s)) - goto err; - } - else - ssl2_clear(s); - - if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG) - ch_len=SSL2_CHALLENGE_LENGTH; - else - ch_len=SSL2_MAX_CHALLENGE_LENGTH; - - /* write out sslv2 challenge */ - i=(SSL3_RANDOM_SIZE < ch_len) - ?SSL3_RANDOM_SIZE:ch_len; - s->s2->challenge_length=i; - memcpy(s->s2->challenge, - &(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i); - - if (s->s3 != NULL) ssl3_free(s); - - if (!BUF_MEM_grow(s->init_buf, - SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) - { - SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,ERR_R_BUF_LIB); - goto err; - } - - s->state=SSL2_ST_GET_SERVER_HELLO_A; - if (!(s->client_version == SSL2_VERSION)) - /* use special padding (SSL 3.0 draft/RFC 2246, App. E.2) */ - s->s2->ssl2_rollback=1; - - /* setup the 5 bytes we have read so we get them from - * the sslv2 buffer */ - s->rstate=SSL_ST_READ_HEADER; - s->packet_length=n; - s->packet= &(s->s2->rbuf[0]); - memcpy(s->packet,buf,n); - s->s2->rbuf_left=n; - s->s2->rbuf_offs=0; - - /* we have already written one */ - s->s2->write_sequence=1; - - s->method=SSLv2_client_method(); - s->handshake_func=s->method->ssl_connect; -#endif - } - else if ((p[0] == SSL3_RT_HANDSHAKE) && - (p[1] == SSL3_VERSION_MAJOR) && - ((p[2] == SSL3_VERSION_MINOR) || - (p[2] == TLS1_VERSION_MINOR)) && - (p[5] == SSL3_MT_SERVER_HELLO)) - { - /* we have sslv3 or tls1 */ - - if (!ssl_init_wbio_buffer(s,1)) goto err; - - /* we are in this state */ - s->state=SSL3_ST_CR_SRVR_HELLO_A; - - /* put the 5 bytes we have read into the input buffer - * for SSLv3 */ - s->rstate=SSL_ST_READ_HEADER; - s->packet_length=n; - s->packet= &(s->s3->rbuf.buf[0]); - memcpy(s->packet,buf,n); - s->s3->rbuf.left=n; - s->s3->rbuf.offset=0; - - if ((p[2] == SSL3_VERSION_MINOR) && - !(s->options & SSL_OP_NO_SSLv3)) - { - s->version=SSL3_VERSION; - s->method=SSLv3_client_method(); - } - else if ((p[2] == TLS1_VERSION_MINOR) && - !(s->options & SSL_OP_NO_TLSv1)) - { - s->version=TLS1_VERSION; - s->method=TLSv1_client_method(); - } - else - { - SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); - goto err; - } - - s->handshake_func=s->method->ssl_connect; - } - else if ((p[0] == SSL3_RT_ALERT) && - (p[1] == SSL3_VERSION_MAJOR) && - ((p[2] == SSL3_VERSION_MINOR) || - (p[2] == TLS1_VERSION_MINOR)) && - (p[3] == 0) && - (p[4] == 2)) - { - void (*cb)(const SSL *ssl,int type,int val)=NULL; - int j; - - /* An alert */ - if (s->info_callback != NULL) - cb=s->info_callback; - else if (s->ctx->info_callback != NULL) - cb=s->ctx->info_callback; - - i=p[5]; - if (cb != NULL) - { - j=(i<<8)|p[6]; - cb(s,SSL_CB_READ_ALERT,j); - } - - s->rwstate=SSL_NOTHING; - SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_AD_REASON_OFFSET+p[6]); - goto err; - } - else - { - SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNKNOWN_PROTOCOL); - goto err; - } - s->init_num=0; - - /* Since, if we are sending a ssl23 client hello, we are not - * reusing a session-id */ - if (!ssl_get_new_session(s,0)) - goto err; - - s->first_packet=1; - return(SSL_connect(s)); -err: - return(-1); - } - diff --git a/src/lib/libssl/s23_lib.c b/src/lib/libssl/s23_lib.c deleted file mode 100644 index b70002a6476..00000000000 --- a/src/lib/libssl/s23_lib.c +++ /dev/null @@ -1,236 +0,0 @@ -/* ssl/s23_lib.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include "ssl_locl.h" - -static int ssl23_num_ciphers(void ); -static SSL_CIPHER *ssl23_get_cipher(unsigned int u); -static int ssl23_read(SSL *s, void *buf, int len); -static int ssl23_peek(SSL *s, void *buf, int len); -static int ssl23_write(SSL *s, const void *buf, int len); -static long ssl23_default_timeout(void ); -static int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p); -static SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p); -const char *SSL23_version_str="SSLv2/3 compatibility" OPENSSL_VERSION_PTEXT; - -static SSL_METHOD SSLv23_data= { - TLS1_VERSION, - tls1_new, - tls1_clear, - tls1_free, - ssl_undefined_function, - ssl_undefined_function, - ssl23_read, - ssl23_peek, - ssl23_write, - ssl_undefined_function, - ssl_undefined_function, - ssl_ok, - ssl3_ctrl, - ssl3_ctx_ctrl, - ssl23_get_cipher_by_char, - ssl23_put_cipher_by_char, - ssl_undefined_function, - ssl23_num_ciphers, - ssl23_get_cipher, - ssl_bad_method, - ssl23_default_timeout, - &ssl3_undef_enc_method, - ssl_undefined_function, - ssl3_callback_ctrl, - ssl3_ctx_callback_ctrl, - }; - -static long ssl23_default_timeout(void) - { - return(300); - } - -SSL_METHOD *sslv23_base_method(void) - { - return(&SSLv23_data); - } - -static int ssl23_num_ciphers(void) - { - return(ssl3_num_ciphers() -#ifndef OPENSSL_NO_SSL2 - + ssl2_num_ciphers() -#endif - ); - } - -static SSL_CIPHER *ssl23_get_cipher(unsigned int u) - { - unsigned int uu=ssl3_num_ciphers(); - - if (u < uu) - return(ssl3_get_cipher(u)); - else -#ifndef OPENSSL_NO_SSL2 - return(ssl2_get_cipher(u-uu)); -#else - return(NULL); -#endif - } - -/* This function needs to check if the ciphers required are actually - * available */ -static SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p) - { - SSL_CIPHER c,*cp; - unsigned long id; - int n; - - n=ssl3_num_ciphers(); - id=0x03000000|((unsigned long)p[0]<<16L)| - ((unsigned long)p[1]<<8L)|(unsigned long)p[2]; - c.id=id; - cp=ssl3_get_cipher_by_char(p); -#ifndef OPENSSL_NO_SSL2 - if (cp == NULL) - cp=ssl2_get_cipher_by_char(p); -#endif - return(cp); - } - -static int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) - { - long l; - - /* We can write SSLv2 and SSLv3 ciphers */ - if (p != NULL) - { - l=c->id; - p[0]=((unsigned char)(l>>16L))&0xFF; - p[1]=((unsigned char)(l>> 8L))&0xFF; - p[2]=((unsigned char)(l ))&0xFF; - } - return(3); - } - -static int ssl23_read(SSL *s, void *buf, int len) - { - int n; - - clear_sys_error(); - if (SSL_in_init(s) && (!s->in_handshake)) - { - n=s->handshake_func(s); - if (n < 0) return(n); - if (n == 0) - { - SSLerr(SSL_F_SSL23_READ,SSL_R_SSL_HANDSHAKE_FAILURE); - return(-1); - } - return(SSL_read(s,buf,len)); - } - else - { - ssl_undefined_function(s); - return(-1); - } - } - -static int ssl23_peek(SSL *s, void *buf, int len) - { - int n; - - clear_sys_error(); - if (SSL_in_init(s) && (!s->in_handshake)) - { - n=s->handshake_func(s); - if (n < 0) return(n); - if (n == 0) - { - SSLerr(SSL_F_SSL23_PEEK,SSL_R_SSL_HANDSHAKE_FAILURE); - return(-1); - } - return(SSL_peek(s,buf,len)); - } - else - { - ssl_undefined_function(s); - return(-1); - } - } - -static int ssl23_write(SSL *s, const void *buf, int len) - { - int n; - - clear_sys_error(); - if (SSL_in_init(s) && (!s->in_handshake)) - { - n=s->handshake_func(s); - if (n < 0) return(n); - if (n == 0) - { - SSLerr(SSL_F_SSL23_WRITE,SSL_R_SSL_HANDSHAKE_FAILURE); - return(-1); - } - return(SSL_write(s,buf,len)); - } - else - { - ssl_undefined_function(s); - return(-1); - } - } diff --git a/src/lib/libssl/s23_pkt.c b/src/lib/libssl/s23_pkt.c deleted file mode 100644 index f45e1ce3d80..00000000000 --- a/src/lib/libssl/s23_pkt.c +++ /dev/null @@ -1,117 +0,0 @@ -/* ssl/s23_pkt.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#define USE_SOCKETS -#include -#include -#include "ssl_locl.h" - -int ssl23_write_bytes(SSL *s) - { - int i,num,tot; - char *buf; - - buf=s->init_buf->data; - tot=s->init_off; - num=s->init_num; - for (;;) - { - s->rwstate=SSL_WRITING; - i=BIO_write(s->wbio,&(buf[tot]),num); - if (i <= 0) - { - s->init_off=tot; - s->init_num=num; - return(i); - } - s->rwstate=SSL_NOTHING; - if (i == num) return(tot+i); - - num-=i; - tot+=i; - } - } - -/* return regularly only when we have read (at least) 'n' bytes */ -int ssl23_read_bytes(SSL *s, int n) - { - unsigned char *p; - int j; - - if (s->packet_length < (unsigned int)n) - { - p=s->packet; - - for (;;) - { - s->rwstate=SSL_READING; - j=BIO_read(s->rbio,(char *)&(p[s->packet_length]), - n-s->packet_length); - if (j <= 0) - return(j); - s->rwstate=SSL_NOTHING; - s->packet_length+=j; - if (s->packet_length >= (unsigned int)n) - return(s->packet_length); - } - } - return(n); - } - diff --git a/src/lib/libssl/s23_srvr.c b/src/lib/libssl/s23_srvr.c deleted file mode 100644 index 9e89cc7f9a2..00000000000 --- a/src/lib/libssl/s23_srvr.c +++ /dev/null @@ -1,589 +0,0 @@ -/* ssl/s23_srvr.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include -#include -#include -#include -#include "ssl_locl.h" - -static SSL_METHOD *ssl23_get_server_method(int ver); -int ssl23_get_client_hello(SSL *s); -static SSL_METHOD *ssl23_get_server_method(int ver) - { -#ifndef OPENSSL_NO_SSL2 - if (ver == SSL2_VERSION) - return(SSLv2_server_method()); -#endif - if (ver == SSL3_VERSION) - return(SSLv3_server_method()); - else if (ver == TLS1_VERSION) - return(TLSv1_server_method()); - else - return(NULL); - } - -SSL_METHOD *SSLv23_server_method(void) - { - static int init=1; - static SSL_METHOD SSLv23_server_data; - - if (init) - { - memcpy((char *)&SSLv23_server_data, - (char *)sslv23_base_method(),sizeof(SSL_METHOD)); - SSLv23_server_data.ssl_accept=ssl23_accept; - SSLv23_server_data.get_ssl_method=ssl23_get_server_method; - init=0; - } - return(&SSLv23_server_data); - } - -int ssl23_accept(SSL *s) - { - BUF_MEM *buf; - unsigned long Time=time(NULL); - void (*cb)(const SSL *ssl,int type,int val)=NULL; - int ret= -1; - int new_state,state; - - RAND_add(&Time,sizeof(Time),0); - ERR_clear_error(); - clear_sys_error(); - - if (s->info_callback != NULL) - cb=s->info_callback; - else if (s->ctx->info_callback != NULL) - cb=s->ctx->info_callback; - - s->in_handshake++; - if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); - - for (;;) - { - state=s->state; - - switch(s->state) - { - case SSL_ST_BEFORE: - case SSL_ST_ACCEPT: - case SSL_ST_BEFORE|SSL_ST_ACCEPT: - case SSL_ST_OK|SSL_ST_ACCEPT: - - s->server=1; - if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); - - /* s->version=SSL3_VERSION; */ - s->type=SSL_ST_ACCEPT; - - if (s->init_buf == NULL) - { - if ((buf=BUF_MEM_new()) == NULL) - { - ret= -1; - goto end; - } - if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH)) - { - ret= -1; - goto end; - } - s->init_buf=buf; - } - - ssl3_init_finished_mac(s); - - s->state=SSL23_ST_SR_CLNT_HELLO_A; - s->ctx->stats.sess_accept++; - s->init_num=0; - break; - - case SSL23_ST_SR_CLNT_HELLO_A: - case SSL23_ST_SR_CLNT_HELLO_B: - - s->shutdown=0; - ret=ssl23_get_client_hello(s); - if (ret >= 0) cb=NULL; - goto end; - /* break; */ - - default: - SSLerr(SSL_F_SSL23_ACCEPT,SSL_R_UNKNOWN_STATE); - ret= -1; - goto end; - /* break; */ - } - - if ((cb != NULL) && (s->state != state)) - { - new_state=s->state; - s->state=state; - cb(s,SSL_CB_ACCEPT_LOOP,1); - s->state=new_state; - } - } -end: - s->in_handshake--; - if (cb != NULL) - cb(s,SSL_CB_ACCEPT_EXIT,ret); - return(ret); - } - - -int ssl23_get_client_hello(SSL *s) - { - char buf_space[11]; /* Request this many bytes in initial read. - * We can detect SSL 3.0/TLS 1.0 Client Hellos - * ('type == 3') correctly only when the following - * is in a single record, which is not guaranteed by - * the protocol specification: - * Byte Content - * 0 type \ - * 1/2 version > record header - * 3/4 length / - * 5 msg_type \ - * 6-8 length > Client Hello message - * 9/10 client_version / - */ - char *buf= &(buf_space[0]); - unsigned char *p,*d,*d_len,*dd; - unsigned int i; - unsigned int csl,sil,cl; - int n=0,j; - int type=0; - int v[2]; -#ifndef OPENSSL_NO_RSA - int use_sslv2_strong=0; -#endif - - if (s->state == SSL23_ST_SR_CLNT_HELLO_A) - { - /* read the initial header */ - v[0]=v[1]=0; - - if (!ssl3_setup_buffers(s)) goto err; - - n=ssl23_read_bytes(s, sizeof buf_space); - if (n != sizeof buf_space) return(n); /* n == -1 || n == 0 */ - - p=s->packet; - - memcpy(buf,p,n); - - if ((p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO)) - { - /* - * SSLv2 header - */ - if ((p[3] == 0x00) && (p[4] == 0x02)) - { - v[0]=p[3]; v[1]=p[4]; - /* SSLv2 */ - if (!(s->options & SSL_OP_NO_SSLv2)) - type=1; - } - else if (p[3] == SSL3_VERSION_MAJOR) - { - v[0]=p[3]; v[1]=p[4]; - /* SSLv3/TLSv1 */ - if (p[4] >= TLS1_VERSION_MINOR) - { - if (!(s->options & SSL_OP_NO_TLSv1)) - { - s->version=TLS1_VERSION; - /* type=2; */ /* done later to survive restarts */ - s->state=SSL23_ST_SR_CLNT_HELLO_B; - } - else if (!(s->options & SSL_OP_NO_SSLv3)) - { - s->version=SSL3_VERSION; - /* type=2; */ - s->state=SSL23_ST_SR_CLNT_HELLO_B; - } - else if (!(s->options & SSL_OP_NO_SSLv2)) - { - type=1; - } - } - else if (!(s->options & SSL_OP_NO_SSLv3)) - { - s->version=SSL3_VERSION; - /* type=2; */ - s->state=SSL23_ST_SR_CLNT_HELLO_B; - } - else if (!(s->options & SSL_OP_NO_SSLv2)) - type=1; - - } - } - else if ((p[0] == SSL3_RT_HANDSHAKE) && - (p[1] == SSL3_VERSION_MAJOR) && - (p[5] == SSL3_MT_CLIENT_HELLO) && - ((p[3] == 0 && p[4] < 5 /* silly record length? */) - || (p[9] == p[1]))) - { - /* - * SSLv3 or tls1 header - */ - - v[0]=p[1]; /* major version (= SSL3_VERSION_MAJOR) */ - /* We must look at client_version inside the Client Hello message - * to get the correct minor version. - * However if we have only a pathologically small fragment of the - * Client Hello message, this would be difficult, and we'd have - * to read more records to find out. - * No known SSL 3.0 client fragments ClientHello like this, - * so we simply assume TLS 1.0 to avoid protocol version downgrade - * attacks. */ - if (p[3] == 0 && p[4] < 6) - { -#if 0 - SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL); - goto err; -#else - v[1] = TLS1_VERSION_MINOR; -#endif - } - else - v[1]=p[10]; /* minor version according to client_version */ - if (v[1] >= TLS1_VERSION_MINOR) - { - if (!(s->options & SSL_OP_NO_TLSv1)) - { - s->version=TLS1_VERSION; - type=3; - } - else if (!(s->options & SSL_OP_NO_SSLv3)) - { - s->version=SSL3_VERSION; - type=3; - } - } - else - { - /* client requests SSL 3.0 */ - if (!(s->options & SSL_OP_NO_SSLv3)) - { - s->version=SSL3_VERSION; - type=3; - } - else if (!(s->options & SSL_OP_NO_TLSv1)) - { - /* we won't be able to use TLS of course, - * but this will send an appropriate alert */ - s->version=TLS1_VERSION; - type=3; - } - } - } - else if ((strncmp("GET ", (char *)p,4) == 0) || - (strncmp("POST ",(char *)p,5) == 0) || - (strncmp("HEAD ",(char *)p,5) == 0) || - (strncmp("PUT ", (char *)p,4) == 0)) - { - SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTP_REQUEST); - goto err; - } - else if (strncmp("CONNECT",(char *)p,7) == 0) - { - SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTPS_PROXY_REQUEST); - goto err; - } - } - - if (s->state == SSL23_ST_SR_CLNT_HELLO_B) - { - /* we have SSLv3/TLSv1 in an SSLv2 header - * (other cases skip this state) */ - - type=2; - p=s->packet; - v[0] = p[3]; /* == SSL3_VERSION_MAJOR */ - v[1] = p[4]; - - n=((p[0]&0x7f)<<8)|p[1]; - if (n > (1024*4)) - { - SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_LARGE); - goto err; - } - - j=ssl23_read_bytes(s,n+2); - if (j <= 0) return(j); - - ssl3_finish_mac(s, s->packet+2, s->packet_length-2); - if (s->msg_callback) - s->msg_callback(0, SSL2_VERSION, 0, s->packet+2, s->packet_length-2, s, s->msg_callback_arg); /* CLIENT-HELLO */ - - p=s->packet; - p+=5; - n2s(p,csl); - n2s(p,sil); - n2s(p,cl); - d=(unsigned char *)s->init_buf->data; - if ((csl+sil+cl+11) != s->packet_length) - { - SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_LENGTH_MISMATCH); - goto err; - } - - /* record header: msg_type ... */ - *(d++) = SSL3_MT_CLIENT_HELLO; - /* ... and length (actual value will be written later) */ - d_len = d; - d += 3; - - /* client_version */ - *(d++) = SSL3_VERSION_MAJOR; /* == v[0] */ - *(d++) = v[1]; - - /* lets populate the random area */ - /* get the challenge_length */ - i=(cl > SSL3_RANDOM_SIZE)?SSL3_RANDOM_SIZE:cl; - memset(d,0,SSL3_RANDOM_SIZE); - memcpy(&(d[SSL3_RANDOM_SIZE-i]),&(p[csl+sil]),i); - d+=SSL3_RANDOM_SIZE; - - /* no session-id reuse */ - *(d++)=0; - - /* ciphers */ - j=0; - dd=d; - d+=2; - for (i=0; iinit_buf->data) - 4; - l2n3((long)i, d_len); - - /* get the data reused from the init_buf */ - s->s3->tmp.reuse_message=1; - s->s3->tmp.message_type=SSL3_MT_CLIENT_HELLO; - s->s3->tmp.message_size=i; - } - - /* imaginary new state (for program structure): */ - /* s->state = SSL23_SR_CLNT_HELLO_C */ - - if (type == 1) - { -#ifdef OPENSSL_NO_SSL2 - SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); - goto err; -#else - /* we are talking sslv2 */ - /* we need to clean up the SSLv3/TLSv1 setup and put in the - * sslv2 stuff. */ - - if (s->s2 == NULL) - { - if (!ssl2_new(s)) - goto err; - } - else - ssl2_clear(s); - - if (s->s3 != NULL) ssl3_free(s); - - if (!BUF_MEM_grow(s->init_buf, - SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)) - { - goto err; - } - - s->state=SSL2_ST_GET_CLIENT_HELLO_A; - if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) || - use_sslv2_strong || - (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)) - s->s2->ssl2_rollback=0; - else - /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0 - * (SSL 3.0 draft/RFC 2246, App. E.2) */ - s->s2->ssl2_rollback=1; - - /* setup the n bytes we have read so we get them from - * the sslv2 buffer */ - s->rstate=SSL_ST_READ_HEADER; - s->packet_length=n; - s->packet= &(s->s2->rbuf[0]); - memcpy(s->packet,buf,n); - s->s2->rbuf_left=n; - s->s2->rbuf_offs=0; - - s->method=SSLv2_server_method(); - s->handshake_func=s->method->ssl_accept; -#endif - } - - if ((type == 2) || (type == 3)) - { - /* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */ - - if (!ssl_init_wbio_buffer(s,1)) goto err; - - /* we are in this state */ - s->state=SSL3_ST_SR_CLNT_HELLO_A; - - if (type == 3) - { - /* put the 'n' bytes we have read into the input buffer - * for SSLv3 */ - s->rstate=SSL_ST_READ_HEADER; - s->packet_length=n; - s->packet= &(s->s3->rbuf.buf[0]); - memcpy(s->packet,buf,n); - s->s3->rbuf.left=n; - s->s3->rbuf.offset=0; - } - else - { - s->packet_length=0; - s->s3->rbuf.left=0; - s->s3->rbuf.offset=0; - } - - if (s->version == TLS1_VERSION) - s->method = TLSv1_server_method(); - else - s->method = SSLv3_server_method(); -#if 0 /* ssl3_get_client_hello does this */ - s->client_version=(v[0]<<8)|v[1]; -#endif - s->handshake_func=s->method->ssl_accept; - } - - if ((type < 1) || (type > 3)) - { - /* bad, very bad */ - SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNKNOWN_PROTOCOL); - goto err; - } - s->init_num=0; - - if (buf != buf_space) OPENSSL_free(buf); - s->first_packet=1; - return(SSL_accept(s)); -err: - if (buf != buf_space) OPENSSL_free(buf); - return(-1); - } diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c deleted file mode 100644 index 58a24cd8839..00000000000 --- a/src/lib/libssl/s3_both.c +++ /dev/null @@ -1,624 +0,0 @@ -/* ssl/s3_both.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include "ssl_locl.h" - -/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */ -int ssl3_do_write(SSL *s, int type) - { - int ret; - - ret=ssl3_write_bytes(s,type,&s->init_buf->data[s->init_off], - s->init_num); - if (ret < 0) return(-1); - if (type == SSL3_RT_HANDSHAKE) - /* should not be done for 'Hello Request's, but in that case - * we'll ignore the result anyway */ - ssl3_finish_mac(s,(unsigned char *)&s->init_buf->data[s->init_off],ret); - - if (ret == s->init_num) - { - if (s->msg_callback) - s->msg_callback(1, s->version, type, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, s->msg_callback_arg); - return(1); - } - s->init_off+=ret; - s->init_num-=ret; - return(0); - } - -int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) - { - unsigned char *p,*d; - int i; - unsigned long l; - - if (s->state == a) - { - d=(unsigned char *)s->init_buf->data; - p= &(d[4]); - - i=s->method->ssl3_enc->final_finish_mac(s, - &(s->s3->finish_dgst1), - &(s->s3->finish_dgst2), - sender,slen,s->s3->tmp.finish_md); - s->s3->tmp.finish_md_len = i; - memcpy(p, s->s3->tmp.finish_md, i); - p+=i; - l=i; - -#ifdef OPENSSL_SYS_WIN16 - /* MSVC 1.5 does not clear the top bytes of the word unless - * I do this. - */ - l&=0xffff; -#endif - - *(d++)=SSL3_MT_FINISHED; - l2n3(l,d); - s->init_num=(int)l+4; - s->init_off=0; - - s->state=b; - } - - /* SSL3_ST_SEND_xxxxxx_HELLO_B */ - return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); - } - -int ssl3_get_finished(SSL *s, int a, int b) - { - int al,i,ok; - long n; - unsigned char *p; - - /* the mac has already been generated when we received the - * change cipher spec message and is in s->s3->tmp.peer_finish_md - */ - - n=ssl3_get_message(s, - a, - b, - SSL3_MT_FINISHED, - 64, /* should actually be 36+4 :-) */ - &ok); - - if (!ok) return((int)n); - - /* If this occurs, we have missed a message */ - if (!s->s3->change_cipher_spec) - { - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_GOT_A_FIN_BEFORE_A_CCS); - goto f_err; - } - s->s3->change_cipher_spec=0; - - p = (unsigned char *)s->init_msg; - i = s->s3->tmp.peer_finish_md_len; - - if (i != n) - { - al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_BAD_DIGEST_LENGTH); - goto f_err; - } - - if (memcmp(p, s->s3->tmp.peer_finish_md, i) != 0) - { - al=SSL_AD_DECRYPT_ERROR; - SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED); - goto f_err; - } - - return(1); -f_err: - ssl3_send_alert(s,SSL3_AL_FATAL,al); - return(0); - } - -/* for these 2 messages, we need to - * ssl->enc_read_ctx re-init - * ssl->s3->read_sequence zero - * ssl->s3->read_mac_secret re-init - * ssl->session->read_sym_enc assign - * ssl->session->read_compression assign - * ssl->session->read_hash assign - */ -int ssl3_send_change_cipher_spec(SSL *s, int a, int b) - { - unsigned char *p; - - if (s->state == a) - { - p=(unsigned char *)s->init_buf->data; - *p=SSL3_MT_CCS; - s->init_num=1; - s->init_off=0; - - s->state=b; - } - - /* SSL3_ST_CW_CHANGE_B */ - return(ssl3_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC)); - } - -unsigned long ssl3_output_cert_chain(SSL *s, X509 *x) - { - unsigned char *p; - int n,i; - unsigned long l=7; - BUF_MEM *buf; - X509_STORE_CTX xs_ctx; - X509_OBJECT obj; - - /* TLSv1 sends a chain with nothing in it, instead of an alert */ - buf=s->init_buf; - if (!BUF_MEM_grow(buf,(int)(10))) - { - SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB); - return(0); - } - if (x != NULL) - { - if(!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL)) - { - SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB); - return(0); - } - - for (;;) - { - n=i2d_X509(x,NULL); - if (!BUF_MEM_grow(buf,(int)(n+l+3))) - { - SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB); - return(0); - } - p=(unsigned char *)&(buf->data[l]); - l2n3(n,p); - i2d_X509(x,&p); - l+=n+3; - if (X509_NAME_cmp(X509_get_subject_name(x), - X509_get_issuer_name(x)) == 0) break; - - i=X509_STORE_get_by_subject(&xs_ctx,X509_LU_X509, - X509_get_issuer_name(x),&obj); - if (i <= 0) break; - x=obj.data.x509; - /* Count is one too high since the X509_STORE_get uped the - * ref count */ - X509_free(x); - } - - X509_STORE_CTX_cleanup(&xs_ctx); - } - - /* Thawte special :-) */ - if (s->ctx->extra_certs != NULL) - for (i=0; ictx->extra_certs); i++) - { - x=sk_X509_value(s->ctx->extra_certs,i); - n=i2d_X509(x,NULL); - if (!BUF_MEM_grow(buf,(int)(n+l+3))) - { - SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB); - return(0); - } - p=(unsigned char *)&(buf->data[l]); - l2n3(n,p); - i2d_X509(x,&p); - l+=n+3; - } - - l-=7; - p=(unsigned char *)&(buf->data[4]); - l2n3(l,p); - l+=3; - p=(unsigned char *)&(buf->data[0]); - *(p++)=SSL3_MT_CERTIFICATE; - l2n3(l,p); - l+=4; - return(l); - } - -/* Obtain handshake message of message type 'mt' (any if mt == -1), - * maximum acceptable body length 'max'. - * The first four bytes (msg_type and length) are read in state 'st1', - * the body is read in state 'stn'. - */ -long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) - { - unsigned char *p; - unsigned long l; - long n; - int i,al; - - if (s->s3->tmp.reuse_message) - { - s->s3->tmp.reuse_message=0; - if ((mt >= 0) && (s->s3->tmp.message_type != mt)) - { - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE); - goto f_err; - } - *ok=1; - s->init_msg = s->init_buf->data + 4; - s->init_num = (int)s->s3->tmp.message_size; - return s->init_num; - } - - p=(unsigned char *)s->init_buf->data; - - if (s->state == st1) /* s->init_num < 4 */ - { - int skip_message; - - do - { - while (s->init_num < 4) - { - i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num], - 4 - s->init_num, 0); - if (i <= 0) - { - s->rwstate=SSL_READING; - *ok = 0; - return i; - } - s->init_num+=i; - } - - skip_message = 0; - if (!s->server) - if (p[0] == SSL3_MT_HELLO_REQUEST) - /* The server may always send 'Hello Request' messages -- - * we are doing a handshake anyway now, so ignore them - * if their format is correct. Does not count for - * 'Finished' MAC. */ - if (p[1] == 0 && p[2] == 0 &&p[3] == 0) - { - s->init_num = 0; - skip_message = 1; - - if (s->msg_callback) - s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, 4, s, s->msg_callback_arg); - } - } - while (skip_message); - - /* s->init_num == 4 */ - - if ((mt >= 0) && (*p != mt)) - { - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE); - goto f_err; - } - if ((mt < 0) && (*p == SSL3_MT_CLIENT_HELLO) && - (st1 == SSL3_ST_SR_CERT_A) && - (stn == SSL3_ST_SR_CERT_B)) - { - /* At this point we have got an MS SGC second client - * hello (maybe we should always allow the client to - * start a new handshake?). We need to restart the mac. - * Don't increment {num,total}_renegotiations because - * we have not completed the handshake. */ - ssl3_init_finished_mac(s); - } - - s->s3->tmp.message_type= *(p++); - - n2l3(p,l); - if (l > (unsigned long)max) - { - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE); - goto f_err; - } - if (l > (INT_MAX-4)) /* BUF_MEM_grow takes an 'int' parameter */ - { - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE); - goto f_err; - } - if (l && !BUF_MEM_grow(s->init_buf,(int)l+4)) - { - SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB); - goto err; - } - s->s3->tmp.message_size=l; - s->state=stn; - - s->init_msg = s->init_buf->data + 4; - s->init_num = 0; - } - - /* next state (stn) */ - p = s->init_msg; - n = s->s3->tmp.message_size - s->init_num; - while (n > 0) - { - i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n,0); - if (i <= 0) - { - s->rwstate=SSL_READING; - *ok = 0; - return i; - } - s->init_num += i; - n -= i; - } - ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4); - if (s->msg_callback) - s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, (size_t)s->init_num + 4, s, s->msg_callback_arg); - *ok=1; - return s->init_num; -f_err: - ssl3_send_alert(s,SSL3_AL_FATAL,al); -err: - *ok=0; - return(-1); - } - -int ssl_cert_type(X509 *x, EVP_PKEY *pkey) - { - EVP_PKEY *pk; - int ret= -1,i,j; - - if (pkey == NULL) - pk=X509_get_pubkey(x); - else - pk=pkey; - if (pk == NULL) goto err; - - i=pk->type; - if (i == EVP_PKEY_RSA) - { - ret=SSL_PKEY_RSA_ENC; - if (x != NULL) - { - j=X509_get_ext_count(x); - /* check to see if this is a signing only certificate */ - /* EAY EAY EAY EAY */ - } - } - else if (i == EVP_PKEY_DSA) - { - ret=SSL_PKEY_DSA_SIGN; - } - else if (i == EVP_PKEY_DH) - { - /* if we just have a key, we needs to be guess */ - - if (x == NULL) - ret=SSL_PKEY_DH_DSA; - else - { - j=X509_get_signature_type(x); - if (j == EVP_PKEY_RSA) - ret=SSL_PKEY_DH_RSA; - else if (j== EVP_PKEY_DSA) - ret=SSL_PKEY_DH_DSA; - else ret= -1; - } - } - else - ret= -1; - -err: - if(!pkey) EVP_PKEY_free(pk); - return(ret); - } - -int ssl_verify_alarm_type(long type) - { - int al; - - switch(type) - { - case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: - case X509_V_ERR_UNABLE_TO_GET_CRL: - case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER: - al=SSL_AD_UNKNOWN_CA; - break; - case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: - case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: - case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: - case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: - case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: - case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: - case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: - case X509_V_ERR_CERT_NOT_YET_VALID: - case X509_V_ERR_CRL_NOT_YET_VALID: - case X509_V_ERR_CERT_UNTRUSTED: - case X509_V_ERR_CERT_REJECTED: - al=SSL_AD_BAD_CERTIFICATE; - break; - case X509_V_ERR_CERT_SIGNATURE_FAILURE: - case X509_V_ERR_CRL_SIGNATURE_FAILURE: - al=SSL_AD_DECRYPT_ERROR; - break; - case X509_V_ERR_CERT_HAS_EXPIRED: - case X509_V_ERR_CRL_HAS_EXPIRED: - al=SSL_AD_CERTIFICATE_EXPIRED; - break; - case X509_V_ERR_CERT_REVOKED: - al=SSL_AD_CERTIFICATE_REVOKED; - break; - case X509_V_ERR_OUT_OF_MEM: - al=SSL_AD_INTERNAL_ERROR; - break; - case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: - case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: - case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: - case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: - case X509_V_ERR_CERT_CHAIN_TOO_LONG: - case X509_V_ERR_PATH_LENGTH_EXCEEDED: - case X509_V_ERR_INVALID_CA: - al=SSL_AD_UNKNOWN_CA; - break; - case X509_V_ERR_APPLICATION_VERIFICATION: - al=SSL_AD_HANDSHAKE_FAILURE; - break; - case X509_V_ERR_INVALID_PURPOSE: - al=SSL_AD_UNSUPPORTED_CERTIFICATE; - break; - default: - al=SSL_AD_CERTIFICATE_UNKNOWN; - break; - } - return(al); - } - -int ssl3_setup_buffers(SSL *s) - { - unsigned char *p; - unsigned int extra; - size_t len; - - if (s->s3->rbuf.buf == NULL) - { - if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) - extra=SSL3_RT_MAX_EXTRA; - else - extra=0; - len = SSL3_RT_MAX_PACKET_SIZE + extra; - if ((p=OPENSSL_malloc(len)) == NULL) - goto err; - s->s3->rbuf.buf = p; - s->s3->rbuf.len = len; - } - - if (s->s3->wbuf.buf == NULL) - { - len = SSL3_RT_MAX_PACKET_SIZE; - len += SSL3_RT_HEADER_LENGTH + 256; /* extra space for empty fragment */ - if ((p=OPENSSL_malloc(len)) == NULL) - goto err; - s->s3->wbuf.buf = p; - s->s3->wbuf.len = len; - } - s->packet= &(s->s3->rbuf.buf[0]); - return(1); -err: - SSLerr(SSL_F_SSL3_SETUP_BUFFERS,ERR_R_MALLOC_FAILURE); - return(0); - } diff --git a/src/lib/libssl/s3_cbc.c b/src/lib/libssl/s3_cbc.c new file mode 100644 index 00000000000..a1c0ce6b908 --- /dev/null +++ b/src/lib/libssl/s3_cbc.c @@ -0,0 +1,615 @@ +/* $OpenBSD: s3_cbc.c,v 1.17 2018/09/08 14:39:41 jsing Exp $ */ +/* ==================================================================== + * Copyright (c) 2012 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include "ssl_locl.h" + +#include +#include + +/* MAX_HASH_BIT_COUNT_BYTES is the maximum number of bytes in the hash's length + * field. (SHA-384/512 have 128-bit length.) */ +#define MAX_HASH_BIT_COUNT_BYTES 16 + +/* MAX_HASH_BLOCK_SIZE is the maximum hash block size that we'll support. + * Currently SHA-384/512 has a 128-byte block size and that's the largest + * supported by TLS.) */ +#define MAX_HASH_BLOCK_SIZE 128 + +/* Some utility functions are needed: + * + * These macros return the given value with the MSB copied to all the other + * bits. They use the fact that arithmetic shift shifts-in the sign bit. + * However, this is not ensured by the C standard so you may need to replace + * them with something else on odd CPUs. */ +#define DUPLICATE_MSB_TO_ALL(x) ((unsigned)((int)(x) >> (sizeof(int) * 8 - 1))) +#define DUPLICATE_MSB_TO_ALL_8(x) ((unsigned char)(DUPLICATE_MSB_TO_ALL(x))) + +/* constant_time_lt returns 0xff if a=b and 0x00 otherwise. */ +static unsigned +constant_time_ge(unsigned a, unsigned b) +{ + a -= b; + return DUPLICATE_MSB_TO_ALL(~a); +} + +/* constant_time_eq_8 returns 0xff if a==b and 0x00 otherwise. */ +static unsigned char +constant_time_eq_8(unsigned a, unsigned b) +{ + unsigned c = a ^ b; + c--; + return DUPLICATE_MSB_TO_ALL_8(c); +} + +/* tls1_cbc_remove_padding removes the CBC padding from the decrypted, TLS, CBC + * record in |rec| in constant time and returns 1 if the padding is valid and + * -1 otherwise. It also removes any explicit IV from the start of the record + * without leaking any timing about whether there was enough space after the + * padding was removed. + * + * block_size: the block size of the cipher used to encrypt the record. + * returns: + * 0: (in non-constant time) if the record is publicly invalid. + * 1: if the padding was valid + * -1: otherwise. */ +int +tls1_cbc_remove_padding(const SSL* s, SSL3_RECORD *rec, unsigned block_size, + unsigned mac_size) +{ + unsigned padding_length, good, to_check, i; + const unsigned overhead = 1 /* padding length byte */ + mac_size; + + /* Check if version requires explicit IV */ + if (SSL_USE_EXPLICIT_IV(s)) { + /* These lengths are all public so we can test them in + * non-constant time. + */ + if (overhead + block_size > rec->length) + return 0; + /* We can now safely skip explicit IV */ + rec->data += block_size; + rec->input += block_size; + rec->length -= block_size; + } else if (overhead > rec->length) + return 0; + + padding_length = rec->data[rec->length - 1]; + + good = constant_time_ge(rec->length, overhead + padding_length); + /* The padding consists of a length byte at the end of the record and + * then that many bytes of padding, all with the same value as the + * length byte. Thus, with the length byte included, there are i+1 + * bytes of padding. + * + * We can't check just |padding_length+1| bytes because that leaks + * decrypted information. Therefore we always have to check the maximum + * amount of padding possible. (Again, the length of the record is + * public information so we can use it.) */ + to_check = 255; /* maximum amount of padding. */ + if (to_check > rec->length - 1) + to_check = rec->length - 1; + + for (i = 0; i < to_check; i++) { + unsigned char mask = constant_time_ge(padding_length, i); + unsigned char b = rec->data[rec->length - 1 - i]; + /* The final |padding_length+1| bytes should all have the value + * |padding_length|. Therefore the XOR should be zero. */ + good &= ~(mask&(padding_length ^ b)); + } + + /* If any of the final |padding_length+1| bytes had the wrong value, + * one or more of the lower eight bits of |good| will be cleared. We + * AND the bottom 8 bits together and duplicate the result to all the + * bits. */ + good &= good >> 4; + good &= good >> 2; + good &= good >> 1; + good <<= sizeof(good)*8 - 1; + good = DUPLICATE_MSB_TO_ALL(good); + + padding_length = good & (padding_length + 1); + rec->length -= padding_length; + rec->type |= padding_length<<8; /* kludge: pass padding length */ + + return (int)((good & 1) | (~good & -1)); +} + +/* ssl3_cbc_copy_mac copies |md_size| bytes from the end of |rec| to |out| in + * constant time (independent of the concrete value of rec->length, which may + * vary within a 256-byte window). + * + * ssl3_cbc_remove_padding or tls1_cbc_remove_padding must be called prior to + * this function. + * + * On entry: + * rec->orig_len >= md_size + * md_size <= EVP_MAX_MD_SIZE + * + * If CBC_MAC_ROTATE_IN_PLACE is defined then the rotation is performed with + * variable accesses in a 64-byte-aligned buffer. Assuming that this fits into + * a single or pair of cache-lines, then the variable memory accesses don't + * actually affect the timing. CPUs with smaller cache-lines [if any] are + * not multi-core and are not considered vulnerable to cache-timing attacks. + */ +#define CBC_MAC_ROTATE_IN_PLACE + +void +ssl3_cbc_copy_mac(unsigned char* out, const SSL3_RECORD *rec, + unsigned md_size, unsigned orig_len) +{ +#if defined(CBC_MAC_ROTATE_IN_PLACE) + unsigned char rotated_mac_buf[64 + EVP_MAX_MD_SIZE]; + unsigned char *rotated_mac; +#else + unsigned char rotated_mac[EVP_MAX_MD_SIZE]; +#endif + + /* mac_end is the index of |rec->data| just after the end of the MAC. */ + unsigned mac_end = rec->length; + unsigned mac_start = mac_end - md_size; + /* scan_start contains the number of bytes that we can ignore because + * the MAC's position can only vary by 255 bytes. */ + unsigned scan_start = 0; + unsigned i, j; + unsigned div_spoiler; + unsigned rotate_offset; + + OPENSSL_assert(orig_len >= md_size); + OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE); + +#if defined(CBC_MAC_ROTATE_IN_PLACE) + rotated_mac = rotated_mac_buf + ((0 - (size_t)rotated_mac_buf)&63); +#endif + + /* This information is public so it's safe to branch based on it. */ + if (orig_len > md_size + 255 + 1) + scan_start = orig_len - (md_size + 255 + 1); + /* div_spoiler contains a multiple of md_size that is used to cause the + * modulo operation to be constant time. Without this, the time varies + * based on the amount of padding when running on Intel chips at least. + * + * The aim of right-shifting md_size is so that the compiler doesn't + * figure out that it can remove div_spoiler as that would require it + * to prove that md_size is always even, which I hope is beyond it. */ + div_spoiler = md_size >> 1; + div_spoiler <<= (sizeof(div_spoiler) - 1) * 8; + rotate_offset = (div_spoiler + mac_start - scan_start) % md_size; + + memset(rotated_mac, 0, md_size); + for (i = scan_start, j = 0; i < orig_len; i++) { + unsigned char mac_started = constant_time_ge(i, mac_start); + unsigned char mac_ended = constant_time_ge(i, mac_end); + unsigned char b = rec->data[i]; + rotated_mac[j++] |= b & mac_started & ~mac_ended; + j &= constant_time_lt(j, md_size); + } + + /* Now rotate the MAC */ +#if defined(CBC_MAC_ROTATE_IN_PLACE) + j = 0; + for (i = 0; i < md_size; i++) { + /* in case cache-line is 32 bytes, touch second line */ + ((volatile unsigned char *)rotated_mac)[rotate_offset^32]; + out[j++] = rotated_mac[rotate_offset++]; + rotate_offset &= constant_time_lt(rotate_offset, md_size); + } +#else + memset(out, 0, md_size); + rotate_offset = md_size - rotate_offset; + rotate_offset &= constant_time_lt(rotate_offset, md_size); + for (i = 0; i < md_size; i++) { + for (j = 0; j < md_size; j++) + out[j] |= rotated_mac[i] & constant_time_eq_8(j, rotate_offset); + rotate_offset++; + rotate_offset &= constant_time_lt(rotate_offset, md_size); + } +#endif +} + +/* u32toLE serialises an unsigned, 32-bit number (n) as four bytes at (p) in + * little-endian order. The value of p is advanced by four. */ +#define u32toLE(n, p) \ + (*((p)++)=(unsigned char)(n), \ + *((p)++)=(unsigned char)(n>>8), \ + *((p)++)=(unsigned char)(n>>16), \ + *((p)++)=(unsigned char)(n>>24)) + +/* These functions serialize the state of a hash and thus perform the standard + * "final" operation without adding the padding and length that such a function + * typically does. */ +static void +tls1_md5_final_raw(void* ctx, unsigned char *md_out) +{ + MD5_CTX *md5 = ctx; + u32toLE(md5->A, md_out); + u32toLE(md5->B, md_out); + u32toLE(md5->C, md_out); + u32toLE(md5->D, md_out); +} + +static void +tls1_sha1_final_raw(void* ctx, unsigned char *md_out) +{ + SHA_CTX *sha1 = ctx; + l2n(sha1->h0, md_out); + l2n(sha1->h1, md_out); + l2n(sha1->h2, md_out); + l2n(sha1->h3, md_out); + l2n(sha1->h4, md_out); +} + +static void +tls1_sha256_final_raw(void* ctx, unsigned char *md_out) +{ + SHA256_CTX *sha256 = ctx; + unsigned i; + + for (i = 0; i < 8; i++) { + l2n(sha256->h[i], md_out); + } +} + +static void +tls1_sha512_final_raw(void* ctx, unsigned char *md_out) +{ + SHA512_CTX *sha512 = ctx; + unsigned i; + + for (i = 0; i < 8; i++) { + l2n8(sha512->h[i], md_out); + } +} + +/* Largest hash context ever used by the functions above. */ +#define LARGEST_DIGEST_CTX SHA512_CTX + +/* Type giving the alignment needed by the above */ +#define LARGEST_DIGEST_CTX_ALIGNMENT SHA_LONG64 + +/* ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function + * which ssl3_cbc_digest_record supports. */ +char +ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx) +{ + switch (EVP_MD_CTX_type(ctx)) { + case NID_md5: + case NID_sha1: + case NID_sha224: + case NID_sha256: + case NID_sha384: + case NID_sha512: + return 1; + default: + return 0; + } +} + +/* ssl3_cbc_digest_record computes the MAC of a decrypted, padded TLS + * record. + * + * ctx: the EVP_MD_CTX from which we take the hash function. + * ssl3_cbc_record_digest_supported must return true for this EVP_MD_CTX. + * md_out: the digest output. At most EVP_MAX_MD_SIZE bytes will be written. + * md_out_size: if non-NULL, the number of output bytes is written here. + * header: the 13-byte, TLS record header. + * data: the record data itself, less any preceeding explicit IV. + * data_plus_mac_size: the secret, reported length of the data and MAC + * once the padding has been removed. + * data_plus_mac_plus_padding_size: the public length of the whole + * record, including padding. + * + * On entry: by virtue of having been through one of the remove_padding + * functions, above, we know that data_plus_mac_size is large enough to contain + * a padding byte and MAC. (If the padding was invalid, it might contain the + * padding too. ) + */ +int +ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char* md_out, + size_t* md_out_size, const unsigned char header[13], + const unsigned char *data, size_t data_plus_mac_size, + size_t data_plus_mac_plus_padding_size, const unsigned char *mac_secret, + unsigned mac_secret_length) +{ + union { + /* + * Alignment here is to allow this to be cast as SHA512_CTX + * without losing alignment required by the 64-bit SHA_LONG64 + * integer it contains. + */ + LARGEST_DIGEST_CTX_ALIGNMENT align; + unsigned char c[sizeof(LARGEST_DIGEST_CTX)]; + } md_state; + void (*md_final_raw)(void *ctx, unsigned char *md_out); + void (*md_transform)(void *ctx, const unsigned char *block); + unsigned md_size, md_block_size = 64; + unsigned header_length, variance_blocks, + len, max_mac_bytes, num_blocks, + num_starting_blocks, k, mac_end_offset, c, index_a, index_b; + unsigned int bits; /* at most 18 bits */ + unsigned char length_bytes[MAX_HASH_BIT_COUNT_BYTES]; + /* hmac_pad is the masked HMAC key. */ + unsigned char hmac_pad[MAX_HASH_BLOCK_SIZE]; + unsigned char first_block[MAX_HASH_BLOCK_SIZE]; + unsigned char mac_out[EVP_MAX_MD_SIZE]; + unsigned i, j, md_out_size_u; + EVP_MD_CTX md_ctx; + /* mdLengthSize is the number of bytes in the length field that terminates + * the hash. */ + unsigned md_length_size = 8; + char length_is_big_endian = 1; + + /* This is a, hopefully redundant, check that allows us to forget about + * many possible overflows later in this function. */ + OPENSSL_assert(data_plus_mac_plus_padding_size < 1024*1024); + + switch (EVP_MD_CTX_type(ctx)) { + case NID_md5: + MD5_Init((MD5_CTX*)md_state.c); + md_final_raw = tls1_md5_final_raw; + md_transform = (void(*)(void *ctx, const unsigned char *block)) MD5_Transform; + md_size = 16; + length_is_big_endian = 0; + break; + case NID_sha1: + SHA1_Init((SHA_CTX*)md_state.c); + md_final_raw = tls1_sha1_final_raw; + md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA1_Transform; + md_size = 20; + break; + case NID_sha224: + SHA224_Init((SHA256_CTX*)md_state.c); + md_final_raw = tls1_sha256_final_raw; + md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform; + md_size = 224/8; + break; + case NID_sha256: + SHA256_Init((SHA256_CTX*)md_state.c); + md_final_raw = tls1_sha256_final_raw; + md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform; + md_size = 32; + break; + case NID_sha384: + SHA384_Init((SHA512_CTX*)md_state.c); + md_final_raw = tls1_sha512_final_raw; + md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA512_Transform; + md_size = 384/8; + md_block_size = 128; + md_length_size = 16; + break; + case NID_sha512: + SHA512_Init((SHA512_CTX*)md_state.c); + md_final_raw = tls1_sha512_final_raw; + md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA512_Transform; + md_size = 64; + md_block_size = 128; + md_length_size = 16; + break; + default: + /* ssl3_cbc_record_digest_supported should have been + * called first to check that the hash function is + * supported. */ + OPENSSL_assert(0); + if (md_out_size) + *md_out_size = 0; + return 0; + } + + OPENSSL_assert(md_length_size <= MAX_HASH_BIT_COUNT_BYTES); + OPENSSL_assert(md_block_size <= MAX_HASH_BLOCK_SIZE); + OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE); + + header_length = 13; + + /* variance_blocks is the number of blocks of the hash that we have to + * calculate in constant time because they could be altered by the + * padding value. + * + * TLSv1 has MACs up to 48 bytes long (SHA-384) and the padding is not + * required to be minimal. Therefore we say that the final six blocks + * can vary based on the padding. + * + * Later in the function, if the message is short and there obviously + * cannot be this many blocks then variance_blocks can be reduced. */ + variance_blocks = 6; + /* From now on we're dealing with the MAC, which conceptually has 13 + * bytes of `header' before the start of the data (TLS) */ + len = data_plus_mac_plus_padding_size + header_length; + /* max_mac_bytes contains the maximum bytes of bytes in the MAC, including + * |header|, assuming that there's no padding. */ + max_mac_bytes = len - md_size - 1; + /* num_blocks is the maximum number of hash blocks. */ + num_blocks = (max_mac_bytes + 1 + md_length_size + md_block_size - 1) / md_block_size; + /* In order to calculate the MAC in constant time we have to handle + * the final blocks specially because the padding value could cause the + * end to appear somewhere in the final |variance_blocks| blocks and we + * can't leak where. However, |num_starting_blocks| worth of data can + * be hashed right away because no padding value can affect whether + * they are plaintext. */ + num_starting_blocks = 0; + /* k is the starting byte offset into the conceptual header||data where + * we start processing. */ + k = 0; + /* mac_end_offset is the index just past the end of the data to be + * MACed. */ + mac_end_offset = data_plus_mac_size + header_length - md_size; + /* c is the index of the 0x80 byte in the final hash block that + * contains application data. */ + c = mac_end_offset % md_block_size; + /* index_a is the hash block number that contains the 0x80 terminating + * value. */ + index_a = mac_end_offset / md_block_size; + /* index_b is the hash block number that contains the 64-bit hash + * length, in bits. */ + index_b = (mac_end_offset + md_length_size) / md_block_size; + /* bits is the hash-length in bits. It includes the additional hash + * block for the masked HMAC key. */ + + if (num_blocks > variance_blocks) { + num_starting_blocks = num_blocks - variance_blocks; + k = md_block_size*num_starting_blocks; + } + + bits = 8*mac_end_offset; + /* Compute the initial HMAC block. */ + bits += 8*md_block_size; + memset(hmac_pad, 0, md_block_size); + OPENSSL_assert(mac_secret_length <= sizeof(hmac_pad)); + memcpy(hmac_pad, mac_secret, mac_secret_length); + for (i = 0; i < md_block_size; i++) + hmac_pad[i] ^= 0x36; + + md_transform(md_state.c, hmac_pad); + + if (length_is_big_endian) { + memset(length_bytes, 0, md_length_size - 4); + length_bytes[md_length_size - 4] = (unsigned char)(bits >> 24); + length_bytes[md_length_size - 3] = (unsigned char)(bits >> 16); + length_bytes[md_length_size - 2] = (unsigned char)(bits >> 8); + length_bytes[md_length_size - 1] = (unsigned char)bits; + } else { + memset(length_bytes, 0, md_length_size); + length_bytes[md_length_size - 5] = (unsigned char)(bits >> 24); + length_bytes[md_length_size - 6] = (unsigned char)(bits >> 16); + length_bytes[md_length_size - 7] = (unsigned char)(bits >> 8); + length_bytes[md_length_size - 8] = (unsigned char)bits; + } + + if (k > 0) { + /* k is a multiple of md_block_size. */ + memcpy(first_block, header, 13); + memcpy(first_block + 13, data, md_block_size - 13); + md_transform(md_state.c, first_block); + for (i = 1; i < k/md_block_size; i++) + md_transform(md_state.c, data + md_block_size*i - 13); + } + + memset(mac_out, 0, sizeof(mac_out)); + + /* We now process the final hash blocks. For each block, we construct + * it in constant time. If the |i==index_a| then we'll include the 0x80 + * bytes and zero pad etc. For each block we selectively copy it, in + * constant time, to |mac_out|. */ + for (i = num_starting_blocks; i <= num_starting_blocks + variance_blocks; i++) { + unsigned char block[MAX_HASH_BLOCK_SIZE]; + unsigned char is_block_a = constant_time_eq_8(i, index_a); + unsigned char is_block_b = constant_time_eq_8(i, index_b); + for (j = 0; j < md_block_size; j++) { + unsigned char b = 0, is_past_c, is_past_cp1; + if (k < header_length) + b = header[k]; + else if (k < data_plus_mac_plus_padding_size + header_length) + b = data[k - header_length]; + k++; + + is_past_c = is_block_a & constant_time_ge(j, c); + is_past_cp1 = is_block_a & constant_time_ge(j, c + 1); + /* If this is the block containing the end of the + * application data, and we are at the offset for the + * 0x80 value, then overwrite b with 0x80. */ + b = (b&~is_past_c) | (0x80&is_past_c); + /* If this is the block containing the end of the + * application data and we're past the 0x80 value then + * just write zero. */ + b = b&~is_past_cp1; + /* If this is index_b (the final block), but not + * index_a (the end of the data), then the 64-bit + * length didn't fit into index_a and we're having to + * add an extra block of zeros. */ + b &= ~is_block_b | is_block_a; + + /* The final bytes of one of the blocks contains the + * length. */ + if (j >= md_block_size - md_length_size) { + /* If this is index_b, write a length byte. */ + b = (b&~is_block_b) | (is_block_b&length_bytes[j - (md_block_size - md_length_size)]); + } + block[j] = b; + } + + md_transform(md_state.c, block); + md_final_raw(md_state.c, block); + /* If this is index_b, copy the hash value to |mac_out|. */ + for (j = 0; j < md_size; j++) + mac_out[j] |= block[j]&is_block_b; + } + + EVP_MD_CTX_init(&md_ctx); + if (!EVP_DigestInit_ex(&md_ctx, ctx->digest, NULL /* engine */)) { + EVP_MD_CTX_cleanup(&md_ctx); + return 0; + } + + /* Complete the HMAC in the standard manner. */ + for (i = 0; i < md_block_size; i++) + hmac_pad[i] ^= 0x6a; + + EVP_DigestUpdate(&md_ctx, hmac_pad, md_block_size); + EVP_DigestUpdate(&md_ctx, mac_out, md_size); + + EVP_DigestFinal(&md_ctx, md_out, &md_out_size_u); + if (md_out_size) + *md_out_size = md_out_size_u; + EVP_MD_CTX_cleanup(&md_ctx); + + return 1; +} diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c deleted file mode 100644 index 5d3efac2cd6..00000000000 --- a/src/lib/libssl/s3_clnt.c +++ /dev/null @@ -1,1966 +0,0 @@ -/* ssl/s3_clnt.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include -#include -#include -#include -#include "ssl_locl.h" -#include "kssl_lcl.h" -#include - -static SSL_METHOD *ssl3_get_client_method(int ver); -static int ssl3_client_hello(SSL *s); -static int ssl3_get_server_hello(SSL *s); -static int ssl3_get_certificate_request(SSL *s); -static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b); -static int ssl3_get_server_done(SSL *s); -static int ssl3_send_client_verify(SSL *s); -static int ssl3_send_client_certificate(SSL *s); -static int ssl3_send_client_key_exchange(SSL *s); -static int ssl3_get_key_exchange(SSL *s); -static int ssl3_get_server_certificate(SSL *s); -static int ssl3_check_cert_and_algorithm(SSL *s); -static SSL_METHOD *ssl3_get_client_method(int ver) - { - if (ver == SSL3_VERSION) - return(SSLv3_client_method()); - else - return(NULL); - } - -SSL_METHOD *SSLv3_client_method(void) - { - static int init=1; - static SSL_METHOD SSLv3_client_data; - - if (init) - { - init=0; - memcpy((char *)&SSLv3_client_data,(char *)sslv3_base_method(), - sizeof(SSL_METHOD)); - SSLv3_client_data.ssl_connect=ssl3_connect; - SSLv3_client_data.get_ssl_method=ssl3_get_client_method; - } - return(&SSLv3_client_data); - } - -int ssl3_connect(SSL *s) - { - BUF_MEM *buf; - unsigned long Time=time(NULL),l; - long num1; - void (*cb)(const SSL *ssl,int type,int val)=NULL; - int ret= -1; - int new_state,state,skip=0;; - - RAND_add(&Time,sizeof(Time),0); - ERR_clear_error(); - clear_sys_error(); - - if (s->info_callback != NULL) - cb=s->info_callback; - else if (s->ctx->info_callback != NULL) - cb=s->ctx->info_callback; - - s->in_handshake++; - if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); - - for (;;) - { - state=s->state; - - switch(s->state) - { - case SSL_ST_RENEGOTIATE: - s->new_session=1; - s->state=SSL_ST_CONNECT; - s->ctx->stats.sess_connect_renegotiate++; - /* break */ - case SSL_ST_BEFORE: - case SSL_ST_CONNECT: - case SSL_ST_BEFORE|SSL_ST_CONNECT: - case SSL_ST_OK|SSL_ST_CONNECT: - - s->server=0; - if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); - - if ((s->version & 0xff00 ) != 0x0300) - { - SSLerr(SSL_F_SSL3_CONNECT, ERR_R_INTERNAL_ERROR); - ret = -1; - goto end; - } - - /* s->version=SSL3_VERSION; */ - s->type=SSL_ST_CONNECT; - - if (s->init_buf == NULL) - { - if ((buf=BUF_MEM_new()) == NULL) - { - ret= -1; - goto end; - } - if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH)) - { - ret= -1; - goto end; - } - s->init_buf=buf; - } - - if (!ssl3_setup_buffers(s)) { ret= -1; goto end; } - - /* setup buffing BIO */ - if (!ssl_init_wbio_buffer(s,0)) { ret= -1; goto end; } - - /* don't push the buffering BIO quite yet */ - - ssl3_init_finished_mac(s); - - s->state=SSL3_ST_CW_CLNT_HELLO_A; - s->ctx->stats.sess_connect++; - s->init_num=0; - break; - - case SSL3_ST_CW_CLNT_HELLO_A: - case SSL3_ST_CW_CLNT_HELLO_B: - - s->shutdown=0; - ret=ssl3_client_hello(s); - if (ret <= 0) goto end; - s->state=SSL3_ST_CR_SRVR_HELLO_A; - s->init_num=0; - - /* turn on buffering for the next lot of output */ - if (s->bbio != s->wbio) - s->wbio=BIO_push(s->bbio,s->wbio); - - break; - - case SSL3_ST_CR_SRVR_HELLO_A: - case SSL3_ST_CR_SRVR_HELLO_B: - ret=ssl3_get_server_hello(s); - if (ret <= 0) goto end; - if (s->hit) - s->state=SSL3_ST_CR_FINISHED_A; - else - s->state=SSL3_ST_CR_CERT_A; - s->init_num=0; - break; - - case SSL3_ST_CR_CERT_A: - case SSL3_ST_CR_CERT_B: - /* Check if it is anon DH */ - if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL)) - { - ret=ssl3_get_server_certificate(s); - if (ret <= 0) goto end; - } - else - skip=1; - s->state=SSL3_ST_CR_KEY_EXCH_A; - s->init_num=0; - break; - - case SSL3_ST_CR_KEY_EXCH_A: - case SSL3_ST_CR_KEY_EXCH_B: - ret=ssl3_get_key_exchange(s); - if (ret <= 0) goto end; - s->state=SSL3_ST_CR_CERT_REQ_A; - s->init_num=0; - - /* at this point we check that we have the - * required stuff from the server */ - if (!ssl3_check_cert_and_algorithm(s)) - { - ret= -1; - goto end; - } - break; - - case SSL3_ST_CR_CERT_REQ_A: - case SSL3_ST_CR_CERT_REQ_B: - ret=ssl3_get_certificate_request(s); - if (ret <= 0) goto end; - s->state=SSL3_ST_CR_SRVR_DONE_A; - s->init_num=0; - break; - - case SSL3_ST_CR_SRVR_DONE_A: - case SSL3_ST_CR_SRVR_DONE_B: - ret=ssl3_get_server_done(s); - if (ret <= 0) goto end; - if (s->s3->tmp.cert_req) - s->state=SSL3_ST_CW_CERT_A; - else - s->state=SSL3_ST_CW_KEY_EXCH_A; - s->init_num=0; - - break; - - case SSL3_ST_CW_CERT_A: - case SSL3_ST_CW_CERT_B: - case SSL3_ST_CW_CERT_C: - case SSL3_ST_CW_CERT_D: - ret=ssl3_send_client_certificate(s); - if (ret <= 0) goto end; - s->state=SSL3_ST_CW_KEY_EXCH_A; - s->init_num=0; - break; - - case SSL3_ST_CW_KEY_EXCH_A: - case SSL3_ST_CW_KEY_EXCH_B: - ret=ssl3_send_client_key_exchange(s); - if (ret <= 0) goto end; - l=s->s3->tmp.new_cipher->algorithms; - /* EAY EAY EAY need to check for DH fix cert - * sent back */ - /* For TLS, cert_req is set to 2, so a cert chain - * of nothing is sent, but no verify packet is sent */ - if (s->s3->tmp.cert_req == 1) - { - s->state=SSL3_ST_CW_CERT_VRFY_A; - } - else - { - s->state=SSL3_ST_CW_CHANGE_A; - s->s3->change_cipher_spec=0; - } - - s->init_num=0; - break; - - case SSL3_ST_CW_CERT_VRFY_A: - case SSL3_ST_CW_CERT_VRFY_B: - ret=ssl3_send_client_verify(s); - if (ret <= 0) goto end; - s->state=SSL3_ST_CW_CHANGE_A; - s->init_num=0; - s->s3->change_cipher_spec=0; - break; - - case SSL3_ST_CW_CHANGE_A: - case SSL3_ST_CW_CHANGE_B: - ret=ssl3_send_change_cipher_spec(s, - SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B); - if (ret <= 0) goto end; - s->state=SSL3_ST_CW_FINISHED_A; - s->init_num=0; - - s->session->cipher=s->s3->tmp.new_cipher; - if (s->s3->tmp.new_compression == NULL) - s->session->compress_meth=0; - else - s->session->compress_meth= - s->s3->tmp.new_compression->id; - if (!s->method->ssl3_enc->setup_key_block(s)) - { - ret= -1; - goto end; - } - - if (!s->method->ssl3_enc->change_cipher_state(s, - SSL3_CHANGE_CIPHER_CLIENT_WRITE)) - { - ret= -1; - goto end; - } - - break; - - case SSL3_ST_CW_FINISHED_A: - case SSL3_ST_CW_FINISHED_B: - ret=ssl3_send_finished(s, - SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B, - s->method->ssl3_enc->client_finished_label, - s->method->ssl3_enc->client_finished_label_len); - if (ret <= 0) goto end; - s->state=SSL3_ST_CW_FLUSH; - - /* clear flags */ - s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER; - if (s->hit) - { - s->s3->tmp.next_state=SSL_ST_OK; - if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED) - { - s->state=SSL_ST_OK; - s->s3->flags|=SSL3_FLAGS_POP_BUFFER; - s->s3->delay_buf_pop_ret=0; - } - } - else - { - s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A; - } - s->init_num=0; - break; - - case SSL3_ST_CR_FINISHED_A: - case SSL3_ST_CR_FINISHED_B: - - ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A, - SSL3_ST_CR_FINISHED_B); - if (ret <= 0) goto end; - - if (s->hit) - s->state=SSL3_ST_CW_CHANGE_A; - else - s->state=SSL_ST_OK; - s->init_num=0; - break; - - case SSL3_ST_CW_FLUSH: - /* number of bytes to be flushed */ - num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL); - if (num1 > 0) - { - s->rwstate=SSL_WRITING; - num1=BIO_flush(s->wbio); - if (num1 <= 0) { ret= -1; goto end; } - s->rwstate=SSL_NOTHING; - } - - s->state=s->s3->tmp.next_state; - break; - - case SSL_ST_OK: - /* clean a few things up */ - ssl3_cleanup_key_block(s); - - if (s->init_buf != NULL) - { - BUF_MEM_free(s->init_buf); - s->init_buf=NULL; - } - - /* If we are not 'joining' the last two packets, - * remove the buffering now */ - if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER)) - ssl_free_wbio_buffer(s); - /* else do it later in ssl3_write */ - - s->init_num=0; - s->new_session=0; - - ssl_update_cache(s,SSL_SESS_CACHE_CLIENT); - if (s->hit) s->ctx->stats.sess_hit++; - - ret=1; - /* s->server=0; */ - s->handshake_func=ssl3_connect; - s->ctx->stats.sess_connect_good++; - - if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1); - - goto end; - /* break; */ - - default: - SSLerr(SSL_F_SSL3_CONNECT,SSL_R_UNKNOWN_STATE); - ret= -1; - goto end; - /* break; */ - } - - /* did we do anything */ - if (!s->s3->tmp.reuse_message && !skip) - { - if (s->debug) - { - if ((ret=BIO_flush(s->wbio)) <= 0) - goto end; - } - - if ((cb != NULL) && (s->state != state)) - { - new_state=s->state; - s->state=state; - cb(s,SSL_CB_CONNECT_LOOP,1); - s->state=new_state; - } - } - skip=0; - } -end: - s->in_handshake--; - if (cb != NULL) - cb(s,SSL_CB_CONNECT_EXIT,ret); - return(ret); - } - - -static int ssl3_client_hello(SSL *s) - { - unsigned char *buf; - unsigned char *p,*d; - int i,j; - unsigned long Time,l; - SSL_COMP *comp; - - buf=(unsigned char *)s->init_buf->data; - if (s->state == SSL3_ST_CW_CLNT_HELLO_A) - { - if ((s->session == NULL) || - (s->session->ssl_version != s->version) || - (s->session->not_resumable)) - { - if (!ssl_get_new_session(s,0)) - goto err; - } - /* else use the pre-loaded session */ - - p=s->s3->client_random; - Time=time(NULL); /* Time */ - l2n(Time,p); - RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time)); - - /* Do the message type and length last */ - d=p= &(buf[4]); - - *(p++)=s->version>>8; - *(p++)=s->version&0xff; - s->client_version=s->version; - - /* Random stuff */ - memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE); - p+=SSL3_RANDOM_SIZE; - - /* Session ID */ - if (s->new_session) - i=0; - else - i=s->session->session_id_length; - *(p++)=i; - if (i != 0) - { - die(i <= sizeof s->session->session_id); - memcpy(p,s->session->session_id,i); - p+=i; - } - - /* Ciphers supported */ - i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2])); - if (i == 0) - { - SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE); - goto err; - } - s2n(i,p); - p+=i; - - /* COMPRESSION */ - if (s->ctx->comp_methods == NULL) - j=0; - else - j=sk_SSL_COMP_num(s->ctx->comp_methods); - *(p++)=1+j; - for (i=0; ictx->comp_methods,i); - *(p++)=comp->id; - } - *(p++)=0; /* Add the NULL method */ - - l=(p-d); - d=buf; - *(d++)=SSL3_MT_CLIENT_HELLO; - l2n3(l,d); - - s->state=SSL3_ST_CW_CLNT_HELLO_B; - /* number of bytes to write */ - s->init_num=p-buf; - s->init_off=0; - } - - /* SSL3_ST_CW_CLNT_HELLO_B */ - return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); -err: - return(-1); - } - -static int ssl3_get_server_hello(SSL *s) - { - STACK_OF(SSL_CIPHER) *sk; - SSL_CIPHER *c; - unsigned char *p,*d; - int i,al,ok; - unsigned int j; - long n; - SSL_COMP *comp; - - n=ssl3_get_message(s, - SSL3_ST_CR_SRVR_HELLO_A, - SSL3_ST_CR_SRVR_HELLO_B, - SSL3_MT_SERVER_HELLO, - 300, /* ?? */ - &ok); - - if (!ok) return((int)n); - d=p=(unsigned char *)s->init_msg; - - if ((p[0] != (s->version>>8)) || (p[1] != (s->version&0xff))) - { - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_SSL_VERSION); - s->version=(s->version&0xff00)|p[1]; - al=SSL_AD_PROTOCOL_VERSION; - goto f_err; - } - p+=2; - - /* load the server hello data */ - /* load the server random */ - memcpy(s->s3->server_random,p,SSL3_RANDOM_SIZE); - p+=SSL3_RANDOM_SIZE; - - /* get the session-id */ - j= *(p++); - - if(j > sizeof s->session->session_id) - { - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, - SSL_R_SSL3_SESSION_ID_TOO_LONG); - goto f_err; - } - - if ((j != 0) && (j != SSL3_SESSION_ID_SIZE)) - { - /* SSLref returns 16 :-( */ - if (j < SSL2_SSL_SESSION_ID_LENGTH) - { - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_SHORT); - goto f_err; - } - } - if (j != 0 && j == s->session->session_id_length - && memcmp(p,s->session->session_id,j) == 0) - { - if(s->sid_ctx_length != s->session->sid_ctx_length - || memcmp(s->session->sid_ctx,s->sid_ctx,s->sid_ctx_length)) - { - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); - goto f_err; - } - s->hit=1; - } - else /* a miss or crap from the other end */ - { - /* If we were trying for session-id reuse, make a new - * SSL_SESSION so we don't stuff up other people */ - s->hit=0; - if (s->session->session_id_length > 0) - { - if (!ssl_get_new_session(s,0)) - { - al=SSL_AD_INTERNAL_ERROR; - goto f_err; - } - } - s->session->session_id_length=j; - memcpy(s->session->session_id,p,j); /* j could be 0 */ - } - p+=j; - c=ssl_get_cipher_by_char(s,p); - if (c == NULL) - { - /* unknown cipher */ - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNKNOWN_CIPHER_RETURNED); - goto f_err; - } - p+=ssl_put_cipher_by_char(s,NULL,NULL); - - sk=ssl_get_ciphers_by_id(s); - i=sk_SSL_CIPHER_find(sk,c); - if (i < 0) - { - /* we did not say we would use this cipher */ - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_CIPHER_RETURNED); - goto f_err; - } - - if (s->hit && (s->session->cipher != c)) - { - if (!(s->options & - SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG)) - { - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED); - goto f_err; - } - } - s->s3->tmp.new_cipher=c; - - /* lets get the compression algorithm */ - /* COMPRESSION */ - j= *(p++); - if (j == 0) - comp=NULL; - else - comp=ssl3_comp_find(s->ctx->comp_methods,j); - - if ((j != 0) && (comp == NULL)) - { - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); - goto f_err; - } - else - { - s->s3->tmp.new_compression=comp; - } - - if (p != (d+n)) - { - /* wrong packet length */ - al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_BAD_PACKET_LENGTH); - goto err; - } - - return(1); -f_err: - ssl3_send_alert(s,SSL3_AL_FATAL,al); -err: - return(-1); - } - -static int ssl3_get_server_certificate(SSL *s) - { - int al,i,ok,ret= -1; - unsigned long n,nc,llen,l; - X509 *x=NULL; - unsigned char *p,*d,*q; - STACK_OF(X509) *sk=NULL; - SESS_CERT *sc; - EVP_PKEY *pkey=NULL; - int need_cert = 1; /* VRS: 0=> will allow null cert if auth == KRB5 */ - - n=ssl3_get_message(s, - SSL3_ST_CR_CERT_A, - SSL3_ST_CR_CERT_B, - -1, - s->max_cert_list, - &ok); - - if (!ok) return((int)n); - - if (s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) - { - s->s3->tmp.reuse_message=1; - return(1); - } - - if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE) - { - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_BAD_MESSAGE_TYPE); - goto f_err; - } - d=p=(unsigned char *)s->init_msg; - - if ((sk=sk_X509_new_null()) == NULL) - { - SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE); - goto err; - } - - n2l3(p,llen); - if (llen+3 != n) - { - al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_LENGTH_MISMATCH); - goto f_err; - } - for (nc=0; nc llen) - { - al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH); - goto f_err; - } - - q=p; - x=d2i_X509(NULL,&q,l); - if (x == NULL) - { - al=SSL_AD_BAD_CERTIFICATE; - SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_ASN1_LIB); - goto f_err; - } - if (q != (p+l)) - { - al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH); - goto f_err; - } - if (!sk_X509_push(sk,x)) - { - SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE); - goto err; - } - x=NULL; - nc+=l+3; - p=q; - } - - i=ssl_verify_cert_chain(s,sk); - if ((s->verify_mode != SSL_VERIFY_NONE) && (!i) -#ifndef OPENSSL_NO_KRB5 - && (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_MASK)) - != (SSL_aKRB5|SSL_kKRB5) -#endif /* OPENSSL_NO_KRB5 */ - ) - { - al=ssl_verify_alarm_type(s->verify_result); - SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED); - goto f_err; - } - ERR_clear_error(); /* but we keep s->verify_result */ - - sc=ssl_sess_cert_new(); - if (sc == NULL) goto err; - - if (s->session->sess_cert) ssl_sess_cert_free(s->session->sess_cert); - s->session->sess_cert=sc; - - sc->cert_chain=sk; - /* Inconsistency alert: cert_chain does include the peer's - * certificate, which we don't include in s3_srvr.c */ - x=sk_X509_value(sk,0); - sk=NULL; - /* VRS 19990621: possible memory leak; sk=null ==> !sk_pop_free() @end*/ - - pkey=X509_get_pubkey(x); - - /* VRS: allow null cert if auth == KRB5 */ - need_cert = ((s->s3->tmp.new_cipher->algorithms - & (SSL_MKEY_MASK|SSL_AUTH_MASK)) - == (SSL_aKRB5|SSL_kKRB5))? 0: 1; - -#ifdef KSSL_DEBUG - printf("pkey,x = %p, %p\n", pkey,x); - printf("ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x,pkey)); - printf("cipher, alg, nc = %s, %lx, %d\n", s->s3->tmp.new_cipher->name, - s->s3->tmp.new_cipher->algorithms, need_cert); -#endif /* KSSL_DEBUG */ - - if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey))) - { - x=NULL; - al=SSL3_AL_FATAL; - SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, - SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS); - goto f_err; - } - - i=ssl_cert_type(x,pkey); - if (need_cert && i < 0) - { - x=NULL; - al=SSL3_AL_FATAL; - SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, - SSL_R_UNKNOWN_CERTIFICATE_TYPE); - goto f_err; - } - - if (need_cert) - { - sc->peer_cert_type=i; - CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); - /* Why would the following ever happen? - * We just created sc a couple of lines ago. */ - if (sc->peer_pkeys[i].x509 != NULL) - X509_free(sc->peer_pkeys[i].x509); - sc->peer_pkeys[i].x509=x; - sc->peer_key= &(sc->peer_pkeys[i]); - - if (s->session->peer != NULL) - X509_free(s->session->peer); - CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); - s->session->peer=x; - } - else - { - sc->peer_cert_type=i; - sc->peer_key= NULL; - - if (s->session->peer != NULL) - X509_free(s->session->peer); - s->session->peer=NULL; - } - s->session->verify_result = s->verify_result; - - x=NULL; - ret=1; - - if (0) - { -f_err: - ssl3_send_alert(s,SSL3_AL_FATAL,al); - } -err: - EVP_PKEY_free(pkey); - X509_free(x); - sk_X509_pop_free(sk,X509_free); - return(ret); - } - -static int ssl3_get_key_exchange(SSL *s) - { -#ifndef OPENSSL_NO_RSA - unsigned char *q,md_buf[EVP_MAX_MD_SIZE*2]; -#endif - EVP_MD_CTX md_ctx; - unsigned char *param,*p; - int al,i,j,param_len,ok; - long n,alg; - EVP_PKEY *pkey=NULL; -#ifndef OPENSSL_NO_RSA - RSA *rsa=NULL; -#endif -#ifndef OPENSSL_NO_DH - DH *dh=NULL; -#endif - - /* use same message size as in ssl3_get_certificate_request() - * as ServerKeyExchange message may be skipped */ - n=ssl3_get_message(s, - SSL3_ST_CR_KEY_EXCH_A, - SSL3_ST_CR_KEY_EXCH_B, - -1, - s->max_cert_list, - &ok); - - if (!ok) return((int)n); - - if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) - { - s->s3->tmp.reuse_message=1; - return(1); - } - - param=p=(unsigned char *)s->init_msg; - - if (s->session->sess_cert != NULL) - { -#ifndef OPENSSL_NO_RSA - if (s->session->sess_cert->peer_rsa_tmp != NULL) - { - RSA_free(s->session->sess_cert->peer_rsa_tmp); - s->session->sess_cert->peer_rsa_tmp=NULL; - } -#endif -#ifndef OPENSSL_NO_DH - if (s->session->sess_cert->peer_dh_tmp) - { - DH_free(s->session->sess_cert->peer_dh_tmp); - s->session->sess_cert->peer_dh_tmp=NULL; - } -#endif - } - else - { - s->session->sess_cert=ssl_sess_cert_new(); - } - - param_len=0; - alg=s->s3->tmp.new_cipher->algorithms; - EVP_MD_CTX_init(&md_ctx); - -#ifndef OPENSSL_NO_RSA - if (alg & SSL_kRSA) - { - if ((rsa=RSA_new()) == NULL) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); - goto err; - } - n2s(p,i); - param_len=i+2; - if (param_len > n) - { - al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_MODULUS_LENGTH); - goto f_err; - } - if (!(rsa->n=BN_bin2bn(p,i,rsa->n))) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); - goto err; - } - p+=i; - - n2s(p,i); - param_len+=i+2; - if (param_len > n) - { - al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_E_LENGTH); - goto f_err; - } - if (!(rsa->e=BN_bin2bn(p,i,rsa->e))) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); - goto err; - } - p+=i; - n-=param_len; - - /* this should be because we are using an export cipher */ - if (alg & SSL_aRSA) - pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); - else - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); - goto err; - } - s->session->sess_cert->peer_rsa_tmp=rsa; - rsa=NULL; - } -#else /* OPENSSL_NO_RSA */ - if (0) - ; -#endif -#ifndef OPENSSL_NO_DH - else if (alg & SSL_kEDH) - { - if ((dh=DH_new()) == NULL) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_DH_LIB); - goto err; - } - n2s(p,i); - param_len=i+2; - if (param_len > n) - { - al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_P_LENGTH); - goto f_err; - } - if (!(dh->p=BN_bin2bn(p,i,NULL))) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); - goto err; - } - p+=i; - - n2s(p,i); - param_len+=i+2; - if (param_len > n) - { - al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_G_LENGTH); - goto f_err; - } - if (!(dh->g=BN_bin2bn(p,i,NULL))) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); - goto err; - } - p+=i; - - n2s(p,i); - param_len+=i+2; - if (param_len > n) - { - al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_DH_PUB_KEY_LENGTH); - goto f_err; - } - if (!(dh->pub_key=BN_bin2bn(p,i,NULL))) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB); - goto err; - } - p+=i; - n-=param_len; - -#ifndef OPENSSL_NO_RSA - if (alg & SSL_aRSA) - pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); -#else - if (0) - ; -#endif -#ifndef OPENSSL_NO_DSA - else if (alg & SSL_aDSS) - pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509); -#endif - /* else anonymous DH, so no certificate or pkey. */ - - s->session->sess_cert->peer_dh_tmp=dh; - dh=NULL; - } - else if ((alg & SSL_kDHr) || (alg & SSL_kDHd)) - { - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER); - goto f_err; - } -#endif /* !OPENSSL_NO_DH */ - if (alg & SSL_aFZA) - { - al=SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER); - goto f_err; - } - - - /* p points to the next byte, there are 'n' bytes left */ - - - /* if it was signed, check the signature */ - if (pkey != NULL) - { - n2s(p,i); - n-=2; - j=EVP_PKEY_size(pkey); - - if ((i != n) || (n > j) || (n <= 0)) - { - /* wrong packet length */ - al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_WRONG_SIGNATURE_LENGTH); - goto f_err; - } - -#ifndef OPENSSL_NO_RSA - if (pkey->type == EVP_PKEY_RSA) - { - int num; - - j=0; - q=md_buf; - for (num=2; num > 0; num--) - { - EVP_DigestInit_ex(&md_ctx,(num == 2) - ?s->ctx->md5:s->ctx->sha1, NULL); - EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); - EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); - EVP_DigestUpdate(&md_ctx,param,param_len); - EVP_DigestFinal_ex(&md_ctx,q,(unsigned int *)&i); - q+=i; - j+=i; - } - i=RSA_verify(NID_md5_sha1, md_buf, j, p, n, - pkey->pkey.rsa); - if (i < 0) - { - al=SSL_AD_DECRYPT_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); - goto f_err; - } - if (i == 0) - { - /* bad signature */ - al=SSL_AD_DECRYPT_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE); - goto f_err; - } - } - else -#endif -#ifndef OPENSSL_NO_DSA - if (pkey->type == EVP_PKEY_DSA) - { - /* lets do DSS */ - EVP_VerifyInit_ex(&md_ctx,EVP_dss1(), NULL); - EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); - EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); - EVP_VerifyUpdate(&md_ctx,param,param_len); - if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey)) - { - /* bad signature */ - al=SSL_AD_DECRYPT_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE); - goto f_err; - } - } - else -#endif - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); - goto err; - } - } - else - { - /* still data left over */ - if (!(alg & SSL_aNULL)) - { - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); - goto err; - } - if (n != 0) - { - al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_EXTRA_DATA_IN_MESSAGE); - goto f_err; - } - } - EVP_PKEY_free(pkey); - EVP_MD_CTX_cleanup(&md_ctx); - return(1); -f_err: - ssl3_send_alert(s,SSL3_AL_FATAL,al); -err: - EVP_PKEY_free(pkey); -#ifndef OPENSSL_NO_RSA - if (rsa != NULL) - RSA_free(rsa); -#endif -#ifndef OPENSSL_NO_DH - if (dh != NULL) - DH_free(dh); -#endif - EVP_MD_CTX_cleanup(&md_ctx); - return(-1); - } - -static int ssl3_get_certificate_request(SSL *s) - { - int ok,ret=0; - unsigned long n,nc,l; - unsigned int llen,ctype_num,i; - X509_NAME *xn=NULL; - unsigned char *p,*d,*q; - STACK_OF(X509_NAME) *ca_sk=NULL; - - n=ssl3_get_message(s, - SSL3_ST_CR_CERT_REQ_A, - SSL3_ST_CR_CERT_REQ_B, - -1, - s->max_cert_list, - &ok); - - if (!ok) return((int)n); - - s->s3->tmp.cert_req=0; - - if (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE) - { - s->s3->tmp.reuse_message=1; - return(1); - } - - if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_REQUEST) - { - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); - SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_WRONG_MESSAGE_TYPE); - goto err; - } - - /* TLS does not like anon-DH with client cert */ - if (s->version > SSL3_VERSION) - { - l=s->s3->tmp.new_cipher->algorithms; - if (l & SSL_aNULL) - { - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); - SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER); - goto err; - } - } - - d=p=(unsigned char *)s->init_msg; - - if ((ca_sk=sk_X509_NAME_new(ca_dn_cmp)) == NULL) - { - SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE); - goto err; - } - - /* get the certificate types */ - ctype_num= *(p++); - if (ctype_num > SSL3_CT_NUMBER) - ctype_num=SSL3_CT_NUMBER; - for (i=0; is3->tmp.ctype[i]= p[i]; - p+=ctype_num; - - /* get the CA RDNs */ - n2s(p,llen); -#if 0 -{ -FILE *out; -out=fopen("/tmp/vsign.der","w"); -fwrite(p,1,llen,out); -fclose(out); -} -#endif - - if ((llen+ctype_num+2+1) != n) - { - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); - SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_LENGTH_MISMATCH); - goto err; - } - - for (nc=0; nc llen) - { - if ((s->options & SSL_OP_NETSCAPE_CA_DN_BUG)) - goto cont; /* netscape bugs */ - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); - SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_CA_DN_TOO_LONG); - goto err; - } - - q=p; - - if ((xn=d2i_X509_NAME(NULL,&q,l)) == NULL) - { - /* If netscape tolerance is on, ignore errors */ - if (s->options & SSL_OP_NETSCAPE_CA_DN_BUG) - goto cont; - else - { - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); - SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_ASN1_LIB); - goto err; - } - } - - if (q != (p+l)) - { - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); - SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_CA_DN_LENGTH_MISMATCH); - goto err; - } - if (!sk_X509_NAME_push(ca_sk,xn)) - { - SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE); - goto err; - } - - p+=l; - nc+=l+2; - } - - if (0) - { -cont: - ERR_clear_error(); - } - - /* we should setup a certificate to return.... */ - s->s3->tmp.cert_req=1; - s->s3->tmp.ctype_num=ctype_num; - if (s->s3->tmp.ca_names != NULL) - sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); - s->s3->tmp.ca_names=ca_sk; - ca_sk=NULL; - - ret=1; -err: - if (ca_sk != NULL) sk_X509_NAME_pop_free(ca_sk,X509_NAME_free); - return(ret); - } - -static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b) - { - return(X509_NAME_cmp(*a,*b)); - } - -static int ssl3_get_server_done(SSL *s) - { - int ok,ret=0; - long n; - - n=ssl3_get_message(s, - SSL3_ST_CR_SRVR_DONE_A, - SSL3_ST_CR_SRVR_DONE_B, - SSL3_MT_SERVER_DONE, - 30, /* should be very small, like 0 :-) */ - &ok); - - if (!ok) return((int)n); - if (n > 0) - { - /* should contain no data */ - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); - SSLerr(SSL_F_SSL3_GET_SERVER_DONE,SSL_R_LENGTH_MISMATCH); - return -1; - } - ret=1; - return(ret); - } - -static int ssl3_send_client_key_exchange(SSL *s) - { - unsigned char *p,*d; - int n; - unsigned long l; -#ifndef OPENSSL_NO_RSA - unsigned char *q; - EVP_PKEY *pkey=NULL; -#endif -#ifndef OPENSSL_NO_KRB5 - KSSL_ERR kssl_err; -#endif /* OPENSSL_NO_KRB5 */ - - if (s->state == SSL3_ST_CW_KEY_EXCH_A) - { - d=(unsigned char *)s->init_buf->data; - p= &(d[4]); - - l=s->s3->tmp.new_cipher->algorithms; - - /* Fool emacs indentation */ - if (0) {} -#ifndef OPENSSL_NO_RSA - else if (l & SSL_kRSA) - { - RSA *rsa; - unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; - - if (s->session->sess_cert->peer_rsa_tmp != NULL) - rsa=s->session->sess_cert->peer_rsa_tmp; - else - { - pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); - if ((pkey == NULL) || - (pkey->type != EVP_PKEY_RSA) || - (pkey->pkey.rsa == NULL)) - { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); - goto err; - } - rsa=pkey->pkey.rsa; - EVP_PKEY_free(pkey); - } - - tmp_buf[0]=s->client_version>>8; - tmp_buf[1]=s->client_version&0xff; - if (RAND_bytes(&(tmp_buf[2]),SSL_MAX_MASTER_KEY_LENGTH-2) <= 0) - goto err; - - s->session->master_key_length=SSL_MAX_MASTER_KEY_LENGTH; - - q=p; - /* Fix buf for TLS and beyond */ - if (s->version > SSL3_VERSION) - p+=2; - n=RSA_public_encrypt(SSL_MAX_MASTER_KEY_LENGTH, - tmp_buf,p,rsa,RSA_PKCS1_PADDING); -#ifdef PKCS1_CHECK - if (s->options & SSL_OP_PKCS1_CHECK_1) p[1]++; - if (s->options & SSL_OP_PKCS1_CHECK_2) tmp_buf[0]=0x70; -#endif - if (n <= 0) - { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_ENCRYPT); - goto err; - } - - /* Fix buf for TLS and beyond */ - if (s->version > SSL3_VERSION) - { - s2n(n,q); - n+=2; - } - - s->session->master_key_length= - s->method->ssl3_enc->generate_master_secret(s, - s->session->master_key, - tmp_buf,SSL_MAX_MASTER_KEY_LENGTH); - memset(tmp_buf,0,SSL_MAX_MASTER_KEY_LENGTH); - } -#endif -#ifndef OPENSSL_NO_KRB5 - else if (l & SSL_kKRB5) - { - krb5_error_code krb5rc; - KSSL_CTX *kssl_ctx = s->kssl_ctx; - /* krb5_data krb5_ap_req; */ - krb5_data *enc_ticket; - krb5_data authenticator, *authp = NULL; - EVP_CIPHER_CTX ciph_ctx; - EVP_CIPHER *enc = NULL; - unsigned char iv[EVP_MAX_IV_LENGTH]; - unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; - unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH - + EVP_MAX_IV_LENGTH]; - int padl, outl = sizeof(epms); - - EVP_CIPHER_CTX_init(&ciph_ctx); - -#ifdef KSSL_DEBUG - printf("ssl3_send_client_key_exchange(%lx & %lx)\n", - l, SSL_kKRB5); -#endif /* KSSL_DEBUG */ - - authp = NULL; -#ifdef KRB5SENDAUTH - if (KRB5SENDAUTH) authp = &authenticator; -#endif /* KRB5SENDAUTH */ - - krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp, - &kssl_err); - enc = kssl_map_enc(kssl_ctx->enctype); - if (enc == NULL) - goto err; -#ifdef KSSL_DEBUG - { - printf("kssl_cget_tkt rtn %d\n", krb5rc); - if (krb5rc && kssl_err.text) - printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text); - } -#endif /* KSSL_DEBUG */ - - if (krb5rc) - { - ssl3_send_alert(s,SSL3_AL_FATAL, - SSL_AD_HANDSHAKE_FAILURE); - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - kssl_err.reason); - goto err; - } - - /* 20010406 VRS - Earlier versions used KRB5 AP_REQ - ** in place of RFC 2712 KerberosWrapper, as in: - ** - ** Send ticket (copy to *p, set n = length) - ** n = krb5_ap_req.length; - ** memcpy(p, krb5_ap_req.data, krb5_ap_req.length); - ** if (krb5_ap_req.data) - ** kssl_krb5_free_data_contents(NULL,&krb5_ap_req); - ** - ** Now using real RFC 2712 KerberosWrapper - ** (Thanks to Simon Wilkinson ) - ** Note: 2712 "opaque" types are here replaced - ** with a 2-byte length followed by the value. - ** Example: - ** KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms - ** Where "xx xx" = length bytes. Shown here with - ** optional authenticator omitted. - */ - - /* KerberosWrapper.Ticket */ - s2n(enc_ticket->length,p); - memcpy(p, enc_ticket->data, enc_ticket->length); - p+= enc_ticket->length; - n = enc_ticket->length + 2; - - /* KerberosWrapper.Authenticator */ - if (authp && authp->length) - { - s2n(authp->length,p); - memcpy(p, authp->data, authp->length); - p+= authp->length; - n+= authp->length + 2; - - free(authp->data); - authp->data = NULL; - authp->length = 0; - } - else - { - s2n(0,p);/* null authenticator length */ - n+=2; - } - - if (RAND_bytes(tmp_buf,SSL_MAX_MASTER_KEY_LENGTH) <= 0) - goto err; - - /* 20010420 VRS. Tried it this way; failed. - ** EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL); - ** EVP_CIPHER_CTX_set_key_length(&ciph_ctx, - ** kssl_ctx->length); - ** EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv); - */ - - memset(iv, 0, EVP_MAX_IV_LENGTH); /* per RFC 1510 */ - EVP_EncryptInit_ex(&ciph_ctx,enc, NULL, - kssl_ctx->key,iv); - EVP_EncryptUpdate(&ciph_ctx,epms,&outl,tmp_buf, - SSL_MAX_MASTER_KEY_LENGTH); - EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl); - outl += padl; - die(outl <= sizeof epms); - EVP_CIPHER_CTX_cleanup(&ciph_ctx); - - /* KerberosWrapper.EncryptedPreMasterSecret */ - s2n(outl,p); - memcpy(p, epms, outl); - p+=outl; - n+=outl + 2; - - s->session->master_key_length= - s->method->ssl3_enc->generate_master_secret(s, - s->session->master_key, - tmp_buf, SSL_MAX_MASTER_KEY_LENGTH); - - memset(tmp_buf, 0, SSL_MAX_MASTER_KEY_LENGTH); - memset(epms, 0, outl); - } -#endif -#ifndef OPENSSL_NO_DH - else if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) - { - DH *dh_srvr,*dh_clnt; - - if (s->session->sess_cert->peer_dh_tmp != NULL) - dh_srvr=s->session->sess_cert->peer_dh_tmp; - else - { - /* we get them from the cert */ - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_DH_PARAMETERS); - goto err; - } - - /* generate a new random key */ - if ((dh_clnt=DHparams_dup(dh_srvr)) == NULL) - { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB); - goto err; - } - if (!DH_generate_key(dh_clnt)) - { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB); - goto err; - } - - /* use the 'p' output buffer for the DH key, but - * make sure to clear it out afterwards */ - - n=DH_compute_key(p,dh_srvr->pub_key,dh_clnt); - - if (n <= 0) - { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB); - goto err; - } - - /* generate master key from the result */ - s->session->master_key_length= - s->method->ssl3_enc->generate_master_secret(s, - s->session->master_key,p,n); - /* clean up */ - memset(p,0,n); - - /* send off the data */ - n=BN_num_bytes(dh_clnt->pub_key); - s2n(n,p); - BN_bn2bin(dh_clnt->pub_key,p); - n+=2; - - DH_free(dh_clnt); - - /* perhaps clean things up a bit EAY EAY EAY EAY*/ - } -#endif - else - { - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); - goto err; - } - - *(d++)=SSL3_MT_CLIENT_KEY_EXCHANGE; - l2n3(n,d); - - s->state=SSL3_ST_CW_KEY_EXCH_B; - /* number of bytes to write */ - s->init_num=n+4; - s->init_off=0; - } - - /* SSL3_ST_CW_KEY_EXCH_B */ - return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); -err: - return(-1); - } - -static int ssl3_send_client_verify(SSL *s) - { - unsigned char *p,*d; - unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; - EVP_PKEY *pkey; -#ifndef OPENSSL_NO_RSA - unsigned u=0; -#endif - unsigned long n; -#ifndef OPENSSL_NO_DSA - int j; -#endif - - if (s->state == SSL3_ST_CW_CERT_VRFY_A) - { - d=(unsigned char *)s->init_buf->data; - p= &(d[4]); - pkey=s->cert->key->privatekey; - - s->method->ssl3_enc->cert_verify_mac(s,&(s->s3->finish_dgst2), - &(data[MD5_DIGEST_LENGTH])); - -#ifndef OPENSSL_NO_RSA - if (pkey->type == EVP_PKEY_RSA) - { - s->method->ssl3_enc->cert_verify_mac(s, - &(s->s3->finish_dgst1),&(data[0])); - if (RSA_sign(NID_md5_sha1, data, - MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, - &(p[2]), &u, pkey->pkey.rsa) <= 0 ) - { - SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_RSA_LIB); - goto err; - } - s2n(u,p); - n=u+2; - } - else -#endif -#ifndef OPENSSL_NO_DSA - if (pkey->type == EVP_PKEY_DSA) - { - if (!DSA_sign(pkey->save_type, - &(data[MD5_DIGEST_LENGTH]), - SHA_DIGEST_LENGTH,&(p[2]), - (unsigned int *)&j,pkey->pkey.dsa)) - { - SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_DSA_LIB); - goto err; - } - s2n(j,p); - n=j+2; - } - else -#endif - { - SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR); - goto err; - } - *(d++)=SSL3_MT_CERTIFICATE_VERIFY; - l2n3(n,d); - - s->init_num=(int)n+4; - s->init_off=0; - } - return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); -err: - return(-1); - } - -static int ssl3_send_client_certificate(SSL *s) - { - X509 *x509=NULL; - EVP_PKEY *pkey=NULL; - int i; - unsigned long l; - - if (s->state == SSL3_ST_CW_CERT_A) - { - if ((s->cert == NULL) || - (s->cert->key->x509 == NULL) || - (s->cert->key->privatekey == NULL)) - s->state=SSL3_ST_CW_CERT_B; - else - s->state=SSL3_ST_CW_CERT_C; - } - - /* We need to get a client cert */ - if (s->state == SSL3_ST_CW_CERT_B) - { - /* If we get an error, we need to - * ssl->rwstate=SSL_X509_LOOKUP; return(-1); - * We then get retied later */ - i=0; - if (s->ctx->client_cert_cb != NULL) - i=s->ctx->client_cert_cb(s,&(x509),&(pkey)); - if (i < 0) - { - s->rwstate=SSL_X509_LOOKUP; - return(-1); - } - s->rwstate=SSL_NOTHING; - if ((i == 1) && (pkey != NULL) && (x509 != NULL)) - { - s->state=SSL3_ST_CW_CERT_B; - if ( !SSL_use_certificate(s,x509) || - !SSL_use_PrivateKey(s,pkey)) - i=0; - } - else if (i == 1) - { - i=0; - SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE,SSL_R_BAD_DATA_RETURNED_BY_CALLBACK); - } - - if (x509 != NULL) X509_free(x509); - if (pkey != NULL) EVP_PKEY_free(pkey); - if (i == 0) - { - if (s->version == SSL3_VERSION) - { - s->s3->tmp.cert_req=0; - ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_NO_CERTIFICATE); - return(1); - } - else - { - s->s3->tmp.cert_req=2; - } - } - - /* Ok, we have a cert */ - s->state=SSL3_ST_CW_CERT_C; - } - - if (s->state == SSL3_ST_CW_CERT_C) - { - s->state=SSL3_ST_CW_CERT_D; - l=ssl3_output_cert_chain(s, - (s->s3->tmp.cert_req == 2)?NULL:s->cert->key->x509); - s->init_num=(int)l; - s->init_off=0; - } - /* SSL3_ST_CW_CERT_D */ - return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); - } - -#define has_bits(i,m) (((i)&(m)) == (m)) - -static int ssl3_check_cert_and_algorithm(SSL *s) - { - int i,idx; - long algs; - EVP_PKEY *pkey=NULL; - SESS_CERT *sc; -#ifndef OPENSSL_NO_RSA - RSA *rsa; -#endif -#ifndef OPENSSL_NO_DH - DH *dh; -#endif - - sc=s->session->sess_cert; - - if (sc == NULL) - { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,ERR_R_INTERNAL_ERROR); - goto err; - } - - algs=s->s3->tmp.new_cipher->algorithms; - - /* we don't have a certificate */ - if (algs & (SSL_aDH|SSL_aNULL|SSL_aKRB5)) - return(1); - -#ifndef OPENSSL_NO_RSA - rsa=s->session->sess_cert->peer_rsa_tmp; -#endif -#ifndef OPENSSL_NO_DH - dh=s->session->sess_cert->peer_dh_tmp; -#endif - - /* This is the passed certificate */ - - idx=sc->peer_cert_type; - pkey=X509_get_pubkey(sc->peer_pkeys[idx].x509); - i=X509_certificate_type(sc->peer_pkeys[idx].x509,pkey); - EVP_PKEY_free(pkey); - - - /* Check that we have a certificate if we require one */ - if ((algs & SSL_aRSA) && !has_bits(i,EVP_PK_RSA|EVP_PKT_SIGN)) - { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_SIGNING_CERT); - goto f_err; - } -#ifndef OPENSSL_NO_DSA - else if ((algs & SSL_aDSS) && !has_bits(i,EVP_PK_DSA|EVP_PKT_SIGN)) - { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DSA_SIGNING_CERT); - goto f_err; - } -#endif -#ifndef OPENSSL_NO_RSA - if ((algs & SSL_kRSA) && - !(has_bits(i,EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL))) - { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_ENCRYPTING_CERT); - goto f_err; - } -#endif -#ifndef OPENSSL_NO_DH - if ((algs & SSL_kEDH) && - !(has_bits(i,EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) - { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_KEY); - goto f_err; - } - else if ((algs & SSL_kDHr) && !has_bits(i,EVP_PK_DH|EVP_PKS_RSA)) - { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_RSA_CERT); - goto f_err; - } -#ifndef OPENSSL_NO_DSA - else if ((algs & SSL_kDHd) && !has_bits(i,EVP_PK_DH|EVP_PKS_DSA)) - { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_DSA_CERT); - goto f_err; - } -#endif -#endif - - if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i,EVP_PKT_EXP)) - { -#ifndef OPENSSL_NO_RSA - if (algs & SSL_kRSA) - { - if (rsa == NULL - || RSA_size(rsa) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) - { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY); - goto f_err; - } - } - else -#endif -#ifndef OPENSSL_NO_DH - if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) - { - if (dh == NULL - || DH_size(dh) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) - { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY); - goto f_err; - } - } - else -#endif - { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); - goto f_err; - } - } - return(1); -f_err: - ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); -err: - return(0); - } - diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index 838071b16b1..49f402d0658 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c @@ -1,25 +1,25 @@ -/* ssl/s3_lib.c */ +/* $OpenBSD: s3_lib.c,v 1.185 2019/03/25 17:21:18 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written * by Eric Young (eay@cryptsoft.com). * The implementation was written so as to conform with Netscapes SSL. - * + * * This library is free for commercial and non-commercial use as long as * the following conditions are aheared to. The following conditions * apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation * included with this distribution is covered by the same copyright terms * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * + * * Copyright remains Eric Young's, and as such any Copyright notices in * the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution * as the author of the parts of the library used. * This can be in the form of a textual message at program startup or * in documentation (online or textual) provided with the package. - * + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -34,10 +34,10 @@ * Eric Young (eay@cryptsoft.com)" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from + * 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * + * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE @@ -49,21 +49,21 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * + * * The licence and distribution terms for any publically available version or * derivative of this code cannot be changed. i.e. this code cannot simply be * copied and put under another distribution licence * [including the GNU Public Licence.] */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -108,1575 +108,2496 @@ * Hudson (tjh@cryptsoft.com). * */ +/* ==================================================================== + * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. + * + * Portions of the attached software ("Contribution") are developed by + * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project. + * + * The Contribution is licensed pursuant to the OpenSSL open source + * license provided above. + * + * ECC cipher suite support in OpenSSL originally written by + * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories. + * + */ +/* ==================================================================== + * Copyright 2005 Nokia. All rights reserved. + * + * The portions of the attached software ("Contribution") is developed by + * Nokia Corporation and is licensed pursuant to the OpenSSL open source + * license. + * + * The Contribution, originally written by Mika Kousa and Pasi Eronen of + * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites + * support (see RFC 4279) to OpenSSL. + * + * No patent licenses or other rights except those expressly stated in + * the OpenSSL open source license shall be deemed granted or received + * expressly, by implication, estoppel, or otherwise. + * + * No assurances are provided by Nokia that the Contribution does not + * infringe the patent or other intellectual property rights of any third + * party or that the license provides you with all the necessary rights + * to make use of the Contribution. + * + * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN + * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA + * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY + * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR + * OTHERWISE. + */ +#include #include + +#include +#include +#include +#include #include + #include "ssl_locl.h" -#include "kssl_lcl.h" -#include +#include "bytestring.h" -const char *ssl3_version_str="SSLv3" OPENSSL_VERSION_PTEXT; - -#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER)) - -static long ssl3_default_timeout(void ); - -OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ -/* The RSA ciphers */ -/* Cipher 01 */ - { - 1, - SSL3_TXT_RSA_NULL_MD5, - SSL3_CK_RSA_NULL_MD5, - SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_SSLV3, - SSL_NOT_EXP, - 0, - 0, - 0, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, -/* Cipher 02 */ - { - 1, - SSL3_TXT_RSA_NULL_SHA, - SSL3_CK_RSA_NULL_SHA, - SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP, - 0, - 0, - 0, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, - -/* anon DH */ -/* Cipher 17 */ - { - 1, - SSL3_TXT_ADH_RC4_40_MD5, - SSL3_CK_ADH_RC4_40_MD5, - SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3, - SSL_EXPORT|SSL_EXP40, - 0, - 40, - 128, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, -/* Cipher 18 */ - { - 1, - SSL3_TXT_ADH_RC4_128_MD5, - SSL3_CK_ADH_RC4_128_MD5, - SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3, - SSL_NOT_EXP|SSL_MEDIUM, - 0, - 128, - 128, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, -/* Cipher 19 */ - { - 1, - SSL3_TXT_ADH_DES_40_CBC_SHA, - SSL3_CK_ADH_DES_40_CBC_SHA, - SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_SSLV3, - SSL_EXPORT|SSL_EXP40, - 0, - 40, - 128, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, -/* Cipher 1A */ - { - 1, - SSL3_TXT_ADH_DES_64_CBC_SHA, - SSL3_CK_ADH_DES_64_CBC_SHA, - SSL_kEDH |SSL_aNULL|SSL_DES |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP|SSL_LOW, - 0, - 56, - 56, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, -/* Cipher 1B */ - { - 1, - SSL3_TXT_ADH_DES_192_CBC_SHA, - SSL3_CK_ADH_DES_192_CBC_SHA, - SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH, - 0, - 168, - 168, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, - -/* RSA again */ -/* Cipher 03 */ - { - 1, - SSL3_TXT_RSA_RC4_40_MD5, - SSL3_CK_RSA_RC4_40_MD5, - SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5 |SSL_SSLV3, - SSL_EXPORT|SSL_EXP40, - 0, - 40, - 128, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, -/* Cipher 04 */ - { - 1, - SSL3_TXT_RSA_RC4_128_MD5, - SSL3_CK_RSA_RC4_128_MD5, - SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5|SSL_SSLV3, - SSL_NOT_EXP|SSL_MEDIUM, - 0, - 128, - 128, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, -/* Cipher 05 */ - { - 1, - SSL3_TXT_RSA_RC4_128_SHA, - SSL3_CK_RSA_RC4_128_SHA, - SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP|SSL_MEDIUM, - 0, - 128, - 128, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, -/* Cipher 06 */ - { - 1, - SSL3_TXT_RSA_RC2_40_MD5, - SSL3_CK_RSA_RC2_40_MD5, - SSL_kRSA|SSL_aRSA|SSL_RC2 |SSL_MD5 |SSL_SSLV3, - SSL_EXPORT|SSL_EXP40, - 0, - 40, - 128, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, -/* Cipher 07 */ -#ifndef OPENSSL_NO_IDEA - { - 1, - SSL3_TXT_RSA_IDEA_128_SHA, - SSL3_CK_RSA_IDEA_128_SHA, - SSL_kRSA|SSL_aRSA|SSL_IDEA |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP|SSL_MEDIUM, - 0, - 128, - 128, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, -#endif -/* Cipher 08 */ - { - 1, - SSL3_TXT_RSA_DES_40_CBC_SHA, - SSL3_CK_RSA_DES_40_CBC_SHA, - SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3, - SSL_EXPORT|SSL_EXP40, - 0, - 40, - 56, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, -/* Cipher 09 */ - { - 1, - SSL3_TXT_RSA_DES_64_CBC_SHA, - SSL3_CK_RSA_DES_64_CBC_SHA, - SSL_kRSA|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP|SSL_LOW, - 0, - 56, - 56, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, -/* Cipher 0A */ - { - 1, - SSL3_TXT_RSA_DES_192_CBC3_SHA, - SSL3_CK_RSA_DES_192_CBC3_SHA, - SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH, - 0, - 168, - 168, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, - -/* The DH ciphers */ -/* Cipher 0B */ - { - 0, - SSL3_TXT_DH_DSS_DES_40_CBC_SHA, - SSL3_CK_DH_DSS_DES_40_CBC_SHA, - SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3, - SSL_EXPORT|SSL_EXP40, - 0, - 40, - 56, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, -/* Cipher 0C */ - { - 0, - SSL3_TXT_DH_DSS_DES_64_CBC_SHA, - SSL3_CK_DH_DSS_DES_64_CBC_SHA, - SSL_kDHd |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP|SSL_LOW, - 0, - 56, - 56, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, -/* Cipher 0D */ - { - 0, - SSL3_TXT_DH_DSS_DES_192_CBC3_SHA, - SSL3_CK_DH_DSS_DES_192_CBC3_SHA, - SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH, - 0, - 168, - 168, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, -/* Cipher 0E */ - { - 0, - SSL3_TXT_DH_RSA_DES_40_CBC_SHA, - SSL3_CK_DH_RSA_DES_40_CBC_SHA, - SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3, - SSL_EXPORT|SSL_EXP40, - 0, - 40, - 56, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, -/* Cipher 0F */ - { - 0, - SSL3_TXT_DH_RSA_DES_64_CBC_SHA, - SSL3_CK_DH_RSA_DES_64_CBC_SHA, - SSL_kDHr |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP|SSL_LOW, - 0, - 56, - 56, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, -/* Cipher 10 */ - { - 0, - SSL3_TXT_DH_RSA_DES_192_CBC3_SHA, - SSL3_CK_DH_RSA_DES_192_CBC3_SHA, - SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH, - 0, - 168, - 168, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, - -/* The Ephemeral DH ciphers */ -/* Cipher 11 */ - { - 1, - SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, - SSL3_CK_EDH_DSS_DES_40_CBC_SHA, - SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_SSLV3, - SSL_EXPORT|SSL_EXP40, - 0, - 40, - 56, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, -/* Cipher 12 */ - { - 1, - SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, - SSL3_CK_EDH_DSS_DES_64_CBC_SHA, - SSL_kEDH|SSL_aDSS|SSL_DES |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP|SSL_LOW, - 0, - 56, - 56, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, -/* Cipher 13 */ - { - 1, - SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, - SSL3_CK_EDH_DSS_DES_192_CBC3_SHA, - SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH, - 0, - 168, - 168, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, -/* Cipher 14 */ - { - 1, - SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, - SSL3_CK_EDH_RSA_DES_40_CBC_SHA, - SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3, - SSL_EXPORT|SSL_EXP40, - 0, - 40, - 56, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, -/* Cipher 15 */ - { - 1, - SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, - SSL3_CK_EDH_RSA_DES_64_CBC_SHA, - SSL_kEDH|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP|SSL_LOW, - 0, - 56, - 56, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, -/* Cipher 16 */ - { - 1, - SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, - SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, - SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH, - 0, - 168, - 168, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, - -/* Fortezza */ -/* Cipher 1C */ - { - 0, - SSL3_TXT_FZA_DMS_NULL_SHA, - SSL3_CK_FZA_DMS_NULL_SHA, - SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP, - 0, - 0, - 0, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, - -/* Cipher 1D */ - { - 0, - SSL3_TXT_FZA_DMS_FZA_SHA, - SSL3_CK_FZA_DMS_FZA_SHA, - SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP, - 0, - 0, - 0, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, - -/* Cipher 1E */ - { - 0, - SSL3_TXT_FZA_DMS_RC4_SHA, - SSL3_CK_FZA_DMS_RC4_SHA, - SSL_kFZA|SSL_aFZA |SSL_RC4 |SSL_SHA1|SSL_SSLV3, - SSL_NOT_EXP|SSL_MEDIUM, - 0, - 128, - 128, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, - -#ifndef OPENSSL_NO_KRB5 -/* The Kerberos ciphers -** 20000107 VRS: And the first shall be last, -** in hopes of avoiding the lynx ssl renegotiation problem. -*/ -/* Cipher 21 VRS */ - { - 1, - SSL3_TXT_KRB5_DES_40_CBC_SHA, - SSL3_CK_KRB5_DES_40_CBC_SHA, - SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3, - SSL_EXPORT|SSL_EXP40, - 0, - 40, - 56, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, - -/* Cipher 22 VRS */ - { - 1, - SSL3_TXT_KRB5_DES_40_CBC_MD5, - SSL3_CK_KRB5_DES_40_CBC_MD5, - SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_MD5 |SSL_SSLV3, - SSL_EXPORT|SSL_EXP40, - 0, - 40, - 56, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, - -/* Cipher 23 VRS */ - { - 1, - SSL3_TXT_KRB5_DES_64_CBC_SHA, - SSL3_CK_KRB5_DES_64_CBC_SHA, - SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3, - SSL_NOT_EXP|SSL_LOW, - 0, - 56, - 56, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, - -/* Cipher 24 VRS */ - { - 1, - SSL3_TXT_KRB5_DES_64_CBC_MD5, - SSL3_CK_KRB5_DES_64_CBC_MD5, - SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_MD5 |SSL_SSLV3, - SSL_NOT_EXP|SSL_LOW, - 0, - 56, - 56, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, - -/* Cipher 25 VRS */ - { - 1, - SSL3_TXT_KRB5_DES_192_CBC3_SHA, - SSL3_CK_KRB5_DES_192_CBC3_SHA, - SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_SHA1 |SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH, - 0, - 112, - 168, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, - -/* Cipher 26 VRS */ - { - 1, - SSL3_TXT_KRB5_DES_192_CBC3_MD5, - SSL3_CK_KRB5_DES_192_CBC3_MD5, - SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_MD5 |SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH, - 0, - 112, - 168, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, -#endif /* OPENSSL_NO_KRB5 */ - - -#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES - /* New TLS Export CipherSuites */ - /* Cipher 60 */ - { - 1, - TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5, - TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5, - SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_TLSV1, - SSL_EXPORT|SSL_EXP56, - 0, - 56, - 128, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, - /* Cipher 61 */ - { - 1, - TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, - TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, - SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_TLSV1, - SSL_EXPORT|SSL_EXP56, - 0, - 56, - 128, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, - /* Cipher 62 */ - { - 1, - TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA, - TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA, - SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1, - SSL_EXPORT|SSL_EXP56, - 0, - 56, - 56, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, - /* Cipher 63 */ - { - 1, - TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, - TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, - SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1, - SSL_EXPORT|SSL_EXP56, - 0, - 56, - 56, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, - /* Cipher 64 */ - { - 1, - TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA, - TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA, - SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1, - SSL_EXPORT|SSL_EXP56, - 0, - 56, - 128, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, - /* Cipher 65 */ - { - 1, - TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, - TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, - SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1, - SSL_EXPORT|SSL_EXP56, - 0, - 56, - 128, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, - /* Cipher 66 */ - { - 1, - TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA, - TLS1_CK_DHE_DSS_WITH_RC4_128_SHA, - SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1, - SSL_NOT_EXP|SSL_MEDIUM, - 0, - 128, - 128, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS - }, -#endif - /* New AES ciphersuites */ +#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers) / sizeof(SSL_CIPHER)) - /* Cipher 2F */ - { - 1, - TLS1_TXT_RSA_WITH_AES_128_SHA, - TLS1_CK_RSA_WITH_AES_128_SHA, - SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1, - SSL_NOT_EXP|SSL_MEDIUM, - 0, - 128, - 128, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, - /* Cipher 30 */ - { - 0, - TLS1_TXT_DH_DSS_WITH_AES_128_SHA, - TLS1_CK_DH_DSS_WITH_AES_128_SHA, - SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, - SSL_NOT_EXP|SSL_MEDIUM, - 0, - 128, - 128, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, - /* Cipher 31 */ - { - 0, - TLS1_TXT_DH_RSA_WITH_AES_128_SHA, - TLS1_CK_DH_RSA_WITH_AES_128_SHA, - SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, - SSL_NOT_EXP|SSL_MEDIUM, - 0, - 128, - 128, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, - /* Cipher 32 */ - { - 1, - TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, - TLS1_CK_DHE_DSS_WITH_AES_128_SHA, - SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1, - SSL_NOT_EXP|SSL_MEDIUM, - 0, - 128, - 128, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, - /* Cipher 33 */ - { - 1, - TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, - TLS1_CK_DHE_RSA_WITH_AES_128_SHA, - SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, - SSL_NOT_EXP|SSL_MEDIUM, - 0, - 128, - 128, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, - /* Cipher 34 */ - { - 1, - TLS1_TXT_ADH_WITH_AES_128_SHA, - TLS1_CK_ADH_WITH_AES_128_SHA, - SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, - SSL_NOT_EXP|SSL_MEDIUM, - 0, - 128, - 128, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, +/* + * FIXED_NONCE_LEN is a macro that provides in the correct value to set the + * fixed nonce length in algorithms2. It is the inverse of the + * SSL_CIPHER_AEAD_FIXED_NONCE_LEN macro. + */ +#define FIXED_NONCE_LEN(x) (((x / 2) & 0xf) << 24) - /* Cipher 35 */ - { - 1, - TLS1_TXT_RSA_WITH_AES_256_SHA, - TLS1_CK_RSA_WITH_AES_256_SHA, - SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - 0, - 256, - 256, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, - /* Cipher 36 */ - { - 0, - TLS1_TXT_DH_DSS_WITH_AES_256_SHA, - TLS1_CK_DH_DSS_WITH_AES_256_SHA, - SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - 0, - 256, - 256, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, - /* Cipher 37 */ - { - 0, - TLS1_TXT_DH_RSA_WITH_AES_256_SHA, - TLS1_CK_DH_RSA_WITH_AES_256_SHA, - SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - 0, - 256, - 256, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, - /* Cipher 38 */ - { - 1, - TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, - TLS1_CK_DHE_DSS_WITH_AES_256_SHA, - SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - 0, - 256, - 256, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, - /* Cipher 39 */ - { - 1, - TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, - TLS1_CK_DHE_RSA_WITH_AES_256_SHA, - SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - 0, - 256, - 256, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, - /* Cipher 3A */ - { - 1, - TLS1_TXT_ADH_WITH_AES_256_SHA, - TLS1_CK_ADH_WITH_AES_256_SHA, - SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - 0, - 256, - 256, - SSL_ALL_CIPHERS, - SSL_ALL_STRENGTHS, - }, - -/* end of list */ - }; - -static SSL3_ENC_METHOD SSLv3_enc_data={ - ssl3_enc, - ssl3_mac, - ssl3_setup_key_block, - ssl3_generate_master_secret, - ssl3_change_cipher_state, - ssl3_final_finish_mac, - MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, - ssl3_cert_verify_mac, - SSL3_MD_CLIENT_FINISHED_CONST,4, - SSL3_MD_SERVER_FINISHED_CONST,4, - ssl3_alert_code, - }; - -static SSL_METHOD SSLv3_data= { - SSL3_VERSION, - ssl3_new, - ssl3_clear, - ssl3_free, - ssl_undefined_function, - ssl_undefined_function, - ssl3_read, - ssl3_peek, - ssl3_write, - ssl3_shutdown, - ssl3_renegotiate, - ssl3_renegotiate_check, - ssl3_ctrl, - ssl3_ctx_ctrl, - ssl3_get_cipher_by_char, - ssl3_put_cipher_by_char, - ssl3_pending, - ssl3_num_ciphers, - ssl3_get_cipher, - ssl_bad_method, - ssl3_default_timeout, - &SSLv3_enc_data, - ssl_undefined_function, - ssl3_callback_ctrl, - ssl3_ctx_callback_ctrl, - }; - -static long ssl3_default_timeout(void) - { - /* 2 hours, the 24 hours mentioned in the SSLv3 spec - * is way too long for http, the cache would over fill */ - return(60*60*2); - } +/* list of available SSLv3 ciphers (sorted by id) */ +SSL_CIPHER ssl3_ciphers[] = { -SSL_METHOD *sslv3_base_method(void) + /* The RSA ciphers */ + /* Cipher 01 */ { - return(&SSLv3_data); - } + .valid = 1, + .name = SSL3_TXT_RSA_NULL_MD5, + .id = SSL3_CK_RSA_NULL_MD5, + .algorithm_mkey = SSL_kRSA, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_eNULL, + .algorithm_mac = SSL_MD5, + .algorithm_ssl = SSL_SSLV3, + .algo_strength = SSL_STRONG_NONE, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 0, + .alg_bits = 0, + }, -int ssl3_num_ciphers(void) + /* Cipher 02 */ { - return(SSL3_NUM_CIPHERS); - } + .valid = 1, + .name = SSL3_TXT_RSA_NULL_SHA, + .id = SSL3_CK_RSA_NULL_SHA, + .algorithm_mkey = SSL_kRSA, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_eNULL, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_SSLV3, + .algo_strength = SSL_STRONG_NONE, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 0, + .alg_bits = 0, + }, -SSL_CIPHER *ssl3_get_cipher(unsigned int u) + /* Cipher 04 */ { - if (u < SSL3_NUM_CIPHERS) - return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u])); - else - return(NULL); - } + .valid = 1, + .name = SSL3_TXT_RSA_RC4_128_MD5, + .id = SSL3_CK_RSA_RC4_128_MD5, + .algorithm_mkey = SSL_kRSA, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_RC4, + .algorithm_mac = SSL_MD5, + .algorithm_ssl = SSL_SSLV3, + .algo_strength = SSL_LOW, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 128, + .alg_bits = 128, + }, -int ssl3_pending(SSL *s) + /* Cipher 05 */ { - if (s->rstate == SSL_ST_READ_BODY) - return 0; - - return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0; - } + .valid = 1, + .name = SSL3_TXT_RSA_RC4_128_SHA, + .id = SSL3_CK_RSA_RC4_128_SHA, + .algorithm_mkey = SSL_kRSA, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_RC4, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_SSLV3, + .algo_strength = SSL_LOW, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 128, + .alg_bits = 128, + }, -int ssl3_new(SSL *s) + /* Cipher 0A */ { - SSL3_STATE *s3; - - if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err; - memset(s3,0,sizeof *s3); - EVP_MD_CTX_init(&s3->finish_dgst1); - EVP_MD_CTX_init(&s3->finish_dgst2); - - s->s3=s3; - - s->method->ssl_clear(s); - return(1); -err: - return(0); - } + .valid = 1, + .name = SSL3_TXT_RSA_DES_192_CBC3_SHA, + .id = SSL3_CK_RSA_DES_192_CBC3_SHA, + .algorithm_mkey = SSL_kRSA, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_3DES, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_SSLV3, + .algo_strength = SSL_MEDIUM, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 112, + .alg_bits = 168, + }, -void ssl3_free(SSL *s) - { - if(s == NULL) - return; - - ssl3_cleanup_key_block(s); - if (s->s3->rbuf.buf != NULL) - OPENSSL_free(s->s3->rbuf.buf); - if (s->s3->wbuf.buf != NULL) - OPENSSL_free(s->s3->wbuf.buf); - if (s->s3->rrec.comp != NULL) - OPENSSL_free(s->s3->rrec.comp); -#ifndef OPENSSL_NO_DH - if (s->s3->tmp.dh != NULL) - DH_free(s->s3->tmp.dh); -#endif - if (s->s3->tmp.ca_names != NULL) - sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); - EVP_MD_CTX_cleanup(&s->s3->finish_dgst1); - EVP_MD_CTX_cleanup(&s->s3->finish_dgst2); - memset(s->s3,0,sizeof *s->s3); - OPENSSL_free(s->s3); - s->s3=NULL; - } + /* + * Ephemeral DH (DHE) ciphers. + */ -void ssl3_clear(SSL *s) + /* Cipher 16 */ { - unsigned char *rp,*wp; - size_t rlen, wlen; - - ssl3_cleanup_key_block(s); - if (s->s3->tmp.ca_names != NULL) - sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); - - if (s->s3->rrec.comp != NULL) - { - OPENSSL_free(s->s3->rrec.comp); - s->s3->rrec.comp=NULL; - } -#ifndef OPENSSL_NO_DH - if (s->s3->tmp.dh != NULL) - DH_free(s->s3->tmp.dh); -#endif - - rp = s->s3->rbuf.buf; - wp = s->s3->wbuf.buf; - rlen = s->s3->rbuf.len; - wlen = s->s3->wbuf.len; + .valid = 1, + .name = SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, + .id = SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, + .algorithm_mkey = SSL_kDHE, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_3DES, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_SSLV3, + .algo_strength = SSL_MEDIUM, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 112, + .alg_bits = 168, + }, - EVP_MD_CTX_cleanup(&s->s3->finish_dgst1); - EVP_MD_CTX_cleanup(&s->s3->finish_dgst2); + /* Cipher 18 */ + { + .valid = 1, + .name = SSL3_TXT_ADH_RC4_128_MD5, + .id = SSL3_CK_ADH_RC4_128_MD5, + .algorithm_mkey = SSL_kDHE, + .algorithm_auth = SSL_aNULL, + .algorithm_enc = SSL_RC4, + .algorithm_mac = SSL_MD5, + .algorithm_ssl = SSL_SSLV3, + .algo_strength = SSL_LOW, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 128, + .alg_bits = 128, + }, - memset(s->s3,0,sizeof *s->s3); - s->s3->rbuf.buf = rp; - s->s3->wbuf.buf = wp; - s->s3->rbuf.len = rlen; - s->s3->wbuf.len = wlen; + /* Cipher 1B */ + { + .valid = 1, + .name = SSL3_TXT_ADH_DES_192_CBC_SHA, + .id = SSL3_CK_ADH_DES_192_CBC_SHA, + .algorithm_mkey = SSL_kDHE, + .algorithm_auth = SSL_aNULL, + .algorithm_enc = SSL_3DES, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_SSLV3, + .algo_strength = SSL_MEDIUM, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 112, + .alg_bits = 168, + }, - ssl_free_wbio_buffer(s); + /* + * AES ciphersuites. + */ - s->packet_length=0; - s->s3->renegotiate=0; - s->s3->total_renegotiations=0; - s->s3->num_renegotiations=0; - s->s3->in_read_app_data=0; - s->version=SSL3_VERSION; - } + /* Cipher 2F */ + { + .valid = 1, + .name = TLS1_TXT_RSA_WITH_AES_128_SHA, + .id = TLS1_CK_RSA_WITH_AES_128_SHA, + .algorithm_mkey = SSL_kRSA, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_AES128, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 128, + .alg_bits = 128, + }, -long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) + /* Cipher 33 */ { - int ret=0; + .valid = 1, + .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, + .id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA, + .algorithm_mkey = SSL_kDHE, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_AES128, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 128, + .alg_bits = 128, + }, -#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA) - if ( -#ifndef OPENSSL_NO_RSA - cmd == SSL_CTRL_SET_TMP_RSA || - cmd == SSL_CTRL_SET_TMP_RSA_CB || -#endif -#ifndef OPENSSL_NO_DSA - cmd == SSL_CTRL_SET_TMP_DH || - cmd == SSL_CTRL_SET_TMP_DH_CB || -#endif - 0) - { - if (!ssl_cert_inst(&s->cert)) - { - SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE); - return(0); - } - } -#endif + /* Cipher 34 */ + { + .valid = 1, + .name = TLS1_TXT_ADH_WITH_AES_128_SHA, + .id = TLS1_CK_ADH_WITH_AES_128_SHA, + .algorithm_mkey = SSL_kDHE, + .algorithm_auth = SSL_aNULL, + .algorithm_enc = SSL_AES128, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 128, + .alg_bits = 128, + }, - switch (cmd) - { - case SSL_CTRL_GET_SESSION_REUSED: - ret=s->hit; - break; - case SSL_CTRL_GET_CLIENT_CERT_REQUEST: - break; - case SSL_CTRL_GET_NUM_RENEGOTIATIONS: - ret=s->s3->num_renegotiations; - break; - case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS: - ret=s->s3->num_renegotiations; - s->s3->num_renegotiations=0; - break; - case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS: - ret=s->s3->total_renegotiations; - break; - case SSL_CTRL_GET_FLAGS: - ret=(int)(s->s3->flags); - break; -#ifndef OPENSSL_NO_RSA - case SSL_CTRL_NEED_TMP_RSA: - if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) && - ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || - (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8)))) - ret = 1; - break; - case SSL_CTRL_SET_TMP_RSA: - { - RSA *rsa = (RSA *)parg; - if (rsa == NULL) - { - SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); - return(ret); - } - if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) - { - SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB); - return(ret); - } - if (s->cert->rsa_tmp != NULL) - RSA_free(s->cert->rsa_tmp); - s->cert->rsa_tmp = rsa; - ret = 1; - } - break; - case SSL_CTRL_SET_TMP_RSA_CB: - { - SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return(ret); - } - break; -#endif -#ifndef OPENSSL_NO_DH - case SSL_CTRL_SET_TMP_DH: - { - DH *dh = (DH *)parg; - if (dh == NULL) - { - SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); - return(ret); - } - if ((dh = DHparams_dup(dh)) == NULL) - { - SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB); - return(ret); - } - if (!(s->options & SSL_OP_SINGLE_DH_USE)) - { - if (!DH_generate_key(dh)) - { - DH_free(dh); - SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB); - return(ret); - } - } - if (s->cert->dh_tmp != NULL) - DH_free(s->cert->dh_tmp); - s->cert->dh_tmp = dh; - ret = 1; - } - break; - case SSL_CTRL_SET_TMP_DH_CB: - { - SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return(ret); - } - break; -#endif - default: - break; - } - return(ret); - } + /* Cipher 35 */ + { + .valid = 1, + .name = TLS1_TXT_RSA_WITH_AES_256_SHA, + .id = TLS1_CK_RSA_WITH_AES_256_SHA, + .algorithm_mkey = SSL_kRSA, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_AES256, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 256, + .alg_bits = 256, + }, -long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)()) + /* Cipher 39 */ { - int ret=0; + .valid = 1, + .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, + .id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA, + .algorithm_mkey = SSL_kDHE, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_AES256, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 256, + .alg_bits = 256, + }, -#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA) - if ( -#ifndef OPENSSL_NO_RSA - cmd == SSL_CTRL_SET_TMP_RSA_CB || -#endif -#ifndef OPENSSL_NO_DSA - cmd == SSL_CTRL_SET_TMP_DH_CB || -#endif - 0) - { - if (!ssl_cert_inst(&s->cert)) - { - SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE); - return(0); - } - } -#endif + /* Cipher 3A */ + { + .valid = 1, + .name = TLS1_TXT_ADH_WITH_AES_256_SHA, + .id = TLS1_CK_ADH_WITH_AES_256_SHA, + .algorithm_mkey = SSL_kDHE, + .algorithm_auth = SSL_aNULL, + .algorithm_enc = SSL_AES256, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 256, + .alg_bits = 256, + }, - switch (cmd) - { -#ifndef OPENSSL_NO_RSA - case SSL_CTRL_SET_TMP_RSA_CB: - { - s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp; - } - break; -#endif -#ifndef OPENSSL_NO_DH - case SSL_CTRL_SET_TMP_DH_CB: - { - s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; - } - break; -#endif - default: - break; - } - return(ret); - } + /* TLS v1.2 ciphersuites */ + /* Cipher 3B */ + { + .valid = 1, + .name = TLS1_TXT_RSA_WITH_NULL_SHA256, + .id = TLS1_CK_RSA_WITH_NULL_SHA256, + .algorithm_mkey = SSL_kRSA, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_eNULL, + .algorithm_mac = SSL_SHA256, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_STRONG_NONE, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 0, + .alg_bits = 0, + }, -long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) + /* Cipher 3C */ { - CERT *cert; + .valid = 1, + .name = TLS1_TXT_RSA_WITH_AES_128_SHA256, + .id = TLS1_CK_RSA_WITH_AES_128_SHA256, + .algorithm_mkey = SSL_kRSA, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_AES128, + .algorithm_mac = SSL_SHA256, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 128, + .alg_bits = 128, + }, - cert=ctx->cert; + /* Cipher 3D */ + { + .valid = 1, + .name = TLS1_TXT_RSA_WITH_AES_256_SHA256, + .id = TLS1_CK_RSA_WITH_AES_256_SHA256, + .algorithm_mkey = SSL_kRSA, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_AES256, + .algorithm_mac = SSL_SHA256, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 256, + .alg_bits = 256, + }, - switch (cmd) - { -#ifndef OPENSSL_NO_RSA - case SSL_CTRL_NEED_TMP_RSA: - if ( (cert->rsa_tmp == NULL) && - ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || - (EVP_PKEY_size(cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8))) - ) - return(1); - else - return(0); - /* break; */ - case SSL_CTRL_SET_TMP_RSA: - { - RSA *rsa; - int i; - - rsa=(RSA *)parg; - i=1; - if (rsa == NULL) - i=0; - else - { - if ((rsa=RSAPrivateKey_dup(rsa)) == NULL) - i=0; - } - if (!i) - { - SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_RSA_LIB); - return(0); - } - else - { - if (cert->rsa_tmp != NULL) - RSA_free(cert->rsa_tmp); - cert->rsa_tmp=rsa; - return(1); - } - } - /* break; */ - case SSL_CTRL_SET_TMP_RSA_CB: - { - SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return(0); - } - break; -#endif -#ifndef OPENSSL_NO_DH - case SSL_CTRL_SET_TMP_DH: - { - DH *new=NULL,*dh; +#ifndef OPENSSL_NO_CAMELLIA + /* Camellia ciphersuites from RFC4132 (128-bit portion) */ - dh=(DH *)parg; - if ((new=DHparams_dup(dh)) == NULL) - { - SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB); - return 0; - } - if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) - { - if (!DH_generate_key(new)) - { - SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB); - DH_free(new); - return 0; - } - } - if (cert->dh_tmp != NULL) - DH_free(cert->dh_tmp); - cert->dh_tmp=new; - return 1; - } - /*break; */ - case SSL_CTRL_SET_TMP_DH_CB: - { - SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return(0); - } - break; -#endif - /* A Thawte special :-) */ - case SSL_CTRL_EXTRA_CHAIN_CERT: - if (ctx->extra_certs == NULL) - { - if ((ctx->extra_certs=sk_X509_new_null()) == NULL) - return(0); - } - sk_X509_push(ctx->extra_certs,(X509 *)parg); - break; - - default: - return(0); - } - return(1); - } + /* Cipher 41 */ + { + .valid = 1, + .name = TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA, + .id = TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA, + .algorithm_mkey = SSL_kRSA, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_CAMELLIA128, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 128, + .alg_bits = 128, + }, -long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)()) + /* Cipher 45 */ { - CERT *cert; + .valid = 1, + .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, + .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, + .algorithm_mkey = SSL_kDHE, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_CAMELLIA128, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 128, + .alg_bits = 128, + }, - cert=ctx->cert; + /* Cipher 46 */ + { + .valid = 1, + .name = TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA, + .id = TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA, + .algorithm_mkey = SSL_kDHE, + .algorithm_auth = SSL_aNULL, + .algorithm_enc = SSL_CAMELLIA128, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 128, + .alg_bits = 128, + }, +#endif /* OPENSSL_NO_CAMELLIA */ - switch (cmd) - { -#ifndef OPENSSL_NO_RSA - case SSL_CTRL_SET_TMP_RSA_CB: - { - cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp; - } - break; -#endif -#ifndef OPENSSL_NO_DH - case SSL_CTRL_SET_TMP_DH_CB: - { - cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; - } - break; -#endif - default: - return(0); - } - return(1); - } + /* TLS v1.2 ciphersuites */ + /* Cipher 67 */ + { + .valid = 1, + .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256, + .id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA256, + .algorithm_mkey = SSL_kDHE, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_AES128, + .algorithm_mac = SSL_SHA256, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 128, + .alg_bits = 128, + }, -/* This function needs to check if the ciphers required are actually - * available */ -SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p) + /* Cipher 6B */ { - static int init=1; - static SSL_CIPHER *sorted[SSL3_NUM_CIPHERS]; - SSL_CIPHER c,*cp= &c,**cpp; - unsigned long id; - int i; + .valid = 1, + .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256, + .id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, + .algorithm_mkey = SSL_kDHE, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_AES256, + .algorithm_mac = SSL_SHA256, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 256, + .alg_bits = 256, + }, - if (init) - { - CRYPTO_w_lock(CRYPTO_LOCK_SSL); + /* Cipher 6C */ + { + .valid = 1, + .name = TLS1_TXT_ADH_WITH_AES_128_SHA256, + .id = TLS1_CK_ADH_WITH_AES_128_SHA256, + .algorithm_mkey = SSL_kDHE, + .algorithm_auth = SSL_aNULL, + .algorithm_enc = SSL_AES128, + .algorithm_mac = SSL_SHA256, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 128, + .alg_bits = 128, + }, - for (i=0; ivalid) - return(NULL); - else - return(*cpp); - } +#ifndef OPENSSL_NO_CAMELLIA + /* Camellia ciphersuites from RFC4132 (256-bit portion) */ -int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) + /* Cipher 84 */ { - long l; - - if (p != NULL) - { - l=c->id; - if ((l & 0xff000000) != 0x03000000) return(0); - p[0]=((unsigned char)(l>> 8L))&0xFF; - p[1]=((unsigned char)(l ))&0xFF; - } - return(2); - } + .valid = 1, + .name = TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA, + .id = TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA, + .algorithm_mkey = SSL_kRSA, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_CAMELLIA256, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 256, + .alg_bits = 256, + }, -SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, - STACK_OF(SSL_CIPHER) *srvr) + /* Cipher 88 */ { - SSL_CIPHER *c,*ret=NULL; - STACK_OF(SSL_CIPHER) *prio, *allow; - int i,j,ok; - CERT *cert; - unsigned long alg,mask,emask; + .valid = 1, + .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, + .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, + .algorithm_mkey = SSL_kDHE, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_CAMELLIA256, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 256, + .alg_bits = 256, + }, - /* Let's see which ciphers we can support */ - cert=s->cert; + /* Cipher 89 */ + { + .valid = 1, + .name = TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA, + .id = TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA, + .algorithm_mkey = SSL_kDHE, + .algorithm_auth = SSL_aNULL, + .algorithm_enc = SSL_CAMELLIA256, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 256, + .alg_bits = 256, + }, +#endif /* OPENSSL_NO_CAMELLIA */ -#if 0 - /* Do not set the compare functions, because this may lead to a - * reordering by "id". We want to keep the original ordering. - * We may pay a price in performance during sk_SSL_CIPHER_find(), - * but would have to pay with the price of sk_SSL_CIPHER_dup(). + /* + * GCM ciphersuites from RFC5288. */ - sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp); - sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp); -#endif -#ifdef CIPHER_DEBUG - printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), srvr); - for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i) - { - c=sk_SSL_CIPHER_value(srvr,i); - printf("%p:%s\n",c,c->name); - } - printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), clnt); - for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i) - { - c=sk_SSL_CIPHER_value(clnt,i); - printf("%p:%s\n",c,c->name); - } -#endif + /* Cipher 9C */ + { + .valid = 1, + .name = TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256, + .id = TLS1_CK_RSA_WITH_AES_128_GCM_SHA256, + .algorithm_mkey = SSL_kRSA, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_AES128GCM, + .algorithm_mac = SSL_AEAD, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| + FIXED_NONCE_LEN(4)| + SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, + .strength_bits = 128, + .alg_bits = 128, + }, - if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) - { - prio = srvr; - allow = clnt; - } - else - { - prio = clnt; - allow = srvr; - } - - for (i=0; imask; - emask=cert->export_mask; - -#ifdef KSSL_DEBUG - printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms); -#endif /* KSSL_DEBUG */ - - alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK); -#ifndef OPENSSL_NO_KRB5 - if (alg & SSL_KRB5) - { - if ( !kssl_keytab_is_available(s->kssl_ctx) ) - continue; - } -#endif /* OPENSSL_NO_KRB5 */ - if (SSL_C_IS_EXPORT(c)) - { - ok=((alg & emask) == alg)?1:0; -#ifdef CIPHER_DEBUG - printf("%d:[%08lX:%08lX]%p:%s (export)\n",ok,alg,emask, - c,c->name); -#endif - } - else - { - ok=((alg & mask) == alg)?1:0; -#ifdef CIPHER_DEBUG - printf("%d:[%08lX:%08lX]%p:%s\n",ok,alg,mask,c, - c->name); -#endif - } - - if (!ok) continue; - - j=sk_SSL_CIPHER_find(allow,c); - if (j >= 0) - { - ret=sk_SSL_CIPHER_value(allow,j); - break; - } - } - return(ret); - } + /* Cipher 9D */ + { + .valid = 1, + .name = TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384, + .id = TLS1_CK_RSA_WITH_AES_256_GCM_SHA384, + .algorithm_mkey = SSL_kRSA, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_AES256GCM, + .algorithm_mac = SSL_AEAD, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| + FIXED_NONCE_LEN(4)| + SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, + .strength_bits = 256, + .alg_bits = 256, + }, -int ssl3_get_req_cert_type(SSL *s, unsigned char *p) + /* Cipher 9E */ { - int ret=0; - unsigned long alg; + .valid = 1, + .name = TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256, + .id = TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, + .algorithm_mkey = SSL_kDHE, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_AES128GCM, + .algorithm_mac = SSL_AEAD, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| + FIXED_NONCE_LEN(4)| + SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, + .strength_bits = 128, + .alg_bits = 128, + }, - alg=s->s3->tmp.new_cipher->algorithms; + /* Cipher 9F */ + { + .valid = 1, + .name = TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384, + .id = TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, + .algorithm_mkey = SSL_kDHE, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_AES256GCM, + .algorithm_mac = SSL_AEAD, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| + FIXED_NONCE_LEN(4)| + SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, + .strength_bits = 256, + .alg_bits = 256, + }, -#ifndef OPENSSL_NO_DH - if (alg & (SSL_kDHr|SSL_kEDH)) - { -# ifndef OPENSSL_NO_RSA - p[ret++]=SSL3_CT_RSA_FIXED_DH; -# endif -# ifndef OPENSSL_NO_DSA - p[ret++]=SSL3_CT_DSS_FIXED_DH; -# endif - } - if ((s->version == SSL3_VERSION) && - (alg & (SSL_kEDH|SSL_kDHd|SSL_kDHr))) - { -# ifndef OPENSSL_NO_RSA - p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH; -# endif -# ifndef OPENSSL_NO_DSA - p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH; -# endif - } -#endif /* !OPENSSL_NO_DH */ -#ifndef OPENSSL_NO_RSA - p[ret++]=SSL3_CT_RSA_SIGN; -#endif -#ifndef OPENSSL_NO_DSA - p[ret++]=SSL3_CT_DSS_SIGN; -#endif - return(ret); - } + /* Cipher A6 */ + { + .valid = 1, + .name = TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256, + .id = TLS1_CK_ADH_WITH_AES_128_GCM_SHA256, + .algorithm_mkey = SSL_kDHE, + .algorithm_auth = SSL_aNULL, + .algorithm_enc = SSL_AES128GCM, + .algorithm_mac = SSL_AEAD, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| + FIXED_NONCE_LEN(4)| + SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, + .strength_bits = 128, + .alg_bits = 128, + }, -int ssl3_shutdown(SSL *s) + /* Cipher A7 */ { + .valid = 1, + .name = TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384, + .id = TLS1_CK_ADH_WITH_AES_256_GCM_SHA384, + .algorithm_mkey = SSL_kDHE, + .algorithm_auth = SSL_aNULL, + .algorithm_enc = SSL_AES256GCM, + .algorithm_mac = SSL_AEAD, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| + FIXED_NONCE_LEN(4)| + SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, + .strength_bits = 256, + .alg_bits = 256, + }, - /* Don't do anything much if we have not done the handshake or - * we don't want to send messages :-) */ - if ((s->quiet_shutdown) || (s->state == SSL_ST_BEFORE)) - { - s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); - return(1); - } +#ifndef OPENSSL_NO_CAMELLIA + /* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */ - if (!(s->shutdown & SSL_SENT_SHUTDOWN)) - { - s->shutdown|=SSL_SENT_SHUTDOWN; -#if 1 - ssl3_send_alert(s,SSL3_AL_WARNING,SSL_AD_CLOSE_NOTIFY); -#endif - /* our shutdown alert has been sent now, and if it still needs - * to be written, s->s3->alert_dispatch will be true */ - } - else if (s->s3->alert_dispatch) - { - /* resend it if not sent */ -#if 1 - ssl3_dispatch_alert(s); -#endif - } - else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) - { - /* If we are waiting for a close from our peer, we are closed */ - ssl3_read_bytes(s,0,NULL,0,0); - } + /* Cipher BA */ + { + .valid = 1, + .name = TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256, + .id = TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256, + .algorithm_mkey = SSL_kRSA, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_CAMELLIA128, + .algorithm_mac = SSL_SHA256, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, + .strength_bits = 128, + .alg_bits = 128, + }, - if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) && - !s->s3->alert_dispatch) - return(1); - else - return(0); - } + /* Cipher BE */ + { + .valid = 1, + .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, + .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, + .algorithm_mkey = SSL_kDHE, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_CAMELLIA128, + .algorithm_mac = SSL_SHA256, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, + .strength_bits = 128, + .alg_bits = 128, + }, -int ssl3_write(SSL *s, const void *buf, int len) + /* Cipher BF */ { - int ret,n; + .valid = 1, + .name = TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256, + .id = TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256, + .algorithm_mkey = SSL_kDHE, + .algorithm_auth = SSL_aNULL, + .algorithm_enc = SSL_CAMELLIA128, + .algorithm_mac = SSL_SHA256, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, + .strength_bits = 128, + .alg_bits = 128, + }, -#if 0 - if (s->shutdown & SSL_SEND_SHUTDOWN) - { - s->rwstate=SSL_NOTHING; - return(0); - } -#endif - clear_sys_error(); - if (s->s3->renegotiate) ssl3_renegotiate_check(s); - - /* This is an experimental flag that sends the - * last handshake message in the same packet as the first - * use data - used to see if it helps the TCP protocol during - * session-id reuse */ - /* The second test is because the buffer may have been removed */ - if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio)) - { - /* First time through, we write into the buffer */ - if (s->s3->delay_buf_pop_ret == 0) - { - ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA, - buf,len); - if (ret <= 0) return(ret); - - s->s3->delay_buf_pop_ret=ret; - } - - s->rwstate=SSL_WRITING; - n=BIO_flush(s->wbio); - if (n <= 0) return(n); - s->rwstate=SSL_NOTHING; - - /* We have flushed the buffer, so remove it */ - ssl_free_wbio_buffer(s); - s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER; - - ret=s->s3->delay_buf_pop_ret; - s->s3->delay_buf_pop_ret=0; - } - else - { - ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA, - buf,len); - if (ret <= 0) return(ret); - } + /* Cipher C0 */ + { + .valid = 1, + .name = TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256, + .id = TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256, + .algorithm_mkey = SSL_kRSA, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_CAMELLIA256, + .algorithm_mac = SSL_SHA256, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, + .strength_bits = 256, + .alg_bits = 256, + }, - return(ret); - } + /* Cipher C4 */ + { + .valid = 1, + .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, + .id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, + .algorithm_mkey = SSL_kDHE, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_CAMELLIA256, + .algorithm_mac = SSL_SHA256, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, + .strength_bits = 256, + .alg_bits = 256, + }, -static int ssl3_read_internal(SSL *s, void *buf, int len, int peek) - { - int ret; - - clear_sys_error(); - if (s->s3->renegotiate) ssl3_renegotiate_check(s); - s->s3->in_read_app_data=1; - ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek); - if ((ret == -1) && (s->s3->in_read_app_data == 2)) - { - /* ssl3_read_bytes decided to call s->handshake_func, which - * called ssl3_read_bytes to read handshake data. - * However, ssl3_read_bytes actually found application data - * and thinks that application data makes sense here; so disable - * handshake processing and try to read application data again. */ - s->in_handshake++; - ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek); - s->in_handshake--; - } - else - s->s3->in_read_app_data=0; + /* Cipher C5 */ + { + .valid = 1, + .name = TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256, + .id = TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256, + .algorithm_mkey = SSL_kDHE, + .algorithm_auth = SSL_aNULL, + .algorithm_enc = SSL_CAMELLIA256, + .algorithm_mac = SSL_SHA256, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, + .strength_bits = 256, + .alg_bits = 256, + }, +#endif /* OPENSSL_NO_CAMELLIA */ - return(ret); - } + /* + * TLSv1.3 cipher suites. + */ -int ssl3_read(SSL *s, void *buf, int len) +#ifdef LIBRESSL_HAS_TLS1_3 + /* Cipher 1301 */ { - return ssl3_read_internal(s, buf, len, 0); - } + .valid = 1, + .name = TLS1_3_TXT_AES_128_GCM_SHA256, + .id = TLS1_3_CK_AES_128_GCM_SHA256, + .algorithm_mkey = SSL_kTLS1_3, + .algorithm_auth = SSL_aTLS1_3, + .algorithm_enc = SSL_AES128GCM, + .algorithm_mac = SSL_AEAD, + .algorithm_ssl = SSL_TLSV1_3, + .algo_strength = SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, /* XXX */ + .strength_bits = 128, + .alg_bits = 128, + }, -int ssl3_peek(SSL *s, void *buf, int len) + /* Cipher 1302 */ { - return ssl3_read_internal(s, buf, len, 1); - } + .valid = 1, + .name = TLS1_3_TXT_AES_256_GCM_SHA384, + .id = TLS1_3_CK_AES_256_GCM_SHA384, + .algorithm_mkey = SSL_kTLS1_3, + .algorithm_auth = SSL_aTLS1_3, + .algorithm_enc = SSL_AES256GCM, + .algorithm_mac = SSL_AEAD, + .algorithm_ssl = SSL_TLSV1_3, + .algo_strength = SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA384, /* XXX */ + .strength_bits = 256, + .alg_bits = 256, + }, -int ssl3_renegotiate(SSL *s) + /* Cipher 1303 */ { - if (s->handshake_func == NULL) - return(1); - - if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) - return(0); + .valid = 1, + .name = TLS1_3_TXT_CHACHA20_POLY1305_SHA256, + .id = TLS1_3_CK_CHACHA20_POLY1305_SHA256, + .algorithm_mkey = SSL_kTLS1_3, + .algorithm_auth = SSL_aTLS1_3, + .algorithm_enc = SSL_CHACHA20POLY1305, + .algorithm_mac = SSL_AEAD, + .algorithm_ssl = SSL_TLSV1_3, + .algo_strength = SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, /* XXX */ + .strength_bits = 256, + .alg_bits = 256, + }, +#endif - s->s3->renegotiate=1; - return(1); - } + /* Cipher C006 */ + { + .valid = 1, + .name = TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, + .id = TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA, + .algorithm_mkey = SSL_kECDHE, + .algorithm_auth = SSL_aECDSA, + .algorithm_enc = SSL_eNULL, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_STRONG_NONE, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 0, + .alg_bits = 0, + }, -int ssl3_renegotiate_check(SSL *s) + /* Cipher C007 */ { - int ret=0; + .valid = 1, + .name = TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, + .id = TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, + .algorithm_mkey = SSL_kECDHE, + .algorithm_auth = SSL_aECDSA, + .algorithm_enc = SSL_RC4, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_LOW, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 128, + .alg_bits = 128, + }, + + /* Cipher C008 */ + { + .valid = 1, + .name = TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, + .id = TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, + .algorithm_mkey = SSL_kECDHE, + .algorithm_auth = SSL_aECDSA, + .algorithm_enc = SSL_3DES, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_MEDIUM, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 112, + .alg_bits = 168, + }, + + /* Cipher C009 */ + { + .valid = 1, + .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + .algorithm_mkey = SSL_kECDHE, + .algorithm_auth = SSL_aECDSA, + .algorithm_enc = SSL_AES128, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 128, + .alg_bits = 128, + }, + + /* Cipher C00A */ + { + .valid = 1, + .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + .algorithm_mkey = SSL_kECDHE, + .algorithm_auth = SSL_aECDSA, + .algorithm_enc = SSL_AES256, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 256, + .alg_bits = 256, + }, + + /* Cipher C010 */ + { + .valid = 1, + .name = TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, + .id = TLS1_CK_ECDHE_RSA_WITH_NULL_SHA, + .algorithm_mkey = SSL_kECDHE, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_eNULL, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_STRONG_NONE, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 0, + .alg_bits = 0, + }, + + /* Cipher C011 */ + { + .valid = 1, + .name = TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, + .id = TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, + .algorithm_mkey = SSL_kECDHE, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_RC4, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_LOW, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 128, + .alg_bits = 128, + }, + + /* Cipher C012 */ + { + .valid = 1, + .name = TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, + .id = TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA, + .algorithm_mkey = SSL_kECDHE, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_3DES, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_MEDIUM, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 112, + .alg_bits = 168, + }, + + /* Cipher C013 */ + { + .valid = 1, + .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, + .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, + .algorithm_mkey = SSL_kECDHE, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_AES128, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 128, + .alg_bits = 128, + }, + + /* Cipher C014 */ + { + .valid = 1, + .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, + .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, + .algorithm_mkey = SSL_kECDHE, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_AES256, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 256, + .alg_bits = 256, + }, + + /* Cipher C015 */ + { + .valid = 1, + .name = TLS1_TXT_ECDH_anon_WITH_NULL_SHA, + .id = TLS1_CK_ECDH_anon_WITH_NULL_SHA, + .algorithm_mkey = SSL_kECDHE, + .algorithm_auth = SSL_aNULL, + .algorithm_enc = SSL_eNULL, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_STRONG_NONE, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 0, + .alg_bits = 0, + }, + + /* Cipher C016 */ + { + .valid = 1, + .name = TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, + .id = TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, + .algorithm_mkey = SSL_kECDHE, + .algorithm_auth = SSL_aNULL, + .algorithm_enc = SSL_RC4, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_LOW, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 128, + .alg_bits = 128, + }, + + /* Cipher C017 */ + { + .valid = 1, + .name = TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, + .id = TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, + .algorithm_mkey = SSL_kECDHE, + .algorithm_auth = SSL_aNULL, + .algorithm_enc = SSL_3DES, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_MEDIUM, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 112, + .alg_bits = 168, + }, + + /* Cipher C018 */ + { + .valid = 1, + .name = TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, + .id = TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, + .algorithm_mkey = SSL_kECDHE, + .algorithm_auth = SSL_aNULL, + .algorithm_enc = SSL_AES128, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 128, + .alg_bits = 128, + }, + + /* Cipher C019 */ + { + .valid = 1, + .name = TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, + .id = TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, + .algorithm_mkey = SSL_kECDHE, + .algorithm_auth = SSL_aNULL, + .algorithm_enc = SSL_AES256, + .algorithm_mac = SSL_SHA1, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, + .strength_bits = 256, + .alg_bits = 256, + }, + + + /* HMAC based TLS v1.2 ciphersuites from RFC5289 */ + + /* Cipher C023 */ + { + .valid = 1, + .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256, + .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, + .algorithm_mkey = SSL_kECDHE, + .algorithm_auth = SSL_aECDSA, + .algorithm_enc = SSL_AES128, + .algorithm_mac = SSL_SHA256, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, + .strength_bits = 128, + .alg_bits = 128, + }, + + /* Cipher C024 */ + { + .valid = 1, + .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384, + .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, + .algorithm_mkey = SSL_kECDHE, + .algorithm_auth = SSL_aECDSA, + .algorithm_enc = SSL_AES256, + .algorithm_mac = SSL_SHA384, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, + .strength_bits = 256, + .alg_bits = 256, + }, + + /* Cipher C027 */ + { + .valid = 1, + .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256, + .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, + .algorithm_mkey = SSL_kECDHE, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_AES128, + .algorithm_mac = SSL_SHA256, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256, + .strength_bits = 128, + .alg_bits = 128, + }, + + /* Cipher C028 */ + { + .valid = 1, + .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384, + .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, + .algorithm_mkey = SSL_kECDHE, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_AES256, + .algorithm_mac = SSL_SHA384, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384, + .strength_bits = 256, + .alg_bits = 256, + }, + + /* GCM based TLS v1.2 ciphersuites from RFC5289 */ + + /* Cipher C02B */ + { + .valid = 1, + .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + .algorithm_mkey = SSL_kECDHE, + .algorithm_auth = SSL_aECDSA, + .algorithm_enc = SSL_AES128GCM, + .algorithm_mac = SSL_AEAD, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| + FIXED_NONCE_LEN(4)| + SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, + .strength_bits = 128, + .alg_bits = 128, + }, + + /* Cipher C02C */ + { + .valid = 1, + .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + .id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + .algorithm_mkey = SSL_kECDHE, + .algorithm_auth = SSL_aECDSA, + .algorithm_enc = SSL_AES256GCM, + .algorithm_mac = SSL_AEAD, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| + FIXED_NONCE_LEN(4)| + SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, + .strength_bits = 256, + .alg_bits = 256, + }, + + /* Cipher C02F */ + { + .valid = 1, + .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + .id = TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + .algorithm_mkey = SSL_kECDHE, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_AES128GCM, + .algorithm_mac = SSL_AEAD, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| + FIXED_NONCE_LEN(4)| + SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, + .strength_bits = 128, + .alg_bits = 128, + }, + + /* Cipher C030 */ + { + .valid = 1, + .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + .id = TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + .algorithm_mkey = SSL_kECDHE, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_AES256GCM, + .algorithm_mac = SSL_AEAD, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384| + FIXED_NONCE_LEN(4)| + SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_IN_RECORD, + .strength_bits = 256, + .alg_bits = 256, + }, + + /* Cipher CCA8 */ + { + .valid = 1, + .name = TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305, + .id = TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305, + .algorithm_mkey = SSL_kECDHE, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_CHACHA20POLY1305, + .algorithm_mac = SSL_AEAD, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| + FIXED_NONCE_LEN(12), + .strength_bits = 256, + .alg_bits = 256, + }, + + /* Cipher CCA9 */ + { + .valid = 1, + .name = TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, + .id = TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305, + .algorithm_mkey = SSL_kECDHE, + .algorithm_auth = SSL_aECDSA, + .algorithm_enc = SSL_CHACHA20POLY1305, + .algorithm_mac = SSL_AEAD, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| + FIXED_NONCE_LEN(12), + .strength_bits = 256, + .alg_bits = 256, + }, + + /* Cipher CCAA */ + { + .valid = 1, + .name = TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305, + .id = TLS1_CK_DHE_RSA_CHACHA20_POLY1305, + .algorithm_mkey = SSL_kDHE, + .algorithm_auth = SSL_aRSA, + .algorithm_enc = SSL_CHACHA20POLY1305, + .algorithm_mac = SSL_AEAD, + .algorithm_ssl = SSL_TLSV1_2, + .algo_strength = SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256| + FIXED_NONCE_LEN(12), + .strength_bits = 256, + .alg_bits = 256, + }, + + /* Cipher FF85 FIXME IANA */ + { + .valid = 1, + .name = "GOST2012256-GOST89-GOST89", + .id = 0x300ff85, /* FIXME IANA */ + .algorithm_mkey = SSL_kGOST, + .algorithm_auth = SSL_aGOST01, + .algorithm_enc = SSL_eGOST2814789CNT, + .algorithm_mac = SSL_GOST89MAC, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_HIGH, + .algorithm2 = SSL_HANDSHAKE_MAC_STREEBOG256|TLS1_PRF_STREEBOG256| + TLS1_STREAM_MAC, + .strength_bits = 256, + .alg_bits = 256 + }, + + /* Cipher FF87 FIXME IANA */ + { + .valid = 1, + .name = "GOST2012256-NULL-STREEBOG256", + .id = 0x300ff87, /* FIXME IANA */ + .algorithm_mkey = SSL_kGOST, + .algorithm_auth = SSL_aGOST01, + .algorithm_enc = SSL_eNULL, + .algorithm_mac = SSL_STREEBOG256, + .algorithm_ssl = SSL_TLSV1, + .algo_strength = SSL_STRONG_NONE, + .algorithm2 = SSL_HANDSHAKE_MAC_STREEBOG256|TLS1_PRF_STREEBOG256, + .strength_bits = 0, + .alg_bits = 0 + }, + + + /* end of list */ +}; + +int +ssl3_num_ciphers(void) +{ + return (SSL3_NUM_CIPHERS); +} + +const SSL_CIPHER * +ssl3_get_cipher(unsigned int u) +{ + if (u < SSL3_NUM_CIPHERS) + return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u])); + else + return (NULL); +} + +const SSL_CIPHER * +ssl3_get_cipher_by_id(unsigned int id) +{ + const SSL_CIPHER *cp; + SSL_CIPHER c; + + c.id = id; + cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS); + if (cp != NULL && cp->valid == 1) + return (cp); + + return (NULL); +} + +const SSL_CIPHER * +ssl3_get_cipher_by_value(uint16_t value) +{ + return ssl3_get_cipher_by_id(SSL3_CK_ID | value); +} + +uint16_t +ssl3_cipher_get_value(const SSL_CIPHER *c) +{ + return (c->id & SSL3_CK_VALUE_MASK); +} + +int +ssl3_pending(const SSL *s) +{ + if (s->internal->rstate == SSL_ST_READ_BODY) + return 0; + + return (S3I(s)->rrec.type == SSL3_RT_APPLICATION_DATA) ? + S3I(s)->rrec.length : 0; +} + +int +ssl3_handshake_msg_hdr_len(SSL *s) +{ + return (SSL_IS_DTLS(s) ? DTLS1_HM_HEADER_LENGTH : + SSL3_HM_HEADER_LENGTH); +} + +int +ssl3_handshake_msg_start(SSL *s, CBB *handshake, CBB *body, uint8_t msg_type) +{ + int ret = 0; + + if (!CBB_init(handshake, SSL3_RT_MAX_PLAIN_LENGTH)) + goto err; + if (!CBB_add_u8(handshake, msg_type)) + goto err; + if (SSL_IS_DTLS(s)) { + unsigned char *data; + + if (!CBB_add_space(handshake, &data, DTLS1_HM_HEADER_LENGTH - + SSL3_HM_HEADER_LENGTH)) + goto err; + } + if (!CBB_add_u24_length_prefixed(handshake, body)) + goto err; + + ret = 1; + + err: + return (ret); +} + +int +ssl3_handshake_msg_finish(SSL *s, CBB *handshake) +{ + unsigned char *data = NULL; + size_t outlen; + int ret = 0; + + if (!CBB_finish(handshake, &data, &outlen)) + goto err; + + if (outlen > INT_MAX) + goto err; + + if (!BUF_MEM_grow_clean(s->internal->init_buf, outlen)) + goto err; + + memcpy(s->internal->init_buf->data, data, outlen); + + s->internal->init_num = (int)outlen; + s->internal->init_off = 0; + + if (SSL_IS_DTLS(s)) { + unsigned long len; + uint8_t msg_type; + CBS cbs; + + CBS_init(&cbs, data, outlen); + if (!CBS_get_u8(&cbs, &msg_type)) + goto err; + + len = outlen - ssl3_handshake_msg_hdr_len(s); + + dtls1_set_message_header(s, msg_type, len, 0, len); + dtls1_buffer_message(s, 0); + } + + ret = 1; + + err: + free(data); + + return (ret); +} + +int +ssl3_handshake_write(SSL *s) +{ + return ssl3_record_write(s, SSL3_RT_HANDSHAKE); +} + +int +ssl3_record_write(SSL *s, int type) +{ + if (SSL_IS_DTLS(s)) + return dtls1_do_write(s, type); + + return ssl3_do_write(s, type); +} + +int +ssl3_new(SSL *s) +{ + if ((s->s3 = calloc(1, sizeof(*s->s3))) == NULL) + return (0); + if ((S3I(s) = calloc(1, sizeof(*S3I(s)))) == NULL) { + free(s->s3); + return (0); + } + + s->method->internal->ssl_clear(s); + + return (1); +} + +void +ssl3_free(SSL *s) +{ + if (s == NULL) + return; + + tls1_cleanup_key_block(s); + ssl3_release_read_buffer(s); + ssl3_release_write_buffer(s); + freezero(S3I(s)->hs.sigalgs, S3I(s)->hs.sigalgs_len); + + DH_free(S3I(s)->tmp.dh); + EC_KEY_free(S3I(s)->tmp.ecdh); + + freezero(S3I(s)->tmp.x25519, X25519_KEY_LENGTH); + + tls13_secrets_destroy(S3I(s)->hs_tls13.secrets); + freezero(S3I(s)->hs_tls13.x25519_private, X25519_KEY_LENGTH); + freezero(S3I(s)->hs_tls13.x25519_public, X25519_KEY_LENGTH); + freezero(S3I(s)->hs_tls13.x25519_peer_public, X25519_KEY_LENGTH); + freezero(S3I(s)->hs_tls13.cookie, S3I(s)->hs_tls13.cookie_len); + + sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free); + + tls1_transcript_free(s); + tls1_transcript_hash_free(s); + + free(S3I(s)->alpn_selected); + + freezero(S3I(s), sizeof(*S3I(s))); + freezero(s->s3, sizeof(*s->s3)); + + s->s3 = NULL; +} + +void +ssl3_clear(SSL *s) +{ + struct ssl3_state_internal_st *internal; + unsigned char *rp, *wp; + size_t rlen, wlen; + + tls1_cleanup_key_block(s); + sk_X509_NAME_pop_free(S3I(s)->tmp.ca_names, X509_NAME_free); + + DH_free(S3I(s)->tmp.dh); + S3I(s)->tmp.dh = NULL; + EC_KEY_free(S3I(s)->tmp.ecdh); + S3I(s)->tmp.ecdh = NULL; + freezero(S3I(s)->hs.sigalgs, S3I(s)->hs.sigalgs_len); + S3I(s)->hs.sigalgs = NULL; + S3I(s)->hs.sigalgs_len = 0; + + freezero(S3I(s)->tmp.x25519, X25519_KEY_LENGTH); + S3I(s)->tmp.x25519 = NULL; + + tls13_secrets_destroy(S3I(s)->hs_tls13.secrets); + S3I(s)->hs_tls13.secrets = NULL; + freezero(S3I(s)->hs_tls13.x25519_private, X25519_KEY_LENGTH); + S3I(s)->hs_tls13.x25519_private = NULL; + freezero(S3I(s)->hs_tls13.x25519_public, X25519_KEY_LENGTH); + S3I(s)->hs_tls13.x25519_public = NULL; + freezero(S3I(s)->hs_tls13.x25519_peer_public, X25519_KEY_LENGTH); + S3I(s)->hs_tls13.x25519_peer_public = NULL; + freezero(S3I(s)->hs_tls13.cookie, S3I(s)->hs_tls13.cookie_len); + S3I(s)->hs_tls13.cookie = NULL; + S3I(s)->hs_tls13.cookie_len = 0; + + S3I(s)->hs.extensions_seen = 0; + + rp = S3I(s)->rbuf.buf; + wp = S3I(s)->wbuf.buf; + rlen = S3I(s)->rbuf.len; + wlen = S3I(s)->wbuf.len; + + tls1_transcript_free(s); + tls1_transcript_hash_free(s); + + free(S3I(s)->alpn_selected); + S3I(s)->alpn_selected = NULL; + + memset(S3I(s), 0, sizeof(*S3I(s))); + internal = S3I(s); + memset(s->s3, 0, sizeof(*s->s3)); + S3I(s) = internal; + + S3I(s)->rbuf.buf = rp; + S3I(s)->wbuf.buf = wp; + S3I(s)->rbuf.len = rlen; + S3I(s)->wbuf.len = wlen; + + ssl_free_wbio_buffer(s); + + /* Not needed... */ + S3I(s)->renegotiate = 0; + S3I(s)->total_renegotiations = 0; + S3I(s)->num_renegotiations = 0; + S3I(s)->in_read_app_data = 0; + + s->internal->packet_length = 0; + s->version = TLS1_VERSION; +} + +static long +ssl_ctrl_get_server_tmp_key(SSL *s, EVP_PKEY **pkey_tmp) +{ + EVP_PKEY *pkey = NULL; + EC_GROUP *group = NULL; + EC_POINT *point = NULL; + EC_KEY *ec_key = NULL; + BIGNUM *order = NULL; + SESS_CERT *sc; + int ret = 0; + + *pkey_tmp = NULL; + + if (s->server != 0) + return 0; + if (s->session == NULL || SSI(s)->sess_cert == NULL) + return 0; + + sc = SSI(s)->sess_cert; + + if ((pkey = EVP_PKEY_new()) == NULL) + return 0; + + if (sc->peer_dh_tmp != NULL) { + ret = EVP_PKEY_set1_DH(pkey, sc->peer_dh_tmp); + } else if (sc->peer_ecdh_tmp) { + ret = EVP_PKEY_set1_EC_KEY(pkey, sc->peer_ecdh_tmp); + } else if (sc->peer_x25519_tmp != NULL) { + /* Fudge up an EC_KEY that looks like X25519... */ + if ((group = EC_GROUP_new(EC_GFp_mont_method())) == NULL) + goto err; + if ((point = EC_POINT_new(group)) == NULL) + goto err; + if ((order = BN_new()) == NULL) + goto err; + if (!BN_set_bit(order, 252)) + goto err; + if (!EC_GROUP_set_generator(group, point, order, NULL)) + goto err; + EC_GROUP_set_curve_name(group, NID_X25519); + if ((ec_key = EC_KEY_new()) == NULL) + goto err; + if (!EC_KEY_set_group(ec_key, group)) + goto err; + ret = EVP_PKEY_set1_EC_KEY(pkey, ec_key); + } + + if (ret == 1) { + *pkey_tmp = pkey; + pkey = NULL; + } + + err: + EVP_PKEY_free(pkey); + EC_GROUP_free(group); + EC_POINT_free(point); + EC_KEY_free(ec_key); + BN_free(order); + + return (ret); +} + +static int +_SSL_session_reused(SSL *s) +{ + return s->internal->hit; +} + +static int +_SSL_num_renegotiations(SSL *s) +{ + return S3I(s)->num_renegotiations; +} + +static int +_SSL_clear_num_renegotiations(SSL *s) +{ + int renegs; + + renegs = S3I(s)->num_renegotiations; + S3I(s)->num_renegotiations = 0; + + return renegs; +} + +static int +_SSL_total_renegotiations(SSL *s) +{ + return S3I(s)->total_renegotiations; +} + +static int +_SSL_set_tmp_dh(SSL *s, DH *dh) +{ + DH *dh_tmp; + + if (dh == NULL) { + SSLerror(s, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + if ((dh_tmp = DHparams_dup(dh)) == NULL) { + SSLerror(s, ERR_R_DH_LIB); + return 0; + } + + DH_free(s->cert->dh_tmp); + s->cert->dh_tmp = dh_tmp; + + return 1; +} + +static int +_SSL_set_dh_auto(SSL *s, int state) +{ + s->cert->dh_tmp_auto = state; + return 1; +} + +static int +_SSL_set_tmp_ecdh(SSL *s, EC_KEY *ecdh) +{ + const EC_GROUP *group; + int nid; + + if (ecdh == NULL) + return 0; + if ((group = EC_KEY_get0_group(ecdh)) == NULL) + return 0; + + nid = EC_GROUP_get_curve_name(group); + return SSL_set1_groups(s, &nid, 1); +} + +static int +_SSL_set_ecdh_auto(SSL *s, int state) +{ + return 1; +} + +static int +_SSL_set_tlsext_host_name(SSL *s, const char *name) +{ + free(s->tlsext_hostname); + s->tlsext_hostname = NULL; + + if (name == NULL) + return 1; + + if (strlen(name) > TLSEXT_MAXLEN_host_name) { + SSLerror(s, SSL_R_SSL3_EXT_INVALID_SERVERNAME); + return 0; + } + + if ((s->tlsext_hostname = strdup(name)) == NULL) { + SSLerror(s, ERR_R_INTERNAL_ERROR); + return 0; + } + + return 1; +} + +static int +_SSL_set_tlsext_debug_arg(SSL *s, void *arg) +{ + s->internal->tlsext_debug_arg = arg; + return 1; +} + +static int +_SSL_set_tlsext_status_type(SSL *s, int type) +{ + s->tlsext_status_type = type; + return 1; +} + +static int +_SSL_get_tlsext_status_exts(SSL *s, STACK_OF(X509_EXTENSION) **exts) +{ + *exts = s->internal->tlsext_ocsp_exts; + return 1; +} + +static int +_SSL_set_tlsext_status_exts(SSL *s, STACK_OF(X509_EXTENSION) *exts) +{ + /* XXX - leak... */ + s->internal->tlsext_ocsp_exts = exts; + return 1; +} + +static int +_SSL_get_tlsext_status_ids(SSL *s, STACK_OF(OCSP_RESPID) **ids) +{ + *ids = s->internal->tlsext_ocsp_ids; + return 1; +} + +static int +_SSL_set_tlsext_status_ids(SSL *s, STACK_OF(OCSP_RESPID) *ids) +{ + /* XXX - leak... */ + s->internal->tlsext_ocsp_ids = ids; + return 1; +} + +static int +_SSL_get_tlsext_status_ocsp_resp(SSL *s, unsigned char **resp) +{ + *resp = s->internal->tlsext_ocsp_resp; + return s->internal->tlsext_ocsp_resplen; +} + +static int +_SSL_set_tlsext_status_ocsp_resp(SSL *s, unsigned char *resp, int resp_len) +{ + free(s->internal->tlsext_ocsp_resp); + s->internal->tlsext_ocsp_resp = resp; + s->internal->tlsext_ocsp_resplen = resp_len; + return 1; +} + +int +SSL_set1_groups(SSL *s, const int *groups, size_t groups_len) +{ + return tls1_set_groups(&s->internal->tlsext_supportedgroups, + &s->internal->tlsext_supportedgroups_length, groups, groups_len); +} + +int +SSL_set1_groups_list(SSL *s, const char *groups) +{ + return tls1_set_group_list(&s->internal->tlsext_supportedgroups, + &s->internal->tlsext_supportedgroups_length, groups); +} + +long +ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) +{ + switch (cmd) { + case SSL_CTRL_GET_SESSION_REUSED: + return _SSL_session_reused(s); + + case SSL_CTRL_GET_NUM_RENEGOTIATIONS: + return _SSL_num_renegotiations(s); + + case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS: + return _SSL_clear_num_renegotiations(s); + + case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS: + return _SSL_total_renegotiations(s); + + case SSL_CTRL_SET_TMP_DH: + return _SSL_set_tmp_dh(s, parg); + + case SSL_CTRL_SET_TMP_DH_CB: + SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + + case SSL_CTRL_SET_DH_AUTO: + return _SSL_set_dh_auto(s, larg); + + case SSL_CTRL_SET_TMP_ECDH: + return _SSL_set_tmp_ecdh(s, parg); + + case SSL_CTRL_SET_TMP_ECDH_CB: + SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + + case SSL_CTRL_SET_ECDH_AUTO: + return _SSL_set_ecdh_auto(s, larg); + + case SSL_CTRL_SET_TLSEXT_HOSTNAME: + if (larg != TLSEXT_NAMETYPE_host_name) { + SSLerror(s, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE); + return 0; + } + return _SSL_set_tlsext_host_name(s, parg); + + case SSL_CTRL_SET_TLSEXT_DEBUG_ARG: + return _SSL_set_tlsext_debug_arg(s, parg); + + case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: + return _SSL_set_tlsext_status_type(s, larg); + + case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS: + return _SSL_get_tlsext_status_exts(s, parg); + + case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS: + return _SSL_set_tlsext_status_exts(s, parg); + + case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS: + return _SSL_get_tlsext_status_ids(s, parg); + + case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS: + return _SSL_set_tlsext_status_ids(s, parg); + + case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP: + return _SSL_get_tlsext_status_ocsp_resp(s, parg); + + case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP: + return _SSL_set_tlsext_status_ocsp_resp(s, parg, larg); + + case SSL_CTRL_SET_GROUPS: + return SSL_set1_groups(s, parg, larg); + + case SSL_CTRL_SET_GROUPS_LIST: + return SSL_set1_groups_list(s, parg); + + case SSL_CTRL_GET_SERVER_TMP_KEY: + return ssl_ctrl_get_server_tmp_key(s, parg); + + case SSL_CTRL_GET_MIN_PROTO_VERSION: + return SSL_get_min_proto_version(s); + + case SSL_CTRL_GET_MAX_PROTO_VERSION: + return SSL_get_max_proto_version(s); + + case SSL_CTRL_SET_MIN_PROTO_VERSION: + if (larg < 0 || larg > UINT16_MAX) + return 0; + return SSL_set_min_proto_version(s, larg); + + case SSL_CTRL_SET_MAX_PROTO_VERSION: + if (larg < 0 || larg > UINT16_MAX) + return 0; + return SSL_set_max_proto_version(s, larg); + + /* + * Legacy controls that should eventually be removed. + */ + case SSL_CTRL_GET_CLIENT_CERT_REQUEST: + return 0; + + case SSL_CTRL_GET_FLAGS: + return (int)(s->s3->flags); + + case SSL_CTRL_NEED_TMP_RSA: + return 0; + + case SSL_CTRL_SET_TMP_RSA: + case SSL_CTRL_SET_TMP_RSA_CB: + SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } + + return 0; +} + +long +ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void)) +{ + switch (cmd) { + case SSL_CTRL_SET_TMP_RSA_CB: + SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + + case SSL_CTRL_SET_TMP_DH_CB: + s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; + return 1; + + case SSL_CTRL_SET_TMP_ECDH_CB: + return 1; + + case SSL_CTRL_SET_TLSEXT_DEBUG_CB: + s->internal->tlsext_debug_cb = (void (*)(SSL *, int , int, + unsigned char *, int, void *))fp; + return 1; + } + + return 0; +} + +static int +_SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh) +{ + DH *dh_tmp; + + if ((dh_tmp = DHparams_dup(dh)) == NULL) { + SSLerrorx(ERR_R_DH_LIB); + return 0; + } + + DH_free(ctx->internal->cert->dh_tmp); + ctx->internal->cert->dh_tmp = dh_tmp; + + return 1; +} + +static int +_SSL_CTX_set_dh_auto(SSL_CTX *ctx, int state) +{ + ctx->internal->cert->dh_tmp_auto = state; + return 1; +} + +static int +_SSL_CTX_set_tmp_ecdh(SSL_CTX *ctx, EC_KEY *ecdh) +{ + const EC_GROUP *group; + int nid; + + if (ecdh == NULL) + return 0; + if ((group = EC_KEY_get0_group(ecdh)) == NULL) + return 0; + + nid = EC_GROUP_get_curve_name(group); + return SSL_CTX_set1_groups(ctx, &nid, 1); +} + +static int +_SSL_CTX_set_ecdh_auto(SSL_CTX *ctx, int state) +{ + return 1; +} + +static int +_SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg) +{ + ctx->internal->tlsext_servername_arg = arg; + return 1; +} + +static int +_SSL_CTX_get_tlsext_ticket_keys(SSL_CTX *ctx, unsigned char *keys, int keys_len) +{ + if (keys == NULL) + return 48; + + if (keys_len != 48) { + SSLerrorx(SSL_R_INVALID_TICKET_KEYS_LENGTH); + return 0; + } + + memcpy(keys, ctx->internal->tlsext_tick_key_name, 16); + memcpy(keys + 16, ctx->internal->tlsext_tick_hmac_key, 16); + memcpy(keys + 32, ctx->internal->tlsext_tick_aes_key, 16); + + return 1; +} + +static int +_SSL_CTX_set_tlsext_ticket_keys(SSL_CTX *ctx, unsigned char *keys, int keys_len) +{ + if (keys == NULL) + return 48; + + if (keys_len != 48) { + SSLerrorx(SSL_R_INVALID_TICKET_KEYS_LENGTH); + return 0; + } + + memcpy(ctx->internal->tlsext_tick_key_name, keys, 16); + memcpy(ctx->internal->tlsext_tick_hmac_key, keys + 16, 16); + memcpy(ctx->internal->tlsext_tick_aes_key, keys + 32, 16); + + return 1; +} + +static int +_SSL_CTX_get_tlsext_status_arg(SSL_CTX *ctx, void **arg) +{ + *arg = ctx->internal->tlsext_status_arg; + return 1; +} + +static int +_SSL_CTX_set_tlsext_status_arg(SSL_CTX *ctx, void *arg) +{ + ctx->internal->tlsext_status_arg = arg; + return 1; +} + +static int +_SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *cert) +{ + if (ctx->extra_certs == NULL) { + if ((ctx->extra_certs = sk_X509_new_null()) == NULL) + return 0; + } + if (sk_X509_push(ctx->extra_certs, cert) == 0) + return 0; + + return 1; +} + +static int +_SSL_CTX_get_extra_chain_certs(SSL_CTX *ctx, STACK_OF(X509) **certs) +{ + *certs = ctx->extra_certs; + return 1; +} + +static int +_SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx) +{ + sk_X509_pop_free(ctx->extra_certs, X509_free); + ctx->extra_certs = NULL; + return 1; +} + +int +SSL_CTX_set1_groups(SSL_CTX *ctx, const int *groups, size_t groups_len) +{ + return tls1_set_groups(&ctx->internal->tlsext_supportedgroups, + &ctx->internal->tlsext_supportedgroups_length, groups, groups_len); +} + +int +SSL_CTX_set1_groups_list(SSL_CTX *ctx, const char *groups) +{ + return tls1_set_group_list(&ctx->internal->tlsext_supportedgroups, + &ctx->internal->tlsext_supportedgroups_length, groups); +} + +long +ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) +{ + switch (cmd) { + case SSL_CTRL_SET_TMP_DH: + return _SSL_CTX_set_tmp_dh(ctx, parg); + + case SSL_CTRL_SET_TMP_DH_CB: + SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + + case SSL_CTRL_SET_DH_AUTO: + return _SSL_CTX_set_dh_auto(ctx, larg); + + case SSL_CTRL_SET_TMP_ECDH: + return _SSL_CTX_set_tmp_ecdh(ctx, parg); + + case SSL_CTRL_SET_TMP_ECDH_CB: + SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + + case SSL_CTRL_SET_ECDH_AUTO: + return _SSL_CTX_set_ecdh_auto(ctx, larg); + + case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: + return _SSL_CTX_set_tlsext_servername_arg(ctx, parg); + + case SSL_CTRL_GET_TLSEXT_TICKET_KEYS: + return _SSL_CTX_get_tlsext_ticket_keys(ctx, parg, larg); + + case SSL_CTRL_SET_TLSEXT_TICKET_KEYS: + return _SSL_CTX_set_tlsext_ticket_keys(ctx, parg, larg); + + case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG: + return _SSL_CTX_get_tlsext_status_arg(ctx, parg); + + case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG: + return _SSL_CTX_set_tlsext_status_arg(ctx, parg); + + case SSL_CTRL_EXTRA_CHAIN_CERT: + return _SSL_CTX_add_extra_chain_cert(ctx, parg); + + case SSL_CTRL_GET_EXTRA_CHAIN_CERTS: + return _SSL_CTX_get_extra_chain_certs(ctx, parg); + + case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS: + return _SSL_CTX_clear_extra_chain_certs(ctx); + + case SSL_CTRL_SET_GROUPS: + return SSL_CTX_set1_groups(ctx, parg, larg); + + case SSL_CTRL_SET_GROUPS_LIST: + return SSL_CTX_set1_groups_list(ctx, parg); + + case SSL_CTRL_GET_MIN_PROTO_VERSION: + return SSL_CTX_get_min_proto_version(ctx); + + case SSL_CTRL_GET_MAX_PROTO_VERSION: + return SSL_CTX_get_max_proto_version(ctx); + + case SSL_CTRL_SET_MIN_PROTO_VERSION: + if (larg < 0 || larg > UINT16_MAX) + return 0; + return SSL_CTX_set_min_proto_version(ctx, larg); + + case SSL_CTRL_SET_MAX_PROTO_VERSION: + if (larg < 0 || larg > UINT16_MAX) + return 0; + return SSL_CTX_set_max_proto_version(ctx, larg); + + /* + * Legacy controls that should eventually be removed. + */ + case SSL_CTRL_NEED_TMP_RSA: + return 0; + + case SSL_CTRL_SET_TMP_RSA: + case SSL_CTRL_SET_TMP_RSA_CB: + SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + } + + return 0; +} + +long +ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void)) +{ + switch (cmd) { + case SSL_CTRL_SET_TMP_RSA_CB: + SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + return 0; + + case SSL_CTRL_SET_TMP_DH_CB: + ctx->internal->cert->dh_tmp_cb = + (DH *(*)(SSL *, int, int))fp; + return 1; + + case SSL_CTRL_SET_TMP_ECDH_CB: + return 1; + + case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: + ctx->internal->tlsext_servername_callback = + (int (*)(SSL *, int *, void *))fp; + return 1; + + case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB: + *(int (**)(SSL *, void *))fp = ctx->internal->tlsext_status_cb; + return 1; + + case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB: + ctx->internal->tlsext_status_cb = (int (*)(SSL *, void *))fp; + return 1; + + case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB: + ctx->internal->tlsext_ticket_key_cb = (int (*)(SSL *, unsigned char *, + unsigned char *, EVP_CIPHER_CTX *, HMAC_CTX *, int))fp; + return 1; + } + + return 0; +} - if (s->s3->renegotiate) - { - if ( (s->s3->rbuf.left == 0) && - (s->s3->wbuf.left == 0) && - !SSL_in_init(s)) - { /* -if we are the server, and we have sent a 'RENEGOTIATE' message, we -need to go to SSL_ST_ACCEPT. -*/ - /* SSL_ST_ACCEPT */ - s->state=SSL_ST_RENEGOTIATE; - s->s3->renegotiate=0; - s->s3->num_renegotiations++; - s->s3->total_renegotiations++; - ret=1; - } + * This function needs to check if the ciphers required are actually available. + */ +const SSL_CIPHER * +ssl3_get_cipher_by_char(const unsigned char *p) +{ + uint16_t cipher_value; + CBS cbs; + + /* We have to assume it is at least 2 bytes due to existing API. */ + CBS_init(&cbs, p, 2); + if (!CBS_get_u16(&cbs, &cipher_value)) + return NULL; + + return ssl3_get_cipher_by_value(cipher_value); +} + +int +ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) +{ + CBB cbb; + + if (p == NULL) + return (2); + + if ((c->id & ~SSL3_CK_VALUE_MASK) != SSL3_CK_ID) + return (0); + + memset(&cbb, 0, sizeof(cbb)); + + /* We have to assume it is at least 2 bytes due to existing API. */ + if (!CBB_init_fixed(&cbb, p, 2)) + goto err; + if (!CBB_add_u16(&cbb, ssl3_cipher_get_value(c))) + goto err; + if (!CBB_finish(&cbb, NULL, NULL)) + goto err; + + return (2); + + err: + CBB_cleanup(&cbb); + return (0); +} + +SSL_CIPHER * +ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, + STACK_OF(SSL_CIPHER) *srvr) +{ + unsigned long alg_k, alg_a, mask_k, mask_a; + STACK_OF(SSL_CIPHER) *prio, *allow; + SSL_CIPHER *c, *ret = NULL; + int can_use_ecc; + int i, ii, ok; + CERT *cert; + + /* Let's see which ciphers we can support */ + cert = s->cert; + + can_use_ecc = (tls1_get_shared_curve(s) != NID_undef); + + /* + * Do not set the compare functions, because this may lead to a + * reordering by "id". We want to keep the original ordering. + * We may pay a price in performance during sk_SSL_CIPHER_find(), + * but would have to pay with the price of sk_SSL_CIPHER_dup(). + */ + + if (s->internal->options & SSL_OP_CIPHER_SERVER_PREFERENCE) { + prio = srvr; + allow = clnt; + } else { + prio = clnt; + allow = srvr; + } + + for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) { + c = sk_SSL_CIPHER_value(prio, i); + + /* Skip TLS v1.2 only ciphersuites if not supported. */ + if ((c->algorithm_ssl & SSL_TLSV1_2) && + !SSL_USE_TLS1_2_CIPHERS(s)) + continue; + + ssl_set_cert_masks(cert, c); + mask_k = cert->mask_k; + mask_a = cert->mask_a; + + alg_k = c->algorithm_mkey; + alg_a = c->algorithm_auth; + + + ok = (alg_k & mask_k) && (alg_a & mask_a); + + /* + * If we are considering an ECC cipher suite that uses our + * certificate check it. + */ + if (alg_a & SSL_aECDSA) + ok = ok && tls1_check_ec_server_key(s); + /* + * If we are considering an ECC cipher suite that uses + * an ephemeral EC key check it. + */ + if (alg_k & SSL_kECDHE) + ok = ok && can_use_ecc; + + if (!ok) + continue; + ii = sk_SSL_CIPHER_find(allow, c); + if (ii >= 0) { + ret = sk_SSL_CIPHER_value(allow, ii); + break; + } + } + return (ret); +} + +int +ssl3_get_req_cert_types(SSL *s, CBB *cbb) +{ + unsigned long alg_k; + + alg_k = S3I(s)->hs.new_cipher->algorithm_mkey; + +#ifndef OPENSSL_NO_GOST + if ((alg_k & SSL_kGOST) != 0) { + if (!CBB_add_u8(cbb, TLS_CT_GOST94_SIGN)) + return 0; + if (!CBB_add_u8(cbb, TLS_CT_GOST01_SIGN)) + return 0; + if (!CBB_add_u8(cbb, TLS_CT_GOST12_256_SIGN)) + return 0; + if (!CBB_add_u8(cbb, TLS_CT_GOST12_512_SIGN)) + return 0; + } +#endif + + if ((alg_k & SSL_kDHE) != 0) { + if (!CBB_add_u8(cbb, SSL3_CT_RSA_FIXED_DH)) + return 0; + } + + if (!CBB_add_u8(cbb, SSL3_CT_RSA_SIGN)) + return 0; + + /* + * ECDSA certs can be used with RSA cipher suites as well + * so we don't need to check for SSL_kECDH or SSL_kECDHE. + */ + if (!CBB_add_u8(cbb, TLS_CT_ECDSA_SIGN)) + return 0; + + return 1; +} + +int +ssl3_shutdown(SSL *s) +{ + int ret; + + /* + * Don't do anything much if we have not done the handshake or + * we don't want to send messages :-) + */ + if ((s->internal->quiet_shutdown) || (S3I(s)->hs.state == SSL_ST_BEFORE)) { + s->internal->shutdown = (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); + return (1); + } + + if (!(s->internal->shutdown & SSL_SENT_SHUTDOWN)) { + s->internal->shutdown|=SSL_SENT_SHUTDOWN; + ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY); + /* + * Our shutdown alert has been sent now, and if it still needs + * to be written, S3I(s)->alert_dispatch will be true + */ + if (S3I(s)->alert_dispatch) + return(-1); /* return WANT_WRITE */ + } else if (S3I(s)->alert_dispatch) { + /* resend it if not sent */ + ret = s->method->ssl_dispatch_alert(s); + if (ret == -1) { + /* + * We only get to return -1 here the 2nd/Nth + * invocation, we must have already signalled + * return 0 upon a previous invoation, + * return WANT_WRITE + */ + return (ret); + } + } else if (!(s->internal->shutdown & SSL_RECEIVED_SHUTDOWN)) { + /* If we are waiting for a close from our peer, we are closed */ + s->method->internal->ssl_read_bytes(s, 0, NULL, 0, 0); + if (!(s->internal->shutdown & SSL_RECEIVED_SHUTDOWN)) { + return(-1); /* return WANT_READ */ } - return(ret); } + if ((s->internal->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) && + !S3I(s)->alert_dispatch) + return (1); + else + return (0); +} + +int +ssl3_write(SSL *s, const void *buf, int len) +{ + errno = 0; + + if (S3I(s)->renegotiate) + ssl3_renegotiate_check(s); + + return s->method->internal->ssl_write_bytes(s, + SSL3_RT_APPLICATION_DATA, buf, len); +} + +static int +ssl3_read_internal(SSL *s, void *buf, int len, int peek) +{ + int ret; + + errno = 0; + if (S3I(s)->renegotiate) + ssl3_renegotiate_check(s); + S3I(s)->in_read_app_data = 1; + ret = s->method->internal->ssl_read_bytes(s, + SSL3_RT_APPLICATION_DATA, buf, len, peek); + if ((ret == -1) && (S3I(s)->in_read_app_data == 2)) { + /* + * ssl3_read_bytes decided to call s->internal->handshake_func, which + * called ssl3_read_bytes to read handshake data. + * However, ssl3_read_bytes actually found application data + * and thinks that application data makes sense here; so disable + * handshake processing and try to read application data again. + */ + s->internal->in_handshake++; + ret = s->method->internal->ssl_read_bytes(s, + SSL3_RT_APPLICATION_DATA, buf, len, peek); + s->internal->in_handshake--; + } else + S3I(s)->in_read_app_data = 0; + + return (ret); +} + +int +ssl3_read(SSL *s, void *buf, int len) +{ + return ssl3_read_internal(s, buf, len, 0); +} + +int +ssl3_peek(SSL *s, void *buf, int len) +{ + return ssl3_read_internal(s, buf, len, 1); +} + +int +ssl3_renegotiate(SSL *s) +{ + if (s->internal->handshake_func == NULL) + return (1); + + if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) + return (0); + + S3I(s)->renegotiate = 1; + return (1); +} + +int +ssl3_renegotiate_check(SSL *s) +{ + int ret = 0; + + if (S3I(s)->renegotiate) { + if ((S3I(s)->rbuf.left == 0) && (S3I(s)->wbuf.left == 0) && + !SSL_in_init(s)) { + /* + * If we are the server, and we have sent + * a 'RENEGOTIATE' message, we need to go + * to SSL_ST_ACCEPT. + */ + /* SSL_ST_ACCEPT */ + S3I(s)->hs.state = SSL_ST_RENEGOTIATE; + S3I(s)->renegotiate = 0; + S3I(s)->num_renegotiations++; + S3I(s)->total_renegotiations++; + ret = 1; + } + } + return (ret); +} +/* + * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF + * and handshake macs if required. + */ +long +ssl_get_algorithm2(SSL *s) +{ + long alg2 = S3I(s)->hs.new_cipher->algorithm2; + + if (s->method->internal->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF && + alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF)) + return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; + return alg2; +} diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c deleted file mode 100644 index 43e8502b66f..00000000000 --- a/src/lib/libssl/s3_pkt.c +++ /dev/null @@ -1,1287 +0,0 @@ -/* ssl/s3_pkt.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include -#define USE_SOCKETS -#include -#include -#include "ssl_locl.h" - -static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, - unsigned int len, int create_empty_fragment); -static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, - unsigned int len); -static int ssl3_get_record(SSL *s); -static int do_compress(SSL *ssl); -static int do_uncompress(SSL *ssl); -static int do_change_cipher_spec(SSL *ssl); - -/* used only by ssl3_get_record */ -static int ssl3_read_n(SSL *s, int n, int max, int extend) - { - /* If extend == 0, obtain new n-byte packet; if extend == 1, increase - * packet by another n bytes. - * The packet will be in the sub-array of s->s3->rbuf.buf specified - * by s->packet and s->packet_length. - * (If s->read_ahead is set, 'max' bytes may be stored in rbuf - * [plus s->packet_length bytes if extend == 1].) - */ - int i,off,newb; - - if (!extend) - { - /* start with empty packet ... */ - if (s->s3->rbuf.left == 0) - s->s3->rbuf.offset = 0; - s->packet = s->s3->rbuf.buf + s->s3->rbuf.offset; - s->packet_length = 0; - /* ... now we can act as if 'extend' was set */ - } - - /* if there is enough in the buffer from a previous read, take some */ - if (s->s3->rbuf.left >= (int)n) - { - s->packet_length+=n; - s->s3->rbuf.left-=n; - s->s3->rbuf.offset+=n; - return(n); - } - - /* else we need to read more data */ - if (!s->read_ahead) - max=n; - - { - /* avoid buffer overflow */ - int max_max = s->s3->rbuf.len - s->packet_length; - if (max > max_max) - max = max_max; - } - if (n > max) /* does not happen */ - { - SSLerr(SSL_F_SSL3_READ_N,ERR_R_INTERNAL_ERROR); - return -1; - } - - off = s->packet_length; - newb = s->s3->rbuf.left; - /* Move any available bytes to front of buffer: - * 'off' bytes already pointed to by 'packet', - * 'newb' extra ones at the end */ - if (s->packet != s->s3->rbuf.buf) - { - /* off > 0 */ - memmove(s->s3->rbuf.buf, s->packet, off+newb); - s->packet = s->s3->rbuf.buf; - } - - while (newb < n) - { - /* Now we have off+newb bytes at the front of s->s3->rbuf.buf and need - * to read in more until we have off+n (up to off+max if possible) */ - - clear_sys_error(); - if (s->rbio != NULL) - { - s->rwstate=SSL_READING; - i=BIO_read(s->rbio, &(s->s3->rbuf.buf[off+newb]), max-newb); - } - else - { - SSLerr(SSL_F_SSL3_READ_N,SSL_R_READ_BIO_NOT_SET); - i = -1; - } - - if (i <= 0) - { - s->s3->rbuf.left = newb; - return(i); - } - newb+=i; - } - - /* done reading, now the book-keeping */ - s->s3->rbuf.offset = off + n; - s->s3->rbuf.left = newb - n; - s->packet_length += n; - s->rwstate=SSL_NOTHING; - return(n); - } - -/* Call this to get a new input record. - * It will return <= 0 if more data is needed, normally due to an error - * or non-blocking IO. - * When it finishes, one packet has been decoded and can be found in - * ssl->s3->rrec.type - is the type of record - * ssl->s3->rrec.data, - data - * ssl->s3->rrec.length, - number of bytes - */ -/* used only by ssl3_read_bytes */ -static int ssl3_get_record(SSL *s) - { - int ssl_major,ssl_minor,al; - int enc_err,n,i,ret= -1; - SSL3_RECORD *rr; - SSL_SESSION *sess; - unsigned char *p; - unsigned char md[EVP_MAX_MD_SIZE]; - short version; - unsigned int mac_size; - int clear=0; - size_t extra; - - rr= &(s->s3->rrec); - sess=s->session; - - if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) - extra=SSL3_RT_MAX_EXTRA; - else - extra=0; - if (extra != s->s3->rbuf.len - SSL3_RT_MAX_PACKET_SIZE) - { - /* actually likely an application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER - * set after ssl3_setup_buffers() was done */ - SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR); - return -1; - } - -again: - /* check if we have the header */ - if ( (s->rstate != SSL_ST_READ_BODY) || - (s->packet_length < SSL3_RT_HEADER_LENGTH)) - { - n=ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf.len, 0); - if (n <= 0) return(n); /* error or non-blocking */ - s->rstate=SSL_ST_READ_BODY; - - p=s->packet; - - /* Pull apart the header into the SSL3_RECORD */ - rr->type= *(p++); - ssl_major= *(p++); - ssl_minor= *(p++); - version=(ssl_major<<8)|ssl_minor; - n2s(p,rr->length); - - /* Lets check version */ - if (s->first_packet) - { - s->first_packet=0; - } - else - { - if (version != s->version) - { - SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); - /* Send back error using their - * version number :-) */ - s->version=version; - al=SSL_AD_PROTOCOL_VERSION; - goto f_err; - } - } - - if ((version>>8) != SSL3_VERSION_MAJOR) - { - SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); - goto err; - } - - if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH+extra) - { - al=SSL_AD_RECORD_OVERFLOW; - SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG); - goto f_err; - } - - /* now s->rstate == SSL_ST_READ_BODY */ - } - - /* s->rstate == SSL_ST_READ_BODY, get and decode the data */ - - if (rr->length > s->packet_length-SSL3_RT_HEADER_LENGTH) - { - /* now s->packet_length == SSL3_RT_HEADER_LENGTH */ - i=rr->length; - n=ssl3_read_n(s,i,i,1); - if (n <= 0) return(n); /* error or non-blocking io */ - /* now n == rr->length, - * and s->packet_length == SSL3_RT_HEADER_LENGTH + rr->length */ - } - - s->rstate=SSL_ST_READ_HEADER; /* set state for later operations */ - - /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length, - * and we have that many bytes in s->packet - */ - rr->input= &(s->packet[SSL3_RT_HEADER_LENGTH]); - - /* ok, we can now read from 's->packet' data into 'rr' - * rr->input points at rr->length bytes, which - * need to be copied into rr->data by either - * the decryption or by the decompression - * When the data is 'copied' into the rr->data buffer, - * rr->input will be pointed at the new buffer */ - - /* We now have - encrypted [ MAC [ compressed [ plain ] ] ] - * rr->length bytes of encrypted compressed stuff. */ - - /* check is not needed I believe */ - if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH+extra) - { - al=SSL_AD_RECORD_OVERFLOW; - SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG); - goto f_err; - } - - /* decrypt in place in 'rr->input' */ - rr->data=rr->input; - - enc_err = s->method->ssl3_enc->enc(s,0); - if (enc_err <= 0) - { - if (enc_err == 0) - /* SSLerr() and ssl3_send_alert() have been called */ - goto err; - - /* otherwise enc_err == -1 */ - goto decryption_failed_or_bad_record_mac; - } - -#ifdef TLS_DEBUG -printf("dec %d\n",rr->length); -{ unsigned int z; for (z=0; zlength; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); } -printf("\n"); -#endif - - /* r->length is now the compressed data plus mac */ - if ( (sess == NULL) || - (s->enc_read_ctx == NULL) || - (s->read_hash == NULL)) - clear=1; - - if (!clear) - { - mac_size=EVP_MD_size(s->read_hash); - - if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size) - { -#if 0 /* OK only for stream ciphers (then rr->length is visible from ciphertext anyway) */ - al=SSL_AD_RECORD_OVERFLOW; - SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG); - goto f_err; -#else - goto decryption_failed_or_bad_record_mac; -#endif - } - /* check the MAC for rr->input (it's in mac_size bytes at the tail) */ - if (rr->length < mac_size) - { -#if 0 /* OK only for stream ciphers */ - al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT); - goto f_err; -#else - goto decryption_failed_or_bad_record_mac; -#endif - } - rr->length-=mac_size; - i=s->method->ssl3_enc->mac(s,md,0); - if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0) - { - goto decryption_failed_or_bad_record_mac; - } - } - - /* r->length is now just compressed */ - if (s->expand != NULL) - { - if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra) - { - al=SSL_AD_RECORD_OVERFLOW; - SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG); - goto f_err; - } - if (!do_uncompress(s)) - { - al=SSL_AD_DECOMPRESSION_FAILURE; - SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_DECOMPRESSION); - goto f_err; - } - } - - if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH+extra) - { - al=SSL_AD_RECORD_OVERFLOW; - SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG); - goto f_err; - } - - rr->off=0; - /* So at this point the following is true - * ssl->s3->rrec.type is the type of record - * ssl->s3->rrec.length == number of bytes in record - * ssl->s3->rrec.off == offset to first valid byte - * ssl->s3->rrec.data == where to take bytes from, increment - * after use :-). - */ - - /* we have pulled in a full packet so zero things */ - s->packet_length=0; - - /* just read a 0 length packet */ - if (rr->length == 0) goto again; - - return(1); - -decryption_failed_or_bad_record_mac: - /* Separate 'decryption_failed' alert was introduced with TLS 1.0, - * SSL 3.0 only has 'bad_record_mac'. But unless a decryption - * failure is directly visible from the ciphertext anyway, - * we should not reveal which kind of error occured -- this - * might become visible to an attacker (e.g. via logfile) */ - al=SSL_AD_BAD_RECORD_MAC; - SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); -f_err: - ssl3_send_alert(s,SSL3_AL_FATAL,al); -err: - return(ret); - } - -static int do_uncompress(SSL *ssl) - { - int i; - SSL3_RECORD *rr; - - rr= &(ssl->s3->rrec); - i=COMP_expand_block(ssl->expand,rr->comp, - SSL3_RT_MAX_PLAIN_LENGTH,rr->data,(int)rr->length); - if (i < 0) - return(0); - else - rr->length=i; - rr->data=rr->comp; - - return(1); - } - -static int do_compress(SSL *ssl) - { - int i; - SSL3_RECORD *wr; - - wr= &(ssl->s3->wrec); - i=COMP_compress_block(ssl->compress,wr->data, - SSL3_RT_MAX_COMPRESSED_LENGTH, - wr->input,(int)wr->length); - if (i < 0) - return(0); - else - wr->length=i; - - wr->input=wr->data; - return(1); - } - -/* Call this to write data in records of type 'type' - * It will return <= 0 if not all data has been sent or non-blocking IO. - */ -int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) - { - const unsigned char *buf=buf_; - unsigned int tot,n,nw; - int i; - - s->rwstate=SSL_NOTHING; - tot=s->s3->wnum; - s->s3->wnum=0; - - if (SSL_in_init(s) && !s->in_handshake) - { - i=s->handshake_func(s); - if (i < 0) return(i); - if (i == 0) - { - SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); - return -1; - } - } - - n=(len-tot); - for (;;) - { - if (n > SSL3_RT_MAX_PLAIN_LENGTH) - nw=SSL3_RT_MAX_PLAIN_LENGTH; - else - nw=n; - - i=do_ssl3_write(s, type, &(buf[tot]), nw, 0); - if (i <= 0) - { - s->s3->wnum=tot; - return i; - } - - if ((i == (int)n) || - (type == SSL3_RT_APPLICATION_DATA && - (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))) - { - /* next chunk of data should get another prepended empty fragment - * in ciphersuites with known-IV weakness: */ - s->s3->empty_fragment_done = 0; - - return tot+i; - } - - n-=i; - tot+=i; - } - } - -static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, - unsigned int len, int create_empty_fragment) - { - unsigned char *p,*plen; - int i,mac_size,clear=0; - int prefix_len = 0; - SSL3_RECORD *wr; - SSL3_BUFFER *wb; - SSL_SESSION *sess; - - /* first check if there is a SSL3_BUFFER still being written - * out. This will happen with non blocking IO */ - if (s->s3->wbuf.left != 0) - return(ssl3_write_pending(s,type,buf,len)); - - /* If we have an alert to send, lets send it */ - if (s->s3->alert_dispatch) - { - i=ssl3_dispatch_alert(s); - if (i <= 0) - return(i); - /* if it went, fall through and send more stuff */ - } - - if (len == 0 && !create_empty_fragment) - return 0; - - wr= &(s->s3->wrec); - wb= &(s->s3->wbuf); - sess=s->session; - - if ( (sess == NULL) || - (s->enc_write_ctx == NULL) || - (s->write_hash == NULL)) - clear=1; - - if (clear) - mac_size=0; - else - mac_size=EVP_MD_size(s->write_hash); - - /* 'create_empty_fragment' is true only when this function calls itself */ - if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done) - { - /* countermeasure against known-IV weakness in CBC ciphersuites - * (see http://www.openssl.org/~bodo/tls-cbc.txt) */ - - if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA) - { - /* recursive function call with 'create_empty_fragment' set; - * this prepares and buffers the data for an empty fragment - * (these 'prefix_len' bytes are sent out later - * together with the actual payload) */ - prefix_len = do_ssl3_write(s, type, buf, 0, 1); - if (prefix_len <= 0) - goto err; - - if (s->s3->wbuf.len < (size_t)prefix_len + SSL3_RT_MAX_PACKET_SIZE) - { - /* insufficient space */ - SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR); - goto err; - } - } - - s->s3->empty_fragment_done = 1; - } - - p = wb->buf + prefix_len; - - /* write the header */ - - *(p++)=type&0xff; - wr->type=type; - - *(p++)=(s->version>>8); - *(p++)=s->version&0xff; - - /* field where we are to write out packet length */ - plen=p; - p+=2; - - /* lets setup the record stuff. */ - wr->data=p; - wr->length=(int)len; - wr->input=(unsigned char *)buf; - - /* we now 'read' from wr->input, wr->length bytes into - * wr->data */ - - /* first we compress */ - if (s->compress != NULL) - { - if (!do_compress(s)) - { - SSLerr(SSL_F_DO_SSL3_WRITE,SSL_R_COMPRESSION_FAILURE); - goto err; - } - } - else - { - memcpy(wr->data,wr->input,wr->length); - wr->input=wr->data; - } - - /* we should still have the output to wr->data and the input - * from wr->input. Length should be wr->length. - * wr->data still points in the wb->buf */ - - if (mac_size != 0) - { - s->method->ssl3_enc->mac(s,&(p[wr->length]),1); - wr->length+=mac_size; - wr->input=p; - wr->data=p; - } - - /* ssl3_enc can only have an error on read */ - s->method->ssl3_enc->enc(s,1); - - /* record length after mac and block padding */ - s2n(wr->length,plen); - - /* we should now have - * wr->data pointing to the encrypted data, which is - * wr->length long */ - wr->type=type; /* not needed but helps for debugging */ - wr->length+=SSL3_RT_HEADER_LENGTH; - - if (create_empty_fragment) - { - /* we are in a recursive call; - * just return the length, don't write out anything here - */ - return wr->length; - } - - /* now let's set up wb */ - wb->left = prefix_len + wr->length; - wb->offset = 0; - - /* memorize arguments so that ssl3_write_pending can detect bad write retries later */ - s->s3->wpend_tot=len; - s->s3->wpend_buf=buf; - s->s3->wpend_type=type; - s->s3->wpend_ret=len; - - /* we now just need to write the buffer */ - return ssl3_write_pending(s,type,buf,len); -err: - return -1; - } - -/* if s->s3->wbuf.left != 0, we need to call this */ -static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, - unsigned int len) - { - int i; - -/* XXXX */ - if ((s->s3->wpend_tot > (int)len) - || ((s->s3->wpend_buf != buf) && - !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) - || (s->s3->wpend_type != type)) - { - SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY); - return(-1); - } - - for (;;) - { - clear_sys_error(); - if (s->wbio != NULL) - { - s->rwstate=SSL_WRITING; - i=BIO_write(s->wbio, - (char *)&(s->s3->wbuf.buf[s->s3->wbuf.offset]), - (unsigned int)s->s3->wbuf.left); - } - else - { - SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BIO_NOT_SET); - i= -1; - } - if (i == s->s3->wbuf.left) - { - s->s3->wbuf.left=0; - s->rwstate=SSL_NOTHING; - return(s->s3->wpend_ret); - } - else if (i <= 0) - return(i); - s->s3->wbuf.offset+=i; - s->s3->wbuf.left-=i; - } - } - -/* Return up to 'len' payload bytes received in 'type' records. - * 'type' is one of the following: - * - * - SSL3_RT_HANDSHAKE (when ssl3_get_message calls us) - * - SSL3_RT_APPLICATION_DATA (when ssl3_read calls us) - * - 0 (during a shutdown, no data has to be returned) - * - * If we don't have stored data to work from, read a SSL/TLS record first - * (possibly multiple records if we still don't have anything to return). - * - * This function must handle any surprises the peer may have for us, such as - * Alert records (e.g. close_notify), ChangeCipherSpec records (not really - * a surprise, but handled as if it were), or renegotiation requests. - * Also if record payloads contain fragments too small to process, we store - * them until there is enough for the respective protocol (the record protocol - * may use arbitrary fragmentation and even interleaving): - * Change cipher spec protocol - * just 1 byte needed, no need for keeping anything stored - * Alert protocol - * 2 bytes needed (AlertLevel, AlertDescription) - * Handshake protocol - * 4 bytes needed (HandshakeType, uint24 length) -- we just have - * to detect unexpected Client Hello and Hello Request messages - * here, anything else is handled by higher layers - * Application data protocol - * none of our business - */ -int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) - { - int al,i,j,ret; - unsigned int n; - SSL3_RECORD *rr; - void (*cb)(const SSL *ssl,int type2,int val)=NULL; - - if (s->s3->rbuf.buf == NULL) /* Not initialized yet */ - if (!ssl3_setup_buffers(s)) - return(-1); - - if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE) && type) || - (peek && (type != SSL3_RT_APPLICATION_DATA))) - { - SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR); - return -1; - } - - if ((type == SSL3_RT_HANDSHAKE) && (s->s3->handshake_fragment_len > 0)) - /* (partially) satisfy request from storage */ - { - unsigned char *src = s->s3->handshake_fragment; - unsigned char *dst = buf; - unsigned int k; - - /* peek == 0 */ - n = 0; - while ((len > 0) && (s->s3->handshake_fragment_len > 0)) - { - *dst++ = *src++; - len--; s->s3->handshake_fragment_len--; - n++; - } - /* move any remaining fragment bytes: */ - for (k = 0; k < s->s3->handshake_fragment_len; k++) - s->s3->handshake_fragment[k] = *src++; - return n; - } - - /* Now s->s3->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */ - - if (!s->in_handshake && SSL_in_init(s)) - { - /* type == SSL3_RT_APPLICATION_DATA */ - i=s->handshake_func(s); - if (i < 0) return(i); - if (i == 0) - { - SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); - return(-1); - } - } -start: - s->rwstate=SSL_NOTHING; - - /* s->s3->rrec.type - is the type of record - * s->s3->rrec.data, - data - * s->s3->rrec.off, - offset into 'data' for next read - * s->s3->rrec.length, - number of bytes. */ - rr = &(s->s3->rrec); - - /* get new packet if necessary */ - if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY)) - { - ret=ssl3_get_record(s); - if (ret <= 0) return(ret); - } - - /* we now have a packet which can be read and processed */ - - if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, - * reset by ssl3_get_finished */ - && (rr->type != SSL3_RT_HANDSHAKE)) - { - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_DATA_BETWEEN_CCS_AND_FINISHED); - goto err; - } - - /* If the other end has shut down, throw anything we read away - * (even in 'peek' mode) */ - if (s->shutdown & SSL_RECEIVED_SHUTDOWN) - { - rr->length=0; - s->rwstate=SSL_NOTHING; - return(0); - } - - - if (type == rr->type) /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */ - { - /* make sure that we are not getting application data when we - * are doing a handshake for the first time */ - if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && - (s->enc_read_ctx == NULL)) - { - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_APP_DATA_IN_HANDSHAKE); - goto f_err; - } - - if (len <= 0) return(len); - - if ((unsigned int)len > rr->length) - n = rr->length; - else - n = (unsigned int)len; - - memcpy(buf,&(rr->data[rr->off]),n); - if (!peek) - { - rr->length-=n; - rr->off+=n; - if (rr->length == 0) - { - s->rstate=SSL_ST_READ_HEADER; - rr->off=0; - } - } - return(n); - } - - - /* If we get here, then type != rr->type; if we have a handshake - * message, then it was unexpected (Hello Request or Client Hello). */ - - /* In case of record types for which we have 'fragment' storage, - * fill that so that we can process the data at a fixed place. - */ - { - unsigned int dest_maxlen = 0; - unsigned char *dest = NULL; - unsigned int *dest_len = NULL; - - if (rr->type == SSL3_RT_HANDSHAKE) - { - dest_maxlen = sizeof s->s3->handshake_fragment; - dest = s->s3->handshake_fragment; - dest_len = &s->s3->handshake_fragment_len; - } - else if (rr->type == SSL3_RT_ALERT) - { - dest_maxlen = sizeof s->s3->alert_fragment; - dest = s->s3->alert_fragment; - dest_len = &s->s3->alert_fragment_len; - } - - if (dest_maxlen > 0) - { - n = dest_maxlen - *dest_len; /* available space in 'dest' */ - if (rr->length < n) - n = rr->length; /* available bytes */ - - /* now move 'n' bytes: */ - while (n-- > 0) - { - dest[(*dest_len)++] = rr->data[rr->off++]; - rr->length--; - } - - if (*dest_len < dest_maxlen) - goto start; /* fragment was too small */ - } - } - - /* s->s3->handshake_fragment_len == 4 iff rr->type == SSL3_RT_HANDSHAKE; - * s->s3->alert_fragment_len == 2 iff rr->type == SSL3_RT_ALERT. - * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */ - - /* If we are a client, check for an incoming 'Hello Request': */ - if ((!s->server) && - (s->s3->handshake_fragment_len >= 4) && - (s->s3->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) && - (s->session != NULL) && (s->session->cipher != NULL)) - { - s->s3->handshake_fragment_len = 0; - - if ((s->s3->handshake_fragment[1] != 0) || - (s->s3->handshake_fragment[2] != 0) || - (s->s3->handshake_fragment[3] != 0)) - { - al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_HELLO_REQUEST); - goto err; - } - - if (s->msg_callback) - s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->s3->handshake_fragment, 4, s, s->msg_callback_arg); - - if (SSL_is_init_finished(s) && - !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && - !s->s3->renegotiate) - { - ssl3_renegotiate(s); - if (ssl3_renegotiate_check(s)) - { - i=s->handshake_func(s); - if (i < 0) return(i); - if (i == 0) - { - SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); - return(-1); - } - - if (!(s->mode & SSL_MODE_AUTO_RETRY)) - { - if (s->s3->rbuf.left == 0) /* no read-ahead left? */ - { - BIO *bio; - /* In the case where we try to read application data, - * but we trigger an SSL handshake, we return -1 with - * the retry option set. Otherwise renegotiation may - * cause nasty problems in the blocking world */ - s->rwstate=SSL_READING; - bio=SSL_get_rbio(s); - BIO_clear_retry_flags(bio); - BIO_set_retry_read(bio); - return(-1); - } - } - } - } - /* we either finished a handshake or ignored the request, - * now try again to obtain the (application) data we were asked for */ - goto start; - } - - if (s->s3->alert_fragment_len >= 2) - { - int alert_level = s->s3->alert_fragment[0]; - int alert_descr = s->s3->alert_fragment[1]; - - s->s3->alert_fragment_len = 0; - - if (s->msg_callback) - s->msg_callback(0, s->version, SSL3_RT_ALERT, s->s3->alert_fragment, 2, s, s->msg_callback_arg); - - if (s->info_callback != NULL) - cb=s->info_callback; - else if (s->ctx->info_callback != NULL) - cb=s->ctx->info_callback; - - if (cb != NULL) - { - j = (alert_level << 8) | alert_descr; - cb(s, SSL_CB_READ_ALERT, j); - } - - if (alert_level == 1) /* warning */ - { - s->s3->warn_alert = alert_descr; - if (alert_descr == SSL_AD_CLOSE_NOTIFY) - { - s->shutdown |= SSL_RECEIVED_SHUTDOWN; - return(0); - } - } - else if (alert_level == 2) /* fatal */ - { - char tmp[16]; - - s->rwstate=SSL_NOTHING; - s->s3->fatal_alert = alert_descr; - SSLerr(SSL_F_SSL3_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr); - BIO_snprintf(tmp,sizeof tmp,"%d",alert_descr); - ERR_add_error_data(2,"SSL alert number ",tmp); - s->shutdown|=SSL_RECEIVED_SHUTDOWN; - SSL_CTX_remove_session(s->ctx,s->session); - return(0); - } - else - { - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNKNOWN_ALERT_TYPE); - goto f_err; - } - - goto start; - } - - if (s->shutdown & SSL_SENT_SHUTDOWN) /* but we have not received a shutdown */ - { - s->rwstate=SSL_NOTHING; - rr->length=0; - return(0); - } - - if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) - { - /* 'Change Cipher Spec' is just a single byte, so we know - * exactly what the record payload has to look like */ - if ( (rr->length != 1) || (rr->off != 0) || - (rr->data[0] != SSL3_MT_CCS)) - { - i=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC); - goto err; - } - - rr->length=0; - - if (s->msg_callback) - s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, 1, s, s->msg_callback_arg); - - s->s3->change_cipher_spec=1; - if (!do_change_cipher_spec(s)) - goto err; - else - goto start; - } - - /* Unexpected handshake message (Client Hello, or protocol violation) */ - if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake) - { - if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && - !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) - { -#if 0 /* worked only because C operator preferences are not as expected (and - * because this is not really needed for clients except for detecting - * protocol violations): */ - s->state=SSL_ST_BEFORE|(s->server) - ?SSL_ST_ACCEPT - :SSL_ST_CONNECT; -#else - s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT; -#endif - s->new_session=1; - } - i=s->handshake_func(s); - if (i < 0) return(i); - if (i == 0) - { - SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); - return(-1); - } - - if (!(s->mode & SSL_MODE_AUTO_RETRY)) - { - if (s->s3->rbuf.left == 0) /* no read-ahead left? */ - { - BIO *bio; - /* In the case where we try to read application data, - * but we trigger an SSL handshake, we return -1 with - * the retry option set. Otherwise renegotiation may - * cause nasty problems in the blocking world */ - s->rwstate=SSL_READING; - bio=SSL_get_rbio(s); - BIO_clear_retry_flags(bio); - BIO_set_retry_read(bio); - return(-1); - } - } - goto start; - } - - switch (rr->type) - { - default: -#ifndef OPENSSL_NO_TLS - /* TLS just ignores unknown message types */ - if (s->version == TLS1_VERSION) - { - rr->length = 0; - goto start; - } -#endif - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD); - goto f_err; - case SSL3_RT_CHANGE_CIPHER_SPEC: - case SSL3_RT_ALERT: - case SSL3_RT_HANDSHAKE: - /* we already handled all of these, with the possible exception - * of SSL3_RT_HANDSHAKE when s->in_handshake is set, but that - * should not happen when type != rr->type */ - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_READ_BYTES,ERR_R_INTERNAL_ERROR); - goto f_err; - case SSL3_RT_APPLICATION_DATA: - /* At this point, we were expecting handshake data, - * but have application data. If the library was - * running inside ssl3_read() (i.e. in_read_app_data - * is set) and it makes sense to read application data - * at this point (session renegotiation not yet started), - * we will indulge it. - */ - if (s->s3->in_read_app_data && - (s->s3->total_renegotiations != 0) && - (( - (s->state & SSL_ST_CONNECT) && - (s->state >= SSL3_ST_CW_CLNT_HELLO_A) && - (s->state <= SSL3_ST_CR_SRVR_HELLO_A) - ) || ( - (s->state & SSL_ST_ACCEPT) && - (s->state <= SSL3_ST_SW_HELLO_REQ_A) && - (s->state >= SSL3_ST_SR_CLNT_HELLO_A) - ) - )) - { - s->s3->in_read_app_data=2; - return(-1); - } - else - { - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD); - goto f_err; - } - } - /* not reached */ - -f_err: - ssl3_send_alert(s,SSL3_AL_FATAL,al); -err: - return(-1); - } - -static int do_change_cipher_spec(SSL *s) - { - int i; - const char *sender; - int slen; - - if (s->state & SSL_ST_ACCEPT) - i=SSL3_CHANGE_CIPHER_SERVER_READ; - else - i=SSL3_CHANGE_CIPHER_CLIENT_READ; - - if (s->s3->tmp.key_block == NULL) - { - s->session->cipher=s->s3->tmp.new_cipher; - if (!s->method->ssl3_enc->setup_key_block(s)) return(0); - } - - if (!s->method->ssl3_enc->change_cipher_state(s,i)) - return(0); - - /* we have to record the message digest at - * this point so we can get it before we read - * the finished message */ - if (s->state & SSL_ST_CONNECT) - { - sender=s->method->ssl3_enc->server_finished_label; - slen=s->method->ssl3_enc->server_finished_label_len; - } - else - { - sender=s->method->ssl3_enc->client_finished_label; - slen=s->method->ssl3_enc->client_finished_label_len; - } - - s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s, - &(s->s3->finish_dgst1), - &(s->s3->finish_dgst2), - sender,slen,s->s3->tmp.peer_finish_md); - - return(1); - } - -void ssl3_send_alert(SSL *s, int level, int desc) - { - /* Map tls/ssl alert value to correct one */ - desc=s->method->ssl3_enc->alert_value(desc); - if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION) - desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have protocol_version alerts */ - if (desc < 0) return; - /* If a fatal one, remove from cache */ - if ((level == 2) && (s->session != NULL)) - SSL_CTX_remove_session(s->ctx,s->session); - - s->s3->alert_dispatch=1; - s->s3->send_alert[0]=level; - s->s3->send_alert[1]=desc; - if (s->s3->wbuf.left == 0) /* data still being written out? */ - ssl3_dispatch_alert(s); - /* else data is still being written out, we will get written - * some time in the future */ - } - -int ssl3_dispatch_alert(SSL *s) - { - int i,j; - void (*cb)(const SSL *ssl,int type,int val)=NULL; - - s->s3->alert_dispatch=0; - i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], 2, 0); - if (i <= 0) - { - s->s3->alert_dispatch=1; - } - else - { - /* Alert sent to BIO. If it is important, flush it now. - * If the message does not get sent due to non-blocking IO, - * we will not worry too much. */ - if (s->s3->send_alert[0] == SSL3_AL_FATAL) - (void)BIO_flush(s->wbio); - - if (s->msg_callback) - s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert, 2, s, s->msg_callback_arg); - - if (s->info_callback != NULL) - cb=s->info_callback; - else if (s->ctx->info_callback != NULL) - cb=s->ctx->info_callback; - - if (cb != NULL) - { - j=(s->s3->send_alert[0]<<8)|s->s3->send_alert[1]; - cb(s,SSL_CB_WRITE_ALERT,j); - } - } - return(i); - } diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c deleted file mode 100644 index dfffed7165e..00000000000 --- a/src/lib/libssl/s3_srvr.c +++ /dev/null @@ -1,2046 +0,0 @@ -/* ssl/s3_srvr.c */ -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#define REUSE_CIPHER_BUG -#define NETSCAPE_HANG_BUG - - -#include -#include "ssl_locl.h" -#include "kssl_lcl.h" -#include -#include -#include -#include -#include -#ifndef OPENSSL_NO_KRB5 -#include -#endif -#include - -static SSL_METHOD *ssl3_get_server_method(int ver); -static int ssl3_get_client_hello(SSL *s); -static int ssl3_check_client_hello(SSL *s); -static int ssl3_send_server_hello(SSL *s); -static int ssl3_send_server_key_exchange(SSL *s); -static int ssl3_send_certificate_request(SSL *s); -static int ssl3_send_server_done(SSL *s); -static int ssl3_get_client_key_exchange(SSL *s); -static int ssl3_get_client_certificate(SSL *s); -static int ssl3_get_cert_verify(SSL *s); -static int ssl3_send_hello_request(SSL *s); - -static SSL_METHOD *ssl3_get_server_method(int ver) - { - if (ver == SSL3_VERSION) - return(SSLv3_server_method()); - else - return(NULL); - } - -SSL_METHOD *SSLv3_server_method(void) - { - static int init=1; - static SSL_METHOD SSLv3_server_data; - - if (init) - { - memcpy((char *)&SSLv3_server_data,(char *)sslv3_base_method(), - sizeof(SSL_METHOD)); - SSLv3_server_data.ssl_accept=ssl3_accept; - SSLv3_server_data.get_ssl_method=ssl3_get_server_method; - init=0; - } - return(&SSLv3_server_data); - } - -int ssl3_accept(SSL *s) - { - BUF_MEM *buf; - unsigned long l,Time=time(NULL); - void (*cb)(const SSL *ssl,int type,int val)=NULL; - long num1; - int ret= -1; - int new_state,state,skip=0; - - RAND_add(&Time,sizeof(Time),0); - ERR_clear_error(); - clear_sys_error(); - - if (s->info_callback != NULL) - cb=s->info_callback; - else if (s->ctx->info_callback != NULL) - cb=s->ctx->info_callback; - - /* init things to blank */ - s->in_handshake++; - if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); - - if (s->cert == NULL) - { - SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_NO_CERTIFICATE_SET); - return(-1); - } - - for (;;) - { - state=s->state; - - switch (s->state) - { - case SSL_ST_RENEGOTIATE: - s->new_session=1; - /* s->state=SSL_ST_ACCEPT; */ - - case SSL_ST_BEFORE: - case SSL_ST_ACCEPT: - case SSL_ST_BEFORE|SSL_ST_ACCEPT: - case SSL_ST_OK|SSL_ST_ACCEPT: - - s->server=1; - if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); - - if ((s->version>>8) != 3) - { - SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR); - return -1; - } - s->type=SSL_ST_ACCEPT; - - if (s->init_buf == NULL) - { - if ((buf=BUF_MEM_new()) == NULL) - { - ret= -1; - goto end; - } - if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH)) - { - ret= -1; - goto end; - } - s->init_buf=buf; - } - - if (!ssl3_setup_buffers(s)) - { - ret= -1; - goto end; - } - - s->init_num=0; - - if (s->state != SSL_ST_RENEGOTIATE) - { - /* Ok, we now need to push on a buffering BIO so that - * the output is sent in a way that TCP likes :-) - */ - if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; } - - ssl3_init_finished_mac(s); - s->state=SSL3_ST_SR_CLNT_HELLO_A; - s->ctx->stats.sess_accept++; - } - else - { - /* s->state == SSL_ST_RENEGOTIATE, - * we will just send a HelloRequest */ - s->ctx->stats.sess_accept_renegotiate++; - s->state=SSL3_ST_SW_HELLO_REQ_A; - } - break; - - case SSL3_ST_SW_HELLO_REQ_A: - case SSL3_ST_SW_HELLO_REQ_B: - - s->shutdown=0; - ret=ssl3_send_hello_request(s); - if (ret <= 0) goto end; - s->s3->tmp.next_state=SSL3_ST_SW_HELLO_REQ_C; - s->state=SSL3_ST_SW_FLUSH; - s->init_num=0; - - ssl3_init_finished_mac(s); - break; - - case SSL3_ST_SW_HELLO_REQ_C: - s->state=SSL_ST_OK; - break; - - case SSL3_ST_SR_CLNT_HELLO_A: - case SSL3_ST_SR_CLNT_HELLO_B: - case SSL3_ST_SR_CLNT_HELLO_C: - - s->shutdown=0; - ret=ssl3_get_client_hello(s); - if (ret <= 0) goto end; - s->new_session = 2; - s->state=SSL3_ST_SW_SRVR_HELLO_A; - s->init_num=0; - break; - - case SSL3_ST_SW_SRVR_HELLO_A: - case SSL3_ST_SW_SRVR_HELLO_B: - ret=ssl3_send_server_hello(s); - if (ret <= 0) goto end; - - if (s->hit) - s->state=SSL3_ST_SW_CHANGE_A; - else - s->state=SSL3_ST_SW_CERT_A; - s->init_num=0; - break; - - case SSL3_ST_SW_CERT_A: - case SSL3_ST_SW_CERT_B: - /* Check if it is anon DH */ - if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL)) - { - ret=ssl3_send_server_certificate(s); - if (ret <= 0) goto end; - } - else - skip=1; - s->state=SSL3_ST_SW_KEY_EXCH_A; - s->init_num=0; - break; - - case SSL3_ST_SW_KEY_EXCH_A: - case SSL3_ST_SW_KEY_EXCH_B: - l=s->s3->tmp.new_cipher->algorithms; - - /* clear this, it may get reset by - * send_server_key_exchange */ - if ((s->options & SSL_OP_EPHEMERAL_RSA) -#ifndef OPENSSL_NO_KRB5 - && !(l & SSL_KRB5) -#endif /* OPENSSL_NO_KRB5 */ - ) - /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key - * even when forbidden by protocol specs - * (handshake may fail as clients are not required to - * be able to handle this) */ - s->s3->tmp.use_rsa_tmp=1; - else - s->s3->tmp.use_rsa_tmp=0; - - /* only send if a DH key exchange, fortezza or - * RSA but we have a sign only certificate */ - if (s->s3->tmp.use_rsa_tmp - || (l & (SSL_DH|SSL_kFZA)) - || ((l & SSL_kRSA) - && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL - || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) - && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher) - ) - ) - ) - ) - { - ret=ssl3_send_server_key_exchange(s); - if (ret <= 0) goto end; - } - else - skip=1; - - s->state=SSL3_ST_SW_CERT_REQ_A; - s->init_num=0; - break; - - case SSL3_ST_SW_CERT_REQ_A: - case SSL3_ST_SW_CERT_REQ_B: - if (/* don't request cert unless asked for it: */ - !(s->verify_mode & SSL_VERIFY_PEER) || - /* if SSL_VERIFY_CLIENT_ONCE is set, - * don't request cert during re-negotiation: */ - ((s->session->peer != NULL) && - (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) || - /* never request cert in anonymous ciphersuites - * (see section "Certificate request" in SSL 3 drafts - * and in RFC 2246): */ - ((s->s3->tmp.new_cipher->algorithms & SSL_aNULL) && - /* ... except when the application insists on verification - * (against the specs, but s3_clnt.c accepts this for SSL 3) */ - !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) || - /* never request cert in Kerberos ciphersuites */ - (s->s3->tmp.new_cipher->algorithms & SSL_aKRB5)) - { - /* no cert request */ - skip=1; - s->s3->tmp.cert_request=0; - s->state=SSL3_ST_SW_SRVR_DONE_A; - } - else - { - s->s3->tmp.cert_request=1; - ret=ssl3_send_certificate_request(s); - if (ret <= 0) goto end; -#ifndef NETSCAPE_HANG_BUG - s->state=SSL3_ST_SW_SRVR_DONE_A; -#else - s->state=SSL3_ST_SW_FLUSH; - s->s3->tmp.next_state=SSL3_ST_SR_CERT_A; -#endif - s->init_num=0; - } - break; - - case SSL3_ST_SW_SRVR_DONE_A: - case SSL3_ST_SW_SRVR_DONE_B: - ret=ssl3_send_server_done(s); - if (ret <= 0) goto end; - s->s3->tmp.next_state=SSL3_ST_SR_CERT_A; - s->state=SSL3_ST_SW_FLUSH; - s->init_num=0; - break; - - case SSL3_ST_SW_FLUSH: - /* number of bytes to be flushed */ - num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL); - if (num1 > 0) - { - s->rwstate=SSL_WRITING; - num1=BIO_flush(s->wbio); - if (num1 <= 0) { ret= -1; goto end; } - s->rwstate=SSL_NOTHING; - } - - s->state=s->s3->tmp.next_state; - break; - - case SSL3_ST_SR_CERT_A: - case SSL3_ST_SR_CERT_B: - /* Check for second client hello (MS SGC) */ - ret = ssl3_check_client_hello(s); - if (ret <= 0) - goto end; - if (ret == 2) - s->state = SSL3_ST_SR_CLNT_HELLO_C; - else { - /* could be sent for a DH cert, even if we - * have not asked for it :-) */ - ret=ssl3_get_client_certificate(s); - if (ret <= 0) goto end; - s->init_num=0; - s->state=SSL3_ST_SR_KEY_EXCH_A; - } - break; - - case SSL3_ST_SR_KEY_EXCH_A: - case SSL3_ST_SR_KEY_EXCH_B: - ret=ssl3_get_client_key_exchange(s); - if (ret <= 0) goto end; - s->state=SSL3_ST_SR_CERT_VRFY_A; - s->init_num=0; - - /* We need to get hashes here so if there is - * a client cert, it can be verified */ - s->method->ssl3_enc->cert_verify_mac(s, - &(s->s3->finish_dgst1), - &(s->s3->tmp.cert_verify_md[0])); - s->method->ssl3_enc->cert_verify_mac(s, - &(s->s3->finish_dgst2), - &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH])); - - break; - - case SSL3_ST_SR_CERT_VRFY_A: - case SSL3_ST_SR_CERT_VRFY_B: - - /* we should decide if we expected this one */ - ret=ssl3_get_cert_verify(s); - if (ret <= 0) goto end; - - s->state=SSL3_ST_SR_FINISHED_A; - s->init_num=0; - break; - - case SSL3_ST_SR_FINISHED_A: - case SSL3_ST_SR_FINISHED_B: - ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A, - SSL3_ST_SR_FINISHED_B); - if (ret <= 0) goto end; - if (s->hit) - s->state=SSL_ST_OK; - else - s->state=SSL3_ST_SW_CHANGE_A; - s->init_num=0; - break; - - case SSL3_ST_SW_CHANGE_A: - case SSL3_ST_SW_CHANGE_B: - - s->session->cipher=s->s3->tmp.new_cipher; - if (!s->method->ssl3_enc->setup_key_block(s)) - { ret= -1; goto end; } - - ret=ssl3_send_change_cipher_spec(s, - SSL3_ST_SW_CHANGE_A,SSL3_ST_SW_CHANGE_B); - - if (ret <= 0) goto end; - s->state=SSL3_ST_SW_FINISHED_A; - s->init_num=0; - - if (!s->method->ssl3_enc->change_cipher_state(s, - SSL3_CHANGE_CIPHER_SERVER_WRITE)) - { - ret= -1; - goto end; - } - - break; - - case SSL3_ST_SW_FINISHED_A: - case SSL3_ST_SW_FINISHED_B: - ret=ssl3_send_finished(s, - SSL3_ST_SW_FINISHED_A,SSL3_ST_SW_FINISHED_B, - s->method->ssl3_enc->server_finished_label, - s->method->ssl3_enc->server_finished_label_len); - if (ret <= 0) goto end; - s->state=SSL3_ST_SW_FLUSH; - if (s->hit) - s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A; - else - s->s3->tmp.next_state=SSL_ST_OK; - s->init_num=0; - break; - - case SSL_ST_OK: - /* clean a few things up */ - ssl3_cleanup_key_block(s); - - BUF_MEM_free(s->init_buf); - s->init_buf=NULL; - - /* remove buffering on output */ - ssl_free_wbio_buffer(s); - - s->init_num=0; - - if (s->new_session == 2) /* skipped if we just sent a HelloRequest */ - { - /* actually not necessarily a 'new' session unless - * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */ - - s->new_session=0; - - ssl_update_cache(s,SSL_SESS_CACHE_SERVER); - - s->ctx->stats.sess_accept_good++; - /* s->server=1; */ - s->handshake_func=ssl3_accept; - - if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1); - } - - ret = 1; - goto end; - /* break; */ - - default: - SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_UNKNOWN_STATE); - ret= -1; - goto end; - /* break; */ - } - - if (!s->s3->tmp.reuse_message && !skip) - { - if (s->debug) - { - if ((ret=BIO_flush(s->wbio)) <= 0) - goto end; - } - - - if ((cb != NULL) && (s->state != state)) - { - new_state=s->state; - s->state=state; - cb(s,SSL_CB_ACCEPT_LOOP,1); - s->state=new_state; - } - } - skip=0; - } -end: - /* BIO_flush(s->wbio); */ - - s->in_handshake--; - if (cb != NULL) - cb(s,SSL_CB_ACCEPT_EXIT,ret); - return(ret); - } - -static int ssl3_send_hello_request(SSL *s) - { - unsigned char *p; - - if (s->state == SSL3_ST_SW_HELLO_REQ_A) - { - p=(unsigned char *)s->init_buf->data; - *(p++)=SSL3_MT_HELLO_REQUEST; - *(p++)=0; - *(p++)=0; - *(p++)=0; - - s->state=SSL3_ST_SW_HELLO_REQ_B; - /* number of bytes to write */ - s->init_num=4; - s->init_off=0; - } - - /* SSL3_ST_SW_HELLO_REQ_B */ - return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); - } - -static int ssl3_check_client_hello(SSL *s) - { - int ok; - long n; - - /* this function is called when we really expect a Certificate message, - * so permit appropriate message length */ - n=ssl3_get_message(s, - SSL3_ST_SR_CERT_A, - SSL3_ST_SR_CERT_B, - -1, - s->max_cert_list, - &ok); - if (!ok) return((int)n); - s->s3->tmp.reuse_message = 1; - if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO) - { - /* Throw away what we have done so far in the current handshake, - * which will now be aborted. (A full SSL_clear would be too much.) - * I hope that tmp.dh is the only thing that may need to be cleared - * when a handshake is not completed ... */ -#ifndef OPENSSL_NO_DH - if (s->s3->tmp.dh != NULL) - { - DH_free(s->s3->tmp.dh); - s->s3->tmp.dh = NULL; - } -#endif - return 2; - } - return 1; -} - -static int ssl3_get_client_hello(SSL *s) - { - int i,j,ok,al,ret= -1; - long n; - unsigned long id; - unsigned char *p,*d,*q; - SSL_CIPHER *c; - SSL_COMP *comp=NULL; - STACK_OF(SSL_CIPHER) *ciphers=NULL; - - /* We do this so that we will respond with our native type. - * If we are TLSv1 and we get SSLv3, we will respond with TLSv1, - * This down switching should be handled by a different method. - * If we are SSLv3, we will respond with SSLv3, even if prompted with - * TLSv1. - */ - if (s->state == SSL3_ST_SR_CLNT_HELLO_A) - { - s->first_packet=1; - s->state=SSL3_ST_SR_CLNT_HELLO_B; - } - n=ssl3_get_message(s, - SSL3_ST_SR_CLNT_HELLO_B, - SSL3_ST_SR_CLNT_HELLO_C, - SSL3_MT_CLIENT_HELLO, - SSL3_RT_MAX_PLAIN_LENGTH, - &ok); - - if (!ok) return((int)n); - d=p=(unsigned char *)s->init_msg; - - /* use version from inside client hello, not from record header - * (may differ: see RFC 2246, Appendix E, second paragraph) */ - s->client_version=(((int)p[0])<<8)|(int)p[1]; - p+=2; - - if (s->client_version < s->version) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER); - if ((s->client_version>>8) == SSL3_VERSION_MAJOR) - { - /* similar to ssl3_get_record, send alert using remote version number */ - s->version = s->client_version; - } - al = SSL_AD_PROTOCOL_VERSION; - goto f_err; - } - - /* load the client random */ - memcpy(s->s3->client_random,p,SSL3_RANDOM_SIZE); - p+=SSL3_RANDOM_SIZE; - - /* get the session-id */ - j= *(p++); - - s->hit=0; - /* Versions before 0.9.7 always allow session reuse during renegotiation - * (i.e. when s->new_session is true), option - * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is new with 0.9.7. - * Maybe this optional behaviour should always have been the default, - * but we cannot safely change the default behaviour (or new applications - * might be written that become totally unsecure when compiled with - * an earlier library version) - */ - if (j == 0 || (s->new_session && (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION))) - { - if (!ssl_get_new_session(s,1)) - goto err; - } - else - { - i=ssl_get_prev_session(s,p,j); - if (i == 1) - { /* previous session */ - s->hit=1; - } - else if (i == -1) - goto err; - else /* i == 0 */ - { - if (!ssl_get_new_session(s,1)) - goto err; - } - } - - p+=j; - n2s(p,i); - if ((i == 0) && (j != 0)) - { - /* we need a cipher if we are not resuming a session */ - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_SPECIFIED); - goto f_err; - } - if ((p+i) >= (d+n)) - { - /* not enough data */ - al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH); - goto f_err; - } - if ((i > 0) && (ssl_bytes_to_cipher_list(s,p,i,&(ciphers)) - == NULL)) - { - goto err; - } - p+=i; - - /* If it is a hit, check that the cipher is in the list */ - if ((s->hit) && (i > 0)) - { - j=0; - id=s->session->cipher->id; - -#ifdef CIPHER_DEBUG - printf("client sent %d ciphers\n",sk_num(ciphers)); -#endif - for (i=0; iid == id) - { - j=1; - break; - } - } - if (j == 0) - { - if ((s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1)) - { - /* Very bad for multi-threading.... */ - s->session->cipher=sk_SSL_CIPHER_value(ciphers, - 0); - } - else - { - /* we need to have the cipher in the cipher - * list if we are asked to reuse it */ - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_REQUIRED_CIPHER_MISSING); - goto f_err; - } - } - } - - /* compression */ - i= *(p++); - if ((p+i) > (d+n)) - { - /* not enough data */ - al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH); - goto f_err; - } - q=p; - for (j=0; j= i) - { - /* no compress */ - al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_COMPRESSION_SPECIFIED); - goto f_err; - } - - /* Worst case, we will use the NULL compression, but if we have other - * options, we will now look for them. We have i-1 compression - * algorithms from the client, starting at q. */ - s->s3->tmp.new_compression=NULL; - if (s->ctx->comp_methods != NULL) - { /* See if we have a match */ - int m,nn,o,v,done=0; - - nn=sk_SSL_COMP_num(s->ctx->comp_methods); - for (m=0; mctx->comp_methods,m); - v=comp->id; - for (o=0; os3->tmp.new_compression=comp; - else - comp=NULL; - } - - /* TLS does not mind if there is extra stuff */ - if (s->version == SSL3_VERSION) - { - if (p < (d+n)) - { - /* wrong number of bytes, - * there could be more to follow */ - al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH); - goto f_err; - } - } - - /* Given s->session->ciphers and SSL_get_ciphers, we must - * pick a cipher */ - - if (!s->hit) - { - s->session->compress_meth=(comp == NULL)?0:comp->id; - if (s->session->ciphers != NULL) - sk_SSL_CIPHER_free(s->session->ciphers); - s->session->ciphers=ciphers; - if (ciphers == NULL) - { - al=SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_PASSED); - goto f_err; - } - ciphers=NULL; - c=ssl3_choose_cipher(s,s->session->ciphers, - SSL_get_ciphers(s)); - - if (c == NULL) - { - al=SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_SHARED_CIPHER); - goto f_err; - } - s->s3->tmp.new_cipher=c; - } - else - { - /* Session-id reuse */ -#ifdef REUSE_CIPHER_BUG - STACK_OF(SSL_CIPHER) *sk; - SSL_CIPHER *nc=NULL; - SSL_CIPHER *ec=NULL; - - if (s->options & SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG) - { - sk=s->session->ciphers; - for (i=0; ialgorithms & SSL_eNULL) - nc=c; - if (SSL_C_IS_EXPORT(c)) - ec=c; - } - if (nc != NULL) - s->s3->tmp.new_cipher=nc; - else if (ec != NULL) - s->s3->tmp.new_cipher=ec; - else - s->s3->tmp.new_cipher=s->session->cipher; - } - else -#endif - s->s3->tmp.new_cipher=s->session->cipher; - } - - /* we now have the following setup. - * client_random - * cipher_list - our prefered list of ciphers - * ciphers - the clients prefered list of ciphers - * compression - basically ignored right now - * ssl version is set - sslv3 - * s->session - The ssl session has been setup. - * s->hit - session reuse flag - * s->tmp.new_cipher - the new cipher to use. - */ - - ret=1; - if (0) - { -f_err: - ssl3_send_alert(s,SSL3_AL_FATAL,al); - } -err: - if (ciphers != NULL) sk_SSL_CIPHER_free(ciphers); - return(ret); - } - -static int ssl3_send_server_hello(SSL *s) - { - unsigned char *buf; - unsigned char *p,*d; - int i,sl; - unsigned long l,Time; - - if (s->state == SSL3_ST_SW_SRVR_HELLO_A) - { - buf=(unsigned char *)s->init_buf->data; - p=s->s3->server_random; - Time=time(NULL); /* Time */ - l2n(Time,p); - RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time)); - /* Do the message type and length last */ - d=p= &(buf[4]); - - *(p++)=s->version>>8; - *(p++)=s->version&0xff; - - /* Random stuff */ - memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE); - p+=SSL3_RANDOM_SIZE; - - /* now in theory we have 3 options to sending back the - * session id. If it is a re-use, we send back the - * old session-id, if it is a new session, we send - * back the new session-id or we send back a 0 length - * session-id if we want it to be single use. - * Currently I will not implement the '0' length session-id - * 12-Jan-98 - I'll now support the '0' length stuff. - */ - if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)) - s->session->session_id_length=0; - - sl=s->session->session_id_length; - die(sl <= sizeof s->session->session_id); - *(p++)=sl; - memcpy(p,s->session->session_id,sl); - p+=sl; - - /* put the cipher */ - i=ssl3_put_cipher_by_char(s->s3->tmp.new_cipher,p); - p+=i; - - /* put the compression method */ - if (s->s3->tmp.new_compression == NULL) - *(p++)=0; - else - *(p++)=s->s3->tmp.new_compression->id; - - /* do the header */ - l=(p-d); - d=buf; - *(d++)=SSL3_MT_SERVER_HELLO; - l2n3(l,d); - - s->state=SSL3_ST_CW_CLNT_HELLO_B; - /* number of bytes to write */ - s->init_num=p-buf; - s->init_off=0; - } - - /* SSL3_ST_CW_CLNT_HELLO_B */ - return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); - } - -static int ssl3_send_server_done(SSL *s) - { - unsigned char *p; - - if (s->state == SSL3_ST_SW_SRVR_DONE_A) - { - p=(unsigned char *)s->init_buf->data; - - /* do the header */ - *(p++)=SSL3_MT_SERVER_DONE; - *(p++)=0; - *(p++)=0; - *(p++)=0; - - s->state=SSL3_ST_SW_SRVR_DONE_B; - /* number of bytes to write */ - s->init_num=4; - s->init_off=0; - } - - /* SSL3_ST_CW_CLNT_HELLO_B */ - return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); - } - -static int ssl3_send_server_key_exchange(SSL *s) - { -#ifndef OPENSSL_NO_RSA - unsigned char *q; - int j,num; - RSA *rsa; - unsigned char md_buf[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; - unsigned int u; -#endif -#ifndef OPENSSL_NO_DH - DH *dh=NULL,*dhp; -#endif - EVP_PKEY *pkey; - unsigned char *p,*d; - int al,i; - unsigned long type; - int n; - CERT *cert; - BIGNUM *r[4]; - int nr[4],kn; - BUF_MEM *buf; - EVP_MD_CTX md_ctx; - - EVP_MD_CTX_init(&md_ctx); - if (s->state == SSL3_ST_SW_KEY_EXCH_A) - { - type=s->s3->tmp.new_cipher->algorithms & SSL_MKEY_MASK; - cert=s->cert; - - buf=s->init_buf; - - r[0]=r[1]=r[2]=r[3]=NULL; - n=0; -#ifndef OPENSSL_NO_RSA - if (type & SSL_kRSA) - { - rsa=cert->rsa_tmp; - if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL)) - { - rsa=s->cert->rsa_tmp_cb(s, - SSL_C_IS_EXPORT(s->s3->tmp.new_cipher), - SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)); - if(rsa == NULL) - { - al=SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_ERROR_GENERATING_TMP_RSA_KEY); - goto f_err; - } - RSA_up_ref(rsa); - cert->rsa_tmp=rsa; - } - if (rsa == NULL) - { - al=SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_KEY); - goto f_err; - } - r[0]=rsa->n; - r[1]=rsa->e; - s->s3->tmp.use_rsa_tmp=1; - } - else -#endif -#ifndef OPENSSL_NO_DH - if (type & SSL_kEDH) - { - dhp=cert->dh_tmp; - if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL)) - dhp=s->cert->dh_tmp_cb(s, - SSL_C_IS_EXPORT(s->s3->tmp.new_cipher), - SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)); - if (dhp == NULL) - { - al=SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY); - goto f_err; - } - - if (s->s3->tmp.dh != NULL) - { - DH_free(dh); - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); - goto err; - } - - if ((dh=DHparams_dup(dhp)) == NULL) - { - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB); - goto err; - } - - s->s3->tmp.dh=dh; - if ((dhp->pub_key == NULL || - dhp->priv_key == NULL || - (s->options & SSL_OP_SINGLE_DH_USE))) - { - if(!DH_generate_key(dh)) - { - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, - ERR_R_DH_LIB); - goto err; - } - } - else - { - dh->pub_key=BN_dup(dhp->pub_key); - dh->priv_key=BN_dup(dhp->priv_key); - if ((dh->pub_key == NULL) || - (dh->priv_key == NULL)) - { - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB); - goto err; - } - } - r[0]=dh->p; - r[1]=dh->g; - r[2]=dh->pub_key; - } - else -#endif - { - al=SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE); - goto f_err; - } - for (i=0; r[i] != NULL; i++) - { - nr[i]=BN_num_bytes(r[i]); - n+=2+nr[i]; - } - - if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL)) - { - if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher)) - == NULL) - { - al=SSL_AD_DECODE_ERROR; - goto f_err; - } - kn=EVP_PKEY_size(pkey); - } - else - { - pkey=NULL; - kn=0; - } - - if (!BUF_MEM_grow(buf,n+4+kn)) - { - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_BUF); - goto err; - } - d=(unsigned char *)s->init_buf->data; - p= &(d[4]); - - for (i=0; r[i] != NULL; i++) - { - s2n(nr[i],p); - BN_bn2bin(r[i],p); - p+=nr[i]; - } - - /* not anonymous */ - if (pkey != NULL) - { - /* n is the length of the params, they start at &(d[4]) - * and p points to the space at the end. */ -#ifndef OPENSSL_NO_RSA - if (pkey->type == EVP_PKEY_RSA) - { - q=md_buf; - j=0; - for (num=2; num > 0; num--) - { - EVP_DigestInit_ex(&md_ctx,(num == 2) - ?s->ctx->md5:s->ctx->sha1, NULL); - EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); - EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); - EVP_DigestUpdate(&md_ctx,&(d[4]),n); - EVP_DigestFinal_ex(&md_ctx,q, - (unsigned int *)&i); - q+=i; - j+=i; - } - if (RSA_sign(NID_md5_sha1, md_buf, j, - &(p[2]), &u, pkey->pkey.rsa) <= 0) - { - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_RSA); - goto err; - } - s2n(u,p); - n+=u+2; - } - else -#endif -#if !defined(OPENSSL_NO_DSA) - if (pkey->type == EVP_PKEY_DSA) - { - /* lets do DSS */ - EVP_SignInit_ex(&md_ctx,EVP_dss1(), NULL); - EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); - EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); - EVP_SignUpdate(&md_ctx,&(d[4]),n); - if (!EVP_SignFinal(&md_ctx,&(p[2]), - (unsigned int *)&i,pkey)) - { - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_DSA); - goto err; - } - s2n(i,p); - n+=i+2; - } - else -#endif - { - /* Is this error check actually needed? */ - al=SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_PKEY_TYPE); - goto f_err; - } - } - - *(d++)=SSL3_MT_SERVER_KEY_EXCHANGE; - l2n3(n,d); - - /* we should now have things packed up, so lets send - * it off */ - s->init_num=n+4; - s->init_off=0; - } - - s->state = SSL3_ST_SW_KEY_EXCH_B; - EVP_MD_CTX_cleanup(&md_ctx); - return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); -f_err: - ssl3_send_alert(s,SSL3_AL_FATAL,al); -err: - EVP_MD_CTX_cleanup(&md_ctx); - return(-1); - } - -static int ssl3_send_certificate_request(SSL *s) - { - unsigned char *p,*d; - int i,j,nl,off,n; - STACK_OF(X509_NAME) *sk=NULL; - X509_NAME *name; - BUF_MEM *buf; - - if (s->state == SSL3_ST_SW_CERT_REQ_A) - { - buf=s->init_buf; - - d=p=(unsigned char *)&(buf->data[4]); - - /* get the list of acceptable cert types */ - p++; - n=ssl3_get_req_cert_type(s,p); - d[0]=n; - p+=n; - n++; - - off=n; - p+=2; - n+=2; - - sk=SSL_get_client_CA_list(s); - nl=0; - if (sk != NULL) - { - for (i=0; idata[4+n]); - if (!(s->options & SSL_OP_NETSCAPE_CA_DN_BUG)) - { - s2n(j,p); - i2d_X509_NAME(name,&p); - n+=2+j; - nl+=2+j; - } - else - { - d=p; - i2d_X509_NAME(name,&p); - j-=2; s2n(j,d); j+=2; - n+=j; - nl+=j; - } - } - } - /* else no CA names */ - p=(unsigned char *)&(buf->data[4+off]); - s2n(nl,p); - - d=(unsigned char *)buf->data; - *(d++)=SSL3_MT_CERTIFICATE_REQUEST; - l2n3(n,d); - - /* we should now have things packed up, so lets send - * it off */ - - s->init_num=n+4; - s->init_off=0; -#ifdef NETSCAPE_HANG_BUG - p=(unsigned char *)s->init_buf->data + s->init_num; - - /* do the header */ - *(p++)=SSL3_MT_SERVER_DONE; - *(p++)=0; - *(p++)=0; - *(p++)=0; - s->init_num += 4; -#endif - - } - - /* SSL3_ST_SW_CERT_REQ_B */ - return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); -err: - return(-1); - } - -static int ssl3_get_client_key_exchange(SSL *s) - { - int i,al,ok; - long n; - unsigned long l; - unsigned char *p; -#ifndef OPENSSL_NO_RSA - RSA *rsa=NULL; - EVP_PKEY *pkey=NULL; -#endif -#ifndef OPENSSL_NO_DH - BIGNUM *pub=NULL; - DH *dh_srvr; -#endif -#ifndef OPENSSL_NO_KRB5 - KSSL_ERR kssl_err; -#endif /* OPENSSL_NO_KRB5 */ - - n=ssl3_get_message(s, - SSL3_ST_SR_KEY_EXCH_A, - SSL3_ST_SR_KEY_EXCH_B, - SSL3_MT_CLIENT_KEY_EXCHANGE, - 2048, /* ??? */ - &ok); - - if (!ok) return((int)n); - p=(unsigned char *)s->init_msg; - - l=s->s3->tmp.new_cipher->algorithms; - -#ifndef OPENSSL_NO_RSA - if (l & SSL_kRSA) - { - /* FIX THIS UP EAY EAY EAY EAY */ - if (s->s3->tmp.use_rsa_tmp) - { - if ((s->cert != NULL) && (s->cert->rsa_tmp != NULL)) - rsa=s->cert->rsa_tmp; - /* Don't do a callback because rsa_tmp should - * be sent already */ - if (rsa == NULL) - { - al=SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_RSA_PKEY); - goto f_err; - - } - } - else - { - pkey=s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey; - if ( (pkey == NULL) || - (pkey->type != EVP_PKEY_RSA) || - (pkey->pkey.rsa == NULL)) - { - al=SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_RSA_CERTIFICATE); - goto f_err; - } - rsa=pkey->pkey.rsa; - } - - /* TLS */ - if (s->version > SSL3_VERSION) - { - n2s(p,i); - if (n != i+2) - { - if (!(s->options & SSL_OP_TLS_D5_BUG)) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG); - goto err; - } - else - p-=2; - } - else - n=i; - } - - i=RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING); - - al = -1; - - if (i != SSL_MAX_MASTER_KEY_LENGTH) - { - al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); - } - - if ((al == -1) && !((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff)))) - { - /* The premaster secret must contain the same version number as the - * ClientHello to detect version rollback attacks (strangely, the - * protocol does not offer such protection for DH ciphersuites). - * However, buggy clients exist that send the negotiated protocol - * version instead if the server does not support the requested - * protocol version. - * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients. */ - if (!((s->options & SSL_OP_TLS_ROLLBACK_BUG) && - (p[0] == (s->version>>8)) && (p[1] == (s->version & 0xff)))) - { - al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); - goto f_err; - } - } - - if (al != -1) - { -#if 0 - goto f_err; -#else - /* Some decryption failure -- use random value instead as countermeasure - * against Bleichenbacher's attack on PKCS #1 v1.5 RSA padding - * (see RFC 2246, section 7.4.7.1). - * But note that due to length and protocol version checking, the - * attack is impractical anyway (see section 5 in D. Bleichenbacher: - * "Chosen Ciphertext Attacks Against Protocols Based on the RSA - * Encryption Standard PKCS #1", CRYPTO '98, LNCS 1462, pp. 1-12). - */ - ERR_clear_error(); - i = SSL_MAX_MASTER_KEY_LENGTH; - p[0] = s->client_version >> 8; - p[1] = s->client_version & 0xff; - RAND_pseudo_bytes(p+2, i-2); /* should be RAND_bytes, but we cannot work around a failure */ -#endif - } - - s->session->master_key_length= - s->method->ssl3_enc->generate_master_secret(s, - s->session->master_key, - p,i); - memset(p,0,i); - } - else -#endif -#ifndef OPENSSL_NO_DH - if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) - { - n2s(p,i); - if (n != i+2) - { - if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG)) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG); - goto err; - } - else - { - p-=2; - i=(int)n; - } - } - - if (n == 0L) /* the parameters are in the cert */ - { - al=SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_UNABLE_TO_DECODE_DH_CERTS); - goto f_err; - } - else - { - if (s->s3->tmp.dh == NULL) - { - al=SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY); - goto f_err; - } - else - dh_srvr=s->s3->tmp.dh; - } - - pub=BN_bin2bn(p,i,NULL); - if (pub == NULL) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BN_LIB); - goto err; - } - - i=DH_compute_key(p,pub,dh_srvr); - - if (i <= 0) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,ERR_R_DH_LIB); - goto err; - } - - DH_free(s->s3->tmp.dh); - s->s3->tmp.dh=NULL; - - BN_clear_free(pub); - pub=NULL; - s->session->master_key_length= - s->method->ssl3_enc->generate_master_secret(s, - s->session->master_key,p,i); - memset(p,0,i); - } - else -#endif -#ifndef OPENSSL_NO_KRB5 - if (l & SSL_kKRB5) - { - krb5_error_code krb5rc; - krb5_data enc_ticket; - krb5_data authenticator; - krb5_data enc_pms; - KSSL_CTX *kssl_ctx = s->kssl_ctx; - EVP_CIPHER_CTX ciph_ctx; - EVP_CIPHER *enc = NULL; - unsigned char iv[EVP_MAX_IV_LENGTH]; - unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH - + EVP_MAX_BLOCK_LENGTH]; - int padl, outl; - krb5_timestamp authtime = 0; - krb5_ticket_times ttimes; - - EVP_CIPHER_CTX_init(&ciph_ctx); - - if (!kssl_ctx) kssl_ctx = kssl_ctx_new(); - - n2s(p,i); - enc_ticket.length = i; - enc_ticket.data = (char *)p; - p+=enc_ticket.length; - - n2s(p,i); - authenticator.length = i; - authenticator.data = (char *)p; - p+=authenticator.length; - - n2s(p,i); - enc_pms.length = i; - enc_pms.data = (char *)p; - p+=enc_pms.length; - - /* Note that the length is checked again below, - ** after decryption - */ - if(enc_pms.length > sizeof pms) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_DATA_LENGTH_TOO_LONG); - goto err; - } - - if (n != enc_ticket.length + authenticator.length + - enc_pms.length + 6) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_DATA_LENGTH_TOO_LONG); - goto err; - } - - if ((krb5rc = kssl_sget_tkt(kssl_ctx, &enc_ticket, &ttimes, - &kssl_err)) != 0) - { -#ifdef KSSL_DEBUG - printf("kssl_sget_tkt rtn %d [%d]\n", - krb5rc, kssl_err.reason); - if (kssl_err.text) - printf("kssl_err text= %s\n", kssl_err.text); -#endif /* KSSL_DEBUG */ - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - kssl_err.reason); - goto err; - } - - /* Note: no authenticator is not considered an error, - ** but will return authtime == 0. - */ - if ((krb5rc = kssl_check_authent(kssl_ctx, &authenticator, - &authtime, &kssl_err)) != 0) - { -#ifdef KSSL_DEBUG - printf("kssl_check_authent rtn %d [%d]\n", - krb5rc, kssl_err.reason); - if (kssl_err.text) - printf("kssl_err text= %s\n", kssl_err.text); -#endif /* KSSL_DEBUG */ - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - kssl_err.reason); - goto err; - } - - if ((krb5rc = kssl_validate_times(authtime, &ttimes)) != 0) - { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, krb5rc); - goto err; - } - -#ifdef KSSL_DEBUG - kssl_ctx_show(kssl_ctx); -#endif /* KSSL_DEBUG */ - - enc = kssl_map_enc(kssl_ctx->enctype); - if (enc == NULL) - goto err; - - memset(iv, 0, EVP_MAX_IV_LENGTH); /* per RFC 1510 */ - - if (!EVP_DecryptInit_ex(&ciph_ctx,enc,NULL,kssl_ctx->key,iv)) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_DECRYPTION_FAILED); - goto err; - } - if (!EVP_DecryptUpdate(&ciph_ctx, pms,&outl, - (unsigned char *)enc_pms.data, enc_pms.length)) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_DECRYPTION_FAILED); - goto err; - } - if (outl > SSL_MAX_MASTER_KEY_LENGTH) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_DATA_LENGTH_TOO_LONG); - goto err; - } - if (!EVP_DecryptFinal_ex(&ciph_ctx,&(pms[outl]),&padl)) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_DECRYPTION_FAILED); - goto err; - } - outl += padl; - if (outl > SSL_MAX_MASTER_KEY_LENGTH) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_DATA_LENGTH_TOO_LONG); - goto err; - } - EVP_CIPHER_CTX_cleanup(&ciph_ctx); - - s->session->master_key_length= - s->method->ssl3_enc->generate_master_secret(s, - s->session->master_key, pms, outl); - - if (kssl_ctx->client_princ) - { - int len = strlen(kssl_ctx->client_princ); - if ( len < SSL_MAX_KRB5_PRINCIPAL_LENGTH ) - { - s->session->krb5_client_princ_len = len; - memcpy(s->session->krb5_client_princ,kssl_ctx->client_princ,len); - } - } - - - /* Was doing kssl_ctx_free() here, - ** but it caused problems for apache. - ** kssl_ctx = kssl_ctx_free(kssl_ctx); - ** if (s->kssl_ctx) s->kssl_ctx = NULL; - */ - } - else -#endif /* OPENSSL_NO_KRB5 */ - { - al=SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_UNKNOWN_CIPHER_TYPE); - goto f_err; - } - - return(1); -f_err: - ssl3_send_alert(s,SSL3_AL_FATAL,al); -#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA) -err: -#endif - return(-1); - } - -static int ssl3_get_cert_verify(SSL *s) - { - EVP_PKEY *pkey=NULL; - unsigned char *p; - int al,ok,ret=0; - long n; - int type=0,i,j; - X509 *peer; - - n=ssl3_get_message(s, - SSL3_ST_SR_CERT_VRFY_A, - SSL3_ST_SR_CERT_VRFY_B, - -1, - 512, /* 512? */ - &ok); - - if (!ok) return((int)n); - - if (s->session->peer != NULL) - { - peer=s->session->peer; - pkey=X509_get_pubkey(peer); - type=X509_certificate_type(peer,pkey); - } - else - { - peer=NULL; - pkey=NULL; - } - - if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY) - { - s->s3->tmp.reuse_message=1; - if ((peer != NULL) && (type | EVP_PKT_SIGN)) - { - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_MISSING_VERIFY_MESSAGE); - goto f_err; - } - ret=1; - goto end; - } - - if (peer == NULL) - { - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_NO_CLIENT_CERT_RECEIVED); - al=SSL_AD_UNEXPECTED_MESSAGE; - goto f_err; - } - - if (!(type & EVP_PKT_SIGN)) - { - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE); - al=SSL_AD_ILLEGAL_PARAMETER; - goto f_err; - } - - if (s->s3->change_cipher_spec) - { - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY); - al=SSL_AD_UNEXPECTED_MESSAGE; - goto f_err; - } - - /* we now have a signature that we need to verify */ - p=(unsigned char *)s->init_msg; - n2s(p,i); - n-=2; - if (i > n) - { - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_LENGTH_MISMATCH); - al=SSL_AD_DECODE_ERROR; - goto f_err; - } - - j=EVP_PKEY_size(pkey); - if ((i > j) || (n > j) || (n <= 0)) - { - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_WRONG_SIGNATURE_SIZE); - al=SSL_AD_DECODE_ERROR; - goto f_err; - } - -#ifndef OPENSSL_NO_RSA - if (pkey->type == EVP_PKEY_RSA) - { - i=RSA_verify(NID_md5_sha1, s->s3->tmp.cert_verify_md, - MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, p, i, - pkey->pkey.rsa); - if (i < 0) - { - al=SSL_AD_DECRYPT_ERROR; - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_DECRYPT); - goto f_err; - } - if (i == 0) - { - al=SSL_AD_DECRYPT_ERROR; - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_SIGNATURE); - goto f_err; - } - } - else -#endif -#ifndef OPENSSL_NO_DSA - if (pkey->type == EVP_PKEY_DSA) - { - j=DSA_verify(pkey->save_type, - &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]), - SHA_DIGEST_LENGTH,p,i,pkey->pkey.dsa); - if (j <= 0) - { - /* bad signature */ - al=SSL_AD_DECRYPT_ERROR; - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_DSA_SIGNATURE); - goto f_err; - } - } - else -#endif - { - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,ERR_R_INTERNAL_ERROR); - al=SSL_AD_UNSUPPORTED_CERTIFICATE; - goto f_err; - } - - - ret=1; - if (0) - { -f_err: - ssl3_send_alert(s,SSL3_AL_FATAL,al); - } -end: - EVP_PKEY_free(pkey); - return(ret); - } - -static int ssl3_get_client_certificate(SSL *s) - { - int i,ok,al,ret= -1; - X509 *x=NULL; - unsigned long l,nc,llen,n; - unsigned char *p,*d,*q; - STACK_OF(X509) *sk=NULL; - - n=ssl3_get_message(s, - SSL3_ST_SR_CERT_A, - SSL3_ST_SR_CERT_B, - -1, - s->max_cert_list, - &ok); - - if (!ok) return((int)n); - - if (s->s3->tmp.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) - { - if ( (s->verify_mode & SSL_VERIFY_PEER) && - (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); - al=SSL_AD_HANDSHAKE_FAILURE; - goto f_err; - } - /* If tls asked for a client cert, the client must return a 0 list */ - if ((s->version > SSL3_VERSION) && s->s3->tmp.cert_request) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST); - al=SSL_AD_UNEXPECTED_MESSAGE; - goto f_err; - } - s->s3->tmp.reuse_message=1; - return(1); - } - - if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE) - { - al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_WRONG_MESSAGE_TYPE); - goto f_err; - } - d=p=(unsigned char *)s->init_msg; - - if ((sk=sk_X509_new_null()) == NULL) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE); - goto err; - } - - n2l3(p,llen); - if (llen+3 != n) - { - al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_LENGTH_MISMATCH); - goto f_err; - } - for (nc=0; nc llen) - { - al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH); - goto f_err; - } - - q=p; - x=d2i_X509(NULL,&p,l); - if (x == NULL) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_ASN1_LIB); - goto err; - } - if (p != (q+l)) - { - al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH); - goto f_err; - } - if (!sk_X509_push(sk,x)) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE); - goto err; - } - x=NULL; - nc+=l+3; - } - - if (sk_X509_num(sk) <= 0) - { - /* TLS does not mind 0 certs returned */ - if (s->version == SSL3_VERSION) - { - al=SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATES_RETURNED); - goto f_err; - } - /* Fail for TLS only if we required a certificate */ - else if ((s->verify_mode & SSL_VERIFY_PEER) && - (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE); - al=SSL_AD_HANDSHAKE_FAILURE; - goto f_err; - } - } - else - { - i=ssl_verify_cert_chain(s,sk); - if (!i) - { - al=ssl_verify_alarm_type(s->verify_result); - SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATE_RETURNED); - goto f_err; - } - } - - if (s->session->peer != NULL) /* This should not be needed */ - X509_free(s->session->peer); - s->session->peer=sk_X509_shift(sk); - s->session->verify_result = s->verify_result; - - /* With the current implementation, sess_cert will always be NULL - * when we arrive here. */ - if (s->session->sess_cert == NULL) - { - s->session->sess_cert = ssl_sess_cert_new(); - if (s->session->sess_cert == NULL) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, ERR_R_MALLOC_FAILURE); - goto err; - } - } - if (s->session->sess_cert->cert_chain != NULL) - sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free); - s->session->sess_cert->cert_chain=sk; - /* Inconsistency alert: cert_chain does *not* include the - * peer's own certificate, while we do include it in s3_clnt.c */ - - sk=NULL; - - ret=1; - if (0) - { -f_err: - ssl3_send_alert(s,SSL3_AL_FATAL,al); - } -err: - if (x != NULL) X509_free(x); - if (sk != NULL) sk_X509_pop_free(sk,X509_free); - return(ret); - } - -int ssl3_send_server_certificate(SSL *s) - { - unsigned long l; - X509 *x; - - if (s->state == SSL3_ST_SW_CERT_A) - { - x=ssl_get_server_send_cert(s); - if (x == NULL && - /* VRS: allow null cert if auth == KRB5 */ - (s->s3->tmp.new_cipher->algorithms - & (SSL_MKEY_MASK|SSL_AUTH_MASK)) - != (SSL_aKRB5|SSL_kKRB5)) - { - SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR); - return(0); - } - - l=ssl3_output_cert_chain(s,x); - s->state=SSL3_ST_SW_CERT_B; - s->init_num=(int)l; - s->init_off=0; - } - - /* SSL3_ST_SW_CERT_B */ - return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); - } diff --git a/src/lib/libssl/shlib_version b/src/lib/libssl/shlib_version index 9c1551636c5..71b82a4cf5e 100644 --- a/src/lib/libssl/shlib_version +++ b/src/lib/libssl/shlib_version @@ -1,2 +1,3 @@ -major=6 -minor=0 +# Don't forget to give libtls the same type of bump! +major=47 +minor=4 diff --git a/src/lib/libssl/src/CHANGES b/src/lib/libssl/src/CHANGES deleted file mode 100644 index 64c33c70489..00000000000 --- a/src/lib/libssl/src/CHANGES +++ /dev/null @@ -1,5933 +0,0 @@ - - OpenSSL CHANGES - _______________ - - Changes between 0.9.6d and 0.9.7 [XX xxx 2002] - - *) Add AES modes CFB and OFB to the object database. Correct an - error in AES-CFB decryption. - [Richard Levitte] - - *) Remove most calls to EVP_CIPHER_CTX_cleanup() in evp_enc.c, this - allows existing EVP_CIPHER_CTX structures to be reused after - calling EVP_*Final(). This behaviour is used by encryption - BIOs and some applications. This has the side effect that - applications must explicitly clean up cipher contexts with - EVP_CIPHER_CTX_cleanup() or they will leak memory. - [Steve Henson] - - *) Check the values of dna and dnb in bn_mul_recursive before calling - bn_mul_comba (a non zero value means the a or b arrays do not contain - n2 elements) and fallback to bn_mul_normal if either is not zero. - [Steve Henson] - - *) Fix escaping of non-ASCII characters when using the -subj option - of the "openssl req" command line tool. (Robert Joop ) - [Lutz Jaenicke] - - *) Make object definitions compliant to LDAP (RFC2256): SN is the short - form for "surname", serialNumber has no short form. - Use "mail" as the short name for "rfc822Mailbox" according to RFC2798; - therefore remove "mail" short name for "internet 7". - Some more OID additions. (Michael Bell ) - [Lutz Jaenicke] - - *) Add an "init" command to the ENGINE config module and auto initialize - ENGINEs. Without any "init" command the ENGINE will be initialized - after all ctrl commands have been executed on it. If init=1 the - ENGINE is initailized at that point (ctrls before that point are run - on the uninitialized ENGINE and after on the initialized one). If - init=0 then the ENGINE will not be iniatialized at all. - [Steve Henson] - - *) Fix the 'app_verify_callback' interface so that the user-defined - argument is actually passed to the callback: In the - SSL_CTX_set_cert_verify_callback() prototype, the callback - declaration has been changed from - int (*cb)() - into - int (*cb)(X509_STORE_CTX *,void *); - in ssl_verify_cert_chain (ssl/ssl_cert.c), the call - i=s->ctx->app_verify_callback(&ctx) - has been changed into - i=s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg). - - To update applications using SSL_CTX_set_cert_verify_callback(), - a dummy argument can be added to their callback functions. - [D. K. Smetters ] - - *) Added the '4758cca' ENGINE to support IBM 4758 cards. - [Maurice Gittens , touchups by Geoff Thorpe] - - *) Add and OPENSSL_LOAD_CONF define which will cause - OpenSSL_add_all_algorithms() to load the openssl.cnf config file. - This allows older applications to transparently support certain - OpenSSL features: such as crypto acceleration and dynamic ENGINE loading. - Two new functions OPENSSL_add_all_algorithms_noconf() which will never - load the config file and OPENSSL_add_all_algorithms_conf() which will - always load it have also been added. - [Steve Henson] - - *) Add the OFB, CFB and CTR (all with 128 bit feedback) to AES. - Adjust NIDs and EVP layer. - [Stephen Sprunk and Richard Levitte] - - *) Config modules support in openssl utility. - - Most commands now load modules from the config file, - though in a few (such as version) this isn't done - because it couldn't be used for anything. - - In the case of ca and req the config file used is - the same as the utility itself: that is the -config - command line option can be used to specify an - alternative file. - [Steve Henson] - - *) Move default behaviour from OPENSSL_config(). If appname is NULL - use "openssl_conf" if filename is NULL use default openssl config file. - [Steve Henson] - - *) Add an argument to OPENSSL_config() to allow the use of an alternative - config section name. Add a new flag to tolerate a missing config file - and move code to CONF_modules_load_file(). - [Steve Henson] - - *) Support for crypto accelerator cards from Accelerated Encryption - Processing, www.aep.ie. (Use engine 'aep') - The support was copied from 0.9.6c [engine] and adapted/corrected - to work with the new engine framework. - [AEP Inc. and Richard Levitte] - - *) Support for SureWare crypto accelerator cards from Baltimore - Technologies. (Use engine 'sureware') - The support was copied from 0.9.6c [engine] and adapted - to work with the new engine framework. - [Richard Levitte] - - *) Have the CHIL engine fork-safe (as defined by nCipher) and actually - make the newer ENGINE framework commands for the CHIL engine work. - [Toomas Kiisk and Richard Levitte] - - *) Make it possible to produce shared libraries on ReliantUNIX. - [Robert Dahlem via Richard Levitte] - - *) Add the configuration target debug-linux-ppro. - Make 'openssl rsa' use the general key loading routines - implemented in apps.c, and make those routines able to - handle the key format FORMAT_NETSCAPE and the variant - FORMAT_IISSGC. - [Toomas Kiisk via Richard Levitte] - - *) Fix a crashbug and a logic bug in hwcrhk_load_pubkey(). - [Toomas Kiisk via Richard Levitte] - - *) Add -keyform to rsautl, and document -engine. - [Richard Levitte, inspired by Toomas Kiisk ] - - *) Change BIO_new_file (crypto/bio/bss_file.c) to use new - BIO_R_NO_SUCH_FILE error code rather than the generic - ERR_R_SYS_LIB error code if fopen() fails with ENOENT. - [Ben Laurie] - - *) Add new functions - ERR_peek_last_error - ERR_peek_last_error_line - ERR_peek_last_error_line_data. - These are similar to - ERR_peek_error - ERR_peek_error_line - ERR_peek_error_line_data, - but report on the latest error recorded rather than the first one - still in the error queue. - [Ben Laurie, Bodo Moeller] - - *) default_algorithms option in ENGINE config module. This allows things - like: - default_algorithms = ALL - default_algorithms = RSA, DSA, RAND, CIPHERS, DIGESTS - [Steve Henson] - - *) Prelminary ENGINE config module. - [Steve Henson] - - *) New experimental application configuration code. - [Steve Henson] - - *) Change the AES code to follow the same name structure as all other - symmetric ciphers, and behave the same way. Move everything to - the directory crypto/aes, thereby obsoleting crypto/rijndael. - [Stephen Sprunk and Richard Levitte] - - *) SECURITY: remove unsafe setjmp/signal interaction from ui_openssl.c. - [Ben Laurie and Theo de Raadt] - - *) Add option to output public keys in req command. - [Massimiliano Pala madwolf@openca.org] - - *) Use wNAFs in EC_POINTs_mul() for improved efficiency - (up to about 10% better than before for P-192 and P-224). - [Bodo Moeller] - - *) New functions/macros - - SSL_CTX_set_msg_callback(ctx, cb) - SSL_CTX_set_msg_callback_arg(ctx, arg) - SSL_set_msg_callback(ssl, cb) - SSL_set_msg_callback_arg(ssl, arg) - - to request calling a callback function - - void cb(int write_p, int version, int content_type, - const void *buf, size_t len, SSL *ssl, void *arg) - - whenever a protocol message has been completely received - (write_p == 0) or sent (write_p == 1). Here 'version' is the - protocol version according to which the SSL library interprets - the current protocol message (SSL2_VERSION, SSL3_VERSION, or - TLS1_VERSION). 'content_type' is 0 in the case of SSL 2.0, or - the content type as defined in the SSL 3.0/TLS 1.0 protocol - specification (change_cipher_spec(20), alert(21), handshake(22)). - 'buf' and 'len' point to the actual message, 'ssl' to the - SSL object, and 'arg' is the application-defined value set by - SSL[_CTX]_set_msg_callback_arg(). - - 'openssl s_client' and 'openssl s_server' have new '-msg' options - to enable a callback that displays all protocol messages. - [Bodo Moeller] - - *) Change the shared library support so shared libraries are built as - soon as the corresponding static library is finished, and thereby get - openssl and the test programs linked against the shared library. - This still only happens when the keyword "shard" has been given to - the configuration scripts. - - NOTE: shared library support is still an experimental thing, and - backward binary compatibility is still not guaranteed. - ["Maciej W. Rozycki" and Richard Levitte] - - *) Add support for Subject Information Access extension. - [Peter Sylvester ] - - *) Make BUF_MEM_grow() behaviour more consistent: Initialise to zero - additional bytes when new memory had to be allocated, not just - when reusing an existing buffer. - [Bodo Moeller] - - *) New command line and configuration option 'utf8' for the req command. - This allows field values to be specified as UTF8 strings. - [Steve Henson] - - *) Add -multi and -mr options to "openssl speed" - giving multiple parallel - runs for the former and machine-readable output for the latter. - [Ben Laurie] - - *) Add '-noemailDN' option to 'openssl ca'. This prevents inclusion - of the e-mail address in the DN (i.e., it will go into a certificate - extension only). The new configuration file option 'email_in_dn = no' - has the same effect. - [Massimiliano Pala madwolf@openca.org] - - *) Change all functions with names starting with des_ to be starting - with DES_ instead. Add wrappers that are compatible with libdes, - but are named _ossl_old_des_*. Finally, add macros that map the - des_* symbols to the corresponding _ossl_old_des_* if libdes - compatibility is desired. If OpenSSL 0.9.6c compatibility is - desired, the des_* symbols will be mapped to DES_*, with one - exception. - - Since we provide two compatibility mappings, the user needs to - define the macro OPENSSL_DES_LIBDES_COMPATIBILITY if libdes - compatibility is desired. The default (i.e., when that macro - isn't defined) is OpenSSL 0.9.6c compatibility. - - There are also macros that enable and disable the support of old - des functions altogether. Those are OPENSSL_ENABLE_OLD_DES_SUPPORT - and OPENSSL_DISABLE_OLD_DES_SUPPORT. If none or both of those - are defined, the default will apply: to support the old des routines. - - In either case, one must include openssl/des.h to get the correct - definitions. Do not try to just include openssl/des_old.h, that - won't work. - - NOTE: This is a major break of an old API into a new one. Software - authors are encouraged to switch to the DES_ style functions. Some - time in the future, des_old.h and the libdes compatibility functions - will be disable (i.e. OPENSSL_DISABLE_OLD_DES_SUPPORT will be the - default), and then completely removed. - [Richard Levitte] - - *) Test for certificates which contain unsupported critical extensions. - If such a certificate is found during a verify operation it is - rejected by default: this behaviour can be overridden by either - handling the new error X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION or - by setting the verify flag X509_V_FLAG_IGNORE_CRITICAL. A new function - X509_supported_extension() has also been added which returns 1 if a - particular extension is supported. - [Steve Henson] - - *) Modify the behaviour of EVP cipher functions in similar way to digests - to retain compatibility with existing code. - [Steve Henson] - - *) Modify the behaviour of EVP_DigestInit() and EVP_DigestFinal() to retain - compatibility with existing code. In particular the 'ctx' parameter does - not have to be to be initialized before the call to EVP_DigestInit() and - it is tidied up after a call to EVP_DigestFinal(). New function - EVP_DigestFinal_ex() which does not tidy up the ctx. Similarly function - EVP_MD_CTX_copy() changed to not require the destination to be - initialized valid and new function EVP_MD_CTX_copy_ex() added which - requires the destination to be valid. - - Modify all the OpenSSL digest calls to use EVP_DigestInit_ex(), - EVP_DigestFinal_ex() and EVP_MD_CTX_copy_ex(). - [Steve Henson] - - *) Change ssl3_get_message (ssl/s3_both.c) and the functions using it - so that complete 'Handshake' protocol structures are kept in memory - instead of overwriting 'msg_type' and 'length' with 'body' data. - [Bodo Moeller] - - *) Add an implementation of SSL_add_dir_cert_subjects_to_stack for Win32. - [Massimo Santin via Richard Levitte] - - *) Major restructuring to the underlying ENGINE code. This includes - reduction of linker bloat, separation of pure "ENGINE" manipulation - (initialisation, etc) from functionality dealing with implementations - of specific crypto iterfaces. This change also introduces integrated - support for symmetric ciphers and digest implementations - so ENGINEs - can now accelerate these by providing EVP_CIPHER and EVP_MD - implementations of their own. This is detailed in crypto/engine/README - as it couldn't be adequately described here. However, there are a few - API changes worth noting - some RSA, DSA, DH, and RAND functions that - were changed in the original introduction of ENGINE code have now - reverted back - the hooking from this code to ENGINE is now a good - deal more passive and at run-time, operations deal directly with - RSA_METHODs, DSA_METHODs (etc) as they did before, rather than - dereferencing through an ENGINE pointer any more. Also, the ENGINE - functions dealing with BN_MOD_EXP[_CRT] handlers have been removed - - they were not being used by the framework as there is no concept of a - BIGNUM_METHOD and they could not be generalised to the new - 'ENGINE_TABLE' mechanism that underlies the new code. Similarly, - ENGINE_cpy() has been removed as it cannot be consistently defined in - the new code. - [Geoff Thorpe] - - *) Change ASN1_GENERALIZEDTIME_check() to allow fractional seconds. - [Steve Henson] - - *) Change mkdef.pl to sort symbols that get the same entry number, - and make sure the automatically generated functions ERR_load_* - become part of libeay.num as well. - [Richard Levitte] - - *) New function SSL_renegotiate_pending(). This returns true once - renegotiation has been requested (either SSL_renegotiate() call - or HelloRequest/ClientHello receveived from the peer) and becomes - false once a handshake has been completed. - (For servers, SSL_renegotiate() followed by SSL_do_handshake() - sends a HelloRequest, but does not ensure that a handshake takes - place. SSL_renegotiate_pending() is useful for checking if the - client has followed the request.) - [Bodo Moeller] - - *) New SSL option SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION. - By default, clients may request session resumption even during - renegotiation (if session ID contexts permit); with this option, - session resumption is possible only in the first handshake. - [Bodo Moeller] - - *) Add some demos for certificate and certificate request creation. - [Steve Henson] - - *) Make maximum certificate chain size accepted from the peer application - settable (SSL*_get/set_max_cert_list()), as proposed by - "Douglas E. Engert" . - [Lutz Jaenicke] - - *) Add support for shared libraries for Unixware-7 - (Boyd Lynn Gerber ). - [Lutz Jaenicke] - - *) Add a "destroy" handler to ENGINEs that allows structural cleanup to - be done prior to destruction. Use this to unload error strings from - ENGINEs that load their own error strings. NB: This adds two new API - functions to "get" and "set" this destroy handler in an ENGINE. - [Geoff Thorpe] - - *) Alter all existing ENGINE implementations (except "openssl" and - "openbsd") to dynamically instantiate their own error strings. This - makes them more flexible to be built both as statically-linked ENGINEs - and self-contained shared-libraries loadable via the "dynamic" ENGINE. - Also, add stub code to each that makes building them as self-contained - shared-libraries easier (see README.ENGINE). - [Geoff Thorpe] - - *) Add a "dynamic" ENGINE that provides a mechanism for binding ENGINE - implementations into applications that are completely implemented in - self-contained shared-libraries. The "dynamic" ENGINE exposes control - commands that can be used to configure what shared-library to load and - to control aspects of the way it is handled. Also, made an update to - the README.ENGINE file that brings its information up-to-date and - provides some information and instructions on the "dynamic" ENGINE - (ie. how to use it, how to build "dynamic"-loadable ENGINEs, etc). - [Geoff Thorpe] - - *) Make it possible to unload ranges of ERR strings with a new - "ERR_unload_strings" function. - [Geoff Thorpe] - - *) Add a copy() function to EVP_MD. - [Ben Laurie] - - *) Make EVP_MD routines take a context pointer instead of just the - md_data void pointer. - [Ben Laurie] - - *) Add flags to EVP_MD and EVP_MD_CTX. EVP_MD_FLAG_ONESHOT indicates - that the digest can only process a single chunk of data - (typically because it is provided by a piece of - hardware). EVP_MD_CTX_FLAG_ONESHOT indicates that the application - is only going to provide a single chunk of data, and hence the - framework needn't accumulate the data for oneshot drivers. - [Ben Laurie] - - *) As with "ERR", make it possible to replace the underlying "ex_data" - functions. This change also alters the storage and management of global - ex_data state - it's now all inside ex_data.c and all "class" code (eg. - RSA, BIO, SSL_CTX, etc) no longer stores its own STACKS and per-class - index counters. The API functions that use this state have been changed - to take a "class_index" rather than pointers to the class's local STACK - and counter, and there is now an API function to dynamically create new - classes. This centralisation allows us to (a) plug a lot of the - thread-safety problems that existed, and (b) makes it possible to clean - up all allocated state using "CRYPTO_cleanup_all_ex_data()". W.r.t. (b) - such data would previously have always leaked in application code and - workarounds were in place to make the memory debugging turn a blind eye - to it. Application code that doesn't use this new function will still - leak as before, but their memory debugging output will announce it now - rather than letting it slide. - - Besides the addition of CRYPTO_cleanup_all_ex_data(), another API change - induced by the "ex_data" overhaul is that X509_STORE_CTX_init() now - has a return value to indicate success or failure. - [Geoff Thorpe] - - *) Make it possible to replace the underlying "ERR" functions such that the - global state (2 LHASH tables and 2 locks) is only used by the "default" - implementation. This change also adds two functions to "get" and "set" - the implementation prior to it being automatically set the first time - any other ERR function takes place. Ie. an application can call "get", - pass the return value to a module it has just loaded, and that module - can call its own "set" function using that value. This means the - module's "ERR" operations will use (and modify) the error state in the - application and not in its own statically linked copy of OpenSSL code. - [Geoff Thorpe] - - *) Give DH, DSA, and RSA types their own "**_up_ref()" function to increment - reference counts. This performs normal REF_PRINT/REF_CHECK macros on - the operation, and provides a more encapsulated way for external code - (crypto/evp/ and ssl/) to do this. Also changed the evp and ssl code - to use these functions rather than manually incrementing the counts. - - Also rename "DSO_up()" function to more descriptive "DSO_up_ref()". - [Geoff Thorpe] - - *) Add EVP test program. - [Ben Laurie] - - *) Add symmetric cipher support to ENGINE. Expect the API to change! - [Ben Laurie] - - *) New CRL functions: X509_CRL_set_version(), X509_CRL_set_issuer_name() - X509_CRL_set_lastUpdate(), X509_CRL_set_nextUpdate(), X509_CRL_sort(), - X509_REVOKED_set_serialNumber(), and X509_REVOKED_set_revocationDate(). - These allow a CRL to be built without having to access X509_CRL fields - directly. Modify 'ca' application to use new functions. - [Steve Henson] - - *) Move SSL_OP_TLS_ROLLBACK_BUG out of the SSL_OP_ALL list of recommended - bug workarounds. Rollback attack detection is a security feature. - The problem will only arise on OpenSSL servers when TLSv1 is not - available (sslv3_server_method() or SSL_OP_NO_TLSv1). - Software authors not wanting to support TLSv1 will have special reasons - for their choice and can explicitly enable this option. - [Bodo Moeller, Lutz Jaenicke] - - *) Rationalise EVP so it can be extended: don't include a union of - cipher/digest structures, add init/cleanup functions. This also reduces - the number of header dependencies. - Usage example: - - EVP_MD_CTX md; - - EVP_MD_CTX_init(&md); /* new function call */ - EVP_DigestInit(&md, EVP_sha1()); - EVP_DigestUpdate(&md, in, len); - EVP_DigestFinal(&md, out, NULL); - EVP_MD_CTX_cleanup(&md); /* new function call */ - - [Ben Laurie] - - *) Make DES key schedule conform to the usual scheme, as well as - correcting its structure. This means that calls to DES functions - now have to pass a pointer to a des_key_schedule instead of a - plain des_key_schedule (which was actually always a pointer - anyway): E.g., - - des_key_schedule ks; - - des_set_key_checked(..., &ks); - des_ncbc_encrypt(..., &ks, ...); - - (Note that a later change renames 'des_...' into 'DES_...'.) - [Ben Laurie] - - *) Initial reduction of linker bloat: the use of some functions, such as - PEM causes large amounts of unused functions to be linked in due to - poor organisation. For example pem_all.c contains every PEM function - which has a knock on effect of linking in large amounts of (unused) - ASN1 code. Grouping together similar functions and splitting unrelated - functions prevents this. - [Steve Henson] - - *) Cleanup of EVP macros. - [Ben Laurie] - - *) Change historical references to {NID,SN,LN}_des_ede and ede3 to add the - correct _ecb suffix. - [Ben Laurie] - - *) Add initial OCSP responder support to ocsp application. The - revocation information is handled using the text based index - use by the ca application. The responder can either handle - requests generated internally, supplied in files (for example - via a CGI script) or using an internal minimal server. - [Steve Henson] - - *) Add configuration choices to get zlib compression for TLS. - [Richard Levitte] - - *) Changes to Kerberos SSL for RFC 2712 compliance: - 1. Implemented real KerberosWrapper, instead of just using - KRB5 AP_REQ message. [Thanks to Simon Wilkinson ] - 2. Implemented optional authenticator field of KerberosWrapper. - - Added openssl-style ASN.1 macros for Kerberos ticket, ap_req, - and authenticator structs; see crypto/krb5/. - - Generalized Kerberos calls to support multiple Kerberos libraries. - [Vern Staats , - Jeffrey Altman - via Richard Levitte] - - *) Cause 'openssl speed' to use fully hard-coded DSA keys as it - already does with RSA. testdsa.h now has 'priv_key/pub_key' - values for each of the key sizes rather than having just - parameters (and 'speed' generating keys each time). - [Geoff Thorpe] - - *) Speed up EVP routines. - Before: -encrypt -type 8 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes -des-cbc 4408.85k 5560.51k 5778.46k 5862.20k 5825.16k -des-cbc 4389.55k 5571.17k 5792.23k 5846.91k 5832.11k -des-cbc 4394.32k 5575.92k 5807.44k 5848.37k 5841.30k -decrypt -des-cbc 3482.66k 5069.49k 5496.39k 5614.16k 5639.28k -des-cbc 3480.74k 5068.76k 5510.34k 5609.87k 5635.52k -des-cbc 3483.72k 5067.62k 5504.60k 5708.01k 5724.80k - After: -encrypt -des-cbc 4660.16k 5650.19k 5807.19k 5827.13k 5783.32k -decrypt -des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k - [Ben Laurie] - - *) Added the OS2-EMX target. - ["Brian Havard" and Richard Levitte] - - *) Rewrite apps to use NCONF routines instead of the old CONF. New functions - to support NCONF routines in extension code. New function CONF_set_nconf() - to allow functions which take an NCONF to also handle the old LHASH - structure: this means that the old CONF compatible routines can be - retained (in particular wrt extensions) without having to duplicate the - code. New function X509V3_add_ext_nconf_sk to add extensions to a stack. - [Steve Henson] - - *) Enhance the general user interface with mechanisms for inner control - and with possibilities to have yes/no kind of prompts. - [Richard Levitte] - - *) Change all calls to low level digest routines in the library and - applications to use EVP. Add missing calls to HMAC_cleanup() and - don't assume HMAC_CTX can be copied using memcpy(). - [Verdon Walker , Steve Henson] - - *) Add the possibility to control engines through control names but with - arbitrary arguments instead of just a string. - Change the key loaders to take a UI_METHOD instead of a callback - function pointer. NOTE: this breaks binary compatibility with earlier - versions of OpenSSL [engine]. - Adapt the nCipher code for these new conditions and add a card insertion - callback. - [Richard Levitte] - - *) Enhance the general user interface with mechanisms to better support - dialog box interfaces, application-defined prompts, the possibility - to use defaults (for example default passwords from somewhere else) - and interrupts/cancellations. - [Richard Levitte] - - *) Tidy up PKCS#12 attribute handling. Add support for the CSP name - attribute in PKCS#12 files, add new -CSP option to pkcs12 utility. - [Steve Henson] - - *) Fix a memory leak in 'sk_dup()' in the case reallocation fails. (Also - tidy up some unnecessarily weird code in 'sk_new()'). - [Geoff, reported by Diego Tartara ] - - *) Change the key loading routines for ENGINEs to use the same kind - callback (pem_password_cb) as all other routines that need this - kind of callback. - [Richard Levitte] - - *) Increase ENTROPY_NEEDED to 32 bytes, as Rijndael can operate with - 256 bit (=32 byte) keys. Of course seeding with more entropy bytes - than this minimum value is recommended. - [Lutz Jaenicke] - - *) New random seeder for OpenVMS, using the system process statistics - that are easily reachable. - [Richard Levitte] - - *) Windows apparently can't transparently handle global - variables defined in DLLs. Initialisations such as: - - const ASN1_ITEM *it = &ASN1_INTEGER_it; - - wont compile. This is used by the any applications that need to - declare their own ASN1 modules. This was fixed by adding the option - EXPORT_VAR_AS_FN to all Win32 platforms, although this isn't strictly - needed for static libraries under Win32. - [Steve Henson] - - *) New functions X509_PURPOSE_set() and X509_TRUST_set() to handle - setting of purpose and trust fields. New X509_STORE trust and - purpose functions and tidy up setting in other SSL functions. - [Steve Henson] - - *) Add copies of X509_STORE_CTX fields and callbacks to X509_STORE - structure. These are inherited by X509_STORE_CTX when it is - initialised. This allows various defaults to be set in the - X509_STORE structure (such as flags for CRL checking and custom - purpose or trust settings) for functions which only use X509_STORE_CTX - internally such as S/MIME. - - Modify X509_STORE_CTX_purpose_inherit() so it only sets purposes and - trust settings if they are not set in X509_STORE. This allows X509_STORE - purposes and trust (in S/MIME for example) to override any set by default. - - Add command line options for CRL checking to smime, s_client and s_server - applications. - [Steve Henson] - - *) Initial CRL based revocation checking. If the CRL checking flag(s) - are set then the CRL is looked up in the X509_STORE structure and - its validity and signature checked, then if the certificate is found - in the CRL the verify fails with a revoked error. - - Various new CRL related callbacks added to X509_STORE_CTX structure. - - Command line options added to 'verify' application to support this. - - This needs some additional work, such as being able to handle multiple - CRLs with different times, extension based lookup (rather than just - by subject name) and ultimately more complete V2 CRL extension - handling. - [Steve Henson] - - *) Add a general user interface API (crypto/ui/). This is designed - to replace things like des_read_password and friends (backward - compatibility functions using this new API are provided). - The purpose is to remove prompting functions from the DES code - section as well as provide for prompting through dialog boxes in - a window system and the like. - [Richard Levitte] - - *) Add "ex_data" support to ENGINE so implementations can add state at a - per-structure level rather than having to store it globally. - [Geoff] - - *) Make it possible for ENGINE structures to be copied when retrieved by - ENGINE_by_id() if the ENGINE specifies a new flag: ENGINE_FLAGS_BY_ID_COPY. - This causes the "original" ENGINE structure to act like a template, - analogous to the RSA vs. RSA_METHOD type of separation. Because of this - operational state can be localised to each ENGINE structure, despite the - fact they all share the same "methods". New ENGINE structures returned in - this case have no functional references and the return value is the single - structural reference. This matches the single structural reference returned - by ENGINE_by_id() normally, when it is incremented on the pre-existing - ENGINE structure. - [Geoff] - - *) Fix ASN1 decoder when decoding type ANY and V_ASN1_OTHER: since this - needs to match any other type at all we need to manually clear the - tag cache. - [Steve Henson] - - *) Changes to the "openssl engine" utility to include; - - verbosity levels ('-v', '-vv', and '-vvv') that provide information - about an ENGINE's available control commands. - - executing control commands from command line arguments using the - '-pre' and '-post' switches. '-post' is only used if '-t' is - specified and the ENGINE is successfully initialised. The syntax for - the individual commands are colon-separated, for example; - openssl engine chil -pre FORK_CHECK:0 -pre SO_PATH:/lib/test.so - [Geoff] - - *) New dynamic control command support for ENGINEs. ENGINEs can now - declare their own commands (numbers), names (strings), descriptions, - and input types for run-time discovery by calling applications. A - subset of these commands are implicitly classed as "executable" - depending on their input type, and only these can be invoked through - the new string-based API function ENGINE_ctrl_cmd_string(). (Eg. this - can be based on user input, config files, etc). The distinction is - that "executable" commands cannot return anything other than a boolean - result and can only support numeric or string input, whereas some - discoverable commands may only be for direct use through - ENGINE_ctrl(), eg. supporting the exchange of binary data, function - pointers, or other custom uses. The "executable" commands are to - support parameterisations of ENGINE behaviour that can be - unambiguously defined by ENGINEs and used consistently across any - OpenSSL-based application. Commands have been added to all the - existing hardware-supporting ENGINEs, noticeably "SO_PATH" to allow - control over shared-library paths without source code alterations. - [Geoff] - - *) Changed all ENGINE implementations to dynamically allocate their - ENGINEs rather than declaring them statically. Apart from this being - necessary with the removal of the ENGINE_FLAGS_MALLOCED distinction, - this also allows the implementations to compile without using the - internal engine_int.h header. - [Geoff] - - *) Minor adjustment to "rand" code. RAND_get_rand_method() now returns a - 'const' value. Any code that should be able to modify a RAND_METHOD - should already have non-const pointers to it (ie. they should only - modify their own ones). - [Geoff] - - *) Made a variety of little tweaks to the ENGINE code. - - "atalla" and "ubsec" string definitions were moved from header files - to C code. "nuron" string definitions were placed in variables - rather than hard-coded - allowing parameterisation of these values - later on via ctrl() commands. - - Removed unused "#if 0"'d code. - - Fixed engine list iteration code so it uses ENGINE_free() to release - structural references. - - Constified the RAND_METHOD element of ENGINE structures. - - Constified various get/set functions as appropriate and added - missing functions (including a catch-all ENGINE_cpy that duplicates - all ENGINE values onto a new ENGINE except reference counts/state). - - Removed NULL parameter checks in get/set functions. Setting a method - or function to NULL is a way of cancelling out a previously set - value. Passing a NULL ENGINE parameter is just plain stupid anyway - and doesn't justify the extra error symbols and code. - - Deprecate the ENGINE_FLAGS_MALLOCED define and move the area for - flags from engine_int.h to engine.h. - - Changed prototypes for ENGINE handler functions (init(), finish(), - ctrl(), key-load functions, etc) to take an (ENGINE*) parameter. - [Geoff] - - *) Implement binary inversion algorithm for BN_mod_inverse in addition - to the algorithm using long division. The binary algorithm can be - used only if the modulus is odd. On 32-bit systems, it is faster - only for relatively small moduli (roughly 20-30% for 128-bit moduli, - roughly 5-15% for 256-bit moduli), so we use it only for moduli - up to 450 bits. In 64-bit environments, the binary algorithm - appears to be advantageous for much longer moduli; here we use it - for moduli up to 2048 bits. - [Bodo Moeller] - - *) Rewrite CHOICE field setting in ASN1_item_ex_d2i(). The old code - could not support the combine flag in choice fields. - [Steve Henson] - - *) Add a 'copy_extensions' option to the 'ca' utility. This copies - extensions from a certificate request to the certificate. - [Steve Henson] - - *) Allow multiple 'certopt' and 'nameopt' options to be separated - by commas. Add 'namopt' and 'certopt' options to the 'ca' config - file: this allows the display of the certificate about to be - signed to be customised, to allow certain fields to be included - or excluded and extension details. The old system didn't display - multicharacter strings properly, omitted fields not in the policy - and couldn't display additional details such as extensions. - [Steve Henson] - - *) Function EC_POINTs_mul for multiple scalar multiplication - of an arbitrary number of elliptic curve points - \sum scalars[i]*points[i], - optionally including the generator defined for the EC_GROUP: - scalar*generator + \sum scalars[i]*points[i]. - - EC_POINT_mul is a simple wrapper function for the typical case - that the point list has just one item (besides the optional - generator). - [Bodo Moeller] - - *) First EC_METHODs for curves over GF(p): - - EC_GFp_simple_method() uses the basic BN_mod_mul and BN_mod_sqr - operations and provides various method functions that can also - operate with faster implementations of modular arithmetic. - - EC_GFp_mont_method() reuses most functions that are part of - EC_GFp_simple_method, but uses Montgomery arithmetic. - - [Bodo Moeller; point addition and point doubling - implementation directly derived from source code provided by - Lenka Fibikova ] - - *) Framework for elliptic curves (crypto/ec/ec.h, crypto/ec/ec_lcl.h, - crypto/ec/ec_lib.c): - - Curves are EC_GROUP objects (with an optional group generator) - based on EC_METHODs that are built into the library. - - Points are EC_POINT objects based on EC_GROUP objects. - - Most of the framework would be able to handle curves over arbitrary - finite fields, but as there are no obvious types for fields other - than GF(p), some functions are limited to that for now. - [Bodo Moeller] - - *) Add the -HTTP option to s_server. It is similar to -WWW, but requires - that the file contains a complete HTTP response. - [Richard Levitte] - - *) Add the ec directory to mkdef.pl and mkfiles.pl. In mkdef.pl - change the def and num file printf format specifier from "%-40sXXX" - to "%-39s XXX". The latter will always guarantee a space after the - field while the former will cause them to run together if the field - is 40 of more characters long. - [Steve Henson] - - *) Constify the cipher and digest 'method' functions and structures - and modify related functions to take constant EVP_MD and EVP_CIPHER - pointers. - [Steve Henson] - - *) Hide BN_CTX structure details in bn_lcl.h instead of publishing them - in . Also further increase BN_CTX_NUM to 32. - [Bodo Moeller] - - *) Modify EVP_Digest*() routines so they now return values. Although the - internal software routines can never fail additional hardware versions - might. - [Steve Henson] - - *) Clean up crypto/err/err.h and change some error codes to avoid conflicts: - - Previously ERR_R_FATAL was too small and coincided with ERR_LIB_PKCS7 - (= ERR_R_PKCS7_LIB); it is now 64 instead of 32. - - ASN1 error codes - ERR_R_NESTED_ASN1_ERROR - ... - ERR_R_MISSING_ASN1_EOS - were 4 .. 9, conflicting with - ERR_LIB_RSA (= ERR_R_RSA_LIB) - ... - ERR_LIB_PEM (= ERR_R_PEM_LIB). - They are now 58 .. 63 (i.e., just below ERR_R_FATAL). - - Add new error code 'ERR_R_INTERNAL_ERROR'. - [Bodo Moeller] - - *) Don't overuse locks in crypto/err/err.c: For data retrieval, CRYPTO_r_lock - suffices. - [Bodo Moeller] - - *) New option '-subj arg' for 'openssl req' and 'openssl ca'. This - sets the subject name for a new request or supersedes the - subject name in a given request. Formats that can be parsed are - 'CN=Some Name, OU=myOU, C=IT' - and - 'CN=Some Name/OU=myOU/C=IT'. - - Add options '-batch' and '-verbose' to 'openssl req'. - [Massimiliano Pala ] - - *) Introduce the possibility to access global variables through - functions on platform were that's the best way to handle exporting - global variables in shared libraries. To enable this functionality, - one must configure with "EXPORT_VAR_AS_FN" or defined the C macro - "OPENSSL_EXPORT_VAR_AS_FUNCTION" in crypto/opensslconf.h (the latter - is normally done by Configure or something similar). - - To implement a global variable, use the macro OPENSSL_IMPLEMENT_GLOBAL - in the source file (foo.c) like this: - - OPENSSL_IMPLEMENT_GLOBAL(int,foo)=1; - OPENSSL_IMPLEMENT_GLOBAL(double,bar); - - To declare a global variable, use the macros OPENSSL_DECLARE_GLOBAL - and OPENSSL_GLOBAL_REF in the header file (foo.h) like this: - - OPENSSL_DECLARE_GLOBAL(int,foo); - #define foo OPENSSL_GLOBAL_REF(foo) - OPENSSL_DECLARE_GLOBAL(double,bar); - #define bar OPENSSL_GLOBAL_REF(bar) - - The #defines are very important, and therefore so is including the - header file everywhere where the defined globals are used. - - The macro OPENSSL_EXPORT_VAR_AS_FUNCTION also affects the definition - of ASN.1 items, but that structure is a bit different. - - The largest change is in util/mkdef.pl which has been enhanced with - better and easier to understand logic to choose which symbols should - go into the Windows .def files as well as a number of fixes and code - cleanup (among others, algorithm keywords are now sorted - lexicographically to avoid constant rewrites). - [Richard Levitte] - - *) In BN_div() keep a copy of the sign of 'num' before writing the - result to 'rm' because if rm==num the value will be overwritten - and produce the wrong result if 'num' is negative: this caused - problems with BN_mod() and BN_nnmod(). - [Steve Henson] - - *) Function OCSP_request_verify(). This checks the signature on an - OCSP request and verifies the signer certificate. The signer - certificate is just checked for a generic purpose and OCSP request - trust settings. - [Steve Henson] - - *) Add OCSP_check_validity() function to check the validity of OCSP - responses. OCSP responses are prepared in real time and may only - be a few seconds old. Simply checking that the current time lies - between thisUpdate and nextUpdate max reject otherwise valid responses - caused by either OCSP responder or client clock inaccuracy. Instead - we allow thisUpdate and nextUpdate to fall within a certain period of - the current time. The age of the response can also optionally be - checked. Two new options -validity_period and -status_age added to - ocsp utility. - [Steve Henson] - - *) If signature or public key algorithm is unrecognized print out its - OID rather that just UNKNOWN. - [Steve Henson] - - *) Change OCSP_cert_to_id() to tolerate a NULL subject certificate and - OCSP_cert_id_new() a NULL serialNumber. This allows a partial certificate - ID to be generated from the issuer certificate alone which can then be - passed to OCSP_id_issuer_cmp(). - [Steve Henson] - - *) New compilation option ASN1_ITEM_FUNCTIONS. This causes the new - ASN1 modules to export functions returning ASN1_ITEM pointers - instead of the ASN1_ITEM structures themselves. This adds several - new macros which allow the underlying ASN1 function/structure to - be accessed transparently. As a result code should not use ASN1_ITEM - references directly (such as &X509_it) but instead use the relevant - macros (such as ASN1_ITEM_rptr(X509)). This option is to allow - use of the new ASN1 code on platforms where exporting structures - is problematical (for example in shared libraries) but exporting - functions returning pointers to structures is not. - [Steve Henson] - - *) Add support for overriding the generation of SSL/TLS session IDs. - These callbacks can be registered either in an SSL_CTX or per SSL. - The purpose of this is to allow applications to control, if they wish, - the arbitrary values chosen for use as session IDs, particularly as it - can be useful for session caching in multiple-server environments. A - command-line switch for testing this (and any client code that wishes - to use such a feature) has been added to "s_server". - [Geoff Thorpe, Lutz Jaenicke] - - *) Modify mkdef.pl to recognise and parse preprocessor conditionals - of the form '#if defined(...) || defined(...) || ...' and - '#if !defined(...) && !defined(...) && ...'. This also avoids - the growing number of special cases it was previously handling. - [Richard Levitte] - - *) Make all configuration macros available for application by making - sure they are available in opensslconf.h, by giving them names starting - with "OPENSSL_" to avoid conflicts with other packages and by making - sure e_os2.h will cover all platform-specific cases together with - opensslconf.h. - Additionally, it is now possible to define configuration/platform- - specific names (called "system identities"). In the C code, these - are prefixed with "OPENSSL_SYSNAME_". e_os2.h will create another - macro with the name beginning with "OPENSSL_SYS_", which is determined - from "OPENSSL_SYSNAME_*" or compiler-specific macros depending on - what is available. - [Richard Levitte] - - *) New option -set_serial to 'req' and 'x509' this allows the serial - number to use to be specified on the command line. Previously self - signed certificates were hard coded with serial number 0 and the - CA options of 'x509' had to use a serial number in a file which was - auto incremented. - [Steve Henson] - - *) New options to 'ca' utility to support V2 CRL entry extensions. - Currently CRL reason, invalidity date and hold instruction are - supported. Add new CRL extensions to V3 code and some new objects. - [Steve Henson] - - *) New function EVP_CIPHER_CTX_set_padding() this is used to - disable standard block padding (aka PKCS#5 padding) in the EVP - API, which was previously mandatory. This means that the data is - not padded in any way and so the total length much be a multiple - of the block size, otherwise an error occurs. - [Steve Henson] - - *) Initial (incomplete) OCSP SSL support. - [Steve Henson] - - *) New function OCSP_parse_url(). This splits up a URL into its host, - port and path components: primarily to parse OCSP URLs. New -url - option to ocsp utility. - [Steve Henson] - - *) New nonce behavior. The return value of OCSP_check_nonce() now - reflects the various checks performed. Applications can decide - whether to tolerate certain situations such as an absent nonce - in a response when one was present in a request: the ocsp application - just prints out a warning. New function OCSP_add1_basic_nonce() - this is to allow responders to include a nonce in a response even if - the request is nonce-less. - [Steve Henson] - - *) Disable stdin buffering in load_cert (apps/apps.c) so that no certs are - skipped when using openssl x509 multiple times on a single input file, - e.g. "(openssl x509 -out cert1; openssl x509 -out cert2) ] - - *) New OCSP verify flag OCSP_TRUSTOTHER. When set the "other" certificates - passed by the function are trusted implicitly. If any of them signed the - response then it is assumed to be valid and is not verified. - [Steve Henson] - - *) In PKCS7_set_type() initialise content_type in PKCS7_ENC_CONTENT - to data. This was previously part of the PKCS7 ASN1 code. This - was causing problems with OpenSSL created PKCS#12 and PKCS#7 structures. - [Steve Henson, reported by Kenneth R. Robinette - ] - - *) Add CRYPTO_push_info() and CRYPTO_pop_info() calls to new ASN1 - routines: without these tracing memory leaks is very painful. - Fix leaks in PKCS12 and PKCS7 routines. - [Steve Henson] - - *) Make X509_time_adj() cope with the new behaviour of ASN1_TIME_new(). - Previously it initialised the 'type' argument to V_ASN1_UTCTIME which - effectively meant GeneralizedTime would never be used. Now it - is initialised to -1 but X509_time_adj() now has to check the value - and use ASN1_TIME_set() if the value is not V_ASN1_UTCTIME or - V_ASN1_GENERALIZEDTIME, without this it always uses GeneralizedTime. - [Steve Henson, reported by Kenneth R. Robinette - ] - - *) Fixes to BN_to_ASN1_INTEGER when bn is zero. This would previously - result in a zero length in the ASN1_INTEGER structure which was - not consistent with the structure when d2i_ASN1_INTEGER() was used - and would cause ASN1_INTEGER_cmp() to fail. Enhance s2i_ASN1_INTEGER() - to cope with hex and negative integers. Fix bug in i2a_ASN1_INTEGER() - where it did not print out a minus for negative ASN1_INTEGER. - [Steve Henson] - - *) Add summary printout to ocsp utility. The various functions which - convert status values to strings have been renamed to: - OCSP_response_status_str(), OCSP_cert_status_str() and - OCSP_crl_reason_str() and are no longer static. New options - to verify nonce values and to disable verification. OCSP response - printout format cleaned up. - [Steve Henson] - - *) Add additional OCSP certificate checks. These are those specified - in RFC2560. This consists of two separate checks: the CA of the - certificate being checked must either be the OCSP signer certificate - or the issuer of the OCSP signer certificate. In the latter case the - OCSP signer certificate must contain the OCSP signing extended key - usage. This check is performed by attempting to match the OCSP - signer or the OCSP signer CA to the issuerNameHash and issuerKeyHash - in the OCSP_CERTID structures of the response. - [Steve Henson] - - *) Initial OCSP certificate verification added to OCSP_basic_verify() - and related routines. This uses the standard OpenSSL certificate - verify routines to perform initial checks (just CA validity) and - to obtain the certificate chain. Then additional checks will be - performed on the chain. Currently the root CA is checked to see - if it is explicitly trusted for OCSP signing. This is used to set - a root CA as a global signing root: that is any certificate that - chains to that CA is an acceptable OCSP signing certificate. - [Steve Henson] - - *) New '-extfile ...' option to 'openssl ca' for reading X.509v3 - extensions from a separate configuration file. - As when reading extensions from the main configuration file, - the '-extensions ...' option may be used for specifying the - section to use. - [Massimiliano Pala ] - - *) New OCSP utility. Allows OCSP requests to be generated or - read. The request can be sent to a responder and the output - parsed, outputed or printed in text form. Not complete yet: - still needs to check the OCSP response validity. - [Steve Henson] - - *) New subcommands for 'openssl ca': - 'openssl ca -status ' prints the status of the cert with - the given serial number (according to the index file). - 'openssl ca -updatedb' updates the expiry status of certificates - in the index file. - [Massimiliano Pala ] - - *) New '-newreq-nodes' command option to CA.pl. This is like - '-newreq', but calls 'openssl req' with the '-nodes' option - so that the resulting key is not encrypted. - [Damien Miller ] - - *) New configuration for the GNU Hurd. - [Jonathan Bartlett via Richard Levitte] - - *) Initial code to implement OCSP basic response verify. This - is currently incomplete. Currently just finds the signer's - certificate and verifies the signature on the response. - [Steve Henson] - - *) New SSLeay_version code SSLEAY_DIR to determine the compiled-in - value of OPENSSLDIR. This is available via the new '-d' option - to 'openssl version', and is also included in 'openssl version -a'. - [Bodo Moeller] - - *) Allowing defining memory allocation callbacks that will be given - file name and line number information in additional arguments - (a const char* and an int). The basic functionality remains, as - well as the original possibility to just replace malloc(), - realloc() and free() by functions that do not know about these - additional arguments. To register and find out the current - settings for extended allocation functions, the following - functions are provided: - - CRYPTO_set_mem_ex_functions - CRYPTO_set_locked_mem_ex_functions - CRYPTO_get_mem_ex_functions - CRYPTO_get_locked_mem_ex_functions - - These work the same way as CRYPTO_set_mem_functions and friends. - CRYPTO_get_[locked_]mem_functions now writes 0 where such an - extended allocation function is enabled. - Similarly, CRYPTO_get_[locked_]mem_ex_functions writes 0 where - a conventional allocation function is enabled. - [Richard Levitte, Bodo Moeller] - - *) Finish off removing the remaining LHASH function pointer casts. - There should no longer be any prototype-casting required when using - the LHASH abstraction, and any casts that remain are "bugs". See - the callback types and macros at the head of lhash.h for details - (and "OBJ_cleanup" in crypto/objects/obj_dat.c as an example). - [Geoff Thorpe] - - *) Add automatic query of EGD sockets in RAND_poll() for the unix variant. - If /dev/[u]random devices are not available or do not return enough - entropy, EGD style sockets (served by EGD or PRNGD) will automatically - be queried. - The locations /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool, and - /etc/entropy will be queried once each in this sequence, quering stops - when enough entropy was collected without querying more sockets. - [Lutz Jaenicke] - - *) Change the Unix RAND_poll() variant to be able to poll several - random devices, as specified by DEVRANDOM, until a sufficient amount - of data has been collected. We spend at most 10 ms on each file - (select timeout) and read in non-blocking mode. DEVRANDOM now - defaults to the list "/dev/urandom", "/dev/random", "/dev/srandom" - (previously it was just the string "/dev/urandom"), so on typical - platforms the 10 ms delay will never occur. - Also separate out the Unix variant to its own file, rand_unix.c. - For VMS, there's a currently-empty rand_vms.c. - [Richard Levitte] - - *) Move OCSP client related routines to ocsp_cl.c. These - provide utility functions which an application needing - to issue a request to an OCSP responder and analyse the - response will typically need: as opposed to those which an - OCSP responder itself would need which will be added later. - - OCSP_request_sign() signs an OCSP request with an API similar - to PKCS7_sign(). OCSP_response_status() returns status of OCSP - response. OCSP_response_get1_basic() extracts basic response - from response. OCSP_resp_find_status(): finds and extracts status - information from an OCSP_CERTID structure (which will be created - when the request structure is built). These are built from lower - level functions which work on OCSP_SINGLERESP structures but - wont normally be used unless the application wishes to examine - extensions in the OCSP response for example. - - Replace nonce routines with a pair of functions. - OCSP_request_add1_nonce() adds a nonce value and optionally - generates a random value. OCSP_check_nonce() checks the - validity of the nonce in an OCSP response. - [Steve Henson] - - *) Change function OCSP_request_add() to OCSP_request_add0_id(). - This doesn't copy the supplied OCSP_CERTID and avoids the - need to free up the newly created id. Change return type - to OCSP_ONEREQ to return the internal OCSP_ONEREQ structure. - This can then be used to add extensions to the request. - Deleted OCSP_request_new(), since most of its functionality - is now in OCSP_REQUEST_new() (and the case insensitive name - clash) apart from the ability to set the request name which - will be added elsewhere. - [Steve Henson] - - *) Update OCSP API. Remove obsolete extensions argument from - various functions. Extensions are now handled using the new - OCSP extension code. New simple OCSP HTTP function which - can be used to send requests and parse the response. - [Steve Henson] - - *) Fix the PKCS#7 (S/MIME) code to work with new ASN1. Two new - ASN1_ITEM structures help with sign and verify. PKCS7_ATTR_SIGN - uses the special reorder version of SET OF to sort the attributes - and reorder them to match the encoded order. This resolves a long - standing problem: a verify on a PKCS7 structure just after signing - it used to fail because the attribute order did not match the - encoded order. PKCS7_ATTR_VERIFY does not reorder the attributes: - it uses the received order. This is necessary to tolerate some broken - software that does not order SET OF. This is handled by encoding - as a SEQUENCE OF but using implicit tagging (with UNIVERSAL class) - to produce the required SET OF. - [Steve Henson] - - *) Have mk1mf.pl generate the macros OPENSSL_BUILD_SHLIBCRYPTO and - OPENSSL_BUILD_SHLIBSSL and use them appropriately in the header - files to get correct declarations of the ASN.1 item variables. - [Richard Levitte] - - *) Rewrite of PKCS#12 code to use new ASN1 functionality. Replace many - PKCS#12 macros with real functions. Fix two unrelated ASN1 bugs: - asn1_check_tlen() would sometimes attempt to use 'ctx' when it was - NULL and ASN1_TYPE was not dereferenced properly in asn1_ex_c2i(). - New ASN1 macro: DECLARE_ASN1_ITEM() which just declares the relevant - ASN1_ITEM and no wrapper functions. - [Steve Henson] - - *) New functions or ASN1_item_d2i_fp() and ASN1_item_d2i_bio(). These - replace the old function pointer based I/O routines. Change most of - the *_d2i_bio() and *_d2i_fp() functions to use these. - [Steve Henson] - - *) Enhance mkdef.pl to be more accepting about spacing in C preprocessor - lines, recognice more "algorithms" that can be deselected, and make - it complain about algorithm deselection that isn't recognised. - [Richard Levitte] - - *) New ASN1 functions to handle dup, sign, verify, digest, pack and - unpack operations in terms of ASN1_ITEM. Modify existing wrappers - to use new functions. Add NO_ASN1_OLD which can be set to remove - some old style ASN1 functions: this can be used to determine if old - code will still work when these eventually go away. - [Steve Henson] - - *) New extension functions for OCSP structures, these follow the - same conventions as certificates and CRLs. - [Steve Henson] - - *) New function X509V3_add1_i2d(). This automatically encodes and - adds an extension. Its behaviour can be customised with various - flags to append, replace or delete. Various wrappers added for - certifcates and CRLs. - [Steve Henson] - - *) Fix to avoid calling the underlying ASN1 print routine when - an extension cannot be parsed. Correct a typo in the - OCSP_SERVICELOC extension. Tidy up print OCSP format. - [Steve Henson] - - *) Make mkdef.pl parse some of the ASN1 macros and add apropriate - entries for variables. - [Steve Henson] - - *) Add functionality to apps/openssl.c for detecting locking - problems: As the program is single-threaded, all we have - to do is register a locking callback using an array for - storing which locks are currently held by the program. - [Bodo Moeller] - - *) Use a lock around the call to CRYPTO_get_ex_new_index() in - SSL_get_ex_data_X509_STORE_idx(), which is used in - ssl_verify_cert_chain() and thus can be called at any time - during TLS/SSL handshakes so that thread-safety is essential. - Unfortunately, the ex_data design is not at all suited - for multi-threaded use, so it probably should be abolished. - [Bodo Moeller] - - *) Added Broadcom "ubsec" ENGINE to OpenSSL. - [Broadcom, tweaked and integrated by Geoff Thorpe] - - *) Move common extension printing code to new function - X509V3_print_extensions(). Reorganise OCSP print routines and - implement some needed OCSP ASN1 functions. Add OCSP extensions. - [Steve Henson] - - *) New function X509_signature_print() to remove duplication in some - print routines. - [Steve Henson] - - *) Add a special meaning when SET OF and SEQUENCE OF flags are both - set (this was treated exactly the same as SET OF previously). This - is used to reorder the STACK representing the structure to match the - encoding. This will be used to get round a problem where a PKCS7 - structure which was signed could not be verified because the STACK - order did not reflect the encoded order. - [Steve Henson] - - *) Reimplement the OCSP ASN1 module using the new code. - [Steve Henson] - - *) Update the X509V3 code to permit the use of an ASN1_ITEM structure - for its ASN1 operations. The old style function pointers still exist - for now but they will eventually go away. - [Steve Henson] - - *) Merge in replacement ASN1 code from the ASN1 branch. This almost - completely replaces the old ASN1 functionality with a table driven - encoder and decoder which interprets an ASN1_ITEM structure describing - the ASN1 module. Compatibility with the existing ASN1 API (i2d,d2i) is - largely maintained. Almost all of the old asn1_mac.h macro based ASN1 - has also been converted to the new form. - [Steve Henson] - - *) Change BN_mod_exp_recp so that negative moduli are tolerated - (the sign is ignored). Similarly, ignore the sign in BN_MONT_CTX_set - so that BN_mod_exp_mont and BN_mod_exp_mont_word work - for negative moduli. - [Bodo Moeller] - - *) Fix BN_uadd and BN_usub: Always return non-negative results instead - of not touching the result's sign bit. - [Bodo Moeller] - - *) BN_div bugfix: If the result is 0, the sign (res->neg) must not be - set. - [Bodo Moeller] - - *) Changed the LHASH code to use prototypes for callbacks, and created - macros to declare and implement thin (optionally static) functions - that provide type-safety and avoid function pointer casting for the - type-specific callbacks. - [Geoff Thorpe] - - *) Added Kerberos Cipher Suites to be used with TLS, as written in - RFC 2712. - [Veers Staats , - Jeffrey Altman , via Richard Levitte] - - *) Reformat the FAQ so the different questions and answers can be divided - in sections depending on the subject. - [Richard Levitte] - - *) Have the zlib compression code load ZLIB.DLL dynamically under - Windows. - [Richard Levitte] - - *) New function BN_mod_sqrt for computing square roots modulo a prime - (using the probabilistic Tonelli-Shanks algorithm unless - p == 3 (mod 4) or p == 5 (mod 8), which are cases that can - be handled deterministically). - [Lenka Fibikova , Bodo Moeller] - - *) Make BN_mod_inverse faster by explicitly handling small quotients - in the Euclid loop. (Speed gain about 20% for small moduli [256 or - 512 bits], about 30% for larger ones [1024 or 2048 bits].) - [Bodo Moeller] - - *) New function BN_kronecker. - [Bodo Moeller] - - *) Fix BN_gcd so that it works on negative inputs; the result is - positive unless both parameters are zero. - Previously something reasonably close to an infinite loop was - possible because numbers could be growing instead of shrinking - in the implementation of Euclid's algorithm. - [Bodo Moeller] - - *) Fix BN_is_word() and BN_is_one() macros to take into account the - sign of the number in question. - - Fix BN_is_word(a,w) to work correctly for w == 0. - - The old BN_is_word(a,w) macro is now called BN_abs_is_word(a,w) - because its test if the absolute value of 'a' equals 'w'. - Note that BN_abs_is_word does *not* handle w == 0 reliably; - it exists mostly for use in the implementations of BN_is_zero(), - BN_is_one(), and BN_is_word(). - [Bodo Moeller] - - *) New function BN_swap. - [Bodo Moeller] - - *) Use BN_nnmod instead of BN_mod in crypto/bn/bn_exp.c so that - the exponentiation functions are more likely to produce reasonable - results on negative inputs. - [Bodo Moeller] - - *) Change BN_mod_mul so that the result is always non-negative. - Previously, it could be negative if one of the factors was negative; - I don't think anyone really wanted that behaviour. - [Bodo Moeller] - - *) Move BN_mod_... functions into new file crypto/bn/bn_mod.c - (except for exponentiation, which stays in crypto/bn/bn_exp.c, - and BN_mod_mul_reciprocal, which stays in crypto/bn/bn_recp.c) - and add new functions: - - BN_nnmod - BN_mod_sqr - BN_mod_add - BN_mod_add_quick - BN_mod_sub - BN_mod_sub_quick - BN_mod_lshift1 - BN_mod_lshift1_quick - BN_mod_lshift - BN_mod_lshift_quick - - These functions always generate non-negative results. - - BN_nnmod otherwise is like BN_mod (if BN_mod computes a remainder r - such that |m| < r < 0, BN_nnmod will output rem + |m| instead). - - BN_mod_XXX_quick(r, a, [b,] m) generates the same result as - BN_mod_XXX(r, a, [b,] m, ctx), but requires that a [and b] - be reduced modulo m. - [Lenka Fibikova , Bodo Moeller] - - *) Remove a few calls to bn_wexpand() in BN_sqr() (the one in there - was actually never needed) and in BN_mul(). The removal in BN_mul() - required a small change in bn_mul_part_recursive() and the addition - of the functions bn_cmp_part_words(), bn_sub_part_words() and - bn_add_part_words(), which do the same thing as bn_cmp_words(), - bn_sub_words() and bn_add_words() except they take arrays with - differing sizes. - [Richard Levitte] - - *) In 'openssl passwd', verify passwords read from the terminal - unless the '-salt' option is used (which usually means that - verification would just waste user's time since the resulting - hash is going to be compared with some given password hash) - or the new '-noverify' option is used. - - This is an incompatible change, but it does not affect - non-interactive use of 'openssl passwd' (passwords on the command - line, '-stdin' option, '-in ...' option) and thus should not - cause any problems. - [Bodo Moeller] - - *) Remove all references to RSAref, since there's no more need for it. - [Richard Levitte] - - *) Make DSO load along a path given through an environment variable - (SHLIB_PATH) with shl_load(). - [Richard Levitte] - - *) Constify the ENGINE code as a result of BIGNUM constification. - Also constify the RSA code and most things related to it. In a - few places, most notable in the depth of the ASN.1 code, ugly - casts back to non-const were required (to be solved at a later - time) - [Richard Levitte] - - *) Make it so the openssl application has all engines loaded by default. - [Richard Levitte] - - *) Constify the BIGNUM routines a little more. - [Richard Levitte] - - *) Add the following functions: - - ENGINE_load_cswift() - ENGINE_load_chil() - ENGINE_load_atalla() - ENGINE_load_nuron() - ENGINE_load_builtin_engines() - - That way, an application can itself choose if external engines that - are built-in in OpenSSL shall ever be used or not. The benefit is - that applications won't have to be linked with libdl or other dso - libraries unless it's really needed. - - Changed 'openssl engine' to load all engines on demand. - Changed the engine header files to avoid the duplication of some - declarations (they differed!). - [Richard Levitte] - - *) 'openssl engine' can now list capabilities. - [Richard Levitte] - - *) Better error reporting in 'openssl engine'. - [Richard Levitte] - - *) Never call load_dh_param(NULL) in s_server. - [Bodo Moeller] - - *) Add engine application. It can currently list engines by name and - identity, and test if they are actually available. - [Richard Levitte] - - *) Improve RPM specification file by forcing symbolic linking and making - sure the installed documentation is also owned by root.root. - [Damien Miller ] - - *) Give the OpenSSL applications more possibilities to make use of - keys (public as well as private) handled by engines. - [Richard Levitte] - - *) Add OCSP code that comes from CertCo. - [Richard Levitte] - - *) Add VMS support for the Rijndael code. - [Richard Levitte] - - *) Added untested support for Nuron crypto accelerator. - [Ben Laurie] - - *) Add support for external cryptographic devices. This code was - previously distributed separately as the "engine" branch. - [Geoff Thorpe, Richard Levitte] - - *) Rework the filename-translation in the DSO code. It is now possible to - have far greater control over how a "name" is turned into a filename - depending on the operating environment and any oddities about the - different shared library filenames on each system. - [Geoff Thorpe] - - *) Support threads on FreeBSD-elf in Configure. - [Richard Levitte] - - *) Fix for SHA1 assembly problem with MASM: it produces - warnings about corrupt line number information when assembling - with debugging information. This is caused by the overlapping - of two sections. - [Bernd Matthes , Steve Henson] - - *) NCONF changes. - NCONF_get_number() has no error checking at all. As a replacement, - NCONF_get_number_e() is defined (_e for "error checking") and is - promoted strongly. The old NCONF_get_number is kept around for - binary backward compatibility. - Make it possible for methods to load from something other than a BIO, - by providing a function pointer that is given a name instead of a BIO. - For example, this could be used to load configuration data from an - LDAP server. - [Richard Levitte] - - *) Fix for non blocking accept BIOs. Added new I/O special reason - BIO_RR_ACCEPT to cover this case. Previously use of accept BIOs - with non blocking I/O was not possible because no retry code was - implemented. Also added new SSL code SSL_WANT_ACCEPT to cover - this case. - [Steve Henson] - - *) Added the beginnings of Rijndael support. - [Ben Laurie] - - *) Fix for bug in DirectoryString mask setting. Add support for - X509_NAME_print_ex() in 'req' and X509_print_ex() function - to allow certificate printing to more controllable, additional - 'certopt' option to 'x509' to allow new printing options to be - set. - [Steve Henson] - - *) Clean old EAY MD5 hack from e_os.h. - [Richard Levitte] - - Changes between 0.9.6d and 0.9.6e [XX xxx XXXX] - - *) Fix EVP_dsa_sha macro. - [Nils Larsch] - - Changes in security patch - -Changes marked "(CHATS)" were sponsored by the Defense Advanced -Research Projects Agency (DARPA) and Air Force Research Laboratory, -Air Force Materiel Command, USAF, under agreement number -F30602-01-2-0537. - - *) Add various sanity checks to asn1_get_length() to reject - the ASN1 length bytes if they exceed sizeof(long), will appear - negative or the content length exceeds the length of the - supplied buffer. - [Steve Henson, Adi Stav , James Yonan ] - - *) Assertions for various potential buffer overflows, not known to - happen in practice. - [Ben Laurie (CHATS)] - - *) Various temporary buffers to hold ASCII versions of integers were - too small for 64 bit platforms. (CAN-2002-0655) - [Matthew Byng-Maddick and Ben Laurie (CHATS)> - - *) Remote buffer overflow in SSL3 protocol - an attacker could - supply an oversized session ID to a client. (CAN-2002-0656) - [Ben Laurie (CHATS)] - - *) Remote buffer overflow in SSL2 protocol - an attacker could - supply an oversized client master key. (CAN-2002-0656) - [Ben Laurie (CHATS)] - - Changes between 0.9.6c and 0.9.6d [9 May 2002] - - *) Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not - encoded as NULL) with id-dsa-with-sha1. - [Nils Larsch ; problem pointed out by Bodo Moeller] - - *) Check various X509_...() return values in apps/req.c. - [Nils Larsch ] - - *) Fix BASE64 decode (EVP_DecodeUpdate) for data with CR/LF ended lines: - an end-of-file condition would erronously be flagged, when the CRLF - was just at the end of a processed block. The bug was discovered when - processing data through a buffering memory BIO handing the data to a - BASE64-decoding BIO. Bug fund and patch submitted by Pavel Tsekov - and Nedelcho Stanev. - [Lutz Jaenicke] - - *) Implement a countermeasure against a vulnerability recently found - in CBC ciphersuites in SSL 3.0/TLS 1.0: Send an empty fragment - before application data chunks to avoid the use of known IVs - with data potentially chosen by the attacker. - [Bodo Moeller] - - *) Fix length checks in ssl3_get_client_hello(). - [Bodo Moeller] - - *) TLS/SSL library bugfix: use s->s3->in_read_app_data differently - to prevent ssl3_read_internal() from incorrectly assuming that - ssl3_read_bytes() found application data while handshake - processing was enabled when in fact s->s3->in_read_app_data was - merely automatically cleared during the initial handshake. - [Bodo Moeller; problem pointed out by Arne Ansper ] - - *) Fix object definitions for Private and Enterprise: they were not - recognized in their shortname (=lowercase) representation. Extend - obj_dat.pl to issue an error when using undefined keywords instead - of silently ignoring the problem (Svenning Sorensen - ). - [Lutz Jaenicke] - - *) Fix DH_generate_parameters() so that it works for 'non-standard' - generators, i.e. generators other than 2 and 5. (Previously, the - code did not properly initialise the 'add' and 'rem' values to - BN_generate_prime().) - - In the new general case, we do not insist that 'generator' is - actually a primitive root: This requirement is rather pointless; - a generator of the order-q subgroup is just as good, if not - better. - [Bodo Moeller] - - *) Map new X509 verification errors to alerts. Discovered and submitted by - Tom Wu . - [Lutz Jaenicke] - - *) Fix ssl3_pending() (ssl/s3_lib.c) to prevent SSL_pending() from - returning non-zero before the data has been completely received - when using non-blocking I/O. - [Bodo Moeller; problem pointed out by John Hughes] - - *) Some of the ciphers missed the strength entry (SSL_LOW etc). - [Ben Laurie, Lutz Jaenicke] - - *) Fix bug in SSL_clear(): bad sessions were not removed (found by - Yoram Zahavi ). - [Lutz Jaenicke] - - *) Add information about CygWin 1.3 and on, and preserve proper - configuration for the versions before that. - [Corinna Vinschen and Richard Levitte] - - *) Make removal from session cache (SSL_CTX_remove_session()) more robust: - check whether we deal with a copy of a session and do not delete from - the cache in this case. Problem reported by "Izhar Shoshani Levi" - . - [Lutz Jaenicke] - - *) Do not store session data into the internal session cache, if it - is never intended to be looked up (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP - flag is set). Proposed by Aslam . - [Lutz Jaenicke] - - *) Have ASN1_BIT_STRING_set_bit() really clear a bit when the requested - value is 0. - [Richard Levitte] - - *) Add the configuration target linux-s390x. - [Neale Ferguson via Richard Levitte] - - *) [In 0.9.6d-engine release:] - Fix a crashbug and a logic bug in hwcrhk_load_pubkey(). - [Toomas Kiisk via Richard Levitte] - - *) The earlier bugfix for the SSL3_ST_SW_HELLO_REQ_C case of - ssl3_accept (ssl/s3_srvr.c) incorrectly used a local flag - variable as an indication that a ClientHello message has been - received. As the flag value will be lost between multiple - invocations of ssl3_accept when using non-blocking I/O, the - function may not be aware that a handshake has actually taken - place, thus preventing a new session from being added to the - session cache. - - To avoid this problem, we now set s->new_session to 2 instead of - using a local variable. - [Lutz Jaenicke, Bodo Moeller] - - *) Bugfix: Return -1 from ssl3_get_server_done (ssl3/s3_clnt.c) - if the SSL_R_LENGTH_MISMATCH error is detected. - [Geoff Thorpe, Bodo Moeller] - - *) New 'shared_ldflag' column in Configure platform table. - [Richard Levitte] - - *) Fix EVP_CIPHER_mode macro. - ["Dan S. Camper" ] - - *) Fix ssl3_read_bytes (ssl/s3_pkt.c): To ignore messages of unknown - type, we must throw them away by setting rr->length to 0. - [D P Chang ] - - Changes between 0.9.6b and 0.9.6c [21 dec 2001] - - *) Fix BN_rand_range bug pointed out by Dominikus Scherkl - . (The previous implementation - worked incorrectly for those cases where range = 10..._2 and - 3*range is two bits longer than range.) - [Bodo Moeller] - - *) Only add signing time to PKCS7 structures if it is not already - present. - [Steve Henson] - - *) Fix crypto/objects/objects.h: "ld-ce" should be "id-ce", - OBJ_ld_ce should be OBJ_id_ce. - Also some ip-pda OIDs in crypto/objects/objects.txt were - incorrect (cf. RFC 3039). - [Matt Cooper, Frederic Giudicelli, Bodo Moeller] - - *) Release CRYPTO_LOCK_DYNLOCK when CRYPTO_destroy_dynlockid() - returns early because it has nothing to do. - [Andy Schneider ] - - *) [In 0.9.6c-engine release:] - Fix mutex callback return values in crypto/engine/hw_ncipher.c. - [Andy Schneider ] - - *) [In 0.9.6c-engine release:] - Add support for Cryptographic Appliance's keyserver technology. - (Use engine 'keyclient') - [Cryptographic Appliances and Geoff Thorpe] - - *) Add a configuration entry for OS/390 Unix. The C compiler 'c89' - is called via tools/c89.sh because arguments have to be - rearranged (all '-L' options must appear before the first object - modules). - [Richard Shapiro ] - - *) [In 0.9.6c-engine release:] - Add support for Broadcom crypto accelerator cards, backported - from 0.9.7. - [Broadcom, Nalin Dahyabhai , Mark Cox] - - *) [In 0.9.6c-engine release:] - Add support for SureWare crypto accelerator cards from - Baltimore Technologies. (Use engine 'sureware') - [Baltimore Technologies and Mark Cox] - - *) [In 0.9.6c-engine release:] - Add support for crypto accelerator cards from Accelerated - Encryption Processing, www.aep.ie. (Use engine 'aep') - [AEP Inc. and Mark Cox] - - *) Add a configuration entry for gcc on UnixWare. - [Gary Benson ] - - *) Change ssl/s2_clnt.c and ssl/s2_srvr.c so that received handshake - messages are stored in a single piece (fixed-length part and - variable-length part combined) and fix various bugs found on the way. - [Bodo Moeller] - - *) Disable caching in BIO_gethostbyname(), directly use gethostbyname() - instead. BIO_gethostbyname() does not know what timeouts are - appropriate, so entries would stay in cache even when they have - become invalid. - [Bodo Moeller; problem pointed out by Rich Salz - - *) Change ssl23_get_client_hello (ssl/s23_srvr.c) behaviour when - faced with a pathologically small ClientHello fragment that does - not contain client_version: Instead of aborting with an error, - simply choose the highest available protocol version (i.e., - TLS 1.0 unless it is disabled). In practice, ClientHello - messages are never sent like this, but this change gives us - strictly correct behaviour at least for TLS. - [Bodo Moeller] - - *) Fix SSL handshake functions and SSL_clear() such that SSL_clear() - never resets s->method to s->ctx->method when called from within - one of the SSL handshake functions. - [Bodo Moeller; problem pointed out by Niko Baric] - - *) In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert - (sent using the client's version number) if client_version is - smaller than the protocol version in use. Also change - ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0 if - the client demanded SSL 3.0 but only TLS 1.0 is enabled; then - the client will at least see that alert. - [Bodo Moeller] - - *) Fix ssl3_get_message (ssl/s3_both.c) to handle message fragmentation - correctly. - [Bodo Moeller] - - *) Avoid infinite loop in ssl3_get_message (ssl/s3_both.c) if a - client receives HelloRequest while in a handshake. - [Bodo Moeller; bug noticed by Andy Schneider ] - - *) Bugfix in ssl3_accept (ssl/s3_srvr.c): Case SSL3_ST_SW_HELLO_REQ_C - should end in 'break', not 'goto end' which circuments various - cleanups done in state SSL_ST_OK. But session related stuff - must be disabled for SSL_ST_OK in the case that we just sent a - HelloRequest. - - Also avoid some overhead by not calling ssl_init_wbio_buffer() - before just sending a HelloRequest. - [Bodo Moeller, Eric Rescorla ] - - *) Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't - reveal whether illegal block cipher padding was found or a MAC - verification error occured. (Neither SSLerr() codes nor alerts - are directly visible to potential attackers, but the information - may leak via logfiles.) - - Similar changes are not required for the SSL 2.0 implementation - because the number of padding bytes is sent in clear for SSL 2.0, - and the extra bytes are just ignored. However ssl/s2_pkt.c - failed to verify that the purported number of padding bytes is in - the legal range. - [Bodo Moeller] - - *) Add OpenUNIX-8 support including shared libraries - (Boyd Lynn Gerber ). - [Lutz Jaenicke] - - *) Improve RSA_padding_check_PKCS1_OAEP() check again to avoid - 'wristwatch attack' using huge encoding parameters (cf. - James H. Manger's CRYPTO 2001 paper). Note that the - RSA_PKCS1_OAEP_PADDING case of RSA_private_decrypt() does not use - encoding parameters and hence was not vulnerable. - [Bodo Moeller] - - *) BN_sqr() bug fix. - [Ulf Möller, reported by Jim Ellis ] - - *) Rabin-Miller test analyses assume uniformly distributed witnesses, - so use BN_pseudo_rand_range() instead of using BN_pseudo_rand() - followed by modular reduction. - [Bodo Moeller; pointed out by Adam Young ] - - *) Add BN_pseudo_rand_range() with obvious functionality: BN_rand_range() - equivalent based on BN_pseudo_rand() instead of BN_rand(). - [Bodo Moeller] - - *) s3_srvr.c: allow sending of large client certificate lists (> 16 kB). - This function was broken, as the check for a new client hello message - to handle SGC did not allow these large messages. - (Tracked down by "Douglas E. Engert" .) - [Lutz Jaenicke] - - *) Add alert descriptions for TLSv1 to SSL_alert_desc_string[_long](). - [Lutz Jaenicke] - - *) Fix buggy behaviour of BIO_get_num_renegotiates() and BIO_ctrl() - for BIO_C_GET_WRITE_BUF_SIZE ("Stephen Hinton" ). - [Lutz Jaenicke] - - *) Rework the configuration and shared library support for Tru64 Unix. - The configuration part makes use of modern compiler features and - still retains old compiler behavior for those that run older versions - of the OS. The shared library support part includes a variant that - uses the RPATH feature, and is available through the special - configuration target "alpha-cc-rpath", which will never be selected - automatically. - [Tim Mooney via Richard Levitte] - - *) In ssl3_get_key_exchange (ssl/s3_clnt.c), call ssl3_get_message() - with the same message size as in ssl3_get_certificate_request(). - Otherwise, if no ServerKeyExchange message occurs, CertificateRequest - messages might inadvertently be reject as too long. - [Petr Lampa ] - - *) Enhanced support for IA-64 Unix platforms (well, Linux and HP-UX). - [Andy Polyakov] - - *) Modified SSL library such that the verify_callback that has been set - specificly for an SSL object with SSL_set_verify() is actually being - used. Before the change, a verify_callback set with this function was - ignored and the verify_callback() set in the SSL_CTX at the time of - the call was used. New function X509_STORE_CTX_set_verify_cb() introduced - to allow the necessary settings. - [Lutz Jaenicke] - - *) Initialize static variable in crypto/dsa/dsa_lib.c and crypto/dh/dh_lib.c - explicitly to NULL, as at least on Solaris 8 this seems not always to be - done automatically (in contradiction to the requirements of the C - standard). This made problems when used from OpenSSH. - [Lutz Jaenicke] - - *) In OpenSSL 0.9.6a and 0.9.6b, crypto/dh/dh_key.c ignored - dh->length and always used - - BN_rand_range(priv_key, dh->p). - - BN_rand_range() is not necessary for Diffie-Hellman, and this - specific range makes Diffie-Hellman unnecessarily inefficient if - dh->length (recommended exponent length) is much smaller than the - length of dh->p. We could use BN_rand_range() if the order of - the subgroup was stored in the DH structure, but we only have - dh->length. - - So switch back to - - BN_rand(priv_key, l, ...) - - where 'l' is dh->length if this is defined, or BN_num_bits(dh->p)-1 - otherwise. - [Bodo Moeller] - - *) In - - RSA_eay_public_encrypt - RSA_eay_private_decrypt - RSA_eay_private_encrypt (signing) - RSA_eay_public_decrypt (signature verification) - - (default implementations for RSA_public_encrypt, - RSA_private_decrypt, RSA_private_encrypt, RSA_public_decrypt), - always reject numbers >= n. - [Bodo Moeller] - - *) In crypto/rand/md_rand.c, use a new short-time lock CRYPTO_LOCK_RAND2 - to synchronize access to 'locking_thread'. This is necessary on - systems where access to 'locking_thread' (an 'unsigned long' - variable) is not atomic. - [Bodo Moeller] - - *) In crypto/rand/md_rand.c, set 'locking_thread' to current thread's ID - *before* setting the 'crypto_lock_rand' flag. The previous code had - a race condition if 0 is a valid thread ID. - [Travis Vitek ] - - *) Add support for shared libraries under Irix. - [Albert Chin-A-Young ] - - *) Add configuration option to build on Linux on both big-endian and - little-endian MIPS. - [Ralf Baechle ] - - *) Add the possibility to create shared libraries on HP-UX. - [Richard Levitte] - - Changes between 0.9.6a and 0.9.6b [9 Jul 2001] - - *) Change ssleay_rand_bytes (crypto/rand/md_rand.c) - to avoid a SSLeay/OpenSSL PRNG weakness pointed out by - Markku-Juhani O. Saarinen : - PRNG state recovery was possible based on the output of - one PRNG request appropriately sized to gain knowledge on - 'md' followed by enough consecutive 1-byte PRNG requests - to traverse all of 'state'. - - 1. When updating 'md_local' (the current thread's copy of 'md') - during PRNG output generation, hash all of the previous - 'md_local' value, not just the half used for PRNG output. - - 2. Make the number of bytes from 'state' included into the hash - independent from the number of PRNG bytes requested. - - The first measure alone would be sufficient to avoid - Markku-Juhani's attack. (Actually it had never occurred - to me that the half of 'md_local' used for chaining was the - half from which PRNG output bytes were taken -- I had always - assumed that the secret half would be used.) The second - measure makes sure that additional data from 'state' is never - mixed into 'md_local' in small portions; this heuristically - further strengthens the PRNG. - [Bodo Moeller] - - *) Fix crypto/bn/asm/mips3.s. - [Andy Polyakov] - - *) When only the key is given to "enc", the IV is undefined. Print out - an error message in this case. - [Lutz Jaenicke] - - *) Handle special case when X509_NAME is empty in X509 printing routines. - [Steve Henson] - - *) In dsa_do_verify (crypto/dsa/dsa_ossl.c), verify that r and s are - positive and less than q. - [Bodo Moeller] - - *) Don't change *pointer in CRYPTO_add_lock() is add_lock_callback is - used: it isn't thread safe and the add_lock_callback should handle - that itself. - [Paul Rose ] - - *) Verify that incoming data obeys the block size in - ssl3_enc (ssl/s3_enc.c) and tls1_enc (ssl/t1_enc.c). - [Bodo Moeller] - - *) Fix OAEP check. - [Ulf Möller, Bodo Möller] - - *) The countermeasure against Bleichbacher's attack on PKCS #1 v1.5 - RSA encryption was accidentally removed in s3_srvr.c in OpenSSL 0.9.5 - when fixing the server behaviour for backwards-compatible 'client - hello' messages. (Note that the attack is impractical against - SSL 3.0 and TLS 1.0 anyway because length and version checking - means that the probability of guessing a valid ciphertext is - around 2^-40; see section 5 in Bleichenbacher's CRYPTO '98 - paper.) - - Before 0.9.5, the countermeasure (hide the error by generating a - random 'decryption result') did not work properly because - ERR_clear_error() was missing, meaning that SSL_get_error() would - detect the supposedly ignored error. - - Both problems are now fixed. - [Bodo Moeller] - - *) In crypto/bio/bf_buff.c, increase DEFAULT_BUFFER_SIZE to 4096 - (previously it was 1024). - [Bodo Moeller] - - *) Fix for compatibility mode trust settings: ignore trust settings - unless some valid trust or reject settings are present. - [Steve Henson] - - *) Fix for blowfish EVP: its a variable length cipher. - [Steve Henson] - - *) Fix various bugs related to DSA S/MIME verification. Handle missing - parameters in DSA public key structures and return an error in the - DSA routines if parameters are absent. - [Steve Henson] - - *) In versions up to 0.9.6, RAND_file_name() resorted to file ".rnd" - in the current directory if neither $RANDFILE nor $HOME was set. - RAND_file_name() in 0.9.6a returned NULL in this case. This has - caused some confusion to Windows users who haven't defined $HOME. - Thus RAND_file_name() is changed again: e_os.h can define a - DEFAULT_HOME, which will be used if $HOME is not set. - For Windows, we use "C:"; on other platforms, we still require - environment variables. - - *) Move 'if (!initialized) RAND_poll()' into regions protected by - CRYPTO_LOCK_RAND. This is not strictly necessary, but avoids - having multiple threads call RAND_poll() concurrently. - [Bodo Moeller] - - *) In crypto/rand/md_rand.c, replace 'add_do_not_lock' flag by a - combination of a flag and a thread ID variable. - Otherwise while one thread is in ssleay_rand_bytes (which sets the - flag), *other* threads can enter ssleay_add_bytes without obeying - the CRYPTO_LOCK_RAND lock (and may even illegally release the lock - that they do not hold after the first thread unsets add_do_not_lock). - [Bodo Moeller] - - *) Change bctest again: '-x' expressions are not available in all - versions of 'test'. - [Bodo Moeller] - - Changes between 0.9.6 and 0.9.6a [5 Apr 2001] - - *) Fix a couple of memory leaks in PKCS7_dataDecode() - [Steve Henson, reported by Heyun Zheng ] - - *) Change Configure and Makefiles to provide EXE_EXT, which will contain - the default extension for executables, if any. Also, make the perl - scripts that use symlink() to test if it really exists and use "cp" - if it doesn't. All this made OpenSSL compilable and installable in - CygWin. - [Richard Levitte] - - *) Fix for asn1_GetSequence() for indefinite length constructed data. - If SEQUENCE is length is indefinite just set c->slen to the total - amount of data available. - [Steve Henson, reported by shige@FreeBSD.org] - [This change does not apply to 0.9.7.] - - *) Change bctest to avoid here-documents inside command substitution - (workaround for FreeBSD /bin/sh bug). - For compatibility with Ultrix, avoid shell functions (introduced - in the bctest version that searches along $PATH). - [Bodo Moeller] - - *) Rename 'des_encrypt' to 'des_encrypt1'. This avoids the clashes - with des_encrypt() defined on some operating systems, like Solaris - and UnixWare. - [Richard Levitte] - - *) Check the result of RSA-CRT (see D. Boneh, R. DeMillo, R. Lipton: - On the Importance of Eliminating Errors in Cryptographic - Computations, J. Cryptology 14 (2001) 2, 101-119, - http://theory.stanford.edu/~dabo/papers/faults.ps.gz). - [Ulf Moeller] - - *) MIPS assembler BIGNUM division bug fix. - [Andy Polyakov] - - *) Disabled incorrect Alpha assembler code. - [Richard Levitte] - - *) Fix PKCS#7 decode routines so they correctly update the length - after reading an EOC for the EXPLICIT tag. - [Steve Henson] - [This change does not apply to 0.9.7.] - - *) Fix bug in PKCS#12 key generation routines. This was triggered - if a 3DES key was generated with a 0 initial byte. Include - PKCS12_BROKEN_KEYGEN compilation option to retain the old - (but broken) behaviour. - [Steve Henson] - - *) Enhance bctest to search for a working bc along $PATH and print - it when found. - [Tim Rice via Richard Levitte] - - *) Fix memory leaks in err.c: free err_data string if necessary; - don't write to the wrong index in ERR_set_error_data. - [Bodo Moeller] - - *) Implement ssl23_peek (analogous to ssl23_read), which previously - did not exist. - [Bodo Moeller] - - *) Replace rdtsc with _emit statements for VC++ version 5. - [Jeremy Cooper ] - - *) Make it possible to reuse SSLv2 sessions. - [Richard Levitte] - - *) In copy_email() check for >= 0 as a return value for - X509_NAME_get_index_by_NID() since 0 is a valid index. - [Steve Henson reported by Massimiliano Pala ] - - *) Avoid coredump with unsupported or invalid public keys by checking if - X509_get_pubkey() fails in PKCS7_verify(). Fix memory leak when - PKCS7_verify() fails with non detached data. - [Steve Henson] - - *) Don't use getenv in library functions when run as setuid/setgid. - New function OPENSSL_issetugid(). - [Ulf Moeller] - - *) Avoid false positives in memory leak detection code (crypto/mem_dbg.c) - due to incorrect handling of multi-threading: - - 1. Fix timing glitch in the MemCheck_off() portion of CRYPTO_mem_ctrl(). - - 2. Fix logical glitch in is_MemCheck_on() aka CRYPTO_is_mem_check_on(). - - 3. Count how many times MemCheck_off() has been called so that - nested use can be treated correctly. This also avoids - inband-signalling in the previous code (which relied on the - assumption that thread ID 0 is impossible). - [Bodo Moeller] - - *) Add "-rand" option also to s_client and s_server. - [Lutz Jaenicke] - - *) Fix CPU detection on Irix 6.x. - [Kurt Hockenbury and - "Bruce W. Forsberg" ] - - *) Fix X509_NAME bug which produced incorrect encoding if X509_NAME - was empty. - [Steve Henson] - [This change does not apply to 0.9.7.] - - *) Use the cached encoding of an X509_NAME structure rather than - copying it. This is apparently the reason for the libsafe "errors" - but the code is actually correct. - [Steve Henson] - - *) Add new function BN_rand_range(), and fix DSA_sign_setup() to prevent - Bleichenbacher's DSA attack. - Extend BN_[pseudo_]rand: As before, top=1 forces the highest two bits - to be set and top=0 forces the highest bit to be set; top=-1 is new - and leaves the highest bit random. - [Ulf Moeller, Bodo Moeller] - - *) In the NCONF_...-based implementations for CONF_... queries - (crypto/conf/conf_lib.c), if the input LHASH is NULL, avoid using - a temporary CONF structure with the data component set to NULL - (which gives segmentation faults in lh_retrieve). - Instead, use NULL for the CONF pointer in CONF_get_string and - CONF_get_number (which may use environment variables) and directly - return NULL from CONF_get_section. - [Bodo Moeller] - - *) Fix potential buffer overrun for EBCDIC. - [Ulf Moeller] - - *) Tolerate nonRepudiation as being valid for S/MIME signing and certSign - keyUsage if basicConstraints absent for a CA. - [Steve Henson] - - *) Make SMIME_write_PKCS7() write mail header values with a format that - is more generally accepted (no spaces before the semicolon), since - some programs can't parse those values properly otherwise. Also make - sure BIO's that break lines after each write do not create invalid - headers. - [Richard Levitte] - - *) Make the CRL encoding routines work with empty SEQUENCE OF. The - macros previously used would not encode an empty SEQUENCE OF - and break the signature. - [Steve Henson] - [This change does not apply to 0.9.7.] - - *) Zero the premaster secret after deriving the master secret in - DH ciphersuites. - [Steve Henson] - - *) Add some EVP_add_digest_alias registrations (as found in - OpenSSL_add_all_digests()) to SSL_library_init() - aka OpenSSL_add_ssl_algorithms(). This provides improved - compatibility with peers using X.509 certificates - with unconventional AlgorithmIdentifier OIDs. - [Bodo Moeller] - - *) Fix for Irix with NO_ASM. - ["Bruce W. Forsberg" ] - - *) ./config script fixes. - [Ulf Moeller, Richard Levitte] - - *) Fix 'openssl passwd -1'. - [Bodo Moeller] - - *) Change PKCS12_key_gen_asc() so it can cope with non null - terminated strings whose length is passed in the passlen - parameter, for example from PEM callbacks. This was done - by adding an extra length parameter to asc2uni(). - [Steve Henson, reported by ] - - *) Fix C code generated by 'openssl dsaparam -C': If a BN_bin2bn - call failed, free the DSA structure. - [Bodo Moeller] - - *) Fix to uni2asc() to cope with zero length Unicode strings. - These are present in some PKCS#12 files. - [Steve Henson] - - *) Increase s2->wbuf allocation by one byte in ssl2_new (ssl/s2_lib.c). - Otherwise do_ssl_write (ssl/s2_pkt.c) will write beyond buffer limits - when writing a 32767 byte record. - [Bodo Moeller; problem reported by Eric Day ] - - *) In RSA_eay_public_{en,ed}crypt and RSA_eay_mod_exp (rsa_eay.c), - obtain lock CRYPTO_LOCK_RSA before setting rsa->_method_mod_{n,p,q}. - - (RSA objects have a reference count access to which is protected - by CRYPTO_LOCK_RSA [see rsa_lib.c, s3_srvr.c, ssl_cert.c, ssl_rsa.c], - so they are meant to be shared between threads.) - [Bodo Moeller, Geoff Thorpe; original patch submitted by - "Reddie, Steven" ] - - *) Fix a deadlock in CRYPTO_mem_leaks(). - [Bodo Moeller] - - *) Use better test patterns in bntest. - [Ulf Möller] - - *) rand_win.c fix for Borland C. - [Ulf Möller] - - *) BN_rshift bugfix for n == 0. - [Bodo Moeller] - - *) Add a 'bctest' script that checks for some known 'bc' bugs - so that 'make test' does not abort just because 'bc' is broken. - [Bodo Moeller] - - *) Store verify_result within SSL_SESSION also for client side to - avoid potential security hole. (Re-used sessions on the client side - always resulted in verify_result==X509_V_OK, not using the original - result of the server certificate verification.) - [Lutz Jaenicke] - - *) Fix ssl3_pending: If the record in s->s3->rrec is not of type - SSL3_RT_APPLICATION_DATA, return 0. - Similarly, change ssl2_pending to return 0 if SSL_in_init(s) is true. - [Bodo Moeller] - - *) Fix SSL_peek: - Both ssl2_peek and ssl3_peek, which were totally broken in earlier - releases, have been re-implemented by renaming the previous - implementations of ssl2_read and ssl3_read to ssl2_read_internal - and ssl3_read_internal, respectively, and adding 'peek' parameters - to them. The new ssl[23]_{read,peek} functions are calls to - ssl[23]_read_internal with the 'peek' flag set appropriately. - A 'peek' parameter has also been added to ssl3_read_bytes, which - does the actual work for ssl3_read_internal. - [Bodo Moeller] - - *) Initialise "ex_data" member of RSA/DSA/DH structures prior to calling - the method-specific "init()" handler. Also clean up ex_data after - calling the method-specific "finish()" handler. Previously, this was - happening the other way round. - [Geoff Thorpe] - - *) Increase BN_CTX_NUM (the number of BIGNUMs in a BN_CTX) to 16. - The previous value, 12, was not always sufficient for BN_mod_exp(). - [Bodo Moeller] - - *) Make sure that shared libraries get the internal name engine with - the full version number and not just 0. This should mark the - shared libraries as not backward compatible. Of course, this should - be changed again when we can guarantee backward binary compatibility. - [Richard Levitte] - - *) Fix typo in get_cert_by_subject() in by_dir.c - [Jean-Marc Desperrier ] - - *) Rework the system to generate shared libraries: - - - Make note of the expected extension for the shared libraries and - if there is a need for symbolic links from for example libcrypto.so.0 - to libcrypto.so.0.9.7. There is extended info in Configure for - that. - - - Make as few rebuilds of the shared libraries as possible. - - - Still avoid linking the OpenSSL programs with the shared libraries. - - - When installing, install the shared libraries separately from the - static ones. - [Richard Levitte] - - *) Fix SSL_CTX_set_read_ahead macro to actually use its argument. - - Copy SSL_CTX's read_ahead flag to SSL object directly in SSL_new - and not in SSL_clear because the latter is also used by the - accept/connect functions; previously, the settings made by - SSL_set_read_ahead would be lost during the handshake. - [Bodo Moeller; problems reported by Anders Gertz ] - - *) Correct util/mkdef.pl to be selective about disabled algorithms. - Previously, it would create entries for disableed algorithms no - matter what. - [Richard Levitte] - - *) Added several new manual pages for SSL_* function. - [Lutz Jaenicke] - - Changes between 0.9.5a and 0.9.6 [24 Sep 2000] - - *) In ssl23_get_client_hello, generate an error message when faced - with an initial SSL 3.0/TLS record that is too small to contain the - first two bytes of the ClientHello message, i.e. client_version. - (Note that this is a pathologic case that probably has never happened - in real life.) The previous approach was to use the version number - from the record header as a substitute; but our protocol choice - should not depend on that one because it is not authenticated - by the Finished messages. - [Bodo Moeller] - - *) More robust randomness gathering functions for Windows. - [Jeffrey Altman ] - - *) For compatibility reasons if the flag X509_V_FLAG_ISSUER_CHECK is - not set then we don't setup the error code for issuer check errors - to avoid possibly overwriting other errors which the callback does - handle. If an application does set the flag then we assume it knows - what it is doing and can handle the new informational codes - appropriately. - [Steve Henson] - - *) Fix for a nasty bug in ASN1_TYPE handling. ASN1_TYPE is used for - a general "ANY" type, as such it should be able to decode anything - including tagged types. However it didn't check the class so it would - wrongly interpret tagged types in the same way as their universal - counterpart and unknown types were just rejected. Changed so that the - tagged and unknown types are handled in the same way as a SEQUENCE: - that is the encoding is stored intact. There is also a new type - "V_ASN1_OTHER" which is used when the class is not universal, in this - case we have no idea what the actual type is so we just lump them all - together. - [Steve Henson] - - *) On VMS, stdout may very well lead to a file that is written to - in a record-oriented fashion. That means that every write() will - write a separate record, which will be read separately by the - programs trying to read from it. This can be very confusing. - - The solution is to put a BIO filter in the way that will buffer - text until a linefeed is reached, and then write everything a - line at a time, so every record written will be an actual line, - not chunks of lines and not (usually doesn't happen, but I've - seen it once) several lines in one record. BIO_f_linebuffer() is - the answer. - - Currently, it's a VMS-only method, because that's where it has - been tested well enough. - [Richard Levitte] - - *) Remove 'optimized' squaring variant in BN_mod_mul_montgomery, - it can return incorrect results. - (Note: The buggy variant was not enabled in OpenSSL 0.9.5a, - but it was in 0.9.6-beta[12].) - [Bodo Moeller] - - *) Disable the check for content being present when verifying detached - signatures in pk7_smime.c. Some versions of Netscape (wrongly) - include zero length content when signing messages. - [Steve Henson] - - *) New BIO_shutdown_wr macro, which invokes the BIO_C_SHUTDOWN_WR - BIO_ctrl (for BIO pairs). - [Bodo Möller] - - *) Add DSO method for VMS. - [Richard Levitte] - - *) Bug fix: Montgomery multiplication could produce results with the - wrong sign. - [Ulf Möller] - - *) Add RPM specification openssl.spec and modify it to build three - packages. The default package contains applications, application - documentation and run-time libraries. The devel package contains - include files, static libraries and function documentation. The - doc package contains the contents of the doc directory. The original - openssl.spec was provided by Damien Miller . - [Richard Levitte] - - *) Add a large number of documentation files for many SSL routines. - [Lutz Jaenicke ] - - *) Add a configuration entry for Sony News 4. - [NAKAJI Hiroyuki ] - - *) Don't set the two most significant bits to one when generating a - random number < q in the DSA library. - [Ulf Möller] - - *) New SSL API mode 'SSL_MODE_AUTO_RETRY'. This disables the default - behaviour that SSL_read may result in SSL_ERROR_WANT_READ (even if - the underlying transport is blocking) if a handshake took place. - (The default behaviour is needed by applications such as s_client - and s_server that use select() to determine when to use SSL_read; - but for applications that know in advance when to expect data, it - just makes things more complicated.) - [Bodo Moeller] - - *) Add RAND_egd_bytes(), which gives control over the number of bytes read - from EGD. - [Ben Laurie] - - *) Add a few more EBCDIC conditionals that make `req' and `x509' - work better on such systems. - [Martin Kraemer ] - - *) Add two demo programs for PKCS12_parse() and PKCS12_create(). - Update PKCS12_parse() so it copies the friendlyName and the - keyid to the certificates aux info. - [Steve Henson] - - *) Fix bug in PKCS7_verify() which caused an infinite loop - if there was more than one signature. - [Sven Uszpelkat ] - - *) Major change in util/mkdef.pl to include extra information - about each symbol, as well as presentig variables as well - as functions. This change means that there's n more need - to rebuild the .num files when some algorithms are excluded. - [Richard Levitte] - - *) Allow the verify time to be set by an application, - rather than always using the current time. - [Steve Henson] - - *) Phase 2 verify code reorganisation. The certificate - verify code now looks up an issuer certificate by a - number of criteria: subject name, authority key id - and key usage. It also verifies self signed certificates - by the same criteria. The main comparison function is - X509_check_issued() which performs these checks. - - Lot of changes were necessary in order to support this - without completely rewriting the lookup code. - - Authority and subject key identifier are now cached. - - The LHASH 'certs' is X509_STORE has now been replaced - by a STACK_OF(X509_OBJECT). This is mainly because an - LHASH can't store or retrieve multiple objects with - the same hash value. - - As a result various functions (which were all internal - use only) have changed to handle the new X509_STORE - structure. This will break anything that messed round - with X509_STORE internally. - - The functions X509_STORE_add_cert() now checks for an - exact match, rather than just subject name. - - The X509_STORE API doesn't directly support the retrieval - of multiple certificates matching a given criteria, however - this can be worked round by performing a lookup first - (which will fill the cache with candidate certificates) - and then examining the cache for matches. This is probably - the best we can do without throwing out X509_LOOKUP - entirely (maybe later...). - - The X509_VERIFY_CTX structure has been enhanced considerably. - - All certificate lookup operations now go via a get_issuer() - callback. Although this currently uses an X509_STORE it - can be replaced by custom lookups. This is a simple way - to bypass the X509_STORE hackery necessary to make this - work and makes it possible to use more efficient techniques - in future. A very simple version which uses a simple - STACK for its trusted certificate store is also provided - using X509_STORE_CTX_trusted_stack(). - - The verify_cb() and verify() callbacks now have equivalents - in the X509_STORE_CTX structure. - - X509_STORE_CTX also has a 'flags' field which can be used - to customise the verify behaviour. - [Steve Henson] - - *) Add new PKCS#7 signing option PKCS7_NOSMIMECAP which - excludes S/MIME capabilities. - [Steve Henson] - - *) When a certificate request is read in keep a copy of the - original encoding of the signed data and use it when outputing - again. Signatures then use the original encoding rather than - a decoded, encoded version which may cause problems if the - request is improperly encoded. - [Steve Henson] - - *) For consistency with other BIO_puts implementations, call - buffer_write(b, ...) directly in buffer_puts instead of calling - BIO_write(b, ...). - - In BIO_puts, increment b->num_write as in BIO_write. - [Peter.Sylvester@EdelWeb.fr] - - *) Fix BN_mul_word for the case where the word is 0. (We have to use - BN_zero, we may not return a BIGNUM with an array consisting of - words set to zero.) - [Bodo Moeller] - - *) Avoid calling abort() from within the library when problems are - detected, except if preprocessor symbols have been defined - (such as REF_CHECK, BN_DEBUG etc.). - [Bodo Moeller] - - *) New openssl application 'rsautl'. This utility can be - used for low level RSA operations. DER public key - BIO/fp routines also added. - [Steve Henson] - - *) New Configure entry and patches for compiling on QNX 4. - [Andreas Schneider ] - - *) A demo state-machine implementation was sponsored by - Nuron (http://www.nuron.com/) and is now available in - demos/state_machine. - [Ben Laurie] - - *) New options added to the 'dgst' utility for signature - generation and verification. - [Steve Henson] - - *) Unrecognized PKCS#7 content types are now handled via a - catch all ASN1_TYPE structure. This allows unsupported - types to be stored as a "blob" and an application can - encode and decode it manually. - [Steve Henson] - - *) Fix various signed/unsigned issues to make a_strex.c - compile under VC++. - [Oscar Jacobsson ] - - *) ASN1 fixes. i2d_ASN1_OBJECT was not returning the correct - length if passed a buffer. ASN1_INTEGER_to_BN failed - if passed a NULL BN and its argument was negative. - [Steve Henson, pointed out by Sven Heiberg ] - - *) Modification to PKCS#7 encoding routines to output definite - length encoding. Since currently the whole structures are in - memory there's not real point in using indefinite length - constructed encoding. However if OpenSSL is compiled with - the flag PKCS7_INDEFINITE_ENCODING the old form is used. - [Steve Henson] - - *) Added BIO_vprintf() and BIO_vsnprintf(). - [Richard Levitte] - - *) Added more prefixes to parse for in the the strings written - through a logging bio, to cover all the levels that are available - through syslog. The prefixes are now: - - PANIC, EMERG, EMR => LOG_EMERG - ALERT, ALR => LOG_ALERT - CRIT, CRI => LOG_CRIT - ERROR, ERR => LOG_ERR - WARNING, WARN, WAR => LOG_WARNING - NOTICE, NOTE, NOT => LOG_NOTICE - INFO, INF => LOG_INFO - DEBUG, DBG => LOG_DEBUG - - and as before, if none of those prefixes are present at the - beginning of the string, LOG_ERR is chosen. - - On Win32, the LOG_* levels are mapped according to this: - - LOG_EMERG, LOG_ALERT, LOG_CRIT, LOG_ERR => EVENTLOG_ERROR_TYPE - LOG_WARNING => EVENTLOG_WARNING_TYPE - LOG_NOTICE, LOG_INFO, LOG_DEBUG => EVENTLOG_INFORMATION_TYPE - - [Richard Levitte] - - *) Made it possible to reconfigure with just the configuration - argument "reconf" or "reconfigure". The command line arguments - are stored in Makefile.ssl in the variable CONFIGURE_ARGS, - and are retrieved from there when reconfiguring. - [Richard Levitte] - - *) MD4 implemented. - [Assar Westerlund , Richard Levitte] - - *) Add the arguments -CAfile and -CApath to the pkcs12 utility. - [Richard Levitte] - - *) The obj_dat.pl script was messing up the sorting of object - names. The reason was that it compared the quoted version - of strings as a result "OCSP" > "OCSP Signing" because - " > SPACE. Changed script to store unquoted versions of - names and add quotes on output. It was also omitting some - names from the lookup table if they were given a default - value (that is if SN is missing it is given the same - value as LN and vice versa), these are now added on the - grounds that if an object has a name we should be able to - look it up. Finally added warning output when duplicate - short or long names are found. - [Steve Henson] - - *) Changes needed for Tandem NSK. - [Scott Uroff ] - - *) Fix SSL 2.0 rollback checking: Due to an off-by-one error in - RSA_padding_check_SSLv23(), special padding was never detected - and thus the SSL 3.0/TLS 1.0 countermeasure against protocol - version rollback attacks was not effective. - - In s23_clnt.c, don't use special rollback-attack detection padding - (RSA_SSLV23_PADDING) if SSL 2.0 is the only protocol enabled in the - client; similarly, in s23_srvr.c, don't do the rollback check if - SSL 2.0 is the only protocol enabled in the server. - [Bodo Moeller] - - *) Make it possible to get hexdumps of unprintable data with 'openssl - asn1parse'. By implication, the functions ASN1_parse_dump() and - BIO_dump_indent() are added. - [Richard Levitte] - - *) New functions ASN1_STRING_print_ex() and X509_NAME_print_ex() - these print out strings and name structures based on various - flags including RFC2253 support and proper handling of - multibyte characters. Added options to the 'x509' utility - to allow the various flags to be set. - [Steve Henson] - - *) Various fixes to use ASN1_TIME instead of ASN1_UTCTIME. - Also change the functions X509_cmp_current_time() and - X509_gmtime_adj() work with an ASN1_TIME structure, - this will enable certificates using GeneralizedTime in validity - dates to be checked. - [Steve Henson] - - *) Make the NEG_PUBKEY_BUG code (which tolerates invalid - negative public key encodings) on by default, - NO_NEG_PUBKEY_BUG can be set to disable it. - [Steve Henson] - - *) New function c2i_ASN1_OBJECT() which acts on ASN1_OBJECT - content octets. An i2c_ASN1_OBJECT is unnecessary because - the encoding can be trivially obtained from the structure. - [Steve Henson] - - *) crypto/err.c locking bugfix: Use write locks (CRYPTO_w_[un]lock), - not read locks (CRYPTO_r_[un]lock). - [Bodo Moeller] - - *) A first attempt at creating official support for shared - libraries through configuration. I've kept it so the - default is static libraries only, and the OpenSSL programs - are always statically linked for now, but there are - preparations for dynamic linking in place. - This has been tested on Linux and Tru64. - [Richard Levitte] - - *) Randomness polling function for Win9x, as described in: - Peter Gutmann, Software Generation of Practically Strong - Random Numbers. - [Ulf Möller] - - *) Fix so PRNG is seeded in req if using an already existing - DSA key. - [Steve Henson] - - *) New options to smime application. -inform and -outform - allow alternative formats for the S/MIME message including - PEM and DER. The -content option allows the content to be - specified separately. This should allow things like Netscape - form signing output easier to verify. - [Steve Henson] - - *) Fix the ASN1 encoding of tags using the 'long form'. - [Steve Henson] - - *) New ASN1 functions, i2c_* and c2i_* for INTEGER and BIT - STRING types. These convert content octets to and from the - underlying type. The actual tag and length octets are - already assumed to have been read in and checked. These - are needed because all other string types have virtually - identical handling apart from the tag. By having versions - of the ASN1 functions that just operate on content octets - IMPLICIT tagging can be handled properly. It also allows - the ASN1_ENUMERATED code to be cut down because ASN1_ENUMERATED - and ASN1_INTEGER are identical apart from the tag. - [Steve Henson] - - *) Change the handling of OID objects as follows: - - - New object identifiers are inserted in objects.txt, following - the syntax given in objects.README. - - objects.pl is used to process obj_mac.num and create a new - obj_mac.h. - - obj_dat.pl is used to create a new obj_dat.h, using the data in - obj_mac.h. - - This is currently kind of a hack, and the perl code in objects.pl - isn't very elegant, but it works as I intended. The simplest way - to check that it worked correctly is to look in obj_dat.h and - check the array nid_objs and make sure the objects haven't moved - around (this is important!). Additions are OK, as well as - consistent name changes. - [Richard Levitte] - - *) Add BSD-style MD5-based passwords to 'openssl passwd' (option '-1'). - [Bodo Moeller] - - *) Addition of the command line parameter '-rand file' to 'openssl req'. - The given file adds to whatever has already been seeded into the - random pool through the RANDFILE configuration file option or - environment variable, or the default random state file. - [Richard Levitte] - - *) mkstack.pl now sorts each macro group into lexical order. - Previously the output order depended on the order the files - appeared in the directory, resulting in needless rewriting - of safestack.h . - [Steve Henson] - - *) Patches to make OpenSSL compile under Win32 again. Mostly - work arounds for the VC++ problem that it treats func() as - func(void). Also stripped out the parts of mkdef.pl that - added extra typesafe functions: these no longer exist. - [Steve Henson] - - *) Reorganisation of the stack code. The macros are now all - collected in safestack.h . Each macro is defined in terms of - a "stack macro" of the form SKM_(type, a, b). The - DEBUG_SAFESTACK is now handled in terms of function casts, - this has the advantage of retaining type safety without the - use of additional functions. If DEBUG_SAFESTACK is not defined - then the non typesafe macros are used instead. Also modified the - mkstack.pl script to handle the new form. Needs testing to see - if which (if any) compilers it chokes and maybe make DEBUG_SAFESTACK - the default if no major problems. Similar behaviour for ASN1_SET_OF - and PKCS12_STACK_OF. - [Steve Henson] - - *) When some versions of IIS use the 'NET' form of private key the - key derivation algorithm is different. Normally MD5(password) is - used as a 128 bit RC4 key. In the modified case - MD5(MD5(password) + "SGCKEYSALT") is used insted. Added some - new functions i2d_RSA_NET(), d2i_RSA_NET() etc which are the same - as the old Netscape_RSA functions except they have an additional - 'sgckey' parameter which uses the modified algorithm. Also added - an -sgckey command line option to the rsa utility. Thanks to - Adrian Peck for posting details of the modified - algorithm to openssl-dev. - [Steve Henson] - - *) The evp_local.h macros were using 'c.##kname' which resulted in - invalid expansion on some systems (SCO 5.0.5 for example). - Corrected to 'c.kname'. - [Phillip Porch ] - - *) New X509_get1_email() and X509_REQ_get1_email() functions that return - a STACK of email addresses from a certificate or request, these look - in the subject name and the subject alternative name extensions and - omit any duplicate addresses. - [Steve Henson] - - *) Re-implement BN_mod_exp2_mont using independent (and larger) windows. - This makes DSA verification about 2 % faster. - [Bodo Moeller] - - *) Increase maximum window size in BN_mod_exp_... to 6 bits instead of 5 - (meaning that now 2^5 values will be precomputed, which is only 4 KB - plus overhead for 1024 bit moduli). - This makes exponentiations about 0.5 % faster for 1024 bit - exponents (as measured by "openssl speed rsa2048"). - [Bodo Moeller] - - *) Rename memory handling macros to avoid conflicts with other - software: - Malloc => OPENSSL_malloc - Malloc_locked => OPENSSL_malloc_locked - Realloc => OPENSSL_realloc - Free => OPENSSL_free - [Richard Levitte] - - *) New function BN_mod_exp_mont_word for small bases (roughly 15% - faster than BN_mod_exp_mont, i.e. 7% for a full DH exchange). - [Bodo Moeller] - - *) CygWin32 support. - [John Jarvie ] - - *) The type-safe stack code has been rejigged. It is now only compiled - in when OpenSSL is configured with the DEBUG_SAFESTACK option and - by default all type-specific stack functions are "#define"d back to - standard stack functions. This results in more streamlined output - but retains the type-safety checking possibilities of the original - approach. - [Geoff Thorpe] - - *) The STACK code has been cleaned up, and certain type declarations - that didn't make a lot of sense have been brought in line. This has - also involved a cleanup of sorts in safestack.h to more correctly - map type-safe stack functions onto their plain stack counterparts. - This work has also resulted in a variety of "const"ifications of - lots of the code, especially "_cmp" operations which should normally - be prototyped with "const" parameters anyway. - [Geoff Thorpe] - - *) When generating bytes for the first time in md_rand.c, 'stir the pool' - by seeding with STATE_SIZE dummy bytes (with zero entropy count). - (The PRNG state consists of two parts, the large pool 'state' and 'md', - where all of 'md' is used each time the PRNG is used, but 'state' - is used only indexed by a cyclic counter. As entropy may not be - well distributed from the beginning, 'md' is important as a - chaining variable. However, the output function chains only half - of 'md', i.e. 80 bits. ssleay_rand_add, on the other hand, chains - all of 'md', and seeding with STATE_SIZE dummy bytes will result - in all of 'state' being rewritten, with the new values depending - on virtually all of 'md'. This overcomes the 80 bit limitation.) - [Bodo Moeller] - - *) In ssl/s2_clnt.c and ssl/s3_clnt.c, call ERR_clear_error() when - the handshake is continued after ssl_verify_cert_chain(); - otherwise, if SSL_VERIFY_NONE is set, remaining error codes - can lead to 'unexplainable' connection aborts later. - [Bodo Moeller; problem tracked down by Lutz Jaenicke] - - *) Major EVP API cipher revision. - Add hooks for extra EVP features. This allows various cipher - parameters to be set in the EVP interface. Support added for variable - key length ciphers via the EVP_CIPHER_CTX_set_key_length() function and - setting of RC2 and RC5 parameters. - - Modify EVP_OpenInit() and EVP_SealInit() to cope with variable key length - ciphers. - - Remove lots of duplicated code from the EVP library. For example *every* - cipher init() function handles the 'iv' in the same way according to the - cipher mode. They also all do nothing if the 'key' parameter is NULL and - for CFB and OFB modes they zero ctx->num. - - New functionality allows removal of S/MIME code RC2 hack. - - Most of the routines have the same form and so can be declared in terms - of macros. - - By shifting this to the top level EVP_CipherInit() it can be removed from - all individual ciphers. If the cipher wants to handle IVs or keys - differently it can set the EVP_CIPH_CUSTOM_IV or EVP_CIPH_ALWAYS_CALL_INIT - flags. - - Change lots of functions like EVP_EncryptUpdate() to now return a - value: although software versions of the algorithms cannot fail - any installed hardware versions can. - [Steve Henson] - - *) Implement SSL_OP_TLS_ROLLBACK_BUG: In ssl3_get_client_key_exchange, if - this option is set, tolerate broken clients that send the negotiated - protocol version number instead of the requested protocol version - number. - [Bodo Moeller] - - *) Call dh_tmp_cb (set by ..._TMP_DH_CB) with correct 'is_export' flag; - i.e. non-zero for export ciphersuites, zero otherwise. - Previous versions had this flag inverted, inconsistent with - rsa_tmp_cb (..._TMP_RSA_CB). - [Bodo Moeller; problem reported by Amit Chopra] - - *) Add missing DSA library text string. Work around for some IIS - key files with invalid SEQUENCE encoding. - [Steve Henson] - - *) Add a document (doc/standards.txt) that list all kinds of standards - and so on that are implemented in OpenSSL. - [Richard Levitte] - - *) Enhance c_rehash script. Old version would mishandle certificates - with the same subject name hash and wouldn't handle CRLs at all. - Added -fingerprint option to crl utility, to support new c_rehash - features. - [Steve Henson] - - *) Eliminate non-ANSI declarations in crypto.h and stack.h. - [Ulf Möller] - - *) Fix for SSL server purpose checking. Server checking was - rejecting certificates which had extended key usage present - but no ssl client purpose. - [Steve Henson, reported by Rene Grosser ] - - *) Make PKCS#12 code work with no password. The PKCS#12 spec - is a little unclear about how a blank password is handled. - Since the password in encoded as a BMPString with terminating - double NULL a zero length password would end up as just the - double NULL. However no password at all is different and is - handled differently in the PKCS#12 key generation code. NS - treats a blank password as zero length. MSIE treats it as no - password on export: but it will try both on import. We now do - the same: PKCS12_parse() tries zero length and no password if - the password is set to "" or NULL (NULL is now a valid password: - it wasn't before) as does the pkcs12 application. - [Steve Henson] - - *) Bugfixes in apps/x509.c: Avoid a memory leak; and don't use - perror when PEM_read_bio_X509_REQ fails, the error message must - be obtained from the error queue. - [Bodo Moeller] - - *) Avoid 'thread_hash' memory leak in crypto/err/err.c by freeing - it in ERR_remove_state if appropriate, and change ERR_get_state - accordingly to avoid race conditions (this is necessary because - thread_hash is no longer constant once set). - [Bodo Moeller] - - *) Bugfix for linux-elf makefile.one. - [Ulf Möller] - - *) RSA_get_default_method() will now cause a default - RSA_METHOD to be chosen if one doesn't exist already. - Previously this was only set during a call to RSA_new() - or RSA_new_method(NULL) meaning it was possible for - RSA_get_default_method() to return NULL. - [Geoff Thorpe] - - *) Added native name translation to the existing DSO code - that will convert (if the flag to do so is set) filenames - that are sufficiently small and have no path information - into a canonical native form. Eg. "blah" converted to - "libblah.so" or "blah.dll" etc. - [Geoff Thorpe] - - *) New function ERR_error_string_n(e, buf, len) which is like - ERR_error_string(e, buf), but writes at most 'len' bytes - including the 0 terminator. For ERR_error_string_n, 'buf' - may not be NULL. - [Damien Miller , Bodo Moeller] - - *) CONF library reworked to become more general. A new CONF - configuration file reader "class" is implemented as well as a - new functions (NCONF_*, for "New CONF") to handle it. The now - old CONF_* functions are still there, but are reimplemented to - work in terms of the new functions. Also, a set of functions - to handle the internal storage of the configuration data is - provided to make it easier to write new configuration file - reader "classes" (I can definitely see something reading a - configuration file in XML format, for example), called _CONF_*, - or "the configuration storage API"... - - The new configuration file reading functions are: - - NCONF_new, NCONF_free, NCONF_load, NCONF_load_fp, NCONF_load_bio, - NCONF_get_section, NCONF_get_string, NCONF_get_numbre - - NCONF_default, NCONF_WIN32 - - NCONF_dump_fp, NCONF_dump_bio - - NCONF_default and NCONF_WIN32 are method (or "class") choosers, - NCONF_new creates a new CONF object. This works in the same way - as other interfaces in OpenSSL, like the BIO interface. - NCONF_dump_* dump the internal storage of the configuration file, - which is useful for debugging. All other functions take the same - arguments as the old CONF_* functions wth the exception of the - first that must be a `CONF *' instead of a `LHASH *'. - - To make it easer to use the new classes with the old CONF_* functions, - the function CONF_set_default_method is provided. - [Richard Levitte] - - *) Add '-tls1' option to 'openssl ciphers', which was already - mentioned in the documentation but had not been implemented. - (This option is not yet really useful because even the additional - experimental TLS 1.0 ciphers are currently treated as SSL 3.0 ciphers.) - [Bodo Moeller] - - *) Initial DSO code added into libcrypto for letting OpenSSL (and - OpenSSL-based applications) load shared libraries and bind to - them in a portable way. - [Geoff Thorpe, with contributions from Richard Levitte] - - Changes between 0.9.5 and 0.9.5a [1 Apr 2000] - - *) Make sure _lrotl and _lrotr are only used with MSVC. - - *) Use lock CRYPTO_LOCK_RAND correctly in ssleay_rand_status - (the default implementation of RAND_status). - - *) Rename openssl x509 option '-crlext', which was added in 0.9.5, - to '-clrext' (= clear extensions), as intended and documented. - [Bodo Moeller; inconsistency pointed out by Michael Attili - ] - - *) Fix for HMAC. It wasn't zeroing the rest of the block if the key length - was larger than the MD block size. - [Steve Henson, pointed out by Yost William ] - - *) Modernise PKCS12_parse() so it uses STACK_OF(X509) for its ca argument - fix a leak when the ca argument was passed as NULL. Stop X509_PUBKEY_set() - using the passed key: if the passed key was a private key the result - of X509_print(), for example, would be to print out all the private key - components. - [Steve Henson] - - *) des_quad_cksum() byte order bug fix. - [Ulf Möller, using the problem description in krb4-0.9.7, where - the solution is attributed to Derrick J Brashear ] - - *) Fix so V_ASN1_APP_CHOOSE works again: however its use is strongly - discouraged. - [Steve Henson, pointed out by Brian Korver ] - - *) For easily testing in shell scripts whether some command - 'openssl XXX' exists, the new pseudo-command 'openssl no-XXX' - returns with exit code 0 iff no command of the given name is available. - 'no-XXX' is printed in this case, 'XXX' otherwise. In both cases, - the output goes to stdout and nothing is printed to stderr. - Additional arguments are always ignored. - - Since for each cipher there is a command of the same name, - the 'no-cipher' compilation switches can be tested this way. - - ('openssl no-XXX' is not able to detect pseudo-commands such - as 'quit', 'list-XXX-commands', or 'no-XXX' itself.) - [Bodo Moeller] - - *) Update test suite so that 'make test' succeeds in 'no-rsa' configuration. - [Bodo Moeller] - - *) For SSL_[CTX_]set_tmp_dh, don't create a DH key if SSL_OP_SINGLE_DH_USE - is set; it will be thrown away anyway because each handshake creates - its own key. - ssl_cert_dup, which is used by SSL_new, now copies DH keys in addition - to parameters -- in previous versions (since OpenSSL 0.9.3) the - 'default key' from SSL_CTX_set_tmp_dh would always be lost, meanining - you effectivly got SSL_OP_SINGLE_DH_USE when using this macro. - [Bodo Moeller] - - *) New s_client option -ign_eof: EOF at stdin is ignored, and - 'Q' and 'R' lose their special meanings (quit/renegotiate). - This is part of what -quiet does; unlike -quiet, -ign_eof - does not suppress any output. - [Richard Levitte] - - *) Add compatibility options to the purpose and trust code. The - purpose X509_PURPOSE_ANY is "any purpose" which automatically - accepts a certificate or CA, this was the previous behaviour, - with all the associated security issues. - - X509_TRUST_COMPAT is the old trust behaviour: only and - automatically trust self signed roots in certificate store. A - new trust setting X509_TRUST_DEFAULT is used to specify that - a purpose has no associated trust setting and it should instead - use the value in the default purpose. - [Steve Henson] - - *) Fix the PKCS#8 DSA private key code so it decodes keys again - and fix a memory leak. - [Steve Henson] - - *) In util/mkerr.pl (which implements 'make errors'), preserve - reason strings from the previous version of the .c file, as - the default to have only downcase letters (and digits) in - automatically generated reasons codes is not always appropriate. - [Bodo Moeller] - - *) In ERR_load_ERR_strings(), build an ERR_LIB_SYS error reason table - using strerror. Previously, ERR_reason_error_string() returned - library names as reason strings for SYSerr; but SYSerr is a special - case where small numbers are errno values, not library numbers. - [Bodo Moeller] - - *) Add '-dsaparam' option to 'openssl dhparam' application. This - converts DSA parameters into DH parameters. (When creating parameters, - DSA_generate_parameters is used.) - [Bodo Moeller] - - *) Include 'length' (recommended exponent length) in C code generated - by 'openssl dhparam -C'. - [Bodo Moeller] - - *) The second argument to set_label in perlasm was already being used - so couldn't be used as a "file scope" flag. Moved to third argument - which was free. - [Steve Henson] - - *) In PEM_ASN1_write_bio and some other functions, use RAND_pseudo_bytes - instead of RAND_bytes for encryption IVs and salts. - [Bodo Moeller] - - *) Include RAND_status() into RAND_METHOD instead of implementing - it only for md_rand.c Otherwise replacing the PRNG by calling - RAND_set_rand_method would be impossible. - [Bodo Moeller] - - *) Don't let DSA_generate_key() enter an infinite loop if the random - number generation fails. - [Bodo Moeller] - - *) New 'rand' application for creating pseudo-random output. - [Bodo Moeller] - - *) Added configuration support for Linux/IA64 - [Rolf Haberrecker ] - - *) Assembler module support for Mingw32. - [Ulf Möller] - - *) Shared library support for HPUX (in shlib/). - [Lutz Jaenicke and Anonymous] - - *) Shared library support for Solaris gcc. - [Lutz Behnke ] - - Changes between 0.9.4 and 0.9.5 [28 Feb 2000] - - *) PKCS7_encrypt() was adding text MIME headers twice because they - were added manually and by SMIME_crlf_copy(). - [Steve Henson] - - *) In bntest.c don't call BN_rand with zero bits argument. - [Steve Henson, pointed out by Andrew W. Gray ] - - *) BN_mul bugfix: In bn_mul_part_recursion() only the a>a[n] && b>b[n] - case was implemented. This caused BN_div_recp() to fail occasionally. - [Ulf Möller] - - *) Add an optional second argument to the set_label() in the perl - assembly language builder. If this argument exists and is set - to 1 it signals that the assembler should use a symbol whose - scope is the entire file, not just the current function. This - is needed with MASM which uses the format label:: for this scope. - [Steve Henson, pointed out by Peter Runestig ] - - *) Change the ASN1 types so they are typedefs by default. Before - almost all types were #define'd to ASN1_STRING which was causing - STACK_OF() problems: you couldn't declare STACK_OF(ASN1_UTF8STRING) - for example. - [Steve Henson] - - *) Change names of new functions to the new get1/get0 naming - convention: After 'get1', the caller owns a reference count - and has to call ..._free; 'get0' returns a pointer to some - data structure without incrementing reference counters. - (Some of the existing 'get' functions increment a reference - counter, some don't.) - Similarly, 'set1' and 'add1' functions increase reference - counters or duplicate objects. - [Steve Henson] - - *) Allow for the possibility of temp RSA key generation failure: - the code used to assume it always worked and crashed on failure. - [Steve Henson] - - *) Fix potential buffer overrun problem in BIO_printf(). - [Ulf Möller, using public domain code by Patrick Powell; problem - pointed out by David Sacerdote ] - - *) Support EGD . New functions - RAND_egd() and RAND_status(). In the command line application, - the EGD socket can be specified like a seed file using RANDFILE - or -rand. - [Ulf Möller] - - *) Allow the string CERTIFICATE to be tolerated in PKCS#7 structures. - Some CAs (e.g. Verisign) distribute certificates in this form. - [Steve Henson] - - *) Remove the SSL_ALLOW_ADH compile option and set the default cipher - list to exclude them. This means that no special compilation option - is needed to use anonymous DH: it just needs to be included in the - cipher list. - [Steve Henson] - - *) Change the EVP_MD_CTX_type macro so its meaning consistent with - EVP_MD_type. The old functionality is available in a new macro called - EVP_MD_md(). Change code that uses it and update docs. - [Steve Henson] - - *) ..._ctrl functions now have corresponding ..._callback_ctrl functions - where the 'void *' argument is replaced by a function pointer argument. - Previously 'void *' was abused to point to functions, which works on - many platforms, but is not correct. As these functions are usually - called by macros defined in OpenSSL header files, most source code - should work without changes. - [Richard Levitte] - - *) (which is created by Configure) now contains - sections with information on -D... compiler switches used for - compiling the library so that applications can see them. To enable - one of these sections, a pre-processor symbol OPENSSL_..._DEFINES - must be defined. E.g., - #define OPENSSL_ALGORITHM_DEFINES - #include - defines all pertinent NO_ symbols, such as NO_IDEA, NO_RSA, etc. - [Richard Levitte, Ulf and Bodo Möller] - - *) Bugfix: Tolerate fragmentation and interleaving in the SSL 3/TLS - record layer. - [Bodo Moeller] - - *) Change the 'other' type in certificate aux info to a STACK_OF - X509_ALGOR. Although not an AlgorithmIdentifier as such it has - the required ASN1 format: arbitrary types determined by an OID. - [Steve Henson] - - *) Add some PEM_write_X509_REQ_NEW() functions and a command line - argument to 'req'. This is not because the function is newer or - better than others it just uses the work 'NEW' in the certificate - request header lines. Some software needs this. - [Steve Henson] - - *) Reorganise password command line arguments: now passwords can be - obtained from various sources. Delete the PEM_cb function and make - it the default behaviour: i.e. if the callback is NULL and the - usrdata argument is not NULL interpret it as a null terminated pass - phrase. If usrdata and the callback are NULL then the pass phrase - is prompted for as usual. - [Steve Henson] - - *) Add support for the Compaq Atalla crypto accelerator. If it is installed, - the support is automatically enabled. The resulting binaries will - autodetect the card and use it if present. - [Ben Laurie and Compaq Inc.] - - *) Work around for Netscape hang bug. This sends certificate request - and server done in one record. Since this is perfectly legal in the - SSL/TLS protocol it isn't a "bug" option and is on by default. See - the bugs/SSLv3 entry for more info. - [Steve Henson] - - *) HP-UX tune-up: new unified configs, HP C compiler bug workaround. - [Andy Polyakov] - - *) Add -rand argument to smime and pkcs12 applications and read/write - of seed file. - [Steve Henson] - - *) New 'passwd' tool for crypt(3) and apr1 password hashes. - [Bodo Moeller] - - *) Add command line password options to the remaining applications. - [Steve Henson] - - *) Bug fix for BN_div_recp() for numerators with an even number of - bits. - [Ulf Möller] - - *) More tests in bntest.c, and changed test_bn output. - [Ulf Möller] - - *) ./config recognizes MacOS X now. - [Andy Polyakov] - - *) Bug fix for BN_div() when the first words of num and divsor are - equal (it gave wrong results if (rem=(n1-q*d0)&BN_MASK2) < d0). - [Ulf Möller] - - *) Add support for various broken PKCS#8 formats, and command line - options to produce them. - [Steve Henson] - - *) New functions BN_CTX_start(), BN_CTX_get() and BT_CTX_end() to - get temporary BIGNUMs from a BN_CTX. - [Ulf Möller] - - *) Correct return values in BN_mod_exp_mont() and BN_mod_exp2_mont() - for p == 0. - [Ulf Möller] - - *) Change the SSLeay_add_all_*() functions to OpenSSL_add_all_*() and - include a #define from the old name to the new. The original intent - was that statically linked binaries could for example just call - SSLeay_add_all_ciphers() to just add ciphers to the table and not - link with digests. This never worked becayse SSLeay_add_all_digests() - and SSLeay_add_all_ciphers() were in the same source file so calling - one would link with the other. They are now in separate source files. - [Steve Henson] - - *) Add a new -notext option to 'ca' and a -pubkey option to 'spkac'. - [Steve Henson] - - *) Use a less unusual form of the Miller-Rabin primality test (it used - a binary algorithm for exponentiation integrated into the Miller-Rabin - loop, our standard modexp algorithms are faster). - [Bodo Moeller] - - *) Support for the EBCDIC character set completed. - [Martin Kraemer ] - - *) Source code cleanups: use const where appropriate, eliminate casts, - use void * instead of char * in lhash. - [Ulf Möller] - - *) Bugfix: ssl3_send_server_key_exchange was not restartable - (the state was not changed to SSL3_ST_SW_KEY_EXCH_B, and because of - this the server could overwrite ephemeral keys that the client - has already seen). - [Bodo Moeller] - - *) Turn DSA_is_prime into a macro that calls BN_is_prime, - using 50 iterations of the Rabin-Miller test. - - DSA_generate_parameters now uses BN_is_prime_fasttest (with 50 - iterations of the Rabin-Miller test as required by the appendix - to FIPS PUB 186[-1]) instead of DSA_is_prime. - As BN_is_prime_fasttest includes trial division, DSA parameter - generation becomes much faster. - - This implies a change for the callback functions in DSA_is_prime - and DSA_generate_parameters: The callback function is called once - for each positive witness in the Rabin-Miller test, not just - occasionally in the inner loop; and the parameters to the - callback function now provide an iteration count for the outer - loop rather than for the current invocation of the inner loop. - DSA_generate_parameters additionally can call the callback - function with an 'iteration count' of -1, meaning that a - candidate has passed the trial division test (when q is generated - from an application-provided seed, trial division is skipped). - [Bodo Moeller] - - *) New function BN_is_prime_fasttest that optionally does trial - division before starting the Rabin-Miller test and has - an additional BN_CTX * argument (whereas BN_is_prime always - has to allocate at least one BN_CTX). - 'callback(1, -1, cb_arg)' is called when a number has passed the - trial division stage. - [Bodo Moeller] - - *) Fix for bug in CRL encoding. The validity dates weren't being handled - as ASN1_TIME. - [Steve Henson] - - *) New -pkcs12 option to CA.pl script to write out a PKCS#12 file. - [Steve Henson] - - *) New function BN_pseudo_rand(). - [Ulf Möller] - - *) Clean up BN_mod_mul_montgomery(): replace the broken (and unreadable) - bignum version of BN_from_montgomery() with the working code from - SSLeay 0.9.0 (the word based version is faster anyway), and clean up - the comments. - [Ulf Möller] - - *) Avoid a race condition in s2_clnt.c (function get_server_hello) that - made it impossible to use the same SSL_SESSION data structure in - SSL2 clients in multiple threads. - [Bodo Moeller] - - *) The return value of RAND_load_file() no longer counts bytes obtained - by stat(). RAND_load_file(..., -1) is new and uses the complete file - to seed the PRNG (previously an explicit byte count was required). - [Ulf Möller, Bodo Möller] - - *) Clean up CRYPTO_EX_DATA functions, some of these didn't have prototypes - used (char *) instead of (void *) and had casts all over the place. - [Steve Henson] - - *) Make BN_generate_prime() return NULL on error if ret!=NULL. - [Ulf Möller] - - *) Retain source code compatibility for BN_prime_checks macro: - BN_is_prime(..., BN_prime_checks, ...) now uses - BN_prime_checks_for_size to determine the appropriate number of - Rabin-Miller iterations. - [Ulf Möller] - - *) Diffie-Hellman uses "safe" primes: DH_check() return code renamed to - DH_CHECK_P_NOT_SAFE_PRIME. - (Check if this is true? OpenPGP calls them "strong".) - [Ulf Möller] - - *) Merge the functionality of "dh" and "gendh" programs into a new program - "dhparam". The old programs are retained for now but will handle DH keys - (instead of parameters) in future. - [Steve Henson] - - *) Make the ciphers, s_server and s_client programs check the return values - when a new cipher list is set. - [Steve Henson] - - *) Enhance the SSL/TLS cipher mechanism to correctly handle the TLS 56bit - ciphers. Before when the 56bit ciphers were enabled the sorting was - wrong. - - The syntax for the cipher sorting has been extended to support sorting by - cipher-strength (using the strength_bits hard coded in the tables). - The new command is "@STRENGTH" (see also doc/apps/ciphers.pod). - - Fix a bug in the cipher-command parser: when supplying a cipher command - string with an "undefined" symbol (neither command nor alphanumeric - [A-Za-z0-9], ssl_set_cipher_list used to hang in an endless loop. Now - an error is flagged. - - Due to the strength-sorting extension, the code of the - ssl_create_cipher_list() function was completely rearranged. I hope that - the readability was also increased :-) - [Lutz Jaenicke ] - - *) Minor change to 'x509' utility. The -CAcreateserial option now uses 1 - for the first serial number and places 2 in the serial number file. This - avoids problems when the root CA is created with serial number zero and - the first user certificate has the same issuer name and serial number - as the root CA. - [Steve Henson] - - *) Fixes to X509_ATTRIBUTE utilities, change the 'req' program so it uses - the new code. Add documentation for this stuff. - [Steve Henson] - - *) Changes to X509_ATTRIBUTE utilities. These have been renamed from - X509_*() to X509at_*() on the grounds that they don't handle X509 - structures and behave in an analagous way to the X509v3 functions: - they shouldn't be called directly but wrapper functions should be used - instead. - - So we also now have some wrapper functions that call the X509at functions - when passed certificate requests. (TO DO: similar things can be done with - PKCS#7 signed and unsigned attributes, PKCS#12 attributes and a few other - things. Some of these need some d2i or i2d and print functionality - because they handle more complex structures.) - [Steve Henson] - - *) Add missing #ifndefs that caused missing symbols when building libssl - as a shared library without RSA. Use #ifndef NO_SSL2 instead of - NO_RSA in ssl/s2*.c. - [Kris Kennaway , modified by Ulf Möller] - - *) Precautions against using the PRNG uninitialized: RAND_bytes() now - has a return value which indicates the quality of the random data - (1 = ok, 0 = not seeded). Also an error is recorded on the thread's - error queue. New function RAND_pseudo_bytes() generates output that is - guaranteed to be unique but not unpredictable. RAND_add is like - RAND_seed, but takes an extra argument for an entropy estimate - (RAND_seed always assumes full entropy). - [Ulf Möller] - - *) Do more iterations of Rabin-Miller probable prime test (specifically, - 3 for 1024-bit primes, 6 for 512-bit primes, 12 for 256-bit primes - instead of only 2 for all lengths; see BN_prime_checks_for_size definition - in crypto/bn/bn_prime.c for the complete table). This guarantees a - false-positive rate of at most 2^-80 for random input. - [Bodo Moeller] - - *) Rewrite ssl3_read_n (ssl/s3_pkt.c) avoiding a couple of bugs. - [Bodo Moeller] - - *) New function X509_CTX_rget_chain() (renamed to X509_CTX_get1_chain - in the 0.9.5 release), this returns the chain - from an X509_CTX structure with a dup of the stack and all - the X509 reference counts upped: so the stack will exist - after X509_CTX_cleanup() has been called. Modify pkcs12.c - to use this. - - Also make SSL_SESSION_print() print out the verify return - code. - [Steve Henson] - - *) Add manpage for the pkcs12 command. Also change the default - behaviour so MAC iteration counts are used unless the new - -nomaciter option is used. This improves file security and - only older versions of MSIE (4.0 for example) need it. - [Steve Henson] - - *) Honor the no-xxx Configure options when creating .DEF files. - [Ulf Möller] - - *) Add PKCS#10 attributes to field table: challengePassword, - unstructuredName and unstructuredAddress. These are taken from - draft PKCS#9 v2.0 but are compatible with v1.2 provided no - international characters are used. - - More changes to X509_ATTRIBUTE code: allow the setting of types - based on strings. Remove the 'loc' parameter when adding - attributes because these will be a SET OF encoding which is sorted - in ASN1 order. - [Steve Henson] - - *) Initial changes to the 'req' utility to allow request generation - automation. This will allow an application to just generate a template - file containing all the field values and have req construct the - request. - - Initial support for X509_ATTRIBUTE handling. Stacks of these are - used all over the place including certificate requests and PKCS#7 - structures. They are currently handled manually where necessary with - some primitive wrappers for PKCS#7. The new functions behave in a - manner analogous to the X509 extension functions: they allow - attributes to be looked up by NID and added. - - Later something similar to the X509V3 code would be desirable to - automatically handle the encoding, decoding and printing of the - more complex types. The string types like challengePassword can - be handled by the string table functions. - - Also modified the multi byte string table handling. Now there is - a 'global mask' which masks out certain types. The table itself - can use the flag STABLE_NO_MASK to ignore the mask setting: this - is useful when for example there is only one permissible type - (as in countryName) and using the mask might result in no valid - types at all. - [Steve Henson] - - *) Clean up 'Finished' handling, and add functions SSL_get_finished and - SSL_get_peer_finished to allow applications to obtain the latest - Finished messages sent to the peer or expected from the peer, - respectively. (SSL_get_peer_finished is usually the Finished message - actually received from the peer, otherwise the protocol will be aborted.) - - As the Finished message are message digests of the complete handshake - (with a total of 192 bits for TLS 1.0 and more for SSL 3.0), they can - be used for external authentication procedures when the authentication - provided by SSL/TLS is not desired or is not enough. - [Bodo Moeller] - - *) Enhanced support for Alpha Linux is added. Now ./config checks if - the host supports BWX extension and if Compaq C is present on the - $PATH. Just exploiting of the BWX extension results in 20-30% - performance kick for some algorithms, e.g. DES and RC4 to mention - a couple. Compaq C in turn generates ~20% faster code for MD5 and - SHA1. - [Andy Polyakov] - - *) Add support for MS "fast SGC". This is arguably a violation of the - SSL3/TLS protocol. Netscape SGC does two handshakes: the first with - weak crypto and after checking the certificate is SGC a second one - with strong crypto. MS SGC stops the first handshake after receiving - the server certificate message and sends a second client hello. Since - a server will typically do all the time consuming operations before - expecting any further messages from the client (server key exchange - is the most expensive) there is little difference between the two. - - To get OpenSSL to support MS SGC we have to permit a second client - hello message after we have sent server done. In addition we have to - reset the MAC if we do get this second client hello. - [Steve Henson] - - *) Add a function 'd2i_AutoPrivateKey()' this will automatically decide - if a DER encoded private key is RSA or DSA traditional format. Changed - d2i_PrivateKey_bio() to use it. This is only needed for the "traditional" - format DER encoded private key. Newer code should use PKCS#8 format which - has the key type encoded in the ASN1 structure. Added DER private key - support to pkcs8 application. - [Steve Henson] - - *) SSL 3/TLS 1 servers now don't request certificates when an anonymous - ciphersuites has been selected (as required by the SSL 3/TLS 1 - specifications). Exception: When SSL_VERIFY_FAIL_IF_NO_PEER_CERT - is set, we interpret this as a request to violate the specification - (the worst that can happen is a handshake failure, and 'correct' - behaviour would result in a handshake failure anyway). - [Bodo Moeller] - - *) In SSL_CTX_add_session, take into account that there might be multiple - SSL_SESSION structures with the same session ID (e.g. when two threads - concurrently obtain them from an external cache). - The internal cache can handle only one SSL_SESSION with a given ID, - so if there's a conflict, we now throw out the old one to achieve - consistency. - [Bodo Moeller] - - *) Add OIDs for idea and blowfish in CBC mode. This will allow both - to be used in PKCS#5 v2.0 and S/MIME. Also add checking to - some routines that use cipher OIDs: some ciphers do not have OIDs - defined and so they cannot be used for S/MIME and PKCS#5 v2.0 for - example. - [Steve Henson] - - *) Simplify the trust setting structure and code. Now we just have - two sequences of OIDs for trusted and rejected settings. These will - typically have values the same as the extended key usage extension - and any application specific purposes. - - The trust checking code now has a default behaviour: it will just - check for an object with the same NID as the passed id. Functions can - be provided to override either the default behaviour or the behaviour - for a given id. SSL client, server and email already have functions - in place for compatibility: they check the NID and also return "trusted" - if the certificate is self signed. - [Steve Henson] - - *) Add d2i,i2d bio/fp functions for PrivateKey: these convert the - traditional format into an EVP_PKEY structure. - [Steve Henson] - - *) Add a password callback function PEM_cb() which either prompts for - a password if usr_data is NULL or otherwise assumes it is a null - terminated password. Allow passwords to be passed on command line - environment or config files in a few more utilities. - [Steve Henson] - - *) Add a bunch of DER and PEM functions to handle PKCS#8 format private - keys. Add some short names for PKCS#8 PBE algorithms and allow them - to be specified on the command line for the pkcs8 and pkcs12 utilities. - Update documentation. - [Steve Henson] - - *) Support for ASN1 "NULL" type. This could be handled before by using - ASN1_TYPE but there wasn't any function that would try to read a NULL - and produce an error if it couldn't. For compatibility we also have - ASN1_NULL_new() and ASN1_NULL_free() functions but these are faked and - don't allocate anything because they don't need to. - [Steve Henson] - - *) Initial support for MacOS is now provided. Examine INSTALL.MacOS - for details. - [Andy Polyakov, Roy Woods ] - - *) Rebuild of the memory allocation routines used by OpenSSL code and - possibly others as well. The purpose is to make an interface that - provide hooks so anyone can build a separate set of allocation and - deallocation routines to be used by OpenSSL, for example memory - pool implementations, or something else, which was previously hard - since Malloc(), Realloc() and Free() were defined as macros having - the values malloc, realloc and free, respectively (except for Win32 - compilations). The same is provided for memory debugging code. - OpenSSL already comes with functionality to find memory leaks, but - this gives people a chance to debug other memory problems. - - With these changes, a new set of functions and macros have appeared: - - CRYPTO_set_mem_debug_functions() [F] - CRYPTO_get_mem_debug_functions() [F] - CRYPTO_dbg_set_options() [F] - CRYPTO_dbg_get_options() [F] - CRYPTO_malloc_debug_init() [M] - - The memory debug functions are NULL by default, unless the library - is compiled with CRYPTO_MDEBUG or friends is defined. If someone - wants to debug memory anyway, CRYPTO_malloc_debug_init() (which - gives the standard debugging functions that come with OpenSSL) or - CRYPTO_set_mem_debug_functions() (tells OpenSSL to use functions - provided by the library user) must be used. When the standard - debugging functions are used, CRYPTO_dbg_set_options can be used to - request additional information: - CRYPTO_dbg_set_options(V_CYRPTO_MDEBUG_xxx) corresponds to setting - the CRYPTO_MDEBUG_xxx macro when compiling the library. - - Also, things like CRYPTO_set_mem_functions will always give the - expected result (the new set of functions is used for allocation - and deallocation) at all times, regardless of platform and compiler - options. - - To finish it up, some functions that were never use in any other - way than through macros have a new API and new semantic: - - CRYPTO_dbg_malloc() - CRYPTO_dbg_realloc() - CRYPTO_dbg_free() - - All macros of value have retained their old syntax. - [Richard Levitte and Bodo Moeller] - - *) Some S/MIME fixes. The OID for SMIMECapabilities was wrong, the - ordering of SMIMECapabilities wasn't in "strength order" and there - was a missing NULL in the AlgorithmIdentifier for the SHA1 signature - algorithm. - [Steve Henson] - - *) Some ASN1 types with illegal zero length encoding (INTEGER, - ENUMERATED and OBJECT IDENTIFIER) choked the ASN1 routines. - [Frans Heymans , modified by Steve Henson] - - *) Merge in my S/MIME library for OpenSSL. This provides a simple - S/MIME API on top of the PKCS#7 code, a MIME parser (with enough - functionality to handle multipart/signed properly) and a utility - called 'smime' to call all this stuff. This is based on code I - originally wrote for Celo who have kindly allowed it to be - included in OpenSSL. - [Steve Henson] - - *) Add variants des_set_key_checked and des_set_key_unchecked of - des_set_key (aka des_key_sched). Global variable des_check_key - decides which of these is called by des_set_key; this way - des_check_key behaves as it always did, but applications and - the library itself, which was buggy for des_check_key == 1, - have a cleaner way to pick the version they need. - [Bodo Moeller] - - *) New function PKCS12_newpass() which changes the password of a - PKCS12 structure. - [Steve Henson] - - *) Modify X509_TRUST and X509_PURPOSE so it also uses a static and - dynamic mix. In both cases the ids can be used as an index into the - table. Also modified the X509_TRUST_add() and X509_PURPOSE_add() - functions so they accept a list of the field values and the - application doesn't need to directly manipulate the X509_TRUST - structure. - [Steve Henson] - - *) Modify the ASN1_STRING_TABLE stuff so it also uses bsearch and doesn't - need initialising. - [Steve Henson] - - *) Modify the way the V3 extension code looks up extensions. This now - works in a similar way to the object code: we have some "standard" - extensions in a static table which is searched with OBJ_bsearch() - and the application can add dynamic ones if needed. The file - crypto/x509v3/ext_dat.h now has the info: this file needs to be - updated whenever a new extension is added to the core code and kept - in ext_nid order. There is a simple program 'tabtest.c' which checks - this. New extensions are not added too often so this file can readily - be maintained manually. - - There are two big advantages in doing things this way. The extensions - can be looked up immediately and no longer need to be "added" using - X509V3_add_standard_extensions(): this function now does nothing. - [Side note: I get *lots* of email saying the extension code doesn't - work because people forget to call this function] - Also no dynamic allocation is done unless new extensions are added: - so if we don't add custom extensions there is no need to call - X509V3_EXT_cleanup(). - [Steve Henson] - - *) Modify enc utility's salting as follows: make salting the default. Add a - magic header, so unsalted files fail gracefully instead of just decrypting - to garbage. This is because not salting is a big security hole, so people - should be discouraged from doing it. - [Ben Laurie] - - *) Fixes and enhancements to the 'x509' utility. It allowed a message - digest to be passed on the command line but it only used this - parameter when signing a certificate. Modified so all relevant - operations are affected by the digest parameter including the - -fingerprint and -x509toreq options. Also -x509toreq choked if a - DSA key was used because it didn't fix the digest. - [Steve Henson] - - *) Initial certificate chain verify code. Currently tests the untrusted - certificates for consistency with the verify purpose (which is set - when the X509_STORE_CTX structure is set up) and checks the pathlength. - - There is a NO_CHAIN_VERIFY compilation option to keep the old behaviour: - this is because it will reject chains with invalid extensions whereas - every previous version of OpenSSL and SSLeay made no checks at all. - - Trust code: checks the root CA for the relevant trust settings. Trust - settings have an initial value consistent with the verify purpose: e.g. - if the verify purpose is for SSL client use it expects the CA to be - trusted for SSL client use. However the default value can be changed to - permit custom trust settings: one example of this would be to only trust - certificates from a specific "secure" set of CAs. - - Also added X509_STORE_CTX_new() and X509_STORE_CTX_free() functions - which should be used for version portability: especially since the - verify structure is likely to change more often now. - - SSL integration. Add purpose and trust to SSL_CTX and SSL and functions - to set them. If not set then assume SSL clients will verify SSL servers - and vice versa. - - Two new options to the verify program: -untrusted allows a set of - untrusted certificates to be passed in and -purpose which sets the - intended purpose of the certificate. If a purpose is set then the - new chain verify code is used to check extension consistency. - [Steve Henson] - - *) Support for the authority information access extension. - [Steve Henson] - - *) Modify RSA and DSA PEM read routines to transparently handle - PKCS#8 format private keys. New *_PUBKEY_* functions that handle - public keys in a format compatible with certificate - SubjectPublicKeyInfo structures. Unfortunately there were already - functions called *_PublicKey_* which used various odd formats so - these are retained for compatibility: however the DSA variants were - never in a public release so they have been deleted. Changed dsa/rsa - utilities to handle the new format: note no releases ever handled public - keys so we should be OK. - - The primary motivation for this change is to avoid the same fiasco - that dogs private keys: there are several incompatible private key - formats some of which are standard and some OpenSSL specific and - require various evil hacks to allow partial transparent handling and - even then it doesn't work with DER formats. Given the option anything - other than PKCS#8 should be dumped: but the other formats have to - stay in the name of compatibility. - - With public keys and the benefit of hindsight one standard format - is used which works with EVP_PKEY, RSA or DSA structures: though - it clearly returns an error if you try to read the wrong kind of key. - - Added a -pubkey option to the 'x509' utility to output the public key. - Also rename the EVP_PKEY_get_*() to EVP_PKEY_rget_*() - (renamed to EVP_PKEY_get1_*() in the OpenSSL 0.9.5 release) and add - EVP_PKEY_rset_*() functions (renamed to EVP_PKEY_set1_*()) - that do the same as the EVP_PKEY_assign_*() except they up the - reference count of the added key (they don't "swallow" the - supplied key). - [Steve Henson] - - *) Fixes to crypto/x509/by_file.c the code to read in certificates and - CRLs would fail if the file contained no certificates or no CRLs: - added a new function to read in both types and return the number - read: this means that if none are read it will be an error. The - DER versions of the certificate and CRL reader would always fail - because it isn't possible to mix certificates and CRLs in DER format - without choking one or the other routine. Changed this to just read - a certificate: this is the best we can do. Also modified the code - in apps/verify.c to take notice of return codes: it was previously - attempting to read in certificates from NULL pointers and ignoring - any errors: this is one reason why the cert and CRL reader seemed - to work. It doesn't check return codes from the default certificate - routines: these may well fail if the certificates aren't installed. - [Steve Henson] - - *) Code to support otherName option in GeneralName. - [Steve Henson] - - *) First update to verify code. Change the verify utility - so it warns if it is passed a self signed certificate: - for consistency with the normal behaviour. X509_verify - has been modified to it will now verify a self signed - certificate if *exactly* the same certificate appears - in the store: it was previously impossible to trust a - single self signed certificate. This means that: - openssl verify ss.pem - now gives a warning about a self signed certificate but - openssl verify -CAfile ss.pem ss.pem - is OK. - [Steve Henson] - - *) For servers, store verify_result in SSL_SESSION data structure - (and add it to external session representation). - This is needed when client certificate verifications fails, - but an application-provided verification callback (set by - SSL_CTX_set_cert_verify_callback) allows accepting the session - anyway (i.e. leaves x509_store_ctx->error != X509_V_OK - but returns 1): When the session is reused, we have to set - ssl->verify_result to the appropriate error code to avoid - security holes. - [Bodo Moeller, problem pointed out by Lutz Jaenicke] - - *) Fix a bug in the new PKCS#7 code: it didn't consider the - case in PKCS7_dataInit() where the signed PKCS7 structure - didn't contain any existing data because it was being created. - [Po-Cheng Chen , slightly modified by Steve Henson] - - *) Add a salt to the key derivation routines in enc.c. This - forms the first 8 bytes of the encrypted file. Also add a - -S option to allow a salt to be input on the command line. - [Steve Henson] - - *) New function X509_cmp(). Oddly enough there wasn't a function - to compare two certificates. We do this by working out the SHA1 - hash and comparing that. X509_cmp() will be needed by the trust - code. - [Steve Henson] - - *) SSL_get1_session() is like SSL_get_session(), but increments - the reference count in the SSL_SESSION returned. - [Geoff Thorpe ] - - *) Fix for 'req': it was adding a null to request attributes. - Also change the X509_LOOKUP and X509_INFO code to handle - certificate auxiliary information. - [Steve Henson] - - *) Add support for 40 and 64 bit RC2 and RC4 algorithms: document - the 'enc' command. - [Steve Henson] - - *) Add the possibility to add extra information to the memory leak - detecting output, to form tracebacks, showing from where each - allocation was originated: CRYPTO_push_info("constant string") adds - the string plus current file name and line number to a per-thread - stack, CRYPTO_pop_info() does the obvious, CRYPTO_remove_all_info() - is like calling CYRPTO_pop_info() until the stack is empty. - Also updated memory leak detection code to be multi-thread-safe. - [Richard Levitte] - - *) Add options -text and -noout to pkcs7 utility and delete the - encryption options which never did anything. Update docs. - [Steve Henson] - - *) Add options to some of the utilities to allow the pass phrase - to be included on either the command line (not recommended on - OSes like Unix) or read from the environment. Update the - manpages and fix a few bugs. - [Steve Henson] - - *) Add a few manpages for some of the openssl commands. - [Steve Henson] - - *) Fix the -revoke option in ca. It was freeing up memory twice, - leaking and not finding already revoked certificates. - [Steve Henson] - - *) Extensive changes to support certificate auxiliary information. - This involves the use of X509_CERT_AUX structure and X509_AUX - functions. An X509_AUX function such as PEM_read_X509_AUX() - can still read in a certificate file in the usual way but it - will also read in any additional "auxiliary information". By - doing things this way a fair degree of compatibility can be - retained: existing certificates can have this information added - using the new 'x509' options. - - Current auxiliary information includes an "alias" and some trust - settings. The trust settings will ultimately be used in enhanced - certificate chain verification routines: currently a certificate - can only be trusted if it is self signed and then it is trusted - for all purposes. - [Steve Henson] - - *) Fix assembler for Alpha (tested only on DEC OSF not Linux or *BSD). - The problem was that one of the replacement routines had not been working - since SSLeay releases. For now the offending routine has been replaced - with non-optimised assembler. Even so, this now gives around 95% - performance improvement for 1024 bit RSA signs. - [Mark Cox] - - *) Hack to fix PKCS#7 decryption when used with some unorthodox RC2 - handling. Most clients have the effective key size in bits equal to - the key length in bits: so a 40 bit RC2 key uses a 40 bit (5 byte) key. - A few however don't do this and instead use the size of the decrypted key - to determine the RC2 key length and the AlgorithmIdentifier to determine - the effective key length. In this case the effective key length can still - be 40 bits but the key length can be 168 bits for example. This is fixed - by manually forcing an RC2 key into the EVP_PKEY structure because the - EVP code can't currently handle unusual RC2 key sizes: it always assumes - the key length and effective key length are equal. - [Steve Henson] - - *) Add a bunch of functions that should simplify the creation of - X509_NAME structures. Now you should be able to do: - X509_NAME_add_entry_by_txt(nm, "CN", MBSTRING_ASC, "Steve", -1, -1, 0); - and have it automatically work out the correct field type and fill in - the structures. The more adventurous can try: - X509_NAME_add_entry_by_txt(nm, field, MBSTRING_UTF8, str, -1, -1, 0); - and it will (hopefully) work out the correct multibyte encoding. - [Steve Henson] - - *) Change the 'req' utility to use the new field handling and multibyte - copy routines. Before the DN field creation was handled in an ad hoc - way in req, ca, and x509 which was rather broken and didn't support - BMPStrings or UTF8Strings. Since some software doesn't implement - BMPStrings or UTF8Strings yet, they can be enabled using the config file - using the dirstring_type option. See the new comment in the default - openssl.cnf for more info. - [Steve Henson] - - *) Make crypto/rand/md_rand.c more robust: - - Assure unique random numbers after fork(). - - Make sure that concurrent threads access the global counter and - md serializably so that we never lose entropy in them - or use exactly the same state in multiple threads. - Access to the large state is not always serializable because - the additional locking could be a performance killer, and - md should be large enough anyway. - [Bodo Moeller] - - *) New file apps/app_rand.c with commonly needed functionality - for handling the random seed file. - - Use the random seed file in some applications that previously did not: - ca, - dsaparam -genkey (which also ignored its '-rand' option), - s_client, - s_server, - x509 (when signing). - Except on systems with /dev/urandom, it is crucial to have a random - seed file at least for key creation, DSA signing, and for DH exchanges; - for RSA signatures we could do without one. - - gendh and gendsa (unlike genrsa) used to read only the first byte - of each file listed in the '-rand' option. The function as previously - found in genrsa is now in app_rand.c and is used by all programs - that support '-rand'. - [Bodo Moeller] - - *) In RAND_write_file, use mode 0600 for creating files; - don't just chmod when it may be too late. - [Bodo Moeller] - - *) Report an error from X509_STORE_load_locations - when X509_LOOKUP_load_file or X509_LOOKUP_add_dir failed. - [Bill Perry] - - *) New function ASN1_mbstring_copy() this copies a string in either - ASCII, Unicode, Universal (4 bytes per character) or UTF8 format - into an ASN1_STRING type. A mask of permissible types is passed - and it chooses the "minimal" type to use or an error if not type - is suitable. - [Steve Henson] - - *) Add function equivalents to the various macros in asn1.h. The old - macros are retained with an M_ prefix. Code inside the library can - use the M_ macros. External code (including the openssl utility) - should *NOT* in order to be "shared library friendly". - [Steve Henson] - - *) Add various functions that can check a certificate's extensions - to see if it usable for various purposes such as SSL client, - server or S/MIME and CAs of these types. This is currently - VERY EXPERIMENTAL but will ultimately be used for certificate chain - verification. Also added a -purpose flag to x509 utility to - print out all the purposes. - [Steve Henson] - - *) Add a CRYPTO_EX_DATA to X509 certificate structure and associated - functions. - [Steve Henson] - - *) New X509V3_{X509,CRL,REVOKED}_get_d2i() functions. These will search - for, obtain and decode and extension and obtain its critical flag. - This allows all the necessary extension code to be handled in a - single function call. - [Steve Henson] - - *) RC4 tune-up featuring 30-40% performance improvement on most RISC - platforms. See crypto/rc4/rc4_enc.c for further details. - [Andy Polyakov] - - *) New -noout option to asn1parse. This causes no output to be produced - its main use is when combined with -strparse and -out to extract data - from a file (which may not be in ASN.1 format). - [Steve Henson] - - *) Fix for pkcs12 program. It was hashing an invalid certificate pointer - when producing the local key id. - [Richard Levitte ] - - *) New option -dhparam in s_server. This allows a DH parameter file to be - stated explicitly. If it is not stated then it tries the first server - certificate file. The previous behaviour hard coded the filename - "server.pem". - [Steve Henson] - - *) Add -pubin and -pubout options to the rsa and dsa commands. These allow - a public key to be input or output. For example: - openssl rsa -in key.pem -pubout -out pubkey.pem - Also added necessary DSA public key functions to handle this. - [Steve Henson] - - *) Fix so PKCS7_dataVerify() doesn't crash if no certificates are contained - in the message. This was handled by allowing - X509_find_by_issuer_and_serial() to tolerate a NULL passed to it. - [Steve Henson, reported by Sampo Kellomaki ] - - *) Fix for bug in d2i_ASN1_bytes(): other ASN1 functions add an extra null - to the end of the strings whereas this didn't. This would cause problems - if strings read with d2i_ASN1_bytes() were later modified. - [Steve Henson, reported by Arne Ansper ] - - *) Fix for base64 decode bug. When a base64 bio reads only one line of - data and it contains EOF it will end up returning an error. This is - caused by input 46 bytes long. The cause is due to the way base64 - BIOs find the start of base64 encoded data. They do this by trying a - trial decode on each line until they find one that works. When they - do a flag is set and it starts again knowing it can pass all the - data directly through the decoder. Unfortunately it doesn't reset - the context it uses. This means that if EOF is reached an attempt - is made to pass two EOFs through the context and this causes the - resulting error. This can also cause other problems as well. As is - usual with these problems it takes *ages* to find and the fix is - trivial: move one line. - [Steve Henson, reported by ian@uns.ns.ac.yu (Ivan Nejgebauer) ] - - *) Ugly workaround to get s_client and s_server working under Windows. The - old code wouldn't work because it needed to select() on sockets and the - tty (for keypresses and to see if data could be written). Win32 only - supports select() on sockets so we select() with a 1s timeout on the - sockets and then see if any characters are waiting to be read, if none - are present then we retry, we also assume we can always write data to - the tty. This isn't nice because the code then blocks until we've - received a complete line of data and it is effectively polling the - keyboard at 1s intervals: however it's quite a bit better than not - working at all :-) A dedicated Windows application might handle this - with an event loop for example. - [Steve Henson] - - *) Enhance RSA_METHOD structure. Now there are two extra methods, rsa_sign - and rsa_verify. When the RSA_FLAGS_SIGN_VER option is set these functions - will be called when RSA_sign() and RSA_verify() are used. This is useful - if rsa_pub_dec() and rsa_priv_enc() equivalents are not available. - For this to work properly RSA_public_decrypt() and RSA_private_encrypt() - should *not* be used: RSA_sign() and RSA_verify() must be used instead. - This necessitated the support of an extra signature type NID_md5_sha1 - for SSL signatures and modifications to the SSL library to use it instead - of calling RSA_public_decrypt() and RSA_private_encrypt(). - [Steve Henson] - - *) Add new -verify -CAfile and -CApath options to the crl program, these - will lookup a CRL issuers certificate and verify the signature in a - similar way to the verify program. Tidy up the crl program so it - no longer accesses structures directly. Make the ASN1 CRL parsing a bit - less strict. It will now permit CRL extensions even if it is not - a V2 CRL: this will allow it to tolerate some broken CRLs. - [Steve Henson] - - *) Initialize all non-automatic variables each time one of the openssl - sub-programs is started (this is necessary as they may be started - multiple times from the "OpenSSL>" prompt). - [Lennart Bang, Bodo Moeller] - - *) Preliminary compilation option RSA_NULL which disables RSA crypto without - removing all other RSA functionality (this is what NO_RSA does). This - is so (for example) those in the US can disable those operations covered - by the RSA patent while allowing storage and parsing of RSA keys and RSA - key generation. - [Steve Henson] - - *) Non-copying interface to BIO pairs. - (still largely untested) - [Bodo Moeller] - - *) New function ANS1_tag2str() to convert an ASN1 tag to a descriptive - ASCII string. This was handled independently in various places before. - [Steve Henson] - - *) New functions UTF8_getc() and UTF8_putc() that parse and generate - UTF8 strings a character at a time. - [Steve Henson] - - *) Use client_version from client hello to select the protocol - (s23_srvr.c) and for RSA client key exchange verification - (s3_srvr.c), as required by the SSL 3.0/TLS 1.0 specifications. - [Bodo Moeller] - - *) Add various utility functions to handle SPKACs, these were previously - handled by poking round in the structure internals. Added new function - NETSCAPE_SPKI_print() to print out SPKAC and a new utility 'spkac' to - print, verify and generate SPKACs. Based on an original idea from - Massimiliano Pala but extensively modified. - [Steve Henson] - - *) RIPEMD160 is operational on all platforms and is back in 'make test'. - [Andy Polyakov] - - *) Allow the config file extension section to be overwritten on the - command line. Based on an original idea from Massimiliano Pala - . The new option is called -extensions - and can be applied to ca, req and x509. Also -reqexts to override - the request extensions in req and -crlexts to override the crl extensions - in ca. - [Steve Henson] - - *) Add new feature to the SPKAC handling in ca. Now you can include - the same field multiple times by preceding it by "XXXX." for example: - 1.OU="Unit name 1" - 2.OU="Unit name 2" - this is the same syntax as used in the req config file. - [Steve Henson] - - *) Allow certificate extensions to be added to certificate requests. These - are specified in a 'req_extensions' option of the req section of the - config file. They can be printed out with the -text option to req but - are otherwise ignored at present. - [Steve Henson] - - *) Fix a horrible bug in enc_read() in crypto/evp/bio_enc.c: if the first - data read consists of only the final block it would not decrypted because - EVP_CipherUpdate() would correctly report zero bytes had been decrypted. - A misplaced 'break' also meant the decrypted final block might not be - copied until the next read. - [Steve Henson] - - *) Initial support for DH_METHOD. Again based on RSA_METHOD. Also added - a few extra parameters to the DH structure: these will be useful if - for example we want the value of 'q' or implement X9.42 DH. - [Steve Henson] - - *) Initial support for DSA_METHOD. This is based on the RSA_METHOD and - provides hooks that allow the default DSA functions or functions on a - "per key" basis to be replaced. This allows hardware acceleration and - hardware key storage to be handled without major modification to the - library. Also added low level modexp hooks and CRYPTO_EX structure and - associated functions. - [Steve Henson] - - *) Add a new flag to memory BIOs, BIO_FLAG_MEM_RDONLY. This marks the BIO - as "read only": it can't be written to and the buffer it points to will - not be freed. Reading from a read only BIO is much more efficient than - a normal memory BIO. This was added because there are several times when - an area of memory needs to be read from a BIO. The previous method was - to create a memory BIO and write the data to it, this results in two - copies of the data and an O(n^2) reading algorithm. There is a new - function BIO_new_mem_buf() which creates a read only memory BIO from - an area of memory. Also modified the PKCS#7 routines to use read only - memory BIOs. - [Steve Henson] - - *) Bugfix: ssl23_get_client_hello did not work properly when called in - state SSL23_ST_SR_CLNT_HELLO_B, i.e. when the first 7 bytes of - a SSLv2-compatible client hello for SSLv3 or TLSv1 could be read, - but a retry condition occured while trying to read the rest. - [Bodo Moeller] - - *) The PKCS7_ENC_CONTENT_new() function was setting the content type as - NID_pkcs7_encrypted by default: this was wrong since this should almost - always be NID_pkcs7_data. Also modified the PKCS7_set_type() to handle - the encrypted data type: this is a more sensible place to put it and it - allows the PKCS#12 code to be tidied up that duplicated this - functionality. - [Steve Henson] - - *) Changed obj_dat.pl script so it takes its input and output files on - the command line. This should avoid shell escape redirection problems - under Win32. - [Steve Henson] - - *) Initial support for certificate extension requests, these are included - in things like Xenroll certificate requests. Included functions to allow - extensions to be obtained and added. - [Steve Henson] - - *) -crlf option to s_client and s_server for sending newlines as - CRLF (as required by many protocols). - [Bodo Moeller] - - Changes between 0.9.3a and 0.9.4 [09 Aug 1999] - - *) Install libRSAglue.a when OpenSSL is built with RSAref. - [Ralf S. Engelschall] - - *) A few more ``#ifndef NO_FP_API / #endif'' pairs for consistency. - [Andrija Antonijevic ] - - *) Fix -startdate and -enddate (which was missing) arguments to 'ca' - program. - [Steve Henson] - - *) New function DSA_dup_DH, which duplicates DSA parameters/keys as - DH parameters/keys (q is lost during that conversion, but the resulting - DH parameters contain its length). - - For 1024-bit p, DSA_generate_parameters followed by DSA_dup_DH is - much faster than DH_generate_parameters (which creates parameters - where p = 2*q + 1), and also the smaller q makes DH computations - much more efficient (160-bit exponentiation instead of 1024-bit - exponentiation); so this provides a convenient way to support DHE - ciphersuites in SSL/TLS servers (see ssl/ssltest.c). It is of - utter importance to use - SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE); - or - SSL_set_options(s_ctx, SSL_OP_SINGLE_DH_USE); - when such DH parameters are used, because otherwise small subgroup - attacks may become possible! - [Bodo Moeller] - - *) Avoid memory leak in i2d_DHparams. - [Bodo Moeller] - - *) Allow the -k option to be used more than once in the enc program: - this allows the same encrypted message to be read by multiple recipients. - [Steve Henson] - - *) New function OBJ_obj2txt(buf, buf_len, a, no_name), this converts - an ASN1_OBJECT to a text string. If the "no_name" parameter is set then - it will always use the numerical form of the OID, even if it has a short - or long name. - [Steve Henson] - - *) Added an extra RSA flag: RSA_FLAG_EXT_PKEY. Previously the rsa_mod_exp - method only got called if p,q,dmp1,dmq1,iqmp components were present, - otherwise bn_mod_exp was called. In the case of hardware keys for example - no private key components need be present and it might store extra data - in the RSA structure, which cannot be accessed from bn_mod_exp. - By setting RSA_FLAG_EXT_PKEY rsa_mod_exp will always be called for - private key operations. - [Steve Henson] - - *) Added support for SPARC Linux. - [Andy Polyakov] - - *) pem_password_cb function type incompatibly changed from - typedef int pem_password_cb(char *buf, int size, int rwflag); - to - ....(char *buf, int size, int rwflag, void *userdata); - so that applications can pass data to their callbacks: - The PEM[_ASN1]_{read,write}... functions and macros now take an - additional void * argument, which is just handed through whenever - the password callback is called. - [Damien Miller ; tiny changes by Bodo Moeller] - - New function SSL_CTX_set_default_passwd_cb_userdata. - - Compatibility note: As many C implementations push function arguments - onto the stack in reverse order, the new library version is likely to - interoperate with programs that have been compiled with the old - pem_password_cb definition (PEM_whatever takes some data that - happens to be on the stack as its last argument, and the callback - just ignores this garbage); but there is no guarantee whatsoever that - this will work. - - *) The -DPLATFORM="\"$(PLATFORM)\"" definition and the similar -DCFLAGS=... - (both in crypto/Makefile.ssl for use by crypto/cversion.c) caused - problems not only on Windows, but also on some Unix platforms. - To avoid problematic command lines, these definitions are now in an - auto-generated file crypto/buildinf.h (created by crypto/Makefile.ssl - for standard "make" builds, by util/mk1mf.pl for "mk1mf" builds). - [Bodo Moeller] - - *) MIPS III/IV assembler module is reimplemented. - [Andy Polyakov] - - *) More DES library cleanups: remove references to srand/rand and - delete an unused file. - [Ulf Möller] - - *) Add support for the the free Netwide assembler (NASM) under Win32, - since not many people have MASM (ml) and it can be hard to obtain. - This is currently experimental but it seems to work OK and pass all - the tests. Check out INSTALL.W32 for info. - [Steve Henson] - - *) Fix memory leaks in s3_clnt.c: All non-anonymous SSL3/TLS1 connections - without temporary keys kept an extra copy of the server key, - and connections with temporary keys did not free everything in case - of an error. - [Bodo Moeller] - - *) New function RSA_check_key and new openssl rsa option -check - for verifying the consistency of RSA keys. - [Ulf Moeller, Bodo Moeller] - - *) Various changes to make Win32 compile work: - 1. Casts to avoid "loss of data" warnings in p5_crpt2.c - 2. Change unsigned int to int in b_dump.c to avoid "signed/unsigned - comparison" warnings. - 3. Add sk__sort to DEF file generator and do make update. - [Steve Henson] - - *) Add a debugging option to PKCS#5 v2 key generation function: when - you #define DEBUG_PKCS5V2 passwords, salts, iteration counts and - derived keys are printed to stderr. - [Steve Henson] - - *) Copy the flags in ASN1_STRING_dup(). - [Roman E. Pavlov ] - - *) The x509 application mishandled signing requests containing DSA - keys when the signing key was also DSA and the parameters didn't match. - - It was supposed to omit the parameters when they matched the signing key: - the verifying software was then supposed to automatically use the CA's - parameters if they were absent from the end user certificate. - - Omitting parameters is no longer recommended. The test was also - the wrong way round! This was probably due to unusual behaviour in - EVP_cmp_parameters() which returns 1 if the parameters match. - This meant that parameters were omitted when they *didn't* match and - the certificate was useless. Certificates signed with 'ca' didn't have - this bug. - [Steve Henson, reported by Doug Erickson ] - - *) Memory leak checking (-DCRYPTO_MDEBUG) had some problems. - The interface is as follows: - Applications can use - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON) aka MemCheck_start(), - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF) aka MemCheck_stop(); - "off" is now the default. - The library internally uses - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE) aka MemCheck_off(), - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE) aka MemCheck_on() - to disable memory-checking temporarily. - - Some inconsistent states that previously were possible (and were - even the default) are now avoided. - - -DCRYPTO_MDEBUG_TIME is new and additionally stores the current time - with each memory chunk allocated; this is occasionally more helpful - than just having a counter. - - -DCRYPTO_MDEBUG_THREAD is also new and adds the thread ID. - - -DCRYPTO_MDEBUG_ALL enables all of the above, plus any future - extensions. - [Bodo Moeller] - - *) Introduce "mode" for SSL structures (with defaults in SSL_CTX), - which largely parallels "options", but is for changing API behaviour, - whereas "options" are about protocol behaviour. - Initial "mode" flags are: - - SSL_MODE_ENABLE_PARTIAL_WRITE Allow SSL_write to report success when - a single record has been written. - SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER Don't insist that SSL_write - retries use the same buffer location. - (But all of the contents must be - copied!) - [Bodo Moeller] - - *) Bugfix: SSL_set_options ignored its parameter, only SSL_CTX_set_options - worked. - - *) Fix problems with no-hmac etc. - [Ulf Möller, pointed out by Brian Wellington ] - - *) New functions RSA_get_default_method(), RSA_set_method() and - RSA_get_method(). These allows replacement of RSA_METHODs without having - to mess around with the internals of an RSA structure. - [Steve Henson] - - *) Fix memory leaks in DSA_do_sign and DSA_is_prime. - Also really enable memory leak checks in openssl.c and in some - test programs. - [Chad C. Mulligan, Bodo Moeller] - - *) Fix a bug in d2i_ASN1_INTEGER() and i2d_ASN1_INTEGER() which can mess - up the length of negative integers. This has now been simplified to just - store the length when it is first determined and use it later, rather - than trying to keep track of where data is copied and updating it to - point to the end. - [Steve Henson, reported by Brien Wheeler - ] - - *) Add a new function PKCS7_signatureVerify. This allows the verification - of a PKCS#7 signature but with the signing certificate passed to the - function itself. This contrasts with PKCS7_dataVerify which assumes the - certificate is present in the PKCS#7 structure. This isn't always the - case: certificates can be omitted from a PKCS#7 structure and be - distributed by "out of band" means (such as a certificate database). - [Steve Henson] - - *) Complete the PEM_* macros with DECLARE_PEM versions to replace the - function prototypes in pem.h, also change util/mkdef.pl to add the - necessary function names. - [Steve Henson] - - *) mk1mf.pl (used by Windows builds) did not properly read the - options set by Configure in the top level Makefile, and Configure - was not even able to write more than one option correctly. - Fixed, now "no-idea no-rc5 -DCRYPTO_MDEBUG" etc. works as intended. - [Bodo Moeller] - - *) New functions CONF_load_bio() and CONF_load_fp() to allow a config - file to be loaded from a BIO or FILE pointer. The BIO version will - for example allow memory BIOs to contain config info. - [Steve Henson] - - *) New function "CRYPTO_num_locks" that returns CRYPTO_NUM_LOCKS. - Whoever hopes to achieve shared-library compatibility across versions - must use this, not the compile-time macro. - (Exercise 0.9.4: Which is the minimum library version required by - such programs?) - Note: All this applies only to multi-threaded programs, others don't - need locks. - [Bodo Moeller] - - *) Add missing case to s3_clnt.c state machine -- one of the new SSL tests - through a BIO pair triggered the default case, i.e. - SSLerr(...,SSL_R_UNKNOWN_STATE). - [Bodo Moeller] - - *) New "BIO pair" concept (crypto/bio/bss_bio.c) so that applications - can use the SSL library even if none of the specific BIOs is - appropriate. - [Bodo Moeller] - - *) Fix a bug in i2d_DSAPublicKey() which meant it returned the wrong value - for the encoded length. - [Jeon KyoungHo ] - - *) Add initial documentation of the X509V3 functions. - [Steve Henson] - - *) Add a new pair of functions PEM_write_PKCS8PrivateKey() and - PEM_write_bio_PKCS8PrivateKey() that are equivalent to - PEM_write_PrivateKey() and PEM_write_bio_PrivateKey() but use the more - secure PKCS#8 private key format with a high iteration count. - [Steve Henson] - - *) Fix determination of Perl interpreter: A perl or perl5 - _directory_ in $PATH was also accepted as the interpreter. - [Ralf S. Engelschall] - - *) Fix demos/sign/sign.c: well there wasn't anything strictly speaking - wrong with it but it was very old and did things like calling - PEM_ASN1_read() directly and used MD5 for the hash not to mention some - unusual formatting. - [Steve Henson] - - *) Fix demos/selfsign.c: it used obsolete and deleted functions, changed - to use the new extension code. - [Steve Henson] - - *) Implement the PEM_read/PEM_write functions in crypto/pem/pem_all.c - with macros. This should make it easier to change their form, add extra - arguments etc. Fix a few PEM prototypes which didn't have cipher as a - constant. - [Steve Henson] - - *) Add to configuration table a new entry that can specify an alternative - name for unistd.h (for pre-POSIX systems); we need this for NeXTstep, - according to Mark Crispin . - [Bodo Moeller] - -#if 0 - *) DES CBC did not update the IV. Weird. - [Ben Laurie] -#else - des_cbc_encrypt does not update the IV, but des_ncbc_encrypt does. - Changing the behaviour of the former might break existing programs -- - where IV updating is needed, des_ncbc_encrypt can be used. -#endif - - *) When bntest is run from "make test" it drives bc to check its - calculations, as well as internally checking them. If an internal check - fails, it needs to cause bc to give a non-zero result or make test carries - on without noticing the failure. Fixed. - [Ben Laurie] - - *) DES library cleanups. - [Ulf Möller] - - *) Add support for PKCS#5 v2.0 PBE algorithms. This will permit PKCS#8 to be - used with any cipher unlike PKCS#5 v1.5 which can at most handle 64 bit - ciphers. NOTE: although the key derivation function has been verified - against some published test vectors it has not been extensively tested - yet. Added a -v2 "cipher" option to pkcs8 application to allow the use - of v2.0. - [Steve Henson] - - *) Instead of "mkdir -p", which is not fully portable, use new - Perl script "util/mkdir-p.pl". - [Bodo Moeller] - - *) Rewrite the way password based encryption (PBE) is handled. It used to - assume that the ASN1 AlgorithmIdentifier parameter was a PBEParameter - structure. This was true for the PKCS#5 v1.5 and PKCS#12 PBE algorithms - but doesn't apply to PKCS#5 v2.0 where it can be something else. Now - the 'parameter' field of the AlgorithmIdentifier is passed to the - underlying key generation function so it must do its own ASN1 parsing. - This has also changed the EVP_PBE_CipherInit() function which now has a - 'parameter' argument instead of literal salt and iteration count values - and the function EVP_PBE_ALGOR_CipherInit() has been deleted. - [Steve Henson] - - *) Support for PKCS#5 v1.5 compatible password based encryption algorithms - and PKCS#8 functionality. New 'pkcs8' application linked to openssl. - Needed to change the PEM_STRING_EVP_PKEY value which was just "PRIVATE - KEY" because this clashed with PKCS#8 unencrypted string. Since this - value was just used as a "magic string" and not used directly its - value doesn't matter. - [Steve Henson] - - *) Introduce some semblance of const correctness to BN. Shame C doesn't - support mutable. - [Ben Laurie] - - *) "linux-sparc64" configuration (ultrapenguin). - [Ray Miller ] - "linux-sparc" configuration. - [Christian Forster ] - - *) config now generates no-xxx options for missing ciphers. - [Ulf Möller] - - *) Support the EBCDIC character set (work in progress). - File ebcdic.c not yet included because it has a different license. - [Martin Kraemer ] - - *) Support BS2000/OSD-POSIX. - [Martin Kraemer ] - - *) Make callbacks for key generation use void * instead of char *. - [Ben Laurie] - - *) Make S/MIME samples compile (not yet tested). - [Ben Laurie] - - *) Additional typesafe stacks. - [Ben Laurie] - - *) New configuration variants "bsdi-elf-gcc" (BSD/OS 4.x). - [Bodo Moeller] - - - Changes between 0.9.3 and 0.9.3a [29 May 1999] - - *) New configuration variant "sco5-gcc". - - *) Updated some demos. - [Sean O Riordain, Wade Scholine] - - *) Add missing BIO_free at exit of pkcs12 application. - [Wu Zhigang] - - *) Fix memory leak in conf.c. - [Steve Henson] - - *) Updates for Win32 to assembler version of MD5. - [Steve Henson] - - *) Set #! path to perl in apps/der_chop to where we found it - instead of using a fixed path. - [Bodo Moeller] - - *) SHA library changes for irix64-mips4-cc. - [Andy Polyakov] - - *) Improvements for VMS support. - [Richard Levitte] - - - Changes between 0.9.2b and 0.9.3 [24 May 1999] - - *) Bignum library bug fix. IRIX 6 passes "make test" now! - This also avoids the problems with SC4.2 and unpatched SC5. - [Andy Polyakov ] - - *) New functions sk_num, sk_value and sk_set to replace the previous macros. - These are required because of the typesafe stack would otherwise break - existing code. If old code used a structure member which used to be STACK - and is now STACK_OF (for example cert in a PKCS7_SIGNED structure) with - sk_num or sk_value it would produce an error because the num, data members - are not present in STACK_OF. Now it just produces a warning. sk_set - replaces the old method of assigning a value to sk_value - (e.g. sk_value(x, i) = y) which the library used in a few cases. Any code - that does this will no longer work (and should use sk_set instead) but - this could be regarded as a "questionable" behaviour anyway. - [Steve Henson] - - *) Fix most of the other PKCS#7 bugs. The "experimental" code can now - correctly handle encrypted S/MIME data. - [Steve Henson] - - *) Change type of various DES function arguments from des_cblock - (which means, in function argument declarations, pointer to char) - to des_cblock * (meaning pointer to array with 8 char elements), - which allows the compiler to do more typechecking; it was like - that back in SSLeay, but with lots of ugly casts. - - Introduce new type const_des_cblock. - [Bodo Moeller] - - *) Reorganise the PKCS#7 library and get rid of some of the more obvious - problems: find RecipientInfo structure that matches recipient certificate - and initialise the ASN1 structures properly based on passed cipher. - [Steve Henson] - - *) Belatedly make the BN tests actually check the results. - [Ben Laurie] - - *) Fix the encoding and decoding of negative ASN1 INTEGERS and conversion - to and from BNs: it was completely broken. New compilation option - NEG_PUBKEY_BUG to allow for some broken certificates that encode public - key elements as negative integers. - [Steve Henson] - - *) Reorganize and speed up MD5. - [Andy Polyakov ] - - *) VMS support. - [Richard Levitte ] - - *) New option -out to asn1parse to allow the parsed structure to be - output to a file. This is most useful when combined with the -strparse - option to examine the output of things like OCTET STRINGS. - [Steve Henson] - - *) Make SSL library a little more fool-proof by not requiring any longer - that SSL_set_{accept,connect}_state be called before - SSL_{accept,connect} may be used (SSL_set_..._state is omitted - in many applications because usually everything *appeared* to work as - intended anyway -- now it really works as intended). - [Bodo Moeller] - - *) Move openssl.cnf out of lib/. - [Ulf Möller] - - *) Fix various things to let OpenSSL even pass ``egcc -pipe -O2 -Wall - -Wshadow -Wpointer-arith -Wcast-align -Wmissing-prototypes - -Wmissing-declarations -Wnested-externs -Winline'' with EGCS 1.1.2+ - [Ralf S. Engelschall] - - *) Various fixes to the EVP and PKCS#7 code. It may now be able to - handle PKCS#7 enveloped data properly. - [Sebastian Akerman , modified by Steve] - - *) Create a duplicate of the SSL_CTX's CERT in SSL_new instead of - copying pointers. The cert_st handling is changed by this in - various ways (and thus what used to be known as ctx->default_cert - is now called ctx->cert, since we don't resort to s->ctx->[default_]cert - any longer when s->cert does not give us what we need). - ssl_cert_instantiate becomes obsolete by this change. - As soon as we've got the new code right (possibly it already is?), - we have solved a couple of bugs of the earlier code where s->cert - was used as if it could not have been shared with other SSL structures. - - Note that using the SSL API in certain dirty ways now will result - in different behaviour than observed with earlier library versions: - Changing settings for an SSL_CTX *ctx after having done s = SSL_new(ctx) - does not influence s as it used to. - - In order to clean up things more thoroughly, inside SSL_SESSION - we don't use CERT any longer, but a new structure SESS_CERT - that holds per-session data (if available); currently, this is - the peer's certificate chain and, for clients, the server's certificate - and temporary key. CERT holds only those values that can have - meaningful defaults in an SSL_CTX. - [Bodo Moeller] - - *) New function X509V3_EXT_i2d() to create an X509_EXTENSION structure - from the internal representation. Various PKCS#7 fixes: remove some - evil casts and set the enc_dig_alg field properly based on the signing - key type. - [Steve Henson] - - *) Allow PKCS#12 password to be set from the command line or the - environment. Let 'ca' get its config file name from the environment - variables "OPENSSL_CONF" or "SSLEAY_CONF" (for consistency with 'req' - and 'x509'). - [Steve Henson] - - *) Allow certificate policies extension to use an IA5STRING for the - organization field. This is contrary to the PKIX definition but - VeriSign uses it and IE5 only recognises this form. Document 'x509' - extension option. - [Steve Henson] - - *) Add PEDANTIC compiler flag to allow compilation with gcc -pedantic, - without disallowing inline assembler and the like for non-pedantic builds. - [Ben Laurie] - - *) Support Borland C++ builder. - [Janez Jere , modified by Ulf Möller] - - *) Support Mingw32. - [Ulf Möller] - - *) SHA-1 cleanups and performance enhancements. - [Andy Polyakov ] - - *) Sparc v8plus assembler for the bignum library. - [Andy Polyakov ] - - *) Accept any -xxx and +xxx compiler options in Configure. - [Ulf Möller] - - *) Update HPUX configuration. - [Anonymous] - - *) Add missing sk__unshift() function to safestack.h - [Ralf S. Engelschall] - - *) New function SSL_CTX_use_certificate_chain_file that sets the - "extra_cert"s in addition to the certificate. (This makes sense - only for "PEM" format files, as chains as a whole are not - DER-encoded.) - [Bodo Moeller] - - *) Support verify_depth from the SSL API. - x509_vfy.c had what can be considered an off-by-one-error: - Its depth (which was not part of the external interface) - was actually counting the number of certificates in a chain; - now it really counts the depth. - [Bodo Moeller] - - *) Bugfix in crypto/x509/x509_cmp.c: The SSLerr macro was used - instead of X509err, which often resulted in confusing error - messages since the error codes are not globally unique - (e.g. an alleged error in ssl3_accept when a certificate - didn't match the private key). - - *) New function SSL_CTX_set_session_id_context that allows to set a default - value (so that you don't need SSL_set_session_id_context for each - connection using the SSL_CTX). - [Bodo Moeller] - - *) OAEP decoding bug fix. - [Ulf Möller] - - *) Support INSTALL_PREFIX for package builders, as proposed by - David Harris. - [Bodo Moeller] - - *) New Configure options "threads" and "no-threads". For systems - where the proper compiler options are known (currently Solaris - and Linux), "threads" is the default. - [Bodo Moeller] - - *) New script util/mklink.pl as a faster substitute for util/mklink.sh. - [Bodo Moeller] - - *) Install various scripts to $(OPENSSLDIR)/misc, not to - $(INSTALLTOP)/bin -- they shouldn't clutter directories - such as /usr/local/bin. - [Bodo Moeller] - - *) "make linux-shared" to build shared libraries. - [Niels Poppe ] - - *) New Configure option no- (rsa, idea, rc5, ...). - [Ulf Möller] - - *) Add the PKCS#12 API documentation to openssl.txt. Preliminary support for - extension adding in x509 utility. - [Steve Henson] - - *) Remove NOPROTO sections and error code comments. - [Ulf Möller] - - *) Partial rewrite of the DEF file generator to now parse the ANSI - prototypes. - [Steve Henson] - - *) New Configure options --prefix=DIR and --openssldir=DIR. - [Ulf Möller] - - *) Complete rewrite of the error code script(s). It is all now handled - by one script at the top level which handles error code gathering, - header rewriting and C source file generation. It should be much better - than the old method: it now uses a modified version of Ulf's parser to - read the ANSI prototypes in all header files (thus the old K&R definitions - aren't needed for error creation any more) and do a better job of - translating function codes into names. The old 'ASN1 error code imbedded - in a comment' is no longer necessary and it doesn't use .err files which - have now been deleted. Also the error code call doesn't have to appear all - on one line (which resulted in some large lines...). - [Steve Henson] - - *) Change #include filenames from to . - [Bodo Moeller] - - *) Change behaviour of ssl2_read when facing length-0 packets: Don't return - 0 (which usually indicates a closed connection), but continue reading. - [Bodo Moeller] - - *) Fix some race conditions. - [Bodo Moeller] - - *) Add support for CRL distribution points extension. Add Certificate - Policies and CRL distribution points documentation. - [Steve Henson] - - *) Move the autogenerated header file parts to crypto/opensslconf.h. - [Ulf Möller] - - *) Fix new 56-bit DES export ciphersuites: they were using 7 bytes instead of - 8 of keying material. Merlin has also confirmed interop with this fix - between OpenSSL and Baltimore C/SSL 2.0 and J/SSL 2.0. - [Merlin Hughes ] - - *) Fix lots of warnings. - [Richard Levitte ] - - *) In add_cert_dir() in crypto/x509/by_dir.c, break out of the loop if - the directory spec didn't end with a LIST_SEPARATOR_CHAR. - [Richard Levitte ] - - *) Fix problems with sizeof(long) == 8. - [Andy Polyakov ] - - *) Change functions to ANSI C. - [Ulf Möller] - - *) Fix typos in error codes. - [Martin Kraemer , Ulf Möller] - - *) Remove defunct assembler files from Configure. - [Ulf Möller] - - *) SPARC v8 assembler BIGNUM implementation. - [Andy Polyakov ] - - *) Support for Certificate Policies extension: both print and set. - Various additions to support the r2i method this uses. - [Steve Henson] - - *) A lot of constification, and fix a bug in X509_NAME_oneline() that could - return a const string when you are expecting an allocated buffer. - [Ben Laurie] - - *) Add support for ASN1 types UTF8String and VISIBLESTRING, also the CHOICE - types DirectoryString and DisplayText. - [Steve Henson] - - *) Add code to allow r2i extensions to access the configuration database, - add an LHASH database driver and add several ctx helper functions. - [Steve Henson] - - *) Fix an evil bug in bn_expand2() which caused various BN functions to - fail when they extended the size of a BIGNUM. - [Steve Henson] - - *) Various utility functions to handle SXNet extension. Modify mkdef.pl to - support typesafe stack. - [Steve Henson] - - *) Fix typo in SSL_[gs]et_options(). - [Nils Frostberg ] - - *) Delete various functions and files that belonged to the (now obsolete) - old X509V3 handling code. - [Steve Henson] - - *) New Configure option "rsaref". - [Ulf Möller] - - *) Don't auto-generate pem.h. - [Bodo Moeller] - - *) Introduce type-safe ASN.1 SETs. - [Ben Laurie] - - *) Convert various additional casted stacks to type-safe STACK_OF() variants. - [Ben Laurie, Ralf S. Engelschall, Steve Henson] - - *) Introduce type-safe STACKs. This will almost certainly break lots of code - that links with OpenSSL (well at least cause lots of warnings), but fear - not: the conversion is trivial, and it eliminates loads of evil casts. A - few STACKed things have been converted already. Feel free to convert more. - In the fullness of time, I'll do away with the STACK type altogether. - [Ben Laurie] - - *) Add `openssl ca -revoke ' facility which revokes a certificate - specified in by updating the entry in the index.txt file. - This way one no longer has to edit the index.txt file manually for - revoking a certificate. The -revoke option does the gory details now. - [Massimiliano Pala , Ralf S. Engelschall] - - *) Fix `openssl crl -noout -text' combination where `-noout' killed the - `-text' option at all and this way the `-noout -text' combination was - inconsistent in `openssl crl' with the friends in `openssl x509|rsa|dsa'. - [Ralf S. Engelschall] - - *) Make sure a corresponding plain text error message exists for the - X509_V_ERR_CERT_REVOKED/23 error number which can occur when a - verify callback function determined that a certificate was revoked. - [Ralf S. Engelschall] - - *) Bugfix: In test/testenc, don't test "openssl " for - ciphers that were excluded, e.g. by -DNO_IDEA. Also, test - all available cipers including rc5, which was forgotten until now. - In order to let the testing shell script know which algorithms - are available, a new (up to now undocumented) command - "openssl list-cipher-commands" is used. - [Bodo Moeller] - - *) Bugfix: s_client occasionally would sleep in select() when - it should have checked SSL_pending() first. - [Bodo Moeller] - - *) New functions DSA_do_sign and DSA_do_verify to provide access to - the raw DSA values prior to ASN.1 encoding. - [Ulf Möller] - - *) Tweaks to Configure - [Niels Poppe ] - - *) Add support for PKCS#5 v2.0 ASN1 PBES2 structures. No other support, - yet... - [Steve Henson] - - *) New variables $(RANLIB) and $(PERL) in the Makefiles. - [Ulf Möller] - - *) New config option to avoid instructions that are illegal on the 80386. - The default code is faster, but requires at least a 486. - [Ulf Möller] - - *) Got rid of old SSL2_CLIENT_VERSION (inconsistently used) and - SSL2_SERVER_VERSION (not used at all) macros, which are now the - same as SSL2_VERSION anyway. - [Bodo Moeller] - - *) New "-showcerts" option for s_client. - [Bodo Moeller] - - *) Still more PKCS#12 integration. Add pkcs12 application to openssl - application. Various cleanups and fixes. - [Steve Henson] - - *) More PKCS#12 integration. Add new pkcs12 directory with Makefile.ssl and - modify error routines to work internally. Add error codes and PBE init - to library startup routines. - [Steve Henson] - - *) Further PKCS#12 integration. Added password based encryption, PKCS#8 and - packing functions to asn1 and evp. Changed function names and error - codes along the way. - [Steve Henson] - - *) PKCS12 integration: and so it begins... First of several patches to - slowly integrate PKCS#12 functionality into OpenSSL. Add PKCS#12 - objects to objects.h - [Steve Henson] - - *) Add a new 'indent' option to some X509V3 extension code. Initial ASN1 - and display support for Thawte strong extranet extension. - [Steve Henson] - - *) Add LinuxPPC support. - [Jeff Dubrule ] - - *) Get rid of redundant BN file bn_mulw.c, and rename bn_div64 to - bn_div_words in alpha.s. - [Hannes Reinecke and Ben Laurie] - - *) Make sure the RSA OAEP test is skipped under -DRSAref because - OAEP isn't supported when OpenSSL is built with RSAref. - [Ulf Moeller ] - - *) Move definitions of IS_SET/IS_SEQUENCE inside crypto/asn1/asn1.h - so they no longer are missing under -DNOPROTO. - [Soren S. Jorvang ] - - - Changes between 0.9.1c and 0.9.2b [22 Mar 1999] - - *) Make SSL_get_peer_cert_chain() work in servers. Unfortunately, it still - doesn't work when the session is reused. Coming soon! - [Ben Laurie] - - *) Fix a security hole, that allows sessions to be reused in the wrong - context thus bypassing client cert protection! All software that uses - client certs and session caches in multiple contexts NEEDS PATCHING to - allow session reuse! A fuller solution is in the works. - [Ben Laurie, problem pointed out by Holger Reif, Bodo Moeller (and ???)] - - *) Some more source tree cleanups (removed obsolete files - crypto/bf/asm/bf586.pl, test/test.txt and crypto/sha/asm/f.s; changed - permission on "config" script to be executable) and a fix for the INSTALL - document. - [Ulf Moeller ] - - *) Remove some legacy and erroneous uses of malloc, free instead of - Malloc, Free. - [Lennart Bang , with minor changes by Steve] - - *) Make rsa_oaep_test return non-zero on error. - [Ulf Moeller ] - - *) Add support for native Solaris shared libraries. Configure - solaris-sparc-sc4-pic, make, then run shlib/solaris-sc4.sh. It'd be nice - if someone would make that last step automatic. - [Matthias Loepfe ] - - *) ctx_size was not built with the right compiler during "make links". Fixed. - [Ben Laurie] - - *) Change the meaning of 'ALL' in the cipher list. It now means "everything - except NULL ciphers". This means the default cipher list will no longer - enable NULL ciphers. They need to be specifically enabled e.g. with - the string "DEFAULT:eNULL". - [Steve Henson] - - *) Fix to RSA private encryption routines: if p < q then it would - occasionally produce an invalid result. This will only happen with - externally generated keys because OpenSSL (and SSLeay) ensure p > q. - [Steve Henson] - - *) Be less restrictive and allow also `perl util/perlpath.pl - /path/to/bin/perl' in addition to `perl util/perlpath.pl /path/to/bin', - because this way one can also use an interpreter named `perl5' (which is - usually the name of Perl 5.xxx on platforms where an Perl 4.x is still - installed as `perl'). - [Matthias Loepfe ] - - *) Let util/clean-depend.pl work also with older Perl 5.00x versions. - [Matthias Loepfe ] - - *) Fix Makefile.org so CC,CFLAG etc are passed to 'make links' add - advapi32.lib to Win32 build and change the pem test comparision - to fc.exe (thanks to Ulrich Kroener for the - suggestion). Fix misplaced ASNI prototypes and declarations in evp.h - and crypto/des/ede_cbcm_enc.c. - [Steve Henson] - - *) DES quad checksum was broken on big-endian architectures. Fixed. - [Ben Laurie] - - *) Comment out two functions in bio.h that aren't implemented. Fix up the - Win32 test batch file so it (might) work again. The Win32 test batch file - is horrible: I feel ill.... - [Steve Henson] - - *) Move various #ifdefs around so NO_SYSLOG, NO_DIRENT etc are now selected - in e_os.h. Audit of header files to check ANSI and non ANSI - sections: 10 functions were absent from non ANSI section and not exported - from Windows DLLs. Fixed up libeay.num for new functions. - [Steve Henson] - - *) Make `openssl version' output lines consistent. - [Ralf S. Engelschall] - - *) Fix Win32 symbol export lists for BIO functions: Added - BIO_get_ex_new_index, BIO_get_ex_num, BIO_get_ex_data and BIO_set_ex_data - to ms/libeay{16,32}.def. - [Ralf S. Engelschall] - - *) Second round of fixing the OpenSSL perl/ stuff. It now at least compiled - fine under Unix and passes some trivial tests I've now added. But the - whole stuff is horribly incomplete, so a README.1ST with a disclaimer was - added to make sure no one expects that this stuff really works in the - OpenSSL 0.9.2 release. Additionally I've started to clean the XS sources - up and fixed a few little bugs and inconsistencies in OpenSSL.{pm,xs} and - openssl_bio.xs. - [Ralf S. Engelschall] - - *) Fix the generation of two part addresses in perl. - [Kenji Miyake , integrated by Ben Laurie] - - *) Add config entry for Linux on MIPS. - [John Tobey ] - - *) Make links whenever Configure is run, unless we are on Windoze. - [Ben Laurie] - - *) Permit extensions to be added to CRLs using crl_section in openssl.cnf. - Currently only issuerAltName and AuthorityKeyIdentifier make any sense - in CRLs. - [Steve Henson] - - *) Add a useful kludge to allow package maintainers to specify compiler and - other platforms details on the command line without having to patch the - Configure script everytime: One now can use ``perl Configure - :

'', i.e. platform ids are allowed to have details appended - to them (seperated by colons). This is treated as there would be a static - pre-configured entry in Configure's %table under key with value -
and ``perl Configure '' is called. So, when you want to - perform a quick test-compile under FreeBSD 3.1 with pgcc and without - assembler stuff you can use ``perl Configure "FreeBSD-elf:pgcc:-O6:::"'' - now, which overrides the FreeBSD-elf entry on-the-fly. - [Ralf S. Engelschall] - - *) Disable new TLS1 ciphersuites by default: they aren't official yet. - [Ben Laurie] - - *) Allow DSO flags like -fpic, -fPIC, -KPIC etc. to be specified - on the `perl Configure ...' command line. This way one can compile - OpenSSL libraries with Position Independent Code (PIC) which is needed - for linking it into DSOs. - [Ralf S. Engelschall] - - *) Remarkably, export ciphers were totally broken and no-one had noticed! - Fixed. - [Ben Laurie] - - *) Cleaned up the LICENSE document: The official contact for any license - questions now is the OpenSSL core team under openssl-core@openssl.org. - And add a paragraph about the dual-license situation to make sure people - recognize that _BOTH_ the OpenSSL license _AND_ the SSLeay license apply - to the OpenSSL toolkit. - [Ralf S. Engelschall] - - *) General source tree makefile cleanups: Made `making xxx in yyy...' - display consistent in the source tree and replaced `/bin/rm' by `rm'. - Additonally cleaned up the `make links' target: Remove unnecessary - semicolons, subsequent redundant removes, inline point.sh into mklink.sh - to speed processing and no longer clutter the display with confusing - stuff. Instead only the actually done links are displayed. - [Ralf S. Engelschall] - - *) Permit null encryption ciphersuites, used for authentication only. It used - to be necessary to set the preprocessor define SSL_ALLOW_ENULL to do this. - It is now necessary to set SSL_FORBID_ENULL to prevent the use of null - encryption. - [Ben Laurie] - - *) Add a bunch of fixes to the PKCS#7 stuff. It used to sometimes reorder - signed attributes when verifying signatures (this would break them), - the detached data encoding was wrong and public keys obtained using - X509_get_pubkey() weren't freed. - [Steve Henson] - - *) Add text documentation for the BUFFER functions. Also added a work around - to a Win95 console bug. This was triggered by the password read stuff: the - last character typed gets carried over to the next fread(). If you were - generating a new cert request using 'req' for example then the last - character of the passphrase would be CR which would then enter the first - field as blank. - [Steve Henson] - - *) Added the new `Includes OpenSSL Cryptography Software' button as - doc/openssl_button.{gif,html} which is similar in style to the old SSLeay - button and can be used by applications based on OpenSSL to show the - relationship to the OpenSSL project. - [Ralf S. Engelschall] - - *) Remove confusing variables in function signatures in files - ssl/ssl_lib.c and ssl/ssl.h. - [Lennart Bong ] - - *) Don't install bss_file.c under PREFIX/include/ - [Lennart Bong ] - - *) Get the Win32 compile working again. Modify mkdef.pl so it can handle - functions that return function pointers and has support for NT specific - stuff. Fix mk1mf.pl and VC-32.pl to support NT differences also. Various - #ifdef WIN32 and WINNTs sprinkled about the place and some changes from - unsigned to signed types: this was killing the Win32 compile. - [Steve Henson] - - *) Add new certificate file to stack functions, - SSL_add_dir_cert_subjects_to_stack() and - SSL_add_file_cert_subjects_to_stack(). These largely supplant - SSL_load_client_CA_file(), and can be used to add multiple certs easily - to a stack (usually this is then handed to SSL_CTX_set_client_CA_list()). - This means that Apache-SSL and similar packages don't have to mess around - to add as many CAs as they want to the preferred list. - [Ben Laurie] - - *) Experiment with doxygen documentation. Currently only partially applied to - ssl/ssl_lib.c. - See http://www.stack.nl/~dimitri/doxygen/index.html, and run doxygen with - openssl.doxy as the configuration file. - [Ben Laurie] - - *) Get rid of remaining C++-style comments which strict C compilers hate. - [Ralf S. Engelschall, pointed out by Carlos Amengual] - - *) Changed BN_RECURSION in bn_mont.c to BN_RECURSION_MONT so it is not - compiled in by default: it has problems with large keys. - [Steve Henson] - - *) Add a bunch of SSL_xxx() functions for configuring the temporary RSA and - DH private keys and/or callback functions which directly correspond to - their SSL_CTX_xxx() counterparts but work on a per-connection basis. This - is needed for applications which have to configure certificates on a - per-connection basis (e.g. Apache+mod_ssl) instead of a per-context basis - (e.g. s_server). - For the RSA certificate situation is makes no difference, but - for the DSA certificate situation this fixes the "no shared cipher" - problem where the OpenSSL cipher selection procedure failed because the - temporary keys were not overtaken from the context and the API provided - no way to reconfigure them. - The new functions now let applications reconfigure the stuff and they - are in detail: SSL_need_tmp_RSA, SSL_set_tmp_rsa, SSL_set_tmp_dh, - SSL_set_tmp_rsa_callback and SSL_set_tmp_dh_callback. Additionally a new - non-public-API function ssl_cert_instantiate() is used as a helper - function and also to reduce code redundancy inside ssl_rsa.c. - [Ralf S. Engelschall] - - *) Move s_server -dcert and -dkey options out of the undocumented feature - area because they are useful for the DSA situation and should be - recognized by the users. - [Ralf S. Engelschall] - - *) Fix the cipher decision scheme for export ciphers: the export bits are - *not* within SSL_MKEY_MASK or SSL_AUTH_MASK, they are within - SSL_EXP_MASK. So, the original variable has to be used instead of the - already masked variable. - [Richard Levitte ] - - *) Fix 'port' variable from `int' to `unsigned int' in crypto/bio/b_sock.c - [Richard Levitte ] - - *) Change type of another md_len variable in pk7_doit.c:PKCS7_dataFinal() - from `int' to `unsigned int' because it's a length and initialized by - EVP_DigestFinal() which expects an `unsigned int *'. - [Richard Levitte ] - - *) Don't hard-code path to Perl interpreter on shebang line of Configure - script. Instead use the usual Shell->Perl transition trick. - [Ralf S. Engelschall] - - *) Make `openssl x509 -noout -modulus' functional also for DSA certificates - (in addition to RSA certificates) to match the behaviour of `openssl dsa - -noout -modulus' as it's already the case for `openssl rsa -noout - -modulus'. For RSA the -modulus is the real "modulus" while for DSA - currently the public key is printed (a decision which was already done by - `openssl dsa -modulus' in the past) which serves a similar purpose. - Additionally the NO_RSA no longer completely removes the whole -modulus - option; it now only avoids using the RSA stuff. Same applies to NO_DSA - now, too. - [Ralf S. Engelschall] - - *) Add Arne Ansper's reliable BIO - this is an encrypted, block-digested - BIO. See the source (crypto/evp/bio_ok.c) for more info. - [Arne Ansper ] - - *) Dump the old yucky req code that tried (and failed) to allow raw OIDs - to be added. Now both 'req' and 'ca' can use new objects defined in the - config file. - [Steve Henson] - - *) Add cool BIO that does syslog (or event log on NT). - [Arne Ansper , integrated by Ben Laurie] - - *) Add support for new TLS ciphersuites, TLS_RSA_EXPORT56_WITH_RC4_56_MD5, - TLS_RSA_EXPORT56_WITH_RC2_CBC_56_MD5 and - TLS_RSA_EXPORT56_WITH_DES_CBC_SHA, as specified in "56-bit Export Cipher - Suites For TLS", draft-ietf-tls-56-bit-ciphersuites-00.txt. - [Ben Laurie] - - *) Add preliminary config info for new extension code. - [Steve Henson] - - *) Make RSA_NO_PADDING really use no padding. - [Ulf Moeller ] - - *) Generate errors when private/public key check is done. - [Ben Laurie] - - *) Overhaul for 'crl' utility. New function X509_CRL_print. Partial support - for some CRL extensions and new objects added. - [Steve Henson] - - *) Really fix the ASN1 IMPLICIT bug this time... Partial support for private - key usage extension and fuller support for authority key id. - [Steve Henson] - - *) Add OAEP encryption for the OpenSSL crypto library. OAEP is the improved - padding method for RSA, which is recommended for new applications in PKCS - #1 v2.0 (RFC 2437, October 1998). - OAEP (Optimal Asymmetric Encryption Padding) has better theoretical - foundations than the ad-hoc padding used in PKCS #1 v1.5. It is secure - against Bleichbacher's attack on RSA. - [Ulf Moeller , reformatted, corrected and integrated by - Ben Laurie] - - *) Updates to the new SSL compression code - [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)] - - *) Fix so that the version number in the master secret, when passed - via RSA, checks that if TLS was proposed, but we roll back to SSLv3 - (because the server will not accept higher), that the version number - is 0x03,0x01, not 0x03,0x00 - [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)] - - *) Run extensive memory leak checks on SSL apps. Fixed *lots* of memory - leaks in ssl/ relating to new X509_get_pubkey() behaviour. Also fixes - in apps/ and an unrelated leak in crypto/dsa/dsa_vrf.c - [Steve Henson] - - *) Support for RAW extensions where an arbitrary extension can be - created by including its DER encoding. See apps/openssl.cnf for - an example. - [Steve Henson] - - *) Make sure latest Perl versions don't interpret some generated C array - code as Perl array code in the crypto/err/err_genc.pl script. - [Lars Weber <3weber@informatik.uni-hamburg.de>] - - *) Modify ms/do_ms.bat to not generate assembly language makefiles since - not many people have the assembler. Various Win32 compilation fixes and - update to the INSTALL.W32 file with (hopefully) more accurate Win32 - build instructions. - [Steve Henson] - - *) Modify configure script 'Configure' to automatically create crypto/date.h - file under Win32 and also build pem.h from pem.org. New script - util/mkfiles.pl to create the MINFO file on environments that can't do a - 'make files': perl util/mkfiles.pl >MINFO should work. - [Steve Henson] - - *) Major rework of DES function declarations, in the pursuit of correctness - and purity. As a result, many evil casts evaporated, and some weirdness, - too. You may find this causes warnings in your code. Zapping your evil - casts will probably fix them. Mostly. - [Ben Laurie] - - *) Fix for a typo in asn1.h. Bug fix to object creation script - obj_dat.pl. It considered a zero in an object definition to mean - "end of object": none of the objects in objects.h have any zeros - so it wasn't spotted. - [Steve Henson, reported by Erwann ABALEA ] - - *) Add support for Triple DES Cipher Block Chaining with Output Feedback - Masking (CBCM). In the absence of test vectors, the best I have been able - to do is check that the decrypt undoes the encrypt, so far. Send me test - vectors if you have them. - [Ben Laurie] - - *) Correct calculation of key length for export ciphers (too much space was - allocated for null ciphers). This has not been tested! - [Ben Laurie] - - *) Modifications to the mkdef.pl for Win32 DEF file creation. The usage - message is now correct (it understands "crypto" and "ssl" on its - command line). There is also now an "update" option. This will update - the util/ssleay.num and util/libeay.num files with any new functions. - If you do a: - perl util/mkdef.pl crypto ssl update - it will update them. - [Steve Henson] - - *) Overhauled the Perl interface (perl/*): - - ported BN stuff to OpenSSL's different BN library - - made the perl/ source tree CVS-aware - - renamed the package from SSLeay to OpenSSL (the files still contain - their history because I've copied them in the repository) - - removed obsolete files (the test scripts will be replaced - by better Test::Harness variants in the future) - [Ralf S. Engelschall] - - *) First cut for a very conservative source tree cleanup: - 1. merge various obsolete readme texts into doc/ssleay.txt - where we collect the old documents and readme texts. - 2. remove the first part of files where I'm already sure that we no - longer need them because of three reasons: either they are just temporary - files which were left by Eric or they are preserved original files where - I've verified that the diff is also available in the CVS via "cvs diff - -rSSLeay_0_8_1b" or they were renamed (as it was definitely the case for - the crypto/md/ stuff). - [Ralf S. Engelschall] - - *) More extension code. Incomplete support for subject and issuer alt - name, issuer and authority key id. Change the i2v function parameters - and add an extra 'crl' parameter in the X509V3_CTX structure: guess - what that's for :-) Fix to ASN1 macro which messed up - IMPLICIT tag and add f_enum.c which adds a2i, i2a for ENUMERATED. - [Steve Henson] - - *) Preliminary support for ENUMERATED type. This is largely copied from the - INTEGER code. - [Steve Henson] - - *) Add new function, EVP_MD_CTX_copy() to replace frequent use of memcpy. - [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)] - - *) Make sure `make rehash' target really finds the `openssl' program. - [Ralf S. Engelschall, Matthias Loepfe ] - - *) Squeeze another 7% of speed out of MD5 assembler, at least on a P2. I'd - like to hear about it if this slows down other processors. - [Ben Laurie] - - *) Add CygWin32 platform information to Configure script. - [Alan Batie ] - - *) Fixed ms/32all.bat script: `no_asm' -> `no-asm' - [Rainer W. Gerling ] - - *) New program nseq to manipulate netscape certificate sequences - [Steve Henson] - - *) Modify crl2pkcs7 so it supports multiple -certfile arguments. Fix a - few typos. - [Steve Henson] - - *) Fixes to BN code. Previously the default was to define BN_RECURSION - but the BN code had some problems that would cause failures when - doing certificate verification and some other functions. - [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)] - - *) Add ASN1 and PEM code to support netscape certificate sequences. - [Steve Henson] - - *) Add ASN1 and PEM code to support netscape certificate sequences. - [Steve Henson] - - *) Add several PKIX and private extended key usage OIDs. - [Steve Henson] - - *) Modify the 'ca' program to handle the new extension code. Modify - openssl.cnf for new extension format, add comments. - [Steve Henson] - - *) More X509 V3 changes. Fix typo in v3_bitstr.c. Add support to 'req' - and add a sample to openssl.cnf so req -x509 now adds appropriate - CA extensions. - [Steve Henson] - - *) Continued X509 V3 changes. Add to other makefiles, integrate with the - error code, add initial support to X509_print() and x509 application. - [Steve Henson] - - *) Takes a deep breath and start addding X509 V3 extension support code. Add - files in crypto/x509v3. Move original stuff to crypto/x509v3/old. All this - stuff is currently isolated and isn't even compiled yet. - [Steve Henson] - - *) Continuing patches for GeneralizedTime. Fix up certificate and CRL - ASN1 to use ASN1_TIME and modify print routines to use ASN1_TIME_print. - Removed the versions check from X509 routines when loading extensions: - this allows certain broken certificates that don't set the version - properly to be processed. - [Steve Henson] - - *) Deal with irritating shit to do with dependencies, in YAAHW (Yet Another - Ad Hoc Way) - Makefile.ssls now all contain local dependencies, which - can still be regenerated with "make depend". - [Ben Laurie] - - *) Spelling mistake in C version of CAST-128. - [Ben Laurie, reported by Jeremy Hylton ] - - *) Changes to the error generation code. The perl script err-code.pl - now reads in the old error codes and retains the old numbers, only - adding new ones if necessary. It also only changes the .err files if new - codes are added. The makefiles have been modified to only insert errors - when needed (to avoid needlessly modifying header files). This is done - by only inserting errors if the .err file is newer than the auto generated - C file. To rebuild all the error codes from scratch (the old behaviour) - either modify crypto/Makefile.ssl to pass the -regen flag to err_code.pl - or delete all the .err files. - [Steve Henson] - - *) CAST-128 was incorrectly implemented for short keys. The C version has - been fixed, but is untested. The assembler versions are also fixed, but - new assembler HAS NOT BEEN GENERATED FOR WIN32 - the Makefile needs fixing - to regenerate it if needed. - [Ben Laurie, reported (with fix for C version) by Jun-ichiro itojun - Hagino ] - - *) File was opened incorrectly in randfile.c. - [Ulf Möller ] - - *) Beginning of support for GeneralizedTime. d2i, i2d, check and print - functions. Also ASN1_TIME suite which is a CHOICE of UTCTime or - GeneralizedTime. ASN1_TIME is the proper type used in certificates et - al: it's just almost always a UTCTime. Note this patch adds new error - codes so do a "make errors" if there are problems. - [Steve Henson] - - *) Correct Linux 1 recognition in config. - [Ulf Möller ] - - *) Remove pointless MD5 hash when using DSA keys in ca. - [Anonymous ] - - *) Generate an error if given an empty string as a cert directory. Also - generate an error if handed NULL (previously returned 0 to indicate an - error, but didn't set one). - [Ben Laurie, reported by Anonymous ] - - *) Add prototypes to SSL methods. Make SSL_write's buffer const, at last. - [Ben Laurie] - - *) Fix the dummy function BN_ref_mod_exp() in rsaref.c to have the correct - parameters. This was causing a warning which killed off the Win32 compile. - [Steve Henson] - - *) Remove C++ style comments from crypto/bn/bn_local.h. - [Neil Costigan ] - - *) The function OBJ_txt2nid was broken. It was supposed to return a nid - based on a text string, looking up short and long names and finally - "dot" format. The "dot" format stuff didn't work. Added new function - OBJ_txt2obj to do the same but return an ASN1_OBJECT and rewrote - OBJ_txt2nid to use it. OBJ_txt2obj can also return objects even if the - OID is not part of the table. - [Steve Henson] - - *) Add prototypes to X509 lookup/verify methods, fixing a bug in - X509_LOOKUP_by_alias(). - [Ben Laurie] - - *) Sort openssl functions by name. - [Ben Laurie] - - *) Get the gendsa program working (hopefully) and add it to app list. Remove - encryption from sample DSA keys (in case anyone is interested the password - was "1234"). - [Steve Henson] - - *) Make _all_ *_free functions accept a NULL pointer. - [Frans Heymans ] - - *) If a DH key is generated in s3_srvr.c, don't blow it by trying to use - NULL pointers. - [Anonymous ] - - *) s_server should send the CAfile as acceptable CAs, not its own cert. - [Bodo Moeller <3moeller@informatik.uni-hamburg.de>] - - *) Don't blow it for numeric -newkey arguments to apps/req. - [Bodo Moeller <3moeller@informatik.uni-hamburg.de>] - - *) Temp key "for export" tests were wrong in s3_srvr.c. - [Anonymous ] - - *) Add prototype for temp key callback functions - SSL_CTX_set_tmp_{rsa,dh}_callback(). - [Ben Laurie] - - *) Make DH_free() tolerate being passed a NULL pointer (like RSA_free() and - DSA_free()). Make X509_PUBKEY_set() check for errors in d2i_PublicKey(). - [Steve Henson] - - *) X509_name_add_entry() freed the wrong thing after an error. - [Arne Ansper ] - - *) rsa_eay.c would attempt to free a NULL context. - [Arne Ansper ] - - *) BIO_s_socket() had a broken should_retry() on Windoze. - [Arne Ansper ] - - *) BIO_f_buffer() didn't pass on BIO_CTRL_FLUSH. - [Arne Ansper ] - - *) Make sure the already existing X509_STORE->depth variable is initialized - in X509_STORE_new(), but document the fact that this variable is still - unused in the certificate verification process. - [Ralf S. Engelschall] - - *) Fix the various library and apps files to free up pkeys obtained from - X509_PUBKEY_get() et al. Also allow x509.c to handle netscape extensions. - [Steve Henson] - - *) Fix reference counting in X509_PUBKEY_get(). This makes - demos/maurice/example2.c work, amongst others, probably. - [Steve Henson and Ben Laurie] - - *) First cut of a cleanup for apps/. First the `ssleay' program is now named - `openssl' and second, the shortcut symlinks for the `openssl ' - are no longer created. This way we have a single and consistent command - line interface `openssl ', similar to `cvs '. - [Ralf S. Engelschall, Paul Sutton and Ben Laurie] - - *) ca.c: move test for DSA keys inside #ifndef NO_DSA. Make pubkey - BIT STRING wrapper always have zero unused bits. - [Steve Henson] - - *) Add CA.pl, perl version of CA.sh, add extended key usage OID. - [Steve Henson] - - *) Make the top-level INSTALL documentation easier to understand. - [Paul Sutton] - - *) Makefiles updated to exit if an error occurs in a sub-directory - make (including if user presses ^C) [Paul Sutton] - - *) Make Montgomery context stuff explicit in RSA data structure. - [Ben Laurie] - - *) Fix build order of pem and err to allow for generated pem.h. - [Ben Laurie] - - *) Fix renumbering bug in X509_NAME_delete_entry(). - [Ben Laurie] - - *) Enhanced the err-ins.pl script so it makes the error library number - global and can add a library name. This is needed for external ASN1 and - other error libraries. - [Steve Henson] - - *) Fixed sk_insert which never worked properly. - [Steve Henson] - - *) Fix ASN1 macros so they can handle indefinite length construted - EXPLICIT tags. Some non standard certificates use these: they can now - be read in. - [Steve Henson] - - *) Merged the various old/obsolete SSLeay documentation files (doc/xxx.doc) - into a single doc/ssleay.txt bundle. This way the information is still - preserved but no longer messes up this directory. Now it's new room for - the new set of documenation files. - [Ralf S. Engelschall] - - *) SETs were incorrectly DER encoded. This was a major pain, because they - shared code with SEQUENCEs, which aren't coded the same. This means that - almost everything to do with SETs or SEQUENCEs has either changed name or - number of arguments. - [Ben Laurie, based on a partial fix by GP Jayan ] - - *) Fix test data to work with the above. - [Ben Laurie] - - *) Fix the RSA header declarations that hid a bug I fixed in 0.9.0b but - was already fixed by Eric for 0.9.1 it seems. - [Ben Laurie - pointed out by Ulf Möller ] - - *) Autodetect FreeBSD3. - [Ben Laurie] - - *) Fix various bugs in Configure. This affects the following platforms: - nextstep - ncr-scde - unixware-2.0 - unixware-2.0-pentium - sco5-cc. - [Ben Laurie] - - *) Eliminate generated files from CVS. Reorder tests to regenerate files - before they are needed. - [Ben Laurie] - - *) Generate Makefile.ssl from Makefile.org (to keep CVS happy). - [Ben Laurie] - - - Changes between 0.9.1b and 0.9.1c [23-Dec-1998] - - *) Added OPENSSL_VERSION_NUMBER to crypto/crypto.h and - changed SSLeay to OpenSSL in version strings. - [Ralf S. Engelschall] - - *) Some fixups to the top-level documents. - [Paul Sutton] - - *) Fixed the nasty bug where rsaref.h was not found under compile-time - because the symlink to include/ was missing. - [Ralf S. Engelschall] - - *) Incorporated the popular no-RSA/DSA-only patches - which allow to compile a RSA-free SSLeay. - [Andrew Cooke / Interrader Ldt., Ralf S. Engelschall] - - *) Fixed nasty rehash problem under `make -f Makefile.ssl links' - when "ssleay" is still not found. - [Ralf S. Engelschall] - - *) Added more platforms to Configure: Cray T3E, HPUX 11, - [Ralf S. Engelschall, Beckmann ] - - *) Updated the README file. - [Ralf S. Engelschall] - - *) Added various .cvsignore files in the CVS repository subdirs - to make a "cvs update" really silent. - [Ralf S. Engelschall] - - *) Recompiled the error-definition header files and added - missing symbols to the Win32 linker tables. - [Ralf S. Engelschall] - - *) Cleaned up the top-level documents; - o new files: CHANGES and LICENSE - o merged VERSION, HISTORY* and README* files a CHANGES.SSLeay - o merged COPYRIGHT into LICENSE - o removed obsolete TODO file - o renamed MICROSOFT to INSTALL.W32 - [Ralf S. Engelschall] - - *) Removed dummy files from the 0.9.1b source tree: - crypto/asn1/x crypto/bio/cd crypto/bio/fg crypto/bio/grep crypto/bio/vi - crypto/bn/asm/......add.c crypto/bn/asm/a.out crypto/dsa/f crypto/md5/f - crypto/pem/gmon.out crypto/perlasm/f crypto/pkcs7/build crypto/rsa/f - crypto/sha/asm/f crypto/threads/f ms/zzz ssl/f ssl/f.mak test/f - util/f.mak util/pl/f util/pl/f.mak crypto/bf/bf_locl.old apps/f - [Ralf S. Engelschall] - - *) Added various platform portability fixes. - [Mark J. Cox] - - *) The Genesis of the OpenSSL rpject: - We start with the latest (unreleased) SSLeay version 0.9.1b which Eric A. - Young and Tim J. Hudson created while they were working for C2Net until - summer 1998. - [The OpenSSL Project] - - - Changes between 0.9.0b and 0.9.1b [not released] - - *) Updated a few CA certificates under certs/ - [Eric A. Young] - - *) Changed some BIGNUM api stuff. - [Eric A. Young] - - *) Various platform ports: OpenBSD, Ultrix, IRIX 64bit, NetBSD, - DGUX x86, Linux Alpha, etc. - [Eric A. Young] - - *) New COMP library [crypto/comp/] for SSL Record Layer Compression: - RLE (dummy implemented) and ZLIB (really implemented when ZLIB is - available). - [Eric A. Young] - - *) Add -strparse option to asn1pars program which parses nested - binary structures - [Dr Stephen Henson ] - - *) Added "oid_file" to ssleay.cnf for "ca" and "req" programs. - [Eric A. Young] - - *) DSA fix for "ca" program. - [Eric A. Young] - - *) Added "-genkey" option to "dsaparam" program. - [Eric A. Young] - - *) Added RIPE MD160 (rmd160) message digest. - [Eric A. Young] - - *) Added -a (all) option to "ssleay version" command. - [Eric A. Young] - - *) Added PLATFORM define which is the id given to Configure. - [Eric A. Young] - - *) Added MemCheck_XXXX functions to crypto/mem.c for memory checking. - [Eric A. Young] - - *) Extended the ASN.1 parser routines. - [Eric A. Young] - - *) Extended BIO routines to support REUSEADDR, seek, tell, etc. - [Eric A. Young] - - *) Added a BN_CTX to the BN library. - [Eric A. Young] - - *) Fixed the weak key values in DES library - [Eric A. Young] - - *) Changed API in EVP library for cipher aliases. - [Eric A. Young] - - *) Added support for RC2/64bit cipher. - [Eric A. Young] - - *) Converted the lhash library to the crypto/mem.c functions. - [Eric A. Young] - - *) Added more recognized ASN.1 object ids. - [Eric A. Young] - - *) Added more RSA padding checks for SSL/TLS. - [Eric A. Young] - - *) Added BIO proxy/filter functionality. - [Eric A. Young] - - *) Added extra_certs to SSL_CTX which can be used - send extra CA certificates to the client in the CA cert chain sending - process. It can be configured with SSL_CTX_add_extra_chain_cert(). - [Eric A. Young] - - *) Now Fortezza is denied in the authentication phase because - this is key exchange mechanism is not supported by SSLeay at all. - [Eric A. Young] - - *) Additional PKCS1 checks. - [Eric A. Young] - - *) Support the string "TLSv1" for all TLS v1 ciphers. - [Eric A. Young] - - *) Added function SSL_get_ex_data_X509_STORE_CTX_idx() which gives the - ex_data index of the SSL context in the X509_STORE_CTX ex_data. - [Eric A. Young] - - *) Fixed a few memory leaks. - [Eric A. Young] - - *) Fixed various code and comment typos. - [Eric A. Young] - - *) A minor bug in ssl/s3_clnt.c where there would always be 4 0 - bytes sent in the client random. - [Edward Bishop ] - diff --git a/src/lib/libssl/src/CHANGES.SSLeay b/src/lib/libssl/src/CHANGES.SSLeay deleted file mode 100644 index dbb80b003d8..00000000000 --- a/src/lib/libssl/src/CHANGES.SSLeay +++ /dev/null @@ -1,968 +0,0 @@ -This file contains the changes for the SSLeay library up to version -0.9.0b. For later changes, see the file "CHANGES". - - SSLeay CHANGES - ______________ - -Changes between 0.8.x and 0.9.0b - -10-Apr-1998 - -I said the next version would go out at easter, and so it shall. -I expect a 0.9.1 will follow with portability fixes in the next few weeks. - -This is a quick, meet the deadline. Look to ssl-users for comments on what -is new etc. - -eric (about to go bushwalking for the 4 day easter break :-) - -16-Mar-98 - - Patch for Cray T90 from Wayne Schroeder - - Lots and lots of changes - -29-Jan-98 - - ASN1_BIT_STRING_set_bit()/ASN1_BIT_STRING_get_bit() from - Goetz Babin-Ebell . - - SSL_version() now returns SSL2_VERSION, SSL3_VERSION or - TLS1_VERSION. - -7-Jan-98 - - Finally reworked the cipher string to ciphers again, so it - works correctly - - All the app_data stuff is now ex_data with funcion calls to access. - The index is supplied by a function and 'methods' can be setup - for the types that are called on XXX_new/XXX_free. This lets - applications get notified on creation and destruction. Some of - the RSA methods could be implemented this way and I may do so. - - Oh yes, SSL under perl5 is working at the basic level. - -15-Dec-97 - - Warning - the gethostbyname cache is not fully thread safe, - but it should work well enough. - - Major internal reworking of the app_data stuff. More functions - but if you were accessing ->app_data directly, things will - stop working. - - The perlv5 stuff is working. Currently on message digests, - ciphers and the bignum library. - -9-Dec-97 - - Modified re-negotiation so that server initated re-neg - will cause a SSL_read() to return -1 should retry. - The danger otherwise was that the server and the - client could end up both trying to read when using non-blocking - sockets. - -4-Dec-97 - - Lots of small changes - - Fix for binaray mode in Windows for the FILE BIO, thanks to - Bob Denny - -17-Nov-97 - - Quite a few internal cleanups, (removal of errno, and using macros - defined in e_os.h). - - A bug in ca.c, pointed out by yasuyuki-ito@d-cruise.co.jp, where - the automactic naming out output files was being stuffed up. - -29-Oct-97 - - The Cast5 cipher has been added. MD5 and SHA-1 are now in assember - for x86. - -21-Oct-97 - - Fixed a bug in the BIO_gethostbyname() cache. - -15-Oct-97 - - cbc mode for blowfish/des/3des is now in assember. Blowfish asm - has also been improved. At this point in time, on the pentium, - md5 is %80 faster, the unoptimesed sha-1 is %79 faster, - des-cbc is %28 faster, des-ede3-cbc is %9 faster and blowfish-cbc - is %62 faster. - -12-Oct-97 - - MEM_BUF_grow() has been fixed so that it always sets the buf->length - to the value we are 'growing' to. Think of MEM_BUF_grow() as the - way to set the length value correctly. - -10-Oct-97 - - I now hash for certificate lookup on the raw DER encoded RDN (md5). - This breaks things again :-(. This is efficent since I cache - the DER encoding of the RDN. - - The text DN now puts in the numeric OID instead of UNKNOWN. - - req can now process arbitary OIDs in the config file. - - I've been implementing md5 in x86 asm, much faster :-). - - Started sha1 in x86 asm, needs more work. - - Quite a few speedups in the BN stuff. RSA public operation - has been made faster by caching the BN_MONT_CTX structure. - The calulating of the Ai where A*Ai === 1 mod m was rather - expensive. Basically a 40-50% speedup on public operations. - The RSA speedup is now 15% on pentiums and %20 on pentium - pro. - -30-Sep-97 - - After doing some profiling, I added x86 adm for bn_add_words(), - which just adds 2 arrays of longs together. A %10 speedup - for 512 and 1024 bit RSA on the pentium pro. - -29-Sep-97 - - Converted the x86 bignum assembler to us the perl scripts - for generation. - -23-Sep-97 - - If SSL_set_session() is passed a NULL session, it now clears the - current session-id. - -22-Sep-97 - - Added a '-ss_cert file' to apps/ca.c. This will sign selfsigned - certificates. - - Bug in crypto/evp/encode.c where by decoding of 65 base64 - encoded lines, one line at a time (via a memory BIO) would report - EOF after the first line was decoded. - - Fix in X509_find_by_issuer_and_serial() from - Dr Stephen Henson - -19-Sep-97 - - NO_FP_API and NO_STDIO added. - - Put in sh config command. It auto runs Configure with the correct - parameters. - -18-Sep-97 - - Fix x509.c so if a DSA cert has different parameters to its parent, - they are left in place. Not tested yet. - -16-Sep-97 - - ssl_create_cipher_list() had some bugs, fixes from - Patrick Eisenacher - - Fixed a bug in the Base64 BIO, where it would return 1 instead - of -1 when end of input was encountered but should retry. - Basically a Base64/Memory BIO interaction problem. - - Added a HMAC set of functions in preporarion for TLS work. - -15-Sep-97 - - Top level makefile tweak - Cameron Simpson - - Prime generation spead up %25 (512 bit prime, pentium pro linux) - by using montgomery multiplication in the prime number test. - -11-Sep-97 - - Ugly bug in ssl3_write_bytes(). Basically if application land - does a SSL_write(ssl,buf,len) where len > 16k, the SSLv3 write code - did not check the size and tried to copy the entire buffer. - This would tend to cause memory overwrites since SSLv3 has - a maximum packet size of 16k. If your program uses - buffers <= 16k, you would probably never see this problem. - - Fixed a new errors that were cause by malloc() not returning - 0 initialised memory.. - - SSL_OP_NETSCAPE_CA_DN_BUG was being switched on when using - SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL); which was a bad thing - since this flags stops SSLeay being able to handle client - cert requests correctly. - -08-Sep-97 - - SSL_SESS_CACHE_NO_INTERNAL_LOOKUP option added. When switched - on, the SSL server routines will not use a SSL_SESSION that is - held in it's cache. This in intended to be used with the session-id - callbacks so that while the session-ids are still stored in the - cache, the decision to use them and how to look them up can be - done by the callbacks. The are the 'new', 'get' and 'remove' - callbacks. This can be used to determine the session-id - to use depending on information like which port/host the connection - is coming from. Since the are also SSL_SESSION_set_app_data() and - SSL_SESSION_get_app_data() functions, the application can hold - information against the session-id as well. - -03-Sep-97 - - Added lookup of CRLs to the by_dir method, - X509_load_crl_file() also added. Basically it means you can - lookup CRLs via the same system used to lookup certificates. - - Changed things so that the X509_NAME structure can contain - ASN.1 BIT_STRINGS which is required for the unique - identifier OID. - - Fixed some problems with the auto flushing of the session-id - cache. It was not occuring on the server side. - -02-Sep-97 - - Added SSL_CTX_sess_cache_size(SSL_CTX *ctx,unsigned long size) - which is the maximum number of entries allowed in the - session-id cache. This is enforced with a simple FIFO list. - The default size is 20*1024 entries which is rather large :-). - The Timeout code is still always operating. - -01-Sep-97 - - Added an argument to all the 'generate private key/prime` - callbacks. It is the last parameter so this should not - break existing code but it is needed for C++. - - Added the BIO_FLAGS_BASE64_NO_NL flag for the BIO_f_base64() - BIO. This lets the BIO read and write base64 encoded data - without inserting or looking for '\n' characters. The '-A' - flag turns this on when using apps/enc.c. - - RSA_NO_PADDING added to help BSAFE functionality. This is a - very dangerous thing to use, since RSA private key - operations without random padding bytes (as PKCS#1 adds) can - be attacked such that the private key can be revealed. - - ASN.1 bug and rc2-40-cbc and rc4-40 added by - Dr Stephen Henson - -31-Aug-97 (stuff added while I was away) - - Linux pthreads by Tim Hudson (tjh@cryptsoft.com). - - RSA_flags() added allowing bypass of pub/priv match check - in ssl/ssl_rsa.c - Tim Hudson. - - A few minor bugs. - -SSLeay 0.8.1 released. - -19-Jul-97 - - Server side initated dynamic renegotiation is broken. I will fix - it when I get back from holidays. - -15-Jul-97 - - Quite a few small changes. - - INVALID_SOCKET usage cleanups from Alex Kiernan - -09-Jul-97 - - Added 2 new values to the SSL info callback. - SSL_CB_START which is passed when the SSL protocol is started - and SSL_CB_DONE when it has finished sucsessfully. - -08-Jul-97 - - Fixed a few bugs problems in apps/req.c and crypto/asn1/x_pkey.c - that related to DSA public/private keys. - - Added all the relevent PEM and normal IO functions to support - reading and writing RSAPublic keys. - - Changed makefiles to use ${AR} instead of 'ar r' - -07-Jul-97 - - Error in ERR_remove_state() that would leave a dangling reference - to a free()ed location - thanks to Alex Kiernan - - s_client now prints the X509_NAMEs passed from the server - when requesting a client cert. - - Added a ssl->type, which is one of SSL_ST_CONNECT or - SSL_ST_ACCEPT. I had to add it so I could tell if I was - a connect or an accept after the handshake had finished. - - SSL_get_client_CA_list(SSL *s) now returns the CA names - passed by the server if called by a client side SSL. - -05-Jul-97 - - Bug in X509_NAME_get_text_by_OBJ(), looking starting at index - 0, not -1 :-( Fix from Tim Hudson (tjh@cryptsoft.com). - -04-Jul-97 - - Fixed some things in X509_NAME_add_entry(), thanks to - Matthew Donald . - - I had a look at the cipher section and though that it was a - bit confused, so I've changed it. - - I was not setting up the RC4-64-MD5 cipher correctly. It is - a MS special that appears in exported MS Money. - - Error in all my DH ciphers. Section 7.6.7.3 of the SSLv3 - spec. I was missing the two byte length header for the - ClientDiffieHellmanPublic value. This is a packet sent from - the client to the server. The SSL_OP_SSLEAY_080_CLIENT_DH_BUG - option will enable SSLeay server side SSLv3 accept either - the correct or my 080 packet format. - - Fixed a few typos in crypto/pem.org. - -02-Jul-97 - - Alias mapping for EVP_get_(digest|cipher)byname is now - performed before a lookup for actual cipher. This means - that an alias can be used to 're-direct' a cipher or a - digest. - - ASN1_read_bio() had a bug that only showed up when using a - memory BIO. When EOF is reached in the memory BIO, it is - reported as a -1 with BIO_should_retry() set to true. - -01-Jul-97 - - Fixed an error in X509_verify_cert() caused by my - miss-understanding how 'do { contine } while(0);' works. - Thanks to Emil Sit for educating me :-) - -30-Jun-97 - - Base64 decoding error. If the last data line did not end with - a '=', sometimes extra data would be returned. - - Another 'cut and paste' bug in x509.c related to setting up the - STDout BIO. - -27-Jun-97 - - apps/ciphers.c was not printing due to an editing error. - - Alex Kiernan send in a nice fix for - a library build error in util/mk1mf.pl - -26-Jun-97 - - Still did not have the auto 'experimental' code removal - script correct. - - A few header tweaks for Watcom 11.0 under Win32 from - Rolf Lindemann - - 0 length OCTET_STRING bug in asn1_parse - - A minor fix with an non-existent function in the MS .def files. - - A few changes to the PKCS7 stuff. - -25-Jun-97 - SSLeay 0.8.0 finally it gets released. - -24-Jun-97 - Added a SSL_OP_EPHEMERAL_RSA option which causes all SSLv3 RSA keys to - use a temporary RSA key. This is experimental and needs some more work. - Fixed a few Win16 build problems. - -23-Jun-97 - SSLv3 bug. I was not doing the 'lookup' of the CERT structure - correctly. I was taking the SSL->ctx->default_cert when I should - have been using SSL->cert. The bug was in ssl/s3_srvr.c - -20-Jun-97 - X509_ATTRIBUTES were being encoded wrongly by apps/reg.c and the - rest of the library. Even though I had the code required to do - it correctly, apps/req.c was doing the wrong thing. I have fixed - and tested everything. - - Missing a few #ifdef FIONBIO sections in crypto/bio/bss_acpt.c. - -19-Jun-97 - Fixed a bug in the SSLv2 server side first packet handling. When - using the non-blocking test BIO, the ssl->s2->first_packet flag - was being reset when a would-block failure occurred when reading - the first 5 bytes of the first packet. This caused the checking - logic to run at the wrong time and cause an error. - - Fixed a problem with specifying cipher. If RC4-MD5 were used, - only the SSLv3 version would be picked up. Now this will pick - up both SSLv2 and SSLv3 versions. This required changing the - SSL_CIPHER->mask values so that they only mask the ciphers, - digests, authentication, export type and key-exchange algorithms. - - I found that when a SSLv23 session is established, a reused - session, of type SSLv3 was attempting to write the SSLv2 - ciphers, which were invalid. The SSL_METHOD->put_cipher_by_char - method has been modified so it will only write out cipher which - that method knows about. - - - Changes between 0.8.0 and 0.8.1 - - *) Mostly bug fixes. - There is an Ephemeral DH cipher problem which is fixed. - - SSLeay 0.8.0 - -This version of SSLeay has quite a lot of things different from the -previous version. - -Basically check all callback parameters, I will be producing documentation -about how to use things in th future. Currently I'm just getting 080 out -the door. Please not that there are several ways to do everything, and -most of the applications in the apps directory are hybrids, some using old -methods and some using new methods. - -Have a look in demos/bio for some very simple programs and -apps/s_client.c and apps/s_server.c for some more advanced versions. -Notes are definitly needed but they are a week or so away. - -Anyway, some quick nots from Tim Hudson (tjh@cryptsoft.com) ---- -Quick porting notes for moving from SSLeay-0.6.x to SSLeay-0.8.x to -get those people that want to move to using the new code base off to -a quick start. - -Note that Eric has tidied up a lot of the areas of the API that were -less than desirable and renamed quite a few things (as he had to break -the API in lots of places anyrate). There are a whole pile of additional -functions for making dealing with (and creating) certificates a lot -cleaner. - -01-Jul-97 -Tim Hudson -tjh@cryptsoft.com - ----8<--- - -To maintain code that uses both SSLeay-0.6.x and SSLeay-0.8.x you could -use something like the following (assuming you #include "crypto.h" which -is something that you really should be doing). - -#if SSLEAY_VERSION_NUMBER >= 0x0800 -#define SSLEAY8 -#endif - -buffer.h -> splits into buffer.h and bio.h so you need to include bio.h - too if you are working with BIO internal stuff (as distinct - from simply using the interface in an opaque manner) - -#include "bio.h" - required along with "buffer.h" if you write - your own BIO routines as the buffer and bio - stuff that was intermixed has been separated - out - -envelope.h -> evp.h (which should have been done ages ago) - -Initialisation ... don't forget these or you end up with code that -is missing the bits required to do useful things (like ciphers): - -SSLeay_add_ssl_algorithms() -(probably also want SSL_load_error_strings() too but you should have - already had that call in place) - -SSL_CTX_new() - requires an extra method parameter - SSL_CTX_new(SSLv23_method()) - SSL_CTX_new(SSLv2_method()) - SSL_CTX_new(SSLv3_method()) - - OR to only have the server or the client code - SSL_CTX_new(SSLv23_server_method()) - SSL_CTX_new(SSLv2_server_method()) - SSL_CTX_new(SSLv3_server_method()) - or - SSL_CTX_new(SSLv23_client_method()) - SSL_CTX_new(SSLv2_client_method()) - SSL_CTX_new(SSLv3_client_method()) - -SSL_set_default_verify_paths() ... renamed to the more appropriate -SSL_CTX_set_default_verify_paths() - -If you want to use client certificates then you have to add in a bit -of extra stuff in that a SSLv3 server sends a list of those CAs that -it will accept certificates from ... so you have to provide a list to -SSLeay otherwise certain browsers will not send client certs. - -SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file)); - - -X509_NAME_oneline(X) -> X509_NAME_oneline(X,NULL,0) - or provide a buffer and size to copy the - result into - -X509_add_cert -> X509_STORE_add_cert (and you might want to read the - notes on X509_NAME structure changes too) - - -VERIFICATION CODE -================= - -The codes have all be renamed from VERIFY_ERR_* to X509_V_ERR_* to -more accurately reflect things. - -The verification callback args are now packaged differently so that -extra fields for verification can be added easily in future without -having to break things by adding extra parameters each release :-) - -X509_cert_verify_error_string -> X509_verify_cert_error_string - - -BIO INTERNALS -============= - -Eric has fixed things so that extra flags can be introduced in -the BIO layer in future without having to play with all the BIO -modules by adding in some macros. - -The ugly stuff using - b->flags ~= (BIO_FLAGS_RW|BIO_FLAGS_SHOULD_RETRY) -becomes - BIO_clear_retry_flags(b) - - b->flags |= (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY) -becomes - BIO_set_retry_read(b) - -Also ... BIO_get_retry_flags(b), BIO_set_flags(b) - - - -OTHER THINGS -============ - -X509_NAME has been altered so that it isn't just a STACK ... the STACK -is now in the "entries" field ... and there are a pile of nice functions -for getting at the details in a much cleaner manner. - -SSL_CTX has been altered ... "cert" is no longer a direct member of this -structure ... things are now down under "cert_store" (see x509_vfy.h) and -things are no longer in a CERTIFICATE_CTX but instead in a X509_STORE. -If your code "knows" about this level of detail then it will need some -surgery. - -If you depending on the incorrect spelling of a number of the error codes -then you will have to change your code as these have been fixed. - -ENV_CIPHER "type" got renamed to "nid" and as that is what it actually -has been all along so this makes things clearer. -ify_cert_error_string(ctx->error)); - -SSL_R_NO_CIPHER_WE_TRUST -> SSL_R_NO_CIPHER_LIST - and SSL_R_REUSE_CIPHER_LIST_NOT_ZERO - - - - Changes between 0.7.x and 0.8.0 - - *) There have been lots of changes, mostly the addition of SSLv3. - There have been many additions from people and amongst - others, C2Net has assisted greatly. - - Changes between 0.7.x and 0.7.x - - *) Internal development version only - -SSLeay 0.6.6 13-Jan-1997 - -The main additions are - -- assember for x86 DES improvments. - From 191,000 per second on a pentium 100, I now get 281,000. The inner - loop and the IP/FP modifications are from - Svend Olaf Mikkelsen . Many thanks for his - contribution. -- The 'DES macros' introduced in 0.6.5 now have 3 types. - DES_PTR1, DES_PTR2 and 'normal'. As per before, des_opts reports which - is best and there is a summery of mine in crypto/des/options.txt -- A few bug fixes. -- Added blowfish. It is not used by SSL but all the other stuff that - deals with ciphers can use it in either ecb, cbc, cfb64 or ofb64 modes. - There are 3 options for optimising Blowfish. BF_PTR, BF_PTR2 and 'normal'. - BF_PTR2 is pentium/x86 specific. The correct option is setup in - the 'Configure' script. -- There is now a 'get client certificate' callback which can be - 'non-blocking'. If more details are required, let me know. It will - documented more in SSLv3 when I finish it. -- Bug fixes from 0.6.5 including the infamous 'ca' bug. The 'make test' - now tests the ca program. -- Lots of little things modified and tweaked. - - SSLeay 0.6.5 - -After quite some time (3 months), the new release. I have been very busy -for the last few months and so this is mostly bug fixes and improvments. - -The main additions are - -- assember for x86 DES. For all those gcc based systems, this is a big - improvement. From 117,000 DES operation a second on a pentium 100, - I now get 191,000. I have also reworked the C version so it - now gives 148,000 DESs per second. -- As mentioned above, the inner DES macros now have some more variant that - sometimes help, sometimes hinder performance. There are now 3 options - DES_PTR (ptr vs array lookup), DES_UNROLL (full vs partial loop unrolling) - and DES_RISC (a more register intensive version of the inner macro). - The crypto/des/des_opts.c program, when compiled and run, will give - an indication of the correct options to use. -- The BIO stuff has been improved. Read doc/bio.doc. There are now - modules for encryption and base64 encoding and a BIO_printf() function. -- The CA program will accept simple one line X509v3 extensions in the - ssleay.cnf file. Have a look at the example. Currently this just - puts the text into the certificate as an OCTET_STRING so currently - the more advanced X509v3 data types are not handled but this is enough - for the netscape extensions. -- There is the start of a nicer higher level interface to the X509 - strucutre. -- Quite a lot of bug fixes. -- CRYPTO_malloc_init() (or CRYPTO_set_mem_functions()) can be used - to define the malloc(), free() and realloc() routines to use - (look in crypto/crypto.h). This is mostly needed for Windows NT/95 when - using DLLs and mixing CRT libraries. - -In general, read the 'VERSION' file for changes and be aware that some of -the new stuff may not have been tested quite enough yet, so don't just plonk -in SSLeay 0.6.5 when 0.6.4 used to work and expect nothing to break. - -SSLeay 0.6.4 30/08/96 eay - -I've just finished some test builds on Windows NT, Windows 3.1, Solaris 2.3, -Solaris 2.5, Linux, IRIX, HPUX 10 and everthing seems to work :-). - -The main changes in this release - -- Thread safe. have a read of doc/threads.doc and play in the mt directory. - For anyone using 0.6.3 with threads, I found 2 major errors so consider - moving to 0.6.4. I have a test program that builds under NT and - solaris. -- The get session-id callback has changed. Have a read of doc/callback.doc. -- The X509_cert_verify callback (the SSL_verify callback) now - has another argument. Have a read of doc/callback.doc -- 'ca -preserve', sign without re-ordering the DN. Not tested much. -- VMS support. -- Compile time memory leak detection can now be built into SSLeay. - Read doc/memory.doc -- CONF routines now understand '\', '\n', '\r' etc. What this means is that - the SPKAC object mentioned in doc/ns-ca.doc can be on multiple lines. -- 'ssleay ciphers' added, lists the default cipher list for SSLeay. -- RC2 key setup is now compatable with Netscape. -- Modifed server side of SSL implementation, big performance difference when - using session-id reuse. - -0.6.3 - -Bug fixes and the addition of some nice stuff to the 'ca' program. -Have a read of doc/ns-ca.doc for how hit has been modified so -it can be driven from a CGI script. The CGI script is not provided, -but that is just being left as an excersize for the reader :-). - -0.6.2 - -This is most bug fixes and functionality improvements. - -Additions are -- More thread debugging patches, the thread stuff is still being - tested, but for those keep to play with stuff, have a look in - crypto/cryptlib.c. The application needs to define 1 (or optionaly - a second) callback that is used to implement locking. Compiling - with LOCK_DEBUG spits out lots of locking crud :-). - This is what I'm currently working on. -- SSL_CTX_set_default_passwd_cb() can be used to define the callback - function used in the SSL*_file() functions used to load keys. I was - always of the opinion that people should call - PEM_read_RSAPrivateKey() and pass the callback they want to use, but - it appears they just want to use the SSL_*_file() function() :-(. -- 'enc' now has a -kfile so a key can be read from a file. This is - mostly used so that the passwd does not appear when using 'ps', - which appears imposible to stop under solaris. -- X509v3 certificates now work correctly. I even have more examples - in my tests :-). There is now a X509_EXTENSION type that is used in - X509v3 certificates and CRLv2. -- Fixed that signature type error :-( -- Fixed quite a few potential memory leaks and problems when reusing - X509, CRL and REQ structures. -- EVP_set_pw_prompt() now sets the library wide default password - prompt. -- The 'pkcs7' command will now, given the -print_certs flag, output in - pem format, all certificates and CRL contained within. This is more - of a pre-emtive thing for the new verisign distribution method. I - should also note, that this also gives and example in code, of how - to do this :-), or for that matter, what is involved in going the - other way (list of certs and crl -> pkcs7). -- Added RSA's DESX to the DES library. It is also available via the - EVP_desx_cbc() method and via 'enc desx'. - -SSLeay 0.6.1 - -The main functional changes since 0.6.0 are as follows -- Bad news, the Microsoft 060 DLL's are not compatable, but the good news is - that from now on, I'll keep the .def numbers the same so they will be. -- RSA private key operations are about 2 times faster that 0.6.0 -- The SSL_CTX now has more fields so default values can be put against - it. When an SSL structure is created, these default values are used - but can be overwritten. There are defaults for cipher, certificate, - private key, verify mode and callback. This means SSL session - creation can now be - ssl=SSL_new() - SSL_set_fd(ssl,sock); - SSL_accept(ssl) - .... - All the other uglyness with having to keep a global copy of the - private key and certificate/verify mode in the server is now gone. -- ssl/ssltest.c - one process talking SSL to its self for testing. -- Storage of Session-id's can be controled via a session_cache_mode - flag. There is also now an automatic default flushing of - old session-id's. -- The X509_cert_verify() function now has another parameter, this - should not effect most people but it now means that the reason for - the failure to verify is now available via SSL_get_verify_result(ssl). - You don't have to use a global variable. -- SSL_get_app_data() and SSL_set_app_data() can be used to keep some - application data against the SSL structure. It is upto the application - to free the data. I don't use it, but it is available. -- SSL_CTX_set_cert_verify_callback() can be used to specify a - verify callback function that completly replaces my certificate - verification code. Xcert should be able to use this :-). - The callback is of the form int app_verify_callback(arg,ssl,cert). - This needs to be documented more. -- I have started playing with shared library builds, have a look in - the shlib directory. It is very simple. If you need a numbered - list of functions, have a look at misc/crypto.num and misc/ssl.num. -- There is some stuff to do locking to make the library thread safe. - I have only started this stuff and have not finished. If anyone is - keen to do so, please send me the patches when finished. - -So I have finally made most of the additions to the SSL interface that -I thought were needed. - -There will probably be a pause before I make any non-bug/documentation -related changes to SSLeay since I'm feeling like a bit of a break. - -eric - 12 Jul 1996 -I saw recently a comment by some-one that we now seem to be entering -the age of perpetual Beta software. -Pioneered by packages like linux but refined to an art form by -netscape. - -I too wish to join this trend with the anouncement of SSLeay 0.6.0 :-). - -There are quite a large number of sections that are 'works in -progress' in this package. I will also list the major changes and -what files you should read. - -BIO - this is the new IO structure being used everywhere in SSLeay. I -started out developing this because of microsoft, I wanted a mechanism -to callback to the application for all IO, so Windows 3.1 DLL -perversion could be hidden from me and the 15 different ways to write -to a file under NT would also not be dictated by me at library build -time. What the 'package' is is an API for a data structure containing -functions. IO interfaces can be written to conform to the -specification. This in not intended to hide the underlying data type -from the application, but to hide it from SSLeay :-). -I have only really finished testing the FILE * and socket/fd modules. -There are also 'filter' BIO's. Currently I have only implemented -message digests, and it is in use in the dgst application. This -functionality will allow base64/encrypto/buffering modules to be -'push' into a BIO without it affecting the semantics. I'm also -working on an SSL BIO which will hide the SSL_accept()/SLL_connet() -from an event loop which uses the interface. -It is also possible to 'attach' callbacks to a BIO so they get called -before and after each operation, alowing extensive debug output -to be generated (try running dgst with -d). - -Unfortunaly in the conversion from 0.5.x to 0.6.0, quite a few -functions that used to take FILE *, now take BIO *. -The wrappers are easy to write - -function_fp(fp,x) -FILE *fp; - { - BIO *b; - int ret; - - if ((b=BIO_new(BIO_s_file())) == NULL) error..... - BIO_set_fp(b,fp,BIO_NOCLOSE); - ret=function_bio(b,x); - BIO_free(b); - return(ret); - } -Remember, there are no functions that take FILE * in SSLeay when -compiled for Windows 3.1 DLL's. - --- -I have added a general EVP_PKEY type that can hold a public/private -key. This is now what is used by the EVP_ functions and is passed -around internally. I still have not done the PKCS#8 stuff, but -X509_PKEY is defined and waiting :-) - --- -For a full function name listings, have a look at ms/crypt32.def and -ms/ssl32.def. These are auto-generated but are complete. -Things like ASN1_INTEGER_get() have been added and are in here if you -look. I have renamed a few things, again, have a look through the -function list and you will probably find what you are after. I intend -to at least put a one line descrition for each one..... - --- -Microsoft - thats what this release is about, read the MICROSOFT file. - --- -Multi-threading support. I have started hunting through the code and -flaging where things need to be done. In a state of work but high on -the list. - --- -For random numbers, edit e_os.h and set DEVRANDOM (it's near the top) -be be you random data device, otherwise 'RFILE' in e_os.h -will be used, in your home directory. It will be updated -periodically. The environment variable RANDFILE will override this -choice and read/write to that file instead. DEVRANDOM is used in -conjunction to the RFILE/RANDFILE. If you wish to 'seed' the random -number generator, pick on one of these files. - --- - -The list of things to read and do - -dgst -d -s_client -state (this uses a callback placed in the SSL state loop and - will be used else-where to help debug/monitor what - is happening.) - -doc/why.doc -doc/bio.doc <- hmmm, needs lots of work. -doc/bss_file.doc <- one that is working :-) -doc/session.doc <- it has changed -doc/speed.doc - also play with ssleay version -a. I have now added a SSLeay() - function that returns a version number, eg 0600 for this release - which is primarily to be used to check DLL version against the - application. -util/* Quite a few will not interest people, but some may, like - mk1mf.pl, mkdef.pl, -util/do_ms.sh - -try -cc -Iinclude -Icrypto -c crypto/crypto.c -cc -Iinclude -Issl -c ssl/ssl.c -You have just built the SSLeay libraries as 2 object files :-) - -Have a general rummage around in the bin stall directory and look at -what is in there, like CA.sh and c_rehash - -There are lots more things but it is 12:30am on a Friday night and I'm -heading home :-). - -eric 22-Jun-1996 -This version has quite a few major bug fixes and improvements. It DOES NOT -do SSLv3 yet. - -The main things changed -- A Few days ago I added the s_mult application to ssleay which is - a demo of an SSL server running in an event loop type thing. - It supports non-blocking IO, I have finally gotten it right, SSL_accept() - can operate in non-blocking IO mode, look at the code to see how :-). - Have a read of doc/s_mult as well. This program leaks memory and - file descriptors everywhere but I have not cleaned it up yet. - This is a demo of how to do non-blocking IO. -- The SSL session management has been 'worked over' and there is now - quite an expansive set of functions to manipulate them. Have a read of - doc/session.doc for some-things I quickly whipped up about how it now works. - This assume you know the SSLv2 protocol :-) -- I can now read/write the netscape certificate format, use the - -inform/-outform 'net' options to the x509 command. I have not put support - for this type in the other demo programs, but it would be easy to add. -- asn1parse and 'enc' have been modified so that when reading base64 - encoded files (pem format), they do not require '-----BEGIN' header lines. - The 'enc' program had a buffering bug fixed, it can be used as a general - base64 -> binary -> base64 filter by doing 'enc -a -e' and 'enc -a -d' - respecivly. Leaving out the '-a' flag in this case makes the 'enc' command - into a form of 'cat'. -- The 'x509' and 'req' programs have been fixed and modified a little so - that they generate self-signed certificates correctly. The test - script actually generates a 'CA' certificate and then 'signs' a - 'user' certificate. Have a look at this shell script (test/sstest) - to see how things work, it tests most possible combinations of what can - be done. -- The 'SSL_set_pref_cipher()' function has been 'fixed' and the prefered name - of SSL_set_cipher_list() is now the correct API (stops confusion :-). - If this function is used in the client, only the specified ciphers can - be used, with preference given to the order the ciphers were listed. - For the server, if this is used, only the specified ciphers will be used - to accept connections. If this 'option' is not used, a default set of - ciphers will be used. The SSL_CTX_set_cipher_list(SSL_CTX *ctx) sets this - list for all ciphers started against the SSL_CTX. So the order is - SSL cipher_list, if not present, SSL_CTX cipher list, if not - present, then the library default. - What this means is that normally ciphers like - NULL-MD5 will never be used. The only way this cipher can be used - for both ends to specify to use it. - To enable or disable ciphers in the library at build time, modify the - first field for the cipher in the ssl_ciphers array in ssl/ssl_lib.c. - This file also contains the 'pref_cipher' list which is the default - cipher preference order. -- I'm not currently sure if the 'rsa -inform net' and the 'rsa -outform net' - options work. They should, and they enable loading and writing the - netscape rsa private key format. I will be re-working this section of - SSLeay for the next version. What is currently in place is a quick and - dirty hack. -- I've re-written parts of the bignum library. This gives speedups - for all platforms. I now provide assembler for use under Windows NT. - I have not tested the Windows 3.1 assembler but it is quite simple code. - This gives RSAprivate_key operation encryption times of 0.047s (512bit key) - and 0.230s (1024bit key) on a pentium 100 which I consider reasonable. - Basically the times available under linux/solaris x86 can be achieve under - Windows NT. I still don't know how these times compare to RSA's BSAFE - library but I have been emailing with people and with their help, I should - be able to get my library's quite a bit faster still (more algorithm changes). - The object file crypto/bn/asm/x86-32.obj should be used when linking - under NT. -- 'make makefile.one' in the top directory will generate a single makefile - called 'makefile.one' This makefile contains no perl references and - will build the SSLeay library into the 'tmp' and 'out' directories. - util/mk1mf.pl >makefile.one is how this makefile is - generated. The mk1mf.pl command take several option to generate the - makefile for use with cc, gcc, Visual C++ and Borland C++. This is - still under development. I have only build .lib's for NT and MSDOS - I will be working on this more. I still need to play with the - correct compiler setups for these compilers and add some more stuff but - basically if you just want to compile the library - on a 'non-unix' platform, this is a very very good file to start with :-). - Have a look in the 'microsoft' directory for my current makefiles. - I have not yet modified things to link with sockets under Windows NT. - You guys should be able to do this since this is actually outside of the - SSLeay scope :-). I will be doing it for myself soon. - util/mk1mf.pl takes quite a few options including no-rc, rsaref and no-sock - to build without RC2/RC4, to require RSAref for linking, and to - build with no socket code. - -- Oh yes, the cipher that was reported to be compatible with RSA's RC2 cipher - that was posted to sci.crypt has been added to the library and SSL. - I take the view that if RC2 is going to be included in a standard, - I'll include the cipher to make my package complete. - There are NO_RC2, NO_RC4 and NO_IDEA macros to remove these ciphers - at compile time. I have not tested this recently but it should all work - and if you are in the USA and don't want RSA threatening to sue you, - you could probably remove the RC4/RC2 code inside these sections. - I may in the future include a perl script that does this code - removal automatically for those in the USA :-). -- I have removed all references to sed in the makefiles. So basically, - the development environment requires perl and sh. The build environment - does not (use the makefile.one makefile). - The Configure script still requires perl, this will probably stay that way - since I have perl for Windows NT :-). - -eric (03-May-1996) - -PS Have a look in the VERSION file for more details on the changes and - bug fixes. -I have fixed a few bugs, added alpha and x86 assembler and generally cleaned -things up. This version will be quite stable, mostly because I'm on -holidays until 10-March-1996. For any problems in the interum, send email -to Tim Hudson . - -SSLeay 0.5.0 - -12-12-95 -This is going out before it should really be released. - -I leave for 11 weeks holidays on the 22-12-95 and so I either sit on -this for 11 weeks or get things out. It is still going to change a -lot in the next week so if you do grab this version, please test and -give me feed back ASAP, inculuding questions on how to do things with -the library. This will prompt me to write documentation so I don't -have to answer the same question again :-). - -This 'pre' release version is for people who are interested in the -library. The applications will have to be changed to use -the new version of the SSL interface. I intend to finish more -documentation before I leave but until then, look at the programs in -the apps directory. As far as code goes, it is much much nicer than -the old version. - -The current library works, has no memory leaks (as far as I can tell) -and is far more bug free that 0.4.5d. There are no global variable of -consequence (I believe) and I will produce some documentation that -tell where to look for those people that do want to do multi-threaded -stuff. - -There should be more documentation. Have a look in the -doc directory. I'll be adding more before I leave, it is a start -by mostly documents the crypto library. Tim Hudson will update -the web page ASAP. The spelling and grammar are crap but -it is better than nothing :-) - -Reasons to start playing with version 0.5.0 -- All the programs in the apps directory build into one ssleay binary. -- There is a new version of the 'req' program that generates certificate - requests, there is even documentation for this one :-) -- There is a demo certification authorithy program. Currently it will - look at the simple database and update it. It will generate CRL from - the data base. You need to edit the database by hand to revoke a - certificate, it is my aim to use perl5/Tk but I don't have time to do - this right now. It will generate the certificates but the management - scripts still need to be written. This is not a hard task. -- Things have been cleaned up alot. -- Have a look at the enc and dgst programs in the apps directory. -- It supports v3 of x509 certiticates. - - -Major things missing. -- I have been working on (and thinging about) the distributed x509 - hierachy problem. I have not had time to put my solution in place. - It will have to wait until I come back. -- I have not put in CRL checking in the certificate verification but - it would not be hard to do. I was waiting until I could generate my - own CRL (which has only been in the last week) and I don't have time - to put it in correctly. -- Montgomery multiplication need to be implemented. I know the - algorithm, just ran out of time. -- PKCS#7. I can load and write the DER version. I need to re-work - things to support BER (if that means nothing, read the ASN1 spec :-). -- Testing of the higher level digital envelope routines. I have not - played with the *_seal() and *_open() type functions. They are - written but need testing. The *_sign() and *_verify() functions are - rock solid. -- PEM. Doing this and PKCS#7 have been dependant on the distributed - x509 heirachy problem. I started implementing my ideas, got - distracted writing a CA program and then ran out of time. I provide - the functionality of RSAref at least. -- Re work the asm. code for the x86. I've changed by low level bignum - interface again, so I really need to tweak the x86 stuff. gcc is - good enough for the other boxes. - diff --git a/src/lib/libssl/src/Configure b/src/lib/libssl/src/Configure deleted file mode 100644 index 0976f41f8d6..00000000000 --- a/src/lib/libssl/src/Configure +++ /dev/null @@ -1,1598 +0,0 @@ -: -eval 'exec perl -S $0 ${1+"$@"}' - if $running_under_some_shell; -## -## Configure -- OpenSSL source tree configuration script -## - -require 5.000; -use strict; - -# see INSTALL for instructions. - -my $usage="Usage: Configure [no- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n"; - -# Options: -# -# --openssldir install OpenSSL in OPENSSLDIR (Default: DIR/ssl if the -# --prefix option is given; /usr/local/ssl otherwise) -# --prefix prefix for the OpenSSL include, lib and bin directories -# (Default: the OPENSSLDIR directory) -# -# --install_prefix Additional prefix for package builders (empty by -# default). This needn't be set in advance, you can -# just as well use "make INSTALL_PREFIX=/whatever install". -# -# --with-krb5-dir Declare where Kerberos 5 lives. The libraries are expected -# to live in the subdirectory lib/ and the header files in -# include/. A value is required. -# --with-krb5-lib Declare where the Kerberos 5 libraries live. A value is -# required. -# (Default: KRB5_DIR/lib) -# --with-krb5-include Declare where the Kerberos 5 header files live. A -# value is required. -# (Default: KRB5_DIR/include) -# --with-krb5-flavor Declare what flavor of Kerberos 5 is used. Currently -# supported values are "MIT" and "Heimdal". A value is required. -# -# --test-sanity Make a number of sanity checks on the data in this file. -# This is a debugging tool for OpenSSL developers. -# -# no-hw-xxx do not compile support for specific crypto hardware. -# Generic OpenSSL-style methods relating to this support -# are always compiled but return NULL if the hardware -# support isn't compiled. -# no-hw do not compile support for any crypto hardware. -# [no-]threads [don't] try to create a library that is suitable for -# multithreaded applications (default is "threads" if we -# know how to do it) -# [no-]shared [don't] try to create shared libraries when supported. -# no-asm do not use assembler -# no-dso do not compile in any native shared-library methods. This -# will ensure that all methods just return NULL. -# no-krb5 do not compile in any KRB5 library or code. -# [no-]zlib [don't] compile support for zlib compression. -# zlib-dynamic Like "zlib", but the zlib library is expected to be a shared -# library and will be loaded in run-time by the OpenSSL library. -# 386 generate 80386 code -# no- build without specified algorithm (rsa, idea, rc5, ...) -# - + compiler options are passed through -# -# DEBUG_SAFESTACK use type-safe stacks to enforce type-safety on stack items -# provided to stack calls. Generates unique stack functions for -# each possible stack type. -# DES_PTR use pointer lookup vs arrays in the DES in crypto/des/des_locl.h -# DES_RISC1 use different DES_ENCRYPT macro that helps reduce register -# dependancies but needs to more registers, good for RISC CPU's -# DES_RISC2 A different RISC variant. -# DES_UNROLL unroll the inner DES loop, sometimes helps, somtimes hinders. -# DES_INT use 'int' instead of 'long' for DES_LONG in crypto/des/des.h -# This is used on the DEC Alpha where long is 8 bytes -# and int is 4 -# BN_LLONG use the type 'long long' in crypto/bn/bn.h -# MD2_CHAR use 'char' instead of 'int' for MD2_INT in crypto/md2/md2.h -# MD2_LONG use 'long' instead of 'int' for MD2_INT in crypto/md2/md2.h -# IDEA_SHORT use 'short' instead of 'int' for IDEA_INT in crypto/idea/idea.h -# IDEA_LONG use 'long' instead of 'int' for IDEA_INT in crypto/idea/idea.h -# RC2_SHORT use 'short' instead of 'int' for RC2_INT in crypto/rc2/rc2.h -# RC2_LONG use 'long' instead of 'int' for RC2_INT in crypto/rc2/rc2.h -# RC4_CHAR use 'char' instead of 'int' for RC4_INT in crypto/rc4/rc4.h -# RC4_LONG use 'long' instead of 'int' for RC4_INT in crypto/rc4/rc4.h -# RC4_INDEX define RC4_INDEX in crypto/rc4/rc4_locl.h. This turns on -# array lookups instead of pointer use. -# RC4_CHUNK enables code that handles data aligned at long (natural CPU -# word) boundary. -# RC4_CHUNK_LL enables code that handles data aligned at long long boundary -# (intended for 64-bit CPUs running 32-bit OS). -# BF_PTR use 'pointer arithmatic' for Blowfish (unsafe on Alpha). -# BF_PTR2 intel specific version (generic version is more efficient). -# MD5_ASM use some extra md5 assember, -# SHA1_ASM use some extra sha1 assember, must define L_ENDIAN for x86 -# RMD160_ASM use some extra ripemd160 assember, - -my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL"; - -# MD2_CHAR slags pentium pros -my $x86_gcc_opts="RC4_INDEX MD2_INT"; - -# MODIFY THESE PARAMETERS IF YOU ARE GOING TO USE THE 'util/speed.sh SCRIPT -# Don't worry about these normally - -my $tcc="cc"; -my $tflags="-fast -Xa"; -my $tbn_mul=""; -my $tlib="-lnsl -lsocket"; -#$bits1="SIXTEEN_BIT "; -#$bits2="THIRTY_TWO_BIT "; -my $bits1="THIRTY_TWO_BIT "; -my $bits2="SIXTY_FOUR_BIT "; - -my $x86_sol_asm="asm/bn86-sol.o asm/co86-sol.o:asm/dx86-sol.o asm/yx86-sol.o:asm/bx86-sol.o:asm/mx86-sol.o:asm/sx86-sol.o:asm/cx86-sol.o:asm/rx86-sol.o:asm/rm86-sol.o:asm/r586-sol.o"; -my $x86_elf_asm="asm/bn86-elf.o asm/co86-elf.o:asm/dx86-elf.o asm/yx86-elf.o:asm/bx86-elf.o:asm/mx86-elf.o:asm/sx86-elf.o:asm/cx86-elf.o:asm/rx86-elf.o:asm/rm86-elf.o:asm/r586-elf.o"; -my $x86_out_asm="asm/bn86-out.o asm/co86-out.o:asm/dx86-out.o asm/yx86-out.o:asm/bx86-out.o:asm/mx86-out.o:asm/sx86-out.o:asm/cx86-out.o:asm/rx86-out.o:asm/rm86-out.o:asm/r586-out.o"; -my $x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:asm/bx86bsdi.o:asm/mx86bsdi.o:asm/sx86bsdi.o:asm/cx86bsdi.o:asm/rx86bsdi.o:asm/rm86bsdi.o:asm/r586bsdi.o"; - -my $mips3_irix_asm="asm/mips3.o::::::::"; -# There seems to be boundary faults in asm/alpha.s. -#my $alpha_asm="asm/alpha.o::::::::"; -my $alpha_asm="::::::::"; - -# -DB_ENDIAN slows things down on a sparc for md5, but helps sha1. -# So the md5_locl.h file has an undef B_ENDIAN if sun is defined - -#config-string $cc : $cflags : $unistd : $thread_cflag : $sys_id : $lflags : $bn_ops : $bn_obj : $des_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $dso_scheme : $shared_target : $shared_cflag : $shared_ldflag : $shared_extension : $ranlib - -my %table=( -# File 'TABLE' (created by 'make TABLE') contains the data from this list, -# formatted for better readability. - - -#"b", "${tcc}:${tflags}::${tlib}:${bits1}:${tbn_mul}::", -#"bl-4c-2c", "${tcc}:${tflags}::${tlib}:${bits1}BN_LLONG RC4_CHAR MD2_CHAR:${tbn_mul}::", -#"bl-4c-ri", "${tcc}:${tflags}::${tlib}:${bits1}BN_LLONG RC4_CHAR RC4_INDEX:${tbn_mul}::", -#"b2-is-ri-dp", "${tcc}:${tflags}::${tlib}:${bits2}IDEA_SHORT RC4_INDEX DES_PTR:${tbn_mul}::", - -# Our development configs -"purify", "purify gcc:-g -DPURIFY -Wall::(unknown)::-lsocket -lnsl::::", -"debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown)::-lefence::::", -"debug-ben", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::asm/bn86-elf.o asm/co86-elf.o", -"debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", -"debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", -"debug-ben-debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::::", -"debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::", -"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", -"debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", -"debug-ulf", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT:::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", -"debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -mcpu=i486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", -"debug-steve-linux-pseudo64", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT::dlfcn", -"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wtraditional -Wundef -Wshadow -Wid-clash-31 -Wcast-align -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wtraditional -Wundef -Wshadow -Wid-clash-31 -Wcast-align -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"dist", "cc:-O::(unknown)::::::", - -# Basic configs that should work on any (32 and less bit) box -"gcc", "gcc:-O3::(unknown):::BN_LLONG:::", -"cc", "cc:-O::(unknown)::::::", - -#### Solaris x86 with GNU C setups -# -DOPENSSL_NO_INLINE_ASM switches off inline assembler. We have to do it -# here because whenever GNU C instantiates an assembler template it -# surrounds it with #APP #NO_APP comment pair which (at least Solaris -# 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic" -# error message. -"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_sol_asm}:dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - -#### Solaris x86 with Sun C setups -"solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - -#### SPARC Solaris with GNU C setups -"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -# -m32 should be safe to add as long as driver recognizes -mcpu=ultrasparc -"solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris64-sparcv9-gcc31","gcc:-mcpu=ultrasparc -m64 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -# gcc pre-2.8 doesn't understand -mcpu=ultrasparc, so fall down to -mv8 -# but keep the assembler modules. -"solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - -#### -"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - -#### SPARC Solaris with Sun C setups -# DO NOT use /xO[34] on sparc with SC3.0. It is broken, and will not pass the tests -"solaris-sparc-sc3","cc:-fast -O -Xa -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -# SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2. -# SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8 -# SC5.0 note: Compiler common patch 107357-01 or later is required! -"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC:-xarch=v9:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs", -#### -"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - -#### SPARC Linux setups -"linux-sparcv7","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::", -# Ray Miller has patiently -# assisted with debugging of following two configs. -"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -# it's a real mess with -mcpu=ultrasparc option under Linux, but -# -Wa,-Av8plus should do the trick no matter what. -"linux-sparcv9","gcc:-mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -# !!!Folowing can't be even tested yet!!! -# We have to wait till 64-bit glibc for SPARC is operational!!! -#"linux64-sparcv9","sparc64-linux-gcc:-m64 -mcpu=v9 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT:ULTRASPARC::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::asm/md5-sparcv9.o:", - -# Sunos configs, assuming sparc for the gcc one. -##"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):::DES_UNROLL:::", -"sunos-gcc","gcc:-O3 -mv8 -Dssize_t=int::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:::", - -#### IRIX 5.x configs -# -mips2 flag is added by ./config when appropriate. -"irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR::::::::::dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR::::::::::dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -#### IRIX 6.x configs -# Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke -# './Configure irix-[g]cc' manually. -# -mips4 flag is added by ./config when appropriate. -"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -# N64 ABI builds. -"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - -#### Unified HP-UX ANSI C configs. -# Special notes: -# - Originally we were optimizing at +O4 level. It should be noted -# that the only difference between +O3 and +O4 is global inter- -# procedural analysis. As it has to be performed during the link -# stage the compiler leaves behind certain pseudo-code in lib*.a -# which might be release or even patch level specific. Generating -# the machine code for and analyzing the *whole* program appears -# to be *extremely* memory demanding while the performance gain is -# actually questionable. The situation is intensified by the default -# HP-UX data set size limit (infamous 'maxdsiz' tunable) of 64MB -# which is way too low for +O4. In other words, doesn't +O3 make -# more sense? -# - Keep in mind that the HP compiler by default generates code -# suitable for execution on the host you're currently compiling at. -# If the toolkit is ment to be used on various PA-RISC processors -# consider './config +DAportable'. -# - +DD64 is chosen in favour of +DA2.0W because it's ment to be -# compatible with *future* releases. -# - If you run ./Configure hpux-parisc-[g]cc manually don't forget to -# pass -D_REENTRANT on HP-UX 10 and later. -# - -DMD32_XARRAY triggers workaround for compiler bug we ran into in -# 32-bit message digests. (For the moment of this writing) HP C -# doesn't seem to "digest" too many local variables (they make "him" -# chew forever:-). For more details look-up MD32_XARRAY comment in -# crypto/sha/sha_lcl.h. -# -# -#!#"hpux-parisc-cc","cc:-Ae +O3 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl", -# Since there is mention of this in shlib/hpux10-cc.sh -"hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - -# IA-64 targets -# I have no idea if this one actually works, feedback needed. -"hpux-ia64-cc","cc:-Ae +DD32 +O3 +ESlit -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o:::::::::dlfcn:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -# Frank Geurts has patiently assisted with -# with debugging of the following config. -"hpux64-ia64-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o:::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - -# More attempts at unified 10.X and 11.X targets for HP C compiler. -# -# Chris Ruemmler -# Kevin Steves -"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -# Isn't the line below meaningless? HP-UX cc optimizes for host by default. -# hpux-parisc1_0-cc with +DAportable flag would make more sense. -"hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - -# HPUX 9.X config. -# Don't use the bundled cc. It is broken. Use HP ANSI C if possible, or -# egcs. gcc 2.8.1 is also broken. - -"hpux-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::(unknown)::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -# If hpux-cc fails (e.g. during "make test"), try the next one; otherwise, -# please report your OS and compiler version to the openssl-bugs@openssl.org -# mailing list. -"hpux-brokencc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - -"hpux-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -# If hpux-gcc fails, try this one: -"hpux-brokengcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - -# HPUX 9.X on Motorola 68k platforms with gcc -"hpux-m68k-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):::BN_LLONG DES_PTR DES_UNROLL:::::::::::::", - -# HPUX 10.X config. Supports threads. -"hpux10-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -# If hpux10-cc fails, try this one (if still fails, try deleting BN_LLONG): -"hpux10-brokencc", "cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - -"hpux10-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -# If hpux10-gcc fails, try this one: -"hpux10-brokengcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - -# HPUX 11.X from www.globus.org. -# Only works on PA-RISC 2.0 cpus, and not optimized. Why? -#"hpux11-32bit-cc","cc:+DA2.0 -DB_ENDIAN -D_HPUX_SOURCE -Aa -Ae +ESlit::-D_REENTRANT:::DES_PTR DES_UNROLL DES_RISC1:::", -#"hpux11-64bit-cc","cc:+DA2.0W -g -D_HPUX_SOURCE -Aa -Ae +ESlit::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT :::", -# Use unified settings above instead. - -#### HP MPE/iX http://jazz.external.hp.com/src/openssl/ -"MPE/iX-gcc", "gcc:-D_ENDIAN -DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):MPE:-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::", - -#### PARISC Linux setups -"linux-parisc","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT:::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::", - -# Dec Alpha, OSF/1 - the alpha164-cc is historical, for the conversion -# from the older DEC C Compiler to the newer compiler. It's now the -# same as the preferred entry, alpha-cc. If you are still using the -# older compiler (you're at 3.x or earlier, or perhaps very early 4.x) -# you should use `alphaold-cc'. -# -# "What's in a name? That which we call a rose -# By any other word would smell as sweet." -# -# - William Shakespeare, "Romeo & Juliet", Act II, scene II. -# -# For OSF/1 3.2b and earlier, and Digital UNIX 3.2c - 3.2g, with the -# vendor compiler, use alphaold-cc. -# For Digital UNIX 4.0 - 4.0e, with the vendor compiler, use alpha-cc. -# For Tru64 UNIX 4.f - current, with the vendor compiler, use alpha-cc. -# -# There's also an alternate target available (which `config' will never -# select) called alpha-cc-rpath. This target builds an RPATH into the -# shared libraries, which is very convenient on Tru64 since binaries -# linked against that shared library will automatically inherit that RPATH, -# and hence know where to look for the openssl libraries, even if they're in -# an odd place. -# -# For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version -# -"alpha-gcc","gcc:-O3::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so", -"alphaold-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so", -"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared:::.so", -"alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared:::.so", -"alpha-cc-rpath", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared-rpath:::.so", -# -# This probably belongs in a different section. -# -"FreeBSD-alpha","gcc:-DTERMIOS -O -fomit-frame-pointer::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - -#### Alpha Linux with GNU C and Compaq C setups -# Special notes: -# - linux-alpha+bwx-gcc is ment to be used from ./config only. If you -# ought to run './Configure linux-alpha+bwx-gcc' manually, do -# complement the command line with -mcpu=ev56, -mcpu=ev6 or whatever -# which is appropriate. -# - If you use ccc keep in mind that -fast implies -arch host and the -# compiler is free to issue instructions which gonna make elder CPU -# choke. If you wish to build "blended" toolkit, add -arch generic -# *after* -fast and invoke './Configure linux-alpha-ccc' manually. -# -# -# -"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", -"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", - -# The intel boxes :-), It would be worth seeing if bsdi-gcc can use the -# bn86-elf.o file file since it is hand tweaked assembler. -"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-pentium", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-ppro", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-k6", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=k6 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", -"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", -"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", -"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}", -"linux-mipsel", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown):::BN_LLONG:::", -"linux-mips", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown):::BN_LLONG:::", -"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-m68k", "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG::", -"linux-s390", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG::", -"linux-s390x", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG:::::::::::linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"NetBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"NetBSD-m68", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"NetBSD-x86", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"FreeBSD-elf", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"FreeBSD", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}", -"bsdi-gcc", "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::(unknown):::RSA_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_bsdi_asm}", -"bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"nextstep", "cc:-O -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", -"nextstep3.3", "cc:-O3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", - -# NCR MP-RAS UNIX ver 02.03.01 -"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:::", - -# QNX 4 -"qnx4", "cc:-DL_ENDIAN -DTERMIO::(unknown):::${x86_gcc_des} ${x86_gcc_opts}:", - -# QNX 6 -"qnx6", "cc:-DL_ENDIAN -DTERMIOS::(unknown)::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:", - -# Linux on ARM -"linux-elf-arm","gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - -# UnixWare 2.0x fails destest with -O -"unixware-2.0","cc:-DFILIO_H::-Kthread::-lsocket -lnsl -lx:${x86_gcc_des} ${x86_gcc_opts}:::", -"unixware-2.0-pentium","cc:-DFILIO_H -Kpentium::-Kthread::-lsocket -lnsl -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::", - -# UnixWare 2.1 -"unixware-2.1","cc:-O -DFILIO_H::-Kthread::-lsocket -lnsl -lx:${x86_gcc_des} ${x86_gcc_opts}:::", -"unixware-2.1-pentium","cc:-O -DFILIO_H -Kpentium::-Kthread::-lsocket -lnsl -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::", -"unixware-2.1-p6","cc:-O -DFILIO_H -Kp6::-Kthread::-lsocket -lnsl -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::", - -# UnixWare 7 -"unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"unixware-7-pentium","cc:-O -DFILIO_H -Kalloca -Kpentium::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"unixware-7-pentium_pro","cc:-O -DFILIO_H -Kalloca -Kpentium_pro::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - -# OpenUNIX 8 -"OpenUNIX-8","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"OpenUNIX-8-gcc","gcc:-O -DFILIO_H -fomit-frame-pointer::-pthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"OpenUNIX-8-pentium","cc:-O -DFILIO_H -Kalloca -Kpentium::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"OpenUNIX-8-pentium_pro","cc:-O -DFILIO_H -Kalloca -Kpentium_pro::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - -# IBM's AIX. -"aix-cc", "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::", -"aix-gcc", "gcc:-O3 -DB_ENDIAN::(unknown):AIX::BN_LLONG RC4_CHAR:::", -"aix43-cc", "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown):::BN_LLONG RC4_CHAR::::::::::dlfcn:", -"aix43-gcc", "gcc:-O3 -DAIX -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR::::::::::dlfcn:", - -# -# Cray T90 and similar (SDSC) -# It's Big-endian, but the algorithms work properly when B_ENDIAN is NOT -# defined. The T90 ints and longs are 8 bytes long, and apparently the -# B_ENDIAN code assumes 4 byte ints. Fortunately, the non-B_ENDIAN and -# non L_ENDIAN code aligns the bytes in each word correctly. -# -# The BIT_FIELD_LIMITS define is to avoid two fatal compiler errors: -#'Taking the address of a bit field is not allowed. ' -#'An expression with bit field exists as the operand of "sizeof" ' -# (written by Wayne Schroeder ) -# -# j90 is considered the base machine type for unicos machines, -# so this configuration is now called "cray-j90" ... -"cray-j90", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown):CRAY::SIXTY_FOUR_BIT_LONG DES_INT:::", - -# -# Cray T3E (Research Center Juelich, beckman@acl.lanl.gov) -# -# The BIT_FIELD_LIMITS define was written for the C90 (it seems). I added -# another use. Basically, the problem is that the T3E uses some bit fields -# for some st_addr stuff, and then sizeof and address-of fails -# I could not use the ams/alpha.o option because the Cray assembler, 'cam' -# did not like it. -"cray-t3e", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown):CRAY::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:::", - -# DGUX, 88100. -"dgux-R3-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown):::RC4_INDEX DES_UNROLL:::", -"dgux-R4-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::-lnsl -lsocket:RC4_INDEX DES_UNROLL:::", -"dgux-R4-x86-gcc", "gcc:-O3 -fomit-frame-pointer -DL_ENDIAN::(unknown)::-lnsl -lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", - -# SCO 3 - Tim Rice -"sco3-gcc", "gcc:-O3 -fomit-frame-pointer -Dssize_t=int -DNO_SYS_UN_H::(unknown)::-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ... - -# SCO 5 - Ben Laurie says the -O breaks the -# SCO cc. -"sco5-cc", "cc:-belf::(unknown)::-lsocket -lresolv -lnsl:${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:svr3-shared:-Kpic", # des options? -"sco5-cc-pentium", "cc:-Kpentium::(unknown)::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:::", # des options? -"sco5-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::-lsocket -lresolv -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-fPIC", # the SCO assembler doesn't seem to like our assembler files ... - -# Sinix/ReliantUNIX RM400 -# NOTE: The CDS++ Compiler up to V2.0Bsomething has the IRIX_CC_BUG optimizer problem. Better use -g */ -"ReliantUNIX","cc:-KPIC -g -DTERMIOS -DB_ENDIAN::-Kthread:SNI:-lsocket -lnsl -lc -L/usr/ucblib -lucb:BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR::::::::::dlfcn:reliantunix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"SINIX","cc:-O::(unknown):SNI:-lsocket -lnsl -lc -L/usr/ucblib -lucb:RC4_INDEX RC4_CHAR:::", -"SINIX-N","/usr/ucb/cc:-O2 -misaligned::(unknown)::-lucb:RC4_INDEX RC4_CHAR:::", - -# SIEMENS BS2000/OSD: an EBCDIC-based mainframe -"BS2000-OSD","c89:-O -XLLML -XLLMK -XL -DB_ENDIAN -DTERMIOS -DCHARSET_EBCDIC::(unknown)::-lsocket -lnsl:THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::", - -# OS/390 Unix an EBCDIC-based Unix system on IBM mainframe -# You need to compile using the c89.sh wrapper in the tools directory, because the -# IBM compiler does not like the -L switch after any object modules. -# -"OS390-Unix","c89.sh:-O -DB_ENDIAN -DCHARSET_EBCDIC -DNO_SYS_PARAM_H -D_ALL_SOURCE::(unknown):::THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::", - -# Windows NT, Microsoft Visual C++ 4.0 - -"VC-NT","cl::::WINNT::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}::::::::::win32", -"VC-WIN32","cl::::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}::::::::::win32", -"VC-WIN16","cl:::(unknown):WIN16::MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::", -"VC-W31-16","cl:::(unknown):WIN16::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::", -"VC-W31-32","cl::::WIN16::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::", -"VC-MSDOS","cl:::(unknown):MSDOS::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::", - -# Borland C++ 4.5 -"BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX::::::::::win32", -"BC-16","bcc:::(unknown):WIN16::BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT:::", - -# Mingw32 -# (Note: the real CFLAGS for Windows builds are defined by util/mk1mf.pl -# and its library files in util/pl/*) -"Mingw32", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall:::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32", - -# Cygwin -"Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32", -"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:win32:cygwin-shared:::.dll", - -# Ultrix from Bernhard Simon -"ultrix-cc","cc:-std1 -O -Olimit 1000 -DL_ENDIAN::(unknown):::::::", -"ultrix-gcc","gcc:-O3 -DL_ENDIAN::(unknown):::::::", -# K&R C is no longer supported; you need gcc on old Ultrix installations -##"ultrix","cc:-O2 -DNOPROTO -DNOCONST -DL_ENDIAN::(unknown):::::::", - -# Some OpenBSD from Bob Beck -"OpenBSD", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"OpenBSD-alpha", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"OpenBSD-i386", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"OpenBSD-m68k", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"OpenBSD-m88k", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"OpenBSD-mips", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"OpenBSD-powerpc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"OpenBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"OpenBSD-sparc64", "gcc:-DB_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2 BF_PTR::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"OpenBSD-vax", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"OpenBSD-hppa", "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - -##### MacOS X (a.k.a. Rhapsody or Darwin) setup -"rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown):MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::", -"darwin-ppc-cc","cc:-O3 -nostdinc -I/System/Library/Frameworks/System.framework/Headers -I/System/Library/Frameworks/System.frameworks/Headers/bsd -I/usr/include -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown):MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::::::::::darwin-shared:-fPIC::.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", -"darwin-i386-cc","cc:-O3 -nostdinc -I/System/Library/Frameworks/System.framework/Headers -I/System/Library/Frameworks/System.frameworks/Headers/bsd -I/usr/include -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown):MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::::::::::darwin-shared:-fPIC::.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", - -##### Sony NEWS-OS 4.x -"newsos4-gcc","gcc:-O -DB_ENDIAN::(unknown):NEWS4:-lmld -liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::", - -##### GNU Hurd -"hurd-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC", - -##### OS/2 EMX -"OS2-EMX", "gcc::::::::", - -##### VxWorks for various targets -"vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::", - -); - -my @WinTargets=qw(VC-NT VC-WIN32 VC-WIN16 VC-W31-16 VC-W31-32 VC-MSDOS BC-32 - BC-16 Mingw32 OS2-EMX); - -my $idx = 0; -my $idx_cc = $idx++; -my $idx_cflags = $idx++; -my $idx_unistd = $idx++; -my $idx_thread_cflag = $idx++; -my $idx_sys_id = $idx++; -my $idx_lflags = $idx++; -my $idx_bn_ops = $idx++; -my $idx_bn_obj = $idx++; -my $idx_des_obj = $idx++; -my $idx_bf_obj = $idx++; -my $idx_md5_obj = $idx++; -my $idx_sha1_obj = $idx++; -my $idx_cast_obj = $idx++; -my $idx_rc4_obj = $idx++; -my $idx_rmd160_obj = $idx++; -my $idx_rc5_obj = $idx++; -my $idx_dso_scheme = $idx++; -my $idx_shared_target = $idx++; -my $idx_shared_cflag = $idx++; -my $idx_shared_ldflag = $idx++; -my $idx_shared_extension = $idx++; -my $idx_ranlib = $idx++; - -my $prefix=""; -my $openssldir=""; -my $exe_ext=""; -my $install_prefix=""; -my $no_threads=0; -my $no_shared=1; -my $zlib=0; -my $no_krb5=0; -my $threads=0; -my $no_asm=0; -my $no_dso=0; -my @skip=(); -my $Makefile="Makefile.ssl"; -my $des_locl="crypto/des/des_locl.h"; -my $des ="crypto/des/des.h"; -my $bn ="crypto/bn/bn.h"; -my $md2 ="crypto/md2/md2.h"; -my $rc4 ="crypto/rc4/rc4.h"; -my $rc4_locl="crypto/rc4/rc4_locl.h"; -my $idea ="crypto/idea/idea.h"; -my $rc2 ="crypto/rc2/rc2.h"; -my $bf ="crypto/bf/bf_locl.h"; -my $bn_asm ="bn_asm.o"; -my $des_enc="des_enc.o fcrypt_b.o"; -my $bf_enc ="bf_enc.o"; -my $cast_enc="c_enc.o"; -my $rc4_enc="rc4_enc.o"; -my $rc5_enc="rc5_enc.o"; -my $md5_obj=""; -my $sha1_obj=""; -my $rmd160_obj=""; -my $processor=""; -my $default_ranlib; -my $perl; - -my $no_ssl2=0; -my $no_ssl3=0; -my $no_tls1=0; -my $no_md5=0; -my $no_sha=0; -my $no_rsa=0; -my $no_dh=0; - -$default_ranlib= &which("ranlib") or $default_ranlib="true"; -$perl=$ENV{'PERL'} or $perl=&which("perl5") or $perl=&which("perl") - or $perl="perl"; - -&usage if ($#ARGV < 0); - -my $flags; -my $depflags; -my $openssl_algorithm_defines; -my $openssl_thread_defines; -my $openssl_sys_defines=""; -my $openssl_other_defines; -my $libs; -my $target; -my $options; -my $symlink; -my %withargs=(); - -my @argvcopy=@ARGV; -my $argvstring=""; -my $argv_unprocessed=1; - -while($argv_unprocessed) - { - $flags=""; - $depflags=""; - $openssl_algorithm_defines=""; - $openssl_thread_defines=""; - $openssl_sys_defines=""; - $openssl_other_defines=""; - $libs=""; - $target=""; - $options=""; - $symlink=1; - - $argv_unprocessed=0; - $argvstring=join(' ',@argvcopy); - -PROCESS_ARGS: - foreach (@argvcopy) - { - s /^-no-/no-/; # some people just can't read the instructions - if (/^--test-sanity$/) - { - exit(&test_sanity()); - } - elsif (/^no-asm$/) - { - $no_asm=1; - $flags .= "-DOPENSSL_NO_ASM "; - $openssl_other_defines .= "#define OPENSSL_NO_ASM\n"; - } - elsif (/^no-hw-(.+)$/) - { - my $hw=$1; - $hw =~ tr/[a-z]/[A-Z]/; - $flags .= "-DOPENSSL_NO_HW_$hw "; - $openssl_other_defines .= "#define OPENSSL_NO_HW_$hw\n"; - } - elsif (/^no-hw$/) - { - $flags .= "-DOPENSSL_NO_HW "; - $openssl_other_defines .= "#define OPENSSL_NO_HW\n"; - } - elsif (/^no-dso$/) - { $no_dso=1; } - elsif (/^no-krb5$/) - { $no_krb5=1; } - elsif (/^no-threads$/) - { $no_threads=1; } - elsif (/^threads$/) - { $threads=1; } - elsif (/^no-shared$/) - { $no_shared=1; } - elsif (/^shared$/) - { $no_shared=0; } - elsif (/^no-zlib$/) - { $zlib=0; } - elsif (/^zlib$/) - { $zlib=1; } - elsif (/^zlib-dynamic$/) - { $zlib=2; } - elsif (/^no-symlinks$/) - { $symlink=0; } - elsif (/^no-ssl$/) - { $no_ssl2 = $no_ssl3 = 1; } - elsif (/^no-ssl2$/) - { $no_ssl2 = 1; } - elsif (/^no-ssl3$/) - { $no_ssl3 = 1; } - elsif (/^no-tls1?$/) - { $no_tls1 = 1; } - elsif (/^no-(.+)$/) - { - my $algo=$1; - push @skip,$algo; - $algo =~ tr/[a-z]/[A-Z]/; - $flags .= "-DOPENSSL_NO_$algo "; - $depflags .= "-DOPENSSL_NO_$algo "; - $openssl_algorithm_defines .= "#define OPENSSL_NO_$algo\n"; - if ($algo eq "RIJNDAEL") - { - $flags .= "-DOPENSSL_NO_AES "; - $depflags .= "-DOPENSSL_NO_AES "; - $openssl_algorithm_defines .= "#define OPENSSL_NO_AES\n"; - } - if ($algo eq "DES") - { - push @skip, "mdc2"; - $options .= " no-mdc2"; - $flags .= "-DOPENSSL_NO_MDC2 "; - $depflags .= "-DOPENSSL_NO_MDC2 "; - $openssl_algorithm_defines .= "#define OPENSSL_NO_MDC2\n"; - } - if ($algo eq "MD5") - { - $no_md5 = 1; - } - if ($algo eq "SHA") - { - $no_sha = 1; - } - if ($algo eq "RSA") - { - $no_rsa = 1; - } - if ($algo eq "DH") - { - $no_dh = 1; - } - } - elsif (/^reconfigure/ || /^reconf/) - { - if (open(IN,"<$Makefile")) - { - while () - { - chop; - if (/^CONFIGURE_ARGS=(.*)/) - { - $argvstring=$1; - @argvcopy=split(' ',$argvstring); - die "Incorrect data to reconfigure, please do a normal configuration\n" - if (grep(/^reconf/,@argvcopy)); - print "Reconfiguring with: $argvstring\n"; - $argv_unprocessed=1; - close(IN); - last PROCESS_ARGS; - } - } - close(IN); - } - die "Insufficient data to reconfigure, please do a normal configuration\n"; - } - elsif (/^386$/) - { $processor=386; } - elsif (/^rsaref$/) - { - # No RSAref support any more since it's not needed. - # The check for the option is there so scripts aren't - # broken - } - elsif (/^[-+]/) - { - if (/^-[lL](.*)$/) - { - $libs.=$_." "; - } - elsif (/^-[^-]/ or /^\+/) - { - $flags.=$_." "; - } - elsif (/^--prefix=(.*)$/) - { - $prefix=$1; - } - elsif (/^--openssldir=(.*)$/) - { - $openssldir=$1; - } - elsif (/^--install.prefix=(.*)$/) - { - $install_prefix=$1; - } - elsif (/^--with-krb5-(dir|lib|include|flavor)=(.*)$/) - { - $withargs{"krb5-".$1}=$2; - } - else - { - print STDERR $usage; - exit(1); - } - } - elsif ($_ =~ /^([^:]+):(.+)$/) - { - eval "\$table{\$1} = \"$2\""; # allow $xxx constructs in the string - $target=$1; - } - else - { - die "target already defined - $target\n" if ($target ne ""); - $target=$_; - } - unless ($_ eq $target) { - if ($options eq "") { - $options = $_; - } else { - $options .= " ".$_; - } - } - } -} - -$no_ssl3=1 if ($no_md5 || $no_sha); -$no_ssl3=1 if ($no_rsa && $no_dh); - -$no_ssl2=1 if ($no_md5); -$no_ssl2=1 if ($no_rsa); - -$no_tls1=1 if ($no_md5 || $no_sha); -$no_tls1=1 if ($no_dh); - -if ($no_ssl2) - { - push @skip,"SSL2"; - $flags .= "-DOPENSSL_NO_SSL2 "; - $depflags .= "-DOPENSSL_NO_SSL2 "; - $openssl_algorithm_defines .= "#define OPENSSL_NO_SSL2\n"; - } - -if ($no_ssl3) - { - push @skip,"SSL3"; - $flags .= "-DOPENSSL_NO_SSL3 "; - $depflags .= "-DOPENSSL_NO_SSL3 "; - $openssl_algorithm_defines .= "#define OPENSSL_NO_SSL3\n"; - } - -if ($no_tls1) - { - push @skip,"TLS1"; - $flags .= "-DOPENSSL_NO_TLS1 "; - $depflags .= "-DOPENSSL_NO_TLS1 "; - $openssl_algorithm_defines .= "#define OPENSSL_NO_TLS1\n"; - } - -if ($target eq "TABLE") { - foreach $target (sort keys %table) { - print_table_entry($target); - } - exit 0; -} - -if ($target eq "LIST") { - foreach (sort keys %table) { - print; - print "\n"; - } - exit 0; -} - -if ($target =~ m/^CygWin32(-.*)$/) { - $target = "Cygwin".$1; -} - -print "Configuring for $target\n"; - -&usage if (!defined($table{$target})); - -my $IsWindows=scalar grep /^$target$/,@WinTargets; - -$exe_ext=".exe" if ($target eq "Cygwin"); -$openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq ""); -$prefix=$openssldir if $prefix eq ""; - -chop $openssldir if $openssldir =~ /\/$/; -chop $prefix if $prefix =~ /\/$/; - -$openssldir=$prefix . "/ssl" if $openssldir eq ""; -$openssldir=$prefix . "/" . $openssldir if $openssldir !~ /^\//; - - -print "IsWindows=$IsWindows\n"; - -my @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1); -my $cc = $fields[$idx_cc]; -my $cflags = $fields[$idx_cflags]; -my $unistd = $fields[$idx_unistd]; -my $thread_cflag = $fields[$idx_thread_cflag]; -my $sys_id = $fields[$idx_sys_id]; -my $lflags = $fields[$idx_lflags]; -my $bn_ops = $fields[$idx_bn_ops]; -my $bn_obj = $fields[$idx_bn_obj]; -my $des_obj = $fields[$idx_des_obj]; -my $bf_obj = $fields[$idx_bf_obj]; -$md5_obj = $fields[$idx_md5_obj]; -$sha1_obj = $fields[$idx_sha1_obj]; -my $cast_obj = $fields[$idx_cast_obj]; -my $rc4_obj = $fields[$idx_rc4_obj]; -$rmd160_obj = $fields[$idx_rmd160_obj]; -my $rc5_obj = $fields[$idx_rc5_obj]; -my $dso_scheme = $fields[$idx_dso_scheme]; -my $shared_target = $fields[$idx_shared_target]; -my $shared_cflag = $fields[$idx_shared_cflag]; -my $shared_ldflag = $fields[$idx_shared_ldflag]; -my $shared_extension = $fields[$idx_shared_extension]; -my $ranlib = $fields[$idx_ranlib]; - -$cflags="$flags$cflags" if ($flags ne ""); - -# Kerberos settings. The flavor must be provided from outside, either through -# the script "config" or manually. -if ($no_krb5 - || !defined($withargs{"krb5-flavor"}) - || $withargs{"krb5-flavor"} eq "") - { - $cflags="-DOPENSSL_NO_KRB5 $cflags"; - $options.=" no-krb5" unless $no_krb5; - $openssl_algorithm_defines .= "#define OPENSSL_NO_KRB5\n"; - } -else - { - my ($lresolv, $lpath, $lext); - if ($withargs{"krb5-flavor"} =~ /^[Hh]eimdal$/) - { - $withargs{"krb5-dir"} = "/usr/heimdal" - if $withargs{"krb5-dir"} eq ""; - $withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}. - "/lib -lgssapi -lkrb5 -lcom_err" - if $withargs{"krb5-lib"} eq ""; - $cflags="-DKRB5_HEIMDAL $cflags"; - } - if ($withargs{"krb5-flavor"} =~ /^[Mm][Ii][Tt]/) - { - $withargs{"krb5-dir"} = "/usr/kerberos" - if $withargs{"krb5-dir"} eq ""; - $withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}. - "/lib -lgssapi_krb5 -lkrb5 -lcom_err -lk5crypto" - if $withargs{"krb5-lib"} eq ""; - $cflags="-DKRB5_MIT $cflags"; - $withargs{"krb5-flavor"} =~ s/^[Mm][Ii][Tt][._-]*//; - if ($withargs{"krb5-flavor"} =~ /^1[._-]*[01]/) - { - $cflags="-DKRB5_MIT_OLD11 $cflags"; - } - } - LRESOLV: - foreach $lpath ("/lib", "/usr/lib") - { - foreach $lext ("a", "so") - { - $lresolv = "$lpath/libresolv.$lext"; - last LRESOLV if (-r "$lresolv"); - $lresolv = ""; - } - } - $withargs{"krb5-lib"} .= " -lresolv" - if ("$lresolv"); - $withargs{"krb5-include"} = "-I".$withargs{"krb5-dir"}."/include" - if $withargs{"krb5-include"} eq "" && - $withargs{"krb5-dir"} ne ""; - } - -# The DSO code currently always implements all functions so that no -# applications will have to worry about that from a compilation point -# of view. However, the "method"s may return zero unless that platform -# has support compiled in for them. Currently each method is enabled -# by a define "DSO_" ... we translate the "dso_scheme" config -# string entry into using the following logic; -my $dso_cflags; -if (!$no_dso && $dso_scheme ne "") - { - $dso_scheme =~ tr/[a-z]/[A-Z]/; - if ($dso_scheme eq "DLFCN") - { - $dso_cflags = "-DDSO_DLFCN -DHAVE_DLFCN_H"; - } - elsif ($dso_scheme eq "DLFCN_NO_H") - { - $dso_cflags = "-DDSO_DLFCN"; - } - else - { - $dso_cflags = "-DDSO_$dso_scheme"; - } - $cflags = "$dso_cflags $cflags"; - } - -my $thread_cflags; -my $thread_defines; -if ($thread_cflag ne "(unknown)" && !$no_threads) - { - # If we know how to do it, support threads by default. - $threads = 1; - } -if ($thread_cflag eq "(unknown)") - { - # If the user asked for "threads", hopefully they also provided - # any system-dependent compiler options that are necessary. - $thread_cflags="-DOPENSSL_THREADS $cflags" ; - $thread_defines .= "#define OPENSSL_THREADS\n"; - } -else - { - $thread_cflags="-DOPENSSL_THREADS $thread_cflag $cflags"; - $thread_defines .= "#define OPENSSL_THREADS\n"; -# my $def; -# foreach $def (split ' ',$thread_cflag) -# { -# if ($def =~ s/^-D// && $def !~ /^_/) -# { -# $thread_defines .= "#define $def\n"; -# } -# } - } - -$lflags="$libs$lflags"if ($libs ne ""); - -if ($no_asm) - { - $bn_obj=$des_obj=$bf_obj=$cast_obj=$rc4_obj=$rc5_obj=""; - $sha1_obj=$md5_obj=$rmd160_obj=""; - } - -if ($threads) - { - $cflags=$thread_cflags; - $openssl_thread_defines .= $thread_defines; - } - -if ($zlib) - { - $cflags = "-DZLIB $cflags"; - $cflags = "-DZLIB_SHARED $cflags" if $zlib == 2; - $lflags = "$lflags -lz" if $zlib == 2; - } - -# You will find shlib_mark1 and shlib_mark2 explained in Makefile.org -my $shared_mark = ""; -if ($shared_target ne "") - { - if ($shared_cflag ne "") - { - $cflags = "$shared_cflag $cflags"; - } - if (!$no_shared) - { - #$shared_mark = "\$(SHARED_LIBS)"; - } - } -else - { - $no_shared = 1; - } - -if ($sys_id ne "") - { - $cflags="-DOPENSSL_SYSNAME_$sys_id $cflags"; - $openssl_sys_defines="#define OPENSSL_SYSNAME_$sys_id\n"; - } - -if ($ranlib eq "") - { - $ranlib = $default_ranlib; - } - -#my ($bn1)=split(/\s+/,$bn_obj); -#$bn1 = "" unless defined $bn1; -#$bn1=$bn_asm unless ($bn1 =~ /\.o$/); -#$bn_obj="$bn1"; - -$bn_obj = $bn_asm unless $bn_obj ne ""; - -$des_obj=$des_enc unless ($des_obj =~ /\.o$/); -$bf_obj=$bf_enc unless ($bf_obj =~ /\.o$/); -$cast_obj=$cast_enc unless ($cast_obj =~ /\.o$/); -$rc4_obj=$rc4_enc unless ($rc4_obj =~ /\.o$/); -$rc5_obj=$rc5_enc unless ($rc5_obj =~ /\.o$/); -if ($sha1_obj =~ /\.o$/) - { -# $sha1_obj=$sha1_enc; - $cflags.=" -DSHA1_ASM"; - } -if ($md5_obj =~ /\.o$/) - { -# $md5_obj=$md5_enc; - $cflags.=" -DMD5_ASM"; - } -if ($rmd160_obj =~ /\.o$/) - { -# $rmd160_obj=$rmd160_enc; - $cflags.=" -DRMD160_ASM"; - } - -# "Stringify" the C flags string. This permits it to be made part of a string -# and works as well on command lines. -$cflags =~ s/([\\\"])/\\\1/g; - -my $version = "unknown"; -my $major = "unknown"; -my $minor = "unknown"; -my $shlib_version_number = "unknown"; -my $shlib_version_history = "unknown"; -my $shlib_major = "unknown"; -my $shlib_minor = "unknown"; - -open(IN,') - { - $version=$1 if /OPENSSL.VERSION.TEXT.*OpenSSL (\S+) /; - $shlib_version_number=$1 if /SHLIB_VERSION_NUMBER *"([^"]+)"/; - $shlib_version_history=$1 if /SHLIB_VERSION_HISTORY *"([^"]*)"/; - } -close(IN); -if ($shlib_version_history ne "") { $shlib_version_history .= ":"; } - -if ($version =~ /(^[0-9]*)\.([0-9\.]*)/) - { - $major=$1; - $minor=$2; - } - -if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/) - { - $shlib_major=$1; - $shlib_minor=$2; - } - -open(IN,'$Makefile") || die "unable to create $Makefile:$!\n"; -print OUT "### Generated automatically from Makefile.org by Configure.\n\n"; -my $sdirs=0; -while () - { - chop; - $sdirs = 1 if /^SDIRS=/; - if ($sdirs) { - my $dir; - foreach $dir (@skip) { - s/([ ])$dir /\1/; - } - } - $sdirs = 0 unless /\\$/; - s/^VERSION=.*/VERSION=$version/; - s/^MAJOR=.*/MAJOR=$major/; - s/^MINOR=.*/MINOR=$minor/; - s/^SHLIB_VERSION_NUMBER=.*/SHLIB_VERSION_NUMBER=$shlib_version_number/; - s/^SHLIB_VERSION_HISTORY=.*/SHLIB_VERSION_HISTORY=$shlib_version_history/; - s/^SHLIB_MAJOR=.*/SHLIB_MAJOR=$shlib_major/; - s/^SHLIB_MINOR=.*/SHLIB_MINOR=$shlib_minor/; - s/^SHLIB_EXT=.*/SHLIB_EXT=$shared_extension/; - s/^INSTALLTOP=.*$/INSTALLTOP=$prefix/; - s/^OPENSSLDIR=.*$/OPENSSLDIR=$openssldir/; - s/^INSTALL_PREFIX=.*$/INSTALL_PREFIX=$install_prefix/; - s/^PLATFORM=.*$/PLATFORM=$target/; - s/^OPTIONS=.*$/OPTIONS=$options/; - s/^CONFIGURE_ARGS=.*$/CONFIGURE_ARGS=$argvstring/; - s/^CC=.*$/CC= $cc/; - s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc"; - s/^CFLAG=.*$/CFLAG= $cflags/; - s/^DEPFLAG=.*$/DEPFLAG= $depflags/; - s/^EX_LIBS=.*$/EX_LIBS= $lflags/; - s/^EXE_EXT=.*$/EXE_EXT= $exe_ext/; - s/^BN_ASM=.*$/BN_ASM= $bn_obj/; - s/^DES_ENC=.*$/DES_ENC= $des_obj/; - s/^BF_ENC=.*$/BF_ENC= $bf_obj/; - s/^CAST_ENC=.*$/CAST_ENC= $cast_obj/; - s/^RC4_ENC=.*$/RC4_ENC= $rc4_obj/; - s/^RC5_ENC=.*$/RC5_ENC= $rc5_obj/; - s/^MD5_ASM_OBJ=.*$/MD5_ASM_OBJ= $md5_obj/; - s/^SHA1_ASM_OBJ=.*$/SHA1_ASM_OBJ= $sha1_obj/; - s/^RMD160_ASM_OBJ=.*$/RMD160_ASM_OBJ= $rmd160_obj/; - s/^PROCESSOR=.*/PROCESSOR= $processor/; - s/^RANLIB=.*/RANLIB= $ranlib/; - s/^PERL=.*/PERL= $perl/; - s/^KRB5_INCLUDES=.*/KRB5_INCLUDES=$withargs{"krb5-include"}/; - s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/; - s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/; - s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/; - s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared); - if ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*$/) - { - my $sotmp = $1; - s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp/; - } - elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.dylib$/) - { - s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.dylib/; - } - elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/) - { - my $sotmp = $1; - s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/; - } - elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/) - { - s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.\$(SHLIB_MAJOR).dylib .dylib/; - } - s/^SHARED_LDFLAGS=.*/SHARED_LDFLAGS=$shared_ldflag/; - print OUT $_."\n"; - } -close(IN); -close(OUT); - -print "CC =$cc\n"; -print "CFLAG =$cflags\n"; -print "EX_LIBS =$lflags\n"; -print "BN_ASM =$bn_obj\n"; -print "DES_ENC =$des_obj\n"; -print "BF_ENC =$bf_obj\n"; -print "CAST_ENC =$cast_obj\n"; -print "RC4_ENC =$rc4_obj\n"; -print "RC5_ENC =$rc5_obj\n"; -print "MD5_OBJ_ASM =$md5_obj\n"; -print "SHA1_OBJ_ASM =$sha1_obj\n"; -print "RMD160_OBJ_ASM=$rmd160_obj\n"; -print "PROCESSOR =$processor\n"; -print "RANLIB =$ranlib\n"; -print "PERL =$perl\n"; -print "KRB5_INCLUDES =",$withargs{"krb5-include"},"\n" - if $withargs{"krb5-include"} ne ""; -print "LIBKRB5 =",$withargs{"krb5-lib"},"\n" - if $withargs{"krb5-lib"} ne ""; - -my $des_ptr=0; -my $des_risc1=0; -my $des_risc2=0; -my $des_unroll=0; -my $bn_ll=0; -my $def_int=2; -my $rc4_int=$def_int; -my $md2_int=$def_int; -my $idea_int=$def_int; -my $rc2_int=$def_int; -my $rc4_idx=0; -my $rc4_chunk=0; -my $bf_ptr=0; -my @type=("char","short","int","long"); -my ($b64l,$b64,$b32,$b16,$b8)=(0,0,1,0,0); -my $export_var_as_fn=0; - -my $des_int; - -foreach (sort split(/\s+/,$bn_ops)) - { - $des_ptr=1 if /DES_PTR/; - $des_risc1=1 if /DES_RISC1/; - $des_risc2=1 if /DES_RISC2/; - $des_unroll=1 if /DES_UNROLL/; - $des_int=1 if /DES_INT/; - $bn_ll=1 if /BN_LLONG/; - $rc4_int=0 if /RC4_CHAR/; - $rc4_int=3 if /RC4_LONG/; - $rc4_idx=1 if /RC4_INDEX/; - $rc4_chunk=1 if /RC4_CHUNK/; - $rc4_chunk=2 if /RC4_CHUNK_LL/; - $md2_int=0 if /MD2_CHAR/; - $md2_int=3 if /MD2_LONG/; - $idea_int=1 if /IDEA_SHORT/; - $idea_int=3 if /IDEA_LONG/; - $rc2_int=1 if /RC2_SHORT/; - $rc2_int=3 if /RC2_LONG/; - $bf_ptr=1 if $_ eq "BF_PTR"; - $bf_ptr=2 if $_ eq "BF_PTR2"; - ($b64l,$b64,$b32,$b16,$b8)=(0,1,0,0,0) if /SIXTY_FOUR_BIT/; - ($b64l,$b64,$b32,$b16,$b8)=(1,0,0,0,0) if /SIXTY_FOUR_BIT_LONG/; - ($b64l,$b64,$b32,$b16,$b8)=(0,0,1,0,0) if /THIRTY_TWO_BIT/; - ($b64l,$b64,$b32,$b16,$b8)=(0,0,0,1,0) if /SIXTEEN_BIT/; - ($b64l,$b64,$b32,$b16,$b8)=(0,0,0,0,1) if /EIGHT_BIT/; - $export_var_as_fn=1 if /EXPORT_VAR_AS_FN/; - } - -open(IN,'crypto/opensslconf.h') || die "unable to create crypto/opensslconf.h:$!\n"; -print OUT "/* opensslconf.h */\n"; -print OUT "/* WARNING: Generated automatically from opensslconf.h.in by Configure. */\n\n"; - -print OUT "/* OpenSSL was configured with the following options: */\n"; -my $openssl_algorithm_defines_trans = $openssl_algorithm_defines; -$openssl_algorithm_defines_trans =~ s/^\s*#\s*define\s+OPENSSL_(.*)/# if defined(OPENSSL_$1) \&\& !defined($1)\n# define $1\n# endif/mg; -$openssl_algorithm_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg; -$openssl_algorithm_defines = " /* no ciphers excluded */\n" if $openssl_algorithm_defines eq ""; -$openssl_thread_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg; -$openssl_sys_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg; -$openssl_other_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg; -print OUT $openssl_sys_defines; -print OUT "#ifndef OPENSSL_DOING_MAKEDEPEND\n\n"; -print OUT $openssl_algorithm_defines; -print OUT "\n#endif /* OPENSSL_DOING_MAKEDEPEND */\n"; -print OUT $openssl_thread_defines; -print OUT $openssl_other_defines,"\n"; - -print OUT "/* The OPENSSL_NO_* macros are also defined as NO_* if the application\n"; -print OUT " asks for it. This is a transient feature that is provided for those\n"; -print OUT " who haven't had the time to do the appropriate changes in their\n"; -print OUT " applications. */\n"; -print OUT "#ifdef OPENSSL_ALGORITHM_DEFINES\n"; -print OUT $openssl_algorithm_defines_trans; -print OUT "#endif\n\n"; - -while () - { - if (/^#define\s+OPENSSLDIR/) - { print OUT "#define OPENSSLDIR \"$openssldir\"\n"; } - elsif (/^#((define)|(undef))\s+OPENSSL_EXPORT_VAR_AS_FUNCTION/) - { printf OUT "#undef OPENSSL_EXPORT_VAR_AS_FUNCTION\n" - if $export_var_as_fn; - printf OUT "#%s OPENSSL_EXPORT_VAR_AS_FUNCTION\n", - ($export_var_as_fn)?"define":"undef"; } - elsif (/^#define\s+OPENSSL_UNISTD/) - { - $unistd = "" if $unistd eq ""; - print OUT "#define OPENSSL_UNISTD $unistd\n"; - } - elsif (/^#((define)|(undef))\s+SIXTY_FOUR_BIT_LONG/) - { printf OUT "#%s SIXTY_FOUR_BIT_LONG\n",($b64l)?"define":"undef"; } - elsif (/^#((define)|(undef))\s+SIXTY_FOUR_BIT/) - { printf OUT "#%s SIXTY_FOUR_BIT\n",($b64)?"define":"undef"; } - elsif (/^#((define)|(undef))\s+THIRTY_TWO_BIT/) - { printf OUT "#%s THIRTY_TWO_BIT\n",($b32)?"define":"undef"; } - elsif (/^#((define)|(undef))\s+SIXTEEN_BIT/) - { printf OUT "#%s SIXTEEN_BIT\n",($b16)?"define":"undef"; } - elsif (/^#((define)|(undef))\s+EIGHT_BIT/) - { printf OUT "#%s EIGHT_BIT\n",($b8)?"define":"undef"; } - elsif (/^#((define)|(undef))\s+BN_LLONG\s*$/) - { printf OUT "#%s BN_LLONG\n",($bn_ll)?"define":"undef"; } - elsif (/^\#define\s+DES_LONG\s+.*/) - { printf OUT "#define DES_LONG unsigned %s\n", - ($des_int)?'int':'long'; } - elsif (/^\#(define|undef)\s+DES_PTR/) - { printf OUT "#%s DES_PTR\n",($des_ptr)?'define':'undef'; } - elsif (/^\#(define|undef)\s+DES_RISC1/) - { printf OUT "#%s DES_RISC1\n",($des_risc1)?'define':'undef'; } - elsif (/^\#(define|undef)\s+DES_RISC2/) - { printf OUT "#%s DES_RISC2\n",($des_risc2)?'define':'undef'; } - elsif (/^\#(define|undef)\s+DES_UNROLL/) - { printf OUT "#%s DES_UNROLL\n",($des_unroll)?'define':'undef'; } - elsif (/^#define\s+RC4_INT\s/) - { printf OUT "#define RC4_INT unsigned %s\n",$type[$rc4_int]; } - elsif (/^#undef\s+RC4_CHUNK/) - { - printf OUT "#undef RC4_CHUNK\n" if $rc4_chunk==0; - printf OUT "#define RC4_CHUNK unsigned long\n" if $rc4_chunk==1; - printf OUT "#define RC4_CHUNK unsigned long long\n" if $rc4_chunk==2; - } - elsif (/^#((define)|(undef))\s+RC4_INDEX/) - { printf OUT "#%s RC4_INDEX\n",($rc4_idx)?"define":"undef"; } - elsif (/^#(define|undef)\s+I386_ONLY/) - { printf OUT "#%s I386_ONLY\n", ($processor == 386)? - "define":"undef"; } - elsif (/^#define\s+MD2_INT\s/) - { printf OUT "#define MD2_INT unsigned %s\n",$type[$md2_int]; } - elsif (/^#define\s+IDEA_INT\s/) - {printf OUT "#define IDEA_INT unsigned %s\n",$type[$idea_int];} - elsif (/^#define\s+RC2_INT\s/) - {printf OUT "#define RC2_INT unsigned %s\n",$type[$rc2_int];} - elsif (/^#(define|undef)\s+BF_PTR/) - { - printf OUT "#undef BF_PTR\n" if $bf_ptr == 0; - printf OUT "#define BF_PTR\n" if $bf_ptr == 1; - printf OUT "#define BF_PTR2\n" if $bf_ptr == 2; - } - else - { print OUT $_; } - } -close(IN); -close(OUT); - - -# Fix the date - -print "SIXTY_FOUR_BIT_LONG mode\n" if $b64l; -print "SIXTY_FOUR_BIT mode\n" if $b64; -print "THIRTY_TWO_BIT mode\n" if $b32; -print "SIXTEEN_BIT mode\n" if $b16; -print "EIGHT_BIT mode\n" if $b8; -print "DES_PTR used\n" if $des_ptr; -print "DES_RISC1 used\n" if $des_risc1; -print "DES_RISC2 used\n" if $des_risc2; -print "DES_UNROLL used\n" if $des_unroll; -print "DES_INT used\n" if $des_int; -print "BN_LLONG mode\n" if $bn_ll; -print "RC4 uses u$type[$rc4_int]\n" if $rc4_int != $def_int; -print "RC4_INDEX mode\n" if $rc4_idx; -print "RC4_CHUNK is undefined\n" if $rc4_chunk==0; -print "RC4_CHUNK is unsigned long\n" if $rc4_chunk==1; -print "RC4_CHUNK is unsigned long long\n" if $rc4_chunk==2; -print "MD2 uses u$type[$md2_int]\n" if $md2_int != $def_int; -print "IDEA uses u$type[$idea_int]\n" if $idea_int != $def_int; -print "RC2 uses u$type[$rc2_int]\n" if $rc2_int != $def_int; -print "BF_PTR used\n" if $bf_ptr == 1; -print "BF_PTR2 used\n" if $bf_ptr == 2; - -if($IsWindows) { - open (OUT,">crypto/buildinf.h") || die "Can't open buildinf.h"; - printf OUT < 78) - { - print STDERR "\n"; - $k=length($i); - } - print STDERR $i . " "; - } - foreach $i (sort keys %table) - { - next if $i !~ /^debug/; - $k += length($i) + 1; - if ($k > 78) - { - print STDERR "\n"; - $k=length($i); - } - print STDERR $i . " "; - } - print STDERR "\n\nNOTE: If in doubt, on Unix-ish systems use './config'.\n"; - exit(1); - } - -sub which - { - my($name)=@_; - my $path; - foreach $path (split /:/, $ENV{PATH}) - { - if (-f "$path/$name" and -x _) - { - return "$path/$name" unless ($name eq "perl" and - system("$path/$name -e " . '\'exit($]<5.0);\'')); - } - } - } - -sub dofile - { - my $f; my $p; my %m; my @a; my $k; my $ff; - ($f,$p,%m)=@_; - - open(IN,"<$f.in") || open(IN,"<$f") || die "unable to open $f:$!\n"; - @a=; - close(IN); - foreach $k (keys %m) - { - grep(/$k/ && ($_=sprintf($m{$k}."\n",$p)),@a); - } - open(OUT,">$f.new") || die "unable to open $f.new:$!\n"; - print OUT @a; - close(OUT); - rename($f,"$f.bak") || die "unable to rename $f\n" if -e $f; - rename("$f.new",$f) || die "unable to rename $f.new\n"; - } - -sub print_table_entry - { - my $target = shift; - - (my $cc,my $cflags,my $unistd,my $thread_cflag,my $sys_id,my $lflags, - my $bn_ops,my $bn_obj,my $des_obj,my $bf_obj, - my $md5_obj,my $sha1_obj,my $cast_obj,my $rc4_obj,my $rmd160_obj, - my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag, - my $shared_ldflag,my $shared_extension,my $ranlib)= - split(/\s*:\s*/,$table{$target} . ":" x 30 , -1); - - print < fail with a certificate verify error? -* Why can I only use weak ciphers when I connect to a server using OpenSSL? -* How can I create DSA certificates? -* Why can't I make an SSL connection using a DSA certificate? -* How can I remove the passphrase on a private key? -* Why can't I use OpenSSL certificates with SSL client authentication? -* Why does my browser give a warning about a mismatched hostname? -* How do I install a CA certificate into a browser? -* Why is OpenSSL x509 DN output not conformant to RFC2253? - -[BUILD] Questions about building and testing OpenSSL - -* Why does the linker complain about undefined symbols? -* Why does the OpenSSL test fail with "bc: command not found"? -* Why does the OpenSSL test fail with "bc: 1 no implemented"? -* Why does the OpenSSL compilation fail on Alpha Tru64 Unix? -* Why does the OpenSSL compilation fail with "ar: command not found"? -* Why does the OpenSSL compilation fail on Win32 with VC++? - -[PROG] Questions about programming with OpenSSL - -* Is OpenSSL thread-safe? -* I've compiled a program under Windows and it crashes: why? -* How do I read or write a DER encoded buffer using the ASN1 functions? -* I've tried using and I get errors why? -* I've called and it fails, why? -* I just get a load of numbers for the error output, what do they mean? -* Why do I get errors about unknown algorithms? -* Why can't the OpenSSH configure script detect OpenSSL? -* Can I use OpenSSL's SSL library with non-blocking I/O? -* Why doesn't my server application receive a client certificate? - -=============================================================================== - -[MISC] ======================================================================== - -* Which is the current version of OpenSSL? - -The current version is available from . -OpenSSL 0.9.6d was released on May 9, 2002. - -In addition to the current stable release, you can also access daily -snapshots of the OpenSSL development version at , or get it by anonymous CVS access. - - -* Where is the documentation? - -OpenSSL is a library that provides cryptographic functionality to -applications such as secure web servers. Be sure to read the -documentation of the application you want to use. The INSTALL file -explains how to install this library. - -OpenSSL includes a command line utility that can be used to perform a -variety of cryptographic functions. It is described in the openssl(1) -manpage. Documentation for developers is currently being written. A -few manual pages already are available; overviews over libcrypto and -libssl are given in the crypto(3) and ssl(3) manpages. - -The OpenSSL manpages are installed in /usr/local/ssl/man/ (or a -different directory if you specified one as described in INSTALL). -In addition, you can read the most current versions at -. - -For information on parts of libcrypto that are not yet documented, you -might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's -predecessor, at . Much -of this still applies to OpenSSL. - -There is some documentation about certificate extensions and PKCS#12 -in doc/openssl.txt - -The original SSLeay documentation is included in OpenSSL as -doc/ssleay.txt. It may be useful when none of the other resources -help, but please note that it reflects the obsolete version SSLeay -0.6.6. - - -* How can I contact the OpenSSL developers? - -The README file describes how to submit bug reports and patches to -OpenSSL. Information on the OpenSSL mailing lists is available from -. - - -* Where can I get a compiled version of OpenSSL? - -Some applications that use OpenSSL are distributed in binary form. -When using such an application, you don't need to install OpenSSL -yourself; the application will include the required parts (e.g. DLLs). - -If you want to install OpenSSL on a Windows system and you don't have -a C compiler, read the "Mingw32" section of INSTALL.W32 for information -on how to obtain and install the free GNU C compiler. - -A number of Linux and *BSD distributions include OpenSSL. - - -* Why aren't tools like 'autoconf' and 'libtool' used? - -autoconf will probably be used in future OpenSSL versions. If it was -less Unix-centric, it might have been used much earlier. - -* What is an 'engine' version? - -With version 0.9.6 OpenSSL was extended to interface to external crypto -hardware. This was realized in a special release '0.9.6-engine'. With -version 0.9.7 (not yet released) the changes were merged into the main -development line, so that the special release is no longer necessary. - -[LEGAL] ======================================================================= - -* Do I need patent licenses to use OpenSSL? - -The patents section of the README file lists patents that may apply to -you if you want to use OpenSSL. For information on intellectual -property rights, please consult a lawyer. The OpenSSL team does not -offer legal advice. - -You can configure OpenSSL so as not to use RC5 and IDEA by using - ./config no-rc5 no-idea - - -* Can I use OpenSSL with GPL software? - -On many systems including the major Linux and BSD distributions, yes (the -GPL does not place restrictions on using libraries that are part of the -normal operating system distribution). - -On other systems, the situation is less clear. Some GPL software copyright -holders claim that you infringe on their rights if you use OpenSSL with -their software on operating systems that don't normally include OpenSSL. - -If you develop open source software that uses OpenSSL, you may find it -useful to choose an other license than the GPL, or state explicitly that -"This program is released under the GPL with the additional exemption that -compiling, linking, and/or using OpenSSL is allowed." If you are using -GPL software developed by others, you may want to ask the copyright holder -for permission to use their software with OpenSSL. - - -[USER] ======================================================================== - -* Why do I get a "PRNG not seeded" error message? - -Cryptographic software needs a source of unpredictable data to work -correctly. Many open source operating systems provide a "randomness -device" that serves this purpose. On other systems, applications have -to call the RAND_add() or RAND_seed() function with appropriate data -before generating keys or performing public key encryption. -(These functions initialize the pseudo-random number generator, PRNG.) - -Some broken applications do not do this. As of version 0.9.5, the -OpenSSL functions that need randomness report an error if the random -number generator has not been seeded with at least 128 bits of -randomness. If this error occurs, please contact the author of the -application you are using. It is likely that it never worked -correctly. OpenSSL 0.9.5 and later make the error visible by refusing -to perform potentially insecure encryption. - -On systems without /dev/urandom and /dev/random, it is a good idea to -use the Entropy Gathering Demon (EGD); see the RAND_egd() manpage for -details. Starting with version 0.9.7, OpenSSL will automatically look -for an EGD socket at /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool and -/etc/entropy. - -Most components of the openssl command line utility automatically try -to seed the random number generator from a file. The name of the -default seeding file is determined as follows: If environment variable -RANDFILE is set, then it names the seeding file. Otherwise if -environment variable HOME is set, then the seeding file is $HOME/.rnd. -If neither RANDFILE nor HOME is set, versions up to OpenSSL 0.9.6 will -use file .rnd in the current directory while OpenSSL 0.9.6a uses no -default seeding file at all. OpenSSL 0.9.6b and later will behave -similarly to 0.9.6a, but will use a default of "C:\" for HOME on -Windows systems if the environment variable has not been set. - -If the default seeding file does not exist or is too short, the "PRNG -not seeded" error message may occur. - -The openssl command line utility will write back a new state to the -default seeding file (and create this file if necessary) unless -there was no sufficient seeding. - -Pointing $RANDFILE to an Entropy Gathering Daemon socket does not work. -Use the "-rand" option of the OpenSSL command line tools instead. -The $RANDFILE environment variable and $HOME/.rnd are only used by the -OpenSSL command line tools. Applications using the OpenSSL library -provide their own configuration options to specify the entropy source, -please check out the documentation coming the with application. - -For Solaris 2.6, Tim Nibbe and others have suggested -installing the SUNski package from Sun patch 105710-01 (Sparc) which -adds a /dev/random device and make sure it gets used, usually through -$RANDFILE. There are probably similar patches for the other Solaris -versions. However, be warned that /dev/random is usually a blocking -device, which may have some effects on OpenSSL. - - -* Why do I get an "unable to write 'random state'" error message? - - -Sometimes the openssl command line utility does not abort with -a "PRNG not seeded" error message, but complains that it is -"unable to write 'random state'". This message refers to the -default seeding file (see previous answer). A possible reason -is that no default filename is known because neither RANDFILE -nor HOME is set. (Versions up to 0.9.6 used file ".rnd" in the -current directory in this case, but this has changed with 0.9.6a.) - - -* How do I create certificates or certificate requests? - -Check out the CA.pl(1) manual page. This provides a simple wrapper round -the 'req', 'verify', 'ca' and 'pkcs12' utilities. For finer control check -out the manual pages for the individual utilities and the certificate -extensions documentation (currently in doc/openssl.txt). - - -* Why can't I create certificate requests? - -You typically get the error: - - unable to find 'distinguished_name' in config - problems making Certificate Request - -This is because it can't find the configuration file. Check out the -DIAGNOSTICS section of req(1) for more information. - - -* Why does fail with a certificate verify error? - -This problem is usually indicated by log messages saying something like -"unable to get local issuer certificate" or "self signed certificate". -When a certificate is verified its root CA must be "trusted" by OpenSSL -this typically means that the CA certificate must be placed in a directory -or file and the relevant program configured to read it. The OpenSSL program -'verify' behaves in a similar way and issues similar error messages: check -the verify(1) program manual page for more information. - - -* Why can I only use weak ciphers when I connect to a server using OpenSSL? - -This is almost certainly because you are using an old "export grade" browser -which only supports weak encryption. Upgrade your browser to support 128 bit -ciphers. - - -* How can I create DSA certificates? - -Check the CA.pl(1) manual page for a DSA certificate example. - - -* Why can't I make an SSL connection to a server using a DSA certificate? - -Typically you'll see a message saying there are no shared ciphers when -the same setup works fine with an RSA certificate. There are two possible -causes. The client may not support connections to DSA servers most web -browsers (including Netscape and MSIE) only support connections to servers -supporting RSA cipher suites. The other cause is that a set of DH parameters -has not been supplied to the server. DH parameters can be created with the -dhparam(1) command and loaded using the SSL_CTX_set_tmp_dh() for example: -check the source to s_server in apps/s_server.c for an example. - - -* How can I remove the passphrase on a private key? - -Firstly you should be really *really* sure you want to do this. Leaving -a private key unencrypted is a major security risk. If you decide that -you do have to do this check the EXAMPLES sections of the rsa(1) and -dsa(1) manual pages. - - -* Why can't I use OpenSSL certificates with SSL client authentication? - -What will typically happen is that when a server requests authentication -it will either not include your certificate or tell you that you have -no client certificates (Netscape) or present you with an empty list box -(MSIE). The reason for this is that when a server requests a client -certificate it includes a list of CAs names which it will accept. Browsers -will only let you select certificates from the list on the grounds that -there is little point presenting a certificate which the server will -reject. - -The solution is to add the relevant CA certificate to your servers "trusted -CA list". How you do this depends on the server software in uses. You can -print out the servers list of acceptable CAs using the OpenSSL s_client tool: - -openssl s_client -connect www.some.host:443 -prexit - -If your server only requests certificates on certain URLs then you may need -to manually issue an HTTP GET command to get the list when s_client connects: - -GET /some/page/needing/a/certificate.html - -If your CA does not appear in the list then this confirms the problem. - - -* Why does my browser give a warning about a mismatched hostname? - -Browsers expect the server's hostname to match the value in the commonName -(CN) field of the certificate. If it does not then you get a warning. - - -* How do I install a CA certificate into a browser? - -The usual way is to send the DER encoded certificate to the browser as -MIME type application/x-x509-ca-cert, for example by clicking on an appropriate -link. On MSIE certain extensions such as .der or .cacert may also work, or you -can import the certificate using the certificate import wizard. - -You can convert a certificate to DER form using the command: - -openssl x509 -in ca.pem -outform DER -out ca.der - -Occasionally someone suggests using a command such as: - -openssl pkcs12 -export -out cacert.p12 -in cacert.pem -inkey cakey.pem - -DO NOT DO THIS! This command will give away your CAs private key and -reduces its security to zero: allowing anyone to forge certificates in -whatever name they choose. - -* Why is OpenSSL x509 DN output not conformant to RFC2253? - -The ways to print out the oneline format of the DN (Distinguished Name) have -been extended in version 0.9.7 of OpenSSL. Using the new X509_NAME_print_ex() -interface, the "-nameopt" option could be introduded. See the manual -page of the "openssl x509" commandline tool for details. The old behaviour -has however been left as default for the sake of compatibility. - -[BUILD] ======================================================================= - -* Why does the linker complain about undefined symbols? - -Maybe the compilation was interrupted, and make doesn't notice that -something is missing. Run "make clean; make". - -If you used ./Configure instead of ./config, make sure that you -selected the right target. File formats may differ slightly between -OS versions (for example sparcv8/sparcv9, or a.out/elf). - -In case you get errors about the following symbols, use the config -option "no-asm", as described in INSTALL: - - BF_cbc_encrypt, BF_decrypt, BF_encrypt, CAST_cbc_encrypt, - CAST_decrypt, CAST_encrypt, RC4, RC5_32_cbc_encrypt, RC5_32_decrypt, - RC5_32_encrypt, bn_add_words, bn_div_words, bn_mul_add_words, - bn_mul_comba4, bn_mul_comba8, bn_mul_words, bn_sqr_comba4, - bn_sqr_comba8, bn_sqr_words, bn_sub_words, des_decrypt3, - des_ede3_cbc_encrypt, des_encrypt, des_encrypt2, des_encrypt3, - des_ncbc_encrypt, md5_block_asm_host_order, sha1_block_asm_data_order - -If none of these helps, you may want to try using the current snapshot. -If the problem persists, please submit a bug report. - - -* Why does the OpenSSL test fail with "bc: command not found"? - -You didn't install "bc", the Unix calculator. If you want to run the -tests, get GNU bc from ftp://ftp.gnu.org or from your OS distributor. - - -* Why does the OpenSSL test fail with "bc: 1 no implemented"? - -On some SCO installations or versions, bc has a bug that gets triggered -when you run the test suite (using "make test"). The message returned is -"bc: 1 not implemented". - -The best way to deal with this is to find another implementation of bc -and compile/install it. GNU bc (see http://www.gnu.org/software/software.html -for download instructions) can be safely used, for example. - - -* Why does the OpenSSL compilation fail on Alpha Tru64 Unix? - -On some Alpha installations running Tru64 Unix and Compaq C, the compilation -of crypto/sha/sha_dgst.c fails with the message 'Fatal: Insufficient virtual -memory to continue compilation.' As far as the tests have shown, this may be -a compiler bug. What happens is that it eats up a lot of resident memory -to build something, probably a table. The problem is clearly in the -optimization code, because if one eliminates optimization completely (-O0), -the compilation goes through (and the compiler consumes about 2MB of resident -memory instead of 240MB or whatever one's limit is currently). - -There are three options to solve this problem: - -1. set your current data segment size soft limit higher. Experience shows -that about 241000 kbytes seems to be enough on an AlphaServer DS10. You do -this with the command 'ulimit -Sd nnnnnn', where 'nnnnnn' is the number of -kbytes to set the limit to. - -2. If you have a hard limit that is lower than what you need and you can't -get it changed, you can compile all of OpenSSL with -O0 as optimization -level. This is however not a very nice thing to do for those who expect to -get the best result from OpenSSL. A bit more complicated solution is the -following: - ------ snip:start ----- - make DIRS=crypto SDIRS=sha "`grep '^CFLAG=' Makefile.ssl | \ - sed -e 's/ -O[0-9] / -O0 /'`" - rm `ls crypto/*.o crypto/sha/*.o | grep -v 'sha_dgst\.o'` - make ------ snip:end ----- - -This will only compile sha_dgst.c with -O0, the rest with the optimization -level chosen by the configuration process. When the above is done, do the -test and installation and you're set. - - -* Why does the OpenSSL compilation fail with "ar: command not found"? - -Getting this message is quite usual on Solaris 2, because Sun has hidden -away 'ar' and other development commands in directories that aren't in -$PATH by default. One of those directories is '/usr/ccs/bin'. The -quickest way to fix this is to do the following (it assumes you use sh -or any sh-compatible shell): - ------ snip:start ----- - PATH=${PATH}:/usr/ccs/bin; export PATH ------ snip:end ----- - -and then redo the compilation. What you should really do is make sure -'/usr/ccs/bin' is permanently in your $PATH, for example through your -'.profile' (again, assuming you use a sh-compatible shell). - - -* Why does the OpenSSL compilation fail on Win32 with VC++? - -Sometimes, you may get reports from VC++ command line (cl) that it -can't find standard include files like stdio.h and other weirdnesses. -One possible cause is that the environment isn't correctly set up. -To solve that problem, one should run VCVARS32.BAT which is found in -the 'bin' subdirectory of the VC++ installation directory (somewhere -under 'Program Files'). This needs to be done prior to running NMAKE, -and the changes are only valid for the current DOS session. - - -[PROG] ======================================================================== - -* Is OpenSSL thread-safe? - -Yes (with limitations: an SSL connection may not concurrently be used -by multiple threads). On Windows and many Unix systems, OpenSSL -automatically uses the multi-threaded versions of the standard -libraries. If your platform is not one of these, consult the INSTALL -file. - -Multi-threaded applications must provide two callback functions to -OpenSSL. This is described in the threads(3) manpage. - - -* I've compiled a program under Windows and it crashes: why? - -This is usually because you've missed the comment in INSTALL.W32. -Your application must link against the same version of the Win32 -C-Runtime against which your openssl libraries were linked. The -default version for OpenSSL is /MD - "Multithreaded DLL". - -If you are using Microsoft Visual C++'s IDE (Visual Studio), in -many cases, your new project most likely defaulted to "Debug -Singlethreaded" - /ML. This is NOT interchangeable with /MD and your -program will crash, typically on the first BIO related read or write -operation. - -For each of the six possible link stage configurations within Win32, -your application must link against the same by which OpenSSL was -built. If you are using MS Visual C++ (Studio) this can be changed -by: - -1. Select Settings... from the Project Menu. -2. Select the C/C++ Tab. -3. Select "Code Generation from the "Category" drop down list box -4. Select the Appropriate library (see table below) from the "Use - run-time library" drop down list box. Perform this step for both - your debug and release versions of your application (look at the - top left of the settings panel to change between the two) - - Single Threaded /ML - MS VC++ often defaults to - this for the release - version of a new project. - Debug Single Threaded /MLd - MS VC++ often defaults to - this for the debug version - of a new project. - Multithreaded /MT - Debug Multithreaded /MTd - Multithreaded DLL /MD - OpenSSL defaults to this. - Debug Multithreaded DLL /MDd - -Note that debug and release libraries are NOT interchangeable. If you -built OpenSSL with /MD your application must use /MD and cannot use /MDd. - - -* How do I read or write a DER encoded buffer using the ASN1 functions? - -You have two options. You can either use a memory BIO in conjunction -with the i2d_XXX_bio() or d2i_XXX_bio() functions or you can use the -i2d_XXX(), d2i_XXX() functions directly. Since these are often the -cause of grief here are some code fragments using PKCS7 as an example: - -unsigned char *buf, *p; -int len; - -len = i2d_PKCS7(p7, NULL); -buf = OPENSSL_malloc(len); /* or Malloc, error checking omitted */ -p = buf; -i2d_PKCS7(p7, &p); - -At this point buf contains the len bytes of the DER encoding of -p7. - -The opposite assumes we already have len bytes in buf: - -unsigned char *p; -p = buf; -p7 = d2i_PKCS7(NULL, &p, len); - -At this point p7 contains a valid PKCS7 structure of NULL if an error -occurred. If an error occurred ERR_print_errors(bio) should give more -information. - -The reason for the temporary variable 'p' is that the ASN1 functions -increment the passed pointer so it is ready to read or write the next -structure. This is often a cause of problems: without the temporary -variable the buffer pointer is changed to point just after the data -that has been read or written. This may well be uninitialized data -and attempts to free the buffer will have unpredictable results -because it no longer points to the same address. - - -* I've tried using and I get errors why? - -This usually happens when you try compiling something using the PKCS#12 -macros with a C++ compiler. There is hardly ever any need to use the -PKCS#12 macros in a program, it is much easier to parse and create -PKCS#12 files using the PKCS12_parse() and PKCS12_create() functions -documented in doc/openssl.txt and with examples in demos/pkcs12. The -'pkcs12' application has to use the macros because it prints out -debugging information. - - -* I've called and it fails, why? - -Before submitting a report or asking in one of the mailing lists, you -should try to determine the cause. In particular, you should call -ERR_print_errors() or ERR_print_errors_fp() after the failed call -and see if the message helps. Note that the problem may occur earlier -than you think -- you should check for errors after every call where -it is possible, otherwise the actual problem may be hidden because -some OpenSSL functions clear the error state. - - -* I just get a load of numbers for the error output, what do they mean? - -The actual format is described in the ERR_print_errors() manual page. -You should call the function ERR_load_crypto_strings() before hand and -the message will be output in text form. If you can't do this (for example -it is a pre-compiled binary) you can use the errstr utility on the error -code itself (the hex digits after the second colon). - - -* Why do I get errors about unknown algorithms? - -This can happen under several circumstances such as reading in an -encrypted private key or attempting to decrypt a PKCS#12 file. The cause -is forgetting to load OpenSSL's table of algorithms with -OpenSSL_add_all_algorithms(). See the manual page for more information. - - -* Why can't the OpenSSH configure script detect OpenSSL? - -Several reasons for problems with the automatic detection exist. -OpenSSH requires at least version 0.9.5a of the OpenSSL libraries. -Sometimes the distribution has installed an older version in the system -locations that is detected instead of a new one installed. The OpenSSL -library might have been compiled for another CPU or another mode (32/64 bits). -Permissions might be wrong. - -The general answer is to check the config.log file generated when running -the OpenSSH configure script. It should contain the detailed information -on why the OpenSSL library was not detected or considered incompatible. - -* Can I use OpenSSL's SSL library with non-blocking I/O? - -Yes; make sure to read the SSL_get_error(3) manual page! - -A pitfall to avoid: Don't assume that SSL_read() will just read from -the underlying transport or that SSL_write() will just write to it -- -it is also possible that SSL_write() cannot do any useful work until -there is data to read, or that SSL_read() cannot do anything until it -is possible to send data. One reason for this is that the peer may -request a new TLS/SSL handshake at any time during the protocol, -requiring a bi-directional message exchange; both SSL_read() and -SSL_write() will try to continue any pending handshake. - - -* Why doesn't my server application receive a client certificate? - -Due to the TLS protocol definition, a client will only send a certificate, -if explicitly asked by the server. Use the SSL_VERIFY_PEER flag of the -SSL_CTX_set_verify() function to enable the use of client certificates. - - -=============================================================================== - diff --git a/src/lib/libssl/src/INSTALL b/src/lib/libssl/src/INSTALL deleted file mode 100644 index 7eaa8147c3b..00000000000 --- a/src/lib/libssl/src/INSTALL +++ /dev/null @@ -1,292 +0,0 @@ - - INSTALLATION ON THE UNIX PLATFORM - --------------------------------- - - [Installation on Windows, OpenVMS and MacOS (before MacOS X) is described - in INSTALL.W32, INSTALL.VMS and INSTALL.MacOS.] - - To install OpenSSL, you will need: - - * make - * Perl 5 - * an ANSI C compiler - * a development environment in form of development libraries and C - header files - * a supported Unix operating system - - Quick Start - ----------- - - If you want to just get on with it, do: - - $ ./config - $ make - $ make test - $ make install - - [If any of these steps fails, see section Installation in Detail below.] - - This will build and install OpenSSL in the default location, which is (for - historical reasons) /usr/local/ssl. If you want to install it anywhere else, - run config like this: - - $ ./config --prefix=/usr/local --openssldir=/usr/local/openssl - - - Configuration Options - --------------------- - - There are several options to ./config (or ./Configure) to customize - the build: - - --prefix=DIR Install in DIR/bin, DIR/lib, DIR/include/openssl. - Configuration files used by OpenSSL will be in DIR/ssl - or the directory specified by --openssldir. - - --openssldir=DIR Directory for OpenSSL files. If no prefix is specified, - the library files and binaries are also installed there. - - no-threads Don't try to build with support for multi-threaded - applications. - - threads Build with support for multi-threaded applications. - This will usually require additional system-dependent options! - See "Note on multi-threading" below. - - no-zlib Don't try to build with support for zlib compression and - decompression. - - zlib Build with support for zlib compression/decompression. - - zlib-dynamic Like "zlib", but has OpenSSL load the zlib library dynamically - when needed. This is only supported on systems where loading - of shared libraries is supported. This is the default choice. - - no-shared Don't try to create shared libraries. - - shared In addition to the usual static libraries, create shared - libraries on platforms where it's supported. See "Note on - shared libraries" below. - - no-asm Do not use assembler code. - - 386 Use the 80386 instruction set only (the default x86 code is - more efficient, but requires at least a 486). - - no- Build without the specified cipher (bf, cast, des, dh, dsa, - hmac, md2, md5, mdc2, rc2, rc4, rc5, rsa, sha). - The crypto/ directory can be removed after running - "make depend". - - -Dxxx, -lxxx, -Lxxx, -fxxx, -Kxxx These system specific options will - be passed through to the compiler to allow you to - define preprocessor symbols, specify additional libraries, - library directories or other compiler options. - - - Installation in Detail - ---------------------- - - 1a. Configure OpenSSL for your operation system automatically: - - $ ./config [options] - - This guesses at your operating system (and compiler, if necessary) and - configures OpenSSL based on this guess. Run ./config -t to see - if it guessed correctly. If you want to use a different compiler, you - are cross-compiling for another platform, or the ./config guess was - wrong for other reasons, go to step 1b. Otherwise go to step 2. - - On some systems, you can include debugging information as follows: - - $ ./config -d [options] - - 1b. Configure OpenSSL for your operating system manually - - OpenSSL knows about a range of different operating system, hardware and - compiler combinations. To see the ones it knows about, run - - $ ./Configure - - Pick a suitable name from the list that matches your system. For most - operating systems there is a choice between using "cc" or "gcc". When - you have identified your system (and if necessary compiler) use this name - as the argument to ./Configure. For example, a "linux-elf" user would - run: - - $ ./Configure linux-elf [options] - - If your system is not available, you will have to edit the Configure - program and add the correct configuration for your system. The - generic configurations "cc" or "gcc" should usually work on 32 bit - systems. - - Configure creates the file Makefile.ssl from Makefile.org and - defines various macros in crypto/opensslconf.h (generated from - crypto/opensslconf.h.in). - - 2. Build OpenSSL by running: - - $ make - - This will build the OpenSSL libraries (libcrypto.a and libssl.a) and the - OpenSSL binary ("openssl"). The libraries will be built in the top-level - directory, and the binary will be in the "apps" directory. - - If "make" fails, look at the output. There may be reasons for - the failure that aren't problems in OpenSSL itself (like missing - standard headers). If it is a problem with OpenSSL itself, please - report the problem to (note that your - message will be forwarded to a public mailing list). Include the - output of "make report" in your message. - - [If you encounter assembler error messages, try the "no-asm" - configuration option as an immediate fix.] - - Compiling parts of OpenSSL with gcc and others with the system - compiler will result in unresolved symbols on some systems. - - 3. After a successful build, the libraries should be tested. Run: - - $ make test - - If a test fails, look at the output. There may be reasons for - the failure that isn't a problem in OpenSSL itself (like a missing - or malfunctioning bc). If it is a problem with OpenSSL itself, - try removing any compiler optimization flags from the CFLAGS line - in Makefile.ssl and run "make clean; make". Please send a bug - report to , including the output of - "make report". - - 4. If everything tests ok, install OpenSSL with - - $ make install - - This will create the installation directory (if it does not exist) and - then the following subdirectories: - - certs Initially empty, this is the default location - for certificate files. - man/man1 Manual pages for the 'openssl' command line tool - man/man3 Manual pages for the libraries (very incomplete) - misc Various scripts. - private Initially empty, this is the default location - for private key files. - - If you didn't choose a different installation prefix, the - following additional subdirectories will be created: - - bin Contains the openssl binary and a few other - utility programs. - include/openssl Contains the header files needed if you want to - compile programs with libcrypto or libssl. - lib Contains the OpenSSL library files themselves. - - Package builders who want to configure the library for standard - locations, but have the package installed somewhere else so that - it can easily be packaged, can use - - $ make INSTALL_PREFIX=/tmp/package-root install - - (or specify "--install_prefix=/tmp/package-root" as a configure - option). The specified prefix will be prepended to all - installation target filenames. - - - NOTE: The header files used to reside directly in the include - directory, but have now been moved to include/openssl so that - OpenSSL can co-exist with other libraries which use some of the - same filenames. This means that applications that use OpenSSL - should now use C preprocessor directives of the form - - #include - - instead of "#include ", which was used with library versions - up to OpenSSL 0.9.2b. - - If you install a new version of OpenSSL over an old library version, - you should delete the old header files in the include directory. - - Compatibility issues: - - * COMPILING existing applications - - To compile an application that uses old filenames -- e.g. - "#include " --, it will usually be enough to find - the CFLAGS definition in the application's Makefile and - add a C option such as - - -I/usr/local/ssl/include/openssl - - to it. - - But don't delete the existing -I option that points to - the ..../include directory! Otherwise, OpenSSL header files - could not #include each other. - - * WRITING applications - - To write an application that is able to handle both the new - and the old directory layout, so that it can still be compiled - with library versions up to OpenSSL 0.9.2b without bothering - the user, you can proceed as follows: - - - Always use the new filename of OpenSSL header files, - e.g. #include . - - - Create a directory "incl" that contains only a symbolic - link named "openssl", which points to the "include" directory - of OpenSSL. - For example, your application's Makefile might contain the - following rule, if OPENSSLDIR is a pathname (absolute or - relative) of the directory where OpenSSL resides: - - incl/openssl: - -mkdir incl - cd $(OPENSSLDIR) # Check whether the directory really exists - -ln -s `cd $(OPENSSLDIR); pwd`/include incl/openssl - - You will have to add "incl/openssl" to the dependencies - of those C files that include some OpenSSL header file. - - - Add "-Iincl" to your CFLAGS. - - With these additions, the OpenSSL header files will be available - under both name variants if an old library version is used: - Your application can reach them under names like , - while the header files still are able to #include each other - with names of the form . - - - Note on multi-threading - ----------------------- - - For some systems, the OpenSSL Configure script knows what compiler options - are needed to generate a library that is suitable for multi-threaded - applications. On these systems, support for multi-threading is enabled - by default; use the "no-threads" option to disable (this should never be - necessary). - - On other systems, to enable support for multi-threading, you will have - to specify at least two options: "threads", and a system-dependent option. - (The latter is "-D_REENTRANT" on various systems.) The default in this - case, obviously, is not to include support for multi-threading (but - you can still use "no-threads" to suppress an annoying warning message - from the Configure script.) - - - Note on shared libraries - ------------------------ - - Shared library is currently an experimental feature. The only reason to - have them would be to conserve memory on systems where several program - are using OpenSSL. Binary backward compatibility can't be guaranteed - before OpenSSL version 1.0. - - For some systems, the OpenSSL Configure script knows what is needed to - build shared libraries for libcrypto and libssl. On these systems, - the shared libraries are currently not created by default, but giving - the option "shared" will get them created. This method supports Makefile - targets for shared library creation, like linux-shared. Those targets - can currently be used on their own just as well, but this is expected - to change in future versions of OpenSSL. diff --git a/src/lib/libssl/src/INSTALL.MacOS b/src/lib/libssl/src/INSTALL.MacOS deleted file mode 100644 index 01c60d81f96..00000000000 --- a/src/lib/libssl/src/INSTALL.MacOS +++ /dev/null @@ -1,72 +0,0 @@ -OpenSSL - Port To The Macintosh OS 9 or Earlier -=============================================== - -Thanks to Roy Wood initial support for Mac OS (pre -X) is now provided. "Initial" means that unlike other platforms where you -get an SDK and a "swiss army" openssl application, on Macintosh you only -get one sample application which fetches a page over HTTPS(*) and dumps it -in a window. We don't even build the test applications so that we can't -guarantee that all algorithms are operational. - -Required software: - -- StuffIt Expander 5.5 or later, alternatively MacGzip and SUNtar; -- Scriptable Finder; -- CodeWarrior Pro 5; - -Installation procedure: - -- fetch the source at ftp://ftp.openssl.org/ (well, you probably already - did, huh?) -- unpack the .tar.gz file: - - if you have StuffIt Expander then just drag it over it; - - otherwise uncompress it with MacGzip and then unpack with SUNtar; -- locate MacOS folder in OpenSSL source tree and open it; -- unbinhex mklinks.as.hqx and OpenSSL.mcp.hqx if present (**), do it - "in-place", i.e. unpacked files should end-up in the very same folder; -- execute mklinks.as; -- open OpenSSL.mcp(***) and build 'GetHTTPS PPC' target(****); -- that's it for now; - -(*) URL is hardcoded into ./MacOS/GetHTTPS.src/GetHTTPS.cpp, lines 40 - to 42, change appropriately. -(**) If you use SUNtar, then it might have already unbinhexed the files - in question. -(***) The project file was saved with CW Pro 5.3. If you have an earlier - version and it refuses to open it, then download - http://www.openssl.org/~appro/OpenSSL.mcp.xml and import it - overwriting the original OpenSSL.mcp. -(****) Other targets are works in progress. If you feel like giving 'em a - shot, then you should know that OpenSSL* and Lib* targets are - supposed to be built with the GUSI, MacOS library which mimics - BSD sockets and some other POSIX APIs. The GUSI distribution is - expected to be found in the same directory as the openssl source tree, - i.e., in the parent directory to the one where this very file, - namely INSTALL.MacOS, resides. For more information about GUSI, see - http://www.iis.ee.ethz.ch/~neeri/macintosh/gusi-qa.html - -Finally some essential comments from our generous contributor:-) - -"I've gotten OpenSSL working on the Macintosh. It's probably a bit of a -hack, but it works for what I'm doing. If you don't like the way I've done -it, then feel free to change what I've done. I freely admit that I've done -some less-than-ideal things in my port, and if you don't like the way I've -done something, then feel free to change it-- I won't be offended! - -... I've tweaked "bss_sock.c" a little to call routines in a "MacSocket" -library I wrote. My MacSocket library is a wrapper around OpenTransport, -handling stuff like endpoint creation, reading, writing, etc. It is not -designed as a high-performance package such as you'd use in a webserver, -but is fine for lots of other applications. MacSocket also uses some other -code libraries I've written to deal with string manipulations and error -handling. Feel free to use these things in your own code, but give me -credit and/or send me free stuff in appreciation! :-) - -... - -If you have any questions, feel free to email me as the following: - -roy@centricsystems.ca - --Roy Wood" - diff --git a/src/lib/libssl/src/INSTALL.OS2 b/src/lib/libssl/src/INSTALL.OS2 deleted file mode 100644 index d4cc0e319b3..00000000000 --- a/src/lib/libssl/src/INSTALL.OS2 +++ /dev/null @@ -1,22 +0,0 @@ - - Installation on OS/2 - -------------------- - - You need to have the following tools installed: - - * EMX GCC - * PERL - * GNU make - - - To build the makefile, run - - > os2\os2-emx - - This will configure OpenSSL and create OS2-EMX.mak which you then use to - build the OpenSSL libraries & programs by running - - > make -f os2-emx.mak - - If that finishes successfully you will find the libraries and programs in the - "out" directory. diff --git a/src/lib/libssl/src/INSTALL.VMS b/src/lib/libssl/src/INSTALL.VMS deleted file mode 100644 index 7658f64e1d7..00000000000 --- a/src/lib/libssl/src/INSTALL.VMS +++ /dev/null @@ -1,299 +0,0 @@ - VMS Installation instructions - written by Richard Levitte - - - -Intro: -====== - -This file is divided in the following parts: - - Requirements - Mandatory reading. - Checking the distribution - Mandatory reading. - Compilation - Mandatory reading. - Logical names - Mandatory reading. - Test - Mandatory reading. - Installation - Mandatory reading. - Backward portability - Read if it's an issue. - Possible bugs or quirks - A few warnings on things that - may go wrong or may surprise you. - TODO - Things that are to come. - - -Requirements: -============= - -To build and install OpenSSL, you will need: - - * DEC C or some other ANSI C compiler. VAX C is *not* supported. - [Note: OpenSSL has only been tested with DEC C. Compiling with - a different ANSI C compiler may require some work] - -Checking the distribution: -========================== - -There have been reports of places where the distribution didn't quite get -through, for example if you've copied the tree from a NFS-mounted Unix -mount point. - -The easiest way to check if everything got through as it should is to check -for one of the following files: - - [.CRYPTO]OPENSSLCONF.H_IN - [.CRYPTO]OPENSSLCONF_H.IN - -They should never exist both at once, but one of them should (preferably -the first variant). If you can't find any of those two, something went -wrong. - -The best way to get a correct distribution is to download the gzipped tar -file from ftp://ftp.openssl.org/source/, use GUNZIP to uncompress it and -use VMSTAR to unpack the resulting tar file. - -GUNZIP is available in many places on the net. One of the distribution -points is the WKU software archive, ftp://ftp.wku.edu/vms/fileserv/ . - -VMSTAR is also available in many places on the net. The recommended place -to find information about it is http://www.free.lp.se/vmstar/ . - - -Compilation: -============ - -I've used the very good command procedures written by Robert Byer -, and just slightly modified them, making -them slightly more general and easier to maintain. - -You can actually compile in almost any directory separately. Look -for a command procedure name xxx-LIB.COM (in the library directories) -or MAKExxx.COM (in the program directories) and read the comments at -the top to understand how to use them. However, if you want to -compile all you can get, the simplest is to use MAKEVMS.COM in the top -directory. The syntax is the following: - - @MAKEVMS

+ * The Whirlpool algorithm was developed by + * Paulo S. L. M. Barreto and + * Vincent Rijmen. + * + * See + * P.S.L.M. Barreto, V. Rijmen, + * ``The Whirlpool hashing function,'' + * NESSIE submission, 2000 (tweaked version, 2001), + * + * + * Based on "@version 3.0 (2003.03.12)" by Paulo S.L.M. Barreto and + * Vincent Rijmen. Lookup "reference implementations" on + * + * + * ============================================================================= + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE + * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, + * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include +#include +#include + +#include "wp_locl.h" + +typedef unsigned char u8; +#if defined(_LP64) +typedef unsigned long u64; +#else +typedef unsigned long long u64; +#endif + +#define ROUNDS 10 + +#undef SMALL_REGISTER_BANK +#if defined(__i386) || defined(__i386__) || defined(_M_IX86) +# define SMALL_REGISTER_BANK +# if defined(WHIRLPOOL_ASM) +# ifndef OPENSSL_SMALL_FOOTPRINT +# define OPENSSL_SMALL_FOOTPRINT /* it appears that for elder non-MMX + CPUs this is actually faster! */ +# endif +#include "x86_arch.h" +# define GO_FOR_MMX(ctx,inp,num) \ +do { \ + void whirlpool_block_mmx(void *,const void *,size_t); \ + if ((OPENSSL_cpu_caps() & CPUCAP_MASK_MMX) == 0) \ + break; \ + whirlpool_block_mmx(ctx->H.c,inp,num); \ + return; \ +} while (0) +# endif +#elif defined(__arm__) +# define SMALL_REGISTER_BANK +#endif + +#undef ROTATE +#if defined(__GNUC__) && __GNUC__>=2 +# if defined(__x86_64) || defined(__x86_64__) +# define ROTATE(a,n) ({ u64 ret; asm ("rolq %1,%0" \ + : "=r"(ret) : "J"(n),"0"(a) : "cc"); ret; }) +# endif +#endif + +#if defined(OPENSSL_SMALL_FOOTPRINT) +# if !defined(ROTATE) +# if BYTE_ORDER == LITTLE_ENDIAN /* little-endians have to rotate left */ +# define ROTATE(i,n) ((i)<<(n) ^ (i)>>(64-n)) +# else /* big-endians have to rotate right */ +# define ROTATE(i,n) ((i)>>(n) ^ (i)<<(64-n)) +# endif +# endif +# if defined(ROTATE) && !defined(__STRICT_ALIGNMENT) +# define __STRICT_ALIGNMENT /* ensure smallest table size */ +# endif +#endif + +/* + * Table size depends on __STRICT_ALIGNMENT and whether or not endian- + * specific ROTATE macro is defined. If __STRICT_ALIGNMENT is not + * defined, which is normally the case on x86[_64] CPUs, the table is + * 4KB large unconditionally. Otherwise if ROTATE is defined, the + * table is 2KB large, and otherwise - 16KB. 2KB table requires a + * whole bunch of additional rotations, but I'm willing to "trade," + * because 16KB table certainly trashes L1 cache. I wish all CPUs + * could handle unaligned load as 4KB table doesn't trash the cache, + * nor does it require additional rotations. + */ +/* + * Note that every Cn macro expands as two loads: one byte load and + * one quadword load. One can argue that that many single-byte loads + * is too excessive, as one could load a quadword and "milk" it for + * eight 8-bit values instead. Well, yes, but in order to do so *and* + * avoid excessive loads you have to accommodate a handful of 64-bit + * values in the register bank and issue a bunch of shifts and mask. + * It's a tradeoff: loads vs. shift and mask in big register bank[!]. + * On most CPUs eight single-byte loads are faster and I let other + * ones to depend on smart compiler to fold byte loads if beneficial. + * Hand-coded assembler would be another alternative:-) + */ +#ifdef __STRICT_ALIGNMENT +# if defined(ROTATE) +# define N 1 +# define LL(c0,c1,c2,c3,c4,c5,c6,c7) c0,c1,c2,c3,c4,c5,c6,c7 +# define C0(K,i) (Cx.q[K.c[(i)*8+0]]) +# define C1(K,i) ROTATE(Cx.q[K.c[(i)*8+1]],8) +# define C2(K,i) ROTATE(Cx.q[K.c[(i)*8+2]],16) +# define C3(K,i) ROTATE(Cx.q[K.c[(i)*8+3]],24) +# define C4(K,i) ROTATE(Cx.q[K.c[(i)*8+4]],32) +# define C5(K,i) ROTATE(Cx.q[K.c[(i)*8+5]],40) +# define C6(K,i) ROTATE(Cx.q[K.c[(i)*8+6]],48) +# define C7(K,i) ROTATE(Cx.q[K.c[(i)*8+7]],56) +# else +# define N 8 +# define LL(c0,c1,c2,c3,c4,c5,c6,c7) c0,c1,c2,c3,c4,c5,c6,c7, \ + c7,c0,c1,c2,c3,c4,c5,c6, \ + c6,c7,c0,c1,c2,c3,c4,c5, \ + c5,c6,c7,c0,c1,c2,c3,c4, \ + c4,c5,c6,c7,c0,c1,c2,c3, \ + c3,c4,c5,c6,c7,c0,c1,c2, \ + c2,c3,c4,c5,c6,c7,c0,c1, \ + c1,c2,c3,c4,c5,c6,c7,c0 +# define C0(K,i) (Cx.q[0+8*K.c[(i)*8+0]]) +# define C1(K,i) (Cx.q[1+8*K.c[(i)*8+1]]) +# define C2(K,i) (Cx.q[2+8*K.c[(i)*8+2]]) +# define C3(K,i) (Cx.q[3+8*K.c[(i)*8+3]]) +# define C4(K,i) (Cx.q[4+8*K.c[(i)*8+4]]) +# define C5(K,i) (Cx.q[5+8*K.c[(i)*8+5]]) +# define C6(K,i) (Cx.q[6+8*K.c[(i)*8+6]]) +# define C7(K,i) (Cx.q[7+8*K.c[(i)*8+7]]) +# endif +#else +# define N 2 +# define LL(c0,c1,c2,c3,c4,c5,c6,c7) c0,c1,c2,c3,c4,c5,c6,c7, \ + c0,c1,c2,c3,c4,c5,c6,c7 +# define C0(K,i) (((u64*)(Cx.c+0))[2*K.c[(i)*8+0]]) +# define C1(K,i) (((u64*)(Cx.c+7))[2*K.c[(i)*8+1]]) +# define C2(K,i) (((u64*)(Cx.c+6))[2*K.c[(i)*8+2]]) +# define C3(K,i) (((u64*)(Cx.c+5))[2*K.c[(i)*8+3]]) +# define C4(K,i) (((u64*)(Cx.c+4))[2*K.c[(i)*8+4]]) +# define C5(K,i) (((u64*)(Cx.c+3))[2*K.c[(i)*8+5]]) +# define C6(K,i) (((u64*)(Cx.c+2))[2*K.c[(i)*8+6]]) +# define C7(K,i) (((u64*)(Cx.c+1))[2*K.c[(i)*8+7]]) +#endif + +static const +union { + u8 c[(256*N+ROUNDS)*sizeof(u64)]; + u64 q[(256*N+ROUNDS)]; + } Cx = { { + /* Note endian-neutral representation:-) */ + LL(0x18,0x18,0x60,0x18,0xc0,0x78,0x30,0xd8), + LL(0x23,0x23,0x8c,0x23,0x05,0xaf,0x46,0x26), + LL(0xc6,0xc6,0x3f,0xc6,0x7e,0xf9,0x91,0xb8), + LL(0xe8,0xe8,0x87,0xe8,0x13,0x6f,0xcd,0xfb), + LL(0x87,0x87,0x26,0x87,0x4c,0xa1,0x13,0xcb), + LL(0xb8,0xb8,0xda,0xb8,0xa9,0x62,0x6d,0x11), + LL(0x01,0x01,0x04,0x01,0x08,0x05,0x02,0x09), + LL(0x4f,0x4f,0x21,0x4f,0x42,0x6e,0x9e,0x0d), + LL(0x36,0x36,0xd8,0x36,0xad,0xee,0x6c,0x9b), + LL(0xa6,0xa6,0xa2,0xa6,0x59,0x04,0x51,0xff), + LL(0xd2,0xd2,0x6f,0xd2,0xde,0xbd,0xb9,0x0c), + LL(0xf5,0xf5,0xf3,0xf5,0xfb,0x06,0xf7,0x0e), + LL(0x79,0x79,0xf9,0x79,0xef,0x80,0xf2,0x96), + LL(0x6f,0x6f,0xa1,0x6f,0x5f,0xce,0xde,0x30), + LL(0x91,0x91,0x7e,0x91,0xfc,0xef,0x3f,0x6d), + LL(0x52,0x52,0x55,0x52,0xaa,0x07,0xa4,0xf8), + LL(0x60,0x60,0x9d,0x60,0x27,0xfd,0xc0,0x47), + LL(0xbc,0xbc,0xca,0xbc,0x89,0x76,0x65,0x35), + LL(0x9b,0x9b,0x56,0x9b,0xac,0xcd,0x2b,0x37), + LL(0x8e,0x8e,0x02,0x8e,0x04,0x8c,0x01,0x8a), + LL(0xa3,0xa3,0xb6,0xa3,0x71,0x15,0x5b,0xd2), + LL(0x0c,0x0c,0x30,0x0c,0x60,0x3c,0x18,0x6c), + LL(0x7b,0x7b,0xf1,0x7b,0xff,0x8a,0xf6,0x84), + LL(0x35,0x35,0xd4,0x35,0xb5,0xe1,0x6a,0x80), + LL(0x1d,0x1d,0x74,0x1d,0xe8,0x69,0x3a,0xf5), + LL(0xe0,0xe0,0xa7,0xe0,0x53,0x47,0xdd,0xb3), + LL(0xd7,0xd7,0x7b,0xd7,0xf6,0xac,0xb3,0x21), + LL(0xc2,0xc2,0x2f,0xc2,0x5e,0xed,0x99,0x9c), + LL(0x2e,0x2e,0xb8,0x2e,0x6d,0x96,0x5c,0x43), + LL(0x4b,0x4b,0x31,0x4b,0x62,0x7a,0x96,0x29), + LL(0xfe,0xfe,0xdf,0xfe,0xa3,0x21,0xe1,0x5d), + LL(0x57,0x57,0x41,0x57,0x82,0x16,0xae,0xd5), + LL(0x15,0x15,0x54,0x15,0xa8,0x41,0x2a,0xbd), + LL(0x77,0x77,0xc1,0x77,0x9f,0xb6,0xee,0xe8), + LL(0x37,0x37,0xdc,0x37,0xa5,0xeb,0x6e,0x92), + LL(0xe5,0xe5,0xb3,0xe5,0x7b,0x56,0xd7,0x9e), + LL(0x9f,0x9f,0x46,0x9f,0x8c,0xd9,0x23,0x13), + LL(0xf0,0xf0,0xe7,0xf0,0xd3,0x17,0xfd,0x23), + LL(0x4a,0x4a,0x35,0x4a,0x6a,0x7f,0x94,0x20), + LL(0xda,0xda,0x4f,0xda,0x9e,0x95,0xa9,0x44), + LL(0x58,0x58,0x7d,0x58,0xfa,0x25,0xb0,0xa2), + LL(0xc9,0xc9,0x03,0xc9,0x06,0xca,0x8f,0xcf), + LL(0x29,0x29,0xa4,0x29,0x55,0x8d,0x52,0x7c), + LL(0x0a,0x0a,0x28,0x0a,0x50,0x22,0x14,0x5a), + LL(0xb1,0xb1,0xfe,0xb1,0xe1,0x4f,0x7f,0x50), + LL(0xa0,0xa0,0xba,0xa0,0x69,0x1a,0x5d,0xc9), + LL(0x6b,0x6b,0xb1,0x6b,0x7f,0xda,0xd6,0x14), + LL(0x85,0x85,0x2e,0x85,0x5c,0xab,0x17,0xd9), + LL(0xbd,0xbd,0xce,0xbd,0x81,0x73,0x67,0x3c), + LL(0x5d,0x5d,0x69,0x5d,0xd2,0x34,0xba,0x8f), + LL(0x10,0x10,0x40,0x10,0x80,0x50,0x20,0x90), + LL(0xf4,0xf4,0xf7,0xf4,0xf3,0x03,0xf5,0x07), + LL(0xcb,0xcb,0x0b,0xcb,0x16,0xc0,0x8b,0xdd), + LL(0x3e,0x3e,0xf8,0x3e,0xed,0xc6,0x7c,0xd3), + LL(0x05,0x05,0x14,0x05,0x28,0x11,0x0a,0x2d), + LL(0x67,0x67,0x81,0x67,0x1f,0xe6,0xce,0x78), + LL(0xe4,0xe4,0xb7,0xe4,0x73,0x53,0xd5,0x97), + LL(0x27,0x27,0x9c,0x27,0x25,0xbb,0x4e,0x02), + LL(0x41,0x41,0x19,0x41,0x32,0x58,0x82,0x73), + LL(0x8b,0x8b,0x16,0x8b,0x2c,0x9d,0x0b,0xa7), + LL(0xa7,0xa7,0xa6,0xa7,0x51,0x01,0x53,0xf6), + LL(0x7d,0x7d,0xe9,0x7d,0xcf,0x94,0xfa,0xb2), + LL(0x95,0x95,0x6e,0x95,0xdc,0xfb,0x37,0x49), + LL(0xd8,0xd8,0x47,0xd8,0x8e,0x9f,0xad,0x56), + LL(0xfb,0xfb,0xcb,0xfb,0x8b,0x30,0xeb,0x70), + LL(0xee,0xee,0x9f,0xee,0x23,0x71,0xc1,0xcd), + LL(0x7c,0x7c,0xed,0x7c,0xc7,0x91,0xf8,0xbb), + LL(0x66,0x66,0x85,0x66,0x17,0xe3,0xcc,0x71), + LL(0xdd,0xdd,0x53,0xdd,0xa6,0x8e,0xa7,0x7b), + LL(0x17,0x17,0x5c,0x17,0xb8,0x4b,0x2e,0xaf), + LL(0x47,0x47,0x01,0x47,0x02,0x46,0x8e,0x45), + LL(0x9e,0x9e,0x42,0x9e,0x84,0xdc,0x21,0x1a), + LL(0xca,0xca,0x0f,0xca,0x1e,0xc5,0x89,0xd4), + LL(0x2d,0x2d,0xb4,0x2d,0x75,0x99,0x5a,0x58), + LL(0xbf,0xbf,0xc6,0xbf,0x91,0x79,0x63,0x2e), + LL(0x07,0x07,0x1c,0x07,0x38,0x1b,0x0e,0x3f), + LL(0xad,0xad,0x8e,0xad,0x01,0x23,0x47,0xac), + LL(0x5a,0x5a,0x75,0x5a,0xea,0x2f,0xb4,0xb0), + LL(0x83,0x83,0x36,0x83,0x6c,0xb5,0x1b,0xef), + LL(0x33,0x33,0xcc,0x33,0x85,0xff,0x66,0xb6), + LL(0x63,0x63,0x91,0x63,0x3f,0xf2,0xc6,0x5c), + LL(0x02,0x02,0x08,0x02,0x10,0x0a,0x04,0x12), + LL(0xaa,0xaa,0x92,0xaa,0x39,0x38,0x49,0x93), + LL(0x71,0x71,0xd9,0x71,0xaf,0xa8,0xe2,0xde), + LL(0xc8,0xc8,0x07,0xc8,0x0e,0xcf,0x8d,0xc6), + LL(0x19,0x19,0x64,0x19,0xc8,0x7d,0x32,0xd1), + LL(0x49,0x49,0x39,0x49,0x72,0x70,0x92,0x3b), + LL(0xd9,0xd9,0x43,0xd9,0x86,0x9a,0xaf,0x5f), + LL(0xf2,0xf2,0xef,0xf2,0xc3,0x1d,0xf9,0x31), + LL(0xe3,0xe3,0xab,0xe3,0x4b,0x48,0xdb,0xa8), + LL(0x5b,0x5b,0x71,0x5b,0xe2,0x2a,0xb6,0xb9), + LL(0x88,0x88,0x1a,0x88,0x34,0x92,0x0d,0xbc), + LL(0x9a,0x9a,0x52,0x9a,0xa4,0xc8,0x29,0x3e), + LL(0x26,0x26,0x98,0x26,0x2d,0xbe,0x4c,0x0b), + LL(0x32,0x32,0xc8,0x32,0x8d,0xfa,0x64,0xbf), + LL(0xb0,0xb0,0xfa,0xb0,0xe9,0x4a,0x7d,0x59), + LL(0xe9,0xe9,0x83,0xe9,0x1b,0x6a,0xcf,0xf2), + LL(0x0f,0x0f,0x3c,0x0f,0x78,0x33,0x1e,0x77), + LL(0xd5,0xd5,0x73,0xd5,0xe6,0xa6,0xb7,0x33), + LL(0x80,0x80,0x3a,0x80,0x74,0xba,0x1d,0xf4), + LL(0xbe,0xbe,0xc2,0xbe,0x99,0x7c,0x61,0x27), + LL(0xcd,0xcd,0x13,0xcd,0x26,0xde,0x87,0xeb), + LL(0x34,0x34,0xd0,0x34,0xbd,0xe4,0x68,0x89), + LL(0x48,0x48,0x3d,0x48,0x7a,0x75,0x90,0x32), + LL(0xff,0xff,0xdb,0xff,0xab,0x24,0xe3,0x54), + LL(0x7a,0x7a,0xf5,0x7a,0xf7,0x8f,0xf4,0x8d), + LL(0x90,0x90,0x7a,0x90,0xf4,0xea,0x3d,0x64), + LL(0x5f,0x5f,0x61,0x5f,0xc2,0x3e,0xbe,0x9d), + LL(0x20,0x20,0x80,0x20,0x1d,0xa0,0x40,0x3d), + LL(0x68,0x68,0xbd,0x68,0x67,0xd5,0xd0,0x0f), + LL(0x1a,0x1a,0x68,0x1a,0xd0,0x72,0x34,0xca), + LL(0xae,0xae,0x82,0xae,0x19,0x2c,0x41,0xb7), + LL(0xb4,0xb4,0xea,0xb4,0xc9,0x5e,0x75,0x7d), + LL(0x54,0x54,0x4d,0x54,0x9a,0x19,0xa8,0xce), + LL(0x93,0x93,0x76,0x93,0xec,0xe5,0x3b,0x7f), + LL(0x22,0x22,0x88,0x22,0x0d,0xaa,0x44,0x2f), + LL(0x64,0x64,0x8d,0x64,0x07,0xe9,0xc8,0x63), + LL(0xf1,0xf1,0xe3,0xf1,0xdb,0x12,0xff,0x2a), + LL(0x73,0x73,0xd1,0x73,0xbf,0xa2,0xe6,0xcc), + LL(0x12,0x12,0x48,0x12,0x90,0x5a,0x24,0x82), + LL(0x40,0x40,0x1d,0x40,0x3a,0x5d,0x80,0x7a), + LL(0x08,0x08,0x20,0x08,0x40,0x28,0x10,0x48), + LL(0xc3,0xc3,0x2b,0xc3,0x56,0xe8,0x9b,0x95), + LL(0xec,0xec,0x97,0xec,0x33,0x7b,0xc5,0xdf), + LL(0xdb,0xdb,0x4b,0xdb,0x96,0x90,0xab,0x4d), + LL(0xa1,0xa1,0xbe,0xa1,0x61,0x1f,0x5f,0xc0), + LL(0x8d,0x8d,0x0e,0x8d,0x1c,0x83,0x07,0x91), + LL(0x3d,0x3d,0xf4,0x3d,0xf5,0xc9,0x7a,0xc8), + LL(0x97,0x97,0x66,0x97,0xcc,0xf1,0x33,0x5b), + LL(0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00), + LL(0xcf,0xcf,0x1b,0xcf,0x36,0xd4,0x83,0xf9), + LL(0x2b,0x2b,0xac,0x2b,0x45,0x87,0x56,0x6e), + LL(0x76,0x76,0xc5,0x76,0x97,0xb3,0xec,0xe1), + LL(0x82,0x82,0x32,0x82,0x64,0xb0,0x19,0xe6), + LL(0xd6,0xd6,0x7f,0xd6,0xfe,0xa9,0xb1,0x28), + LL(0x1b,0x1b,0x6c,0x1b,0xd8,0x77,0x36,0xc3), + LL(0xb5,0xb5,0xee,0xb5,0xc1,0x5b,0x77,0x74), + LL(0xaf,0xaf,0x86,0xaf,0x11,0x29,0x43,0xbe), + LL(0x6a,0x6a,0xb5,0x6a,0x77,0xdf,0xd4,0x1d), + LL(0x50,0x50,0x5d,0x50,0xba,0x0d,0xa0,0xea), + LL(0x45,0x45,0x09,0x45,0x12,0x4c,0x8a,0x57), + LL(0xf3,0xf3,0xeb,0xf3,0xcb,0x18,0xfb,0x38), + LL(0x30,0x30,0xc0,0x30,0x9d,0xf0,0x60,0xad), + LL(0xef,0xef,0x9b,0xef,0x2b,0x74,0xc3,0xc4), + LL(0x3f,0x3f,0xfc,0x3f,0xe5,0xc3,0x7e,0xda), + LL(0x55,0x55,0x49,0x55,0x92,0x1c,0xaa,0xc7), + LL(0xa2,0xa2,0xb2,0xa2,0x79,0x10,0x59,0xdb), + LL(0xea,0xea,0x8f,0xea,0x03,0x65,0xc9,0xe9), + LL(0x65,0x65,0x89,0x65,0x0f,0xec,0xca,0x6a), + LL(0xba,0xba,0xd2,0xba,0xb9,0x68,0x69,0x03), + LL(0x2f,0x2f,0xbc,0x2f,0x65,0x93,0x5e,0x4a), + LL(0xc0,0xc0,0x27,0xc0,0x4e,0xe7,0x9d,0x8e), + LL(0xde,0xde,0x5f,0xde,0xbe,0x81,0xa1,0x60), + LL(0x1c,0x1c,0x70,0x1c,0xe0,0x6c,0x38,0xfc), + LL(0xfd,0xfd,0xd3,0xfd,0xbb,0x2e,0xe7,0x46), + LL(0x4d,0x4d,0x29,0x4d,0x52,0x64,0x9a,0x1f), + LL(0x92,0x92,0x72,0x92,0xe4,0xe0,0x39,0x76), + LL(0x75,0x75,0xc9,0x75,0x8f,0xbc,0xea,0xfa), + LL(0x06,0x06,0x18,0x06,0x30,0x1e,0x0c,0x36), + LL(0x8a,0x8a,0x12,0x8a,0x24,0x98,0x09,0xae), + LL(0xb2,0xb2,0xf2,0xb2,0xf9,0x40,0x79,0x4b), + LL(0xe6,0xe6,0xbf,0xe6,0x63,0x59,0xd1,0x85), + LL(0x0e,0x0e,0x38,0x0e,0x70,0x36,0x1c,0x7e), + LL(0x1f,0x1f,0x7c,0x1f,0xf8,0x63,0x3e,0xe7), + LL(0x62,0x62,0x95,0x62,0x37,0xf7,0xc4,0x55), + LL(0xd4,0xd4,0x77,0xd4,0xee,0xa3,0xb5,0x3a), + LL(0xa8,0xa8,0x9a,0xa8,0x29,0x32,0x4d,0x81), + LL(0x96,0x96,0x62,0x96,0xc4,0xf4,0x31,0x52), + LL(0xf9,0xf9,0xc3,0xf9,0x9b,0x3a,0xef,0x62), + LL(0xc5,0xc5,0x33,0xc5,0x66,0xf6,0x97,0xa3), + LL(0x25,0x25,0x94,0x25,0x35,0xb1,0x4a,0x10), + LL(0x59,0x59,0x79,0x59,0xf2,0x20,0xb2,0xab), + LL(0x84,0x84,0x2a,0x84,0x54,0xae,0x15,0xd0), + LL(0x72,0x72,0xd5,0x72,0xb7,0xa7,0xe4,0xc5), + LL(0x39,0x39,0xe4,0x39,0xd5,0xdd,0x72,0xec), + LL(0x4c,0x4c,0x2d,0x4c,0x5a,0x61,0x98,0x16), + LL(0x5e,0x5e,0x65,0x5e,0xca,0x3b,0xbc,0x94), + LL(0x78,0x78,0xfd,0x78,0xe7,0x85,0xf0,0x9f), + LL(0x38,0x38,0xe0,0x38,0xdd,0xd8,0x70,0xe5), + LL(0x8c,0x8c,0x0a,0x8c,0x14,0x86,0x05,0x98), + LL(0xd1,0xd1,0x63,0xd1,0xc6,0xb2,0xbf,0x17), + LL(0xa5,0xa5,0xae,0xa5,0x41,0x0b,0x57,0xe4), + LL(0xe2,0xe2,0xaf,0xe2,0x43,0x4d,0xd9,0xa1), + LL(0x61,0x61,0x99,0x61,0x2f,0xf8,0xc2,0x4e), + LL(0xb3,0xb3,0xf6,0xb3,0xf1,0x45,0x7b,0x42), + LL(0x21,0x21,0x84,0x21,0x15,0xa5,0x42,0x34), + LL(0x9c,0x9c,0x4a,0x9c,0x94,0xd6,0x25,0x08), + LL(0x1e,0x1e,0x78,0x1e,0xf0,0x66,0x3c,0xee), + LL(0x43,0x43,0x11,0x43,0x22,0x52,0x86,0x61), + LL(0xc7,0xc7,0x3b,0xc7,0x76,0xfc,0x93,0xb1), + LL(0xfc,0xfc,0xd7,0xfc,0xb3,0x2b,0xe5,0x4f), + LL(0x04,0x04,0x10,0x04,0x20,0x14,0x08,0x24), + LL(0x51,0x51,0x59,0x51,0xb2,0x08,0xa2,0xe3), + LL(0x99,0x99,0x5e,0x99,0xbc,0xc7,0x2f,0x25), + LL(0x6d,0x6d,0xa9,0x6d,0x4f,0xc4,0xda,0x22), + LL(0x0d,0x0d,0x34,0x0d,0x68,0x39,0x1a,0x65), + LL(0xfa,0xfa,0xcf,0xfa,0x83,0x35,0xe9,0x79), + LL(0xdf,0xdf,0x5b,0xdf,0xb6,0x84,0xa3,0x69), + LL(0x7e,0x7e,0xe5,0x7e,0xd7,0x9b,0xfc,0xa9), + LL(0x24,0x24,0x90,0x24,0x3d,0xb4,0x48,0x19), + LL(0x3b,0x3b,0xec,0x3b,0xc5,0xd7,0x76,0xfe), + LL(0xab,0xab,0x96,0xab,0x31,0x3d,0x4b,0x9a), + LL(0xce,0xce,0x1f,0xce,0x3e,0xd1,0x81,0xf0), + LL(0x11,0x11,0x44,0x11,0x88,0x55,0x22,0x99), + LL(0x8f,0x8f,0x06,0x8f,0x0c,0x89,0x03,0x83), + LL(0x4e,0x4e,0x25,0x4e,0x4a,0x6b,0x9c,0x04), + LL(0xb7,0xb7,0xe6,0xb7,0xd1,0x51,0x73,0x66), + LL(0xeb,0xeb,0x8b,0xeb,0x0b,0x60,0xcb,0xe0), + LL(0x3c,0x3c,0xf0,0x3c,0xfd,0xcc,0x78,0xc1), + LL(0x81,0x81,0x3e,0x81,0x7c,0xbf,0x1f,0xfd), + LL(0x94,0x94,0x6a,0x94,0xd4,0xfe,0x35,0x40), + LL(0xf7,0xf7,0xfb,0xf7,0xeb,0x0c,0xf3,0x1c), + LL(0xb9,0xb9,0xde,0xb9,0xa1,0x67,0x6f,0x18), + LL(0x13,0x13,0x4c,0x13,0x98,0x5f,0x26,0x8b), + LL(0x2c,0x2c,0xb0,0x2c,0x7d,0x9c,0x58,0x51), + LL(0xd3,0xd3,0x6b,0xd3,0xd6,0xb8,0xbb,0x05), + LL(0xe7,0xe7,0xbb,0xe7,0x6b,0x5c,0xd3,0x8c), + LL(0x6e,0x6e,0xa5,0x6e,0x57,0xcb,0xdc,0x39), + LL(0xc4,0xc4,0x37,0xc4,0x6e,0xf3,0x95,0xaa), + LL(0x03,0x03,0x0c,0x03,0x18,0x0f,0x06,0x1b), + LL(0x56,0x56,0x45,0x56,0x8a,0x13,0xac,0xdc), + LL(0x44,0x44,0x0d,0x44,0x1a,0x49,0x88,0x5e), + LL(0x7f,0x7f,0xe1,0x7f,0xdf,0x9e,0xfe,0xa0), + LL(0xa9,0xa9,0x9e,0xa9,0x21,0x37,0x4f,0x88), + LL(0x2a,0x2a,0xa8,0x2a,0x4d,0x82,0x54,0x67), + LL(0xbb,0xbb,0xd6,0xbb,0xb1,0x6d,0x6b,0x0a), + LL(0xc1,0xc1,0x23,0xc1,0x46,0xe2,0x9f,0x87), + LL(0x53,0x53,0x51,0x53,0xa2,0x02,0xa6,0xf1), + LL(0xdc,0xdc,0x57,0xdc,0xae,0x8b,0xa5,0x72), + LL(0x0b,0x0b,0x2c,0x0b,0x58,0x27,0x16,0x53), + LL(0x9d,0x9d,0x4e,0x9d,0x9c,0xd3,0x27,0x01), + LL(0x6c,0x6c,0xad,0x6c,0x47,0xc1,0xd8,0x2b), + LL(0x31,0x31,0xc4,0x31,0x95,0xf5,0x62,0xa4), + LL(0x74,0x74,0xcd,0x74,0x87,0xb9,0xe8,0xf3), + LL(0xf6,0xf6,0xff,0xf6,0xe3,0x09,0xf1,0x15), + LL(0x46,0x46,0x05,0x46,0x0a,0x43,0x8c,0x4c), + LL(0xac,0xac,0x8a,0xac,0x09,0x26,0x45,0xa5), + LL(0x89,0x89,0x1e,0x89,0x3c,0x97,0x0f,0xb5), + LL(0x14,0x14,0x50,0x14,0xa0,0x44,0x28,0xb4), + LL(0xe1,0xe1,0xa3,0xe1,0x5b,0x42,0xdf,0xba), + LL(0x16,0x16,0x58,0x16,0xb0,0x4e,0x2c,0xa6), + LL(0x3a,0x3a,0xe8,0x3a,0xcd,0xd2,0x74,0xf7), + LL(0x69,0x69,0xb9,0x69,0x6f,0xd0,0xd2,0x06), + LL(0x09,0x09,0x24,0x09,0x48,0x2d,0x12,0x41), + LL(0x70,0x70,0xdd,0x70,0xa7,0xad,0xe0,0xd7), + LL(0xb6,0xb6,0xe2,0xb6,0xd9,0x54,0x71,0x6f), + LL(0xd0,0xd0,0x67,0xd0,0xce,0xb7,0xbd,0x1e), + LL(0xed,0xed,0x93,0xed,0x3b,0x7e,0xc7,0xd6), + LL(0xcc,0xcc,0x17,0xcc,0x2e,0xdb,0x85,0xe2), + LL(0x42,0x42,0x15,0x42,0x2a,0x57,0x84,0x68), + LL(0x98,0x98,0x5a,0x98,0xb4,0xc2,0x2d,0x2c), + LL(0xa4,0xa4,0xaa,0xa4,0x49,0x0e,0x55,0xed), + LL(0x28,0x28,0xa0,0x28,0x5d,0x88,0x50,0x75), + LL(0x5c,0x5c,0x6d,0x5c,0xda,0x31,0xb8,0x86), + LL(0xf8,0xf8,0xc7,0xf8,0x93,0x3f,0xed,0x6b), + LL(0x86,0x86,0x22,0x86,0x44,0xa4,0x11,0xc2), +#define RC (&(Cx.q[256*N])) + 0x18,0x23,0xc6,0xe8,0x87,0xb8,0x01,0x4f, /* rc[ROUNDS] */ + 0x36,0xa6,0xd2,0xf5,0x79,0x6f,0x91,0x52, + 0x60,0xbc,0x9b,0x8e,0xa3,0x0c,0x7b,0x35, + 0x1d,0xe0,0xd7,0xc2,0x2e,0x4b,0xfe,0x57, + 0x15,0x77,0x37,0xe5,0x9f,0xf0,0x4a,0xda, + 0x58,0xc9,0x29,0x0a,0xb1,0xa0,0x6b,0x85, + 0xbd,0x5d,0x10,0xf4,0xcb,0x3e,0x05,0x67, + 0xe4,0x27,0x41,0x8b,0xa7,0x7d,0x95,0xd8, + 0xfb,0xee,0x7c,0x66,0xdd,0x17,0x47,0x9e, + 0xca,0x2d,0xbf,0x07,0xad,0x5a,0x83,0x33 + } +}; + +void whirlpool_block(WHIRLPOOL_CTX *ctx,const void *inp,size_t n) + { + int r; + const u8 *p=inp; + union { u64 q[8]; u8 c[64]; } S,K,*H=(void *)ctx->H.q; + +#ifdef GO_FOR_MMX + GO_FOR_MMX(ctx,inp,n); +#endif + do { +#ifdef OPENSSL_SMALL_FOOTPRINT + u64 L[8]; + int i; + + for (i=0;i<64;i++) S.c[i] = (K.c[i] = H->c[i]) ^ p[i]; + for (r=0;rc[i] ^= S.c[i] ^ p[i]; +#else + u64 L0,L1,L2,L3,L4,L5,L6,L7; + +#ifdef __STRICT_ALIGNMENT + if ((size_t)p & 7) + { + memcpy (S.c,p,64); + S.q[0] ^= (K.q[0] = H->q[0]); + S.q[1] ^= (K.q[1] = H->q[1]); + S.q[2] ^= (K.q[2] = H->q[2]); + S.q[3] ^= (K.q[3] = H->q[3]); + S.q[4] ^= (K.q[4] = H->q[4]); + S.q[5] ^= (K.q[5] = H->q[5]); + S.q[6] ^= (K.q[6] = H->q[6]); + S.q[7] ^= (K.q[7] = H->q[7]); + } + else +#endif + { + const u64 *pa = (const u64*)p; + S.q[0] = (K.q[0] = H->q[0]) ^ pa[0]; + S.q[1] = (K.q[1] = H->q[1]) ^ pa[1]; + S.q[2] = (K.q[2] = H->q[2]) ^ pa[2]; + S.q[3] = (K.q[3] = H->q[3]) ^ pa[3]; + S.q[4] = (K.q[4] = H->q[4]) ^ pa[4]; + S.q[5] = (K.q[5] = H->q[5]) ^ pa[5]; + S.q[6] = (K.q[6] = H->q[6]) ^ pa[6]; + S.q[7] = (K.q[7] = H->q[7]) ^ pa[7]; + } + + for(r=0;rc[i] ^= S.c[i] ^ p[i]; + } + else +#endif + { + const u64 *pa=(const u64 *)p; + H->q[0] ^= S.q[0] ^ pa[0]; + H->q[1] ^= S.q[1] ^ pa[1]; + H->q[2] ^= S.q[2] ^ pa[2]; + H->q[3] ^= S.q[3] ^ pa[3]; + H->q[4] ^= S.q[4] ^ pa[4]; + H->q[5] ^= S.q[5] ^ pa[5]; + H->q[6] ^= S.q[6] ^ pa[6]; + H->q[7] ^= S.q[7] ^ pa[7]; + } +#endif + p += 64; + } while(--n); + } diff --git a/src/lib/libcrypto/whrlpool/wp_dgst.c b/src/lib/libcrypto/whrlpool/wp_dgst.c new file mode 100644 index 00000000000..663f2ef5de1 --- /dev/null +++ b/src/lib/libcrypto/whrlpool/wp_dgst.c @@ -0,0 +1,266 @@ +/* $OpenBSD: wp_dgst.c,v 1.4 2014/07/12 11:25:25 miod Exp $ */ +/** + * The Whirlpool hashing function. + * + *